From b3b59b1a3453c7fced736f0de5cb4fd893996f50 Mon Sep 17 00:00:00 2001
From: isotopp <isotopp@users.noreply.github.com>
Date: Tue, 23 Jan 2024 16:36:43 +0000
Subject: [PATCH] deploy: 6f6325e556dfc571454690ed441d7b8d05c412da

---
 2023/12/30/restic.html                     |   4 +-
 2024/01/09/deploying-websites.html         | 483 ++++++++++++
 2024/01/16/jusprog-ist-nur-der-anfang.html |   4 +-
 blog/10.html                               |  47 +-
 blog/11.html                               |  48 +-
 blog/12.html                               |  47 +-
 blog/13.html                               |  46 +-
 blog/14.html                               |  47 +-
 blog/15.html                               |  48 +-
 blog/16.html                               |  47 +-
 blog/17.html                               |  47 +-
 blog/18.html                               |  47 +-
 blog/19.html                               |  46 +-
 blog/2.html                                |  47 +-
 blog/20.html                               |  49 +-
 blog/21.html                               |  50 +-
 blog/22.html                               |  47 +-
 blog/23.html                               |  48 +-
 blog/24.html                               |  48 +-
 blog/25.html                               |  46 +-
 blog/26.html                               |  45 +-
 blog/27.html                               |  44 +-
 blog/28.html                               |  45 +-
 blog/29.html                               |  46 +-
 blog/3.html                                |  48 +-
 blog/30.html                               |  45 +-
 blog/31.html                               |  45 +-
 blog/32.html                               |  47 +-
 blog/33.html                               |  47 +-
 blog/34.html                               |  46 +-
 blog/35.html                               |  48 +-
 blog/36.html                               |  49 +-
 blog/37.html                               |  47 +-
 blog/38.html                               |  46 +-
 blog/39.html                               |  46 +-
 blog/4.html                                |  48 +-
 blog/40.html                               |  47 +-
 blog/41.html                               |  46 +-
 blog/42.html                               |  45 +-
 blog/43.html                               |  46 +-
 blog/44.html                               |  46 +-
 blog/45.html                               |  47 +-
 blog/46.html                               |  49 +-
 blog/47.html                               |  48 +-
 blog/48.html                               |  46 +-
 blog/49.html                               |  46 +-
 blog/5.html                                |  48 +-
 blog/50.html                               |  47 +-
 blog/51.html                               |  48 +-
 blog/52.html                               |  48 +-
 blog/53.html                               |  48 +-
 blog/54.html                               |  24 +
 blog/6.html                                |  48 +-
 blog/7.html                                |  47 +-
 blog/8.html                                |  47 +-
 blog/9.html                                |  47 +-
 feed.xml                                   | 251 ++++---
 index.html                                 |  47 +-
 index.json                                 |   2 +-
 posts.html                                 |   9 +
 posts/feed.xml                             | 251 ++++---
 sitemap.xml                                |  13 +-
 tags/advertising.html                      |  15 +
 tags/advertising/feed.xml                  |   2 +-
 tags/amsterdam.html                        |  15 +
 tags/amsterdam/feed.xml                    |   2 +-
 tags/anderswo.html                         |  15 +
 tags/anderswo/feed.xml                     |   2 +-
 tags/apple.html                            |  15 +
 tags/apple/feed.xml                        |   2 +-
 tags/architektur.html                      |  15 +
 tags/architektur/feed.xml                  |   2 +-
 tags/authentication.html                   |  15 +
 tags/authentication/feed.xml               |   2 +-
 tags/bash.html                             |  15 +
 tags/bash/feed.xml                         |   2 +-
 tags/berlin.html                           |  15 +
 tags/berlin/feed.xml                       |   2 +-
 tags/bike.html                             |  15 +
 tags/bike/feed.xml                         |   2 +-
 tags/bildung.html                          |  15 +
 tags/bildung/feed.xml                      |   2 +-
 tags/blockchain.html                       |  15 +
 tags/blockchain/feed.xml                   |   2 +-
 tags/blog.html                             |  15 +
 tags/blog/feed.xml                         |   2 +-
 tags/book.html                             |  15 +
 tags/book/feed.xml                         |   2 +-
 tags/c.html                                |  15 +
 tags/c/feed.xml                            |   2 +-
 tags/ccc.html                              |  15 +
 tags/ccc/feed.xml                          |   2 +-
 tags/chat.html                             |  15 +
 tags/chat/feed.xml                         |   2 +-
 tags/climate.html                          |  15 +
 tags/climate/feed.xml                      |   2 +-
 tags/cloud.html                            |  15 +
 tags/cloud/feed.xml                        |   2 +-
 tags/cluster.html                          |  15 +
 tags/cluster/feed.xml                      |   2 +-
 tags/comic.html                            |  15 +
 tags/comic/feed.xml                        |   2 +-
 tags/commodore.html                        |  15 +
 tags/commodore/feed.xml                    |   2 +-
 tags/community.html                        |  15 +
 tags/community/feed.xml                    |   2 +-
 tags/computer.html                         |  15 +
 tags/computer/feed.xml                     |   2 +-
 tags/container.html                        |  15 +
 tags/container/feed.xml                    |   2 +-
 tags/containers.html                       |  15 +
 tags/containers/feed.xml                   |   2 +-
 tags/cookie.html                           |  15 +
 tags/cookie/feed.xml                       |   2 +-
 tags/copyright.html                        |  15 +
 tags/copyright/feed.xml                    |   2 +-
 tags/cthulhu.html                          |  15 +
 tags/cthulhu/feed.xml                      |   2 +-
 tags/cyborg.html                           |  15 +
 tags/cyborg/feed.xml                       |   2 +-
 tags/cycling.html                          |  15 +
 tags/cycling/feed.xml                      |   2 +-
 tags/damals.html                           |  15 +
 tags/damals/feed.xml                       |   2 +-
 tags/data-center.html                      |  15 +
 tags/data-center/feed.xml                  |   2 +-
 tags/data-warehouse.html                   |  15 +
 tags/data-warehouse/feed.xml               |   2 +-
 tags/database.html                         |  15 +
 tags/database/feed.xml                     |   2 +-
 tags/debug.html                            |  15 +
 tags/debug/feed.xml                        |   2 +-
 tags/demail.html                           |  15 +
 tags/demail/feed.xml                       |   2 +-
 tags/detebe.html                           |  15 +
 tags/detebe/feed.xml                       |   2 +-
 tags/development.html                      |  15 +
 tags/development/feed.xml                  |   2 +-
 tags/devops.html                           |  15 +
 tags/devops/feed.xml                       | 220 +++---
 tags/discord.html                          |  15 +
 tags/discord/feed.xml                      |   2 +-
 tags/distributed-computing.html            |  15 +
 tags/distributed-computing/feed.xml        |   2 +-
 tags/docker.html                           |  15 +
 tags/docker/feed.xml                       |   2 +-
 tags/dropbox.html                          |  15 +
 tags/dropbox/feed.xml                      |   2 +-
 tags/drsrm.html                            |  15 +
 tags/drsrm/feed.xml                        |   2 +-
 tags/elite-dangerous.html                  |  15 +
 tags/elite-dangerous/feed.xml              |   2 +-
 tags/energy.html                           |  15 +
 tags/energy/feed.xml                       |   2 +-
 tags/erklaerbaer.html                      |  15 +
 tags/erklaerbaer/feed.xml                  |   2 +-
 tags/fantasy.html                          |  15 +
 tags/fantasy/feed.xml                      |   2 +-
 tags/fediverse.html                        |  15 +
 tags/fediverse/feed.xml                    |   2 +-
 tags/feed.xml                              |  20 +-
 tags/filesystems.html                      |  15 +
 tags/filesystems/feed.xml                  |   2 +-
 tags/film.html                             |  15 +
 tags/film/feed.xml                         |   2 +-
 tags/fluffy-fluff.html                     |  15 +
 tags/fluffy-fluff/feed.xml                 |   2 +-
 tags/free-software.html                    |  15 +
 tags/free-software/feed.xml                |   2 +-
 tags/gaming.html                           |  15 +
 tags/gaming/feed.xml                       |   2 +-
 tags/germany.html                          |  15 +
 tags/germany/feed.xml                      |   2 +-
 tags/git.html                              |  15 +
 tags/git/feed.xml                          |   2 +-
 tags/golang.html                           |  15 +
 tags/golang/feed.xml                       |   2 +-
 tags/google.html                           |  15 +
 tags/google/feed.xml                       |   2 +-
 tags/hack.html                             |  15 +
 tags/hack/feed.xml                         |   2 +-
 tags/hadoop.html                           |  15 +
 tags/hadoop/feed.xml                       |   2 +-
 tags/hardware.html                         |  15 +
 tags/hardware/feed.xml                     |   2 +-
 tags/home-automation.html                  |  15 +
 tags/home-automation/feed.xml              |   2 +-
 tags/identity.html                         |  15 +
 tags/identity/feed.xml                     |   2 +-
 tags/image.html                            |  15 +
 tags/image/feed.xml                        |   2 +-
 tags/index.html                            |  15 +
 tags/inkomploehntopp.html                  |  15 +
 tags/inkomploehntopp/feed.xml              |   2 +-
 tags/innodb.html                           |  15 +
 tags/innodb/feed.xml                       |   2 +-
 tags/internet.html                         |  15 +
 tags/internet/feed.xml                     |   2 +-
 tags/iot.html                              |  15 +
 tags/iot/feed.xml                          |   2 +-
 tags/ipv6.html                             |  15 +
 tags/ipv6/feed.xml                         |   2 +-
 tags/jugendschutz.html                     |  15 +
 tags/jugendschutz/feed.xml                 |   2 +-
 tags/karlsruhe.html                        |  15 +
 tags/karlsruhe/feed.xml                    |   2 +-
 tags/kernel.html                           |  15 +
 tags/kernel/feed.xml                       |   2 +-
 tags/kiel.html                             |  15 +
 tags/kiel/feed.xml                         |   2 +-
 tags/kirche.html                           |  15 +
 tags/kirche/feed.xml                       |   2 +-
 tags/kryptographie.html                    |  15 +
 tags/kryptographie/feed.xml                |   2 +-
 tags/kubernetes.html                       |  15 +
 tags/kubernetes/feed.xml                   |   2 +-
 tags/kultur.html                           |  15 +
 tags/kultur/feed.xml                       |   2 +-
 tags/lang_de.html                          |  15 +
 tags/lang_de/feed.xml                      |   2 +-
 tags/lang_en.html                          |  15 +
 tags/lang_en/feed.xml                      | 450 ++++-------
 tags/linux.html                            |  15 +
 tags/linux/feed.xml                        | 825 ++++-----------------
 tags/lizenz.html                           |  15 +
 tags/lizenz/feed.xml                       |   2 +-
 tags/macos.html                            |  15 +
 tags/macos/feed.xml                        |   2 +-
 tags/mail.html                             |  15 +
 tags/mail/feed.xml                         |   2 +-
 tags/mastdon.html                          |  15 +
 tags/mastdon/feed.xml                      |   2 +-
 tags/mastodon.html                         |  15 +
 tags/mastodon/feed.xml                     |   2 +-
 tags/media.html                            |  15 +
 tags/media/feed.xml                        |   2 +-
 tags/microsoft.html                        |  15 +
 tags/microsoft/feed.xml                    |   2 +-
 tags/minecraft.html                        |  15 +
 tags/minecraft/feed.xml                    |   2 +-
 tags/mobility.html                         |  15 +
 tags/mobility/feed.xml                     |   2 +-
 tags/mobiltelefon.html                     |  15 +
 tags/mobiltelefon/feed.xml                 |   2 +-
 tags/mongodb.html                          |  15 +
 tags/mongodb/feed.xml                      |   2 +-
 tags/monitoring.html                       |  15 +
 tags/monitoring/feed.xml                   |   2 +-
 tags/musik.html                            |  15 +
 tags/musik/feed.xml                        |   2 +-
 tags/mysql.html                            |  15 +
 tags/mysql/feed.xml                        |   2 +-
 tags/mysqldev.html                         |  15 +
 tags/mysqldev/feed.xml                     |   2 +-
 tags/netherlands.html                      |  15 +
 tags/netherlands/feed.xml                  |   2 +-
 tags/networking.html                       |  15 +
 tags/networking/feed.xml                   |   2 +-
 "tags/netzneutralit\303\244t.html"         |  15 +
 "tags/netzneutralit\303\244t/feed.xml"     |   2 +-
 tags/neuland.html                          |  15 +
 tags/neuland/feed.xml                      |   2 +-
 tags/nosql.html                            |  15 +
 tags/nosql/feed.xml                        |   2 +-
 tags/oracle.html                           |  15 +
 tags/oracle/feed.xml                       |   2 +-
 tags/patent.html                           |  15 +
 tags/patent/feed.xml                       |   2 +-
 tags/performance.html                      |  15 +
 tags/performance/feed.xml                  |   2 +-
 tags/php.html                              |  15 +
 tags/php/feed.xml                          |   2 +-
 tags/physik.html                           |  15 +
 tags/physik/feed.xml                       |   2 +-
 tags/piraten.html                          |  15 +
 tags/piraten/feed.xml                      |   2 +-
 tags/pluspora_import.html                  |  15 +
 tags/pluspora_import/feed.xml              |   2 +-
 tags/politik.html                          |  15 +
 tags/politik/feed.xml                      |   2 +-
 tags/postgres.html                         |  15 +
 tags/postgres/feed.xml                     |   2 +-
 tags/privacy.html                          |  15 +
 tags/privacy/feed.xml                      |   2 +-
 tags/publication.html                      |  15 +
 tags/publication/feed.xml                  |   2 +-
 tags/python.html                           |  15 +
 tags/python/feed.xml                       |   2 +-
 tags/reddit.html                           |  15 +
 tags/reddit/feed.xml                       |   2 +-
 tags/regulierung.html                      |  15 +
 tags/regulierung/feed.xml                  |   2 +-
 tags/reisen.html                           |  15 +
 tags/reisen/feed.xml                       |   2 +-
 tags/religion.html                         |  15 +
 tags/religion/feed.xml                     |   2 +-
 tags/remote-first.html                     |  15 +
 tags/remote-first/feed.xml                 |   2 +-
 tags/replication.html                      |  15 +
 tags/replication/feed.xml                  |   2 +-
 tags/review.html                           |  15 +
 tags/review/feed.xml                       |   2 +-
 tags/rezepte.html                          |  15 +
 tags/rezepte/feed.xml                      |   2 +-
 tags/roleplay.html                         |  15 +
 tags/roleplay/feed.xml                     |   2 +-
 tags/s9y.html                              |  15 +
 tags/s9y/feed.xml                          |   2 +-
 tags/schemas.html                          |  15 +
 tags/schemas/feed.xml                      |   2 +-
 tags/schnuppel.html                        |  15 +
 tags/schnuppel/feed.xml                    |   2 +-
 tags/schulung.html                         |  15 +
 tags/schulung/feed.xml                     |   2 +-
 tags/science.html                          |  15 +
 tags/science/feed.xml                      |   2 +-
 tags/scifi.html                            |  15 +
 tags/scifi/feed.xml                        |   2 +-
 tags/security.html                         |  15 +
 tags/security/feed.xml                     |   2 +-
 tags/social-networking.html                |  15 +
 tags/social-networking/feed.xml            |   2 +-
 tags/software.html                         |  15 +
 tags/software/feed.xml                     |   2 +-
 tags/sonos.html                            |  15 +
 tags/sonos/feed.xml                        |   2 +-
 tags/sony.html                             |  15 +
 tags/sony/feed.xml                         |   2 +-
 tags/spackeria.html                        |  15 +
 tags/spackeria/feed.xml                    |   2 +-
 tags/spam.html                             |  15 +
 tags/spam/feed.xml                         |   2 +-
 tags/spoiler.html                          |  15 +
 tags/spoiler/feed.xml                      |   2 +-
 tags/sql.html                              |  15 +
 tags/sql/feed.xml                          |   2 +-
 tags/sqlite.html                           |  15 +
 tags/sqlite/feed.xml                       |   2 +-
 tags/steampunk.html                        |  15 +
 tags/steampunk/feed.xml                    |   2 +-
 tags/storage.html                          |  15 +
 tags/storage/feed.xml                      |   2 +-
 tags/stross.html                           |  15 +
 tags/stross/feed.xml                       |   2 +-
 tags/stuttgart.html                        |  15 +
 tags/stuttgart/feed.xml                    |   2 +-
 tags/sun.html                              |  15 +
 tags/sun/feed.xml                          |   2 +-
 tags/talk.html                             |  15 +
 tags/talk/feed.xml                         |   2 +-
 tags/technik.html                          |  15 +
 tags/technik/feed.xml                      |   2 +-
 tags/terror.html                           |  15 +
 tags/terror/feed.xml                       |   2 +-
 tags/testing.html                          |  15 +
 tags/testing/feed.xml                      |   2 +-
 tags/travel.html                           |  15 +
 tags/travel/feed.xml                       |   2 +-
 tags/tv.html                               |  15 +
 tags/tv/feed.xml                           |   2 +-
 tags/umzug.html                            |  15 +
 tags/umzug/feed.xml                        |   2 +-
 tags/unix.html                             |  15 +
 tags/unix/feed.xml                         |   2 +-
 tags/usenet.html                           |  15 +
 tags/usenet/feed.xml                       |   2 +-
 tags/verkehr.html                          |  15 +
 tags/verkehr/feed.xml                      |   2 +-
 tags/virus.html                            |  15 +
 tags/virus/feed.xml                        |   2 +-
 tags/wahl.html                             |  15 +
 tags/wahl/feed.xml                         |   2 +-
 tags/web.html                              |  15 +
 tags/web/feed.xml                          |   2 +-
 tags/wikipedia.html                        |  15 +
 tags/wikipedia/feed.xml                    |   2 +-
 tags/windows.html                          |  15 +
 tags/windows/feed.xml                      |   2 +-
 tags/wlan.html                             |  15 +
 tags/wlan/feed.xml                         |   2 +-
 tags/work.html                             |  15 +
 tags/work/feed.xml                         |   2 +-
 tags/zensur.html                           |  15 +
 tags/zensur/feed.xml                       |   2 +-
 "tags/\303\274berwachung.html"             |  15 +
 "tags/\303\274berwachung/feed.xml"         |   2 +-
 386 files changed, 5041 insertions(+), 2749 deletions(-)
 create mode 100644 2024/01/09/deploying-websites.html

diff --git a/2023/12/30/restic.html b/2023/12/30/restic.html
index 6eabc54d45..424e299add 100644
--- a/2023/12/30/restic.html
+++ b/2023/12/30/restic.html
@@ -164,7 +164,7 @@ <h1 class="title mb-lg-4 text-white">
 					<div class='letter-spacing-01 text-uppercase text-secondary'>
 						Next Post
 					</div>
-					<a class='text-decoration-none' href="https://blog.koehntopp.info/2024/01/16/jusprog-ist-nur-der-anfang.html">JusProg ist nur der Anfang</a>
+					<a class='text-decoration-none' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
 				</div>
 				
 			</div>
@@ -800,7 +800,7 @@ <h1 id="rest-server">
 					<div class='letter-spacing-01 text-uppercase text-secondary'>
 						Next Post
 					</div>
-					<a class='text-decoration-none' href="https://blog.koehntopp.info/2024/01/16/jusprog-ist-nur-der-anfang.html">JusProg ist nur der Anfang</a>
+					<a class='text-decoration-none' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
 				</div>
 				
 			</div>
diff --git a/2024/01/09/deploying-websites.html b/2024/01/09/deploying-websites.html
new file mode 100644
index 0000000000..87e862b0c0
--- /dev/null
+++ b/2024/01/09/deploying-websites.html
@@ -0,0 +1,483 @@
+<!doctype html>
+<html lang="en">
+    <head>
+    <meta charset="utf-8">
+<meta http-equiv="x-ua-compatible" content="ie=edge">
+<title>Deploying websites - an escalation | Die wunderbare Welt von Isotopp</title>
+<meta name="description" content="">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+
+<link rel="apple-touch-icon" href="icon.png">
+<link rel="favicon.ico" rel="icon" type="image/ico">
+<link rel="shortcut icon" href="favicon.ico">
+<link rel="canonical" href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">
+
+
+<link rel="alternate" type="application/rss+xml" href='https://blog.koehntopp.info/feed.xml' title="Die wunderbare Welt von Isotopp">
+<link rel="alternate" type="application/rss+xml" href='https://blog.koehntopp.info/tags/mysql/feed.xml' title="Feed: mysql Articles for Die wunderbare Welt von Isotopp">
+<link rel="alternate" type="application/rss+xml" href='https://blog.koehntopp.info/tags/review/feed.xml' title="Feed: review Articles for Die wunderbare Welt von Isotopp">
+
+
+
+
+<meta name="generator" content="Hugo 0.121.2">
+<meta property="og:title" content='Deploying websites - an escalation' />
+<meta property="og:site_name" content='Die wunderbare Welt von Isotopp' />
+
+
+<meta property="og:locale" content="en_US" />
+
+
+<meta name="description" content='' />
+<meta property="og:description" content='' />
+
+<meta property="og:url" content="https://blog.koehntopp.info" />
+
+
+<meta property="og:type" content="article" />
+<meta name="article:published_time" content='2024-01-09T05:06:07Z' />
+
+
+
+<meta property="og:image" content='https://blog.koehntopp.info/assets/img/background/rijksmuseum.jpg' />
+<meta name="twitter:card" content="summary_large_image" />
+<meta name="twitter:site" content='@isotopp' />
+<meta name="twitter:creator" content='@isotopp' />
+<meta property="twitter:title" content='Deploying websites - an escalation' />
+<meta property="twitter:description" content='' />
+<meta property="twitter:image" content='https://blog.koehntopp.info/assets/img/background/rijksmuseum.jpg' />
+
+<script type="application/ld+json">
+    {"@context":"https://schema.org","@type":"WebSite","description":null,"headline":"Deploying websites - an escalation","image":"/assets/img/background/rijksmuseum.jpg","name":"Die wunderbare Welt von Isotopp","url":"https://blog.koehntopp.info"}
+</script>
+
+    
+
+
+
+<link rel="stylesheet" href="https://blog.koehntopp.info/style.min.b622898f01a68bb72cac74da98891ba28421becfc0fce10fbf8fd52a32d4da79.css">
+
+
+    </head>
+    <body>
+        
+
+        <nav class="navbar navbar-expand-lg navbar-light px-lg-4 pt-lg-4">
+    <div class="container-fluid">
+        <a class="navbar-brand justify-content-center" href="https://blog.koehntopp.info" rel="home" title="Die wunderbare Welt von Isotopp">
+            <img alt="Kris" height='48' width='48' src='/assets/img/avatars/isotopp.jpg' class='p-0 me-3 d-block d-lg-inline'>
+            <span class='h4 d-block d-lg-inline'>Die wunderbare Welt von Isotopp</span>
+        </a>
+
+        <button class="navbar-toggler ms-auto" type="button" data-bs-toggle="collapse"
+                data-bs-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false"
+                aria-label="Toggle navigation">
+            <span class="navbar-toggler-icon"></span>
+        </button>
+
+        <div class="collapse navbar-collapse text-center" id="navbarSupportedContent">
+            <ul class="navbar-nav ms-auto">
+                
+                <li class="nav-item ">
+                    <a class="nav-link" href="/about/">
+                        <span class="">About</span>
+                        
+                    </a>
+                </li>
+                <li class="nav-item ">
+                    <a class="nav-link" href="/contribute/">
+                        <span class="">Contribute</span>
+                        
+                    </a>
+                </li>
+                <li class="nav-item ">
+                    <a class="nav-link" href="/search/">
+                        <span class=""><svg class='bi' height='1.5rem' width='1.5rem' fill='currentColor'><use xlink:href='/bootstrap-icons.svg#search'/></svg></span>
+                        
+                    </a>
+                </li>
+                <li class="nav-item ">
+                    <a class="nav-link" href="/tags/">
+                        <span class=""><svg class='bi' width='1.5rem' height='1.5rem' fill='currentColor'><use xlink:href='/bootstrap-icons.svg#tags-fill'/></svg></span>
+                        
+                    </a>
+                </li>
+                
+            </ul>
+            
+        </div>
+
+    </div>
+</nav>
+
+
+        <main role="main" class="container-fluid p-0">
+
+            
+
+
+
+
+<div class="page">
+	<article class="deploying-websites-an-escalation-page">
+		<div class='row  justify-content-center text-center my-4 mx-0'>
+			<header class="headerbanner">
+				<div class='col'>
+					<h1 class="title mb-lg-4 text-white">
+						Deploying websites - an escalation
+					</h1>
+					<div class='text-uppercase text-light' style='letter-spacing: 0.1rem;'>
+						<img alt='isotopp image' src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0'
+							 style='width: 1.9rem; border-radius: 1rem;'>
+						<a href="https://chaos.social/@isotopp" class='text-light text-decoration-none'>
+							Kristian Köhntopp
+						</a>
+
+						
+						<span class='d-none d-lg-inline'>-</span>
+						<div class='d-block d-lg-inline'>January 9, 2024</div>
+						
+
+					</div>
+				</div>
+				
+				<img alt='a featured image' src="/assets/img/background/rijksmuseum.jpg">
+				
+			</header>
+		</div>
+
+		<div class='row justify-content-center mx-0'>
+			<div class='col-lg-4 text-center text-lg-start'>
+				
+				<div>
+					<div class='letter-spacing-01 text-uppercase text-secondary'>
+						Previous Post
+					</div>
+					<a class='text-decoration-none' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
+				</div>
+				
+			</div>
+
+			<div class='col-lg-4 text-lg-end mt-5 mt-lg-0 text-center'>
+				
+				<div>
+					<div class='letter-spacing-01 text-uppercase text-secondary'>
+						Next Post
+					</div>
+					<a class='text-decoration-none' href="https://blog.koehntopp.info/2024/01/16/jusprog-ist-nur-der-anfang.html">JusProg ist nur der Anfang</a>
+				</div>
+				
+			</div>
+		</div>
+
+		<div class='row justify-content-center mx-0 mt-3 mb-5'>
+			<div class="col-lg-8 mb-3">
+				
+				<header class="toc bg-light">
+					<nav id="TableOfContents">
+  <ul>
+    <li><a href="#a-simple-problem-easily-solved-by-ansible">A simple problem, easily solved by Ansible.</a></li>
+    <li><a href="#this-actually-needs-a-shell-script">This actually needs a shell script</a></li>
+    <li><a href="#enter-deploy-a-python-cli-application">Enter <code>deploy</code>, a Python CLI application</a></li>
+    <li><a href="#it-is-still-ugly">It is still ugly</a></li>
+  </ul>
+</nav>
+				</header>
+				
+			</div>
+			<div class='col-lg-8'>
+				<p>We are still playing minecraft.
+This time it is a highly modded Fabric server, which requires more memory than the old box had.
+The new box has 12 cores, 128 GB of memory, and two nice SSD.
+It is pretty nifty.</p>
+<h1 id="a-simple-problem-easily-solved-by-ansible">
+    <a href="#a-simple-problem-easily-solved-by-ansible">
+	A simple problem, easily solved by Ansible.
+    </a>
+</h1>
+<p>The machine also needs some kind of webserver to run websites.
+An easy problem to solve, naturally.</p>
+<p>A bit of Ansible, deploy a few config files into the system and be done with it.</p>
+<p>Only, these are different types of websites, and over time additional sites are being added.
+When a new website is being added, we need to collect all website names<br>
+and generate an
+<a href="https://httpd.apache.org/docs/2.4/mod/mod_md.html#mdomain" target="_blank" rel="noopener"><code>MDomain</code></a>
+
+
+statement in the config for Apache&rsquo;s
+<a href="https://httpd.apache.org/docs/2.4/mod/mod_md.html" target="_blank" rel="noopener"><code>mod_md</code></a>
+
+.
+This module will then automatically the necessary certificates for the webserver&rsquo;s TLS.</p>
+<p>Collecting all domain names from the configuration files can be done that in Ansible, but it kind of hurts.
+Ansible works best when you run it to deploy a few templated config files, and then have services doing the actual work.</p>
+<p>It is also more complicated than this, because we have different types of websites.
+Initially we had only</p>
+<ul>
+<li><code>static sites</code> (<code>https://example.com</code>)</li>
+<li>We also needed <code>redirect_sites</code> (<code>https://www.example.com</code> -&gt; <code>https://example.com</code>)</li>
+<li>We also needed reverse proxies for applications (<code>https://grafana.example.com</code> -&gt; <code>https://localhost:3000</code>)</li>
+<li>Then we also needed the <code>wsgi_site</code> deployed.</li>
+</ul>
+<p>But a <code>wsgi_site</code> needs to be redeployed when the code has changed on GitHub.
+Also, initial deployment of a <code>wsgi_site</code> needs to create a user,
+and initial checkout of the code into the users home,
+and installation of the requirements.</p>
+<p>After a code update, the server needs to be restarted.</p>
+<h1 id="this-actually-needs-a-shell-script">
+    <a href="#this-actually-needs-a-shell-script">
+	This actually needs a shell script
+    </a>
+</h1>
+<p>Okay, let&rsquo;s not do this in Ansible.
+Let&rsquo;s write a simple and easy shell script for this.</p>
+<p>That kind of worked, initially, but quickly fell apart when the number of variants grew,
+error checking became complicated.</p>
+<p>Ultimately, it broke when we needed to collect and store per-site config parameters as a JSON, and act on it.
+The moment you write shell functions with parameters, traps and other bells and whistles,
+it is time to cut your losses and start over differently.
+In this case, in Python.</p>
+<h1 id="enter-deploy-a-python-cli-application">
+    <a href="#enter-deploy-a-python-cli-application">
+	Enter <code>deploy</code>, a Python CLI application
+    </a>
+</h1>
+<p>In the current intermediate stage, this is a Python script of 32 KB and around 1000 lines.</p>
+<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="o">[</span>root@bigbox ~<span class="o">]</span><span class="c1"># wc -l Source/deploy/deploy </span>
+</span></span><span class="line"><span class="cl"><span class="m">951</span> Source/deploy/deploy
+</span></span></code></pre></div><p>and</p>
+<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="o">[</span>root@bigbox ~<span class="o">]</span><span class="c1">#  ls -l Source/deploy/deploy</span>
+</span></span><span class="line"><span class="cl">-rwxr-xr-x. <span class="m">1</span> root root <span class="m">31428</span> Jan  <span class="m">8</span> 18:42 Source/deploy/deploy
+</span></span></code></pre></div><p>It understands the five types of server outlined above, and can handle a number of different operations for them.</p>
+<ul>
+<li><code>create</code> makes a new server-config.</li>
+<li><code>delete</code> throws it away.</li>
+</ul>
+<p>We store them in a central directory, <code>/etc/projects</code>, as JSON files.
+For each site type, we accept a number of parameters:</p>
+<ul>
+<li><code>--type</code>, the five types above.</li>
+<li><code>--username</code>, a Unix User we create for the site.</li>
+<li><code>--github</code> The source code repository URL.</li>
+<li><code>--hostname</code> If necessary, this is inferred from the username and the default domain.</li>
+<li><code>--projectdir</code> Only necessary for anomalously structured Python code.</li>
+<li><code>--to_host</code> Only for redirects.</li>
+<li><code>--port</code> Only for proxies.</li>
+</ul>
+<p>We now can do</p>
+<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># deploy show projects</span>
+</span></span><span class="line"><span class="cl">...
+</span></span><span class="line"><span class="cl">- grafana
+</span></span><span class="line"><span class="cl">- learn
+</span></span><span class="line"><span class="cl">...
+</span></span><span class="line"><span class="cl"><span class="c1"># deploy show grafana</span>
+</span></span><span class="line"><span class="cl">*** PROJECT /etc/projects/grafana
+</span></span><span class="line"><span class="cl">- github    : None
+</span></span><span class="line"><span class="cl">- hostname  : grafana.example.com
+</span></span><span class="line"><span class="cl">- port      : <span class="m">3000</span>
+</span></span><span class="line"><span class="cl">- project   : grafana
+</span></span><span class="line"><span class="cl">- <span class="nb">type</span>      : proxy
+</span></span></code></pre></div><p>The <code>deploy create --type proxy --hostname grafana.example.com --port 3000</code> has created an apache configuration,
+built the TLS configuration and restarted the <code>httpd.service</code> to update things.</p>
+<p>We can also do more complicated things:</p>
+<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># deploy create --type wsgi_site --user learn --github ... learn</span>
+</span></span><span class="line"><span class="cl">... creates /etc/project/learn
+</span></span><span class="line"><span class="cl">
+</span></span><span class="line"><span class="cl"><span class="c1"># deploy show learn</span>
+</span></span><span class="line"><span class="cl">*** PROJECT /etc/projects/learn
+</span></span><span class="line"><span class="cl">- github    : git@github.com:.../learn.git
+</span></span><span class="line"><span class="cl">- home      : /home/learn
+</span></span><span class="line"><span class="cl">- hostname  : learn.example.com
+</span></span><span class="line"><span class="cl">- project   : learn
+</span></span><span class="line"><span class="cl">- projectdir: learn
+</span></span><span class="line"><span class="cl">- pubkey    : ssh-rsa AAAAB3...cfudtTQ<span class="o">==</span> root@bigbox
+</span></span><span class="line"><span class="cl">- <span class="nb">type</span>      : wsgi_site
+</span></span><span class="line"><span class="cl">- username  : learn
+</span></span></code></pre></div><p>This will create a Linux user, set up a checkout of the GitHub, install requirements, set up a WSGI Apache configuration,
+configure TLS, and restart the server as needed.</p>
+<p>We can now <code>deploy update learn</code> or <code>deploy restart learn</code> to check out a new version and restart the server,
+and we can also <code>deploy logs learn</code> to tail the server logs for this site.</p>
+<h1 id="it-is-still-ugly">
+    <a href="#it-is-still-ugly">
+	It is still ugly
+    </a>
+</h1>
+<p>Because this started out as a shell script, it still is ugly.
+There are multiple levels of giant case-branches in this.
+To become a proper solution, it needs a cleaner structure, in a more object-oriented fashion.</p>
+<p>But already it works better than the shell script it initially was,
+has better error handling and can handle borderline cases more safely.</p>
+<p><a href="https://github.com/isotopp/deploy" target="_blank" rel="noopener">Github</a>
+
+.</p>
+
+			</div>
+		</div>
+
+		
+		
+		<div class='row justify-content-center mb-3 mx-0'>
+			<div class='col-lg-8 text-center'>
+				<span class='letter-spacing-01 text-uppercase text-secondary me-2'>Share</span>
+				<a href='https://www.facebook.com/sharer/sharer.php?u=https%3a%2f%2fblog.koehntopp.info%2f2024%2f01%2f09%2fdeploying-websites.html' target='_blank'
+				   class='text-decoration-none'>
+					<svg class='bi' height='2.5rem' width='2.5rem' fill='currentColor'>
+						<use xlink:href='/bootstrap-icons.svg#facebook'/>
+					</svg>
+				</a>
+				
+				<a href='http://www.reddit.com/submit?url=https%3a%2f%2fblog.koehntopp.info%2f2024%2f01%2f09%2fdeploying-websites.html&title=Deploying%20websites%20-%20an%20escalation' target='_blank'
+				   class='text-decoration-none'>
+					<svg class='bi' height='2.5rem' width='2.5rem' fill='currentColor'>
+						<use xlink:href='/bootstrap-icons.svg#reddit'/>
+					</svg>
+				</a>
+				<a href='mailto:?subject=Deploying%20websites%20-%20an%20escalation&body=https%3a%2f%2fblog.koehntopp.info%2f2024%2f01%2f09%2fdeploying-websites.html' target='_blank'
+				   class='text-decoration-none'>
+					<svg class='bi' height='2.5rem' width='2.5rem' fill='currentColor'>
+						<use xlink:href='/bootstrap-icons.svg#envelope-fill'/>
+					</svg>
+				</a>
+			</div>
+		</div>
+
+		
+		
+		<div class='row justify-content-center py-3 mb-3 mx-0'>
+			<div class='col-lg-8 text-center'>
+				<span class='letter-spacing-01 text-uppercase text-secondary me-2'>Tags</span>
+				
+				<a href="/tags/#lang_en" class='btn btn-sm btn-outline-primary mb-1'>
+				<svg class="bi" width="1rem" height="1rem" fill="currentColor">
+					<use xlink:href="/bootstrap-icons.svg#tag-fill"></use>
+				</svg>
+				lang_en
+				</a>
+				
+				<a href="/tags/#linux" class='btn btn-sm btn-outline-primary mb-1'>
+				<svg class="bi" width="1rem" height="1rem" fill="currentColor">
+					<use xlink:href="/bootstrap-icons.svg#tag-fill"></use>
+				</svg>
+				linux
+				</a>
+				
+				<a href="/tags/#devops" class='btn btn-sm btn-outline-primary mb-1'>
+				<svg class="bi" width="1rem" height="1rem" fill="currentColor">
+					<use xlink:href="/bootstrap-icons.svg#tag-fill"></use>
+				</svg>
+				devops
+				</a>
+				
+			</div>
+		</div>
+
+		
+		
+		
+		
+		<div class='row justify-content-center py-3 mb-3 mx-0'>
+			<div class='col-lg-8 text-center'>
+				<a href="https://github.com/isotopp/isotopp.github.io/edit/main/content/posts/2024-01-09-deploying-websites.md"
+				   rel="noopener noreferrer" target="_blank">
+					<span class='letter-spacing-01 text-uppercase text-secondary me-2'>Suggest Changes</span>
+				</a>
+			</div>
+		</div>
+		
+
+		<div class='row justify-content-center mx-0'>
+			<div class='col-lg-4 text-center text-lg-start'>
+				
+				<div>
+					<div class='letter-spacing-01 text-uppercase text-secondary'>
+						Previous Post
+					</div>
+					<a class='text-decoration-none' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
+				</div>
+				
+			</div>
+
+			<div class='col-lg-4 text-lg-end mt-5 mt-lg-0 text-center'>
+				
+				<div>
+					<div class='letter-spacing-01 text-uppercase text-secondary'>
+						Next Post
+					</div>
+					<a class='text-decoration-none' href="https://blog.koehntopp.info/2024/01/16/jusprog-ist-nur-der-anfang.html">JusProg ist nur der Anfang</a>
+				</div>
+				
+			</div>
+		</div>
+
+
+		
+	</article>
+</div>
+
+
+
+            <footer class='row justify-content-center mb-4 pb-4 mx-0'>
+  <div class='col-8 text-center'>
+    <div>
+      A collection of old stuff, new stuff and random stuff. 
+    </div>
+    <div class='row text-primary mt-4'>
+      <div class='col'>
+
+        <a href='/feed.xml' title='Follow RSS feed' class='me-3 text-decoration-none'>
+          <svg class='bi' height='2.5rem' width='2.5rem' fill='currentColor'><use xlink:href='/bootstrap-icons.svg#rss-fill'/></svg>
+        </a>
+
+        <a href='mailto:kristian.koehntopp@gmail.com' title='Email' class='me-3 text-decoration-none'>
+          <svg class='bi' height='2.5rem' width='2.5rem' fill='currentColor'><use xlink:href='/bootstrap-icons.svg#envelope'/></svg>
+        </a>
+
+        <a href='https://github.com/isotopp' title='Follow on GitHub' class='me-3 text-decoration-none'>
+          <svg class='bi' height='2.5rem' width='2.5rem' fill='currentColor'><use xlink:href='/bootstrap-icons.svg#github'/></svg>
+        </a>
+
+	<a rel="me" href="https://chaos.social/@isotopp" title='Follow on Mastodon' class='me-3 text-decoration-none'>
+          <svg class='bi' height='2.5rem' width='2.5rem' fill='currentColor'><use xlink:href='/bootstrap-icons.svg#mastodon'/></svg>
+	</a>
+
+
+        <a href='http://steamcommunity.com/id/ixotopp' title='Follow on Steam' class='me-3 text-decoration-none'>
+          <svg class='bi' height='2.5rem' width='2.5rem' fill='currentColor'><use xlink:href='/bootstrap-icons.svg#steam'/></svg>
+        </a>
+
+
+
+        <a href='https://www.youtube.com/user/isotopp' title='Follow on YouTube' class=''>
+          <svg class='bi' height='2.5rem' width='2.5rem' fill='currentColor'><use xlink:href='/bootstrap-icons.svg#youtube'/></svg>
+        </a>
+
+      </div>
+    </div>
+  </div>
+</footer>
+
+
+        </main>
+
+	
+
+
+
+
+
+<script src="https://blog.koehntopp.info/js/bootstrap.js"></script>
+
+
+
+
+<script src="https://blog.koehntopp.info/js/lunr.js"></script>
+
+
+
+
+
+<script src="https://blog.koehntopp.info/js/app.js"></script>
+
+
+    </body>
+</html>
diff --git a/2024/01/16/jusprog-ist-nur-der-anfang.html b/2024/01/16/jusprog-ist-nur-der-anfang.html
index 602b0361fc..fb2c1aa9e1 100644
--- a/2024/01/16/jusprog-ist-nur-der-anfang.html
+++ b/2024/01/16/jusprog-ist-nur-der-anfang.html
@@ -153,7 +153,7 @@ <h1 class="title mb-lg-4 text-white">
 					<div class='letter-spacing-01 text-uppercase text-secondary'>
 						Previous Post
 					</div>
-					<a class='text-decoration-none' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
+					<a class='text-decoration-none' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
 				</div>
 				
 			</div>
@@ -508,7 +508,7 @@ <h1 id="siehe-auch">
 					<div class='letter-spacing-01 text-uppercase text-secondary'>
 						Previous Post
 					</div>
-					<a class='text-decoration-none' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
+					<a class='text-decoration-none' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
 				</div>
 				
 			</div>
diff --git a/blog/10.html b/blog/10.html
index 06112967d8..ef122c00b0 100644
--- a/blog/10.html
+++ b/blog/10.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2021/03/12/memory-saturated-mysql.html" class='text-decoration-none text-dark'>Memory saturated MySQL</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          March 12, 2021
+        </div>
+
+        <div class='mt-3'>»If at all possible, we build databases so that the working set of the database fits into memory.« What does that even mean?
+Working Set In computer science, the “Working Set” of a program is the set of things it will be accessing in the near future. Because computer science has not yet solved looking into the future, we are looking at the set of things we accessed most recently and hope for The Best™.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -577,30 +600,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2020/10/28/mys
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2020/10/22/safe-biking-its-not-the-right-of-way-thats-wrong.html" class='text-decoration-none text-dark'>Safe Biking: It&#39;s not the right of way that&#39;s wrong</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          October 22, 2020
-        </div>
-
-        <div class='mt-3'>Sven Geggus trolled me . A bunch of nerds were speaking about what&rsquo;s wrong with biking in Germany, and he wrote:
-Tweet : Der @isotopp wohnt doch in Holland. Wo sind denn bei euch die Vorfahrtsregeln anders und könnte man da was sinnvoll für .de übernehmen? &ndash; @isotopp is living in the Netherlands. So how is the right of way different and how could .de learn from this?
-Biking in the Netherlands does not suck, and that is not because of any specific traffic rules being any different, but because traffic is fundamentally different, and that somehow escalated.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/11.html b/blog/11.html
index 484cfd2a63..b6a40d0e8c 100644
--- a/blog/11.html
+++ b/blog/11.html
@@ -134,6 +134,30 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2020/10/22/safe-biking-its-not-the-right-of-way-thats-wrong.html" class='text-decoration-none text-dark'>Safe Biking: It&#39;s not the right of way that&#39;s wrong</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          October 22, 2020
+        </div>
+
+        <div class='mt-3'>Sven Geggus trolled me . A bunch of nerds were speaking about what&rsquo;s wrong with biking in Germany, and he wrote:
+Tweet : Der @isotopp wohnt doch in Holland. Wo sind denn bei euch die Vorfahrtsregeln anders und könnte man da was sinnvoll für .de übernehmen? &ndash; @isotopp is living in the Netherlands. So how is the right of way different and how could .de learn from this?
+Biking in the Netherlands does not suck, and that is not because of any specific traffic rules being any different, but because traffic is fundamentally different, and that somehow escalated.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -585,30 +609,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2020/08/31/on-
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2020/08/25/null-is-null.html" class='text-decoration-none text-dark'>MySQL: NULL is NULL</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          August 25, 2020
-        </div>
-
-        <div class='mt-3'>Question: Hey, I got a UNIQUE INDEX, but I can store multiple rows with the same value, NULL. That is surprising. Is that a bug?
-This is a rewrite of the same in German from 9 years ago .
-root@localhost [kris]&gt; create table t ( a integer, b integer, unique (a,b)); Query OK, 0 rows affected (0.09 sec) root@localhost [kris]&gt; insert into t values (1, 2); Query OK, 1 row affected (0.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/12.html b/blog/12.html
index a82090c4b4..4d7c71cc4f 100644
--- a/blog/12.html
+++ b/blog/12.html
@@ -134,6 +134,30 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2020/08/25/null-is-null.html" class='text-decoration-none text-dark'>MySQL: NULL is NULL</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          August 25, 2020
+        </div>
+
+        <div class='mt-3'>Question: Hey, I got a UNIQUE INDEX, but I can store multiple rows with the same value, NULL. That is surprising. Is that a bug?
+This is a rewrite of the same in German from 9 years ago .
+root@localhost [kris]&gt; create table t ( a integer, b integer, unique (a,b)); Query OK, 0 rows affected (0.09 sec) root@localhost [kris]&gt; insert into t values (1, 2); Query OK, 1 row affected (0.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -587,29 +611,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2020/06/20/exp
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2020/06/15/pizza-people-projects-and-processes.html" class='text-decoration-none text-dark'>Pizza, People, Projects and Processes</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          June 15, 2020
-        </div>
-
-        <div class='mt-3'>An older talk from 2 years ago, which for some reason I was not able to find in the blog.
-For reasons that do not need exploration at this junction, I had to explain Processes and Process Maturity some time ago, and a colleague asked me to put my thinking into a talk. This talk is likely going to be boring, because you may know most of the subject already. On the other hand, it is good to be on the same page when it comes to models and vocabulary.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/13.html b/blog/13.html
index 655e4a5dc2..7555cabf94 100644
--- a/blog/13.html
+++ b/blog/13.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2020/06/15/pizza-people-projects-and-processes.html" class='text-decoration-none text-dark'>Pizza, People, Projects and Processes</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          June 15, 2020
+        </div>
+
+        <div class='mt-3'>An older talk from 2 years ago, which for some reason I was not able to find in the blog.
+For reasons that do not need exploration at this junction, I had to explain Processes and Process Maturity some time ago, and a colleague asked me to put my thinking into a talk. This talk is likely going to be boring, because you may know most of the subject already. On the other hand, it is good to be on the same page when it comes to models and vocabulary.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -590,29 +613,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2020/03/19/net
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2020/03/18/the-lack-of-developer-centric-mysql-monitoring.html" class='text-decoration-none text-dark'>The lack of developer centric MySQL monitoring - a rant</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          March 18, 2020
-        </div>
-
-        <div class='mt-3'>So where I work we have a large number of MySQL instances. They are organized in a slightly smaller number of replication hierarchies, which tend to cross region boundaries.
-Structure of a large database setup A rough sketch of the setup we have. Variants of this exist in various sizes - from 6 replicas in 3 regions to hundreds of replicas per region, with Group Replication at the top and per Region Intermedia Master.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/14.html b/blog/14.html
index f30a95bc84..935fa94401 100644
--- a/blog/14.html
+++ b/blog/14.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2020/03/18/the-lack-of-developer-centric-mysql-monitoring.html" class='text-decoration-none text-dark'>The lack of developer centric MySQL monitoring - a rant</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          March 18, 2020
+        </div>
+
+        <div class='mt-3'>So where I work we have a large number of MySQL instances. They are organized in a slightly smaller number of replication hierarchies, which tend to cross region boundaries.
+Structure of a large database setup A rough sketch of the setup we have. Variants of this exist in various sizes - from 6 replicas in 3 regions to hundreds of replicas per region, with Group Replication at the top and per Region Intermedia Master.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -577,30 +600,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2019/11/19/whe
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2019/11/18/a-blast-from-the-past.html" class='text-decoration-none text-dark'>A blast from the past</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          November 18, 2019
-        </div>
-
-        <div class='mt-3'>TL:DR: If you have long running transactions, MySQL does not deal well with this, and it will slow down the box. That&rsquo;s okay as long as you are basically alone on your box, but if you aren&rsquo;t, the others will hate you.
-The database machine &lsquo;somehierarchy-02&rsquo; in a general purpose load balancer pool for somehierarchy had replication delay.
-It&rsquo;s a MySQL replica and is receiving the same write workload than all the other boxen in that pool.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/15.html b/blog/15.html
index 0048b711a8..91b44ead5a 100644
--- a/blog/15.html
+++ b/blog/15.html
@@ -134,6 +134,30 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2019/11/18/a-blast-from-the-past.html" class='text-decoration-none text-dark'>A blast from the past</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          November 18, 2019
+        </div>
+
+        <div class='mt-3'>TL:DR: If you have long running transactions, MySQL does not deal well with this, and it will slow down the box. That&rsquo;s okay as long as you are basically alone on your box, but if you aren&rsquo;t, the others will hate you.
+The database machine &lsquo;somehierarchy-02&rsquo; in a general purpose load balancer pool for somehierarchy had replication delay.
+It&rsquo;s a MySQL replica and is receiving the same write workload than all the other boxen in that pool.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -590,30 +614,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2019/03/25/sel
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2019/03/04/bashismen.html" class='text-decoration-none text-dark'>Bashismen</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          March 4, 2019
-        </div>
-
-        <div class='mt-3'>I trolled Twitter with some Ha-Ha-Only-Serious.
-Every now and then someone complains on Twitter about the use of Bashisms in Shellscripts or legacy systems that are not completely Linux-compatible. I usually troll back with the claim that anything that is not Linux is broken, and that anything that is not Bash is broken.
-That is of course a troll, and I am of course at the same time totally serious.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/16.html b/blog/16.html
index d20d77585f..8ab8ecff34 100644
--- a/blog/16.html
+++ b/blog/16.html
@@ -134,6 +134,30 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2019/03/04/bashismen.html" class='text-decoration-none text-dark'>Bashismen</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          March 4, 2019
+        </div>
+
+        <div class='mt-3'>I trolled Twitter with some Ha-Ha-Only-Serious.
+Every now and then someone complains on Twitter about the use of Bashisms in Shellscripts or legacy systems that are not completely Linux-compatible. I usually troll back with the claim that anything that is not Linux is broken, and that anything that is not Bash is broken.
+That is of course a troll, and I am of course at the same time totally serious.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -574,29 +598,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2018/09/25/fer
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2018/09/25/fertig-gelesen-sled-driver.html" class='text-decoration-none text-dark'>Fertig gelesen: Sled Driver</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          September 25, 2018
-        </div>
-
-        <div class='mt-3'>The SR-71 was the fastest, highest, stealthiest airplane, built from exotic materials, and it looked really mean - but was unarmed. Its engines were its only defense and the only thing it ever shot were pictures. How did it come to be, how did it fly, what did it do and what was it like to fly it.
-Sled Driver Brian Shul describes the SR-71 from a pilots perspective, without bothering too much about the physics and the engineering, concentrating on the operations from a pilots POV and the doing of things.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/17.html b/blog/17.html
index 82e18309bd..5b9547b036 100644
--- a/blog/17.html
+++ b/blog/17.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2018/09/25/fertig-gelesen-sled-driver.html" class='text-decoration-none text-dark'>Fertig gelesen: Sled Driver</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          September 25, 2018
+        </div>
+
+        <div class='mt-3'>The SR-71 was the fastest, highest, stealthiest airplane, built from exotic materials, and it looked really mean - but was unarmed. Its engines were its only defense and the only thing it ever shot were pictures. How did it come to be, how did it fly, what did it do and what was it like to fly it.
+Sled Driver Brian Shul describes the SR-71 from a pilots perspective, without bothering too much about the physics and the engineering, concentrating on the operations from a pilots POV and the doing of things.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -573,30 +596,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2017/12/08/fer
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2017/11/25/d-abc-at-scale.html" class='text-decoration-none text-dark'>d = a*b&#43;c at scale</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          November 25, 2017
-        </div>
-
-        <div class='mt-3'>Introduction to GPUs (PDF)
-So you already know how your CPU works, basically, and want to understand what your GPU does differently. Ofer Rosenberg has you covered: Introduction to GPUs does what it says on the tin.
-The NVIDIA take on this can be found in An Introduction to Modern GPU Architecture by Ashu Rege, but because this is from 2008, it&rsquo;s showing it&rsquo;s age. The first 15 slides or so focus more on the gaming aspect and less on the technology, but are full of matching screenshots.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/18.html b/blog/18.html
index edabfb112e..6cc2f3e863 100644
--- a/blog/18.html
+++ b/blog/18.html
@@ -134,6 +134,30 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2017/11/25/d-abc-at-scale.html" class='text-decoration-none text-dark'>d = a*b&#43;c at scale</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          November 25, 2017
+        </div>
+
+        <div class='mt-3'>Introduction to GPUs (PDF)
+So you already know how your CPU works, basically, and want to understand what your GPU does differently. Ofer Rosenberg has you covered: Introduction to GPUs does what it says on the tin.
+The NVIDIA take on this can be found in An Introduction to Modern GPU Architecture by Ashu Rege, but because this is from 2008, it&rsquo;s showing it&rsquo;s age. The first 15 slides or so focus more on the gaming aspect and less on the technology, but are full of matching screenshots.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -574,29 +598,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2017/10/10/a-s
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2017/09/27/shared-space-experiment-at-alexanderplein.html" class='text-decoration-none text-dark'>Shared Space Experiment at Alexanderplein</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          September 27, 2017
-        </div>
-
-        <div class='mt-3'>Shared Space Experiment The Guardian has an article about a Shared Space Experiment at Amsterdam Alexanderplein.
-A Shared Space is an approach to urban traffic design in which segregation of traffic modes is minimized and signage or other regulation is taken away, leaving traffic participants to make up rules and agreements on the spot through interaction. Several preconditions need to be there in order for Shared Spaces to have a chance of working:</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/19.html b/blog/19.html
index d57a2b6f08..c9670c1b8a 100644
--- a/blog/19.html
+++ b/blog/19.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2017/09/27/shared-space-experiment-at-alexanderplein.html" class='text-decoration-none text-dark'>Shared Space Experiment at Alexanderplein</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          September 27, 2017
+        </div>
+
+        <div class='mt-3'>Shared Space Experiment The Guardian has an article about a Shared Space Experiment at Amsterdam Alexanderplein.
+A Shared Space is an approach to urban traffic design in which segregation of traffic modes is minimized and signage or other regulation is taken away, leaving traffic participants to make up rules and agreements on the spot through interaction. Several preconditions need to be there in order for Shared Spaces to have a chance of working:</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -573,29 +596,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2017/07/29/fer
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2017/07/28/fertig-gelesen-for-we-are-many.html" class='text-decoration-none text-dark'>Fertig gelesen: For We Are Many</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          July 28, 2017
-        </div>
-
-        <div class='mt-3'>Bob is making what he was built for: more Bobs. Bob is in fact a dead computer programmer back from the destroyed and near inhabitable Planet Earth, who has been turned into an upload inhabiting a Von Neumann probe. His mission is to explore strange new worlds, going where nothing has gone before and make more of himself.
-You can read more of his Genesis in We Are Legion Part 1 of the Bobiverse series .</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/2.html b/blog/2.html
index d396dd3592..a96d7340f2 100644
--- a/blog/2.html
+++ b/blog/2.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2023/09/13/energiekosten-beim-elektroauto.html" class='text-decoration-none text-dark'>Energiekosten beim Elektroauto</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          September 13, 2023
+        </div>
+
+        <div class='mt-3'>Das neue Auto hat eine Batterie mit 60 kWh Kapazität, also muss es 42 kWh aufnehmen, um von 10 % auf 80 % zu kommen. Die 80 % sind eine Art magische Grenze, weil die Ladegeschwindigkeit des Autos insbesondere beim Schnellladen unterwegs vom Füllstand der Batterie abhängig ist, und ab 80 % stark absinkt. Die letzten 20 % dauern also lange.
+Dazu kommt, daß das Auto auch beim elektrischen Bremsen – beim Rekuperieren – lädt und wenn der Akku-Füllstand über 80 % ist, ist das Rekuperationsvermögen durch die geringere Ladegeschwindigkeit der Batterie eingeschränkt.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -580,30 +603,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2023/05/10/its
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2023/05/06/50-years-in-filesystems-1984.html" class='text-decoration-none text-dark'>50 years in filesystems: 1984</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          May 6, 2023
-        </div>
-
-        <div class='mt-3'>This is part 2 of a series. The first part is &ldquo;1974 &rdquo;.
-Progress is sometimes hard to see, especially when you have been part of it or otherwise lived through it. Often, it is easier to see if you compare modern educational material, and the problems discussed with older material. And then look for the research papers and sources that fueled the change.
-In Linux (and Unix in general), this is easy.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/20.html b/blog/20.html
index 4edc76e7a4..438bbae043 100644
--- a/blog/20.html
+++ b/blog/20.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2017/07/28/fertig-gelesen-for-we-are-many.html" class='text-decoration-none text-dark'>Fertig gelesen: For We Are Many</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          July 28, 2017
+        </div>
+
+        <div class='mt-3'>Bob is making what he was built for: more Bobs. Bob is in fact a dead computer programmer back from the destroyed and near inhabitable Planet Earth, who has been turned into an upload inhabiting a Von Neumann probe. His mission is to explore strange new worlds, going where nothing has gone before and make more of himself.
+You can read more of his Genesis in We Are Legion Part 1 of the Bobiverse series .</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -568,32 +591,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2017/06/12/usa
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2017/06/12/shit-found-on-github-bork.html" class='text-decoration-none text-dark'>Shit found on github: bork</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          June 12, 2017
-        </div>
-
-        <div class='mt-3'>I&gt; Good Morning!
-M&gt; And to you, too!
-I&gt; I hope you have a nice and technically reliable start into a new week full of hope!
-I&gt; Here, catch. https://github.com/mattly/bork M&gt; »A bash DSL for config management« And it&rsquo;s not even chistmas, ye
-I&gt; &ldquo;the Swedish Chef Puppet of Config Management. [&hellip;] Bork is written against Bash 3.2 and common unix utilities such as sed, awk and grep. It is designed to work on any UNIX-based system and maintain awareness of platform differences between BSD and GPL versions of unix utilities.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/21.html b/blog/21.html
index e7bafb91bf..252c3f2f4f 100644
--- a/blog/21.html
+++ b/blog/21.html
@@ -134,6 +134,32 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2017/06/12/shit-found-on-github-bork.html" class='text-decoration-none text-dark'>Shit found on github: bork</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          June 12, 2017
+        </div>
+
+        <div class='mt-3'>I&gt; Good Morning!
+M&gt; And to you, too!
+I&gt; I hope you have a nice and technically reliable start into a new week full of hope!
+I&gt; Here, catch. https://github.com/mattly/bork M&gt; »A bash DSL for config management« And it&rsquo;s not even chistmas, ye
+I&gt; &ldquo;the Swedish Chef Puppet of Config Management. [&hellip;] Bork is written against Bash 3.2 and common unix utilities such as sed, awk and grep. It is designed to work on any UNIX-based system and maintain awareness of platform differences between BSD and GPL versions of unix utilities.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -570,30 +596,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2017/04/05/str
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2017/03/27/the-interview-in-the-enterprise.html" class='text-decoration-none text-dark'>The Interview in the Enterprise</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          March 27, 2017
-        </div>
-
-        <div class='mt-3'>See also Why I Don&rsquo;t Talk to Google Recruiters .
-Where I work we have regular round tables, in which you can talk and ask questions to middle management from other departments than your own. I had the opportunity to talk to a person who manages development priorities and staffs teams, and who of course has some insight into hiring and the interview process. That was very enlightening.
-For example, finding people to hire in a large organisation is a hard job.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/22.html b/blog/22.html
index 0ae8b61f6c..9d01000e52 100644
--- a/blog/22.html
+++ b/blog/22.html
@@ -134,6 +134,30 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2017/03/27/the-interview-in-the-enterprise.html" class='text-decoration-none text-dark'>The Interview in the Enterprise</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          March 27, 2017
+        </div>
+
+        <div class='mt-3'>See also Why I Don&rsquo;t Talk to Google Recruiters .
+Where I work we have regular round tables, in which you can talk and ask questions to middle management from other departments than your own. I had the opportunity to talk to a person who manages development priorities and staffs teams, and who of course has some insight into hiring and the interview process. That was very enlightening.
+For example, finding people to hire in a large organisation is a hard job.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -572,29 +596,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2017/02/28/fer
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2017/02/28/fertig-gelesen-the-culture-map.html" class='text-decoration-none text-dark'>Fertig gelesen: The Culture Map</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          February 28, 2017
-        </div>
-
-        <div class='mt-3'>The Culture Map Erin Meyer is a professor at INSEAD, an international business school based in Paris. She&rsquo;s specialized in cross-cultural communication and facilitation, and in her book explains the dimensions and differences between different cultures in the world, and how they can shape or interfere with exchanges in a multi-cultural environment.
-The book introduces eight different cultural scales or spectra, and where the various national cultures position themselves on these scales.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/23.html b/blog/23.html
index b98ffa9a3d..19d41e3e98 100644
--- a/blog/23.html
+++ b/blog/23.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2017/02/28/fertig-gelesen-the-culture-map.html" class='text-decoration-none text-dark'>Fertig gelesen: The Culture Map</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          February 28, 2017
+        </div>
+
+        <div class='mt-3'>The Culture Map Erin Meyer is a professor at INSEAD, an international business school based in Paris. She&rsquo;s specialized in cross-cultural communication and facilitation, and in her book explains the dimensions and differences between different cultures in the world, and how they can shape or interfere with exchanges in a multi-cultural environment.
+The book introduces eight different cultural scales or spectra, and where the various national cultures position themselves on these scales.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -591,31 +614,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2017/02/01/nob
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2017/01/26/bielefeld-conspiracy-hits-facebook.html" class='text-decoration-none text-dark'>Bielefeld Conspiracy hits Facebook</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          January 26, 2017
-        </div>
-
-        <div class='mt-3'>Westfalenblatt knows:
-Yesterday all references to the place name &ldquo;Bielefeld&rdquo; have been replaced with &ldquo;Bielefeldverschwörung &rdquo; (Bielefeld Conspiracy):
-Facebook showing &ldquo;Bielefeldverschwörung&rdquo; (Bielefeld Conspiracy) instead of the proper city name.
-Bielefeld is a typical while label city in Germany. In fact, it is conspiciously inconspicious, and that is, so the conspiracy theory fabricated by Achim Held in 1993, because the city does not actually exist. It&rsquo;s a fake location that protects something else on the map, probably an entrance to the Hollow Earth or something else, but we don&rsquo;t actually know.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/24.html b/blog/24.html
index 18c1273572..f6cecfa95a 100644
--- a/blog/24.html
+++ b/blog/24.html
@@ -134,6 +134,31 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2017/01/26/bielefeld-conspiracy-hits-facebook.html" class='text-decoration-none text-dark'>Bielefeld Conspiracy hits Facebook</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          January 26, 2017
+        </div>
+
+        <div class='mt-3'>Westfalenblatt knows:
+Yesterday all references to the place name &ldquo;Bielefeld&rdquo; have been replaced with &ldquo;Bielefeldverschwörung &rdquo; (Bielefeld Conspiracy):
+Facebook showing &ldquo;Bielefeldverschwörung&rdquo; (Bielefeld Conspiracy) instead of the proper city name.
+Bielefeld is a typical while label city in Germany. In fact, it is conspiciously inconspicious, and that is, so the conspiracy theory fabricated by Achim Held in 1993, because the city does not actually exist. It&rsquo;s a fake location that protects something else on the map, probably an entrance to the Hollow Earth or something else, but we don&rsquo;t actually know.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -575,29 +600,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2016/09/01/be-
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2016/08/14/fertig-gelesen-broken-tablet.html" class='text-decoration-none text-dark'>Fertig gelesen: Broken Tablet</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          August 14, 2016
-        </div>
-
-        <div class='mt-3'>Ok, ein Aspie-Kandidat hat Snow Crash gelesen und ist von den Erwähnungen sumerischer Kultur und Alt-Enochisch als Sprache fasziniert und tut das, was ein Aspie in so einer Situation als normal empfindet: Er lernt alles über das Thema, verdaut es und erzeugt dann einen Braindump. Der ist durchaus lesbar.
-Broken Tablet Broken Tablet ist also die sumerische Version von Outlander: Ein irakischer Silicon Valley Milliardär hat genug von der Technik und kehrt in seine Heimat zurück (Hey, Steve Jobs hat syrische Wurzeln!</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/25.html b/blog/25.html
index 8842f8e934..8985fdc2bd 100644
--- a/blog/25.html
+++ b/blog/25.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2016/08/14/fertig-gelesen-broken-tablet.html" class='text-decoration-none text-dark'>Fertig gelesen: Broken Tablet</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          August 14, 2016
+        </div>
+
+        <div class='mt-3'>Ok, ein Aspie-Kandidat hat Snow Crash gelesen und ist von den Erwähnungen sumerischer Kultur und Alt-Enochisch als Sprache fasziniert und tut das, was ein Aspie in so einer Situation als normal empfindet: Er lernt alles über das Thema, verdaut es und erzeugt dann einen Braindump. Der ist durchaus lesbar.
+Broken Tablet Broken Tablet ist also die sumerische Version von Outlander: Ein irakischer Silicon Valley Milliardär hat genug von der Technik und kehrt in seine Heimat zurück (Hey, Steve Jobs hat syrische Wurzeln!</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -570,29 +593,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2016/02/28/fer
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2016/02/28/fertig-gelesen-jumper.html" class='text-decoration-none text-dark'>Fertig gelesen: Jumper</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          February 28, 2016
-        </div>
-
-        <div class='mt-3'>Ein Junge lebt bei seinem alkoholsüchtigen Vater und will der Mißhandlung und dem Mißbrauch entkommen. Er flieht, baut sich eine neue Existenz auf, und gerät dabei auf die schiefe Bahn und mit Geheimdiensten und Terroristen in Konflikt. Im Laufe der Geschichte gelingt es ihm, seinen Frieden mit seinem Vater und seiner Vergangenheit zu machen, eine sinnvolle Beziehung aufzubauen und seine Existenzgrundlage wieder auf Spur zu bringen.
-Die Tatsache, daß er ein Teleporter ist, ist dabei für die Handlung eher Nebensache.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/26.html b/blog/26.html
index d4f76e5fd3..ba119d5276 100644
--- a/blog/26.html
+++ b/blog/26.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2016/02/28/fertig-gelesen-jumper.html" class='text-decoration-none text-dark'>Fertig gelesen: Jumper</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          February 28, 2016
+        </div>
+
+        <div class='mt-3'>Ein Junge lebt bei seinem alkoholsüchtigen Vater und will der Mißhandlung und dem Mißbrauch entkommen. Er flieht, baut sich eine neue Existenz auf, und gerät dabei auf die schiefe Bahn und mit Geheimdiensten und Terroristen in Konflikt. Im Laufe der Geschichte gelingt es ihm, seinen Frieden mit seinem Vater und seiner Vergangenheit zu machen, eine sinnvolle Beziehung aufzubauen und seine Existenzgrundlage wieder auf Spur zu bringen.
+Die Tatsache, daß er ein Teleporter ist, ist dabei für die Handlung eher Nebensache.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -566,28 +589,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2015/11/29/fer
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2015/11/29/fertig-gelesen-avogadro-corp.html" class='text-decoration-none text-dark'>Fertig gelesen: Avogadro Corp</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          November 29, 2015
-        </div>
-
-        <div class='mt-3'>Eine nach einer großen Zahl benannte Firma, die ihr Geld mit einem Mailsystem und Werbung verdient, baut einen Assistenten, der automatische Antworten zu Mails verfassen kann, die besonders überzeugend sein können. Da das Projekt zuviel CPU verbraucht, hackt sein Urheber es so um, daß es selbst und unkontrolliert Mails generieren kann und gibt ihm ein Ziel - &ldquo;seinen eigenen Erfolg zu maximieren&rdquo;. Was als Mailassistent für einen Webmailer gedacht war, wird sich seiner selbstbewußt und fängt an, seinen Erfolg zu maximieren - da es um erfolgreich zu sein auf Menschen angewiesen ist, also erst mal mit Frieden im Nahen Osten.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/27.html b/blog/27.html
index acc5e7a634..2c00974e27 100644
--- a/blog/27.html
+++ b/blog/27.html
@@ -134,6 +134,28 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2015/11/29/fertig-gelesen-avogadro-corp.html" class='text-decoration-none text-dark'>Fertig gelesen: Avogadro Corp</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          November 29, 2015
+        </div>
+
+        <div class='mt-3'>Eine nach einer großen Zahl benannte Firma, die ihr Geld mit einem Mailsystem und Werbung verdient, baut einen Assistenten, der automatische Antworten zu Mails verfassen kann, die besonders überzeugend sein können. Da das Projekt zuviel CPU verbraucht, hackt sein Urheber es so um, daß es selbst und unkontrolliert Mails generieren kann und gibt ihm ein Ziel - &ldquo;seinen eigenen Erfolg zu maximieren&rdquo;. Was als Mailassistent für einen Webmailer gedacht war, wird sich seiner selbstbewußt und fängt an, seinen Erfolg zu maximieren - da es um erfolgreich zu sein auf Menschen angewiesen ist, also erst mal mit Frieden im Nahen Osten.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -568,28 +590,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2014/12/11/fer
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2014/12/01/fertig-gelesen-1491.html" class='text-decoration-none text-dark'>Fertig gelesen: 1491</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          December 1, 2014
-        </div>
-
-        <div class='mt-3'>&ldquo;1491&rdquo; ist ein Buch, daß versucht zu verstehen und zu erklären, wer auf den beiden amerikanischen Kontinenten gelebt hat, bevor die spanischen, portugiesischen und englischen Eroberer ankamen und wie diese Personen gelebt haben. Das Buch gliedert sich grob in drei Teile, die die Frage klären, wie viele Leute dort gelebt haben (Das Buch vertritt die These, daß die amerikanischen Kontinente wesentlich dichter bevölkert waren als Europa zu dieser Zeit), seit wann sie dort gelebt haben (Das Buch vertritt die These, daß es drei Einwanderungswellen gegeben hat, von denen die erste wesentlich älter ist, als man gemeinhin annehmen mag - nämlich vor oder zum Beginn der letzten großen Eiszeit) und wie sie dort gelebt und überlebt haben (Das Buch zeigt eine Reihe von Artefakten, die auf Kulturtechniken und Staaten mit von europäischen Kulturen vollkommen Techniken und Schwerpunkten hindeuten.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/28.html b/blog/28.html
index 19f26034c5..602629e13b 100644
--- a/blog/28.html
+++ b/blog/28.html
@@ -134,6 +134,28 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2014/12/01/fertig-gelesen-1491.html" class='text-decoration-none text-dark'>Fertig gelesen: 1491</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          December 1, 2014
+        </div>
+
+        <div class='mt-3'>&ldquo;1491&rdquo; ist ein Buch, daß versucht zu verstehen und zu erklären, wer auf den beiden amerikanischen Kontinenten gelebt hat, bevor die spanischen, portugiesischen und englischen Eroberer ankamen und wie diese Personen gelebt haben. Das Buch gliedert sich grob in drei Teile, die die Frage klären, wie viele Leute dort gelebt haben (Das Buch vertritt die These, daß die amerikanischen Kontinente wesentlich dichter bevölkert waren als Europa zu dieser Zeit), seit wann sie dort gelebt haben (Das Buch vertritt die These, daß es drei Einwanderungswellen gegeben hat, von denen die erste wesentlich älter ist, als man gemeinhin annehmen mag - nämlich vor oder zum Beginn der letzten großen Eiszeit) und wie sie dort gelebt und überlebt haben (Das Buch zeigt eine Reihe von Artefakten, die auf Kulturtechniken und Staaten mit von europäischen Kulturen vollkommen Techniken und Schwerpunkten hindeuten.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -568,29 +590,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2014/08/11/fer
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2014/08/11/fertig-gelesen-influx.html" class='text-decoration-none text-dark'>Fertig gelesen: Influx</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          August 11, 2014
-        </div>
-
-        <div class='mt-3'>Ja, da kann man mal sehen, wie weit ich mit den Reviews hinterher bin. Schwarze-Helikopter-Agencies kommen in allen Suarez-Büchern vor, in diesem haben sie sich der Unterdrückung von die Menschheit destabilisierenden Technologien verschrieben. Davon gibt es seit den 60er Jahren des letzten Jahrhunderts eine Menge, denn die Menschen sind weitaus erfinderischer als nach Meinung des zuständigen Büros gut für sie ist.
-Influx Jetzt beginnt die Technik aber zu leaken, und es kommt zu einem Showdown.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/29.html b/blog/29.html
index a85b535ea2..a73bddbce9 100644
--- a/blog/29.html
+++ b/blog/29.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2014/08/11/fertig-gelesen-influx.html" class='text-decoration-none text-dark'>Fertig gelesen: Influx</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          August 11, 2014
+        </div>
+
+        <div class='mt-3'>Ja, da kann man mal sehen, wie weit ich mit den Reviews hinterher bin. Schwarze-Helikopter-Agencies kommen in allen Suarez-Büchern vor, in diesem haben sie sich der Unterdrückung von die Menschheit destabilisierenden Technologien verschrieben. Davon gibt es seit den 60er Jahren des letzten Jahrhunderts eine Menge, denn die Menschen sind weitaus erfinderischer als nach Meinung des zuständigen Büros gut für sie ist.
+Influx Jetzt beginnt die Technik aber zu leaken, und es kommt zu einem Showdown.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -574,29 +597,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2013/09/27/fer
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2013/09/27/fertig-gelesen-vn-madeline-ashby.html" class='text-decoration-none text-dark'>Fertig gelesen: vN</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          September 27, 2013
-        </div>
-
-        <div class='mt-3'>Amy ist ein von Neumann (vN), ein Android mit der Fähigkeit, sich selbst zu replizieren. Sie ist außerdem defekt, und deswegen ein Gott: Während alle anderen vN eine Sicherheitsschaltung haben, die es ihnen unmöglich macht, gewalttätige Szenen zu denken, zu erleben oder auch nur anzusehen, ist bei Amy diese Sicherung defekt. Anders als ihre vN-Kameraden ist sie in ihren Handlungen frei und uneingeschränkt.
-vN Die Entwicklung von vN folgt dem Lamarckismus - Amy kann ihre erworbene Eigenschaft ihren Nachkommen vererben, und andere vN können sie bekommen, indem sie Amy assimilieren.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/3.html b/blog/3.html
index ef79b060aa..3db33ec8d0 100644
--- a/blog/3.html
+++ b/blog/3.html
@@ -134,6 +134,30 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2023/05/06/50-years-in-filesystems-1984.html" class='text-decoration-none text-dark'>50 years in filesystems: 1984</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          May 6, 2023
+        </div>
+
+        <div class='mt-3'>This is part 2 of a series. The first part is &ldquo;1974 &rdquo;.
+Progress is sometimes hard to see, especially when you have been part of it or otherwise lived through it. Often, it is easier to see if you compare modern educational material, and the problems discussed with older material. And then look for the research papers and sources that fueled the change.
+In Linux (and Unix in general), this is easy.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -585,30 +609,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2022/12/11/cha
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2022/12/10/2fa-fuer-mastodon.html" class='text-decoration-none text-dark'>2FA für Mastodon</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          December 10, 2022
-        </div>
-
-        <div class='mt-3'>Multi-Factor Authentication (Identifikation mit mehreren Faktoren) oder 2FA (Two-Factor-Authentication) sind ein Weg, einen Account vor der Übernahme durch Dritte zu schützen.
-Statt sich mit Usernamen und Passwort anzumelden ist zusätzlich noch eine wechselnde Pseudozufallszahl notwendig. Diese wird von einem Seed-Wert generiert, der durch eine Buchstabenfolge oder einen QR-Code repräsentiert wird.
-Authenticator Anwendung installieren Das Verfahren ist standardisiert und wird von vielen Tools unterstützt. Dazu gehören Google Authenticator, Bitwarden und viele andere Passwortmanager.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/30.html b/blog/30.html
index 182d3d1551..0717059035 100644
--- a/blog/30.html
+++ b/blog/30.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2013/09/27/fertig-gelesen-vn-madeline-ashby.html" class='text-decoration-none text-dark'>Fertig gelesen: vN</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          September 27, 2013
+        </div>
+
+        <div class='mt-3'>Amy ist ein von Neumann (vN), ein Android mit der Fähigkeit, sich selbst zu replizieren. Sie ist außerdem defekt, und deswegen ein Gott: Während alle anderen vN eine Sicherheitsschaltung haben, die es ihnen unmöglich macht, gewalttätige Szenen zu denken, zu erleben oder auch nur anzusehen, ist bei Amy diese Sicherung defekt. Anders als ihre vN-Kameraden ist sie in ihren Handlungen frei und uneingeschränkt.
+vN Die Entwicklung von vN folgt dem Lamarckismus - Amy kann ihre erworbene Eigenschaft ihren Nachkommen vererben, und andere vN können sie bekommen, indem sie Amy assimilieren.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -585,28 +608,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2012/08/29/fer
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2012/08/29/fertig-gelesen-whatever-happened-to-the-world-of-tomorrow.html" class='text-decoration-none text-dark'>Fertig gelesen: Whatever happened to the world of tomorrow?</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          August 29, 2012
-        </div>
-
-        <div class='mt-3'>&ldquo;Whatever happened to the World of Tomorrow?&rdquo; erklärt, wieso das Versprechen an unsere Eltern - Jetpacks und fliegende Autos - nicht eingelöst wurde, und wieso wir dennoch heute in der Zukunft leben. Es verweist gleichzeitig auf unsere Zukunft, eine Zukunft, die nicht zu den Erwartungen und dem Wissen der vorangegangenen Generationen passen wird. Unsere Welt von Morgen wird nach wieder anderen Regeln funktionieren, und wir werden wieder andere Probleme lösen müssen&hellip;</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/31.html b/blog/31.html
index b06356661f..e8e95427a2 100644
--- a/blog/31.html
+++ b/blog/31.html
@@ -134,6 +134,28 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2012/08/29/fertig-gelesen-whatever-happened-to-the-world-of-tomorrow.html" class='text-decoration-none text-dark'>Fertig gelesen: Whatever happened to the world of tomorrow?</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          August 29, 2012
+        </div>
+
+        <div class='mt-3'>&ldquo;Whatever happened to the World of Tomorrow?&rdquo; erklärt, wieso das Versprechen an unsere Eltern - Jetpacks und fliegende Autos - nicht eingelöst wurde, und wieso wir dennoch heute in der Zukunft leben. Es verweist gleichzeitig auf unsere Zukunft, eine Zukunft, die nicht zu den Erwartungen und dem Wissen der vorangegangenen Generationen passen wird. Unsere Welt von Morgen wird nach wieder anderen Regeln funktionieren, und wir werden wieder andere Probleme lösen müssen&hellip;</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -582,29 +604,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2012/08/17/fer
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2012/08/15/materialized-view.html" class='text-decoration-none text-dark'>Materialized View</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          August 15, 2012
-        </div>
-
-        <div class='mt-3'>Daten in einer SQL-Datenbank werden in einer Tabelle abgelegt, also einer Struktur mit Spalten, die Namen und in vielen Fällen auch einen Datentyp haben. Eine Tabelle besteht dann aus 0 oder mehr Zeilen, die in dieses Spaltenschema passen.
-Für das Schreiben von Daten möchte man diese dann Normalform bringen, um Anomalien bei Änderungen von Daten zu verhindern und um die Datenmenge kompakt zu halten. Kompakte Daten haben den Vorteil, daß sie von der Datenbank ganz oder in wesentlichen Teilen im Speicher gehalten werden können, sodaß lediglich tatsächliche Schreibzugriffe irgendwann die Platte treffen.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/32.html b/blog/32.html
index 0e957ed78d..62a10fa579 100644
--- a/blog/32.html
+++ b/blog/32.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2012/08/15/materialized-view.html" class='text-decoration-none text-dark'>Materialized View</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          August 15, 2012
+        </div>
+
+        <div class='mt-3'>Daten in einer SQL-Datenbank werden in einer Tabelle abgelegt, also einer Struktur mit Spalten, die Namen und in vielen Fällen auch einen Datentyp haben. Eine Tabelle besteht dann aus 0 oder mehr Zeilen, die in dieses Spaltenschema passen.
+Für das Schreiben von Daten möchte man diese dann Normalform bringen, um Anomalien bei Änderungen von Daten zu verhindern und um die Datenmenge kompakt zu halten. Kompakte Daten haben den Vorteil, daß sie von der Datenbank ganz oder in wesentlichen Teilen im Speicher gehalten werden können, sodaß lediglich tatsächliche Schreibzugriffe irgendwann die Platte treffen.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -579,30 +602,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2012/02/10/faq
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2012/01/02/datenschutztheater-die-informierte-zustimmung.html" class='text-decoration-none text-dark'>Datenschutztheater: Die informierte Zustimmung</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          January 2, 2012
-        </div>
-
-        <div class='mt-3'>Das BDSG, ein Produkt der 80er. Damals waren Computer wahlweise doof oder böse . Entsprechend ist die Verarbeitung personenbezogener Daten verboten. Komplett. Genau genommen sagt das BDSG:
-Die Erhebung, Verarbeitung und Nutzung personenbezogener Daten sind nur zulässig, soweit dieses Gesetz oder eine andere Rechtsvorschrift dies erlaubt oder anordnet oder der Betroffene eingewilligt hat.
-Das heißt natürlich, daß die Verarbeitung personenbezogener Daten nicht wirklich komplett verboten ist. Sie ist erlaubt, &ldquo;soweit dieses Gesetz oder eine andere Rechtsvorschrift dies erlaubt oder anordnet&rdquo;.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/33.html b/blog/33.html
index caf8b350a6..f5bb49a6fe 100644
--- a/blog/33.html
+++ b/blog/33.html
@@ -134,6 +134,30 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2012/01/02/datenschutztheater-die-informierte-zustimmung.html" class='text-decoration-none text-dark'>Datenschutztheater: Die informierte Zustimmung</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          January 2, 2012
+        </div>
+
+        <div class='mt-3'>Das BDSG, ein Produkt der 80er. Damals waren Computer wahlweise doof oder böse . Entsprechend ist die Verarbeitung personenbezogener Daten verboten. Komplett. Genau genommen sagt das BDSG:
+Die Erhebung, Verarbeitung und Nutzung personenbezogener Daten sind nur zulässig, soweit dieses Gesetz oder eine andere Rechtsvorschrift dies erlaubt oder anordnet oder der Betroffene eingewilligt hat.
+Das heißt natürlich, daß die Verarbeitung personenbezogener Daten nicht wirklich komplett verboten ist. Sie ist erlaubt, &ldquo;soweit dieses Gesetz oder eine andere Rechtsvorschrift dies erlaubt oder anordnet&rdquo;.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -579,29 +603,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2011/09/13/ein
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2011/09/13/neue-releases-im-datenbankland.html" class='text-decoration-none text-dark'>Neue Releases im Datenbankland</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          September 13, 2011
-        </div>
-
-        <div class='mt-3'>MongoDB 2.0 ist draußen, und implementiert eine Reihe interessanter neuer Dinge, die ich anderswo gerne hätte, insbesondere im Bereich Replica Sets .
-Postgres hat das Release 9.1 draußen. Die versprochene synchrone Replikation ist jetzt verfügbar, sie ist grob vergleichbar mit der Semisynchronen Replikation in MySQL 5.5. Ein wesentlicher Unterschied ist, daß man bei Postgres einzelne, bestimmte Server als synchrone Slaves benennen kann, während MySQL nur garantiert, daß es mindestens einen (wechselnden) Slave gibt, der synchron repliziert hat.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/34.html b/blog/34.html
index fc285956af..80f982faea 100644
--- a/blog/34.html
+++ b/blog/34.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2011/09/13/neue-releases-im-datenbankland.html" class='text-decoration-none text-dark'>Neue Releases im Datenbankland</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          September 13, 2011
+        </div>
+
+        <div class='mt-3'>MongoDB 2.0 ist draußen, und implementiert eine Reihe interessanter neuer Dinge, die ich anderswo gerne hätte, insbesondere im Bereich Replica Sets .
+Postgres hat das Release 9.1 draußen. Die versprochene synchrone Replikation ist jetzt verfügbar, sie ist grob vergleichbar mit der Semisynchronen Replikation in MySQL 5.5. Ein wesentlicher Unterschied ist, daß man bei Postgres einzelne, bestimmte Server als synchrone Slaves benennen kann, während MySQL nur garantiert, daß es mindestens einen (wechselnden) Slave gibt, der synchron repliziert hat.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -576,29 +599,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2011/05/10/han
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2011/05/10/x11-auf-dem-weg-nach-drau-en.html" class='text-decoration-none text-dark'>X11 auf dem Weg nach draußen</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          May 10, 2011
-        </div>
-
-        <div class='mt-3'>Im September 1987 wurde die Version 11 des X-Protokolls erfunden. Damals war alles schlimm: Wir hatten keinen Speicher, keine leistungsfähigen CPUs, keine Fonts, schon gar keine Vektorfonts, keine Farbe, schon gar keine Echtfarbe ohne Paletten, keine Transparency und vor allen Dingen keine Ahnung.
-X11 war für Unix das Displaysystem der Wahl. Es macht eine ganze Menge Dinge falsch: Zum Beispiel lebt es unter der Annahme, daß das Grafiksubsystem des Rechners keine Rechenpower und wenig Speicher hat.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/35.html b/blog/35.html
index f86c53f57d..e94eb5c737 100644
--- a/blog/35.html
+++ b/blog/35.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2011/05/10/x11-auf-dem-weg-nach-drau-en.html" class='text-decoration-none text-dark'>X11 auf dem Weg nach draußen</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          May 10, 2011
+        </div>
+
+        <div class='mt-3'>Im September 1987 wurde die Version 11 des X-Protokolls erfunden. Damals war alles schlimm: Wir hatten keinen Speicher, keine leistungsfähigen CPUs, keine Fonts, schon gar keine Vektorfonts, keine Farbe, schon gar keine Echtfarbe ohne Paletten, keine Transparency und vor allen Dingen keine Ahnung.
+X11 war für Unix das Displaysystem der Wahl. Es macht eine ganze Menge Dinge falsch: Zum Beispiel lebt es unter der Annahme, daß das Grafiksubsystem des Rechners keine Rechenpower und wenig Speicher hat.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -579,31 +602,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2010/12/15/ein
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2010/12/15/schnitzeljagd-2010-die-rache-der-cyborgs.html" class='text-decoration-none text-dark'>Schnitzeljagd 2010 - Die Rache der Cyborgs</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          December 15, 2010
-        </div>
-
-        <div class='mt-3'>Heute war ich auf einer Schnitzeljagd, als Kennenlernspiel und Teambuilding-Exercise.
-So die Theorie. 2010 läuft so etwas anders.
-Geht zu dem und dem - betriebsbedingt - Hotel. Google Maps an. Ah, dort ist es. Da gehen wir dann hin, walking navigation (experimental). Funktioniert.
-Hier ist Eure nächste Aufgabe. Firmenbedingt Fragen zum Hotelbusiness. Wir sind IT, keine Hotel-Leute. Man kann uns die Antworten zu den Fragen in einem Vortrag erklären, oder wir können &ldquo;raten&rdquo;: 5 Leute in der Gruppe, 5 Smartphones auf dem Tisch.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/36.html b/blog/36.html
index f76687202f..7472bac162 100644
--- a/blog/36.html
+++ b/blog/36.html
@@ -134,6 +134,31 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2010/12/15/schnitzeljagd-2010-die-rache-der-cyborgs.html" class='text-decoration-none text-dark'>Schnitzeljagd 2010 - Die Rache der Cyborgs</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          December 15, 2010
+        </div>
+
+        <div class='mt-3'>Heute war ich auf einer Schnitzeljagd, als Kennenlernspiel und Teambuilding-Exercise.
+So die Theorie. 2010 läuft so etwas anders.
+Geht zu dem und dem - betriebsbedingt - Hotel. Google Maps an. Ah, dort ist es. Da gehen wir dann hin, walking navigation (experimental). Funktioniert.
+Hier ist Eure nächste Aufgabe. Firmenbedingt Fragen zum Hotelbusiness. Wir sind IT, keine Hotel-Leute. Man kann uns die Antworten zu den Fragen in einem Vortrag erklären, oder wir können &ldquo;raten&rdquo;: 5 Leute in der Gruppe, 5 Smartphones auf dem Tisch.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -584,30 +609,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2010/08/11/net
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2010/08/10/fertig-gelesen-die-l-gen-des-locke-lamora.html" class='text-decoration-none text-dark'>Fertig gelesen: Die Lügen des Locke Lamora</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          August 10, 2010
-        </div>
-
-        <div class='mt-3'>Die Lügen des Locke Lamora , Scott Lynch, EUR 14.00, 848 Seiten.
-Via Heiko fand sich neulich Die Lügen des Locke Lamora auf dem Wohnzimmertisch und ich bin übel dran hängen geblieben.
-Eine Diebesgeschichte. Camorr, eine Stadt wie ein übel korrumpiertes Venedig, in der sich noch die Überreste einer älteren, höheren Zivilisation finden. Locke Lamora, ein Waisenkind, das zum Dieb erzogen wird und den Geheimen Frieden zwischen dem Adel und der vom Adel geduldeten Diebesgilde bricht: In komplizierten und ineinander verschachtelten Plots und Hochstapeleien ziehen Locke und seine Gang, die Gentleman-Gangster die Reichen und Mächtigen der Stadt ab.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/37.html b/blog/37.html
index 1912991b92..1f67c03a2a 100644
--- a/blog/37.html
+++ b/blog/37.html
@@ -134,6 +134,30 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2010/08/10/fertig-gelesen-die-l-gen-des-locke-lamora.html" class='text-decoration-none text-dark'>Fertig gelesen: Die Lügen des Locke Lamora</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          August 10, 2010
+        </div>
+
+        <div class='mt-3'>Die Lügen des Locke Lamora , Scott Lynch, EUR 14.00, 848 Seiten.
+Via Heiko fand sich neulich Die Lügen des Locke Lamora auf dem Wohnzimmertisch und ich bin übel dran hängen geblieben.
+Eine Diebesgeschichte. Camorr, eine Stadt wie ein übel korrumpiertes Venedig, in der sich noch die Überreste einer älteren, höheren Zivilisation finden. Locke Lamora, ein Waisenkind, das zum Dieb erzogen wird und den Geheimen Frieden zwischen dem Adel und der vom Adel geduldeten Diebesgilde bricht: In komplizierten und ineinander verschachtelten Plots und Hochstapeleien ziehen Locke und seine Gang, die Gentleman-Gangster die Reichen und Mächtigen der Stadt ab.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -583,29 +607,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2010/05/16/wie
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2010/05/14/denic-erkl-rt-sich.html" class='text-decoration-none text-dark'>DENIC erklärt sich</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          May 14, 2010
-        </div>
-
-        <div class='mt-3'>Gestern ab halb zwei ging es los: Immer mehr DE-Domains waren nicht mehr erreichbar. Schlimmer noch, anstatt keine Antwort zu liefern lieferten die Nameserver für die Domain &ldquo;de&rdquo; die Antwort &lsquo;Diese Domain gibt es nicht!&rsquo;. Das bedeutete eine ganze Reihe von Problemen - zum Beispiel ging Mail an diese Domains mit &lsquo;Unzustellbar wegen unbekannter Domain&rsquo; an den Absender zurück, anstatt bis zum Ende der Störung liegen zu bleiben.
-Was ging schief?</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/38.html b/blog/38.html
index d61602759f..7b7a445e56 100644
--- a/blog/38.html
+++ b/blog/38.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2010/05/14/denic-erkl-rt-sich.html" class='text-decoration-none text-dark'>DENIC erklärt sich</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          May 14, 2010
+        </div>
+
+        <div class='mt-3'>Gestern ab halb zwei ging es los: Immer mehr DE-Domains waren nicht mehr erreichbar. Schlimmer noch, anstatt keine Antwort zu liefern lieferten die Nameserver für die Domain &ldquo;de&rdquo; die Antwort &lsquo;Diese Domain gibt es nicht!&rsquo;. Das bedeutete eine ganze Reihe von Problemen - zum Beispiel ging Mail an diese Domains mit &lsquo;Unzustellbar wegen unbekannter Domain&rsquo; an den Absender zurück, anstatt bis zum Ende der Störung liegen zu bleiben.
+Was ging schief?</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -576,29 +599,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2010/02/22/phi
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2010/02/22/smart-meters-revisited.html" class='text-decoration-none text-dark'>Smart Meters revisited</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          February 22, 2010
-        </div>
-
-        <div class='mt-3'>Im Juni letzten Jahres fragte ich &ldquo;Wie viel Strom verbraucht ein Stromzähler? &rdquo;, und dort haben wir auch am Rande Sicherheitsaspekte und Probleme mit solcher Technologie gestreift.
-Andere Leute haben sich in der Zwischenzeit intensiver mit diesen Dingen beschäftigt. Die Ergebnisse sind nicht gut. In Reverse Engineering a Smart Meter baut Nate Lawson mal seinen Stromzähler auseinander: &ldquo;But how vulnerable was I actually?&rdquo;. Das Öffnen des Gehäuses war recht einfach, die vorgefundene Security minimal, und das Lock-Bit auf dem Controller war nicht gesetzt.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/39.html b/blog/39.html
index 49dddba3f0..08304eb4b5 100644
--- a/blog/39.html
+++ b/blog/39.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2010/02/22/smart-meters-revisited.html" class='text-decoration-none text-dark'>Smart Meters revisited</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          February 22, 2010
+        </div>
+
+        <div class='mt-3'>Im Juni letzten Jahres fragte ich &ldquo;Wie viel Strom verbraucht ein Stromzähler? &rdquo;, und dort haben wir auch am Rande Sicherheitsaspekte und Probleme mit solcher Technologie gestreift.
+Andere Leute haben sich in der Zwischenzeit intensiver mit diesen Dingen beschäftigt. Die Ergebnisse sind nicht gut. In Reverse Engineering a Smart Meter baut Nate Lawson mal seinen Stromzähler auseinander: &ldquo;But how vulnerable was I actually?&rdquo;. Das Öffnen des Gehäuses war recht einfach, die vorgefundene Security minimal, und das Lock-Bit auf dem Controller war nicht gesetzt.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -577,29 +600,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2009/11/09/pri
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2009/11/07/das-google-missverstaendnis.html" class='text-decoration-none text-dark'>Das Google-Mißverständnis</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          November 7, 2009
-        </div>
-
-        <div class='mt-3'>Ich glaube ja, daß Google eine der am meisten mißverstandenen Firmen auf diesem Planeten ist. Die meisten Leute halten Google für eine globale Suchmaschine. Das ist wohl richtig, aber es greift viel zu kurz, wenn man sich die Konsequenzen nicht klar macht.
-Google selber formuliert die eigene Mission eher als den Versuch, alles Wissen der Welt zu erfassen, zu ordnen und gezielt zugreifbar zu machen. Das ist besser, aber die meisten Leute lesen das nicht oder denken nicht darüber nach, was das bedeutet.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/4.html b/blog/4.html
index 769bd9252f..cb65923443 100644
--- a/blog/4.html
+++ b/blog/4.html
@@ -134,6 +134,30 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2022/12/10/2fa-fuer-mastodon.html" class='text-decoration-none text-dark'>2FA für Mastodon</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          December 10, 2022
+        </div>
+
+        <div class='mt-3'>Multi-Factor Authentication (Identifikation mit mehreren Faktoren) oder 2FA (Two-Factor-Authentication) sind ein Weg, einen Account vor der Übernahme durch Dritte zu schützen.
+Statt sich mit Usernamen und Passwort anzumelden ist zusätzlich noch eine wechselnde Pseudozufallszahl notwendig. Diese wird von einem Seed-Wert generiert, der durch eine Buchstabenfolge oder einen QR-Code repräsentiert wird.
+Authenticator Anwendung installieren Das Verfahren ist standardisiert und wird von vielen Tools unterstützt. Dazu gehören Google Authenticator, Bitwarden und viele andere Passwortmanager.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -578,30 +602,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2022/09/02/mys
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2022/08/25/mysql-boiling-jfrogs.html" class='text-decoration-none text-dark'>MySQL: Boiling JFrogs</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          August 25, 2022
-        </div>
-
-        <div class='mt-3'>A work problem: A commercial application, Artifactory, where we do not control the source or the schema has performance problems involving a certain long running query.
-The data size and row counts are not outrageous, and the query itself and the schema are not broken. But the data is very skewed and for certain values the query is very slow, as almost the entire table is selected.
-We introduce an experimental covering index, and show a 16x improvement, going from 143s to 9s execution time.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/40.html b/blog/40.html
index 3fbcded355..5dbc851629 100644
--- a/blog/40.html
+++ b/blog/40.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2009/11/07/das-google-missverstaendnis.html" class='text-decoration-none text-dark'>Das Google-Mißverständnis</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          November 7, 2009
+        </div>
+
+        <div class='mt-3'>Ich glaube ja, daß Google eine der am meisten mißverstandenen Firmen auf diesem Planeten ist. Die meisten Leute halten Google für eine globale Suchmaschine. Das ist wohl richtig, aber es greift viel zu kurz, wenn man sich die Konsequenzen nicht klar macht.
+Google selber formuliert die eigene Mission eher als den Versuch, alles Wissen der Welt zu erfassen, zu ordnen und gezielt zugreifbar zu machen. Das ist besser, aber die meisten Leute lesen das nicht oder denken nicht darüber nach, was das bedeutet.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -579,30 +602,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2009/07/06/str
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2009/07/01/dir-fehlen-die-worte-oder-die-position-der-piratenpartei-zum-urheberrecht-in-einer-flatrategesellschaft.html" class='text-decoration-none text-dark'>&#34;Dir fehlen die Worte&#34; oder &#34;Die Position der Piratenpartei zum Urheberrecht in einer Flatrategesellschaft&#34;</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          July 1, 2009
-        </div>
-
-        <div class='mt-3'>Ich bin Mitglied in der Piratenpartei, aber dieser Text hier ist meine Sicht auf das Thema und nicht eine abgestimmte Position der Piratenpartei. &ndash; Kris
-Es geht um Urheberrecht und um den Graben des Nichtverstehens zwischen Online und Offline.
-Die Position der Piratenpartei zum Urheberrecht wird in Fernseh- und Zeitungsberichten oft falsch oder gar verzerrt dargestellt. Daran ist die Piratenpartei sicher nicht ganz unschuldig, weil die Positionen der Partei in ihren eigenen Texten ideologisch nicht ganz klar formuliert sind.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/41.html b/blog/41.html
index 81fdc20d6b..84e4fde4d4 100644
--- a/blog/41.html
+++ b/blog/41.html
@@ -134,6 +134,30 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2009/07/01/dir-fehlen-die-worte-oder-die-position-der-piratenpartei-zum-urheberrecht-in-einer-flatrategesellschaft.html" class='text-decoration-none text-dark'>&#34;Dir fehlen die Worte&#34; oder &#34;Die Position der Piratenpartei zum Urheberrecht in einer Flatrategesellschaft&#34;</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          July 1, 2009
+        </div>
+
+        <div class='mt-3'>Ich bin Mitglied in der Piratenpartei, aber dieser Text hier ist meine Sicht auf das Thema und nicht eine abgestimmte Position der Piratenpartei. &ndash; Kris
+Es geht um Urheberrecht und um den Graben des Nichtverstehens zwischen Online und Offline.
+Die Position der Piratenpartei zum Urheberrecht wird in Fernseh- und Zeitungsberichten oft falsch oder gar verzerrt dargestellt. Daran ist die Piratenpartei sicher nicht ganz unschuldig, weil die Positionen der Partei in ihren eigenen Texten ideologisch nicht ganz klar formuliert sind.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -580,28 +604,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2009/01/06/sco
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2009/01/05/git-gewinnt.html" class='text-decoration-none text-dark'>Git &#34;gewinnt&#34;</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          January 5, 2009
-        </div>
-
-        <div class='mt-3'>Irgendwann war allen klar, daß CVS es nicht mehr bringt und was Besseres her muss. Das hat dazu geführt, daß ich statt einem Versionskontrollsystem in 2000 jetzt in 2009 etwa vier davon parallel verwenden muss. Da wäre einmal das traditionelle &ldquo;besser als CVS, aber sonst alles genauso&rdquo; SVN, und dann eine Reihe von verteilten Versionskontrollsystemen, namentlich git, bzr (&ldquo;Bazar&rdquo;), hg (&ldquo;Mercurial&rdquo;). Neben diesen gibt es dann einen Haufen relativ wenig Gebrauchtes oder experimentelles Zeugs, das sich mangels Community nicht anzusehen lohnt.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/42.html b/blog/42.html
index 8341f8738b..1ca94183ff 100644
--- a/blog/42.html
+++ b/blog/42.html
@@ -134,6 +134,28 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2009/01/05/git-gewinnt.html" class='text-decoration-none text-dark'>Git &#34;gewinnt&#34;</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          January 5, 2009
+        </div>
+
+        <div class='mt-3'>Irgendwann war allen klar, daß CVS es nicht mehr bringt und was Besseres her muss. Das hat dazu geführt, daß ich statt einem Versionskontrollsystem in 2000 jetzt in 2009 etwa vier davon parallel verwenden muss. Da wäre einmal das traditionelle &ldquo;besser als CVS, aber sonst alles genauso&rdquo; SVN, und dann eine Reihe von verteilten Versionskontrollsystemen, namentlich git, bzr (&ldquo;Bazar&rdquo;), hg (&ldquo;Mercurial&rdquo;). Neben diesen gibt es dann einen Haufen relativ wenig Gebrauchtes oder experimentelles Zeugs, das sich mangels Community nicht anzusehen lohnt.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -576,29 +598,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2008/08/13/ber
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2008/08/11/sicherheit-von-chipkarten.html" class='text-decoration-none text-dark'>Sicherheit von Chipkarten</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          August 11, 2008
-        </div>
-
-        <div class='mt-3'>Image: Dwizzy on Flickr
-Zwei Artikel im Folge im Blog von Bruce Schneier, und beide haben mit Karten und Sicherheit zu tun. In Hacking MiFare Transport Cards kommentiert Schneier die Gruppe der Radboud University Nijmegen, die die Sicherheitssysteme der MiFare Classic Karte von NXP überwunden hat. NXP hat versucht, gegen die Veröffentlichung der Papers zu klagen, die diese Fehler der MiFare beschreiben, hat aber den Prozess verloren. Der Richter urteilte:</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/43.html b/blog/43.html
index c57e14a802..c6fb00b24f 100644
--- a/blog/43.html
+++ b/blog/43.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2008/08/11/sicherheit-von-chipkarten.html" class='text-decoration-none text-dark'>Sicherheit von Chipkarten</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          August 11, 2008
+        </div>
+
+        <div class='mt-3'>Image: Dwizzy on Flickr
+Zwei Artikel im Folge im Blog von Bruce Schneier, und beide haben mit Karten und Sicherheit zu tun. In Hacking MiFare Transport Cards kommentiert Schneier die Gruppe der Radboud University Nijmegen, die die Sicherheitssysteme der MiFare Classic Karte von NXP überwunden hat. NXP hat versucht, gegen die Veröffentlichung der Papers zu klagen, die diese Fehler der MiFare beschreiben, hat aber den Prozess verloren. Der Richter urteilte:</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -581,29 +604,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2008/02/03/die
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2008/01/30/die-innodb-storage-engine.html" class='text-decoration-none text-dark'>Die InnoDB Storage Engine</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          January 30, 2008
-        </div>
-
-        <div class='mt-3'>Die Storage Engine InnoDB ist eine Storage Engine, die ACID-konform betrieben werden kann, Transaktionen beherrscht und Foreign Key Constraints prüfen kann. Sie ist geeignet für alle Anwendungen, die Online Transaction Processing machen oder aus anderen Gründen eine hohe Rate von paralellen Schreibzugriffen haben.
-Hat mein MySQL InnoDB Support und ist dieser betriebsbereit? Mit dem Kommano SHOW ENGINES kann man sich die von einer Instanz unterstützten Engines anzeigen lassen. Wenn InnoDB enthalten und betriebsbereit ist, wird die Engine mit YES angezeigt.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/44.html b/blog/44.html
index f7143a6a98..aa2061d398 100644
--- a/blog/44.html
+++ b/blog/44.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2008/01/30/die-innodb-storage-engine.html" class='text-decoration-none text-dark'>Die InnoDB Storage Engine</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          January 30, 2008
+        </div>
+
+        <div class='mt-3'>Die Storage Engine InnoDB ist eine Storage Engine, die ACID-konform betrieben werden kann, Transaktionen beherrscht und Foreign Key Constraints prüfen kann. Sie ist geeignet für alle Anwendungen, die Online Transaction Processing machen oder aus anderen Gründen eine hohe Rate von paralellen Schreibzugriffen haben.
+Hat mein MySQL InnoDB Support und ist dieser betriebsbereit? Mit dem Kommano SHOW ENGINES kann man sich die von einer Instanz unterstützten Engines anzeigen lassen. Wenn InnoDB enthalten und betriebsbereit ist, wird die Engine mit YES angezeigt.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -586,29 +609,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2007/05/29/die
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2007/05/15/the-origin-of-wealth.html" class='text-decoration-none text-dark'>Fertig gelesen: The Origin Of Wealth, Growing Artificial Societies, The Quark and the Jaguar</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          May 15, 2007
-        </div>
-
-        <div class='mt-3'>Zur Zeit lese ich gerade The Origin Of Wealth , ein Buch, das dem Namen nach über Volkswirtschaft ist. Es beginnt aber mit einer Tour durch die Wirtschaftstheorie und einer Kritik derselben, um sich dann erst einmal dem Thema zellulare Automaten zuzuwenden und über verschiedene Simulationsexperimente mit agentenbasierten verteilten Systemen diskutieren. Der Autor,
-Eric Beinhocker zeigt dann, wie solche Systeme dieselben Ergebnisse bringen können wie traditionelle Wirtschaftstheorie, nur genauer und mit weniger Aufwand.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/45.html b/blog/45.html
index d0e1cda943..6fcf6a4992 100644
--- a/blog/45.html
+++ b/blog/45.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2007/05/15/the-origin-of-wealth.html" class='text-decoration-none text-dark'>Fertig gelesen: The Origin Of Wealth, Growing Artificial Societies, The Quark and the Jaguar</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          May 15, 2007
+        </div>
+
+        <div class='mt-3'>Zur Zeit lese ich gerade The Origin Of Wealth , ein Buch, das dem Namen nach über Volkswirtschaft ist. Es beginnt aber mit einer Tour durch die Wirtschaftstheorie und einer Kritik derselben, um sich dann erst einmal dem Thema zellulare Automaten zuzuwenden und über verschiedene Simulationsexperimente mit agentenbasierten verteilten Systemen diskutieren. Der Autor,
+Eric Beinhocker zeigt dann, wie solche Systeme dieselben Ergebnisse bringen können wie traditionelle Wirtschaftstheorie, nur genauer und mit weniger Aufwand.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -578,30 +601,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2007/01/07/for
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2006/12/26/bundestrojaner.html" class='text-decoration-none text-dark'>Bundestrojaner</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          December 26, 2006
-        </div>
-
-        <div class='mt-3'>Und die finale Analyse des Problemkomplexes Bundestrojaner kann man gemeinschaftlich so schnell wie hier in #lug-kiel durchführen:
-Z&gt; In den letzten Tagen ist der Dedi 3x einfach stehengeblieben oder jemand hat ihn abgeschossen. In den Logdateien ist nix verdächtiges zu finden. Festplattentests sind in Ordnung.
-I&gt; Z: Verschiedene Versionen vom Bundestrojaner haben diesen Effekt. Die Linux version ist noch nicht sehr stabil. Die Dinger werden zur Zeit auf allen möglichen Erotiksites als teil des Kipopräventionsprogrammes installiert.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/46.html b/blog/46.html
index 81e0ff10ec..47a1d934c3 100644
--- a/blog/46.html
+++ b/blog/46.html
@@ -134,6 +134,30 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2006/12/26/bundestrojaner.html" class='text-decoration-none text-dark'>Bundestrojaner</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          December 26, 2006
+        </div>
+
+        <div class='mt-3'>Und die finale Analyse des Problemkomplexes Bundestrojaner kann man gemeinschaftlich so schnell wie hier in #lug-kiel durchführen:
+Z&gt; In den letzten Tagen ist der Dedi 3x einfach stehengeblieben oder jemand hat ihn abgeschossen. In den Logdateien ist nix verdächtiges zu finden. Festplattentests sind in Ordnung.
+I&gt; Z: Verschiedene Versionen vom Bundestrojaner haben diesen Effekt. Die Linux version ist noch nicht sehr stabil. Die Dinger werden zur Zeit auf allen möglichen Erotiksites als teil des Kipopräventionsprogrammes installiert.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -584,31 +608,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2006/07/30/gre
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2006/07/30/gpl-v3-2nd-draft.html" class='text-decoration-none text-dark'>GPL V3 (2nd draft)</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          July 30, 2006
-        </div>
-
-        <div class='mt-3'>GPL V3 (2nd draft) (Changes highlighted)
-In Von der GPL und den daran hängenden Kommentaren habe ich einmal versucht, die GPL V2 zu erläutern, und was sie genau bewirkt. Der zweite Draft der GPL V3 ist nun veröffentlicht.
-Man kann ihn sich im Wiki ansehen oder sich das PDF mit den markierten Changes zum ersten Draft herunterladen.
-Eine Lizenz zu schreiben ist ein hartes Stück Arbeit. Die GPL hat es sich zum Ziel gesetzt, nicht nur juristisch wasserdicht zu sein, sondern den Sachverhalt dennoch so allgemeinverständlich als möglich auszudrücken, und dabei nur so lang wie notwendig zu sein.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/47.html b/blog/47.html
index 3ecab877a2..ca79e6e9a7 100644
--- a/blog/47.html
+++ b/blog/47.html
@@ -134,6 +134,31 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2006/07/30/gpl-v3-2nd-draft.html" class='text-decoration-none text-dark'>GPL V3 (2nd draft)</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          July 30, 2006
+        </div>
+
+        <div class='mt-3'>GPL V3 (2nd draft) (Changes highlighted)
+In Von der GPL und den daran hängenden Kommentaren habe ich einmal versucht, die GPL V2 zu erläutern, und was sie genau bewirkt. Der zweite Draft der GPL V3 ist nun veröffentlicht.
+Man kann ihn sich im Wiki ansehen oder sich das PDF mit den markierten Changes zum ersten Draft herunterladen.
+Eine Lizenz zu schreiben ist ein hartes Stück Arbeit. Die GPL hat es sich zum Ziel gesetzt, nicht nur juristisch wasserdicht zu sein, sondern den Sachverhalt dennoch so allgemeinverständlich als möglich auszudrücken, und dabei nur so lang wie notwendig zu sein.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -579,29 +604,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2006/01/25/ist
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2006/01/24/rechte-und-inhaber-wen-juckt-s.html" class='text-decoration-none text-dark'>Rechte und Inhaber - wen juckt&#39;s?</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          January 24, 2006
-        </div>
-
-        <div class='mt-3'>Wer die Ereignisse rund um das Sony Rootkit verfolgt hat, der weiß schon, daß es Rechteinhaber mit dem Urheberrecht selbst nicht so genau nehmen und zum Beispiel schon mal gerne GPL Sourcecode ohne Beachtung der Lizenzbestimmungen in ihre Software einbauen, bevor sie diese ungefragt und getarnt auf fremden Rechnern einschmuggeln.
-Da ist es nur konsequent, wenn ausgerechnet die Oberschreihälse und Raubkopiererjäger von der Gesellschaft zur Verfolgung von Urheberrechtsverletzungen (GVU) (no less!</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/48.html b/blog/48.html
index 0551a4f341..7c2341063c 100644
--- a/blog/48.html
+++ b/blog/48.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2006/01/24/rechte-und-inhaber-wen-juckt-s.html" class='text-decoration-none text-dark'>Rechte und Inhaber - wen juckt&#39;s?</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          January 24, 2006
+        </div>
+
+        <div class='mt-3'>Wer die Ereignisse rund um das Sony Rootkit verfolgt hat, der weiß schon, daß es Rechteinhaber mit dem Urheberrecht selbst nicht so genau nehmen und zum Beispiel schon mal gerne GPL Sourcecode ohne Beachtung der Lizenzbestimmungen in ihre Software einbauen, bevor sie diese ungefragt und getarnt auf fremden Rechnern einschmuggeln.
+Da ist es nur konsequent, wenn ausgerechnet die Oberschreihälse und Raubkopiererjäger von der Gesellschaft zur Verfolgung von Urheberrechtsverletzungen (GVU) (no less!</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -583,29 +606,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2005/07/06/reg
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2005/07/06/softwarepatente-abgelehnt.html" class='text-decoration-none text-dark'>Softwarepatente? Abgelehnt!</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          July 6, 2005
-        </div>
-
-        <div class='mt-3'>Die Abstimmung zu Software-Patenten im EU-Parlament hat stattgefunden und das Parlament lehnt die umstrittene Richtlinie ab. Golem berichtet in Softwarepatente? Abgelehnt! :
-Europäisches Parlament lehnt umstrittene Richtlinie ab Wie sich gestern bereits abzeichnete, hat das Europäische Parlament am heutigen Mittwoch die Softwarepatent-Richtlinie mit einer Mehrheit von 648 Stimmen abgelehnt und damit das Gesetzgebungsverfahren beendet. Zwar wurde nach außen hin fast einhellig gefordert, Softwarepatente nach dem US-Vorbild in Europa zu verhindern, in der Frage, wie weit diese Ablehnung gehen sollte, gab es jedoch große Differenzen, die zu einer regelrechten Lobbyschlacht führten.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/49.html b/blog/49.html
index 5046c07598..be0f72f078 100644
--- a/blog/49.html
+++ b/blog/49.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2005/07/06/softwarepatente-abgelehnt.html" class='text-decoration-none text-dark'>Softwarepatente? Abgelehnt!</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          July 6, 2005
+        </div>
+
+        <div class='mt-3'>Die Abstimmung zu Software-Patenten im EU-Parlament hat stattgefunden und das Parlament lehnt die umstrittene Richtlinie ab. Golem berichtet in Softwarepatente? Abgelehnt! :
+Europäisches Parlament lehnt umstrittene Richtlinie ab Wie sich gestern bereits abzeichnete, hat das Europäische Parlament am heutigen Mittwoch die Softwarepatent-Richtlinie mit einer Mehrheit von 648 Stimmen abgelehnt und damit das Gesetzgebungsverfahren beendet. Zwar wurde nach außen hin fast einhellig gefordert, Softwarepatente nach dem US-Vorbild in Europa zu verhindern, in der Frage, wie weit diese Ablehnung gehen sollte, gab es jedoch große Differenzen, die zu einer regelrechten Lobbyschlacht führten.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -570,29 +593,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2005/02/07/qt4
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2005/02/07/von-der-gpl.html" class='text-decoration-none text-dark'>Von der GPL</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          February 7, 2005
-        </div>
-
-        <div class='mt-3'>Trolltech hat seine Qt Bibliothek ab der Version 4 komplett unter GPL gestellt. Das bedeutet, daß nicht nur die Unix-Version der Bibliothek unter der GPL verfügbar ist, sondern auch die Windows-Version. Grund genug einmal nachzulesen, was denn in der GPL drinsteht, und wieso das so ist.
-Die Originalquelle zum Thema ist natürlich die Licenses -Seite der GNU Website (Deutsche Version der GPL ). Dort findet man nicht nur den Text der Lizenz , sondern auch eine sehr lange GPL FAQ , die keine Frage mehr offen lassen sollte.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/5.html b/blog/5.html
index e8eb072a12..2a9f4c401c 100644
--- a/blog/5.html
+++ b/blog/5.html
@@ -134,6 +134,30 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2022/08/25/mysql-boiling-jfrogs.html" class='text-decoration-none text-dark'>MySQL: Boiling JFrogs</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          August 25, 2022
+        </div>
+
+        <div class='mt-3'>A work problem: A commercial application, Artifactory, where we do not control the source or the schema has performance problems involving a certain long running query.
+The data size and row counts are not outrageous, and the query itself and the schema are not broken. But the data is very skewed and for certain values the query is very slow, as almost the entire table is selected.
+We introduce an experimental covering index, and show a 16x improvement, going from 143s to 9s execution time.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -583,30 +607,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2022/05/04/fer
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2022/05/03/fertig-gelesen-the-pattern-on-the-stone.html" class='text-decoration-none text-dark'>Fertig gelesen: The Pattern on the Stone</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          May 3, 2022
-        </div>
-
-        <div class='mt-3'>This is an old book, from 1998, and much of the technology referred to directly has evolved since then. But, as this a book that deals with basics, in terms of metaphor and analogy, it is still valuable. It explains how computers work, and how we make the tech that powers them.
-The Pattern on the Stone , W. Daniel Hillis
-Computers are really easy. There is just Zero and One, and it does not get any more complicated than that.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/50.html b/blog/50.html
index c241440c5d..f053755ebd 100644
--- a/blog/50.html
+++ b/blog/50.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2005/02/07/von-der-gpl.html" class='text-decoration-none text-dark'>Von der GPL</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          February 7, 2005
+        </div>
+
+        <div class='mt-3'>Trolltech hat seine Qt Bibliothek ab der Version 4 komplett unter GPL gestellt. Das bedeutet, daß nicht nur die Unix-Version der Bibliothek unter der GPL verfügbar ist, sondern auch die Windows-Version. Grund genug einmal nachzulesen, was denn in der GPL drinsteht, und wieso das so ist.
+Die Originalquelle zum Thema ist natürlich die Licenses -Seite der GNU Website (Deutsche Version der GPL ). Dort findet man nicht nur den Text der Lizenz , sondern auch eine sehr lange GPL FAQ , die keine Frage mehr offen lassen sollte.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -574,30 +597,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2004/07/24/aus
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2004/07/19/mysql-floss-exception.html" class='text-decoration-none text-dark'>MySQL FLOSS Exception</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          July 19, 2004
-        </div>
-
-        <div class='mt-3'>Bereits letzten Donnerstag hat Zak Greant, die Community-Kontaktperson bei MySQL, die Version 1.5 der MySQL FLOSS License Exception veröffentlicht.
-Exception IntentWe want specified Free/Libre and Open Source Software (&ldquo;FLOSS&rdquo;) applications to be able to use specified GPL-licensed MySQL client libraries (the &ldquo;Program&rdquo;) despite the fact that not all FLOSS licenses are compatible with version 2 of the GNU General Public License (the &ldquo;GPL&rdquo;).
-Wir erinnern uns: Wie in MySQL und die Lizenzen dargestellt, hat MySQL mit der 4er Serie des MySQL-Paketes die Lizenz der Client-Bibliotheken von LGPL auf GPL geändert.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/51.html b/blog/51.html
index 8f4ea2efe6..ad59742e4c 100644
--- a/blog/51.html
+++ b/blog/51.html
@@ -134,6 +134,30 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2004/07/19/mysql-floss-exception.html" class='text-decoration-none text-dark'>MySQL FLOSS Exception</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          July 19, 2004
+        </div>
+
+        <div class='mt-3'>Bereits letzten Donnerstag hat Zak Greant, die Community-Kontaktperson bei MySQL, die Version 1.5 der MySQL FLOSS License Exception veröffentlicht.
+Exception IntentWe want specified Free/Libre and Open Source Software (&ldquo;FLOSS&rdquo;) applications to be able to use specified GPL-licensed MySQL client libraries (the &ldquo;Program&rdquo;) despite the fact that not all FLOSS licenses are compatible with version 2 of the GNU General Public License (the &ldquo;GPL&rdquo;).
+Wir erinnern uns: Wie in MySQL und die Lizenzen dargestellt, hat MySQL mit der 4er Serie des MySQL-Paketes die Lizenz der Client-Bibliotheken von LGPL auf GPL geändert.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -575,30 +599,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2003/11/01/mob
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2003/10/24/objc-oder-warum-dcop-so-kompliziert-ist.html" class='text-decoration-none text-dark'>ObjC - oder warum DCOP so kompliziert ist</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          October 24, 2003
-        </div>
-
-        <div class='mt-3'>Methoden mit Klasse Am Wochenende hatte ich mit Till eine recht coole Unterhaltung über die Innereien von Qt. Qt hat den Signal-Slot-Mechanismus, mit dem es Methoden von Objekten aufruft.
-Dazu werden einige Methoden eines Objektes in eine spezielle Runtime-Tabelle der Klasse eingetragen, mit Namen. Das sind Slots.
-Signale sind Platzhalter für Funktionsnamen, die in eine andere Tabelle eingetragen werden können. Mit connect() macht man so einen Eintrag: Man kopiert den Namen einer Funktion (genauer: eines Slots) in den Signalplatzhalter.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/52.html b/blog/52.html
index a40776f004..4855a6ec47 100644
--- a/blog/52.html
+++ b/blog/52.html
@@ -134,6 +134,30 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2003/10/24/objc-oder-warum-dcop-so-kompliziert-ist.html" class='text-decoration-none text-dark'>ObjC - oder warum DCOP so kompliziert ist</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          October 24, 2003
+        </div>
+
+        <div class='mt-3'>Methoden mit Klasse Am Wochenende hatte ich mit Till eine recht coole Unterhaltung über die Innereien von Qt. Qt hat den Signal-Slot-Mechanismus, mit dem es Methoden von Objekten aufruft.
+Dazu werden einige Methoden eines Objektes in eine spezielle Runtime-Tabelle der Klasse eingetragen, mit Namen. Das sind Slots.
+Signale sind Platzhalter für Funktionsnamen, die in eine andere Tabelle eingetragen werden können. Mit connect() macht man so einen Eintrag: Man kopiert den Namen einer Funktion (genauer: eines Slots) in den Signalplatzhalter.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -581,30 +605,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/1999/07/17/oss
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/1999/05/01/rating-does-not-work.html" class='text-decoration-none text-dark'>Rating does not work</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          May 1, 1999
-        </div>
-
-        <div class='mt-3'>Version 1.3 (Revised 29-Sep-1999, Updates from Seth Finkelstein)
-Rating does not work by Kristian and Marit Köhntopp Content rating models such as PICS have been proposed as a solution to the problem of unwanted, harmful or prohibited content on the Internet. This document contains a number of Theses which support the claim that any Internet Content Rating and Selection (ICR&amp;S) scheme including PICS cannot work as advertised.
-To our knowledge, most of the problems and objections here have not been addressed by PICS or any other ICR&amp;S scheme.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/53.html b/blog/53.html
index 9f6e605c61..a35c76a926 100644
--- a/blog/53.html
+++ b/blog/53.html
@@ -134,6 +134,30 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/1999/05/01/rating-does-not-work.html" class='text-decoration-none text-dark'>Rating does not work</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          May 1, 1999
+        </div>
+
+        <div class='mt-3'>Version 1.3 (Revised 29-Sep-1999, Updates from Seth Finkelstein)
+Rating does not work by Kristian and Marit Köhntopp Content rating models such as PICS have been proposed as a solution to the problem of unwanted, harmful or prohibited content on the Internet. This document contains a number of Theses which support the claim that any Internet Content Rating and Selection (ICR&amp;S) scheme including PICS cannot work as advertised.
+To our knowledge, most of the problems and objections here have not been addressed by PICS or any other ICR&amp;S scheme.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -565,30 +589,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/1993/04/01/tcp
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/1993/03/01/tcpip-dienste.html" class='text-decoration-none text-dark'>TCP/IP Dienste</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          March 1, 1993
-        </div>
-
-        <div class='mt-3'>für c&rsquo;t - Magazin für Computertechnik, Ausgabe 3/93
-TCP/IP Dienste Das größte Problem bei einem Artikel über das Internet ist es, zu definieren, was das Internet überhaupt ist. Eigentlich existiert so etwas wie &ldquo;das Internet&rdquo; nämlich überhaupt nicht. Das ändert natürlich nichts an der Tatsache, daß Millionen Menschen es jeden Tag benutzen. Wie erklärt sich ein solcher Widerspruch?
-Am besten, man beginnt am Anfang: Ende der Siebziger Jahre hatte das amerikanische Verteidigungsministerium bedarf an einer Technologie, die unterschiedlichsten Computersysteme an verschiedenen Orten miteinander zu vernetzen.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/54.html b/blog/54.html
index 6726861533..bf71e54e56 100644
--- a/blog/54.html
+++ b/blog/54.html
@@ -134,6 +134,30 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/1993/03/01/tcpip-dienste.html" class='text-decoration-none text-dark'>TCP/IP Dienste</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          March 1, 1993
+        </div>
+
+        <div class='mt-3'>für c&rsquo;t - Magazin für Computertechnik, Ausgabe 3/93
+TCP/IP Dienste Das größte Problem bei einem Artikel über das Internet ist es, zu definieren, was das Internet überhaupt ist. Eigentlich existiert so etwas wie &ldquo;das Internet&rdquo; nämlich überhaupt nicht. Das ändert natürlich nichts an der Tatsache, daß Millionen Menschen es jeden Tag benutzen. Wie erklärt sich ein solcher Widerspruch?
+Am besten, man beginnt am Anfang: Ende der Siebziger Jahre hatte das amerikanische Verteidigungsministerium bedarf an einer Technologie, die unterschiedlichsten Computersysteme an verschiedenen Orten miteinander zu vernetzen.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
diff --git a/blog/6.html b/blog/6.html
index 1c135a3bd8..c0840407b9 100644
--- a/blog/6.html
+++ b/blog/6.html
@@ -134,6 +134,30 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2022/05/03/fertig-gelesen-the-pattern-on-the-stone.html" class='text-decoration-none text-dark'>Fertig gelesen: The Pattern on the Stone</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          May 3, 2022
+        </div>
+
+        <div class='mt-3'>This is an old book, from 1998, and much of the technology referred to directly has evolved since then. But, as this a book that deals with basics, in terms of metaphor and analogy, it is still valuable. It explains how computers work, and how we make the tech that powers them.
+The Pattern on the Stone , W. Daniel Hillis
+Computers are really easy. There is just Zero and One, and it does not get any more complicated than that.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -586,30 +610,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2021/11/30/dis
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2021/11/24/mysql-moving-average.html" class='text-decoration-none text-dark'>MySQL: Moving Average</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          November 24, 2021
-        </div>
-
-        <div class='mt-3'>MySQL window functions can be used to calculate daily averages or moving averages for a 24h time window relatively easily. In an earlier article basic window functions were already discussed. In this article, we want to see how we can get daily buckets and moving averages.
-A sample program is available, as usual, on GitHub .
-Getting sample data We will be working with a data table named data, with three columns: a sensor id, a measurement datetime d and a metric value m that was sampled at that time.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/7.html b/blog/7.html
index 9fdc5ff0a3..b04abcd232 100644
--- a/blog/7.html
+++ b/blog/7.html
@@ -134,6 +134,30 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2021/11/24/mysql-moving-average.html" class='text-decoration-none text-dark'>MySQL: Moving Average</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          November 24, 2021
+        </div>
+
+        <div class='mt-3'>MySQL window functions can be used to calculate daily averages or moving averages for a 24h time window relatively easily. In an earlier article basic window functions were already discussed. In this article, we want to see how we can get daily buckets and moving averages.
+A sample program is available, as usual, on GitHub .
+Getting sample data We will be working with a data table named data, with three columns: a sensor id, a measurement datetime d and a metric value m that was sampled at that time.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -594,29 +618,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2021/09/15/mys
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2021/09/14/mysql-page-compression-revisited.html" class='text-decoration-none text-dark'>MySQL: Page compression revisited</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          September 14, 2021
-        </div>
-
-        <div class='mt-3'>Like I said, I never had much reason to use table compression, and only recently looked into the topic. MySQL Page Compression looks a lot easier at the database end of things, but relies on hole punching support in the file system. Let&rsquo;s have a look at what that means.
-Files, Inodes and Arrays of Blocks The original Unix filesystem saw the disk as a sea of blocks, which were represented in a free map as an array of bits.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/8.html b/blog/8.html
index baef79d9c4..24ae06dd54 100644
--- a/blog/8.html
+++ b/blog/8.html
@@ -134,6 +134,29 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2021/09/14/mysql-page-compression-revisited.html" class='text-decoration-none text-dark'>MySQL: Page compression revisited</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          September 14, 2021
+        </div>
+
+        <div class='mt-3'>Like I said, I never had much reason to use table compression, and only recently looked into the topic. MySQL Page Compression looks a lot easier at the database end of things, but relies on hole punching support in the file system. Let&rsquo;s have a look at what that means.
+Files, Inodes and Arrays of Blocks The original Unix filesystem saw the disk as a sea of blocks, which were represented in a free map as an array of bits.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -584,30 +607,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2021/06/05/fer
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2021/06/05/fertig-gelesen-the-black-count.html" class='text-decoration-none text-dark'>Fertig gelesen: The Black Count</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          June 5, 2021
-        </div>
-
-        <div class='mt-3'>Another Monte-Cristo-themed book, Tom Reiss&rsquo; The Black Count nicely complements the german sci-fi novel Montecrypto by Tom Hillenbrand. It is a biography of the father of the French write Alexandere Dumas, Thomas-Alexandre Dumas Davy de la Pailleterie.
-&quot;The Black Count &quot;, by Tom Reiss.
-Alexandre Dumas, the author of &ldquo;The Three Musketeers&rdquo;, &ldquo;The Count of Monte Cristo&rdquo; and many other books, is one of the most read French authors. He had it easy coming up with stories, because his father had one of the most unusual and wildest lives imaginable.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/blog/9.html b/blog/9.html
index 129e8b7e96..997c160e21 100644
--- a/blog/9.html
+++ b/blog/9.html
@@ -134,6 +134,30 @@ <h1 class="title mb-lg-4 text-white">
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2021/06/05/fertig-gelesen-the-black-count.html" class='text-decoration-none text-dark'>Fertig gelesen: The Black Count</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          June 5, 2021
+        </div>
+
+        <div class='mt-3'>Another Monte-Cristo-themed book, Tom Reiss&rsquo; The Black Count nicely complements the german sci-fi novel Montecrypto by Tom Hillenbrand. It is a biography of the father of the French write Alexandere Dumas, Thomas-Alexandre Dumas Davy de la Pailleterie.
+&quot;The Black Count &quot;, by Tom Reiss.
+Alexandre Dumas, the author of &ldquo;The Three Musketeers&rdquo;, &ldquo;The Count of Monte Cristo&rdquo; and many other books, is one of the most read French authors. He had it easy coming up with stories, because his father had one of the most unusual and wildest lives imaginable.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -574,29 +598,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2021/03/24/a-l
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2021/03/12/memory-saturated-mysql.html" class='text-decoration-none text-dark'>Memory saturated MySQL</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          March 12, 2021
-        </div>
-
-        <div class='mt-3'>»If at all possible, we build databases so that the working set of the database fits into memory.« What does that even mean?
-Working Set In computer science, the “Working Set” of a program is the set of things it will be accessing in the near future. Because computer science has not yet solved looking into the future, we are looking at the set of things we accessed most recently and hope for The Best™.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/feed.xml b/feed.xml
index 13e488ba5c..8bc8cf2075 100644
--- a/feed.xml
+++ b/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>JusProg ist nur der Anfang</title>
       <link>https://blog.koehntopp.info/2024/01/16/jusprog-ist-nur-der-anfang.html</link>
@@ -246,6 +246,139 @@ Warum wir nicht einfach alles &amp;ldquo;ab 18&amp;rdquo; machen können und war
 </description>
     </item>
     
+    <item>
+      <title>Deploying websites - an escalation</title>
+      <link>https://blog.koehntopp.info/2024/01/09/deploying-websites.html</link>
+      <pubDate>Tue, 09 Jan 2024 05:06:07 +0000</pubDate>
+      
+      <guid>https://blog.koehntopp.info/2024/01/09/deploying-websites.html</guid>
+      <description>&lt;p&gt;We are still playing minecraft.
+This time it is a highly modded Fabric server, which requires more memory than the old box had.
+The new box has 12 cores, 128 GB of memory, and two nice SSD.
+It is pretty nifty.&lt;/p&gt;
+&lt;h1 id=&#34;a-simple-problem-easily-solved-by-ansible&#34;&gt;
+    &lt;a href=&#34;#a-simple-problem-easily-solved-by-ansible&#34;&gt;
+	A simple problem, easily solved by Ansible.
+    &lt;/a&gt;
+&lt;/h1&gt;
+&lt;p&gt;The machine also needs some kind of webserver to run websites.
+An easy problem to solve, naturally.&lt;/p&gt;
+&lt;p&gt;A bit of Ansible, deploy a few config files into the system and be done with it.&lt;/p&gt;
+&lt;p&gt;Only, these are different types of websites, and over time additional sites are being added.
+When a new website is being added, we need to collect all website names&lt;br&gt;
+and generate an
+&lt;a href=&#34;https://httpd.apache.org/docs/2.4/mod/mod_md.html#mdomain&#34; target=&#34;_blank&#34; rel=&#34;noopener&#34;&gt;&lt;code&gt;MDomain&lt;/code&gt;&lt;/a&gt;
+
+
+statement in the config for Apache&amp;rsquo;s
+&lt;a href=&#34;https://httpd.apache.org/docs/2.4/mod/mod_md.html&#34; target=&#34;_blank&#34; rel=&#34;noopener&#34;&gt;&lt;code&gt;mod_md&lt;/code&gt;&lt;/a&gt;
+
+.
+This module will then automatically the necessary certificates for the webserver&amp;rsquo;s TLS.&lt;/p&gt;
+&lt;p&gt;Collecting all domain names from the configuration files can be done that in Ansible, but it kind of hurts.
+Ansible works best when you run it to deploy a few templated config files, and then have services doing the actual work.&lt;/p&gt;
+&lt;p&gt;It is also more complicated than this, because we have different types of websites.
+Initially we had only&lt;/p&gt;
+&lt;ul&gt;
+&lt;li&gt;&lt;code&gt;static sites&lt;/code&gt; (&lt;code&gt;https://example.com&lt;/code&gt;)&lt;/li&gt;
+&lt;li&gt;We also needed &lt;code&gt;redirect_sites&lt;/code&gt; (&lt;code&gt;https://www.example.com&lt;/code&gt; -&amp;gt; &lt;code&gt;https://example.com&lt;/code&gt;)&lt;/li&gt;
+&lt;li&gt;We also needed reverse proxies for applications (&lt;code&gt;https://grafana.example.com&lt;/code&gt; -&amp;gt; &lt;code&gt;https://localhost:3000&lt;/code&gt;)&lt;/li&gt;
+&lt;li&gt;Then we also needed the &lt;code&gt;wsgi_site&lt;/code&gt; deployed.&lt;/li&gt;
+&lt;/ul&gt;
+&lt;p&gt;But a &lt;code&gt;wsgi_site&lt;/code&gt; needs to be redeployed when the code has changed on GitHub.
+Also, initial deployment of a &lt;code&gt;wsgi_site&lt;/code&gt; needs to create a user,
+and initial checkout of the code into the users home,
+and installation of the requirements.&lt;/p&gt;
+&lt;p&gt;After a code update, the server needs to be restarted.&lt;/p&gt;
+&lt;h1 id=&#34;this-actually-needs-a-shell-script&#34;&gt;
+    &lt;a href=&#34;#this-actually-needs-a-shell-script&#34;&gt;
+	This actually needs a shell script
+    &lt;/a&gt;
+&lt;/h1&gt;
+&lt;p&gt;Okay, let&amp;rsquo;s not do this in Ansible.
+Let&amp;rsquo;s write a simple and easy shell script for this.&lt;/p&gt;
+&lt;p&gt;That kind of worked, initially, but quickly fell apart when the number of variants grew,
+error checking became complicated.&lt;/p&gt;
+&lt;p&gt;Ultimately, it broke when we needed to collect and store per-site config parameters as a JSON, and act on it.
+The moment you write shell functions with parameters, traps and other bells and whistles,
+it is time to cut your losses and start over differently.
+In this case, in Python.&lt;/p&gt;
+&lt;h1 id=&#34;enter-deploy-a-python-cli-application&#34;&gt;
+    &lt;a href=&#34;#enter-deploy-a-python-cli-application&#34;&gt;
+	Enter &lt;code&gt;deploy&lt;/code&gt;, a Python CLI application
+    &lt;/a&gt;
+&lt;/h1&gt;
+&lt;p&gt;In the current intermediate stage, this is a Python script of 32 KB and around 1000 lines.&lt;/p&gt;
+&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;o&#34;&gt;[&lt;/span&gt;root@bigbox ~&lt;span class=&#34;o&#34;&gt;]&lt;/span&gt;&lt;span class=&#34;c1&#34;&gt;# wc -l Source/deploy/deploy &lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;m&#34;&gt;951&lt;/span&gt; Source/deploy/deploy
+&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;and&lt;/p&gt;
+&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;o&#34;&gt;[&lt;/span&gt;root@bigbox ~&lt;span class=&#34;o&#34;&gt;]&lt;/span&gt;&lt;span class=&#34;c1&#34;&gt;#  ls -l Source/deploy/deploy&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;-rwxr-xr-x. &lt;span class=&#34;m&#34;&gt;1&lt;/span&gt; root root &lt;span class=&#34;m&#34;&gt;31428&lt;/span&gt; Jan  &lt;span class=&#34;m&#34;&gt;8&lt;/span&gt; 18:42 Source/deploy/deploy
+&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;It understands the five types of server outlined above, and can handle a number of different operations for them.&lt;/p&gt;
+&lt;ul&gt;
+&lt;li&gt;&lt;code&gt;create&lt;/code&gt; makes a new server-config.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;delete&lt;/code&gt; throws it away.&lt;/li&gt;
+&lt;/ul&gt;
+&lt;p&gt;We store them in a central directory, &lt;code&gt;/etc/projects&lt;/code&gt;, as JSON files.
+For each site type, we accept a number of parameters:&lt;/p&gt;
+&lt;ul&gt;
+&lt;li&gt;&lt;code&gt;--type&lt;/code&gt;, the five types above.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--username&lt;/code&gt;, a Unix User we create for the site.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--github&lt;/code&gt; The source code repository URL.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--hostname&lt;/code&gt; If necessary, this is inferred from the username and the default domain.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--projectdir&lt;/code&gt; Only necessary for anomalously structured Python code.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--to_host&lt;/code&gt; Only for redirects.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--port&lt;/code&gt; Only for proxies.&lt;/li&gt;
+&lt;/ul&gt;
+&lt;p&gt;We now can do&lt;/p&gt;
+&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# deploy show projects&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;...
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- grafana
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;...
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# deploy show grafana&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;*** PROJECT /etc/projects/grafana
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- github    : None
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- hostname  : grafana.example.com
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- port      : &lt;span class=&#34;m&#34;&gt;3000&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- project   : grafana
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- &lt;span class=&#34;nb&#34;&gt;type&lt;/span&gt;      : proxy
+&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;The &lt;code&gt;deploy create --type proxy --hostname grafana.example.com --port 3000&lt;/code&gt; has created an apache configuration,
+built the TLS configuration and restarted the &lt;code&gt;httpd.service&lt;/code&gt; to update things.&lt;/p&gt;
+&lt;p&gt;We can also do more complicated things:&lt;/p&gt;
+&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# deploy create --type wsgi_site --user learn --github ... learn&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;... creates /etc/project/learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# deploy show learn&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;*** PROJECT /etc/projects/learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- github    : git@github.com:.../learn.git
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- home      : /home/learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- hostname  : learn.example.com
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- project   : learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- projectdir: learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- pubkey    : ssh-rsa AAAAB3...cfudtTQ&lt;span class=&#34;o&#34;&gt;==&lt;/span&gt; root@bigbox
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- &lt;span class=&#34;nb&#34;&gt;type&lt;/span&gt;      : wsgi_site
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- username  : learn
+&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;This will create a Linux user, set up a checkout of the GitHub, install requirements, set up a WSGI Apache configuration,
+configure TLS, and restart the server as needed.&lt;/p&gt;
+&lt;p&gt;We can now &lt;code&gt;deploy update learn&lt;/code&gt; or &lt;code&gt;deploy restart learn&lt;/code&gt; to check out a new version and restart the server,
+and we can also &lt;code&gt;deploy logs learn&lt;/code&gt; to tail the server logs for this site.&lt;/p&gt;
+&lt;h1 id=&#34;it-is-still-ugly&#34;&gt;
+    &lt;a href=&#34;#it-is-still-ugly&#34;&gt;
+	It is still ugly
+    &lt;/a&gt;
+&lt;/h1&gt;
+&lt;p&gt;Because this started out as a shell script, it still is ugly.
+There are multiple levels of giant case-branches in this.
+To become a proper solution, it needs a cleaner structure, in a more object-oriented fashion.&lt;/p&gt;
+&lt;p&gt;But already it works better than the shell script it initially was,
+has better error handling and can handle borderline cases more safely.&lt;/p&gt;
+&lt;p&gt;&lt;a href=&#34;https://github.com/isotopp/deploy&#34; target=&#34;_blank&#34; rel=&#34;noopener&#34;&gt;Github&lt;/a&gt;
+
+.&lt;/p&gt;
+</description>
+    </item>
+    
     <item>
       <title>Restic</title>
       <link>https://blog.koehntopp.info/2023/12/30/restic.html</link>
@@ -2684,122 +2817,6 @@ We are then using &lt;code&gt;chardet.detect()&lt;/code&gt; on this byte-string
 &lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;go&#34;&gt;bname=b&amp;#39;keks/\xfc\xa1\xa1\xa1\xa1\xa1&amp;#39;
 &lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;go&#34;&gt;{&amp;#39;encoding&amp;#39;: &amp;#39;ISO-8859-1&amp;#39;, &amp;#39;confidence&amp;#39;: 0.73, &amp;#39;language&amp;#39;: &amp;#39;&amp;#39;}
 &lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;The guesses are trying to find a valid charset for the bytestring, and they find the lowest (least large) charset that matches.&lt;/p&gt;
-</description>
-    </item>
-    
-    <item>
-      <title>Energiekosten beim Elektroauto</title>
-      <link>https://blog.koehntopp.info/2023/09/13/energiekosten-beim-elektroauto.html</link>
-      <pubDate>Wed, 13 Sep 2023 01:02:03 +0000</pubDate>
-      
-      <guid>https://blog.koehntopp.info/2023/09/13/energiekosten-beim-elektroauto.html</guid>
-      <description>&lt;p&gt;Das neue Auto hat eine Batterie mit 60 kWh Kapazität, also muss es 42 kWh aufnehmen, um von 10 % auf 80 % zu kommen.
-Die 80 % sind eine Art magische Grenze, weil die Ladegeschwindigkeit des Autos insbesondere beim Schnellladen unterwegs
-vom Füllstand der Batterie abhängig ist, und ab 80 % stark absinkt.
-Die letzten 20 % dauern also lange.&lt;/p&gt;
-&lt;p&gt;Dazu kommt, daß das Auto auch beim elektrischen Bremsen – beim Rekuperieren – lädt und wenn der Akku-Füllstand über 80 % ist,
-ist das Rekuperationsvermögen durch die geringere Ladegeschwindigkeit der Batterie eingeschränkt.
-Ist das Auto also in städtischen Umgebungen unterwegs, wird man beim dauernden Bremsen im Stadtgebiet oberhalb von 80 %
-Energie durch mechanischen Bremsen verschwenden, anstatt sie durch elektrisches Bremsen zurückzugewinnen.&lt;/p&gt;
-&lt;h1 id=&#34;ladeleistung&#34;&gt;
-    &lt;a href=&#34;#ladeleistung&#34;&gt;
-	Ladeleistung
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;Ersetzt werden müssen&lt;/p&gt;
-&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-console&#34; data-lang=&#34;console&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;go&#34;&gt;60 kWh * (0.8 - 0.1) = 42 kWh
-&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;und das dauert circa 30 Min. bis 35 Min. an einem Schnell-Lader, zum Beispiel von Fastned.&lt;/p&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2023/09/energiekosten-01.jpg&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/p&gt;
-&lt;p&gt;&lt;em&gt;Ladekurve für den Renault Megane 60 kWh an einem Schnell-Lader von Fastned.
-Man erkennt, wie die Ladeleistung mit zunehmendem Akku-Füllstand sinkt und gegen Ende sogar
-unter die Motorleistung (55 kW Dauerleistung) absinkt.&lt;/em&gt;&lt;/p&gt;
-&lt;h1 id=&#34;kosten&#34;&gt;
-    &lt;a href=&#34;#kosten&#34;&gt;
-	Kosten
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;Mit Fastned Gold bezahlt man 0.483 Euro/kWh, also&lt;/p&gt;
-&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-console&#34; data-lang=&#34;console&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;go&#34;&gt;42 * 0.483 = 20.28 Euro   # Laden von 10 % bis 80 %
-&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;go&#34;&gt;14 * 0.483 = 6.76 Euro    # Laden von 100 km Reichweite
-&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;für einen Ladevorgang bzw. für 100 km Reichweite bei 14 kWh/100 km.
-Daheim kostet die kWh in der Theorie 33 Cent, das wären dann entsprechend 13,86 Euro für 42 kWh und 4.62 Euro für 100 km Reichweite.
-Das ist theoretisch, weil wir bis Ende 2024 noch die Saldierungsregelung haben, bei der die Solarproduktion mit dem Verbrauch 1:1 verrechnet wird,
-und wir fett Guthaben haben.&lt;/p&gt;
-&lt;p&gt;Daheim fährt das Auto also gratis.&lt;/p&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2023/09/energiekosten-02.png&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/p&gt;
-&lt;p&gt;&lt;em&gt;Unsere Solaranlage in O/W-Lage produziert ihr Maximum am späten Nachmittag, um circa 17:00 Uhr. Auch dann werden 5 kW nicht überschritten.
-Das Laden des Autos zieht jedoch 11 kW, sodaß ein reines Überschußladen ohne spezielle Steuerung nicht möglich ist.
-Selbst dann sind 42 kWh Ertrag am Tag nur an guten Tagen im Hochsommer machbar.&lt;/em&gt;&lt;/p&gt;
-&lt;p&gt;Um den Anteil des selbst erzeugten Stromes zu maximieren, wäre es sinnvoll, das Auto oft zu laden,
-und auch die Ladeleistung des Anschlusses auf die Menge des selbst produzierten Stromes zu begrenzen (&amp;ldquo;Überschußladen&amp;rdquo;).&lt;/p&gt;
-&lt;p&gt;Viele Ladepunkte können das nicht von Hause aus, und selbst bei denen, die es können, setzt die Elektronik enge Grenzen:
-Der Regelbereich für den Ladestrom geht vom Maximum von 16 Ampere bis auf minimal 6 Ampere herab.
-Bei drei Phasen ist die minimale Ladeleistung also &lt;code&gt;6 Ampere * 230 V * 3 Phasen = 4140 Watt&lt;/code&gt;,
-kann man Auto und Ladesäule auf eine Phase einschränken, kann man immerhin auf 1380 Watt herunter.&lt;/p&gt;
-&lt;p&gt;Im Bild ist erkennbar, daß der Energieverbrauch am Meßtag für den Gesamthaushalt 50.8 kWh war,
-dem 17.2 kWh Produktion gegenüber stehen. Davon wurden 6.9 kWh eingespeist, und 40.5 kWh bezogen.
-Insgesamt hatten wir an diesem Tag einen Unterschuß von 33.65 kWh.&lt;/p&gt;
-&lt;p&gt;Ohne den heimischen Ladepunkt hätten wir an einen öffentlichen Ladepfahl gegen müssen.
-Der nächstgelegene Ladepunkt ist eine Querstraße weiter und auch nicht teurer:
-Wir zahlen 0.34 Euro/kWh.&lt;/p&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2023/09/energiekosten-03.jpg&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/p&gt;
-&lt;p&gt;&lt;em&gt;Öffentlicher Ladepunkt von Vattenfall bei Nutzung mit einer Vattenfall InCharge oder Eneco Karte.
-Die Energiekosten liegen bei 0.34 Euro/kWh.&lt;/em&gt;&lt;/p&gt;
-&lt;h1 id=&#34;mobilität-ist-energieintensiv&#34;&gt;
-    &lt;a href=&#34;#mobilit%c3%a4t-ist-energieintensiv&#34;&gt;
-	Mobilität ist energieintensiv
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;Für die Akten:&lt;/p&gt;
-&lt;p&gt;Wir verbrauchen ohne Auto im Schnitt 15 kWh/Tag im Haus (3 Leute, ein Rechner, der alleine 900 kWh/Jahr zieht),
-für 5500 kWh/Jahr, und eine Basislast von 300 Watt nachts.
-Das ist im Vergleich recht viel.&lt;/p&gt;
-&lt;p&gt;100 km im großen Auto sind 14 kWh/100 km, also etwa so viel wie ein Haus-Tag.&lt;/p&gt;
-&lt;p&gt;100 km im Carver sind 7 kWh/100 km, also 1/2 Haus-Tag.
-Der Carver hat auch nur einen Schnarchlader, also Schuko, und kann direkt aus dem Solar-Array laden, nachmittags, von März bis Oktober.&lt;/p&gt;
-&lt;h1 id=&#34;wie-oft-und-wo-laden&#34;&gt;
-    &lt;a href=&#34;#wie-oft-und-wo-laden&#34;&gt;
-	Wie oft und wo laden?
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;10 % bis 80 % von einem 60 kWh Akku sind 42 kWh,
-und bei einem Verbrauch von 14 kWh (Sommer) sind die in 3 Stunden leer.
-Ich muss also alle 3 Stunden eine halbe Stunde pausieren, um zu laden.&lt;/p&gt;
-&lt;p&gt;Im Winter vermutlich öfter, aber ich glaube, im Winter will ich eine Tour Amsterdam–Berlin eher mit der Bahn machen.&lt;/p&gt;
-&lt;p&gt;Das große Auto hat eine Reichweite von 300 bis 400 km, je nachdem wie man es fährt.
-Der Carver hat eine Reichweite von 100 km und verbraucht die Hälfte vom großen Auto.&lt;/p&gt;
-&lt;p&gt;Beide Fahrzeuge können wir daheim laden, und beide Fahrzeuge erledigen lokale Fahrten ohne Fremdladen:
-Sie werden in der Regel daheim geladen.
-Das ist in der Regel 1-2 mal die Woche der Fall.&lt;/p&gt;
-&lt;p&gt;Nur bei Fernreisen geht der Renault an fremde Lader, und dann an Schnell-Lader.&lt;/p&gt;
-&lt;h1 id=&#34;fahrerlebnis&#34;&gt;
-    &lt;a href=&#34;#fahrerlebnis&#34;&gt;
-	Fahrerlebnis
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;Im Stadtverkehr ist das Elektroauto eine Offenbarung.
-Es ist super sparsam, weil das ganze Beschleunigen durch Bremsen mit Rekuperation wieder zu Akkuladung umgewandelt wird
-(ca. 70 % Effizienz), während ein Verbrenner in dieser Situation gerne einmal säuft.&lt;/p&gt;
-&lt;p&gt;Auch Beschleunigen und den Hintern aus dem Weg räumen oder im Stau ohne Nerv vorwärts kriechen ist mit einem Elektroauto sehr viel weniger nervig.
-Die Fahrassistenzsysteme im großen Auto machen es noch angenehmer, aber selbst der Carver glänzt.&lt;/p&gt;
-&lt;p&gt;Auf der Autobahn lernt man gleichmäßige gemächliche Geschwindigkeiten sehr schätzen.&lt;/p&gt;
-&lt;p&gt;Ich glaube, das Tempolimit von 120 km/h wird in Deutschland faktisch automatisch kommen,
-sobald nur genügend elektrische Autos auf der Straße sind.
-Niemand in so einer Kiste hat dauerhaft das Bedürfnis,
-sinnlos Akku durchzubladen ohne Effekt.
-Die Verbrenner-Raser sitzen dann zwischen den ganzen e-Mobilen fest.&lt;/p&gt;
 </description>
     </item>
     
diff --git a/index.html b/index.html
index 8d31263281..3e5234f2a4 100644
--- a/index.html
+++ b/index.html
@@ -161,6 +161,30 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2024/01/16/jus
   
   
 
+  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
+    <div class='col-lg-8'>
+
+        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html" class='text-decoration-none text-dark'>Deploying websites - an escalation</a></h1>
+
+        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
+          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
+          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
+            Kristian Köhntopp
+          </a>
+          -
+          January 9, 2024
+        </div>
+
+        <div class='mt-3'>We are still playing minecraft. This time it is a highly modded Fabric server, which requires more memory than the old box had. The new box has 12 cores, 128 GB of memory, and two nice SSD. It is pretty nifty.
+A simple problem, easily solved by Ansible. The machine also needs some kind of webserver to run websites. An easy problem to solve, naturally.
+A bit of Ansible, deploy a few config files into the system and be done with it.</div>
+
+    </div>
+  </div>
+  
+  
+  
+
   <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
     <div class='col-lg-8'>
 
@@ -587,29 +611,6 @@ <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2023/09/14/inv
 
     </div>
   </div>
-  
-  
-  
-
-  <div class='row justify-content-center mb-4 py-4 border-bottom mx-0'>
-    <div class='col-lg-8'>
-
-        <h1 style='font-weight: 700'><a href="https://blog.koehntopp.info/2023/09/13/energiekosten-beim-elektroauto.html" class='text-decoration-none text-dark'>Energiekosten beim Elektroauto</a></h1>
-
-        <div class='text-uppercase text-secondary' style='letter-spacing: 0.1rem;'>
-          <img src='/assets/img/avatars/isotopp.jpg' class='me-1 p-0' style='width: 1.9rem; border-radius: 1rem;'>
-          <a href="https://chaos.social/@isotopp" class='text-secondary text-decoration-none'>
-            Kristian Köhntopp
-          </a>
-          -
-          September 13, 2023
-        </div>
-
-        <div class='mt-3'>Das neue Auto hat eine Batterie mit 60 kWh Kapazität, also muss es 42 kWh aufnehmen, um von 10 % auf 80 % zu kommen. Die 80 % sind eine Art magische Grenze, weil die Ladegeschwindigkeit des Autos insbesondere beim Schnellladen unterwegs vom Füllstand der Batterie abhängig ist, und ab 80 % stark absinkt. Die letzten 20 % dauern also lange.
-Dazu kommt, daß das Auto auch beim elektrischen Bremsen – beim Rekuperieren – lädt und wenn der Akku-Füllstand über 80 % ist, ist das Rekuperationsvermögen durch die geringere Ladegeschwindigkeit der Batterie eingeschränkt.</div>
-
-    </div>
-  </div>
 
   <div class='row mb-4 py-4 mx-0 justify-content-center'>
     <div class='col-lg-8 fs-5'>
diff --git a/index.json b/index.json
index e2ee5332ca..f3a66e87b6 100644
--- a/index.json
+++ b/index.json
@@ -1 +1 @@
-[{"categories":null,"content":"Es ist also dies hier passiert: Wen schützen eigentlich Jugendschutzprogramme? Lilith Wittmann nimmt den Filter von JusProg e.V. auseinander und es ist eine einzige Eskalation:\nDie Filterkriterien sind nicht nachvollziehbar.\nGefilterte Websites wissen nichts von ihrer Einstufung.\nDie Einstufungen sind systematisch falsch, und man kann eine politische Richtung erkennen.\nDas ist JusProg e.V. aber eigentlich egal, denn es sind ja auch viele Websites nicht geblockt worden.\nDie Website für den Download ist ein kompromittiertes Wordpress.\nEventuell hat das Wordpress Malware verteilt, aber JusProg e.V. kann das nicht ausschließen und auch nicht nachvollziehen, weil sie die Software nicht im Griff hat.\nDie Infektion mit Malware war JusProg e.V. bekannt, und sie haben versucht, daran herumzudoktern, aber erfolglos. Das besorgt sie aber nicht besonders.\nWas passiert hier, und warum zerfetzt Lilith Wittmann ausgerechnet JusProg? Dazu müssen wir ein wenig ausholen und fast 30 Jahre zurückschauen.\nWarum Jugendschutz? Der Jugendschutz im Allgemeinen ist eine im Grundgesetz verankerte staatliche Aufgabe. Er ist nicht einfach etwas, das der Staat nicht machen kann.\nAusnahmen vom Jugendschutz sind klar geregelt und sind im Wesentlichen das \u0026ldquo;Elternprivileg\u0026rdquo;. Erziehungsberechtigte, und nur diese, dürfen für Ihr Kind – im Rahmen bestimmter Grenzen – frei entscheiden, was ihr Kind wann darf oder nicht darf. Darum darf Deine Mutter Dich mit drei Jahren an ihrem Bier probieren lassen, wenn Du interessiert wissen willst, was sie da trinkt. Und darum darf Dein Vater Dich mit 6 Jahren Harry Potter Teil 4 und Folgende sehen lassen, wenn Du unbedingt sehen möchtest wie es weiter geht.\nLehrer an Schulen dürfen das nicht. Das Elternprivileg gilt nicht für sie. Sie müssen also, wenn Schüler Medien in irgendeiner Form zu sich nehmen wollen, dies im Rahmen des grundgesetzlich vorgeschriebenen und gesetzlich ausgestalteten Jugendschutzes tun, wenn sie sich von Klagen durch besorgte Bürger frei stellen wollen.\nInternet an Schulen ist für die Schule auf viele Weisen ein Risiko, und Haftung auf der Basis von Verletzungen des Jugendschutzes ist eines davon.\nSchlimmer noch, auch Anbieter von Medien jeder Art unterliegen den Regelungen des Jugendschutzes. Niemand kann Filme, Hörspiele, Bücher, aber auch keine Webseiten oder Computerspiele anbieten, ohne dabei den Jugendschutz zu berücksichtigen. Alle diese Dinge brauchen eine Einordnung und eine wirksame Zugriffsbeschränkung, sonst Klage und, schlimmer, schlechte Presse.\nPre-Internet Jugendschutz Das hat in der Vergangenheit bis in die späten 90er Jahre wunderbar funktioniert. Hauptsächlich deswegen, weil es keine kostenlosen und damit unfinanzierten Veröffentlichungen gab. Und weil deswegen Veröffentlichung stark ge-gateway-ed war – man konnte kein Buch, kein Spiel und schon gar kein Hörspiel oder keinen Film machen und dann verbreiten, ohne durch einen Mediator zu gehen. Also einen Verlag, eine Rundfunkanstalt oder einen anderen Vertriebs- und Verbreitungspartner, der dabei dann auch massenhaft redaktionelle Bearbeitung betrieben hat, und natürlich dabei auch die Formalien wie Anmeldungen bei Verwertungsgesellschaften oder Bewertung durch den Jugendschutz vorgenommen hat.\nWeil Inhalte grundsätzlich nie kostenlos waren, hat das nicht nur die Verfügbarkeit von Inhalten eingeschränkt, sondern auch diese Formalien mit finanziert. Auch wichtig: Es hat die Anzahl der Stellen reduziert, mit denen die staatlichen Stellen und ihre Organe zu tun hatten, und durch die Pflicht zur kommerziellen Viabilität wurde auch eine Vorauswahl getroffen.\nSeit den späten 90er Jahren haben wir mediatorfreie Kommunikation. Jeder Mensch kann mit genau gar keinem Aufwand Medien produzieren und publizieren. Das kann durch Editieren eines existierenden Wikis passieren – das hat Brockhaus das Genick gebrochen.\nEs kann auch durch das Betreiben und Veröffentlichen eines Blogs, durch das Schreiben von Posts und Threads in Social Media, durch das Aufnehmen und Verbreiten von Podcasts über diese Blogs, oder halt durch das Produzieren von Filmen mit massiv verbilligten Produktionsmitteln geschehen. Das letztere hat zum Beispiel zu \u0026ldquo;In the Pirkinning\u0026rdquo; und zu \u0026ldquo;Prelude to Axanar\u0026rdquo; geführt hat, und dann zu entsprechenden rechtlichen Reaktionen von Rechte-Inhabern.\nDrei Gründe für das Zusammenbrechen des Jugendschutzes im Internet Es führt auch zu einem Zusammenbruch der deutschen Idee von Jugendschutz. Das deutsche Jugendschutz-Konstrukt ist überhaupt nicht darauf eingerichtet, mit mediatorfreier, massenhafter und weltweiter Generierung von Content klarzukommen. Das sind drei unabhängige Probleme, die alle auch einzeln zum Zusammenbruch führen.\nMediatorfrei heißt, daß kein Verlag oder Aggregator zwingend involviert ist. Ich habe einen Inhalt, ich stelle den irgendwo hin und Du kannst den finden, herunterladen und konsumieren. Die Idee von JusProg und anderen Filterprogrammen ist immer das Konzept eines installierbaren Zwangs-Mediators, dem Filter, der den direkten Zugriff auf bestimmte Inhalte verhindert. Das setzt bestimmte Dinge voraus, wir werden da gleich noch drauf eingehen.\nUnd massenhaft heißt, daß es keine Vorauswahl gibt. Nicht durch einen Mediator, etwa einen Verlag mit einem Editor, der das gut finden muss, was Du publizieren willst. Aber auch nicht finanziell – die Grundkosten sind so niedrig, daß effektiv jede Person alles publizieren kann, was diese Person publizieren möchte. Und auch nicht durch eine Lizenz – man muss im Internet nicht wie beim deutschen BTX der späten 80er Jahre als Anbieter statt Nutzer registrieren lassen, damit man Dinge schreiben darf und mehr tun kann als konsumieren.\nMassenhaft hat zur Folge, dass die Anzahl und Menge der produzieren Medien die Bewertungskapazität der zur Verfügung stehenden qualifizierten Bewerter massiv übersteigt. Damit ist nicht nur keine Diskussion über individuelle Bewertungen mehr möglich, sondern Bewertungen müssen schematisch nach Syntax, nicht Semantik erfolgen. Sie können nicht einmal mehr stichprobenhaft auf Korrektheit kontrolliert werden.\nUnd weltweit heißt, daß sowohl Inhalte als auch ihre Klassifizierung die Grenzen eines homogenen Kulturraumes weit überschreiten. Eine sinnvolle Einigung über Klassifikationen ist nicht mehr möglich. Teilweise ist nicht einmal eine Unterhaltung über Dimensionen und Skalen einer Klassifikation möglich.\nSchon innerhalb Deutschlands sind die Maßstäbe der Inhaltsbewertung traditionell massiv uneinheitlich. Der bayrische Rundfunk hat zum Beispiel die Ausstrahlung bestimmter Folgen \u0026ldquo;Scheibenwischer\u0026rdquo; verweigert, und sich aus dem Netz der ARD verabschiedet. Auch die inzwischen eingestellte Sendung \u0026ldquo;Sesamstraße\u0026rdquo; war in Bayern nicht verfügbar.\nWenn es um Inhalte im Internet geht, ist aber republikweit entlang bestimmter politischer Bruchlinien schon lange massiv keine sinnvolle Einigung möglich. Weltweit noch viel weniger. Man stelle sich ein Inhaltsbewertungssystem vor, das sowohl für Schweden, Spanien, Saudi-Arabien, die USA und Thailand funktioniert.\nJede Form von inhaltlicher Bewertung kann sich also nur an objektiven Kriterien orientieren: \u0026ldquo;Nippel sichtbar\u0026rdquo;, \u0026ldquo;Messer, Gewalt, Blut sichtbar\u0026rdquo;, oder halt der berühmte \u0026ldquo;körperbezogene Penisneigungswinkel\u0026rdquo;.\nIn einem solchen System ist das Foto eines durchschnittlichen Gummifetischisten dann halt unkritisch, weil keine Haut sichtbar ist (keine Nacktheit), die Pose nicht sexuell suggestiv ist (kein Sex), keine Gewalt zu sehen ist (keine Gewalt) und auch keine unangemessene Sprache verwendet wird (keine Flüche oder verbotene Worte). Zugleich werden ein Haufen Stakeholder protestieren und dieses Bild irgendwie klassifiziert sehen wollen.\nJugendschutz ist nicht systematisch objektivierbar und automatisierbar Es geht darum, welche Inhalte unserem Nachwuchs wie und mit welcher Bewertung präsentiert werden, denn das ist, was Erziehung ist – die Vermittlung von Werten. Daher ist jede Bewertung, die sich an Syntax (objektiv sichtbaren Merkmalen) orientiert zum Scheitern verurteilt.\nUnd in dem Moment, wo Jugendschutz automatisierbar ist, haben wir eine Maschine gebaut, die erfolgreich eine bestimmte moralische Bewertung in irgendeinem bestimmten moralischen System vornehmen kann, also unseren Nachfolger als Menschheit geschaffen. Wir können von der Bühne des Universums abtreten und denen die Realität überlassen.\nMögen sie erfolgreicher und anpassungsfähiger sein als wir.\nDas ist natürlich keine Einsicht oder Position, die ein Politiker in einem öffentlichen Diskurs einnehmen kann, also sehen wir seit wortwörtlich 30 Jahren denselben dysfunktionalen Kram ohne einen Millimeter Fortschritt in irgendeiner Richtung.\nDer Default ist \u0026ldquo;ab 18\u0026rdquo; Wie dem auch sei – rein rechtlich ist es so, daß jeder Inhalt in jedem Medium, das für Deutsche erreichbar ist, eine Bewertung haben muss oder eine Ausnahmeregelung greifen muss (etwa für Nachrichten). Das führt nicht nur zu Youtube-Kanälen, in denen Damen mit freiem Oberkörper Nachrichten verlesen, sondern auch dazu, daß mir eine DVD mit einer Aufnahme der Zauberflöte nur gegen Vorlage des Personalausweises ausgehändigt wurde, weil sie bei Amazon ohne Jugendschutz-Klassifikation hinterlegt war – der Default für alle Inhalte ist immer \u0026ldquo;ab 18\u0026rdquo;.\nInhalte brauchen also zwingend eine Klassifikation, damit sie für Jugendliche hinter einem echten oder hypothetisch installierten Filter überhaupt sichtbar werden. Diese Klassifikation kann durch den Anbieter selbst erfolgen – das ist diese \u0026ldquo;age.xml\u0026rdquo;-Datei, von der Lilith Wittmann redet. Oder halt durch Dritte, und da kaum jemand eine solche \u0026ldquo;age.xml\u0026rdquo;-Datei mit Selbstbewertung erzeugt, generiert JusProg als Dritter diese Bewertung.\nDas machte vor dem Internet total Sinn: Da alle Inhalte kommerziell waren, waren Anbieter von Inhalten und ihre Mediatoren daran interessiert, Inhalte bewertet zu sehen und dabei die Bewertung auch so niedrig wie möglich anzusetzen, damit die Inhalte so vielen Menschen als möglich zugänglich werden.\nIm Internet ist das nicht so: Ich habe gar kein Interesse daran, daß meine kostenlosen Inhalte so vielen Menschen wie möglich zugänglich werden, sondern sie sollen den richtigen Menschen zugänglich sein. Mein Markt und meine Reichweite sind so groß, daß alles andere sogar ein Problem wäre und für mich selbst zu Skalierbarkeitsproblemen führen würde. Ich würde in für meine Mission nicht relevanten Interaktionen mit unwichtigen Menschen ertrinken.\nDamit ist die Motivationsgrundlage entfallen, die das deutsche Jugendschutzsystem vor dem Internet am Laufen gehalten hat.\nAber wir brauchen Bewertungen – für unsere Sites Die Mitglieder von JusProg e.V. sind traditionelle Medienanbieter. Lilith Wittmann nennt Mitglieder und stellt die Motivation klar:\n[JusProg eV] wurde mit dem Ziel gegründet, eine solche Software bereitzustellen. Seine Mitglieder sind große deutsche Digitalunternehmen wie z.B. Vodafone oder RTL. Die finanzieren das gerne. Denn solange es ein anerkanntes Jugendschutzprogramm gibt, können sie eben auf viele andere Jugendschutzmaßnahmen verzichten.\nDie Mission ist also, die Inhalte der Mitglieder kostengünstig aus dem Schußfeld des Jugendschutzgesetzes herauszuholen, nicht effektiven Jugendschutz zu leisten. Das wäre auch, wie oben gezeigt, systematisch sehr schwierig, wenn nicht unmöglich.\nDamit das eine glaubhafte Wirksamkeitsfiktion erzeugt, müssen nicht nur die Webseiten der Mitglieder eine Bewertung erhalten. Sondern alle. Das erfolgt\ngeheim, die Liste der Bewertungen ist nicht öffentlich, und die Kriterien sind es auch nicht. ohne Benachrichtigung der Bewerteten. Deine Website ist durch JusProg bewertet, aber Du weißt es nicht. Für eine solche Benachrichtigung müßte man Ansprechpartner und Kommunikationswege identifizieren können, das ist aber nicht einheitlich automatisierbar. Und wäre es das, dann hat man die Benachrichtigten am Hacken, die mit einem über die Bewertung diskutieren wollen, was Zeit und Geld kostet und nicht skalierbar ist. und damit systematisch folgefalsch mit den beobachteten Problemen, auf der Grundlage intransparenter syntaktischer Kriterien, und eventuell auch mit einer nicht offengelegten politischen Agenda. Das ist natürlich nicht nur kein Jugendschutz, sondern auch Demokratiegift, weil nun auf die gesamte Bevölkerung ein Zwangsmediator ausgerollt wird, dem man sich nicht entziehen kann (darf), weil man ja ein Jugendlicher sein könnte. Und weil es Inhalte gibt, die nach JSchG nicht einmal Erwachsenen zugänglich gemacht werden dürfen.\nDaher wäre es im Grunde ideal, die zwar grundgesetzlich vorgeschriebene Idee des Jugendschutzes im Internet als zu Recht gescheitert anzusehen. JusProg wäre dann ein Feigenblatt, mit dem kommerzielle Medienanbieter sich durch Generierung und Installation einer \u0026ldquo;age.xml\u0026rdquo;-Datei haftungsrechtlich freikaufen können, und dann installiert einfach niemand JusProg.\nSo ist es aber nicht. Dieser Status Quo ist einmal durch Installation von JusProg in öffentlichen Netzen eingerissen worden, wie Lilith Wittmann korrekt anmerkt.\nZum anderen ist da der feuchte Traum, jeden Internetbenutzer mit einem elektronischen Ausweisdokument jederzeit identifizieren zu können, der gerade in der EU in eIDAS, Verimi und vielen anderen Dingen wieder auflebt. Dabei kommen die Interessen von \u0026ldquo;Bedarfsträgern\u0026rdquo;, die Interessen von Leuten mit politischem Filterwillen, der \u0026ldquo;Jugendschutz\u0026rdquo; als Legitimierungsfeigenblatt, und die kommerziellen Interessen der Werbeindustrie zusammen, die Identität als staatlich zwangsverordneten Supercookie mitnutzen will.\nDas darf so nicht passieren. Daher muss nicht nur JusProg sterben. Aber es ist nur ein Baustein in einer Entwicklung, die fraktal falsch ist.\nDas ist der Grund, warum Lilith da überall drauf haut. Und darum sollten wir ihr alle auf jede denkbare Art Beistand leisten. Gerade jetzt, wo um uns herum eine politische Ideologie auflebt, die nur darauf wartet, solche Mechanismen auf tödliche Weise zu missbrauchen.\nSiehe auch Seit 27 Jahren kein Fortschritt im Diskurs: Sperrungen im Internet Seit 15 Jahren kein Fortschritt im Diskurs: Jugendschutzfilter saugen und dafür gibt es einen Grund – Warum wir nicht einfach alles \u0026ldquo;ab 18\u0026rdquo; machen können und warum damit ein Haufen Leuten mit unproblematischen Inhalten notlos Arbeit aufgebürdet wird.\n","date":"2024-01-16T00:00:00Z","href":"https://blog.koehntopp.info/2024/01/16/jusprog-ist-nur-der-anfang.html","tags":["internet","jugendschutz","politik","web","lang_de"],"title":"JusProg ist nur der Anfang"},{"categories":null,"content":"Ich hatte Grund, mich mit Restic für Backup auseinander zu setzen.\nWarum restic? restic ist eine Datensicherung in ein Repository, das intern als ein Content-Addressable Storage aufgebaut ist. Das heißt, daß innerhalb des Backups Datenstücke liegen, die genau ihre (SHA256-) Prüfsumme als Dateinamen haben.\nroot@server:/backup/restic/data/fc# sha256sum fcec*7a5b fcec25d3e3165d159b4dac3867d1a1831707d582215c1fa30e0277cd57dc7a5b fcec25d3e3165d159b4dac3867d1a1831707d582215c1fa30e0277cd57dc7a5b Die Prüfsumme einer Datei im data-Verzeichnis eines restic-Repos. Sie entspricht genau dem Namen der Datei.\nDies führt zu einer Datenstruktur in restic, die nicht ganz unähnlich der in einem .git-Repository ist, und auch zu einer starken Deduplizierung von Daten. Dateien, die in mehr als einer Generation des Backups unverändert vorkommen, werden automatisch erkannt und nicht mehrfach gespeichert. Stattdessen wird nur ein Reference-Count erhöht.\nrestic verschlüsselt Daten, Metadaten und Dateinamen genau wie Datei-Inhalte, prüft die Integrität des Backups über diese Content-Prüfsummen und stellt die Sicherung über mehrere Such- und Zugriffsmöglichkeiten zur Verfügung.\nMan kann sich restic wie Apple Time Machine vorstellen: Stündliche Backups, die in wenigen Sekunden durchlaufen, und die immer ein komplettes Image produzieren, auch wenn sie nur inkrementell Platz und Zeit verbrauchen. Anders als Time Machine (oder ZFS Snapshots) ist die Lösung jedoch unabhängig vom verwendeten Dateisystem, und unterstützt ein breites Angebot von Backend-Storages.\nSituation Der neue Dedi ist ein E5-1650 v3 mit 12 Threads und 128 GB RAM bei Hetzner. Er führt stündlich ein restic auf die Hetzner Storagebox durch, und weiterhin einmal täglich ein restic nach Hause aus.\n10 * * * * /root/bin/run-restic 34 1 * * * /root/bin/run-restic-to-home Crontab mit den Backup-Jobs.\nZu sichern ist ein LVM2 mit einem recht kleinen /var/www, /etc und der Kram auf /home, der zum Glück noch überschaubar groß ist.\n# df -t xfs -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/vg0-root 20G 4.0G 17G 20% / /dev/mapper/vg0-home 200G 40G 160G 20% /home Situation mit den Dateisystemen auf dem Dedi.\nReal erfolgen faktisch alle Änderungen am Content immer unter Usern in /home, sodaß vor allen Dingen die Sicherung dieser Partition dringend ist. Speziell der Minecraft-Spieluser hat eine Menge Churn, weil dort im Home alle Server-Instanzen liegen, auf denen gearbeitet wird.\nDie lokale Sicherung erfolgt mit einem sftp-Backend auf die Hetzner Storagebox, das Backup nach Hause verwendet ebenfalls das sftp-Backend.\n.ssh/config Damit alles nicht so weh tut, verwenden wir einen speziellen Backup-Key, der nur zur Datensicherung verwendet wird, und der nur die Funktion hat, ein paßwortloses Login auf den Backup-Zielen zu erlauben.\nWir generieren den Key mit\n# ssh-keygen -t rsa -b 4096 -N \u0026#34;\u0026#34; -f ~/.ssh/id_backup und konfigurieren ihn gleich in zwei Host-Matchblocks rein:\n# cat .ssh/config ServerAliveInterval 10 ServerAliveCountMax 3 HashKnownHosts no TCPKeepAlive yes KeepAlive yes Host storagebox Hostname uxxxxxx.your-storagebox.de User uxxxxxx Port 23 IdentityFile /root/.ssh/id_backup Host restic Hostname home.example.com User resticuser Port 22 IdentityFile /root/.ssh/id_backup Dadurch können wir die Backup-Ziele korrekt vorkonfiguriert über den Namen des Matchblocks ansprechen, also mit storagebox und restic.\nDen Key müssen wir nun auch in der authorized_keys der Ziele hinterlegen. Das geht genauso wie von Hetzner dokumentiert .\n# cat .ssh/id_backup.pub | ssh -p23 uXXXXX@uXXXXX.your-storagebox.de install-ssh-key uXXXXX@uXXXXX.your-storagebox.de\u0026#39;s password: ... Test mit ssh -p23 -i ~/.ssh/id_backup uXXXXX@uXXXXX.your-storagebox.de's password. Man landet in der restricted Shell der Storagebox, und kann zum Beispiel mit help eine Kommandoliste bekommen.\nRestic handhaben Restic initialisieren Damit restic Dinge tun kann, muss man das Repository, in dem die Backups landen, erst einmalig initialisieren. Dabei wird auch ein Verschlüsselungspaßwort festgelegt, das nicht verloren gehen darf.\n# restic -r sftp://storagebox/restic init enter password for new repository: enter password again: created restic repository 1c28ea9e7b at /restic Please note that knowledge of your password is required to access the repository. Losing your password means that your data is irrecoverably lost. Dies erzeugt eine Verzeichnishierarchie in /restic auf der Storagebox.\nRestic ausführen Das Backup-Script kann nun ausgeführt werden. Man kann dies zu Fuß tun, wie ich hier, oder resticprofile bemühen.\nIch sichere tatsächlich nicht /home, sondern erzeuge einen LVM2-Snapshot, von dem die Sicherung durchgeführt wird, bevor er released wird.\nDadurch ist /home unveränderlich während der Sicherung, und die Konsistenz des Backups ist besser.\n#!/usr/bin/bash # Some basic config SNAPLV=snap SNAPMOUNT=/snapshot-of-home export RESTIC_REPOSITORY=sftp://storagebox/restic export RESTIC_PASSWORD=secret_password # only use up to 4 cpus. export GOMAXPROCS=4 # Make this safe to run in a crontab set -e set -o pipefail export PATH=/root/.local/bin:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin cd /root # Show free space ssh -p 23 -i /root/.ssh/id_backup storagebox df -m echo # Delete old backups restic forget \\ --keep-daily 30 \\ --keep-monthly 12 \\ --keep-within 2d \\ --keep-tag keep \\ --prune echo # Actually perform a backup # 1. Snapshot and mount it lvcreate -s -n $SNAPLV -L10G /dev/vg0/home mount -t xfs -o nouuid /dev/vg0/$SNAPLV $SNAPMOUNT # 2. Actual backup restic backup \\ --json \\ --exclude-caches \\ --iexclude-file /root/bin/restic-excludes \\ $SNAPMOUNT /var/www /etc /root | jq \u0026#39;. | select(.message_type == \u0026#34;summary\u0026#34; )\u0026#39; # 3. Get rid of the snapshot umount $SNAPMOUNT lvremove -f /dev/vg0/$SNAPLV Alle restic-Subkommandos haben die Option --json auszugeben, was man dann mit gron oder jq konsumieren kann.\nIn diesem Script erzeugen wir mit lvcreate -s einen Snapshot der /home-Partition. Dieser wird dann in /snapshot-of-home gemounted. Weil ich xfs verwendet und das versehentliches doppeltes Mounten eines Verzeichnisses verhindert, muss ich dies mit der Option nouuid tun.\nIch kann jetzt das restic backup-Kommando laufen lassen. Dies erfolgt unter anderem mit der Option --json und wir fischen den summary-Block am Ende raus, ohne die Progress Reports weiter zu beachten.\nDie Option --exclude-caches tut genau das: CACHEDIR.TAG Verzeichnisse ignorieren. Außerdem werden die Patterns in einer Exclude-Datei mit --iexclude-file ebenfalls ignoriert. Das Prefix i steht hier für ignore-case.\nAm Ende melden wir den Snapshot wieder ab, und schmeißen ihn weg.\nGarbage Collection Am Anfang des Scripts wird einmal restic forget --prune bemüht. Dies sind die Regeln, nach denen alte Backups verworfen werden:\nWir heben alle Backups 2 Tage auf. Wir heben alle Backups mit dem Tag keep unbegrenzt auf. Wir heben 30 Tage lang das neuste Backup jeden Tages auf. Wir heben 12 Monate lang das neuste Backup jeden Monats auf. Auf diese Weise haben wir bis zu einem Jahr Historie. Dabei ist noch einmal in Erinnerung zu rufen, daß Dinge, die sich nicht ändern, nur einmal gespeichert werden, weil restic dedupliziert.\nDie Deduplizierung ist sehr effektiv:\n# restic stats enter password for repository: repository 3d26efdc opened (version 2, compression level auto) [0:00] 100.00% 2 / 2 index files loaded scanning... Stats in restore-size mode: Snapshots processed: 51 Total File Count: 2431309 Total Size: 1.827 TiB # df -Th /restic/ Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/vg0-restic xfs 250G 57G 194G 23% /restic 1.8 TB Daten werden von 57 GB Plattenplatz repräsentiert.\nDas --prune nach dem Forget gibt Plattenplatz wieder frei. Dabei kann es vorkommen, daß\nDer Linkcount einer Datei erniedrigt wird, sonst nichts. Daten frei markiert werden, aber als ungenutzter Datei in einem 16 MB \u0026ldquo;Pack\u0026rdquo; rumstehen. Der freie Platz im \u0026ldquo;Pack\u0026rdquo; so groß wird, daß das Pack neu geschrieben wird. Das Pack komplett frei wird und gelöscht werden kann. remove 1 snapshots: ID Time Host Tags Paths ------------------------------------------------------------------------ dac0526f 2023-12-27 13:10:01 bigbox /etc /snapshot-of-home /var/www ------------------------------------------------------------------------ 1 snapshots [0:00] 100.00% 1 / 1 files deleted 1 snapshots have been removed, running prune loading indexes... loading all snapshots... finding data that is still in use for 51 snapshots [0:02] 100.00% 51 / 51 snapshots searching used packs... collecting packs for deletion and repacking [0:00] 100.00% 3499 / 3499 packs processed to repack: 1517 blobs / 466.577 MiB this removes: 1341 blobs / 444.158 MiB to delete: 138 blobs / 65.741 MiB total prune: 1479 blobs / 509.899 MiB remaining: 174653 blobs / 54.827 GiB unused size after prune: 2.728 GiB (4.98% of remaining size) repacking packs [0:01] 100.00% 30 / 30 packs repacked rebuilding index [0:00] 100.00% 3468 / 3468 packs processed deleting obsolete index files [0:00] 100.00% 3 / 3 files deleted removing 34 old packs [0:00] 100.00% 34 / 34 files deleted Eine detaillierte Statistik zeigt an, wie viel Platz --prune reclaimed hat, und wie viel Platz noch innerhalb der Dateien ungenutzt frei ist. Er wird bei einem späteren --prune freigegeben.\nSnapshots anzeigen Snapshots anzeigen geht mit restic snapshots:\n# restic snapshots enter password for repository: repository 3d26efdc opened (version 2, compression level auto) ID Time Host Tags Paths ------------------------------------------------------------------------ 0b981e61 2023-12-25 14:21:06 bigbox /etc /snapshot-of-home /var/www e4e36825 2023-12-25 23:10:01 bigbox /etc /snapshot-of-home /var/www ... 99153462 2023-12-29 15:10:01 bigbox /etc /snapshot-of-home /var/www ------------------------------------------------------------------------ 51 snapshots Wir können auch mit restic ls das Verzeichnis des Snapshots listen lassen, oder mit restic dump eine einzelne Datei ausgeben lassen.\nSuche Wir können einen Snapshot nach einzelnen Dateien durchsuchen. Zum Beispiel wollen wir sehen, ob wir das File /home/snackbag/snackbag/extras/snacksmp/v15-fast.zip im Backup haben.\nGesichert worden ist es als /snapshot-of-home/.... Also\n# restic find \u0026#39;/snapshot-of-home/snackbag/snackbag/extras/snacksmp/v15-fast.zip\u0026#39; ... Found matching entries in snapshot fbb371bd from 2023-12-29 13:10:01 /snapshot-of-home/snackbag/snackbag/extras/snacksmp/v15-fast.zip Found matching entries in snapshot 498bfd63 from 2023-12-29 14:10:02 /snapshot-of-home/snackbag/snackbag/extras/snacksmp/v15-fast.zip Found matching entries in snapshot 99153462 from 2023-12-29 15:10:01 /snapshot-of-home/snackbag/snackbag/extras/snacksmp/v15-fast.zip Found matching entries in snapshot c5d9b64a from 2023-12-29 16:10:01 /snapshot-of-home/snackbag/snackbag/extras/snacksmp/v15-fast.zip Zum Restore brauchen wir die Snapshot-ID (also zum Beispiel: c5d9b64a) der Version, die wir haben wollen. Die Ausgabe ist chronologisch, also brauchen wir die letzte ID.\nSuche geht auch mit Wildcards:\n# restic find --json \u0026#39;*/v15-fast.zip\u0026#39; | gron ... json[50] = {}; json[50].hits = 1; json[50].matches = []; json[50].matches[0] = {}; json[50].matches[0].atime = \u0026#34;2023-12-18T12:53:17+01:00\u0026#34;; json[50].matches[0].ctime = \u0026#34;2023-12-18T14:39:47.875074144+01:00\u0026#34;; json[50].matches[0].device_id = 64773; json[50].matches[0].gid = 1013; json[50].matches[0].group = \u0026#34;snackbag\u0026#34;; json[50].matches[0].inode = 67328639; json[50].matches[0].links = 1; json[50].matches[0].mode = 420; json[50].matches[0].mtime = \u0026#34;2023-12-18T12:53:17+01:00\u0026#34;; json[50].matches[0].path = \u0026#34;/snapshot-of-home/snackbag/snackbag/extras/snacksmp/v15-fast.zip\u0026#34;; json[50].matches[0].permissions = \u0026#34;-rw-r--r--\u0026#34;; json[50].matches[0].size = 53774271; json[50].matches[0].type = \u0026#34;file\u0026#34;; json[50].matches[0].uid = 1013; json[50].matches[0].user = \u0026#34;snackbag\u0026#34;; json[50].snapshot = \u0026#34;c5d9b64aad4248840801f599baedc95467c49a2b8634a86d75be5bbd9d130bce\u0026#34;; Oder mit jq statt gron:\n# restic find --json \u0026#39;*/v15-fast.zip\u0026#39; | jq \u0026#39;.[].snapshot\u0026#39; ... \u0026#34;fbb371bd16a2db6c2b619d14f9c7beb8e52b7f40d212b3eafb1b1f145f731478\u0026#34; \u0026#34;498bfd639d6ae59c926a63812aaced6dc5b541ca1302c5334913044f3b8333e6\u0026#34; \u0026#34;9915346249d0ed02d35e43a81a46d184b75f6c00ec00133c0446a4b4a9cc8eb5\u0026#34; \u0026#34;c5d9b64aad4248840801f599baedc95467c49a2b8634a86d75be5bbd9d130bce\u0026#34; Restore Restore dann:\n# mkdir workspace # restic restore \\ \u0026gt; --target workspace \\ \u0026gt; --include \u0026#39;*/v15-fast.zip\u0026#39; \\ c5d9b64aad4248840801f599baedc95467c49a2b8634a86d75be5bbd9d130bce repository 3d26efdc opened (version 2, compression level auto) [0:00] 100.00% 2 / 2 index files loaded restoring \u0026lt;Snapshot c5d9b64a of [/snapshot-of-home /var/www /etc] at 2023-12-29 16:10:01.934599035 +0100 CET by root@bigbox\u0026gt; to workspace Summary: Restored 6 / 1 files/dirs (51.283 MiB / 51.283 MiB) in 0:02 # find workspace/ -type f workspace/snapshot-of-home/snackbag/snackbag/extras/snacksmp/v15-fast.zip FUSE-Mount Das ist sehr viel schneller als ein Mount, aber ein FUSE-Mount kann auch hilfreich sein:\n# restic mount /mnt/restic repository 3d26efdc opened (version 2, compression level auto) [0:00] 100.00% 2 / 2 index files loaded Now serving the repository at /mnt/restic Use another terminal or tool to browse the contents of this folder. When finished, quit with Ctrl-c here or umount the mountpoint. In einem 2. Fenster dann:\n# cd /mnt/restic/ # ls -F hosts/ ids/ snapshots/ tags/ # ls -F ids/ ids/: 0167ffd2/ 152ea32f/ 2ff8540c/ 59f8f55b/ 9afe61d3/ d58d50fa/ f22e171d/ 023a782d/ 1561f1c8/ 33e09326/ 5eec2b8c/ a0020775/ d7c8e648/ f80f9e4f/ 02478085/ 1b36de2d/ 3f0bce8d/ 61e02a5b/ a075cdd8/ d972654b/ fbb371bd/ 04216185/ 1c253586/ 451b146d/ 6fcc9fbf/ aa916fab/ dd761561/ 0b981e61/ 1c64b318/ 4961c739/ 89aef175/ b4d945ee/ e1b58661/ 0caeffbd/ 2342db66/ 498bfd63/ 90a9861c/ be0f439a/ e4e36825/ 0d7e65d4/ 2566d92a/ 4e2ba289/ 954210a2/ c0fcfe70/ eb8ce869/ 0ee4d0c9/ 2cddb602/ 5415cd2d/ 99153462/ c5d9b64a/ ee6ad425/ # cd ids/c5d9b64a # ls etc snapshot-of-home var # ls etc | head -3 adjtime aliases aliases.db sftp für restic aufsetzen Die Sicherung vom (als kompromittiert anzusehenden) Minecraft-Server nach Hause muss passend gesichert werden.\nWir legen einen resticuser nur für die Sicherung dieses Servers an. Er wird in der /etc/ssh/sshd_config auf sftp-internal constrained. Der .ssh/authorized_keys dieses Users wird hinterlegt, und als unveränderlich markiert, um Manipulationen zu erschweren. Der sftp-User bekommt ein chroot(2) ins Datenverzeichnis und kann nicht auf sein eigenes Home zugreifen. # useradd -m -c \u0026#34;Restic Backup von Minecraft\u0026#34; resticuser ... # mkdir ~resticuser/.ssh # scp .../id_backup.pub ~resticuser/.ssh/authorized_keys # chown -R resticuser:resticuser ~resticuser # chattr +i ~/.ssh/authorized_keys # tail -5 /etc/ssh/sshd_config ... Match User resticuser ChrootDirectory /backup/minecraft_backup ForceCommand internal-sftp AllowTcpForwarding no X11Forwarding no # mkdir /backup/minecraft_backup/restic # chown -R resticuser:resticuser /backup/minecraft_backup Eine modifizierte Version von run-restic von oben sollte nun Daten in diesen Speicher schieben können.\nrest-server (via Mathias Gumz )\nrest-server ist ein Unterprojekt von restic, das ein Server-Backend für das REST-Protokoll von restic implementiert. Es hat einen --append-only Modus, mit dem man Backups aus unsicheren Quellen annehmen kann, ohne daß die Backup-Quelle das Backup zerstören oder löschen kann. Natürlich müssen forget und prune dann lokal auf dem Server getriggert werden und nicht durch den Backup-Prozess.\nDas Projekt kommt mit einer umfangreichen Installationsanleitung und mit offiziellen Docker-Images, sodass das Aufsetzen eines Servers mit wenigen Handgriffen getan ist.\nDer Aufruf sieht im Wesentlichen so aus:\n$ lvcreate -L 100G -n testing hdd $ mkfs -t xfs /dev/hdd/testing $ mkdir /backup/testing $ mount /dev/hdd/testing /backup/testing $ cd /backup/testing $ htpasswd -B -c .htpasswd kris Password: keks $ cp /etc/apache2/md/domains/{privkey,pubcert}.pem . $ rest-server \\ --append-only \\ --tls \\ --tls-cert pubcert.pem \\ --tls-key privkey.pem \\ --path /backup/testing/ \\ --max-size 107374182400 \\ --listen \u0026#39;192.168.1.10:8000\u0026#39; Testweises Starten von rest-server mit lokalen Kopien der bei \u0026ldquo;Let\u0026rsquo;s Encrypt\u0026rdquo; generierten Zertifikate und ein Test-Repository.\nDer Beispielaufruf startet den rest-server auf Port 8000 der Testmaschine. Er verwendet Kopien der von \u0026ldquo;mod_md\u0026rdquo; generierten \u0026ldquo;Let\u0026rsquo;s Encrypt\u0026rdquo;-Zertifikate aus /etc/apache/md/domains, und greift auf ein \u0026ldquo;append-only\u0026rdquo;-Repository in /backup/testing zu. Die Größe des Repository ist auf 100 GB (100 * 1024^3 Bytes) limitiert.\nWir können das Repository unter dem Namen rest:https://home.example.com:8000 ansprechen. Also\n$ export RESTIC_REPOSITORY=rest:https://home.example.com:8000 $ export RESTIC_PASSWORD=keks $ restic init ... $ restic backup --exclude-caches /etc zum Sichern ein paar mal laufen lassen und dann restic snapshots zum Ansehen der Backups.\nLöschen von Backups mit forget und prune ist durch den Client nicht mehr machbar.\nStattdessen kann man das Backup lokal als -r /backup/testing ansprechen und per Cron das entsprechende forget --prune --keep...-Regel laufen lassen. Dabei muß man sicherstellen, daß die Datei-Eigentümer sauber bleiben, am Besten indem man rest-server und den forget-Cronjob unter demselben Owner laufen läßt.\n","date":"2023-12-30T00:00:00Z","href":"https://blog.koehntopp.info/2023/12/30/restic.html","tags":["lang_de","linux","devops"],"title":"Restic"},{"categories":null,"content":"I installed a Python 2.7.18 with pyenv on Apple Silicon, and I needed that binary to be pure x86_64. This was necessary because I needed to load dynamic libraries that were only available in Intel format.\nIt is not possible to load x86_64 libraries into an ARM binary. If you build a multi-arch binary, you need to remember to request Intel every time you run a Python script which tries to load the Intel-only shared library. With an Intel-only binary, this will work every time without additional configuration.\nCalling the Intel code in a multi-architecture binary The file command will tell you if a binary is multi-architecture:\n$ file /bin/ls /bin/ls: Mach-O universal binary with 2 architectures: [x86_64:Mach-O 64-bit executable x86_64] [arm64e:Mach-O 64-bit executable arm64e] /bin/ls (for architecture x86_64):\tMach-O 64-bit executable x86_64 /bin/ls (for architecture arm64e):\tMach-O 64-bit executable arm64e You can manually call the Intel code:\n$ arch -arch x86_64 ls Applications\tMovies\tMusic ... If you call a binary this way, the first time this will trigger the installation of Rosetta2 (the Intel to ARM JIT compiler) on the Mac.\nCompiling for Intel on M1 By default, we compile for ARM (M1), and only for this architecture:\n$ cat hello.c #include \u0026lt;stdio.h\u0026gt; int main(void) { printf(\u0026#34;Hello!\\n\u0026#34;); } $ cc -o hello hello.c $ file hello hello: Mach-O 64-bit executable arm64 We can call the compiler for Intel, and get an Intel-only binary:\n$ arch -arch x86_64 cc -o hello hello.c $ file hello hello: Mach-O 64-bit executable x86_64 $ ./hello Hello! Compiling Python for Intel only The pyenv installation process uses python-build. This, by default, uses the readline and openssl versions provided by Homebrew to build. On my system, these are for ARM, so the Python will build and then fail in the linker stage.\nThere is an option to force a build ignoring the Homebrew-provided components, PYTHON_BUILD_SKIP_HOMEBREW. This is a boolean variable: it is sufficient to set it to any value. So:\nkk:~ kris$ PYTHON_BUILD_SKIP_HOMEBREW=1 arch -arch x86_64 pyenv install 2.7.18 Downloading openssl-1.1.1v.tar.gz... -\u0026gt; https://www.openssl.org/source/openssl-1.1.1v.tar.gz Installing openssl-1.1.1v... Installed openssl-1.1.1v to /Users/kris/.pyenv/versions/2.7.18 Downloading readline-8.0.tar.gz... -\u0026gt; https://ftpmirror.gnu.org/readline/readline-8.0.tar.gz Installing readline-8.0... Installed readline-8.0 to /Users/kris/.pyenv/versions/2.7.18 Downloading Python-2.7.18.tar.xz... -\u0026gt; https://www.python.org/ftp/python/2.7.18/Python-2.7.18.tar.xz Installing Python-2.7.18... patching file configure patching file configure.ac patching file setup.py ... Installed Python-2.7.18 to /Users/kris/.pyenv/versions/2.7.18 This is indeed the desired binary:\n$ file ~/.pyenv/versions/2.7.18/bin/python2 /Users/kris/.pyenv/versions/2.7.18/bin/python2: Mach-O 64-bit executable x86_64 Building a virtualenv for Intel Python 2.7.18 The virtual environment for Python 2.7 has to be built with an old version of the virtualenv command, which is compatible with the old Python:\nWe make a testdir, enter it and set the local Python version to the required version. We then install an old version of the virtualenv command, using pip, globally into the old Python version. This can then be used to create a virtual environment.\n$ mkdir testdir $ cd testdir $ pyenv local 2.7.18 $ python --version Python 2.7.18 $ which python /Users/kris/.pyenv/shims/python Now the installation of virtualenv into our Python 2.7.18 instance:\n$ pip --version pip 19.2.3 from /Users/kris/.pyenv/versions/2.7.18/lib/python2.7/site-packages/pip (python 2.7) $ pip install --user virtualenv ... We now can call this version of virtualenv for installation:\n$ cd archaeology $ ~/.local/bin/virtualenv venv created virtual environment CPython2.7.18.final.0-64 in 102ms ... $ source venv/bin/activate (venv) kk:testdir kris$ python --version Python 2.7.18 (venv) kk:testdir kris$ python Python 2.7.18 (default, Dec 5 2023, 12:09:45) [GCC Apple LLVM 15.0.0 (clang-1500.0.40.1)] on darwin Type \u0026#34;help\u0026#34;, \u0026#34;copyright\u0026#34;, \u0026#34;credits\u0026#34; or \u0026#34;license\u0026#34; for more information. \u0026gt;\u0026gt;\u0026gt; Profit! And that gives us an ancient Python in a foreign machine language, so we can continue with our software archaeology project.\n(venv) $ arch -arch x86_64 pip install cx_Oracle==7.3 Collecting cx_Oracle==7.3 ... Successfully built cx-Oracle Installing collected packages: cx-Oracle Successfully installed cx-Oracle-7.3.0 Note that this will still need an ORACLE_HOME pointing to your instantclient directory, and the dylib files linked from the Python libdir to the instantclient installation.\nSo:\n$ ORACLE_HOME=~/instantclient* $ echo \u0026#34;export ORACLE_HOME=$ORACLE_HOME\u0026#34; \u0026gt;\u0026gt; ~/.bash_profile $ cd ~/.pyenv/versions/2.7.18/lib $ for i in ~/instantclient*/*.dylib*; \u0026gt; do \u0026gt; echo $i; \u0026gt; ln -s $i . \u0026gt; done With the proper ~/instantclient*/network/admin/TNSNAMES.ORA you can now\n(venv) $ python2 ... \u0026gt;\u0026gt;\u0026gt; import cx_Oracle \u0026gt;\u0026gt;\u0026gt; c = cx_Oracle.Connection(\u0026#34;sys\u0026#34;, \u0026#34;oracle\u0026#34;, \u0026#34;ORCL\u0026#34;) \u0026gt;\u0026gt;\u0026gt; c \u0026lt;cx_Oracle.Connection to sys@ORCL\u0026gt; ","date":"2023-12-05T00:00:00Z","href":"https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html","tags":["lang_en","python","apple"],"title":"x86_64 binaries on M1"},{"categories":null,"content":"Initially published in c\u0026rsquo;t 26/23, page 70. All my texts are made available in this blog after some time. The version shown is the raw edit of the article text without pictures and illustrations.\nHier ist das Original in deutscher Sprache .\nA Revolution Devours Its Children by Kristian Köhntopp\nDeparture from Traditional Open Source Licenses Open source once set out to guarantee users the greatest possible freedom in the operation of software and to challenge the software titans. Meanwhile, however, these have learned to use the documented freedoms to their advantage.\nThere is unrest in the open-source community: In recent times, it can be observed that established software companies with a large user base are restricting the freedoms of their users by changing licenses of their open source projects. The most recent example is HashiCorp, a company specialized in software for cloud infrastructure, which has placed its core products under the BSL v1.1 (Business Source License), a formally non-open license. The response was immediate: the software has since been forked as OpenTofu and is now under the auspices of the Linux Foundation.\nHashiCorp is not the first company to do this: some time ago, RedHat changed the positioning of CentOS as a free alternative to RedHat Enterprise Linux (RHEL) and recently restricted the release of the RHEL source codes through an EULA (End User License Agreement), Elastic has put ElasticSearch and Kibana under the formally non-open SSPL (Server Side Public License), and MongoDB is also only available under the SSPL.\nFour Freedoms and a Certification Open Source and Free Software existed even before these terms were coined. However, the actual \u0026ldquo;Open Source Revolution\u0026rdquo; began in the 1990s with the Linux kernel and the resulting distributions. The term \u0026ldquo;Open Source\u0026rdquo; was coined by Bruce Perens and Eric Raymond, formalized in the Open Source Definition and the Debian Free Software Guidelines.\nBoth are refinements and clarifications of the original \u0026ldquo;Four Freedoms\u0026rdquo; in the mother of all open-source licenses, the GNU General Public License (GPL), which are:\nFreedom 0: The freedom to run the program for any purpose. Freedom 1: The freedom to study how the program works and adapt it to your data processing needs. This implies access to the source code. Freedom 2: The freedom to redistribute the program. However, the GPL requires that the source code of the program, which corresponds to the redistributed program, is also offered. Freedom 3: The freedom to improve the program and distribute these improvements under the original license. This also implies access to the source code and the right to modify it. While the GPLv2 is the license that first codified these freedoms, a whole range of licenses quickly developed that are all \u0026ldquo;Open Source\u0026rdquo; according to the OSI guidelines (Open Source Initiative) or the DFSG (Debian Free Software Guidelines), all of which are free but some are incompatible with the GPL. This, in particular, filled many Usenet newsgroups with ongoing discussions throughout the late 90s.\nThe LAMP Stack: A Wild Mix of Licenses The well-known LAMP stack for web development is also an example of the license confusion that can occur with open source. LAMP includes the Linux Kernel, the Apache web server, the MySQL database, and the PHP programming language. Each of these components has different licenses.\nWhile the Linux Kernel is licensed under GPLv2, the Apache web server is under Apache License 2. This is a permissive license, meaning it lacks provisions that enforce changes to the original program to be distributed under the same license as the original program.\nMySQL has two licenses: The database can be used under the GPL, subject to the provisions and freedoms mentioned above. However, the copyright holder is a company (originally MySQL, then SUN, and now Oracle) that holds all rights. Developers must assign the rights to their patches to Oracle via a Contributor License Agreement (CLA). This allows Oracle to also offer the source code under a commercial license.\nAnd PHP has been under the PHP License since version 4. This is also a permissive license that allows the use and distribution of PHP with or without modifications, as source code or executable program, but contains restrictions regarding the use of the \u0026ldquo;PHP\u0026rdquo; trademark.\nThis leads to an important question from the late 90s: What happens when you mix software with different licenses and distribute them together in a distribution or link them together in a translation process?\nThe GNU Project quickly clarified that the boundaries of the license are the process boundaries. If you develop a program under another license and link it with GNU software so that the result is executed in the same process afterward, this is legally okay only if the other license is compatible with the GPL.\nAlthough the GPL is an open-source license, not many licenses are compatible with the GPL. This is because the GPL contains freedom-preserving restrictions: you can\u0026rsquo;t restrict the execution of the software (\u0026ldquo;Not in nuclear missiles!\u0026rdquo;). And a program that contains GPL components must also be offered in source code with all changes. This means not just the GPL components, but all components in this process space.\nThe Debate Over the \u0026ldquo;Infectious\u0026rdquo; GPL The obligation to publish the source code then led to another discussion in the early 2000s. At that time, Linux and Open Source became so prominent that they could not be ignored, and many startups flirted with Open Source. Although the GPL was the most widely used license at the time, it is not an attractive prospect for investors to have to release all the company\u0026rsquo;s software sources under the GPL.\nIt was during this time that the anti-open-source slogan of the \u0026ldquo;viral\u0026rdquo; or \u0026ldquo;contagious\u0026rdquo; GPL originated, which is nonsense at its core: On the one hand, the GPL is easy to contain because it ends clearly defined at process boundaries; on the other hand, the provisions of the GPL make sense because they make direct exploitation of others\u0026rsquo; work more difficult (\u0026ldquo;Quid pro quo: If you benefit from Open Source, then you should contribute in the same way.\u0026rdquo;).\nGPLv3 Against Software Patents In response to venture capitalists who brought another threat to Open Source into play, a reaction became necessary: software patents. If startups have to release their software under the GPL, they might restrict their intellectual property in other ways to later collect licensing fees. At the time, software patents were positioned as a real threat.\nThe justification for version 3 of the GPL directly addresses this, and GPLv3 includes provisions that, in simplified terms, state: \u0026ldquo;If you use patents to sue users of any GPLv3-licensed software, then your right to use any GPLv3 software is terminated.\u0026rdquo; This clause is effective, and it has led to, among other things, Apple avoiding any form of GPLv3-licensed software in its products and progressively replacing any GPL software in Apple products with software licensed differently.\nThe provision that the GPL ends at process boundaries is sometimes problematic for the GNU project as well, and so there are variants of the GPL and exceptions. For example, code generated by GPL-covered programs is not protected by the GPL: This allows code generators such as gcc, bison, and flex. And for some libraries, including glibc, there is the LGPL, also called \u0026ldquo;Lesser GPL,\u0026rdquo; which allows the libraries to be linked against non-GPL software.\n\u0026ldquo;GPL Instead of LGPL\u0026rdquo; as a Weapon Conversely, some companies have used the GPL as a weapon. For example, libraries like \u0026ldquo;libmysqlclient.so\u0026rdquo; were available under the LGPL up to MySQL 3.23, but from version 4 onwards, they are under the GPL. Therefore, if one links this library into their commercial program and wants to distribute it, they must buy a commercial MySQL license under the dual-licensing program. MySQL summarized this in the slogan, \u0026ldquo;If you are free, we are free. If you are commercial, we are commercial.\u0026rdquo;\nThis was a problem for a while for the programming language PHP, which linked against this library to access the database as part of the LAMP stack but has a formally non-GPL-compatible license. PHP countered this problem by reimplementing the protocol as \u0026ldquo;mysqlnd,\u0026rdquo; and in parallel, MySQL solved the problem by defining a license exception for PHP (and others).\nLess GPL, More MIT, BSD, and Apache All these confusions are one reason why \u0026ldquo;modern\u0026rdquo; open-source software often no longer uses the GPL but prefers other licenses such as MIT, BSD, or Apache. They make a number of capital-financed business models around open source simpler, especially if you want to build a company around a product that is open source in name only. From 2005 onwards, business models based on open source began to flourish. This has worked well enough for 15 years to grow the number of projects significantly.\nSome of these projects do not rely on individual companies as sponsors: PHP, KDE, and Postgres, for example, are stable and large-scale OSS projects that are not backed by a single large company and its venture capital investors – they all feature a broad and deeply rooted base of contributors.\nIn recent years, cracks have appeared: RedHat, Elastic, MongoDB, MariaDB (a MySQL fork), HashiCorp, and many others have changed their licenses or restructured to exclude a specific use case. Since this constitutes a violation of Freedom 0, they are no longer open-source projects in the sense of OSI and DFSG.\nThe Elephant in the Room is the Cloud Amazon Web Services (AWS) is a system and a company that epitomizes a business model: It monetizes the aspect of \u0026ldquo;operations,\u0026rdquo; which is often neglected and underfunded in companies, and aims not to develop software for third parties but primarily to operate it.\nAmazon has been very successful with this model: For some time now, more new installations of MySQL (and MongoDB, Postgres, Elastic, and many other databases) have been running in its data centers than locally with clients (\u0026ldquo;on-premise\u0026rdquo;). This is a class of systems that are notoriously hard to operate because errors in operation can irreparably ruin data. Of course, one can roll back a faulty database version to the previous one, but the data destroyed by the error is still permanently lost.\nThe systematic underestimation of the costs and effort operations require is what makes the principle of \u0026ldquo;Software as a Service\u0026rdquo; (SaaS) successful. SaaS providers are selling not just a service, but primarily an operational concept for this service that allows smooth and uninterrupted operation right after commissioning. Because the operational concept is tested and prescribed, the quality of the service can be standardized, measured, and then stable contracts can be entered into with third parties.\nCustomers welcome this because operating software is a problem at least as challenging as developing software. Many customers do not want to deal with this. Often, they accept availabilities, response times, and costs that were completely unacceptable in their own in-house teams before. All of this just to get the complex task of \u0026ldquo;operating the databases\u0026rdquo; out of the house – this shows how uncomfortable companies are with dealing with \u0026ldquo;operations.\u0026rdquo;\nThe operation of this software by AWS is not covered by a commercial agreement between the software manufacturer and Amazon, but is based on the Freedom 0 of the GPL: Amazon is allowed to run the software for any purpose, including as a service for others. As a result, Amazon collects the money for the operation of these installations, but the actual software developer, the manufacturing company or group, gets nothing from it. This is not a sustainable financing model, but it is covered by the GPL and very advantageous for AWS, so there is no incentive for them to change anything.\nBusiness Source License as an Early Reaction The issue of cloud services exploiting open-source software without contributing back to the developers was recognized early on: The \u0026ldquo;Business Source License\u0026rdquo; (BSL) was first mentioned in the blog of Monty Widenius, a key figure behind MariaDB, as early as 2013, and MariaDB has been using it for certain components since 2016, with slight changes after suggestions from Bruce Perens, resulting in version 1.1 in 2017. Other products followed suit and adopted the BSL: Couchbase, Uptrace, Kurtosis, Sentry, CockroachDB, and recently all HashiCorp core products.\nThe idea behind the BSL is that the software remains freely usable and the source code available, but with restrictions. The most important restriction usually means \u0026ldquo;AWS is not allowed to use this,\u0026rdquo; phrased as \u0026ldquo;The software may not be offered as SaaS for third parties.\u0026rdquo; Thus, one can use the software as before. It can also be operated on AWS itself, or it can be provided within one\u0026rsquo;s own organization for other departments.\nHowever, one will not be able to buy the operation of the software as a service from a cloud operator, but only from the creator of the software itself (e.g., via AWS Marketplace). This limitation is intended to ensure the financing the development of the software by preventing AWS from completely diverting this stream of money for itself. The BSL comes with another rule stating that code changes must be released under a recognized open-source license (usually the Apache 2.0 license or GPL). There is a time limit for that: a maximum of four years, ensuring that older versions of the software are always true open source.\nFormally, BSL software is not open source in the OSI or DFSG sense because, unlike the GPL, Freedom 0 (\u0026ldquo;run for any purpose\u0026rdquo;) is restricted. Therefore, it is also referred to as \u0026ldquo;Source Available.\u0026rdquo; The Server Side Public License used by MongoDB, Elastic, and Kibana follows the same idea, only differently: the SSPL is a variant of AGPLv3 that also restricts Freedom 0 and prohibits operating the software for third parties (\u0026ldquo;as a Service\u0026rdquo;) unless a commercial license is acquired.\nNon-Free Free Software The fundamental idea behind the GPL\u0026rsquo;s freedoms is give and take: \u0026ldquo;You can use our software, but you have to play nice in return.\u0026rdquo; The ever-growing dominance of AWS is making it increasingly difficult for open-source creators to earn a living from their development work – AWS offers their software as a service and integrates it with other services. Freedom 0 of free software here turns against the creators of the software.\nThe BSL and SSPL are reactions to this. Formally, they are not free software, according to OSI or DFSG. But perhaps it is time for open source to once again face changes and new threats, adapting licenses and definitions for the new era, as has already happened with GPLv3 and AGPL.\nPerhaps the FSF, OSI, and Debian will not move and will insist on their definitions of \u0026ldquo;free software.\u0026rdquo; But this does not deter developers of software under BSL and SSPL: their software is already \u0026ldquo;almost free\u0026rdquo; and, due to their special rule, will formally become free software according to the old definition after a few years. There is no reason to reject BSL or SSPL, except for fundamentalism towards free software. However, if those who care about the open-source idea do not want AWS to be the only company with a successful open-source business model, then change is necessary. Otherwise, users will soon find themselves back with dull, traditional commercial software, the kind they used to get from companies like Microsoft and Oracle.\n","date":"2023-11-11T00:00:00Z","href":"https://blog.koehntopp.info/2023/11/11/a-revolution-devours-its-children.html","tags":["lang_en","publication","free software"],"title":"A Revolution Devours Its Children"},{"categories":null,"content":"Dieser Text erschien in c\u0026rsquo;t 26/23 auf Seite 70. Wie alle meine Texte ist er nach einiger Zeit auch in meinem Blog frei verfügbar. Die hier veröffentlichte Fassung ist die Rohfassung des Artikeltexts ohne Abbildungen und Illustrationen.\nThis text is also available in English .\nEine Revolution frisst ihre Kinder von Kristian Köhntopp\nAbkehr von klassischen Open-Source-Lizenzen Open Source war einmal angetreten, um Nutzern die größtmögliche Freiheit im Betrieb von Software zu garantieren und Software-Titanen den Kampf anzusagen. Inzwischen haben diese aber gelernt, die verbrieften Freiheiten zu ihrem Vorteil zu nutzen.\nEs brodelt in der Open-Source-Gemeinde: In jüngerer Vergangenheit lässt sich beobachten, dass etablierte Softwareunternehmen mit großer Nutzerbasis die Freiheiten der Nutzer ihrer Open-Source-Projekte durch einen Lizenzwechsel einschränken. Jüngstes Beispiel ist das Unternehmen HashiCorp, das auf Software für Cloud-Infrastruktur spezialisiert ist und seine Kernprodukte unter die BSL v1.1 (Business Source License) gestellt hat, eine formal nicht offene Lizenz. Die Quittung kam prompt: Inzwischen wurde die Software als OpenTofu geforkt und steht jetzt unter der Schirmherrschaft der Linux Foundation.\nHashiCorp ist nicht die erste Firma, die so etwas tut: RedHat hat vor längerer Zeit die Positionierung von CentOS als freie Alternative zu RedHat Enterprise Linux (RHEL) geändert und kürzlich die Herausgabe der RHEL-Quelltexte durch eine EULA (End User License Agreement) eingeschränkt, Elastic hat ElasticSearch und Kibana unter die formal nicht offene SSPL (Server Side Public License) gestellt, und auch MongoDB ist nur noch unter der SSPL zu haben.\nNoch viel früher gab es Umzüge von der GPLv2 zur GPLv3, die Einführung der AGPL, und einige Firmen wie Apple haben ein striktes GPLv3-Verbot für ihre eigenen Softwareprodukte ausgesprochen. Apple migriert zudem alle interne Software komplett von der GPL weg. Sind diese Entwicklungen eine Bedrohung für Open Source? Und was sollen diese Lizenzänderungen eigentlich bezwecken? Um die Konfliktlinien zu verstehen, lohnt sich ein Blick in die Vergangenheit.\nVier Freiheiten und eine Zertifizierung Open Source und Free Software gab es schon, bevor diese Worte dafür existierten. Doch die eigentliche „Open-Source-Revolution“ begann in den 1990er Jahren mit dem Linux Kernel und den sich daraus ergebenden Distributionen. Der Begriff „Open Source“ wurde von Bruce Perens und Eric Raymond geprägt und in der Open-Source-Definition und den Debian Free Software Guidelines formalisiert.\nBeides sind Verfeinerungen und Klarstellungen der ursprünglichen „Vier Freiheiten“ der Mutter aller Open-Source-Lizenzen, der GNU General Public License (GPL), die da lauten:\nFreiheit 0: Die Freiheit, das Programm für jeden Zweck auszuführen. Freiheit 1: Die Freiheit, die Funktionsweise des Programms zu untersuchen und eigenen Bedürfnissen der Datenverarbeitung anzupassen. Das impliziert Zugang zum Quelltext. Freiheit 2: Die Freiheit, das Programm weiterzugeben. Die GPL fordert aber, dass auch der Quelltext des Programms, der dem weitergegebenen Programm entspricht, angeboten wird. Freiheit 3: Die Freiheit, das Programm zu verbessern und diese Verbesserungen unter der originalen Lizenz weiterzugeben. Auch dies impliziert Zugang zum Quelltext und das Recht, diesen zu ändern. Während die GPLv2 die Lizenz ist, die diese Freiheiten das erste Mal kodifiziert hat, haben sich schnell eine ganze Reihe von Lizenzen entwickelt, die alle „Open Source“ nach den OSI-Richtlinien (Open Source Initiative) oder den DFSG (Debian Free Software Guidelines) sind und von denen einige zwar frei, aber inkompatibel mit der GPL sind. Das hat insbesondere in den späten 90er Jahren viele Usenet-Newsgroups dauerhaft mit Diskussionen gefüllt.\nDer LAMP-Stack: Eine wilde Mischung von Lizenzen Der bekannte LAMP-Stack für die Webentwicklung ist auch ein Beispiel für den Lizenzwirrwarr, mit dem man es bei Open Source zu tun haben kann. LAMP beinhaltet den Linux Kernel, den Apache Webserver, die MySQL-Datenbank und die Programmiersprache PHP. All diese Bausteine haben unterschiedliche Lizenzen.\nWährend der Linux-Kernel GPLv2-lizenziert ist, steht der Apache Webserver unter der Apache License 2. Diese ist freizügig („permissive“), das heißt, es fehlen Bestimmungen, die erzwingen, dass Veränderungen gegenüber dem Originalprogramm unter derselben Lizenz wie das Originalprogramm weitergegeben werden müssen.\nMySQL hat gleich zwei Lizenzen: Die Datenbank kann unter der GPL genutzt werden und unterliegt dann den Bestimmungen und Freiheiten, die oben genannt wurden. Der Urheberrechtsinhaber ist jedoch eine Firma (ursprünglich MySQL, dann SUN und jetzt Oracle), die alle Rechte innehat. Entwickler müssen die Rechte an ihren Patches per Contributor License Agreement (CLA) an Oracle abtreten. Dadurch kann Oracle den Quelltext auch unter einer kommerziellen Lizenz anbieten.\nUnd PHP steht seit Version 4 unter der PHP-License. Auch das ist eine freizügige Lizenz, die Nutzung und Weitergabe von PHP mit oder ohne Modifikationen, als Quelltext oder ausführbares Programm erlaubt, jedoch Einschränkungen hinsichtlich des Gebrauches der Wortmarke „PHP“ enthält.\nDas führt zu einer wichtigen Frage der späten 90er Jahre: Was passiert, wenn man Software mit unterschiedlichen Lizenzen mischt und zusammen in einer Distribution verbreitet oder sie in einem Übersetzungsprozess zusammen linkt?\nDas GNU Projekt hat relativ schnell klargestellt, dass die Grenzen der Lizenz die Prozessgrenzen sind. Wenn man also ein Programm unter einer anderen Lizenz entwickelt und mit GNU-Software zusammen linkt, sodass das Resultat hinterher in ein- und demselben Prozess ausgeführt wird, dann geht das legal nur dann in Ordnung, wenn die andere Lizenz mit der GPL kompatibel ist.\nObwohl die GPL eine Open-Source-Lizenz ist, sind nicht viele Lizenzen mit der GPL kompatibel. Das liegt daran, dass die GPL die Freiheit wahrende Einschränkungen enthält: Man kann die Ausführung der Software nicht einschränken („Nicht in Atomraketen!“) und ein Programm, das GPL-Komponenten enthält, muss auch im Quelltext mit allen Änderungen angeboten werden. Das bedeutet: nicht nur die GPL-Komponenten, sondern alle Komponenten in diesem Prozessraum.\nDie Debatte um die „infektiöse“ GPL Aus der Pflicht zur Veröffentlichung der Quellen ergab sich dann eine weitere Diskussion in den frühen Nullerjahren. Damals wurden Linux und Open Source so groß, dass man sie nicht ignorieren konnte, und eine Menge Start-ups kokettierten mit Open Source. Die GPL war damals zwar die am weitesten verbreitete Lizenz, aber wenn man ein Start-up betreibt, das sich durch Risikokapital finanziert, dann ist es keine attraktive Aussicht für Investoren, alle Quellen der eigenen Software unter der GPL herausgeben zu müssen.\nAus dieser Zeit stammt der Anti-Open-Source-Slogan der „viralen“ oder „ansteckenden“ GPL, der im Kern jedoch Unsinn ist: Zum einen ist die GPL leicht einzuhegen, denn sie endet ja klar definiert an Prozessgrenzen, andererseits sind die Bestimmungen der GPL sinnvoll, weil sie eine direkte Ausbeutung der Leistung anderer erschwert („Quid pro quo: Wenn Du von Open Source profitierst, dann sollst Du auch auf die gleiche Weise dazu beitragen.“).\nGPLv3 gegen Softwarepatente Venture Capitalists brachten als Reaktion eine weitere Bedrohung für Open Source in Stellung, auf die reagiert werden musste: Softwarepatente. Wenn Start-ups ihre Software unter der GPL herausgeben müssen, können sie ihr geistiges Eigentum eventuell anders einschränken, um später dafür Lizenzgebühren einzutreiben. Damals waren das Softwarepatente, die als reale Bedrohung positioniert wurden.\nIn der Rechtfertigung für die Version 3 der GPL wird dies auch direkt thematisiert, und die GPLv3 enthält Regelungen, die vereinfacht besagen: „Wenn Du Patente verwendest, um Benutzer von beliebiger GPLv3-lizenzierter Software zu verklagen, dann erlischt Dein Recht, jegliche GPLv3 Software zu verwenden.“ Diese Klausel ist wirksam und sie hat unter anderem dazu geführt, dass Apple jede Form von GPLv3-lizenzierter Software in seinen Produkten vermeidet und sukzessive jegliche GPL-Software in Apple-Produkten durch anders lizenzierte Software ersetzt.\nDie Bestimmung, dass die GPL an Prozessgrenzen endet, ist auch für das GNU-Projekt manchmal problematisch, und so gibt es Varianten der GPL und Ausnahmen. Zum Beispiel ist generierter Code von unter der GPL stehenden Programmen nicht GPL-geschützt: Dies ermöglicht Codegeneratoren wie gcc, bison und flex. Und für einige Bibliotheken, darunter die glibc, gibt es die LGPL, auch „Lesser GPL“ genannt, die es erlaubt, die Bibliotheken gegen Nicht-GPL-Software zu linken.\n„GPL statt LGPL“ als Waffe Andersherum haben einige Firmen die GPL als Waffe eingesetzt. Zum Beispiel waren Bibliotheken wie die „libmysqlclient.so“ bis einschließlich MySQL 3.23 unter der LGPL verfügbar, aber ab Version 4 stehen sie unter der GPL. Linkt man diese Bibliothek also in sein kommerzielles Programm und will es ausliefern, dann muss man eine kommerzielle MySQL-Lizenz unter dem Dual-Licensing Programm kaufen. MySQL hat das im Slogan „If you are free, we are free. If you are commercial, we are commercial“ zusammengefasst.\nDas war eine Zeit lang ein Problem für die Programmiersprache PHP, die ja gegen diese Bibliothek gelinkt hat, um auf die Datenbank im Rahmen des LAMP-Stacks zugreifen zu können, aber eine formal nicht GPL-kompatible Lizenz hat. PHP ist dem Problem mit einer Re-Implementierung des Protokolls als „mysqlnd“ begegnet, und parallel dazu hat MySQL das Problem gelöst, indem sie eine Lizenz-Ausnahme für PHP (und andere) definiert haben.\nWeniger GPL, mehr MIT, BSD und Apache All diese Wirrungen sind ein Grund, warum „moderne“ Open-Source-Software meist nicht mehr die GPL verwendet, sondern andere Lizenzen wie MIT, BSD oder Apache bevorzugt. Sie machen eine Reihe von kapitalfinanzierten Geschäftsmodellen um Open Source einfacher, wenn man eine Firma um ein (oft nur dem Namen nach) Open-Source-Produkt stricken will. Ab 2005 beginnt die Blütezeit von auf Open Source basierenden Geschäftsmodellen. Das hat 15 Jahre lang gut genug funktioniert, um eine Reihe von Projekten groß zu machen.\nEinige dieser Projekte sind nicht auf einzelne Firmen als Träger angewiesen: PHP, KDE und Postgres sind zum Beispiel stabile und groß angelegte OSS-Projekte, hinter denen nicht eine einzelne große Firma und ihre Venture-Kapitalgeber stehen – sie alle zeichnen sich durch eine breite und vielfach verankerte Basis von Beitragenden aus.\nSeit einigen Jahren zeigen sich Risse: RedHat, Elastic, MongoDB, MariaDB (ein MySQL-Fork), HashiCorp und viele andere haben ihre Lizenzen geändert oder sich umstrukturiert, um einen bestimmten Use-Case auszuschließen. Da dies eine Verletzung der Freiheit 0 darstellt, sind es damit auch keine Open-Source-Projekte im Sinne der OSI und der DFSG mehr.\nDer Elefant im Raum ist die Cloud Amazon Web Services (AWS) ist ein System und eine Firma, die stellvertretend für ein Geschäftsmodell steht: Es monetarisiert den in Unternehmen oft vernachlässigten und unterfinanzierten Aspekt „Operations“ und sieht vor, Software für Dritte nicht zu entwickeln, sondern vorrangig zu betreiben.\nDamit ist Amazon sehr erfolgreich: Schon länger laufen in dessen Rechenzentren mehr Neuinstallationen von MySQL (und MongoDB, Postgres oder Elastic und vielen anderen Datenbanken) als lokal beim Kunden („on premise“). Dies ist eine Klasse von Systemen, die notorisch schwierig zu betreiben sind, weil Fehler beim Betrieb Daten unwiederbringlich ruinieren können. Natürlich kann man eine fehlerhafte Version einer Datenbank auf die vorhergehende Version zurückrollen, aber die Daten, die durch den Fehler zerstört worden sind, sind immer noch dauerhaft weg.\nDie systematische Unterschätzung der Kosten und des Aufwandes von Operations macht das Prinzip „Software as a Service“ (SaaS) erfolgreich. SaaS-Anbieter verkaufen nicht nur einen Dienst, sondern im Grunde genommen vornehmlich ein Betriebskonzept für diesen Dienst, der einen reibungslosen und unterbrechungsfreien Betrieb direkt nach der Inbetriebnahme erlaubt. Weil das Betriebskonzept erprobt und vorgeschrieben ist, kann man die Qualität der Dienstleistung standardisieren, messen und dann stabile Verträge mit Dritten darüber eingehen.\nKunden begrüßen das, denn Software zu betreiben ist ein Problem, das mindestens so schwierig ist wie Software zu entwickeln. Viele Kunden wollen sich damit nicht auseinandersetzen. Oft werden dabei Verfügbarkeiten, Antwortzeiten und Kosten in Kauf genommen, die genau so vorher bei den eigenen Inhouse-Teams vollkommen inakzeptabel waren, nur um beispielsweise den Aufgabenkomplex „Betrieb der Datenbanken“ aus dem Haus zu bekommen – das zeigt, wie unangenehm Firmen die Auseinandersetzung mit „Operations“ ist.\nDabei ist der Betrieb dieser Software durch AWS nicht durch eine kommerzielle Vereinbarung zwischen dem Hersteller der Software und Amazon gedeckt, sondern erfolgt auf der Grundlage der Freiheit 0 der GPL: Amazon darf die Software zu jedem beliebigen Zweck ausführen, auch als Service für Dritte. In Folge streicht Amazon das Geld für den Betrieb dieser Installationen ein, aber der eigentliche Softwareentwickler, die Herstellerfirma oder -gruppe bekommt davon nichts. Das ist kein nachhaltiges Finanzierungsmodell, aber durch die GPL gedeckt und sehr vorteilhaft für AWS, sodass man dort auch keine Veranlassung sieht, etwas daran zu ändern.\nBusiness Source License als frühe Reaktion Das ist schon recht früh als Problem erkannt worden: Bei MariaDB findet man die erste Erwähnung der „Business Source License“ (BSL) im Blog von Monty Widenius schon 2013, und MariaDB setzt sie für bestimmte Komponenten seit 2016 ein, mit leichten Veränderungen nach Anregungen von Bruce Perens dann seit 2017 in der Version 1.1. Andere Produkte ziehen nach und gehen ebenfalls unter die BSL: Couchbase, Uptrace, Kurtosis, Sentry, CockroachDB und neuerdings alle HashiCorp-Kernprodukte.\nDie Idee hinter der BSL ist, dass die Software weiterhin frei nutzbar und der Quelltext verfügbar bleibt, aber mit Einschränkungen. Die wichtigste Einschränkung meint üblicherweise „AWS darf das nicht nutzen“, formuliert als „Die Software darf nicht als SaaS für Dritte angeboten werden“. Man kann die Software also weiter so verwenden wie zuvor. Man kann sie auch in AWS selbst betreiben oder man kann sie innerhalb der eigenen Organisation für andere Abteilungen bereitstellen.\nAber man wird den Betrieb der Software nicht als Dienst von einem Cloud-Betreiber kaufen können, sondern nur vom Ersteller der Software selbst (etwa via AWS Marketplace). Diese Einschränkung dient dazu, die Finanzierung der Entwicklung der Software sicherzustellen, indem AWS die Möglichkeit genommen wird, diesen Geldstrom vollständig für sich selbst abzuzweigen. Die BSL kommt mit einer weiteren Regel, die besagt, dass Codeänderungen spätestens nach vier Jahren unter eine anerkannte Open-Source-Lizenz fallen (meist die Apache-2.0-Lizenz oder die GPL), sodass ältere Versionen der Software auf jeden Fall immer Open Source sind.\nFormal ist BSL-Software keine Open Source im Sinne der OSI oder DFSG, weil anders als bei der GPL die Freiheit 0 („Ausführen für welchen Zweck auch immer“) eingeschränkt wird. Man bezeichnet sie deshalb auch als „Source Available“. Auch die von MongoDB, Elastic und Kibana verwendete Server Side Public License verfolgt dieselbe Idee, nur anders: Die SSPL ist eine AGPLv3 Variante, die ebenfalls die Freiheit 0 einschränkt und verbietet, die Software für Dritte („as a Service“) zu betreiben, es sei denn, man erwirbt eine kommerzielle Lizenz.\nUnfreie freie Software Die Grundidee hinter den Freiheiten der GPL ist Geben und Nehmen: „Du kannst unsere Software nutzen, musst aber selbst gutartig mitspielen.“ Weil AWS seine Position im Markt immer weiter ausbaut, wird es den Erstellern von Open Source zunehmend schwerer gemacht, ihren Unterhalt mit der Entwicklungsarbeit zu verdienen – AWS bietet deren Software als Service an und verwebt ihn mit weiteren Dienstleistungen. Die Freiheit 0 der freien Software wendet sich hier gegen die Ersteller der Software.\nDie BSL und die SSPL sind eine Reaktion darauf. Sie sind formal gesehen keine freie Software nach OSI oder DFSG. Aber vielleicht ist es auch für Open Source wieder einmal an der Zeit, den Veränderungen und den neuen Bedrohungen ins Auge zu sehen und die Lizenzen und die Definitionen der neuen Zeit anzupassen, so wie dies mit der GPLv3 und der AGPL schon einmal geschehen ist.\nVielleicht bewegen sich FSF, OSI und Debian aber auch nicht und beharren auf ihren Definitionen von „freier Software“. Die Entwickler von Software unter der BSL und der SSPL ficht das nicht an: Ihre Software ist jetzt schon „fast frei“ und wegen ihrer speziellen Regel nach einigen Jahren dann auch formal freie Software nach alter Definition. Einen Grund, die BSL oder SSPL abzulehnen, gibt es nicht, ausgenommen Fundamentalismus für freie Software. Aber wenn diejenigen, denen etwas am Open-Source-Gedanken liegt, nicht wollen, dass AWS die einzige Firma mit einem erfolgreichen Open-Source-Geschäftsmodell ist, muss sich etwas ändern. Sonst landen Nutzer schon bald wieder bei langweiliger, traditioneller kommerzieller Software, wie man es früher von Microsoft und Oracle gewohnt war.\n","date":"2023-11-11T00:00:00Z","href":"https://blog.koehntopp.info/2023/11/11/eine-revolution-frisst-ihre-kinder.html","tags":["lang_de","publication","free software"],"title":"Eine Revolution frißt ihre Kinder"},{"categories":null,"content":"Ich arbeite im Sitzen, 8h am Tag beruflich, und dann noch ein wenig mehr aus Spaß: Spaces .\nIch habe meinen eigenen Platz daheim, immer schon gehabt. Das habe ich von meinem Vater gelernt, der Amateurfunker war und daheim seinen höchst eigenen Bastel- und Arbeitsplatz hatte, seinen Ort und Rückzugplatz. Zu einem ordentlichen Arbeitsplatz gehört auch ein Sitz. Der Sitz ist ein Arbeitsgerät und da sollte man angesichts der Anzahl der darin verbrauchten Stunden nicht kaspern, sondern klotzen.\nMeinen alten Stuhl habe ich 2003 in Karlsruhe gekauft, ein Dauphin Shape Comfort XT mit nahezu allen Optionen. Der hat 20 Jahre gehalten. Aber inzwischen wurde es Zeit für einen Ersatz: Nicht nur ist die Gasdruckfeder im Eimer (die habe ich schon einige Male getauscht, sicher ist sicher), sondern intern ist die Mechanik auch abgenudelt und verschiedene Einstellmöglichkeiten haben nicht mehr gut funktioniert.\nAndererseits: 20 Jahre. Das Teil hat in Karlsruhe, 2 Orten in Berlin, und in Amsterdam Dienst getan. Dann ist auch gut. Hier ist der neue, wieder ein Dauphin Shape XT.\nAnlieferung fertig montiert in einem sehr stabilen Monsterkarton.\nAusstattung, wie bestellt, via https://www.objectservice.de/ .\nDa der Sitz vormontiert bestellt war, gestaltete sich das Auspacken schnell und einfach. Dachte ich, aber es gab Luftpolsterfolie!\nLuftpolsterfolie!\nDer Stuhl kommt mit einem ausführlichen Handbuch und einer Erklärung der Grundlagen der Ergonomie. Das braucht es auch, denn dies ist ein richtiger Bürostuhl, und kein Gamer-Stuhl oder gar, wie einige Kollegen auch im Jahr 3 der Pandemie, ein Küchenstuhl.\nBild des Bürostuhls am Arbeitsort: Höhenverstellbarer Schreibtisch, jede Menge Strom, eine Rollmatte und ein ordentlicher Stuhl. Tageslicht von Links.\nDer Stuhl kommt mit einer Vielzahl an Einstellmöglichkeiten.\nÜbersicht der Einstellmöglichkeiten.\nSitzhöhe. Sitztiefe. Die Sitzfläche gleitet nach vorn, und ich passe auf den Stuhl. Armlehnen weit ausfahren: Ein wichtiger Handgriff, damit mein breiter Hintern in den Sessel passt. Rückenlehne fixieren oder losdrehen. Wenn man 4 losmacht, kann man Einstellen, wie stark die Rückenlehne Gegendruck macht. Nicht sichtbar: Armlehnen Höhe. Lordosenstütze Höhe. Die Rückenlehne ist höhenverstellbar, und das ist so auch notwendig bei mir. Rückenlehne und Sitzfläche neigen sich zusammen nach vorne und hinten (\u0026ldquo;Synchromechanik\u0026rdquo;). Es gibt noch besser ausgestattete Versionen von diesem Stuhl, bei denen die Armlehnen auch in Neigung und Winkel verstellbar in mehreren Dimensionen sind, aber das ist meiner Erfahrung nach nicht dringend. Eine Version mit Nackenstütze ist auch zu haben.\nBezüge kommen in mehreren Preiskategorien (bis \u0026ldquo;Chefsessel Leder\u0026rdquo;) und sind auf Beanspruchung ausgelegt.\nZum Einstellen kann man einfach die Anleitung im Handbuch befolgen. Die Schritte sind im Grunde bei jedem Stuhl dieselben, sofern die betreffenden Einstellmöglichkeiten vorhanden sind:\nDie Synchronmechanik und andere Schwingteile blockieren (z.B. die Rückenlehne aufrecht fixieren) und die Armlehnen ausfahren auf maximale Breite. Das macht Platz im Stuhl und erzeugt eine neutrale Sitzposition. Hinsetzen. Sitzhöhe einstellen. Füße platt auf den Boden, dann müssen die Oberschenkel waagrecht im 90 Grad Winkel stehen. Manche Menschen wollen die Sitzhöhe noch ein wenig höher haben. Sitztiefe einstellen, also die Sitzfläche so weit ausfahren, daß sie bis auf 2-3 Finger an die Kniekehlen heranreicht und die Beine unterstützt. Nun die Position der Rückenlehne einstellen: Neigung, und wenn höhenverstellbar auch Höhe, bis die Unterstützung im Kreuz angenehm ist. Eventuell vorhandene Lordosenstütze in die richtige Position (über dem Becken ins Kreuz) bringen. Jetzt Sitzflächenneigung einstellen, also die Synchro loslösen und schaukeln, dann in einer angenehmen Position fixieren, und danach die Rücken-Neigung noch mal nachstellen. Armlehnen einstellen - Breite, Höhe, Position. Danach Feineinstellung justieren: Synchro los, und Rückenlehnen-Gegendruck anpassen, Lordosenstütze Druck einstellen und was sonst noch an Hilfseinstellungen da ist. Zentral sind Höhe, Sitztiefe und Stellung der fixierten Rückenlehne in Neigung und Höhe der Lordosenstütze. Der Rest ist dann drumherum zu arrangieren.\n","date":"2023-10-10T00:00:00Z","href":"https://blog.koehntopp.info/2023/10/10/sitzende-taetigkeit.html","tags":["lang_de","erklaerbaer","work"],"title":"Sitzende Tätigkeit"},{"categories":null,"content":"John Scalzi\u0026rsquo;s latest book is currently Starter Villain .\nThe premise is simple: Charlie\u0026rsquo;s estranged Uncle Jake died. Charlie and his uncle are estranged because Charlie\u0026rsquo;s father and Jake had a fallout at the funeral of Charlie\u0026rsquo;s mom, and Charlie has not had much contact at all with Jake ever since. Now, with Jake also dead, it turns out that Charlie somehow is his only heir.\nThen Charlie is holding watch at Jake\u0026rsquo;s funeral, and the entire story turns quickly into a James Bond novel, with strange brutes trying to stab the corpse of Jake, ensuring he\u0026rsquo;s really dead, and a collection of very weirdly imprinted flower bouquets \u0026ndash; \u0026ldquo;See you in hell\u0026rdquo; being one of the nicer ones.\nCharlie quickly learns that his uncle was a Villain, complete with a lair on a volcano island, laser weapons to destroy satellites, and a collection of very nice and special cats (and Dolphins, but they are special and not nice). He also learns that \u0026ldquo;Villain\u0026rdquo; does not exactly mean what he thinks that it means.\nScalzi spent his pages playing nicely with the clichés and expectations around James-Bond-like supervillains, and turning them into a fun story with a number of expected and unexpected twists. He wouldn\u0026rsquo;t be Scalzi if there is no stuff to think about lurking in the background. In this case, fairly obviously the relationship between 1950\u0026rsquo;s supervillains and present day billionaires, oligarchs and our survival as a species.\nA nice two-afternoon read.\n\u0026ldquo;Starter Villain \u0026rdquo;, John Scalzi, EUR 9,99.\n","date":"2023-10-01T00:00:00Z","href":"https://blog.koehntopp.info/2023/10/01/fertig-gelesen-starter-villain.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: Starter Villain"},{"categories":null,"content":"Rob Wilkins was the assistant and a good friend of Terry Pratchett. He wrote a posthumous biography, titled A Life With Footnotes . Wilkins is now the manager of the Pratchett literary estate.\nThe book does what a biography is supposed to do: It traces the life of Terry Pratchett, illuminating his origins and the experiences that shaped his worldview. Filled with anecdotes and tales from his readings, from conventions, and other encounters with fans, it sketches a portrait of a lovable, quirky personality who crafted stories in his mind and then simply penned them down.\nRob Wilkins then takes on the challenging segment of the biography and guides us through the tragic phase of Terry Pratchett: his Alzheimer\u0026rsquo;s diagnosis, the mental and physical decline, the ever-increasing loss of control, and the interplay of good and bad days, leading up to the emotional farewell that occurred long before his physical passing.\n\u0026ldquo;Terry Pratchett: A Life With Footnotes \u0026rdquo;, Rob Wilkins, EUR 9,49.\n","date":"2023-09-30T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/30/fertig-gelesen-a-life-with-footnotes.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: A Life with Footnotes"},{"categories":null,"content":"In Combat Ready Kitchen , Anastacia Marx de Salcedo traces the history of food preservation from an american point of view, and demonstrates the co-development of combat rations and modern U.S. supermarket food.\nThe book takes us through the history of U.S. combat rations, from before the invention of the tin can, through canned, better preserved, but incredibly heavy food to what soldiers have today. It shows how these military innovations have been seeded, purposefully, into the civilian food industry, in order to enable the military to source food from civilian companies for their purposes, in formats that suit them. This also had influence on how the industry preserves food for civilian consumption and enabled a multitude of convenience foods.\nWhile the development of food preservation for military and civilian needs was somewhat systematic, the book is not. It goes through the history not chronologically, but anecdotally, roughly ordered by kind of food, but with plenty of sidelines, side stories and other distractions. It still is an entertaining read, but it makes it hard to put down the book and take stock of what you just learned.\nOne thing I took away is that food preservation as we understand it today is much more recent than most people think. It is a thing humanity only learned in the late 80ies and early 90ies, and even today fundamental progress is being made. Also, a lot of the stuff we do is not actually bad for the food, the nutrients or the taste, it is in fact perfectly fine. Still, other things amount to basically breaking down the food to constituent parts, and then reassembling something from the parts, and that\u0026rsquo;s maybe less good, given how little we actually understand what makes a meal nourishing or healthy, even today.\nEntertaining and interesting, but structured in a way that makes it harder than necessary for me to pull value out of it.\n\u0026ldquo;Combat Ready Kitchen: How the U.S. Military Shapes The Way You Eat \u0026rdquo;, Anastacia Marx de Salcedo, EUR 5.25.\n","date":"2023-09-29T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/29/fertig-gelesen-combat-ready-kitchen.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: Combat Ready Kitchen"},{"categories":null,"content":"Dieses Jahr war nicht sehr heiß bei uns, und auch nicht so tödlich trocken wie letztes Jahr. Das war notwendig und angenehm, auch wenn es den Ertrag vom Dach um 10-15 % gegenüber dem Vorjahr gedrückt hat.\n2022 in Blau (links verschoben), 2023 in Grün (rechts).\n2022 brachte uns von April bis Jahresende 6389 kWh, 2023 brachte uns vom Jahresbeginn bis jetzt 6204 kWh. Okt+Nov+Dez 2022 waren 407 + 170 + 91 = 668 kWh. Damit käme 2023 in total auf 6872 kWh.\n3330 Wp auf 53 Grad Azimuth, 60 Grad Declination, leichte Verschattung im Morgen und im Winter durch Bäume. 5920 Wp auf 233 Grad Azimuth, 60 Grad Declination, leichte Verschattung am sehr späten Abend durch Dachgaube, Optimizer. =\u0026gt; 9250 Wp in total. Wir hatten einen Verbrauch von 4837 kWh/Jahr im letzten Jahr vor den Panels. Jun 2022 bis 2023 war -2800 kWh Netto (Verbrauch - Ertrag) und etwa 2300 kWh Netzbezug. Durch das neue Elektroauto werden wir aus Jun 2022 bis 2023 mit Glück +/- Null in Summe rauskommen.\nJahresverbrauch im Vergleich. Der Abrechnungszeitraum ist Juni bis Juni des Folgejahres. Das Jahr 2020/2021 war das letzte Jahr ohne Solaranlage. Im Jahr 2021/2022 kam Anfang April die Solaranlage dazu, und im Jahr 2022/2023 war durchgehend Solarenergie vorhanden.\nDie Themen \u0026ldquo;Gas weg\u0026rdquo; und \u0026ldquo;Klimaanlage rein\u0026rdquo; sind immer noch offen und noch zu bearbeitende Investitionsprojekte für das kommende Jahr. Zu ersetzen sind 1250 m^3 = 12500 kWh Primärverbrauch. Das werden dann weitere 4160 kWh bei einer angenommenen Arbeitszahl von 3.\nWir liegen bei 75-80 kWh pro qm und Jahr. Das setzt uns gerade eben auf eine deutsche Energieeffizienzklasse C oder \u0026ldquo;A++\u0026rdquo; bis \u0026ldquo;A+\u0026rdquo; in der niederländischen Skala (ebenda).\nGasverbrauch pro Jahr in m^3. Der Abrechnungszeitraum ist wiederum Juni bis Juni. In 2021/2022 wurden 1251 m^3 verbraucht.\nDie Investments waren\nca. 11k für das Solardach, 8k nach Förderung. ca. -2.6k für den Ladepunkt 11kW. ca. 35k für das Auto (das alte Auto mußte sowieso ersetzt werden). Auf der Liste stehen noch einmal ~10k für Aircondition/Luft-Luft Wp.\nWeit unten auf der Liste stehen noch einmal 10k für eine 10-15 kW Hausbatterie, aber das hat die kleinste Priorität. Die Batterie wird im Nov-Feb nicht voll werden, sodaß wir dort Netzstrom beziehen werden. Sie kann im Rest des Jahres 3-5 kWh Nachtverbrauch puffern. Eine 5 kWh-Batterie hat nicht die Amps, die geliefert werden müssen, wenn Leistung gebraucht wird, also sind mindestens 10 kWh (ca 7 k Euro) fällig.\nNach Abschluss aller Umstellungen kommen wir bei einem Nettostromverbrauch von 4000 kWh/Jahr raus. Im Moment sind wir Netto balanced (-/+ Null) oder -1000 kWh/Jahr, je nachdem wie viel gefahren wird.\nDer tatsächliche Netzbezug wird deutlich höher sein, ich schätze 3000 kWh mehr für eine Gesamtsumme von 7000 kWh/a. Das läuft auf 2500 Euro Gesamtenergiekosten im Jahr raus, für Haus und Auto. Das ist ausnehmend wenig.\nAn normalen September-Tagen speisen wir in etwa 4 kWh Netto ein. Brutto sind es 10 kWh von 14.5 kWh Produktion, und wir ziehen 5.7 kWh aus dem Netz. Nachts saugt das Haus 0.3 kW, tags immer ein wenig, wenn ein Herd oder eine Mikrowelle mehr Watt will als das Dach liefern kann.\nTage, an denen das Auto aufgeladen wird, sind in der Monatsansicht klar erkennbar.\nWen das E-Auto geladen wird, ist der Tagesverbrauch deutlich höher, denn es werden dann circa 40 kWh in 4 Stunden bezogen. Da hilft dann auch eine Batterie nicht. Im Monatsverlauf sind Ladetage klar erkennbar.\n","date":"2023-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/27/solarenergie-2022-vs-2023.html","tags":["lang_de","energy"],"title":"Solarenergie 2022 vs. 2023"},{"categories":null,"content":"Helen Czerski wrote a book. Blue Machine: How the ocean shapes our world occupies the weird space between memoir, travel blog and science outreach.\nIn the middle of this she manages to explain the biggest machine on our planet: The collection of oceans in which the continents are embedded. But also the deep love of science, the desire to understand how our world functions, and the connection between all people than live on it.\nThe book is the story of a person who literally travelled the world, from the poles to the equator, and from the surface of the oceans to their dark cold depths. It also is the story of a physicist with knowledge about bubbles and how they work, and how that line of research led her around the world, and into the oceans. It also is a gentle introduction into climate science, showing us how the ocean can be seen as a machine that manages the thermals of the planet, capturing and transporting heat, feeding the weather machine in the atmosphere with energy and water vapor, and also capturing and releasing carbon dioxide.\nFollowing her travels and experiences, we learn about the vertical layering structure of the oceans, about the ability of water to capture fantastic amounts of energy, about currents and how they transport water, energy, nutrients and life around the world, and how humans have been living off all this on the surface of something much greater, deeper and larger than we ever imagined.\nThis is an amazing and entertaining book that shares a unique and personal perspective of our world, and at the same time manages to convey how something this vast and enormous can be at the same time fragile and in need our or care and understanding.\nStrongly recommended read, well worth the time.\n\u0026ldquo;Blue Machine \u0026rdquo;, Helen Czerski, EUR 15.62\n","date":"2023-09-26T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/26/fertig-gelesen-blue-machine.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: Blue Machine"},{"categories":null,"content":" C64 Elite (1983) Longplay Das ist Elite (1984). Das Spiel wird heute 39 Jahre alt.\nSpiele zu jener Zeit waren nicht nur 2D, sie waren auch Arcade. Man spielt, und wenn man stirbt, ist das Spiel vorbei – die nächste Partie fängt man von vorne an.\nElite ist das erste Spiel mit animierter 3D-Grafik, und es ist auch das erste Spiel mit Savegames und Progression. Als solches hat es die Spieleentwicklung sehr umfassend beeinflusst. Wing Commander, EVE und No Man\u0026rsquo;s Sky haben ihre Quellen hier.\nElite war eine Idee von David Braben und Ian Bell, beides Engländer und daher kam das Spiel zunächst für den BBC Micro raus. Es wurde später auf viele andere 8-Bit Systeme portiert, darunter auch der C64. Es verkaufte sich rund 100.000 mal auf dem BBC Micro und weitere 600.000 mal für den C64. Insgesamt wurden rund 1 Million Exemplare umgesetzt.\nInsgesamt gab es von Elite selbst noch drei Nachfolgespiele, die aktuelle Version ist Elite: Dangerous. Da sieht das Gameplay dann so aus:\nElite Dangerous Gameplay.\nMein Elite T-Shirt hat das C64 Elite Wireframe Model der Cobra und den Text \u0026ldquo;Keep Calm And Jump Onwards\u0026rdquo;.\nT-Shirt Design mit schwarzem Hintergrund und in transparent .\n","date":"2023-09-20T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/20/elite.html","tags":["lang_de","gaming","elite-dangerous"],"title":"Elite"},{"categories":null,"content":"A decade ago, I came as a performance specialist into a rapidly growing environment. With rapid growth, I mean anything that is larger than what Moore\u0026rsquo;s Law once delivered. Moore\u0026rsquo;s law comes out at upwards of 45% Year-on-Year (YoY). In my case, we experienced 80% YoY worldwide with 220% YoY in certain regions of the world for many years. Even in 2008, when the economy stagnated, we still made 45% or more.\nOnboarding people into such an environment is weird. They all have been programmed by their university education and their previous work experience to build things that last, to consider things carefully and to be efficient, and save money at all cost.\nThat is not how anything works in a high-growth environment, at all. Rapid growth kills. The tech we build, we build it for a certain expected target size. Good tech can sustain a 10x growth (or shrinkage), but usually not much more. At a larger change, things tend to fall apart.\n$ bc -l \u0026gt;\u0026gt;\u0026gt; scale=3 \u0026gt;\u0026gt;\u0026gt; l(10)/l(2) 3.321 \u0026gt;\u0026gt;\u0026gt; l(10)/l(1.45) 6.204 When you double each year, 10x is 3.3 years, approximately. When you grow at Moore\u0026rsquo;s Law rate, 10x is 6.2 years, approx. In a high-growth an environment, when you write software, you can expect it to last around 4 years or so until it needs to be re-architected in order to continue to produce the same deliverables as before. You do not know how it will fail much in advance, nor do you know how the business environment will change much in advance: As you grow, bottlenecks will show up in unexpected places.\nIf you grow faster than Moore\u0026rsquo;s law, buying larger computers will not help you. You need to buy more computers, and change your code to run in a distributed environment. That changes performance fundamentally, and code needs to be changed in order to deal with the properties of distributed environments. Running distributed systems will add complexity that you really do not want in order to maintain growth, because it makes change harder and slower, which you really can\u0026rsquo;t use, if you grow fast.\nFinally, on top of the change in technology, you also need to deal with change in organiation, and to integrate a lot of new people which you need in order to deal with added complexity.\nThat means, several unusual things are important, others that people have been trained to take as important are not.\nFor example, in such an environment, all software is ephemeral. In four years time it will be largely useless. You do not know how things will fail unless you are close to failure. You have vision for about 12 months ahead, at most.\nYou will need to start to change your failing software by making architectural changes. You do not know if they will succeed in time. Do not follow one plan, follow all plans and hope that at least one succeeds in time.\nCost is relevant only in the sense that you must not pay for current expenses with future growth. You must be cash flow positive at all times, but actual earnings are largely irrelevant until growth flattens out below 45%. Never paying for current expense with future growth (not even for a short time) is very important, because you do not know if that future growth will materialize. If you ever run into a money vaccuum, you die very suddenly.\nActual earnings are much less important. Not dying from growth is already hard enough, the objective is to have new solutions in place in time, and speed matters more than cost.\nThis is a rare environment and people are generally not trained for it. It goes in fact against most of what they have been trained for. Getting that out of people\u0026rsquo;s minds in order to prepare them for success in such an environment is hard, much harder than what one would initially think, because you have to break down decades of education they had. You need to have then accept a reality that is very different from what they have learned.\n","date":"2023-09-19T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/19/the-gospel-of-efficiency-vs-actual-growth.html","tags":["lang_en","work"],"title":"The Gospel of Efficiency vs. Actual Growth"},{"categories":null,"content":"Golem schreibt: Über 2000 Skydrive-Lufttaxis vorbestellt .\nDas eVTOL Skydrive ist 13 x 13 Meter groß und 3 Meter hoch. Angetrieben wird es von zwölf Elektropropellern, die auf einem Gestell angebracht sind, ähnlich wie bei den Volocoptern. In dem eVTOL ist Platz für drei Personen: zwei Passagiere und eine, die es fliegt. Die Fluggeräte, die später ohne Pilot fliegen sollen, können auf einer relativ kleinen Fläche senkrecht starten und landen.\nund\nUrban Air Mobility (UAM) ist eine neue Form der Luftfahrt: Passagiere sollen mit Lufttaxis oder Taxidrohnen kürzere oder mittlere Strecken in der Stadt zurücklegen. Dadurch, dass ein Teil des Verkehrs in die Luft verlagert wird, sollen die Straßen weniger belastet werden.\nLärm Hier ist ein Video von einem Vorläufer dieses Modells, von 2020. Der Soundtrack ist wichtig:\nSkydrive Piloted Flight Demo. SkyDrive performed the first public flight demonstration of its SD-03 eVTOL on Aug. 25, 2020 (Video )\nBeim Deutschlandfunk Nova heißt es zum selben Problemkomplex: Drohnen: Wenn die Kettensäge kommt Die Drohnen werden aber nicht nur Päckchen bringen, sondern vor allem Lärm. Kommerzielle Drohnen, die Lasten transportieren, sind deutlich lauter als kleine Kameradrohnen. Je schwerer das Päckchen, desto lauter. Der Lärmpegel ist vergleichbar mit Laubsaugern, Rasenmähern und Kettensägen.\nund\nVideos, die die Lieferdrohnen bewerben, sind gerne mit Musik unterlegt, das Drohnengeräusch ist nicht zu hören.\nDownwash Ein anderer Effekt von Rotorflüglern jeder Art ist Newtons Gesetz: Jede Kraft erzeugt eine gleiche, entgegengesetzte Gegenkraft. Wenn ein Flugtaxi also bei Erdanziehung 1250 kg Schub aufwärts erzeugt, dann muß es auch einen 1250 kg Downwash geben.\nLuftströme am Rotorflügler, in der Luft (\u0026ldquo;out of ground effect\u0026rdquo;) und in Bodennähe (\u0026ldquo;in ground effect\u0026rdquo;). (ausführliche Erläuterungen )\nIn der Luft befindet sich unter einem Rotorflügler ein Abwindkorridor, dem andere Flieger fern bleiben müssen. Nahe dem Grund können Sand, Schnee oder Steine aufgewirbelt werden (Brownout, Whiteout).\nIn Helicopter Rotor Downwash – Excessive wind, FOD and brownouts, what are the risks? haben wir eine bildliche Darstellung von Downwash und auch eine Tabelle von Mindestabständen.\nBeispiele für Helicopter Rotor Downwash.\nGenerell werden 3-5 Rotordurchmesser als sicherer Abstand zu einem landenden oder startenden Helikopter genannt. Dies gilt für Personen, aber auch andere am Grund parkende Fluggeräte oder andere Gegenstände mit einer großen Angriffsfläche für Wind wie etwa belaubte Bäume.\nBei einem Volocopter mit einer Größe von 13x13 Metern also circa 50 x 50 Meter. Zum Vergleich: Ein frei stehendes Einzelhaus hat eine Grundfläche von 8x8 Metern, und steht auf einem Grundstück von 12x20 Metern.\nHier zwei Starts: der Hubschrauber kann relativ schnell an Höhe gewinnen, weil er nicht in seinen eigenen Downwash fliegt. Landungen sind wesentlich gemächlicher.\nStart von D-HBLN vom Metzplatz, Berlin vor dem Wenckebach-Krankenhaus. Die Bäume sind unbelaubt. (Video )\nStart eines Rettungshubschraubers von einem Spielplatz in Vijfhuizen, NL. Die Polizei hat das Gelände abgesperrt, etwa 50-70m Sicherheitsabstand. Der Downwash schüttelt die belaubten Bäume. (Video )\nEnergieverbrauch Schließlich ist noch der Energieverbrauch zu berücksichtigen, denn anders als Starrflügler können Rotorflügler und Drohnen nicht gleiten. Sie müssen also jederzeit in der Luft die volle Energie aufwenden, um ihr Gewicht gegen die Gravitation zu halten.\nDies setzt auch der Reichweite und Flugzeit enge und absolute Grenzen als Funktion der Energiedichte des Treibstoffs.\nFlugtaxis sind für Verkehrsprobleme was Kernfusion für Energieprobleme ist.\nBonuscontent: Downwash Vuichard Recovery Technique - How to escape a Vortex Ring State Planes clouds and vortices ","date":"2023-09-18T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/18/flugtaxi.html","tags":["lang_de","erklaerbaer","technik"],"title":"Flugtaxi"},{"categories":null,"content":"Somebody asked me very politely on the Fedi:\nWould you please post all but the first post in a thread as \u0026ldquo;unlisted\u0026rdquo;?\nI like to follow you, but the sum of all posts by you takes up so much space on my front page.\nThe answer to that request, also politely, is a firm \u0026ldquo;No.\u0026rdquo;\nSelection, ordering and presentation of posts is a client problem, which it has to solve, according to your configured preferences.\nOf course, my client (Tusky) recognizes a thread and shows it as such.\nBut all posts that are being sent as \u0026ldquo;public\u0026rdquo; are also shown separately on my front page.\nThat is an understandable problem, but not mine.\nI believe Tusky will also show you reposts of the same article by 17 different persons. In total, you get to see 18 copies of that article (the original and 17 copies). Would you ask these people to not repost because another of your followers already did that? You would not.\nTusky, and every other client must learn what it has shown previously, and to not show middle posts of threads if so desired.\nIf we start to take care of recipient presentation preferences on the sender\u0026rsquo;s side, we are getting into an impossible situation. The sum of all recipients has irreconcilable preferences.\nAlso, we would end up in a \u0026ldquo;USENET-situation,\u0026rdquo; where advancement becomes impossible. \u0026ldquo;No Umlauts, because my VT100 can\u0026rsquo;t render them.\u0026rdquo;\nI can\u0026rsquo;t and won\u0026rsquo;t ever care for any client\u0026rsquo;s presentation preferences. Get a client that can render stuff the way you want, and pay your client developers of choice to build the client you want.\nThis network is federated, with dozens of clients. This offers you choice and makes it impossible for me to care for you all. If you don\u0026rsquo;t like this, please unsubscribe to my account. The network is large, and you won\u0026rsquo;t miss my content.\nThanks.\n","date":"2023-09-18T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/18/the-need-for-smarter-clients.html","tags":["lang_en","mastdon","usenet"],"title":"The Need for Smarter Clients"},{"categories":null,"content":"Heise schreibt: Kernfusion: Deutschland fehlt laut Studie eine Strategie .\n\u0026ldquo;Der Fusionsenergie könnte in den nächsten zehn bis fünfzehn Jahren der entscheidende Durchbruch gelingen, aber Deutschland schaut nur staunend oder skeptisch zu\u0026rdquo;, kritisierte von Tschirschky. Deutschland brauche eine Fusionsstrategie für sämtliche Schritte von Lieferketten über Forschungsförderung bis zu Verwaltungsvorschriften.\nGolem schreibt: Deutschland fehlt laut Studie eine Strategie dafür In zehn bis fünfzehn Jahren könnte die Technik für die Stromerzeugung einsatzfertig sein, meint die Unternehmensberatung Strategy\u0026amp;.\nDie Studie hätte ich ja gerne mal gesehen. Denn soweit ich weiß, sind alle bisherigen kontrollierten terrestrischen Fusionen Energie-Negativ gewesen und haben zudem die unangenehme Eigenschaft, das Reaktorgefäß zu schmelzen, in dem sie stattfinden, würden sie lange genug laufen, um sinnvoll Energie zu erzeugen.\nAber schauen wir mal nach der Studie. Ich habe sie runtergeladen: Link . Die ist von \u0026ldquo;Strategy\u0026amp;\u0026rdquo;, einer Unternehmensberatung, die 2008 von Booz, Allen \u0026amp; Hamilton an PwC verkauft wurde. Die Studie malt die üblichen IEA Szenarien für die Energieversorgung der Zukunft auf, um dann auf eine hätte-könnte-würde Welt umzuschwenken, in der wir auf einmal Kernfusion haben. Dabei wird in diesen Slides Konjunktiv verwendet, denn es gibt keine dauerhafte existierende Kernfusion in diesem Planetensystem, außer in der Sonne.\nFusion energy may be the missing key to a sustainable, sufficient and affordable energy supply: Im Jahr 2040 taucht magisch Kernfusion auf, und im Jahr 2050 ersetzt sie komplett und just-in-time die fossile Restenergie.\nConsultantwitzchen am Rande: Das Lithium für die Fusion bekommen wir aus recycelten Batterien, hihi! Eigentlich brauchen wir Deuterium, und Lithium nur als Zwischenschritt für Tritium, aber Witz!\nDie Zutaten und das Resultat.\nDie Zutaten in unserem Fantasiebaukasten sind 100% Buzzword-Compliant:\nMagnets! Superleitend! AI! Quantencomputerz! Und High Powered Laz0rz! Alles muss unbedingt auf eine einsame Insel mit einem Vulkan, und wir brauchen auch eine weiße Perserkatze!\nHier eine technisch aussehende Zeichnung einsetzen, und diesmal nicht wieder eine von diesen Perry-Rhodan Rißzeichnungen, bitte!\nUnd jetzt bitte: FOMO Alarm! FOMO Alarm! Release the Fördermittelkraken! Denn: Es ist ein Rennen zwischen den Nationen! Energy too cheap to meter! Wir brauchen eine Strategie! Und Geld! Viel Geld!\nBitte stoppt sofort Fernfusion, wir haben bald schon Kernfusion! Und Perserkatzen mit Lasern!\nThe decisive advantage over existing renewables: Fusion energy is simultaneously base-load capable and easily scalable. Und der Feenstaubverbrauch ist minimal!\nSagte ich: \u0026ldquo;Energy to cheap to meter?\u0026rdquo;\nDas ist ein verbrannter Begriff aus den 50er Jahren. Wir haben stattdessen \u0026ldquo;secure and cheap oversupply.\u0026rdquo; Yay!\nThe amount of energy from raw materials for fusion available worldwide is sufficient for secure and cheap energy oversupply: 250 Kilo Treibstoff pro Jahr statt ganzer Güterzüge voller herkömmlicher Energieträger. Oder Berlin-Mitte überdachen. Halt, was? Wieso nicht? Eine Solarmall in Mitte kann unsere Energieprobleme auch lösen?\nWas fehlt denn dann noch für funktionierende Kernfusion? Naja, im Grunde nix, außer der Technik. An der wir schon seit 80 Jahren vergeblich herum erfinden. Aber diesmal ist es wirklich fast so weit.\nGroßes Unternehmensberaterehrenwort!\nThe remaining challenges until fusion\u0026rsquo;s commercial maturity are expected to be manageable with technology available today.\nDarum dreht jetzt unbedingt die Geldhähne auf, dann wird unsere Zaubertechnologie die kommende Klimakrise magisch weg putzen, ohne dass sich irgendjemand umstellen muss.\nWhat needs to be done now? A National Fusion Energy Strategy can turn Germany\u0026rsquo;s current position into an agenda for success.\nund\nIf Germany acts in time, fusion energy has the potential to become a new engine for the German national economy.\nErgebnis Ich bin under-fucking-whelmed von allem.\nAlso von diesem 18-Seiten-Null-Content Powerpoint, und hat irgendeiner der anwesenden \u0026ldquo;Journalisten\u0026rdquo;, die die Meldung gedruckt haben, sich den Fetzen auch nur mal kursorisch angesehen?\nIch sollte mehr Powerpoint machen, die Milliarden wären mein.\nDas Köhntopp Institut für Feenstaub, gebt mir Fördermittel! Ihr braucht eine Strategie, Leute, sonst wird das nichts, wenn die Feenstaub-Fässer in meinem Keller überlaufen und das Land mit Wunschpulver überfluten.\nSticker ","date":"2023-09-17T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/17/kernfusion.html","tags":["lang_de","erklaerbaer","technik"],"title":"Kernfusion"},{"categories":null,"content":"Die Niederlande halten es so: Aanrijding met voetganger of fietser .\nWer haftet bei einem Unfall mit einem Fußgänger oder Radfahrer? Radfahrer oder Fußgänger gelten als schwächere Verkehrsteilnehmer. Da sie im Verkehr gefährdet sind, sieht das Gesetz eine besondere Regelung für Unfälle mit Kraftfahrzeugen vor. Abhängig vom Alter des Radfahrers ist der Eigentümer des Kraftfahrzeugs ganz oder teilweise für den Schaden des Radfahrers verantwortlich. Umgekehrt kann der Autofahrer den Schaden, den er aufgrund eines Fehlers eines Radfahrers oder Fußgängers erleidet, beim Radfahrer oder Fußgänger (oder seiner Haftpflichtversicherung) geltend machen. In diesem Fall gelten die normalen gesetzlichen Regeln.\nSchutz durch das Gesetz (Artikel 185 Straßenverkehrsgesetz) Normalerweise muss man nach einem Unfall beweisen, dass die andere Partei haftbar ist. Dies gilt nicht, wenn Sie als Radfahrer oder Fußgänger von einem Kraftfahrzeug (Auto, Motorrad, Moped, Roller usw.) angefahren werden. Das Gesetz bestimmt, dass der Fahrer des Kraftfahrzeugs haftbar ist, es sei denn, er kann höhere Gewalt nachweisen. Dies ist eine Form der \u0026ldquo;Risikohaftung\u0026rdquo;. Dabei muss man keine Schuld am Unfall haben, ist aber dennoch haftbar. Dies mag ungerecht erscheinen, aber der Radfahrer oder Fußgänger hat ein höheres Verletzungsrisiko aufgrund des Gewichts des Kraftfahrzeugs.\nHöhere Gewalt Höhere Gewalt liegt vor, wenn der Autofahrer beweisen kann, dass ihm kein Vorwurf gemacht werden kann. Und der Fehler des anderen Verkehrsteilnehmers muss so unwahrscheinlich gewesen sein, dass der Autofahrer nicht damit rechnen musste. In der Praxis ist es schwer, höhere Gewalt nachzuweisen, und der Eigentümer des Kraftfahrzeugs wird oft haftbar sein.\nBeispiel für höhere Gewalt des Autofahrers Ein Fußgänger wird plötzlich von jemand anderem hart gegen ein vorbeifahrendes Auto gedrückt. Der Fußgänger erleidet dabei Verletzungen und möchte den Autofahrer haftbar machen. Das Gericht hat entschieden, dass in diesem speziellen, außergewöhnlichen Fall höhere Gewalt vorliegt und der Autofahrer daher nicht haftbar ist.\nBeispiel für keine höhere Gewalt des Autofahrers Ein 15-jähriges Kind fährt in der Nähe einer Schule plötzlich auf die Straße. Das Kind wird von einem Autofahrer angefahren, der die Höchstgeschwindigkeit einhält. Das Kind bricht sich das Bein. Der Autofahrer hätte das Kind sehen können, hat jedoch nicht seine Geschwindigkeit reduziert. Es liegt keine höhere Gewalt vor, da dem Autofahrer ein (geringer) Vorwurf gemacht werden kann. Die Versicherung des Autos muss 50% des Schadens des Kindes bezahlen.\nDie Praxis In der Rechtsprechung wird zwischen Radfahrern und Fußgängern ab 14 Jahren und Kindern unter 14 Jahren unterschieden.\nRadfahrer oder Fußgänger ab 14 Jahren Der Fahrer des Kraftfahrzeugs ist haftbar und muss den Schaden des Radfahrers oder Fußgängers erstatten, es sei denn, der Fahrer kann höhere Gewalt nachweisen. Bei höherer Gewalt erhält der Radfahrer oder Fußgänger keine Entschädigung. Gibt es keine höhere Gewalt, erhält der Radfahrer oder Fußgänger immer mindestens 50% seines Schadens erstattet, auch wenn eigenes Verschulden des Radfahrers oder Fußgängers vorliegt. In einigen Fällen kann der Radfahrer oder Fußgänger bei eigenem Verschulden mehr als 50% erhalten. Dies hängt unter anderem von der Schwere der Verkehrsfehler beider Parteien, der Schwere der Verletzungen und der Versicherung der Schäden ab (die sogenannte \u0026ldquo;Billigkeitskorrektur\u0026rdquo;). Der Radfahrer oder Fußgänger erhält also immer (auch bei eigenem Verschulden) zwischen 50% und 100% seines Schadens erstattet.\nBeispiel Ein Autofahrer fährt im Schritttempo in einem verkehrsberuhigten Wohngebiet. Plötzlich tritt ein 20-jähriger Fußgänger hinter einem geparkten Auto hervor. Sie wird von dem Auto angefahren und schwer verletzt. Das Gericht stellt fest, dass der Autofahrer zu 30% schuld am Unfall ist und der Fußgänger zu 70%. Normalerweise würde der Fußgänger nur 30% seines Schadens erstattet bekommen. Aber die Regel besagt, dass der Fußgänger mindestens 50% seines Schadens erstattet bekommt. Also erhält sie trotz der 70% \u0026ldquo;eigenen Schuld\u0026rdquo; des Fußgängers mindestens 50% ihres Schadens erstattet.\nDa der Fußgänger schwer verletzt ist, kann das Gericht es für angemessen halten, dass sie mehr als 50% erhält, zum Beispiel 80% ihres Schadens.\nRadfahrer oder Fußgänger unter 14 Jahren Für Radfahrer oder Fußgänger unter 14 Jahren gilt eine etwas andere Regel. Der Grund dafür ist, dass das Verständnis für den Verkehr bei Kindern noch nicht gut entwickelt ist.\nBei einem Unfall zwischen einem Kraftfahrzeug und einem Radfahrer oder Fußgänger unter 14 Jahren erhält dieser immer 100% seines Schadens erstattet, auch wenn dem Autofahrer nichts vorgeworfen werden kann. Dies ist nur anders, wenn der Fahrer des Kraftfahrzeugs nachweisen kann, dass das Kind den Unfall vorsätzlich verursacht hat. Das ist äußerst selten der Fall. Beispiel Ein 11-jähriges Kind fährt ohne aufzupassen aus einer Ausfahrt heraus. Die Ausfahrt ist von der Straße aus schlecht sichtbar. Das Kind biegt blindlings nach links auf die Straße ab und wird von einem Motorradfahrer angefahren. Das Kind wird schwer verletzt. Der Motorradfahrer konnte überhaupt nichts tun. Trotz der Fehler des Kindes haftet der Motorradfahrer und muss 100% des Schadens des Radfahrers erstatten. Denn es gab keine absichtlich begangenen Fehler seitens des Kindes.\nSchäden am Kraftfahrzeug verursacht durch Radfahrer oder Fußgänger Wenn ein Kraftfahrzeug Schäden aufweist, die durch einen Fehler eines Radfahrers oder Fußgängers verursacht wurden, kann der Eigentümer des Kraftfahrzeugs seinen Schaden geltend machen. Dies kann er direkt beim Radfahrer oder Fußgänger tun (oder bei deren Haftpflichtversicherung). In diesem Fall gelten die normalen gesetzlichen Regeln, mit einigen Ausnahmen:\nDer Fahrer des Kraftfahrzeugs muss beweisen, dass der Fußgänger oder Radfahrer einen Fehler gemacht hat. Um 100% des Schadens erstattet zu bekommen, muss der Autofahrer beweisen, dass für ihn höhere Gewalt vorliegt. Dies wird in der Regel nicht der Fall sein, da man als Autofahrer immer mit Fehlern von Fußgängern oder Radfahrern rechnen muss. Wenn der Fahrer selbst auch einen Fehler gemacht hat, muss er einen Teil oder die gesamten Schäden selbst bezahlen. Dies hängt von der Schwere der beiderseitigen Verkehrsfehler ab. Rolle der Versicherungen Oftmals haben Radfahrer oder Fußgänger eine Haftpflichtversicherung für Privatpersonen (AVP). Der Fahrer des Kraftfahrzeugs kann dann seinen Schaden bei dieser Versicherung geltend machen.\nWenn der Fahrer des Kraftfahrzeugs einen Teil oder die gesamten Schäden bezahlen muss, kann er möglicherweise auf seine eigene Versicherung zurückgreifen (wie die Vollkasko- und/oder Insassenversicherung).\nBeispiele Ein Radfahrer fährt gegen ein stehendes Auto, das an einer roten Ampel wartet, wodurch der Seitenspiegel beschädigt wird. Da der Radfahrer einen Fehler gemacht hat und dem Autofahrer nichts vorzuwerfen ist (höhere Gewalt), haftet der Radfahrer. Der Autofahrer erhält 100% seines Schadens erstattet. Der Autofahrer fährt auf der Fahrbahn. Ein Radfahrer fährt entgegen der Fahrtrichtung auf dem benachbarten Radweg. Von der Fahrbahn aus ist der Radfahrer aufgrund von Bepflanzung nicht sichtbar. Der Autofahrer möchte rechts abbiegen und schaut zunächst sorgfältig nach (Motor-)Radfahrern. Beim Abbiegen stößt er dennoch gegen den Radfahrer. Der Autofahrer hat eine erhebliche Delle in seiner Motorhaube. Der Autofahrer erhält nicht 100% seines Schadens erstattet, da er keine höhere Gewalt nachweisen kann. Trotz der Tatsache, dass der Autofahrer nichts für den Unfall konnte, muss er den Fehler des Radfahrers berücksichtigen. Der Autofahrer trägt 25% seiner eigenen Schäden. Der Radfahrer muss 75% der Schäden bezahlen. ","date":"2023-09-16T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/16/haftungsfragen.html","tags":["lang_de","mobility","bike"],"title":"Haftungsfragen"},{"categories":null,"content":"Heute lernte ich, daß das Utility sshpass existiert. Ich habe das beim Lesen eines .gitlab.ci.yml Files gelernt. Und ihr wundert Euch, wieso Sysadmins alle Schwarz tragen und an Whisky interessiert sind.\nWas ist sshpass werdet ihr jetzt fragen?\nUnd RedHat erklärt:\nThe sshpass utility is designed to run SSH using the keyboard-interactive password authentication mode, but in a non-interactive way.\nWarum der Artikel jetzt nach und vor diesem Satz dann erklärt, wie man das benutzt, statt zu zeigen, warum man das nie braucht und wie man es ersetzt ist unklar.\nAber Homebrew ist hilfreich:\n$ brew search sshpass ==\u0026gt; Formulae sshs If you meant \u0026#34;sshpass\u0026#34; specifically: We won\u0026#39;t add sshpass because it makes it too easy for novice SSH users to ruin SSH\u0026#39;s security. Das fasst es in etwa zusammen. Okay, einmal das ganze gitlab, alle .gitlab-ci.yml, alle Branches, nach sshpass -p suchen.\nEs wird schlimmer Ich konnte das nicht auf sich beruhen lassen, obwohl es Dinge gibt, bei denen einem das Wissen mehr schadet als das Unwissen.\nStackoverflow weiß :\nHow to install sshpass on Mac?\nAccepted Answer:\ncurl -L https://raw.githubusercontent.com/\u0026lt;...\u0026gt;Formula/sshpass.rb \u0026gt; sshpass.rb \u0026amp;\u0026amp; \\ brew install sshpass.rb \u0026amp;\u0026amp; \\ rm sshpass.rb Ich will hochgebeamt werden. Hier ist kein intelligentes Leben möglich.\nAn die Zwischenrufer Aber ich brauche das doch, weil mein BMC keine Keys \u0026hellip;\nGithub: hpilo Github: bmcbutler Github: dora Normal wird man die entsprechenden Zertifikate und Pubkeys beim Start der VM oder des Containers durch cloud-init installieren, nachdem sie von der Controlplane des Clusters da hin transportiert worden sind. Bei Bare Metal kann der Installserver die Bootstrap-Pubkeys als Teil der Customization des Installationsprozesses mit installieren.\n","date":"2023-09-15T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/15/sshpass.html","tags":["lang_de","security","hack"],"title":"sshpass"},{"categories":null,"content":"A UNIX filename can contain arbitrary bytes in an arbitrary sequence, with two exceptions:\nIt cannot contain NUL (\\0). It cannot contain slash (/), because that is the directory separator. But will all filesystems accept such filenames? And how will this work with languages such as Python, which require all strings to be valid utf-8 and which declare the filesystem interface to accept and return strings?\nA test program Let\u0026rsquo;s check. Here is a small C program, based on this stackoverflow article .\n#include \u0026lt;stdio.h\u0026gt; #include \u0026lt;sys/stat.h\u0026gt; #include \u0026lt;unistd.h\u0026gt; char* examples[] = { \u0026#34;a\u0026#34;, \u0026#34;\\xc3\\xb1\u0026#34;, \u0026#34;\\xc3\\x28\u0026#34;, \u0026#34;\\xa0\\xa1\u0026#34;, \u0026#34;\\xe2\\x82\\xa1\u0026#34;, \u0026#34;\\xe2\\x28\\xa1\u0026#34;, \u0026#34;\\xe2\\x82\\x28\u0026#34;, \u0026#34;\\xf0\\x90\\x8c\\xbc\u0026#34;, \u0026#34;\\xf0\\x28\\x8c\\xbc\u0026#34;, \u0026#34;\\xf0\\x90\\x28\\xbc\u0026#34;, \u0026#34;\\xf0\\x28\\x8c\\x28\u0026#34;, \u0026#34;\\xf8\\xa1\\xa1\\xa1\\xa1\u0026#34;, \u0026#34;\\xfc\\xa1\\xa1\\xa1\\xa1\\xa1\u0026#34;, }; int main(void) { int result; FILE *fp; result = mkdir(\u0026#34;keks\u0026#34;, 0755); // don\u0026#39;t care if exists result = chdir(\u0026#34;keks\u0026#34;); // don\u0026#39;t care if succeed. for (int i = 0; examples[i]; i++) { printf(\u0026#34;%s\\n\u0026#34;, examples[i]); fp = fopen(examples[i], \u0026#34;w\u0026#34;); if (!fp) { printf(\u0026#34;unable to open %d (%s)!\\n\u0026#34;, i, examples[i]); continue; } else { fprintf(fp, \u0026#34;keks\\n\u0026#34;); fclose(fp); } } return 0; } XFS When running this on a Linux system with XFS, this works:\nThe program runs and generates all files. Even those with byte sequences that are not valid utf-8.\nThis works the same with ext4 on Linux.\nZFS When running this on a Linux system with ZFS, filenames containing invalid utf-8 sequences are rejected.\nThe program runs and generates files with valid utf-8 names. The open(2) syscall fails for names with invalid utf-8 filenames.\nAPFS When running this on a MacOS Ventura system with APFS, filenames containing invalid utf-8 sequences are rejected.\nThe program runs and generates files with valid utf-8 names. The open(2) syscall fails for names with invalid utf-8 filenames.\nUnpacking invalid utf-8 filenames with Python I went and creates a tar archive of the files generated on XFS and copied it over to my Mac.\nThe following test program was used to unpack the tar:\n#! /usr/bin/env python from tarfile import TarFile import chardet import os with TarFile.open(\u0026#39;test.tar\u0026#39;, \u0026#39;r\u0026#39;) as t: names = t.getnames() for name in names: bname = bytearray(name, \u0026#39;raw\u0026#39;) print(chardet.detect(name)) The test run fails:\n(venv) $ python tarnames.py Traceback (most recent call last): File \u0026#34;.../tarnames.py\u0026#34;, line 15, in \u0026lt;module\u0026gt; bname = bytearray(name, \u0026#39;raw\u0026#39;) ^^^^^^^^^^^^^^^^^^^^^^ LookupError: unknown encoding: raw Intermediate result It probably is useful to restrict POSIX further and demand that filenames are always valid utf-8. But that is not what the standard currently says, and also not what all filesystems guarantee. And it can lead to unexpected behavior.\nAlso, some programming languages such as Python demand of strings that they have valid utf-8 encoding, but use filenames and strings equivalently.\nThat can lead to weird behavior.\nFurther research Apparently there is a function sys.getfilesystemencoding() without parameters. Python seems to assume that all filesystems have the same encoding and that it is not path dependent.\nApparently there are os.fsencode() and os.fsdecode() .\nModified Python code We are using os.fsencode() to get bytes from the filesystem interface. We are then using chardet.detect() on this byte-string and check the guesses.\n#! /usr/bin/env python from tarfile import TarFile import chardet import os with TarFile.open(\u0026#39;test.tar\u0026#39;, \u0026#39;r\u0026#39;) as t: names = t.getnames() for name in names: bname = os.fsencode(name) print(f\u0026#34;{bname=}\u0026#34;) print(chardet.detect(bname)) The result:\nbname=b\u0026#39;keks\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;ascii\u0026#39;, \u0026#39;confidence\u0026#39;: 1.0, \u0026#39;language\u0026#39;: \u0026#39;\u0026#39;} bname=b\u0026#39;keks/a\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;ascii\u0026#39;, \u0026#39;confidence\u0026#39;: 1.0, \u0026#39;language\u0026#39;: \u0026#39;\u0026#39;} bname=b\u0026#39;keks/\\xc3\\xb1\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;ISO-8859-1\u0026#39;, \u0026#39;confidence\u0026#39;: 0.73, \u0026#39;language\u0026#39;: \u0026#39;\u0026#39;} bname=b\u0026#39;keks/\\xc3(\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;ISO-8859-1\u0026#39;, \u0026#39;confidence\u0026#39;: 0.73, \u0026#39;language\u0026#39;: \u0026#39;\u0026#39;} bname=b\u0026#39;keks/\\xa0\\xa1\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;IBM866\u0026#39;, \u0026#39;confidence\u0026#39;: 0.99, \u0026#39;language\u0026#39;: \u0026#39;Russian\u0026#39;} bname=b\u0026#39;keks/\\xe2\\x82\\xa1\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;Windows-1252\u0026#39;, \u0026#39;confidence\u0026#39;: 0.73, \u0026#39;language\u0026#39;: \u0026#39;\u0026#39;} bname=b\u0026#39;keks/\\xe2(\\xa1\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;ISO-8859-1\u0026#39;, \u0026#39;confidence\u0026#39;: 0.73, \u0026#39;language\u0026#39;: \u0026#39;\u0026#39;} bname=b\u0026#39;keks/\\xe2\\x82(\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;Windows-1252\u0026#39;, \u0026#39;confidence\u0026#39;: 0.73, \u0026#39;language\u0026#39;: \u0026#39;\u0026#39;} bname=b\u0026#39;keks/\\xf0\\x90\\x8c\\xbc\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;Windows-1254\u0026#39;, \u0026#39;confidence\u0026#39;: 0.48310298982778344, \u0026#39;language\u0026#39;: \u0026#39;Turkish\u0026#39;} bname=b\u0026#39;keks/\\xf0(\\x8c\\xbc\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;Windows-1252\u0026#39;, \u0026#39;confidence\u0026#39;: 0.73, \u0026#39;language\u0026#39;: \u0026#39;\u0026#39;} bname=b\u0026#39;keks/\\xf0\\x90(\\xbc\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;Windows-1254\u0026#39;, \u0026#39;confidence\u0026#39;: 0.5521177026603239, \u0026#39;language\u0026#39;: \u0026#39;Turkish\u0026#39;} bname=b\u0026#39;keks/\\xf0(\\x8c(\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;Windows-1252\u0026#39;, \u0026#39;confidence\u0026#39;: 0.73, \u0026#39;language\u0026#39;: \u0026#39;\u0026#39;} bname=b\u0026#39;keks/\\xf8\\xa1\\xa1\\xa1\\xa1\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;ISO-8859-1\u0026#39;, \u0026#39;confidence\u0026#39;: 0.73, \u0026#39;language\u0026#39;: \u0026#39;\u0026#39;} bname=b\u0026#39;keks/\\xfc\\xa1\\xa1\\xa1\\xa1\\xa1\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;ISO-8859-1\u0026#39;, \u0026#39;confidence\u0026#39;: 0.73, \u0026#39;language\u0026#39;: \u0026#39;\u0026#39;} The guesses are trying to find a valid charset for the bytestring, and they find the lowest (least large) charset that matches.\n","date":"2023-09-14T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/14/invalid-utf8-vs-the-filesystem.html","tags":["lang_en","filesystems","computer","unix"],"title":"Invalid-UTF8 vs the filesystem"},{"categories":null,"content":"Das neue Auto hat eine Batterie mit 60 kWh Kapazität, also muss es 42 kWh aufnehmen, um von 10 % auf 80 % zu kommen. Die 80 % sind eine Art magische Grenze, weil die Ladegeschwindigkeit des Autos insbesondere beim Schnellladen unterwegs vom Füllstand der Batterie abhängig ist, und ab 80 % stark absinkt. Die letzten 20 % dauern also lange.\nDazu kommt, daß das Auto auch beim elektrischen Bremsen – beim Rekuperieren – lädt und wenn der Akku-Füllstand über 80 % ist, ist das Rekuperationsvermögen durch die geringere Ladegeschwindigkeit der Batterie eingeschränkt. Ist das Auto also in städtischen Umgebungen unterwegs, wird man beim dauernden Bremsen im Stadtgebiet oberhalb von 80 % Energie durch mechanischen Bremsen verschwenden, anstatt sie durch elektrisches Bremsen zurückzugewinnen.\nLadeleistung Ersetzt werden müssen\n60 kWh * (0.8 - 0.1) = 42 kWh und das dauert circa 30 Min. bis 35 Min. an einem Schnell-Lader, zum Beispiel von Fastned.\nLadekurve für den Renault Megane 60 kWh an einem Schnell-Lader von Fastned. Man erkennt, wie die Ladeleistung mit zunehmendem Akku-Füllstand sinkt und gegen Ende sogar unter die Motorleistung (55 kW Dauerleistung) absinkt.\nKosten Mit Fastned Gold bezahlt man 0.483 Euro/kWh, also\n42 * 0.483 = 20.28 Euro # Laden von 10 % bis 80 % 14 * 0.483 = 6.76 Euro # Laden von 100 km Reichweite für einen Ladevorgang bzw. für 100 km Reichweite bei 14 kWh/100 km. Daheim kostet die kWh in der Theorie 33 Cent, das wären dann entsprechend 13,86 Euro für 42 kWh und 4.62 Euro für 100 km Reichweite. Das ist theoretisch, weil wir bis Ende 2024 noch die Saldierungsregelung haben, bei der die Solarproduktion mit dem Verbrauch 1:1 verrechnet wird, und wir fett Guthaben haben.\nDaheim fährt das Auto also gratis.\nUnsere Solaranlage in O/W-Lage produziert ihr Maximum am späten Nachmittag, um circa 17:00 Uhr. Auch dann werden 5 kW nicht überschritten. Das Laden des Autos zieht jedoch 11 kW, sodaß ein reines Überschußladen ohne spezielle Steuerung nicht möglich ist. Selbst dann sind 42 kWh Ertrag am Tag nur an guten Tagen im Hochsommer machbar.\nUm den Anteil des selbst erzeugten Stromes zu maximieren, wäre es sinnvoll, das Auto oft zu laden, und auch die Ladeleistung des Anschlusses auf die Menge des selbst produzierten Stromes zu begrenzen (\u0026ldquo;Überschußladen\u0026rdquo;).\nViele Ladepunkte können das nicht von Hause aus, und selbst bei denen, die es können, setzt die Elektronik enge Grenzen: Der Regelbereich für den Ladestrom geht vom Maximum von 16 Ampere bis auf minimal 6 Ampere herab. Bei drei Phasen ist die minimale Ladeleistung also 6 Ampere * 230 V * 3 Phasen = 4140 Watt, kann man Auto und Ladesäule auf eine Phase einschränken, kann man immerhin auf 1380 Watt herunter.\nIm Bild ist erkennbar, daß der Energieverbrauch am Meßtag für den Gesamthaushalt 50.8 kWh war, dem 17.2 kWh Produktion gegenüber stehen. Davon wurden 6.9 kWh eingespeist, und 40.5 kWh bezogen. Insgesamt hatten wir an diesem Tag einen Unterschuß von 33.65 kWh.\nOhne den heimischen Ladepunkt hätten wir an einen öffentlichen Ladepfahl gegen müssen. Der nächstgelegene Ladepunkt ist eine Querstraße weiter und auch nicht teurer: Wir zahlen 0.34 Euro/kWh.\nÖffentlicher Ladepunkt von Vattenfall bei Nutzung mit einer Vattenfall InCharge oder Eneco Karte. Die Energiekosten liegen bei 0.34 Euro/kWh.\nMobilität ist energieintensiv Für die Akten:\nWir verbrauchen ohne Auto im Schnitt 15 kWh/Tag im Haus (3 Leute, ein Rechner, der alleine 900 kWh/Jahr zieht), für 5500 kWh/Jahr, und eine Basislast von 300 Watt nachts. Das ist im Vergleich recht viel.\n100 km im großen Auto sind 14 kWh/100 km, also etwa so viel wie ein Haus-Tag.\n100 km im Carver sind 7 kWh/100 km, also 1/2 Haus-Tag. Der Carver hat auch nur einen Schnarchlader, also Schuko, und kann direkt aus dem Solar-Array laden, nachmittags, von März bis Oktober.\nWie oft und wo laden? 10 % bis 80 % von einem 60 kWh Akku sind 42 kWh, und bei einem Verbrauch von 14 kWh (Sommer) sind die in 3 Stunden leer. Ich muss also alle 3 Stunden eine halbe Stunde pausieren, um zu laden.\nIm Winter vermutlich öfter, aber ich glaube, im Winter will ich eine Tour Amsterdam–Berlin eher mit der Bahn machen.\nDas große Auto hat eine Reichweite von 300 bis 400 km, je nachdem wie man es fährt. Der Carver hat eine Reichweite von 100 km und verbraucht die Hälfte vom großen Auto.\nBeide Fahrzeuge können wir daheim laden, und beide Fahrzeuge erledigen lokale Fahrten ohne Fremdladen: Sie werden in der Regel daheim geladen. Das ist in der Regel 1-2 mal die Woche der Fall.\nNur bei Fernreisen geht der Renault an fremde Lader, und dann an Schnell-Lader.\nFahrerlebnis Im Stadtverkehr ist das Elektroauto eine Offenbarung. Es ist super sparsam, weil das ganze Beschleunigen durch Bremsen mit Rekuperation wieder zu Akkuladung umgewandelt wird (ca. 70 % Effizienz), während ein Verbrenner in dieser Situation gerne einmal säuft.\nAuch Beschleunigen und den Hintern aus dem Weg räumen oder im Stau ohne Nerv vorwärts kriechen ist mit einem Elektroauto sehr viel weniger nervig. Die Fahrassistenzsysteme im großen Auto machen es noch angenehmer, aber selbst der Carver glänzt.\nAuf der Autobahn lernt man gleichmäßige gemächliche Geschwindigkeiten sehr schätzen.\nIch glaube, das Tempolimit von 120 km/h wird in Deutschland faktisch automatisch kommen, sobald nur genügend elektrische Autos auf der Straße sind. Niemand in so einer Kiste hat dauerhaft das Bedürfnis, sinnlos Akku durchzubladen ohne Effekt. Die Verbrenner-Raser sitzen dann zwischen den ganzen e-Mobilen fest.\n","date":"2023-09-13T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/13/energiekosten-beim-elektroauto.html","tags":["lang_de","energy","verkehr"],"title":"Energiekosten beim Elektroauto"},{"categories":null,"content":"Heise schreibt: Kommentar: Massenexodus bei Grindr – von den (Un-)Schönheiten des Homeoffice Ein Kommentar, der sich am Massenexodus bei Grindr abarbeitet, aber nicht weiß, was er will.\nBei Grindr bildet sich eine Gewerkschaft, und viele Mitarbeiter werden Mitglied. Aus Rache führt die Firma Hybrid mit mindestens 2 Tagen pro Woche Anwesenheit ein. Daraufhin kündigen mehr als 50 % der Mitarbeiter.\nDer Artikel sieht das nicht als collective action der Mitarbeiter, sondern als eine Folge von Individualentscheidungen. Er sieht auch irgendwie Vorteile für die Firma (\u0026ldquo;Geringere Kosten\u0026rdquo; und magische \u0026ldquo;höhere Produktivität\u0026rdquo;), und versucht dann eine Art Brücke zu schlagen (\u0026ldquo;Firmen sollten auf Mitarbeiter hören.\u0026rdquo;).\nDas ist in Summe aussagelos und von der wirtschaftlichen Analyse her Quatsch.\nAuftragstaktik In den drei Covid-Jahren haben sich in allen Firmen sehr stabile und produktive Remote-First Strukturen ausgebildet. Sehr viele Mitarbeiter haben sehr schnell gelernt, dass zweimal eine Stunde Commute pro Tag mehr Belastung waren, als sie bewusst bemerkt haben. Sie waren sehr froh, diese Lebenszeit zurückzubekommen.\nZudem haben sie gemerkt, daß Management by Objectives – nahezu die einzige Methode, die Remote First funktioniert – viel sinnvoller ist als fast alles andere.\nWer mehr wissen will: Florian Haas hat darüber ja auch schon unter Referenz auf die Auftragstaktik nachgedacht und in The Art of Action beschäftigt sich quasi ein ganzes Buch mit dem Thema \u0026ldquo;Auftragstaktik in der Unternehmensführung umsetzen\u0026rdquo; und Clausewitz \u0026ldquo;Vom Kriege\u0026rdquo; in der Wirtschaft.\nWenn Unternehmen nun – aus welchem Grund auch immer – versuchen, das zurückzudrehen, dann erzeugen sie damit eine große Unzufriedenheit bei ihren Mitarbeitern und drehen die Fluktuation hoch bis zum Anschlag. Sie machen dabei keinen Gewinn, denn sie verlieren genau die Mitarbeiter, die sie behalten müssen und wollen. Unternehmen bluten vom Kopfe her.\nArbeitsmarkt Und sie schneiden sich von einem Arbeitsmarkt ab.\nIn dem wegweisenden Essay The Trimodal Nature of Software Engineering Salaries in the Netherlands and Europe beschreibt Gergely Orosz die Struktur des Arbeitsmarktes bei Wissensarbeitern.\nEr tut das am Beispiel von Amsterdam, aber meiner Erfahrung nach ist das weltweit so, mit unterschiedlichen Limits bei den lokalen Märkten. Unternehmen müssen wissen, aus welchem Pool sie Personen ansprechen und einstellen wollen, und sie müssen wissen, wie man mit der entsprechenden Gruppe Leute arbeitet. Der Vorteil von Remote First Unternehmen ist, daß sie aus dem globalen Markt einstellen können, aber oft zu Preisen aus einem nationalen Markt.\nEin frühes Beispiel dafür war MySQL AB, die mit 500 Leuten in 26 Ländern ein extremes Beispiel für eine verteilte Firma waren, und die weltweit eingestellt hat, aber keinen Umzug gefordert hat.\nStattdessen hat man bewusst Strukturen geschaffen, in denen ein verteiltes Team Gemeinschaft bildet, sich 4x im Jahr getroffen (in Ländern, die unproblematisch mit Visa umgingen), und man hat diese Treffen systematisch vorbereitet, damit sie effektiv waren. Und ja, jede Menge MbO/Auftragstaktik.\nEine moderne Beschreibung solcher Methoden findet man in Effective Remote Work von James Stanier.\nDie Folgen von RTO In den drei Covid-Jahren sind in vielen Firmen ebenfalls solche Strukturen entstanden, aber oft zufällig, partiell, nicht gesteuert und unverstanden.\nWenn ein solcher Laden jetzt aus welchem Grund auch immer \u0026ldquo;Return to Office\u0026rdquo; ausruft, dann passieren mehrere Dinge:\nDie Firma schneidet sich vom weitweiten Staffing Pool (zu nationalen Preisen) ab, Hiring wird schwierig. Denn neue Mitarbeitys müssen umziehen und dem stehen Verpflichtungen vor Ort, Visa und Arbeitserlaubnisse und viele andere Dinge im Weg. Die Firma erzeugt ohne Not die Situation oben für alle existierenden Mitarbeiter, die in den drei Covid-Jahren dazu gekommen sind, aber nicht umgezogen sind. Alle die werden gehen. Die Firma bringt den Commute zurück zu Menschen, die begriffen haben, dass der Commute notlose Verschlechterung der Lebensqualität ist. Auch hier Kündigungswelle. Welche Leute werden gehen?\nZuerst immer die, die Optionen haben. Also die hoch qualifizierten, deren Recruiter-Spam in der Inbox am größten ist. Der Pull-Faktor ist ja schon da, den Push und den Anlass hat die Firma eben geliefert.\nEs sind also gerade die Leute, bei denen der Arbeitgeber einen Anlass hat, Retention zu fahren, die der Arbeitgeber zuerst verliert. Das ist immer und für jede Firma ein sehr großer Nettoverlust, und noch dazu ein schlecht gesteuerter.\nWenige Läden können einen Verlust von 50 % der Belegschaft verkraften, ohne dass es zu einem massiven Verlust an Qualität, Produktivität, organisatorischem Wissen und Prozeßreife kommt.\nNeben dem Verlust an Know-How und nicht verschriftlichtem Wissen, der erhöhten Arbeitslast für die verbleibenden Mitarbeiter kommt noch der Druck auf alle für Interviews und Training neuer Kollegen dazu. Das erzeugt eine Delle in Qualität und Produktivität von 1 bis 2 Jahren, Stagnation oder gar Regress. Es gibt kein Wertmodell für eine Firma, in der so etwas positive Auswirkungen hat.\nAuch Entlassungen fördern ungesteuerte Verluste Etwas Ähnliches passiert bei Entlassungen: Neben den Leuten, die man entläßt (gesteuert und nach Ansicht der Firma am unteren Ende) wird man gewiss noch 2x mehr Leute verlieren, aber am oberen Ende. Für diese Menschen ist der zweite, ungeschriebene Vertrag gebrochen worden, und sie nehmen die resultierende Unsicherheit als Anstoß, Pull-Faktoren nachzugeben.\nIn jedem Fall bluten Firmen bei solchen Änderungen. Sogar dann, wenn sich nicht aus billiger Rache erfolgen, sondern gesteuert und mit Unterstützung des Managements sanft durchgeführt werden, kommt es leicht mit großen zweistelligen prozentualen Verlusten und jahrelangen Folgen.\nFirmen lernen gerade, wie wichtig Personen als Individuen sind. Viele Organisationen sind mit dieser, der kapitalistischer Ideologie widersprechenden Erfahrung sehr unzufrieden und tief in Denial.\nCompanies forcing their employees back into the office will lose talent and keep wage serfs. \u0026ndash; Volker Weber (@vowe@social.heise.de )\n","date":"2023-09-12T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/12/kein-homeoffice-keine-kekse.html","tags":["lang_de","work","remote first"],"title":"Kein Homeoffice, keine Kekse"},{"categories":null,"content":"(based on a series of posts on Mastdon)\nEin Heise-Artikel über Admin-Gehälter und ich schrieb dazu auf Mastodon:\nEin hoffentlich aussterbender Beruf Der Beruf des \u0026ldquo;Admins\u0026rdquo; ist - hoffentlich - eine aussterbende Tätigkeit.\nEr wird zunehmend ersetzt durch die Kombination von Infrastrukturentwicklung und Support. Infrastrukturentwicklung befasst sich dabei mit der Automatisierung von Provisionierung, Konfiguration, Betrieb, Überwachung und Aktualisierung. Neben Kenntnissen über Betrieb sind auch Kenntnisse der Programmentwicklung notwendig.\nMehr zu Devops in einem älteren Talk von mir.\nBetriebsprozesse finden und durch Code unterstützen Der Wert von Infrastrukturentwicklung bemisst sich dabei im Finden und Schaffen von operativen Prozessen, die einen Dienst sicher in vorhersagbarer Qualität unterbrechungsfrei anbieten zu erlauben.\nDas - der Wert und die Schwierigkeit von Operations - ist auch etwas, das von vielen Feature-Entwicklern und Software-Entwicklungsorganisationen weit unterschätzt wird. Das ist einer der Gründe, wieso Amazon reich ist und Elastic oder HashiCorp im Vergleich eher nicht.\nAuf eine Weise ist es auch der Grund warum viele deutsche Betriebe dem modernen DevOps Hipster skeptisch gegenüber stehen. Man spürt, daß es mit dem Entwickeln, Day 1 Installation und Inbetriebnahme nicht getan ist. Zugleich scheitert man an der Transferleistung, die Schaffung von Betriebsprozessen, die aus der eigenen Produktion wohlbekannt ist, auf die IT auszudehnen und methodisch umzusetzen.\nDie Hälfte des Problems ist dabei das Unterschätzen der Schwierigkeit bzw fehlendes ernst nehmen der Aufgabenstellung.\nAWS bringt Struktur Der \u0026ldquo;Wert\u0026rdquo; von Amazon besteht darin, dem Betrieb genau messbare Kosten und harte betriebliche Einschränkungen zu geben, um die sich eine Firma nun auf einmal gezwungenermaßen herum organisieren muss, während sie vorher unkontrolliert Druck auf interne Betriebsteams ausgeübt hat.\nGrenzen und Kosten, die vorher nicht fassbar waren, werden nun greifbar. Firmen sind gezwungen, sich damit ernsthaft zu befassen. Insofern ist Cloud eine gute Sache, weil sie Läden ins Meta zwingt.\nWie teuer ist \u0026ldquo;ein Admin-Team\u0026rdquo;? So teuer wie Deine AWS Rechnung hoch wäre, und die ist in den meisten Läden dreimal bis fünfmal höher als ursprünglich gedacht. Das ist das Ausmaß des Understaffing in Operations in den meisten Firmen.\nFragen und Antworten Aber Admins haben doch immer schon Code geschrieben Jens Finkhäuser\nHeute Programmentwicklung, damals Perl. Was hat sich jetzt genau geändert?\nEs gibt Perl und es gibt SysAdmin Perl. Das ist im Grunde die Diskussion aus Using Python to bash .\nAnerkennung? Tobias Fiebig:\nIch kann dir da nur zustimmen. Ich denke, dass grad das end-to-end understanding verloren geht. Und das ist halt über kurz oder lang gefährlich. Denn ohne end-to-end understanding APIs nutzen geht wohl. Aber Bauen eher nicht.\nDas ist ein anderes, auch wichtiges Thema. Ein Ex-Arbeitgeber von mir war in 2018 durchaus in der Lage, 3 RZ mit 50k Maschinen voll automatisiert zu betreiben und zu vernetzen. Dieselbe Firma in 2023 ist dazu definitiv nicht mehr in der Lage, weil nach der Ankündigung des Cloud-Move und den Änderungen im Management viele Leute weggegangen sind, weil sie keine Zukunft mehr für sich gesehen haben. Und weil Leute, die so etwas betreiben können, auch zunehmend schwieriger zu bekommen sind.\nKubernetes ist zu fett? Juliane:\nWobei ich aber auch behaupten würde, dass eine Kubernetes-Landschaft nicht immer die korrekte Lösung ist, und es mutmasslich genug Betriebe gibt, die sowas haben, obwohl sie es besser nicht sollten.\nÜberdimensionierte und dann tendenziell schlecht gepflegte Systeme sind für uns alle auch eine Gefahr.\nDa machst Du ein Fass auf. Das TL;DR ist, daß Du zu große und zu wenige Maschinen hast und daher Technik zum Kleinschneiden von Servern brauchst.\nUnd dann landest Du schnell bei Kubernetes.\nDie letzten Bare metal-Maschinen, mit denen ich gearbeitet habe, sind in etwa das Äquivalent von i3.4xl oder i3.8xl gewesen.\nDa waren zwei $400 CPUs drin , eine oder zwei 2 TB NVME und 10 Gbit Netz, sowie 128 GB in RAM. Das war schon damals nicht mehr kosteneffektiv in dem Sinne, daß man lieber größere Kisten gekauft und klein gesägt hätte.\nDas erzeugt zwei Probleme, eines für kleine Betriebe und eines für alle: Du hast weniger Maschinen und in Folge weniger Racks. Das heißt, ein Ausfall betrifft nicht mehr eine Anwendung, sondern viele oder alle. Der Blast-Radius steigt.\nDa kann man was gegen tun: Sich mit anderen zusammen tun und Anwendungen mischen. Wenn dann eine Maschine oder ein Rack umfällt, dann betrifft das alle ein wenig, aber niemanden groß. Das ist die Idee hinter Cloud – große shared Infrastruktur, und Du belegst auf vielen Maschinen ein Fitzel statt auf einer Maschine alles.\nUnd das zweite Problem: Du hast jetzt viel mehr Komplexität, weil Du nicht nur Deine Anwendungen managen mußt, sondern auch die enorm aufwendige Abstraktion darunter: Openstack oder Kubernetes. Mit verteiltem Compute und Isolation von Anwendungen, verteiltem Storage und dessen Komplexitäten und mit einer Menge Netz. Oder Du kaufst das fertig dazu von jemandem, der das für Dich betreibt – wieder landest Du in einer Cloud.\nWas Du nicht mehr tun kannst: Anwendungen lokal auf Rechnern betreiben, eine Anwendung pro Rechner. Das geht deswegen nicht, weil Du keine Kisten mehr bekommst, die so klein sind, daß Du sie mit einer Anwendung voll bekommst.\nDu wirst Dich also gezwungenermaßen mit solchen Dingen auseinandersetzen müssen, oder jemanden dazu nehmen müssen, der das für Dich tut.\nOpenstack oder Kubernetes (oder das Äquivalent in einer Public Cloud) bringen eine Menge Komplexität mit, aber es sind Standardprodukte, für die Du Leute finden und einstellen kannst. Mit etwas Kleinerem, das nur die für Dich notwendigen Optionen hat, kannst Du das nicht, weil es kein Standardprodukt ist.\nDie Behauptung ist, daß eine Reihe von finanziellen, strukturellen und demografischen Faktoren Dich als Unternehmen zwingen, so viel als möglich in eine Cloud zu verlagern. Das kann eine öffentliche Cloud oder eine private sein, aber Du kommst da nicht dran vorbei.\nStandardprodukte helfen Thilo Fromm:\nKris spricht im zweiten Toot des Threads an, dass das Ziel Prozesse und SLAs sind. Dafür muss man über technologische Notwendigkeiten (wie z.B. effizienten Betrieb) hinausgehen. Die Erlernbarkeit und die Bekanntheit, die Verbreitung der eingesetzten Technologie und des Ökosystems zählen hier ebenso, wie die Verfügbarkeit von Schulungen, Zertifizierungen, usw. Das schafft enorme Erleichterung auf der Management-Ebene.\nDu tauschst also Performance gegen Betriebssicherheit: Kubernetes macht es Dir im Vergleich zu \u0026ldquo;klassischer\u0026rdquo; Administration mehrerer Rechner (Chef, Ansible, etc. kombiniert mit Fail-Over usw.) deutlich schwerer, Dir in den eigenen Fuß zu schießen. Denn es impliziert etablierte Pattern, die oft aus Erfahrungen aus dem \u0026ldquo;klassischen\u0026rdquo; Betrieb stammen.\nZudem kommt das Ökosystem als Komplettpaket mit einer großen Entwickler- und Nutzer-Community, was das Staffing erleichtert.\nDie Lernkurve bei der Übernahme bestehender Systeme ist niedriger als bei handgestrickten Lösungen, und standardisierte Zertifizierungen erleichtern Dir das Anstellen neuer Mitarbeiter. Dafür bezahlst Du dann mit Rechenressourcen, aber das ist für viele Betreiber eben der weitaus geringere Kostenfaktor.\nIch vergleiche Kubernetes und die (oft subjektive) Skepsis, die dem entgegenschlägt, gern mit der steigenden Popularität von Java in der Applikationsentwicklung vor ~20 Jahren.\nJava löst auch kein allein technisches Problem - Objektorientierung gab es schon vorher, portable Software und managed code auch. Es kommt mit Infrastruktur und einem Ökosystem, das über die reine Applikationsentwicklung hinaus geht:\nDu konntest mit Java einen arbeitslosen Physiker von der Straße holen, durch ein paar Kurse schleusen, und nach ein paar Monaten war der produktiv. Das ging davor nicht. Die ermöglichte Applikationsentwicklung in Firmen und Organisationen, die vorher dazu nicht in der Lage waren. So ist das mit Kubernetes in der Infrastrukturautomatisierung.\nNatürlich gibt es dadurch nun Randfälle, die aufgrund des niederschwelligen Einstiegslevels komplett neben der Spur laufen. Aber sich allein auf diese Totalausfälle zu konzentrieren \u0026ndash; oder zu ignorieren, dass Kubernetes ein weitgehend nicht-technisches Problem löst \u0026ndash; verfehlt meiner Meinung nach den Punkt.\nKubernetes ist nicht komplex, das Problem ist es Sören entgegnet:\nder Vergleich hinkt, finde ich. Die Kritik an Kubernetes ist nicht, dass es kein Fortschritt ist. Das ist es in einigen Szenarien.\nDie Kritik ist, dass du dir eine komplexe Architektur an Containern aufbaust, die du häufig auch mit weniger Wartungsaufwand und weniger laufenden Infrastrukturkosten auf einem physischen System hinbekommen hättest. Klar, die sind jetzt individuell skalierbarer, aber damit löst du ein häufig rein hypothetisches Problem.\nAls Antwort und Ergänzung zu Thilo Fromm:\nKubernetes löst einen Satz spezifische Probleme, und die Komplexität kommt aus den Problemen und nicht aus den Lösungen.\nDu willst eine sehr große Kiste in benutzbare Häppchen klein schneiden. Das kannst Du mit Virtualisierung (Openstack) oder mit Containern (K8s) machen, aber für den Outcome ist es hinsichtlich der Komplexität egal.\nDas Erste zu lösende Problem ist die Installation von Anwendungen und deren rückstandsfreie Entfernung. Du bekommst Images:\nWenn Du die nicht hast, mußt Du gezwungenermaßen einen 250k Files, 10 GB Size großen Linux-Tree an die Stelle kopieren, wo Deine Anwendung sitzt, zusammen mit den Binaries, Configdateien und Daten der Anwendung. Das dauert lange.\nWenn Du ein Image oder eine Sequenz von Images (\u0026ldquo;Docker Layers\u0026rdquo;) hast, kannst Du die mit Disk Speed (400 MB/s) an Ort und Stelle kopieren und hast einen Loop Mount.\nDas eskaliert schnell:\nroot@server:~# df -Th | wc -l 71 Die Images willst Du irgendwo zentral bereithalten und abrufen können, also hast Du eine oder zwei Registries. Ob die nun Glance, Docker-Registry oder Artifactory heißen ist am Ende egal.\nDein Image läuft nun auf diesem Host oder jenem, wo gerade Platz ist. Das zieht weitere Dinge nach sich:\nWo kommt der Storage her? Entweder lokal, dann hast Du eine Scheduling-Constraint und Du kannst nur noch hier laufen und nicht mehr dort, oder aus dem Netz. Oder Du hast einen Filer, iSCSI oder NVMEoF, und Volume Management. Das kann Cinder heißen, oder CSI mit PVC/PV, auch das ist am Ende egal. Du brauchst jedenfalls was, das Volumes durch Dein Netz an die Anwendung kabelt, egal wo die ist.\nUnd apropos \u0026ldquo;egal wo die ist\u0026rdquo;, wie kommen Nutzer an die Anwendung, wenn die Anwendung im Cluster mobil ist?\nDu brauchst Netz, einen Network Entry-Point (einen Load-Balancer oder so was), eine Backend-Erkennung, und eine Methode eine feste externe IP an einen Endpoint zu kabeln, auch wenn der Endpoint im Cluster mobil ist. Das endet im Fall Openstack mit einem SDN, und im Fall K8s mit einem SDN, einem Service Mesh oder beidem, weil manche Leute Hosenträger und Gürtel wollen.\nIn jedem Fall hast Du eine komplett neue Anforderungsliste für das Netz und das Netzwerk-Debugging an der Backe, einfach dadurch, daß Du Images irgendwo im Cluster haben und debuggen können mußt. So weit, so billig. Das hat ja auch was Gutes.\nWir gewinnen nun die Möglichkeit, die Ausführungsumgebung einer Anwendung maschinenlesbar zu beschreiben, und nach dieser Beschreibung zu bauen – das ist Infrastructure as Code (IaC).\nWir gewinnen dadurch auch ein Manifest der Anwendung und ihrer Dependencies, weil das ja für das Bauen vom Image Voraussetzung ist. Das macht Compliance re CVEs, Lizenzen und Dependencies viel einfacher.\nWie bekommen aber auch einen kompletten Methodenwechsel beim Debugging und beim Monitoring:\nJede Form von Introspektion vor Openstack und K8s war hostbasiert. Maschinen schrieben Logs in Files, und Entwickler loggten sich auf Kisten ein, lasen die Logfiles oder starteten einen Debugger, der sich an die Anwendung attached, und dann kann man in den laufenden Code gucken.\nWenn die Anwendung irgendwo im Cluster läuft, das in n+2 Kopien tut - dann geht das nicht mehr. Du bekommst Prometheus und Metriken mit Dutzenden von Tags, Honeycomb/Open Telemetry und viele andere Dinge nur, weil Entwickler das so nicht mehr tun können, denn die Anwendung läuft halt x-mal und irgendwo und ggf laufend woanders.\nDas heißt, das Handwerk der Softwareentwicklung wechselt einmal komplett die Methodik.\nAber auch wie wir über Anwendungen denken ändert sich:\nUm Images zu bauen brauchen wir eine Bauanleitung, die beschreibt, was da rein geht – ein Manifest, das die Anwendung und ihre Komponenten (neue und fertig eingebundenen, also Dependencies) beschreibt. Dazu die Privilegien, die die Anwendung braucht.\nDas alles wird einfacher, wenn wir Mutability vermeiden oder isolieren, also State in Datenbanken oder S3 Buckets oder anderen Sammelstellen konzentrieren. Auch das Deployment wird so einfacher. Wir bekommen Struktur.\nDazu kommen Dienste, die die Infrastruktur jetzt wegen dieser festen Regeln, und wegen ihrer eigenen Konstruktion bereitstellen und garantieren kann:\nDer Cluster wird gesteuert. Dazu gibt es eine Controlplane, und die weiß, was wo läuft und wem es gehört. Wir bekommen also vom Cluster garantierte Identitäten und das Management dazu.\nIch weiß, daß die Gegenstelle auf meinem Port 8080 der Dienst x für den User z ist, denn die Controlplane kann es mir garantieren oder mir sagen. Und weil jede Kommunikation im Cluster von der Controlplane gesteuert und erlaubt wird, ist diese Auskunft so verbindlich wie die Sicherheitsstruktur und Isolation des Clusters selbst.\nIch bekomme also eine vollkommen neue Dimension von Verlässlichkeit und Identität, die ich so auf dedizierten Bare-Metal Maschinen in der Regel nicht habe.\nMit einem Mesh kann ich sogar den Code dazu weglassen, denn Verschlüsselung, Metriken sammeln, Finden von Endpoints, Backoff und viele andere Dinge passieren automatisch und standardisiert im Mesh, sodaß ich das in meine Anwendung nicht rein codieren muss.\nIch mache einfach ein GET auf localhost:3081 und das \u0026ldquo;Richtige\u0026rdquo; passiert.\nNichts davon ist sinnlose Komplexität oder \u0026ldquo;nur deswegen da, weil ein paar Hipster es cool fanden\u0026rdquo;, sondern es kommt als logische Folge der Eskalation, die in Gang gesetzt wird, wenn ich Hardware klein schneiden und effizient nutzen will.\nUnd all das wirst Du duplizieren oder sogar in V1 dupliziert haben müssen, wenn Du selbst Clustern willst. Nur daß Du K8s-Leute direkt einstellen kannst, die für Deinen selbst gekochten Cluster nicht.\nVersteckt das nicht Kosten? Nils Goroll:\nNur, dass das neue Admin-Team, das jetzt \u0026ldquo;Devops\u0026rdquo; heisst, trotzdem noch obendrauf kommt. Oder halt die Leute, die devopsen, auch wenn sie nicht mehr Team heissen dürfen.\nJa. Nein. Es ist kompliziert.\nGroße Teile an Standard-Aufgaben werden auf die eine oder andere Weise an das Fachteam oder an AWS outgesourct. Davon ist es nicht notwendigerweise weniger Arbeit, aber sie ist jetzt teilweise unsichtbar. Du weißt halt nicht mehr, wie viele Stunden DBA KTLO sind, wenn jedes Fachteam sich selbst mit RDS Daten- und Schema-Migrationen rumschlagen muss.\nAndererseits wirst Du sicher eine Gruppe von Menschen brauchen, die sich auf Cloud-Infrastruktur, deren Design, Betriebs- und Sicherheitsarchitektur, Abrechnung und Kostenkontrolle und derlei Dinge kümmert. Und das sind nicht notwendigerweise weniger Menschen als Du vorher für Bare-Metal daheim eingeplant hattest.\nUnd schließlich ist es kompliziert, weil Du durch eine Cloud mit IAM, einer Controlplane und Services eventuell Dinge gewinnst. Nicht geldmäßig, denn Cloud ist immer 3-5x teurer als was immer Du vorher hattest.\nAber eventuell bekommst Du durch die harte administrative Grenze und den Zwang zur Kostenkontrolle als Organisation eine Motivation, Deine betrieblichen Abläufe besser zu dokumentieren, strukturieren und in Beziehung zu den betriebsWIRTSCHAFTLICHEN Abläufen zu setzen.\nAlso \u0026ldquo;Was tun wir hier eigentlich und was davon dient dem Geld verdienen\u0026rdquo;? Viele Unternehmen scheuen enorm vor diesen Fragen zurück.\n","date":"2023-08-28T00:00:00Z","href":"https://blog.koehntopp.info/2023/08/28/der-admin-beruf.html","tags":["lang_de","devops","computer"],"title":"Der Admin-Beruf"},{"categories":null,"content":"This is about the third story I hear about a Fedi instance losing all their data because of a CI/CD mistake.\nLily Cohen (@lily@firefish.social) has bad news. Hugops, but also the usual grizzled old sysadmin advice:\nNever say backup. Always say restore. This changes your mind. A backup is a cost center. It has no value, it has only cost. Only a restore has a proven value, and comes with knowledge:\nYou know you actually can restore, the backup was complete and does connect. You know how long the restore took, so you know the time to restore when asked. Not an estimate. The actual time. You know the restore procedure. Restore every backup all the time, then throw the recovered instance away. Keep the metrics, keep the backup.\nThere is no such thing as immutable, statelessness or whatever. Parts of your setup may be stateless deployments with immutable images. That is, because you collected all system state and put it into one or two selected locations. You can redeploy everything but these selected locations.\nIf you drop them, if you make a config mistake, these things are gone gone. They cannot be redeployed unless you have taken measures to do so. See above, item 1.\nDevops is easy except for the stateful parts. That is why the storage people and the database people all look down on you hipster devops people and make condescending remarks. 🙂 Yah, ok, they are nicer than you probably think they are, but they do have a completely different outlook on operations.\nListen and learn. Also, restore test.\nAlso, ArgoCD: No prune resources and Kubernetes PV Reclaim Policy \u0026ldquo;Retain, not Delete.\u0026rdquo;\nThere are people who have taken steps to prevent their CI/CD from messing with EBS volumes, S3 buckets or K8s Persistent Volumes, and there are people who will lose data in the future.\nDon\u0026rsquo;t be in the second group.\n\u0026ldquo;Nobody wants backup. Everybody wants restore.\u0026rdquo; \u0026ndash; Martin Seeger\nSee also Gitlab Data Loss .\n","date":"2023-08-23T00:00:00Z","href":"https://blog.koehntopp.info/2023/08/23/dont-say-backup-say-restore.html","tags":["lang_en","devops","data center"],"title":"Don't say Backup, say Restore"},{"categories":null,"content":"On git commit, git invokes an editor (by default: vi) and allows you to edit a commit message. If the editor exits with status code 0, the commit message is accepted and used. If the editor exists with status code \u0026gt;0, this is an error and the commit is aborted. The commit message is lost.\nOn MacOS, calling /usr/bin/vi, the editor shipped with the OS, starts vim 9.0.1424 in vi mode. In this mode, if you enter an illegal editor command such as :W, the editor will exit with status 1. This will happen even when you enter a legal editor command afterwards. So\n:W keks :w keks :q will\nkk:~ kris$ vi kk:~ kris$ echo $? 1 This does not happen if the same editor is called as vim. This does not happen on Ubuntu 22.04, which as vim 8.2.4919 installed – it will exit 0 as vi or vim. This suggests that this behavior of vim 9, when called as \u0026ldquo;vi\u0026rdquo; in compatibility mode, is an \u0026ldquo;improvement\u0026rdquo; that has been added on purpose. I wonder if that is really the case.\nIn vim, the command :\u0026lt;status\u0026gt;cq to force an exit status.\n:1cq kk:~ kris $ echo $? 1 You can also :0cq to force a zero. This also works in compatibility mode. You can, of course, also\n$ git config --global core.editor \u0026#34;vim\u0026#34; ","date":"2023-08-17T00:00:00Z","href":"https://blog.koehntopp.info/2023/08/17/macos-vim-git-and-exit.html","tags":["lang_en","apple","unix"],"title":"MacOS, vim, git and exit..."},{"categories":null,"content":"Hier ist ein T-Shirt/Tragetasche Unikat mit einem selbst gemachten Slogan.\nEine Tasche mit Aufdruck, via Mastodon .\nSchon vor vielen Jahren, in Kiel und Karlsruhe, habe ich angefangen, meine T-Shirts drucken zu lassen. Darauf waren selbstgemachte Slogans oder Grafiken, oder welche, die ich hemmungslos geklaut und verfremdet habe. Auch heute ist das noch so. Jeder kann das, es ist gar nicht schwer.\nMan braucht eine Quelle für T-Shirts in Größen, Qualitäten und Farben, die Euch zusagen. Dazu einen Textslogan oder eine Grafik-Vorlage.\nPNG Bei den Grafiken ist ein PNG mit transparentem Hintergrund von 1000+ Pixel entlang der längeren Kante vollauf ausreichend. Ein SVG ist manchmal möglich, aber nicht notwendig und als direkte Druckvorlage oft nicht hilfreich. Das ist so, weil das SVG die verwendeten Zeichensätze und Grafiken nicht unbedingt direkt enthält, und das SVG dann beim Dienstleister anders dargestellt wird als bei Euch.\nAuch JPG ist nicht hilfreich, weil es nicht transparent sein kann. Dann wird beim Druck die Hintergrundfarbe auf den Stoff gedruckt, wenn man das gar nicht möchte, und man bekommt eine 30 cmx20 cm Plastikplatte auf der Brust statt weicher, atmungsaktiver Baumwolle.\n1000 Pixel bei 72 dpi sind 30+ cm, vollauf formatfüllend auch bei breiter Brust oder großen Brüsten.\nDienstleister Ihr braucht außerdem einen \u0026ldquo;Copyshop\u0026rdquo; auf dem Pro-Level, also einen Grafikdienstleister, der so was kann. In Kiel habe ich im Knooper Weg gegenüber der Humboldt-Schule gewohnt und ein wenig nach Norden rauf zur damaligen Fachhochschule war an der Ecke ein Druckladen, der so etwas konnte und auch 3XL Shirts in Qualitäten hatte, die angenehm waren. (EDIT: Jetzt am Exer )\nHier in Haarlem habe ich ebenfalls mehrere solche Shops (Tinto et al), und es gibt natürlich immer spreadshirt.nl und spreadshirt.de, wenn man nicht nach draußen gehen mag.\nDruck Der Druck kann auf die vordere oder hintere T-Shirt-Seite oder auf die Ärmel. Jede Stelle, die bedruckt wird, kostet extra – ein doppelseitiges Shirt also deutlich mehr als ein einseitiges.\nDruck von Bildmotiven und mit Farben ist weniger Haltbar, als Schrift mit dem Einbaufont des Dienstleisters (also Text mit einem Font von der Maschine, statt Text als Grafik von Euch als PNG), und binnen 2-3 Jahren regelmäßigen Tragens wird sich die Grafik ablösen.\nStrichdicke spielt eine Rolle. Ein T-Shirt ist kein Skizzenblock\nEin mehrere Jahre altes Elite Retro-T-Shirt. Die Schrift hat sich gut gehalten, die feine Grafik vom Raumschiff nicht.\nNerdläden in den USA Wie dem auch sei: Es ist viel einfacher, schneller und ökonomisch und ökologisch vorteilhaft, solche T-Shirts lokal fertigen zu lassen, als sie von irgendeinem US-Dienstleister per Luftfracht zu Euch schicken zu lassen. Man braucht das PNG und einen lokalen Laden und kein Shirt. Manche Dienstleister nehmen auch AI oder PSD, weniger SVG oder PDF.\nEs ist wirklich am einfachsten mit einem moderat aufgelöstem PNG. PSD, AI, SVG und PDF müssen gerendert werden, und dann fehlen Fonts oder so was. PNG sieht genau so aus wie man das will.\nQualitäten Und schließlich:\nStoffe Qualitäten Andere Quelle Auflösungen Hier ein Motiv 835 px hoch, und sein Druck, ca. 11 cm hoch.\nMan kann sehen, daß man sich mit der Auflösung ziemlich entspannen kann.\nHier ein anderes Motiv (1629px breit) und sein Druck:\nDie Druckvorlage ist eine Reproduktion: Ich habe vor einigen Jahren ein Barbie \u0026amp; Dragons T-Shirt geschenkt bekommen, aber hatte keine Vorlage. Im Jahr von Barbie-Film und Baldur\u0026rsquo;s Gate 3 mußte ich das in frisch haben, also hab ich mir das selbst neu gemacht.\n","date":"2023-08-17T00:00:00Z","href":"https://blog.koehntopp.info/2023/08/17/t-shirts-selbst-designen.html","tags":["lang_de","erklaerbaer","fluffy fluff"],"title":"T-Shirts selbst designen"},{"categories":null,"content":"(based on a series of posts on Mastodon)\nI got an electric car I made the driving license late in life, in 1998 at the age of 30. My first car was a BMW 316i Coupe, used, 9000 Euro. I drove this until 2007. When I moved to Berlin, I found driving in the city inconvenient, and consequently used public transport. Eventually the battery of the car died from standing around, and I sold it.\nIn 2010, I became a father, and we bought a new car, a Renault Scénic Grande 7-seater. This is a car made from cupholders and small compartments, and it served its function of \u0026ldquo;Moving the family around, including Grandma\u0026rdquo; quite well. Nothing Renault makes lasts longer than 15 years, though, and so the thing was showing signs of age.\nAlso, the City of Amsterdam changes the rules of how to get into the city, and the old Scenic soon would be unable to get into the city. So, an electric car was needed.\nI tried to like the BYD Dolphin, but that car comes only with seats where the headrest is fixed and cannot be adjusted. At my size, that means the headrest sits somewhere at my lower shoulder blades. I asked for advice, and the BYD salesperson just pointed at the BYD Tank, a monstrous SUV. That had adjustable headrests for sure, but you wouldn\u0026rsquo;t want to drive such a thing inside Amsterdam\u0026rsquo;s city limits.\nSo Renault again, this time a Megane e-tech, with a 60 kWh battery, and some 16 kWh/100 km energy use. Also, apparently some 160 kW engine (peak power), which really is a 55 kW engine (sustained power).\nThese are weird units for energy and power for most people.\nWhat do they even mean and how can we imagine them?\nEverything in kWh Back in the day, we had incandescent light bulbs, and the standard thing everybody my age can imagine is the 100 W bulb. It was as bright as a modern 14W LED light today. Running the 100 W lamp for one hour uses 100 Wh of energy, running it for 10 hours is 1000 Wh, or 1 kWh.\nA 100 W incandescent bulk, as shown in Wikipedia .\nWatts are power (\u0026ldquo;Leistung\u0026rdquo; in German), and Watt-Hours are energy (\u0026ldquo;Energie,\u0026rdquo; \u0026ldquo;Arbeit\u0026rdquo; in German. \u0026ldquo;Leistung ist Arbeit pro Zeit\u0026rdquo; as my math teacher used to say to people who did not complete their test in time).\nSolar Energy The sun shining on Germany on a bright day delivers 1 kW per m^2, so 1 h of sunshine is an irradiation of 1 kWh/qm. Solar cells currently have an efficiency of 20%, so 1000 W of irradiation become 200 W of electricity, the other 800 W become heat or are reflected.\nSuch a 1 m^2 solar array would have an installed peak capacity of 200 Wp (\u0026ldquo;Watt peak,\u0026rdquo; or \u0026ldquo;Nennleistung\u0026rdquo; in German). Five of those would deliver 1 kWp, and produce around 950 kWh of energy per year, under optimal conditions.\nIn fact, 46 m^2 of my roof are covered in solar panels. That\u0026rsquo;s 9250 Wp , which under this formula should produce up to 8780 kWh/year.\nThey did, in fact, deliver 8000-ish kWh/year, from June 2022 to June 2023. To compare, we used 5500 kWh of electricity in the year before we got the Solar panels.\nFuels and Energy When I was little, a car\u0026rsquo;s power was given in HP (Horsepower). Today we use kW, but many people will still list HP in parentheses for old people\u0026rsquo;s convenience.\n1000 W are ~1 ⅓ HP, or 1 HP are ~750 W. Drive that for one hour, and you have used 1 kWh.\nConveniently, the energy content of many fuels is almost decimal.\nFuel kWh 1l Diesel 9.7 kWh, ~10 kWh 1l Benzine 8.5 kWh 1 m^3 Natural Gas 10-12 kWh, ~10 kWh Almost metric: 1 m^3 of Gas or 1 l of Diesel each has an energy content of 10 kWh.\nSo if your old Scenic Diesel uses 6.7l Diesel on 100 km, it has used around 66 kWh of energy. A combustion engine car is around 33% efficient.\nSo of these 66 kWh, around 22 kWh have been used to drive the distance. The rest is waste heat.\nThe new Megane uses 16 kWh for 100 km, so that is the energetic equivalent of 1.8l Benzine or 1.6l Diesel. Times three, to account for combustion engine losses.\nOther energy units Calories (actually kilocalories, kcal) are known to many people as units for energy content of food. A kilo of body fat is 7700 kcal, and that\u0026rsquo;s 8.9 kWh. So 11.2 kilos of dad bod are 100 kWh. Take that, Tesla.\nThis is not theoretical energy at all, as S4E8 Mythbusters: Salami Rocket has demonstrated.\nA bar of Milka chocolate has around 0.6 kWh. So charging a 60 kWh car battery is around 100 Milka bars of energy content.\nIf you are driving a Diesel at 6l/100 km, you burn 60 kWh of energy content, or around one bar of Milka per Kilometer. Things become very conveniently convertible if everything is kW and kWh.\nBergfreunde has a human activity energy calculator, which covers anything from Walking to Sex. 8h of walking for a fat old man will burn 3350 kcal, or 3.9 kWh. Assuming 6 km/h, we will burn 8.1 kWh/100 km. That is less than the Megane, but more than the Carver. And a lot more than biking.\nLong Distance driving and charging If you run your electric vehicle for long distances, you will observe that the last 20% of charge, from 80% to 100%, take longer than the rest. That is because batteries take energy quickly as long as they are empty, and the final 20% charge particularly slowly.\nMost people do not wait for a full charge, but charge to 80%-ish and then continue to drive. They also won\u0026rsquo;t drive the car down to 0%.\nSo at an energy use of 16-20 kWh/100 km at a speed of 100 km/h, you will be driving for about 2-2.5 hours until the battery runs empty. Then the car will need to charge, and because you are on the Autoahn, you\u0026rsquo;ll be using a fast charger. That will bring the car to 80% in around 30 minutes, sufficient to pee and get a coffee.\nThis is the rhythm of the electric long distance drive:\nStart SoC End SoC Time Energy Stored 29 % 80% 32 min 30.20 kWh 9% 80% 37 min 42.15 kWh Carging at a DC fast charger on the Autobahn.\nAt home, and charging 11 KW charge point as it is installed in public spaces all over the country in the Netherlands (Wikipedia ).\nAt home, you won\u0026rsquo;t be using a DC fast charger, but will be using an AC 11 kW charger. On this, the car goes from 31% to 80% in 3h:10m. A 22 kW charger would be twice as fast, but likely pointless.\nAn 11 kW charger is always sufficiently fast to charge up completely in reasonable time. And if not, sufficient to get to a SoC where you can drive to the Autobahn safely, and then use a DC fast charger to charge up really fast.\nDriving, Accelerating and Braking When you are driving a constant speed on a flat surface, you are using the exact amount of energy needed to counteract wind resistance. So if your car\u0026rsquo;s display reads \u0026ldquo;16 kW current energy use\u0026rdquo;, you are using 16 kW/21 HP to keep the current speed. That is about as much as the engine power of an old 1978 Renault 4 (or a Citroen 2CV).\nThe Megane has a more powerful engine, but only to accelerate nicely, and then it will even reach the catalog power of \u0026ldquo;160 kW\u0026rdquo; \u0026ndash; for a short time.\nWell, the Megane also has a more powerful engine for better recuperation, using the engine to convert kinetic energy back to electricity, and storing it back into the battery. The limit for that is 60 kW, \u0026ldquo;accidentally\u0026rdquo; close to the sustained power of the engine.\nThis is also a good case for a speed limit in the only country in Europa that has none: In the Netherlands there is a 100 km/h speed limit (at night sometimes 120 km/h), and that leads to extremely equalized car speeds on the Autobahn.\nYou basically turn on cruise control, set it to 100 and are done with it.\nIn Germany, you might set the Megane to 120 km/h, turn on as many assistance systems as possible and switch mentally into Fuck-You mode, but you will still have to accelerate and decelerate more, because speeds on the German Autobahn vary a lot.\nNot only does this make driving dangerous, it also eats into your range without providing better average speeds.\nSustained and Peak Power The Megane is sold with a peak power of 160 kW, but the motor has a sustained power of only 55 kW. You run it at even less, 16 kW, unless you accelerate.\nAir resistance is growing with larger speed, and the sustained power of the motor basically defines the cars top speed. But of course, this will also draw from the battery accordingly, so you will run out of energy faster, and need to charge earlier.\nAt 160 km/h, you will draw 55 kW, and will run out of power after 1 h.\nIt is typical for electric motors to overdrive them. For example, an electric locomotive rated at 4000 kW is routinely driven at 6000 kW on initial acceleration, until it hits the thermal limit, I have been told.\nAlso, the energy use of trains is incredibly low. A Stadler Flirt uses around 330 kWh/100 km. That\u0026rsquo;s the energy content of 30l Diesel, for a train of 60m length and 180 seats (around 300-350 people in commuter mode). Or in other words, 5 times the energy use of a Diesel car, so if 6 seats are occupied, it breaks even with a car (at an average occupancy of 1.2 people/car).\nA Flirt has drawn 1408 kWh from the overhead line, and recuperated 748 kWh, for a net energy use of 660 kWh. At the Konstanz-Stuttgart Line (200 km), this equals 330 kWh/100 km, or around 39l of Benzine (or 34l of Diesel) in energy content.\nTL;DR We can convert all kinds of energy into kWh, and use this to compare energy production and consumption. This is convenient, because typical fuels happen to align somewhat with the metric system: 1 l of Diesel or 1 m^3 of Natural Gas both have each 10 kWh of energy content. For fun, we can also do this with Milka Chocolate bars (0.6 kWh stored energy content) or with Pizza (around 1 kWh per Europizza).\nWe can do the same thing with power, and kW, and since power times time is energy, we can also easily convert energy draw over time into battery depletion, and plan trips.\nGetting fluent with units and conversions helps us to develop a feel for range, speed, energy and cost.\n","date":"2023-08-13T00:00:00Z","href":"https://blog.koehntopp.info/2023/08/13/electric-cars-and-numbers.html","tags":["lang_en","energy"],"title":"Electric Cars and Numbers"},{"categories":null,"content":"Das Statistische Bundesamt hat in Bevölkerungspyramide eine der coolsten Bevölkerungspyramiden, ever.\nDestatis Bevölkerungspyramide Per Default sehr ihr Deutschland im Jahre 2022: 20 % Rentner, 19 % Jugendliche, 62 % Erwerbstätige. Ihr könnt in dem Ding rumklicken, zum Beispiel Euer Geburtsjahr suchen und dann sehen, wie viele Leute aus dem Jahr noch leben. Man kann die Sprache umschalten, links oben ist ein Schalter für Englisch.\nIndem ihr den Jahresregler verschiebt, seht ihr Bevölkerungspyramiden der Vergangenheit, oder eine simulierte Zukunft. Die Simulationsparameter kann man rechts oben einstellen und darunter ablesen, was sie bedeuten.\nLegende und Erklärungen.\nAuch die Altersgruppen kann man umstellen, etwa das Rentenalter hochdrehen. Die Farbschattierungen sind Männer/Frauenüberschuß: 1.06 Männer pro 1 Frau bei der Geburt, aber Frauen leben länger. Die Parameter sind Geburtenraten von 1.44, 1.55 und 1.67 (alle niedriger als für Reproduktion notwendig, aber 2.05 ist unrealistisch für Deutschland). Die Parameter für Lebenserwartung sind 82/86, 84/88, 86/90. Die Parameter für Zuwanderung sind 180k, 290k und 400k pA.\nDeutschland 2070.\nWir sagen \u0026ldquo;Bevölkerungspyramide\u0026rdquo;, aber das ist nur in agrarischen Gesellschaften mit hoher Reproduktion und hoher Sterblichkeit korrekt. In Deutschland müßte man Bevölkerungsdönerspieß sagen.\n","date":"2023-08-10T00:00:00Z","href":"https://blog.koehntopp.info/2023/08/10/deutschland-der-zukunft.html","tags":["lang_de","erklaerbaer"],"title":"Deutschland der Zukunft"},{"categories":null,"content":"Früher hatten wir Festplatten. Das ist ein Stapel Glasplatten, die mit Eisenoxid beschichtet sind, gleichmäßig schnell rotieren und auf dem wir mit einem Kamm voller Schreib-Lese-Köpfe Teile magnetisieren oder die Magnetspuren auslesen. Platten hatten CHS-Adressen für Sektoren, also Cylinder (drinnen, weiter draußen), Head (Scheibe) und Sektor (also welches Stück Scheibe). Diese CHS-Adressen waren für das Betriebssystem sichtbar und das hat damit optimiert.\nPlatten wurden dann schnell kompliziert. Der Radius einer Spur auf einer drehenden Platte wächst, wenn man die Köpfe nach draußen schiebt. Also passen draußen mehr Sektoren darauf.\nDas bedeutet aber, daß das ganze CHS-System so nicht mehr funktioniert, außer das OS kennt die spezielle und variable Geometrie der Platte. Stattdessen hat die Platte einen eigenen Computer, den Controller, die Elektronik an der Unterseite der Platte. Der kennt die Geometrie. Das OS nicht.\nFür das OS ist die Platte nun sehr viel einfacher: ein Array aus Sektoren. Diese auf die wie auch immer geartete Plattengeometrie abzubilden ist Sache des Controllers, der physisch mit der Platte verbunden ist.\nWir bekommen \u0026ldquo;Lineare Block Addressen\u0026rdquo;, LBA. Viele OS kannten am Anfang gar keine LBA. Daher geben Platten eine Fake-Geometrie raus, die aufgeht und darstellbar ist \u0026ndash; und unsinnig ist. 255 Cylinders, 63 sectors/track –– von einer SSD.\nroot@server:/run/user/1000# fdisk -l -u=cylinders /dev/sde Disk /dev/sde: 3.64 TiB, 4000787030016 bytes, 7814037168 sectors Disk model: Samsung SSD 860 Geometry: 255 heads, 63 sectors/track, 486401 cylinders Units: cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt Disk identifier: A5C7EF27-A7B1-4E84-AFC8-24FC1DB1C7FB Device Start End Size Type /dev/sde1 1 486402 3.6T Linux LVM Viele Leute hätten gerne, aus was für Gründen auch immer, mehr als eine Festplatte - auch wenn sie nur eine haben. Zum Beispiel um mehr als ein Betriebssystem zu installieren oder um sonst wie Dinge aufzuteilen. Die Lösung war die \u0026ldquo;Partition\u0026rdquo;. Das ist eine Gruppe zusammenhängender Cylinder, die vom System als \u0026ldquo;eine logische Festplatte\u0026rdquo; angesehen werden. Man schließt also sda an, und sieht bis zu 4 Geräte: sda1, sda2, sda3 und sda4.\nAus Gründen, die mit Microsoft und MS-DOS zu tun haben, gingen nur 4 Partitionen – die Partitionstabelle am Anfang der Platte war ein festes Array mit genau 4 Einträgen. Es sind auch immer 4, nur manche sind als unbenutzt markiert und werden dann stillschweigend ignoriert.\nWenn man nun mehr als 4 haben will? Sehr einfach: macht man sich eine \u0026ldquo;Erweiterte Partition\u0026rdquo;, die den ganzen Rest der Platte abdeckt und kann darin dann weitere Partitionen einrichten.\nDas ist dann eine lineare Liste. Die Nummern der logischen Partitionen in der erweiterten Partition fangen immer bei 5 an. Man kann also eine Bootpartition sda1 haben und eine erweiterte Partition sda2, die dann sda5, sda6 und sda7 enthält. Kein normal denkender Mensch will das so, weil das auch nervt: Partitionen müssen ja zusammenhängend sein und auf eine Platte passen. Man kann sie also nur dann erweitern, wenn hinter ihnen freier Platz ist.\nIst da keiner, muss man den ganzen Rest der Platte \u0026ldquo;weiter nach hinten\u0026rdquo; kopieren und dann die Partition der Wahl erweitern. Das kann sehr, sehr weh tun. Was man stattdessen macht:\nMan tut alle seine Platten in einen Sack. Diesen Sack nennen wir Volume Group, VG. Die einzelnen Platten, die Physical Volumes, PVs, schneiden wir in gleich große Scheiben, die Physical Extents, PEs. Die VG ist also ein Sack voll PEs, alle gleich groß, die auf unterschiedlichen Platten liegen.\nMan will so um die 1000 bis 10.000 PEs in seiner VG haben. Dann hantiert man mit Platz in Units von 1 Promille bis 0.1 Promille \u0026ndash; das ist genau genug.\nWir können uns so Logical Volumes, also Laufwerke, zusammenbauen, die ein ganzes Vielfaches eines Extents groß sind und die aus LEs bestehen, Logical Extents. Jedem LE wird mindestens ein PE als Backing Storage zugewiesen, aber da dies über eine Lookup-Tabelle passiert, können die PEs von irgendwoher kommen.\nDas Subsystem in Linux, das das macht, heißt LVM2, der Logical Volume Manager. Er kann noch mehr:\nEs ist möglich, einem LE mehr als ein PE zuzuweisen. Dann hat man ein RAID 1. Es ist möglich, die Blöcke aus zwei PE auf unterschiedlichen PVs zu nehmen und blockweise abwechselnd zu benutzen. Dann hat man ein RAID 0. Mithilfe der Device Mapper Layer, die unterhalb von LVM Dienst tut, kann man so jede Menge absurde Storage Artistik abziehen. Für uns ist wichtig zu verstehen, daß Partitionen in LVM – wegen LVM! – nicht mehr zusammenhängend sein müssen.\nEs ist 2023. Die Leute benutzen noch Devices, Partitionen und LVM, aber niemand benutzt noch Festplatten. Alles ist SSD, eventuell sogar ohne beknacktes SATA-Interface, sondern mit dem Flash direkt auf dem PCIe-Bus. Das ist dann NVME.\nDas ist super, weil das S in SATA für Seriell steht, also auch Zugriffe auf das Gerät serialisiert. Das Gerät hat aber einen Haufen Chips, die man alle parallel anblasen könnte, wenn das SSSSSSSATA nicht Zugriffe sssssserialsierte. Also weg damit!\nFlash Storage hat nun noch ein anderes Problem. Flash beschreibt \u0026ldquo;gelöschte\u0026rdquo; Blöcke in Sektoren von 512 Byte oder – neuerdings - 4096 Bytes.\nFlash kann solche Sektoren aber nicht löschen, nur als \u0026ldquo;gelöscht\u0026rdquo; markieren. Die eigentliche Löschung dauert recht lange und passiert in recht großen Erase Segmenten, die viele Sektoren enthalten.\nDaher gibt es einen Hintergrundprozeß, der auf dem Controller läuft und guckt, ob valide Daten umsortiert werden können, sodaß ganze Erase Segmente frei werden.\nDieser Hintergrundprozeß ist die Flash Translation Layer (FTL).\nSie hat eine große Zuordnungstabelle, die die eingehende LBA vom Computer auf eine physikalische Blockadresse im Flash mapped. Und die FTL kann im Hintergrund Blöcke verschieben, umsortieren oder reorganisieren, ohne daß das vorne an der LBA sichtbar wäre. Das hat eine Reihe von Konsequenzen. Eine ist, daß man eine SSD nicht zum Löschen überschreiben kann – die FTL sortiert hinten lustig Kram hin und her und es ist nicht gesagt, dass ein Durchschreiben von LBA 0 nach LBA n alle Daten auf der SSD überschreibt, oder daß Allgemein nichts Lesbares mehr auf der SSD steht.\nDaher gibt es bei vielen SSD eine Hardware Drive Encryption, und zum Löschen des Laufwerkes geben wir der Disk einfach das Kommando, den Key zu vergessen. Damit ist die faktisch gelöscht.\nOder wäre es, könnte man der Implementierung der Hardware Drive Encryption vertrauen . Eventuell ist man mit so was wie LUKS und dem Wegwerfen der LUKS-Schlüssel besser dran als mit der Hardware Verschlüsselung von Drive-Controllern aus Chinesium. Aber in jedem Fall ist man mit einem verschlüsselten Flash Drive besser dran als mit \u0026ldquo;Überschreiben\u0026rdquo;. Oder man etabliert einen Prozess, bei dem jeder Storage in einem Server in unseren RZ dies nur noch durch einen Shredder verlassen kann. Falls man seinen Leuten vertraut, dass sie nicht doch mal ein Drive aus der Schrottkiste mitnehmen.\nEine bemerkenswerte Eigenschaft von Flash sind \u0026ldquo;Seeks\u0026rdquo;, also Datentransfers zwischen nicht physisch aufeinander folgenden Blöcken. Disks schaffen so um die 200 Disk Seeks pro Sekunde, und die tatsächlichen Zeiten variieren auch stark – je Seek, desto Wait. Bei SATA/SAS SSD haben wir circa 20.000 Seeks pro Sekunde und bei NVME bis zu 800.000 davon (weniger, je mehr Bits pro Flash-Zelle).\nWenn Ihr bei der FTL aufgepasst habt, dann wißt ihr, dass aufeinanderfolgende LBA eventuell gar keine aufeinanderfolgenden PBA sind, also im Flash nicht nebeneinander liegen müssen. Das merkt niemand, weil die Seek Zeiten bei Flash uniform sind. Aber Moment mal \u0026hellip;\nWir haben uniforme Seekzeiten und wir haben in der FTL eine Lookup-Tabelle die verdammt ähnlich aussieht wie die Lookup-Tabelle in LVM. Können wir dann nicht auch Nichtzusammenhängende Partitionen in Hardware bekommen? Können wir. Jedenfalls ein paar. Das sind NVME Namespaces, also die \u0026ldquo;nX\u0026rdquo; an Euren /dev/nvme1n1-Devices.\nDie kann man mit dem \u0026ldquo;nvme\u0026rdquo; Kommando einrichten und abreißen und ihnen auch Platz zuweisen. Der liegt dann irgendwo und die FTL weiß, wo genau. Aber zusammenhängend ist das nicht, auch wenn Ihr das nie sehen werdet. NVME Namespaces sind also so eine Art Hardware LVM mit einer limitierten Anzahl Plätzen.\nWie Hardware ist mein Hardware LVM denn? Nun. Mit SR-IOV bekommt jede einer Hardware-Nichtpartitionen auch ein Haufen Fake-PCI-Register, die ich in den Adressraum etwa einer VM mappen könnte, sodaß effektiv jede VM eine \u0026ldquo;Partition\u0026rdquo; meiner NVME als fast echtes PCIe Busdevice sehen kann.\nLeider gerät an dieser Stelle die Implementierung ins Zielfeld, und teilt uns mit, daß das zwar schnell ist, aber leider nicht dicht, und man darauf also nicht unbedingt vertrauen sollte. Aber schön wäre es gewesen!\nWie dem auch sei: Jetzt haben wir dieselbe Idee also\neinmal in einem ARM-Rechner, der am Flash jenseites des PCIe Busses klebt – dem Flash Controller mit der FTL, als NVME Namespaces. Und dann noch einmal eine Ebene höher, diesseits des PCIe, als LVM2 unter dem Filesystem. Und dann noch einmal eine Ebene höher, im Dateisystem, jedenfalls wenn es APFS oder ZFS ist, auf Dateisystem und Datei-Ebene. Dreimal dieselbe Idee, mit einer Lookup-Tabelle, Namespaces und dem Zusammenkleben von Blocks. Außer, wenn man Apple ist. Dann baut man seine Hardware selbst, realisiert den Flashcontroller in denselben Die wie die CPU oder lässt ihn gleich als Teil der CPU laufen, schließlich ist es sowieso ein System-on-a-Chip. Und redet dann mit den Flash-Chips neben der CPU. Die sind eh nur neben dem Die mit der CPU, weil sie dort noch nicht hineinpassen.\nUnd dann kann man diese Ebenen zumindest teilweise integrieren, einige Indirektionen sparen und generell schneller sein. Das setzt aber natürlich voraus, daß man seine Hardware komplett kontrolliert, sodaß die Komponenten aufeinander abgestimmt werden können.\nAußer Apple können das nur zwei Hände voll andere Firmen auf diesem Planeten, und die anderen sind alle Cloudbetreiber, die ihre Hardware oder gar – wie Amazon-Annapurna-ARM – ihre CPUs selbst fertigen können. Dann gehen auf einmal ein Haufen Abkürzungen und man kann so Sachen wie kaputte Hypervisoren und SR-IOV direkt selbst fixen. Und das ist, warum Amazon schöne Dinge haben kann, aber ein \u0026ldquo;Private Cloud\u0026rdquo; Openstack nicht.\nJan schreibt: \u0026ldquo;Was Betriebssysteme noch nicht verstanden haben, ist das es nur noch Memory gibt. In unterschiedlichen Geschwindigkeitsklassen. Und Anbindungen. Lokal, Netzwerk. Das ist der einzige Unterschied. Es gibt nur noch wenige Fälle. Memory ist da oder nicht. Latenz ist close to zero oder nicht deterministisch. Deal with it.\u0026rdquo;\nIn Unix ist ja alles entweder ein File, also persistent, und via open/read/write/seek/tell/close zu bearbeiten. Oder ephemeral, und via malloc zu bekommen.\nSpeicher, so wie ihn Unix kennt, hat keine Eigenschaften (ephemeral, persistent), Granularität (byte, page welcher Größe auch immer), und auch keine Eigner und Zugriffsrechte, sowie keine Verzeichnisdienste. Die Infrastruktur, die ein Dateisystem bereitstellt, ist ja weit mehr als nur die open/read/write/close API.\nEs ist auch der Verzeichnisbaum und die an den Dateien klebenden Zugriffsrechte, Flags, xattr und was es sonst noch so gibt, und eine bestimmte Locking-API. Speicher hat zwar auch Locks, aber andere, und kennt die Konzepte Eigner, hierarchischer Namespace und was da sonst noch so existiert nicht. Sun hat mal eine Zeit lang mit wilden Dingen herumgespielt, die Teile dieses Problemraumes adressiert haben. HP auch, mit einem anderen Teilaspekt dieser Sache. In beiden Fällen geht es um einen Haufen CPUs, die gemeinsam auf einem Speicher herumdengeln, der vielleicht oder vielleicht auch nicht lokal ist. Das löst aber jeweils nur einen Teilaspekt des Problems. Und es gibt keinerlei Software, die damit um könnte.\nIn Unix. Anderswo gibt es schon seit den späten 80er Jahren Rechner mit einer Art \u0026ldquo;hardware unabhängigem Bytecode\u0026rdquo;, 64 Bit Uniform Address Space und einer Art speicherbasierten, transaktionsorientierten Datenbank, Namespaces und Zugriffsrechten. Das ist dann aber kein Unix, sondern etwas anderes, bizarres, außerirdisches, das keiner von Euch je gesehen hat.\nAlien Systems/400 Das ist das, was man bekommt, wenn man eine JVM erfindet, bevor es Java gibt und wenn man persistenten Speicher mit RAM und \u0026ldquo;mmap() aber in richtig\u0026rdquo; und wie eine Datenbank riechend erfindet. AS/400 ist irgendeine CPU – das wurde in der Zwischenzeit auch mehrfach geändert und keiner hat es gemerkt – und irgendwelcher Speicher (viel weniger als 64 Bit, aber das hat auch keiner gemerkt, das RAM ist ja nur Cache). Statt \u0026ldquo;everything is a file\u0026rdquo; \u0026ldquo;everything is an object\u0026rdquo;.\nIn der Zwischenzeit hat Intel Optane wieder eingestellt. Das Pricing war falsch, aber vor allen Dingen hat keiner das richtig nutzen können. Zu RAM für ein Filesystem, und zu persistent für RAM – meh, was soll ich damit? Wenn alles entweder ephemeral oder ein File ist, dann ist \u0026ldquo;persistent, und so schnell wie RAM\u0026rdquo; irgendwie nicht zu gebrauchen.\n","date":"2023-08-09T00:00:00Z","href":"https://blog.koehntopp.info/2023/08/09/frueher-hatten-wir-festplatten.html","tags":["lang_de","filesystems","computer"],"title":"Früher hatten wir Festplatten..."},{"categories":null,"content":"In Deutschland gibt es circa 50 Millionen Autos. Wieviele Kilometer fahren die so im Jahr?\nStatista: Fahrleistung der PKW in Deutschland von 1970 bis 2021 , die Statistik zeigt die Entwicklung der Fahrleistung der Pkw in Deutschland in den Jahren 1970 bis 2021. Im Jahr 2021 betrug die Fahrleistung der Personenkraftwagen in Deutschland rund 582,4 Milliarden Kilometer.\nDas sind überschlägig 10k KM pro Jahr und Auto, das ist ein plausibler Wert.\nBei einem angenommenen Energieverbrauch von 20 kWh po 100 km und 582 Mrd. Kilometern ergibt sich ein Energiebedarf von\n\u0026gt;\u0026gt;\u0026gt; (582.4*10^7*20)/(10^9) 116 Also 116 Mrd. kWh oder 116 TWh.\nDie Stromerzeugung in Deutschland lag in 2022 bei 574 TWh.\nStatista: Bruttostromerzeugung in Deutschland in den Jahren 1991 bis 2022 , im Jahr 2022 wurden in Deutschland 574 TWh Strom erzeugt. Dies ist die Summe des erzeugten Stroms von Kraftwerken der allgemeinen Versorgung, industriellen Eigenanlagen sowie privaten Betreibern in Deutschland.\nWürde man die Autos in Deutschland komplett elektrifizieren, ist das ein Strommehrbedarf von 20 %. Und 20 kWh/100 km sind ein Benzinäquivalent von 2.2 l/100 km.\nDer Primärenergieverbrauch von Deutschland ist 1989 maximal gewesen und seit dem linear leicht gesunken.\nOWiD: Primary energy consumption in TWh .\nWir sind noch bei 78 % des Spitzenverbrauches, also ca. -0.7 % pro Jahr abnehmend. Das ist wohlgemerkt bei steigendem GDP:\nOWiD: GDP per Capita .\nDie 116 TWh E-Mobilität sparen zugleich geschätzt 350 TWh Primärenergie ein, also von 3416 TWh/a auf 3066 TWh/a abnehmend, oder anders gerechnet knapp 10 % oder 15 Jahre bei -0.7 % pro Jahr.\nDie Raffinierung von Benzin braucht auch Energie, etwa 1,585 Kilowattstunden pro 1l Treibstoff, allerdings kein Strom, sondern Primärenergie (Gigantischer Stromverbrauch von Raffinerien? ).\nIn Deutschland werden 52.2 Mio. Tonnen Kraftstoff/Jahr verfahren (Zahlen der \u0026ldquo;Fachagentur Nachwachsende Rohstoffe\u0026rdquo; ). Es sind 1.333 m^3 Volumen pro Tonne (Benzin)\n\u0026gt;\u0026gt;\u0026gt; (52.2*10^6 * 1333*1.585)/10^9 110 110 TWh Primärenergieverbrauch zur Herstellung des in Deutschland verbrannten Kraftstoffes gegen 116 TWh direkten Stromverbrauch, wenn man den Strom direkt verfährt. Strom gegen Primärenergie, aber ja.\nRechnet man solche Ersparnisse über die Gesamtwirtschaft, kann man ein solches Diagramm zeichnen:\nEnergy Flow Chart. Die Einheiten sind sehr amerikanisch: Quads (Quadrillion BTU, 3412 BTUs entsprechen 1 kWh ). Dies sind Short Scale Quads , also 1E15, deutsche Billiarden.\nMan sieht, daß die Effizienz von 1/3, die wir bei Verbrennungsmotoren haben, und die wir auch als Jahresarbeitszahl bei Wärmepumpen annehmen, auch für den gesamten Primärenergiebedarf gilt. Wir können also annehmen, daß wir durch eine Elektrifizierung von allem den Primärenergiebedarf dritteln, oder, wenn wir dennoch gewisse Verluste zugestehen, halbieren. Das ist das Ausbauziel in zu deckendem Primärenergiebedarf für eine nachhaltige Energieversorgung.\n","date":"2023-08-02T00:00:00Z","href":"https://blog.koehntopp.info/2023/08/02/was-waere-wenn-alle-autos-elektrisch-fuehren.html","tags":["lang_de","energy"],"title":"Was wäre wenn alle Autos elektrisch führen?"},{"categories":null,"content":"Memo to self: I have a VPS with a legacy Ubuntu 20.04, and when creating a user to run a user-based service, trying to use systemctl fails with the message:\n$ systemctl --user status Failed to connect to bus: No such file or directory To solve this, multiple changes were necessary:\nFixing the systemd problem The service is supposed to run as the user theservice, from the directory /home/theservice/therepo, and is to be controlled by a systemd instance for this user. There was no such instance running.\nMissing packages Several required packages were not installed (server image, minimal packages installed):\n# apt install dbus-user-session libpam-systemd libpam-cgfs loginctl config not correct Loginctl needs to be told what to do when the user is not logged in:\n# loginctl enable-linger theservice Missing environment variables Two environment variables were not defined properly:\n$ cat ~/.bashrc # ~/.bashrc: executed by bash(1) for non-login shells. # see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) # for examples # THIS INSERTED vvv export XDG_RUNTIME_DIR=/run/user/$(id -u) export DBUS_SESSION_BUS_ADDRESS=\u0026#34;unix:path=${XDG_RUNTIME_DIR}/bus\u0026#34; # THIS INSERTED ^^^ # If not running interactively, don\u0026#39;t do anything case $- in *i*) ;; *) return;; esac ... Note: As you can see in the case statement and the comment before, the remainder of the .bashrc is only run for interactive shells. The variable definitions must appear before the case statement, as shown.\nuser@.service not enabled and started The user-based systemd component was not enabled and started.\n# systemctl enable user@.service # systemctl start user@1011.service # the userid of the user I needed Defining the service The service we want to run is a Python program in a virtual environment, logging to stdout and stderr. It needs to be started by systemd as the service user.\nWe check out the repo and create virtual environment:\n# sudo -Hi theserviceuser $ git checkout git@github.com:theuser/therepo.git ... $ python3 -m venv venv $ source venv/bin/activate $ pip install -r requirements.txt ... This will check out the source, create a venv and then activate it and install the requirements.\nWe can now create a service. As the service user, run systemctl --user edit --full theservice.service and install\n# /home/theserviceuser/.config/systemd/user/theservice.service [Unit] Description=The Service After=syslog.target network.target [Service] Type=simple WorkingDirectory=/home/theserviceuser/therepo ExecStart=/home/theserviceuser/therepo/venv/bin/python3 /home/theserviceuser/therepo/main.py Restart=on-abort EnvironmentFile=/home/theserviceuser/therepo/.env [Install] WantedBy=multi-user.target By using the Python instance from the venv, we will automatically use stuff from the venv, no activation required.\nWe can now update all this with\n$ systemctl --user stop theservice.service $ git pull --rebase $ systemctl --user start theservice.service or a script that does the same.\n","date":"2023-07-12T00:00:00Z","href":"https://blog.koehntopp.info/2023/07/12/ubuntu-systemctl-user-does-not-work.html","tags":["lang_en","linux","devops"],"title":"Ubuntu: systemctl --user does not work"},{"categories":null,"content":"There is a really nice article by Pep Pla, over at the Percona blog about fragmentation in MySQL InnoDB tablespaces, which you should read.\nThe article discusses \u0026ldquo;fragmentation\u0026rdquo; of data in tables, which happens in a way similar to how it happens in filesystems.\nInnoDB stores data by default in tablespaces, which by default are a file per table. These files are subject to the fragmentation and growth rules of your filesystem, but if you are smart, you are running MySQL on Linux on the XFS. In that case, filesystem fragmentation (and unexplained commit latency variance) are not an issue, because XFS takes care of handling this properly, and only database-internal fragmentation remains.\nPrimary keys, data order and working set size Data inside an InnoDB tablespace is placed in primary key order, and that used to matter a lot, because rows with closer primary keys used to be stored closer together on disk. Up to the point where rows with adjacent primary keys had a good chance of being on the same page.\nIn the past, it mattered more than today, because even if data was not stored on the same page, pages that were physically stored closely together (on the same HDD track or cylinder) could be loaded faster. That was the case, since \u0026ldquo;near\u0026rdquo; disk seeks were executed faster by an HDD than \u0026ldquo;far\u0026rdquo; disk seeks across the entire surface of a hard disk.\nWith flash, seek times are largely irrelevant: In fact, the internal Flash Translation Layer of flash storage will put data anywhere it sees fit, and then issue you a Logical Block Address (LBA) that has no bearing whatsoever on the actual physical location of the page on the flash drive. It may even move the actual physical data under you behind the scenes, and still refer to it by the same LBA.\nWhat matters a lot as a concept, though, is the Working Set Size (WSS) of your database.\nThe Working Set is the set of pages your database is going to reference in the next future interval\nThis interval may be, for example, the next 1m, 10m or 1h. That is, it makes initially limited sense to speak of the WSS as an unqualified term. You\u0026rsquo;d have to use it with an interval instead, so the WSS-1m, WSS-10m, WSS-1h and so on.\nIf you could predict what pages will be needed in the WSS-10m, you could preload these pages and cache them. This would bring the disk reads to zero or close to zero for the coming 10 minutes.\nPredicting the future is hard, though, especially if accuracy is required. What we do instead is look to the past and hope the future looks alike.\nSo most people would want to look at the past 10 minutes, and the recorded page numbers requested from disk as a triple of (timestamp, tablespace_id, page_number). From this, we can build a histogram for a sliding 10m window, and we would know which pages have been in demand. From the height of the histogram counter, we would even know how much.\nWe can now size an InnoDB buffer pool, and calculate how large this pool would have to be to cache 95%, 99%, 99.99%, \u0026hellip; of all page read requests. Having a handle on the desired buffer pool size for a data set and a workload would be very useful to determine the amount of memory our database instance would need to perform adequately: It must be sized for – at least – the estimated buffer pool plus overhead plus some safety margin, rounded up to available instance types.\nUnfortunately, we can only get aggregate statistics from an unpatched MySQL, and no page-read-request timeline as shown above. Neither can we get a page-request histogram from P_S, or a properly precalculated WSS estimation. So it is necessary to patch MySQL to get this data, unfortunately.\nWhen we do this, and math a bit on the results, we observe there is actually such a thing as a WSS without a time-interval:\nAs long as the workload is stable, we can identify with some confidence a set of pages that need to be cached in order to quench most of the reads. Adding buffer pool pages past this point will not improve performance substantially, and there might still be a certain number of residual random page reads due to random accesses in the workload. In order to also quench these, you\u0026rsquo;d have to be able to keep the entire database in memory. While this is sometimes possible, there are workloads where this is not economical, especially at cloud pricing structures.\nDesigning for locality Here Pep Pla comes in again, because he highlights in his article the principle of locality, which is exactly what the working set size is. Specifically, WSS is temporal locality – we cache the pages we will need in the future in memory, so that spatial locality does no longer matter. Even when using HDD.\nBy choosing a primary key smartly, we can make sure that primary keys that are being accessed \u0026ldquo;together\u0026rdquo; have similar values, and each page is filled closely with many rows that we will be needing at the same time.\nFor a fixed data size, this lowers the number of pages active concurrently, bringing down WSS size, bringing down pool size, bringing down instance size, bringing down cloud cost.\nAlso, it is important to keep the row size down, so many rows fit into the same page, and finally getting a handle on fragmentation inside a page – but this is actually the least important factor in design.\nFor the various MySQL flavors, exposing disk read request traces (as (ts, tablespace_id, page#) triples) and deriving a histogram and a WSS metric from it remains an open TODO point.\nNote how \u0026ldquo;Designing for locality\u0026rdquo; is not primarily a \u0026ldquo;fragmentation\u0026rdquo; issue – the amount of empty space per page, segment or tablespace does not matter in the first place. Packing rows that are needed together densely is what matters: data density matters. And empty space in a page can ultimately adversely affect that, but it is really the last item on the list.\nFill Factors, and you do not need to OPTIMIZE TABLE \u0026ldquo;Empty space in a page\u0026rdquo; is a special kind of fragmentation, and in databases it is commonly called \u0026ldquo;fill factor.\u0026rdquo; Pep Pla has been testing the behavior of InnoDB with various workloads and page fill factor settings, and this is the first documented and systematic work in this area that I am aware of.\nUsing the innodb_space tool from Jeremy Cole\u0026rsquo;s Tooling , he observed the behavior of InnODB after a longer term mixed insert and delete workload.\nThe results are pretty encouraging. Basically, according to the results from his testing, it never made sense to run OPTIMIZE TABLE to repack and re-order the data for flash storage. Disk seeks do not matter much any more on flash, and there will always be empty space in the pages of tables that see permanent random inserts and deletes. So running OPTIMIZE TABLE will bring the table size down and repack it, only to create a wave of page splits immediately after when the DML workload continues and needs room to work.\nPep Pla shows fragmentation maps for the same table after 400 iterations of his DML workload using different fill factors, and it shows that the initial fill factor after an OPTIMIZE TABLE is no longer visually identifiable. Instead, all tables look similarly fragmented, so their shape is dominated by the workload, not the OPTIMIZE TABLE and the fill factor parameters.\nIt may be useful to OPTIMIZE (and compress) tables that are being archived, but as soon as they see DML, they will be reshaped by the workload again, and you might as well not OPTIMIZE.\nDesigning for locality vs UUID It is worth mentioning that very many tables have a row-access frequency that matches the rows primary key, if the rows\u0026rsquo; primary key is an auto_increment. That is, very many applications frequently access rows that have recently been written, while older rows are being used much less frequently.\nBy using auto_increment primary keys, data is automatically ordered physically so that \u0026ldquo;cold data\u0026rdquo; is at the front of the table and \u0026ldquo;hot data\u0026rdquo; is at the end. This also puts hot rows together into the same page or pages close by, at the end of the table. This is good for performance in InnoDB, and also keeps the WSS down.\nUsing a random primary key (a MD5 or a UUID v4) will not impose any order on the primary key. In InnoDB, where the primary key value determines the physical position of the row in the table, this essentially scatters rows across the entire table. This creates a very large working set, bloating required buffer space, and increasing instance size: There will be a hot row in any page with the same probability, so you\u0026rsquo;ll have to cache all pages to quench reads.\nUsing a UUID v1 is better because they have a temporal component, which can be used to leverage an auto_increment-like ordering. Unfortunately, MySQL does not do this by providing a UUID v1 data type, which does the right thing automatically. Instead, we get to use a pair of functions UUID_TO_BIN() and BIN_TO_UUID(), which require you to manually cast the data every time you access it and remember to set the swap flag properly. This is very uncomfortable and error-prone, more so in large development organizations.\nTry to use auto_increment with MySQL InnoDB. If you can\u0026rsquo;t, try to go with UUID v1 and the UUID_TO_BIN() functions, with the swap flag set.\nFor the various MySQL flavors, it remains an open TODO point to provide a UUID v1 and a UUID v4 data type.\nRow Fragmentation MySQL InnoDB is famously bad at storing files, and Pep Pla discusses that cursory, too. In fact, the Percona Blog also provides another article on this with some more depth, which is a lot more opinionated than the official manual on the subject at hand.\nBasically, when a row becomes too large (at 1/2 page size, 8 KB), InnoDB stores individual fields of a row \u0026ldquo;off-table\u0026rdquo; in overflow pages. The article does not discuss this, but to my knowledge, each overflow page holds only one field, so the overhead is statistically much larger than \u0026ldquo;on average 1/2 page\u0026rdquo; as stated in that article. This effect becomes stronger if you have tables with multiple BLOB/TEXT columns in a row, and each is just barely large enough to trigger off-table storage.\nAccessing data that is stored in overflow pages uses up additional buffer pool pages to hold them, at a rate of at least one per overflowed field, increasing the working set size, and hence necessary instance size. In versions of MySQL before MySQL 8, such data also forced the use of on-disk temporary tables, which impacted query performance badly to a large extent, but this is now fortunately fixed.\nSo in the past, the general advice was to avoid TEXT/BLOB columns altogether, and if you must use them, do not use them as part of a join or any query that was marked as \u0026ldquo;using temporary.\u0026rdquo; Since MySQL 8, this is much better, but still be aware of the working set size increase.\nFor the various MySQL flavors remains an open TODO point to provide a more efficient (Postgres TOAST-like?) BLOB storage, in order to bring down storage overhead.\nAnother long-standing BLOB performance-related work item that is not linked to fragmentation would be to provide a \u0026ldquo;partial updates\u0026rdquo;/\u0026ldquo;BLOB streaming\u0026rdquo; API in the protocol, because this is another well-known point of inefficiency:\nTry to store a BLOB larger than max_allowed_packed in the database. Try to change 4 bytes at offset 32M in a 64M BLOB efficiently using MySQL protocol. If you do, and observe what happens on the wire, in memory and on disk, you\u0026rsquo;d be scared. Until it is fixed, use the filesystem or S3 for this, and store filenames or URLs instead.\nRecommendations? You probably do not need to care much about fragmentation if your database uses flash-based storage. InnoDB is relatively stable for DML workload, and OPTIMIZE TABLE is usually not worth the effort, unless you move a table to archive/read-only. You would do well to design for data density and temporal locality, bringing down working set size. Often this happens automatically when using auto_increment as a primary key. Even in MySQL 8, you would still do well to keep BLOB and TEXT fields out of main tables, or where it makes sense, out of the database completely. Server Side improvements needed:\nMySQL has no good instrumentation that can trace disk read requests by (ts, tablespace_id, page#), making it hard to estimate working set size, and derive an optimal instance size from it. You will need to patch the database server in order to grab this data. This needs fixing in the mainline server source. MySQL should have a UUID v1 and a UUID v4 data type, which would be a lot less error-prone that the current set of functions. This needs fixing in the mainline server source. MySQL has an abysmally underdeveloped BLOB storage and long-standing gaps in its BLOB access API (efficient partial updates, BLOB streaming). This needs fixing in the mainline server source. ","date":"2023-07-06T00:00:00Z","href":"https://blog.koehntopp.info/2023/07/06/mysql-innodb-fragmentation.html","tags":["lang_en","mysql","database"],"title":"MySQL: InnoDB Fragmentation"},{"categories":null,"content":"This is not much of a blog post, but just a thread dump from Mastodon as requested by a friend, because my Mastodon posts expire after some time.\nBased on my work and the people I know, I have some (remote) view into what happens in a few companies at the C- and Mid-Level management. And from where I sit, it seems the great resignation is not only a thing that affects workers, but also managers. It is almost funny.\nThese people are often pretty awesome administrative people. Mid-level managers with amazing Jira- and Miro-skills, breaking down large work parcels of well-understood jobs into team-sized packages, describing the requirements and planning the required hours, then mapping them onto calendars. Or budget jugglers that take large unstructured sums of cost, and find a way to parcel them out in a halfway reasonable way into individual cost centers and items.\nDigital and other transformations These companies are also all in a series of transformations, at all levels of the stack simultaneously.\nMany are moving on-premises workloads to cloud, but the workloads are not cloud-shaped. Two enterprises I happen to know about are also changing their implementation language from something exotic to something less efficient, but a lot easier to hire for. One enterprise is also breaking up a monolithic application into a set of microservices, but the cut lines are unclear and need to be found. One enterprise is modifying the way they do business from a single product to a series of interconnected and interdependent products, some of them in highly regulated markets. Another enterprise is changing the way they make their product from mostly manual labor into something based on sensor input and data science. These transformations require a different kind of manager: they need less of an administrative person, and more business process designer; they require a different kind of empowerment and delegation, from the top to them, and from them on downwards – much more autonomous on the delegation poker side;\nWhat is also needed is an entirely different kind of understanding of the company itself, less interchangeable business administration skills, and more business-specific skills about how the sausage is made.\nOn top of that are traditional hierarchies and communication structures that are based on in-person attendance and mostly oral tradition, and a skill-set that is well suited for the Clear and Complicated domains of the Cynefin-Model , but wrong for the Complex and Chaotic domains.\nThe Enterprise cannot perform the set of transitions it must execute to stay relevant, when the entire Org and the people that carry and build the structure of the Org are incapable of transforming their way of working to match the problem. So they leave.\nWhich for an organization that is in the Complex and Chaotic realm of a transformation makes the problem worse, because the intimate knowledge of the processes that make this company unique and competitive goes with them. The people coming in have to learn these things, but if the Org does not have written account of what matters and has no way of teaching these things that make this company special, it basically loses its specialty and becomes meaningless, interchangeable and then soon extinct.\nWhat Remote Work does for companies Funnily, companies that optimize for remote work are also companies that out of necessity optimize for a written instead of an oral culture. They tend to have very well documented ways of specifying and teaching what they do, why and how, and a proper self-service onboarding process complemented by a mentoring system – and that also works for mid- and C-level management.\nCompanies that optimize for remote are executing transformations easier because they understand their meta better. Many workers understand that. Maybe not in this way or even in words, but they can read the room, and they are reacting to their environment, especially the skilled ones.\nA preference for remote work is useful even, or especially, if you come into the office, because a company that can do remote properly understands what it does and how it works better than a company that executes \u0026ldquo;remote\u0026rdquo; with a \u0026ldquo;zoom harder\u0026rdquo; policy.\nInterviewing to find organizations that know their stuff So when you interview, these are useful and interesting questions:\nHow did your company change their way of working during Covid? How did your management style evolve under Covid and after? How do you detect misalignment, disagreement or conflict or other causes for in-person meetings when working remotely, and what are the ways you handle these situations? How do you evolve agreement from oral consensus to documentation to training material? How do you document and teach processes? How did your way of working as a person and as a member of the Org evolve in the last 5 years? What can you point to that illustrates process maturation and advancement? In what way did your Org execute transformations in the last five years? That certainly was not frictionless. What worked, what didn\u0026rsquo;t, what did the Org learn? If that reads a lot like a reverse interview – well, that\u0026rsquo;s what it is.\nBut the objective is clear: You want to find out if the org you are about to join has access to its own meta, and if it can change and consciously design its org structure, work, and communications culture.\nAll companies right now are executing a series of transformations at multiple levels of their business. That is because the world right now is a lot less stable than it used to be in the last 50 years. But only those that do not let these things happen to them, but are actively shaping the process will not be painful to work at.\nYou must find these early in the interview process.\nIn any case, the information you want to find when interviewing for a job is again:\n\u0026ldquo;Does this company shape itself and its future consciously? Does it design itself? Or does change happen to the org accidentally? Does it understand what it does, and why? Or are they winging it?\u0026rdquo;\nMost management is winging it, most companies are cheating their way to the next quarterlies.\nYou do your work, but you do have an understanding of what management is supposed to do. Does management understand their job, tho?\nCan you respect your current or future management? Can they express the value they provide in a way that is understandable and meaningful to you?\nCan they explain the business, and what specifically the competitive advantage is this org has within its own competitive set? Do they know why this differentiation exists, and how it is protected or extended? Do they understand in what way the structure they are building and upholding helps in doing this? And how it needs to change to be able to continue?\nBasically, you want to find out if they know the C-level strategy they exist in. If they know what direction everybody is supposed to march in, and what their local objectives are as a part of the greater whole. You need to find out if they have context that they are making local decisions in.\nIncidentally, it is this (and not ping-pong tables) that builds engagement and loyalty.\nPeople love to work for a company that understands how it functions, and can talk sensibly about this – about its business and communication processes, and the why and how of useful interaction.\nPeople love to work for organizations that have an idea of how to change and into what, instead of being shaped by accident.\nStressors Another contributing factor is that transformations interrupt the value extraction process of neoliberal shareholder value, and also upsets established hierarchies.\nShifting to the left side of the Cynefin model means you need smaller teams of higher qualified people. Teams that perform work in a way that is much harder to quantify, and create value that is hard to express in right-side organizational structures.\nThat is, shareholders and their demand for dividend and rising stock value interfere with the investment needs, increased risk and hard to measure gains that transformations require, and thus the owners of the enterprise are an impediment to the change that the company needs to be able to continue to deliver value to them.\nThat is, some individual owners always understand that problem, but the owners as a group don\u0026rsquo;t and can\u0026rsquo;t and are working against their own best interest.\nSide Remark: Similar structural pressure is currently visible in German society, at the \u0026ldquo;Berlin vs. Berlin Outskirts\u0026rdquo; conflict or at the national mobility and energy transformation.\nSide Remarks from the Pandemic Coping Discord A friend gives an example at the individual level IC: \u0026ldquo;The existing code is bad and undocumented. Three weeks for the fix, provided there are no landmines.\u0026rdquo;\nM: \u0026ldquo;So you commit to 3w?\u0026rdquo;\nIC: \u0026ldquo;No, because I don\u0026rsquo;t know if there are landmines. Usually there are.\u0026rdquo;\nM: \u0026ldquo;But I need a binding commitment to before the end of July!\u0026rdquo;\nThat\u0026rsquo;s lack of tech understanding paired with pressure from the shareholder end.\nAnother friend talks about Stressors M: \u0026ldquo;My personal theory is that we are running into some inherent limits of the current management model during the last decade and are now seeing stress fractures.\u0026rdquo;\nK: \u0026ldquo;But the question is where the stress is originating.\u0026rdquo;\nM: \u0026ldquo;Complexity (as observed at each management level).\u0026rdquo;\nK: \u0026ldquo;Ok, that matches what I think if you accept that it is these transformations that are causing the stress. What you call stress fractures I call transformation overload.\u0026rdquo;\nM (responding to the three-week-commitment example above): \u0026ldquo;A good example for what I mean by complexity at that management level: The manager can communicate only a scalar detail upwards, but the problem is a complex data object. The manager cannot report what happens nor the risk properly.\u0026rdquo;\nK: \u0026ldquo;A command and control management is unable to handle situations that require nuance and understanding of detail?\u0026rdquo;\nM: \u0026ldquo;Yes. Management level A needs to reduce their stress, and forces their lower level B to simplify. That increases pressure and stress at the level of B.\u0026rdquo;\nM: C has called this \u0026ldquo;driven by financials.\u0026rdquo; The only universal scalar is Euro, but expressing all things in Euros is becoming increasingly harder and is losing information.\nM: A lot of fighting and pressure is actually about \u0026ldquo;simplify your reporting\u0026rdquo; vs. \u0026ldquo;accept my complexity.\u0026rdquo;\nM: \u0026ldquo;This is also in part why we see a preference for managed services. They are an attempt to encapsulate complexity. Often that fails, and the complexity reappears and attacks the PO consuming that service.\u0026rdquo;\nC: \u0026ldquo;A way to solve the conflict is to ask more \u0026lsquo;Why\u0026rsquo; questions downstack, and to create more tasks that allow for interpretation.\u0026rdquo; That is basically a move to the left-hand side of Cynefin.\nM: \u0026ldquo;That requires a trust that is larger than Euro-Scalars. And ultimately that breaks at the shareholder-level, latest.\u0026rdquo;\nH2: \u0026ldquo;And non-technical management also believes these things are simple. Click here, and ChatGPT will develop the software autonomously. It\u0026rsquo;s those pesky IT people making all these things that complicated.\u0026rdquo;\n","date":"2023-06-22T00:00:00Z","href":"https://blog.koehntopp.info/2023/06/22/a-great-resignation-management-edition.html","tags":["lang_en","work"],"title":"A Great Resignation, Management Edition"},{"categories":null,"content":"This is what a self-driving car sees, or constructs from the sensor data it uses:\nScreenshot from How is LiDAR remote sensing used for Autonomous vehicles? Specifically, LIDAR data is supposed to be extremely accurate and fast, Lidar Data Accuracy claims 2-3cm resolution and many scans per second for aircraft LIDAR, and Assessing Vehicle Profiling Accuracy of Handheld LiDAR claims similar resolution for casual LIDARing crash scenes with Apple handheld hardware.\nAutonomous vehicles are using this data to detect other traffic, vehicles and persons, to classify them, and to model their behavior. For this, they are building a model of the world around them, in which the position and the speed vector of anything detected is very well known and tracked. It stands to reason that this is a very well-calibrated system, because if it were not, the car would build the world-model wrongly and hit other people or things.\nQuestions for self-driving car builders Detecting speeding while driving Albrechtstraße, driving towards Wenckebachstraße, in Berlin. To the right a playground. This road is a \u0026ldquo;30 zone\u0026rdquo;.\nConsider this car driving in a 30 zone in Berlin towards the main road. It is being passed on the left by another car, driving\n35 km/h 50 km/h 70 km/h In this situation, should the self-driving car send a report to the police for a traffic-violation (speeding) automatically? If yes, why at this threshold and not any other? If no, why should the car ignore this?\nDetecting speeding while parking Consider the same situation, but the car is parked in a GDPR-compliant \u0026ldquo;Sentry Mode\u0026rdquo;. That is, the car does not record any data from the public space, unless it has reason to (for example, because it is being burglared). But of course its sensors do not stop at a road boundary, and it still somehow notices the speeding happening.\nShould it report the traffic violation, or let it go? If it should let it go despite having a recording, why? If the threshold is different from driving, why?\nThe offending car could have been on auto, but it was not Consider the offending, speeding car to be a model at least as capable as the model doing the recording. It could drive autonomously, and if it were, it would have been following the posted speed limit of 30 km/h. But the driver disabled the autonomous mode and manually and willfully speeded.\nShould the driver be fined normally or get a different fine? Why?\nShould that car have reported itself and its driver? Why or why not?\nThe recording car is parked illegally The driver of the recording car tries to park illegally:\nWenckebachstrasse 1, Berlin. The driver tries to park to the right of the Seat and the red-white boundary.\nThe car has a map of legal parking spaces in the area available, and can position itself within 3 cm accuracy. The driver tries to park it to the right of the Seat and the red-white boundary. The car warns the driver, and is overridden. Behind the driver on the other side of the road is a playground. The building in front of the driver is the Wenckebach Hospital.\nShould the car self-report the parking violation? Should this include data about the driver? Should another car spotting this report the parking violation? Or should only a Scanauto report this once it spots it on its tour? Why or why not?\n","date":"2023-06-12T00:00:00Z","href":"https://blog.koehntopp.info/2023/06/12/what-to-do-with-self-driving-car-data.html","tags":["lang_en","bike","überwachung"],"title":"What to do with self-driving car data?"},{"categories":null,"content":"Just like your work computer is being infested with corporate malware as to prevent it from being taken over from other people\u0026rsquo;s malware, your account is also being spammed with corporate malware spam as to prevent it from being taken over by other malware spam. And just like corporate malware increases your machine\u0026rsquo;s attack surface , because it is badly written and running with privileges, corporate spam is a useless nuisance that doesn\u0026rsquo;t do what it is supposed to do .\nOf course, working in an enterprise, you will be subjected to such campaigns anyway. So the best outcome for you would be to identify a phishing training campaign when it runs the first time, and then upgrade your filters so that you will never be bothered again.\nThe good news is that all phishing training campaigns have automatically detectable traits, mostly X-Header lines, because the campaign needs to be able to deliver quantifiable results to the corporate overlords that pay for it. And of course, we can filter for these.\nThe X-Header What X-Header actually is being used depends a lot on the Phishing Training service provider your company is using. It may be something such as X-KnowB4 or X-PhishMe or similar. To find out what it is, you need to check the actual raw message content.\nIn Mail.app, select the message you have identified as phishing training mail, and select View -\u0026gt; Message -\u0026gt; Raw Source (⌥⌘U). Then check for lines that start with X- in the header that identify the training provider or reference \u0026ldquo;Phish\u0026rdquo;.\nSee Message Raw Source in Mail.app.\nIn Outlook for Mac, select the message you have identified as phishing training mail, and select View Source. Then check for lines that start with X- in the header that identify the training provider or reference \u0026ldquo;Phish\u0026rdquo;.\nSee Message Raw Source in Outlook for Mac.\nThe line you are looking for might be looking like this:\n*In our case, the line identifying the phishing training mails looks like X-Phishme: Phishing_Training. In fact, we only care about the presence of the X-PhishMe header line and the actual value after the : is completely irrelevant.\nThis header, in the exact spelling shown, is what we want. It is best to copy and paste it to prevent spelling errors.\nMail.app I\u0026rsquo;m on a Mac, and for a long time my corporate email was on Gmail. Unfortunately, Gmail cannot filter on arbitrary X-headers, and registering an application to OAuth against corporate mail is complicated. But Apple\u0026rsquo;s Mail.app comes preregistered, was allowed, and can filter.\nSo I can just sacrifice another 200 MB or so to the God of Better Mail and get proper filters in return. In any case, ⌘-, (\u0026ldquo;Cmd-Comma\u0026rdquo;) gives me the Rules menu, and from there I can Add Rule.\nYou would want to add a filter on the Header-Line X-PhishMe. For what, we want to create a rule that looks like this:\nThis is what our filter should look like, but it can\u0026rsquo;t. That is, because the first time around Mail.app does not know about this X- header.\nCurrently, your Mail.app does not yet understand this particular X-Header, so when you want to create this rule, you need to Edit header list....\nand then add the header to the list of known header lines:\nOnly now can you create the filter as shown above. In this example, I have moved the message to the Trash Bin, but you can choose any target you want. Whatever you do, make sure that the last action you choose is \u0026ldquo;Stop evaluating rules\u0026rdquo;, then hit OK.\nNow drag the rule up so that it becomes the first rule in the list.\nYou are done.\nOutlook In Outlook for Mac, also hit ⌘-, (\u0026ldquo;Cmd-Comma\u0026rdquo;) and choose Rules. Create a new rule and make sure it is enabled:\nThe rule should look like this:\nThat is, move the message to a folder of your choice, and make sure to enable \u0026ldquo;Stop processing more rules\u0026rdquo;. Make sure the rule is the first one in the list.\nYou are done.\nSummary All phishing trainings need to have uniquely identifiable marks in order for the training campaign to produce the required key performance indicators. We can find these labels and use them to filter. Our mailer will automatically ignore subsequent runs of the phishing training, for our peace of mind.\n","date":"2023-05-23T00:00:00Z","href":"https://blog.koehntopp.info/2023/05/23/getting-rid-of-phishing-training-mails.html","tags":["lang_en","security","spam"],"title":"Getting rid of phishing training mails"},{"categories":null,"content":"This is part 5 of a series.\n\u0026ldquo;1974 \u0026rdquo; on the traditional Unix Filesystem. \u0026ldquo;1984 \u0026rdquo; on the BSD Fast File System. \u0026ldquo;1994 \u0026rdquo; on SGI XFS. \u0026ldquo;Vnodes \u0026rdquo; on how to have multiple filesystems in Unix. Progress is sometimes hard to see, especially when you have been part of it or otherwise lived through it. Often, it is easier to see by comparing modern educational material and the problems discussed with older material. Or look for the research papers and sources that fueled the change. So this is what we do.\nFrontiers in the Nineties SGI\u0026rsquo;s XFS is pretty much the culmination point in filesystem technology for anything that does in-place updates. Extents, generous usage of B+-trees and lock splitting across allocation groups make it a great filesystem that is fast and scales well. The introduction of a metadata log allows it to recover quickly.\nThe Nineties were also busy with operating systems research. Specifically, cluster operating systems were very much en vogue: Tanenbaum was in Amsterdam, busy with Amoeba . Bell Labs was busy with Plan 9 . And at the UCB, Ousterhout was working on Sprite .\nAll were experimenting with cluster-unified filesystems, distributed processing, workload migration, and generally trying to build what 20 years later would become the Warehouse-Scale Computer .\nPart of the Sprite development at UCB, specifically, was the Log-Structured File System (LFS), and Mendel Rosenblum and John K. Ousterhout present it in this paper from 1992. This is a long paper, 27 pages, but if you read it with hindsight, you can really appreciate how enlightened it was.\nLFS Filesystems with in-place updates are in part already using logs for faster recovery in 1992. The paper poses the question \u0026ldquo;What if we had a filesystem that only had a log, and never did in-place updates?\u0026rdquo;, calling it a log-structured file system. It then proceeds to present an implementation and benchmarks for such a thing.\n\u0026ldquo;Reads are cached, only writes matter\u0026rdquo; In working with distributed operating systems, the Sprite team noticed that they have a lot of memory available. They found with increasing memory sizes, the probability of a file being served by the buffer cache instead of reading it from disk increased by a lot, and eventually almost all disk reads are being served from memory.\nWrites cannot be cached very well, and eventually they need to hit persistent storage, but with the reads being cached it would be worthwhile and possible to construct a filesystem optimized for writes.\nThe team also observes that CPU speeds grow exponentially, following Moore\u0026rsquo;s law. The same seems to be true for memory sizes, which being on-chip silicon structures also obey this law. But disks do not work that way. While their capacity grows, their transfer speed and seek time does not improve much, because mechanical parts do not obey Moore\u0026rsquo;s law. Disks are a problem: While linear writes perform well, seeks are slow and are not getting faster much.\nSo they propose never overwriting any data, but always appending changed blocks to the end of a log.\n“Ah you think the log is your ally? You merely adopted the log. I was born with it, designed for it.”\nGarbage collection Of course, disks in the Nineties were finite, as they are now. So there has to be a cleaner process that identifies, frees and compacts space that is no longer needed by any current view of the filesystem.\nThis is much like the Garbage Collection in Java Virtual Machines, which were invented around the same time. And much like the GC in JVMs, it would turn out to be the weak spot of the system.\nA lot of the paper busies itself with simulating workloads on the filesystem with different cleaner policies, and the team then lands on a system that very much evolves in the same way Java GC evolved, with a multi-tier compaction process that mirrors the \u0026ldquo;Young\u0026rdquo;, \u0026ldquo;Old\u0026rdquo;, and \u0026ldquo;Permanent\u0026rdquo; generations of Java objects. This is not entirely surprising from hindsight: Other, newer systems such as Cassandra, Zookeeper and other storages that use LSM Trees are using a very similar strategy with good success.\nSpecifically, LFS partitions the storage into contiguous segments, and cleans storage segment by segment:\nWe used a simulator to explore different cleaning policies and discovered a simple but effective algorithm based on cost and benefit: it segregates older, slowly changing data from younger rapidly changing data and treats them differently during cleaning.\nOther code takes multiple nearly empty segments of the same age and copies them together into a single segment, freeing up the others.\nThis creates a certain amount of background copy activity from the cleaner process. It also creates a race between the writers to the system using up free space, and the cleaner process trying to provide sufficient free space. If the system writes data heavily and free space goes down, the cleaner may need to be prioritized higher, consuming more I/O, in order to make sufficient progress in providing clean segments to write to. This will also slow down the writers.\nBenchmarks executed as part of the research show that the system can indeed write to disk at up to 70% of the theoretically available maximum bandwidth. But this is true only under ideal conditions. Also, the data is not stored in read-order at all, so read performance is only good if data is actually cached.\nSegments are sufficiently large to amortize the cost of seeking to them. In the Mid-Nineties, that meant a size of around 0.5 to 1 MB.\nCleaning is then a three-step process: After suitable segments have been identified from metadata, the cleaner reads multiple segments into memory, compacts them into a smaller number of segments, and writes them out to disk in a single large I/O operation. The old segments can now be marked as clean, and be returned to the free segment pool.\nUsing FFS data structures LFS uses data structures from FFS almost unchanged: The filesystem has superblocks, inodes, direct and indirect blocks, and uses the same structures for directories, too. All information changed is buffered and then written out sequentially in a single disk write that appends atomically and asynchronously to the log.\nNot overwriting things means duplicating things, so when a file grows by appending a block, the file\u0026rsquo;s inode changes. This means the block containing the changed inode needs to be written out again, together with block added to the file. LFS needs to keep track of inodes in an inode map, and this now also needs to be updated and written out: even if it is small enough to be cached in memory, it needs to be persisted.\nLFS does indeed do limited in-place updates: The superblock and checkpoint region are written in fixed locations.\nLFS stops short of also appending new copies of the inode map and ultimately the superblock for each disk write, and puts these things into fixed locations. So we do have in-place updates for certain limited metadata structures. This is unfortunate, as we will see when we are looking at LFS\u0026rsquo; legacy.\nSoft Updates In order for LFS to write out changes to data and metadata such as indirect blocks, direct blocks, inodes and directories, updates had to be written in the proper order, even if the entire write happened in a single big I/O operation. Writing out data \u0026ldquo;from the leaves of the filesystem tree to the top\u0026rdquo; sorts the updates in a way that made recovery easier, because each data structure that had pointers to dependent blocks would be written out only after these blocks had already been persisted.\nIt turns out that this logic also has merit for traditional filesystems that do in-place updates. It allows file system checking to go on in the background while the filesystem is already being made available, and it can eliminate almost all synchronous metadata updates in the filesystem.\nLFS in BSD The BSD FFS crew, also at UCB, was very aware of Ousterhout\u0026rsquo;s work, and picks it up the year after he publishes. They port the filesystem to BSD and write a 1993 paper about it Features and subsystems of BSD FFS are matched with the equivalent structures and concepts on the BSD LFS side.\nThey note a few shortcomings, and present improvements: The cleaner was single-threaded. No matter how many LFS filesystems were mounted, there was only a single cleaner process. Now there is one per mounted filesystem. They also provide a structural verifier for the filesystem, something similar to a fsck, but a thing that can run in the background, while the filesystem is mounted.\nAlso, the original LFS code was using more memory than necessary, and BSD LFS was made a lot more memory efficient.\nA lot of the paper is then a validation that their implementation is indeed a faithful port, and an improvement over original LFS, and benchmarking.\nThe benchmarks confirm improved write performance, but also show weakness concerning read workloads. This is for two reasons: data is possibly fragmented, and the file system buffer cache in their machines is often too small to soak up the disk reads. And secondly, when the cleaner process is running, it interacts badly with both the disk reads and writes via disk seeks, and that costs more performance than anticipated. This is in particular true for a database-like (TPC-B) benchmark load, which performs badly and requires extensive tuning.\nNotably, the paper already hints at several improvements:\nThere are two places where in-place updates still happen. By removing them, the filesystem would automatically become transactional and gain snapshot functionality. In fact, each disk write would eventually create a snapshot, and actually \u0026ldquo;snapshotting\u0026rdquo; the filesystem would simply mean to prevent the cleaner from collecting certain snapshots.\nAdding checksums to disk blocks already has happened in a few places. Turning this into a Merkle tree would be a trivial extension, and make validating the complete integrity not only of the structure, but also of the file data a lot easier.\nThe paper already notes that ordering writes in the log in a certain way makes background validation easier: If blocks being pointed to are written before blocks that point to them, referential integrity of the filesystem is being kept at all times. It is just that a transaction may be incomplete, but because it\u0026rsquo;s not referenced anywhere that is not a problem, and the disk blocks will be eventually collected and freed by the cleaner.\nNothing in this idea is actually dependent on the filesystem being LFS. In fact, it can and was successfully applied to BSD FFS, too, under the name of soft updates , allowing to mount unchecked filesystems and then running a check in the background.\nPerformance War While Seltzer, Bostic, McKusick et al., the original authors of the BSD FFS, were busy porting Sprite LFS to BSD, and tuning it, Larry McVoy and S.R. Kleiman pick up the BSD FFS sources at Sun and add support for extents to it. The resulting patch is tiny, and the work is being documented in Extent-like Performance from a UNIX File System .\nTo Seltzers chagrin, EFS often and consistently outperforms LFS, requires little to no tuning. In File System Logging Versus Clustering: A Performance Comparison this is confirmed, even if it takes a long paper with many benchmarks to arrive at this finding. The problem is mostly with the disk seeks induced from running the cleaner.\nIf only something could be done about this\u0026hellip;\nSomething could be done, but it would happen at Sun and NetApp, and not in BSD: We\u0026rsquo;re getting ZFS and WAFL.\nAlso, we\u0026rsquo;re getting things that can seek a lot faster than disks: Flash Storage.\n","date":"2023-05-17T00:00:00Z","href":"https://blog.koehntopp.info/2023/05/17/50-years-in-filesystems-towards-2004-lfs.html","tags":["lang_en","unix","filesystems"],"title":"50 years in filesystems: towards 2004 – LFS"},{"categories":null,"content":"This is part 4 of a series.\n\u0026ldquo;1974 \u0026rdquo; on the traditional Unix Filesystem. \u0026ldquo;1984 \u0026rdquo; on the BSD Fast File System. \u0026ldquo;1994 \u0026rdquo; on SGI XFS. Progress is sometimes hard to see, especially when you have been part of it or otherwise lived through it. Often, it is easier to see by comparing modern educational material and the problems discussed with older material. Or look for the research papers and sources that fueled the change. So this is what we do.\nHow to have multiple filesystems Steve Kleiman wrote \u0026ldquo;Vnodes: An Architecture for Multiple File System Types in Sun UNIX \u0026rdquo; in 1986.\nThis is a short paper, with little text, because most of it is listing of data structures and diagrams of C language struct\u0026rsquo;s pointing at each other. Kleiman wanted to have multiple file systems in Unix, but wanted the file systems to be able to share interfaces and internal memory, if at all possible. Specifically, he wanted a design that provided\none common interface with multiple implementations, supporting BSD FFS, but also NFS and RFS, two remote filesystems, and Non-Unix filesystems, specifically MS-DOS, with the operations being defined by the interface being atomic. And the implementations should be able to handle memory and structures dynamically, without performance impact, reentrant and multicore capable, and somewhat object-oriented.\nTwo abstractions He looked at the various operations, and decided to provide two major abstractions: The filesystem (vfs, virtual filesystem) and the inode (vnode, virtual inode), representing a filesystem and a file.\nIn true C++ style (but expressed in C), we get a virtual function table for each type, representing the class:\nFor the vfs type, this is a struct vfsops, a collection of function pointers with operations such as mount, unmount, sync and vget. Later in the paper, prototypes and functionality of these functions are explained. For the vnode type, likewise, we get struct vnodeops. The functions here are open, rdwr and close, of course, but also create, unlink, and rename. Some functions are specific to a filetype such as readlink, mkdir, readdir and rmdir. Actual mounts are being tracked in vfs objects, which point to the operations applicable to this particular subtree with their struct vfsops *.\nSimilarly, open files are being tracked in vnode instances, which again, among other things, have a struct *vnodeops pointer. vnodes are part of their vfs, so they also have struct *vfs to their filesystem instance.\nBoth, the vfs and the vnode need to provide a way for the implementation to store implementation specific data (\u0026ldquo;subclass private fields\u0026rdquo;). So both structures end with caddr_t ...data pointers. That is, the private data is not part of the virtual structure, but located elsewhere and pointed to.\nVnodes in action One full page in the paper is dedicated to showing the various structures pointing at each other. What looks confusing at first glance is actually pretty straightforward and elegant, once you trace it out.\nKleiman sets out to explain how things work using the lookuppn() function, which replaces the older namei() function from traditional Unix. Analogous to namei(), the function consumes a path name, and returns a struct vnode * to the vnode represented by that pathname.\nPathname traversal starts at the root vnode or the current directory vnode for the current process, depending on the first character of a pathname being / or not.\nThe function then takes the next pathname component, iteratively, and calls the lookup function for the current vnode. This function takes a pathname component, and a current vnode assuming it is a directory. It then returns the vnode representing that component.\nIf a directory is a mountpoint, it has vfsmountedhere set. This is a struct vfs *. lookuppn follows the pointer, and can call the root function for that vfs to get the root vnode for that filesystem, replacing the current vnode being worked on.\nThe inverse must also be possible: When resolving a \u0026ldquo;..\u0026rdquo; component and the current vnode has a root flag set in its \u0026ldquo;flags\u0026rdquo; field, we go from the current vnode to the vfs following the vfsmountedhere pointer. Then we can use the vnodecovered field in that vfs to get the vnode of the superior filesystem.\nIn any case, upon successful completion, a struct vnode* representing the consumed pathname is returned.\nNew system calls In order to make things work, and to make things work efficiently, a few new system calls had to be added to round out the interfaces.\nIt is here in Unix history that we get statfs and fstatfs, to get an interface to filesystems in userland. We also gain getdirentries (plural) to get multiple directory entries at once (depending on the size of the buffer provided), which makes directory reading faster a lot for remote filesystems.\nIn Linux Looking at the Linux kernel source, we can find the general structure of Kleiman\u0026rsquo;s design, even if the complexity and richness of the Linux kernel obscure most of it. The Linux kernel has a wealth of file system types, and added also a lot of functionality that wasn\u0026rsquo;t present in BSD 40 years ago. So we find a lot more structures and system calls, implementing namespaces, quotas, attributes, read-only modes, directory name caches, and other things.\nThe file Still, if you squint, the original structure can still be found: Linux splits the in-memory structures around files in two, the opened file, which is an inode with a current position associated, and the inode, which is the whole file.\nWe find instances of file objects, struct file, defined here . Among all the other things a file has, it has most notably a field loff_t f_pos, an offset (in bytes) from the start of the file, the current position.\nThe file\u0026rsquo;s class is defined via a virtual function table. We find the pointer as struct file_operations *f_op, and the definition here . It shows all the things a file can do, most notable, open, close, lseek and then read and write.\nThe file also contains pointers to the inode, struct inode *f_inode.\nThe inode Operations on files without the need of an offset work on the file as a whole, defined as struct inode *.\nCheck the definition here . We see other definitions in here that have no equivalent in BSD from 40 years ago, such as ACLs and attributes.\nWe find the inode\u0026rsquo;s class is defined via a virtual function table, struct inode_operations *i_op, and the definition here . Again, a lot of them deal with new features such as ACLs and extended attributes, but we also find those we expect such as link, unlink, rename and so on.\nThe inode also contains a pointer to a filesystem, the struct super_block *i_sb.\nThe superblock A mountpoint is represented as an instance of struct super_block, defined here . Again, the class is a struct super_operations *s_op, defined here .\nAs an added complexity, there is no finite list of filesystems. It is instead extensible through loadable modules, so we also have a struct file_system_type, here . This is basically a class with only one class method as a factory for superblocks, mount.\nSummary Unix changed. It became a lot more runtime extensive, added a lot of new functionality and gained system calls. Things became more structured.\nBut the original design and data structures conceived by Kleiman and Joy held up, and can still be found in current Linux, 40 years later. We can point to concrete Linux code, which while looking completely different, is structurally mirroring the original design ideas.\n","date":"2023-05-15T00:00:00Z","href":"https://blog.koehntopp.info/2023/05/15/50-years-in-filesystems-vnodes.html","tags":["lang_en","unix","filesystems"],"title":"50 years in filesystems: A detour on vnodes"},{"categories":null,"content":"This is part 3 of a series. The first part is \u0026ldquo;1974 \u0026rdquo;. The second part is \u0026ldquo;1984 \u0026rdquo;.\nProgress is sometimes hard to see, especially when you have been part of it or otherwise lived through it. Often, it is easier to see if you compare modern educational material, and the problems discussed with older material. And then look for the research papers and sources that fueled the change.\nIn Linux (and Unix in general), this is easy.\n1994 — The SGI XFS Filesystem In 1994, the paper Scalability in the XFS File System saw publication. Computers got faster since 1984, and so did storage. Notably, we are now seeing boxes with multiple CPUs, and with storage reaching into the Terabytes. The improvements to the 4.3BSD fast filing system (or the modified version in SGI IRIX called EFS) were no longer sufficient.\nSGIs benchmarks cite machines that had large backplanes with many controllers (one benchmark cites a box with 20 SCSI controllers), many disks (three-digit-numbers of hard drives), and many CPUs (the benchmarks quote 12 socket machines) with a lot of memory (up to one gigabyte quoted in the benchmarks).\nFilesystems became larger than FFS could handle, files became larger than FFS could handle, the number of files per directory led to large lookup times, central data structures such as allocation bitmaps did no longer scale, and global locks made concurrent access to the file system with many CPUs inefficient. SGI set out to design a fundamentally different filesystem.\nAlso, the Unix community as a whole was challenged by Cutler and Custer, who showed with NTFS for Windows NT 4.0 what was possible if you redesign from scratch.\nRequirements The XFS filesystem was a firework of new ideas, and a large deviation from traditional Unix filesystem design. The list of new things is long:\nFacilitate concurrency with allocation zones inode lock splitting facilities for large, parallel I/O requests, DMA and Zero-Copy I/O Scalability of access by building the filesystem around the concepts of B+-Trees Extents: pairs of (start, length) descriptors decoupling \u0026ldquo;file write\u0026rdquo; and \u0026ldquo;file layout\u0026rdquo; on disk to allow for contiguous files by using delayed allocation and preallocation. Introduce a write-ahead log to journal metadata changes log asynchronously to allow for write coalescence leveraging the log for recovery, so that recovery time is proportional to the amount of data in flight, not the size of the filesystem XFS was written with these requirements, and primarily in order to provide a filesystem that could leverage all the performance of large SGI boxes for video editing, video serving and scientific computing.\nA logging filesystem, but not a log structured filesystem This is also happening at about the same time as John K. Ousterhout asking \u0026ldquo;Why Aren’t Operating Systems Getting Faster As Fast as Hardware? \u0026rdquo;. Ousterhout started to explore the ideas of a log-based filesystem with the experimental Sprite operating system.\nLog-based filesystems are an extremely radical idea that we need to discuss later, even if they originally predate XFS by a bit. But they weren\u0026rsquo;t very usable originally, because they need different hardware which can offer a lot more disk seeks. Log structured file system ideas had to become a lot more refined to actually have an impact, so we are going to discuss them later in the series.\nWhat IRIX had before IRIX as coming already with EFS, the specially sauced-up version of BSD FFS that used extents. It suffered from an 8 GB filesystem size limit, a 2 GB filesize limit, and it could not utilize the full hardware I/O bandwidth, which made many customers of these fantastically expensive machines somewhat sad.\nDemands for video playback and from the database community led to requirements that stated the new filesystem needed to support hundreds of TB of disk space, hundreds of MB/s of I/O bandwidth and many parallel I/O requests in order to be able to saturate the hardware provided, and all this without running out of CPU.\nThe title of the paper is \u0026ldquo;Scalability in the XFS File System\u0026rdquo; and not \u0026ldquo;Implementation of …\u0026rdquo;, so it is more a show of the features provided and a superficial discussion of the implementation and the design decisions around it. It is not an in-depth discussion of the implementation, nor are extensive benchmarks provided.\nFeatures Large filesystems XFS supports large filesystems. Previous filesystems use 32-bit pointers to blocks. At 8 KB block size, with 32-bit block pointers, the limit is 32 TB.\nMoving to 64-bit block pointers would make many data structures multiple of 8 bytes in size, which seemed like a waste.\nFor concurrency (see below), XFS introduces the concept of allocation groups (AGs), which are always smaller than 4 GB. Allocation groups have local instances of the filesystem data structures, for example, inode maps or free block tracking. These are independently locked and so allow for concurrent operations in different allocation groups.\nAllocation groups also help to save on pointer sizes: Where possible, AG-relative block numbers are being used, and these always fit into 32-bit pointers. In fact, a 4G allocation group can have only 1M blocks or fewer blocks (at 4K minimum blocksize), so a single maximum sized extent within a single AG can be packed into 40 bits (5 bytes).\nThe maximum file size and filesystem size is 8 EB (2^63-1).\nBandwidth and Concurrency Concurrent operations are a design goal for XFS. 1994 is the age of 20 MB/s SCSI controllers, but SGI built machines with large chassis that could house many controllers and many drives. Benchmarks quote machines with an aggregate bandwidth of 480 MB/s delivering file I/O performance of over 370 MB/s with no tuning, including all overheads. This is quite an impressive result for everyday usage in 1994.\nXFS achieves this using large blocks (4 KB or 8 KB block size), and the concept of extents.\nExtents and B-Trees. Extents are a core concept in XFS. They are tuples, most of the time pairs of (startblock, length). For mapping file blocks to disk blocks (\u0026ldquo;bmap\u0026rdquo;), they are triples (offset, length, startblock). Using truncated values, because of the size limits imposed by the maximum AG size, they can describe a contiguous sequence of blocks up to 2M blocks in size in 4 bytes, which is a lot more efficient than what BSD FFS did before.\nExtents also allow XFS to do large I/O requests because they describe sections of contiguous blocks, making it easy to create read or write requests for several blocks apiece. It does I/O by default with 64 KB memory buffers, unless special provisions are being made to make them even larger.\nThe filesystem assumes an underlying disk structure with striping, and provides a number of 2 or 3 outstanding I/O requests to allow for concurrent I/O. It checks for backpressure, that is, it checks that the application is actually reading data. If it does, it issues additional read requests to keep the number of requests in flight at 3 by default, good for 192 KB in flight at once.\nGroups of Extents can be collected in linear lists, but that will lead to scaling problems. So XFS uses B+-Trees, which degrade to linear lists if there is only one single index block.\nUsually tuples are indexed on their first value, but for some structures such as free lists, multiple indexes are kept: It is useful to index free space by startblock for closeness, but also by length to fit free spaces in the right size.\nBreaking the single-writer inode lock Posix locks the in-memory inode to guarantee atomic writes . This makes sure any two large multiple-block writes always happen one-before-the-other.\nXFS also breaks the in-memory inode locks: Posix demands that large, overlapping, multiple block writes are totally ordered. When they overlap, it must not happen that there is a block soup of alternating blocks from write A and write B.\nThe default implementation in most kernels is simply a file-global lock placed at the in-memory inode, making sure there can be only one writer per inode. Implementers of databases hate that because it limits the write concurrency on any single file to One. This is, for example, why Oracle recommends that you make tablespaces from multiple files, each no larger than one GB.\nXFS, in O_DIRECT mode, removes this lock and allows atomic, concurrent writes, making database people very happy.\nDynamic Inodes and improved Free Space Tracking With large filesystems, you can never know: The applications may need a large number of inodes for many small files, or a small number of large files. Also, what is a good distance between the inode and the data blocks that belong to the file?\nThere is no good answer to the first question, and \u0026ldquo;as close as possible\u0026rdquo; is the answer to the second question. So XFS creates Inodes dynamically, as needed, in chunks of 64 inodes.\nThe relatively large inode size of 256 bytes (compared to 128 in BSD FFS and 64 in traditional Unix) is being compensated by the fact that XFS creates Inodes only as needed, and places them relatively closely to the file start. This frees up a substantial amount of disk space – in Unix filesystems with fixed inode counts as much as 3-4% of the disk space can be locked up in pre-allocated inodes. And even with cylinder groups, there will be considerable distance between an inode and the first data block.\nBecause inodes can reside anywhere on the disk and not just behind the superblock, they need to be tracked. XFS does with one B+-tree per allocation group. The tree is indexed by the start block, and records for each inode in the chunk if it is available or in-use. The inodes themselves are not kept in the tree, but in the actual chunks which are close to the file data.\nSimilarly, free space is tracked in chunks, and kept in per-AG trees, indexed twice: by start block and by length.\nWrite-Ahead Log Recovering a large filesystem after a crash can be slow. The recovery time is proportional to the size of the filesystem, and the number of files in it, because the system basically has to scan the entire filesystem and rebuild the directory tree in order to ensure things are consistent. With XFS, the filesystem also is a lot more fragile, as it provides a variable number of inodes, spread out non-contiguously over the disk. Recovering them would be extra expensive.\nUsing write-ahead logging for metadata, this can be avoided most of the time. Recovery time is proportional to the size of the log, that is, the amount of data in flight at the time of the crash.\nThe log contains log entries containing a descriptor header and a full image of all changed metadata structures: inodes, directory blocks, free extent tree blocks, inode allocation tree blocks, allocation group blocks, and the superblock. Because full images are stored in the block, recovery is simple: the recovery process simply copies these new, changes images into the place where they are supposed to be, without needing to understand what kind of structure it changes.\nThe trust of the authors into the log was huge: Initially XFS had no fsck program. This turned out to be overly optimistic, and so now xfs_repair exists.\nMetadata update performance XFS is logging metadata updates, which means they need to be written to the filesystem log. By default, this log is placed inline, in the filesystem. But it is also possible to take it out, and put onto other media, for example, flash storage or battery-backed memory.\nWrites to the log are asynchronous, if possible, but with partitions serving NFS they cannot be. Asynchronous writes allow for write batching, with speeds things up. But NFS servers profit a lot from accelerated log storage.\nBecause all metadata updates need to be logged, it can happen that intense metadata operations flood the log. A rm -rf /usr/src/linux for example is not an operation where XFS is particularly fast, because the metadata update stream will eventually overflow the log. And because everything else in XFS is parallel by AG, the log is usually the only source of contention.\nLarge files and sparse files In FFS, files are mapped by the classical dynamic array, with direct blocks and up to three levels of indirect blocks. With 64-bit filesize, this becomes unwieldy: there will be more than three levels of indirect blocks required, and a substantial number of blocks would be required what essentially becomes a list of incrementing numbers. FFS (and EFS) are also forced to layout blocks the moment each block is allocated in the filesystem buffer pool. So effectively, no attempt to contiguously layout files on disk is being made. Instead, blocks are placed individually.\nXFS replaces this dynamic array with extents.\nIn file placement maps, these mapping extents are triples (blockoffset, length, disk block). These extents are stored in the inode itself until this overflows. Then XFS starts to root a B+-tree of the mapping extents in the inode, indexed by logical block number for fast seeks.\nThis data structure allows compressing a substantial number of blocks (up to 2M blocks) in a single descriptor, assuming contiguous allocation is possible. So even large files could be stored in very few extents, in the optimal case one extent per AG.\nDelayed allocation and Preallocation for contiguous layout XFS also provides a new concept, delayed allocation, in which virtual extents can be allocated in the file system buffer pool. These are blocks full of yet unwritten data that have not been layouted, and hence lack a physical position. Only on flush these blocks are layouted, contiguously, and then written out linearly in large writes, to speed things up.\nThis is a fundamental change to how the filesystem buffer cache works – previously it was possible to use (device, physical block number) to identify buffer cache blocks and prevent duplicate buffer allocation. When porting XFS to Linux, the Linux kernel initially could not accommodate strategies that do not use such identification in the normal buffer cache, so at first XFS required a separate buffer cache. This got fixed later, as the porting progressed.\nTo ensure that files can be layouted without fragmentation, in a single extent, XFS aggressively preallocates storage for open files. The default amount of disk space preallocated is dependent on the amount of free space in the filesystem, and can be substantial.\nThe internet is littered with questions by XFS users asking where their disk space is, and the answer is always \u0026ldquo;in the open file handles of /var/log. Also, check the manpage for allocsize= and also check /proc/sys/fs/xfs/speculative_prealloc_lifetime .\u0026rdquo;\nLocality XFS does not use allocation groups for locality much. They exist mostly for concurrency. Instead, file placement is mostly around directories and existing blocks of the current file. The only exception is \u0026ldquo;new directories\u0026rdquo;, which are placed \u0026ldquo;away\u0026rdquo; from their parent directory by putting them into a different AG.\nIn large files, if new extents need to be placed, they go \u0026ldquo;initially near the inode, then near the existing block in the file which is closest to the offset in the file for which we are allocating space\u0026rdquo;, as the paper specifies. This places the inode close to the start of the file, and blocks added later to whatever is already present.\nLarge directories In the traditional Unix filesystem and in BSD FFS, directory name lookups are linear operations. Large directories slow this down a lot, for any kind of pathname to inode translation.\nXFS chose the ubiquitous B+-Tree as a structure for directories, too, but with a quirk: Since the keys are supposed to be filenames, a variable length structure, they would be completely different from all the other tree implementations in the filesystem. The XFS authors did not like this idea, so they are hashing the filename into a fixed 4-byte name hash, and then store one or more directory entries as (name, inode) pairs in the value.\nThere was some tradeoff discussion involved in this, but the authors found that short keys allow storing many entries per block, leading to wide trees, and thus faster lookups. They boast \u0026ldquo;We can have directories with millions of entries\u0026rdquo;, something that was previously unthinkable in Unix filesystems.\nA lot of code XFS Benchmarks in 1994 show nice and welcome linear scaling behavior that utilizes the hardware offered well. It handles well on large boxes with (for 1994) high core-counts.\nXFS is a large filesystem. Linux ext2 is only 5000 lines of kernel code (and about 10x this in user-land). XFS is 50.000 lines of kernel code, and that is without the IRIX volume manager XLV (in Linux, the XFS port uses LVM2 instead).\nXFS was released under the GNU GPL in May 1999, and was ported into the Linux kernel starting in 2001. As of 2014, it was supported in most Linux distributions and RHEL used it as the default filesystem. And even in 2024 it is still holding up reasonably well, on HDD and on flash.\nIt still is the filesystem with the best scaling behavior, the best concurrency behavior, and the most consistent commit times, which makes it the preferred filesystem for any kind of database usage. This is due to the elimination of several global locks that impair concurrent usage and performance in large filesystems, and due to the consistent use of B+-Tree structures with O(log(n)) scaling behavior where before algorithms with worse scaling behavior have been used. The use of extents also allows dynamically growing I/O sizes, benefiting throughput, and together with the novel idea of delayed allocation encourage contiguous file placement.\n","date":"2023-05-12T00:00:00Z","href":"https://blog.koehntopp.info/2023/05/12/50-years-in-filesystems-1994.html","tags":["lang_en","unix","filesystems"],"title":"50 years in filesystems: 1994"},{"categories":null,"content":"Electrive.net had an article about Copenhagen banning combustion engines in the city, starting 2030: (Article in German ). So I had to check what is the current state in Amsterdam.\nCurrent state The Netherlands has a central register for license plates. It is public, and anyone can check. There are many places that allow you to do that for car, not owner data. For example .\nThe city of Amsterdam also allows you to check if a given license plate is allowed to enter the cities milieuzone. You can check yourself . And so can any license plate scanner.\nIn the overview page for the milieuzone, the city helpfully explains:\nLet op: dat u de Milieuzone mag inrijden betekent niet dat u ook in aanmerking komt voor een parkeervergunning.\nAttention: Note that being allowed to enter the Environmental Zone does not mean you are also eligible for a parking permit.\nAfter 2030 The rules for the milieuzone are becoming stricter starting 2025 , and by 2030 no combustion engines are being allowed in the city at all.\nNL-wide license plate check for commercial vehicles . New lorries will need to be electric starting 2025 to be allowed into the city.\nExisting lorries will have to be Euro 6 or better. There are some more rules for easing the changeover. Starting 2030, no lorries with combustion engines are allowed into the city. Small commercial delivery vehicles (vans, Sprinters) with Diesel must be Euro 4 or better already. New cars must be electric starting 2025. Euro 5 is required starting 2027, Euro 6 starting 2028, no combustion starting 2028. Bus lines are in the process of being converted to electric, and this is nearly complete. It will be finished by 2025. Rules for charter buses are to follow. Taxis electric starting 2025. Tax incentives and better starting places as well as priority for parking and taxi licenses are provided already. This is going well, most Taxis are electric already. Scooters (25 km/h and 45 km/h) must be electric by 2025. Get a pedelec, maybe? Ships (tourist and transport) must be electric by 2025. Ferries over the river Ij are already being converted. 70% rebate for harbor fees for electric ships right now. Cars must be Euro 4 or better right now. Only electric cars are allowed into the city by 2030. Important advice Scanautos are being used to automatically enforce parking rules inside the city. They are checking around 800x more effective than an unaugmented parking enforcement human.\nIn Amsterdam, most major streets do not allow you to park on public ground. Side streets often have only a limited number of public parking spots, the others require a residential parking permit. Parking in parking structures or in the street costs around 50 Euro/day if you find a space.\nParking permits are not shown on the dashboard, and similarly, parking violations are not ticketed in paper behind the windshield wiper. Instead, everything is based on automated license plate scanning: Enter your license plate at the parking fee collector terminal, the scanauto will countercheck what it scanned with the central database.\nEnforcement is automatic , and the coverage is excellent. If you do not pay, or overpark, you will be caught.\nThat will cost you at minimum 72.90 Euros in punishment, plus fees, plus the unpaid parking fee. In total this usually ends up between 110 Euros and 150 Euros . The target for processing (between parking violation and notification) is officially two days. But it often is \u0026ldquo;while you still park\u0026rdquo; (20 minutes or less), so near realtime. This has the effect of ruining whatever you are currently doing in the city, so just park legally.\nS106, Overtoom. A major inroad into the city. Note how this is one lane per direction, and no parking at the side.\nThe cheapest way to do that is to park at a Park and Ride , and then take the tram or subway into the city. Or just use the bus, tram, subway or train, starting at your door.\nThe city does not believe into building roads to places that have more capacity than can be parked at the destination. So most major inroads into Amsterdam are single lane. Not only will you not be able to park in the city. Most likely, you will also hate every minute of getting there before you have to turn around. Be sensible, use OV.\nSummary Map of electric charge points in Amsterdam\nSo for anybody but private individual transport, Amsterdam will be fully electric by 2025, and the final conversion will take another 5 years. This is not an unrealistic goal. If you walk through the city, you can see how the conversion is already in full swing at an amazing and still increasing speed.\nThe city has built the required infrastructure in terms of charge points already, and provides maps to prove it.\nBut individual motorized transport does not scale to a city with the density of Amsterdam. Cities are for humans, not for cars, and Amsterdam makes it very clear that cars are not welcome. Use public transport to get around in Amsterdam. That is already fully electric, and except for the buses always has been.\n","date":"2023-05-11T00:00:00Z","href":"https://blog.koehntopp.info/2023/05/11/city-of-amsterdam-and-combustion-engines.html","tags":["lang_en","mobility","amsterdam","netherlands"],"title":"City of Amsterdam and Combustion Engines"},{"categories":null,"content":"\u0026ldquo;Computers are simple\u0026rdquo; is what I am telling people I train. \u0026ldquo;There are only Zeroes and Ones, and it is not getting much more complicated.\u0026rdquo;\n\u0026ldquo;But computers are hard\u0026rdquo;, they respond.\n\u0026ldquo;That is correct. In computer systems, complexity is almost never in the individual layers, but it comes from the width and breadth of the stack. It\u0026rsquo;s in the interactions of the components that we are putting together.\u0026rdquo;\nWhen you start with how a CPU is being built, and then put the layers of the stack on top of each other until you end up with a classical single-process application, in some object-oriented language, with a GUI – that\u0026rsquo;s around two to three dozen layers of abstractions piled on top of each other. Things that one could learn the internals of, and how they interact. But that\u0026rsquo;s only local, without network stacks, communication protocols, proxies, and without the peculiarities of distributed systems, which open up the same exercise, again, only across, not down.\nThere is a lot to be said about computer science as a science, because anything that complicated is working at all. All the interfaces, encapsulations, and abstractions are obviously good for something – as long as they don\u0026rsquo;t leak. When they do leak, things get weird, fast: One is making a small change somewhere in the stack, an epsilon, and somewhere else something acts up, non-linearly, and does a giant delta, and everybody is having a very sad day.\nSo if developers prefer to sit in enclosed offices, without a phone, and with soundproof headphones, that is because work on such systems is mostly to unfold the stack in your mind, and to anticipate what will happen on all the other layers when you write a line of code.\nThe Amazon Prime Video team publishes a paper With this as a background, one can now read \u0026ldquo;Scaling up the Prime Video audio/video monitoring service and reducing costs by 90% \u0026rdquo;, a writeup published by the Amazon Prime Video Streaming Team. They have implemented a functionality which probes frames from the video stream sent to customers, applies tests and recognizes certain artefacts that impair quality, so that they can be corrected.\nAmazon being Amazon, they have implemented that as a pile of microservices that interact in an event-driven architecture with lambdas and step functions, in order to shovel data from one S3 bucket into another, running the required analytics on the way. Notification about things found are being put on SNS.\nThat works as expected: The project was done exploratory, as a proof-of-concept, and they were able to show that it does what was requested.\nScaling up, they then found that the distribution of components was suboptimal: Lambdas and step functions are not good elements for batch processing video frames with ML detectors, because they have never been designed for this. They are good components for web applications.\nAlso, it turns out that S3 is not a good storage and communication mechanism for fast and very temporary IPC, because a web storage with low cost is optimized for low transaction rates, and it targets consumers that can tolerate high latency.\nThe article then presents a solution, which was to put all these things into a single container that are tightly coupled, and put them into ECS. Because the components are now within a single container, and hence on the same box, sharing the same memory, they now can exchange video frames via shared memory instead of pushing them through http and TLS over the network. Similarly, the lambdas and step function somewhere out on the network are now local procedure calls, or at least local RPC.\nObviously, that eliminates a lot of communication latencies because the high-rpm part of the distributed system is now a single local application.\nWhat was learned The surprising part, according to the team, was that this was a mostly painless process that required only minor code changes.\nConceptually, the high-level architecture remained the same. We still have exactly the same components as we had in the initial design (media conversion, detectors, or orchestration). This allowed us to reuse a lot of code and quickly migrate to a new architecture.\nthey summarize.\nAnd that is maybe the takeaway from this article: In a cleanly architected and properly encapsulated system, the components can be redistributed and rearranged with only minor code changes. We can change the layout of the system without having to start over. The architecture was not really changed, but mostly the components\u0026rsquo; deployment was rearranged.\nModulith A modulithic deployment of co-located microservices allows for easy scaling and rearrangement.\nUnfortunately, the subtitle of the article is \u0026ldquo;The move from a distributed microservices architecture to a monolith application helped achieve higher scale, resilience, and reduce costs\u0026rdquo;. This sets wrong expectations and makes it harder to pick up the actual learning.\nWhat the AWS Prime Video team arrived at is most closely described as a Modulith , only that they arrived at it the other way around. Fowler suggests you start Monolith first and then chisel off the components you identify as standalone subservices. They instead used pre-made AWS infrastructure components to build a highly modular prototype, and then identified tightly coupled components and merged their deployment without giving up the modular structure. Fowler himself points to an article by Sam Newman and the book that came from it as a way of doing this.\nThe result is not really a single-instance monolith, anyway. Components are merged into a single ECS container, but of course ECS will deploy it with the required degree of parallelism, and it is still part of a larger system that communicates in an event-driven architecture using lambdas and messages.\nSo if this article is anything, it is an example of the benefits good observability has, and how a good architecture allows you to rearrange the layout of well-isolated and structured components with clean interfaces at will. The application can be made to run on different substrates, in order to react to different demands of scale or changing business requirements.\nOr in other words, people who understand how their stuff works have few problems to adjust their application to changing requirements.\n","date":"2023-05-10T00:00:00Z","href":"https://blog.koehntopp.info/2023/05/10/its-a-modulith.html","tags":["lang_en","architektur","computer","software"],"title":"It's a Modulith"},{"categories":null,"content":"This is part 2 of a series. The first part is \u0026ldquo;1974 \u0026rdquo;.\nProgress is sometimes hard to see, especially when you have been part of it or otherwise lived through it. Often, it is easier to see if you compare modern educational material, and the problems discussed with older material. And then look for the research papers and sources that fueled the change.\nIn Linux (and Unix in general), this is easy.\n1984 — The BSD Fast Filing System The original Unix filesystem was doing well, but also had a large number of obvious problems. BSD Unix undertook an effort to fix them, and this is documented in the book \u0026ldquo;The Design and Implementation of the 4.3BSD UNIX Operating System \u0026rdquo; by Leffler, McKusick et. al. A more concise, but also more academic discussion can be found in the classic 1984 paper A Fast File System for UNIX , which lists Marshall McKusick, Bill Joy (then at Sun), Samuel Leffler (then at LucasFilm) and Robert Fabry as authors. The paper promises a reimplementation of the Unix filesystem for higher throughput, better allocation and better locality of reference.\nThe hardware It is 1984. The computers targeted by 4.3BSD are desktop and cabinet workstations. These are machines with 32-bit data registers and 32-bit address registers.\nExternal data and address bus sizes vary: Earlier 68k CPUs had smaller sized buses, but in 1984 the Motorola 68020 debuted. It was the first 68k to offer buses with the full width of 32 bits, at a budget of ca. 200k transistors on the die. Later the 68030 integrated the MMU, previously a separate chip, and the 68040 also integrated the FPU, again previously a separate chip.\nEarly Sun workstations, the Sun-3 series, feature these CPUs. But Sun took the designs from the experimental Berkeley RISC systems and released the Sun-4 series in 1986 with SPARC architecture RISC chips. SPARC architecture is not without compromises, but was very viable and saw continuous development until after the purchase of Sun by Oracle, which then killed both the SPARC, and later also the Itanium CPU architecture.\nCurt Schimmel discusses the tradeoffs made by SPARC in the MMU, register and memory access design, and why they made sense. See UNIX Systems for Modern Architectures . In between, in 1985, the MIPS architecture debuted, which is another series of RISC CPU architectures. It also starts out as a fully 32-bit type of system, and found use in SGI workstations.\nHP had another RISC-type of CPU, the PA-RISC, an outgrowth of their \u0026ldquo;Spectrum\u0026rdquo; research programme, coming to market in 1986 (and later replaced by Intel\u0026rsquo;s failed Itanium).\nSystems pioneer DEC themselves had the VAX, a 32-bit cabinet computer with a CISC CPU, and that since 1977 already. They would not go RISC until 1992, but then fully 64-bit with the Alpha AXP (\u0026ldquo;DEC Alpha\u0026rdquo;) architecture. While interesting, this did not last long: with the sale to Compaq in 1998, the CPU was discontinued, and the IP was sold to Intel in 2001.\nIn general, workstation type systems in 1984 had main memory in the low two-digit MB range, and ran at clock speeds of two-digit MHz system clocks.\n4.3BSD\u0026rsquo;s Fast Filing System The traditional filesystems shortcomings The 32-bit VAX systems were being used for typical 1980\u0026rsquo;s workstation work, which include things such as image processing or VLSI chip design. On these systems, the original Unix filesystem showed structural problems in keeping up with file size, I/O speed, and simple number of files. Also, the tiny 512-byte I/O size slowed disk subsystem performance considerably.\nThe paper mentions the strict segregation of filesystem metadata at the front of the file system from the actual data in the back part of the filesystem.\nA 150 MB traditional UNIX file system consists of 4 megabytes of inodes followed by 146 megabytes of data. This organization segregates the inode information from the data; thus accessing a file normally incurs a long seek from the file’s inode to its data. Files in a single directory are not typically allocated consecutive slots in the 4 megabytes of inodes, causing many non-consecutive blocks of inodes to be accessed when executing operations on the inodes of several files in a directory.\nThis defines one major goal for BSD FFS: Better filesystem layout, bringing metadata and data closer together, storing files in a single directory closer together, and preventing fragmentation of a file into small fragments that can be loaded only inefficiently.\nFragmentation: Initially, four files are being created, each using 2 blocks. Then the files B and D are being deleted. The free space is then being reclaimed by the three-block-sized file E, which is stored in non-adjacent blocks. This causes small disk seeks, and slow I/O.\nAnother goal stated is to increase disk block size. Larger disk blocks benefit throughput in two ways:\nLarger disk blocks provide larger units of I/O, so more data is transferred in a single I/O operation. Larger disk blocks also allow the filesystem to store more file pointers in an indirect block, greatly reducing the number of indirect block accesses. This is primarily a problem if indirect blocks are not cached in a file system buffer cache. The paper quotes the throughput of an already marginally optimized, traditional Unix filesystem at around 4% of the theoretical maximum, which is abysmally bad. This is mainly attributed to fragmentation, non-contiguous storage of adjacent blocks in a file. Defragmentation, already suggested in 1976, was discarded as a non-viable idea. The authors instead aim for a solution that places files sensibly in the first place.\nBSD FFS innovations Cylinder Groups and understanding CHS The BSD FFS understands the physical layout of a harddisk, with cylinders, heads and sectors (CHS). It divides the disk into cylinder groups, adjacent tracks of all disk heads.\nAs the disk rotates, various disk heads reach inside the platter stack like a comb. Each head marks a track on the disk, which is subdivided into physical disk blocks by the controller hardware. Together, all tracks marked by all heads form a cylinder. A cylinder group is a set of consecutive cylinders. (Image: OSTEP , page 3)\nEach cylinder group becomes a mini-version of a traditional Unix filesystem, with a copy of the superblock, its own local inode area, and local inode and block usage bitmaps. The usage of bitmaps is also novel, as they replace the free lists used in the traditional filesystem. As the filesystem has information about the CHS layout, it also makes sure that the superblock is not always placed on the same platter for each copy, trying to make the filesystem better redundant against harddisk failure.\nExcursion: Raid and other Efforts at Berkeley The RAID paper was published only several years later, but according to Katz was developed also in Berkeley, during the same time frame, 1983/1984.\nKatz also mentions that during that time Stonebraker was around, working on Ingres (a Postgres predecessor), and refers to his demands for low-commit latency as driving the attempts on improving disk bandwidth with FFS and, later, RAID. Serious work on the RAID taxonomy we know today did not begin before 1987, though.\nThe RAID paper was used by many startups and storage companies as the foundation of their development, among them NetApp, and EMC (via Data General\u0026rsquo;s Clariion Disk Array)\nBSD FFS not only understood CHS geometry of disks, but also processor speed and disk rotational speed. This allowed it to configure and record in the superblock an interleave factor to optimize disk I/O throughput.\nThe harddisk rotates continuously, but the CPU needs time to set up the next transfer. During this time the head may have moved already past the next block start boundary, and now the system would need to wait one full rotation to be able to write. Using an appropriate interleave factor, blocks of adjacent numbers are not stored adjacently on disk, but instead other blocks are interleaved in-between. This gives the CPU enough time to think and set up the next block transfer.\nThe faster the CPU, the lower the interleave factor required.\nAll of these optimizations became irrelevant relatively quickly the moment harddrives were sold with integrated controllers, started to lie about their CHS geometry and ultimately as linear block addresses (LBA) took over. But for ten to 15 years, this provided a nice performance advantage.\nLarge blocks, smaller fragments, and tail packing Internally, FFS uses logical blocks of at least 4 KB size. Anything with at least 4 KB block size can create files of 4 GB size with at most two levels of indirection.\nLarge blocks make for faster I/O, but they also come with storage overhead, as files grow in sizes of blocks. Since logical blocks in FFS are made up from multiple physical blocks, FFS introduces the concept of fragments to expose the smaller internal physical blocks. Through tail packing, the ends of multiple files can be stored together in the same logical block, using only as many physical blocks as necessary.\nAdditional logic was necessary to prevent a slowly growing file from going through phases of fragment-by-fragment growth and constant re-layouting. To overcome this, space is being pre-allocated to full logical blocks, and tail packing only happens on file close when the preallocation is canceled.\nLong Seek Layout Policy BSD FFS introduces a number of layout policies that control the placement of new directories, new files and the handling of large files. Global policies are mostly concerned with choosing a well-suited cylinder group to place data in, while local policies then handle the placement inside a cylinder group.\nThe new filesystem layout has cylinder groups. Each has their own inode table, and free space bitmaps for inodes and blocks. The filesystem aims to prevent fragmentation.\nThis is of course impossible in certain circumstances: If, for example, a cylinder group is 512 MB in size, and a file larger than 512 MB is to be written, it will use up one inode in that cylinder group, but all available free blocks are gone. If a second file is to be placed into this cylinder group, the inode can be used, but the data blocks for that file need to be placed somewhere else – which is undesirable.\nIt would be better to force a long seek, a switch from one cylinder group to the next, for large files. The filesystem would profit from forcing such a long seek every megabyte of filesize or so. This would use up free blocks from one cylinder group to the next, evenly, while at the same time leaving some number of free blocks for other files in each cylinder group.\nThis would, of course, fragment a file, on purpose, but also make sure the fragments are sufficiently large to allow large file I/O. Fragmentation (non-adjacent placement of blocks in a file) is only really a performance problem if the fragments are too small to be read efficiently.\nDirectory Layout Policy Files in the same directory are often used together. It is useful to place all files in the same directory together in the same cylinder group.\nOf course, when this is done, it is also necessary to put different directories into different cylinder groups, to ensure even use of the filesystem space available. That means a shell script such as\n#! /usr/bin/bash for i in $(seq -w 1 10) do touch file$i mkdir dir$i done will create ten files named fileXX, which will all be placed in the same cylinder group as the current directory.\nIt will also create ten subdirectories of the current directory named dirXX. Each of them will be placed in a different cylinder group, if possible. FFS will choose the cylinder group that has a greater than average number of free inodes, and the smallest number of directories already in it.\nThe actual choice of the inode in a cylinder group is \u0026ldquo;next available\u0026rdquo;, so pretty simple. But that is not a problem, because the whole cylinder group inode table fits into 8-16 blocks.\nFor placement of data blocks, a lot of effort is invested into finding rotationally optimal block, given the needed interleave factor for this machine.\nBSD FFS requires some free space to be available in the filesystem at all times. Many of its algorithms degenerate to the performance of the traditional file system if the filesystem fills up more than 90%.\nOther changes and improvements BSD FFS also removes several limits that came with the traditional filesystem.\nLong Inode Numbers and Block Addresses For example, Inode numbers are now 32-bit numbers . This increases the number of files possible per filesystem from 64 K to 4 G.\nThe size of an inode has doubled: It is now forced to be 128 bytes in size (with 20 unused bytes) Also, disk block addresses are now 4 bytes. At 4 KB block size, this is sufficient to account for 4 G blocks, or a maximum of 16 TB filesystem size.\nFile length is recorded in a quad, allowing for more than 4 G individual filesize.\nInodes now contain 12 direct blocks, and three types of indirect blocks. At 4 KB block size, this is good for 1024 block addresses per indirect block, resulting in 12 + 1024 + 1024^2 + 1024^3 = 1074791436 blocks per file, or a maximum filesize just north of 4 TB.\nUnix User-ID and Group-ID are still limited to a short, limiting the number of users and groups per system to 64 K.\nSpace has been preallocated for 8-byte timestamps, even if the time types in the inode are still limited to 4 bytes.\nLong filenames The traditional filesystem has directory slots of a fixed 16-byte length, with 2 bytes for the inode number and 14 bytes for the filename.\nBSD FFS defined a more complex directory entry structure . A single entry contains a 4-byte inode number, a 2-byte record length and a 2-byte name length, and then the actual filename. Filenames are limited to 255 bytes for each pathname component, and directory entries are rounded up in length to the next 4-byte boundary.\nDirectories are still essentially a linked list, and searching for names in large directories is slow.\nSearching for free space in directories is now more complicated: To create a new directory entry, we now need to search through the directory from the start, trying to find a gap in the current structure that is large enough for the name we are being asked to create. If none is found, the new name is appended at the end, growing the directory in size.\nFree space in directories is never reclaimed through compaction, only eventually re-used if a new name happens to fit.\nSymlinks The traditional filesystem allowed a file to have multiple names, using the link() system call and the hardlink mechanism. Hardlinks are limited in number (a short, so 64 K names).\nThey can be lost accidentally, for example, by saving a hardlinked file with certain editors. If the editor does write a file as filename.new, then unlinks the old filename and moves the new file into place, the hardlinked nature of the file will be modified.\nHardlinks also reference the original inode of the file multiple times, so they cannot span filesystem boundaries.\nBSD introduces a new filetype (l, symlink), and places a \u0026ldquo;replacement filename\u0026rdquo; in the linked file, which determines the link target location. It can be an absolute or relative name (relative to the location of the symlink file).\nThis creates a \u0026ldquo;soft\u0026rdquo; or \u0026ldquo;symbolic link. Trying to access a symlink will kick off a reinterpretation of the filename in namei() using the replacement filename, resulting in the attempted open() system call being deflected to the link target location.\nSince the deflection happens in namei(), which can traverse filesystem boundaries, the new link type is not subject to the single filesystem limitation. It is also not counting towards any link count limits.\nRename System Call BSD introduces the rename() system call, which previously needed to be implemented as a library function using calls to unlink() and link(). Since this uses more than one system call, the operation is not atomic: It is subject to partial execution, and it is subject to malicious interferences, because it is a multistep process.\nQuotas BSD also introduces the idea of filesystem usage quotas: These are soft and hard limits on the number of files and the amount of disk space that a user or a group can use.\nIn order to implement them in a useful way, the behavior of the filesystem had to be modified:\nIt is now a privileged operation to change the owner of a file away from oneself. Without that, it is possible to create a directory that is only accessible for oneself, and then gift all files in it to another user. The files would then count against that user\u0026rsquo;s quota. Similarly, it is now no longer possible to change the group membership of files to just any group. Instead, only groups from the user\u0026rsquo;s group set can be used. And finally, new directories and files inherit their group from their parent directory, not from a users primary group. That way, project directories would contain files counting against a project\u0026rsquo;s quota, not a user\u0026rsquo;s primary group quota. Advisory Locking Advisory file locking is already introduced in 4.2BSD. For this, the new flock() syscall has been implemented.\nLocks can be shared (read locks) or exclusive (write locks). They always apply to the entire file, and not to byte ranges. No deadlock detection is attempted. They are tied to a file descriptor. So when a process dies, its file-handles are automatically closed, which also automatically releases all locks held. This is very robust, until dup() and fork() are coming into play. Posix later tried to improve on this, introducing a second, completely different system of locks, using fcntl(). This is flawed in different ways, but can do byte-ranges, and it implements some rudimentary deadlock detection.\nKernels that implement both systems such as Linux now have two different, incompatible file locking implementations that do not know of each other.\nThis article discusses all of this some more, and has example programs.\nPerformance The authors note the following advantages in their paper:\nls and ls -l are fast, because the inodes of the files in a single directory are within the same cylinder group. Hence, reading and listing a directory is very low on seeks, and on seek distance (except for subdirectories, which are guaranteed to be far away). They measure a 8x speedup for directories without subdirectories. Utilization of the theoretical maximal bandwidth increased from 3% in the traditional filesystem to 22% or even 47%, depending on the controller hardware used. The authors are very proud of the results because they have been achieved on an actual production system with real user production data being layouted, and not on a synthetic benchmark layout. Throughput is stable over the lifetime of the filesystem, as its file population changes. This solves the main drivers for the improvements: Better throughput and a stable layout that does not degrade performance over time.\nAdditionally, a number of quality-of-life enhancements have been made, enabling more comfortable working in groups, and unlocking new functionality.\nWhile Linux contains no BSD code, the ext2 filesystem is pretty much an implementation-blind rewrite of the BSD FFS for Linux, recreating the features as described in the literature without using any BSD code.\nBoth BSD FFS and Linux ext2 are still non-logging filesystems that require a filesystem check after a crash. They also cannot deal well with directories with many entries, and deal only slightly better with deep directory hierarchies. Additional changes are required to enable truly large filesystems in order to keep up with increasing storage sizes.\nAlso, other limitations of more hidden nature still apply: Several places in the filesystem code are guarded by locks that make scaling certain operations hard on systems with high concurrency.\nIt would take another ten years, until 1994, for SGI\u0026rsquo;s XFS to tackle these things.\n","date":"2023-05-06T00:00:00Z","href":"https://blog.koehntopp.info/2023/05/06/50-years-in-filesystems-1984.html","tags":["lang_en","unix","filesystems"],"title":"50 years in filesystems: 1984"},{"categories":null,"content":"Progress is sometimes hard to see, especially when you have been part of it or otherwise lived through it. Often, it is easier to see if you compare modern educational material, and the problems discussed with older material. And then look for the research papers and sources that fueled the change.\nIn Linux (and Unix in general), this is easy.\n1974 - Unix V7 File System We find the Unix Version 7 Research Release in Diomidis Spinellis unix-history-repo . If we are reading The Design of the Unix Operating System by Maurice J. Bach , we would want to look at the Research V7 Snapshot branch of that Repository.\nMachines It is 1974. Computers have a single \u0026ldquo;core\u0026rdquo;, the central processing unit. In some computers, this is no longer a device with parts, such as boards for the arithmetic logic unit, registers, sequencers and microcode memory, but a single integrated chip. The new devices are called microcomputers, as opposed to the older generation of minicomputers. These new CPUs sometimes have thousands of transistors on a single chip.\nKernels In Unix, we are dealing with system resources as configured in a header file. Default values are shown here, and the data structures are arrays, with the values shown being the respective array sizes. To change them, you edit the file, recompile and relink the kernel, and then reboot.\nWe have a file system buffer cache using NBUF (29) disk blocks of 512 bytes. We have an inode array of NINODE (200) entries, and we can mount up to NMOUNT (8) filesystems concurrently. A user can have MAXUPRC (25) processes running, for a total of NPROC (150) system processes. Each process can have up to NOFILE (20) files open.\nReading Bach and the original V7 sources is interesting, despite the fact that things are completely outdated, because a lot of core concepts are much clearer, and a lot of structures are a lot simpler. Sometimes even archaic. But this is what defines the behavior of Unix File Systems, to this day, because the accidental behavior of V7 Unix became immortalized in the POSIX standard, and every file system after had to conform to it. Check But Is It Atomic? for an example.\nCore Concepts The basic concepts and structures of Unix Filesystems are from this time, and from this system. Some of them exist even in modern systems.\nThe disk is an array of blocks. It begins at block 0, and stretches to block n. At the beginning of the filesystem we find the superblock . It is located at block number 1 of the filesystem. The mount system call finds an empty mount structure, reads the superblock off disk and keeps it as part of the mount structure.\nInode The in-memory superblock has fields for an array of inodes (a short) on disk. An inode is a structure that describes a file as a variable length array of blocks, and some metadata.\nstruct dinode { unsigned short\tdi_mode; /* mode and type of file */ short\tdi_nlink; /* number of links to file */ short\tdi_uid; /* owner\u0026#39;s user id */ short\tdi_gid; /* owner\u0026#39;s group id */ off_t\tdi_size; /* number of bytes in file */ char di_addr[40];\t/* disk block addresses */ time_t\tdi_atime; /* time last accessed */ time_t\tdi_mtime; /* time last modified */ time_t\tdi_ctime; /* time created */ }; #define\tINOPB\t8\t/* 8 inodes per block */ /* * the 40 address bytes: *\t39 used; 13 addresses *\tof 3 bytes each. */ The inode as it appears on disk. 8 inodes fit into a 512-byte disk block, so they are aligned at 64 byte boundaries.\nThe inode array on the filesystem has a short count, so there can be up to 65535 inodes in a filesystem. As each file requires an inode, there can only be that many files per filesystem.\nEach file has some fixed properties:\n(2 bytes) a mode (the file type and access permissions combined). (2 bytes) a link count (nlink), the number of names this file has. (2 bytes) a uid, the owner. (2 bytes) a gid, the owner\u0026rsquo;s group id. (4 bytes) a size, the length of the file in bytes (defined as an off_t, a long) (40 bytes) an addr array of disk block addresses (3x 4 bytes) three times, an atime (access time), mtime (modification time) and ctime (supposedly create time, but really the time of the last inode change). for a total size of 64 bytes.\nbmap() The addr array contains 40 bytes, but it stores 13 disk block addresses, each using 3 bytes. This is good for 24 bits, or 16 megablocks of 512 bytes, each, for a total filesystem size of 8M kilobytes, or 8 GB.\nFront panel of a PDP-11 RL02 disk drive, from pdp-11.nl .\nFor comparison, a PDP-11 RL02K disk cartridge held 10.4 MB, but the newer RA92 could store 1.5 GB.\nThe addr array is being used in the bmap() function . The function consumes an inode (ip) and a logical block number bn and returns a physical block number. That is, it maps a block in a file to a block on a disk, hence the name.\nThe first 10-block pointers are stored directly in the inode. That is, to access for example block 0, bmap() will look up di_addr[0] in the inode and return this block number.\nAdditional blocks are stored in an indirect block, and the indirect block is stored in the inode. For even larger files, a double indirect block is allocated, and points to more indirect blocks, and finally very large files need even triple indirect blocks.\nThe code first determines the number of indirections , grab the appropriate indirect block , and then resolve the indirection the appropriate number of times.\nThis results in the following famous picture:\nOriginal Unix file structure with increasing numbers of indirect accesses for increasingly larger files. This forms a compressed array, where short files can be accessed directly with data from the inode, whereas larger files are using increasingly indirect access. For performance, it is crucial to keep indirect blocks in the file system buffer cache.\nHow this scales is dependent on the block size (512 bytes back then, 4096 bytes these days), and the size of a block number in bytes (originally 3 bytes, later 4 or even 8 bytes).\nAtomic writes Writes to files happen under a lock, so they are always atomic. This is true even for long writes, which span multiple block boundaries, and is discussed at length in But Is It Atomic? .\nThis also means that even with multiple writer processes, on a single file there can be only ever one disk write active at any point in time. This is very inconvenient for authors of database systems.\nNaming files A directory is a file with a special type (directory), and a fixed record structure .\n#ifndef\tDIRSIZ #define\tDIRSIZ\t14 #endif struct\tdirect { ino_t\td_ino; char\td_name[DIRSIZ]; }; A directory entry contains an inode number (an unsigned int), and a filename which can be up to 14 bytes long. This fits 32 directory entries into a disk block, and 320 directory entries into the 10 disks blocks that can being referenced by the direct blocks of a directory file.\nThe lower filesystem is a sea of files. Files have no names, only numbers.\nThe upper filesystem uses a special type of file, with a simple 16-byte record structure, to assign a name of up to 14 characters to a file. A special function, namei() converts a filename into an inode number .\nPathnames passed to namei() are hierarchical: they can contain / as a path separator, and they are being terminated by \\0 (nul). Pathnames either start with /, in which case the traversal begins at the filesystem root, making the filename absolute. Or they do not, in which case traversal starts at u.u_cdir, the current directory.\nThe function then consumes pathname component after component, using the currently active directory and searching linearly for the name of the current component in that directory. It ends when the last pathname component is found, or if at any stage a component is not found. It also ends, if at any point in time, for any directory in the path, we have no x-permission .\nSome entries are magical : They are mountpoints. When we encounter them, we change from the directory entry of the current node and filesystem to the root inode of the mounted filesystem. This makes all filesystems in Unix appear as a single tree, and \u0026ldquo;drives are changed\u0026rdquo; by simply going to a different directory.\nThe function ultimately returns a pointer to the inode for the given pathname, creating (or deleting) the inode (and directory entry) if necessary and desired. It is a centralized point for directory traversal and access permission checks.\nNovel ideas and Limits This very early Unix filesystem has a number of very nice properties:\nIt presents multiple filesystems as one single unified tree.\nFiles are structureless arrays of bytes.\nThese arrays are stored internally in a variable depth dynamic array, using a system of increasingly deeply nested indirect blocks. This allows O(1) disk seeks.\nLower filesystem (creating files) and upper filesystem (structuring files into a tree) are clearly separated.\nPathname traversal is the only way to get an inode, and along the way permissions are always checked.\nThere are very few characters in filenames that are special, / and \\0 (nul).\nWe also have clear limitations:\nFiles can only have 16M blocks. Filesystems can only have 65535 inodes, which is very limited. And there are a number of annoying limitations:\nThere can be only one writer active per file, which kills concurrency.\nDirectory lookups are linear scans, so they become very slow for large directories (more than 320 entries).\nThere is no system for mandatory file locking. There are several systems for advisory file locking.\nAnd a few quirks:\nThere is no delete() system call. We have unlink(), which removes a file name, and files that have zero names and zero open file handles are being automatically collected. This has a few unusual consequences, for example, disk space is only freed if a completely unlinked file is also completely closed. Generations of Unix sysadmins have asked where their disk space is, when a deleted log file in /var/log was still kept open by some forgotten process.\nInitially there is no mkdir() and rmdir() system call, which leads to exploitable race conditions. This is fixed in later versions of Unix.\nThere are a few operations that are accidentally atomic (like the write(2) system call), or have been made atomic after they have been exploited (mknod(2) and mkdir(2)).\nStructurally, it is annoying that the inode table and free maps for blocks and inodes are at the beginning of the filesystem, and disk space is allocated linearly from the front of the disk, too. This leads to a seek intense structure, and enables filesystem fragmentation (in which files are being stored in non-adjacent blocks).\nTraversing a directory structure means reading a directories inode at the beginning of the disk, going to the data blocks further back, then reading the next inode of the next pathname component from the beginning of the disk, and going back the data blocks in the back. This goes back and forth, once for each pathname component, and is not necessarily fast.\nToday, and Improvements The PDP-11 V7 Unix filesystem got a faithful reimplementation as the minix filesystem, with all its limitations. In modern Linux, it has been removed from the kernel source tree because it is no longer useful.\nWe will see in a later article about the BSD fast filesystem, how the data can be better layouted on disk, how we can implement longer filenames, more inodes, and how we can speed things up a bit by taking physical properties of the disk into account.\nOnly even newer filesystems will be dealing with linear directory lookup times, single writers or limited file metadata.\n","date":"2023-05-05T00:00:00Z","href":"https://blog.koehntopp.info/2023/05/05/50-years-in-filesystems-1974.html","tags":["lang_en","unix","filesystems"],"title":"50 years in filesystems: 1974"},{"categories":null,"content":"Back in October last year, I had been speaking to a few long-time friends at SeveralNines for a podcast. The recording is now out, and you can listen to it at this location or in the Podcast Player of your choice.\nBooking.com, Part 1 - Running data infrastructure at an Enterprise scale Booking.com, Part 2 - How Booking.com built their own Sovereign DBaaS at scale ","date":"2023-04-04T00:00:00Z","href":"https://blog.koehntopp.info/2023/04/04/mysql-sovereign-dbaas-decoded.html","tags":["lang_en","mysql","database"],"title":"MySQL: SeveralNines Podcast with Kris"},{"categories":null,"content":"Based on a discussion on IRC and Mastodon: \u0026ldquo;How can I get access to the return values of my (Python-) programs functions?\u0026rdquo; And more generally, how can I trace function execution in Python, showing function parameters and return values?\nPyCharm builtin method Of course, you can always simply turn on this in the PyCharm debugger:\nPyCharm, Debug Window, Gear Icon, \u0026ldquo;Show Return Values\u0026rdquo;\nDo it yourself: sys.settrace() (via Peterkelly ): Python has a built-in API for tracing: sys.settrace() .\nHere\u0026rsquo;s an example of how to use it:\ndef mytrace(frame, event, arg): if event == \u0026#34;call\u0026#34;: print(\u0026#34;call\u0026#34;, frame.f_code.co_name, frame.f_locals) elif event == \u0026#34;return\u0026#34;: print(\u0026#34;return\u0026#34;, frame.f_code.co_name, arg) return mytrace import sys sys.settrace(mytrace) def fac(n: int) -\u0026gt; int: if n == 1: return 1 else: return n * fac(n - 1) if __name__ == \u0026#39;__main__\u0026#39;: result = fac(3) print(f\u0026#34;{result=}\u0026#34;) This will output:\ncall fac {\u0026#39;n\u0026#39;: 3} call fac {\u0026#39;n\u0026#39;: 2} call fac {\u0026#39;n\u0026#39;: 1} return fac 1 return fac 2 return fac 6 result=6 Do it yourself: @logging You can also implement such a thing from first principles, in Python:\nimport functools def args_to_str(*args): return \u0026#34;, \u0026#34;.join(map(str, args)) def kwargs_to_str(**kwargs): ret = \u0026#34;\u0026#34; for k, v in kwargs.items(): ret += f\u0026#34;{k}={v},\u0026#34; return ret[:-1] def logging(func): func.__indent__ = 0 @functools.wraps(func) def wrapper_logging(*args, **kwargs): func_indent = \u0026#34; \u0026#34; * func.__indent__ func.__indent__ += 2 func_name = func.__qualname__ func_args = args_to_str(*args) func_kwargs = kwargs_to_str(**kwargs) print(f\u0026#34;{func_indent} -\u0026gt; Enter: {func_name}({func_args}\u0026#34;, end=\u0026#34;\u0026#34;) if func_kwargs != \u0026#34;\u0026#34;: print(f\u0026#34;, {func_kwargs}\u0026#34;, end=\u0026#34;\u0026#34;) print(\u0026#34;)\u0026#34;) result = func(*args, **kwargs) print(f\u0026#34;{func_indent} \u0026lt;- Leave: {func_name}({result})\u0026#34;) return result return wrapper_logging @logging def fac(n: int) -\u0026gt; int: if n == 1: return 1 else: return n * fac(n - 1) if __name__ == \u0026#39;__main__\u0026#39;: result = fac(3) print(f\u0026#34;{result=}\u0026#34;) This makes use of @functools.wraps() to define a decorator , @logging. It also leverages the fact, that anything, including a callable, can have properties, which we are using to maintain an indent count in func.__indent__. This is initialized to 0, and then incremented by 2 for each call in the call stack. Unwinding the call stack resets the counter, so we don\u0026rsquo;t have to do that manually.\nWe have two helper functions to turn the functions *args and **kwargs into proper strings, and we access func.__qualname__ to get the functions name . We are using __qualname__ to handle inner functions properly here, even if that is sometimes creating less readable output.\nRunning the code results in\nOutput from the Python program above shows function calls and results.\nUsing autologging The autologging package makes this simpler, even if it lacks the nice indentation.\nOur code becomes much shorter:\nimport logging import sys from autologging import logged, traced, TRACE logging.basicConfig( level=TRACE, stream=sys.stdout, format=\u0026#34;%(levelname)s:%(name)s:%(funcName)s:%(message)s\u0026#34; ) @logged @traced class Fac: def __init__(self): pass def fac(self, n: int) -\u0026gt; int: self.__log.debug(\u0026#34;OHAI\u0026#34;) if n == 1: return 1 else: return n * self.fac(n - 1) if __name__ == \u0026#39;__main__\u0026#39;: f = Fac() print(f.fac(10)) We get to use a new loglevel TRACE, and import @logged and @traced decorators from the package. After setting up a log channel with proper formatting, we can mark functions with the decorator, get their execution traced and can simply log.\nThe output:\nOutput of our program using the autologging package.\nUsing icecream At this point Andreas Thienemann mentioned icecream, which is remarkable comfortable. Versions of icecream exist for many programming languages, so this is not Python specific.\nfrom icecream import ic ic.configureOutput(includeContext=True) class Fac: def __init__(self): pass def fac(self, n: int) -\u0026gt; int: ic(n) if n == 1: return ic(1) else: return ic(n * self.fac(n - 1)) if __name__ == \u0026#39;__main__\u0026#39;: f = Fac() print(f.fac(10)) Icecream defined a function ic(), which you can call with parameters (ic(n), ic(1), and ic(n * self.fac(n - 1))), or without (ic()). The function will print its parameters, just like a debug print, or when called without parameters, just log its execution including source file and line. Options to prettify the output exist.\nThe package also provides a function install(), which will simply make ic() available as a builtin:\nfrom icecream import ic install() # this basically does builtin.ic = ic # ic() is now available in all your modules # without having to include it in every submodule. The output looks like this:\nRunning our code with icecream produces this output, nicely colorized and pretty printed. We enabled includeContext=True, so we also get file names and line numbers.\nsnoop and birdseye Of course, this is not the end of it. The package snoop provides tracing of one or all functions, comes with its own version of icecream called pp (PrettyPrint). Using pp.deep(), it will show expression evaluation step by step.\nfrom snoop import pp pp.deep(lambda: x + 1 + max(y + 2, y + 3)) logs\n12:34:56.78 LOG: 12:34:56.78 ............ x = 1 12:34:56.78 ........ x + 1 = 2 12:34:56.78 ................ y = 2 12:34:56.78 ............ y + 2 = 4 12:34:56.78 ................ y = 2 12:34:56.78 ............ y + 3 = 5 12:34:56.78 ........ max(y + 2, y + 3) = 5 12:34:56.78 .... x + 1 + max(y + 2, y + 3) = 7 Snoop understands Python: It shows not just file numbers, but actual code call context, parameters. It handles debugging Decorators, can log Exceptions properly, and can log call stacks of a configurable depth.\nCheck out the examples in the link above.\nbirdseye is a continuation of snoop to the extreme, and integrated with it. It captures the same data as snoop, but logs it to a SQLite file in your $HOME. It will then allow you to start a flask-based Webserver on port 7777 to evaluate the trace file and replay it step by step.\n@spy allows you to run snoop and birdseye in tandem.\nfrom birdseye import eye from snoop import snoop, spy @spy def fac(n: int) -\u0026gt; int: if n \u0026lt;= 1: return 1 else: return n * fac(n-1) if __name__ == \u0026#39;__main__\u0026#39;: result = fac(3) print(f\u0026#34;{result=}\u0026#34;) This will instrument the code to run with snoop, and also log into the database file.\nThe trace is pretty:\nOutput of snoop running on our test function. We instrumented with @spy, which will also create a trace file.\nRunning the Birdseye decoder is easy: python -m birdeye will start it on the default port, 7777.\nStarting the birdseye web server to serve trace files. It is bound to localhost, and listens by default on Port 7777.\nThe rendered trace looks like this:\nbirdseye webserver showing a trace. You can click through the program execution.\npysnoop (via lathiat ) A similar but different thing is pysnoop . You pip install pysnoop and\n#! /usr/bin/env python3 import pysnooper @pysnooper.snoop() def fac(n: int) -\u0026gt; int: if n \u0026lt;= 1: return 1 else: return n * fac(n-1) if __name__ == \u0026#39;__main__\u0026#39;: result = fac(3) print(f\u0026#34;{result=}\u0026#34;) to get\nSource path:... /Users/kris/keks.py Starting var:.. n = 3 09:38:58.287242 call 6 def fac(n: int) -\u0026gt; int: 09:38:58.287317 line 7 if n \u0026lt;= 1: 09:38:58.287330 line 10 return n * fac(n-1) Starting var:.. n = 2 09:38:58.287352 call 6 def fac(n: int) -\u0026gt; int: 09:38:58.287369 line 7 if n \u0026lt;= 1: 09:38:58.287380 line 10 return n * fac(n-1) Starting var:.. n = 1 09:38:58.287392 call 6 def fac(n: int) -\u0026gt; int: 09:38:58.287405 line 7 if n \u0026lt;= 1: 09:38:58.287420 line 8 return 1 09:38:58.287428 return 8 return 1 Return value:.. 1 Elapsed time: 00:00:00.000054 09:38:58.287456 return 10 return n * fac(n-1) Return value:.. 2 Elapsed time: 00:00:00.000122 peepshow, a commandline debugger The package peepshow then offers a full scale commandline debugger, which allows you to trace program execution, set breakpoints and so on.\nUnfortunately, it has been abandoned (the last commit was in November 2020), and does not support modern Python.\nHoneycomb and Opentracing What if you cannot access the host your code runs on, for example, because that host is variable and many, because you are running in Kubernetes? In this case, Honeycomb and other OpenTelemetry packages have you covered. They do the same logging as above, but package data in OpenTelemetry Spans, and send these over the network.\nThe old, original Honeycomb Beeline for Python is documented here: Python Beeline . The current OTel compatible implementation is here: OTel replacement .\nA medium article discussion the same decorator usage as we do here, but in the context of OpenTelemetry, is available: Using Decorators to Instrument Python Code With OpenTelemetry Traces .\nAnd in C? A similar solution exists for the C programming language since 1987, in the form of the Fred Fish Debug Macros.\nSee the usage in MySQL , and grab the source .\nThis is older than time itself, and C is a bit limited compared to Python, but it basically does the same thing, in 36 years old code.\nThe code for these samples has been made avialable on GitHub .\n","date":"2023-03-14T00:00:00Z","href":"https://blog.koehntopp.info/2023/03/14/tracing-python.html","tags":["lang_en","python","debug"],"title":"Tracing Python"},{"categories":null,"content":"Given a table named tbl with one million entries, we want to select a random row from this table, fast. Our table definition looks like this:\ncreate table tbl ( id INTEGER NOT NULL, d VARCHAR(200) NOT NULL, INDEX(id) ); Dense id space We can generate some test data using a recursive CTE:\nmysql\u0026gt; set cte_max_recursion_depth = 100000; mysql\u0026gt; insert into tbl -\u0026gt; with recursive c(n, u) as ( -\u0026gt; select 1, uuid() -\u0026gt; union all -\u0026gt; select n+1, uuid() from c where n \u0026lt; 100000 -\u0026gt; ) select * from c ; The Recursive CTE will generate 100k pairs of (number, uuid()). The initial row is defined in the upper row of the UNION, each subsequent row builds recursively on top of that, by simply counting up.\nSince we generate all the values in one transaction, the uuid() is actually static. That is, because inside a transaction time stops, and the uuid is internally time-based.\nSince the id-space is free of gaps, we have rng many numbers between min(id) as min and max(id) as max. Using the index on id, we can simply generate a random number between these boundaries and select the row.\nmysql\u0026gt; select min(id), max(id) into @min, @max from tbl; mysql\u0026gt; select @max-@min+1 into @rng; mysql\u0026gt; select * from tbl where id = floor(rand() * @rng) + @min; +-------+--------------------------------------+ | id | d | +-------+--------------------------------------+ | 79720 | 13b94bdf-bc1c-11ed-9c65-08606ee5ff82 | +-------+--------------------------------------+ 1 row in set (0.06 sec) mysql\u0026gt; select * from tbl where id = floor(rand() * @rng) + @min; +-------+--------------------------------------+ | id | d | +-------+--------------------------------------+ | 28379 | 13b64d6a-bc1c-11ed-9c65-08606ee5ff82 | +-------+--------------------------------------+ 1 row in set (0.06 sec) Gaps, and we don\u0026rsquo;t care If our table has gaps, and we do not care, we can simply move to an inequality and work with that:\nmysql\u0026gt; select floor(rand() * @rng) + @min into @val; mysql\u0026gt; \u0026gt; select @val, tbl.* from tbl where id \u0026gt;= @val limit 1; +-------+-------+--------------------------------------+ | @val | id | d | +-------+-------+--------------------------------------+ | 46346 | 46346 | 13b74a19-bc1c-11ed-9c65-08606ee5ff82 | +-------+-------+--------------------------------------+ 1 row in set (0.00 sec) mysql\u0026gt; delete from tbl where id % 2 = 0; Query OK, 50000 rows affected (0.71 sec) mysql\u0026gt; select @val, tbl.* from tbl where id \u0026gt;= @val limit 1; +-------+-------+--------------------------------------+ | @val | id | d | +-------+-------+--------------------------------------+ | 46346 | 46347 | 13b74a1c-bc1c-11ed-9c65-08606ee5ff82 | +-------+-------+--------------------------------------+ 1 row in set (0.00 sec) Generating truly random rows Using Python, we can generate truly random rows.\ndef generate(count = 1000000): \u0026#34;\u0026#34;\u0026#34; Generate some test data \u0026#34;\u0026#34;\u0026#34; sqlcmd = \u0026#34;insert into tbl (id, d) values ( %(id)s, %(d)s )\u0026#34; # ID values with a step of 100, in random order # this ues a lot of memory to materialize the list id_list = [ i for i in range(0, count * 100, 100 )] # but if we want to shuffle, we have hardly any other option random.shuffle(id_list) counter = 0 data = [] # Write them out, in batches of 1000. for i in id_list: item = {\u0026#34;id\u0026#34;: i, \u0026#34;d\u0026#34;: uuid.uuid4()} data.append(item) counter += 1 if (counter % 1000) == 0: try: c = db.cursor() c.executemany(sqlcmd, data) except MySQLdb.Error as e: print(f\u0026#34;MySQL Error: {e}\u0026#34;, file=sys.stderr) sys.exit() data = [] db.commit() db.commit() and that yields\nmysql\u0026gt; select * from tbl limit 10; +----------+--------------------------------------+ | id | d | +----------+--------------------------------------+ | 720800 | d6aba075-d30c-4159-a3f9-67e23ac5674e | | 2548500 | 18fccfa2-4fc6-4642-861b-4c98314cd6f1 | | 86144900 | e5a58428-c5e1-4a32-a009-88b5877348bf | | 88949600 | fabbce25-221e-41d3-97e4-8cfa6bdc4816 | | 18642300 | 6df95b85-0d49-487c-98b0-548980479e16 | | 59352400 | 4dfa8a3c-95e7-41b6-83f4-1f1c9f647ecd | | 11149400 | 60d19e1f-1bca-41d2-93a6-1f9af585bbd4 | | 37822800 | eebeafd8-b08a-483d-88a5-f779de5d6888 | | 88126400 | 04c4d0ed-ba7c-456f-ac8c-a72448f38621 | | 65363500 | 876794c9-b3b5-4cda-9acd-dacb4f5a9419 | +----------+--------------------------------------+ 10 rows in set (0.00 sec) If we had defined the table with a primary key, InnoDB would have kept the data in primary key order \u0026ndash; sorted by id. Since we did not, the output is kept in generative order.\nWindow functions do not help us here We can generate row numbers, using window functions:\nmysql\u0026gt; select tbl.*, row_number() over () as r from tbl limit 10; +----------+--------------------------------------+----+ | id | d | r | +----------+--------------------------------------+----+ | 720800 | d6aba075-d30c-4159-a3f9-67e23ac5674e | 1 | | 2548500 | 18fccfa2-4fc6-4642-861b-4c98314cd6f1 | 2 | | 86144900 | e5a58428-c5e1-4a32-a009-88b5877348bf | 3 | | 88949600 | fabbce25-221e-41d3-97e4-8cfa6bdc4816 | 4 | | 18642300 | 6df95b85-0d49-487c-98b0-548980479e16 | 5 | | 59352400 | 4dfa8a3c-95e7-41b6-83f4-1f1c9f647ecd | 6 | | 11149400 | 60d19e1f-1bca-41d2-93a6-1f9af585bbd4 | 7 | | 37822800 | eebeafd8-b08a-483d-88a5-f779de5d6888 | 8 | | 88126400 | 04c4d0ed-ba7c-456f-ac8c-a72448f38621 | 9 | | 65363500 | 876794c9-b3b5-4cda-9acd-dacb4f5a9419 | 10 | +----------+--------------------------------------+----+ 10 rows in set (0.00 sec) But since they are generated on the fly, they are not an efficient way to select a random row: We cannot use Window functions in any interesting context, and using them in a subquery basically forces the database to materialize all the rows before the one we are interested in. So this is slow:\nmysql\u0026gt; select tbl.*, row_number() over () as r from tbl where r = 192383; ERROR 1054 (42S22): Unknown column \u0026#39;r\u0026#39; in \u0026#39;where clause\u0026#39; mysql\u0026gt; select tbl.*, row_number() over () as r from tbl where row_number() over () = 192383; ERROR 3593 (HY000): You cannot use the window function \u0026#39;row_number\u0026#39; in this context. mysql\u0026gt; select tbl.*, row_number() over () as r from tbl having r = 192383; ERROR 3594 (HY000): You cannot use the alias \u0026#39;r\u0026#39; of an expression containing a window function in this context. mysql\u0026gt; select * from ( select tbl.*, row_number() over () as r from tbl ) as t where r = 192383; +----------+--------------------------------------+--------+ | id | d | r | +----------+--------------------------------------+--------+ | 85856500 | 17e04a8a-95e5-4f5f-8aa2-597c2d37dd43 | 192383 | +----------+--------------------------------------+--------+ 1 row in set (4.58 sec) Selecting randomly from tables with gaps Without continuous ids, and without a row count we cannot easily select the \u0026ldquo;n-th record\u0026rdquo; from a table. So the best we can do is to select all id-values, and shuffle them, then choose the first row from the shuffle:\nmysql\u0026gt; select id from tbl order by rand() limit 1; +----------+ | id | +----------+ | 64527400 | +----------+ 1 row in set (0.86 sec) We can turn this into a full row with a join with almost no cost:\nmysql\u0026gt; select * from tbl as t1 -\u0026gt; join ( -\u0026gt; select id from tbl order by rand() limit 1 -\u0026gt; ) as t2 on t1.id = t2.id; +----------+--------------------------------------+----------+ | id | d | id | +----------+--------------------------------------+----------+ | 24765800 | dcabd753-a357-4f38-a255-e81b0675654f | 24765800 | +----------+--------------------------------------+----------+ 1 row in set (0.82 sec) Consuming rows In the previous examples, we have been re-ordering the table randomly for each access (or group of accesses). The shuffle has not been made persistent.\nOften, the problem is not to select a random row, but to consume rows in random order. We can store a random number with each row, and then use this as an (indexed) ordering key. Using the knowledge from the queueing article , we can select the item with the highest ordering value, lock it for consumption, retrieve it and delete it.\nThe idea is to add a column ordering to our table, indexed for fast access. The ordering value is assigned randomly. Here, we are creating the values after the fact in batch for one million entries, but in a system you would probably do that for each item as you write the item.\nmysql\u0026gt; alter table tbl add column ordering double, add index(ordering); Query OK, 0 rows affected (20.18 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql\u0026gt; update tbl set ordering = rand(); Query OK, 1000000 rows affected (1 min 8.27 sec) Rows matched: 1000000 Changed: 1000000 Warnings: 0 To consume a random row, we start a transaction, select the row we want, using FOR UPDATE and SKIP LOCKED, and then delete it.\nmysql\u0026gt; START TRANSACTION; -- Two rows with the same ordering value may exist. -- We can distinguish them by id, and can process one or both of them. -- -- If another process has a lock on the topmost row, we will get zero results -- due to the use of SKIP LOCKED. mysql\u0026gt; select * from tbl where ordering = (select max(ordering) from tbl) for update skip locked; +----------+--------------------------------------+--------------------+ | id | d | ordering | +----------+--------------------------------------+--------------------+ | 31106100 | dc12e901-64a0-45a1-8f2e-dee93e3c8ab9 | 0.9999995017424221 | +----------+--------------------------------------+--------------------+ 1 row in set (0.00 sec) mysql\u0026gt; delete from tbl where id = 31106100; Query OK, 1 row affected (0.00 sec) mysql\u0026gt; commit; \u0026lt;actual processing outside of the transaction\u0026gt; Here, the inner query determines the maximum \u0026ldquo;ordering\u0026rdquo; value, which is fast due to the index. We make use of that value to fetch \u0026ldquo;a row\u0026rdquo;. Nothing prevents multiple rows from matching, so we may get one or more rows. We take the first (or all values), process it, and delete the processed rows, then commit.\nBecause we use FOR UPDATE, each row we select will also be exclusively locked, so other consumers cannot touch them. Because of the SKIP LOCKED, other consumers will not be hanging on locked rows. Instead, they will simply not see locked rows, so our query may actually even return zero rows in a concurrent context.\nAlternatively, you do not strictly process items in order, and want to process them \u0026ldquo;roughly\u0026rdquo; in order, but be able to leverage multiple consumers. A query such as the one below selects one or more items to process (locking them), so that they can be picked up for processing and deleted.\nmysql\u0026gt; start transaction read write; -- This is the first UNLOCKED row available for processing. -- -- Another process may have a lock on another row with an even larger ordering value, -- but thanks to SKIP LOCKED, we will not see that. mysql\u0026gt; select * from tbl order by ordering desc limit 1 for update skip locked; +----------+--------------------------------------+--------------------+ | id | d | ordering | +----------+--------------------------------------+--------------------+ | 68998800 | bcf7cca2-076d-444b-922b-ae064a1c49a8 | 0.9999983534216865 | +----------+--------------------------------------+--------------------+ 1 row in set (0.00 sec) mysql\u0026gt; delete from tbl where id = 68998800; Query OK, 1 row affected (0.00 sec) mysql\u0026gt; commit; \u0026lt;actual processing outside of the transaction\u0026gt; For scalability, it is important to keep the interval between START TRANSACTION and COMMIT as short as possible. Therefore, it is advisable to keep the actual item processing outside the transaction.\nBecause we do not need to shuffle things each time when we access things, this is actually much faster than \u0026ldquo;selecting a random row\u0026rdquo;.\n","date":"2023-03-06T00:00:00Z","href":"https://blog.koehntopp.info/2023/03/06/selecting-random-rows.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Selecting random rows"},{"categories":null,"content":"Some applications allow you to have multiple passwords. For example, in MySQL, since 8.0.14 you can dual passwords for an account . Also, Redis 6 allows you to have multiple passwords on an account ACL .\nPersonal Accounts and Machine Accounts. When running services in a production system, the services sometimes have personal accounts (PAs) that allow humans to login and perform actions on the service. Often, these accounts are very limited in number (in production), and privileged.\nAlso, you have clients connecting to the system. These are called Non-Personal Accounts, Machine Accounts or Service Accounts (MA) in many environments. Machine Accounts are not used by humans, but are a set of credentials used by client applications to work with a service.\nIt is good practice to assign a different MA to each application using a service, and to rotate credentials regularly and quickly for each MA. In many environments doing this is even a compliance requirement.\nDifferent Usernames are helpful Assigning different identities (different usernames) to different applications is useful in many ways:\nAccess permissions are tied to identities, so different identities are a requirement to separate different sets of permissions. Also, different identities allow you to attribute activity in the service to the identity, thus make monitoring, auditing and accounting possible. It is much easier to identify a misbehaving application, if all applications using your service have different user account names. Dynamically assigned credentials Very often credentials are not stored at all in the client configuration, but are requested dynamically on-demand from another service, the Secrets Manager or Vault. It is either part of a cloud control plane, and can leverage trust from the cloud infrastructure to know who is who and what to allow, or it is an external service such as a Hashicorp Vault.\nIn any case, the application would not store Database or Redis username and passwords in configuration files any more, but ask the secrets manager to provide these credentials at runtime, receive them, and then store them only in memory. They would also be expired and re-requested in regular intervals, on a multiple-minutes to hour scale.\nThis allows the Secrets Manager to perform account operations, such as password or account rotation.\nAccount Rotation or Password Rotation? Rotating MA passwords is often a requirement, and most environments also require a comparatively high rotation frequency (\u0026ldquo;once per week\u0026rdquo;, which qualifies as \u0026ldquo;high\u0026rdquo; in database timescales).\nSome services, such as MySQL and Redis given as examples above, allow you to associate multiple password with a single account. Many others do not, in them username (\u0026ldquo;identity\u0026rdquo;) and password (\u0026ldquo;authentication\u0026rdquo;) are a 2-tuple.\nRotating passwords, when taken literally, is hard with such services, because changing the password atomically in the server and all its clients is impossible. There is always some overlap during which the service already has the new password (and implicitly invalidated the old password), while the clients are still using the old password. If you rotated the password with traditional methods, there would be a discrepancy between clients and servers in password knowledge, and thus failed logins.\nOne way around that is provisioning new MA accounts for an application, and then feeding the applications not only new passwords, but completely new credentials. Thus,\nan application androidapp would see the old user androidapp_23ad63 with a generated password BBLA32Tm9feoAGpN, then account rotation would additionally create androidapp_8760d3 with the password cts6Me5c7T4q6Dq2 and the same authorizations in the service, then the account rotation would test that this newly creates account works as desired, then the account rotation would stop handing out the old credentials (23ad63) to clients, and start serving the new credentials (8760d3), then the account rotation would over the course of an hour observe the old account not being used anymore, and the new account picking up traffic, then the account rotation would see the old 23ad63 account being silent for two hours, and eventually lock and deprovision it or this does not work as expected, and 23ad63 stays active past the deadline, in which case we raise an alarm. Why no observability? Account rotation has some advantages over password rotation: First: it works with any application, even those that have no support for multiple passwords. Lack of multiple password support is stopping no-one from implementing rotation, it is just account and not password rotation you need to build.\nThen: Even in MySQL and Redis it was not immediately obvious to me how password rotation can be validated to function correctly. That is, I have been unable to find a way to isolate instances of logins using the \u0026ldquo;non-primary\u0026rdquo; (or old) password, and somehow make sure that all logins in the last hour or so have been using the newly updated password.\nAs an engineer running the application, I would want to make sure that the old password is unused before I ask the service to deprovision it.\nBut observability on this seems to be completely non-existent. Which is weird, because any security engineer will tell you that a control is only valid, if you can verify it is working as intended.\nWith account rotation, usage of old accounts is immediately visible. The system can check if the old account is still being used, and once it isn\u0026rsquo;t anymore, it can deprovision it. If the old account does not go silent within some timeout, we can alert on this, identity the team responsible for the application, and sit down to talk about credential caching.\nThus, I would rate the implementation of any password rotation feature that does not have good observability built in as incomplete.\nAn authorization problem Conversely, while account rotation has automatically good observability, it complicates authorisation. Authorisation is the set of permissions ties to an identity, the GRANTs in SQL-lingo.\nIf you rotate accounts, you are essentially creating new accounts and drop old accounts on a schedule. That means\neither store the authorization outside the system or you can leverage a role system. In the latter case, you would create a role androidapp, and assign it the authorizations, then make sure all androidapp% accounts are members of the role, inheriting the role authorizations with no individual per-account rules.\nMost, but not all systems have a role-system for accounts similar to MySQL 8 roles, in which you assign authorizations to groups instead of individual accounts. If you have it, implementing account rotation without complicating authorization is comparatively easy.\nSummary Having a secrets manager that hands out secrets to services and clients is useful, because it allows you to prevent materialization of secrets. One of the primary features of clouds (private and public) would be that the control-plane of the cloud can attest identity of instances, and would allow you to solve authentication trivially. Sadly, Openstack and all Openstack derives private and public clouds seem to not implement that (and thus offer no IAM to services based on control-plane trust). For those where the cloud control-plane does not offer IAM, Hashivault can help out a lot. Some applications have the ability to have multiple passwords per identity, to allow easier password rotation. The value of that feature is greatly diminished by a lack of observability. Any control is only complete if it can be verified to work. We need to be able to see if old deprecated passwords are unused in order to safely deprovision them. Even without multiple passwords, we can always leverage a secrets manager and some relatively simple external driver to rotate accounts instead. This is complicated by the fact that many applications bind authorizations (access permissions) to identities (usernames). We can use roles to work around that, and assign authorizations to these roles, then have the identity inherit from the role. Implementing either account rotation or password rotation still requires additional work: an external driver, safeguards, monitoring and alerting, plus an update of the documentation. In neither case you will be done by simply turning on a feature. ","date":"2023-02-20T00:00:00Z","href":"https://blog.koehntopp.info/2023/02/20/rotating-accounts-or-passwords.html","tags":["lang_en","devops","security"],"title":"Rotating Accounts or Passwords?"},{"categories":null,"content":" Master of Disaster With a previous employer there was the requirement to implement business continuity management and patch management. Specifically, there was a requirement to be able to lose a region completely without loss of business. The other requirement was to be able to have all systems CVE-free within 30 days (in emergencies: 3 days), and to be able to blackstart them.\nThat was of course impossible to implement.\nManagements reaction was to create the position of the \u0026ldquo;Master of Disaster\u0026rdquo; (MoD). The MoD and their apprentice (\u0026ldquo;always two there are\u0026rdquo;) have then planned, for many months, a fail-over between two Regions. But they did not achieve much, and they never could, because in the end Management Buy-In was missing. In the end, Management wanted to know (needed to know!), before the test, that it would work. That of course invalidated this approach completely.\n\u0026ldquo;Security is a process\u0026rdquo;, what does that even mean? The MoD then changed their way of working completely. They sat down with the teams, and with each they made a catalog of failure modes.\n\u0026ldquo;What happens when a web server node fails?\u0026rdquo; \u0026ldquo;What happens when ten web server nodes fail?\u0026rdquo; \u0026ldquo;What happens when a load balancer dies?\u0026rdquo; \u0026ldquo;What when a rollout rolls out broken code, and we need to roll back?\u0026rdquo; \u0026ldquo;What when storage fails?\u0026rdquo;\nAnd the MoD sat down and worked their way through protocols of past outages. They cataloged the outages and mapped then to the scenarios created above, and if they found missing cases the catalog was extended, together with the team.\nIt is only science if you write it down Then the team was asked to predict what would happen, how they would notice and how to fix. The MoD made them write these things down, into Opdocs. The Opdocs got Identifiers. All scenarios had to have named alarms checking for the scenario, and each alarm message had to include the Opdoc ID.\nThen the team created a test scenario for each of these outages, bundled them together into a test session (\u0026ldquo;a drill\u0026rdquo;). And together with the Master of Disaster, their apprentice and a scribe went through them one by one, writing down what happened. Afterwards, all sat down, and compared notes with the predictions, and made a set of tasks to update the Alarms, the Opdocs or the Procedures themselves. Then they scheduled a followup session. In the end they arrived at a rhythm of a Drill every two or three sprints, until the team and the MoD were satisfied with the outcome.\nRinse, Repeat The MoD did that with all the teams, and magically after a year or so, things were no longer painful, but became a way of operating. The observed failure modes of the systems changed, because Drill findings made their way into development. The way of working and the way of thinking changed, in all the teams, fundamentally, even. Alerts became cleaned up, and with the need to attach Opdocs, Alerts became actionable, because that is what is in an Opdoc: Packaged actions a relatively unskilled Operator can execute. Tooling improved, to automate previously manual outage procedures. Automation grew. Reliability and reproducibility improved. Metrics got better.\nLarge scale outages Now the MoD moved on from team-level subsystem failures to larger scenarios that simulated loss of Racks or other larger units, or loss of Network connectivity (intermittently or for longer time). Also, they added drill scenarios with a loss of storage, that is outages where teams did not get back the machine that was simulated to fail after the Drill. Instead, they had to create replacements, first individually, then had to black-start entire regions.\nThese Drills highlighted automation defects: Manual and often undocumented work went into creating new systems, so that the automation was not resilient against large scale loss.\nAlso, a lot of problems related to loss or unavailability of the automation control plane were highlighted:\nSystems might be able to lose their automation controllers. This is a \u0026ldquo;loss of control\u0026rdquo; scenario, not \u0026ldquo;loss of availability\u0026rdquo;. You do not lose web servers, but you lose the ability to make new ones or to decommission old ones or change the config of the existing ones. Systems usually can continue to run without their automation controller for a few hours, provided the operational circumstances are somewhat stable.\nIn some cases, loss of state in the control plane highlighted that the control plane could not rediscover its clients out there and scan them for state. Instead, it was assumed that the entire region was to be recreated from scratch, when it was in fact there, and perfectly functional, just unknown to the controller.\nIn some cases the automation assumed that new systems were to be recreated from scratch by cloning over data from remote regions. But if all teams are doing that at the same time, the line capacity is insufficient. It is necessary to do something more sophisticated and use local state (cloned over once) to implement a local fan-out.\nAgain, a year or two went past, with limited scope but larger drills.\nTeams picked up the new requirements, development learned a thing or two, and by simply repeating until good the message arrived and improvements got implemented. We have now reached a state where automation is only considered \u0026ldquo;done done\u0026rdquo; when it survives one of the regularly simulated outages, and when the state of the Opdocs is good enough for members of adjacent teams (instead of the native team) to manage the outage.\nAlso, we have reached a sophistication of automation that allows us to drop each and every instance and each and every image after 90 days, because replacements are redeployed automatically, and state is cloned over.\nBurning it all down This, after only three to four years, is where our organisation has reached a state where teams and management can go with confidence into a scenario where access to one Region is lost, in a controlled way and with pre-announcement. Management can believe that the entire thing is understood well enough that this Drill will not lead of a major loss of income.\nUnannounced random failure of a Region, or total recovery from backup after a ransomware attack are still open issues, but they have become realistic targets. Each would amount to rebuilding a Region, automatically, from nothing, without loss of operations or income.\nThis is not a Sprint The key to success for the MoD was the change from Project to Process. Do small things with individual teams, first with cooperative teams, then reaching out and making the process mandatory for all teams.\nThis was not a single giant monster project, but small steps over many years, with a change in the MoD position and with a redefinition of the title and scope of the position along the way. It also was a fundamental change in the way how operations are done, and what is acceptable. It improved not only the business continuity stance, but also improved security overall, and made many audits and certifications easier. It also delivered the necessary metadata (machine inventory, mapping of services to instances, mapping of dependencies, implementation of controls) to management to make a large set of certifications and audits just a formality.\nWhen people say \u0026ldquo;Security is a process\u0026rdquo;, this is what they mean. Small, doable exercises that become part of everyday operations. Then incremental widening of scope and increase of difficulty.\nAnd the work is not done by the MoD, but by the teams \u0026ndash; all teams. The MoD only steers the process, and guides the teams through it.\nBecause this is not a Drill. This is just Tuesday.\n","date":"2023-02-18T00:00:00Z","href":"https://blog.koehntopp.info/2023/02/18/this-is-not-a-drill.html","tags":["lang_en","devops","security"],"title":"This is not a Drill, this is just Tuesday"},{"categories":null,"content":"A minecraft server has problems creating threads. The error message reads:\njava.lang.OutOfMemoryError: unable to create native thread: possibly out of memory or process/resource limits reached at java.lang.Thread.start0(Native Method) ~[?:?] at java.lang.Thread.start(Thread.java:802) ~[?:?] at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:945) ~[?:?] at java.util.concurrent.ThreadPoolExecutor.execute(ThreadPoolExecutor.java:1353) ~[?:?] at java.util.concurrent.Executors$DelegatedExecutorService.execute(Executors.java:721) ~[?:?] at org.bukkit.craftbukkit.v1_19_R2.scheduler.CraftAsyncScheduler.mainThreadHeartbeat(CraftAsyncScheduler.java:73) The server in question has 32 GB of memory (6 GB used), 8 cores, and processes threads running. It is mostly idle. There is no reason at all why this machine should be out of resources.\nVPS Limits, and how to check them It is a VPS, and that may be related:\n# lscpu | egrep -i \u0026#39;(visor|virt)\u0026#39; Address sizes: 46 bits physical, 48 bits virtual Virtualization: VT-x Hypervisor vendor: Parallels Virtualization type: container The instance has a relatively low process limit, shown in /proc/user_beancounters.\n# grep numproc /proc/user_beancounters numproc 272 272 1100 1100 0 This shows a global limit of 1100 threads/processes.\nThere is an additional threads-per-process limit enforced by systemd, and this is relatively low, because of the low per-instance limit. It can be shown like this:\n# systemctl show --property=DefaultTasksMax DefaultMax=135 This matches the numbers from the user_beancounters: The maximum utilization was 272 in the Beancounters, and the server never managed to hit the limit of 1100. Instead, it made it to 2x 135 (two Minecraft servers, each with the limit of 135), and two additional threads.\nIncreasing the systemd Limit It is possible to increase this limit to the instance limit, like so:\n# mkdir /etc/systemd/systemd.conf.d` # cd /etc/systemd/system.conf.d # pwd /etc/systemd/system.conf.d # cat \u0026lt;\u0026lt; EOF \u0026gt; system.conf # Override created by ... on ... # [Manager] DefaultTasksMax=1100 After creating this file, reload systemd and check the new limits:\n# systemctl daemon-reexec # systemctl show --property=DefaultTasksMax DefaultMax=1100 Non-VPS has higher limits On a physical server with 32 GB of memory and 8 cores, the default limit is\n# systemctl show --property=DefaultTasksMax DefaultTasksMax=38313 and it can be tuned much higher. Similarly, on a properly virtualized box instead of a VPS it would be much higher.\nConsider this when you opt for a cheap, overcomitted VPS slice instead of a proper KVM. When you go for the VPS, make a monthly contract and do not commit to a one-year option, so you can get rid of it when it turns out to be unsuitable.\nActual resource consumption On our server, we run three instances of \u0026ldquo;Paper\u0026rdquo; (a high-performance patch to a patch to a patch of the original minecraft server), and waterfall, a Minecraft proxy that directs users between the instances.\nOutput of the htop program. On the right hand side of the screenshot, we see three identically configured java instances, each representing a \u0026ldquo;Paper\u0026rdquo; server. The resident set size of these servers is relatively small, 3.5 GB per instance, as shown by the left-lower red bubble. The virtual size is not quite 10 GB. The server instance will grow until it reaches the virtual size. Total memory consumption is shown in the upper-left bubble, 11.6 GB are used (the sum of the servers plus some extra from the OS).\nWe run the servers with -Xmx4096M -Xms4096M each, which is rather generous. This creates processes with a total VIRT size of ~ 10 GB, of which RES is the actually comitted memory, around 3.5 GB per process. This results in 11.2 GB memory usage, plus 0.4 GB extra from other processes on the instance.\nOur total memory is 32 GB.\nThe server load is shown as 0.41/8.0, so the machine is pretty idle, and the CPU load meters above the memory meter agrees.\nOutput of the htop program, detail. When hitting H to toggle display of user threads, the number of running threads is also shown. We are running 245 threads.\nHitting H (Uppercase-H) in htop unfolds user threads display. It also shows the total number of threads running next to the number of tasks (processes). In our case, we are running with 245/1100 threads. This is by far the most scarce resource.\n","date":"2023-02-17T00:00:00Z","href":"https://blog.koehntopp.info/2023/02/17/minecraft-unable-to-create-native-thread.html","tags":["lang_en","gaming","microsoft","minecraft"],"title":"Minecraft: unable to create native thread"},{"categories":null,"content":"At a previous job we had a home-grown application \u0026ldquo;Service Directory\u0026rdquo;, which allowed a team to declare a service or deployed application. The record for a service not only declared the application with pointers to the source code repository, artifacts and documentation.\nIt also pointed to the operational facts, such as criticality, the owning teams, the SLO, the alerts, and the collected stats and dashboards. And, most importantly, you had to declare dependencies \u0026ndash; which other services you depend on.\nUsing Dependencies for Firewalls and Passwords From data in service directory firewall rules were being generated, automatically. That meant that with a non-existent or incomplete SD declaration you could talk to nothing and nobody.\nAlso, all machine accounts (non-personal accounts, NPAs) were provisioned with Hashicorp Vault, controlled by SD. The data in vault was autogenerated, based on – you guessed it – data from the service directory. And it was rotated.\nThat is, every week or so new accounts with new passwords were being added to Vault, picked up by the services, and then also picked up by the clients – order matters a lot here.\nHaving individualized machine accounts per application helps a lot to identify service (or database) abuse. It also allows for individualized rate limits or other controls, and of course minimal permissioning of applications.\nMonitoring would see if old accounts from last week were still being used. If so, somebody would need to talk to the team owning the service using these accounts, because obviously something was caching credentials somehow, when it should not. If old accounts are quiet and stay so for some time, the old accounts can be decommissioned and deleted.\nThis also makes some nice graphs showing the speed of account (and password) rotation across the enterprise, and these things come handy in audits. It allows you to prove that passwords are fresh, and that old NPA secret in the hands of leavers cannot be leveraged to gain access to production.\nUsing Dependencies for Capacity and Business Continuity planning Having dependency data also comes in handy in many other tasks, such as (with additional data) planning capacity. While SD data does not directly contain the volumes needed to plan, dependencies show who can generate demand on a service, and from that it is clear what to measure and where to pick up additional information, such as current fleet size, plans for the coming season and so on.\nThe dependency web can also be mapped on locations and structural failure boundaries from the underlying physical machinery, and thus it becomes possible to calculate failure scenarios, and using actual placement data, detect co-failure scenarios or write scheduler plugins to avoid them. Also, mapping dependencies into a graph allows for a functioning black start plan. It would still require testing, but at least the data for such a thing is there.\nDependency Inflation In such a setup, having not enough dependencies will make an application not work. Thus, SD data can be relied on to be at least as large as the minimum dependencies, or larger.\nThe \u0026ldquo;or larger\u0026rdquo; part is undesirable, but hard to limit. The only workable way I have seen requires annoying recurring audits, or equally nagging regular re-requests for all resources.\nExperimentally, requested resources and observed resource usage in production can be mapped on each other, and unused resources can be detected. They cannot be automatically cancelled, because they still may be necessary, if only in rare situations. But this would at least bring the nag-level down to manageable sizes.\n","date":"2023-02-06T00:00:00Z","href":"https://blog.koehntopp.info/2023/02/06/service-directories-and-what-they-are-good-for.html","tags":["lang_en","devops","security"],"title":"Service Directories, and what they are good for"},{"categories":null,"content":"In this post , SirSquid@toot.io asks:\nCan someone explain to me why seeing retoots and likes is wildly different across Mastodon servers?\nFrom toot.io, a toot from @gamingonlinux@mastodon.social shows hardly anything. But when viewing it on mastodon.social, it has tons of both.\nThis is one thing I would love to see properly cleaned up on Masto.\nMastodon is using ActivityPub, a federated protocol. Nodes exchange articles, and each node caches articles.\nIn order for a node to receive an article from a remote user in the first place, at least one user on the system needs to subscribe to that remote user.\nSo given the following situation:\nOn mastodon.social, the user GamingonLinux subscribes to SirSquid@toot.io. On chaos.social, the user isotopp subscribes to SirSquid@toot.io. On subscription, the toot.io server is notified of the subscription.\nTwo users on two different servers, isotopp@chaos.social, and GamingonLinux@mastodon.social, subscribe to SirSquid@toot.io. The server toot.io is notified of this, and will deliver new posts from SirSquid to these two remote servers. Old articles from SirSquid do not exist on either remote server, they will not be backlogged.\nWhen SirSquid now posts a new article, the following happens because of the subscription:\nSirSquid posts a new article. The new article only exists at toot.io. It enters the Local Timeline, which is a view into the Out-queue of that server. The article is now delivered to the home servers of all subscribers. On delivery, it enters the Federated Timeline, which is a view into the In-queue of that server. The local subscribers are then notified and are shown the local copy of that article.\nWhen SirSquid posts a new article, this article is locally created on toot.io. This is going to be the master copy of the new article.\nThe article also enters the local timeline of that server, which can be thought of as a view of the Out-queue of the server. (This is not actually precisely true, because posts can be unlisted or otherwise restricted in visibility.)\nQueue workers on toot.io will eventually fetch the master copy of the article, determine the articles subscribers, and then try to post the article to the subscribers remote servers. When that works, the article enters the In-queue of the remote server. When that does not work, retries can happen. The In-queue of the remote server is visible (with visibility restrictions) as the Federated Timeline.\nFor each incoming new post, the local subscribers are notified and are shown the local copy of that post.\nWhen a user is very popular and has many followers, their posts need to be copied to all subscribers, which can be literally on every single server in the Fediverse. That means thousands of deliveries of the post need to be made. That can take time.\nNot all servers will always be immediately reachable. A certain percentage of deliveries will fail, and be backlogged. The source server will have to retry a certain number of times, and if the error persists, give up. The subscribers on the unavailable server will lack a copy of that post.\nUsers on, say, mastodon.social, could still discover missing posts if they checked the home timeline of SirSquid on toot.io. They won\u0026rsquo;t find the post on the copy of the home timeline of SirSquid on mastodon.social.\nWhen readers on mastodon.social or chaos.social interact with the local copy of a post, this will happen:\nA user on chaos.social boosts the post. The local boost counter for the post is updated. The counter change is forwarded to the originating server, toot.io.\nA user on mastodon.social likes the post. The local like counter for the post is updated. The counter change is forwarded to the originating server, toot.io.\nInteractions are being aggregated at toot.io.\nInteractions with a post are updated locally: A boost on chaos.social increments the boost-counter on chaos.social, and a like on mastodon.social increments the like-counter on mastodon.social. Such interactions are also forwarded back to the master copy of the post. That is, updates for each boost and each like are being sent back to toot.io. The counter at the posts master copy aggregates all these interactions and has totals for the post. Notifications are being sent to SirSquid@toot.io, and go Ding, Ding, Ding!\nIf a user is very popular and has many subscribers, and a post is very popular and has many interactions, the originating server (here: toot.io) will receive updates from many thousand remote servers, one for each like or boost of the post on any server. These updates will need to be persisted, that is, written to disk into a database. This will generate a lot of load on the originating server.\nThe aggregated notifications won\u0026rsquo;t be forwarded back to the local copies. That is, the master copy of the post at toot.io will have the aggregate number of likes and boosts. But these aggregated numbers will not be redistributed back to the subscribers and their servers.\nIn our example, the post will have one like and one boost on toot.io, but only one like and no boosts on mastodon.social. It will have no likes and one boost on chaos.social.\nDistributing all counter updates in increments of one to each and every server that has subscribers to SirSquid\u0026rsquo;s posts would just be too much work.\nAnd that is why interaction counters in ActivityPub are usually different on each server, and only the master copy of the post has true counter values.\nOr true-ish. Of course, just like individual articles may never reach individual servers if they are unreachable too long, the same can happen backwards with counter updates.\n","date":"2023-01-25T00:00:00Z","href":"https://blog.koehntopp.info/2023/01/25/mastodon-interaction-counters.html","tags":["lang_en","mastodon","fediverse","social-networking"],"title":"Mastodon Interaction Counters"},{"categories":null,"content":"So, Rachel is in a bad mood: Why I still have an old-school cert on my https site and I feel her. Like her, for my own sites I have always been running Apache. There was never much need to upgrade, the software was available, stable, and fast enough.\nAt some point in time, I needed TLS and started to use Let\u0026rsquo;s Encrypt .\nThat was messy: Running dehydrated , a bunch of haphazard shell scripts trying to get certificates authenticated and installed, through a wild chain of callbacks and sourced scripts all over the system, driven by Cron, and with bad alerting.\nNone of that was necessary.\nTurns out, starting with Apache 2.4.30 (19-Feb-2018), Apache supports mod_md , and that supports Let\u0026rsquo;s Encrypt out of the box. For good measure, I also enabled mod_macro .\nThis being an Ubuntu, I put this into my /etc/apache2/sites-available/000-default.conf:\nServerName mybasedomain.koehntopp.de MDomain mybasedomain.koehntopp.de contentdomain.koehntopp.de proxydomain.koehntopp.de MDContactEmail user@example.com MDCertificateAgreement accepted MDPrivateKeys RSA 4096 There is no additional \u0026ldquo;SSLEngine\u0026rdquo; needed, except SSLEngine on.\nI also add two macros that I use a lot to create virtual hosts to the same file. One is for straight-up content domains:\n\u0026lt;Macro VHost $host\u0026gt; \u0026lt;VirtualHost *:80\u0026gt; ServerName $host ServerAdmin user@example.com DocumentRoot /var/www/$host \u0026lt;Directory /var/www/$host\u0026gt; Options Indexes FollowSymLinks AllowOverride None Require all granted \u0026lt;/Directory\u0026gt; ErrorLog ${APACHE_LOG_DIR}/error-$host.log CustomLog ${APACHE_LOG_DIR}/access-$host.log combined RewriteEngine On RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] \u0026lt;/VirtualHost\u0026gt; \u0026lt;VirtualHost *:443\u0026gt; ServerName $host ServerAdmin user@example.com ErrorLog ${APACHE_LOG_DIR}/error-$host.log CustomLog ${APACHE_LOG_DIR}/access-$host.log combined DocumentRoot /var/www/$host \u0026lt;Directory /var/www/$host\u0026gt; Options Indexes FollowSymLinks AllowOverride None Require all granted \u0026lt;/Directory\u0026gt; SSLEngine on \u0026lt;/VirtualHost\u0026gt; \u0026lt;/Macro\u0026gt; The other is for Proxy Domains to dockerized stuff:\n\u0026lt;Macro ProxyVHost $host $toport\u0026gt; \u0026lt;VirtualHost *:80\u0026gt; ServerName $host ServerAdmin user@example.com DocumentRoot /var/www/$host \u0026lt;Directory /var/www/$host\u0026gt; Options Indexes FollowSymLinks AllowOverride None Require all granted \u0026lt;/Directory\u0026gt; ErrorLog ${APACHE_LOG_DIR}/error-$host.log CustomLog ${APACHE_LOG_DIR}/access-$host.log combined RewriteEngine On RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] \u0026lt;/VirtualHost\u0026gt; \u0026lt;VirtualHost *:443\u0026gt; ServerName $host ServerAdmin user@example.com ErrorLog ${APACHE_LOG_DIR}/error-$host.log CustomLog ${APACHE_LOG_DIR}/access-$host.log combined DocumentRoot /var/www/$host \u0026lt;Directory /var/www/$host\u0026gt; Options Indexes FollowSymLinks AllowOverride None Require all granted \u0026lt;/Directory\u0026gt; SSLEngine on ProxyPreserveHost On ProxyPass \u0026#34;/\u0026#34; \u0026#34;http://127.0.0.1:$toport/\u0026#34; nocanon ProxyPassReverse \u0026#34;/\u0026#34; \u0026#34;http://127.0.0.1:$toport/\u0026#34; RequestHeader set X-Forwarded-Proto %{REQUEST_SCHEME}s RequestHeader set X-Forwarded-For %{REMOTE_ADDR}s RequestHeader set X-Real-IP %{REMOTE_ADDR}s AllowEncodedSlashes NoDecode \u0026lt;/VirtualHost\u0026gt; \u0026lt;/Macro\u0026gt; The actual host definition can then be rather short. A content domain is simply\n# echo \u0026#34;Use Vhost contentdomain.koehntopp.de\u0026#34; \u0026gt; /etc/apache2/sites-available/contentdomain.koehntopp.de.conf # a2ensite contentdomain.koehntopp.de and I am done. Similarly, a proxy to some internal service:\n# echo \u0026#34;Use ProxyVHost proxydomain.koehntopp.de 3000\u0026#34; \u0026gt; /etc/apache2/sites-available/proxydomain.koehntopp.de.conf # a2ensite proxydomain.koehntopp.de where 3000 is the exposed port from docker. An apachectl configtest and an apachectl graceful later things are rolling. A look at /server-status will tell you if things worked, and what the state of the mod_md deployment is.\nIf you added a new domain, that certificate will be available, but not yet loaded, so a second reload is necessary for deployment.\nFind the actual cert files in /etc/apache2/md/domains/mybasedomain.koehntopp.de, as pubcert.pem and privkey.pem.\nAdditional Note: You can use mod_md to get certificates for your Tailscale domains (Domains in the *.ts.net namespace).\n","date":"2023-01-04T00:00:00Z","href":"https://blog.koehntopp.info/2023/01/04/i-dont-hate-letsencrypt-anymore.html","tags":["lang_en","security","devops"],"title":"I don't hate Let's Encrypt anymore"},{"categories":null,"content":"This text exists mainly so that I paste the URL into the #mysql channel in Libera IRC.\nThe mysqldump tools allows you to convert a MySQL database server or individual schemas back to SQL. You are left with a script that is supposed to be loadable into a target server and gives you back the full database, including all objects in it.\nYou can read that SQL as a script into an empty server to create a new instance, or process it with different tools for different purposes. So in general, a workflow can look like this:\n$ mysqldump --options --more-options and parameters \u0026gt; somescript.sql $ scp somescript.sql somewhere@else.com: $ ssh somewhere@else.com ... $ mysql --show-warnings --whatever-options \u0026lt; somescript.sql Instead of mysql with an input redirect, you may also use the command line client and the source command:\n$ mysql --show-warnings --whatever-options mysql\u0026gt; source somescript.sql TL;DR To get everything, run\n$ mysqldump ... --single-transaction --source-data=2 \\ \u0026gt; --routines --triggers --events \\ \u0026gt; --all-databases | \u0026gt; gzip -9 \u0026gt; mydump.sql.gz To get one database, run\n$ mysqldump ... --single-transaction --source-data=2 \\ \u0026gt; --routines --triggers --events \\ \u0026gt; --databases dbname | \u0026gt; gzip -9 \u0026gt; mydump.sql.gz To get only the schema, use --no-data. For example:\n$ mysqldump ... --single-transaction --source-data=2 \\ \u0026gt; --routines --triggers --events \\ \u0026gt; --no-data \\ \u0026gt; --databases dbname \u0026gt; mydump.sql How do we get there? Setting expectations SQL scripts are not a compact data representation, and often the mysqldump of a server is larger than $DATADIR of that instance. The script usually compresses very well. So it is useful to run gzip or similar on it.\nSQL scripts are a representation of the data in the instance in textual form without indexes. Reading the script into a new server not only requires parsing the SQL into server internal data structures. It also requires that indexes are being rebuilt, and that is a process that consumes a lot of CPU and memory.\nMost people would suggest that you do not ship data larger than 10 GB in the form of a mysqldump, because loading it will take too long. As a rule of thumb that holds well, but it really is a function of memory available for index building, and the size of the largest index in the dump.\nmysqldump is single threaded. It profits from faster CPUs, but not from more cores. Loading a dump is also single threaded.\nThe defaults of mysqldump are somewhat sane, if you only want to dump tables. For code in the database, additional options are required that are not part of the standard configuration.\nDumping everything, atomically We are assuming here that all tables are InnoDB, without exception. If in 2023 you still are using non-transactional tables, you are beyond help anyway.\nDumping all data in the database takes time. While running the dump, the data you are trying to dump may change due to other processes making changes.\nSpecifically, with the default isolation level, each single table will maintain a consistent read view while being dumped. It will therefore not change for the mysqldump while it is being dumped. But between tables changes may happen.\nThe option --single-transaction can be used to run the entire mysqldump in a single transaction, providing you with a consistent dump of the database.\nA consistent dump of a database is associated with exactly one binlog position. In traditional replication, and for bookkeeping purposes, it is useful to take note of this binlog position. So the option --source-data=2 (previously --master-data=2) should also be used to record this binlog position in the dump.\nThis will result in a comment to be added at the top of the dump file looking like this:\n-- -- Position to start replication or point-in-time recovery from -- -- CHANGE MASTER TO MASTER_LOG_FILE=\u0026#39;binlog.000005\u0026#39;, MASTER_LOG_POS=157; So far, our mysqldump command to dump everything should look like this:\n$ mysqldump ... --single-transaction --source-data=2 Dumping code in the database By default, mysqldump will not dump all non-table objects in the database. You need to pass --routines, --trigger and --events to get all the code from the database as well.\nOn newer versions of MySQL, --trigger is enabled by default, so they are dumped. On older versions, you would have to manually mention it on the command line.\nEven on the most recent versions of MySQL, stored functions, stored procedures and events are not dumped automatically. You would have to mention --routines and --events for them to be dumped.\nOn older versions of MySQL that was not a problem, if the mysql.* schema was part of the dump. Inside it were tables in there that contained functions, procedures and even definitions.\nStarting with MySQL 8, these tables are no longer used, because the definitions are now stored in hidden data dictionary tables.\nUsing these options is now mandatory, if you want this code to be part of the dump.\nSo in order to also dump code in the database, our command becomes now\n$ mysqldump ... --single-transaction --source-data=2 --trigger --routines --events --opt is a set of options enabled by default The mysqldump runs with --opt enabled by default. You could run with --skip-opt to prevent this, but this is not helpful.\n--opt is a shorthand for the following collection of options:\n--add-drop-table Generate a DROP TABLE statement before each CREATE TABLE statement in the dump. --add-locks Enclose the INSERT statements loading data into the table with LOCK TABLES and UNLOCK TABLES statements. This used to make data load faster for MyISAM tables, but should not be necessary for InnoDB tables. It is not harmful, especially not for initial data loads, so do not worry about it. --create-options Preserve all MySQL specific create options for all tables. This is very much needed in almost all use-cases. It may be disabled for data transport from MySQL to other database systems. --disable-keys For each table, enclose the INSERT statements in DISABLE KEYS and ENABLE KEYS statements. For MyISAM tables, this improves data load speed, and index quality. For InnoDB, it does nothing, but is also not harmful. --extended-insert The INSERT statements generated will use extended insert syntax. This will generate very long lines in the dump (matching whatever is defined as max-allowed-packet). This will minimize round trips, and make the load faster. It will make grepping and editing the dump very hard. It may create problems loading the data, if the source server has a modified, large max-allowed-packet. Depending on what you want to do with the dump, it may be useful to --skip-extended-insert to turn this off. --lock-tables This will lock the local tables before dumping them. This is important when using MyISAM tables, and is overridden, if tables are InnoDB, and --single-transaction is used. So we are okay with it. --quick This dumps the tables using mysql_use_result(), so the result is streamed using very little memory in the client. If you run with --skip-quick, full tables will be downloaded into the client before then can be dumped. If these tables are many gigabytes in size, mysqldump will be using a lot of memory, and will be very unhappy. Do not disable --quick. --set-charset Generate a SET NAMES statement as needed to preserve character encoding. This should be always on, in order to preserve character encoding correctly. In general, you should be fine with --opt and there is no need to change anything.\nIn some cases, you want to run with --skip-extended-insert, in order to search and manually edit the data in the dump easier. The dump will load somewhat slower, and will be somewhat larger in this case.\nDumping only the schema If you want to dump only the schema, and not the data, there is an option for that: --no-data. You get an SQL file with no INSERT, only CREATE TABLE and friends. You would still need --routines, --triggers and --events to get all the code.\nWe get\n$ mysqldump ... --single-transaction --source-data=2 \\ \u0026gt; --trigger --routines --events \\ \u0026gt; --no-data Dumping all databases, or just one database \u0026ndash;all-databases You need to tell mysqldump what to dump.\nThis can be --all-databases, which will do exactly that, including the mysql database with all the grants, the help, the timezone data and so on.\nIf --all-databases is being used, each database in the dump will be created with a CREATE DATABASE statement. A matching DROP DATABASE statement is not being generated. That is less of a problem than one might assume, because the generated CREATE DATABASE statement is protected by an IF NOT EXISTS clause.\nStill, it may be useful to DROP DATABASE IF EXISTS before creating a new one, in order to get rid of tables that should not be there.\nTo achieve this, you could add the option --add-drop-database.\nBut: If you do that together with --all-databases, then a DROP DATABASE ...; statement will put in front of each CREATE DATABASE statement, including the mysql system database:\n/*!40000 DROP DATABASE IF EXISTS `mysql`*/; CREATE DATABASE /*!32312 IF NOT EXISTS*/ `mysql` /*!40100 DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci */ /*!80016 DEFAULT ENCRYPTION=\u0026#39;N\u0026#39; */; USE `mysql`; In MySQL 8, the mysql schema cannot be dropped anymore, so you need to edit that out manually to make the dump useful.\nWhy mysqldump does not special case this schema nobody knows: it is known broken, and documented as broken in the manual page. But nobody cared enough to put this single \u0026amp;\u0026amp; (!my_strcasecmp(charset_info, ..., \u0026quot;mysql\u0026quot;)) into the codebase .\nWe end up running\n$ mysqldump ... --single-transaction --source-data=2 \\ \u0026gt; --routines --triggers --events \\ \u0026gt; --all-databases --add-drop-database \u0026gt; mydump.sql A single database Instead of dumping all database, maybe we want just one database, or even a single table from a single database.\nIf you run mysqldump databasename to dump a single database like this:\n$ mysqldump ... --single-transaction --source-data=2 \\ \u0026gt; --routines --triggers --events \\ \u0026gt; databasename \u0026gt; mydump.sql no CREATE DATABASE statement is generated. You will just get a sequence of CREATE TABLE statement. This can easily be imported into a differently named database.\nAlso, adding --add-drop-database to this does nothing.\nIf you run mysqldump --databases databasename to dump a single database instead,\n$ mysqldump ... --single-transaction --source-data=2 \\ \u0026gt; --routines --triggers --events \\ \u0026gt; --databases databasename \u0026gt; mydump.sql this does generate a leading CREATE DATABASE statement. That is, because the --databases option accepts a space separated list of databases to dump.\nHere, using --add-drop-database will do what is expected from it.\nTo dump a single table, use\n$ mysqldump ... --single-transaction --source-data=2 \\ \u0026gt; --routines --triggers --events \\ \u0026gt; --databases databasename --tables tablename \u0026gt; mydump.sql Alternately mixing --databases and --tables will not work.\n","date":"2023-01-03T00:00:00Z","href":"https://blog.koehntopp.info/2023/01/03/mysql-ways-to-run-mysqldump.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Ways to run mysqldump"},{"categories":null,"content":"Die Niederlande sind ja ein Land, das mit WhatsApp funktioniert. \u0026ldquo;Ik stuur je snel een appie\u0026rdquo; und wenn WhatsApp mal down ist, wird das Land vorübergehend geschlossen.\nDamit kann man einverstanden sein oder nicht, aber Metcalfe\u0026rsquo;s Law ist mächtig und wenn man das Land nicht in Hard Mode spielen will, dann legt man sich besser ein WhatsApp zu.\nAn ungefähr jedem zweiten Wohngebiet findet man ein solches Schild an der Einfahrtstraße. Es gehört zu WBAP (WhatsApp BuurtPreventie), einem System von mehr als 10.000 Nachbarschafts-Chatgruppen.\nAuch die Schulen haben viele Jahre lang mit den Eltern pro Klasse eine WhatsApp-Gruppe gefahren. Das ist dann vor vier oder fünf Jahren plötzlich aus Datenschutzgründen untersagt worden. Dabei ist \u0026ndash; datenschutztypisch \u0026ndash; keine Alternative genannt worden.\nMan hat also hastig eine Chatfunktion in die Schul-App integriert, also in unserem Fall für die Grundschule in Parro . Da hatte man dann eine 50:50 Chance, daß die betreffende Lehrkraft das auch benutzt und in Time gesehen hat.\nDie Schüler hatten alle kein Problem. Die hatten alle, sobald sie schreiben konnten, ein eigenes Handy. Entweder ohne SIM oder mit einer Prepaid-Karte drin. Und natürlich haben sie sich selbst pro Klasse WhatsApp-Gruppen gebaut.\nWenn man also zuverlässig kommunizieren wollte, dann mußte man über die WhatsApp-Gruppe der Kinder herausfinden, welche WhatsApp-Gruppe die Eltern der Klasse organisiert hatten, und dann ging es weiter. Nur halt ohne Lehrer.\nDas ist hoffentlich für niemanden überraschend: Wenn jemand etwas aus welchem Grund auch immer verbietet, dann geht der Bedarf ja nicht weg, der zum Betrieb der originalen Lösung geführt hat. Wenn man also den Datenschutz, Security oder sonst irgendwelche Interessen vertritt und dabei nicht konstruktiv arbeitet, also rechtskonforme, aber vor allen Dingen funktionierende und bedarfsgerechte Lösungen als Ersatz anbietet, dann passiert… genau gar nix.\nAußer einem weiteren gloriosen Sieg für den Datenschutz, mit dem wir Europäer den bösen amerikanischen Datenkraken-Megakonzernen mal so richtig gezeigt habe, was eine Harke ist. Feuerwerk!\nSchul-App Ein wenig Hintergrund: Verzuiling (\u0026ldquo;Versäulung\u0026rdquo;) ist eine spezifische Entwicklung von innerstaatlichen Parallelgesellschaften, die typisch für die niederländische Gesellschaft war. So gab es im Schulbereich katholische, protestantische und nicht-konfessionelle Schulen und in einigen Bereichen auch gewerkschaftlich geprägte Schulzüge.\nSelbst hier in unserem 5000-Leute-Dorf gab es bis vor 4 Jahren noch eine konfessionelle und eine nicht-konfessionelle Grundschule, die dann erst aus finanziellen Gründen und wegen der sinkenden Schülerzahlen zusammen gegangen sind. Das war weitgehend problemlos, da auch an der (größeren) konfessionellen Schule außer dem Religionsunterricht und gelegentlichen Kirchenbesuchen am Reformationstag kaum etwas von der konfessionellen Ausrichtung zu spüren war.\nAber die Schulen, mit denen ich Erfahrung habe, sind meistens Mitglied in einer Gruppe, die eine gemeinsame Schul- und Technikorganisation haben. Für unsere Grundschule war das zum Beispiel Stichting Jong Leren , und die jl-Schulen verwenden alle Parnassys als Schul-Anwendung und Parro als Schulapp.\nBei den VWO, die ich im Detail angesehen habe, war das dann alles auf der Basis von Magister . Alle Schulen, mit denen ich zu tun hatte, nahmen dann hinten dran im Betrieb Google Edu und weitere hinten dran gestrickte Anwendungen von Schulbuch- und Contentverlagen.\nDie sind dann jeweils von der Trägerorganisation in Zusammenarbeit mit den Verlagen entwickelt worden, und passen zu den Lehrbüchern und Übungen.\nIn der Regel arbeiten die verschiedenen Träger zusammen, und so gibt es da nicht sonderlich tiefgreifende Unterschiede zwischen den Trägern. Das will man schon aus Kostengründen nicht erzwingen, wozu auch?\nWenn man als Schule Arbeit vom Hals haben will, dann sucht man sich also eine zur eigenen Säule und zur eigenen Ideologie passende Träger-Organisation aus und tritt da ein, damit man Zugriff auf diese Ressourcen hat. Am Ende landet man dann bei Magister und Google Edu, weil das irgendwie alle machen und das auch total sinnvoll ist.\nMagister Um einmal einen Eindruck zu vermitteln, wie so etwas aussehen kann: Magister bietet in der Elternansicht eine Reihe von nützlichen Funktionen an, die im Grunde ein \u0026ldquo;Klassenbuch\u0026rdquo; komplett ersetzen.\nDie Anwendung kann mehrere Kinder verwalten.\nIch sehe den Stundenplan, Hausaufgabe, Fehlzeiten, Noten und diverse Mails und Mitteilungen der Schulleitung, sowie To-do-Listen und zusätzliche Studienangebote der Schule.\nScreenshot des Hauptmenüs von Magister mit den Punkten Stundenplan, Hausaufgaben, Abwesenheit, Noten, Mail, Mitteilungen, Studienwegweiser, Todo und Stammdatenverwaltung.\nIch kann im Stundenplan sehen, ob Hausaufgaben aufgegeben sind. Ich kann auch erkennen, ob das Kind sie abgehakt hat (dann wäre der Böppel grün).\nIn der Hausaufgabenansicht bekomme ich das kompakter, als Liste.\nFehlzeiten, entschuldigt und unentschuldigt, bekomme ich auch mit.\nStundenplan für den 12. Januar 2023, mit Unterrichtsbeginn um 9:35. Es ist eine Doppelstunde Geschichte, dann Kunst, dann zwei Doppelstunden O\u0026amp;O. Zu Geschichte ist eine Hausaufgabe vorhanden, die noch nicht abgehakt ist.\nIn der Notenansicht sind die letzten Ergebnisse, das Datum des neusten Ergebnisses und die Note selbst (hier zensiert) jeweils sichtbar.\nDie Notenansicht. Sie zeigt jeweils das Datum des letzten Ergebnisses und (hier zensiert) das letzte Ergebnis, sowie die Anzahl der vorliegenden Ergebnisse. Man kann dann auf die einzelnen Leistungsnachweise zurückblättern.\nAuf diese Weise ist zwischen allen Beteiligten jeweils die Faktenlage aktuell und transparent dokumentiert und es geht nichts verloren. Alles in allem ist das recht effektiv.\nWir hatten vor den Weihnachtsferien das erste Elterngespräch auf der neuen Schule. Da von den Sachfragen her alles klar war, haben wir mit dem Kind und zwei Lehrkräften zusammen gesessen und dann mal darüber geredet, wie das so ist mit Niederländisch als Zweitsprache an der VWO, und wo noch was zu machen ist.\nMit einem deutschen Elternabend komplett nicht vergleichbar.\nDas ist bemerkenswert, weil die Lehrerausbildung in Deutschland sehr viel besser ist. Hierzulande ist Lehrer ein Ausbildungsberuf, und je nach Hintergrund haben die betreffenden Personen zwischen sechs Monaten und drei Jahren Ausbildung erhalten. Der Rest muss per Weiterbildung und durch Assimilation \u0026ldquo;on the Job\u0026rdquo; passieren. Man kann am Alter der Lehrkraft schon grob abschätzen, wie umfassend ihr Repertoire an Methodik, Konfliktlösung und Kommunikationstraining ist. Und wie bei Handwerkern auch ist das Spektrum an Leistungsunterschieden sehr viel breiter, als man das von Deutschland gewohnt ist, weil die Ausbildung selbst sehr viel individueller und variabler ist.\nSchwächen, aber nicht bei der Technik Alles in allem kann man sowohl für die Grundschule als auch die VWO sagen, daß die Technik funktioniert.\nDie Schulgebäude sind modern, sauber und gut renoviert. Die Ausstattung mit der Technik ist natürlicht nicht optimal, aber weitgehend adäquat, und die Räume sind von der Ausstattung her in der Lage, die Technik zu tragen. Das gilt insbesondere auch für Netz in die Schule (Glasfaser) und Wifi (aktiv gemanaged und auf die Anzahl der Clients abgestimmt, mit einer Abdeckungs- und Lastanalyse).\nVerwaltung und Betrieb sind an ICT-Firmen ausgelagert, die mit den Verwaltungsanwendungen und Google Edu umzugehen wissen. Erwartungsgemäß kommt es dabei zu Beginn des Schuljahres zu einzelnen Rucklern und Rechteschwankungen, die jedoch teilweise erstaunlich lange in der Bearbeitung brauchen. Am Ende hat es 14 Tage gedauert, bis alle Schüler in ihren Klassenverbänden mit den korrekten Stammdaten und Rechten registriert waren.\nMithalten ist Arbeit Die Schule selbst steht zum Teil vor großen pädagogischen Problemen, weil die Leistungsstände der Kinder beim Umgang mit Rechnern und mit der speziellen Umgebung extrem unterschiedlich sind. Sie darf nichts voraussetzen, aber die meisten Kinder kennen sich mit der Technik gut genug aus, um sofort loszuarbeiten und einzelne Kinder haben einen Leistungsstand, der dem der Lehrkräfte vergleichbar ist. Dies zu vereinheitlichen und dabei weder oben noch unten Leute zu verlieren ist nahezu unmöglich, und auch nicht gut gelöst.\nDie oft gehörten Bedenken \u0026ldquo;große Konzerne drängen auf den Bildungsmarkt, und versuchen Abhängigkeiten zu erzeugen, Curricula zu pushen und Kunden für die Zukunft zu binden oder Daten zu monetarisieren\u0026rdquo; lassen sich durch Beobachtung von meiner Seite nicht bestätigen.\nEs bestehen Probleme, aber die sind anderer Art. In \u0026ldquo;ICT Basisvaardigheden\u0026rdquo; wird teilweise Unterrichtsmaterial verwendet, das Spezifika von Windows-Programmen voraussetzt und abfragt. Aber die Schule setzt Chromebooks ein und wir haben Apple daheim. Das Kind \u0026ndash; im Grunde sehr sicher im Umgang mit Rechnern \u0026ndash; kommt aufgelöst angerannt und fragt sich, wie es die Aufgabe lösen soll. \u0026ldquo;Ja\u0026rdquo;, sagt die Schule, \u0026ldquo;wir können das Unterrichtsmaterial nicht schnell genug anpassen.\u0026rdquo;\nArbeiten in lokalen und verteilten Gruppen Auch in der Gestaltung des Unterrichts stößt die Schule teilweise an ihre Grenzen, hier dann aber wegen Ausbildungs- und Umsetzungsschwächen. Diese spezielle Schule ist sehr stolz auf das Fach O\u0026amp;O (\u0026ldquo;Onderzoek \u0026amp; Ontwerpen\u0026rdquo;, \u0026ldquo;Untersuchen und Entwerfen\u0026rdquo;). Die Grundidee ist fantastisch, weil das eine schulbegleitende, fächerübergreifende Ingenieursanwendung ist: Die Kinder sollen in Kleingruppen, gemeinsam, ein konkretes real-weltliches Problem lösen, also zum Beispiel ein Löwengehege im Artis-Zoo von Amsterdam entwerfen oder eine Upcycling-Lösung für ein Produkt einer Firma entwerfen.\nDie Umsetzung scheitert auf mehr als einer Ebene, und das müßte sie im Grunde nicht. Wir reden hier nach deutscher Skala von Kindern 7. Klasse Gymnasium, die in einem neu zusammengewürfelten Klassenverband die neue Schule beginnen. Sie werden zufällig und für jedes Projekt neu in zufällige, nicht selbstbestimmte 4er-Gruppen geworfen, und natürlich geht das Team danach immer wieder neu durch die Forming, Storming, Norming and Performing-Phasen. Das wäre leicht vermeidbar, wenn man dies verstünde, die Teams stabil ließe und dabei dann behutsam Ausgleichs-Umbesetzungen vornähme, wo das notwendig ist.\nDie einzelnen Aufgaben werden teilweise mit recht wenig Begleitung und gewiss ohne Meta-Ziele in die Teams geworfen. Es wäre total sinnvoll, die erste Aufgabe als Wegwerf-Projekt zu inszenieren und dabei nicht nur den Gebrauch der Google-Office-Werkzeuge zu lehren, sondern auch kollaboratives Arbeiten, Strukturierung der Arbeitsumgebung, und dabei den Teams Zeit und Raum zu geben, gemeinsame Normen und Methoden zu finden. Auch diese Chance wurde vergeben.\nEbenso hätte man bei verschiedenen dieser Projekte die Konzepte von Stakeholdern, multilateralen Zielen, Design Constraints und andere Dinge einführen können. Artis ist zum Beispiel ein Zoo, der auf enorm kleinem Raum auskommen muß, weil er mitten in einer dicht gepackten Innenstadt liegt. Die Bedürfnisse von Tieren, Besuchern, Wärtern und die finanziellen Constraints der Betreiber unter einen Hut zu bekommen ist so gut wie unmöglich, aber selbst mit einer vereinfachten Aufgabenstellung hätte man zumindest diese Blickwinkel, harte und weiche Einschränkungen und dergleichen mehr ansprechen können und das Projekt so pädagogisch sehr viel wertvoller machen können.\nIch bin nicht nahe genug dran, um beurteilen zu können, warum das so ist, aber ich habe den laienhaften Eindruck, daß es da an strukturierter Aufbereitung der Ziele und der pädagogischen Umsetzung mangelt. Dort wären viele \u0026ldquo;leichte\u0026rdquo; Gewinne und einfache Verbesserungen möglich.\n","date":"2022-12-30T00:00:00Z","href":"https://blog.koehntopp.info/2022/12/30/was-mein-kind-in-der-schule-so-macht.html","tags":["lang_de","schnuppel","bildung","security"],"title":"Was mein Kind in der Schule so macht"},{"categories":null,"content":"In Mein Sohn sitzt vor dem Computer und in Schulen digitalisieren ging es schon einmal um den Einsatz von Computern in der Schule, in Deutschland und in den Niederlanden.\nVWO Jetzt stand bei uns letzten Sommer nach dem Ende der 8. Grundschulklasse (der deutschen 6. Grundschulklasse) der Schulwechsel auf die VWO an. VWO steht für \u0026ldquo;Voorbereidend wetenschappelijk onderwijs\u0026rdquo;, studienvorbereitender Unterricht, und entspricht noch am ehesten einem deutschen Gymnasium. So wie es in Deutschland Gymnasien mit unterschiedlicher Ausrichtung gibt, gibt es das auch in den Niederlanden und der Name \u0026ldquo;Gymnasium\u0026rdquo; steht für eine VWO mit altsprachlicher Ausrichtung, der Name \u0026ldquo;Atheneum\u0026rdquo; für VWO mit einer technisch-naturwissenschaftlichen Ausrichtung, und es gibt noch ein paar weitere Geschmacksrichtungen. Die Schulart ist VWO.\nWie auch schon in der Grundschule werden im Unterricht unter anderem Chromebooks benutzt und der Online-Teil des Unterrichts um Google Edu herum strukturiert. In einer Diskussion mit Deutschen gab es dabei einen Haufen komische Vorstellungen, was das ist, wieso das nützlich ist und natürlich einen Haufen Befürchtungen, ob das nicht gefährlich ist.\nChromebook Ein Chromebook ist ein normaler Laptop mit Linux, der direkt in einen Chrome Browser bootet. Auf dem Gerät werden keine Daten gespeichert, alle Daten werden in den Diensten hinterlegt, die man mit dem Gerät nutzt.\nChromebooks gibt es in sehr unterschiedlichen Leistungsklassen und Preislagen. Von 200 Euro Wegwerf-Geräten bis zu 2k Euro mit Touchscreen und dicken CPUs ist alles vorhanden, auch wenn der Schwerpunkt eindeutig auf kostengünstigen Geräten mit niedrigem Energieverbrauch und langer Akkulaufzeit liegt.\nWir haben gar keines gekauft, sondern ein Angebot eines von der Schule empfohlenen Dienstleisters wahrgenommen, und mieten für 13.70 Euro im Monat. Dadurch haben wir immer ein aktuelles und funktionsfähiges Gerät (und Daten können prinzipbedingt sowieso nicht verloren gehen), und brauchen uns keine Sorgen zu machen.\nTechnisch ist das so, daß das Kind ein von der Schule bereitgestelltes Google Edu Login bekommt. Mit dem Login kann er sich auf dem Gerät oder auf seinem Rechner daheim anmelden. Danach kann er dann die von der Schule bereitgestellten Dienste und Daten nutzen. Dabei spielt es keine Rolle wo er ist, und ob er das Chromebook oder seinen privaten Rechner benutzt, solange er im Browser mit der Schul-Identität unterwegs ist.\nAngenehm ist, daß\ndas Gerät im Grunde keine Rolle spielt, sondern nur das Login wichtig ist keine Daten auf dem Gerät sind, sodaß nichts verloren gehen kann und nahtlos zwischen daheim und der Schule gewechselt werden kann der Chrome-Browser mehrere Identitäten verwalten kann, sodaß das Kind sowohl auf dem Chromebook als auch auf dem privaten Rechner in unterschiedlichen Fenstern unterschiedliche Identitäten haben kann Zugriffsregeln und Rechte vom Login abhängen und nicht vom Gerät Nützlich ist auch, daß das Gerät eine Tastatur und Maus hat. Dadurch kann man auf dem Gerät sinnvoll schreiben und Inhalte erzeugen. Es gibt Geräte mit Touchscreen und Tablet-Betrieb, wenn man das auch braucht, aber generell sind dies \u0026ldquo;richtige Laptops\u0026rdquo; und keine Tablet-Geräte, die auf Konsum von Inhalten optimiert sind.\nKeine Viren Chromebooks unterscheiden sich von normalen Computern dadurch, daß sie in der normalen Betriebsart einen \u0026ldquo;trusted boot\u0026rdquo; durchführen. Das System ist dann vom Systemstart an validiert und durch Prüfsummen abgesichert \u0026ndash; weder das System noch der Browser können durch Viren, unangemeldete Systemerweiterungen oder Browser-Plugins \u0026ldquo;verunreinigt\u0026rdquo; werden. Wenn der Zustand des Rechners einmal fragwürdig sein sollte, drückt Ctrl-Alt-Shift-R und wählt Restart -\u0026gt; Powerwash. Das System führt dann einen \u0026ldquo;Powerwash \u0026rdquo; durch, und ist danach wieder auf den abgesicherten Fabrikzustand zurückgesetzt. Nach einem neuen Login hat man dann ein sauber aufgesetztes System und seine Daten.\nDas ist für die Schule angenehm, denn dies ist in der Tat die gesamte Gerätewartung, die vor Ort notwendig ist. Installation, Konfiguration und Wartung vor Ort entfallen komplett.\nGoogle Edu Für die Schule ist das Wegfallen der Gerätewartung und Installation angenehm, aber nur das User-Ende der Schul-Verwaltung. Der eigentliche Clou ist Google Edu, also \u0026ldquo;Google Workspace für Schulen\u0026rdquo;.\n\u0026ldquo;Google Workspace\u0026rdquo; ist für den Endbenutzer sichtbar die Sammlung von Werkzeugen, die früher unter dem Namen \u0026ldquo;Google Office\u0026rdquo; bekannt war. Also Gmail, Calendar, Drive, Docs/Sheets/Slides/Forms, und das Meet Konferenzsystem/Chat.\nIAM Wichtiger für die Schule selbst und für den Endbenutzer eher unsichtbar ist das IAM-Backend. IAM steht dabei für \u0026ldquo;Identitäts- und Access-Management\u0026rdquo;.\nDas ist die Struktur, die der Schule \u0026ldquo;Logindienste\u0026rdquo; und \u0026ldquo;Rechteverwaltung\u0026rdquo; bereitstellt. In Identität, Authentisierung, Autorisierung, Auditing und Accounting definiere ich eben diese Begriffe. Die Kurzform:\nIdentität ist der Login-Name, der mich im Kontext meiner Organisation repräsentiert. Also so etwas wie \u0026ldquo;kristian.koehntopp@schulname.nl \u0026rdquo;. Authentisierung ist der Mechanismus, oder die Kombination von Mechanismen, mit der ich gegenüber dem System beweise, daß ich wirklich \u0026ldquo;kristian.koehntopp@schulname.nl \u0026rdquo; bin. Also so was wie mein Paßwort und der Knopfdruck auf meinem Yubikey. Anker ist die Bestätigung der Organisation, daß ich wirklich zur Organisation gehöre und welche Rolle ich dort habe. Das ist vor allen Dingen bei Self-Signup wichtig, also wenn man Login nicht durch die Schule generiert worden wäre, sondern ich mich selbst anmelde. Mit der Verankerung verhindert die Organisation, daß jemand sich anmeldet und sich selbst dann Attribute wie \u0026ldquo;gehört der Schule an\u0026rdquo;, \u0026ldquo;ist Mitglied des Lehrkörpers\u0026rdquo; und so weiter zuweist. Autorisierung ist der Satz an Rechten, den ich auf Grund meiner bewiesenen Identität habe. Der Rechtesatz ist in der Regel identisch mit dem vieler anderer Nutzer, die die gleiche Rolle wie ich haben (\u0026ldquo;Schüler\u0026rdquo;, \u0026ldquo;Lehrer\u0026rdquo;, \u0026ldquo;Administrator\u0026rdquo;). Der Rechtesatz kann automatisch generiert werden, wenn verifizierte Attribute bereitstehen (\u0026ldquo;Lehrer\u0026rdquo;-Rolleninhaber können nur die Daten \u0026ldquo;ihrer Klasse\u0026rdquo; sehen). Auditing ist ein nicht abschaltbares, nicht veränderbares Logbuch von systemrelevanten Aktivitäten im System, bei dem das Verändern von Systemobjekten durch Benutzer mitgeloggt wird. Ein Audit-Event ist dann so etwas wie \u0026ldquo;Der Lehrer Lempel hat die Mathematik-Note von Kristian Köhntopp am \u0026hellip; um \u0026hellip; unter Benutzung der IP \u0026hellip; auf 3 gesetzt.\u0026rdquo; Accounting ist ein spezielles Auditing, das die Grundlage der Rechnungslegung ist. Der eigentliche Clou, für die Schule und ihre Administration, ist dabei das IAM, also die Tatsache, daß der Schule und ihren Partnern ein konfigurierbares, offenes IAM bereitgestellt wird. Partner kann dabei auch ein IT-Partner sein, also eine Firma oder Behörde, die für die Schule die Konfiguration und den Betrieb von Google Edu übernimmt. Dabei ist das System selbstverständlich so gestaltet, daß ein solcher Partner zwar die Rechte der Benutzer konfigurieren kann, aber natürlich nicht ihre Daten sehen oder verändern.\nOAuth2 Google Edu stellt dabei wie viele andere Systeme auch \u0026ldquo;OAuth \u0026rdquo; als Login-Mechanismus bereit. OAuth ist ein Verfahren, mit dem ein IAM-Dienstleister (also etwa Google Edu) externen Diensten Identitäten beglaubigen und bereitstellen kann. Dabei kann für jeden Dienst einzeln und unterscheidbar Zugriff gewährt werden, der Zugriff an Rechte und Rollen gebunden werden, und für den Benutzer sichtbar gemacht werden, welche Dienste wann warum worauf zugegriffen haben.\nWenn die Schule also etwa mit Schulbuchverlagen und den Anbietern von Schulsoftware zusammenarbeitet, dann kann die Schule Anwendungen von solchen Anbietern einzelnen Schülern oder Klassen zuweisen. Die Schule kann dabei auch festlegen, welche Daten vom Schüler (\u0026ldquo;keine, nur ein anonymes Identifikationstoken\u0026rdquo;, \u0026ldquo;die Loginkennung\u0026rdquo;, \u0026ldquo;der volle Name des Schülers\u0026rdquo;, \u0026ldquo;die Daten des Schülers in anderen Diensten\u0026rdquo;) mit dem Softwareanbieter geteilt werden. Schüler können die ihnen zugewiesenen Anwendungen sehen, und auch welche Daten und Rechte damit verbunden sind. Anbieter von Anwendungen können sich sicher sein, daß die Identitäten der Nutzer authentisch sind.\nAlle können im Falle einer Sicherheitsschwankung die Auswirkungen begrenzen: Sollte es zu Einbrüchen bei externen Anbietern kommen, können Zugriffs-Tokens zurückgerufen werden und die Account-Sicherheit so vergleichsweise einfach wieder hergestellt werden. Zugleich ist durch die Datenverwaltung von IAM und OAuth klar, welche Daten im Zugriff waren und welches Ausmaß der Schaden hat.\nPlattform Selbst ohne die Google-eigenen Anwendungen ist das Zusammenspiel von IAM, OAuth und Chromebook schon sehr viel wert. Für die Schule und die Anbieter von Inhalten entsteht so eine offene Plattform, gegen die entwickelt werden kann: Anbieter können sich auf der Basis von offenen Standards (HTML, CSS, Javascript, dokumentierte Browser-APIs) und verifizierten Identitäten mit einem Rechtesystem in einem Ökosystem gruppieren, in dem sich Dienste anbieten, regeln und abrechnen lassen.\nDie Plattform selbst besteht dabei aus gut verstandenen Komponenten: Linux, Chrome, offenen Standards und Schnittstellen und einem vielfach verifizierten und zertifizierten Dienstanbieter mit einem ausgezeichneten Sicherheitsbewußtsein.\nDazu kommen optional noch die Werkzeuge aus dem Google-Werkzeugkasten selbst. Aber dies sind auch nur Anwendungen, die wie externe Anwendungen dazu geschaltet werden können.\nAnders als andere Plattformen (\u0026ldquo;iPads\u0026rdquo;) oder selbst gekochte Lösungen (\u0026ldquo;Moodle und Jitsi plus einige Extras\u0026rdquo;) gibt es ein verifiziertes und zertifiziertes Betriebs- und Rechtekonzept, das auch von externen Dienstleistern gut verstanden und unterstützt wird.\nDas ist bemerkenswert, weil dies bisher nicht nur bei deutschen Schulen, sondern auch bei fast allen europäischen Cloud-Anbietern ein blinder Fleck ist: Während es viele europäische Dienste gibt, die (meist auf der Basis von Openstack) virtuelle Maschinen oder Dienste anbieten, gibt es kaum einen europäischen Cloud- oder Schulanbieter, der IAM/OAuth und ein Verwaltungs-Framework darum herum anbietet. Ganz zu schweigen von \u0026ldquo;Null Aufwand\u0026rdquo;-Clients, die eine über viele Jahre stabile und weiterentwickelte Hardware in Schülerhand darstellen, und bei der sich die Verwaltungsarbeit zentral gesteuert und kryptografisch abgesichert bis in den Client hinein erstreckt.\nTatsächlich ist es so, daß die Diskussion in Deutschland sich meist in abstrakten Datenschutzbeschwörungen (\u0026ldquo;Google böse\u0026rdquo;) und Hardware-Streitereien (\u0026ldquo;iPads oder Windows-Laptop\u0026rdquo;) Gerede erschöpft. Es wäre sinnvoller, stattdessen einmal Ende-zu-Ende Betriebskonzepte zu besprechen und bewerten. Und dabei die Erkenntnisse und Entwicklungen der letzten zehn Jahre auf dem Gebiet der Auftragsdatenverarbeitung (\u0026ldquo;Cloud\u0026rdquo;) und des Rechnerbetriebs zu berücksichtigen.\n","date":"2022-12-29T00:00:00Z","href":"https://blog.koehntopp.info/2022/12/29/chromebooks-in-der-schule.html","tags":["lang_de","schnuppel","bildung","security"],"title":"Chromebooks in der Schule"},{"categories":null,"content":"When asking for help in Libera Chat , in the #mysql channel, people will ask you to use the mysql command line client. They will also point you to dbfiddle.uk for asking questions. Specifically, when using phpMyAdmin, you will get hate.\nWhy is that?\nWhen asking for help, it is almost impossible to help a GUI user, because they will need to paste screenshots in order to document what they did. The screenshots do not help us. They are hard to read, and do not contain the information about the problem you need help with in textual form.\nAlso, it is often that GUI users do not see all the details from a large result set cell. Specifically, things such as the output of SHOW ENGINE INNODB STATUS and similar usually fail to display in a GUI in a meaningful way. This is never a problem with a command line client, even if that client is used in a wrong way.\nFinally, many GUI clients disconnect and reconnect between queries, and this is hardly documented. This makes it impossible to use connection scoped state , such as transactions, @variables or per-session config. Specifically, by construction, phpMyAdmin cannot handle this at all.\nThis is why we ask users to use the mysql command line client. It works, we know it works, and it can handle large result sets in a way that is helpful to you and us.\nUsing \\g and \\G The mysql command line client has an online help. Type \\h and read it. It is useful.\nThe command line client also has readline support. That means, emacs editing keys and cursor keys work. You can C-A, C-E, Esc f and Esc b and similar. You can C-R for history search.\nThe command line client requires that you use ; or \\g (\u0026ldquo;go\u0026rdquo;) to terminate a command. This will print the result set in a box.\nkris@localhost [kris]\u0026gt; show tables; +----------------+ | Tables_in_kris | +----------------+ | t | +----------------+ 1 row in set (0.00 sec) kris@localhost [kris]\u0026gt; select * from t; +----+------------+ | id | start_date | +----+------------+ | 1 | 2022-11-01 | | 2 | 2022-11-02 | | 3 | 2022-10-09 | | 4 | 2022-09-01 | +----+------------+ 4 rows in set (0.00 sec) You can also use \\G (note the upper case \u0026ldquo;G\u0026rdquo;) to terminate a command. This will output results as Key-Value pairs.\nkris@localhost [kris]\u0026gt; show tables\\G *************************** 1. row *************************** Tables_in_kris: t 1 row in set (0.00 sec) kris@localhost [kris]\u0026gt; select * from t\\G *************************** 1. row *************************** id: 1 start_date: 2022-11-01 *************************** 2. row *************************** id: 2 start_date: 2022-11-02 *************************** 3. row *************************** id: 3 start_date: 2022-10-09 *************************** 4. row *************************** id: 4 start_date: 2022-09-01 4 rows in set (0.00 sec) $HOME/.my.cnf The mysql command line client will read a $HOME/.my.cnf, if you install one. It will, among other sections, also read the [mysql] section.\nHere is a meaningful $HOME/.my.cnf. Note that in my case, I include a cleartext password for a throwaway user on purpose, for convenience.\nkris@server:~$ cat .my.cnf [mysql] user=kris password=geheim database=kris show-warnings prompt=\\U [\\d]\u0026gt;\\_ I am using prompt= to get a useful prompt. I am using show-warnings, because I do want to see all warnings, all the time, straight into my face.\nI could put the connection data (user= and password=) into a [client] section. This would also be read by mysqldump and friends, and make it even more convenient.\nPager Sometimes I use\nmysql\u0026gt; pager less mysql\u0026gt; select * from largetable where condition=\u0026#39;manyrows\u0026#39;; ... The select result will then show up in less, which is useful. I can disable this with nopager, or by using pager with no argument.\nSometimes I do\nmysql\u0026gt; pager grep whatIwant mysql\u0026gt; select * from largetable where condition=\u0026#39;hardtofind\u0026#39;; ... mysql\u0026gt; nopager This will pipe the result through grep instead of using less. Yes, this is funny, because using grep on a database result is a kind of joke. But it is also useful.\npager pspg If you want, you can install pspg and use pager pspg to get fancier output. Try\nmysql\u0026gt; pager pspg mysql\u0026gt; select * from t; It will work:\npager pspg shows the output of select * from t. The cursor can be moved to select rows and columns. Hit q to quit.\nIt will also handle SHOW ENGINE INNODB STATUS just fine.\nThe oversized output of SHOW ENGINE INNODB STATUS in pager pspg in the MySQL command line client.\nNote that pspg kind of defeats the purpose of the Command Line client for copy and pasteable results. Do not use it when asking for help or working with dbfiddle. Do use it at other times, if you care.\nThis article mostly exists so that I can paste the URL when needed.\n","date":"2022-12-28T00:00:00Z","href":"https://blog.koehntopp.info/2022/12/28/mysql-the-command-line-client.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: The command line client"},{"categories":null,"content":"I quit often. At least once a year, but there have been years when I have been quitting four times.\nEvery time before a performance evaluation, or before important meetings, I sit down and write myself a notice. I pull up a word processor, start the empty business letter template, fill in the details and the date, and then write the three or four sentences necessary to inform my employer that the time has come to part ways. I print this, collect the letter, fold it properly and put it into an empty unsealed envelope.\nThen I pull it out, unfold it and put it in front of me. Time to start thinking.\nThere are the logistics of quitting.\nA lot of that is about obligations and finance. Could I actually walk out of the meeting, leaving the letter behind?\nThere have been times, when I was younger, where I easily could have done that. Not owning property, being unmarried and without child.\nBeing a consultant, with 180 travel days a year, I had to build my own personal insurance anyway. That\u0026rsquo;s 400 in the pocket at any point in time, 4k on an unused rescue credit card \u0026ndash; enough to take me home on my own from anywhere my job would take me. And a coordinate transformation on my checking account that sees a few 10k as Zero, to provide immediate emergency burn fuel.\nEnough buffer against possible bumps anywhere in the world is also enough buffer to leave when necessary.\nWith a family and a house, things are more complicated, and no longer immediate.\nAn exit plan cannot be \u0026ldquo;walking out and leaving the letter\u0026rdquo; when an uninterrupted cash flow is part of the requirements. But writing the letter is still an important focus point. So I kept the tradition.\nIt is like a business continuity management plan, but for your soul.\nWith the logistics done, it is time to lift the gaze from the path in front of my feet, up to the horizon.\nWhat did I do the last few months? What projects do I have been part of? What have I learned? How have I grown? And is the place I am in still the place that would let me grow?\nThere are no abstract questions. But in my mind they only become real when I sit in front of this piece of paper, and think about staying or leaving. I have made sure I could leave if I wanted. Now it is time to think about what I want from this place to make me stay.\nI sometimes explain this to others as the story of the two contracts.\nWorking in IT, you always have two contracts:\nOne is written. It says what your job title is, where you work, and what they pay you. It says what your notice period is.\nThe other one is unwritten. It is the unspoken agreement about the level of autonomy you have, and the decisions you can be part of. It is the environment you work in and what challenges you can learn from. It is about the things you build.\n\u0026ldquo;Autonomy, Mastery and Purpose\u0026rdquo;\nWorking in IT, I always signed, and I always actually quit, because of this second contract. When it expires or is violated, it is time to actually leave.\nThen it all becomes about people.\nCompanies by construction are usually not loyal to their employees. In general, as organisations they can\u0026rsquo;t. Some people inside an org maybe secretly work against the objectives of the organisations and are loyal to other people.\nAs a person, I always work with other persons. Over the last 30 years, it has become clear that these persons stay, even when I move. I am part of my own personal tribe. I have been building it, maintaining it over a few decades, and when necessary they have been there for me, and I have been there for them.\nPart of the meditation of quitting is also remembering these people. Maybe they need me. Maybe I need them. Maybe I miss them. Maybe some of them have an invitation or an opportunity for me. Holding the bond of my current second contract against the pulls from my relationships gives me an important calibration of where I am, who I am and if I am honest with myself.\nUsually then I have come to some conclusion and I have a plan. I can fold the notice back up into the envelope, put it into my jacket, and walk into that meeting.\nI am now grounded, and I know my boundaries, and my goals.\nI know who I am. For some reason that seems to scare people.\nUsually then I don\u0026rsquo;t actually have to quit. But being able to do that, and understanding when and why helps a lot.\nOn 2023-Jan-31, after almost another seven years, my second tour of Booking.com will come to an end. It was a different ride than the first, it was still amazing, and I met the most wonderful and amazing people. Still, I have been called, and the second contract is up. I have to move.\n","date":"2022-12-27T00:00:00Z","href":"https://blog.koehntopp.info/2022/12/27/meditations-on-quitting.html","tags":["lang_en","work"],"title":"Meditations on Quitting"},{"categories":null,"content":"For the last 15 years, one popular way to persist large amounts of data has been Hadoop, if you needed them persisted in such a way that you can still process them.\nOf course, from a database point of view, brute forcing a result by scanning compressed CSV files in parallel, and then building giant distributed Hash Joins is not very elegant. But two facts were true in 2006 influenced Hadoop\u0026rsquo;s design, and which allowed it to process data at all at a scale where all other things failed:\nDisk Seeks are expensive, so we cannot have indexes. Network capacity is limited, so we cannot move the data to the code. Using these two basic assumptions, Hadoop\u0026rsquo;s core inventions were pioneered by Google, and then reproduced as Open Source by Yahoo!\nGoogle published the GFS Paper and the Map Reduce Paper pretty much 20 years ago.\nDoug Cutting started building the initial version of Hadoop in 2006, and it is basically like this:\n\u0026ldquo;Store data in optionally compressed CSV files in 128 MB strips on a bunch of JBOD disks, replicating all data 3 times. Then download small Java classes to the data store instead of moving the data to the processing nodes, and run the Map-Reduce Algorithm on these file fragments, merge sorting the result into an aggregate during the reduce phase.\u0026rdquo;\nThis was slow: Even a simple rowcount-Query would have at least a minute or two runtime, because of the setup times inherent to this solution. Hadoop needed to distribute a jar with Java Classes, fire of a JVM on the datanodes, warm up the JVM for the JIT to get up to speed, and then push the parts of the data present on the local node through this. Eventually, the completed result set needed to be sorted, and then shipped over the network to the reducers, which would then merge-aggregate the data into a partitioned result set.\nIt was also hard to maintain and upgrade, because you had one large shared cluster with many stakeholders being dependent on it running and behaving in a certain way.\nA lot of gradual improvements happened over the last 15 years, so today\u0026rsquo;s Hadoop stores data in a more efficient way, has lower setup times, and can be managed better. It still is a rather primitive brute-force processing system, and ripe for disruption.\nAnd that is happening right now.\nTechnology improved, challenging Hadoop\u0026rsquo;s base assumptions That is, basically, because the initial assumptions on which it was built are no longer true.\nNetwork Capacity is not the bottleneck Assumption 2, Network Capacity is limited, has not been true for at least 10 years.\nGoogle had been playing with CLOS network architectures for a long time, and in Jupiter Rising described their bespoke switch architecture that allowed them to build data centers where the network by construction is never the bottleneck.\nSpecifically in the Hadoop world that is not exactly news: Tail-drops from network congestion during the Shuffle-Phase between Hadoop\u0026rsquo;s Map and Reduce were a common problem.\nTerasort, a benchmark that sorts one Terabyte of generated data, was a popular way to test the network component of a Hadoop deployment:\nDuring the Map-phase all workers would sort their data, and because it was randomly generated, finish at approximately the same time. Because sorting does not aggregate data, the data blocks would then all lift off, at their full size, and transfer over the network to the Reducer nodes. If the network was oversubscribed or badly built, this would overwhelm the switches, exhaust buffers, engage RED and lead to packet loss. \u0026ldquo;Profiling the network performance of data transfers in Hadoop Jobs\u0026rdquo;, Biligiri, Ali (2014) , Network transfer rates over the lifetime of a terasort job. The Shuffle phase reaches 700 MBit/s, which was the peak transfer rate measured during testing.\nAWS, which did not yet have Leaf-and-Spine in 2014, and which provisioned 1 GBit/s links between nodes at that time, showed behavior as depicted above, when hosting a test cluster running Terasort.\nOf course, CLOS-networks, specifically Leaf-and-Spine architectures, do not require bespoke custom hardware as Google deployed. Brad Hedlund, then working for Dell, described Leaf-and-Spine architectures built from Off-the-shelf Hardware for Hadoop already in 2012, and described that in a series of articles.\n\u0026ldquo;Construct a Leaf Spine design with 40G or 10G? An observation in scaling the fabric\u0026rdquo;, Brad Hedlund (2012) . On today\u0026rsquo;s hardware this is of course done with different hardware and at higher speeds, for example some Juniper EX-hardware with 25G downlinks and 100G uplinks, or even with 100/400 if needed (most people don\u0026rsquo;t have that need).\nNetwork structures like this are oversubscription-free, when built properly. They are useful out of Hadoop contexts as well. For example, when running a private cloud with distributed storage, every disk access is potentially a network read or write, and again a structure where any CPU in any machine can talk to any disk in any other machine without network congestion is useful.\nWarum eigentlich Cloud (2015, german language, 5. Open Source Workshop of German Rail, Frankfurt) , Kristian Köhntopp. The slide shows traffic inside an Openstack cluster with distributed storage. East-West-Traffic between racks dominates, and the aggregated upstream bandwidth from the computes to the Top-of-Rack switches must be matched by adequate spine network bandwidth.\nIn Summary: People who needed the network to never be the bottleneck could have built networks that delivered this for the last 10 years. And most did, even using off-the-shelf parts. It is possible, and even economical, to build a network where any CPU in any machine can talk to any disk in any other machine within the same data center.\nGoogle themselves basically demonstrated this when starting around 2014 or so they offered virtualized, flexible Hadoop as a service. While that was a welcome simplification, nobody stopped and asked how they were doing this: Supposedly the network is the bottleneck, so the virtual machine would be subject to hard placement constraints, because it needed to be created wherever the data is. For a service that would be a harsh constraint, affecting service quality, yet the service ran just fine.\nSo how were they pulling it off? CLOS networking, of course, as documented in the whitepapers they published, but that meant that one of the two Hadoop/Map-Reduce funding assumptions was no longer valid.\nSeeks are not the bottleneck Another thing that started to change around 2012 was the rise of flash storage in computers. Initially, these things were small, so we would see them in write-heavy database servers first: These machines already were expensive, and at the core of the data center, so cost was less of an issue.\nOver time, flash prices dropped, and drives became larger.\nAlso, SATA interface were becoming a bottleneck. They were replaced by a system that put flash directly on the PCIe bus of the machine. This interface, called NVME became popular and available in standard data center machines around 5 years ago, in 2017.\nAnd since 2020 we have NVME over Fabric using TCP as part of the default Linux kernel, so remotely attached NVME (with and without RDMA) is a thing and useful. Check out lightbits , they have awesome products when it comes to low-latency remote storage.\nBecause it no longer forces serialization of requests, but basically allows parallel access to all the flash chips of the drive, it allows to build systems with massively parallel access. A single access still has a latency of around 1/20,000s, but a typical single drive is capable of delivering 800k to 1M IO operations per second, if the application(s) can manage to talk to the drive 50-way parallel at all times. And why stop at one drive, when you can have over a dozen per machine, if you have the PCI bandwidth for that?\nIn practice that means that seeks are now basically free, and data access structures and file-systems that allow massively parallel access have a huge advantage.\n\u0026quot;Operation Unthinkable - Software Defined Storage @ Booking.com \u0026quot;, Peter Buschman (2019). An AMD EPYC based single-socket machine with plenty of RAM and NVMRAM, 100 GBit/s NIC and up to 24 U.2 NVME drives from different, independently sourced vendors, using less than 500W, in 2U, running one out of 10 different storage server products optimized and certified for this platform. \u0026ldquo;There is one in every other rack!\u0026rdquo; \u0026ndash; Peter Buschman revolutionized storage at Booking.com with this design.\nNow what? Since the base assumptions that made Hadoop successful are now invalid, and have been for the last 5 years, we should see Hadoop being replaced.\nAnd we do: Hadoop is no longer a thing for investors, and companies offering Hadoop are either merging or going down.\nHTAP rises Other offers are on the rise, under the collective label of HTAP , Hybrid transactional/analytical processing. The promise is to have one single distributed database system not unlike Spanner that is capable of utilizing the capacity of many systems in one single database/schema for OLTP, and that is also capable of running analytical/BI queries in the same system (or even using the same tables).\nPromising representatives of HTAP databases are\nTiDB from Pingcap CockroachDB and \u0026ndash; with limitations - Heatwave . (Unlike TiDB and CockroachDB, Heatwave is not a true distributed database, but a distributed in-memory accelerator to a single-node MySQL OLTP frontend machine that transparently offloads analytics queries)\nNo cool-aid for me? In general, these systems are welcome, useful and innovative, because they allow database schemas to grow and spread to a cluster of machines, even for OLTP queries. Personally, I remain sceptical with regards to the integrated, copy-less processing of analytics queries.\nIn our DWH/BI-Series in this blog (and especially in Tying the BI pipeline together ) I have tried to explain why I believe the Transformation in ETL is a fundamental step that transforms from OLTP \u0026ldquo;normal form\u0026rdquo; (mostly 3NF) to BI \u0026ldquo;normal form\u0026rdquo; (the star and snowflake forms).\nNobody likes 3NF \u0026ndash; it complicates many things that should be simple, but we must use it in OLTP because data is being modified by transactions. Without it, we suffer from all kinds of anomalies, and normalization prevents these.\nDWH tables are different, because they are records of the past: They do not change (after all stragglers have been loaded), and because they are immutable, they cannot have anomalies. On the other hand, we want multiple copies of the same fact at different dates (maybe compressed with lookup tables or other compression methods), so that we can follow the changes of attribute values over time easily.\nRunning OLTP-like joins over 3NF data with history is a nuisance. It is not only painfully complicated to write, but also hard to optimize. But if the data is immutable anyway, we can bring it into a form optimized for the kind of temporal reporting query we want to run on it, and not care about anomalies.\nSize and Conway\u0026rsquo;s Law Also, keeping OLTP systems as small as possible has a lot of value in its own:\nWe can make casual changes to a 200 GB sized database. A data size of 2 TB has hours of change/setup time. A data size of 20 TB has one attempt in a workday. And a system with 120 TB of data is \u0026ldquo;one attempt per week\u0026rdquo; in terms of change. This is not entirely true for distributed systems, where parallel access can speed things up, but generally smaller and less complex systems are also easier and faster to operate.\nWe do know that a CDC-pipeline or applications set up to generate business level events can provide BI-pipelines at a near-live speed, with less than 15s processing time end-to-end. This is close enough to \u0026ldquo;live\u0026rdquo;, which is the promise of HTAP.\nBuilding systems around such pipelines segregates OLTP from BI, physically and putting them into different administrative domains, yet they still can provide near-live updates. While it may look more complex at first, it may map a lot better onto the realities of Conway\u0026rsquo;s Law, and yield smaller, more flexible, and less tightly coupled components.\nOn the other hand, I do like the technology in TiDB and CockroachDB, but that is mostly because the environment I work in suffers from transactional systems and schemas that happen to be larger than a single machine.\nI fully expect these systems to still have need to the 3NF-to-Snowflake transformation that is a characteristic of ETL, and I am not yet ready to buy into the Gartner HTAP hype, unless somebody can show me how this is better handled inside Cockroach or TiDB.\n","date":"2022-12-23T00:00:00Z","href":"https://blog.koehntopp.info/2022/12/23/from-hadoop-to-htap.html","tags":["lang_en","mysql","mysqldev","data warehouse"],"title":"From Hadoop to HTAP?"},{"categories":null,"content":"In Of Stars and Snowflakes we have been looking at the \u0026ldquo;normal Form\u0026rdquo; for Data Warehouses/BI structures, and how it differs from normal forms used in transactional systems. In ETL from a Django Model we looked at one implementation of a classical offline DWH with a daily load.\nThe normal BI structure is a fact table, in which an object identifier (the one we collect facts about) is paired with a point in time to report facts about the object at a certain point in time. That is, we have a table with a compound primary key, in which a component (usually the latter) has a time dimension. Fact tables are also often very wide, since we collect any number of facts about the object we report on for each point in time.\nFor certain types of data, it is useful to compress the data using lookup tables. That is, instead of reporting a certain value over and over again (\u0026ldquo;Intel Silver 4110\u0026rdquo; each time we report on a certain machine), we replace the string with an integer of appropriate size and resolve that with a lookup table on the side.\nThis can happen with one central string replacement table (lookup_strings), or structured per type (cpu_types, vendors, model_names). Both approaches have certain advantages and disadvantages, and sometimes you find both in the same system.\nWhy and how? In the transactional system, our objective is to complete the data lifecycle. That is, basically, we want to be able to delete data in order to get rid of finished transactions and their data at some point in time in order to keep the size of the OLTP system small, nice and stable. Other parts of the business still need the history record, and they need it as a history record. That is, they are not interested into the current data (\u0026ldquo;Where does the customer live now?\u0026rdquo;, \u0026ldquo;What does the article cost now?\u0026rdquo;), but into the values that were valid when the transaction happened (\u0026ldquo;Where did we deliver to?\u0026rdquo;, \u0026ldquo;How much did we bill?\u0026rdquo;).\nThe Extraction pulls data out of the realm of the OLTP system. And after it is extracted it can be deleted from the OLTP system, freeing space and keeping the size stable.\nWith the Extraction, we also have the Transformation in which the OLTP references to other normalized tables are resolved into literal attribute values which are the things we want to preserve at the value they had back then. The Transformation transitions the data from the OLTP classical database normal form into the form needed for a fact table, the data warehouse normal form.\nIn the Load phase, the data is loaded into the DWH/BI systems fact table. This is not just a data ingestion, but often also a validation and cleanup phase. And if the data is recompressed by replacing literal values with an integer ID into a lookup table, this usually also happens during load.\nThe fact that IDs in the DWH bear no relationship to IDs in the OLTP system is important and good: We are transferring data across an administrative boundary, from one system to another, and having a naming dependency across such a boundary is usually a recipe for desaster.\nExtraction Extraction can happen in nightly runs, by making a snapshot of the state of the OLTP system. This is what happens every night in ETL from a Django Model , and also in My private data warehouse .\nExtraction can also happen when writing transactions to a log table, often called sale, booking, reservation or similar. When the transaction is logged in a normalized way, it looks like the reservation table in the example in Change Data Capture .\nSome systems already copy the data over into such a reservation table literally, especially when it comes to delivery and billing addresses and prices. That is necessary, even from the point of view of the transactional system, because we must record the actual price and delivery address at the point in time when the sale happened. Later changes should not affect transactions that are in the middle of fulfillment.\nFor the purpose of the DWH system, this simplifies extraction and transformation, because the reservation table then already is more of less literally the data we want. We just need to grab it and preserve it.\nWhen the DWH wants \u0026rsquo;live\u0026rsquo; updates, this can happen by tailing the database log as a replication client, collecting the information of interest, converting it into target format and pushing it elsewhere. These days, most often that ends up being a JSON or Avro message on a Kafka Event bus, or similar, in a defined, versioned and documented format that is ideally independent of changes to the source OLTP systems structure.\nTransformation But getting from normalized 3NF OLTP format into resolved DWH literal value attributes is not always for free.\nThe nicest way of getting there is to have the source system prepare its private, internal transaction, and also prepare a transformed record in DWH form. Both are committed together in the same transaction, to the internal tables of the OLTP system, and an Outbox. The Outbox is under a contract between the producing OLTP and the consuming BI systems, and will not change unannounced.\nIn this case, the BI process can simply tail the binlog, grab only row change events on the Outbox tables, and process and export these. Internal table changes will also end up in the binlog, but the CDC extractor ignores these.\nIf that is not possible, we get random normalized change events from the OLTP systems internal tables. This is bad, because it is very hard to get a contract and a promise of announced change for them, and because here the data is not in BI form. So we get a bunch of 3NF \u0026ldquo;id\u0026rdquo; values and need to run queries backwards into the OLTP system to resolve them into literal values to perform the transformation. This is annoying, adds query load and also have the potential to grab \u0026ldquo;invalid\u0026rdquo; data, because there is a race condition and the referenced data may have changed between the commit of the record we caught, and the time we resolve the ID values.\nLoad Pushing CDC data \u0026ldquo;live\u0026rdquo; to a message bus is simple, and allows us to have multiple consumers for this. One standard consumer would simply take the event messages and persist them into tables in a really large analytics store such as Hadoop, Snowflake or similar. Other standard consumers in the environment I work in are aggregators that take events and aggregate them into time buckets. That is, values from events are counted (\u0026ldquo;This error occurred n times in the last minute\u0026rdquo;), summed up or otherwise classified, and the results are then forwarded as metrics into a time series store. Alerts can be generated from thresholds of metrics, or from presence of certain events in the stream.\nThe data load into the persistent store would also update default aggregations as you would expect from the star or snowflake around a fact table. Such aggregations would be \u0026ldquo;sales per region per day\u0026rdquo;, or \u0026ldquo;bookings per region per category per day\u0026rdquo;.\nSpecifically the aggregations to the metrics store are time critical, as they may be tied to alerts. We generally aim for a freshness (processing time for the entire pipeline) of less than 15s. Freshness itself is also a quality metric for the pipeline itself.\nMapping Fowler to Database terms The Fowler Wiki is now in many pages older than 10 years. Large parts of it are still hard to read if you are coming from a database background instead of application developer background. That is in part, because Fowler reinvents concepts and terms from a developer perspective that already exist in the database world, under different names.\nThe first time I hit that was when reading up on the cryptically named CQRS , which is just the concept the various ways of getting Materialized Views by another name.\nWe find this again with the concept of Event Sourcing , which for low quality low level events matches directly on CDC and Binlog capture. In order to provide better value, you would have to perform the T of ETL on the events, preferably as early as possible in the pipeline, that is, transform from 3NF to BI form either using the Outbox pattern or by instrumenting the application itself.\nFowler is never discussing checkpointing, an essential concept necessary to prevent unbounded startup times and unbounded event storage sizes from occurring.\nCheckpointing and cleanup exist in the database world the concepts of \u0026ldquo;Full Backups\u0026rdquo; associated with Log Positions, and then Logs starting from the checkpoint for a Point in Time Recovery.\nCheckpointing and Log compression also exist in the database world in the tiered log compactions we find in LSMs such as RocksDB: The database is writing an endless stream of idempotent row change events, and a compaction process reads the logs in the background, providing only still valid and recent row versions, and physically arranging the records in an advantageous way.\nEvents work reasonably well when you look vertically at a single transaction: The event propagates through your system of services, kicking off followup events that contain the original data and additional information accrued at this processing stage. They also work reasonably well for aggregations in time-bounded buckets or otherwise constrained contexts.\nThey work less well when the application has to implement choices, i.e. when you need to select one user account out of the storage of all users in the system, or when you need to allow a user to search the storage of all articles on offer and then allow them select one to buy. Here, traditional full materialization is necessary, and global state is manipulated.\nIn the end, looking at the table rows as the materialization and at the log as the stream of idempotent changes to the materialization over time it is clear to the database person that both things are the same. Looking at the various ways of implementing database systems, you will even find one posing as the other as needed, depending on the database product you look at (i.e. the LSM is a log, posing as a table, and other systems use tables to store logs).\n","date":"2022-12-22T00:00:00Z","href":"https://blog.koehntopp.info/2022/12/22/tying-the-bi-pipeline-together.html","tags":["lang_en","mysql","mysqldev","data warehouse"],"title":"Tying the BI pipeline together"},{"categories":null,"content":"A friend asked in Discord:\nI need a pointer to a solution in Jinja.\nGiven two lists, x: [a,b,c] and y: [d,e,f], I need the cross-join [\u0026quot;a.d\u0026quot;,\u0026quot;a.e\u0026quot;,\u0026quot;a.f\u0026quot;,\u0026quot;b.d\u0026quot;,…,\u0026quot;c.e\u0026quot;,\u0026quot;c.f\u0026quot;]. I know how to cross-join, but that then is a list of lists, and I want join the inner lists.\nAfter some experimentation the result was a set of nasty templating loops. There has to be a better way.\nThere are two:\nAnsible Custom Filters in Python Playbook We want a custom filter cross, which produces the desired result.\n# $ cat testing/myfilter.yml - name: Keks hosts: localhost gather_facts: false vars: x: [ \u0026#34;a\u0026#34;, \u0026#34;b\u0026#34;, \u0026#34;c\u0026#34; ] y: [ \u0026#34;d\u0026#34;, \u0026#34;e\u0026#34;, \u0026#34;f\u0026#34; ] tasks: - name: Keks debug: msg: \u0026#34;{{ x| cross(y) }}\u0026#34; Desired Output The playbook shall produce this output\nPLAY [Keks] ******************************************************************** TASK [Keks] ******************************************************************** ok: [localhost] =\u0026gt; { \u0026#34;msg\u0026#34;: [ \u0026#34;a.d\u0026#34;, \u0026#34;a.e\u0026#34;, \u0026#34;a.f\u0026#34;, \u0026#34;b.d\u0026#34;, \u0026#34;b.e\u0026#34;, \u0026#34;b.f\u0026#34;, \u0026#34;c.d\u0026#34;, \u0026#34;c.e\u0026#34;, \u0026#34;c.f\u0026#34; ] } PLAY RECAP ********************************************************************* localhost : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 Creating a custom filter For that, we need a directory filter_plugins next to the playbook (or in the role directory next to the tasks directory). Inside that directory, we place a Python file cross.py, which will contain our custom filter code.\n$ tree testing/ testing/ ├── filter_plugins │ └── cross.py └── myfilter.yml 1 directory, 2 files The file cross.py looks like this:\n1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 #! /usr/bin/env python3 from collections.abc import Iterable class FilterModule: def filters(self): return { \u0026#39;cross\u0026#39;: self.cross, } def cross(self, x, y, sepchar=\u0026#34;.\u0026#34;): if not isinstance(x, Iterable) or isinstance(x, str): raise TypeError(\u0026#34;parameter1 is not an Iterable\u0026#34;) if not isinstance(y, Iterable) or isinstance(y, str): raise TypeError(\u0026#34;parameter2 is not an Iterable\u0026#34;) if not isinstance(sepchar, str): raise TypeError(f\u0026#34;parameter3 is not a string\u0026#34;) z = [ f\u0026#34;{i}{sepchar}{j}\u0026#34; for i in x for j in y ] return z This defines a class FilterModule with a method filters(). The names are prescribed, and cannot be changed.\nIn the filters() method we are to return a dictionary with pairs of Jinja2 templating filter name (we want cross) and matching Python function or method reference (that is, the name a callable without parameter parentheses attached). In our example, we map the Jinja2 filter cross to the method self.cross() in our Python class (Line 8).\nThe actual cross() method is in Line 11. It takes 2 mandatory parameters, x and y and an optional parameter sepchar. The first two parameters x and y are supposed to be Lists or other Iterables that are to be cross-joined. We expressly prohibit strings, because they are iterable by character, but that is likely not what we want.\nThe third parameter sepchar is the separator character we are putting between these joined pairs. It defaults to . (dot) and can be left out.\nThe actual work is done in Line 21 after the error checks. We produce a list, which we return.\nWe can test with\n$ ansible-playbook testing/myfilter.yml which indeed produces the desired output.\nAnsible solution with native filters My friend had objections to shipping custom filters with a role. So here is a solution that uses no loops and only native filters.\nWe can use the Jinja2 default filter product to create a cross product:\n- name: Keks hosts: localhost gather_facts: false vars: x: [ \u0026#34;a\u0026#34;, \u0026#34;b\u0026#34;, \u0026#34;c\u0026#34; ] y: [ \u0026#34;d\u0026#34;, \u0026#34;e\u0026#34;, \u0026#34;f\u0026#34; ] tasks: - name: keks set_fact: z: \u0026#34;{{ x|product(y) }}\u0026#34; - name: Keks debug: msg: \u0026#34;{{ z }}\u0026#34; But this produces the list of lists mentioned in the beginning.\nPLAY [Keks] ******************************************************************** TASK [keks] ******************************************************************** ok: [localhost] TASK [Keks] ******************************************************************** ok: [localhost] =\u0026gt; { \u0026#34;msg\u0026#34;: [ [ \u0026#34;a\u0026#34;, \u0026#34;d\u0026#34; ], [ \u0026#34;a\u0026#34;, \u0026#34;e\u0026#34; ], ... We can use z: \u0026quot;{{ x|product(y)|map('join') }}\u0026quot; to produce the pairs we want:\nTASK [Keks] ******************************************************************** ok: [localhost] =\u0026gt; { \u0026#34;msg\u0026#34;: [ \u0026#34;ad\u0026#34;, \u0026#34;ae\u0026#34;, \u0026#34;af\u0026#34;, \u0026#34;bd\u0026#34;, \u0026#34;be\u0026#34;, \u0026#34;bf\u0026#34;, \u0026#34;cd\u0026#34;, \u0026#34;ce\u0026#34;, \u0026#34;cf\u0026#34; ] } But we need to pass a parameter to join(), because we want a . separator character. This is done by adding this parameter after the function to be mapped. So we need z: \u0026quot;{{ x|product(y)|map('join','.') }}\u0026quot; for our solution.\nThe run results in\nTASK [Keks] ******************************************************************** ok: [localhost] =\u0026gt; { \u0026#34;msg\u0026#34;: [ \u0026#34;a.d\u0026#34;, \u0026#34;a.e\u0026#34;, \u0026#34;a.f\u0026#34;, \u0026#34;b.d\u0026#34;, \u0026#34;b.e\u0026#34;, \u0026#34;b.f\u0026#34;, \u0026#34;c.d\u0026#34;, \u0026#34;c.e\u0026#34;, \u0026#34;c.f\u0026#34; ] } which is what we wanted.\nThe actual problem The actual problem looks like this, but in a single line:\n{%- for host in hosts -%} {%- for domain in domains -%} {{proto}}://{{ host }}.{{ domain }}:{{port}}{{ \u0026#34;, \u0026#34; if not loop.last }} {%- endfor -%} {{ \u0026#34;, \u0026#34; if not loop.last }} {%- endfor -%} The replacement with native functions looks like this, again in a single line:\n{{ [proto] | product(hosts | product(domains) | map(\u0026#39;join\u0026#39;,\u0026#39;.\u0026#39;) ) | map(\u0026#39;join\u0026#39;,\u0026#39;://\u0026#39;) | product([port])| map(\u0026#39;join\u0026#39;,\u0026#39;:\u0026#39;)| join(\u0026#34;, \u0026#34;) }} Using cross() it is a lot less ugly:\nproto | cross(hosts,\u0026#39;://\u0026#39;) | cross(domains) | cross(port,\u0026#39;:\u0026#39;) If proto or port are scalar, write them as [proto] and [port] to keep the syntax.\n- name: Keks hosts: localhost gather_facts: false vars: hosts: [ \u0026#34;hosta\u0026#34;, \u0026#34;hostb\u0026#34;, \u0026#34;hostc\u0026#34; ] domains: [ \u0026#34;domaina.net\u0026#34;, \u0026#34;domainb.com\u0026#34;, \u0026#34;domainc.org\u0026#34; ] proto: \u0026#34;https\u0026#34; port: \u0026#34;8443\u0026#34; tasks: - name: Keks debug: msg: \u0026#34;{{ [proto]|cross(hosts,\u0026#39;://\u0026#39;)|cross(domains)|cross([port],\u0026#39;:\u0026#39;) }}\u0026#34; yields\nTASK [Keks] ******************************************************************** ok: [localhost] =\u0026gt; { \u0026#34;msg\u0026#34;: [ \u0026#34;https://hosta.domaina.net:8443\u0026#34;, \u0026#34;https://hosta.domainb.com:8443\u0026#34;, \u0026#34;https://hosta.domainc.org:8443\u0026#34;, \u0026#34;https://hostb.domaina.net:8443\u0026#34;, \u0026#34;https://hostb.domainb.com:8443\u0026#34;, \u0026#34;https://hostb.domainc.org:8443\u0026#34;, \u0026#34;https://hostc.domaina.net:8443\u0026#34;, \u0026#34;https://hostc.domainb.com:8443\u0026#34;, \u0026#34;https://hostc.domainc.org:8443\u0026#34; ] } Summary With a short, concise and type-safe Python function that can be shipped as part of the role, we solved the original problem. We can produce the solution in a single, rather readable line instead of deeply nesting function calls, or worse, a bunch of templating loops.\nDebugging and testing of the Python function can be done with the full power of our Python tooling, instead of messing with an un-debuggable and untestable DSL.\n","date":"2022-12-12T00:00:00Z","href":"https://blog.koehntopp.info/2022/12/12/ansible-list-crossproduct.html","tags":["lang_en","devops","python"],"title":"Ansible: List Cross-Join"},{"categories":null,"content":"Like everybody else, I have been playing with ChatGPT from OpenAI . Specifically, I wanted to test how it could be used as a coding assistant, and what the limits are in terms of size and complexity.\nCode Generation I have been using the Labyrinths example as a base. My goal was to have ChatGPT write the Labyrinth class for me.\nI did so interactively.\nKris:\nWrite an empty Python class named Labyrinth\nChatGPT:\nclass Labyrinth: pass Kris:\nAdd code to this class to represent a grid as a list of lists of integers, and store the width and the height of the grid in two appropriately name variables. Write a constructor that accepts the width and height as keyword variables defaulting to 10.\nChatGPT:\nclass Labyrinth: def __init__(self, width=10, height=10): self.width = width self.height = height self.grid = [[0 for x in range(width)] for y in range(height)] Kris:\nShow the code with type markup that could be used by mypy.\nChatGPT:\nfrom typing import List class Labyrinth: def __init__(self, width: int = 10, height: int = 10) -\u0026gt; None: self.width: int = width self.height: int = height self.grid: List[List[int]] = [[0 for x in range(width)] for y in range(height)] Kris:\nAdd a method __repr__ to the class returns a representation of the grid for debugging.\nChatGPT:\nfrom typing import List class Labyrinth: def __init__(self, width: int = 10, height: int = 10) -\u0026gt; None: self.width: int = width self.height: int = height self.grid: List[List[int]] = [[0 for x in range(width)] for y in range(height)] def __repr__(self) -\u0026gt; str: return \u0026#39;\\n\u0026#39;.join([\u0026#39;\u0026#39;.join([str(cell) for cell in row]) for row in self.grid]) Kris:\nGiven a type\nPos = NewType(\u0026#34;Pos\u0026#34;, Tuple[int, int]) add a __getitem__ and __setitem__ method to the class. The methods should allow us to use an instance of Labyrinth indexed by a Pos, and that should end up reading or writing the grid element addressed by the Pos.\nChatGPT:\nfrom typing import List, Tuple from types import NewType Pos = NewType(\u0026#34;Pos\u0026#34;, Tuple[int, int]) class Labyrinth: def __init__(self, width: int = 10, height: int = 10) -\u0026gt; None: self.width: int = width self.height: int = height self.grid: List[List[int]] = [[0 for x in range(width)] for y in range(height)] def __getitem__(self, pos: Pos) -\u0026gt; int: x, y = pos return self.grid[x][y] def __setitem__(self, pos: Pos, value: int) -\u0026gt; None: x, y = pos self.grid[x][y] = value def __repr__(self) -\u0026gt; str: return \u0026#39;\\n\u0026#39;.join([\u0026#39;\u0026#39;.join([str(cell) for cell in row]) for row in self.grid]) Kris:\nAdd a predicate position_valid to the class that takes a Pos as a parameter. The predicate is True if the Pos is valid (each coordinate is positive, and smaller than height or width respectively).\nChatGPT:\nfrom typing import List, Tuple from types import NewType Pos = NewType(\u0026#34;Pos\u0026#34;, Tuple[int, int]) class Labyrinth: def __init__(self, width: int = 10, height: int = 10) -\u0026gt; None: self.width: int = width self.height: int = height self.grid: List[List[int]] = [[0 for x in range(width)] for y in range(height)] def position_valid(self, pos: Pos) -\u0026gt; bool: x, y = pos return (0 \u0026lt;= x \u0026lt; self.width) and (0 \u0026lt;= y \u0026lt; self.height) def __getitem__(self, pos: Pos) -\u0026gt; int: x, y = pos return self.grid[x][y] def __setitem__(self, pos: Pos, value: int) -\u0026gt; None: x, y = pos self.grid[x][y] = value def __repr__(self) -\u0026gt; str: return \u0026#39;\\n\u0026#39;.join([\u0026#39;\u0026#39;.join([str(cell) for cell in row]) for row in self.grid]) Kris:\nMake sure that all methods only accept valid Pos values where appropriate.\nChatGPT:\nfrom typing import List, Tuple from types import NewType Pos = NewType(\u0026#34;Pos\u0026#34;, Tuple[int, int]) class Labyrinth: def __init__(self, width: int = 10, height: int = 10) -\u0026gt; None: self.width: int = width self.height: int = height self.grid: List[List[int]] = [[0 for x in range(width)] for y in range(height)] def position_valid(self, pos: Pos) -\u0026gt; bool: x, y = pos return (0 \u0026lt;= x \u0026lt; self.width) and (0 \u0026lt;= y \u0026lt; self.height) def __getitem__(self, pos: Pos) -\u0026gt; int: if not self.position_valid(pos): raise IndexError(\u0026#34;Invalid position\u0026#34;) x, y = pos return self.grid[x][y] def __setitem__(self, pos: Pos, value: int) -\u0026gt; None: if not self.position_valid(pos): raise IndexError(\u0026#34;Invalid position\u0026#34;) x, y = pos self.grid[x][y] = value def __repr__(self) -\u0026gt; str: return \u0026#39;\\n\u0026#39;.join([\u0026#39;\u0026#39;.join([str(cell) for cell in row]) for row in self.grid]) I was then trying to add cardinal directions as a type, and a predicate to make sure a given Direction d is valid, but this is where I lost it.\nAccording to the documentation, ChatGPT has a working memory of about \u0026ldquo;4000 Tokens\u0026rdquo; (3000 Words). It seems as if the code above is about the limit of what it can keep in \u0026ldquo;mind\u0026rdquo; at any given point in time.\n1000 Tokens cost around 2 ct with the Davinci model, so the above code is worth around 10 ct to 20 ct, or something, with all the iterations.\nChatGPT definitively allows a person with domain knowledge and a basic understanding of how algorithms work to write code in a language they do not understand. The amount of context that can be held active is limited.\nCode Analysis Conversely, if you paste the full source of the labyrinth.py file into ChatGPT and ask it what it does, this is the analysis:\nThe code defines a Labyrinth class that represents a grid-based maze. The maze is stored as a List of Lists of ints. Passages in the maze are represented by bit flags (i.e., binary numbers): N=1, E=2, S=4, and W=8. When a particular bit is set, it indicates that there is a passage from the current cell into the direction indicated by that bit.\nThe Labyrinth class provides several methods for working with the maze, such as carve() for carving out passages in the maze, position_valid() for checking if a given position is valid within the bounds of the maze, direction_valid() for checking if a given direction is valid, and random_directions() for generating a list of random directions.\nAdditionally, the Labyrinth class uses the typing module to specify the types of its attributes and parameters, which can make the code easier to read and understand. For example, the width attribute is defined as having type int, and the carve() method has a parameter named show with type Any, indicating that it can accept any type of value for that parameter.\nThat is a fair analysis, and as good as it gets from glancing at the source of a single module.\nNow, I am adding backtracking.py to the mix, but sans comments, and ask it what happens.\nKris:\nIf you supply the following class as a carver to the Labyrinth class, what does this code do?\nfrom typing import Optional, Any from src.labyrinth import Labyrinth, Pos class Backtracking: def carve(self, lab: Labyrinth, pos: Optional[Pos] = None, show: Any = None): if not pos: pos = Pos((0, 0)) directions = lab.random_directions() for d in directions: try: np = lab.step(pos, d) except ValueError: continue if show: show(lab, red=pos, green=np) if lab[np] == 0: lab.make_passage(pos, d) lab.carve(np, show=show) ChatGPT:\nThe Backtracking class defines a carve() method that uses a backtracking algorithm to generate a maze in a given Labyrinth object. The method takes a lab parameter which is an instance of the Labyrinth class, a pos parameter which specifies the current position in the maze, and an optional show parameter that can be used to display the maze as it is being generated.\nAnd again, this is a correct analysis of the code, in the context of the larger Labyrinth class above.\nContinuing the code interview Kris:\nDoes Python have a recursion depth limit?\nChatGPT:\nYes, Python has a default recursion depth limit. This means that when a function calls itself recursively, the number of times it can do so is limited. The default recursion depth limit in Python is typically around 1000 calls, but it can vary depending on the specific implementation and platform. If a function exceeds the recursion depth limit, a RecursionError will be raised.\nIt is possible to change the recursion depth limit in Python by using the sys.setrecursionlimit() function. For example, the following code sets the recursion depth limit to 2000:\nimport sys sys.setrecursionlimit(2000) ChatGPT has knowledge of the fact that Python has a recursion depth limit, the default value and how to change it.\nLet it apply this information to the example:\nKris:\nGiven this information, what is the longest path the Backtracking class above can produce?\nChatGPT:\nThe length of the longest path that the Backtracking class can produce is limited by the default recursion depth limit in Python. As mentioned previously, the default recursion depth limit is typically around 1000 calls, but it can vary depending on the specific implementation and platform.\nIn the case of the Backtracking class, the carve() method calls itself recursively to generate the maze. Therefore, the longest path that the Backtracking class can produce is limited to the default recursion depth limit in Python.\nThat is correct. The system correctly identified the fact the method calls itself, and how and why it does this. It then deduces that this is subject to the above limitation, and what the consequence is.\nIf the carve() method is called with a starting position that is more than 1000 steps away from the end of the maze, it will exceed the recursion depth limit and raise a RecursionError.\nThat is arguably correct, and in a real coding interview would be an invitation to do some hairsplitting, but in general it is not wrong.\nSummary ChatGPT works very well, if you use it as a way to augment the facilities of a human, that guides it with a purpose and additional domain knowledge. It seems to be limited in constructive tasks. I was not able to get beyond the code generation barrier above.\nThe opposite direction, in which we have it analyze an existing piece of code and interrogate it about its properties works a lot better.\nIn a real coding interview, on the analytics side this is good enough to pass at least at the lower levels. On the constructive side, it is more complicated.\n","date":"2022-12-11T00:00:00Z","href":"https://blog.koehntopp.info/2022/12/11/chatgpt-and-limits.html","tags":["lang_en","security"],"title":"ChatGPT and Limits"},{"categories":null,"content":"Multi-Factor Authentication (Identifikation mit mehreren Faktoren) oder 2FA (Two-Factor-Authentication) sind ein Weg, einen Account vor der Übernahme durch Dritte zu schützen.\nStatt sich mit Usernamen und Passwort anzumelden ist zusätzlich noch eine wechselnde Pseudozufallszahl notwendig. Diese wird von einem Seed-Wert generiert, der durch eine Buchstabenfolge oder einen QR-Code repräsentiert wird.\nAuthenticator Anwendung installieren Das Verfahren ist standardisiert und wird von vielen Tools unterstützt. Dazu gehören Google Authenticator, Bitwarden und viele andere Passwortmanager.\nUm mit MFA zu arbeiten, sollte man entweder einen Passwortmanager installiert haben, der auch MFA verwalten kann, oder sich eine 2FA Anwendung installieren. Populäre Passwortmanager sind etwa Bitwarden, 1Password oder LastPass. Populäre 2FA-Anwendungen sind Google Authenticator, der Authenticator von Microsoft, Twilio Authy oder Aegis.\nAuch auf der Kommandozeile kann man 2FA Codes generieren, aber das ist eher für komische Spielereien wichtig. Auf jeden Fall implementiert auch oath-toolkit die üblichen Verfahren zur Generierung dieser Codes.\n2FA aktivieren in Mastodon Um MFA zu aktivieren, klicke auf \u0026ldquo;Edit Profile\u0026rdquo; im Mastodon Webinterface, und wähle Account Settings -\u0026gt; Two Factor Auth.\nAuf Edit Profile klicken, um in die Benutzerkonfiguration zu kommen.\nIm Menü in der Seitenleiste erst auf \u0026ldquo;Account Settings\u0026rdquo;, und dann auf \u0026ldquo;Two-factor Auth\u0026rdquo; klicken.\nEs erscheint das 2FA Setup. Man kann gefahrlos durch den ganzen Prozess laufen, ohne die Konfiguration zu verändern. Erst, wenn man den ersten Sechs-Zahlen-Code erfolgreich eingegeben hat, wird 2FA für dieses Login aktiviert.\nEs kommt dieser Screen, eventuell nach nochmaliger Aufforderung, das Passwort einzugeben.\nDer gezeigte QR-Code kann mit einer Authenticator-Anwendung gescannt werden. Er enthält nichts anderes als die daneben angezeigte Seed-Folge. Diese wiederum kann man auch direkt in Anwendungen wie Bitwarden kopieren.\nKlickt man auf Set Up, bekommt man einen QR-Code zum Scannen in der Google Authenticator App, oder den Seed-String als Text (etwa für Bitwarden).\nMan sollte auf jeden Fall einen Screenshot vom QR-Code oder eine Kopie des Seed machen, und diese an einem sicheren Ort archivieren. Ich habe einen USB-Stick für solche Dinge. Damit kann man bei Verlust von Telefon oder Rechner dennoch an seine Accounts kommen, denn man kann den QR-Code so oft scannen wie man will, und auf so vielen Geräten scannen wie man will.\nIn der Regel ist es bei Problemen einfacher, die archivierten QR-Codes neu zu scannen, als durch den Account Recovery Workflow eines mit 2FA geschützten Accounts zu laufen. Das ist dann auch einheitlich, Account Recovery ist je nach Anbieter unterschiedlich.\nDer Seed-Code wird in diesem Beispiel in Bitwarden eingetragen. Bitwarden wird mit dem Code und der aktuellen Zeit in die Lage versetzt, den jeweils geltenden Code zu erzeugen und anzuzeigen.\nVerwendet man eine Authenticator-App (oder hat einfach ein aktuelles iPhone), kann man auch einfach den QR-Code mit der App (oder der normalen iPhone Scanfunktion) scannen und ein Eintrag wird erzeugt. Entweder in der Authenticator-App, wenn man diese verwendet, oder im Passwortspeicher des iPhone, wenn man direkt mit dem Telefon scannt.\nDen generierten Code ausprobieren Nachdem man den QR-Code mit einem Authenticator gescannt hat, oder man den Seed-String in den Passwortmanager kopiert hat, wird einem dort eine Zahl angezeigt. Sie hat 6 Stellen und wechselt alle 30 Sekunden. Sie ist aber oft ein wenig länger gültig: Viele Implementierungen nehmen die vorhergehende und die nachfolgende Zahl auch noch an.\nNach dem Abspeichern des Seeds in Bitwarden wird eine laufend wechselnde Zahl angezeigt. Diese kann man in das Testfeld \u0026ldquo;Two-factor code\u0026rdquo; übertragen und beweist so, daß das Setup korrekt ist. Erst nach dem Klicken auf den großen \u0026ldquo;Enable\u0026rdquo;-Knopf wird 2FA aktiviert. Hier kann man also noch abbrechen.\nDie Zahl basiert auf einem Pseudo-Zufallszahlengenerator: Basierend auf dem Startwert (dem Seed-Wert von da oben) und der aktuellen Zeit wird ein Code generiert. Der Code ist immer derselbe, vorausgesetzt man kennt den Seed und hat eine genau gehende Uhr. Sowohl der Mastodon-Server als auch die Authenticator-Anwendung kennen diese Daten und generieren den Code, und zwar bei übereinstimmenden Werten denselben Code.\nZur Aktivierung muss man den aktuellen Zahlencode in das Feld unter dem QR-Code eintragen. Dies beweist, daß man eine Authenticator-App hat und sie korrekt konfiguriert ist. Erst dann wird 2FA wirklich aktiviert.\nDies ist der \u0026ldquo;Point of no Return\u0026rdquo; (stimmt nicht: Man kann 2FA auch wieder deaktivieren).\nAccount Recovery Codes Mastdon generiert dann noch einen Satz Account Recovery Codes. Wenn man den QR-Code archiviert hat, braucht man die nie. Stattdessen wäre es viel einfacher, den archivierten QR-Code neu einzuscannen.\nEs kann aber nicht schaden, diese zu kopieren und auch zu archivieren. Etwa in Bitwarden und auf dem o.a. USB-Stick mit dem QR-Code. Oder auf einem Papierfetzen, den man unter die Schreibtisch-Schublade klebt.\nDiese Recovery-Codes werden niemals gebraucht, wenn man stattdessen den Seed-Text oder den QR-Code archiviert. Mit dem kann man sich jederzeit ein neues Authenticator-Gerät aufsetzen, indem man den Code neu scannt. Dennoch kann es nützlich sein, auch die Recovery-Codes zu archivieren.\nWieso 2FA, wenn ich doch einzigartige Passworte verwende? \u0026ldquo;Aber Kris, ich verwende doch sowieso auf jedem Account einzigartige Passworte. Warum sollte ich mich mit 2FA rumnerven?\u0026rdquo;\nHier eine Geschichte aus dem echten Leben: Discord Nitro Spam and 2FA 2FA erlaubt es in vielen Fällen, einen Account zu retten, auch wenn er ganz oder in Teilen durch einen Unfall übernommen wird. 2FA, OAuth2 und \u0026ldquo;scoped Tokens\u0026rdquo; retten Euren Arsch auch dann, wenn ihr schon gehackt oder gecybert worden seid. Sie machen solche Unfälle oft reversibel.\nCloud oder nicht cloud? Es gibt 2FA Speicher, die 2FA Codes in der Cloud sichern und an die eigene Telefonnummer binden.\nGoogle Authenticator und Aegis gehören nicht dazu, die Daten werden ausdrücklich lokal gespeichert und die Anwendung beansprucht keine Rechte, und funktioniert offline. Code-Transfer erfolgt mit QR-Codes.\nTwilio Authy fragt bei der Einrichtung nach einer Telefonnummer, sendet dieser dann eine Kennung zu und verbindet den Passwortspeicher mit der Telefonnummer. Auch bei Wechsel zwischen Android und iPhone (oder hier MacOS) bleiben die 2FA Secrets erhalten.\nTwilio Authenticator und Microsoft Authenticator sichern Codes in der Cloud.\nBei Apples Systemspeicher für Passworte hängt es davon ab, ob man Passworte in der iCloud synchronisiert oder nicht.\n2FA nicht nur für Mastodon Viele Passwortmanager haben die Option, Reports und Account-Audits zu generieren. Oft wird eine Funktion angeboten, die alle möglichen, aber nicht genutzten 2FA-Möglichkeiten listet. Diese Liste kann man durchgehen und systematisch für alle Accounts 2FA aktivieren.\nVaultwarden Webanwendung, Passwort-Reports. Hier kann man auf \u0026ldquo;Inactive Two-step Login\u0026rdquo; klicken und eine Liste von Logins bekommen, die man hat und die 2FA haben könnten, aber bei denen in Vaultwarden kein 2FA hinterlegt ist. Die meisten Passwortmanager haben inzwischen solche Reports.\nZusammenfassung Mit Zwei-Faktor-Authentisierung kann man ein Login zusätzlich absichern. Dazu wird beim Login neben dem Passwort auch noch ein wechselnder Code abgefragt, der entweder von einer Authenticator Anwendung oder einem Passwortmanager generiert wird.\nDas ist nützlich, weil so ein verloren gegangenes oder abgefischtes Passwort kein Weltuntergang mehr sind. Im verlinkten Beispielartikel ist so etwa ein kompromittierter Discord-Account wieder gerettet worden.\nEs ist gute Praxis, 2FA auf allen Logins zu aktivieren, bei denen dies angeboten wird. Dies sichert das Login zusätzlich ab, und verhindert Weltuntergang bei Passwortlecks und Phishing.\n","date":"2022-12-10T00:00:00Z","href":"https://blog.koehntopp.info/2022/12/10/2fa-fuer-mastodon.html","tags":["lang_de","security"],"title":"2FA für Mastodon"},{"categories":null,"content":"Change Data Capture is a way to capture, well, events from a system that describe how the data in the system changed. For a system that does business transactions that may be at the lowest level Create, Update, or Delete of entities or relationships. Systems that emit this kind of events are called Entity Services and are kind of the lowest level of events that you can have in such a system.\nIn our sample reservation system from earlier in this blog, we get this schema:\nIn an OLTP database, a reservation is a (resid, userid, thingid, date). It references the user data by userid, and the thing data by thingid.\nand therefore the events are\nCreateUserEvent(user) UpdateUserEvent(user) DeletUserEvents(user) CreateThingEvent(thing) UpdateThingEvent(thing) DeleteThingEvent(thing) CreateReservationEvent(user, thing, date) UpdateReservationEvent(user, thing, date) DeleteReservationEvent(user, thing, date) or maybe a slightly more refined version of that, in which you create actual Getters and Setters for the properties of the entities modified.\nBut in an actual Event Sourcing system, you would write down and name the individual business transactions, and describe their behaviors.\nIn our reservation system, we have users that subscribe or unsubscribe to our reservation service, or update their data. This should be reflected in the names of the methods. We also have operations by users on things, such as a Reservation(), Cancellation(), a Takeout() or a Return() with the appropriate parameters. These events are behavioral, and the behaviors are the business transactions which describe what the business does.\nBut when we are retrofitting CDC onto an existing system, getting behavioral events is often a major refactoring or re-architecting task. So for this article, let\u0026rsquo;s focus on grabbing Entity Events. And because this is the third in a series of articles on data warehouses, on flattening, that is, replacement of identifiers by the values we want exported.\nHow to get Events? In a system designed to generate behavioral business events from the start, you would emit these events directly from the application, and would add the business event identifier also to the transactions in your OLTP system. This way you can make sure each record in the database has a matching business event and vice versa, enabling you to audit the database and the event stream for consistency.\nIn our retrofitted system, this is not possible, because we have neither behavioral business events nor identifiers for these. We still want data, but we grab it from the database.\nIn MySQL, we get row level change data from the Binlog in a moderately well documented and stable format. Binlog is what powers MySQL replication. It is guaranteed to have an upgrade path, but it is not necessarily stable. So if the binlog format changes, and you have critical applications consuming the binlog that are not MySQL replicas, you need to be prepared to make changes to the binlog processors, quickly, in order to be able to upgrade MySQL. This is not a hypothetical scenario: When MySQL introduced Global Transaction IDs and later Binlog compression, a lot of third party binlog consumers broke.\nPackages that consume binlog are for example python-mysql-replication , or Debezium .\nUsing python-mysql-replication, and creating tables for our simple reservation system above, we can run the examples/dump_events.py to see what goes on:\n(venv) $ python examples/dump_events.py ... === QueryEvent === Date: 2022-12-05T16:14:16 Log position: 3282 Event size: 181 Read bytes: 181 Schema: b\u0026#39;kris\u0026#39; Execution time: 0 Query: create table thing (thingid integer not null primary key, name varchar(80), color varchar(20), weight decimal(12,4)) === QueryEvent === Date: 2022-12-05T16:14:32 Log position: 3751 Event size: 161 Read bytes: 161 Schema: b\u0026#39;kris\u0026#39; Execution time: 0 Query: create table user ( userid integer primary key not null, name varchar(80), address varchar(200)) === QueryEvent === Date: 2022-12-05T16:15:15 Log position: 4052 Event size: 199 Read bytes: 199 Schema: b\u0026#39;kris\u0026#39; Execution time: 0 Query: create table reservation(resid integer not null primary key, userid integer not null, thingid integer not null, resdate date not null) For each DDL statement, we get a QueryEvent with some identifiers, the schema name, and the actual Query statement. The Query statement is not normalized, so if we wanted to do more with it than simply passing it on, we would also need a MySQL SQL syntax parser.\nLater on, when loading data, we get RowsEvent instances, and need to modify the script a bit to see the actual row changes. We send SQL:\nmysql\u0026gt; insert into user values (1, \u0026#34;Kris\u0026#34;, \u0026#34;At home\u0026#34;); mysql\u0026gt; insert into thing values (1, \u0026#34;A Fish\u0026#34;, \u0026#34;Colorful\u0026#34;, 10.0); mysql\u0026gt; insert into reservation (1, 1, 1, date(now())); And we get Row Change Events. They might look like this:\n{\u0026#39;action\u0026#39;: \u0026#39;insert\u0026#39;, \u0026#39;address\u0026#39;: \u0026#39;At Home\u0026#39;, \u0026#39;name\u0026#39;: \u0026#39;Kris\u0026#39;, \u0026#39;schema\u0026#39;: \u0026#39;kris\u0026#39;, \u0026#39;table\u0026#39;: \u0026#39;user\u0026#39;, \u0026#39;userid\u0026#39;: 1} {\u0026#39;action\u0026#39;: \u0026#39;insert\u0026#39;, \u0026#39;color\u0026#39;: \u0026#39;Colorful\u0026#39;, \u0026#39;name\u0026#39;: \u0026#39;A Fish\u0026#39;, \u0026#39;schema\u0026#39;: \u0026#39;kris\u0026#39;, \u0026#39;table\u0026#39;: \u0026#39;thing\u0026#39;, \u0026#39;thingid\u0026#39;: 1, \u0026#39;weight\u0026#39;: Decimal(\u0026#39;10.0000\u0026#39;)} {\u0026#39;action\u0026#39;: \u0026#39;insert\u0026#39;, \u0026#39;resdate\u0026#39;: datetime.date(2022, 12, 5), \u0026#39;resid\u0026#39;: 1, \u0026#39;schema\u0026#39;: \u0026#39;kris\u0026#39;, \u0026#39;table\u0026#39;: \u0026#39;reservation\u0026#39;, \u0026#39;thingid\u0026#39;: 1, \u0026#39;userid\u0026#39;: 1} We also would get additional events, but we ignored them \u0026ndash; they would contain the transaction ID, table maps and so on.\nThe problem with this kind of data is obvious: We know that for a proper ETL process we need the attribute values of the things referenced, not the ids pointing to the attributes.\nSo when we receive a row change event on the reservation table, we only have the option of running a back-query to the database to resolve the ids for data. That is, for the userid: 1 from the reservation row change we would have to select * from user where userid = 1 to resolve the username and address.\nBut even that has the potential for a race condition, if a table changes faster than we can back-query. Worse, it also makes your extraction process very fragile, because the moment we change the reservation table in an incompatible way our back-queries would break.\nThe Outbox If we want to decouple this, we need to have the CDC process ignore all the OLTP tables. That is, changes to user, thing and reservation must be ignored.\nInstead, we need to create a table cdc_outbox. We would then modify the application to make changes to the OLTP tables and a flattened, DWH-like write to cdc_outbox in a single transaction. So instead of\nmysql\u0026gt; insert into user values ( ...); we would get\nmysql\u0026gt; start transaction read write; mysql\u0026gt; insert into user values (...); mysql\u0026gt; insert into cdc_outbox values ( ... ); mysql\u0026gt; commit; Doing this inside a single transaction guarantees that we only see outbox writes when there is also a CDC change. The data in the cdc_outbox would already be flattened, and maybe already in some kind of type-agnostic, easily parseable format like JSON.\nWe can then pick up these changes, and only the changes to cdc_outbox and process these. The transactional team can go and make changes to their transactional tables without talking to the analytics team, as long as they make sure to generate correct change records. And we get rid of the back-queries and the potential breakage and race conditions they bring.\n","date":"2022-12-05T00:00:00Z","href":"https://blog.koehntopp.info/2022/12/05/change-data-capture.html","tags":["lang_en","mysql","mysqldev","data warehouse"],"title":"Change Data Capture"},{"categories":null,"content":"Vor ziemlich genau 30 Jahren gab es in Deutschland die Anfangsgründe des Internet , aber es gab auch Netze, die auf anderer, viel älterer Technologie betrieben wurden \u0026ndash; die Mailboxnetze. Das sind dezentrale Netze, bei denen denen lokale Rechner mit Modems ausgestattet wurden, bei denen man anrufen und dann Nachrichten a la Mastodon online lesen konnte. Oder man hatte Software daheim, die bei der Mailbox anrief, die Nachrichten heruntergeladen hat. Dann konnte man offline lesen, Antworten schreiben und ein zweites Mal anrufen. Die Antworten wurden dann gesammelt eingeworfen, und zugestellt.\nWarum Tiernetz? Die Softwarepakete, die das erlaubt haben, hießen in Deutschland\nFidonetz (nach einem Hund), Mausnetz und Zerberus (noch ein Hund) Daher wurden diese Netze gesammelt als \u0026ldquo;Tiernetze\u0026rdquo; bezeichnet. Außerdem gab es noch das auf Unix basierende UUCP mit USENET (Linux war um diese Zeit herum gerade erst geboren).\nDie Mailbox-Software der Tiernetze basierte meistens auf MS-DOS und war nicht mehrbenutzerfähig. Die Netze hatten außerdem oft starke Größenbeschränkungen für Nachrichten. Dagegen konnte USENET im Prinzip Nachrichten ohne Größenhindernisse auf Mehrbenutzersystemen im Hintergrund befördern.\nDie Tiernetze hatten oft auch eine interne Struktur, die es notwendig machte, die dezentralen Systeme zentral in der Vernetzung zu steuern. Das war nötig, um doppelt zugestellte Nachrichten und Kreisroutings zu vermeiden. Maus und Fido waren auf eine starke Netzwerkkoordination angewiesen, USENET nicht. Und bei Zerberus habe ich damals so lange auf //padeluun und seine Entwickler eingeschlagen, bis sie das Licht gesehen haben und elementare Fehler anderer Tiernetze vermieden haben, sodaß die Software wesentlich robuster war.\nFöderationsdramen vor 30 Jahren Föderation war schon damals ein Problem. Im Sommer 1993 zum Beispiel gab es den Versuch einer Machtübernahme in der Fido-Koordination, von der Michael Keukert (Mausnetz) hier berichtet. Frank Simon hat damals ein paar interessante Worte dazu gesagt. Und hier die von Frank Simon publizierte Stellungnahme der Gegenseite . Es tut unglaublich gut, diese Texte (ohne 500 Zeichen Beschränkung!) aus heutiger Sicht noch einmal zu lesen, und so viele Dinge wiederzufinden.\nWas wir hier sehen, ist Fedidrama, 30 Jahre in der Vergangenheit \u0026ndash; es gibt Machtgerangel zwischen Instanzen, die autonom betrieben werden und bei denen die Betreiber unterschiedliche Vorstellungen haben, wie die Dinge zu organisieren sind. Die Diskussion geht nur oberflächlich um andere Dinge als zum Beispiel gerade zwischen octodon.social und social.tchncs.de\nStore and Forward im /CL Ein auf Zerberus basierendes abgetrenntes Netz, \u0026ldquo;Comlink\u0026rdquo; oder \u0026ldquo;/CL\u0026rdquo;, wollte zum Beispiel die Ausbreitung der Nachrichten seiner Benutzer kontrollieren. Es gab also Mailboxen, die neben anderen Zerberus-Gruppen auch die /CL-Gruppen aufliegen hatten und die diese /CL-Inhalte ihrer User untereinander über ein separates Overlay ausgetauscht haben. Das heißt, sie haben sich für die /CL-Inhalte also gegenseitig angerufen. Und es gab eine /CL-Netzkoordination, die meinte, sie könnte die Ausbreitung der Inhalte der Schreiber in /CL kontrollieren.\nRechtlich war das nicht geregelt \u0026ndash; es gab möglicherweise Verträge zwischen dem /CL-Träger und einzelnen Systembetreibern, aber sicher keine Verträge zwischen den Autoren der Artikel und dem /CL-Träger. Und jeder Benutzer hat halt mit seinem Client die Beiträge aus dem /CL zum Lesen runter gesaugt. So auch ich damals, und gleich ein paar Mal von verschiedenen Quellen.\nIch hatte jedoch keine /CL- oder Zerberus-Software am Laufen, sondern ein Gateway nach UUCP/USENET. Weil ich die Daten mehrfach runter gesaugt und den Ursprung anonymisiert hatte, und weil ich sehr oft pro Tag angerufen habe, hatte ich meist den schnellsten und den komplettesten Feed von Artikeln für /CL. Den ich bereitwillig weiter gegeben habe.\nDie /CL-Netzkoordination hatte mir damals gedroht, mich zu deföderieren, aber sie kannte ja meine Quelle nicht. Und die war hochredundant. Außerdem hatte ich die entsprechenden Herkunftsdaten aus den Artikeln gelöscht, sodaß sie nicht an meinen Upstream herankamen. Ich hatte die betreffenden Personen aufgefordert, mich zu verklagen. Das ist aber nie passiert.\nWas passiert ist: Einige /CL-Systeme haben sich meinen Feed geholt, weil er schnell und komplett war. Am Ende meines Studiums habe ich damals den ganzen Gateway- und Mailboxbetrieb aus Gründen recht schnell einstellen müssen. Der Dienst ist dann leider recht plötzlich und unangekündigt weggefallen.\nErstaunlicherweise ist das /CL dann für ein paar Tage ungeplant in einige Teilnetze zerfallen. Offenbar war ich mit meinem Hobbygateway zum zentralen Punkt einer weitgehend undokumentierten Hub- und Spoke Struktur geworden, die Teilnetzblasen ohne sekundäre Verbindung zusammengehalten hat.\nkiel.* und die Koordinationssimulation Ich hatte die Gateway-Sammlung auf meinem lokalen Unix eigentlich gar nicht betrieben, um /CL zu machen. Ich war damals in einem Kieler Internet- und Mailbox-Verein tätig, den es noch heute gibt: toppoint.de \u0026ndash; inzwischen mehr ein Makerspace.\nUnd nachdem das tpki-System aus meiner Wohnung in die Eichhofstraße ausgezogen war, habe ich mit meinen Systemen andere Dinge gemacht. Eine dieser Sachen war die Entwicklung und der Betrieb von Gateway-Software in Mausnetz, Fidonetz und Zerberus. Wir hatten damals auf USENET-Seite eine Reihe von Diskussionsgruppen (heute würde man Hashtags sagen) eingerichtet, die kiel.* als Präfix hatten, und die bereits zwischen zwei rivalisierenden USENET-Organisationen in Kiel ausgetauscht.\nMit den Gateways konnte ich auch mit der KI-Maus, und mit der lokalen Fidonode reden, und auch mit der KBBS von Holger Petersen. Auf diese Weise hatten wir gemeinsame Kieler Diskussionsforen auf allen relevanten Technologien dieser Zeit. In einigen dieser Netze war ich ein \u0026ldquo;Point\u0026rdquo; (eine Micronode mit nur einem User), in anderen eine volle Node mit einem eigenen Nodenamen und vollen Routing.\nIn jedem Fall hat meine Modem-Hardware (später ISDN) einige Dutzend Anrufe pro Tag gemacht, um diese Systeme zu vernetzen. kiel.* war eine komplett anarchische Struktur: Wer eine neue Diskussionsgruppe (einen neuen Hashtag) haben wollte, der hat den einfach eingerichtet. Die meisten Leute haben das nicht getan, sondern erst mal rückgefragt, was die anderen so denken, und erst dann gemacht. Das hat auf der Größe recht gut skaliert.\nDie Tiernetze hat das vor einige mentale Probleme gestellt, denn in Fido und Maus ist so etwas ohne Koordinator undenkbar gewesen. Das war in der Diskussion recht schwierig, weil die nicht gefragt haben, was ist und wie man das lösen könne, sondern gefragt haben, wer denn für kiel.* der Koordinator sei.\nUnd das dann erst einmal zu erklären war zu schwierig. Also hat, wer immer die Frage gesehen hat, behauptet der kiel.* Koordinator zu sein, dann die Frage bekommen und die dann beantwortet.\nDas hat über 15 Jahre oder mehr gut funktioniert. Also für kiel.*. Aber auch für die Tiernetz-Admins, die auf diese Weise die vertrauten Strukturen vorgefunden haben, und mit ihnen arbeiten konnten, ohne daß ihr Weltbild infrage gestellt wurde.\nUSENET ist Vergangenheit Ein Problem bei der Föderation von USENET trat dann später in den deutschsprachigen Gruppen de.* zutage, und am Ende ist USENET dann daran zugrunde gegangen:\nDas Einrichten neuer Gruppen war aus nicht nachvollziehbaren Gründen im USENET ein Riesen-Aufriß mit Diskussion, formalen RfV (Request for Vote), in dem um einen Proposal gerungen wurde und dann einem Voting-Prozess mit Quorum und Mehrheiten. Also, das Einrichten einer Gruppe hat nichts gekostet: Ein Verzeichnis anlegen und gut ist.\nAber eine Gruppe von Admins vom Kaliber \u0026ldquo;deutscher Wikipedia-Pedant\u0026rdquo; davon zu überzeugen, daß die Gruppe notwendig ist, das war teuer. Die meisten Leute haben dann lieber einen Server von Hetzner geholt und ein Web-Board installiert und am Ende waren die Wikipedia-Typen alleine in ihrem Netz. Heute gibt es USENET nicht mehr. Es ist tot, abgeritten zu den Ahnen.\nDas andere Problem, das sich bei USENET gezeigt hat, ist die Tatsache, daß es als föderiertes Netz keine Client-Software gab, die neue, inkompatible Features entwickeln konnte.\nSchon die Benutzung von Umlaufen in Headerzeilen und im Text war Drama. Mein Nick, isotopp, kommt aus dieser Zeit, denn der Umlaut mußte als\n=?iso-8859-1?q?K=F6hntopp?= codiert werden und wessen Client das nicht decodierte, der hat halt Iso-unleserlich-topp gesehen. Ich hatte damals sogar noch ein Türschild, das mir jemand (Lutz Donnerhacke?) anläßlich eines Besuches geschenkt hatte.\nDarauf stand\nKristian K=F6hntopp Noch schlimmer waren multimediale Inhalte in Nachrichten. Dafür mußte der Newsreader-Client halt Mime verstehen und decodieren können und das konnten viele nicht. Also gab es wieder Fedidrama, um die Benutzung von solchen Dingen. Oder halt Webboards. Das ist im Prinzip genau wie mit den XMPP-Clients.\nDie nimmt heute auch keiner mehr, weil es keine zwei Clients bzw auch keine Server und Clients verschiedener Hersteller gibt, die dieselben XEP implementieren (XEP sind XMPP Protokollerweiterungen). Also machen wir jetzt alle Discord und auf der Arbeit Discord für Arme, also Slack. Plus das Spamproblem: Google Jabber (\u0026ldquo;Google Talk\u0026rdquo;) hatte anfangs mit anderen XMPP-Servern föderiert.\nAber dann stellte sich schnell heraus, daß viele dieser XMPP-Server weder echte XMPP-Server waren, noch echte User hatten, sondern nur als Spam-Injektor-Instanzen in Google Talk dienten, um Google User zu phishen.\nAlso hat Google erst Gruppenchats deföderiert um seine User zu schützen und am Ende auch 1:1 Chats abgeschaltet. Und XMPP macht halt keiner mehr. Tot.\nAuslöser dieses Historien-Threads war übrigens das Drama von dem Reply-Guy hier und die Totaleskalation danach, die dazu geführt hat, daß octodon.social social.tchncs.de deförderiert hat.\nIch habe Freunde auf beiden Servern, die jetzt nicht mehr miteinander reden können und die allesamt nach anderen Instanzen suchen.\nInsofern alles wie damals.\n","date":"2022-12-02T00:00:00Z","href":"https://blog.koehntopp.info/2022/12/02/usenet-und-tiernetze.html","tags":["lang_de","usenet","kiel"],"title":"USENET und Tiernetze"},{"categories":null,"content":"Based on what I learned in Systemd Service and Socket Activation and Systemd Service and stdio , we can now have a look at Docker.\nThe code for -H fd://-Handling is here . The file descriptors are coming from activation.Listeners(), and are in the listeners slice. In our case, the part after the fd:// is empty, so lines 83-85 are activated, and the incoming fd\u0026rsquo;s are passed to the Docker proper.\n63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 func listenFD(addr string, tlsConfig *tls.Config) ([]net.Listener, error) { var ( err error listeners []net.Listener ) // socket activation if tlsConfig != nil { listeners, err = activation.TLSListeners(tlsConfig) } else { listeners, err = activation.Listeners() } if err != nil { return nil, err } if len(listeners) == 0 { return nil, errors.New(\u0026#34;no sockets found via socket activation: make sure the service was started by systemd\u0026#34;) } // default to all fds just like unix:// and tcp:// if addr == \u0026#34;\u0026#34; || addr == \u0026#34;*\u0026#34; { return listeners, nil } fdNum, err := strconv.Atoi(addr) if err != nil { return nil, errors.Errorf(\u0026#34;failed to parse systemd fd address: should be a number: %v\u0026#34;, addr) } fdOffset := fdNum - 3 if len(listeners) \u0026lt; fdOffset+1 { return nil, errors.New(\u0026#34;too few socket activated files passed in by systemd\u0026#34;) } if listeners[fdOffset] == nil { return nil, errors.Errorf(\u0026#34;failed to listen on systemd activated file: fd %d\u0026#34;, fdOffset+3) } for i, ls := range listeners { if i == fdOffset || ls == nil { continue } if err := ls.Close(); err != nil { return nil, errors.Wrapf(err, \u0026#34;failed to close systemd activated file: fd %d\u0026#34;, fdOffset+3) } } return []net.Listener{listeners[fdOffset]}, nil } Summary The question that started this Yak shaving session was: \u0026ldquo;How to expose the docker socket of a remote machine over the network?\u0026rdquo; And this appears that the answer to this question is:\ntake the original docker.socket configuration create an override and add a secondary listener socket for tcp://0.0.0.0:2375 So:\n# systemctl edit docker.socket ... # systemctl cat docker.socket # /lib/systemd/system/docker.socket [Unit] Description=Docker Socket for the API [Socket] ListenStream=/var/run/docker.sock SocketMode=0660 SocketUser=root SocketGroup=docker [Install] WantedBy=sockets.target # /etc/systemd/system/docker.socket.d/override.conf [Socket] ListenStream= ListenStream=/run/docker.sock ListenStream=2375 This clears the original ListenStream list, and then adds two entries back.\nThe first change addresses the error message\nListenStream= references a path below legacy directory /var/run/, updating /var/run/docker.sock tcp://0.0.0.0:2375 → /run/docker.sock tcp://0.0.0.0:2375; please update the unit file accordingly. The second one adds a listener to port [::]:2375.\nAnd that will allow me to talk to the Docker server on my development host over the network.\n","date":"2022-11-28T00:00:00Z","href":"https://blog.koehntopp.info/2022/11/28/systemd-and-docker-fd.html","tags":["lang_en","python","devops"],"title":"Systemd and docker -H fd://"},{"categories":null,"content":"After yesterday\u0026rsquo;s article, Arne Blankerts pointed me at a note showing how to install a program using stdio with systemd.\nCode and Unit files The code:\n#! /usr/bin/env python3 import sys if __name__ == \u0026#34;__main__\u0026#34;: while True: line = input().strip() print(f\u0026#34;ECHO: {line}\u0026#34;) if line == \u0026#34;QUIT\u0026#34;: sys.exit(0) The Socket Unit:\n$ systemctl --user cat kris2.socket # /home/kris/.config/systemd/user/kris2.socket [Unit] Description=My second service PartOf=kris2.service [Socket] ListenStream=127.0.0.1:12346 Accept=Yes [Install] WantedBy=sockets.target And the Service Unit, which has to be a template:\n$ systemctl --user cat kris2@.service # /home/kris/.config/systemd/user/kris2@.service [Unit] Description=My second Service After=network.target kris2.socket Requires=kris2.socket [Service] Type=simple ExecStart=/usr/bin/python3 %h/Python/systemd-socketserver/echoserver.py TimeoutStopSec=5 StandardInput=socket StandardOutput=socket StandardError=journal [Install] WantedBy=default.target A template Unit A systemd template starts a new instance of the service for each incoming connection, because nothing in the code of the service is aware of being a network service. Instead stdin and stdout are connected to the network by systemd, and stderr is being directed to journald. The actual service just performs normal stdio.\nSince connections are being accepted by systemd, and then fed into the service using normal stdio, a new instance of the service has to be started for each connection. This is done with a service template, \u0026ldquo;kris2.@service\u0026rdquo;.\nRunning stuff We can enable and start the socket:\n$ systemctl --user enable kris2.socket Created symlink /home/kris/.config/systemd/user/sockets.target.wants/kris2.socket → /home/kris/.config/systemd/user/kris2.socket. $ systemctl --user start kris2.socket $ lsof -i -n -P COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME systemd 327983 kris 28u IPv4 2520788109 0t0 TCP 127.0.0.1:12346 (LISTEN) Since the service is a template, it cannot be started.\n$ systemctl --user enable kris2@.service Failed to enable unit: File default.target: Identifier removed That is also not necessary, because systemd will do that for us on connect:\n$ telnet localhost 12346 Trying 127.0.0.1... Connected to localhost. Escape character is \u0026#39;^]\u0026#39;. I am a test. ECHO: I am a test. QUIT ECHO: QUIT Connection closed by foreign host. While connected, we can see the user systemd instance hanging off the PID 1 systemd, and the family of user-services hanging off the user systemd instance.\nsystemd(1)─┬─ModemManager(2480)─┬─{ModemManager}(2565) … ├─systemd(327983)─┬─(sd-pam)(327984) │ ├─pipewire(327990)───{pipewire}(328047) │ ├─pipewire-media-(327991)───{pipewire-media-}(3280+ │ └─python3(3315905) … Multiple ports We can now modify the socket Unit to provide more than one port.\n$ systemctl --user cat kris2.socket # /home/kris/.config/systemd/user/kris2.socket [Unit] Description=My second service PartOf=kris2.service [Socket] ListenStream=127.0.0.1:12346 ListenStream=127.0.0.1:12347 Accept=Yes [Install] WantedBy=sockets.target And after this, the service will be available on both ports. Since the service\u0026rsquo;s code does not know anything about networking at all, it won\u0026rsquo;t even notice.\nSummary Using template systemd services, and redirecting stdin and stdout, we can create systemd Units that work with programs that are not aware of the fact that they are running connected to the network. This simplifies the code for a service considerably, and also makes it much easier to test the service.\nTemplate Units themselves cannot be enabled or started, which is initially unexpected, but makes a lot of sense once you start to think about it.\n","date":"2022-11-28T00:00:00Z","href":"https://blog.koehntopp.info/2022/11/28/systemd-service-and-stdio.html","tags":["lang_en","python","devops"],"title":"Systemd Service and stdio"},{"categories":null,"content":"In today\u0026rsquo;s Yak Shaving session I needed to understand how to expose the docker socket of a remote machine over the network. You should not do that, it is totally insecure, but I needed to do that to test something.\nSocket Activation I discovered that dockerd is running with -H fd://.\n# ps axuwww | grep docker[d] root 1616732 0.5 0.1 2930892 52168 ? Ssl 15:32 2:25 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock That is happening in the docker.service definition for Docker:\n# systemctl cat docker.service | egrep \u0026#39;(service$|ExecStart)\u0026#39; # /lib/systemd/system/docker.service After=network-online.target firewalld.service containerd.service Wants=containerd.service ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock That is, /lib/systemd/system/docker.service defines activation through the fd:// file descriptor. That descriptor is in turn provided by the docker.socket unit, which looks like this:\nroot@server:~# systemctl cat docker.socket # /lib/systemd/system/docker.socket [Unit] Description=Docker Socket for the API [Socket] ListenStream=/var/run/docker.sock SocketMode=0660 SocketUser=root SocketGroup=docker [Install] WantedBy=sockets.target Both units are in /lib/systemd/system, which means they are OS-provided and should not be directly edited.\nOverriding I could override the service with systemctl edit docker.service, and provide a different ExecStart. Since that is a list, I need to empty it first, and then put a new definition in.\n[Service] ExecStart= ExecStart=/usr/bin/dockerd This starts docker without options, and I could define one or more sockets in /etc/docker/daemon.json. It would also drop systemd socket activation, though.\nThat led me to the question \u0026ldquo;How does one actually write a daemon that cooperates with systemctl socket activation?\u0026rdquo; and also to the question \u0026ldquo;Can I have socket activation listen to more than one port, for example a Unix Domain Socket and a TCP-Socket?\u0026rdquo;\nWriting a Python daemon with socket activation Let\u0026rsquo;s write a simple daemon:\n#! /usr/bin/env python3 from socketserver import TCPServer, StreamRequestHandler import socket import logging class MyDaemon(StreamRequestHandler): def handle(self): logging.info(f\u0026#34;Connection from {self.client_address}.\u0026#34;) self.data = self.rfile.readline().strip() self.data = self.data.decode(\u0026#34;utf-8\u0026#34;) response = str(self.data[::-1]) logging.info(f\u0026#34;Data: {self.data} Response: {response}\u0026#34;) self.wfile.write(response.encode(\u0026#34;utf-8\u0026#34;)) class Server(TCPServer): def __init__(self, server_address, hnd): # call superclass, but bind_and_activate is done by systemd. # If we set that to True, it could run as a standalone program. TCPServer.__init__(self, server_address, hnd, bind_and_activate=False) # take socket passed on from systemd (3, first after stdin, stdout, stderr) self.socket = socket.fromfd(self.3, self.address_family, self.socket_type) if __name__ == \u0026#34;__main__\u0026#34;: logging.basicConfig(level=logging.INFO) HOST, PORT = \u0026#34;127.0.0.1\u0026#34;, 12345 server = Server((HOST, PORT), Handler) server.serve_forever() If we set bind_and_activate= to True, that thing would run from the command line as a standalone server.\n$ ./demoserver.py # now telnet 127.0.0.1 12345 to test Instead, we need to set this up with systemd.\nA service and a socket unit We need to set up a service definition unit. Since we chose a high port number (\u0026gt;1024), we can run it as a user without privileges.\nSystemd is actually running a copy of itself for each logged-in user:\n$ ps axuwww | grep system[d] | grep user kris 327983 0.1 0.0 20144 11948 ? Ss Nov06 31:11 /lib/systemd/systemd --user gdm 2419957 0.1 0.0 18768 10884 ? Ss Nov21 13:03 /lib/systemd/systemd --user So we define a service unit using systemctl --user --full --force kris.service and then do the same for a socket unit:\n$ systemctl --user cat kris.service # /home/kris/.config/systemd/user/kris.service [Unit] Description=Kris Service After=network.target kris.socket Requires=kris.socket [Service] Type=simple ExecStart=/usr/bin/python3 %h/Python/systemd-socketserver/demoserver.py TimeoutStopSec=5 [Install] WantedBy=default.target Our service is declared as having a Requires= relationship to its socket. And because relationships do not define ordering, we also put the sockets into the After= relationship.\nThe service is a simple service, so systemd will simply fork off the defined binary. Ths service definition uses %h, which is replaced by the users home directory. We also define a timeout.\nNow the socket, on which we depend:\n$ systemctl --user cat kris.socket # /home/kris/.config/systemd/user/kris.socket [Unit] Description=Kris Socket PartOf=kris.service [Socket] ListenStream=127.0.0.1:12345 [Install] WantedBy=default.target The PartOf= makes sure the socket is started and stopped together with the server. The ListenStream= is the port systemd will open, bind to and listen on. The socket produced by systemd will them be handed off to us on FD 3.\nStarting the service It is sufficient to work on kris.service to start and stop things, because of the relationships we defined between socket and service.\n$ systemctl --user show kris.service| grep kris ExecStart=... ExecStartEx=... WorkingDirectory=!/home/kris Id=kris.service Names=kris.service Requires=kris.socket basic.target app.slice ConsistsOf=kris.socket After=kris.socket basic.target network.target app.slice TriggeredBy=kris.socket FragmentPath=/home/kris/.config/systemd/user/kris.service The ConsistsOf= here comes from the PartOf= defined in the socket. After running systemctl --user start kris.service we will see the service running using lsof:\n$ lsof -i -n -P COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME systemd 327983 kris 36u IPv4 2390840115 0t0 TCP 127.0.0.1:12345 (LISTEN) python3 1957657 kris 3u IPv4 2390840115 0t0 TCP 127.0.0.1:12345 (LISTEN) python3 1957657 kris 5u IPv4 2390840115 0t0 TCP 127.0.0.1:12345 (LISTEN) Testing the service We can now test:\n$ echo \u0026#34;I am a test\u0026#34; | netcat 127.0.0.1 12345; echo tset a ma I And the log shows:\n$ journalctl --user-unit kris.service| tail -5 Nov 27 23:58:48 server systemd[327983]: Started Kris Service. Nov 27 23:59:59 server python3[1957657]: INFO:root:Connection from (\u0026#39;127.0.0.1\u0026#39;, 57512). Nov 27 23:59:59 server python3[1957657]: INFO:root:Data: I am a test Response: tset a ma I Nov 28 00:00:05 server python3[1957657]: INFO:root:Connection from (\u0026#39;127.0.0.1\u0026#39;, 57528). Nov 28 00:00:05 server python3[1957657]: INFO:root:Data: I am a test Response: tset a ma I Listening on two ports We can now change the socket unit:\n(systemd-socketserver) kris@server:~$ systemctl --user cat kris.socket # /home/kris/.config/systemd/user/kris.socket [Unit] Description=Kris Socket PartOf=kris.service [Socket] ListenStream=127.0.0.1:12345 ListenStream=127.0.0.1:23456 [Install] WantedBy=default.target When we restart the service, this is being reflected in the systemd running, but only partially in the service running:\n$ systemctl --user stop kris.service $ systemctl --user start kris.service $ lsof -i -n -P COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME systemd 327983 kris 35u IPv4 2391279244 0t0 TCP 127.0.0.1:12345 (LISTEN) systemd 327983 kris 37u IPv4 2391279245 0t0 TCP 127.0.0.1:23456 (LISTEN) python3 1961235 kris 3u IPv4 2391279244 0t0 TCP 127.0.0.1:12345 (LISTEN) python3 1961235 kris 4u IPv4 2391279245 0t0 TCP 127.0.0.1:23456 (LISTEN) python3 1961235 kris 6u IPv4 2391279244 0t0 TCP 127.0.0.1:12345 (LISTEN) So we also need to adjust our binds (or, in the case of docker, the daemon.json).\n","date":"2022-11-27T00:00:00Z","href":"https://blog.koehntopp.info/2022/11/27/systemd-service-and-socket-activation.html","tags":["lang_en","python","devops"],"title":"Systemd Service and Socket Activation"},{"categories":null,"content":"Continued from last weeks article on data warehouses.\nAt work, I was tasked with building a capacity model for data center growth. The basic assumption of these things is often that the future behaves similarly to the past, so the future predicted capacity model is somehow an extension of past growth. I needed old server usage data, and was indeed able to find that in one of our systems, called ServerDB.\nServerDB is an in-house Django application that models server ownership, equipment, rack positions, and usage. It drives provisioning of machines, exposing a REST API, and driving an automated installation process, based on requests, availability, redundancy concerns and other factors. It also manages tickets for Data Center Operations Engineers, and interfaces with a number of other, similar systems.\nI did find that ServerDB was keeping a log of all changes to the core server_servers table by the means of a Django save handler, and that it had accumulated six years worth of data. It was in fact the largest table in the system, larger than all other tables together. While that was not the data I needed it was the data I had, and I could make it work.\nFor the future I wanted something more, so I wrote an ETL process that each night would export the entire server fleet, denormalizing the data, and pushing the attributes I wanted to record into a second database, serverdb_dw. I would keep three months worth of daily exports, and expire all weekdays but Mondays after that. This would be leaving me with weekly data for an indefinite timespan.\nAn ETL driver The ETL script is written in Python, and uses Click to handle command line options.\nWe make ourselves a CLI to add commands to:\n@click.group(chain=True) @click.option( \u0026#34;--verbose\u0026#34;, \u0026#34;-v\u0026#34;, default=\u0026#34;WARNING\u0026#34;, type=click.Choice([\u0026#34;DEBUG\u0026#34;, \u0026#34;INFO\u0026#34;, \u0026#34;WARNING\u0026#34;, \u0026#34;ERROR\u0026#34;, \u0026#34;CRITICAL\u0026#34;]), help=\u0026#34;Set the debug level.\u0026#34;, ) def cli(verbose=\u0026#34;WARNING\u0026#34;): \u0026#34;\u0026#34;\u0026#34;Extract data from serverdb2, denormalize it and load it into serverdb_dw, run aggregations. This command runs regularly, extracting a number of attributes about servers from serverdb2, denormalizes the data and loads it into a single table \u0026#39;server_facts\u0026#39; into serverdb_dw. It will then run a number of aggregations on the serverdb_dw table, creating a bunch of tables in serverdb_dw starting with the prefix \u0026#39;server_by_...\u0026#39;. By default, the aggregations are run only on the data from today. Options can be used to process larger chunks of data or all data. This will then take a lot of time. Options can also be used to process only individual aggregations. \\b A regular full run looks like this: ./serverdb_etl.py etl aggregate cube_aggregate \\b To re-aggregate all dimensions: ./serverdb_etl.py aggregate cube_aggregate \u0026#34;\u0026#34;\u0026#34; logger.setLevel(verbose) Making a fact table We can then hook up subcommands to our CLI.\nWe will need a fact table to write data to, so the first subcommand will be \u0026ldquo;etl_init\u0026rdquo;, which will run a CREATE TABLE for us. We collect all our methods in an Etl class, and call our create_table() method:\n@cli.command(\u0026#34;etl_init\u0026#34;) def etl_init(): \u0026#34;\u0026#34;\u0026#34; Create the server_facts table if it does not exist. Safe to use. The will run a CREATE TABLE IF NOT EXISTS statement to create a server_facts table. If a server_facts table exists, a new table will NOT be created, and no data will be lost. If the definition of the server_facts table does not match our table, it will not be changed or repaired. You need to write a manual migration to fix this. \u0026#34;\u0026#34;\u0026#34; run = Etl() run.create_table() And that is basically parametrizing a large CREATE TABLE statement with some config values, and then running it on the target database.\ndef create_table(self): \u0026#34;\u0026#34;\u0026#34; Create the server_facts table, if it does not exist, yet. This method is safe to use: The table will not be created if it already exists. No data is lost. \u0026#34;\u0026#34;\u0026#34; logger.info(\u0026#34;start create_table\u0026#34;) query = self.fact_create_table % self.fact_param logger.debug(\u0026#34;Create Query = %s\u0026#34;, query) write = get_serverdb_dw_connection() cursor = write.cursor() cursor.execute(query) logger.info(\u0026#34;end create_table\u0026#34;) The actual statement is also stored in that Etl class. I have shortened the statement considerably \u0026ndash; we are collecting many items more than listed here. Fact tables are often very wide.\nfact_create_table = \u0026#34;\u0026#34;\u0026#34;CREATE TABLE IF NOT EXISTS %(target_db)s.%(target_table)s ( `id` int(10) unsigned NOT NULL DEFAULT \u0026#39;0\u0026#39;, `report_date` date NOT NULL, `name` varchar(128) NOT NULL DEFAULT \u0026#39;\u0026#39;, `asset_type` varchar(32) NOT NULL DEFAULT \u0026#39;\u0026#39;, `serialnumber` varchar(64) NOT NULL DEFAULT \u0026#39;\u0026#39;, `delivery_date` date NOT NULL, `ip_address` varchar(16) NULL, `mac_address` varchar(17) NULL, `status` varchar(16) NOT NULL DEFAULT \u0026#39;\u0026lt;unknown\u0026gt;\u0026#39;, `site` varchar(4) NOT NULL DEFAULT \u0026#39;\u0026#39;, `region` varchar(25) NOT NULL DEFAULT \u0026#39;\u0026lt;unknown\u0026gt;\u0026#39;, `role_ids` varchar(255) NOT NULL DEFAULT \u0026#39;\u0026#39;, -- `puppet_services` varchar(255) NOT NULL DEFAULT \u0026#39;\u0026#39;, `role_names` varchar(255) NOT NULL DEFAULT \u0026#39;\u0026#39;, `rack` varchar(128) NOT NULL DEFAULT \u0026#39;\u0026#39;, `cpu_count` int(10) NOT NULL DEFAULT -1, -- `memory` decimal(8,3) NOT NULL DEFAULT \u0026#39;0.000\u0026#39;, -- `network_speed` int(11) NOT NULL DEFAULT -1, `manufacturer` varchar(32) NOT NULL DEFAULT \u0026#39;\u0026lt;unknown\u0026gt;\u0026#39;, `model` varchar(32) NOT NULL DEFAULT \u0026#39;\u0026lt;unknown\u0026gt;\u0026#39;, `owner` varchar(20) NOT NULL DEFAULT \u0026#39;\u0026lt;unknown\u0026gt;\u0026#39;, `wou_id` int(10) NOT NULL DEFAULT 0, `wou_name` varchar(80) NOT NULL DEFAULT \u0026#39;\u0026#39;, `created_at` datetime NOT NULL, `last_edit` datetime NOT NULL, PRIMARY KEY (`id`,`report_date`), KEY `name` (`name`), KEY `status` (`status`), KEY `site` (`site`), ) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC \u0026#34;\u0026#34;\u0026#34; Running the ETL Now that we have a table, we can load data into it. For that, we will be going through the classical three phases: Extract, Transform and Load.\n@cli.command(\u0026#34;etl\u0026#34;) def etl(): \u0026#34;\u0026#34;\u0026#34;Extract data from serverdb2, denormalize and load. This subcommand will run a large join on serverdb2, using the serverdb connection, and will then insert the data into the serverdb_dw.server_facts table. The data is materialized and kept in RAM between extract and load phases. \u0026#34;\u0026#34;\u0026#34; run = Etl() run.fact_extract() run.fact_transform() run.fact_load() The Extract Phase The fact extraction is basically one single select that joins against all the tables we need in order to get the data we want. We are fetching the result into a giant list of rows, which we keep in our Etl object in the data slot. Each row is a dict of field names and values. This is going to be using a lot of memory, but we will make do.\ndef fact_extract(self, param=None, query=None): \u0026#34;\u0026#34;\u0026#34; Run the fact_select query on serverdb2, loading the data into memory. The fact_query is being parametrized from self.fact_param. Set logging to debug to see queries. Set logging to info to see execution. \u0026#34;\u0026#34;\u0026#34; logger.info(\u0026#34;start fact_extract\u0026#34;) read = get_serverdb2_connection() rcursor = read.cursor(MySQLdb.cursors.DictCursor) # fetch default values from the class object if param is None: param = self.fact_param if query is None: query = self.fact_select query = query % param logger.debug(\u0026#34;Query = %s\u0026#34;, query) rcursor.execute(query) logger.info(\u0026#34;end fact_extract\u0026#34;) self.data = rcursor.fetchall() Again, we pick up the default SQL from our Etl class, parametrize it and run it. We simply suck all the data into memory and keep it.\nThe query is… ugly, and very long. Again, I shorten it in order to save some space. It gets repetitive anyway.\nServerDB is storing facts about Servers. As a Django Application, it uses Django models, and the database mode is autogenerated from that. The Django Application name is servers, so all tables are prefixed with that.\nServer class objects are stored in the servers_server table, servers is the application prefix, and server the table matching the Django object.\nBut since the Server class is a subclass of RackedAsset, and that in turn is a subclass of Asset, we are getting three tables servers_server, servers_rackedasset and servers_asset, which share a common id. They are being joined together with an inner join, because we are only interested in servers and not in any other assets (such as Switches or Filers).\nThe id of an Asset, a RackedAsset and a Server are the same, since each is a specialization of the previous one: Assets are things we have. RackedAssets also have a position in the data center (and a site). And servers have all the properties associated with a machine, such as a CPU type, memory, and disk space.\nAll rows are uniquely identified by an id, but since later in the data warehouse we will be tracking an id over time, we also need to record the report_date on which we collected the data.\nSome values may be NULL, which will be inconvenient for us. So we will be protecting us with use of COALESCE() a lot: This function goes through its parameters left to right and returns the first Non-NULL value it finds. This allows us to provide a default value for NULLs.\nWe are working with dict cursors across our code, so the columns returned here and the columns we will be using to store data do not need to line up positionally, as long as we provide proper names.\nFinally, this is a monster join. Joining more than ten tables in MySQL will blow up the optimizer, because the number of possible join permutations grows too large. We are getting away with joining far more tables than that in our example, because all of our joins are LEFT JOIN, which are not commutative. That means, the optimizer cannot do anything anyway: The asset/rackedasset/server triple is the driving table, and all other tables are just adjunct to that.\nIn any case, the query gets us the data we want \u0026ndash; all values, no IDs, completely denormalized.\nfact_select = \u0026#34;\u0026#34;\u0026#34;select a.id , date_format(now(), \u0026#34;%%Y-%%m-%%d\u0026#34;) as report_date , a.name as name , coalesce(da.asset_type, \u0026#34;\u0026lt;unknown\u0026gt;\u0026#34;) as asset_type , coalesce(a.status, \u0026#34;\u0026lt;unknown\u0026gt;\u0026#34;) as status , sn.shortname as site , coalesce(concat(sar.shortname, \u0026#34;-\u0026#34;, saz.shortname), \u0026#34;\u0026lt;unknown\u0026gt;\u0026#34;) as region , coalesce(group_concat(distinct r1.id order by r1.id), -1) as role_ids , coalesce(group_concat(distinct r1.puppet_service order by r1.puppet_service), \u0026#34;\u0026#34;) as puppet_services , coalesce(group_concat(distinct r1.name order by r1.name), \u0026#34;\u0026#34;) as role_names , coalesce(t.org_unit_id, -1) as wou_id , coalesce(t.name, \u0026#34;\u0026lt;unknown\u0026gt;\u0026#34;) as wou_name ... a few hundred lines deleted ... -- a server is an asset, rackedasset and server -- and that is why we do JOIN instead of LEFT JOIN here FROM %(source_db)s.servers_asset AS a JOIN %(source_db)s.servers_rackedasset AS ra ON (ra.asset_ptr_id = a.id) JOIN %(source_db)s.servers_server AS s ON (s.rackedasset_ptr_id = a.id) -- unfold asset_type LEFT JOIN %(source_db)s.servers_deliveryasset as da ON (da.asset_id = a.id) -- unfold the site_id, region and az data LEFT JOIN %(source_db)s.servers_site AS sn ON (sn.id = a.site_id) LEFT JOIN %(source_db)s.servers_availabilityzone as saz ON (sn.availability_zone_id = saz.id) LEFT JOIN %(source_db)s.servers_region as sar ON (saz.region_id = sar.id) -- unfold the serverrole_id (many-to-many, hence the group by in the end) LEFT JOIN %(source_db)s.servers_server_role AS sr ON (sr.server_id = a.id) LEFT JOIN %(source_db)s.servers_serverrole AS r1 ON (sr.serverrole_id = r1.id) -- unfold team ownership information LEFT JOIN %(source_db)s.servers_team as t ON (t.id = r1.managed_by) ... about a dozen tables deleted ... %(where_condition)s group by a.id The Transform Phase The data we get from our Extract is not suitable for us without a few corrections and fixes.\nWe do have all the data in memory now, in Etl.data, so we can fix up things by running over that and applying a few filters. Again, this is boring and repetitive cleanup work, so I have simplified things and show just one exemplary phase.\nThe CPU data in our data source is not the way we want it. We apply a cleanup filter, fact_transform_cpu() to it.\ndef fact_transform(self): \u0026#34;\u0026#34;\u0026#34; Transform and amend the loaded data from serverdb. - Fix CPU descriptions. - Extract CPU die counts and thread counts from description. \u0026#34;\u0026#34;\u0026#34; logger.info(\u0026#34;start fact_transform\u0026#34;) # Clean up the CPU data in self.data self.fact_transform_cpu() logger.info(\u0026#34;end fact_transform\u0026#34;) The filter looks like this:\ndef fact_transform_cpu(self): \u0026#34;\u0026#34;\u0026#34; Clean up the broken data from the servers_cpu table manually until serverdb2 fixes it at the source. \u0026#34;\u0026#34;\u0026#34; logger.info(\u0026#34;start fact_transform_cpu\u0026#34;) for row in self.data: row[\u0026#34;cpu_version\u0026#34;] = cpu_cleanup(row[\u0026#34;cpu_version\u0026#34;]) logger.info(\u0026#34;end fact_transform_cpu\u0026#34;) It iterates over the data list and calls a cleanup function for the field cpu_version. We basically drop certain words (we only want types, no marketing names), we drop multiple spaces, and we drop MHz numbers after an \u0026ldquo;@\u0026quot;-sign.\ndef cpu_cleanup(cpu): dropwords = [\u0026#34;intel(r)\u0026#34;, \u0026#34;xeon(r)\u0026#34;, \u0026#34;amd\u0026#34;, \u0026#34;dual-core\u0026#34;, \u0026#34;0\u0026#34;, \u0026#34;virtual\u0026#34;, \u0026#34;cpu\u0026#34;] # Nothing to see here: move on if cpu in [\u0026#34;\u0026lt;unknown\u0026gt;\u0026#34;, \u0026#34;Not Specified\u0026#34;]: return cpu # uniform case, remove extra spaces, speed info cpu = cpu.lower() cpu = re.sub(r\u0026#34; +\u0026#34;, \u0026#34; \u0026#34;, cpu) cpu = re.sub(r\u0026#34; *@ *[0-9.]+.*\u0026#34;, \u0026#34;\u0026#34;, cpu) # drop items we do not care about cpu_fields = cpu.split(\u0026#34; \u0026#34;) cpu = \u0026#34;\u0026#34; for field in cpu_fields: if field not in dropwords: cpu += field + \u0026#34; \u0026#34; # make sure we don\u0026#39;t have strange spacing in the version name # we previously had that cpu = re.sub(r\u0026#34;- +\u0026#34;, \u0026#34;-\u0026#34;, cpu) return cpu Other filters exist for other fields, where we have similar anomalies and annoyances.\nWe might also call out to other data source or databases, and add data from them to our in-memory dataset. For example, we could call out to Puppet, to collect Puppet Facts collected from \u0026ldquo;inside\u0026rdquo; the running machine. Or we could call to our Network Equipment Management System, Nemo, to collect data about machines from a Switch PoV.\nThe Load Phase Now that we have a clean dataset in memory we can write it out into our server_facts table in the data warehouse. We do that using REPLACE statements, which will allow us to run the ETL process multiple times per day. Newer runs will simply overwrite older runs, by primary key ((id, report_date))\nOriginally, we wrote out the data in a single connection, but that created many problems:\nThe large write created replication delay. The large write exceeded the maximum transaction size for compressed binlog (1 GB). The large write exceeded the maximum transaction size for group replication primaries. So we now run our write query with an executemany_in_batched(), which makes multiple smaller writes. It also checks replication, and waits with the execution of the next transaction until the previous one has finished replicating.\ndef fact_load(self, param=None): \u0026#34;\u0026#34;\u0026#34; Take the data and load it into the target table in the target database, using replace-statements. The use of replace-statements makes the data load idempotent on a single day. The query is being parametrized using self.fact_param. \u0026#34;\u0026#34;\u0026#34; logger.info(\u0026#34;start fact_load %s rows.\u0026#34;, str(len(self.data))) write = get_serverdb_dw_connection() replica = get_serverdb_dw_replica_connection() # get one load-balanced random replica of many # getting some default parameters if param is None: param = self.fact_param # we are only interested into the keys here, for query building firstrow = self.data[0] # replace into serverdb_dw.server_facts set col1 = %(col1)s, ... query = \u0026#34;replace into %(target_db)s.%(target_table)s set \u0026#34; % param query += \u0026#34;, \u0026#34;.join(f\u0026#34;{k} = %({k})s\u0026#34; for k in list(firstrow.keys())) logger.debug(\u0026#34;Query = %s\u0026#34;, query) executemany_in_batches(write, replica, query, self.data) self.data = [] logger.info(\u0026#34;end fact_load\u0026#34;) The executemany_in_batches() looks like this:\ndef executemany_in_batches(write, replica, query, data, *, batch_size=1000): wcursor = write.cursor(MySQLdb.cursors.DictCursor) rcursor = replica.cursor(MySQLdb.cursors.DictCursor) # It\u0026#39;s nonfatal for the SET SESSION command to fail # It means there were multiple batches executed within the same # script invocation and a previous one still has an ongoing transaction with contextlib.suppress(MySQLdb._exceptions.OperationalError): wcursor.execute(\u0026#34;SET SESSION session_track_gtids=OWN_GTID\u0026#34;) for n in range(0, len(data), batch_size): wcursor.executemany(query, data[n : n + batch_size]) write.commit() wcursor.execute(\u0026#34;SELECT @@GLOBAL.GTID_EXECUTED as gtid\u0026#34;) gtid = wcursor.fetchone()[\u0026#34;gtid\u0026#34;] rcursor.execute(\u0026#34;SELECT WAIT_FOR_EXECUTED_GTID_SET(%s, 10)\u0026#34;, (gtid,)) This will push batch_size many rows at once into the database, commit, and wait for the replication to acknowledge the arrival in the replica.\nRunning Aggregations After loading the data into the database, we update a bunch of aggregations. We count machines per Puppet class, per Data Center, and per Vendor and Type. We do keep these counts per report_date.\nThat also means we can add to existing aggregations and need to run sums only for the current day. This is much faster than regenerating data for the entire collection every day, and past numbers also do not change.\nData size Our server_facts table is very wide, the values shown here are simplified and the table shortened. We do not yet compress strings with lookup tables, so each server name is repeated for each day over the lifetime of the server. A CPU or Vendor name is also repeated, and much more often.\nAssuming 100.000 machines and one KB of data per machine, we end up with 100 MB of data per day retained. 90 days are kept at full resolution, for 9 GB of data. Additionally, another 100 MB per week is retained, for 5.2 GB of data per year, or an additional 26 GB in five years.\nA 35 GB database is not large, and can be kept in memory easily on most database server machines. So we do not actually have a \u0026ldquo;big data\u0026rdquo; problem here, but we do have a valuable collection of server data that enables us to\ndocument server use by team, model refresh projects by predicting server retirement dates, analyze per team/use-case fleet growth over time, make predictions and model fleet growth for the coming year, planning procurement and capex, and collect aggregate power consumption and compare it to metered and predicted power consumption at the rack, row and room level. This enables a number of planning use-cases and gives visibility for the data center team.\nIt also makes a nice model use-case to explain data warehouses and how to transform transactional data into business intelligence data.\n","date":"2022-11-20T00:00:00Z","href":"https://blog.koehntopp.info/2022/11/20/etl-from-a-django-model.html","tags":["lang_en","mysql","mysqldev","data warehouse"],"title":"ETL from a Django Model"},{"categories":null,"content":" A sample system When you have an Online Transactional Database, you have to record transactions at some point in time. That means you get a table with time dimension in your OLTP system. Consider for example a system that records Reservations. Users exist and can reserve Things to use, for a day.\nYou probably get a structure such as this:\nIn an OLTP database, a reservation is a (resid, userid, thingid, date). It references the user data by userid, and the thing data by thingid.\nThis assumes we have unique complete representations of a user and a thing, and we always want to reference the most current version of each of them. It also assumes that the reservation is transient. Maybe we add additional fields, or pointers to other tables to track state changes: A user can show up and get their thing, then work with it. When they give it back, we record the fact, and make sure the thing is checked to be okay after use.\nFixed sized OLTP systems Finally, the transaction is closed, and in an OLTP system we are then well advised to forget about it. To model that, we should add for example a state field that tracks this, and maybe fields to link to complaints or damages, if applicable.\nThat is, we want the OLTP system to be largely fixed in size, given unchanging outside parameters. Or in other words, for the same number of things and users, we want the size of the OLTP system to be largely constant over time.\nIf we did not forget about Reservations after their completion, we would have a table with a time dimension, but with an incomplete data lifecycle management. The reservation table would grow over time, without an upper bound, eventually becoming the largest object in our system. Most of the transactions recorded would be in the past, done and dead.\nThis will make our customer facing system large, slow, hard to back up and hard to change. Most people do not want that, but they also want records of transactions past. So instead of deleting old reservation entries, they Extract them, and push them elsewhere.\nThis keeps the customer facing system nice and clean, and pushes data to another system, with different performance and availability requirements, and different data structures.\nChanging values Most OLTP systems that make sales are well advised to keep current values of the data, if at all possible. It is cheap and easy to ask for the price of a product in a table with exactly one entry per product, the current price:\n-- CREATE TABLE product ( -- product_id SERIAL, -- name VARCHAR(255), -- price DECIMAL(12,4) -- ) \u0026gt; SELECT price FROM product WHERE product_id = 17 If we recorded the price of a product together with a validity interval instead, then all queries become complicated to write, and expensive to execute:\n-- CREATE TABLE product ( -- product_id SERIAL, -- name VARCHAR(255), -- price DECIMAL(12,4), -- valid_from DATE NULL, -- valid_until DATE NULL, -- INDEX (product_id, valid_until) ) \u0026gt; SELECT price FROM product WHERE product_id = 17 AND valid_until IS NULL So if that kind of design can be avoided for the business transactional part of the system, we should not model it.\nThat kind of query is almost always needed for the backend, analytical part of the system, but that is another place, and it should not part of the OLTP system.\nSeparate systems In an OLTP system, we have data in 3NF or something close to it. We have a large number of queries, short running transactions and a lot of data changes. We have a large number of concurrent users, making these changes. We want to design the system so that the working set of it fits into memory If we manage to do that, we do see almost no disk reads, and the number of disk reads is independent of the number of users, or the load of the systems. We cannot avoid the writes, because that\u0026rsquo;s what transactions are.\nWe design the system so that it contains only current data. The size of the system is stable over time. There are no tables that grow over time, without an upper bound. Instead, the system size is a function of the number of entities modelled in each of its entity-representation tables, and by the number of in-flight business transactions.\nIn an analytics systems, we have data in \u0026ldquo;fact\u0026rdquo; tables. These are tables that have \u0026ldquo;time\u0026rdquo; as a component of the primary key, or are even partitioned by time.\nWe have few, long-running queries, that are often scans. They aggregate over a fact table or parts of it. We do not have many data changes. The data changes we see are often imports, which append data to the fact tables.\nETL - Extract, Transform, Load Sometimes data imports are multistage, because the imported data is not in its final form and needs to be cleaned up.\nData gets from the OLTP system to the analytics system, undergoing a distinct three phased process. The process is named after the phased, \u0026ldquo;ETL\u0026rdquo; \u0026ndash; extract, transform, load:\nThe data is extracted from the OLTP system. It is in 3NF, and contains many id\u0026rsquo;s representing functionally dependent values in their respective tables. The data is transformed, resolving the IDs into the functionally dependent value literals. The data is loaded into the analytics system. Often this involves cleanup steps, bringing the data into the form it needs be for the analytics system. An ETL example In My Private Data Warehouse we have an example of such a process, using my bank account statements from a German Sparkasse.\nData arrives from a Sparkasse system in CSV format. In a first step we load the data into a loader table, transactions table. Data is then copied from the loader table into a cleanup table, b, and undergoes a number of changes as part of the cleanup process. Afterwards it could be copied over into a fact table, extending an existing, ever-growing collection of account transactions.\nThis example is also showing data crossing administrative domain boundaries: The Sparkasse is running my account, and it does so in whatever form they want or need. They export data in a documented format, our software contract, but it is not the format I need.\nThe Extract process is downloading that data from the Sparkasse and shipping it to my system.\nThe Transform process has, in part already happened \u0026ndash; there are no IDs for me to resolve.\nThe Load is multistage, I load the data basically as text, and then apply a number of cleanup transformations to it.\nThe Star and the Snowflake In order to do actual analytics with it, I need to turn this into collectible, aggregate-able dimensions. That is, I define categories such as moneysinks and map each remote account name to a category \u0026ndash; basically bins for the aggregation. I am assigning each transaction to such a category, and then aggregate daily, weekly or monthly spend per category \u0026ndash; this is a report.\nWhile the normal form of an OLTP database is the 3NF or something close to it, analytics databases are made up from fact tables. Facts have a date as part of the primary key or are even partitioned by date. For each (id, date) pair we record certain attribute values, and store them literally and denormalized.\n\u0026ldquo;Around\u0026rdquo; each fact table we often have stored, pre-aggregated values, for example \u0026ldquo;daily spend by category\u0026rdquo;, \u0026ldquo;daily spend by spender\u0026rdquo; and so on. Each of these aggregations is called a dimension, and because they group themselves around the fact of which they are aggregates, we call this a Star.\nThe Star Schema is the simple normal form for analytics databases. They are not in 3NF, because 3NF stores the current value of an attribute of an entity, and we reference the only copy of that by id. Instead, we store the literal value of an attribute for a given date as a fact about the thing we are recording, so that we can observe how that value changes over time.\nSometimes, the literal values are rather long strings, and they are repeating quite often. We then, as part of the data load, also perform a string compression with a lookup table. In Encoding fields for great profit I am giving an example of how that works.\nSometimes we aggregate along more than one dimension. If, for example, in our reservations fact table we would record the country of origin for each user, and the color of each thing, we could aggregate \u0026ldquo;daily reservations per country and color\u0026rdquo; to identify conceivable national color preferences. Two-dimensional aggregates can be thought of as specializations of single dimensions, and the resulting pattern looks like a Snowflake, the other, slightly more complicated normal form for analytics databases.\nSummary We try to keep our OLTP systems in 3NF. We also try to keep only current data in them, and we expire business transactions that are no longer active from them. This keeps them small and fast, allowing us to run from memory.\nIf we want to record a transactional history, we do that elsewhere, in an analytics system. Data in analytics system is collected in tables with a time dimension in the primary key, the fact tables, and groups of aggregates around them, forming a Star or Snowflake.\nData flows from the OLTP system to the Analytics system in an ETL workflow. This workflow collects data from the OLTP system (extract), resolves the IDs into the functionally dependent values, and retains the literal values of interest (transform). That data is then loaded into the analytics system, cleaned up, categorized and pre-aggregated (load). Old, retired transactions can then be removed from the OLTP system, keeping it lean and mean.\nETL processes can be batched, once per day, hour or even minute. This is classic offline analytics with data warehouses.\nOr they can be realtime, where a reader tails the log of the database and puts the data onto an event bus such as Kafka or SNS. On the consuming side the data is still being processed, either classically, or with realtime aggregator that executes sliding window queries.\n","date":"2022-11-16T00:00:00Z","href":"https://blog.koehntopp.info/2022/11/16/of-stars-and-snowflakes.html","tags":["lang_en","mysql","mysqldev","data warehouse"],"title":"Of Stars and Snowflakes"},{"categories":null,"content":"Where I work, we run bare-metal databases on non-redundant local storage. That is, a database is a very cheap frontend blade server. It has 2 CPUs, with 8 cores/16 threads each. It contains 128 GB of memory, 2 or 4 TB of local NVME and it has a 10 GBit/s network interface. It costs around 120 to 150 Euro per month to run for 5 years, including purchase price and all datacenter costs.\nIt AWS terms, it is comparable to a EC2 m5.8xl, or better an i3.4xl, but with more CPU.\nData is stored on a local disk, preferably NVME, sometimes SSD, because we still have old hardware.\nThe local disk provides unmatched low latency, at incredibly low overhead (1 TB of data uses 1 TB of physical disk space) and at unmatched power consumption (a NVME drives adds about 10W to an already existing machine).\nThe purchase cost of a NVME drive can be as low as 150-200 Euro/TB for Enterprise grade hardware.\nIs it not risky to run on non-redundant storage? At work, we need to run our databases in replication hierarchies, to provide the required read capacity and to provide read capacity close (in the same AZ) to the clients.\nOur database replication happens in trees, which extend across multiple AZs and backing-technologies. (bare-metal, Openstack, \u0026hellip;). They are marked in different colors. Writes go to the root of the tree on the left. They then replicate within fractions of a second down to the leaves at the right. Each replica provides a full copy of the data in a shared-nothing architecture, for read-scaleout. Applications find read-copies of the data close by, in the AZ they run in, and at the required capacity.\nThe image is a screenshot from Orchestrator, a tool that manages MySQL replication hierarchies. This is showing one particular hierarchy, but they all have this shape.\nWe are using MySQL replication for read-scaleout (and for a few other things, such as backups, as clone sources to make more replicas, for data import to Hadoop, and so on). Using \u0026ldquo;Global Transaction ID based replication\u0026rdquo; (GTID) and Orchestrator, we are leveraging the redundancy required for read-scaleout also to provide high-availability.\nSo how do we survive? If a Primary dies, we detect that. We then automatically promote any Intermediate Replica to a new Primary, rearranging the replication hierarchy as we go. In the end, all Replicas now ultimately dangle from the newly promoted Primary.\nThe GTID-based way of using read-scaleout capacity for high-availability has many advantages. Not only do we get to use local storage, we can also use throwaway frontend blades instead of much more expensive special database hardware as we did in the olden times.\nWe also get intermediate replicas promoted to primaries, which means that these machines have already warmed up caches and are useful immediately after promotion, at normal speed.\nCompare that to the situation of old (many years ago):\nNow cheaper: We needed to have special database machines with special hardware. So we needed to provision machines from a much smaller hardware pool, instead of living inside the big frontend hardware pond. Now more redunancy: We failed over between a single active-passive database pair, instead of being able to promote any replica that has a binlog to a new primary as we do now. Now faster: Also, the previously passive database had an ice-cold cache. Warming up to minimum speed took around 5 minutes, warming up to normal performance took around 20 minutes. That meant, during a switchover database performance was severely impeded for at minimum 5 minutes, and somewhat impeded for 20 minutes. More flexible every day: We were unable to fail between arbitrary machines, and unable to rearrange the replication tree freely, because without GTID-based replication such a thing is doable only manually, and a high risk operation. That last thing is important: ability to freely rearrange the replication tree allows us to speed up many daily operations that otherwise would be subject to many more constraints. Among them are fast version upgrades, moving capacity between pools and many other daily operations that allow us to provide \u0026ldquo;just one more replica than you need\u0026rdquo; in time and without much toil.\nDistributed Storage Local Disk has limits. Mostly, size limits: Our servers come with 2 TB or 4 TB of space. Larger hardware exists, but in limited numbers and it is spoken for by other teams.\nA larger database is often stored on distributed storage. That is, it resides on a Filer, and is attached usually with iSCSI (\u0026ldquo;SCSI protocol over TCP/IP over an Ethernet wire\u0026rdquo;), or sometimes NVME-over-Fabric/TCP (that is, the NVME PCI bus protocol over TCP/IP over an Ethernet wire).\nBecause volumes of distributed storage are made by a Filer by combining large disks to even larger volumes, they can be of almost arbitrary size. So if you need more than can be provided by a Blade with local storage, you need to move to iSCSI storage.\nThis is much like going from an i3 instance with local storage to a m5 instance with EBS, in flexibility, but also in cost: You now need to pay for the Blade and for the storage, in the same way you pay for the instance and the EBS.\nDifferent Latency You are likely also taking a latency hit: While you can hit a local storage at 1/20,000 s access time, with distributed storage there is one or more network hops involved, and worse, a lot of software and storage redundancy overhead at the destination.\nYou can expect more of 1/2,000 s access time than 1/20,000 s, so you are roughly one order of magnitude slower. How much exactly depends a lot on the Filer implementation you are on.\nMore Variance You may also take a jitter hit: The latency of distributed storage is often not only higher, but also more variable. If you are not pushing the limits of what is possible, that is often not an issue, but for some latency-sensitive applications it may well be.\nFiler Storage Overhead Distributed storage also comes with some overhead in the sense that there is storage duplication at the filer end: 1 TB of database will never be 1 TB of disk space, but always more.\nHow much exactly very much depends on the Filer implementation, and on how much additional latency from software trickery you can tolerate. For example, most filers will store data in some kind of RAID, so there will be an overhead of 3x (everything is stored three times in HDFS and Ceph by default), of 2x (a simple RAID-1) or of 1.something (a RAID-5/6/x or Hadoop Erasure Coding).\nSome Filers will, at the cost of additional latency, also offer data compression, or data deduplication.\nFilers are, in essence, just computers with very many hard disks and very good Ethernet interfaces.\nSo you need to add the run-cost of these computers to the run-cost of the drives, amortized over the number of drives per Filer-computer: A Filer with 24 drives per computer has less overhead than a Filer with only 4 drives per computer.\nVolume Lifetime, Volume Mobility, Snapshots A Filer on the other hand offers a number of advantages over Local Storage that are mostly interesting if the amount of data is so large that it takes very long to copy:\nA volume on a Filer is mobile. It can be detached from an instance and attached to another instance. This allows for upgrades of a compute unit (larger, new OS, software upgrade) without having a need to copy around the data. At sizes over 10 TB such a copy operation can take hours or days, but with volume detach/attach no copy is necessary. A volume on a Filer has a lifetime independent of the instance/the compute. This allows not only for the above mentioned upgrades, but also for filer-side operations, such as making a snapshot or a copy of the volume at the filer-side. This is usually much faster than loading the data off the volume, over the network, and pushing it over the network again to another machine. Filer-side operations include snapshotting and cloning, which can be combined in interesting ways to make data available for backups and new instances with a lot less wait than a full copy would take (or allows to make a full copy in the background while the snapshot is already being used). Summary We run our databases on local storage, because it is faster, has more consistent performance, uses less power, is cheaper, and is generally leveraging the flexibility of the large, cheap frontend pool to our advantage.\nThis is safe, because together with Oracle MySQL we developed GTID-based replication, which together with Orchestrator gives us complete flexibility and control over the replication topology, enabling warm and fast switchovers. This is around 20x faster than active/passive replication pairs we used before, and reduced a lot of daily operational toil for the DBA team.\nWe recommend the use of distributed storage for large database sizes, but latency considerations apply.\n","date":"2022-11-09T00:00:00Z","href":"https://blog.koehntopp.info/2022/11/09/databases-on-unraided-storage.html","tags":["lang_en","mysql","mysqldev"],"title":"Databases on un-RAID-ed storage?"},{"categories":null,"content":" A harddisk from 1998.\nThe opening image for this post shows the stock photo of a hard disk platter. You can see a movable arm that can ride in and out of a stack of rotating platters coated with some kind of metal oxide. We sometimes call this kind of storage condescendingly \u0026ldquo;rotating rust\u0026rdquo;, when in reality it is a triumph of material science.\nMoving an arm costs time, and bringing that arm into the right position and then waiting until the right segment of disk rotates underneath it so that we can write things to disk takes time. A lot of time \u0026ndash; around 5 ms or so on a modern disk, 4x longer on the old thing in the image.\nHow much time is \u0026ldquo;5 ms\u0026rdquo;?\nA modern CPU at 3 GHz is running 3 clock cycles per nanosecond, 1/1,000,000,000 (10^-9). \u0026ldquo;5 ms\u0026rdquo; are therefore 15,000,000 clock cycles (15 million clock cycles).\nSince x86_64 is a CISC architecture, getting a fixed \u0026ldquo;clockticks per instructions retired\u0026rdquo; (CPI) value is hard. Documentation and benchmarking with vTune shows variable CPI values between 1 and 2 for some interesting and common use-cases in our environment.\nBecause a single core waiting for a hard disk seek already can block around 10 million executed instructions, \u0026ldquo;not reading data from disk, and if we have to, make it fast\u0026rdquo; was always key to our database design.\nLatency That means, writing to a rotating disk takes around 1/200 of a second, or we can write around 200 random blocks on such a disk. This is called Write Latency.\nThere is also Read Latency, which works the same way, but the other way around. It is often possible to avoid read latency by providing more memory, but when it happens it is worse – writes can often be queued and executed in the background with some compromise on persistence guarantees, but reads often depend on the outcome of previous reads. And that means we have to wait for the first read to complete before we know what to read next.\nTogether, when we just talk about the time it takes from issuing a disk request to its completion, we call both timings Completion Latency, or clat.\nBenchmarking tools will give you a completion time histogram (or clat histo) for a drive, and it looks like this:\nclat percentiles (usec): | 1.00th=[ 53], 5.00th=[ 53], 10.00th=[ 53], 20.00th=[ 53], | 30.00th=[ 53], 40.00th=[ 54], 50.00th=[ 55], 60.00th=[ 55], | 70.00th=[ 59], 80.00th=[ 60], 90.00th=[ 73], 95.00th=[ 75], | 99.00th=[ 91], 99.50th=[ 99], 99.90th=[ 235], 99.95th=[ 433], | 99.99th=[ 2343] fio Benchmark clat histogram from Adventures in Storageland .\nHere we see a Benchmark result from a typical database blade in use at work, a Dell M630 with a PERC controller and a 1.92TB SSD.\nYou can see that the units here are µs, Microseconds (1/1,000,000, a millionth of a second). The 99.5th percentile of all clats is 99µs (100µs are 0.1ms). For the 99.9th percentile, the clat jumps to more than twice that, 0.235ms, and for the 99.95th it\u0026rsquo;s again the double of that, 0.433ms. After than, we get the really bad outliers.\nThat is, we have a storage that performs quite well across the spectrum from 0.05ms to 0.10ms for 99.5% of all requests \u0026ndash; they are actually written to battery buffered (BBU) persistent memory, and then streamed out to the storage medium, which happens to be a SSD.\nThe BBU is what makes this fast, even with HDD, and if the battery ever fails you get a lot worse performance. We monitor these batteries very closely for that reason.\nThis is the performance we get from bare metal, for around 100 Euro/TB and 9W-25W per drive unit.\nWrite Completion Latency comparison between Local Storage (above) and Ceph (below) from Database Workload and Storage .\nThe graph above compares two kinds of storages. We are looking at how long it takes to wait for a write to the medium, and draw a histogram of write times. The X-axis shows write time in µs, the Y-Axis the number of requests with that time. The comparison is between a bare-metal storage with a local disk behind a SmartArray or PERC controller on the top, and Ceph below.\nWe can see that writes to the local storage are quick (0.1ms or less), and that they are also not spread out: The write time is extremely reliable.\nThe Ceph Storage has a median completion time (P50) of 0.9 ms, and a P99 somewhere up slightly under 2 ms. The spectrum of write times is extremely wide, the completion time varies a lot. This makes any guarantees on performance very hard.\nAt the P99 scale Ceph is 20x slower, but on top of that the variance makes it really hard to deliver consistent performance.\nIOPS The word IOPS expands to \u0026ldquo;I/O Operations Per Second\u0026rdquo;. It is not the inverse of Latency. This is discussed at length in Adventures in Storageland . The distinction is extremely important for Flash Storage with NVME interfaces.\nStorage in SSD and NVME drives is made from a lot of storage chips. Writing to each takes a fixed amount of time, but there are many, and they can be used concurrently.\nWriting to a flash chip takes a fixed amount of time, about 1/20,000s to 1/30,000s. That is, each single flash chip in a flash drive can perform 20,000 to 30,000 writes per second. But with the right interface, each of the chips on the drive can do that in parallel to the other chips. So with proper driver soft- and hardware you get a performance that is much higher than 20,000 operations per second.\n\u0026ldquo;SSD\u0026rdquo; puts a SATA interface on the PCI bus, and talks to a flash storage like it did to a hard disk. The protocol serializes requests, so you get 20,000/s, even if the hardware behind the SATA interface could do more. A lot more.\n\u0026ldquo;NVME\u0026rdquo; drops the SATA interface and puts the flash storage directly onto the PCI bus. The protocol now can have many requests in flight concurrently, very many. A single enterprise grade NVME hard drive delivers 800,000 IO operations per second, or 800k IOPS.\nEach single operation will still take 1/20,000s, though.\nThat is, in order to get 800,000 IOPS, you will need to talk in 40 independent streams in parallel to the drive.\nIOPS and Latency are not the same thing.\nLatency measures how long one single operation takes. Single Threaded, that is the number of operations you get, so IOPS and 1/Latency are identical in the single threaded case only.\nThe IOPS metric in the drive catalog is not that number. It is the aggregated parallel number of requests the drive can serve. If you divide IOPS and 1/Latency, you get the degree of parallelism you need to serve in order to actually get all the IOPS the hardware advertises.\nSome workloads do have a high or even unlimited degree of parallelism.\nThe CERN Atlas detector, a measurement device that delivers 10,000s of independent, concurrent metrics streams to a storage. (Image: Cern ).\nImagine you are CERN, and have an array of detectors streaming data from your Synchrotron to some metrics storage. Each metrics flow is linear, and independent of what any other sensor writes. This is an ideal case for a \u0026ldquo;high latency, high IOPS, streaming metrics storage\u0026rdquo; kind of storage. Ceph was developed for this.\nOther workloads are not like this. Online Transaction Processing Databases (OLTP databases) of the kind we run write a stream of transactions. Transactions are independent when they have non-overlapping sets of primary key (write sets, wsets), but if their wsets are overlapping, they have a dependency and order between themselves.\nThe average run length of non-overlapping wsets we call the \u0026ldquo;width of the binlog of that database at that point in time\u0026rdquo;. It is the number of parallel writes inherent to the workload of this database at that point in time.\nWe have measured it, and I have documented that in Parallel Replication .\nIt is important to remember:\nThis is workload dependent, that is, controlled by the application, and not the database. This is extremely highly variable over time. This is a small number, usually not exceeding 3-5 on the average. Because this is not controlled by the database, we cannot make any SLO on it – SLOs can be made by a team only on things the team can influence. Because it is highly variable, and workload dependent, not even an application team can rely on a minimum width.\nAnd because it is usually a small number, Latency of a storage is way more important for any OLTP database than any other performance metric.\nBandwidth Writes to disk have a size. Bandwidth is measured in MB/s, and is calculated as \u0026ldquo;number of writes times the size of the writes\u0026rdquo; or \u0026ldquo;sum of the write sizes per second\u0026rdquo;.\nIn MySQL, a commit is a multiple of 512 bytes, and a checkpoint write is a multiple of the 16 KB page write.\nAt 2500 writes per second (0.4ms write latency) we get 40 MB/s at 16 KB page write size (and hardly more than 1 MB/s for 512 byte commit writes).\nAt 25000 writes per second (0.04ms write latency) we get 400 MB/s at 16 KB page write size, and hardly more than 10 MB/s for 512 byte commit writes.\nThe point of checkpointing is to coalesce updates to the same page, so it is usually a lot less checkpoint writes than commit writes: several updates to different rows on the same page are checkpointed together at a later time, saving write bandwidth.\nOur OLTP databases usually write \u0026ldquo;dozens of MB per second\u0026rdquo; under very high load, and a lot less under normal pressure. Bandwidth is normally not a metric we are much interested in, because about any storage that can deliver a latency we like automatically tends to have the bandwidth we require.\nA very simple benchmark All of this leads to a very simple benchmark. When we want to understand how a storage behaves with MySQL, we run a \u0026ldquo;16 KB random-write, synchronous writes benchmark at a queue depth of 1 with a single thread\u0026rdquo; and look at the clat histogram. We then seek the inflection point, at which percentile does the clat suddenly increase a lot.\nWe can see the \u0026ldquo;normal clat\u0026rdquo;, and with the inverse get the minimum guaranteed transactional rate, \u0026ldquo;commit/s\u0026rdquo;. And we see if there is a sharp inflection point (the Dell Perc clat histogram above), that is, we see if we can expect consistent write performance or variable write performance.\nIdeally, we get a minimal clat that is highly stable until we reach saturation.\nWe can repeat the same with a random-read benchmark, no caching, in order to understand the performance of databases with a working set size larger than available memory.\nActual MySQL performance will be largely described by the results of this benchmark, even if the reality is slightly more nuanced.\nOakgate Workload Analytics shows what a database does with the disk when it is writing (Image from MySQL from Below ).\nThe above graph is the result of a blktrace command recording real world disk write activity to a ramdisk, and then plotting it. The diagram plots block number (LBA, linear block address) over time, that is, we see where on the disk we are writing.\nWe can see the small writes to the database log files every time a commit is made. This is a synchronous write, a multiple of 512 bytes, and the client hangs and waits until this write is finished. Application performance is completely dependent on these writes being fast.\nEvery now and then the database cleans up the log by actually writing data pages back to disk, aggregating many changes that before have been recorded only in log writes. This is called a checkpoint. We can see that a checkpoint consists of a large number of writes to actual data files with addresses all over the disk. These are multiples of 16 KB in size, and they happen asynchronously in the background.\nThe simplified random-write benchmarks takes both requirements, and tests completion latency and minimum bandwidth requirements together. Anything that passes the simplified random-write benchmark automatically performs as well, or better with real world workloads.\nSummary Storage performance is described by three parameters:\nLatency, how long it takes to read or write a thing. IOPS, the aggregated number of reads or writes a storage can do. Exploiting all IOPS often requires a considerable degree of parallelism in many modern storages. Bandwidth, the MB/s that the storage can take or deliver. Online transactional databases sit between the storage and the application. Their job is described by Codd, Gray et all as the ACID principle (1983) . That is, they provide transactional write behavior (atomicity), correctness of data (consistency), transactional read behavior (isolation) and finally correct write behavior (durability).\nThe amount of exploitable parallelism is limited by these rules, the application workload, and storage properties. For optimal performance, they require the lowest latency they can get, a reasonable IOPS budget, and a moderate bandwidth budget. In general, any storage that provides good latency automatically provides sufficient IOPS and Bandwidth.\nLatency is the controlling property of storage for OLTP databases.\nWhat Latency can I expect from various storages? Here are various storages that have successfully run OLTP databases in the past, and now:\nA local HDD without a BBU can be expected to perform in 1/200s or worse. That is why controllers with a BBU have been invented, and that is also why storages made from HDDs of the past are often arrays of very many, very small disks, even if larger disks would have been available. The larger number of spindles allows you to exploit parallelism, the BBU allows the client to move on a lot quicker than 5 ms. Local Storage (SSD, NVME) can be expected to perform in 1/10,000s or better. Some performa a lot better, 1/20,000s to 1/30,000s. The difference between Flash presented as SSD and NVME is mainly in the degree of exploitable parallelism. Distributed storage can be expected to perform in 1/2000s or better. That is, a NetApp filer from 2012 (FC/AL, BBU, many rotating hard disks) usually did take 1/2000s for a write, over the network. Amazon gp2 type EBS is advertised with 1/3000s, with quotas keeping you down (excepting bursts) if your volume is smaller than 5 TB. You want to get out of quota, you buy more space, even if you do not need the space – you need the performance that comes with larger volumes. Amazon io1 type EBS is advertised with 1/10000s or better. This is \u0026ldquo;distributed storage with local cache trickery\u0026rdquo;, a hybrid storage. It is not possible to get this kind of performance from a distributed storage without some local caching. Because local caching trickery with special hardware is required, this is very expensive. ","date":"2022-11-07T00:00:00Z","href":"https://blog.koehntopp.info/2022/11/07/bandwidth-iops-and-latency.html","tags":["lang_en","mysql","mysqldev"],"title":"Bandwidth, IOPS and Latency"},{"categories":null,"content":"Three years ago, I learned that due to SREcon, Charity Majors was in Amsterdam. I set up a meeting between Benjamin Tyler, Yves Orton and a few more colleagues of mine, and her. That is, because apparently in a case of co-evolution, our company internal \u0026ldquo;Events\u0026rdquo; system and Honeycombs observability tooling, modelled after experiencing Fabooks \u0026ldquo;Scuba\u0026rdquo; seemed to be doing a lot of the same things.\nThese days, we are using Honeycomb a lot to record events, and debug code running in distributed systems. But one type of system does not fit into this very well: Databases of all kinds. And I don\u0026rsquo;t understand why, because it would be perfect.\nAbout one year ago, I wrote an article about \u0026ldquo;Tracing a single query with PERFORMANCE_SCHEMA \u0026rdquo;. Why would I want to trace a single query like that?\nI want to get data about query execution out of MySQL, at scale, and push this into Honeycomb.\nHoneycomb, Spans, Traces and Tags Honeycomb is a tool that ingests \u0026ldquo;Spans\u0026rdquo;, time intervals, that can be annotated with arbitrary key-value pairs. Spans do not only have a start and stop time, but also maintain relationships between Callers and Callees as a Tree Structure. A root Span and its children form an execution trace (\u0026ldquo;a trace\u0026rdquo;) of a single call or entity of work in a distributed system.\nA lot of Honeycomb assumes that the values are numbers, but it doesn\u0026rsquo;t have to stop here (and other tooling can read Spans and work with non-numeric data, too).\nSpans nest, and you could look at the execution of your program as an arrow of time on which the spans are arranged.\nA root span at the application level is started in buildAvailabilityQuery(). This called into sqlORM(), which in turn called runSQL() several times. All this is recorded from the application and the application code. We\u0026rsquo;d want to see MySQL execution data in there, as subspans of runSQL().\nFor each span then any number of KV-pairs are recorded, so you could record call parameters, results, or intermediate state.\nHoneycomb allows you to aggregate such data on the fly, in almost real time, so you can ask \u0026ldquo;how many SQL queries is each action running, as a histo\u0026rdquo;.\nYou could also ask \u0026ldquo;What is the aggregated SQL time of each action\u0026rdquo;, over time. You\u0026rsquo;d see that at a certain point in time this time changed in the P95 and above. With their \u0026ldquo;Bubble up\u0026rdquo; functionality you\u0026rsquo;d mark the time interval and the aggregate interval (\u0026quot;\u0026gt; 1.5ms execution time\u0026quot;). Honeycomb would take the marked set vs. the base set (before, and faster), and highlight you all KV pairs that are different.\nYou might see that all slow samples have a specific commit tag associated with them, or you might see that all slow samples have a specific host machine tag or AZ tag associated with them.\nWithout prior knowledge you\u0026rsquo;d see what the root cause for the slowness is.\nApplication level instrumentation Database instrumentation right now does not provide good data that can go into systems such as Honeycomb.\nWith application code, this is all easy.\nimport beeline @beeline.traced(name=\u0026#39;external_api_request\u0026#39;) def external_api_request(request_params): # ... # adding fields here will add it to the active span wrapping # this function beeline.add_context_field(\u0026#34;response_time\u0026#34;, response_time) # ... @beeline.traced(name=\u0026#39;main\u0026#39;) def main(): beeline.add_context({\u0026#34;request_params\u0026#34;: request_params}) # calling this function will create a new span, under the \u0026#34;main\u0026#34; span result, error = external_api_request(request_params) # add more context once we have results beeline.add_context({\u0026#34;result_count\u0026#34;: len(result), \u0026#34;error\u0026#34;: error}) # This will create a span - or if no trace is in progress, will also # start a trace main() # Do not forget to close the beeline to ensure all spans get sent # before the application ends! beeline.close() Example from the Honeycomb Documentation , showing how to instrument Python code.\nEven if you know nothing about Python or Honeycomb, you can understand this.\nThe @beeline.traced() decorator wraps the function after it into the tracing harness, creating a span and maintaining the caller/callee relationships. The beeline.add_context() calls add KV-pairs to the tracing span.\nWhat database integration can look like What we want from a Query: The SQL_TEXT, and the Query Plan that actually ran for that Query. We would also want a list of Page#\u0026rsquo;s requested and Page#\u0026rsquo;s read from disk. Optionally, we would want subspans for each lock and wait, with annotations.\nWhy?\nWe get a Span for each SQL statement, maintaining the Caller/Callee Relationship with the code that sent us the query. Thus, we see the SQL exectution in the context of the ORM that generated the SQL, in the context of the Application Code that called into the ORM.\nEven ungreppable, generated SQL becomes attributable to the location in the source it is coming from. We get to see the ORM\u0026rsquo;s work in the context of the application that used it and the SQL it generated. With timings. Attribution was previously hard to do, but this way it is trivial, because the call tree relationship is explicitly maintained.\nWe also get to see if somebody is running \u0026ldquo;SELECT in a loop\u0026rdquo; instead of using a JOIN (\u0026ldquo;machine gunning pattern\u0026rdquo;). Machine gunning was previously very hard to even detect, and even harder to attribute. Now it is trivial.\nWe get to see the Query plan that ran, in the context of the application code (two spans up) that asked for data, with timings. We get to attribute SQL runtime, and result processing time in the application, easily, because we get to see if the database SQL runtime span fills all of the SQL query processing span, or if there is additional time that is only visible in the application. This could only be result processing that was not marked up properly.\nWe get to see pages requested from disk (before hitting the cache) and actual IO generated (cache misses) for each query. That allows us to see queries that have a good plan, but are slow, and understand why this is. With optional locking and wait information, we\u0026rsquo;d see more of that, for cases where this is not caused by IO but contention.\nAnd, as a side benefit, a page# stream before and after the cache also allows us to determine the working set size of the database (for one query, for a subset of queries or for all queries), and to calculate ideal cache and instance sizes. This makes instance type selection a guided, non-empirical process, but that is another article.\nConclusion None of that exists, but I don\u0026rsquo;t know why. Database tracing is completely ignoring modern observability integration, and things such as PMM or VividCortex are distinct from Honeycomb like systems. Attribution of SQL (when generated) is a mess.\nInformation about the plan of queries that ran is not retained well in MySQL. IO traces around the buffer pool are not even instrumented. They can be done. I routinely do them on production systems at the file system level with blktrace .\nAnd exfil of that data through P_S is just painful. One would want an in-server ring buffer and a Pusher thread that sends this data in a non-blocking way (using localhost UDP?) to a listener, that transforms this into whatever O11y system you\u0026rsquo;d be using.\nSo here I am, with my limited C++, and a 100 GB build partition, trying to build a P_S table that is mostly a stream of BLOBs, into which I try to collect the data I need in a non-crashing way. Once I have that, I can try to build a Pusher that takes data from that pool, trying to ship that to my coprocess, which then takes this and transforms it into whatever Honeycomb wants, injecting Spans into their system.\nThen I will finally be able to debug SQL properly, and in a single place with the code that made that SQL in the first place.\nOther Systems My colleague Willian Stewart pointed me at Vitess, which already does that for the \u0026ldquo;above MySQL\u0026rdquo; part of Vitess:\nThe call tree of a Query to Vitess as it is being handled inside of Vitess, as seen by Jaeger.\nVitess requires you to generate a piece of JSON that contains the necessary IDs to build a call tree:\n{\u0026#34;uber-trace-id\u0026#34;:\u0026#34;{trace-id}:{span-id}:{parent-span-id}:{flags}\u0026#34;} All items of a single trace have the same trace-id. Each span has their own span-id and also states what the parent-span-id is. Additional flags control the annotations generated (\u0026ldquo;what gets traced\u0026rdquo;).\nTo protect the data against accidental interpretation and munging, Vitess wants you to base64 encode the thing and then put it into a /*VT_SPAN_CONTEXT=...*/ pseudo-comment as part of the query to be traced.\n","date":"2022-10-25T00:00:00Z","href":"https://blog.koehntopp.info/2022/10/25/proper-o11y-for-mysql.html","tags":["lang_en","mysql","mysqldev","debug"],"title":"Proper O11y for MySQL"},{"categories":null,"content":"The GitHub Security Lab has a long hard look at \u0026ldquo;Apache Commons Text\u0026rdquo; in March this year. That resulted in CVE-2022-42889 . The exploit goes like this:\nfinal StringSubstitutor interpolator = StringSubstitutor.createInterpolator(); String out = interpolator.replace(\u0026#34;${script:javascript:java.lang.Runtime.getRuntime().exec(\u0026#39;touch /tmp/foo\u0026#39;)}\u0026#34;); System.out.println(out); Next to ${script:...} there are apparently also a ${url:...} and `${dns} as other unsuitable substitutions, and they nest.\nThis was fixed in October 2022, after being reminded by GHSL in May and August.\nIt was introduced in October 2018, in Version 1.5, and only discovered in March this year.\nWhat\u0026rsquo;s wrong with this? The security impact of this new feature is obvious, when discussed. Yet, it was integrated in October 2018, and that apparently did not raise any red flags in a security or merge review. Also, none of the users of the library found anything weird.\nThe package has documentation . String substitution is described in the manpage for that class, StringSubstituror . The \u0026ldquo;fix\u0026rdquo; for the CVS was to disable some substitutors. This is described in StringLookupFactory .\nIt took almost 3.5 years for somebody to look at this and find that to be a security risk.\nAfter reporting the risk, it took Apache 2 reminders and way more than the standard 90 days to react and publish a mitigation.\nThis means\nnonfunctional feature and security impact review for code merges. slow reaction to security issues (CVSS 3.x score: 9.8) Clearly, the security process of the Apache organisation has huge room for improvement.\nIs that a good mitigation? You decide. Among the interpolations that are still enabled by default are\nfileStringLookup , which replaces the ${file:UTF-8:/filename} with the content of a file. propertiesStringLookup , which replaces a value for a key in a properties file. environmentVariableStringLookup , which replaces ${env:USER} with the content of an environment variable. All have the potential, if controlled by an attacker, to read and leak data, and maybe secrets. That is not remote code execution, but probably still arbitrary file read and secrets leak.\nSuch a string interpolation under control of a user is risky at best, but the default configuration is still far from secure, even if the fix improves things.\nNot the first time This situation seems to be a repeat of the log4j exploit from the year before. In the log4j case, the initial find was presented on a conference and dismissed as unimportant. It only escalated after the exploit was used in the wild against Minecraft servers and their associated Discords, and then it quickly escalated to the full scope we observed last year.\nHandling this was imperfect as well, with a series of fixes trying to mitigate the problem, and failing to do so in the first round.\nSo both projects/packages\naccepted contribution of text interpolation without understanding the implications that thing would have bungled the security response process, in various ways (slow response, or no response at all) This points to non-functional processes inside the collection of Apache projects. They are either not executed, or they are not effective, when executed. The meta-question is if the collection of Apache projecs are aware of that, and how they are trying to address this?\nAre there more packages that have this issue? As a developer or organisation that makes software, you sometimes take on external dependencies. You are still being asked to be able to answer questions about the whole product, so you need a way to form an opinion about the state of the dependencies and their dependencies.\nThat starts with an inventory, and some useful scoping. And the mostly liveness, quality and maturity of processes.\nOne evaluation approach One quick evaluation approach is documented here . I\u0026rsquo;d reorder things a bit.\n\u0026ldquo;Is it necessary\u0026rdquo;-Phase: Do we need that dependency? \u0026ldquo;Is it popular\u0026rdquo;-Phase: Who else is using this? \u0026ldquo;Is it maintained\u0026rdquo;-Phase: Do we see commits? Do we understand the code and the commits? \u0026ldquo;Is Security considered\u0026rdquo;-Phase: Check their security response process and the execution \u0026ldquo;Is it supported\u0026rdquo;-Phase: Go check out their presence on various media. How do you reach them? Are they approachable or more on the Hugo/Cyrus spectrum of interaction? Another evaluation approach Another approach is documented here .\nIt is similar, and asks you to\ncheck contributions, and contributors. Read a bit of code. Look at the release history. Are the regular releases? A schedule? The user community. Are they talking to people? How? Longevity. The general ecosystem. I\u0026rsquo;d add some kind of metric around process execution. Check merge reviews, execution of security process and again, approachability and response times.\nAnother, commercial approach Some vendors are starting to approach this, for example this .\nAll in all, this seems to be a largely unsolved problem. Criteria are uneven across various attempts, projects and ecosystems. Some languages or projects seem to have problems even with creating an inventory of dependencies.\n","date":"2022-10-18T00:00:00Z","href":"https://blog.koehntopp.info/2022/10/18/software-supply-chain-issues.html","tags":["lang_en","security","software"],"title":"Software Supply Chain Issues"},{"categories":null,"content":"In a distributed, asynchronous environment, there is a need for distributed, asynchronous interaction. This interaction is often written, but \u0026ldquo;writing\u0026rdquo; these days is actually a media-rich process that includes much more than letters. It also needs to be able to build some structure, and some gateway to level up to more synchronous and even richer communication.\nLet\u0026rsquo;s have a chat about chats, and what properties they have.\nHistorically, chat was lines of text, without much structure. Even today, many geeks often propose IRC when chat solutions are being discussed in a corporate context. That is a very myopic way of thinking.\nThe first chat network I have been using was IRC \u0026ndash; Internet Relay Chat. This has been in the late 80ies or early 90ies, so today I have had an interactive online presence on the upside of 25 years or so.\nLater I got to use ICQ, Jabber, Skype, Hangouts, Facebook Messenger, WhatsApp, Slack and RocketChat, among many others. I also got exposed to a number of collaborative document processing systems with chat-like properties: the now defunct Google Wave (alias Apache Wave, now also mostly defunct), and its heir Google Docs, and a bunch of newer collaborative brainstorming tools from the School of Miro.\nAll these applications and chat systems are different, but they can be evaluated along a number of dimensions to understand chat systems better.\nA screenshot of my chat desktop from 2016. There are many like it, but this is mine.\nLocation and Discoverability One of the most important functions any chat system has to have is enabling the right people to find each other. There are two large classes of chat systems here: One uses groups, and the other uses places.\nGroups are just that: collections of people that talk to each other. You write a message and sent it. It is then visible to all members of the group.\nThe problem with groups is that they are almost impossible to find. They are invitation only. A member of the group must have knowledge of you looking for the group, and then invite you to it. In some messengers this will also form a new group, destroying the messaging history of the older group, in order to protect the privacy of the conversation happening before the new member joined.\nThe Discord chat system allows you to form small scale groups with fixed membership, even without having a \u0026ldquo;Discord Server\u0026rdquo;.\nA better system uses Places (often called Rooms or Channels) instead of Groups. A place is discoverable, you can \u0026ldquo;find\u0026rdquo; it, \u0026ldquo;go\u0026rdquo; to it, and \u0026ldquo;join\u0026rdquo; without being explicitly invited (permission and moderation systems often exist).\nSince Places tend to proliferate, mechanism to group, order, tag and search them often exist. In Discord, for example, Channels can be grouped into Categories, which are then grouped into \u0026ldquo;Servers\u0026rdquo;, the server having an owner, and often a purpose.\nThe Discord chat system, showing the \u0026ldquo;heiseonline\u0026rdquo; discord server, with a channel named #tierbilder (Animal Pictures) selected. Below that, a Category for Sprachkanäle (Voice Channels) is seen.\nHaving Places instead of Groups is crucial for any communication system. It gives you the capability to write instructions that send people somewhere, and enables people to find and go somewhere, gives them agency.\nFacebooks Messenger and Facebook at Work\u0026rsquo;s greatest flaw is their Messenger, which does not have this feature. It relies on Groups, and tries to mitigate that by coupling groups to Facebook \u0026ldquo;Groups\u0026rdquo; (discussion boards), auto-inviting people into the Facebook Group associated chat group. This combines worst practices of several systems into one.\nPlaces can be persistent, they can exist without anyone being in them. Places can also have one or multiple owners, which is the root of that Places\u0026rsquo; permission system and the source of all moderator power for that Place.\nPresence Working asynchronously means that you will not be present in a chat at all times.\nThis is a feature: It allows you to focus, and think straight, cutting deeply into problems. It also allows you to be in another timezone than your communication partners and still contribute meaningfully to a collaborative effort.\nIt poses the problem of your communication partners not knowing your current communication status, and availability. If they are blocked, they might need you, and it would help them to have some expectation of your response times, availability and context.\nAll modern chat systems have a presence mechanism, a semi-automatic status tagline, and the more thoughtfully engineered ones also know your timezone and show it to your peers.\nThe Slack chat system allows users to set a status in the form of an Emoji and a tagline. These are automatically cleared after some preset time, if desired. Slack also understands time zones, and will show you out-of-office times of communication partners, when necessary. Clicking on a user will also reveal their location and local time. On the right hand side, a number of status bubble examples are shown.\nPresence management in chat system often goes hand in hand with logging. Messages sent to you in your absence are logged, and shown to you on reconnect.\nThis is all a giant step forward from IRC, which did not manage presence well, and also did not allow sending messages to disconnected users.\nIn IRC, being offline means not being present: people fall off the channel and what is being said with them being not there is lost to them. That is of course a nuisance, and so people have been using programs such as screen to run an IRC client even when they have been disconnected from their computer.\nIRC\u0026rsquo;s mechanism for presence (here: attention) is somewhat hidden \u0026ndash; the /away command. But not only is the mechanism hidden (it is another command that needs to be learned and used), but the status is somewhat hidden as well. You can\u0026rsquo;t see if somebody is /away unless you look at them with a /whois. Or you learn about the fact that they are /away only after the fact, when you say something to them and get an auto-response with their /away message.\nSome people do not like this, and so they use another mechanism and change their nicknames when they are not there \u0026ndash; \u0026ldquo;Isotopp\u0026rdquo; becomes \u0026ldquo;Isotopp|AFK\u0026rdquo; or similar. This is less structured than /away, and so some people suffix their names, some prefix them and others completely change their nicknames - \u0026ldquo;Isotopp\u0026rdquo; becomes \u0026ldquo;Awaytopp\u0026rdquo;. The lack of facility, discoverable interface and standardization creates variant practice.\nLogging and Multi-Device All modern chat clients have proper presence, even if not always as rich as in Slack. Most also have unified logging. That is, even absent users can receive messages and will see them when coming back.\nMost users in 2022 have multiple devices, and multiple clients. Most users want the entire messaging history, in order, and with all backlog, available on all their devices, so that they can switch between devices without losing context. This usually includes new devices, to facilitate moving to new laptops or cellphones, without losing history.\nThis often clashes with old standards, badly designed security mechanisms and other implementation details.\nA Google Talk log, with OTR encryption, viewed in a different Jabber client. The history is truncated, and OTR encrypted messages are not available in readable form in this client.\nOne extreme point for synchronisation is the Discord chat system, where not only history and messages are kept in sync across all clients, but even preferences are unified: Setting the desktop client to dark mode will also set dark mode on the cellphone application, and vice versa.\nAnother, opposite extreme point is Jabber, which has no common rule for disposition of messages, and by default will send messages only to one client, using either a preference system, the last active client, or \u0026ldquo;all known clients to the server at the point in time the message was sent\u0026rdquo;. A lot depends on server and clients used here, creating an unreliable and hard to control user experience.\nDeliverables - File and Image Sharing In a corporate context, we use the communication mechanism as a vehicle to create and share documents, and have a discussion about the documents we work on collaboratively. Mail was doing this in the past, with Quotes and with Attachments, but that is a very cumbersome, lossy and hard to discover mechanism. Most companies have moved the collaboration process off mail, to a large extent, and towards chat and collaborative document systems such as Google Docs.\nGoogle had taken this one step further with structured chat. The pioneer application for that has been the short-lived Google Wave: Wave allowed a group of people to create things in a kind of chat bubble, only that this bubble could not just hold a line of text, but also other media including rich documents, images, bots or other things that interfaced with the Wave API. Other users could comment on an item in a hierarchic comments-on-comment tree like in a discussion system, or directly edit the original item, incorporating their changes.\nChanges were recorded and were undoable and replayable. This allowed users to view the end result of a Wave, or review the process of building that result after the fact.\nGoogle Wave being used to collaboratively work on a shared document. The Wave contains the final document, but also the process that led to the end result.\nIn a way, Wave could have been a salvation from the hell of corporate email: Waves produce results, documents or agreements. They also record the history of how that result had been reached, and they allow people joining the process late to catch up and review what has happened before on their own terms. No more full quotes, 13 levels deep, and no more dozens of copies of the same Word file, all slightly different, and with diverging side remarks from people somewhere in the organisation, which never made it back into the main document.\nWave failed, though, and for multiple reasons.\nOne of the bigger reasons is that Wave was all mechanism and no purpose \u0026ndash; it could to many things, and offered all of them without stating what Wave itself or the various functions are there for. One could use Wave to manage a world building and game session in a role playing game, as well as replace corporate email, or use it as a rather clunky and over-engineered word processor. So Wave needed explanation and contextualisation - and above all, a purpose, but none was given. Wave died, because it confused users.\nA collaboratively edited document. Multiple watchers are shown as icons at the top of the screen. A chat window is open. Cursors and collaborators edits would be visible simultaneously editing the document in many places while it has been initially created.\nWave\u0026rsquo;s legacy lives on, though. Much of the functionality of Wave is present in Google Docs, including the side chat, collaborative editing, history recording and replay and many other functions. Unlike Wave, Google\u0026rsquo;s shared document editing puts the purpose first, and the collaboration in the background. This is matching people\u0026rsquo;s expectations much better, and is less overwhelming. It does not have to be taught, or manually given purpose. Instead, the purpose is built in, and immediately obvious.\nModern chat systems are kind of the opposite: They put their purpose (communication) first, and the documents ride in the back. This happens either through URLs or through file transfer.\nAll modern chat systems have a working file transfer, which is also aware of media types. That means, not only can you drag and drop files into a 1:1 chat or a channel, but also images or animations, as well as audio files. They are understood, and shown inline.\nTogether with other mechanisms, such as threads, they enable unique workflows that go way past the unstructured ASCII-limited text of IRC. For example, in many workplaces designers use the image capabilities of Slack, together with Slack threads, to share images, mockups and other things and then criticize or approve designs.\nThis is also where not only IRC, but also Jabber falls down. Proper file sharing, inline media content and threading are things that may exist somewhere, in some Jabber extension, but are not generally interoperable or enabled without much configuration across a set of clients. They might as well not exist.\nWe were lucky At the place I work at, we were lucky. By the time Covid pushed people to work from home, we already had replaced mail almost completely. I was down from thousands of mail messages per day on almost one hundred mailing lists to less than a dozen messages, and no mailing lists at all anymore.\nWe have moved to Facebook at Work for non-realtime group communication. Teams were using their Facebook groups to communicate announcements and progress to other teams, and have discussions with them.\nInternally and for support we moved to Slack. This was pushed with considerable force from below, after corporate initially being very fond of Facebook messenger, mostly because it was free and included in Facebook at work.\nUnfortunately FB messenger is utterly broken in many ways, and unsuited for any structured work communication without basically rewriting it from scratch. There are many facets to its fractal brokenness:\nIt has groups, but no places. Groups have limited attendance, and the limit is too small (the old #live Jabber channel was mandatory for all people pushing deployments, and could not be reproduced in FB Messenger). It ate data. Mentioning a filename main.pl would inescapably turn this into a polish hostname main.pl . More often than not, Messenger would detect a malware phishing attempt and prevent you from sending the message. It ate data. Mentioning URLs with array parameters (\u0026ldquo;https://example.com/bla?a=1\u0026a=2\u0026a=3\" ) would make it parse the URL, representing the keys in a hash, and dropping the repeated keys, breaking the URL. It could not handle files, code formatting and many other things well. It could not do threads, which are a necessity in high volume support channels. In the end, corp was forced to also purchase Slack on top of FB at Work, to prevent a more or less open revolt.\nWe had been using Google Drive and Google Office, as well, across the company, and the collaborative features in it were well understood and used.\nThe heterogeneity of all of this posed to be not a problem, somewhat surprisingly. In fact, in many cases, the mix-and-match approach enabled us to be flexible, and work around many tools limitations, and also to expand and integrate other things easily. Other applications (e.g. Miro, but also many others) have since been added for many users, who have other, more specialized needs and requirements.\nWe also used to use BlueJeans, before the pandemic, and mostly from meeting room installations with dedicated hardware. During Covid, Zoom became popular, and offered a richer and much better set of clients, especially on mobile devices (Laptops, Tablets, Cellphones), so we switched vendors here.\nThe key learnings are:\nWe already had tooling for Remote First, but had hardly any need to use them properly. We were hardly using Email with all its glorious brokenness anymore. By happy accident, the core tools (FB at Work, Slack) had Places, not Groups, as a core metaphor, and people structured their work around these places. Collaborative document editing and a rich, structured chat complement each other well. But since Facebook and Google both are unable to make such a thing, we have yet another vendor integrated. This turned out to be an actual advantage. Our key deficits have not been discussed at length here, but are related:\nGoogle Office documents have very bad discoverability and Google Office has no places. Corollary: A process is needed and needs to be manually executed to move content from the collaborative phase to the publication phase, elsewhere. By public decree in our place this is going to be Confluence, which has problems of its own, and also poses a document conversion problem (from Google to Confluence internal format, keeping structure). Code Collaboration is not part of other collaboration at all, and lives in a third, and entirely disconnected space. ","date":"2022-10-12T00:00:00Z","href":"https://blog.koehntopp.info/2022/10/12/groups-and-places.html","tags":["lang_en","remote first","work","chat"],"title":"Groups and Places"},{"categories":null,"content":"When you are looking for a better Remote First culture, you are looking for better meetings. If you go for better meetings, you will also have fewer of them.\n“The anthropologists got it wrong when they named our species Homo sapiens (\u0026lsquo;wise man\u0026rsquo;). In any case it\u0026rsquo;s an arrogant and bigheaded thing to say, wisdom being one of our least evident features. In reality, we are Pan narrans, the storytelling chimpanzee.”\nGoing for a written culture helps, going for storytelling will help even more.\nStorytelling Almost 15 years ago, I wrote about an experience with the roleplaying game Primetime Adventures. If you are reading German, check it out .\nOne of the things to take away from Primetime Adventures is that \u0026ldquo;on screen\u0026rdquo; nothing happens without reason, all interactions serve the story. And the story is always about conflict: Anything from misunderstandings to misaligned goals, from disagreement about a mission to disagreement about fundamental values, from friendly competition to outright fighting over starved resources.\nIn the end it does not matter, but screen time is always about the current conflict, because to the Storytelling Chimpanzee this is what it\u0026rsquo;s about.\nThis is, at the core, also true about meetings. If they are not about conflict, they are not worth your time.\nIt does not have to be conflict about the people in the meeting. The meeting does not have to resolve the conflict (but should progress it somewhow). But in every meeting there is some kind of conflict in the background.\nRemember: Not all conflict is drama, in fact, most is not.\nUnderstanding conflict So when you go for meetings, prepare an Agenda. If you are invited to a meeting without an Agenda, decline it.\nWhat is a good Agenda?\nMake an agenda and make it self-contained. It should itemize the things you would like to talk about. Each item should have a short summary (\u0026ldquo;What happened so far\u0026rdquo;, \u0026ldquo;Last week on …\u0026rdquo;) or link to one. You should invite the people you need to talk to about the thing, the stakeholders. Then send the agenda around well in advance, maybe share a link to a shared document. Allow people to change, amend, and comment the agenda. Force them to interact with the document in some way.\nYour goal, ultimately, is to either not have a meeting, because all agree.\nOr have a meeting, but only about the things you disagree about. Or people have questions about things, which can only be resolved interactively.\nSo invite people to actually comment. Invite long form, have them write in the text. Sidenotes are horrible to read, and basically are good for +1\u0026rsquo;s only.\nInvite people to agree with you, in the document, or to specify where the disagreement is exactly. Disagreement can take many forms:\nIt can be insecurity (\u0026ldquo;The plan looks good in principle, but I fear that…\u0026rdquo;). It can be misalignment (\u0026ldquo;You want to do …, but we actually need … on our side.\u0026rdquo;). It can be resource shortage (\u0026ldquo;You want … from us, but that would require us to …, and we can\u0026rsquo;t do that in this Quarter.\u0026rdquo;). It can be many other things. It always signals a need to communicate more, about a specific thing. Commenting on Agendas kills meetings Use the Agenda and the Agenda Prep to collect agreement. If there is no disagreement, it\u0026rsquo;s fine to not have the meeting, because the reason to have one just vanished.\nIf there is disagreement, you now know where, and how, and what specifically is the perceived or real problem. You can spend interactive time exactly on these things, and go over possible reconciliations.\nSince this is all in a shared document, y\u0026rsquo;all can amend the discussion with additional writing and sidenotes as needed. This is automatically also the meeting notes, so make sure they contain whatever the outcomes are y\u0026rsquo;all collectively agreed to.\nMark up deliverables, deadlines and people responsible. Set a deadline with a followup meeting (which you can then try to kill in advance, too).\nKickoffs cannot be killed One exception are kickoff meetings. They exist to present the project, and project goals, to set the framework and to make sure you are talking to the right people, and all the right people.\nThey exist also for socializing, specifically to enable people to make the necessary connections. You will be working together, you need to know each other.\nSo make it short, to the point, and make sure people can connect with each other directly afterwards, on their own. This is important, because kickoffs cannot be killed.\nReporting meetings can focus on interesting stuff Finding conflict, isolating interesting topics to talk about, also applies to reporting meetings.\nReporting meetings always read a lot of slides with a lot of numbers. Everybody zones out. \u0026ldquo;Last weeks SLOs for … were met completely, and we improved …\u0026rdquo; Nobody is interested, skip that.\nWe all can look at the green in the report in advance. Instead use the reporting meeting to speak about interesting things.\nThis can be the story of an outage, and what we learned. It can be about the story of an improvement, and how it will prevent a certain class of failure. Or tell the story of how you work, how you improve work, or how you work differently than other companies do, if that is useful.\nSharing stories about practice is much more interesting that reading numbers from a slide that is all green anyway.\nOr skip the meeting. If the numbers are all fine and there are no learnings, no interaction is needed.\nMaking it interesting, making it valuable In general, finding out, in advance, what the meeting should be about, always means finding the conflict, determining its nature, and the stakes. Uneven information, misaligned goals, differences about implementation or scope, resource allocation, whatever. Knowing this, maybe even preparing alternatives, and then either developing or discovering them interactively, or deciding on them collectively helps.\nIt also automatically prepares the meeting minutes:\nThe Agenda collects agreement, and preparing the meeting from the residual conflict in the Agenda then makes it simple to have minutes. We have shared documents in 2022, so there is an easy way to make sure all voices are recorded.\nProviding value Shared documents are also a burden: They are hard to discover, maintain and organize. I am increasingly a supporter of the idea that Google Docs should auto-delete after 3 months.\nIf you want deliverables, put them elsewhere, anywhere. Heck, even Confluence would be a better location than a Google Drive. In any case, you can create a consolidated version of the current state in a proper document, and then collect or link the path that led to it and attach it as documentation.\nYou can\u0026rsquo;t take meeting notes and call them deliverables, though. That won\u0026rsquo;t work. It never did.\nSo a discussion with interactive and written elements, is also a documentation evolution process, in which we collectively work on a deliverable: the architecture, documentation and implementation of a process.\nIn a proper store, and not in shared documents, much less in volatile spoken discussion without any record or recording. We work to distill information, to shape an idea, and to bring it into the world, in a proper deliverable and in code.\nBecause that is what a company is about: Making agreements on how we work together on a common thing (and building infrastructure to make this easier).\nAnd we have meeting agendas to collect agreement, and to sharpen disagreement, we have interactive meetings to find and ultimately document conflict resolutions, and we then put these back into the deliverable.\nThis is the heart of asynchronous distributed collaboration.\nSo if somebody asks you: \u0026ldquo;What did your org learn to do differently in the last 3 years?\u0026rdquo; and the answer is unlike the above:\nWhat did you do instead? How did your org evolve?\nAddenda This started out as a Twitter thread. There have been reactions.\nFlorian Haas pointed to a really good writeup about writing of his. He also mentions: \u0026ldquo;Re project kickoffs, never do them without preparing a 5-paragraph brief. Better still, circulate it ahead of the kickoff.\u0026rdquo; ","date":"2022-10-10T00:00:00Z","href":"https://blog.koehntopp.info/2022/10/10/pan-narrans-and-better-meetings.html","tags":["lang_en","remote first","work"],"title":"Pan Narrans and Better Meetings"},{"categories":null,"content":"Where I work, we are using MySQL in a scale-out configuration to handle our database needs.\nThat means, you write to a primary server, but reads generally go to a replica database further down in a replication tree.\nA number of additional requirements that should not concern you as a developer make it a little bit more elaborate than a simple \u0026ldquo;primary and a number of replicas\u0026rdquo; configuration. But the gist of all that is:\nthere is always a read-copy of the database very close to your application, latency wise there are always sufficient copies of the data around so that we can afford to run our databases on unraided local storage. The nature of our databases is such, that we drown all data reads with sufficient memory, where ever that is possible. Our databases are Memory Engines, when it comes to reads.\nI joke about that:\nYou, too, can be a successful database performance consultant: Say “Buy more memory!” and “There is an index missing” as needed. Add “That’s going to be expensive”, if you work for SAP or Oracle.\nBut it is true: Reads are really bad for databases. Here is what a database workload looks like when the database does not fit into memory:\nGraph based on data recorded with blktrace, analyzed by Workload Intelligence from Oakgate.\nThe workload shown here is too large to have its working set inside the InnoDB Buffer Pool provided. We do see a constant stream of reads over time, to the tune of several MB/s and up to ~1000 IO Operations per Second (IOPS).\nHad this database more memory, the reads would instead hit cached blocks in memory and would eventually be served from RAM. We would see read requests at the database layer, but they would be satisfied from the database\u0026rsquo;s Buffer Pool and not hit the disk. Only the write load remains.\nBut aren\u0026rsquo;t writes worse, then? That is an interesting question.\nWe can drown reads with cache, but we can\u0026rsquo;t drown writes much.\nThey eventually have to go to the disk, and in order to be ACID compliant, we need to delay the COMMIT until the write has hit a persistent storage layer.\nDepending on our persistence requirements, we demand that the write\nhits a machine-local persistent storage (a disk, a NVME or a battery backed cache unit (BBU)), hits at least a second machine or hits a second machine in another availability zone. Increasing the requirements introduces more latency, and brings down our maximum write rate due to increased wait time.\nBut uncached reads are worse.\nWrites can build deep queues, but for reads that is hardly happening. This is a key observation.\nWhen we send writes to storage, we can do that asynchronously: We fire off the write, and while we delay the commit and wait for the write to complete, we can do other things. That is possible, because these other writes are – to a large extent – independent of the outcome of previous writes, as long as ordering guarantees are being held up. Writes are a stream that continuously flows and that can be queued.\nReads are not, at multiple levels.\nDatabases read data from indexes, and indexes are mostly data structures such as balanced trees, with a large fan-out. If you have more data than fits into memory and sensible indexes, the index is approximately four layers deep. You will need around four media accesses to get from the root to the desired data, assuming no caching.\nWhy approximately four layers?\nIn a tree, the depth of the tree is the logarithm of the number of records to the base of the fan-out.\nFor a billion records and a fan-out of 200 at each level, you get a tree depth of 3.91.\nFewer records will make it a bit more shallow: Depth 2.60 for a million records at a width of 200.\nA smaller fan-out will make it a bit deeper: a million records with a fan-out of 20 instead of 200 will give you a depth of 4.61 (Remember, we are working with pages of 16 KB size, so a fan-out of only 20 is incredibly small).\nIn practice, all balanced trees in our databases will be approximately 4 layers deep, because log(n)/log(fan-out) is practically a constant valued around 4.\nMost of the time, even for large data we can completely cache the inner tree, so this comes down to 4 disk read requests and one actual disk read. But: In such a lookup, each disk read is completely dependent on the outcome of the previous disk read. The reads are all serialized by disk accesses.\nThat, again, underlines the importance of memory in database operation. \u0026ldquo;Buy more memory, then invest into more memory\u0026rdquo; is an extremely sensible piece of advice.\nNow, we actually do not just read data from a single table. Often we join two tables. In a loop join, we join two tables with SQL of the form\nSELECT a.somecolumn, b.someothercolumn FROM a JOIN b ON a.aid = b.aid WHERE \u0026lt;some conditions\u0026gt; This will grab rows from a, hopefully using an index (see above for index reads), and then take the rows from a as they are generated. It will use the a.aid values emitted and apply them to look up b.aid rows in table b.\nAgain, we can\u0026rsquo;t know which rows in b we are interested in before we haven\u0026rsquo;t completed the reads on a. Read accesses on b are dependent on the outcome and hence completion of our (indexed) reads on a.\nThat is not a good way to build deep queues: Work stalls until the previous reads are done – unless we provide sufficient memory for the reads to not happen in the first place.\nWhat do reads and writes look like in reality? Meet our availability databases. They are holding hotel room availability information. This database is running on bare metal, 16C/32T, 128 GB memory and two SSD on a controller with a battery backed cache unit (BBU).\nThe box is serving mostly reads, 4746 in the last second, and as a replica sees writes only from upstream.\nThe box is currently holding a few TB of data, serving around between 6000 and 12000 queries per second.\nThe statement mix looks like Java: around 50% of the statements are SELECT, the large percentage of SET statements is indicative of the JDBC driver and the rest is DML and transaction management.\nThe box is currently running at a load of 9, but it is early morning, and we have a load peak in the evening. At a load of 12, it has sufficient capacity to carry on, if we lose an AZ and have to fold the failing data centers load into the surviving machines.\nThis kind of hardware with this kind of workload will become uncomfortably jittery at a load of 24.\nWe also observe variable read load of around 1000-ish IOPS, spiking into the 4000\u0026rsquo;s.\nThis works well. How well?\nWe observe read and write latencies on a µs scale, that is 10^-6, millionth seconds.i 2000 µs are 2ms.\nRead latencies are layered curtains with peaks at 0.2 ms, 0.26 ms, 0.33 ms, 0.45 ms and 0.58 ms. We could draw a large gauss curve over the entire thing, peaking at 0.33 ms.\nWrite latencies are\u0026hellip; nonexistent?\nWhen we zoom in, we can see that disk writes seem to happen at a latency of 40 µs, 0.04 ms. That\u0026rsquo;s to the tune of a PCIe bus transfer – a 256 Byte bus transfer takes around 100 ns, 40 µs are good for about 12-ish KB worth of bus time, and for comparison, 16 KB is the size of a MySQL data page written out. The numbers check out.\nThis is the time it takes to transfer 16 KB of data from a MySQL Buffer Pool in RAM to the 4 GB worth BBU cache on the HP SmartArray controller card, which counts as locally persistent. The ARM CPU on the controller will then take all these writes, sort them, batch them and write them out to the SSD in the background.\nAll together that works very well: This blade costs around 150 Euro per month, per machine, over a reservation interval of 5 years. It stores 1 TB of logical data in 1 TB of physical disk space. And it performs at amazingly low and stable latency numbers.\nIt is not redundant at the machine level – we are using other, database level technologies to achieve that. Using replication, we make copies of the data on this machine on other machines and in other data centers. This allows us to utilize redundancy for capacity, but also for availability.\nIt does so at a cost that also allows us to completely eliminate additional cache layers such as memcached – also eliminating the entire class of cache incoherency bugs that came with memcached usage, until 2012, when we removed memcached.\nChanging the Equation Introducing distributed storage into the equation changes the properties of the underlying storage fundamentally.\nYour storage is no longer machine local, and for reasons that are transcending the scope of this post, it is also always replicated – usually with a replication factory of n=3. That is, 1 TB of data in the database becomes 3 TB of data on disk, 1 TB on each of three different machines.\nTraversing the datacenter in our on-premises data center takes around 60 µs, plus the time to write data to locally persistent storage makes it 100 µs, 0.1ms, for each hop. Multiple copies and coordination add up, and the end result is a write time distribution with a maximum of 0.9 ms for the storage tested here.\nRead latencies have the same shape, but are somewhat lower – we need one copy of the data to read it, not all of them, so we come out at around 0.6ms.\nLatency diagrams for read and write latencies of our Ceph storage are r=0.6 ms, w=0.9 ms. This is amazingly low for Ceph – a Ceph cluster in 2015 would have been around 5.0 ms.\nRunning a database with a comparable profile on top of this storage changes database behavior a lot:\nRead latencies compared: Above, the graph from the local machine, below a comparable workload on Ceph volumes.\nWe have reads, and read latencies are approximately twice as high as on a local SSD. We have discussed how reads don\u0026rsquo;t queue well, as the results of later reads are often dependent on the results of previous reads.\nThat means we have lowered the read capacity of an instance by 2, for the same number of connections.\nWe could, in increasing order of engineering and monetary cost\nadd memory to quench the reads in an increased buffer pool add boxes to the pool, at the cost of additional instances add connections and query the database with multiple parallel tasks, trying to engineer our workload to be more parallel shaped For this hierarchy under test, the second thing happened: we scaled up the number of instances in order to deal with the query load under worsened read latency. And we should try the first thing: use instances with more memory to make the disk accesses go away.\nFor the writes, the picture changed completely:\nWrite latencies compared: Above, the graph from the local storage machine, below a comparable workload on Ceph volumes.\nWrites now take 0.9 ms instead of 0.04 ms.\nAlso, while the write latency histogram is nicely Gauss-shaped, it does have a considerable base width: The 0.9 ms is actually the base of a curve that goes from 0.6 ms to 1.6 ms on the other side.\nWrites queue nicely, and the storage here is performing extremely well under parallel load in benchmarks. So many parallel writes should work well: Each write takes 0.9-ish ms, but you can do many of them in flight at the same time.\nUnfortunately, transactional workloads do not have that shape. Parallel replication is subject to a number of constraints regarding reordering, and also subject to limitations that result from implementation details.\nReplication delay over time: Despite parallel replication being active, the instance cannot keep up with the write load. Only careful write modulation keeps the replica from delaying even more.\nAnd that is not even a high write load: The statement mix shown here did not even touch the 1000 inserts/s barrier.\nYet the storage statistics are absolutely devastating:\nWe see somewhat over 1000 reads and 1000 writes per second on the volume, which are good considering the latencies we see above, but devoid of parallism. The I/O we see is good for an aggregate I/O of 22 MB/s, and results in complete saturation of the Disk I/O.\nThere is no easy way around this, except deep changes to the application to make it write differently. But we do not really want to spend application business unit developer time on \u0026ldquo;code around the intricacies of the storage solution we chose\u0026rdquo; instead of \u0026ldquo;solve business problems\u0026rdquo;.\nThe recommendation to use local storage in the virtualized environment still stands, as it performs better and does not provide storage-level redundancy for which we have no use, given that replication provides capacity and redundancy at the database level.\n","date":"2022-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2022/09/27/mysql-local-and-distributed-storage.html","tags":["lang_en","mysql"],"title":"MySQL: Local and distributed storage"},{"categories":null,"content":"Where I work, there is an ongoing discussion about test data generation. At the moment we do not replace or change any production data for use in the test environments, and we don\u0026rsquo;t generate test data.\nThat is safe and legal, because production data is tokenized. That is, PII and PCI data is being replaced by placeholder tokens which can be used by applications to access the actual protected data through specially protected access services. Only a very limited circle of people is dealing with data in behind the protected services.\nUsing production data in test databases is also fast, because we copy data in parallel, at line speed, or we make redirect-on-write (\u0026ldquo;copy-on-write\u0026rdquo; in the age of SSD) writeable snapshots available.\nAssume for a moment we want to change that and\nmask data from production when we copy it to test databases reduce the amount of data used in test databases, while maintaining referential integrity generate test data sets of any size instead of using production data, keeping referential integrity and also some baseline statistical properties Masking Data Assume we make a copy of a production database into a test setup. We then prepare that copy by changing every data item we want to mask, for example by replacing it with sha(\u0026quot;secret\u0026quot; + original value), or some other replacement token.\nkris@localhost [kris]\u0026gt; select sha(concat(\u0026#34;secret\u0026#34;, \u0026#34;Kristian Köhntopp\u0026#34;)); +---------------------------------------------+ | sha(concat(\u0026#34;secret\u0026#34;, \u0026#34;Kristian Köhntopp\u0026#34;)) | +---------------------------------------------+ | 9697c8770a3def7475069f3be8b6f2a8e4c7ebf4 | +---------------------------------------------+ 1 row in set (0.00 sec) Why are we using a hash function or some moral equivalent for this? We want to keep referential integrity, of course. So each occurence of Kristian Köhntopp will be replaced by 9697c8770a3def7475069f3be8b6f2a8e4c7ebf4, a predictable and stable value, instead of a random number 17 on the first occurence, and another random number, 25342, on the next.\nIn terms of database work, it means that after copying the data, we are running an update on every row, creating a binlog entry for each change. If the column we change is indexed, the indexes that contain the column need to be updated. If the column we change is a primary key, the physical location of the record in the table also changes, because InnoDB clusters data on primary key.\nIn short, while copying data is fast, masking data has a much, much higher cost and can nowhere run at line speed, on any hardware.\nReducing the amount of data Early in the company history, around 15 years ago, a colleague worked on creating smaller test databases by selecting a subset of production data, while keeping referential integrity intact. He failed.\nMany others tried later, we have had projects trying this around every 3 to 5 years. They also failed.\nEach attempt always selects either an empty database or all of the data from production.\nWhy is that?\nLet\u0026rsquo;s try a simple model: We have users, we have hotels, and they are in a n:m relationship, the stay.\n\u0026ldquo;Kris\u0026rdquo; stays in a Hotel, the \u0026ldquo;Casa\u0026rdquo;. We select Kris into the test data set from production, and also the \u0026ldquo;Casa\u0026rdquo;. Other people stayed at the Casa, so they also are imported into the test set, but they also stayed at other hotels, so these hotels are also imported, and so forth, back between two tables. After 3 reflections, 6 transitions, we have selected the entire production database into the test set.\nOur production data is interconnected, and retaining referential integrity of the production data will mean that selecting one will ultimately select all.\nLimiting the timeframe can help: we select only data from the past week or something. But that has other implications, for example on the data distribution. Also, our production data is heavily skewed in time when it comes to operations on availability – a lot of bookings happen in the last week.\nGenerating test data Generating garbage data is fast, but still slower than making a copy. That is because copying data from a production machine can copy binary files with prebuilt existing indexes, whereas generating garbage data is equivalent to importing a mysqldump. The data needs to be parsed, and worse, all indexes need to be built.\nWhile we can copy data at hundreds of MB per second, up into the GB/s range, importing data happens at single digit MB/s up to low tens of MB/s. A lot depends on the availability of RAM, and on the speed of the disk, also on the number of indexes and if the input data is sorted by primary key.\nGenerating non-garbage data is also hard, and slow.\nYou need to have the list of referential integrity constraints either defined or inferred from a schema. At work, our schema is large, much larger than a single database or service – users in the user service (test user service, with test user data) need to be referenced in the reservations service (test reservations service with test bookings), referring to hotels in the test availability and test hotel store.\nThat means either creating and maintaining a consistent second universe, or creating this, across services, from scratch, for each test. One is a drag on productivity (maintaining consistent universes is a lot of work), the other is slow.\nConsistency is not the only requirement, though. Consistency is fine if you want to test validation code (but my test names are not utf8, they are from the hex digit subset of ASCII!).\nBut if you want to talk performance, additional requirements appear:\nData size.\nIf your production data is 2 TB in size, but your test set is 200 GB, it is not linearly 10x faster. The relationship is non-linear: On a given piece of hardware, production data may be IO-limited because the working set does not fit into memory, whereas the test data can fit WSS into memory. Production data will produce disk reads proportionally to the load, test data will run from memory and after warmup has no read I/O – a completely different performance model applies. Performance tests on the test data have zero predictive value for production performance.\nData Distribution.\nProduction data and production data access is subject to data access patterns that are largely unknown and undocumented, and are also changing. Some users are whales that travel 100x more than norms. Other users are frequent travellers, and travel 10x more than norms. Some amount of users are one-offs and appear only once in the data set. What is the relation between these sets, and what is the effect they have on data access?\nFor example:\nA database benchmark I lost The german computer magazine c\u0026rsquo;t in 2006 had an application benchmark described in web request accesses to a DVD rental store. The contestants were supposed to write a DVD rental store using any technology they wished, defined in the required output and the URL request they would be exposed to in testing. MySQL, for which I worked as a consultant, wanted to participate, and for that I put the templates provided into a web shop using MySQL, and tuned shop and database accordingly.\nI got nowhere the top 10.\nThat is because I used a real web shop with real assumptions about user behavior, including caches and stuff.\nThe test data used was generated, and the requests were equally distributed: Each DVD in the simulated DVD store was equally likely to be rented and each user rented the same amount of DVDs. Any cache you put into the store would overflow, and go into threshing, or would have to have sufficient memory to keep the entire store in cache.\nReal DVD rental stores have a top 100 of popular titles, and a long tail. Caching helps. In the test, caching destroyed performance.\nAnother database benchmark I lost Another german computer magazine had another database benchmark, which basically hammered the system under test with a very high load. Unfortunately, here the load was not evenly distributed, but a few keys were being exercised very often, whereas a lot of keys were never requested. Effectively the load generator has a large number of threads, and each thread was exercising \u0026ldquo;their\u0026rdquo; key in the database \u0026ndash; thread 1 to id 1 in the table, and so on.\nThis exercised a certain number of hot keys, and waited very fast on a few locks, but did not actually simulate accurately any throughput limits. If you exercised the system with more production-like load, it would have had around 100x more total throughput.\nTL;DR Producing masked or simulated data for testing is around 100x more expensive computationally than copying production data. If production data is already tokenized, the win is also questionable, compared to the effort spent.\nProducing valid test data is computationally expensive, especially in a microservices architecture in which referential integrity is to be maintained across service boundaries.\nValid test data is not necessarily useful in testing, especially when it comes to performance testing. Performance testing is specifically also dependent on data access patterns, working set sizes and arrival rate distributions that affect locking times.\nIn the end, the actual test environment is always production, and in my personal professional experience there is a lot more value in making testing in production safe than in producing accurate testing environments.\n","date":"2022-09-26T00:00:00Z","href":"https://blog.koehntopp.info/2022/09/26/mysql-data-for-testing.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Data for Testing"},{"categories":null,"content":"Query latencies in one data center are larger than elsewhere for one replication hierarchy, but only in the high percentiles. This impacts production and traffic is being failed away from that data center to protect production.\nWhen the P50 and P90 look okay, but the P99 and the P99.9 do not, the database(s) operate normally, and only some queries are running slow. The initial guess was \u0026ldquo;for some queries the plan has flipped, but only in that data center.\u0026rdquo;\nBut first let\u0026rsquo;s have a look at the database size and the schema.\nA tiny database The schema in question holds metadata for a change data capture process, and that is not a lot.\n# du -sh * 0 coredumps 5.6G data 704M log 0 tmp # du -sh data/theschema 93M data/theschema and in memory:\nThe mysqld process has a RES (resident set size) of only 5.9GB, even if the database is allowed to grow to a VIRT (virtual memory size) of 71.8 G.\nThis is running on a bare metal blade for the moment, and these do not come smaller than this. In a virtual machine, it can be as small as a 1/4 blade – but database instances have a fixed overhead and going much smaller hardly makes sense.\nIn any case, this is running off memory, and would be doing so even if hosted on an iPhone. There can\u0026rsquo;t be disk scans, even if there were bad queries. And even with memory scans a thing this tiny won\u0026rsquo;t exhaust CPU or scan for a long time in memory. Something definitively smells funny around here.\n[information_schema]\u0026gt; select table_name, table_rows from tables where table_schema = \u0026#39;schemaregistry\u0026#39; order by table_rows desc; +--------------------+------------+ | TABLE_NAME | TABLE_ROWS | +--------------------+------------+ | table_01 | 14376 | | table_02 | 9510 | | table_03 | 3079 | | table_04 | 84 | | table_05 | 0 | | db_waypoint | 0 | +--------------------+------------+ 6 rows in set (0.00 sec) Scanning for slow queries We are using performance_schema directly to ask for statistics for queries that have been seen that are slow.\n[performance_schema]\u0026gt; select -\u0026gt; user, -\u0026gt; event_name, -\u0026gt; count_star, -\u0026gt; avg_timer_wait/1000000000 as avg_ms -\u0026gt; from events_statements_summary_by_user_by_event_name -\u0026gt; where user = \u0026#39;production_username\u0026#39; -\u0026gt; and event_name like \u0026#39;statement/sql/%\u0026#39; and count_star \u0026gt; 0; +----------------------+-----------------------------+------------+--------+ | user | event_name | count_star | avg_ms | +----------------------+-----------------------------+------------+--------+ | production_username | statement/sql/select | 42121722 | 0.2913 | | production_username | statement/sql/set_option | 270284 | 0.0708 | | production_username | statement/sql/show_warnings | 67571 | 0.0498 | +----------------------+-----------------------------+------------+--------+ 3 rows in set (0.01 sec) P_S is not intended to be used directly by humans. The tables are optimized for fast data collection. Data is not locked during read as to not slow collection, times are reported in PicoSeconds (1/10^12) as to avoid any DIV instructions on write and buffers are size-limited so if some action is spamming P_S, data is lost, but the server does not slowed or losing memory.\nConsequently we divide by 10^9 to get average statement runtime, and we report any statement statistics since server start (or table truncate) that have been collected for any statement. It turns out, the production user has been running only select statements, set statements and show warnings commands.\nWhile the averages look good, maxima are not:\n[performance_schema]\u0026gt; select -\u0026gt; event_name, -\u0026gt; count_star, -\u0026gt; avg_timer_wait/1000000000 as avg_ms, -\u0026gt; max_timer_wait/1000000000 as max_ms -\u0026gt; from events_statements_summary_by_user_by_event_name -\u0026gt; where user = \u0026#39;production_username\u0026#39; -\u0026gt; and event_name like \u0026#39;statement/sql/%\u0026#39; and count_star \u0026gt; 0; +-----------------------------+------------+--------+------------+ | event_name | count_star | avg_ms | max_ms | +-----------------------------+------------+--------+------------+ | statement/sql/select | 42121722 | 0.2913 | 14934.0024 | | statement/sql/set_option | 270284 | 0.0708 | 1.2732 | | statement/sql/show_warnings | 67571 | 0.0498 | 0.9574 | +-----------------------------+------------+--------+------------+ 3 rows in set (0.00 sec) So there was one select statement that ran a whopping 14s on a database that has no table with more than 15k rows.\nVividcortex aka SolarWinds DPM We onboard this hierarchy to Vividcortex, a monitor that collects performance data from databases, and allows to see specific queries that execute slowly. It can also help in determining possible improvements.\nVividcortex inventory for streaming. Normally Vividcortex does not run on all instances, but the primary and one pooled replica. We wanted a specific pooled replica in Frankfurt, though, so something with a 6000 number.\nOur normal Vividcortex onboarding installs probes on the primary and one pooled replica, because it is not necessary to overwhelm the collection interface with all queries from all production machines. A sample will do fine.\nIn this case, we want a replica in a specific location, though: only one data center behaves abnormally, so we would want one more machine within that location. This required some bespoke puppet artistry, but it worked. But, even then we do not get queries that are particularly interesting:\nWe get Query Count, and Average Latency. But from the counts and the word average we can already see that this is not useful: we would have wanted to see high percentiles. Also, the queries are all uninteresting.\nNow, we believe most queries are fine, only some instances of queries that are mostly fine are taking unexpectedly long. And we want to see those.\nWe can already see that the default view of VividCortex here is not helpful, and a quick exploration of the user interface quickly reveals that this tool is maybe not optimally useful for our specific hunt.\nWe go back to P_S and handcraft our stuff.\nPlundering P_S Let\u0026rsquo;s see what is on the menu:\n[performance_schema]\u0026gt; show tables like \u0026#39;%statement%\u0026#39;; +----------------------------------------------------+ | Tables_in_performance_schema (%statement%) | +----------------------------------------------------+ | events_statements_current | | events_statements_histogram_by_digest | | events_statements_histogram_global | | events_statements_history | | events_statements_history_long | | events_statements_summary_by_account_by_event_name | | events_statements_summary_by_digest | | events_statements_summary_by_host_by_event_name | | events_statements_summary_by_program | | events_statements_summary_by_thread_by_event_name | | events_statements_summary_by_user_by_event_name | | events_statements_summary_global_by_event_name | | prepared_statements_instances | +----------------------------------------------------+ 13 rows in set (0.00 sec) I don\u0026rsquo;t know about you, but events_statements_summary_by_digest looks tasty by me. What is in it?\n[performance_schema]\u0026gt; desc events_statements_summary_by_digest; +-----------------------------+-----------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-----------------------------+-----------------+------+-----+---------+-------+ | SCHEMA_NAME | varchar(64) | YES | MUL | NULL | | | DIGEST | varchar(64) | YES | | NULL | | | DIGEST_TEXT | longtext | YES | | NULL | | | COUNT_STAR | bigint unsigned | NO | | NULL | | | SUM_TIMER_WAIT | bigint unsigned | NO | | NULL | | | MIN_TIMER_WAIT | bigint unsigned | NO | | NULL | | | AVG_TIMER_WAIT | bigint unsigned | NO | | NULL | | | MAX_TIMER_WAIT | bigint unsigned | NO | | NULL | | | SUM_LOCK_TIME | bigint unsigned | NO | | NULL | | | SUM_ERRORS | bigint unsigned | NO | | NULL | | | SUM_WARNINGS | bigint unsigned | NO | | NULL | | | SUM_ROWS_AFFECTED | bigint unsigned | NO | | NULL | | | SUM_ROWS_SENT | bigint unsigned | NO | | NULL | | | SUM_ROWS_EXAMINED | bigint unsigned | NO | | NULL | | | SUM_CREATED_TMP_DISK_TABLES | bigint unsigned | NO | | NULL | | | SUM_CREATED_TMP_TABLES | bigint unsigned | NO | | NULL | | | SUM_SELECT_FULL_JOIN | bigint unsigned | NO | | NULL | | | SUM_SELECT_FULL_RANGE_JOIN | bigint unsigned | NO | | NULL | | | SUM_SELECT_RANGE | bigint unsigned | NO | | NULL | | | SUM_SELECT_RANGE_CHECK | bigint unsigned | NO | | NULL | | | SUM_SELECT_SCAN | bigint unsigned | NO | | NULL | | | SUM_SORT_MERGE_PASSES | bigint unsigned | NO | | NULL | | | SUM_SORT_RANGE | bigint unsigned | NO | | NULL | | | SUM_SORT_ROWS | bigint unsigned | NO | | NULL | | | SUM_SORT_SCAN | bigint unsigned | NO | | NULL | | | SUM_NO_INDEX_USED | bigint unsigned | NO | | NULL | | | SUM_NO_GOOD_INDEX_USED | bigint unsigned | NO | | NULL | | | SUM_CPU_TIME | bigint unsigned | NO | | NULL | | | COUNT_SECONDARY | bigint unsigned | NO | | NULL | | | FIRST_SEEN | timestamp(6) | NO | | NULL | | | LAST_SEEN | timestamp(6) | NO | | NULL | | | QUANTILE_95 | bigint unsigned | NO | | NULL | | | QUANTILE_99 | bigint unsigned | NO | | NULL | | | QUANTILE_999 | bigint unsigned | NO | | NULL | | | QUERY_SAMPLE_TEXT | longtext | YES | | NULL | | | QUERY_SAMPLE_SEEN | timestamp(6) | NO | | NULL | | | QUERY_SAMPLE_TIMER_WAIT | bigint unsigned | NO | | NULL | | +-----------------------------+-----------------+------+-----+---------+-------+ 37 rows in set (0.00 sec) Huh? What? The structure of P_S At this point it is maybe a good idea to stop and establish a few facts about P_S. P_S collects data about statement execution and server performance.\n[performance_schema]\u0026gt; show tables like \u0026#39;setup%\u0026#39;; +---------------------------------------+ | Tables_in_performance_schema (setup%) | +---------------------------------------+ | setup_actors | | setup_consumers | | setup_instruments | | setup_objects | | setup_threads | +---------------------------------------+ The server is instrumented for collection, and the data sources are called instruments.\nWe can ask an instrument to collect or not collect data for certain monitoring users, certain actors. We can also ask the instruments ignore certain tables, schemas or other things, certain objects. And again, the same, for certain threads.\nCollected data is stored in preallocated ring-buffers, or added to certain aggregates. All these things are consumers.\nConfiguration happens through the setup tables above, which set up the data flow from instrument through the filtering dimensions to the consumers.\nEvent data collection happens in event tables, inside a hierarchy, from transactions, to individual statements that make up a transaction, to execution phases of a statement, stages, to waits (mostly for IO or locks). These things nest, but not necessarily on a 1:1 basis – a statement can contain waits, or other statements, for example.\nroot@streamingdb-6001 [performance_schema]\u0026gt; show tables like \u0026#39;event%current\u0026#39;; +----------------------------------------------+ | Tables_in_performance_schema (event%current) | +----------------------------------------------+ | events_stages_current | | events_statements_current | | events_transactions_current | | events_waits_current | +----------------------------------------------+ 4 rows in set (0.00 sec) For each of these events, we have _current, _history and _history_long tables. For example events_statements_current contains one entry for each active connection, events_statements_history the last few statements for each active connection, and events_statements_history_long the last few thousand statements across all connections.\nThere are other collections, about other aspects of the server, and more generalized statement aggregations, the summaries.\nQueries and Query Digests To be able to aggregate statements, there is the concept of a statements digest_text, and ultimately the digest, a hash number generated from the digest text.\nSo statements such as\nselect id from atable where id in ( 1, 2, 3) SeLeCt id FROM atable where id IN (92929, 29292, 17654, 363562); should be considered equivalent in an aggregate. This is done by unparsing the statement from the parse tree, which gets rid of all the spacing and letter case differences in keywords. During this, all constants and constant lists are replaced by ? or '?' respectively.\nThe digest text for the above two statements becomes\nselect id from atable where id in ( ? ) and the digest from that can then be generated by running a hash function over the digest text.\nThe disadvantage is that a digest cannot be explained with the EXPLAIN command, so we need to make sure to also keep a representative explainable version of the query.\nGetting some data In our case, events_statements_summary_by_digest is exactly what we want. So we truncate the collection, and wait a bit, then ask. The results are impossible:\n[performance_schema]\u0026gt; truncate events_statements_summary_by_digest; ... [performance_schema]\u0026gt; select -\u0026gt; count_star, avg_timer_wait/1000000000 as avg_ms, -\u0026gt; QUANTILE_95/1000000000 as q95_ms, -\u0026gt; first_seen, -\u0026gt; last_seen, -\u0026gt; query_sample_text -\u0026gt; from events_statements_summary_by_digest -\u0026gt; where schema_name = \u0026#39;schemaregistry\u0026#39; -\u0026gt; and QUANTILE_95/1000000000 \u0026gt; 0.1 -\u0026gt; order by QUANTILE_95/1000000000 asc \\G *************************** 1. row *************************** count_star: 21 avg_ms: 0.0782 q95_ms: 0.1202 first_seen: 2022-09-19 14:35:28.885824 last_seen: 2022-09-19 14:38:06.110111 query_sample_text: SELECT @@session.autocommit *************************** 2. row *************************** count_star: 21 avg_ms: 0.0902 q95_ms: 0.1514 first_seen: 2022-09-19 14:35:28.886215 last_seen: 2022-09-19 14:38:06.110382 query_sample_text: SET sql_mode=\u0026#39;STRICT_ALL_TABLES,NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES\u0026#39; So we have completely internal configuration commands that sometimes take longer than 0.1ms to execute. We have other instances of simple queries that sometimes take 14s to run, 1000x and more than the average.\nAnd then\u0026hellip; Yeah, and that is as far as I got with my digging, when a colleague chimes in, pointing at the machine dashboard for the machine I am on.\nA sick network interface is for sure messing with system performance.\nOne of the machines in the pooled replicas for this data center location is showing an elevated amount of network retransmits and the box probably needs some love from the data center operations engineers.\nWe experiment a bit by removing and re-adding the box to the pool, and sure enough: As soon as the system under test is in the pool the latencies are no longer production worthy.\nThe image from the title bar: End user experience with and without the broken box in the replica pool. One bad box spoils the experience for all the users.\nSo the root cause was not instances of one query executing badly, but all queries executing badly on one box of the pool, in one location. Average query latencies, and even the P90 look good, but the P99 and the P99.9 go to hell.\nThe box is removed from the pool and a replacement has been scheduled. The broken box will get a DCOE ticket.\n","date":"2022-09-19T00:00:00Z","href":"https://blog.koehntopp.info/2022/09/19/sometimes-it-is-not-the-database.html","tags":["lang_en","mysql"],"title":"MySQL: Sometimes it is not the database"},{"categories":null,"content":"Two weeks ago I was being drawn into the debug of artdb, the Replication hierarchy used by our Artifactory instance.\nTL;DR Artifactory overloaded the database. This was incident-handled by optimizing a number of slow queries using some covering index trickery, and by upgrading the hardware substantially.\nUsing the runway we bought, we found and partially fixed the following problems:\nFixed: A number of very expensive reporting queries were sped up 16x to 20x using covering indexes, from 180s runtime to 8s-12s runtime. Fixed: We optimized our database and data size by completing the data lifecycle for several repo types, deleting old images. Fixed: Hardware upgrade lowered load even more, and sped up the queries even more. Fixed: Further investigation identified a synchronisation cron job which overloaded the database in 40m intervals. The cron job was throttled and is now on a backlog for refactoring. Fixed: The long running queries were identified in the Artifactory source code, which allowed us and jFrog support to identify that a) the Artifactory internal cache for these queries was bypassed and b) this happens when certain JMX monitoring options are enabled, per application host hitting the database instance. The monitoring was temporarily disabled. Fixed: For each image download, Artifactory writes statistics updates, which can lead to lock contention on hot images. We identified a configuration that could turn this off, and later found that these updates can be happening batched in the background. Unfixed: Artifactory does not understand the concept of Replicas and database scale-out at all, it can only do database scale-up, and that has absolute limits. The database workload for Artifactory is now well below critical levels and has on the current, upgraded hardware runway for estimated 4x growth. Beyond that, vertical scaling is going to be hard without changes to the architecture of Artifactory.\nArtifactory is a third party piece of software that stores binary objects in one of several BLOB storages and serves them up to people who need binaries in whatever way.\nThere are several choices of BLOB storages for it, we are using S3.\nThere are several choices of data delivery formats for Artifactory, we are using many of them, with \u0026ldquo;Docker Repository\u0026rdquo; and \u0026ldquo;Maven Repository\u0026rdquo; being the most prominent use-cases.\nArtifactory is using a database as a metadata storage, and again, there are several possible choices. We are using MySQL.\nBinary Delivery Formats and Protocols supported by Artifactory (https://jfrog.com/artifactory/) .\nOverloaded Database The original complaint was \u0026ldquo;Artifactory is down\u0026rdquo; and \u0026ldquo;The database is overloaded\u0026rdquo;. Investigation of that shows that this was very much true:\nThe primary of the replication hierarchy was a blade from 2017 with 12C/24T, and was showing load spiking into the 40-ies.\nFor a CPU-saturated MySQL on a 12C/24T, anything over 18-20 is probably not very stable and certainly not fun.\nI was looking at the load of the full replication hierarchy and found out multiple things:\nArtifactory does not understand the concepts of replication, multiple database handles or scale-out at the database level. It only talks to the primary database, and can only scale vertically. The Artifactory database is seeing a very large query load (\u0026gt; 20.000 QPS), which is comprised of a large number of reads and underneath still 1000s of writes per second. Some of the reads are long running queries, with runtimes in the 180s. The long running queries have been sped up from 180s to 9s by applying covering indexes and some index order juggling. Read Boiling JFrogs for the full and detailed writeup of this phase.\nBuying Runway Solving the long runners, we found several other issues at the database level. But first we threw more cores into the fire and scaled Artifactory vertically to buy more runway:\nThe Blade 7 hardware type uses 2x $400 CPUs for 16C/32T. Blade 2A.1 hardware uses 2x $2100 CPUs for 32C/64T. At the same load, these more expensive CPUs are also clocked around 1 GHz faster.\nSince we had this long running scan queries on memory-resident data, we were using a lot of CPU. Even after the optimization, these were scans, but on less and better organized data with one level of indirection removed from each data access – so 16x to 20x faster.\nStill, we had a base load of 12 on the Blade 7 with only 12C/24T. Moving to the better equipped, but more expensive Blade 2A.1, we have 32C/64T, and at the same load, we gain around 1 GHz is clock speed.\nAt a load of 12 on a Dual-4110, we have 6 cores busy per socket, running at 2400 MHz. At a load of 12 on a Dual-6130, we have 6 cores out of many more busy, so we have budget for 3400 MHz clock, 1 GHz faster. The work completes faster, we have less concurrency and the load drops to 8, 4 cores per socket, and 3500 MHz until things stabilize.\nModern CPUs do not have the Power Budget and Thermal Budget to run all their cores at maximum clock speed all of the time. The higher the load, the lower they need to clock in order to not melt or starve themselves of power. Fortunately, being a web shop, we do not exercise the FPU a lot outside of the ML department, so \u0026ldquo;Normal\u0026rdquo; is the line that applies here.\nRunning the same workload on a higher level CPU keeps a lesser percentage of cores busy, which can then be clocked higher. The workload is completed faster, and the level of concurrency is lower – you will actually see a lower Linux load on the box.\nThat is also what happened in our case, we speed up the clock by slightly less than 1/3, and we get a load that is roughly 1/3 lower. The replacement box, running the optimized queries, is humming along at a load of 5-10ish, which is okay for a machine of that class and size:\nReplacement machine is good for a load of ~40, but is running at 10 or less, so we are good. Further optimizations after 10-Sep show even more improvement, read on.\nThis stabilized things in a way that allowed further experimentation and exposed other problems that previously were invisible in all the fire and smoke.\nA 40 Minute Pattern Looking at the various indicators reported by the database monitoring, we see a pronounced pattern that shows a 40 minute interval. Something is pushing load into the database in waves, but we do not know what it is: It is using the normal Artifactory production user and coming from one (but only one) of the Artifactory application boxes.\nWe see access patterns repeating at 40 minute intervals, and pushing various statistics up. The data indicates a read and write load (read heavy), from one Artifactory application machine.\nFinding the culprit took us quite some effort, because various other things interfered (among them Puppet re-enabling itself and undoing debug config changes). In the end it turned out, it was us, all along.\nSpecifically: There is a cron job which reads data from service directory and from Artifactory, compares the two and then generates access permissions and other configuration in the Artifactory database for the application. This enables you to access the artifacts you depend on, based on what is declared in SD.\nThrottling this cron job immediately brought relief and relaxed the load even further, but slowed down the import of changes from SD into Artifactory.\nLessons learned:\nAlways use distinct users for distinct applications (one per application, per cron job and so on). Even if these have the same rights and access the same tables, it will make identifying the software component that is responsible for a thing much easier. While Artifactory cannot understand Replicas and only ever works with the primary database, our own components around this are not limited by that restriction. This script could read from any replica and then write back only the necessary changes. This script is surely generating a lot of load for what it does, and needs some love and refactoring. It is now on somebody\u0026rsquo;s backlog. Bad Queries from Nowhere? The bad queries we optimized in Part 1 are still there and looking at what they actually do, they do not look particularly useful.\nMultiple instances of a reporting query running in parallel. Even optimized they seem to be wasteful. We want to know where they come from.\nLooking at the queries themselves, we see this SQL:\nSELECT SUM(bin_length) FROM nodes WHERE node_type=1 and repo = \u0026#39;\u0026lt;reponame\u0026gt;\u0026#39; This is a reporting query that calculates the cumulative size of all things in one repo in our Artifactory. Now that it is fast we can see, it arrives in 15s intervals, and from each of our Artifactory application instances.\nThis suggests that the query string is being generated from the actual Artifactory binary.\nWe can in fact download the Artifactory Java sourcecode and throw it into IntelliJ, and then hunt for this. We even find something, because the query string is thankfully embedded literally in a DAO class, and not generated.\nTo make a long search and a number of support conversations short:\nThese queries can\u0026rsquo;t be fast, but they can be faster than originally thought, thanks to covering indexes. Because of that, there is a cache in Artifactory for this. Clearly, as shown by the recurring 15s appearance of the queries, the cache does not work. Turns out, it does work for Artifactory work, but if you turn on JMX monitoring, the JMX will circumvent the cache and get you fresh values at high cost, for each Artifactory application instance, from the only database that we have, at the Prometheus scraping interval of 15s. Turning off monitoring for this component removed this source of workload. This is undocumented in Artifactory, and was also not immediately obvious to their support. The query shown above is just one instance of multiple queries with similar characteristics and cost. To properly estimate the impact, multiply the effect by 3-4, and then by the number of application instances connected to the database.\nSo are we good now? From the database point of view, this is as good as it gets. The database is not currently a stability item or scalability limit, the current config could even be scaled back to a cheap standard Blade.\n","date":"2022-09-14T00:00:00Z","href":"https://blog.koehntopp.info/2022/09/14/artifactory-conclusion.html","tags":["lang_en","mysql"],"title":"MySQL: Artifactory Conclusion"},{"categories":null,"content":"A database is showing replication delay, and so are all the other instances of the same replication hierarchy, all of which reside in Openstack.\nShortly before 21:30 the database begins to lag, until around 23:45, when it starts to catch up, slowly. After 00:30, we gain delay again, plateau and then around 01:45, we catch up.\nThe database is moving deep into replication delay sometimes. It does not do that on bare metal.\nGround Truth The VM is a nice hardware blade simulation, 16C/32T, 128 GB of memory.\nThe data is on persistent volume backed by Ceph.\n# df -Th /mysql/\u0026lt;hierarchyname\u0026gt;/ Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/vg00-mysqlVol xfs 1.8T 1.1T 766G 58% /mysql/\u0026lt;hierarchyname\u0026gt; # vgs VG #PV #LV #SN Attr VSize VFree sysvm 1 8 0 wz--n- 1.75t 121.27g # du -sh /mysql/\u0026lt;hierarchyname\u0026gt;/* 0 /mysql/\u0026lt;hierarchyname\u0026gt;/coredumps 1017G /mysql/\u0026lt;hierarchyname\u0026gt;/data 24G /mysql/\u0026lt;hierarchyname\u0026gt;/log 0 /mysql/\u0026lt;hierarchyname\u0026gt;/tmp This database does not fit into the buffer pools: The working set is too large. We see read traffic in a warmed up database, at a rate of several dozen MB/s.\nChecking in on information_schema.tables, the two largest tables of this database are around 200 GB in size, each. They seem to be accessed in full, there is little or no exploitable locality of reference. So in order to quench these reads, we would need to supply three times the memory, 384 GB. Since we can\u0026rsquo;t, we need to handle the I/O instead.\nLet\u0026rsquo;s have a look at the I/O: When you run iostat, use iostat -x -k 10, and discard the first output. It contains the data collected since system boot, a very large average interval. We want a clean 10s sample instead.\nThe paste:\nDevice r/s w/s rMB/s wMB/s rrqm/s wrqm/s %rrqm %wrqm r_await w_await aqu-sz rareq-sz wareq-sz svctm %util sdc 4302.00 348.00 67.22 1.22 0.00 0.00 0.00 0.00 1.24 1.91 6.00 16.00 3.58 0.21 99.70 sdb 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 sda 0.00 4.00 0.00 0.02 0.00 0.00 0.00 0.00 0.00 2.50 0.01 0.00 4.00 2.75 1.10 loop0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 dm-0 4304.00 347.00 67.25 1.21 0.00 0.00 0.00 0.00 1.24 1.93 6.02 16.00 3.58 0.21 99.70 We see the busy drive being sdc, the persistent volume. We see increased service times (r_await, unit ms), and queues (aqu-sz, unit is \u0026ldquo;average number of requests in queue, during the observation interval\u0026rdquo;, which is 10s).\nWe also see around 4300 read requests/s and 67 MB/s read traffic.\nI know that smell Some previous experience in other projects suggests that a crucial piece of information may be missing. This replication chain is no longer on bare metal, but is running on Openstack. All traffic to disk in Openstack is quota-ed.\nAny I/O problem on Openstack is undebuggable, unless you know the Quota affecting you. Indeed:\n# openstack volume qos show \u0026lt;uuid\u0026gt; +--------------+----------------------------------------------------+ | Field | Value | +--------------+----------------------------------------------------+ | associations | standard-iops | | consumer | front-end | | id | \u0026lt;uuid\u0026gt; | | name | 200MB/s-3000iops | | properties | total_bytes_sec=\u0026#39;209715200\u0026#39;, total_iops_sec=\u0026#39;3000\u0026#39; | +--------------+----------------------------------------------------+ We have an allowance for a maximum of 200 MB/s and a maximum of 3000 IOPS. Measured in the system we see an ok bandwidth of 67 MB/s, but the IOPS hit the roof.\nWhen we zoom in on a phase of replication delay in the Single Instance Info Panelof our grafana, we get to the bottom of that straight away.\nReplication delay interval:\nAt the same time:\nWhen we have replication delay, we see a straight line in the sum of dm-reads for 70-ish MB/s. This is well below quota.\nLooking at the IOPS:\nThis is the sum of all dm-Reads, and we only are interested in the reads for our device. But we do see a straight line, and that suggests some kind of limit or resource exhaustion. Also, the line is at around 4000 read/s versus a Quota of 3000 IOPS. Together that suggest we run into resource depletion in the IOPS dept here.\nIs that bad?\nThe observed statement latency for the production user goes up from a minimum 348 ms to a max of 37100 ms (37.1s). That is approximately 100x worse than normal.\nThe observed statement latency is also jumping rapidly up and down. System performance is not only bad, but also wildly unpredictable, with high frequency swings across a wide corridor.\nThis is often indicative of a token bucket quota mechanism getting into resonance with the evaluation cycle of the token bucket itself:\nLoad is running away and then then Quota eval check cycle comes and bites down hard on the system over quota, essentially halting it. The system stops, because a database without I/O is doing nothing. It then accumulates new performance tokens in the token bucket, and in the next cycle executes, immediately draining the token pool and running over Quota. Then the cycle repeats.\nMaybe it is less noisy if the quota is applied with consumer=backend.\nAll expectations the user may have on performance are broken and the system may as well be offline. Also, the variance in performance may create input signal spikes dependent systems, affecting their performance if there is resonance.\nWithout being aware of Quota limits and checking for them this is nearly undebuggable, and sometimes you may be looking at secondary effects downstream from the affected system. With proper metrics and knowledge of the Quota it is plain obvious.\nBe wary of straight lines in performance graphs Load is spiky, straight lines do not exist\nThis is a general truth for our systems: In general our load is spiky. It has peaks and valleys, and there are no plateaus or straight lines (outside of Kafka and other Queues and the systems fed by them).\nThat is, if you see a straight line, I see a resource being exhausted and limiting system performance.\nIn this case, the exhausted resource is IOPS quota.\nIn other cases in the past, a straight line in dirty buffer pool pages graph was signaling exhaustion of the redo log space, or similar performance choke points.\n","date":"2022-09-08T00:00:00Z","href":"https://blog.koehntopp.info/2022/09/08/mysql-straight-lines.html","tags":["lang_en","mysql"],"title":"MySQL: Straight lines"},{"categories":null,"content":"OH:\n\u0026ldquo;And now let\u0026rsquo;s quickly push 2 billion rows into this database VM.\u0026rdquo;\nThat is best done in YOLO mode. This is a mode of operation for a database that minimizes disk writes in favor of batched bulk writes.\nIt is not ACID, so if anything goes wrong during the load, the instance is lost. That is why it is called YOLO mode.\nYou are supposed to do this on a spare replica and not the production primary. If you are not having at least one more replica than needed in your MySQL deployment, I consider your setup defective.\nDisable flush on Commit set global innodb_flush_log_at_trx_commit = 2;\nThis config variable gives up ACID commits: On COMMIT, data is written to the file system buffer cache, but an fdatasync(2) is not enforced. Instead, data is synced once per second.\nDisable the Doublewrite Buffer set global innodb_doublewrite = OFF;\nThis config variable disables the InnoDB DoubleWrite Buffer. This buffer stores a temporary copy of the full page, which consists of multiple disk blocks.\nIt can be permanently turned off on file systems that never overwrite data and do not do in-plance updates (btrfs, ZFS), but not on traditional filesystems (XFS, ext4). It can be permanently turned off on systems where the page size is equal to the guaranteed atomic write block size of the hardware (ie 4 KB page size and Enterprise drives that guarantee atomic block writes of 4 KB blocks, even on power loss). That is, normal setups need this enabled all of the time, or risk torn pages (partially new and partially old pages) on power loss during page write.\nUnlogged instance Users of Oracle MYSQL 8.0.21 or newer can have \u0026ldquo;redo log turned off\u0026rdquo; and \u0026ldquo;doublewrite buffer turned off\u0026rdquo; with a single command :\nalter instance disable innodb redo_log;\nThis replaces the preceding two config changes:\nThe redo log will never be written in the first place, so the flush log setting is pointless. The doublewrite buffer is not written. Turn off the Binlog MySQL will still write a binlog. Especially, MySQL 8 always has the binlog on by default. You may want to turn it off per session:\nset sql_log_bin = off;\nThis will kill another source of disk writes and potential disk syncs during the load.\n\u0026ldquo;Delay secondary index generation\u0026rdquo; mysqldump will still generate a statement that tries to disable secondary index generation:\nalter table t disable keys;\nThis command is accepted, but it only works in MyISAM, which nobody should use any more in 2022. You can\nset autocommit = 0; set unique_checks = 0; set foreign_key_checks = 0;\nto YOLO the loading of InnoDB tables, but very large transactions can have their own challenges in MySQL. So best you commit every 1.000 to 10.000 rows loaded. Make sure no transaction is ever larger than 1 GB, it will break compressed binlogs, if enabled. When using group replication, transaction sizes need to be controlled even tighter.\nThe meaning of YOLO This is called YOLO mode for a reason. Undo all these things after the load completes. Then check that they are undone.\nOnly do this on scratch instances, which you can afford to lose.\nThat means, this should be a replica that you disconnect for a data load, and that on success you can use as a source for CLONE . On failure, you must be able to afford scrapping it.\nIf you are running MySQL and are ever short on replicas you are holding it wrong. Don\u0026rsquo;t complain to me, fix your process.\n","date":"2022-09-02T00:00:00Z","href":"https://blog.koehntopp.info/2022/09/02/mysql-yolo-mode.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: YOLO mode"},{"categories":null,"content":"A work problem: A commercial application, Artifactory, where we do not control the source or the schema has performance problems involving a certain long running query.\nThe data size and row counts are not outrageous, and the query itself and the schema are not broken. But the data is very skewed and for certain values the query is very slow, as almost the entire table is selected.\nWe introduce an experimental covering index, and show a 16x improvement, going from 143s to 9s execution time. We advise the customer to ask for this covering index to be added officially using the normal way through MySQL portal.\nHere we go A call to DBA:\nWe\u0026rsquo;ve been investigating performance issues on the Artifactory side and found that our current MySQL primary is sitting at 80-90% I/O utilization. Our next steps would be to see if there is any slow queries without indices or anything else unusual going on from the 3rd party application that we could potentially fix.\nHow would I get the required access to have a look or is there already data collection in regards to this?\nWe are running SolarWinds DPM nee Vividcortex, so the easy way out is to point the customer at the SolarWinds access form and wish them luck.\nInstead we go and have a look.\nThe situation on the ground Artifactory is a product by a company called JFrogs. It stores the output of CI pipelines and serves images for all kinds of backends. For us, mostly Docker.\nThe replication hierarchy is present in two AZs, and is comprised of standard bare metal blades. That translates into 16C/32T, 128 GB RAM and 2 TB of local disk. A quick hop onto the box shows a load of 22+, which is very high. We see around 10k-15k SELECT/s, which is unusual for a primary in our database landscape.\nThe data directory has a total size of some 400 GB, and the Resident Set Size of the mysqld is aroudn 100 GB, fully grown. That is pretty large for such a small database.\nWe see a low read load, so the Working Set Size (WSS) still fits into the InnoDB Buffer Pool. The write load is rather high (hundreds of writes per second, spiking into several thousands), which is very weird for a thing that is supposed to be a metadata store for images.\nThe replica pool is completely idle: We see the write load being replicated, but there are no client connections outside the monitoring. Artifactory is an external product and it knows nothing about replication. It does not split read and write handles, and so all of its traffic hits the primary and only the primary. It does not scale.\nIn the past, we also had tables without primary keys in their schema, which is a big issue for scalability for other reasons. Generally the product claims to be database product agnostic, which among DBA folk is a sure signal for badly optimized schemas and worse scalability. Being a \u0026ldquo;database agnostic\u0026rdquo; Java application, I expect UUIDv4 primary keys, bad Hibernate generated queries and toil from a tangle of foreign key constraints.\nWhat\u0026rsquo;s visible There is a bunch of tooling running in our environment that can give you an idea what the box is doing, and what is observed to be slow. Most of that has a latency, and a history, but I want to see what is happening now, and I want to see it in full fidelity, without aggregations.\nSo I hop on the box and\nmysql\u0026gt; select time, info from information_schema.processlist where command = \u0026#34;query\u0026#34; and time \u0026gt; 10\\G *************************** 1. row *************************** time: 58 info: SELECT SUM(bin_length) FROM nodes WHERE node_type=1 and repo = \u0026#39;docker\u0026#39; *************************** 2. row *************************** time: 19 info: SELECT SUM(bin_length) FROM nodes WHERE node_type=1 and repo = \u0026#39;maven-booking-snapshots\u0026#39; *************************** 3. row *************************** time: 147 info: SELECT repo, SUM(CASE WHEN node_type = 0 THEN 1 ELSE 0 END) as folders, SUM(CASE WHEN node_type = 1 THEN 1 ELSE 0 END) as files, SUM(bin_length) FROM nodes GROUP BY repo *************************** 4. row *************************** time: 96 info: SELECT SUM(bin_length) FROM nodes WHERE node_type=1 and repo = \u0026#39;docker\u0026#39; *************************** 5. row *************************** time: 97 info: SELECT SUM(bin_length) FROM nodes WHERE node_type=1 and repo = \u0026#39;docker\u0026#39; *************************** 6. row *************************** time: 109 info: SELECT SUM(bin_length) FROM nodes WHERE node_type=1 and repo = \u0026#39;docker\u0026#39; 6 rows in set (0.00 sec) Here I am asking I_S.PROCESSLIST what is currently running and takes longer than 10 seconds. I find six instances of a query, five of them a reporting query on the total size of what later turns out to be a folder (\u0026ldquo;sum query\u0026rdquo;) and one of it a reporting query over a set of files and folders (\u0026ldquo;folder query\u0026rdquo;). Both are running on the same table, nodes.\nSo let\u0026rsquo;s have a look at the ground truth some more.\nTables and Sizes Before we are going to dive into the single repeated slow query seen above, we want to know more about the database size and statistics.\nmysql\u0026gt; select table_name, data_length, index_length from information_schema.tables order by data_length+index_length desc limit 10; +--------------------------+--------------+--------------+ | TABLE_NAME | DATA_LENGTH | INDEX_LENGTH | +--------------------------+--------------+--------------+ | indexed_archives_entries | 119276568576 | 141969801216 | | nodes | 17985060864 | 26106396672 | | node_props | 6278447104 | 10418765824 | | md_files | 4574937088 | 9278537728 | | binaries | 4375724032 | 5129666560 | | md_ver_user_properties | 2065678336 | 1154039808 | | md_files_versions | 1363902464 | 1270267904 | | md_ver_repos | 766492672 | 1069252608 | | node_meta_infos | 1807663104 | 0 | | md_versions | 557842432 | 969637888 | +--------------------------+--------------+--------------+ 10 rows in set (0.15 sec) and that\u0026rsquo;s a total of 243 GB for the largest table, and some 41 GB for our friend, the nodes table, the second largest table in our database.\nTables of Log-nature The largest table, indexed_archives_entries, is not our problem today. But the size and the name suggest a thing that happens so often that it is worthwhile mentioning anyway:\nAlmost all transactional applications have tables that are log-natured. Their primary key has a time or counter component, or they are partitioned on time. With all load factors of the system staying the same, just by waiting, these tables will grow without bounds, because they are logs. If you do not complete the data lifecycle for these structures, they will eventually eat the box.\nThat is, such tables need to be pruned. They are a data warehouse inside your transactional system that struggles to get out. So you either ETL these records into a data warehouse in a regular export. Or you forego this entirely, put a change even onto a Kafka bus or a syslog, and let another component that is not serving user facing transactional traffic pick it up and aggregate it.\nAgain, everybody has these tables, and everybody eventually needs to come clean about them, or die from bloat. (looking at you OpenStack)\nThe nodes table The nodes table looks like this:\nshow create table nodes\\G *************************** 1. row *************************** Table: nodes Create Table: CREATE TABLE `nodes` ( `node_id` bigint NOT NULL, `node_type` tinyint NOT NULL, `repo` varchar(64) COLLATE utf8mb3_bin NOT NULL, `node_path` varchar(1024) COLLATE utf8mb3_bin NOT NULL, `node_name` varchar(255) COLLATE utf8mb3_bin NOT NULL, `depth` tinyint NOT NULL, `created` bigint NOT NULL, `created_by` varchar(64) COLLATE utf8mb3_bin DEFAULT NULL, `modified` bigint NOT NULL, `modified_by` varchar(64) COLLATE utf8mb3_bin DEFAULT NULL, `updated` bigint DEFAULT NULL, `bin_length` bigint DEFAULT NULL, `sha1_actual` char(40) COLLATE utf8mb3_bin DEFAULT NULL, `sha1_original` varchar(1024) COLLATE utf8mb3_bin DEFAULT NULL, `md5_actual` char(32) COLLATE utf8mb3_bin DEFAULT NULL, `md5_original` varchar(1024) COLLATE utf8mb3_bin DEFAULT NULL, `sha256` char(64) COLLATE utf8mb3_bin DEFAULT NULL, `repo_path_checksum` char(40) COLLATE utf8mb3_bin DEFAULT NULL, PRIMARY KEY (`node_id`), KEY `nodes_repo_path_name_idx` (`repo`,`node_path`(255),`node_name`), KEY `nodes_node_path_idx` (`node_path`(255)), KEY `nodes_node_name_idx` (`node_name`), KEY `nodes_sha1_actual_idx` (`sha1_actual`), KEY `nodes_md5_actual_idx` (`md5_actual`), KEY `nodes_sha256_idx` (`sha256`), KEY `nodes_repo_path_checksum` (`repo_path_checksum`), KEY `node_type__repo` (`node_type`,`repo`), CONSTRAINT `nodes_binaries_fk` FOREIGN KEY (`sha1_actual`) REFERENCES `binaries` (`sha1`) ON DELETE RESTRICT ON UPDATE RESTRICT ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_bin 1 row in set (0.00 sec) The table is using a bigint primary key, which is a positive surprise for me, expecting a Java UUIDv4.\nThe index used from the plan below is nodes_repo_path_name_idx, which has a prefix of repo being used. repo is a varchar(64) charset utf8mb3 worth up to 194 bytes including length counter overhead.\nThe plan:\nmysql\u0026gt; explain SELECT SUM(bin_length) FROM nodes WHERE node_type=1 and repo = \u0026#39;docker\u0026#39;\\G *************************** 1. row *************************** id: 1 select_type: SIMPLE table: nodes partitions: NULL type: ref possible_keys: nodes_repo_path_name_idx,node_type__repo key: nodes_repo_path_name_idx key_len: 194 ref: const rows: 13064296 filtered: 0.29 Extra: Using where 1 row in set, 1 warning (0.00 sec) Now, I know nothing about Artifactory at all, but this reads to me like a non-critical query for the baseline functionality of Artifactory. It also looks like something that can and should be cached somewhat.\nIt is unclear to me and the customer if that query is coming from actual Artifactory or some external monitoring added to it, but it is rather obvious that a rather large part of the load we see is coming from it.\nFor good measure, here are the table stats:\nmysql\u0026gt; select * from information_schema.tables where table_name = \u0026#34;nodes\u0026#34;\\G *************************** 1. row *************************** TABLE_CATALOG: def TABLE_SCHEMA: artdb TABLE_NAME: nodes TABLE_TYPE: BASE TABLE ENGINE: InnoDB VERSION: 10 ROW_FORMAT: Dynamic TABLE_ROWS: 26008347 AVG_ROW_LENGTH: 691 DATA_LENGTH: 17985060864 MAX_DATA_LENGTH: 0 INDEX_LENGTH: 26106396672 DATA_FREE: 7340032 AUTO_INCREMENT: NULL CREATE_TIME: 2021-09-15 00:24:08 UPDATE_TIME: 2022-08-24 10:39:40 CHECK_TIME: NULL TABLE_COLLATION: utf8mb3_bin CHECKSUM: NULL CREATE_OPTIONS: TABLE_COMMENT: 1 row in set (0.00 sec) Neither the table definition nor the plan are broken per se, and the table size is not outrageous. But we see around 26 MRows in total, and from the plan 13 MRows being considered.\nSo this looks like a data problem, not a problem with the SQL or the plan. We have bad selectivity.\nSelectivity matters (This is a data bug) Running one of the slow queries takes two minutes and a bit, 135 seconds.\nmysql\u0026gt; select sum(bin_length) from nodes where node_type=1 and repo=\u0026#39;docker\u0026#39;; +-----------------+ | sum(bin_length) | +-----------------+ | 330189712981975 | +-----------------+ 1 row in set (2 min 15.02 sec) Let\u0026rsquo;s histogram and check the prevalence of \u0026quot;docker\u0026quot; values in this table.\nmysql\u0026gt; select node_type, repo, count(*) as cnt from nodes group by node_type, repo order by cnt; ... \u0026lt;two hundred something rows of output cut\u0026gt; | 0 | auto-trashcan | 1487255 | | 1 | android-snapshots | 1698574 | | 1 | maven-booking-snapshots | 4910184 | | 1 | docker | 12155158 | +-----------+------------------------------------+----------+ 261 rows in set (17.22 sec) So the column repo has 261 different values for 26 MRows. But the distribution of values is very uneven. 240 values or so have each fewer than 100 KRows (many have fewer than 100) and the value \u0026quot;docker\u0026quot; is seen 12M times.\nData is stored in pages of 16 KB, and we get to see an average row length of slightly under 1K in the output further above. That means we see 16 or more rows per block. But 1/2 of all rows are values \u0026quot;docker\u0026quot;, so when we ask questions related to \u0026quot;repo='docker'\u0026quot;, we select 50% all rows.\nAssuming equidistribution and no clustering that means we are loading all pages of this table and have to go through them. For this value of repo the index is useless.\n\u0026ldquo;You query is fine, but your data is bad, mate.\u0026rdquo; is something nobody wants to hear. But selectivity matters:\nmysql\u0026gt; select sum(bin_length) from nodes where node_type=1 and repo=\u0026#39;nuget\u0026#39;; +-----------------+ | sum(bin_length) | +-----------------+ | 270744844 | +-----------------+ 1 row in set (0.11 sec) versus\nmysql\u0026gt; select sum(bin_length) from nodes where node_type=1 and repo=\u0026#39;docker\u0026#39;; +-----------------+ | sum(bin_length) | +-----------------+ | 330108119380433 | +-----------------+ 1 row in set (2 min 23.98 sec) Asking for repo='nuget' is solved in 0.11s, but asking for repo='docker' is taking 144 seconds.\nA better index for bad data To resolve the query\nselect sum(bin_length) from nodes where node_type=1 and repo=\u0026#39;docker\u0026#39;; using an index on repo, the database will go into the secondary index and select all rows with repo=\u0026quot;docker\u0026quot;. It needs to narrow this list down to values that are also have node_type=1, manually, because the index chosen as per EXPLAIN does not have this information.\nIt will find the primary key of each row in the index, and then go to the primary key. Here it will select all rows found, to get the value for bin_length.\nIt will then sum up these numbers to come up with the result.\nThat\u0026rsquo;s a bunch on index reads on the secondary index, and then using the cleaned up of primary key values from the index to fetch the actual data. On rotating disk, it would also involve around 13M disk seeks (at 5ms, so 200 seeks/second), so the query would run for ages (or things are cached very well in memory).\nBut we can do better, even in a bad situation such as this.\nWe could either\nALTER TABLE nodes ADD INDEX (node_type, repo, bin_length) or the equivalent\nALTER TABLE nodes ADD INDEX (repo, node_type, bin_length) Either will satisfy the (commutative) AND condition from our sum query. But we also have the folder query to consider, which is also slow:\nSELECT repo , SUM(CASE WHEN node_type = 0 THEN 1 ELSE 0 END) as folders , SUM(CASE WHEN node_type = 1 THEN 1 ELSE 0 END) as files , SUM(bin_length) FROM nodes GROUP BY repo This groups by repo and otherwise uses the same columns. As it groups by repo it can only profit from an index that has repo as the prefix.\nWe choose\nALTER TABLE nodes ADD INDEX (repo, node_type, bin_length) as an index that can serve both.\nCovering indexes (or why this is fast) Running the sum query against this index will dive into the secondary index.\nUsing the index, we select all rows matching repo and node_type. We also forced bin_length into this index, but it is not used in selection.\nBut it\u0026rsquo;s there, as well as the invisible pointer to the full row (the primary key, id). The optimizer knows that, and can use it: It uses the bin_length from the index, no need to go to the full row.\nEffectively we select a subtree from the index, incidentally also find the data we need to sum up, and serve that back. We can do this without having to go back to the primary key, critically saving abunch of seek operations (on rotating disk) and data page access (everywhere).\nThis speeds up query execution from 140-ish seconds to 4s-9s.\nSince we have a bunch of replicas for resilience, even if Artifactory cannot use them, I might as well use them for experimentation. Running the docker query on the cold (on the replica) cache takes 6m10s. After cache warmup, it takes 2m15. After the index juggling (which takes 3m6s) the query resolves in 9s.\nThat\u0026rsquo;s a 16x speedup.\n# cold box mysql\u0026gt; select sum(bin_length) from nodes where node_type=1 and repo=\u0026#39;docker\u0026#39;; +-----------------+ | sum(bin_length) | +-----------------+ | 330182660184225 | +-----------------+ 1 row in set (6 min 9.81 sec) # same query, cache now warm mysql\u0026gt; select sum(bin_length) from nodes where node_type=1 and repo=\u0026#39;docker\u0026#39;; +-----------------+ | sum(bin_length) | +-----------------+ | 330189712981975 | +-----------------+ 1 row in set (2 min 15.02 sec) # make me an index mysql\u0026gt; alter table nodes add index ( node_type, repo, bin_length); Query OK, 0 rows affected (3 min 6.64 sec) Records: 0 Duplicates: 0 Warnings: 0 # now running with covering index mysql\u0026gt; select sum(bin_length) from nodes where node_type=1 and repo=\u0026#39;docker\u0026#39;; +-----------------+ | sum(bin_length) | +-----------------+ | 330202302319881 | +-----------------+ 1 row in set (9.03 sec) This technique of using covering indexes I have learned from an Ex-MySQL colleague, Domas Mituzas , who used it excessively to make Wikipedia fast while working as a Wikimedia DBA. Thanks, Domas.\nOther observations Ohai, MDL! During our experimentation we found that an additional index can speed some critical queries. Adding the index on a production replica worked, taking 3 minutes and yielded a speedup of 16x.\nTrying to put this index into production failed: Plenty of slow sum queries pile up with \u0026ldquo;waiting on metadata lock\u0026rdquo;. Checking on the ALTER, we find it is also waiting on the metadata lock.\nI have not checked the source, but I am assuming the MDL protects the table definition. A running query takes a share lock (S-Lock) on the MDL to make sure the table does not change shape while the query is running. An ALTER takes out an exclusive lock (X-Lock) on the MDL to make sure it is alone while the shape of the table changes.\nIn MySQL, X-Locks usually have precedence over S-Locks, so asking for an X-Lock will stall all requests for S-Lock. That means starting the ALTER was responsible for all the stalled queries on nodes in \u0026ldquo;waiting for metadata lock\u0026rdquo; state.\nBut why was the ALTER itself stalled? While X-Locks have precedence over S-Locks, breaking locks that have already been granted is Not A Thing. So the ALTER has to wait for all the existing S-Locks being held on nodes to go away before it can start. The queries running are slow queries, though, running for around 2 minutes.\nSo we \u0026ldquo;just\u0026rdquo; have to wait two minutes for the ALTER to start and then another three minutes for it to complete, I presume. Unfortunately, a 5m to 7m wait piles up so many queries that we would run out of connection, and also our developers using Artifactory would hate on us.\nSo I have to terminate the ALTER and we choose another approach: Change all replicas, fail the application to a replica that is being promoted to primary, and then fix the ex-primary left behind (or simply let the automation reclone it).\nLatency matters We do this, and we find that Artifactory shows a very much changed behavior: Write levels are around 10x lower, and disk I/O \u0026ldquo;util%\u0026rdquo; drops dramatically, but also the load balancer metrics look a lot more precarious.\nWe learn that for the application team a switchover means a switchover of the database. The Artifactory application remains running in the Netherlands, but the database it talks to is now 10ms away in England. Obviously, this kind of communication latency affects application performance.\nAfter making changes, we fail back. Both Artifactory and its database are now in the Netherlands, and we get a 10x higher write rate, stable load balancer latencies and again a critically high disk saturation.\nDisk Writes, why? Well, not critically high. It turns out that \u0026ldquo;util%\u0026rdquo; is not a good metric at all, and also that dm-7 or other device mapper metrics are often fishy. Looking at completion latency statistics from sda shows we move up around 10% with plenty of headroom, so we are actually fine.\nThe question remains: Why does an application serving docker image metadata write to disk so much?\nWell, it\u0026rsquo;s writes and we archive them in binlog. So, let\u0026rsquo;s ghetto some table write stats from a row based replication binlog.\n# cd /mysql/*/logs # mysqlbinlog -vvv binlog.... | awk \u0026#39;/^### UPDATE/ { print $3 }\u0026#39; | sort | uniq -c | sort -n ... 112615 `artdb`.`nodes` 610088 `artdb`.`md_pkg_stats` 610088 `artdb`.`md_ver_stats` 2901027 `artdb`.`stats` Uh, yes.\nIf you are turning every image read into a stats write, you have a lot of writes and you don\u0026rsquo;t scale.\nMaybe don\u0026rsquo;t log to the production database monolith, but Kafka or syslog stats out, and collect them elsewhere? It\u0026rsquo;s 2022, after all\nOne more slow query The team finds one more slow query that is breaching our ad-hoc 10s barrier:\nmysql\u0026gt; SELECT nodes.node_id , nodes.node_type , nodes.repo , nodes.node_path , nodes.node_name FROM nodes WHERE nodes.node_type=1 AND nodes.repo != \u0026#39;auto-trashcan\u0026#39; AND nodes.repo != \u0026#39;jfrog-support-bundle\u0026#39; AND lower(nodes.node_name) LIKE \u0026#39;tax%\u0026#39; LIMIT 1000 We already know from other research that node_type=1 is not very selective. It indicates directories (0) and files (1). The negations are also not good at increasing selectivity and indexing on negations is\u0026hellip; fraught with problems. That leaves us with nodes.node_name.\nWhich is wrapped into a function, lower(). This function turns the values in the column into lower case for comparison with a string constant with a wildcard in a like (essentially almost a BETWEEN 'tax' AND 'tay', except that BETWEEN is inclusive and % is not).\nNow in database gnostic SQL one would drop the lower() since your default collation is _ci (case insensitive) and _ai (accent insensitive) anyway. It serves no function in MySQL.\nIn all other databases, you\u0026rsquo;d lower() in Java and write normalized data into the database.\nBut it matters not, we have functional indexes, so instead of indexing nodes.node_name we just index lower(nodes.node_name) instead. That changes nothing for MySQL at all, but the optimizer requires this data duplication in order to see the possibility.\nPercona discusses MySQL 8 Functional Indexes in their blog, and the manual has them as well, of course.\nSummary We run into a database load problem that turns out not to be a size-related or query-related problem at all, but a good case for covering indexes. Covering indexes are a powerful tool to speed up certain kind of reporting queries that otherwise accumulate a lot of run time.\nWe also get a glimpse at the data structures in Artifactory, which look a lot better than most DBAs would expect from previous encounters with Hibernate using Java products.\nStill the product can benefit a lot from a very modest investment in access modernization (split read and write handles) and segregation of transactional and reporting/log-natured data (cut out log writes, cut out log tables and complete the data lifecycle), which would help it scale to survive in a large Enterprise environment. Do not weigh down your transactional database with evergrowing log writes, and also do not turn every customer read into a write into your transactional database monolith.\n","date":"2022-08-25T00:00:00Z","href":"https://blog.koehntopp.info/2022/08/25/mysql-boiling-jfrogs.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Boiling JFrogs"},{"categories":null,"content":"The MySQL InnoDB storage engine lives off primary keys: Records are stored physically in a B+-Tree, a balanced tree where the data pages are the leaves of the primary key B-Tree.\nThat implies that the data is stored physically in primary key order – records with similar primary keys are usually physically closer together than records with larger differences in primary key value. In literature, such physically ordered indexes are often called clustered indexes.\nInnoDB depends on primary keys Secondary indexes in databases need to store the indexed data together with a row address, a pointer to the full row (in InnoDB, into the primary key).\nIf that row address was a physical address (a disk block number or a similar pointer tied to the position of the data), growing data pages and moving them around would often also make it necessary to update all secondary indexes. For example when a page is split or records move around for other reasons, the physical position of a page changes and all references to that page in SKs would also need an update.\nBy using the primary key value as a pointer to the full row, InnoDB achieves several things, good and bad:\nThe primary key is added as an (invisible) suffix to every SK. If you have a large PK, you are adding a lot of bytes to every SK. Keep PK values short. The optimizer can leverage the PK at the end of the SK. Some queries are unexpectedly \u0026ldquo;covering\u0026rdquo;: SELECT id FROM t WHERE a = 10 is using index for a table t that has an INDEX(a), because internally it is INDEX(a, id). Secondary Index lookups are taking exactly 2x as much time as a primary key lookup, because we do a lookup in the SK, and then using the PK value found, we dive into the PK. Changes to the primary key, for example inserts into the middle of the table, are localized: Page splits happen internally in the primary key, but are not exposed to any SK. So while lookups to an SK cost more, SKs need a lot fewer updates. Changes to any primary key value (UPDATE t SET id = -id WHERE id = 10) are fantastically expensive: The record is physically moved around in the PK, and all SK need changes, too. This can trigger a cascade of page splits and merges. Treat PK values as immutable, non-reusable tokens. Because InnoDB has this clustered index as the PK, it is completely dependent on the primary key being present.\nIf you define a table without a primary key, InnoDB tries to secretly promote any other index that is suitable to primary key. Since the primary key is a non-nullable unique index that happens to be named PRIMARY in InnoDB, any other non-nullable unique index would be suitable.\nIf even that is absent, InnoDB starts to make up a primary key. For that, a global counter exists.\nWhich is shared between all tables that have no primary key. This counter is protected by a mutex, and if you have insert heavy tables without a primary key, you can end up having contention of this mutex.\nApparently this is common knowledge since 2013, as documented by Jeremy Cole and by Percona , but I did not know this (that the counter is globally shared).\nReplication depends on Primary Keys Other important subsystems also depend on primary keys: For example, all modern replication absolutely requires primary keys to function.\nIn Row Based Replication, row changes are communicated to the replica as row change events. These contain at minimum the primary key of the row change (or the entire old row, if there is no primary key), and the new value of all changed columns.\nOf course, the replica must apply this. In the absence of any primary key, the row to change in the replica is found using a full table scan. And that does not scale for obvious reasons.\nWhy, do you ask, is that a problem, if InnoDB always has to have a primary key?\nBecause this autogenerated, internal, global primary key is not exposed in the binlog, and is local to an instance. The replica does not see it, and if it saw it, could not use it.\nWorse, Group Replication will simply not work without primary key at all.\nSo make primary keys mandatory Since 8.0.13 we can make an explicit primary key mandatory in MySQL. For that, we need to set sql_require_primary_key . If that is set, any table creation without a primary key present is rejected.\nmysql\u0026gt; set sql_require_primary_key = on; Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; create table rejected ( id integer, d varchar(200)); ERROR 3750 (HY000): Unable to create or change a table without a primary key, when the system variable \u0026#39;sql_require_primary_key\u0026#39; is set. Add a primary key to the table or unset this variable to avoid this message. Note that tables without a primary key can cause performance problems in row-based replication, so please consult your DBA before changing this setting. Also, fix existing PK-less tables ex post Adding a missing primary key is easy. Simple add it.\nmysql\u0026gt; alter table t add id integer not null primary key auto_increment first; ... But of course, this can break badly written SQL: Anything that does a SELECT *, or otherwise depends on column count, position or order will break. We would need a mechanism to add a primary key column that is not there.\nSince 8.0.23, we can have invisible columns . They allow us to add an auto_increment to an existing table without primary key, without breaking badly written SQL.\nmysql\u0026gt; show create table scooby\\G Table: scooby Create Table: CREATE TABLE `scooby` ( `id` int DEFAULT NULL, `d` varchar(200) DEFAULT NULL, `scooby` int NOT NULL AUTO_INCREMENT /*!80023 INVISIBLE */, PRIMARY KEY (`scooby`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) mysql\u0026gt; insert into scooby (id, d) values (1, \u0026#34;keks\u0026#34;); Query OK, 1 row affected (0.01 sec) mysql\u0026gt; select * from scooby; +------+------+ | id | d | +------+------+ | 1 | keks | +------+------+ 1 row in set (0.00 sec) mysql\u0026gt; select *, scooby from scooby; +------+------+--------+ | id | d | scooby | +------+------+--------+ | 1 | keks | 1 | +------+------+--------+ 1 row in set (0.00 sec) We define a table scooby with a hidden primary key. When we insert data int this table, this just works normally, and auto_increment supplies the primary key value automatically.\nWhen we look at the data using select *, the hidden column is not shown. When we ask for it explicitly, it is there.\nAutomating this: GIPK Beginning with 8.0.30, we get automation for this: We could Generate Invisible Primary Keys , or GIPK.\nThat is of course a fix for broken designs. You should never need this for your own schemas. Simply go back to the source and fix that instead.\nBut if you happen to run JAMF or other software that you do not control and that insists on PK-less tables, you can now have it autofixed.\nWhen you set sql_generate_invisible_primary_key , and try to create a table without a primary key, a my_row_id bigint unsigned not null auto_increment invisible primary key is added for you to the table.\nmysql\u0026gt; show variables like \u0026#39;%primary%\u0026#39;; +------------------------------------+-------+ | Variable_name | Value | +------------------------------------+-------+ | sql_generate_invisible_primary_key | OFF | | sql_require_primary_key | OFF | +------------------------------------+-------+ 2 rows in set (0.01 sec) mysql\u0026gt; set sql_generate_invisible_primary_key = on; Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; create table gipk_demo (id integer, d varchar(200)); Query OK, 0 rows affected (0.10 sec) mysql\u0026gt; show create table gipk_demo\\G Table: gipk_demo Create Table: CREATE TABLE `gipk_demo` ( `my_row_id` bigint unsigned NOT NULL AUTO_INCREMENT /*!80023 INVISIBLE */, `id` int DEFAULT NULL, `d` varchar(200) DEFAULT NULL, PRIMARY KEY (`my_row_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci Bad naming choices, but good protection The naming of that primary is bad, of course, because MySQL here takes arbitrary names out of a public namespace.\nIt would be much better if MySQL reserved the prefix __ (underbar underbar) in all namespaces for itself, and for example generated __id here.\nWe can try if they are smart about this, though:\nmysql\u0026gt; set sql_generate_invisible_primary_key = on; Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; create table breakit ( -\u0026gt; id integer, -\u0026gt; d varchar(200), -\u0026gt; my_row_id varchar(200) -\u0026gt; ); ERROR 4108 (HY000): Failed to generate invisible primary key. Column \u0026#39;my_row_id\u0026#39; already exists. Nicely done. Next level:\nmysql\u0026gt; set sql_generate_invisible_primary_key = off; Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; create table breakit ( -\u0026gt; id integer primary key, -\u0026gt; d varchar(200) -\u0026gt; ); Query OK, 0 rows affected (0.12 sec) mysql\u0026gt; alter table breakit add column my_row_id varchar(200); Query OK, 0 rows affected (0.05 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql\u0026gt; set sql_generate_invisible_primary_key = on; Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; alter table breakit drop column id; ERROR 1235 (42000): This version of MySQL doesn\u0026#39;t yet support \u0026#39;existing primary key drop without adding a new primary key. In @@sql_generate_invisible_primary_key=ON mode table should have a primary key. Please add a new primary key to be able to drop existing primary key.\u0026#39; So that needs to be a\nmysql\u0026gt; alter table breakit -\u0026gt; drop column id, -\u0026gt; add column keks int not null primary key; to succeed.\nHiding the hidden columns even more While invisible columns are invisible in select *, then are shown in show create table and also in I_S.\nThe self-documentingly named variable show_gipk_in_create_table_and_information_schema controls this.\nWhen set to off, invisible columns are also no longer shown there. That should be even less necessary, and only very broken ORMs should need this.\nGood primary keys You should never need any of this. You should define an explicit primary key for all your tables. If they are missing and you control application source and schema, you can fix this at the source instead of using this kludge. Go back and fix things properly instead.\nEvery Table in MySQL Always Must Have a Primary Key When you are creating or altering a table in MySQL, make sure you have a primary key defined. We also advise you to never change a primary key value once it is set, and to never re-use a primary key value once a record is deleted. We advise you to keep the primary key short, below 16 or 32 bytes in size.\nSee the SQL Engineering Guide for a discussion of this topic.\nA good primary key is short, less than 32 bytes. A good primary key is immutable and never re-used. A good primary key is an auto_increment value, or a UUIDv1 that is stored in a BINARY(16) that is being accessed with UUID_TO_BIN(...,1) (the swap flag is set to true). A Java generated UUIDv4 is a random number and has horrible performance properties for InnoDB. The topic of UUID is covered at length in MySQL and UUIDs and in ALTER TABLE for UUID . auto_increment is not slow. MySQL keeps an auto_increment counter per table, and assigns values to each thread that inserts data in batches to limit contention on the counter. This is automatic and highly efficient. That has the side-effect that there may be gaps in the auto_increment sequence, and values are not always assigned in a strict temporal order. The manual has a discussion of this. TL;DR MySQL 8.0.30 adds GIPK, generated invisible primary keys. They should only ever be needed if you have external software running where you cannot control and fix the schema, but they would allow you to run such software with RBR or GR without cooperation from the vendor.\nGIPK is correctly implemented with respect to name clashes and dropping required primary keys. The column naming choice has the potential to clash with existing names and sits right there in the public namespace, which is a bit jarring.\nThis is a feature that is never needed unless you absolutely need it to get something broken running in a modern MySQL environment.\n","date":"2022-08-23T00:00:00Z","href":"https://blog.koehntopp.info/2022/08/23/mysql-gipk.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: GIPK (InnoDB and Primary Keys)"},{"categories":null,"content":"Question on the Libera/#mysql IRC channel:\nIs there a way to split a simple select into multiple returned rows? For example, select 1, 2, 3 to be returned as rows?\nThis is actually asking for a table literal notation. I know of four ways to construct a table literal in MySQL:\nUNION ALL The oldest way to construct a table literal in any SQL that supports UNION is the UNION ALL construct. Write SELECT statements to return literal rows, and add them together to a table using UNION ALL:\nmysql\u0026gt; select i from ( -\u0026gt; select 1 as i union all -\u0026gt; select 2 as i union all -\u0026gt; select 3 as i -\u0026gt; ) as t; +---+ | i | +---+ | 1 | | 2 | | 3 | +---+ 3 rows in set (0.00 sec) This has always worked, even on the oldest versions of MySQL.\nJSON_TABLE() There is actually a function to turn a JSON expression into a result table, JSON_TABLE(). It is documented here . The function exprects a JSON expression (or simply a literal JSON array in our case), and a JSON path expression with instructions on how to type and name the extracted values.\nmysql\u0026gt; select * from json_table( \u0026#39;[{\u0026#34;i\u0026#34;: 1}, {\u0026#34;i\u0026#34;:2}, {\u0026#34;i\u0026#34;: 3} ]\u0026#39;, -\u0026gt; \u0026#34;$[*]\u0026#34; columns(i int path \u0026#34;$.i\u0026#34;) -\u0026gt; ) as t; +------+ | i | +------+ | 1 | | 2 | | 3 | +------+ 3 rows in set (0.00 sec) VALUES statement and ROW() function MySQL introduces the VALUES statement and the ROW() function. VALUES is a statement that returns a table constructed from literal values described with ROW() functions. So in order to get the table for further processing, we need a subselect.\nmysql\u0026gt; select * from ( -\u0026gt; values row(1), row(2), row(3) -\u0026gt; ) as t; +----------+ | column_0 | +----------+ | 1 | | 2 | | 3 | +----------+ 3 rows in set (0.00 sec) WITH and VALUES We can do the same, but use a Common Table Expression instead of a subselect:\nmysql\u0026gt; with t (i) as ( values row(1), row(2), row(3) ) -\u0026gt; select * from t; +---+ | i | +---+ | 1 | | 2 | | 3 | +---+ 3 rows in set (0.00 sec) ","date":"2022-08-22T00:00:00Z","href":"https://blog.koehntopp.info/2022/08/22/mysql-row-literals.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Row Literals"},{"categories":null,"content":"Two good news in one day. First, my energy provider tells me:\nLevert u meer terug dan u van het net afneemt, dan betalen we u vanaf die datum 16.8 eurocent per kWh. De oude vergoeding was 7 eurocent per kWh.\n\u0026ldquo;If you push energy into the grid, we now pay you 16.8 Eurocent per kWh. The old payment was 7.0 Eurocent per kWh.\u0026rdquo;\nThe other good news is that it is very likely that the existing \u0026ldquo;Salderingsregeling\u0026rdquo; may be continued until 2025. At least that seems to be the plan, says milieu centraal .\nThe \u0026ldquo;Salderingsregeling\u0026rdquo; says that for power that I feed back into the grid I can draw back without cost. You can imagine that as using the grid as a battery with infinite capacity, or as the counter going backwards. There are a few limits and regulations, but more on that below.\nThe original plan was to end the Salderingsregeling at the End of \u0026lsquo;22. This was then extended to the End of \u0026lsquo;23, and it seems that it is now being discussed to extend it to the End of \u0026lsquo;24.\nSo when I am consuming 5000 kWh from the grid and push 2000 kWh into the grid, I will have to pay only 3000 kWh. It does not matter that I actually withdrew 4000 kWh from the grid, because some consumption was at night, or because I overshot the production of my panels at a certain point in time. Only the net Saldo matters, the difference between production and consumption over the year.\nThis also works the other way around: If I am producing 5000 kWh and consume only 2000 kWh from the grid, my Saldo will be 3000 kWh in my favor. For that I am supposed to get a \u0026ldquo;reasonable compensation\u0026rdquo;, says the law. At the same time the goverment made noises that basically said that \u0026ldquo;80% of the purchase price seem to be reasonable\u0026rdquo;. Apparently this prompts my energy provider to make the above change, offering 75% of the purchase price to preempt regulation. You know what, I am actually somewhat okay with that.\nNow the entire specific regulation seems to be not fixed, yet, and the actual handling and pricing is still subject to change. We will see how this will actually play out, but right now the change has been entirely pro consumer.\nIt is also clear that we will not keep the Salderingsregeling ad infinitum. The original plan was to gradually switch it from 100% Saldering to 9% less each year. That still seems to be the case, so we expect to see this table to be implemented:\nYear %Saldering 2022 100% 2023 100% 2024 100% 2025 64% 2026 64% 2027 55% 2028 46% 2029 37% 2030 28% 2031+ 0% Instead of a gradual decline we see a big initial jump from 100% to 64%. That\u0026rsquo;s because the original plan was to decrease by 9% starting 2022, and while the end deadline was kept, the initial full Saldering was kept alive for several years.\nAt the same time the government says it expects a reasonable compensation for the other power that is no longer part of the Salderingsregeling, and that\u0026rsquo;s the above 80% (or now 75% number).\nIt is a bit unclear how that now will work out: Will there be two kinds of tariff for power pushed to the grid that is part of the Saldering, and a second tariff for the other power that is not part of the Saldering, or one tariff for everything.\nWe will see how that works out soon.\n","date":"2022-08-15T00:00:00Z","href":"https://blog.koehntopp.info/2022/08/15/good-energy-news.html","tags":["lang_en","netherlands","energy","climate"],"title":"Good Energy News"},{"categories":null,"content":"When running Keynote, MacOS prevents the screen blanker from kicking in. I needed a similar thing in one of my Python applications, so I needed to find out how it does that.\nIt turns out, there is an API for that: beginActivity:withOptions: , which returns an Object token activity. Calling endActivity with that Token ends the activity, and resumes the screen blanker countdown.\nThere is a list of activity options, NSActivityOptions . We are interested into NSActivityIdleDisplaySleepDisabled and NSActivityUserInteractive, mostly.\nInterfacing with Objective-C in Python is possible through ctypes, but that is work. Work, it turns out, that has already been done in appnope , specifically in _nope.py .\nIntegrating that into my PyQt application is trivial.\n","date":"2022-07-30T00:00:00Z","href":"https://blog.koehntopp.info/2022/07/30/macos-how-to-prevent-screen-blanker.html","tags":["lang_en","apple","macos","python"],"title":"MacOS: How to prevent screen blanker"},{"categories":null,"content":"Der Wikipedia-Artikel zum Thema Energieverbrauch ist wirklich interessant.\nSchaut man sich zum Beispiel diese Grafik (oder die Tabelle, auf der sie basiert) an, dann sieht man:\nPrimärenergieverbrauch Deutschland 1990 bis jetzt\nWie man sieht, ist der Primärenergieverbrauch von Deutschland seit 1990 fast konstant geblieben. Wikipedia schreibt im Detail: \u0026ldquo;Zwischen 1990 und 2011 nahm das reale Bruttoinlandprodukt um 34 % zu, der Energieverbrauch nahm jedoch um 9 % ab.\u0026rdquo; Rechnet man um, sind es bummelig 14000 Petajoule, was circa 4000 TWh entspricht.\nPrivate Haushalte nutzen laut Umweltbundesamt circa 650 TWh, und davon sind etwa 450 TWh Heizenergie.\nIm Grunde genommen ergeben sich daraus sofort die folgenden Ideen:\nDächer voll machen: 10 KWp Limit weg. Anmeldung und Steuer vereinfachen, und Eigenverbrauch nicht besteuern. Solarinstallation fördern (statt 9000 Euro bei E-Autos dann lieber hier). Akkus als Ausgleich fördern: Hausakku fördern (s.o. Solaranlage) Rückspeisefähigkeit bei E-Autos und deren Ladepunkten vorschreiben. Wärmepumpen fördern und vorschreiben. Selbst, wenn man bei den Wärmepumpen nur einen Workfaktor von 3 annnimmt, bekommt man die 450 TWh zum Heizen gedrittelt, also einen Strom-Mehrverbrauch von maximal 150 TWh und eine Einsparung von 300 TWh (zum Vergleich: Atomkraft liefert derzeit noch ca. 230 TWh).\nUnd: 15 kWh Hausakku entsprechen auch bei sehr großen Häusern 1-2 Tagen Autonomie.\nDas ist wunderbar, denn Solar und Wind sind in Deutschland jahreszeitlich in etwa konstant.\nDie Summe aus Solar und Wind ist in etwa konstant.\nLokale Energiespeicher dienen also in erster Linie dazu, die passende Glättung zu erzeugen.\n","date":"2022-07-03T00:00:00Z","href":"https://blog.koehntopp.info/2022/07/03/energieverbrauch-in-deutschland.html","tags":["lang_de","energy","climate","germany"],"title":"Energieverbrauch in Deutschland"},{"categories":null,"content":"Another Friday, another replication hierarchy lost.\nThe error from June, July edition? The errors reported look awfully familiar: Binlog position is supposedly 4, and the error message has text about \u0026ldquo;max_allowed_packet\u0026rdquo;. Could it be another instance of this bug from early last month?\nIndeed, one symptom was \u0026ldquo;a large binlog, larger than max_binlog_size\u0026rdquo;. We check.\n-rw-r----- 1 mysql mysql 1073794077 Jul 1 06:39 binlog.000914 -rw-r----- 1 mysql mysql 1073869075 Jul 1 07:09 binlog.000915 -rw-r----- 1 mysql mysql 1073741881 Jul 1 09:28 binlog.000916 -rw-r----- 1 mysql mysql 2038358667 Jul 1 11:21 binlog.000917 Log ends at 11:21, at twice the expected size. Meh.\nTo the flight recorder Let\u0026rsquo;s check the flight recorder , again:\n# cd /var/log/mysql_pl/Fri # for i in 1[012]_??.innodb.xz; do \u0026gt; echo $i; \u0026gt; xz -dc $i | \u0026gt; perl -ne \u0026#39;/(undo log entries) ([0-9]+)/ \u0026amp;\u0026amp; $2 \u0026gt; 1000 \u0026amp;\u0026amp; print \u0026#34;$2\\n\u0026#34;;\u0026#39; ; \u0026gt; done| \u0026gt; less ... 11_20.innodb.xz 2895 11_21.innodb.xz 2895 11_22.innodb.xz 11_23.innodb.xz DBA, meet DBA So what is it this time?\n# xz -dc 11_21.innodb.xz| less 623 lock struct(s), heap size 73848, 3548 row lock(s), undo log entries 2895 MySQL thread id 186615979, OS thread handle 140545428498176, query id 2978139105 localhost root Waiting for semi-sync ACK INSERT LOW_PRIORITY IGNORE INTO `schema`.`_table_new` (`id`, ...`) SELECT `id`, ... FROM `schema`.`table` LOCK IN SHARE MODE /*pt-online-schema-change 63828 copy table*/ This is an INSERT ... SELECT ..., generated from Percona Online Schema Change. The transaction has some 2895 rows open, so in order for this to be a problem the average row length must be very large.\nLet\u0026rsquo;s check:\nroot@instance-1009 [schema]\u0026gt; show table status like \u0026#39;table\u0026#39;\\G *************************** 1. row *************************** Name: table Engine: InnoDB Version: 10 Row_format: Dynamic Rows: 2437 Avg_row_length: 3350975 \u0026lt;-- average! Data_length: 8166326272 \u0026lt;-- 8-ish GB used Max_data_length: 0 Index_length: 3194880 \u0026lt;-- almost no secondary index Data_free: 57958989824 \u0026lt;- also spiky usage, 53 GB free space Auto_increment: 546211 Create_time: 2020-12-08 02:25:41 Update_time: 2022-07-01 10:11:12 Check_time: NULL Collation: latin1_swedish_ci Checksum: NULL Create_options: row_format=DYNAMIC Comment: 1 row in set (0.00 sec) Ok, so we have 3.3 MB row size, on the average (peak blob size is 6.7 MB or so). Checking the schema shows us two MEDIUMTEXT columns.\nAnalysis The mitigation from last month had not been implemented, yet. It has now been escalated.\nThe event triggering the outage was a transaction larger than 1 GB, as before, in the face of binlog compression. The program triggering the large transaction was a DBA maintenance job running Percona Online Schema Change.\nPercona Online Schema Change has no logic to prevent large transactions from occuring. It should maybe check average row size, or check largest row size in the table, and cut smaller pieces so that the INSERT ... SELECT it generates always stays below 1G.\nOr it should accept that the INSERT ... SELECT may fail, if max_binlog_cache_size has been set, and retry with smaller steps then. The second idea would be better, I believe.\nAgain, the flight recorder has been invaluable in nailing down the root cause.\n","date":"2022-07-01T00:00:00Z","href":"https://blog.koehntopp.info/2022/07/01/i-have-met-the-enemy-and-they-are-us.html","tags":["database","mysql","lang_en"],"title":"I have met the enemy, and they are us"},{"categories":null,"content":"We got our solar roof around 1st of April. I am describing our setup here . Today we got the bill for Summer 2021 to Summer 2022.\nWhat I measured I installed a P1 interface on my electricity counter late in April, so my data does not cover all of the lifetime of the Solar Roof. Starting the graph at 01-Apr-2022, I get this:\nAt this resolution, not very helpful.\nWhat is visible is the fact that we do not have a battery, and therefore each day we produce energy, but also consume energy from the grid. What is not visible is the relation.\nLooking at the absolute counter values is more helpful. The total production is on the right hand side, the consumption on the left hand side, and the important number is the Range value below the graph.\nWe produced 1.66 MWh during the range between 01-Apr and now. We consumed 279 kWh in that interval. That leaves us with slightly under 1.5 MWh pushed to the grid.\nHeating consumed around 10 m^3 in one evening, otherwise we use gas for warm water. Not a lot.\nWe consumed 28.7 m^3 (around 287 kWh) of gas since the begin of metering. This includes one day of runaway heating worth around 10 m^w, and the rest is warm water. Warm water is not the cost driver, heating with gas is.\nBut let\u0026rsquo;s look at the financials: We get back 561 Euro, because we paid 2297 Euro in 12 monthly installments, and used 1735 Euro worth of power and gas. Mostly gas, but more on that further down.\nOur monthly installment two years ago was 192 Euro, last year 202 Euro, and this year it will be 213 Euro. Of these 213 Euro, 199 Euro will be for gas.\nSo already, without knowing details, we have our mission.\nGet off Gas, now! This is our electricity intake for the last 5 years:\nDown to 2.052 MW/a from 4.850 MW/a.\nActive since April 2022, the solar array has fed back sufficient electricity to compensate for more than half our consumption. Do I believe in overprovisioning? Well, yes, kind of. The array has been built with future use-cases in mind.\nIn any case, in the last 12 months we used 3881 kWh, and pushed 1834 kWh back to the grid for the set consumption you see in the bill.\nDown to 1251 m^3 of gas.\nOut gas consumption also fell, but that is mostly due to a mild winter and not heating much.\nDoing the math We are paying around 22 ct per kWh of electricity, and while there is a bit of fixed cost, it hardly matters – 22.5 ct per kWh all in.\nGas costs around 108 ct per m^3, which is an energy equivalent of 10-12 kWh warmth depending on the type of gas. Fixed cost here is substantial, and we end up at 132 ct per m^3 overall cost (1349.88 Euro for 1251 m^3, and 274.58 Euro of fixed cost).\nHeating Electricity Heat Pump Gas Heat generated 10 kWh 10 kWh 10 kWh Energy used 10 kWh 2-3 kWh 1^3 Cost per unit 0.225 Euro 0.225 Euro 1.32 Euro Total cost 2.25 Euro 0.5-0.75 Euro 1.32 Euro So to create 10 kWh of warmth from a heat pump, you have to expend 2-3 kWh of electricity, coming in at 50 ct to 75 ct per m^3 gas-equivalent of heating. That would be around 1.75 to 2.5 times cheaper than heating with gas.\nA heat exchanger can be a air-water-air system, so a heat exchanger that uses energy from outside air to heat water that is fed into the existing heating. This will work to around -10 C to -20 C outside temperatur, but for temperatures below zero, it will become successively inefficient.\nIf your area permits it, you can take energy not from outside air, but from the water or earth below the house. This is virtually always frost-free and hence relatively efficient. So if you have a houseboat or are allowed to install an earth circuit, this can be a completely painless solution.\nExisting radiators driven by heat exchangers almost always need adjustment or exchange, because the water-in temperature of the system is substantially lower than a preexisting gas burner. So somebody with actual clue will have to do the math and adjustment during installation, and some people will have to either change radiators, or install active venting (fans, basically) that push air through the radiators as a leisurely pace.\nIf you need air condition anyway, because for example there is a roof room that needs active cooling in summer, you can make sure that you get an airco unit that can operate in reverse mode. Most of the units that support it are as efficient as heat exchangers, and heat air directly. Here the work factor is comparable to normal heat exchangers.\nEither system will get you off gas, or (with the airco) work in parallel to an existing gas or oil heating – which is nice in case you do not trust the new system and need backup.\n","date":"2022-06-28T00:00:00Z","href":"https://blog.koehntopp.info/2022/06/28/the-new-energy-bill.html","tags":["lang_en","netherlands","energy","climate"],"title":"The new energy bill"},{"categories":null,"content":"I am on a Mac or on a Windows machine, and always I have to develop for a Linux target. On Windows, this is easy, because most Jetbrains environment already support working inside WSL2, so simply choosing this is a no-brainer.\nOn MacOS, I can create a \u0026ldquo;Docker Container\u0026rdquo; do develop in, but it is kind of a joke. That is, because MacOS cannot run Linux cgroups and namespaces natively, so you actually get a lightweight VM with Linux running, and then a container inside that. You might as well run Linux in VMware and start the Jetbrains thing inside that. It will hurt probably less than trying to edit inside a docker filesystem.\nAnd sometimes you do not just need a Linux box, but an actual development environment that runs on one specific server that you have ssh access to. Remote editing is \u0026ldquo;easy\u0026rdquo; in vscode, but there is no \u0026ldquo;my file tree is on that machine\u0026rdquo; mode in Jetbrains stuff.\nOr is there?\nEnter the Gateway Turns out, there is something better. The Jetbrains Gateways runs their editor, headless, on the remote machine, and that editor edits. The client is the GUI, and that runs natively on your development machine, using the native GUI and key bindings. GUI and remote editor communicate, the same way \u0026ldquo;Code with me\u0026rdquo; communicates.\nSo\nInstall \u0026ldquo;Jetbrains Gateway\u0026rdquo; Set up ssh connectivity in it. Start a new project, watch it download and install the development environment remotely. Enter the project and edit away. Yup, it\u0026rsquo;s beta.\nDoes it even work? Well, yes. I can hit the \u0026ldquo;Terminal\u0026rdquo; tab, and get an actual shell on the remote box. I can run and build stuff as if I would be running the GUI locally on the remote box. The native binaries are what I have on the remote box.\nWell, no. It\u0026rsquo;s beta. Sometimes it gets stuck, and sometimes the keys are \u0026ldquo;glue-ey\u0026rdquo;, that is, latency can be felt.\nUsually it helps to disconnect or kill the local client and then reconnect to the remote session. Sometimes that needs to be done more than once.\nWell, yes. Facinatingly, the remote session stays if you kill the local client, and on reconnect will be still there, blinking cursor and everything, just where you left it.\nAll in all, I think this is going to change the way it work. At least when the remaining problems are fixed.\nConnecting to the Blog.\nApparently there is a blog article from December 2021 which describes how it works in more detail. With the upcoming \u0026ldquo;Fleet\u0026rdquo;, it seems that they will be going all-in on the split between IDE backend and frontend.\nDisclaimer: I am a paying customer of Jetbrains, and have the private user all-in subscription, paid for myself.\n","date":"2022-06-27T00:00:00Z","href":"https://blog.koehntopp.info/2022/06/27/jetbrains-remote-development.html","tags":["lang_en","development"],"title":"Jetbrains Remote Development"},{"categories":null,"content":"MySQL 8.0.29 adds ALGORITHM=INSTANT as a way to run ALTER TABLE commands with less wait. The documentation can be found in Online DDL Operators and instant column operations can be found here .\nExample Syntax looks like this:\nmysql\u0026gt; use kris; mysql\u0026gt; create table t (id serial, d varchar(20)); Query OK, 0 rows affected (0.12 sec) mysql\u0026gt; alter table t add column i integer not null, algorithm=instant; Query OK, 0 rows affected (0.07 sec) Records: 0 Duplicates: 0 Warnings: 0 Limited TOTAL_ROW_VERSIONS The manual explains a new concept:\nA new row version is created after each ALTER TABLE ... ALGORITHM=INSTANT operation that adds one or more columns, drops one or more columns, or adds and drops one or more columns in the same operation. The INFORMATION_SCHEMA.INNODB_TABLES.TOTAL_ROW_VERSIONS column tracks the number of row versions for a table. The value is incremented each time a column is instantly added or dropped. The initial value is 0.\nmysql\u0026gt; select name, total_row_versions -\u0026gt; from information_schema.innodb_tables -\u0026gt; where name like \u0026#34;kris/%\u0026#34;; --------+--------------------+ | NAME | TOTAL_ROW_VERSIONS | +--------+--------------------+ | kris/t | 0 | +--------+--------------------+ So there is a concept called TOTAL_ROW_VERSIONS. This is a version counter for instant alter table, and it is incremented each time a change to a table\u0026rsquo;s schema is being made.\nThe manual continues with a warning: The TRV counter has a limit of 64. Commands are rejected when the counter is reaching the limit.\nWhen a table with instantly added or dropped columns is rebuilt by table-rebuilding ALTER TABLE or OPTIMIZE TABLE operation, the TOTAL_ROW_VERSIONS value is reset to 0. The maximum number of row versions permitted is 64, as each row version requires additional space for table metadata. When the row version limit is reached, ADD COLUMN and DROP COLUMN operations using ALGORITHM=INSTANT are rejected with an error message that recommends rebuilding the table using the COPY or INPLACE algorithm.\nERROR 4080 (HY000): Maximum row versions reached for table test/t1. No more columns can be added or dropped instantly. Please use COPY/INPLACE.\nThe obvious breakage So a command is rejected, when TRV reaches 64. Also, MySQL uses replication a lot. In fact, I am of the persuasion that any MySQL installation that does not have at least one replica is broken.\nSo can we use this to break replication?\nThe manual suggests that OPTIMIZE TABLE can be used to reset the counter. The manual knows the following things about OPTIMIZE :\nThere is a syntax OPTIMIZE LOCAL TABLE. »By default, the server writes OPTIMIZE TABLE statements to the binary log so that they replicate to replicas. To suppress logging, specify the optional NO_WRITE_TO_BINLOG keyword or its alias LOCAL.« This is not privileged: »This statement requires SELECT and INSERT privileges for the table.« We now do this: With dbdeployer we dbdeployer deploy replication 8.0.29.\nOn the primary: ./m -u root\ncreate user kris@\u0026#34;%\u0026#34; identified by \u0026#34;secret\u0026#34;; grant all on kris.* to kris@\u0026#34;%\u0026#34;; create database kris; create table kris.t (id serial, d varchar(20)); Continue as kris on the primary: ./m -u kris -psecret kris\nalter table t add column i integer, algorithm=instant; select name, total_row_versions from information_schema.innodb_tables where name like \u0026#34;kris/%\u0026#34;; alter table t drop column i, algorithm=instant; select name, total_row_versions from information_schema.innodb_tables where name like \u0026#34;kris/%\u0026#34;; Now inject the OPTIMIZE LOCAL TABLE command to plant the bomb. This can be done by the kris user, or any other user having INSERT and SELECT privilege. It is not necessary to have ALTER privilege, as long as you know that somebody else is doing instant alter table commands on the table.\noptimize local table t; Finally, continue to add and drop the column t.i as before. Check the TRV value on the primary and a replica. Note how the TRV value on the primary is lower than on the replica.\nWhen the TRV value reaches 64 on the replica, replication will stop with error 4080. The replica is unable to execute the alter table command, while the primary was able to run it.\n","date":"2022-06-20T00:00:00Z","href":"https://blog.koehntopp.info/2022/06/20/mysql-breaking-replication-with-algorithm-instant.html","tags":["database","mysql","lang_en"],"title":"Breaking replication with ALGORITHM = INSTANT"},{"categories":null,"content":"After getting a solar roof we have been looking at electric mobility solutions. But existing electrical cars seemed pretty much oversized. We do not really need a 4-seater with 650km range and two tons of total empty weight. Katja Diehl coined the german tongue-in-cheek term \u0026ldquo;Maximaleventualbedarfsauto\u0026rdquo; for it, the car that meets biggest use-case you could possibly reasonably have.\nLooking around, we test drove a Carver.Earth , which was the right size, but limited to 45 km/h (and bike pathes in some areas). Then Carver started to offer the \u0026ldquo;Carver S+\u0026rdquo;.\nThe vehicle can be driven with an A-license or a B-license from before 2013. It has 2 seats placed one after the other, and the back seat is rather basic. It goes 80 km/h on a 7.1kWh LFP battery, which is good for circa 100 km, if you do not go 80 all of the time. It carves, which means that it leans into curves in a rather awesome way (less awesome if you set \u0026ldquo;comfort\u0026rdquo; mode, which I strongly recommend). It has no steering or brake assist, which means you get to work a bit. But at 330kg total system weight, empty, it is pretty manageable.\nThe car charges with a regular household plug, but a type 2 adapter is available. It will still not fast charge.\nCompletely filling it up to 7.1 kWh from 10% charge took 4h and the house consumed 7.1kWh during that time (but we have base load and made a coffee).\nSo all in all a pretty good match, and exactly what we expected. Radically less car, so exactly the right amount of car.\n","date":"2022-06-08T00:00:00Z","href":"https://blog.koehntopp.info/2022/06/08/carver-s.html","tags":["lang_en","mobility"],"title":"Carver S+"},{"categories":null,"content":"I have been asked what kind of bike I ride and how to choose one.\nGazelle Grenoble 2017, with vaude Aquaback plus.\nI am over 50 years old, over 200cm tall and weigh more than 120 kilo before I dresss. Back when we still had an office, that was a 22km trip, each direction.\nI need an upright sitting position, a soft and comfortable seat. I need to be able to carry luggage, and a return-home guarantee. I need to be able to get useful service on the bike, because at my age I prefer to use money instead of time to keep the bike running.\nI did try the Cruiser HS by R+M, and that was a completely nifty bike. But it does use an insurance plate and a helmet, and I wanted something that could be ridden casually. And without the HS (which causes the inconvenience) the price for R+M was no longer justifyable. So I looked around at other solutions, and this was a good match.\nMy wife now has the 2020 model of the same type, with a step-through frame. That bike also has fixed lighting, so it can no longer lose adjustment, a better motor, a larger battery and a stepless gearbox.\nThe step-though frame has a different geometry than the one I use, and it would have it even at the same frame height: It is built for people with longer legs and shorter torso, so even adjusted correctly it feels wrong when I sit on it.\nI also like my (older) battery system. The battery is easily removable, which is important if you want to keep it warm in weather with temperatures below 3C - batteries age faster and permanently lose capacity if you freeze them. It is also handy, if you want to charge it, and there is no outside charger in the bike parking lot. When removed, the battery system in my bike keeps the contacts protected and dry.\nIn the newer bikes, the battery is integrated part of the frame, and in Gazelle\u0026rsquo;s case goes out up. This leaves the frame upen and rain can enter. Gazelle is not stupid, the contacts are at the top and somewhat protected, but you still have water inside the frame.\nFrame geometry matters. A bike frame needs to be fitted to your body, and then adjusted properly. Do not buy a bike from a catalog, nor without a test drive of at least an hour. There is no such thing as an average human , and because of that we have learned to build things adjustable. So get them fitted, properly adjusted and then try them out properly and listen to your body. This is not just about bikes, also keyboards, monitors and everything else that is close to the body need to be handled alike.\nThe Gazelle is made from standard parts, Bosch Motor, Magura brakes, Shimano gearbox, and so on. That makes replacement, adjustment and service easy: Any bike shop has these, and will be able to service them properly.\nAlso, the bike is entirely unconnected \u0026ndash; it will work with the cellphone at home, stolen or empty and still take you home.\nI mention this, because I am living in Hipster Ground Zero, and a lot of people look at VanMoof:\nAwesome design, seriously bad ergonomic choices and a lot of quality issues.\nThis is a company that has a turnover of 100M, and operates at a spectacular loss. They are making a bike from first principle and custom parts. Standard parts will not fit, and only their service center can fix these bikes. They also have quality issues for their self-made parts.\nApple can pull this deep supply chain stunt off, but they are of course a 100B company with a lot of manufacturing expertise, and frankly an entirely different pricing model.\nVanMoof also comes in a one-size-fits-nobody frame which seriously limits how it can be adjusted. The handlebar, too, can only be adjusted within close limits, and needs special tools to do so. The light is part of the frame, and permanently maladjusted: it produces glare instead of lighting the path.\nTheir bikes have a hub motor in the wrong wheel (the front wheel, which you use for steering), with no torque sensor. So driving is janky at best, outright dangerous in critical conditions.\nThe battery is not removable and will freeze to death, unless you can take it into a shed, cellar or your appartment. Which is also necessary to charge it.\nBut yes, it looks cool. Basically, this is a cinetic sculpture and not actually a vehicle.\n","date":"2022-06-08T00:00:00Z","href":"https://blog.koehntopp.info/2022/06/08/how-to-buy-an-ebike.html","tags":["lang_en","mobility","bike"],"title":"How to buy an e-Bike"},{"categories":null,"content":"(Twitter thread , reproduction in english, and update)\nOn Friday, 2022-06-03, 14:42, we lost a replication hierarchy, on the primary, all replicas down. At 16:30 the escalation hits my desk, because this one is special.\nReplication stops, and wants more max_allowed_packet There is a sequence of binlogs, each 1 GB in size, as configured, except for the broken one, which is 3 GB. Replication stops with\nGot fatal error 1236 from master when reading data from binary log: \u0026#39;log event entry exceeded max_allowed_packet; Increase max_allowed_packet on master; the first event \u0026#39;\u0026#39; at 4, the last event read from \u0026#39;../log/binlog.002558\u0026#39; at 19959785, the last byte read from \u0026#39;../log/binlog.002558\u0026#39; at 19959804 Trying to run mysqldump -vvv ... on the broken binlog fails and produces no output useful for diagnostics.\nUsing the flight recorder We do know the statement failed at 14:42 and we run a copy of MySQL Flight Recorder on every box, even this one.\nAmong the many things the flight recorder records is the processlist and also the output of SHOW ENGINE INNODB STATUS. Indeed we find a long running transaction. At 14:41, we see Compressing transaction changes.\n---TRANSACTION 6702541326, ACTIVE (PREPARED) 7419 sec mysql tables in use 2, locked 2 2185611 lock struct(s), heap size 232317048, 73307452 row lock(s), undo log entries 70077831 MySQL thread id 1532688506, OS thread handle 139765193623296, query id 22431944402 SOME_SERVERNAME 10.10.10.10 SOE_USERNAME Compressing transaction changes. INSERT IGNORE INTO target_table SELECT * FROM source_table And at 14:42 the same thing is visible with waiting for handler commit. Then replication died.\nWhat happened So this machine is running with compressed binlogs enabled. It was processing a large INSERT INTO t SELECT * FROM s statement to copy rows. We see 70 077 831 (70M) Undo Log entries. The transaction compressed data, then commits, then the replication stops on all replicas, in an unrecoverable way. At least the primary is still happy, if unaware of the problem. The binlog file is 2GB larger than it should be.\nThe immediate theory: Somebody wrote a small statement that produces a very large transaction. Binlog compression works with compression on a per-event basis, and we do get a very large row change event. But the zstd compression in MySQL cannot handle events this large. The size of the binlog suggests a signed 4 byte integer overflow.\nBeing unable to see the binlog, and getting some garbage error message make this very hard to debug. Our solution is to reclone the entire hierarchy (which is nasty, because it is a set of machines \u0026gt;10TB each).\nLater investigation confirms that there is a binlog compression transaction size limit, but it is apparently even 1 GB, not 2 GB. This is not too bad a restriction. You probably do not want transactions that large anyway: They would break group replication, they would take ages to roll back, and they would create a lot of other problems as well.\nProblems and Solutions So we learn:\nAvoid large transactions. 1000 to 10.000 rows are probably something you should aim for. Configure max_binlog_cache_size to under 1 GB. The server will then reject the large transaction instead of committing it to the binlog. This will prevent breaking the replication hierarchy. Maybe similar or a small multiple of max_allowed_packet? The default is wrong: 18446744073709547520, and the manual itself recommends 4 GB, but the product does not set the default to this. Given that binlog compression can\u0026rsquo;t do more than 1 GB, that should probably the default. MySQL should come with sensible defaults. mysqlbinlog -vvv ... is not helpful, as it cannot parse this binlog, and the error message given is useless. The program should give a proper diagnostic message. The server cannot handle this, and the error message shown above about max_allowed_packet is misdirecting. The server should give proper diagnostic messages. Once you experience this error, it is rather hard to fix: Recloning does it, but that takes long. Setting the max_binlog_cache_size prevents the situation.\n","date":"2022-06-07T00:00:00Z","href":"https://blog.koehntopp.info/2022/06/07/mysql-binlog-compression-and-large-transactions.html","tags":["database","mysql","lang_en"],"title":"Binlog Compression and Large Transactions"},{"categories":null,"content":"Where I work, we manage databases in an automated way . Not as automated as I wish it to be, but largely without touching boxes.\nWe have been doing so for a long time.\nOver ten years ago, I set the team the challenge \u0026ldquo;be on an arbitrary version of MySQL within 20 workdays (one calendar month), no matter how many servers we have\u0026rdquo;. We are there now, in a way: we are on a 30-day refresh cycle for our bare metal cloud, and we match that cycle for our virtualized fleet. It was a long road.\nCloning, upgrading and downgrading The three most basic operations we need to solve in order to manage a fleet of instances are: creating clones of an existing database instance in a way that they can participate in a replication hierarchy, upgrading instances to a new minor or major version, and downgrading instances.\nCloning Our tooling has three ways of cloning databases:\nUsing the high-speed native CLONE command. Using Percona xtrabackup. Shutting down an instance and running rsync. Using native cloning is by far the fastest and most convenient version, but it also comes with the most restrictions: Currently MySQL insists that the donor and the receiving instance be the exact same version. This makes CLONE the preferred method for scaling operations, but useless in upgrade and downgrade processing.\nCLONE could be much more useful in upgrade contexts: MySQL knows how to upgrade a datadir in-place. There is even no longer a need to run an external mysql_upgrade program, the code is now part of the server core.\nIt would be easy to allow cloning from a lower version donor, drop the received data into a local datadir and then restart the server process into an upgrade cycle. For forward version movements this would be a big improvement.\nFor us, rsync is an acceptable workaround to cloning, even if it is somewhat limited in speed. That is, because we consider any use of MySQL without a minimum number of replicas broken, and prevent it. Even for customers who think they do not need it \u0026ndash; eventually they all do.\nSo we can always stop an instance, and take our time to do things with it after we have copied it. It allows us to experiment, give extra capacity or try out new versions safely, even Pre-GA MySQL.\nOur safe fallback and the best compromise in speed, comfort and safety is, as always, Percona xtrabackup.\nUpgrading In the past, MySQL had the rule that there are never on-disk format changes within a single major version. That made it easy to move forward and backward between versions within a major release. It was also kind of necessary \u0026ndash; the release quality of MySQL back then was not always of the kind where you could upgrade to the most recent version and be certain that it was an improvement.\nA lot has changed since then, and specifically MySQL 8 has seen fantastic improvements in refactoring of the codebase, in feature planning and in an improved software production process.\nA bit of these improvements has been traded for evolutionary speed, though: With MySQL 8, on-disk format changes within the release series have been explicitly allowed, announced and in fact also happened several times.\nThis became a lot easier since mysql_upgrade functionality has been integrated into the server, and made automatic.\nDowngrading Downgrades have never been a great concern for MySQL.\nIn the past that was not an issue, because upgrading between major versions was seen as a major effort and did not happen en-passant and outside a migration project. That meant extensive testing, and retaining binary, up-to-date data directories of the replication hierarchy in question. In case a downgrade was necessary, one would reclone the old version and inject it into the replication tree, reaping instances running the new version to balance.\nAll this assumes that you did not yet upgrade the primary, which in any seamless migration always is the last step.\nMySQL 8 complicates this a bit With MySQL 8, this becomes a bit more complicated, or more common.\nWhile MySQL 8 gives us very welcome new features, (here are some highlights ), they are sometimes a bit… undertested.\nSome examples:\nOur default clone mechanism does not work yet with 8.0.29. In our case, it affects several thousand instances that fall back to rsync cloning, because CLONE\u0026rsquo;s strict version requirements render it useless, too. Some people experience corruption with the new improved instance schema change in 8.0.29 and need to consider downgrading to 8.0.28. We had an instance the JAMF database, tables without primary key, virtual columns and broken utf16 combine in an unholy and explosive way that required us going back from 8.0.28 to 8.0.27. And there are some problems with Spatial Indexes not being used in 8.0.29 that can make it necessary to downgrade to 8.0.28 from 8.0.29. All of these involve at one or two major versions to fix. Being able to go back \u0026ldquo;a quarter or half a year\u0026rdquo; would make this much easier for everyone: Users and Developers, and take a lot of strain of the vendor/customer relationship.\nCLONE would profit, too As discussed above, CLONE has extremely strict version requirements between donor and destination.\nThe upgrade path is fixable relatively trivial, as shown above, by falling into a server restart with upgrading. A guaranteed two-minor-version downgradability (6 months window) could enable CLONE to also handle downgrades, at speed. It would make version movements up and down a lot less risky.\nThat would be a lot of value added for little effort.\nDump and Restore are not an option The default way to upgrade and downgrade a database is to dump and restore. For Postgres for many years this was the recommended way to jump to the next version: pg_dump and be done with it.\nObviously that works only for toy deployments, because it does not scale. Dumping throws away the indexes, and importing the dump involves reading the data, scanning and sorting it, and then rebuilding the index structures again.\nWe have been there, in the past.\nThe 5.1 to 5.5 disaster For our upgrade from MySQL 5.1 to 5.5, our starting point was a non-GA version of MySQL 5.1 that included a bugfix we considered critical. For this version, no binary, in-place upgrade path to 5.5 existed.\nThat meant, our upgrade to 5.5 consisted in dumping each replication hierarchy and importing the dump into 5.5. The 5.5 instance would then be connected to the replication tree, and had opportunity to catch up. We would make it an intermediate primary eating 5.1 binlog, and emitting 5.5 binlog to further 5.5 instances we cloned out of the initial one. At the same time we would reap production 5.1 instances to match the growth of the 5.5 population.\nEventually we would move writes down from the 5.1 primary, promoting the 5.5 intermediate primary to try primary, \u0026ldquo;beheading\u0026rdquo; the replication hierarchy. Back then we already had a three-digit number of MySQL replication hierarchies, and even back then a replication hierarchy typically had a disk footprint of 1-2 TB (ie 2-4h at 200 MB/s).\nAll this takes around a week per hierarchy, and was not properly automated back then. It meant that the transition from 5.1 to 5.5 took us almost two years. In fact, the entire 5.1 upgrade experience is part of why we have so much automation.\nMySQL 8 makes this easier Things are marginally better in MySQL 8 these days:\nYou can turn off redo logging while doing bulk loading or importing (8.0.21 or better). You can do parallel index creation , so that is faster, if you have the CPU and memory to burn (8.0.27 or better) and your tables are within the constraints given. On the other hand, data grew. Sometimes imports can become multi-month projects: We had a 120 TB MariaDB instance that was converted to Oracle MySQL 5.7 by dump and reload. This took a machine with AMD EPYC CPU, 1 TB of RAM, and multiple months to complete. The conversion saga was painful enough to warrant a Percona Live talk about the entire thing by Mohammed Gaafar and Pep Pla.\nMySQL 8 makes it worse While MySQL makes \u0026ldquo;downgrades by reading a dump\u0026rdquo; somewhat better, at the same time there are aspects that make it worse. The new dynamic permission system in MySQL 8 makes it easy to add new privileges over time. The result is that privileges now change more rapidly.\nWhen you dump and reload (or downgrade a binary datadir), there is no mechanism currently to handle this safely.\nFor example, 8.0.28 might add AUDIT_ABORT_EXEMPT, and downgrading this in any way to 8.0.27 requires some sed artistics in the dump or other kludgery: 8.0.27 won\u0026rsquo;t overlook the privilege names it does not know anything about. Clearly, here is a tooling gap.\nTL;DR Databases are where the state is kept. State has size, and copying state is slow. That is why everybody is always very protective of state. Do not treat on-disk data the Yolo way that Devops treats stateless instances.\nIntroducing new features in a major version is okay if you have a mature codebase and development process. Changing persistent state on disk is more complicated than that. Upgrades should always be binary and in-place. Downgrades should be possible binary and in-place at least for 2 minor version (6 months) If you do not allow that, it is painful for everybody. That includes us, because we can test slower, so Oracle MySQL gets less feedback. That includes Oracle MySQL itself, because it makes nifty features such as CLONE needlessly specific and much less useful. We will, even with today\u0026rsquo;s degree of automation, never be able to upgrade by dump and restore, just because reindexing is very, very expensive. It is just too much data. Binary in-place upgrade and downgrade paths are completely non-optional. We will never have the hell of the 5.1 to 5.5 transition again. We simply cannot afford this anymore.\n","date":"2022-06-03T00:00:00Z","href":"https://blog.koehntopp.info/2022/06/03/rolling-back.html","tags":["database","mysql","lang_en"],"title":"Rolling MySQL back and forward"},{"categories":null,"content":"Der Schnuppel ist jetzt in der niederländischen Groep 8, also in der 6. und letzten Klasse der Grundschule. Die letzten Tests sind geschrieben, die Schulempfehlungen sind raus und bindend, die Folgeschule steht fest und hat die Anmeldung bestätigt. Das Schuljahr ist also noch lange nicht zu Ende, aber alle Arbeit ist getan.\nDas Snackphone One, Zubehör und Nachfolgemodelle im Webshop.\nLetzten Freitag kam der Schnuppel aus der Schule und berichtete davon, daß er mit einigen Freunden und Banknachbarn \u0026ldquo;Mobiltelefone\u0026rdquo; gebaut habe. Also, auf Papier gezeichnet und als Bastelset ausgeschnittene Mobiltelefonmodelle. Man habe jeweils unterschiedliche \u0026ldquo;Firmen gegründet\u0026rdquo; und den Schulkameraden jeweils sein Modell vermarktet.\nOkay.\nDie beste Ehefrau von allen \u0026ldquo;Oh, Basteln und Handarbeiten!\u0026rdquo;, und setzte sich also mit dem Kind hin, um sich die Modelle anzusehen und zu überlegen, wie man da Dinge verbessern könne. Zum Beispiel hatte der Schnuppel \u0026ldquo;USB Sticks\u0026rdquo; für sein Telefon entworfen, also Dinge, die man in das Modell stecken kann und die dann da halten können.\nKennt Ihr solche Pop Up Kinderbücher?\nDas Wetter. Pop-Up Buch So etwas hatten die beiden vor einigen Monaten für einen Klassenkameraden als Geschenkverpackung gebaut. Da sollten sich ja leicht Modelle für Handies gestalten und mit einfachen Mechanismen bauen lassen.\nAber diese Woche geht es mit der Klasse zum Campen an die See. Handies bauen und \u0026ldquo;verkaufen\u0026rdquo; ist also nicht. Und außerdem ist der Spaß ja im Basteln.\nDer Snackphone Webshop.\nMan kam also auf die Idee, daß man einen Webshop brauche für Mobiltelefone. Von dem man PDFs mit Bastelbögen runterladen könne. Und Bauanleitungen als Video. Und eine limitierte Anzahl vorgebastelter Geräte.\nUnd das würde er dann gerne als Projekt präsentieren wollen, mit einem Vortrag mit Video-Unterstützung.\nSo viele Wünsche auf einmal Wir waren dann also letztes Wochenende eine Familie als Webagentur. Man hat sich Modelle und ein Marketingkonzept überlegt, und wir haben diskutiert, wie sich die Modelle unterscheiden und was so gebraucht wird. Wie die Website aussehen soll. Wie sein \u0026ldquo;Ich erkläre mein Produkt und wieso\u0026rdquo;-Vortragsvideo ablaufen soll.\nUnd dann haben wir zusammen das ganze Projekt aus dem Boden gestampft. Ich habe mit dem Schnuppel einen datenbanklosen Nichtwebshop in Flask gelötet. Die Grundlage dafür war ein altes Login-System, das wir beide einmal zum Flask lernen gebaut haben. Der Schnuppel hat ein Design auf meine Skelett-Website gezogen, denn er kann Frontend \u0026ndash; ich nicht.\nSammy und der Schnuppel haben Videomaterial produziert, und er hat das in affenartiger Geschwindigkeit zu Filmchen verwurstet. Einige Jahre Youtube hinterlassen ihre Spuren am Kind.\nSammy hat mit dem Schnuppel Bastelbögen produziert. Die beiden haben Scripte zum \u0026ldquo;Verkaufen\u0026rdquo; der ganzen Sache in einem Videovortrag geschrieben, Szenen gedreht, und der Schnuppel hat es dann fertig geschnitten.\nBackend vom Webshop: Sales Panel.\nWie bei jedem Life-Gang wird alles in letzter Sekunde fertig, und dann geht es in die Schule. Nach der Mittagspause Vortrag und Öffnung des Webshops. Der Vortrag scheint den Verkaufsdaten nach einigermassen funktioniert zu haben.\nInsbesondere die verschiedenen Motive auf den Bastelbögen für die Handyhüllen scheinen es den Leuten angetan haben. An der Schule macht der Laserdrucker Überstunden, und die Kinder basteln.\nKinder und Projekte Alles in allem haben wir zu Dritt gut drei Tage in das Projekt versenkt. Wir haben als Team tatsächlich alle notwendigen Fertigkeiten um so ein Projekt grundlos aus dem Boden zu stampfen.\nDem Kind macht das themenübergreifende Arbeiten einen großen Spaß. Er hat bemerkt, daß er in einigen Bereichen (Mitsingen in Aufführungen an der Oper, Videoschnitt, Frontend-Design) erwachsenenwertige Fertigkeiten ausbildet. Das macht ihn sehr stolz.\nWieder ist ein zufällig aufgekommenes Thema zu einem Haken geworden, mit dem man tausend Dinge, Interessen und Challenges anbieten kann. Das ist hauptsächlich Sammy zu verdanken, die auf solche Gelegenheiten lauert und dann gnadenlos und komplett maßlos Dinge durchzieht, weil es geht, Spaß macht und auf tausend und eine Weise lehrreich ist. Hach.\nZutaten: Papier, Bleistift, Schere, Schneidunterlagge, ein wenig Kleber. Ein Mobiltelefon mit guter Kamera. WebStorm. Ein Laserdrucker. Ein Billig-VPS zum Hosten von Flask-Anwendungen. Sehr viel Zeit.\n","date":"2022-05-17T00:00:00Z","href":"https://blog.koehntopp.info/2022/05/17/wie-normale-leute-eben.html","tags":["lang_de","schnuppel"],"title":"Wie normale Leute eben..."},{"categories":null,"content":"Robert Nystrom is a language developer who works at Google on the Dart programming language. In his book Crafting Interpreters he explains lexing, parsing and executing a programming language in an accessible way.\n\u0026quot;Crafting Interpreters \u0026quot;, Robert Nystrom\nNystrom sets out with the (correct) observation that the matter of handling and executing code is a complex topic that is not made easier with all the theory that surrounds it. In his book, he takes the reader on a journey to implement a toy language, Lox, two times. First with a tree walker execution algorithm, not unlike PHP 3 or early Ruby. Then, again, with a bytecode executor written in C.\nThe book starts out by defining an intentionally very basic, but complete programming language, and then chapter by chapter builds the infrastructure to scan, parse and execute the code. All explanations are very practical and on the code, but a lot of boxes, asides and cross-references make the theory behind all this discoverable, while at the same time keeping it out of the way. One of the nicest and most practical introductions to programming language interpretation and compilation that I have seen.\n\u0026ldquo;Crafting Interpreters \u0026rdquo;, Robert Nystrom, EUR 25.84\n","date":"2022-05-16T00:00:00Z","href":"https://blog.koehntopp.info/2022/05/16/fertig-gelesen-crafting-interpreters.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: Crafting Interpreters"},{"categories":null,"content":"The Netherlands realized around 2000 that they have a problem with bike parking around train stations, and with parking around stations in general. A program was set up to fix that, assuming things would be done with in ten years. The program was a great success, and people taking the bike to use the train, and to use a bike after they arrived at their destination by train increased greatly. This created more needs, and so the program is, changed, still active today.\nFietsparkeren bij Stations , Folkert Piersma and Wout Ritzema\nTitle Page\nThe book talks, in one chapter each, about analyzing customer needs, the history of the program, guidelines and goals, the plannning process, typical bike parking facilities, architecture and design, investment costs, facility operations, technical resources, innovative solutions and finally an outlook.\nTable of Content\nWhat matters to cycling train travellers? Historic review Policy for the development and construction of bicycle parking facilities Plan development Types of bicycle parking facilities Architecture and design Investment costs Operation, maintenance and enforcement Technical resources and innovations Innovative types of parking facilities Challenges and opportunities Overview of bicycle parking facilities at railway stations, numbers of bicycle parking spaces per station to storage type The Bike/Train combination is special.\nThe bike/train combination is special in many ways. First, as a mode of transport, they have more in common than you would think. Both have a low impact on air quality, and they are also propelled in a natural manner: The electric trains of the Dutch Railways run on 100% wind energy, while bikes are propelled by muscle power, at times supported with a bit of electricity.\nBoth cyclists and train travelers like speed and convenience; cyclists want to get to their train as fast as possible without encountering any obstacles, while train travelers move fast while they read a newspaper, prepare for work or take a nap.\nAccording to Dutch Railways, nearly 50% of all train travelers (in 2019, about 1.5 million journeys were made each day) get to the station by bike and in some places, that figure is 70%. Approximately 16% of those travelers use the bike to get from the station to their final destination. Twenty years ago, those figures were 30 % and 10 % respectively. Because of the growing popularity of the bike and growing consideration for health and sustainability, we expect these percentages in the bike/train combination to rise further.\nThis combination already means that the car has fierce competition, especially for city-to-city connections. A study by the University of Amsterdam shows that the travel time from, for example, the centre of Arnhem to the Rijksmuseum in Amsterdam (approximately 100 km) is virtually the same for both the bike/train combination and the car.\nLoad diagrams and station plan with the bike parking in relation to the platforms.\n\u0026ldquo;Groot, licht, dichtbij. Dit is ideaal!\u0026rdquo; \u0026ndash; Christien\nProtected and unprotected bike parking. People coming to the station can park their bike protected or unprotected. Protected bike parking can be with personnel or without. An example of protected bike parking without personnel would be bike boxes.\n\u0026ldquo;Ik kom hier graag. Er is gewoon altijd plek!\u0026rdquo; \u0026ndash; Xiaohe\nPlanability and reliable availability of bike slots are important to customers and commuters.\nBike parking in the 1970s. Fietsenstalling bij station Koudum Molkwerum (boven) en fietsenstalling bi station Dronrip (jaren zeventig van de vorige euw).\nTimes and usage-patterns change.\nTo understand where the Netherlands are today, we have to look at the past. These photos from the 1970s show the situation in typical stations from that time.\nStation Kampen, 1982.\nThe Dutch word for a bike park is \u0026ldquo;stalling\u0026rdquo; (\u0026ldquo;stable\u0026rdquo;), and in this case it is meant quite literally.\nReplanning and rebuilding bike parking at station Deventer.\nThe Situation shown in 2002, and in 2012 after renovation.\n\u0026ldquo;Programma fietsparkeren bij Stations\u0026rdquo;\nThe change is not accidental, but the consequence of the program \u0026ldquo;Bike Parking at Stations\u0026rdquo;, which started off around 2000. It has changed the nature of bike parking at stations in the Netherlands fundamentally.\nBut it also had different, further reaching aspects, and that is why it is still ongoing after 20 years: Not only is the sea of bikes around the train stations gone despite more people arriving by bike at the train than ever before, also the quality of the area around the train stations improved. The dark and seedy underpasses and the general feeling of insecurity around many train stations areas in other cities is no longer present here.\nWhat works and what doesn\u0026rsquo;t? After gaining experience with the initial construction program and being pleasantly surprised by its success, the program was expanded to a broader basis, and the learnings were implemented. Financially, the group also improved its position.\nIt quickly became clear that not all conditions included in the \u0026ldquo;Taking Your Bike to the Train\u0026rdquo; directive were functioning well or efficiently. In Chapter 3, we already discussed the aisle widths in the bicycle storage facilities, which were found to be able to be narrower, allowing for a more efficient layout of the storage area. Another important adjustment was the positioning of the monitored and unmonitored storage facilities in relation to the station entrance and the prescribed covered walking route from the monitored storage to the station. It also turned out to be necessary to equip the indoor monitored storage with tiered racks, which was already the case in virtually all existing monitored storage facilities.\nPlanning and exploration phases for a bicycle parking facility are presented and explained\nTarget audience and their needs.\nHighlighting some important research\nUnderstanding the Target Audience\nBicycle parking facilities at stations have a very specific target audience with distinct needs, as also mentioned in Chapter 1. We know that train travelers are \u0026ldquo;time travelers\u0026rdquo; and we assume that cyclists heading to the station are almost always in a hurry because the train won\u0026rsquo;t wait. It starts with the route from home to the station: Cyclists prefer the shortest and fastest route from home to the station.\nFurthermore, cyclists want to get on the train as quickly as possible and spend as little time as possible parking their bikes. Therefore, we place the bicycle parking facility as close as possible to the station entrance.\nCapacity planning using the example of the fictional station Amperveen.\nCase STATION AMPERVEEN: Local Customization for Projections\nThe fictional station Amperveen and its surroundings\nBased on the current observed usage, this station requires 3630 spots. With the currently available 3000 spots, there is already a shortage of 630 spots. It would not be surprising if the long-term projection ends up at 5750 spots (20 % increase in travelers, 20 % increase in bicycle usage, and 10 % latent demand).\nReal Simulations: Amsterdam Centraal Station. ZW1A with a capacity of 7000 parking spaces has just been completed .\nCase Station Amperveen: Distance to the Station\nIn the analysis of parking locations, the distance to the station is also important. We try to create parking facilities as close as possible to the station entrance, but sometimes it is not possible to meet the full demand. Offering \u0026lsquo;first 24 hours free\u0026rsquo; parking is also considered a form of unpaid parking. If a station has a significant number of weekend parkers, which is often the case in student cities, it may be considered to provide a free unguarded parking facility at a slightly greater distance, up to a maximum of 400 meters.\nTypes, by Prevalence and Price:\nGround-Level Parking (as seen in the 1970s photos) Bicycle Flat (Multi-story Bicycle Parking) Indoor Parking Underground Parking Mega Parking Pedestrian Flow Analysis for the bike-parking \u0026ldquo;Stationsplein Eindhoven Central (south side)\u0026rdquo;. Variations in the Layout of bike lots.\nSo, what did we learn in the last 20 years?\nTypical 90\u0026rsquo;s Trend 2020 Not all ground level parking has a roof All ground level parking has a roof Concrete stairs Natural stone finished stairs No technical aids to bridge height differences Technical aids to bridge height differences, such as brush ramps, moving walkways, or escalators (if required and funded by the municipality) Unfinished concrete ceiling Finished with a system ceiling or a smooth finished ceiling Concrete tiles on the floor Smooth concrete floor Unfinished retaining walls visible Retaining walls coated or finished with a cladding Cables and pipes visible Cables and pipes concealed Unfinished interior walls (Light) Art on the interior walls Partition wall made of aerated concrete blocks or system wall Partition wall made of glass in an aluminum frame Windows in a portion of the wall Floor-to-ceiling windows Turnstile at pedestrian exit with low steel revolving gate Full-height glass turnstile And this is what it looks like.\n\u0026ldquo;Fietsparkeren bij Stations \u0026rdquo;, Folkert Piersma and Wout Ritzema, EUR 29.40 Hardcover\n","date":"2022-05-07T00:00:00Z","href":"https://blog.koehntopp.info/2022/05/07/fertig-gelesen-fietsparkeren-bij-stations.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: Fietsparkeren bij Stations"},{"categories":null,"content":"A book from 2017, about the Spanish Flu, which in the wake of the first world war turned into a global pandemic, killing between 50 and 100 million people on all continents.\nPale Rider , Laura Spinney\nSpinney describes the situation in the world in 1918, and how the Spanish Flu came into the world, and was experienced by people in various parts of the world. The flu returned in several waves, some of which behaved unlike normal flu seasons and also had weirdly shaped killing patterns in the population.\nShe also describes reactions of the population to pandemic fighting measures \u0026ndash; and we know them all from personal experience by now. There have been people protecting mask mandates, self-isolation and social distancing on purpose, \u0026ldquo;mah freedums\u0026rdquo; criers and so on, just like with Covid.\nIn parts 5 and 6, she looks at the flu from a modern perspective: We now know about viruses, and specific the influenza A virus and its variants. We understand its genetics and which parts of the virus are relevant for infection of humans, and they mutate. We catalogue them \u0026ndash; the spanish flu was H1N1. Spinney then looks at SARS, MERS and bird flu, and other viruses, and how they ramp up for another pandemic, strangely prescient of the Covid pandemic of 2020. Also addresses, again spot on, anti-science propaganda and ossified politics unable to integrate new findings into existing rule frameworks.\nAn enlightening and at the same time very frustrating read, written and published 3 years before Covid.\n\u0026ldquo;Pale Rider \u0026rdquo;, Laura Spinney, EUR 9.49 on Kindle\n","date":"2022-05-06T00:00:00Z","href":"https://blog.koehntopp.info/2022/05/06/fertig-gelesen-pale-rider.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: Pale Rider"},{"categories":null,"content":"On an alternate earth alternate biology produces beings that can grow up to 150 meters tall and that are powered by natural biological nuclear reactor: The Kaiju. Whenever anything, humans or Kaiju, uses nuclear energy, the boundary between the alternate realities is weakened and things can cross over. That happened the first time late in the second world war, and that is how the legend of Godzilla came into the world.\nThe Kaiju Preservation Society , John Scalzi\nIt\u0026rsquo;s Covid times, it\u0026rsquo;s New York, and Jamie got fired from his management position of a delivery service and has to deliver things himself now. Doing that, he meets an old acquaintance of him, which offers him a\u0026hellip; different job. The job turns out to involve secrecy, a dimensional portal and working in an alternate world in which he meets things that usually live in SciFi novels.\nThis is a fun read, from a fun Scalzi from earlier times woken up again. Doubly so when contrasted with the rather exhausting Interdependency. Action, Dad joke puns and an improbable premise delivered masterfully, with the parts clicking nicely into each other.\nA strong recommendation, and time well spent.\n\u0026ldquo;The Kaiju Preservation Society \u0026rdquo;, John Scalzi, EUR 8.99 on Kindle\n","date":"2022-05-05T00:00:00Z","href":"https://blog.koehntopp.info/2022/05/05/fertig-gelesen-the-kaiju-preservation-society.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: The Kaiju Preservation Society"},{"categories":null,"content":"The subtitle of \u0026ldquo;Sid Meier\u0026rsquo;s Memoir!\u0026rdquo; is \u0026ldquo;A Life in Computer Games\u0026rdquo;. And that is exactly what we get: Sid Meier lists, chronologically and very systematically, all the games he has been working on during his lifetime. And tells us what happened to him, the game and the game development process while he worked on it. Somehow that becomes a Memoir, even if some things are only implied or appear out of order.\nSid Meier\u0026rsquo;s Memoir! , Sid Meier\nBorn in 1954, Sid Meier is a prolific writer of computer games. Together with Bill Stealey, he funded Microprose in 1982, and write a number of flight simulators - among them Solo Flight and F-15 Strike Eagle. Growing tired of flight sim, he eventually \u0026ldquo;invents\u0026rdquo; the turn based strategy category of games by writing Pirates and Civilization.\nLeaving MicroProse after it merged with Spectrum, he funded Firaxis, and was able to pick up the Civilization trademark and some co-developers dissatisfied with MicroProse. They were able to continue Civilization and turn it into what is has become today.\nThe book is, as promised, some kind of Memoir and a fun read. It also gives some insight into Meiers thought processes and what is important to him in game development. An interesting person, producing an interesting and insightful book.\n\u0026ldquo;Sid Meier\u0026rsquo;s Memoir! \u0026rdquo;, Sid Meier, EUR 8.49 on Kindle\n","date":"2022-05-04T00:00:00Z","href":"https://blog.koehntopp.info/2022/05/04/fertig-gelesen-sid-meier-memoir.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: Sid Meier's Memoir!"},{"categories":null,"content":"This is an old book, from 1998, and much of the technology referred to directly has evolved since then. But, as this a book that deals with basics, in terms of metaphor and analogy, it is still valuable. It explains how computers work, and how we make the tech that powers them.\nThe Pattern on the Stone , W. Daniel Hillis\nComputers are really easy. There is just Zero and One, and it does not get any more complicated than that. The complexity in Computers and how they work comes instead from using simple rules, making them combinable, and then arranging them into more complicated structures by reusing previous building block.\nThe book makes that very clear. It starts at Zeroes and Ones, and takes the reader on a tour, explaining how we get the things we have (or had, 25 years ago), and how they are made by reusing stuff we build previously.\n\u0026ldquo;The Pattern on the Stone: The Simple Ideas that Make Computers Work \u0026rdquo;, W. Daniel Hillis, EUR 9.99 on Kindle\n","date":"2022-05-03T00:00:00Z","href":"https://blog.koehntopp.info/2022/05/03/fertig-gelesen-the-pattern-on-the-stone.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: The Pattern on the Stone"},{"categories":null,"content":"I live in a house in a rural village somewhere in Randstad . We are paying around 70 Euro per month in electricity, and up to 380 Euro per month in gas. We are using the latter for heating and warm water, but we are already cooking with electricity.\nThe house has a decent energy rating and a heat exchanger in the forced ventilation system. That is to keep the warmth in when getting fresh air in.\nEnergy cost of 2021. Electricity remains largely unchanged in 2022, but gas cost rose a lot.\nWe are using a lot of electricity for a 3-person household \u0026ndash; 5500 kWh, a lot of which can be attributed to \u0026ldquo;always on\u0026rdquo; electronics at home. In particular, one file server consumes around 100W, which accumulates to not quite 1 MWh per year. Outsourcing that to a cloud service would be too slow, and a lot more expensive, though.\nThe situation and the configuration The house has a rather steep roof. One solar installation service, recommended to us via a colleague, declined to make an offer for installation because they were not equipped to handle the roof steepness. In the end, we went with Zonneplan, who did not have any objections to the general situation at all, and were able to handle it.\nRoof steepness, as seen from the south.\nThe roof itself is oriented at 155 deg, pointing the roof ridge line to south/southeast. The west side is getting better light, but the first half of the day lights up the eastern roof as well. According to basic astronomy tooling , the sun crosses the houses ridge line at 11:45 CEST, and solar noon (sun at 180 deg) is at 13:45.\nRidge line of the house, and the solar panel configuration.\nWe opted for a solution that places 9 panels on the eastern roof, and 16 on the western side. The east side of the house got a 3x3 configuration, the west side a 4x4. The lower two rows on the western side can get shadow from the neighbor and from the house wings (see the shadow on the image above), so they need \u0026ldquo;optimizers\u0026rdquo; to handle shade. This is what it looks like on the west side:\nPanels on the west side of the roof.\nThe installed panel type has a size of 1.75m x 1.03m, and a Wp rating of 370W, so we get 200W/qm as expected from current tech. This is good for 3330Wp on the eastern side and 5920Wp on the western side, for a theoretical total of 9250Wp. In practice the configuration will never reach that level of output, because both sides of the roof cannot receive direct lighting at the same time.\nThe type sticker of one of the panels.\nThe inverter is a three-phase Huawei SUN2000-10KTL. It weighs 16kg and measures 52.5cm x 47.0cm x 16.6 cm, is rated IP65 and could in theory work from -25 to +60 degC. It still likes to sit inside, dry and warm.\nHuawei SUN 2000 inverter.\nThe device makes no perceptible sound, even under load. When producing 4500 Watt, it gets a bit warm, but not so much that it will feel painful to the touch.\nFLIR image of the inverter while transforming 4500W from the roof.\nInstalling the solar panels on the roof catches energy that otherwise has been hitting the roof and reaching the rooms inside. The rooms directly under the roof are now about 1.5C cooler, a great improvement.\nThe panels themselves, even when in full sunlight, do not get particularly warm.\nFLIR images of the solar panels while in full sunlight.\nProduction and consumption Here is a spotless day in April, still on MET, and hardly any clouds. We have sunrise at 6:40, around 7:00 we see a sharp rise of energy produced on the eastern panels. This peaks around 9:00 at ~2300W, then falls off a bit until around 11:30 the western panels start to kick in. From here on the production switches over from eastside to westside, for a peak of 5300W around 16:00. Sunset is at 20:40, and indeed we get at least a bit of energy almost to the end, though the decline is rather steep starting at 19:40 or so.\nTotal production is 44.5 kWh over the day. Around 10 kWh can be attributed to the modules on the eastern side, and their power comes in early when we need it for breakfast. They help a great deal to even out production over the day.\nThe inverter has a GSM module and feeds into the systems of Zonneplan. That also means I get no direct access to the Modbus in the Inverter without interfering with their warranty.\nI can access the electricity counter of our house, though, through the Dutch P1 interface. This is done, for example, with a P1 reader ethernet by Marcel Zuidwijk, connecting the P1 interface from the counter to a free power on the DSL modem. The data is put onto the house MQTT bus , using software written by a friend and colleague.\nReading the counters, I get a good overview of what happens during the day:\nRed line: Power drawn from the grid. Green line: Power sent into the grid. You can see how between 6:00 and 20:00 we are sending power to the grid at almost all times. The \u0026ldquo;Range\u0026rdquo; data shows we have drawn 6.25 kWh from the grid over the day, and sent around 30.1 kWh into the grid over the day.\nIn the image above, we can see that we sent 30.1 kWh into the grid yesterday. The Zonneplan app gives me a total production of 39.42 kWh for that day. We also took 6.25 kWh from the grid on top of that.\nThat gives us a usage of (6.25 kWh + 39.42 kWh - 30.1 kWh =) 15.57 kWh for the day. Out of this, we covered (39.42 kWh - 30.1 kWh =) 9.32 kWh internally. We pushed a net surplus of (30.1 kWh - 6.25kWh = ) 23.85 kWh into the grid.\nUsing the current counters, I can get a more detailed graph over the day. You can see a base load in the house of around 300W \u0026ndash; around 100W can be attributed to one server, the rest is various other electronics that is always on. Great spikes show household appliances doing things: Dishwasher, washing machine, espresso maker, microwave, cooking plates and ovens all draw around 2kW to 3kW, mostly to heat up water.\nUp: drawing power from grid. Down: Sending power into the grid. You can see how clouds and internal consumption take their bites of the \u0026ldquo;perfect\u0026rdquo; production curve.\nLooking at the day-curve this way you can see that we would profit from a household battery. On this day in April, we could maybe do with a battery of 5kWh or less, but in darker times a larger battery would be more effective. We could achieve complete autonomy from Equinox to Equinox, and charge the missing energy from the grid during cheap times in the darker half of the year.\nThe matching piece of equipment would be a Huawei LUNA2000-15-S0 battery pack. It is a 15 kWh piece of equipment that is 137cm high, 67cm wide and 14cm deep, coming in at 164kg and around 7200 Euro plus shipping. The pack is based on LFP technology, not on Li-Ion.\nLegal and financials We purchased the entire solution through Zonneplan at 10162 Euro, so around 1100 Euro per 1 kWp. This could be a noticeably less, if we did not have shade on the west side \u0026ndash; these optimizers are expensive.\nZonneplan not only installed the whole thing, which took less than a day, but also took care of all the planning, and all the paperwork. That was very comfortable, and they handled all the things professionally and competently.\nIn April, we produced 871.1 kWh, and sent 718 kWh into the grid.\nIn the Netherlands, power sent into the grid \u0026ldquo;turns the counter backwards\u0026rdquo;. That is, you can treat the network like a battery, 1 kWh sent in is 1 kWh you can get back later for free. This is called \u0026ldquo;Salderingsregeling voor huishoudens en MKB \u0026rdquo;:\n\u0026ldquo;Households and small businesses are allowed to feed self-generated electricity back into the grid until January 1, 2023. And offset it against their consumption at another time. This is called offsetting.\u0026rdquo;\nThis rule was supposed to end at 1. January 2023, but will be prolonged at least one year more, says Solar Mag :\nStartdatum afbouw salderingsregeling zonnepanelen niet haalbaar, ambtenaren adviseren 1 jaar uitstel\nStart date for phasing out solar panel feed-in scheme not feasible, officials advise 1 year postponement\nPhasing out the salderingsregeling to Zero is supposed to be done in 9% steps, not all at once. So in the first year, 91% of the power would be part of the salderingsregeling, the rest the electricity provider would pay for, and so on.\nThe law says that the provider must pay \u0026ldquo;redelijke vergoeding\u0026rdquo; (a reasonable compensation). At this point, a compensation of 80% of what you pay for electricity to them is considered reasonable by the lawmaker.\nThat would mean, I get paid at least 18.0 ct/kWh when I am paying them 22.5 ct/kWh. That\u0026rsquo;s workable.\nOutlook Right now we have solved our electricity problem, and manage to have solid overproduction (at least in the brighter part of the year). We are also getting a tiny electric car this year, which will eat into our budget. That also means we are not getting a Huawei battery this year.\nWe will have to eventually change the house heating from a central gas burner to a different system, likely air conditioners/heat exchangers that use electricity to warm up and cool air directly. They work as heat pumps, and produce between 3 kWh and 5 kWh heat for each 1 kWh they consume. This will considerably increase our consumption.\nWarming up 1l of water by 1C takes around 1.16 Wh, and the cooking gas we use provides around 10 to 12 kWh per cubic metre (1000l). So a shower that uses 240l (0.24 cubic metres) of gas consumes around 2.4kWh. Similar math can be applied to dishwashers and washing machines (\u0026ldquo;uses 0.885kWh to heat up 15l of water by 50C\u0026rdquo;), and to cooking plates.\nWe will be using a lot more electricity if we are going to eliminate cooking gas completely in this household.\n","date":"2022-05-02T00:00:00Z","href":"https://blog.koehntopp.info/2022/05/02/a-solar-roof.html","tags":["lang_en","netherlands","energy","climate"],"title":"A solar roof"},{"categories":null,"content":"Zum vorhergehenden Artikel bekam ich einen Leserbrief als Github Issue, das ist hier inhaltlich unverändert veröffentliche, weil ich glaube, daß es wichtige Informationen und Überlegungen enthält.\nVon @typxxi :\nIch schreibe einmal auf Deutsch.\nAkku Lebensdauer Großer Speicher heißt nicht immer gut, weil der LFP Akku dann eher über kalendarische Alterung stirbt, und nicht in Folge der Zyklen. Ein LFP-Akku schafft um die 3500 bis 6000 Zyklen. Das hiesse bei Dir im Idealfall, Du schaffst so 200 Zyklen pro Jahr und damit 17 bis 30 Jahre.\n200 ist schon viel, denn durch die Ost-West-Teilung und Verschattungen wird das im Winter recht schwierig, weil nicht genug hineinkommen wird, da die PV zu klein ist und eine 15 kWh Batterie zu groß bei dem aktuellen Lastprofil von 2022.\nIch bezweifele, dass Du überhaupt 200 Zyklen bei der 15 kWh voll kriegen wirst, weil Dein Nachtverbrauch im Sommer gering ausfällt - wegen der Kürze der Nacht. So bleiben dann nur noch die Übergangs-Jahreszeiten mit längeren Nächten und guten Sonnenerträgen, wo Du bei 5500 kWh und damit grob 15 kWh / Tag landest, was für die Nacht ja aber kaum 50% = 7,5 kWh bedeuten wird. Wahrscheinlich ist es so. daß das Haus in 6h auf Grundlast zurückfällt.\nGrundlast und Strom sparen Grundlast ermittelt man am besten beim nächsten Familienurlaub durch Aufschreiben des Zählerstandes bei der Abreise und Ablesen bei Rückkehr. Der Verbrauch in der Zeit, den Stunden Eurer Abwesenheit ergibt Deine Grundlast.\nDas ist elektrisch nicht ganz korrekt, weil zyklische Verbraucher wie Kühlgeräte mitgezählt werden, die der Definition nach kein Teil der Grundlast sind. In diesem Fall schon, weil wir die Zyklen für den Akku per Überschlag bestimmen wollen, und wir auch versteckten Verbrauchern durch Messen und Rechnen auf die Spur kommen wollen. Denn dort liegt das größte Potential.\nDa reicht es nicht, den Server mit 100W zu schätzen, sondern zu messen und um jedes Watt zu kämpfen (wobei in NL vielleicht nicht, solange jede PV kWh 91 % oder 82 % oder 73 % Wert behält). Dann beginnt auch der Kampf um jeden einzelnen eurer Stromsauger, die 24/7 Verbraucher wie eine Fritz!Box mit 11 W, oder deren Repeater, die gern einmal 10 W und mehr nehmen.\nDaumenregel: 1 W Verbrauch im 24/7 Betrieb = 9 kWh p.a.\nGenauer: 1 Watt x 24 h / Tag x 365 Tage / 1000 = 8,76 kWh, oder einfacher: 1 Jahr = 8760 Stunden und in kWh eben 8,8 kWh.\nDer Server kostet dann fix 880 kWh/a, und da sollte eine Menge zu sparen sein durch eine passende Energiesparplattform, denn gerade da kam ja auch der Erfolg des Raspi her. Ein Raspi 4 liegt grob 4 W als unterem Ende, also 96 W Einsparung, nur kann da ja auch ein Fileserver Rack dran hängen, sodass andere Kaliber Sinn machen, nur ist das der 1. Punkt, Strom zu sparen.\nZum Raspi Verbrauch hier ein guter Beitrag , der die verschiedenen Lastsituation betrachtete: Was kostet mich der Pi 4 an Strom im Jahr? OK, zuerst bei Verbrauch schauen und sparen, gibt lächerliche Dinge, aber sie bringen was. Natürlich in Deutschland mehr als in NL, weil hier die kWh eingespeist mit 8 cent vergütet wird und aktuell so 35 Cent kostet, wenn sie in der Nacht gebraucht wird. Daher ist der Druck hier größer, Strom zu sparen.\nWer Alexa in Form von Echo Show \u0026amp; Co hat, der kann sich fragen, ob er 1. die Display-Helligkeit braucht, mit der die läuft, oder es mit weniger auch geht. 3 Watt sind nirgendwo fixer gespart als da. Und noch viel mehr, wenn man die Frage der Helligkeit richtig zu Ende denkt für sich: Display ist immer aus, außer es schallt \u0026ldquo;Alexa!\u0026rdquo;\nDie Einstellung gibt es tatsächlich, den Nachtmodus, den wir auf 12:00 bis 11:59 gesetzt haben, sodass der Echo Show 1x pro Tag mittags erwacht und Lebenszeichen von sich gibt. Schont das Display (unser 1. Show mit 5 Zoll hat ein leidendes Display) und spart so grob 6 Watt , wenn ich mich recht entsinne: 54 kWh p.a. bzw. 18€\nUnd die Kids lernen das nur so, was wir selber in der Jugend nie lernten, denn Wasser und Strom flossen ja immer gut und reichlich und nur die Eltern hatten 1x im Jahr Kopfschmerzen, woher nur dieser Anstieg stammte.\nBatteriebedarf abschätzen OK, zurück zur Batterie. Ich gehe von sagen wir 220 W Grundlast aus, dann hast Du vereinfacht in 6 Monaten eine Dunkelphase mit 7 h Kernnacht und 3h Abendprogramm, wo die Batterie liefern darf.\nWir nehmen an: 7h x 220 W + 3h x 750W\nDas ist schon eher viel für TV schauen, 120 W bei 65\u0026quot; mit Sky Receiver \u0026amp; Licht an + 50\u0026quot; Monitor \u0026amp; Laptop an = 90W = 1540 + 2250 =3790 Wh ergibt einen Bedarf von 4 kWh pro Nacht in den 6 Monaten. Im Sommer aber auch weniger, weil die Sonne eher und länger Strom liefern kann, die Batteriephasen kürzer ausfallen.\nKontrollrechnung: die übrigen 14h x 750 W ergäben 10,5 kWh und damit Tagesverbrauch 15 kWh.\nOK, damit sollte klar sein, dass die 15 kWh Batterie zu groß sein dürfte, außer die Dinge ändern sich wie angedeutet.\nBatteriebedarf mit Wärmepumpe (Splitklima) Fangen wir mal damit an, dass Du einen gleitenden Übergang bei der Heizung siehst, dann gäbe es da als 1. Weg die Nachrüstung einer Split Klimaanlage als Heizung. Für die großen Räume vor allem im EG, wofür Du selber nicht viel Geschick brauchst, weil es nur 1 Kernbohrung braucht und danach nur noch Kabel verbinden und Maulschlüssel nutzen, ggf. mit Drehmomentschlüssel.\nDie Anlage kann dann heizen und im Sommer kühlen, was alle südeuropäischen Länder seit Jahren nutzen, weil deren Heizlast geringer ist. Der Wirkungsgrad ist sehr hoch, weil aus der Außenluft die Energie gezogen und direkt nebenan im Raum abgegeben wird ohne 20 m Heizungsleitungen und Verluste.\nWir haben 5,4 kWh große Mitsubishi nachgerüstet - im Altbau der 70er, der aber schon damals mit über 10 cm Wand und Decke gedämmt war. Die Kosten liegen incl. WLAN und aller Quick Connect Leitungen bei circa. 1100 € - wenn Du hier jemanden beauftragst, dann sind es 3000 €, sodass Du siehst, wie sehr sich da das lohnt.\nNimm aber eine Marke. In der Regel reicht aber das Basisgerät, denn Du kannst da viel Geld in Design investieren mit begrenztem Nutzen, denn für 500 € mehr bekommst Du die gleiche Anlage, die aber per Fernbedienung den Luftstrom nicht nur vertikal, sondern auch seitlich lenken kann. Wer das braucht, bitte, aber 1600 € heben die Hemmschwelle, so etwas mal zu probieren.\nUnd: große Räume eignen sich besser, weil 1. Wärme aufsteigt, und die Anlagenkosten sich nicht linear verteilen, also kleinere 2,2 kW Anlage für 4 0% zu haben ist. Sie kostet stattdessen dann 800 € statt 1100 €, macht also kaum Sinn.\nVon daher Split-Klimaanlagen immer größer auslegen als der Heizbedarf wäre, weil Du immer noch mit Tür auf das Haus als solches mit wärmen kannst, besonders bei Euren wohl vielen Etagen.\nNa klar, für 500 € mehr bekommst Du auch noch einen kleinen Bonus bei der Effizienz, denn statt COP 4,1 gibt es dann vielleicht 4,4 - also 1 kWh elektrisch bringt 4,1 oder 4,4 kWh Wärme. Du brauchst aber lange, um mit der 10 % höheren Effizienz die 500 € reinzuholen, da hast Du mehr von vielen kleinere Anlagen.\nBei Multisplit-Anlagen muss man wissen, dass Du da auch 2 oder 3 Innenräume heizen kannst, wobei jeweils 2 oder 3 Innengeräte an 1 Außengerät angeschlossen werden. Funktioniert gut, kostet aber auch und hat Schwächen, wenn ein Raum kalt und der andere auf Vollgas / Vollstrom laufen soll. Mag sich bei benachbarten Räumen lohnen.\nBei Quickconnect musst Du wissen, dass sich das Kühlmittel im Außengerät befindet. Mit der Quickconnect Leitung kannst Du die beiden Geräteteile selber verbinden und in Betrieb nehmen - außer Du lebst in Deutschland, da brauchst Du den Klimaschein. In Italien war das für uns nicht der Fall.\nEs muss Dank Quickconnect kein Vacuum erzeugt oder kontrolliert werden, solange Du mit 7 m Rohrlänge klar kommst. denn für 7m packt Mitsubisih Kältemittel in das Außengerät. Ansonsten muss der Klimatechniker kommen und nachfüllen.\nLange Vorgeschichte, um zu zeigen, dass man auch elektrisch zuheizen kann, oder gar mit 3 Anlagen a 5,4 kW den alten Heizkessel an Heizleistung mit 16 kW erreichen kann.\nAn den sehr kalten Tagen, die Du an 2 Händen zählen kannst, wenn es unter 5° C geht, verliert die WP ihren Wirkungsgrad und Arbeitsleistung, da sollte dann was helfen? Gas heizen und mit elektrischem Heizlüfter.\nDas alles nur, um zu sagen, dass diese Heizung sinnvoll sein kann, und dann auch teils von Batteriestrom profitieren kann. Das ist vor allen Dingen in der Übergangszeit sinnvoll, wenn morgens die Sonne noch weg ist oder abends schon wieder. Jedoch braucht eine 5,4 kW Heizung mit COP 4 maximal Strom von 1,6 kW - wenn Du bei 12 ° heim kommst und das Ding auf 28° drehst und mit voller Drehzahl Wärme brauchst.\nDie 1,6 kW machen es Dir auch leicht, dieses Gerät nachträglich an eine normale Unterputzdose in den Stromkreis einzubinden. Damit will ich sagen, dass hier eine 5,4 kW Anlage im Winter einen Wohnraum konstant auf 23° C hielt. Der Verbrauch lag dabei bei 4 kWh am Tag, in der Übergangszeit weniger: 2 bis 3 kWh.\nFür die Rechnung ist das wichtig, ja der Akku auch morgens noch voll sein sollte, wenn man die Nachtzeit von Batterie versorgen will. Von den 2 bis 3 kWh entfallen dann vielleicht 40 % auf die Nacht oder weniger, wenn man Nachtabsenkung der Temperatur in Kauf nimmt. Nimm einfach mal 1,3 kWh für die Nacht je Gerät und schwups bist Du bei 3 Geräten bei 4 kWh.\nMit den 4 kWh Alltagsverbrauch und mit 4 kWh fürs Heizen per Split Klima in 3 Räumen und mehr landest Du bei 8 kWh Bedarf, und irgendwie ist der 15 kWh Akku immer noch verdammt groß, liegen also 3600 € Kapital brach herum.\nDaher der Rat, das ganze mal mit 10 kWh zu denken, die Dir vielleicht 2400 € sparen, die reichen, um dafür Splitklima zu kaufen.\nWasserbereitung Jetzt mag noch die Frage kommen, wie es mit dem warmen Wasser wäre. Genau, das ist dann auch so eine noch einfachere Sache.\nEs gibt vor allen in Südeuropa Monoblockanlagen, die meist in einem wärmeren Raum aufgestellt werden. In Frage kommen Heizungskeller oder ähnlich. Die Anlage zieht dort aus der Umluft die Wärme ziehen, und heizt einen 100 Liter Wasserbehälter auf. Diese werden an nur 2 Rohren in den bestehen Warmwasserkreislauf eingebunden, was Du auch selber machen kannst.\nKeine weitere Veränderung erforderlich, alles beim Alten.\nEin solches Gerät hat Abmessungen von etwa 50 x 50 cm x 120 cm Höhe, und wird meist an die Wand gehängt, in Südeuropa auch gern in die Küche. Entsprechend gestalten die Anbieter aus Südeuropa das auch gern mal wie ein Interieur Möbel, schönere Oberfläche und Bedienung als die typischen Heizungen.\nDer Preis liegt um die 900-1100 € von Ariston, in der einfachsten Variante. Ich rate Dir aber sofort, da genau zu schauen, denn die kommen ohne WLAN und SMART, haben mitunter aber eine Steuerleitung, sodass Du bei PV Überschuss eben auch das Wasser warm machen kannst.\nLohnt sich alles für NL heute nicht so sehr , aber mit jedem Jahr weiter un 9% weniger Wert der eingespeisten kWh um so eher und mehr.\nFür die Rechnung nimmst Du einfach an: Du hast da 100 Liter, die mit 15° C reinkommen und auf 55°C erwärmt werden müssen. 40° C x 1,1 Wh/ °C und 100 Liter enden bei Wärmebedarf von 4400 Wh, wobei so eine Ariston Nuos Primo mit COP 3 als Wirkungsgrad kommt. Das bedeutet, Du brauchst 1,5 kWh.\nIst die Frage aber, wie viel kWh Du morgens brauchst, bevor die Sonne aufgeht, um den Behälter aufzuheizen. Da sind die 40° C ja selten fällig, weil nicht immer abends noch geduscht worden ist und 100 Liter 15° Wasser nachgefüllt worden sind, sondern Du mit 100 Liter 40° C warmen Wasser aus der Nacht kommst und dann nur noch 1/3 der Heizlast hättest, eben 15° C erwärmen statt 40 °C.\nDer Strombedarf sinkt dann auf 0,600 kWh wären. Und damit ist 3/4 des Jahres, wenn im Akku auch Strom sein wird, der Akku mit 9 kWh ausgelastet. Im Sommer noch weniger, im Spätherbst und frühen Frühling mehr.\nAuto Ach ja, der Elektroflitzer soll ja auch eher tagsüber geladen werden als mit Verlusten aus der Batterie in die Batterie, sodass man dessen Bedarf als Ausnahmen vergessen kann. Er ist im Übrigen die viel billigere Batterie, stell Dir mal einen 50 kWh PKW vor, der aus den HUAWEI 15 kWh Speichern gebaut würde, denn dann wären das schon 25000 €, also ist der günstigste Speicher Dein Auto.\nSelbst in Deutschland wird Vehicle 2 Load als Rückspeisen ins Haus bzw. als Vehicle 2 Grid ins Netz kommen. Zuerst VW, die sich gegen die Stromlobby durchsetzten. Von daher baue den Akku nicht zu groß, wenn in 1 Jahr VW und dann andere Vehicle 2 Load Fahrzeuge liefern.\nEin Ford F150 Lightning Truck kann ein ganzes Haus versorgen, weil bis zu 9 kW aus dem Fahrzeug gehen können, wobei klares Negativbeispiel. Ein MG4 in Golf Größe kommt in der Basis mit einer 51 kWh LFP battery und einer 2,3 kW Leistung Vehicle 2 Load (kein 2 Grid). Der MG4 Akku mit 3500 Zyklen und mehr kann dann die Hausbatterie ersetzen. Noch ein Grund mehr, eine NICHT ZU GROSSE HAUSBATTERIE zu kaufen. (Nebenrechnung: 300 km WLTP hieße bei 3500 Zyklen aber eine Akkulebensdauer von 1.250.000 km, die das AUto nie fahren wird. Der Akku hält also länger als das Auto mechanisch.\nÜberschüsse handhaben Nun der Punkt, der ebenso wichtig ist: Wenn Überschuss, dann bestimmte Verbraucher mit Überschuss Strom betreiben\nDas nennt sich bei Auto und Wallbox Überschussladen. Die Softwarelösung heißt wohl EVCC, wenn Du nicht eine teure, an den Wechselrichterhersteller gebundene Lösung kaufst. Nur läuft die dann meist nur mit einer Huawei Wallbox, so es die gibt.\nDer nächste Verbraucher wäre ein Problem, von daher schau Dir EVCC an, die einen Raspi braucht oder einen SonOff ihost, der ein lokales Smarthome ohne China Cloud für aktuell noch heute 55 € bietet. Also eine grob Pi 3 / Pi 4 vergleichbare Leistung mit einer Docker Einbindung und Zigbee, WLAN und BT an Bord, sowie anderem Zeug. Heute noch im Release Angebot, was seit März gelaufen ist. Ansonsten wohl etwas teurer, aber günstiger als Pi 4 neu von ebay.\nEVCC erlaubt Dir das Laden von einem oder mehreren Fahrzeugen bzw. Verbrauchern mit Regeln \u0026ldquo;Wie lade nur das, was an Überschussstrom sonst ins Netz ginge (die Fahrzeuge können meist erst ab 6A)\u0026rdquo; und das auch intelligent. Denn neben dem reinen grünen Überschuss gibt es noch andere Ladeprogramme, um das Fahrzeug schnell zu laden auch mit Strom vom Netz.\nUnd Deine Splitklima, ggf. aber auf alle Fälle die Warmwasser-Wärmepumpe sind ein Super Überschussverbraucher\nDieser Energymaster ist die Zentrale, denn nur diese Überschussverbraucher lassen sich wirklich gut mit Überschuss betreiben. Eine Spülmaschine oder Waschmaschine nur und erst dann ein zuschalten, wenn der Strom reicht, ist im Alltag eher ein Alptraum in der Steuerung und muss man bzw. alle in der Familie wollen. Abends nach Haus und die Maschine ist nicht gelaufen, da kippt die Stimmung dann fix.\nVon daher schau mal EVCC an, ist Open Source und bestimmte Funktionen brauchen einen Sponsor, was der Wallbox Hersteller übernommen haben kann, sodass alle Produkte des Herstellers das gratis können - oder kostet Dich maximal $2 p.a. und ist Open Source made in Germany mit sehr lebendiger Community. Du findest die Site auf evcc.io .\nSteuerung und Modellierung War es das ?\nAll das ist die alte, händische Art so was anzudenken und zu durchplanen. Es hätte Dir vor 1 Jahr vielleicht auch mehr geholfen, das so zu finden, aber sei es drum. Da auf dem Blog nichts Neues stand, sah es erst einmal nach dem Stand der Dinge aus, wo sich ein Akku kaum rentiert, wenn man von 1 kWh eingespeist morgen oder im Dezember noch 0,91 kWh zurück bekommt.\nVon daher mag das jetzt Sinn machen und Dich auch schon länger fragen lassen, was noch geht und wie in welcher Reihenfolge. Nur der Rat, dass Du lieber einen eng bemessenen Hausakku kaufst, und im Hinterkopf hast, dass die PKW das künftig von Haus mitbringen werden, und zwar vor 2030, denn VW ist ein Big Player wie ein F150 Lightning in den USA bei Trucks.\nAll das hier ist die alte, einfache Art, weil jeder der Dein Blog dazu liest, dem auch folgen kann. Willst Du mehr und genauer, also auch PV Anlage planen und vergleichen können, dann kannst Du sozusagen Dein Haus an Deinem Ort einfach in 3 D planen. Deine Anlage, wie sie ist, nachbauen und passend dazu Deine Verbrauchsprofile hinterlegen, wann welcher Verbraucher am Tag oder in der Woche läuft und was an Strom braucht, oder aber Du nimmst die 5500 kWh und lässt die für einen 3 Personenhaushalt mit 1 auf Achse und der Rest zu Haus runterbrechen.\nDiese Software errechnet dann auf Basis der Einstrahlungsdaten an Deinem Ort die Erträge je Minute aus der PV, und stellt dem ggü. die Verbräuche , sodass das System für jede Minute eine Bilanz erstellt und das ganze zu einem Jahresergebnis.\nDa kannst Du dann alternative Module simulieren, alternativ Belegungen und Wechselrichter, ebenso Batteriegrößen, DIY Akkus und die Wärmepumpe bzw. Dein Auto elektrisch fahren lassen mit wöchentlich 500 km und Ladeprofilen und Zeiten.\nDas findest Du auf bei Valentin Software in Berlin - gratis als 30 Tage Demo, wobei Du die Kundenprofil-Auswertungen halt nicht drucken kannst, aber mit Screenshot kriegst Du alles auch so. Alle Versionen gibt es dort zum Download und laufen prima.\nDer Anbieter hat auch alle Daten der Module und Wechselrichter hinterlegt. Du sparst Dir das fehlerträchtige Abtippen der Specs, die das System braucht, um zu simulieren. Du mussst nur Modul Daten etc. auswählen, und dann sollte das System signalisieren, dass alle Komponenten passen oder woran es scheitert.\nDas Ergebnis der Simulation ist super, die Daten sind realistisch, also die Planung zuverlässig, die Modul, Batterie, Wechselrichterdaten werden teils von den Herstellern eingepflegt und laufend aktualisiert, weshalb alles von deren Servern zur Laufzeit kommt. Ist dann Dein Wechselrichter dabei mit neuen Specs oder verbesserter Version, dann wirst Du gefragt, mit welchem Modell Du weiter arbeiten willst.\nDie Planung selber ist da schon was anderes. Man braucht, um sich da einzufinden, aber am Ende geht es oder Du kennst Leute und kannst fragen. Von daher halt der Hinweis, dass Du PV SOL in der PREMIUM Version. Nimm nicht die kleineren, sondern gleich das Profi-Tool, das Du sehr gut nutzen kannst, um Dein System von heute zukunftssicher zu gestalten durch u.a. Simulation.\nWechselrichter brauchen Strom Lange Geschichte, aber ich denke, dass Du was daraus machen wirst.\nDazu hast Du noch bedingte Reserveflächen, die auf den Garagen / Carport etc. Je weniger die eingespeiste kWh wert sein wird, je eher wirst Du mehr Leistung auf dem Dach haben wollen. Und von daher hast Du jetzt Zeit, die Zukunft so zu planen, dass Du Dir ad hoc auch nix verbaust wie mit einem teuren, zu großen Speicher, denn:\nim Winter wirst Du den ausschalten, weil ein Hybrid Wechselrichter dann auch fix 70 oder über 120 Watt in der Nacht jede Stunde aus der Batterie ziehen kann, um nur bereit zu sein, Strom zu erzeugen.\nJetzt passiert nix dergleichen, denn die PV Module liefern keinen Strom und Dein Wechselrichter legt sich schlafen. Kommt die Batterie, dann will der aber 24/7 seinen Anteil zum Betrieb und der kann hoch sein: höher als Dir lieb ist, weshalb dann viele gerade mit so einer eingeschränkten Ost -Westleistung wie bei Dir eben die Kiste im Winter aussschalten, weil der Überschuss zum Laden zu gering sein wird.\nDaran denken die wenigsten und fallen nachher aus allen Wolken, wenn die Monatsauswertungen plötzlich hohe Verluste zeigen wie 200 kWh für den Betrieb des Akkus im Monat, weil ja der Verbrauch des Wechselrichters nur durch den Akku provoziert wird. Ohne Akku wären die nicht da.\nSchluß Gutes Studium und Gelingen - ich schaue mal bei Gelegenheit vorbei und wenn Fragen sind, dann kann ich vielleicht mit Antworten helfen oder sagen, wo Du die Antworten findest.\nKlar, das macht alles heute noch nicht wirklich Sinn in NL, weil eben 91 % oder 82 % jeder eingespeisten kWh gratis zurückkommen, wann immer Du die im Jahr brauchen könntest. Aber mit jedem Jahr weiter kommst Du deutschen Verhältnissen näher, wo eben die kWh vom Netz das 4,x fache dessen kostet, was Deine eben eingespeiste kWh bringt, von daher endet das in derselben Richtung früher oder später.\n","date":"2022-05-02T00:00:00Z","href":"https://blog.koehntopp.info/2022/05/02/a-solar-roof-2.html","tags":["lang_en","netherlands","energy","climate"],"title":"A solar roof 2"},{"categories":null,"content":"Where is the Internet coming from and how and when was it built? It\u0026rsquo;s a network of tubes, or rather cables, and these days they are mostly fiber. Much of it was built during the dotcom boom, but little has been written.\nThe Undersea Network , Nicole Starosielski\nNicole Starosielski is a professor at New York University Steinhardt, and specializes in Internet Infrastructure, specifically underwater sea cables. In her book, she documents the history and development of the infrastructure that carries more than 99% of todays Internet data, the backbone that defines the global transport capacity of the Internet.\nStarosielski not only explores the technology, but also the topography and history of the cables, and of course the policts that follow inevitably if you plug a cable that connects to remote locations. The book meanders between travel report, history book and sociotechnical politics brief.\nA companion to the book, the Website Surfacing allows the reader to interactively follow and explore the structures the book explains. Search terms at the beginning of each chapters imagery link the chapter in the book to the interactive display on the Surfacing website.\n\u0026ldquo;The Undersea Network \u0026rdquo;, Nicole Starosielsky, EUR 19.61 on Kindle\n","date":"2022-05-02T00:00:00Z","href":"https://blog.koehntopp.info/2022/05/02/fertig-gelesen-the-undersea-network.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: The Undersea Network"},{"categories":null,"content":"Where I work, the native database is MySQL. This is what the database team fully supports.\nOther databases, notably Postgres, are in use mostly because external products we run require them. Internal projects should use MySQL. An external company provides limited support for running Postgres.\nThe recommended version of MySQL to be used is currently the latest 8.0. It has a large number of improvements over the previous version 5.7 in terms of the SQL subset supported, handling of sorts, critical character set support and join strategies. Versions of MySQL older than 5.7 are completely unsupported and contain unfixed critical CVEs. They must never be used.\nNote that \u0026lsquo;fully supports\u0026rsquo; does also include operational aspects of the database: Automated handling of grants, automated fail-over, replication tree management, capacity planning, restore testing of automated backups, and integration with compliance tickets. Using other SQL products is likely to leave a team with a lot of toil that is taken away by automation had you been choosing MySQL.\nOverview We are using a \u0026lsquo;safe subset\u0026rsquo; of MySQL (\u0026ldquo;Blue MySQL\u0026rdquo;) and not all features of the product. That said, we are an enterprise with several hundred use-cases. For each of these rules a counterexample project likely exists.\nThe \u0026lsquo;safe subset\u0026rsquo; of MySQL mostly means: We do not store code in the database.\nWe do not use views. We do not use stored procedures or stored functions. We do not use triggers. We do not use UDFs (\u0026ldquo;user defined functions\u0026rdquo;, .so files that are loaded into the server proper and can be called as SQL-functions) We do not run code in the database, because it makes applications very hard to update atomically in a rollout. It also makes it hard to see all code that is part of the application in a developers\u0026rsquo; editor, because some of it is in git, and other code is part of the schema. Finally, code in the database creates some kind of spooky action at a distance that creates lots of debugging problems.\nSpecifically for MySQL, the MySQL stored procedure language is as beautiful as COBOL, as efficient as PHP 3, and as debuggable as embedded Lua. Do not use it.\nGeneral SQL systems are stateful systems, so your application can be stateless. That means there is state in a lot of unexpected places in SQL, and you have to be aware of it.\nConnection Scoped State COMMIT can fail, and you must be able to retry Databases store data for a long time. Often longer than the code that created the data lives. For example, there are databases in production that have an uninterrupted change history of more than 20 years. The data started out in Postgres, was converted and migrated to MySQL 4.0 and then lived through a change of versions up to MySQL 8.0.\nDatabase administrators operate with this in mind, and use a lot of defensive operational procedures. Get their input and their help when planning changes.\nAll data has a full data lifecycle: It is being created, ingested, stored, changed and updated and ultimately exported to different systems and/or deleted. Plan the full data lifecycle, and pay special attention to tables that have time as a component of the primary key or the table name, or otherwise exhibit log nature. Every transactional database has a data warehouse inside, and it struggles to get out. Given the same number of customers, articles and transactions each day, will your database grow without bounds and which structures cause that?\nDatabase administrators will help you to complete the data lifecycle.\nAbsolute Limits MySQL has a number of limits that are part of the codebase. Specifically, InnoDB limits are documented in the manual. It is useful to be familiar with at least the information on indexing.\nOn top of that there are other limits that will affect you, based on physics, operations and available hardware.\nSize Are you running out of disk space? Know what to monitor, and how to handle the situation and absolute size limits .\nDeleting data costs disk space. MySQL is running in a replication hierarchy, and in order to replicate MySQL stores a pre- and post-change image of each changed row in the binlog. This is kept for up to seven days to allow lagging replicas to catch up. For deletion, the pre-deletion image of the row is sent to the binlog, in order to allow the replica to find the row to delete it. This consumes disk space, which will be reclaimed only after seven days.\nA DBA can help you here to reclaim space early.\nSize is Time, and Time is Size. Assuming 400 MB/s copy speed, copying one terabyte of data takes around 45 minutes. Adding 15 minutes of replication catchup, you can expect around 1 hour of creation time per terabyte of database size.\nDatabases of around 200-250 GB size have a creation time of around 10-15 minutes per instance. That is sufficient even for databases in Kubernetes.\nThe DBA Standard SLO supports databases are \u0026lt;2 TB in size, and fit onto a 1.92 TB sized standard NVME drive, including binlog and overhead. They take around 2h to create from a donor instance.\nDatabases larger than that require special storage (external persistent volumes), which will have worse latency and cost more. It will not be available immediately, and moving existing databases (which are already large) to different storage will take time in accordance with their size. Plan ahead, and plan with a DBA to make this a smooth transition.\nThe instance size limit is approximately 10 TB. Instances larger than 10 TB will have a creation time so large that operations will have at most one attempt per day to do anything with the instances. This produces unsustainable toil for DBA, and drag on your project.\nThat is, some time before hitting the 10 TB barrier your project will have to have an exit plan in place to avoid hitting this limit.\nThe plan can be\nuse Cassandra or another sharded NoSQL storage. use shards in MySQL, doing application level sharding. consider a supported distributed database. It will involve in all cases moving to a distributed setup that more or less transparently shards. It will also involve moving to a setup where JOIN will be much more costly because of the distributed nature of the database.\nWe do currently have larger databases than 10 TB. Contact their owners to understand the nature of their toil problems and why your setup wants to avoid this.\nLatency Write your SQL and your applications SQL execution model with milliseconds of query execution time in mind, even for reads.\nCurrently, we have on-prem databases with a memory saturated setup, and they expose query latencies for single primary key lookups in memory of 0.15ms. This will not hold in the cloud, in virtual environments, and also not in setups that put ProxySQL in-between.\nCount the number of queries run to render a page using the available Event Instrumentation. Will the page render properly with 1-4 milliseconds of query execution time for each query?\nKeep read-replicas of your data close to the application. Crossing the boundaries between AZs will add another 4-10ms, or more, to each query. If your application is running on-premises, but your database is in the cloud, this is likely much slower than setting up local replicas and extending the replication hierarchy into the local AZ.\nUsing certain database ORMs, it can be easy to accidentally create SQL being executed in a loop. For each object accessed in a loop, the ORM secretly fires a single primary key lookup in the background to fleshen the object lazily when it is accessed for the first time. This is called machine-gunning.\nAvoid machine-gunning, primary key lookups in a loop. Consider using a SELECT ... FROM table WHERE id IN ( ... around 1000 constants ... ) clause. If this is driven by another select, consider using a JOIN.\nStatement size Objects and statements are limited to max_allowed_packet, currently 16 MB in size. Additionally, certain WHERE id IN (...) clauses begin to show degraded performance and excessive memory use for a large number of ids in MySQL 8.\nAim for around 1000 values in such clauses. Stay below 16 MB statement size. For bulk writes, keep the transaction size to a reasonable 1000 to 10000 rows per commit. Group replication will be unhappy if you don\u0026rsquo;t. Many-tables JOIN Avoid JOIN-ing more than 10 tables at once.\nIf the optimizer were to brute-force all possible JOIN combinations on an n-way table JOIN, the number of combinations would be n! (factorial of n). This becomes an unwieldy number at a value of n=10.\nThe optimizer will have to apply heuristics around a join-plan depth of 10, and do weird things, including sometimes missing obvious optimizations.\nThis is usually not a problem, but if you are using an ORM and have deep class hierarchies, you may be hitting this limit inadvertently. Be aware of your class-subclass relationships and how they are modelled, and what SQL is being generated.\nBulk updates (large deletes, inserts, updates) Very large atomic transactions are being executed on the primary, and on commit, enter the binlog. They then go downstream and execute on the replicas of that level, and so on.\nAs each replica has the same data as the primary, they will all approximately complete the statement at the same time. Your busy query will hog all replicas at the same tier at approximately the same time. You will likely lose capacity at each tier of the replication tree at once when executing such a large transaction.\nA query such as DELETE FROM sales WHERE article_id \u0026lt; 1000000 has the potential to make changes to very many rows. The update can take noticeable time, or depending on the data, even run for minutes or hours. The change can stall replicas, induce replication delay or otherwise impact production.\nIn all our supported languages packages, we have replication aware bulk update functions to handle this: They will break up such large changes into manageable chunks, and execute them while monitoring replication lag. Be sure to make good use of them, they exist for a reason.\nData types and column definitions MySQL supports a wide range of data types. They are documented in the manual . Each data type comes with a range and a storage size. It is useful to know properties of the most common types.\nWhen choosing data types, think big (\u0026ldquo;assume 10x growth\u0026rdquo;). Data types can be changed ex-post, but require an ALTER TABLE command or an online schema change to be run. This usually involves a background copy of all data of that table, and can take a lot of time for large tables.\nAdditional information about commonly needed data types can be found in your projects coding guidelines.\nThe following rules have been proven to be useful guidance in the past:\nNames Names are snake_case. Do not use uppercase table names or column names. We have done that in the past, and there are tables with upper case characters in names. Don\u0026rsquo;t. Depending on the version of MySQL and the filesystem in use, table names are case-sensitive or not, because they end up being file names on a case-sensitive file system or not. Specifically, in production, on Linux, for older versions of MySQL table names are case-sensitive, so Sales and sales are different tables. On Mac and Windows, with case-insensitive filesystems, they will be the same table. Be consistent with column names. Do not use MySQL keywords or reserved words as column names. MySQL 8 list of reserved words lists keywords, reserved words, new keywords and reserved words - none of them should be used, even if some of them technically can be used. If you must, quoting table and column names (`table_name`.`column_name`) avoids reserved word problems completely. Theoretically, using backticks it is possible to have column names and table names that contain spaces, or even emoji. Don\u0026rsquo;t even think about that, much less try it. Normalization Understand database normal forms and aim for a relaxed third normal form. Try to normalize properly until you run into weirdness. Only denormalize when you actually experience performance problems. Keys Every table must have a primary key.\nIn MySQL the primary key also defines the physical order of the data on disk: Rows with similar primary key values will usually be stored physically closer together than rows with more dissimilar primary key values. MySQL contains a large number of optimizations to exploit this and make this fast. Not having a primary key breaks group replication and row based replication. We are using these features, so primary keys are mandatory. Primary keys are short: integer (4 byte), bigint (8 byte), VARBINARY(16) (the output of UUID_TO_BIN(), 16 byte).\nMySQL uses primary keys as row addresses in all secondary keys. The longer the primary key, the more expensive the secondary key. That means INDEX(a) will actually store INDEX(a,id) (with id being the primary key) as a secondary index, and the optimizer knows that, and can use this. Primary keys determine physical data ordering. Using the default InnoDB storage engine, the data itself is organized in a B+-tree in the primary key. That is, the primary key holds the actual data rows in the leaf-nodes of the primary key. That implies the data is physically arranged in primary key order.\nThis is why mutating a primary key is so expensive. This can be exploited to keep hot rows close together and reduce the working set size of the database. InnoDB prefers hot rows to be close together, and has special-case code to make this work. This resonates nicely with auto_increment: Using this, more recently inserted rows will be more on the \u0026ldquo;right-hand side\u0026rdquo; of the table, and older rows will be more on the \u0026ldquo;left-hand\u0026rdquo; side. Often data hotness coincides with row age, so using auto_increment the database will automatically exploit this for smaller memory footprint. Primary keys are immutable. Changing a primary key physically moves the record around in the data tree that makes up a table. This is an extremely expensive operation. Never change a primary key value.\nPrimary key values are not re-usable. When deleting a record, the primary key that once identified that record can never be re-used. It may be still referenced by things outside the database, such as URLs with the id as a parameter. Re-using the primary would potentially link an external thing to a completely unrelated id value.\nTo use a UUID as a primary key, define the column as VARBINARY(16) and use the UUID_TO_BIN() function with swap flag set to true.\nUUID_TO_BIN(string_uuid, 1) : \u0026ldquo;If swap_flag is 1, the format of the return value differs: The time-low and time-high parts (the first and third groups of hexadecimal digits, respectively) are swapped. This moves the more rapidly varying part to the right and can improve indexing efficiency if the result is stored in an indexed column.\u0026rdquo; From MySQL\u0026rsquo;s point of view, AUTO_INCREMENT integer primary keys work better than UUID, but a lot of software prefers UUID. UUIDs can have advantages for high insert rates, because they can be created independently in different clients in parallel. MySQL stores data physically in primary key order, but the way UUIDs order is not advantageous to that. MySQL provides the UUID_TO_BIN(string_uuid, 1) function to fix this. Consider using it, it unlocks many performance advantages. UUID discussion , Another UUID discussion . The datatype produced by UUID_TO_BIN() is a VARBINARY(16). When using integer or bigint primary keys, consider making it unsigned.\nIt will double the key range. If your primary programming language cannot handle unsigned values, it is okay to use signed. Remember that Javascript has a 53-bit problem. In your table definition, keep the primary key to the left.\nThis is purely cosmetic, but it will make the life easier for reviewers of your code. NULL values and nullable columns Define columns as NOT NULL. If a column is nullable, the NULL value must have exactly one meaning, and it must be documented (e.g. in a COMMENT clause in the CREATE TABLE statement). More on NULL values . If you are using LEFT JOIN or access columns that can be nullable, consider the SQL functions COALESCE() , IFNULL() and the comparison operator IS NULL. NULL values do not compare normally, so wrap nullables into one of these functions. Default values avoid DEFAULT values, except for natural \u0026ldquo;zero\u0026rdquo; values appropriate for the type. for DEFAULT date and time values, see the section on date and time values. Boolean Use TINYINT to store booleans. MySQL does not have a native boolean type , so we use TINYINT. It uses one byte. Clever hacks exist to exploit nullability (CHAR(0) NULL columns) or bitfields to store data more densely. These usually backfire later in the software development lifecycle. Avoid them. Integers Always use integer and bigint. MySQL offers several integer data types smaller than the 4-byte integer and the 8-byte bigint. They have been used in the past, and usually later created an upgrade problem when the data range was exhausted in company growth. Do not use display widths with integers. Use int, not int(11). Fractional numbers and monetary values Always choose double. Never use float.\nFLOAT is a 32 bit floating point number, and the range and precision is usually too small to be useful. In the past some projects have stored pricing information as double. This comes with its own set of problems. Consider using an appropriately sized DECIMAL(16,4) variant, but be aware what the systems you depend on and the systems depending on you use. Compatibility may be better than correctness.\nFor euro-values, use a column name suffix \u0026ldquo;_eur\u0026rdquo;.\nCHAR, VARCHAR and the various TEXT types Avoid CHAR, prefer VARCHAR.\nIn very old versions of MySQL the CHAR type had certain speed advantages. None of these are true any more for modern MySQL using InnoDB. Do not use fixed width character types anymore. Consider row width, and slightly prefer VARCHAR over TEXT types.\nVARCHAR are stored inline and contribute to row width, TEXT types are stored like BLOBs and are stored in a complicated way that can have a lot of overhead. Use VARCHAR for string-like texts. Use TEXT where you actually store small \u0026lsquo;files\u0026rsquo; in the database. If you do that, see below the notes on BLOB data. They also apply here. Use the default utf8mb4 charset, it is the utf-8 you want.\nVARCHAR and the various TEXT fields have a character set associated to them. Always use utf8mb4 as the character set (it should be the default, but check). Read up on Why utf8mb4? Avoid ENUM, use lookup tables.\nMySQL offers an ENUM data type, and we have used this a lot in the past. We found that removing values from an ENUM is a very costly table change. We recommend you use a lookup table. Encoding columns for great profit explains how converting string columns with low cardinality can pay off in shrinking the data size. BLOBs and files in the database Databases are not good file systems.\nWhen reading values from disk, they pass on through the file system, the database server, are being converted into the column field data type the server uses internally, pushed again into the kernel into the network layer and then finally sent. This involves making around three copies of the data, whereas using sendfile() or splice() to send a static file from the filesystem is zero copy. Consider not using the database to store files. max_allowed_packet is an absolute limit.\nAll data MySQL handles must be smaller than the config value max_allowed_packet, even if the field size allows for more. In our systems that limit is 16 MB. There are ways around that, using string manipulation of very large strings. This eats an insane amount of memory. If you find yourself going down that route, stop and reconsider your design or life choices. In MySQL 8, handling TEXT and BLOB is less costly, but still worthwhile checking.\nIn the past, any result set that contained TEXT or BLOB types, no matter how small, forced sort operations to spill to disk, making them slow. This is no longer the case for the most recent versions of MySQL 8, but it is still useful in many cases to consider a two-step approach: Step 1: Run a query to select the primary key values you need in the order you need them. Step 2: Run a second query of the form SELECT id, blobcolumn FROM table WHERE id IN (...), with the ... containing a list of up to 1000 literal id values as constants to fetch the blob data. Using BLOB and TEXT fields larger than 1 MB can saturate the network using replication and uses a lot of disk space.\nMySQL is using row-based replication, and for each row changed will store a pre-image and post-image of the row on disk, for replication. This is kept for up to seven days, to enable lagging replicas to catch up. Each replica is then downloading this information, so for each changed 1MB field, 2 MB are copied to each instance. DATE and TIME values Be aware of MySQLs awful date and time history. The date and time types in MySQL have an awful history because of a number of very bad design decisions in the past. Most of that is cleaned up by now, but we still see legacy problems in some places because of old data or old code. What are the reasons for the bad things: MySQL allowed partial dates, \u0026lsquo;2022-01-00\u0026rsquo; for \u0026ldquo;I do not know the day\u0026rdquo;, or \u0026lsquo;2022-00-00\u0026rsquo; for \u0026ldquo;I have no idea about month and day\u0026rdquo;. They are no longer allowed (NO_ZERO_IN_DATE). MySQL allowed zero dates (\u0026lsquo;0000-00-00\u0026rsquo;), and conflated them with the NULL value. This is no longer allowed (NO_ZERO_DATES). MySQL had a magic type TIMESTAMP that in a magic position behaved magically. Specifically, the leftmost TIMESTAMP column was automatically set to NOW() when it was not explicitly set to a value, but other columns of a row were changed. This was used to implement changed_at columns. Today, you can apply this to any DATETIME or TIMESTAMP in any position, using an explicit ON UPDATE CURRENT_TIMESTAMP clause. There are lots of special rules and exceptions that document past behavior and an attempt at compatibility and migration. The manual on the state of things . MySQL DATE, TIME and DATETIME types do not deal with timezones.TIMESTAMP does. But only if the timezone tables in the mysql.* schema are initialized. The current timezone you are in is defined as a default for the server, and can be overridden as a connection property. It is likely not a good idea to do that. You can shoot yourself in the foot with timezones, DST boundaries and interval arithmetic. How that happens . Prefer DATETIME, not TIMESTAMP, unless it\u0026rsquo;s changed_at. The range of TIMESTAMP is limited and has a year 2038 problem. DATETIME, TIME and TIMESTAMP can have microsecond resolution if desired. In MySQL, DATETIME, TIME, TIMESTAMP can have fractional resolutions up to microsecond resolution. To get that, specify a precision such as DATETIME(6), TIME(6) or TIMESTAMP(6). Use minimum and maximum values as boundaries in time ranges. If you define time ranges, use field names such as valid_from and valid_until. If you are using DATETIME types for that, use 1000-01-01 00:00:00 for \u0026ldquo;minus infinity\u0026rdquo; and 9999-12-31 23:59:59 for \u0026ldquo;plus infinity\u0026rdquo;, as these are the minimum and maximum values for this type. Do not use NULL values, as they will not compare. Be aware that the SQL BETWEEN operator is a closed interval (WHERE id BETWEEN 4 and 7 will return 4, 5, 6 and 7), and you often want half-open interval (WHERE now() \u0026gt;= valid_from AND now() \u0026lt; valid_until). Avoid using BETWEEN to avoid ambiguity of the nature of the interval and assumptions on the code readers side. JSON data type MySQL 8 provides JSON functions. They are a bit clunky, but work very well. When using JSON functions, also learn about generated columns and virtual indexes. This is new functionality in MySQL 8, and that means it is less tested than other code. JSON basics , Generated columns and virtual indexes . JSON in MySQL always uses the utf8 character set. This is a bug, it should be using utf8mb4, but currently not fixed. The effect is that Emoji and other letters with 4-byte UTF-8 encodings cannot be used there. Common column types that applications use email varchar(255) character set utf8mb4 phone bigint unsigned (E.164 format) ip_address varbinary(16), because IPv6 is a thing. Check out INET6_ATON() and virtual indexes on generated columns as a convenience. SELECT ... FROM t WHERE request_ip = INET6_ATON(\u0026quot;141.255.161.178\u0026quot;) base64, blob, mediumblob, for JSON there is a special new JSON type. language char(2) for ISO-639-1 codes, named lang, language_code. country char(2) for ISO-3166 alpha-2 country codes. IBAN varchar(34) Foreign Key Constraints Avoid foreign key constraints, unless you are in a department that specifically requires you use them. MySQL allows you to define foreign key constraints. They come at a price:\nForeign key constraints can only refer to columns in the same database instance, but our schemas have more data than fits into a single schema, and often requires you work across database instances using multiple handles. Foreign key constraints are always immediate. That means they are checked at the end of each statement, not at the end of a transaction (\u0026ldquo;deferred\u0026rdquo;), forcing an order to your SQL statements inside a transaction. This is often inconvenient. Foreign key constraints with cascades (ON DELETE CASCADE, ON DELETE SET NULL and similar) are writes generated at the InnoDB engine level, not at the MySQL binlog level. They are not visible in the binlog. If you are using Change Data Capture or Online Schema Changes that based on the binlog (gh-ost), they break in the face of such FK constraints. Foreign key constraints require additional lookups and additional locks. This can lead to lock escalation and a higher deadlock rate, impacting throughput. With foreign key constraints it is possible to create undeletable and unupdatable rows. Foreign Key Constraints with ON UPDATE and ON DELETE clauses can cause spooky action at a distance, and can also cause large bulk deletes and updates that will break replication. Foreign Key Constraints break all tooling we have for Online Schema Change and for automated database splits. Table changes become extremely toil for everyone involved. Foreign Key Constraints break Group Replication, which we depend on. Because of that we recommend you do not use foreign key constraints. They usually provide a lot of toil and little benefit. Exceptions exist. Check your departments engineering guides. What are Foreign Keys, and Foreign Key Constraints , Foreign Key Constraints and Locking .\nTransactions Keep transaction runtime short. Long-running transactions will build a large Undo log and slow down the database for everyone. A transaction taking fractions of a second is fast, a transaction being kept open for minutes or even hours is not. The effect of long-running transactions on performance . Keep transaction size in the range of 1000 to 10000 rows for batch loading. Larger transactions are incompatible with group replication, and also will not provide speedup. Smaller transactions cause excessive sync to disk, and are not fast. Commit size and write speed . Use the default transaction isolation level REPEATABLE READ. There were use-cases for READ COMMITTED in the past, but with SELECT ... SKIP LOCKED in MySQL 8 and row based replication, most of these are gone. What are isolation levels? , Proper counters with locking . To start a transaction, MySQL offers several semi-equivalent syntax variants: BEGIN, BEGIN WORK and START TRANSACTION READ WRITE. Check what your ORM is using. Only START TRANSACTION READ WRITE should be used. It is the only syntax that signals write-intent or read-intent (START TRANSACTION READ ONLY) in the opening statement, and hence the only statement that load balances properly in ProxySQL.\nProxySQL will have to assume write-intent in all cases if BEGIN or BEGIN WORK are being used. This will run even read-only transactions on the primary, and scale badly, unless two application database handles are being used.\nIdempotent Queries Databases have transactions. It is not strictly necessary to formulate queries as replayable (idempotent). Things that are being wrapped in a transaction will all either execute together or not at all, and once the commit returns successfully the data is guaranteed to be persisted.\nThat said, it is useful to use replayable forms of write-queries because they are more resilient and make certain recovery operations easier.\nRead-Modify-Write, Counters and SELECT ... FOR UPDATE A common scenario in transactional databases is making a change to an existing record, for example updating a description, incrementing a counter or changing the state of a work item in a state machine.\nYou can think of that as \u0026ldquo;taking a value temporarily out of the table\u0026rdquo; (like lending a book from a library) by locking it, making the change in the application, and then putting it back by running the actual update.\nThe correct way to do this is to\nstart a transaction using START TRANSACTION READ WRITE read the value to be modified by using SELECT ... FOR UPDATE, in order to not only select the row in question, but also pre-lock it the way a later write would. SELECT ... FOR UPDATE is a read statement, but applies X-locks like an UPDATE. This is \u0026ldquo;taking the value temporarily out of the table\u0026rdquo;. You can now make changes to the record in application memory. Then run UPDATE ... SET ... to write the change back. On COMMIT the change will be persisted and the lock will be dropped. This is called a read-modify-write (RMW) transaction, and is the correct way to achieve such multi-statement changes atomically. You need to find out how your ORM creates RMW transactions.\nSome notes:\nThis is discussed at length in MySQL Transactions (Read-Modify-Write) . Make sure START TRANSACTION syntax is being used, not BEGIN syntax. COMMIT can fail, you must check success and be prepared to re-run the entire transaction. A transaction must not extend across a user interaction. You must not SELECT ... FOR UPDATE and then wait for user input. A transaction must be finished in fractions of a second. Optimistic locking To ensure record identity across user interaction, optimistic locking is commonly used. The problem to solve is: We load a record into the application memory and then let the user perform changes. We need to write the changes back, but the record may have been simultaneously changed by a second connection.\nWe cannot take an X-lock on the record and keep record ownership for a long time across a user interaction, because that will destroy performance in many ways (Imagine a user opening the edit screen and then going on vacation or even just a lunch break).\nThere are two common ways to solve this, which are collectively called \u0026ldquo;optimistic locking\u0026rdquo;:\nYou write back the change in an update where you guard the UPDATE with the full set of old column values in the update: UPDATE t SET col1=new_value1, col2=new_value2, ... WHERE col1=old_value1, col2=old_value2, .... The update will fail and not change any row, if any old value has changed since we loaded the original row into the editor presented to the user. It is then possible to present the change to the user and let them resolve the conflict. Similarly, we can have version numbers in each row, and guard the update with the version number. UPDATE t SET col1=changed_value, version=old_version+1 WHERE id=pk_value AND version=old_version. The update can happen on the combination of id and version, and will fail if the version changed while we were waiting for user input. It is important for the version number to be not part of the primary key, because otherwise we get versioned entries in our data table. This is usually not a desirable trait in transactional systems (see Tombstones elsewhere). Job Queues (and SKIP LOCKED) MySQL is not actually a queueing system. Talk to Kafka about queues and do not use MySQL as one. Using MySQL as a queue will deliver \u0026ldquo;exactly once delivery\u0026rdquo; of jobs, at the cost of at least one disk write per enqueue and dequeue, which translates into fantastic monetary values in a cloud environment by the way of very high IOPS values.\nMySQL has been used as a queue in some scenarios on bare metal , because it is so obvious and convenient. Looking at the cloud, avoid that and use a proper queue service for your problem.\nIf you must use MySQL as a queue, at least do it right , and lock properly using SKIP LOCKED.\nFor writing to MySQL and Kafka, consider the Outbox pattern (Outbox pattern ) and talk to the Kafka team.\nSorting Database servers are often more expensive and centralized machines compared to their clients, and harder to scale. We have found that is it useful to sort in the client where it makes sense instead of using ORDER BY.\nSubqueries Prefer JOIN over subqueries. MySQL 8 is better at optimizing subqueries than older versions of MySQL, but it is usually still safer to write a JOIN than to use the equivalent subquery syntax. If you come from Red Oracle, you have learned things to be the other way around and need to adjust. This is especially true for subqueries with negations (WHERE NOT EXIST) to find missing values. Use a LEFT JOIN with IS NULL on a right-hand side value to achieve the same result much faster. Tombstones (is_deleted flags) Avoid Tombstones. Tombstones are a per-row flag that marks a row as deleted. All queries to the table need their WHERE-clause to be amended by a AND is_deleted = 0 term or similar to find only non-deleted rows. Tombstones are usually not a good idea. The old data will increase the size of the active transactional table. This will increase the working set of the database, and require a larger instance. The tombstone flag needs to be indexed, or even become part of the primary key, in order to eliminate dead rows quickly. The MTTR of the system after failure is higher because the database is larger, being bloated with dead data. Actually physically deleting the tombstone data is a cumbersome process when done in large batches. It is usually preferable to build transactional systems that are small and contain only life data in transactional tables. Log data with temporary structure should at least go to other tables with log nature, or even to different machines that are handling the archival log and are not part of the critical, transactional production scope. You can write records to the transactional table. When they retire, instead of deleting, move them to a log table. You can double write records on creation to the transactional table and the log table, then mirror the entire lifecycle on both tables. Typical scenarios where Tombstones are deadly: A queue-like structure in a table (\u0026ldquo;Picklists\u0026rdquo;, \u0026ldquo;Producer/Consumer Scenarios\u0026rdquo;, \u0026ldquo;State machines in a table\u0026rdquo;) It is sometimes okay to keep old inventory records around in a lookup table if there is a chance that items elsewhere still refer to the deactivated inventory. In general, it is often useful in transactional systems to keep the working set aggressively small, and then keep non-critical data in other tables in the same system, or even in dedicated non-transactional systems. How little data do I need in order to be able to take their money successfully? Partitions Partitions are a way to split a large table internally into a number of small tables, while still presenting the interface of a single table to the user. They may be useful for tables \u0026gt; 30 GB in size, a quarter of an instance\u0026rsquo;s memory size.\nPartitioning always works on the primary key, or the prefix of a compound (multi-column) primary key. Internally, MySQL uses (a part of) the primary key to decide into which internal table (partition) to put the row. The optimizer may use this to reduce the number of partitions to search when running queries.\nAlso, instead of deleting many rows individually, it may be possible to speed up some deletions by running an ALTER TABLE ... DROP PARTITION ... to quickly remove data. On the other hand, running DDL queries in the normal application workflow likely is going to need a compliance exception.\nPartitions can work on a RANGE or LIST of column values, or on a hash function (KEY uses a system-supplied hash, HASH uses a user-supplied function). RANGE and LIST can speed up queries by enabling the optimizer to eliminate partitions before access. HASH and KEY \u0026ldquo;spray\u0026rdquo; data across many partitions, and can make insertion faster and more even.\nTalk to a DBA about planning proper partitioning, taking your workload and access pattern into account.\nUsing MySQL in a replication environment Our MySQL is always in a treelike replication structure to place read copies of the data close to the application. This provides low latency data access. Writes always go to the root of the replication tree, the current primary. Your application has access to segregated read and write handles for database access. Make sure you are using the proper handle. Replication speed is mostly a function of workload. DBAs can keep replication running, but they cannot really make a server replicate faster. Use replication-aware bulk functions. Your database access library has functions to prevent overloading a replication hierarchy. Use them, and when they don\u0026rsquo;t work - \u0026ldquo;don’t get creative, get help.\u0026rdquo; DBAs can indeed speed up replication by changing the server configuration to a mode where disk writes are not properly persisted. By writing to disk less the server can replicate faster, at the cost of losing data should there be a fail-over situation while this configuration is active. This is known as \u0026ldquo;YOLO\u0026rdquo;-Mode. Our MySQL topology is managed by a program called Orchestrator . Orchestrator takes care of Primaries and Intermediate Servers failing, rearranging the surviving members into a valid replication tree. It also informs our server discovery mechanisms of the change. This means: Your application cannot rely on write- and read-handles pointing to static machines, when DNS is used. You must re-resolve hostnames immediately before reconnecting. You must make sure that your code does not internally cache DNS query results (Java!). Debugging performance problems High CPU? MySQL typically does not use much CPU. Servers with high CPU usage are having one of three problems:\nQueries not using indexes, scanning a table completely, in memory. Identify the query not using indexes and fix the schema or the query (see below). Excessive sorting in the server. If possible, access the data in index order, or do the sorting in the client where it scales better. Code in the database is being run (i.e. somebody has been using stored procedures, stored functions or similar) Destroy the codebase and start over from scratch. Finding problematic queries using Vividcortex On many replication hierarchies we have probes running that log query data into \u0026ldquo;Solarwinds DPM\u0026rdquo; (previously known as VividCortex). If you do not have access or your replication hierarchy has no probes, contact DBA.\nFinding problematic queries using sys.* All database servers by default have installed a series of views in sys.*. These read data from performance_schema.* (P_S for short), which is partially enabled on all machines.\nP_S is documented in https://dev.mysql.com/doc/refman/8.0/en/performance-schema.html . It is optimized for logging performance data without impacting performance much. It is not optimized for access by humans.\nThe sys.* (sys for short) is fixing that, presenting a number of useful views on P_S, for human consumption and reporting. sys is documented in https://dev.mysql.com/doc/refman/8.0/en/sys-schema.html .\nAll views in sys exist in two variants: the regular variant for humans (sys.host_summary_by_file_io) and the x$ variant presenting unabridged data at full resolution for reporting (sys.x$host_summary_by_file_io). Numbers in the regular variant are shortened and suffixed with units (\u0026ldquo;15m\u0026rdquo;, \u0026ldquo;100k\u0026rdquo;) or transformed into human time scales (runtime 01:02:03). Numbers in x$ views are presented raw. It is useful to work interactively with the regular variants and the run the final report on the x$ variant for full data.\nNote that meaningful performance data can be gathered only on production instances, but you can craft performance insight queries on test instances easily. You will then need to run these on production instances to actually get production performance data.\nMissing indexes The most common cause for slow query execution is \u0026ldquo;missing indexes\u0026rdquo;. Once you have identified queries with slow execution time using Solarwinds DPM or sys, run the explain command on them to see their execution plan. Refer to Explaining EXPLAIN: Queries and what happens when you execute them (version without presenter nodes ) to better understand what goes on.\nMost commonly, one of these things needs fixing:\nadd missing indexes formulate a query with dependent subqueries to use some kind of join formulate a query with multiple range clauses in a way that resolves in multiple steps DBA can help you with this problem.\nMismatching types A longstanding problem in MySQL was a type mismatch in a join. If you have a query with a a JOIN b ON a.col1 = b.col1, and the instances of col1 in the two tables have incompatible (different, and not coercible) types, an index cannot be used to resolve the query, even if it exists. That is, if col1 is a varchar in a, but an int in b, the join will be slow.\nThe problem can also often be provoked in a WHERE clause such as WHERE a.col1 = \u0026quot;value\u0026quot;, with a.col1 being integer, and \u0026quot;value\u0026quot; written as a string literal due to the quotes. Again, an index, even if it exists, won\u0026rsquo;t be used.\nBad Paging (based on an idea from Yves Orton)\nThe query SELECT id FROM Whatever LIMIT 10360000,10000 is an example of paging, where a user or a script want to read a large, full result set in chunks of 10k.\nThis is not an efficient practice, as the database has to execute the same query over and over. It may be able to apply some mild optimizations for low limit values (at the start of the paging), but eventually it will have to reproduce large parts of the full table, handing out fragments of 10k rows. On top of that, MySQL represents result sets internally in a linked list, so LIMIT clauses with large offset values are very inefficient.\nWe could instead fetch one row more, while reading in table native order. This will get of the offset part in the LIMIT clause. It will not have to physically sort, as the table is read in native primary key order. And it will only access actual 10k fragments of the table.\nselect id from Whatever order by id limit 10001 We output 10k values, and take the final value as a new starting point lastid:\nselect id from Whatever where id \u0026gt;= :lastid order by id limit 10001 and so on.\nSpecific Host languages Python As a developer using Python, I want to be able to hand a list to SQL with a WHERE id IN (…) clause, and it should do the right thing. This can be done by using a prepared statement like SELECT .... WHERE `foo` IN %s ... and passing in a list or a tuple for the placeholder variable.\nFull discussion in Python: WHERE \u0026hellip; IN (\u0026hellip;) Important caveats:\nThere are no () in the prepared statement after the IN Only list and tuple will work, no other iterables As a developer using Python, I want to be able to trace the SQL.\nFull discussion in Python: Debug SQL Support Host, Version, User The DBA will have a much easier time in helping you, if you have the output of the following query ready when you ask them about your SQL performance problem.\nSELECT @@hostname, @@version, user(); This will tell them the actual instance hostname, the precise version string of the database and the username (and by inference, the permissions) you are using to connect.\n","date":"2022-04-15T00:00:00Z","href":"https://blog.koehntopp.info/2022/04/15/sql-engineering-guidelines.html","tags":["database","mysql","mysqldev","lang_en"],"title":"SQL Engineering Guidelines"},{"categories":null,"content":"MySQL uses replication to do an ongoing life restore of a primary server to any number of replicas. How replication came to be I have discussed previously in another article .\nModern replication uses row based replication, with a minimal row image and compression. What is that?\nDecoding the Binlog When using Row Based Replication, the Row Change event is represented using the BINLOG statement in the output of the mysqlbinlog command. It has a single string parameter, the base64 encoded pre- and post-change row images.\nAdding the -v option multiple times will decode that: mysqlbinlog -vvv. It shows a pseudo SQL statement affecting a single row.\n# at 1140 #220404 16:34:41 server id 187076016 end_log_pos 1140 CRC32 0x0112f9b6 Table_map: `kris`.`testtable` mapped to number 92 # at 1140 #220404 16:34:41 server id 187076016 end_log_pos 1140 CRC32 0xe3714794 Delete_rows: table id 92 flags: STMT_END_F BINLOG \u0026#39; AQJLYhOwjSYLWwAAAAAAAAAAAFwAAAAAAAEAEHBheW1lbnRjb21wb25lbnQAFHBheW1lbnRfc2Vz c2lvbl9kYXRhAAUI9Q8P9QYEFgCHAAQeAQEAAgEItvkSAQ== AQJLYiCwjSYLLAAAAAAAAAAAAFwAAAAAAAEAAgAFAQDcTtUTAAAAAJRHceM= \u0026#39;/*!*/; ### DELETE FROM `kris`.`testtable` ### WHERE ### @1=332746460 /* LONGINT meta=0 nullable=0 is_null=0 */ This example from an RBR binlog shows the replication context. Note the table map, which translates a table name into an internal table_id, followed by the binlog checksum and log positions. Below that, the actual row change is decoded into a BINLOG statement, and the pseudo SQL it translates to.\nThe MySQL primary and its replicas have identical metadata. While some metadata is part of replication, such as column numbers and data types, other metadata is not part of replication, for example, the column names.\nNote that even with binlog_format=row configured, some statements are still being replicated as statements \u0026ndash; notably, all statements that do not change rows are replicated as statements. That is for example all DDL: you will see CREATE, DROP and ALTER statements.\nHow much row is in an RBR binlog? Originally, the rows in an RBR binlog were full images of the row, once before the change and once after the change. This can be a lot of data in a table that has TEXT, BLOB or JSON columns.\nThe pathological case is a table with a primary key, a counter and a large TEXT column, incrementing the counter. In this case, the TEXT is replicated twice per changed row, unchanged, for an increment of a 4 byte counter.\nThis was relatively quickly fixed by introducing the NOBLOB and MINIMAL row image formats. NOBLOB contains all columns before and after the change, except for BLOB and TEXT columns, unless they changed. MINIMAL logs only the primary key in the pre-image and contains only changed columns in the post-image.\nThis saves a lot of disk space, while still maintaining all information necessary to safely update a replica.\nSurprisingly, this is already quite efficient: For our workloads at work, RBR already creates smaller binlogs than SBR, even with FULL format (around 1/2 to 1/3 the size of SBR binlogs). MINIMAL can bring these numbers down even further.\nIf RBR is so efficient, why compression? Yet, for a large number of replication hierarchies, binlog storage is expensive and often a limiting factor given the fixed size of the disks we use.\nWe want to store several days of binlog, in order to be able to roll forward from restored backups. But because some replication hierarchies see a lot of churn, we get many row changes due to all these write operations. We should expect that: Online Transaction Processing has a singular purpose in life \u0026ndash; to transact.\nUsing compression, we use less disk space to store transaction, so we can store more of them in the same amount of disk space. MySQL compressed binlog events using zstd compression. Compressed binlog events encapsulate a regular binlog event each, so compression is per-event.\nPer-event compression is slightly less efficient than per-file, but has the advantage of easy implementation: After applying decompression to a compressed binlog event, a normal binlog event emerges, as before the change.\nThat makes it easy for all binlog consumers to update to the new format with minimal changes: Basically you need to add zstd as a dependency, and if you see a compressed event, decompress it and handle it as before.\nCDC versus replication The binlog is a MySQL internal data structure. It exists to facilitate replication between instances of MySQL. It is useful for other things, but as the binlog evolves, these other things have to track the changes.\nFor example, a lot of work is currently being done on CDC with various tools. The objective is mainly \u0026ldquo;Use replication as a channel to extract database changes in a defined format, and put them on a Kafka bus. These change events will then be used to re-create a database image in other formats, for example in Hadoop or elsewhere.\u0026rdquo;\nSo, to formulate it somewhat pointedly, at the purely operational level we are busy reinventing replication in JSON or Avro on Kafka. To save face: At the data modelling level things are a bit more involved.\nUnfortunately, this poses several challenges on the source databases:\nInitial data load does not consume a backup in one of our backup formats, but requires a life database instance, as the data load happens by queries instead of parsing data files. As the data load needs to be consistent, mapping to exactly one binlog position, it holds a consistent read view for a long time. Holding a consistent read view for a long time slows down MySQL a lot, so this instance becomes unusable for everybody but the data loader. Some data loads use multiple instances for speed. The CDC log parsers ask for full binlogs for simpler parsing. MySQLs own replication demonstrates that a minimal binlog is sufficient for replication, so it must be sufficient for CDC as well \u0026ndash; but that requires access to the full previous image of the row to fill in the missing data. As CDC does not have access to the full previous row image, it requests full format. Fixing that is considerable scope creep: instead of reinventing replication you are now reinventing the database. The CDC log parsers ask for uncompressed binlogs. That\u0026rsquo;s fixable relatively easily by learning to parse and use zstd, and doable. Foreign Key Constraints and CDC In MySQL, foreign key constraints are not implemented at the MySQL level, they are implemented at the engine level, for example in InnoDB. Sometimes, FK constraints generate writes, for example when ON DELETE CASCADE or ON DELETE SET NULL clauses are being used. Because these writes are not coming from the MySQL level, they will never show up in the binlog.\nMySQL\u0026rsquo;s foreign key constraints are fundamentally incompatible with CDC, and must never be used in hierarchies that use CDC.\nTransactionality and CDC MySQL writes a binlog record only on commit. As long as the transaction does not commit successfully, nothing is visible to replicas, and neither to CDC.\nThe data written to the binlog are all the row changes affected by a set of statements in a transaction. It is not geared to business level events of the kind we want to see on our Kafka, but logs table level changes to the SQL schema.\nOutboxes - why and how? The data written to the binlog will reflect changes to the table structure, as the schema evolves based on the needs of the team owning that schema. Since the CDC stream sees the same changes, the data format in there will also change, and break downstream consumers.\nOne might entertain the idea of not reading data from MySQL binlogs, but implementing CDC at the application level. This has a few advantages:\nMySQL binlog format may evolve and change, as MySQL evolves and changes. For example, a hierarchy may convert to group replication (many do), compression is being introduced, compliance may require encryption or other changes. We may not want this tight coupling, but be able to upgrade and change individual instances at will. The schema may evolve depending on the needs of the schema owner, which affects the format of events in the binlog, breaking downstream CDC consumers. We may not want this tight coupling, but be able to evolve applications and their schema at will. But emitting CDC events at the application level introduces great complexity: We must make sure that only events that are actually committed are visible on the bus, and that conversely no events are lost.\nThe default workaround at this point in time is the outbox: Applications perform their changes to the data as they wish, and in the same transaction also write to a table in a fixed format, the outbox.\nCDC reads the complete binlog, discards all writes except writes to the outbox, and uses the outbox changes to create a message on the bus.\nThis guarantees a fixed data format, as the format of the outbox table is fixed, while allowing the data owner to change all other tables at will.\nIt guarantees transactionality as well: as the writes to the private tables and to the outbox happen in a single transaction, they will always succeed or fail together.\nAnd it is relatively simple to implement.\nNot using Outboxes and not using binlog But Outboxes are still dependent on reading the MySQL binlog format. Every time that changes, CDC breaks. Or if it needs to change, the change needs to be coordinated between the data owners of a schema and all their consumers and dependencies.\nThe alternative, emitting a CDC event and performing a change to the database, can only work with some kind of commit tracking in the database.\nThis exists, but is a relatively new and untested feature in MySQL: Server Tracking of Client Session State . Not all client libraries have full support for session state tracking, yet.\nSession State Tracking allows a client to MySQL to know what the server is currently doing: for each piece of Connection Scoped State a tracker exists, so the client has access to the session state on a controlled way, and is notified if any state on the server changes.\nFor the purposes of CDC, the GTID tracker informs the client if a commit to the server succeeded and a global transaction id was assigned. The client gets a chance to correlate bus events with database transactions, and make sure both match.\nWhile being a much more complicated approach, it has the chance of breaking the dependency of being able to read MySQL binlogs. It is still a work in progress, though.\n","date":"2022-04-05T00:00:00Z","href":"https://blog.koehntopp.info/2022/04/05/change-data-capture-and-the-binlog.html","tags":["database","mysql","lang_en"],"title":"Change Data Capture and the Binlog"},{"categories":null,"content":"On Twitter, Samuel Nitsche asked:\nAre there \u0026ldquo;IT history nerds\u0026rdquo; on this app? Like people who have the skills/knowledge to tell how some trends/evolutions in IT appeared? I\u0026rsquo;d love to connect!\nAsking about what he wanted to know specifically he said, he\u0026rsquo;s interested in the reasons why DevOps and Agile take up in DBA circles is so slow and low. That forced me to brain dump stuff that has been active in the back of my mind for quite some time now, but which I never collected properly.\nThis is not yet a proper talk, but some kind of collection of material I wrote and some connecting thoughts.\nWhat is \u0026ldquo;DevOps\u0026rdquo;? I had a talk on the German UNIX Users Group Spring Talks titled \u0026ldquo;Go Away, or I Will Replace You With a Very Little Shell Script\u0026rdquo; (\u0026ldquo;There is no such thing as a DevOps Team\u0026rdquo;). The slides are on Slideshare , and I also have a Blog article . The talk basically explains what happened in the 10 years after the Dotcom Boom, and how the adoption of \u0026ldquo;scale-out\u0026rdquo; instead of \u0026ldquo;scale-up\u0026rdquo; created the need for Sysadmins to pick up Developer tooling and some developer methods in order to deal with machinery in numbers.\nWhile the tooling largely aligned, the outlook on life did not \u0026ndash; developers are looking at new features, basically new best cases. But operations people still are judged by resiliency, and how they are handling failures, so by new worst cases. The gap in mindset between Developers and Operations is hard to bridge, but it can be done with a little trickery. In any case, the traditional Sysadmin job died out.\nSome people ask about the distinction between \u0026ldquo;DevOps vs. SRE\u0026rdquo;, and there is very little. To some, \u0026ldquo;SRE\u0026rdquo; is the Google employer branding for the \u0026ldquo;DevOps\u0026rdquo; profile. Others make a vague distinction which riffs on the fact that \u0026ldquo;SRE\u0026rdquo; are people that care about worst cases, resiliency and fighting operational toil, and which also care about observability. In my experience that is too subtle a distinction to hold up in a hiring interview, much less in day to day operations.\nDevOps and Databases In regard to databases, this development did not happen at the same speed. There is a number of reasons for it:\nThere are usually very few databases compared to frontends, so the need to automate databases is much less pressing for most companies, with very few exceptions (Booking.com, Facebook and a few others). Only when you have thousands of databases, or when you limit database instance lifetime for whatever reasons you need to properly automate databases. Databases are very stateful systems. In fact, dealing with state, with transactions and with persistence is their only purpose in life. These things make proper database automation hard, and make most existing DevOps tooling unsuitable for the task. So you\u0026rsquo;d have to be very specific about tool choice, or invent tooling from scratch. Also, existing DBaaS developments are outdated and way behind the time (AWS RDS, I am looking at you!). State everywhere The most obvious exposure to state that developers have when dealing with databases is when seeing and handling database connections. These are not https/TLS connections, and cannot be sent through regular https proxies such as Envoy. Why is that?\nDatabases have a lot of connection scoped state . The most glaring example of state in a database connection is the transaction: If you are in the middle of a transaction and lose the connection to the database, the open transaction is being rolled back.\nDevelopers need to catch this problem, and go back to the beginning of the transaction, restarting it from the beginning. So reconnecting to the database transparently and hiding the disconnect/reconnnect from the application is almost impossible. Developers are hating the database for this, or ignore the problem, producing incorrect code.\nDevelopers want a pony, and failing that, at least a queue with exactly-once semantics .\nThey can have that, up to a point, but at a terrible cost of one transaction per state change. It is a legal wish to have, if you can afford the cost, because it makes development easier and a lot more boring. But you need to track this as an absolute scaling limit, and be prepared to handle this as a tech debt item later on, in time.\nYou can, as a company, get away with \u0026ldquo;boring technology \u0026rdquo; for a very long time. That is good, because it simplifies developer life and allows them to move forward without much technical complexity to take into account. Eventually you run out of runway, though, and need to take this on. That\u0026rsquo;s usually a painful breakpoint in the company\u0026rsquo;s growth journey. It also makes it very hard to find database SRE people .\nAutomating databases is hard, because of internode dependencies Scaling out databases and automating their operation is a hard task.\nNot only are connections stateful, but things like SQL databases, consensus systems (such as Zk, etcd, Consul), and things that have consensus systems inside, are clusters. They cannot be handled by tooling that thinks of a deployment as a set of independent boxes without constraints between them.\nSo when you look at puppet, chef, terraform, \u0026ldquo;harness.io\u0026rdquo; or other things, they have no concept of a cluster, of a quorum, or of a replication hierarchy. The point being: making changes to such a cluster creates an order to the updates, as they are applied. Also, checkpoints are needed for the change to proceed, to make sure quorum is kept at all times.\nFor example, in a replication tree, updates need to be made to the leaf nodes, then their parents and so on, to make sure that a replica is always newer than its primary.\nAnd updates to clusters with quorums can only be made while maintaining quorum. So after each application of a change to a cluster node, the update orchestrator needs to check if the node it just worked on came back properly. Only then it may proceed with the next node. None of the tools mentioned above have any concept of such constraints, they are simply unfit to deal with databases that are not a SPOF.\nAnsible can dig itself out of that hole by the sequential and slow nature of its processing and delegation, but is still unaware of the actual topology of constraints. Only salt and k8s have concepts that can handle clusters or where you can implement what k8s calls an Operator.\nAutomating database is slow, because data has weight Working with databases is always slow, because data has weight . At 400 MB/s, copying 1 TB takes 45 minutes, and replication catchup and cache warmup take another 15 minutes, so we can calculate and communicate \u0026ldquo;1 hour per 1 TB of data size\u0026rdquo;. Of course \u0026ldquo;reactive autoscaling\u0026rdquo; is never a thing for persistence systems. All changes always need to be planned, and then take time.\nAutomating databases is possible, but usually not done When you have automated databases to a point where\ninstances are made automatically, instances enter their replication hierarchies automatically, replication capacity and catchup speed is monitored and sized automatically, schema changes are handled automatically using Online Schema Change tooling, backups with restore tests are done automatically, primary key exhaustion is monitored, all instances are being remade cyclically within 60 days, instance discovery by applications is handled properly, secret managent including account and password rotation is automated so that you can upgrade database versions automatically within 60 days or less across a fleet of thousands of database instances, then you are finished.\nBut that requires a unique approach to automation that is not available widely, even in 2022. It is certainly not available in AWS RDS, which thinks about singular instances at the level of \u0026ldquo;create an instance and apply a configuration\u0026rdquo;, with basic passive replication management tacked on as an afterthought (and expensive resiliency with DRBD). It is ten years old technology, and that shows.\nObservability is lacking Also, Devops usually requires good observability: Stack upwards, in the general direction of the developer, and stack downwards, into the general direction of the hardware. MySQL for example, has pretty good aggregate monitoring \u0026ndash; the Telegraf MySQL collector is splendid and rather complete for a general MySQL collector.\nBut the data collection for a singular query is underdeveloped, and gathering the data is slow and painful. If you try to collect data about a single SQL query that just ran, it takes 10-12 followup queries to P_S to extract data about what this particular query did. And you still did not have the execution plan, or the number of actual pages read for this single query.\nConversely, while blktrace collects all kinds of data about the I/O a system sees, the open source tools to visualize this are underdeveloped. It took a commercial company and a commercial tool (Oakgate Workload Intelligence Analytics ) to provide tools to parse blktrace and paint useful images from it.\nStateful is different, and the gap is far from closing Of course, the YOLO stateless lets-quickly-make-another-instance mindset of DevOps cannot survive in Database Land. Nobody in the DevOps crowd understands these things, and that in stateful systems errors and mistakes are not reversible. Mistakes are persistent: data that is gone, is gone forever. And new instances take an hour per TB.\nNothing in the current DevOps propaganda takes any of this into account, hence Samuel\u0026rsquo;s observation is correct.\nOn the other side, there is little movement in DBA land. There is a very complacent DBA crowd, and there are extremely complacent companies. Oracle for example never ran their own products at scale, at least MySQL as a company, and later as a division in Oracle, never did it at scale until recently.\nSo MySQL always had a bunch of wrong defaults, broken upgrade paths, insecure workflows and so on \u0026ndash; until Oracle Cloud was a thing. Suddenly Oracle, at least Blue Oracle, had to actually run operations for their own stuff. And that was good: the last 2 years have done more for MySQL Operational Simplicity than all the 20 years before.\nOn the DBA side: most DBA departments positioned themselves as \u0026ldquo;guardians of the data\u0026rdquo; and as choke points, like old sysadmins did before DevOps. They also did not automate database operations properly (\u0026ldquo;as a service\u0026rdquo;). So there are few mature operational concepts for databases in the field, and even fewer codebases implementing them. Mostly, I believe because there was never sufficient pressure.\nThere is also not a lot of tooling for developers. If you look at MySQL blogs, for example the collection at Planet MySQL , you will find that they often write about the database from an operational point of view (\u0026ldquo;How to configure mysql\u0026rdquo;, \u0026ldquo;How to make a backup\u0026rdquo;).\nOnly rarely, they write from a developer point of view (\u0026ldquo;How can I see my query performance through the ORM\u0026rdquo;, \u0026ldquo;What is the right way to notice a rollback, and restart a transaction in my host language\u0026rdquo;, \u0026ldquo;What is an efficient way to handle RMW-cycles in my host language\u0026rdquo;).\nThere is a big divide between Developers as users of a database, DBAs, and vendors/bloggers/community advocates. With this being the case, and not being acknowledged, there is little chance for development. Pickup of new strategies, discussion about gaps in tooling and social innovation is slow in such an environment.\n","date":"2022-04-04T00:00:00Z","href":"https://blog.koehntopp.info/2022/04/04/devops-meets-databases.html","tags":["database","mysql","lang_en"],"title":"DevOps meets Databases"},{"categories":null,"content":"When using MySQL with Python, you may want to use the mysqlclient library, which is what most people do and which will work just fine. Or you are using the official MySQL 8 Connector/Python package, which will behave slightly differently, but maybe supports the unique MySQL 8 feature already that is not in mysqlclient, yet.\nYour SQL may be hand-writtten, or it may be generated using SQL Alchemy, Django or some other package. If the latter is the case, it may be useful to be able to see the actual SQL string that has been sent to the database in order to facilitate interactive debugging.\nUsing mysqlclient If you are using mysqlclient with Python, the class internally sends the SQL to the server in a method _query(self, q) in the Cursor class (source ).\nThe _query(self, q) method itself updates an _executed member of the cursor to store the literal query string sent to the server. But it does so only after having sent the query. On error, an exception is raised and _executed is not updated (source ).\nTo always get access to the actual query string, define a class DebugCursor, and specify it with your connection **kwargs. In DebugCursor, do the needful.\n#! /usr/bin/env python3 import MySQLdb import MySQLdb.cursors class DebugCursor(MySQLdb.cursors.DictCursor): def _query(self, q): print(f\u0026#34;Debug: {q}\u0026#34;) super()._query(q) db_config = dict( host=\u0026#34;localhost\u0026#34;, user=\u0026#34;kris\u0026#34;, passwd=\u0026#34;secret\u0026#34;, db=\u0026#34;kris\u0026#34;, cursorclass=DebugCursor, # referenced class must be defined before ) db = MySQLdb.connect(**db_config) c = db.cursor(() sql = \u0026#34;select d from testtable where id = 3\u0026#34; c.execute(sql) print(c.fetchall()) In our class DebugCursor, we inherit from our cursor of choice. We override _query(self, q), printing the query string q, and then calling the parent class implementation.\nThe output:\n$ python3 probe.py Debug: b\u0026#39;select d from testtable where id = 3\u0026#39; ({\u0026#39;d\u0026#39;: \u0026#39;drei\u0026#39;},) We can use this to trace-log all literal SQL before it is being executed, even if the query string is invalid or contains syntax errors.\nUsing MySQL Connector/Python If you are using Oracle MySQL Connnector/Python to connect to the database, the implementation can internally use Cython or a Pure Python implementation of the protocol.\nBoth implementations behave slightly differently, unfortunately. Only the Pure Python implementation can be debugged easily in all circumstances. It is therefore important that you specify use_pure=True with your connection **kwargs.\nThe raw SQL statement will be found in the cursor\u0026rsquo;s _executed member. If you are using multi-statements (don\u0026rsquo;t!), they will be logged in the _executed_list.\nWe write:\nimport mysql.connector import mysql.connector.errors db_config = dict( host=\u0026#34;127.0.0.1\u0026#34;, user=\u0026#34;kris\u0026#34;, passwd=\u0026#34;geheim\u0026#34;, db=\u0026#34;kris\u0026#34;, use_pure=True, ) db = mysql.connector.connect(**db_config) c = db.cursor() print(\u0026#34;=== Valid SQL: \u0026#34;) sql = \u0026#34;select d from testtable where id = 3\u0026#34; c.execute(sql) print(f\u0026#34;Debug: {c._executed}\u0026#34;) print(c.fetchall()) print() print(\u0026#34;=== Invalid SQL: \u0026#34;) sql = \u0026#34;syntaxerror d from testtable where id = 3\u0026#34; try: c.execute(sql) except mysql.connector.errors.ProgrammingError as e: print(f\u0026#34;Debug: {c._executed}\u0026#34;) print(f\u0026#34;Error: {e}\u0026#34;) The output looks like this:\n$ python3 probe.py === Valid SQL: Debug: b\u0026#39;select d from testtable where id = 3\u0026#39; [(\u0026#39;drei\u0026#39;,)] === Invalid SQL: Debug: b\u0026#39;syntaxerror d from testtable where id = 3\u0026#39; Error: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \u0026#39;syntaxerror d from testtable where id = 3\u0026#39; at line 1 Again, we can use this to trace raw SQL and identify actual generated SQL syntax much easier. This will allow us to pick up the literal SQL string, and debug interactively.\nThe same program, when run without use_pure=True, will not update c._executed properly if the SQL is malformed. It will produce the following output, which is worthless for debugging:\n$ python3 probe.py === Valid SQL: Debug: b\u0026#39;select d from testtable where id = 3\u0026#39; [(\u0026#39;drei\u0026#39;,)] === Invalid SQL: Debug: b\u0026#39;select d from testtable where id = 3\u0026#39; Error: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \u0026#39;syntaxerror d from testtable where id = 3\u0026#39; at line 1 Note how c._executed still holds the previous statement and not the statement that actually errored.\n","date":"2022-03-24T00:00:00Z","href":"https://blog.koehntopp.info/2022/03/24/debugging-sql-in-python.html","tags":["mysql","mysqldev","lang_en"],"title":"Debugging SQL in Python"},{"categories":null,"content":"I record this for posteriority without much comment.\nThe error message \u0026ldquo;Truncated incorrect DOUBLE value\u0026rdquo; when issued by MySQL can be a confused parser, and masks unintended barely legal syntax:\nkris@localhost [kris]\u0026gt; select * from testtable; +----+------+ | id | d | +----+------+ | 1 | eins | | 2 | zwei | | 3 | drei | +----+------+ 3 rows in set (0.00 sec) kris@localhost [kris]\u0026gt; update testtable set d=\u0026#34;vier\u0026#34; and id = 4 where id = 3; ERROR 1292 (22007): Truncated incorrect DOUBLE value: \u0026#39;vier\u0026#39; The actual problem here is the incorrect use of and in the set-clause of the update statement when a comma was intended.\nkris@localhost [kris]\u0026gt; update testtable set d=\u0026#34;vier\u0026#34;, id = 4 where id = 3; Query OK, 1 row affected (0.02 sec) Rows matched: 1 Changed: 1 Warnings: 0 Technically, an and is possible and legal, if you wanted to produce a boolean. Most people do not want this at this point in the statement, though. The error message is particularly unhelpful if you have no access to the literal raw SQL string for whatever reason.\n","date":"2022-03-24T00:00:00Z","href":"https://blog.koehntopp.info/2022/03/24/truncated-incorrect-double-value.html","tags":["mysql","mysqldev","lang_en"],"title":"Truncated incorrect DOUBLE value"},{"categories":null,"content":"On the morning of Saturday, 22nd February 2020, two years ago, my colleagues and I woke up to the a message from the company that said:\n\u0026ldquo;Spaces\u0026rdquo; Closed for Operations 23 Feb - 28 Feb\nDuring the morning hours of Saturday, 22 February, a fire occurred on the first floor of the \u0026ldquo;Spaces\u0026rdquo; building. The fire was extinguished promptly but due to smoke and residue particles that spread throughout the building, we will not be able to open \u0026ldquo;Spaces\u0026rdquo; for at least one weeks time. The closure of the building is required to ensure we fully inspect the building, our equipment, clean the office of all smoke damage and residue and more importantly, ensure we have a safe working environment to return to.\nIt then took exactly one month instead of one week to fix that, and the planned reopening of the building fell on the exact day of the beginning of the COVID-19 lockdown. So it has been today two years ago that I worked in an office the last time.\nI wrote into a company forum one year ago:\nWe will be keeping this up until at least October, and I would be surprised if we are not going to be doing this for much longer the way this country handles Covid.\nAnyway, this is the cluttered mess of my Desk at home:\nHome machine, and lab equipment to the left, company Mac on the desk during the daytime, bunch of books left and right. On top, the stick for my Internet Spaceship. Under the desk to the right, the file server and gaming box.\nIt is very… lived in. I do change things too often for any pretty cabling or other cleanup to hold up.\nAt least it has a decent view. That one hour commute to Spaces did pay off with a much more rural and spacious environment for home.\nBut at least the view from my Desk is decent…\nI am sitting on a Dauphin Shape XXL, a proper office chair instead of some gaming thing, and the desk is an older IKEA standing desk, motorized. I have cabled Internet at my desk, Wifi by Unifi in the house, and we have a 500/500 Mbit fiber connection at home, because faster Internet is not available where I live.\nLife ain’t bad.\nNever has been, actually.\nGoing back, I always had a desk to work on at home. In Berlin, an entire room (which also had an office desk for my wife).\nGeek wife doing geek wifey things on her Berlin desk.\nIn Karlsruhe, my GF and I had work desks in an office room, and actually almost never did use our living room. We sat back to back, because that makes it easy to roll over and look at the other screen to check things out and help.\nIn Kiel we had an office/living room double room, but the living room really saw use only on Tuesdays ever other week for the Tuesday meeting, when a bunch of Geeks were coming around for cooking and talks.\nAnd even as a student, having a working desk was more important than a proper living room, actually.\n1996 computer science student desk (see below \u0026ndash; 1)\nWhen I am thinking about it, I believe it’s because of my Dad. He had a Ham Radio license, and “his” place in the house always was his shack, with all the electronics, the radios and antenna controls, basically a desk and a workbench next to it. You’d find him more often there than anywhere else in the house.\nWhy do we even have living rooms? It’s a social convention that is hard to break. I know that I would be in for a fight to the blood suggesting that we get rid of ours, but seriously? “My” space is that desk/shack shown above, and not the living room. It’s the place that I’ll fight for.\nDiscussing this elsewhere, a friend sends me Space \u0026ndash; A cluttered life: Middle-Class Abundance . The video discusses space use in American middle class families, who seem to have lives centered around the kitchen/eating space, which makes a lot of sense.\nThat 1996 desk. That version of me had a Euro-ISDN semipermanent connection to my provider (128/128 kBit/s) and I also spent 50 Deutschmark for my own /24 provider independent IPv4 range. All my machines had public addresses. The machine is a Nextstation with 24 MB of memory, and a 25 MHz 68040 CPU, running what later would become MacOS X. The white tower next to it has a 1 GB SCSI HDD full height (the two top slots), a 1x SCSI CD-ROM drive (Caddies required) and a SCSI QIC drive for DC 6525 tapes (525 MB/tape). My body hides the full height tower case for the Dual-Pentium Linux box, you can only see the beige case of the b/w monitor it has. We were using BNC based 10 MBit/s Ethernet at that time. This box also has the ISDN card. Unfortunately the driver had a memory leak, and we were losing a bit of memory every time the ISDN link goes up or down, because some driver internal data structures are allocated and never deallocated. The loss accumulates to around 1 MB per week. ","date":"2022-02-21T00:00:00Z","href":"https://blog.koehntopp.info/2022/02/21/spaces.html","tags":["work","remote first","lang_en"],"title":"Spaces"},{"categories":null,"content":"A database is a special kind of structured, persistent, global variable with concurrent access over the network.\nYou write data to a cell of a row of a table in a schema in the server, and it is being kept around for you, with a lifetime longer than the runtime of your program. The database takes care of making sure of ordering access to that data, so there is a clearly defined series of changes to the data – locking, transactions, isolation are things that make databases popular.\nAnd so one gets to have a lot of database schemas in server instances, and they grow. Sometimes that becomes a problem.\nDatabases don\u0026rsquo;t scale, even when they scale These days, the MySQL server can easily utilize the resources even of very large servers. At work, we have taken instances easily up to 400.000 queries per second on AMD EPYC servers with 64 cores and one terabyte of memory, without special tuning. With careful tuning, more than a million QPS is achievable. MySQL scales extremely well these days.\nFor a long time, MySQL also has been a very low latency/high connection database: since it uses a multithreading approach with a pre-generated thread pool, it can handle up to around 10k connections comfortably, and three times more at cost. It can handle disconnect and reconnect situations in a way that is more reminiscent of an LDAP server than a database.\nAnd it can answer single point primary key lookups from memory – the workload a memcached handles – at memcached speeds: We see query resolution times including SQL parsing that are as low as 0.12ms (120µs).\nWhat doesn\u0026rsquo;t scale: server creation time MySQL replication hierarchies are designed as shared-nothing architectures. Creating a new server means you have to copy the data for the server into place, and then let replication catch up.\nThere are storage trickeries that can be played, but they have long term consequences that need mitigation. They also tie their user to very costly and very specific storage architectures and that is not a thing anybody can afford to have as a technical debt item on their sheet.\nA Relativity Theory of databases: For data, space is time. When we create new databases, we copy the data over. In the end, the network is very fast: At 10 Gbit/s, we are looking at a stream of 1.25 GB/s coming in that we need to be able to persist at the receiving end, and that we need to provide at the sending end.\nLooking at storage, we can see that in all but one situation, the bottleneck is not the network:\nA conventional HDD with rotating rust can serve reliably around 200 MB/s in a linear read or write (Toshiba HDD specs provide some reference). A SSD usually gives us twice this, so we see streams of around 400-500 MB/s (Micron SSD specs provide some reference). Openstack instances are quota\u0026rsquo;ed, and often get something like 400 MB/s quota again, which nicely matches expectations of SSD users. A NVME flash device can provide on the upside of 3000 MB/s (3 GB/s) sustained data rate when enterprise grade hardware is purchased (Micron NVME specs provide some reference). This is the one single case where a 10 GBit/s network interface actually is becoming a bottleneck, but of course more network is available if you have the coin. How long does it take to copy one Terabyte of data, assuming linear streaming access?\nAt 200 MB/s, we get 12000 MB/min = ~12 GB/min, or around 85.3 minutes for 1024 GB. At 400 MB/s, that is twice the speed or half the time, 42.6 minutes. Add time for replication to catch up, and round up to a nice round number for rule of thumb estimates:\nAt 400 MB/s, copying one Terabyte of data takes 45 minutes to copy and 15 minutes for replication catchup, for a total of one hour per Terabyte of data size.\nSize constraints for databases In database land, we copy databases all the time:\nTo make backups. To make more replicas in order to scale a pool up. To replace replicas that have left the pool to go into maintenance. To create special purpose replicas that may or may not be useful after having served their special purpose. Each replica we make needs a donor instance, and often a donor instance can donate only to one receiver at a single point in time.\nAll taken together means that asking for more replicas is not instantaneous. You will have to wait one hour per TB of data size, and longer if there is need to clone up some donors to be able to parallelize cloning.\nHere are some good numbers:\nTypical HPE or Dell blades at work have a single or two internal drives of 1.92 TB (\u0026ldquo;two TB\u0026rdquo;) each. If the instances make full use of them, preparing a blade takes slightly under 2h or 4h. In a single workday of 8h, you can probably expect one attempt per day to do \u0026ldquo;a thing\u0026rdquo; to a database of ~10 TB size. From this we get a few very strong recommendations:\n200-250 GB databases can be replicated in intervals that fit into K8s readiness probes. That is why Vitess and also many Postgres based clustering products recommend small instance sizes of 250 GB or less. 2-4 TB data size give you \u0026ldquo;several attempts at maintenance per day\u0026rdquo;, and also fit standard blade on premises or i3.2xl and i3.4xl instances in EC2. They are probably the upper end of supportable database size in terms of wait times due to data copies. 10 TB data size is where toil explodes, because they are in the \u0026ldquo;a single attempt per day\u0026rdquo; class. If you have databases that are larger than this, you need to have a long and hard look at your life and architecture choices, and the implications of them. Reactive autoscaling is not a thing It also means that reactive autoscaling of database instances does not work at all: By the time you have scaled up, the demand is already handled by existing capacity or you have died.\nYou will need ongoing capacity testing and predictive autoscaling that gives you some headroom for the unexpected.\nUsing spot instances is also very likely to make you very unhappy or very offline or both.\nTL;DR There is a soft 2 TB boundary and a hard 10 TB boundary. They are defined by physics, so they are not negotiable and cannot be removed by throwing money at it.\nWhen you reach these sizes, talk to your DBA about alternatives. Treat the 2TB boundary as a complexity inflection point, and use the remaining time as runway to branch out into alternative solutions.\n","date":"2022-02-16T00:00:00Z","href":"https://blog.koehntopp.info/2022/02/16/databases-how-large-is-too-large.html","tags":["mysql","mysqldev","lang_en"],"title":"Databases: How large is too large?"},{"categories":null,"content":"The new disks in the file server had synchronized nicely, and that resulted in an interesting graph:\nSectors on the outer part of a hard disk are transferred faster than inner sectors. You can see how the disk speed halves between the outermost and the innermost part.\nWhile watching, I decided on a whim that I wanted to convert the entire setup from using Linux mdraid to dmraid, the LVM2 implementation of RAID1. It is essentially the same code, but integrated into LVM2 instead of using mdadm for control.\nI had already experimented with dmraid before, as documented in an earlier article , and that was not without problems . But since the array would contain no original data, only backups, I decided to give it a try.\nSo here we go:\nDestroying the mdraid I had created a RAID-1 pair of the disks /dev/sdb2 and /dev/sdc2 under the name /dev/md126, then added /dev/md126 to the hdd volume group. In order to get the disks back, I had to undo this.\nSo we need to check if the /dev/md126 PV is empty:\n# pvdisplay --map /dev/sda2 --- Physical volume --- PV Name /dev/md126 VG Name hdd PV Size 9.09 TiB / not usable 1022.98 MiB Allocatable yes PE Size 1.00 GiB Total PE 9303 Free PE 9303 Allocated PE 0 PV UUID ... --- Physical Segments --- Physical extent 1 to 9302: FREE That\u0026rsquo;s fine. We can remove the pair from the volume group again, remove the LVM2 label, and then stop and destroy the raid:\n# vgreduce hdd /dev/md126 ... # pvremove /dev/md126 ... # mdadm --stop /dev/md126 ... # mdadm --remove /dev/md126 ... # mdadm --zero-superblock /dev/sdb2 /dev/sdc2 That did not work: An Ubuntu Component, os-prober, took possession of the devices after removing the RAID-1. I had to actually uninstall the component and remove the osprober from devicemapper before I could continue:\n# ### After uninstalling os-prober: # dmsetup ls ... # dmsetup remove osprober-linux-sdb2 ... # dmsetup remove osprober-linux-sdc2 ... # mdadm --zero-superblock /dev/sdb2 /dev/sdc2 ... Preparing the disks individually for LVM2 Only then I could continue, add the disks to LVM2 and extend the hdd volume group:\n# pvcreate /dev/sd{b,c}2 ... # vgextend hdd /dev/sd{b,c}2 ... We now have a very weird, asymmetric VG in which there is a single 9.09 TiB raid PV and two 9.09 TiB unraided PVs. Our next objective is to evacuate the raided PV, and then destroy this as well, adding the disks back unraided. This will result in a 36 TiB total VG.\nEvacuating /dev/md127 to unraid it This is going to take a long time. We need to do this in a tmux session:\n# pvmove /dev/md127 /dev/sdb2 ... This will, over the course of about one day, move all physical extents from /dev/md127 to /dev/sdb2. This exposes us to disk failure, as for the moment the data on /dev/sdb2 is unraided.\nRestoring redundancy There are two kinds of backup on this disk pack: A number of Apple Time Machine targets and an Acronis Windws target, tm_* and win_*, and an internal backup that is being produced by a cron job, rsyncing data from the internal SSDs to the disks, /backup.\nI decided to destroy the /backup LV and recreate it as a raid10 across all 4 disks. This was relatively easy, and worked immediately \u0026ndash; it just took a few hours for the backup job to run from scratch.\n# umount /backup # lvremove /dev/hdd/backup ... # lvcreate --type raid10 -i2 -m1 -n backup -L4T hdd ... # mkfs -t xfs -f /dev/hdd/backup # mount /backup # /root/bin/make-backup For the Time Machine and Acronis targets, I decided to lvconvert them to raid1. As stated before , there are two competing implementations of of RAID in LVM2, --type mirror and --type raid1. The mirror implementation is very extremely strongly deprecated, the raid1 implementation is okay, because it uses the same code as mdraid internally.\nWe need to make sure to specify --type raid1 in the lvconvert command to ensure the proper type is being used. For each target we do\n# lvconvert --type raid1 -m1 /dev/hdd/tm_... ... This returns immediately, and begins to sync the mirror halves internally. If we at this point convert all Time Machine and Acronis targets at once, the sync speed is abysmally slow, because of disk head treshing. There is no way to stop this. The only option is to slow down all resyncs except one:\n# ### for all targets, slow them down to minimum # lvchange --maxrecoveryspeed=1k /dev/hdd/tm_... # ### for one target, set a very large max speed: # lvchange --maxrecoveryspeed=100000k /dev/hdd/tm_... ... and then let one tm_... target finish. After that, we can increase the max sync speed for the next target, and so on.\nThis is what a --type raid1 looks like in lsblk:\n# lsblk /dev/sda2 /dev/sdg2 NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda2 8:2 0 9.1T 0 part ├─hdd-tm_aircat_rmeta_0 253:18 0 1G 0 lvm │ └─hdd-tm_aircat 253:20 0 1T 0 lvm /export/tm_aircat ├─hdd-tm_aircat_rimage_0 253:25 0 1T 0 lvm │ └─hdd-tm_aircat 253:20 0 1T 0 lvm /export/tm_aircat ... sdg2 8:98 0 9.1T 0 part ├─hdd-tm_aircat_rmeta_1 253:26 0 1G 0 lvm │ └─hdd-tm_aircat 253:20 0 1T 0 lvm /export/tm_aircat ├─hdd-tm_aircat_rimage_1 253:30 0 1T 0 lvm │ └─hdd-tm_aircat 253:20 0 1T 0 lvm /export/tm_aircat ... That is, for each leg of the RAID1 you get a rimage and rmeta LV. If the LVs are named mimage_0 and mimage1 and there is no rmeta but only a single mlog, this is not --type raid, but the deprecated mirror implementation. This is not good, and should be converted to --type raid1.\nThere is no way to convert a linear or raid1 to raid10, unfortunately.\nChecking status and progress A few handy commands to check the status and the progress of the conversion.\nMonitor the sync state of the devices:\n# lvs -a -o name,copy_percent,devices,raid_max_recovery_rate,raid_mismatch_count,raid_sync_action hdd The -a shows all the LVs, even the internal ones. We are interested into the copy_percent to see the progress of the sync. We also want the max_recovery_rate, because we might have throttled it with the lvchange command mentioned above. And we want to see the raid_mismatch_count and raid_sync_action to see what\u0026rsquo;s going on.\nOf course, the ubiquitous lvs -a -o +devices is always handy to get an impression of the entire VG:\n# lvs -a -o +devices hdd LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert Devices backup hdd rwi-aor--- 4.00t 100.00 backup_rimage_0(0),backup_rimage_1(0),backup_rimage_2(0),backup_rimage_3(0) [backup_rimage_0] hdd iwi-aor--- 2.00t /dev/sdb2(2561) [backup_rimage_1] hdd iwi-aor--- 2.00t /dev/sdc2(1) [backup_rimage_2] hdd iwi-aor--- 2.00t /dev/sda2(1026) [backup_rimage_3] hdd iwi-aor--- 2.00t /dev/sdg2(3158) [backup_rmeta_0] hdd ewi-aor--- 1.00g /dev/sdb2(2560) [backup_rmeta_1] hdd ewi-aor--- 1.00g /dev/sdc2(0) [backup_rmeta_2] hdd ewi-aor--- 1.00g /dev/sda2(1025) [backup_rmeta_3] hdd ewi-aor--- 1.00g /dev/sdg2(3157) tm_aircat hdd rwi-aor--- 1.00t 100.00 tm_aircat_rimage_0(0),tm_aircat_rimage_1(0) [tm_aircat_rimage_0] hdd iwi-aor--- 1.00t /dev/sda2(0) [tm_aircat_rimage_1] hdd iwi-aor--- 1.00t /dev/sdg2(2133) [tm_aircat_rmeta_0] hdd ewi-aor--- 1.00g /dev/sda2(1024) [tm_aircat_rmeta_1] hdd ewi-aor--- 1.00g /dev/sdg2(2132) tm_joram hdd rwi-aor--- 1.50t 100.00 tm_joram_rimage_0(0),tm_joram_rimage_1(0) [tm_joram_rimage_0] hdd iwi-aor--- 1.50t /dev/sdc2(2049) [tm_joram_rimage_1] hdd iwi-aor--- 1.50t /dev/sdb2(1) [tm_joram_rmeta_0] hdd ewi-aor--- 1.00g /dev/sdc2(3585) [tm_joram_rmeta_1] hdd ewi-aor--- 1.00g /dev/sdb2(0) tm_mini hdd rwi-aor--- 512.00g 100.00 tm_mini_rimage_0(0),tm_mini_rimage_1(0) [tm_mini_rimage_0] hdd iwi-aor--- 512.00g /dev/sdb2(8786) [tm_mini_rimage_1] hdd iwi-aor--- 512.00g /dev/sdc2(4609) [tm_mini_rmeta_0] hdd ewi-aor--- 1.00g /dev/sdb2(9298) [tm_mini_rmeta_1] hdd ewi-aor--- 1.00g /dev/sdc2(4608) win_kk hdd rwi-aor--- 2.08t 100.00 win_kk_rimage_0(0),win_kk_rimage_1(0) [win_kk_rimage_0] hdd iwi-aor--- 2.08t /dev/sdg2(2) [win_kk_rimage_1] hdd iwi-aor--- 2.08t /dev/sda2(3075) [win_kk_rmeta_0] hdd ewi-aor--- 1.00g /dev/sdg2(0) [win_kk_rmeta_1] hdd ewi-aor--- 1.00g /dev/sda2(3074) Another way to look at the construct is lsblk:\n# lsblk /dev/sd{a,b,c,g} NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 9.1T 0 disk ├─sda1 8:1 0 10G 0 part └─sda2 8:2 0 9.1T 0 part ├─hdd-tm_aircat_rmeta_0 253:18 0 1G 0 lvm │ └─hdd-tm_aircat 253:20 0 1T 0 lvm /export/tm_aircat ├─hdd-tm_aircat_rimage_0 253:25 0 1T 0 lvm │ └─hdd-tm_aircat 253:20 0 1T 0 lvm /export/tm_aircat ├─hdd-backup_rmeta_2 253:35 0 1G 0 lvm │ └─hdd-backup 253:39 0 4T 0 lvm /backup ├─hdd-backup_rimage_2 253:36 0 2T 0 lvm │ └─hdd-backup 253:39 0 4T 0 lvm /backup ├─hdd-win_kk_rmeta_1 253:42 0 1G 0 lvm │ └─hdd-win_kk 253:23 0 2.1T 0 lvm /export/win_kk └─hdd-win_kk_rimage_1 253:43 0 2.1T 0 lvm └─hdd-win_kk 253:23 0 2.1T 0 lvm /export/win_kk ... What is where? And of course, we might be interested into the actual distribution of data on the disk:\n# pvdisplay --map /dev/sd{a,b,c,g}2 ... --- Physical volume --- PV Name /dev/sdg2 VG Name hdd PV Size 9.09 TiB / not usable 1022.98 MiB Allocatable yes PE Size 1.00 GiB Total PE 9303 Free PE 4098 Allocated PE 5205 PV UUID ... --- Physical Segments --- Physical extent 0 to 0: Logical volume /dev/hdd/win_kk_rmeta_0 Logical extents 0 to 0 Physical extent 1 to 1: FREE Physical extent 2 to 2131: Logical volume /dev/hdd/win_kk_rimage_0 Logical extents 0 to 2129 Physical extent 2132 to 2132: Logical volume /dev/hdd/tm_aircat_rmeta_1 Logical extents 0 to 0 Physical extent 2133 to 3156: Logical volume /dev/hdd/tm_aircat_rimage_1 Logical extents 0 to 1023 Physical extent 3157 to 3157: Logical volume /dev/hdd/backup_rmeta_3 Logical extents 0 to 0 Physical extent 3158 to 5205: Logical volume /dev/hdd/backup_rimage_3 Logical extents 0 to 2047 Physical extent 5206 to 9302: FREE Defragmenting dev/sdb2 Due to the way we created things, initially all RAID1 have the left leg of their mirror on /dev/sdb2, because that is where we pvmoveed stuff initially. We might want to fix that, and push a few things over. I did that, as can be seen by the lvs -a -o +devices hdd output further up.\nHere is how:\n# pvmove -n \u0026lt;LV_name\u0026gt; /dev/sdb2 /dev/sdg2 ... This will move all data belonging to LV_name that is currently on /dev/sdb2 to /dev/sdg2. Again, this will take a long time, and there should be no other sync action currently active for maximum speed, as rotating disks slow down a lot when there are competing disk seeks.\nThis leaves us with a fragmented /dev/sdb2 and LVs on higher numbered extents, which are a lot slower than lower numbered extents. We could fix that as well, again with pvmove:\n# pvdisplay --map /dev/sdc2 ... Physical extent 3587 to 3596: Logical volume /dev/hdd/keks_rimage_1 Logical extents 0 to 9 Physical extent 3597 to 4607: FREE ... # pvmove -n keks --alloc anywhere /dev/sdc2:3587-3596 /dev/sdc2:4000-4009 /dev/sdc2: Moved: 0.00% ... /dev/sdc2: Moved: 100.00% This moves extents internally on a drive. pvmove normally refuses to do this, so we have to tell it to shut up about this, using --alloc anywhere. We then use extent-addressing to change the map manually: We move data from /dev/sdc2:3587-3596, the entire keks Test-LV, somewhere into the FREE space, 4000-4009. The result looks like this:\n... Physical extent 3587 to 3999: FREE Physical extent 4000 to 4009: Logical volume /dev/hdd/keks_rimage_1 Logical extents 0 to 9 Physical extent 4010 to 4607: FREE ... # lvremove /dev/hdd/keks Do you really want to remove and DISCARD active logical volume hdd/keks? [y/n]: y Logical volume \u0026#34;keks\u0026#34; successfully removed And that concludes a largely pointless refactoring of my home storage, because I could.\n# vgs VG #PV #LV #SN Attr VSize VFree data 2 15 0 wz--n- 7.28t 3.25t hdd 4 5 0 wz--n- 36.34t 18.17t system 1 4 0 wz--n- 466.94g 234.94g Do you have checksums? Not yet. There is a thing called dm-integrity, though, and a gist that I have to try. The dm-integrity Documentation is here. And integritysetup is part of cryptsetup-bin on Ubuntu.\n","date":"2022-02-06T00:00:00Z","href":"https://blog.koehntopp.info/2022/02/06/revisiting-the-file-server.html","tags":["lang_en","computer","linux","storage"],"title":"Revisiting the file server"},{"categories":null,"content":"The old file server was full, and since the little one got more local storage in his laptop, I also needed more storage for backup to match. I am running a 5x cage using up 3 disk slots in a Midi-Tower. Two slots are filled with Seagate Ironwolf 10 TB disks already, the rest is available.\nA 5x hot swap disk cage using 3 disk slots in a midi tower.\nThe disk situation in the machine was like this:\nkris@server:~$ sudo vgs [sudo] password for kris: VG #PV #LV #SN Attr VSize VFree data 2 16 0 wz--n- 7.28t 3.24t hdd 2 5 0 wz--n- 9.08t 5.00g system 1 4 0 wz--n- 466.94g 234.94g The hdd volume group is running in a RAID-1 configuration using mdraid for historical reasons - this is a very old machine. Additional space would be added as another mdraid, and then linearly extend the existing volume. That is fine, the disks are used as backup targets for a number of Mac devices only and speed or seeks are not our primary goal.\nI ordered two additional Seagate Ironwolf 10 TB disks to match the existing ones. They came in rather cold from the delivery van:\nAfter unpacking the disk chassis had single digit celsius temperatures. When I remembered to take a thermal image they were already warmed up a bit. I let them warm up a bit more before I put them in.\nPushing in the disks generated a lot of kernel log, and also a nice graph in the temperature monitoring:\nThe new disks are warming up rapidly. The dropping line is a scratch disk that I have been taking out of slot 3 and pushing back in into slot 5.\n[556459.695008] ata2: SRST failed (errno=-16) [556461.651016] ata2: SATA link up 3.0 Gbps (SStatus 123 SControl 300) [556461.671217] ata2.00: ATA-11: ST10000VN0008-2PJ103, SC61, max UDMA/133 [556461.671220] ata2.00: 19532873728 sectors, multi 16: LBA48 NCQ (depth 31/32) [556461.676016] ata2.00: configured for UDMA/133 [556461.676157] scsi 1:0:0:0: Direct-Access ATA ST10000VN0008-2P SC61 PQ: 0 ANSI: 5 [556461.676549] sd 1:0:0:0: Attached scsi generic sg1 type 0 [556461.676844] sd 1:0:0:0: [sdb] 19532873728 512-byte logical blocks: (10.0 TB/9.10 TiB) [556461.676847] sd 1:0:0:0: [sdb] 4096-byte physical blocks [556461.676879] sd 1:0:0:0: [sdb] Write Protect is off [556461.676885] sd 1:0:0:0: [sdb] Mode Sense: 00 3a 00 00 [556461.676973] sd 1:0:0:0: [sdb] Write cache: enabled, read cache: enabled, doesn\u0026#39;t support DPO or FUA [556461.771798] sd 1:0:0:0: [sdb] Attached SCSI disk [556464.406986] ata3: link is slow to respond, please be patient (ready=0) [556468.514986] ata3: SRST failed (errno=-16) [556470.586999] ata3: SATA link up 3.0 Gbps (SStatus 123 SControl 300) [556470.589417] ata3.00: ATA-11: ST10000VN0008-2PJ103, SC61, max UDMA/133 [556470.589420] ata3.00: 19532873728 sectors, multi 16: LBA48 NCQ (depth 31/32) [556470.594222] ata3.00: configured for UDMA/133 [556470.594361] scsi 2:0:0:0: Direct-Access ATA ST10000VN0008-2P SC61 PQ: 0 ANSI: 5 [556470.594676] sd 2:0:0:0: Attached scsi generic sg2 type 0 [556470.594933] sd 2:0:0:0: [sdc] 19532873728 512-byte logical blocks: (10.0 TB/9.10 TiB) [556470.594937] sd 2:0:0:0: [sdc] 4096-byte physical blocks [556470.595017] sd 2:0:0:0: [sdc] Write Protect is off [556470.595022] sd 2:0:0:0: [sdc] Mode Sense: 00 3a 00 00 [556470.595120] sd 2:0:0:0: [sdc] Write cache: enabled, read cache: enabled, doesn\u0026#39;t support DPO or FUA [556470.695659] sd 2:0:0:0: [sdc] Attached SCSI disk Yup, 3 GBps. This is an old i7-3770 with an old SATA subsystem to match.\nI created partition tables using sfdisk, copying from the existing sda (another Ironwolf) to the new devices sdb and sdc.\nkris@server:~$ sudo sfdisk -d /dev/sda | sudo sfdisk /dev/sdb ... kris@server:~$ sudo sfdisk -d /dev/sda | sudo sfdisk /dev/sdc ... kris@server:~$ sudo sfdisk -d /dev/sdb label: gpt label-id: ... device: /dev/sdb unit: sectors first-lba: 34 last-lba: 19532873694 /dev/sdb1 : start= 2048, size= 20971520, type=..., uuid=...., name=\u0026#34;Linux filesystem\u0026#34; /dev/sdb2 : start= 20973568, size= 19511900127, type=..., uuid=...., name=\u0026#34;Linux RAID\u0026#34; This works, because sfdisk like sgdisk understands about MBR and GPT partition tables, and can handle large 10 TB partitions. We have a 10 GB /dev/sdb1 as a potential boot space, and use the rest of the disk as a giant /dev/sdb2 in LVM2. The other disk, /dev/sdc matches this.\nWe can then construct the RAID from the two partitions /dev/sd{b,c}2. Because this is a large device, mdadm will also automatically add an internal bitmap.\nkris@server:~$ sudo mdadm -C /dev/md126 --level=1 --raid-devices=2 /dev/sd{b,c}2 ... kris@server:~$ sudo mdadm --detail /dev/md126 /dev/md126: Version : 1.2 Creation Time : Tue Feb 1 20:23:20 2022 Raid Level : raid1 Array Size : 9755817920 (9303.87 GiB 9989.96 GB) Used Dev Size : 9755817920 (9303.87 GiB 9989.96 GB) Raid Devices : 2 Total Devices : 2 Persistence : Superblock is persistent Intent Bitmap : Internal Update Time : Tue Feb 1 21:27:07 2022 State : clean, resyncing Active Devices : 2 Working Devices : 2 Failed Devices : 0 Spare Devices : 0 Consistency Policy : bitmap Resync Status : 0% complete Name : server:126 (local to host server) UUID : ... Events : 799 Number Major Minor RaidDevice State 0 8 18 0 active sync /dev/sdb2 1 8 34 1 active sync /dev/sdc2 And while the RAID synchronizes in the background, we can turn the new device into a physical volume and add it to the hdd volume group.\nkris@server:~$ sudo pvcreate /dev/md126 Physical volume \u0026#34;dev/md126\u0026#34; successfully created. kris@server:~$ sudo vgextend hdd /dev/md126 Volume Group \u0026#34;hdd\u0026#34; successfully extended kris@server:~$ vgs VG #PV #LV #SN Attr VSize VFree data 2 16 0 wz--n- 7.28t 3.24t hdd 2 5 0 wz--n- 18.17t 9.09t system 1 4 0 wz--n- 466.94g 234.94g With that, we now have sufficient disk space to continue to work. After the sync completes, I will lvconvert two existing backup partitions into mirrors to move them to the new disk pair, and then dissolve the mirror, dropping the image on the old half.\n","date":"2022-02-01T00:00:00Z","href":"https://blog.koehntopp.info/2022/02/01/time-to-grow-the-file-server.html","tags":["lang_en","computer","linux","storage"],"title":"Time to grow the file server"},{"categories":null,"content":"This is the Hunga Tonga underwater volcano explosion in Pacific Ocean (animated gif, click to start):\nThis is data from my sensors , 15h later:\nThe second wave took the long way around, and arrived around 2am-4am on the morning of the 16th, but barely registered.\n","date":"2022-01-16T00:00:00Z","href":"https://blog.koehntopp.info/2022/01/16/hunga-tonga.html","tags":["lang_en","anderswo","iot"],"title":"Hunga Tonga"},{"categories":null,"content":"On Twitter, Jan Wildeboer linked an article by Adam Hooper on MySQL and the weird utf8mb4 character set.\nThe recommendation is correct:\nIn MySQL, use utf8mb4 when you mean to work with utf8 in your programming language.\nThe background and reasoning for this (and why it is wrong) is way more complicated than outlined by Adam Hooper. So let\u0026rsquo;s walk through this:\nMySQL utf8 means 3-byte Unicode, and access to only the BMP utf8 in MySQL encodes the Unicode BMP . The Unicode Basic Multilingual Plane, or BMP, is the original 65536 character plane. It was the only character plane available in Unicode 1.0 It was thought to be enough for all scripts in the world. It wasn\u0026rsquo;t.\nUnicode was extended, as early as with the 2.0 release, to have more characters than that, in more code planes. Currently, there can be up to 17 Unicode planes, but most of them are unused.\nUnicode 1.0 is also different in other ways. Vladislav Vaintroub commented to me:\nUnicode 1.0 had a different range for Hangul . Unicode 2.0 fixed that, and remapped Hangul (which is a unique action, and they issued a policy to forbid remapping in the future).\nMaking things immutable is important with character sets and sort orders, also for databases, as we will see. It is in fact the entire reason for utf8mb4 to exist.\nEncodings and the 65536 character barrier There are various ways to encode codepoints of Unicode.\nOriginally, with only the BMP existing, people thought of extending the concept of \u0026ldquo;byte\u0026rdquo; = \u0026ldquo;character\u0026rdquo; to double bytes. This is how you get the wchar and a 16 bit character set, the obsolete ucs-2 encoding.\nWhen it became clear that 65536 characters are insufficient to represent all scripts and languages in the world, a larger 31-bit space was introduced and the naive encoding of that, ucs-4. This would require 4 bytes per character.\nBoth are incredibly wasteful:\nUsing ucs-2 with western scripts means that every other byte is a null byte, and with ucs-4 for every character there will be 3 null bytes. Even with non-western scripts there will be at least one, if not two null bytes per character.\nExtending Unicode beyond the BMP posed a bit of a problem: Windows NT had started to use Unicode as a character set, and ucs-2 as the standard encoding.\nThe solution was the character range 0xD800 to 0xDFFF, which was unassigned to characters, so far: 2048 (11 bit) of unassigned positions.\nThe resulting encoding takes characters beyond the BMP, with codes greater than 0xFFFF, and subtracts 0x10000. This leaves a 20 bit number, which is then split into a high 10 bit part and a low 10 bit part.\nThe high ten bits are added to 0xd800 (0xd800-0xdbff). The low then bits are added to 0xdc00 (0xdc00-0xdfff). This was called utf-16 encoding, and became the character set of Windows starting with Windows 2000.\nutf-16 also, for now, limits the number of characters that can be represented in Unicode to 1112064, a number that can be represented in 21 bits.\nPlan 9 and utf-8 In the Unix world, the experimental Plan 9 operating system from A\u0026amp;T explored variable length encodings of Unicode: utf-8 could represent 31-bit Unicode with encodings between 1 and 6 bytes in length. Single byte codes would be compatible with ASCII, so that valid ASCII is also valid utf-8.\nBecause the utf-16 hack had restricted the number of possible Unicode characters effectively from 31 bit to 21 bit, actual utf-8 encodings can only be up to 4 bytes long. And because utf-8 is so much denser than other encodings, it is by far the dominant encoding of Unicode. Even Microsoft, heavily invested in ucs-2 and utf-16 with Windows, started to support utf-8, beginning with the development of Windows 11 in 2019.\nIn an utf-8 multibyte sequence, the \u0026ldquo;number of 1-bits before the first 0-bit\u0026rdquo; in the first byte of a multibyte character determine the length of the encoding:\nSingle byte characters are in the range 0x00-0x7f (0 leading 1-bits, single byte), for ASCII compatibility. Multibyte characters start with 110xxxxx for a two byte sequence, 1110xxxx for a three byte sequence and 11110xxx for a four byte sequence. The second, and possible third and fourth byte are all of the form 10xxxxxx, which is otherwise unused, so that these bytes are always identifiable as continuation bytes in a multibyte encoding. This makes utf-8 restartable: If you end up at a byte of the form 10xxxxxx, you know you are in the middle of a multibyte sequence of at most 4 bytes length. You can backtrack a few bytes, and check for the clearly recognizable start pattern of a multibyte encoding, or error out with an invalid encoding.\nWe get 128 single byte characters that are identical to ASCII, 1920 two byte characters, and three bytes for the rest of the BMP. Four bytes are needed for rare CJK characters, a bunch of math, some dead scripts and a ton of emoji that should not exist in the first place .\nMySQL, and three byte utf8 MySQL did support the \u0026ldquo;full full\u0026rdquo; range of 31 bit Unicode in the beginning, with up to 6 bytes being used for a single character. That was changed in a single byte change commit in September 2002. Back then MySQL 3.23 was the active release and InnoDB was not yet enabled by default.\nVladislav Vaintroub commented about this:\nAnyway MySQL\u0026rsquo;s utf8 was always meant to be castrated utf8, from its invention.\nIt was a little gamble, and hope that supplemental plane won\u0026rsquo;t be used much, thus we could save a couple of bytes in filesort. Although already by 2001 (Unicode 3.1) there were characters in supplemental range, they could be seen as \u0026ldquo;rarely used\u0026rdquo; (music notation, old Egyptian, Deseret and what not). Thus only few people needed supplemental characters, until everyone\u0026rsquo;s favorite U+1F4A9 PILE OF POO premiered in Unicode 6.0, in 2010, actually a couple of years after, until smartphone made emoji ubiquitous.\nSo that gamble - that supplemental plane remains rarely used, did not work out, but who would know that by 2003.\nVaintroub\u0026rsquo;s comment about sorting refers to a limitation of MySQL that was only removed in MySQL 8. More about that below.\nCharacter sets have collations Unicode not only defines character sets, they also define a comparison algorithm for characters. This is called UCA, Unicode Comparison Algorithm. Like Unicode itself, it is versioned .\nOlder versions of UCA had issues in various ways: lefred\u0026rsquo;s Blog article and Manyi Lu\u0026rsquo;s article about the Sushi-Beer issue explain this in depth.\nIndexes are materialized collations Databases have indexes, and these extract values from a column, sort them and store back pointers to the full row with each extracted column value. This allows for fast searching.\nThus, indexes are materialized collations, and when a collation (or a charset) is changed, all indexes that contain values of that charset are invalid and need to be recreated.\nIn the deep dark past, MySQL made changes and bugfixes to existing collations, which made MySQL upgrades a pain: The moment you apply the upgrade, you are forced to drop and recreate the indexes. Depending on the amount of data and the size of the index, that requires an extraordinary amount of time and makes updates complicated.\nutf8mb4, because utf8 was taken. MySQL adopted a policy similar to the Unicode Consortium itself:\nMySQL never updates existing character sets and collations, not even for bugfixes.\nAnd because the name utf8 was taken, a new name was needed: utf8mb4 is the version of Unicode utf-8 in MySQL that extends past the BMP, and also uses UCA 9.0 for comparison.\nCompare to utf8 which encodes only the BMP, and uses an older UCA for comparison. So utf8 not only has a smaller character range, it also sorts differently.\nThis makes upgrades mich simpler:\nYou install a new version. Nothing changes, you are just running new code which hopefully sorts and orders as before. You can create new columns using the new character set and collations, even in existing tables, because in MySQL a charset and collation is a column attribute. Tables, databases and servers just provide defaults that are inherited at the time of subordinate object creation. To complete the upgrade, check all columns, and note which ones need changing. Actually change these columns, table by table, at your own leisure. If necessary, use tooling such as Percona Online Table Change (\u0026ldquo;OSC\u0026rdquo;), making the change in the background without service interruption. Side note: MySQL\u0026rsquo;s sorting and file formats are portable MySQL does not use libc and the character set comparison functions in there for itself. It brings its own collations instead.\nThat is also an important fact. It means that MySQL does not break when you upgrade the operating system libc on your machine.\nIf MySQL used libc fort sorting and comparing, the database could break without any changes to the database whatsoever \u0026ndash; an innocent security update to the operating system libc (which for some reason also touched libc sorting and comparison) would break all character indexes in your database.\nMySQL does not do that. It lets you migrate these things in a way that is operationally convenient.\nIt also means that MySQL versions sort the same between Linux, FreeBSD, Solaris and even Windows.\nJust like the on disk format is compatible across all platforms, so is character handling and time zone handling. MySQL is MySQL on any platform, and copying files and replication always work across these boundaries.\nSo why the 6-to-3-byte commit? Not that it matters much: Because Unicode and UCA changes between versions of Unicode, you\u0026rsquo;d still have to use different names for character sets and collations, and migrations to do.\nBut why was it important that \u0026ldquo;we could save a couple of bytes in filesort\u0026rdquo; as Vaintroub puts it? Here we go:\nSorting is important, and hard to scale Not only can databases, tables and individual indexes be very large, they also need to be kept sorted, and sometimes data needs to be re-sorted. Databases usually have a large number of strategies for that.\nSmall things are sorted in memory. That is, the database creates the full rows of the result table in memory, using all columns. It then sorts these rows in memory by shuffling around the full rows. That uses up a lot of memory bandwidth, because we copy around full rows, which can be large.\nSometimes we do not want to move around full rows, because these rows are large. So we only sort the columns specified in the ORDER BY CLAUSE, which is a tiny subset of the full columns set of each row of the result table, and attach a row pointer to each of these sort rows.\nIn the end we have a tiny in-memory table in sort order, which only holds columns from the ORDER BY, and each row in it points to the unsorted full rows somewhere else - in memory or on disk. We can then output the full rows in sort order, but at the cost of a lot of seeks - possibly on disk. That is, because the full rows have not been sorted, so the row pointers from the sorted data to the full rows are a mess.\nSometimes we have very many rows. So we do as before, but for a subset of all rows - as many as fit into our sort buffer. When the sort buffer is full, we write it out to disk. Then we continue with the next batch. Across all partial results we perform a merge sort.\nIf the things sorted were full rows, we can emit full result rows rather quickly. If the things sorted were only ORDER BY columns or other partial result set rows with row pointers attached, we may have to perform one or multiple seeks in order to get the missing columns from all tables involved.\nThe optimizer has to decide which strategy to use here, based on estimates of the row width, size of the result set (which has not yet been produced, so it\u0026rsquo;s a guess) and the available amount of resources.\nAnd then, implementation issues Older versions of MySQL have different storage engines: MYISAM, INNODB, MEMORY and others. Modern MySQL has only INNODB, but for temporary tables has a few tricks ready to make things faster: for example, temporary tables can be recreated and do not need to be crash safe, so no redo and undo logging is required.\nOther storage engines than INNODB had restrictions.\nFor example, MEMORY tables could not have variable length columns, there was no VARCHAR, only CHAR. So when sorting with temporary tables in memory, MySQL created these temp tables as MEMORY tables, promoting every varchar(255) to CHAR(255). A row with a varchar value of hello suddenly used 255 bytes instead of 6 bytes to represent the string hello (plus a lot of padding).\nOf course, with utf8, a varchar(255) charset utf8 is promoted to a char(255) charset utf8, which instead allocates 765 bytes of memory, out of which the first five bytes contain the string hello, and the rest is wasteful padding. With 6 bytes, it would be twice that amount of memory. So reducing this from 6 to 3 bytes was quite worthwhile.\nMEMORY tables had a configurable size limit, and if your table exceeded that (which happened rather quickly, given the above restrictions), it was converted to an on-disk temporary table in MYISAM format: a spill. MYISAM of course had varchar(255) charset utf8 as a native type, and your hello would again shrink to six bytes. Looking at the on disk temporary file, which was rather small, you might wonder what caused the spill.\nMySQL 8 introduces unlogged INNODB temporary tables (and a failed experiment involving mmap that you may want to disable). So this problem is gone, once and for all: varchar is varchar at all times, and representing Unicode variants in temporary tables is no longer a problem - if you use MySQL 8.\nThis is in fact one of the major reasons to graduate from 5.7 for many people.\nTLDR We learned:\nYour programming languages utf8 is called utf8mb4 in MySQL. utf8 and utf8mb4 sort differently due to changes in the Unicode Collation Algorithm (UCA). Indexes are physically materialized sort orders of column sets. They can become pretty large. MySQL never changes character sets or collations, even if they are buggy. Instead a new collation with a new name is created. That is, because changing a sort order may require dropping and recreating an index, which is expensive if the index is large. Sorting things can be done in different ways, depending on data set size, column size and other considerations. Implementation details can make sorting even more complicated. MySQL 8 is a worthwhile upgrade. Databases manage state so you don\u0026rsquo;t have to. If you think databases are complicated, consider what you would have to do if the database and your DBA would not be there for you. ","date":"2022-01-12T00:00:00Z","href":"https://blog.koehntopp.info/2022/01/12/utf8mb4.html","tags":["lang_en","mysql","mysqldev"],"title":"UTF8MB4"},{"categories":null,"content":"This is the english version of an older text in German Computer scientists are weird. In their science there are a few rules that sound wrong when you hear them first, but make a lot of sense if you think about them. Some of them are making sense even outside of computer science.\nOne of those rules is\nNever check for an error condition you don\u0026rsquo;t know how to handle. When you encounter this the first time that sounds very questionable. There are known error conditions in my program that I know they can happen, and I should not check for them?\nIf you read that left to right, that\u0026rsquo;s exactly what it means. Let\u0026rsquo;s have a look at an example and try to understand what goes on. Here is a very simple case: I could try to allocate memory from the operating system and that can fails.\nchar *p = NULL; if ((p = malloc(someSize)) == NULL) { what_now(); } That is a very typical situation. For example, why does the library function malloc() not check itself for p == NULL and handles this case? Because it does not, I have to do that every time and must not forget that in a single case.\nIndeed, most programs have a function safe_malloc(), which wraps malloc() and more or less looks like the example above. The point being that each program has their own implementation of what_now(), because the desired behavior is specific to the application and cannot be provided by the library.\nOne could argue that malloc() should internally call a what_now(), and each library user would have to provide an implementation for that. But that would proscribe a certain mode of usage for malloc(). The solution that malloc() does not do the check, but only signals the error, is the most flexible solution \u0026ndash; and hence suitable for a library function, because it leaves the choice to the user. It provides mechanism, but not policy.\nSide thought: That\u0026rsquo;s one of the main differences between a library and a framework. Libraries provide mechanism, but do not enforce a policy. They do not proscribe a default way of working with problems. Frameworks are opinionated, and have been designed with a specific way of working in mind, and provide policies that are considered default solutions in the context of the framework.\nSide side thought: Kernel, libraries and frameworks are all infrastructure, and as all infrastructure they are being judged by how they fail. In this case: What solutions exist to bypass the policy in a framework, if the policy does not fit. \u0026ldquo;How can I have queries in RoR that bypass Active Record \u0026rdquo; is one example. How free of policy is this library? Is it just a mechanism or is there an obvious or hidden intention, a policy?\nA library ideally supplies just a mechanism, but that makes it mandatory for the developer to think about a policy for error handling and how to implement it. That\u0026rsquo;s a relatively obvious point, but one that in my experience is not taught sufficiently. If it wasn\u0026rsquo;t, we\u0026rsquo;d have less bad code in many projects. And I do not want to limit myself to the tons of toxic PHP-MYSQL that fire queries at a database without checking for errors at all.\nThe point is rather that a missing policy for error handling requires that you provide one in the application (or at least some minimal standards in the application). Some programming environments have a name for such an informal construct: A convention, a contract between library developer and application developer that is informal and not enforced by the mechanisms of the language. The convention is also often unspoken, or not made explicit enough in the documentation of the library. And hence taught insufficiently, and then implemented insufficiently.\nBut you can take the sentence\nNever check for an error condition you don\u0026rsquo;t know how to handle. and read it backwards. What exactly does it mean to handle an error condition? Specifically, if the error happens, what are our options and what is the desired failure mode? What is supposed to happen?\nGoing back to the malloc() above: When that happens, the operating system can\u0026rsquo;t or won\u0026rsquo;t give us more memory. We don\u0026rsquo;t know why, so we have to assume the worst. That is: memory is full, nobody gets any memory any more. In fact, there could be another program that permanently allocates more memory. So even if we gave memory back to the operating system, we wouldn\u0026rsquo;t get it back when trying to reserve it.\nSo handling this error means that we already have all memory required to recover from the situation before the error happens. That\u0026rsquo;s a really complicated situation, and too complicated for most application developers when we force them to think about it. At the point in time when this happens they are usually busy with completing the non-failing, actually function path of the application before they are ready to turn to failure modes and their code paths.\nSide thought: This is another main reason for bad code: We force developers to think about failing code paths at the wrong point in time. They really want to write programs that work well. But we shouldn\u0026rsquo;t bother them with failure handling right when they are busy with completing the money earning part of the code.\nIf we bother devs at the wrong moment in time, we get error handling like this at best:\nchar *p = NULL; if ((p = malloc(someSize)) == NULL) { exit(ENOMEM); // out of memory error } Well, at least they checked for an error. Maybe there are even some atexit(3) handlers stacked that will try to clean up, but did you ever see any of those?\nIf you see code like this, it is screaming at you \u0026ldquo;Yes, yes, I know, but I am really busy now with other things. Go away!\u0026rdquo;.\nAnother common problem is that we need to check for the error at the lowest level, but need more context at the higher levels of our code to handle it properly. Sometimes there is not even a contract on how errors are being bubbled up to the next layer without losing information. The interiors of the MySQL codebase used to be a prime example of that. You could find code that mapped error codes similar to\nint errcode = doSomeThing(); switch(errcode) { case 1: case 2: case 3: return E_THIS; break; case 4: return E_THAT; break; } This is taking detailed internal error codes and flattens them into larger categories, losing detail. Sometimes a higher level handler has more context, but no longer sufficient detail to decide what exactly went wrong at the lower layers.\nThe rule\nNever check for an error condition you don\u0026rsquo;t know how to handle. means we need to discuss things.\nDiagnosis: Capture the error. Formulate a test which at some point in the code checks that we have a problem and distinctively signals which error that is. Policy: Determine the desired behavior for handling the error, that is, have a policy that explains how to handle the error. Context: Decide where in the stack the error can be handled best, or if we need to escalate. When we escalate, make sure an escalation is expected at the higher layer and check for their policy. They need to have one. Also make sure the escalation does not lose detail. This is useful outside of computer science. The original trigger to write this article in 2009 was a discussion about a 911-button (110-Taste) in a web browser. \u0026ldquo;If you see something, say something\u0026rdquo;: If you find web pages that contain things that may be relevant for law enforcement, have a way to call for help.\nThat\u0026rsquo;s a very german and very 2009 idea, but suppose you want that: Coding that is easy, right? A button in a browser that raises an alarm somewhere should be very few lines of code in an extension.\nThe real problem - and that is not a code problem - is the what_now(). What is supposed to happen with that alarm signal. That\u0026rsquo;s a process question, that is WHO needs to talk WHEN with WHOM about WHAT? What information needs to be sent when the button is pressed and what reaction is then expected?\nDo we build a central emergency call center? Do we transport location and identity information together with the call, if that is necessary? If so, how?\nWhat other information is necessary to provide context? The current URL? The persistent state of the browser, with all bookmarks, the history and so on? The volatile state of the browser, eg with all active spywat, but also all legit variables? The whole state of the computer, processlist, memory and program information, installed software and so on?\nHow is that call then handled and classified?\nWhat are standard reactions to verified and classfied emergency escalations? Can the emergency call center take over the computer and extract further information and do a full forensic analysis? Can they write and change the state of the machine to help? Or can they just call back, and request a read-only screen sharing session to talk the user through the emergency?\nWhat taxonomy of emergencies do we build, and what are the required steps to verify a case?\nDo we plan for proactive intervention, when we register a spike in incidents of a certain type (ie a computer virus outbreak)? Do we have a problem management and change managent on top of our incident management that would want to and be able to prevent a large scale situation in the field? In the case of an outbreak, for example, by forcing patches on all machines?\nHow do we build the technical and legal framework for this? How do we build the organisation for this? How to we enforce the technical changes required to be able to do this? Do we make the installation of some software mandatory to be able to be on the Internet? How do we protect this infrastructure against abuse?\nThe check was easy \u0026ndash; an emergency call button in a browser.\nThe work is in the handling, which can be \u0026ldquo;somewhat involved\u0026rdquo;. But these are details that are gracefully elided in the discussion when politicians demand such a button. That\u0026rsquo;s providing quite simplicistic discussions: Why do we not have such a button in every browser already?\nCan\u0026rsquo;t be that hard, right?\n","date":"2022-01-10T00:00:00Z","href":"https://blog.koehntopp.info/2022/01/10/never-check-for-an-error-condition.html","tags":["politik","security","lang_en"],"title":"Never check for an error condition you don't know how to handle"},{"categories":null,"content":"Und das neue Jahr beginnt für uns mit einem Minecraft-Server, auf dem wichtige Personen, die sich nichts haben zuschulden kommen lassen, plötzlich gebannt sind.\nNach einem Unban an der Console: Der Spawn, der Eintrittspunkt für neue Spieler, ist komplett verwüstet.\nWir haben tägliche Backups, sodass das schnell behoben ist. Bleibt die Frage, was passiert ist.\nGehackt Unter den Spielern ist die Frage schnell geklärt: \u0026ldquo;\u0026lt;user\u0026gt; wurde gehackt.\u0026rdquo;\nEs stellt sich raus:\n\u0026ldquo;\u0026lt;user\u0026gt;\u0026rdquo; bekommt einen Free Nitro Spam . Er klickt darauf. Er wird gebeten, \u0026ldquo;FreeNitro.exe\u0026rdquo; zu installieren und macht das, startet dann das .exe. Sein Rechner macht ein Dutzend Fenster auf, rappelt los, und geht am Ende aus (und bleibt aus). Im Rahmen des Exploits wurde er gebeten, seinen Minecraft Login und seinen Discord Login mit Passwort anzugeben, was er dann auch brav tat. Zwei-Faktor-Authentisierung hat er nicht benutzt.\nImpact Nur Minecraft Den ersten Minecraft-Server für unser Kind und seine Freunde hatten wir daheim. Das ging gut: Die Maschine hat 8 Cores, 32 GB Speicher und ist sowieso an, weil sie Dinge im Haus tut. Die Anbindung ist mit Glasfaser und fester IP auch überaus zufriedenstellend.\nAls der ganze Server größer wurde, habe ich mit externen Anbietern herumexperimentiert und am Ende einen VPS besorgt. Wichtig dabei ist nur, daß es eine Maschine ist, die nicht zu Hause steht, auf der nichts als Minecraft läuft und die keine Vertrauensbeziehung in irgendeiner Form mit anderen Maschinen von uns hat.\nDas hat sich nun bezahlt gemacht.\nRestore Wir haben auf dem Server daheim ein tägliches Backup: Der Minecraft-Server wird einmal pro Tag aus dem Internet nach Hause kopiert. Das ist ein Pull, d.h. wir loggen uns auf dem Minecraft-Server ein und nicht der Minecraft-Server daheim.\nWir heben die Backups 30 Tage lang auf und das Backup vom 1. jeden Monats unlimitiert.\nDadurch konnten wir das gesamte Minecraft-Verzeichnis zur Seite bewegen, und dann aus dem Backup vom Vortag wiederherstellen. Das hat 2 Minuten gedauert.\nLogs Das alte Verzeichnis liegt noch vor. Dort sind auch die Logs vom Vorfall.\nDer Vorfall spielt sich so ab: Der kompromittierte Account von \u0026lt;user\u0026gt; loggt sich ein und fängt an, /lp Kommandos für das LuckPerms-Plugin zu senden. Er listet alle User mit Rechten, und kickt und bannt diese dann. Danach entzieht er ihnen Rechte.\nDas Plugin WorldEdit ist installiert und der Account von \u0026lt;user\u0026gt; teleportiert sich auf den Spawn und fängt dort an, mit grossflächigen Brushes umzudekorieren. Das Vorgehen sieht jedoch nicht systematisch und auch nicht schnell aus: Die Aktion dauert beinahe 30 Minuten. Das spricht nicht für einen gescripteten Angriff, und ist inkonsistent mit meinem Bild von einem \u0026ldquo;Free Nitro\u0026rdquo; Scammer und Angreifer.\nDas Logbuch des Serves und der mit debsums verifizierte Zustand des Systems macht eine Reinstallation von allem vermutlich nicht notwendig. Es genügt, mit dem Stand aus dem Backup weiterzufahren. Das ist angenehm: Zwar ist der Server vollständig ansibilisiert und mit dem Backup in weniger als 30 Minuten aus einer kompletten Neuinstallation wiederherzustellen, aber wenn das nicht notwendig ist, ist das angenehm.\nDer User Der betreffende User hat Accounts auf Dutzenden von Minecraft-Servern. Als engagierter und intensiver Spieler oft mit Sonderrechten. Alle diese Server sind beschädigt, viele weniger automatisiert als unserer.\nAccount-Recovery ohne 2FA ist schwierig. Account-Recovery bei gleichem Paßwort für Minecraft und die Recovery-Mailadresse unmöglich. Daraus folgt, daß man seine Recoveryadresse für den Minecraft Account eventuell nicht bei Hotmail haben sollte. Daraus folgt auch, daß man Kindern Passwort Re-Use gar nicht früh genug aberziehen kann.\nMaßnahmen und Fazit Wir verlangen in Zukunft für alle Benutzer mit Rechten auf dem Server oder im Discord zu beweisen, daß sowohl ihr Minecraft (Microsoft) Account als auch ihr Discord-Account mit Zwei-Faktor-Authentisierung gesichert sind. Das wird helfen, den Schaden von solchen falschen Klicks zu minimieren und Accounts recoverbar zu machen.\nDie Analyse der Logfiles war hilfreich bei der Rekapitulation der Vorgänge, und um das Ausmaß des Schadens und den Reifegrad des Angreifers zu bestimmen.\nEinen externen, nur für Minecraft verwendeten Server zu nehmen, der nicht im Heimnetz steht, war sinnvoll und hat sich bezahlt gemacht.\nDer Vorfall ist ein gutes Werkzeug, um der Spielergruppe zu erläutern, wieso Accountsicherheit wichtig ist und wie man sich gegen solche Angriffe verteidigt.\n","date":"2022-01-01T00:00:00Z","href":"https://blog.koehntopp.info/2022/01/01/and-a-happy-new-hack.html","tags":["lang_de","gaming","microsoft","minecraft"],"title":"... and a happy new hack."},{"categories":null,"content":"Nachdem mich jetzt das dritte Paar computer-affiner Eltern mal gefragt hat, was man denn braucht, sobald der Nachwuchs sich \u0026ldquo;Minecraft\u0026rdquo; wünscht, hier der Aufschrieb zum Thema.\nMinecraft ist ursprünglich von der schwedischen Firma Mojang in Java entwickelt worden. Der Eigner, Markus \u0026ldquo;Notch\u0026rdquo; Persson, hat das Spiel und die Firma Mitte 2014 auf Twitter zum Verkauf angeboten, und Microsoft hat die Firma gekauft.\nSpiel zu verkaufen - Minecraft ist auf Twitter angeboten worden. Jeder mit dem notwendigen Kleingeld \u0026ndash; 2.5 Milliarden USD \u0026ndash; konnte zuschlagen.\nTechradar hat mehr zur Geschichte von Minecraft .\nJava und Bedrock-Edition Eine der Aktivitäten von Microsoft war, das Spiel in C# neu zu schreiben. Dies ist die Bedrock-Edition, im Gegensatz zur Java-Edition des Originalspiels.\nBedrock und Java sind nicht kompatibel, es gibt kein Crossplay, und die beiden Spiele werden nicht parallel entwickelt. Es sind für alle praktischen Zwecke zwei verschiedene Spiele.\nMan will unbedingt und ausschließlich die Java-Edition kaufen. Die Bedrock-Edition ist steril: Erweiterungen für den Client und den Server werden von Microsoft verkauft. Als Entwickler muss man sich anmelden, Verträge unterschreiben und Gebühren managen. Es gibt deswegen praktisch keine Mod-Scene, sondern nur abgepacktes Gameplay.\nNiemand spielt Bedrock, und wenn Dein Kind von Minecraft redet, meint es die Java-Edition .\nDie Maskottchen und default Skins: Steve und Alex.\nDie Java-Edition ist extrem lebendig, genau genommen ein unregulierter Dschungel. Hier gibt es viele nette Leute, die spannende Dinge machen, und ein paar sehr dunkle Ecken. Das ist aber im Grunde kein das Spiel verderbendes Problem, sondern eine gute Gelegenheit, gleich auch ein wenig Medienkompetenz und Grundlagen der Sicherheit zu vermitteln.\nWas wird gespielt? Minecraft ist ein Spiel, das für Kinder ab 8 interessant ist. Es ist zunächst einmal eine Art virtuelles Lego im Anzug eines Survival- und Crafting-Spieles: Die Spieler müssen in einer Welt aus Blöcken erkunden, Ressourcen sammeln, aus den Ressourcen Dinge bauen und dabei die Nacht überleben. Das ist nicht unbedingt einfach, denn in der Nacht kommen verschiedene Monster, gegen die man nur bestehen kann, wenn man tagsüber einen Unterschlupf gebaut und Ausrüstung gewonnen hat.\nDie Overworld, die normale Welt, hat verschiedene Klimazonen (\u0026ldquo;Biome\u0026rdquo;), in denen unterschiedliche Ressourcen zu finden sind.\nDas Spiel hat eine marginale Story, im Laufe derer die Spieler weitere \u0026ldquo;Welten\u0026rdquo; entdecken und durch Portale betreten können: der Nether und the End. Das ist jedoch im Grunde alles nebensächlich, weil es in der ersten Iteration darum geht, mit Freunden zusammen aus Klötzen Dinge zu bauen.\nHardware-Anforderungen Wegen der Zielgruppe hat das Spiel (mindestens bis Version 1.14.4) praktisch keine Mindestanforderungen an die Hardware. Wortwörtlich jeder abgelegte Kartoffelcomputer kann Minecraft irgendwie ausführen \u0026ndash; Probleme entstehen vermutlich erst, wenn eine IDE (siehe unten) oder ein Videoschnitt-System oder Streaming-Support dazu kommen. Wie dem auch sei: Das schließt ein 2009er MacBook Pro, einen Raspi 4 und circa jede Intel-Büchse der letzten 10 Jahre ein. Weil es Java ist, funktioniert das alles mit demselben Spiel.\nWegen der Modding-Community (dazu unten mehr) gibt es praktisch auch keine Höchstanforderungen an die Hardware: Wenn man Raytracing Renderer installiert hat, reizt das Spiel auch eine Nvidia RTX 3090 voll aus.\nMinecraft Standard und mit einem Raytracing Render Mod auf einer Nvidia RTX. Was ein paar hingeworfene Kissen ausmachen\u0026hellip;\nMinecraft ist eine Client-Server-Anwendung. Ein oder mehr Spieler verbinden ihre Clients mit dem Minecraft-Server und bespielen dann zusammen diese Welt. Spielt man \u0026ldquo;offline\u0026rdquo;, startet der Launcher im Hintergrund einen lokalen Server auf dem Laptop, und verbindet den Client im Einzelspielermodus mit dem Server.\nIm Onlinebetrieb verbindet man sich mit einem zentralen Server, der von irgendjemandem betrieben wird, und spielt dann dort mit anderen. Das sind im Zweifel echt viele Spieler \u0026ndash; auf einem öffentlichen Server irgendwelche Personen irgendwelchen Alters. Auf einem privaten Server ist es so, wie immer es die Zugangs-Policy des Servers definiert.\nKein Minecraft ohne Discord, kein Login ohne 2FA Öffentliche Server gibt es viele, die verschiedenen Serverlisten zeigen um eine halbe Million Serverinstallationen an. Die meisten sind relativ kleine Communities mit beschränktem Zugang, einige sind sehr grosse öffentliche Installationen. Besonders hervorstechend ist Hypixel , einer der am besten gewarteten und entwickelten öffentlichen Server.\nZu jedem öffentlichen Server gehört dieser Tage auch immer ein Discord (früher war das Teamspeak). Der Hypixel Discord ist zum Beispiel hier .\nDiscord ist ein Hoster für Text-, Sprach-, Video-Chat und Game-Streaming. \u0026ldquo;Ein Discord\u0026rdquo; ist ein geschlossener (zunächst kostenloser) virtueller Chatserver mit verschiedenen Kanälen für Text- und AV-Chat.\nMit einem einzelnen Discord-Login kann man Zugang zu einer Reihe von Communities unterschiedlicher Größe bekommen. Es ist also sinnvoll, mit dem Java-Minecraft-Account auch noch gleich einen (kostenlosen) Discord-Account zu erstellen.\nDabei ist es extrem sinnvoll, diesen Zugang (wie auch den Microsoft-Zugang) mit 2-Faktor-Authentisierung abzusichern und das Kind gleich von Anfang an zu 2FA zu erziehen. Warum ist das so? Dazu hier ein kleines Erlebnis .\nWas wird eigentlich gespielt? Nach einer Weile Spiel wird das Kind weitere Wünsche und Fragen haben, weil das Spiel selbst nicht der primäre Inhalt von Minecraft ist.\nMinecraft ist ein kollaboratives Multiplayer-Spiel, das von den Spielern selbst verändert wird, indem diese Mods (Client-Erweiterungen) und Plugins (Server-Erweiterungen) erstellen. Das heißt, sehr bald kommen die folgenden Fragen und Probleme:\nEs gibt Streit, weil verschiedene Spielstile und Wünsche sich gegenseitig ausschließen, und weil mitunter Arschlöcher dabei sind. Ein Repertoire von Verhaltensweisen zur Konfliktlösung muss eingeübt werden. Es gibt den Wunsch nach einem eigenen Server, der bezahlt und irgendwo installiert werden muss. Der Wunsch nach Taschengeld muss mit konkreten monatlichen Kosten vereinbar gemacht werden. Es gibt den Wunsch, den Client zu modden. Dazu sind besondere Tools auf dem lokalen Rechner notwendig, da weder Client noch Server nativ eine Moddingschnittstelle haben. Es gibt den Wunsch, besondere Spielmomente mit anderen zu Teilen. Die Frage nach Youtube und Twitch (konsumierend und erstellend) kommt auf, und es braucht Regeln (was, ab wann, Stimme, Gesicht zeigen, Namen nennen, und andere Verhaltensregeln). Es gibt den Wunsch, eigene Mods oder Plugins zu programmieren. Der Wunsch nach Java lernen, einer IDE und Hilfe von den Eltern kommt auf. Der Reihe nach\u0026hellip;\nStreit um Minecraft Minecraft kann man kooperativ (PvE, wir gegen die Monster) oder kompetetiv (PvP, Spieler gegeneinander) spielen. Auch bei kooperativem Spiel kann es Probleme geben: Wir hatten bisher\nVandalismus (Spieler zerstören die Bauten anderer Spieler auf einem Sandkasten-Bauserver), Spieler fühlen sich ausgeschlossen oder zu wenig beachtet (\u0026ldquo;Niemand hört mir zu oder lässt mich aussprechen\u0026rdquo;), destruktive Verhaltensweisen und emotionale Erpressung (\u0026ldquo;Wenn Du nicht x für mich machst, spiele ich nicht mehr mit Dir\u0026rdquo;), und inkompatible Spielziele. Das ist alles kein Beinbruch und nicht unerwartet. Es macht es aber notwendig, daß man sich mit der ganzen Runde zusammensetzt und miteinander redet. Auch dazu ist der Discord sehr nützlich.\nMinecraft Server können als PvE und PvP Server konfiguriert sein. Mit Plugins sind auch Welten mit besonderen PvP-Varianten möglich, \u0026ldquo;Bedwars\u0026rdquo; (\u0026ldquo;Capture the Flag\u0026rdquo;, hier ein Bett) und Variationen zum Thema \u0026ldquo;Among Us\u0026rdquo; sind sehr populär. PvP muss also nicht zwingend First-Person-Shooter Spiel sein.\nWeder im PvE noch im PvP fließt Blut. Es kommen Schwerter und Bogenwaffen vor, keine Gewehre. Die Grafik ist auch mit Render-Plugin immer blockig-pixelig, und es sind keine Details erkennbar.\nBisher hatten die meisten bei uns erlebten Probleme ihren Kontext eher im PvE-Umfeld als im PvP Umfeld.\nEin eigener Server Es gibt irgendwo auf der Minecraft-Site einen vom Client getrennten Server zum Herunterladen. Dieser Server ist langsam und buggy. Niemand verwendet ihn, außer als Grundlage für etwas Richtiges.\nStattdessen durchläuft man den Installationsprozeß von Bukkit oder Spigot . Dies setzt eine Maschine mit ausreichend Kernen und Speicher sowie einem installierten headless OpenJDK voraus.\nBukkit ist ein minimal veränderter Vanilla-Server und eher eine Demo für den Reverse Engineering und Patching Prozess. Spigot ist ein auf Performance optimierter und weiter aufgehackter Bukkit, und eher die Version die man installieren will. PaperMC ist ein weiterer Zweig, basierend auf Spigot, und noch klarer auf Performance optimiert. PaperMC unterstützt jedoch anders als Spigot nur die beiden neusten Versionen von Minecraft aktiv. Wer älteres Minecraft verwenden will oder muß wird mit PaperMC nicht glücklich. Der Installationsprozeß ist dabei ein wahres Wunderwerk an Installationsautomation: Er lädt den originalen Minecraft-Server herunter, ein obfuscated JAR. Dies wird dann dekompiliert und mit einer Symboltabelle deobfuscated. Dadurch entsteht ein reproduzierbarer lesbarer Sourcetree, der dann gepatcht wird. Der resultierende Sourcetree wird dann compiliert, zusammengepackt und ein neues Server-JAR entsteht. Dies ist dann die Grundlage für den eigenen Serverprozeß.\nDer ganze komplizierte Prozess klingt komplett haarsträubend, ist ein aber vollautomatischer Vorgang, der ausgesprochen reibungsfrei abläuft. Der gepatchte Serverprozeß ist gegenüber dem Originalserver deutlich ärmer an Fehlern, um Größenordnungen schneller und hat eine dokumentierte und stabile API für Server-Erweiterungen (Plugins).\nZum Server gehören auch noch eine eula.txt\n~minecraft/bukkit $ cat eula.txt #By changing the setting below to TRUE you are indicating your agreement to our EULA (https://account.mojang.com/documents/minecraft_eula). #Mon Aug 19 17:04:21 CEST 2019 eula=true und eine etwa längliche server.properties-Datei, die die eigentliche Konfiguration des Basis-Servers darstellt.\nDem Serverprozeß wird reichlich Speicher gegeben, aber trotz der großen Anzahl von Plugins liegt die effektive Prozeßgröße bei circa 3 GB (aber es laufen 84 Java-Threads).\nDer Serverprozeß ist ursprünglich recht klein, aber wenn man den Server mit Plugins vollstopft nach oben offen. Andererseits liegt ein Strato VPS mit 8 Kernen und 32 GB Speicher bei monatlich kündbaren 17 Euro und ist reichlich überprovisioniert für die Aufgabe. Irgendwo zwischen dieser Größe und einem Raspi 4 findet man sicherlich was Passendes.\nWer den Server nicht selbst installieren will, nimmt sich einen Servermanager \u0026ndash; es gibt viele mit zweifelhaftem Code und bunten Panels, und es gibt minectl . Ich nehme einfach ein Shellscript:\n~minecraft/bukkit $ cat starter.sh #! /bin/bash -- TIME=30 DIR=/home/minecraft/bukkit SERVER=$(basename $DIR) cd $DIR while : do java -Xmx8192M -Xms3072M -Xss1m -jar $DIR/server.jar nogui echo \u0026#34;$SERVER: Java stopped or crashed. Waiting $TIME seconds...\u0026#34; sleep $TIME done Clients managen Wie auch der Server ist der Minecraft-Client eigentlich nicht erweiterbar. Der Minecraft Launcher erlaubt immerhin die Verwaltung mehrerer Versionen, legt einen aber auf ein bestimmtes JDK fest (je nach Version auf ein anderes).\nBastelt man intensiver am Client rum, hat man aber schnell das Problem, bestimmte (andere) JDK-Versionen verwenden zu müssen, den Client mit einer Mod-API modifizieren zu müssen oder unterschiedliche Mod-Konfigurationen für verschiedenen Gruppen und Aufgaben zu haben. Das Werkzeug der Wahl für die Client-Verwaltung ist MultiMC .\nEs erlaubt es, das Spiel mit einem anderen, moderneren JDK auszuführen und unterschiedliche Spieler-Accounts zu verwalten. Es automatisiert auch analog zum Server-Build, den Client automatisiert zu dekompilieren und zu patchen, um ihm eine stabile Mod-API zu verpassen. Populär sind Forge und Fabric, die direkt von MultiMC integriert werden. Danach kann man den Client dann mit Mods voll laden.\nMultiMC mit einer Instanz von Minecraft 1.14.4 und installiertem Fabric. Zu neue Minecraft-Versionen werden von der Mod-Community noch nicht voll unterstützt, zu alte nicht mehr. Die 1.14-Serie hat im Moment gute Kompatibilität.\nMit den Mods und Plugins sollte man unbedingt mit dem Kind Vereinbarungen treffen. Je nach Lebenserfahrung und Verständnis von Werten kann das Kind hier leicht ein Opfer von Scam, Abzocke und Phishing werden. Auf der anderen Seiten kann man mit dem Kind, sobald es fragt oder sich die Gelegenheit bietet, über Merkmale von vertrauenswürdigen und seltsamen Webseiten reden und am Beispiel erklären, was eine Seite komisch aussehen lässt.\nAuch wenn man dem Kind zuhört, bieten die Geschichten von anderen und wie es ihnen ergangen ist, viele Haken und Themen, an denen man erklärend ansetzen kann, oder die man zum Anlass nehmen kann, gemeinsam nachzusehen und darüber zu sprechen, wie ehrliche und unehrliche Angebote aussehen. Einige alternative Clients bieten Anti-Cheat-Möglichkeiten durch Totalüberwachung des Clients an. Auch hier kann man einhaken, Regeln setzen und erklären, warum zum Beispiel dauernd laufende Hintergrundprozesse, Gerätetreiber, die Tastendrücke überwachen und andere Kontrollmaßnahmen ein No-Go sind.\n\u0026ldquo;Content\u0026rdquo; konsumieren und produzieren Der ganze Teil der Community, der sich mit Plugins und Mods beschäftigt, dokumentiert und bildet aus. Das geschieht in der Regel nicht nur geschrieben im Wiki, sondern auch mit Tutorials auf Youtube, Twitch und GitHub. Sobald das Kind hier aktiv wird, wird man wieder Accounts machen müssen (2FA!). Und ja, das heißt vermutlich auch GitHub.\nWir haben die Vereinbarung, daß wir die Accounts machen, und daß wir allen Content zu sehen bekommen, bevor er veröffentlicht wird. Es ist okay, Bildschirme zu zeigen und zu sprechen. Gesichter und reale Namen und Adressen sind tabu: Es werden nur Avatare gezeigt und nur Handles benutzt.\nDie Vereinbarung, Plugins und Mods vor der Installation zu sehen zu bekommen hat sich nicht bewährt: Es ist also damit zu rechnen, daß der Server oder der Client verloren gehen. Eine Recovery-Strategie, etwa \u0026ldquo;der Server kann mit Ansible neu gemacht werden\u0026rdquo; und \u0026ldquo;es läuft nachts um 3 ein automatisches Backup\u0026rdquo; für den Server ist erfolgversprechender. Auch für den Client (\u0026ldquo;verwende Time Machine\u0026rdquo;, \u0026ldquo;Hier ist ein Acronis\u0026rdquo;) ist das notwendig.\nWegen COPPA läuft man Gefahr, Accounts bei US-Anbietern zu verlieren, wenn man nicht über das Geburtsjahr lügt \u0026ndash; das Kind muss über 13 Jahre alt sein, um legal einen Account haben zu können. Anbieter, die Kinder unter 13 nicht komplett ablehnen, schränken die Accounts oft funktional bis zur Nutzlosigkeit ein. Mit einem regulären Account, ein wenig partnerschaftlicher Aufsicht, und einer Lüge bei der Altersangabe fährt man in der Regel weitaus besser als mit verdummten Accounts.\nFalls das Kind selbst Content produziert ist das Risiko den Account zu verlieren oder gesperrt zu bekommen noch höher. Daher sollte man den privaten Account und den publizierenden Account des Kindes strikt trennen, sodaß bei einer Sperrung nicht die Kontakte, private Mail und alle Kommunikationsmöglichkeiten mit weg sind. Über Chrome Browser User Profiles kann man das schnell und bequem umschalten, und das Kind lernt gleich noch OpSec und sich selbst geschickt zu publizieren.\nIt\u0026rsquo;s complicated , und danah boyd ist immer lesenswert.\nSelber programmieren Minecraft ist eine Einstiegsdroge für die Programmierung. Das Potenzial für die Selbstmotivation ist enorm, und der Support in der Community gewaltig.\nFür JetBrains IntelliJ existieren ganz ausgezeichnete Plugins für Server-Plugins und Client-Mods: Minecraft Development unterstützt Bukkit, Spigot und PaperMC sowie einen Haufen weiterer populärer Servervarianten.\nIntelliJ selbst ist stabil (Eclipse meiner Erfahrung nach nicht) und hat einen sehr überschaubaren Ressourcenverbrauch: ~2 GB maximale Prozeßgröße, realer Verbrauch oszilliert von 512 MB bis 1024 MB.\nFazit Maschine zum Spielen bereitstellen. Ein abgelegtes Mac oder Windows-Notebook tun sicher, die kommende Java-IDE wird die Maschine eher an die Grenzen bringen als das Spiel. Minecraft Java Edition kaufen. Oder den Gamepass holen \u0026ndash; Minecraft ist seit kurzem in der Java und in der Bedrock Edition Teil vom Gamepass. Den dazu notwendigen Microsoft-Account mit 2FA sichern. Einen Screenshot vom 2FA QR-Code offline (USB-Stick?) archivieren. Discord Account machen. 2FA aktivieren. Den QR-Code sichern. Discord installieren. Java installieren. Man will OpenJDK, nicht Oracle, und man will vermutlich JDK 11, 16 oder 17 (das hängt später ein wenig von den Mods ab). MultiMC installieren. Es kann sein, daß gleich nach dem Download beim ersten Run ein Upgrade angeboten wird. Annehmen. Sicherstellen, daß das gewünschte JDK gefunden wird. Dadurch wird nicht das steinalte Default-Download-JDK verwendet. Minecraft (Microsoft Account eintragen) eintragen. Spiel-Instanz erzeugen. Forge oder Fabric installieren. Danach erst die Mods zufügen. Server mit externen Spielern nicht daheim betreiben: VPS oder ähnlich besorgen. Installation ansibilisieren. Backup einrichten und Restore testen. Server Buildprozess durchlaufen lassen, resultierendes Binary ansibilisieren. Server in Betrieb nehmen, Zugang kontrollieren. Zusammen mit dem Server auch gleich eine virtuelle Discord-Serverinstanz für die Spieler einrichten. Selbst Owner vom Dicord bleiben: Kind so weit entrechten, daß es den Server noch moderieren kann, aber nicht kaputt machen. Das Kind wird vermutlich bald selbst eine 2. Discord-Instanz ohne Eltern einrichten. ","date":"2021-12-20T00:00:00Z","href":"https://blog.koehntopp.info/2021/12/20/dein-kind-will-minecraft-spielen.html","tags":["lang_de","gaming","microsoft","minecraft"],"title":"Dein Kind will Minecraft spielen"},{"categories":null,"content":"Dieser Artikel basiert auf einem Twitter-Thread und ist in deutscher Sprache als Heise Kommentar erschienen.\nÜber den Java-Slogan \u0026ldquo;Write Once, Run Everywhere\u0026rdquo; wurden schon viele Witze gemacht. Den log4j-Exploit behandeln viele nun wie einen Bug – das ist er nicht.\nEine kritische Lücke in der Java-Bibliothek Log4j beherrscht gerade die Schlagzeilen. Die IT-Welt ruft \u0026ldquo;Warnstufe Rot\u0026rdquo; aus – weil offenbar der log4j-Code JNDI-Variablenexpansion vornehmen kann. Doch was ist JNDI? Jindi al Dap ist der Name eines alten arabischen Philosophen und Mathematik-Pioniers, der für Sun/Oracle gearbeitet hat, um ein System von Directory Lookups in Java zu entwickeln. Dieses System lädt irgendwie Code aus dem Internet nach. Aber selbst, wenn man länger auf das Systemdiagramm starrt, erkennt man nicht unbedingt sofort, an welcher Stelle sich der Java CLASSPATH so erweitert, dass er das gesamte Internet umfasst:\nSystemdiagramm des JNDI Subsystems von Java, aus der Dokumentation .\nNichts ist jemals simpel. Das ist so, weil in Java nichts jemals simpel ist. Java Code ist unstrukturierter trockener Staub von Codefragmenten in Klassendateien, die inert in keiner Weise miteinander interagieren. Erst mit den passenden Factories, Delegates, Generators und ClassLoaders werden sie instanziiert und zusammengesetzt. Der entstehende Haufen an Querverweisen führt dann nur zufällig irgendwann einmal tatsächlich wirksamen Code aus. Man könnte jetzt auf die Idee kommen, eine IDE mit integrierter syntaktischer Codesuche zu verwenden, um diesen Quelltexthaufen in Form zu bringen und zu verstehen. Aber das ist vergebens: Auch mit der gesamten Codebasis und einem Index darauf kann man nicht vorhersagen, was eine gegebene Java Codebase tun wird, wenn man sie startet.\nEs braucht auch noch Konfigurationsdateien. Diese sind ein weiterer Haufen \u0026ndash; Properties-Dateien \u0026ndash; in einem vorsintflutlichen Vorläufer von YAML geschrieben: XML. Oder jedenfalls, das ist es, was wir denken sollen: Mit den Properties und der Codebasis können wir endlich versuchen zu verstehen, was Java tut. Und das wäre auch beinahe so, aber JNDI ist genau angetreten, dieses Problem zu beheben: Directory Lookups! Statt also die Anwendung und ihre Konfiguration zu paketieren, und dann die Pakete in Produktion zu installieren, können wir nun mit JNDI die Konfiguration vom Netz lesen. Das heißt, die eigentlichen Konfigurationsdateien, die uns sagen, was die Anwendung tut sind\u0026hellip; nicht mehr da. Fortschritt!\nDas stellt sicher, dass uns niemand mehr hacken kann, weil niemand den Code mehr versteht: Wichtige, zum Verständnis der Codebasis notwendige Informationen sind versteckt in einem Verzeichnisdienst, und wir wissen nicht mal welcher. Aber wir können das noch einen Schritt weiterspielen: Der Code, der den Directory Lookup vornimmt, ist auch nicht da, nur ein Bootstrap: Event and Service Provider Packages .\nLaut Dokumentation können wir Objekte aus der Nameing API bekommen und dort hinein serialisieren. Wir bekommen also Printer-Objekte mit Printer-Methoden aus dieser API, wenn wir danach fragen.\nDank JDNI SPI können wir also Java Classfiles von einem LDAP-Server ausliefern lassen, die angeblich ein Printer-Object generieren, wenn wir nach einem Printer fragen \u0026ndash; dann aber stattdessen Doom installieren. Oder einen Kryptominer oder Verschlüsselungstrojaner. So geht Enterprise Security!\nWrite Once, Run Everywhere! Der Java-Slogan ist ja \u0026ldquo;Write Once, Run Everywhere\u0026rdquo;. Wir haben da viele Witze drüber gemacht, weil Java so oft gecrashed ist \u0026ndash; die meisten Java-Anwendungen liefern inzwischen ja die gesamte Ausführungsumgebung einschließlich der JRE mit, damit überhaupt etwas funktioniert. Jetzt funktioniert endlich mal alles, und die Leute sind wieder unglücklich. Aber im Ernst: Viele behandeln den log4j-Exploit wie einen Bug, einen Programmierfehler, eine Verletzung einer Spezifikation. Genau das ist jedoch nicht der Fall:\nEs funktioniert \u0026ndash; wortwörtlich \u0026ndash; endlich einmal alles wie spezifiziert und dokumentiert: All die Modularität und dynamische Erweiterbarkeit von Java hat ganz wunderbar und genau wie geplant zusammengearbeitet und funktioniert. Darauf haben wir dekadenlang hingearbeitet!\n\u0026ldquo;NOTABUG, WONTFIX\u0026rdquo; Und das ist das eigentliche Problem hier. Viele rufen jetzt nach \u0026ldquo;Mehr Kontrolle!\u0026rdquo;, \u0026ldquo;Mehr Review!\u0026rdquo;, \u0026ldquo;Mehr Funding!\u0026rdquo;, \u0026ldquo;Mehr Augen auf den Code!\u0026rdquo;. Was wirklich helfen würde wäre weniger Code, weniger Indirektion und Boilerplate, und einfach mehr\u0026hellip; Einfachheit.\nWieso brauche ich ein LogAppenderFactorySingleton, das XML liest, um den Namen der Klasse zu bekommen, die es instanziieren muss, damit ich meine Logzeile da einwerfen kann, um sie asynchron an einen LogStream anzuhängen? Das ist nicht einfach. Was ist einfach? JSON nach stderr drucken. Das ist einfach. Aber Firmen stellen seit etwa einer Dekade Leute ein, die nicht wissen, was stdout und stderr sind und das ist irgendwie okay, weil inzwischen ja sowieso alles ein Webservices ist\nEin totales log4shell Nonmention von apenwarr .\nSoftwareentwicklung ist viel moderner geworden: Wir haben Merge Requests mit Code Review, CI/CD-Pipelines, Infrastructure as Code und Immutable Infrastructure. Das nützt nur nix, wenn meine Java Logging Library auf dem Mars Code von Directory-Servern auf der Erde nachlädt und so das \u0026ldquo;Remote\u0026rdquo; in RCE komplett neu definiert. Die Analyse von Dependencies hat nur dann Sinn, wenn die Liste dieser Abhängigkeiten endlich, und genau so immutable wie die Infrastruktur ist.\nJava hatte einmal die notwendigen Kontrollknöpfe, mit denen wir erzwingen konnten, dass diese Liste von Abhängigkeiten endlich und unveränderlich ist. Wenn man auf diese Art von Lebensstil steht, gibt es etwas, das sich SM nennt: Oracle SM . SM bringt die notwendigen Verträge und die Disziplin, die eine Codebase braucht. Aber die meisten Anwender stehen nicht auf SM, und lehnen die Idee ab. Also wird die Funktionalität in Java 17 als deprecated (veraltet) gekennzeichnet und später entfernt werden (JEP 411: Deprecate the Security Manager for Removal ).\nWie ein Dreijähriger Auch JNDI hat SM abgelehnt und hat ein promiskuitives Interface, das Code irgendwoher lädt und ausführt. Man muss sich das wie einen Dreijährigen vorstellen, der sich jede Klasse in den Mund steckt, um herauszufinden wie sie schmeckt und ob sie sich ausführen lässt. Das ist am Ende genau die Spezifikation: Hier ist ein Object, deserialisiere es. In Java bedeutet das, dass der Code für die Klasse des Objektes irgendwo her kommen muss, deren Methoden dann ausgeführt werden.\nNatürlich würde niemand das für eine gute Idee halten, wenn man es so formuliert. Aber andererseits hat es die Person, die das vor 8 Jahren implementiert hat, nicht gesehen, und auch die Hunderttausend, die log4j in ihre Codebasis importiert haben, sind nicht darüber gestolpert. Was sagt uns das über den Dependency-Management-Prozess von Organisationen, die Software entwickeln? Über das Verständnis der Codebase, der Abhängigkeiten, und der Prozesse, die Datenfluss und Releases planen? Ja, genau.\n\u0026ldquo;Wir verwenden eine modulare Architektur und agile Methoden, um die Entwicklungsgeschwindigkeit zu steigern.\u0026rdquo;\nE = 1/2m*(v^2)\nMehr Entwicklungsgeschwindigkeit macht größere Krater.\nCode. Ist. Nicht. Dein. Freund. Ganz besonders nicht dynamisch aus dem Internet nachgeladener Code.\nCode. Ist. Nicht. Dein. Freund.\nIch weiß, es klingt komisch, wenn man Entwickler ist und den eigenen Lebensunterhalt damit bestreitet, dass man glaubt, man sei mit dem Code befreundet.\nAber so ist es. Weniger Code ist besserer Code. Am besten so wenig Code, dass man ihn zur Gänze und mit allen seinen Interaktionen verstehen kann. Und auch den Code, der notwendig ist, um den eigenen Code zu betreiben.\n","date":"2021-12-14T00:00:00Z","href":"https://blog.koehntopp.info/2021/12/14/funktioniert-wie-spezifiziert.html","tags":["lang_de","security"],"title":"Es funktioniert wie spezifiziert"},{"categories":null,"content":"This morning the Discord account of my son started to send \u0026ldquo;free nitro\u0026rdquo; spam to his friends on the friend list, and to some Discords he was a member of. He had 2FA (Google Authenticator) on the account. That fact alone made this a recoverable failure.\nMy son is playing minecraft, has a friend list of around 100 fellow players, and is member of around 40 Discords. He also connected his Discord to Spotify, YouTube and other services, and he authorized around 12 application services, mostly Discord/Minecraft bot services. It is pretty safe to say that his Discord account is very valuable to him, and plays a central part in his pandemic coping.\nThe spam was sending messages to all his friends, and a few Discords, impersonating him. It was not acting as a bot, or even one of his own bots. That means the spammer had accessed his account and identity.\nRecovery was easy, thanks to 2FA Changing the account password is a 2FA protected operation, and invalidates all other login tokens.\nThat means, only a person having access to his cellphone can 2FA and change the password - him (or, this time, me). It also means his Desktop client, all spammers impersonating him and everyone else is logged out. This stopped the Spam dead immediately.\nHow the spam works The \u0026ldquo;free nitro\u0026rdquo; spam is a message promising Discord Nitro (Server Boost, a pay feature) for free. It contains a link that leads you to a typosquatter domain displaying Discords original CI. It presents you with a QR code to scan.\nIt then directs you to open the Discord app on the phone, hit the settings, hit the personal icon on the right and use the function labelled \u0026ldquo;Scan QR code\u0026rdquo; to claim the prize.\nNothing in the UI of the original Discord cellphone app explains to a casual observer what this function does: \u0026ldquo;Using this function will log somebody in to your account\u0026rdquo;. The copy is simply \u0026ldquo;Scan QR code\u0026rdquo;.\nDiscord Settings show the \u0026ldquo;Use the cellphone to auth the desktop app\u0026rdquo; function simply as \u0026ldquo;Scan QR Code\u0026rdquo;. Nothing explains what the function really does: It logs in somebody which may or may not be you. Never use this function.\nDoing what is being asked will provide a bot with a login token to your account. The bot will then begin to send spam in your name to your friends and all discords you are member of.\nIt will also change your password, if it can. It cannot do that when 2FA is active on your account. 2FA is literally saving your account here.\nTraining your kid Here is what to do: Train your kid to\nuse 2FA properly, and always use this and no login shortcuts. archive the original 2FA QR codes used for setting up 2FA. Make a screenshot, and store the PNG of the setup QR code on a USB stick or another offline storage for recovery. This is much easier than the regular account recovery procedures 2FA setups offer, and unlike them, it is one way that works the same for all accounts. It also lets you have the 2FA code generator on the phone and a tablet, for example. Never re-use passwords. In the case of my son, he did not use his Discord password anywhere else, and he has a password list. Thus, he had to change only the Discord password and not fix any other accounts. Also, help your kid: Audit their online accounts.\nmake yourself a calendar entry to audit the accounts your kid has every 6 months: Check the password store: Make sure passwords are not re-used. Check 2FA: Have it enabled everywhere possible where regular TOTP can be used. Avoid Steam Authenticator or other special 2FA apps that may be offered, they are just more to learn and confusing. They break important workflows that must always be done right. Check account connections, cross-authentication, enabled bots and their permissions and so on. actually perform the audit. Have your kid sit in on this, and explain what you do and why. Discuss your thought with them, and the risk analysis you do. Explain online business models with them, too: How is this service or game making money, where is the value, do you think that is okay? What do you want? Offer opinions and evaluation, but try to let them make choices. Also, hold yourself to the same standards.\nFor the record, my personal Google Authenticator has 18 entries. I did not specifically set out to maximize that, so just take this as a guidance, not a competition.\n2FA works! Again, note how 2FA worked exactly the way it is designed to work:\nIt made a loss of control on the account a recoverable operation. Instead of a permanent and total loss of the center of his online life, this was just an awkward 30 minutes and a bunch of apologies.\nAlso note that while Discord is the better Slack, it does have UI/UX design problems around QR code quick authentication. Never use this function. Train your kid to not use this function. Always login with username, password and 2FA.\n","date":"2021-11-30T00:00:00Z","href":"https://blog.koehntopp.info/2021/11/30/discord-nitro-spam-and-2fa.html","tags":["lang_en","security","identity","minecraft"],"title":"Discord Nitro Spam and 2FA"},{"categories":null,"content":"MySQL window functions can be used to calculate daily averages or moving averages for a 24h time window relatively easily. In an earlier article basic window functions were already discussed. In this article, we want to see how we can get daily buckets and moving averages.\nA sample program is available, as usual, on GitHub .\nGetting sample data We will be working with a data table named data, with three columns: a sensor id, a measurement datetime d and a metric value m that was sampled at that time. The table definition looks like this:\n@sql.command(help=\u0026#34;Create a data table\u0026#34;) def setup_tables(): sql_setup = [ \u0026#34;drop table if exists data\u0026#34;, \u0026#34;\u0026#34;\u0026#34; create table data ( id integer not null, d datetime not null, m integer not null, primary key (id, d) )\u0026#34;\u0026#34;\u0026#34;, ] for cmd in sql_setup: try: c = db.cursor() c.execute(cmd) except MySQLdb.OperationalError as e: click.echo(f\u0026#34;setup_tables: failed {e} with {cmd}.\u0026#34;) For one year, each day and for each of our 11 (0-10) sensors, 1001 values will be collected. We insert a random time within the day, and a random measured value, an integer between 0 and 1000.\n@sql.command(help=\u0026#34;Fill data table with test data\u0026#34;) @click.option(\u0026#34;--start\u0026#34;, default=\u0026#34;2020-01-01 00:00:00\u0026#34;, help=\u0026#34;Start date and time yyyy-mm-dd hh:mm:ss\u0026#34;) @click.option(\u0026#34;--end\u0026#34;, default=\u0026#34;2020-12-31 23:59:59\u0026#34;, help=\u0026#34;End date and time yyyy-mm-dd hh:mm:ss\u0026#34;) @click.option(\u0026#34;--count\u0026#34;, default=1000, help=\u0026#34;Number of values per day\u0026#34;) def fill_table(start=\u0026#34;2020-01-01 00:00:00\u0026#34;, end=\u0026#34;2020-12-31 23:59:59\u0026#34;, count=1000): # Get rid of the old data cursor = db.cursor() cursor.execute(\u0026#34;truncate table data\u0026#34;) db.commit() today = datetime.datetime.fromisoformat(start) end = datetime.datetime.fromisoformat(end) one_day = datetime.timedelta(days=1) # For one year, for each day: while today \u0026lt; end: print(f\u0026#34;Date = {today}\u0026#34;) # For each measurement time: for i in range(0, count): # a random sensor id, a random second in the day, and a random metric id = randint(0, 10) d = today + datetime.timedelta(seconds=randint(0, 86399)) m = randint(0, 10000) # are written to the database. sql = \u0026#34;insert into data (id, d, m) values (%(id)s, %(d)s, %(m)s)\u0026#34; # If the (id, time) combination is not unique, we get an error that we pass try: cursor.execute(sql, {\u0026#34;id\u0026#34;: id, \u0026#34;d\u0026#34;: d, \u0026#34;m\u0026#34;: m}) except MySQLdb._exceptions.IntegrityError as e: # The Birthday Paradox in Action # print(e) pass db.commit() # next day. today += one_day Daily Buckets with GROUP BY Window Queries are somewhat related to aggregations with GROUP BY: With GROUP BY we make look at each row under the lens of the GROUP BY statement. All rows that have equal values as listed in the GROUP BY clause land on the same pile. We can then apply aggregation functions to measure the pile.\nIn our example, we could use GROUP BY date(d). That is, our datetime is turned into a date, the time component is cut off. Two values with the same date, but different times, are considered identical and would land on the same pile. Different id values or different metric values m are also not used to select different piles.\nWhat we do is GROUP BY id, date(d):\n@sql.command(help=\u0026#34;Group by day\u0026#34;) def daily_groups(): sql = \u0026#34;\u0026#34;\u0026#34; select id , date(d) as d , count(m) as cnt , sum(m) as total , sum(m)/count(m) as av from data group by id, date(d) order by id, d \u0026#34;\u0026#34;\u0026#34; cursor = db.cursor() cursor.execute(sql) result = cursor.fetchall() for row in result: print(f\u0026#39;id: {row[\u0026#34;id\u0026#34;]:2d} date: {row[\u0026#34;d\u0026#34;]} - cnt: {row[\u0026#34;cnt\u0026#34;]:6d} sum: {row[\u0026#34;total\u0026#34;]} average: {row[\u0026#34;av\u0026#34;]}\u0026#39;) So two measurements from the same sensor-id and taken on the same date are put onto the same pile.\nMySQL offers us a number of functions to measure the pile: Aggregate Functions . We can COUNT() the number of rows, we can SUM() them up, we can ask for their AVG(), MIN() or MAX(). But we can also ask for the values themselves as a comma separated list, using GROUP_CONCAT(). We can also ask for the values to be turned into JSON using JSON_ARRAYAGG() or JSON_OBJECTAGG().\nIn our example above, we ask for the sum and the count and calculate the average ourselves. The output looks like this:\n$ ./rolling-window.py daily-groups | head -5 id: 0 date: 2020-01-01 - cnt: 80 sum: 418888 average: 5236.1000 id: 0 date: 2020-01-02 - cnt: 92 sum: 419129 average: 4555.7500 id: 0 date: 2020-01-03 - cnt: 94 sum: 417583 average: 4442.3723 id: 0 date: 2020-01-04 - cnt: 94 sum: 422754 average: 4497.3830 id: 0 date: 2020-01-05 - cnt: 101 sum: 515639 average: 5105.3366 $ ./rolling-window.py daily-groups | head -369 | tail -5 id: 0 date: 2020-12-30 - cnt: 95 sum: 513361 average: 5403.8000 id: 0 date: 2020-12-31 - cnt: 94 sum: 480321 average: 5109.7979 id: 1 date: 2020-01-01 - cnt: 86 sum: 415058 average: 4826.2558 id: 1 date: 2020-01-02 - cnt: 93 sum: 443509 average: 4768.9140 id: 1 date: 2020-01-03 - cnt: 84 sum: 453897 average: 5403.5357 Since we aggregate and order by id first, we get all values from sensor 0 first, for an entire year. Then the values for sensor id 1 follow, starting again at the beginning of the year. Each row of output has values for one day, because we aggregated that way.\nWe can see how for each of the 10 sensors, approximately 90 values per day exist, but the actual value varies. We can also see that the average is around 5000, but again, it varies each day.\nDaily Partitions Window functions work just like aggregates, if we ask for that with a PARTITION BY clause. But they will return all rows instead of making piles. So when we define WINDOW w AS ( partition by id, date(d) order by id, d), we will get our sensors by sensor and by date. Each new sensor id, and each new date will restart \u0026ldquo;data collection\u0026rdquo;, that is, our sums or counts will be reset.\nOur code:\n@sql.command(help=\u0026#34;Partition by day\u0026#34;) def daily_partitions(): sql = \u0026#34;\u0026#34;\u0026#34; select id , d , count(m) over w as cnt , sum(m) over w as total , sum(m) over w/count(m) over w as av from data window w as ( partition by id, date(d) order by id, d) \u0026#34;\u0026#34;\u0026#34; cursor = db.cursor() cursor.execute(sql) result = cursor.fetchall() for row in result: print(f\u0026#39;id: {row[\u0026#34;id\u0026#34;]:2d} date: {row[\u0026#34;d\u0026#34;]} - cnt: {row[\u0026#34;cnt\u0026#34;]:6d} sum: {row[\u0026#34;total\u0026#34;]} average: {row[\u0026#34;av\u0026#34;]}\u0026#39;) We can check the sums and counts, and see them be restarted:\n$ ./rolling-window.py daily-partitions | less id: 0 date: 2020-01-01 00:13:43 - cnt: 1 sum: 6401 average: 6401.0000 id: 0 date: 2020-01-01 00:14:25 - cnt: 2 sum: 15746 average: 7873.0000 id: 0 date: 2020-01-01 00:15:33 - cnt: 3 sum: 19656 average: 6552.0000 ... id: 0 date: 2020-01-01 23:09:13 - cnt: 79 sum: 411728 average: 5211.7468 id: 0 date: 2020-01-01 23:27:16 - cnt: 80 sum: 418888 average: 5236.1000 id: 0 date: 2020-01-02 00:14:48 - cnt: 1 sum: 5834 average: 5834.0000 id: 0 date: 2020-01-02 00:15:21 - cnt: 2 sum: 10970 average: 5485.0000 ... id: 0 date: 2020-12-31 23:01:21 - cnt: 92 sum: 475441 average: 5167.8370 id: 0 date: 2020-12-31 23:14:32 - cnt: 93 sum: 475494 average: 5112.8387 id: 0 date: 2020-12-31 23:25:47 - cnt: 94 sum: 480321 average: 5109.7979 id: 1 date: 2020-01-01 00:24:46 - cnt: 1 sum: 7079 average: 7079.0000 id: 1 date: 2020-01-01 00:32:22 - cnt: 2 sum: 7989 average: 3994.5000 id: 1 date: 2020-01-01 01:01:40 - cnt: 3 sum: 14551 average: 4850.3333 We can see how each time the day changes or the id changes the sum and count values start over. Initially our count is 1, the sum is 6401 and the average is larger than 5000. As we proceed through the day, we can see how the average converges against that expected value.\nAfter 2020-01-01 23:27:16 at a count of 80 the new day starts and the counters reset.\nThe same happens at the end of the year, at 2020-01-01 23:27:16 when we start over at the first of January, but with id=1.\nMoving average Instead of partitioning the data set by date boundaries we can also define a moving window instead. This window is based on either values, or on date values. In our case, we want the latter: for each metric date d, we want to do our math on the preceding 24 hours.\nIn code:\n@sql.command(help=\u0026#34;Sliding window query - 24h\u0026#34;) def daily_window(): sql = \u0026#34;\u0026#34;\u0026#34; select id , d , count(m) over w as cnt , sum(m) over w as total , sum(m) over w/count(m) over w as av from data window w as (order by d range between interval 1 day preceding and current row) \u0026#34;\u0026#34;\u0026#34; cursor = db.cursor() cursor.execute(sql) result = cursor.fetchall() for row in result: print(f\u0026#39;id: {row[\u0026#34;id\u0026#34;]:2d} date: {row[\u0026#34;d\u0026#34;]} - cnt: {row[\u0026#34;cnt\u0026#34;]:6d} sum: {row[\u0026#34;total\u0026#34;]} average: {row[\u0026#34;av\u0026#34;]}\u0026#39;) The Window clause is WINDOW w AS (order by d range between interval 1 day preceding and current row). As we can see, the id is out of the picture here: We cannot nest window definitions, and that means in this example we count and sum over the previous 24h of all sensors, not sensors with the same id as ours.\nid: 6 date: 2020-01-01 00:03:44 - cnt: 1 sum: 3420 average: 3420.0000 id: 10 date: 2020-01-01 00:07:50 - cnt: 2 sum: 5359 average: 2679.5000 id: 5 date: 2020-01-01 00:08:35 - cnt: 3 sum: 12441 average: 4147.0000 ... id: 0 date: 2020-01-04 20:40:46 - cnt: 998 sum: 4842406 average: 4852.1102 id: 7 date: 2020-01-04 20:41:49 - cnt: 998 sum: 4842673 average: 4852.3778 id: 8 date: 2020-01-04 20:43:00 - cnt: 997 sum: 4833426 average: 4847.9699 id: 1 date: 2020-01-04 20:43:05 - cnt: 998 sum: 4837433 average: 4847.1273 ... id: 7 date: 2020-12-31 23:54:52 - cnt: 1003 sum: 5089623 average: 5074.3998 id: 8 date: 2020-12-31 23:56:02 - cnt: 1004 sum: 5092441 average: 5072.1524 id: 8 date: 2020-12-31 23:59:56 - cnt: 1000 sum: 5059683 average: 5059.6830```` From the changing id values we can see that all sensors are considered. The count also shows that in the middle of the field around 1000 values are considered - the amount of values in one 24h range.\nAn expression such as order by id, d range between interval 1 day preceding and current row is not valid: we get\nMySQLdb._exceptions.OperationalError: (3587, \u0026#34;Window \u0026#39;w\u0026#39; with RANGE N PRECEDING/FOLLOWING frame requires exactly one ORDER BY expression, of numeric or temporal type\u0026#34;) We would have to ask for values from one sensor, specifically:\nselect id , d , count(m) over w as cnt , sum(m) over w as total , sum(m) over w/count(m) over w as av from data where id = 0 window w as (order by d range between interval 1 day preceding and current row) and do that for each successive constant id value. That is not fast nor elegant.\nid: 0 date: 2020-01-01 00:13:43 - cnt: 1 sum: 6401 average: 6401.0000 id: 0 date: 2020-01-01 00:14:25 - cnt: 2 sum: 15746 average: 7873.0000 id: 0 date: 2020-01-01 00:15:33 - cnt: 3 sum: 19656 average: 6552.0000 ... id: 0 date: 2020-04-01 02:48:29 - cnt: 99 sum: 463956 average: 4686.4242 id: 0 date: 2020-04-01 03:07:43 - cnt: 100 sum: 472922 average: 4729.2200 id: 0 date: 2020-04-01 03:15:23 - cnt: 101 sum: 478127 average: 4733.9307 ... id: 0 date: 2020-12-31 23:01:21 - cnt: 97 sum: 500889 average: 5163.8041 id: 0 date: 2020-12-31 23:14:32 - cnt: 96 sum: 487287 average: 5075.9063 id: 0 date: 2020-12-31 23:25:47 - cnt: 97 sum: 492114 average: 5073.3402 We would have to wrap all that into a dependent subquery to loop.\n","date":"2021-11-24T00:00:00Z","href":"https://blog.koehntopp.info/2021/11/24/mysql-moving-average.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Moving Average"},{"categories":null,"content":"A friend of mine wanted to provision BGP passwords for their Arista switch configuration.\nSo a config stanza such as\nrouter bgp 65001 router-id 10.1.1.1 neighbor mydevices peer-group neighbor mydevices password 7 8kjYaye5DsQh0epELyKNe0oZ3E3zp39X requires generation of the Password (actually \u0026ldquo;supersecretpassword\u0026rdquo;) in an encrypted form.\nArista switches can do this using CLI tools, apparently. They seem to have an onboard Linux, which seems to provide limited tooling, but is good enough to run a 32-bit Python 3.7. Arista provides modules to help with handling their configuration. Ryan Gelobter documented these in an article on Medium.\nUnfortunately, these modules are not well portable. They have been implemented in a CPython module for Python 3.7 on i386 (32bit) Linux. They also have a lot of dependencies to other shared objects that are not easily available except in the switch environment.\nSo, if you wanted to provision switch configurations, you would need to run some code on the switch to generate the passwords the way Ryan Gelobter documents, or do the same in a virtual machine with a virtual switch running in it.\nswitch1# bash python -c \u0026#39;import DesCrypt; print DesCrypt.encrypt(\u0026#34;BMP1_passwd\u0026#34;, \u0026#34;supersecretpassword\u0026#34;)\u0026#39; JieKbldfLyl9IzUBJZRvKIcc1w5wWogI Looking at the DesCrypt.py is not particularly helpful: The code in it does little more than\nimport _DesCrypt encryptedData = _DesCrypt.cbcEncrypt(key, data) and _DesCrypt is actually _Descrypt.cpython-37m-i386-linux-gnu.so. Well, at least it is only 10 KB in size, so how hard can it be?\nLet\u0026rsquo;s have a look:\nGhidra When we drop the module into Ghidra, we get to see a PyInit__DesCrypt(void) symbol. The code in that function just calls out to PyModuleCreate2(\u0026amp;PyModuleDef, 0x3f5).\nLooking at the PyModuleDef requires the documentation to properly understand what is going on. We identify two functions, cbcEncrypt and cbcDecrypt by their PyMethodDef entries. Two labels for entry points in a stripped binary identified.\nThe Python Method Definition Table for the _DesCrypt Module defines two functions, named cbcEncrypt and cbcDecrypt.\nLooking at the cbcEncrypt function shows us that it has a dependency on cbc_crypt(), and that seems to be a function from libc, according to the manpage . So it is ancient DES, in CBC mode that is being used. We should be able to do this in pure Python without many additional dependencies then.\nUsing Ghidra more, we can decode cbcEncrypt() and the getHashedKey() function it calls.\ngetHashedKey generates the key the usual way, by xor-ing the incoming string with itself in an 8 bytes long ring buffer, but the starting value is not all zeroes, but some magic value (238ad5f51ec9a8d5)\nAlso, cbcEncrypt pads the data to an even 8 byte boundary as required by DES. How much was padded needs to be embedded in the ciphertext. There is a selection of standard methods for this, as offered for example by Crypto.Util.Padding.pad() in pycryptodome (\u0026ldquo;pkcs7\u0026rdquo;, \u0026ldquo;iso7816\u0026rdquo; and \u0026ldquo;x923\u0026rdquo;).\ncbcEncrypt uses none of these standard methods, and implements its own method: the padding is encoded in the high nibble of a fixed magic int.\nThat magic int is always prepended, even if no padding was necessary: We get ?ebb884c, with ? indicating the number of padbytes (0 to 7).\nGhidra Output of the getHashedKey() function, with a bit of annotation and typing added to get a better view.\nWith this information, we should be able to recreate the function in our own C-code and check if it can recreate the examples Ryan Gelobter provided.\nOf course, it does not.\nDebugging the original code We need to debug, and in order to be able to do that we need to be able to load and isolate getHashedKey() first. The original version, to check what the actual hashed key should look like, and compare the result to our own.\nThat should be easy: An example from 2005 (german language article) shows\nhow to turn a function into a libsomething.a, then into libsomething.so, and then how to dlopen() and dlsym() that binary to call a single function in it. That final piece of code will serve us well: We want to load the _DesCrypt module and call getHashedKey() in an isolated context to see what a correct return value looks like.\nDependencies Turns out, loading _DesCrypt...so is not so easy, because of a dependency on libtac.so.0.\n$ ldd _DesCrypt.cpython-37m-i386-linux-gnu.so linux-gate.so.1 (0xf7f7c000) libtac.so.0 =\u0026gt; not found libpython3.7m.so.1.0 =\u0026gt; not found libstdc++.so.6 =\u0026gt; /lib32/libstdc++.so.6 (0xf7d81000) libm.so.6 =\u0026gt; /lib32/libm.so.6 (0xf7c7d000) libgcc_s.so.1 =\u0026gt; /lib32/libgcc_s.so.1 (0xf7c5e000) libc.so.6 =\u0026gt; /lib32/libc.so.6 (0xf7a73000) /lib/ld-linux.so.2 (0xf7f7e000)``` So we are missing two libraries:\nlibpython3.7m.so.1.0 and libtac.so.0. The Python bit is fixed by building a Python-3.7 in 32-bit:\n$ apt install gcc-multilib $ wget https://www.python.org/ftp/python/3.7.5/Python-3.7.5.tgz $ tar xzf Python-3.7.5.tgz $ cd Python-3.7.5/ $ ./configure --build=i686-pc-linux-gnu CFLAGS=-m32 CXXFLAGS=-m32 LDFLAGS=-m32 --enable-shared $ make -j6 A minor roadbump: We need to build for 32-bit, but on a 64-bit machine. The compile-flag -m32 does that, but it will fail due to some missing includes until we install gcc-multilib as shown above. We can then download the old version of Python, and build it with the required flags for 32-bit support.\nThe libtac.so.0 we could copy off the switch. If we try, things escalate quickly . That is, because that .so in turn loads even more libraries, most of which we don\u0026rsquo;t have access to. And if we had them, they might load even more dependencies.\nLooking into Ghidra again, we know that the code we are interested in does not really depend on libtac,so.0. cbcEncrypt() itself does, but only if something goes wrong and an exception is being raised, but at this stage of our investigation we only want getHashedKey().\nFollowing the guide from 16 years ago, we can quickly write some code to dlopen() the library:\n... typedef void (* func_t)(char const *, int, char *); int main(void) { char *key = \u0026#34;mydevices_passwd\u0026#34;; int keylen = strlen(key); char data[80] = \u0026#34;supersecretpassword\u0026#34;; func_t f; char *error_msg; void *libhandle = NULL; printf(\u0026#34;main start\\n\u0026#34;); libhandle = dlopen(LIBNAME, RTLD_LAZY); if (!libhandle) { fprintf(stderr, \u0026#34;dlopen(%s, RTLD_LAZY) failed: %s\\n\u0026#34;, LIBNAME, dlerror() ); exit(2); } // find func error_msg = dlerror(); f = dlsym(libhandle, \u0026#34;_Z12getHashedKeyPKciPc\u0026#34;); error_msg = dlerror(); if (error_msg) { fprintf(stderr, \u0026#34;dlsym(%p, \\\u0026#34;getHashedKey\\\u0026#34; failed: %s\\n\u0026#34;, libhandle, error_msg ); exit(3); } printf(\u0026#34;gethashedKey %p\\n\u0026#34;, f); f(key, keylen, data); dump(\u0026#34;key\u0026#34;, key, keylen); dump(\u0026#34;data\u0026#34;, data, 80); dlclose(libhandle); return 0; } Killing Dependencies That way we can inspect the output of the function (it overwrites the first 8 bytes of data) and get a reference key value to debug against. Or could, if that would work. It does not, because the .so we open still has listed libtac.so.0 as NEEDED and we need to fix it.\nThere are many ways to edit ELF binaries, but most are badly maintained. An easy way is a web service such as elfy.io . We upload the library, click Load information -\u0026gt; Loader directives and edit the first dependency (libtac.so.0) (offset 0x270) to point to the second dependency (libpython3.7m.so.1.0 (offset 0x283) instead. Downloading the code again, we can rename it to libtest.so and load it with our test program from above, getting a reference key value. So mydevices_passwd in a non-broken implementation yields the raw key value of 4A 0E 5D 1A 70 4F 1F 23 for DES.\nHaving that, debugging can continue. It turns out: math is hard and Intel is a little-endian architecture: The seed byte sequence D5 A8 ... 8A 23 is of course the long 238A…A8D5. I am definitively not doing these things often enough anymore to not make this kind of mistake.\nProgress! Having a working getHashedKey() we can now look at cbcEncrypt() and reverse that.\nThe heart of cbcEncrypt() fetches two Python bytearray, key and data and works with them. The key is processed with getHashedKey(), then cbc_crypt() is set up and called. The result returned to Python using Py_BuildValue.\nThe moment we try to build this in C, it proves frustrating again: cbc_crypt() is no longer part of libc. It is outdated, legacy, but unfortunately still in use. Not only by Arista, but also other companies and protocols. Among them some ancient RPC protocols. It has been removed from libc and moved to libtirpc3, it seems. We need to install libtirpc3, libtirpc-dev and libtirpc-common to be able to build code that calls cbc_crypt(). Even then we seem to be limited to static linking, because for some reason the shared objects do no longer export the symbol.\nSome more short short hiccups:\nThe padding value is a nibble, not a byte, and the long it is part of has to be little endian naturally. The padding needs itself to take the 4 bytes added by the padding itself into account. In the end we get code that reproduces the expected result.\nIn Python If, and that is important, des_parity() is being called. In Python that function is not available, and should not be necessary: The legacy DES function in Python\u0026rsquo;s module supposedly ignores DES parity bits automatically.\nBut the Python code produces a different result. So what goes on here, and how do we get des_parity()?\nTurns out, des_parity() is really weird code: Look at it here . It is supposed to make the 8 bytes of the DES code uneven parity by manipulating the low-value bits in the key. But the actual code also effectively masks out the high order bit, so we do not get 56 bit of keyspace, but only 48 bit. Yay, export crypto?\nAnyway, this is the code Arista runs for their key obfuscation, so we need to duplicate it to produce correct data.\nHere is a PoC in Python.\nWith the poc provided, it should be possible to\nfrom arista_descrypt import cbc_encrypt, cbc_decrypt encrypted = cbc_encrypt(b\u0026#39;mydevices_passwd\u0026#39;, b\u0026#39;supersecretpassword\u0026#39;) print(encrypted) and that should be sufficient to build an Ansible module for Arista config provisioning. The code uses cryptography or pycryptodome automatically, one of the two is installed. It is not dependent on the legacy cbc_crypt() function that formerly was in libc.\nGenerating passphrases Encrypting and decrypting BGP passwords requires a passphrase. In EOS, this passphrase is not static, but depends on the neighbor where the BGP password is configured.\nrouter bgp 65001 router-id 10.1.1.1 neighbor mydevices peer-group neighbor mydevices password 7 8kjYaye5DsQh0epELyKNe0oZ3E3zp39X The passphrase is generated by taking the string after neighbor (in this example mydevices), and appending the string _passwd to it. The string can be the name of a peer group, an IPv4 address or an IPv6 address, and has to be used as shown in the device configuration output. This is particularly important for IPv6 addresses which have multiple forms of representation.\n","date":"2021-11-22T00:00:00Z","href":"https://blog.koehntopp.info/2021/11/22/arista-type-7-passwords.html","tags":["lang_en","security","hack","networking"],"title":"Arista Type 7 Passwords"},{"categories":null,"content":"Dieser Artikel wurde von Lenz Grimmer auch ins Englische übersetzt.\nIn einem Twitter-Thread von Christian Basl ging es um die von zerforschte App \u0026ldquo;Learnu\u0026rdquo; . Basl schreibt:\nDie Betreiber von Learnu sagen, sie hätten keine Fachkenntnisse in IT-Sicherheit und hätten sich auf externe Berater verlassen. So kam Learnu unbekannterweise unsicher auf den Markt.\nIn der sich entwickelnden Diskussion vertrat Andreas Dewes den Standpunkt\nDie meisten Start-ups die ich kenne gehen durch eine Phase, in der IT-Sicherheit und Compliance eher im Hintergrund stehen. Wenn sie größer werden fangen sie an sich darüber Gedanken zu machen u.a. weil Kunden oder Partner Zertifizierungen verlangen, z.B. SOC 2 oder ISO-27001.\nDas ist angesichts von OWASP A01:2021 - Broken Access Control eine lustige Aussage. OWASP ist eine NGO, die die Sicherheit von Anwendungen und Diensten im Internet verbessern will. OWASP gibt dazu eine jedes Jahr aktualisierte Top-10 Liste von Sicherheitsproblemen bei Anwendungen heraus.\nFür 2021 hat es im Vergleich zu 2017 die folgenden Änderungen gegeben:\nBroken Access Control war 2017 auf Platz 5 und ist jetzt Problem #1. 94 % der getesteten Anwendungen hatten irgendeine Form von defekter Zugangskontrolle. Der ehemalige #1 Dauerbrenner Injection ist nur noch auf Platz 3.\nWir sehen ein klassisches Beispiel dafür in einer anderen Schul-Anwendung, die das Team von Zerforschung getestet hat: Scoolio wurde aufgemacht, indem die Zerforschis\nEin Endpunkt der Schnittstelle (Application Programming Interface, API) ist uns dabei sofort ins Auge gefallen: /api/v3/Profile/{ProfileID}. … Wenn wir spannnende API-Endpunkte finden, die über eine Versionskomponente verfügen (hier /v3/), versuchen wir gerne mal, diese zu verändern. Also wurde in unserem Fall aus /api/v3/Profile/{ProfileID} zu /api/v2/Profile/{ProfileID}. Und tada: Noch viel mehr Daten! Aber unsere eigenen Daten sind langweilig – die kennen wir ja schon. Also haben wir auch probiert, eine fremde Profil-ID einzugeben. Und zu unserer geringen Verwunderung, aber großen Genervtheit, konnten wir natürlich auf diese detaillierten Daten der fremden ID zugreifen.\nDas ist ein klassisches \u0026ldquo;A01:2021 - Broken Access Control\u0026rdquo; Beispiel. Die Anwendung kennt die Identität des Benutzers, denn sie ist in der App eingetragen. Sie nutzt diese Information nicht, um die Verbindung zum Server zu authentisieren und autorisieren. Und entsprechend kann die API genutzt werden, um auf beliebige User-Records zuzugreifen, statt nur auf den eigenen.\nIdentität, Authentisierung, Autorisierung, Auditing und Accounting Ein paar Begriffe:\nIdentität: Ich bin ich. Aber ich kann nicht auf das Web oder eine API zugreifen. Eine Anwendung muss das an meiner statt tun. Diese Anwendung verwendet dazu eine eindeutige Benutzerkennung, die \u0026ldquo;mich\u0026rdquo; im Kontext der Anwendung repräsentiert. Eine Identität mit einem eindeutigem Identifier (einem \u0026ldquo;Principal\u0026rdquo;) der mich repräsentiert ist aber zunächst einmal eine Behauptung. Authentisierung: Ich kann das auch beweisen. Wenn ich die behauptete Identität beweisen kann, dann bin ich authentisch ich. Ich bestätige meine Identität meist mit einem Passwort und oft auch mit einem 2. Faktor (etwa einer vom einem Google Authenticator abgetippten wechselnden Geheimnummer). Die behauptete und bestätigte Identität muss für einige Zwecke auch noch verankert werden, etwa wenn diese Identität an andere Rechte oder Verhältnisse in der realen Welt gebunden werden soll. Wenn ich zum Beispiel in einer Schul-App eine Schulzugehörigkeit und Klassenzugehörigkeit haben soll, dann ist es unter Umständen gut, wenn ich mir nicht einfach einen Account machen kann. Stattdessen sollte eine Lehrperson sich das ansehen, mich fragen, ob ich das war und mich dann der Schule und der Klasse zuordnen.\nEiner behaupteten, bestätigten und in der realen Welt verankerten Identität werden dann Zugriffsrechte zugeordnet. Das ist eine Autorisierung, sie bestimmt, was diese Identität im Kontext der Anwendung sehen, schreiben, verändern und löschen darf. Dazu werden wir unten noch ein wenig mehr reden. Was ich dann in der Anwendung tu muss unter Umständen beweiskräftig mitgeschnitten werden. Etwa dann, wenn die Daten, auf die ich zugreife, besonders schützenswert sind, oder ihre Änderungshistorie dokumentiert werden muss. Das kann zum Beispiel im Schulkontext meine Ansammlung von Leistungsnachweisen sein. Ein Logbuch, bei dem Zugriffe zwingend und nicht abschaltbar mit Personenidentitäten verknüpft werden nennt man ein Audit-Log. Wenn ich Dienstleistungen in Anspruch nehme, die Geld kosten, dann muss eine besondere Form von Audit-Log geführt werden. Dieses Audit-Log ist die Grundlage der Rechnungslegung und zeigt, welche Person wann welche kostenpflichtige Dienstleistung in Anspruch genommen hat. Dieses Logbuch ist Bestandteil des Accounting. Man kann zu jedem dieser Themen viel schreiben, aber uns soll hier in erster Linie Autorisierung beschäftigen, eben weil es Thema #1 bei der aktuellen OWASP Liste ist. Und weil es nicht nur bei den Zerforschis im Scoolio Artikel auftaucht, sondern noch einmal im Mein Schnelltest Artikel:\nEine der ersten Anfragen, die uns auffällt, geht an https://corona-api.de/persons/owner/{USER_ID}, wobei USER_ID natürlich die Nummer unseres Accounts ist – z.B. 612341213acab23425251e21. … [Wir verkürzen die URL]… Einen Versuch wagen wir noch und entfernen das / am Ende der URL. Und tada:\nGET https://corona-api.de/persons Uns fällt eine Liste mit den Personen, die auf der Plattform registriert sind, entgegen. Insgesamt fast 400.000 mit allen Daten, die bei einem Corona-Test eben so erfasst werden.\nZerforschung demonstriert dann auch noch, daß sie in beiden Fällen lustig ihre Identität oder ihre Verankerung (die Schulzugehörigkeit) ändern können (und vermutlich ohne daß das in einem Audit-Log landet), und daß sie nach Belieben Daten schreiben können, indem sie dem 177-jahre alten Robert Koch ein Corona-Testergebnis ausstellen.\nAutorisierung Verben und Subjekt-Prädikat-Objekt (Wer tut was mit wem?) Eine Anwendung hat eine Außenseite. Das ist eine Liste aller URLs, die aufrufbar sind. Damit meine ich nicht nur die HTML Webseiten (von denen ja einige auch interaktiv sind und Parameter haben können), sondern auch die API, die den Server für eine App auf einem Telefon oder in einem Browser repräsentiert. Die Liste aller dieser URLs ist wie eine Liste von Verben: Tu-Worte, mit denen man der Anwendung Befehle erteilen kann - \u0026ldquo;zeige mir\u0026rdquo;, \u0026ldquo;finde mir\u0026rdquo;, \u0026ldquo;ändere mir\u0026rdquo;, \u0026ldquo;lösche mir\u0026rdquo;. Wie in jedem Satz gibt es ein Subjekt - wer befiehlt? - und ein Objekt - was wird von dem Verb manipuliert?\nWir können das in Deutsch aufschreiben: \u0026ldquo;Kris will alle Schüler der Heinrich-Heine-Schule in Heikendorf finden.\u0026rdquo;\nOder als Tripel: (Kris, \u0026ldquo;finde alle\u0026rdquo;, \u0026ldquo;Heinrich-Heine-Schule (Heikendorf)\u0026rdquo;)\nOder als Tabelle, mit den Subjekten als Zeilen, den Objekten als Spalten und den Verben da, wo die betreffende Aktion erlaubt ist. Das ist dann eine Matrix von \u0026ldquo;Wer darf was tun?\u0026rdquo;.\nRole Based Access Control Wir sehen dann, daß die Tabelle schnell umfangreich wird, und werden anfangen, die Subjekte zu gruppieren. Subjekte mit gleichen Rechten gruppieren wir zusammen, in einer Role, und benennen diese (zum Beispiel Schüler der HHS). Objekte kann man ebenso gruppieren. Wir bekommen Role Based Access Control, RBAC:\nWir können so bestimmten Subjekten, oder Rollen, feste Rechte geben. Wir müssen aber immer noch viele Relationen erlauben: \u0026ldquo;Schüler der HHS können mit anderen Schülern der HHS Kontakte anbandeln.\u0026rdquo; und extra, und verschieden davon \u0026ldquo;Schüler der Max-Planck-Schule, Kiel können mit anderen Schülern der MPS Kontakte anbandeln.\u0026rdquo;\nOffenbar reicht das in diesem Kontext nicht - aber für viele Anwendungen ist das schon ausreichend. Nämlich immer dann, wenn die interne Struktur innerhalb der Anwendung nicht weiter segmentiert werden muss.\nAttribute Based Access Control Oft will man Regeln formulieren, die Eigenschaften von Subjekten und Objekten abgleichen. Ich kann die Zugangsregeln für Schülerkontakte zum Beispiel so vereinfachen, daß ich die Kontakte zulasse, wenn der aufrufende Schüler und der aufgerufenen Schüler dieselbe Schule besuchen.\n\u0026ldquo;Schüler der HHS können mit anderen Schülern der HHS Kontakte anbandeln.\u0026rdquo; \u0026ldquo;Schüler der MPS können mit anderen Schülern der MPS Kontakte anbandeln.\u0026rdquo; … alle diese RBAC-Regeln werden zu\n\u0026ldquo;Schüler A kann mit Schüler B Kontakt aufnehmen, wenn A.schule_id == B.schule_id\u0026rdquo; also wenn Schüler A und B denselben Wert im Attribut schule_id stehen haben.\nDie Zugriffsrechte werden nun also durch Attribute von Subjekten definiert und können so stark vereinfacht werden. Das setzt natürlich voraus, daß ich die sicherheitsrelevanten Attribute identifiziere und Änderungen an denen kontrolliere, denn sonst ist der Schutz wirkungslos.\nBeispiel: Wenn ein Schüler seine schule_id nach Belieben unkontrolliert ändern kann, dann ist ein Vergleich A.schule_id == B.schule_id wirkungslos.\nWas heißt das für Anwendungsentwickler? Als Anwendungsentwickler verwende ich ein Toolkit, um Webanwendungen und APIs zu schreiben.\nIch muss wissen, welche Außenfläche meine Anwendung hat, also welche URLs mit welchen Parametern zugelassen werden. Das ist nicht schwer. Mein Toolkit hat fast sicher eine Funktion, die mir das sagt (flask routes oder ähnliche Funktionen sind überall vorhanden). Dies ist die Liste meiner Verben. Die Liste der Parameter jeder dieser aufrufbaren Seiten sind die Objekte in meinem Security-Modell. Ich muss meine Anwender identifizieren (ihnen also eindeutige Identifier zuweisen) und authentisieren (sie müssen die behauptete Identität also beweisen). Die Liste dieser Anwender ist dann die Liste meiner Subjekte. Ich muss nun ACL, RBAC oder ABAC Regeln die definieren, \u0026ldquo;Wer was mit wem\u0026rdquo; machen kann und dies im Access Control Framework meiner Anwendung ausdrücken. Das ist nicht schwer, und es ist vor allen Dingen eine notwendige Arbeit. Nicht nur aus rechtlichen und compliance Gründen, sondern auch, weil dies zu einem Datenmodell einer Anwendung gehört: Als Nebenergebnis fällt dabei nämlich ein Transaktionsmodell heraus, also ein Diagramm, wie sich die Datensätze meiner Anwendung durch die Aufrufe von Methoden ändern lassen. Ich erschlage also nicht nur alle Compliance-, viele Datenschutz und alle Security-Pflichten, sondern ich habe den kompletten Data Lifecycle meiner Anwendung mit einem Zustandsübergangsdiagramm dokumentiert, das sowohl Entwicklern als auch Business Analysts allgemeinverständlich zeigt, was zum Teufel wir hier eigentlich tun und wie wir das modellieren.\n","date":"2021-11-16T00:00:00Z","href":"https://blog.koehntopp.info/2021/11/16/a01-2021-broken-access-control.html","tags":["lang_de","security"],"title":"A01:2021 - Broken Access Control"},{"categories":null,"content":"Translation by Lenz Grimmer, German version here .\nA twitter thread by Christian Basl discussed the dissection of the \u0026ldquo;Learnu\u0026rdquo; app . Basl wrote:\nLearnu operators say they have no expertise in IT security and have relied on outside consultants. As a result, Learnu came to market insecurely, unbeknownst to them.\nIn the discussion that developed, Andreas Dewes took the view that\nMost startups I know go through a phase where IT security and compliance tend to take a back seat. As they get bigger, they start to think about it, partly because customers or partners demand certifications, e.g. SOC 2 or ISO-27001.\nThat\u0026rsquo;s a funny statement in light of OWASP A01:2021 - Broken Access Control . OWASP is an NGO that aims to improve the security of applications and services on the Internet. To this end, OWASP publishes a top 10 list of application security problems that is updated every year.\nFor 2021, compared to 2017, there have been the following changes:\nBroken Access Control was #5 in 2017 and is now problem #1. 94% of the applications tested had some form of broken access control. The former #1 perennial problem Injection is now only #3.\nWe see a classic example of this in another school application tested by the Zerforschung team: Scoolio was opened up by the researchers as follows:\nOne endpoint of the application programming interface (API) immediately caught our attention: /api/v3/Profile/{ProfileID}. … When we find exciting API endpoints that have a version component (here /v3/), we like to try to change it sometimes. So in our case /api/v3/Profile/{ProfileID} became /api/v2/Profile/{ProfileID}. And tada: much more data! But our own data is boring - we already know it. So we also tried to enter a foreign ProfileID. And to our little amazement, but great annoyance, we were of course able to access the detailed data of that foreign ID.\nThis is a classic \u0026ldquo;A01:2021 - Broken Access Control\u0026rdquo; example. The application knows the identity of the user because it is registered in the app. It does not use this information to authenticate and authorize the connection to the server. And accordingly, the API can be used to access arbitrary user records instead of just its own.\nIdentity, authentication, authorization, auditing and accounting A few terms:\nIdentity: I am me. But I can\u0026rsquo;t access the web or an API. An application has to do that on my behalf. To do this, that application uses a unique user identifier that represents \u0026ldquo;me\u0026rdquo; in the context of the application. But an identity with a unique identifier (a \u0026ldquo;principal\u0026rdquo;) that represents me is first of all an assertion. Authentication: I can also prove this. If I can prove the claimed identity, then I am authentically me. I usually confirm my identity with a password and often with a 2nd factor (such as a changing secret number typed from a Google Authenticator). The asserted and confirmed identity must also be anchored for some purposes, such as when that identity is to be tied to other rights or relationships in the real world. For example, if I\u0026rsquo;m supposed to have a school affiliation and class affiliation in a school app, then it may be good if I can\u0026rsquo;t just make an account for myself. Instead, a teacher should look at it, ask me if I did it, and then assign me to the school and class.\nAn asserted, confirmed identity anchored in the real world is then granted access rights. This is an authorization, it determines what this identity is allowed to see, write, modify and delete in the context of the application. We\u0026rsquo;ll talk a little more about that below. What I then do in the application may have to be recorded for evidentiary purposes. For example, if the data I am accessing requires special protection, or if its change history needs to be documented. In a school context, for example, this could be my collection of performance records. A logbook in which accesses are linked to personal identities in a mandatory way that cannot be switched off is called an audit log. If I use services that cost money, then a special form of audit log must be kept. This audit log is the basis of accounting and shows which person has used which chargeable service and when. This log is part of accounting. Much can be written on each of these topics, but we are to be primarily concerned here with authorization precisely because it is Topic #1 on the current OWASP list. And because it does not only appear in the Zerforschis\u0026rsquo; Scoolio article, but once again in the My Quick Test article:\nOne of the first requests we notice is to https://corona-api.de/persons/owner/{USER_ID}, where USER_ID is of course the number of our account - e.g. 612341213acab23425251e21. … [We shorten the URL]… We dare to try one more time and remove the / at the end of the URL. And tada:\nGET https://corona-api.de/persons A list of people registered on the platform drops down to us. A total of almost 400,000 with all the data that is collected during a Corona test.\nZerforschung then goes on to demonstrate that they can merrily change their identity or anchoring (the school affiliation) in either case (and presumably without it ending up in an audit log), and that they can write data at will by issuing a Corona test result to 177-year-old Robert Koch.\nAuthorization Verbs and subject-predicate-object (Who does what to whom?) An application has an outside page. This is a list of all URLs that are callable. By this I mean not only the HTML web pages (some of which are interactive and can have parameters), but also the API that represents the server for an app on a phone or in a browser. The list of all these URLs is like a list of verbs: Do words that can be used to give commands to the application - \u0026ldquo;show me\u0026rdquo;, \u0026ldquo;find me\u0026rdquo;, \u0026ldquo;change me\u0026rdquo;, \u0026ldquo;delete me\u0026rdquo;. As in any sentence, there is a subject - who commands? - and an object - what is being manipulated by the verb?\nWe can write this down in German: \u0026ldquo;Kris wants to find all the students at the Heinrich Heine School in Heikendorf.\u0026rdquo;\nOr as a triplet: (Kris, \u0026ldquo;find all\u0026rdquo;, \u0026ldquo;Heinrich-Heine-Schule (Heikendorf)\u0026rdquo;)\nOr as a table, with the subjects as rows, the objects as columns, and the verbs where the action in question is allowed. This is then a matrix of \u0026ldquo;Who may do what?\u0026rdquo;.\nRole Based Access Control We then see that the table quickly becomes large, and will start grouping the subjects. Subjects with the same rights we group together, in a role, and name them (for example students of HHS). Objects can be grouped in the same way. We get Role Based Access Control, RBAC:\nWe can thus give fixed rights to certain subjects, or roles. However, we still need to allow many relations: \u0026ldquo;Students of HHS can make contacts with other students of HHS.\u0026rdquo; and extra, and different from it \u0026ldquo;Students of the Max-Planck-Schule, Kiel can make contacts with other students of the MPS.\u0026rdquo;\nObviously, this is not enough in this context - but for many applications it is already sufficient. Namely, whenever the internal structure within the application does not need to be segmented further.\nAttribute Based Access Control Often one wants to formulate rules that match properties of subjects and objects. For example, I can simplify the access rules for student contacts to allow contacts if the calling student and the called student attend the same school.\n\u0026ldquo;HHS students can make contacts with other HHS students.\u0026rdquo; \u0026ldquo;MPS students can make contacts with other MPS students.\u0026rdquo; … all these RBAC-Rules become\n\u0026ldquo;Student A can make contact with Student B, if A.school_id == B.school_id\u0026rdquo; so if student A and B have the same value in the attribute school_id.\nSo, access rights are now defined by attributes of subjects and can thus be greatly simplified. Of course, this requires that I identify the security-relevant attributes and control changes to those, because otherwise the protection is ineffective.\nExample: If a student can change his school_id at will without control, then a comparison A.school_id == B.school_id is ineffective.\nWhat does this mean for application developers? As an application developer, I use a toolkit to write web applications and APIs.\nI need to know what my application\u0026rsquo;s outer surface is, i.e. which URLs are allowed with which parameters. This is not difficult. My toolkit almost certainly has a function that tells me this (flask routes or similar functions are present everywhere). This is my list of verbs. The list of parameters of each of these callable pages are the objects in my security model. I need to identify my users (i.e., assign them unique identifiers) and authenticate them (i.e., they need to prove the claimed identity). The list of these users is then the list of my subjects. I now need ACL, RBAC or ABAC rules that define \u0026ldquo;who can do what to whom\u0026rdquo; and express this in my application\u0026rsquo;s access control framework. This is not hard, and it is, above all, necessary work. Not only for legal and compliance reasons, but also because this is part of an application\u0026rsquo;s data model: As a side result, this produces a transaction model, i.e. a diagram of how the records of my application can be changed by calling methods. So not only am I slaying all compliance, many data protection, and all security obligations, but I\u0026rsquo;ve documented the entire data lifecycle of my application with a state transition diagram, that shows both developers and business analysts in a generally understandable way what the heck we\u0026rsquo;re actually doing here and how we\u0026rsquo;re modeling it.\n","date":"2021-11-16T00:00:00Z","href":"https://blog.koehntopp.info/2021/11/16/a01-2021-broken-access-control-en.html","tags":["lang_en","security"],"title":"A01:2021 - Broken Access Control (en)"},{"categories":null,"content":"Ein guter Freund sinnierte gestern mit anderen Freunden von mir über die Situation auf der Arbeit und schrieb mir heute:\nWie man es auch dreht und wendet: Corona ist auch ein Lackmustest für Unternehmen in ihrer Rolle als Arbeitgeber. Anhand der vierten Welle lässt sich das hervorragend nachvollziehen.\nDenn Unternehmen und Organisationen, denen am Wohl ihrer Mitarbeiter/-innen etwas liegt, haben schon vor Wochen überall dort, wo es möglich ist, ihre Leute kategorisch wieder ins Homeoffice geschickt und Präsenzveranstaltungen untersagt. Das hat selten etwas damit zu tun, dass diese Unternehmen herausragend schlau wären. Viel mehr schauen diese Unternehmen sich ausgehend vom Wunsch, die eigenen Leute nicht zu gefährden, ihr Corona-Handling dort ab, wo es funktioniert.\nUnternehmen beispielsweise, die sich an Israel orientieren, werden ihre Leute frühestens bei flächendeckender Booster-Impfung der eigenen Belegschaft wieder in die Büros rufen, falls überhaupt. Unternehmen hingegen, die sich an den Richtlinien der deutschen Bundesregierung orientieren, pochen oft seit Wochen schon darauf, in die sich aufbauende vierte Welle hinein die Anwesenheitszeiten in den Büros zu erhöhen.\nDas ist tragisch, weil es so vorhersehbar katastrophale wie vermeidbare Folgen haben wird. Wer Leute notlos in den ÖPNV zwingt, obwohl sie nicht geboostert sind, exponiert sie unnötig einem erhöhten Risiko. Wer Leute notlos ins Büro ruft, obwohl diese nicht impfbare Familienmitglieder im selben Haushalt haben, exponiert sie unnötig einem erhöhten Risiko. Unternehmen, die so agieren, machen sich schuldig.\nDie Menschen in diesen Unternehmen sollten das Corona-Handling ihres Arbeitgebers jedenfalls genau beobachten. Wer die Belegschaft unabhängig vom Impfstatus wieder ins Büro ruft, betreibt das Geschäft der Impfgegner. Denn dann entsteht der Eindruck, der Impfstatus sei im Wesentlichen egal. Wer nur geimpfte Menschen notlos ins Büro ruft, schafft dadurch indirekt sogar Incentives für Impfgegner, weil Homeoffice dann zu einem Privileg für diese wird.\nBeides wäre unerträglich. Und Menschen in diesen Firmen sollten ihren AG durchaus wissen lassen, dass das unerträglich ist. Falls alle Stricke reißen: Kündigen und Namen der Manager notieren, damit man in deren Fängen sicher nie mehr landet.\nBei den Amis heißt das The Great Resignation :\nThe COVID-19 pandemic has allowed workers to rethink their careers, work conditions, and long-term goals. As many workplaces attempted to bring their employees in-person, workers desired the freedom to work from home given during the pandemic. With telecommuting also came schedule flexibility, which was the primary reason to look for a new job of the majority of those studied by Bankrate in August 2021. Additionally, many workers, particularly in younger cohorts, are seeking to gain a better work–life balance.\nDas ist die mildeste Formulierung, die ich gefunden habe.\nTatsächlich arbeiten \u0026ldquo;wir\u0026rdquo; im März 2022 seit 2 Jahren von zu Hause und/oder unter Pandemie-Bedingungen, und außerhalb der traditionellen Bürostrukturen und -hierarchien. Einige Firmen haben sich anpassen können. Von denen hat keine ein Problem mit Churn oder Hiring, also damit, Personal halten zu können und neues anzuwerben.\nEs sind die Läden, die die Realität der vergangenen 2 Jahre negieren, die jetzt bluten, und zwar vom Kopfe her. Und Mitarbeiter, die seit 2 Jahren bewiesen haben, daß sie sehr gut und erfolgreich arbeiten können,\nohne daß sie jeden Tag 2 Stunden im Berufsverkehr verschwenden, ohne daß das Kind als Schlüsselkind nach Hause kommen muss, ohne daß ihnen das Management auf die Bildschirme glotzt, und ohne daß sie 3 von 8 Stunden pro Tag in Meetings zu bringen, von denen für sie maximal 20 Minuten relevant sind, solche Leute brechen jetzt auf - in Firmen, die anders arbeiten, in Berufe, die das nicht notwendig machen oder in ein Umfeld, das weniger dem späten 19. Jahrhundert verhaftet ist. Die Zukunft der Arbeit ist gerade angekommen, und die Leute ziehen um.\nGerade bei den Wissensarbeitern ist das so:\nIch habe 5 Jahre studiert und danach 3 Jahre Projekte gemacht und Dir jetzt gerade 2 Jahre lang bewiesen, daß ich mich selbst organisieren kann, und jetzt willst Du mich im Büro haben, damit Du Dich nicht so alleine fühlst?\nKann man machen. Nicht schlau. So gar nicht.\nEdit: Nachtrag.\nJemand schickt mir diesen paywalled link zur SZ , von dem eh nur der Anreißer interessant ist. Der Artikel beschreibt unter dem Begriff \u0026ldquo;Overemployed\u0026rdquo; Personen, die im Homeoffice so effizient sind, daß sie zwei bezahlte Vollzeitstellen besetzen, ohne Wissen der jeweiligen Arbeitgeber.\nDas geht natürlich nur mit David Graeber\u0026rsquo;s Bullshit Jobs , aber es ist natürlich auch ein Zeichen dafür, daß die Arbeit, die diese Personen ausführen weder produktiv, noch notwendig noch sinnstiftend ist.\nIch antwortete mit\nIch kann nur den Teaser lesen, aber das ist das, was wir im Informatik-Studium Semester 2 (und 4) gemacht haben. Also 3 Leute in die Inf 2 Vorlesung schicken, parallel 3 Leute in Inf 4. Mit dem Rest (gut 20 Leute, Rotationssystem) die Vorlesungen von 2x 90 Minuten in 45 Minuten durchziehen, und dann in 45 Minuten die Aufgaben machen. Das hat sehr, sehr böses Blut gegeben\nDie Antwort war:\nDafür hatten wir [bei uns] die Mitschriften AG. Etwas anderer Studienablauf bei Nicht-Informatikern.\nEdit: Nachtrag.\nEinige Arbeitgeber insistieren dringend, daß \u0026ldquo;Mitarbeiter wenigstens einen Tag in der Woche im Büro sind\u0026rdquo;, ohne das näher zu begründen.\nBohrt man unauffällig und inoffiziell nach, heißt es \u0026ldquo;Wir haben sehr viele Expats, und wenn die statt von hier von ihrem Heimatland aus arbeiten, dann kommen wir von der Unternehmenssteuer her in Teufels Küche.\u0026rdquo;\nUnter Umständen sollte man hier offener kommunizieren, und dann versuchen, kooperativ Lösungen zu finden, denn unerklärliches blockierendes Verhalten eines Arbeitgebers ist in diesem Zusammenhang nicht produktiv und führt wieder zur Kündigungswelle.\n","date":"2021-11-12T00:00:00Z","href":"https://blog.koehntopp.info/2021/11/12/die-kommende-kuendigungswelle.html","tags":["lang_de","remote first","politik","work"],"title":"Die kommende Kündigungswelle"},{"categories":null,"content":"Wir sprachen in Software Defined Silicon darüber, wie die CPU-Bedürfnisse von Hyperscalern und normalen Kunden divergieren.\nHyperscaler haben Interesse an immer größeren CPUs mit immer mehr Kernen, und immer höherer Dichte in ihren Rechenzentren. [\u0026hellip;]\nNormale Kunden sehen das nicht so: man kann in einer 64C/128T-Core-Single-Socket-Konfiguration mit 2-4 TB RAM unter Umständen den gesamten Serverbedarf einer kleineren Firma in einer einzelnen physikalischen Maschine in VMs unterbringen. Das Problem dabei: Explosionsradius, wenn mal etwas ausfällt.\nUnd das passiert:\nAMD Shares Early Details Of Zen 4 Genoa, Bergamo Heute hat AMD einen Ausblick auf die kommenden Zen 4 CPUs geliefert: Die normale \u0026ldquo;Genoa\u0026rdquo; wird 96 Cores pro Socket liefern, also 192C/384T in einem 2P-Board.\nEs wird jedoch von dieser CPU auch eine \u0026ldquo;Bergamo\u0026rdquo;-Variante geben, und das ist eine \u0026ldquo;high-core count compute engine designed for cloud-native workloads\u0026rdquo;. Das sind dann 256C/512T in einem 2P-Board.\nDas ist nicht nur zu viel Maschinerie in einer einzelnen Kiste, sondern auch in einem normalen Rechenzentrums-Rack vermutlich nicht mehr so einfach zu kühlen. Wenn man sich als Hyperscaler jedoch seine Rechenzentren nach Maß bauen lässt, sollte das alles nicht weiter weh tun.\n\u0026ldquo;Wozu der 4K-Monitor, fragst Du? Na, damit die \u0026lsquo;htop\u0026rsquo; Anzeige auf den Bildschirm passt.\u0026rdquo;\n","date":"2021-11-08T00:00:00Z","href":"https://blog.koehntopp.info/2021/11/08/amd-und-128-cores.html","tags":["lang_de","computer","cloud"],"title":"AMD und 128 cores"},{"categories":null,"content":"At work, replication is a central feature in our MySQL Standard Architecture.\nBut until MySQL 5.6, replication was strictly sequential: Even if transactions happened in parallel on a primary, they would be downloaded to the replica by the IO_THREAD into the relay log. From there, a single SQL_THREAD would apply them, one after the other in strict binlog order. That can lead to Replication Delay.\nWe had a monitor for that, courtesy of Dennis Kaarsemaker . That code looked at the time consumption in the SQL_THREAD, and counted the percentage of idle time over time, visualizing it in Graphite or Grafana.\nThis was the amount of runway we had. If the write-load to a specific replication hierarchy threatened to overwhelm a hierarchy, it was a candidate for a schema split.\nExecution Model About a decade ago, MySQL as a company started to work on that problem. The execution part of that is easy, and roughly looks like this:\nAs before, the IO_THREAD logs into the primary and downloads the binlog, then saves it to the local disk of the replica. This is called the relay log.\nUnlike before, the single SQL_THREAD is replaced with a coordinator thread which picks up the relay log for consumption. It then schedules work to a number of worker threads. These apply the binlog to local tables in parallel.\nThe complicated part is to find what can be executed in parallel. This happens in the Primary, which will mark up the binlog for parallel execution on the replicas.\nSplitting the work by schema The low-hanging fruit is splitting work by schema. We assume there are different schemata a, b, c, d on the Primary, and they are isolated from each other by permissions, in such way that write transactions are guaranteed to modify data only in exactly one schema.\nIt would allow two different write operations to different schemas on the primary to be applied in parallel, independent worker threads on the replica.\nThis was replica-parallel-type=DATABASE , and while it is enormously useful with webhosters, the use-case did not fit our environment.\nNewer versions of MySQL got replica-parallel-type=LOGICAL_CLOCK, which can handle parallel execution of compatible statements within a single schema.\nSplitting the work with LOGICAL_CLOCKS Originally, MySQL would assign each transaction in the binlog a number, starting with 1 for each binlog, the sequence_number.\nAll transactions that were executed concurrently obviously were legal to execute in parallel, because they just did on the primary. MySQL would choose a sequence number from that group and assign it to all of these concurrently executed transactions, the commit group number.\nOn the replica, transactions with the same commit group number could be executed in parallel, because they did successfully do that on the primary.\nWhile simple and fast, this method has a number of drawbacks:\nThe degree of parallelism is variable, and workload dependent. On a mostly idle primary, few transactions would be marked up as \u0026ldquo;able to run in parallel\u0026rdquo;, because they would not run in parallel on an idle machine. While that would not be a disadvantage per se (low load on the primary also means low load on the replicas), it makes it really hard to calculate the runway that you still have on your replication hierarchy. On an intermediate primary in a multilevel replication hierarchy, the degree of parallelism cannot go up, but can go down when things that happened concurrently in the primary did not in the intermediate. Execution times and parallelism in the leaf replicas would degrade. Crude hacks were invented to improve the situation with regard to the first problem: We could artificially delay commit on the primary using a config variable, and hope for other transactions to accumulate in the time window. From their locking interaction we would see if they were good to be executed in parallel, and hopefully get larger parallel execution batches.\nThus, we would slow down the primary in order to speed up the replicas.\nLogical Clocks with Dependency Trees More modern logical clocks still number transactions in the binlog with a consecutive sequence_number or sn. They will also assign a second number, the sequence number of an earlier transaction, last_committed or lc, which is the most recent earlier transaction in this binary log that might be conflicting (at least that is what the server that generated the binary log assumed).\nSo given a binary log that looks like this:\nT1: sn=5 lc=4 T2: sn=6 lc=5 T3: sn=7 lc=5 T4: sn=8 lc=6 T5: sn=9 lc=4 we have:\nT2 (sn=6) depending on T1 (T1 has sn=5, and T2\u0026rsquo;s lc is 5), T3 also depending on T1, and T4 depending on T2. T6 is much later in the log, but is dependent lc=4, just like T1. The scheduler can schedule T1, then must wait for T1 to commit. After that, it schedules T2 and T3 in parallel, because they do not conflict. T4 must wait for T2 to complete before it can run.\nThe transaction T5 can in theory be scheduled in parallel already with T1, but due to a limitation of the scheduler can\u0026rsquo;t: The scheduler does not look ahead - any dependency boundary will act as a block. Thus, T2 and T4 are barriers that require everything before them to commit before the scheduler can proceed.\nSplitting the work with COMMIT_ORDER To generate such a dependency tree, for each transaction we look at the end of the transaction, the time interval after the last statement and before the commit. At this point in time all locks the transaction can have taken actually are taken, and they are being released at the end of the commit.\nTwo transactions are non-conflicting (can be run in parallel), when their time windows with all locks being taken do actually overlap - if they had overlapping, conflicting locks, that would not be possible.\nThese transactions are assigned the same lc number.\nAgain, this is a short time window and the degree of parallelism is suboptimal, but at least it always works.\nSplitting the work with WRITESET The introduction of Group Replication required the definition of Write Sets, the sets of primary keys that make up a transaction. They can also be used to improve parallel replication markup of the binlog:\n\u0026ldquo;Two transactions with non-overlapping primary key sets can be executed in parallel.\u0026rdquo;\nWait, what? That is actually wrong, in more than one way, but it is a useful simplification for many cases.\nTwo transactions are actually capable of running in parallel if their lock sets are compatible and non-overlapping.\nIn a transaction, each primary key of any row that we write to gets an X-lock, and thus these two things (primary key set and lock set) are almost, but not quite the same.\nWhen are they not the same?\nWe may theoretically have tables without a primary key. That\u0026rsquo;s bad, and basically while we can lock rows, we can still have two identical rows, one locked and not. We cannot handle WRITESET things for tables without primary keys (but any sensible DBA will require your tables to always have a primary key defined anyway, so that should never be an issue). We may have tables with foreign key constraints, and the foreign key constraints may generate S-locks on REFERENCED rows. These locks in other tables may prevent other writes from proceeding. We cannot handle WRITESET things in the presence of foreign key constraint definitions. So:\nwith Write Sets, we can create maximally parallel dependency trees for a large number of cases, and with COMMIT_ORDER, we have a fallback plan when we can\u0026rsquo;t. How parallel is our workload? Let\u0026rsquo;s write a bit of code to find that out. You can follow along here .\nUsing the mysqlbinlog program, we can read a MySQL binlog and extract the lc/sn pairs. The following mysqlbinlog | grep will produce lines that look like this:\n$ mysqlbinlog -vvv binlog.654321 | grep \u0026#34;last_committed=\u0026#34; | head -3 #211102 8:44:24 server id 210015197 end_log_pos 475 CRC32 0x61436ace GTID\tlast_committed=0\tsequence_number=1\trbr_only=yes original_committed_timestamp=1635839064507445 immediate_commit_timestamp=1635839064507445\ttransaction_length=501 #211102 8:44:24 server id 210015197 end_log_pos 976 CRC32 0xb28c4330 GTID\tlast_committed=1\tsequence_number=2\trbr_only=yes original_committed_timestamp=1635839064507452\timmediate_commit_timestamp=1635839064507452\ttransaction_length=501 #211102 8:44:24 server id 210015197 end_log_pos 1477 CRC32 0xca77099e GTID\tlast_committed=2\tsequence_number=3\trbr_only=yes original_committed_timestamp=1635839064507455 immediate_commit_timestamp=1635839064507455\ttransaction_length=505 Our code will need to grab the lc/sn pairs and store them into value objects of the Transaction type we create. We then add the transactions to the commit scheduler:\nwhile line := sys.stdin.readline(): m = re.search(pattern, line) lc = int(m.group(1)) sn = int(m.group(2)) t = Transaction(lc, sn) sched.add(t) Adding a transaction with sched.add(t) checks if the transaction is blocked by a still open conflicting transaction. If that is the case, it first forces the open transactions to be committed, before it adds the new transaction to the (now empty) list of open transactions.\ndef add(self, t: Transaction): wait_for = t.lc if self.open.get(wait_for, None) is not None: blocker = self.open[lc] if debug: print(f\u0026#34;{t=} is blocked by {blocker=}\u0026#34;) self.commit() if debug: print(f\u0026#34;adding {t=}\u0026#34;) self.open[t.sn] = t \u0026ldquo;Committing\u0026rdquo; is simple: We just clear the list. Before we do that, we collect a number of statistics.\ndef commit(self): self.sum += len(self.open) self.count += 1 self.hist[len(self.open)] += 1 if debug or incremental: print(f\u0026#34;Commit: {len(self.open)} {self.sum=} {self.count=} Avg={self.avg()}\u0026#34;) self.open = dict() Doing that, each time there is a conflict we collect the length of the list of parallel transactions, for a global average and also in a histogram. If incremental is on, we emit a running update with the current degree of parallelism.\nActual data We have some very low traffic hierarchies such as data archives, that have an extremely low degree of parallelism - mostly because they are idle most of the time.\n# mysqlbinlog -vvv binlog.000058 | grep \u0026#34;last_committed=\u0026#34; | ./binlog.py 1: 631546 2: 481 3: 552 4: 300 5: 222 6: 423 7: 381 8: 184 9: 31 10: 13 11: 18 12: 9 13: 4 14: 1 15: 3 16: 3 Avg = 1.0155383957954558 Max = 16 The output is a histogram, so for this binlog, we had 3 instances where the open queue was 16 deep, and so on. On the average, degree of parallelism was 1.02, and the maximum was 16.\nOthers, showing a more normal workload, look a bit better:\n# mysqlbinlog -vvv binlog.000165 | grep \u0026#34;last_committed=\u0026#34; | ./binlog.py 1: 78255 2: 69955 3: 46694 4: 30747 5: 21162 6: 15942 7: 12431 8: 9465 9: 7580 10: 6059 11: 4984 12: 4155 13: 3583 14: 3018 15: 2565 16: 2218 17: 1960 18: 1635 19: 1406 20: 1196 ... 62: 1 Avg = 4.569389646418146 Max = 62 Here we end up with an average degree of parallelism of 4.6, and a maximum of 62.\nFor an internal control plane state storage, we get ~2.\nAnd for our legacy central database, we get a whopping 18. That makes a lot of sense if you think about it - this is a shared database with a number of independent sets of tables that will never block each other. That\u0026rsquo;s why we are able to split it into individual smaller databases in the first place, which is what currently happens.\nTL;DR MySQL has made great progress in being able to run parallel replication, and the work on Write Sets for Group Replication has helped tremendously with that.\nStill, the degree of exploitable parallelism is workload dependent and varies a lot (20x!), depending on replication chain and also, unfortunately, time of day and month.\nThere are legit use-cases that have very extremely low degrees of exploitable parallelism, and any SLO on replication performance always must be made with the assumption of a \u0026ldquo;degree of parallelism=1\u0026rdquo;.\nIf, and how much parallelism there is, is entirely dependent on the database owner and the workload they have. It cannot be controlled by the database operators.\n","date":"2021-11-08T00:00:00Z","href":"https://blog.koehntopp.info/2021/11/08/mysql-parallel-replication.html","tags":["lang_en","mysql","replication"],"title":"MySQL: Parallel Replication"},{"categories":null,"content":"I started blogging almost 20 years ago, because a piece of software I was using to manage calendars and discussion boards to organize the \u0026ldquo;Dienstag\u0026rdquo; also offered blogging functionality. That software was very buggy and full of HTML injections. My patches to fix things touched almost all files, and were rejected, because they\u0026hellip; touched too many files.\nSo I was looking around for something better, and the good people on ircnet:#php.de recommended Serendipity . I have been using this for many years, contributed a few improvements and sponsored a few others. Unfortunately, when Mobile became a thing, I had no theme that went well with that. I also needed 2FA for obvious reasons.\nSo for a time, I used Google+ a lot, but we all know how that went. After that I installed WordPress, but not only was that slow, but the constant patching and the Antispam became a drag.\nI revived the blog by moving all my content to Markdown, and putting it up as a Git repository hosted as GitHub Pages. GitHub Pages has a default workflow, which requires you to do nothing more than to push Markdown, which is very convenient. Internally it uses Jekyll , a static site generator, which converts Markdown together with a set of templates to HTML in the _site directory.\nJekyll is nice enough, and provided useful importers for Serendipity and WordPress. Also, I was able to extend it a bit to also create dedicated additional RSS feeds for the MySQL and Review tags. Unfortunately, though, it is written in Ruby and the theme also uses a lot of npm. The consequence of that are frequent module updates - again! - and a build time for the entire blog of approximately 120 seconds.\nI tried alternatives, and there are many. They are all either slow (Pelican and other Python based stuff), or have hardly any community (e.g. Rust-based Zola). Also, the themes offered are all worse than the really awesome Type-on-Strap I was using in Jekyll. Especially they all offer no or bad on-site search.\nI tried to experiment with Hugo, a Go-based site generator, and that is when I realized that I know nothing about frontend anymore, at all. I mean, I did PHP and made websites, but that was in and around 2000. That is checks calendar more than 20 years ago, and would you believe it, technology has changed.\nI tried to get things to work, but I failed, and gave up:\nOkay, ich geb es auf. Ich bin ja bekennender Frontend-Analphabet und habe zuletzt Webkram gemacht als wir noch ein anderes Jahrtausend hatten.\nMein Blog verwendet Jekyll, und https://github.com/sylhare/Type-on-Strap Das ist lahm, und ich will Hugo.\nIch verwende das Theme, weil es light und text-freundlich ist, und weil es eine gute Suche mitbringt (JS basierend, aber funktioniert leidlich).\nGibt es dieses Theme oder was Vergleichbares für Hugo, oder mag jemand das portieren.\nOriginal ist MIT License.\nBin Privatperson, Blog nicht monetarisiert, kann nur symbolisch zahlen, wenn es jemand es für Geld tun will, sollte das Resultat ebenfalls MIT oder frei verfügbar sein.\n@Darixzen as a member of the Pixls.us project then made contact with me, and recommended Pat David :\nI\u0026rsquo;m a member of the GIMP team, occasional photographer, digital dabbler, and lover of Free Software. Started @pixlsus https://pixls.us who took it upon himself to create a foundation for me to build on, and this weekend I was able to provisionally move over things from Jekyll to Hugo. There are still many visual and other bugs, but this is on GitHub: You can open issues, and even better, provide PRs.\nWhen running hugo serve, the website is built in memory and served from http://localhost:1313. A file watcher detects changes, and \u0026ldquo;on save\u0026rdquo; rebuilds the minimal change set, then triggers an automatic reload in the browser. I have the browser open on the left, WebStorm on the right, and whenever I hit Ctrl-S or change tabs, the article I am looking automatically refreshes. Build time is 0.272s, approximately human reaction time - it\u0026rsquo;s instant.\nThe build time for hugo --cleanDestinationDir is down from 120s to 8s, for the entire site. \u0026ldquo;Thanks, @patdavid!\u0026rdquo; and \u0026ldquo;Thanks, Hugo!\u0026rdquo;, I\u0026rsquo;d say!\nThe new build time for the entire site is down to 8s.\nAlso, using this and the Bootstrap and GitHub workflow documentation, I am even learning things now, and actually was able to fix the first bug on my blog on my own. Kris doing frontend, take cover. \u0026#x1f604;\nAh, and JetBrains. I have the all-in subscription, and started using WebStorm with this setup. I am constantly amazed how fast and incredibly useful their stuff is. If you do stuff with software for a living, and are not using their products, you are doing it wrong.\n","date":"2021-11-07T00:00:00Z","href":"https://blog.koehntopp.info/2021/11/07/this-blog-is-now-hugo-powered.html","tags":["lang_en","blog"],"title":"This Blog is now Hugo powered"},{"categories":null,"content":"What is \u0026ldquo;relational\u0026rdquo; and \u0026ldquo;algebra\u0026rdquo; about \u0026ldquo;Relational Algebra\u0026rdquo; and SQL?\nIt is likely that you know all this.\nThere is nothing new in this text, if you had Databases 101 in school or university, so you do not have to read any of this. In case you had not, or you forgot because it was a long time ago, here it is, again.\n*This is the english version of a much older german writeup .\nAlgebra An \u0026ldquo;Algebra\u0026rdquo; is a structure that is defined on base set A, with one or more operations on it. That structure is an algebra, if the result of every operation leads to results that are again in that base set A.\nSo if you have a thing and math on it, the result is again in that thing, and you can continue to math on it.\nNatural numbers and Addition and all the pain that follows The most well known of these structures is the set of natural numbers and addition {𝐍, +}:\nIf you take two natural, integer, positive numbers and add them, the result is again in that set, a natural, integer and positive number, so you can continue to add.\nIf you make it more complicated and take on another operation, subtraction, that is no longer true: 4-6 is -2, which is not in 𝐍, it is integer, but not positive. We just left the set of natural numbers 𝐍, and now need whole numbers 𝐙 instead to make {𝐙, +, -} an algebra.\nThere is a whole branch of math, axiomatic number theory, that deals with the ever more complicated things we get in our desire to have an algebra for math with numbers:\nYou start with the empty set and the set that contains the empty set to get 𝐍 in the first place, define addition. By having a desire for inverse operations, you invent subtraction and need 𝐙.\nYou invent a shorthand \u0026ldquo;multiplication\u0026rdquo; for repeated addition, and want the inverse, division, and suddenly you need 𝐐, the rational numbers.\nThen you shorthand \u0026ldquo;powers\u0026rdquo; for repeated multiplication, take the inverse, roots, and have irrational numbers, and finally 𝐑, the set of real numbers as the union of rational and irrational numbers.\nAll is good, the sun is shining, except one day you take the square root of -1, and end up with 𝐂, the complex numbers, and suddenly you lose total order. As you descend into this more, you discover Quaternions (and lose commutativity) and other, more complicated structures and lose one nice property after the other.\nBut this text is not that story, we are doing computer science here, not math.\nThere is all kind of weirdness in computer math, too, with machine epsilon and the lack of commutativity, and the number size dependent precision, but again, that is not our story here.\nWe do not even do numbers in our department, but more on that later.\nFirst we need to talk about\nRelations (and Functions) In math, a function is a thing that maps one set onto another set – or the same set, if you have an algebra.\nThis is y=0.5x+2, a function that maps 𝐑 on 𝐑, producing a line.\nThe thing that makes it a function is that for any x, we get exactly one result, exactly one y. Draw a vertical line from any point on the x-axis, and it will only ever hit the line of the function in exactly one spot.\nThere are of course also things that for one given x give you more than one y value.\nAn example would be y\u0026lt;0.5x+2, all y that are smaller than some value derived from x: That\u0026rsquo;s a relation.\nThat\u0026rsquo;s enough math for one day. We still want to do computer science.\nSo the first order of the day is to get rid of all these stupid infinities. Complex, real, rational, yes, even natural numbers - that\u0026rsquo;s a lot of infinite, intangible brain farts from weird math geeks.\nWe want proper values that are touchable and that can be seen with a debugger in memory.\nComputer science does discrete math, all finite, all represented in tangible bits.\nThat also allows us to define a function (or relation) as a lookup table instead of a formula. If it returns more than a single value (more than a single table row) it is not a function, as we have learned - it is a relation.\nAnd thus we end up dealing with tables, and multiple result rows, and the ability to query the query results further - that is \u0026ldquo;relational\u0026rdquo; and \u0026ldquo;an algebra\u0026rdquo;.\nRelational Algebra: Math with Tables An Algebra is a base set, and a number of operations you can perform on the elements of that set, and we demand that the result of any operation again is an element of the base set so that we can math on.\nOur base set is \u0026ldquo;tables\u0026rdquo;. Tables have rows, and each row has the same number of cells. Such a row is called \u0026ldquo;a tuple of n values\u0026rdquo; or \u0026ldquo;n-tuple\u0026rdquo;, and is usually written with round parens: (3, 4, 5) for a 3-tuple with the integers 3, 4 and 5.\nIn computer science there are two big camps of people: one wants data types attached to slots, static type persons. The other wants data types attached to values, dynamic type persons. Most SQL databases want static types, so you do not define a row as \u0026ldquo;3 columns\u0026rdquo;, but you would say (int, char(20), double) as an example. The only SQL product I know of that is different here is SQLite.\nOperations on tables that produce new tables Selection - cut out rows Projection - cut out columns (or make new ones) Join (Cross Product) - combine tables Rename (tables, columns) - so that you can Join a table with itself Aggregation - make piles of things considered equal under a projection Selection, Projection The Selection and Projection operations.\nThe SELECTION operation selects a row from a table. In SQL, this is a WHERE clause:\nSELECT a, b, c FROM t WHERE a = 1 The PROJECTION operation selects a column from a table. In SQL, it is an expression in the SELECT clause.\nSELECT b FROM t We can also use projection and rename to make new columns:\nSELECT a, b, c, concat(a, b) AS ab, 17 AS seventeen FROM t This will make a copy of the original table, and add two more columns, one the concatenation of a and b, and the other a constant number. We use AS to rename the columns from a machine selected name to a name of our choice.\nJoin The Join operation.\nThe JOIN operation combines two tables so that each row from table a is matched with each row of table b once for all possible combinations, a cross product.\nOriginally, we wrote this as a comma, and added additional selection clauses to the WHERE condition to select only the rows we wanted:\nSELECT a.aid, b.aid, b.bid FROM a,b WHERE a.aid = b.aid For a number of reasons that is unwieldy:\nIt makes it hard to see what is an actual selection, and what is part of the join condition. It creates scoping problems with names It has no syntax for other join types than a full cross join. So since 1992 we write the JOIN … ON … keyword, and can specify different join types by using different keywords (JOIN, LEFT JOIN, RIGHT JOIN, OUTER JOIN) The JOIN above then becomes:\nSELECT a.aid, b.aid, b.bid FROM a JOIN b ON a.aid = b.aid WHERE \u0026lt;actual constraints\u0026gt; Renaming tables for self-references The Rename operation used in a self-join context.\nThere is a group of problems, list-of-parts problems or self-referential structures, that can only be modeled with a table rename. The rename operation and the AS keyword are very old, but SQL that can actually walk such structures is rather new - Recursive Common Table Expressions (Recursive CTEs and the WITH keyword ).\nThe basic self-join looks like this:\nSELECT emp.empid AS employee, \u0026#34; has the boss \u0026#34;, boss.empid AS boss FROM emp AS boss JOIN emp ON emp.bossid = boss.empid This expression uses the emp table twice, and in order to be able to decide which instance we are referring to, the AS keyword is needed to give each instance a unique name.\nAggregates The fifth and final operation is the aggregation, with the GROUP BY keyword. To aggregate, you project a table virtually, and pile all rows that are identical under the projection onto the same heap, then measure heaps with aggregation functions.\nIf that sounds weird, look at the drawing:\nThe Aggregate operation.\nThis is a\nSELECT bossid, ... FROM emp GROUP BY bossid We group emp by bossid, that is, we put all rows from emp that have the same value for bossid onto the same pile. We can only reference columns that we mention in the GROUP BY, or measure the piles using aggregation functions such as COUNT(), SUM(), AVG() and others, e.g. GROUP_CONCAT().\nmysql\u0026gt; select -\u0026gt; emp.bossid, -\u0026gt; count(*), -\u0026gt; group_concat(emp.empid) as empids -\u0026gt; from -\u0026gt; emp -\u0026gt; group by -\u0026gt; emp.bossid; +--------+----------+-------------+ | bossid | count(*) | empids | +--------+----------+-------------+ | NULL | 1 | 1 | | 1 | 2 | 2,3 | | 2 | 3 | 4,5,6 | +--------+----------+-------------+ 3 rows in set (0.00 sec) Subqueries: Mathing on with Tables So we now have a base set, tables, and five table operators that make new tables. This is supposedly an algebra, so we should be able to apply SQL to the tables made by SQL statements.\nWe have that - Subqueries.\nScalar Subqueries, and new columns We can put SELECT expressions into any position of the SQL statement in place of constants, column names or expressions. When we put a SELECT into a place of a scalar value, it must return a 1x1 table, of course, to be able to be cast to a scalar (of the appropriate type).\nroot@localhost [kris]\u0026gt; select sum(bid) from b; +----------+ | sum(bid) | +----------+ | 3 | +----------+ 1 row in set (0.00 sec) root@localhost [kris]\u0026gt; select aid, ( -\u0026gt; select sum(bid) from b ) as bsum -\u0026gt; from a; +-----+------+ | aid | bsum | +-----+------+ | 1 | 3 | | 2 | 3 | | 3 | 3 | +-----+------+ 3 rows in set (0.03 sec) Can we make new columns from values that are the result of another select? Yes, we can!\nJoining against a Subquery We can also join against tables that are the results of another select.\nWe start with a query that finds for each schema the number of rows that the largest table in that schema has:\nmysql\u0026gt; select -\u0026gt; table_schema, -\u0026gt; max(table_rows) -\u0026gt; from -\u0026gt; information_schema.tables -\u0026gt; group by -\u0026gt; table_schema; +--------------------+-----------------+ | table_schema | max(table_rows) | +--------------------+-----------------+ | geodb | 459015 | | information_schema | NULL | | kris | 6 | | mysql | 986 | | test | 12 | | test_tablesizes | 79 | | test_world | 4079 | +--------------------+-----------------+ 7 rows in set (3.92 sec) But what is the name of this largest table?\nmysql\u0026gt; use information_schema; mysql\u0026gt; select -\u0026gt; m.table_schema, -\u0026gt; t.table_name, -\u0026gt; m.maxrows -\u0026gt; from -\u0026gt; tables as t join -\u0026gt; (select table_schema, max(table_rows) as maxrows -\u0026gt; from tables group by table_schema ) as m -\u0026gt; on t.table_rows = m.maxrows and t.table_schema = m.table_schema; +-----------------+----------------+---------+ | table_schema | table_name | maxrows | +-----------------+----------------+---------+ | geodb | geodb_textdata | 466518 | | kris | emp | 6 | | mysql | help_relation | 986 | | test | h | 12 | | kris | p | 6 | | test | t | 12 | | test_tablesizes | sizes | 79 | | test_world | City | 4079 | +-----------------+----------------+---------+ 8 rows in set (0.00 sec) We take the original query and put it into our FROM clause, naming the resulting table m. We can now join our information_schema.tables table (which we name t) against that original query result m, on equal maxrows values and equal table_schema values.\nWe then ask t for the name of all the tables that have as many rows as m.maxrows. More than one answer is possible. For example, the test schema has two tables with 12 rows.\nDependent Subqueries - the WHERE clause We can solve the same problem also by putting the Subquery into a WHERE clause:\nmoysql\u0026gt; select -\u0026gt; t.table_schema, -\u0026gt; t.table_name, -\u0026gt; t.table_rows -\u0026gt; from -\u0026gt; tables as t -\u0026gt; where -\u0026gt; t.table_rows = ( -\u0026gt; select max(table_rows) as maxrows -\u0026gt; from tables as m -\u0026gt; where -\u0026gt; t.table_schema = m.table_schema -\u0026gt; ); +-----------------+----------------+------------+ | table_schema | table_name | table_rows | +-----------------+----------------+------------+ | geodb | geodb_textdata | 466518 | | kris | emp | 6 | | mysql | help_relation | 986 | | test | h | 12 | | test | t | 12 | | test_tablesizes | sizes | 79 | | test_world | City | 4079 | +-----------------+----------------+------------+ 7 rows in set (0.00 sec) This is a dependent subquery: It runs once for every row in t that we find and may or may not produce a value. We select each row from t where the table_schema from t and m match and select those rows where the table_rows match the maxrows value we find in the subquery.\nThis does not sound efficient, and it is in fact the purpose of the program generator of the database to produce an execution plan that is not literally like this.\nTraditionally, the query planner in MySQL was severely limited, and consequently dependent subquery execution times were very bad. This is only now, with the 8.0 release, slowly changing.\nA Tuple is a type, too Tables are sets of tuples, and a tuple that can be used in SQL:\nUsing this base table:\nmysql\u0026gt; select * from t; +------+-------+------+ | a | b | c | +------+-------+------+ | eins | one | 1 | | zwei | two | 2 | | drei | three | 3 | | 1 | eins | one | +------+-------+------+ 4 rows in set (0.00 sec) We can write this:\nmysql\u0026gt; select a,b,c from t where a = \u0026#39;eins\u0026#39; and b = \u0026#39;one\u0026#39;; +------+------+------+ | a | b | c | +------+------+------+ | eins | one | 1 | +------+------+------+ 1 row in set (0.00 sec) We can do the same thing using a tuple comparison:\nmysql\u0026gt; select a,b,c from t where (a,b) = (\u0026#39;eins\u0026#39;,\u0026#39;one\u0026#39;); +------+------+------+ | a | b | c | +------+------+------+ | eins | one | 1 | +------+------+------+ 1 row in set (0.00 sec) So this also works:\nmysql\u0026gt; select * from t where (a,b) in ((\u0026#39;eins\u0026#39;,\u0026#39;one\u0026#39;), (\u0026#39;zwei\u0026#39;, \u0026#39;two\u0026#39;)); +------+------+------+ | a | b | c | +------+------+------+ | eins | one | 1 | | zwei | two | 2 | +------+------+------+ 2 rows in set (0.00 sec) We can also do slightly weird things, but they are useful:\n\u0026gt; select a,b,c from t where \u0026#39;eins\u0026#39; in (a,b,c); +------+------+------+ | a | b | c | +------+------+------+ | eins | one | 1 | | 1 | eins | one | +------+------+------+ 2 rows in set (0.00 sec) Or, if I needed to find all rows that have \u0026rsquo;eins\u0026rsquo; and \u0026lsquo;one\u0026rsquo; in neighboring columns:\nmysql\u0026gt; \u0026gt; select a,b,c from t where (\u0026#39;eins\u0026#39;,\u0026#39;one\u0026#39;) in ((a,b),(b,c)); +------+------+------+ | a | b | c | +------+------+------+ | eins | one | 1 | | 1 | eins | one | +------+------+------+ 2 rows in set (0.00 sec) Not an Algebra: LDAP, XPath Results, and many others There are many query languages that are not an algebra, so the results are not of a kind that can be used for further queries.\nThe most classical example is LDAP: LDAP defines operations on a tree, the LDAP tree. The result of any LDAP query is not a subtree, but a node set. LDAP queries do not work on node sets.\nThe result: LDAP servers are very fast, and in some cases can handle hundreds of thousands of queries per second. But the things that SQL could do in a single query actually need hundreds of thousands of queries.\nAnother classical example is XPath. Again, we have a tree as a data type and operations on it. The result again is a node set, and not a tree, so we cannot query the result using XPath. This lack is so glaringly obvious that almost all XPath implementations provide extensions to work around that and allow you to somehow convert a node set into a queryable tree.\n","date":"2021-10-29T00:00:00Z","href":"https://blog.koehntopp.info/2021/10/29/relational-algebra.html","tags":["lang_en","mysql","mysqldev"],"title":"Relational, and an Algebra"},{"categories":null,"content":" As a developer using Python, I want to be able to hand a list to an SQL statement with a WHERE id IN (…) clause, and it should do the right thing.\nWell, that is not how it started, because it was asked on the internal no-work-channel, so it kind of escalated more.\nA question The original question was:\nDev\u0026gt; Why is it 2021, and SQL prepared statements still can\u0026rsquo;t deal with IN? Or have I missed some exciting development?\nAfter a quick detour through Java (which we won\u0026rsquo;t discuss any further in this article), we established that this was a Python problem in this particular instance. And we touched on several other interesting things on our way.\nBut first, the solution:\n#! /usr/bin/env python3 import click import MySQLdb import MySQLdb.cursors class DebugCursor(MySQLdb.cursors.DictCursor): def _query(self, q): print(f\u0026#34;Debug: {q}\u0026#34;) super()._query(q) db_config = dict( host=\u0026#34;localhost\u0026#34;, user=\u0026#34;kris\u0026#34;, passwd=\u0026#34;secret\u0026#34;, db=\u0026#34;kris\u0026#34;, cursorclass=DebugCursor, ) db = MySQLdb.connect(**db_config) @click.group(help=\u0026#34;Making WHERE IN great again.\u0026#34;) def sql(): pass @sql.command() def make_table(): sql1 = \u0026#34;\u0026#34;\u0026#34;drop table if exists insert_test\u0026#34;\u0026#34;\u0026#34; sql2 = \u0026#34;\u0026#34;\u0026#34;create table insert_test ( id serial, d varchar(200) )\u0026#34;\u0026#34;\u0026#34; sql3 = \u0026#34;\u0026#34;\u0026#34;insert into insert_test values ( NULL, %(value)s )\u0026#34;\u0026#34;\u0026#34; c = db.cursor() c.execute(sql1) c.execute(sql2) for i in [ \u0026#39;eins\u0026#39;, \u0026#39;zwei\u0026#39;, \u0026#39;drei\u0026#39;, \u0026#39;zw\u0026#34;ei\u0026#39;, \u0026#39;dr\\ei\u0026#39; ]: c.execute(sql3, {\u0026#34;value\u0026#34;: i}) db.commit() @sql.command() def query(): ary = [ \u0026#39;eins\u0026#39;, \u0026#39;zwei\u0026#39;, \u0026#39;drei\u0026#39;, \u0026#39;zw\u0026#34;ei\u0026#39;, \u0026#39;dr\\ei\u0026#39; ] print(f\u0026#34;{ary}\u0026#34;) sql = \u0026#34;select d from insert_test where d in %(ary)s\u0026#34; c = db.cursor() c.execute(sql, {\u0026#34;ary\u0026#34;: ary}) res = c.fetchall() for r in res: print(r) sql() In case you didn\u0026rsquo;t spot it: you can safely generate the WHERE d IN … clause by supplying a string placeholder and then handing it a list. Do not provide parens, the list will bring its own: It is select d from t where id in %s and not select d from t where id in ( %s ).\nWhy is that safe? We are calling cursor.execute(sql, args) to run the SQL. cursor is from MySQLdb, which is the package mysqlclient, obviously.\nWait, what? In Python 2, there was a MySQL database class called MySQLdb in the package MySQLdb, which was not Python 3 compatible, and the maintainer vanished. Also, Python 3 wanted to do away with upper case letters in package names, anyway.\nSo somebody took over the package, renamed it mysqlclient and made it Python 3 compatible, and kept the old class names in order to, uncharacteristically for Python, not break compatibility. Hence, you install the dependency mysqlclient to get the MySQLdb class.\nRemember this the next time a Python person makes fun of your PHP needles and haystacks, or your Perl anything.\nAnyway… In any case, the cursors are in cursors.py, hopefully somewhere in your venv. And cursor.execute() looks something like this:\n171 def execute(self, query, args=None): ... 190 if args is not None: 191 if isinstance(args, dict): 192 nargs = {} 193 for key, item in args.items(): 194 if isinstance(key, str): 195 key = key.encode(db.encoding) 196 nargs[key] = db.literal(item) 197 args = nargs 198 else: 199 args = tuple(map(db.literal, args)) 200 try: 201 query = query % args 202 except TypeError as m: 203 raise ProgrammingError(str(m)) 204 205 assert isinstance(query, (bytes, bytearray)) 206 res = self._query(query) 207 return res So in line 201, the replacement is a simple old style Python string formatting, query % args. This is then handed to self._query() in line 206.\nBefore that, in 190ff, the args are massaged.\nIf args is not a dict, we map(db.literal, args), which happens to be defined in connections.py:266 . The function escapes the arg using the proper encoding required. It ends up using string_literal() , which is defined in _mysql, a C-language wrapper that links against libmysqlclient.so, the C language client protocol library. And that in turn ends up being a call to mysql_real_escape_string_quote() , which is the appropriate function for this.\nFor dicts, similarly, the items are being enumerated and then db.literal() is applied.\nSo this is proven to work, and it uses the recommended escape function on parameters for MySQL.\nDebugging We do hand the query off to self._query() in the end. And that does the following:\ndef _query(self, q): db = self._get_db() self._result = None db.query(q) self._do_get_result(db) self._post_get_result() self._executed = q return self.rowcount That it, it fetches the existing database connection db, sends off the query and fetches and processes the result (so that you can call cursor.fetchall() or similar on it). It also remembers the query string in cursor._executed, but only after the query ran without error. And finally, it returns the rowcount.\nWe could debug by printing cursor._executed, but only if we don\u0026rsquo;t need to debug and the query actually ran. That is, because the assignment happens only after the db.query(), which in turn will throw an exception if there is a problem with our SQL.\nSo in order to actually debug, we need to do better: We can specify a cursorclass= anyway, as a connection parameter.\nWe make our own cursorclass, DebugCursor, which we let inherit from our cursor class of choice. I happen to be partial to DictCursor, so I inherit from that.\nIn my DebugCursor, I simply override _query(), log the query string and hand off things otherwise unchanged to the superclass. Because I do that before everything else, I get my log sent before stuff catches fire and my code burns to the ground.\nThat way I get to see the replaced SQL before it runs, even it if is gibberish. So I can actually see that\nsql = \u0026#34;select d from insert_test where d in ( %(ary)s )\u0026#34; c = db.cursor() c.execute(sql, {\u0026#34;ary\u0026#34;: ary}) in which I supply my own parens, turns into\n$ python3 prep.py query [\u0026#39;eins\u0026#39;, \u0026#39;zwei\u0026#39;, \u0026#39;drei\u0026#39;, \u0026#39;zw\u0026#34;ei\u0026#39;, \u0026#39;dr\\\\ei\u0026#39;] Debug: b\u0026#39;select d from insert_test where d in ( (\\\u0026#39;eins\\\u0026#39;,\\\u0026#39;zwei\\\u0026#39;,\\\u0026#39;drei\\\u0026#39;,\\\u0026#39;zw\\\\\u0026#34;ei\\\u0026#39;,\\\u0026#39;dr\\\\\\\\ei\\\u0026#39;) )\u0026#39; Traceback (most recent call last): File \u0026#34;prep.py\u0026#34;, line 54, in \u0026lt;module\u0026gt; while without those extra parens I get\n$ python3 prep.py query [\u0026#39;eins\u0026#39;, \u0026#39;zwei\u0026#39;, \u0026#39;drei\u0026#39;, \u0026#39;zw\u0026#34;ei\u0026#39;, \u0026#39;dr\\\\ei\u0026#39;] Debug: b\u0026#39;select d from insert_test where d in (\\\u0026#39;eins\\\u0026#39;,\\\u0026#39;zwei\\\u0026#39;,\\\u0026#39;drei\\\u0026#39;,\\\u0026#39;zw\\\\\u0026#34;ei\\\u0026#39;,\\\u0026#39;dr\\\\\\\\ei\\\u0026#39;)\u0026#39; {\u0026#39;d\u0026#39;: \u0026#39;eins\u0026#39;} {\u0026#39;d\u0026#39;: \u0026#39;zwei\u0026#39;} {\u0026#39;d\u0026#39;: \u0026#39;drei\u0026#39;} {\u0026#39;d\u0026#39;: \u0026#39;zw\u0026#34;ei\u0026#39;} {\u0026#39;d\u0026#39;: \u0026#39;dr\\\\ei\u0026#39;} and so I get to actually see that all is fine and well, and properly escaped.\n","date":"2021-10-28T00:00:00Z","href":"https://blog.koehntopp.info/2021/10/28/python-where-in.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Python and WHERE ... IN ()"},{"categories":null,"content":"I wrote on Twitter something about the term \u0026ldquo;Metaverse\u0026rdquo;. That led to a contact with Michael Carl , who wanted to make an episode for his Podcast with me. My german notes and talk prep are now also available here:\nMetaverse The term \u0026ldquo;Metaverse\u0026rdquo; was initially coined by Neal Stephenson in 1992, but in the context of the current discussion it was defined as in The Metaverse: What It Is, Where to Find it, Who Will Build It, and Fortnite by Matthew Ball. Ball later wrote a lot more about the same , and that led to the current Valley Hype around it.\nWe are starting with games, who no longer are what they started out as, but somehow transcended:\nFortnite by Epic Games, which now also hosts non-Fortnite events, Roblox, a platform to make and host low-end games, and Minecraft in the Java and Bedrock editions, to show how both fail differently. Fortnite Fortnite originally was a Battle Royale game, but is now also a platform that can host events. You can also buy skins for your characters or items, often in a partnership with other IP, for example Marvel/DC super heroes. People gave concerts in there, or hosting other events. Epic likes to do this, openly, because it establishes Fortnite with people who are not originally interested in Battle Royale or part of gaming culture.\nEpic Games also makes the Unreal Engine, and the associated pipelines for creating and editing in-game assets, hosts a market to sell these things, and is building a living infrastructure to produce games, and market them. They are in a way the invisible back-cover of many games.\nRoblox Similarly, but way more casual, Roblox operates a platform to create, host and market low-end games, \u0026ldquo;making games as a game\u0026rdquo;, and matching this, they also have assets, and an asset and game marketing outlet. Roblox is mostly a thing with young and very young people, and vastly underrated with older people.\nMinecraft in two flavors Minecraft is a classic: The original game is written in Java, and meanwhile completely replaceable with third party components. There are alternative clients, alternative servers, and alternative assets. The game is bad: It is a sandbox without much story, an ill-defined goal and primitive graphics, the original servers are slow and buggy.\nBut the graphics are simple enough that even old potato computers can render it. It is written in Java, which can be easily reversed and extended without cooperation from the vendor. And thus there is an extremely rich community of modders, server and client plugins, and many other extensions. As such, Minecraft is a gateway drug into Java programming with young people, because it has unlimited potential for self-motivation and initiates undirected and unprompted learning in many people.\nNone of that leads to monetization that the current owner, Microsoft, can hook on. As an IP asset, Minecraft Java is an utter failure, because after the initial purchase Microsoft is no longer part of the value chain.\nThat is why there is \u0026ldquo;Minecraft Bedrock Edition\u0026rdquo;, more performant, better designed and from the ground up with an asset marketplace. You can buy Bedrock extensions in that marketplace, and only there. As a maker of extensions, you will have to license IP from Microsoft, and pay percentages, as a customer anyway. With gamers, it is not very popular, sterile, and without its own subculture. Compared to the Java Edition, an even bigger failure.\nThe Bedrock model is comparable to the Apple Developer mode, but smaller in scope: You can\u0026rsquo;t seriously develop for Apple machines without having an Apple-ID, a developer license, support for Apple Cloud for handover, and without leaving percentages to the Apple Store. Bedrock copies that model, but not as a Computer-Tablet ecosystem, only as a game, and that did not take off.\nMetaverse: A first definition. The definition of \u0026ldquo;Metaverse\u0026rdquo; is hence less 3D goggles, and more \u0026ldquo;Integration of the gaming industry with the value chain of the entertainment industry for an open digital asset market\u0026rdquo;. Or more open: siphoning off percentages along the gaming value chain during production, marketing and usage, and improving the value of gaming assets by partnering with entertainment properties and using their IP in gaming contexts.\nThe objective is to get more lifetime consumer budget out of a person, without bothering them too much by investing actual time. We want to extend the scope of \u0026ldquo;sellable media\u0026rdquo; in the widest sense.\nAttention and time budgets People have monetary limits, the consumption part of disposable income . They also have time limits, an attention budget. Both are convertible, but that is media dependent.\nAssuming a useful lifetime of 60 years for media consumption, during that time I could read for example one book per week, for a total of 40 books per year. In a total lifetime, that are 2400 books, at - say - 30 Euro each.\nWith AAA games, one can do around 4-6 of them per year, 240-300 in a lifetime, at a value of around 60 Euro each.\nThat\u0026rsquo;s a total lifetime value of around 70k Euro in books, or 20k Euro in games per person.\nWe can see that games are too cheap compared to their production cost, but a higher price than 60 Euro is unrealistic even for AAA titles. That is one reason why each and every game has additional ways of spending money after purchase.\nIn general with both media types, there is a lot of my lifetime attention span bound for comparatively little money: We need to up the burn rate. Books, movies and especially AAA games are much too valuable per time and their consume binds too much attention for the business to scale up. We need a different way to extract money that does not bind as many minutes of person-lifetime and attention.\nThat is critically important, because there is also a lot of free content which competes for attention with our paid for assets, and which often is \u0026ldquo;good enough\u0026rdquo; to bind time which we then cannot monetize.\nA sidebar: death and inheritances With an aging population there is the sidebar \u0026ldquo;boomers die, their children inherit\u0026rdquo;. For example, right now I have around 600 Steam titles, and around 1000 Kindle books. When I die this represents multiple 10k Euro of value. How can my son inherit this? Politics has no answers, and the vendors say \u0026ldquo;he won\u0026rsquo;t\u0026rdquo;. I can only leave my Steam login to my son, and crack the DRM of my Kindle titles.\nEconomically, Kindle and Steam inheritances are largely irrelevant, or would be even be positive, and it is unclear why vendors are blocking this.\nWhen I am inheriting a villa at the lake, I can go in, open the veranda, walk down through the park to the shore and enjoy the asset within minutes. It does not take much time.\nInheriting my Kindle and Steam library, my son will need to invest a lot of time to enjoy that: With 1200 books that will bind 30 years of lifetime, and with an inheritance of 1000 games there will be titles from 2002 that look like drawn with crayons today. I am inheriting \u0026ldquo;Skyrim\u0026rdquo;, but I will have to purchase the \u0026ldquo;VR\u0026rdquo; and \u0026ldquo;Remastered\u0026rdquo; editions of that myself.\nWe can see immediately that this will hardly lead to a loss in revenue for vendors, in some cases it is more like a kind of advertisement, actually.\nAssets: high budget, little time Even today, games offer loot boxes, pay-to-win and pay-to-skip purchases, and they sell cosmetics. Unlike the first three, the last one is hardly controversial.\nPay-to-Win: to finish the game successfully you have to buy equipment with real money. Ideally this becomes apparent only of tou already are invested in the game emotionally and with lifetime. Pay-to-Skip: gameplay is often interrupted with annoying delays in which you can\u0026rsquo;t play, except you purchase immediate continuations with real money. Lootboxes: The game sells containers with \u0026ldquo;random\u0026rdquo; in-game assets to you, some of which are very important in the context of the game. The actual game is just a wrapper for an addictive (and usually rigged) game of chance. The practice is already illegal as unregulated gambling in several EU countries. Contrary to this, cosmetics are widely accepted: These are assets that change the way the character or their equipment looks like, without affecting gameplay. Also, virtual houses and house furnishings that have no effect on gameplay.\nFor example, in \u0026ldquo;Elder Scrolls Online\u0026rdquo; as a player you can get easily and early in-game houses which are spectacularly located, and have a lot of empty space for decorations. Furnishings to decorate the house can be gotten as trophies in-game, but every day things can only be gotten by using real money and purchase from the shop.\nThis has many desirable properties for the vendor: The player can spend a lot of money (without limits!) in-game, and hardly has to invest time or attention to make use of these assets. We are no longer revenue-bound by the players\u0026rsquo; attention budget. This is a much better thing to sell than books, films or the games themselves. The game only provides context and reason for the cosmetics to exist, and defines their visuals.\nEpic Games This is precisely the operating model of Epic Games: With the Unreal Engine the company owns a platform for the fast and efficient design and rendering of really good-looking games. This also includes the tooling for making in-game assets, but also a market to sell these to other game developers. With the Epic Launcher and the integrated shop this is also a platform for game sales, and to collect meta and usage data for Epic, which again (for money) are sold back to the developer as analytics. Epic operates a payment system, which pipes money from the customer to the developer, not only for games, but also for extensions, DLC and in-game purchases.\nWith Fortnite, Epic has their own game, which at the same time can also sell 3D assets to players as equipment, cosmetics and other things.\nFortnite is a special kind of game - player vs. player, battle royal - players play against each other and last man standing wins the round. This kind of game is not interesting for all target demographics, but the engine of Fortnite is flexible and can be repurposed. This enables other use-cases, among them also as a \u0026ldquo;virtual event platform\u0026rdquo;, which also keeps the interest up through media tie-ins and licensed IP.\nThe interpretation of \u0026ldquo;The Metaverse\u0026rdquo; as a value chain for digital assets, specifically 3D assets, is too short-sighted: As an ecosystem with a controlled number of large market operators and a very large numbers of content creators and customers the foundations will look better and have better longevity. It is entirely possible to allow third parties to operate in this \u0026ldquo;virtual world\u0026rdquo;, trade with each other, especially if the market operators at all times get a tiny share from each transaction. This is the idea of the \u0026ldquo;Microsoft tax\u0026rdquo;, revitalized.\nPlayers in this market Different parties have different starting positions and strengths:\nEpic Games/Fortnite - weak in IP, but some original IP, even if niche. Unreal Engine and other things on the \u0026ldquo;games invisible back-cover\u0026rdquo; as a big strength. Roblox - original IP, very young customers, grooms them into future customers, wait 10 years. Microsoft - Minecraft, MS Store et al., too enterprise for success? But Halo, MSFS. Apple (sic!) - no IP, but platform/chain. Disney (sic!) - only IP, but weak marketing outside of films/merchandise. Knows the game very well in the real world: Imagine Disneyland principles applied to a Metaverse. Facebook - wants in at all costs, \u0026ldquo;pivot our enterprise\u0026rdquo;: If \u0026ldquo;social\u0026rdquo; of the future is \u0026ldquo;here\u0026rdquo;, we need to be \u0026ldquo;here\u0026rdquo;. Google - all of this is a reason why Stadia still exists, despite being a flop. Amazon - this is where the gaming strategy of Amazon is anchored. Amazon would like to be the AWS of the gaming world, instead of Epic. Tech Maturity Cycle and standards Cynefin as a Market Maturity Model.\nWe are in the chaotic phase of market maturity: Nobody has a business model for this. It is unclear what the market will look like, what the standards are.\nThis is the landgrab phase, building market share in a new and emerging market. Interop is secondary, because the future standards are not yet visible. Player try to differentiate themselves with features, also to find out which features matter. All players grow in a growing market.\nAs soon as a business model and stable feature lists exists and there is a system for money extraction the market can consolidate. As always, 3-5 companies will dominate the market, which is dropping out of hypergrowth. The dominating companies acknowledge their respective existence and roles, and compete semi-cooperatively: It is more important to erect barriers to entry for disruptors than to destroy the existing competition, and hence there will be complex, hard to implement standards with expensive compliance tests. This will then, against all wishes, lead to interoperability.\nMetaverse, revised definition So we get: The Metaverse is an integration of the gaming industry with the entertainment industry, and the merging of their value chains, optionally extracting a transactional tax at any point of the value chain. The objective is to monetize the lifetime intellectual consumption budget of any person, and extending the market of products relevant to that person, decoupling spend from attention.\nA main result is that books, films and games bind too much time to consume and limit spend. 3D assets are a better sale binding for less time.\nThis is also the backdrop to read \u0026ldquo;Epic vs. Apple and Google\u0026rdquo; properly: This is about opening the monopolistic markets these companies have for their hardware products, and allow other companies to monetize their walled gardens with their own offerings directly.\nThe german outlook is dreary:\nlacking highspeed, low latency infrastructure for gaming. lacking a German company with identity platforms (\u0026ldquo;Login with x\u0026rdquo;). lacking resources and companies with 3D asset tooling, production, marketplaces. lacking German film/tv/literature IP that can be integrated with any of this, especially on a global scale. German companies and culture looks inward, into the own country, not towards a global cultural base. Compare with Korea: Korean production chains in K-Pop; Korean \u0026ldquo;cultural technology\u0026rdquo; that integrated other cultures styles and art and integrates it into K-Pop; production and grooming pipelines for stars and starlets; emerging similar chains for IP.\nIn comparison, Germany counts as unarmed.\nToxic-dystopic interpretation \u0026ldquo;Property\u0026rdquo; in a simulated reality looks like property, but is virtual and can be duplicated easily. Virtualization removes resource constraints in production, but \u0026ldquo;value\u0026rdquo; is only created by uniqueness in consumption.\nThe platform operators and \u0026ldquo;tax\u0026rdquo; authorities have full market transparency and can meter the time spent and consumption habits of everybody. They know what you look at and listen to, what you are using, which styles you like and can sell this data for money to creators. They will also sell access to you to creators.\nA friend of mine:\nHHOS: in the future at birth of child, you will first have to decide which corporate tribe it joins and then find a name compliant with that tribes rules. Switching between tribes is as complicated as an emigration to or from North Korea.\nA central building block is also DRM, here under the marketing name of \u0026ldquo;NFT\u0026rdquo;. NFT is the blockchain word for DRM, only with added destruction of the planet.\nUnique things are only possible with:\nlocking the machine TPM, in-game only licensed assets and mods usable, and NFT Laser Eyes crypto bullshit that burns the planet In this context also the current engagement of Epic in the NFT bull. Proper standards will be important, and \u0026ldquo;identity\u0026rdquo; is central for \u0026ldquo;property\u0026rdquo;. This does not need blockchain, and will work better without - the platforms are central anyway.\nMy friend, commenting further:\nIt is important to bind these people into this universe (\u0026ldquo;Hyperinclusion\u0026rdquo;). They buy in the metaverses store, date their partners in metaverse locations, watch ads for products only available in the metaverse, and can hardly formulate metaverse critical thinking. There is no public space anymore, everything is part of the gated community (cf loss of the almende).\nThere may be competition between a small number of metaverses, but within one metaverse there is only managed competition. That is, the metaverse monopolizes a life in its totality.\nThat is a lot like mining towns in the US in the late 19th century. The shop was owned by the mine, the priest was employed by the mine, and the sheriff and mayor were mine employees.\nEffectively the FB strategy is to make their social media monopoly permanent.\nThis leads us to\nCurrency Cryptocurrencies have demonstrated to large players that money creation is now \u0026ldquo;up for grabs\u0026rdquo;. A metaverse is a very good environment to realize that \u0026ldquo;en passant\u0026rdquo;.\nAgain, watch the Epic engagement in crypto for details. This is problematic: Metaverse and production in it takes resources from the real world, but does not produce value for the real world. The real world is getting poorer, but that is where we live. What does that mean long term for the creation of value and money?\nMaterial URL collection\nGolem \u0026ldquo;Auf der Suche nach dem Wal\u0026rdquo; \u0026ldquo;Auf der Suche nach dem Wal \u0026rdquo;, a video game growth manager (German article).\nColorado Law Review Dark Patterns Link from the above.\n\u0026ldquo;When the Cat’s Away: Techlash, Loot Boxes, and Regulating “Dark Patterns” in the Video Game Industry’s Monetization Strategies \u0026rdquo;, Sektion \u0026ldquo;IV. Broad Guidance for Crafting Effective Dark Pattern Regulation in the Video Game Industry\u0026rdquo;\nMatthew Ball The Metaverse: What It Is, Where to Find it, Who Will Build It, and Fortnite : Original Metaverse Article\nMedia side:\nBy the time Netflix launched its streaming service, much of Hollywood knew that the future of television was online (IP TV had been deployed in the late 1999s). The challenge was timing and how to package such a service (it took another 10 years for Hollywood to accept all of their channels, genres and content needs to be collapsed into a single app/brand).\nBall writes:\nThe Metaverse, we think, will be \u0026hellip;\nPersistent. Synchronous and live. Be without any cap to concurrent users, while also providing each user with an individual sense of “presence” Be a fully functioning economy Be an experience that spans both the digital and physical worlds, private and public networks/experiences, and open and closed platforms Offer unprecedented interoperability of data, digital items/assets, content, and so on across each of these experiences Be populated by “content” and “experiences” created and operated by an incredibly wide range of contributors The Metaverse is not…\nA “virtual world” A “virtual space” (2nd life) “Virtual reality” A “digital and virtual economy” A \u0026ldquo;game\u0026rdquo; A “virtual theme park or Disneyland” A “new app store” A “new UGC platform” That is, of course, nonsense, it will be all of these things, too. This is Valley Hype to make the Next Internet sellable, and to have a common tale to tell. But in the end this is all about the things it is supposedly NOT.\nNine newer longer articles on this.\nFortnite Loyalty Program Keep up engagement and interest. A problem for any MMO:\nPeople don\u0026rsquo;t live in the metaverse, the live here. Primary consumption is casual, not high-end gamer. That is the weakness of the concept, esp Facebook. It can only become a Metaverse if it becomes a permanent place. That\u0026rsquo;s still a long road to travel.\nMy VR goggles are sitting around, idle (sold the Oculus because mandatory FB account). That is, because \u0026ldquo;entering VR\u0026rdquo; is an act (set things up, calibrate), and the goggles isolate (when I put them on, I am \u0026ldquo;gone\u0026rdquo;), and because it is used only by very few games.\nEpic and Facebook: The Race called Metaverse Pastry Eth Thread Crypto bullshit with a few good ideas, but also illusions/lies about what will happen:\n\u0026ldquo;1/5 of FB now working on AR\u0026rdquo;, FB looks at Metaverse as \u0026ldquo;Oculus\u0026rdquo;, \u0026ldquo;VR\u0026rdquo;. That\u0026rsquo;s dangerous tunnel vision. \u0026ldquo;The \u0026ldquo;Metaverse\u0026rdquo; is a virtual space created by the convergence of virtually enhanced physical reality, AR \u0026amp; the Internet: Our current 2D search based version of the Internet is giving way to a fully 3D immersive reality\u0026rdquo;: bullshit, unless consumption becomes casual. 3D Assets in Pancake Games are easier to sell \u0026ldquo;Cosmetics\u0026rdquo;. \u0026ldquo;The Metaverse is always “on” \u0026amp; is beyond the control of any individual. It exists in real time, can host any size audience, has a functioning economy, spans across platforms, provides interoperability for digital assets, \u0026amp; consists of the content and experiences its users create.\u0026rdquo; That is 2nd 2nd life as a concept, and \u0026ldquo;3D Shoppingmalls\u0026rdquo; of the early 90ies revived. As a concept not wrong, and at the same time completely wrong. \u0026ldquo;In the Metaverse, the earning power for young creators won’t be limited to the top 1%. There will be an entire new era of young entrepreneurs making a living in virtual worlds, earning real value and steady income quicker than ever imagined.\u0026rdquo; LOL. Mainly this is about a microsoft tax, that will siphon off money from creators along the way. \u0026ldquo;Creators who were once limited in their ability by technological constraints, lack of capital, time, or creativity, now have everything that is needed. What happens when physical objects are dematerialized? All formerly scarce materials become abundant.\u0026rdquo; LOL. DRM all the way is a requirement to make this work. Also, the permanent promise of creators paradise, when this is really about monopolization of the value chain. Afterwards: Thread degrades into Laser Eyes Nonsense\nDigital Twins Digital twins will act as \u0026ldquo;foundations of the metaverse\u0026rdquo; and allow people to move between real and virtual spaces\nAgain \u0026ldquo;2nd 2nd Life\u0026rdquo;, Skeumorphism is what we do with new tech that does not yet have its own design language. The first cars looked like coaches, and the first Apple applications mimicked Rolodexes and Moleskines. \u0026ldquo;Digital Twins\u0026rdquo; is the same thing.\nCore idea:\nIn April 2020, music artist Travis Scott staged a virtual concert inside the game that was attended live by 12.3 million people. It was a global phenomenon that sent the American rapper to the top of all music charts and earned him a reported $20 million.\nRead: \u0026ldquo;OMG, somebody has used a children\u0026rsquo;s battle royale to earn money without shooting players, but with traditional media work.\u0026rdquo;, and we are back to \u0026ldquo;all the ideas of 2nd life we know are problematic may still be valid again\u0026rdquo;\n\u0026ldquo;If the metaverse is an equivalent reality that coexists next to the physical reality, there needs to be a connection,\u0026rdquo; said Weir-McCall.\nDoes not need that at all. If, then more likely as AR than as 3D models, because connections to the real world is what you lose with 3D VR goggles. Casual is king.\nFacebook Glass and acceptance Google Goggle were identifiable and their users vilified as glassholes. Facebook is using Ray Bay to cover that. There is no technical relationship between Oculus and AR. This is about hiding the tech in the goggles to make it acceptable, and prevent a Facebook glasshole effect. Also, AR is more casual than VR. Fashion also allows easier re-sales of the same item, see also Apple Watch accessories.\nLaser Eyes It’s gonna be epic to bring the squid game to the metaverse. Salute to your team! I am a big fan of the TV series. I am super excited to have a chance to participate in this game! LFG!!!\nMore Laser Eyes.\n","date":"2021-10-27T00:00:00Z","href":"https://blog.koehntopp.info/2021/10/27/metaverse-en.html","tags":["lang_en","computer","technik","media"],"title":"Metaverse (en)"},{"categories":null,"content":"Ich schrieb auf Twitter was zum aktuellen Begriff \u0026ldquo;Metaverse\u0026rdquo;. Das hat zu einem Kontakt mit Michael Carl geführt, der mich in seinem Podcast haben wollte. Meine Gesprächsnotizen und Vorbereitung habe ich nun auch hier:\nMetaverse Der Begriff \u0026ldquo;Metaverse\u0026rdquo; stammt ursprünglich von Neal Stephenson, aus dem Jahre 1992, aber er ist im aktuellen Kontext von Matthew Ball in The Metaverse: What It Is, Where to Find it, Who Will Build It, and Fortnite mit Sinn gefüllt worden. Ball hat dann später mehr zum Thema geschrieben, und so den aktuellen Silicon Valley Hype erzeugt.\nDie Überlegung beginnt mit Spielen, die nicht mehr sind, was sie mal waren, sondern irgendwie mehr geworden sind:\nFortnite von Epic Games, in der nun auch Nicht-Fortnite-Aktivitäten stattfinden, Roblox, eine Plattform zur spielerischen Generierung von Computerspielen, und Minecraft in der Java- und der Bedrock-Edition, um zu zeigen, wie beides auf seine Weise unternehmerische Fehlschläge sind. Fortnite Fortnite war mal Battle Royale, aber ist inzwischen auch eine \u0026ldquo;Veranstaltungsplattform\u0026rdquo;, man kann dort Skins kaufen, Partnerschaften mit anderem IP, zum Beispiel Marvel/DC Super Heroes. Leute haben dort Konzerte gegeben oder andere Veranstaltungen durchgeführt. Epic unterstützt das, recht offen, weil es Fortnite so auch bei Leuten bekannt macht, die an Battle Royal und Gamer-Kultur nicht primär interessiert sind.\nEpic Games macht auch die Unreal Engine, und die dazu gehörenden Pipelines zum Erstellen und Editieren von digitalen Game-Assets, betreibt einen Markt für diese Dinge und baut auch sonst eine lebendige Infrastruktur zur Spielerzeugung und zur Vermarktung auf. Gewissermaßen ist dies die unsichtbare \u0026ldquo;Rückseite\u0026rdquo; von Spielen.\nRoblox Ganz ähnlich, aber viel mehr casual betreibt Roblox sowieso eine Plattform zur Erzeugung von Spielen, und macht so Assets, aber auch einen Markt für Assets. Roblox ist vor allen Dingen bei jungen und sehr jungen Menschen populär, und wird bei älteren Menschen weit unterschätzt.\nMinecraft in zwei Geschmacksrichtungen Minecraft ist ein Klassiker: Das originale Minecraft ist in Java geschrieben und inzwischen komplett durch Komponenten von Drittherstellern ersetzbar. Es gibt alternative Clients, alternative Server, alternative Assets. Das Spiel ist schlecht: Es ist eine Sandbox ohne viel Story und ohne Spielziel mit primitiver Grafik, die originalen Server sind langsam und fehlerhaft.\nAber die Grafik ist simpel, sodass das Spiel auch auf abgelegten Kartoffelcomputern funktioniert. Es ist alles in Java geschrieben, das sich leicht reversen und dann unkooperativ erweitern lässt, und so gibt es eine reichhaltige Community mit Moddern, Server- und Client-Plugins, und vielen anderen Erweiterungen. Das macht das Spiel populär und zu einer \u0026ldquo;Einstiegsdroge\u0026rdquo; in die Java-Programmierung bei jungen Menschen, weil es ein unglaubliches Potenzial für Selbstmotivation bietet.\nNichts davon ist durch den derzeitigen Eigentümer Microsoft monetarisierbar. Als IP ist Minecraft für Microsoft gescheitert, weil Microsoft nach dem Kauf des Spiels nicht mehr Teil der Verwertungskette ist.\nDaher gibt es von Microsoft \u0026ldquo;Minecraft Bedrock Edition\u0026rdquo;, performanter und besser designt, und von Grund auf mit einem Asset-Markt integriert. Erweiterungen für Bedrock sind im Laden kaufbar, und nur dort. Man muss als Anbieter IP von Microsoft lizenzieren und dann Prozente zahlen, als Kunde sowieso. Bei den Spielern ist es deswegen kaum populär, steril und ohne eigene Kultur. Im Vergleich zu Java Edition noch ein größerer Fehlschlag.\nDas Bedrock-Modell ist vergleichbar mit dem Apple Entwicklermodell, aber kleiner im Scope: Man kann nicht ernsthaft für Apple entwickeln ohne Apple-ID, Entwickler-Lizenz, Cloud-Nutzung für Handover und Storage und ohne Prozente im Apple Store zu bezahlen. Bedrock ist danach modelliert, aber halt kein Computer-Tablet-ökosystem, sondern nur ein Spiel.\nMetaverse: Eine erste Definition Die tatsächliche Definition von \u0026ldquo;Metaverse\u0026rdquo; sind also nicht 3D-Brillen, sondern \u0026ldquo;die Integration der Computerspieleindustrie mit der Wertschöpfungskette der Unterhaltungsindustrie für einen offenen, digitalen Assetmarkt\u0026rdquo;.\nOder offener: Das Anzapfen der Spieleverwertungskette an jeder Stelle im Produktionsfluß, und das Aufwerten der Spieleverwertungskette durch Integration mit Intellectual Property aus Filmen und Büchern.\nEs geht also darum, aus dem Lebenszeit-Konsum-Budget einer Person mehr Geld herauszuziehen, ohne zu viel Lebenszeit bei dieser Person zu verbrauchen, also um eine Aufweitung von Ausgaben für \u0026ldquo;Medien\u0026rdquo; im aller weitesten Sinne.\nBudgets für Aufmerksamkeit und Geld Menschen haben Geldlimits für ihre Freizeit, der Konsumanteil des verfügbaren Einkommens . Sie haben auch Zeitlimits für ihre Freizeit, ein Budget für Aufmerksamkeit. Beides ist konvertibel, aber das hängt am Medium.\nNimmt man eine nützliche Lebenszeit, in der ich \u0026ldquo;Lesen\u0026rdquo; kann von 60 Jahren an, und unterstellt man einem fleißigen Leser 40 Bücher (eines pro Woche) im Jahr, dann wird diese Person in ihrem Leben 2400 Bücher lesen, im Wert von sagen wir ~30 Euro pro Stück.\nArbeitet man mit Computerspielen der AAA-Klasse, dann schafft man eventuell 4-6 Spiele im Jahr sinnvoll durchzuspielen, also im Leben 240-300 Titel, im Wert von ~60 Euro pro Stück.\nDas setzt eine Größenordnung von Lebensumsatz pro Person für diese Dinge, also ~70k Euro in Büchern oder 20k Euro in Spielen pro Personenleben.\nWir sehen insbesondere, daß Spiele im Vergleich zu ihrem Produktionsaufwand viel zu billig sind, aber ein höherer Preis als 60 Euro ist auch für einen AAA-Titel nicht durchsetzbar. Das ist einer der Gründe, warum in jedem einzelnen dieser Spiele weitere Möglichkeiten zum Geldausgeben enthalten sind.\nGenerell ist es aber bei beiden Medien so, daß das Geldausgeben im Vergleich zu der aufgewendeten Zeit zu langsam ist: Die Burnrate muss hoch. Bücher, aber auch Filme und insbesondere AAA-Titel von Computerspielen sind viel zu werthaltig, und ihr Konsum ist zu aufwendig. Wir suchen was anderes, bei dem nicht so viele Minuten Lebenszeit pro ausgegebenem Euro aufgewendet werden müsse.\nDas ist kritisch, weil es ja auch noch viele freie Inhalte gibt, die auch um Aufmerksamkeit buhlen und \u0026ldquo;gut genug\u0026rdquo; sind, um bezahlte Inhalte zu verdrängen. Sie kosten Minuten Aufmerksamkeit, ohne Geld zu verdienen.\nNebenschauplatz: Sterben und Erben Angesichts der alternden Bevölkerung gibt es auch noch den Nebenschauplatz \u0026ldquo;Boomer sterben, Kinder erben\u0026rdquo;. Ich habe zum Beispiel genau jetzt ca. 600 Steam Titel und 1000 Kindle Books. Wenn ich sterbe, sind das einige 10k Euro Wert. Wie vererbe ich die meinem Sohn? Die Politik hat keine Antworten, und die Hersteller lassen das nicht zu. Ich kann meinem Kind also nur mein Steam Login vermachen und von meinen Kindle-Büchern das DRM knacken.\nWirtschaftlich sind Kindle und Steam-Erbschaften für die Hersteller weitgehend irrelevant, oder wären sogar positiv, und es ist unklar, wieso man sich so sträubt:\nWenn ein Haus am See erbe, kann ich da hereingehen, die Veranda aufschließen, in den Park gehen und so das Asset genießen. Das kostet mich nicht viel Zeit.\nErbe ich dagegen eine Kindle- oder Steam-Library, kostet mich das viel Zeit in der Erschließung: Wenn ich 1200 Bücher erbe, sind das 30 Jahre Lebenszeit, die ich investieren muss, um das Erbe zu verarbeiten. Wenn ich 1000 Spiele erbe, sind da Titel von 2002 bei, die heute wie Dreck aussehen. Ich erbe \u0026ldquo;Skyrim\u0026rdquo;, muss aber \u0026ldquo;Skyrim VR\u0026rdquo; und \u0026ldquo;Skyrim Remastered\u0026rdquo; selbst kaufen.\nWir sehen sofort: Erben ist für den Hersteller kein relevanter Umsatzverlust, sondern eher noch ein Mittel zur Verkaufsförderung.\nAssets: hoher Geldaufwand, geringer Zeitaufwand Bereits heute ist in Spielen neben Lootboxen und Pay-to-Win und Pay-to-Skip Modellen der Verkauf von Cosmetics eine der größten Einnahmequellen, und im Gegensatz zu den anderen Geldquellen weitgehend unumstritten.\nPay-to-Win: Das Spiel ist nicht erfolgreich zu beenden, außer man kauft Ausrüstungsgegenstände für Echtgeld dazu. Idealerweise wird das erst sichtbar, wenn man bereits eine Menge Zeit und Emotion in das Spiel investiert hat. Pay-to-Skip: Das Spiel wird immer wieder durch ärgerliche Wartepausen unterbrochen, in denen man nicht weiterspielen kann, außer man kauft die Pause durch Echtgeld weg. Lootboxen: Das Spiel verkauft einem Container einem zufälligen Inhalt an Spielgegenständen, bei denen selten wertvolle Dinge enthalten sind. Das eigentliche Spiel ist also eine Verpackung für ein Glücksspiel im Inneren. Diese Praxis ist mittlerweile in einigen EU-Ländern verboten. Im Gegensatz dazu sind Cosmetics weitgehend unumstritten: Das sind Gegenstände, die der Spielfigur und ihrer Ausrüstung ein anderes Aussehen geben, ein virtuelles Haus und seine Einrichtung, die auf das Spiel keine wesentliche Auswirkung haben und ähnliches.\nIm Spiel \u0026ldquo;Elder Scrolls Online\u0026rdquo; zum Beispiel bekommt man als Spieler leicht und zu geringen Kosten virtuelle Wohnhäuser in der Spielwelt, die sehr spektakulär liegen und aussehen und viel leeren Platz bieten. Gegenstände zum Einrichten kann man sich als Trophäen erspielen, aber wesentliche Alltagsgegenstände zur Einrichtung sind nur via Echtgeld-Einsatz im Shop zu kaufen.\nDas für den Hersteller wunderbare dabei: Der Spieler kann in den Kauf von Cosmetics beliebig viel Geld reinpumpen und wird dabei kaum Lebenszeit oder Aufmerksamkeit aufbringen müssen. Limitierend kann also nur die Geldbörse des Kunden wirken, nicht aber sein Zeitbudget. Das macht so etwas zu einem viel besseren Geschäftsfeld als Bücher, Filme oder die Spiele selbst. Das Spiel liefert nur den Kontext und Anlass für die Cosmetics zu existieren und bestimmt ihr Aussehen.\nEpic Games Dies ist genau die Geschäftsgrundlage von Epic Games: Mit der Unreal Engine bietet die Firma eine Plattform zum schnellen und effizienten Design von sehr gut aussehenden Videospielen. Dazu gehören auch Werkzeuge zum Erzeugen der Ingame-Assets, aber auch der Betrieb einer Verkaufsplattform für solche Assets an Spielhersteller. Mit dem Epic Launcher und dem darin integrierten Shop auch eine Plattform zum Verkauf von Spielen, und zum Erfassen von Meta- und Nutzungsdaten an Epic, die dann wiederum (gegen Geld) dem Spielhersteller als Analytics angeboten werden. Das von Epic betriebene Payment-System ist die Pipeline, über die Geld vom Kunden zum Spielhersteller fließen kann, und über die nicht nur die Spiele, sondern auch Erweiterungen, In-Game Käufe und andere Geldausgaben abgewickelt werden können.\nMit Fortnite hat man aber auch ein eigenes Spiel am Start, das zugleich auch 3D Assets an Endkunden als Ausrüstungsgegenstände, Cosmetics oder sonst wie verkaufen kann.\nFortnite ist eine bestimmte Sorte Spiel - Player vs. Player, im Battle Royal Modus, Spieler treten gegeneinander an und der letzte Überlebende gewinnt. Diese Sorte Spiel ist nicht für alle Zielgruppen interessant, aber die Engine von Fortnite lässt sich auch anderweitig nutzen. Entsprechend weckt man Interesse durch Nutzung von Fortnite als \u0026ldquo;virtuelle Veranstaltungsplattform\u0026rdquo; und hält das Interesse durch Media Tie-Ins und Licensed IP aufrecht.\nDie Interpretation von Metaverse als Verwertungskette von digitalen Assets, speziell 3D Assets, als \u0026ldquo;Online-Merchandise\u0026rdquo; greift jedoch zu kurz: Als Ökosystem mit einer kontrollierten Anzahl von großen Marktbetreibern und einer großen Anzahl von Kunden und Kreativen steht man viel besser und vor allen Dingen dauerhafter da. Man kann Dritten auf diese Weise erlauben, untereinander Handel zu treiben, aber dabei laufend einen geringen Anteil an allen Transaktionen abgreifen. Gewissermaßen will man die Idee der \u0026ldquo;Microsoft-Tax\u0026rdquo; in einem anderen Kontext wieder aufleben lassen.\nSpieler am Markt Unterschiedliche Ausgangspositionen bei\nEpic Games/Fortnite - schwach bei IP, aber original IP, wenn auch Nische, Unreal Engine und die anderen Dinge auf der \u0026ldquo;Rückseite\u0026rdquo; der Spiele als große Stärke. Roblox - original IP, sehr junge Kundschaft, erzieht sich gerade Kinder, 10 Jahre warten, groß unterschätzt. Microsoft - Minecraft, MS Store et al, zu Enterprise um erfolgreich zu sein? Aber Halo, MSFS. Apple (sic!) - kein IP, aber Plattform/Kette. Disney (sic!) - nur IP, aber schwach in Verwertung außerhalb von Filmen/offline Merchandise. Facebook - will da unbedingt rein, \u0026ldquo;Enterprise Pivot\u0026rdquo;: wenn Social in Zukunft \u0026ldquo;hier\u0026rdquo; stattfindet, dann muss Facebook \u0026ldquo;hier\u0026rdquo; sein. Google - insbesondere der Grund, wieso Google Stadia nicht wirklich einstellen kann, selbst wenn es ein Flop wird/ist. Amazon - hier ist auch die Spiele Strategie von Amazon mit einordnen. Amazon wäre gerne das AWS der Spielewelt anstelle von Epic. Tech Maturity Cycle und Standards Cynefin als Market Maturity Model.\nWir sind derzeit in einer chaotischen Phase der Marktentwicklung: Niemand hat ein Geschäftsmodell in diesem Markt, es ist unklar, wie dieser überhaupt aussehen wird. Standards existieren noch nicht.\nEs geht um Landgrab, also um den Aufbau von Marktanteilen in einem entstehenden und wachsenden Markt. Interop ist sekundär, weil noch keine Idee vorhanden ist, wie die Standards aussehen werden. Man versucht sich vom Mitbewerb durch Features zu differenzieren, und dabei auch herauszufinden, was wichtig ist. Alle Spieler wachsen in einem wachsenden, entstehenden Markt.\nSobald es ein Geschäftsmodell, stabile Featurelisten und ein System zur Geldextraktion gibt, wird sich der Markt konsolidieren. Dann beherrschen 3-5 Firmen den Markt, der auch aus dem Hyperwachstum heraus geht. Die marktbeherrschenden Firmen erkennen einander an und konkurrieren semi-kooperativ miteinander: Es ist wichtiger, den Marktzugang von Disruptoren zu erschweren, und es wird komplexe, schwierig zu implementierende Standards geben, mit Compliance Prüfungen und anderen Kostenfaktoren. Das wird dann aber auch - zähneknirschend - zu Interoperabilität führen.\nMetaverse, überarbeitete Definition Das führt uns zur überarbeiteten Definition von Metaverse: Die Integration der Spieleindustrie mit der Unterhaltungsindustrie und die Integration der Wertschöpfungsketten, mit der Möglichkeit die Verwertungskette an jeder Stelle im Produktionsfluß mit einer Art Steuer zu belegen. Ein systematisches Anzapfen des Lifetime Intellectual Property-Konsumbudgets einer Person, und die Aufweitung des Marktes, der für einen Konsumenten relevant ist.\nDie Erkenntnis, daß Buch, Filme und Spiele zu zeitaufwendig zu erstellen und zu konsumieren sind. 3D Assets ist viel größere Verkaufsgelegenheit, ohne daß der Kunde so viel Lebenszeit investieren muss, um tatsächlich den Kauf zu konsumieren.\nVor diesem Hintergrund ist auch die laufende Auseinandersetzung von Epic vs. Apple und Google vor Gericht zu lesen: Es geht darum, das Anzapf-Monopol von Apple und den von Apple dominierten Markt für andere zu Öffnen zu unterminieren.\nBesondere deutsche Probleme dabei:\nkeine Infrastruktur für Highspeed, Low Latency wie man das für Spiele braucht. keine deutsche Firma mit nennenswerter Identity Plattform (web.de? T-Online? \u0026ldquo;Login mit x\u0026rdquo;). keine deutschen Ressourcen im 3D-Asset Tooling, Produktion, \u0026hellip; Markt. keine deutsche Film/Fernseh/Lit Industrie zur Produktion von IP, Stories, die weltweit wiedererkennbare Kultur prägen, die man verkaufen kann. Deutscher Blick geht nach innen, ins eigene Land, nicht auf einen Weltmarkt. Vergleiche dabei Korea: koreanische Produktionsketten in K-Pop; die \u0026ldquo;cultural technology\u0026rdquo; die andere Stile und Kunstrichtungen aufgreift und in K-Pop integriert; Produktionspipelines für Stars und Sternchen, aber auch für IP (beginnend). Im Vergleich ist Deutschland essenziell wehrlos und angehängt.\nToxisch-dystopische Interpretation Das \u0026ldquo;Eigentum\u0026rdquo; in einer simulierten Realität sieht aus wie Eigentum, ist aber virtuell und kopierbar. Es kommt im virtuellen zur einer Entfernung von Ressourcenknappheit bei der Produktion, aber \u0026ldquo;Wert\u0026rdquo; entsteht nur, wenn die Ware künstlich verknappt wird beim Konsum.\nDie Zollhaus-Stellen, Plattformbetreiber haben volle Markttransparenz, und können das Freizeit-Konsumverhalten jeder Person genau ausmessen. Sie wissen, was Du siehst und hörst, was Du benutzt, welche Stile Dir zusagen und können diese Information gegen Geld an Kreative verkaufen, und verkaufen den Kreativen auch gegen Geld den Zugang zu Dir.\nEin Freund von mir:\nNur ein halber Witz: man muss in Zukunft bei Geburt eines Kindes als Erstes entscheiden muss, ob es Apple-, Google- oder Facebook-Angehöriger wird und der Name erst danach entsprechend den Regeln des Dienstes festgelegt wird. Wechsel zwischen den Services ist dann komplex wie eine Emigration nach Nordkorea.\nZentraler Bestandteil bezüglich der Verknappung auch DRM, hier unter dem Modenamen \u0026ldquo;NFT\u0026rdquo; - \u0026ldquo;NFT\u0026rdquo; ist das Blockchain Wort für DRM, nur zusätzlich mit Umweltvergiftung durch Energieverschwendung. Unikate gibt es nur mit:\nRechner zunageln, TPM, in-game nur lizenzierte Assets und Mods verwendbar, und NFT Laser Eyes Kryptoscheisse, die den Planeten verbrennt. In diesem Kontext ist auch das aktuelle Engagement von Epic im NFT Misthaufen zu lesen sehen. Daher: korrekte Standards sind wichtig, und Identität ist die Grundlage für \u0026ldquo;Eigentum\u0026rdquo;. Das braucht nicht nur keine Blockchain, es funktioniert auch besser ohne - die Plattformen sind eh zentral.\nDer Freund kommentiert wieder:\nEs geht darum, dass die Leute aus dem Universum nicht rauskommen können (Stichwort: Hyperinklusion). Sie kaufen in Metaverse-Shops, daten ihre Partner in Metaverse-Locations, sehen nur noch Werbung für im Metaverse verfügbare Waren, können Metaverse-kritische Gedanken kaum noch formulieren. Es gibt keinen Public-Space mehr im Leben, alles ist Teil der gated community (Vgl. Verlust der Almende).\nDu hast vielleicht noch einen Wettbewerb zwischen x Metaversen, aber innerhalb eines Metaversums gibt es dann einen oder nur noch einen gesteuerten Wettbewerb. D.h. das Metaversum monopolisiert den Menschen in seiner Gesamtheit.\nDas ist ein bisschen wie die Minenstädte in den USA Ende des 19. Jhd. Der Shop gehörte der Mine, der Pfarrer arbeitete für die Mine, die Mine stellte Sheriff und Bürgermeister.\nEffektiv will FB durch das Metaversum ihr gegenwärtiges Social-Media-Monopol verewigen.\nDas führt thematisch zur Geldtheorie:\nCurrency Durch die CryptoCurrencies ist für die großen jetzt klar, dass die Geldschöpfung \u0026ldquo;up for the grabs\u0026rdquo; ist. Ein Metaversum wäre der perfekte Ansatz das \u0026ldquo;en passant\u0026rdquo; zu realisieren.\nAn dieser Stelle kommt dann gleich wieder das Epic Engagement bei \u0026ldquo;Cryptocurrentcies\u0026rdquo; zum Tragen. Das ist sehr problematisch: Metaversum und Produktion dort nimmt nur Ressourcen aus der realen Welt, produziert dort aber nicht. Am Ende wird die reale Welt ärmer, dort leben wir aber. Was heißt das langfristig für Wertschöpfung und Geld?\nMaterial URL-Sammlung\nUnsortierte Seitenlinien Immature Market, Geschäftsmodell existiert noch nicht als erprobter Business Plan (Cynefin Chaotic) Einzelne Firmen weiter (Liste oben), Cynefin Complex Alle Firmen unvollständig aufgestellt. Akquise schwierig, wen kaufen? Und die zu kaufenden Firmen sind selbst noch nicht fertig: Integration auch schwierig.\nGolem \u0026ldquo;Auf der Suche nach dem Wal\u0026rdquo; \u0026ldquo;Auf der Suche nach dem Wal \u0026rdquo;, Videospiele Growth Manager, ein Bericht. Richtige Richtung, zu kurz, erklärt aber die Kette.\nIm Gegensatz zu einem typischen Videospiel, bei dem man versucht, so viele Leute wie möglich dazu zu bringen, einmalig 60 Dollar für ein Spiel auszugeben, will ein Free-to-Play Spiel so viele Leute wie möglich zum Spielen zu animieren. Sobald sie spielen, bemüht sich das Unternehmen, so viele digitale Güter wie möglich an sie zu verkaufen. Es gibt zwar eine Obergrenze dafür, wie viel man für ein Spiel verlangen kann, aber es gibt keine Obergrenze für die Zahl an sinnlosen digitalen Tokens, die man verhökern kann.\nMetaverse: Industrialisiere diesen Prozess und mainstreame ihn. Aspekte: Spielen nach Termin, Pay to Skip, Pay to Win.\nColorado Law Review Dark Patterns Link aus dem oa Golem Artikel.\n\u0026ldquo;When the Cat’s Away: Techlash, Loot Boxes, and Regulating “Dark Patterns” in the Video Game Industry’s Monetization Strategies \u0026rdquo;, Sektion \u0026ldquo;IV. Broad Guidance for Crafting Effective Dark Pattern Regulation in the Video Game Industry\u0026rdquo;\nEs gibt eine Feedbackschleife zwischen den Spieldesignern und dem Wal (der Person, die sinnlos investiert): Ungesund für beide Seiten, macht das Spiel schnell zu einem Spiel für wenige Vielzahler, und damit langfristig global schlecht; besondere Herausforderung beim Produktmanagement.\nMatthew Ball The Metaverse: What It Is, Where to Find it, Who Will Build It, and Fortnite : Original Metaverse Article\nMedienseite:\nBy the time Netflix launched its streaming service, much of Hollywood knew that the future of television was online (IP TV had been deployed in the late 1999s). The challenge was timing and how to package such a service (it took another 10 years for Hollywood to accept all of their channels, genres and content needs to be collapsed into a single app/brand).\nBall schreibt:\nThe Metaverse, we think, will be \u0026hellip;\nPersistent. Synchronous and live. Be without any cap to concurrent users, while also providing each user with an individual sense of “presence” Be a fully functioning economy Be an experience that spans both the digital and physical worlds, private and public networks/experiences, and open and closed platforms Offer unprecedented interoperability of data, digital items/assets, content, and so on across each of these experiences Be populated by “content” and “experiences” created and operated by an incredibly wide range of contributors The Metaverse is not…\nA “virtual world” A “virtual space” (2nd life) “Virtual reality” A “digital and virtual economy” A \u0026ldquo;game\u0026rdquo; A “virtual theme park or Disneyland” A “new app store” A “new UGC platform” Das ist natürlich Unsinn, es wird alle diese Dinge auch sein. Das ist alles Valley Hype, um The Next Internet als Begriff zu etablieren und eine gemeinsame Erzählung zu haben. Aber am Ende ist geht es genau um diese 8 Dinge die es angeblich NICHT sein soll.\nNeuere Artikel Serie, 9 Artikel lang dazu.\nFortnite Loyalty Program Es geht darum, User Engagement zu erhalten. Das Problem muss jedes MMO lösen, denn\nDie Leute leben nicht im Metaverse, die leben hier. Primärer Konsum ist Casual, nicht High End Gamer. Das ist die Schwachstelle des Konzeptes. Erst wenn das Ding zu einem ständigen Ort wird, kann es ein Metaversum werden. Das ist noch ein langer Weg: Meine VR-Brille steht hier ungenutzt rum (Oculus verkauft, wegen FB Zwang).\nDas ist so, weil \u0026ldquo;in VR zu gehen\u0026rdquo; ein Akt ist (aufbauen, kalibrieren), und die Brille isoliert (ich bin dann weg), und weil es nicht viele Spiele gibt, die das sinnvoll nutzen (Elite Dangerous, MSFS-2020, Moss, selten auch Space Pirate Trainer).\nEpic and Facebook: The Race called Metaverse Pastry Eth Thread Crypto Dummlall mit einigen guten Ideen, aber Illusionen über wie es laufen wird\n\u0026ldquo;1/5 of Facebook now working on AR\u0026rdquo;, für FB ist das Metaverse zur Zeit \u0026ldquo;Oculus\u0026rdquo;, \u0026ldquo;VR\u0026rdquo;. Das ist ein gefährlicher Tunnelblick (siehe oben \u0026ldquo;casual\u0026rdquo;). \u0026ldquo;The \u0026ldquo;Metaverse\u0026rdquo; is a virtual space created by the convergence of virtually enhanced physical reality, AR \u0026amp; the internet: Our current 2D search based version of the internet is giving way to a fully 3D immersive reality\u0026rdquo;: Das ist Quatsch, solange 3D nicht komplett Casual konsumierbar wird, und eine 3D Brille ist derzeit isolierend, schwer und verkabelt. 3D Assets in Pancake Games sind leichter und direkt zu verkaufen, jetzt. \u0026ldquo;Cosmetics\u0026rdquo; \u0026ldquo;The Metaverse is always “on” \u0026amp; is beyond the control of any individual. It exists in real time, can host any size audience, has a functioning economy, spans across platforms, provides interoperability for digital assets, \u0026amp; consists of the content and experiences its users create.\u0026rdquo; Das Konzept 2nd 2nd Life, und die \u0026ldquo;3D Shoppingmalls\u0026rdquo; der frühen 90er feiern fröhliche Urständ, als Konzept nicht falsch und gleichzeitig total falsch. 3D Events, die Presence ersetzen sind interessant, aber super hart. Auch hier Korean Cultural Technology, K-POP Konsum während COVID-19 (Pancake, large Audiences, Gemeinschaftserlebnisse, \u0026ldquo;VR\u0026rdquo; Nebensache) \u0026ldquo;In the Metaverse, the earning power for young creators won’t be limited to the top 1%. There will be an entire new era of young entrepreneurs making a living in virtual worlds, earning real value and steady income quicker than ever imagined.\u0026rdquo; LOL. In erster Linie geht es um Zollhäuschen entlang der Verwertungskette, mit dem durch Creators erschaffenen Mehrwert als Motor. \u0026ldquo;Creators who were once limited in their ability by technological constraints, lack of capital, time, or creativity, now have everything that is needed. What happens when physical objects are dematerialized? All formerly scarce materials become abundant.\u0026rdquo; LOL. DRM all the way ist notwendig, damit das funktioniert. Außerdem das Dauerversprechen vom Creators Paradise, wenn es tatsächlich um Monopolisierung der Wertschöpfungskette geht. Danach: Thread degrades in Laser Eyes Nonsense\nDigital Twins Digital twins will act as \u0026ldquo;foundations of the metaverse\u0026rdquo; and allow people to move between real and virtual spaces\nDas ist \u0026ldquo;2nd 2nd Life\u0026rdquo; Skeumorphism ist, was wir machen, wenn wir noch nicht wissen, was die Design Language für eine neue Welt ist. Die ersten Autos sagen aus wie Kutschen, die ersten Apple Anwendungen haben Rolodexe und Moleskine imitiert. \u0026ldquo;Digital Twins\u0026rdquo; sind dasselbe Konzept, aber für ein Metaversum.\nUnd die Kernidee:\nIn April 2020, music artist Travis Scott staged a virtual concert inside the game that was attended live by 12.3 million people. It was a global phenomenon that sent the American rapper to the top of all music charts and earned him a reported $20 million.\nLies: \u0026ldquo;OMG, jemand hat in einem Kinder-Battle Royale Spiel Geld verdient ohne zu metzeln, sondern mit traditioneller Medienarbeit\u0026rdquo; führt sofort zu \u0026ldquo;Alle Ideen von 2nd Life, von denen wir schon wissen, dass sie problematisch sind, feiern Wiederauferstehung.\u0026rdquo;\n\u0026ldquo;If the metaverse is an equivalent reality that coexists next to the physical reality, there needs to be a connection,\u0026rdquo; said Weir-McCall.\nIst es nicht, muss es nicht. Wenn es dann doch muss, eventuell eher AR als 3D-Modelle, denn Connection zur realen Welt hat man mit einer vollen VR-Brille eben nicht. Was ich oben über Casual Konsum sage.\nMein Freund merkt an:\nDigital Twins / Digital Shadows sind übrigens auch Begriffe um den die Datenspur von Leuten zu bezeichnen. Der Gesundheitsbereich versucht das ebenso zu etablieren, um anhand dieser Zwillinge Diagnostik betreiben zu können. Das wird auch noch einmal spannend, wie das mit dem Metaverse verbunden wird. Gerade aus Facebooks Sicht - welche Daten kann das Metaversum aus Deinem Avatar auslesen?\nFacebook Glass und Akzeptanz Bei Google Brille waren die Träger erkennbar, der Begriff Glassholes entstand. Mit Ray Ban ist das besser zu tarnen. Ray Ban hat keinen technischen Beitrag zu Oculus und AR, es geht nur darum, den Markennamen und das Design als Tarnung für Oculus zu nehmen, um den Google Glass Effect zu vermeiden. Außerdem ist AR mehr Casual als VR. Mode erlaubt auch einfacheren Neuverkauf, siehe auch Apple Watch Zubehör.\nLaser Eyes It’s gonna be epic to bring the squid game to the metaverse. Salute to your team! I am a big fan of the TV series. I am super excited to have a chance to participate in this game! LFG!!!\nNoch mehr Laser Eyes.\n","date":"2021-10-26T00:00:00Z","href":"https://blog.koehntopp.info/2021/10/26/metaverse.html","tags":["lang_de","computer","technik","media"],"title":"Metaverse"},{"categories":null,"content":"It occurred to me that I do not know nearly enough how git works, internally. The contents of the .git directory seem to be accessible enough, so I am going on a Safari in the git repository of this blog. You can follow along if you check out the blog .\nRefs All things git live in .git. The thing we are working with seem to live in .git/refs:\n$ find .git/refs -type f .git/refs/heads/main .git/refs/remotes/github/main .git/refs/remotes/origin/HEAD .git/refs/remotes/origin/main .git/refs/remotes/origin/master .git/refs/stash Let\u0026rsquo;s have a look at .git/refs/heads/main and the .git/refs/remotes here.\n$ cat .git/refs/heads/main daad5e31926cdf8a3af0ecff517c4d5892b6f62a $ cat .git/refs/remotes/github/main daad5e31926cdf8a3af0ecff517c4d5892b6f62a $ cat .git/refs/remotes/origin/main daad5e31926cdf8a3af0ecff517c4d5892b6f62a Commits So it appears that all these things reference the same \u0026ldquo;thing\u0026rdquo;, daad5e31926cdf8a3af0ecff517c4d5892b6f62a. This appears to be a 40 character (40 * 4 bit = 160 bit) SHA-1 hash value. git has low level commands to type this, and print it.\n$ git cat-file -t daad5e31926cdf8a3af0ecff517c4d5892b6f62a commit $ git cat-file -p daad5e31926cdf8a3af0ecff517c4d5892b6f62a tree ba5a4ceb371d42d766832dae545ecf00b9194ea2 parent 75077bc79697ea1e37da496b1210ca26f3c66c2c parent b71d9463ad8c3b71bd279e88e74ce15e01de2aee author Kristian Koehntopp \u0026lt;kris-git@koehntopp.de\u0026gt; 1633513546 +0200 committer Kristian Koehntopp \u0026lt;kris-git@koehntopp.de\u0026gt; 1633513546 +0200 Merge remote-tracking branch \u0026#39;github/main\u0026#39; into main So this is a file of the type commit, and it contains ASCII lines that describe the commit. Attributes of the commit are a tree, zero or more parent commits, an author, and a committer, as well as a log-message. The author and commit lines contain a name, a mail address, a Unix timestamp and a timezone. We can convert that timestamp carefully :\n$ date -d @1633513546 Wed Oct 6 11:45:46 CEST 2021 We can also check out the things the commit points to: We will find that the parent entries also reference commits (the two commits that precede this one), and the tree entry references a tree object.\n$ git cat-file -t 75077bc79697ea1e37da496b1210ca26f3c66c2c commit $ git cat-file -t b71d9463ad8c3b71bd279e88e74ce15e01de2aee commit $ git cat-file -t ba5a4ceb371d42d766832dae545ecf00b9194ea2 tree Graphically, the highlighted part of the structure:\nThe commit daad5e31... has two parents: It is a merge commit of b71d9463... and 75077bc7...\nTree So a commit references a tree. A tree is a list of files and other trees, which function as subdirectories. Together they form a snapshot of the entire blog at this point in time (at this commit).\n$ git cat-file -p bf447432a99b33174809dbe10d1df43576a032b3 100644 blob 199ea559714ed3569a88ab932476b11444244885 .gitignore 100644 blob 09e9c05d0fcf4a403addb0b2b8ee613bc4bd4b1d CNAME ... 040000 tree f7fe2d64de25404f660561f7cfbce8d78bf05c09 _drafts 040000 tree fe33a062dcb4406a5ecf836ddeb1cfcd9ba85e8b _includes ... The important takeaway seems to be that git does not store changes made to a file, it stores full files. That is less inefficient than it sounds, because unchanged files will have the same hash. Things with the same hash will exist only once in storage, no matter in how many commits (or trees) they are being referenced.\nBlob And finally files: We can list their content, again, with the same tool. Using the -t and -s options we can also see their type and size.\nUsing 09e9c05d0fcf4a403addb0b2b8ee613bc4bd4b1d for the CNAME file from the tree above we get:\n$ git cat-file -t 09e9c05d0fcf4a403addb0b2b8ee613bc4bd4b1d blob $ git cat-file -s 09e9c05d0fcf4a403addb0b2b8ee613bc4bd4b1d 20 $ git cat-file -p 09e9c05d0fcf4a403addb0b2b8ee613bc4bd4b1d blog.koehntopp.info Diffs Diffs do not exist in git. They are instead generated on the fly, by comparing two trees. Again, this is less inefficient that one might think: All unchanged files will have also unchanged hashes and therefore need no consideration for a diff.\nFor objects with different hashes (but identical names), git then generates a diff.\nOther structures When you checkout, you ask git to construct a certain tree using a hash, a tag name, branch or anything else. Every time, git records the checkout in the reflog.\ndaad5e3 (HEAD -\u0026gt; main, origin/main, github/main) HEAD@{0}: checkout: moving from 8a650853c5525013800c42f68c92b4d431b7b97c to main 8a65085 HEAD@{1}: checkout: moving from main to 8a650853c5525013800c42f68c92b4d431b7b97c daad5e3 (HEAD -\u0026gt; main, origin/main, github/main) HEAD@{2}: merge github/main: Merge made by the \u0026#39;recursive\u0026#39; strategy. 75077bc HEAD@{3}: commit: fix 2021-10-06-empty-commits-and-other-wrong-tools-for-the-job.md 72ab462 HEAD@{4}: commit: fix 2021-10-06-empty-commits-and-other-wrong-tools-for-the-job.md ... You can use this list of commit hashes to reconstruct what you did, where known good locations are, and of course to return to them. This is essential to repair a git repository that somehow was changed unintentionally and that still contains important salvageable data.\nWe find the original data git uses in .git/logs/HEAD:\n$ tail -4 .git/logs/HEAD 72ab462c4d134b02da1e474d3edb9db201e7aecb 75077bc79697ea1e37da496b1210ca26f3c66c2c Kristian Koehntopp \u0026lt;kris-git@koehntopp.de\u0026gt; 1633508667 +0200 commit: fix 2021-10-06-empty-commits-and-other-wrong-tools-for-the-job.md 75077bc79697ea1e37da496b1210ca26f3c66c2c daad5e31926cdf8a3af0ecff517c4d5892b6f62a Kristian Koehntopp \u0026lt;kris-git@koehntopp.de\u0026gt; 1633513546 +0200 merge github/main: Merge made by the \u0026#39;recursive\u0026#39; strategy. daad5e31926cdf8a3af0ecff517c4d5892b6f62a 8a650853c5525013800c42f68c92b4d431b7b97c Kristian Koehntopp \u0026lt;kris-git@koehntopp.de\u0026gt; 1634064444 +0200 checkout: moving from main to 8a650853c5525013800c42f68c92b4d431b7b97c 8a650853c5525013800c42f68c92b4d431b7b97c daad5e31926cdf8a3af0ecff517c4d5892b6f62a Kristian Koehntopp \u0026lt;kris-git@koehntopp.de\u0026gt; 1634064654 +0200 checkout: moving from 8a650853c5525013800c42f68c92b4d431b7b97c to main Object storage git stores all things with a hashed name in .git/objects. The first byte (the first two letters) of the SHA-1 name make up a directory name, the rest goes into a file name. File content is stored compressed, using zlib.\nWe can check that using any programming language that supports zlib. Here in Python:\n# $ git log | head -1 # commit daad5e31926cdf8a3af0ecff517c4d5892b6f62a # # $ python3 # Python 3.8.10 (default, Jun 2 2021, 10:49:15) import zlib with open(\u0026#34;.git/objects/da/ad5e31926cdf8a3af0ecff517c4d5892b6f62a\u0026#34;, \u0026#34;rb\u0026#34;) as f: fi = f.read() data = zlib.decompress(fi) str = data.decode(\u0026#34;utf-8\u0026#34;) print(str) and\ncommit 333tree ba5a4ceb371d42d766832dae545ecf00b9194ea2 parent 75077bc79697ea1e37da496b1210ca26f3c66c2c parent b71d9463ad8c3b71bd279e88e74ce15e01de2aee author Kristian Koehntopp \u0026lt;kris-git@koehntopp.de\u0026gt; 1633513546 +0200 committer Kristian Koehntopp \u0026lt;kris-git@koehntopp.de\u0026gt; 1633513546 +0200 Merge remote-tracking branch \u0026#39;github/main\u0026#39; into main We see the file has a header, commit 333, terminated by a NULL byte. This assists in reconstruction a .git directory from fragments, if any structures are lost.\nIt is followed by the actual file contents, which in this case is a commit, in ASCII.\nThings in gits object storage can get orphaned or grow without size. Maintenance procedures exist that walk the various structures, identify orphaned objects and clean up things.\n","date":"2021-10-12T00:00:00Z","href":"https://blog.koehntopp.info/2021/10/12/understanding-git.html","tags":["lang_en","development","git"],"title":"Understanding git"},{"categories":null,"content":"This is how you can make an empty commit:\n$ git commit --allow-empty -m \u0026#34;Kick it\u0026#34; This has the disadvantage of also generating a commit message. Another way to achieve this seems to be\n$ git commit --amend --no-edit \u0026amp;\u0026amp; git push -f but that will make people hate you in other ways.\nSo lets stop and ask: Why would you want to make an empty commit?\nMost people want this because they attached a server-side action to a commit, a CI/CD activity.\nThis is wrong This is wrong in the same way writing Shell Scripts is wrong: It kind of works, but now you have another, worse problem and still no solution to the original problem.\nYou need to stop and question your life choices, and most importantly, wake up the engineer in you.\nBut I need to debug my CI/CD pipeline Kick it off using the tooling provided to you. Your environment has an API that is specifically built to enable you to do that. Use it.\nIn Gitlab: Triggering pipelines through the API In GitHub: Running a workflow using the REST API This not only works reliably, you can get proper error messages. On top of that, you just did not pee into your commit history.\nBut I need to redeploy, because I need a Terraform run after I just lost an instance This is fractally broken, there is breakage in your breakage.\nThe proper solution is a reconciliation loop of the kind Kubernetes has: Measure the existing state and compare it to the desired state. Then execute the actions necessary to transform the measured state into the desired state, in a loop.\nSo if you are not on K8s, you need to move to K8s or re-invent K8s for your environment, badly. Yes, Terraform, Harness and friends have it all wrong.\nErecting infrastructure quickly and portably across backends surely is nice, but assumes a properly functioning declarative environment. That is an environment where you describe the desired state of the infrastructure and the platform takes care of maintaining that desired state for you.\nMost platforms do not work that way. Some fake it, badly. For example, nobody uses AWS autoscalers to autoscale, but they surely are useful to protect your instance count.\nThe problem inside this problem And since we are talking about CI/CD pipelines: Don\u0026rsquo;t YAML them. Don\u0026rsquo;t JSON them. Don\u0026rsquo;t XML them.\nAll of these things surely are nice to describe static objects that have static properties. You can successfully use any of them to express the desired state of a thing in a declarative way.\nIf you see anything that looks like \u0026ldquo;foreach\u0026rdquo;, \u0026ldquo;when\u0026rdquo;, \u0026ldquo;unless\u0026rdquo; or similar, it\u0026rsquo;s procedural. These are control structures. They are part of programming languages. Which any of these three are decidedly not.\nProgramming in any of these three is wrong use of tooling, and you should not do it.\nYAML, JSON and XML are for declarative things. Python, Go and Rust are for procedural things. Bash is for interactive use only. Use the proper tooling for the job. Be an engineer.\nOtherwise, you\u0026rsquo;ll just get your old bash rsync deployment scripts back, in a harder to debug packaging, and wrapped in conditionals and loops in YAML \u0026ldquo;syntax\u0026rdquo;.\nThat is not what progress looks like. At all. Shoddy engineering begets pager calls, outages and suffering.\n","date":"2021-10-06T00:00:00Z","href":"https://blog.koehntopp.info/2021/10/06/empty-commits-and-other-wrong-tools-for-the-job.html","tags":["lang_en","devops","development"],"title":"Empty commits and other wrong tools for the job"},{"categories":null,"content":"Linus Neumann zitiert Prof. Norbert Pohlmann :\nIch glaube, das ist so. Diese 100%ige Sicherheit wird es nicht geben, und wenn der Chaos Computer Bild was findet, dann findet er das, und dann sagen wir, das ist gut. Und dann überlegen wir uns, wie wir das wieder schließen können und dann ist es wieder besser. Und dann können sie auch weiter suchen.\nAlso, ich glaube, wir brauchen auch eine andere Grundhaltung und es geht nicht immer um 100 %, sondern die 99 %, die reichen und wir müssen mit den Restrisiken umgehen. Neben ganz schnell reagieren auch natürlich auch Versicherungen oder wer übernimmt die Verantwortung, wenn was passiert. Das kennen wir ja alles.\nDas ist eine ganze Menge Stoff zum Entpacken und ich habe das auf Twitter mal getan. Dies ist die Volltextversion dieses Threads.\n99 % Sicherheit, was soll das bedeuten? Der CCC ist mein Sicherheitscheck Hackerterrorcybercyberversicherungen und der Umgang mit Restrisiken Wir werden sowieso gehackt, Aufgeben ist eine Option. Aber der Reihe nach:\n99 % Sicherheit, was soll das bedeuten? Auf Pluspora hat Rainer Sokoll einen Portscan von www.digital-enabling.eu veröffentlicht, bevor der Server panisch vom Netz genommen worden ist:\n~$ nmap -sT www.digital-enabling.eu. Starting Nmap 7.92 ( https://nmap.org ) at 2021-09-25 14:24 CEST Nmap scan report for www.digital-enabling.eu. (213.133.104.155) Host is up (0.037s latency). rDNS record for 213.133.104.155: www155.your-server.de Not shown: 935 filtered tcp ports (no-response), 51 closed tcp ports (conn-refused) PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 80/tcp open http 110/tcp open pop3 143/tcp open imap 222/tcp open rsh-spx 443/tcp open https 465/tcp open smtps 587/tcp open submission 993/tcp open imaps 995/tcp open pop3s 3306/tcp open mysql 5432/tcp open postgresql Nmap done: 1 IP address (1 host up) scanned in 55.71 seconds Wir sehen einen Server, der mehr Dienste produktiv ins Internet raushängt als ein übertrieben konfigurierter Honeypot, darunter ftp, mysql und postgresql. Das ist, wie man mir in der Kundenkommunikationsschulung beigebracht hat zu sagen, \u0026ldquo;keine empfohlene oder unterstützte Konfiguration\u0026rdquo;.\nWenn wir also sagen, \u0026ldquo;Sicherheit ist relativ\u0026rdquo; und \u0026ldquo;perfekte Sicherheit gibt es nicht\u0026rdquo;, dann ist es doch so, daß man da differenzieren kann. Es gibt eben besser und schlechter konfigurierte Systeme.\nUnd es gibt sogar dokumentierte und allgemein anerkannte Best Practices, in englischer und deutscher Sprache. Von denen wird erwartet, daß man sie umsetzt.\nDas nennt die deutsche Rechtsprechung nicht ohne Grund \u0026ldquo;Grundschutz\u0026rdquo; und \u0026ldquo;Stand der Technik\u0026rdquo;. Der Grundschutz, wie vom \u0026ldquo;Bundesamt für Sicherheit in der Informationstechnik\u0026rdquo; (BSI) veröffentlicht, hat viele Spezialhandbücher für besondere Anwendungszwecke. Der Grund-Grundschutz ist definiert in \u0026ldquo;SYS.1.1: Allgemeiner Server\u0026rdquo;.\nWie grundlegend ist der?\nDer Baustein \u0026ldquo;SYS.1.1 Allgemeiner Server\u0026rdquo; ist für alle Server-IT-Systeme mit beliebigem Betriebssystem anzuwenden.\nDas ist Amtsdeutsch für \u0026ldquo;Wenn Du das nicht machst, dann brauchst Du gar nicht weiter zu spielen\u0026rdquo;.\nIm Grund-Grundschutz SYS.1.1 gibt es Grund-Grund-Grundschutzanforderungen, im Kapitel 3.1 \u0026ldquo;Basis-Anforderungen\u0026rdquo;. Dort wird in SYS.1.1.A2 \u0026ldquo;Benutzerauthentisierung an Servern\u0026rdquo;, gleich nach der geeigneten Aufstellung des Gerätes, gefordert:\nFür die Anmeldung von Benutzern und Diensten am Server MÜSSEN Authentisierungsverfahren eingesetzt werden, die dem Schutzbedarf der Server angemessen sind.\nDas ist Amtsdeutsch für \u0026ldquo;Benutzeraccounts ohne Passworte darf es nicht geben\u0026rdquo;.\nDanach kommen ein paar Anforderungen aus früheren Versionen des Dokumentes und eine, die für Angriffe nicht relevant ist, und dann gleich als nächstes SYS.1.1.A6 \u0026ldquo;Deaktivierung nicht benötigter Dienste\u0026rdquo;:\nAlle nicht benötigten Dienste und Anwendungen MÜSSEN deaktiviert oder deinstalliert werden, vor allem Netzdienste.\nWir müssen den Portscan da oben im Licht dieser grundlegenden Grundanforderungen vom allergrundlegensten ersten Kapitel des Grundschutzes lesen, von dem es einleitend heißt\nDie folgenden Anforderungen MÜSSEN für den Baustein SYS.1.1 Allgemeiner Server vorrangig erfüllt werden.\nDas war nicht der Fall.\nDamit ist auch die 99 %-Latte gerissen. Es geht stattdessen darum, dass überhaupt die allerersten grundlegenden Basisanforderungen nicht erfüllt werden, die man braucht, um überhaupt ernsthaft Security angehen zu können.\nEs ist üblicherweise nicht möglich eine Maschine in der von Rainer Sokoll dokumentierten Konfiguration produktiv zu betreiben, wenn irgendein Auditor einmal auch nur oberflächlich über eine Systemkonfiguration geguckt hat. Wir können damit ausschließen, daß für dieses System und seine Betreiberorganisation ein Security-Review stattgefunden hat, und es ist wahrscheinlich, daß ein Sicherheitsprozess überhaupt nicht existiert.\nWie dem auch sei: Prozente sind bei Security ein schwieriges Maß. Ein kompromittiertes System ist ja nicht 43 % gehackt, sondern 100 % im Eimer.\nEin besseres Bild: Raising the bar.\n\u0026ldquo;Raising the bar\u0026rdquo; im Security-Sinne bedeutet üblicherweise, daß man den Personenkreis möglicher Angreifer verkleinern will, indem man versucht die Anforderungen höher zu schrauben, die ein erfolgreicher Angreifer an Ausbildung, finanzieller Ausstattung und Zeitaufwand mitbringen muss.\nAnders gesagt: \u0026ldquo;Unsere Systeme sind so konfiguriert, daß nicht jeder spaßorientierte Mensch auf Mate an einem langsamen Samstagabend in Quarantäne damit Karussell fahren kann.\u0026rdquo; wäre schon einmal ein guter Anfang.\n\u0026ldquo;99 % Sicherheit\u0026rdquo; würde in dieser Interpretation also bedeuten, daß 99 % der Population nicht in der Lage sind, die Installation im Vorübergehen mit dem Arsch einzureißen. Aber wenn einer vom 1 % das tut, liegt das System dennoch 100 % am Boden. Das ist eine wichtige Beobachtung, über die wir weiter unten noch einmal reden müssen.\nSo eine Konfiguration in der Produktion im öffentlichen Internet sagt aber auch etwas über die allgemeine Prozessreife in einer Organisation. Es ist statistisch eher ungewöhnlich, dass so konfigurierte Server mit sauberer und geplanter Software-Entwicklung von sicherheitskritischer Software korrelieren.\nBei Software, die sagen wir einmal Führerscheindaten verwaltet, wäre es aber schon wichtig zu wissen, daß ihr Entwicklungsprozess Anforderungen genügt, die es erlauben, Aussagen über die Software bezüglich Verhalten, Sicherheit und dergleichen zu machen. Man will mindestens erst einmal nachvollziehen können, was da an Komponenten drin ist, und wer da wann warum welche Änderungen mit welchem Ziel vorgenommen hat, um dann an Tests zu sehen, daß das funktioniert hat.\nDer CCC ist mein Sicherheitscheck Der CCC ist kein Sicherheitsdienstleister.\nAls ich zuletzt nachgesehen habe war der CCC eine Vereinigung von Leuten mit dem Ziel, Spaß am Gerät zu haben. Das kann auch Dein Gerät sein, aber das ist dann eher schlecht für Dich.\nAuf keinen Fall ersetzt das ein Sicherheitskonzept. Ein Sicherheitskonzept würde\nein organisatorisches und inhaltliches Konzept für die Anwendung haben, und dann einen Prozess, der dies in der Entwicklung umsetzt und dokumentiert, daß die Anforderungen erfüllt werden. Dann hätte man ein ebensolches Konzept für den Betrieb und einen Prozess, der dies im Betrieb umsetzt und dokumentiert, daß die Anforderungen erfüllt werden. Und ganz wichtig:\neinen Plan, der umgesetzt wird, wenn es dann doch schief geht. Denn es wird doch schief gehen - das sind dann die von Prof. Pohlmann angesprochenen Restrisiken. Hier sind ein paar Slides von Harald Wagener , basierend auf Ideen von Harald und ein paar noch älteren Slides von mir.\nEin Risiko Management Prozess ist wie jeder Prozess eine Schleife, bei denen man Angreifer und Angriffe identifiziert, Risiken bewertet, Maßnahmen gegen die Risiken definiert und umsetzt, und dann wiederholt. Die Maßnahmen können wir nicht beliebig weit treiben, denn betriebliche Notwendigkeiten setzen uns Grenzen: \u0026ldquo;Die Server abschalten und im Marianengraben versenken\u0026rdquo; ist keine Option. Damit bleiben uns Restrisiken, die eventuell versicherbar sind.\nDer Risiko-Managementprozess ist ein Prozess. Er unterliegt einer Evaluierung in der Retrospektive, und dann Anpassungen. Ich habe das am Beispiel einer Pizzeria anderswo schon einmal ausführlicher diskutiert.\nUnd während es super schwer ist, Security zu messen, gibt es immerhin Maße für Prozessreife, etwa das Capability Maturity Modell, über das wir auch im obigen Pizzeria-Beispiel reden.\nUnd das bringt uns zu\nHackerterrorcybercyberversicherungen und der Umgang mit Restrisiken Ich sagte weiter oben\nAber wenn einer vom 1 % das tut, liegt das System dennoch 100 % am Boden. Das ist eine wichtige Beobachtung, über die wir weiter unten noch einmal reden müssen.\nDas ist hier.\nEine HTCCV ist eine Versicherung, die Du abschließen kannst, um Schäden abzudecken, die auftreten, wenn Du dann doch gehackt wirst. Der Versicherer übernimmt dann die Kosten aus Forderungen gegen Dich, die im Nachgang zu so einem Hack auftreten.\nWenn Du so eine HTCCV haben willst, dann wird der Versicherer in der Regel seinen Taschenrechner anwerfen und Dir einen Tarif machen, der auf der Einschätzung Deiner Sicherheit durch einen von ihm beauftragten Auditor basiert.\nDas heißt, der Anbieter wird Dich nach den oben erwähnten Plänen für ein Risiko Management fragen, einen langen, strengen Blick auf die Pläne und ihre Umsetzung werfen, und danach die Prämie bemessen. Wenn er die Risiken für versicherbar hält.\nWenn man nach dem Anruf beim Versicherer ein paar Tastendrücke hört, ein irres Kichern und dann einen Klick in der Leitung, dann ist das eher nicht der Fall - siehe den Portscan ganz oben.\nAls Inhaber einer HTCCV wird man also regelmäßig, meist jährlich oder im jährlichen Wechsel mit einer Datenschutz-Prüfung die Auditoren im Haus haben. Sie werden jedes Mal einen grundlegenden Überblick haben wollen und jedes Jahr ein anderes Thema zur besonderen Vertiefung auswählen.\nDamit hat man auch den von mir oben geforderten Test mit Audit als Teil der Versicherungsauflagen. Meiner persönlichen Erfahrung mit solchen Auditoren nach finden sie solche verscharchten Setups wie das ganz oben in weniger als 15 Sekunden. Das deutet darauf hin, daß auch eine HTCCV für dieses Projekt eher nicht bestand.\nWir werden sowieso gehackt, Aufgeben ist eine Option. Der Satz \u0026ldquo;Hundertprozentige Sicherheit gibt es nicht\u0026rdquo; wird gerne als erster Halbsatz der Aussage verwendet, die mit \u0026ldquo;und darum brauchen wir uns gar nicht anzustrengen.\u0026rdquo; endet. Das ist auch der Tenor von Prof. Pohlmann oben.\n\u0026ldquo;Hope is not a strategy \u0026rdquo; ist nicht nur ein beliebtes Zitat, sondern auch ein gerne von Google SREs verwendetes Motto.\nAuch dem Laien ist intuitiv klar, dass \u0026ldquo;Aufgeben\u0026rdquo; keine skalierbare Strategie ist. Ich habe hier versucht zu erklären, warum die Laien-Intuition genau auf den Punkt ist.\nDarum reden wir von Schutzlevel, \u0026ldquo;raising the bar\u0026rdquo; und wenn wir von Prozenten reden, dann eher mit Hinblick auf \u0026ldquo;wie viel Prozent von wären denn in der Lage, einen ernstzunehmenden Angriff vorzutragen?\u0026rdquo; Also wieviel Zeit, Kapital und Ausbildung braucht ein Angreifer, um uns gefährlich werden zu können?\nWenn es also in der Gemeinschaft von technikaffinen Personen auf Mate Vorbehalte gegen dieses Führerschein ID-Wallet gibt, und Widerspruch gegen die Haltung von Prof. Pohlmann, dann deswegen.\n","date":"2021-10-02T00:00:00Z","href":"https://blog.koehntopp.info/2021/10/02/99-secure.html","tags":["lang_de","security","ccc"],"title":"99% secure"},{"categories":null,"content":"Es beginnt mit einem Tweet von Manuel Atug :\n\u0026ldquo;Wegen Überlastung der Server: #Notruf-App vorerst nicht mehr in App-Stores\u0026rdquo;\nund der Tweet verlinkte einen (inzwischen nicht mehr existierenden) Artikel beim Deutschlandfunk. Christoph Petrausch erklärt, wie solche Projekte falsch laufen können:\nSowas erfordert eine Fehlerkultur. Du musst als Organisation in der Lage sein, nach so einem Incident einen Schritt zurückzutreten. Alle Fakten auf den Tisch zu legen und zu fragen: Warum kam es dazu? Wo liegen die Probleme? Und daraus musst du dann für das nächste Mal lernen.\nUnd das ist sehr schwer, wenn du in einem Konglomerat aus Dienstleister und Konsortien sitzt. Da sind nämlich Verträge und Vertragsstrafen im Weg. Wenn der Dienstleister sagt: \u0026ldquo;Yes, da haben wir nicht nach State auf the Art gearbeitet\u0026rdquo;, kommt gleich der Anwalt vom Auftraggeber.\nIT-Projekte Ich schrieb dazu :\nChristoph Petrausch schneidet hier ein weiteres sehr unangenehmes Thema an:\nWenn man mit mehreren externen Dienstleistern arbeitet, dann ist es auf viele Weisen schwieriger einen Projekterfolg zu haben. Denn der Dienstleister arbeitet nicht für den Projekterfolg, sondern primär für den Vertrag. Das muss er tun, um sich abzusichern, aus den von Christoph genannten Gründen.\nÄndern sich die Anforderungen des Projekts oder sind in Teilprojektphasen Learnings aufgetaucht, die man in den folgenden Projektphasen einfließen lassen möchte, dann ist das alles schwierig. Denn Nachsteuern ist dann eine Vertragsänderung, mindestens eine Anpassung des Statement of Work. Wahrscheinlich wird man jedoch auch das Finanzielle nachregeln müssen.\nDas Projekt wird dadurch schwieriger steuerbar und langsamer, weil jede Anpassung auf einmal ein Verwaltungsakt ist.\nGenerell steigen die Projektrisiken mit jeder administrativen Grenze überproportional an: hier mein Amt, dort Dein Dienstleister. Das ist so, weil sich Verzögerungen auf dem Dienstweg, Nachrichtenverfälschungen durch Stille Post und dergleichen mehr akkumulieren.\nMit einer steigenden Anzahl von Projektpartnern (\u0026ldquo;administrativen Einheiten\u0026rdquo;) steigen auch die Kommunikationsbeziehungen, der Verhandlungsbedarf und die auszugleichenden Interessen an: (n * (n-1)/2 → n^2).\nAnzahl der Kommunikationsbeziehungen bei 3 (3), 4 (6), 5 (10) und 6 (15) Projektpartnern.\nDas ist einer der Hauptgründe für Kostenexplosionen und Verzögerungen bei solchen Projekten: Vertragsstrukturen und Kommunikations- und Verhandlungsaufwand machen es schwer, die Ziele aller Projektbeteiligten kohärent zu halten und das Projekt schnell auf geänderte Anforderungen anzupassen.\nBärcode Nun mache ich diese IT-Sache schon mehr als 35 Jahre, und dort ist es meiner Erfahrung nach immer so, daß sich die Anforderungen im Laufe des Projektes ändern und man dann das Projekt anpassen muss.\nSelbst bei so simplen Sachen wie baercode.de , den ich ehrenamtlich beratend begleitet habe, und die technisch korrekt und im Zeit- und Kostenbudget waren ist es so, daß die zusammenbrechende Kontrollpraxis zeigt, daß man einen wirksamen Test- und Covid-Pass eigentlich grundsätzlich anders gestalten muss.\nIn einer weiteren Iteration (die nicht geplant ist) würde man grundsätzlich und viel aufwendiger an das Problem herangehen müssen. Das ist aber etwas, das zum Zeitpunkt des Requirement Engineerings nicht absehbar war. Es wäre auch nicht durchsetzbar gewesen, hätte jemand zu diesem Zeitpunkt damals die Anforderung eingebracht.\nExperiment early In meinem Hauptberuf ist es so, daß mein Arbeitgeber deswegen unfertige Features so schnell als möglich in der Produktion testet.\nSlideshare 8 Rollouts a Day Es geht darum, die Requirements zu validieren. \u0026ldquo;Ist diese Idee wirklich geeignet, das Problem zu lösen?\u0026rdquo;\nAls Webanwendung und als Anwendung, die nicht mit hoheitlichen oder medizinischen Daten arbeitet, sind wir da in einer privilegierten Position. Wir können dann mit relativ wenig Aufwand früh experimentieren, solange wir uns aus PII und PCI heraushalten.\nHIPPO: HIghest Paid Persons Opinion. Experiments kill HIPPOs.\nWeil wir das eigentliche Feature mit so wenig Entwicklungsaufwand als möglich implementieren können wir früh sehen, welche Änderungen an der Website uns reicher machen. 19 von 20 Ideen scheitern in dieser Experimentierphase.\nDas Experiment dient dazu, eine minimale (oder Fake-) Implementation eines Features auszumessen. Dabei ist ausschließlich interessant herauszufinden, ob die Requirements bei echten Usern überhaupt Sinn ergeben.\nWir wissen dann jedoch auch, wieviel reicher uns so ein Feature macht, und weil das so ist, können wir den Einsatz von Entwickler-Kapazitäten viel besser steuern: Entwickler arbeiten nur an Dingen, von denen wir wissen, daß sie Mehreinnahmen generieren, und wieviel Mehreinnahmen das sind. Wir können dann den Aufwand beim Engineering gegen den Gewinn abwägen.\nDas geht nur im Haus. Das kann nicht outsourcen. Denn nur dann ist eine informale, enge Steuerung mit Umsetzungszeiten für Steuerungsinput im Bereich von Stunden möglich . Tagen oder gar Wochen würden jede Form von Experimentieren scheitern lassen.\nInsourcing und Outsourcing vs. Marktreife und Prozessreife Expertise im Haus ist wichtig, um beurteilen zu können, was Dienstleister machen. Dan Luu hat dazu einen interessanten Artikel geschrieben.\nEigene Experten sind jedoch noch wichtiger, wenn man neue Dinge ausprobiert, und man deswegen das Projekt eng steuern muss.\nSlideshare \u0026ldquo;Go away or I will replace you with a very tiny shell script \u0026rdquo;, Marktreife und Prozessreife\nDas ist auch alles kein Hexenwerk, sondern lange bekannt.\nWenn man neue, unerprobte Dinge macht, ist man im Chaotischen Quadranten des Cynefin Models und macht Forschung. Dazu braucht man eine kleine Gruppe von Experten, die sich darauf konzentriert, Regeln und Gesetzmäßigkeiten (\u0026ldquo;überhaupt Practice\u0026rdquo;) zu finden.\nIn der deutschen Pipeline ist das ein Uni-Projekt, in dem Professor/innen irgendwelche Ideen ausprobieren, von denen die Mehrheit auf irgendeine nicht offensichtliche Weise egal oder falsch ist. Aber das herauszufinden ist genau Sinn der Sache: Die Mehrheit dieser Versuche scheitert, genau wie wir beim Requirements Engineering 19 von 20 Experimenten im Test scheitern sehen.\n\u0026ldquo;Complex\u0026rdquo; ist der Engineering-Quadrant, in der wir versuchen, als funktionierend bekannte Grundideen hoch zu skalieren, und in der Masse anwendbar zu machen. Hier braucht es mehr als ein Team, mit einem der Theoretiker aus der vorigen Phase als Beratung und vielen Praktikern (\u0026ldquo;Ingenieuren\u0026rdquo;) in den Teams, die immer noch so klein als möglich sein sollten.\nIdealerweise hat man zwei oder drei konkurrierende Ansätze mit überlappenden Zielsetzungen, von denen dann hoffentlich einer diese Phase überlebt. Aus dieser bekommt man dann einen Satz Handlungsanweisungen (\u0026ldquo;Wiederholbare Practice\u0026rdquo;) und gute Ratschläge (\u0026ldquo;das da ist kritisch!\u0026rdquo;). Das kann man dann schrittweise Ausrollen und mit Feinkorrekturen in die Fläche bringen. Dabei kommen auch Dienstleister und deren Training ins Spiel.\nProzessreife: Ohne quantitative Metriken ist Outsourcing meist zum Scheitern verurteilt.\nDas geht halt aber erst genau dann, wenn man Prozesse mit Metriken hat. Das bedeutet: wenn man Erfahrung hat, was man messen muss und wie - auf beiden Seiten der Vertragsgrenze.\nWenn der Prozess noch nicht reif genug ist und man gar keine Metriken hat, ist Einigkeit zwischen Auftraggeber und -nehmer schwierig. Dasselbe Problem hat man, wenn der Prozess noch zu schnell wächst, um ohne grundlegende Änderungen wiederholbar zu sein.\nWenn man - aus welchem Grund auch immer - solche Metriken nicht hat, oder nicht haben kann, weil es noch nicht so weit ist, dann kann man nicht outsourcen, also keinen Dienstleister verwenden.\nWarum ist das so?\nWeil man gar keine Grundlage hat, auf der beide Parteien beurteilen können, was verkauft und was geliefert worden ist, und ob das so okay ist. Solange das Projekt oder Prozess-Produkt noch weich ist, weil es noch in der Forschungs- oder Engineering-Phase ist, kann man nicht richtig sinnvoll mit externer Expertise arbeiten, weil niemand weiß, wie es geht.\nDann ist Expertise im Haus absolut notwendig.\nBlameless Postmortem Christian Petrausch weist noch auf einen weiteren kritischen Baustein hin, der absolut zwingend notwendig ist, und der über Vertragsgrenzen hinweg nur sehr, sehr schwierig zu realisieren ist:\nBlameless Postmortem.\nWenn irgendwo ein Flugzeug ein Unglück hat, wenn irgendwo ein Patient verstirbt, wenn irgendwo in einer gut geführten Softwarefirma eine Outage war, dann setzen sich alle Gruppen zusammen und versuchen herauszufinden, wie der Prozess defekt ist, der dazu geführt hat.\nDie Annahme ist, daß alle Beteiligten mit den besten Absichten und im Rahmen ihrer Fähigkeiten und zum Zeitpunkt der Entscheidung verfügbaren Informationen gehandelt haben.\nWenn also die Produktion ausfällt, weil Du (aufgrund der Monitoring-Daten, des Runbooks und Deiner Erfahrungen) angenommen hast, daß (A) der Fall war und deswegen (H) gemacht hast, aber in Wahrheit lag (B) vor und (H) hat alles gecrasht, \u0026hellip;\ndann ist es ein Problem, wenn die Monitoring-Daten zu langsam aufbereitet worden sind, wenn nie alle wichtigen Dinge gemessen worden sind, wenn das Runbook unvollständig oder unklar ist, oder wenn Du unzureichend ausgebildet worden bist. Es ist außerdem zu prüfen, ob diese Entscheidung (H) zu machen überhaupt manuell zu treffen ist, und ob dann eine manuelle Handlung initiiert werden muss.\nKurz: Der Blameless Postmortem konzentriert sich nicht darauf, wer die Produktion gecrasht hat, sondern welche Kette von Entscheidungen dazu geführt hat, dass die gerade Dienst habende Person die Produktion crashen musste.\nSo eine Diskussion über die Grenzen von Firmen, Verträgen, Statements of Work und mögliche Schadensersatzforderungen durchzuführen ist nahezu unmöglich, oder jedenfalls im Haus sehr viel einfacher.\nWieder braucht es dazu aber auch in der öffentlichen Verwaltung eine andere Kultur: einen grundlegenden Wandel, ein Bekenntnis zu Offenheit, Transparenz, Kooperation und Open Source. Solange sich das nicht ändert, wird sich die Tragödie vom Scheitern der Digitalisierung in der deutschen Verwaltung wieder und wieder und wieder wiederholen.\n","date":"2021-10-01T00:00:00Z","href":"https://blog.koehntopp.info/2021/10/01/projektschmerzen.html","tags":["lang_de","politik","computer"],"title":"Projektschmerzen"},{"categories":null,"content":"Golem titelt Intel will Xeon-Funktionen als Lizenz-Update verkaufen :\nIntel will Xeon-Funktionen als Lizenz-Update verkaufen.\nMit dem Software Defined Silicon will Intel in Xeon-Hardware zunächst abgeschaltete Funktionen künftig als Lizenz-Upgrade bereitstellen.\nManuel Atug ranted darüber auf Twitter:\nWenn dir die eigene Hardware nicht mehr gehört\u0026hellip; Intel will Xeon-Funktionen als Lizenz-Update verkaufen \u0026ldquo;Mit dem Software Defined Silicon will Intel in Xeon-Hardware zunächst abgeschaltete Funktionen künftig als Lizenz-Upgrade bereitstellen.\u0026rdquo;\nIch antwortete :\nDas braucht wesentlich mehr Kontext.\nXeons sind selten und haben nicht viele Kunden Intel stellt zurzeit eine sehr kleine einstellige Anzahl Millionen Xeon CPUs her. Davon gehen 85 % an weniger als 10 Kunden - Hyperscaler in den USA und China. 12 % oder so gehen an ca. 150 Kunden, die messbare Stückzahlen der Produktion aufkaufen. Der Rest sind Kleinkunden.\nDas ist eine sehr ungesunde Marktstruktur, und Intel weiß um die Probleme, die das mit sich bringt. Dies ist keine neue Situation, sondern war schon ein Problem, bevor Apple mit ARM losgelegt hat und AMD mit dem EPYC auf den Markt kam. Diese beiden Ereignisse haben die Situation aber noch verkompliziert.\nDazu kommt noch, dass die obigen Prozentangaben nach Stückzahlen sind, nicht nach Core-Count. Denn ansonsten sähe die Situation noch extremer aus: Hyperscaler haben Interesse an immer größeren CPUs mit immer mehr Kernen, und immer höherer Dichte in ihren Rechenzentren. Hyperscaler haben CPU Utilization und Return-per-Core als KPI und wollen Custom Silicon zum Auslagern der Virtualisierung, für das Netz, oder spezielle Tensorflow CPUs.\nNormale Kunden sehen das nicht so: man kann in einer 64C/128T-Core-Single-Socket-Konfiguration mit 2-4 TB RAM unter Umständen den gesamten Serverbedarf einer kleineren Firma in einer einzelnen physikalischen Maschine in VMs unterbringen. Das Problem dabei: Explosionsradius, wenn mal etwas ausfällt.\nCloud und On-Premise driften auseinander Effektiv bewirkt dies, dass die Bauweise der Rechner, die in der Public Cloud Dienst tun, und die Bauweise der Rechner in den Rechenzentren normaler Leute stehen auseinander driften. Das fängt heute an, aber der Bruch wird sich in den kommenden 5-10 Jahren noch vertiefen.\nEin Xeon-Markt für Hyperscaler ist groß, aber der Xeon-Markt \u0026ldquo;Server CPU für Cloud-Feinde\u0026rdquo; wird eher klein sein und schrumpfen. Und wird sich dann irgendwann nicht mehr lohnen.\nDavon mal abgesehen wird durch die laufend verbesserte Integration Chipfläche frei, und Intel muss sehen, was damit anzufangen ist, wenn es nicht \u0026ldquo;immer mehr Cores\u0026rdquo; sein können. Software Defined Silicon ist ein Testballon, mit dem man das herausfinden kann. Für die Firma wäre es schon wichtig, das herauszufinden: von oben drücken die Hyperscaler mit ihren Forderungen nach Mengenrabatten, von der Seite drängt AMD mit ihrer derzeit überlegenen EPYC-Architektur in den Markt und von unten drückt ARM.\nVielen Kunden können diese Pay-to-Play Features egal sein: Eine Webshop-Workload sieht in einem Intel vTune aus wie ein REP MOVSB Benchmark, memcpy() at scale, Variablen werden in HTML Templates eingesetzt.\nSogar die FPU und die ganzen AVX-Instruktionen - das ist alles Verschwendung von Chipfläche für die meisten Kunden. Nur wenige Anwendungen brauchen und nutzen diese Funktionalität in der CPU wirklich.\nMan stelle sich vor, man muss zum Beispiel für einen Inference Offloader (\u0026ldquo;bestehende Machine Learning Netze ausführen, nicht lernen\u0026rdquo;) bezahlen, und dann wird der auf den meisten Maschinen nie angewendet. Aber eine Serie CPUs herstellen, die diesen Inference Offloader hat, ihnen eine eigene Seriennummer zu geben und sie einzeln zu verkaufen will auch keiner. Die Stückzahlen und die Preise geben das nicht her.\nDer Marktdruck zeigt zur Cloud Wenn aber absehbar ist, dass in 5-10 Jahren die Trennung von Cloud-Hardware und On-Premise Hardware vollzogen sein wird, dann ist es auch klar, dass es nach Ablauf dieser Zeit nicht mehr möglich sein wird, ein Rechenzentrum mit Private Cloud kompetitiv zu betreiben. Das wird so kommen, weil die Cloud-Technik schlicht proprietär und für normalsterbliche Kunden nicht zu haben sein wird.\nBei der Technik und der Wirtschaftlichkeit zeigen alle Push- und Pull-Faktoren derzeit massiv in Richtung Cloud. Wer sein Unternehmen und seine IT darin nicht mit Gewalt und jetzt in die Public Cloud bringt, der wird nach dem Vollzug dieser Trennung in die Röhre schauen.\nEigene Server vor Ort sind - bei vorhersagbarem Bedarf - auf viele Weisen billiger als in der Cloud zu mieten. Aber man muss dann auch die eigenen Operations professionalisieren und man muss sich überlegen, wo in 5-10 Jahren die Technik herkommen soll.\nUnd wenn wir uns noch einmal die eingangs diskutierte Kundenstruktur von Intel ansehen, dann gibt es weniger als 200 Unternehmen weltweit, die dazu die erforderliche Masse haben. Das ist sehr frustrierend.\n","date":"2021-09-30T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/30/software-defined-silicon.html","tags":["lang_de","computer","cloud"],"title":"Software Defined Silicon"},{"categories":null,"content":"I ranted about hiring interviews, and the canned questions that people have to answer. One of the interviews we do is a systems design interview, where we want to see how (senior) people use components and patterns to design a system for reliability and scale-out.\nA sample question (based on a Twitter thread in German):\nIt is 2010, and the company has a database structure where a fixed number front end machines form a cell. Reads and writes are already split: Writes go to the primary of a replication tree, and are being replicated to the read instance of the database in each cell. Reads go to the database instance that is a fixed part of the cell.\nRead and write handles are split in the application. Clients write to a primary MySQL database, which then replicates to a database instance that is fixed part of a cell. Clients from a cell read from this fixed replica.\nUnfortunately, this is not very effective: The data center has 10 cells, but when a cell overloads its database, spare capacity from other cells cannot be utilized. Also, the data center is not redundant.\nWe want to:\nLoad balance database queries. Extend the architecture to more than a single data center (or AZ). Optionally be resilient against the loss of individual databases or a full AZ. Possible topics or annotations from a candidate:\nWhat kind of strategies are available for load balancing database connections? DNS, Anycast or L2 techniques Proxy (but not a web proxy) Zookeeper or another consensus system with modified clients What are the advantages or disadvantages of this? L2. Huh. Don\u0026rsquo;t do that. DNS updates are slow and complicated. It can be made to work, but you will always have very little control over what is balanced why and how. DNS is better used for a global load balancing of http requests, and not as a database load balancer. Zookeeper could be used to do this with modified clients, but we would have to discuss how exactly that works. That\u0026rsquo;s an interesting sub-question of its own. MySQL Router or ProxySQL are made for that, but have a lot of interesting sub-questions of their own. See below. What else may be different when load balancing database connections instead of http? web-proxies are not good database proxies. The database protocol is not http, and it is a stateful protocol . This requires extra care when load balancing. Database connections can be long-lived. A load balancing action to a different client only ever happens on connect. If you disconnect and reconnect only every 100 web actions or so, it is possible for the system to rebalance slowly. On the other hand, if you are using TLS\u0026rsquo;ed connections, connection setup cost can be high, so longer lived connections amortize better. Database connections have a highly variable result set size. A single select may return a single value of a single row, or an entire 35 TB table. If the proxy tries to be too intelligent and does things with the result as it passes through, it can die from out of memory. Proxies can become bottlenecks. Imagine 50 frontends talking to 10 databases via a single proxy on a typical 2010-box with a single (or two) 1 GBit/s network interface, and results contain BLOBs. What else there is to know? Replication scales only reads. As this is a shared nothing architecture, each instance eventually sees all writes. To scale writes, we have to split or shard the database. That is out of scope for this question. In our specific scenario, the number of writes is not actually a problem. We can assume a few hundred writes per second. Can we extend that to more than one AZ? Yes, we can create an intermediate primary in each AZ, which takes the writes from the origin AZ into each sub-AZ. It then fans out to the local replicas. This saves on long distance data transfer. It also creates mildly interesting problems for measuring replication delay. Because the replication tree is deeper, writes take longer to reach the leaves. Most applications should be able to accommodate that. The alternative would be something with full Two-Phase-Commit, but that would be even slower, and would have scaling limits in the number of systems that participate in the 2PC. This is usually how far we get in a single interview session, and only with touching only on some of these points. To find all is completely unrealistic, even for experienced people. We would now reach a point where we discuss failure scenarios.\nBut it would be highly unusual to get this far, and that is not actually the goal in an interview. I do in fact hardly care about the solution we end up with. My goal is to have a useful discussion about databases, scale-out and resiliency, and about stateful systems and their limits. When there are remarks such as \u0026ldquo;Our environment is smaller, but for us \u0026hellip; works\u0026rdquo; or \u0026ldquo;We tried this: \u0026hellip; but observed that often \u0026hellip;\u0026rdquo; that\u0026rsquo;s actual gold in an interview.\nEven things such as \u0026ldquo;In HTTP one would do \u0026hellip; but I can imagine that with stateful systems that does not work because \u0026hellip;\u0026rdquo; is already gold, because it shows a level of reflection and insight that is rare.\nThe objective is not to reinvent our 2021 setup. The objective is to use this clearly limited setup as a base for a common conversation about database problems.\n\u0026ldquo;Database Reliability Engineer\u0026rdquo; is the hardest position to hire for in my environment, because it is an H-shaped qualification The concept of H-shaped people is a metaphor used in job recruitment to describe the abilities of individuals in (or outside) the workforce. The vertical bars on the letter H represent the depth of related skills and expertise in a single field or discipline, whereas the horizontal bar is the ability to combine those two disciplines to create value in a way that was hitherto unknown.\nThe objective is to find a person that \u0026ldquo;Understands MySQL\u0026rdquo; and \u0026ldquo;Understands Python or Go\u0026rdquo; (\u0026ldquo;Understands any database\u0026rdquo; and \u0026ldquo;Understands a useful programming language\u0026rdquo;), so that I can throw them at our existing codebase and have them useful within 3-6 months - ugh.\nIf I can find one person per year, I am very lucky.\n","date":"2021-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/27/mysql-booking-2010-a-hiring-interview-question.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Our MySQL in 2010, a hiring interview question"},{"categories":null,"content":"My task is to collect performance data about a single query, using PERFORMANCE_SCHEMA (P_S for short) in MySQL, to ship it elsewhere for integration with other data.\nIn a grander scheme of things, I will need to define what performance data from a query I am actually interested in. I will also need to find a way to attribute the query (as seen on the server) to a point in the codebase of the client, which is not always easy when an ORM or other SQL generator is being used. And finally I will need to find a way to view the query execution in the context of the client code execution, because the data access is only a part of the system performance.\nThis is about marking a query so that it can be identified in source and attributed to its origin in the codebase.\nIn my scenario, I have control over the ORM or DAO. I can look at the stackframe, identify the caller of the execute function and put filename and line number or other identifying information into the generated query text. I could also get identifiers (\u0026quot;tracing ids \u0026quot;) from the caller and pass them on, so the query execution can be a child span of the ORM call that made the SQL and ran it.\nWhat will work?\nComments are stripped from P_S Let\u0026rsquo;s try comments first. The manual knows three kinds of comments in MySQL:\n/* ... */ C-like comments. # ... Shell-like comments. -- ... Not quite SQL-like comments. With preserved comments I could put identifying information into the query string, and later extract it from P_S. I could use this information to attribute the query and link it to its origin in code.\nIn one connection, I issue\nmysql [localhost:8025] {msandbox} (kris) \u0026gt; select /* keks */ * from t;m t; ... 8192 rows in set (0.00 sec) The result set is irrelevant, but I put a comment with /* ... */ into the query string.\nIn P_S, I find\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select sql_text from events_statements_history where thread_id = 47 order by event_id desc limit 1; +------------------+ | sql_text | +------------------+ | select * from t | +------------------+ 1 row in set (0.00 sec) The comment has been stripped, you can still see the double spaces.\nOld-fashioned SQL comments and shell comments seem to die already in the client:\nmysql [localhost:8025] {msandbox} (kris) \u0026gt; select -- keks -\u0026gt; * from t limit 3; ... 3 rows in set (0.00 sec) mysql [localhost:8025] {msandbox} (kris) \u0026gt; \u0026lt;cursor up\u0026gt; mysql [localhost:8025] {msandbox} (kris) \u0026gt; select * from t limit 3; The same happens with Shell comments: Of course, again, the comment is not in P_S.\nIt is unclear why comments are stripped, and where. Maybe it is a vestige from the statement conditioning that was installed as a pre-stage to the late query cache, bless its rotten soul.\nThere seem to be two mechanisms, one for SQL and Shell comments, and one for C comments: When looking at the client history, the Shell and SQL comments are not recalled by the editor, but the C comment is.\nThis difference in treatment makes some sense, because MySQL uses magic C comments to control statement parsing for compatibility: SELECT /*! 80000 NEW_KEYWORD */ is parsed as a SELECT by MySQL before version 8.0.0 and as SELECT NEW_KEYWORD by MySQL 8.0.0 and higher. This allows mysqldump and other programs to emit SQL code that degrades gracefully on older versions of MySQL.\nSimilar syntax, /*+ ...*/ is used to control optimizer hints.\nNew: Query attributes Query Attributes are a newfangled thing (8.0.23 or newer) that allow a client to annotate a query. The annotations are preserved in the server and are being made available in some contexts, but they do nothing.\nThe manual explains this:\nAttributes are defined prior to sending a statement. They exist until the statement ends. While they exist, they can be accessed on the server side. The examples given are exactly my use-case: Transporting identifying information from the client into the server, or injecting control information for a plugin from the client into the server in order to affect query processing in the server.\nQuery Attributes do nothing in the server. The server does not look at them.\nQuery Attributes are supported by the C-API client and the MySQL command line client. Not much support exists elsewhere, yet.\nThe basic exercise to check functions works:\nmysql [localhost:8025] {msandbox} (mysql) \u0026gt; INSTALL COMPONENT \u0026#34;file://component_query_attributes\u0026#34;; ... mysql [localhost:8025] {msandbox} (mysql) \u0026gt; query_attributes n1 v2 n2 v3 mysql [localhost:8025] {msandbox} (mysql) \u0026gt; select -\u0026gt; mysql_query_attribute_string(\u0026#39;n1\u0026#39;) AS \u0026#39;attr 1\u0026#39;, -\u0026gt; mysql_query_attribute_string(\u0026#39;n2\u0026#39;) AS \u0026#39;attr 2\u0026#39;, -\u0026gt; mysql_query_attribute_string(\u0026#39;n3\u0026#39;) AS \u0026#39;attr 3\u0026#39;; +--------+--------+--------+ | attr 1 | attr 2 | attr 3 | +--------+--------+--------+ | v2 | v3 | NULL | +--------+--------+--------+ 1 row in set (0.00 sec) The plugin component is also visible in memory map of mysqld:\nkris@server:~$ grep query_attr /proc/94982/maps 7f7590f5b000-7f7590f5c000 r--p 00000000 fd:00 221893305 /home/kris/opt/mysql/8.0.25/lib/plugin/component_query_attributes.so 7f7590f5c000-7f7590f5d000 r-xp 00001000 fd:00 221893305 /home/kris/opt/mysql/8.0.25/lib/plugin/component_query_attributes.so 7f7590f5d000-7f7590f5e000 r--p 00002000 fd:00 221893305 /home/kris/opt/mysql/8.0.25/lib/plugin/component_query_attributes.so 7f7590f5e000-7f7590f5f000 r--p 00002000 fd:00 221893305 /home/kris/opt/mysql/8.0.25/lib/plugin/component_query_attributes.so 7f7590f5f000-7f7590f60000 rw-p 00003000 fd:00 221893305 /home/kris/opt/mysql/8.0.25/lib/plugin/component_query_attributes.so Where to go from here? I can generate a query in a client I control, and annotate the query with identifying information. In my case this information will be\nA trace flag. If the query is to be traced, the trace flag will be present. The default is: The query will not be traced. A set of three identifiers (alphanumeric strings: sha256 MACs, UUIDs or strings representing integer numbers). They are a root id, a parent id and a query id. These identifiers allow me to model a span/parent span relationship in a larger tracing context. I need to find a hook in the server for a plugin. The plugin must run after query execution, but with the execution plan, the query string and the P_S data for the query still present. I am not yet familiar with this, and need to check the current server about what is on offer. Maybe the hook that the audit plugin uses can be repurposed.\nIf the trace flag is set, it will need to access\nthe query attributes the query plan that ran, if possible (Need to check what EXPLAIN FOR CONNECTION does) the information about the query execution that can be gathered from P_S data It needs to transform this information into a single serialized form, for example a JSON string, and then exfiltrate this in a way that does not block the server.\nThe generic way to do this in my environment has in the past been to send a UDP packet to localhost. UDP to localhost is considered non-lossy, limited to 64K and dropping the data if the listener is not present. A file write to an append-only file may also write, if there is a rotation/truncation mechanism.\nI will then need to take the JSON in my client, transform it some more and send it to a tracing consumer, e.g. Jaeger, Lightstep, or in my case, Honeycomb.\nThe trace data will there be joined with spans from other components, including spans around the ORM that made the SQL and the code that called into the ORM. This will allow to view the context of the query without having to grep for it, use modern web tools to analyze query execution in the context that generated it and generally unify SQL debugging with other application debugging.\nThis makes the need for specialized \u0026ldquo;Database Performance Monitoring\u0026rdquo; (DPM) software go away, at least for individual developers. A DPM can still be useful for operational tasks, but these are usually served by telegrams MySQL collector, Prometheus and Grafana just fine (and these usually scale better than a DPM).\n","date":"2021-09-17T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/17/binding-the-orm.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Binding the ORM"},{"categories":null,"content":"My task is to collect performance data about a single query, using PERFORMANCE_SCHEMA (P_S for short) in MySQL, to ship it elsewhere for integration with other data.\nIn a grander scheme of things, I will need to define what performance data from a query I am actually interested in. I will also need to find a way to attribute the query (as seen on the server) to a point in the codebase of the client, which is not always easy when an ORM or other SQL generator is being used. And finally I will need to find a way to view the query execution in the context of the client code execution, because the data access is only a part of the system performance.\nBut this is about query execution in the server, and the instrumentation available to me in MySQL 8, at least to get things started. So we take the tour of performance schema, and then run one example query (a simple join) and see what we can find out about this query.\nPerformance Schema, the 10.000 m view The Manual has a major chapter that covers P_S in details. The original idea of P_S is to have a bunch of preallocated memory areas without locks, presented to the database itself as tables.\nP_S is unusual in the way that P_S \u0026ldquo;tables\u0026rdquo; are never locked while you work with them. That means the values in a \u0026ldquo;table\u0026rdquo; can change while you read them. That is important - if you for example calculate percentages, they may not add up to 100%. If you ORDER BY, the sort may or may not be stable.\nThese are good properties: P_S will not freeze the server, and you won\u0026rsquo;t kill the server by working with P_S tables.\nIt is a good idea to make a copy of P_S tables while you work with them, by turning off subquery merging with select /*+ NO_MERGE(t) */ , and then materializing P_S tables in subqueries.\nOriginally, P_S also had no secondary indexes, so joining P_S tables against other P_S tables did not work efficiently. That was probably a good idea, because joining against a table that is changing while you execute the join is probably generating random results anyway. But because it is so common, and because MySQL itself does this now internally in sys.*, secondary indexes to join efficiently now exist. That does not make the joins more correct, but at least you get the result faster.\nI wrote about all this in an earlier article .\nInstruments, Objects, Actors, Threads and Consumers The data P_S collects is centered around three major things:\nTime consumed. In database servers, that is mostly wait time - waiting on I/O or locks. Data transferred. In database servers, that is mostly pages read or written. In a way, this related to I/O wait. Memory used. In database servers, that is buffers allocated - how large, and how often, and peak usage. P_S collects this in the form of \u0026ldquo;events\u0026rdquo; (and takes care to note that P_S events are not binlog events or other any events). The collection points are in the database server code, which is instrumented, so the collectors are instruments.\nThe thing that the server code works on may be of a certain kind, for example a table or another object in the server, but have a variable identity (that would be different tables, with different names). Instruments can be filtered by using object names.\nThe activity done in the server is done on behalf of a database user, in the form of user@host or, new in MySQL 8, using roles. The entity on which behalf the server is working on is called the actor.\nThe activity done in the server is also done in the context of a thread, some of which are background threads, while the majority in a busy server are usually connection threads.\nAnd finally, the data collected is put into the in-memory tables of P_S. These come in various groups, and are called consumers.\nData is collected from objects using instruments. Instruments can be turned on and off. Their collected data is then filtered by Objects, Actors and Threads, and finally dropped into consumers. Many consumers are aggregates, some collect information specific to one query execution.\nFor each of these things there is a setup_... table that controls how event data is collected by the instrumentation, filtered and the consumed in result tables. In parallel, object identities are collected in ..._instances tables, which are needed to resolve object identities.\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; show tables like \u0026#34;setup_%\u0026#34;; +----------------------------------------+ | Tables_in_performance_schema (setup_%) | +----------------------------------------+ | setup_actors | | setup_consumers | | setup_instruments | | setup_objects | | setup_threads | +----------------------------------------+ 5 rows in set (0.00 sec) mysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; show tables like \u0026#34;%_instances\u0026#34;; +--------------------------------------------+ | Tables_in_performance_schema (%_instances) | +--------------------------------------------+ | cond_instances | | file_instances | | mutex_instances | | prepared_statements_instances | | rwlock_instances | | socket_instances | +--------------------------------------------+ 6 rows in set (0.00 sec) mysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select * from socket_instances; +----------------------------------------+-----------------------+-----------+-----------+-----------+-------+--------+ | EVENT_NAME | OBJECT_INSTANCE_BEGIN | THREAD_ID | SOCKET_ID | IP | PORT | STATE | +----------------------------------------+-----------------------+-----------+-----------+-----------+-------+--------+ | wait/io/socket/mysqlx/tcpip_socket | 106328376 | 44 | 21 | :: | 18025 | ACTIVE | | wait/io/socket/mysqlx/unix_socket | 106328688 | 44 | 22 | | 0 | ACTIVE | | wait/io/socket/sql/server_tcpip_socket | 106329000 | 1 | 26 | 127.0.0.1 | 8025 | ACTIVE | | wait/io/socket/sql/server_unix_socket | 106329312 | 1 | 28 | | 0 | ACTIVE | | wait/io/socket/sql/client_connection | 106330560 | 50 | 41 | | 0 | ACTIVE | +----------------------------------------+-----------------------+-----------+-----------+-----------+-------+--------+ 5 rows in set (0.00 sec) Current, History and History Long Tables vs. Summaries P_S collects data in a lot of summary table, which should not interest us that much here. Our task is to look at the performance data of a single, individual query to better understand what happened when it ran.\nThese unaggregated tables are events_transactions, events_statements, events_stages and events_waits. For each of them, we have _current, _history or _history_long tables.\nThe _current tables contain one entry for the currently running thread. The _history tables contain a configurable number of entries for each thread, for example 10 per thread. And the _history_long tables contain a configurable number of entries, shared across all threads, for example 10.000 in total. As the server continues to execute statements and produce events, old entries are discarded and new entries are added, automatically. Additionally, each query execution is aggregated along several dimensions in summary tables. Summary tables state these dimension(s) using by_\u0026lt;dimensionname\u0026gt;, for example _by_user_by_eventname or similar.\nIn current MySQL, P_S is enabled by default. But not all instruments and consumers are enabled, because some instrumentation slows query execution down, and some consumers can use a lot of memory. To be fast and safe, all memory is statically allocated at config change so the memory resource usage of P_S is constant and no allocations are made during execution.\nWe can enable all instrumentation completely with this SQL:\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; UPDATE -\u0026gt; performance_schema.setup_instruments SET ENABLED = \u0026#39;YES\u0026#39;, TIMED = \u0026#39;YES\u0026#39;; Query OK, 494 rows affected (0.00 sec) Rows matched: 1216 Changed: 494 Warnings: 0 mysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; UPDATE -\u0026gt; performance_schema.setup_consumers SET ENABLED = \u0026#39;YES\u0026#39;; Query OK, 0 rows affected (0.00 sec) Rows matched: 15 Changed: 0 Warnings: 0 When we look at one of these tables, for example events_statements_current, we see a structure like this:\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; show create table events_statements_current\\G *************************** 1. row *************************** Table: events_statements_current Create Table: CREATE TABLE `events_statements_current` ( `THREAD_ID` bigint unsigned NOT NULL, `EVENT_ID` bigint unsigned NOT NULL, `END_EVENT_ID` bigint unsigned DEFAULT NULL, `EVENT_NAME` varchar(128) NOT NULL, `SOURCE` varchar(64) DEFAULT NULL, `TIMER_START` bigint unsigned DEFAULT NULL, `TIMER_END` bigint unsigned DEFAULT NULL, `TIMER_WAIT` bigint unsigned DEFAULT NULL, ... `NESTING_EVENT_ID` bigint unsigned DEFAULT NULL, `NESTING_EVENT_TYPE` enum(\u0026#39;TRANSACTION\u0026#39;,\u0026#39;STATEMENT\u0026#39;,\u0026#39;STAGE\u0026#39;,\u0026#39;WAIT\u0026#39;) DEFAULT NULL, `NESTING_EVENT_LEVEL` int DEFAULT NULL, `STATEMENT_ID` bigint unsigned DEFAULT NULL, PRIMARY KEY (`THREAD_ID`,`EVENT_ID`) ) ENGINE=PERFORMANCE_SCHEMA DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) That is, events are tagged with a THREAD_ID (which is not a CONNECTION_ID() as seen in processlist), an EVENT_ID/END_EVENT_ID bracket, various source and timer values and for further dissection, a NESTING_EVENT_ID and _TYPE.\nWe can translate processlist ids into thread ids using the P_S.THREADS table, and then use this to limit our view on the events_statements_current table:\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select thread_id from threads -\u0026gt; where processlist_id = connection_id(); +-----------+ | thread_id | +-----------+ | 50 | +-----------+ 1 row in set (0.00 sec) mysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select -\u0026gt; thread_id, -\u0026gt; event_id, -\u0026gt; event_name, -\u0026gt; source, -\u0026gt; sys.format_time(timer_wait), -\u0026gt; sql_text -\u0026gt; from events_statements_current -\u0026gt; where thread_id = 50\\G *************************** 1. row *************************** thread_id: 50 event_id: 88463 event_name: statement/sql/select source: init_net_server_extension.cc:94 sys.format_time(timer_wait): 341.04 us sql_text: select thread_id, event_id, event_name, source, sys.format_time(timer_wait), sql_text from events_statements_current where thread_id = 50 1 row in set (0.00 sec) So running this query took 341 Microseconds, or 0.341 ms. And sources are named after their location in the server sourcecode, filename and line number .\nEvents exist in a hierarchy: wait events nest within stage events, which nest within statement events, which nest within transaction events. Some nested events refer to their own type, for example, statement events can point to other statement events they are nested in. Other events refer to their enclosing context in the hierarchy. Nesting Event ID, Type and Level make this clear.\nInstrument names The manual explains Instrument Names . They have path-like names that group instruments hierarchically, for example wait/io/file/innodb/innodb_data_file. This is a wait event, io related, specifically file I/O, more specific innodb and even more specific innodb_data_file. Looking at other fields in the events_waits_history table, we would see the file name as part of the OBJECT_SCHEMA.OBJECT_NAME designator for this event. That means, we can see how long we waited for I/O coming from this specific file or going to the file.\nFurther up in the nesting we would see, at the statement level, the actual SQL_TEXT, and also the number of rows scanned. That means we can get a rough estimate why this particular statement instance was slow - for example, the plan was good, the number of rows was low, but we see a lot of actual file IO waits, so probably the buffer pool was cold.\nThe manual page above discusses the instrument names at length, and it is important to get an overview of what exists and what is measured. Specifically, for statement level entries the instruments vary during query execution and become more detailed, as they reflect the progress in understanding of the server about the nature of the statement as it is executed.\nAn example run In a freshly restarted idle server, we log in to a shell and use world for the world sample database. This is a tiny database, but because the server has been just restarted, nothing of it is cached. We run a simple query:\nmysql [localhost:8025] {msandbox} (world) \u0026gt; select -\u0026gt; co.continent, -\u0026gt; co.name as country, -\u0026gt; co.population as copop, -\u0026gt; ci.name as capital, -\u0026gt; ci.population as cipop -\u0026gt; from country as co join city as ci -\u0026gt; on co.capital = ci.id -\u0026gt; where continent = \u0026#39;Europe\u0026#39;; +-----------+-------------------------------+-----------+------------------------------------+---------+ | continent | country | copop | capital | cipop | +-----------+-------------------------------+-----------+------------------------------------+---------+ | Europe | Albania | 3401200 | Tirana | 270000 | ... | Europe | Yugoslavia | 10640000 | Beograd | 1204000 | +-----------+-------------------------------+-----------+------------------------------------+---------+ 46 rows in set (0.00 sec) Now let\u0026rsquo;s check what we can find out, using a second session:\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select * from threads -\u0026gt; where processlist_db = \u0026#39;world\u0026#39;\\G *************************** 1. row *************************** THREAD_ID: 48 NAME: thread/sql/one_connection TYPE: FOREGROUND PROCESSLIST_ID: 9 PROCESSLIST_USER: msandbox PROCESSLIST_HOST: localhost PROCESSLIST_DB: world PROCESSLIST_COMMAND: Sleep PROCESSLIST_TIME: 4 PROCESSLIST_STATE: NULL PROCESSLIST_INFO: NULL PARENT_THREAD_ID: 1 ROLE: NULL INSTRUMENTED: YES HISTORY: YES CONNECTION_TYPE: Socket THREAD_OS_ID: 346752 RESOURCE_GROUP: USR_default 1 row in set (0.00 sec) In our case we are only interested in the fact that our thread/sql/one_connection in the processlist is shown as connection 9, but internally has a thread_id of 48. The Linux Operating System PID is 346752.\nWe can use this to check events_transactions_wait, and find\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select -\u0026gt; thread_id, -\u0026gt; event_id, -\u0026gt; state, -\u0026gt; source, -\u0026gt; sys.format_time(timer_wait) as timer, -\u0026gt; nesting_event_id, -\u0026gt; nesting_event_type - from events_transactions_history -\u0026gt; where thread_id = 48; +-----------+----------+-----------+-----------------+-----------+------------------+--------------------+ | thread_id | event_id | state | source | timer | nesting_event_id | nesting_event_type | +-----------+----------+-----------+-----------------+-----------+------------------+--------------------+ | 48 | 179 | COMMITTED | handler.cc:1328 | 496.05 us | 85 | STATEMENT | | 48 | 401 | COMMITTED | handler.cc:1328 | 559.99 us | 278 | STATEMENT | | 48 | 5606 | COMMITTED | handler.cc:1328 | 3.03 ms | 5574 | STATEMENT | +-----------+----------+-----------+-----------------+-----------+------------------+--------------------+ 3 rows in set (0.00 sec) Why are there three statement events? We can check:\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select -\u0026gt; thread_id, -\u0026gt; event_id, -\u0026gt; sql_text -\u0026gt; from events_statements_history -\u0026gt; where thread_id = 48 and event_id in (85, 278, 5574); +-----------+----------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | thread_id | event_id | sql_text | +-----------+----------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | 48 | 85 | show databases | | 48 | 278 | show tables | | 48 | 5574 | select co.continent, co.name as country, co.population as copop, ci.name as capital, ci.population as cipop from country as co join city as ci on co.capital = ci.id where continent = \u0026#39;Europe\u0026#39; | +-----------+----------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ 3 rows in set (0.00 sec) The mysql command line client is running from the sandbox with /home/kris/opt/mysql/8.0.25/bin/mysql --defaults-file=/home/kris/sandboxes/msb_8_0_25/my.sandbox.cnf world. Autocompletion for names is not disabled. So on client startup, the client invisibly runs show databases to learn the names of all databases for autocompletion. It then enters the world database as requested and runs show tables to learn the names of all tables in the world database.\nOnly then we come to the prompt and can paste our query.\nWe are only interested in thread_id = 48 AND event_id = 5574, our query.\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select * -\u0026gt; from events_statements_history -\u0026gt; where thread_id = 48 AND event_id = 5574\\G *************************** 1. row *************************** THREAD_ID: 48 EVENT_ID: 5574 END_EVENT_ID: 6624 EVENT_NAME: statement/sql/select SOURCE: init_net_server_extension.cc:94 TIMER_START: 61628458852000 TIMER_END: 61631769329000 TIMER_WAIT: 3310477000 LOCK_TIME: 224000000 SQL_TEXT: select co.continent, co.name as country, co.population as copop, ci.name as capital, ci.population as cipop from country as co join city as ci on co.capital = ci.id where continent = \u0026#39;Europe\u0026#39; DIGEST: 409c336982f0d3d45c4b29da77fe83aed12c6043e8ce9771c11ec82ff347e647 DIGEST_TEXT: SELECT `co` . `continent` , `co` . `name` AS `country` , `co` . `population` AS `copop` , `ci` . `name` AS `capital` , `ci` . `population` AS `cipop` FROM `country` AS `co` JOIN `city` AS `ci` ON `co` . `capital` = `ci` . `id` WHERE `continent` = ? CURRENT_SCHEMA: world OBJECT_TYPE: NULL OBJECT_SCHEMA: NULL OBJECT_NAME: NULL OBJECT_INSTANCE_BEGIN: NULL MYSQL_ERRNO: 0 RETURNED_SQLSTATE: NULL MESSAGE_TEXT: NULL ERRORS: 0 WARNINGS: 0 ROWS_AFFECTED: 0 ROWS_SENT: 46 ROWS_EXAMINED: 92 CREATED_TMP_DISK_TABLES: 0 CREATED_TMP_TABLES: 0 SELECT_FULL_JOIN: 0 SELECT_FULL_RANGE_JOIN: 0 SELECT_RANGE: 0 SELECT_RANGE_CHECK: 0 SELECT_SCAN: 0 SORT_MERGE_PASSES: 0 SORT_RANGE: 0 SORT_ROWS: 0 SORT_SCAN: 0 NO_INDEX_USED: 0 NO_GOOD_INDEX_USED: 0 NESTING_EVENT_ID: NULL NESTING_EVENT_TYPE: NULL NESTING_EVENT_LEVEL: 0 STATEMENT_ID: 125 1 row in set (0.00 sec) The statement is statement/sql/select. It took 3310477000 picoseconds (3.31ms) to run. The sql_text is the full text of the statement (up to a cutoff point, in order to manage memory consumption). The parsed statement is called digest_text - identifiers are quoted, whitespace is normalized, actual constants are replaced with placeholders, and (not shown here) variable length WHERE ... IN (...) clauses are shortened with ellipses. This normalized digest is then hashed and produces an identifier for this group of identically formed statements, the digest. We learn about the number of rows looked at, 92 and sent, 46. No special flags indicating specific execution modes were set.\nWe can use the event_id to look even deeper:\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select -\u0026gt; thread_id, -\u0026gt; event_id, -\u0026gt; event_name, -\u0026gt; source, -\u0026gt; sys.format_time(timer_wait) as timer -\u0026gt; from events_stages_history -\u0026gt; where thread_id = 48 -\u0026gt; and nesting_event_id = 5574 -\u0026gt; order by event_id; +-----------+----------+--------------------------------------+----------------------+-----------+ | thread_id | event_id | event_name | source | timer | +-----------+----------+--------------------------------------+----------------------+-----------+ | 48 | 5610 | stage/sql/optimizing | sql_optimizer.cc:270 | 15.88 us | | 48 | 5611 | stage/sql/statistics | sql_optimizer.cc:534 | 703.58 us | \u0026lt;- !! | 48 | 5710 | stage/sql/preparing | sql_optimizer.cc:618 | 31.93 us | | 48 | 5712 | stage/sql/executing | sql_union.cc:1126 | 2.26 ms | \u0026lt;- !! | 48 | 6593 | stage/sql/end | sql_select.cc:586 | 1.86 us | | 48 | 6594 | stage/sql/query end | sql_parse.cc:4542 | 1.93 us | | 48 | 6596 | stage/sql/waiting for handler commit | handler.cc:1594 | 9.05 us | | 48 | 6600 | stage/sql/closing tables | sql_parse.cc:4593 | 14.02 us | | 48 | 6621 | stage/sql/freeing items | sql_parse.cc:5042 | 29.4 us | | 48 | 6623 | stage/sql/cleaning up | sql_parse.cc:2252 | 1.17 us | +-----------+----------+--------------------------------------+----------------------+-----------+ 10 rows in set (0.00 sec) These are the various execution stages of our statement - we select by thread_id and with the event_id of the statement, 5574 as a nesting_id, ordered by event_id. Time was consumed by the stage/sql/statistics phase, looking up table stats for a good execution plan, and then by the actual query execution in stage/sql/executing. The former took 0.7ms (703.58us), the latter 2.26ms.\nWe are interested in what took so long, specifically, so we look into waits for event_ids 5611 and 5712 - finding nothing, and also nothing particularly time-consuming:\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select -\u0026gt; thread_id, -\u0026gt; event_id, -\u0026gt; event_name, -\u0026gt; sys.format_time(timer_wait) as timer, -\u0026gt; nesting_event_type, -\u0026gt; nesting_event_id, -\u0026gt; operation -\u0026gt; from events_waits_history -\u0026gt; where thread_id = 48 -\u0026gt; order by event_id; +-----------+----------+------------------------------------------+-----------+--------------------+------------------+-----------+ | thread_id | event_id | event_name | timer | nesting_event_type | nesting_event_id | operation | +-----------+----------+------------------------------------------+-----------+--------------------+------------------+-----------+ | 48 | 6614 | wait/synch/mutex/innodb/trx_mutex | 56.26 ns | STAGE | 6600 | lock | | 48 | 6615 | wait/synch/mutex/innodb/trx_mutex | 48.64 ns | STAGE | 6600 | lock | | 48 | 6616 | wait/synch/mutex/innodb/trx_mutex | 50.4 ns | STAGE | 6600 | lock | | 48 | 6617 | wait/synch/mutex/innodb/trx_mutex | 46.88 ns | STAGE | 6600 | lock | | 48 | 6618 | wait/synch/mutex/innodb/trx_mutex | 43.36 ns | STAGE | 6600 | lock | | 48 | 6619 | wait/synch/mutex/innodb/trx_mutex | 45.12 ns | STAGE | 6600 | lock | | 48 | 6620 | wait/synch/mutex/sql/LOCK_table_cache | 66.8 ns | STAGE | 6600 | lock | | 48 | 6622 | wait/io/socket/sql/client_connection | 18.91 us | STAGE | 6621 | send | | 48 | 6624 | wait/synch/mutex/sql/THD::LOCK_thd_query | 124.23 ns | STAGE | 6623 | lock | | 48 | 6626 | wait/io/socket/sql/client_connection | NULL | WAIT | 6625 | recv | +-----------+----------+------------------------------------------+-----------+--------------------+------------------+-----------+ 10 rows in set (0.00 sec) We can see I/O in a global summary, and the timings make sense in the context of the experiment:\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select -\u0026gt; object_type, -\u0026gt; object_schema, -\u0026gt; object_name, -\u0026gt; count_star, -\u0026gt; sys.format_time(max_timer_read) as `read`, -\u0026gt; sys.format_time(max_timer_write) as `write`, -\u0026gt; sys.format_time(max_timer_fetch) as `fetch` -\u0026gt; from table_io_waits_summary_by_table -\u0026gt; where object_schema = \u0026#39;world\u0026#39;\\G *************************** 1. row *************************** object_type: TABLE object_schema: world object_name: city count_star: 46 read: 569.17 us write: 0 ps fetch: 569.17 us *************************** 2. row *************************** object_type: TABLE object_schema: world object_name: country count_star: 47 read: 703.4 us write: 0 ps fetch: 703.4 us ... But why are the I/O times not visible to us? That\u0026rsquo;s a bit unclear. My theory was that the reads happen asynchronously by some background thread. But a quick query shows no time spend on reader threads.\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select -\u0026gt; t.thread_id, -\u0026gt; t.name, -\u0026gt; t.type -\u0026gt; from threads as t join events_waits_summary_by_thread_by_event_name as e -\u0026gt; on t.thread_id = e.thread_id -\u0026gt; where e.max_timer_wait \u0026gt; 0 -\u0026gt; and e.event_name = \u0026#39;wait/io/file/innodb/innodb_data_file\u0026#39;; +-----------+---------------------------------------------+------------+ | thread_id | name | type | +-----------+---------------------------------------------+------------+ | 1 | thread/sql/main | BACKGROUND | | 9 | thread/innodb/io_write_thread | BACKGROUND | | 10 | thread/innodb/io_write_thread | BACKGROUND | | 11 | thread/innodb/io_write_thread | BACKGROUND | | 12 | thread/innodb/io_write_thread | BACKGROUND | | 13 | thread/innodb/page_flush_coordinator_thread | BACKGROUND | | 33 | thread/innodb/clone_gtid_thread | BACKGROUND | | 47 | thread/sql/one_connection | FOREGROUND | | 48 | thread/sql/one_connection | FOREGROUND | +-----------+---------------------------------------------+------------+ 9 rows in set (0.00 sec) We seem to be unable to attribute time spent loading data from disk to a specific thread, and we seem to be unable to account for the runtime of certain stages by looking at waits. That\u0026rsquo;s unexpected.\nMemory only as summary Diverse memory_% tables exist to track memory usage in the server. All of these tables are summary tables, there are no memory events tables that could trace memory usage per query. That might be okay.\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; show tables like \u0026#39;%memory%\u0026#39;; +-----------------------------------------+ | Tables_in_performance_schema (%memory%) | +-----------------------------------------+ | memory_summary_by_account_by_event_name | | memory_summary_by_host_by_event_name | | memory_summary_by_thread_by_event_name | | memory_summary_by_user_by_event_name | | memory_summary_global_by_event_name | +-----------------------------------------+ 5 rows in set (0.00 sec) We can do interesting things with stuff such as memory_summary_by_thread_by_event_name, at least on our mostly idle server.\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select -\u0026gt; thread_id, -\u0026gt; event_name, -\u0026gt; count_alloc, -\u0026gt; sum_number_of_bytes_alloc, -\u0026gt; high_number_of_bytes_used -\u0026gt; from memory_summary_by_thread_by_event_name -\u0026gt; where thread_id = 48 -\u0026gt; and HIGH_NUMBER_OF_BYTES_USED \u0026gt; 0 -\u0026gt; order by HIGH_NUMBER_OF_BYTES_USED desc limit 5; +-----------+-------------------------------+-------------+---------------------------+---------------------------+ | thread_id | event_name | count_alloc | sum_number_of_bytes_alloc | high_number_of_bytes_used | +-----------+-------------------------------+-------------+---------------------------+---------------------------+ | 48 | memory/sql/THD::main_mem_root | 22 | 1181008 | 613544 | | 48 | memory/innodb/memory | 226 | 1059368 | 250032 | | 48 | memory/sql/dd::objects | 205 | 47432 | 44648 | | 48 | memory/innodb/ha_innodb | 26 | 35784 | 35784 | | 48 | memory/innodb/fil0fil | 2 | 65600 | 32800 | +-----------+-------------------------------+-------------+---------------------------+---------------------------+ 5 rows in set (0.00 sec) No EXPLAIN Another thing that would be useful to collect from P_S is the actual execution plan of a query. But while we can explain a lot of statements by running EXPLAIN \u0026lt;stmt\u0026gt;, and while we can EXPLAIN FOR CONNECT ..., the former is not the recorded execution plan, and the latter only works while the query is running. It\u0026rsquo;s the actual execution plan while the query executes, but it is not recorded.\nSummary A lot of information about query execution can be gathered from P_S. The query execution can be broken down in statements, stages and waits. Specifically, statements collect a lot of interesting quality flags. Stages can collect percentages of completion for long-running queries and give a general feel about where in the query execution time is spent. Waits should be able to attribute time to individual operations in the database server, but specifically for file I/O this seems to be more complicated, and I have not been able to solve it.\nWe can see waits for I/O summary tables, and we can see a lot of other statistical information in other summary tables. We can also use additional tables not covered here for debugging (for example DATA_LOCKS for locking behavior).\nMemory instrumentation is interesting, but at this stage it is unclear to me if it is sufficient.\nIt seems to be really hard to record execution plans together with statements.\nMore experimentation with more complicated queries is necessary to see if it is possible to see things like sorting, temp files and similar operations, and attribute time to these operations.\nThe number of queries on P_S necessary to extract information about a single query is staggering, a 10:1 ratio. At least filters exist and are on by default, so that I do not have to hear my monitoring noise in my monitoring. That is good.\nI could really use a single large JSON blob containing the entire package with performance data for a query, at once - one query to trace one query. That is, the information from transaction, statement, stages, waits, the execution plan and the memory consumption for a given transaction or statement, in one go.\n","date":"2021-09-15T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/15/mysql-tracing-a-single-query-with-performanceschema.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Tracing a single query with PERFORMANCE_SCHEMA"},{"categories":null,"content":"Like I said, I never had much reason to use table compression, and only recently looked into the topic. MySQL Page Compression looks a lot easier at the database end of things, but relies on hole punching support in the file system. Let\u0026rsquo;s have a look at what that means.\nFiles, Inodes and Arrays of Blocks The original Unix filesystem saw the disk as a sea of blocks, which were represented in a free map as an array of bits. Files have numbers, which are an index into an array of so-called inode structures. Inodes store the files metadata and contain an array of block numbers, which make up the actual file. The array is folded multiple times, to optimize for the more common case of small files: The first few block numbers were stored in the inode, followed by a pointer to a block containing file block numbers, then a pointer to a block containing pointers to blocks of file block numbers and so on.\nThe block list inside an array is folded multiple times, to optimize for the more common case of small files.\nThese structures make up the so-called lower filesystem, which deals with organizing blocks into numbered files efficiently. On top of that resides the upper filesystem, which is concerned with managing names of files, and organizing them into directories. In our instance the upper filesystem is of no interest, so we are ignoring it completely: To us files are sequences of blocks, organized in inodes.\nWhile the folded block array of the original file system served us for many decades, more modern file systems try to shrink these block lists by storing extents. An extent is a pair (start, length) that describes a contiguous sequence of blocks. On a mostly empty disk, most files can probably be arranged in such runs of contiguous blocks, so this is a more efficient way to store things. Also, free lists can in many cases be stored more efficiently as extents.\nThe XFS filesystem is getting a lot of mileage of such extents, and one major a difference between the Linux ext3 and ext4 is the use of extents instead of block lists and bitmaps in many places.\nSparse Files Unix always allowed you to seek past the end of a file and write data. The following example program creates a file named testfile by opening a new file of length 0, seeking to the position 20 GB and writing an integer at that position. The resulting file is 20 GB in length, but only occupies a minuscule amount of disk space. This is called a sparse file, a file with holes in it.\nReading a sparse file, the non-existent blocks are returned as blocks filled with zeroes. On writing, space is allocated for the previously unallocated blocks in the sparse file, but probably not in sequence. So on hard disks, a seek occurs that would probably not have occurred, had the file actually been written properly.\nkris@server:~$ cat sparseme.c #include \u0026lt;stdio.h\u0026gt; #include \u0026lt;unistd.h\u0026gt; #include \u0026lt;stdlib.h\u0026gt; /* 20 GB */ #define FAR_OUT ((long) 20*1024*1024*1024) int main(void) { int something = 0; FILE *fp = 0; /* trunate to 0, or create, position 0 */ fp = fopen(\u0026#34;testfile\u0026#34;, \u0026#34;w\u0026#34;); if (!fp) { fprintf(stderr, \u0026#34;Cannot open \u0026#39;testfile\u0026#39;, I die.\u0026#34;); exit(1); } /* move to far out position */ fseek(fp, FAR_OUT, SEEK_SET); /* write something */ fwrite(\u0026amp;something, sizeof(something), 1, fp); fclose(fp); exit(0); } When looking at this on the disk we can see that in fact only 4 KB of disk space (one block on a modern disk) has been allocated.\nkris@server:~$ cc -o sparseme sparseme.c kris@server:~$ ./sparseme kris@server:~$ ls -lsh testfile 4.0K -rw-rw-r-- 1 kris kris 21G Sep 14 16:37 testfile kris@server:~$ xfs_bmap -v testfile testfile: EXT: FILE-OFFSET BLOCK-RANGE AG AG-OFFSET TOTAL 0: [0..41943039]: hole 41943040 1: [41943040..41943047]: 104705904..104705911 3 (10334064..10334071) 8 We compile the C-program with cc -o sparseme sparseme.c, then run it as ./sparseme. We look at the resulting testfile with ls -lsh testfile. The size of the file is shown as 21G, but the allocation (in the leftmost column, we asked for that with the -s flag) is only 4K.\nUsing the XFS maintenance program xfs_bmap in verbose mode, we get to see the block map (bmap) of the file, as an extent listing. The program operates with sectors of 512 bytes, the unit that was common for many hard disk before we moved to 4K sectors. We see a large hole from offset 0 to 41943039 (times 512 bytes for sector size, this is 20 GB). Then there are 8 sectors (one 4K disk drive hardware block) mapped to 8 contiguous blocks (actually one hardware block) at 104705904 from the start of the partition.\nWe can do the same thing using a dd command without writing a C-program:\nkris@server:~$ rm testfile testfile2 kris@server:~$ dd if=/dev/zero of=testfile2 bs=1 count=1 seek=21474836480 1+0 records in 1+0 records out 1 byte copied, 0.000227159 s, 4.4 kB/s kris@server:~$ ls -lsh testfile2 4.0K -rw-rw-r-- 1 kris kris 21G Sep 14 16:47 testfile2 kris@server:~$ xfs_bmap -v testfile2 testfile2: EXT: FILE-OFFSET BLOCK-RANGE AG AG-OFFSET TOTAL 0: [0..41943039]: hole 41943040 1: [41943040..41943047]: 104705904..104705911 3 (10334064..10334071) 8 Our of=testfile2 generates the outfile, and we write one byte (bs=1) one time (count=1) after seeking to position 20G (seek=...). Using ls -lsh and the xfs_bmap output, we can confirm that this is indeed a file with a hole.\nSparse files are hard to handle: When you copy them, the non-existent blocks are read as blocks full of 0-bytes, and written. The target file will therefore actually allocate all the space the source file only claims to be large.\nThis is a problem with core files in many Unix system, because they are being dumped as sparse files, mapping the actual process address space to file offsets, and leaving unallocated space in the address space at least in part as holes in the file. Until you naively copy that file, that is.\nThe GNU cp program has a --sparse option that tries to handle this, and rsync also has special options that make it sparse file aware.\nHole Punching Some filesystems allow you to punch holes into files, using the fallocate(2) system call. This system call can be used to assign blocks to a file, making sure it is not a sparse file, without actually having to write all those bytes and a few other things. Using the filesystem dependent FALLOC_FL_PUNCH_HOLE flag, extents in the file can be marked as \u0026lsquo;unused\u0026rsquo; and be given back to the filesystem.\nLet\u0026rsquo;s look what our tables from the previous article look like on disk, using xfs_bmap.\nThe uncompressed table looks like this:\nkris@server:~/sandboxes/msb_8_0_25/data/kris$ xfs_bmap -v keks.ibd keks.ibd: EXT: FILE-OFFSET BLOCK-RANGE AG AG-OFFSET TOTAL 0: [0..63]: 104752464..104752527 3 (10380624..10380687) 64 1: [64..159]: 104753560..104753655 3 (10381720..10381815) 96 2: [160..223]: 104744928..104744991 3 (10373088..10373151) 64 ... 18: [327680..450559]: 126091200..126214079 4 (262080..384959) 122880 19: [450560..516095]: 126404568..126470103 4 (575448..640983) 65536 We get 20 extents, some of which are smaller than 100 sectors, but some of which are larger than 100k sectors of contiguous space.\nNow the page compressed file:\nkris@server:~/sandboxes/msb_8_0_25/data/kris$ xfs_bmap -v keks2.ibd keks2.ibd: EXT: FILE-OFFSET BLOCK-RANGE AG AG-OFFSET TOTAL 0: [0..31]: 104756944..104756975 3 (10385104..10385135) 32 1: [32..63]: 104757000..104757031 3 (10385160..10385191) 32 2: [64..71]: 104709000..104709007 3 (10337160..10337167) 8 3: [72..95]: hole 24 4: [96..103]: 104709032..104709039 3 (10337192..10337199) 8 5: [104..127]: hole 24 30886: [494440..494463]: hole 24 30887: [494464..494471]: 127160928..127160935 4 (1331808..1331815) 8 30888: [494472..494495]: hole 24 30889: [494496..516095]: 127160960..127182559 4 (1331840..1353439) 21600 We get more than 30k extents here, all of them 8 sectors (4K) of data and 24 sectors (12K) of hole in my very compressible test data. This is messy.\nTrying to delete these things demonstrates the cost of this:\nkris@server:~$ cp ~/sandboxes/msb_8_0_25/data/kris/keks.ibd . kris@server:~$ cp --sparse=always ~/sandboxes/msb_8_0_25/data/kris/keks2.ibd . kris@server:~$ time rm keks.ibd real 0m0.020s user 0m0.000s sys 0m0.020s kris@server:~$ time rm keks2.ibd real 0m0.123s user 0m0.000s sys 0m0.109s With longer files, we get more holes, more overhead and even longer times.\nFile Size over Time While running insert into keks2 select * from keks, I was monitoring the size of the new table at the file system level. This looks funny, because we can see the file\u0026rsquo;s allocation growing over time, but there are downward spikes in allocation every few seconds.\nkris@server:~/sandboxes/msb_8_0_25$ while : \u0026gt; do \u0026gt; ls -lsh data/kris/keks2* \u0026gt; sleep 1 \u0026gt; done 197M -rw-r----- 1 kris kris 524M Sep 14 19:09 data/kris/keks2.ibd 200M -rw-r----- 1 kris kris 532M Sep 14 19:09 data/kris/keks2.ibd 203M -rw-r----- 1 kris kris 540M Sep 14 19:09 data/kris/keks2.ibd 205M -rw-r----- 1 kris kris 548M Sep 14 19:09 data/kris/keks2.ibd 208M -rw-r----- 1 kris kris 556M Sep 14 19:09 data/kris/keks2.ibd 212M -rw-r----- 1 kris kris 564M Sep 14 19:09 data/kris/keks2.ibd 207M -rw-r----- 1 kris kris 564M Sep 14 19:09 data/kris/keks2.ibd \u0026lt;--- 209M -rw-r----- 1 kris kris 572M Sep 14 19:09 data/kris/keks2.ibd 212M -rw-r----- 1 kris kris 580M Sep 14 19:09 data/kris/keks2.ibd 216M -rw-r----- 1 kris kris 588M Sep 14 19:09 data/kris/keks2.ibd 215M -rw-r----- 1 kris kris 588M Sep 14 19:09 data/kris/keks2.ibd \u0026lt;--- 218M -rw-r----- 1 kris kris 592M Sep 14 19:09 data/kris/keks2.ibd 212M -rw-r----- 1 kris kris 592M Sep 14 19:09 data/kris/keks2.ibd \u0026lt;--- 219M -rw-r----- 1 kris kris 604M Sep 14 19:09 data/kris/keks2.ibd 223M -rw-r----- 1 kris kris 612M Sep 14 19:09 data/kris/keks2.ibd 226M -rw-r----- 1 kris kris 620M Sep 14 19:09 data/kris/keks2.ibd 225M -rw-r----- 1 kris kris 624M Sep 14 19:09 data/kris/keks2.ibd \u0026lt;--- 228M -rw-r----- 1 kris kris 632M Sep 14 19:09 data/kris/keks2.ibd 227M -rw-r----- 1 kris kris 636M Sep 14 19:09 data/kris/keks2.ibd 225M -rw-r----- 1 kris kris 640M Sep 14 19:09 data/kris/keks2.ibd \u0026lt;--- 233M -rw-r----- 1 kris kris 652M Sep 14 19:09 data/kris/keks2.ibd 232M -rw-r----- 1 kris kris 656M Sep 14 19:09 data/kris/keks2.ibd The size of these downward spikes (several megabytes in some instances) is impressive.\nImplications for MySQL Page Compression was introduced to MySQL in 2015, and Mark Callaghan has been experimenting from early on. He has a series of blog articles on this:\nWanted Wanted: a file system on which InnoDB transparent page compression works and earlier\nFirst day with InnoDB transparent page compression Second day with InnoDB transparent page compression Third day with InnoDB transparent page compression and being Mark, he also has a series of bugs open on this. The links are in the articles.\nThe \u0026ldquo;Wanted\u0026rdquo; article from the list above contains a number of very recent, very relevant comments by Marko Mäkelä, and a link to LWN: Hole-punching races against page-cache filling , from July 29, 2021. This bug is still open in all production Linux kernels.\nThis seems to make using Page Compression a risky and expensive thing. Mark\u0026rsquo;s estimate in private communication was approximately \u0026ldquo;a thing such as RocksDB which never overwrites data has an inherent advantage over anything that does in-place updates when it comes to compression\u0026rdquo; (my summary of his words), and I think he\u0026rsquo;s correct.\nSeems I accidentally did a few things right when I never even tried to use compressed tables in InnoDB.\nThanks Thanks, Mark, for you very useful and insightful comments, and for nudging me to go deeper on this. And thanks for necro\u0026rsquo;ing Marks articles with your comments, Marko!\n","date":"2021-09-14T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/14/mysql-page-compression-revisited.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Page compression revisited"},{"categories":null,"content":"For the MySQL Million Challenge, I was going through the server syntax in order to understand what things can be created in the server. And now my OCD triggered. DDL is a mess.\nCreation As a database developer, I want to be able to create server objects using the CREATE thing syntax.\nThe server gives you that for the following things:\nDATABASE EVENT FUNCTION (and FUNCTION SONAME) INDEX LOGFILE GROUP (NDB only, not going to look at this) PROCEDURE RESOURCE GROUP ROLE SERVER SPATIAL REFERENCE SYSTEM TABLE TABLESPACE TRIGGER USER VIEW Safe creation As a database developer I want to be able to script things safely, so I need IF NOT EXISTS clauses in my CREATE syntax.\nStatements that create things often allow you to specify IF NOT EXISTS for conditional creation of the thing: Creation of the thing will fail if it already exists. Using the IF NOT EXISTS clause the creation is conditional, so if the thing already exists this is not an error.\nThis is important for scripting: If the thing already exists, the script will throw an error and depending on settings will stop. It is even more important in replication, because if you replicate the creation statement to a replica, the replication will stop with an error unless it is conditional.\nSome CREATE statements replicate, but do not offer conditional syntax. They cannot be used safely in replication, and they are cumbersome in scripting.\nTwo CREATE statements offer deviant safe creation: Instead of CREATE ... IF NOT EXISTS they offer CREATE OR REPLACE ....\nMultiple object syntax As a database developer I want to be able to chain multiple CREATE or DROP actions together in a single statement, so that the things are created (or dropped) together, atomically.\nAlternatively, DDL could be made transactional. This makes sense even if a rollback is not possible, if they are being executed in a kind of DDL transaction under a lock, so that they appear to happen atomically.\nMultiple CREATE syntax does not exist. For few objects, a multiple drop syntax does exist, but support is thin.\nSafe DROP As a database developer, I want to be able to DROP the things that I created.\nObviously.\nAs a database developer, I want to be able to make the DROP conditional using an IF EXISTS clause, to be able to script and replicate this operation safely.\nObviously.\nThe support for this is better than for creation, for some reason, and there is no deviant syntax. Still, some things cannot be dropped safely.\nEnumeration and Definition display As a developer, I want to be able to enumerate all the things of a category.\nLogically, an API is incomplete without enumeration. I need to be able to see what exists.\nIn MySQL, a lot of things can be listed with SHOW commands, and all things can be listed by looking into the appropriate system tables.\nApparently, a lot of things can not be listed using the SHOW plural syntax (SHOW TABLES, SHOW DATABASES). For a few things, a deviant syntax is supported (SHOW PROCEDURE STATUS) that also shows the definition of the thing.\nFor other things you have to access system tables. These system tables seem to be spread around, some are in I_S (Tablespace), others in mysql.* (servers).\nGenerally, MySQL seems to favor the syntax SHOW CREATE thing to show an SQL statement that would recreate the thing if I dropped it. But for some things, this is not implemented, despite the fact that the information for this is available in various system tables.\nAltering and renaming things As a database developer, I want to be able to change the definition of a thing after creation.\nMost things can be altered after creation. For some things, some attributes cannot be altered even if an ALTER statement exists. Notably, it is impossible to rename a database.\nOnly two things can be renamed, tables and users. For other things, renaming is possible using ALTER TABLE RENAME syntax, but a pure RENAME does not exist despite the fact that renaming is supported.\nFor roles and users, ALTER thing IF EXISTS conditional syntax is supported, but for all other things it is not.\nReplication All thing creations are replicated, except resource groups and servers. That even makes sense, which is unusual, given all the other illogical anomalies.\nA table, because this is about databases Command replicates enumerate SHOW CREATE IF T EXISTS OR REPLACE DROP IF EXISTS MULTI SHOW CREATE ALTER IF EXISTS RENAME DATABASE YES YES YES YES YES YES YES YES EVENT YES YES YES YES YES YES YES YES *4 FUNCTION YES *1 YES YES YES YES YES YES INDEX YES *2 YES YES *2 *4 PROCEDURE YES *3 YES YES YES YES YES YES *4 RES GROUP * * YES YES ROLE YES YES YES YES YES YES YES YES SERVER * * YES YES YES YES SRS YES YES YES YES YES YES TABLE YES YES YES YES YES YES YES YES YES YES TABLESPACE YES YES YES YES *4 TRIGGER YES YES YES YES YES YES USER YES YES YES YES YES YES YES YES YES VIEW YES YES YES YES YES YES YES YES YES YES *1: SHOW FUNCTION STATUS deviant syntax enumerates the function names and definitions. *2: Indexes are not first class citizens, they are part of table definitions. *3: SHOW PROCEDURE STATUS deviant syntax enumerates the procedure names and definitions. *4: ALTER thing RENAME syntax exists, but no RENAME command. ","date":"2021-09-10T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/10/create-if-not-exists.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: CREATE IF NOT EXISTS TABLE, but CREATE OR REPLACE VIEW"},{"categories":null,"content":"A long-standing idea that I have is to test the servers limits: How does it fail and break if there are very many of a thing? Previously that was too easy, because many structures were constructed in a way that it was obvious they would not scale. But with MySQL 8 many things were overhauled, so let\u0026rsquo;s see what we can make many of and see how the server fares.\nThe Million Challenge Database servers are programs that are built to handle a lot of data. A million rows in a table are not a problem, and searching one in a million rows neither, because the server has structures that make this fast.\nBut is the database server using these structures internally in an efficient way and can it handle a lot of tables, schemas, views, users, grants, roles and so on?\nWhat can we try?\nMake a million tables and see how performance degrades or not. Will this work better if we use general tablespaces instead of file-per-table? Make a million views, all pointing to the same table. Nest views, one million deep. Make a million stored procedures. Make a million stored procedures, calling each other in a chain. Make a many triggers? Is that even possible? Make a million users. Make a million grants. This one is dear to my heart - we have this at work in one environment, and it broke the server in an exciting and hard to fix way. GRANT statements in the processlist and SHOW PROCESSLIST running concurrently raced badly. Make a million concurrent connections. Well, no, but I have seen 60.000 already, and it was not pretty. This failed in interesting ways, because monitoring was joining against P_S.THREADS and fell over badly. Make a million users, using roles. Make a million roles. Any other ideas that fit the general theme?\n","date":"2021-09-10T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/10/mysql-million-challenge.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: The Million Challenge"},{"categories":null,"content":"We observe a large number of messages of the kind\nThe table \u0026#39;../tmp/#sql…\u0026#39; is full Before MySQL 8 In older Versions of MySQL, implied temporary tables are being created whenever your EXPLAIN contained the phrase using temporary.\nIn this case, MySQL would create an in-memory temporary table to materialize an intermediate query result, and then continue to process the data from there. If that temporary table was larger than some configurable limit, the temporary table would instead be converted to a MyISAM table on disk, streamed out, and then work would continue with this.\nThis has a large number of disadvantages:\nA table in the MEMORY storage engine can have no variable length columns. That means, any VARCHAR column gets converted to a CHAR column in the MEMORY version of that table. Example: Your 5 byte (plus overhead) long \u0026lsquo;hello\u0026rsquo; in a VARCHAR(255) CHARSET utf8 would turn into a 765 byte CHAR(255) CHARSET utf8 monstrosity, right-padded with spaces. Memory used by MEMORY engine tables would be dynamically allocated on top of the other buffers the database uses, making the process size quite variable, depending on how many concurrent threads need to use temporary tables right now. This can lead to memory exhaustion and a visit from the OOM killer, or worse, to a paged out database server. When being streamed out to disk, the original variable length data types would be used, so you would not even see what caused the temporary table on disk in many cases, unless you looked very hard at the schema. Memory for efficient MyISAM table processing is usually not configured on an InnoDB MySQL instance. Because of that, we encouraged our users at work to be wary of plans with using temporary, to avoid use of utf8 columns except for human generated data, and to employ certain techniques for writing queries that handle strings in a nicer way.\nMySQL 8 fixes this Starting with MySQL 8, implicit temporary tables are using the InnoDB storage engine exclusively. That means, temporary tables have largely the same properties as any ordinary table.\nIt is safe to use VARCHAR(...) CHARSET utf8mb4, and at work we now recommend that you use this to represent strings. Variable length data types are handled just fine. It is fine to use single byte character sets for internal strings (names of status fields and other internal strings), but even that is no longer necessary. There is no preconfigured limit to where the table is being streamed to disk. This is being done by creating (internally and invisibly to you) a special tablespace for tmp tables. Tables created in this tablespace are InnoDB tables, but they are not redo-logged, because there is no need for them to be crash-safe. After all, tmp tables are supposed to be gone after a server restart.\nThis saves a ton of I/O and makes these tables very fast, while they are still compatible with the rest of the InnoDB engine.\ntmp tables are now also using the InnoDB buffer pool, the fixed giant data structure that all other data in the server is using, so the memory consumption of the server process fluctuates a lot less.\nAll pages in the buffer pool need to be backed by files, so that they can be written out if space in the buffer pool becomes tight. For MySQL, this is the innodb_temp_data_file_path config variable.\nAt work, we configure this on our systems with a hard upper limit:\ninnodb_temp_data_file_path=ibtmp1:12M:autoextend:max:100G This means you get a file, ibtmp1, in the data directory of MySQL with an initial size of 12 MB. This file is auto-extended in increments up to a maximum size of 100 GB - in the default configuration it is not limited.\nIf you need more, you are very likely holding the database wrong.\n\u0026ldquo;I am getting this error message\u0026rdquo; Isolate the offending query, EXPLAIN FORMAT=JSON the plan and check if you can get rid of the using temporary. If it is using up a 100 GB temporary file space, something is very wrong.\nYou should not increase the 100 GB limit: The ibtmp1 file will eat all your disk space, and you won\u0026rsquo;t get it back, as tablespace files never shrink.\n","date":"2021-09-09T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/09/tmp-file-full.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: The table '../tmp/#sql…' is full"},{"categories":null,"content":"I never had much reason to use table compression, so I largely ignored the topic in MySQL. I knew that MySQL had table compression since 5.1, but I also knew the implementation was horribly complicated and double stored all data. There is also page compression, a feature introduced with 5.7, which replaces table compression and works much better.\nTable Compression Table Compression is available in MySQL 5.1 and newer. It is used by setting an InnoDB table up with ROW_FORMAT=COMPRESSED KEY_BLOCK_SIZE=8 or similar, for even smaller key block sizes. A lot of status tables in INFORMATION_SCHEMA.%CMP% are available to monitor it.\nTable compression creates smaller pages (in the size you specify with KEY_BLOCK_SIZE), and loads and stores compressed pages of this smaller size from and to the buffer pool. On load, a second uncompressed page in the buffer pool is allocated, and the data is uncompressed and put into this secondary page to work with.\nOn write, the modified uncompressed page is recompressed and put back into the compressed buffer pool page. As this happens on write and not on checkpoint, this is not ideal for tables that are written to a lot. Compression and decompression happen in the Query thread, that is, the thread of your connection, and therefore single-threaded.\nIf buffer pool space it tight, uncompressed pages can be evicted, and recreated as needed by decompressing them again.\nIn order to be able to crash recover MySQL all possible shutdown scenarios, compressed pages are also written to the redo-log on checkpointing. This also leads to larger redo-logs, which may need to be upsized to allow for the additional traffic.\nPage Compression Page compression was added to MySQL already in version 5.7. It is a different way of handling compression of data in MySQL: A transformer stage is inserted into the IO handlers of MySQL, which on flush compressed a page as it is written out, and on read decompressed the data into the buffer pool page. This is much simpler approach that also interacts with a lot fewer parts of the server.\nBut since pages still are 16 KB on disk as they are in memory, an additional file system feature is required for this to actually save space: Hole punching support in the file system. The compressed page will be shorter than 16 KB, so all file system blocks that are unused at the end of the 16 KB will be marked as \u0026ldquo;unused\u0026rdquo; to the operating system. This works well with all modern Linux kernels, and the ext4 and xfs file systems (and presumably a lot of others as well). It does not play well with standard NTFS file systems due to the way NTFS handles things internally.\nBecause page compression is so simple, it is also very simple to configure: To enable a table for page compression, set the InnoDB table up with COMPRESSION=\u0026quot;zlib\u0026quot;. All newly written pages to this table will be compressed. Old data stays uncompressed.\nIn order to compress all pages in a table that has just been switched to page compression, run OPTIMIZE TABLE on it. This will recreate the table, using the new options.\nThe write-path for page level compression inserts itself into the InnoDB page cleaners . By default, the number is 4, and there can be up to 64. If your database writes a lot to compressed tables, it may be useful to increase this number. Since compression uses CPU, it is not useful to set the number larger than the number of available cores.\nReads are done by query threads, except when they are not (They aren\u0026rsquo;t when there is read-ahead happening, in which case it is done by the background IO threads ).\nThere is not much monitoring in place, and it is hardly needed, because page compression is so much simpler.\nChecking compression To check the degree of compression, look at the files at the file system level:\nkris@server:~/sandboxes/msb_8_0_25/data/kris$ ls -lsih keks* 222085022 72M -rw-r----- 1 kris kris 252M Sep 9 15:17 keks2.ibd 222085011 253M -rw-r----- 1 kris kris 252M Sep 9 15:16 keks.ibd We see the apparent file size is the same for the uncompressed and compressed file. The number of allocated blocks (second column) varies a lot, though.\nThe original table keks has been created as\nmysql [localhost:8025] {msandbox} (kris) \u0026gt; show create table keks\\G Table: keks Create Table: CREATE TABLE `keks` ( `id` bigint unsigned NOT NULL AUTO_INCREMENT, `t` text, UNIQUE KEY `id` (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=458731 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) A quarter million JSON records have been inserted. The compressed table keks2 has then been made as\nmysql [localhost:8025] {msandbox} (kris) \u0026gt; create table keks2 like keks; Query OK, 0 rows affected (0.08 sec) mysql [localhost:8025] {msandbox} (kris) \u0026gt; alter table keks2 compression=\u0026#34;zlib\u0026#34;; Query OK, 0 rows affected (0.03 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql [localhost:8025] {msandbox} (kris) \u0026gt; insert into keks2 select * from keks; Query OK, 262144 rows affected (27.53 sec) Records: 262144 Duplicates: 0 Warnings: 0 We can also check INFORMATION_SCHEMA.INNODB_TABLESPACES for the compression.\nmysql [localhost:8025] {msandbox} (kris) \u0026gt; select name, fs_block_size, -\u0026gt; file_size, allocated_size, -\u0026gt; allocated_size/file_size* 100 as percent -\u0026gt; from information_schema.innodb_tablespaces -\u0026gt; where name like \u0026#34;kris/keks%\u0026#34;; +------------+---------------+-----------+----------------+----------+ | name | fs_block_size | file_size | allocated_size | percent | +------------+---------------+-----------+----------------+----------+ | kris/keks | 4096 | 264241152 | 264245248 | 100.0016 | | kris/keks2 | 4096 | 264241152 | 74809344 | 28.3110 | +------------+---------------+-----------+----------------+----------+ 2 rows in set (0.00 sec) Being careful with file copies The granularity of the file system block size is 4 KB in our file system. The hole punching works at the block level, so we can free 12 KB, 8 KB or 4 KB of a 16 KB page. Even if the data in the page compressed to, say, 9 KB, it will still use 3 file system blocks of 4 KB out of the group of 4 that make up the file system storage for a page. So MySQL will only be able to give back 4 KB of space to the operating system.\nHoles in files can fill when you copy the file naively: Copying keks2.ibd around without a hole-aware tool will fill the holes. That means: the copy of the 72 MB source file will be a 252 MB destination file. A secure way to copy the file would be rsync with the appropriate options.\nHoles in files are also causing disk seeks. This is not an issue for any SSD or NVME flash, but can hurt performance on hard disks. On the other hand, this is 2021, and whoever is still running a database on HDD probably deserves no better.\nTL;DR Given all the above, for my usage scenarios there is probably no use for table compression anywhere for any reason. I should be using page compression everywhere where I need it.\n","date":"2021-09-09T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/09/mysql-two-kinds-of-compression.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Two kinds of compression"},{"categories":null,"content":"Lilith Wittmann asked on Twitter:\nWhy do we have so much dangerous software in Germany?\nBecause we don\u0026rsquo;t have the competency anywhere (administration, enterprise or science) to understand the complexity of software.\nMy take was :\nComputer science is easy. It is the science of Zeroes and Ones, and it does not get any more complicated anywhere.\nComputer science piles abstractions on top of each other, though, 30 layers deep and with non-linear interactions. That creates a different kind of complexity that is also harder to handle.\nAs you grow older, you learn:\nComputer science is the science of boxes and arrows between them. Zeroes and Ones hardly matter.\nThe boxes are still trivial, but problems come from the dependencies. If the dependencies symbolize \u0026ldquo;communication between systems\u0026rdquo; things get truly awful.\nCommunication and consensus are lossy and hard to do, and until recently, were untestable.\nAs you grow even older, you learn:\nComputer science is the science of crystallized processes. Code is law.\nProcesses are contracts between people that regulate who talks when to whom about what and why. Programs for human distributed systems, \u0026ldquo;companies\u0026rdquo;.\nComputer science takes processes and create a machine-readable form of them. Interactions between people are mediated through code and automated. That can be good, but requires that you understand the process and why it is what it is.\nPizza, People, Projects and Processes has some fundamental things about processes.\n\u0026ldquo;The german government fails at digitization\u0026rdquo; means from this point of view that the system has lost the ability to understand its own processes and to change them in a controlled way.\nIt is ossified and critical organisational knowledge is not available.\n","date":"2021-09-07T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/07/computer-science.html","tags":["lang_en","computer"],"title":"Computer science"},{"categories":null,"content":"This 2018 book in some aspects is already outdated: Silicon Valley Techbro Kai-Fu Lee describes what AI is and what he thinks it will do to our future, the nature of work and the job market. But since then, the worlds view on what AI can and cannot do, what the problems to solve really are and a lot of other things have changed.\nAI Superpowers:China, Silicon Valley, and the New World Order , Kai-Fu Lee\nKai-Fu Lee is a Taiwanese born, American computer scientist, and worked at Apple, SGI, Microsoft and Google before becoming a venture capitalist in China.\nHe coined the adage \u0026ldquo;If data is the new oil, then China is the new Saudi Arabia\u0026rdquo; and in the books proposes that China has several advantages over the US in an arms race over artificial intelligence: Generally training deep learning models seems to be better suited to the Chinese approach of brute forcing a solution than to deep engineering; China has few data protection regulations getting in the way of data collection; Chinese startup culture is even more aggressive than the US one; and the chinese government funds and steers the startup industry in China into the AI of AI.\nLee believes that a number of jobs will be modified or eliminated by a potential AI revolution, including a number of white collar (office) jobs. The examples he gives are jobs that consist mostly of - in his opinion - simple pattern recognition, such as rough translator, bank loan officer or customer care worker. Similarly, the blue collar (worker) jobs at risk are truck driver, cashier or clothing factory worker. In a way, three years later, his estimates look overly optimistic: Self-driving cars are further away than they looked three years ago, and automated customer care with natural language recognition quickly transformed into the voice-mail hell as ten or twenty years ago.\nWhat is true is that AI can support human workers a lot in taking the boring parts of these jobs away, helping to provide rough estimates and marking clear cases as such. Still, AI in 2021 seems to be successful where it augments human workers instead of completely replacing them. In general, Lee\u0026rsquo;s view of the world is very mechanistic, and way too optimistic in what AI can actually completely solve without having a complete model of the world it acts in.\nImportant input and still a good overview, but overtaken quickly by the real world.\n","date":"2021-09-05T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/05/fertig-gelesen-ai-superpowers.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: AI Superpowers"},{"categories":null,"content":"\u0026ldquo;Old Man\u0026rsquo;s War \u0026rdquo; is the first \u0026ldquo;large\u0026rdquo; works by John Scalzi,\nOld Man\u0026rsquo;s War , John Scalzi\nThe plot premise is weird, but simple: Humanity has taken to the stars, but with private enterprise. Basically all advanced space technology is controlled by the Colonial Union. Life on earth on the other hand goes on almost as before.\nJohn Perry enlists to serve in the Colonial Defense Force at the age of 75, to protect humanity, but mostly to have the CU fight the effects of him aging with some unspecified Scifi tech. He leaves earth and during his induction to the CDF learns that he will be indeed rejuvenated, by transferring his consciousness into a new, young, genetically engineered body tailored for planetary combat.\nPerry\u0026rsquo;s first tour of duty sees battles on a number of CU planets and fights against various interstellar races. He soon learns that the CU is not actually involved much in galactic politics and has only limited knowledge about the background and motivation of the various space-faring intelligences.\nA fight against the man-eating Rraey leaves him wounded and left for dead on the contested planet Coral. He is found by a member of the Ghost Brigades, Jane Sagan, that he thinks looks like a younger version of his deceased wife Kathy, and befriends her. He learns that Ghost Brigades are synthetic humans created from the DNA scans of CDF volunteers that died before they could join the CDF, but without the memory and experience of their human predecessors.\nWhile technically Mil SciFi, and therefore a genre I despise, Scalzi manages to keep the focus the story on the characters and their interactions instead of troop movements and space battles. He is playing with the themes of generic engineering, encounters with alien races and the discovery of their motivation, and with building a connection to an image of a loved one, but without the memory and the shared experiences. An engaging book with characters I can relate to, and a story well told.\nOld Man\u0026rsquo;s War is continued in The Ghost Brigades and in The Last Colony , finishing the John Perry\u0026rsquo;s viewpoint books.\nThe story of \u0026ldquo;The Last Colony\u0026rdquo; is being retold in Zoe\u0026rsquo;s Tale from another character\u0026rsquo;s viewpoint.\nThe Human Division then continues the original storyline, from another characters point of view, dealing with the aftermath of the revelation of the CU\u0026rsquo;s scheming with earth politics. Humanity finally joins the emerging galactic society and must find a place in one of the various alliances that the different intelligent species begin to form. The resulting diplomatic complications are further told in The End of All Things in a series of Novellas from different character viewpoints.\nAll in all a series very worthwhile reading, exactly sufficient for one vacation.\n","date":"2021-09-05T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/05/fertig-gelesen-old-mans-war.html","tags":["lang_en","review","media","book","scifi"],"title":"Fertig gelesen: Old Man's War"},{"categories":null,"content":"Ram V is a writer, sometimes for comics. Together with artist Sumit Kumar he wrote a simple story: English Vampires vs. Indian Rakshasa.\nThese Savage Shores , Ram V \u0026amp; Sumit Kumar\nThe 1760\u0026rsquo;ies. An english vampire puts his peers at risk by not having his desires under control, and is exiled to Calicut, India. He soon finds out that even older and fiercer beings rule the night: Rakshasa, the Vampire equivalent of Indian Myth.\nBishan, a Raskshasa, kills the vampire, drawing the english vampires out for revenge. Before the background of a colonization war in India, Bishan and the vampire master Jurre Granno clash, first in India, then in England.\nFantastic illustrations, and a complex story well told, with rich metaphors, showing a clash of cultures and the infighting in pre-colonization India.\nAs a comic, the kindle edition does not read well on a Kindle, but works fine on Kindle for iPad or similar devices.\n","date":"2021-09-05T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/05/fertig-gelesen-these-savage-shores.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: These Savage Shores"},{"categories":null,"content":"Max Gladstone and Amal El-Mohtar co-authored This Is How You Lose The Time-War , not exactly a Science Fiction novel.\nThis Is How You Lose The Time War , Amal El-Mohtar and Max Gladstone\nRed and Blue are representatives, spies and saboteurs of two nearly all-powerful, warring factions. They travel through time to manipulate events at critical points in history in favor of their respective factions. They are leaving each other messages, they taunt each other, and gradually earn mutual respect. Eventually they grow close to each other, and love develops.\nRed\u0026rsquo;s commanding officer learns of the interaction and forces Red to leave a message to Blue that kills her. Red later fixes that \u0026ldquo;problem\u0026rdquo; by traveling into Blue\u0026rsquo;s childhood to give her immunity to the toxic message, and both escape the war by making off to elsewhere in time and space.\nThis is an epistolary novel, written in the form of the letters Red and Blue exchange. We only learn very gradually about the characters, their capabilities and their background, and it becomes clear that what we read is not actually the account of two humans, but rather godlike entities or avatars of forces of nature. Red and Blue over time grow close, and solve an initially unbridgeable conflict between the cultures or forces they represent at a very personal level.\nThis is a hard read, and if you were looking for an actual Science Fiction story, this isn\u0026rsquo;t one. Telling a story in the form of letters and having characters that are only remotely human at best is not a good vehicle to create tension, of paint a clear picture of what goes on. At multiple points the book reads more like some form of poetry as opposed a novel or regular prose. The storytelling ultimately manages to pull off a somewhat satisfactory ending, though, even if it is visible from almost the very start of the book.\nBeing so different and not fucking things up of course won the book a number of awards in 2019 and 2020, so there is that.\n","date":"2021-09-05T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/05/fertig-gelesen-this-is-how-you-lose-the-time-war.html","tags":["lang_en","review","media","book","scifi"],"title":"Fertig gelesen: This Is How You Lose The Time War"},{"categories":null,"content":"Dave Addey ran a Tumblr once, titled \u0026ldquo;Typeset in the Future\u0026rdquo;, in which he dissected the typography of Science Fiction films. This has been turned into the eponymous book.\nTypeset in the Future , Dave Addey\nIn 2013, Addey nerded out over the fonts in a Science Fiction movie and discovered it was an Eurostile variant (\u0026ldquo;Eurostile Extended Bold\u0026rdquo;). He started a Tumblr about this, and in great detail went through a number of movies, and about every sign, letter and font used in there. The Tumblr became quite successful, and he turned the most important posts into a book, adding a lot of images with examples and a number of interviews and essays to it.\nTable of Contents\nThe ebook is a joy to read on anything but a Kindle - I did on a 10\u0026quot; iPad, and it worked quite well. The dead tree edition would make an excellent conversation piece.\n","date":"2021-09-05T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/05/fertig-gelesen-typeset-in-the-future.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: Typeset in the Future"},{"categories":null,"content":"The memoir of Brian Kernighan, and the story of how UNIX came to be and what working at Bell Labs was like at that time: UNIX: A History and a Memoir is required reading for anyone who wants to know where Unix concepts came from and what ideas were behind its inception.\n\u0026quot;UNIX: A History and a Memoir \u0026quot;, Brian Kernighan\nKernighan takes us through the history and the setting of Bell Labs, why it existed and what it did. He explains the hardware of the time, in terms of size, power and capabilities, and why Bell did get involved into writing an Operating System, and the failure of Multics. Unix inception and its co-evolution with the C language was a kind of response to the Multics project, at the same time pioneering novel ideas and taking tested salvageable concepts from Multics, making something new and much more useful.\nWhile he roughly follows the timeline of Unix releases, Kernighan takes short detours, including mini-biographies of his colleagues and the influence they had on the design of the system and the ideas embodied in it. He finishes with the commercialization of Unix, Unix descendants - BSD, Minix, Linux and Plan 9, and with the closure of Bell Labs.\nIf you work with Linux, the C language or any Unix tools, you should read this book to understand where these things came from and what formed this environment.\n","date":"2021-09-05T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/05/fertig-gelesen-unix-a-history-and-a-memoir.html","tags":["lang_en","review","media","book","c","unix"],"title":"Fertig gelesen: UNIX: A History and a Memoir"},{"categories":null,"content":"I had reason to look into the UNIX Eschaton, the time when the signed 32 bit counter of seconds since Midnight, 1970-01-01 UTC overflows. Going to Wikipedia , I learned we will die two years earlier, because in 2036-02-07, 06:28:16 UTC NTP will kill us all:\nAt 06:28:16 UTC on Thursday, 7 February 2036, Network Time Protocol will loop over to the next epoch, as the 32-bit time stamp value used in NTP (unsigned, but based on 1 January 1900) will overflow. This date is close to the following date because the 136-year range of a 32-bit integer number of seconds is close to twice the 70-year offset between the two epochs.\nGood to know.\nStill, I wanted to know the state of things. Linuxreviews tells me that the kernel already uses a 64 bit time_t internally, so we are good for the next few billion years. Unfortunately, a lot of other structures don\u0026rsquo;t, and some of them are persisted on disk.\nFilesystems Extending a persistent data structure is hard, and often cannot be done in-place. In many filesystems, the inode is a tight fit and extending timestamp will double the size of an inode, going up from one power of two to the next higher power of two.\nThe ext4 filesystem inode structure stores 64 bit timestamps these days, but the conversion cannot be done in-place. Since Linux 5.4 you get a warning:\next4 filesystem being mounted at (mountpoint) supports timestamps until 2038\nYou will need to dump these file systems, recreate them with 64 bit support and then restore the data.\nXFS has the bigtime option since 5.10. It counts signed 64 bit, but at nanosecond resolution, so it is good until the year 2468.\nNFS V4 has 64 bit timestamps with a second resolution, since 20 years. Anybody using NFS V2 or V3 already gets exactly what they deserve, so not a problem.\nJava counts 64 bit signed values, but uses milliseconds. Good for another 300 million years. Other systems do 64 bit signed, but count microseconds. Still sufficient.\nI am expecting the first \u0026ldquo;Enterprise 2038 Compliance\u0026rdquo; projects to start very soon. It will be great fun to find every single timestamp in a large enterprise and check it for 64 bit time_t. The fact that afterwards there will be different cutoff dates due to different timer resolutions will be even more fun.\nNegative Leap Seconds What also can kill us: Theoretically there are negative leap seconds , but no code in the world is prepared for them actually happening.\nGPS GPS will have interesting events in October this year, that is, in 2 months time.\nGPSD time will jump back 1024 weeks at after week=2180 (23-October-2021) .\nWhy?, and worse I was triggered by draft-peabody-dispatch-new-uuid-format-01 speaking about \u0026ldquo;36-bit big-endian unsigned Unix Timestamp values\u0026rdquo; in various places. The text also contains phrases such as\nFor example a 36-bit timestamp source would fully utilize timestamp_32 and 4-bits of timestamp_48. The remaining 12-bits in timestamp_48 MUST be set to 0.\nThe string 2038 appears nowhere in this document.\nIt\u0026rsquo;s a draft, it contains obvious typos in several place, but generally speaking UUID v7 and UUID v8 look underspecified, with different implementation variants, and have the look of untested ideas. I agree on the general idea of sort-ordering UUID values PK friendly, but having a proper UUIDv1 looks like the safer option to me.\n","date":"2021-08-18T00:00:00Z","href":"https://blog.koehntopp.info/2021/08/18/epochalypse.html","tags":["lang_en","computer"],"title":"Epochalypse"},{"categories":null,"content":"It began with a tweet by Sebastian Bergmann , which made me buy \u0026ldquo;88 names \u0026rdquo; by Matt Ruff. The book is a tour of massive multiplayer online role playing games for people who do not play, and also a discussion of identity on the Internet.\nJohn Chu has a small sherpa company, an outfit that helps causal players who have the coin to experience hard content in MMORPGs in an easy and successful way without investing too much time into the game. Chu is coming out of a relationship with a borderline gamer, Darla, and is being asked by an obviously powerful and demanding anonymous client to be shown several well known MMOs to better understand their genres.\nChu is trying to uncover the identity of his client, and comes to believe that he is the North Korean dictator Kim Jong Un. In the course of his research he learns the real identities of his employees, none of which are what he thought they were, and the real identity of Darla, who is way further past the borderline that he originally assumed.\nThis was a fun read for me, because it relatively accurately portrays MMOs and online games. At the same time Ruff\u0026rsquo;s writing very causally avoids Gamer Dudebro stereotypes and shows that people playing video games are way more diverse than their cliche. If you ever have had your Internet spaceship refueled by a 60+ year old english granny and ex-schoolteacher you will understand exactly what I mean.\n\u0026ldquo;88 Names \u0026rdquo;, Matt Ruff\n","date":"2021-08-03T00:00:00Z","href":"https://blog.koehntopp.info/2021/08/03/fertig-gelesen-88-names.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: 88 Names"},{"categories":null,"content":"Paul Fischer writes \u0026ldquo;A Kim Jong-Il Production \u0026rdquo;, a documentary the 1978 abduction of the famous South Korean actress Madam Choi, and her ex-husband, the filmmaker Shin Sang-Ok.\nBefore becoming the leader of North Korea, Kim Jong-Il headed the Ministry for Propaganda. Dissatisfied with the talent available, he had the famous actress Choi Eun-Hee kidnammed. When her ex-husband started to investigate, he had him kidnapped in Hong Kong and transported to North Korea by ship.\nTogether, they made seven films for Kim Jong-Il, gaining his trust. During a research trip in Vienna they fled to the US embassy.\nThe book uses this true story to shed a light on life in North Korea, and to explain how it became the hermetically sealed country it is today.\nThe seventh film of Choi and Shin, Pulgasari , can be found on Youtube with english subtitles. It is a Godzilla-like monster tale, in which a rice toy of a blacksmiths daugther comes to life and turns into a giant metal-eating monster fighting for the rights of poor farmers in feudal Korea. When the monster eventually turns aganst the farmers, the blacksmiths daugther sacrifices herself killing the monster.\nGoes well with 88 Names ","date":"2021-08-03T00:00:00Z","href":"https://blog.koehntopp.info/2021/08/03/fertig-gelesen-a-kim-jong-il-production.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: A Kim Jong-Il Production"},{"categories":null,"content":"Tommmy Krappweis ist nicht nur der Schöpfer von \u0026ldquo;Bernd, das Brot\u0026rdquo;, sondern auch ein Musiker, Stuntman, Filmemacher und Autor diverser Bücher. In der Trilogie um \u0026ldquo;Mara und der Feuerbringer\u0026rdquo; nimmt er uns mit in die Geschichten um die 14-jährige Münchnerin Mara Lorbeer in der Welt der nordischen Sagen.\n\u0026quot;Mara und der Feuerbringer , Band 1\u0026quot;, Tommy Krappweis\nMara Lorbeer ist 14, Scheidungskind und lebt bei ihrer esoterisch angehauchten Mutter in München. Während der Rückreise von einem Baum-Umwarmungs-Seminar, auf das sie ihre Mutter mitgeschleppt hat, wird sie von einem sprechenden Zweig angesprochen, der ihr mitteilt, daß sie eine germanische Seherin ist, die den Weltuntergang, Ragnarök, verhindern muß. Im Fortgang der Geschichte freundet sich Mara mit verschiedenen Personen an: dem Professor für germanische Mythologie Reinhold Weissinger, seiner Ex-Frau Stefanie Warnatzsch-Abra, SIegfried dem Drachentöter, dem nordischen Gott. Zusammen treten sie gegen Loge, den Feuerbringer, den mysteriösen Dr. Thurisaz, und den Drachen Nidhöggr. Über drei Bände entfaltet sich um Mara der Kampf der Guten gegen die Bösen im Reich der nordischen Mythologie, während sich im Weltlichen die Beziehung von Mara zu ihrer Mutter klärt und Mara zugleich lernt, sich selbst besser zu definieren.\n\u0026ldquo;Mara und der Feuerbringer\u0026rdquo; ist nicht nur eine Tour durch die nordische Mythologie und wie sie sich in unserer heutigen Welt wiederspiegelt, sondern auch eine Comig-of-Age Geschichte, bunt und leicht anarchisch erzählt, wie man es von Tommy Krappweis erwarten kann. Nicht nur für Jugendliche eine wunderbare Erzählung.\n\u0026ldquo;Mara und der Feuerbringer \u0026rdquo;, Tommy Krappweis, EUR 9.99 pro Band.\n","date":"2021-08-03T00:00:00Z","href":"https://blog.koehntopp.info/2021/08/03/fertig-gelesen-mara-und-der-feuerbringer.html","tags":["lang_de","review","media","book"],"title":"Fertig gelesen: Mara und der Feuerbringer"},{"categories":null,"content":"Charles Stross \u0026ldquo;The Merchant Princes \u0026rdquo; series of six books is another \u0026ldquo;Sliders \u0026rdquo; type of story, with the usual Stross-like twist. The story follows Miriam Beckstein, a woman who thinks she is a tech journalist. Miriam falls off a chair while looking at a strange pattern, and finds herself in a medival parallel earth.\n\u0026quot;The Merchant Princes Omnibus \u0026quot;, Charles Stross\nIn the course of the story, Miriam learns that she is actually from this parallel earth, and really is the Countess Helge Thorold-Hjorth in the kingdom of Gruinmarkt, which sits in the place of her world lines Boston. Her relatives and the other members of the six clans have the unique ability of walking between worlds, which they apparently abuse to work as uncatchable drug and money couriers in our world. World walking involves looking at a specific pattern, which seems to activate a heritable genetic trait in their brains that make them shift.\nIn the course of the story we learn a lot about this ability: The pattern seems to control the linked universes, the ability to walk between worlds seems to be bioengineered into the clans, but the how, who and when are unknown. There seem to be more parallel worlds, which open up as the story unfolds, and also the mythical \u0026ldquo;lost clan\u0026rdquo; is found.\nThings are becoming really complicated as the world of the lost clan, \u0026ldquo;New Britain\u0026rdquo;\u0026quot;, is discovered. Miriam flees to this world, which is technologically somewhere in the 1920, and fuels a communist, anti-monarchist revolution by importing gold and ideas into this world. Meanwhile, the clans activities on our world are becoming known to the US government, which desperately wants to get hold of worldwalkers to understand and duplicate their abilities.\nA fourth world is being discovered, in which a technologically advanced humanity died out for unknown reasons, and which currently is in the grips of an ice-age. And in a bit of foreshadowing, a fifth world is being discovered, in which earth is gone, and something else is found instead that resembles a black hole surrounded by unidentified energetic flares. While the clan struggles with an infight between the conservative and progressive factions, the US government finds a way to world-walk into Gruinmarkt and systematically nukes this world to secure access to the untapped oil reserves in this parallel universe.\nThe story is continued in another trilogy, \u0026ldquo;Empire Games\u0026rdquo;, which is set 17 years later. The conflicts started in the original series are being played out further, and the mysterious black hole from the fifth world is being activated by accident. The final part of this trilogy will be published this year, End of September.\n\u0026ldquo;The Merchant Princes\u0026rdquo; and \u0026ldquo;Empire Games\u0026rdquo; writing and storytelling is everything you would expect from Stross, so time and money well spent.\n","date":"2021-07-28T00:00:00Z","href":"https://blog.koehntopp.info/2021/07/28/fertig-gelesen-the-merchant-princes-omnibus.html","tags":["lang_en","review","media","book","scifi"],"title":"Fertig gelesen: The Merchant Princes Omnibus"},{"categories":null,"content":"\u0026ldquo;Outland \u0026rdquo; is the first book by Dennis E. Taylor, preceding the Bobiverse and also \u0026ldquo;The Singularity Trap\u0026rdquo;. It is a \u0026ldquo;Sliders \u0026rdquo; storyline, much like Pratchett\u0026rsquo;s and Baxter\u0026rsquo;s \u0026ldquo;Long Earth\u0026rdquo; , in which our heroes discover a parallel dimension with a seemingly uninhabited earth, and then need to colonize it.\nOutland , Dennis E. Taylor\nDennis E. Taylor is a computer programmer writing Scifi, and had problems finding a publisher for his debut novel, \u0026ldquo;Outland\u0026rdquo;, in 2015, so he self-published. The story was intended as the introduction to a series of books, \u0026ldquo;World Lines\u0026rdquo;. The original novel was withdrawn in 2018, extensively reworked, and re-publshed in 2019 as a standalone book, which is the version linked in this article.\nThe story follows an ensemble cast of students that through a failed physics experiment manage to open a dimensional portal into a parallel earth, which differs from this earth mostly in that it is seemingly uninhabited. While the students come up with schemes to get rich quick by mining gold in the parallel earth and somehow selling it locally, a global catastrophe strikes: The Yellowstone Supervolcano activates, covering most of the United States in ashfall and changing climate globally.\nOur students now use the portal to evacuate a number of people to start a colony in the wilderness of their parallel earth. But bootstrapping human civilization from basically nothing with contemporary humans seems to be harder and more dangerous than anybody thought.\nThe original book showcased early Dennis E. Taylor, but unpolished. The nerd humor and the the writing style were already somewhat there, but the characters were flat and a lot of things were still raw. The rewrite fixes this, and also makes the book more standalone, while still letting the door open to optional sequels.\n\u0026ldquo;Outland \u0026rdquo; by Dennis E. Taylor, EUR 4.39, also on Kinde unlimited.\n","date":"2021-07-23T00:00:00Z","href":"https://blog.koehntopp.info/2021/07/23/fertig-gelesen-outland.html","tags":["lang_en","review","media","book","scifi"],"title":"Fertig gelesen: Outland"},{"categories":null,"content":"Somebody needed a job queue in Python: Multiple writers insert into it in random order, and the jobs are written into the MySQL table jobs. From the jobs table, multiple consumers claim jobs in batches of n or smaller (n=100), and process them. After processing, the consumers delete the jobs. We need concurrent job generation and consumption, with proper and efficient locking.\nThe full source for this example can be seen in mysql-dev-examples in mysql-claim-jobs.py .\nBase Program Using our usual includes and setup,\nfrom time import sleep from random import randint from sys import exit from multiprocessing import Process import click import MySQLdb import MySQLdb.cursors db_config = dict( host=\u0026#34;127.0.0.1\u0026#34;, user=\u0026#34;kris\u0026#34;, passwd=\u0026#34;geheim\u0026#34;, db=\u0026#34;kris\u0026#34;, cursorclass=MySQLdb.cursors.DictCursor, ) Table jobs and setup we create a MySQL table jobs:\n@click.group(help=\u0026#34;Generate and consume jobs concurrently\u0026#34;) def sql(): pass @sql.command(help=\u0026#34;Recreate jobs table\u0026#34;) def setup_tables(): sql_setup = [ \u0026#34;drop table if exists jobs\u0026#34;, \u0026#34;\u0026#34;\u0026#34;create table jobs ( id integer not null primary key auto_increment, d varchar(64) not null, e varchar(64) not null, status enum(\u0026#34;unclaimed\u0026#34;, \u0026#34;claimed\u0026#34;, \u0026#34;done\u0026#34;) not null, owner_id integer null, owner_date datetime null, index(d), index(status) )\u0026#34;\u0026#34;\u0026#34;, \u0026#34;commit\u0026#34;, ] db = MySQLdb.connect(**db_config) for cmd in sql_setup: try: c = db.cursor() c.execute(cmd) except MySQLdb.OperationalError as e: click.echo(f\u0026#34;setup_tables: failed {e} with {cmd}.\u0026#34;) sql() In our table, the fields d and e represent the job payload. We will later select jobs for processing based on the contents of the d field, so we create an index on that.\nEach job has a status (unclaimed or claimed, and for debugging done instead of being deleted), an owner and an access date which we update when we change the claim status of the job. As we access jobs by status, we also index on status.\nMultiprocessing We generate a set of two generators that concurrently insert jobs into the jobs table, and a set of ten consumers that take jobs out of the jobs table.\n@sql.command(help=\u0026#34;Run job creation and consumer jobs\u0026#34;) def start_processing(): proc_generator = [] for i in range(1, 3): g = Process(target=generator, args=(i,)) proc_generator.append(g) g.start() proc_consumer = [] for i in range(1, 11): c = Process(target=consumer, args=(i,)) proc_consumer.append(c) c.start() From multiprocessing, we are using Process to handle this. Each of these processes is getting an identification number as a parameter using the args= named parameter to the constructor. We will later use this in the consumer() to track the owner of a claimed job.\nThe Generators Our generator takes the generator_id as a parameter, but makes no use of it.\nWe generate random d and e fields, and use auto-incremented numbers to identify the individual jobs. The new job has the status of unclaimed and the owner_id and owner_date are NULL. For speed, we commit to the jobs table only every tenth job.\ndef generator(generator_id): counter = 0 step = 10 cmd = \u0026#34;insert into jobs (id,d,e,status,owner_id,owner_date) values (NULL,%(d)s,%(e)s,\u0026#39;unclaimed\u0026#39;,NULL,NULL)\u0026#34; db = MySQLdb.connect(**db_config) c = db.cursor() while True: data = { \u0026#34;d\u0026#34;: \u0026#34;\u0026#34;.join([chr(randint(97, 97 + 25)) for _ in range(64)]), \u0026#34;e\u0026#34;: \u0026#34;\u0026#34;.join([chr(randint(97, 97 + 25)) for _ in range(64)]), } c.execute(cmd, data) counter += 1 if counter % step == 0: sleep(0.1) db.commit() The Consumers Our consumers need to claim unclaimed jobs that fulfill a condition from the jobs table. For simplicity, we claim rows that start with a random character, for example \u0026lsquo;a%\u0026rsquo;.\nNaive approach using UPDATE In SQL, this could be\nUPDATE jobs SET status = \u0026#39;claimed\u0026#39;, owner_id = ?, owner_date = now() WHERE status = \u0026#39;unclaimed\u0026#39; AND d LIKE \u0026#39;a%\u0026#39; But if we did it like this, we would run into two problems:\nWe do not get the claimed records for processing. We would need to select them after claiming them (SELECT id, d, e FROM jobs WHERE status = 'claimed' AND owner_id = ?). The UPDATE statement produces X-locks, and these persist until we commit. Other processes trying to claim jobs run the risk of running into our X-locks while scanning the table. These processes would hang. We need another approach to handle this to make it efficient.\nSmart approach using SELECT ... FOR UPDATE SKIP LOCKED Starting with MySQL 8, we get the option SKIP LOCKED when running select. This is documented in the manual as follows:\nA locking read that uses SKIP LOCKED never waits to acquire a row lock. The query executes immediately, removing locked rows from the result set.\nUsing FOR UPDATE we could read the rows we want and mark them for a later UPDATE with X-locks. At the same time we ignore the records already marked for later updates by other processes without stopping.\nThis is precisely what we need. In order to mark only the rows we are intending to claim as locked, we need to access the rows in our SELECT .. .FOR UPDATE SKIP LOCKED statement by primary key. That is, our statement needs to have the form SELECT ... FROM jobs WHERE id IN ( 1, 2, 3 ) FOR UPDATE SKIP LOCKED. We need another SELECT statement before the locking SELECT in order to translate our condition into a set of primary keys.\nSo this is the plan:\nRun a query to find a set of candidate primary keys (100 or fewer). This query can run outside our transaction and could use a replica to find a set of candidate primary keys. Start a transaction. This happens all the time and automatically in Python. In our transaction, run the SELECT ... FROM josb WHERE id IN (...) FOR UPDATE SKIP LOCKED as discussed. Using the result of the previous SELECT statement, run the UPDATE to claim the jobs. Run COMMIT to drop the X-locks, and make the change visible to other processes. Note that the set of candidate primary keys can be up to 100 ids in size, but can also be empty: We are searching for unclaimed jobs that start with a randomly selected letter, and it may be there are none.\nNote that the set of claimed primary keys can be identical to the candidate primary key set, or smaller. It may be empty, even if the candidate set was not: In this case all candidates have been snatched up by other consumers before we could. We may want to count and log that, in order to detect if our concurrency in consumers is too high.\nFinding candidates In code:\ndef find_candidates(cursor, wanted): candidate_cmd = f\u0026#34;select id from jobs where d like %(search_string)s and status = %(wanted)s limit 100\u0026#34; search_string = chr(randint(97, 97 + 25)) + \u0026#39;%\u0026#39; try: cursor.execute(candidate_cmd, {\u0026#34;search_string\u0026#34;: search_string, \u0026#34;wanted\u0026#34;: wanted}) except MySQLdb.OperationalError as e: click.echo(f\u0026#34;find_candidates: {e}\u0026#34;) exit(1) candidate_ids = cursor.fetchall() return [c[\u0026#34;id\u0026#34;] for c in candidate_ids] We are using some arbitrary SQL condition to find records. In our example, we are using WHERE d LIKE 'a%' AND status = 'unclaimed', for variable initial letters and for variable status values. We are only interested into the primary keys, so we return only these, in a list.\nConsuming jobs The actual consumer() then looks like this:\ndef consumer(consumer_id): db = MySQLdb.connect(**db_config) c = db.cursor() while True: # find potential records to process with the status \u0026#39;unclaimed\u0026#39; candidates = find_candidates(c, \u0026#34;unclaimed\u0026#34;) # we did not find any if len(candidates) == 0: # this is important, it will drop the persistent read view. # not doing this means we will never see newly inserted records from the generator db.commit() continue # with the list of candidate ids, we select them for update, skipping locked records lock_cmd = f\u0026#34;select id, d, e from jobs where status = \u0026#39;unclaimed\u0026#39; and id in %(candidates)s for update skip locked\u0026#34; c.execute(lock_cmd, {\u0026#34;candidates\u0026#34;: candidates}) claimed_records = c.fetchall() # these are the records we want to claim for processing # make us a list of ids of the claimed records claimed_ids = [ r[\u0026#34;id\u0026#34;] for r in claimed_records] claimed_ids_count = len(claimed_ids) if len(claimed_ids) == 0: db.commit() # again drop the read view continue # starting here we have a lock on the records in claimed_ids # so we know we are the only one processing them. # # we claim the records, updating their status and owner claim_cmd = \u0026#34;\u0026#34;\u0026#34;update jobs set status = \u0026#39;claimed\u0026#39;, owner_date = now(), owner_id = %(consumer_id)s where id in %(claimed_ids)s\u0026#34;\u0026#34;\u0026#34; c.execute(claim_cmd, {\u0026#34;claimed_ids\u0026#34;: claimed_ids, \u0026#34;consumer_id\u0026#34;: consumer_id}) db.commit() # doit(claimed_records) -- process the records, that takes some time print(f\u0026#34;consumer {consumer_id: } #records = {claimed_ids_count} - {claimed_ids}\u0026#34;) sleep(0.1) # after processing we delete them done_cmd = \u0026#34;delete from jobs where id in %(claimed_ids)s\u0026#34; c.execute(done_cmd, {\u0026#34;claimed_ids\u0026#34;: claimed_ids}) db.commit() That is, we call find_candidates() to generate a list of candidate ids. If we did not find any, we run a db.commit() before we continue. This is rather important: We are in a transaction here, and in REPEATABLE READ isolation that means we get a consistent read view. If we simply tried again, using only continue, we would stay in the same transaction and would never see the jobs table update.\nUsing the set of candidate ids, we then run the locking SELECT as discussed above. This does two things:\nit returns the data, which we pick up using claimed_records = c.fetchall() it also X-locks the rows for claiming them permanently We generate a list of claimed_ids from the claimed_records, and check that this list is non-empty. If it was empty, we did have a list of candidate ids, but none of them came through. That means another concurrent process snatched the candidates from us - all of them. We should be recording this, but are not in this example program.\nWe then run the actual UPDATE that marks the jobs as claimed, and updates the owner and the datetime of taking possession. We need to db.commit() here to write this status change to disk. This will now also be visible to other processes.\nWe can now proceed to actually process these records at our leisure. This may take time, which we simulate with a tiny wait.\nAfter processing has finished, we delete the jobs from the jobs table, and commit again to make the deletion visible.\nRun log Here is a short test run protocol:\n(venv) mysql-dev-examples/mysql-claim-jobs$ ./mysql-claim-jobs.py --help Usage: mysql-claim-jobs.py [OPTIONS] COMMAND [ARGS]... Generate and consume jobs concurrently Options: --help Show this message and exit. Commands: setup-tables Recreate jobs table start-processing Run job creation and consumer jobs (venv) mysql-dev-examples/mysql-claim-jobs$ ./mysql-claim-jobs.py setup-tables (venv) mysql-dev-examples/mysql-claim-jobs$ ./mysql-claim-jobs.py start-processing consumer 4 #records = 1 - [1] consumer 3 #records = 1 - [5] consumer 8 #records = 1 - [17] consumer 6 #records = 1 - [13] consumer 7 #records = 1 - [15] consumer 10 #records = 1 - [11] consumer 2 #records = 1 - [12] consumer 1 #records = 1 - [9] consumer 9 #records = 1 - [3] consumer 5 #records = 1 - [7] consumer 7 #records = 4 - [36, 59, 62, 109] consumer 9 #records = 5 - [44, 85, 113, 119, 127] consumer 8 #records = 3 - [72, 79, 126] consumer 5 #records = 5 - [45, 63, 80, 94, 95] consumer 10 #records = 1 - [51] consumer 3 #records = 7 - [2, 14, 22, 53, 68, 120, 140] consumer 1 #records = 4 - [23, 97, 115, 122] consumer 2 #records = 6 - [4, 47, 65, 99, 103, 105] consumer 6 #records = 6 - [26, 32, 43, 77, 83, 86] consumer 4 #records = 3 - [48, 84, 130] ... consumer 9 #records = 1 - [12413] consumer 3 #records = 2 - [12407, 12445] consumer 7 #records = 2 - [12450, 12459] consumer 5 #records = 2 - [12446, 12470] consumer 1 #records = 3 - [12397, 12426, 12441] consumer 8 #records = 1 - [12458] consumer 2 #records = 15 - [12282, 12313, 12327, 12350, 12365, 12369, 12385, 12399, 12401,\\ 12425, 12435, 12443, 12452, 12453, 12462] consumer 4 #records = 3 - [12421, 12440, 12466] ^S consumer 1 #records = 1 - [12515] counter = 6000 counter = 6000 consumer 5 #records = 30 - [12525, 12532, 12575, 12592, 12673, 12676, 12680, 12714, 12719, 12732, 12771, 12804, 12882, 12961, 12977, 13010, 13024, 13060, 13068, 13156, 13204, 13214, 13249, 13279, 13280, 13284, 13299, 13307, 13358, 13396] consumer 10 #records = 31 - [12516, 12531, 12537, 12541, 12623, 12630, 12638, 12742, 12777, 12791, 12792, 12800, 12810, 12819, 12821, 12981, 12990, 13117, 13119, 13131, 13138, 13161, 13180, 13192, 13202, 13259, 13283, 13352, 13367, 13383, 13414] We can see how each consumer grabs a variable number of jobs for processing, sometimes single jobs, sometimes many more. If we let the thing run for some time, we see that the ids increment. When we stop the output with Ctrl-S, we also block the consumers. On resume, very many jobs are lingering in the queue, and initially the consumers claim a large list of ids on each grab. This quickly goes back to normal levels after the number of jobs in the queue goes down to normal levels, too.\nWe can check queue length and status in the database:\nkris@localhost [kris]\u0026gt; select status, count(status) from jobs group by status; +-----------+---------------+ | status | count(status) | +-----------+---------------+ | unclaimed | 47 | | claimed | 23 | +-----------+---------------+ 2 rows in set (0.00 sec) Summary We created a job queue in the database, using a concurrent Python program. To select jobs efficiently, we reduce an arbitrary query to a set of candidate primary keys. We then use a SELECT ... FROM jobs WHERE id IN ( ... ) FOR UPDATE SKIP LOCKED to create a set of X-locks on the candidate records using FOR UPDATE. At the same time, we avoid waiting on other threads\u0026rsquo; X-locks using the SKIP LOCKED functionality new in MySQL 8. We then use the data fetched by the SELECT FOR UPDATE to commit permanent ownership for these records, and also use this data for processing. After processing we clean up by deleting the jobs from the table.\nThe approach can be scaled further by partitioning the jobs table, if needed.\n","date":"2021-07-13T00:00:00Z","href":"https://blog.koehntopp.info/2021/07/13/mysql-a-job-queue-in-python.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: A job queue in Python"},{"categories":null,"content":"Wir hatten hier in den Reviews schon eine ganze Menge Tom Hillenbrand: Drachenväter , Drohnenland , und Die Drohnen des Monsieur Leclerq .\nDas aktuelle Buch von Tom Hillenbrand ist Montecrypto , das sich mit dem Hype um Cryptocurrencies beschäftigt und eine Art \u0026ldquo;Der Graf von Monte Cristo\u0026rdquo;-Geschichte erzählt.\nMontecrypto , von Tom Hillenbrand\nGregory Hollister, ein reicher Investor, ist verstorben. Angeblich hat er noch eine große Menge Geld, und dieses ist in Bitcoin angelegt und irgendwo versteckt. Wo genau, ist unklar, und so bekommt der Finanzdetektiv Ed Dante von Hollisters Schwester den Auftrag, den verschwundenen Schatz zu identifizieren und aufzuspüren. Dante setzt dabei aus Versehen ein auf dem Computer von Hollister installiertes Script in Gang, das eine weltweite Schatzsuche inszeniert.\nDoch es stellt sich heraus, daß die Geschichte um das Ableben von Hollister weitaus komplizierter ist, denn Hollister hat auch noch eine andere, wesentlich kontrolliertere Cryptowährung ins Leben gerufen und am Ende ist alles ein Racheplot in einem Racheplot.\nGewohnt gute Kost von Hillenbrand. Schnell und spannend durchzulesen, flott inszeniert und aktuelle Themen aufgreifend. Ich habe mich gut unterhalten gefühlt.\n\u0026ldquo;Montecrypto\u0026rdquo;, Tom Hillenbrand, Eur 12.99\n","date":"2021-06-05T00:00:00Z","href":"https://blog.koehntopp.info/2021/06/05/fertig-gelesen-montecrypto.html","tags":["lang_de","review","book","media","scifi"],"title":"Fertig gelesen: Montecrypto"},{"categories":null,"content":"Another Monte-Cristo-themed book, Tom Reiss\u0026rsquo; The Black Count nicely complements the german sci-fi novel Montecrypto by Tom Hillenbrand. It is a biography of the father of the French write Alexandere Dumas, Thomas-Alexandre Dumas Davy de la Pailleterie.\n\u0026quot;The Black Count \u0026quot;, by Tom Reiss.\nAlexandre Dumas, the author of \u0026ldquo;The Three Musketeers\u0026rdquo;, \u0026ldquo;The Count of Monte Cristo\u0026rdquo; and many other books, is one of the most read French authors. He had it easy coming up with stories, because his father had one of the most unusual and wildest lives imaginable. Dumas was, in a way, telling episodes from his fathers adventures, toned down to become more believable, in some of his stories.\nThomas-Alexandre was born on the French colony island Saint-Domingue (now Hawaii). His father was the French Marquis Alexandre Antoine Davy de la Pailletterie. His mother Marie-Cessette Dumas, an enslaved woman of \u0026ldquo;Afro-Caribbean\u0026rdquo; ancestry, which means that she or her ancestors were enslaved somewhere in Africa and forcibly brought to the Island. Not much is known about her actual origin or history.\nHis father, very broke, returned to France, where Thomas-Alexandre was legally freed: in France, slavery was prohibited since 1315, in the colonies not so much. He was educated in a military school and then joined the army as a young man. He also started to use his mothers name after he fell out with his father.\nDumas entered the military at the age of 24 as a private, but quickly rose in rank. This was not only due to his bodily fitness, his incredible fighting skills and his immense organisational talent, but also due to the wealth of opportunities that the upheaval of the French Revolution of 1789 offered, 3 years into his military career. He held the rank of a General-in-Chief over the 53.000 troops of the French Army in the Alps, at the age of 31. Among his soldiers, he was known for upholding the ideals of the French revolution, Liberty and Equality, and the ideals of Humanism.\nHe served under the orders of the commander-in-chief General Napoleon Bonaparte in Milan in 1796, clashing with him over plundering and expropriation policies. He also fought with Napoleon\u0026rsquo;s aide-de-camp over similar matters of fairness and courage in battle. Despite that, he joined Napoleon\u0026rsquo;s Egyptian expedition in 1798, and became the cavalry commander of the French Army of the Orient. The conditions of the march from Alexandria to Cairo were harsh, and Dumas discussed with other french generals if they would refuse to march past Cairo. Napoleon later learned of that meeting, accused Dumas of treason and forced him to return to France on an unsound vessel. The ship sank slowly during the trip, and was forced aground in a storm near Taranto in Naples. Naples Cardinal Fabrizio Ruffo imprisoned Dumas and his fellow travellers for two years. In jail, Dumas was permanently injured due to infection and malnourishment. He died in 1806, five years after his release, from stomach cancer, at which time his son Alexandre Dumas was 4 years old.\nGeneral Thomas-Alexandre Dumas story easily has sufficient material for several of the stories his son wrote, and his son in fact used parts of his fathers biography in several of his stories.\nBefore Reiss\u0026rsquo; well researched book the life and exploits of this colorful hero of the French Revolution were almost forgotten. Reiss\u0026rsquo; storytelling brings us back the story of Dumas, who lived through one of the most exciting parts of French history.\n\u0026ldquo;The Black Count \u0026rdquo;, Tom Reiss, EUR 8.59\n","date":"2021-06-05T00:00:00Z","href":"https://blog.koehntopp.info/2021/06/05/fertig-gelesen-the-black-count.html","tags":["lang_en","review","book","media"],"title":"Fertig gelesen: The Black Count"},{"categories":null,"content":"So somebody tweeted about the Seagate Mach.2 , a harddisk with two independent heads \u0026ldquo;combs\u0026rdquo;, and I commented in german : \u0026ldquo;It\u0026rsquo;s two drives in one chassis, even shown as two drives. And it still is rotating rust, so slow with seeks. Linear IO will be fine.\u0026rdquo;\nThat quickly devolved in a discussion of RAID-0 on a single disk drive : \u0026ldquo;RAID-0 on a single physical drive. Yeah, you can do that if you do not need your data.\u0026rdquo;\nAnd that is true, I replied : \u0026ldquo;Most people need their data a lot less than they think they do.\u0026rdquo;\nLet\u0026rsquo;s unroll that thread and the various followups in english for this blog.\nn=3 or n=1 So, most people actually need their data a lot less than they think they do. That is, because most database-like applications do their redundancy themselves, at the application level, so that RAID or storage replication in distributed storage (the \u0026ldquo;n-factor\u0026rdquo;, for the number of replicas that distributed stores for each block) is not only useless, but actively undesirable.\nWhere I work, there is the data track, and there are customers of the data track.\nNon-Databases are stateless Customers of the data track have stateless applications, because they have outsourced all their state management to the various products and services of the data track. They are deploying their applications, and they largely do not care about the content of hard disks, or even entire machines. Usually their instances are nuked on rollout, or after 30 days, whichever comes first, and replaced with fresh instances.\nCustomers of the data track care about placement:\nPlace my instances as distributed as possible, no two instances on the same host, if possible, not in the same rack or even the same stack\n(A stack is a network unit of 32-48 racks) This property is called \u0026ldquo;anti-affinity\u0026rdquo;, the spread-out placement of instances.\nDatabase-like systems The data track has things such as Kafka, Elastic, Cassandra or MySQL, and a few snowflakes.\nAll of these services are doing their own redundancy: individual drives, or even instances, are not a thing they care a lot about. Loss of hosts or racks is factored in.\nThey care a lot about anti-affine placement, because they care a lot about fault isolation through \u0026ldquo;not sharing common infrastructure\u0026rdquo; between instances.\nOften these services do create instances for read capacity, and getting fault tolerance by having the instances not sharing infrastructure is a welcome secondary effect.\nAdding distributed storage forces n=3 Now, if you switch from local storage to distributed storage, you very often get redundant storage. For transactional workloads this is often a RAID-1 with three copies (n=3). Most customers of them don\u0026rsquo;t actually need that: Because they create capacity for read scaleout, they only care about independence of failures, not avoiding them. So again, what they want is anti-affine placement, for example by propagating tags down the stack.\nSo imagine a lot of MySQL databases , for example on Openstack. The volumes of each replication chain are tagged with the replication chain name, like chain=\u0026lt;x\u0026gt;. If we could tell the storage to place all volumes with identical chain tag values on different physical drives, ideally on different storage nodes in different racks, storing data with n=1 would be just fine.\nCassandra, Elastic and Kafka could work with the same mechanism, because they, too, have native solutions to provide redundancy on JBODs at the application level.\nBut this kind of distributed storage does not exist, and that leads to triplicate storage when it is not needed.\nHow about local storage? \u0026ldquo;But, Kris! Local Storage!\u0026rdquo;\nYes, local storage would be a solution. I know that, because when running on autoprovisioned bare metal, it does work, and we currently have that.\nBut most Openstack operators do want live migration, so even ephemeral storage is often ceph\u0026rsquo;ed. That\u0026rsquo;s a\u0026hellip; complication I could do without.\nIn an earlier life Quobyte did work fine for volumes and ephemeral storage, except that with guests that contained large memcached\u0026rsquo;s or MySQL live migrations still failed often.\nThat\u0026rsquo;s not because of Quobyte, but because of memory churn: The memory of the VM in busy instances changed faster than the live migration could move it to the target host. We then had to throttle the instances, breaking all SLA\u0026rsquo;s.\nIn my current life, I can tolerate instance loss anyway, especially if it is controlled and announced. So I do not really have to migrate instances, I can ask nicely for them to be shot in the head. With pre-announcement (\u0026ldquo;I need your host, dear Instance, please die.\u0026rdquo;), and the application provisions a new instance elsewhere and then removes the one in question. Or with control (\u0026ldquo;Don\u0026rsquo;t force-kill instances if the population is too thin.\u0026rdquo;).\nEither case is likely to be faster than a live migration. It is faster for sure, if the data volume is on distributed storage so that I only have to provision the new instance and then simply can reconnect the data volume.\nNVME over fabric over TCP Local storage has a smaller write latency than distributed storage, but NVME over fabric (\u0026ldquo;NVMEoF\u0026rdquo;) is quite impressive. And since CentOS 8.2, NVMEoF over TCP is part of the default kernel. That means you do have the NVMEoF TCP initiator simply available, without any custom install.\nNVMEoF over TCP has a marginally worse latency than RoCE 2 (\u0026ldquo;NVMEoF over UDP\u0026rdquo;), but it does work with any network card - no more \u0026ldquo;always buy Mellanox\u0026rdquo; requirement.\nIt does allow you to make storage available even if it is in the wrong box. And distributed storage may be complicated, but it has a number of very attractive use-cases.\nvolume centric workflows: \u0026ldquo;make me a new VM, but keep the volume\u0026rdquo;. Provisioning one Terabyte of data at 400 MB/s takes 45 minutes of copy time for a total MySQL provisioning time of around 60 min. Keeping the volume, changing the VM (new image, different size) makes this a matter of minutes. With NVME namespaces or similar mechanisms one can cut a large flash drive into bite sized chunks, so providing storage and consuming it can be decoupled nicely. Lifetime of storage and lifetime of compute are not identical. By moving the storage out into remote storage nodes their lifecycles are indeed separate, offering a number of nice financial advantages. All of that at the price of the complexity of distributed storage.\nNVME \u0026ldquo;servers\u0026rdquo; This raised the question of what the \u0026ldquo;NVME server\u0026rdquo; looks like. \u0026ldquo;Is the respective NVME server an image file, or does it map 1:1 to a NVME hardware device?\u0026rdquo;\nNVME over Fabric (over UDP or over TCP) is a network protocol specification and implementation. It uses iSCSI terms, so the client is the \u0026ldquo;initiator\u0026rdquo;, and the server is the \u0026ldquo;target\u0026rdquo;.\nHow backing storage is implemented in a NVME target is of course the target\u0026rsquo;s choice. It could be a file, but the standard maps nicely on a thing called \u0026ldquo;NVME namespaces \u0026rdquo;.\nSo flash storage does not overwrite data, ever. Instead it has internally a thing called flash translation layer (FTL), which is somewhat similar to a log structured file system or a database LSM.\nUnlike a file system, it does translate linear block addresses (LBAs) into physical locations on the flash drive, so there are no directories and (initially also) no filenames.\nThere is of course a reclaim and compaction thread in the background, just like the compaction in log structured filesystems or databases. So you could think of the LSM as a filesystem with a single file.\nNow, add NVME namespaces - they introduce \u0026ldquo;filenames\u0026rdquo;. The file names are numbers, the name space IDs (NSIDs). They produce a thing that looks like partitions, but unlike partitions they do not have to be fixed in size, and they do not have to be contiguous. Instead, like files, namespaces can be made up by any blocks anywhere on the storage, and they can grow. That works because with flash seeks are basically free - the rules of rotating rust no longer constrain us.\nnvme command line Linux has the command line program \u0026ldquo;nvme \u0026rdquo; to deal with nvme flash drives. Drives appear named /dev/nvmeXnY, where X is the drive number and Y is the namespace id (NSID), starting at 1. So far, you probably always have seen the number 1 here.\nStart with nvme list to see the devices you have. You can also ask for the features the drive has, nvme id-ctrl /dev/nvme0n1 -H will tell you what it can do in a human-readable (-H) way. Not all flash drives support namespaces, but enterprise models and newer models should.\nUsing nvme format you can reformat the device (losing all data on it), and also specify the block size. nvme list will also show you this block size. You do want 4KB blocks, not 512 byte blocks: It\u0026rsquo;s 2021 and the world is not a PDP-11 any more, so nvme format /dev/nvme0n1 -b 4096, please. Some older drives now require a reset to be able to continue, nvme reset /dev/nvme0.\nNamespaces can be detached, deleted, created and attached: nvme detach-ns /dev/nvme0 -namespace-id=Y -controllers=0, then nvme delete-ns /dev/nvme0 -namespace-id=1. When creating a namespace, nvme create-ns /dev/nvme0 -nsze ... -ncap ... -flbas 0 -dps 0 -nmic 0 or whatever options are desired, then nvme attach-ns /dev/nvme0 -namespace-id=1 -controllers=0. Again, nvme reset /dev/nvme0.\nIn theory, NVME drives and NVME controllers are separate entities, and there is the concept of shared namespaces that span drives and controllers.\nIn reality, this does not work, because NVME devices are usually sold as an entity of controller and storage, so some of the more interesting applications the standard defines do not work on the typical devices you can buy.\nErasing Because flash does not overwrite anything, ever, you can\u0026rsquo;t erase and sanitize the device the way you have done this in the past with hard drives. Instead there is drive encryption (\u0026ldquo;OPAL\u0026rdquo;), or the nvme sanitize /dev/nvme0n1 command\nOr you shred the device, just make the shreds smaller than with hard disks: With hard disks, it is theoretically sufficient to break the drive, break the platters and make scratces. Drive shredders produce relatively large chunks of metal and glass, and are compliance.\nFlash shredders exist, too, but in order to be compliant the actual chips in their cases need to be broken. So what they produce is usually much finer grained, a \u0026ldquo;sand\u0026rdquo; of plastics and silicon.\nNetwork You need a proper network, Maik added :\nDistributed storage is storage at the other kind of the network cable. Every disk read and every disk write become a network access. So you do need a fairly recent network architecture, from 2010 or later: A leaf-and-spine architecture that is optionally oversubscription free so that the network will never break and never be the bottleneck.\nLeaf-and-spine Brad Hedlund wrote about leaf-and-spine in the context of Hadoop in 2012, but the first builds happened earlier, at Google, using specialized hardware. These days, it can be done with standard off the shelf hardware, from Arista or Juniper, for example.\nLeaf-and-spine as shown by Brad Hedlund . Today you\u0026rsquo;d use different hardware, but the design principle is still the same.\nHere, the leaves are \u0026ldquo;Top of Rack\u0026rdquo; switches that are connected to computers, so we see 40x 10 GBit/s coming up to the red boxes labelled \u0026ldquo;Leaf\u0026rdquo;. We also provide green switches labelled \u0026ldquo;Spine\u0026rdquo;, and connect to them with up to 10x 40G for a complete oversubscription free network.\nUsing BGP, we can automatically build the routing tables, and we will have many routes going from one leaf switch to any other leaf switch - one for each spine switch in the image. Using Equal Cost Multipath (ECMP), we spread our traffic evenly across all the links. Any single connection will be limited to whatever the lowest bandwidth in the path is, but the aggregated bandwidth is actually never limited: we can always provide sufficient bandwidth for the aggregate capacity of all machines.\nOf course, most people do not actually need that much network, so you do not start with a full build. Initially only provide a subset of that (three to four uplinks) and reserve switch ports and cable pathways for the missing links. Once you see the need you add them, for example when bandwidth utilization in the two digit percentages or you see Tail Drops/RED .\nRacks and Stacks One level of leaf-and-spine can build a number of racks that are bound together without oversubscription. We call this a stack, and depending on the switch hardware and the number of ports it provides, it\u0026rsquo;s 32-48 racks or so.\nWe can of course put another layer of leaf-and-spine on top to bundle stacks together, and we get a network layer that is never a bottleneck and that never disconnects, across an entire data center location.\n\u0026ldquo;Never disconnects?\u0026rdquo; Well, assuming three uplinks, and with a stack layer on top of the first leaf-and-spine layer, we get four hops from start to destination, and that 3^4 possible redundant paths to every destination ToR via ECMP.\nChances are that you need to build a specialized monitoring to even notice a lost link. You can only have outages at the ToR.\nWith such a network a dedicated storage network is redundant (as in no longer needed), because frontend traffic and storage traffic can coexist on the same fabric.\nA common test or demonstration is the Hadoop Terasort benchmark: Generate a terabyte or ten of random data, and sort it. That\u0026rsquo;s a no-op map phase that also does not reduce the amount of data, then sorting the data in the shuffle phase and then feeding the data (sorting does not make it smaller) across the network to the reducers.\nBecause the data is randomly generated, it will take about equal time to sort each Hadoop 128MB-\u0026ldquo;block\u0026rdquo;. All of them will be ready at approximately the same time, lift off and try to cross the network from their mapper node to the reducer node. If you network survives this, all is good - nothing can trouble it any more.\n","date":"2021-05-25T00:00:00Z","href":"https://blog.koehntopp.info/2021/05/25/nvme-is-not-a-hard-disk.html","tags":["lang_en","storage","networking","data center"],"title":"NVME is not a hard disk"},{"categories":null,"content":"I never wrote this up, and the information online is all referring to older versions of Windows, so let\u0026rsquo;s fix this.\nThe MS-DOS version of getting Umlauts on a US keyboard is to type the ASCII codes. As I can\u0026rsquo;t and won\u0026rsquo;t remember these codes, this won\u0026rsquo;t work for me. There is a deadkey way to get a \u0026ldquo;US (International Keyboard)\u0026rdquo;. On these, you type Double Quotes \u0026quot;, and then the letter that should form the Umlaut, for example o, for an ö. This works well for me. On older versions of Windows, you would start the old control panel and then go to \u0026ldquo;Clock, Language and Region\u0026rdquo;, and then set up things from there:\nThe old control panel. Current Windows 10 still has the old control panel, but no longer has language options in it.\nThis does no longer work, because while current Windows 10 still has the old control panel, language options are no longer part of it.\nInstead, the new Windows 10 settings are required. Start them (Windows+I), and choose \u0026ldquo;Time and Language\u0026rdquo;.\nWindows+I will bring up the settings\nIn \u0026ldquo;Time and Language\u0026rdquo;, select the Tab \u0026ldquo;Language\u0026rdquo;, make sure \u0026ldquo;English (United States)\u0026rdquo; is selected in \u0026ldquo;Preferred Languages\u0026rdquo;, and click \u0026ldquo;Options\u0026rdquo;.\nSelect \u0026ldquo;English (United States)\u0026rdquo; in \u0026ldquo;Preferred Languages\u0026rdquo; to make the \u0026ldquo;Options\u0026rdquo; button visible. Click that button.\nIn \u0026ldquo;Language Options: English (United States)\u0026rdquo;, click on \u0026ldquo;[+] Add a keyboard\u0026rdquo;. A list of keyboard layouts pops up. Choose the \u0026ldquo;United States - International (QWERTY)\u0026rdquo; keyboard.\nIt will be added to the list of available keyboard layouts.\nIf you wish, click on the \u0026ldquo;US (QWERTY)\u0026rdquo; keyboard, and click \u0026ldquo;Remove\u0026rdquo;.\nAfter hitting \u0026ldquo;[+] Add a keyboard\u0026rdquo;, choose \u0026ldquo;United States - International (QWERTY)\u0026rdquo;\nThe finished selection should look like this:\nThe keyboard layout chosen is \u0026ldquo;United States - International (QWERTY)\u0026rdquo;.\nUmlauts can now be entered by using typing \u0026quot; followed by the required vowel (for example o for an ö). You can still use all the nice brackets, braces and parentheses for programming directly, without additional finger breaking modifiers.\n","date":"2021-05-15T00:00:00Z","href":"https://blog.koehntopp.info/2021/05/15/windows-10-and-umlauts-with-an-english-keyboard.html","tags":["lang_en","windows"],"title":"Windows 10 and Umlauts with an english keyboard"},{"categories":null,"content":"Ian Lance Taylor is the author of a UUCP program that I have been using for a long time to connect to other USENET systems, long before I had access to the actual Internet.\nUUCP queues up jobs for remote execution, dials other computers with a moden, exchanges the contents of the queued up work, and after disconnect executes the jobs. The jobs are mostly invocation of \u0026ldquo;rmail\u0026rdquo; and \u0026ldquo;rnews\u0026rdquo; programs for the exchange of mail and USENET news.\nTaylors version of UUCP had large number of protocol and interface improvement that made it hugely superior, and that made working with \u0026ldquo;high speed modems\u0026rdquo; viable in the first place. It was the backbone of my network connectivity, 30 years ago.\nTaylor also wrote \u0026ldquo;a book\u0026rdquo; about program linkers in 2007, in the form of a long series of blog posts. In it, he explains what happens to a program after the compiler emits an object file, and before the program actually starts to run. That is, he describes how to the object file, system libraries and runtime become one thing that actually is capable of starting up.\nThis is deeply nerdy content, and also quite interesting, because it is widely underdocumented. Taylor\u0026rsquo;s series is key to making the obscure but vital topic better understandable.\nThis is not a book, but a series of blog posts. Fortunately, there is an index page made available by LWN. The parent article, on the Gold linker, is also at LWN .\n","date":"2021-05-14T00:00:00Z","href":"https://blog.koehntopp.info/2021/05/14/fertig-gelesen-linkers.html","tags":["lang_en","review","usenet","media"],"title":"Fertig gelesen: Linkers"},{"categories":null,"content":"Needle and Through the Eye of a Needle are books by Hal Clement. Hal Clement was a Hard Sci-Fi author born in 1922, and \u0026ldquo;Needle\u0026rdquo; was written in 1950 as his first book, for Campbell, no less, and sold to Doubleday. The followup was produced almost 30 years later, in 1978.\nNeedle The story begins with two spaceships crashing into planet earth, some time in the 1950\u0026rsquo;s idea of a future, close to an island in the Pacific ocean. Both ships are mostly destroyed in the crash, but the inhabitants survive: A criminal, and a kind of headhunter/policeman. They are part of formless species that has much smaller cells than humans and that need a host from normal sized cells with which they live in symbiosis - at least those of the species that are not criminals.\nThe Hunter enters the body of Bob Kincaid, a post-puberty schoolboy that parties at the beach because it\u0026rsquo;s the end of the summer vacation. The Hunter needs time to orient himself in Bob, establish communication, and find of his current situation, at which point Bob is already firmly abroad on the American continent, in School. He now needs to find a way to get Bob back to the island, and then find the Criminal who may hide in anybody on that island.\nWe follow Bob and his symbiont through the case, exploring the life on the island, in a weird mix of Sci-Fi, Whodunnit and YA island life.\nIn the second part, Through the Eye of a Needle , Hal Clement returns to his characters. Bob has fallen ill, which should be impossible with the Hunter symbiont living in him, and it appears that he\u0026rsquo;s showing some kind of reaction to the presence of the Hunter himself. Help is needed from specialists of the Hunters people, but because the Hunter\u0026rsquo;s ship was destroyed in the crash that seems to be impossible.\nTwo old school hard Sci-Fi books, that, looking past the outdated role-models, are still interesting YA reads and have aged quite okay.\n","date":"2021-05-14T00:00:00Z","href":"https://blog.koehntopp.info/2021/05/14/fertig-gelesen-needle.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: Needle"},{"categories":null,"content":"The Antivirus Hackers Handbook by Jaxeon Koret and Elias Bachaalany is part book, part a research report, detailing the findings of Jaxeon Koret and Elias Bachaalany in how Antivirus programs work, try to protect themselves and can be attacked and exploited.\nThe Antivirus Hackers Handbook The book assumes that you have some basic knowledge how compilers produce programs, what assembler looks like and how to map that on program statements in the code you write, and have access to IDA Pro free edition, Ghidra, Hopper or some other reverse engineering and analysis tool. We are then guided through the authors journey of discovery, analyzing the cores and plugin systems of various Antivirus products, how they work, how they detect viruses, how they update themselves, and how they try to protect themselves.\nAntivirus systems are terribly large and attractive targets when trying to exploit individual machines or even fleets of machines: They try to scan and understand all kinds of file formats, run analysis often in privileged mode and with system protections turned off, and they are usually installed uniformly on a large fleet of machines in corporates, as mandatory pieces of software. These days they also increasingly have cloud components they upload data to, well suited to mask exfiltration traffic. When trying to attack and subvert corporate targets, they are the ideal platform for an attacker.\nAnd the authors take us on that journey, at a level of intricate detail, but also always keeping the larger goal in sight. After reading this book one is looking at corporate security software differently, questioning if it is actually making things more secure.\n\u0026ldquo;The Antivirus Hackers Handbook \u0026rdquo;, Jaxeon Koret and Elias Bachaalany, EUR 32.06\n","date":"2021-05-14T00:00:00Z","href":"https://blog.koehntopp.info/2021/05/14/fertig-gelesen-the-antivirus-hackers-handbook.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: The Antivirus Hackers Handbook"},{"categories":null,"content":"So, Netflix\u0026rsquo; \u0026ldquo;The Witcher \u0026rdquo; was weird, and could not decide what it wanted to be: A \u0026ldquo;Hercules Legenday Journey\u0026rsquo;s\u0026rdquo;-like half-comedy, half-camp series, or something else, darker and denser, with more story and background. It hinted at a better story, better told, that did not make it into the final product, and died somewhere between the scriptwriting and the cutting table.\nInvestigating, I got myself the equivalent of the Witcher Boxed Set on the Kindle and started reading. And indeed, just as with Conan, the Barbarian , the book is nothing like the film.\nWe get indeed a dense and increasingly dark story, the story of Geralt and Jennifer, both remnants from a time gone by, and Ciri, the product of an age-old arrangement of breeding and selection, gone wrong in the last few steps, all of them fighting for freedom of will and their choice in life, and ultimately failing.\nThe reading order is \u0026ldquo;The Last Wish\u0026rdquo;, \u0026ldquo;Sword of Destiny\u0026rdquo;, (\u0026ldquo;Season of Storms\u0026rdquo;, optional), \u0026ldquo;Blood of Elves\u0026rdquo;, \u0026ldquo;Time of Contempt\u0026rdquo;, \u0026ldquo;Baptism of Fire\u0026rdquo;, \u0026ldquo;Tower of the Swallow\u0026rdquo; and \u0026ldquo;The Lady of the Lake\u0026rdquo;. And indeed, the story is good, the Netflix series is shallow and has very little to do with the books. Also, Sapkowsky pulls off a surprisingly large and mean number of storytelling trickery.\n","date":"2021-05-14T00:00:00Z","href":"https://blog.koehntopp.info/2021/05/14/fertig-gelesen-the-witcher.html","tags":["lang_en","media","review","book"],"title":"Fertig gelesen: The Witcher"},{"categories":null,"content":"The story of Heaven\u0026rsquo;s River , stranding in and then exploring an alien megastructure, is one that has been written before: In Niven\u0026rsquo;s Ringworld , Clarke\u0026rsquo;s Rama , and Farmer\u0026rsquo;s Riverworld . John Varley\u0026rsquo;s take on this, very seventies, is Titan , Wizard , and Demon , the Gaia Trilogy.\nTitan , Wizard and Daemon\nCirocco Jones is the Commander of the Earth science ship Ringmaster, and is right now approaching the orbit of Saturn, where she and her crew discover a new moon. As they approach the moon, they realize it\u0026rsquo;s a Stanford Torus like space habitat. Trying to find a way to dock, they come close and are being picked up by a giant tentacle-like arm, and dragged into the station while their ship is being destroyed.\nAs Cirocco wakes up, literally naked and hairless, without any resources by the metal parts that are the remains of her spacesuit, she realizes that months have elapsed since the collision. She sets out to orient herself in the strange, but extremely habitable world inside the torus, trying to find her crewmates. She manages to find them, and realizes they, like herself, have been changed in the months that they have spend somewhere in the interior of the space station.\nThey learn that the station is indeed a living being, older than time itself, and it is falling apart as the central intelligence is dying and the twelve subintelligences in the torus are fighting amongst themselves for control. Exploring the Flora and Fauna, it becomes obvious that all life in Gaia is constructed and preprogrammed, and at least sometimes under control of the central intelligence.\nCirocco, and her surviving shipmates, are trying to reach the centre, climbing up one of the giant, kilometres thick cables that hold the torus together. On their way they learn that some of them have been changed beyond the point of sanity, and fighting starts. Cirocco manages to get to the center, and is offered to be Gaia\u0026rsquo;s \u0026ldquo;Wizard\u0026rdquo;, her repair agent in torus world.\nIn the further books, this is expanded - Gaia establishes herself as a nation in the Solar system, opening a Consulate and offering medical miracle cures to humans that make the trip to Saturn and Gaia. It becomes clear that Gaia is terminally old, going slowly insane by age and boredom. Cirocco and Gaia fall out, and go to war with each other, Cirocco no longer being the \u0026ldquo;Wizard\u0026rdquo;, but the \u0026ldquo;Daemon\u0026rdquo;. During these events, Gaby, Ciroccos shipmate and later partner, is being killed.\nThe story then turns into more of a Zombie movie, in which a completely crazed Gaia goes to war on the humans, and the creatures of her that managed to emancipate themselves from her waning control. It comes to light that Gaia recorded the personalities of the captured Ringmaster crew, and that Gaby\u0026rsquo;s mentral recording has become some kind of agent in the hardware that represents the actual Gaia in the center of the Titan ring.\nIn a final confrontation, Cirocco raises an army from the ring inhabitants loyal to her, conquers Gaia\u0026rsquo;s forces, and manages to distract her sufficiently so that Gaby can take over the rings central hardware and bring the rebellious subsystems under her control. Gaby offers Cirocco to become a Wizard again, but Cirocco chooses adventure instead\u0026hellip;\nThe story has the classic shape of this particular Sci-Fi trope, and is being echo\u0026rsquo;ed in part in multiple ways in Heaven\u0026rsquo;s River, but is also very typical in its 70-ies sex-and-drugs laden storytelling. It has aged well enough to be enjoyable to read again, but it is too long to read in one uninterrupted go, and also has lengths in the later parts.\nTitan Wizard Demon by John Varley. ","date":"2021-05-14T00:00:00Z","href":"https://blog.koehntopp.info/2021/05/14/fertig-gelesen-titan.html","tags":["lang_en","review","book","media"],"title":"Fertig gelesen: Titan"},{"categories":null,"content":"Sometimes things go wrong, and it surely would be nice if you at least knew afterwards what happened. Where I work, we are running a shell script older than time itself, once a minute. The script writes files to /var/log/mysql_pl, into a directory named after the current weekday and named after the current hour and minute.\nSo when a box crashes on Thursday at 22:09, as long as I can login to it, I still can try to look at /var/log/mysql_pl/Thu/22_0? and try to reconstruct what happened before the crash. Often the buildup to catastrophe is clearly visible.\nA version in Python Our shell script is not really portable or viable outside the work environment, so I rewrite a similar thing in Python. It has no dependencies outside of a base install of a modern Python, except for mysqlclient (MySQLdb) to connect to the database.\nThe full script is available on github .\nini file It requires an *.ini file, and searches for it in a number of locations :\nf = config.read( [ \u0026#34;/etc/mysql/mysql-flight-recorder.ini\u0026#34;, \u0026#34;/etc/mysql/mysql_flight_recorder.ini\u0026#34;, os.path.expanduser(\u0026#34;~/.mysql-flight-recorder.ini\u0026#34;), os.path.expanduser(\u0026#34;~/.mysql_flight_recorder.ini\u0026#34;), os.path.expanduser(\u0026#34;~/mysql-flight-recorder.ini\u0026#34;), os.path.expanduser(\u0026#34;~/mysql_flight_recorder.ini\u0026#34;), \u0026#34;./.mysql-flight-recorder.ini\u0026#34;, \u0026#34;./.mysql_flight_recorder.ini\u0026#34;, \u0026#34;./mysql-flight-recorder.ini\u0026#34;, \u0026#34;./mysql_flight_recorder.ini\u0026#34;, ] ) So it is either mysql_flight_recorder.ini or mysql-flight-recorder.ini with underbars or dashes, in /etc/mysql, in your home as a dotfile or non-dotfile, or in the current directory as a dotfile or non-dotfile.\nThe *.ini files looks like this:\n[DEFAULT] logdir = /home/kris/Python/mysql/mysql-flight-recorder/mysql_flight_recorder pidfile = /home/kris/Python/mysql/mysql-flight-recorder/mysql_flight_recorder.pid compresscmd= bzip2 -9f That is, the DEFAULT section defines\nlogdir: a directory where to put the logfiles. pidfile: It also needs a filename (as an absolute pathname) for a pidfile, which is being used to prevent concurrent execution. compresscmd: And finally, the logfiles can be compressed, and the compress command needs to be specified. The compress command needs to be given in a way that existing compressed files are overwritten, that is why in the example the -f option is given. After that, for each host that is to be checked a section is defined. The section name defines the log file prefix, the compresscmd controls the suffix. In each section, we need to specify username, password, host and port for the connection. No attempt at using TLS is being made in my quick hack.\nThe default config shown produces\n(venv) kris@server:~/Python/mysql/mysql-flight-recorder$ ls -l mysql_flight_recorder/Thu/ total 48 -rw-rw-r-- 1 kris kris 21424 Apr 22 23:35 localhost_23_35.bz2 -rw-rw-r-- 1 kris kris 20975 Apr 22 23:36 localhost_23_36.bz2 ... What is being logged? We run\nselect version() as version show global status like 'Uptime' show full processlist show slave status (this will need a version gate soon to use show replica status) show engine innodb status select * from information_schema.innodb_trx select * from information_schema.innodb_locks (this has a version gate and uses select * from performance_schema.data_locks on 8.0) select * from information_schema.innodb_lock_waits (this has a version gate and uses select * from performance_schema.data_lock_waits on 8.0) select * from information_schema.innodb_cmp select * from information_schema.innodb_cmpmem select * from information_schema.innodb_metrics show global status show global variables That\u0026rsquo;s a lot of data, but bzip2 compressed it to around 20KB per minute. At 10000 files per week this ends up using 200 MB of disk space, which is reasonable for a post-mortem data stash.\nPossible extensions The original shell script has better support for TLS based communication, because it works using the command line client. The Python script needs TLS added.\nThe original shell script has some more version gating to handle older versions of MySQL and MariaDB. It tolerates missing data tables instead of terminating with an error.\nThe original shell script has a PMP trigger logic and can attach a gdb to the mysqld when certain conditions are met in order to PMP it. As we work only remotely in this version of the script, this is conceptually not supported.\n","date":"2021-04-22T00:00:00Z","href":"https://blog.koehntopp.info/2021/04/22/a-mysql-flight-recorder.html","tags":["lang_en","mysql"],"title":"A MySQL flight recorder"},{"categories":null,"content":"Children of Ruin is the second part of Children of Time by english Sci-Fi author Adrian Tchaikovsky.\nIn \u0026ldquo;Children of Time\u0026rdquo;, mankind reached for the stars, almost succeeded and also almost died out. They did manage to create a digital lifeform, though, and also to seed and uplift life from earth on another world - just not the intended one. And so we ended up with a race of intelligent giant jumping spiders that manage to befriend the broken artificial intelligence orbiting their world and to rescue the remnants of humankind from themselves. Oh, and ant based computers.\nThis almost Peter-Watts-like eclectic and unlikely cast of characters is amended in \u0026ldquo;Children of Ruin\u0026rdquo;, in which a spider-human ship travels a radio source that suggests intelligent life, to find a civilisation of similarly uplifted octopodes at war with itself, and a planet with truly alien, non-terran life which at some point becomes aware of the various terran research groups.\nTchaikovsky again manages to pull off nonhuman characters in a way that reads interesting and relatable, while at the same time completely alien.\nSee also Other Minds \u0026ldquo;Children of Ruin \u0026rdquo;, Adrian Tchaikovsky, EUR 5.99\n","date":"2021-04-07T00:00:00Z","href":"https://blog.koehntopp.info/2021/04/07/fertig-gelesen-children-of-ruin.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: Children of Ruin"},{"categories":null,"content":"Conan, The Barbarian by Robert E. Howard is a collection of all Conan stories.\nImaginary Worlds Ep 114: The Man Behind the Sword (Episode Transcript PDF ) discussed Robert E. Howard, his 1930\u0026rsquo;s character Conan, The Barbarian and how Howard\u0026rsquo;s Conan is different from the Schwarzenegger character, and a much deeper and more complicated story. Go, and listen to the episode, it is well worth the time.\nHaving seen the Schwarzenegger film, but never actually having read the book I went out and got this complete collection. The podcast was right, the original book Conan is much unlike the Schwarzenegger film Conan, and the book is fun to read. It\u0026rsquo;s a classic.\n\u0026ldquo;Conan, The Barbarian \u0026rdquo;, Robert E. Howard, EUR 0.99\n","date":"2021-04-07T00:00:00Z","href":"https://blog.koehntopp.info/2021/04/07/fertig-gelesen-conan-the-barbarian.html","tags":["lang_en","media","review","book"],"title":"Fertig gelesen: Conan, The Barbarian"},{"categories":null,"content":"Heaven\u0026rsquo;s River is the fourth part of the Bobiverse Trilogy, in which the original Bob finds a decaying alien megastructure, and investigates.\nPreviously in the Bobiverse:\nWe are Legion (We are Bob) For We Are Many All These Worlds Bob Johannson is a successful software developer, and cashes out. Then he dies, becomes a sentient spaceship and von Neumann probe, and then earth is almost destroyed in a war. Bob moves on, doing the von Neumann thing, and plundering the resources of foreign star systems makes more Bobs.\nIn this fourth part of a trilogy, Bob finds that the 20th+ generations of Bobs are very different from him, and have interests and ways of thinking he cannot or does not want to follow. Factions arise inside the Bobhood, and civil war breaks out. Because Bobs are von Neumann probes in a resource rich universe, the conflict is not over resources, but over first contacts and the relationship to the remnants of humanity and \u0026ldquo;other bios\u0026rdquo; that hold Bobhood back from becoming a truly starfaring race.\nMeanwhile, Bob meets yet another race, and this one actually managed to build a ringworld-sized megastructure around their star, while at the same time being highly aggressive (and like humanity, destroying their homeworld). Bob controlled Androids infiltrate the megastructure and try to find the controlling intelligence as part of a rescue operation.\nEntertaining, and still novel ideas after the original trilogy kind of came to an end. Some parallels to John Varley\u0026rsquo;s much earlier Gaea .\n\u0026ldquo;Heaven\u0026rsquo;s River \u0026rdquo;, Dennis E. Taylor, EUR 5.07 (also available for free on Kinde unlimited)\n","date":"2021-04-07T00:00:00Z","href":"https://blog.koehntopp.info/2021/04/07/fertig-gelesen-heavens-river.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: Heaven's River"},{"categories":null,"content":"Masters of Doom: How Two Guys Created an Empire and Transformed Pop Culture by David Kushner is the story of the two Johns: Carmack and Romero, and the early video game culture and the genre of the 3D first person shooter.\nA lot of todays \u0026ldquo;hard core\u0026rdquo; and somewhat toxic video game culture was defined by the two Johns and the company they built, as well as the culture that followed. The book follows their personal and company history and all the tales that come with it, and shows to differently broken persons building - for a time - a very successful company and failing differently. It also shows the nascent computer industry and how the hardware we have today was built around the software of that time and vice versa.\n\u0026ldquo;Masters of Doom: How Two Guys Created an Empire and Transformed Pop Culture \u0026rdquo;, David Kushner, EUR 6.99\nFabien Sanglard is a technology archeologist specializing in video games. His first book, Game Engine Black Book: DOOM is a unique analysis of the hardware and software that ran Doom back then, and what compromises and tricks were necessary to pull off the feat of creating a 30 fps full screen 3D animation on hardware that could not possibly actually do this.\nIf you know how to code, or if you know anything about games, demos, 3D animation, this is a truly unique tour of deep geekery and trickery.\nGame Engine Black Book: DOOM , on Sanglard\u0026rsquo;s website. Links to an electronic version in Google Play, and a free High-Res PDF for download.\n","date":"2021-04-07T00:00:00Z","href":"https://blog.koehntopp.info/2021/04/07/fertig-gelesen-masters-of-doom.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: Masters of Doom and The Game Engine Black Book: Doom"},{"categories":null,"content":"Peter Godfrey-Smith writes Other Minds: The Octopus and the Evolution of Intelligent Life , a book about the body, the mind and the life of Octopi.\nOctopi are creatures that are across the tree of life about as different as can be from humans. How different are they? Their blood is not based on iron, as ours, but uses copper to transport Oxygen, and consequently is not red from hemoglobin, but blueish from hemocyanin.\nTheir brain is not centralized in a single place, but sub-brains control the various arm motor systems. These are way more complex than in humans, because they are creatures of muscle without a skeleton, providing a completely different motor apparatus. On top of that, they contain a highly developed vision system that is similar to ours, but evolved independently, and a number of cells in the skin that allow them to flash complex patterns of colors in rapid succession.\nIn short, Octopi are basically aliens that co-evolved on our planet.\nAnd despite their very short lifespans they are highly intelligent: They can distinguish humans and remember how different humans treated them differently in the past. They open complicated locking mechanisms, remember schedules and plan escapes, shoot lights out by aiming water spouts at switches and use other convenient tools. They can learn by observation and deduction.\nHow do their brains work, and what does the world look like to an Octopus? Goes extremely well with Children of Ruin \u0026ldquo;Other Minds: The Octopus and the Evolution of Intelligent Life \u0026rdquo;, Peter Godfrey-Smith, EUR 6.77.\n","date":"2021-04-07T00:00:00Z","href":"https://blog.koehntopp.info/2021/04/07/fertig-gelesen-other-minds.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: Other Minds"},{"categories":null,"content":"Terry Jones\u0026rsquo; Barbarians: An Alternative Roman History by Alan Ereira is the writeup to the BBC series \u0026ldquo;Terry Jones\u0026rsquo; Barbarians \u0026rdquo;.\nTerry Jones, who sadly died in early 2020, was not only a member of Monty Pythons Flying Circus, but among many other things a TV author and presenter for a number of BBC series on medieval and ancient history. In many cases, he takes the controversial position and presents a view of history that challenges the popular view. In Barbarians, he goes through the history of the Roman Empire and the various groups of people the Romans fought and the cultures they destroyed in building their empire.\nThe book and the TV series discuss the Celts, Goths, Greek, Vandals, and Huns and their respective achievements, cultures and their clash with the Romans, portraying them in ways superior or at least equal to the civilsatory level of the Roman Empire. He also shows how these various cultures, despite being at war, meshed and merged, but also what was lost or is today under-reported and under-researched.\n\u0026ldquo;Terry Jones\u0026rsquo; Barbarians \u0026rdquo;, Alan Ereira, EUR 8.99\n","date":"2021-04-07T00:00:00Z","href":"https://blog.koehntopp.info/2021/04/07/fertig-gelesen-terry-jones-barbarians.html","tags":["lang_en","book","review","media"],"title":"Fertig gelesen: Terry Jones' Barbarians"},{"categories":null,"content":"The Vanishing Middle Class: Prejudice and Power in a Dual Economy by Peter Temin analyzes the economical and political structure of the USA. Temin does this through the lens of the \u0026ldquo;Dual Economy \u0026rdquo; Model.\nDual Economies are normally prevalent in colonial societies of \u0026ldquo;less developed\u0026rdquo; countries. These countries usually have local production and production for a global export market, and besides economical and income structures around this separation, there are also social segration and a certain degree of isolation of the social groups from each other - in politics as well as attempts to prevent social migration into the higher ranked group.\nTemin applies this thinking to the increasingly partisan politics and the underlying social development in the US. He is looking at what he calls the FTE sector (finance, tech and electronics), which makes up around 20% of the population and the rest. Middle class is also defined, in his case as 2/3 to 2x the median income ($40k to 120k p.a. in 2014). He shows how \u0026ldquo;membership\u0026rdquo; in the FTE sector is also happening along racial boundaries, but is not limited to this - \u0026ldquo;black\u0026rdquo; stereotypes are also tied to lower class \u0026ldquo;white\u0026rdquo; people. Temin also shows how the size of the middle class is shrinking, looking at the most recent 50 years of history. He then goes on to analyze politics and institutions, and how they align to cement and foster this process.\nThis is an exhausting read in more than one way: This is a science book and written to build a case, not to be easily readable. On the other hand, lots of sources and additional material are supplied. The kind of book you read at the desk with a browser open and not in bed. Also emotionally exhausting, because it shows the machinery of injustice at work, and in harsh detail.\n\u0026ldquo;The Vanishing Middle Class: Prejudice and Power in a Dual Economy \u0026rdquo;, Peter Temin, EUR 14.72\n","date":"2021-04-07T00:00:00Z","href":"https://blog.koehntopp.info/2021/04/07/fertig-gelesen-the-vanishing-middle-class.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: The Vanishing Middle Class"},{"categories":null,"content":"In ALTER TABLE for UUID we discuss currently proper way to store and handle UUID in MySQL. Currently it works, even in a performant way, but it still hurts. It should not.\nDefinition of UUID The RFC 4122 defines various types of UUID, and how they are being formatted for presentation and as a bit field on the wire. As this document was written bei Leach and Salz, among others, RFC 4122 UUIDs are also called \u0026ldquo;Leach-Salz UUIDs\u0026rdquo; (for example in the Java Documentation ).\nThere are other UUID variants, used in other systems (NCS, and Microsoft \u0026ldquo;backwards compatibility\u0026rdquo;).\nA RFC 4122 UUID is a special 128 bit long value (\u0026ldquo;16 octets\u0026rdquo; ). It is supposed to be laid out like this:\n0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | time_low | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | time_mid | time_hi_and_version | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |clk_seq_hi_res | clk_seq_low | node (0-1) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | node (2-5) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The high bits in clk_seq_hi_res define the variant, and anything starting with the bit sequence 10 is a RFC 4122 compliant UUID.\nThe high nibble in time_hi_and_version defines the RFC 4122 Type (or version), the algorithm used. RFC 4122 itself defines versions 1 to 5 (version 0 is unused).\nThere is an expired draft that defines a version 6, which is specifically designed to use a primary key for databases. It uses the same timestamp value as Type 1, but stores the bytes so that ordering by creation time is preserved. It also relaxes the requirements on the node field, officially allowing different sources for bits than the MAC address. Sample implementations are available in various languages.\nUUIDs are all over the place in Windows and also in Java. Databases have to handle them as \u0026ldquo;application generated primary keys\u0026rdquo;. That\u0026rsquo;s why they are important and should be treated with some attention.\nHandling UUID in MySQL 8 MySQL provides functions to generate UUIDs, to check if a thing is a validly formatted string that looks like a UUID, and to convert UUIDs to 128 bit bitstrings and back.\nThe latter two functions have a special flag to improve performance with InnoDB. This flag is by default off. No attempt is made to automatically do the right thing dependent on the UUID type.\nUUID function The MySQL function UUID() returns a RFC 4122 Type 1 UUID.\nmysql\u0026gt; select uuid_to_bin(uuid()) as uuid; +------------------------------------+ | uuid | +------------------------------------+ | 0x80462D3C96AB11EB94BBBA2278F258E1 | +------------------------------------+ 1 row in set (0.00 sec) Formatted like in the RFC, we get the following values:\n80462D3C 96AB 1 1EB 9 4 BB B A22 78F258E1 Specifically, the clk_seq_hi_res contains the variant value, 9, and the time_hi_and_version contains the version, 1.\nAccording to the RFC, the variant 9 = 1001 = 10x (a RFC 4122 compliant UUID).\nOf the Versions defined in RFC 4122, it is Version 1 or Type 1 , \u0026ldquo;The time-based version in this document\u0026rdquo;. The generation algorithm is defined in section 4.2 of that RFC.\nSo a MySQL generated UUID is always a RFC 4122 Type 1 (time based) UUID.\nJava generated UUID values Compare with the Java UUID Class :\nWe have randomUUID(), returning a Type 4 UUID and nameUUIDFromBytes() for Type 3 and a generic Constructor that takes any 128 bit value. So what we get from Java is likely name based or random UUIDs generated by the application.\nName based UUIDs are fixed for a fixed name, so they pose no problem when used with MySQL as a primary key.\nRandom UUIDs are completely random. There is nothing to optimize for MySQL here.\nNeither is a good choice to use as a kind of application controlled distributed primary key.\nBased on the reasoning in ALTER TABLE for UUID , Java developers that are using UUID for this purpose would be well advised to implement and use a Type 1 UUID. It seems that such an implementation is not available by default as part of java.lang.util, but other implementations exist .\nIS_UUID() function The IS_UUID() predicate returns 1 for all strings that can be parsed as a UUID.\nThat is, it checks for one of three ways to write the UUID, and that it contains only valid hex digits in the places that actually contain data. No attempt is made to validate any of the bits. Code is here , and the actual parsing happens here .\nUUID_TO_BIN() function MySQL allows three ways to write UUIDs, as a 128 bit hex string (6ccd780cbaba102695645b8c656024db), as a 128 bit hex string with dashes in the right places (6CCD780C-BABA-1026-9564-5B8C656024DB) and as a 128 bit hex string with dashes in the right places and enclosed in curly braces ({6CCD780C-BABA-1026-9564-5B8C656024DB}).\nThis is not a particular dense packing of data for storage. The UUID_TO_BIN() function takes any of these strings and returns a VARBINARY(16) for storage.\nThe function has an optional second parameter, the swap_flag. When applied to a Type 1 UUID, the time bytes are being swapped around so that chronological ascending UUIDs from the same node are also having numerically ascending values. This optimizes storage with InnoDB.\nType 1 UUID: It is recommended you define UUID columns as VARBINARY(16) and use theUUID_TO_BIN(uuid_string, 1) function to store data. Type 6 UUID: You should use UUID_TO_BIN(uuid_string, 0) to store Type 6 UUIDs, because Type 6 has been specifically created to avoid the swapping of time bytes around. Other types: These do not profit from swapping, so also use UUID_TO_BIN(uuid_string, 0). BIN_TO_UUID function The inverse function to UUID_TO_BIN is BIN_TO_UUID() . It needs the same swap_flag value as has been used at write time in order to unpack the data correctly.\nIt should hurt less This all should hurt less.\nMySQL should have a native UUID column type, which stores data internally in a VARBINARY(16) (or BINARY(16)). It should accept all three notations as input (hex string, with dashes, with curly braces and dashes). It should return a hex string without dashes or curlies. It should validate variant and type (version), allowing Types 1 to 6. It should auto-convert (swap) data for Type 1, but not for any other type. There should be a formatting function that turns a hex string without dashes into a UUID string with dashes, or a UUID string with dashes and curlies. That is, I want to be able to\nmysql\u0026gt; create table u ( u uuid not null primary key, dummy integer ); mysql\u0026gt; insert into u values (uuid(), 1); mysql\u0026gt; select u from u\\G u: 6ccd780cbaba102695645b8c656024db mysql\u0026gt; select format_uuid(u, 0) as u from u\\G u: 6CCD780C-BABA-1026-9564-5B8C656024DB mysql\u0026gt; select format_uuid(u) as u from u\\G u: 6CCD780C-BABA-1026-9564-5B8C656024DB mysql\u0026gt; select format_uuid(u, 1) as u from u\\G u: {6CCD780C-BABA-1026-9564-5B8C656024DB} and internally, this is stored as 0x1026BABA6CCD780C95645B8C656024DB, because variant is RFC 4122 and Type is 1.\nFor any other Type of the RFC 4122 the internal swapping does not happen.\nTrying to store anything that is not a RFC 4122 variant is an error. Trying to store anything that is a RFC 4122 variant but not a Type 1 to 6 is an error.\n","date":"2021-04-06T00:00:00Z","href":"https://blog.koehntopp.info/2021/04/06/mysql-and-uuids.html","tags":["lang_en","mysql"],"title":"MySQL and UUIDs"},{"categories":null,"content":"(based on a find by Ruud van Tol, and several Twitter contributions)\nRuud commented on our DST discussion with\nmysql\u0026gt; SELECT \u0026#39;2019-02-28 12:34:56\u0026#39;+ INTERVAL 1 YEAR + INTERVAL 1 DAY as a, \u0026#39;2019-02-28 12:34:56\u0026#39;+ INTERVAL 1 DAY + INTERVAL 1 YEAR as b\\G a: 2020-02-29 12:34:56 b: 2020-03-01 12:34:56 2019 is a year before a leap year. Adding (left to right) a year brings us to 2020-02-28, and then adding a day makes this 2020-02-29, because it\u0026rsquo;s a leap year.\nOn the other hand, adding a day first makes it 2019-03-01, and then adding a year makes it 2020-03-01, a different result.\nClearly, addition is not commutative on dates, and having a two step interval addition is breaking expectations here.\nCompound Interval Notation MySQL is offering a bit of syntax for compound intervals. You can look it up in the manual .\nTo write up compound intervals, there is a select number of unit names that are actually allowed, and a special expression syntax for each one.\nFor example, you can + interval 12:23:56.789 hour_microsecond, or + interval 01-01 year_month. You can\u0026rsquo;t jump a year and a day, because there is no unit for that. Instead you have to write this down in MySQL in a two step interval addition and suddenly order matters.\nIf you think that this is a cumbersome solution and a cumbersome syntax, you will see me nodding in agreement.\nOther databases SQLite Mohammed S. Al Sahaf contributes this syntax for SQLite :\nsqlite\u0026gt; select date(\u0026#39;2019-02-28\u0026#39;, \u0026#39;+1 year\u0026#39;, \u0026#39;+1 day\u0026#39;) as a, date(\u0026#39;2019-02-28\u0026#39;, \u0026#39;+1 day\u0026#39;, \u0026#39;+1 year\u0026#39;) as b; a b ---------- ---------- 2020-02-29 2020-03-01 confirming that this is not a problem specific to MySQL.\nPostgres Andreas Scherbaum demonstrates the more generic Postgres Syntax:\npgsql\u0026gt; SELECT \u0026#39;2019-02-28 12:34:56\u0026#39;::TIMESTAMP + INTERVAL \u0026#39;1 year 1 day\u0026#39; as a, \u0026#39;2019-02-28 12:34:56\u0026#39;::TIMESTAMP + INTERVAL \u0026#39;1 day 1 year\u0026#39; as b; a: 2020-02-29T12:34:56Z\tb: 2020-02-29T12:34:56Z\tThis works, because Postgres offers a syntax for a single interval that can combine arbitrary units. So internally both times it\u0026rsquo;s the same order of operations (a span of a year and a day) in a single interval.\nThe two-step operation gives the same result as MYSQL.\npgsql\u0026gt; SELECT \u0026#39;2019-02-28 12:34:56\u0026#39;::TIMESTAMP + INTERVAL \u0026#39;1 year\u0026#39; + INTERVAL \u0026#39;1 day\u0026#39; as a, \u0026#39;2019-02-28 12:34:56\u0026#39;::TIMESTAMP + INTERVAL \u0026#39;1 day\u0026#39; + INTERVAL \u0026#39;1 year\u0026#39; as b; a: 2020-02-29T12:34:56Z\tb: 2020-03-01T12:34:56Z Cockroach Mohammed also demonstrates that Cockroach has the same syntax that allows Postgres to make the calculation in a single step:\nCockroach\u0026gt; select \u0026#39;2019-02-28 12:34:56\u0026#39;::TIMESTAMP + INTERVAL \u0026#39;1 year 1 day\u0026#39; as a, \u0026#39;2019-02-28 12:34:56\u0026#39;::TIMESTAMP + INTERVAL \u0026#39;1 day 1 year\u0026#39; as b; a | b ----------------------------+---------------------------- 2020-02-29 12:34:56+00.00 | 2020-02-29 12:34:56+00.00 What to do about it? I do not think that the different results for \u0026ldquo;a day and a year\u0026rdquo; and \u0026ldquo;a year and a day\u0026rdquo; for leap years in current MySQL are a bug, but they are certainly unexpected.\nI do think the current syntax for compound intervals that MySQL has is cumbersome and limited. It is also different from Postgres and Cockroach.\nPicking up Postgres/Cockroach interval notation would allow MySQL to get rid of \u0026ldquo;day_microsecond\u0026rdquo; and all the special expression syntaxes. It would also allow it to write arbitrary intervals with a much simpler notation.\nSo, MySQL, please consider\nmysql\u0026gt; select \u0026#39;2019-02-29 12:34:56\u0026#39; + interval \u0026#39;1 day 1 year\u0026#39; as a; a: 2020-02-29 12:34:56 sort it internally into a canonical expression and make it possible to jump to \u0026lsquo;2020-02-29 12:34:56\u0026rsquo; in a single interval jump.\nUntil then, make sure that you manually order your chained intervals into the proper sequence of steps. And if it is not from large to small, prepare to be surprised.\n","date":"2021-04-02T00:00:00Z","href":"https://blog.koehntopp.info/2021/04/02/making-an-unexpected-leap-with-interval-syntax.html","tags":["lang_en","mysql"],"title":"Making an unexpected leap with interval syntax"},{"categories":null,"content":"(based on a conversation with a colleague, and a bit of Twitter )\nA Conundrum A developer colleague paged me with this:\nmysql\u0026gt; select UNIX_TIMESTAMP(\u0026#34;2021-03-26 03:07:00\u0026#34; + INTERVAL 2 YEAR) - UNIX_TIMESTAMP(\u0026#34;2021-03-26 02:07:00\u0026#34; + INTERVAL 2 YEAR) as delta\\G delta: 420 It is obviously wrong, and weirdly so. It only works for \u0026ldquo;2 year\u0026rdquo;, not with other values:\nmysql\u0026gt; select UNIX_TIMESTAMP(\u0026#34;2021-03-26 03:07:00\u0026#34; + INTERVAL 1-11 year_month) - UNIX_TIMESTAMP(\u0026#34;2021-03-26 02:07:00\u0026#34; + INTERVAL 1-11 year_month) as delta\\G delta: 3600 mysql\u0026gt; select UNIX_TIMESTAMP(\u0026#34;2021-03-26 03:07:00\u0026#34; + INTERVAL 1-12 year_month) - UNIX_TIMESTAMP(\u0026#34;2021-03-26 02:07:00\u0026#34; + INTERVAL 1-12 year_month) as delta\\G delta: 3600 mysql\u0026gt; select UNIX_TIMESTAMP(\u0026#34;2021-03-26 03:07:00\u0026#34; + INTERVAL 1-13 year_month) - UNIX_TIMESTAMP(\u0026#34;2021-03-26 02:07:00\u0026#34; + INTERVAL 1-13 year_month) as delta\\G delta: 3600 It has to be exactly 730 days (2 * 365 days, 2 years):\nmysql\u0026gt; select UNIX_TIMESTAMP(\u0026#34;2021-03-26 03:07:00\u0026#34; + INTERVAL 729 day) - UNIX_TIMESTAMP(\u0026#34;2021-03-26 02:07:00\u0026#34; + interval 729 day) as delta\\G delta: 3600 mysql\u0026gt; select UNIX_TIMESTAMP(\u0026#34;2021-03-26 03:07:00\u0026#34; + INTERVAL 730 day) - UNIX_TIMESTAMP(\u0026#34;2021-03-26 02:07:00\u0026#34; + interval 730 day) as delta\\G delta: 420 mysql\u0026gt; select UNIX_TIMESTAMP(\u0026#34;2021-03-26 03:07:00\u0026#34; + INTERVAL 731 day) - UNIX_TIMESTAMP(\u0026#34;2021-03-26 02:07:00\u0026#34; + interval 731 day) as delta\\G delta: 3600 The Reason In our math, we have two expressions mixing MySQL Timestamp data types with UNIX Timestamp Integers.\nSo in the expression UNIX_TIMESTAMP(\u0026quot;2021-03-26 03:07:00\u0026quot; + INTERVAL 2 year) the part \u0026quot;2021-03-26 03:07:00\u0026quot; is a string, which is converted to a MySQL Timestamp type.\nThis MySQL Timestamp type is then used in an interval arithmetic expression to yield another MySQL Timestamp type.\nThis resulting MySQL Timestamp type is then fed into the UNIX_TIMESTAMP function, and produces an integer.\nThe same happens with UNIX_TIMESTAMP(\u0026quot;2021-03-26 02:07:00\u0026quot; + interval 2 year), producing another integer.\nThis is not the integer we are looking for:\nmysql\u0026gt; select from_unixtime(UNIX_TIMESTAMP(\u0026#34;2021-03-26 02:07:00\u0026#34; + interval 730 day)) as t\\G t: 2023-03-26 03:00:00 mysql\u0026gt; show global variables like \u0026#34;%time_zone%\u0026#34;; +------------------+--------+ | Variable_name | Value | +------------------+--------+ | system_time_zone | CEST | | time_zone | SYSTEM | +------------------+--------+ The First Level of Wrongness The 2023-03-26 is the day of the proposed time zone switch for 2023.\nOn this date, in the CET/CEST time zone, 02:07:00 is an invalid timestamp. MySQL silently, without error or warning, rounds this up to the next valid timestamp, 03:00:00.\nThis also happened yesterday:\n$ mysql --show-warnings mysql\u0026gt; select from_unixtime(unix_timestamp(\u0026#34;2021-03-28 02:07:00\u0026#34;)) as t\\G t: 2021-03-28 03:00:00 This should error, and must at least warn. It does neither.\nThe Second Level of Wrongness For\nmysql\u0026gt; select from_unixtime(UNIX_TIMESTAMP(\u0026#34;2021-03-26 02:07:00\u0026#34; + interval 730 day)) as t\\G t: 2023-03-26 03:00:00 there is the choice of producing the correct timestamp or producing an error. Silently fast forwarding to the next valid timestamp is incorrect in all cases.\nSetting UTC The database is running with the time_zone set to SYSTEM, and the system is running with the system_time_zone (a read-only variable) set to CEST (was: CET), which was picked up after the server start (on my laptop, in this case).\nmysql\u0026gt; show global variables like \u0026#34;%time_zone%\u0026#34;; +------------------+--------+ | Variable_name | Value | +------------------+--------+ | system_time_zone | CEST | | time_zone | SYSTEM | +------------------+--------+ 2 rows in set (0.01 sec) t: 2023-03-26 03:00:00 Trying to set the time_zone to UTC fails. This is because the time_zone tables have not been loaded.\n$ mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p\u0026#39;\u0026#39; mysql ... With that, I can\n$ mysql -u root -p mysql\u0026gt; set global time_zone=\u0026#34;UTC\u0026#34;; Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; set session time_zone=\u0026#34;UTC\u0026#34;; Query OK, 0 rows affected (0.00 sec) And with that, I can avoid the conversion:\nmysql\u0026gt; select from_unixtime(unix_timestamp(\u0026#34;2021-03-28 00:07:00\u0026#34;)) as t; +---------------------+ | t | +---------------------+ | 2021-03-28 00:07:00 | +---------------------+ 1 row in set (0.00 sec)mysql\u0026gt; select from_unixtime(unix_timestamp(\u0026#34;2021-03-28 01:07:00\u0026#34;)) as t; +---------------------+ | t | +---------------------+ | 2021-03-28 01:07:00 | +---------------------+ 1 row in set (0.00 sec)mysql\u0026gt; select from_unixtime(unix_timestamp(\u0026#34;2021-03-28 02:07:00\u0026#34;)) as t; +---------------------+ | t | +---------------------+ | 2021-03-28 02:07:00 | +---------------------+ 1 row in set (0.00 sec)mysql\u0026gt; select from_unixtime(unix_timestamp(\u0026#34;2021-03-28 03:07:00\u0026#34;)) as t; +---------------------+ | t | +---------------------+ | 2021-03-28 03:07:00 | +---------------------+ 1 row in set (0.00 sec) This will also yield the correct result for the type-mixed difference I showed above:\nmysql\u0026gt; select UNIX_TIMESTAMP(\u0026#34;2021-03-26 03:07:00\u0026#34; + INTERVAL 2 YEAR) - UNIX_TIMESTAMP(\u0026#34;2021-03-26 02:07:00\u0026#34; + INTERVAL 2 YEAR) as delta\\G delta: 3600 Not mixing MySQL Date Types and UNIX Timestamps The original math fails, because it mixes UNIX Timestamps and Date Interval Arithmethics.\nWe can handle this all the way in MySQL, using the extremely weird timestampdiff() function (more on that below):\nmysql\u0026gt; select timestampdiff( second, date_add(\u0026#34;2021-03-26 02:07:00\u0026#34;, INTERVAL 2 YEAR), date_add(\u0026#34;2021-03-26 03:07:00\u0026#34;, INTERVAL 2 YEAR) ) as t\\G t: 3600 We can handle this all the way in Integers with Unix Timestamps:\nmysql\u0026gt; select 86400 * 365 as t \\G t: 31536000 mysql\u0026gt; select (unix_timestamp(\u0026#34;2021-03-26 03:07:00\u0026#34;) + 2*31536000) - (unix_timestamp(\u0026#34;2021-03-26 02:07:00\u0026#34;) + 2* 31536000) as t \\G t: 3600 Both give us correct results.\nDate and Time Syntax MySQL provides you INTERVAL syntax with operators:\nmysql\u0026gt; select \u0026#34;2021-03-29 10:02:03\u0026#34; + interval 1 hour as t\\G t: 2021-03-29 11:02:03 and with functions:\nmysql\u0026gt; select date_add(\u0026#34;2021-03-29 10:02:03\u0026#34;, interval 1 hour) as t\\G t: 2021-03-29 11:02:03 Interval Syntax is weird. You can\u0026rsquo;t\nmysql\u0026gt; select \u0026#34;2021-03-29 10:02:03\u0026#34; + interval 1 month 1 hour as t\\G ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \u0026#39;1 hour as t\u0026#39; at line 1 You can only\nmysql\u0026gt; select \u0026#34;2021-03-29 10:02:03\u0026#34; + interval 1 month + interval 1 hour as t\\G t: 2021-04-29 11:02:03 With date_add() it is worse, because you have to nest:\nmysql\u0026gt; select date_add(\u0026#34;2021-03-29 10:02:03\u0026#34;, interval 1 month + interval 1 hour) as t\\G ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \u0026#39;1 hour) as t\u0026#39; at line 1 That would be then\nmysql\u0026gt; select date_add(date_add(\u0026#34;2021-03-29 10:02:03\u0026#34;, interval 1 month), interval 1 hour) as t\\G t: 2021-04-29 11:02:03 So date_add() and date_sub() both take a timestamp and an interval, and can be written as + and -, avoiding the nesting.\nA Word of Warning on DIFF functions There are two functions with underscores in the name, DATE_ADD() and DATE_SUB(), which take a timestamp and an interval. They produce a new timestamp.\nThere are three functions without underscores in the name DATEDIFF(), TIMEDIFF() and TIMESTAMPDIFF(), which take two timestamps and produce the difference.\nThey are all subtly different, and the parameter order for TIMESTAMPDIFF() is the other way around.\nRead carefully:\ndatediff(a, b) calculates the DATE difference as a-b. The time part of the timestamps is ignored.\nmysql\u0026gt; select datediff(now() + interval 1 month, now()) as t\\G t: 31 mysql\u0026gt; select datediff(now() + interval 2 month, now() + interval 1 month) as t\\G t: 30 timediff(a, b) calculates the TIME difference as a-b. The DATE and TIME parts are being used. The range is limited to the range of the TIME type, which is from \u0026lsquo;-838:59:59\u0026rsquo; to \u0026lsquo;838:59:59\u0026rsquo;.\nThat is 5 weeks, less 1 hour and 1 second (5 weeks are 840 hours, 5 * 7 * 24).\ntimestampdiff(unit, a, b) can do \u0026ldquo;proper\u0026rdquo; difference between b and a. The result is reported in the unit specified.\nThe order of the parameters is inexplicably reversed: We calculate b-a.\nmysql\u0026gt; select timestampdiff(hour, \u0026#34;2021-03-29 10:02:03\u0026#34;, \u0026#34;2021-03-29 10:02:03\u0026#34; + interval 1 month + interval 1 hour) as t\\G t: 745 TL;DR The lack of warning and error is now a MySQL Service Request. The original problem comes up because of the mixing of Unix Timestamp Arithmetic and MySQL Interval Arithmetic. There are ways to do it pure play either way, and they both result in the right result. There is DATEDIFF(), TIMEDIFF(), and TIMESTAMPDIFF(), and they are weird, and inconsistent and you really, really want to read the Date and Time Functions page, very carefully. ","date":"2021-03-29T00:00:00Z","href":"https://blog.koehntopp.info/2021/03/29/mysql-date-time-dst.html","tags":["lang_en","mysql"],"title":"Things you didn't know about MySQL and Date and Time and DST"},{"categories":null,"content":"Where I work, we are using MySQL a lot. The databases are being organized in replication hierarchies, and each hierarchy is a tree topology with a single primary and a number of intermediate replicas.\nReplication is a tree managed by Orchestrator We are using MySQL orchestrator to manage the replication topology.\nMySQL Orchestrator shows a typical replication hierarchy. Each color indicates a different data center/availability zone. Replication is a tree, from the primary to per-AZ intermediate replicas for fan-out to leaf replicas. Clients connect to the primary for writing, and to the leaf replicas for reading. Special instances exist as clone sources and backup instances.\nThe diagram above is the view presented by MySQL Orchestrator of a single replication hierarchy. Servers are arranged in a tree-shaped hierarchy. All writes go to the Primary at the tree root, which then replicates to intermediary replicas. These fan out to leaf replicas. Clients write to the Primary, and read from the leaf replicas.\nSpecial instances exist that are being used as clone sources for new replicas, to make backups and for other internal purposes (such as replication catchup benchmarks, for example).\nDifferent colors indicate different data centers or availability zones.\nClients find servers in Zookeeper Leaf replicas (and the Primary) register themselves with a Zookeeper when they are ready to serve traffic. The Zookeeper organizes replicas in the same availability zone in a pool, and offers that pool to clients.\nClients subscribe to pool changes in the Zookeeper. On change, they get notified and atomically dump the pool to a file on disk. That way, when Zookeeper is unavailable due to Zk internal voting or realignment, the clients still have a roster of endpoints to choose from. Also, they do not have to ask the Zk on each connect, only on each change.\nSome replication hierarchies see use from multiple applications: They are not single tenant, but multiple applications from different teams use the database as a shared data source, and as a way to communicate. That is, because historically there was only a single application, and a single schema, and then we grew and split things off.\nIn order to separate possibly interfering workloads from each other, such hierarchies have multiple pools for leaf replicas - one for each application. So there may be an \u0026lsquo;xml-misc\u0026rsquo; hierarchy (which would be the default pool), but also an \u0026lsquo;xml-mobile\u0026rsquo;, or an \u0026lsquo;xml-slow\u0026rsquo;. The latter would contain a number of sacrificial hosts to run queries on that cannot be optimized - that way they would interfere with each other, but not with the rest of the workload.\nIn any case, each leaf replica is always a member of at most one of these pools (it may not be in any pool, if it is a special purpose replica).\nPool name and AZ translate into a Zk path, and into a roster file on disk. Clients request a database handle by pool name, and end up with a connection to a random endpoint in the pool. Connections are direct, so in the MySQL processlist we can see the client host name and port as well as the application user name, which makes a lot of operational things much simpler.\nZk can also be used to find Primaries, and applications that are Zk aware benefit from that, because Zk updates are close to instantaneous. We also need to provide Primary hostnames via DNS, because there is always the odd shell script or non-Zk aware script in a snowflake language that does not understand pools. At least we do not have to manually split writes and reads from a single database handle, as if it\u0026rsquo;s 2001.\nDynamic database architecture Some replication hierarchies can get pretty large.\nThe oldest and largest replication hierarchy as seen in Orchestrator. It is more than 20 years old, and started as a schema on Postgres. But because Postgres could not replicate at all back then the company migrated to MySQL and grew on MySQL replication.\nOriginally, the company ran on Postgres, over 20 years ago. Back then Postgres could not reliably scale anyway, so the company migrated their stuff to MySQL and grew on MySQL replication. As you can see from the colors, this particular hierarchy spans three AZ. The blue bubbles in the leaf nodes indicate number of leaf replicas in the (compressed) tree view.\nThe segmentation of this particular replication hierarchy into pools is not visible within Orchestrator, only by dumping Zk.\nWe use MySQL in a memory saturated setup where possible. As a result there is no additional caching layer between the database and the application – MySQL can use memory and serve results just as fast as Memcache, when you ask it Memcache complexity questions. The boundary between Memcache level queries and true SQL is pretty fluid that way, and you do not have to deal with cache invalidation, cache representation issues and many other things that get in the way. Also, unlike a traditional caching layer, MySQL has a restart and warmup concept, so this operational aspect is also taken care of.\nInstances currently have a livetime of at most 60 days, and we are targeting a recycle time of less than 30 days. Also, the actual number of instances varies depending on the outcome of automated load tests in production and the traffic prediction. That leads to a pretty dynamic environment, but that is easily taken care of by the Zk based discovery, the replication tree management done with Orchestrator and the automated provisioning.\nFrom auto-provisioned Bare Metal… All of that is extremely old fashioned bare metal stuff. Currently databases run on HP or Dell blades, the smallest pieces of hardware one can reasonably buy: Dual-Silver 4110 machines (16 C/32 HT) with 96 or 128 GB of memory and one or two NVME SSD with 1.92 TB of storage each. We do not use RAID, we have replicas for redundancy.\nIn terms of RDS instances, these would map to db.m5.5xl, if these existed, I believe. Look up the list price of a db.m5.4xl, and compare. I believe we are at around 1/20th the cost of a hypothetical db.m5.5xl, and that is with pretty inefficient baremetal.\nBare metal with local storage is, if autoprovisioned, a wonderful thing – there is perfect workload isolation and no crosstalk, no jitter. Performance is extremely predictable, and the only adversary you are ever going to meet when debugging performance problems is yourself.\nHaving autoprovisoned bare metal is a large hurdle, though. There are two teams that have over time provided a bunch of software called ServerDB with many subcomponents related to talking to BMCs , enumerating machine components and managing firmware . There is another team writing a thing called Nemo, which does the same for network equipment. There is the PowerDNS API, and there is a whole collection of storage APIs to talk to, in order to provision local or remote storage.\nThe end result is a command line tool that makes you new databases, one individual copy, or two hundred instances, it almost does not matter.\n… to something else. Unfortunately this does no longer scale. New machinery is so powerful that even the tiniest pieces of hardware are too large for our medium sized databases.\nThere are outliers: I have seen instances that run on actual storage servers , but admittedly this particular team is holding it wrong and should rethink the way they are using databases, because an instance with 120 TB local NVME and a single 35 TB table is not a thing that helps with automation at all.\nNormal customers would benefit from running databases in virtual machines that are slices of much larger servers, and that are no larger than, say, 1/4 of the actual hardware, in order to be not overly hard on the packing algorithms of the scheduler.\nBut even when running on virtual hardware, predictive autoscaling and long lived instances are a must. Data size matters, and so do optimizations, because lugging around Terabyte sized blocks of data is still carrying a certain operational weight, even in 2021.\nThe worst case example would be the very large hierarchy shown above. It has a data directory of 850 GB, plus binlog files, so around one Terabyte of clone work to get up and running. At 400 MB/s instantiation speed, making one instance of these takes not under 45 minutes, and more likely around one hour.\nAssume that you lose one data center branch worth of these (say, the green section in the image above), you would have to reclone that. You would be looking at 100-200 clone operations. Concurrently at 400 MB/s, that\u0026rsquo;s 100 concurrent clones at 400 MB/s, or 40 GB/s. That translates into 400 GBit/s aggregate bandwidth, and that\u0026rsquo;s not happening with a single clone source, and not happening at all unless your network is built for this .\nSo you are looking at a staged rollout with work queues and some orchestration. Plan a multiple day setup time for a thing of that size. And when finished, it starts catching up with replication before it can be useful in production.\nWhat I have, and what I am looking for At this point in time there is a single Python command dba with subcommands, which talks to all the backend APIs to handle things. It grew out of a collection of shell scripts that did things to a single machine to make DBA life easier, and it still is mostly a local command line application (headless Django). It also is not exposing an API, and cannot be used by other people than DBAs.\nOf course, the number of replication hierarchies does not shrink.\nMySQL Orchestrator Replication Overview screen. Each card is a replication hierarchy with a number of instances organized in one of the trees shown above.\nSo imagine a thing not unlike a K8s controller, exposing an API, storing a desired state for the entire system of hierarchies and instances, and running a reconciliation loop. But it is not talking to a single K8s cluster, but to a number of backend APis, which may be bare metal hardware, Openstack, EC2, RDS, or K8s.\nIt understands MySQL and knows things about the application, like a K8s operator. So it knows This is MySQL and This is how we run MySQL around here. It would understand things like Ownership and Tenancy (\u0026ldquo;This team can make API calls affecting these chains.\u0026rdquo;) and it would not only understand operational things (\u0026ldquo;Make an instance.\u0026rdquo;, \u0026ldquo;Make a datadir\u0026rdquo;, \u0026ldquo;Connect Replication.\u0026rdquo;), but also things like Grant Management, Backup and Restore Testing, Production Capacity Testing, Replication Catchup Speed testing and Monitoring, Query Workload subsampling and Alerting.\nI would need to be able to describe a \u0026ldquo;replication chain\u0026rdquo; made from \u0026ldquo;instances\u0026rdquo; in various \u0026ldquo;backend services\u0026rdquo;. Each backend service would need a \u0026ldquo;bootstrap procedure\u0026rdquo; to establish initial presence, and from there clone out instances. Instances then would need to integrate into the chain, catch up, warm caches, register in Zk, and become operational.\nCapacity testing and a predictive scale goal would define the number of instances per backend, so that we are ready for the coming days load, with some margin for failure and Murphy. Backups probably can be made per chain, and not per backend, assuming the bootstrapping works and is tested.\nI would need probably the provisioning/deployment/upgrade and cycling as a procedure per backend, and they likely can be one: MySQL identity is defined by its datadir, and as long as I can keep volumes of datadirs alive independently of the actual database base instance, I should be able to pre-provision fresh instances, detach the volume from an old instance and reattach it to the new instance within a very short time.\nThat would allow me to meet a 30d instance age limit easily. I would also be able to move to newer versions of MySQL at will, and even downgrade within datadir binary compatibility limits. Upgrade orchestration is a thing: One has to put newer versions at the leaf nodes, and the gradually move upwards in the replication tree.\n\u0026ldquo;as a Service\u0026rdquo; Understanding a product is not a thing you can do as the developer and vendor of a product. You can only do it as a products user, because only then you understand the needs.\nA good vendor is running the product itself – that is the one thing that makes me very excited about Oracle MySQL running MySQL in their own cloud. Finally they are running their own product in a production environment and maybe realize all the fiddly things, wrong defaults, useless tuning knobs and operational complications, and all the places where the product is simply missing code. Things like the CLONE command should (and could!) have happened a decade ago.\nRunning a product as a user makes you understand the needs… of your organisation. There may be others. A good vendor collects these views, and merges them with their own experience, and then writes The Book™ on the product.\nThe Book™ on MySQL currently is a number of half-assed \u0026ldquo;MySQL as a service\u0026rdquo; implementations.\nThere is Amazon RDS, which is doing things like it\u0026rsquo;s 2010 – active/passive primary switchover with DRBD, and asynchronous replication for scaleout, limited to a very small number of managed instances, and a rather static hierarchy, without a clear discovery concept. It does interesting things with Grants, Defaults, and a number of other things, and is arguably the most complete service.\nThere is a bunch of K8s operators for MySQL, but I consider most of them toys for a multitude of reasons. A K8s operator is a pod that is running a binary that controls deployments of (persistent) services in K8s, managing instances, data directories (persistent volumes), but all within a single K8s cluster. Of course, that\u0026rsquo;s not resilient and it\u0026rsquo;s also not how you set up MySQL for production – spanning cluster and AZ boundaries is a must.\nEach operator also implements one specific way of running MySQL (\u0026ldquo;Group Replication!\u0026rdquo;, \u0026ldquo;No, traditioanl asynch replication!\u0026rdquo;) and so on, with very little in the way of policy tuning knobs. So when you look at K8s operators, you are really looking at source code templates to fork and implement your own from that. Not helpful.\nWhat is missing? Endpoint Discovery, Grant Management and a number of other things are also a must, with K8s even more so than with AWS, because it\u0026rsquo;s more dynamic.\nOn top of that, there is all the work that needs to be done for Predictive Scaling, Replication Speed monitoring, Query Monitoring and so on. A lot of that is not well thought out at all, and needs not just engineering, but in part even research.\nTracing integration For example, Oracle MySQL provides splendid instrumentation for performance monitoring, but getting this stuff out of MySQL is ten to twelve queries (all of which will affect monitoring, too).\nTracing Microservices is currently converging on a model where you provide a set of three IDs (root id, parent id and request id) and a subsampling mechanism. When a request is born, it is assigned a root id at the load balancer, and as it is propagated on it carries forward the root id, and the id of the immediate parent in the call tree between services, assigning itself its own unique ID.\nNot all requests are being traced, because that would be unwieldy. Instead a certain percentage subset is assigned to tracing. If this would be random, we would get a large number of requests that are sampled only in one subsystem, but not in another, leading to very few requests that are being traced front to back, so you would also need a way to forward the tracing attribute through the hierarchy. That way you get a subset (say, 1%) of all requests that are being traced everywhere.\nUsing the root id, you can very quickly select all requests related to one workload, and using the parent id - request id relationship you can arrange them into a call tree.\nIt would be really useful for MySQL to have a mechanism that triggers query execution tracing. When a query execution is traced, the assigned ids are carried forward, and at the end of the request the ids, the actual execution plan and all the data accumulated for performance schema associated with this query execution is being dumped into a single, configureable structure. This data cen then be handled in a plugin, which then can do with the data whatever is needful.\nIn my case, most likely offload it to a coprocess running on the same host, using UDP. The coprocess would then push this into Honeycomb or another tracing service. That would allow me to see a request, the services that the request touched and all the SQL execution associated with it in a single view. I would be able to see the service that generated the SQL, the generated SQL and its execution trace right here next to each other in the same view, instead of using Grafana, Kibana, gitlab and Vividcortex and trying to align the spike here with the log there and the source over there.\nInstance sizing In clouds, private and public, cost is suddenly an issue. The cost of RDS instances is, compared the to current bare metal, ridiculously high, and moving stuff into a cloud environment will cramp our style considerably for cost reasons.\nRight sizing instances is a need that everybody should have, but for some reason for example working set sizes are not being discussed a lot. What Brendan Gregg did in general WSS work is from six years ago and pretty orphaned. It needs a lot of work to be runnable on modern kernels and safely in production in an automated way.\nMySQL itself, with all the performance schema instrumentation, provides no easy way to count the number of buffer pool pages touched in the large x seconds, or rather a buffer pool access trail analogous to blktace, so that could could bucketize that analogous to the LBA access histograms .\nI don\u0026rsquo;t know why that is, but with all the cost pressure I\u0026rsquo;d have expected more prior art on this.\nYelling at the cloud So, yes. The age of bare metal is coming to an end, even where I work. It has served us well for more than two decades. It did, because we have automation for these things – we started that when we had around 100 MySQL instances or so, and we were for a very short time running almost 100 times more than that before we started cleaning up to get cost under control.\nLooking at what is available in \u0026ldquo;cloud\u0026rdquo; environments, I am still disappointed. The grunt work of provisioning is so much easier: One API to rule them all, instead of talking to see many different backends, many of then fidgety and unreliable.\nStill, there is little that looks like it actually has seen production at scale, and there are entire research subjects such as tracing integration and WSS estimation that are largely untouched. Dealing with replication at the level of a single cluster or backend also looks like a non-starter for actual production.\nThen there is the entire topic of CD, Continous Deployment, and \u0026ldquo;gitops\u0026rdquo;, which from where I sit looks like a good idea and also a ridiculously naive simplification at the same time.\nI mean, Continous Integration and testing – sure. Gitlab pipelines, also yes. Deploying \u0026ldquo;stateless\u0026rdquo; code into production automatically for head? Sure, once you trust these pipelines.\nBut actual Ops?\nSo, yeah, you can terraform instances. That\u0026rsquo;s just 2014\u0026rsquo;s Openstack HEAT with more backends. But try to terraform a thing with state and you will quickly realize how that is complicated.\nIt requires a state donor (a MySQL clone source, a backup of the old minecraft server you want to re-instantiate), probably coordination between the outside of the new instance (talking to the EC2 or Openstack) and the inside of several instances (the donor instance and the new instance, for example), coordinated catchup and warmup, and also a working endpoint discovery system.\nAnd if you do that at scale, instances = 200 in terraform, may require some thought in how you provision, with queueing, concurrency limits and stuff, and you did not code that at all when you automated your stuff.\nAnd that\u0026rsquo;s not even Ops. That\u0026rsquo;s Day 1 stuff.\nEveryday life MySQL land is: Replication is delayed because somebody ran a sequence of DELETE FROM t WHERE 1=1 at the primary and they are now filtering downstream to all the replicas, replication delay is 5h and rising before they complained to DBA.\nThe fix is \u0026ldquo;replication surgery\u0026rdquo;: Stop the replica and restart with replication disabled, emulate the deletion with truncate or an empty table creation, create an empty transaction for the skipped DELETE with the skipped GTID, and reinstate normal replication.\nGitops that?\nEveryday life in MySQL land is: Somebody oops\u0026rsquo;ed a table drop. Stop replication, locate a time delayed replica, fast forward it to before the oops\u0026rsquo;ed statement, stop it there, clone from this a new primary and a set of replicas, force feed it a modified replication stream for all the stuff that came after the oops\u0026rsquo;ed statement, and push this alternate history into production as a replacement for the oops\u0026rsquo;ed wreck.\nEveryday life in MySQL land is: A group of replicas died after having a bit of replication delay. Investigation finds a long running query maintaining a read view (sic!), leading to undo-log growth, which inexplicably slows down everything on these instances. The fix is to connect to the affected instances and manually KILL the threads that hold the long running read views. Not a thing to be done with a git commit.\nSo, yes, \u0026ldquo;continuous deployment\u0026rdquo; is a good idea, and I would like to see more of it. But before we are going to have that with stateful services, a number of hard problems need better solutions.\nAnd \u0026ldquo;gitops\u0026rdquo; ain\u0026rsquo;t gonna happen soon. We are going to see AIP operations (\u0026ldquo;ass-in-produxction\u0026rdquo;) for quite some time, I am afraid.\nAnd that is why I wear black and yell at the cloud.\n(based on a bit of Twitter )\n","date":"2021-03-24T00:00:00Z","href":"https://blog.koehntopp.info/2021/03/24/a-lot-of-mysql.html","tags":["lang_en","mysql"],"title":"That's a lot of databases"},{"categories":null,"content":"»If at all possible, we build databases so that the working set of the database fits into memory.« What does that even mean?\nWorking Set In computer science, the “Working Set” of a program is the set of things it will be accessing in the near future. Because computer science has not yet solved looking into the future, we are looking at the set of things we accessed most recently and hope for The Best™.\nThe Best™ here being that our future access pattern is very similar to our most recent past access pattern.\nWhy Memory Matters In MySQL, the “things we access” in the Working Set definition is RAM, Memory.\nWe do care, because memory is fast. How fast is fast?\nImages from Some Latency Numbers Illustrated One Pixel is One Nanosecond\nIn the above graphics, each pixel is a nanosecond, a billionth of a second. That’s the amount of time you have for each clock cycle at a clock of 1GHz. Our computers are running at a clock speed of around 3 GHz these days, 1/3 of a nanosecond per cycle.\nOne nanosecond is around 30 cm at light speed, 1/3 nanosecond is around 10 cm at light speed. 2 round trip times is what we need to need – in the best case – to assure consistency in a system. So at 3 GHz clock, 2 RTT yields a circle of 2.5 cm, around the size of a die or socket in our current computers. It is almost as if ye cannae change the laws of physics, Capt’n.\nNow, in the above graphics we visualize a L1 cache access, a L2 cache access, and a memory access. We also show a hard disk seek from the times of rotating rust. Well, we have to zoom out a bit.\nThis is a single disk seek:\nRight click, and \u0026ldquo;Open Image in New Tab\u0026rdquo;, then click again to zoom in. The memory access and cache accesses are at the top left.\nWe do not want disk accesses to rotating rust, and much less we want actual head movements. When we have to do that, users are unhappy.\nSSD is up to 100x better: we get up to 20.000 disk accesses per second (we get 5ms seek time, around 200 disk accesses per second from each piece of data center grade rust), but it is still slow.\nAdventures in Storageland explores that in some more depth. In Not Quite Storage Any More I get to play with Optane, and now, that is a different thing entirely.\nMemory means Buffer Pool The memory we care for is “16 KB data pages” that are kept in a memory structure called the “InnoDB Buffer Pool”. It’s the thing that makes MySQL processes large in memory. MySQL does not use the File System Buffer Cache much (Postgres does), but does things a lot more efficiently and with application level knowledge in userland, in the Buffer Pool.\nThe largest process in this instance is mysqld. The VIRT size is 84.8G, the RES size is 73.7G.\nLooking at one specific instance, we can see the machine has a main memory size of 128 GB. Userland gets to see 125 GB, the kernel needs the rest internally.\nThe MySQL process has a VIRT of 84.8 GB, that is, it has asked the operating system for memory allocations of a cumulative size of 84.8 GB.\nOut of this, the RES says it is at 73.7 GB. The resident set size (RES in htop or RSS in ps) is the cumulative amount of memory pages the process has actually accessed, so we actually took the promises the operating system made in VIRT and did something with it.\nWhen starting a fresh mysqld, you will see that the VIRT is already almost at the final size level and the RES is tiny. As the mysqld warms itself up, RES approaches VIRT.\nWarming up In the bad old times, we had to do that manually by executing a number of SELECT queries after startup to force data into the buffer pool before we enabled new boxen in the load balancer. Not doing that has very bad consequences: Instances would not serve queries in time, and slow instances would get ejected by the load balancers.\nAbout 9 years ago, I saw an incident that involved a restart of all the memcaches we had back then, and also restart all databases, due to a very bad rollout involving problems with cache invalidation. When everything was ice cold after that restart, all attempts at restarting failed due to the load balancer ejecting the databases with “not ready in time” errors.\nWe fixed that by quickly implementing an experiment that disabled the \u0026ldquo;buy\u0026rdquo; button, and put it full on. We then very gradually released the number of users in that experiment to zero over the following 20 minutes, and used this to carefully regulate the load on the memcaches and databases.\nOnly then we could turn that “experiment” off, and were back in business.\nWarming up efficiently These days, mysqld saves the page numbers of the data pages in the buffer pool in LRU order into an ASCII file when you nudge it, and on shutdown. When starting, it loads a percentage of that set of pages, the most recently accessed pages first. It’s one of the many improvements to MySQL that Oracle implemented because we asked them to.\nLoading a multi-gigabyte buffer pool from disk takes time, even with SSD, and we want to find a compromise between cache warmup and startup times. That’s why not all of the buffer pool is reloaded. The config variable innodb_buffer_pool_dump_pct controls the percentage of the LRU that we are interested in, and is usually a value around 25.\nHow much memory is in the pool? So how much of that 128 GB is being used as the buffer pool? Well, obviously VIRT is smaller than that – other things on the box are also using memory and we do not want to be OOM killed or pages out.\nIt is obvious why we would not want to be OOM killed, but why do we not want to be paged out? Memory access patterns are not efficient disk access patterns, so MySQL gets very slow when it is paged out.\nMemory data representation is also not efficient disk data representation, by the way, and that is why no database ever uses mmap() much, except MongoDB (but that is, some would argue, not a database).\nNow, RES is smaller than VIRT, so we are using even less of the 128 GB we have. Why is that?\n[root@prod-replica mysql]# du -sh . 684G . We do have enough data, so it is not that we would not like to keep more data in memory.\nBut, the InnoDB Buffer pool size is actually even lower than this.\nFrom the /etc/my.cnf of the instance above:\ninnodb_buffer_pool_size = 64G # innodb_buffer_pool_size defined from memorysize = 125 GB as 107 GB # innodb_buffer_pool_size_adjustment of -15 GB # connection memory = 29 GB for max_connections = 30000 innodb_buffer_pool_instances = 16 As you can see, we would like to see a Buffer Pool of 107 GB for a memory size of 125 GB (what userland sees after the kernel got its share).\nBut we are configured with a max_connections value of 30000, and each potential connection will eat memory. We need to leave room for that, and this leaves us with 16 Buffer Pool instances of 4 GB, for a total of 64 GB – only half of the total box, and 43 GB less than we would like to use.\n30000 Connections? Isn’t that a bit much? It is.\nEach web server connecting to the database is creating workers running Perl. Each of these workers will at some point open a connection to the instance (and keep it open). The maximum number of workers times the number of machines running this is the maximum amount of connections we need to be prepared for.\nCan’t we optimize this?\nWe can, and most of the time it will work. This box for example, right now, has only around 100 connections open. Others have at this point a few thousand.\nSometimes, though, the assumptions the optimization makes are invalid. Then we run out of connections. Then the site is down.\nSo we don’t, and pay with memory overhead for this.\nJava handles things differently due to a different deployment model, and also has better control over the number of connections that are being opened. We can still see many connections from Java, but that is more a decision than a fact forced on us.\nWe could put a proxy in between the Perl and the MySQL. This has other effects, and is not necessarily effective, or even a good idea. It is also not ready for production any time soon, so we will be paying in memory efficiency until this is done.\nSo what do I get? What do I get from all this memory?\nWe see “point queries” being served at an average speed of 336µs, that’s 336 millionths of a second or 0.336 ms. That’s memcached speed.\nA “point query” is a query that contains a single value lookup by primary key, something like SELECT a,b,c FROM t WHERE id = ? or similar.\nThe next level up from that would be a batch key access (“BKA”), such as SELECT a, b, c FROM t WHERE id in (?, ?, ?, …) or similar. When the data is cached in the Buffer Pool, we get answers in the sub-ms range times the number of rows asked. This is very much alike to a memcached GetMulti().\nThe next level up from that would be an indirect point or batch key access, such as SELECT a, b, c FROM t WHERE d = ? (or WHERE d IN (?, ?, ?, …)). These take usually two times the time the primary key lookup would take, but these are already things that cannot be done with memcached easily.\nBut, unlike memcached, a database can write these things to disk, persistently, atomically and efficiently. And you move seamlessly from in-memory queries to data read from disk, and you move seamlessly from point queries through BKA to JOINs and more complex constructs, until you reach Turing Completeness with Recursive Common Table Expressions in MySQL 8.\nLong story short:\nAt work, we hardly use memcached. We use mysqld instead, and we save ourselves from a lot of cache invalidation pain that way.\nIt was not always like this, and we changed that once we understood that\nthe database is fast enough and developers can’t name things, invalidate caches and declare dependencies reliably or consistently. Surely, in the cloud things will be different? Current tuning advice for MyQL, anywhere, looks like this Percona article. To save you the read: The first item on the list is to play blackjack with the Buffer Pool – as large as can be, but never so large that we page or swap. All other advice concerns efficient writes, not reads.\nAnd Aurora? Check out Migrating to Aurora: Easy except the bill . Aurora is not exactly a LSM like RocksDB, but sufficiently close. Like RocksDB and all other LSMs, it is even more dependent on memory for the L0-equivalent they have, and for compaction.\nIn the article, they solved their performance and cost problems (Aurora bills by disk accesses, even reads) by giving it 4x more memory than the conventional RDS instance they had.\nIn MySQL from Below I wrote:\nYou, too, can be a successful database performance consultant:\nSay “Buy more memory!” and “There is an index missing” as needed.\nAdd “That’s going to be expensive”, if you work for SAP or Oracle.\nHaha, only serious.\nWhat instance size should I choose? That’s actually a research question.\nWhen I was in university, the best way to find the Working Set of a machine was to boot it with a mem= parameter and see what happens. Considering this involves a reboot and a warmup, this is quite intrusive and slow. Nobody ever did that.\nBrendan Gregg came up with \u0026ldquo;Time Bounded Memory Access Counting\u0026rdquo; in his Working Set Size pages. His code is buggy and does not run the way it should on modern Linuxes. It also reports numbers that I consider fishy in my tests, and I do not trust what he does sufficiently to run it on a production database for long enough to get proper numbers.\nWe know that you do not need more memory than the sum of your data_length and index_length, so SELECT sum(data_length+index_length)/1024/1024 AS total_mb FROM information_schema.tables WHERE table_type = “base table” AND table_schema IN (\u0026lt;list of schema names\u0026gt;) is very generous upper boundary. It is guaranteed useless to have more buffer pool than this.\nIt is clear that virtual machines do give us more flexibility to balance cores and memory better, at a terrible cost when it comes to writing to disk, though (at least in the current deployments).\nAnd CPU or Network? The last time I saw a database being network bound was a Replication Primary on a 1 Gbit/s network interface with 200 Replicas. Each write was copied downstream 200-fold, so when you change a large BLOB, the network stalls due to the amplification.\nIn general, MySQL is utterly incapable of saturating the network, especially todays instances with 10 GBit/s or more on their network interfaces.\nMySQL can saturate a CPU when you hold it wrongly.\nThere are three reasons for CPU problems in databases that are common:\nYou happen to have a table in memory that is missing an index, so you are doing full scans in memory. Don’t do that. Add the index, and the load goes down. You happen to have a table that’s being sorted due to GROUP BY or ORDER BY, and the sort is small enough to happen without spillover to disk. Try to avoid the sort, for example by performing it in the client, if possible, or by leveraging a more covering index that presents data in the desired order, avoiding the sort. You have used code in the database: Stored procedures, stored functions or excessive stacked views. Don’t do that. Take off, nuke the site from orbit and start over on another planet. So? If at all possible, we build databases so that the working set of the database fits into memory.\nOptimize your database deployment on memory usage. Base your efficiency KPIs on that. Watch out for the disk reads requested/actual disk reads ratios and similar cache efficiency ratings in your database. Make sure the absolute number of actual disk reads is large independent of load on the database (when you increase load, the number of disk reads does not go up) Size your instances around memory. Forget about CPU or Network. If you have to care about these things, somebody is holding the database very wrongly. They need to be found, and be advised to commit a fix.\n","date":"2021-03-12T00:00:00Z","href":"https://blog.koehntopp.info/2021/03/12/memory-saturated-mysql.html","tags":["lang_en","mysql"],"title":"Memory saturated MySQL"},{"categories":null,"content":"Das Kind möchte ein Programm zum Üben von Rechenaufgaben sehen. Nun gut. Hier ist eine Version in PyQt5.\nUnsere Oberfläche soll so aussehen.\nWir wollen ein kleines Fenster, in dem eine billig generierte Rechenaufgabe angezeigt wird. Der Schüler soll die Antwort eingeben und den Knopf \u0026ldquo;Antworten\u0026rdquo; drücken. Danach wird angesagt, ob die Antwort korrekt war, oder ob sie falsch war. Wenn sie falsch war, wird auch die korrekte Antwort angezeigt.\nIn der Statuszeile und in den Fortschrittbalken wird ein laufender Score mitgeführt. Nach 10 Aufgaben, oder wenn man \u0026ldquo;Quit\u0026rdquo; drückt, wird das Programm beendet.\nDas Userinterface gestalten Wir brauchen Qt Designer, und erzeugen dort ein MainWindow.\nMainWindow erzeugen.\nMit einem Rechtsklick auf die Menubar und \u0026ldquo;Remove Menubar\u0026rdquo; können wir die nicht verwendete Menubar entfernen. Die kaum erkennbare Statusbar unten im Fenster lassen wir stehen.\nWir sehen rechts die im Programm vorhandene Bedienelemente-Hierarchie im Qt Designer. Das automatisch erzeugte \u0026ldquo;Centralwidget\u0026rdquo; ist leer, und hat einen Fehler (es ist mit einem roten Kuller markiert): Es hat noch kein Layout. Das Layout ordnet die im Centralwidget vorhandenen Unterelemente an.\nDas Centralwidget ist mit einem roten Kuller als \u0026ldquo;ohne Layout\u0026rdquo; markiert.\nWir ziehen einen QPushbutton in das Fenster, und drücken im gepunkteten Hintergrund die rechte Maustaste, wählen dann ein VerticalLayout aus.\nNachdem mindestens ein Bedienelement im Centralwidget vorhanden ist, kann man mit der rechten Maustaste im Layout-Submenü ganz unten ein Layout auswählen.\nNach dem Zuweisen eines Layouts verschwindet der rote Kuller und die Elemente im Centralwidget ordnen sich an.\nWir setzen oberhalb des Buttons ein weiteres Element ein: Eine groupBox. Auch diese hat ein Layoutproblem: Wir setzen einen weiteren Button ein und wählen ebenso durch Rechtsklick ins Leere der Groupbox ein HorizontalLayout aus.\nWir haben oberhalb des ersten Buttons eine Groupbox positioniert, und sie passt sich automatisch an das Fenster an - das ist das VerticalLayout vom Centralwidget bei der Arbeit. Legen wir in die Groupbox einen weiteren QPushbutton, können wir der Groupbox ebenfalls ein Layout zuweisen. Hier wollen wir ein HorizontalLayout verwenden.\nNachdem wir diese Grundstruktur haben, können wir die anderen fehlenden Elemente schnell nachziehen. Dabei ist wichtig, daß wir für jedes Element den passenden Namen festlegen, unter dem es später im Programm aufgerufen werden soll.\nJedes Element hat einen Namen - rechts kann man die Widgethierarchie sehen, und die Namen, die wir den Elementen zugewiesen haben.\nNachdem wir Elemente korrekt benannt haben, müssen wir noch die Beschriftungen der Knöpfe und anderen Elemente anpassen. Dazu reicht es, den Knopf zu doppelklicken und den Text zu ersetzen.\nWeiterhin kann man in den Widget-Eigenschaften bei einigen Elementen die Schriftgrößen anpassen. Ich habe a, +, b und = sowie den Richtig oder falsch?-Text von 8 auf 12 Punkt Schriftgröße angepasst.\nAm Ende wird die Datei als \u0026ldquo;aufgaben.ui\u0026rdquo; abgespeichert. Ich habe sie direkt dem PyCharm Projekt hinzugefügt.\nDie Qt Designer Ausgabe \u0026ldquo;aufgaben.ui\u0026rdquo; wird Bestandteil des PyCharm Projektes.\nPyCharm Basisprojekt Wir setzen ein Basisprogram mit Python 3.8 in PyCharm auf, und fügen die \u0026ldquo;aufgaben.ui\u0026rdquo; unserem Projekt hinzu. Unser Programm soll \u0026ldquo;aufgaben.py\u0026rdquo; heißen. Es wird PyQt5 verwenden, also schreiben wir das in unsere \u0026ldquo;requirements.txt\u0026rdquo;. PyCharm installiert uns das dann in unser venv.\nWenn die Requirements korrekt installiert sind, funktioniert das Importieren der QtWidgets in der Python Console einwandfrei und ohne Fehler.\nWir können die UI-Datei jetzt laden und ausführen, aber unser Programm wird dann noch nichts tun:\nfrom PyQt5 import QtWidgets, uic import sys class Ui(QtWidgets.QMainWindow): button_quit: QtWidgets.QPushButton group_aufgabe: QtWidgets.QGroupBox label_a: QtWidgets.QLabel label_b: QtWidgets.QLabel label_op: QtWidgets.QLabel button_loesen: QtWidgets.QPushButton feld_antwort: QtWidgets.QLineEdit label_richtig: QtWidgets.QLabel fortschritt_richtig: QtWidgets.QProgressBar fortschritt_total: QtWidgets.QProgressBar statusbar: QtWidgets.QStatusBar def load_ui(self) -\u0026gt; None: uic.loadUi(\u0026#34;aufgaben.ui\u0026#34;, self) self.button_quit = self.findChild(QtWidgets.QPushButton, \u0026#34;button_quit\u0026#34;) self.group_aufgabe = self.findChild(QtWidgets.QGroupBox, \u0026#34;group_aufgabe\u0026#34;) self.label_a = self.findChild(QtWidgets.QLabel, \u0026#34;label_a\u0026#34;) self.label_b = self.findChild(QtWidgets.QLabel, \u0026#34;label_b\u0026#34;) self.label_op = self.findChild(QtWidgets.QLabel, \u0026#34;label_op\u0026#34;) self.button_loesen = self.findChild(QtWidgets.QPushButton, \u0026#34;button_loesen\u0026#34;) self.label_richtig = self.findChild(QtWidgets.QLabel, \u0026#34;label_richtig\u0026#34;) self.fortschritt_richtig = self.findChild(QtWidgets.QProgressBar, \u0026#34;fortschritt_richtig\u0026#34;) self.fortschritt_total = self.findChild(QtWidgets.QProgressBar, \u0026#34;fortschritt_total\u0026#34;) self.statusbar = self.findChild(QtWidgets.QStatusBar, \u0026#34;statusbar\u0026#34;) self.feld_antwort = self.findChild(QtWidgets.QLineEdit, \u0026#34;feld_antwort\u0026#34;) def __init__(self): super(Ui, self).__init__() self.load_ui() self.show() app = QtWidgets.QApplication(sys.argv) window = Ui() app.exec() Das Programm importiert QtWidgets und uic aus dem PtQt5 Package. Es definiert eine Klasse Ui als Unterklasse von QtWidgets.QMainWindow. Wir definieren eine Methode load_ui(), die die aufgaben.ui-Datei lädt. Im Konstruktor initialisieren wir die Superklasse (das QMainWindow) und rufen dann load_ui() auf. Mit .show() werden die Bedienlemente dann auch sichtbar.\nDas Hauptprogramm hat die typische Minimalform für eine Qt-Anwendung: Erzeuge ein QApplication-Objekt, erzeuge unser QMainWindow (eigentlich eine Instanz unserer von QMainWindow abgeleiteten Klasse Ui) und starte dann die Event-Loop mit app.exec().\nIn unserer Ui Klasse definieren wir einen Haufen Slots für alle diejenigen Bedienelemente der .ui-Datei, die wir direkt ansprechen wollen. In der load_ui()-Methode durchsuchen wir die .ui-Datei mit .findChild() nach diesen Elementen und merken sie uns in diesen Slots.\nWir können gleich noch den Quit-Button aktivieren: Aus\nself.button_quit = self.findChild(QtWidgets.QPushButton, \u0026#34;button_quit\u0026#34;) wird\nself.button_quit = self.findChild(QtWidgets.QPushButton, \u0026#34;button_quit\u0026#34;) self.button_quit.clicked.connect(self.quit_pressed) und wir fügen der Ui-Klasse eine Methode quit_pressed() hinzu:\ndef quit_pressed(self) -\u0026gt; None: msg: QtWidgets.QMessageBox = QtWidgets.QMessageBox() msg.setText(\u0026#34;Auf Wiedersehen.\u0026#34;) msg.setWindowTitle(\u0026#34;Auf Wiedersehen.\u0026#34;) msg.setStandardButtons(QtWidgets.QMessageBox.Ok) msg.setDefaultButton(QtWidgets.QMessageBox.Ok) msg.setIcon(QtWidgets.QMessageBox.Information) msg.exec() sys.exit(0) Dies ist zugleich ein Beispiel für das Erzeugen von PyQt5-Elementen ohne QtDesigner: Wir hätten diesen Dialog auch mit dem Designer in eine .ui-Datei speichern können, um sie dann mit uic zu laden. Stattdessen erzeugen wir hier den Abschiedsdialog manuell und rufen ihn dann auf, bevor wir das Programm beenden.\nDieses Teilprogramm ist nun schon lauffähig und zeigt das funktionsfähige Programm mit User-Interface an. Es tut jedoch noch nichts.\nAufgaben generieren Um Rechenaufgaben zu erzeugen und dann feststellen zu können, ob jemand sie richtig ausgerechnet hat, brauchen wir eine Klasse Aufgabe.\nfrom random import randint, choice from typing import List class Aufgabe: op: str = \u0026#34;\u0026#34; a: int = 0 b: int = 0 loesung: int = 0 allops: List[str] def ausdenken(self) -\u0026gt; None: self.op = choice(self.allops) self.a = randint(1, 10) self.b = randint(1, 10) if self.a \u0026lt; self.b: self.a, self.b = self.b, self.a if self.op == \u0026#34;+\u0026#34;: self.loesung = self.a + self.b if self.op == \u0026#34;-\u0026#34;: self.loesung = self.a - self.b def pruefen(self, loesung: int) -\u0026gt; bool: return self.loesung == loesung def __init__(self) -\u0026gt; None: self.allops = [\u0026#34;+\u0026#34;, \u0026#34;-\u0026#34;] self.ausdenken() Die Aufgabe hat die Variablen a, b und op, wobei a und b zwei Zahlen zwischen 1 und 10 sein sollen, und op entweder + oder - sein soll. Um die Subtraktion einfacher zu machen soll a die Größere der beiden Zahlen sein. In der Variablen loesung wollen wir uns die korrekte Lösung der Aufgabe merken.\nWir definieren uns einen Konstruktor, in dem wir auch die Liste der zugelassenen Operatoren in allops vorbelegen: Es ist eine Liste von Strings mit zwei Einträgen: Plus und Minus. Wir rufen von dort auch schon einmal die Methode ausdenken() auf, die sich eine neue Aufgabe ausdenkt.\nIn ausdenken bestimmen wir eine Operation (Plus oder Minus) durch zufällige Auswahl eines Elementes aus der Liste mit choice() und bestimmen zwei zufällige ganze Zahlen aus dem gewünschen Bereich mit randint(). Falls a die kleinere der beiden Zahlen ist, vertauschen wir sie.\nDanach wird die Variable loesung korrekt belegt, in Abhängigkeit vom Operator op.\nDas Prädikat pruefen(loesung) teilt uns mit, ob die vom Benutzer eingegebene Lösung korrekt ist.\nDen Spielstand mitführen Der Benutzer kann nun Aufgaben bekommen und diese lösen. Wir können auch schon feststellen, ob diese Lösung korrekt ist. Wir brauchen aber noch Logik, die die Aufgaben zählt, die korrekten Aufgaben zählt und die uns sagt, ob wir fertig sind.\nWir brauchen Score:\nclass Score: score: int = 0 counter: int = 0 target: int = 10 def correct(self) -\u0026gt; None: self.counter += 1 self.score += 1 def incorrect(self) -\u0026gt; None: self.counter += 1 def done(self) -\u0026gt; bool: return self.counter \u0026gt;= self.target def __init__(self): self.score = 0 self.counter = 0 self.target = 10 Die Klasse zählt in score die korrekten Lösungen mit, in counter werden alle gelösten Aufgaben mitgezählt und in target speichern wir, wie viele Aufgabenrunden das Spiel insgesamt dauert.\nDie Methode correct() wird aufgerufen, wenn der Benutzer eine richtige Antwort eingegeben hat: Wir zählen dann counter und score gemeinsam hoch. Bei incorrect() wird dagegen nur der counter weiter gezählt. Das Prädikat done() sagt uns, ob das Spiel beendet werden kann, weil genug Aufgaben gelöst worden sind.\nAufgaben und Score verkabeln Wir verändern jetzt den Konstruktor unserer Hauptklasse Ui: Dort wollen wir auch einen Score und eine Aufgabe erzeugen. Und statt show() direkt aufzurufen haben wir jetzt eine Methode alles_updaten(), die die Texte der verschiedenen Bedienelemente verändert und dann erst show() aufruft.\nclass Ui(QtWidgets.QMainWindow): aufgabe: Aufgabe score: Score ... def __init__(self): super(Ui, self).__init__() self.score = Score() self.aufgabe = Aufgabe() self.load_ui() self.alles_updaten() Und alles_updaten() sieht nun so aus:\ndef set_aufgabe(self) -\u0026gt; None: self.label_a.setText(str(self.aufgabe.a)) self.label_op.setText(str(self.aufgabe.op)) self.label_b.setText(str(self.aufgabe.b)) title = f\u0026#34;Aufgabe {self.score.counter+1}/{self.score.target}\u0026#34; self.group_aufgabe.setTitle(title) self.fortschritt_richtig.setValue(self.score.score) self.fortschritt_total.setValue(self.score.counter) def set_statusbar(self) -\u0026gt; None: status = f\u0026#34;Aufgabe {self.score.counter}/{self.score.target}, {self.score.score} richtig.\u0026#34; self.statusbar.showMessage(status) def alles_updaten(self) -\u0026gt; None: self.set_statusbar() self.set_aufgabe() self.show() Wir aktualisieren also das statusbar Element in set_statusbar() und die Aufgabenanzeige in der Groupbox in set_aufgabe().\nIn set_statusbar() erzeugen wir den gewünschten Text durch Auslesen des Score und rufen dann showMessage() für die Statusbar auf.\nIn set_aufgabe() verändern wir die Labeltexte von label_a, label_op und label_b durch Aufruf ihrer setText()-Methoden. Wir aktualisieren den Titel der Groupbox durch den Aufruf von setTitle() in der Groupbox, und wir setzen die beiden Fortschrittsbalken so, daß sie die Werte aus dem Score korrekt übernehmen. Das macht die Methode setValue der ProgressBar.\nJetzt haben wir ein Programm, das nicht nur die UI lädt und anzeigt, sondern auch schon eine Aufgabe ausdenkt und korrekt anzeigt.\nBenutzereingabe und Reaktion Wir müssen jetzt auf Benutzereingaben reagieren. Das passiert, sobald der Benutzer den Knopf \u0026ldquo;Antworten\u0026rdquo; betätigt. Wir brauchen also eine Methode auswerten() in Ui und müssen diese mit dem Knopf verbinden.\nWir wollen ausdrücklich nicht, daß beim Verlassen der Editbox etwas passiert - nur der Knopf soll Funktionen auslösen. Darum verkabeln wir feld_antwort nicht direkt (wir könnten editingFinished() verkabeln, wenn wir das wollten).\nDie Methode:\ndef auswerten(self) -\u0026gt; None: loesung: int text: str text = self.feld_antwort.text() if text is None or text == \u0026#34;\u0026#34;: return try: loesung = int(text) except ValueError: return if self.aufgabe.pruefen(loesung): self.score.correct() ergebnis = f\u0026#34;Deine Lösung: {loesung}. Das war richtig.\u0026#34; else: self.score.incorrect() ergebnis = f\u0026#34;Deine Lösung: {loesung}. Richtig wäre: {self.aufgabe.loesung}.\u0026#34; self.label_richtig.setText(ergebnis) self.feld_antwort.setText(\u0026#34;\u0026#34;) self.alles_updaten() if self.score.done(): self.quit_pressed() else: self.aufgabe.ausdenken() self.alles_updaten() } Wir lesen die Benutzeringabe aus dem Antwortfeld mit text() aus. Sie kann leer sein, dann ignorieren wir sie.\nDanach versuchen wir diese Eingabe in eine ganze Zahl umzuwandeln. Wenn das nicht gelingt, ignorieren wir die Eingabe ebenfalls.\nSchließlich rufen wir pruefung() in unserer Aufgabe-Klasse auf. Wenn die Antwort richtig war, erzeugen wir einen passenden Ausgabestring und zählen den Score als correct(). War sie falsch, erzeugen wir den anderen Ausgabestring und zählen den Score als incorrect().\nIn jedem Fall setzen wir den Ausgabestring in das Label label_richtig und löschen das Eingabefeld. Danach aktualisieren wir das Userinterface durch Aufruf von alles_updaten().\nFalls der Benutzer ausreichend viele Aufgaben gelöst hat, beenden wir das Programm als wäre Quit gedrückt worden. Andernfalls denken wir uns eine neue Aufgabe aus und zeigen sie an.\nDer Knopf \u0026ldquo;Antworten\u0026rdquo; muß nun ebenfalls verkabelt werden: In load_ui() passen wir die Zeile\nself.button_loesen = self.findChild(QtWidgets.QPushButton, \u0026#34;button_loesen\u0026#34;) also zu\nself.button_loesen = self.findChild(QtWidgets.QPushButton, \u0026#34;button_loesen\u0026#34;) self.button_loesen.clicked.connect(self.auswerten) an.\nFertig! Schließlich können wir in quit_pressed() noch die Dialognachricht anpassen, um einen Endscore anzuzeigen:\ndef quit_pressed(self) -\u0026gt; None: msg: QtWidgets.QMessageBox = QtWidgets.QMessageBox() msg.setText( f\u0026#34;Von {self.score.counter} Aufgaben waren {self.score.score} richtig.\u0026#34; ) msg.setWindowTitle(\u0026#34;Endergebnis\u0026#34;) msg.setStandardButtons(QtWidgets.QMessageBox.Ok) msg.setDefaultButton(QtWidgets.QMessageBox.Ok) msg.setIcon(QtWidgets.QMessageBox.Information) msg.exec() sys.exit(0) Nach dem Starten kann der Benutzer jetzt Aufgaben sehen, eine Lösung eingeben und den Knopf \u0026ldquo;Antworten\u0026rdquo; drücken. Das Programm wertet die Eingabe aus, zählt die Ergebnisse und bewegt die Fortschrittbalken. Nach 10 Eingaben gibt es ein Endergebnis aus und beendet sich.\nDer vollständige Quelltext ist auf Github zu finden .\n","date":"2021-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2021/02/28/rechenaufgaben-loesen.html","tags":["lang_de","python","schulung"],"title":"Rechenaufgaben lösen"},{"categories":null,"content":"When you insert data into a database and run COMMIT you expect things to be there: Atomically, Consistent, Isolated and Durable , like Codd commanded us 40 years ago, but also quickly. There is a surprising amount of sophistication being poured into this, but since I do not want to shame MongoDB and Redis developers in this post, I am not going to talk about that much in this place.\nWe are instead trying to understand what our databases are doing all day, from the point of view of the storage stack.\nThat Brendan Gregg Graphics\nHere is your performance tooling (sans EBPF) as shown by Brendan Gregg in various iterations. We are interested into the various blues in this graphic, VFS and downwards. The most detailed information of what goes on in the blue stack is given by blktrace. It’s an I/O request recorder.\nUnfortunately, blktrace tooling sucks big time. You have the choice between blkparse, iowatcher and seekwatcher, and they either give you unappealing and hard to read ASCII dumps, or are hard to use and abandoned to boot. A colleague threw Workload Analytics around. And with that you can actually see what goes on.\nSo, let’s have a look.\nWorkload Classes When you go to our Grafana, and ask nicely, you can basically divide our databases into three load classes: “200 commit/s”, “2000 commit/s”, and “20.000 commit/s”, so “low write load”, “busy write load” and “should be thinking about what they are doing really soon” write load.\nI am using representatives from every workload class to point out a few things.\nBut what about Reads? Amazingly, at work we do not really care much about disk reads from databases.\nWe build our databases, especially customer facing databases, in a way that we try to hold the working set of the database in memory.\nThe “working set” of anything is the set of things that you will be needing in the near future. Unfortunately, predicting the future is hard, so what we define as the working set instead is “the set of things that we have most recently used and are therefore hoping to use in the near future again”, which works reasonably well until there is a change in workload pattern.\nIn our databases, the “anything” that matters is a 16 KB database page as it resides in the InnoDB Buffer Pool. So what we do is simple: We spend money on memory, warm up the InnoDB Buffer Pool and then serve data from memory. We can prove that works: InnoDB can do point reads from memory at memcache speeds, which is why we don’t use much of memcache and Redis in the first place – they don’t help.\nWe can also capacity test our databases, and we will find that as we increase the load the number of disk reads does not go up. Data is served from memory, and not from disk.\nSo what we care about is disk writes. They are the same on every instance of a replication chain, because of the shared nothing architecture of replication: Each chain member must apply the same set of changes from the primary down to all leaf replicas.\nThe Write Model On Commit, we write out 1 KB (or more) of Redo-Log. The write happens with O_DIRECT to XFS, and there is a lot of thought that goes into these few words.\nBecause it is O_DIRECT, the write already writes to disk. There is no need to fsync() or fdatasync() or anything else.\nO_DIRECT writes also bypass the file system buffer cache, which is good, because then there is less memory pressure and less risk of paging out the database server. Usually when that happens (memory pressure forces paging on mysqld), you die a horrible and hard to debug death in latency problems and SLO violations.\nWe use XFS. XFS on the average takes twice as long as ext4 to write data to disk, but XFS always takes the same amount of time to write data – it has been specifically designed in a way that there is very low jitter. ext4, on the other hand, is known to have downspikes and large commit wait times every few seconds, and that is really, really bad when you run at 10.000 queries/s.\nXFS also is capable of having multiple concurrent writers on a file when the file is open with O_DIRECT. Unlike all other Linux File Systems, it does not lock the file’s in-memory inode globally to guarantee atomic writes in this case. Such a feature is very dear to database people.\nThe Commit is what users have to wait for. When it is done, the database can do the real data write later, often much later, and in the background. So what we really care for is the actual commit latency.\nThe real write happens later, in the Checkpoint. What happens is complicated enough to justify a writeup of its own . But, to make it short, we write data to the Doublewrite Buffer in a few very large linear writes as protection against torn pages, and then we writev() a scatter I/O of 16K pages to update in place.\nThis is different from Postgres, and enables us to avoid costly vacuum runs. We make an assumption here, and that is: Rollbacks are rare (and expensive in MySQL).\nThe Test Write Model All that complexity is basically nonsense for benchmarking.\nIf you want to know if a thing can run MySQL, and how well, you simply randwrite 16KB pages in O_DIRECT and see what happens. That’s a gross simplification compared to above, but holds up surprisingly well as a model for predicting MySQL speed and capacity.\nThe 200 Commit/s Class In order to see what real databases do to their disks, I went to the chosen representative for the 200-class and blktrace’ed it.\nIt turns out that you can’t blktrace a single disk database machine, because the disk writes from the blktrace will mess up the metrics from the database. It also turns out that systemd mounts a 12GB ramdisk as /run/user/\u0026lt;uid\u0026gt; that can hold a 10 minute blktrace with no problems.\nWhen we feed that trace to Workload Intelligence, we get this:\nThe low red line is the 200 IOPS baseline load. Turns out, there are spikes, up and past 2000 IOPS.\nThe first thing we learn: Kris is right. There are no reads.\nThe second thing we learn: 200 IO Operations per Second it may be, but there are spikes, up to and past 2000 IOPS even. They are not long, but they happen often enough.\nSo how long does it take to write to disk? Well, there is no disk. There is Flash Storage, and it does not even have a disk interface any more – it sits directly on the PCI bus. A Flash drive that is directly on the PCI bus is called NVME instead of SSD (it is otherwise the same drive).\nMost of the time there is very little wait.\nFlash is not fast, but NVME is: The drive not only has flash, it also has (large capacitor buffered) non-volatile memory it uses to buffer write and rearrange things in the background. It also has its own ARM processor with its own operating system.\nSometimes we have to wait a bit, but most of the time it’s really, really fast. How fast? We need to go deeper:\n30µs or 0.03ms is the time it takes to write to memory over the PCI bus.\nWhen we talk to the remote NVRAM on the other side of the PCI bus, it takes 30µs, or 0.03ms. As long as we do not overwhelm the NVRAM buffers of the drive, we have a 30µs commit latency on local memory.\nAnother number, which will come in handy later, is the time to cross our entire network stack within the same data center: That’s around 6 switches and routers, and it will add another 60µs to any round trip across the network in the best of all cases. So a remote flash drive never can be faster than around 100µs or 0.1ms.\nWhere do the writes go? We can plot the Linear Block Addresses and see:\nLBA over time. See the position of the log files, and the checkpoints.\nWhen you plot “addresses written to over time”, you will see that there is a bunch of blocks that get written to again and again. These are the various logs and write buffers the database uses.\nThe drive internally has a flash translation layer (FTL), which makes sure that these block rewrites are actually distributed across all the positions in the flash you have. This kind of Wear Leveling makes sure the drive actually can live 7-10 years before the flash wears out.\nThe SD card or USB memory stick you are using in your local Raspi does not have that, and neither has the on board flash in the entertainment module of your Tesla. That is why they fail rapidly as actual fixed blocks of flash are being rewritten a few thousand times. Use a proper drive with a proper FTL and that does not happen.\nIn the graphics above you can also see the checkpoints scatter writes happen, and you can see how they are spaced apart widely, many tens of thousands of transactions. Checkpointing allows the database to aggregate changes in in-memory pages (and the log, for persistence). All that complexity is actually saving you disk writes!\nFlash does not have a single write head as disk drives do. They are not forced to do things sequentially, but in fact all the various chips in your drive can do things concurrently. Deep disk write queues are necessary to keep all these channels fed for NVME, while they are poison of SSD and HDD.\nQueue Depth over time\nA low concurrency hierarchy such as this one is not even touching the true write potential of a single NVME: A single drive can do 20.000 disk writes per second, sequentially in a single thread, if you are pushing really hard, but it can do 800.000 disk writes per second if you are feeding it with sufficient concurrency.\nThese are two other important numbers to keep in mind. They are the reason why “IOPS Quotas” should be a thing of the past – it is impossible for any reasonable workload to actually exhaust a single NVME drive, and distributed storages usually have hundreds of them.\nLet’s have a look at the latency diagram from above, again, and check the distribution of completion times in a Latency Histogram. It tells us how prevalent slow writes are over the observation window:\nIt\u0026rsquo;s called Flash for a reason.\nSo even with these curtains in the latency over time diagram, we can see that 90% of all writes happen in the 30µs window, and there are noteworthy amounts of writes in the \u0026gt;100µs class (they do exist, but they are so rare, they do not show up in the histogram).\nWrite sizes over time:\nWrite sizes: Loads of small writes\nWe can see that the grossly simplified 16 KB Randwrite model is actually not wrong, even if it is an oversimplification. Modelling more precisely does not significantly impact predictive performance, though, and this way it’s only a few lines of fio to get data.\nSo that’s our tour of the 200-class from the underside – this is how your storage sees your commits.\n2000 Commit/s Class I chose this particular database as a member of the 2000 Commit/s Class, also because it is the oldest and wildest of the database replication hierarchies that we have. At a time it was our performance bottleneck and was running over 20.000 queries/s with spikes into the 32.000, and with the hardware of that time that was not stable at all.\nWe are much better now. I am not missing the old times at all.\nIOPS over time, 2000 with Spikes to 5000.\n»Yes, Kris, we know about your “Look, Mom, no reads” already!«\nTrue, but see, even a big and old monster such as this one can live with the working set in memory, completely. You, too, can be a successful database performance consultant: Say “Buy more memory!” and “There is an index missing” as needed (add “That’s going to be expensive”, if you work for SAP or Oracle).\nOur Write Queues are more busy.\nA quick look at the Write Queue Depth over Time: NVME loves this.\nWrite Latencies from the helicopter looks a bit worrysome:\nThese 5ms Curtains, how dense are they compared to the baseline?\nWe can zoom in: They are not bad.\nWe can see horizontal latency bands at fixed latencies. They expose internal structure of the Flash storage that I have not enough knowledge of. Grumble!\nWe do see dark green, fixed bands of latency layers at 30µs, 120µs and 220µs. The higher layers show a repeating pattern over time. These are shenanigans of the FTL that are visible as delays to external users, but they are way below any critical level. I do not know enough about flash internals to explain these things, and that bothers me. A lot.\nThey are also visible in the latency histogram:\nOur 30µs, 120µs and 220µs bands as bumps in the histogram. Anything below 500µs is probably immaterial in terms of worry.\n20.000 commit/s class The chosen example is a database as a queue , that logs changes from one data set for processing and creation of a materialized view in another data set. It is an example of CQRS in Fowlerspeak.\nIt is also very busy.\nDuring the sampling, 2500 baseline, with spikes up to 7500.\nDuring the sampling, they ran at 2500 commit/s, with spikes up to 7500. The hardware will do up to 20.000 with them, and at times the queue will do as well.\nSo what can NVME do for us?\nQueues in our Queues!\nTurns out, writes to a Queue Databases keep the Queues to the NVME busy to their fullest potential.\nIs that bad for latency?\nLatency Curtains for Writes\nWell, if you kept up to this point you are probably not surprised to see write latency curtains, and you will probably also be seeing that they mirror the queue depth changes without me pointing that out specifically.\nLet’s zoom in a bit:\nWe do see the curtains under the microscope, true, but look at this dark green band of fast writes below all of this.\nAs you can see in the dark green band of fast writes below all of the curtains, the FTL of this particular drive is kept well busy. It is also worth it’s money - no gross delays due to internal reorg is what you get when you pay for enterprise flash instead of home equipment.\nAs a histogram:\nBy far the most writes are still to NVRAM drive-side. Above 0.25ms we are basically clean.\nSmooth customer experience, even with an abusive customer such as this queue-database – bring it on, we can take your writes.\nHistograms are fun, by the way. We can for example count disk writes per block address:\nWe basically always change the same few pages.\nIn a database as a queue, if all works well, the tables change a lot, but never grow. There are very few actual data pages that make up the small queue table, but very many inserts and deletes. We have to persist them to disk to be ACID, in the log. But there is hardly any need to checkpoint, and even then it’s very few full pages to write out.\nHere you can see how much log writes dominate checkpoints in this extreme scenario.\nIf you made it this far, welcome and get your storage nerd badge at the counter.\n","date":"2021-02-25T00:00:00Z","href":"https://blog.koehntopp.info/2021/02/25/mysql-from-below.html","tags":["lang_en","mysql","database"],"title":"MySQL from Below"},{"categories":null,"content":"Where I work, we try to run databases in a memory saturated way. That is, we try to provide so much memory that the working set of the database is memory resident, or in other words, the number of disk reads after an initial warmup is no longer dependent on the database load.\nWorkload Intelligence Analytics showing \u0026ldquo;IOPS over time\u0026rdquo; for a mixed read/write benchmark on Datera iSCSI.\nWe can validate and prove that with automated load testing: For each replication chain we single out a production host, and increase the hosts weight in the load balancer until the system load1 becomes critical. Observing the system behavior in the load test, we see the select rate load go up, but the disk reads stay largely unchanged.\nWe usually terminate an automated load test when around 3/4 the number of cores in the system are busy, or when the relevant accounts query latency goes out of bounds. We record the system performance at bailout, and with appropriate margins use this as a scale factor for predictive autoscaling.\nWe have found reactive autoscaling to be unsuitable for databases, but that is another story.\nAll of this is on completely autoprovisioned baremetal blades. Baremetal provides extremely little jitter in performance: There is no crosstalk from storage that is local, and there is no crosstalk from memory or CPU, because you are fundamentally alone on the box.\nIn a virtualized environment this changes. You gain the ability to buy and run much fatter machines, and to provide smaller database instances for services, but you need to run with distributed storage and have to live with potential crosstalk from shared infrastructure.\nSo I am at the moment validating various storage systems for MySQL needs.\nWorkload characteristics as fio config I can classify my database production chains basically by write load: Read load is usually not relevant - it is drowned by local buffer pool, or by the distributed storage systems cache mechanisms.\nWhen it is not, it is what it is, because it is too large for anything.\nSo my benchmark is the classical MySQL \u0026ldquo;16 KB random write is an excellent predictor for your machineries performance\u0026rdquo; benchmark. I can divide my customers into \u0026ldquo;200 commit/s\u0026rdquo;, \u0026ldquo;2000 commit/s\u0026rdquo; and \u0026ldquo;whatever the machinery can provide\u0026rdquo; classes, and this results in a small fio configuration.\nEach section is run individually, sequentially:\n[global] size=800g filename=fio.0 directory=/a/fio fadvise_hint=0 blocksize=16k direct=1 runtime=600 ioengine=libaio time_based [w1q1-200] rw=randwrite numjobs=1 iodepth=1 rate_iops=200 rate_process=poisson [w1q1-2000] rw=randwrite numjobs=1 iodepth=1 rate_iops=2000 rate_process=poisson [w1q1-unlimited] rw=randwrite numjobs=1 iodepth=1 [w1q2-200] rw=randwrite numjobs=1 iodepth=2 rate_iops=200 rate_process=poisson [w1q2-2000] rw=randwrite numjobs=1 iodepth=2 rate_iops=2000 rate_process=poisson [w1q2-unlimited] rw=randwrite numjobs=1 iodepth=2 [w8q1-200] rw=randwrite numjobs=8 iodepth=1 rate_iops=200 rate_process=poisson [w8q1-2000] rw=randwrite numjobs=8 iodepth=1 rate_iops=2000 rate_process=poisson [w8q1-unlimited] rw=randwrite numjobs=8 iodepth=1 [w8q2-200] rw=randwrite numjobs=8 iodepth=2 rate_iops=200 rate_process=poisson [w8q2-2000] rw=randwrite numjobs=8 iodepth=2 rate_iops=2000 rate_process=poisson [w8q2-unlimited] rw=randwrite numjobs=8 iodepth=2 In the [general] section I provide the parameters common to all benchmarks: I mount my storage into /a and create /a/fio as a test directory.\nWe are using the XFS file system, because we have found the commit performance in ext4 to be highly jittery: While the best case commit in ext4 is almost twice as good as in XFS, there are inexplicable sync pauses every now and then that lead to three digit ms downspikes in performance, and they ruin the MySQL experience. With XFS we get one single, fixed commit rate with almost no jitter: Stable plannable performance \u0026raquo; good peak performance!\nIn this example I am running relatively short 600s test runs, which is not suitable for a validation - they need to run an hour or longer, each, because some storage systems show phase changes after long run times. They are suitable for quick testing to zoom in into interesting scenarios, though.\nI am working with direct io (direct=1) and the MySQL 16 KB blocksize on an 800 GB test file, using the libaio engine, which mirrors the MySQL use of the system pretty well.\nAll my test scenarios are using the same schema: randwrite of said 16 KB blocks, in either a single thread or with 8 threads. I am setting a queue depth of 1 or 2, to get worst case and best case performance estimates. For the rated tests, I am setting an rate_iops of 200 or 2000 and observe the latency behavior, and there is always also an unlimited test to establish saturated behavior. Basically, I want to estimate runway length for abuse cases.\nCollecting test data I am running all of that with an ugly ad-hoc driver script that runs each test case recording the fio output, the iostat output during the run and running the test under a blktrace -d /dev/$device -D . -a issue -a complete.\nThe blktrace can later be fed to Oakgate Workload Intelligence . This is an analyzer that feeds on blktrace and other input and plots device behavior over time, generates histograms and generally gives insight into storage behavior. The system can also use recorded workloads from real world applications and replay them for synthetic benchmarks to be run on new storage systems.\nThe ugly little bash driver, which will soon be a proper piece of Python:\n#! /bin/bash # drive under test drive=sdb fio=$HOME/fio.cfg # yes, ugly pause=3 jobs=$(awk \u0026#39;/\\[/ \u0026amp;\u0026amp; ! /\\[global\\]/ { print substr($0, 2, length($0)-2); }\u0026#39; $fio ) mkdir $drive cp fio.cfg doit $drive for i in $jobs do echo \u0026#34;Running Job $i $(date)\u0026#34; # make a working dir, and run blktrace and iostat in it [ -d $drive/$i ] \u0026amp;\u0026amp; rm -rf $drive/$i mkdir $drive/$i until [ -n \u0026#34;$blktrace_pid\u0026#34; ] \u0026amp;\u0026amp; sudo kill -0 \u0026#34;$blktrace_pid\u0026#34; do ( cd $drive/$i; sudo blktrace -w 700 -d /dev/$drive -D . -a issue -a complete ) \u0026amp; blktrace_pid=$! sleep $pause done ( cd $drive/$i; iostat -x -k 10 \u0026gt; iostat.log ) \u0026amp; iostat_pid=$! echo \u0026#34;Blktrace: ${blktrace_pid} Iostat: ${iostat_pid}\u0026#34; sleep $pause fio --section=$i $fio | tee $drive/$drive-$i.run sleep $pause kill ${iostat_pid} sleep $pause pkill iostat while sudo kill -0 $blktrace_pid do echo \u0026#34;Blktrace $blktrace_pid still running.\u0026#34; sleep 1 done sleep $pause ( cd $drive; tar cvzf $i.tgz $i ) rm -rf $drive/$i done I end up with a directory named after the drive under test, containing the entire description of the test environment, plus subdirectories for each scenario, containing all recorded data. I can tar that up and carry it home for analytics.\nExample graphs I am mostly interested into the behavior of the system along \u0026ldquo;IOPS over time\u0026rdquo;, \u0026ldquo;Latency over time\u0026rdquo; and \u0026ldquo;Latency histogram\u0026rdquo;.\nLooking at the unconstrained, single threaded, queue depth=2 cases I get a relatively representative quick overview over the result:\nCeph has a commit latency of around 1.1ms, which at a queue depth of 2 results in around 1800 IOPS. Datera has a commit latency of around 0.17ms, which results in around 9000 IOPS, but with nasty downspikes to some 6500ish IOPS.\nThe benchmark is a bit unfair, because we compare an extremely large and extensively optimized Ceph production cluster against a 3-node minimal out-of-the-box Datera. The Datera produces a number of nasty downspikes, which would not happen in a tuned and larger production cluster. It can already be seen that the Datera has an almost, but not quite, 10x advantage in commit latency.\nIt can also be somewhat seen the Ceph driver can leverage multiple queues (and that is confirmed in other benchmarks): It should produce around 900 IOPS at 1.1ms commit latency, but at a queue depth of 2 it produces 2x that.\niSCSI cannot do that out of the box: We need to install blk-mq and see what that does, or use something that does NVME over Fabric over TCP instead. Both these things have multiple queues, and would also be able to take advantage of deeper queues to NVME backends.\nMore work would have to go into building out the Datera cluster, and configuring it properly to properly show its real strength, but already it wipes the floor with the Ceph with respect to commit latency.\nIt also shows that the Ceph can carry the \u0026ldquo;200 commit/s\u0026rdquo; workload class without problems. One will have to make compromise with runway length (\u0026ldquo;Time for warning and migration when workload grows\u0026rdquo;) and with replication delay and catchup SLOs - customers will either have to accept more delay and longer catchup times, or accept that the cluster will run in YOLO mode in catchup (innodb_flush_log_at_trx_commit=2 until replication has caught up).\nThere is probably little chance to run the \u0026ldquo;2000 commit/s\u0026rdquo; workload class in a stable way on Ceph, until one can make guarantees about queue depths and parallel writes.\nBoth systems max out at around 20000 commit/s when run in their respective \u0026ldquo;ideal\u0026rdquo; mode, which happens to be the commit latency to a single flash drive.\nInterestingly, NVME does not matter much here : NVME can offer 40x more IOPS than SATA SSD, but individual commits will still be at about the same speed as with SATA. You need 40x parallel access to eat all the buffet on offer.\nTo drive Ceph to 20.000 IOPS, you will have to run 16 threads at a queue depth of 2 (or 32 threads at queue depth 1) consistently, feeding all the driver queues in parallel. This is not a kind of workload a transactional system can easily produce.\nTo drive Datera to 20.000 IOPS, two or three threads running unlimited will suffice. This is still hard on a transactional system, but a doable challenge.\nWhile the recommendation is clear (\u0026ldquo;Use Datera over Ceph for transactional distributed storage\u0026rdquo;), it is interesting to see how Ceph has matured and does no longer completely suck at doing small transactional workloads.\n","date":"2021-02-24T00:00:00Z","href":"https://blog.koehntopp.info/2021/02/24/validating-storage.html","tags":["lang_en","mysql","database"],"title":"Validating storage"},{"categories":null,"content":"The DBA experience at work suggests that every single schema at some point in its lifecycle holds a queue table. These are tables in which some processes (the “producers”) put rows, which a swarm of other processes (the “consumers”) lock and consume.\nA variation on that theme is the state machine, in which jobs are placed by producers. Consumers do not immediately delete them, but update them a few times to indicate processing progress, before the rows are ultimately being deleted.\nAnother variation is using the search and sort capabilities of the database to fetch jobs from the queue out of order (“queue with lookahead and selective de-queueing”), while still maintaining the exactly-once semantics.\nUsing a database as a queue can be ok-ish Using a database as a queue is not wrong, up to a point:\nYou get ACID semantics. That means your updates are atomic and isolated, transactional, and they are durable, persisted to disk. This makes it possible to build queues with “exactly once” execution semantics, which is a thing developers like a lot. You already have a database handle, and you already understand your ORM, so you do not have to pile on more dependencies, and you do not need to learn additional technologies. Now, once you pass “the point” in that “up to a point” phrase, things get nasty:\n“Exactly once” semantics are really expensive to implement: They require that each insert, delete or update is associated with a transaction, which in turn is associated with a disk write.\nYou get to enqueue, dequeue and state change your things exactly as quickly as a single server can flash its disk lights, and in the next step, as quickly as your replication hierarchy can pass on things downstream.\nOn bare-metal, that costs you a bit, but because bare-metal gives you awesome amounts of capacity with very little jitter for very reasonable amounts of money, we can bear quite a bit of this work.\nIn the cloud, using a database-as-a-queue is approximately equivalent to pouring petrol on money and throwing a match. It is the wrong technology for that kind of workload in that environment from the get-go.\nNot using databases as queues Replayability One specific property of the above setup that is expensive, and hard to reproduce outside a transactional database is the exactly-once thing. “At most once (maybe never)” or “at least once (maybe multiple times)” are alternative queue semantics that are much cheaper to implement, because they allow you to get rid of disk writes, and also of many disk seeks.\nKafka for example gives you “at least once”: You get to consume a stream, and you can jump backwards and re-consume what you already saw, in order, no searching. The jump backwards is possible for a small window of a few hours or a day, or whatever other deal you can make with the Kafka team.\nReading the same item multiple times is not a problem if the jobs in the queue are idempotent, that is, replayable.\nNot replayable are relative updates: “set x = x + 1”, “add an order to the table, give me the ordernumber”.\nReplayable are absolute updates: “set x = 7” (you read 6, did the math and enqueued 7), “add order 17372 to order table” (you made an order number beforehand and push the order into the queue with an already fixed identity).\nBasically, to make things idempotent, you need to give them either fixed identities so that you can remember if you saw things before, or you need to make the writes absolute instead of incremental, or both.\nSo if you find a way to group your jobs into transactions, and make all individual operations in your transaction replayable, you could push the entire stream through Kafka, and it would be cheaper. Much cheaper, in fact, in a cloud environment.\nRe-queuing and sorting If you use a queue table with selecting and sorting (“queue with lookahead and selective dequeueing” from above), you can look into consuming a block of things from your input queue and splitting them into multiple streams or different topics, or maybe sort them and re-queue them.\nSo basically, instead of pushing things into a single queue and then grabbing items out of order, you can consume the input in blocks, perform your intermediate selection and sorting process and them push to multiple outputs.\nAgain, the result can ride on Kafka instead of MySQL and would be more cloud-compatible.\nRe-queuing updates For the state machine use-case you would have to solve writing updates to a base record, before it is finally consumed in total. Your state machine would be eating one item from the input, perform the associated action, and then push the updated record back into the same, or a different queue.\nWhat if I don’t? Undo-Log woes In A Blast From The Past we see what happens to MySQL with long-running transactions, and in MySQL Transactions we discuss what goes on internally in the database when we do transactions, and especially how that can be painful if these transactions are long-running.\nNote that any database will at some point in time have long-running transactions, even if your code does not. Database maintenance operations such as cloning replicas or making backups can do that without interruption only by maintaining a read view, which leads to Undo-Log explosion.\nSo queue-as-a-database will eventually explosively grow the undo-log, or individual tables, and disk space from these structures is hard to reclaim by the operating system. You will run at some point in time into disk space problems from churn, even if the absolute amount of data is small. Binlog woes and Replication Delay\nIn a replicated MySQL changes to any table (also queue tables) are written to the binlog, which is being kept for a few days for point in time recovery and for replication. This uses disk space.\nNote that any write is binlogged, even deletes. So when you delete data, you have less disk space (because deletes are binlogged), until after a few days the binlog is purged.\nThe binlog is being consumed by replicas as close to realtime as possible. But if you write too much, again, it is possible to overwhelm the replicas, and you will experience replication delay.\nIf your producers write to the replication primary, but your consumers read from the replicas, replication delay will add additional latency. You will be unhappy (and see Kafka, above).\nThis is per-instance It is also important to remember that this is per-instance, not per-table, and also not per-schema. The purge thread looks at transactions, not at schemas or tables. In a transaction, a number of changes to the instance can happen, atomically.\nSo imagine a shared mysqld process that has 1000 customers with different schemas, all of them unrelated, and one of them opens a transaction and keep it open for four hours. The purge thread will stop for all the customers, because in theory it is possible to have a single transaction that spans all 1000 customer’s schemas.\nThe undo-log will grow out of bounds, and all 1000 customers will experience slow queries.\nThis is how you denial-of-service a shared MySQL with no effort or expense at all.\nWhat should I do? And what is the limit? As a developer, you want to write an application and get it going without piling on a lot of dependencies or learning too many technologies, or dealing with limitations such as unreliable or repeated queue deliveries.\nMySQL can deliver such things, up to a point.\nThat is okay for a prototype. If you implement queues, state-machines or other rapidly writing structures in a MySQL, you should monitor transaction volume and prepare an escape strategy early, and implement that in time. Tech debt is okay, if it is managed properly.\nAs a benchmark, and for comparison: At this point in time, one specific application at work processes around 7-10 million auto-increment values per replication hierarchy per hour, with several updates per row. That is where we run into operational toil due to pushing the envelope. That is around 3.000 new rows per second, and a multiple of that with updates. An unconstrained bare-metal SSD can do around 20.000 commits per second in hardware. That is why we run into operational toil with 3.000 new rows (with multiple updates per rows) per second with said application. Our replication assumes around 2.000 transactions/s as minimum capability. We can batch up some things and apply them in parallel, if the transaction structure allows that. That is why replication does not lag, even if the primary does more than 2.000 txn/s. How much parallel replication can help here is completely dependent on the ordering constraints imposed by the transactions themselves. In the cloud, the limits are likely to be much lower, depending on instance and volume sizes chosen, and going there is a solid cost item.\nYou will need to look at things with a much sharper lens.\n","date":"2021-01-28T00:00:00Z","href":"https://blog.koehntopp.info/2021/01/28/database-as-a-queue.html","tags":["lang_en","mysql","mysqldev"],"title":"Database as a Queue"},{"categories":null,"content":"When people ask for my mail address, they usually get a personalized address from me. That is particularly true for all commercial email. So you don\u0026rsquo;t get to send mail to my main account, but to kris-yourbusiness@koehntopp.de , and that will end up going into INBOX.special.yourbusiness. At least until it leaks, receives spam or is otherwise burned. In which case I will short it out and route all incoming mail on that address to /dev/null. Here is how it is done.\nMailer setup I run exim and in my exim.conf I have\nkris_virtuserfile: driver = redirect domains = +kris_domains local_part_suffix = +* : -* local_part_suffix_optional headers_remove = X-local-part-suffix headers_add = X-local-part-suffix: ${original_local_part} owners = kris allow_fail allow_defer data= ${lookup{$local_part@$domain}dbm*@{/home/kris/Exim/virtusertable.dbm}} The important part here is the local_part_suffix = +* : -*. This enables amending the local part of a mail address with an extension. So if kris is a valid local user for delivery, kris-yourbusiness and kris+yourbusiness become valid addresses, too, and will be delivered to the local user kris.\nI define local_part_suffix_optional, because unfortunately for legacy reasons the actual local user must remain reachable for legacy reasons.\nI also define header_remove = X-local-part-suffix to remove this particular X-header from all incoming mail, and then add it back with X-local-part-suffix: ${original_local_part}. This will prevent external mail with a hand-crafted fake X-local-part-suffix header from coming through, and then preserve the original local part for sorting, in exactly this X-header line.\nFrom this config we get the following behavior: kris-yourbusiness@koehntopp.de is being delivered to the local user kris, and with an X-local-part-suffix: kris-yourbusiness header line added to the mail. Note that we get kris-yourbusiness, and not yourbusiness in this header line.\nLocal delivery Local delivery is controlled by the local user, kris. Kris happens to have defined a .forward such as\nkris:~ $ cat .forward |/usr/bin/procmail This will invoke procmail for local delivery. procmail is a rule based local delivery agent with a horrible Syntax.\nYou can define variables, and later refer to them using $ as a prefix. Rules start with a :0, and consist of a Regex for header lines, plus a delivery action (usually a folder name for Maildir format, so make sure it ends in a slash).\nThe other important but obscure piece of information is that the exit code of procmail defines the delivery success, and controls the mailer behavior. So checking in the obvious place (/usr/include/sysexits.h, of course!) you learn:\nkris:~ $ cat /usr/include/sysexits.h ... #define EX_NOINPUT 66 /* cannot open input */ #define EX_NOUSER 67 /* addressee unknown */ #define EX_NOHOST 68 /* host name unknown */ ... We remember that the magical number 67 as an exit code makes exim bounce mail with user unknown.\nThe end result:\nkris:~ $ cat .procmailrc PATH=/bin:/usr/bin:/usr/local/bin MAILDIR=$HOME/Maildir LOGFILE=$HOME/Procmail/procmail.log DEFAULT=$HOME/Maildir/ BOUNCE=/dev/null SPAM=$MAILDIR/.spam TRASH=$MAILDIR/.system.trash BOUNCELOG=$MAILDIR/.system.bounces # Subrule to define a \u0026#34;user unknown\u0026#34; bounce, as an example. # Subrule, because we also record the bounce in the bouncelog folder. :0 * ^X-local-part-suffix: kris-macheist { EXITCODE=67 :0 i $BOUNCELOG/ } # Rule to route mail to the trash folder :0 * ^X-local-part-suffix: kris-bitly $TRASH/ # all mail to kris-yourbusiness goes to INBOX/.special.yourbusiness, # which becomes the INBOX.special.yourbusiness folder. # # We use sed and tr, this could be more efficient. Basically, we clean # up unwanted characters and transform to lower case. :0 * ^X-local-part-suffix:.*kris-\\/[^@]+ $MAILDIR/.special.`echo $MATCH | sed -e \u0026#39;s!([^)]*)!!g\u0026#39; -e \u0026#39;s![^a-zA-Z0-9_-]!_!g\u0026#39; | tr A-Z a-z`/ # Filter through spamc :0fw | /usr/bin/spamc # If spam detected, deliver to different folders depending on score :0 * ^X-Spam-Level:.*\\*\\*\\*\\*\\*\\*\\*\\*\\*\\* $SPAM.sure/ :0 * ^X-Spam-Level:.*\\*\\*\\*\\*\\* $SPAM/ Note how we detect the X-local-part-suffic before we run spam detection and sorting. This allows mail to subaddresses to always go through and bypass all spam filtering, so in exchange for having a personally identifiable mail address you get guarantee delivery. Conversely, if you abuse the privilege you are routed to $TRASH/.\nMail User Agent I used to run Apple Mail.app with this setup, and now on Windows am using eM Client . eM Client is a commercial email client, and is available for Windows and Mac, and is easily the best email client I have ever used, with Mail.app being a close second for my workflow.\nIn my case, I define a smart folder search which will find all unread mail in all folders (except $list of exceptions), and show it in a single folder. I want the search to automatically discover newly generated folders automatically, and I need the folder name shown in the overview.\nA smart folder, finding all unread mail anywhere, and showing it by folder. I made a few mails unread for demonstration.\nThat way, I can see if I get a mail claiming to be from YourBusiness: If it is not in the yourbusiness folder, I am deleting it without reading. Phishers will have to send phishing mail to the correct folder for your personalized business mail address in order to be even considered.\nI also can $TRASH/ rule burned addresses rather quickly, and that keeps my inbox clean.\n","date":"2021-01-20T00:00:00Z","href":"https://blog.koehntopp.info/2021/01/20/unlimited-mail-adresses.html","tags":["lang_en","mail"],"title":"Unlimited Mail Addresses"},{"categories":null,"content":"Deutschland ist im Lockdown, die Schulen sind endlich geschlossen und es wird remote unterrichtet. Weil es Deutschland ist, passiert das in jedem Bundesland anders und uneinheitlich. In Baden-Württemberg verwendet man Moodle . Wer sich da drunter nichts vorstellen kann, kann es sich hier ansehen.\nIn Bawü wird eine getrennte Moodle-Instanz pro Schule installiert, aber halt viele Instanzen pro Server, weil Server recht groß sind. In Summe muß man bummelig 940.000 Schüler abfrühstücken. Die Strukturen in Moodle sind kleinräumig (Klassen, Jahrgänge, Schulen) und nicht stark quer verbunden, sodaß sich das im Grunde relativ leicht skalieren lassen sollte. Dennoch kam es im Frühjahr zum Engpässen, weil das Moodle-Projekt auf andere Projektziele und -größen geplant war (\u0026ldquo;Pilotschulen\u0026rdquo;) als es gebraucht wurde (\u0026ldquo;Lockdown\u0026rdquo;).\n\u0026ldquo;Samstags Nachts um 1: Moodle Server Einbau Selfie!\u0026rdquo; \u0026ndash; Sebastian Neuner , 23-Mar-2020\nDas Selfie oben zeigt Sebastian Neuner beim Aufrüsten der Hardware im Rechenzentrum. Er berichtet von Maschinen mit 72-96 Cores, 512-1024GB RAM, und 10 GBit/s Uplinks (sowie 20 Gbit/s SAN-Links zum Storage). CPUs sind AMD 7451 und Intel Gold-6150 . Davon sind dann jeweils zwei in einer Maschine, und dadurch ergeben sich dann die 72 bzw 96 Cores.\nIm Sommer hat man dann noch einmal nachgerüstet und am 7-Jan-2021 kam dann die letzte Nachlieferung :\n\u0026ldquo;Heute morgen wurden 2 Paletten mit 7 weiteren Servern für Moodle geliefert.\u0026rdquo; \u0026ndash; BelWü , 07-Jan-2021\nDennis Urban merkt an: \u0026ldquo;In den sieben Maschinen sind AMD EPYC 7h12 CPUs drin. Langsam wird der Monitor zu klein .\u0026rdquo;\nIn den Kommentaren dann ein Haufen Bemerkungen und Fragen:\nWieso sind das Dells und keine von Thomas Krenn? Wieso physikalische Server und das nicht in einer Cloud klicken? Wieso stehen die nicht an der Schule, sondern in irgendeinem Rechenzentrum? Nun habe ich mit dem BelWü und Moodle nichts am Hut, aber zu diesen Dingen kann ich aus anderen Gründen sinnvoll etwas beisteuern, also habe ich die Fragen einmal beantwortet (Twittertypisch mitten in den Thread gelinkt , weil es anders nicht sinnvoll funktioniert).\nWieso sind das Dells? Wer viele Server hat, der will die automatisch installieren. Das ist viel einfacher, wenn man einen einigermaßen einheitlichen Serverpark hat.\nServer haben einen Baseboard Management Controller (BMC). Das ist ein kleiner Rechner, der immer angeschaltet ist und der den großen Rechner inventarisieren, konfigurieren und ein- und ausschalten kann.\nTheoretisch sind die BMCs inzwischen einigermaßen standardisiert: Die Desktop Management Task Force DMTF hat dafür den Standard Redfish definiert. In der Praxis sind die verschiedenen BMCs alle unterschiedlich defekt und man muß wissen, welchen Hersteller in welcher Version man am Rohr hat, damit man um dessen Bugs gezielt drum herum arbeiten kann. Mein Arbeitgeber hat dazu BMC Butler entwickelt und auf Github öffentlich gemacht, ebenso das Inventarisierungstool Dora und eine Reihe von weiteren Tools.\nKauft man sich jetzt Rechner von einem weiteren Hersteller dazu, dann muß man die eigene Automatisierung erst einmal validieren und anpassen. Das ist schnell mal ein halbes Jahr Arbeit.\nDas ist auch okay, denn größere Aktionen in einem Rechenzentrum haben ebenfalls schnell mal ein halbes Jahr Vorlauf. Wie dem auch sei: 7 Rechner bekommt man eventuell relativ schnell, aber einen ganzen Raum in einem Rechenzentrum voll zu laden war eine Aktion mit Schiffscontainern aus Taiwan.\nMeist hat man Rahmenverträge mit Händlern (\u0026ldquo;OEMs\u0026rdquo;, Original Equipment Manufacturer, zum Beispiel Dell oder HP) oder - bei größeren Mengen - Herstellern (\u0026ldquo;ODMs\u0026rdquo;, Original Device Manufacturer, zum Beispiel QCT oder Wywinn), und meistens genau zwei: Man will halt mehr als einen und so wenige wie möglich, weil alles kompliziert ist.\nWieso nicht in der Cloud? Weil Cloud unglaublich teuer ist. In meinen Kostenrechnungen liegen die Kosten für Cloud-Deployments pro Monat in etwa gleichauf mit (oder höher als!) Kostenrechnungen für Bare Metal in eigenen Rechenzentren pro Jahr (Strom, Netz, anteilige Netzwerk-Hardware, Rechenzentrumsplatz und alles andere inbegriffen).\nDas kann man alles noch optimieren, aber auf beiden Seiten der Gleichung und am Ende kommt in etwa dasselbe heraus: Cloud ist in etwa eine Größenordnung teurer als das alles selbst zu machen.\nAnders herum bedeutet das, daß man das eigene Bare Metal hemmungslos überdimensionieren kann und immer noch unter AWS-Preisen herauskommt. Ist ja auch logisch: Wenn man einem Milliardär seine Weltraumfirma nicht mit finanzieren muß, \u0026hellip;\nWas man dabei nicht mit rechnet: Die höhere Latenz (s.o: 6 Monate Vorlauf - man muß überdimensionieren) und die Personalkosten für die eigene Entwicklung (Servermanagement, API für Provisionierung und so weiter).\nDas lohnt sich erst ab einer gewissen Mindestgröße. Für kleine Läden lohnt sich die Cloud trotz der hohen Instanzkosten, weil die Software schon fertig entwickelt ist. Kleine Läden haben auch keine Kapazitätsprobleme beim Provisionieren in der Cloud.\nWenn man natürlich wegen eines RZ-Ausfalls \u0026ldquo;ein Megawatt Kapazität\u0026rdquo; mal eben in der Cloud klicken will, dann geht das nicht \u0026ldquo;wegen Quota\u0026rdquo;. Die Quota gibt es nicht nur, um teure Fehler zu vermeiden, sondern weil auch \u0026ldquo;die Cloud\u0026rdquo; nicht \u0026ldquo;mal eben ein MW Kapazität\u0026rdquo; zur Hand hat, sondern Rechenzentrumsplatz bauen, Rechner kaufen und installieren muß im RZ der Wahl, damit das geht.\nDabei unterscheiden sich Clouds deutlich: Azure setzt auf Kapazität \u0026ldquo;vor Ort\u0026rdquo;: man hat also sehr, sehr viele Standorte und die sind dann mitunter sehr klein. Da mal eben 10.000 \u0026ldquo;Amazon m5.4xl\u0026rdquo; zu holen (etwa 1 MW) geht dann halt nicht und schon gar nicht in einer AZ. Amazon und Google sind anders strukturiert, und wenn man Glück hat kriegt man 10k Instanzen dieser Größe, aber sicher nicht auf Zuruf und in der AZ der Wahl (\u0026ldquo;Wir haben Eure 150 PB Hadoop jetzt in Finnland, aber das Processing für die 2500 Nodes muß nach London\u0026rdquo; \u0026ldquo;Und wer zahlt dann den Traffic?\u0026rdquo;).\nUnd halt nicht für sinnvolles Geld.\nWieso nicht in der Cloud? Cloud macht total Sinn für einmalige Tasks. Die Bild-Assets von 1.2 Millionen Hotels in drei neuen Größen für einen neuen Mobildienst bereit zu stellen und dafür einen Bildskalierer durch Parallelisierung um einige Monate zu beschleunigen ist eine ideale Cloudanwendung: dynamisch Wegwerfkapazität kaufen (\u0026ldquo;Spot Instances\u0026rdquo;), den Task durchlaufen lassen und dann die Instanzen aufgeben.\nCloud macht total Sinn für experimentelle Tasks. Machine Learning auf GPU oder Google Tensor Processors auszuprobieren ist sehr viel sinnvoller, als experimentelle Hardware mit 36 Monaten Abschreibung zu kaufen, die dann alle 6-9 Monate (inzwischen: 18 Monate) ersetzt werden muß, weil sich das Thema weiter entwickelt hat und die Hardware veraltet ist (und dann festzustellen, daß man eh nur 7kW pro Rack kann, aber ein dicker Klotz mit GPUs drin schon mal gerne 14 oder 21kW pro Rack an Abwärme da läßt).\nCloud lohnt nicht, wenn man 600.000 Schüler für 10 Jahre an 220 Tagen im Jahr mit einer IT Infrastruktur versorgen muß. Das ist quasi das Anti-Cloud Szenario: Garantierte Basislast für Dekaden in vorhersehbarer Menge, bewährte konventionelle Technik und relativ stabiles Anwendungsumfeld. Selbst wenn man die Maschinen in 3 Jahren abschriebe kann man leicht 5 Jahre Betrieb aus den Dingern bekommen, bevor man sie ersetzt.\nErsetzen wird man sie, denn nach 5 Jahren wird der Betrieb vermutlich unrentabel. Neue Hardware wäre so viel leistungsfähiger, daß man dieselbe Leistung mit weniger Hardware, weniger Strom und weniger RZ-Platz erbringt und so viel Geld spart. Eine Maschine verbraucht in 5 Jahren circa ihren Anschaffungspreis in Strom.\nWas auch teuer ist in einer Cloud-Anwendung ist Netzwerk, und dort speziell ausgehender Verkehr. AWS ist berühmt dafür, eingehenden und ausgehenden Datenverkehr sehr unterschiedlich zu bepreisen, und in den Medien findet man viele Berichte in der Art NASA to launch 247 petabytes of data into AWS – but forgot about eye-watering cloudy egress costs before lift-off .\nVideochat Anwendungen wie Zoom sind in AWS nicht ökonomisch zu betreiben. Corey Quinn berichtet von Zoom , und wieso man dort statt AWS die Oracle-Cloud gewählt hat. Oracle als Firma ist spät in das ganze Cloud-Geschäft eingestiegen und muß sich um Kunden bemühen, daher zielt man bewußt auf Kunden mit viel ausgehenden Verkehr und macht die Preise dort anders.\nWieso stehen die nicht an der Schule, sondern im RZ? Eine Schule ist der denkbar schlechteste Ort, um Rechner zu betreiben. Fünf dicke Maschinen für eine Schule mit 1000 Schülern brauchen ein Rack, Strom und Netz und produzieren Abwärme, die vermutlich aktiv weg gekühlt werden muß. Kein Ort an einer Schule ist dafür geeignet, das zu betreiben. Kleine Strom- und Kühlsysteme sind ineffizient.\nObendrein: so teure Hardware mit personenbezogenen Daten auf den Speichern an einer Schule zu lagern ist auch rein von der physischen Sicherheit nicht machbar. In meiner Schulzeit, es ist schon einige Dekaden her, hat man den Medienraum der Schule, an der ich war, mehr als einmal leer gemacht. Das waren keine besonders begabten Leute, sondern Junkies auf der Suche nach Wertgegenständen zum schnellen Verticken.\nIn einem Rechenzentrum hat man nicht nur eine für Rechner geeignete Umgebung mit Strom, Netz und Kühlung, sondern kann auch Personal auslasten, das sich mit Dingen wirklich auskennt und mehr kann als Dinge ein- und auszuschalten. Netz ist genug da: im Rechenzentrum sowieso und die Kapazität einer einzelnen Glasfaser (normal legt man Bündel) ist für den interessierten Laien im Grunde unbegrenzt.\nWen es interessiert: OptiX OSN 6800 , ein Stück Huawei DWDM Hardware zum Ausleuchten einer Langstrecken-Glasfaser mit bis zu 80 Kanälen (40 Frequenzen x 2 Polarisierungen) und 100 GBit/s pro Kanal - 8 TBit, pro Faser. Es ist eine Frage von Bedarf und Geld, aber nicht wirklich ein technisches Problem. Innerhalb des Rechenzentrums nimmt man billigeres Glas, billigere Laser mit niedrigerer Leistung und hat dafür wesentlich mehr Fasern. Glas liegt durchgehend, mindestens bis zur \u0026ldquo;DSL Anschlußbox\u0026rdquo; auf dem Gehsteig, und ab da ist in Deutschland dann alles schwierig.\nMein Jitsi ruckelt nicht, Tweak.nl sei Dank!\nJedenfalls ist es, Cloud oder nicht, sinnvoller Netz in die Schule zu legen und für Strom und Netz in allen Klassenräumen zu sorgen (das muß man in jedem Fall tun!), als Server in die Schule zu stellen. Eine Schule ist ungefähr der dümmste mögliche Platz für Server, die Raspi 4s mit den Minecraft-Servern des Informatik-Kurses ausgenommen.\nWie sieht so etwas aus? Nun habe ich mit dem Netz und dem Moodle in Bawü nichts zu tun, aber ich habe in meiner Arbeit gelegentlich mit Computern oder Rechenzentrums-Ausstattungen zu tun, und dabei auch einige Fotos machen können.\n2. Januar 2019: Anlieferung neuer Hardware für einen neuen Rechenzentrumsraum, ein LKW alle 2 Stunden.\nWir haben ein Staging Area zum Auspacken und Organisieren der Hardware. Noch ist es leer.\nDann: Auspacken, Verpackungsmaterial shreddern, und die Geräte in den eigentlichen Rechnerraum fahren, wo sie geracked werden.\nJedes Gerät kommt mit Verpackung, Palette, Handbüchern und Stromkabeln für unterschiedliche Nationen. So viel Holz in der IT!\nVorne die Hardware, hinten der Müll.\nRackrückseite. bis zu 16 Blades pro Chassis, 4 Chasis pro Rack. Bitte beim Verkabeln keine Fehler machen!\nLeere Racks im eigentlichen RZ-Raum, warten auf die Hardware.\n\u0026ldquo;Laser\u0026rdquo; (SPF-Module), für das Netzwerk.\nEs ist noch viel zu tun.\nGerätefront nach Einbau: Ein Dell Bladecenter Chasis mit 14/16 Blades bestückt. Jede Blade hat 2 CPUs, einige hundert GB Speicher, 2 SSDs und 10 GBit/s Netzwerk.\nNach 3 Tagen sind die ersten Geräte grün (Provisionierbar - nach Burn In, Firmware Update und Base OS Install). Es wird noch 2 weitere Tage dauern, bis der Rest nachkommt.\nAll dies ist in erster Linie eine Logistik-Aufgabe: Man muß den kommenden Bedarf abschätzen, planen und dabei auch das Upgrade veralteter Hardware mit Planen, dann Rechenzentrumsplatz und Strom bereitstellen, und unterdessen Modelle wählen, verhandeln, bestellen und dann parallel die Site vorbereiten. Wenn die Lieferung kommt, ist auspacken, validieren und racken angesagt. Alles in allen muß man 12 Monate oder mehr in die Zukunft sehen.\n(Ich habe von 2016 bis Mitte 2019 RZ-Kapazität geplant. Die Bilder sind vom Januar 2019).\nCloud hätte auch nicht geholfen Update: Belwue Trouble Ticket Nach verschiedenen Optimierungen am Montag bestehen keine nennenswerten Probleme mehr. Die Spitzenlast um 8 Uhr konnte so am Dienstag gut abgefangen werden.\nNach dem, was mir berichtet wurde, ist ein guter Datenbank-Admin wohl mehr wert als Cloud und Bare Metal Rechenzentrum zusammen. Durch eine gemeinsame Anstrengung wurden einige Moodle-Queries an die Datenbank entscheidend verbessert und Indices nachgerüstet. Außerdem wurde das Schreibverhalten der Datenbank auf SSD entscheidend besser konfiguriert, sodaß es durch die großen Mengen Speicher nicht mehr zu Schreibstürmen kommt.\nDer Effekt ist an der Heatmap zu sehen:\nResponse Time Heatmap vom Bawü Moodle für den 12. Januar 2021. Die X-Achse zeigt die Uhrzeit. Die Y-Ache zeigt logarithmisch die Antwortzeit. Die meisten Antworten kommen in weniger als einer Zehntelsekunde, jetzt wo die Datenbank optimiert ist. (via Dennnis Urban Besonders viel Ärger hat wohl eine bestimmte Kalender-Query gemacht. Da Moodle Open Source Software ist, kann man das Ticket sehen .\n\u0026ldquo;Jetzt sind 3300 Cores in der Plattform und eine Summen-Load von unter 1000, heute. Gestern noch um die 3000.\u0026rdquo; sagte man mir. Ein System mit 3000 Cores ist mit einer Load von 3000 genau am Anschlag (Runnable Threads == vorhandene Cores). Eine Load von 1000 auf 3000 Cores ist angenehm und sollte stabil durchhalten.\nMit mehr Leistung - in Cloud oder auf Bare Metal - hätte das System nur schneller und teurer gewartet. Der Fehler war nur unter Last zu finden und durch Datenbanktuning zu beheben, nicht durch mehr Spielzeug.\nUnd weil Leute gefragt hatten: Moodle läuft mit 300 Usern pro Core recht rund, und bekommt wohl in diesem Szenario ab dem 2.5-fachen davon Probleme.\nEdit: Userzahlen Dennis Urban korrigiert in einer DM:\nEine Frage bzw. Anmerkung: in Bawü gibts derzeit 1,4 Mio SchülerInnen und so 140k LehrerInnen: Wir haben so 940k registrierte Benutzer.\nAus irgendwelchen Gründen listet der ursprünglich verlinkte Statista-Artikel die Berufsschüler nicht auf. Statistik Bawü hat die ganzen Zahlen.\nEdit: Merkwürdigkeiten Im Nachgang zu diesem Artikel kam es zu diversen Diskussionen auf Twitter. Ein Haufen Leute hat sich beim Moodle-Team von BaWü über die Performance von BBB beschwert. Dieser Dienst wird zwar in Moodle integriert, ist aber von einem anderen Team an einer anderen Institution in einer anderen Stadt betrieben.\nEventuell ist es sinnvoll, die IT-Organisation an Schulen nicht auf Kreis- oder Landesebene zu zerfasern, sondern Aufwände zu bündeln. Das macht den Betrieb nicht nur zuverlässiger, sondern auch billiger.\nDoch es ist noch \u0026ldquo;komplizierter\u0026rdquo;:\nEin Benutzer hat sich über die Performance von BBB beschwert und zeigte einen Screenshot.\nScreenshot mit nicht funktionierendem BBB: Auf demo2.bigbluebutton.org allerdings.\nDer nächste Versuch der Klassen-VC scheitert - nach der Anmeldemaske passiert bei BBB nichts mehr. Viel Kinder-Enttäuschung, dass das versprochene \u0026ldquo;Arbeiten wie die Großen\u0026rdquo; nie klappt. Stattdessen jetzt: Arbeitsblatt bearbeiten. Vorhandene Motivation: -1000\ndemo2.bigbluebutton.org ist ein Testserver vom BBB Projekt, der in Kanada steht und als Demo-Objekt betrieben wird. Er ist nicht für den Produktiveinsatz gedacht, nicht von GDPR-Richtlinien abgedeckt und selbst wenn er funktionierte wäre er für eine angenehme Videokonferenz zu weit weg.\nMoodle und Big Blue Button sind Softwarepakete, die sich Organisationen wie die Schulorganisation eines Landes selbst installieren können. Als Lehrerin oder Lehrer ist man gut damit beraten auch die korrekte URL zum Verbinden zu nehmen, statt sich im Internet irgendeine Instanz zu suchen.\n","date":"2021-01-12T00:00:00Z","href":"https://blog.koehntopp.info/2021/01/12/600000-user-in-baden-wurttemberg.html","tags":["lang_de","data center","bildung"],"title":"940.000 User in Baden-Württemberg"},{"categories":null,"content":"My son wants labyrinths. Ok, let\u0026rsquo;s make them like it\u0026rsquo;s the first semester.\nWe need a class Labyrinth that holds the dimensions of our maze, and the actual maze, in grid - a List of Lists of integers. That\u0026rsquo;s not exactly a two-dimensional array (it can have a ragged right edge), but it will do for us.\nA basic container for labyrinths class Labyrinth: \u0026#34;\u0026#34;\u0026#34;Store a labyrinth as a List of Lists of Integers. Passages exist in the 4 cardinal directions, N, E, S, and W. We store them as bit flags (N=1, E=2, S=4, W=8). When set, a passage exists from the current cell into the direction indicated by the bitflag. \u0026#34;\u0026#34;\u0026#34; # Grid size width: int height: int grid: List[List[int]] The integer Zero will indicate an unused cell. We then use bits to store passages to the four cardinal directions: 1 for a passage to the North, 2 for a passage to the East, 4 for a passage to the South, and 8 for a passage to the West.\nWhen making a passage, we will need to tear down the wall in the current cell, and we will need to tear down the wall in the new cell, making a backwards passage. One could say that our maze is an undirected graph, and making passages connects the vertices forward and backward.\nWe will need to work with positions, and we define a type for that: A position is a Pos, a two-tuple of integers.\nWe will also need to work with the cardinal directions, and make a type for that: A direction is a Direction, a string. We will also make use of a number of things from random.\nfrom typing import List, Dict, Tuple, Optional, NewType from random import shuffle, randrange, choice, randint Pos = NewType(\u0026#34;Pos\u0026#34;, Tuple[int, int]) Direction = NewType(\u0026#34;Direction\u0026#34;, str) Using this, we can define a few useful things that we will be using a lot. Our bits to encode passages, for example:\n_directions: Dict[Direction, int] = { Direction(\u0026#34;N\u0026#34;): 1, Direction(\u0026#34;E\u0026#34;): 2, Direction(\u0026#34;S\u0026#34;): 4, Direction(\u0026#34;W\u0026#34;): 8, } Also, the back-connections, because we want an undirected graph of passages:\nopposite: Dict[Direction, Direction] = { Direction(\u0026#34;N\u0026#34;): Direction(\u0026#34;S\u0026#34;), Direction(\u0026#34;S\u0026#34;): Direction(\u0026#34;N\u0026#34;), Direction(\u0026#34;W\u0026#34;): Direction(\u0026#34;E\u0026#34;), Direction(\u0026#34;E\u0026#34;): Direction(\u0026#34;W\u0026#34;), } And we need to be able to translate a Direction into a change in coordinates, in order to be able to step:\ndx: Dict[Direction, int] = { Direction(\u0026#34;N\u0026#34;): 0, Direction(\u0026#34;S\u0026#34;): 0, Direction(\u0026#34;E\u0026#34;): 1, Direction(\u0026#34;W\u0026#34;): -1, } dy: Dict[Direction, int] = { Direction(\u0026#34;N\u0026#34;): -1, Direction(\u0026#34;S\u0026#34;): 1, Direction(\u0026#34;E\u0026#34;): 0, Direction(\u0026#34;W\u0026#34;): 0, } We can now initialize our class:\ndef __init__(self, width: int = 10, height: int = 10) -\u0026gt; None: \u0026#34;\u0026#34;\u0026#34; Construct a labyrinth with no passages in the given dimensions \u0026#34;\u0026#34;\u0026#34; self.width = width self.height = height self.grid = [[]] * self.height for y in range(0, self.height): self.grid[y] = [0] * self.width return Some basic Python wiring We will probably suck and need to be able to dump a labyrinth object, so let\u0026rsquo;s build a __repr__() for it. If you have an instance and print it, Python will try to invoke __str__() for a human readable representation of the object. If that does not exist (or we print(repr(l))), Python will try __repr__() instead. This is supposed to produce a debug representation of a thing.\nSo let\u0026rsquo;s make one:\ndef __repr__(self) -\u0026gt; str: \u0026#34;\u0026#34;\u0026#34; Dump the current labyrinths passages as raw integer values \u0026#34;\u0026#34;\u0026#34; s = \u0026#34;\u0026#34; for y in range(0, self.height): s += f\u0026#34;{y=}: \u0026#34; for x in range(0, self.width): s += f\u0026#34;{self.grid[y][x]:04b} \u0026#34; s += \u0026#34;\\n\u0026#34; return s Our Labyrinth is mostly a container for these integers representing cells, with a bit of sugar on top. Let\u0026rsquo;s make the cells directly accessible:\ndef __getitem__(self, item: Pos) -\u0026gt; int: \u0026#34;\u0026#34;\u0026#34; Return the passages at position item: Pos from the labyrinth \u0026#34;\u0026#34;\u0026#34; if not self.position_valid(item): raise ValueError(f\u0026#34;Invalid Position: {item=}\u0026#34;) r = self.grid[item[1]][item[0]] return r def __setitem__(self, key: Pos, value: int) -\u0026gt; None: \u0026#34;\u0026#34;\u0026#34; Set the passages at position key: Pos to value: int \u0026#34;\u0026#34;\u0026#34; if not self.position_valid(key): raise ValueError(f\u0026#34;Invalid Position: {key=}\u0026#34;) if not (0\u0026lt;=value\u0026lt;=15): raise ValueError(f\u0026#34;Invalid cell value: {value=}\u0026#34;) self.grid[key[1]][key[0]] = value return I can now make me a l= Labyrinth and then p = Pos((10, 10)) and print(l[p]) to print a single element at position (10, 10). Python will invoke the __getitem__() with this Pos tuple and return me the element. Likeweise I can assign to l: l[p] = 10, and that will invoke __setitem__() with the proper parameters.\nSome important predicates The predicate position_valid() is still missing, and we will need similar things for Directions, too.\nLet\u0026rsquo;s make them:\ndef position_valid(self, p: Pos) -\u0026gt; bool: \u0026#34;\u0026#34;\u0026#34; Predicate, true if the p: Pos is valid for this labyrinth \u0026#34;\u0026#34;\u0026#34; return 0 \u0026lt;= p[0] \u0026lt; self.width and 0 \u0026lt;= p[1] \u0026lt; self.height def direction_valid(self, d: Direction) -\u0026gt; bool: \u0026#34;\u0026#34;\u0026#34; Predicate, true if Direction d is valid \u0026#34;\u0026#34;\u0026#34; return d in self.directions() We also build a getter, directions() that returns the directions from the _directions bit encoder array above, and the same thing randomized under the name of random_directions(). We grab the list and apply Pythons shuffle().\ndef directions(self) -\u0026gt; List[Direction]: return list(self._directions.keys()) def random_directions(self) -\u0026gt; List[Direction]: \u0026#34;\u0026#34;\u0026#34;Return all cardinal directions in random order. \u0026#34;\u0026#34;\u0026#34; d = self.directions() shuffle(d) return d Stepping into the Labyrinth We now can make a step(pos, direction), which takes one Pos, and makes a step into the given Direction.\ndef step(self, p: Pos, d: Direction) -\u0026gt; Pos: \u0026#34;\u0026#34;\u0026#34;Starting at Pos p, walk one step into Direction d, return a new position. The new position is guaranteed to be valid.\u0026#34;\u0026#34;\u0026#34; if not self.direction_valid(d): raise ValueError(f\u0026#34;Invalid Direction {d=}\u0026#34;) if not self.position_valid(p): raise ValueError(f\u0026#34;Invalid Position {p=}\u0026#34;) np = Pos((p[0] + self.dx[d], p[1] + self.dy[d])) if not self.position_valid(np): raise ValueError( f\u0026#34;Invalid Position {np=}: Step from {p=} into {d=} leaves the grid.\u0026#34; ) return np The new position is guaranteed to be valid. We will raise ValueError for all invalid things - wrong parameters, and wrong results. Some of them may arguably be IndexErrrors instead, but I actually have little need for this distinction here, and it will only make the code more complicated later on.\nTear down a wall Now I can build me a function that makes a passage from a given Pos, into a given Direction:\ndef make_passage(self, p: Pos, d: Direction) -\u0026gt; None: \u0026#34;\u0026#34;\u0026#34;At Pos p into Direction d, make a passage and back. \u0026#34;\u0026#34;\u0026#34; if not self.direction_valid(d): raise ValueError(f\u0026#34;Invalid Direction {d=}\u0026#34;) if not self.position_valid(p): raise ValueError(f\u0026#34;Invalid Position {p=}\u0026#34;) np = self.step(p, d) self[p] |= self._directions[d] self[np] |= self._directions[self.opposite[d]] return It may also be useful to have this as a predicate can_make_passage(), which returns true if I can make a passage that is not there, yet.\ndef can_make_passage(self, p: Pos, d: Direction) -\u0026gt; bool: \u0026#34;\u0026#34;\u0026#34;Predicate, true if valid passage that is not there, yet.\u0026#34;\u0026#34;\u0026#34; if not self.direction_valid(d): raise ValueError(f\u0026#34;Invalid Direction: {d=}\u0026#34;) if not self.position_valid(p): raise ValueError(f\u0026#34;Invalid Position: {p=}\u0026#34;) try: np = self.step(p, d) except ValueError as e: # We stepped off the grid. return False # Success, if the world would change by removing this wall. pre_elem = self[p] post_elem = pre_elem | self._directions[d] return pre_elem != post_elem This raises exceptions for invalid input values. It will return False for passages that would lead off grid, and also returns False is this is not a new, but already existing passage.\nRecursive digging Now we can pretty easily and concisely write down a tunnel digging algorithm that will build us a fully connected labyrinth, a random minimal spanning tree for the grid.\nAt this point it is a subclass of Labyrinth, but it really should be a strategy of Labyrinth instead. Python on my system has a default recursion nesting limit of 1000, so the longest path can be 1000 steps until we overflow the stack. This is good for a 31x31 grid at best, and we would need to change sys.setrecursionlimit(new_value) for more.\nclass Backtracking(Labyrinth): \u0026#34;\u0026#34;\u0026#34;Build a labyrinth using a backtracking algorithm.\u0026#34;\u0026#34;\u0026#34; def carve(self, pos: Optional[Pos] = None, show: Any = None) -\u0026gt; None: \u0026#34;\u0026#34;\u0026#34;carve passages starting at Pos p using recursive backtracking. Carves passages into the labyrinth, starting at Pos p (Default: 0,0), using a recursive backtracking algorithm. Uses stack as deeply as the longest possible path will be. \u0026#34;\u0026#34;\u0026#34; # Set start position if not pos: pos = Pos((0, 0)) # Probe in random order directions = self.random_directions() for d in directions: # try to step into this direction try: np = self.step(pos, d) except ValueError: # We stepped off the grid -\u0026gt; ignore this direction continue if show: show(self, red=pos, green=np) # if the position is clean, make a passage, and recurse if self[np] == 0: self.make_passage(pos, d) self.carve(np, show=show) What we have here is a function carve() that will dig a tunnel, starting at pos. If no pos is given, we default to the origin (0,0).\nFor the current position, we will check all possible directions in random order: can we step there? If so, we break down the walls and make a passage, then step there and recurse.\nWe have provided the option to supply a callback function show= (for which we skimped on the typing, tsk, tsk!). If such a function is supplied, we call it with the old and the new position as parameters. We need to make sure to pass on the show= function, if there is one, when we recurse.\nHere is a labyrinth generation in progress:\nPainting the labyrinth Our Labyrinth Painter uses Pygame. It draws cells that are size= wide, and are framed with line_width= thick lines.\nimport sys from time import sleep from typing import Optional import pygame from src.labyrinth import Labyrinth, Pos WHITE = (255, 255, 255) BLACK = (0, 0, 0) RED = (200, 50, 50) GREEN = (50, 200, 50) LIGHT_BLUE = (230, 230, 255) class LabyrinthPainter: surface: pygame.surface.Surface size: int line_width: int def __init__(self, lab, size=100, line_width=5) -\u0026gt; None: self.size = size self.line_width = line_width self.show_init(lab) return We start pygame, and make us a surface in a window:\ndef show_init(self, lab: Labyrinth) -\u0026gt; None: pygame.init() self.surface = pygame.display.set_mode( ( self.size * lab.width + self.line_width, self.size * lab.height + self.line_width, ) ) self.surface.fill(WHITE) pygame.display.flip() return We then implement a show function, which draws a bunch of squares in funny colors:\ndef show( self, lab: Labyrinth, red: Optional[Pos] = None, green: Optional[Pos] = None ): for y in range(0, lab.height): for x in range(0, lab.width): self.square(lab, Pos((x, y)), red, green) A square needs to find out what color it should be in, and then needs to be drawn. For that we need corners: North-East, North-West, South-East, and South-West.\nWe do not really have many dependencies on Labyrinth: Element access, and we should really use direction names instead of raw bits for decoding here.\ndef square( self, lab: Labyrinth, pos: Pos, red: Optional[Pos] = None, green: Optional[Pos] = None, ) -\u0026gt; None: xpos, ypos = pos[0], pos[1] el = lab[pos] nw = (xpos * self.size, ypos * self.size) ne = ((xpos + 1) * self.size, ypos * self.size) sw = (xpos * self.size, (ypos + 1) * self.size) se = ((xpos + 1) * self.size, (ypos + 1) * self.size) color = LIGHT_BLUE if el == 0: color = BLACK if red and pos == red: color = RED if green and pos == green: color = GREEN pygame.draw.rect(self.surface, color, nw + (self.size, self.size)) # North Border if not (el \u0026amp; 1): pygame.draw.line(self.surface, BLACK, nw, ne, width=self.line_width) # East Border if not (el \u0026amp; 2): pygame.draw.line(self.surface, BLACK, ne, se, width=self.line_width) # South Border if not (el \u0026amp; 4): pygame.draw.line(self.surface, BLACK, sw, se, width=self.line_width) # West Border if not (el \u0026amp; 8): pygame.draw.line(self.surface, BLACK, nw, sw, width=self.line_width) Nothing of this will be visible until we call flip(). For debugging, we provide the flip() as part of two waiting functions:\n@staticmethod def wait() -\u0026gt; None: # self.keywait() pygame.display.flip() for event in pygame.event.get(): if event.type == pygame.QUIT: pygame.quit() sys.exit() if event.type == pygame.KEYDOWN: if event.key == pygame.K_ESCAPE: pygame.quit() sys.exit() sleep(0.05) @staticmethod def keywait() -\u0026gt; None: pygame.display.flip() while True: for event in pygame.event.get(): if event.type == pygame.QUIT: pygame.quit() sys.exit() if event.type == pygame.KEYDOWN: if event.key == pygame.K_SPACE: return if event.key == pygame.K_ESCAPE: pygame.quit() sys.exit() sleep(0.05) The first function checks the Pygame event queue for a QUIT event (close button on the window has been hit) or an ESC key press. If either of them happened, we exit the program. Otherwise we delay a bit (and should make this a settable parameter).\nThe second method busy waits on a space bar press (and also allows quitting) before it continues. It will allow us to step through the program and observe how everything works at our leisure.\nA small driver that puts everything together:\nfrom random import randrange from src.backtracking import Backtracking, Pos from src.labyrinth_painter import LabyrinthPainter def show_and_wait(lab: Backtracking, red: Pos, green: Pos): painter.show(lab, red, green) LabyrinthPainter.wait() labyrinth = Backtracking(width=20, height=20) painter = LabyrinthPainter(labyrinth, size=30, line_width=4) start = Pos((10,10)) labyrinth.carve(start, show=show_and_wait) while True: red = Pos((randrange(0, 20), randrange(0, 20))) green = Pos((randrange(0, 20), randrange(0, 20))) if red != green: break painter.show(labyrinth, red=red, green=green) LabyrinthPainter.keywait() We make ourselves a labyrinth instance, and a painter instance. We define a starting position in the middle of the field, then start the carver with a callback. The callback will be activated by the carve() function with the old position pos as red and the new position np as green square. Untouched squares will show up in black, and carves squares will be shown in light blue.\nIn the end we display the final labyrinth, showing two random positions as start and end position. This will work because our labyrinth is an undirected minimal spanning tree of the grid, so any two positions are connected by exactly one path.\nNot recursing We can rewrite the original carve() function to not use recursion. It will look almost the same:\nclass DepthFirst(Labyrinth): \u0026#34;\u0026#34;\u0026#34;Build a labyrinth using a backtracking algorithm.\u0026#34;\u0026#34;\u0026#34; def carve(self, pos: Optional[Pos] = None, show: Any = None) -\u0026gt; None: \u0026#34;\u0026#34;\u0026#34;carve passages starting at Pos p using iteration and a stack.\u0026#34;\u0026#34;\u0026#34; # Set start position if not pos: pos = Pos((0, 0)) # Stackframe: # (pos, directions): positions and the directions that still need checking. stack = [(pos, self.random_directions())] while stack: # print(f\u0026#34;{stack=}\u0026#34;) pos, directions = stack.pop() while directions: # Consume one direction d = directions.pop() # Can we go there? try: np = self.step(pos, d) except ValueError: continue if show: show(self, red=pos, green=np) # Is the new position np unused? if self[np] == 0: # Remove wall self.make_passage(pos, d) # If we still have directions to check, push current position back if directions: stack.append((pos, directions)) # In any case, add the new position (and all directions) stack.append((np, self.random_directions())) break # while directions: -\u0026gt; continue with np Instead of recursing we here have a local stack stack. On this stack we put pairs of (pos, directions): For each position we remember the directions at this position that still need checking. We prime this with the starting position and the full list of all four cardinal directions, randomly shuffled.\nWe then pop us the current work item, and check if there are still directions we have not processed (there are, we just started). We consume one, and try to go there. If this is a legal position to be in, and the position is empty (0), we tear down that wall.\nNow we push this position and the remaining directions sans the one we just checked back. Then we add the new position and all four directions properly shuffled on top of that. Finally we break out of the while directions: loop.\nThis will move us to the outer loop, where we pop the new position and start working on that one: A depth-first search.\nOur stack list is not subject to sys.recursionlimit and so we can process larger grids. We still use the same amount of memory: we remember the same things. On a 100x100 grid, the theoretical longest possible path is 10000 steps long and that would be the biggest possible stack for that grid.\nSee Also Maze Generation: Recursive Backtracking , Jamis Buck, 27-Dec-2010.\nBasil \u0026amp; Fabian , Jamis Buck, April 2014\nCode in github ","date":"2021-01-10T00:00:00Z","href":"https://blog.koehntopp.info/2021/01/10/labyrinths-in-python.html","tags":["lang_en","python"],"title":"Labyrinths (in Python)"},{"categories":null,"content":"Heise writes an introduction to bash programming (in german) :\nBash ist eine vollwertige Programmiersprache, mit der Sie alltägliche Aufgaben leicht automatisieren.\nBash is a fully featured programming language that you can use to automate everyday tasks.\nBash is not a fully featured programming language at all, and nothing in bash is ever easy. You are advised to use a proper programming language early on in development, and if possible never put bash commands into a file.\nA few early warning signs to look out for:\nBash is somewhat okay to handle files. If you find yourself handling lines, words or characters instead of entire files, you are using the wrong tool. The script you are working on should have been written in something else. Bash is really bad at math. If you are doing math, especially if it is not small positive integers, you should have been using something else. Bash is really bad at handling any kind of UI. If you start thinking about curses, Tk or Qt, you should have been using something else. Bash is also bad at safely handling filenames with weird characters in them, bad at handling Unicode, bad at handling Errors and bad at many other elementary things.\nBasically, it is better to start in something else right away if the things move away from an interactive command line and end up in a file. Use whatever you like as an interactive command line, but do not write bash or shell scripts.\nShell is a thing you want to understand and then not use, because you learned to understand it. (in German, from 1998 )\nFor the rest of this discussion, we assume \u0026ldquo;Python 3\u0026rdquo; as an instance of \u0026ldquo;something else\u0026rdquo;, but if you are older than 50, feel free to use \u0026ldquo;Perl\u0026rdquo; instead.\nIf you are already doing Python, the rest of this is not for you. You already know these things.\nDo not modify the system python Use the system Python, if possible, but do not try to modify the system Python installation. Use a virtual environment for packages, instead.\n$ mkdir myscript $ cd !$ $ python3 -mvenv venv $ source venv/bin/activate This will create a local (symlinked) copy of the system python, and activate it as the interpreter environment to modify if you install dependencies. You will want to update pip, install wheel and then maintain a file named requirements.txt at the top level of the myscript directory. It will contain the names of the packages (optionally with version pins) you depend on. You can install the dependencies using pip install -r requirements.txt.\n$ cat revenv.sh #! /bin/bash deactivate rm -rf venv python3 -mvenv venv source venv/bin/activate pip install --upgrade pip pip install wheel pip install -r requirements.txt pip freeze -r requirements.txt \u0026gt; requirements-frozen.txt It deactivates the venv, throws away the installed venv, and then re-makes it from the requirements.\nYes, that is a shell script. There are ways to do the same things natively and better.\nIt is extensively documented in An Overview of Packaging for Python , for example Managing Application Dependencies and Packaging Python Projects .\nRunning a local Python package registry is as simple as exposing a directory with a specific file structure using a web server, see here , and a step-by-step walkthrough for a kind of minimal setup can be found here .\nDo not try to write Bash in Python In an online discussion, somebody remarked :\nI do not think that\nsubprocesss.run([\u0026quot;ls\u0026quot;, \u0026quot;-l\u0026quot;, \u0026quot;/dev/null\u0026quot;], capture_output=True)\nis more intuitive or less error prone, but different people have different opinions.\nThat is correct.\nThe point here is that this is not useful at all, in a Python program. That line will then produce output such as\ncrw-rw-rw- 1 root root 1, 3 Dec 7 12:15 /dev/null\nand that needs parsing to be useful for anything. You\u0026rsquo;d not do that at all in Python, ever.\nfrom pathlib import Path s = Path(\u0026#34;/dev/null\u0026#34;).stat() print(s) os.stat_result(st_mode=8630, st_ino=6, st_dev=6, st_nlink=1, st_uid=0, st_gid=0, st_size=0, st_atime=1607339753, st_mtime=1607339753, st_ctime=1607339753) Now we can talk. In Bash, everything always is a string.\nIn a proper programming language, we have a wealth of basic data types, and can use them in containers to construct aggregate types or even objects, and we can make use of this.\nUsing Path().stat() we get access to the same information in useful form that combines nicely with any number of powerful language and library features.\nIf you need to run commands, consume JSON So what if you have to run an external command to do things?\nHopefully the external commands produce something structured such as JSON:\nimport subprocess import json lvs = subprocess.run([\u0026#34;lvs\u0026#34;, \u0026#34;--reportformat=json\u0026#34;], capture_output=True) lvs_output = json.loads(lvs.stdout) for k in lvs_output[\u0026#39;report\u0026#39;][0][\u0026#39;lv\u0026#39;]: print(k[\u0026#39;lv_name\u0026#39;], k[\u0026#39;lv_size\u0026#39;]) blogbackup 20.00g dedibackup 100.00g disk_images 40.00g gitlab 10.00g halde 350.00g iot 30.00g kvm 60.00g unifi 10.00g backup 4.00t tm_aircat 1.00t tm_joram 1.50t tm_mini 512.00g win_kk 2.08t home 60.00g swap 32.00g ubuntu 80.00g This imports the modules subprocess and json for use.\nIt then uses the command lvs --reportformat=json to list all LVM2 logical volumes in the system. The command is specificed as an argument list, so no interim bash is spawned, instead the command is run directly from Python, using subprocess.run() , capturing the output.\nThe output, being JSON formatted, is turned into Python native data structures, using json.loads() . We then iterate the data we collected, printing a system report from Python.\nThere are other ways to do the same : LVM2 offers liblvm2app and an API, and a binding of that API to Python exists (but seems to be rather unmaintained, so I\u0026rsquo;d rather use the JSON approach).\nUseful modules that come with the system sys, os, pathlib So you already know about sys , and os . Maybe you use pathlib instead of os.path .\nsys is the meta about your Python environment. It offers you detailed introspection about the version, the base operating system platform, and many other things that relate to your runtime environment.\nos is the access to the operating system, allowing you to manipulate files and many other base operating system abstractions\npathlib is a higher level convenience interface built on top of that, which overloads the / operator and allows you to manipulate operating system path names in a portable way. It offers functions to parse pathnames, is os.stat() aware and has basename() and dirname() functionality, plus globbing.\nPath can completely replace os-like file access, and there is a handy table at the end of the manpage.\nshutil Basic shell file operations can be handled with shutil .\nThis module has a number of file copy operations available, which are aware of operating system specifics and modern metadata presence. There are also copytree and rmtree operations. Since Python 3.8 there are operating system specific high-efficiency implementations available which are network drive aware and are automatically used (MacOS fcopyfile, os.sendfile(), and others).\nThe module also offers a set of functions that deal with common archive formats such as zip, tar, and other compressors. There is a framework to register additional compressors and archive formats.\nNote that the walk() function is part of the os module, not the shutil module. It can be used to iterate over a filesystem subtree in a number of ways, offering find(1) like functionality.\nargparse, click, docopt Python delivers argparse with the standard libary, and has extensive tutorials for it. It works pretty much as one would expect\n#! /usr/bin/env python3 import argparse parser = argparse.ArgumentParser() parser.add_argument(\u0026#34;--size\u0026#34;, help=\u0026#34;file size\u0026#34;, type=int) args = parser.parse_args() print(args.size, type(args.size)) and\n$ ./keks.py --help usage: keks.py [-h] [--size SIZE] optional arguments: -h, --help show this help message and exit --size SIZE file size $ ./keks.py --size 10 10 \u0026lt;class \u0026#39;int\u0026#39;\u0026gt; There are a number of more refined options that allow for positional, keyword and more restricted optional arguments (the type we have been using here), with typechecking and choices.\nclick and docopt are not part of the standard libary, so it means picking up an external dependency.\ndocopt is built around the concept of docstrings, so option parsers are configured from the program documentation at the start of the program.\nclick is built around the concept of Python decorators , and allows things such as\n#! /usr/bin/env python import click @click.command() @click.option(\u0026#39;--size\u0026#39;, required=True, type=int, help=\u0026#39;file size\u0026#39;) def size(size): print(size, type(size)) if __name__ == \u0026#39;__main__\u0026#39;: size() and\n$ ./probe.py --help Usage: probe.py [OPTIONS] Options: --size INTEGER file size [required] --help Show this message and exit. $ ./probe.py --size 10 10 \u0026lt;class \u0026#39;int\u0026#39;\u0026gt; Click is very complete, extensible and specifically the tool of choice for large commands that require the implementation of subcommands (git log, git add, git commit type interfaces).\nfileinput In this context also useful is fileinput , a helper that consumes pathnames from the command arguments and offers you the lines from the files named, in one single stream or separated.\nThere is a number of support options for writing filters, in-place file changes and similar programs.\nIt is possible to install decompressor/compressor hooks, as well as data encodoers/decoders.\nstat The os.stat() example from the very beginning of this text is easier expanded on with the stat module, which has a number of constants and helpers that make more sense out of the data delivered by the operating system.\nglob, fnmatch Python has a glob and fnmatch modules, but you are probably better off using Path.glob from the more modern and portable pathlib instead.\ntempfile Temporary filenames, files and file handles can be made safely with tempfile , another standard libary.\ndifflib, filecmp There are a number of modules that deal in comparisons of files, difflib computes diff-like output with a nice programming interface, and filecmp compares files and directory trees, finding files with different content or attributes.\nini files, yaml and json The python standard libary offers readers and writers for ini files and json . Handling yaml is an external dependency.\nsched, daemon, pidfile, and pystemd A simple-cronlike timer facility, sched comes with the system libraries.\nActually becoming a background process with python-daemon picks up an external dependency. So does handling PIDfiles with python-pidfile .\nThe external dependency pystemd allows you to speak dbus to talk to systemd, but you would not notice that from the usage: you can deal with systemd units as native Python objects and query and control them.\nsubprocess And of course, we already mentioned subprocess.run() , the swiss army knife of bad old shell interfacing. Make sure you prefer commands that can produce JSON, that will hurt a lot less.\nAddenda Various System Shells : Shell inconsistencies What exactly was the point of [ \u0026quot;x$var\u0026quot; = \u0026quot;xval\u0026quot; ]? : How a simple test can fail. ","date":"2021-01-05T00:00:00Z","href":"https://blog.koehntopp.info/2021/01/05/using-python-to-bash.html","tags":["lang_en","python","bash","devops"],"title":"Using Python to bash"},{"categories":null,"content":"This is the english version of a 2007 article .\nIn de.comp.os.unix.linux.misc somebody asked:\nAre commands in a script executed strictly sequentially, that is, will the next command only be executed when the previous command has completed, or will the shell automatically start the next command if the system has spare capacity? Can I change the default behavior - whatever it may be - in any way? If you are looking into the fine manual, it may explain at some point that the shell starts each command in a separate process. Then you may continue your thought process and ask what that actually means. As soon as you get to this stage, you may want to have a look at the Unix process lifecycle.\nProcesses and programs A program in Unix is a sequence of executable instructions on a disk. You can use the command size to get a very cursory check of the structure and memory demands of the program, or use the various invocations of objdump for a much more detailed view. The only aspect that is of interest to us is the fact that a program is a sequence of instructions and data (on disk) that may potentially be executed at some point in time, maybe even multiple times, maybe even concurrently.\nSuch a program in execution is called a process. The process contains the code and initial data of the program itself, and the actual state at the current point in time for the current execution. That is the memory map and the associated memory (check /proc/pid/maps), but also the program counter, the processor registers, the stack, and finally the current root directory, the current directory, environment variables and the open files, plus a few other things (in modern Linux for example, we find the processes cgroups and namespace relationships, and so on - things became a lot more complicated since 1979).\nIn Unix processes and programs are two different and independent things. You can run a program more than once, concurrently. For example, you can run two instances of the vi editor, which edit two different texts. Program and initial data are the same: it is the same editor. But the state inside the processes is different: the text, the insert mode, cursor position and so on differ. From a programmers point of view, \u0026ldquo;the code is the same, but the variable values are differing\u0026rdquo;.\nA process can run more than one program: The currently running program is throwing itself away, but asks that the operating system loads a different program into the same process. The new program will inherit some reused process state, such as current directories, file handles, privileges and so on.\nAll of that is done in original Unix, at the system level, with only four syscalls:\nfork() exec() wait() exit() Usermode and Kernel Context switching: Process 1 is running for a bit, but at (1) the kernel interrupts the execution and switches to process 2. Some time later, process 2 is frozen, and we context switch back to where we left off with (1), and so on. For each process, this seems to be seamless, but it happens in intervals that are not continous.\nWhenever a Unix process does a system call (and at some other opportunities) the current process leaves the user context and the operating system code is being activated. This is privileged kernel code, and the activation is not quite a subroutine call, because not only is privileged mode activated, but also a kernel stack is being used and the CPU registers of the user process are saved.\nFrom the point of view of the kernel function, the user process that has called us is inert data and can be manipulated at will.\nThe kernel will then execute the system call on behalf of the user program, and then will try to exit the kernel. The typical way to leave the kernel is through the scheduler.\nThe scheduler will review the process list and current situation. It will then decide into which of all the different userland processes to exit. It will restore the chosen processes registers, then return into this processes context, using this processes stack. The chosen process may or may not be the one that made the system call.\nIn short: Whenever you make a system call, you may (or may not) lose the CPU to another process.\nThat\u0026rsquo;s not too bad, because this other process at some point has to give up the CPU and the kernel will then return into our process as if nothing happened.\nOur program is not being executed linearly, but in a sequence of subjectively linear segments, with breaks inbetween. During these breaks the CPU is working on segments of other processes that are also runnable.\nfork() and exit() In traditional Unix the only way to create a process is using the fork() system call. The new process gets a copy of the current program, but new process id (pid). The process id of the parent process (the process that called fork()) is registered as the new processes parent pid (ppid) to build a process tree.\nIn the parent process, fork() returns and delivers the new processes pid as a result.\nThe new process also returns from the fork() system call (because that is when the copy was made), but the result of the fork() is 0.\nSo fork() is a special system call. You call it once, but the function returns twice: Once in the parent, and once in the child process. fork() increases the number of processes in the system by one.\nEvery Unix process always starts their existence by returning from a fork() system call with a 0 result, running the same program as the parent process. They can have different fates because the result of the fork() system call is different in the parent and child incarnation, and that can drive execution down different if() branches.\nIn Code:\n#include \u0026lt;stdio.h\u0026gt; #include \u0026lt;unistd.h\u0026gt; #include \u0026lt;stdlib.h\u0026gt; main(void) { pid_t pid = 0; pid = fork(); if (pid == 0) { printf(\u0026#34;I am the child.\\n\u0026#34;); } if (pid \u0026gt; 0) { printf(\u0026#34;I am the parent, the child is %d.\\n\u0026#34;, pid); } if (pid \u0026lt; 0) { perror(\u0026#34;In fork():\u0026#34;); } exit(0); } Running this, we get:\nkris@linux:/tmp/kris\u0026gt; make probe1 cc probe1.c -o probe1 kris@linux:/tmp/kris\u0026gt; ./probe1 I am the child. I am the parent, the child is 16959. We are defining a variable pid of the type pid_t.\nThis variable saves the fork() result, and using it we activate one (\u0026ldquo;I am the child.\u0026rdquo;) or the other (\u0026ldquo;I am the parent\u0026rdquo;) branch of an if().\nRunning the program we get two result lines. Since we have only one variable, and this variable can have only one state, an instance of the program can only be in either one or the other branch of the code. Since we see two lines of output, two instances of the program with different values for pid must have been running.\nIf we called getpid() and printed the result we could prove this by showing two different pids (change the program to do this as an exercise!).\nThe fork() system call is entered once, but left twice, and increments the number of processes in the system by one. After finishing our program the number of processes in the system is as large as before. That means there must be another system call which decrements the number of system calls.\nThis system call is exit().\nexit() is a system call you enter once and never leave. It decrements the number of processes in the system by one.\nexit() also accepts an exit status as a parameter, which the parent process can receive (or even has to receive), and which communicates the fate of the child to the parent.\nIn our example, all variants of the program call exit() - we are calling exit() in the child process, but also in the parent process. That means we terminate two processes. We can only do this, because even the parent process is a child, and in fact, a child of our shell.\nThe shell does exactly the same thing we are doing:\nbash (16957) --- calls fork() ---\u0026gt; bash (16958) --- becomes ---\u0026gt; probe1 (16958) probe1 (16958) --- calls fork() ---\u0026gt; probe1 (16959) --\u0026gt; exit() | +---\u0026gt; exit() exit() closes all files and sockets, frees all memory and then terminates the process. The parameter of exit() is the only thing that survives and is handed over to the parent process.\nwait() Our child process ends with an exit(0). The 0 is the exit status of our program and can be shipped. We need to make the parent process pick up this value and we need a new system call for this.\nThis system call is wait().\nIn Code:\n#include \u0026lt;stdio.h\u0026gt; #include \u0026lt;unistd.h\u0026gt; #include \u0026lt;stdlib.h\u0026gt; #include \u0026lt;sys/types.h\u0026gt; #include \u0026lt;sys/wait.h\u0026gt; main(void) { pid_t pid = 0; int status; pid = fork(); if (pid == 0) { printf(\u0026#34;I am the child.\\n\u0026#34;); sleep(10); printf(\u0026#34;I am the child, 10 seconds later.\\n\u0026#34;); } if (pid \u0026gt; 0) { printf(\u0026#34;I am the parent, the child is %d.\\n\u0026#34;, pid); pid = wait(\u0026amp;status); printf(\u0026#34;End of process %d: \u0026#34;, pid); if (WIFEXITED(status)) { printf(\u0026#34;The process ended with exit(%d).\\n\u0026#34;, WEXITSTATUS(status)); } if (WIFSIGNALED(status)) { printf(\u0026#34;The process ended with kill -%d.\\n\u0026#34;, WTERMSIG(status)); } } if (pid \u0026lt; 0) { perror(\u0026#34;In fork():\u0026#34;); } exit(0); } And the runtime protocol:\nkris@linux:/tmp/kris\u0026gt; make probe2 cc probe2.c -o probe2 kris@linux:/tmp/kris\u0026gt; ./probe2 I am the child. I am the parent, the child is 17399. I am the child, 10 seconds later. End of process 17399: The process ended with exit(0). The variable status is passed to the system call wait() as a reference parameter, and will be overwritten by it. The value is a bitfield, containing the exit status and additional reasons explaining how the program ended. To decode this, C offers a number of macros with predicates such as WIFEXITED() or WIFSIGNALED(). We also get extractors, such as WEXITSTATUS() and WTERMSIG(). wait() also returns the pid of the process that terminated, as a function result.\nwait() stops execution of the parent process until either a signal arrives or a child process terminates. You can arrange for a SIGALARM to be sent to you in order to time bound the wait().\nThe init program, and Zombies The program init with the pid 1 will do basically nothing but calling wait(): It waits for terminating processes and polls their exit status, only to throw it away. It also reads /etc/inittab and starts the programs configured there. When something from inittab terminates and is set to respawn, it will be restarted by init.\nWhen a child process terminates while the parent process is not (yet) waiting for the exit status, exit() will still free all memory, file handles and so on, but the struct task (basically the ps entry) cannot be thrown away. It may be that the parent process at some point in time arrives at a wait() and then we have to have the exit status, which is stored in a field in the struct task, so we need to retain it.\nAnd while the child process is dead already, the process list entry cannot die because the exit status has not yet been polled by the parent. Unix calls such processes without memory or other resouces associated Zombies. Zombies are visible in the process list when a process generator (a forking process) is faulty and does not wait() properly. They do not take up memory or any other resouces but the bytes that make up their struct task.\nThe other case can happen, too: The parent process exits while the child moves on. The kernel will set the ppid of such children with dead parents to the constant value 1, or in other words: init inherits orphaned processes.\nWhen the child terminates, init will wait() for the exit status of the child, because that\u0026rsquo;s what init does. No Zombies in this case.\nWhen we observe the number of processes in the system to be largely constant over time, then the number of calls to fork(), exit() and wait() have to balanced. This is, because for each fork() there will be an exit() to match and for each exit() there must be a wait() somewhere.\nIn reality, and in modern systems, the situation is a bit more complicated, but the original idea is as simple as this. We have a clean fork-exit-wait triangle that describes all processes.\nexec() So while fork() makes processes, exec() loads programs into processes that already exist.\nIn Code:\n#include \u0026lt;stdio.h\u0026gt; #include \u0026lt;unistd.h\u0026gt; #include \u0026lt;stdlib.h\u0026gt; #include \u0026lt;sys/types.h\u0026gt; #include \u0026lt;sys/wait.h\u0026gt; main(void) { pid_t pid = 0; int status; pid = fork(); if (pid == 0) { printf(\u0026#34;I am the child.\\n\u0026#34;); execl(\u0026#34;/bin/ls\u0026#34;, \u0026#34;ls\u0026#34;, \u0026#34;-l\u0026#34;, \u0026#34;/tmp/kris\u0026#34;, (char *) 0); perror(\u0026#34;In exec(): \u0026#34;); } if (pid \u0026gt; 0) { printf(\u0026#34;I am the parent, and the child is %d.\\n\u0026#34;, pid); pid = wait(\u0026amp;status); printf(\u0026#34;End of process %d: \u0026#34;, pid); if (WIFEXITED(status)) { printf(\u0026#34;The process ended with exit(%d).\\n\u0026#34;, WEXITSTATUS(status)); } if (WIFSIGNALED(status)) { printf(\u0026#34;The process ended with kill -%d.\\n\u0026#34;, WTERMSIG(status)); } } if (pid \u0026lt; 0) { perror(\u0026#34;In fork():\u0026#34;); } exit(0); } The runtime protocol:\nkris@linux:/tmp/kris\u0026gt; make probe3 cc probe3.c -o probe3 kris@linux:/tmp/kris\u0026gt; ./probe3 I am the child. I am the parent, the child is 17690. total 36 -rwxr-xr-x 1 kris users 6984 2007-01-05 13:29 probe1 -rw-r--r-- 1 kris users 303 2007-01-05 13:36 probe1.c -rwxr-xr-x 1 kris users 7489 2007-01-05 13:37 probe2 -rw-r--r-- 1 kris users 719 2007-01-05 13:40 probe2.c -rwxr-xr-x 1 kris users 7513 2007-01-05 13:42 probe3 -rw-r--r-- 1 kris users 728 2007-01-05 13:42 probe3.c End of process 17690: The process ended with exit(0). Here the code of probe3 is thrown away in the child process (the perror(\u0026quot;In exec():\u0026quot;) is not reached). Instead the running program is being replaced by the given call to ls.\nFrom the protocol we can see the parent instance of probe3 waits for the exit(). Since the perror() after the execl()is never executed, it cannot be an exit() in our code. In fact, ls ends the process we made with an exit() and that is what we receive our exit status from in our parent processes wait() call.\nThe same, as a Shellscript The examples above have been written in C. We can do the same, in bash:\nkris@linux:/tmp/kris\u0026gt; cat probe1.sh #! /bin/bash -- echo \u0026#34;Starting child:\u0026#34; sleep 10 \u0026amp; echo \u0026#34;The child is $!\u0026#34; echo \u0026#34;The parent is $$\u0026#34; echo \u0026#34;$(date): Parent waits.\u0026#34; wait echo \u0026#34;The child $! has the exit status $?\u0026#34; echo \u0026#34;$(date): Parent woke up.\u0026#34; kris@linux:/tmp/kris\u0026gt; ./probe1.sh Starting child: The child is 18071 The parent is 18070 Fri Jan 5 13:49:56 CET 2007: Parent waits. The child 18071 has the exit status 0 Fri Jan 5 13:50:06 CET 2007: Parent woke up. The actual bash We can also trace the shell while it executes a single command. The information from above should allow us to understand what goes on, and see how the shell actually works.\nkris@linux:~\u0026gt; strace -f -e execve,clone,fork,waitpid bash kris@linux:~\u0026gt; ls clone(Process 30048 attached child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7dab6f8) = 30048 [pid 30025] waitpid(-1, Process 30025 suspended \u0026lt;unfinished ...\u0026gt; [pid 30048] execve(\u0026#34;/bin/ls\u0026#34;, [\u0026#34;/bin/ls\u0026#34;, \u0026#34;-N\u0026#34;, \u0026#34;--color=tty\u0026#34;, \u0026#34;-T\u0026#34;, \u0026#34;0\u0026#34;], [/* 107 vars */]) = 0 ... Process 30025 resumed Process 30048 detached \u0026lt;... waitpid resumed\u0026gt; [{WIFEXITED(s) \u0026amp;\u0026amp; WEXITSTATUS(s) == 0}], WSTOPPED WCONTINUED) = 30048 --- SIGCHLD (Child exited) @ 0 (0) --- ... Linux uses a generalization of the original Unix fork(), named clone(), to create child processes. That is why we do not see fork() in a Linux system to create a child process, but a clone() call with some parameters.\nLinux also uses a specialized variant of wait(), called waitpid(), to wait for a specific pid.\nLinux finally uses the exec() variant execve() to load programs, but that is just shuffling the paramters around. At the end of ls (PID 30048) the process 30025 will wake up from the wait() and continue.\nOriginal Code, what Windows does, and what Microsoft thinks about Linux This text is based on a USENET article I wrote a long time ago.\nHere is the original C-code of the original sh from 1979, with the fork() system call. Search for case TFORK:.\nAlso, check out the programming style of Mr. Bourne - this is C, even if it does not look like it.\nThe original 2007 blog article , has a followup article on Windows CreateProcess() , which has not been translated.\nWhen implementing fork() in Windows as part of the WSL 1, Microsoft ran into a lot of problems with the syscall, and wrote an article about how they hate it, and why they think their CreateProcessEx() (in Unix: spawn()) would be better. The PDF makes a number of good points, but is still wrong. :-)\n","date":"2020-12-28T00:00:00Z","href":"https://blog.koehntopp.info/2020/12/28/fork-exec-wait-and-exit.html","tags":["linux","erklaerbaer","computer","lang_en"],"title":"fork, exec, wait and exit"},{"categories":null,"content":"Olya Kudriavtseva has an ugly Christmas sweater :\nHe\u0026rsquo;s making a table. He\u0026rsquo;s sorting it twice. SELECT * FROM contacts WHERE behavior = \u0026ldquo;nice\u0026rdquo;; SQL Clause is coming town! (buy here )\nKatie Bauer observes :\nI mean, except for the fact that sorting something twice is TERRIBLY optimized\nSo how bad is this? Let\u0026rsquo;s find out.\nSome test data We are defining a table santa, where we store peoples names (GDPR, EU Regulation 2016/679 applies!), their behavior (naughty or nice), their age, their location, and their wishlist items.\ncreate table santa ( id integer not null primary key auto_increment, name varchar(64) not null, loc point srid 0 not null, age integer not null, behavior enum(\u0026#39;naughty\u0026#39;, \u0026#39;nice\u0026#39;) not null, wish varchar(64) not null ) We are also writing some code to generate data (to evade GDPR, we are using randomly generated test data):\nfor i in range(1, size): data = { \u0026#34;id\u0026#34;: i, \u0026#34;name\u0026#34;: \u0026#34;\u0026#34;.join([chr(randint(97, 97 + 26)) for x in range(64)]), \u0026#34;xloc\u0026#34;: random()*360-180, \u0026#34;yloc\u0026#34;: random()*180-90, \u0026#34;age\u0026#34;: randint(1, 100), \u0026#34;behavior\u0026#34;: \u0026#34;naughty\u0026#34; if random() \u0026gt; nicelevel else \u0026#34;nice\u0026#34;, \u0026#34;wish\u0026#34;: \u0026#34;\u0026#34;.join([chr(randint(97, 97 + 26)) for x in range(64)]), } c.execute(sql, data) if i%1000 == 0: print(f\u0026#34;{i=}\u0026#34;) db.commit() db.commit() The full data generator is available as santa.py . Note that the data generator there defines more indexes - see below.\nIn our example we generate one million rows, and assume a general niceness of 0.9 (90% of the children are nice). Also, all of our children have 64 characters long names, a single 64 characters long wish, a random age, and are equidistributed on a perfect sphere.\nOur real planet is not a perfect sphere, and also not many people live in the Pacific Ocean. Also, not many children have 64 character names.\nSorting it twice How do you even sort the data twice? Now, assuming we sort by name, we can run an increasingly deeply nested subquery:\nkris@localhost [kris]\u0026gt; select count(*) from santa where behavior = \u0026#39;nice\u0026#39;; +----------+ | count(*) | +----------+ | 900216 | +----------+ 1 row in set (0.25 sec) kris@localhost [kris]\u0026gt; explain select count(*) from santa where behavior = \u0026#39;nice\u0026#39;\\G *************************** 1. row *************************** id: 1 select_type: SIMPLE table: santa partitions: NULL type: ALL possible_keys: NULL key: NULL key_len: NULL ref: NULL rows: 987876 filtered: 50.00 Extra: Using where 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select count(0) AS `count(*)` from `kris`.`santa` where (`kris`.`santa`.`behavior` = \u0026#39;nice\u0026#39;) Out of 1 million children, we have around 900k nice children. No indexes can be used to resolve the query.\nLet\u0026rsquo;s order by name, using a subquery:\nkris@localhost [kris]\u0026gt; explain -\u0026gt; select t.name from ( -\u0026gt; select * from santa where behavior = \u0026#39;nice\u0026#39; -\u0026gt; ) as t order by name; +----+-------------+-------+------------+------+---------------+------+---------+------+--------+----------+-----------------------------+ | id | select_type | table | partitions | type | possible_keys | key | key_len | ref | rows | filtered | Extra | +----+-------------+-------+------------+------+---------------+------+---------+------+--------+----------+-----------------------------+ | 1 | SIMPLE | santa | NULL | ALL | NULL | NULL | NULL | NULL | 987876 | 50.00 | Using where; Using filesort | +----+-------------+-------+------------+------+---------------+------+---------+------+--------+----------+-----------------------------+ 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select `kris`.`santa`.`name` AS `name` from `kris`.`santa` where (`kris`.`santa`.`behavior` = \u0026#39;nice\u0026#39;) order by `kris`.`santa`.`name` We can already see that the MySQL 8 optimizer recognizes that this subquery can be merged with the inner query, and does this.\nThis can be done multiple times, but the optimizer handles this just fine:\nkris@localhost [kris]\u0026gt; explain -\u0026gt; select s.name from ( -\u0026gt; select t.name from ( -\u0026gt; select * from santa where behavior = \u0026#39;nice\u0026#39; -\u0026gt; ) as t order by name -\u0026gt; ) as s order by name; +----+-------------+-------+------------+------+---------------+------+---------+------+--------+----------+-----------------------------+ | id | select_type | table | partitions | type | possible_keys | key | key_len | ref | rows | filtered | Extra | +----+-------------+-------+------------+------+---------------+------+---------+------+--------+----------+-----------------------------+ | 1 | SIMPLE | santa | NULL | ALL | NULL | NULL | NULL | NULL | 987876 | 50.00 | Using where; Using filesort | +----+-------------+-------+------------+------+---------------+------+---------+------+--------+----------+-----------------------------+ 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select `kris`.`santa`.`name` AS `name` from `kris`.`santa` where (`kris`.`santa`.`behavior` = \u0026#39;nice\u0026#39;) order by `kris`.`santa`.`name` We can see using filesort, so while we ask for the query result to be sorted by name twice, it is actually only sorted once.\nNo sorting at all We can improve on this, using a covering index in appropriate order:\nkris@localhost [kris]\u0026gt; alter table santa add index behavior_name (behavior, name); Query OK, 0 rows affected (21.82 sec) Records: 0 Duplicates: 0 Warnings: 0 Having done this, we now see that we lost the using filesort altogether:\nkris@localhost [kris]\u0026gt; explain select s.name from ( select t.name from (select * from santa where behavior = \u0026#39;nice\u0026#39;) as t order by name ) as s order by name; +----+-------------+-------+------------+------+---------------+---------------+---------+-------+--------+----------+--------------------------+ | id | select_type | table | partitions | type | possible_keys | key | key_len | ref | rows | filtered | Extra | +----+-------------+-------+------------+------+---------------+---------------+---------+-------+--------+----------+--------------------------+ | 1 | SIMPLE | santa | NULL | ref | behavior_name | behavior_name | 1 | const | 493938 | 100.00 | Using where; Using index | +----+-------------+-------+------------+------+---------------+---------------+---------+-------+--------+----------+--------------------------+ 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select `kris`.`santa`.`name` AS `name` from `kris`.`santa` where (`kris`.`santa`.`behavior` = \u0026#39;nice\u0026#39;) order by `kris`.`santa`.`name` The query is now annotated using index, which means that all data we ask for is present in the (covering) index behavior_name, and is stored in sort order. That means the data is physically stored and read in sort order and no actual sorting has to be done on read - despite us asking for sorting, twice.\nHidden \u0026lsquo;SELECT *\u0026rsquo; and Index Condition Pushdown In the example above, we have been asking for s.name and t.name only, and because the name is part of the index, using index is shown to indicate use of a covering index. We do not actually go to the table to generate the result set, we are using the index only.\nNow, if we were to ask for t.* in the middle subquery, what will happen?\nkris@localhost [kris]\u0026gt; explain -\u0026gt; select s.name from ( -\u0026gt; select * from ( -\u0026gt; select * from santa where behavior = \u0026#39;nice\u0026#39; -\u0026gt; ) as t order by name -\u0026gt; ) as s order by name; +----+-------------+-------+------------+------+---------------+---------------+---------+-------+--------+----------+-----------------------+ | id | select_type | table | partitions | type | possible_keys | key | key_len | ref | rows | filtered | Extra | +----+-------------+-------+------------+------+---------------+---------------+---------+-------+--------+----------+-----------------------+ | 1 | SIMPLE | santa | NULL | ref | behavior_name | behavior_name | 1 | const | 493938 | 100.00 | Using index condition | +----+-------------+-------+------------+------+---------------+---------------+---------+-------+--------+----------+-----------------------+ 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select `kris`.`santa`.`name` AS `name` from `kris`.`santa` where (`kris`.`santa`.`behavior` = \u0026#39;nice\u0026#39;) order by `kris`.`santa`.`name` In the Code 1003 Note we still see the exact same reconstituted query, but as can be seen in the plan annotations, the internal handling changes - so the optimizer has not been working on this query at all times, but on some intermediary representation.\nThe \u0026lsquo;using index condition\u0026rsquo; annotation points to Index Condition Pushdown Optimization being used. In our example, this is not good.\nWorse than sorting: Selectivity The column we select on is a column with a cardinality of 2: behavior can be either naughty or nice. That means, in an equidistribution, around half of the values are naughty, the other half is nice.\nData from disk is read in pages of 16 KB. If one row in a page matches, the entire page has to be read from disk. In our example, we have a row length of around 200 Byte, so we end up with 75-80 records per page. Half of them will be nice, so with an average of around 40 nice records per page, we will very likely have to read all pages from disk anyway.\nUsing the index will not decrease the amount of data read from disk at all. In fact, we will have to read the index pages on top of the data pages, so using an index on a low cardinality column has the potential of making the situation slightly worse than even a full table scan.\nGenerally speaking, defining an index on a low cardinality column is usually not helpful - if there are 10 or fewer values, benchmark carefully and decide, or just don\u0026rsquo;t define an index.\nIn our case, the index is not even equidistributed, but biased to 90% nice. We end up with mostly nice records, so we can guarantee that all data pages will be read for the SQL SELECT * FROM santa WHERE behavior = \u0026quot;nice\u0026quot;, and the index usage will not be contributing in any positive way.\nWe could try to improve the query by adding conditions to make it more selective. For example, we could ask for people close to our current position, using an RTREE index such as this:\nkris@localhost [kris]\u0026gt; ALTER TABLE santa ADD SPATIAL INDEX (loc); ... kris@localhost [kris]\u0026gt; set @rect = \u0026#39;polygon((10 10, 10 20, 20 20, 20 10, 10 10 ))\u0026#39;; kris@localhost [kris]\u0026gt; select * from santa where mbrcovers(st_geomfromtext(@rect), loc); ... 1535 rows in set (3.53 sec) The ALTER defines a spatial index (an RTREE), which can help to speed up coordinate queries.\nThe SET defines a coordinate rectangle around our current position (supposedly 15/15).\nWe then use the mbrcovers() function to find all points loc that are covered by the @rect. It seems to be somewhat complicated to get MySQL to actually use the index, but I have not been investigating deeply.\nIf we added an ORDER BY name here, we would see using filesort again, because data is retrieved in RTREE order, if the index loc is used, but we want output in name order.\nConclusion The Santa query is inefficient, but likely sorting twice is not the root cause for that. The optimizer will be able to merge the multiple sorts and be able to deliver the result with one or no sorting, depending on our index construction. The optimizer is not using the reconstituted query shown in the warning to plan the execution, and that is weird. Selectivity matters, especially for indices on low cardinality columns. Asking for all nice behaviors on a naughty/nice column is usually not benefiting from index usage. Additional indexable conditions that improve selectivity can help, a lot. ","date":"2020-12-26T00:00:00Z","href":"https://blog.koehntopp.info/2020/12/26/sql-clause-is-coming-to-town.html","tags":["lang_en","mysqldev","mysql"],"title":"SQL Clause is coming to town"},{"categories":null,"content":"Kalenderwoche 51/2020: Lockdown mit Schulschließungen. Nachdem es im März schon einmal Schulschließungen wegen Corona gab, und dort die Defizite technischer und organisatorischer Natur offenbar wurden, hat man in Deutschland die Zeit genutzt und sich auf die vorhergesagte 2. Welle vorbereitet, die jetzt genau eingetroffen ist. Deutschland ist schließlich nicht nur das Land der Dichter und Denker, sondern auch ein Land der Ingenieure und Tüftler, und bekannt für seine funktionierende und effiziente Bürokratie.\nOder?\nDie bayrische Plattform mebis bricht unter dem Ansturm zusammen . Angeblich ist es DDoS, wahrscheinlicher sind es einfach User. Auch LernSax in Sachsen leidet unter bösen Hackern . Vermutlich sind es auch hier User. Unterdessen bricht auch in MVP die itslearning-Instanz zusammen In NRW hat man ebenfalls Probleme und begrenzt die Teilnehmerzahl auf 80 pro Schule (zusammengetragen von @union_watch )\nDazu ein paar Anmerkungen:\nZwei IP-Adressen, beliebig viele Server Es ist mehr als ein Paar Frontend-Server . Die angegebenen IPv4-Adressen 104.16.101.21 und 104.16.102.21 gehören zu Cloudflare:\n$ whois 104.16.101.21 ... NetRange: 104.16.0.0 - 104.31.255.255 CIDR: 104.16.0.0/12 NetName: CLOUDFLARENET NetHandle: NET-104-16-0-0-1 Parent: NET104 (NET-104-0-0-0-0) NetType: Direct Assignment OriginAS: AS13335 Organization: Cloudflare, Inc. (CLOUD14) RegDate: 2014-03-28 Updated: 2017-02-17 Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse Ref: https://rdap.arin.net/registry/ip/104.16.0.0 ... Cloudflare ist ein Betreiber eines CDN (Content Delivery Networks), das Frontend-Dienste mit DDoS-Schutz für alles und jeden anbietet. Cloudflare arbeitet mit DNS basierendem Global Loadbalancing oder mit TCP Anycast . Auf diese Weise kann entweder derselbe DNS-Name oder gar dieselbe IPv4-Adresse zu dem Server aufgelöst werden, der dem Verbindung Suchenden am nächsten liegt. Das Maß \u0026ldquo;am Nächsten\u0026rdquo; ist dabei meist auf der Netzwerk-Topologie definiert, also \u0026ldquo;mit den wenigsten Hops\u0026rdquo; oder \u0026ldquo;mit der geringsten Zugriffsverzögerung (Latenz)\u0026rdquo;, und das muß nicht unbedingt der geographisch am nächsten liegende Server sein.\nHinter dem Loadbalancer liegen also nicht nur mehr als zwei Server, sondern möglicherweise sogar mehr als ein Standort. Es ist die Dienstleistung und das Geschäft von Cloudflare, schlechte (DDoS) von guten Verbindungen zu trennen, und für die guten Verbindungen den netztopologisch am günstigsten gelegenen Server zu verbinden.\nDie Nutzung von Cloudflare macht natürlich auch die Erklärung \u0026ldquo;es ist ein DDoS\u0026rdquo; oder \u0026ldquo;es sind Hacker\u0026rdquo; weniger glaubwürdig. Cloudflares Geschäft ist es, so etwas auszusortieren. Ein paar Schüler, die keinen Bock auf Fernunterricht haben und die deswegen rum kaspern holen Cloudflare im Mittel eher nicht runter.\nServerzahlen und Größen Mebis hatte mal ganze sechs, mittlerweile 28 Server, um 1.7 Millionen Schüler:innen multimediale Lerninhalte zu übermitteln Das muß nichts schlimmes heißen. Insbesondere dann nicht, wenn man ein CDN wie Cloudflare davor schaltet.\nDisclaimer: Ich kenne das Design von mebis nicht. Ich kenne aber Anwendungen von Cloudflare in anderen Kontexten.\nDie Server selbst führen die Anwendung aus. Die Anwendung generiert in der Regel das HTML der Basisseite, und dort drin sind dann die Seiten-Elemente enthalten - also Grafiken, Filme, Zeichensätze, CSS und was sonst noch so von einer Webseite nachgeladen wird, damit sie bunt ist. Dieses HTML ist oft nicht statisch, sondern wird dynamisch unterschiedlich für jeden User generiert.\nEin CDN wie Cloudflare cached in der Regel die statischen Seitenelemente, und verbreitet sie aktiv im Content Delivery Network zu den Edges. Also zu den Servern, die möglichst dicht am User stehen und die dann zum Enduser ausliefern. Medieninhalte wie Filme, Bilder und andere große statische Dinge sind also idealerweise gar nicht auf den Servern von Mebis enthalten, oder werden jedenfalls nicht von Mebis direkt an den Enduser ausgeliefert, sondern werden vom CDN abgefangen und dort abgehandelt - darum will man so etwas ja genau haben.\nDie eigenen Server generieren dann nur das dynamische HTML, benutzerspezifisch, das dann die ganzen großen, statischen Elemente referenziert, die von Cloudflare geliefert werden. Auf diese Weise braucht man am eigenen Server sehr viel weniger Bandbreite und Leistung.\nSind 28 Server viel oder wenig? 1.7 Millionen Schüler auf 28 Servern sind etwa 60k User pro Server. Ich kenne den Footprint von Mebis oder itslearning nicht, aber das ist für eine moderne Maschine möglicherweise nicht zu viel. Ein moderner Server kann alles von einer 3000-Euro-Blade mit zwei Xeon 4110 , 128 GB RAM und einem 10 GBit/s Netzwerkinterface sein, bis hin zu einer Dual EPYC 7502 mit 4TB RAM und mehreren 100 GBit/s Netzwerkkarten.\nZum Vergleich: Eine Freemail-Datenbank von web.de im Jahre 2004 (eine HP DL380 G3 oder vergleichbar, mit zwei frühen Xeon CPUs ) hat die Daten von circa einer Million Freemail-Kunden erfolgreich verwaltet. Jede von denen wurde mit einer Hand voll Frontend-Servern zusammen zu einem Cluster verpaart und hat dann fröhlich eine Million User verarbeitet (bei 25m Usern insgesamt und 8-9m unique Logins am Tag, damals). Nun ist Webmail unter Umständen eine kleinere Hausnummer als ein multimediales Lernsystem, aber wir haben seit 2004 auch ein paar Fortschritte bei der Systemleistung gemacht, wie oben dargestellt.\n28 Server ist also nicht vollkommen unrealistisch, je nachdem was die Anforderungen sind und was genau man dahinter stellt.\nEs erscheint wenig, wenn man auf AWS VM-Serverhäppchen groß geworden ist und nie einen richten Baremetal-Server ganz für sich allein gehabt hat. Aber man sollte dabei auch bedenken, daß wir den ganzen Quatsch mit Virtualisierung oder Kubernetes ja genau deswegen machen, weil die meisten Anwendungen nicht in der Lage sind, selbst eine kleine Maschine wie die o.a. 3000-Euro-Blade voll zu machen.\nUnd selbst wenn, wollte man das eventuell nicht, sondern die Anwendung stattdessen in drei oder mehr Instanzen aufteilen, die auf drei bis fünf Drittelservern laufen, der Ausfallsicherheit wegen.\nIst das alles teuer? Hardware ist übrigens unglaublich billig. Eine 3000 Euro-Blade braucht im Laufe ihres fünfjährigen Serverlebens (bei drei Jahren Abschreibungszeitraum) Strom, Klima und Rechenzentrumskosten für noch einmal ca. 3000 Euro, und ein wenig Kosten für Netz. Man landet bei 60 Monaten bei Serverkosten von bummelig 120-150 Euro pro Monat.\nZum Vergleich: Die o.a. Blade ist in etwa eine AWS EC2 m5.5xlarge, wenn es sie gäbe. Eine m5.4xlarge entspricht etwa einer halben solchen Blade und die kostet in Frankfurt on-demand ohne Rabatte (30 x 24 x 0.92 USD) = 662.40 USD ohne weitere Nebenkosten (Netz, EBS oder was man sonst noch braucht), also 1324.80 USD like-for-like.\nNiemand macht Cloud weil es billiger ist, im Gegenteil - man kann mit Mehrkosten von ca. 10x unrabattiert gegenüber einem effizient organisierten eigenen Rechenzentrum rechnen - falls man die Leute hat, und falls man die notwendige Größe hat, um sich so etwas leisten zu wollen. Unter 10k Servern (ca. 2+ Megawatt Stromverbrauch) würde ich aber eventuell gar nicht mal darüber nachdenken wollen.\nWieso fallen die Plattformen dann alle um? Das Bundesland Berlin hat nach dem Statistikserver des Landes circa 365k Schüler und noch einmal 87k Berufsschüler.\nDas braucht nicht nur eine gewisse Menge an Bandbreite, Speicher und Datenbank, um so viele Kunden abzufackeln, sondern auch ein getestetes und eingespieltes Systemdesign, das auf die Größe zugeschnitten sein muß.\nDazu machen es sich Schulen notlos schwer, falls sie weiter Frontalunterricht im Internet simulieren und insbesondere Unterrichtsbeginn und Login landesweit minutengenau synchronisieren. Das wäre, wenn man es so machte, ein selbst organisierter und durch ein Ministerium verordneter Eigen-DDoS. Mit dem Gong drücken alle Return und die Server fallen um.\nWie sich web.de mal selbst mit Userlogins ge-DoS-t hat Auch hier wieder eine 15 Jahre alte Geschichte von web.de:\nDie oben erwähnten Freemail-Datenbanken (25 davon in 25 Clustern) haben ein zentrales Gegenstück, die User-Datenbank. Dort sind alle 25 Millionen Freemail-User (und die zahlenden web.de Club User) verzeichnet. Der Stammdatensatz ist bummelig 1 KB groß und enthielt einen Haufen Felder, die sich nur sehr selten ändern.\nUnd er enthielt auch drei Lastlogin-Daten (web, IMAP und POP). Jedes dieser Felder ist ca. 4 Byte lang und sie stehen also an derselben Stelle in jedem User-Record, also etwa 1 KB weit auseinander. Die Datenbank hat Seiten von 8 KB Größe (es war damals ein rotes Oracle), es stehen also 6-8 User-Records in einer Datenbank-Seite.\nWenn sich jetzt also ein User anmeldet, dann wird dessen Record aktualisiert und eine Datenbankseite in der Datenbank ist \u0026ldquo;dirty\u0026rdquo; und muß irgendwann einmal zurück geschrieben werden. Falls sich in der Zeit bis zum Zurückschreiben noch ein User anmeldet, dann ist das gut, weil wir so zwei Updates zum Preis eines Writes bekommen.\nBei 8-9m Unique Logins pro Tag und einer Gleichverteilung der aktiven User über die Records kann man aber annehmen, daß alle Pages der Userdatenbank mindestens einmal am Tag zurück geschrieben werden müssen. Das war anstrengend für die Userdatenbank, hat aber unter normaler Last einigermaßen okay funktioniert.\nWenn es nun bei web.de zu irgendeiner Störung kam, dann kommt es dabei meist auch zu einem Verlust der Session-Caches mit den Login-Tokens und die User werden alle ausgeloggt.\nWas machen ausgeloggte User? Sie melden sich neu an.\nDabei werden die Lastlogind-Daten aller derzeit aktiven User aktualisiert und wir haben einige Millionen Logins in wenigen Minuten - und die User Datenbank macht dicke Backen und fällt um, weil sie es nicht schafft, so viele dirty pages in so kurzer Zeit zurück zu schreiben.\nJede beliebige Störung hatte also einen Ausfall der User Datenbank als Folgestörung, zwangsläufig.\nDas klingt so erzählt unmittelbar einleuchtend und ist auch leicht zu beheben, wenn man die Ursache identifiziert hat. Aber damals waren es mehrere Teams und einige Monate Arbeit, überhaupt zu verstehen, daß es sich um zwei Störungen handelt (die ursächliche Störung und den Folgefehler \u0026ldquo;UserDB überlastet\u0026rdquo;), und daß die 2. Störung immer dieselbe ist, egal was die ursächliche Störung war.\nDie Lösung ist übrigens recht einfach:\nMan zieht die volatilen Felder (die drei Lastlogin-Daten) aus den statischen Stammdaten raus und tut sie in eine einzelne Tabelle, die nur die User-ID und die drei Zeitstempel enthält. Das sind dann 25 Millionen Records von 16 Bytes plus Overhead, also eine Tabelle von 400-800 MB Größe statt vorher 25 Millionen Kilobyte, also 25 GB.\nMan hat also die Schreiblast für die Updates von 1024 Byte auf 16-32 Byte verkleinert, also um den Faktor 32-64 gesenkt. Das konnte die UserDB leicht abhandeln und das Problem trat nie wieder auf.\nWas hat das mit mebis und itslearning zu tun? Direkt nichts, aber es zeigt, daß die Skalierung von Anwendungen in der Regel nicht einfach mit \u0026ldquo;mehr Server\u0026rdquo; zu machen ist.\nSkalierung geht nicht allein am Reißbrett Eine Anwendung um den Faktor 10 zu skalieren heißt in der Regel, dieselben Deliverables mit einer komplett neu gemachten Architektur zu generieren. Ich habe in meinem Leben zwischen 1990 und 2005 viel Mail gemacht, für mich und meine Freundin (2), für einen kleinen Verein (20), für toppoint.de (200), für eine kleine Firma (2k), für Mobilcom.de (20k), ein Design für eine Ausschreibung bei hamburg.de (2m) und einige Jahre web.de (20m).\nDie Deliverables sind immer dieselben: SMTP, Antispam, Antivirus, Mailstore, IMAP, POP, Web, SMTP Auth+Submit. Die Architekturen und die Orgstrukturen unterscheiden sich in jeder dieser Ausbaustufen grundlegend, und das jeweils größere System wäre für den kleineren Fall heillos überdesigned, und das kleinere Design würde unter der Last des nächstgrößeren Anwendungsfalls zusammenbrechen oder zumindest sehr bedenklich knirschen und wackeln.\nWas genau die Knackpunkte sein werden sieht man aber vorher in der Regel nicht, sondern man muß es unter Last testen.\nSchlaue Leute gehen also nicht von Woche 50 mit 0 Usern auf Woche 51 mit 350k Usern. Das wird nirgendwo bei niemandem so reibungslos funktionieren.\nSchlaue Leute onboarden erst mal eine Gruppe freundliche Testkunden, bügeln die schlimmsten Probleme mit denen aus, dann ein mehrfaches dieser Gruppe in einem nächsten Schritt und so weiter. Dabei mit immer größeren Schritten und - wichtig - mit der Option innezuhalten und Dinge zu ändern, sobald sich Probleme und Engpässe manifestieren.\nDas geht natürlich nicht in einem Umfeld, das politisch Präsenzunterricht favorisiert und bei dem man die Technik nicht dauerhaft als lebenden Bestandteil in den normalen Unterricht integriert.\nSobald die Technik funktioniert beginnt die eigentliche Arbeit Zum Vergleich: Wo ich wohne ist die Schule meines Kindes (10) Bestandteil des Netzwerkes Jong Leren . Man verwendet Chromebooks mit Google Edu, und dazu kommen eine Reihe von externen Anwendungen, die sich gegen Edu authentisieren, aber unabhängig realisiert werden. Gynzy wird zum Beispiel verwendet, um Drillaufgaben zu automatisieren, also Rechnen, Kopfrechnen, Rechtschreibung und andere Dinge einzuüben, die auf Wiederholung basieren.\nIm März und auch jetzt wieder gab es deswegen keine großen Technikprobleme, sondern \u0026ldquo;nur\u0026rdquo; einen Haufen organisatorische Arbeit. Wir haben Glasfaser daheim (500 Mbit/500 MBit, feste IP, 63 Euro/mo) und die Schule hat natürlich auch eine angemessene Anbindung und managed Wi-Fi, damit die Chromebooks und elektronischen Wandtafeln stabil funktionieren.\nDie Server stehen natürlich nicht in der Schule, wo sie kaum stabil zu betreiben wären, sondern in einer Reihe von Clouds (Google und wo immer Gynzi und die anderen Anwendungen gehostet werden).\nEntsprechend beschränkte sich der technische Teil der Umstellung darauf, daß die Schule fragt, welche Schüler daheim keine angemessene Ausstattung haben und ob sie eventuell ein Chromebook nach Daheim mitnehmen müssen - wir nicht, das Kind hat sich auf seinem Notebook in Chrome vor langer Zeit schon eine Schul-Persona gemacht und wechselt zwischen seinen privaten Google-Accounts und seinem gemanagten Schulaccount frei hin und her.\nOrganisatorisch gab es eine Menge zu regeln und das war schwer genug - und Fernunterricht ist deutlich anders als Präsenzunterricht. In dieser 2. Runde haben sich die Jufen und Meester jetzt andere Dinge überlegt und es wird Arbeitsaufgaben zum Selbstabholen im Drive geben, zwei feste Walk-in Videosprechstunden für die Kinder und wahrscheinlich dann Termine nach Vereinbarung bei Fragen.\nWie neuer Stoff präsentiert werden wird weiß ich noch nicht, aber ich hoffe, daß man sich da an den einschlägigen Youtubern (Lehrer Schmidt , Max macht Musik und ähnliche) orientieren wird. Die Kinder werden also sehr viel freier und selbstständiger Stoff erarbeiten müssen, und bekommen dann hoffentlich gezielt und eher einzeln genau die Hilfe, die sie brauchen um weiter zu kommen. Es wird sich zeigen, wie sich das entwickelt und wie man von dort weiter iterieren wird.\nWie gesagt, die Umstellung bei uns ist kein technisches Problem, weil man die Technik sowieso schon seit Jahren jeden Tag verwendet. Das Problem ist eines einer komplett anderen Organisation und Unterrichtsmethodik (die sich bei jüngeren Kindern eventuell auch so nicht anwenden lässt), und die muß gefunden werden. Das ist auch ohne Technikprobleme nicht einfach.\nHätte man das nicht alles vermeiden können? Ja. Nein. Nein, eigentlich nicht.\nJa, klar, das ist alles nicht neu und nicht unerwartet. Andere Leute hatten diese Probleme schon und haben darüber geschrieben, viel und oft und mit hohem Detailgrad.\nNein, denn das sagt nichts, weil es nichts bedeutet. Ich habe anderswo einmal aufgeschrieben, wie mein Sohn das Wort \u0026ldquo;heiß\u0026rdquo; gelernt hat. Es war vor sieben Jahren, um die Weihnachtszeit, und sein drittes Wort. Er hat es gehört und nachgesprochen, aber es hat für ihn nichts bedeutet. Bis er in eine Kerze gefasst hat.\nIm Google SRE Buch ist ausführlich in mehr als einem Kapitel beschrieben, wie man Cubby/Zookeeper aufsetzt und nicht aufsetzt und warum man keinen globalen, firmenweiten Zookeeper haben kann oder will.\nWo ich arbeite haben wir gemeinsam und jeder für sich dieses Buch gelesen und verstanden (berührt die Stirn) und sind dann aus $GRÜNDEN trotzdem in so eine Situation geraten, mit den vorhersagbaren Resultaten. Wir wissen jetzt aus persönlicher Erfahrung (berührt Herz) wieso das keine Gute Idee war und warum man es anders haben will, und wir haben das verinnerlicht und machen das in Zukunft instinktiv (berührt Bauch) richtig.\nNein, eigentlich ließ sich das nicht vermeiden, denn Organisationen lernen so. Solche Fehlschläge sind auch wichtig, weil man jetzt gemeinsam geteilte Erfahrungen hat und auch aus der Krise weiß, welche Kollegen wie reagieren oder welche Kollegen schon vorher Ratschläge hatten, auf die man hätte hören sollen. Organisationen springen nicht, sie bewegen sich immer linear vorwärts, und das Beste was man erreichen kann ist ihr Gleiten umzulenken oder zu beschleunigen. \u0026ldquo;Sprunginnovationen\u0026rdquo; sind nie das Werk von größeren strukturierten Gruppen und Verwaltungen.\nJedenfalls glaube ich, daß jetzt in diversen Bundesländern auch Leute mit einem nassen Lappen neben anderen Leuten sitzen, die brennende Server haben löschen müssen. \u0026ldquo;Heiß!\u0026rdquo; sagen sie und deuten auf den Server. \u0026ldquo;Heiß!\u0026rdquo; sagen die Admins mit den verbrannten Fingern und nicken wissend.\nOder, wie Terry Pratchett sagt \u0026ldquo;Pan Narrans\u0026rdquo;, the story telling ape, instead of \u0026ldquo;Homo sapiens\u0026rdquo;, thinking man.\nTesting in Production Die beste Simulation von Schülerhordern auf einem Medienserver sind\u0026hellip; Schülerhorden auf einem Medienserver.\nDaher sollte man nicht nur graduell onboarden, sondern auch die Schülerhorden dann jeden Tag auf dem Server haben, und nicht nur wenn gerade Pandemie ist. Nur so kann man jeden Tag und nach jedem Upgrade und jedem Change wissen, daß man ein System hat, das funktioniert. Nur so kann man realistisch Kapazität messen. Und nur so kann man ein Team von Admins haben, das mit kleinen Störungen jeden Tag Erfahrungen gesammelt hat, daß große Störungen keine unerwartete Herausforderung mehr sind.\nTesting in Production und Testing with Production sorgt dafür, daß man Methoden und Architekturen entwickelt, die Survivability eingebaut haben, bei denen also die Struktur des Systems dafür sorgt, daß Fehler und Mißgeschicke sich auf eine Weise manifestieren, von der man sich erholen kann.\nIch bin nur froh, daß ich nicht die Person bin, die einer Öffentlichen Verwaltung beibringen muß so zu arbeiten, auch wenn ich glaube, daß es die einzige Arbeitsweise ist, die für so eine Problemstellung Erfolg haben kann\u0026hellip;\n","date":"2020-12-17T00:00:00Z","href":"https://blog.koehntopp.info/2020/12/17/der-testing-in-production-blues.html","tags":["lang_de","bildung","politik"],"title":"Der Testing-in-Production-Blues"},{"categories":null,"content":"So this happened: CentOS Project shifts focus to CentOS Stream The future of the CentOS Project is CentOS Stream, and over the next year we’ll be shifting focus from CentOS Linux, the rebuild of Red Hat Enterprise Linux (RHEL), to CentOS Stream, which tracks just ahead of a current RHEL release. CentOS Linux 8, as a rebuild of RHEL 8, will end at the end of 2021. CentOS Stream continues after that date, serving as the upstream (development) branch of Red Hat Enterprise Linux.\nAnd a lot of people react like this:\nOracle buys Sun: Solaris Unix, Sun servers/workstation, and MySQL went to /dev/null. IBM buys Red Hat: CentOS is going to \u0026gt;/dev/null. Note to self: If a big vendor such as Oracle, IBM, MS, and others buys your fav software, start the migration procedure ASAP. (Tweet )\nSo it seems my opinion is the unpopular one: CentOS switching to Stream is not bad at all.\nWhen you wanted to run Openstack on CentOS in 2015, you needed to enable RDO to even begin an install. The first thing this did was literally replace every single package in the install. That was, because CentOS at that time was literally making Debian Stale look young.\nAnd we see similar problems with Ubuntu LTS, for what it\u0026rsquo;s worth. Ubuntu LTS comes out every 2 years, and that\u0026rsquo;s kind of ok-ish, but it lasts 5 years, which is nonsensical. It was not, in the past.\nSo what changed? Software Development.\nWe have been moving to a platform based development approach, leveraging the wins from DevOps.\n\u0026ldquo;Kris, that\u0026rsquo;s corporate bullshit.\u0026rdquo; It\u0026rsquo;s not, though. Let me spell it out in plain for you.\nProgramming languages are platforms powered by tools People these days do not program in an editor, with a compiler.\nThey use Github or Gitlab, with many integrations, and a local IDE. They commit to a VCS (git, actually, the world converged on one single VCS), and trigger a bunch of things. Typechecks, Reformatters, Tests, but also Code Quality Metrics, and Security Scanners.\nEven starting a new programming language in 2020 is not as easy as it was in the past. Having a language is not enough, because you do not only need a language and maybe a standard library, but also a JetBrains Product supporting it, SonarQube support, XRay integration, gitlab-ci.yml examples and so on. Basically, there is a huge infrastructure system designed to support development and whatever you start needs to fit into it, right from the start.\nThat is, because we have come to rely on an entire ecosystem of tooling to make our developers faster, and to enforce uniform standards across the group. And that is a good thing, which can help us to become better programmers.\nGithub and Gitlab are tools for conversations about code among developers We also have come to rely on tooling to enable collaboration, and structured discussion about code, since we as programmers no longer work alone. A good part of the value of Gitlab, Github and similar is enabling useful cooperation between developers, in ways that Developers value.\nAnother good part of the value is extracted at the production end of these platforms: We produce artifacts of builds, automatically and in reproducible ways.\nWhich includes also knowing things about these artifacts - for example, what went into producing them and being able to report on these things:\nDependencies Licenses Versions Vulnerabilities Commit frequency and time to fix for each dependency, abandonware alert and many more things. Using the repositories and proper processes and one other ingredient, we have made rollouts and rollbacks an automated and uniform procedure. That is, provided we find a way to manage and evolve persisted state properly.\nCompared to the hand crafted bespoke rollout and rollback procedures of the 2010s, this is tremendous progress.\nImmutable infrastructure, and reproducible builds This one other ingredient is immutable infrastructure.\nIt is the basic idea that we do no longer manipulate the state of the base image we run our code on, ever, after it is deployed. It\u0026rsquo;s basically death to Puppet and its likes.\nInstead we change the build process, producing immutable images, and quickly rebuild and redeploy. We deploy the base image, and then supply secrets, runtime config and control config in other, more appropriate ways. Things like Vault, a consensus system such as Zookeeper, or similar mechanisms come to mind. It allows us to orchestrate change across a fleet of instances, all alike, in a way that guarantees consistency across our fleet, in an age where all computing has become distributed computing.\nThe same thinking can be applied to the actual base operating system of the host, where we remove application installs completely from the base operating system. Instead we provide a mechanism to mount and unmount application installs, including their dependencies, in the form of virtual machine images, container images or serverless function deployments (also containers, but with fewer buttons).\nAs a consequence, everything becomes single-user, single-tenant - one image contains only Postgres, another one only your static images webserver (images supplied from an external mountable volume), and a third one only your production Python application plus runtime environment. With only one thing in the container, Linux UIDs no longer have a useful separation function, and other isolation and separation mechanisms take their place:\nvirtualization, CGroups, Namespaces, Seccomp, and similar. They are arguably more powerful, anyway.\nThis also forms a kind of argument in the great \u0026ldquo;Is curlbash or even sudo curlbash still a bad thing?\u0026rdquo; debate of our times, but I am unsure which (I\u0026rsquo;m not: in a single-user single-tenant environment curlbashing into that environment should not be a security problem, but you get problems proving the provenance of your code. Which you would not have, had you used another, less casual method of acquiring that dependency).\nImages as building blocks for applications So now we can use entire applications, with configuration provided and injected at runtime, to construct services, and we can add relatively tiny bits of our own code to build our own services on top of existing services, provided by the environment. We get Helm Charts for Kubernetes, we get The Serverless Sea Change , and Step Functions. We also get Nocode, Codeless or similar attempts at building certain things only from services without actual coding.\nBut it is more pervasive than this:\nThe Unifi Control Plane uses multiple Java processes and one Mongodb. It can be dockered into one container, or can be provided as helm chart or as a docker-compose with multiple containers, for better scalability and maintenance. The gitlab Omnibus uses a single container, again, with Postgres, Redis and a lot of internal state plus Chef to deploy about a dozen components, but differentiated deploys for the individual components in a K8s context also exist. Things like a Jitsi setup can be packaged into a single, relatively simple docker-compose.yml, and will assemble themselves from images mostly automatically. The result will run on almost any operating system substrate, as long as it provides a Linux kernel syscall interface. Fighting Conway\u0026rsquo;s law At that is kind of the point: By packing all dependencies into the container or VM image itself, the base operating system hardly matters any more. It allows us to move on, each on their own speed, on a per-project basis.\nThe project will bring its own database, cache, runtime and libraries with itself, without version conflicts, and without waiting for the distro to upgrade them, or to provide them at all. Conversely it allows the Distro to move to Stream: They are finally free from slow moving OSS projects preventing them from upgrading local components, because one of them is not yet ready to move.\nEven teams in the Enterprise are now free to move at their own speed, because they no longer have to wait for half a dozen stakeholders ot get to the Technical Debt Section of their backlog.\nThe main point is, in my opinion, that it is okay and normal for the application to use a different \u0026ldquo;No longer a full OS\u0026rdquo; than what the host uses. In acknowledging that both can reduce scope and size, and optimize. This is a good thing, and will speed up development.\nSo in a world where components and their dependencies are being packaged as single-user single-tenancy units of execution (virtual machines, containers and the like), CentOS moving to Streams is not only acknowledging that change, it also forced the slower half of the world to acknowledge this, and to embrace it.\nI say: This is a good thing.\nAnd if you rant \u0026ldquo;Stability goes out of the window!\u0026rdquo; - check your calendar and your processes.\nIt\u0026rsquo;s 2020. Act like it. One of the major innovations in how we do computers in the last decade has been establishing the beginnings of a certifiable process for building the things we run.\nOr, as [Christoph Petrausch](Christoph Petrausch) puts it in this tweet : \u0026ldquo;If your compliance is based on certifying the running end product instead of the process that built it, your organisation will not be able to keep up with the development speed of others.\u0026rdquo;\nEdit: Some Enterprise So after careful Enterprise wide checking, it turns out that in fact nobody at work at this point is adverse to converting from CentOS 7 and CentOS 8 to CentOS Stream.\n\u0026ldquo;We are already on a rolling release, kind of, with the security mandated patching strategy and the time limits this imposes.\u0026rdquo; \u0026ldquo;Where we are on image based workflows in VMs and containers, we do not really care about the base operating system image or the packaging and configuration tooling used by it; outside of the requirements of some security scanning tools.\u0026rdquo; \u0026ldquo;Each team basically takes a base operating system image, and then replaces the critical components for their workloads with their own images. Kernel, language platforms, web servers and the likes get replaced at the team level accoding to their need.\u0026rdquo; \u0026ldquo;In general, even Stream as a rolling release will be too slow to provide the packages we need for these teams. They will still need to modify the base OS images themselves. Maybe a few teams exist that can profit from Stream.\u0026rdquo; \u0026ldquo;We will be checking in on the state of Stream on a quarterly basis. We do still have dependencies on RPM and Puppet, but we expect both to go away within three years, anyway.\u0026rdquo; \u0026ldquo;For containerized workloads the vector is distroless in the guest, and the host OS is not carrying any workload besides the container system anyway.\u0026rdquo; So we will see how that goes, in quarterly intervals, and we will be past the point of caring much in three years time.\n","date":"2020-12-09T00:00:00Z","href":"https://blog.koehntopp.info/2020/12/09/embracing-the-stream.html","tags":["lang_en","devops"],"title":"Embracing the Stream"},{"categories":null,"content":"The tables in PERFORMANCE_SCHEMA (P_S) are not actually tables. You should not think of them as tables, even if your SQL works on them. You should not JOIN them, and you should not GROUP or ORDER BY them.\nUnlocked memory buffers without indexes The stuff in P_S has been created with \u0026ldquo;keep the impact on production small\u0026rdquo; in mind. That is, from a users point of view, you can think of them as unlocked memory buffers - the values in there change as you look at them, and there are precisely zero stability guarantees.\nThere are also no indexes (EDIT: There actually are secondary indexes on P_S tables in MySQL 8, see below).\nUnstable comparisons When sorting a table for a GROUP BY or ORDER BY, it may be necessary to compare the value of one row to other rows multiple times in order to determine where the row goes. The value compared to other rows can change while this happens, and will change more often the more load the server has. The end result is unstable. Also, as the table you sort may be larger on a server under load, the row may need more comparisons, making this even more likely to happen.\nThe table you look at may produce correct results on your stable, underutilized test systems, but the monitoring you base on this will fail on a loaded test system.\nDo not use GROUP BY or ORDER BY on P_S tables.\nNo indexes, meaning slow joins on loaded systems When JOINing a P_S table against other tables, the join is done without indexes (in MySQL up to and including 5.7). There are no indexes defined in P_S before MySQL 8.\nIn practice that means your join against the processlist or session variables tables in P_S do little harm in test, but will fail in production environments with many connections. You will be losing monitoring the moment you need it most - under load, in critital situations.\nDo not JOIN P_S tables to anything.\nHow to monitor About the only type of query you can reliably run on P_S is a single table SELECT * FROM P_S.table, maybe with a simple WHERE clause. That is, you can download and materialize data from a single P_S table at a time, unsorted, unaggregated.\nConnection to other tables, aggregation and sorting should be done on tables that are not P_S tables.\nThere are multiple ways to do this.\nSubqueries, without optimization It used to be that the MySQL optimizer did not resolve simple subqueries properly. So\nmysql\u0026gt; select \u0026lt;complicated stuff\u0026gt; from -\u0026gt; ( select * from performance_schema.sometable ) as t -\u0026gt; order by \u0026lt;something\u0026gt; used to work. The subquery t would materialize the P_S table as whatever your version of MYSQL used for implicit temporary tables, and the rest of the query resolution would happen on the materialized temptable. This is a snapshot, and would be stable.\nAnd it still would not add up to 100%, of course. That is, queries like Dennis Kaarsemakers \u0026ldquo;How loaded is the SQL_THREAD\u0026rdquo; Replication Load analysis never came out at 100%, because the various values changed while the temporary table would be materialized, so you do not get a consistent snapshot (and by construction, this kind of consistency is impossible in P_S).\nAnyway, with older versions of MySQL, this results in the query plan we want. Starting with MySQL 5.7, this does no longer work, because the optimizer became too smart. :-)\nmysql\u0026gt; select version(); +-----------+ | version() | +-----------+ | 8.0.22 | +-----------+ 1 row in set (0.00 sec) mysql\u0026gt; explain select * from ( select * from processlist ) as t; +----+-------------+-------------+------------+------+---------------+------+---------+------+------+----------+-------+ | id | select_type | table | partitions | type | possible_keys | key | key_len | ref | rows | filtered | Extra | +----+-------------+-------------+------------+------+---------------+------+---------+------+------+----------+-------+ | 1 | SIMPLE | processlist | NULL | ALL | NULL | NULL | NULL | NULL | 256 | 100.00 | NULL | +----+-------------+-------------+------------+------+---------------+------+---------+------+------+----------+-------+ 1 row in set, 1 warning (0.00 sec) Newer MySQL (5.7 and above) will apply the derived_merge optimization and fold the subquery into the outer query, resulting in a rewritten single query that again is executed on P_S directly. This is extremely useful, but in this one particular case precisely not what we want.\nYou either need to SET SESSION optimizer_switch = \u0026quot;derived_merge=off\u0026quot;; or provide an advanced MySQL 8 optimizer hint to prevent the optimizer from ruining your cunning plan:\nmysql\u0026gt; explain select /*+ NO_MERGE(t) */ * from ( select * from processlist ) as t; +----+-------------+-------------+------------+------+---------------+------+---------+------+------+----------+-------+ | id | select_type | table | partitions | type | possible_keys | key | key_len | ref | rows | filtered | Extra | +----+-------------+-------------+------------+------+---------------+------+---------+------+------+----------+-------+ | 1 | PRIMARY | \u0026lt;derived2\u0026gt; | NULL | ALL | NULL | NULL | NULL | NULL | 256 | 100.00 | NULL | | 2 | DERIVED | processlist | NULL | ALL | NULL | NULL | NULL | NULL | 256 | 100.00 | NULL | +----+-------------+-------------+------------+------+---------------+------+---------+------+------+----------+-------+ Here we get the DERIVED table as a non-P_S temptable, and then run our \u0026ldquo;advanced\u0026rdquo; SQL on that as PRIMARY on it.\nIn the client The alternative is, of course, to completely download the tables in question into client side hashes, and then perform the required operations on them on the client side, in memory. The important thing here is to limit the amount of memory spent - do not download unconstrained result sets into your client monitoring program.\nThen use a linearly scaling join method to construct the connections between the tables. Effectively, load data into hashes, and then program a client side hash join. This is additive (n + m) instead of quadratic (n * m), so you can survive this.\nThis is the recommended method.\nWho is doing it wrong? Getting monitoring queries that use P_S wrongly is common - it understands SQL, it handles SHOW CREATE TABLE, so it is treated as a table and exposed to full SQL all the time. And on idle test boxen, it even looks like it works.\nAt work, see this in our own code (still using a deprecated Diamond collector) and in SolarWinds nee Vividcortex.\nSolarWinds kindly highlights itself:\n-- Most time consuming query - Coming from solar winds monitoring itself ¯\\_(ツ)_/¯ select `ifnull` (`s`.`sql_text` , ?) , `ifnull` (`t`.`processlist_user` , ?) , `ifnull` (`t`.`processlist_host` , ?) from `performance_schema`.`events_statements_history` `s` left join `performance_schema`.`threads` `t` using (`thread_id`) where `s`.`thread_id`=? and `s`.`event_id`=? -- Coming from the \u0026#34;table ownership write identifier\u0026#34;. select count (*) as `cnt` , `digest_text` , `current_schema` , `processlist_user` as system_user from `performance_schema`.`events_statements_history` `esh` inner join `performance_schema`.`threads` `t` on `t`.`thread_id`=`esh`.`thread_id` where `event_name` in (...) and `current_schema` in (...) group by `digest_text` , `current_schema` , `processlist_user` -- Coming from diamond collector select `t`.`processlist_user` , `sbt`.`variable_value` , count (*) from `performance_schema`.`status_by_thread` `sbt` join `performance_schema`.`threads` `t` using (`thread_id`) where `sbt`.`variable_name`=? and `t`.`processlist_user` is not null group by `t`.`processlist_user` , `variable_value` Many of the above examples fail in multiple ways: Using JOIN for bad scalability (this is how we spotted them), at least before MySQL 8 (and you probably want your monitoring to work anywhere). Some are also using unstable sorting.\nWe also see ORDER BY statements in the Telegraf MySQL plugin in one place. It uses LIMIT, but if the ORDER BY does not work (ie does not actually sort), you cut off randomly.\nIs PERFORMANCE_SCHEMA broken? Clearly, it is not. Just badly misunderstood.\nThe alternative is INFORMATION_SCHEMA, which often locks, and that can be actually deadly:\nJust select * from INFORMATION_SCHEMA.INNODB_BUFFER_PAGE on a server with a few hundreds of GB of buffer pool, humming at 10k QPS. The query will freeze the server completely for the runtime of the query – which with a large buffer pool size can be substantial.\nI\u0026rsquo;d rather have this in P_S and then deal with the vagaries of the data changing while I read it than lose an important production server. So P_S is much better than I_S, provided that you ask it in the right way.\nAddendum Both Øystein Grøvlen and Mark Leith remind me that in MySQL 8 we geht secondary indexes on P_S - this will address some of the problematic queries above and will need some research on my side.\nThe sorting is still complicated. Øystein writes :\nIt depends on the sort algorithm used by MySQL. Many sorts will add all requested columns to the sort buffer, and will not need to fetch anything from the tables after sorting, but it depends on the size of the sort buffer and how much data needs to be fetched.\nSo there are some sorts that are stable, and some sorts that will always be unstable (those that work with bloblike columns such as SQL_TEXT or DIGEST_TEXT likely), but it is really hard to see this when looking at the query.\nI still maintain my advice of forcing stable copies with subselects and NO_MERGE() hints - this is much easier to teach and guaranteed to be stable.\nAnother addendum In a tweet Justin Swanhart pointed me at PS_HISTORY , which makes snapshots of P_S that try to be as consistent as possible.\nIt will allow you to replay and review old P_S states and query them, and it will - if you configure it - also automatically expire the old recordings. It may be useful as a kind of flight recorder to debug performance problems that cannot otherwise reproduced.\n","date":"2020-12-01T00:00:00Z","href":"https://blog.koehntopp.info/2020/12/01/not-joining-on-performance-schema.html","tags":["lang_en","mysql"],"title":"Not JOINing on PERFORMANCE_SCHEMA"},{"categories":null,"content":"There was a question at work about MySQL backups and restore. I needed to explain more.\nWe use databases to make state persistent. That is: As a developer you can think of your database as a single giant, structured global variable with a weird access method, and to make things worse, concurrent access.\nA database is just a global variable to your code\nWe can log statements that change the state of our database in a log. In MySQL, we call this The Binlog.\nMaking a change to the database, and logging the data changing statement to the binlog.\nWhen we make a full backup of the database, we just copy away all tables in the data directory while the database does not change. This can be achieved by simply taking the server offline during the copy, or using more elegant methods that do not interrupt production, yet still look the same when done.\nIf the database does not change while we make the backup, the backup is internally referentially consistent, and it is associated with exactly one binlog position. And to keep things simple, the binlog position is just the pair (newest binlog filename, file length). So a binlog position looks like (binlog.000004, 7625) or similar.\nThe server will periodically start new binlogs: When it becomes too large, when the server restarts, or when we ask it to do so using a FLUSH BINARY LOGS command.\nEvery transaction that changes data is being assigned a unique binlog position, and this way we also get a total order of all transactions (and that is becoming a problem later in the game).\nWe can see the binlog position as the internal clock of the database: Whenever something changes in the database, it is written to the binlog. Each transaction is assigned a unique binlog position, and thus, transactions also have a total order.\nWhen we restore from a backup, we are at the backups binlog position of the past, and can then replay statements – beginning with the backups position – to roll forward, until we are at the desired position.\nWe can use the binlog to replay history\nWhat the desired position exactly is depends a bit on the problem: If we issued a command we wish we had not, the desired position is, of course, exactly before this statement. We then skip the undesirable statement.\nHow we continue after that statement depends on what that statement was. But if we are lucky we can simply continue to replay statements unchanged.\nIn complicated cases (We might have changed a table definition wrongly) we might need to replace the content of the binlog with alternate, edited statements. In any case we create a new, different and edited timeline that does not contain the mistake we made.\nReplication is an ongoing live Restore As early as MySQL 3.23.15 from May 2000, we have replication:\nWe restore our original servers\u0026rsquo; data directory to a new machine, effectively cloning it. We tell our clone the binlog position of the parent server it was created from. We tell this new machine where the parent server is, and give it credentials to log in to that parent. The cloned server will then log in to the parent, download the binlog as it is written, and apply it. This is exactly the same process as with a restore and then applying the binlog that has been created since the backup was made. But with replication, it is live and ongoing as new binlog is being created. As a result, we get a cloned server that executes the same statements as its upstream parent, keeping its internal state a mirror copy of the parent.\nWe called the parent server a master back then, and a primary or source server these days. The cloned server was a slave back then and is now a replica.\nOf course this simplistic approach has all kinds of problems, which then got corrected over time, making replication better, but also more complicated.\nSplitting Threads Early replication had a single thread downloading statements, and then applying them. Of course, some statements take longer than others to execute: a large ALTER TABLE can take hours to run, depending on the size of the table being altered. During that time replication stops and the binlog does not even leave the source server. This is a bit unfortunate should the source fail during that time.\nSo the very first thing that got changed is splitting the replication thread in two: The IO_THREAD downloads data from the source as quickly as possible, and writes it to the replica as the relay log. Even when the source goes down we still have our local copy.\nThe SQL_THREAD then reads the relay log and executes it in sequence, strictly maintaining transaction order. Whenever it finishes a relay log, it can delete that file and turn to the next one.\nThis logic, at the core, is unchanged even today:\nSimple, asynchronous replication as seen even today.\nAsynchronous and Semi-Synchronous Replication We call this kind of replication asynchronous: There is no feedback channel from the replica to the source, and consequently no way for the source to delay the commit and have the application wait until the data has left the machine.\nAsynchronous replication scales well, even across long distance links: Applications write to the primary, and don’t wait. The replicas log into the source, download the binlogs and will eventually execute it locally on the replica. Applications reading from the replicas will read outdated state until the replica comes around and catches up.\nThe main risk is the source going down due to a fault before the binlog has been copied off. So one innovation is to make the source delay the commit until at least one copy exists on a replica.\nFor that we need add a communication mechanism to the replica, in which it can signal that is has read a transaction from the binary log, and committed it to the local relay log. Only when the transaction is persisted to disk on the replica, in the relay log, we signal the source, which then lets the transaction commit finish so that the application can continue.\nSemi-Synchronous Replication is Asynchronous Replication with added delays on the commit.\nThis is Semi-Synchronous Replication, SSR, in MySQL, and it comes with a number of caveats:\nSSR has a timeout. If a transaction is not acknowledged in time, a message is error logged and the server reverts to regular asynchronous replication. It will flip back to SSR once a replica responds within the timeout window. If a source has zero replicas and a really high timeout, it never receives an acknowledgement, and will essentially block all applications. If your requirement is “transactions must be persisted on more than a single machine to be valid”, this is the desired behaviour. If your requirement is “It is more important to persist things at all than to ever hang the business”, then ASR is better than SSR for your use case. Nonetheless, we have plenty of outages because of this: primary servers ending up with zero replicas due to bugs or circumstances. SSR guarantees that at least one more copy of the transaction exists, but it does not say where. To build a resilient system, you need orchestration to find out where, and make sure you fail to that machine in order to be able to continue. We are using a special program for this kind of orchestration, and it is being ingeniously called MySQL Orchestrator . Depending on where your replicas reside, the most advanced replica server may be in the same data center or AZ as the source. In a scenario where the entire AZ fails this does not help you at all. Statement and Row Based Replication MySQL\u0026rsquo;s replication logs statements to the binlog. Unfortunately, not all statements are actually replay-able, because they may not be deterministic.\nMySQL knows this, and for the obvious cases logs additional code that makes them deterministic.\nkris@localhost [kris]\u0026gt; flush binary logs; Query OK, 0 rows affected (0.02 sec) kris@localhost [kris]\u0026gt; create table t ( d double ); insert into t values (rand()); select d from t; Query OK, 0 rows affected (0.11 sec) Query OK, 1 row affected, 1 warning (0.03 sec) Note (Code 1592): Unsafe statement written to the binary log using statement format since BINLOG_FORMAT = STATEMENT. Statement is unsafe because it uses a system function that may return a different value on the slave. +--------------------+ | d | +--------------------+ | 0.8351237492962962 | +--------------------+ 1 row in set (0.00 sec) In the binlog, we find (editing out the cruft):\n$ mysqlbinlog binlog.000043 ... #201127 10:45:02 server id 1 end_log_pos 548 CRC32 0x1b4b14a9 Rand SET @@RAND_SEED1=850981370, @@RAND_SEED2=491246833/*!*/; #201127 10:45:02 server id 1 end_log_pos 654 CRC32 0xa57c1606 Query thread_id=229860 exec_time=0 error_code=0 SET TIMESTAMP=1606470302/*!*/; insert into t values (rand()); ... What is being logged is\nThe RAND_SEED values to make the statement deterministic. The timestamp of the server when executing the statement (this will also make the NOW() function deterministic). The actual statement. Despite the warning, this replicates well, and has done so for the last 20 years. What does not replicate well at all, ever, is stuff like UPDATE t SET x = x+1 LIMIT 10. As this lacks an ORDER BY clause, the server is free to order the row updates as it wishes, and can (and in NDB cluster actually will!) update 10 random rows, different ones on each instance of replication. It is the LIMIT clause that makes this non-deterministic.\nNow that limitations of this approach are clear, we can see: We would be better off with logging the rows changed, instead of logging the statements that change them.\nCounterintuitively, for the workloads we have at work, this is also 50% to 66% smaller than the statement itself, even before optimisation and compression.\nUsing Row Based Replication Let’s do this:\nkris@localhost [kris]\u0026gt; set binlog_format = row; Query OK, 0 rows affected (0.00 sec) kris@localhost [kris]\u0026gt; drop table t; Query OK, 0 rows affected (0.03 sec) kris@localhost [kris]\u0026gt; flush binary logs; Query OK, 0 rows affected (0.03 sec) kris@localhost [kris]\u0026gt; create table t ( d double ); insert into t values (rand()); select d from t; Query OK, 0 rows affected (0.05 sec) Query OK, 1 row affected (0.01 sec) +--------------------+ | d | +--------------------+ | 0.7980042936261783 | +--------------------+ 1 row in set (0.00 sec) We find:\n$ mysqlbinlog binlog.000043 ... #201127 10:53:43 server id 1 end_log_pos 598 CRC32 0xdae6423f Write_rows: table id 233 flags: STMT_END_F BINLOG \u0026#39; p8zAXxMBAAAAMAAAAAAAAAAAAOkAAAAAAAEABGtyaXMAAXQAAQUBCAEBAQCZVfvm p8zAXx4BAAAALAAAAAAAAAAAAOkAAAAAAAEAAgAB/wABJeZMQInpPz9C5to= \u0026#39;/*!*/; # at 598 ... (You would need to run mysqlbinlog -vvv to have the mysqlbinlog command decode the BASE64 for you).\nRow Based Replication logs Row Events. mysqlbinlog presents them as a special BINLOG statement to make it possible to feed the output to another server.\nSo in order to be able to represent a Row Events as a statement that can be replayed in another server, MySQL implemented a BINLOG statement, which takes a single parameter. The parameter is a BASE64 encoded pre- and post-image of the row, a kind of binary patch to the data in the table.\nSeeing this, I should be able to take this BINLOG statement and run it on the command line of my client:\nkris@localhost [kris]\u0026gt; BINLOG \u0026#39; \u0026#39;\u0026gt; p8zAXxMBAAAAMAAAAAAAAAAAAOkAAAAAAAEABGtyaXMAAXQAAQUBCAEBAQCZVfvm \u0026#39;\u0026gt; p8zAXx4BAAAALAAAAAAAAAAAAOkAAAAAAAEAAgAB/wABJeZMQInpPz9C5to= \u0026#39;\u0026gt; \u0026#39;/*!*/; ERROR 1609 (HY000): The BINLOG statement of type `Table_map` was not preceded by a format description BINLOG statement. To make a long story short: If you go back and pick up the preceding BINLOG command earlier in the binlog, and then this one, it actually works.\nAlso interesting: In the earliest versions of MySQL with Row Based logs, the BINLOG command lacked all access controls. By handcrafting the appropriate patches, anybody could change any data anywhere with any permissions - MySQL did not anticipate that somebody would take replication-only special commands and run them on a regular command line. This bug is now a long time fixed.\nRow Based Replication and Filters Since the earliest days of replication, we could filter the binlog on the primary (using binlog-do-* config directives) and the relay log on the replica (using replicate-do-* config directives).\nFiltering the binlog is never a good idea: It will break your ability to perform point-in-time restores. Filtering the relay log can be done, but most of the config directives that do this are broken:\nreplicate-do-db and replicate-ignore-db are matching the current database in statement based replication, and the actual statements\u0026rsquo; database in row based replication. The statement use a; insert into b.t values (...); will be filtered differently in SBR than in RBR under a replicate-do-db=a rule. With the default setting of row-format=MIXED, the behavior is random, depending on the row format chosen by mysql. replicate-do/ignore-table are tedious, they require you to state each table explicitly, and nobody really wants to use them/ replicate-wild-do/ignore-table work in SBR and RBR, but precedence is complicated, and it is advisable to use either only positive or only negative logic. With group replication, which we do not discuss here, any filtering will break consistency in the group, so any filters are forbidden.\nThe summary of all that is basically: Don\u0026rsquo;t use binlog or replication filters, but if you have to, it\u0026rsquo;s best to stick to either replicate-wild-do-table or replicate-wild-ignore-table.\nRow Based Replication and BLOB columns Row Based Replication also fails in other interesting ways: Consider a table with a BLOB and a counter.\nkris@localhost [kris]\u0026gt; create table t ( id integer, cnt integer, b blob ); Query OK, 0 rows affected (0.05 sec) When you increment the counter, the entire row is logged, twice: Once as a pre-image, and once again as a post-image. You end up with 4 bytes integer changing, but two full copies of the BLOB, which can be very large.\nThis is how we got the setting binlog-row-image, which can be FULL (the default), NOBLOB or MINIMAL. In NOBLOB mode, blobs and text fields are not logged unless they change. In MINIMAL mode, the pre-image contains only the primary key, and the post-image contains only the changed fields new values.\nWe can use RBR in FULL mode, not only for replication, but also for Change Data Capture, to feed Hadoop and Kafka with it. On the other hand, with replication chains that are blobby require NOBLOB or MINIMAL mode to not die on us.\nRow Based Replication and Primary Keys On the replica, the RBR image needs to be applied. For this, the replica needs to find the row. It uses the pre-image to do this, and when the table has no primary key defined, this can be slow - it ends up being a full table scan.\nThis is another fun cause of replication delay: Having a table of even moderate size without a primary key in a replication chain that uses RBR will delay the replica, and it will look very busy. The replica will eat a lot of CPU doing in-memory scans to find rows to change, in the most inefficient way possible.\nMore complications… Arriving at this stage took MySQL around 10 years:\nWe can now reliably replicate, and build simple replication trees that are one level deep. Because of the relay log, binlog positions for the same statement vary between servers - transactions are locally renumbered. We can replicate, but the SQL_THREAD is a bottleneck: Replication is single-threaded. We still don’t have distributed transactions, or a way to handle writes to different primary servers. It has taken MySQL another 10 years of changes to improve on this, with Global Transaction IDs, Parallel Replication and Group Replication, but that is for another article.\nThis article is continued in Parallel Replication .\n","date":"2020-11-27T00:00:00Z","href":"https://blog.koehntopp.info/2020/11/27/backups-and-replication.html","tags":["lang_en","mysql","mysqldev","replication"],"title":"MySQL: Backups and Replication"},{"categories":null,"content":"These installation notes are mostly a note to myself, documenting the installation process of a Gitlab Omnibus Container in Docker, plus Gitlab Runners.\nOS Setup We are installing into /export/gitlab, a 10G xfs slice from the local flash pool:\n# lvcreate -n gitlab -L 10G data # mkfs -t xfs /dev/data/gitlab # mkdir /export/gitlab # mount /dev/data/gitlab /export/gitlab # echo \u0026#34;/dev/data/gitlab\\t/export/gitlab\\txfs\\tbsdgroups,usrquota,grpquota,attr2,nofail,noatime 1 2\u0026#34; \u0026gt;\u0026gt; /etc/fstab # mkdir /export/gitlab/{gitlab,gitlab-runner} # mkdir /export/gitlab/gitlab/{config,data,logs} Docker We are using docker-compose to run this, with a .env (dotenv) like so:\n# cat .env GITLAB_HOME=/export/gitlab/gitlab GITLAB_DOMAIN=gitlab.home.koehntopp.de GITLAB_HTTP_PORT=81 GITLAB_HTTPS_PORT=444 GITLAB_SSH_PORT=2222 And a docker-compose.yaml like so:\n--- version: \u0026#34;3\u0026#34; services: web: container_name: \u0026#34;gitlab\u0026#34; hostname: \u0026#34;gitlab\u0026#34; image: \u0026#34;gitlab/gitlab-ce:latest\u0026#34; restart: always hostname: \u0026#34;${GITLAB_DOMAIN}\u0026#34; environment: GITLAB_OMNIBUS_CONFIG: | external_url \u0026#34;https://gitlab.home.koehntopp.de\u0026#34; ports: - \u0026#39;${GITLAB_HTTP_PORT}:80\u0026#39; - \u0026#39;${GITLAB_HTTPS_PORT}:443\u0026#39; - \u0026#39;${GITLAB_SSH_PORT}:22\u0026#39; volumes: - \u0026#39;${GITLAB_HOME}/config:/etc/gitlab\u0026#39; - \u0026#39;${GITLAB_HOME}/logs:/var/log/gitlab\u0026#39; - \u0026#39;${GITLAB_HOME}/data:/var/opt/gitlab\u0026#39; ## vim: syntax=yaml ts=2 sw=2 sts=2 sr et ai When starting this with docker-compose up, we can follow the full horribleness of the installation process in the console: The Gitlab Omnibus container collects a large number of processes internally, including a postgres, puma, nginx and a number of additional components, and configures itself internally using Chef. It is the Anti-Container.\ngitlab.rb The initial run will produce a gitlab.rb config file in /export/gitlab/gitlab/config/gitlab.rb. The file is over 100KB in size, and will contain deactivated config.\nA very minimal, runnable base config for me looks like this:\n# grep -v \u0026#34;^#\u0026#34; gitlab.rb | uniq external_url \u0026#39;http://gitlab.home.koehntopp.de\u0026#39; gitlab_rails[\u0026#39;smtp_enable\u0026#39;] = false gitlab_rails[\u0026#39;gitlab_email_enabled\u0026#39;] = false gitlab_rails[\u0026#39;gitlab_default_can_create_group\u0026#39;] = false gitlab_rails[\u0026#39;gitlab_username_changing_enabled\u0026#39;] = false gitlab_rails[\u0026#39;gitlab_shell_ssh_port\u0026#39;] = 2222 gitlab_kas[\u0026#39;enable\u0026#39;] = false TLS Forwarding from host to container The internal ports need to be exported to the home network, so we need an Apache TLS forwarding config.\nWe are using this:\n\u0026lt;VirtualHost *:80\u0026gt; ServerName gitlab.home.koehntopp.de ErrorLog ${APACHE_LOG_DIR}/gitlab-error.log CustomLog ${APACHE_LOG_DIR}/gitlab-access.log combined Alias /.well-known/acme-challenge /var/lib/dehydrated/acme-challenges \u0026lt;Directory /var/lib/dehydrated\u0026gt; Options Indexes FollowSymLinks AllowOverride None Require all granted \u0026lt;/Directory\u0026gt; \u0026lt;If \u0026#34;!-f \u0026#39;%{REQUEST_FILENAME}\u0026#39;\u0026#34;\u0026gt; RedirectMatch permanent ^/(.*) \u0026#34;https://gitlab.home.koehntopp.de/$1\u0026#34; \u0026lt;/If\u0026gt; \u0026lt;/VirtualHost\u0026gt; \u0026lt;VirtualHost *:443\u0026gt; ServerName gitlab.home.koehntopp.de ErrorLog ${APACHE_LOG_DIR}/gitlab-ssl-error.log CustomLog ${APACHE_LOG_DIR}/gitlab-ssl-access.log combined SSLEngine on SSLCertificateFile /var/lib/dehydrated/certs/home.koehntopp.de/cert.pem SSLCertificateKeyFile /var/lib/dehydrated/certs/home.koehntopp.de/privkey.pem SSLCertificateChainFile /var/lib/dehydrated/certs/home.koehntopp.de/chain.pem # SSLProxyEngine on ProxyPreserveHost On ProxyPass \u0026#34;/\u0026#34; \u0026#34;http://127.0.0.1:81/\u0026#34; nocanon ProxyPassReverse \u0026#34;/\u0026#34; \u0026#34;http://127.0.0.1:81/\u0026#34; AllowEncodedSlashes NoDecode DocumentRoot /var/www/gitlab.home.koehntopp.de \u0026lt;/VirtualHost\u0026gt; # vim: syntax=apache ts=4 sw=4 sts=4 sr noet We are terminating the TLS at the Apache and forward plaintext to the nginx, which then forwards to the internal Ruby. This is silly, but I was not feeling like pulling that ball of string apart.\nThe ProxyPass ... nocanon and AllowEncodedSlashes NoDecode are necessary to avoid internal Error on various URLs that require passing on of // and /-/ URL fragments (several issues, for example here ).\nBasic Setup Admin Login is with \u0026ldquo;root\u0026rdquo;, and will guide you through a password change and some basic setup.\nI created users for the family, and groups for my work and for the little one.\nOnce you have groups, pushing existing repositories into gitlab is quickly done with\n# git push --set-upstream ssh://git@gitlab.home.koehntopp.de:2222/kris/$(git rev-parse --show-toplevel | xargs basename).git $(git rev-parse --abbrev-ref HEAD) This will create a repo for the user or group (here: kris) that has a name identical to the current directory. The xargs basename expression can be replaced with the desired literal name instead.\nAfterwards, it may be useful to git remote remove origin, git remote add origin .... A quick git pull --rebase and git branch --set-upstream-to=origin/master master will exercise and config the local push and pull operations, too.\nA \u0026ldquo;hello-ci\u0026rdquo; project We are creating a basic Python project for gitlab-runner, for testing, kk/probe.\n# cat probe.py #! /usr/bin/env python3 import src if __name__ == \u0026#39;__main__\u0026#39;: print(f\u0026#39;Hi, {src.my_name()}!\u0026#39;) and\n# cat src/__init__.py from src.main import my_name # noqa and\n# cat src/main.py def my_name(): return \u0026#34;Kris\u0026#34; In a src/tests/ directory, we are running pytest:\n#! /usr/bin/env python3 import src def test_my_name(): assert src.my_name() == \u0026#34;Kris\u0026#34; At the toplevel, we put our requirements.txt:\nflake8 pytest and a tox.ini:\n[flake8] exclude=.git,__pycache__,docs,*venv [pytest] addopts = -ra -q We can now build a .gitlab-ci.yml, also at the toplevel:\ndefault: image: python:3.8 before_script: - python --version - pip install -r requirements.txt stages: - Test flake8: stage: Test script: - flake8 pytest: stage: Test script: - pwd - ls -l - export PYTHONPATH=\u0026#34;$PYTHONPATH:.\u0026#34; - python -c \u0026#34;import sys;print(sys.path)\u0026#34; - pytest src Yes, the testing cruft in the pytest setup can later go away\u0026hellip;\nNow, to make this work, we need to install gitlab-runner in a docker variant, and config it.\nGitlab Runner At this point, the runner still needs to be docker-compose\u0026lsquo;ed. I hacked it for testing like this:\n# mkdir -p /export/gitlab/gitlab-runner # cd !$ # mkdir config # cat doit docker run -d --name gitlab-runner \\ --restart always \\ -v /export/gitlab/gitlab-runner/config:/etc/gitlab-runner \\ -v /var/run/docker.sock:/var/run/docker.sock \\ gitlab/gitlab-runner:latest This will create a config.toml in the config directory. We can\n# docker exec -it gitlab-runner bash root@ffd124dab4aa:/# gitlab-runner register # gitlab-runner register Runtime platform arch=amd64 os=linux pid=47 revision=8fa89735 version=13.6.0 Running in system-mode. Enter the GitLab instance URL (for example, https://gitlab.com/): https://gitlab.home.koehntopp.de/ Enter the registration token: TheToken Enter a description for the runner: [ffd124dab4aa]: A test runner Enter tags for the runner (comma-separated): test The token required for registration can be obtained as described here .\nI registered group runners for each of my two internal groups, and a shared runner for the (empty) rest.\nAll of this will rewrite the config.toml. I then upped the concurrency to 6 (8 threads available in the hardware).\nLater on, it will turn out that the docker images in my Ubuntu are not writeable as needed, a helper image needs to be added.\nThe helper_image line has been added manually below, according to this note :\n# cat /export/gitlab/gitlab-runner/config/config.toml concurrent = 6 check_interval = 0 [session_server] session_timeout = 1800 [[runners]] name = \u0026#34;JX_Snack (Docker)\u0026#34; url = \u0026#34;https://gitlab.home.koehntopp.de\u0026#34; token = \u0026#34;TheToken executor = \u0026#34;docker\u0026#34; [runners.custom_build_dir] [runners.cache] [runners.cache.s3] [runners.cache.gcs] [runners.cache.azure] [runners.docker] helper_image = \u0026#34;gitlab/gitlab-runner-helper:x86_64-6fbc7474\u0026#34; tls_verify = false image = \u0026#34;python:3\u0026#34; privileged = false disable_entrypoint_overwrite = false oom_kill_disable = false disable_cache = false volumes = [\u0026#34;/cache\u0026#34;] shm_size = 0 ... For easier testing, it may be useful to allow CI runs on untagged commits. This can be set up as root in https://.../admin/runners for the desired test runner.\nAllowing the runner to pick up untagged jobs can be useful for testing. It needs to be disabled later.\nWith some random committing we can now trigger and debug the pipeline we defined earlier above. Eventually it will actually do something.\nEventually, a testing success.\nHaving a gitlab and a CI/CD pipeline allows us to package the Python Discord Bot development process for the little one in a way that allows him to focus on the various stages of the development process sequentially. For now, testing and deployment can happen magically, we will visit that only later.\n","date":"2020-11-22T00:00:00Z","href":"https://blog.koehntopp.info/2020/11/22/gitlab-in-docker.html","tags":["lang_en","devops","docker","git","development"],"title":"Gitlab in Docker"},{"categories":null,"content":"At work, I am in an ongoing discussion with a number of people on the Observability of Outliers. It started with the age-old question “How do I find slow queries in my application?” aka “What would I want from tooling to get that data and where should that tooling sit?”\nAs a developer, I just want to automatically identify and isolate slow queries!\nWhere I work, we do have SolarWinds Database Performance Monitor aka Vividcortex to find slow queries, so that helps. But that collects data at the database, which means you get to see slow queries, but maybe not application context.\nThere is also work done by a few developers which instead collects query strings, query execution times and query counts at the application. This has access to the call stack, so it can tell you which code generated the query that was slow.\nIt also channels this data into events (what we have instead of Honeycomb ), and that is particularly useful, because now you can generate aggregates and keep the link from the aggregates to the constituting events.\nHow do you find outliers? “That’s easy”, people will usually say, and then start with the average plus/minus one standard deviation. “We’ll construct this “n stddev wide corridor around the average” and then look at all the things outside.”\nNo.\nThat is descriptive statistics for normal distributions and for them to work we need to actually have a normal distribution.\nAverages and Standard Deviations work on normal distributions. So the first thing we need to do is to look at the data and ensure that we actually have a normal distribution.\nAnscombe\u0026rsquo;s Quartet is a set of graphs having an identical number of points, and producing identical descriptive statistics, but being clearly extremely different distributions.\nBecause when you apply the Descriptive Statistics of Averages and Standard Deviations to things that are Not a Normal Distribution (see Anscombe’s Quartet ) they do not tell you much about the data: all the graphs in the infamous Quartet have the same descriptive stats (more than just average and stddev, even), but are clearly completely different.\nSo what we would want is a graph of the data. For a time series – which is what we usually get when dealing with metrics – a good way to plot the data is a heatmap. For the given problem, the heatmap more often than not looks like this:\nWe partition the time axis into buckets of - say - 10s each, and then bucket execution times linearly or logarithmically. For each query we run, we determine the bucket it goes into and increment by one. The resulting numbers are plotted as pixels - darker, redder means more queries in that bucket. A flat 2D plot of three dimensional data.\nWhat you see here is a bi- or multipartite distribution. It is a common case when benchmarking: We have a (often larger) number of normally executed queries, and a second set (often smaller) of queries that need our attention because they are executed slower.\nThe slow set is also often run with unstable execution times – an important secondary observation.\nThis is not a normal distribution, but a thing composed of two other things (hence bipartite), each of which in itself hopefully can be adequately modelled as a normal distribution: A gaussian mixture .\nLuckily we do not actually have to deal with the math of these mixtures (I hope you did not follow the Wikipedia link :-) ) when we want to find slow queries.\nWe just want to be able to separate them, which could even be done manually, and then want the back pointer to the events that constitute the cluster of outliers we identified.\nUnstable execution times I mentioned above:“They are also often run with unstable execution times – an important secondary observation.”\nSlow queries are often slow because they cannot use indexes. When a tree index can be used, the number of comparisons needed to find the elements we are searching for is some kind of log of the table size.\nThe end result is usually 4 – there are 3-5 lookups¹ needed in about any tree index to do a point lookup of the first element of a result. That means that the execution time for any query using proper indexes is usually extremely stable.\nWhen indexes cannot be used, the lookup times are scan times – linear functions of the result position or size. This varies a lot more, and so we get much more variable execution times for slow queries, and the jitter makes it only worse: your “this query takes 20s instead of 20ms to run” degrades to the even more annoying “well, sometimes it’s 5s, and sometimes 40s”.\n¹ In MySQL, we work with 16KB block size, and in indexes we usually have a fan out of a few hundreds to one thousand per block or tree level. The depth of the index tree is the number of comparisons, and it is log to the base of (fan out) of the table length in records. This then becomes ln(table length)/ln(fan out), because that is how you get arbitrary base logs from ln().\nFor a fan out of 100, we get a depth of 3 for 1 million, and 4.5 for 1 billion records.\nFor a fan out of 1000, it’s 2 for the million, and 3 for the billion.\nPlus one for the actual record, so the magical database number is 4: It’s always 4 media accesses to get any record through a tree index - stable execution times for indexed queries, because math works.\nWhere Monitoring ends and Observability begins With measurements, aggregations, and the visualisation as a heatmap, I can identify my outliers – that is, I learn that I have them and where they are in time and maybe space (group of hosts).\nBut with a common monitoring agents such as Diamond or Telegraf, what is being recorded are numbers or even aggregates of numbers - the quantisation into time and value buckets happens in the client and all that is recorded in monitoring is “there have been 4 queries of 4-8ms run time at 17:10:20 on host randomdb-2029”. We don’t know what queries they were, where they came from or whatever other context may be helpful.\nWith events, we optionally get rich records for each query - query text, stack trace context, runtime, hostname, database pool name and many other pieces of information. They are being aggregated as they come in, or can be aggregated along other, exotic dimensions after the fact. And best of all, once we find an outlier, we can go back from the outlier and find all the events that are within the boundary conditions of the section of the heapmap that we have marked up as an outlier.\nThis also is the fundamental difference between monitoring (“We know we had an abnormal condition in this section of time and space”) and observability (“\u0026hellip; and these are the events that make up the abnormality, and from them we can see why and how things went wrong.”).\n(Written after a longer call with a colleague on this subject).\n","date":"2020-11-19T00:00:00Z","href":"https://blog.koehntopp.info/2020/11/19/on-the-observability-of-outliers.html","tags":["lang_en","devops","monitoring"],"title":"On the Observability of Outliers"},{"categories":null,"content":"I have been asked to document my home sensor network. Being married to a person with a background in web security sets boundary conditions:\nNo cloud. We are running all services locally. No control, only metrics. I am collecting data from a number of plugs with power meters over Wi-Fi, using the MQTT protocol. I am also collecting data from a number of temperature sensors over Zigbee, and convert to MQTT. The MQTT data is ingested into Influx, and then read and plotted in Grafana. All of this is dockered and runs locally on an Ubuntu server.\nWhat happened so far Plugs with Wi-Fi : In which I am asking what kind of power plug to use to collect usage data. Gosund and Tasmota : In which I describe how to convert Gosund SP 111 plugs to Tasmota. Air Quality Sensors : In which I ask for Air Quality sensors, specifically with CO2 level metrics. The hardware Server I have a rather old server machine at home that acts as a file server and docker host.\n# lscpu | egrep \u0026#39;^Model name|^CPU\\(s\\):\u0026#39; CPU(s): 8 Model name: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz # free -m total used free shared buff/cache available Mem: 32061 16697 261 32 15102 15516 Swap: 32767 881 31886 # vgs VG #PV #LV #SN Attr VSize VFree data 2 13 0 wz--n- 7.28t 3.48t hdd 1 5 0 wz--n- 9.08t 5.00g system 1 4 0 wz--n- 466.94g 274.94g # cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=20.04 DISTRIB_CODENAME=focal DISTRIB_DESCRIPTION=\u0026#34;Ubuntu 20.04.1 LTS\u0026#34; Gateway This machine is hosting a ConBee from Dresden Elektronik :\n# lsusb | grep -i Dresden Bus 002 Device 084: ID 1cf1:0030 Dresden Elektronik # ls -l /dev/ttyACM0 crw-rw---- 1 root dialout 166, 0 Nov 15 11:51 /dev/ttyACM0 The instructions say you should be connecting the Conbee to the device using a USB cable, to keep it away from the device HF. This will improve the reach of the antenna supposedly a lot.\nDresden Elektronik ConBee attached to the Ubuntu fileserver using a USB cable.\nIn my case, the ConBee can see the sensors on the top floor and the floor below, but cannot reach the shed or the first floor.\nRepeaters This is fixed using any Zigbee device with mains power, because they all act as Zigbee signal repeaters, forming a mesh network. The exception here is Philipps HUE equipment, which does not in general do this.\nWhat I did was purchase a few TRÅDFRI Signal repeaters . These are USB-to-USB connectors that act as signal repeaters and a USB plug, powering the thing. You can plug the entire device chain into a wall plug, or run the basic USB-to-USB adapter from any USB socket that happens to be available.\nThe repeaters need to be paired with the ConBee. That is done by putting the ConBee into open mode, and then poking a small hole in the TRÅDFRI Signal repeater with a SIM tool or a paper clip. The single LED in the repeater will dim, blink, and 30s later the gateway has picked up the new device.\nThe repeaters have substantially better antennas than the ConBee. I purchased three, estimating I would need them to chain from the top floor across the first floor and the first floor into the shed, but actually one repeater on the first floor would have been sufficient. On the other hand these devices are 10 Euro each, so I do not really care.\nSensors I am using Aqara sensors which report temperature, humidity and pressure. The pressure sensors are impressive - they are long term stable, and they register when I take down a sensor from the second floor to the first floor. The devices are tiny - they are powered by a CR2032 cell (e.g. IKEA PLATTBOJ), and can run off it for around a year. The device is about twice as thick as the CR2032, and only slightly larger than the battery.\nThey come with two double-sided adhesive rings, have a pairing button on one side and a tiny blue indicator LED that only signals pairing and is otherwise unused.\nThey report measurements asynchronously as the data changes, which makes MQTT a much better suited protocol then HTTP.\nThey are available on Amazon from a number of makers, at vastly different prices and delivery times. I assume that a 100-pack of these directly from Shenzhen comes in at 2.50 Euro/pc or so - individual sensors incl. shipping come in at $6.50 at Aliexpress. Here , here and here are some sources, but I have seen them as low as 10-12 Euro/pc.\nA wireless mouse was delivered in container made from these plastic shells. I used one to protect the Aqara sensor against the weather.\nThe Aqara sensor is not really an outdoor sensor. It works well on the east side of the house, but the west side is the local weather side, and needs more water protection. I know this, because the first sensor on this side of the house drowned and shorted out after a rainstorm. I have mounted the replacement sensor in an upside down, open plastic container, and then glued the container to the top bar of a window. The seems to work fine.\nAqara sensor mounted on the top bar of a window. The plastic container is open to the bottom, but acts as a shield against rain and weather.\nWall Plugs I bought a very large number of Gosund SP111 Wall Plugs and converted them to Tasmota using Tuya-Convert . The plugs are attractive, because they can do the full 16A and are small enough to fit next to each other on a regular plug extender, if the slots are angled at 45deg (the device has a button, and the Gosund plugs are touching each other on small extenders, pressing each other\u0026rsquo;s button).\nThis is a solder-free conversion, using the Wi-Fi in a Raspi 4. Newer versions of this plug do no longer convert this way, and require wires to re-flash initially.\nOn the other hand, DeLOCK WLAN Steckdosen are the same device and come with Tasmota preinstalled.\nIn any case you are looking at around 20 Euro/plug.\nThe plugs connect to the local 2.4 Ghz Wi-Fi, and after Tasmota installation speak HTTP(S) and MQTT(s).\nSoftware I need a database for time series that collects measurements from the sensors and the wall plugs. In my case that is Influx . Visualization is from Influx to Grafana , because that is known to work well.\nThe MQTT transport is implemented using Mosquitto , again, because that is known to work well.\nData transport from Mosquitto to Influx can be done with Telegraf , or a small Python script - I started out with the Python, but only later learned that it could have been done completely in Telegraf. My setup still uses the Python.\nConversion and transport from Zigbee to MQTT is done using zigbee2mqtt .\nStorage All data and config resides in /export/iot in my setup.\n# df -Th /export/iot/ Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/data-iot xfs 30G 7.3G 23G 25% /export/iot I am providing sufficient storage for about one year of data. I am using XFS as a file system, because while having higher commit latency than ext4, it has close to no jitter and consequently much better plan-able performance.\nThis is a LVM2 partition on the data volume group, which contains two Samsung EVO 860 4 TB drives.\n# pvs | grep data /dev/sde1 data lvm2 a-- 3.64t 2.32t /dev/sdf1 data lvm2 a-- 3.64t 1.16t # vgs data VG #PV #LV #SN Attr VSize VFree data 2 13 0 wz--n- 7.28t 3.48t Created this way:\n# lvcreate -n iot -L 30g data ... # mkfs -t xfs /dev/data/iot ... # mkdir /export/data # mount /dev/data/iot /export/data docker-compose I am using docker-compose to set this up and run it. This works remarkably well, and there is no need to run K8s on a single box, anyway.\nA deployment is specified in a file docker-compose.yml, which lists a number of containers and optionally a local virtual network segment. The deployment can make use of environment variables, which can be put into a file named .env (dotenv) in the same directory.\nmosquitto We make use of this:\n# cd /export/iot # cat .env DATA_DIR=/export/iot MQTT_PORT=1883 INFLUX_PORT=8086 GRAFANA_PORT=3000 ZIGBEE_DEVICE=/dev/ttyACM0 TZ=Europe/Amsterdam GF_INSTALL_PLUGINS=grafana-clock-panel,grafana-simple-json-datasource DOCKER_HOST_ADDRESS=192.168.1.10 These are being used in the docker-compose.yml in the same directory. We specify the version, and enumerate the services we want.\nHere is our service mosquitto:\n--- version: \u0026#34;3\u0026#34; services: mosquitto: image: \u0026#34;eclipse-mosquitto:latest\u0026#34; container_name: \u0026#34;mosquitto\u0026#34; hostname: \u0026#34;mosquitto\u0026#34; user: \u0026#34;1000\u0026#34; ports: - \u0026#34;${MQTT_PORT}:1883\u0026#34; volumes: - \u0026#34;./mosquitto/mosquitto.conf:/mosquitto/config/mosquitto.conf\u0026#34; - \u0026#34;./mosquitto/users:/mosquitto/config/users\u0026#34; - \u0026#34;${DATA_DIR}/mosquitto/data:/mosquitto/data\u0026#34; - \u0026#34;${DATA_DIR}/mosquitto/log:/mosquitto/log\u0026#34; restart: \u0026#34;always\u0026#34; We are defining a container named \u0026ldquo;mosquitto\u0026rdquo;, which uses the docker internal hostname \u0026ldquo;mosquitto\u0026rdquo;. Our other services will be able to connect to this container using this hostname. We try to run this as the user with the UID 1000, but unfortunately this is mostly a vain effort using Docker - a lot of stuff needs to run privileged. The server inside the container is running on port 1883, and we make it available on the outside on $MQTT_PORT from the dotenv.\nWe overwrite the internal config file /mosquitto/config/mosquitto.conf with the file ./mosquitto/mosquitto.conf (/export/iot/mosquitto/mosquitto.conf) and so on.\nWe also define a restart rule.\nInflux Next up: we want an Influx instance.\ninfluxdb: image: \u0026#34;influxdb:latest\u0026#34; container_name: \u0026#34;influxdb\u0026#34; hostname: \u0026#34;influxdb\u0026#34; ports: - \u0026#34;${INFLUX_PORT}:8086\u0026#34; volumes: - \u0026#34;${DATA_DIR}/influxdb:/var/lib/influxdb\u0026#34; restart: \u0026#34;always\u0026#34; Again, we may the internal port (8086) to what is defined in the dotenv, and we overwrite the internal /var/lib/influxdb with $DATA_DIR/influxdb (/export/iot/influxdb).\nWe can prove this works: Enter the docker container, create a file, leave the docker container, see the file.\n# docker exec -it influxdb bash # cd /var/lib/influxdb/ /var/lib/influxdb# touch keks /var/lib/influxdb# exit # ls -l /export/iot/influxdb/keks -rw-r--r-- 1 root root 0 Nov 15 15:58 /export/iot/influxdb/keks # rm /export/iot/influxdb/keks This gets us an instance of Influx.\nGrafana Next then, the Grafana instance:\ngrafana: image: \u0026#34;grafana/grafana:latest\u0026#34; container_name: \u0026#34;grafana\u0026#34; hostname: \u0026#34;grafana\u0026#34; user: \u0026#34;1000\u0026#34; depends_on: - influxdb ports: - \u0026#34;${GRAFANA_PORT}:3000\u0026#34; volumes: - \u0026#34;${DATA_DIR}/grafana/data:/var/lib/grafana\u0026#34; - \u0026#34;${DATA_DIR}/grafana/log:/var/log/grafana\u0026#34; - \u0026#34;${DATA_DIR}/grafana/config:/etc/grafana\u0026#34; restart: \u0026#34;always\u0026#34; We can only run Grafana, when Influx is up and running, so we provide a depends_on attribute to the service. Again, we map the port, and also the various directories of interest inside the container are made available to the outside.\nZigbee2MQTT The bridge from Zigbee to MQTT is defined as before:\nz2m: image: \u0026#34;koenkk/zigbee2mqtt\u0026#34; container_name: \u0026#34;z2m\u0026#34; hostname: \u0026#34;z2m\u0026#34; devices: - \u0026#34;${ZIGBEE_DEVICE}:${ZIGBEE_DEVICE}\u0026#34; privileged: true environment: - \u0026#34;TZ=${TZ}\u0026#34; volumes: - \u0026#34;${DATA_DIR}/z2m:/app/data\u0026#34; - \u0026#34;/run/udev:/run/udev:ro\u0026#34; depends_on: - \u0026#34;mosquitto\u0026#34; restart: \u0026#34;always\u0026#34; This one is special, because it needs device access to the device file of the ConBee inside the container. So the container is privileged, we import the device file, and a ro instance of udev. It also needs access to the TZ environment variable from dotenv.\nOur Zigbee2MQTT data is in $DATA_DIR/z2m (/export/iot/z2m).\nOur python project, mqttbridge The final component is our mqttbridge, which is a dockerized Python script we provide. Alternatively we could have used telegraf for this, but I realized that only later.\nbridge: build: \u0026#34;./bridge\u0026#34; image: \u0026#34;isotopp/mqttbridge\u0026#34; container_name: \u0026#34;mqttbridge\u0026#34; hostname: \u0026#34;mqttbridge\u0026#34; user: \u0026#34;1000\u0026#34; depends_on: - \u0026#34;influxdb\u0026#34; - \u0026#34;mosquitto\u0026#34; restart: \u0026#34;always\u0026#34; Our script resides in ./bridge (/export/iot/bridge), and runs with the hostname and container name mqttbridge, as UID 1000. It makes sense to run it only when it can read data from mosquitto and write to Influx, so we depends_on these.\nInside the ./bridge directory, we provide a Dockerfile and the script:\n# cat bridge/Dockerfile FROM python:3.8-alpine LABEL maintainer=\u0026#34;isotopp\u0026#34; \\ description=\u0026#34;MQTT to InfluxDB Bridge\u0026#34; COPY requirements-frozen.txt /tmp/requirements.txt RUN pip install -r /tmp/requirements.txt COPY ./bridge.py /app WORKDIR /app CMD [ \u0026#34;python3\u0026#34;, \u0026#34;-u\u0026#34;, \u0026#34;bridge.py\u0026#34; ] This makes use of the Python 3.8 Alpine base image. We copy our requirements file into the container, run pip to install the requirements, copy the bridge.py file into the /app directory and then start that script with the appropriate options (-u - run Python unbuffered).\nThe actual script understands the channels I use internally for Aqara, Mijia, and Gosund data.\nConfiguration The various components need configuration.\nMosquitto # cat /export/iot/mosquitto/mosquitto.conf persistence true persistence_location /mosquitto/data/ log_dest file /mosquitto/log/mosquitto.log We also need a /export/iot/mosquitto/users file, and create a mqttuser with mosquitto_passwd -c /export/iot/mosquitto/users mqttuser.\nThe logfile in /export/iot/mosquitto/log/mosquitto.log will need expiration.\nInflux Influx will need a bit more configuration, but this is interactive, and a bit longer. It will be provided in another article.\nGrafana Grafana comes up empty, and needs an admin password and manual configuration after initial startup. To make things work, we need to configure our InfluxDB as a server-side data source (Grafana connects to Influxdb, not the Browser connects to Influxdb).\nWe can then use the hostnames we defined to access the database:\n- Name: InfluxDB - Default: enabled URL: http://influxdb:8086 Access: Server (default) ... Database: home_db (we are going to set this up later) User: and Password: as needed (by default: empty) As soon as we have data in InfluxDB, we can start to define dashboards.\nZigbee2MQTT And this is where we start configuration for real, the entry point for our data: Once everything is running we should see a /export/iot/z2m/configuration.yaml.\nIt will look somewhat like this:\n# cat configuration.yaml homeassistant: false permit_join: true mqtt: base_topic: zigbee2mqtt server: \u0026#39;mqtt://mosquitto/\u0026#39; serial: port: /dev/ttyACM0 That is:\nWe run without home assistant, so we disable this. We need to open the z2m to allow devices to join, so permit_join needs to be true. Our mosquitto is at the host of that name. We post data to zigbee2mqtt. We need to tell z2m where our ConBee is located, as a device. When we have done that, and brought the entire apparatus up, we will be able to have devices join, and they are being added to the configration.yaml.\nAfter that we can edit the file to give them proper names.\nStarting it So we cd /export/iot and docker-compose build, them docker-compose up the entire thing.\nAmong all the other things we also get our bridge process and the node process from z2m:\n# ps axuwwww | grep [b]ridge.py kris 2982402 0.0 0.0 24136 18120 ? Ss Nov10 5:20 python3 -u bridge.py # ps axuwwww | grep index.j[s] root 441693 0.8 0.1 314256 57840 ? Sl 12:12 2:53 node index.js We can switch to the z2m log directory and tail the log:\n# tail -F $(ls -1tr */log* | tail -1) info 2020-11-15 12:12:56: Logging to console and directory: \u0026#39;/app/data/log/2020-11-15.12-12-56\u0026#39; filename: log.txt info 2020-11-15 12:12:56: Starting zigbee2mqtt version 1.14.0 (commit #9009de2) info 2020-11-15 12:12:56: Starting zigbee-herdsman... info 2020-11-15 12:12:56: zigbee-herdsman started info 2020-11-15 12:12:56: Coordinator firmware version: \u0026#39;{\u0026#34;type\u0026#34;:\u0026#34;ConBee2\u0026#34;,\u0026#34;meta\u0026#34;:{\u0026#34;transportrev\u0026#34;:0,\u0026#34;product\u0026#34;:0,\u0026#34;majorrel\u0026#34;:38,\u0026#34;minorrel\u0026#34;:74,\u0026#34;maintrel\u0026#34;:0,\u0026#34;revision\u0026#34;:\u0026#34;0x264a0700\u0026#34;}}\u0026#39; ... warn 2020-11-15 12:12:56: `permit_join` set to `true` in configuration.yaml. warn 2020-11-15 12:12:56: Allowing new devices to join. warn 2020-11-15 12:12:56: Set `permit_join` to `false` once you joined all devices. info 2020-11-15 12:12:56: Zigbee: allowing new devices to join. info 2020-11-15 12:12:56: Connecting to MQTT server at mqtt://mosquitto/ info 2020-11-15 12:12:56: Connected to MQTT server We could now try to have a device join the setup, by holding it close to the antenna and pressing the button. For the IKEA bridges, we need to push a paper clip into the small hole at the front, for the Aqara devices we press the button.\nWe should see a log message for each of the devices. After everything has joined, we can docker-compose stop z2m; service networking restart and edit the configuration.yaml to closed state, and name the devices.\n# cat configuration.yaml homeassistant: false permit_join: false mqtt: base_topic: zigbee2mqtt server: \u0026#39;mqtt://mosquitto/\u0026#39; serial: port: /dev/ttyACM0 devices: \u0026#39;0x00158d0004075772\u0026#39;: friendly_name: eastside/SENSOR \u0026#39;0x00158d00048735ab\u0026#39;: friendly_name: bathroom/SENSOR \u0026#39;0x00158d00045c09a9\u0026#39;: friendly_name: schuppen/SENSOR \u0026#39;0x00158d00053effba\u0026#39;: friendly_name: westside/SENSOR \u0026#39;0xec1bbdfffe18b39d\u0026#39;: friendly_name: bibliothek/BRIDGE \u0026#39;0x842e14fffe75eda0\u0026#39;: friendly_name: wohnzimmer/BRIDGE \u0026#39;0x00158d000486341e\u0026#39;: friendly_name: wohnzimmer/SENSOR \u0026#39;0x680ae2fffe9c847d\u0026#39;: friendly_name: schuppen/BRIDGE z2m will now post messages to the MQTT bus, building the topic from the base_topicand the friendly_name:\ninfo 2020-11-15 17:42:00: MQTT publish: topic \u0026#39;zigbee2mqtt/schuppen/SENSOR\u0026#39;, payload \u0026#39;{\u0026#34;battery\u0026#34;:97,\u0026#34;voltage\u0026#34;:2995,\u0026#34;temperature\u0026#34;:11.85,\u0026#34;humidity\u0026#34;:81.23,\u0026#34;pressure\u0026#34;:1002,\u0026#34;linkquality\u0026#34;:96}\u0026#39; info 2020-11-15 17:42:45: MQTT publish: topic \u0026#39;zigbee2mqtt/bathroom/SENSOR\u0026#39;, payload \u0026#39;{\u0026#34;battery\u0026#34;:74,\u0026#34;voltage\u0026#34;:2955,\u0026#34;temperature\u0026#34;:21.41,\u0026#34;humidity\u0026#34;:59.62,\u0026#34;pressure\u0026#34;:997.4,\u0026#34;linkquality\u0026#34;:96}\u0026#39; The payload here is JSON, which we parse, and push into Influxdb. Or let telegraf do that, automatically.\nWhy the service networking restart? For some reasons, when downing or stopping services from docker-compose, docker-compose will remove all the routes to my Ubuntu. I then need to connect a keyboard, log in and manually run service networking restart to fix this.\nI have not yet found out why this happens.\nWhen doing it like this, I keep the connection and do not need to fix the Ubuntu box.\nListening to the bus Using the mosquitto_sub command we can listen to multiple topics on the bus. For that we need to provide the -t option one or more times. Topics can be literal like zigbee2mqtt/bathroom/SENSOR or can contain a single level wildcard (+) or multilevel wildcards (#).\nWe run\n# mosquitto_sub -F \u0026#34;%J\u0026#34; -t zigbee2mqtt/+/SENSOR {\u0026#34;tst\u0026#34;:1605459438,\u0026#34;topic\u0026#34;:\u0026#34;zigbee2mqtt/westside/SENSOR\u0026#34;,\u0026#34;qos\u0026#34;:0,\u0026#34;retain\u0026#34;:0,\u0026#34;payloadlen\u0026#34;:100,\u0026#34;payload\u0026#34;:{\u0026#34;battery\u0026#34;:91,\u0026#34;voltage\u0026#34;:2985,\u0026#34;temperature\u0026#34;:10.63,\u0026#34;humidity\u0026#34;:84.22,\u0026#34;pressure\u0026#34;:997.5,\u0026#34;linkquality\u0026#34;:97}} {\u0026#34;tst\u0026#34;:1605459438,\u0026#34;topic\u0026#34;:\u0026#34;zigbee2mqtt/westside/SENSOR\u0026#34;,\u0026#34;qos\u0026#34;:0,\u0026#34;retain\u0026#34;:0,\u0026#34;payloadlen\u0026#34;:100,\u0026#34;payload\u0026#34;:{\u0026#34;battery\u0026#34;:91,\u0026#34;voltage\u0026#34;:2985,\u0026#34;temperature\u0026#34;:10.63,\u0026#34;humidity\u0026#34;:83.12,\u0026#34;pressure\u0026#34;:997.5,\u0026#34;linkquality\u0026#34;:97}} {\u0026#34;tst\u0026#34;:1605459438,\u0026#34;topic\u0026#34;:\u0026#34;zigbee2mqtt/westside/SENSOR\u0026#34;,\u0026#34;qos\u0026#34;:0,\u0026#34;retain\u0026#34;:0,\u0026#34;payloadlen\u0026#34;:100,\u0026#34;payload\u0026#34;:{\u0026#34;battery\u0026#34;:91,\u0026#34;voltage\u0026#34;:2985,\u0026#34;temperature\u0026#34;:10.63,\u0026#34;humidity\u0026#34;:83.12,\u0026#34;pressure\u0026#34;:997.8,\u0026#34;linkquality\u0026#34;:97}} in one window, and tail -f /export/iot/z2m/log/*/log.txt in a second window. When log messages appear in log.txt, we should also see JSON payloads being dumped by mosquitto_sub.\nWe now know that zigbee2mqtt is up and running, has a configuration and is posting messages to the MQTT, using the proper topic names.\nDebugging the topology Zigbee is a mesh network. Our IKEA signal repeaters will act as intermediate relays, forwarding the messages to the coordinator.\nWe can dump the current topology , as seen by the zigbee2mqtt gateway, by running the following command in one window:\nmosquitto_sub -h localhost -C 1 -t zigbee2mqtt/bridge/networkmap/graphviz | sfdp -Tpng \u0026gt; map.$(date +%Y%m%d%H%M%S).png and running the matching pub command in a second window:\n# mosquitto_pub -h localhost -t zigbee2mqtt/bridge/networkmap -m graphviz The sfdp command is part of the graphviz package.\n# dpkg -S $(which sfdp) graphviz: /usr/bin/sfdp The result is a network map. The map is always only a current snapshot, and the actual configuration may vary depending on network conditions.\nThe MQTT network map shows the devices and how they connect between each other. Unlinked devices connect directly to the coordinator.\nTo be continued with a section on Influx configuration.\nI could not have done this alone There are many people who have helped me to set this up. The one that stands out most is Marianne Spiller . She wrote Smart Home mit openHAB 2 , the book on openHAB and home automation, and while I did not go down that route, she inspired me to research the topic. She also motivated me to look into docker-compose and she is running the fantastic #tabsvongesternnacht Stammtisch every Friday. Thank you, @sys_adm_ama .\nAnother useful resource was https://github.com/Nilhcem/home-monitoring-grafana and the article in Home sensor data monitoring with MQTT, InfluxDB and Grafana , which I took as a blueprint for my setup.\n","date":"2020-11-15T00:00:00Z","href":"https://blog.koehntopp.info/2020/11/15/my-home-sensor-network.html","tags":["lang_en","iot","home automation"],"title":"My home sensor network"},{"categories":null,"content":"Es gibt ein Interview mit Stefan Ramesohl vom Umweltministerium (des Bundes) in Netzpolitik.org: \u0026ldquo;Warum niemand weiß, wie viele Rechenzentren es in Europa gibt \u0026rdquo;. Im Wesentlichen hat das Umweltministerium angesagt, daß es auf europäischer Ebene Rechenzentren erfassen und katalogisieren will, um in einem zweiten Schritt den Energieverbrauch von Rechenzentren zu regulieren.\nDas ist sehr spannend, denn derzeit gibt es keine Übersicht über Rechenzentren in Europa, und tatsächlich sind einige Rechenzentrumsbetreiber sehr paranoid, was den genauen Standort ihrer Hardware angeht und wieviel und welche Hardware darin ist oder was diese tut. Das ist zwar lächerlich - es ist sehr schwierig eine Energiesenke wie ein Rechenzentrum und ihre Abwärme zu verstecken - aber auch ein sehr sensitives Thema.\nEine Leseliste In dem Interview gibt es ein paar Dinge, die Anmerkungen verdienen, aber bevor es los geht noch die anderen Artikel in diesem Blog als Links:\nThreads vs. Watts : Ich habe einen Dell R630 mit zwei Xeon 6132 CPUs getestet, und deren Energieverbrauch unter Last gemessen. Die Resultate sind repräsentativ für die ganze Klasse von Rechnern, die eine Art Arbeitspferd im modernen Rechenzentrum sind. Der Hauptpunkt: 50% der maximalen Energieaufnahme werden bereits bei 20% Auslastung aufgenommen. A Journey to Open Compute : Mit Open Compute hat Facebook die Energieaufnahme eines Rechners in Idle auf 50% eines herkömmlichen Rechners senken können, und unter Volllast auf 80%. Das wird ermöglicht, indem man Rechner, Rack und Raum nach einer gemeinsamen Spezifikation baut und optimiert. Der Open Compute Standard ist jetzt eine offene Spezifikation, aber wegen der Abhängigkeiten zwischen Raum, Rack und Rechner lohnt sich das alles nur, wenn man ein GAFAM -type Hyperscaler ist. Power budgets for computing resources - portable and stationary listet generell die Zusammenhänge zwischen Rechnen, Batterieverbrauch und Abwärme auf. Data Centers and Energy : Wenn man Netflix schaut, wird Energie verbraucht. Wo und wieviel? Wir reden über Endgeräte (die nur wenige Watt brauchen), über Open Compute in Rechenzentren und über Energieverbrauch im Netzwerk, speziell auf der letzten Meile. Letzterer variiert enorm: 5G braucht sehr viel Energie, (V)DSL ist ebenfalls sehr aufwendig, und Glasfaser nicht - sie ist leicht eine Zehnerpotenz günstiger. Streaming and Energy und Netflix does not bring down the Internet : Speziell Videostreaming funktioniert schon sehr optimiert: Videos werden in Edge Data Centers gespeichert und nicht neu codiert, sie werden in der niedrigsten sinnvollen Auflösung geliefert und die Decodierung erfolgt mit spezieller Hardware, damit die Batterie im Endgerät länger hält. All das braucht weniger Energie als angenommen. Cloud and Energy : Das Uptime Institut sagt: \u0026ldquo;Data center energy efficiency gains have flattened out\u0026rdquo; (und sieht einen durchschnittlichen PUE von 1.58). Uptime sagt im selben Text aber auch, daß neuere und größere Facilities mit Open Compute signifikant bessere PUE haben. Der einfachste Weg zur Verbesserung von PUE für die meisten Firmen ist, ihre Workloads in die Cloud zu verlagern (und dynamisch zu skalieren). Das hat bei korrekter Durchführung neben Energieffizienz auch noch jede Menge andere Vorteile, die sich aus einem gelungenen Outsourcing ergeben. Hyperscaler-Rechenzentren sind viel energieeffizienter Auf Twitter ging ich auf das Interview ein :\nNetzpolitik.org: Diese großen Player können ja kein Interesse an staatlicher Regulierung haben, sondern werden versuchen, eine branchenweite Selbstverpflichtung herbeizuführen.\nEher nicht. Als GAFAM wäre man sinnvollerweise für mehr Regulierung, denn das käme effektiv einem Cloud-Zwang gleich.\nWie oben bereits dargestellt, hat GAFAM bereits Rechenzentren, die sehr viel effizienter mit der Energie umgehen als normale Rechenzentren es tun. Das ist so, weil diese Rechenzentren Raum, Rack und Rechner als ein System designed haben und weil die Betreiber als Hyperscaler es sich leisten können, solche Rechenzentren nach Maß zu designen, bauen zu lassen und zu optimieren.\nWährend also ein traditionelles Rechenzentrum Rechner für eine Million Watt betreibt und dafür um die 600.000W an Kühlung und anderer Sekundärenergie aufbringen muß (Power Utilization Efficiency, PUE 1.6), können die am Besten optimierten Google-Rechenzentren eine Million Watt an Rechnern mit 60.000W Sekundärenergie betreiben (PUE 1.06).\nEin effektiver PUE von \u0026lt;1.2 ist par für die Hyperscaler-Cloud.\nEin kleinerer Rechenzentrums-Nutzer füllt nicht ein ganzes RZ mit Rechnern, läßt also nicht nach Maß bauen, sondern mietet existierenden RZ-Space, der prinzipbedingt nicht gut geeignet ist für Open Compute (OCP). Existierende RZ-Space ist generisch, er muß jede Art von IT-Equiment aufnehmen können und ist daher oft Überkühlt, der Airflow ist nicht optimiert und hat auf diese Weise mindestens dreimal mehr Overhead als RZ-Space, den Hyperscaler nach Maß bauen (PUE \u0026lt;1.2 vs. PUE ~ 1.6). Noch kleinere Benutzer füllen nur einzelne Räume oder haben Raumabschnitte (\u0026ldquo;Cages\u0026rdquo;), teilen also die Kühlung mit anderen Nutzern.\nHyperscaler bauen nicht nur ein RZ, sondern tun das in Serie, und iterieren dabei das Design. Sie lassen auch Rechner und Rechnerkonzepte wie OCP entwickeln, und stimmen dabei das Design des RZ auf das Design von Rack und Rechner ab - daher kommt die energetische Überlegenheit von OCP.\nDazu kommt, wie oben auch dargestellt, daß ein ausgelasteter Rechner energieeffizienter ist als einer, der teilweise vor sich hin idled. Ein Dell R630 verbraucht bereits 50% seiner maximalen Energie bei 20% Auslastung.\nMaschinen auszulasten und Workloads dynamisch zu skalieren ist etwas, für das \u0026ldquo;die Cloud\u0026rdquo;, also die API-gesteuerten Rechenzentren der Hyperscaler, gebaut worden sind. Hyperscale Clouds haben \u0026ldquo;sellable cores per provisioned cores\u0026rdquo; als eine zentrale Optimierungsmetrik, sie wollen ausgelastete Rechner, weil das die Einnahmen definiert.\nWatts per Thread (Dell R630, Dual Xeon 6132)\nWie dem auch sei: Aus energetischer Sicht ist Auslastung wichtig, weil die Watts zur Aktivierung des n-ten Rechenkerns asymptotisch günstiger sind. Das ist so, weil die Idle-Energieaufnahme der Maschine und des ganzen Rechenzentrums drumherum sich so amortisiert.\nAußerdem: Wenn man es sich leisten kann, Hyperthreading zu aktivieren (Wegen der diversen Intel-Caching-Bugs der letzten Jahre ist das oft ein Sicherheitsrisiko), dann sind die Hyperthreads energetisch betrachtet nahezu kostenfrei. Integer- und Stringprocessing-Workloads können Hypterthreads als nahezu vollwertige zweite CPU betrachten, Fließkomma-intensive Workloads nicht.\nWebshops sind, wenn sie richtig gebaut worden sind, String- und Integer-Anwendungen und sehr wenig Fließkomma-intensiv, könnten also von Hyperthreading voll profitieren. Die Anzahl der nutzbaren Cores verdoppelt sich rechnerisch und ist bei Webshop fast vollständig realisierbar - ein Webshop mit einer fast reinen Integer/String Workload kann von den 56 rechnerischen Kernen einer Dual-6132 eine Load von deutlich über 40 stabil verarbeiten.\nKosten und Energie Über eine Nutzungsdauer von fünf Jahren gerechnet machen Energiekosten in etwa die Hälfte der Gesamtkosten eines Rechners aus - für einen Hyperscaler ist das ein so intensiver Kostenfaktor, daß sie aus wirtschaftlichen Gründen seit mehr als 15 Jahren intensiv die Energieaufnahme ihrer Rechenzentren in allen Punkten optimieren.\nDas ist der primäre Grund für das Open Compute Projekt (OCP) und die Bauweise der Hyperscaler-Rechenzentren. Für Hyperscaler lohnt dies, weil das der Kernbereich ihres wirtschaftlichen Handelns ist.\nDazu kommt, wie in der Leseliste dargestellt, daß alle Hyperscaler (bis auf Amazon) bereits 100% graugrün sind, also zu großen Teilen bereits auf tatsächlich regenerativer Energie laufen und den Rest mit Zertifikaten kompensieren, und obendrein sehr nah in der Zukunft liegende Ziele haben, was komplett grünen Betrieb und Überkompensation angeht. Speziell Google ist ein sehr großer Investor in Wind- und Solarkraftanlagen, Netflix überkompensiert bereits jetzt, ist also Carbon-Negative.\nFür ein Firma, für die der Betrieb und die Skalierung von Rechenzentren und ihrer Hardware nicht der Kern ihres wirtschaftlichen Handelns ist, ist es ausgeschlossen hier mitzuhalten.\nOder wie Ramesohl es formuliert:\nEs ist einfach so, dass eine gewisse Skalierung zu großen Vorteilen führt, die dann wiederum über eine Wettbewerbsfähigkeit im Markt die Marktposition stärkt und damit den Marktanteil erhöht. Das ist ein selbstverstärkender Effekt. Hinzu kommt, dass diese Akteure in der Lage waren, zu investieren und sich damit ein technologisches Know-how aufzubauen, was wiederum im Umkehrschluss ihre Marktposition stärkt.\nDas ist richtig, dass gerade bei den großen Playern entsprechende selbstdefinierte Nachhaltigkeitsziele vorliegen. Das sind teilweise sehr ambitionierte Pläne, die versuchen, die Emissionen, die im Laufe der Unternehmensgeschichte bisher aufgelaufen sind, rückwirkend zu kompensieren.\nBandbreite und Energie Ramesohl sagt auch:\nDa geht es um die Frage, ob jede Internetwerbung eine Autoplay-Funktion braucht, also abspielt, wenn ich nur über die Seite scrolle. Das erzeugt nämlich ein enormes Datenvolumen. Oder die Frage, ob alles standardmäßig in höchster Auflösung gestreamt werden muss, wenn es auf einem kleinen Bildschirm angeschaut wird.\nDahinter steht die Fehlmeinung, daß eine Netzwerkinfrastruktur mehr Energie benötigt, wenn Daten übertragen werden. Das ist nicht der Fall.\nSo wie eine Festplatte oder RAM nicht schwerer werden oder mehr Energie verbrauchen, wenn Daten darin gespeichert werden, so braucht ein kabelgebundenener Netzwerklink nicht (wesentlich) mehr Energie, wenn Daten übertragen werden.\nRAM und Festplatten brauchen (mehr) Energie, wenn Daten geändert werden, also Bits gekippt werden.\nUnd kabelgebundenene Netzwerkinfrastruktur überträgt immer Daten (Trägersignale), auf die die Nutzlast dann aufmoduliert wird. Das wiederum braucht im Vergleich zur Grundlast des Netzes (das Senden des Trägers) kaum Energie. Anders sieht es bei Funkverbindungen, also Datenübertragung via Mobilfunknetz aus, dort wird der Sender komplett abgeschaltet, wenn er nicht gebraucht wird, um das Spektrum frei zu halten.\nSpeziell bei Glasfaser ist es so, daß man die Bandbreite zudem mit nur wenig mehr Energieaufwand um Größenordnungen hochdrehen kann, wenn man will - durch den Austausch der Laser kann dasselbe Medium in der Kapazität verzehnfacht oder verhundertfacht werden ohne signifikat mehr Energie zu verbrauchen.\nWas tun wir mit all dem Compute Am Ende ist es eventuell eine gute Idee, nicht nur genauer hin zu schauen, wo Rechenzentren stehen und wie sie designed sind, sondern was mit den Megawatts gemacht wird, die dort verwendet werden. Auf diese Weise bekommen wir eventuell Bitcoin weg gebombt. Das wäre schon einmal sehr wichtig, denn hier wird Energie in der Größenordnung ganzer Staaten in sinnlosen Berechnungen (\u0026ldquo;Proof of Work\u0026rdquo;) verheizt. Und nein, das kann man nicht ändern, PoW kann nicht sinnvolles berechnen.\n","date":"2020-11-01T00:00:00Z","href":"https://blog.koehntopp.info/2020/11/01/rechenzentren-und-ihren-stromverbrauch-regulieren.html","tags":["lang_de","computer","data center","energy","cloud","climate"],"title":"Rechenzentren und ihren Stromverbrauch regulieren"},{"categories":null,"content":"Sometimes things change in a way that is hard to put a finger on, but I am doing this MySQL thing since 3.23, and commercially since 2005, and the environment is changing. These days, when you talk to people in need of MySQL, the first thing you have to ask them is \u0026ldquo;Which MySQL\u0026rdquo;. And by that I do not mean a version number in the first place.\nThe answer may be:\nAWS RDS MySQL AWS RDS MariaDB AWS Aurora MySQL Community Edition MySQL Enterprise Edition MariaDB and now, new, MySQL on Oracle Cloud. The answer to this question, usually qualified with a version number, decidedly influences what is available in features, access, performance, and what is usually the root cause for problems.\nNot only in support, but also in application design, scaling limits and many more things.\nSpecifically:\nAurora V1 limits you to MySQL 5.6 features, and V2 to what was available in 5.7.12, four years ago. You scale automatically, and in some cases far beyond what is available on a single machine, but specifically performance behavior is very different from regular MySQL. Not only is the storage layer completely different, but Aurora has also ripped out and rewritten certain features (such as GIS), so it\u0026rsquo;s essentially a completely different database that happens to speak MySQL protocol. RDS nominally supports 8.0, but 8.0 is decidedly a second class citizen in RDS. Since the majority of all new MySQL deployments are likely RDS deployments, this holds back the pick-up of 8.0 as a target for application developers considerably. Some features are only available in Enterprise Edition, even when you run on your own hardware, but they cannot be language features, exposed to developers (for the same reason as above - nobody would target them), so the difference between CE and EE can only be operational. There it can be substantial. MariaDB, see Aurora, is now a completely different database that happens to speak the same wire protocol. The amount of special casing in my workplaces database management tooling makes that very clear: Internal logic, status and control variables, even the way replication works, is all quite different. It is easier to treat it as a completely different thing than to special case MySQL/MariaDB all the way through the codebase. Oracle cloud will most likely try to differentiate itself with cloud-only features the same way Aurora does this. On the other hand, with applications running in AWS, will you send SQL queries across the internet to your Oracle cloud database instances and eat all that latency? Worse, will your Enterprise go through all the interdepartmental overhead to certify another cloud for use, just to run database instances that AWS also has (minus some features, but for which AWS likely has other, specialized services)? What happens instead: At work, our application runs on MySQL.\nBut the number of 3rd party products that drop MySQL support (not Oracle MySQL support, but \u0026ldquo;all MySQL, so also not MariaDB\u0026rdquo;) is growing.\nThey all move to Postgres, to the point where it becomes necessary to make AWS Postgres and local Postgres officially managed targets for supported deployments in our Enterprise.\nOr, shorter, the triangle AWS-Oracle-MariaDB presents too fragmented a front, a frenemy experience, and is losing a lot of developer mindshare because of that.\nThat makes me very sad.\n","date":"2020-10-28T00:00:00Z","href":"https://blog.koehntopp.info/2020/10/28/mysql-ecosystem-fragmentation.html","tags":["lang_en","mysql","database"],"title":"MySQL: Ecosystem fragmentation"},{"categories":null,"content":"Sven Geggus trolled me . A bunch of nerds were speaking about what\u0026rsquo;s wrong with biking in Germany, and he wrote:\nTweet : Der @isotopp wohnt doch in Holland. Wo sind denn bei euch die Vorfahrtsregeln anders und könnte man da was sinnvoll für .de übernehmen? \u0026ndash; @isotopp is living in the Netherlands. So how is the right of way different and how could .de learn from this?\nBiking in the Netherlands does not suck, and that is not because of any specific traffic rules being any different, but because traffic is fundamentally different, and that somehow escalated.\nIt starts here:\nThe OSHA hierarchy of mitigations.\nThe OSHA hierarchy of mitigations for safety risks, as shown here and approximately everywhere else where workplace safety and risks are discussed also applies to traffic risks. Of course.\nEliminate - build car free cities. Substitute - build better public transport. Isolate - build bike paths that are completely intersection free with car traffic. Engineer Controls - build intersections with barriers, traffic lights. Build speed bumps into streets that destroy shocks of speeding cars. Administrative Controls - install warning signs, train bikers to avoid cars. Change right of way rules. Personal Protectice Equipment - require bike helmets and high viz vests. How it came to be There is the famous Guardian article that explains the history of Stop De Kindermoord and there is the video Namens De Kinderen Van De Pijp, 1972 that tries to explain and to capture the amount of outrage in the Netherlands in the early 70\u0026rsquo;ies regarding the destruction of the urban environment created by a car culture.\nThere is the infamous Plan Jokinen , which would have completely destroyed the old town of Amsterdam (which is now a Unesco World Heritage Site) and replaced it with a giant tumor of highway intersection, killing the city completely. Its realization was averted, thankfully.\nOther cities were less lucky, and took heavy damage.\nUtrecht Catharijnesingel was destroyed and turned into an Autobahn. It took more than 40 years to restore this part of the city to something not insane. Article at Bicycledutch .\nIn Amsterdam, the same story is told, slightly differently. We have Vijzelbuurt is changing here in this blog, explaining the construction of De Rode Loper as an extension of the Metro 52 construction. At station Vijzelstraat, the room between the street and the very deeply located metro station is now turned into a parking garage. On street parking will be dialled back or completely removed, and people that still want a car can rent space down there - but it will of course cost substantially.\nThis is systematic:\nThe city of Amsterdam is about to remove 10.000 parking spaces inside the inner city. Video Do you want to read more? I have a Twitter List for that .\nWhat we currently are seeing in the Netherlands is the result of a fight. It took more than 10 years from the 1972 De Pijp video and the Stop De Kindermoord Die-Ins to visible, rideable biking improvements. That was 40 years ago, and when you ride through the Netherlands you can roughly see the decade the bike infrastructure was built when riding it. There have been learnings and improvements all the way.\nGermany, right now, is building 1980\u0026rsquo;ies bike lanes, on a NL scale, using paint on streets. There is no physical separation, there are zero improvements in intersections. And that is the core of the problem: The critical parts are the intersections, see the OSHA hierarchy above, this is where people die.\nAnd you cannot improve intersections with paint. You need an excavator.\nOSHA #3 - Isolate - avoid intersections Let\u0026rsquo;s bike from Hoofddorp Floriande to Vijfhuizen, and have a look at the scenery. Here is the video:\nVideo Some key points:\nWe never really interact with car traffic, barring one situation near Spaarne Gasthuis, and even that could have been avoided choosing one bike lane to the left. We never interact with any of the two national streets (N201, N205). We have a tunnel and a bridge for bikes instead. Typical bike lane in Hoofddorp. The bike path is segregated from any car lane, and is bi-directional. Cyclists can ride two-up side by side, and talk.\nUnderpass under the N201. The N201 is a multilane national road. It could have been a crossing with a traffic light, but building an underpass removes all risk to cyclists from cars.\nThe same spot, as seen by a car driver. The bubble indicates where we emerge from under the road, passing the underpass.\nLater we pass over the N205, across the bike bridge. Underneath are 2x2 lanes of the N205 and the 2x1 lane of the reserved bus lane.\nThis is not an unusual trip in the Netherlands. In another article in this blog, we cycle shopping , and the experience is much the same. We never interact with cars.\nBut these bike paths are empty! \u0026ldquo;But, Kris! All these bike paths are always empty!\u0026rdquo; Yes, they are. It\u0026rsquo;s awesome. You get to ride at your own speed, and without disturbance. It also is a great example that shows how incredibly space efficient bikes are, compared to cars. In fact, how incredibly space efficient anything is, compared to cars.\nPrinzipalmarkt, City of Münster, Germany. 60 people are shown when using cars, using a bus and using bikes.\nUsing cars means you use 20 sqm of space when parking, 140 sqm of space when riding. Using a bike, you are using 2 sqm when parking, and 5 sqm when riding. Because cars are so incredibly wasteful with space, car lanes look full . We simply cannot afford to have cars where many people live, that is, we cannot have cars in cities.\n\u0026ldquo;But, Kris! Can you prove that bikes are used in the Netherlands?\u0026rdquo; Sure, let\u0026rsquo;s go places.\nVideo - a look at Haarlem Station and the bike parking underneath.\nThis bike parking is only a fraction of the bike parking. There is more inside the train station building and there is a multilevel bike parking at the back of the station. All of them are as full as this underground bike parking.\nThis is not the exception, this is the rule. Rush Hour in Amsterdam is horribly busy. It looks like this:\nVideo - Rush Hour in Amsterdam.\nSimilar:\nAmsterdam in Rain , Thomas Schlijper is an awesome chronicler of Amsterdam street life in video and photos. Paris in 2020 , again by Schlijper. This is Anne Hidalgo\u0026rsquo;s legacy, completely transforming the city of Paris from a gridlock hellscape back into a liveable city by pushing cars out. But there is no room in our city \u0026ldquo;But, Kris! This may work where you live, with wide streets and much room and many trees, but not in our crowded and narrow city. We have no room to segregate traffic!\u0026rdquo;\nTweet - Marco Groenewege contrasting a major city artery in Germany and the S107, a major Amsterdam artery, and of comparable size. The dutch street separates traffic types, makes impossible for cars to leave the lane and overtake, or abuse or block the tram. Area use of both constructs is comparable, one is much safer.\nThere is room in every city.\nYou get it by taking away space from cars.\nThen people do no longer die.\nThis is the whole secret.\nAmsterdam, Hugo De Grootplein - click for Streetview. The S105 artery crosses right to left. A roundabout is cut in two by tram tracks, and cycle traffic has to be routed through, safely.\nAmsterdam, on S105 - click for Streetview. The residential streets around Hugo De Grootplein are narrow. Many of them are one-way, like this one on the right (exit only). Construction of the street makes it very clear what the situation is and who has priority.\nAmsterdam, inside the one-way street - click for Streetview. The pavement signals that this is a bike-priority lane, in which cars are guests. The direction of car parking indicates that this is a one way street. Parked cars clog the street.\nIt is also clear that the cars do not belong here. Elsewhere they have been removed .\nAgain, we look to Thomas Schlijper\u0026rsquo;s excellent chronicles to see what happens when you remove cars from the urban environment: You get the city back. People can live.\nCities in the Netherlands have room for people, because they made room for people by removing the cars.\nThe Bike is Part of a System It is very important to have a second, closer look at these bike parks at Train Stations and Bus Stops. They are crucial.\nI am 50+, fit, and have a Pedelec. I have few problems riding 22km from a village near Schiphol to central Amsterdam and back. It takes me around 2h to do that, one hour in each direction. The same amount of time as spent in public transport.\nBut the Netherlands build this AAA - All Ages and Abilities. Not everyone can do what I do. So multimodal transport is the rule. You can bike to a train station or bus stop. The design speed is 15 km/h, the design distance is 20min or less - so within 5 km radius you are supposed to be able to jump onto public transport.\nAt the OV point, you will find bike parking. Covered at Bus Stops, covered, guarded and often with a bike repair shop in Train Stations. You jump on the Openbaare Vervoer (OV, Public Transport) using the chipcard : All transport in the Netherlands can make their own tariff and zones, but the collection is unified with the Chipcard. That means: One ticket for the entire country, one method of billing.\nAt your destination, OV fiets is likely to be available - there are more than 300 stations all across the country where you can have this. This is a public transport bike that can be rented using the same train ticket.\nIt costs € 3.85 per 24-hour period to use an OV-fiets. If you keep the OV-fiets for more than 24 hours, you will be charged for an extra rental period (up to 72 hours). After 72 hours, you will incur an additional charge of € 5.\nIt is not expensive at all.\nGetting to an OV station by bike means the catchment area of these stations is around 10x larger than on foot. That means the stations can be further apart. That means the Bus or Train has to stop less often. Than means it goes faster, a lot faster actually - especially true for trains. That makes public transport way more attractive. That makes more people use the bike/public transport combo.\nThe public transport in the Netherlands is purposefully designed to enable this.\nAnd it is well tracked: Where is my OV? - live tracking for public transport in the Netherlands.\nSo how popular is this?\nPDF of the Cycling Facts and Figures 2018. The Amsterdam City Cycling Policy has links to the Mobility Plan for 2030 and the Long Term Cycle Plan for the City. All of this illustrates\nthis is desired this is policy this is no accident this is hard work, stakeholder management, long term planning and urban development There is a pretty nifty video Invisible Bike Infrastructure of the Netherlands by \u0026ldquo;Not Just Bikes\u0026rdquo;, which explains how this came to be and how this is not an accident.\nAnd the best thing is: This is engineering. That means, it can be reproduced, taught, adjusted and ported into your urban environment. There is CROW , which is the private engineering partner organisation for Dutch city planners. They have documentation in German, English, Dutch and other languages, they have classes and they have people that you can pay to do the work for you - depending on your cities needs and preferences.\nOSHA #4 in German: Safe intersections discussed For Germany, there is \u0026ldquo;Darmstadt fährt Rad\u0026rdquo;, which has german languge article series on dutch protected intersections , explains how protected intersections work , and also refutes the Tagesspiegel article .\nBicycleDutch has a german video explaining how things work in the Netherlands.\n","date":"2020-10-22T00:00:00Z","href":"https://blog.koehntopp.info/2020/10/22/safe-biking-its-not-the-right-of-way-thats-wrong.html","tags":["lang_en","cycling","mobility","netherlands"],"title":"Safe Biking: It's not the right of way that's wrong"},{"categories":null,"content":"Ok, so the title is a bit of an exaggeration, I am about 80% done with the main games quests. Still, the shape and feel of the story is firmly established and it is fascinating. I have some 110 hours in \u0026ldquo;Assassins Creed: Origin\u0026rdquo;, and some 65 hours or so in \u0026ldquo;Assassins Creed: Odyssey\u0026rdquo;.\nYou can play \u0026ldquo;Assassins Creed: Odyssey\u0026rdquo; as Alexios or Kassandra, and the change is permanent for the playthrough for storytelling reasons. My recommendation is that you play as Kassandra, see below.\nThe Assassins Creed series of video games are like \u0026ldquo;Prince of Persia\u0026rdquo;, from which they descended after Ubisoft lost the license to the backstory, but with plenty of conspiracy theory added.\nFor those who never played: Two secret opposing forces battle throughout the history of humankind: A faction that represents order and collective control, under changing names (\u0026ldquo;Cult of Cosmus\u0026rdquo;, \u0026ldquo;Abstergo Industries\u0026rdquo;, \u0026ldquo;The Order of the Snake\u0026rdquo; and many other names), and one representing self-determination and individualism, the Assassins. The battle is usually over some magical science artifact which has been manufactured in the deep past by the creators of humankind, the Isu .\nGameplay revolves around a number of main and side quests, which can be solved by going somewhere, climbing something, and stealthily mudering everone between the character and the objective. The game is bloody, but has an option to turn off gore. With gore off and in easy mode, it is a lot like playing an dumb action movie, only around 20 times longer in runtime. There is a lot of very nicely done storytelling which allows for casual exploration of the time period depicted and the historical background.\nCompared to \u0026ldquo;Origin\u0026rdquo;, \u0026ldquo;Odyssey\u0026rdquo; feels weirdly paced, and somewhat off. This is in part because of the map:\nAssassins Creed maps are like dioramas in a museum, vastly shrinking the real world distances. The map in Odyssey is around 16 x 16 km in size, giving you a minified Aegean to play around in.\nBecause the game is set in ancient greece, the map is a part of the Aegean sea, and there are plenty of islands and sea surface. Travel between islands is by ship, and ship gameplay has a very different rhythm than island gameplay. Also, especially in the early game (on Kephalonia and in Phokis), the usual strategy of doing sidequests to always be 2-3 levels above opponents hardly seems to work, if you are used to how Origins works. Only after you learn to find timed quests and the message board, you will find XP sources. Similarly, you need to find out that \u0026ldquo;?\u0026rdquo; locations do not automatically show up on the map, and you have to explore for them to become visible.\nAlso, Odyssey uselessly scales up: If you are more than a few levels ahead of a region, the game will increase opponent levels \u0026ldquo;to keep up the challenge\u0026rdquo;. Fuck that, if I wanted that challenge, game, I would have been there earlier.\nBut anyway, once you are out of Phokis, and past the Thermopylae, things get more structure and yet, still, the game feels weird. And what is off is\u0026hellip; the story. In a good way, though.\nKassandra, in her natural environment.\nSo how is the storytelling off? And why is this good? The Heroes in Assassins Creed usually do not choose to be heroes, they are not Heroes in the sense of The Hero\u0026rsquo;s Journey . Their journey does not \u0026ldquo;begin in a situation of normality from which some information is received that acts as a call to head off into the unknown\u0026rdquo;, they do not choose to go off on adventure. Instead they experience loss, and then are forced to act.\nAlso, the other stages of the Hero\u0026rsquo;s Journey are not actually realized in the storytelling. For example, in \u0026ldquo;Origins\u0026rdquo;, Aya is not \u0026ldquo;The Woman as the Temptress\u0026rdquo; which must be resisted or is killed in order to motivate the Hero. Instead, Aya is Bayek\u0026rsquo;s partner, and in fact the actual organising force behind the funding of the Assassins Organisation.\nAlso, \u0026ldquo;Origins\u0026rdquo; Bayek does not fit the template of the lone hero who is fighting his way through ever more powerful obstacles until he is completely alone and unfit for civilisation. Instead, he becomes funding member and part of an organisation that tries to represent one human virtue and ideal, and not even the leader of this - Aya-Amunet is filling that role. There is no Apotheosis, no Ultimate Boon.\nBut there is another matching monomyth that fits better: The (VLS version of the) Heroine\u0026rsquo;s Journey , and both \u0026ldquo;Origins\u0026rdquo; and \u0026ldquo;Odyssey\u0026rdquo; match it much better than the \u0026ldquo;Hero\u0026rsquo;s Journey\u0026rdquo;. Together with the superior acting of Kassandra\u0026rsquo;s Voice Melissanti Mahut it is the reason why Odyssey is so much better when you play is as Kassandra.\nIn \u0026ldquo;Odyssey\u0026rdquo;, the hero(ine) is forced out of their \u0026ldquo;perfect world\u0026rdquo; through the sacrifical murder of their sibling - the \u0026ldquo;Betrayal\u0026rdquo; ultimately motivates them to go on the Quest, and this is involuntary. Along the journey, they heroine has to make friends, rebuild connections and redefine her own identity through it.\nIn \u0026ldquo;Odyssey\u0026rdquo; this is realized in two ways:\nThere are in-game choices that can lead to family reunification - or make it impossible, for example, by killing \u0026ldquo;The Wolf\u0026rdquo; for his crimes. And there is the ship\u0026rsquo;s crew, which can be made up by Epic heroes we connected to in side quests, by making the right choices. These are even rendered as specical characters, instead of generic character models. There are skills we aquire in game that allow us to call friends as assists in battles, and there are other game elements that fit the Heroine\u0026rsquo;s Journey much better than the Hero\u0026rsquo;s Journey. So a lot of the gameplay in \u0026ldquo;Odyssey\u0026rdquo; is not about going it alone as a lone hero, but about re-unifying the family, and about building a new group, the ships crew, by making friends along the way. Both are Heroine\u0026rsquo;s activities, not Hero\u0026rsquo;s activities according to their respectice monomyths.\nWhile you can play \u0026ldquo;Odyssey\u0026rdquo; as a Hero\u0026rsquo;s Journey, you can also play it as the \u0026ldquo;Heroine\u0026rsquo;s Journey\u0026rdquo;, and many of its part make a lot more sense and are more fun, if you do. Also, this is quite ironic, given that you play essentially a Ninja , which according to Robin Laws is a guarantee to be boring to any RPG party, because you play alone and separate from everybody else - except that in \u0026ldquo;Odyssey\u0026rdquo;, this particular Ninja\u0026rsquo;s story is all about (re-)building groups and becoming part of something.\nAssassins Creed: Odyssey , Ubisoft, 59.99 Euro.\n","date":"2020-10-19T00:00:00Z","href":"https://blog.koehntopp.info/2020/10/19/fertig-gespielt-assassins-creed-odyssey.html","tags":["review","gaming","media","lang_en"],"title":"Fertig gespielt: Assassins Creed: Odyssey"},{"categories":null,"content":"Back when I was still commuting to work in an office, in the far past, I used to be in the Spaces building in Vijzelgracht in Amsterdam, every day. Mark Wagenbuur of BicycleDutch has been there today, and tweeted :\nAmsterdam is changing dramatically. I was in Vijzelstraat for the first time in about 2 years and I was pleasantly surprised! Looked up the old situation in Google StreetView for some before and afters.\nHe also linked to an image from the Stadsarchief where the situation in 1987 is shown.\nThese works are documented on the City of Amsterdam website , which also has a page for the Vijzelstraat: herinrichting .\nThe desired end state for the space in front of Spaces, Vijzelstraat 66.\nThe works are part of Project Rode Loper , which is the renewal and redesign of all urban space on top of the new Noord/Zuidlijn, Metro 52, after the completion of the Metro works in 2018. The Vijzelstraat works are the conclusion of this project.\nThe City of Amsterdam has a fabulous video channel on Youtube, Het Verkeer , which announces and explains all street works and renewal. The Vijzelgracht project of course also has a video .\nVideo announcing the Vijzelstraat works.\nInterestingly there are two more projects active that match and extend the Rode Loper in this area:\nVijzelgracht: afbouw Vijzelgrachtgarage - The City is building a paid-for underground parking garage in the space between the metro station Vijzelgracht and the street level. This will provide paid-for parking space for 270 cars, similar to the Parkeergarage Museumskwartier, which is serving Frans-Hals-Buurt.\nVijzelbuurt: parkeerluw - Matching the extremely successful conversion of Frans-Hals-Buurt (around 500m north of Vijzelgracht), free and paid-for on street parking is almost completely removed, freeing up public space for fietsers, pedestrians, playing children and city green. The change will affect two local neighborhoods, Weteringbuurt and Noorderbuurt. The city has local consultations with the people living there right now.\n","date":"2020-10-08T00:00:00Z","href":"https://blog.koehntopp.info/2020/10/08/vijzelbuurt-is-changing.html","tags":["lang_en","mobility","amsterdam","netherlands","work"],"title":"Vijzelbuurt is changing"},{"categories":null,"content":"At work, replication chains have a single primary database node, to which you write, and then multiple replicas, in multiple AZs.\nHere is what the one sample chain looks like in Orchestrator:\ninstance-918d is the current primary, in the blue AZ. Replicas in orange and green are in other AZs. Blue badges indicate multiple replicas, eg (38) means 38 machines.\nWhen you talk to a database, you get two database handles:\nA write-handle which always points at the primary, here instance-918d currently, and a read-handle. The read-handle should be in the same AZ as your client application, and should be selected randomly from the available replicas for reading.\nWe also have other replicas, for cloning, to make more replicas, and for example time delayed replicas to correct accidental data deletions and other Oopses quickly.\nMachines that are available for reading are organised in “Pools” per AZ. Many replication chains have only one Pool, “\u0026lt;name\u0026gt;-misc”, but some replication chains also have additional pools for workload isolation. For example, some chains have “\u0026lt;name\u0026gt;-slow” pools, and you get a third handle, to which you are supposed to send slow queries that cannot be optimised.\nOther chains are shared between different applications, and in order to prevent crosstalk we have different pools, so that your \u0026ldquo;application-xml\u0026rdquo; queries do not mess with the regular “application-misc” queries. You are still using a “application-ro” handle, but it is non-overlapping between XML and normal application clients.\nIn any case, we run automated capacity tests on each pool, and then adjust pool sizes as needed. We also report to ourselves on that. Sometimes that report is interesting:\nThe example-misc pool changed target size from 3 to 16 in the night of 05-Oct, which is a 433% increase.\nThe minimum pool size is three, for redundancy reasons. The example chain is not busy, ever, and the pool size should never exceed three.\nDBA Operations talk to the customer: “I am reaching out to you because you are currently designated as owners of one or more of the database schemata in the example database chain. The schemata in question are \u0026lt;list\u0026gt;.\nStarting yesterday, the example chain (and, specifically, its example-misc pool) has seen a significant increase in load, mostly in the blue AZ, as shown here:”\nMySQL \u0026ldquo;Threads Running\u0026rdquo; going through the roof, load testing reports diminished capacity, and we ready more instances. The world is safe again! Or, is it?\nSo we detected an increased number of threads running, and that led to a general reduction in the capacity, and that requires MOAR MACHINES! Yay! So our bots threw more machinery to ride the load wave and that kept us afloat for the moment.\nIs that the story? It is not.\nA mysterious mystery Humans descend on the problem and look. What are the machines in the pool, currently? Well, if you have the privileges, you can check with our roster tool:\n$ sudo roster-tool list /persistent/pools/example-misc/az-west1-a 0be2b240a6964a338f0a65f22a2bb09d-example-2016.dc1.prod.example.com 421e3f5c81914082b26f93cd096c4d25-example-8050.dc2.prod.example.com 95624c835c454bbb8ad10a2eb728f66a-example-8051.dc2.prod.example.com afc7bd521a5c404582645d89598269d3-example-2015.dc1.prod.example.com e5724da64f134c34810f48211f5b777c-example-2014.dc1.prod.example.com So let’s have a look at example-8051:\nThis box is terribly idle. For 18 hours, it was slightly less idle.\nThis box is terribly idle. It has 16 cores, 32 threads, it can do 32 things concurrently on a good day. Running MySQL, it usually becomes flaky at a 1m load average of 24, because we have web loads that are having very many short term variations, so “1m average of 24” really means “anything between 12 and 40”, if you look at things in 0.1s intervals.\nWith a target load of 24, and headroom for failover, the limit is 12 - but it will be flaky in degraded state then. We usually aim for a load of 8-10 on our boxes. For this database pool, we could do with one box instead of three in normal times, but three is the administrative lower limit for redundancy and resilience.\nNothing is busy, but we don’t have capacity During the incident it was higher, but not much. Yet, the capacity test returned a much diminished capacity and grew the chain by a factor of more than 4. Clearly, this is not load, but something else.\nLet’s look at a few metrics for the time between 04-Oct, noon and 05-Oct, 6am. We want to know if we can see more action than the CPU thing. Let’s check the network:\nNope. No action on the network.\nAnd the disk:\nWe see few writes, and almost no reads. This is a memory-saturated database.\nWe see very few disk writes (a few hundred writes per minute), and almost no disk reads. This is a database with the working set residing in memory, and queries are resolved without disk reads.\nThis makes a very low query latency, and also means that the database can really only bottleneck on Networking or CPU. Now, a MySQL is very hard to bottleneck on Networking - I have only ever seen this happen twice.\nSo whatever is happening and limiting us is a kind of CPU problem. Likely not a CPU saturation problem: We would see load \u0026gt; 20 for this, and we are very far from that. That means it is likely to be a per-thread CPU problem.\nWhat could cause CPU saturation? CPU saturation on a database can in my experience have very few and easily detectable causes:\nA frequent query running from memory with no index: full table scans from a memory resident table. No disk I/O, loads of memory reads. This is a badly designed table with a missing index, masked by good memory performance until the CPU is completely eaten up and the box goes down. Add the missing index to fix. A frequent query doing a lot of sorting in memory. Data is not requested in index order, so it needs to be re-sorted before given to the client in order to satisfy an ORDER BY clause. Can also be caused infrequently by weird GROUP BY clauses. Fixed by sorting in the client, if possible, or by finding a better index so that data is returned in index order, which is designed to match the sort order. A system is offloading computation into the database using stored procedures. This is the worst possible design, and easily fixed by nuking the entire site from orbit, starting over from scratch at a new site. All of these cases would create a lot more load than we see, so it is none of that.\nQuery workload? What else stands out?\nQueries/s stable, Select/s looking normal. A slow query \u0026ldquo;spike\u0026rdquo; of very few slow queries.\nThe query load did not change, the capacity did. This is getting more mysterious by the second, but I think I know the smell. See that slow query “non-spike”? We have had slow queries, but it could not have been many.\nWhat we know by now So\nsome, very few, slow queries, queries, an unsaturated database, not bottlenecking globally on any base resource a machine load going up by 2 from 1 to 3 (per thread problem, two queries?) long-running We have seen this before , and we have seen it a long time before that as well. Let’s check the undo-log size:\nUndo-Log shark fin perfectly coinciding with the incident.\nWe observe a shark fin in the Undo-Log size that perfectly matches the time span of the incident and the increased CPU time.\nWe knew this is bad We know from MySQL Transactions - the physical side what the Undo-Log is and what it is being used for: It’s keeping old versions of a row so that a transaction can have a stable read view preventing phantom reads.\nWe learned in MySQL Transactions - the logical side how the Undo-Log is consulted, depending on the transaction isolation level setting of the reading connection. Go to that article now, and read the section on “Repeatable Read and Long Running Transactions”, now.\nThe part where it says:\nStarting a transaction at the default isolation level will force the Undo-Log Purge Thread to stop at the position of our read view. Undo-Log entries will no longer be purged, filling up and growing the Undo-Log. Reads and Index Lookups become more complicated and slower, slowing down the overall performance of the database.\nSo it may be long-running transactions.\nProof How can we prove that?\nAnd this is where metrics end, and observability starts. We would need a flight recorder that takes a snapshot of the database activities in regular intervals and keeps the data for some time so that we can look at non-numeric, non-aggregated detailed system stats from the past.\nThis is such an obvious pressing need that Simon Mudd wrote a script to do that in the deep, dark past long before the term “observability” even existed.\nIt runs every minute, and collects system hardware stats, MySQL processlist and other data, and stashes them compressed in a ring buffer in /var/log/mysql_pl/\u0026lt;weekday name\u0026gt;.\nIn an age of bare-metal machines and all devs having production access you log into a database, cd into that directory and grab a random snapshot from the incident interval:\n/var/log/mysql_pl/Sun $ xzcat 23_48.innodb.xz \u0026gt; /tmp/kris /var/log/mysql_pl/Sun $ vim /tmp/kris /var/log/mysql_pl/Sun $ awk -F\u0026#39;\\t\u0026#39; \u0026#39;($5 != \u0026#34;Sleep\u0026#34;) \u0026amp;\u0026amp; !match($7, /Waiting for/)\u0026#39; /tmp/kris | less With a text editor we isolate the processlist recording from 23:48 on 04-Oct. We then use Unix Tooling to look at all non-sleeping connections that are also not idle replication connections.\nThis yields indeed two interesting queries: Both show a cronjob=reserve_projectname_upsert_transaction_ids running on cronapp-39.dc2.prod.example.com and on cronapp-02.dc2.prod.example.com, with runtimes of 16220 and 22170 seconds.\nThere are indeed two long-running queries, coinciding perfectly with a load increase of 2, and they are easily identifiable cron queries. They run from two different hosts, with the same cron banner.\nI have no idea what that job does, but we are looking at a SELECT statement in REPEATABLE READ isolation that has a run time of multiple hours, and unsurprisingly an Undo-Log escalation. That leads to slow query performance and reduced capacity for all things, including the capacity test, and a changed target size for the pool.\nWhat we can learn from this Besides the obvious, that is, fixing that cron?\nWell, there is a moment in time in incident analysis where you need to pivot from identifying timeframes in which the incident happened and machines that are affected to actual instances of the incident in question.\nThis is also where you move from numeric aggregates in a dashboard to textual, structured logging information that actually has to be recorded before.\nThis is what observability is about: The ability to do this pivot easily, within one system, without special privileges, with proper tooling, in distributed systems, at will, without access to the actual box.\nWe don’t have observability. We need to get better at this. Go, follow Charity Majors on Twitter .\nWith such tooling, we need to connect what we teach with actual incidents that show how the teachings connect to real world cases.\nWhich is why I am typing up this thing, right now and link to the actual write-ups that enabled me to show you this. Go, read these things again, please, in the light of this particular episode.\nYou know in your head what \u0026ldquo;Undo-Log\u0026rdquo; means. Here you can understand what \u0026ldquo;Undo-Log\u0026rdquo; feels like. Go, touch the candle .\nWe have all the tooling, but it is from a different age. An age where people either routinely had access to production or sat next to a DBA in an office and could easily get at all the metrics. Observability by shell script on a root shell is a thing we have in abundance, because that was enough in that time and age.\nWe do no longer have access to root shells in production, and in the age of anything as a service not even to shells.\nObservability as taught by Charity Majors is your trusted printf(“Checkpoint: I am here.\\n”); or your Fred Fish Dbug Macros brought into the 21st century age of distributed services , and the tooling to create metrics from events, and then slice and dice that in any dimension without having a privileged shell on the broken system.\nSo yeah, let’s upgrade.\n","date":"2020-10-07T00:00:00Z","href":"https://blog.koehntopp.info/2020/10/07/an-unexpeced-pool-size-increase.html","tags":["lang_en","mysql","database","erklaerbaer","mysqldev"],"title":"An unexpected pool size increase"},{"categories":null,"content":"Ich schrieb in einem Twitter Thread über Posix Dateisysteme vs. Object Stores :\nUNIX FS ist 1974. BSD FFS ist 1984. XFS ist 1994. ZFS (und Btrfs und Wafl) sind LFS, also 2004. Object Storages, LSM, \u0026ldquo;RocksDB\u0026rdquo; ist ca. 2014, um den Takt zu halten.\nund wurde gefragt: \u0026ldquo;Was kommt 2024\u0026rdquo;. Meine halb spöttische, halb ernst gemeinte Antwort war:\nIrrelevant.\n2024 läuft Dein Code serverless bei einem professionellen Betreiber und vom lokalen System und dem lokalen Dateisystem kriegst Du nix mehr zu sehen außer einer monatlichen Rechnung.\nRein in die Cloud Selbst wenn es kein \u0026ldquo;serverless\u0026rdquo; ist, sondern eine VM oder ein Container: Wir haben dazu gelernt, und sind besser geworden. Deswegen sind aber auch unsere Standards und Anforderungen gestiegen und wir brauchen bessere Umgebungen.\nDie Prozesse und die Technik lokal so aufzusetzen, daß man weiterhin compliant bleibt mit SOX, PCI und PII ist eine ganze Menge Arbeit, die nicht zur Kern-Mission der meisten Unternehmen gehört. Es ist auch ein Investment, das besser in geschäftsrelevante Bereiche ginge. Techniken und Infrastruktur bereit zu stellen, die in einem Amazon-like Environment \u0026ldquo;so da\u0026rdquo; ist wird immer schwieriger und teurer werden.\nEin paar Selbstverständlichkeiten Auf der Minimum-Liste für alle stehen inzwischen Dinge wie\nSingle Sign On und Identity Management (SSO und IAM) Rollenbasierte Access Controls (RBAC) eine PKI Encryption at Rest und Encryption in Flight Administrator Roles mit Segregation of Duties Mandatory Access Controls and Privilege Limits Audit Trails Complance und Audit von all dem Und das ist schon mehr Arbeit als man als Firma mit einem eigenen RZ-Betrieb selbst leisten und erfinden kann. Es ist auch etwas, das so nicht fertig kaufbar und als Produkt installierbar ist, weil es eben nicht nur Technik ist, sondern auch Prozeß und Kultur.\nEs sind aber alles Dinge, die man als Technik in einem AWS Environment oder einer anderen großen Cloud per Default bekommt und zu der es dann auch Unterweisungen gibt, die einem Best Practices und funktionierende Prozesse nahe bringen.\nDazu kommen dann Dienste, die in einem eigenen Rechenzentrum mühevoll oder teuer zu schaffen sind, die man aber in einer großen Cloud testweise oder produktiv dazu nehmen kann, ohne eigenen Aufwand zu treiben.\nGeocoder Spracherkennung Bilderkennung Integration in eine skalierbare Big Data Umgebung Integration von Eventprozessoren Event Driven Execution (\u0026ldquo;Step Functions\u0026rdquo;), die es auch Nicht-Codern erlauben, Anwendungen durch Zusammenklebeben von -aaS Diensten zu schaffen. Aber das sind nur Beispiele aus hunderten von Diensten\u0026hellip;\nNicht die Mission der meisten Betriebe Das ist etwas, das einer traditionellen RZ-IT nicht zugänglich ist, und das auch unverhältnismäßig viel Kapital, Investment und Personal binden würde, würde man es selbst lokal entwickeln. Schon so etwas simples wie RDS funktioniert besser und automatischer als alle selbstgestrickten DevOps Managementscripte für Datenbanken, die man selbst haben kann.\nDruck kommt nicht nur aus dem Management und aus der Compliance, sondern auch von unten: Die aktuelle Generation von Entwicklern hat nie mit einem lokalen RZ gearbeitet, sondern ist in AWS groß geworden. Sie setzt die Qualität der Implementierung und die Prozesse von Amazon als gegeben und als Maßstab voraus. Sie setzt die Leichtigkeit von Operations und Observability voraus, die für eine Cloud-Umgebung typisch sind.\nDeswegen ist die Zukunft von 2024 mindestens hybrid. Aber effektiv wird kein Betrieb mit einem lokalen Rechenzentrum und reinen IaaS-Angeboten noch groß Stiche holen.\nDas ist einer der Gründe, warum Europa als Technologieraum zunehmend abgehängt ist. Nicht nur viele Politiker und Entscheider verstehen nicht mehr, was in den letzten 10 Jahren passiert ist, sondern auch viele Sysadmins \u0026ldquo;on the ground\u0026rdquo; haben die Veränderung des Entwicklerbetriebes in den letzten 10 Jahren grundlegend verpaßt und können nicht erkennen, welche Gestaltungsdrücke gerade auf ihrer Umgebung lasten.\nDas sehen wir nicht nur in der \u0026ldquo;deutsche Schulen in COVID\u0026rdquo; Videokonferenzdiskussion, sondern auch in der ganzen Klasse von BOFH-Bemerkungen, die aus dem Sysadmin Lager oft kommt. Ich habe dazu vor über fünf Jahren schon einmal was gemacht: Slides: Go away or I will replace you with a very small Shell script - ein paar Gedanken zum Thema Devops (Video von der Froscon Version ).\nDie Frage ist nicht, wie ein lokales Rechenzentrum Rechner betreibt und bereitstellt - das ist ein gelöstes Problem. Sondern welche Dienste sie darauf fertig im Angebot haben, ob diese Dienste mit aktuellen Standard und Anforderungen in Compliance sind, ob sie eine API haben, und sie mit lokalem Tooling integrierbar sind.\nIntegration und Bildung von untereinander abhängigen Systemen Wir sind dabei, von individuellen, frei stehenden und trennbaren Teilen zu integrierten Systemen zu gehen. Das hat Vorteile, weil so Prozesse entstehen und eingeübt werden, die meßbar Qualität verbessern und - wichtiger noch - automatisieren.\nDas ist nicht nur im Bereich Betrieb mit der Cloud so, sondern ist ein größerer Trend, der auch in der Software-Entwicklung sichtbar wird: Entwickler arbeiten nicht mehr mit vi im leeren Editor, sondern haben in der Regel Sprachen mit umfangreichen Bibliotheken und Integrationen im Betrieb. Das hat Folgen.\nIn der Entwicklung: Wenn es keinen JetBrains-Editor für die Sprache gibt, wenn sie von gitlab und github nicht erkannt und ausgewertet wird, wenn sie keinen Dependency-Manager und keine CI/CD Integration hat, dann ist eine moderne Programmiersprache - Entschuldigung - Plattform - Entschuldigung - Ökosystem nicht vollständig und nicht mehr konkurrenzfähig.\nWenn eine Sprache nicht von einschlägigen Security- und Audit-Werkzeugen unterstützt wird, wenn sie nicht bei SonarQube oder ähnlichen auf der Liste steht, wenn sie nicht von Valgrind, Fuzzern und anderen Werkzeugen unterstützt wird, dann hat eine moderne Programmierumgebung in einem Enterprise-Umfeld zunehmend Schwierigkeiten, die steigenden Compliance-Anforderungen im Bereich Software-Entwicklung und Qualitätssicherung zu erfüllen.\nIm Betrieb: Ohne Identity, PKI, SSO, RBAC, Segregation of Duties, Encryption überall, Auditing und enforceable maximum permissions hast Du Compliance Probleme oder wirst sie bald haben. Und ohne eine API für alles, Tooling für diese API, Infrastructure als Code, Codified Practices wie CI/CD hast Du keine attraktive und effektive Entwicklungsumgebung für Deine eigenen Leute.\nDas sind aber Gedanken und Entwicklungen, die in Deutschland an Politik und an Teilen der \u0026ldquo;Informatikschaffenden\u0026rdquo; vorbei gegangen sind, oder belächelt worden sind.\nRaus aus der Cloud Offensichtlich sind Server Wurst. Die Frage ist mehr, was da drauf läuft, welche Dienste und Integrationen bestehen. Das ist mit einem IT-Team von 4-5 Leuten vor Ort nicht sinnvoll zu schaffen, sondern im günstigsten Fall ein blankes IaaS, nicht unbedingt von der guten und vertrauenswürdigen Sorte.\nSchau Dir an, was zum Beispiel Scaleway oder OVH macht, oder 1und1 in Deutschland. Das sind fitte Teams, die eine Menge weg schaffen. Aber deren Clouds sind relativ dienstfreie IaaS-Clouds mit ein wenig Object Storage, und alle größeren Dinge mußt Du Dir selbst auf deren IaaS ansibilisieren.\nDas ist aber der Stand von 2010, nicht 2020. In 2020 ist ein Cloudkunde hinter Diensten her, damit er die nicht selbst betreiben muß.\nEs ist ja nicht nur unwürdig, HPE deren defekte iLOs und kaputte Festplatten-Firmware zu debuggen, sondern man will sich auch einfach ein MySQL oder Postgres klicken können. Oder gar einfach \u0026ldquo;einen KV Storage benutzen\u0026rdquo; und Dein Zeugs in ein Dynamo kippen und Dich gar nicht mehr um Instanzgrößen kümmern müssen, sondern nur noch für Storage und Zugriff nach Verbrauch bezahlen.\nUnd an dieser Stelle kommt wieder die Politik durch.\nArbeitsteilung beruht auf Vertrauen. Vertrauen kommt aus Transparenz und Verläßlichkeit Das funktioniert mit den Diensten nämlich ganz wunderbar in der \u0026ldquo;Arbeitsteiligen Gesellschaft™\u0026rdquo; - wir nennen so etwas Zivilisation. Nur, wenn wir zivilisiert, verantwortungsvoll und vertrauensvoll miteinander umgehen, dann kann man sich selbst die Arbeit mit den ganzen Diensten schenken und jemand anders beauftragen.\nDazu sind bestimmte gesellschaftlichen Bedingungen notwendig, die zu schaffen sind. Wir brauchen ein System von Checks und Balances, internationalen Verträgen und Business Practices, und dann ein System von Kontrollen und Vertrauen in die Wirksamkeit dieser Kontrollen, damit wir zivilisiert cloudcomputen können.\nWenn Du aber einzelne Nation States hast, die technisch gesehen als Attacker da stehen (\u0026ldquo;Nation State Attacker\u0026rdquo;, \u0026ldquo;NSA\u0026rdquo;) und sich das auch so vorbehalten, dann ruiniert das die Geschäftsgrundlage für die arbeitsteilige Gesellschaft, mithin die Zivilisation selbst.\nWenn Du einzelne Anbieter hast, die über die Verarbeitung und Nutzung der Daten nicht transparent sind, oder man den von ihnen vorgezeigten Audits kein Vertrauen schenken kann, dann \u0026hellip; genau dasselbe.\nUnd wenn Du eine Politik hast, die ein Klima schafft, in der das Verständnis dieser Tatsachen geleugnet oder ignoriert wird, dann ruiniert das dieses Konzept schon.\nDas ist genau das, was Gestalten wie Trump, BoJo aber auch von Storch zerstören, wenn sie Isolationismus, Staatswilkür und Ignoranz gegenüber internationaler Ordnung demonstrieren. Das ist aber auch das, was Gestalten wie Audi Scheuer und sein Meister, Imperator Seehofer vernichten, denn solche vorgelebte Unfähigkeit und Korruption saugen der Zivilisation das Rückenmark aus. Das ist dann das, was zu Dingen wie Wirecard führt, zum Dieselskandal und zu Situationen, bei denen ein Volkswagen-Compliancemanager bei der Dokumentation illegaler Geschäftspraktiken auf eine Weise zu Tode kommt, die in jede Netflix-Mafiaserie gepaßt hätte.\nIn so einem Umfeld ist eine Auslagerung der IT an Dritte für Unternehmen ein bedenkenswertes Risiko statt eine Erleichterung.\n","date":"2020-10-05T00:00:00Z","href":"https://blog.koehntopp.info/2020/10/05/it-modernisieren-und-konsolidieren.html","tags":["lang_de","cloud","data center"],"title":"IT modernisieren und konsolidieren"},{"categories":null,"content":"Every once in a while there is the IT news article that kind of triggers me. This time it was \u0026ldquo;Object-Storage-Protokoll könnte Posix ablösen\u0026rdquo; in german computer news site Golem . The article speaks about mmap(), NVMEoF and object storage and how it could revolutionize or complete object storages, but does not link to an original article, names no persons and no paper. Also, what do these things - mmap, NVMEoF, object storage and Posix, even have in common? It is not explained anywhere in the article.\nIn another article But is it atomic? we dive into the internals of the old UNIX V7 kernel, and how design decisions and technical realities from the late 1970ies became immortialized as technical requirements for filesystems in the Posix standard.\nSo Unix is historically grown, and a lot of things have changed since that time. The original file system (for Linux users: \u0026ldquo;mkfs -t minix\u0026rdquo; is the closest thing to that which you might have) is not even used any more anywhere in a modern system. But it is basically what Posix means when we speak about \u0026ldquo;Posix File System Semantics\u0026rdquo;.\nThe basic design is good - I mean, it has held up almost 50 years by now, and that is a fantastic achievement. It even has value in modern systems. But it has been designed for local systems, and it is not scalable to distributed systems very well.\nSo everybody is either cheating or slow. There is GFS2 as an example for slow. There is NFS as an example for hidden cheating (I am looking at you, actimeo, and at you, lockd). And there is \u0026ldquo;Object Storage\u0026rdquo;, whatever that specifically means, as an example for doing things completely differently.\nMutability as The Root of All Evil The biggest baggage Posix has, in terms of distributed systems, is mutable files. You can open a file, fseek() to an offset of 1MB and overwrite a 3MB segment in a 10MB file. I am choosing these sizes and offsets to make it abundantly clear that writes can be large, larger than a network packet, a disk block or other allocation units, and that they can take measureable, non-zero time.\nOne writer per Inode, per time Posix demands that writes are atomic (see link above), and it implemented that originally by locking the (only copy) of the file with a central lock at the in-memory inode of the file. This has multiple effects:\nThere can be only one write active at a time for a file.\nThis already is a problem for local filesystems, when you have a database that wants to write out many concurrent changes to different non-overlapping records in a database file.\nDatabases work around the problem either by defining tablespaces from many small sized \u0026ldquo;.DBF\u0026rdquo; files (Oracle) - 1GB to 4 GB seem to be popular. Or they work around it by foregoing the use of filesystems entirely - using raw disks, at a terrible toil cost for sysadmins and DBAs. Only XFS in O_DIRECT mode will handle this better, by not blocking concurrent writes as long as they are non-overlapping.\nReads never happen concurrently with writes, too. They are either completely before or after the write instead. If they happen after the write, they will never return stale data, but always the most recently written fresh data.\nIn distributed systems, this is very expensive: Imagine a storage cluster with dozens or hundreds of storage nodes and hundreds or thousands of clients. Parts of the file we are about to write to may have been cached anywhere in any cluster node or client to avoid excessive network transfers. These cached copies are now all invalid, because they contain data that has been overwritten with potentially different values.\nBecause reads must not return stale data under Posix, we need to invalidate all of these copies, and - worse - we need to this under a lock to ensure atomicity and fresh reads. So each write (write, not commit/fsync, which can happen much less often) has to inform all relevant nodes with a copy of the data that there is a new write for an extent (offset, length) incoming and wait for the acknowledgement. And then let the write proceed, to wait again to collect the complete acknowledgement of all data nodes that they have the data, and all caches that the have destroyed or updated their cached copy. That\u0026rsquo;s a lot of waiting.\nThis is unimaginably slow, and even worse, should the cluster topology change during any operation - a node taking part in our operation leaving the cluster or similar.\nIf you happen to have two concurrent overlapping writes (write A to node 1 at offset 0, length 3MB, and write B to node 12 at offset 1MB, length 3MB), Posix also demands ordering between these writes - A either happens in total before or after B. You will never end up with an ABABABAB block pattern in the overlap, and again, this can only be guaranteed by locking.\nNothing \u0026ldquo;made\u0026rdquo; Posix specify this, this is just the natural behavior in a single core 1970ies computer when you lock interrupts (spl()) or plock() on an in-memory inode, which then was later officially documented and bless into a standard when the Posix specificationw as written. Our modern computers do not have these properties any more, so we need to make them wait to simulate this.\nIn any case: The combination of Mutability and Strong Read Consistency/Atomic Write Behavior creates a cluster wide locking problem.\nFixed metadata, and synchronous metadata updates Things get even worse when we look at metadata. The set of metadata in a Unix Inode is fixed, and documented in Posix, too. We have the typical Unix access rights (ugo times rwx) and the three second-resolution times (a/m/ctime), and a file length - that is basically it.\nThere is an attempt to extend this, using Posix File ACLs (ACL) and Posix Extended Attributes (xattr), but for example mapping NTFS access permissions to Posix ACLs is complicated - just look at what Samba has to do to get this approximately right. The fact that the Unix notion of a user identity is scoped to a local machine does not help at all - your userid 0 is different from my user id 0 in meaning, and if I am UID 0 on my box I probably should not be UID 0 on yours.\nPosix demands synchronus updates to metadata updates. When you extend a file, this should be visible immediately in the file length, and when you access a file, the atime should update, too. Even on local filesystems this is no longer doable - everybody mounts their Linux disks with a variant of noatime or the other.\nBut while data writes distribute themselves across the cluster, metadata updates do not. They all have to hit the relatively small number of metadata nodes, and this load often crushed metadata servers.\nThe key idea: Immutability Note that all the things we spoke about are lower file system problems - they happen at the level of individual files already, not even going into upper file system, directory hierarchies and path names. That\u0026rsquo;s not even necessary, because as long as the lower file system is not in shape looking up is kind of pointless.\nObject Stores have one single core idea: Files are immutable, maybe appendable (S3 is not, Google GFS and Hadoop HDFS are). The payoff is that we can cache this stuff, because the cache never becomes invalid. Maybe the end of the file is not up to date, but it will be eventually consistent.\nThe file has a Key-Value store with metadata, which can even grow to considerable size, and which is also eventually consistent. With the upper file system we do the same: The entire namespace is one single KV store, in which the key is a binary string that cosplays a path name, and the value is the actual file data (and metadata).\nThis has far reaching consequences: We can talk about \u0026ldquo;Log Structured Merge Trees\u0026rdquo;, why they became popular in database land, and how that plays nicely with Object Storages. Or we can talk about how \u0026ldquo;Event Sourcing\u0026rdquo; favors \u0026ldquo;append only data structures\u0026rdquo;, and how that plays nicely with Object Storages.\nThere is a timeline, and there is progress The original Unix File System is, for the sake of illustration, basically the state of the art as seen in 1974.\nThere are a lot of elementary improvements to this initial idea that we find reflected in BSD FFS, from 1984.\nThe culmination point of these ideas, and structures, can be found in Silicon Graphics XFS, from 1994.\nA completely different way of thinking can be found in Log Structured File Systems , first seen in Ousterhout\u0026rsquo;s Sprite, in the early 1990. But performancewise the original implementation that was a failure: the first successful and performant implementation can be found - made by Oursterhout\u0026rsquo;s students - in Solaris ZFS, and at the same time in NetApps WAFL, which promptly engaged in a legal battle over patents. In parallel, many ZFS ideas are being reimplemented about half a decade later in Btrfs. All of that would put us roughly into 2004, in terms of commercial availability.\nNow, widespread adoption of Object Storages in persistence products, using Log Structured Merge (LSM) Trees, has taken place. We find them in Elastic Search, in Cassandra, in RocksDB and its many applications, and many more. In a timeline, this would put us into 2014-land.\nLFS-like non-overwriting structures are also at the foundation of all of our storage, deep down in the block-simulation layer of flash storage devices, again around 2014.\nOther developments Flash Storage originally appeared as a simulated hard disk, SSD. So we have a PCI bus, on which there is a SATA controller, which connects to the simulated hard disks\u0026rsquo; flash controller, which talks to the flash.\nSSD, NVME, RoCE, and NVMEoF NVME is what we get when we ask the question \u0026ldquo;What purpose does the SATA controller have in this setup, anyway?\u0026rdquo; - except slowing everything down, forcing us to use antiquated SCSI commands and serializing access to the highly parallel flash.\nNVME therefore is a PCI bus, which talks to flash controllers, which talk to the flash, and a revised command set for this. The great innovation is to put away the single disk queue and allow many of these. Which allows us to utilize around 800k IOPS per device, even if a single operation can take as long as 1/20.000th of a second - just go 40-way wide, if you can.\nNow, what if we had a way to speak to a NVME device on a different computers PCI bus as if it were local? That\u0026rsquo;s what remote DMA (RDMA) would enable us to do. RoCE (\u0026ldquo;rocky\u0026rdquo;, \u0026ldquo;RDMA over Converged Ethernet\u0026rdquo;) initially was painful - RoCE V1 was unrouteable raw Ethernet with its own Ethertype. RoCE V2 fixed that, and put the entire stuff into UDP instead, so it was routeable, at least within a single data center.\nTurns out, the value in RDMA is more in the Remote than in the DMA, so when RoCE became \u0026ldquo;NVME over Fabric over TCP\u0026rdquo; (NVMEoF/TCP), it was valuable and useful to have, even if you had an ultracheap Broadcom that did not properly DMA the way RoCE needs it. The resulting access to a remote NVME still was as fast as to a local SSD, or even faster.\nmmap() And finally, mmap() is a Unix system call that allows you to map a file into the address space of a process: when you access a memory page, this memory page is appropriately filled with the content of the file, automatically. Think \u0026ldquo;swap from any file into memory, not just from a swap file\u0026rdquo;.\nFor mutable files, and the kings of mutability, relational databases, mmap() is of little use and has many complexities. Databases need extending files, controlled write-out to persistent storage, not overwriting data because MVCC. Also, different data formats on disk and in memory are actually important to people who transact, and hence mmap() does help very little for most databases. We can talk about \u0026ldquo;Optane\u0026rdquo;, \u0026ldquo;PMEM\u0026rdquo;, and \u0026ldquo;transactional memory\u0026rdquo;, but that\u0026rsquo;s a different lecture for another day.\nMaking an immutable file available read-only in memory has none of these complexities, and is actually very useful and efficient. This is what mmap() is really, really good at - you get clean, discardable memory pages, none of the file extension problems, none of the \u0026ldquo;which pages are written to disk at what point in time\u0026rdquo; sychronisation problems.\nThe idea is so good that Bryan Cantrill actually had it first, and foreshadowed \u0026ldquo;Serverless\u0026rdquo; in Manta . Basically, Joyent starts a \u0026ldquo;Container\u0026rdquo;, actually a BSD \u0026ldquo;jail\u0026rdquo; or Solaris \u0026ldquo;zone\u0026rdquo;, because containers weren\u0026rsquo;t fully invented, yet. It then maps a kind of not-quite-S3 object into it and your code can access this, and emit output results into a new object in the same or a different bucket.\nThe mmap() in this is a nice sugar on top of it, as it makes reads automatic, en-passant and makes I/O minimal. The important fact is that Input and Output are distinguished and the input file is still immutable. Because it is, the munmap() is unimportant - exit() is also a munmap() and since the object is immutable it is unimportant if it stays mapped.\nPutting it all together So you have a page fault and have to get a page from local storage.\nSo why not get it from Ethernet, via RDMA, remotely, from any disk anywhere in your data center? Can we have this as a kernel extension and - more important - standardized in the NVME spec?\nAh, now we\u0026rsquo;re talking. \u0026ldquo;We have standardized remote page fault reads over NVMEoF\u0026rdquo;.\nThat\u0026rsquo;s the article - at least, that is what I think it is, because it does not say so, and it references nothing.\nBut even so, it needs 50 years of Unix as a context to be understandable.\nI still don\u0026rsquo;t know what the original article was, but there is stuff such as FileMR: Rethinking RDMA Networking for Scalable Persistent Memory that is being worked on.\nBased on a twitter tread .\n","date":"2020-10-05T00:00:00Z","href":"https://blog.koehntopp.info/2020/10/05/what-are-the-problems-with-posix.html","tags":["lang_en","erklaerbaer","filesystems","database","mysql"],"title":"What are the problems with POSIX?"},{"categories":null,"content":"All over the Internet people are having trouble getting LOAD DATA and LOAD DATA LOCAL to work. Frankly, do not use them, and especially not the LOCAL variant. They are insecure, and even if you get them to work, they are limited and unlikely to do what you want. Write a small data load program as shown below.\nNot using LOAD DATA LOCAL The fine manual says :\nThe LOCAL version of LOAD DATA has two potential security issues:\nBecause LOAD DATA LOCAL is an SQL statement, parsing occurs on the server side, and transfer of the file from the client host to the server host is initiated by the MySQL server, which tells the client the file named in the statement. In theory, a patched server could tell the client program to transfer a file of the server\u0026rsquo;s choosing rather than the file named in the statement. Such a server could access any file on the client host to which the client user has read access. (A patched server could in fact reply with a file-transfer request to any statement, not just LOAD DATA LOCAL, so a more fundamental issue is that clients should not connect to untrusted servers.)\nIn a Web environment where the clients are connecting from a Web server, a user could use LOAD DATA LOCAL to read any files that the Web server process has read access to (assuming that a user could run any statement against the SQL server). In this environment, the client with respect to the MySQL server actually is the Web server, not a remote program being run by users who connect to the Web server.\nThe second issue in reality means that if the web server has a suitable SQL injection vulnerability, the attacker may use that to read any file the web server has access to, bouncing this through the database server.\nIn short, never use (or even enable) LOAD DATA LOCAL.\nlocal_infile is disabled in the server config, and you should keep it that way. client libraries are by default compiled with ENABLED_LOCAL_INFILE set to off. It can still be enabled using a call to the mysql_options() C-API, but never do that. 8.0.21+ places additional restrictions on this, to prevent you from being stupid (that is, actually enabling this anywhere). Not using LOAD DATA The LOAD DATA variant of the command assumes that you place a file on the database server, into a directory in the file system of the server, and load it from there. In the age of \u0026ldquo;MySQL as a service\u0026rdquo; this is inconvenient to impossible, so forget about this option, too.\nIf you were able to do place files onto the system where your mysqld lives,\nyour user needs to have FILE as a privilege, a global privilege (GRANT FILE TO ... ON *.*) the server variable secure_file_priv needs to be set to a directory name, and that directory needs to be world-readable. LOAD DATA and SELECT INTO OUTFILE work only with filenames below this directory. Setting this variable requires a server restart, this is not a dynamic variable (on purpose). Note that the variable can be NULL (this is secure in the sense that LOAD DATA is disabled) or empty (this is insecure in that there are no restrictions).\nThere is nothing preventing you from setting the variable to /var/lib/mysql or other dumb locations which would expose vital system files to load and save operations. Do not do this.\nAlso, a location such as /tmp or any other world-writeable directory would be dumb: Use a dedicated directory that is writeable by the import user only, and make sure that it is world-readable in order to make the command work.\nBetter: Do not use this command at all (and set secure_file_priv to NULL).\nUsing data dump and load programs instead We spoke about dumping a schema into CSV files in Export the entire database to CSV already.\nTo complete the discussion we need to provide a way to do the inverse and load data from a CSV file into a table.\nThe full code is in load.py .\nThe main idea is to open a .csv file with csv.reader, and then iterate over the rows. For each row, we execute an INSERT statement, and every few rows we also COMMIT.\nIn terms of dependencies, we rely on MySQLdb and csv:\nimport MySQLdb import csv We need to know the name of a table, and the column names of that table (in the order in which they appear).\nWe should also make sure we can change the delimiter and quoting character used by the CSV, and make the commit interval variable.\nFinally, we need to be able to connect to the database.\n# table to load into table = \u0026#34;data\u0026#34; # column names to load into columns = [ \u0026#34;id\u0026#34;, \u0026#34;d\u0026#34;, \u0026#34;e\u0026#34;, ] # formatting options delimiter = \u0026#34;,\u0026#34; quotechar = \u0026#39;\u0026#34;\u0026#39; # commit every commit_interval lines commit_interval = 1000 # connect to database, set mysql_use_results mode for streaming db_config = dict( host=\u0026#34;localhost\u0026#34;, user=\u0026#34;kris\u0026#34;, passwd=\u0026#34;geheim\u0026#34;, db=\u0026#34;kris\u0026#34;, ) From this, we can build a database connection and an INSERT statement, using the table name and column names:\ndb = MySQLdb.connect(**db_config) # build a proper insert command cmd = f\u0026#34;insert into {table} ( \u0026#34; cmd += \u0026#34;, \u0026#34;.join(columns) cmd += \u0026#34;) values (\u0026#34; cmd += \u0026#34;%s,\u0026#34; * len(columns) cmd = cmd[:-1] + \u0026#34;)\u0026#34; print(f\u0026#34;cmd = {cmd}\u0026#34;) The actual code is then rather simple: Open the CSV file, named after the table, and create a csv.reader(). Using this, we iterate over the rows.\nFor each row, we execute the insert statement.\nEvery commit_interval rows we commit, and for good measure we also commit after finishing, to make sure any remaining rows also get written out.\nwith open(f\u0026#34;{table}.csv\u0026#34;, \u0026#34;r\u0026#34;) as csvfile: reader = csv.reader(csvfile, delimiter=delimiter, quotechar=quotechar) c = db.cursor() counter = 0 # insert the rows as we read them for row in reader: c.execute(cmd, row) # ever commit_interval we issue a commit counter += 1 if (counter % commit_interval) == 0: db.commit() # final commit to the remainder db.commit() And that it. That\u0026rsquo;s all the code.\nNo FILE privilege, No special permissions besides insert_priv into the target table. No config in the database. No server restart to set up the permissions. And using Python\u0026rsquo;s multiprocessing, you could make it load multiple tables in parallel or chunk a very large table and load that in parallel - assuming you have database hardware that could profit from any of this.\nIn any case - this is simpler, more secure and less privileged than any of the broken LOAD DATA variants.\nDon\u0026rsquo;t use them, write a loader program.\nLet\u0026rsquo;s run it. First we generate some data, using the previous example from the partitions tutorial:\n(venv) kris@server:~/Python/mysql$ mysql-partitions/partitions.py setup-tables (venv) kris@server:~/Python/mysql$ mysql-partitions/partitions.py start-processing create p2 reason: not enough partitions cmd = alter table data add partition ( partition p2 values less than ( 20000)) create p3 reason: not enough partitions cmd = alter table data add partition ( partition p3 values less than ( 30000)) create p4 reason: not enough partitions cmd = alter table data add partition ( partition p4 values less than ( 40000)) create p5 reason: not enough partitions cmd = alter table data add partition ( partition p5 values less than ( 50000)) create p6 reason: not enough empty partitions cmd = alter table data add partition ( partition p6 values less than ( 60000)) counter = 1000 counter = 2000 counter = 3000 counter = 4000 ^CError in atexit._run_exitfuncs: ... We then dump the data, truncate the table, and reload the data. We count the rows to be sure we get all of them back.\n(venv) kris@server:~/Python/mysql$ mysql-csv/dump.py table = data (venv) kris@server:~/Python/mysql$ mysql -u kris -pgeheim kris -e \u0026#39;select count(*) from data\u0026#39; mysql: [Warning] Using a password on the command line interface can be insecure. +----------+ | count(*) | +----------+ | 4511 | +----------+ (venv) kris@server:~/Python/mysql$ mysql -u kris -pgeheim kris -e \u0026#39;truncate table data\u0026#39; mysql: [Warning] Using a password on the command line interface can be insecure. (venv) kris@server:~/Python/mysql$ mysql-csv/load.py cmd = insert into data ( id, d, e) values (%s,%s,%s) (venv) kris@server:~/Python/mysql$ mysql -u kris -pgeheim kris -e \u0026#39;select count(*) from data\u0026#39; mysql: [Warning] Using a password on the command line interface can be insecure. +----------+ | count(*) | +----------+ | 4511 | +----------+ ","date":"2020-09-28T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/28/mysql-import-csv-not-using-load-data.html","tags":["lang_en","mysql","database","erklaerbaer","mysqldev"],"title":"MySQL: Import CSV, not using LOAD DATA"},{"categories":null,"content":"This is an update and translation of a much older article , which I wrote in German Language back then. I was experimenting with importing the account statements from my German Sparkasse, which at that time were being made available as a CSV.\nThe initial data load The data looked like this:\n$ head -2 /home/kris/Documents/banking/umsatz-22758031-29122004.csv \u0026#34;Local Account\u0026#34;;\u0026#34;Book Date\u0026#34;;\u0026#34;Valuta Date\u0026#34;;\u0026#34;Transaction Type\u0026#34;; \u0026#34;Purpose\u0026#34;; \u0026#34;Remote Party\u0026#34;;\u0026#34;Remote Account\u0026#34;;\u0026#34;Bank Code\u0026#34;; \u0026#34;Amount\u0026#34;;\u0026#34;Currency\u0026#34;;\u0026#34;Info\u0026#34; \u0026#34;08154711\u0026#34;;\u0026#34;30.12\u0026#34;;\u0026#34;30.12.05\u0026#34;;\u0026#34;Direct Debit\u0026#34;; \u0026#34;DRP 08154711 040441777 INKL. 16% UST 5.38 EUR\u0026#34;; \u0026#34;STRATO MEDIEN AG\u0026#34;;\u0026#34;040441777\u0026#34;;\u0026#34;10050000\u0026#34;; \u0026#34;-39,00\u0026#34;;\u0026#34;EUR\u0026#34;;\u0026#34;Direct Debit booked\u0026#34; Because I want to know how I spend my money, I am loading the data into MySQL. Here is how:\nAs a first step we are defining a table into which to load the data. The table has columns whose primary purpose it to hold the data. We still have to clean and adjust the data to be able to do things with the data, so we are not looking at the final fields or types at all.\n-- load data warnings; DROP TABLE IF EXISTS transactions; CREATE TABLE transactions ( localaccount char(8) NOT NULL, bookdate_text char(10) NOT NULL, valutadate_text char(10) NOT NULL, transactiontype varchar(50) NOT NULL, purpose varchar(180) NOT NULL, remoteaccount_name varchar(100) NOT NULL, remoteaccount_number char(20) NOT NULL, remoteaccount_bankcode char(8) NOT NULL, amount_text char(12) NOT NULL, currentcy char(3) NOT NULL, info varchar(255) NOT NULL, unique index ( bookdate_text , transactiontype , purpose , remoteaccount_number , remoteaccount_bankcode , amount_text) ) ; truncate table transactions; Sadly, we have no unique transaction identifiers, so I cannot really define a proper primary key. I am trying to make do with a UNIQUE INDEX, but it is likely overly specific.\nThe failure scenario is that I have to specify start and end dates when exporting the account statements, and sometimes a few records are exported twice: At the end of the one statement file, and at the beginning of the next statement file again.\nTo prevent loading the same line twice if it happens to appear in multiple CSV files this unique index is probably okay.\nI load can load the various CSV files into this table:\nload data infile \u0026#39;/home/kris/Documents/banking/umsatz-22758031-29122004.csv\u0026#39; into table buchungen fields terminated by \u0026#34;;\u0026#34; optionally enclosed by \u0026#39;\u0026#34;\u0026#39; ignore 1 lines; load data infile \u0026#39;/home/kris/Documents/banking/umsatz-22758031-24012005.csv\u0026#39; into table buchungen fields terminated by \u0026#34;;\u0026#34; optionally enclosed by \u0026#39;\u0026#34;\u0026#39; ignore 1 lines; ... Now it is time to clean up the data. For this we create a target table, and add a primary key to it.\n-- prepare conversion stage DROP TABLE IF EXISTS b; create table b like transactions; alter table b add column id integer unsigned not null first; alter table b add primary key (id); alter table b change column id id integer unsigned not null auto_increment; Cleaning and changing the data We can now copy the data over, and in the process clean it up.\nThe amount field has to be changed from \u0026ldquo;xxx.xxx,yy\u0026rdquo; (german monetary notation with dots between the thousands, and a comma before the cents) to \u0026ldquo;xxxxxxx.yy\u0026rdquo;. We also have to turn the date fields valutadate_text and bookdate_text into iso date syntax. We need to add a year to bookdate_text, taking it from the valutadate_text. The info column is useless. -- load data into conversion stage insert into b select NULL, transactions.* from transactions; -- adapt amount update b set amount_text = replace(amount_text, \u0026#34;.\u0026#34;, \u0026#34;\u0026#34;); update b set amount_text = replace(amount_text, \u0026#34;,\u0026#34;, \u0026#34;.\u0026#34;); alter table b change column amount_text amount decimal(12,2) not null; -- adapt valutadate update b set valutadate_text = concat(\u0026#34;20\u0026#34;, substring(valutadate_text, 7, 2), \u0026#34;-\u0026#34;, substring(valutadate_text, 4, 2), \u0026#34;-\u0026#34;, substring(valutadate_text, 1,2)); alter table b change column valutadate_text valutadate date not null; -- adapt bookdate update b set bookdate_text = concat(year(valutadate), \u0026#34;-\u0026#34;, substring(bookdate_text, 4,2), \u0026#34;-\u0026#34;, substring(bookdate_text, 1,2)); alter table b change column bookdate_text bookdate date not null; -- drop info alter table b drop column info; Preparing binning categories I now want to aggregate my expenses. In the raw data, spent money is listed together with the remote account it went to. To aggregate, we need to assign each of these accounts to a category, for example we would assign all gas stations to the \u0026ldquo;fuel\u0026rdquo; category or all supermarkets to the \u0026ldquo;food\u0026rdquo; category.\nI can have a table \u0026ldquo;moneysinks\u0026rdquo; that does this account to category assignment.\n-- add category alter table b add column category varchar(20) not null; And here is the moneysinks table, which needed manual population (I had to assign a category to each pattern by hand):\nDROP TABLE IF EXISTS `moneysinks`; CREATE TABLE `moneysinks` ( `id` int(10) unsigned NOT NULL auto_increment, `pattern` varchar(100) NOT NULL, `category` varchar(20) NOT NULL, PRIMARY KEY (`id`) ); LOCK TABLES `moneysinks` WRITE; INSERT INTO `moneysinks` VALUES (77,\u0026#39;sparkasse\u0026#39;,\u0026#39;account and card\u0026#39;); INSERT INTO `moneysinks` VALUES (78,\u0026#39;ga\u0026#39;,\u0026#39;ATM domestic\u0026#39;); INSERT INTO `moneysinks` VALUES (79,\u0026#39;qsc\u0026#39;,\u0026#39;Internet\u0026#39;); INSERT INTO `moneysinks` VALUES (80,\u0026#39;linux new media\u0026#39;,\u0026#39;Newspaper\u0026#39;); INSERT INTO `moneysinks` VALUES (81,\u0026#39;premiere\u0026#39;,\u0026#39;TV\u0026#39;); INSERT INTO `moneysinks` VALUES (82,\u0026#39;walmart\u0026#39;,\u0026#39;Food\u0026#39;); INSERT INTO `moneysinks` VALUES (83,\u0026#39;kabel bw\u0026#39;,\u0026#39;TV\u0026#39;); INSERT INTO `moneysinks` VALUES (84,\u0026#39;gez\u0026#39;,\u0026#39;TV\u0026#39;); INSERT INTO `moneysinks` VALUES (85,\u0026#39;t-mobile\u0026#39;,\u0026#39;Telefon\u0026#39;); INSERT INTO `moneysinks` VALUES (86,\u0026#39;finanzkasse\u0026#39;,\u0026#39;Tax\u0026#39;); INSERT INTO `moneysinks` VALUES (87,\u0026#39;domainfactory\u0026#39;,\u0026#39;Internet\u0026#39;); INSERT INTO `moneysinks` VALUES (88,\u0026#39;nagel ue\u0026#39;,\u0026#39;Clothing\u0026#39;); INSERT INTO `moneysinks` VALUES (89,\u0026#39;mobilcom\u0026#39;,\u0026#39;Telefon\u0026#39;); INSERT INTO `moneysinks` VALUES (90,\u0026#39;domainfactory\u0026#39;,\u0026#39;Internet\u0026#39;); INSERT INTO `moneysinks` VALUES (91,\u0026#39;strato\u0026#39;,\u0026#39;Internet\u0026#39;); INSERT INTO `moneysinks` VALUES (92,\u0026#39;stadtwerke\u0026#39;,\u0026#39;Gas Water Shit\u0026#39;); INSERT INTO `moneysinks` VALUES (93,\u0026#39;deutsche bahn\u0026#39;,\u0026#39;Rail\u0026#39;); INSERT INTO `moneysinks` VALUES (94,\u0026#39;debeka\u0026#39;,\u0026#39;Insurance\u0026#39;); INSERT INTO `moneysinks` VALUES (95,\u0026#39;ec-ga\u0026#39;,\u0026#39;ATM intl\u0026#39;); INSERT INTO `moneysinks` VALUES (96,\u0026#39;scheck in\u0026#39;,\u0026#39;Food\u0026#39;); INSERT INTO `moneysinks` VALUES (97,\u0026#39;mastercard\u0026#39;,\u0026#39;Kreditkarte\u0026#39;); INSERT INTO `moneysinks` VALUES (98,\u0026#39;dr.\u0026#39;,\u0026#39;Miete\u0026#39;); INSERT INTO `moneysinks` VALUES (99,\u0026#39;a.t.u\u0026#39;,\u0026#39;Auto\u0026#39;); INSERT INTO `moneysinks` VALUES (100,\u0026#39;ungeheuer\u0026#39;,\u0026#39;Auto\u0026#39;); INSERT INTO `moneysinks` VALUES (101,\u0026#39;agip\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (102,\u0026#39;aral\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (103,\u0026#39;avia\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (104,\u0026#39;bab\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (105,\u0026#39;citti\u0026#39;,\u0026#39;Food\u0026#39;); INSERT INTO `moneysinks` VALUES (106,\u0026#39;efa\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (107,\u0026#39;esso\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (108,\u0026#39;expedia\u0026#39;,\u0026#39;Travel\u0026#39;); INSERT INTO `moneysinks` VALUES (109,\u0026#39;fantasy\u0026#39;,\u0026#39;RPG\u0026#39;); INSERT INTO `moneysinks` VALUES (110,\u0026#39;gravis\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `moneysinks` VALUES (111,\u0026#39;foto\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `moneysinks` VALUES (112,\u0026#39;heinrich\u0026#39;,\u0026#39;Clothing\u0026#39;); INSERT INTO `moneysinks` VALUES (113,\u0026#39;hem\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (114,\u0026#39;hotel\u0026#39;,\u0026#39;Travel\u0026#39;); INSERT INTO `moneysinks` VALUES (115,\u0026#39;jet-tank\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (116,\u0026#39;karstadt\u0026#39;,\u0026#39;Food\u0026#39;); INSERT INTO `moneysinks` VALUES (117,\u0026#39;kassen-\u0026#39;,\u0026#39;Tax\u0026#39;); INSERT INTO `moneysinks` VALUES (118,\u0026#39;leichtsinn\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `moneysinks` VALUES (119,\u0026#39;media markt\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `moneysinks` VALUES (120,\u0026#39;mios\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (121,\u0026#39;plaza\u0026#39;,\u0026#39;Food\u0026#39;); INSERT INTO `moneysinks` VALUES (122,\u0026#39;rundfunkgebuehren\u0026#39;,\u0026#39;TV\u0026#39;); INSERT INTO `moneysinks` VALUES (123,\u0026#39;saturn\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `moneysinks` VALUES (124,\u0026#39;sb tank\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (125,\u0026#39;segelkiste\u0026#39;,\u0026#39;Clothing\u0026#39;); INSERT INTO `moneysinks` VALUES (126,\u0026#39;total/\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (127,\u0026#39;trx\u0026#39;,\u0026#39;Travel\u0026#39;); INSERT INTO `moneysinks` VALUES (128,\u0026#39;tst. bensheim\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (129,\u0026#39;vobis\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `moneysinks` VALUES (130,\u0026#39;willenberg\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `moneysinks` VALUES (131,\u0026#39;shell\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (132,\u0026#39;spreadshirt\u0026#39;,\u0026#39;Clothing\u0026#39;); INSERT INTO `moneysinks` VALUES (133,\u0026#39;armin meier\u0026#39;,\u0026#39;Clothing\u0026#39;); INSERT INTO `moneysinks` VALUES (134,\u0026#39;itzehoer\u0026#39;,\u0026#39;Insurance\u0026#39;); INSERT INTO `moneysinks` VALUES (135,\u0026#39;ec-pos\u0026#39;,\u0026#39;ATM intl\u0026#39;); INSERT INTO `moneysinks` VALUES (136,\u0026#39;euf-ga\u0026#39;,\u0026#39;ATM intl\u0026#39;); INSERT INTO `moneysinks` VALUES (137,\u0026#39;dell\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `moneysinks` VALUES (138,\u0026#39;yvonne\u0026#39;,\u0026#39;RPG\u0026#39;); UNLOCK TABLES; Asking Questions Using the mapping in moneysinks and the query below I can now permanently assign the category field in b:\nupdate b set category = ( select category from moneysinks as w where b.remoteaccount_name like concat(w.pattern, \u0026#34;%\u0026#34;) order by length(pattern) desc limit 1) where b.amount \u0026lt; 0; As I complete my list of patters I get a category assigned to everything.\nThat enables me to ask questions:\nselect remoteaccount_name, count(remoteaccount_name) as income from b where betrag\u0026gt;=0 group by remoteaccount_name order by income desc; +--------------------------------------------------------+-----------+ | remoteaccount_name | income | +--------------------------------------------------------+-----------+ | WEB.DE AG AMALIENBADSTR. 41 | 12 | | MYSQL GMBH | 7 | | MYSQL GMBH SCHLOSSERSTR. 4 72622 NUERTINGEN | 3 | | COOP SCHLESWIG-HOLSTEIN EG BENZSTR. 10 | 2 | +--------------------------------------------------------+-----------+ select remoteaccount_name, count(remoteaccount_name) as payments from b where betrag\u0026lt;0 group by remoteaccount_name order by payments desc; +---------------------------------------------------------+----------+ | remoteaccount_name | payments | +---------------------------------------------------------+----------+ | SCHECK IN CENTER KA DURLACH | 36 | | MOBILCOM COMMUNICATIONSTECH | 22 | | STRATO MEDIEN AG | 22 | | VERMIETER | 19 | | T-MOBILE DEUTSCHLAND GMBH | 18 | | DEUTSCHE BAHN KARLSRUHE HB | 17 | | KABEL BW GMBH \u0026amp; CO. KG | 17 | | QSC AG | 17 | | STADTWERKE KARLSRUHE | 17 | ... Using the category I can also group this and make group totals.\nselect category, count(amount) as payments, sum(amount) as total from b where amount\u0026lt;0 group by category order by total; This will tell me how I spend my money.\nOften I want to observe how my spending habits change over time, so I would not just use the categories from the moneysinks table as grouping criterion, but also group over some time dimension (GROUP BY year(bookdate) as year, category).\nAs my data warehouse grows, it may be useful to run the aggregation query and save the result in some pre-aggregated table (by day or month), as a kind of materialized view of the aggregates. I can use these to create coarser grained aggregates faster (take daily sums and counts, and create monthly or yearly aggregates, fast).\nSummary and outlook Using account statements from a bank, we have built a basic data warehouse. We demonstrated data import, staging and cleaning processes. Using category tables, we demonstrated how bin individual records into larger sets that can be useful in statistical analysis, and we looked at how we could materialize these aggregations into pre-aggregated tables.\nThis is a toy data warehouse, and it poses no challenges in data management due to the small size. Still, it has many properties that are also present in larger structures. Let\u0026rsquo;s look at this in a more generalized way:\nA data warehouse is centered around one or more fact tables. Fact tables always have a time dimension, they have log-like nature.\nLiteral attribute values, resolve id\u0026rsquo;s Fact tables contain snapshot data that is not normalized, but contains literal values. In our example: actual account holder names, and account numbers.\nFor example in a sales warehouse from a web shop, we are never interested in the current price of an item in a sales-fact table, but always in what we sold it for back then, for each individual sale. We are never interested where the customer lives now, but where we sent the article. Hence, we log literal attributes, never ids pointing to the current article or customer record.\nEncoding can shrink tables, but do only what is necessary This often leads to data duplication. In our example, the string \u0026ldquo;SCHECK IN CENTER KA DURLACH\u0026rdquo; is repeated 36 times. For the amount of data shown in our example this does not matter.\nEven in the one million rows example in Coding fields for great profit the gain is not critical, though substantial. A data warehouse starting out can often skip encoding the values and just take the hit from the duplication. An encoding step can be performed later, as long as there is infrastructure in place for online schema change, and sufficient disk space.\nThe Star and the Snowflake When we talk about OLTP databases, we often talk about normalization, and aiming for the 3rd normal form as an idealized schema to work from. For transactional data that is a good model and a good goal.\nIn data warehousing, this is obviously not the case - our data has a time dimension, and unlike OLTP, in a data warehouse we are interested in how things were then, not what they are like now. In our example, we are interested in how much we spent for the fuel back then, and not what the same amount would cost us now.\nConversely, in a data warehouse the logged data usually does not change much after the fact: there can be\nback filling, due to data arriving late, backpropagation of newly added attributes, or there can be corrections due to transactions changed after the fact at the business level All of these require us to be able to rewrite our logs for some time window. But eventually that window closes and the data becomes immutable, and we can seal it (run OPTIMIZE TABLE, and apply encoding and page level compression).\nIn our example, once money is spent, it would not come back (or if, in a second corrective reverse booking), and the amounts booked would never change. The log records are immutable from the outset.\nThings that OLTP structures need to avoid by normalizing - insert, update and delete paradox - do not happen to us in the same way. Also, because our data does not change much (if ever), but grows a lot over time, it is useful to invest the CPU cycles for data compression (using encoding at the data model level, and using page compression at the database engine level, in this order) once the data can be sealed.\nThe classical structure of a data warehouse is therefore the star, in which we have a fact table, and a number of category tables aiding binning, plus a number of generated daily/weekly/monthly pre-aggregates as outputs. All of these auxiliary tables group around the fact table, linked to it in some way, hence the \u0026ldquo;Star Schema\u0026rdquo;.\nIn our example, we have the b fact table, and only a single binning input table, moneysinks. More complicated warehouses can have many more of these.\nWe have no materialized output tables (expenses per days or similar), because our data set is small enough to do all of this ad-hoc. In larger warehouses, materializing aggregates that help to speed up reports is useful.\nIf you add categories of categories, or produce multidimensional aggregates, you go from Star to Snowflake Schema.\nThe Star and the Snowflake are the normal forms for Data Warehouses, Normalization as practiced in transactional databases is not helpful, 3NF is not a thing.\nTime Dimensional Tables in OLTP schemas Almost every OLTP schema earning money has some tables in it that have a time dimension. It is often visible either in the table name (shop.sales_202009) or in the tables primary key - often a compound primary key which contains a pair of an id and a date.\nIt will be visible in any case, if you think about each tables\u0026rsquo; growth.\nAssume unchanging conditions - a webshop with a mostly fixed number of articles, and a mostly fixed number of customers buying at a fixed rate, which tables will stay at a fixed size, and which tables will grow without bounds?\nSolution: It is the orders table.\nFind these unbounded structures in your schema.\nAt the heart of every OLTP schema there is a data warehouse that is struggling to get out. You get it out by completing the data lifecycle for the OLTP phase of things and establishing an Extract, Transform and Load cycle (ETL cycle).\nIn planning a data warehouse, you identify tables without growth boundaries, and decide which data attributes you want to record as literal data for the warehouse.\nIn the Extract phase you create a monster join you resolve all id values present in your normalized data, extract the literal attributes of interest, and push them into a CSV or some staging table.\nData in the OLTP system can now be deleted by the OLTP systems data lifecycle management without concern for other, non-transactional business functions: we have isolated the non-transactional concerns and confined them to the Extraction process (which will have to be adjusted when the OLTP schema changes, so we are a stakeholder in the OLTP schema evolution).\nThis isolation of concerns means that the OLTP system of our shop can now delete or archive orders at will after fulfillment or whatever other concerns the transactional system has to serve. Our non-transactional needs are all served from the data gathered in the Extract phase of the ETL process.\nThe staged extracted values can now be cleaned, categorized and aggregated, depending on the demands from the non-transactional business concerns (statistics, business intelligence, decision-making and so on).\nIdentifying data warehousey tables in OLTP systems, and isolating the transactional and non-transactional business concerns is important to keep the OLTP system small and agile.\nWithout taking the non-transactional, long term business functions out the OLTP system will grow without bounds, and ultimately transactional performance will suffer - the system will choke on itself. The non-transactional concerns not being isolated and bundled will also impede OLTP schema evolution and choke the development process on the money-earning side.\nData Lifecycle Management at the Warehouse Fact tables in the data warehouse have a time dimension, and as time passes, they will accumulate more data. In order to manage our data warehouse, we will also have to complete the data lifecycle on this side of the ETL boundary, and establish some deletion policy.\nQueries to the data warehouse table are often time bounded (\u0026ldquo;How did sales change in the last 2 years\u0026rdquo;) and binned by - among other things - a time dimension (\u0026ldquo;How did demand change month-over-month\u0026rdquo;, \u0026ldquo;Which of our products are seasonal?\u0026rdquo;).\nHandling data at volume, and getting rid of data no longer needed, is much easier in MySQL when using partitions .\nIn data warehouses, partitions are usually on a time value as the first dimension. That is, we partition our data set by year, month or day, and we delete data by dropping old partitions. This leaves all internal B-Trees in all the partitions sub-tables untouched and as they have been after the import, optimization and compression.\nAs queries also have a time dimension, the optimizer profits from this structure as well. It can exclude entire partitions from consideration, making the subset of data to look at much smaller.\nDaily Snapshots are slow, but simple A daily snapshot ETL import is slow - you do not get realtime data updates - but simple to implement retroactively on existing structures. Realtime structures require more engineering, but can be crafted on top of existing architectures as well. We are going to look at them in some later examples.\n","date":"2020-09-26T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/26/my-private-data-warehouse.html","tags":["lang_en","mysql","database","erklaerbaer","mysqldev"],"title":"Importing account statements and building a data warehouse"},{"categories":null,"content":"In Deleting data we have been looking at a process that loads data into MySQL, leveraging partitions to make it easier and faster to later get rid of the data again. For this, we created three processes, a data loader process, and two observers - one for creating partitions, and one for deleting them.\nThe observer processes have been running ANALYZE TABLES and then polling INFORMATION_SCHEMA.PARTITIONS every 1/10th of a second to check if intervention is needed. They then have been dynamically generating the necessary ALTER TABLE statements maintaining the proper partitioning of the table by adding and dropping additional partitions.\nThat is cumbersome and should not be necessary.\nUsing SQL to maintain partitions It is possible to prepare and execute dynamic DDL in MySQL, using PREPARE, EXECUTE and DEALLOCATE PREPARE.\nSo I can do the following, if I numb myself sufficiently to actually write and generate code in procedural SQL:\nkris@localhost [kris]\u0026gt; set @next_name := \u0026#34;p3\u0026#34;; Query OK, 0 rows affected (0.00 sec) kris@localhost [kris]\u0026gt; set @next_limit := \u0026#34;30000\u0026#34;; Query OK, 0 rows affected (0.00 sec) kris@localhost [kris]\u0026gt; select -\u0026gt; concat(\u0026#34;alter table data add partition ( partition \u0026#34;, -\u0026gt; @next_name, -\u0026gt; \u0026#34; values less than (\u0026#34;, -\u0026gt; @next_limit, -\u0026gt; \u0026#34;))\u0026#34;) as cmd into @cmd; Query OK, 1 row affected (0.00 sec) kris@localhost [kris]\u0026gt; select @cmd; +-------------------------------------------------------------------------+ | @cmd | +-------------------------------------------------------------------------+ | alter table data add partition ( partition p3 values less than (30000)) | +-------------------------------------------------------------------------+ 1 row in set (0.00 sec) kris@localhost [kris]\u0026gt; prepare s from @cmd; Query OK, 0 rows affected (0.00 sec) Statement prepared kris@localhost [kris]\u0026gt; execute s; Query OK, 0 rows affected (0.10 sec) Records: 0 Duplicates: 0 Warnings: 0 kris@localhost [kris]\u0026gt; deallocate prepare s; Query OK, 0 rows affected (0.00 sec) kris@localhost [kris]\u0026gt; show create table data\\G Table: data Create Table: CREATE TABLE `data` ( `id` int NOT NULL AUTO_INCREMENT, `d` varchar(64) NOT NULL, `e` varchar(64) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci PARTITION BY RANGE (`id`) (PARTITION p1 VALUES LESS THAN (10000) ENGINE = InnoDB, PARTITION p2 VALUES LESS THAN (20000) ENGINE = InnoDB, PARTITION p3 VALUES LESS THAN (30000) ENGINE = InnoDB) 1 row in set (0.00 sec) I could put the logic of the partitioner and dropper into stored procedures and use the MySQL Event Scheduler to have this running in the background at all times to maintain the partitions on the data table.\nExcept that would still fail if I insert too many rows in a single transaction.\nI may be able to run the calls to my stored procedures in an insert trigger, but that is overhead I\u0026rsquo;d rather not have for each row inserted. Also, I am pretty confident that the trigger will also trigger a number of bugs in rarely used code paths. :-)\nWishful thinking An actual solution would be a less cumbersome notation for partitions, specifically range partitioning by an auto_increment primary key, and range partitioning along a time dimensions.\nI should be able to write how many partitions of which bucket size I want instead of maintaining a giant if-then-else of VALUES LESS THAN statements. SQL is supposed to be a declarative language, after all.\nFor the time dimension, I should be able to specify the same, in retention time and intervals for the buckets. MySQL would then create and drop partitions automatically, and generate the names for them automatically, too.\nSo something like the following made-up syntax:\n-- maintain 10 buckets, -- equivalent to -- VALUES LESS THAN (\u0026lt;previous value\u0026gt; + 10000) -- -- When new buckets are autogenerated at the top, and the number is larger than 10, -- drop the lowest one. -- create table data ( `id` int NOT NULL AUTO_INCREMENT, `d` varchar(64) NOT NULL, `e` varchar(64) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci PARTITION BY AUTOMATIC RANGE (`id`) ( PARTITIONS 10 VALUES (10000)) -- maintain 10 buckets -- equivalent to -- VALUES LESS THAN (UNIX_TIMETSTAMP(\u0026lt;previous value\u0026gt; + INTERVAL 1 DAY)) -- -- When new buckets are autogenerated at the end, and the number is larger than 10, -- drop the oldest one. create table data ( `created` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, `d` varchar(64) NOT NULL, `e` varchar(64) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci PARTITION BY AUTOMATIC TIME RANGE (`created`) (PARTITIONS 10 VALUES (INTERVAL 1 DAY)) This would get rid of any manually maintained procedures, events, triggers, and most importantly, implementations, and specify procedurally how and when partitions are created and how long they are kept.\nNot quite as automatic as Cassandra TTL fields, but a large step forward.\n","date":"2020-09-25T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/25/mysql-dynamic-partitions-suck.html","tags":["lang_en","mysql","database","innodb","erklaerbaer","mysqldev"],"title":"MySQL: automatic partitions surely would be nice"},{"categories":null,"content":"Completing the data lifecycle is often harder than originally expected: Deleting data can sometimes cost way more than inserting it in the first place. MySQL Partitions can offer a way out. We have an earlier post on the subject.\nA sample table, and a problem statement Let\u0026rsquo;s define a kind of log table, to which data is added with an auto_increment id value and some data.\n#! /usr/bin/env python3 from time import sleep from random import randint from multiprocessing import Process import click import MySQLdb import MySQLdb.cursors db_config = dict( host=\u0026#34;localhost\u0026#34;, user=\u0026#34;kris\u0026#34;, passwd=\u0026#34;geheim\u0026#34;, db=\u0026#34;kris\u0026#34;, cursorclass=MySQLdb.cursors.DictCursor, ) @click.group(help=\u0026#34;Load and delete data using partitions\u0026#34;) def sql(): pass @sql.command() def setup_tables(): sql_setup = [ \u0026#34;drop table if exists data\u0026#34;, \u0026#34;\u0026#34;\u0026#34; create table data ( id integer not null primary key auto_increment, d varchar(64) not null, e varchar(64) not null )\u0026#34;\u0026#34;\u0026#34;, \u0026#34;alter table data partition by range (id) ( partition p1 values less than (10000))\u0026#34;, \u0026#34;insert into data (id, d, e) values ( 1, \u0026#39;keks\u0026#39;, \u0026#39;keks\u0026#39; )\u0026#34;, \u0026#34;commit\u0026#34;, ] db = MySQLdb.connect(**db_config) for cmd in sql_setup: try: c = db.cursor() c.execute(cmd) except MySQLdb.OperationalError as e: click.echo(f\u0026#34;setup_tables: failed {e} with {cmd}.\u0026#34;) sql() This is our basic Python framework for experimentation, using the click framework, and a command setup-tables. This command will run a number of SQL statements to initialize our log table named data.\nThe log table has three columns: id, an auto_increment counter, and two columns d and e, each containing 64 characters of data. To get things started, we add an initial partition, containing all id-values below 10.000 and an initial row.\nIf we were to add data to this table in a loop, we would increment our id-counter, and with InnoDB being what it is, all new rows will be added at the end of the table: We remember from ALTER TABLE for UUID that the physical order of any InnoDB table is by primary key - our id-counter.\nNow, if we were to expire old data, we would start to delete rows with the lowest id-values, so we would delete rows from the beginning of the table, or the left-hand side of the B+-Tree. To keep the tree balanced, MySQL would have to execute balancing operations, which will be expensive, because rows are being shuffled around in the tree.\nNew data is added to the right-hand side of the B+-Tree, while old data is being deleted at the left-hand side. To keep the tree balanced, data is reshuffled, which is an expensive operation.\nInstead, we are defining partitions. In our case, we are using the simplest definition possible: A PARTITION BY RANGE on the primary key column. We are making bins of 10.000 rows each, because that is convenient for our demonstration here.\nThree processes We will be using the Python multiprocessing module to have three processes, an inserter(), a partitioner() and a dropper(). All of them are endless loops.\nThe inserter will insert random new data rows into the table as fast as possible. The partitioner will make sure that we always have a sufficient number of empty new partitions for the inserter to continue. The dropper will limit the number of partitions with data by throwing the oldest partition away. We will have small piece of code that starts our processes:\n@sql.command() def start_processing(): proc_partition = Process(target=partitioner) proc_partition.start() proc_drop = Process(target=dropper) proc_drop.start() proc_insert = Process(target=inserter) proc_insert.start() The Inserter The Inserter is an endless loop that generates two random 64 character strings and inserts a new row into the database. Every 10 rows, we commit, every 1000 rows we print a message.\ndef inserter(): counter = 0 step = 10 cmd = \u0026#34;insert into data (id, d, e) values( NULL, %(d)s, %(e)s )\u0026#34; db = MySQLdb.connect(**db_config) c = db.cursor() while True: data = { \u0026#34;d\u0026#34;: \u0026#34;\u0026#34;.join([chr(randint(97, 97 + 26)) for x in range(64)]), \u0026#34;e\u0026#34;: \u0026#34;\u0026#34;.join([chr(randint(97, 97 + 26)) for x in range(64)]), } c.execute(cmd, data) counter += 1 if counter % step == 0: db.commit() if counter % 1000 == 0: print(f\u0026#34;counter = {counter}\u0026#34;) Without the other two threads, the inserter will generate 10.000 rows and then stop, because there is no MAXVALUE clause.\nThe Partitioner The Partitioner is an endless loop that runs an ANALYZE TABLE data command to refresh the statistics, and then queries INFORMATION_SCHEMA.PARTITIONS for the five partitions with the highest PARTITION_ORDINAL_POSITION.\nIf there are fewer than 5 partitions in total, we generate new partitions no matter what.\nIf there are not at least 5 partitions with no rows\u0026rsquo; int them, we create new partitions.\nIf we did nothing, we wait for 1/10th of a second and then check again.\nThe new partition gets a range expression with a limit 10.000 values higher than the highest one found, and the partition name is derived from the limit by dividing by 10.000.\nIn code:\ndef create_partition(db, next_name, next_limit): cmd = f\u0026#34;alter table data add partition ( partition {next_name} values less than ( {next_limit}))\u0026#34; print(f\u0026#34;cmd = {cmd}\u0026#34;) c = db.cursor() c.execute(cmd) This will simply format and run an ALTER TABLE statement to add a new partition to the existing table.\nAnd the checking loop:\ndef partitioner(): db = MySQLdb.connect(**db_config) c = db.cursor() while True: # force stats refresh c.execute(\u0026#34;analyze table kris.data\u0026#34;) # find the five highest partitions cmd = \u0026#34;\u0026#34;\u0026#34;select partition_name, partition_ordinal_position, partition_description, table_rows from information_schema.partitions where table_schema = \u0026#34;kris\u0026#34; and table_name = \u0026#34;data\u0026#34; order by partition_ordinal_position desc limit 5 \u0026#34;\u0026#34;\u0026#34; c.execute(cmd) rows = c.fetchall() next_limit = int(rows[0][\u0026#34;PARTITION_DESCRIPTION\u0026#34;]) + 10000 next_name = \u0026#34;p\u0026#34; + str(int(next_limit / 10000)) if len(rows) \u0026lt; 5: print(f\u0026#34;create {next_name} reason: not enough partitions\u0026#34;) create_partition(db, next_name, next_limit) continue sum = 0 for row in rows: sum += int(row[\u0026#34;TABLE_ROWS\u0026#34;]) if sum \u0026gt; 0: print(f\u0026#34;create {next_name} reason: not enough empty partitions\u0026#34;) create_partition(db, next_name, next_limit) continue sleep(0.1) This code is mostly a long SELECT on the INFORMATION_SCHEMA.PARTITIONS table, and then two quick checks to see if we need to make more partitions.\nThe Dropper The Dropper structurally mirrors the Partitioner: We have a tiny function to create the actual ALTER TABLE data DROP PARTITION statement:\ndef drop_partition(db, partition_name): cmd = f\u0026#34;alter table data drop partition {partition_name}\u0026#34; c = db.cursor() print(f\u0026#34;cmd = {cmd}\u0026#34;) c.execute(cmd) And we have an endless loop that basically runs a SELECT on INFORMATION_SCHEMA.PARTITIONS and checks the number of partitions that have a non-zero number of TABLE_ROWS. If it is too many, we drop the one with the lowest number (\u0026ldquo;the first one found\u0026rdquo;, using an appropriate sort order in our SQL).\ndef dropper(): db = MySQLdb.connect(**db_config) c = db.cursor() while True: # force stats refresh c.execute(\u0026#34;analyze table kris.data\u0026#34;) # cmd = \u0026#34;\u0026#34;\u0026#34; select partition_name, partition_ordinal_position, partition_description, table_rows from information_schema.partitions where table_schema = \u0026#34;kris\u0026#34; and table_name = \u0026#34;data\u0026#34; and table_rows \u0026gt; 0 order by partition_ordinal_position asc \u0026#34;\u0026#34;\u0026#34; c.execute(cmd) rows = c.fetchall() if len(rows) \u0026gt;= 10: partition_name = rows[0][\u0026#34;PARTITION_NAME\u0026#34;] print(f\u0026#34;drop {partition_name} reason: too many partitions with data\u0026#34;) drop_partition(db, partition_name) continue sleep(0.1) A test run In our test run, we see immediately after startup how the five spare partitions are being created.\n$ ./partitions.py setup-tables $ ./partitions.py start-processing create p2 reason: not enough partitions cmd = alter table data add partition ( partition p2 values less than ( 20000)) create p3 reason: not enough partitions cmd = alter table data add partition ( partition p3 values less than ( 30000)) create p4 reason: not enough partitions cmd = alter table data add partition ( partition p4 values less than ( 40000)) create p5 reason: not enough partitions cmd = alter table data add partition ( partition p5 values less than ( 50000)) create p6 reason: not enough empty partitions cmd = alter table data add partition ( partition p6 values less than ( 60000)) counter = 1000 counter = 2000 counter = 3000 ... Once we cross the threshold of p1, the number of empty partitions is no longer low enough and another one is being created:\n... counter = 9000 counter = 10000 create p7 reason: not enough empty partitions cmd = alter table data add partition ( partition p7 values less than ( 70000)) counter = 11000 ... This continues for a while, until we have a sufficient number of data partitions so that we begin dropping, too:\n... counter = 90000 create p15 reason: not enough empty partitions cmd = alter table data add partition ( partition p15 values less than ( 150000)) drop p1 reason: too many partitions with data cmd = alter table data drop partition p1 counter = 91000 counter = 92000 ... Now the system reaches a stable state and will add and drop partitions in sync with the Inserter.\nFrom inside SQL we can see the number of rows in the table rise, and then suddenly drop by 10.000 as we drop a partition.\n+----------+ | count(*) | +----------+ | 89872 | +----------+ 1 row in set (0.00 sec) kris@localhost [kris]\u0026gt; select count(*) from data; +----------+ | count(*) | +----------+ | 90122 | +----------+ 1 row in set (0.02 sec) kris@localhost [kris]\u0026gt; select count(*) from data; +----------+ | count(*) | +----------+ | 80362 | +----------+ 1 row in set (0.01 sec) The complete example is available on GitHub.com .\n","date":"2020-09-24T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/24/mysql-deleting-data.html","tags":["lang_en","mysql","database","innodb","erklaerbaer","mysqldev"],"title":"MySQL: Deleting data"},{"categories":null,"content":"MySQL uses connection and config parameters from a number of possible sources. The easiest way to find out where it is looking for config files is to run\n$ mysql --help | grep cnf order of preference, my.cnf, $MYSQL_TCP_PORT, /etc/my.cnf /etc/mysql/my.cnf /Users/kkoehntopp/homebrew/etc/my.cnf ~/.my.cnf As can be seen, my version of the MySQL client checks in this order\n/etc/my.cnf /etc/mysql/my.cnf /Users/kkoehntopp/homebrew/etc/my/cnf ~/.my.cnf The cnf file is a file in dot-ini syntax, so you have [groups] and each group contains lines with key = value pairs. Which groups are read?\n$ mysql --help | grep \u0026#34;groups are\u0026#34; The following groups are read: mysql client So in my case, I would create a /Users/kkoehntopp/.my.cnf looking like this:\n[client] user=kris password=geheim host=127.0.0.1 [mysql] database=kris show-warnings prompt=\\U [\\d]\u0026gt;\\_ That is, I put general connection parameters such as the host, user and password into the client group, and program specific parameters such as database, prompt and others into program specific groups such as mysql. That way, the mysqldump and mysql programs will connect automatically, but the mysql options will not interfere with mysqldump.\n.mylogin.cnf Some time in 2012, the .mylogin.cnf mechanism and the mysql_config_editor program were added. They provide little value in security as we will see, but allow storage of more than one set of credentials: It is now possible to store a number of login paths (credential sets) in a mylogin file, and call the client program with --login-path=.... The client program will then read the mylogin file and use the connection parameters from there.\nmylogin files are being made with the mysql_config_editor program, for example\n$ mysql_config_editor set --login-path=test --user=kris --host=localhost --password Enter password: geheim $ mysql_config_editor print --all [local] user = root password = ***** host = localhost [test] user = kris password = ***** host = localhost will create a new mylogin, or amend an existing one, and define a login path named test. It will take the host and the username on the command line, but you cannot specify the password easily - it has to be typed in.\nThis makes provisioning hard - templating this in Ansible is not easy and dancing around with expect and friends is just silly.\nWorking around this A small Python Program based on a much older article and PHP program of mine changes that.\nIt can decode and encode mylogin files, opening them up to Ansible templating. Just provision a valid mylogin file in plain text, encode it and delete the plain text original file.\nThe sample session looks like this:\n# generate a dummy file mysql_config_editor set --login-path=local --user=root --host=localhost --password Password: keks # decode this file ./mysql_config_coder.py decode ~/.mylogin.cnf mylogin.out cat mylogin.out # make changes to mylogin.out and ./mysql_config_coder.py encode mylogin.out mylogin.cnf chmod 600 mylogin.cnf # test with original MYSQL_TEST_LOGIN_FILE=$(pwd)/mylogin.cnf mysql_config_editor -v print --all my_print_defaults -s local # Note: mysql_config_editor will not print the password, just five stars # but my_print_defaults should also show the password. The program depends on click and pycrypto, but really any implementation of aes-128-ebc should be easily usable.\n","date":"2020-09-23T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/23/mylogin-cnf.html","tags":["lang_en","mysql","mysqldev","database"],"title":"MySQL: Provisioning .mylogin.cnf"},{"categories":null,"content":"A question to the internal #DBA channel at work: »Is it possible to change a column type from BIGINT to VARCHAR ? Will the numbers be converted into a string version of the number or will be it a byte-wise transition that will screw the values?«\nAsking yielded more information: »The use-case is to have strings, to have UUIDs.«\nSo we have two questions to answer:\nIs ALTER TABLE t CHANGE COLUMN c lossy? INTEGER AUTO_INCREMENT vs. UUID Is ALTER TABLE t CHANGE COLUMN c lossy? ALTER TABLE is not lossy. We can test.\nmysql\u0026gt; create table kris ( id integer not null primary key auto_increment); Query OK, 0 rows affected (0.16 sec) mysql\u0026gt; insert into kris values (NULL); Query OK, 1 row affected (0.01 sec) mysql\u0026gt; insert into kris select NULL from kris; Query OK, 1 row affected (0.01 sec) Records: 1 Duplicates: 0 Warnings: 0 ... mysql\u0026gt; select count(*) from kris; +----------+ | count(*) | +----------+ | 1024 | +----------+ 1 row in set (0.00 sec) mysql\u0026gt; select id from kris limit 3; +----+ | id | +----+ | 1 | | 2 | | 3 | +----+ 3 rows in set (0.00 sec) Having a test table, we can play.\nI am running an ALTER TABLE kris CHANGE COLUMN command. This requires that I specify the old name of the column, and then the full new column specifier including the new name, the new type and all details. Hence, the “id id ...”\nmysql\u0026gt; alter table kris change column id id varchar(200) charset latin1 not null; Query OK, 1024 rows affected (0.22 sec) Records: 1024 Duplicates: 0 Warnings: 0 mysql\u0026gt; select count(*) from kris; +----------+ | count(*) | +----------+ | 1024 | +----------+ 1 row in set (0.00 sec) mysql\u0026gt; select id from kris limit 3; +------+ | id | +------+ | 1 | | 1015 | | 1016 | +------+ 3 rows in set (0.00 sec) mysql\u0026gt; show create table kris\\G Table: kris Create Table: CREATE TABLE `kris` ( `id` varchar(200) CHARACTER SET latin1 COLLATE latin1_swedish_ci NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) We can see a number of things here:\nThe conversion is not lossy: We have the same number of records, and the records are still sequences of decimal digits. The order of the output is somehow different. The records which previous showed up in ascending integer order are now showing up in ascending alphabetical order. Given that they are now strings, this is partially logical (if there is an order, it should be alphabetical for strings), and partly mysterious (why is there an order and what happened?). Let’s go through that step by step.\nExpensive ALTER TABLE ALTER TABLE tries to do changes to the table in place, without rewriting the entire table, if possible.\nIn some cases this is not possible, and then it tries to do it in the background.\nIn some cases not even that is possible, and then the table is locked, rewritten in full, and unlocked.\nOur table change was of the third, most expensive kind.\nAn ENUM change that extends the ENUM at the end is the least expensive possible change. We just add a new value at the end of the list of possible values for the ENUM. This is a change to the data dictionary, not even touching the table.\nAn ENUM change in the middle of the list requires recoding the table. Turning an ENUM(“one”, “three”) into an ENUM(“one”, “two”, “three”) is expensive. Turning ENUM(“one”, “three”) into ENUM(“one”, “three”, “two”) is cheap. MySQL stores ENUMs internally as integer, so the expensive change re-encodes all old “three” values from 2 to 3. The cheap change stores “three” as 2, and adds 3 as an encoding for “two” in the data dictionary. Some ALTER TABLE t ADD index variants are examples for things happening in the background. They still cost time, but won’t lock. The index will become available only after its creation has finished. There cannot be multiple background operations ongoing.\nIn our case, we internally and invisibly\nLock the original table. Create a temp table in the new format. Read all data from the original table, write it into the new table as an INSERT INTO temptable SELECT ... FROM oldtable would do. RENAME TABLE oldtable TO temptable2, temptable TO oldtable; DROP TABLE temptable2; Unlock everything and are open for business again. This process is safe against data loss: If at any point in time this fails, we drop the temptable and still have the original table, unchanged.\nThis processes temporarily doubles disk usage: For some time, the table to be converted will exist in both variants. It requires an appropriate amount of disk space for the duration of the conversion.\nThis process can be emulated. Locking a production table for conversion for an extended amount of time is not an option. Online Schema Change (OSC) does the same thing, in code, while allowing access to the table. Data changes are captured in the background and mirrored to both versions. Multiple competing implementations of this exist, and we have institutionalized and automated this in the DBA portal at work.\nThis process does the INSERT ... SELECT ... thing internally (and so does OSC). That is why the conversion works, and how the conversion works. The rules are the MySQL data type conversion rules, as documented in the manual.\nThere is an order, and it changed When looking at the test-SELECT we see there seems to be an order, and it changed.\nThere is an order, because the column I changed was the PRIMARY KEY. The MySQL InnoDB storage engine stores data in a B+-Tree.\nA B-Tree is a balanced tree. That is a tree in which the path length of the longest path from the root of the tree to any leaf is at most one step longer than the shortest path.\nSo assuming a database with a page size of 16384 bytes (16 KB), as MySQL uses, and assuming index records of 10 bytes (4 byte integer plus some overhead), we can cram over 1500 index records into a single page. Assuming index records of 64 bytes - quite large - we still fit 256 records into one page.\nWe get an index tree with a fan-out per level of 100 or more (in our example: 256 to over 1500).\nFor a tree of depth 4, this is good for 100^4 = 100 million records, or in other words, with 4 index accesses we can point-access any record in a table of 100 million rows. Or, in other words, for any realistic table design, an index access finds you a record with at most 4 disk accesses.\n4 (or less): The number of disk accesses to get any record in any table via an index.\nIn the InnoDB storage engine, the PRIMARY KEY is a B+-Tree. That is a B-Tree in which the leaves contain the actual data. Since a tree is an ordered data structure, the actual data is stored in primary key order on disk.\nData with adjacent primary key values is likely stored in the same physical page. Data with small differences in primary key values is likely stored closer together than data with large differences in primary key values. Changing a primary key value changes the physical position of a record. Never change a primary key value (Never UPDATE t SET id = ...). For an AUTO_INCREMENT key, new data is inserted at the end of the table, old data is closer to the beginning of the table. MySQL has special code to handle this efficiently. Deleting old data is not handled very efficiently. Look into Partitions and think about ALTER TABLE t DROP PARTITION ... for buffer like structures that need to scale. Also think about proper time series databases, if applicable, or about using Cassandra (they have TTL). We remember:\nIn InnoDB the primary key value governs the physical layout of the table.\nAssuming that new data is accessed often and old data is accessed less often, using primary keys with an AUTO_INCREMENT value collects all new, hot records in a minimum number of data pages at the end of the table/the right-hand side of the tree. The set of pages the database is accessing a lot is minimal, and most easily cached in memory.\nThis design minimizes the amount of memory cache, and maximizes database speed automatically for many common access patterns and workloads.\nThat is why it was chosen and optimized for.\nRandom, Hash or UUID primary key Consider table designs that assign a primary key in a random way. This would be for any design that uses a primary key that is an actual random number, the output of a cryptographic hash function such as SHA256(), or many UUID generators.\nUsing an integer auto_increment primary key, we are likely to get hot data at the right-hand side, cold data at the left-hand side of the tree. We load hot pages, minimising the cache footprint:\nAUTO_INCREMENT integer primary key controlling data order. Hot data in few pages to the \u0026ldquo;right\u0026rdquo; side of the tree, minimal cache footprint\nBut with a random distribution of primary keys over the keyspace, there is no set of pages that is relatively cold. As soon as we hit a key on a page (and for hot keys, we hit them often), we have to load the entire page into memory and keep it there (because there is a hot key in it, and we are likely to hit it again, soon):\nPrimary Key values are randomly chosen: Any page contains a primary key that is hot. As soon as it is being accessed, the entire 16 KB page is loaded.\nSo we need a comparatively larger (often: much larger) amount of memory to have a useful cache for this table.\nIn MySQL, numeric integer primary key auto_increment optimizes memory footprint for many workloads.\nMySQL provides a way out: UUID_TO_BIN(data, 1) Unfortunately, MySQL itself produces UUID() values with the UUID function that sort very badly:\nmysql\u0026gt; select uuid(); +--------------------------------------+ | uuid() | +--------------------------------------+ | 553d5726-eeaa-11ea-b643-08606ee5ff82 | +--------------------------------------+ 1 row in set (0.00 sec) mysql\u0026gt; select uuid(); +--------------------------------------+ | uuid() | +--------------------------------------+ | 560b9cc4-eeaa-11ea-b643-08606ee5ff82 | +--------------------------------------+ 1 row in set (0.00 sec) mysql\u0026gt; select uuid(); +--------------------------------------+ | uuid() | +--------------------------------------+ | 568e4edd-eeaa-11ea-b643-08606ee5ff82 | +--------------------------------------+ 1 row in set (0.00 sec) MySQL provides the UUID() function as an implementation of RFC 4122 Version 1 UUIDs .\nThe manual says:\nThe first three numbers are generated from the low, middle, and high parts of a timestamp. The high part also includes the UUID version number. The fourth number preserves temporal uniqueness in case the timestamp value loses monotonicity (for example, due to daylight saving time). The fifth number is an IEEE 802 node number that provides spatial uniqueness. A random number is substituted if the latter is not available (for example, because the host device has no Ethernet card, or it is unknown how to find the hardware address of an interface on the host operating system). In this case, spatial uniqueness cannot be guaranteed. Nevertheless, a collision should have very low probability. Having the timestamp in front for printing is a requirement of the standard. But we need not store it that way:\nMySQL 8 provides a UUID_TO_BIN() function, and this function has an optional second argument, swap_flag.\n»If swap_flag is 1, the format of the return value differs: The time-low and time-high parts (the first and third groups of hexadecimal digits, respectively) are swapped. This moves the more rapidly varying part to the right and can improve indexing efficiency if the result is stored in an indexed column.«\nTL;DR So if you must use a UUID in a primary key\nChoose MySQL 8. Make it VARBINARY(16). Store it with UUID_TO_BIN(UUID(), 1). Access it with BIN_TO_UUID(col, 1). See also:\nMySQL Server Team Blog on UUID support for MySQL 8 . MySQL Server Team on the pain of pre-MySQL 8 UUID (Article from 2015). ","date":"2020-09-22T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/22/alter-table-for-uuid.html","tags":["lang_en","mysql","mysqldev","database","erklaerbaer"],"title":"MySQL: ALTER TABLE for UUID"},{"categories":null,"content":"Iterating schemas over time is not an uncommon thing. Often requirements emerge only after you have data, and then directed action is possible. Consequently, working on existing data, and structuring and cleaning it up is a common task.\nIn today\u0026rsquo;s example we work with a log table that logged state transitions of things in freeform VARCHAR fields. After some time the log table grew quite sizeable, and the log strings are repeated rather often, contributing to the overall size of the table considerably.\nWe are starting with this table:\nCREATE TABLE `log` ( `id` int NOT NULL AUTO_INCREMENT, `device_id` int NOT NULL, `change_time` datetime NOT NULL, `old_state` varchar(64) NOT NULL, `new_state` varchar(64) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB That is, our log table has an id field to allow individual row addressing, and then logs the state change of a device_id at a certain change_time from an old_state into a new_state. The two state fields are varchar(64) and contain one of some 13 or so different strings.\nMaybe they also contain typos, outdated state codes or other stuff that will later need remapping and cleanup, but in today\u0026rsquo;s example we want to concentrate on the cleanup.\nSome small manual sample data:\nmysql\u0026gt; select * from log; +----+-----------+---------------------+---------------+---------------+ | id | device_id | change_time | old_state | new_state | +----+-----------+---------------------+---------------+---------------+ | 1 | 17 | 2020-09-18 18:06:37 | racked | burn-in | | 2 | 17 | 2020-09-18 18:14:18 | burn-in | provisionable | | 3 | 17 | 2020-09-18 18:14:34 | provisionable | setup | | 4 | 17 | 2020-09-18 18:14:48 | setup | installed | | 5 | 17 | 2020-09-18 18:14:56 | installed | live | +----+-----------+---------------------+---------------+---------------+ 5 rows in set (0.00 sec) Let\u0026rsquo;s build a list of all possible states from both columns, old_state and new_state. This is easily done. Using old_state, and we prepend a NULL column because we want to INSERT ... SELECT ... this later into a map table which will map the string to an id value. We will then encode the strings using exactly this value.\nmysql\u0026gt; select NULL as id, -\u0026gt; old_state -\u0026gt; from log -\u0026gt; group by old_state; +------+---------------+ | id | old_state | +------+---------------+ | NULL | racked | | NULL | burn-in | | NULL | provisionable | | NULL | setup | | NULL | installed | +------+---------------+ 5 rows in set (0.00 sec) Now using a UNION we extend it to new_state as well.\nmysql]\u0026gt; select NULL as id, -\u0026gt; old_state -\u0026gt; from log -\u0026gt; group by old_state -\u0026gt; union -\u0026gt; select NULL as id, -\u0026gt; new_state -\u0026gt; from log -\u0026gt; group by new_state; +------------+---------------+ | id | old_state | +------------+---------------+ | 0x | racked | | 0x | burn-in | | 0x | provisionable | | 0x | setup | | 0x | installed | | 0x | live | +------------+---------------+ 6 rows in set (0.00 sec) The result strings look good, but something happened to our NULL values. In the original statement they were still good, but in the UNION they get mangled.\nThe data types of the result table are derived from the values and their types in the first result set of the UNION. And NULL is not a good value to guess anything from.\nSo let\u0026rsquo;s be more explicit about the types:\nmysql\u0026gt; select cast(NULL as signed) as id, -\u0026gt; old_state as state -\u0026gt; from log -\u0026gt; group by state -\u0026gt; union -\u0026gt; select cast(NULL as signed) as id, -\u0026gt; new_state as state -\u0026gt; from log -\u0026gt; group by state; +------+---------------+ | id | state | +------+---------------+ | NULL | racked | | NULL | burn-in | | NULL | provisionable | | NULL | setup | | NULL | installed | | NULL | live | +------+---------------+ 6 rows in set (0.00 sec) This now works, and we can feed it into an INSERT ... SELECT ....\nmysql\u0026gt; show create table map\\G Table: map Create Table: CREATE TABLE `map` ( `id` int NOT NULL AUTO_INCREMENT, `state` varchar(64) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB mysql\u0026gt; insert into map -\u0026gt; select cast(NULL as signed) as id, old_state as state from log group by state -\u0026gt; union -\u0026gt; select cast(NULL as signed) as id, new_state as state from log group by state; Query OK, 6 rows affected (0.02 sec) Records: 6 Duplicates: 0 Warnings: 0 mysql\u0026gt; select * from map; +----+---------------+ | id | state | +----+---------------+ | 1 | racked | | 2 | burn-in | | 3 | provisionable | | 4 | setup | | 5 | installed | | 6 | live | +----+---------------+ 6 rows in set (0.00 sec) Yay. A nice and automatically numbered list of all possible states from the existing data. We need this indexed, and we also need indices on the two source columns.\nmysql\u0026gt; alter table map add index(state); Query OK, 0 rows affected (0.08 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql\u0026gt; alter table log add index(old_state), add index(new_state); Query OK, 0 rows affected (0.08 sec) Records: 0 Duplicates: 0 Warnings: 0 If we want to encode these two columns with id-Values from map, we need to add columns for that.\nmysql\u0026gt; alter table log add column old_state_id integer not null after old_state, -\u0026gt; add column new_state_id integer not null after new_state; We can now encode by looking up each log.old_state value in map.state and returning the matching map.id value. With this we should be able to construct an UPDATE statement that fills in the log.old_state_id column.\nmysql\u0026gt; select map.id as old_state_id -\u0026gt; from map join log -\u0026gt; on map.state = log.old_state; +--------------+ | old_state_id | +--------------+ | 2 | | 5 | | 3 | | 1 | | 4 | +--------------+ 5 rows in set (0.00 sec) Let\u0026rsquo;s try this out in an UPDATE:\nmysql\u0026gt; update log -\u0026gt; set log.old_state_id = ( -\u0026gt; select id from map where log.old_state = map.state -\u0026gt; ); Query OK, 5 rows affected (0.02 sec) Rows matched: 5 Changed: 5 Warnings: 0 mysql\u0026gt; update log -\u0026gt; set log.new_state_id = ( -\u0026gt; select id from map where log.new_state = map.state -\u0026gt; ); Query OK, 5 rows affected (0.01 sec) Rows matched: 5 Changed: 5 Warnings: 0 mysql\u0026gt; select * from log; +----+-----------+---------------------+---------------+--------------+---------------+--------------+ | id | device_id | change_time | old_state | old_state_id | new_state | new_state_id | +----+-----------+---------------------+---------------+--------------+---------------+--------------+ | 1 | 17 | 2020-09-18 10:06:37 | racked | 1 | burn-in | 2 | | 2 | 17 | 2020-09-18 10:14:18 | burn-in | 2 | provisionable | 3 | | 3 | 17 | 2020-09-18 10:14:34 | provisionable | 3 | setup | 4 | | 4 | 17 | 2020-09-18 10:14:48 | setup | 4 | installed | 5 | | 5 | 17 | 2020-09-18 10:14:56 | installed | 5 | live | 6 | +----+-----------+---------------------+---------------+--------------+---------------+--------------+ 5 rows in set (0.00 sec) So we update log, specifically setting each current log.old_state_id value to whatever is returned as matching, for this row, from the subselect we wrote. We then do the same, again, for the new_state column. The result is as shown, it works.\nWe now have two redundant columns and the indexes that go with them, and can drop these. Let\u0026rsquo;s also check the new table structure, and validate the output by joining the id values for resolution against the map.\nmysql\u0026gt; alter table log drop column old_state, drop column new_state; Query OK, 0 rows affected (0.24 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql\u0026gt; show create table log\\G Table: log Create Table: CREATE TABLE `log` ( `id` int NOT NULL AUTO_INCREMENT, `device_id` int NOT NULL, `change_time` datetime NOT NULL, `old_state_id` int NOT NULL, `new_state_id` int NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.01 sec) mysql\u0026gt; select * from log; +----+-----------+---------------------+--------------+--------------+ | id | device_id | change_time | old_state_id | new_state_id | +----+-----------+---------------------+--------------+--------------+ | 1 | 17 | 2020-09-18 10:06:37 | 1 | 2 | | 2 | 17 | 2020-09-18 10:14:18 | 2 | 3 | | 3 | 17 | 2020-09-18 10:14:34 | 3 | 4 | | 4 | 17 | 2020-09-18 10:14:48 | 4 | 5 | | 5 | 17 | 2020-09-18 10:14:56 | 5 | 6 | +----+-----------+---------------------+--------------+--------------+ 5 rows in set (0.00 sec) mysql\u0026gt; select log.id, -\u0026gt; log.device_id, -\u0026gt; log.change_time, -\u0026gt; oldmap.state as old_state, -\u0026gt; newmap.state as new_state -\u0026gt; from log join map as oldmap -\u0026gt; on log.old_state_id = oldmap.id -\u0026gt; join map as newmap -\u0026gt; on log.new_state_id = newmap.id; +----+-----------+---------------------+---------------+---------------+ | id | device_id | change_time | old_state | new_state | +----+-----------+---------------------+---------------+---------------+ | 1 | 17 | 2020-09-18 10:06:37 | racked | burn-in | | 2 | 17 | 2020-09-18 10:14:18 | burn-in | provisionable | | 3 | 17 | 2020-09-18 10:14:34 | provisionable | setup | | 4 | 17 | 2020-09-18 10:14:48 | setup | installed | | 5 | 17 | 2020-09-18 10:14:56 | installed | live | +----+-----------+---------------------+---------------+---------------+ 5 rows in set (0.00 sec) Note that we have to join against the map twice, once for each source column, and that also means we have to rename the map table to get unique names for each usage.\nWell, that\u0026rsquo;s a toy example. Let\u0026rsquo;s do that at scale, using a Python driver implementing exactly this procedure. Code is on GitHub.com .\nWe set up our source tables by going over the table creation statements in the sql_setup list .\nWe are also defining a list of possible states , and in a data generation loop fill the log table with many state transitions from random devices. Note that we do not really care much about matching source and target states, so the transitions are really random jumps. We commit once every statecount many rows (once for each device) to make it a bit faster.\nIn a prepare_log_transformation function we basically add the missing columns and indexes, then in perform_log_transformation, populate the map and encode the log .\nFinally, in finish_log_transformation , we drop the unneeded columns and also implicitly any indices defined on them.\nOn my super slow test machine, filling the table with a million rows from a thousand devices yields a 64M data file after 2 minutes. I have some 59M of data, and a bit of empty space:\n$ time ./lookups.py create-log-data --devicecount 1000 --statecount 1000 real\t2m9.729s user\t0m30.487s sys\t0m7.536s $ ls -l /var/lib/mysql/kris/log.ibd -rw-r----- 1 mysql mysql 64M Sep 18 12:27 log.ibd mysql\u0026gt; select * from information_schema.tables where table_name = \u0026#34;log\u0026#34;\\G TABLE_CATALOG: def TABLE_SCHEMA: kris TABLE_NAME: log TABLE_TYPE: BASE TABLE ENGINE: InnoDB VERSION: 10 ROW_FORMAT: Dynamic TABLE_ROWS: 998347 AVG_ROW_LENGTH: 59 DATA_LENGTH: 59326464 MAX_DATA_LENGTH: 0 INDEX_LENGTH: 0 DATA_FREE: 4194304 AUTO_INCREMENT: 1000001 CREATE_TIME: 2020-09-18 12:24:50 UPDATE_TIME: 2020-09-18 12:27:05 CHECK_TIME: NULL TABLE_COLLATION: utf8mb4_0900_ai_ci CHECKSUM: NULL CREATE_OPTIONS: TABLE_COMMENT: 1 row in set (0.00 sec) The file size will go up to 132M in the transformation step, most of that is from the indexing we add.\n$ time ./lookups.py prepare-log-transformation Adding id columns and indexes real 0m24.395s user 0m0.050s sys 0m0.004s $ time ./lookups.py perform-log-transformation Populating map Converting old_states Converting new_states real 0m39.729s user 0m0.050s sys 0m0.008s $ ls -l /var/lib/mysql/kris/log.ibd -rw-r----- 1 mysql mysql 132M Sep 18 12:31 log.ibd mysql\u0026gt; select * from information_schema.tables where table_name = \u0026#34;log\u0026#34;\\G TABLE_CATALOG: def TABLE_SCHEMA: kris TABLE_NAME: log TABLE_TYPE: BASE TABLE ENGINE: InnoDB VERSION: 10 ROW_FORMAT: Dynamic TABLE_ROWS: 996152 AVG_ROW_LENGTH: 78 DATA_LENGTH: 78200832 MAX_DATA_LENGTH: 0 INDEX_LENGTH: 50446336 DATA_FREE: 5242880 AUTO_INCREMENT: 1000001 CREATE_TIME: 2020-09-18 12:28:04 UPDATE_TIME: 2020-09-18 12:28:07 CHECK_TIME: NULL TABLE_COLLATION: utf8mb4_0900_ai_ci CHECKSUM: NULL CREATE_OPTIONS: TABLE_COMMENT: 1 row in set (0.00 sec) Finishing up will drop the two VARCHAR columns and the indices defined on them, but leaves us with the encoded values.\n$ time ./lookups.py finish-log-transformation Removing string columns real 0m10.486s user 0m0.045s sys 0m0.008s $ ls -l /var/lib/mysql/kris/log.ibd -rw-r----- 1 mysql mysql 52M Sep 18 12:32 log.ibd mysql\u0026gt; select * from information_schema.tables where table_name = \u0026#34;log\u0026#34;\\G TABLE_CATALOG: def TABLE_SCHEMA: kris TABLE_NAME: log TABLE_TYPE: BASE TABLE ENGINE: InnoDB VERSION: 10 ROW_FORMAT: Dynamic TABLE_ROWS: 997632 AVG_ROW_LENGTH: 48 DATA_LENGTH: 48824320 MAX_DATA_LENGTH: 0 INDEX_LENGTH: 0 DATA_FREE: 2097152 AUTO_INCREMENT: 1000001 CREATE_TIME: 2020-09-18 12:31:43 UPDATE_TIME: NULL CHECK_TIME: NULL TABLE_COLLATION: utf8mb4_0900_ai_ci CHECKSUM: NULL CREATE_OPTIONS: TABLE_COMMENT: 1 row in set (0.00 sec) So data length went from 59326464 bytes to 48824320 bytes, a reduction to 82.3% of the original size. We could save even more by not using integer 4-byte values to encode, but for example tinyint unsigned 1-byte values. On the other hand, that may become a problem later on when we exceed the id-space of the map table as we add new states.\nOn top of that, the size of the target log table is now a function of the row number, as we have no variable length columns anymore. The size of the source table is dependent on the variable length string values as well, so by encoding we also get predictable table sizes.\nTL;DR:\nUsing a map table, and update statements with a subselect, we can encode variable length repeated string values into integer values. We also get better data quality, as now only legal values from the map table can be encoded. The transformation requires at least two ALTER TABLE statements (or matching online schema changes), and one full scan for each column to be encoded. A lot of intermediate disk space is required. This needs planning. ","date":"2020-09-18T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/18/mysql-encoding-fields-for-great-profit.html","tags":["lang_en","mysql","database","innodb","erklaerbaer","mysqldev"],"title":"MySQL: Encoding fields for great profit."},{"categories":null,"content":"Bei der ARD ist man empört! Teslas Kameras: ARD rückt Datenschutzbedenken ins Licht . Will sagen, jemand hat älteren Personen gesteckt, daß ein selbstfahrendes Auto wenig überraschend Kameras braucht, um bei seiner bestimmungsgemäße Verwendung weniger ältere Personen überzumöllern.\nSo weit so wenig überraschend.\nBei einem Tesla sind es 9, bei anderen Automobilen anderer Hersteller noch mehr, und Radar, und Lidar und weitere Sensorsysteme. Problematisch sind nur Kameras, weil Menschen als visuelle Wesen zum Bild eine emotional andere Beziehung haben als zu anderen Daten, die objektiv nicht weniger kritisch sind. Aber Bilder, das ist Hexenwerk, das die Seele stiehlt, das muß man dringend streng kontrollieren.\nOkay, auch nicht überraschend.\nDie Bilder, die dabei anfallen, wertet das Vision System des Tesla live aus, und schmeißt den Großteil davon so schnell als möglich weg. Dazu braucht man Tesla nicht fragen, das kann man sich leicht überlegen.\nOder man spickt, was andere sich überlegt haben - hier geht es um Überwachungskameras, nicht um Netflix und so ist die Qualität nicht dieselbe. Aber darum geht es auch nicht primär. In der Beispielrechnung kommt man mit 2 MBit/s, 8 Stunden und 7 Tage Vorhaltezeit auf 50 GB pro Woche.\nNetflix HD braucht 5 MBit/s, und das sind 17 GB in 8 Stunden, 51 GB rund um die Uhr und 120 GB bzw 360 GB in der Woche bei 8 oder 24h am Tag.\nPro Kamera.\nVon denen wir 9 Stück im Auto haben.\nOkay, das Auto speichert also bestimmte ausgewählte Sequenzen, und manche Autos laden dann kleine Teile davon hoch, wenn es dazu aufgefordert wird.\nGewiss wird es nicht (2 MBit/s * 9 Kameras / 8 Bit/Byte) = 2.25 MB/s, also 8 GB pro Stunde, 64 GB pro Tag mitspeichern und lange vorhalten und noch viel weniger wird es versuchen, diesen Kram in einem deutschen Mobilfunknetz irgendwohin automatisch hochzuladen. Schon gar nicht flottenweit.\nNun gut.\nÜberraschend ist dabei die kurze Denkreichweite. Erstens geht es nicht um Tesla, und nicht einmal um Autos, sondern um jedes einzelbe autonome System mit Sensorik, das wir bauen oder bauen werden.\nUnd es geht auch nicht primär darum, ob die Daten gespeichert oder hochgeladen werden, sondern was das autonome System lokal entscheidet. Aber schauen wir mal in den Artikel:\nTesla will Telematik- und Videodaten zur Verbesserung seiner autonomen Fahrsysteme erfassen, aber mit den Daten auch Marketing betreiben.\nTesla wird insbesondere auch für die Funktion seiner Steuerungsalgorithmen zur Rechenschaft gezogen und muß dann in der Lage sein, einem Kläger, diversen Versicherungen, der Zulassungsstelle und seinen eigenen Ingenieuren darzulegen, was objektiv passiert ist. Also, was die Sensorik des Fahrzeugs aufgezeichnet hat, welche Entscheidungen der Fahrzeugführer und das Bordsystem getroffen hat und wie die Dinge dann abgelaufen sind.\nUm so mehr, wenn wir autonome Systeme haben, die rechtlich der Fahrzeugführer sind und bei denen der Hersteller des Steuerungssystems dann haftend ist statt des Menschen an Bord, der dann nur noch Passagier ist.\nAuch okay und langweilig. Das Ding wird nicht nur Augen brauchen, um zu sehen, sondern auch eine Art Gedächnis, um sich revisionsfest für sich und seinen Hersteller daran zu erinnern, was es gesehen hat und welche Entscheidungen es getroffen hat, denn das Gerät und sein Hersteller werden für diese Dinge zur Rechenschaft gezogen werden.\nKommen wir nun zu den interessanten Fragen:\nDas permanente anlasslose Aufzeichnen verstößt grundsätzlich in Deutschland gegen den Datenschutz.\nDas Auto verarbeitet die Daten, die es mit seinen Sensoren wahrnimmt, laufend, so wie ein Mensch der wach ist und die Augen offen hat. Das soll es und das muß es. Wenn es fährt, aber auch, wenn es geparkt ist und im \u0026ldquo;Sentinel-Mode\u0026rdquo; sich selbst und das Eigentum seines Besitzers überwacht und beschützt.\nDabei kann das Fahrzeug andere Objekte und Personen im ruhenden und bewegten Verkehr identifizieren und klassifizieren, bestimmt ihre relative Position und Geschwindigkeit, wertet ihr Verhalten aus und plant dann seine eigenen Aktionen in Verbindung mit den Zielvorgaben, die es erhalten hat.\nNehmen wir an, das Gerät nimmt dabei einen Verkehrsverstoß in seiner Umwelt wahr.\nZum Beispiel ist es in einer 30 km/h Zone geparkt und jemand brettert dort mit einem Fahrzeug mit 120 km/h durch. Die Kameras hat Beweismaterial, das Kennzeichen sowie die Gechwindigkeit und der Vektor dieses Fahrzeuges ist erfaßt. Soll das Auto die Szene hochladen und automatisch eine Anzeige erstatten? Hättest Du das getan, wenn Du ein photographisches Gedächnis hättest und Abzüge davon machen könntest ?\nDieselbe Szene wie vorher, aber das Fahrzeug fährt nur 42 km/h statt 120 km/h. Wenn das Urteil hier anders ausfällt, als im ersten Fall, warum? Und ab welcher Geschwindigkeit soll die automatische Anzeige ausgelöst werden?\nDas Auto wird manuell gesteuert und regelwidrig in einer 30 km/h Zone auf 120 km/h beschleunigt. Was soll das Auto tun? Ab welcher Geschwindigkeit?\nJetzt fahren wir autonom, und vor uns kommt es zu einem Unfall auf einer Kreuzung. Die Sensoren des Fahrzeugen haben das Geschehen mit Kameras, Lidar und Radar genauestens erfaßt und vermessen und können den Unfallhergang genau rekonstruieren. Was ist mit den Daten des autonomen Fahrzeuges zu tun?\nDer Fahrer des Fahrzeuges parkt sein Fahrzeug manuell regelwidrig in einem absoluten Halteverbot. Das Fahrzeug erkennt dies, und warnt den Fahrer. Der Fahrer ignoriert die Meldung und steigt aus. Was soll das Fahrzeug tun?\nDer Fahrer des Fahrzeuges parkt sein Fahrzeug manuell regelwidrig in einem absoluten Halteverbot. Das Fahrzeug erkennt dies, und warnt den Fahrer. Der Fahrer drückt die Meldung bewußt weg und steigt aus. Was soll das Fahrzeug tun?\nDas Auto wird regelkonform geparkt und stellt zwei Fahrzeuge vor sich ein menschlich gesteuertes Fahrzeug fest, das regelwidrig geparkt und verlassen wird.\nMan beachte, daß bei allen diesen Vorfällen die Daten live erfaßt werden und im Auto zunächst nicht dauerhaft gespeichert werden müssen, sondern nur gepuffert. Das Auto kann entscheiden, die Daten permanent zu speichern, den Vorfall zu melden oder Daten und Meldung zusammen hochzuladen.\nAllerdings entschied der Bundesgerichtshof im Mai 2018 in einem Revisionsverfahren, dass solche Aufnahmen bei Unfall-Prozessen als Beweismittel genutzt werden dürfen.\nDas autonome Fahrzeug hat die Sensoren, um das Geschehen um sich zu erfassen. Es hat die Logik und Regeln, um Regelverstöße von anderen autonomen und menschlich gesteuerten Fahrzeugen zu erfassen, die Fahrzeuge an ihren Kennzeichen zu identifizieren. Es kann entscheiden, die erfaßten Sensordaten bei Regelübertretungen anlaßbezogen zu speichern und zu melden. Die Beweise können dann entnommen oder hochgeladen werden.\nÜber die Verwertbarkeit auch von unzulässig oder rechtswidrig erhobenen Beweisen müsse durch eine Interessen- und Güterabwägung aufgrund der Umstände des Einzelfalles entschieden werden, urteilte der BGH damals.\nDie Daten sind jedenfalls da. Die Einzelfallentscheidungen können dann getroffen werden. Wie sollen die Regeln zur Speicherung und zur Meldung ausfallen? Welche Verstöße und Situationen soll das autonome Gerät zum Anlaß nehmen, die erfaßten Daten anlaßbezogen zu speichern und was soll es wem wann melden?\nIch frage das auch als Radfahrer, der in Deutschland gerne mal mit deutlich weniger als 1.5 Meter Abstand überholt worden ist, und gegenüber dem menschliche Autofahrer ihr Fahrzeug auch mehr als einmal als Waffe verwendet haben, um mich zu nötigen und zu gefährden.\n","date":"2020-09-17T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/17/mein-selbstfahrendes-auto-hat-kameras-oh-nein.html","tags":["lang_de","privacy"],"title":"Mein selbstfahrendes Auto hat Kameras, oh nein!"},{"categories":null,"content":"I have made changes to the RSS Feed of this blog:\nEach \u0026lt;item/\u0026gt; does now contain a container \u0026lt;tags/\u0026gt;, inside a sequence of \u0026lt;tag/\u0026gt; containers, with each posts tags. There is now a second RSS feed for posts tagged #mysql, because of demand. You can find it at https://blog.koehntopp.info/feed_mysql.xml . Example for the tags:\n\u0026lt;channel\u0026gt; \u0026lt;title\u0026gt;Die wunderbare Welt von Isotopp\u0026lt;/title\u0026gt; ... \u0026lt;item\u0026gt; \u0026lt;title\u0026gt;A post title\u0026lt;/title\u0026gt; \u0026lt;link\u0026gt;https://blog.koehntopp.info/2020/09/...\u0026lt;/link\u0026gt; \u0026lt;guid isPermalink=\u0026#34;false\u0026#34;\u0026gt;/2020/09/...\u0026lt;/guid\u0026gt; \u0026lt;tags\u0026gt;\u0026lt;tag\u0026gt;lang_en\u0026lt;/tag\u0026gt;\u0026lt;tag\u0026gt;mysql\u0026lt;/tag\u0026gt;\u0026lt;tag\u0026gt;database\u0026lt;/tag\u0026gt;\u0026lt;/tags\u0026gt; \u0026lt;description\u0026gt;blah blah blah\u0026lt;/description\u0026gt; \u0026lt;/item\u0026gt; \u0026lt;/channel\u0026gt; So if you want only the MySQL content, subscribe to this feed , if you want all the content, subscribe to the original feed . In both cases, use the \u0026lt;tags/\u0026gt; to filter further down.\n","date":"2020-09-09T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/09/feeds-tagged-and-a-mysql-feed.html","tags":["lang_en","mysql","blog"],"title":"Feeds tagged, and a MySQL feed"},{"categories":null,"content":"So this has turned into a small series, explaining how to work with MYSQL from a developers perspective. This post is intended as a directory for the individual articles. It will be amended and re-dated as necessary.\nThe code for the series is also available in isotopp/mysql-dev-examples on GitHub.\nThe Tag #mysqldev will reference all articles from this series.\nMySQL Transactions - the physical side . Looking at how MySQL InnoDB handles transactions on the physical media, enabling rollback and commit. Introduces a number of important concepts: The Undo-Log, the Redo-Log, the Doublewrite Buffer, and the corrosponding in memory structures, the Log Buffer and the InnoDB Buffer Pool, as well as the concept of a page.\nMySQL Commit Size and Speed . This article has code in Github, in mysql-commit-size/. We benchmark MySQL write speed as a function of number of rows written per commit.\nMySQL Connection Scoped State . Looking at things that are stateful and attached to a MySQL connection, and are lost on disconnect.\nMySQL Transactions - the logical view . This article introduces the concept of TRANSACTION ISOLATION LEVEL and how pushing things into the Undo-Log, while a necessity to implement ROLLBACK for a Writer, enables features for a Reader.\nMySQL Transactions - writing data . This article has code in Github, in mysql-transactions-counter. We increment a counter in the database, with multiple concurrent writers, and see what happens.\nMySQL: Locks and Deadlocks . When changing multiple rows, it is possible to take out locks in transactions one by one. Depending on how that is done, it may come to deadlocks, and server-initiated rollbacks. When that happens, the transaction must be retried.\nMySQL Deadlocks with INSERT When using the obscure transaction isolation level SERIALIZABLE, it may happen that a single INSERT can deadlock. Here is how, and why.\nMySQL Foreign Keys and Foreign Key Constraints When establishing relationships between tables, you are doing this by putting one tables primary keys into another tables columns. Enforcing valid pointers between tables seems like a sexy idea, but is painful, and maybe hurts more than it helps.\nMySQL Foreign Key Constraints and Locking Looking at tables with foreign key constraints, we check what happens to table and row locks, and how this is different from before.\nMySQL: Some Character Set Basics A collection and re-evaluation of things I wrote about MySQL character sets in the past, updated to match MySQL 8.\nMySQL: NULL is NULL Understanding the handling of NULL values in SQL. NULL is not false, nor None/nil/undef, but is a thing specific to SQL.\nMySQL: Basic usage of the JSON data type MySQL 8 gains support of a JSON data type. How to get data in and out of JSON fields.\n","date":"2020-09-07T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/07/mysql-from-a-developers-perspective.html","tags":["lang_en","mysql","database","innodb","erklaerbaer","mysqldev"],"title":"MySQL from a Developers Perspective"},{"categories":null,"content":"We have had a look at how MySQL 8 handles JSON recently, but with all those JSON functions and expressions it is clear that many JSON accesses cannot be fast. To grab data from a JSON column, you will use a lot of $-\u0026gt;\u0026gt;field expressions and similar, and without indexes nothing of this will be fast.\nJSON cannot be indexed.\nBut MySQL 8 offers another feature that comes in handy: Generated columns and indexes on those. Let\u0026rsquo;s look at the parts, step by step, and how to make them work, because they are useful even outside the context of JSON.\nAn example table For the following example we are going to define a table t1 with an integer id and two integer data fields, a and b. We will be filling it with random integers up to 999 for the data values:\nmysql]\u0026gt; create table t1 ( -\u0026gt; id integer not null primary key auto_increment, -\u0026gt; a integer, -\u0026gt; b integer -\u0026gt; ); Query OK, 0 rows affected (0.07 sec) mysql\u0026gt; insert into t1 ( id, a, b) values (NULL, ceil(rand()*1000), ceil(rand()*1000)); Query OK, 1 row affected (0.01 sec) mysql\u0026gt; insert into t1 (id, a, b) select NULL, ceil(rand()*1000), ceil(rand()*1000) from t1; Query OK, 1 row affected (0.01 sec) Records: 1 Duplicates: 0 Warnings: 0 ... mysql\u0026gt; insert into t1 (id, a, b) select NULL, ceil(rand()*1000), ceil(rand()*1000) from t1; Query OK, 524288 rows affected (6.83 sec) Records: 524288 Duplicates: 0 Warnings: 0 mysql\u0026gt; select count(*) from t1; +----------+ | count(*) | +----------+ | 1048576 | +----------+ 1 row in set (0.04 sec) Generated columns A generated column is a column with values that are calculated from a deterministic expression provided in the column definition. It has the usual name and type, and then a GENERATED ALWAYS AS () term. The parentheses are part of the syntax and cannot be left off. The GENERATED ALWAYS is optional, and we are going to leave it off, because we are lazy.\nThe column can be VIRTUAL, in which case the expression is evaluated when reading every time a value is needed, or STORED, in which case the value is materialized and stored on write.\nIt may also contain inline index definitions and a column comment.\nVIRTUAL generated columns So we get our trivial example:\nmysql\u0026gt; alter table t1 add column c integer as ( a+b ) virtual; Query OK, 0 rows affected (0.11 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql\u0026gt; select * from t1 limit 3; +----+------+------+------+ | id | a | b | c | +----+------+------+------+ | 1 | 997 | 808 | 1805 | | 2 | 51 | 831 | 882 | | 3 | 998 | 499 | 1497 | +----+------+------+------+ 3 rows in set (0.00 sec) That was fast - the table definition is changed, but because the column is VIRTUAL, no data values need to be changed. Instead, the data is calculated on read access. We could have written our sample read as SELECT id, a, b, a+b AS c FROM t1 LIMIT 3 for the same effect, because that is what happened.\nWe may even store that statement in a view and then call it, and that\u0026rsquo;s effectively the same:\nmysql\u0026gt; create view v1 as select id, a, b, a+b as c from t1; Query OK, 0 rows affected (0.03 sec) mysql\u0026gt; select * from v1 limit 3; +----+------+------+------+ | id | a | b | c | +----+------+------+------+ | 1 | 997 | 808 | 1805 | | 2 | 51 | 831 | 882 | | 3 | 998 | 499 | 1497 | +----+------+------+------+ 3 rows in set (0.00 sec) Well, not quite. Let\u0026rsquo;s explain the same query on t1 and v1 and see what the optimizer has to say:\nmysql\u0026gt; explain select * from t1 where c\u0026lt;50\\G id: 1 select_type: SIMPLE table: t1 partitions: NULL type: ALL possible_keys: NULL key: NULL key_len: NULL ref: NULL rows: 1046904 filtered: 33.33 Extra: Using where 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select `kris`.`t1`.`id` AS `id`,`kris`.`t1`.`a` AS `a`,`kris`.`t1`.`b` AS `b`,`kris`.`t1`.`c` AS `c` from `kris`.`t1` where (`kris`.`t1`.`c` \u0026lt; 50) mysql\u0026gt; explain select * from v1 where c\u0026lt;50\\G id: 1 select_type: SIMPLE table: t1 partitions: NULL type: ALL possible_keys: NULL key: NULL key_len: NULL ref: NULL rows: 1046904 filtered: 100.00 Extra: Using where 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select `kris`.`t1`.`id` AS `id`,`kris`.`t1`.`a` AS `a`,`kris`.`t1`.`b` AS `b`,(`kris`.`t1`.`a` + `kris`.`t1`.`b`) AS `c` from `kris`.`t1` where ((`kris`.`t1`.`a` + `kris`.`t1`.`b`) \u0026lt; 50) The output differs slightly in two places: the estimate given for filtered is different, and the view \u0026ldquo;sees\u0026rdquo; and exposes the definition for c as a+b in the reparsed statement in the \u0026ldquo;Note\u0026rdquo; section.\nFurther down we will also see how the generated column can be indexed, while the statement expression can not - and that in the end what makes the key difference in performance.\nSTORED generated columns Let\u0026rsquo;s flip from VIRTUAL to STORED and see what happens. We drop the old definition of c, and re-add the same one, but with a STORED attribute.\nmysql\u0026gt; alter table t1 drop column c, add column c integer as (a+b) stored; Query OK, 1048576 rows affected (6.27 sec) Records: 1048576 Duplicates: 0 Warnings: 0 If we looked at the average row length in INFORMATION_SCHEMA.TABLES, we would see it as a bit longer (but as is usual with I_S.TABLES output for small and narrow tables, the values are a bit off).\nWe also see the ALTER TABLE now takes actual time, proportional to the table size. What happened is that the values for c now get materialized on write, as if we defined a BEFORE INSERT trigger maintaining the values in c.\nTrying to write to a generated column fails (except when it doesn\u0026rsquo;t) VIRTUALand STORED don\u0026rsquo;t matter: you can\u0026rsquo;t write to generated columns:\nmysql\u0026gt; update t1 set c = 17 where id = 3; ERROR 3105 (HY000): The value specified for generated column \u0026#39;c\u0026#39; in table \u0026#39;t1\u0026#39; is not allowed. mysql\u0026gt; replace into t1 set id=3, c=17; ERROR 3105 (HY000): The value specified for generated column \u0026#39;c\u0026#39; in table \u0026#39;t1\u0026#39; is not allowed. With one exception:\nmysql\u0026gt; update t1 set c=default where id = 3; Query OK, 0 rows affected (0.00 sec) Rows matched: 1 Changed: 0 Warnings: 0 So if you aren\u0026rsquo;t actually writing to c, you are allowed to write to c. That sounds stupid until you define a view on t1 that includes c and is considered updatable - by allowing this construct, it stays updatable, even if it includes c.\nFilling in the correct value is not the same as default and does not work:\nmysql\u0026gt; select * from t1 limit 1; +----+------+------+------+ | id | a | b | c | +----+------+------+------+ | 1 | 997 | 808 | 1805 | +----+------+------+------+ 1 row in set (0.00 sec) mysql\u0026gt; update t1 set c=1805 where id=1; ERROR 3105 (HY000): The value specified for generated column \u0026#39;c\u0026#39; in table \u0026#39;t1\u0026#39; is not allowed. Caution: CREATE TABLE \u0026hellip; AS SELECT vs. generated columns We already know (I hope) that CREATE TABLE ... AS SELECT is of the devil and should not be used to copy table definitions: It creates a table from the result set of the select statement, which is most definitively not the definition of the original table.\nWe have seen this fail already with indexes and foreign key definitions, and in case you didn\u0026rsquo;t, here is what I mean:\nmysql\u0026gt; create table sane ( id integer not null primary key auto_increment, t1id integer, foreign key (t1id) references t1(i d) ); Query OK, 0 rows affected (0.06 sec) mysql\u0026gt; show create table sane\\G Table: sane Create Table: CREATE TABLE `sane` ( `id` int NOT NULL AUTO_INCREMENT, `t1id` int DEFAULT NULL, PRIMARY KEY (`id`), KEY `t1id` (`t1id`), CONSTRAINT `sane_ibfk_1` FOREIGN KEY (`t1id`) REFERENCES `t1` (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) mysql\u0026gt; insert into sane values (1, 1), (2, 2), (3, 3), (4, 4); Query OK, 4 rows affected (0.01 sec) Records: 4 Duplicates: 0 Warnings: 0 mysql\u0026gt; create table broken as select * from sane; Query OK, 4 rows affected (0.07 sec) Records: 4 Duplicates: 0 Warnings: 0 mysql\u0026gt; show create table broken\\G Table: broken Create Table: CREATE TABLE `broken` ( `id` int NOT NULL DEFAULT \u0026#39;0\u0026#39;, `t1id` int DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.01 sec) broken is most decidedly not the same table as sane. The definition of broken has been inferred from the format of the result set, which may or may not have the same types as the base table(s). It also has no indexes and no constraints.\nThe correct way to copy a table definition is CREATE TABLE ... LIKE ... and then move the data with INSERT ... SELECT .... You still have to move the foreign key constraints manually, though:\nmysql\u0026gt; create table unbroken like sane; Query OK, 0 rows affected (0.10 sec) mysql\u0026gt; insert into unbroken select * from sane; Query OK, 4 rows affected (0.01 sec) Records: 4 Duplicates: 0 Warnings: 0 mysql\u0026gt; show create table unbroken\\G Table: unbroken Create Table: CREATE TABLE `unbroken` ( `id` int NOT NULL AUTO_INCREMENT, `t1id` int DEFAULT NULL, PRIMARY KEY (`id`), KEY `t1id` (`t1id`) ) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) And here is how it works with generated columns:\nmysql\u0026gt; create table t2 as select * from t1; Query OK, 1048576 rows affected (14.89 sec) Records: 1048576 Duplicates: 0 Warnings: 0 mysql\u0026gt; show create table t2\\G Table: t2 Create Table: CREATE TABLE `t2` ( `id` int NOT NULL DEFAULT \u0026#39;0\u0026#39;, `a` int DEFAULT NULL, `b` int DEFAULT NULL, `c` int DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) CREATE TABLE ... AS SELECT ... defined a table from the result set of the select clause, and the fact that c is generated is completely lost. So we now have a normal 4-column table.\nSo, how about CREATE TABLE ... LIKE ...?\nmysql\u0026gt; drop table t2; Query OK, 0 rows affected (0.08 sec) mysql\u0026gt; create table t2 like t1; Query OK, 0 rows affected (0.10 sec) mysql\u0026gt; show create table t2\\G Table: t2 Create Table: CREATE TABLE `t2` ( `id` int NOT NULL AUTO_INCREMENT, `a` int DEFAULT NULL, `b` int DEFAULT NULL, `c` int GENERATED ALWAYS AS ((`a` + `b`)) STORED, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) Yes! Success! Ok, now the data:\nmysql\u0026gt; insert into t2 select * from t1; ERROR 3105 (HY000): The value specified for generated column \u0026#39;c\u0026#39; in table \u0026#39;t2\u0026#39; is not allowed. Oh, right.\nmysql\u0026gt; insert into t2 select id, a, b from t1; ERROR 1136 (21S01): Column count doesn\u0026#39;t match value count at row 1 Aww, yes. Okay, the full monty:\nmysql\u0026gt; insert into t2 (id, a, b) select id, a, b from t1; Finally.\nOk, copying data between tables with generated columns requires a bit more engineering than a mindless INSERT ... SELECT *. The rules are not unexpected, we have explored them right above, still\u0026hellip;\nThe wrong data type Ok, let\u0026rsquo;s get a bit mean. What happens when we define c tinyint as (a+b) virtual so that the values exceed the range possible in a signed single bit value?\nmysql\u0026gt; select * from t1 limit 3; +----+------+------+------+ | id | a | b | c | +----+------+------+------+ | 1 | 997 | 808 | 1805 | | 2 | 51 | 831 | 882 | | 3 | 998 | 499 | 1497 | +----+------+------+------+ 3 rows in set (0.00 sec) mysql\u0026gt; alter table t1 drop column c, add column c tinyint as (a+b) virtual; ERROR 1264 (22003): Out of range value for column \u0026#39;c\u0026#39; at row 1 Oh, they are on to us!?!? Are they?\nThey are not when we do it in two steps:\nmysql\u0026gt; alter table t1 drop column c; Query OK, 0 rows affected (9.24 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql\u0026gt; alter table t1 add column c tinyint as (a+b) virtual; Query OK, 0 rows affected (0.08 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql\u0026gt; select * from t1 limit 3; +----+------+------+------+ | id | a | b | c | +----+------+------+------+ | 1 | 997 | 808 | 127 | | 2 | 51 | 831 | 127 | | 3 | 998 | 499 | 127 | +----+------+------+------+ 3 rows in set (0.00 sec) It clips the values according to the rules that MySQL always had, and that ate so much data.\nNow, let\u0026rsquo;s CREATE TABLE ... AS SELECT again:\nmysql\u0026gt; drop table broken; Query OK, 0 rows affected (0.07 sec) mysql\u0026gt; create table broken as select * from t1; ERROR 1264 (22003): Out of range value for column \u0026#39;c\u0026#39; at row 2 Error (Code 1264): Out of range value for column \u0026#39;c\u0026#39; at row 2 Error (Code 1030): Got error 1 - \u0026#39;Operation not permitted\u0026#39; from storage engine Wow. No less than three error messages. At least they mention the column c and the word \u0026ldquo;range\u0026rdquo;, so we kind of can have an idea what goes on. Still, this is only medium helpful and initially confusing.\nWhat happens, and why?\nmysql\u0026gt; select @@sql_mode; +--------------------------------------------+ | @@sql_mode | +--------------------------------------------+ | STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION | +--------------------------------------------+ 1 row in set (0.00 sec) mysql\u0026gt; set sql_mode = \u0026#34;\u0026#34;; Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; create table broken as select * from t1; ... Warning (Code 1264): Out of range value for column \u0026#39;c\u0026#39; at row 1028 Warning (Code 1264): Out of range value for column \u0026#39;c\u0026#39; at row 1029 Warning (Code 1264): Out of range value for column \u0026#39;c\u0026#39; at row 1030 SQL_MODE helpfully detected the problem and prevented data loss. As usual, SQL_MODE was as useless as it was helpful - while it prevented data loss, it did not directly point us into the right direction with its error messages.\nBy turning off SQL_MODE we get the clipped values copied and a bunch of warnings that everybody ignores all the time, anyway, so I guess it\u0026rsquo;s an improvement.\nAllowed and disallowed functions For generated columns to work it is a requirement that the functions are deterministic, idempotent and side effect free. All user defined functions and stored functions are disallowed, and the usual suspects from the set of builtins are also out:\nmysql\u0026gt; create table testme (id integer not null primary key auto_increment, a integer, b integer, c integer as (sleep(2))); ERROR 3763 (HY000): Expression of generated column \u0026#39;c\u0026#39; contains a disallowed function: sleep. mysql\u0026gt; create table testme (id integer not null primary key auto_increment, a integer, b integer, c integer as (uuid())); ERROR 3763 (HY000): Expression of generated column \u0026#39;c\u0026#39; contains a disallowed function: uuid. mysql\u0026gt; create table testme (id integer not null primary key auto_increment, a integer, b integer, c integer as (rand())); ERROR 3763 (HY000): Expression of generated column \u0026#39;c\u0026#39; contains a disallowed function: rand. mysql\u0026gt; create table testme (id integer not null primary key auto_increment, a integer, b integer, c integer as (now())); ERROR 3763 (HY000): Expression of generated column \u0026#39;c\u0026#39; contains a disallowed function: now. mysql\u0026gt; create table testme (id integer not null primary key auto_increment, a integer, b integer, c integer as (connection_id())); ERROR 3763 (HY000): Expression of generated column \u0026#39;c\u0026#39; contains a disallowed function: connection_id. mysql\u0026gt; create table testme (id integer not null primary key auto_increment, a integer, b integer, c integer as (last_insert_id())); ERROR 3763 (HY000): Expression of generated column \u0026#39;c\u0026#39; contains a disallowed function: last_insert_id. mysql\u0026gt; set @c := 1; Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; create table testme (id integer not null primary key auto_increment, a integer, b integer, c integer as (@c)); ERROR 3772 (HY000): Default value expression of column \u0026#39;c\u0026#39; cannot refer user or system variables. mysql\u0026gt; create table testme (id integer not null primary key auto_increment, a integer, b integer, c integer as (id)); ERROR 3109 (HY000): Generated column \u0026#39;c\u0026#39; cannot refer to auto-increment column. mysql\u0026gt; create table testme (id integer not null primary key auto_increment, a integer, b integer, c integer as (a)); Query OK, 0 rows affected (0.09 sec) mysql\u0026gt; alter table testme change column a x integer; ERROR 3108 (HY000): Column \u0026#39;a\u0026#39; has a generated column dependency. mysql\u0026gt; alter table testme drop column c, change column a x integer, add column c integer as (x); Query OK, 0 rows affected (0.21 sec) Records: 0 Duplicates: 0 Warnings: 0 From the final example above we learn that it is also impossible to change the existing definition of any column that is used by a generated column definition. We need to drop the generated column, change the definition of the base columns and then recreate the generated column.\nFor VIRTUAL columns that is cheap, for STORED - less so.\nSecondary indexes and generated columns So far, so nice. Now let\u0026rsquo;s cash in on this: Indexes, we have them. At least secondary indexes:\nmysql\u0026gt; create table wtf ( b integer not null, id integer as (b) not null primary key); ERROR 3106 (HY000): \u0026#39;Defining a virtual generated column as primary key\u0026#39; is not supported for generated columns. mysql\u0026gt; show create table t1\\G Table: t1 Create Table: CREATE TABLE `t1` ( `id` int NOT NULL AUTO_INCREMENT, `a` int DEFAULT NULL, `b` int DEFAULT NULL, `c` int GENERATED ALWAYS AS ((`a` + `b`)) VIRTUAL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=1376221 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) mysql\u0026gt; alter table t1 add index(c); Query OK, 0 rows affected (5.62 sec) Records: 0 Duplicates: 0 Warnings: 0 As expected, adding the index takes time, even if the column c is VIRTUAL: For an index we extract the indexed values from the table, sort them and store them together with pointers to the base row in the (secondary) index tree. In InnoDB, the pointer to the base row is always the primary key, so what we get in the index is actually pairs of (c, id).\nWe can prove that:\nQueries for c can be answered from the index. The index is called covering, it saves us chasing the row pointer and access to the actual row. In an EXPLAIN we see this being indicated with using index. Queries for c and id should also be covering: the queried values are all present in the index so that going to the base row is unnecessary. Querying for c and a is not covering, so the using index should be gone. And indeed:\nmysql\u0026gt; explain select c from t1 where c \u0026lt; 50\\G ... possible_keys: c key: c ... rows: 1257 Extra: Using where; Using index 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select `kris`.`t1`.`c` AS `c` from `kris`.`t1` where (`kris`.`t1`.`c` \u0026lt; 50) mysql\u0026gt; explain select c, id from t1 where c \u0026lt; 50\\G key: c ... Extra: Using where; Using index 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select `kris`.`t1`.`c` AS `c`,`kris`.`t1`.`id` AS `id` from `kris`.`t1` where (`kris`.`t1`.`c` \u0026lt; 50) mysql\u0026gt; explain select c, a from t1 where c \u0026lt; 50\\G ... possible_keys: c key: c ... Extra: Using where 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select `kris`.`t1`.`id` AS `id`,`kris`.`t1`.`a` AS `a`,`kris`.`t1`.`b` AS `b`,`kris`.`t1`.`c` AS `c` from `kris`.`t1` where (`kris`.`t1`.`c` \u0026lt; 50) As predicted, the final query for c, a cannot be covering and is missing the using index notice in the Extra column. This is still a good query: it is considering and using the index on c - the index alone is just not sufficient to resolve the query.\nThis should give us an idea about how to design:\nIn almost all cases STORED columns will not be paying off. They use disk space, and still need to evaluate the expression at least once for storage. If indexed, they will use disk space in the index a second time - the column is actually materialized twice, in the table in primary key order and the index in index order.\nSTORED generated columns make sense only if the expression is complicated and slow to calculate. But with the set of functions available to us that is hardly going to be the case, ever. So unless the expression is being evaluated really often the cost for the storage is not ever amortized.\nEven then, for generated columns STORED and VIRTUAL, many queries can probably be answered leveraging an index on the generated column so that we might try to get away with VIRTUAL columns all the time.\nGenerated columns and the Optimizer The optimizer is aware of the generated column definitions, and can leverage them, as long as they match:\nmysql\u0026gt; show create table t1\\G Table: t1 Create Table: CREATE TABLE `t1` ( `id` int NOT NULL AUTO_INCREMENT, `a` int DEFAULT NULL, `b` int DEFAULT NULL, `c` int GENERATED ALWAYS AS ((`a` + `b`)) VIRTUAL, PRIMARY KEY (`id`), KEY `c` (`c`) ) ENGINE=InnoDB AUTO_INCREMENT=1376221 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) mysql\u0026gt; explain select a+b from t1 where a+b\u0026lt;50\\G *************************** 1. row *************************** id: 1 select_type: SIMPLE table: t1 partitions: NULL type: range possible_keys: c key: c key_len: 5 ref: NULL rows: 1257 filtered: 100.00 Extra: Using where 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select (`kris`.`t1`.`a` + `kris`.`t1`.`b`) AS `a+b` from `kris`.`t1` where (`kris`.`t1`.`c` \u0026lt; 50) The optimizer is still the MySQL optimizer we all love to hate, so you have to be pretty literal for the match:\nmysql\u0026gt; explain select b+a from t1 where b+a\u0026lt;50\\G *************************** 1. row *************************** id: 1 select_type: SIMPLE table: t1 partitions: NULL type: ALL possible_keys: NULL key: NULL key_len: NULL ref: NULL rows: 1046422 filtered: 100.00 Extra: Using where 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select (`kris`.`t1`.`b` + `kris`.`t1`.`a`) AS `b+a` from `kris`.`t1` where ((`kris`.`t1`.`b` + `kris`.`t1`.`a`) \u0026lt; 50) Yup, no canonicalization, for reasons.\nMaking it work with JSON That\u0026rsquo;s a long article. Do you still remember how we started?\nJSON cannot be indexed.\nWell, now it can and you know how.\nmysql\u0026gt; show create table t\\G Table: t Create Table: CREATE TABLE `t` ( `id` int NOT NULL AUTO_INCREMENT, `j` json DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) mysql\u0026gt; select * from t; +----+-------------------------------------------------------+ | id | j | +----+-------------------------------------------------------+ | 1 | {\u0026#34;home\u0026#34;: \u0026#34;/home/kris\u0026#34;, \u0026#34;paid\u0026#34;: false, \u0026#34;user\u0026#34;: \u0026#34;kris\u0026#34;} | | 2 | {\u0026#34;home\u0026#34;: \u0026#34;/home/sven\u0026#34;, \u0026#34;paid\u0026#34;: false, \u0026#34;user\u0026#34;: \u0026#34;sven\u0026#34;} | | 3 | false | +----+-------------------------------------------------------+ 3 rows in set (0.00 sec) mysql\u0026gt; alter table t add column user varchar(80) as (j-\u0026gt;\u0026#39;$.user\u0026#39;) virtual, add index (user); Query OK, 0 rows affected (0.10 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql\u0026gt; select user, id from t; +--------+----+ | user | id | +--------+----+ | NULL | 3 | | \u0026#34;kris\u0026#34; | 1 | | \u0026#34;sven\u0026#34; | 2 | +--------+----+ 3 rows in set (0.00 sec) mysql\u0026gt; explain select id, j from t where id = 1\\G *************************** 1. row *************************** id: 1 select_type: SIMPLE table: t partitions: NULL type: const possible_keys: PRIMARY key: PRIMARY key_len: 4 ref: const rows: 1 filtered: 100.00 Extra: NULL 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select \u0026#39;1\u0026#39; AS `id`,\u0026#39;{\u0026#34;home\u0026#34;: \u0026#34;/home/kris\u0026#34;, \u0026#34;paid\u0026#34;: false, \u0026#34;user\u0026#34;: \u0026#34;kris\u0026#34;}\u0026#39; AS `j` from `kris`.`t` where true Yay, ref: const, primary key lookup in the optimizer, and we did not even have a query to run.\nSummary We have been looking at the two flavors of generated columns, and how they can make our life easier in many ways. We have been looking at various pitfalls with respect to copying data and table definitions around. We have been learning about indexing generated columns, and how the optimizer can leverage indexes even against the expressions defined in generated columns.\nFinally, we put the parts together and made JSON data lookups fast.\nThis should give us a number of ideas in terms of sensible table design around JSON. Often we use JSON for variable-ish data while we explore a data model. Then a JSON schema solidifies, and we can leverage values we require and rely on by putting them into generated columns and index these, then use these for search and access.\nEventually we may extract the columns from the variable JSON part of the schema completely and turn them into actually statically typed columns of the SQL schema, because we require them all the time.\nThese open up a pathway to incremental schema design while at the same time being flexible enough to have bag style soft and denormalized data types where we need them.\nThe Fine Manual There is a lot more to all of this than I can show here. This means you have homework. Read the following manual pages:\nCREATE TABLE and Generated Columns The basics in a single page.\nSecondary Indexes and Generated Columns Indexing generated columns, with special considerations on indexing JSON\nOptimizer Use of Generated Column Indexes We all love to hate the optimizer, but it has learned a lot of new tricks. Here\u0026rsquo;s what it does understand.\nThe CREATE INDEX statement and multi valued indexes The entire page is useful, because it speaks about functional indexes and how they are implemented as hidden virtual columns and indexes on these (which has implications). But within the discussion of JSON, the interesting part are Multi-Valued Indexes, which are indexes on non-scalar values such as JSON arrays, and how they are being used to speed up certain JSON functions that deal with array membership and overlaps.\n","date":"2020-09-07T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/07/mysql-generated-columns-and-virtual-indexes.html","tags":["lang_en","mysql","mysqldev","database","erklaerbaer"],"title":"MySQL: Generated Columns and virtual indexes"},{"categories":null,"content":"MySQL 8 provides solid support for the JSON data type. The manual has an overview of the data type , a JSON function reference , an an overview on generated column indexes , and explains multi-values indexes .\nCreating JSON columns Creating JSON columns is easy: Make the column of the JSON data type, fill in valid JSON data.\nmysql\u0026gt; create table t ( id integer not null primary key auto_increment, j json); Query OK, 0 rows affected (0.11 sec) mysql\u0026gt; insert into t (j) values -\u0026gt; (\u0026#39;null\u0026#39;), -\u0026gt; (\u0026#39;true\u0026#39;), -\u0026gt; (\u0026#39;false\u0026#39;), -\u0026gt; (\u0026#39;1\u0026#39;), -\u0026gt; (\u0026#39;\u0026#34;keks\u0026#34;\u0026#39;), -\u0026gt; (\u0026#39;[\u0026#34;eins\u0026#34;, \u0026#34;zwei\u0026#34;]\u0026#39;), -\u0026gt; (\u0026#39;{\u0026#34;eins\u0026#34;: \u0026#34;one\u0026#34;, \u0026#34;zwei\u0026#34;: \u0026#34;two\u0026#34;}\u0026#39;); Query OK, 5 rows affected (0.02 sec) mysql\u0026gt; select json_type(j) as type, json_valid(j) as valid, isnull(j) as sqlnull, j, id from t; +---------+-------+---------+--------------------------------+----+ | type | valid | sqlnull | j | id | +---------+-------+---------+--------------------------------+----+ | NULL | NULL | 1 | NULL | 1 | | NULL | 1 | 0 | null | 2 | | BOOLEAN | 1 | 0 | true | 3 | | BOOLEAN | 1 | 0 | false | 4 | | INTEGER | 1 | 0 | 1 | 5 | | STRING | 1 | 0 | \u0026#34;keks\u0026#34; | 6 | | ARRAY | 1 | 0 | [\u0026#34;eins\u0026#34;, \u0026#34;zwei\u0026#34;] | 7 | | OBJECT | 1 | 0 | {\u0026#34;eins\u0026#34;: \u0026#34;one\u0026#34;, \u0026#34;zwei\u0026#34;: \u0026#34;two\u0026#34;} | 8 | +---------+-------+---------+--------------------------------+----+ 8 rows in set (0.00 sec) mysql\u0026gt; insert into t (j) values (\u0026#39;[\u0026#34;incomplete\u0026#34;, \u0026#34;array\u0026#34;, \u0026#34;closing bracket\u0026#34;\u0026#39;); ERROR 3140 (22032): Invalid JSON text: \u0026#34;Missing a comma or \u0026#39;]\u0026#39; after an array element.\u0026#34; at position 41 in value for column \u0026#39;t.j\u0026#39;. We learn several things from this experiment:\nLiteral JSON values are always simple strings. The character set in JSON objects is utf8mb4, the collation is utf8mb4_bin. Because the collation is a _bin collation, comparison is case-sensitive. Charset and collation are fixed and cannot be changed without casting to a non-JSON type. We enclose them in single quotes, leveraging the fact that MySQL allows both single and double quotes as string terminators. This saves us a lot of quoting. JSON null is written as the string 'null'. JSON true is written as the string 'true'. JSON false is written as the string 'false'. We allowed NULL values in our JSON column definition by not providing a NOT NULL clause. SQL NULL is different from JSON 'null', but is cast to this. We can use the JSON_TYPE() function to check the JSON type inside the JSON column. The JSON is parsed, and checked for validity. The JSON_VALID() function does the checking. It also exposes the difference between SQL NULL and JSON 'null'. So does the SQL ISNULL() function (or the IS NULL comparison operator). Creating JSON values We can see JSON literal notation already from the previous example. There are also two utility functions to construct JSON array and object structures from SQL scalars. They are JSON_ARRAY() and JSON_OBJECT(). Note the handling of SQL NULL values.\nmysql\u0026gt; select json_array(1, NULL, 2) as ary, json_object(\u0026#34;eins\u0026#34;, \u0026#34;one\u0026#34;, \u0026#34;null\u0026#34;, NULL, \u0026#34;zwei\u0026#34;, \u0026#34;two\u0026#34;) as obj; +--------------+----------------------------------------------+ | ary | obj | +--------------+----------------------------------------------+ | [1, null, 2] | {\u0026#34;eins\u0026#34;: \u0026#34;one\u0026#34;, \u0026#34;null\u0026#34;: null, \u0026#34;zwei\u0026#34;: \u0026#34;two\u0026#34;} | +--------------+----------------------------------------------+ 1 row in set (0.01 sec) We can use JSON_MERGE_PRESERVE() and JSON_MERGE_PATCH() to incrementally build complicated structures. JSON_MERGE_PRESERVE() replaces JSON_MERGE(), which is deprecated and should no longer be used.\nmysql\u0026gt; select json_merge_preserve(\u0026#39;[3, 4, 5]\u0026#39;, \u0026#39;[1, 2, 3]\u0026#39;) as preserve, json_merge_patch(\u0026#39;[1, 2, 3]\u0026#39;, \u0026#39;[3, 4, 5]\u0026#39;) as patch\\G preserve: [3, 4, 5, 1, 2, 3] patch: [3, 4, 5] 1 row in set (0.00 sec) mysql\u0026gt; select json_merge_preserve(\u0026#39;{\u0026#34;eins\u0026#34;: \u0026#34;one\u0026#34;, \u0026#34;zwei\u0026#34;: \u0026#34;two\u0026#34;}\u0026#39;, \u0026#39;{\u0026#34;zwei\u0026#34;: \u0026#34;two\u0026#34;, \u0026#34;drei\u0026#34;: \u0026#34;three\u0026#34;}\u0026#39;) as preserve, json_merge_patch(\u0026#39;{\u0026#34;eins\u0026#34;: \u0026#34;one\u0026#34;, \u0026#34;zwei\u0026#34;: \u0026#34;two\u0026#34;}\u0026#39;, \u0026#39;{\u0026#34;zwei\u0026#34;: \u0026#34;two\u0026#34;, \u0026#34;drei\u0026#34;: \u0026#34;three\u0026#34;}\u0026#39;) as patch\\G preserve: {\u0026#34;drei\u0026#34;: \u0026#34;three\u0026#34;, \u0026#34;eins\u0026#34;: \u0026#34;one\u0026#34;, \u0026#34;zwei\u0026#34;: [\u0026#34;two\u0026#34;, \u0026#34;two\u0026#34;]} patch: {\u0026#34;drei\u0026#34;: \u0026#34;three\u0026#34;, \u0026#34;eins\u0026#34;: \u0026#34;one\u0026#34;, \u0026#34;zwei\u0026#34;: \u0026#34;two\u0026#34;} 1 row in set (0.00 sec) Quotes and quoting can be a bit painful, and even confusing. Let\u0026rsquo;s put the string A so-called \u0026quot;string\u0026quot;. into a JSON string, inside an SQL statement. To turn this text into a JSON string we need to put double quotes around it, quoting our internal double quotes with backslashes. To produce a backslash literal, we need to write a double backslash.\nThe result:\nmysql\u0026gt; insert into t (j) values (\u0026#39;\u0026#34;A so-called \\\\\u0026#34;string\\\\\u0026#34;.\u0026#34;\u0026#39;); Query OK, 1 row affected (0.02 sec) mysql\u0026gt; select last_insert_id() as id\\G id: 9 1 row in set (0.00 sec) We can get this back as j, or use JSON extractors (JSON_EXTRACT(), or -\u0026gt;). The current document is $, so:\nmysql\u0026gt; select j, j-\u0026gt;\u0026#39;$\u0026#39; as jj, j-\u0026gt;\u0026gt;\u0026#39;$\u0026#39; as jj_unquoted from t where id = 9\\G j: \u0026#34;A so-called \\\u0026#34;string\\\u0026#34;.\u0026#34; jj: \u0026#34;A so-called \\\u0026#34;string\\\u0026#34;.\u0026#34; jj_unquoted: A so-called \u0026#34;string\u0026#34;. 1 row in set (0.00 sec) This brings us to component access:\nJSON component access Using the JSON_EXTRACT() function and JSON path syntax, we can access fields in the JSON and select for them, as foreshadowed above.\nWe get the following selectors:\n$, the current JSON document. .key, select the key from the current object. Use .\u0026quot;key with space\u0026quot; when necessary. [N] selects the element N from a JSON array, starting to count at 0. .\u0026quot;equipment-ids\u0026quot;[1] is interesting, because we need to quote \u0026quot;equipment-ids\u0026quot; due to the dash in the key name. We must not put the array index into the quotes, though, or it won\u0026rsquo;t work. For an array slice, the syntax is [M to N] for the slice from N to M inclusive. For arrays, the keyword last is the rightmost element in the array. There are wildcards: .* are all values of a JSON object, as an array. [*] are all the values of a JSON array, as an array. ** are all paths that lead to a suffix. So, put into practice:\nmysql\u0026gt; insert into t (id, j) values (10, \u0026#39;{\u0026#34;id\u0026#34;: 10, \u0026#34;login\u0026#34;: \u0026#34;kris\u0026#34;, \u0026#34;fullname\u0026#34;: \u0026#34;Kristian \\\\\u0026#34;Isotopp\\\\\u0026#34; Köhntopp\u0026#34;, \u0026#34;equipment-ids\u0026#34;: [10, 11, 12], \u0026#34;borrowed\u0026#34;:{ \u0026#34;equipment-ids\u0026#34;: [1,2,3]}}\u0026#39;); Query OK, 1 row affected (0.01 sec) mysql\u0026gt; select json_extract(j, \u0026#39;$.fullname\u0026#39;) as f1, json_value(j, \u0026#39;$.fullname\u0026#39;) as f2 from t where id =10\\G f1: \u0026#34;Kristian \\\u0026#34;Isotopp\\\u0026#34; Köhntopp\u0026#34; f2: Kristian \u0026#34;Isotopp\u0026#34; Köhntopp 1 row in set (0.00 sec) mysql\u0026gt; select json_extract(j, \u0026#39;$.\u0026#34;equipment-ids\u0026#34;[1]\u0026#39;) as jj from t where id = 10\\G jj: 11 1 row in set (0.00 sec) mysql\u0026gt; select json_extract(j, \u0026#39;$.\u0026#34;equipment-ids\u0026#34;[1 to 2]\u0026#39;) as jj from t where id = 10\\G jj: [11, 12] 1 row in set (0.00 sec) mysql\u0026gt; select json_extract(j, \u0026#39;$.*\u0026#39;) as jj from t where id = 10\\G jj: [10, \u0026#34;kris\u0026#34;, {\u0026#34;equipment-ids\u0026#34;: [1, 2, 3]}, \u0026#34;Kristian \\\u0026#34;Isotopp\\\u0026#34; Köhntopp\u0026#34;, [10, 11, 12]] 1 row in set (0.00 sec) mysql\u0026gt; select json_extract(j, \u0026#39;$.\u0026#34;equipment-ids\u0026#34;[*]\u0026#39;) as jj from t where id = 10 \\G jj: [10, 11, 12] 1 row in set (0.00 sec) mysql\u0026gt; select json_extract(j, \u0026#39;$**.\u0026#34;equipment-ids\u0026#34;\u0026#39;) as jj from t where id =10\\G jj: [[10, 11, 12], [1, 2, 3]] 1 row in set (0.00 sec) This is cumbersome to write, so we also get colname-\u0026gt;selector as a shorthand for the JSON_EXTRACT(colname, selector) function:\nmysql\u0026gt; select j-\u0026gt;\u0026#39;$.\u0026#34;equipment-ids\u0026#34;[*]\u0026#39; as jj from t where id = 10\\G jj: [10, 11, 12] 1 row in set (0.00 sec) From JSON values to SQL values With our table from above, we are setting us up like this:\nmysql\u0026gt; truncate table t; Query OK, 0 rows affected (0.06 sec) mysql\u0026gt; insert into t (j) values (\u0026#39;{\u0026#34;user\u0026#34;: \u0026#34;kris\u0026#34;, \u0026#34;paid\u0026#34;: true, \u0026#34;home\u0026#34;: \u0026#34;/home/kris\u0026#34;}\u0026#39;); Query OK, 1 row affected (0.02 sec) mysql\u0026gt; insert into t (j) values (\u0026#39;{\u0026#34;user\u0026#34;: \u0026#34;sven\u0026#34;, \u0026#34;paid\u0026#34;: false, \u0026#34;home\u0026#34;: \u0026#34;/home/sven\u0026#34;}\u0026#39;); Query OK, 1 row affected (0.03 sec) We can ask for the payment status of all our users already, using the syntax from above:\nmysql\u0026gt; select j-\u0026gt;\u0026#34;$.user\u0026#34; as user, j-\u0026gt;\u0026#34;$.paid\u0026#34; as paid from t; +--------+-------+ | user | paid | +--------+-------+ | \u0026#34;kris\u0026#34; | true | | \u0026#34;sven\u0026#34; | false | +--------+-------+ 2 rows in set (0.00 sec) We cannot SQL SELECT all users that have paid, yet:\nmysql\u0026gt; select j-\u0026gt;\u0026#34;$.paid\u0026#34; as paid from t where j-\u0026gt;\u0026#34;$.paid\u0026#34;; +-------+ | paid | +-------+ | true | | false | +-------+ 2 rows in set, 1 warning (0.00 sec) Warning (Code 3986): Evaluating a JSON value in SQL boolean context does an implicit comparison against JSON integer 0; if this is not what you want, consider converting JSON to a SQL numeric type with JSON_VALUE RETURNING mysql\u0026gt; select j-\u0026gt;\u0026#34;$.user\u0026#34; as user, j-\u0026gt;\u0026#34;$.paid\u0026#34; as paid from t where json_value(j, \u0026#39;$.paid\u0026#39; returning signed); +--------+------+ | user | paid | +--------+------+ | \u0026#34;kris\u0026#34; | true | +--------+------+ 1 row in set (0.00 sec) The function JSON_VALUE() provides a type cast from JSON to SQL, making extracted JSON values available to SQL comparisons and conditions. Follow the link and look it up. There is no INTEGER, you have to be more specific, SIGNED or UNSIGNED, the types match the ones used in CAST(). There are also ON EMPTY and ON ERROR clauses.\nUsing JSON_VALUE() we can do the work of JSON_EXTRACT(), JSON_UNQUOTE() and CAST() in one go, and have control about handling of non-existent paths (ON EMPTY) and conversion errors (ON ERROR).\nWe could have used cast as well:\nmysql\u0026gt; select j-\u0026gt;\u0026#34;$.user\u0026#34; as user, -\u0026gt; j-\u0026gt;\u0026#34;$.paid\u0026#34; as paid, -\u0026gt; cast(j-\u0026gt;\u0026#34;$.paid\u0026#34; as signed) as casted, -\u0026gt; json_value(j, \u0026#34;$.paid\u0026#34; returning signed) as valued -\u0026gt; from t; +--------+-------+--------+--------+ | user | paid | casted | valued | +--------+-------+--------+--------+ | \u0026#34;kris\u0026#34; | true | 1 | 1 | | \u0026#34;sven\u0026#34; | false | 0 | 0 | +--------+-------+--------+--------+ 2 rows in set (0.00 sec) mysql\u0026gt; select j-\u0026gt;\u0026#34;$.user\u0026#34; as user, -\u0026gt; j-\u0026gt;\u0026#34;$.paid\u0026#34; as paid -\u0026gt; from t -\u0026gt; where cast(j-\u0026gt;\u0026#34;$.paid\u0026#34; as signed); +--------+------+ | user | paid | +--------+------+ | \u0026#34;kris\u0026#34; | true | +--------+------+ 1 row in set (0.00 sec) mysql\u0026gt; select j-\u0026gt;\u0026#34;$.user\u0026#34; as user, -\u0026gt; j-\u0026gt;\u0026#34;$.paid\u0026#34; as paid -\u0026gt; from t -\u0026gt; where json_value(j, \u0026#34;$.paid\u0026#34; returning signed); +--------+------+ | user | paid | +--------+------+ | \u0026#34;kris\u0026#34; | true | +--------+------+ 1 row in set (0.00 sec) Note that I left out the JSON_UNQUOTE() in the CAST() example, because I converted JSON BOOLEAN types to SQL SIGNED types, so no quoted strings needed handling. JSON_VALUE(col, selector RETURNING type) is actually CAST(JSON_UNQUOTE(JSON_EXTRACT(col, selector)) AS type).\nUpdating JSON values Reusing the example above, we can try to update the payment status of a user using the JSON_SET() function. Doing this, we need to be careful.\nFirst, let\u0026rsquo;s check if we can isolate the row we want to see elegantly:\nmysql\u0026gt; select j-\u0026gt;\u0026#34;$.user\u0026#34; as user, -\u0026gt; j-\u0026gt;\u0026#34;$.paid\u0026#34; as paid, -\u0026gt; json_type(j-\u0026gt;\u0026#34;$.paid\u0026#34;) as paid from t; +--------+-------+---------+ | user | paid | paid | +--------+-------+---------+ | \u0026#34;kris\u0026#34; | true | BOOLEAN | | \u0026#34;sven\u0026#34; | false | BOOLEAN | +--------+-------+---------+ 2 rows in set (0.00 sec) mysql\u0026gt; select j-\u0026gt;\u0026#34;$.user\u0026#34; as user, -\u0026gt; j-\u0026gt;\u0026#34;$.paid\u0026#34; as paid -\u0026gt; from t -\u0026gt; where j-\u0026gt;\u0026#34;$.user\u0026#34; = \u0026#34;kris\u0026#34;; +--------+------+ | user | paid | +--------+------+ | \u0026#34;kris\u0026#34; | true | +--------+------+ 1 row in set (0.00 sec) mysql\u0026gt; select j-\u0026gt;\u0026#34;$.user\u0026#34; as user, -\u0026gt; j-\u0026gt;\u0026#34;$.paid\u0026#34; as paid -\u0026gt; from t -\u0026gt; where j-\u0026gt;\u0026#34;$.user\u0026#34; = \u0026#34;KRIS\u0026#34;; Empty set (0.00 sec) We notice: while this works, it is working with JSON character sets, so it is utf8mb4 with a collation of utf8mb4_bin, hence case-sensitive comparison.\nUsing JSON_SET() we update the $.paid field of that user to false, and run into the next problem:\nmysql\u0026gt; update t -\u0026gt; set j=json_set(j, \u0026#34;$.paid\u0026#34;, \u0026#34;false\u0026#34; ) -\u0026gt; where j-\u0026gt;\u0026#34;$.user\u0026#34; = \u0026#34;kris\u0026#34;; Query OK, 1 row affected (0.01 sec) Rows matched: 1 Changed: 1 Warnings: 0 mysql\u0026gt; select * from t; +----+---------------------------------------------------------+ | id | j | +----+---------------------------------------------------------+ | 1 | {\u0026#34;home\u0026#34;: \u0026#34;/home/kris\u0026#34;, \u0026#34;paid\u0026#34;: \u0026#34;false\u0026#34;, \u0026#34;user\u0026#34;: \u0026#34;kris\u0026#34;} | | 2 | {\u0026#34;home\u0026#34;: \u0026#34;/home/sven\u0026#34;, \u0026#34;paid\u0026#34;: false, \u0026#34;user\u0026#34;: \u0026#34;sven\u0026#34;} | +----+---------------------------------------------------------+ 2 rows in set (0.00 sec) mysql\u0026gt; select j-\u0026gt;\u0026#34;$.user\u0026#34; as user, -\u0026gt; j-\u0026gt;\u0026#34;$.paid\u0026#34; as paid, -\u0026gt; json_type(j-\u0026gt;\u0026#34;$.paid\u0026#34;) as paid -\u0026gt; from t; +--------+---------+---------+ | user | paid | paid | +--------+---------+---------+ | \u0026#34;kris\u0026#34; | \u0026#34;false\u0026#34; | STRING | | \u0026#34;sven\u0026#34; | false | BOOLEAN | +--------+---------+---------+ 2 rows in set (0.00 sec) That is not what we want. But did we not insert values \u0026quot;false\u0026quot; and \u0026quot;true\u0026quot; into JSON fields earlier and got booleans?\nmysql\u0026gt; insert into t (id, j) values (3, \u0026#34;false\u0026#34;); Query OK, 1 row affected (0.00 sec) mysql\u0026gt; select id, j, json_type(j) as type from t where id = 3; +----+-------+---------+ | id | j | type | +----+-------+---------+ | 3 | false | BOOLEAN | +----+-------+---------+ 1 row in set (0.00 sec) Well, yes, but…\nFunctions in MySQL expect types, and convert to these types. JSON_SET() expects JSON, so we do it like this:\nmysql\u0026gt; update t -\u0026gt; set j=json_set(j, \u0026#34;$.paid\u0026#34;, false ) -\u0026gt; where j-\u0026gt;\u0026#34;$.user\u0026#34; = \u0026#34;kris\u0026#34;; Query OK, 1 row affected (0.01 sec) Rows matched: 1 Changed: 1 Warnings: 0 mysql\u0026gt; select id, j, json_type(j) as type from t where id = 1; +----+-------+---------+ | id | j | type | +----+-------+---------+ | 1 | false | BOOLEAN | +----+-------+---------+ 1 row in set (0.00 sec) There is JSON_REMOVE() , \u0026ldquo;Removes data from a JSON document\u0026rdquo;. There are also JSON_SET() , and friends:\nJSON_SET() replaces existing values and adds nonexistent values. JSON_INSERT() inserts values without replacing existing values. JSON_REPLACE() replaces only existing values. These are the basic tools we need to get JSON into and out of tables. We now just need to make it fast - the stuff for another article.\n","date":"2020-09-04T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/04/mysql-json-data-type.html","tags":["lang_en","mysql","mysqldev","database","erklaerbaer"],"title":"MySQL: Basic usage of the JSON data type"},{"categories":null,"content":"I had to upgrade my company issued MacBook pro to Catalina for fleet unity reasons. The upgrade left me with a folder Relocated Items in /Users/Shared/Desktop and a link to that prominently on my Desktop.\nDeleting that folder moved it to trash. Trying to empty trash then failed. That is because in that folder was several levels deep a folder or link to X11R6.\nApple considers that file outdated, which is why it ended up in Relocated Items. It also considers this file protected as a system file, so you cannot delete it.\nNot in the GUI nor on the command line, not even as root. In order to delete it you have to boot to single user mode in Recovery and do it there from the command line.\nStep by Step:\nBoot to Recovery using Cmd-R. On company systems this is likely protected. In my case I had to select my user and enter a password.\nIn Recovery, start Disk Utility, select the Mac OS Data Partition (any partition on the system disk will do) and select mount to the right on the Disk Utility menu. After that all system disk partitions will be mounted and shown no longer greyed out in the Utility.\nLeave the Utility with Cmd-Q, and from the menu at the top of the screen select Terminal.\nIn Terminal, cd /Users/\u0026lt;yourusername\u0026gt;/.Trash. A ls should show you Relocated Items.\nDelete these using rm -rf 'Relocated Items'.\nReboot using the eponymous item from the Apple Menu.\n","date":"2020-09-02T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/02/macos-relocated-items.html","tags":["lang_en","apple","macos"],"title":"MacOS: Deleting Relocated Items"},{"categories":null,"content":"Ok, it\u0026rsquo;s \u0026ldquo;Dad Stories\u0026rdquo; Time (from Twitter ). When my son was somewhat older than a year, he was learning to speak. He could already say \u0026ldquo;Mama\u0026rdquo; and \u0026ldquo;Papa\u0026rdquo;.\nIt was around Christmas, and there was a candle on the table, glowing interestingly, so he wanted to touch it. \u0026ldquo;Nein, heiß\u0026rdquo; is what you would say in German.\nOf course, a toddler does not understand the meaning of \u0026ldquo;heiß\u0026rdquo;. I mean, he\u0026rsquo;s trying to imitate the sound of it, but the meaning of \u0026ldquo;heiß\u0026rdquo; is something specific. We connect an experience with the word. Something that any child can only learn by touching the candle. There is literally no other way to learn it.\nSo the only thing I could do for him was to get a wet cloth and let him touch the candle. Safely. He did. He cried. I applied the wet cloth and soothing words. And the third word he learned was \u0026ldquo;heiß\u0026rdquo;.\nKnowledge, Experience and Intuition Computer Science is a lot like this, for some reason.\nPeople know here (touches head), for example by reading the SRE book or other stuff. You can ask them, and they will repeat the key learnings from the book back to you correctly.\nBut they do not know here (touches heart), and they will still build centralized Zookeepers.\nIt requires a few outages until they know here (touches gut) how to design systems properly and what is important in design.\nSo that person over there, with the centralized Zookeeper cluster. And that person over there with the schemaless, much simpler config language . And that one yonder, with the (type, length, value) BER-like data format. I could tell you \u0026ldquo;heiß\u0026rdquo; and you would not understand.\nGo and touch that candle. It\u0026rsquo;s the only way to learn properly.\nJonathan :\nI lament that so many orgs/people/uptimes have to suffer to build the wisdom.\nI dream of a university/bootcamp of \u0026ldquo;candle touching\u0026rdquo; where learners practice scaling a service.\nAnother \u0026ldquo;Dad Story\u0026rdquo;: I once worked at a company which used to own the domain wahl.de (\u0026ldquo;election.de\u0026rdquo;). They did not do much with it, they usually gave it do apprentices to play with. Usually the apprentices built elaborate PHP based websites that did pre-election mix- and match \u0026ldquo;Find the party that matches my interests\u0026rdquo;.\nNever did the apprentices stop to consider what will happen on election day, Sunday at 6pm. Because that\u0026rsquo;s when the die is cast, so hordes of people will drop onto the site and what they want - the only thing they want - is the results, as they develop. With no amount of hardware running PHP you will be able to handle this.\nAnd that does not matter, because all you need at that time is a single static page, updated in the background, with current results.\nBut the thing is - as an apprentice, you only learn - like \u0026ldquo;touches gut really learn\u0026rdquo; - when you had that site burn down underneath you in the most critical way.\nSo we let them.\nYes, we could make it safer. Yes, we could have warned them. Yes, we could have gently steered them towards a curated, safe solution. We didn\u0026rsquo;t. It was Kobayashi Maru all the way. It was quite important to let them do it, and let them fail at it, the real thing.\nOr as a good friend phrases it :\n\u0026ldquo;Error Budget\u0026rdquo;: How much infrastructure you\u0026rsquo;re allowed to set on fire to learn the meaning of the word \u0026ldquo;heiß\u0026rdquo;. Every organization has an error budget, but most don\u0026rsquo;t plan for it.\n","date":"2020-08-31T00:00:00Z","href":"https://blog.koehntopp.info/2020/08/31/on-touching-candles.html","tags":["lang_en","devops","erklaerbaer"],"title":"On Touching Candles, And Error Budgets"},{"categories":null,"content":"Question: Hey, I got a UNIQUE INDEX, but I can store multiple rows with the same value, NULL. That is surprising. Is that a bug?\nThis is a rewrite of the same in German from 9 years ago .\nroot@localhost [kris]\u0026gt; create table t ( a integer, b integer, unique (a,b)); Query OK, 0 rows affected (0.09 sec) root@localhost [kris]\u0026gt; insert into t values (1, 2); Query OK, 1 row affected (0.01 sec) root@localhost [kris]\u0026gt; insert into t values (1, 2); ERROR 1062 (23000): Duplicate entry \u0026#39;1-2\u0026#39; for key \u0026#39;t.a\u0026#39; This does not work, as expected. But this does:\nroot@localhost [kris]\u0026gt; truncate table t; Query OK, 0 rows affected (0.16 sec) root@localhost [kris]\u0026gt; insert into t values ( 1, NULL); Query OK, 1 row affected (0.02 sec) root@localhost [kris]\u0026gt; insert into t values ( 1, NULL); Query OK, 1 row affected (0.03 sec) root@localhost [kris]\u0026gt; select * from t; +------+------+ | a | b | +------+------+ | 1 | NULL | | 1 | NULL | +------+------+ 2 rows in set (0.00 sec) Why is that?\nThis is usually where I point people at SQL for Smarties: Advanced SQL Programming . The title is partially a lie, this book is starting without assuming anything, but it goes a long, long way into SQL. Joe Celko has been serving on the SQL standards committee for a long time, and also happens to be a very good teacher and writer.\nBuy all his books, but if you are going to buy only one, choose this one.\nHandling NULL properly NULL values do not behave like False, and not like True. They also do not behave like undef, nil or None in the programming language of your choice.\nThey also do not behave completely consistently. You need to learn the cases and actively look out for them. I am sorry, but SQL is 40+ years old, and sometimes it shows.\nBecause of all this, we discourage NULL in schema definitions. When you want NULL values (or get them without wanting them, for example in a LEFT JOIN), you need to be able to tell their story. That is, you are expected to explain what they mean, and if that is not exactly one thing, you are looking at a problem. You are also expected to handle them.\nLet’s have a look.\nCounting NULL In count(), a NULL value does not count. Except when it does. The one case where it does is the count(*), which is different from a count(colname).\nroot@localhost [kris]\u0026gt; select * from t; +------+------+ | a | b | +------+------+ | 1 | NULL | | 2 | 2 | | 3 | 3 | | 4 | NULL | +------+------+ 4 rows in set (0.00 sec) root@localhost [kris]\u0026gt; select count(*) as count_star, count(b) as count_b, count(coalesce(b, 0)) as coalesced from t; +------------+---------+-----------+ | count_star | count_b | coalesced | +------------+---------+-----------+ | 4 | 2 | 4 | +------------+---------+-----------+ 1 row in set (0.00 sec) We have a table with four rows. We can count(*), and the result is 4. We can also count(a), and that is still 4. When we count(b), that’s 2.\nThere is a handy little variadic function called coalesce(). It is variadic, which means it takes one or more parameters. It returns the leftmost parameter that is not NULL. So you can coalesce(delivery_address, billing_address, “Address unknown”) and that works.\nThat’s a lot easier to read than a set of nested IFNULL(). You almost never need IFNULL(), you want COALESCE().\nThe Math of NULL In comparisons, NULL behaves like this:\nroot@localhost [kris]\u0026gt; select 0=0, 1=1, 0=1, NULL=0, NULL=1, NULL=NULL; +-----+-----+-----+--------+--------+-----------+ | 0=0 | 1=1 | 0=1 | NULL=0 | NULL=1 | NULL=NULL | +-----+-----+-----+--------+--------+-----------+ | 1 | 1 | 0 | NULL | NULL | NULL | +-----+-----+-----+--------+--------+-----------+ 1 row in set (0.00 sec) “But I know that!” Yes, but are you aware of the consequences?\nThere are three outcomes of a comparison involving NULL values. Not two.\nWatch this:\nroot@localhost [kris]\u0026gt; select * from t; +------+------+ | a | b | +------+------+ | 1 | NULL | | 2 | 2 | | 3 | 3 | | 4 | NULL | +------+------+ 4 rows in set (0.00 sec) root@localhost [kris]\u0026gt; select * from t where b=2 -\u0026gt; UNION ALL -\u0026gt; select * from t where b \u0026lt;\u0026gt; 2; +------+------+ | a | b | +------+------+ | 2 | 2 | | 3 | 3 | +------+------+ 2 rows in set (0.00 sec) root@localhost [kris]\u0026gt; select * from t where b=2 -\u0026gt; UNION ALL -\u0026gt; select * from t where b \u0026lt;\u0026gt; 2 -\u0026gt; UNION ALL -\u0026gt; select * from t where b IS NULL; +------+------+ | a | b | +------+------+ | 2 | 2 | | 3 | 3 | | 1 | NULL | | 4 | NULL | +------+------+ 4 rows in set (0.00 sec) The UNION ALL of a predicate and the negated predicate does not yield the full table in the presence of NULL values.\n“Hey, IS NULL?” Yes, see the logic table above. Anything equals NULL is always NULL, which is not true. So we need a special comparison operator, IS NULL (and IS NOT NULL).\nroot@localhost [kris]\u0026gt; select * from t where b = NULL; Empty set (0.00 sec) root@localhost [kris]\u0026gt; select * from t where b IS NULL; +------+------+ | a | b | +------+------+ | 1 | NULL | | 4 | NULL | +------+------+ 2 rows in set (0.00 sec) You can now pause this article and grep your SQL for “= NULL”. I will wait for you to return.\nThis particular case is also why the UNIQUE INDEX from above can have multiple NULL rows: The database checks with equality (=) for the presence of the row, and if not True, it will admit the row. (1, NULL) = (1, NULL) will return NULL, which is not True, so the row is admitted a second time.\nThat NULL outcome is not limited to equality. Any comparison of anything to NULL is NULL, which is a third value that is not True nor False.\nroot@localhost [kris]\u0026gt; select NULL=NULL, NULL\u0026lt;\u0026gt;NULL, 1=NULL, 1\u0026lt;\u0026gt;NULL, 0=NULL, 0\u0026lt;\u0026gt;NULL; +-----------+------------+--------+---------+--------+---------+ | NULL=NULL | NULL\u0026lt;\u0026gt;NULL | 1=NULL | 1\u0026lt;\u0026gt;NULL | 0=NULL | 0\u0026lt;\u0026gt;NULL | +-----------+------------+--------+---------+--------+---------+ | NULL | NULL | NULL | NULL | NULL | NULL | +-----------+------------+--------+---------+--------+---------+ 1 row in set (0.00 sec) NULL and Functions Perl people know undef and see\nKK:~ kris$ perl -e \u0026#39;$a = undef; print \u0026#34;keks${a}keks\\n\u0026#34;;\u0026#39; kekskeks To them, SQL says \u0026ldquo;no cookie\u0026rdquo;:\nroot@localhost [kris]\u0026gt; select concat(\u0026#39;keks\u0026#39;, \u0026#39;keks\u0026#39;) as double_cookie, concat(\u0026#39;keks\u0026#39;,NULL,\u0026#39;keks\u0026#39;) as no_cookie; +---------------+-----------+ | double_cookie | no_cookie | +---------------+-----------+ | kekskeks | NULL | +---------------+-----------+ 1 row in set (0.00 sec) And the same is true in math:\nKK:~ kris$ perl -e \u0026#39;$a = undef; print 10+$a,\u0026#34;\\n\u0026#34;;\u0026#39; 10 but SQL does\nroot@localhost [kris]\u0026gt; select 10+0, 10+NULL; +------+---------+ | 10+0 | 10+NULL | +------+---------+ | 10 | NULL | +------+---------+ 1 row in set (0.00 sec) NULL in aggregates “So NULL is Antimatter that destroys anything it comes into contact with?” Not exactly. We already know that in count(colname) it is skipped. That is also true in other aggregates (with the special case of count(*)).\nroot@localhost [kris]\u0026gt; select count(b), sum(b), min(b), max(b), group_concat(b) from t; +----------+--------+--------+--------+-----------------+ | count(b) | sum(b) | min(b) | max(b) | group_concat(b) | +----------+--------+--------+--------+-----------------+ | 2 | 5 | 2 | 3 | 2,3 | +----------+--------+--------+--------+-----------------+ 1 row in set (0.00 sec) That is a good thing, because AVG(b) is defined as SUM(b)/COUNT(b), 5/2 = 2.5. Go check it yourself.\nAnd be careful what you count and why:\nroot@localhost [kris]\u0026gt; select b, count(b), count(*) from t group by b; +------+----------+----------+ | b | count(b) | count(*) | +------+----------+----------+ | NULL | 0 | 2 | | 2 | 1 | 1 | | 3 | 1 | 1 | +------+----------+----------+ 3 rows in set (0.00 sec) “But did you not say NULL values compare differently from each other? Why is there only one NULL pile in this GROUP BY?” I did not say that. I did say that NULL compares to anything as NULL, and it depends on what you do with this third result.\nTurns out, GROUP BY does this.\nHandling NULL So you now know that you cannot use normal predicates (=, \u0026gt;=, \u0026lt;=, \u0026lt;\u0026gt;) with NULL. We have specific NULL predicates and functions: ISNULL() as a predicate (true for NULL), IS NULL as an operator, and the IFNULL() conditional, and COALESCE() function I already pointed out above.\nThere is also the MySQL specific spaceship operator \u0026lt;=\u0026gt;, which normalizes NULL. It’s not standard SQL, be considerate in using it.\nroot@localhost [kris]\u0026gt; select NULL\u0026lt;=\u0026gt;NULL, NULL\u0026lt;=\u0026gt;0, NULL\u0026lt;=\u0026gt;1, 0\u0026lt;=\u0026gt;0, 1\u0026lt;=\u0026gt;1, 0\u0026lt;=\u0026gt;1; +-------------+----------+----------+-------+-------+-------+ | NULL\u0026lt;=\u0026gt;NULL | NULL\u0026lt;=\u0026gt;0 | NULL\u0026lt;=\u0026gt;1 | 0\u0026lt;=\u0026gt;0 | 1\u0026lt;=\u0026gt;1 | 0\u0026lt;=\u0026gt;1 | +-------------+----------+----------+-------+-------+-------+ | 1 | 0 | 0 | 1 | 1 | 0 | +-------------+----------+----------+-------+-------+-------+ 1 row in set (0.00 sec) and\nroot@localhost [kris]\u0026gt; select * from t; +------+------+ | a | b | +------+------+ | 1 | NULL | | 2 | 2 | | 3 | 3 | | 4 | NULL | +------+------+ 4 rows in set (0.00 sec) root@localhost [kris]\u0026gt; select * from t as a join t as b on a.b = b.b; +------+------+------+------+ | a | b | a | b | +------+------+------+------+ | 2 | 2 | 2 | 2 | | 3 | 3 | 3 | 3 | +------+------+------+------+ 2 rows in set (0.00 sec) root@localhost [kris]\u0026gt; select * from t as a join t as b on a.b \u0026lt;=\u0026gt; b.b; +------+------+------+------+ | a | b | a | b | +------+------+------+------+ | 4 | NULL | 1 | NULL | | 1 | NULL | 1 | NULL | | 2 | 2 | 2 | 2 | | 3 | 3 | 3 | 3 | | 4 | NULL | 4 | NULL | | 1 | NULL | 4 | NULL | +------+------+------+------+ 6 rows in set (0.00 sec) TL;DR Do not define tables with nullable columns. You are not prepared to handle them. UNIQUE indexes on nullable columns aren\u0026rsquo;t. When having nullable columns, or producing nullable columns in the right-hand side of a LEFT JOIN, wrap the results in a COALESCE(). Know your NULL math, operators and functions. And most importantly:\nNULL is NULL, it is not false, true, undef, nil or None. ","date":"2020-08-25T00:00:00Z","href":"https://blog.koehntopp.info/2020/08/25/null-is-null.html","tags":["database","erklaerbaer","mysql","mysqldev","sql","lang_en"],"title":"MySQL: NULL is NULL"},{"categories":null,"content":"For reasons that don\u0026rsquo;t need exploring at this juncture I tweeted Once upon a time there were shared boxes, on which the local Unix easily had 200-300 users, Junior Developers at a University.\nA /tmp/ls found easily 3-4 people per day that had . (dot) in their path.\nNo particular reason. Why?\nand followed up with\nHope is not a strategy.\nNeither is curl stackoverflow | sudo bash.\n/tmp/ls I was asked to explain: \u0026ldquo;What is /tmp/ls?\u0026rdquo;.\n/tmp/ls is a shell script installed as executable in /tmp/ls. If you have . (dot, the current directory) early in your path, it shadows the command /bin/ls, which you use to list the current directory.\nSo when you cd /tmp and then ls you are executing my script instead of the actual /bin/ls command. You are now inadvertently running my code under your permissions. When I finish my script with exec /bin/ls \u0026quot;$@\u0026quot; you won\u0026rsquo;t even notice, because it will run the normal /bin/ls command at the end.\nThe mistake is to have any directory in your path that can contain code controlled by another person besides you and root. That is, a world-writeable /usr/local/bin in - say - an AIX install would amount to the same exposure (A lot of old Unices such as AIX, HP/UX and SGI would ship with world writeable directories of one kind or the other by default).\nThe 777 root cron The same scenario is a script globally installed on all Macs by JAMF, running through cron as root every minute. The same JAMF sets the enclosing directory to 777 (full access for everybody). Due to how permissions work in Unix, this allows anybody to remove, rename or replace the script itself, no matter what the script permissions are.\nIt is instant root for anybody who cares: You replace the script with your own content, wait a minute for the cron to hit it, and put the original script back. Or not, depending on how you feel that day.\nThe remarkable part of this particular incident is that none of the multitude of endpoint security products also installed by the same JAMF detected or quarantined this script. So much for that.\nThe world writeable fileshare Other fun things that should not have happened: A university of applied science exported their AIX home directories by NFS, world-writeable, once. That is, for several years, their site was a well known Shell-o-matic.\nWhy is this bad?\nAnybody who mounted this on their own machine could create a user account with a matching UID, go into the mounted user home and drop a .rlogin file of appropriate content (The .rlogin reference should tell you how old that is).\nThe fun part is that the university in question eventually migrated to Solaris, and that included all the\u0026hellip; interesting configuration.\nApparently SMB fileshares can serve the same purpose. Also, Windows always has . (dot) in the front of the path, implicitly.\nExternal storage A lot of people have world-readable backup devices such as a 644 /dev/rmt. If the backup tape from last night is left in that drive it does not matter much what the permissions on the original files are.\nYou can read the files from backup, and restore them with any permission you like.\nThis makes me sad For some reasons each of these things, all of which are from personal experience up to 25 years ago, still happen today.\nThat is why ops people wear black. Now you know.\n","date":"2020-08-19T00:00:00Z","href":"https://blog.koehntopp.info/2020/08/19/why-do-ops-and-sec-people-wear-black.html","tags":["lang_en","security","unix"],"title":"Why do Ops and Sec people wear black"},{"categories":null,"content":"This is the updated and english version of some older posts of mine in German. It is likely still incomplete, and will need information added to match current MySQL, but hopefully it is already useful.\nOld source articles in German: 1 , 2 and 3 .\nSome vocabulary Symbol, Font, Encoding and Collation - what do they even mean?\nA character set is a collection of symbols that belong together. That is a completely abstract thing, and also almost useless. The only thing you can do with a character set is decide if a specific symbol is legal within a context or not. And, if it is legal, what position the symbol in the character set has (the code point).\nTo be able to print symbols they need a shape, which is defined in a Font. For example is this here: \u0026ldquo;ö\u0026rdquo; a letter \u0026ldquo;ö\u0026rdquo; in Arial, and \u0026ldquo;ö\u0026rdquo; the same thing in a different font, Times New Roman.\nTo be able to use symbols with computers they need a binary representation of their code point, an encoding. In my Terminal we are using utf8. The Text \u0026ldquo;Köhntopp\u0026rdquo; is being represented as the byte sequence 4b c3 b6 68 6e 74 6f 70 70. LATIN SMALL LETTER O WITH DIARESIS has the code point 0x00F6, which is being represented as C3 B6 in utf8 encoding.\n$ echo Köhntopp | hexdump -C 00000000 4b c3 b6 68 6e 74 6f 70 70 0a |K..hntopp.| 0000000a If I change the terminal settings to use ISO-8859-1 (\u0026ldquo;Latin1\u0026rdquo;) instead, the same text is being encoded differently - 4b f6 68 6e 74 6f 70 70. The ö is now F6.\n$ echo Köhntopp | hexdump -C 00000000 4b f6 68 6e 74 6f 70 70 0a |K.hntopp.| 00000009 If you have two character sequences and want to compare or sort them, you need a set of comparison and ordering rules, a collation. You can think of a collation as a canonical representation of an encoding for comparison and sorting.\nFor example, the collation latin1_german1_ci represents \u0026ldquo;Köhntopp\u0026rdquo; internally as \u0026ldquo;kohntopp\u0026rdquo; and uses this internal representation to compare it to other strings or sort it. But in storage we always find the original string, \u0026ldquo;Köhntopp\u0026rdquo;.\nThere is a second german language collation, latin1_german2_ci, which internally writes \u0026ldquo;Köhntopp\u0026rdquo; as \u0026ldquo;koehntopp\u0026rdquo; to compare and sort - but it will also save the same \u0026ldquo;Köhntopp\u0026rdquo; to disk.\nThe variants of Unicode and Unicode encoding ASCII was a 7bit character set of 128 characters from 0 to 127. It works with english, but with almost no other writing systems in the world.\nA set of 8 bit character sets were defined in ISO-8859, among them ISO-8859-1 (\u0026ldquo;latin1\u0026rdquo;), later slightly revised to ISO-8859-15 (modified to contain, among other things, the Euro sign). The code points that exist in both ISO-8859-1 and ASCII are identical, ISO-8859-1 is a full superset of ASCII.\nISO-8859 also contained other character sets for Cyrillic, Arabic, Greek, Hebrew and other languages, but because of the limitation to 8 bits, it was not possible to easily write text that switches between languages.\nNote: The character set called latin1 in MySQL is actually Windows CP1252, which is a superset of iso-8859-1. See this article for details.\nUnicode\u0026rsquo;s development started in 1991 as a 16 bit character set, and it was assumed that this is sufficient to hold all characters from all possible writing systems. Unicode was design as a superset of ISO-8859-1, so codepoints that exist in both character sets are identical.\nIn 1996, it became clear that a set of 65536 characters was not sufficient, and Unicode 2.0 was fitted with an extension mechanism to allow more than 65536 symbols. Again, this extension is a true superset of original Unicode.\nAs of March 2020, Unicode 13.0 contains some 140k characters from 154 writing systems. The definition of Unicode 13.0 currently allows for 1.112064 possible characters. Some code points in the lower 65536 characters are reserved to encode surrogate pairs, basically extension characters for the original 16 bit character set, resulting in a weird number for the total possible characters.\n16 Bit Unicode can be stored as UCS2 (what Windows NT used to use) - a fixed length encoding, which instead of 8 bit characters now uses 16 bit characters. When writing western languages, every other byte in text is 0.\nUTF-16 extends UCS2 and uses variable length encoding of 2 bytes or 4 bytes to allow representation of all unicode characters, even those beyond the initial 65536 characters.\nUnix systems tend to use UTF-8 (utf8), a variable length encoding in which Unicode characters are 1-3 bytes in length (for the initial 65536 characters of Unicode 1.0), or 1-4 bytes in length (for full unicode).\nMySQL Server Terms MySQL names an encoding a \u0026ldquo;CHARACTER SET\u0026rdquo; or \u0026ldquo;CHARSET\u0026rdquo;. The charsets available in the server can be listed with SHOW CHARSET, or by searching through INFORMATION_SCHEMA.CHARACTER_SETS. In both cases, looking at the Maxlen column will tell you how long a symbols encoding in bytes can become in the worst case.\nConversely, SHOW COLLATION (and INFORMATION_SCHEMA.COLLATIONS) will show you the collations the server knows about. Collations are not things that can be used standalone, they always belong to charsets. So INFORMATION_SCHEMA.COLLATION_CHARACTER_SET_APPLICABILITY tells you which collation can be used with which character set (or you SHOW COLLATION WHERE Charset = \u0026quot;...\u0026quot;).\nMySQL objects with a character set and collation The only storage thing in MySQL that has a character set and a collation is a column. Columns that store text (VARCHAR, all TEXT types, textual enum and JSON objects) have a character set and a collation. In JSON it is fixed by the standard, for the others we can set it. Other things such as tables, databases and servers provide a hierarchy of defaults.\nThe other thing in MySQL that has a character set and a collation is the connection. For the purpose of our discussion the connection represents the character set that your terminal or application uses in the server. So when you tell the server with SET NAMES what you are using, the server believes you.\nMySQL converts, if possible, between connection and column. So when you send a string in utf8 through your connection that ends up being stored in a latin1 column, MySQL will turn that 0xc3b6 in the connection into a 0xf6 on disk. On read, it will do the opposite, if necessary and possible.\nMySQL also converts if you convert columns. So if you ALTER TABLE t MODIFY COLUMN c VARCHAR(80) CHARSET utf8 and that was previously a latin1 column, MySQL will take the 0xf6es and turn them into 0xc3b6es instead. All of that is automatic, safe and lossless, if possible. There are warnings and errors if not.\nBut let\u0026rsquo;s look at the details, step by step.\nSetting charset and collation on a column Every string in MySQL is labeled with a charset and a collation. For database objects that happens at the column level: A column with CHAR, VARCHAR, or any TEXT type always has a charset and a collation. The same can be true for an ENUM type that contains strings.\nIf you define these without specifying, the column will inherit the table defaults. If you specify no table default, the table will inherit the database default, which in turn inherits from the server default, which is defined in the my.cnf:\n[mysqld] default-character-set=utf8mb4 default-collation=utf8_0900_ai_ci Or you set them at the database level:\nmysql\u0026gt; show create database kris\\G Database: kris Create Database: CREATE DATABASE `kris` /*!40100 DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci */ /*!80016 DEFAULT ENCRYPTION=\u0026#39;N\u0026#39; */ 1 row in set (0.01 sec) Or at the table level:\nmysql\u0026gt; show create table chset\\G Table: chset Create Table: CREATE TABLE `chset` ( `id` int unsigned NOT NULL AUTO_INCREMENT, `c` char(20) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL, `d` varchar(20) CHARACTER SET cp850 COLLATE cp850_general_ci DEFAULT NULL, `t` text CHARACTER SET latin1 COLLATE latin1_german1_ci, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) String Literals A string literal in MySQL is written in double quotes, \u0026ldquo;a string literal\u0026rdquo;. When nothing else is specified, the connections\u0026rsquo; character set and collation are being used.\nAn identifier in MySQL is written as a bare word tablename or written in backticks `weird tablename`. When written in backticks, the identifier can contain any utf8 unicode character (unfortunately, not utf8mb4 character, so you have to constrain yourself to the BMP). Don\u0026rsquo;t do this in production, though.\nmysql\u0026gt; create table `❤` ( `✔` serial ) ; Query OK, 0 rows affected (0.07 sec) mysql\u0026gt; insert into `❤` values (1); Query OK, 1 row affected (0.02 sec) mysql\u0026gt; select * from `❤`; +-----+ | ✔ | +-----+ | 1 | +-----+ 1 row in set (0.00 sec) If you check, the table is stored with the filename @2764.ibd on disk.\nThe full notation for a string literal is _charsetname \u0026quot;string\u0026quot; COLLATE collationname. The _charsetname thing is called an introducer and tells the parser what character set label to put on the string that follows. It does not convert, the CONVERT() function would do that.\nA string literal can also be written as X'hexcode', so this works:\nmysql\u0026gt; select _latin1 X\u0026#39;F6\u0026#39; as umlaut; +--------+ | umlaut | +--------+ | ö | +--------+ 1 row in set (0.00 sec) This creates a string literal from the hex code 0xF6 and labels it as latin1. The statement is then run, produces an Umlaut, and this Umlaut is then emitted as a result table. Because the connection is set to utf8, the Umlaut is converted to utf8, yields C3 B6 and that is sent to the terminal, where it renders correctly.\nThis is the automatic conversion at work, that I spoke about earlier.\nWhen we leave the label off, the conversion does not work. When we lie, the result is invalid and rejected:\nmysql\u0026gt; select X\u0026#39;F6\u0026#39; as umlaut; +----------------+ | umlaut | +----------------+ | 0xF6 | +----------------+ 1 row in set (0.00 sec) mysql\u0026gt; select _utf8 X\u0026#39;F6\u0026#39; as umlaut; ERROR 1300 (HY000): Invalid utf8 character string: \u0026#39;F6\u0026#39; Charset on a connection The other thing that has a character set is the connection from the client to the database server. That is required, because when you type for example \u0026ldquo;ö\u0026rdquo; into an utf8 terminal to send it to kris.chset, column t as defined above, it has to be converted from utf8 (C3B6) to latin1 (F6), because the column t is defined with a charset of latin1.\nMySQL does that automatically for you, if a conversion exists: You sent an utf8 c3b6, MySQL detects the column defined as latin1, and tries to convert, yielding f6, which is then stored.\nHow do you tell MySQL what charset the connection uses?\nYou can set a default with default-character-set and default-encoding in the [mysql] section of your my.cnf to tell MySQL what character set your terminal uses, or use the command SET NAMES to change it on the fly.\nIf I am setting up my terminal to send utf8, and SET NAMES utf8, these things match and all will be well and converted correctly, if at all possible.\nI can check, using the HEX() function to see the actual bytes:\nroot@localhost [kris]\u0026gt; set names utf8; Query OK, 0 rows affected (0.00 sec) root@localhost [kris]\u0026gt; select hex(\u0026#34;ö\u0026#34;); +-----------+ | hex(\u0026#34;ö\u0026#34;) | +-----------+ | C3B6 | +-----------+ 1 row in set (0.00 sec) Switching my terminal to latin1, and then telling the database about this with SET NAMES latin1, I get:\nroot@localhost [kris]\u0026gt; set names latin1; Query OK, 0 rows affected (0.00 sec) root@localhost [kris]\u0026gt; select hex(\u0026#34;ö\u0026#34;); +----------+ | hex(\u0026#34;ö\u0026#34;) | +----------+ | F6 | +----------+ 1 row in set (0.00 sec) So this actually works.\nMySQL converts automatically Now, let\u0026rsquo;s use an utf8-Client to store data into a column into kris.chset.t, which is latin1. What will happen?\nMySQL converts this automatically and we can show this.\nroot@localhost [kris]\u0026gt; set names utf8; Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; insert into kris.chset (id, t) values ( 1, \u0026#34;ö\u0026#34;); Query OK, 1 row affected (0.02 sec) mysql\u0026gt; select hex(\u0026#34;ö\u0026#34;), hex(t), t from kris.chset where id = 1; +-----------+--------+------+ | hex(\u0026#34;ö\u0026#34;) | hex(t) | t | +-----------+--------+------+ | C3B6 | F6 | ö | +-----------+--------+------+ 1 row in set (0.00 sec) I am sending SET NAMES utf8 and I am inserting a row id=1 into the table kris.chset (see above for the definition, which has the charset latin1).\nSelecting the value back, I see the hex code for an actual \u0026ldquo;ö\u0026rdquo;, C3B6, utf8, so I know my terminal sends utf8.\nI also see the hex code stored in the table, F6, by selecting the column value from t, wrapped in the HEX() function.\nAnd on reading that back, I am still getting an \u0026ldquo;ö\u0026rdquo;. That proves the database sent me a C3B6, converting back from the storage character set to the terminal character set, as declared with SET NAMES.\nSo as long as I am not lying to the database about what my connection sends, values should be transparently converted back and forth if at all possible.\nCONVERT(), LENGTH() and CHAR_LENGTH() functions Normally you will never need this, but it is possible to change the character set of a column or string literal explicitly using the convert( ... using ... ) function:\nmysql\u0026gt; select hex(\u0026#34;ö\u0026#34;); +-----------+ | hex(\u0026#34;ö\u0026#34;) | +-----------+ | C3B6 | +-----------+ 1 row in set (0.00 sec) mysql\u0026gt; select hex(convert(\u0026#34;Köhntopp\u0026#34; using latin1)) as example; +------------------+ | example | +------------------+ | 4BF6686E746F7070 | +------------------+ 1 row in set (0.00 sec) After validating that my umlaut is indeed sent as C3B6, I am using a string with an Umlaut as an input to CONVERT( ... USING ... ). I am converting to latin1, and as you can see, I am indeed getting an F6 as the second byte.\nThere are other encodings of unicode, too. Windows systems for example often use ucs2 instead of utf8. That is, each symbol is stored as a 16 bit code:\nmysql\u0026gt; select hex(convert(\u0026#34;Köhntopp\u0026#34; using ucs2)) as example; +----------------------------------+ | example | +----------------------------------+ | 004B00F60068006E0074006F00700070 | +----------------------------------+ 1 row in set (0.00 sec) My Umlaut ends up being 00f6 on disk.\nThe points to take away from this: Some character sets have fixed length codes for letters. In latin1, each letter takes the fixed amount of one byte. In ucs2, each letter takes the fixed amount of 2 bytes.\nOther character set have variable length encodings. In utf8, each letter can be between 1 and 3 bytes long. Later Unicode extensions define a larger character set, and utf32 stores them in a fixed set of 4 byte characters (3 of them 0 for the latin1 subset), while utf8mb4 stores them in 1 to 4 bytes, depending on the symbol.\nDepending on what we want to know we have to ask differently:\nmysql\u0026gt; select length(\u0026#34;Köhntopp\u0026#34;) as len, char_length(\u0026#34;Köhntopp\u0026#34;) as clen; +-----+------+ | len | clen | +-----+------+ | 9 | 8 | +-----+------+ 1 row in set (0.00 sec) mysql\u0026gt; select length(convert(\u0026#34;Köhntopp\u0026#34; using ucs2)) as len, char_length(convert(\u0026#34;Köhntopp\u0026#34; using ucs2)) as clen; +------+------+ | len | clen | +------+------+ | 16 | 8 | +------+------+ 1 row in set (0.00 sec) The function LENGTH() gives us the length of a symbol or string in bytes, which is dependent on the character set encoding used. The function CHAR_LENGTH() gives us the length of the symbol or string in symbols, which is fixed and independent of the character set encoding.\nIt is important to use the right function depending on what you want to know.\nThe default character set in MySQL you should be using is utf8mb4.\nComparison and Sorting When MySQL originally gained character set support, this was done by implementing a comparison function. The same function was used for sorting and comparison. So when \u0026ldquo;Köhntopp\u0026rdquo; sorts as \u0026ldquo;kohntopp\u0026rdquo; in the latin1_german1_ci collation, it also means that searching for \u0026ldquo;Köhntopp\u0026rdquo; will find \u0026ldquo;Köhntopp\u0026rdquo; as well as \u0026ldquo;kohntopp\u0026rdquo;, because to the comparison function they are the same string.\nmysql\u0026gt; show create table t \\G Table: t Create Table: CREATE TABLE `t` ( `id` bigint unsigned NOT NULL AUTO_INCREMENT, `d` varchar(20) CHARACTER SET latin1 COLLATE latin1_german1_ci DEFAULT NULL, UNIQUE KEY `id` (`id`) ) 1 row in set (0.00 sec) mysql\u0026gt; select * from t; +----+-----------+ | id | d | +----+-----------+ | 1 | Köhntopp | | 2 | kohntopp | +----+-----------+ 2 rows in set (0.00 sec) mysql\u0026gt; select * from t where d = \u0026#34;Köhntopp\u0026#34;; +----+-----------+ | id | d | +----+-----------+ | 1 | Köhntopp | | 2 | kohntopp | +----+-----------+ 2 rows in set (0.00 sec) This was not exactly what most people expected, so in MySQL 8 things are a bit more differentiated when using utf8mb4. From the manual :\n| Suffix | Meaning | +\u0026mdash;\u0026mdash;\u0026ndash;+\u0026mdash;\u0026mdash;\u0026mdash;+ | _ai | Accent-insensitive | | _as | Accent-sensitive | | _ci | Case-insensitive | | _cs | Case-sensitive | | _ks | Kana-sensitive | | _bin | Binary |\n\u0026ldquo;Kana-sensitive\u0026rdquo; collations distinguish Hiragana characters from Katakana characters in Japanese.\nThe collation you want with utf8mb4 is utf8mb4_0900_ai_ci (and replace ai and ci as necessary). The 0900 part is a reference to UCA 9.0.0 , the current Unicode Comparison Algorithm. MySQL also supports UCA 5.2.0 (utf8mb4_520_ci) and 4.0.0 (utf8mb4_unicode_ci), but these have no ai/as variants.\nUCA 9.0.0 solves the Köhntopp/koehntopp problem by defining different functions for searching things (testing for equality) and ordering (testing for smaller than).\nWhy utf8mb4, and not simply utf8? MySQL gained character set support with the MySQL 4.1 series of server releases in 2003. At that time, in MySQL utf8 was a character set with room for 65536 (2^16) code points, and the UCS2 encoding (for 16 bit fixed width characters used in Windows) plus the UTF8 encoding (for variable length characters of 1-3 bytes in length).\nMySQL at that point in time changed character sets and collations several times, as bugs were detected and fixed.\nThis created a lot of problems: In databases, an Index is created by extracting the indexed column from a table, sorting it, and storing it next to the table in sorted order with pointers to the original rows. An index is, in short, a materialized order for the indexed column, in order to speed searches.\nNow if you change the character set or the order of symbols in the character set by fixing the collation, the materialized order of the index differs from newly fixed and redefined order to the fixed collation. When upgrading to the changed server version the index needs to be dropped and recreated - which for large databases with many indexes on large tables can take a very, very long time.\nIf you do not do this, a query such as\nmysql\u0026gt; SELECT * FROM t WHERE d = \u0026#34;kohntopp\u0026#34;; may find different results depending on the optimizer using an index (pre-update rules apply until the index is recreated) or not using an index (post-update rules apply immediately). This is unpredictable, and hence bad behavior.\nIt was decided that MySQL will, in order to simplify updates, never do this ever again.\nInstead, fixes and changes will be publicised under new names so that changes could be made at will and a pace set by the user by ALTER TABLEing the index definitions from the old collation name to the new name.\nHence, we have utf8 (the 16-bit character set) and utf8mb4 (the larger than 16 bit character set) that was defined later. And we have even collations referring to different UCA rules for collating utf8mb4 in order to allow controlled migration to newer, better comparison rules.\nThe same is true for Timezones: MySQL does not use operating system sort and comparison rules as offered in the glibc functions, but brings its own, and it also does not use Timezone functions and rules as offered by glibc, but again uses its own.\nThat provides stable and controlled migration that is also independent of operating system updates - the same comparison and index rules exist independently of glibc updates, and on Linux, macOS and Windows. This also keeps binary data files portable and upgradable across operating systems and database versions.\nCompare that for example to Postgres, which uses glibc functions for string comparison, sorting and for timezone conversions. In Postgres, you have to be aware of operating system updates that affect sorting, comparison or timezones, and you have to recreate indexes every time you make changes to these operating system functions. Noticing glibc updates that affect the function of the database on a system with security auto-updates can be very hard.\nFixing broken data Sometimes data ends up inside the database, converted from latin1 to utf8 by an application and then again by the database. This can only happen when the declared character set of the connection (SET NAMES) and the data sent to not match.\nFor example, if you define a table with a VARCHAR column in latin1, and set the connection to latin1, but then send actual utf8 data to the table, you are not triggering a conversion (connection and column have the same character set), but the data is not valid latin1.\nmysql\u0026gt; create table t ( id serial, d varchar(20) charset latin1 ); Query OK, 0 rows affected (0.08 sec) mysql\u0026gt; set names latin1; -- we will be sending utf8 Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; insert into t ( id, d ) values ( 1, \u0026#34;Köhntopp\u0026#34;); -- this is utf8 Query OK, 1 row affected (0.01 sec) mysql\u0026gt; select hex(d) from t where id = 1; -- stored c3b6, should be f6 +--------------------+ | hex(d) | +--------------------+ | 4BC3B6686E746F7070 | +--------------------+ 1 row in set (0.00 sec) mysql\u0026gt; set names utf8; Query OK, 0 rows affected, 1 warning (0.00 sec) mysql\u0026gt; select * from t; -- output broken +----+-------------+ | id | d | +----+-------------+ | 1 | Köhntopp | +----+-------------+ 1 row in set (0.00 sec) If we were to convert the column to utf8, the data would als be converted. But since it already is c3b6, this must not happen. So this does not work:\nmysql\u0026gt; select hex(d) from t; +--------------------+ | hex(d) | +--------------------+ | 4BC3B6686E746F7070 | +--------------------+ 1 row in set (0.00 sec) mysql\u0026gt; alter table t modify column d varchar(20) charset utf8; Query OK, 1 row affected, 1 warning (0.19 sec) Records: 1 Duplicates: 0 Warnings: 1 mysql\u0026gt; select hex(d) from t; -- broken utf8 +------------------------+ | hex(d) | +------------------------+ | 4BC383C2B6686E746F7070 | +------------------------+ 1 row in set (0.00 sec) The correct solution converts in two steps:\nConvert to a VARBINARY. This keeps the binary data, but removes all charset labels, without conversion. Convert to the target VARCHAR with the target CHARSET. This applies the charset label without conversion. mysql\u0026gt; select hex(d) from t; -- column latin1, data utf8 +--------------------+ | hex(d) | +--------------------+ | 4BC3B6686E746F7070 | +--------------------+ 1 row in set (0.00 sec) mysql\u0026gt; alter table t modify column d varbinary(20); -- convert to binary, keep data Query OK, 0 rows affected (0.02 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql\u0026gt; alter table t modify column d varchar(20) charset utf8; -- convert to utf8, keep data Query OK, 1 row affected, 1 warning (0.15 sec) Records: 1 Duplicates: 0 Warnings: 1 mysql\u0026gt; select d, hex(d) from t; -- all works now +-----------+--------------------+ | d | hex(d) | +-----------+--------------------+ | Köhntopp | 4BC3B6686E746F7070 | +-----------+--------------------+ 1 row in set (0.01 sec) ","date":"2020-08-18T00:00:00Z","href":"https://blog.koehntopp.info/2020/08/18/mysql-character-sets.html","tags":["lang_en","mysql","mysqldev","database","erklaerbaer"],"title":"MySQL: Some Character Set Basics"},{"categories":null,"content":"Melissa and Chris Bruntlett have been living in Vancouver close to the station, and decided to do as many daily runs as possible without a car, using public transport or bikes. In late 2015, early 2016 they did an extended visit to the Netherlands which resulted in a changed world view about what proper Urban Infrastructure can look like. Meanwhile they are living with two kids near Delft, in the Netherlands.\nThe book documents their experience, comparing structures in various North American cities to the Dutch learnings about traffic, density, and liveable cities at a human scale.\nThe books chapters go through various cities in the Netherlands and elsewhere to discuss why you would want to build a cycling city, how to do this, how it came to be in the Netherlands, and how solutions elsewhere have to be slightly different to accomplish their goal locally.\nInteresting read, and a good complement to Streetfight , which covers the New York story on the same problem.\nBuilding the Cycling City: The Dutch Blueprint for Urban Vitality , Melissa and Chris Bruntlett, USD 17.00\nYou can also follow them on Twitter: @modacitylife ","date":"2020-08-17T00:00:00Z","href":"https://blog.koehntopp.info/2020/08/17/building-the-cycling-city.html","tags":["lang_en","book","media","review"],"title":"Fertig gelesen: Building the Cycling City"},{"categories":null,"content":"A Wizard\u0026rsquo;s Guide To Defensive Baking is a Yound Adult Coming-of-Age story about Mona. Mona works in her aunt\u0026rsquo;s bakery, and also is a hedge wizard. Her talent is mostly limited to influencing dough and baked goods, her familiar is a sourdough starter named Bob.\nA Wizards Guide To Defensive Baking, T. Kingfisher, Amazon Mona is a 14-year-old girl living in Riverbraid, a random city-state near a river in the floodplain of an otherwise unnamed country that vaguely feels like northern Italy during renaissance times. Working in her aunts bakery, her talent of being able to magically influence dough and baked goods comes in handy in production, and sometimes she lets a few Gingerbread men dance to amuse the customers.\nThen one day, a dead body is found in the bakery, and it turns out that an assassin is trying to kill off magic folk in Riverbraid. And that turns out to be the begin of a coup and conspiracy to wrestle control of the city from the aging Duchess. Mona is drawn into this conspiracy and into the beginning of a war, and discovers that the famous war-wizards tasked with defending the city are not actually having more or stronger magic then her - the difference between a hedge magicker and a war wizard is more about how they think about using their talent than the actual talent.\nThe story is amusingly written and Mona\u0026rsquo;s world-view, as shared with the reader, is full of baking puns. The story arc is what one would assume from a YA book, and entertaining. All in all well worth my time.\n\u0026ldquo;A Wizard\u0026rsquo;s Guide To Defensive Baking , T. Kingfisher, EUR 4.44\n","date":"2020-08-16T00:00:00Z","href":"https://blog.koehntopp.info/2020/08/16/fertig-gelesen-defensive-baking.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: A Wizard's Guide To Defensive Baking"},{"categories":null,"content":"@jpmens asked on Twitter:\nWhat is Fortnite? #outingmyself\nAssuming XKCD 1053 .\nFortnite Fortnite is a game made by Epic Games. They also make the Unreal Engine, which powers many modern computer games. Fortnite together with Roblox and Minecraft it is the set of games played most by people under 20.\nYou want to follow Matthew Ball .\nFortnite is a Battle Royal game, a 1st person shooter, in which a matchmaker puts you together with a set of other people of similar skill, drops you into an arena of ever shrinking size. You got to collect ammo and weapons, build fortifications and kill the others.\nChat, Fun Gizmos and Non-Battle areas exist, and people also use it as a chat and Second Life type of tool to interact with each other (\u0026ldquo;Chat with Avatars\u0026rdquo;). Some of the Gizmos allow you to compose music, emote dances and similar joke things.\nAll of these games are \u0026ldquo;Free to Play\u0026rdquo; (Minecraft: You have to buy the game, Fortnite and Roblox: Download and Gameplay is free - you can buy ingame coins and buy Skins or other extras) and not \u0026ldquo;Pay to Win\u0026rdquo;. This makes them popular with the 10-20yo crowd.\nAll of these games have very moderate system requirements (Fortnite: Intel Iris Graphics on Mac, GTX 660 on Windows). Minecraft: Any Abacus that runs Java. This again makes them popular with the 10-20yo crowd that often uses pre-owned legacy hardware.\nAll of these games have heavy creative options (Minecraft: Modding to Greenland and back, Roblox is a platform for making Minigames, Fortnite has a Creative mode for Socializing and Building) and strong interaction modes.\nThis makes it possible for 10-20yo\u0026rsquo;s to interact with people of their age group on their own terms w/o parental supervision, during unstructured play time. This is important to them as part of their social growth process .\nSidenote: While Epic does make games, IMHO their biggest asset is Unreal Engine and the tooling that comes with it, which has bascially revolutionized game making.\nThe Conflict Apple allows some types of businesses to sell things in-app without charging their legendary 30% premium (eg Supermarkets, Amazon and so on).\nOther businesses (all things software) are banned from direct sales in Apple Apps and are required to handle payments though App Store.\nApple then takes their 30% cut.\nEpic Games released Fortnite on App Store with Apple and Direct Sales options, direct exactly 30% cheaper.\nApple banned Fortnite from the App Store.\nThat is what Epic wanted . They are now taking this to court and are also making fun of Apple for doing this in a big way, typical for Epic and Tim Sweeney.\nEpic Games is not exactly an underdog, even if they position themselves as this in this corporate conflict - they are valued a 17.3 bn USD company, 50% held by Sweeney. But it takes an underdog this size to have a chance to take a bite of out Apple\u0026rsquo;s Lawyers.\nThem winning this is an important step in cracking the App Store monopoly and turning Apple into a better platform. Other companies have taken notice and positioned themselves. Notably all of Match Group , the owner and maker of Tinder, have sided themselves with Epic in this case.\nIt is noteworthy that Epic also has the same conflict going on with Google - they did exactly the same thing on the Google Play store, were also delisted yesterday, and are also suing Google just as they are suing Apple . This is interesting, because OnePlus and LG have been in talks with Epic about preloading Fortnite on the Phone (Ugh, ultimate bloatware!), which is now impossible, because Google prevents this from happening.\n","date":"2020-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2020/08/14/eli5-epic-vs-apple-and-google.html","tags":["lang_en","gaming","apple","google","erklaerbaer"],"title":"ELI5: Epic vs Apple and Google"},{"categories":null,"content":"Since we now know how to look at the state of locking in a live database, let\u0026rsquo;s look at what happens when we run a normal insert or update and an insert or update with foreign key relationships defined, and compare.\nWe will be using the tables and structures from our previous examples, a simple 1:n relationship between a and b:\nCREATE TABLE a ( a_id int NOT NULL AUTO_INCREMENT, PRIMARY KEY (a_id) ); INSERT INTO a VALUES (10), (20), (30), (40); CREATE TABLE b ( b_id int NOT NULL AUTO_INCREMENT, a_id int NOT NULL, PRIMARY KEY (b_id), KEY `a_id` (a_id), CONSTRAINT a_id_exists FOREIGN KEY (a_id) REFERENCES a (a_id) ON DELETE RESTRICT ON UPDATE RESTRICT ); INSERT INTO b VALUES (10,10), (40,40); or the same definition for b without the constraint.\nA normal INSERT and UPDATE First, let\u0026rsquo;s look at an insert and update into b without any defined constraints:\nmysql\u0026gt; start transaction read write; mysql\u0026gt; insert into b values (30,30); mysql\u0026gt; select * from performance_schema.data_locks\\G ... LOCK_TYPE: TABLE LOCK_MODE: IX LOCK_STATUS: GRANTED LOCK_DATA: NULL ... mysql\u0026gt; update b set a_id=20 where b_id = 10; mysql\u0026gt; select * from performance_schema.data_locks\\G ... OBJECT_SCHEMA: kris OBJECT_NAME: b INDEX_NAME: PRIMARY LOCK_TYPE: RECORD LOCK_MODE: X,REC_NOT_GAP LOCK_STATUS: GRANTED LOCK_DATA: 10 ... We can see that the INSERT did just create an intention-lock on the table, but did not actually have to create any row locks. The update had to change an existing table row b.b_id=10, and hence needed to X-lock the row 10.\nINSERT and UPDATE with a foreign key constraint Redefining the b table as above, with a foreign key constraint defined, produces a much richer set of locks:\nmysql\u0026gt; start transaction read write; mysql\u0026gt; insert into b values (30,30); mysql\u0026gt; select * from performance_schema.data_locks\\G select object_schema, object_name, index_name, lock_mode, lock_data, lock_type from performance_schema.data_locks; +---------------+-------------+------------+---------------+-----------+-----------+ | object_schema | object_name | index_name | lock_mode | lock_data | lock_type | +---------------+-------------+------------+---------------+-----------+-----------+ | kris | b | NULL | IX | NULL | TABLE | | kris | a | NULL | IS | NULL | TABLE | | kris | a | PRIMARY | S,REC_NOT_GAP | 30 | RECORD | +---------------+-------------+------------+---------------+-----------+-----------+ In order for the INSERT to be valid, we need to check if the a_id inserted into table b exists in a - that is a lookup operation.\nWe also need to ensure that the value we checked for stays there and is not modified until we finish the transaction. So we do get an additional intention-lock on a, and then an actual S-lock on a.a_id=30. The intention-lock on b is as before.\nContinuing our exploration, we can now try to change a row:\nmysql\u0026gt; update b set a_id=20 where b_id=10; mysql\u0026gt; select object_schema, object_name, index_name, lock_mode, lock_data, lock_type from performance_schema.data_locks; +---------------+-------------+------------+---------------+-----------+-----------+ | object_schema | object_name | index_name | lock_mode | lock_data | lock_type | +---------------+-------------+------------+---------------+-----------+-----------+ | kris | b | NULL | IX | NULL | TABLE | | kris | a | NULL | IS | NULL | TABLE | | kris | a | PRIMARY | S,REC_NOT_GAP | 20 | RECORD | | kris | a | PRIMARY | S,REC_NOT_GAP | 30 | RECORD | | kris | b | PRIMARY | X,REC_NOT_GAP | 10 | RECORD | +---------------+-------------+------------+---------------+-----------+-----------+ 5 rows in set (0.00 sec) We get another S-lock on a.a_id=20 to ensure that our parent record stays unchanged until completion, and as we modify b.b_id=10, this is X-locked as in the normal case.\nWe observe:\nDefining foreign key constraints produces more S-locks. Given a 1:n relationship between a and b, making changes to a_id fields of records in b will S-lock the records in a that the changed rows in b.a_id are pointing to. We did not see this, but there was also a lookup in a to ensure that the b.a_id actually exists in a. Experiment yourself:\nAdd a column data integer not null to b. Make changes to b.a_id for one row, and to b.data for another row. How does the locking change? You will find:\nMaking changes to b.data neither affects the relationship between the tables, nor creates S-locks in a. Given the observed behavior, is our RMW still correct? After looking at the locking behavior of these statements, and what we previously learned about locking: How would we INSERT and UPDATE the dependent records (b records) in our 1:n relationship correctly?\nWe can still manipulate all fields as before that are not foreign keys:\ndrop table b; create table b ( b_id int not null auto_increment, a_id int not null, data int not null, primary key (b_id) index (a_id). constraint a_id_exists foreign key (a_id) references a (a_id) ); insert into b values (10,10, 10), (40,40,40); And the RMW for writes to data is as before:\nstart transaction read write; select b_id, data from b where b_id = 10 for update; ... update b set data = ? where b_id = 10\u0026#39;; commit; When we make changes to the linking between b and a, we must put a share lock on the new a.a_id we intend to link to, to ensure it is present and does not change or vanish until completion.\nstart transaction read write; select a_id from a where a_id = 20 for share; select b_id, a_id, data from b where b_id = 10 for update; ... update b set a_id = 20 where b_id = 10\u0026#39;; commit; As this is a linking to be created, we have to use two distinct select statements for this, and the locks need to be in place before we make the change.\nSelf-referential structures and locks Let\u0026rsquo;s create a tree c where we have records distinguished by c.id, and with c.parent pointing to the parent c.id. We then put in a few records, multiple levels deep:\ncreate table c ( id integer not null primary key, parent integer null, index(parent), constraint up foreign key (parent) references c (id) ); insert into c values (1, NULL), (2, 1), (3, 1), (4, 2), (5, 2), (6, 3), (7, 3), (8, 3), (9, 8), (10, 8); Again, we insert a new record:\nmysql\u0026gt; start transaction read write; mysql\u0026gt; insert into c values (11, 2); mysql\u0026gt; select object_schema, object_name, index_name, lock_mode, lock_data, lock_type from performance_schema.data_locks; +---------------+-------------+------------+---------------+-----------+-----------+ | object_schema | object_name | index_name | lock_mode | lock_data | lock_type | +---------------+-------------+------------+---------------+-----------+-----------+ | kris | c | NULL | IX | NULL | TABLE | | kris | c | PRIMARY | S,REC_NOT_GAP | 2 | RECORD | +---------------+-------------+------------+---------------+-----------+-----------+ mysql\u0026gt; rollback; This looks exactly as we would expect from the previous case.\nThen we modify an existing record, again, without surprises:\nmysql\u0026gt; start transaction read write; mysql\u0026gt; update c set parent=2 where id=10; mysql\u0026gt; select object_schema, object_name, index_name, lock_mode, lock_data, lock_type from performance_schema.data_locks; +---------------+-------------+------------+---------------+-----------+-----------+ | object_schema | object_name | index_name | lock_mode | lock_data | lock_type | +---------------+-------------+------------+---------------+-----------+-----------+ | kris | c | NULL | IX | NULL | TABLE | | kris | c | PRIMARY | X,REC_NOT_GAP | 10 | RECORD | | kris | c | PRIMARY | S,REC_NOT_GAP | 2 | RECORD | +---------------+-------------+------------+---------------+-----------+-----------+ 3 rows in set (0.00 sec) mysql\u0026gt; rollback; \u0026ldquo;UPSERT\u0026rdquo; The term \u0026ldquo;UPSERT\u0026rdquo; is database-speak for \u0026ldquo;create a record, or if it exists, update it\u0026rdquo;. The word is a portmanteau from Insert and Update. It can have three different resolutions for conflicts, and MySQL has three different special commands for this:\nOlder Record wins: When a new record is to be inserted, but an older record with this primary key already exists, the old record should stay unmodified. MySQL has the command INSERT IGNORE for this.\nNewer Record wins: When a new record is to be inserted, but an older record with this primary key already exists, the old record is to be deleted, then the new record is to be inserted. MySQL has the command REPLACE INTO for this.\nMerge old and new: When a new record is to be inserted, but an older record with this primary key already exists, the old and new records have to be merged somehow. MySQL has INSERT ON DUPLICATE KEY UPDATE and the VALUES() function for this.\nThe generic way for this, without special commands, is again a RMW.\nstart transaction read write; select * from t where id = ? for update; ... if necessary, select referenced records in other tables \u0026#34;for share\u0026#34; ... depending on the result, decide if insert or update insert into t (id, ...) values (?, ...) OR update t set ... where id = ? commit; This is also what we would expect any ORM to generate, if it has not implemented special support for the MySQL dialect.\n","date":"2020-08-04T00:00:00Z","href":"https://blog.koehntopp.info/2020/08/04/mysql-foreign-key-constraints-and-locking.html","tags":["lang_en","database","mysql","innodb","mysqldev","erklaerbaer"],"title":"MySQL Foreign Key Constraints and Locking"},{"categories":null,"content":"Foreign Keys are what links tables together and turns a set of tables into a model. Foreign Key Constraints are conditions that must be true for the content of the tables to be an internally consistent model. Foreign Key Constraints can be defined and enforced in InnoDB, but this comes at a considerable price, and for some it may hurt more than it is worth.\nA very simple shop as an ER-model. order_id is the primary key of the Orders table. customer_id in the Orders table is a foreign key: The primary key of another (\u0026ldquo;foreign\u0026rdquo;) table in this table. Foreign keys can model relationships between tables (\u0026ldquo;entities\u0026rdquo;) in an entity-relationship diagram.\nEntities and their relationships In Entity-Relationship modelling we are using tables in a database to model entities in the real world. Each entry in such a table is meant to represent a \u0026ldquo;thing\u0026rdquo; in the real world. For example, in our very simple shop model above, we have Articles, and Customers as real world \u0026ldquo;things\u0026rdquo; in our model. We also have Orders, and Orders can have multiple lines, Orderlines. Each Orderline connects an Order with an Article.\nIn order to be able to distinguish real world things in our tables, we require each entry to have a unique identifier, the id. These will then show up in the real world as customer numbers, order numbers or article numbers. The uniqueness of these numbers in their respective tables makes them a Key.\nKeys and Indexes Technically a Key does not have to have a corresponding Index in the table: Keys and Indexes are separate things.\nOne - the Key - is a property of the model: \u0026ldquo;There exists a bijektive function between the customer_id and the real world customers\u0026rdquo;, meaning \u0026ldquo;Each customer has a customer_id\u0026rdquo;, and \u0026ldquo;Any two different customers have different customer_ids\u0026rdquo;. This is what allows us to use customer_ids as stand-ins for all the other values in the Customers table, and for the real world customers themselves, for the purpose of modelling them in the database.\nThe other - the Index - is a data structure that allows us to look up the other values of a Customer fast, given any customer_id value.\nThere is no need for a Key to have an Index, but we need to ensure that a new customer_id is unique. We are also given customer_ids all of the time, and then need to fetch the other data we have on this customer from the table. That means we need to look up customer_ids in the Customers table all the time, and without the index we can only resort to a full table scan for this. This is going to be so slow that the table will be without any real-world value for us.\nPractically, a Key and an Index go so much hand-in-hand that database people are using both terms interchangeably when they are clearly different things: An average database person will say Key, when they mean Index or the other way around, because in their minds having a Key without an Index is Not A Thing at all.\nThere may be multiple things - or combinations of things - that uniquely identify real world things in a given table of our model of the world. We call these Key Candidates. We then elect one to be the actual Key (or make one up, a Synthetic Key such as a customer_id), and call that the Primary Key or just the Key.\nIn the mind of a database person, the Primary Key is the row, and the row is the Primary Key. That is what bijektive functions are for.\nTechnically, a table doesn\u0026rsquo;t need to not have a Primary Key. Practically, this creates so many kinds of problems that many databases have options to prevent this: They will reject table definitions without a primary key definition for good, and responsible database administrators enable these restrictions.\nForeign Keys A column in table B that contains primary key values from a table A is called a foreign key. It defines a relationship. Just the presence of that key column is enough, there need not be any declaration or enforcement for it to be a foreign key.\ncreate table a ( a_id integer not null primary key auto_increment, a_other_data varchar(200) ); create table b ( b_id integer not null primary key auto_increment, a_id integer not null, b_other_data varchar(200), index a_id (a_id) ) In this example the table a has a primary key a.a_id. Table b contains a reference to a in the form of the column b.a_id. This column is a foreign key. Technically, \u0026ldquo;foreign key\u0026rdquo; is a meaningless term, so actually \u0026ldquo;b.a_id is a foreign key of a in b\u0026rdquo; to be precise. When talking about tables, this is often implicitly clear, so many people omit this and just say \u0026ldquo;foreign key\u0026rdquo; and assume you understand what is means.\nAs can be seen, table b is also defined with an index a_id (a_id) - what we model here ia a 1:n relationship between a and b (an \u0026ldquo;a\u0026rdquo; can have many \u0026ldquo;b\u0026rdquo;), and we expect to look up all the b\u0026rsquo;s for a given a a lot, so having that index is a no-brainer.\nselect * from a join b on a.id = b.a_id where somecondition_on_a This query will list all the b\u0026rsquo;s that belong to the a\u0026rsquo;s selected by the given condition, and it will only be fast with an index on b.a_id.\nForeign Key Constraints Now, when we put a b.a_id into b, we would normally want the matching a.a_id to exist. That is, when we put in an orders.customer_id value, there better be a customers.customer_id for this, or there will be problems.\nForeign Key Constrains are conditions that can be put into table definitions to enforce that. Actually doing this may or may not be a good idea, we will be looking at that in some more detail in a separate article.\nLet\u0026rsquo;s define a useless base table with a primary key:\ncreate table a ( a_id integer not null primary key auto_increment ); Query OK, 0 rows affected (0.05 sec) For this we want a table b that references the base table, and has a constraint for this.\ncreate table b ( b_id integer not null primary key auto_increment, a_id integer not null, index a_id (a_id), constraint a_id_exists foreign key (a_id) references a(a_id) on delete restrict on update restrict ); Query OK, 0 rows affected (0.13 sec) There are many things to this, and all of them are required to make this work.\nWe need a base table a with a primary key defined. We need a secondary table b with a column that we want to use to reference a.a_id. We can name it anything we want, but we usually use the name of the foreign tables primary key. If that is not unique (simply id), we usually prefix it with the table name and an underscore. We are using a_id here, because that works. We have to define an index in the foreign key column in b. When we don\u0026rsquo;t, MySQL does this automatically and uses the constraint name for this. Leave off index a_id (a_id) from our CREATE TABLE b statement, and see what you get. The constraint we define can get a name, or MySQL chooses one when we leave of the constraint a_id_exists part of the statement. We then describe which of \u0026ldquo;our\u0026rdquo; columns points to what column in the other table: foreign key (a_id) references a(a_id). Finally, we get to say what shall happen when there are update or delete statements that would invalidate the relationship. This part is also optional. Thus, the shortest possible definition of b would be\ncreate table b ( b_id integer not null primary key auto_increment, a_id integer not null, foreign key (a_id) references a(a_id) ); and yields\nmysql\u0026gt; show create table b\\G *************************** 1. row *************************** Table: b Create Table: CREATE TABLE `b` ( `b_id` int NOT NULL AUTO_INCREMENT, `a_id` int NOT NULL, PRIMARY KEY (`b_id`), KEY `a_id` (`a_id`), CONSTRAINT `b_ibfk_1` FOREIGN KEY (`a_id`) REFERENCES `a` (`a_id`) ) ENGINE=InnoDB The Manual describes the other terms and conditions that apply, and also explains which types of referential actions are valid for the ON DELETE and ON UPDATE clauses.\nPlaying with foreign key constraints Using the definitions of a and b from above, we are now playing with foreign key constraints a bit:\nmysql\u0026gt; insert into a values (10), (20), (30), (40); Query OK, 4 rows affected (0.02 sec) Records: 4 Duplicates: 0 Warnings: 0 The values 10, 20, 30 and 40 are now valid primary keys in a, and hence valid values for a_idin b.\nmysql\u0026gt; start transaction read write; Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; insert into b values (10, 10); Query OK, 1 row affected (0.00 sec) mysql\u0026gt; insert into b (20, 20), (50,50), (30,30); ERROR 1452 (23000): Cannot add or update a child row: a foreign key constraint fails (`kris`.`b`, CONSTRAINT `a_id_exists` FOREIGN KEY (`a_id`) REFERENCES `a` (`a_id`) ON DELETE RESTRICT ON UPDATE RESTRICT) mysql\u0026gt; insert into b values (40, 40); Query OK, 1 row affected (0.00 sec) mysql\u0026gt; commit; Query OK, 0 rows affected (0.01 sec) mysql\u0026gt; select * from b; +------+------+ | b_id | a_id | +------+------+ | 10 | 10 | | 40 | 40 | +------+------+ 2 rows in set (0.00 sec) The tuple (50, 50) caused a foreign key validation error on an extended insert statement, the second statement in our transaction. The entire statement was rejected. The first and third statement in our transaction were valid and accepted. The entire transaction was not rejected and committed.\nThis is potentially dangerous.\nmysql\u0026gt; update b set a_id = 20 where b_id = 10; Query OK, 1 row affected (0.00 sec) Rows matched: 1 Changed: 1 Warnings: 0 mysql\u0026gt; update b set a_id = 15 where b_id = 10; ERROR 1452 (23000): Cannot add or update a child row: a foreign key constraint fails (`kris`.`b`, CONSTRAINT `b_ibfk_1` FOREIGN KEY (`a_id`) REFERENCES `a` (`a_id`)) We can change the b.aid to values present in the a.a_id table. Changing them to invalid values is being rejected.\nLikewise, we are prevented from deleting a row from a if there are still values in b.a_id referencing this row, and summary deletion, truncation or dropping of table a are also prevented as long as any reference from b to a exists.\nmysql\u0026gt; delete from a where a_id = 20; ERROR 1451 (23000): Cannot delete or update a parent row: a foreign key constraint fails (`kris`.`b`, CONSTRAINT `b_ibfk_1` FOREIGN KEY (`a_id`) REFERENCES `a` (`a_id`)) mysql\u0026gt; delete from a where a_id = 10; Query OK, 1 row affected (0.00 sec) mysql\u0026gt; delete from a; ERROR 1451 (23000): Cannot delete or update a parent row: a foreign key constraint fails (`kris`.`b`, CONSTRAINT `b_ibfk_1` FOREIGN KEY (`a_id`) REFERENCES `a` (`a_id`)) mysql\u0026gt; truncate table a; ERROR 1701 (42000): Cannot truncate a table referenced in a foreign key constraint (`kris`.`b`, CONSTRAINT `b_ibfk_1`) mysql\u0026gt; drop table a; ERROR 3730 (HY000): Cannot drop table \u0026#39;a\u0026#39; referenced by a foreign key constraint \u0026#39;b_ibfk_1\u0026#39; on table \u0026#39;b\u0026#39;. A self-referential structure We can define tables that describe hierarchies by using recursive foreign key relationships, but we have to take care to allow termination of the recursion.\ncreate table d ( id serial, parent bigint unsigned not null, foreign key (parent) references d (id) ); This is a valid definition that is accepted by MySQL. In order for an insert to succeed, we would have to provide a valid value for d.parent, but the table is empty, and we did not allow NULL.\nThe only valid thing we could insert is the value we are inserting right now, and that value is then undeletable.\nmysql\u0026gt; insert into d values ( 0, NULL ); ERROR 1048 (23000): Column \u0026#39;parent\u0026#39; cannot be null mysql\u0026gt; insert into d values ( 1, 1); Query OK, 1 row affected (0.00 sec) mysql\u0026gt; delete from d where id = 1; ERROR 1451 (23000): Cannot delete or update a parent row: a foreign key constraint fails (`kris`.`d`, CONSTRAINT `d_ibfk_1` FOREIGN KEY (`parent`) REFERENCES `d` (`id`)) Allowing NULL may be making a structure that is a tiny bit easier to maintain. We can now define a tree structure, but we have to do it from the top down.\nmysql\u0026gt; create table c ( id serial, parent bigint unsigned null, foreign key (parent) references c (id) ); Query OK, 0 rows affected (0.06 sec) mysql\u0026gt; insert into c values (4, 2), (5, 2), (6,3), (7,3), (8,3), (2,1), (3,1), (1, NULL); ERROR 1452 (23000): Cannot add or update a child row: a foreign key constraint fails (`kris`.`c`, CONSTRAINT `c_ibfk_1` FOREIGN KEY (`parent`) REFERENCES `c` (`id`)) mysql\u0026gt; insert into c values (1, NULL), (2,1), (3,1), (4,2), (5, 2), (6, 3), (7,3), (8,3); Query OK, 8 rows affected (0.01 sec) Records: 8 Duplicates: 0 Warnings: 0 Both statements define the same tree structure, but one does it from the bottom up, the other from the top down. We can see that even inside a single statement referential integrity is enforced at a per-row level and the first statement is impossible to load. Order suddenly matters.\nThe same would be true if we used multiple insert statements inside the same transaction: Even if the entire set of rows is only committed at the end of the transaction, statements inside the transaction suddenly have to have an order, and all referential integrity constraints have to be valid at all times (\u0026ldquo;for each row\u0026rdquo;).\nFor individual tables or simple 1:1 relationships this matters little, but referential integrity is transitive, and it is very easy to build completely validated structures that become uninsertable, unupdateable or undeletable, or to build referential integrity puzzles.\nThe SQL Standard defines behavior for this - checking referential integrity only at the end of a transaction - but InnoDB does not implement this. This makes working with foreign key constraints very hard and limits their usefulness.\nWalking our tree But at least we can walk our tree, and be sure it is well-defined:\nwith recursive tree as ( select c.id, c.parent, 0 as level, convert(\u0026#34;1\u0026#34;, char(255)) as path from c where parent is null union all select x.id, x.parent, tree.level + 1 as level, concat(tree.path, \u0026#34;,\u0026#34;, x.id) as path from c as x join tree on tree.id = x.parent ) select * from tree; +------+--------+-------+-------+ | id | parent | level | path | +------+--------+-------+-------+ | 1 | NULL | 0 | 1 | | 2 | 1 | 1 | 1,2 | | 3 | 1 | 1 | 1,3 | | 4 | 2 | 2 | 1,2,4 | | 5 | 2 | 2 | 1,2,5 | | 6 | 3 | 2 | 1,3,6 | | 7 | 3 | 2 | 1,3,7 | | 8 | 3 | 2 | 1,3,8 | +------+--------+-------+-------+ What we found so far. Foreign Keys are everywhere. Foreign Key Constraints look attractive at first, in order to ensure our Foreign Keys are valid. But they are being enforced at the row level. That enforces an order to operations within a transaction. It is easy to build structures that are hard to update, delete from, truncate or even drop. It is easy to create structures with undeletable records. The SQL Standard has options to make this less painful, but MySQL does not implement these. ","date":"2020-08-03T00:00:00Z","href":"https://blog.koehntopp.info/2020/08/03/mysql-foreign-keys-and-foreign-key-constraints.html","tags":["lang_en","database","mysql","innodb","mysqldev","erklaerbaer"],"title":"MySQL Foreign Keys and Foreign Key Constraints"},{"categories":null,"content":"Support Channel. \u0026ldquo;Hi, I am getting deadlocks in the database, and they occur when I have to roll back the transactions but if we don\u0026rsquo;t have to roll back all transactions get executed.\u0026rdquo; Wait, what? After some back and forth it becomes clear that the Dev experiences deadlocks and has data:\nmysql\u0026gt; pager less mysql\u0026gt; show engine innodb status\\G ... MySQL thread id 142531, OS thread handle 139990258222848, query id 4799571 somehost.somedomain someuser update INSERT into sometable (identifier_id, currency, balance ) VALUES (\u0026#39;d4e84cb1-4d56-4d67-9d16-1d548fd26b55\u0026#39;, \u0026#39;EUR\u0026#39;, \u0026#39;0\u0026#39;) *** (2) HOLDS THE LOCK(S): RECORD LOCKS space id 3523 page no 1106463 n bits 224 index PRIMARY of table `somedb`.`sometable` trx id 9843342279 lock mode S locks gap before rec and that is weird because of the lock mode S locks gap in the last line. We get the exact same statement with the exact same value on the second thread, but with lock mode X locks gap.\nBoth transactions have an undo-log entry of the length 1 - one row, single insert and the insert has an S-lock.\nA mystery INSERT and opaque code Many questions arise:\nhow can an INSERT have an S-lock? how can a single INSERT transaction deadlock? what does the originating code look like? The last question can be actually answered by the developer, but because they are using Java, in true Java fashion it is almost - but not quite - useless to a database person.\n@Transactional(propagation = Propagation.REQUIRES_NEW, timeout = MYSQL_TRANSACTION_TIMEOUT, rollbackFor = { BucketNotFoundException.class, DuplicateTransactionException.class, BucketBalanceUpdateException.class }, isolation = Isolation.SERIALIZABLE ) public void initiateBucketBalanceUpdate(Transaction transaction) throws BucketBalanceUpdateException, DuplicateTransactionException { this.validateAndInsertIdempotencyKey(transaction); this.executeBucketBalanceUpdateFlow(transaction); this.saveTransactionEntries(transaction); } So, where is the SQL?\nThis is often a problem - Object Relational Mappers encapsulate the things that go on in the database so much that it is really hard for anybody - Developers, DBAs and everybody else - to understand what actually happens and make debugging quite painful.\nOr, if they understand what goes on with the database, to map this to the code.\nTRANSACTION ISOLATION LEVEL SERIALIZABLE In this case it is solvable, though. The isolation = Isolation.SERIALIZABLE is the culprit here.\nSo when we spoke about transactions and isolation levels previously, I made the decision to leave the fourth and most useless isolation level out of the picture: SET TRANSACTION ISOLATION LEVEL SERIALIZABLE. The manual says :\nSERIALIZABLE\nThis level is like REPEATABLE READ, but InnoDB implicitly converts all plain SELECT statements to SELECT ... FOR SHARE if autocommit is disabled.\nIt then goes on to explain how SERIALIZABLE does nothing when there is no explicit transaction going on. It does not explain what it is good for (mostly: shooting yourself into the foot) and when you should use it (mostly: don\u0026rsquo;t).\nIt does answer the question of \u0026ldquo;Where to the S-Locks come from?\u0026rdquo;, though.\nThe SERIALIZABLE isolation mode turns a normal SELECT statement into a Medusa\u0026rsquo;s freeze ray that shoots S-Locks all over the tables onto everything it looks at, preventing other threads from changing these things until we end our transaction and drop our locks (And that is why you should not use it, and why I personally believe that your code is broken if it needs it).\nA broken RMW and lock escalation So instead of a regular Read-Modify-Write\nSession1\u0026gt; START TRANSACTION READ WRITE; Session1\u0026gt; SELECT * FROM sometable WHERE id=10 FOR UPDATE; -- X-lock granted on rec or gap -- ... Application decides INSERT or UPDATE Session1\u0026gt; INSERT INTO sometable (id, ...) VALUES ( 10, ... ); Session1\u0026gt; COMMIT; we get the following broken Read-Modify-Write, minimum:\nSession1\u0026gt; START TRANSACTION READ WRITE; Session1\u0026gt; SELECT * FROM sometable WHERE id=10 FOR SHARE; -- S-lock granted on rec or gap -- ... Application decides INSERT or UPDATE Session1\u0026gt; INSERT INTO sometable (id, ...) VALUES ( 10, ... ); -- lock escalation to X Session1\u0026gt; COMMIT; The LOCK IN SHARE MODE or equivalent FOR SHARE is not in the code, it is added implicitly by the isolation level SERIALIZABLE.\nWe get an S-Lock, which is not good for writing. Our transaction now did not get the required locks necessary for reading at the start of the transaction, because the later INSERT requires an X-lock, like any write statement would. The database needs to acquire the X-lock, that is, it needs to upgrade the S-lock to an X-lock.\nIf at that point in time another threads tries to run the exact same statement, which is what happens here, they already hold a second S-lock, preventing the first thread from completing their transaction (it is waiting until the second threads drops the S-lock, or it times out).\nAnd then that second thread also tries to upgrade their S-lock into an X-lock, which it can\u0026rsquo;t do, because that first thread is trying to do the same thing, and we have the deadlock and a rollback.\nReproduction of the problem We can easily reproduce this.\nSession1\u0026gt; set transaction isolation level serializable; Session1\u0026gt; start transaction read write; Query OK, 0 rows affected (0.00 sec) Session1\u0026gt; select * from kris where id = 10; +----+-------+ | id | value | +----+-------+ | 10 | 10 | +----+-------+ Session1\u0026gt; select * from performance_schema.data_locks\\G ... LOCK_TYPE: TABLE LOCK_MODE: IS LOCK_STATUS: GRANTED LOCK_DATA: NULL ... LOCK_TYPE: RECORD LOCK_MODE: S,REC_NOT_GAP LOCK_STATUS: GRANTED LOCK_DATA: 10 ... Session1\u0026gt; update kris set value=11 where id =10; We change the isolation level to SERIALIZABLE and start a transaction (because, as stated in the manual, autocommit does nothing). We then simply look at a single row, and check PERFORMANCE_SCHEMA.DATA_LOCKS afterwards. Lo and behold, S-Locks as promised by the manual.\nNow, the setup for the deadlock with a second session, by doing the same thing:\nSession2\u0026gt; set transaction isolation level serializable; Session2\u0026gt; start transaction read write; Query OK, 0 rows affected (0.00 sec) Session2\u0026gt; select * from kris where id = 10; +----+-------+ | id | value | +----+-------+ | 10 | 10 | +----+-------+ Checking the data_locks table we now see two sets of IS- and S-Locks belonging to two different threads. We go for an UPDATE here, because we chose existing rows and row locks, instead of non-existing rows and gap locks:\nSession1\u0026gt; update kris set value=11 where id =10; ... hangs ... and in the other connection:\nSession2\u0026gt; update kris set value=13 where id =10; ERROR 1213 (40001): Deadlock found when trying to get lock; try restarting transaction Coming back to the first session, this now reads\nSession1\u0026gt; update kris set value=11 where id =10; ... hangs ... Query OK, 1 row affected (2.43 sec) Rows matched: 1 Changed: 1 Warnings: 0 The timing given is the time I took to switch between terminals and to type the commands.\nResolution Coming back to the support case, the Dev analyzed their code and found out that what they are emitting is actually the sequence\nSession1\u0026gt; SET TRANSACTION ISOLATION LEVEL SERIALIZABLE; Session1\u0026gt; START TRANSACTION READ WRITE; Session1\u0026gt; SELECT * FROM sometable WHERE id=10; -- implied S-lock granted on rec or gap -- ... Application decides INSERT or UPDATE Session1\u0026gt; SELECT * FROM sometable WHERE id=10 FOR UPDATEl -- lock escalation to X Session1\u0026gt; INSERT INTO sometable (id, ...) VALUES ( 10, ... ); Session1\u0026gt; COMMIT; so their code is already almost correct.\nThey do not need the double read and also not the isolation level SERIALIZABLE. This is an easy fix for them and the deadlocks are gone, the world is safe again.\nSo many things to learn from this:\nYou won\u0026rsquo;t need SERIALIZABLE unless your code is broken. Trying to use it is a warning sign. A deadlock with an S-lock escalation means you need to check the isolation level. In SERIALIZABLE it is totally possible to deadlock yourself with a simple invisible SELECT and a lone INSERT or UPDATE. The ORM will remove you quite a lot from the emitted SQL. Do you know how to trace your ORM and to get the actual SQL generated? If not, go and find out. A server side trace will not save you - the server is a busy beast. It also cannot see your stackframes, so it can\u0026rsquo;t link your SQL to the line in your code that called the ORM. Yes, in the client side SQL trace, ideally you also want the tracer to bubble up the stack and give you the first line outside the ORM to identify what is causing the SQL to be emitted and where in the code that happens. The deadlock information in SHOW ENGINE INNODB STATUS is painfully opaque, but learning to read it is worthwhile. In reproduction, using performance schema is much easier and makes the sequence of events much easier to understand. The server is not very good at explaining the root cause of deadlocks to a developer in the error messages and warnings generated. ","date":"2020-08-02T00:00:00Z","href":"https://blog.koehntopp.info/2020/08/02/mysql-deadlocks-with-insert.html","tags":["lang_en","database","mysql","innodb","mysqldev","erklaerbaer"],"title":"MySQL Deadlocks with INSERT"},{"categories":null,"content":"In a previous article we wrote data to the database using atomic update statements, and then using transactions with SELECT ... FOR UPDATE. In this article we will look at what happens when we continue doing this, in a more complicated way. Source code for this article is also available on GitHub.com .\nA simple row lock But first let\u0026rsquo;s do things manually: We create a table kris with an integer primary key column and a secondary unindexed data column. We are filling it with some records with gaps between the primary keys.\nWe then START TRANSACTION READ WRITE and SELECT ... FOR UPDATE a record:\nSession1\u0026gt; create table kris ( id serial, value integer ); Session1\u0026gt; insert into kris values (10, 10), (20, 20), (30, 30),(40, 40); Session1\u0026gt; start transaction read write; Session1\u0026gt; select * from kris where id = 10 for update; +----+-------+ | id | value | +----+-------+ | 10 | 10 | +----+-------+ The table PERFORMANCE_SCHEMA.DATA_LOCKS will show us what happened, and the manual section on locking explains what we are looking at and what we can expect.\nSession1\u0026gt; select * from performance_schema.data_locks\\G ... LOCK_TYPE: TABLE LOCK_MODE: IX LOCK_STATUS: GRANTED LOCK_DATA: NULL ... LOCK_TYPE: RECORD LOCK_MODE: X,REC_NOT_GAP LOCK_STATUS: GRANTED LOCK_DATA: 10 The SELECT ... FOR UPDATE created a LOCK_TYPE: TABLE table-level lock with LOCK_MODE: IX. This is an intention-lock set by FOR UPDATE which indicates the desire to set X-locks (exclusive-locks, write-locks) on rows.\nThe statement then proceeded to actually create a row-lock, at the record level: We see LOCK_TYPE: RECORD with LOCK_DATA: 10, so the record id=10 has been locked. The LOCK_MODE: X, REC_NOT_GAP indicates a lock on the record only, not on the gap before the record.\nA lock on a nonexistent row Adding to the preceding transaction, we now also search for a non-existent row, using FOR UPDATE to signal our intent to later create this row. Since the row does not exist, the result set is empty:\nSession1\u0026gt; select * from kris where id = 35 for update; Empty set (0.00 sec) Reusing the table-level IX lock from before, we now see a third entry in PERFORMANCE_SCHEMA.DATA_LOCKS:\nSession1\u0026gt; select * from performance_schema.data_locks; ... LOCK_TYPE: RECORD LOCK_MODE: X,GAP LOCK_STATUS: GRANTED LOCK_DATA: 40 ... This, too, is a record-level lock, but this time it is LOCK_MODE: X,GAP and LOCK_DATA: 40. What we get here is a lock on the space between the rows id=30 (excluding) and id=40 (including), preventing other threads from inserting a row id=35.\nInserting into a locked gap, with timeouts. We demonstrate that with a second session:\nSession2\u0026gt; start transaction read write; Session2\u0026gt; insert into kris values (33, 33); ... hangs ... ^C^C -- query aborted ERROR 1317 (70100): Query execution was interrupted While the SELECT ... FOR UPDATE had a where clause of WHERE id=35, the lock covers the entire interval (30, 40], and our attempt to insert a record with id=33 hangs and has to wait until either the locking transaction is committed or our attempt times out. This can be a long wait: by default, innodb_lock_wait_timeout is set to 50 seconds.\nWe can change that:\nSession2\u0026gt; set session innodb_lock_wait_timeout = 3; Session2\u0026gt; start transaction read write; Session2\u0026gt; select time(now()); insert into kris values (33, 33); select time(now()); +-------------+ | time(now()) | +-------------+ | 17:52:28 | +-------------+ ERROR 1205 (HY000): Lock wait timeout exceeded; try restarting transaction +-------------+ | time(now()) | +-------------+ | 17:52:32 | +-------------+ We are rolling back all our transactions, and reset the table kris to the initial 4 tuples ((10,10), (20,20), (30,30), (40,40)).\nInnoDB handles Deadlocks Whenever we collect locks in a non-atomic fashion there is a risk of deadlocking.\nA deadlock is any situation where a thread A holds a resource 1 and wants to lock a resource 2, where at the same time a thread B holds the lock on 2 and wants a lock on 1.\nA holds lock 1 and needs a lock on 2 to complete and release both locks, while B holds the lock on 2 and needs the lock on 1 to complete and release both locks. There is no way to resolve this situation except with intervention from the outside, forcing one transaction to roll back (and hopefully retry). There is no problem for either A or B to complete the operation, but not while both are trying to finish concurrently.\nThe deadlock scenario is only possible because A and B do not acquire locks in a canonical order: Had B also acquired the locks in numerically ascending order (1, 2), the transactions would have had serialized themselves successfully, and no forced conflict resolution would have been necessary. You can think of the rollback with a later retry as a clumsy, forced serialisation of events instead.\nMore complicated scenarios with 3 or more threads and larger circular dependencies are possible.\nSo, let\u0026rsquo;s exercise a deadlock with two sessions:\nSession1\u0026gt; start transaction read write; Session1\u0026gt; select * from kris where id = 30 for update; +----+-------+ | id | value | +----+-------+ | 30 | 30 | +----+-------+ and in the other session:\nSession2\u0026gt; start transaction read write; Session2\u0026gt; select * from kris where id = 10 for update; +----+-------+ | id | value | +----+-------+ | 10 | 10 | +----+-------+ Now that both threads hold their first resource, let\u0026rsquo;s get their respective opposite to complete the deadlock. Session1 hangs, because it waits for Session2 to release the lock on id=10.\nSession1\u0026gt; select * from kris where id = 10 for update; ... hangs ... And Session2, trying to lock id=30, which is held by Session1, then is being detected and rolled back forcibly:\nSession2\u0026gt; select * from kris where id = 30 for update; ERROR 1213 (40001): Deadlock found when trying to get lock; try restarting transaction At the same time Session1 can complete the statement:\nSession1\u0026gt; select * from kris where id = 10 for update; +----+-------+ | id | value | +----+-------+ | 10 | 10 | +----+-------+ 1 row in set (8.74 sec) The time reported is the time this session hung waiting for the lock to be granted.\nAfter the rollback PERFORMANCE_SCHEMA.DATA_LOCKS looks like this:\nSession2\u0026gt; select lock_type, lock_mode, lock_data, lock_status from performance_schema.data_locks; +-----------+---------------+-----------+-------------+ | lock_type | lock_mode | lock_data | lock_status | +-----------+---------------+-----------+-------------+ | TABLE | IX | NULL | GRANTED | | RECORD | X,REC_NOT_GAP | 30 | GRANTED | | RECORD | X,REC_NOT_GAP | 10 | GRANTED | +-----------+---------------+-----------+-------------+ These locks are owned by Session1, and after executing ROLLBACK or COMMIT in Session1 they are released and the select-statement on performance_schema comes back empty.\nRetrying transactions We can try to formalize what we learned in code: A table demo with 10 counters numbered from 1 to 10 is being set up, the counters are starting at 0.\nWe are running two programs concurrently: One program is counting up the counters i and i+1, and the other program is counting up the counters i and i-1. Whenever the two programs generate overlapping transactions, a deadlock situation should arise.\nWe want to be able to detect this, and restart the transactions. A quick and dirty attempt at this: A function to lock a record by id.\ndef select_update(name, id): cmd = f\u0026#34;select counter from {name} where id = {id} for update\u0026#34; c = db.cursor() try: c.execute(cmd) except MySQLdb.OperationalError as e: click.echo(f\u0026#34;MySQL Error: {e}\u0026#34;) return None row = c.fetchone() return row[\u0026#34;counter\u0026#34;] A function to increment a counter in a record we locked this way:\ndef update(name, id, counter): cmd = f\u0026#34;update {name} set counter = {counter} where id = {id}\u0026#34; c = db.cursor() try: c.execute(cmd) except MySQLdb.Error as e: click.echo(f\u0026#34;MySQL Error: {e}\u0026#34;) sys.exit(0) And a quick and dirty function with way too many parameters to exercise these two functions for pairs of records:\ndef count_with_locking(name, tag, position1, position2, verbose=False): # I would rather have a START TRANSACTION READ WRITE # but MySQLdb does not offer this natively. db.begin() # read, with FOR UPDATE done = False while not done: counter1 = select_update(name, position1) sleep(1) counter2 = select_update(name, position2) # if either counter is None, we had a deadlock and # need to retry. Otherwise we are done. if counter1 is not None and counter2 is not None: done = True else: if verbose: print(f\u0026#34;{tag} *** Retry *** {position1}, {position2} = {counter1}, {counter2}\u0026#34;) # Once we make it here we are done. if verbose: print(f\u0026#34;{tag} {position1}, {position2} = {counter1}, {counter2}\u0026#34;) # modify counter1 += 1 counter2 += 1 # write (and since we have the locks, this will work) update(name, position1, counter1) update(name, position2, counter2) # and release the locks, too db.commit() And two driver functions, one that goes up and another that goes down, wrapped with click so that they can be accessed via the command line:\n@sql.command() @click.option(\u0026#34;--name\u0026#34;, default=\u0026#34;demo\u0026#34;, help=\u0026#34;Table name to count in\u0026#34;) @click.option(\u0026#34;--size\u0026#34;, default=1000, help=\u0026#34;Number rows in counter table\u0026#34;) @click.option(\u0026#34;--iterations\u0026#34;, default=10000, help=\u0026#34;Number of increments\u0026#34;) @click.option(\u0026#34;--verbose/--no-verbose\u0026#34;, default=False, help=\u0026#34;Log each commit?\u0026#34;) def count_up(name, size, iterations, verbose): \u0026#34;\u0026#34;\u0026#34; Increment counters i and i+1, across an array, counting i upwards \u0026#34;\u0026#34;\u0026#34; for i in range(0, iterations): # We will count up position1 and position2 position1 = (i % size) + 1 position2 = ((i + 1) % size) + 1 count_with_locking(name, \u0026#34;up \u0026#34;, position1, position2, verbose) @sql.command() @click.option(\u0026#34;--name\u0026#34;, default=\u0026#34;demo\u0026#34;, help=\u0026#34;Table name to count in\u0026#34;) @click.option(\u0026#34;--size\u0026#34;, default=1000, help=\u0026#34;Number rows in counter table\u0026#34;) @click.option(\u0026#34;--iterations\u0026#34;, default=10000, help=\u0026#34;Number of increments\u0026#34;) @click.option(\u0026#34;--verbose/--no-verbose\u0026#34;, default=False, help=\u0026#34;Log each commit?\u0026#34;) def count_down(name, size, iterations, verbose): \u0026#34;\u0026#34;\u0026#34; Increment counters i and i+1, across an array, counting i upwards \u0026#34;\u0026#34;\u0026#34; for i in range(iterations, 0, -1): # We will count down position1 and position2 position1 = (i % size) + 1 position2 = ((i - 1) % size) + 1 count_with_locking(name, \u0026#34;down\u0026#34;, position1, position2, verbose) When running this, we get deadlocks because we built it this way:\n$ ./deadlock.py truncate Table demo truncated. $ ./deadlock.py setup --size 10 Counters 1 to 10 set to 0. $ ./deadlock.py count-up --size 10 --iterations 100 --verbose \u0026amp; ./deadlock.py count-down --size 10 --iterations 100 --verbose \u0026amp; [1] 3706851 [2] 3706852 $ down 1, 10 = 0, 0 down 10, 9 = 1, 0 up 1, 2 = 1, 0 down 9, 8 = 1, 0 up 2, 3 = 1, 0 down 8, 7 = 1, 0 up 3, 4 = 1, 0 down 7, 6 = 1, 0 up 4, 5 = 1, 0 MySQL Error: (1213, \u0026#39;Deadlock found when trying to get lock; try restarting transaction\u0026#39;) down 6, 5 = 1, 1 up *** Retry *** 5, 6 = 1, None up 5, 6 = 2, 2 up 6, 7 = 3, 2 down 5, 4 = 3, 2 up 7, 8 = 3, 2 ... As soon as the count-down (6,5) and the count-up (5,6) cross their streams a deadlock happens. The count-up (5,6) is rolled back and needs to retry. After retry the counter values are correctly incremented.\nWe managed to detect the deadlocks, retry the transactions and set things right. Once more the world is safe.\n","date":"2020-08-01T00:00:00Z","href":"https://blog.koehntopp.info/2020/08/01/mysql-locks-and-deadlocks.html","tags":["lang_en","database","mysql","innodb","mysqldev","erklaerbaer"],"title":"MySQL: Locks and Deadlocks"},{"categories":null,"content":"Using the framework for testing we created in earlier articles, let\u0026rsquo;s try to modify some data. We are writing a small program that increments a counter. Our table looks like this, and contains 10 counters:\nCREATE TABLE `demo` ( `id` bigint unsigned NOT NULL AUTO_INCREMENT, `counter` int NOT NULL DEFAULT \u0026#39;0\u0026#39;, UNIQUE KEY `id` (`id`) ) INSERT INTO `demo` VALUES (1,0); INSERT INTO `demo` VALUES (2,0); ... INSERT INTO `demo` VALUES (10,0); We are using some very simple programming to increment a counter:\n@sql.command() @click.option(\u0026#34;--name\u0026#34;, default=\u0026#34;demo\u0026#34;, help=\u0026#34;Table name to count in\u0026#34;) @click.option(\u0026#34;--id\u0026#34;, default=0, help=\u0026#34;Counter to use\u0026#34;) @click.option(\u0026#34;--count\u0026#34;, default=1000, help=\u0026#34;Number of increments\u0026#34;) def count(name, id, count): \u0026#34;\u0026#34;\u0026#34; Increment counter --id by --count many steps in table --name \u0026#34;\u0026#34;\u0026#34; for i in range(0, count): cmd = f\u0026#34;update {name} set counter=counter+1 where id = {id}\u0026#34; c = db.cursor() c.execute(cmd) db.commit() Incrementing a single counter, 1000 times In this code, we run the SQL update demo set counter=counter+1 where id=3 or similar in order to increment a counter, and commit immediately. The loop will run 1000 iterations, and we can time it. The speed of the loop is completely dependent on how fast our hardware can commit data to disk.\n$ ./counter.py truncate Table demo truncated. $ ./counter.py setup --size 10 $ time ./counter.py count --id 3 real 0m14.457s user 0m0.146s sys 0m0.037s 14.4 seconds for 1000 commits are 14ms per commit, to an old SATA SSD - not very fast at all, but this is 10 years old hardware. This is slow, because the db.commit() issues a single fsync to the Redo-Log, waiting for it to return - we have shown this in an earlier article .\nWe can globally reconfigure MySQL to write to disk unsafely:\n$ mysql -uroot -p -e \u0026#39;set global innodb_flush_log_at_trx_commit=2\u0026#39; Enter password: $ ./counter.py truncate Table demo truncated. $ ./counter.py setup --size 10 $ time ./counter.py count --id 3 real 0m6.240s user 0m0.126s sys 0m0.032s In this configuration, MySQL will on commit still write the data into the file system buffer cache, but will no longer force the buffer cache to disk, foregoing the disk write and the wait for its completion. The server will flush data to disk in the background in 1s intervals.\nShould the database server process crash, but the server hardware does not, nothing is lost: The file system buffer cache will eventually be written out do disk.\nShould the server hardware crash, up to one second of data is being lost, but the database will still be consistent - just not at the transaction everybody expects.\nRelaxing the disk write constraints speeds up writing considerably, because we no longer have to wait for the slow disk to acknowledge the writes.\nRelaxing the disk write constraints any further does not make things faster, just more dangerous:\n(venv) kris@server:~/Python/mysql$ mysql -uroot -p -e \u0026#39;set global innodb_flush_log_at_trx_commit=0\u0026#39; Enter password: (venv) kris@server:~/Python/mysql$ ./counter.py truncate Table demo truncated. (venv) kris@server:~/Python/mysql$ ./counter.py setup --size 10 (venv) kris@server:~/Python/mysql$ time ./counter.py count --id 3 real 0m6.101s user 0m0.118s sys 0m0.032s In this mode, the database server will not even push data into the file system buffer cache on commit, but only once per second initiate a batch write and fsync. On any crash, up to one second of data will be lost, but at least it will be at a transaction boundary.\nTo make things more interesting, we will now run multiple copies of this programs in various ways.\nIncrementing two counters concurrently, 1000 times each $ ./counter.py truncate Table demo truncated. $ ./counter.py setup --size 10 $ time ./counter.py count --id 3 \u0026amp; time ./counter.py count --id 9 \u0026amp; [1] 728954 [2] 728955 $ real 0m20.450s user 0m0.164s sys 0m0.019s real 0m20.454s user 0m0.131s sys 0m0.056s [1]- Done time ./counter.py count --id 3 [2]+ Done time ./counter.py count --id 9 $ mysql -u kris -pgeheim -e \u0026#39;select * from demo where id in (3, 9)\u0026#39; kris +----+---------+ | id | counter | +----+---------+ | 3 | 1000 | | 9 | 1000 | +----+---------+ We can see the program counted correctly, both counters have the expected target value. We can also see how the program took a lot longer to execute: While we have multiple cores, and are running two copies of Python and two thread in the database concurrently, there is still interference between the two threads, and things are slower (20.4 seconds instead of 14.4 seconds).\nIncrementing the same counter with two processes, 1000 times each $ ./counter.py truncate Table demo truncated. $ ./counter.py setup --size 10 $ time ./counter.py count --id 3 \u0026amp; time ./counter.py count --id 3 \u0026amp; [1] 730874 [2] 730875 $ real 0m25.306s user 0m0.159s sys 0m0.038s real 0m25.311s user 0m0.162s sys 0m0.033s $ mysql -u kris -pgeheim -e \u0026#39;select * from demo where id = 3\u0026#39; kris +----+---------+ | id | counter | +----+---------+ | 3 | 2000 | +----+---------+ What happens here is that we are running two instances of the script concurrently, each of which is incrementing the same row id=3. As updating a row will also exclusively lock it, the second writer has to wait a bit until the first one commits (which will also drop the lock). Then the second writer can get access, and do its thing while the first writer has to wait.\nExecution time goes up further, from 20.4s to 25.3s.\nRead-Modify-Write, gone wrong We can query the database differently, in a two stage process, allowing for more complex updates. Here we read a value from the database into the application (read phase), change it application side (modify phase) and then write the changed value back.\nDoing this is called a read-modify-write cycle.\n@sql.command() @click.option(\u0026#34;--name\u0026#34;, default=\u0026#34;demo\u0026#34;, help=\u0026#34;Table name to count in\u0026#34;) @click.option(\u0026#34;--id\u0026#34;, default=0, help=\u0026#34;Counter to use\u0026#34;) @click.option(\u0026#34;--count\u0026#34;, default=1000, help=\u0026#34;Number of increments\u0026#34;) def rmw_false(name, id, count): \u0026#34;\u0026#34;\u0026#34; Increment counter --id by --count many steps in table --name \u0026#34;\u0026#34;\u0026#34; for i in range(0, count): # read cmd = f\u0026#34;select counter from {name} where id = {id}\u0026#34; c = db.cursor() c.execute(cmd) row = c.fetchone() # modify counter = row[\u0026#34;counter\u0026#34;] +1 # write cmd = f\u0026#34;update {name} set counter = {counter} where id = {id}\u0026#34; c.execute(cmd) db.commit() In this piece of code we again count to 1000, but we are doing it in a three-step process, called a read-modify-write cycle. We also implemented it wrongly for demonstration purposes:\nThe \u0026ldquo;read phase\u0026rdquo; is done with a SELECT statement that retrieves the current counter value from the database.\nThe \u0026ldquo;modify phase\u0026rdquo; increments the counter, application side, in memory. This can in real applications be an arbitrarily complicated process that takes a non-trivial amount of time and maybe even connects to different backend systems and services.\nThe \u0026ldquo;write phase\u0026rdquo; then uses UPDATE to write back the previously read value to the database.\nThere is no error handling, and - for the purposes of demonstration - no locking.\nWe are running this, standalone, and then in multiple copies:\n$ ./counter.py truncate Table demo truncated. $ ./counter.py setup --size 10 $ time ./counter.py rmw-false --id 3 real 0m13.331s user 0m0.207s sys 0m0.106s This is not slower than the single update statement, despite the fact that we have to talk to the database in two round trips instead of one.\nBut, when we are running this twice, we can see that due to the missing locking the results are wrong:\n$ ./counter.py truncate Table demo truncated. $ ./counter.py setup --size 10 $ time ./counter.py rmw-false --id 3 \u0026amp; time ./counter.py rmw-false --id 3 \u0026amp; [1] 1521914 [2] 1521915 $ real 0m13.361s user 0m0.235s sys 0m0.069s real 0m13.362s user 0m0.240s sys 0m0.069s [1]- Done time ./counter.py rmw-false --id 3 [2]+ Done time ./counter.py rmw-false --id 3 $ mysql -u kris -pgeheim -e \u0026#39;select * from demo where id = 3\u0026#39; kris +----+---------+ | id | counter | +----+---------+ | 3 | 1000 | +----+---------+ The way we write this code, we extract the value from the database into the application, getting a value - say 10, and increment that.\nMeanwhile, the other instance also reads the database, and gets the same value, also 10.\nWe increment, and write back the new value, 11. Then the other instance does the same, and also writes back 11. Two increment events in two processes have been executed, but the counter has been incremented effectively only one step, because the rmw-cycles overlapped.\nWe need to lock the row id=3 when we take out the value from the database into the application like we would take out a book from the library. We can give up the lock when we write back and commit. The second process, attempting to take out the same value we just took out, would stall and hang, waiting for the (new) value to become available, and only then can proceed.\nRead-Modify-Write, done right We modify the program to use SELECT ... FOR UPDATE instead of a simple SELECT when taking out the value during the read phase of the rmw operation.\nSELECT ... FOR UPDATE is a read statement, but locks the rows it fetches as if it were a write statement. In doing that, it anticipates the UPDATE operation that is to follow.\nWhat happens is that the SELECT ... FOR UPDATE creates X-locks on at least the rows it returns. An X-lock or exclusive lock is a lock that guarantees that only one thread (us) can access the row while the lock is being held. All other attempts to read that row are stalled and have to wait until the lock is released, at COMMIT.\nOur program now counts correctly. Locks mean waiting, so of course it is slower.\n$ ./counter.py truncate Table demo truncated. $ ./counter.py setup --size 10 $ time ./counter.py rmw-correct --id 3 \u0026amp; time ./counter.py rmw-correct --id 3 \u0026amp; [1] 1523980 [2] 1523981 $ real 0m26.284s user 0m0.293s sys 0m0.097s real 0m26.293s user 0m0.292s sys 0m0.099s [1]- Done time ./counter.py rmw-correct --id 3 [2]+ Done time ./counter.py rmw-correct --id 3 $ mysql -u kris -pgeheim -e \u0026#39;select * from demo where id = 3\u0026#39; kris +----+---------+ | id | counter | +----+---------+ | 3 | 2000 | +----+---------+ And this is what the code looks like:\n@sql.command() @click.option(\u0026#34;--name\u0026#34;, default=\u0026#34;demo\u0026#34;, help=\u0026#34;Table name to count in\u0026#34;) @click.option(\u0026#34;--id\u0026#34;, default=0, help=\u0026#34;Counter to use\u0026#34;) @click.option(\u0026#34;--count\u0026#34;, default=1000, help=\u0026#34;Number of increments\u0026#34;) def rmw_correct(name, id, count): \u0026#34;\u0026#34;\u0026#34; Increment counter using rmw logic \u0026#34;\u0026#34;\u0026#34; for i in range(0, count): # I would rather have a START TRANSACTION READ WRITE # but MySQLdb does not offer this natively. db.begin() # read, with FOR UPDATE cmd = f\u0026#34;select counter from {name} where id = {id} for update\u0026#34; c = db.cursor() c.execute(cmd) row = c.fetchone() # modify counter = row[\u0026#34;counter\u0026#34;] + 1 # write cmd = f\u0026#34;update {name} set counter = {counter} where id = {id}\u0026#34; c.execute(cmd) db.commit() ","date":"2020-07-30T00:00:00Z","href":"https://blog.koehntopp.info/2020/07/30/mysql-transactions---writing-data.html","tags":["lang_en","database","mysql","innodb","erklaerbaer","mysqldev"],"title":"MySQL Transactions - writing data"},{"categories":null,"content":"After having a look how MySQL handles transactions physically , let\u0026rsquo;s have a look at what is going on from a logical point of view.\nWe are using a test table called demo with an id and a counter field, both integer. In it, we have 10 counters, all set to 0.\nCREATE TABLE `demo` ( `id` bigint unsigned NOT NULL AUTO_INCREMENT, `counter` int NOT NULL DEFAULT \u0026#39;0\u0026#39;, UNIQUE KEY `id` (`id`) ) INSERT INTO `demo` VALUES (1,0); INSERT INTO `demo` VALUES (2,0); ... INSERT INTO `demo` VALUES (10,0); In one session, we start a transaction and modify a counter value. We do not commit anything.\nSession1\u0026gt; start transaction read write; Session1\u0026gt; update demo set counter = 10 where id = 3; Isolation In a second session, we check the data and notice a few things:\nSession2\u0026gt; select * from demo; +----+---------+ | id | counter | +----+---------+ | 1 | 0 | | 2 | 0 | | 3 | 0 | | 4 | 0 | ... We do not see the uncommitted changes to row id=3 from Session1. We do not have to wait - the uncommitted change on the row id=3 does not stall us in any way. From the previous article we know that MySQL took the older version of the row and moved it to the Undo-Log. It has to do that in order to still have the data around should we decide to ROLLBACK. The new version of the row in the actual tablespace contains a pointer to the older version of the Row in the Undo-Log.\nWhen looking at the row we see this older version, so something made the database read the current values of the rows 1, 2, 4, and so on from the tablespace, but for the row id=3 sent us to the Undo-Log.\nThis is also a good thing, because we do not have to wait.\nTransaction Isolation Level Read Uncommitted This is what MVCC - Multiversion Concurrency Control - does: It uses the old versions of the row to present us a consistent view of the data, depending on the TRANSACTION ISOLATION LEVEL. This is a thing we can change:\nSession2\u0026gt; set transaction isolation level read uncommitted; Session2\u0026gt; select * from demo; +----+---------+ | id | counter | +----+---------+ | 1 | 0 | | 2 | 0 | | 3 | 10 | | 4 | 0 | So once we SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED, we get to see the value 10 written by Session1, despite the fact that it has never been committed. In fact, if we would ROLLBACK, logically it would never have been there - but still Session2 saw it.\nAt TRANSACTION ISOLATION LEVEL READ UNCOMMITTED we are reading stuff directly from the tablespace file. This can contain data that is not yet committed, and due to ROLLBACK never will be - mere phantasies. The Undo-Log is never consulted.\nTransaction Isolation Level Read Committed If we SET TRANSACTION ISOLATION LEVEL READ COMMITTED with the transaction hanging in Session1 as before , we get to see the counter at row id=3 as before, at 0.\nSession2\u0026gt; set transaction isolation level read committed; Session2\u0026gt; select * from demo; +----+---------+ | id | counter | +----+---------+ | 1 | 0 | | 2 | 0 | | 3 | 0 | | 4 | 0 | That is, at this isolation level we will only see data that has been committed.\nAt TRANSACTION ISOLATION LEVEL READ COMMITTED we are reading stuff from the tablespace file, unless there is an ongoing transaction for a row. In that case, the reader will consult the Undo-Log one level deep and show us the previous, committed version of the data. We never get to see ephemeral data that can be rolled back.\nNow, let\u0026rsquo;s commit that change, and check:\nSession1\u0026gt; commit; Session2\u0026gt; set transaction isolation level read committed; Session2\u0026gt; select * from demo where id = 3; +----+---------+ | id | counter | +----+---------+ | 3 | 10 | +----+---------+ In fact, if we incremented the counter in Session1, we also would see that in Session2:\nSession1\u0026gt; start transaction read write; Session1\u0026gt; update demo set counter = counter + 1; Session1\u0026gt; commit; Session2\u0026gt; set transaction isolation level read committed; Session2\u0026gt; select * from demo where id = 3; +----+---------+ | id | counter | +----+---------+ | 3 | 11 | +----+---------+ At TRANSACTION ISOLATION LEVEL READ COMMITTED, if we read the same row twice, we can see it changing.\nTransaction Isolation Level Repeatable Read The default transaction isolation level in MySQL is SET TRANSACTION ISOLATION LEVEL REPEATABLE READ. If you never change anything, this is what you get.\nIf in Session1 we were to run, this time with autocommit and not inside an explicit transaction:\nSession1\u0026gt; UPDATE demo SET counter=counter+1; Session1\u0026gt; UPDATE demo SET counter=counter+1; Session1\u0026gt; UPDATE demo SET counter=counter+1; Session1\u0026gt; UPDATE demo SET counter=counter+1; and in Session2 checked repeatedly, we would see the counter increment, as before:\nSession2\u0026gt; select * from demo where id =3; +----+---------+ | id | counter | +----+---------+ | 3 | 12 | +----+---------+ Session2\u0026gt; select * from demo where id =3; +----+---------+ | id | counter | +----+---------+ | 3 | 13 | +----+---------+ But, and that is new, we now get to use read only transactions in Session2. And that changes behavior:\nSession2\u0026gt; start transaction read only; Session2\u0026gt; select * from demo where id = 3; +----+---------+ | id | counter | +----+---------+ | 3 | 14 | +----+---------+ Session2\u0026gt; select * from demo where id = 3; +----+---------+ | id | counter | +----+---------+ | 3 | 14 | +----+---------+ Session2\u0026gt; commit; Session2\u0026gt; select * from demo where id = 3; +----+---------+ | id | counter | +----+---------+ | 3 | 16 | +----+---------+ As soon as we START TRANSACTION READ ONLY, in this isolation level, we get a consistent read view. In practice that means that our session is frozen in time and will no longer see changes to this or any other table that have been made after we started the transaction.\nAt TRANSACTION ISOLATION LEVEL REPEATABLE READ we are reading stuff from the tablespace, unless it has been changed after we started our transaction. In that case, the reader will consult the Undo-Log multiple levels deep, in order to present us the newest version of the row that is older than our read-only transaction.\nAs soon as we drop our read-only transaction with commit (nothing changed, so nothing is actually committed) our world jumps forward in time to the present, skipping any intermediate steps.\nRepeatable Read and Long Running Transactions Starting a transaction at the default isolation level will force the Undo-Log Purge Thread to stop at the position of our read view. Undo-Log entries will no longer be purged, filling up and growing the Undo-Log. Reads and Index Lookups become more complicated and slower, slowing down the overall performance of the database.\nIt is a good idea to not have long-running transactions.\nMaintenance Operations such as running mysqldump --single transaction mydatabase to make a logical backup achieve a consistent backup my maintaining a consistent read view by starting a long-running transaction. As the dump of a large database can take some time, it is a good idea to do this at a point in time when the database is not so busy. Specifically where write activity is low. Otherwise, the incoming writes will blow up your Undo-Log by the size of the data load, and make everything slow.\nWhile in theory these two operations - a data load and a backup - can happen concurrently and should not interfere, nothing is for free and the implementation of consistent read views will function better if you do not work against it.\nThe Undo-Log will not shrink, but will be freed internally and re-used, should that space ever be needed. But you will end up, depending on your version of MySQL, with a very large ibdata1 file or very large Undo-Log segment files.\nReading Data without Locks It is also worthwhile to note that all the data reads we have seen so far are free from locking: There are no stalls or lock-waits that can happen in these scenarios.\nThe fact that we have to be able to roll back makes it necessary to make a copy of a row before we modify it and keep it around.\nThe fact that most transactions successfully commit and not roll back suggests that we would do well by putting the new version of the row into place properly and move the old version to a temporary storage, the Undo-Log, before we throw it away by the way of the Purge Thread. That way we keep the tablespace clean and free from outdated, stale versions of rows.\nLooking at all active transactions in the system we can easily determine the lowest, oldest transaction number in the system. By definition nothing else can ever reference any row version even older than that, so these versions are fair game for the Purge Thread.\nBy linking old versions of a row, we get a thread from the current version of the row into the (still visible) past of that row as a linked list.\nBy choosing a transaction isolation level at will, per connection, each connection can at any point in time choose to read the current, the most recently committed or the newest version of the row older than its own (read-only) transaction.\nBy committing, a read-only transaction gives up its version of the past, retiring an older transaction, allowing the Purge Thread to move on and free Undo-Log space.\nAt no point in time a read operation is ever stalled by a writer and forced to wait. There are no write-locks ever stalling a reader. These two operations are completely independent.\nFor writers, this is quite different, and for good reason.\n","date":"2020-07-29T00:00:00Z","href":"https://blog.koehntopp.info/2020/07/29/mysql-transactions-the-logical-view.html","tags":["lang_en","mysql","database","innodb","mysqldev"],"title":"MySQL Transactions - the logical side"},{"categories":null,"content":"MySQL speaks its own proprietary protocol. It cannot be routed by an HTTP proxy, and a MySQL connection is entire unlike an HTTP connection. Specifically, a lot of state and configuration is tied to a MySQL connection, and it cannot be recovered on disconnect.\nWhat state is tied to a connection? Transactions A disconnect implies a ROLLBACK. So if you are in a transaction, all changes to the database that you attempted are lost, rolled back, as if they never happened.\nIt is not enough to retry the last statement, you need to jump back to the beginning of the transaction.\nThis is not unexpected. All transactions can fail, in the middle of a transaction or even on COMMIT (you attempt to COMMIT, but get a ROLLBACK due to a deadlock or a failed transaction certification in Group Replication).\nApplications need to be able to detect that and handle that at any point in time, by retrying the transaction.\nLocks When you disconnect from the database for any reasons, all locks you held at that point in time are being released. This includes all X- and S-Locks in InnoDB, all MyISAM table locks, all ongoing metadata locks and of course also all object-less locks acquired with GET_LOCK().\nThis makes a lot of sense and is a requirement - on disconnect, locks need to be released. Otherwise, you would be constantly cleaning up locks left around after the process died, as if they were Apache Shared Memory Segments and stuff.\nLAST_INSERT_ID In MySQL, we generate sequences implicitly: You write a NULL or 0 to a field which has the auto_increment attribute and get assigned a number. Now you need to know that number, so in a followup statement you are referencing this as the LAST_INSERT_ID().\nThis ID is being cached in your connection, which is lost when you disconnect.\nUsing last_insert_id() looks like this:\nmysql\u0026gt; CREATE TABLE `demo` ( `id` bigint unsigned NOT NULL AUTO_INCREMENT, `data` varbinary(255) NOT NULL, UNIQUE KEY `id` (`id`) ) ENGINE=InnoDB; mysql\u0026gt; insert into demo values (0, \u0026#34;Keks\u0026#34;); mysql\u0026gt; insert into demo values (NULL, \u0026#34;Cookie\u0026#34;); mysql\u0026gt; select id from demo; +----+ | id | +----+ | 1 | | 2 | +----+ mysql\u0026gt; select last_insert_id() as lastid; +--------+ | lastid | +--------+ | 2 | +--------+ After a KILL on the connection, this happens:\n(Admin Connection) mysql\u0026gt; kill 350542; (Client Connection) mysql\u0026gt; select last_insert_id() as lastid; ERROR 2006 (HY000): MySQL server has gone away No connection. Trying to reconnect... Connection id: 350571 Current database: kris +--------+ | lastid | +--------+ | 0 | +--------+ Temporary Tables MySQL has the incredibly broken feature of CREATE TEMPORARY TABLE. These are tables that can shadow tables in the global namespace, have different permissions, and disappear on disconnect. They are also prone to breaking certain modes of replication if there ever is a disconnect in the replication connection while any of these tables is active. And they break snapshots and backup recovery of the database server, for the same reason.\nIn general, the recommendation is to not use the CREATE TEMPORARY TABLE feature at all because of these drawbacks. Create regular tables in a temp schema instead and scope table names with a CONNECTION_ID() instead.\nFor the purposes of this discussion, temporary tables are connection scoped state, and if we used them, we would also lose them on disconnect.\nPrepared statements (and parsed bytecode) In MySQL, it is possible to store code in the database, using stored procedures, stored functions, and other constructs. The language for this is abysmally ugly, and the execution engine is on-par with PHP 3 from 1998, in terms of structure and performance. Parsed stuff is cached per-connection, which makes no sense at all. Also, in general, you do not want to run code on expensive and crowded database CPUs when you can have plenty of cheap and easy to scale CPUs in application nodes.\nIn general, the recommendation is to not use code in the database, if at all possible. For the purposes of this discussion, stored code caches are per-session and are lost on disconnect, but automatically recovered on reconnect (at a performance penalty).\nIn MySQL, many client side Connectors use the SQL Statement PREPARE or a similar API mechanism to prepare a statement for repeated execution. Later, a matching EXECUTE in a loop will bind it to variables and run the SQL. This is usually done more or less transparently by the Protocol Connector your host language uses underneath the database abstraction and ORM interfaces you are using to talk to the database.\nFor the purposes of this discussion it is interesting to know that these prepared statements are part of the connection scoped state and will be lost on disconnect. Depending on how your connector implements this, recovery may be automatically, but usually isn’t in all cases.\nVariables Connections can be associated with variables. Some of these variables are under user control (@-Variables). This is dangerous, deprecated and can break certain modes of replication, but has been done in the past to make TopK queries efficient – use Window Functions from MySQL 8 instead.\nmysql\u0026gt; select id from demo; +----+ | id | +----+ | 1 | | 2 | +----+ mysql\u0026gt; set @count := 100; Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; select @count := @count + 1 as v, id from demo; +------+----+ | v | id | +------+----+ | 101 | 1 | | 102 | 2 | +------+----+ 2 rows in set, 1 warning (0.00 sec) mysql\u0026gt; show warnings; Warning | 1287 | Setting user variables within expressions is deprecated and will be removed in a future release. Consider alternatives: \u0026#39;SET variable=expression, ...\u0026#39;, or \u0026#39;SELECT expression(s) INTO variables(s)\u0026#39;. For the purposes of this discussion, @-Variables are part of connection scoped state and are lost on disconnect.\nSession Variables are configuration that controls the execution of queries. They are sometimes necessary to speed things up, to handle character sets properly, or to nudge the query optimizer into the right direction.\nmysql\u0026gt; SET NAMES utf8mb4; … mysql\u0026gt; SET SESSION optimizer_prune_level = 0; … For the purposes of this discussion, these settings are part of the connection scoped state and are lost on disconnect. On reconnect, you must re-set the connection session level parameters to the desired state. Without this, the session state is identical to the global setup inherited on connect.\nMagic SET commands Old statement based replication had the problem of having to replicate stateful commands such as NOW(), RANDOM(), USER() and similar. When executing a command on the replica, the time would be different, the result of a call to RANDOM() would have a different seed state, and the current user would be the replication user and not the user who issues the original statement.\nMySQL solved that by having a number of Magic SET commands, so that the statement\nSELECT NOW() as now; was being replicated as\nSET TIMESTAMP=... SELECT NOW() as now; and in this set up the NOW() function would not return the current time, but the time previously set with the Magic SET. This is a connection scoped flag, and it is lost on disconnect. If you use Magic SET commands, they are lost and need to be re-set on reconnect.\nTL;DR MySQL\u0026rsquo;s connections carry a lot of state, all of which is lost on disconnect. It is therefore completely impossible to transparently reconnect to a MySQL server in the Protocol Connector, a Proxy or other lower layers in the stack. The application needs to take notice and handle reconnects properly, recreating the required state for the application to function. It then needs to restart the transaction, not the last statement. The database server you reconnect to may be a different from the one you were connected to before, even if it has the same name – the DNS may have changed due to a failover being the reason for a disconnect. You need to re-resolve the hostname and be prepared to get a different IP number. Transactions can fail. Commits can fail. Deadlocks and Group Replication verification can cause this. You must not rely on SQL statements being successful, including the COMMIT statement, and you need to be able to detect such failures and restart transactions. This is possible even without a disconnect. ","date":"2020-07-28T00:00:00Z","href":"https://blog.koehntopp.info/2020/07/28/mysql-connection-scoped-state.html","tags":["erklaerbaer","database","mysql","mysqldev","lang_en"],"title":"MySQL Connection Scoped State"},{"categories":null,"content":"When writing data to disk, for small transactions the cost of writing the commit out do disk dominates the execution time of the script. In order to show that, I wrote a little Python script.\nThe script creates a test table in a database and writes 10.000 rows of test data into it, in commit sizes of 1, 2, 4, \u0026hellip;, 1024 rows.\n$ ./mysql.py --help Usage: mysql.py [OPTIONS] COMMAND [ARGS]... Test commit sizes. Options: --help Show this message and exit. Commands: create Create the demo table empty. drop Drop the demo table fill Write test records into the demo table. truncate Truncate the demo table. There is a small driver script to run the test. The driver creates the table, truncates it and will then run the fill command of the script over and over again, with growing commit-sizes. All powers of 2 from 0 to 10 are being tried with 10.000 rows of test data.\nThe test system has a very old SSD (Crucial M4-CT512M4SSD2) as a data directory.\n$ cat driver.sh #! /bin/bash -- ./mysql.py drop ./mysql.py create for i in {0..10} do csize=$((2 ** $i)) ./mysql.py truncate echo \u0026#34;./mysql.py fill --size=10000 --commit-size=$csize\u0026#34; time ./mysql.py fill --size=10000 --commit-size=$csize done The result of the test run is as follows shown, and since at point 10.000 rows were not enough, I later added a second test run with 100.000 rows and step sizes of 5..14 (32 rows to 16384 rows).\nScript runtime as a function of commit batch size. x-Axis is logarithmic, y-axis is linear.\nTxn Sz Runtime Rows/s Runtime Rows/s 0 127 78 1 68.7 145 2 38.4 260 3 20.93 477 4 12.03 831 5 7.04 1420 71.01 1409 6 4.38 2283 46.40 2156 7 2.92 3412 30.13 3319 8 2.24 4464 20.94 4776 9 1.77 5649 17.51 5712 10 1.58 6329 15.35 6515 11 14.16 7063 12 13.63 7337 13 13.59 7359 14 13.26 7542 Raw data from the test runs.\nWe observe: Going from single row commits to 16 row commits, we get a 10-fold speed increase, and going to 1024 row commits, we are seeing another factor of 10. After that, there is hardly any improvement for our chosen record size and hardware.\nTL;DR A transaction size of 1000 rows or larger does not seem to improve write speed (i.e. in a data load).\nFrom 1 row/commit to 16 rows/commit, we see an increase of an order of magnitude, and another order of magnitude can be had by going from 16 rows/commit to 1024 rows/commit.\nThe script $ cat requirements.txt click mysqlclient $ python3 -mvenv venv $ source venv/bin/activate (venv) $ pip install --upgrade pip ... (venv) $ pip install wheel ... (venv) $ pip install -r requirements.txt ... (venv) $ pip freeze -r requirements.txt \u0026gt; requirements-frozen.txt and\n#! /usr/bin/env python3 import sys import random import string import click import MySQLdb import MySQLdb.cursors from pprint import pprint db_config = dict( host=\u0026#34;localhost\u0026#34;, user=\u0026#34;kris\u0026#34;, passwd=\u0026#34;geheim\u0026#34;, db=\u0026#34;kris\u0026#34;, cursorclass=MySQLdb.cursors.DictCursor, ) sql_drop_table = \u0026#34;drop table %s\u0026#34; sql_create_table = \u0026#34;\u0026#34;\u0026#34;create table %s ( id serial, data varbinary(255) not null )\u0026#34;\u0026#34;\u0026#34; sql_truncate_table = \u0026#34;truncate table %s\u0026#34; sql_insert_into = \u0026#39;insert into %s ( id, data) values ( %d, \u0026#34;%s\u0026#34; )\u0026#39; db = MySQLdb.connect(**db_config) @click.group(help=\u0026#34;Test commit sizes.\u0026#34;) def sql(): pass @sql.command() @click.option(\u0026#34;--name\u0026#34;, default=\u0026#34;demo\u0026#34;, help=\u0026#34;Table name to drop\u0026#34;) def drop(name): \u0026#34;\u0026#34;\u0026#34; Drop the demo table \u0026#34;\u0026#34;\u0026#34; cmd = sql_drop_table % name try: c = db.cursor() c.execute(cmd) click.echo(f\u0026#39;Table \u0026#34;{name}\u0026#34; dropped.\u0026#39;) except MySQLdb.OperationalError as e: click.echo(f\u0026#39;Table \u0026#34;{name}\u0026#34; did not exist.\u0026#39;) @sql.command() @click.option(\u0026#34;--name\u0026#34;, default=\u0026#34;demo\u0026#34;, help=\u0026#34;Table name to create\u0026#34;) def create(name): \u0026#34;\u0026#34;\u0026#34; Create the demo table empty. \u0026#34;\u0026#34;\u0026#34; cmd = sql_create_table % name try: c = db.cursor() c.execute(cmd) click.echo(f\u0026#39;Table \u0026#34;{name}\u0026#34; created.\u0026#39;) except MySQLdb.OperationalError as e: click.echo(f\u0026#39;Table \u0026#34;{name}\u0026#34; did already exist\u0026#39;) @sql.command() @click.option(\u0026#34;--name\u0026#34;, default=\u0026#34;demo\u0026#34;, help=\u0026#34;Table name to insert into\u0026#34;) @click.option(\u0026#34;--size\u0026#34;, default=1000000, help=\u0026#34;Number of rows to create in total\u0026#34;) @click.option(\u0026#34;--commit-size\u0026#34;, default=1000, help=\u0026#34;Commit batch size\u0026#34;) @click.option(\u0026#34;--verbose/--no-verbose\u0026#34;, default=False, help=\u0026#34;Log each commit?\u0026#34;) def fill(name, size, commit_size, verbose): \u0026#34;\u0026#34;\u0026#34; Write test records into the demo table. \u0026#34;\u0026#34;\u0026#34; for i in range(0, size): str = \u0026#34;\u0026#34;.join( random.choice(string.ascii_uppercase + string.digits) for _ in range(20) ) cmd = sql_insert_into % (name, i + 1, str) c = db.cursor() try: c.execute(cmd) except MySQLdb.Error as e: click.echo(f\u0026#34;MySQL Error: {e}\u0026#34;) sys.exit() if i % commit_size == 0: if verbose: print(f\u0026#34;Commit at {i}...\u0026#34;) db.commit() db.commit() @sql.command() @click.option(\u0026#34;--name\u0026#34;, default=\u0026#34;demo\u0026#34;, help=\u0026#34;Table name to truncate here\u0026#34;) def truncate(name): \u0026#34;\u0026#34;\u0026#34; Truncate the demo table. \u0026#34;\u0026#34;\u0026#34; cmd = sql_truncate_table % name try: c = db.cursor() c.execute(cmd) click.echo(f\u0026#39;Table \u0026#34;{name}\u0026#34; truncated.\u0026#39;) except MySQL.OperationalError as e: click.echo(f\u0026#39;Table \u0026#34;{name}\u0026#34; does not exist.\u0026#39;) sql() ","date":"2020-07-27T00:00:00Z","href":"https://blog.koehntopp.info/2020/07/27/mysql-commit-size-and-speed.html","tags":["lang_en","database","mysql","innodb","erklaerbaer","mysqldev"],"title":"MySQL Commit Size and Speed"},{"categories":null,"content":"So you talk to a database, doing transactions. What happens actually, behind the scenes? Let’s have a look.\nThere is a test table, and we write data into it inside a transaction:\nCREATE TABLE t ( id serial, data varbinary(255) ) START TRANSACTION READ WRITE INSERT INTO t ( id, data ) VALUES (NULL, RANDOM_BYTES(255)) COMMIT The MySQL test instance we are talking to is running on a Linux machine, and otherwise idle to make observation easier. Also, we configured it with innodb_use_native_aio = false because observing actual physical asynchronous I/O and attributing it to the statement that caused it is really hard.\nSetting things up this way, we can use lsof and strace to see things. But before we do this, let’s set some expectations and establish some background knowledge.\nThe Log/Data Memory/Storage quadrants Upper half: Log structures, Lower half: Data structures. Left half: Memory, Right Half: On Disk.\nThe diagram above is older than time itself, but it still is structurally true. It shows the data structures involved in writing data to disk when talking about the InnoDB storage engine that we use in MySQL almost exclusively.\nInnoDB is a MVCC engine, that is, it uses Multi Value Concurrency Control. What that means exactly is a topic for another article, but in this case it means that for each record multiple versions can exist, and different threads and connections can see different versions of the data in a controlled fashion.\nThe diagram has four quadrants:\nThe upper half talks about log structures, the lower half about data structures. Things on the upper half are in some Log: The Redo-Log, the Undo-Log or the Double Write Buffer. Things on the lower half are in some tablespace file, so some .ibd file on disk. The left half is about things in memory, not persisted. The right half is about things on disk, stored persistently. If you kill a machine by pulling a plug, things on the right half survive, and things on the left half are lost. There is also the binlog, which is used in replication and restore, but it is not in this picture.\nStarting a transaction When you START TRANSACTION READ WRITE, the database takes note of the current transaction number. It does not do much else until you actually write things.\nThere are other ways to start a transaction: BEGIN, BEGIN WORK, SET autocommit are some ways to do it, but they are not recommended. That is, because they do not carry an explicit write concern and that creates all kind of problems with a MySQL proxy in the chain.\nA proxy needs to route an incoming connection to a target database host when the transaction starts. But if that is a read-only transaction that can be satisfied by a replica, or a read-write transaction that can only be satisfied by a primary, is unclear until the first write statement appears. This statement appears maybe even some statements deep inside a transaction, but in any case after the start - and then it is too late to change things.\nMySQL proxies therefore route transaction starts preemptively to a primary, unless the read-only intent is made clear in the statement that starts the transaction explicitly.\nOnly START TRANSACTION can do this.\nUsing Data Modification Language The next statement then can write data to the database:\nINSERT INTO t ( id, data) VALUES ( NULL, RANDOM_BYTES(255)) is such a statement. It writes a NULL to an auto_increment field to get a new counter value, and then generates 255 random bytes of data to be written.\nThe transaction is being built up in memory, in the top left quadrant: A log buffer is being allocated and filled with data, step by step, until the log buffer overflows or the transaction commits.\nA second thing happens simultaneously: The data being “overwritten” needs to be saved in order to have it around for rollback - this is more true of an UPDATE or DELETE than an INSERT statement, though.\nSo the data page where this record is located is loaded from a data file (lower right quadrant) into memory (lower left quadrant), into the InnoDB Buffer Pool. That is an userspace data cache owned by the database process. It is the primary reason for the database process using a lot of memory.\nThe row being “overwritten” is then being moved out of the table, and moved into the Undo-Log. This is purely an in-memory operation, copying data from one page to another. A linked list is being built from the new, current version of the row to this older previous version of the row. This linked list can be long, pointing from the current version of the row to ever older version of that row in the Undo-Log. Following the list you get to see the past versions of this row, one by one.\nIf we were to ROLLBACK the transaction now, MySQL would move the data back from the Undo-Log page into the Tablespace page. This is a comparatively slow operation - MySQL is set up and optimized for transactions being COMMIT’ed instead of rolled back most of the time.\nCommitting Finally, we finish the transaction and tell the database this using\nCOMMIT On commit, the log buffer is being written to disk, as a kind of binary diff to the original unchanged database from the table space. The Undo-Log space could be freed at this point, from the point of view of this transaction, because once committed, it can no longer be changed except by a second transaction.\nThere are other connections, and other transactions in the system that could still make use of this data, and they can prevent the Undo-Log entry from being purged. More about that another time, when we look at transactions from a logical point of view and talk about isolation levels.\nWhen we write the Log Buffer out, we write it to the Redo-Log. The Redo-Log is an on-disk structure, usually taking the form of two files. They are the very first thing a MySQL install creates, so if you install MySQL with the data directory being a new and empty disk, the first two files being created are the two ib_logfile* structures. This ensures they are fixed size, immovable ring buffers that are physically not fragmented. They are linear blocks on disk. Writes to the Redo-Log are fast, sequential writes, even on rotating hard disks.\nAfter that, we are done - the transaction is committed to stable storage and can no longer be lost. The application can move on.\nAfter committing: Checkpointing But wait! Isn’t the .ibd tablespace file changed? What about purging the Redo-Log? How long can this go on?\nWe are constantly creating InnoDB Buffer Pool pages that are different from their original image on disk in the tablespace files. These pages are called dirty, and eventually they need to be written back.\nWe are also constantly filling the Redo-Log files, but they are a ring structure with a finite amount of space, and we need to eventually purge the Redo-Log and free up space there.\nAnd there may be lulls in the application activity that allow the database to do stuff when it feels idle.\nThat are three good reasons to actually write dirty InnoDB Buffer Pool pages back to the tablespaces. This is called checkpointing, and it will eventually happen, but hopefully much later than the actual commit.\nIn checkpointing, we select the oldest entries from the Redo-Log, determine which pages in the Buffer Pool they relate to, and then choose these pages for write-back. When this is complete, the on-disk image and the in-memory image are equal, the pages are clean and the Redo-Log entries are no longer needed and can be overwritten.\nPages are larger than disk blocks: They are usually 16 KB in size, and disk blocks are traditionally 512 Byte large, and these days 4 KB in size. Enterprise media (HDD, SSD and so on) usually guarantee atomic writes to a block, even in the face of power failure - so there won’t ever be half-written 512 Byte blocks or 4K pages.\nBut that is not good enough for us. If the power was to fail in the write-back of a page, we would get back a half-written page, and we would not even know where the cutoff is. This is called a torn page scenario and in order to prevent it, we write the set of pages out as a large block to a staging area called the Double Write Buffer first. So there will be a large 1 MB write to the DWB first, and then a set of 16 KB writes to the actual tablespace locations.\nAfter writing out the set of dirty pages, we can mark the Redo-Log space as free again and also mark the pages in memory as clean.\nRecovery If we fail the database before committing, that’s ok. The application has not issued a commit statement, we did not acknowledge the commit, so no contract, and it is totally the obligation of the application to handle this situation.\nIf we fail the database after committing, the data is in the Redo-Log. On Recovery, we load the unaltered image of the page from the tablespace, load the binary diff from the Redo-Log and have recreated the dirty page in memory. Eventually, it will be witten out in a Checkpoint.\nIf we fail the database during checkpointing while writing to the Double Write Buffer, we still have the unaltered image of the page in the table space, and the Redo-Log entry, so it is as before.\nIf we fail the database during checkpointing while writing to the tablespace, creating torn pages, in recovery we can read the pages from the DWB and move them into place, then move on.\nThere is never any data loss – unless there is a loss of the media the data was on, and it is the job of MySQL replication or of a simple RAID to protect us from that.\nProof and Observation Let’s have a quiet instance of a local MySQL with AIO off, as described above, and check the file handles for a later strace:\n# lsof -p 29169 … mysqld 29169 mysql 3uW REG 253,0 536870912 68238213 /var/lib/mysql/ib_logfile0 mysqld 29169 mysql 4uW REG 253,0 864026624 178570 /var/lib/mysql/kris/t.ibd … mysqld 29169 mysql 9uW REG 253,0 536870912 68238220 /var/lib/mysql/ib_logfile1 mysqld 29169 mysql 10uW REG 253,0 415236096 68239130 /var/lib/mysql/ibdata1 mysqld 29169 mysql 11uW REG 253,0 12582912 68238214 /var/lib/mysql/ibtmp1 … We are using a database kris with a test table t. The file handles that are relevant for observation are 4 for the ibd file, 3 and 9 for the logfiles and 10 for the ibdata1, which would also be the location of the Double Write Buffer.\nWe can see the command coming in:\n[pid 29441] recvfrom(39, \u0026#34;\\3insert into t values(NULL, rand\u0026#34;..., 46, MSG_DONTWAIT, NULL, NULL) = 46 The database now requires some randomness:\n[pid 29441] openat(AT_FDCWD, \u0026#34;/dev/urandom\u0026#34;, O_RDONLY) = 42 [pid 29441] read(42, \u0026#34;\\207H\\241\\254O\\317\\10\\fk\\3447\\201\\277\\267\\223,Oi\\202\\272\\222\\16(\\210\\333\\300\u0026#39;\u0026amp;\\302g!\u0026amp;\u0026#34;, 32) = 32 [pid 29441] close(42) = 0 We observe some action on the table metadata and then the log write from the commit:\n[pid 29441] pread64(10, \u0026#34;H\\252\\364\\35\\0\\0\\1\\255\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0,\\346\\365\\0\\2\\0\\0\\0\\0\\0\\0\u0026#34;..., 16384, 7028736) = 16384 [pid 29441] pwrite64(3, \u0026#34;\\200\\201\\23D\\2\\0\\0\\30\\0\\0\\38bd\\08\\0\\0\\0\\1\\0!\\257\\23\\267\u0026gt;\\0\\0\\r./k\u0026#34;..., 1024, 34426368) = 1024 [pid 29441] fsync(3) = 0 This is the only fsync that contributed to commit-Latency. The changed data is now persisted to disk, and can be reconstructed using the unmodified page from the tablespace and the change information from the redo-log during recovery.\nThe modified page is still in memory, though, and in order to reclaim redo-log space, needs to be eventually written back in a Checkpoint.\nThis happens later, and with many more fsync operations. It does happen in batch, for many commits and multiple pages, normally, but in our easily traceable test setup, it’s looking like a lot of overhead.\nDuring normal operations, a page is often modified in multiple commits over a short amount of time. Each of these commits is a separate redo-log fsync (it\u0026rsquo;s not, there are some ways to cheat a bit). But in the Buffer Pool, on the file side of things, all these changes are being accumulated on the dirty in-memory page, and get persisted into the tablespace in a single checkpoint write. In fact, while there could be thousands of changes to in-memory pages per second, given a liberal amount of memory checkpoints can be spaced minutes apart.\nAlso, during checkpointing, one Double Write Buffer worth of pages gets written out in a single sync operation, so we do see a far better page/sync and MB/sync ratio than in this test setup.\nAnyway, this is what checkpointing to the Double Write Buffer, at offset 1M in the ibdata looks like:\n[pid 29181] pwrite64(10, \u0026#34;\\234\\v\\217Y\\0\\0\\1\\255\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\1\\2\u0026amp;\\211\\225\\0\\2\\0\\0\\0\\0\\0\\0\u0026#34;..., 32768, 1048576) = 32768 [pid 29181] fsync(10) = 0 And there follows again an update of the metadata, and the write back to the actual tablespace:\n[pid 29179] pwrite64(10, \u0026#34;\\234\\v\\217Y\\0\\0\\1\\255\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\1\\2\u0026amp;\\211\\225\\0\\2\\0\\0\\0\\0\\0\\0\u0026#34;..., 16384, 7028736) = 16384 [pid 29179] pwrite64(4, \u0026#34;.KT\\0\\0\\0d\\225\\0\\0d\\224\\377\\377\\377\\377\\0\\0\\0\\1\\2\u0026amp;\\211\\216E\\277\\0\\0\\0\\0\\0\\0\u0026#34;..., 16384, 421871616) = 16384 [pid 29179] fsync(4) = 0 [pid 29179] fsync(10) = 0 After this, the Redo-Log is no longer needed, and we can take note of this:\n[pid 29187] pwrite64(3, \u0026#34;\\200\\201\\23E\\1\\271\\0\u0026amp;\\0\\0\\39\\22\\2\\0\\201\\255\\0(\\201\\20\\2\\0\\201\\255\\0\\*\\201\\20\\2\\0\\201\u0026#34;..., 512, 34426880) = 512 [pid 29187] fsync(3) = 0 Writing really a lot of data When you write (or delete) a lot of data, things are getting a bit complicated. Also, when you have really long-running transactions, things can get complicated. Let’s go through a few scenarios:\nData Loading An application is performing an initial data load, and reading the equivalent of 100 GB of data one-table-at-a-time in a single commit.\nTransactions are large here, larger than a log buffer in memory can hold. In this case, we write log buffers out prematurely to the Redo-Log, but without a commit flag at the end. If this crashed before the final commit, we would recover all of this from the Redo-Log, then encounter the end of the log without a commit and enter a monstrous Rollback. In the past that was hideously slow, these days it is just slow.\nMoral: Really large transactions are less than ideal, but this is rare. Still once upon a time, I have been paid, as a MySQL consultant, to watch a 2h Rollback/Undo-Log recovery.\nLoading a lot of data will fill up the Redo-Log quickly, or it will dirty a large number of pages. Eventually the system will run out of either clean page or Redo-Log space, and will feel what we call Checkpointing Pressure. If the Checkpointing Pressure becomes too large, it may even stall, not reacting to user commands for some time.\nA system that is consistently seeing a lot of writes can profit from a large Redo-Log, and that is a thing that can be configured.\nData Deletion Deletion of data is also a write and copy operation: It could be rolled back until it is committed, so on delete data is actually pushed to the Undo-Log. Depending on how things are organized, it can also trigger a lot of reorganisation of the Index Trees and other operations.\nIf you want to delete all data, TRUNCATE is better than DELETE, because it does not cause these things.\nIf you want to structure data with regular expirations, have a look at table partitioning and use dynamic DDL to create and drop partitions on a schedule instead of deleting data. This implies a temporal arrangement of the data, so a date or time is becoming part of the primary key.\nLong-running transactions Until you commit, you could roll back. That means the previous version of the row is being held in the Undo-Log. In fact, Undo-Log purge is a simplistic single threaded thing, so what happens in reality is that the system looks at all active transactions in the system and determines the oldest transaction number in the system that is still active.\nIt then deletes all Undo-Log even older than this, but no more.\nSo if you\nSTART TRANSACTION READ WRITE INSERT INTO t (id, data) VALUES (NULL, RANDOM_BYTES(255)) and then go to lunch, purging of the Undo-Log stops until this transaction vanishes by ROLLBACK (or disconnect or timeout) or COMMIT. The database will slow down a lot until it becomes barely usable.\nAs we build Undo-Log, the database slows down. A lot. We kill the connection, the offender returns, and things slow down again, until the root cause is removed.\nI am mentioning this specifically as being problematic, because it happened. With somebody going to lunch after using a Cron Box for interactive data poking, and again in a similar way with Hadoop Data Loaders taking a long, long time to Hadoop Data Load.\nDon’t do this. Don’t do this on a box that is seeing any kind of shared usage, especially.\nTL;DR MySQL takes great care when writing data to disk: As long as the physical media is undamaged, it will not lose data. You can pull the power cable, switch off the server, kill -9 the mysqld process, it matters not: When we return from a COMMIT, we have a valid copy of the data, or we have a bug.\nThe cost for a COMMIT is a single fsync. You decide how many rows go into that single fsync, and we recommend you be somewhat economical (1k-10k rows are ideal from a performance PoV).\nWriting the actual data out to disk later in the checkpoint is many more operations and fsync, but you will not notice that in your application unless you really write a lot of data, fast. In this case, some tuning is required.\n","date":"2020-07-27T00:00:00Z","href":"https://blog.koehntopp.info/2020/07/27/mysql-transactions.html","tags":["lang_en","mysqldev","mysql","database","innodb","erklaerbaer"],"title":"MySQL Transactions - the physical side"},{"categories":null,"content":"So I am a Windows User now. I have an old MacBook pro, Late-2013 13\u0026quot; Retina, i7, 16 GB, 1 TB SSD, and the battery is done now, after 7 years. Also, the hardware is aging, and I want it refurbished and upgrade the son\u0026rsquo;s equipment (which is the previous 2010 MBP I had at that time).\nModern Apple is not my thing. I have a company MBP, 2018 Retina 13\u0026quot; Four-Port, i7, 16 GB, and everything about this device is wrong. I cannot for the life of me type on this keyboard, I accidentally hit functions on the touchbar, and the trackpad is so large that I put my hands on it when I don\u0026rsquo;t want to. Also, I had to disable the force-touch functionality because otherwise I would open files instead of selecting them. I have to charge it from the right hand side USB-C connector, because otherwise it would get hot and throttle.\nWith this in mind, and the announcement from Apple to move to ARM CPUs plus nailing the device cryptographically shut so that you can\u0026rsquo;t boot other operating systems any more, it was time to move away from MacOS.\nI knew I wanted a device with Touchscreen, a 2-in-1 or detachable, and I have been looking at a number of devices. The Surface Book 3 was my favorite, because you can detach the screen and use it as a tablet, plus it is available with a discrete NVidia graphics card in the keyboard base if you buy the right model. The various Lenovo Yoga variants looked well made and pretty, too.\nWhat is in the box? Machine, USB-C Dongle (HDMI, VGA, USB-A 3.0), Power Supply\nIn the end, I chose a Lenovo Yoga C940, i7, 16GB, 1 TB with a NVidia 1650. This came in around 1000 Euro cheaper than the Surface Book 3, which I fully intend to spend on a monitor/docking station. The machine has a 4K touchscreen display (3840 × 2160), a keyboard I can handle, an okay sized touchpad und an awesome (and way too powerful) sound system. The screen is technically glossy, but I seem to be able to work with it just fine.\nThe machine came with an older version of Windows 10, which patched and upgraded itself to Build 2004 after an initial configuration. I then went on to upgrade WSL to WSL 2, and started using the Ubuntu 20.04 environment provided by the Microsoft Store.\nThis version of WSL 2 does not yet support graphical applications, so I proceeded with installation of VMware workstation as well. I tried VirtualBox, but all installation attempts of an Ubuntu 20.04 image crashed during installation. VMware Workstation went through at the first attempt and with way less hassle - not unexpected. I have been using VMware Fusion at all times of my Mac carrer in the last 15 years, and it\u0026rsquo;s primary hallmark was \u0026ldquo;It just works, and actually performs quite well\u0026rdquo;, and VMware workstation just did the same.\nI am now in the process of moving all basic applications to Windows, which after 15 years of Mac is quite an adjustment. But at least the communication side of things is somewhat covered: Signal, WhatsApp, Skype (Yes, for Oma), Slack, Discord and Twitter Apps are no problem at all. For email, I had to look around a bit, but I found eM Client to be quite good.\nAs a replacement for ReadKit, I need something that can handle around 500 RSS feeds efficiently and ideally synchronizes with a service like Newsblur (or The Old Reader or Feedly), because I also read my RSS on the Cellphone and GrazeTen for Android can sync with these 3 services. What I found to be tolerable seems to be QuiteRSS, but that does not seem to be able to sync at all.\nSince I am over 50, I decided to be less of a speaker and instead encourage others to speak more, hence my need for Office programs can actually be completely covered by Google Office just fine, and LibreOffice seems to work tolerably well, too. Converting all my Keynote Files into Powerpoint/PDF/Slideshare is unfinished, though.\nI am using Gimp and OmniGraffle on the Mac. Gimp is not hard to get, but outside of Visio an OmniGraffle-Replacement seems to be absent.\nIn general, the Windows Store seems to be a total loss. It is a source of updates for some onboard applications, so cannot be gotten rid of, but the so called \u0026ldquo;modern Windows\u0026rdquo; applications provided there are usually unmaintained, badly formatted and somewhat broken. In general, it seems that the market share of Windows in terms of licenses sold does in no way reflect the market share of Windows in terms of Developer mindshare, at least judging by the state of the Windows Store.\nOn the other hand, working with this piece of hardware and with Windows 10 when it is able to forget it\u0026rsquo;s legacy is a breeze. It\u0026rsquo;s when the varnish wears off and the old XP rears it\u0026rsquo;s head that things get nasty, touch-unfriendly or generally needlessly complicated.\nPython, git and other things are available natively and in WSL just fine, I have PyCharm, Sublime and VScode, and they just work. I got Hugo and Jekyll running in WSL, too. So that part of the system is covered just fine.\n5 seconds to the logo, 15 seconds until ready, from a complete cold start\nAnd it\u0026rsquo;s fast. I am not speaking just about 12 threads on a NVME disk, I am also speaking about a system that cold-boots faster than a Mac wakes up from deep sleep, and about a graphic subsystem that can handle \u0026ldquo;Assassins Creed: Origins\u0026rdquo; in HD at \u0026ldquo;High\u0026rdquo; with absolutely playable framerates, and that actually manages to drive a Rift S in Elite: Dangerous pretty ok.\nWe will see how long it will take me to really convert all the ways I work\u0026hellip;\n","date":"2020-07-07T00:00:00Z","href":"https://blog.koehntopp.info/2020/07/07/so-i-am-a-windows-user-now.html","tags":["lang_en","windows","macos","apple"],"title":"So I am a Windows User now"},{"categories":null,"content":"Because Martin wanted some starting point, here is how I set up my Python. There are a lot of other things one can do, but this is supposed to be just a starting point.\nFor a new project, make a project directory, usually not with a local git repository.\nkk:Python kris$ mkdir project kk:Python kris$ cd project kk:project kris$ git init Initialized empty Git repository in /Users/kris/Python/project/.git/ We need a virtual environment to keep our modules apart from the system python.\nkk:project kris$ python3 -m venv ~/.venv/project In my case, I have a bash PROMPT_COMMAND installed that automatically activates the venv when I enter a directory. From the .bashrc, some highly insecure code:\nautoenv() { if [ -f ./.venv ]; then nv=$(cat ./.venv) if [ -f \u0026#34;$nv/bin/activate\u0026#34; ]; then if [ \u0026#34;$VIRTUAL_ENV\u0026#34; != \u0026#34;$nv\u0026#34; ]; then source $nv/bin/activate fi fi fi } PROMPT_COMMAND=autoenv And then:\nkk:project kris$ echo /Users/kris/.venv/project \u0026gt; .venv (project) kk:project kris$ As can be seen from the prompt, the venv already active. Usually, after install the pip is outdated.\n(project) kk:project kris$ pip install --upgrade pip ... Successfully installed pip-20.1.1 We also need wheel for C-Language Extensions, and black, mypy and pre-commit.\n(project) kk:project kris$ pip install wheel ... Successfully installed wheel-0.34.2 (project) kk:project kris$ pip install black mypy pre-commit ... Installing collected packages: click, attrs, pathspec, regex, toml, appdirs, typed-ast, black, mypy-extensions, typing-extensions, mypy, cfgv, filelock, six, zipp, importlib-metadata, distlib, virtualenv, nodeenv, pyyaml, identify, pre-commit Successfully installed appdirs-1.4.4 attrs-19.3.0 black-19.10b0 cfgv-3.1.0 click-7.1.2 distlib-0.3.1 filelock-3.0.12 identify-1.4.20 importlib-metadata-1.7.0 mypy-0.782 mypy-extensions-0.4.3 nodeenv-1.4.0 pathspec-0.8.0 pre-commit-2.5.1 pyyaml-5.3.1 regex-2020.6.8 six-1.15.0 toml-0.10.1 typed-ast-1.4.1 typing-extensions-3.7.4.2 virtualenv-20.0.25 zipp-3.1.0 The last three collect a large number of additional dev-dependencies.\nWe then need to set-up the pre-commit environment:\n(project) kk:project kris$ cat .pre-commit-config.yaml repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v2.3.0 hooks: - id: check-yaml - id: end-of-file-fixer - id: trailing-whitespace - repo: https://github.com/psf/black rev: \u0026#39;\u0026#39; hooks: - id: black - repo: https://github.com/pre-commit/mirrors-mypy rev: \u0026#39;\u0026#39; hooks: - id: mypy additional_dependencies: [ ] (project) kk:project kris$ pre-commit install pre-commit installed at .git/hooks/pre-commit Pre-commit is running mypy and black, but in a separate environment, so it will be installed again, elsewhere, and we will also need to declare our mypy dependencies here again, unfortunately.\nOn the other hand, all our Python will be type-checked and blacken\u0026rsquo;ed automatically on commit.\n(project) kk:project kris$ cat probe.py #! /usr/bin/env python import sys print(f\u0026#34;{sys.version}\u0026#34;) And here we go:\n(project) kk:project kris$ git add probe.py (project) kk:project kris$ git commit -m \u0026#39;testing\u0026#39; Check Yaml...........................................(no files to check)Skipped Fix End of Files.........................................................Passed Trim Trailing Whitespace.................................................Passed black....................................................................Passed mypy.....................................................................Passed [master (root-commit) c7734e4] testing 1 file changed, 5 insertions(+) create mode 100755 probe.py Now, I usually collect additional project dependencies in requirements.txt and freeze them into requirements-frozen.txt for deployment into a Python Container.\nFor example, in one project:\n(bridge) kk:bridge kris$ cat requirements.txt paho-mqtt influxdb (bridge) kk:bridge kris$ cat requirements-frozen.txt paho-mqtt==1.5.0 influxdb==5.3.0 ## The following requirements were added by pip freeze: certifi==2020.4.5.1 chardet==3.0.4 idna==2.9 msgpack==0.6.1 python-dateutil==2.8.1 pytz==2020.1 requests==2.23.0 six==1.15.0 urllib3==1.25.9 (bridge) kk:bridge kris$ cat Dockerfile FROM python:3.8-alpine LABEL maintainer=\u0026#34;isotopp\u0026#34; \\ description=\u0026#34;MQTT to InfluxDB Bridge\u0026#34; COPY requirements-frozen.txt /tmp/requirements.txt RUN pip install -r /tmp/requirements.txt COPY . /app WORKDIR /app CMD [ \u0026#34;python3\u0026#34;, \u0026#34;-u\u0026#34;, \u0026#34;bridge.py\u0026#34; ] This is part of a larger deployment in a docker-compose.yml then:\n--- version: \u0026#34;3\u0026#34; services: ... bridge: build: \u0026#34;./bridge\u0026#34; image: \u0026#34;isotopp/mqttbridge\u0026#34; container_name: \u0026#34;mqttbridge\u0026#34; hostname: \u0026#34;mqttbridge\u0026#34; user: \u0026#34;1000\u0026#34; depends_on: - \u0026#34;influxdb\u0026#34; - \u0026#34;mosquitto\u0026#34; restart: \u0026#34;always\u0026#34; ... ","date":"2020-06-29T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/29/how-i-set-up-my-python.html","tags":["lang_en","python","development"],"title":"How I set up my Python"},{"categories":null,"content":"Da war also ein Artikel bei Golem: Schulen bemühen sich vergeblich um Geld aus dem Digitalpakt .\nDie Schulen wollten das Geld nutzen, die Mittel würden aber trotz vieler Einreichungen nicht freigegeben, sagte ein Lehrer und IT-Verantwortlicher eines Berliner Gymnasiums Golem.de.\nDas liege daran, sagt der Artikel, daß für Mittel aus dem Digitalpakt eine Minimal-Ausstattung und Anbindung der Schulen gefordert ist, die so oft nicht realisierbar sei. Außerdem\nAuf kommunaler Ebene der Schulträger gebe \u0026ldquo;es kaum IT-Kompetenz. Die Gebäude sind marode, insbesondere die Verkabelung. WLAN scheiterte an 100 MBit/s-Verkabelung und überlasteten Stromkreisen für Power-over-Ethernet-Switches\u0026rdquo;.\nDie Lehrer an den Schulen würden gefragt, wo Accesspoints aufgehängt werden sollen, wüssten aber keine Antwort, weil sie dafür nicht ausgebildet seien.\nDas ist in der Tat ein Problem 1 2 . Was soll eine Schule auch machen, wenn nicht gewisse Grundvoraussetzungen erfüllt sind?\nDamit man mit Notebooks, Tablets oder Chromebooks an einer Schule arbeiten kann, braucht man Strom an jedem Tisch. Den gibt es in deutschen Schulen in der Regel nicht. Aber auch für essentielle Hardware wie Wi-Fi-Accesspoints, Switches oder elektronische Tafeln fehlt es an Anschlüssen.\nWi-Fi für viele Clients baut man nicht wie daheim, indem man irgendwo einen AP hinklatscht. Man muß eine Ausleuchtungsanalyse machen, Positionen von APs planen, Sendeleistungen und Frequenzen wählen. Man braucht vermutlich einen AP pro Klassenraum, mit gut gewählten Frequenzen und radikal runtergedrehter Sendeleistung, damit er die Nachbar-APs in den Nebenräumen und darüber/darunter nicht stört.\nAusleuchtungsanalyse einer Privatwohnung vor der Optimierung\nKabel müssen zu den APs führen, denn es ist aussichtslos, den Backhaul für große Schülerzahlen über Wi-Fi zu machen. Die Kabel müssen GBit-Kabel sein, bei modernen APs braucht es deren zwei pro AP. Die APs brauchen Strom, in der Regel Power-over-Ethernet (PoE). Für PoE brauchen die Switches viel Strom, denn sie speisen die APs. Das heißt, sie brauchen Kühlung oder zumindest einen geeigneten Rechnerraum. Dort würde man auch den Breitbandanschluß der Schule terminieren.\nFür eine Schule mit einer drei- oder vierstelligen Anzahl Schüler tut DSL nicht, man muß Glas legen - ein oder besser zehn GBit symmetrisch, je nachdem was geplant ist.\nJetzt kann man anfangen, ein Technik- und Medienkonzept für die Schule zu machen: Tablets oder Chromebooks? Lokaler Server oder Cloud? Webfilter oder Walled Garden? Whiteboards oder Android-eTafeln? Google Edu oder was eigenes? Welche Schulbuchanbieter haben statt Büchern HTML?\nDas ist alles nicht einfach und dauert locker zwei Jahre für die Einführung und zehn Jahre zur Perfektionierung.\nMan hätte 2010 anfangen müssen. An jeder einzelnen Schule - es gibt davon mehr als 30.000 in Deutschland, die Hälfte davon Grundschulen.\nSo, jetzt nehmen wir mal an, wir haben eine solche Schule - Glas 10 Gbit symmetrisch, Strom an den Tischen, Wi-Fi pro Raum, und Monitor-Tafelsystem.\nJetzt Schüler ausrüsten. Wie kriegt man das hin, daß man möglichst flexibel ist, die Schüler keine Daten verlieren können und man dabei nicht arm wird? Wir brauchen Hardware in großer Stückzahl, also mit geringen Stückkosten.\nDie Hardware muß robuste Software haben und keinen Ärger machen, wenn sie mal kaputtgeht. Daten müssen zentral gespeichert werden, nicht im Gerät - public oder private Cloud. Eine Terminal-Lösung (VNC auf einen Schulserver) wäre denkbar - verschwendet aber die Rechenleistung im Schoß, belastet das Netz mehr und ist nicht gut portabel nach Hause.\nDie Hardware ist idealerweise nicht an den Schüler gebunden: Wenn mal was ist, gibt man dem Schüler irgendein anderes Gerät und er kann dann ohne Unterbrechung weiter arbeiten. Es sind Kinder und es ist eine Schule, mit Schwund ist zu rechnen.\nDie Rechner müssen vor Ort einfach zu warten sein, durch Personal mit minimaler Ausbildung. Das heißt, langwierige Installationsprozeduren scheiden aus. \u0026ldquo;Einen Resetknopf länger als 40s drücken und das Gerät setzt sich auf einen durch Secure Boot verifizierten Grundzustand zurück und kann dann einem beliebigen Schüler gegeben werden\u0026rdquo; ist ungefähr der Gipfel dessen, was vor Ort geleistet werden kann.\nChromebooks leisten genau das. Billige Geräte mit Tastatur und optional Touchscreen, die durch \u0026ldquo;Powerwash\u0026rdquo; in den verifizierten Bootzustand versetzt werden können, und die - daher der Name - direkt in ein glorifiziertes Chrome booten. Dort landet man dann in Google Edu, also \u0026ldquo;Google Office für Schulen plus einen OAuth2 Identity Provider für Drittanbieter\u0026rdquo;. Diese Drittanbieter, die Bildungspartner und Schulbuchverlage, haben so eine definierte Plattform (Browser, HTML, CSS, JS), gegen die sie entwickeln können und bekommen den Zugang über OAuth2 verifiziert hin, ohne daß unnötig personenbezogene Daten übermittelt werden.\nIn der Tat ist es in so einem Setup für den Schulbetrieb weitgehend egal, ob Corona ist oder nicht: Einer Cloud-Schule, die die Server nicht auf dem Schulcampus hat, ist es Wurst, von wo die Schüler connecten.\n\u0026ldquo;Aber die Datenkraken!\u0026rdquo;\nLeute, es gibt einen Haufen von Prüfungen und Zertifizierungen für diesen Kram. Google hat sie alle, und erneuert die jährlich. Auch die Bildungspartner können das tun. Wenn Ihr dann noch Bedenken habt, unterstellt Ihr, daß dieser ganze Zertifizierungskram nutzlos ist.\nDas kann man machen. Aber damit das konstruktiv ist, sollte man dann benennen, was genau fehlt - also, was die Bedrohung ist, wie die nicht geprüft wird, und was der Schaden ist, wenn die Bedrohung eintritt. Dann - nur dann - ist Weiterentwicklung möglich.\nTut man das nicht, sagt man im Grunde nur \u0026ldquo;Ich verstehe diesen Neumodischen Scheiß™ nicht und wünschte, es wäre noch 1990.\u0026rdquo; Kann man machen, aber dann lebt man eine Generation in der Vergangenheit und nicht im Jetzt.\nDas ist kein haltbarer Zustand, wenn es um die Ausbildung der kommenden Generation geht. So gar nicht.\n\u0026ldquo;Ja, sollen wir da nicht was Eigenes entwickeln?\u0026rdquo; Kann man machen. Das hätte 2010 sogar Sinn gehabt. Aber inzwischen ist es wichtiger, was zu machen, als da noch lange irgendwelche Leuchttürme zu subventionieren und zu warten, bis die mit dem Verprassen der Steuergelder fertig sind, bevor man dann doch zu Google geht.\n\u0026ldquo;Ja, und dann?\u0026rdquo; Ich lebe als Deutscher in den Niederlanden und habe ein 10-jähriges Kind in der Group 6 (der 4. Klasse) an einer niederländischen Basisschool. Durch das Lehrkonzept hier (Google Edu, Wi-Fi-Chromebook Klassen) kann ich aus eigener Erfahrung sagen, daß der Drill (NL: \u0026ldquo;geautomatiseerd\u0026rdquo;) etwa beim Kopfrechnen komplett an Webseiten übergeht. Statt Eckenrechnen, Kopfrechen-Stafetten, und anderen Klassenspielen, die den Lehrer binden, haben die Kinder Zugriff auf programmierte Unterweisungen und casual games, die die zu drillenden Fertigkeiten einüben. \u0026ldquo;Löse einfache Kopfrechenaufgaben\u0026rdquo; oder \u0026ldquo;Rechtschreibaufgaben\u0026rdquo; um Space Invaders abzuwehren und ähnlich.\nGynzi Kids ist ein Anbieter von Lehrspielen und Casual Games mit Ausbildungshintergrund, der an der Schule verwendet wird.\nDie Kinder lernen und üben Dinge so, wie sie ihnen Spaß machen, überspringen Einheiten oder machen sie in anderer Reihenfolge. Das ist nicht immer konfliktfrei: Der Sohn hat zum Beispiel alle Geld-Rechenaufgaben (Wechseln, Herausgeben, passend Zahlen) ausgelassen, denn \u0026ldquo;das habe ich ja schon im deutschen Mathebuch gelernt\u0026rdquo;. Aber die Klassenlehrerin hat sich auf die Übungsstatistiken in der Mathe-Website verlassen und nicht nachgefragt, und dann gab es Streit über die Note. Das hat sich mündlich schnell geklärt, aber auch hierzulande müssen alle Parteien den korrekten Umgang mit den Tools noch einüben.\nDie Rolle des Lehrers verändert sich jedoch sehr, weil sie sich viel mehr vom Drillen und dem Frontalunterricht auf das individuelle Coaching verlagert hat. Das merkt man auch bei den Elterngesprächen (heute abend war eines, in Google Meet), bei denen beide Klassenlehrkräfte sehr detailliert die Schwächen und Stärken des Kindes ansprechen und konkret belegen können, was gut geht, was nicht, wo sich seit dem letzten Mal was verbessert hat.\nDas ist sehr spannend, weil für uns Deutsche sehr ungewohnt - die Lehrer haben Zeit und offenbar auch die Muße, sich um solche Dinge zu kümmern, weil der ganze manuelle Papierkram und der Drill keine Arbeit mehr macht.\nDabei werden schon in der Grundschule Medienkompetenz und später selbstständiges Arbeiten traininiert.\nWebsite von NOS Jeugdjournaal\nDas geht los mit dem gemeinsamen Durchsehen von Nachrichten auf De Daag Vandaag oder dem NOS Jeugdjournaal und dem Darüber-Reden. Dabei kommt das Gespräch ganz von selbst auf \u0026ldquo;Was in der Welt passiert\u0026rdquo;, aber auch auf \u0026ldquo;Wo kommen Meldungen her?\u0026rdquo; und \u0026ldquo;Was ist wahr? Was ist wichtig?\u0026rdquo;.\nAb diesem Schuljahr kommt dann noch die Werkstuckken dazu, Aufsätze, für die selbstständig zu recherchieren ist, für die eine Gliederung gemacht werden muß und die mit Inhalten gefüllt werden müssen - und die dann am Ende auch in eine Präsentation umgewandelt werden müssen. Dabei legt die Schule großen Wert darauf, daß die Kinder zwar Anleitung zur Recherche und zur Quellenbewertung erhalten, die Arbeit aber selbstständig leisten.\nDie Schule, auf der unser Kind ist, macht außerdem noch Kanjertraining , also vermittelt einen Katalog von Verhaltensweisen mit Bewertung zum Umgang mit Konfliktsituationen, Kommunikationsverhalten und anderen Dingen aus diesem Themenkomplex. Das eröffnet den Kindern\neine Taxonomie von Verhaltensweisen: \u0026ldquo;Wenn wir uns streiten, gibt es mehrere Arten, wie Menschen Konflikte austragen\u0026rdquo; ein Vokabular zur Erkennung und Benennung von Gefühlen, Situationen und Ursachen Bewertungen \u0026ldquo;Konflikte gibt es immer wieder, aber es gibt valide und nicht valide Wege, sie auszutragen\u0026rdquo; und ein größeres Verhaltensrepertoire zum Umgang mit Konflikten \u0026ldquo;Wenn wir uns streiten, können wir erst mal versuchen herauszufinden, was unstrittig ist, und worum es uns geht, also was jeder im Idealfall als Ergebnis sehen will. Dann sehen wir besser, was wir klären müssen.\u0026rdquo; Dem Kind wird dadurch Zugang zum Selbst durch bewußte Reflektion ermöglicht. Es kann seine eigenen Verhaltensweisen erkennen, benennen, und versuchen sie zu verändern. Das macht er auch ganz gut, und man sieht, wie er bei der Sache Spaß hat.\n","date":"2020-06-23T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/23/schulen-digitalisieren.html","tags":["lang_de","bildung","schnuppel","politik"],"title":"Schulen digitalisieren"},{"categories":null,"content":"Two questions from Reddit\u0026rsquo;s /r/mysql related to Window Functions: How do I make row.numbers happen and Get the difference between two values in different recordings .\nOne of the new things in MySQL is the implementation of Window Functions. They are related to aggregates, but do not actually lump values together.\nTo better understand what goes on, let\u0026rsquo;s create some fake data to work with:\n#! /usr/bin/env python3 # -*- coding: utf-8 -*- import MySQLdb as mdb import MySQLdb.cursors as cursors from datetime import datetime, timedelta from random import randint, random # We have {sensors} sensors, each producing {values} values # between {minvalue} and {maxvalue}, at a random time after {starttime} plus {delta} sensors = 3 values = 10 minvalue = 0 maxvalue = 10 starttime = datetime.fromisoformat(\u0026#34;2020-01-01 00:00:00\u0026#34;) delta = timedelta(days=31) script = [ \u0026#34;drop table if exists series\u0026#34;, \u0026#34;create table if not exists series ( id serial, sensor integer not null, checktime timestamp not null, value float )\u0026#34;, ] con = mdb.connect( host=\u0026#34;localhost\u0026#34;, user=\u0026#34;root\u0026#34;, db=\u0026#34;kris\u0026#34;, cursorclass=cursors.DictCursor ) cur = con.cursor() # Create a table for stmt in script: cur.execute(stmt) print(f\u0026#34;{cur._last_executed}\u0026#34;) con.commit() # insert values insert_stmt = \u0026#34;insert into series values ( %s, %s, %s, %s)\u0026#34; for s in range(0, sensors): print( f\u0026#34;Sensor {s}: {values} measurements ({minvalue}, {maxvalue}), ({starttime}, {starttime+delta}).\u0026#34; ) for i in range(0, values): value = random() * maxvalue + minvalue t = starttime + timedelta(days=randint(0, delta.days)) data = (None, s, t, value) cur.execute(insert_stmt, data) con.commit() This will create test data for a number of fictional sensors sensors. For each sensor, there will be values many readings with a random float value between minvalue and maxvalue. The sensor readings will be taken at a random point in time between starttime and delta days later. In our sample config, that is 3 sensors with 10 readings each, values between 0 and 10, at some random point in time in January 2020.\nWe get data similar to this:\nroot@localhost [kris]\u0026gt; select * from series; +----+--------+---------------------+----------+ | id | sensor | checktime | value | +----+--------+---------------------+----------+ | 1 | 0 | 2020-01-12 00:00:00 | 9.72828 | | 2 | 0 | 2020-01-09 00:00:00 | 3.59015 | | 3 | 0 | 2020-01-24 00:00:00 | 0.701136 | … | 11 | 1 | 2020-01-27 00:00:00 | 9.64586 | | 12 | 1 | 2020-01-25 00:00:00 | 6.19484 | | 13 | 1 | 2020-01-15 00:00:00 | 2.18511 | … | 28 | 2 | 2020-01-02 00:00:00 | 1.36718 | | 29 | 2 | 2020-01-03 00:00:00 | 2.71718 | | 30 | 2 | 2020-01-20 00:00:00 | 5.86109 | +----+--------+---------------------+----------+ 30 rows in set (0.00 sec) We could group this data, for example by sensor. The database would then make piles for each sensor value, and we could apply aggregate functions to each pile:\nroot@localhost [kris]\u0026gt; select sensor, -\u0026gt; count(value) as count, -\u0026gt; min(value) as min, -\u0026gt; max(value) as max, -\u0026gt; avg(value) as avg -\u0026gt; from series -\u0026gt; group by sensor; +--------+-------+----------+---------+-------------------+ | sensor | count | min | max | avg | +--------+-------+----------+---------+-------------------+ | 0 | 10 | 0.065623 | 9.72828 | 4.031341724842787 | | 1 | 10 | 1.16093 | 9.64586 | 5.11824003458023 | | 2 | 10 | 1.36718 | 9.90121 | 5.031034636497497 | +--------+-------+----------+---------+-------------------+ 3 rows in set (0.00 sec) Window Functions work similarly, but they do not make piles. They work by defining partitions over the data, and then walking through each partition, resetting the window functions applied at each partition boundary.\nAs with GROUP BY, when leaving out a partitioning the entire table is taken as one:\nroot@localhost [kris]\u0026gt; select id, sensor, row_number() over () from series; +----+--------+----------------------+ | id | sensor | row_number() over () | +----+--------+----------------------+ | 1 | 0 | 1 | | 2 | 0 | 2 | | 3 | 0 | 3 | … | 28 | 2 | 28 | | 29 | 2 | 29 | | 30 | 2 | 30 | +----+--------+----------------------+ 30 rows in set (0.00 sec) The id is stored, the row_number() is generated. Let\u0026rsquo;s add a partitioning by sensor number and re-run the command:\nroot@localhost [kris]\u0026gt; select id, sensor, -\u0026gt; row_number() over (partition by sensor) as r -\u0026gt; from series; +----+--------+----+ | id | sensor | r | +----+--------+----+ | 1 | 0 | 1 | | 2 | 0 | 2 | | 3 | 0 | 3 | … | 10 | 0 | 10 | | 11 | 1 | 1 | | 12 | 1 | 2 | | 13 | 1 | 3 | … | 20 | 1 | 10 | | 21 | 2 | 1 | | 22 | 2 | 2 | | 23 | 2 | 3 | … | 30 | 2 | 10 | +----+--------+----+ 30 rows in set (0.00 sec) By defining partition boundaries at sensor value changes with PARTITION BY sensor, the row_number() counter is reset each time the sensor value changes. Within each partition, we can order the values as we wish. Using the same statement as before, but ordering the values by id in reverse, we get\nroot@localhost [kris]\u0026gt; select id, sensor, -\u0026gt; row_number() over (partition by sensor order by id desc) as r -\u0026gt; from series; +----+--------+----+ | id | sensor | r | +----+--------+----+ | 10 | 0 | 1 | | 9 | 0 | 2 | | 8 | 0 | 3 | … | 1 | 0 | 10 | | 20 | 1 | 1 | | 19 | 1 | 2 | | 18 | 1 | 3 | … | 11 | 1 | 10 | | 30 | 2 | 1 | | 29 | 2 | 2 | | 28 | 2 | 3 | … | 21 | 2 | 10 | +----+--------+----+ 30 rows in set (0.01 sec) Note that the OVER () clause is written as a field. Different windows and hence different partitions and orderings can be defined concurrently.\nroot@localhost [kris]\u0026gt; select id, sensor, row_number() over (partition by sensor order by id desc) as r, row_number() over (order by id desc ) as rr from series order by id; +----+--------+----+----+ | id | sensor | r | rr | +----+--------+----+----+ | 1 | 0 | 10 | 30 | | 2 | 0 | 9 | 29 | | 3 | 0 | 8 | 28 | … | 10 | 0 | 1 | 21 | | 11 | 1 | 10 | 20 | | 12 | 1 | 9 | 19 | … | 29 | 2 | 2 | 2 | | 30 | 2 | 1 | 1 | +----+--------+----+----+ 30 rows in set (0.00 sec) Most aggregate functions can be used with OVER() clauses, among them not only AVG() and the other statistics functions, but also JSON_ARRAYAGG() and JSON_OBJECTAGG(). On top of that a number of window-specific functions have been defined, as listed in Window Function Descriptions in the manual. Among these are RANK() and DENSE_RANK() , as well as LAG() and LEAD(), which refer to the value next or preceding the current row.\nWe can already answer the question about row numbers now, and better than before MySQL 8 (differently here ). These methods are outdated and should no longer be used.\nWe have shown above already how to produce global row numbers and row numbers per sensor. We can also quite easily run a topK query, for example \u0026ldquo;show me the three smallest values per sensor\u0026rdquo;:\nroot@localhost [kris]\u0026gt; select * from ( -\u0026gt; select sensor, -\u0026gt; value, -\u0026gt; rank() over (partition by sensor order by value) as svrank -\u0026gt; from series -\u0026gt; ) as t -\u0026gt; where svrank \u0026lt; 4; +--------+----------+--------+ | sensor | value | svrank | +--------+----------+--------+ | 0 | 0.065623 | 1 | | 0 | 0.701136 | 2 | | 0 | 1.87906 | 3 | | 1 | 1.16093 | 1 | | 1 | 2.18511 | 2 | | 1 | 3.83464 | 3 | | 2 | 1.36718 | 1 | | 2 | 1.8867 | 2 | | 2 | 2.71718 | 3 | +--------+----------+--------+ 9 rows in set (0.01 sec) We need a subquery here, because according to the manual :\nQuery result rows are determined from the FROM clause, after WHERE, GROUP BY, and HAVING processing, and windowing execution occurs before ORDER BY, LIMIT, and SELECT DISTINCT.\nSo if we want to filter on the result of a window function like rank, we need to take our result from an inner query and then apply the filter in an outer query.\nTo answer the second Reddit question , we need to use LAG() and LEAD(). With them we can also process differences between two adjacent rows in the same partition:\nroot@localhost [kris]\u0026gt; select id, -\u0026gt; sensor, -\u0026gt; checktime, -\u0026gt; value, -\u0026gt; lag(value) over (partition by sensor order by checktime) - value as delta -\u0026gt; from series -\u0026gt; order by sensor, checktime; +----+--------+---------------------+----------+----------------------+ | id | sensor | checktime | value | delta | +----+--------+---------------------+----------+----------------------+ | 9 | 0 | 2020-01-04 00:00:00 | 9.20321 | NULL | | 5 | 0 | 2020-01-06 00:00:00 | 4.63966 | 4.56355619430542 | … | 3 | 0 | 2020-01-24 00:00:00 | 0.701136 | 1.7513115406036377 | | 20 | 1 | 2020-01-03 00:00:00 | 5.3703 | NULL | | 17 | 1 | 2020-01-07 00:00:00 | 6.00236 | -0.6320672035217285 | … | 14 | 1 | 2020-01-31 00:00:00 | 3.83464 | 0.11126899719238281 | | 28 | 2 | 2020-01-02 00:00:00 | 1.36718 | NULL | | 25 | 2 | 2020-01-03 00:00:00 | 4.10965 | -2.742463231086731 | … | 22 | 2 | 2020-01-30 00:00:00 | 1.8867 | 8.014503359794617 | +----+--------+---------------------+----------+----------------------+ 30 rows in set (0.00 sec) We define a partition by sensor, and process values in each partition in temporal order (we generated our fake sensor data in random temporal order within a time window). We calculate the difference between the current value and the lagging (following) value as delta.\nThe way we have written the delta calculation highlights a pecularity of the syntax: The expression for the preceding value is not LAG(value), it is lag(value) over (partition by sensor order by checktime). We have to put the different - value behind the full window expression, not into the middle of it: lag(value)-value over (partition by sensor order by checktime) as delta yields a syntax error.\nroot@localhost [kris]\u0026gt; select id, sensor, checktime, value, lag(value)-value over (partition by sensor order by checktime) as delta from series order by sensor, checktime; ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \u0026#39;-value over (partition by sensor order by checktime) as delta from series order \u0026#39; at line 1 Because OVER() expressions can become quite unwieldy (especially if you also define frames - not explained here - in them), they can be named and put into the select-statement at a place behind the FROM clause.\nThis gives us\nroot@localhost [kris]\u0026gt; select id, -\u0026gt; sensor, -\u0026gt; checktime, -\u0026gt; value, -\u0026gt; lag(value) over w - value as delta -\u0026gt; from series -\u0026gt; window w as (partition by sensor order by checktime); +----+--------+---------------------+----------+----------------------+ | id | sensor | checktime | value | delta | +----+--------+---------------------+----------+----------------------+ | 9 | 0 | 2020-01-04 00:00:00 | 9.20321 | NULL | | 5 | 0 | 2020-01-06 00:00:00 | 4.63966 | 4.56355619430542 | … as a different syntax with the same result. It is possible to define more than window, as long as they have different window names, and it is possible for a window to be referred to zero or more times.\nThe Manual on Windows Functions .\n","date":"2020-06-21T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/21/mysql-window-functions.html","tags":["lang_en","mysqldev","mysql","erklaerbaer","reddit"],"title":"MySQL Window Functions"},{"categories":null,"content":"A question from Reddit\u0026rsquo;s /r/mysql:\nReally new to MySQL and had a request to export an entire database to csv for review. I can manually export each table using workbench but there are 10+ tables and 10+ databases so I was looking to export the entire database to csv.\nIt is likely that you have additional requirements on top of this, so it would be best to script this in a way that would allow for customization.\nTry this piece of Python 3.7 (or better) as a starting point. It requires mysqlclient to be installed with pip (preferrably in a venv).\n#! /usr/bin/env python # -*- coding: utf-8 -*- # pip install mysqlclient (https://pypi.org/project/mysqlclient/) import MySQLdb import csv # connect to database, set mysql_use_results mode for streaming db_config = dict( host=\u0026#34;localhost\u0026#34;, user=\u0026#34;kris\u0026#34;, passwd=\u0026#34;geheim\u0026#34;, db=\u0026#34;kris\u0026#34;, ) db = MySQLdb.connect(**db_config) # Default is db.store_result(), which would buffer the # result set in memory in the client. This won\u0026#39;t work # for a full table download, so we switch to streaming # mode aka db.use_result(). That way we keep at most # one result row in memory at any point in time. db.use_result() # Get a list of all tables in database tables = db.cursor() tables.execute(\u0026#34;show tables\u0026#34;) # for each table, dump it to csv file for t in tables: table = t[0] print(f\u0026#34;table = {table}\u0026#34;) data = db.cursor() data.execute(f\u0026#34;select * from `{table}`\u0026#34;) with open(f\u0026#34;{table}.csv\u0026#34;, \u0026#34;w\u0026#34;) as csvfile: w = csv.writer(csvfile) w.writerows(data) Then customize as needed.\nNote: Using db.use_result() normally is not recommended, because it puts additional burden on the database when handling your result set, and because you cannot jump back and forth in the result set in the client.\nFor a mysqldump-like usage as here, the default db.store_result() won\u0026rsquo;t work, though, because it downloads the result set (here: entire tables) into client memory, one at a time, and that won\u0026rsquo;t work. So in this particular case, db.use_result() is mandatory.\nIn mysqldump, the option --quick switches to streaming mode, and it is part of the --opt set of recommended options, and they are enabled by default. When using mysqldump --skip-quick, buffered mode is used (and your mysqldump will explode due to memory buffering requirements).\n","date":"2020-06-20T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/20/export-the-entire-database-to-csv.html","tags":["lang_en","mysqldev","mysql","erklaerbaer","reddit"],"title":"Export the entire database to CSV"},{"categories":null,"content":"An older talk from 2 years ago, which for some reason I was not able to find in the blog.\nFor reasons that do not need exploration at this junction, I had to explain Processes and Process Maturity some time ago, and a colleague asked me to put my thinking into a talk. This talk is likely going to be boring, because you may know most of the subject already. On the other hand, it is good to be on the same page when it comes to models and vocabulary.\nProjects, and Deliverables You want a pizza. What is pizza?\nA deliverable: A defined product delivered at a deadline.\nPizza is a project. Projects have a deliverable (a defined product) that is available at a certain deadline, latest. So, \u0026ldquo;a Margherita within the next 20 minutes\u0026rdquo; is a project.\nPizza as a project\nIf you phone up a Pizza, you are outsourcing: You offer money for Pizza as a Service. On the other hand, the shop is delivering Pizza as a Service. How are they able to do that?\nRepeated demands and Processes They need a Pizza Delivery Process to be able to pull that off repeatedly and reliably, at a projected cost and speed. We get processes because we have “A regular demand on an organization, and the organization wants the capability to handle the repeated demand in a predictable fashion.”\nWhy process?\nIf something is a one-off, you will not get a process and you should not. Instead, it is “individual heroics.” If something is done a second or a third time, it’s probably time to make it official. You put it on the service catalog, you plan for it, and you create a structure in your org around it.\nIn the end, it can look like this:\nCMMI for services, Service Delivery (pretty much the same as ITIL SD)\nCMMI for services 1.3 creates a set of processes interacting to build a structure for service delivery. It looks complicated, but it’s not.\nThere is the customer, and service delivery delivers. Things may go wrong, and that is an incident such as the oven being on fire. Incident Resolution takes care of that.\nThe Strategic Service Management looks at how we set up the kitchen, and what goes on the menu — the production process.\nService Development thinks up the way the kitchen is structured and works, and Service Transition makes sure the kitchen is being built and that cooks and servers are trained.\nThe Incident Resolution in ITIL has deeper structure, looking at larger scale problems that can be extracted from individual services, and interacts with the Service Transition in Change Management.\nNothing here deals with billing, that would be service management — contracts for supplies, subscriptions, catering for events or individual pizza sales, and quality control (complaints).\nWhat we build here could be a single pizzeria, but also a chain that deals with Pizza at a scale.\nPDCA: Plan, Do, Check, Act The ideal outcome of proper process\nWhen you perform a process, you are in a cycle. The stages of the cycle are named differently, depending on your management ideology, but it’s always a planning stage, a doing stage (“a sprint” in Agile), and a stage where you look back at how things work and what we can learn (“a retrospective” in Agile, “Check” in PDCA). Then you implement potential improvements (“Act” in PDCA ).\n\u0026ldquo;Continuous Improvement\u0026rdquo; goes by many names\nNo matter what you call these things, these cycles form the bones of a continuous improvement process.\nThings to look at when improving From closest to furthest, looking at product and process.\nChecking can be done by continually distancing yourself from the product and the process.\nSo the closest way of looking at a thing is checking for compliance: Are we following the recipe? If not, maybe we should fix that.\nThen you can ask yourself if that recipe is the most efficient way of getting the result. Are there other ways of getting the same outcome, in which we need fewer resources or can do it faster, with fewer people or less training?\nThen, is the recipe effective? That is, is the Pizza any good? If not, can we fix that?\nAnd finally, is the process still applicable? There is little point to having a Pizza Process in an Artisanal Burger Shop, is there?\nChange is a Meta-Project After the retrospective, the checking, we have a list of changes. How do we implement them?\nThat, in itself, is a meta-project: We want to change the recipe (adjust the written documentation), and the minds of the people (training them to follow the new recipe), then test that the change happened. And we want to have done that by $DEADLINE.\nSo processes spawn meta-projects to change themselves.\nChange is a Meta-Project. It has deliverables, and a deadline.\nWe always need to take all three pillars into account:\nThere is always an organization, with roles that have defined tasks, skills, and that need staffing.\nThere are people that staff the roles. They need training to get the skills they need and to understand the specific tasks they are supposed to perform.\nFinally, there is the Tech that is supposed to support People to perform their roles. Usually, Tech is the least important thing in a process – it is easy to scale, quicker to adjust than people, and is always a supporting role for people doing the work.\nAre we good at processes? So on a scale of 1-5 , how good are we at a thing?\nSuppose you are a Pizzeria, and you are superb at Pizza as a Service. Now somebody comes in and wants Spaghetti. Bologna, of all things. You happen to have the noodles, and you have the sauce, because of the Pizza of the same style you serve.\nSo, you make it. You just went from 0 to 1: \u0026ldquo;Not Performed\u0026rdquo; to \u0026ldquo;Individual Heroics\u0026rdquo; – doing a one-off. That was a success!\nGetting Noodles as a Service.\nThe next level would be 2: \u0026ldquo;Planned \u0026amp; Tracked.\u0026rdquo; That means it’s on the menu. You buy noodles, train the servers and the cooks (plan performance), you track noodle dish popularity, and customer satisfaction.\nThen you get a pasta section on the menu: Level 3 – you have a standard noodle process next to your pizza process, and you derive individual noodle dishes from that by adjusting the noodle process.\nLevel 4 - \u0026ldquo;Quantitative Tracking,\u0026rdquo; is the next step. You start to measure, and compare. Or want to, but that is not possible for one-offs, you need iterations. It’s also not possible for rare things because statistics need large numbers, and you don’t even know what the relevant numbers are when you start out.\nIt’s also not possible when you are in hyper-growth. Each iteration will be very different from the previous iteration — if you grow 10x, the process to achieve the same deliverables is too different from the previous iterations for meaningful comparison.\nAnyway, we now track Pizza and Pasta properly, across all of our outlets in our global Italian Fast Food chain, account for regional differences (“Calzone Hutspot” does seem to be popular only in the Netherlands, and is frowned upon in Italy, for example) and we take that into account.\nInvesting time and money to get things right Finally, you get a continuous improvement process that tracks change quantitatively and has the appropriate controls to make change accessible to management.\nSo where do we invest when we care about improvement?\nWhere to put money and time for improvement?\nWe have to sort processes by Criticality, obviously, to make important things better. We also sort by Maturity – no need to invest into things that are already in good shape. And then we decide how much we can and should spend, and where.\nMaybe we give up Pizza production, and outsource ourselves, or just pre-products and reduce our capability to assembly.\nMust be at least this tall to successfully outsource.\nIn any case, that will fail, if we and our partner are below level 4, each, in process maturity. Without a shared understanding of the deliverable and the relevant metrics, there is no common understanding of what is being sold or bought, and a lot of pain and finger pointing will be the result.\nThat is, without a proper process maturity, you need to do stuff yourself, no matter what. You can\u0026rsquo;t outsource new or rare things because you don\u0026rsquo;t understand them yet. You can\u0026rsquo;t outsource things that grow very quickly because they change from growth alone so much that you cannot afford the administrative barrier between business and execution.\nAnd without having a set of well-understood snd tested quantitative metrics that both sides of the outsourcing relationship agree on, it is going to be tough to have a useful discussion about the quality of the services rendered. Only mature and somewhat stagnating businesses can be outsourced.\n","date":"2020-06-15T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/15/pizza-people-projects-and-processes.html","tags":["lang_en","devops","erklaerbaer"],"title":"Pizza, People, Projects and Processes"},{"categories":null,"content":"I was asking on Twitter:\nAre you a Developer and understand (Micro-) Services? I am a database person and a bit simple, and I have a genuine Question:\nWhen moving to a services architecture, where do the JOINs go?\nI gave the following context:\nA simple shop\nSo you sell stuff, that is, you have an orders table o with an oid, which stores a customer id cid from a customers c table, and an article id aid, from an articles table a and a count cnt.\n-- customer 17 ordered 3 45\u0026#39;s ? SELECT o.cnt, a.aid \u0026gt; FROM o JOIN c ON o.cid = o.cid \u0026gt; JOIN a ON o.aid = a.aid \u0026gt; WHERE c.cid = 17 = 3 45 When moving to services because you are a multibillion dollar enterprise, your customers, orders and articles can no longer fit into a single database, and there are other reasons to have an OrderService, CustomerService and ArticleService. You still want to ask something (OrderService?) about the number of 45\u0026rsquo;s that 17 ordered.\nWho do you ask? What does this do to connect the dots? How do you do reporting (\u0026ldquo;Show me all top 10 articles by country, zipcode digit 1 by week over the last 52 weeks\u0026rdquo;)?\nSo you reimplement join algorithms by hand in application code? Are there supporting tools? Do you reimplement data warehousing aggregations, too? If so, what tooling for reporting does exist, and how does that compare to eg existing tooling for data warehousing?\nI got… lots of answers, but now have even more questions.\nI was pointed to read up on \u0026ldquo;Self Contained Systems \u0026rdquo; and on \u0026ldquo;Designing Data-Intensive Applications \u0026rdquo;. I was pointed at Presto and that is awesome and completely insane at the same time.\nA 10.000 meter summary was given by Moritz Lenz :\nUsually they go into application code. You have to design the services to minimize the joins. Also, microservices often keep read-only copies of other data to minimize joins.\nFor reporting, you could have a big analytics DB that does the joins.\nIn your example, the order service might copy some details from the product service to know what\u0026rsquo;s shipped, and the customer name + address. These copies are read-only, and stay with the order even if the shipping addresses changes in the main customer service.\nThis is actually what a proper order application in a traditional database would do as well:\nThe order table most likely would be an orderlog table, and we would record not only the aid (keep the link to the source article) and cid, but would make copies of the price at the time of sale, the time of sale timestamp, and the address at the time of sale or the actual shipping address. Entries in the orderlog would stay there until fulfillment and maybe payment, and then can go from the OLTP system. We would also immediately emit a copy of the data that goes to our data warehouse as part of some kind of ETL setup.\nThere are multiple good things about this, which is why we are doing it like this in relational systems as well:\nThe OrderService can handle the order from all the data in the one single order event, because it contains all the relevant information for the most common purpose, fulfillment. This is most likely also all the information that we would put into the Event that feeds the data warehouse. Doing things this way keeps the size of our OLTP system bounded (for the same number of customers, articles and active orders, over an infinite amount of time, the system does not grow). The data lifecycle in the OLTP system is complete and we do not accrete an infinite amount of data - Data Warehouses do grow infinitely unless you drop after x years, OLTP system must not grow infinitely and if they do, they do contain a small DWH that struggles to get out.\nAnyway:\nTo map this onto a services design, we do ask the CustomerService and the ArticleService at the time of sale for the data necessary to make an order, and this is done by OrderService. These are two point lookups, and that is probably an okay thing to do manually at the application level. We also emit a pre-joined hierarchical structure equivalent to the orderlog entry (maybe some JSON?) onto an event bus (maybe a Kafka? ) where it is consumed by other services.\nThese event stream consumers work as materialization engines: They do have state, and modify it whenever they consume a relevant event. For example, we could have a continous query running in some engine that builds the aggregation I asked about from a stream:\nShow me all top 10 articles by country, zipcode digit 1 by week over the last 52 weeks\nThis reads almost directly like an Influx query. So this is a thing that you can answer from a stream.\nIf you have questions that arise at a later point in time, things become complicated without an image, though, because you are missing the start value. So the only option would be to start back in time at the big bang, and replay the event log for that new query, or to cut off at some other point in time and not have older data where possible.\nFor aggregations over intervals like in the example query above that is entirely possible: We work over individual weeks, going back a year and we either have data for older weeks or not. If not, we can still accurately determine weekly aggregates for newer weeks, because they are independent of each other.\nFor absolutes, totals and other sequentially dependent values you need some kind of calibration, if you can\u0026rsquo;t go back to the big bang - \u0026ldquo;how many 45\u0026rsquo;s did we ever sell\u0026rdquo; or \u0026ldquo;how much did 17 ever buy\u0026rdquo; can only be answered accurately if you have all the logs and the time to replay them from scratch. This quickly gets out of hand .\nAnd there is the problem that I still see (or not quite understand wrt to CQRS):\nSo if a service does not reign over a set of data, but it\u0026rsquo;s supposedly the authoritative data source for a thing where multiple copies can exist - how do you validate?\nThe authoritative source of the data is the event stream.\nI will have to check out the linked talk. I think I get hung up because this is what databases do:\nA database is a giant global persistent variable with a network interface. Datadir is full of schemas is full of tables is full of rows has multiple fields. We can stop all traffic to the database and make an image. That\u0026rsquo;s a backup.\nWe make changes to the database using grouped data modification language: transactions. Transactions are recorded in the binlog. We record and keep the binlog, and also the backups (and the binlog position we took the backups at).\nWe can roll back to an earlier image, and then replay the binlog to move forward again in time at will, but this is bounded in time (and disk space) by the amount of binlog we keep. So if we store backups and binlogs for 7 days, we can go back 7 days and roll forward again.\nIn a MySQL database with row based replication, the actual row events are even idempotent. We record \u0026ldquo;set x = 10\u0026rdquo;, not \u0026ldquo;x = x + 1\u0026rdquo;. We still can\u0026rsquo;t replay old binlogs over a newer image without constraints (this is a different discussion), but it does make things a lot more robust.\nIn fact, with RBR the actual row events with full row images are even reversible: we do not only get \u0026ldquo;set x = 10\u0026rdquo;, we do get \u0026ldquo;set x from 9 to 10\u0026rdquo;, and if the log were pure we could play it backwards and walk back in time step by step (this fails in reality in the general case, but again this is a different discussion).\nSo if you think of the database as a giant global variable that is modified in transactions, and as the binlog as a recording of these transactions in ideally reversible notation, then we can think of a services system as \u0026ldquo;that binlog on an event bus\u0026rdquo;, and as each of these services as a thing that builds materialized views (projections) of fragments of the total database and the total globalized state is gone, because it has become too big to maintain (We will see about that in a second).\nBut: You cannot realistically keep the log an indefinite amount of time. And even if you did, you cannot replay it from the Big Bang, because your recovery time would be unbounded. So there must be backups (images) associated with positions in the event stream, that allow individual services to reset and replay themselves. Or you demand that all questions are always sequentially independent and over fixed time windows so they can be starting up in the middle of an ongoing stream. Maybe that is even a reasonable restriction, it is in any case a useful classification for types of queries on a stream.\nBut there is also the problem of complicance/correctness/synchronisation: How do you show that for every event in your orderlog there is also an entry in the payment service that matches the order? Probably with some event reader that consumes both types of events, orders and payments. It would have to match one up with the other or alert if some order is being maintained as active for too long without finding a matching payment.\nAt some point in the evening I got into a chat with a colleague:\nL\u0026gt; You asked: Where do the Joins go? To the JoinDataService, obviously. Aka \u0026ldquo;Data Lake\u0026rdquo;. aka The Data Monolith that secretly underpins all the service shit.\nHe\u0026rsquo;s not wrong. The Hadoop in the end is the global state where all the events get joined together again and it produces a giant global image of the current and all past states. That is why the big data is big (and you can go back to the big bang, it just eats Megawatthours to do so.)\nAt some point I was like:\nK\u0026gt; I get the feeling that the answer is \u0026ldquo;we are looking at each event in a self-contained fashion. One event is one Transaction.\u0026rdquo; So an order event is self-contained and does not need to refer to other orders or other facts. It contains all data necessary to fulfull the order. It also means \u0026ldquo;Fuck you, reporting.\u0026rdquo; And that is where your data lake comes in.\nL\u0026gt; I wasn’t kidding.\nK\u0026gt; \u0026ldquo;Why is it called data lake?\u0026rdquo; \u0026ldquo;Because this is where we drown our problems in hardware and petabytes\u0026rdquo; Unfortunately, book keeping is stateful and cannot look at individual orders, it is all about aggregation. I also get the feeling that is where the blockchain bros come in. \u0026ldquo;by turning your event stream into a sequence of chained and signed blocks you get guarantees of losslessness\u0026rdquo;\nL\u0026gt; Blockchain == storage.\nK\u0026gt; Ok, that\u0026rsquo;s a Merkle tree then, it needs a wasteful PoW to become a real blockchain. And we have plenty of successful Merkle Trees, git, zfs and so on, just zero successful Blockchains, so it is useful to make this distinction. …\nL\u0026gt; There will always be two things: state and changes to state. Unless every change contains the entire previous state, or changes are distributed guaranteed, there is risk of diversion.\nK\u0026gt; So this is also a question I have about Blockch\u0026hellip; Merkle trees. You can spot holes. How do you heal them?\nL\u0026gt; Perhaps every change could contain hash of previous state, but that only helps detect diversion, not solve it.\nK\u0026gt; Yes, that is the merkle tree thing. Well, it is tree-dimensional and time-dimensional. you have the data structure itself, checksummed, and you have the stream of changes, also checksummed.\nL\u0026gt; Now. The obvious solution is detect then replay. But this poses two new problems. 1) what state do we trust enough to start from. 2) where do we replay changes from.\nK\u0026gt; In blockchains this is a voting problem. In git and the Linux kernel, this is literally Linus day job. … L\u0026gt; Right. Snapshot and replay from there. Like I said.\nK\u0026gt; Yes. I do believe it does not get more complicated than mysql binlogs and binlog positions, but with JSON as a REST service.\n","date":"2020-06-10T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/10/where-do-the-joins-go.html","tags":["lang_en","database","development"],"title":"Where do the JOINs go?"},{"categories":null,"content":"So this morning the 08:10 alarm in the living room did not go off. It was set to remind the son that it is time to get going for school. We noticed in time, but when I looked into the \u0026ldquo;Why?\u0026rdquo; things got interesting. That alarm is a chime from the household Sonos system, and when I investigated, I got this:\nSonos did the split and upgraded/rebranded their controller operating system to S1.\nSo Sonos did their thing and split their universe. There is S1, the Sonos application that is as-is and that can talk to all the hardware we have. And there is, or will be, S2, the new software. Devices running S1 cannot talk to S2 controller applications, and cannot be grouped with devices running S2 and vice versa.\nSome older devices, notably our two Play:5.1, cannot be upgraded to S2. Some newer devices, presumably everything they build in the future, cannot be downgraded ot S1.\nNobody wants two apps, and two Sonos networks.\nNobody wants to throw out perfectly good speakers.\nThis is a very unsatisfying situation, and a completely unnecessary one, to boot. I get that a single-core PPC CPU with 32 MB of memory and 32 MB of flash has limitations. I also know that newer devices are Raspi-4 like devices with up to 4 cores, 1024 MB of memory and 1024 MB of flash.\nSonos decided to split universes instead of dumbing down old devices to remote-controlled WAV/MP3 stream receivers and running the control software on any of the more powerful devices in a network. Sonos decided to not sell a Raspi 4-like Controller box for legacy devices in a nice chassis as a maintenance upgrade for legacy speakers.\nSonos always was known for long-term support of their devices, and Sonos was always known for making things simple and just work. They completely failed at any of these, their core values, with their S2 migration.\nAnd that is not even looking at the completely botched communication around this entire thing, with the explanation-less announcement of the trade-in program, and the completely messed up bricking-program.\nThe wife decided that we are too invested into this stuff to get rid of it short term, but put a purchase moratorium on new Sonos stuff into place. \u0026ldquo;And\u0026rdquo;, she said, \u0026ldquo;even if they get out of that, say, mid-2021, it\u0026rsquo;s still IKEA only. At least that keeps the financial risk under control.\u0026rdquo; Yup, downgraded from prime tier to consumer tier and a one year term on the bench.\n","date":"2020-06-09T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/09/sonos-just-got-complicated.html","tags":["lang_en","media","sonos"],"title":"Sonos just got complicated"},{"categories":null,"content":"In Data Centers and Energy I wrote about Hyperscaler Data Centers and Open Compute, and how they bring down the PUE of data centers, making them more efficient, and in Streaming and Energy I followed up on this, explaining how Netflix energy usage fits into this. Now the Uptime Institute has released a study that claims \u0026ldquo;Data center energy efficiency gains have flattened out\u0026rdquo;.\nIt is summarized as:\nThe average power usage effectiveness (PUE) ratio for a data center in 2020 is 1.58, only marginally better than 7 years ago, according to the latest annual Uptime Institute survey (findings to be published shortly).\nBut with a lot of caveats:\nAs ever, the data does not tell a complete story. This data is based on the average PUE per site, regardless of size or age. Newer data centers, usually built by hyperscale or colocation companies, tend to be much more efficient, and larger. A growing amount of work is therefore done in larger, more efficient data centers (Uptime Institute data in 2019 shows data centers above 20 MW to have lower PUEs). Data released by Google shows almost exactly the same curve shape — but at much lower values.\nWhich basically says the opposite: actually newer, larger hyperscaler cloud datacenters are way more energy efficient, and continued to do so after 2013. But a lot of IT is stagnating in old build, and is not being upgraded nor moved anywhere, so the numbers seem to stagnate when they are not.\nIt suggests the best way to improve the PUE of your data center is to move to get cloud and get rid of it, but Uptime being Uptime they cannot phrase it that way.\n(via @speicherstief )\n","date":"2020-06-08T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/08/cloud-and-energy.html","tags":["lang_en","climate","cloud","data center","energy","erklaerbaer"],"title":"Cloud and Energy"},{"categories":null,"content":"Charity Majors was on fire and on target, again :\nWhat is a Waffle House Index ?\nThe Waffle House Index is an informal metric named after the Waffle House restaurant chain and is used by the Federal Emergency Management Agency (FEMA) to determine the effect of a storm and the likely scale of assistance required for disaster recovery.\nA \u0026ldquo;Waffle House Index for Tooling\u0026rdquo; would be an indicator how bad the situation on the ground in an IT department is. Charity Majors suggest \u0026ldquo;CPU load alerts\u0026rdquo; as a tooling emergency indicator.\nWhy? CPU load or %CPU used is a useful metric, because it tells you how \u0026ldquo;full\u0026rdquo; the compute part of a thing is.\n\u0026ldquo;Rightsizing capacity\u0026rdquo; is not easy Alerting on it is a very weird idea, though, and still I find people doing this all of the time. Usually these people are in dire need of a better education, though.\nIf you right size your infrastructure, your goal is to have as little overhead as possible in provisioned resources: Only provision as little as needed, just as much as necessary to deliver.\nBut if you did that, a CPU alert would be going off all of the time, because ideally you want your boxes loaded to the limit, right?\nAlerting or provisioning? Or you can\u0026rsquo;t, because this is complicated: there are a lot of preconditions that go into even being able to load boxes to this limit. If you can\u0026rsquo;t, then a CPU load alert would also be useless, because it would either never fire, or if it did, it would be too late.\nWeb workloads, specifically, are usually spiky. Your workload may be within the provisioned capacity most of the time, but there will be very sudden, very short spikes that are not. These spikes are usually way shorter than the time it takes to grow your capacity. The way to handle that is to provision not for a median needed capacity, or even low 90ies percentile of required capacity, but to provision for max or 99.9 in order to be able to ride the waves.\nIf you alert on CPU load in such an environment, by the time the alert goes off, it will be too late already. Also, if you could alert, you could also size.\nExperimentation has effects on capacity Or you may be in an environment where the code is unpredictable, because you change it a lot with experiments going in and out of the codebase, or from 1%-on to full-on.\nWhen experimenting, it is important to expose code to users really quickly. That code being efficient is not a priority, because most of it will be scrapped as having a net-negative outcome anyway. It is not worth it putting engineering into code before you have the business side of things right.\nBeing able to run experiments means you need to overprovision capacity.\nDetailed, many-dimensional, highly tagged metrics But that of course means you need to alert on change in variants, and compare code path variants not only with respect to business metrics, but also on technical metrics in order to offset business wins. With proper experimentation, you cannot only say \u0026ldquo;This code is making us x Euro/h richer than the base variant.\u0026rdquo; You also need to be able to say \u0026ldquo;To run this we will have to pay y Euro/h more\u0026rdquo; and \u0026ldquo;Refactoring this for efficiency will cost z Euro in Engineering Time over a potential lifecycle of n hours, so y Euro/h more\u0026rdquo;.\nThis not only enables quantified reasoning over the change the experiment introduces, but also about how to proceed with the codebase when it goes full-on: Do we leave it as is and just buy more machinery, or do we put engineers on it to make it nice?\nProduction load testing numbers for capacity But in order to allow developers to experiment safely, you need to have accurate capacity metrics, which CPU load is not. Testing in production, safely, specifically automated load tests with actual production users and separate monitoring of experiment codepaths (and consumption attribution at the request level to experiment variants) will provide these numbers.\nAnd that is the way to go: From reactive scaling (\u0026ldquo;CPU Load too high, raise capacity\u0026rdquo;) to predictive scaling (\u0026ldquo;Our capacity is x req/m per box, and we have n. Evening peak will be m, so we need y boxen more by 16:00.\u0026rdquo;). Which brings us back to the spiky loads where we started.\nTL;DR If CPU load alerting worked, reactive autoscaling would work, too. In a web workload environment, it usually doesn\u0026rsquo;t. If you experiment, you need to attribute cost and benefit to experiment variants. That means load tests with production users. That means detailed, many-dimensional metrics with many tags, and a lot of ad-hoc metrics exploration. Once you have that, you are also ready for predictive autoscaling, which actually works. and\nIf your shop uses CPU load alerting, chances are that their tooling and education is in need of emergency updating. ","date":"2020-06-08T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/08/waffle-house-index-of-tooling.html","tags":["lang_en","devops","performance"],"title":"Waffle House Index of Tooling"},{"categories":null,"content":"So I want to monitor my Jitsi Videobridge to get some useful statistics. The instructions say to enable Videobridge statistics and then grab stuff from port 8080.\nOk, I think I did that, but it did not work. Time to dig into the container network config.\nAnd while I have a lot of network namespaces, they are unknown to ip netns, as can be seen when asking for a list. When we define a network namespace with ip netns, it will symlink the assigned name from /var/run/netns/\u0026lt;name\u0026gt; to /proc/\u0026lt;pid\u0026gt;/ns/net of the process that leads that namespace.\nSo these are our container names, we want them as netns names:\n# docker ps --format=\u0026#39;{{.Names}}\u0026#39; jitsi-jvb ... We can turn them into PIDs:\n# docker inspect -f \u0026#39;{{.State.Pid}}\u0026#39; jitsi-jvb 3899821 And with that, we can create a mapping script:\n#! /bin/bash names=\u0026#34;$(docker ps --format=\u0026#39;{{.Names}}\u0026#39;)\u0026#34; for name in $names do pid=\u0026#34;$(docker inspect -f \u0026#39;{{.State.Pid}}\u0026#39; $name)\u0026#34; if [ -z \u0026#34;$pid\u0026#34; ]; then echo \u0026#34;Cannot resolve $name\u0026#34;; continue; fi echo $pid $name ln -sf /proc/$pid/ns/net \u0026#34;/var/run/netns/$name\u0026#34; done Sure enough, I can now ip netns things:\n# ip netns list influxdb (id: 5) mosquitto (id: 2) grafana (id: 0) z2m (id: 8) mqttbridge (id: 9) jitsi-web (id: 3) jitsi-prosody (id: 1) jitsi-jvb (id: 4) jitsi-jicofo (id: 6) # ip netns exec jitsi-jvb lsof -i -n -P COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME dockerd 16420 root 134u IPv4 34920699 0t0 UDP 127.0.0.11:45441 dockerd 16420 root 138u IPv4 34920700 0t0 TCP 127.0.0.11:34251 (LISTEN) java 3900157 docker 152u IPv4 34917278 0t0 UDP 172.3.0.5:10000 java 3900157 docker 153u IPv4 34927830 0t0 TCP 172.3.0.5:59998-\u0026gt;172.3.0.2:5222 (ESTABLISHED) java 3900157 docker 157u IPv4 34927885 0t0 UDP *:5000 java 3900157 docker 159u IPv6 34927887 0t0 UDP *:5000 @ascii158 points me at\nconsole# nsenter -n -t $(docker inspect \u0026lt;containername\u0026gt; -f '{{.State.Pid}}') lsof -i -n -P\nas an alternative solution. That works, but is also quite a lot to type. Like the former solution it needs a script, just a different one. It still is more flexible: works with non-network namespaces and does not need to update a static lookup table.\nIt also highlights the fact that docker ps prints a lot of different identifiers, none of which are the actual PID. Which is funny, because that is kind of the point of a thing called ps, isn\u0026rsquo;t it?\n","date":"2020-06-07T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/07/fixing-ip-netns-for-docker.html","tags":["docker","networking","debug","lang_en"],"title":"Fixing \"ip netns\" for docker"},{"categories":null,"content":"A question from Reddit\u0026rsquo;s /r/mysql:\nHey, I was planning to make a dashboard, where Users are subjected to make edits on their profiles every now and then, and I expect a high volume of requests to the database.\nHaving worked previously with MySQL for another Dashboard, I encountered errors for:\nMaximum user connections - when I connected to the database only while query was to be executed\nLock wait timeout exceeded; try restarting transaction - when I connected to the database whenever a user logged into the dashboard, and ended the connection when he ended the session.\nBoth the approaches resulted in different errors, that too when I had a small user base, but they were active at the same time. Since, for the New Dashboard, I expect way more oscillating traffic, depending upon events, is there any way I can optimize my process of queries so that I can prevent the errors.\nI am having trouble understanding what was being tried. The host language was not stated, but that choice could influence system behavior because of the way the host language connects to the database.\nAssuming a 2-tier system where the web frontend contains the host language directly or indirectly (any of Perl, PHP, Python, Ruby as module or FCGI process), we will see as many connections to the database as there are web server processes or FCGI workers. Each connection spawns a thread in the database, and that will, when idle consume some 500 KB or so of memory in the database server. Obviously, the max_connections value must be higher or equal to the maximum number of workers.\nThere is no way for this to stall \u0026ldquo;when I connected to the database only while query was to be executed\u0026rdquo;. By default, each worker has one database connection and query execution is synchronous, the worker is stalled while the database is working on the query. This could be different, if a language such as Java or Javascript (node.js?) is being used, and a connection pool has been configured. In this case, if queries stall, the connection pool may be undersized.\nThe \u0026ldquo;Lock wait timeout exceeded\u0026rdquo; means an InnoDB row lock has been held for a transaction duration longer than 50 seconds. This seems to be either a deadlock (two transactions trying to change an overlapping set of rows) that is not properly detected, or it is an attempt to hold a lock over a human user interface transactions - always an error.\nFor the latter problem often an optimistic locking approach is successful. That is: No locking when generating the data entry screen for the UI. When the data entry screen is comitted, start the transaction and guard it with a version number or the full data set.\nLet\u0026rsquo;s look at this in a concrete fashion, using Python and a Flask app, using the ideas of Miguel Grinberg\u0026rsquo;s The Flask Mega-Tutorial as a foundation.\nWe want to edit some dummy table without timing out. The table is defined like so:\nCREATE TABLE `editme` ( `id` bigint unsigned NOT NULL AUTO_INCREMENT, `name` varchar(200) DEFAULT NULL, `city` varchar(200) DEFAULT NULL, UNIQUE KEY `id` (`id`) ) INSERT INTO `editme` VALUES (1,\u0026#39;Name 1\u0026#39;,\u0026#39;City 1\u0026#39;); INSERT INTO `editme` VALUES (2,\u0026#39;Name 2\u0026#39;,\u0026#39;City 2\u0026#39;); INSERT INTO `editme` VALUES (3,\u0026#39;Name 3\u0026#39;,\u0026#39;City 3\u0026#39;); INSERT INTO `editme` VALUES (4,\u0026#39;Name 4\u0026#39;,\u0026#39;City 4\u0026#39;); It has an integer field id, which is the primary key, and two data fields, name, and city. We do not care what that means, it is just an example. We provide some sample data.\nThe web form shows these values, and as hidden fields, also preserves the pre-edit values. So we get the id field to identify rows, and then hidden fields oldname and oldcity, and the matching visible edit fields name and city.\n{% extends \u0026#34;base.html\u0026#34; %} {% block content %} {% for row in table %} \u0026lt;tr\u0026gt; \u0026lt;form action=\u0026#34;\u0026#34; method=\u0026#34;post\u0026#34; novalidate\u0026gt; {{ form.csrf_token }} {{ form.id(value=row.id) }} {{ form.oldname(value=row.name) }} {{ form.oldcity(value=row.city) }} \u0026lt;td\u0026gt;{{ form.name(value=row.name, size=40) }}\u0026lt;/td\u0026gt; \u0026lt;td\u0026gt;{{ form.city(value=row.city, siz=40) }}\u0026lt;/td\u0026gt; \u0026lt;td\u0026gt;{{ form.submit() }}\u0026lt;/td\u0026gt; \u0026lt;/form\u0026gt; \u0026lt;/tr\u0026gt; {% endfor %} {% endblock %} Flask and WTForms demand a Form Class to handle this. We name it EditForm and define our hidden and visible fields:\n#! /usr/bin/env python from flask_wtf import FlaskForm from wtforms import StringField, SubmitField, HiddenField from wtforms.validators import DataRequired class EditForm(FlaskForm): id = HiddenField(\u0026#34;id\u0026#34;, validators=[DataRequired()]) oldname = HiddenField(\u0026#34;oldname\u0026#34;, validators=[DataRequired()]) oldcity = HiddenField(\u0026#34;oldcity\u0026#34;, validators=[DataRequired()]) name = StringField(\u0026#34;name\u0026#34;, validators=[DataRequired()]) city = StringField(\u0026#34;city\u0026#34;, validators=[DataRequired()]) submit = SubmitField(\u0026#34;Save\u0026#34;) Finally we can put all the cabling into our routes:\n#! /usr/bin/env python from flask import render_template, flash from app import app from app.forms import EditForm from app.data import FormUpdater # this is where the optimistic locking happens @app.route(\u0026#34;/\u0026#34;, methods=[\u0026#34;GET\u0026#34;, \u0026#34;POST\u0026#34;]) @app.route(\u0026#34;/index\u0026#34;, methods=[\u0026#34;GET\u0026#34;, \u0026#34;POST\u0026#34;]) def index(): f = FormUpdater() table = f.fetch() # load table into memory form = EditForm() # show an edit form if form.validate_on_submit(): # if the form has been submitted back, modified = f.update(form) # save the data, remember the number of changed rows table = f.fetch() # reload the data for checking flash(f\u0026#34;Updated {modified} rows.\u0026#34;) else: flash(\u0026#34;No data received.\u0026#34;) # show the form return render_template(\u0026#34;index.html\u0026#34;, title=\u0026#34;Home\u0026#34;, table=table, form=form) We register only one action, for the routes / and /index. This route loads the data from the database, by creating a FormUpdater and calling fetch() on it.\nIn case this form has been edited and the Save button pressed, we end up in the if-branch for validate_on_submit(). Here we call update() on the FormUpdater, and the re-fetch the data to make sure we show the updates. We also remember the number of modified rows in modified.\nIn any case, we show the table as a form.\nNow, the FormUpdater:\n#! /usr/bin/env python import MySQLdb import MySQLdb.cursors class FormUpdater: def __init__(self): self.connect() def connect(self): self.db = MySQLdb.connect(host=\u0026#34;localhost\u0026#34;, user=\u0026#34;root\u0026#34;, db=\u0026#34;kris\u0026#34;) def fetch(self): cur = MySQLdb.cursors.DictCursor(self.db) query = \u0026#34;select id, name, city from editme\u0026#34; cur.execute(query) return cur.fetchall() def update(self, form): query = \u0026#34;update editme set name = %s, city = %s where id = %s and name = %s and city = %s\u0026#34; data = ( form.name.data, form.city.data, form.id.data, form.oldname.data, form.oldcity.data, ) cur = self.db.cursor() cur.execute(query, data) modified = cur.rowcount self.db.commit() return modified The fetch() method simply runs select id, name, city from editme and returns all rows. In order to make our life easier, we are using a DictCursor, so we get named columns.\nThe update() method generates a query that sets the new values for name and city, identifying the row by id. The where-clasuse of the update statement contains the additional condition AND name = %s AND city = %s, where we put the old name and old city into the placeholders.\nSo when we generate the form, we do not lock the record, and we put the old name and old city into the form itself in hidden fields. When we accept the form, we check if the name and city are unchanged by comparing them against the old name and old city as they have been submitted back.\nIn case they have been changed, the update fails and the user edits are lost. Otherwise the update statement goes through. We report back the number of rows changes, 0 or 1.\nMore intelligence could be put into the function: In case we do not modify any row, we could reload the row and check if the oldname still matches - if yes, we could accept any user edit on the name field, as there is no collision. Then we could do the same with the city.\nMore intelligence could be put into the editor: In case we have any collision, we could flash and highlight the collision and allow the user to resubmit their change, resolving the conflict.\n","date":"2020-06-04T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/04/optimistic-locking.html","tags":["lang_en","mysqldev","mysql","erklaerbaer","reddit"],"title":"Optimistic locking"},{"categories":null,"content":"Als ich noch ein ganz kleiner Kris war, habe ich die Schülerbüchereien von mehreren Schulen durchgelesen und mich dann über die Gemeindebücherei hergemacht. Es ist jetzt mehr als 40 Jahre her, daß ich da im Schülerteam mitgearbeitet habe, aber die Chefin, die damals gerade angefangen hatte und die auch das Schülerteam begründet hat, ist immer noch da und macht ihren Job. Das ist unglaublich großartig.\nGroß geworden bin ich unter anderem mit den Büchern von Rolf Ulrici , Raumschiff Monitor und Erdschiff Giganto.\nSteinalte deutsche Klischee-Scifi, eigentlich mehr eine Kinder-Abenteuerserie mit Weltraum-Hintergrund.\nIch habe aus Gründen vor einigen Wochen versucht, die Bücher (Monitor, Giganto und weil ich gerade dabei war, Oliver Hassencamps \u0026ldquo;Burg Schreckenstein\u0026rdquo;) als eBook zu finden, aber kaum etwas davon ist auf Kindle oder anderen eBook-Shops zu finden. Aber das macht nichts, es gibt… andere Quellen und man kann sich dann damit behelfen.\nWie dem auch sei, beim nochmaligen Durchlesen mit vier Dekaden Abstand ist die Wirkung eine andere, und es wird auch deutlich, wie sehr sich die Welt und unsere Sicht auf die Gegenwart und Zukunft verändert hat in all dieser Zeit. Damit meine ich vordergründige Aufhänger wie die eigenartig veraltet-moderne Technik und das heute mehr als seltsam wirkende Frauenbild, daß sich durch alle Bücher aus dieser Zeit zu ziehen scheint.\nDoch während man darüber hinweg sehen könnte, geht es auch tiefer: Pacing und Erzählstruktur sind eigenartig anders als man das heute gewohnt wäre, es passiert pro Band nicht viel und die Figuren erleben die Handlung mehr als daß sie sie bestimmen. Ich habe die Monitor-Serie an einem Wochenende schnell durchgelesen und mir \u0026ldquo;Giganto\u0026rdquo; und auch den Hassencamp dann geschenkt. Es hätte schlimmer sein können: Hat jemand von Euch einmal versucht, die Captain Future Anime-Serie anzusehen und wenn ja, wie lange habt Ihr durchgehalten?\nWie dem auch sei: Es war bei aller Kritik eine schöne Erinnerung und ich habe meine alte Gemeindebücherei wiedergefunden.\n","date":"2020-06-03T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/03/fertig-gelesen-rolf-ulrici.html","tags":["lang_de","review","book","media","scifi"],"title":"Fertig gelesen: Rolf Ulrici"},{"categories":null,"content":"A question from Reddit’s /r/mysql led to a longer discussion of cursors and how they are implemented in MySQL, and what the advantages and drawbacks are.\nThe OP probably had a slow query, but was misphrasing the question:\nI am having performance problems where my cursor is taking 6-8 seconds to go through a hundred rows. I think this is because I am also using while loops to loop through JSON objects to pull information. I am wondering if cursors are usually this slow or if I have set it up poorly.\nThis turned into a longer exchange about the MySQL C API and the other APIs - some of them have been created by wrapping the C-API, others reimplemented the protocol from scratch.\nWhen the server executes a query, the result is shipped to the client as a result set, which we can imagine as a table made up from rows made up from columns. The server tries to resolve the query in a streaming fashion, because that allows it to ship each row as it is being produced, saving memory in the server. The default Join Algorithm MySQL uses, Nested Loop Join , is well suited for this.\nSo unless the result set needs to be captured for further treatment in the server (indicated by \u0026ldquo;using temporary\u0026rdquo; or \u0026ldquo;using filesort\u0026rdquo; in the EXPLAIN), it is being shipped to the client as it is being produced.\nThe client by default downloads the whole result set into memory, and keeps it there until it is no longer needed (until mysql_free_result() is being called in the C API). This can use a lot of memory, but it allows the client to jump around in the result set randomly. The host language can request this mode (it is the default) with the function mysql_store_result() .\nIf you expect very large result sets you can save a lot of memory, at the cost of losing the capability of random access to the result set, by requesting a streaming mode with mysql_use_result .\nIn this mode, each result set row is being downloaded as it is needed - until then it is being queued in the server. In fact, streaming query execution in the server is stalled. Only as the client requests another row the server begins to produce this row, synchronizing query execution in the server and the client. This used to be a Bad Thing™ because with MyISAM queries a table lock was held by an executing query, and if the client stalls query execution in mysql_use_result() mode locks on the server will be held longer and memory resources will be held longer, straining scarce server resources.\nWith InnoDB, things became better - locking is different, and with MVCC readers are never stalled by writers (or other readers). Still, mysql_store_result() is the default, and this is mostly a good thing.\nOnly for programs such as mysqldump the streaming mode is the default. mysqldump calls it the --quick-mode and it is on by default. Otherwise mysqldump would try to download the entire database into client memory, and that is usually a very bad idea. You could run mysqldump --skip-quick-mode and watch the mysqldump binary bloat until you get a visit from the OOM killer.\nSo how is this done in different language APIs?\nPerl https://metacpan.org/pod/DBD::mysql#DATABASE-HANDLES , scroll down to mysql_store_result\n$dbh = DBI-\u0026gt;connect(\u0026#34;DBI:mysql:test;mysql_use_result=1\u0026#34;, \u0026#34;root\u0026#34;, \u0026#34;\u0026#34;); PHP https://www.php.net/manual/en/mysqli.use-result.php , see examples there. PHP contains an independent implementation of the MySQL protocol with a different memory management that leverages Zend Values (ZVALs) in order to prevent data duplication, the situation is a bit more complicated and a lot more efficient here.\nJava https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-reference-implementation-notes.html , scroll down to ResultSet, look up fetchSize().\nJDBC is a protocol implementation in native Java and is not based on Connector/C alias libmysqlclient.a. Things could be different here, within limits (the protocol is still the same), but mostly aren\u0026rsquo;t.\nODBC https://dev.mysql.com/doc/connector-odbc/en/connector-odbc-configuration-connection-parameters.html , scroll down to the prefetch parameter.\nODBC is a protocol implementation that is not based on Connector/C alias libmysqlclient.a. Things are different here, mostly because ODBC is a very rigid specification and a lot of things cannot be easily mapped from ODBC-think into MySQL-realities. There are a lot of parameters and magical values. Tread with care.\n","date":"2020-06-01T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/01/mysql-storeresult-and-useresult.html","tags":["lang_en","mysqldev","mysql","erklaerbaer","reddit"],"title":"MySQL store_result and use_result"},{"categories":null,"content":"I have an embedded Mac mini, it drives the local TV screen by doing OpenVPN to Germany, Netflix, Amazon and the local Subsonic . It does not really do much with the local disk, and it does not need to wake up every hour to make a Time Machine backup over the network.\nTo change the backup interval, install Time Machine Editor .\nTime Machine Editor can change the Time Machine Backup interval. It has a background daemon that triggers the backups, a GUI application and a command line utility.\nTime Machine Editor works with automatic Time Machine backups disabled, which will turn off the local scheduler. It instead installs its own scheduler as a background process, which will then kick off the regular Time Machine backup process, but on the schedule you want. It can control all aspects of Time Machine: remote backups to an external disk as well as local snapshots. It understands applications that prevent display and machine sleep, exclusion times for the night and custom schedules. A command line application, tmectl, allows control of all aspects programmatically as well.\nBecause of the way the application is built, it does not require special privileges, and is also not running into System Integrity Protection problems with Catalina.\nThe pre-Catalina\n$ sudo defaults write /System/Library/LaunchDaemons/com.apple.backupd-auto StartInterval -int 14400 does no longer work: It tries to change a plist in /System and fails. The approach chosen by Time Machine Editor is cleaner and not subject to these new Apple limitations.\nEnergy consumption of the Mac mini before and after installation of Time Machine Editor. I am running a backup every 6h, and that is just fine with this machine and how it is being used.\n","date":"2020-05-26T00:00:00Z","href":"https://blog.koehntopp.info/2020/05/26/time-machine-editor.html","tags":["lang_en","apple","macos"],"title":"Time Machine Editor"},{"categories":null,"content":"In an earlier episode I asked for Plugs with Wi-Fi and ended up with Gosund and Tasmota . Considering this to be a success, I asked the Twitters for Temperature and Humidity Sensors. Of course, this got complicated.\nNow that I have Powermeter Plugs everywhere: What are good sensors for temperature, humidity and CO2 that can be tasmotified? Wi-Fi, http or mqtt?\nI was pointed to Xiaomi Aqara , but these do not do Wi-Fi, but Zigbee - whatever that is, it is spoken by Zigbee USB Gateway Sticks and works with Raspi. We\u0026rsquo;ll see.\nChristian Kahlo mentioned GY-BME280 Sensors, which can be connected to any ESP Tasmota device, and work with the \u0026ldquo;sensors\u0026rdquo;-Edition of Tasmota just fine. Worth a try. Jens Dibbern points to generic NodeMCU modules and BME Sensors again.\nRené Kerner recommends this talk , which may be relevant.\nWickelkranz points at the Aranet 4 , but 150 Euro is too much to play with it randomly. This would need more pre-buy research. The FAQ is not encouraging, but the Forums are helpful and point to Github .\nSascha Köhler recommends the Wemos D1 Mini Development Board and then a DIY sensor build.\n","date":"2020-05-25T00:00:00Z","href":"https://blog.koehntopp.info/2020/05/25/air-quality-sensors.html","tags":["lang_en","iot"],"title":"Air Quality Sensors"},{"categories":null,"content":"(continued from Plugs with Wi-Fi ) So the Gosund plugs came, as did the Raspi 4. I did cancel the Shelly plug and decomissioned the TP-Link Kaka, because Tasmota on Gosund is awesome and the Gosund hardware is dirt cheap.\nPower consumption of the local data grave, with too old a mainboard and CPU and way too much storage\nBut lets start at the beginning:\n4 Pack of Gosund SP111 V1.1 , so they come in at around 10 Euro/pc. They come with a chinese cloud application that is utterly useless, and I never even tried to get them running with it. This is recommended, because running that app might update the native firmware of these things and potentially lock it.\nThere is tuya-convert for solder-free flashing. The software needs to run on a machine with a controllable Wi-Fi chip, in my case a Raspi 4. It fakes a trustworthy firmware update hotspot and then flashes an alternate firmware onto the plug. For me, this was an entirely pain-free process.\nClarification: tuya-convert is a solder-free conversion process that exploits a firmware update vulnerability in the original firmware. For some plugs or ESP devices in general it can work, and if it does, it is a breeze.\nSome Tuya devices are locked. In this case it is always possible to convert them by connecting a serial port to the GPIO pins of the ESP chip. This can be done with a Raspi 4 (Case , Power , SD Card ), a RS232 adapter , and some headers and breadboard wires. Sometimes the connection can be made without soldering using the breadboard wires, and always with a quick solder drop to make the connection more reliable. In my case all of that was not necessary for the Gosund plugs, tuya-convert worked.\nIn my home, the new firmware is Tasmota - there is also esphome. Tasmota does http, mqtt (both with TLS, if you wish) and syslog.\nTasmota UI in Admin mode. When configured, it can be locked to only show the data and the ON/OFF toggle. Control is then only possible via MQTT. It can also be basic-auth protected.\nAfter conversion, the plug is a hotspot. You join with a cellphone and enter the \u0026ldquo;login to hotspot\u0026rdquo; screen. You see a config for Wi-Fi credentials. The plug joins your local Wi-Fi, and config continues via normal Wi-Fi, using http or mqtt.\nApart from the obvious config through http, you want\n{\u0026#34;NAME\u0026#34;:\u0026#34;SP111 v1.1\u0026#34;,\u0026#34;GPIO\u0026#34;:[56,0,158,0,132,134,0,0,131,17,0,21,0],\u0026#34;FLAG\u0026#34;:0,\u0026#34;BASE\u0026#34;:45} as the template of choice for the v1.1 plug. Tasmota Templates select the binary function module that controls the plug, here 45 - Blitzwolf SHP6 - and then assigns functions to the GPIO pins.\nApart from setting up syslog, MQTT and Wi-Fi, you also want to run some Console commands:\nVoltageSet 235 SetOption21 1 The former sets the base voltage the plug sees, calibrating things, and the latter makes the plug report voltage even when the relais is off.\nSome people also recommend to shorten the power consumption reporting interval. The minimum is 10s. This can be done in the web interface, or with a console command:\nTelePeriod 10 Additionally, the number of digits after the comma can be dialled up. If you trust the equipment to actually deliver this precision, do configure like this, and also set a NTP server.\nBacklog AmpRes 3; EnergyRes 5; FreqRes 3; VoltRes 3; WattRes 3 NtpServer http://ptbtime1.ptb.de MQTT to Influx and Grafana contains instructions for dockering Influx and Grafana and a small piece of Python that can be trivially adjusted to grab the power reports from the plug and load them into the Influx.\nI added a total of 10 plugs to the household and may have need for another 10. I am also looking at a potential IPv4 shortage at home and may need to expand beyond a single /24.\n","date":"2020-05-20T00:00:00Z","href":"https://blog.koehntopp.info/2020/05/20/gosund-and-tasmota.html","tags":["lang_en","iot","home automation"],"title":"Gosund and Tasmota"},{"categories":null,"content":"When the Coronacrisis began, a good friend of mine started a Discord server and brought the band back together. As with any of the Coronavirus Quarantine Chats, the initial discussion revolved around baking proper bread. I wanted to archive this, so I needed a way to download Discord chat histories for archive.\nThe DiscordChatExporter can do that, and doing this was actually easy.\nI needed\nDocker my Discord User Token No Discord Bot Token The Discord Channel ID and then did a small starter script:\n~/discord $ cat starter.sh #! /bin/bash -- rm -rf /tmp/export mkdir /tmp/export docker run --rm \\ --network host \\ -v /tmp/export:/app/out \\ tyrrrz/discordchatexporter:stable export \\ --channel $(cat discord-channel-token.txt) --token $(cat discord-user-token.txt) The Wiki has detailed instructions for obtaining the tokens and running the Docker version .\nIt is important to note that I did not need a bot account or bot token, it is possible to do this under the user identity.\nIt is also important to note that I needed the --network host option (of course) in order to get the container to be able to access the network and have DNS.\nAnd it is finally important to note that this downloads the base HTML only. Images and other content is still stored at Discord. So once you have the log, you still need to put this into a browser and save it with images or use some other method to get a full archive with all media content. Firefox can do this nicely: View, hit Cmd-S and store.\n","date":"2020-05-18T00:00:00Z","href":"https://blog.koehntopp.info/2020/05/18/note-to-self-archiving-discord-chats.html","tags":["lang_en","discord"],"title":"Note to self: Archiving Discord Chats"},{"categories":null,"content":"I have been pointed at the following question: »Has anyone ever used mySQL events to auto-delete rows from a table after set period? Wondering your experience of doing this.«\nThere are two ends to this question:\nexpiring data from a MySQL table doing this with the event scheduler Mass-deleting data from InnoDB You can of course delete data from a table using the SQL DELETE statement with an arbitrary WHERE-clause at any time:\nDELETE FROM t WHERE report_date \u0026lt; now() - INTERVAL 7 DAY Delete data from table t that has a report_date more than 7 days in the past. Since the interval expression on the right hand side evaluates to a constant and the left hand side is a bare column name, the planner can leverage an index on the column report_date to find the rows to delete quickly.\nThe downside of a query like this is that you do not know how many rows you will be deleting, and (especially if there is not an index on report_date) the query may also generate a whole lot of locks. These locks may be getting in the way of other operations on this table.\nIn the SQL style guide we use at work, we recommend that developers run a SELECT statement instead. They would be retrieving the ID values of the rows they want to delete and then delete them with WHERE id IN ( \u0026lt;list of constants\u0026gt; ) using a reasonable batch size and replication delay monitoring where applicable.\nSo something like:\nbatch_size = 1000 delete_stmt = \u0026#34;DELETE FROM t WHERE id IN ( %s )\u0026#34; cursor.execute(\u0026#34;SELECT id FROM t WHERE report_date \u0026lt; now() - INTERVAL 7 DAY\u0026#34;) full_set = [ id[0] for id in cursor.fetchall() ] for n in range(0, len(full_set), batch_size): current_set = \u0026#39;, \u0026#39;.join(full_set[n:n+batch_size]) cursor.execute(delete_stmt % current_set) cursor.commit() The ORM we use (a local custom thing) actually provides functionality that automates this, and also checks replication delay on the replicas. It will delay the loop execution if necessary in order to keep the lag on the replicas within the service level.\nWhy this is expensive This is not the best way to get rid of data on a schedule, though. MySQL InnoDB stores data in primary key order, and an auto_increment primary key is like a dynamically increasing time stamp. It will organize your table so that more recent data is on the right hand side of the table and older data is on the left hand side. Adds always happen at the very right hand side, and deletes happen always at the very left hand side.\nNow, data in InnoDB primary keys is structured as a B+-Tree. That is a B-Tree where the leaves are the actual data pages (and that is where the order comes from). B-Trees are balanced: The longest path from the root to any leaf page is at maximum one step longer than the shortest path. Rebalancing operations have to happen to maintain this, and in a structure where we append at the right and delete from the left, a maximum number of rebalancing operations have to happen to maintain the ring buffer. InnoDB performs comparatively badly at this.\nPartitions instead The recommended way to do this is to use MySQL partitions and partition by ID ranges in a sensible way. Then use ALTER TABLE t DROP PARTIION instead of DELETE statements to get rid of data.\nThis will hurt way less than deleting data, and also not mess with the structure of the B+-Tree.\nCREATE TABLE t ( id INTEGER NOT NULL PRIMARY KEY auto_increment, ... ) PARTITION BY RANGE (id) () PARTITION p0 VALUES LESS THAN (1000000), PARTITION p1 VALUES LESS THAN (2000000) ); ALTER TABLE t ADD PARTITION ( PARTITION p2 VALUES LESS THAN (3000000)), DROP PARTITION p0; Because each partition is internally a table of its own, each partition will have their own much tinyier tree, and the actual drop operation is a file system delete instead of a tree rebalancing operation.\nOther systems The problem statement sounds a bit like somebody is trying to build a time series database, but there are valid relation system use-cases that sound similar and are not actually a TSDB use case.\nIn case of this being a TSDB use-case, there is cassandra as a NoSQL data store with automatic data expiration, as shown in the manual .\nPrometheus, Influx and Graphite are popular TSDB data stores that work with structures that expire data more efficiently than rebalancing a B+-Tree.\nEvents (and code in the database) In our at-work styleguide we discourage the use of code in the database as a general rule. That means you are not supposed to use events, triggers, stored functions or stored procedures or even foreign key constraints.\nThey are hard to version and make migrations and upgrades very painful. They also create magical action at a distance, and they make it close to impossible to judge the cost of a statement by looking at the code. In fact, they often are invisible to developers looking at at checkout of the codebase.\nCode in the database is usually not visible when you look at a piece of code that makes calls to an ORM. When you make changes to that code, or the table definition, in a distributed setup the rollout is often staggered and the old and new version of a thing have to co-exist and maintain compatibility with the changed and unchanged versions of a schema. With code in the database, a lot of complexity and fragility is added, so avoid this.\nWith foreign key constraints, it is even worse for a developer, because the cost of a statement is very hard to judge. A simple DELETE FROM hotels WHERE id = 10 with an ON DELETE CASCADE can be fast, if there are few reservations dangling off this particular id, or it can literally take hours. Because this is part of the schema, and may be transitive an arbitrary number of relations deep, it is near impossible for developers to judge if this is acceptable. We prefer to code this in the host language instead.\nSimilarly, events are invisible and happen magically or don\u0026rsquo;t. They tend to be forgotten and die with the box they are defined on, or are not upgraded properly with the schema they act on.\nWe have a distributed cron scheduler that is resilient, and schedule jobs on this, using code written in the host language instead of native SQL. This is visible to developers, and maintained with the rest of the application.\nWe ask developers to not use events.\nOn the other hand, we are an enterprise and large enough to have counter examples for every rule, usually well considered. But the rule still stands and makes sense.\nSo we do use events to create heartbeats in a heartbeat table: The replication master pushes the current timestamp into the heartbeat table and expires heartbeats after a time. Replicas and client applications can check the heartbeat visible on the replica itself and see actual lag.\nThis tends to fail when there is a master switchover or failover (it\u0026rsquo;s SPoFfy and discouraged for a reason). Hence we also push the master hostname together with the timestamp, so that at the replica we can see which master pushed the heartbeat, and suddenly a simple idea becomes complex. This system is about to be replaced with an external heartbeat source RSN™.\n","date":"2020-05-13T00:00:00Z","href":"https://blog.koehntopp.info/2020/05/13/deleting-data-from-mysql.html","tags":["lang_en","database","mysql"],"title":"Deleting data from MySQL"},{"categories":null,"content":"So we are baking bread, and for that we have a Wiesheu minimat oven that comes in at a full 16A - supposedly it is using 3kW or more peak plus the condenser hood that comes in at another 500W top power draw. On the other hand, when running the thing is hardly lukewarm, it is running much cooler than the Neff household oven/microwave combo we have.\nWiesheu minimat with condenser hood. Convection oven with 3 trays (for buns) or a single layer of stone plate for bread. Can do 3x12 buns (20 min) or 2-3 loaves of bread (1h). Power draw 3kW + 0.5kW for the hood. Intended use is a show oven in the sales room of a bakery, or as PoS oven in a gas station or supermarket.\nSo Sammy wanted to know what is cheaper to use: The Wiesheu or the Neff. And for that I needed a way to measure and report power dram of a wall plug. I asked Twitter for solutions that can do\n16A (some solutions do only 10A) no cloud account or cloud reporting I was imagining something that pushes power consumption to syslog every minute or can log to a graphite. I don\u0026rsquo;t actually need on/off relais, but that would be okay to have. I have Wi-Fi on 2.4 GHz and 5 GHz everywhere. I do not actually have use for a cellphone app or control from outside the Wi-Fi.\nThere was lifely discussion, and I have been pointed to\nTasmota , an alternative firmware for devices based on the ESP8266 chip, and specifically the Gosund plugs, at 24 Euro for a pair they are dirt cheap. The plugs are to be controlled with a cellphone app that requires cloud usage, but you are not supposed to use this, but reflash them with Tasmota and then use a local MQTT bridge to run them. The TP-Link Kasa HS110 . The device can be configured with a local cellphone app, not requiring a cloud account, and speaks a simple propietary protocol that has been reverse engineered and implemented in Python . The switch has a number of known security problems, and can be controlled and bricked by anyone having access to your local network. The Kasa plug comes in at 23 Euro/piece. The Shelly Plug (16A device), also available as Plug S (10A device). While the devices come with an app and cloud, they have a documented API . It comes in at 32.40 Euro when ordered from the manufacurer. The TP-Link Kasa arrived yesterday and was immediately usable: Plug in, install app, skip cloud registration, put plug into Wi-Fi, and start using it. I was only interested into their energy reporting feature and I now know:\nThe oven will consume up to 3200W when heating up. It will consume around 170W while running normally, maintaining level temperature. It consumes around 54W when on and running idle. It consumes 3.5W when switched off in standby. Yesterday the Gosund plugs have been arriving, too. They need a bit of treatment, though. Instructions said to not connect them so that they do not update themselves - it can only make the reflashing harder if the original firmware is current.\nI also seem to need a RS232-adapter and/or a Raspi with Wi-Fi in order to flash them over Wi-Fi, so I bought a bit of toys to do that:\nA Raspi 4B Case for the Raspi Power supply for the Raspi SD-card for the Raspi CH340G Adapter for local flashing There seem to be two procedures for reflashing, one wired , and one over the air using tuya-convert . Having a modern Raspi is not wrong, so we will see where that goes, but the wired procedure looks more stable to me.\nNext week I will know more.\n","date":"2020-05-12T00:00:00Z","href":"https://blog.koehntopp.info/2020/05/12/plugs-with-wifi.html","tags":["lang_en","iot","home automation"],"title":"Plugs with Wi-Fi"},{"categories":null,"content":"Let\u0026rsquo;s have a look at very old database systems. Things like dBase or compatible systems (\u0026ldquo;xBases\u0026rdquo;) allowed to manipulate record based files (with indexes) in a procedural way. What does that mean?\nxBase The system allows developers to create files that contain a well defined (fixed size) record structure, basically an array of struct on disk, often together with the definition of on-screen masks designed to show a single record and a (searchable) list of records. Data would be entered in masks and stored automatically on disk in records in the file. Writes would modify records in place, during the write (and the edit of the data in a mask) the record would be locked.\nWith an index command, the system would extract the specificed data field from all records and build an index: another array of the form (field, recno), where field is the name of the field that is to be indexed and recno is the record number from the original data file. Data in the index would be stored sorted in field order, allowing fast lookup through Btree lookups.\nAccess to records would be by record number, through a full table scan on an arbitrary column or by leveraging an index - the latter would be manual through code written by a developer. That is, a developer would open the index, perform an index access to fetch the records required and then further whittle down the list by applying additional conditions.\nThe developer would have to write a piece of code to open the indexes of interest, position a cursor in there and then manually select the record numbers of the records of interest, then read those records and output the resulting list. This is a data access program.\nProcedural Data Access in MySQL We can do the same thing in MySQL.\nmysql\u0026gt; create table emp ( empno integer not null, name varchar(40), salary integer not null, primary key (empno) ); mysql\u0026gt; insert into emp values (1, \u0026#39;Lucky Eddie\u0026#39;, 100); mysql\u0026gt; insert into emp values (2, \u0026#39;Hagar Horrible\u0026#39;, 200); mysql\u0026gt; insert into emp values (3, \u0026#39;Honi Horrible\u0026#39;, 300); mysql\u0026gt; insert into emp values (4, \u0026#39;Kwack\u0026#39;, 400); mysql\u0026gt; create index salary on emp (salary); We create an employee table emp and fill it with some data. We create an additional index on the salary column.\nUsing the low level HANDLER command we can perform a procedural data lookup:\nmysql\u0026gt; handler emp open as e; mysql\u0026gt; handler e read salary \u0026lt;= (200) limit 10; +-------+----------------+--------+ | empno | name | salary | +-------+----------------+--------+ | 2 | Hagar Horrible | 200 | | 1 | Lucky Eddie | 100 | +-------+----------------+--------+ 2 rows in set (0.00 sec) mysql\u0026gt; handler e close; Query OK, 0 rows affected (0.00 sec) In this example we are opening the table emp using the alias e. We then read the table in index order, using the salary index, and fetch up to 10 records that satisfy the condition \u0026lsquo;index value \u0026lt;= 200\u0026rsquo;. The two matching records are listed.\nWe could have given the command as handler e read salary \u0026lt;= (200) without the limit clause. This would have returned only one matching record, and positioned the cursor in the index. With handler e read next we would then be able to iterate through the index, reading the records one by one.\nIn this case the index returns only data that is of interest to us.\nSuppose we want all employees that have a salary \u0026lt;= 200 and that are members of the Horrible family.\nHow would we go about this? There is no index that we can use that will return only valid records fulfilling both conditions, the one on salary as well as the one on name.\nInstead we open the index as before, read the records, but also manually filter out all unwanted records (we want only records WHERE name LIKE '%Horrible').\nSQL SQL is a declarative language: We specify what we want, and not how the database is supposed to fetch it. The database planner and optimizer then creates a data access program for us behind the scenes - what it looks like exactly is very much dependent on the database version, and what support structures for data access exist (that is, which indexes are defined).\nBut: For any given QL (Query Language) statement, the result set on the same data will always be the same, no matter which version of the database and which indexes exist, or how the data access program can be optimized using these indexes.\nUsing the table above, we say what we want: Records with salary \u0026lt;= 200 and names ending in the \u0026ldquo;Horrible\u0026rdquo; family name.\nmysql\u0026gt; select * from emp where salary \u0026lt;= 200 and name like \u0026#39;%Horrible\u0026#39;; +-------+----------------+--------+ | empno | name | salary | +-------+----------------+--------+ | 2 | Hagar Horrible | 200 | +-------+----------------+--------+ 1 row in set (0.01 sec) We then drop the index and re-run the same statement:\nmysql\u0026gt; alter table emp drop index salary; Query OK, 0 rows affected (0.03 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql\u0026gt; select * from emp where salary \u0026lt;= 200 and name like \u0026#39;%Horrible\u0026#39;; +-------+----------------+--------+ | empno | name | salary | +-------+----------------+--------+ | 2 | Hagar Horrible | 200 | +-------+----------------+--------+ 1 row in set (0.00 sec) The result is the same. The data access program may or may not have changed - we could check with EXPLAIN, but unless it is slow or otherwise weird we do not actually care.\nSo what? Some ten years ago we had an explosion of NoSQL products, many of which were either Key-Value stores (a data structure even simpler than the dBase ISAM-structures shown above), or provided procedural access to data leveraging indexes.\nCassandra for example is a product that provides the latter type of structure (and so does DynamoDB). When I recently dissed a colleague for promoting a distributed dBase III, that is what I meant. I guess that also dates me.\nThe point being that data access programs are boring code\nthat nobody wants to write, that is full of arbitrary restrictions , that is hard to change when the query conditions change and that often is also not quite correct. When we observe code generators mounted on top of NoSQL products that eat SQL and output DAPs for the NoSQL product underneath, this is why. This is code that is better written on the fly at runtime, by machines, and run largely without human supervision.\nThis is what a query planner and executor does for you in relational database products.\n","date":"2020-05-01T00:00:00Z","href":"https://blog.koehntopp.info/2020/05/01/data-access-programs.html","tags":["lang_en","database"],"title":"Data Access Programs and Pre-SQL systems"},{"categories":null,"content":"In the foreword to his short story \u0026ldquo;With Friends Like These\u0026rdquo; , Alan Dean Foster writes\nHFY? My favorite writer of science fiction was, and still is, the inimitable Eric Frank Russell. When I was turning in short stories to the magazines instead of papers to my college professors and collecting rejection slips instead of credits and grades, I often wondered why Russell had stopped writing. I miss him.\nAt the 1968 World Science-Fiction Convention in Oakland, John Campbell told me that Russell was his favorite writer, and that he too sorely bemoaned the lack of yarns Russellian. So I decided to try a Russell-flavored Terra-über-alles story. Campbell liked it. He never sent acceptance letters—just checks.\nSure enough, the story is Terra-über-alles: Aliens come to Earth, which has been sealed off in an impenetrable force-field in a kind of last stand eons ago by some Alien race that feared Terra would take over the Galaxy. The aliens that did that died off, and their successors come to Earth to set Terra free because they are in a fight to death with some kind of sentient-eater swarm horde and need all the allies they can get.\nThey find a planet that looks like a pastoral paradise, and fear that humanity would be nothing but cannon fodder. But they do come to an agreement with some random farmer who claims to be able to speak for all of Terra: The aliens would set Terra free and Terra would help in the war. Sure enough, once the planetary shield is down,\nIn the middle of the planet\u0026rsquo;s second ocean, great, impossible masses of thick columnar crystals began to leap upward from the waters. Translucent at first, the chalcedony towers began to pulse with deep inner fires: blue, purple, gold, carmine, and finally a strange, yet familiar silver-gray. The ionosphere, tickled, began to surround the flashing needles with auroras, clothing them in blankets of coruscating radiance.\nFollowing, the planet began to move after the [Cruiser] Tpin.\nOn board the cruiser it was very quiet.\n\u0026ldquo;I see,\u0026rdquo; whispered Rappan idly, \u0026ldquo;that they are bringing their moon along also.\u0026rdquo;\nReddit and Deathworlders As a genre, Terra-über-alles is alive and kicking in Reddit\u0026rsquo;s /r/HFY (\u0026ldquo;Humanity, Fuck Yeah!\u0026rdquo;), which collects writing prompts and publications from many people interested into this kind of story. One of the more popular serial publications in there is The Deathworlders by Philip R. Johnson, now the foundation of a whole system of stories playing in the so called Jenkinsverse. The HFY Wiki gives a good introduction.\nThe basic premise is that in the Interspecies Dominion it is well known that intelligent cannot develop on Deathworlds , worlds with a danger rating of 10 or more on the Dominion scale. Except that somehow on Earth, which has a rating of 12, it did.\nAnd didn\u0026rsquo;t: Humans have been abducted from Earth by the Corti (basically the typical \u0026ldquo;Grey\u0026rdquo;) and some ended up roaming around the Dominion as part of the Fauna, because Humanity still has not developed an Interstellar Drive and hence under Dominion law does not qualify as sentient.\nDeathworlders started off in 2014 with abductee Kevin Jenkins on some random Dominion station, going through immigration. He has the usual problem of not being legally a sentient being, and while talking his way past the Immigration Officer the station is ambushed by Hunters - sentient eaters. Jenkins deploys his deathworlder heritage and is apparently not only mostly impervious to the Hunters\u0026rsquo; Kinetic Pulse Weapons, but with his superior density, his high-grav world musculature and fast reflexes is able to singlehandedly smash the attackers, saving the station. Which puts Humanity onto the interstellar political playing field.\nOriginally a short story, Johnson has managed to turn this implausible premise into a believable backstory, in which the Dominion races have been manipulated and genetically engineered as malleable and relatively physically weak by some hidden force older than time itself. The story unfolds with an ensemble cast of characters human and alien, some of which have been integrated from popular sidestories other authors of /r/HFY have contributed. It follows their development and interactions, while at the same time the story arc of this hidden enemy and its machinations is being uncovered.\nThe writing is actually good, and in many cases right in the feels with relateable personalities. The character writing is often heavy on the bro-culture side, though, even if Johnson manages to stay firmly on the healthy and non-toxic side of this particular subculture. Similarly, the author dances with the genre of Military Scifi without actually descending into lengthy descriptions of space battle tactics or paragraphs of gun prose - he is not always successful in this when it comes to descriptions of strength training and personal improvement, and somewhere in the Warhorse chapters this can become a bit tiring. Arc and plot development are actually going quite well, and the story manages to portrait intelligent and evolving adversaries that actually pose a threat. All in all I have been coming out of this with the feeling of time well spent.\nOver time, the core series \u0026ldquo;The Deathworlders\u0026rdquo; has grown into a tome of (at this time) 65 almost book-sized chapters. Side series from other authros complement it.\nThe core story is written in monthly installments, and is available for free on https://deathworlders.com/ . The author maintains a Patreon as Hambone and bills by (almost book-length) chapter.\n","date":"2020-05-01T00:00:00Z","href":"https://blog.koehntopp.info/2020/05/01/fertig-gelesen-deathworlders.html","tags":["lang_en","media","review","book"],"title":"Fertig gelesen: Deathworlders"},{"categories":null,"content":"A lot of super rich people are currently busy blowing their money into space. Who are these people, and what drives them?\nSpace Barons , Christian Davenport, 10.99 Eur (Kindle)\nIn Space Barons, Christian Davenport goes through the rather short list of super rich men who are trying to get private spacecraft flying, tells their history, successes and failures, and their motivations - or, in some cases, the story of the death of their dreams and how they drop out of the second, private space race.\nWe follow Richard Branson and Paul Allen, but specifically we follow Elon Musk and the vastly underreported Jeff Bezos and his Blue Origin Spaceship company. It becomes clear that Musk, being a mental 16-year-old with a billionaires wallet, wants to leave Earth to go down another hard to leave gravity well, while Bezos wants to go to space, mostly to get access to even more resources and to stay there.\nAnd exactly this is being told once more by Daniel Suarez in\nDelta-V , Daniel Suarez, 9.55 Eur (Kindle)\n\u0026ldquo;Delta-V\u0026rdquo;. The characters in this book are the same as in Space Barons, with the serial numbers barely filed off, and while fictional, they act true to the character of their real-world counterparts.\nDelta-V is one of the less fictional Science Fiction books of Suarez, and contains a lot less conspiracy as well. That makes much better characterisation and more entertaining storytelling. Having read \u0026ldquo;Space Barons\u0026rdquo; just before makes it even better, because it becomes possible to map one set of actors straight onto the other.\nThe action: The fictional version of not-quite Jeff Bezos wants to exploit the resources of the Asteroid Ryugu, and for this purpose builds a ship that will operate as a factory out there, and send mining products back to earth on a slow low-energy trajectory. For this purpose, an ex-cave-diver is being recruited to train as an asteroid miner, build a crew and lead the expedition. Turns out they were never supposed to return - but in the end make use of they stuff they have and the stuff they can mine and manage a happy end.\n","date":"2020-05-01T00:00:00Z","href":"https://blog.koehntopp.info/2020/05/01/fertig-gelesen-delta-v-and-space-barons.html","tags":["lang_en","book","review","media"],"title":"Fertig gelesen: Delta-V and Space Barons"},{"categories":null,"content":"\u0026ldquo;Hexenmacht\u0026rdquo; (German Edition) and \u0026ldquo;Maschinengötter\u0026rdquo; (German Edition) are part 2 and 3 in the series \u0026ldquo;Die Krone der Sterne\u0026rdquo; (The Crown of Stars) by Kai Meyer. See Die Krone der Sterne for a review of part 1.\nHexenmacht , Kai Meyer, 12.99 Eur (Kindle)\nWhere part 1 spent a lot of time with world building and tourism, showing of the wonder and the atmosphere of the universe, part 2 is approaching from a different angle - we get a lot more action, and a lot less background.\nWe are still with Iniza and Glanis, who are now living on the pirate-planet Noa and raising a daughter. Or are trying to, because the galactic poltics with its intrigues, treason and assassination are coming to Noa, too. And the mysterious history of their world, some machnines that survived this universes Butlerian Jihad, are already there, hidden and deactivated waiting for action.\nSecond parts of trilogies are always hard and often lacking. This one is good, but the change of pace and the slow development of the backstory are making this a weaker book than the first part.\nMaschinengötter , Kai Meyer, 12.99 Eur (Kindle)\nThe third and (so far) final part of the series leaves us with the muses, the ambassadors of the machine empire, awakened on Noa and other world, Iniza and friends fleeing, and the Hexen having to fight an entirely different enemy than expected, because amist the Hexen Empire the machines are rising again. We get some amount of closure, information about the god empress and her world Tiamande, the machine lord and the machines, but a lot of background is unresolved and remains mysterious.\nAll in all a nice, but dark and depressing read, and a lot of unresolved things.\n","date":"2020-05-01T00:00:00Z","href":"https://blog.koehntopp.info/2020/05/01/fertig-gelesen-die-krone-der-sterne.html","tags":["lang_en","media","book","review"],"title":"Fertig gelesen: Die Krone der Sterne: Hexenmacht/Maschinengötter"},{"categories":null,"content":"It\u0026rsquo;s Coronavirus Crisis and Netflix is killing us all, again. This time it\u0026rsquo;s not their excessive energy use , but their dreaded HD videos that are overloading the Internet. Or is it?\nIt\u0026rsquo;s only Swisscom Supposedly Switzerland is considering Netflix shutdown to prevent Home Office workers from being disconnected.\nAccording to its own statements, on the first day of the quasi curfew in our neighboring country, Swisscom recorded an enormous increase in the load on the infrastructure. There were three times more calls via the mobile network than on normal days. The volume in the fixed network has also increased massively\nNone of the other swiss providers reported any problems. Swisscom, on the other hand, already had Netflix problems as early as 2015 (Article in German ), way before the Coronavirus Crisis.\nThere should and could be caches Videostreaming and Content Delivery usually does not happen from outside a providers network. Netflix, Youtube, even Steam, will gladly provide a cache server with plenty of disk space at not cost for any provider to install inside their network. These things dramatically decrease the amount of traffic leaving the provider network, keeping it as local as possible.\nAlso, typically providers peer with other providers to built an Inter-Network-Connect - that\u0026rsquo;s why it is being called \u0026ldquo;The Internet\u0026rdquo; in the first place.\nSome providers, mostly Ex-State Telecoms, are not happy with the cooperative structure of the Internet and hold their users hostage. They want to double dip, charging both sides for traffic: They want to take money from their customers for content-access and money from content-providers for customer-access. Consequently, they provide only minimum peering bandwidth unless being paid, and want money for the content provider to install a cache server inside their network. The default service is only just good enough to prevent too many customers from leaving for other providers.\nI checked. My computer in Haarlemmermeer is loading Netflix from\n14:35:21.369768 IP kk2.home.koehntopp.de.54972 \u0026gt; ipv4_1.lagg0.c125.ams001.ix.nflxvideo.net.https: Flags [.], ack 109080, win 818, options [nop,nop,TS val 288410514 ecr 2882083883], length 0\nwhich indicates a content cache located in or close to Amsterdam, and the ping delay is \u0026lt;3.5ms. Traceroute confirms the locality of the server.\nSo I am getting my content from content cache in Amsterdam that is extremely close by in terms of network topology. Youtube, Twitch and Steam expose similar behavior.\nVideostreaming already is dynamic bandwidth In Data Centers and Energy I already explained that video streaming is dynamic bandwidth and dynamic resolution, pointing to Chunking . All video streamers sense the bandwidth of the relevant part of the delivery pipeline and automatically and gracefully degrade the experience as necessary if bandwidth is becoming tight.\nDoing this manually is not going to improve anybodies experience.\nThere is no crisis except the one Swisscom manufactured for itself There is no crisis except the one that has been manufactured by Swisscom themselves. We don\u0026rsquo;t have a network capacity crisis because of Home Office and we do not need to throttle Netflix. Some providers just painted themselves into a corner and now have trouble adjusting to shifting demand patterns. It\u0026rsquo;s easily fixed by stopping being an asshole.\nEDIT: Swiss provider Init7 explains the same thing and comes to the same conclusions.\nThis blog article originally was a Twitter Thread .\nUpdate: Akamai throttles, too In a number of news, sucessively most streaming providers have been decided to throttle their stuff, following Netflix initial decision. The final giveaway was Akamai :\nAkamai\u0026rsquo;s intelligent edge network architecture is inherently designed to mitigate and minimize network congestion, and because we have deployed our infrastructure deep into carrier networks, we can help those networks avoid overload by diverting traffic away from areas experiencing high levels of congestion.\nAkamai is a CDN operator. They have edge caches all over the world, in each and every providers network directly. That is, it is impossible for Akamai to overload peering exchanges or the actual internetworking fabric of the Internet. The whole point of their business operation is to be local, in every locality.\nIn regions where demand is creating bottlenecks for customers, we will be reducing gaming software downloads at peak times, completing the downloads at the normal fast speeds late at night.\nSo it is not the Internet or the Exchanges here. It is individual local providers who have overcomitted their own internal backbones or their last miles, and sold more access than they can provide. That\u0026rsquo;s of course a self-made problem for that these providers deserve to suffer, but of course that\u0026rsquo;s a problem when literally everybody is coughing their soul out. But we must make sure that we do not forget about this when it is time.\n","date":"2020-03-19T00:00:00Z","href":"https://blog.koehntopp.info/2020/03/19/netflix-does-not-bring-down-the-internet.html","tags":["lang_en","media","internet"],"title":"Netflix does not bring down the Internet"},{"categories":null,"content":"So where I work we have a large number of MySQL instances. They are organized in a slightly smaller number of replication hierarchies, which tend to cross region boundaries.\nStructure of a large database setup A rough sketch of the setup we have. Variants of this exist in various sizes - from 6 replicas in 3 regions to hundreds of replicas per region, with Group Replication at the top and per Region Intermedia Master.\nUnfortunately, a number of these hierarchies are still shared databases. That means multiple application users share access to data in different tables or even the same table concurrently - it\u0026rsquo;s not proper services all the way, yet. We try to isolate workloads by putting replicas into pools by application, but of course all writes go to the top of the replication tree, the master, where they will happily interfere with each other.\nThe per-region application cluster instances then connects to their pool instance per region for reads, and direct all writes to the global chain master, from where they trickle down by the means and wonder of replication.\nNone of this is static: All databases in a rolling reinstall with a two month period to keep them patched, and MySQL Orchestrator is being used to keep the replication hierarchy alive and connected in the face of master switchovers and failovers.\nPool membership is kept in Zookeeper, and MySQL client libraries have been wrapped and modified to pick a random local pool member for reads, and to find the master using this mechanism or anycast DNS.\nFor the application developer this means they do not care much about database server names, or individual database servers. Database servers are being maintained by the DBA team and their automation, so general health is good and for an application developer most server settings are not interesting and also not actionable.\nThey are interested into general server metrics that indicate overall workload health, and they are interested into aggregate query performance - the aggregate being over a region pool or the global aggregate of all their pools.\nMonitoring a large database setup We collect metrics on all servers, and push them into a thing that is no longer graphite . It is still using the Graphite APIs, but all components have been replaced with things written in C or Go. There is no Python code left.\nThe data we collect is circa any conceivable server metric, and using our version of Not-Actually-Graphite this means we can aggregate per region-pool, or per global pool. We see per-user query latency of a pool, individually per server, or aggregated per pool, the Median (P50) or the P99 or anything else interesting. We also, from the application clusters, collect some aggregate metrics like queries-per-route or query latency for a server as seen by the cluster.\nThis is sufficient to give us a general impression of query health: If we actually had bad queries, we would see the latencies suffer - first the P99, then the lower P\u0026rsquo;s.\nAn example bimodal distribition as per Wikipedia: Multimodal Distribution . A bimodal distribution of query latencies can happen if you have fast queries with a normal distribution of execution times at the lower end, and a smaller hump of slow queries with higher execution times added to this. Not looking at the full histogram, the slow queries will first affect the P99, and then successively the lower P\u0026rsquo;s until they affect the Median (P50).\nOur usual failure mode is not often actual bad queries, although it happens and it is useful to have tooling to gain insight. The much more common failure mode is ORM breakdown and the resulting machine gunning.\nIn our specific case, the ORM has for each object a list of essential columns and a list of all columns. Code is being written to load objects from the database into the application in single, rather efficient queries. Something like\n@products = $bp-\u0026gt;search(some query from a condition builder)-\u0026gt;fetch(); foreach $product (@products) { do_a_thing($product); } This will fire a single query for products and then build an array of products in which all the essential columns are loaded as attributes. If you happen to access a non-essential attribute, the id of the object is used to lazy-load the missing attributes at once and completely fleshen the object.\nThis is a painful feature and leads to a series of individual object retrievals for non-essential data, and because of the way access to non-essential attributes is wrapped and hidden, it usually happens in a way that is transparent (read: magical) to the developer. Or in other words, the developer is not even aware of the fact that they are machine-gunning the server with many trivial, small SQL statements.\nSimilar things happen in other environments with has_a and has_many relationship of linked object hierarchies, where traversal of a link can trigger similar machine gun cascades transparently and without awareness for the developer.\nAnother common problem that we see quite often is write-spikes and locating their origin. We have self-cooked solutions that either parse the output of the mysqlbinlog command, or login as a fake MySQL replica and read and analyze the binlog.\nBut while they can do things with data that is present in the binlog, a lot of information is not present there - among them user and actual source of the commands. It would need an audit plugin in the server to collect and emit such data and correctly attribute it.\nDatabase Monitoring Solutions and their shortcomings Looking at a number of database monitoring solutions, I see a lot of good stuff - metric collection, query collection per server, query analysis and insight, and alerting.\nScaling is usually a problem, at least for the target size I need to build for, but that is to be expected. There is not much of a market at the size I need, and any sane product management would target the much larger set of installations that are 100x smaller than the one I care about. So I do not expect these products to work for my needs, but I expect a scaling story (\u0026ldquo;You can split our all-in-one container into individual metrics gathering, persistance and analysis components and you can shard the metrics gathering and persistence components, and run a cluster of analyzers to scale and here is how to unpack our stuff.\u0026rdquo;).\nCloud-only is often a problem, because my data and my queries are in the majority in SOX, PCI, and PII/GDPR regulated scopes, which means that any test that works with non-synthetic data has is legally as complicated as actual production. That would even be true if my own databases weren\u0026rsquo;t on-prem, but in a cloud. \u0026ldquo;On-premises\u0026rdquo; solutions (solutions that I install within my own administrative domain, even if that domain resides in a public cloud) are much easier to test.\nDeveloper-centrism and proper workload aggregation is a large deficit. None of the solutions I looked at understands a large scale setup as layed out above. All focus on a single server, and mix operational and developer aspects of conditions on that single server.\nThat means, while there may be ways to translate regions and pools into tags by the way of an API, and there may be ways to inform the monitor of fluctuating topologies by the means of the same API or auto-discovery, the actual analysis is usually done per-server and not per-taggroup.\nAs a developer, I am never intested into server properties that are not actionable for me because they require a DBA. Disk space alerts, presumably wrongly set server parameters and similar conditions are not my primary interest.\nAs a developer, I am never intested into a single server. I am interested into the performance of all queries that go through my rw-handle to the master, and into the aggregated performance of all queries that go through my ro-handle to any of the replicas in my current replica set.\nThe pool I may be using for my ro-handles may also be used by other applications, so as a developer the tooling should be able to handle multi-tenancy and only show my queries that have been issued using my application login and hide all query data that has been issued under other accounts. This is not just a usability issue, other peoples queries may contain information that I am not allowed to see under PII, PCI or SOX rules.\nCurrent MySQL query analyzers and monitoring tools are - understandably - focusing on the SMB market with no or low DBA support and certainly no DB-SRE support. They focus on individual servers, and do not aggregate workloads along user logins or handle-pool distributions. They mix up alerts for operational DBAs and problems that interest developers, and consequently a lot of information presented is not actually actionable for developers. Nothing I have seen supports multi-tenancy and isolates query-data from different application logins from each other in shared pools.\nNobody has an audit plugin or does binlog analysis for write statistics properly (\u0026ldquo;show me busy tables and write spikes, and the sources of these in terms of application host name:application port that sent these writes, or user login that executed these writes\u0026rdquo;). A lot of tools still read and analyse the slow log and their examples in demos focus on this as if it is still 2014, instead of eating, parsing and working with P_S.\nAll in all I get the impression that the developer support tooling around MySQL is 2-4 years behind my expectations.\nRead spikes and machine gunning are very hard to detect on the server side, and we probably should consider instrumenting the ORM to record the number of lazy-loading events and warn on excessive lazy loading.\n","date":"2020-03-18T00:00:00Z","href":"https://blog.koehntopp.info/2020/03/18/the-lack-of-developer-centric-mysql-monitoring.html","tags":["lang_en","mysql","monitoring"],"title":"The lack of developer centric MySQL monitoring - a rant"},{"categories":null,"content":"\u0026ldquo;Normalitär\u0026rdquo;, ein Begriff, der von @beimwort geprägt wurde. Nach einem Twitter Thread . In seinem Artikel auf T-Online propagiert Schaible eine Bruchlinie innerhalb der \u0026ldquo;rechten\u0026rdquo; Parteien, weil Teile der Mitglieder die Weltbildverschiebung der frühen 2000er mitgemacht haben, andere sie ablehnen.\nEr beschreibt die Welt von 1990, die Nachwendezeit:\nVergewaltigung in der Ehe nicht strafbar, Diercke Weltatlas redet von Menschenrassen, unter den 250 Positionen der politischen Elite in Deutschland war nur eine Frau; alles weiße, angeblich heterosexuelle und angeblich christliche Männer. In dieser auf dem Papier egalitären Welt hing der Platz der Menschen ganz selbstverständlich von Geschlecht, Hautfarbe, Sexualität und Religion ab.\nDie Veränderung kommt in den späten 90ern, frühen 200ern.\nIn den USA: »Im Jahr 1997 übernahm die erste Frau das US-Außenministerium, 2001 der erste Schwarze, 2005 die erste schwarze Frau; 2008 kam der erste schwarze Präsident ins Amt.«\nDeutschland hält gut mit: »Im Jahr 1993 wurde die erste Frau an die Spitze eines Bundeslandes gewählt, 2000 an die Spitze der CDU, 2001 regierte der erste offen schwule Mann ein Bundesland, 2005 übernahm die erste Frau das Kanzleramt, 2009 der erste offen schwule Mann ein Bundesministerium, 2010 wurden erstmals gleichzeitig zwei Bundesländer von Frauen regiert, 2013 saßen zum ersten Mal eine Muslima und eine offen lesbische Frau am Kabinettstisch, seit 2018 wird die SPD von einer Frau geführt.\u0026quot;\nZwischen 2020 und 1990 liegen 30 Jahre, eine Generation, genau so lange wie 1960 bis 1990 - aber für viele Menschen ist das \u0026ldquo;gestern\u0026rdquo;.\nWas \u0026ldquo;normal\u0026rdquo; ist, hat sich innerhalb einer Generation sehr gewandelt, vermutlich mehr als in der Zeit von 1960 bis 1990. Genau genommen hat die 1960er Generation Ideale formuliert - Gleichheit, Gleichberechtigung, Humanismus, und die 1990er Generation ist nach ihnen erzogen worden und verlangt nun aktive Umsetzung statt Lippenbekenntnisse.\nDie Trennlinie ist aber nicht wirklich entlang einer Altersbruchkante, und auch nicht wirklich entlang Wohlstand und nur partiell entlang Ausbildung. In dem Artikel postuliert Schaible eine Trennung zwischen \u0026ldquo;Normalitär\u0026rdquo; und \u0026ldquo;Pluralitär\u0026rdquo;, also zwischen Leuten, die das 1990er oder gar 1960er Weltbild wiederhaben wollen, das klassische Patriarchat mit einem prefeministischen Rollenklischee und \u0026ldquo;Easy Mode\u0026rdquo; für weiße Männer, und Leuten, die die Veränderung der Generation 1990-2020 mitgemacht haben und eine neue, pluralere, offenere Gesellschaft mit anderen, humanitären Idealen angenommen haben.\nDie Trennung ist auch nicht Rechts-Links: In einem anderen Twitter Thread (unroll ) demonstriert @beimwort, daß die Bruchkante innerhalb bestimmter \u0026ldquo;rechter\u0026rdquo; Parteien entlang der \u0026ldquo;Normalitär\u0026rdquo;-Kante läuft.\nNoch deutlicher: @DugarToGo zeigt in einem Antwort-Thread (unroll ) am Beispiel konkreter Gespräche genau diesen Graben auf.\nDas Problem dabei: Die normalitäre Position ist demokratisch nicht politisch durchsetzbar. Und an dieser Stelle ist das Scharnier zwischen den Faschisten und den Normalitären. Scharnierpolitiker, -medien und -publizisten bilden eine Vermittlerfunktion aus dem konserativen Mainstream in den faschistischen Extremismus. Im Ausgangs-Essay von 2019 nennt Schaible Sarrazin, Tichy, Steinbach, heutzutage biedern sich die Werte-Union und Teile der FDP an.\nKennzeichen des \u0026ldquo;Normalitären\u0026rdquo; ist eine Verklärung einer Vergangenheit, die es so nie gab und die, hätte sie es gegeben, nicht zeitgemäß wäre. Daher \u0026ldquo;Make America Great Again\u0026rdquo;, Brexit-Empire-Verklärung, und generelle Rückwärtsgewandheit. Das Normalitäre wünscht sich auch eine Komplexitätsreduktion der Welt, und die Faschisten bieten diese (in Wahrheit inadequate und nicht zur Problemlösung geeignete) Vereinfachung an.\nDaher mein Spruch mit dem \u0026ldquo;vereinfachten Weltbild für Anfänger\u0026rdquo;.\nNormalitär ist nicht konserativ, die Bruchlinie hat Schaible klar gezeigt. Normaltär ist Reaktionär in einer bestimmten Ausprägung. Normalitär kann faschistisch werden oder sein, weil normalitäre Ziele nicht demokratisch erreichbar sind (sie sind gar nicht erreichbar)\nAber das ist genau das Wesen des Normalitären, ein in der Vergangenheit verortetes, vereinfachtes, so nie existiert habendes Ideal zu verlangen, weil die aktuelle Struktur der Welt abgelehnt wird, statt sich mit ihr auseinander zu setzen und daran zu wachsen.\n","date":"2020-03-09T00:00:00Z","href":"https://blog.koehntopp.info/2020/03/09/normalitaer.html","tags":["lang_de","politik","germany"],"title":"Normalitär"},{"categories":null,"content":"So I wrote about the Sonos Recycle Program before Sonos announced their plans to actively discontinue support for their older Speakers. Back then, the program did make sense, because it was kind of voluntary and avoided sending stuff back to Sonos for a Trade-Up. Even then, people disliked it.\nThen Sonos announced that they would discontinue support for these devices and it\u0026rsquo;s basically \u0026lsquo;you brick them now, or we are going to brick them for you in May and without a rebate for new equipment\u0026rsquo;.\nToday, Sonos announced that they will recycle Recycle Mode , that is, they will allow you to \u0026ldquo;trade up\u0026rdquo; for newer devices, but the old ones will still work.\nBut that does not answer the actual question Or won\u0026rsquo;t. From the article:\nThat said, it\u0026rsquo;s worth noting that Sonos hasn\u0026rsquo;t changed its plans to stop updating those legacy products come May. As a reminder, they\u0026rsquo;ll work as they do now but won\u0026rsquo;t receive new features or software updates going forward. But if you have some of those products and are ready for new gear, you can get a discount and still keep them working as long as possible.\nSo everything is still unclear.\nThat is, there will be no updates for any Play:5 (1st gen) devices, for the Connect:Amp and the Connect any more. We know that.\nBut it is unclear if these older devices will still work together with updated devices in the same network, and if you still will be able to group them. It would be a big loss of functionality if that does not work any more.\nIt is unclear, if \u0026ldquo;No Updates\u0026rdquo; means \u0026ldquo;No functional updates\u0026rdquo; or if they will effectively brick themselves when Streaming Service APIs change, a root certificate rollover has to be implemented or similar maintenance software changes are necessary.\nWhat is Sonos focus? Meanwhile, while Sonos is trying to play in the Home Voice Gadget market, their Sound Experience is increasingly looking long in the tooth. I mean, the actual sound the things make is pretty nice, but getting signals into Sonos Systems is somewhat ugly. I now have a Bluetooth Speaker (Non-Sonos) attached to my Windows Steam Machine, because I can\u0026rsquo;t Wi-Fi my \u0026ldquo;Elite: Dangerous\u0026rdquo; to my Sonos easily. How about the Desktop App being a Sound Source for the Speakers? Right, can\u0026rsquo;t do that unless the source is a Mac and the target is… the only IKEA speaker in my home. That\u0026rsquo;s pretty lame.\nWindows System Output can\u0026rsquo;t be used as a Sound Source for Sonos. And Airplay does not work to most of my speakers, because they are \u0026ldquo;too old\u0026rdquo; and the new Sonos equipment does not relay to the old equipment.\nMeanwhile I have to use the clunky Sonos App for my \u0026ldquo;Youtube Music\u0026rdquo; subscription on my phone, because while I can chromecast my Google Music to Sonos, for some reason Youtube Music can\u0026rsquo;t do that. Again, a problem with sourcing the stream.\nThe company seems to be obsessed with Home Assistants, when it should be obsessed about Sound.\nSo, yeah. What am I going to do? I don\u0026rsquo;t know. At this point, I will wait and see - I have halted all spending on them for this year, and if I am ever going to push money into the Sonos equipment at all any more, it\u0026rsquo;s probably going to IKEA. At least that are somewhat controllable sums for equipment with whatr is now an officially limited lifetime. Well, it was nice while it lasted.\n","date":"2020-03-06T00:00:00Z","href":"https://blog.koehntopp.info/2020/03/06/sonos-recycled-their-recycle-mode.html","tags":["lang_en","sonos","media"],"title":"Sonos recycled their recycle mode"},{"categories":null,"content":"These images are older than time itself. I picked them up while working as a consultant for MySQL AB, but I do not know the source.\nHere are some important latency numbers. A pixel is a nanosecond (nano = 10^-9, a billionth of a second, 1 billion events/s = 1 GHz):\nAnd below is the HDD disk seek latency in full at the same scale. An uncached index access can result in up to 5 disk seeks, worst case.\nEach waiting core in a 3 GHz computer cannot execute 3 million clock cycles per millisecond wait, so 13.7ms disk seek 41.1 million clock cycles wait time per stalled core.\nThat is why we give so much memory to index and data memory caches in databases. This is why InnoDB page compression exists.\nThis is also why SSD and NVME flash are so important to database people.\nThis is also why it is important that your queries use indexes, and why you should batch queries. That is, \u0026ldquo;select a, b c from t where id in (\u0026hellip;)\u0026rdquo; instead of a query per id-value in a loop.\nNot graphed: Talking to a service in another data center, for example talking to a web service in the cloud from on-premises, or talking to a service in one cloud from another cloud. Assume 10ms, or approximately one HDD disk seek for this.\nIf that service does not have an API that allows batching and/or asynchronous operation, they are maybe not entirely appropriately aware of performance issues.\nPlease zoom in for details:\n","date":"2020-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2020/02/28/some-latency-numbers-illustrated.html","tags":["lang_en","database","performance"],"title":"Some latency numbers illustrated"},{"categories":null,"content":"Welcome to the Netherlands. Please excuse me, I need to fetch a few things before I have time for you. I need a few things from Lidl in Hoofddorp, do you want to come with me?\nIt\u0026rsquo;s not far, we are taking the bike for some six kilometres. Also, I\u0026rsquo;m going to show you a trick: Look, Mom! Not riding with the cars, and no lights.\nLet\u0026rsquo;s follow path and go down Liniepad. Take care, unusual for the Netherlands we don\u0026rsquo;t actually have the right of way when crossing. See the green sign with the circle and the number? This is our route.\nA fietspad is a cycle path which is not mandatory to use. In the Netherlands, this often means a cycle path that is running completely separated from any car infrastructure, so no noise, no exhaust fumes and no interaction with car traffic at all.\nThis is where we are crossing the N205, but for this we have a bridge instead of an intersection and traffic lights. Also note that our bike path has lighting.\nWhat is that car doing on a bike and foot path in the middle of a park? Oh, it\u0026rsquo;s the Toezicht, the park inspection.\nAs we follow the bike path, there is in fact an intersection where the Liniepad ends, crosses Ijweg and becomes Geniedijk. Not that you would notice. Also, no traffic lights.\nAnd we go on as before. Note that the fietspad is not up to code: It is too small, in need of some minor maintenance and it is the wrong color. We will come back to that, soon.\nToday it\u0026rsquo;s dry, 10 deg Centigrade, and 5 bft right in our faces. I am thankful for the motor, it\u0026rsquo;s helping quite a bit with the wind. Also, battery on board means no reason to go without lights, ever, basically.\nThis used to be a roadblock for construction. As you can see, it has been removed. Had it not been removed, we would have had to follow the signs - of course, if a fietspad is blocked, there is an alternative route planned and signed before construction begins.\nOnly later on our trip we would have seen why there was blockage. This looks like there is going to be a fietspad improvement - wider, and closer up to code than this old road we are on.\nBut first things first:\nWe need to cross the N201, and we don\u0026rsquo;t do intersections when other solutions are viable. Remember the hierarchy of mitigations from OSHA? We can Isolate (#3), so we don\u0026rsquo;t have to Engineer Controls (#4).\nThe same thing happens again at Kruisweg:\nAgain, an underpass completely takes us out of harms way and there is no traffic light, no intersection and no interaction with car traffic. At Geniedijk and Wilsonpad we are leaving our fietspad and turn left into Hoofddorp.\nSee these things:\nYou will find them all over the Netherlands. They are giant underground trash collectors, around 1.5mx1.5mx1.5m. One is for plastic, one is for glass sorted by color, and one is for paper. They have sensors, and when they are close to full, they will signal Meerlanden and ask for cleanup. A trash compactor truck will pull them up and empty them, put the thing back and take the trash away.\nRamaer connects to Ter Veenlaan,\nand while this is a street that carries car traffic, by construction and connection through traffic is discouraged with extreme prejudice .\nThe road design as well as access to it makes it very extremely clear that this is an access road for people living here, but it is not a good plan to go through this. Also, parking:\nUnexpectedly, this is quite cheap , but Hoofddorp is not Amsterdam and space it not at premium here.\nTer Veenlan opens into Hoofdweg Westzijde, a bicycle street. While this can be used by cars, all other traffic takes precedence. It\u0026rsquo;s basically a fietspad that cars are allowed to use, carefully.\nAs you can see from the dead end sign (uitgezonderd fiets and bromfiets), it\u0026rsquo;s also modally filtered. Which means there is some bollard somewhere, blocking car access to prevent through traffic, but which is easily bypassed by bikes.\nWell, basically it\u0026rsquo;s a road with red asphalt and modal filtering. So where are the cars? On the other side of the canal, over the bridge, on Hoofdweg Oostzijde:\nThere still is a cycle lane, tho, and this takes us north the few meters to Councourslaan, and into the shopping centre of Hoofddorp.\nIt\u0026rsquo;s a one-way street, for cars, but it\u0026rsquo;s open for bikes in all directions. It is also speed bumped and limited to 30 km/h, so bike and car traffic, what little there is, can mix.\nWe turn left into the pedestrian zone, and cross over to LIDL at Marktplein.\nAfter shopping, can I invite you to a typical dutch restaurant? :-)\nYup, they fry all the things. Everything you heard about it is true. Just kidding.\nOn our way back, we are going differently - we are following the signage for the alternate route to circumvent the Geniedijk constructions. While Geniedijk is finished, the signs are still up. They take us to Buitenschot:\nAt the exit, at Pad om de Noord and Ijweg, we find an info sign explaining the bike route network of the area, numbers and routes:\nTo continue we have to follow Ijweg north for a few meters, on an abysmally bad bike path, until we can cross over and enter Plesmanhoek:\nThis time, the wind is not in our face, so we are faster. Quite a lot:\nOur fietspad goes through a park that has some kind of agricultural botanical garden, and passes by a playground. We then come back to Liniepad and follow it back over the bridge passing the N205.\nThe road here is quite interesting, because we have N205, with two lanes per direction, directions separated, and then one additional road labelled \u0026ldquo;R-Net\u0026rdquo;. This is a bus lane, used by the 300 line. It goes every 6 minutes, and is led outside of regular car traffic where possible. The tiny red dot just before the road climbs to cross the N205 itself is one of those buses.\nThis time we leave Liniepad early and turn right into the village, coming to Waterlinie:\nWe are crossing Waterlinie. It is very clear who has right of way here. Also, note the ubiquitous presence of WhatsApp. This country runs on WhatsApp. There is no escape.\nWe follow the fietspad on it\u0026rsquo;s way between the Villa\u0026rsquo;s. There is a pedwalk on the right, and a pedwalk on the left, and the fietspad meanders through the middle, where there is not one, but two small outdoor play areas.\nSo how does the owner of a 1.5 Megaeuro Villa get their Tesla to their house, you ask? Well, from the private road access in the back of the houses, of course.\nWe\u0026rsquo;re about to cross the R-Net bus lijn to venture into the not quite as well off part of the village, but wait. There\u0026rsquo;s an ambulance crossing, racing along the buslijn towards the Spaarne Gasthuis Hoofddorp .\nAnd right behind: The bus. Line 300 is very busy, and hence has special buses. They are three meter longer than what is allowed on European Roads, and require a special permit. Also, roads along their road (eg. in Haarlem) had to be modified in multiple places to allow for increased turn radiuses. But on the other hand, they run every 6 minutes and can carry 186 people, each, from Haarlem via Hoofdorp through Schiphol towards Amsterdam Arena.\nThis is the day bike parking in this tiny village. On the Haarlem side. There is more on the other side. Multimodal transport is a thing.\nOkay, we\u0026rsquo;re home. Excuse the disorderly garden. Spring is early this year and we have not been keeping up. Still, it\u0026rsquo;s cold and windy. Come in. Espresso or Tea?\n","date":"2020-02-22T00:00:00Z","href":"https://blog.koehntopp.info/2020/02/22/in-which-we-cycle-shopping.html","tags":["lang_en","netherlands","mobility","cycling"],"title":"In which we cycle shopping..."},{"categories":null,"content":"Welcome to the Netherlands. I am living at the bottom of a lake, 3.50 meters below the sea level, and there are sea shells in my garden.\nWhen I dig in my garden, it looks like this.\nThe Netherlands (low lands) or Holland (hollow lands) are formed in large part by the Rhine Delta . This is an estuary delta (tidal delta), which means it is formed as much by erosion as it is formed by sedimentation.\nThe erosion is a strong power, and was often seen as a living evil force working against the works of men \u0026ndash; the Waterwolf , devouring the land. The waterwolf often refers specifically to the effect of peaty bogs and costal lake swamps growing and merging lakes.\nThe situation before the lakes merge.\nThis is exactly the historic situation of the Haarlemmermeer , where you have a peat bog, the relic of a northern arm of the Rhine, and several smaller lakes.Through flooding and erosion these lakes grew into one single large lake between Haarlem, Amsterdam, Amstelveen, Aalsmeer and Leiden. This was a fast process and happened within 100 years: In 1531 the Haarlemmermeer and the smaller lakes had a combined surface area of 31 square kilometers. In 1647 the combined Haarlemmermeer had a surface of 150 square kilometers, and within another 100 years it would add another 20 square kilometers.\nDiscussions about draining the swamp started in 1643, and went on in one way or the other for around 200 years, but the efforts were strongly opposed by several cities for which the lake was an important waterway. After a hurricane in November 1836 drove the waters basically to the gates of Amsterdam, and the ever growing Haarlemmermeer was threatening to integrate other low lying lands and lakes into its surface, King Willem I had had enough. He appointed a royal commission and tasked it with making plans to drain the lake once and for all.\nIn early 1840 work was begun.\nHaarlemmermeer is the area of the former lake, as defined by the Ringvaart, plus the area in the north extending it to the Ij\nThe Ringvaart is a 61 kilometer long ring canal that was being dug with manual labour, defining the shore of the Haarlemmermeer. Today it defines the border of the Gemeente, mostly, plus some area in the north extending the Gemeente towards the Ij.\nThe Ringvaart today, between Cruquius and Vijfhuizen.\nThe earth removed was used to build a dike around the polder-to-be. The canal was completed in 1845, and three large steam pump stations were built and started to drain the lake: Leeghwater aan de Kaag (1845), Lijnden (1848) and Cruquius (1849). Until 1852, 800 billion litres of water have been pumped away and \u0026ldquo;the fish could be collected by hand\u0026rdquo;.\nSteam Pump in Cruquius (1849) with a James Watt Steam Engine.\nToday the steam pump in Cruquius is a museum . Entry is 7 EUR (or free, if you have a museumkaart ).\nBut of course land that is up to 3.50 below sea level and is in former a peat bog right next to the North Sea is not stable, and needs pumps and active water management around the clock to keep dry.\nGemaal Koning Willem I\nToday that is achieved by the pump station (Gemaal) Willem I, among others. It is named after the king who initiated the dry pumping of the Haarlemmermeer. It is much more modern and efficient, but also quite less impressive than the pump in Cruquius.\nIn the image I am standing with my back to the Ringvaart, a bit down from the dikes crest. The water level of the Ringvaart is approximately at my hip, or somewhere around the second window of the pump station. The water you can see behind the pump station is the main drainage channel for Haarlemmermeer, and you can see how low it is compared to my position.\nThe Gemeente Haarlemmermeer is only one of many Droogmakerijen . It is a anthropogene cultural landscape, not an uncommon thing in the Netherlands - a quarter of the Netherlands are below sea level, and 65% of the population are living in areas that need to be protected against storm and flood.\nBut this also means: when you look at the landscape, there is nothing natural about it whatsoever. The natural state of this land is brackish water, 3.50m deep. It is completely designed and constructed and ongoing human effort is necessary to keep it dry and working. This is a relationship to nature and \u0026ldquo;natural\u0026rdquo; that is very different from other parts of the world.\nIt also requires a different mentality, because it needs to maintained at all cost, even in conflict. It absolutely requires people to cooperate even if they disagree: The North Sea is an equal opportinity drowner, the Waterwolf does not care if the people it devours agree or disagree about some thing or the other.\nCooperation despite differences has been deeply ingrained into the society in the Netherlands, and affects all forms of conflict handling.\n","date":"2020-02-21T00:00:00Z","href":"https://blog.koehntopp.info/2020/02/21/under-the-sea.html","tags":["lang_en","netherlands"],"title":"Under the sea..."},{"categories":null,"content":"Welcome to the Netherlands. We\u0026rsquo;re building roads differently. They are better, safer and less stressful for cyclists, and that also makes them better, safer and less stressful for motorists. Here is how it works:\n(based on a Twitter Thread )\nWhat does it look like? I am living in a village. That means a speed limit of 30 km/h inside the city limits, and that is being enforced by the design of the road.\nThe red path is only a subordinate cycle path. On the other side of the canal, to the left, is the real cycle path. The bridge in the background is leading over to it.\nIt looks like this:\nIn the background you can see the traffic sign on the right hand side of the road, and the bridge. I am standing on the footpath, the bike path is on the left hand side.\nLet\u0026rsquo;s move forward to the bridge:\nIn the mornings this is a very busy spot, because there are two basic schools down the road over the bridge, and of course all the children are biking to school.\nSchool begins the day after the fourth birthday (and groep 1 and 2 is what in germany would be preschool, but it\u0026rsquo;s mandatory) and it can be reasonably expected from children of this age to be able to bike to school under their own power, but supervised. Children of group 3 and over can be expected to bike school unsupervised, and the environment must be built to enable this, and to allow them to roam around the city limits in order to go to sports or visity friends.\nDynamic traffic lights My village is next to the N205. That is a multilane motorway, a national street, an A-road. On the other side is the Schiphol runway \u0026ldquo;Polderbaan\u0026rdquo;.\nA cycling traffic light in the Netherlands looks like this. The \u0026ldquo;tikker\u0026rdquo; (call button) is only a formality, but good to hold yourself upright on the bike should you ever have to wait.\nUsually you don\u0026rsquo;t. That\u0026rsquo;s because of the sensors in the road: Two here (in order to measure direction and speed), and one more directly where the Tikker is. If you are driving the design speed of the cycle path (In the Netherlands that\u0026rsquo;s 15 km/h), and the traffic allows that, you will have green exactly when you are reaching the light.\nThat is because almost all traffic lights around here are dynamically controlled and have variable cycle times. The moment the last car or bike is clearing the crossing the light goes yellow and the waiting time for crossing traffic is shortened.\nAll of that under the principle that pedestrians and cyclists have priority over car traffic at all times.\nIntersection Design Interestingly enough: Cycle path design and rules make it possible for a cyclist to turn right at a crossing even when the light is red for motorists. It\u0026rsquo;s in the design of their crossings.\nThis article at Bicycle Dutch explains it in detail.\nThey also have a Youtube Video (same in German ) that shows this in practice and with traffic in motion. It\u0026rsquo;s beautiful.\nGo watch the video. But even then, let me highlight a few things from the video:\nThis is what is called a parking protected bike lane. The parked cars act as a protective wall against the cars on the street. Where there is room enough there is an exit zone that prevents dooring.\nAlso, everyone here is being drilled with the Dutch Reach , to the point where you fail your driving test in the last second if you do not exit the car properly after passing the final practical exam otherwise faultlessly.\nIntersections in the Netherlands are a construct that is full of waiting pockets, staging areas that allow you to stop and wait without being pressured from the traffic behind you, until you are sure it is safe to move on.\nThat is true for cyclists. Here waiting cyclists can stop for the red light without being in the way of traffic that is moving straight on.\nBut it is even more true for cars. Motorists can handle one task (turning), and then the next one (handling crossing cyclists), avoiding dangerous multitasking and dangers from multiple directions.\nIf you are used to driving in Germany, that is unexpected and initially confusing. Take your time, and take the traffic step by step, it is designed this way. If the traffic designer did their job, there is only one dangerous thing happening at a time, and there is always a safe place to stop and double check. Also, the other drivers are expecting you to stop and take your time.\nDanger Zone and the importance of consistency In fact, when driving in the Netherlands you will eventually notice that the main spot to check for dangers is usually 45 degrees to the right over the hood. That is, because whenever space allows it the situation is designed so that you can wait without being pressured from behind, handle one situation at the time, and the situation is coming up at approximately this position from the front-right (or, where traffic makes it necessary, from the front-left).\nHere an intersection, also with staging areas. The marked car has passed the cycle path and is now waiting to be able to safely merge, out of the way of the cycle path. A second car is coming up, waiting before the cycle path, making sure there are no cyclists coming and that the staging area is clearing.\nThe design and the marking of the cycle path with continous red color and shark teeth before the crossing make it clear to anyone that the cyclists have the right of way, even if the traffic signs weren\u0026rsquo;t there.\nRaised curbs and patterning make the road visually smaller, encouraging drivers to stay below the speed limit.\nCycle paths are separated from the road, where possible with a soft shoulder and lawn in order to communicate that there is no roadside parking here.\nThe raised curb on the cycle path side also encourages cyclists to stay in the lane and make use of the marked path for crossing. That way separated types of traffic cross only in spots that are designed to make the crossing safely.\nThe same design language is applied everywhere, making roads readable to everyone intuitively. Here a car is turning right into a residential area. The curb is raised from street level with a bump and different paving, making it visually and haptically clear to a driver that the environment is changing. There is of course a staging area, so that turning and clearing the cycle path are two different, sequential tasks.\nThe cycle path makes a slight swerve to the right to allow for this. In the video it becomes clear that this does not slow down the cyclist. Again, soft lawn is being used to discourage drivers from shorting the turn and crossing the cycle path at a different angle that a clear 90 degrees.\nAgain, narrow roads in the Netherlands are a design tool. They make sure traffic types cross at a safe angle so that eye contact can be made, and together with speed bumps and raised curbs they help to keep speed down to safe levels. The design is built specifically so that drivers do not accelerate into a conflict zone.\nThe situation is built so that potential conflicts happen the 45 degress-to-the-right-over-the-hood angle that motorists are trained to double and triple check in urban areas, and with the car at rest or close to rest.\nConsistent design language helps to make safety habitually automatic.\nRoundabouts are safer and faster than intersections, but the same design principles and design language can be applied to this situation as well, even in historic old towns such as Amsterdam shown here.\nWe see the familiar Dutch design: Staging area for cars, separating the action of leaving the roundabout and clearing the cycle path. Road marking communicates bike priority. Shark teeth also help to communicate priority. The curb extension and the middle island separating the car lanes both keep the roads visually narrow and encourages drivers to position themselves properly and not cut corners.\nThe danger zone is positioned to the right-front for the car leaving the roundabout, traffic types intersect at 90 degree angle and with the car at rest or almost at rest. For the car entering the roundabout, the danger zone is the left-front, because there is no other option to make this possible.\nHierarchy of Mitigations Of course, according to the OSHA Hierarchy of Mitigations, none of this is the best solution.\nOSHA Hierarchy of Mitigations or OSHA Hierarchy of Controls for workplace safety. In german Maßnahmenhierarchie nach TRBS . (after an older tweet )\nEliminate: Remove the cause of danger completely. A car-free environment. Substitute: Replace the hazardous work practice or machine with an alternative. Encourage and promote public transport. Isolate: Separate the hazard from the people at risk from injury. Cycle paths are separated from car roads with alternative routing, curbs, underpasses or other means of physical separation. Engineer controls: Physical changes, eg. redesign machine by adding safeguards. Speed bumps, and physical intersection design reduce risk of collision and injury. Administrative controls: Install signs, rotate jobs. Road signs (\u0026ldquo;Cyclists crossing!\u0026rdquo;, speed limit signs) PPE (Personal Protective Equipment): Provide gloves, earplugs, helmets. Bike helmets and high viz vests. So while we have been speaking about intersection design, we have been essentially been speaking about level 4 methods from the OSHA hierarchy. Where space allows it, level 3 methods would be better.\nAnd again, we can see them in the Dutch road design:\nThe roundabout shown in the video leads the cycle path through underpasses underneath the street, completely separating the car and bicycle traffic. That means no danger of collision, no traffic lights and no wait times for cyclists, ever. A way better solution that any intersection design.\nThe video finishes with two children passing an intersection on bikes. Again, we can see the dynamic traffic light control: The moment the second cyclist enters the intersection, the green phase is shortened and the light turns yellow. As soon as the intersection has been cleared, cross traffic can start.\nThis is not a space intensive design. It works in many historic old towns in the Netherlands, and any design up to code in the US (or Germany) can be converted to a safer Dutch design within the same space.\nA second video (same video in German ) demonstrates this. This video also reiterates the various design choices shown above, and explains them.\nDid you say 15 km/h? The design speed for cycle paths in the Netherlands is for an average speed of 15 km/h.\nThe cycle infrastructure is excellent, and you can often and for long stretches read a much higher speed, but there are two core ideas behind the entire network that lead to the 15 km/h design speed:\n\u0026ldquo;AAA\u0026rdquo;, \u0026ldquo;All Ages and Abilities\u0026rdquo; For a high cycling rates, it is important that anybody can cycle and feels safe doing so.\nThat leads to a design requirement in which a 4-year-old can cycle to school supervised, and a 6-year-old can cycle to school unsupervised, or an 80-year-old can use the cycle path safely and comfortably on a bike, trike or a suitable electrically assisted personal transport.\nIt also leads to the design requirement that two cyclists can ride abreast - parents riding with their children, or just two people riding together and chatting, like they would do in a car. A cycle path that wide (per direction) also enables overtaking, and has sufficient space for transport bikes.\nThe key idea is that bike paths are a system for the many, not for the fittest.\nMultimodal Transport The bike system in the Netherlands and the public transport (OV) system are designed to work together. The designers envision the bike trip of commuters to be \u0026lt;7.5km (\u0026lt;30m travel time on bike, \u0026lt;20m at 25 km/h), ending at a train station.\nTrain stations have large covered parking structures (free to use), and often offer additional services (\u0026ldquo;Bike repair while you are away to work\u0026rdquo;, \u0026ldquo;Sale of small service parts such as inner tubes or LED lights\u0026rdquo;). Haarlem station has a fairly typical station, I made a video . Note how the design language of the cycle tracks extends down even to the racks.\nThey also usually have NS OV Fiets lending stations. While public transport in the Netherlands is being run by a number of municipal and commercial operators, which are free to set prices and define zones as they see fit, the billing is unified and works via the nationwide OV Chipkaart - all trains, trams, buses and also the rental bikes offered at almost all train stations are being billed via one single card. Getting a rental is as easy as swiping your card, at a price of less than 3.60 EUR per day billed to the OV card.\nEltis explains multimodality in Dutch rail .\nThe dutch government provides Cycling Facts (PDF ).\nBike use is x2.5 higher in the Netherlands than in Germany, on the average\nBike use is regionally different, and in some zones the usage quota is more than 50% of all trips shorter than 7.5km\nOther Sources (in german language) If you are looking for a more in depth discussion of all of this in german language, have a look at Wunderlösung Schutzkreuzung? by Darmstadt fährt Rad .\nDie Schutzkreuzung, Teil 1 Die Schutzkreuzung, Teil 2 Be sure to also check out the detailed background references in the footers of the articles, and the details \u0026ldquo;view from the car\u0026rdquo; addenda in Teil 2, which show deadzones of cars and lorries in detail.\nAlso at \u0026ldquo;Darmstadt fährt Rad\u0026rdquo;:\nKreuzung Deluxe 1: Einleitung Kreuzung Deluxe 2: Designelemente Kreuzung Deluxe 3: Funktion Kreuzung Deluxe 4: Fallbeispiele Kreuzung Deluxe 5: Neugestaltung einer deutschen Kreuzung Kreuzung Deluxe 6: Neugestaltung einer großen deutschen Kreuzung These articles are a treasure trove of traffic design information in german language, and again are backed by a wealth of illustrations and linked sources.\n","date":"2020-02-19T00:00:00Z","href":"https://blog.koehntopp.info/2020/02/19/how-to-build-a-cycling-environment.html","tags":["lang_en","germany","netherlands","cycling","mobility"],"title":"How to build a cycling environment"},{"categories":null,"content":"Oliver Rautenberg berichtet auf Twitter von \u0026ldquo;Elternvereinbarungen zur Smartphone- und Mediennutzung\u0026rdquo; an Waldorfschulen in Deutschland.\n»Medienvertrag einer \u0026ldquo;Freien Schule\u0026rdquo; der Waldorfpädagogik. Ist diese Einmischung noch vertretbar? Keine Handys in der Schule, ok. Aber auch zuhause will die Schule Handys, Computer, Filme und sogar Hörspiele vertraglich verbieten. \u0026ldquo;Risiken und Gefahren\u0026rdquo; drohen!«\nDies ist meine persönliche Erfahrung, also eine Studie mit einer Sample-Gruppe von n=1. Keine Ahnung, und mir egal wie Ihr Dinge bei Euch in der Familie regelt, aber vielleicht ist das ja dennoch für irgendwen nützlich.\nMein Sohn ist jetzt 9 und wird bald 10.\nEr ist in Deutschland geboren und ist in Deutschland mit 18 Monaten in den Kindergarten gekommen. Dort hat er bis zum Einschulungs-Sommer 2016 den Kindergarten und die Vorschule beendet, und ist dann zusammen mit seiner Mutter zu mir in die Niederlande hinterher gezogen.\nEr hat die Niederländische Groep 3 in einer Integrationsklasse verbracht, um den Stoff, der der deutschen 1. Klasse entspricht zusammen mit der niederländischen Sprache zu erlernen. Am Ende von Groep 3 hat er den Schulsprachtest bestanden und ist auf eine lokale reguläre Grundschule gewechselt.\nEr ist jetzt in Groep 6 (entspricht der deutschen Grundschulklasse 4). Die Grundschule geht bis Groep 8 (entspricht der deutschen Grundschulklasse 6).\nLicht und Ton und Touchscreens Der Sohn hat sehr früh die Bildschirme im Haushalt bemerkt und war insbesondere von Touchscreens sehr fasziniert. Die erste App, für die er sich je interessiert hat, war das inzwischen eingestellte Zoola Animal Sounds , eine Anwendung, die Tierbilder zeigt und mit Musik und Tiergeräuschen untermalt. Er hat die Anwendung bis zum Alter von fast vier Jahren immer mal wieder nachgefragt.\nDer Umgang mit Touchscreens erschien dem Kind sehr unmittelbar und natürlich. Auch Gesten zum Drehen und Zoomen wurden abgeguckt, unmittelbar einsichtig und mußten nicht aktiv gelehrt werden. Das ging so weit, daß das Kind beim Fernsehen aufstand, den Bildschirm berührte, um den Film anzuhalten und dann beide Hände auf den Bildschirm presste um einen interessanten Ausschitt zu versuchen zu vergrößern - das hat dann leider zur großen Enttäuschung des kleinen Mannes nicht funktioniert, zeigt aber welche Erwartungen in die digitale Umwelt von einem Kind gesetzt werden.\nEin wichtiger Aspekt des Aufwachsens ist immer der Aspekt von Kontrolle gewesen, also Steuerung und Manipulation der Umwelt. Das Wort \u0026ldquo;Licht\u0026rdquo; hat das Kind sehr früh gelernt, und er wollte immer wieder auf den Arm genommen und vor einen Lichtschalter gehalten werden. Die Tatsache, daß das Drücken hier dann da bei einer Lampe etwas bewirkt war eine unglaublich aufregende Entdeckung. Die Tatsache, daß er nach seinem Willen die Umwelt beeinflussen konnte auch. Und daß unterschiedliche Schalter verläßlich unterschiedliche Lampen kontrollieren und das erlernbar war: auch fundamental.\nUnsere Nachbarn in der deutschen Wohnung über uns hatten zwei Kinder, die ein wenig älter waren als unser Sohn. Für ein kleines Kind ist das kein wesentlicher Unterschied - es unterteilt die Welt in \u0026ldquo;Leute, die alles wissen und alles können\u0026rdquo; und \u0026ldquo;solche, die so sind wie ich\u0026rdquo;. Daß Kinder mit 3-4 Jahren viel mehr können als er selber hat er nicht erfaßt. Entsprechend dann: immer wenn er Kontakt hatte, hat er plötzlich Dinge getan, die er ohne die Demonstration, daß Kinder so was können können nie getan hätte.\nDas war einer der Hauptgründe, das Kind in einen Kindergarten zu geben: Dort hat er die Geschwister, die er daheim nicht hat, und das hat ihn massiv nach vorne gezogen.\nDaheim hat er durch unsere Arbeit bedingt viel Kontakt zu Computern. Dabei hat ihn meine Arbeit eher weniger interessiert - Papa sitzt auf den Bildschirm und starrt auf Buchstaben. Aber was Sammy tut ist um so interessanter.\nMusik und Film Sammy hat damals im Cafe Theater Schalotte Licht auf Veranstaltungen gemacht, und das Treiben am Theater, aber auch Licht und Tontechnik haben ihn als direkte Verlängerung seiner Erfahrungen daheim ohne Ende interessiert. Ich weiß, daß wir oben am Lichtpult gesessen haben, das Kind kaum 4 Jahre alt, die Frau an der Bühne unter der Decke hängend die Scheinwerfer manipulierend. Als sie ruft \u0026ldquo;Die Drei auf Achzig!\u0026rdquo; zählt das Kind wichtig die Weißlicht-Regler ab, und ist stolz wie Oskar, daß er den Schieber 3 auf 80% regeln darf. \u0026ldquo;Super\u0026rdquo; ruft es von unter der Decke zurück!\nDas Kind ist voller Musik, und von mir hat er das nicht. Das geht so weit, daß ich mir mit einer elektrischen Zahnbürste die Zähne putze und er kurz dem Brummen lauscht und dann sagt \u0026ldquo;Das ist ein C und Deine Zahnbürste ist verstimmt\u0026rdquo;. Ich ziehe die Stimm-App auf dem Handy aus der Tasche und in der Tat, die Braun brummt ein sattes C, liegt aber deutlich daneben.\nDas mit der Musik ist auch sehr früh deutlich geworden, und so hat er neben der Vorschule auch \u0026ldquo;musikalische Früherziehung\u0026rdquo; bekommen, in der den Kindern ein Jahr lang Gelegenheit gegeben worden ist, für jeweils 3 Monate ein Instrument auszuprobieren und Erfahrungen zu sammeln. Mit 5 hätte er dann noch ein Jahr dranhängen können, hat dann aber selber entschieden, daß er nur noch Geige machen will. Also hat er angefangen, in Berlin Geige zu lernen und es ist uns gelungen, in Amsterdam eine Lehrerin zu finden, die deutsch und niederländisch spricht und ganz wunderbar unterrichten kann.\nUm diese Zeit, so mit 6 Jahren, hat er auch zusätzlich zum abgelegten Handy mein altes Macbook pro in die Finger bekommen. Das ist ein Gerät von 2009, mit einer nachgerüsteten SSD, die es nicht nur schneller, sondern auch robuster macht, und mit leider nur 4 GB RAM. Im Laufe der Zeit hat er dort Youtube, Musescore, Garageband und auch iMovie entdeckt und sich ohne weitere Erklärungen weitgehend selbst angeeignet.\nDabei haben wir eine ganze Menge über unser Kind gelernt.\nErstens: Das Kind braucht Limits. Es würde ohne diese Limits vermutlich in den unendlichen Tiefen von Youtube versacken und nie wieder vorkommen. Es braucht auch Wertungen. Wir haben abgemacht, daß er zunächst Youtube mit uns zusammen guckt, und dabei ist er auf einen Haufen Videos gestoßen, die keine Geschichten erzählen, sondern sehr niedrig zielende, teletubby-artige Animationen abspielen. Wir haben ihm erklärt, wie sich diese Videos von Videos unterscheiden, die etwas erzählen wollen, und wieso wir die eine Sorte Video langweilig finden, und die andere nicht. Er hat irgendwann angefangen, Videos nach diesen Kriterien zu beurteilen und auszuwählen.\nZweitens: Das Kind lernt durch Tun und Abgucken mehr als durch Erklären. Erklärungen sind wichtig, aber Vorbilder, Nachahmungen und Zusehen sind viel, viel wichtiger. Buchstaben haben sich ihm als Konzept erschlossen durch Zusehen, und durch Tippen und Vergleichen. Da er sich brennend für Eisenbahnen und insbesondere Dampfloks interessierte, wollte er Youtube-Suchen eingegeben haben. Das Wort \u0026ldquo;Dampflok\u0026rdquo; konnte er also bald erkennen und dann auch sehr schnell schreiben. Das war ihm wichtig, denn er wollte ja selber suchen.\nYoutube ist ein unglaublicher Schatz an Ausbildungsvideos, Verdeutlichen und Anschauungsunterricht. Er verwendet Youtube inzwischen gezielt, um bestimmte Fertigkeiten vorgeführt zu bekommen und nachzuahmen.\nDrittens: Dabei forscht er sehr selbstständig und vollzieht im Kleinen andere, viel größere Entwicklungen nach. Hier in den Niederlanden hat er gelernt, wie er Videos von seinem Handy auf seinen Computer laden kann. Er hat iMovie entdeckt durch Experimentieren herausgefunden, wie man iMovie Fertigtrailer produziert. Er hat dabei die vorgegebene Form und den Stil von Trailern auf Netflix imitiert, um Trailer für noch nicht produzierte, selbst ausgedachte Geschichten zu produzieren.\nDanach hat er über Youtube und durch weiteres Experimentieren iMovie erlernt, und dann angefangen mit seinem Handy Filme zu abschnittsweise zu drehen und zu schneiden. Dabei ist er selbst auf eine Reihe von Stilmitteln gestoßen oder hat sie imitiert, die wir in der Geschichte des Films als Bausteine des Geschichtenerzählens mit diesem Medium entdeckt haben.\nWeil er Anfangs in den Niederlanden sehr alleine war und sich seine Klassenkameraden auch nicht so für das filmische Erzählen interessiert haben, hat er vier Charactere geschaffen (\u0026ldquo;Joram\u0026rdquo;, \u0026ldquo;Max\u0026rdquo;, \u0026ldquo;Tom\u0026rdquo; und \u0026ldquo;Mehmet\u0026rdquo;), die sich durch Kleidung unterscheiden. Natürlich kann er immer nur eine Person zur Zeit im Bild haben, wenn er alle Rollen selber spielt, aber um zu erzählen hat er dann Dinge wie Schnitt/Gegenschnitt und Perspektive entdeckt.\nMax und Mehmet geraten in einen Streit und Max regt sich weiter auf - er hat das realisiert, indem er Max bei jedem Gegenschnitt weiter aus dem medium close-up in den close-up zieht. Mit einer blauen Decke, der Bluescreen-Funktion von iMovie und einer Stegosaurus-Spielfigur hat er eine Verfolungsjagd realisiert, bei der die Charactere von einem Dinosaurier verfolgt werden.\nNachdem Sammy ihm ein Drehbuch und Einstellungs-Skizzen gezeigt hat, ist ihm die Idee gekommen, daß er sich dann nicht so oft umzuziehen braucht, wenn er die Einstellungen sortiert und daß Produktionsreihenfolge und Schnittreihenfolge nichts miteinander zu tun haben müssen. Das hat seine Produktion stark beschleunigt.\nEr versteht in seinem Kopf, wie sich Joram, Max, Tom und Mehmet unterscheiden und wie und warum sie in derselben Situation unterschiedlich reagieren würden. Er ist in der Lage zu begründen, warum sich Mehmet bei einer Begegnung mit dem Stegosaurier anders als Max verhalten würde. Er versteht, daß Erlebnisse Menschen verändern und hat von sich aus angefangen zu erklären, warum sich Mehmet \u0026ldquo;nach dem Stegosaurier\u0026rdquo; anders verhalten würde als \u0026ldquo;Mehmet vor dem Stegosaurier\u0026rdquo;.\nViertens: Das Kind braucht Bewegung. Wenn er einen Tag nicht draußen spielt, schwimmt oder reitet, dann ist er ungenießbar und kaum zu kontrollieren. Er empfindet das selbst, ist aber noch nicht in der Lage ohne Hilfe die notwendigen Konsequenzen und Zeiteinteilungen zu finden und das auch durchzuziehen. Es ist also wichtig, ihn rauszuwerfen und zu zwingen, physische Dinge und persönliche Interaktion mit anderen Menschen zu haben. Er versteht hinterher, daß es ihm besser geht, kann das aber noch nicht selbst zuverlässig initiieren.\nFünftens: Er hat rausgefunden, daß es Filme gibt, die er nicht sehen mag, und daß eine grobe, aber unzuverlässige Korrelation existiert zwischen Altersfreigabe und der Tatsache, daß er den Film nicht mag. Er hat die Indiana Jones und die Jurassic Park Filme gesehen, und gut gefunden, obwohl einige von denen weit über seinem Alter liegende Einstufungen haben und es gibt andere Filme, die technisch ab 6 wären, aber die ihm so unangenehm sind, daß er abbricht. Er hat durch Gespräche mit uns gelernt, daß uns das auch so geht (Ich finde \u0026ldquo;Blacklist\u0026rdquo; unangenehm und sinnlos gewaltätig und mag das nicht sehen) und daß das in Ordnung ist.\nEr hat Harry Potter nur bis Teil 3 gesehen und will die anderen Teile, die durchaus vorliegen, gerne mit uns zusammen sehen, wenn er meint, daß er soweit ist. Er hat gelernt, seinen Gefühlen da zu vertrauen und er ist - mit wenigen Einschränkungen - in der Lage, diese Entscheidungen auch selbstständig umzusetzen. Er guckt weg, bittet um Umschalten oder verläßt den Raum, wenn er was nicht sehen will und er bringt aktiv seine Meinungen und Präferenzen in Entscheidungsprozesse ein.\nComputerspiele Das Kind liebt Aufbauspiele. Das hat mit Train Fever und seinen Nachfolgern sowie Cities: Sylines begonnen und ging dann über Ark bis Minecraft. Ich habe ihm und seinen Freunden einen Minecraft Server und ein Teamspeak installieren müssen.\nDabei haben er und seine Freunde entdeckt, was man in Minecraft tun kann, wie sich das Multiplayer vom Solospiel unterscheidet, und daß sie unterschiedliche Ideen haben, was sie in Minecraft tun möchten oder was in Ordnung ist und was nicht. In Folge hat es eine Serie von Streitereien und Versöhnungen gegeben, in denen sie eine Übereinkunft ausgehandelt haben, die klar macht, wie sie miteinander im Kontext des Spieles umgehen wollen.\nUnd sie haben den Server gestaltet. Das heißt auch, daß sie mit einer Liste von Installationswünschen für Plugins bei mir aufgelaufen sind, die ich dann brav in den Server gekippt habe und deren Konfiguration sie dann weitgehend auf Youtube selbst gelernt haben.\nMultiplayer ist weitaus interessanter als Solo - Minecraft hat im letzten Jahr alle anderen Spielaktivitäten vor dem Bildschirm ausgelöscht, weil Interaktion mit anderen Spielern um vieles interessanter ist als Interaktion mit Computergegnern oder computeranimierten Figuren.\nProgrammieren Als das Kind fragte, was Papa denn so vor dem Computer tut habe ich angefangen Python zu erklären. Das ist eine schwierige Aufgabe - im Alter von 6 Jahren war die Vermittlung der Gedanken um Kontrollstrukturen unmöglich. Der Sohn hat in der REPL Variablen belegt und wieder ausgegeben. Aber nicht nur hat das Konzept \u0026ldquo;Im Editor schreiben, auf einer Kommandozeile aufrufen\u0026rdquo; ihn überfordert, auch Verzweigungen und Schleifen waren zu diesem Zeitpunkt nicht vermittelbar. Es hat bis zum Alter von 8 Jahren gebraucht - wir haben das Python immer wieder halbe Jahre liegen lassen - um einen Reifegrad und das abstrakte Denken zu bekommen, um diese Konzepte zu erschließen.\nDie Schere zwischen den Wünschen (GUI! Grafik! 3D! Minecraft selber machen!) und den Fähigkeiten ist enorm. Aber wir haben jetzt ein Cli-Programm, das Additionsaufgaben stellt, die Ergebnisse kontrolliert und einen Score mitführt (und einen Highscore abspeichert). Sollten wir irgendwann mal bei Klassen und Bibliotheken ankommen, werden wir eine Qt-Version davon bauen.\nKind und Computer Ich verstehe einen Großteil des Gewese um Kinder vor dem Computer nicht. Zumindest nicht in Bezug auf unser Kind. Es ist wichtig, daß er raus kommt, sich bewegt und mit anderen Menschen interagiert, das ist klar.\nEs ist auch wichtig, sich dafür zu interessieren, wie er den Computer und das Smartphone verwendet, und wenn er dabei etwas erschafft, das als Haken zu verwenden, um ihm moderne Kultur und Kommunikation zu erklären.\nEr denkt, er dreht einen Film, aber er erforscht selbst und mit unserer Hilfe Charactere, Entwicklung, Storytelling, Konflikt und Drama, Produktion und Produktionsplanung, Spezialeffekte, Kostüm und Makeup. Er mag vor dem Rechner mit Musescore und Garageband rumspielen, aber das bindet sich direkt in seine Übungen für den Chor und seinen Geigenunterricht rein und beide Dinge unterstützen einander. Er will Minecraft spielen, aber damit das mit seinem Server so geht wie er das will, muß er sich mit elementaren Dingen des Communitymanagement (und Motivationen seiner Mitspieler, Spielertypen und User-Stories), aber auch mit ssh, YAML und Serverkonfiguration auseinander setzen.\nUnd da kann man mit ihm drüber reden, ihm zeigen, wie wir diese Dinge auch in unserer Arbeit wieder finden und warum er gerade welche Schwierigkeiten hat und was mögliche Handlungsoptionen sind. Und dann läßt man ihn und seine Kumpane wieder alleine und die müssen selber Wege finden, das anzuwenden oder auch nicht und dabei zu lernen.\nUnd Youtube. Youtube wird in der medialen Berichterstattung in Deutschland gerne einmal runtergemacht und als Halde voller Schrott und Propaganda dargestellt. Youtube ist die großartigste Selbstbedienung-Ausbildung, die es auf diesem Planeten gibt. Und mit der richtigen Voreinstellung im Kopf sortiert das Kind eventuell in die Timeline gespülten Schrott weitgehend selbstständig aus und hält sich selbst auf Spur.\nMit Neun ist das noch nicht perfekt, wie auch. Aber ich bin sehr beeindruckt von dem, was er so macht.\nWie dem auch sei: Mein Kind sitzt vor dem Computer. Auch, nicht nur. Das ist auch im wesentlichen gut so, und außerdem unvermeidlich. Also muß ich damit umgehen lernen, genau wie er.\n","date":"2020-01-28T00:00:00Z","href":"https://blog.koehntopp.info/2020/01/28/mein-sohn-sitzt-vor-dem-computer.html","tags":["lang_de","schnuppel","bildung"],"title":"Mein Sohn sitzt vor dem Computer"},{"categories":null,"content":"On Twitter, @CaptainEyesight asked a question:\n»Database architecture question: For deleting records, instead of a DELETE, UPDATE the id to the negative (i.e. 1 becomes -1) and then add AND id \u0026gt; 0 to every query. Great idea? or Greatest idea?«\nI was honestly a bit confused, because this idea is so weird that I took this question for a joke. But then I decided that this is a case for XKCD 1053 : »You are one of today\u0026rsquo;s lucky 10.000.« So let\u0026rsquo;s do this properly.\nPhysical InnoDB data structure In InnoDB, data is stored as a B+-Tree indexed by the primary key. A B+-Tree is a B-Tree in which the leaf pages contain the actual data records. That means that data is (within limits) stored physically, on disk, in primary key order. A record with a lower primary key value will be \u0026ldquo;further left\u0026rdquo; in the B+-Tree than a record with a higher primary key value, and within limits will also be on a disk block with a lower or equal number than blocks with higher primary key values.\nInnoDB structure as a tree index blocks pointing to other index blocks, and the leaf nodes containing the actual data.\nThe limitation is here that InnoDB allocates data in chunks (of 64 pages of 16 KB by default, for segments of 1 MB), and filesystems of course do not really guarantee \u0026ldquo;low to high disk space allocation\u0026rdquo;. Another, weaker and slightly better way to describe the physical ordering would be that two primary key values with a small value difference are more likely to be phsically closer on the storage medium, but it is still a kind of best effort estimate.\nIn any case in InnoDB, the physical record position is a function of the primary key. Changing a PK the way described will physically move the record from \u0026ldquo;right\u0026rdquo; in the B+ tree to the left, inducing a lot of rebalancing operations, page splits and merges. Ultimately actually deleting always from the left and appending always on the right is producing the worst physical page structure InnoDB could have: Permanent page merges on the left, permanent page splits at the right and a permanent maximal rebalancing of the entire tree.\nThis is an abysmally slow data structure. I wrote about it in german language in Ein paar Gedanken zu Zeitreihendaten in 2009, where I have been discussing the way Nagios NDO Schema abuses the database on the Open Source Monitoring Conference in Nürnberg.\nForeign Key complications There is another problem layered on top of the physical data structure problem, and that is that primary keys of one table t may be used in other tables r and s as pointers to records in t. Such usage is called a foreign key. If you change primary keys, all foreign keys will become invalid and will point at the wrong or non-existent recoords.\nThere is a way around that, manually or automatically change the foreign keys.\nIf you want the change to happen automatically, you can do that with foreign key contstraints, and ON UPDATE CASCADE and ON DELETE CASCADE clauses. The problem that people will run into in practice is that such clauses make it very hard to estimate the performance of a statement by just looking at the SQL. Chaning a primary key value will cause an update of all dependent foreign key rows, and the actual number of these rows is unknown, may be variable and that makes the runtime of the statement data-dependent and completely unpredictable.\nConsider a table of hotels with a hotel_id as a primary key. Consider a second table of hotel_reviews, with a review_id as a primary key, and a foreign key hotel_id pointing back at the hotel being reviewed. Now assume a hotel closes and we renumber it from 4711 to -4711. We will have to change all reviews of that hotel in the hotel_review table, so any number of reviews will have their hotel_id changed from 4711 to -4711, too. That can be none, or few, if the hotel was not very popular, or it can be literally 10.000s of records. It will create problems in production. I know that because I was around when exactly this happened.\nSome Axioms about Primary Keys As a general rule, the following things are in my experience good rules:\nNever change a primary key value. Primary key values should be considered immutable. Never reuse a primary key value. Primary key values used in foreign keys tend to stick around, even outside of the database, in bookmarks, notes, file dumps and other data sources that you do not track, control or index. If you re-use a primary key value, these URLs, notes, or other pointers will now point to different, entirely random data instead of producing a lookup error. Don\u0026rsquo;t do that to yourself. Never encode additional information in a primary key value. Primary key values encode the identity of a row. Nothing else. Flags such as is_deleted, is_made_to_order or other special things are not ranges, signs or other special properies of the actual primary key. They should be extra columns, made explicit, documented, and be indexable on their own. Everything else is broken. I once had to work with a database that contained orderable part numbers for camper trailers, and if the part number started with an \u0026lsquo;8\u0026rsquo; or an \u0026rsquo;e\u0026rsquo;, that part was made to measure and not generally available in stock - things like window blinds or seat cushions. That\u0026rsquo;s extremely broken, and there should have been a made_to_measure flag and another in_stock flag.\nPoisoning transactional data with crud In Openstack in 2015, about any of the Keystone, Neutron, Nova and other databases did not delete things, but each row had an is_deleted flag. Every query is the actual query plus an AND is_deleted = 0. This makes queries more complicated, confuses the optimizer and every developer and, even worse, requires an expiration cron job, which by default was not delivered, much less installed.\nis_deleted flags are usually not very selective. In the beginning, there will be very few deleted records, and over time they will dominate the data, so that most records will actually be deleted. Most optimizers have problems handling biased key distributions properly, and indexes on low cardinality columns are another problem entirely.\nIn any case, there will likely be dead records on each page loaded into memory, poisoning your expensive caches with dead data. This is not a good use of your money or hardware budget. The recommendation is to keep only live data in transactional tables. Actually delete completed transactions from your transactional tables. Keep your transactional system small. A transactional system ideally never reads data, because it can keep the pages of the working set of your current transactions in memory. Only writes happen, to persist the actual transactions.\nYou will need a log of changes, for compliance reasons, for business intelligence (BI) reasons and for reporting as well as many other use cases. You can implement an Extract-Transform-Load (ETL) process into a data warehouse, with the usual DW transaction from online transaction processing normalized schemas into data warehousey star and snowflake schemas. That is, in the DW you will not store ids, but actual data values, because you are not interested where customer_id 17 lives now in 2020, but that the item \u0026ldquo;USB Memory Stick 128 GB\u0026rdquo; was actually priced \u0026ldquo;24.99 EUR\u0026rdquo; when you delivered it to a customer in 24110, Germany in August 2013. So part of the ETL process is to join all the things, keep the values you want to archive and then archive them into a giant fact table (and maybe recompressing the values back to DW ids in sideways lookup tables for space reasons). Then you create daily aggregate along the dimensions of reporting, creating a star or snowflake from the fact table timeline.\nDeleting from a monster fact table where primary keys corrospond to temporal data is just as bad. Use partitions instead, and drop expired days.\nIdeally, the fact table is partitioned, so that you to not shuffle through the B+-Tree again for deletion. Instead, you ALTER TABLE ... DROP PARTITION instead, which is much, much, much faster.\nAnother way to get changed recorded is instead Change Data Capture (CDC), which you configure a server as a database master writing full row based replication binlog, in which each DML statement will log the full before- and after-image of each changed row. A binlog eater processes this data to produce an ongoing live update of the DW. You will still have to take each logged row, extract the IDs and join them to get the data values of all the other tables you need to log for the ETL process. That can create race conditions, so you may instead opt for changing the application, which would then write twice, once into your OLTP system and once into the DW in denormalized star form.\nCoexistence is impossible Transactional and reporting queries do not coexist nicely on the same hardware at scale. It is useful to keep transaction processing systems and reporting/BI systems physically separated.\nAn OLTP system is ideally memory saturated - the working set fits into memory, if you can make that happen. Transactions are short lived, query latency matters. The system is write-heavy by definition - it\u0026rsquo;s sole purpose in life is to record state changes on disk in order to model real-world state changes such as orders, order fullfillment and billing. The schema is likely normalized and close to 3rd normal form in order to make update volume manageable. Uptime matters, so having a small data set size will help meeting availability requirements: One that business is interested in is a short MTTR, and MTTR is often a function of data set size.\nData Warehouse and BI systems are unlikely to be memory saturated. It is their nature that they grow without bounds unless you actually complete the data lifecycle management by actually dropping data. Transactions are read-mostly, deletes are rare (and implemented as partition drops) and writes are ideally append-only. Queries are long-lived, full table scans, indexes may be of limited use. Hash joins may be more useful than loop joins. The schema is likely \u0026rsquo;normalized\u0026rsquo;, but the DW normal form is a loglike fact table and star or snowflake structures around it. Uptime may matter, but the requirements are often much more relaxed compared to what is requested from the OLTP side of the business. That is good, because DW data set size can be something else.\nEvery OLTP system contains a data warehouse that struggles to get out It is perfectly normal (and okay for some time) for a new OLTP system to contain a DW on the inside that eventually needs to be extracted and put onto its own machinery. When you create a new OLTP system, you objective is to get it up and running. You need to earn money after all.\nStill, there will be tables in your system that contain a data in the table name, the partition clause or the primary key. These are tables that grow without bounds given an otherwise constant and unchanging transactional volume. Eventually you will need to come around and complete the data lifecycle management process that you skimped on in order to get things running.\nThat is, you will need to define what kind of attributes you want to extract for reporting in your ETL or CDC process, define such a ETL or CDC process, define a DW/BI structure and the reports and ad-hoc query opportunities you want to support.\nThis will sustain you for a long time, but eventually even the DW/BI you have will outgrow your means and you need to close the loop completely in order to cap growth. Also, compliance rules will force you to actually delete data after some time.\nTL;DR: You think about changing primary keys when you should think about data lifecycle management. That is not a good business or data modelling strategy.\n","date":"2020-01-28T00:00:00Z","href":"https://blog.koehntopp.info/2020/01/28/some-rules-for-primary-keys.html","tags":["lang_en","mysql","schemas","database"],"title":"Some rules for primary keys"},{"categories":null,"content":"Heise schreibt in Mailbox.org: Google sperrt \u0026ldquo;unsichere\u0026rdquo; Dritte vom Kalender aus über Anwendungen von Dritten und den Zugriff auf Google Kalender, Google Mail und andere Dienste, die mit GSuite interagieren. Der Artikel wirft leider eine Reihe von Dingen durcheinander, was schade ist, weil er einen wichtigen Punkt machen will.\nOAuth2 vs. LSA Im Artikel geht es um OAuth2 . OAuth2 ist kein neues Verfahren. Es handelt sich um einen Standard, bei dem ein Dienstleister Drittanwendungen den Zugriff auf Dienste erlaubt, indem er der Drittanwendung relativ automatisch ein Logintoken zuteilt, das\nzeitlich begrenzt ist die Identifikation der Anwendung und des Anwenders erlaubt und einen Scope (einen Satz eingeschränkte Zugriffsrechte) hat. Um also auf den Google Kalender oder in Zukunft bald auch IMAP zugreifen zu können, muß eine Drittanwendung ein Token vorzeigen. Das Token, das etwa Busycal auf dem Mac verwendet, ist von dem Token verschieden, mit dem ACal+ auf Android auf meinen Google Kalender zugreift. Theoretisch könnte Busycal auch Vollzugriff auf den Kalender haben, während das ACal+ Token einen Read-Only Scope hat.\nBeide sind verschieden von meinem mit 2FA gesicherten Zugang zu meinem Google Account, der nicht nur Kalender und Mail enthält, sondern auch mein Wallet, meine gekauften Inhalte, mein Youtube, meinen Google Cloud Zugang und meine Google Ads. Wird durch eine Sicherheitslücke eines der Token publik, ist das kein Beinbruch (der Schaden ist auf den Scope begrenzt) und leicht zu korrigieren (die Zugriffsrechte sind wiederrufbar).\nGoogle gibt einem eine Security-Übersicht für Deinen Account in Google Account . Auf der Permissions -Seite kann man sehen, wer Zugriff hat und was die dürfen. Nach Anklicken sieht man auch, wann das war und man kann den Zugriff wiederrufen.\nPermissions Seite für OAuth2 Anwendungen in Google Account .\nDas alles ist eine Feine Sache™ und ein großer Fortschritt. In der Vergangenheit hätte man sich bei einem CalDAV oder IMAP Server mit dem Usernamen und Paßwort eingeloggt, und hätte dadurch den gesamten Google Account mit allen Diensten, die da dran hängen, exponiert und gefährdet. In so einem Kontext ist insbesondere der Wiederruf und die Recovery nach einem Security-Problem so gut wie unmöglich.\nDas weiß Google auch, und daher gab es bisher für Programme, die OAuth2 nicht beherrschen, eine Sonderlocke: \u0026ldquo;Application Specific Passwords for Less Secure Applications\u0026rdquo; (LSA).\n\u0026ldquo;Application Specific Passwords for Less Secure Applications\u0026rdquo; (LSA) ist auch in Google Account zu finden und hoffentlich leer.\nMit LSA legt man ein Kennwort für seinen Loginnamen fest, das an eine Anwendung gebunden ist und gescoped ist, also im Zugriff beschränkt. Da Google dieses Paßwort generiert, ist es auch sicher vom Accountpaßwort verschieden.\nMan kann sich also mit einem Legacy Client, der auch in 2020 noch kein OAuth2 kann, auf einem GMail IMAP oder CalDAV einloggen und riskiert dennoch nicht seinen ganzen Account. Gut so.\nOAuth2 Playground Es gibt einen OAuth2 Playground bei Google. Mit dem und der Entwicklerdokumentation kann man einmal herumspielen. Oder man verwendet deren oauth2.py . Für jeden Dienst gibt es eine Dokumentation, die die OAuth2 Scopes beschreibt, die existieren.\nHier ist die Dokumentation für GMail Scopes . Sie ist wichtig, wir werden weiter unten noch darauf zurück kommen.\nWenn man den OAuth2 Playground einmal durchspielt passiert dies:\nSchritt 1: Wähle einen OAuth2 Scope aus, hier gmail.readonly. Auf der rechten Seite sieht man die entsprechenden REST Requests und Responses, sodaß ein Entwickler gleich sehen kann, wie so etwas auf dem Kabel aussieht. In der Praxis wird dieser Schritt vom Anwendungsentwickler ausgeführt und man sieht ihn nicht.\nEr legt die Identität der Anwendung fest, so wie sie für den Endanwender nachher in Google Account erscheint.\nFührt man diesen Schritt durch, gibt es einen typischen Google Autorisierungscreen: Anwendung Google Playground will Read Access auf unseren Gmail Account. Ist das okay so?\nSagt man ja, gibt es einen Alarm via Push Notification und eine Nachricht in Google Mail: Jemand hat neuen Zugriff auf unseren Account bekommen.\nTerror auf meinem Handy: \u0026ldquo;Google OAuth2 Playground\u0026rdquo; darf jetzt auf mein GMail.\nDas ist auch eine Gute Sache™, denn auf diese Weise ist sichergestellt, daß so ein Zugriff nicht leise und aus Versehen erfolgt.\nMit dem Authorization Code aus Schritt 1 kann die Anwendung sich jetzt ein Zugriffstoken holen, das eine Stunden gilt. Der Grund ist, daß auf diese Weise die Anwendung auf jeden Fall spätestens eine Stunde nach dem Widerruf von Rechten ausgesperrt ist, auch wenn dieses spezifische Token nicht gesondert widerrufen wird.\nUnd mit diesem Access Token kann die Anwendung dann endlich GMail API Funktionen aus dem Read Only Scope aufrufen, zum Beispiel Identity. Sie kann keine Non-GMail Aktionen ausführen und sie kann auch keine Nachrichten senden, Filter bearbeiten oder ähnliches. Das wäre ein anderer Scope.\nScopes in GMail Die Liste der Gmail Scopes in der Entwicklerdokumentation klassifiziert Scopes auf verschiedene Weisen, Recommended, Sensitive und Restricted. Die meisten Scopes sind Restricted.\nDie Doku sagt weiter:\nRestricted—These scopes provide wide access to Google User Data and require you to go through a restricted scope verification process. For information on this requirement, see Google API Services: User Data Policy and Additional Requirements for Specific API Scopes. If you store restricted scope data on servers (or transmit), then you need to go through a security assessment.\nWenn man also eine Serveranwendung (Mailbox.org, Exchange, Open Exchange oder ähnliches) schreibt, und diese Restricted Scope Data runterlädt und speichert, dann wird ein Security Assessment notwendig.\nDen Heise Artikel noch einmal lesen Jetzt lesen wir den Heise Artikel noch einmal.\nDa heißt es:\nGoogle forciert den Einsatz von Oauth für seine Mail-, Kalender- und Drive- Dienste, sperrt dabei aber viele Dienstleister und ältere Software aus. Wer bisher beispielsweise Googles Kalender in einer nicht von Google entwickelten Anwendung oder Webseite ohne Oauth integriert, muss sich demnächst entweder umstellen oder darauf hoffen, dass sich sein Anbieter von Google-Partnern in den USA in einem kostspieligen und wenig transparenten Verfahren zertifizieren lässt.\nWas heißt das? Der Artikel erklärt das nicht.\nGoogle hat bereits am 30. Oktober letzten Jahres LSA für Business Kunden sanft eingeschränkt. Alle Accounts mit einer leeren LSA Liste haben \u0026ldquo;LSA erlauben\u0026rdquo; auf \u0026ldquo;Nein\u0026rdquo; gestellt bekommen, für andere Accounts, die LSA Einträge haben, sind andere Einschränkungen gemacht worden.\nAb Mitte diesen Jahres wird LSA weiter eingeschränkt .\nDas heißt, zum Zugriff auf Google Dienste wird LSA erschwert oder ganz abgeschaltet und OAuth2 verpflichtend. Soweit eine gute Sache.\nAber: Ein Mailserver hat bisher via LSA Vollzugriff auf einen GMail Account und einen Kalender bekommen, ohne sich dem für Restricted Scopes notwendigem Review zu unterziehen.\nDadurch, daß OAuth2 jetzt verpflichtend wird, werden Firmen wie Open Exchange und Mailbox.org also OAuth2 Reviews aufgezwungen, weil das LSA Schlupfloch nicht mehr existiert. Und das ist genau der Punkt, der beklagt wird, nur daß der Artikel das nicht erklärt.\nMailbox.org-Betreiber Peer Heinlein kritisiert Googles Vorgehen, das ab 15. Januar die Zertifizierung von \u0026ldquo;Less Secure Apps\u0026rdquo; vorschreibt. Im Gespräch mit der iX erklärt Heinlein, es sei grundsätzlich nicht verkehrt, wenn unseriöse Anbieter vom Zugriff auf Google-Konten ausgeschlossen werden und Missbrauch minimiert wird.\nDas ist irreführtend, weil es primär gar nicht um LSA geht, sondern um OAuth2, und spezifisch um die mit OAuth2 Restricted Scopes verknüpften Audit-Anforderungen. LSA abzuschalten ist eine gute Sache, und LSA zu verwenden, um den Anforderungen für OAuth2 Restricted Scope zu entgehen eine mittelfristig zum Scheitern verurteilte Strategie.\nDie Frage, um die es eigentlich gehen muß ist:\nDarf Google für den Zugriff auf ihre Plattform einen solchen Audit verlangen oder ist dies eine unzulässige Wettbewerbseinschränkung?\nIm Lichte der Entscheidung Banken vs. Sofortüberweisung kann man annehmen, daß es nicht das Problem von Google ist, Anforderungen an die Anwendungen zu stellen, die ein Anwender für seinen Account zuläßt. Insbesondere wenn der Anwender eine Firma ist und der Account Teil eines GSuite Business Accounts ist.\nUnd das ist die eigentliche Frage, die geklärt werden muß.\nOAuth2 ist eine gute Sache. Auch Mailbox.org und OX wissen das und haben das korrekt implementiert, sind dabei aber in die OAuth2 Restricted Scope Requirements für Serverbetreiber gelaufen.\n","date":"2020-01-17T00:00:00Z","href":"https://blog.koehntopp.info/2020/01/17/mailboxorg-google-oauth-und-less-secure-applications.html","tags":["lang_de","google","security","identity","privacy"],"title":"Mailbox.org, Google, OAuth und Less Secure Applications"},{"categories":null,"content":"Florian Haas asks on Twitter :\n\u0026ldquo;How do you solve reliable rollback. The definition of a reliable rollback being: \u0026lsquo;get reset \u0026ndash;hard \u0026rsquo;, \u0026lsquo;git push -f\u0026rsquo; and then magic happening that returns your infra to the exact state it was at .\u0026rdquo;\nThe problem is relatively easy to solve with modern infrastructure-as-code for anything that is stateless. It becomes a bit more involved when you are dealing with things with state, such as database instances or Zookeepers or similar things.\nMy reply on Twitter begins here . I am basing my writeup on that reply.\n\u0026ldquo;Devops\u0026rdquo;, what does that even mean? In 2015, I gave a talk titled \u0026ldquo;Go away, or I will replace you with a little shell script \u0026rdquo; as a keynote for the GUUG FFG 2015 in Stuttgart. The german language slides are here , the english slides are here and a Youtube video of the Froscon version of the talk is here . Unfortunately, the video is the german language version of that talk.\nThe talk focuses on how the sysadmin profession started to die out somewhere around 2001, when we invented horizontal scaleout and Tom Limoncelli published the first edition of \u0026ldquo;The Practice of System Administration \u0026rdquo;. That book explained in one chapter the role of the sysadmin in the greater corporate organisation and how to cooperate with, not fight against users. The term and the practice of Devops evolved in this decade, until in 2008 Patrick Debois coined the actual term \u0026ldquo;Devops\u0026rdquo;, which we use today.\nThe term has been abused a lot, but what does it actually mean? In one slide I show this:\nThe modern development environment according to Devops, and the technical meaning of the term.\nIn todays language, I would phrase these items as follows:\nInfrastructure as code Version Control CI/CD Separation of Rollout and Activation Proper Observability with centralized, structured logs Good instant communication Infrastructure As Code describes a way of declaring the execution environment for your code, in code. Code that can be checked in and versioned like the application code itself. Openstack Heat Scripts, AWS Cloud Formation, Kubernetes Deployment Specifications or your Terraform all qualify as this.\nWith this, you can recreate and redeploy your execution environment together with your application, as part of the build and deployment automation. It also means that you get rid of the endlessly fragile state manipulation engines that are Puppet, Ansible, Chef, Salt and CFEngine. You create, build and deploy images and you run immutable infrastructure.\nBecause all of that code and infrastructure declaration are files, you want Version Control, which in 2020 means, you want all of this in git. This is so normal by now that anything that is not git-able is considered broken and weird.\nWhat you check in, you want to be processed automatically. So you push it through a CI/CD pipeline, which pushes things through whatever pre-production environments you have (many have Dev, Staging and Prod). This, in 2020, probably includes formatting to coding standards, linting, sonarcubing, and whatever tests you wrote.\nEventually, your code is rolled out. And a key invention - one that is not yet done by enough people - is separation of Rollout and Activation by the means of an experiment framework. More on that below.\nWhen application code runs, it is appending messages, measurements and context to a hash of hashes. This collection will be pushed into an event processor at the end of a request. Ours is called \u0026ldquo;Booking Events\u0026rdquo;. If you happen to work elsewhere, an Observabilty tool such as Honeycomb.io is the closest to Booking Events I have been able to find outside of Booking.\nUsing this, you alert and push alerts out through a multitude of channels, including Pagerduty, and whatever you use instead of Slack. Humans are being alerted to a situation, and can act on it.\nSeparation of Rollout and Activation, and Dual Use Experimentation As I mentioned above, the separation of rollout and activation is a key invention that makes rollouts possible. It also makes testing in production safe.\nIn the first iteration, an experiment framework allows you to push code into production that never runs. You can then, through feature flags, activate your code for yourself, or a chosen subset of customers based on whatever selectors your frame work offers. I often quote \u0026ldquo;5% of the population of guest country .jp with a user-agent string that suggests MacOS\u0026rdquo; as an example, but it is really a function of the experiment framework you build.\nSee a very old talk from 2012 of mine: \u0026ldquo;8 rollouts a day \u0026rdquo; (video ) for an ancient take on all of this. This is not new technology, we have been doing this for ages, and just iterated on this.\nHaving an experiment framework means that the scaffolding for activation in code is formalized and tested, so errors in gating entry to new code are unlikely to happen.\nIt also means that a control framework exists where you can see experiments that are active, who is exposed to them, and that participation in an experiment is recorded in a user click history. You probably want to record experiment config changes in your monitoring wallgraphs so that a change in observed behavior is linked to possible causes for that in an obvious and in-your-face way.\nThis is also important for customer support: A CS agent needs to be able to see what the customers sees or has seen, if an experiment is a UI/UX experiment. UI/UX variants should be available to CS agents at will, so that they are able to match and retrace customer experience.\nHaving experimentation available obviously means that variant code is in execution concurrently. Or in terms of rollouts: Old and new code run at the same time.\nFor state management, it means that schema changes or similar data adjustments need to be done in advance. They also need to be done in a way that is compatible with the old and the new code. That is not hard to do, and can be done in a robust testable way. You want to package it, and run a bunch of checks on schema changes automatically, so you can detect best practice violation and prevent these from being checked into staging and prod.\nAnd yes, you need that table change framework anyway, because SOX will eventually want that from you. You probably will end up with a web frontend and API for pt-online-schema-change accessible to end users in a way that also advises them automatically on best practice. This also scales better than your DBAs checking manually for the presence of a PK, NULLable columns, columns that are DOUBLE but suggest monetary values in their names, and similar things.\nOk, at this point you can push code into staging and prod in a way that the old and new variants of the code can coexist on whatever schema you have and can run concurrently, depending on what variant of which experiment the user is in. You can finally activate code for a few users, and see what happens.\nYour second iteration of the experiment framework will therefore measure the impact of the experiment, and by that I do not only mean the business impact, but also the technical impact.\nBusiness impact measurements would answer questions such as \u0026ldquo;What influence has Experiment 17 on conversion?\u0026rdquo; or \u0026ldquo;Does variant B of experiment 17 not only improve conversion, but also customer support call rate, and if so, it is still a positive experiment in the monetary sense\u0026rdquo;?\nBut as a gate to the entry of code paths, the experiment framework can also encapsulate Probes that collect metrics over a Span, delivering technical measurements about the performance cost of an experiment. I can ask questions such as \u0026ldquo;Show me all messages in variant B of rollout 64fd32f that never appear when running variant A\u0026rdquo;, or \u0026ldquo;What messages appear since rollout 64fd32f that did not appear before\u0026rdquo;.\nI can also carry metrics and classify them by experiment related selectors. \u0026ldquo;Show me SQL time spent in variant B compared to variant A of rollout 64fd32f in all sections guarded by experiment 13, normalized by number of executions\u0026rdquo;. In other words, what exactly is the latency contribution of experiment 13b, since 64fd32f?\nAnd because I have access to the unshortened, unaggregated raw event data persisted elsewhere, at any point in time I can ask the framework to actually show me the SQL, once I have a selector that finds me the delta I was looking for, and highlight the things that are only present here and not elsewhere.\nThat is the Dual Use value of an experiment framework: You get the business value out of that, testing hypothesis on draft code in production before you spend engineering hours on things that aren\u0026rsquo;t going to make you richer. That is, in terms of bug stages, finding bugs in requirements.\nFrom 8 rollouts a day (2012), Slide 19 : Relative cost of a bugfix in various stages of the code lifecycle. Fixing broken requirements is the cheapest.\nBut you also get the technical cost of that, in terms of running the prototype code. That enables you to assess the added execution cost vs. the estimated engineering effort to speed it up. In other words, your engineers only ever work on code that is proven to make you richer, and you also know how much running it will cost you in AWS units or engineering hours and you can prioritise things properly.\nAnd finally, since A and B variants coexist, if B is known to be bad, you not only can roll that back, you don\u0026rsquo;t even have to. Simply turning off activation of B gives you instant silence in production - the known bad variant is still present, but never run for anybody. You can then triage and come up with a resolution of the situation on your own terms. Either you eliminate the B variant and roll back, or you fix B and roll forward. Either way, this is done completely out of the execution path and also without any time pressure constraints on the decision making.\nThe Sum of All These Parts The sum of these parts is much more than each individual capability gives you. Together they give you an environment that allows you to roll back and forward, at will. And you will be doing this in an informed way. You can reason about code in production, and act on the outcome of that discussion. And you are doing this outside of crisis mode and any time constraints.\nSeparation of Rollout and Activation is a Key Invention here. Put this into an Experimentation Framework, and create a dashboard/control/overview board around this that gives information about running and disabled experiments, experiment outcomes in terms of business and technical data, and that links to raw events and metrics generated from the raw events directly.\nMarrying an experiment framework + dashboard with a Honeycomb-like observability system, and with pointers to tags, releases and rollouts in your code base allows naviagation between all of these things in an integrated way. It enables product and tech people alike in a unique way to reason about code, what that code does to the business, UX, income, and also resource consumption.\nIt can direct business decisions, because it allows safe rapid development and deployment of draft business expierments.\nIt can direct engineering decisions, because it tells you what is safe, and what isn\u0026rsquo;t, what is good enough and what isn\u0026rsquo;t.\nIt informs product management and backlog decisions, because it links technical cost, potential business income and resource usage cost so that business and tech reason about code at eye level - one single source of truth, and one single set of metrics spanning the lowest levels of tech to business metrics like conversion, cuca call rates, cancellations and other things.\nAfter doing that a while, your code will be littered with Experiment Gateways that either protect and measure code that is full-on or perma-off. All of that code is technical debt and needs to be evaluated, and cleaned up. In this way, the experiment framework, even in the final stage of its usefulness acts as visual markup for technical debt assessment and as a guide for garbage code collection.\nReliable Rollbacks and Testing In Production You can even use this data to build predictors for expected business behavior, and alert on deviations. \u0026ldquo;According to observed growth and data from last year, last month and last week, we would expect x bookings per minute, but see m fewer, so something is likely wrong. That started 10 minutes ago at the yellow activation line of experiment 13\u0026rdquo; is a thing where I live, and turning off 13 before even looking for possible root causes is a complete no-brainer. In 95% of the cases or more it actually fixes the incident for now, so that any followup is done again outside of panic mode.\nThat is: Testing In Production Is A Safe Thing To Do - if you build an environment that makes it survivable. The key ingredients are\nEducation Awareness Empowerment I reference that in both talks I linked above: Education means you not only need your general craft, the IT you learned at school, in university or in previous jobs. You also need to learn the local knowledge. We encapsulate that in the two questions\nIf you break it, will you even notice? If you break it, can you fix it? The first question asks if you do know you dependencies and dependents for any subsystem that you change. If you don\u0026rsquo;t that\u0026rsquo;s okay, we will teach you. That\u0026rsquo;s why we are here.\nBut if you write a patch, gate it in an experiment and then ask \u0026ldquo;Is this good? Can I roll that out?\u0026rdquo;, you are asking the wrong person. There is one expert on the whole planet for that change you just wrote, and that is you. You need to be able to answer the question \u0026ldquo;If you break it, will you even notice\u0026rdquo; with a confident yes in order to be admitted to production. Nobody but you will know the proper answer to that question, ever. We can only help you to find the \u0026ldquo;Yes\u0026rdquo; by teaching you.\nThis is also a question of attitude, and it has to be coming from the top. Back in the day when Kees was CEO, he usually ate with everybody else in the canteen.\nA typical conversation that happened similarly more than once is Kees asking somebody: \u0026ldquo;I haven\u0026rsquo;t seen you before. Are you new?\u0026rdquo; \u0026ldquo;Yes, of course. I started 3 weeks ago.\u0026rdquo; \u0026ldquo;And\u0026rdquo;, Kees would ask, in one way or the other, \u0026ldquo;did you break production already?\u0026rdquo; The newbie would of course answer \u0026ldquo;No, of course not!\u0026rdquo; and get the usual response \u0026ldquo;So what am I paying you for?\u0026rdquo;.\nThe moral in this is that errors and downtimes are a part of doing business. Of course we would like to have infrastructure where these things do not happen, or minimise impact, but velocity and risk taking are a thing of value to a fast company. By having an error budget (the integral between the predicted income and the actual income) and checking that things are within the error budget, management has a control that allows them to check on the state of the engineering culture. If we are over the error budget, we probably need to look at our ways, and the state of our education and practice. If we are under error budget a lot, we are probably not moving fast enough and are too risk averse.\nAll the instrumentation around this - CI/CD, dev and staging, experiment framework and observability framework - exist to make better use of the error budget and get most out of our invest into corporate improvement and organisational learning.\nThe second question asks if you know how to fix the things that your change may break. It is not only a question about scope, but also a question about your network. That is, because in any reasonably large system you won\u0026rsquo;t be able to put it together alone.\nYou should expect to need help.\nIt\u0026rsquo;s people that help, not positions.\nSo you should not answer \u0026ldquo;I will need a DBA around just in case\u0026rdquo;, but you should know if Debs, Greg or Simon would be better to have around in your case.\nWith your education covered, and especially the necessary local knowledge amending your general education, you\u0026rsquo;d then have to be aware of your environment. That ties back to the upper part of this writeup. With probes and annotions from Spans covering Experiment gateways, you will have to access the data collected in your event logging system, your observability pipeline to understand the state and health of your system.\nAnd it is that exact state, and the detailed data that will tell you the story.\nAggregations are important, they point you into a general direction. But it is the raw data that contains the evidence you need. It is the ability to slice and dice the raw data along arbitrary dimensions at will that will allow you to make the precise cut which isolates the buggy cases from the non-buggy behavior. It will allow you to look at the precise delta in exposed state of your distributed system of dependencies that causes the abnormal behavior.\nLogs and metrics are good, essential for checks and alerts, to handle known cases and navigate known waters safely. Events, and the ability to search, sort, aggregate and correlate on events at will, are what enable you to see and debug a distributed and developing production system. Experiments, separation of rollout and activation, with integrated Probes in Spans, allow you to collect this data, and to act, by disabling code that introduces undesireable behavior.\nThe rollout is likely to be safe, because any new code you roll out is never executed in production. Unless you activate it. In the end you will find that it is not the rollout sparklines in your graphs that matter, it\u0026rsquo;s the config change sparklines that need watching. You can turn on things for yourself, for a subset of the population, or, if you have gradually built confidence, full on.\nFull on (or full off and writing the change off as worthless, in 19 of 20 cases) is a precondition then for cleaning up: Removing either the Experiment tooling around one new codepath, removing the old codepath completely, or the other way around.\nLeaving experimentation instrumentation in the code, but having things full on (or off) is a very easy and visible way to assess technical debt. So even after the experiment has come to a conclusion one way or the other, the experiment framework is useful as a way to demarcate in some way or the other technical debt in source files.\nAnd finally, empowerment. Empowerment is giving developers the power to make decisions, and at the same time demanding from them that they make them. You can do that only in a safe environment, and in a blame-free culture where this comes from the top. Hence the importance of Kees eating in the Canteen and asking the questions as told above. Hence, too, the importance of the error budget, and exposing it to all people that roll out.\n","date":"2020-01-17T00:00:00Z","href":"https://blog.koehntopp.info/2020/01/17/rolling-back-a-rollout.html","tags":["lang_en","devops","work","testing"],"title":"Rolling back a rollout"},{"categories":null,"content":"This post is a memo to self, and describes how to disable the X.52 clutch mode. I am flying with a Saitek/Logitech X.52 pro HOTAS , and this stick has a \u0026lsquo;clutch button\u0026rsquo; (labelled \u0026ldquo;i\u0026rdquo;) in the thumb position of the throttle (image: clutch highlighed in red)\n\u0026ldquo;Clutch mode\u0026rdquo; for this button means that it is usable as a modfier for the other buttons, when pressed together with a second button. Alone, it does nothing. For me, that is useless.\nIn order to disable the function, go into Windows Settings, click Devices, and search for \u0026ldquo;Set up USB Game Controllers\u0026rdquo;.\nAs always, useful things in Windows can only be accessed via search and not via menu.\nSelect the device, and then hit the device properties.\nIn the MFD (Multi Function Display) of all places you can also disable the clutch function (which, of course, has nothing to do with the MFD at all).\nBecause Windows is stupid and saves this configuration per USB-port, you will have to redo it every time you plug the stick into a different USB port.\nEDIT: Göran Nilsson explained:\nYou can reach the Saitek modding using the original Saitek way as follows on Win10:\n-Control Panel-Devices and Printers-Right Click on the HOTAS\nThe main use of the \u0026ldquo;Clutch Mode\u0026rdquo; is to get the current key function displayed on the MFD, without actually activating that function. I find that useful when you change between different SIMS, where you have alternative assignments to a specific key or function. So pressing \u0026ldquo;Clutch\u0026rdquo;+\u0026ldquo;Anykey\u0026rdquo; displays the current functionality of \u0026ldquo;Anykey\u0026rdquo; as text on the MFD as long as you keep Clutch depressed. Latch Clutch means that you have to press the Clutch once for uncoupling the function and once again to switch between actual function and text describing the tested key. The text you want is of course possible to set when you program the keys Personally I find that very useful as I tend to forget all these possible allocations of various functions to keys. Different sims needs different fast keys.\nExample : Programming the \u0026ldquo;FireA\u0026rdquo; button to issue \u0026ldquo;KRIS\u0026rdquo; to my software. \u0026ldquo;Clutch\u0026rdquo;+\u0026ldquo;FireA\u0026rdquo; will now show \u0026ldquo;Kristian\u0026rdquo; on the MFD without actually sending anything to the running program. Given the rich programmimg possibilities I definitely need an online \u0026ldquo;cheat sheet\u0026rdquo; that the \u0026ldquo;Clutch\u0026rdquo; makes available.\n","date":"2020-01-15T00:00:00Z","href":"https://blog.koehntopp.info/2020/01/15/disable-saitek-x52-clutch-mode.html","tags":["lang_en","gaming","elite dangerous"],"title":"Disable Saitek X.52 pro Clutch Mode"},{"categories":null,"content":"Sonos is a company that makes Wi-Fi Connected speakers. They offer acceptable sound quality and an extremely good user experience. They also so far have never cancelled support for any of their speakers.\nHardware Lineup and Timeline Some of their speakers are now qualified for a Trade-Up program, in particular their\nPlay:5 (1st generation) speaker, the Connect:Amp and the Connect. The latter two (the Connect products) are somewhat obsolete as they were necessary when normal Wi-Fi was usually not able to carry sound data at the required reliability, so Sonos speakers built their own Wi-Fi Mesh network separately from the usual home Wi-Fi. With newer Wi-Fi standards and recently also 5 Ghz this was no longer necessary.\nThe Play:5 (1st generation) speaker, the only one currently qualified for Trade-Up appeared, in 2009, 10 years ago. It was replaced by the 2nd generation in 2015. The Play:3 appeared in July 2011, and was discontinued in July 2018. The Play:1 appeared in October 2013, and was replaced by the Play One (1st generation) in October 2017. The second generation Play One added Bluetooth Hardware and a much fatter SOC and even more memory only one year later. Unfortunately I have no idea what kind of hardware the Play:5 platform was built on in 2009. I have only looked into a Play:3 from 2013. That box had a PPC based single core CPU and 64 MB of memory. Current Sonos hardware is using, IIRC, Multicore ARM SOCs and have at least four times the amount of memory.\nIn terms of Trade-Up, currently only the Play:5 (1st gen) qualifies. It is pretty clear that the Play:3 will be qualifying soon, too - maybe in 2020, but in 2021 for sure. In terms of long-term value, owners of the 1st gen Play One are probably currently worst off.\nTrade-Up The Trade-Up is advertised as follows:\nYou select a device for Trade-Up, and receive a voucher for a 30% rebate on the purchase of a new device. You then have 21 days left to use the old device, after which time it will permanently cease to function. You can use the voucher to purchase any new Sonos device, replace the old one and ship the old device to whatever recycling services in your area accept it.\nThat is a normal Trade-Up program, minus the part where you uselessly ship the old hardware across the country to the maker, which will then hand it over to a recycling service instead of you doing this.\nYou can still continue to use the old device as long as it is supported, you can still sell the old device to others, as long as it is supported, and you can do whatever else is possible with the old hardware.\nWhy? It is pretty clear where this is aiming: Sonos is looking at the oldest hardware in their lineup and that this hardware is becoming pretty long in the tooth.\nEspecially the limited amount of memory makes it increasingly difficult to even install the most current versions of their software. New functionality such as Airplay 2, and new services require more memory and, in case of Airplay 2 also more CPU and more Wi-Fi bandwidth than 10 year old piece of hardware has.\nThey would like to shrink the installed base of their outdated hardware in order to be able to move forward technologically. They would like to offer their long-time customers some kind of bonus and way to upgrade before they have to disable the hardware because it cannot longer be supported.\nNot having to ship the hardware back to Sonos should be a plus, not a minus. Instead there is a pretty hard blowback on Twitter.\nMost people criticise that this bricks the device.\nWhich is kind of the point in a Trade-Up.\n","date":"2019-12-30T00:00:00Z","href":"https://blog.koehntopp.info/2019/12/30/sonos-recycle-mode.html","tags":["lang_en","media","sonos"],"title":"Sonos Recycle Mode"},{"categories":null,"content":"A bunch of boomers in Germany is running a distraction campaign on the energy use of data centers and streaming. Example articles in german language can be found in Zeit and Bento , but there is a larger series of articles acrooss multiple newspapers.\nA better structured reasoning can be found in SRF (German), and it highlights how arbitrary and wrong the energy numbers in the former articles are. But even this article ignores the facts that the energy consumption in a typical cloud data center is most likely carbon neutral, because the power used is likely to be completely green. How green exactly is depending on the cloud operator and the location of the data center - I have written a much more detailed overview elsewhere in this blog.\nFor some reason, the majority of these articles focus on video streaming, ignoring outright waste of energy at a much larger scale, for example blockchain use. Furthermore, most of the calculations on the energy use of specifically video streaming are making flawed assumptions. They are designed to create vastly oversized energy footprints, and even more oversized carbon footprints.\nSome things to remember:\nA video is not being encoded for every view. A raw video is encoded or transcoded once for each target format, of which there is a small integer number. So 4K raw source material is being transcoded into 1080p, 720p, 480p and maybe a few even smaller formats. Some streamers support specific classes of end user devices with a limited, non-extensible set of legacy codecs, such as gaming consoles or similar. They typically add one or two more formats to the set, but in the end the storage cost (and energy) dominates the transcoding cost.\nThe encoded file is stored and played on demand for each viewer. In effect this turns watching a video on a streaming service basically into a normal file download with a \u0026ldquo;fancy\u0026rdquo; download protocol.\nvia Netmanias: Youtube Chunking, 2013 Define \u0026ldquo;fancy\u0026rdquo;: The file is being chopped into chunks of around a few seconds playback time, and a number of chunks ahead of the current playback position is being downloaded in advance and buffered on the end user device. How many of these chunks are preloaded depends on a lot of parameters, such as device type, internet connection speed and user behavior (\u0026ldquo;are they jumping around a lot?\u0026rdquo;). Using chunked downloads allows for switching video resolution depending on changes in line speed or display window size, and for jumping around in the video without downloading unnecessary parts of the video.\nA video is not shipped across the Atlantic Ocean for each viewer. Most likely (and especially for popular videos), an edge cache is holding a copy of the file locally and serving it to the customer. Google documents this in their peering and caching documentation .\nGoogle provides a map of their Google Global Cache nodes. There is at least one in every metropolitan area. These nodes also cache popular Youtube videos. The cache is quite effective, an older 2012 paper (PDF ) discusses that.\nNetflix does similar things with their own infrastructure.\nThis turns watching a video on a streaming service into downloading a file with a fancy download protocol from a pretty local server, with local being defined as \u0026ldquo;very close to your location in terms of network, not physical topology\u0026rdquo;. Where network topology matches physical topology, this may be \u0026ldquo;in your city\u0026rdquo;, in any case it is the minimum number of network hops, the copy \u0026ldquo;closest to you\u0026rdquo; that is being served.\nA video is not being decoded in software on a regular CPU The effect of a software vs. hardware video encoder is being shown in this 2014 Youtube Video , in which a Samsung S4 cellphone is being used to encode a live video stream from a specific brand of surveillance camera. Software encoding produces 8 fps, hardware encoding with the special hardware in the cellphone produces line rate at 25 fps.\nUnfortunately we do not get to see the changed energy profile, but purpose built video encoding and decoding hardware as is present on any average graphics hardware in 2019, down to the cellphone level, does things not only faster, but also with a fraction of the energy need. Such hardware is used for streaming video encoding in data centers, and for playback on end user devices.\nThis is especially important on battery powered devices, where less energy usage translates into longer device runtime directly.\nFor encoding, the approaches differ. Netflix is running on AWS, and used to use software encoding on regular EC2 instances . A relatively recent Netflix talk about their encoding pipeline has all the details.\nGoogle offers their own dedicated video encoding cloud service , but does not document what they are using. It is likely that a hybrid of software and hardware encoding is being used: Google is known to have fuzzed ffmpeg a lot and to use it extensively. Also, ffmpeg can make use of GPU hardware for encoding , when such hardware is available, and GCP has such hardware.\nRunning a cloud service uses energy, but it is way less energy than anybody else would use for the same job. Also, if you choose your cloud provider wisely, you may use energy, but won\u0026rsquo;t produce CO2 I have explained that in much more detail elsewhere.\nThe TL;DR is: Cloud providers run data centers on renewable energy, Google is one of the worlds largest investors into solar and wind farms. So even if energy is being used, no CO2 is being produced to run the data center.\nCloud providers use purpose built data centers that match their purpose built computers, \u0026ldquo;Open Compute Technology\u0026rdquo;. These machines use less than half the power of normal servers when idle, and around 33% less energy when fully loaded. They also run in data centers that do not require compression cooling, but can consume ambient air temperatures, greatly reducing the cooling energy spent.\nCloud technology can size applications on demand, allowing way better utilisation of servers. While a typical enterprise data center has around 5%-10% utilisation, cloud data centers are 3x to 7x better utilised.\nEDIT: Netflix specifically is overcompensating. In A renewable energy update from us they explain how much energy they use, primary and secondary, and how they compensate for this. This is assuming that their cloud provider, Amazon, was running on 100% coal, which they aren\u0026rsquo;t, and that means they are actually carbon negative.\nEDIT: The BBC has an article on this, and they come to the same conclusions (via Twitter ).\n","date":"2019-12-28T00:00:00Z","href":"https://blog.koehntopp.info/2019/12/28/streaming-and-energy.html","tags":["climate","data center","cloud","energy","erklaerbaer","lang_en"],"title":"Streaming and Energy"},{"categories":null,"content":"So after testing LVM Raid in princple, I have been trying it on some real hardware to see what happens. The idea was to estimate if it scales and if not, how it doesn\u0026rsquo;t. I was expecting to run into all kinds of obscure problems in my testing, but in fact, it was a quick and short death.\nHere is my box: QuantaGrid D42A-2U with an AMD EPYC 7551P CPU (32C, HT off), 1024 GB of memory, a boot disk and 12x Micron_9200_MTFDHAL11TATCW (PDF ) for 120TB of disk storage.\nThe setup was very straight forward:\n# pvcreate /dev/nvme*n1 # vgcreate vg00 /dev/nvme*n1 # lvcreate -n mysqlvol -L60T vg00 # lvconvert --type raid1 -m1 /dev/vg00/mysqlVol The objective was to ensure that an existing non-raided volume could be converted into a RAID after the fact. My installation is half-sized. The actual production version of this would be on a machine with 24 of these drives, 12 of them currently filled by a 90T database, and I just used a spare box to test the basic procedure.\nIt works, slowly So, this worked:\n# lvs -a -o+raid_min_recovery_rate,raid_max_recovery_rate,raid_mismatch_count,raid_sync_action LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert MinSync MaxSync Mismatches SyncAction audit sysvm -wi-ao---- 1.95g log sysvm -wi-ao---- 10.00g root sysvm -wi-ao---- 9.77g swap sysvm -wi-ao---- 1000.00m var sysvm -wi-ao---- 35.00g mysqlVol vg00 rwi-a-r--- 60.00t 0.51 0 recover [mysqlVol_rimage_0] vg00 iwi-aor--- 60.00t [mysqlVol_rimage_1] vg00 Iwi-aor--- 60.00t [mysqlVol_rmeta_0] vg00 ewi-aor--- 4.00m [mysqlVol_rmeta_1] vg00 ewi-aor--- 4.00m Performance metric For very slow and single threaded values of work: iostat -x -k 10\nAs you can see, nmve0n1 is being read at around 240 MB/s, and being written at the same speed to nvme6n1. The rimage_0 is dm-8, you can see the reading, and the writing goes to dm-10, the rimage_1.\nAt this rate, I will get a RAID sync in 3.5 days or so (60*1024/0.22 = 280k seconds).\nExpected performance The expected behavior is to see a request queue deep enough to get the full transfer rate from a single NVME device (3.5 GB/s according to the spec sheet, anything above 2.5 GB/s sustained is good enough), and on all 6 device pairs in parallel, for a total of anything above 6x 2.5GB/s = 15 GB/s for an unconstrained RAID-1 sync. That is what the hardware can do here. In this case, the sync would complete in 4096 seconds, a bit under 1.5h.\nSo basically this died in the crib, because it does not leverage any parallelism the CPU, the multitude of drives, the deep queues of the NVMEs or anything else would have to offer.\nIt\u0026rsquo;s from the past.\nLVM is in need of serious overhaul in order to become a tool for the 2020\u0026rsquo;s. Outside of toy workloads, snapshots don\u0026rsquo;t work, lvmraid also does not work.\nWhy is this slow? A single NVME drive (we have 2x 6 of them) like the one I used is a 4xPCIe 3.0 device, so we get a transfer rate on the bus of 32 GByte/s. The internal structure of the flash limits the performance here, and according to the technical specifications of the device we get 800k-ish IOPS (let\u0026rsquo;s say it\u0026rsquo;s a million) and 3.5 GByte/s from it.\nWe also can measure the device and see that it does have a read latency of around 100-120 microseconds, and a buffered write latency (to the internal RAM of the device, assume it has 512 MB or so) of 50 microseconds. If you write a lot, writes become unbuffered at, say, 420 micros.\nIn order to get 1 million IOPS single threaded at a queue depth of 1, you would need a latency of 1 microseconds. You don\u0026rsquo;t get that, so in order to get all IOPS, you need to have deep queues (and async IO) or many threads.\nIn order to get 3.5 GB/s (say, 4 GB/s) at 4 KB block size, you need 1 million blocks per second (920k for 3.5 GB/s). Again, you need deep queues or many thread to get that.\nAddendum: Unexpected performance limits Today, I monitored the still syncing array and it has been progressing at around 250 MB/s equalling around 1.1% per hours over night, and is now at 20-something percent synced.\n# lvchange -maxrecoveryspeed=1000k /dev/vg00/mysqlVol This works, and throttles the sync to just below 1000k per second. Conversely, setting a recovery speed of 0k falls back to the default 250 MB/s.\nBut: Setting it to 1000000k ups the speed to around 550 MB/s, which is the single threaded native speed of the array. I see around 4300 requests/s at a size of 256 KB at the NVME level, and around 8600 requests/s at a size of 128 KB one level higher in the dm-layer. There is also some kind of request merging going on somewhere in the stack, which for adjacent requests even makes sense.\nAddendum: Interrupting the RAID sync If you try to split the Volume while it is still synching, you will find that this is not possible.\n# lvconvert --splitmirrors 1 -n splitlv /dev/vg00/mysqlVol Unable to split vg00/mysqlVol while it is not in-sync. Another observationL While lvmraid employs mdraid code, working with devicemapper block devices for the data and external metadata, mdraid does not see any of this in /proc;\n# cat /proc/mdstat Personalities : [raid6] [raid5] [raid4] [raid1] unused devices: \u0026lt;none\u0026gt; You can\u0026rsquo;t use any mdraid tooling to turn knobs inside lvm controlled mdraid code.\n","date":"2019-12-03T00:00:00Z","href":"https://blog.koehntopp.info/2019/12/03/trying-lvmraid-for-real.html","tags":["lang_en","storage","erklaerbaer"],"title":"Trying lvmraid for real"},{"categories":null,"content":"Where I work, we routinely run our databases on XFS on LVM2.\nThe setup Each database has their database on /mysql/schemaname, with the subdirectories /mysql/schemaname/{data,log,tmp}. The entire /mysql/schemname tree is a LVM2 Logical Volume mysqlVol on the Volume Group vg00, which is then formatted as an XFS filesystem.\n# pvcreate /dev/nvme*n1 # vgcreate vg00 /dev/nvme*n1 # lvcreate -n mysqlVol -L...G vg00 # mkfs -t xfs /dev/vg00/mysqlVol # mount -t xfs /dev/vg00/mysqlVol /mysql/schemaname Basic Ops You can grow an existing LVM Logical Volume with lvextend -L+50G /dev/vg00/mysqlVol or similar, and then xfs_grow /dev/vg00/myqlVol.\nYou can also create a snapshot with lvcreate -s -L50G -n SNAPSHOT /dev/vg00/mysqlVol and if you do this right, it will even be consistent or at least recoverable, from a database POV. But LVM snapshots are terribly inefficient, and you might not want to do that on a busy database.\nThe size you specified for the LVM snapshot is the amount of backing storage: When there is a logical write to the mysqlVol, LVM intercepts the write, physically reads the old target block, physically writes the old target block into the snapshot backing storage and then resumes the original write. This will do horrible things to your write latency, because the orignal write is stalled until the copy has been made, and I crashed a database at least once with Redo-Log overflow while holding and reading a snapshot.\nAs the backing storage fills up, the snapshot will fail once it is running out of free space. If you still have free space, it is possible to extend the backing store using lvextend -L+50G /dev/vg00/SNAPSHOT with a live snapshot being held.\nReads to the original mysqlVol can be satisfied the normal way now, as the data we see is always the most recent blocks. Reads from the snapshot will look for the data in the snapshot, and if they find it, will return with the old, snapshotted data. Or, if they do not find it, will look into the mysqlVol instead. In any case, the normal filesystem will show current data, while the snapshot will show old data, and as both volumes diverge, snapshot backing storage will be consumed up to the point where both volumes are completely diverged and the snapshot is as large as the original volume.\nMounting the XFS snapshot volume is a bit tricky: XFS will refuse to mount the same UUID filesystem twice, and since by definition the snapshot is a clone of the (past) original volume, it will of course have the same UUID. So we need to tell XFS that this is okay: mount -t ro,nouuid /dev/vg00/SNAPSHOT /mnt to get it mounted.\nOnce unmounted again, you can turn the Logical Volume to offline and throw it away: lvchange -an /dev/vg00/SNAPSHOT and lvremove /dev/vg00/SNAPSHOT to get it done.\nMirroring using dm-raid One method to clone a machine is to convert an existing volume into a RAID1, then split the raid and move one half of the mirror to a new machine.\nI made myself a small VM with seven tiny drives to test this: The boot disk is sda, and the drives sdb to sdg are for LVM testing.\nThe initial setup is like so: We copy the partition table of sda to all play drives. We then create a volume group testvg, to which we add the initial 3 drives only partitions, sdb1, sdc1 and sdd1. We then create a simple concatenation of 2G extents from sdb1, sdbc1 and sdd1.\n# for i in sdb sdc sdd sde sdf sdg \u0026gt; do \u0026gt; sfdisk -d /dev/sda | sfdisk /dev/$i \u0026gt; done ... # pvcreate /dev/sd{b,c,d,e,f,g} # vgcreate testvg /dev/sd{b,c,d} # lvcreate -n testlv -L2G testvg # lvextend -L+2G /dev/testvg/testlv /dev/sdc1 # lvextend -L+2G /dev/testvg/testlv /dev/sdd1 We can now check what we have. We are looking at the lvs output to see that we have a 6G LV. Then we check the pvs output to see that we indeed have sdb1, sdc1 and sdd1 in testvg, and that 2G of each drive have been used. We can then finally proceed to pvdisplay --map to validate the actual layout.\n# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert testlv testvg -wi-a----- 6.00g # pvs PV VG Fmt Attr PSize PFree /dev/sdb1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sdc1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sdd1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sde1 lvm2 --- \u0026lt;20.00g \u0026lt;20.00g /dev/sdf1 lvm2 --- \u0026lt;20.00g \u0026lt;20.00g /dev/sdg1 lvm2 --- \u0026lt;20.00g \u0026lt;20.00g # pvdisplay --map --- Physical volume --- PV Name /dev/sdb1 VG Name testvg ... --- Physical Segments --- Physical extent 0 to 511: Logical volume /dev/testvg/testlv Logical extents 0 to 511 ... --- Physical volume --- PV Name /dev/sdc1 VG Name testvg ... --- Physical Segments --- Physical extent 0 to 511: Logical volume /dev/testvg/testlv Logical extents 512 to 1023 ... --- Physical volume --- PV Name /dev/sdd1 VG Name testvg ... --- Physical Segments --- Physical extent 0 to 511: Logical volume /dev/testvg/testlv Logical extents 1024 to 1535 ... With this we can introduce the three additional drives, and convert the setup to a mirror:\nroot@ubuntu:~# vgextend testvg /dev/sd{e,f,g}1 Volume group \u0026#34;testvg\u0026#34; successfully extended root@ubuntu:~# pvs PV VG Fmt Attr PSize PFree /dev/sdb1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sdc1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sdd1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sde1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;20.00g /dev/sdf1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;20.00g /dev/sdg1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;20.00g and the actual conversion. First, using lvs we can watch the progress of the sync:\nroot@ubuntu:~# lvconvert --type raid1 -m1 /dev/testvg/testlv Are you sure you want to convert linear LV testvg/testlv to raid1 with 2 images enhancing resilience? [y/n]: y Logical volume testvg/testlv successfully converted. root@ubuntu:~# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert testlv testvg rwi-a-r--- 6.00g 6.25 root@ubuntu:~# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert testlv testvg rwi-a-r--- 6.00g 15.92 root@ubuntu:~# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert testlv testvg rwi-a-r--- 6.00g 100.00 Let\u0026rsquo;s check the disk layout again.\nThere are two competing implementations of this, --type mirror and --type raid1. The mirror implementation is very extremely strongly deprecated, the raid1 implementation is okay, which is why we used this one. It uses mdraid code internally, and we can show this using lvs -a --segments -o+devices\n# lvs -a --segments -o+devices LV VG Attr #Str Type SSize Devices testlv testvg rwi-a-r--- 2 raid1 6.00g testlv_rimage_0(0),testlv_rimage_1(0) [testlv_rimage_0] testvg iwi-aor--- 1 linear 2.00g /dev/sdb1(0) [testlv_rimage_0] testvg iwi-aor--- 1 linear 2.00g /dev/sdc1(0) [testlv_rimage_0] testvg iwi-aor--- 1 linear 2.00g /dev/sdd1(0) [testlv_rimage_1] testvg iwi-aor--- 1 linear 6.00g /dev/sde1(1) [testlv_rmeta_0] testvg ewi-aor--- 1 linear 4.00m /dev/sdb1(512) [testlv_rmeta_1] testvg ewi-aor--- 1 linear 4.00m /dev/sde1(0) This shows us the visible LV testlv as well as the hidden infrastructure that is being created to build it. The left leg of the RAID 1 is testlv_rimage_0, spread over 3 physical devices.\nThe right leg is testlv_rimage1, and because the data all fits onto one disk, we get this consolidated into a single 6G segment on a single device, not quite what we want. We also see two meta devices, which hold the metadata and a bitmap that can speed up array synchonisation.\nHere we see the asymmetric layout again, at the pvs level. Note how the allocation of the rmeta sub-LVs creats the \u0026ldquo;.99\u0026rdquo; free sizes.\nroot@ubuntu:~# pvs PV VG Fmt Attr PSize PFree /dev/sdb1 testvg lvm2 a-- \u0026lt;20.00g 17.99g /dev/sdc1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sdd1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sde1 testvg lvm2 a-- \u0026lt;20.00g 13.99g /dev/sdf1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;20.00g /dev/sdg1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;20.00g # pvdisplay --map --- Physical volume --- PV Name /dev/sde1 VG Name testvg ... --- Physical Segments --- Physical extent 0 to 0: Logical volume /dev/testvg/testlv_rmeta_1 Logical extents 0 to 0 Physical extent 1 to 1536: Logical volume /dev/testvg/testlv_rimage_1 Logical extents 0 to 1535 ... Maintaining the RAID As dm-raid uses md-raid plumbing internally, it has the same controls as md-raid. Among them are also controls that control the sync speed of a logical volume. The lvchange command can set these. For demonstration purposes we are setting these as low as possible, then force a resync of the RAID and check this:\n# lvchange /dev/testvg/testlv --minrecoveryrate 1k --maxrecoveryrate 100k Logical volume testvg/testlv changed. # lvchange --syncaction repair /dev/testvg/testlv # lvs -o+raid_min_recovery_rate,raid_max_recovery_rate,raid_mismatch_count,raid_sync_action LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert MinSync MaxSync Mismatches SyncAction testlv testvg rwi-a-r--- 6.00g 0.19 1 100 0 repair The --syncaction repair forces a RAID recovery, the lvs command shows the data we need to see to track it.\nSplitting the RAID and the VG We can now split the RAID into two unraided LVs with different names inside the same VG:\nroot@ubuntu:~# lvconvert --splitmirrors 1 -n splitlv /dev/testvg/testlv Are you sure you want to split raid1 LV testvg/testlv losing all resilience? [y/n]: y root@ubuntu:~# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert splitlv testvg -wi-a----- 6.00g testlv testvg -wi-a----- 6.00g root@ubuntu:~# pvs PV VG Fmt Attr PSize PFree /dev/sdb1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sdc1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sdd1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sde1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;14.00g /dev/sdf1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;20.00g /dev/sdg1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;20.00g Since the raid is now split, the rmeta sub-LVs are gone and the rimage sub-LVs are unwrapped and become the actual LVs (and those .99 numbers in the PFree column are nice and round again).\nAt this point we can then proceed to split the Volume Group in two, putting splitlv into a new Volume Group splitvg, then export that.\nFor that, we need to change the testvg to unavailable, then run vgsplit. Because of that, a data LV should always be on a data VG that is different from the Boot VG which would hold the boot LVs. If this is not the case, splitting the data LV would require a boot into a rescue image in order to be able to split the data LV: It is not possible to offline a boot LV without this.\nThe outcome:\nroot@ubuntu:~# vgchange -an testvg 0 logical volume(s) in volume group \u0026#34;testvg\u0026#34; now active root@ubuntu:~# vgsplit -n splitlv testvg splitvg New volume group \u0026#34;splitvg\u0026#34; successfully split from \u0026#34;testvg\u0026#34; root@ubuntu:~# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert splitlv splitvg -wi------- 6.00g testlv testvg -wi------- 6.00g root@ubuntu:~# pvs PV VG Fmt Attr PSize PFree /dev/sdb1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sdc1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sdd1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sde1 splitvg lvm2 a-- \u0026lt;20.00g \u0026lt;14.00g /dev/sdf1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;20.00g /dev/sdg1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;20.00g We can see that vgsplit automatically identified the physical drives that make up the splitlv volume, made sure nothing else is on these drives and moves them into a new VG splitvg.\nWe can now vgexport that thing, eject the drives and move them elsewhere. Over there, we can vgimport things and proceed.\nroot@ubuntu:~# vgexport splitvg Volume group \u0026#34;splitvg\u0026#34; successfully exported It is now safe to pull the drive.\n","date":"2019-12-02T00:00:00Z","href":"https://blog.koehntopp.info/2019/12/02/cloning-and-splitting-logical-volumes.html","tags":["lang_en","erklaerbaer","storage"],"title":"Cloning and splitting logical volumes"},{"categories":null,"content":"Exit Strategy by Martha Wells is the fourth book in the the Murderbot Diaries (All Systems Red , Artificial Condition, Rogue Protocol, Exit Strategy, Network Effect).\nThis novella is the culmination of the Murderbot Novellas, in which our nameless murderbot cyborg tries to nail the evil GrayCris corporation for the series of crimes against settlers and researchers, has to rescue it\u0026rsquo;s \u0026ldquo;owner\u0026rdquo;, sponsor and friend Dr. Mensah from the claws of GrayCris, and make friends on the way. And while Murderbot has no problems with violent action and explosions, it is still scared of emotions and \u0026hellip; people.\nWhile this concludes the arc of the previous three novellas, a fifth full novel length Murderbot story, Network Effect, is in the works and will be published mid-2020.\nAll of the Murderbot stories so far have been outstanding storytelling and characterisation and are strongly recommended.\n\u0026ldquo;Exit Strategy \u0026rdquo;, Martha Wells, EUR 9.34\n","date":"2019-11-22T00:00:00Z","href":"https://blog.koehntopp.info/2019/11/22/fertig-gelesen-exit-strategy.html","tags":["media","review","book","lang_en"],"title":"Fertig gelesen: Exit Strategy"},{"categories":null,"content":"Fashion and Its Social Agendas: Class, Gender, and Identity in Clothing by Diane Crane is an analysis of the changes in society during the various phases of the industrial revolution through the lens of clothing in various societal strata.\nThe book studies fashion and clothing choices in three countries - France, the United States, and England - over a period of 150 years. France and England are examples of class societies in the nineteenth century. It has available four sets of data: Interviews and inventories of clothing in a large number of households the above countries, spaced out over an extended period of time. The long timescale and the temporal distance between the various studies allow comparison across major events (such as the Franco-Prussian war) and as industrialisation plays out.\nThis is not a book for reading, it is a study, full of footnotes, tables, cross references and sections that demand note-taking. It is also interesting, because it shows how materials, production cost, societal change and changing gender roles change the role of fashion and how it is being used in society. Hard work, bit damn interesting.\n\u0026ldquo;Fashion and Its Social Agendas: Class, Gender, and Identity in Clothing \u0026rdquo;, Diane Crane, EUR 24.56\n","date":"2019-11-21T00:00:00Z","href":"https://blog.koehntopp.info/2019/11/21/fertig-gelesen-fashion-and-its-social-agendas-class-gender-and-identity-in-clothing.html","tags":["media","book","review","lang_en"],"title":"Fertig gelesen: Fashion and Its Social Agendas: Class, Gender, and Identity in Clothing"},{"categories":null,"content":"The Wiz Biz by Rick Cook is a book in the genre of \u0026lsquo;magical realism\u0026rsquo;. Some real-world person is being transported into a universe with predictable magic in a classical fantasy setting and is applying scientic method and industrial production methods to the setting.\nIn this book, the real-world person is Walter Zumwalt, a stereotypical hacker, which as part of a hail-mary summoning rital is being transported into a magical war between the good guys and the bad guys. Walter does not know a thing about magic at all, but apparently that can be learned and then turns out to be a lot like computer programming, if you make it so.\nThis book is over 20 years old, and it shows. Not so much in the computer programming aspects, but in the story telling, the world views, and the usage of cliches, most of which did not age well at all. The coding aspect is being introduced late to the story, and is not well constructed. The storytelling is flat and the characters are, well, cliche.\nAll in all a nice idea, but meh execution.\n\u0026ldquo;The Wiz Biz \u0026rdquo;, Rick Cook, EUR 5.99\n","date":"2019-11-20T00:00:00Z","href":"https://blog.koehntopp.info/2019/11/20/fertig-gelesen-the-wiz-biz.html","tags":["book","media","review","lang_en"],"title":"Fertig gelesen: The Wiz Biz"},{"categories":null,"content":"When developing there is often an edit-compile-test cycle, or an edit-distribute-changes cycle or a similar repetetive task. You could poll changes, for example with cron every minute or similarly, but that is wasteful and slow.\nAll modern operating systems have mechanisms for processes to subscribe to file or directory changes. In MacOS, we do have the File System Events API since 10.5, in Linux we got three different implementations (as described in LWN ): The original dnotify, its replacement inotify and the even more recent fanotify (which got its own LWN article ). BSD has kqueue.\nThe idea is that you subscribe to a directory and get notified for change/create/delete/rename events inside that directory and/or all events recursively beneath that starting point (a \u0026lsquo;root\u0026rsquo;). You would be interested into the type of change and the name of the file path that changes, and you would probably want to be able to retrieve lists of these changes in batch.\nTo make that useful, you would need a shell interface to this, and there are quite a few by now.\nThe most convenient seems to be entr , because it works most closely with shell programs. There is also watchman , but this requires submitting jobs and processing results in Javascript to fully use its potential. One of the first programs to use filesystem subscriptions is fswatch , but while highly portable, it is cumbersome to use. Instead of running commands, it just reports filenames to feed into a pipe to handle. Ruby seems to have a library called Guard that also comes with an interface to shell, but can also being used as a ruby gem. spy is a weird piece of Haskell that produces a small binary that can run commands on file system changes. Python seems to come with a bunch of modules and interfaces in various states of disrepair, inotify-tools , the very tiny wrapper inotify_simple (the simple here refers to the fact that it is a tiny wrapper around the C library, not simple to use), the more convenient inotify and the high level wrapper watchdog .\nA test scenario As a test scenario I have a ship-to-kvm command that I want to run on every file change. It looks like this:\nrsync -e ssh -t -v --delete --delete-excluded --exclude=\u0026#39;.git\u0026#39; -r \\ ~/git_tree/myproject \\ devuser@devbox.example.com:myproject when I save my local file from my local editor so that the tree myproject is made available on my devbox.\nentr With entr , that is rather simple. The package entr is available in Homebrew on MacOS (brew install entr) or as a package in Linux (yum install -y entr, apt install entr).\nYou ask entr to watch a list of files or a directory, and when things change to run a command. You can hit space to force execution even when nothing changed, or q to end the command.\nVarious ways to handle changes are provided:\n$ ls *.js | entr -r node myproject.js The -r option here will SIGTERM the node instance, wait for it to complete and then restart it.\nTo get notification of new and deleted files, you need to watch directories, which are inferred from a file list. This is done with the -d option and in fact the command terminates so you need to wrap it in a loop:\n$ while :; do \u0026gt; ls | entr -d ship-to-kvm \u0026gt; done There are a few other options, but these two should cover the most common use cases.\nwatchman watchman is the facebook take on things. It consists of a daemon that is automatically started when you are using the frontend command, and a frontend command that actually does not expose all the functionality unless you feed it JSON job files. All command results are also JSON.\nwatchman has the concept of roots, filesystem subtrees that are being watched, and then triggers that are attached to roots or subtrees of roots, and are being run on change. A simple predicate language and a selection of regex libraries can be used to formulate conditions for triggers.\n$ watchman watch ~/git_tree/myproject # this will start the daemon $ watchman -j ship-to-kvm.json # this defines the job ... and the actual job definition is then something like\n[ \u0026#34;trigger\u0026#34;, \u0026#34;~/git_tree/myproject\u0026#34;, { \u0026#34;name\u0026#34;: \u0026#34;ship-to-kvm\u0026#34;, \u0026#34;expression\u0026#34;: [ \u0026#34;pcre\u0026#34;, \u0026#34;^[a-zA-Z0-9]\u0026#34; ], \u0026#34;command\u0026#34;: [ \u0026#34;ship-to-kvm\u0026#34; ] } ] This may look nicer to developers, but I seem to prefer the entr way of doing things.\nPython watchdog The Python library watchdog provides a convenient programmatic interface to inotify and friends by defining an Observer class and scheduling operations to the observer when there are events outstanding.\nThe example from the manual looks like this:\n#! /usr/bin/env python import sys import time import logging from watchdog.observers import Observer from watchdog.events import LoggingEventHandler if __name__ == \u0026#34;__main__\u0026#34;: logging.basicConfig(level=logging.INFO, format=\u0026#39;%(asctime)s - %(message)s\u0026#39;, datefmt=\u0026#39;%Y-%m-%d %H:%M:%S\u0026#39;) path = sys.argv[1] if len(sys.argv) \u0026gt; 1 else \u0026#39;.\u0026#39; event_handler = LoggingEventHandler() observer = Observer() observer.schedule(event_handler, path, recursive=True) observer.start() try: while True: time.sleep(1) except KeyboardInterrupt: observer.stop() observer.join() and when run does things like this for a touch keks; sleep 1; rm keks in a secondary shell:\n2019-11-19 14:36:40 - Modified directory: ./.git 2019-11-19 14:36:44 - Created file: ./keks 2019-11-19 14:36:44 - Modified directory: . 2019-11-19 14:36:44 - Modified directory: ./.git 2019-11-19 14:36:53 - Deleted file: ./keks 2019-11-19 14:36:53 - Modified directory: . 2019-11-19 14:36:53 - Modified directory: ./.git The actual observer selection allows a rich palette of event classes and filters, so dispatching and filtering events is easy.\n","date":"2019-11-19T00:00:00Z","href":"https://blog.koehntopp.info/2019/11/19/when-a-file-changes-do-a-thing.html","tags":["computer","filesystems","lang_en"],"title":"When a file changes, do a thing"},{"categories":null,"content":"TL:DR: If you have long running transactions, MySQL does not deal well with this, and it will slow down the box. That\u0026rsquo;s okay as long as you are basically alone on your box, but if you aren\u0026rsquo;t, the others will hate you.\nThe database machine \u0026lsquo;somehierarchy-02\u0026rsquo; in a general purpose load balancer pool for somehierarchy had replication delay.\nIt\u0026rsquo;s a MySQL replica and is receiving the same write workload than all the other boxen in that pool. Yet, somehierarchy-03 is fine, while somehierarchy-02 is not. Both machines have comparable hardware: -02 and -03 are both Dell M630 with 128 GB of memory and two SSD. They should behave identically, yet one runs from memory, but the other is reading 40 MB/s from disk.\nMachine somehierarchy-02 reading up to 40 MB/s from disk. The sister box runs from memory.\nThe objective was to find the root cause for this, as it was causing replication delay and generally making people unhappy.\nTogether with a colleague we established that both boxes replicate from the same master and that they receive identical binlogs. We did find indeed the same set of GTIDs, a similar amount of binlog files, and a bit of Ghetto statistics (mysqlbinlog -v binlog... | egrep -i '(insert|update|delete)' | awk ... | sort | uniq -c) on the active tables per time also found nothing unusual.\nWe then did a mysqldump --no-data schemaname to validate that the schemas are identical. They indeed were, same tables, same table structures, same indexes.\nIt\u0026rsquo;s reads, coming from a client We can therefore rule out anything related to replication or disk writes. The difference must be in the reads, that is, the two boxes receive vastly different workload from clients.\nComparing the active PROCESSLIST between the two boxes did not yield results, though. Checking back we found that the problem had been going away while we were looking. So whatever we were looking for would not be in processlists, only in logs.\nSo, do we have logs?\nlog_processlist is still a thing Turns out: we do. The tool log_processlist is older than time itself, it goes back to before 2007. Simon Mudd and I wrote that once, to have a flight recorder for crashed machines.\nBasically it dumps data from the operating system and the various MySQL tables into the directory /var/log/mysql_pl, where we have a weekly ring-buffer like directory structure:\n[somehierarchy-02 /var/log/mysql_pl]$ ls -F Fri/ Mon/ README Sat/ Sun/ Thu/ Tue/ Wed/ When a box crashes or misbehaves, as long as you have access to this subtree, you can go there and inspect the files to see what the box did just before it crashed. So we go into Mon subdirectory for Monday, and look into some files, for example the 10:20 recordings:\n[somehierarchy-02 ~]# cd /var/log/mysql_pl/Mon [somehierzrchy-02 Mon]# ls -l 10_20* -rw-r--r-- 1 root root 19144 Nov 18 10:20 10_20.innodb.xz -rw-r--r-- 1 root root 5836 Nov 18 10:20 10_20.unix.xz -rw-r--r-- 1 root root 18368 Nov 18 10:20 10_20.xz [somehierarchy-02 Mon]# ls -l 10_21.sys* -rw-r--r-- 1 root root 14590 Nov 18 10:21 10_21.sys.gz In the 10_20.xz we find the MySQL processlist and a few other things, in the 10_20.unix file.xz we find the UNIX processlist, system memory and other system stuff, and in the 10_20.innodb file there are various InnoDB related table dumps from this point in time. There is also a dump of the entire sys set of views every 15 minutes, so 10_21.sys.gz has that.\n[somehierarchy-02 /var/log/mysql_pl]# head -3 /tmp/x Id\tUser\tHost\tdb\tCommand\tTime\tState\tInfo 33\tsystem user\tNULL\tConnect\t1\tWaiting for dependent transaction to commit\tNULL 34\tsystem user\tNULL\tConnect\t1\tSystem lock\tINSERT INTO ... Checking the processlist shows many sleeping connections. We filter these and immediately hit paydirt:\n[somehierarchy-02 tmp]# awk -F\u0026#34;\\t\u0026#34; \u0026#39;$5 != \u0026#34;Sleep\u0026#34; { print $5, $6 }\u0026#39; x | wc -l 27 [somehierarchy-02 tmp]# awk -F\u0026#34;\\t\u0026#34; \u0026#39;$5 != \u0026#34;Sleep\u0026#34; { print $5, $6 }\u0026#39; x Command Time Connect 1 Connect 1 Connect 1 Connect 1 Connect 1 Connect 1 Connect 2 Connect 2 Connect 2 Connect 2 Connect 2 Connect 39412 Query 33242 Query 33242 Query 33241 Query 24514 Query 20613 Query 14924 Query 6827 Query 3219 Query 1 Query 1 Query 0 Query 0 Query 0 Query 0 The \u0026ldquo;Connect\u0026rdquo; only means that these are replication threads. Running Queries have \u0026ldquo;Query\u0026rdquo; and here the number is the seconds of runtime for this query. There are apparently a number of queries with a large runtime: 33242 seconds are 9.25 hours - they are running since 1 am.\n[somehierarchy-02 tmp]# awk -F\u0026#34;\\t\u0026#34; \u0026#39;($5 == \u0026#34;Query\u0026#34; ) \u0026amp;\u0026amp; ($6 \u0026gt; 10000) { printf \u0026#34;%s %s %s %s\\n\u0026#34;, $2, $3, $6, $7 }\u0026#39; x hadoopuser hadoop-07:62112 33242 Sending data hadoopuser hadoop-07:62126 33242 Sending data hadoopuser hadoop-07:62128 33241 Sending data cronuser cronbox-14:34017 24514 Creating sort index cronuser cronbox-06:45661 20613 Creating sort index cronuser cronbox-14:55920 14924 Creating sort index At around 1:00am the hadoopuser connected from hadoop-07 to somehierarchy-02 and started a number of queries:\nSELECT ... FROM MessageLog WHERE ( `hotelnumber` \u0026gt;= 986116 ) AND ( `hotelnumber` \u0026lt; 1181338 ) and similar. They read around 70M rows from MessageLog each, a table that itself has 540M rows. That takes time.\nDuring that time the \u0026ldquo;select\u0026rdquo; statements maintains a read-only transaction to create a stable view of the table it is reading. That means that as we change rows in MessageLog the old versions of the row are being shifted to the Undo-Log, and while other transactions read the new version of the row from the tablespace, these transactions read old versions of the row from the Undo-Log.\nOr they try. They hit the tablespace first, see a new version of the row, are being sent one version into the past, find that this is still too recent, go one step deeper into the past and so on. We are essentially traversing a linked list on disk, without caching. MySQL is not really meant to deal well with 9h old transactions.\nWe can monitor this:\nand we will. Not necessarily a thing to alert on at night, but certainly a thing to check up on early on in debugging.\nCertainly a blast from the past: Not just from the past of the row in a MVCC system, but also a thing we have seen before , and that was 2012. Certainly a blast from the past.\n","date":"2019-11-18T00:00:00Z","href":"https://blog.koehntopp.info/2019/11/18/a-blast-from-the-past.html","tags":["mysql","innodb","lang_en"],"title":"A blast from the past"},{"categories":null,"content":"Change Agent is Daniel Suarez fifth book.\nAs usual, he builds his stories around one technology or technological change and constructs an action-rich storyline around it. For \u0026ldquo;Change Agent\u0026rdquo;, this is CRISPR genetic modification of living beings. He basically imagines a programmable genetic agent that rewrites living beings including humans on the go - the eponymous change agent.\nIt\u0026rsquo;s 2045, and an Interpol Agent Kenneth Durand is trying to pursue the Huli Jing cartel, a criminal black market corporation that produces enhanced designer babies for rich prospectice parents. Huli Jing so far has proven to be able to completely evade any police action. As Durand tries to close in on Marcus Demag Wyckes, the cartel leader, he\u0026rsquo;s being attacked, injected with a drug and the change agent turns him into Wyckes, Face-Off-style. Through some unlikely circumstances Durand survives the procedure that was expected to kill him, and pursues the cartel.\nThis book has over the top action, interesting ideas and shallow characterisation. It\u0026rsquo;s a terribly written thing that could have been making an awesome summer blockbuster.\n\u0026ldquo;Change Agent \u0026rdquo;, Daniel Suarez, EUR 6.99\n","date":"2019-11-18T00:00:00Z","href":"https://blog.koehntopp.info/2019/11/18/fertig-gelesen-change-agent.html","tags":["media","book","review","lang_en"],"title":"Fertig gelesen: Change Agent"},{"categories":null,"content":"Infinity Engine is the third and final book in Neal Asher\u0026rsquo;s Transformation Sequence , a trilogy set in the Polity Universe .\nThis is the conclusion of the three book arc about the redemption of the mis-manufactured and temporarily mad AI Penny Royal. Asher takes us through a set of encounters he prepared two other books for, contrasting the reconstruction and the redemption of Penny Royal with the descend into madness of the forensic AI Brockle, and weaving together all the other story-strands that he set up earlier into a literally star-shattering finale.\nAs usual with Asher, there is a lot of casual violence and killing, and also as usual with Asher, the tech and the scale of things is way over the top. On the other hand, this is what we get when we imagine a post-scarcity society like the culture, but with actual action. A nice conclusion, and at the same time a set-up of the followup trilogy, \u0026ldquo;The Rise of the Jain\u0026rdquo;.\n\u0026ldquo;Infinity Engine \u0026rdquo;, Neal Asher, EUR 7.78\n","date":"2019-11-18T00:00:00Z","href":"https://blog.koehntopp.info/2019/11/18/fertig-gelesen-infinity-engine.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: Infinity Engine"},{"categories":null,"content":"I fell into the Twitters again. @CarrickDB joked about Unix, Files and Directories:\nAnd that is a case of \u0026ldquo;Haha, only serious\u0026rdquo;. Because directories used to be files, and that was a bad time. Check out the V7 Unix mkdir command. At this point in history we do not have a mkdir(2) syscall, yet, so we need to construct the entire directory in multiple steps.\nmknod(2) an inode that has the S_IFDIR flag set , even if that macro does not even exist yet. manually link the entry for the current directory . into that manually link the entry for the parent directory .. into that This fragile and broken: mkdir could be interrupted while doing that or another program could try to race mkdir while it is doing that. In both cases we get directories that are invalid and dangerous to traverse, because they break crucial assumptions users make about directories.\nThis is also before readdir(2) and friends, so programs like ls open directories like files and then make assumptions about the format of dentries on disk. Specifically, they assume a 16 bit inode number and then a filename of 14 characters or less and a directory that is an array of these entries. Unfortunately, time has not been kind to the assumption of 65535 files or less per partition, and also we require filenames that are longer than 14 bytes these days.\nFinally have a look at the hot mess that the rmdir command is. What could probably go wrong?\nWell, Jan Kraetzschmar reminds us that this kind of non-atomic rmdir can also produce structures in the filesystem that are disconnected from the main tree starting at /. In that case you end up with orphaned, unreachable inodes that still have a non-zero link count. fsck should be able to find them and free them, but of course that would be a disruptive operation. Making mkdir and rmdir system call avoids all of these problems.\nThat\u0026rsquo;s why all of this was fixed in 1984 or so, when BSD FFS came around and we got long filenames, wider inodes, mkdir, rmdir and readdir as syscalls and many other improvements.\nWhat if really everything was a file? Another decade later, around 1995 or so, we got Plan 9, not from outer space, but from Bell Labs.\nIt not only brought us Unicode everywhere, but also an exploration of \u0026lsquo;What if really everything was a file?\u0026rsquo;, including other machines on the network and processes on our machine. From that we get todays procfs in Linux (and in many other modern Unices).\nExcept that you can\u0026rsquo;t rm -rf /proc/1 to shut down the box.\nThings that still are not a file, and should be dead I am not going to mention System V IPC here at all. Not shm, not sem, and not msq. They are abominations that should never have escaped the lab cages they have been conceived in.\nThere is mmap, and mmap is good. Or can be, as long as you do not conflate in memory and on disk representations of data, and understand the value of MVCC. But that is another story and should be told another day.\n","date":"2019-11-14T00:00:00Z","href":"https://blog.koehntopp.info/2019/11/14/everything-was-a-file-but-we-got-better.html","tags":["unix","computer","damals","lang_en"],"title":"Everything was a file, but we got better"},{"categories":null,"content":"Some of the databases at work are a tad on the large side, in the high 2-digit terabytes of size. Copying these to new machines at the moment takes a rather long time, multiple days, up to a week. Speeding it up pays twice, because with shorter copy times there is also less binlog to catch up.\nI have been looking into disk copy speeds in order to better understand the limits. When creating a partition from NVME devices, the most simple layout is a concatenation:\n# lvcreate -n kris -L 10t vg00 # dd if=/dev/zero of=data.0 bs=1024k count=10240 Using a single dd command, I get about 600 MB/sec read or written from it. For 50TB, this is 87400 seconds, slightly more than one day.\nThe key to NVME saturation is parallel access, so lets do this in parallel with multiple processes:\n# seq 1 128 | parallel dd if=/dev/zero of=data.{} bs=1024k count=10240 This will run as many processes in parallel as I have CPUs. On the test machine it will keep 32 processes running at all times, filling the queues of the NVME device deeply. It can reach 3250 MB/s, so 50 TB translate into 16130 seconds, 4.5h.\nHad I created the NVME device as a striped RAID-0, I would have gotten even better performance:\n# lvcreate -n kris -L 10t -i12 -I64k vg00 # seq 1 128 | parallel dd if=/dev/zero of=data.{} bs=1024k count=10240 This configuration can reach up to 5.2 GB/s locally, so for 50TB, we get to 2.75h disk write time.\nNow, what I actually want is unfortunately something different: A copy of the original database image from machine A transferred to machine B. So that will translate into something along the lines of\n# mkdir /root/kris # cd !$ # fpart -o chunk -n 128 /mysql/testschema # find . -type f | parallel rsync --files-from={} / kris@B:/mysql/testschema but that is still suffering from all the rsync+ssh overhead. It will give you around 2.7 GB/s. Using tar, this becomes\n# find . -type f | \u0026gt; parallel \u0026#39;tar cvf - --files-from={} | ssh kkoehntopp@B \u0026#34;tar -C /a -xf -\u0026#34;\u0026#39; which is much faster for a clean, non-incremental copy. But that is still using ssh to encrypt and can become a bottleneck in some use cases.\nYou could run tnc to use tar and netcat to get rid of both sources of overhead to speed things up even more and run at media speed. How to transfer large amounts of data via network in general is a useful resource and has a few more ideas and tools on how to handle things.\nTools used GNU parallel - a perl script that is part of CentOS 7, which can comfortably construct and run command lines in parallel execution. It has no large advantage over xargs -P, but I like the flexibility of the substitutions offer.\nfpart - a tool that will take a list of filenames or pairs of size and filename (du output) and sort it into chunks of files so that each chunk contains the approximately same amount of bytes.\nOther tools fpsync - deprecated tool, part of fpart, does a parallel rsync, badly. Do not use this. Also, the successor tool (parsyncfp) is not really valuable if you can do fpart and your transfer command of choice yourself. Actually doing it yourself is more transparent and easier to test.\nThis requires NVME NVME devices have multiple deep queues. They can utilize parallel access and turn it into performance. In fact, getting the full performance out of a NVME device probably requires asyncio or parallel processes.\nThat is, because a single NVME device can give you around 800000 IOPS or more, so you should complete one IO every 1.2 microseconds. On the other hand, actual read latency is on the order to 100 micros, and write latency buffered/unbuffered is at around 50/450 micros, so a single threaded access can realize only a fraction of the total I/O potential of the device.\nNVME devices are using the same flash storage that SSD use, but they remove the SATA controller from the equation. Instead the flash resides directly on the PCI bus. NVME can be made available locally or remotely, and the way we have set our network the network is not the bottleneck. Network access inside our data centers will add 20 micros or less in latency.\n","date":"2019-11-11T00:00:00Z","href":"https://blog.koehntopp.info/2019/11/11/filling-disk-space-fast.html","tags":["lang_en","computer","storage","database"],"title":"Filling disk space fast"},{"categories":null,"content":"Water is a very weird substance. Melting ice at 0C to water at 0C takes a fantastic amount of energy: Water has a latent heat of 384J/gram. Compared to other materials that is pretty much at the upper end of the spectrum.\nWarming up 1g of liquid water by 1C is the original definition of 1 Calorie, or 4.184 Joules in todays units.\nThe water on our planet is a buffer that can store energy if there is more energy incoming that the earth can dissipate, or release energy if the bilancing is negative. Since some time around 1990 the energy bilancing of our planet is positive and the oceans are capturing energy at an alarming rate:\n(via Lijing Cheng )\nThis acts as a buffer, keeping the air cooler than it should be given the energy surplus we experience.\nAt the same time, the yearly cycle of the sea ice in terms of area and thickness can be plotted, and is shown to go around a mostly stable center.\n(via Simon Küstenmacher )\nAgain, this changes in the 1990ies, in a very alarming way.\nBoth, the sea ice and the water mass of the ocean, are buffers that keep the earths climate on point and prevent it from changing quickly. But for the last 30 years, since approximately 1990, we are putting more energy into the system than it can dissipate, loading the buffers up more and more until we exhaust them.\nOnce that happens, there will be a no mitigation any more and the atmosphere will be warming up very rapidly and in a non-linear fashion.\nThe problem here is that even carbon neutrality at the current level will not be enough: The earth will not become more retaining for infrared than it already is, but the current level of CO2 is high enough to be energy-positive and it continues to load the buffers.\nNOAA keeps lists of CO2 over time at monthly CO2.earth . The current level of CO2 in our atmosphere is 408ppm in September 2019. In September 1990, when this process started, it was 351 ppm.\nSo basically we have been adding not quite 2ppm/year, and we need to get back to 1990s levels in order to stabilize our home planet.\nClimate change started already, 30 years ago, and currently we are living off our safety buffers, the sea ice and the water masses of earth taking the surplus and keeping us alive.\n","date":"2019-10-15T00:00:00Z","href":"https://blog.koehntopp.info/2019/10/15/climate-change-happened-30-years-ago.html","tags":["climate","mobility","lang_en"],"title":"Climate change happened 30 years ago"},{"categories":null,"content":"Note to self: Ignoring the Catalina Nagscreens is done like this:\n$ sudo softwareupdate --ignore \u0026#34;macOS Catalina\u0026#34; $ defaults write com.apple.systempreferences AttentionPrefBundleIDs 0 \u0026amp;\u0026amp; killall Dock And that should make MacOS ignore Catalina until further notice. Further notice does look like this:\n$ /usr/sbin/softwareupdate --reset-ignored ","date":"2019-10-15T00:00:00Z","href":"https://blog.koehntopp.info/2019/10/15/ignoring-catalina-nags.html","tags":["lang_en","apple","macos"],"title":"Ignoring Catalina nags"},{"categories":null,"content":"Catalina is here. It fixes many things, among them iTunes. On the other hand, it drops support for 32-Bit MacOS applications.\nConsider the upgrade carefully.\n$ system_profiler SPApplicationsDataType … Steam: Version: 1.5 Obtained from: Identified Developer Last Modified: 23.08.16, 20:32 Kind: Intel 64-Bit (Intel): No Signed by: Developer ID Application: Valve Corporation, Developer ID Certification Authority, Apple Root CA Location: /Applications/Steam.app … Anything listed with 64-Bit (Intel): No will stop working after the upgrade. Check before you upgrade, and consider what you will be losing access to if you perform the upgrade.\nOn my box:\nApprentice Alf DeDRM Plugin for Calibre Civilization V CoverScout 3 Google Music Manager Google Photos Backup GrandPerspective JD-GUI Kindle (1.23.1, locked from upgrades) Mathematica Microsoft Office SongGenie 2 Steam TigerVNC UnRarX Some of them are unimportant, other things are quite critical, some of them can\u0026rsquo;t be updated easily.\nAt this point, for me this is a hard pass, and a lot of work to be done.\n","date":"2019-10-08T00:00:00Z","href":"https://blog.koehntopp.info/2019/10/08/catalina-upgrade-carefully.html","tags":["apple","macos","lang_en"],"title":"Catalina: Upgrade carefully."},{"categories":null,"content":"Deutsche Welle is shocked: Generation Greta is watching Netflix (Article in German Language), Netflix runs on computers, and apparently computers are using power.\nLet\u0026rsquo;s have a look.\nEDIT: Second part Streaming and Energy now available.\nEnd-User Device. It\u0026rsquo;s 2019. End user devices are using Wi-Fi, and are running on Batteries. They are Cellphones, Tablets or Laptops.\nDevices that are not connected to grid are more usable if they are trying to save energy, and so all modern devices are full of special purpose hardware that allows them to fulfill their main functions more energy efficient. In particular for the use-case of watching video modern hardware, even cellphones, have special ASICs that can do video and audio decompression and compression on the fly faster and with much less energy usage than a CPU could do.\nAlso, devices without a fan are limited to a sustained power usage of 5W or less, because that is typically the heat that a device can dissipate without a fan and without looking strange.\nAll of this is an enormous improvement: An old-style desktop computer has a TDP (Thermal Design Power) of 150W and actually uses a large two digit number of Watts to run, and an old-school 17\u0026quot; monitor instead of a modern LCD uses as much energy. A modern tablet or cellphone does both, loading an email and displaying it, within a power budget of 1.5W to 5.0W, so easily 20-40x more energy efficient.\nThe article mentions\n\u0026ldquo;Eine geringere Video-Auflösung spart immer Daten und damit Strom. Ein Smartphone etwa kann eine HD-Auflösung gar nicht darstellen.\u0026rdquo; Außerdem gelte: je größer der Bildschirm, etwa bei einem Smart-TV im Wohnzimmer, desto höher der Stromverbrauch. Fazit: HD-Filme auf dem Smartphone über das mobile Netz zu schauen, ist am stromintensivsten und damit am klimaschädlichsten.\n»\u0026ldquo;A smaller resolution saves data and power. A smartphone for example cannot show HD resolution\u0026rdquo;. Also, the larger the screen, the more power use. In total: Watching HD movies on a smartphone is the most energy intense and most climate endangering use.«\nThat\u0026rsquo;s an amazing mix of truth and nonsense:\nThe smartphone will still use less than 5W, because it can\u0026rsquo;t fry itself. And doing this at home via Wi-Fi will not use mobile infrastructure but whatever access point is in the house, so relatively low power (10W total for AP and phone?). The smartphone can indeed show Full HD, because modern smartphone screens are in fact 1920x1280 or larger in resolution, but you won\u0026rsquo;t be able to notice that, because the pixels at 450dpi or higher are too small for human eyes. And all this is so obvious that Netflix knows this and won\u0026rsquo;t actually give you full HD for a smartphone endpoint. Unless of course you are streaming from the smartphone to a TV, in which case it does. You can prove this by downloading, and observing that a full episode of an 1h show comes down to \u0026lt;250 MB of total storage. Data Center Modern Cloud Data Centers are containing Megawatts and Megawatts of compute capacity (What\u0026rsquo;s a Megawatt? ), with a single facility now touching the 100 MW barrier .\nGoogle specifically is using 100% renewable energy for their data centers, since 2017 , for a total of 2600 Megawatt. They are doing this by financing solar and wind facilities directly, and not through greenwashing certificates (PDF ).\nAzure claims to have reached CO2 neutrality in 2014, and also talks about Power Usage Effectiveness (We\u0026rsquo;ll be touching that subject in more depth below). In their Dutch page they claim\nWe hebben in 2014 CO2-neutraliteit bereikt en voldoen aan onze doelstelling om een gemiddelde PUE (Power Usage Effectiveness) van 1,125 voor elk nieuw datacenter te realiseren. Hiermee zitten we 30 procent boven het industriegemiddelde.\n\u0026ldquo;We have reached CO2 neutrality in 2014 and reached our targets for power usage effectiveness of 1.125 for all new data centers. With this, we are 30% better than industry average.\u0026rdquo;\nAmazons energy page is AWS \u0026amp; Sustainability and they claim more than 50% power from renewables, and commit to a 100% renewable goal for their global infrastructure.\nLike all the other cloud providers, they also highlight the way lower PUE and much higher utilitzation of their servers compared to on-premises IT (65% vs. 15% average utilization, and 29% better power effectiveness, adding up to a 84% better overall power bilancing in their math).\nThey also list their ongoing solar and wind farm builds. For the amount of power usage they can\u0026rsquo;t yet cover from direct renewable sources, the page states \u0026lsquo;AWS purchases and retires environmental attributes, like Renewable Energy Credits and Guarantees of Origin, to cover the non-renewable energy we use in these regions\u0026rsquo;, making them overall CO2 neutral.\nFinally, computer power usage is not linear: Power management on a data center CPU turns cores on and off as needed, and thus, a CPU uses already circa 50% power at 10% utilisation. From a cost and from an environmental perspective it is best to utilise any CPU to the fullest. Some older measurements of mine on this.\nNetworking The article from Deutsche Welle states correctly that the Last Mile is what counts. That is, because everything before the Last Mile is already fiber, and fiber lines allow extremely fast networking at relatively low energy.\nGermany, specifically, is wasting a lot of energy on the last mile, because in order to make Germanys aging copper infrastructure capable of handling modern data rates, a stunning amount of signal processing is required.\nSiemens DSL DSLAM (not VDSL) as can be found in typical outdoor cabinets all over the city. VDSL requires even more compute to send Megabits/s over what is hardly better than a wet cow wire (Image via Wikipedia )\nNokia lists Fiber as 45% more cost efficient and way more energy efficient than VDSL2:\nCopper infrastructure maintenance is typically the most costly of all network types. By comparison, GPON is significantly cheaper — upwards of 45% less to operate than VDSL2.\nThat’s why replacing aging copper plant with fiber has significant operational benefits. New fiber is more reliable than old copper while, at the same time, consumes much less energy. Also, with GPON operational costs are further reduced with the elimination of the digital subscriber line access multiplexer (DSLAM) from the access architecture.\nClearfield specifices the total installable power in their typical grey \u0026lsquo;outdoor VDSL cabinets\u0026rsquo; as up to 3000W, but most cabinets will not be fully powered to the max. German Telekom DSLAMs are being fed 48V/25A, around 1000W for the street level devices with four cards.\nMoving this to fiber will dramatically save energy, and in fact, everywhere in the world outside of Germany this is happening right now.\nMobile data networks are indeed great power sinks . If you can use cabled networking, do so.\nModern Data Centers and Power John Laban is an ambassador for the Open Compute Project . Funded originally by Facebook, OCP is a project that tries to build more power efficient cloud data centers. In his presentations , John explains how OCP achieves this by getting rid of old technology in the data center and making the room and the rack a system:\nTraditional Data Centers: Dark Green - Payload. Everything else - Payload Support.\nOCP Data Centers: Dark Green - Payload. Still around: Generator, Airco is now adiabatic instead of CRAC. Everything else: gone.\nOCP data centers redesign the air flow in the data center.\nTraditionally data centers have a raised floor, which transports cold air to the racks, goes through the racks and is then cooled again. Air-in temperatures are often as low as 17-25C, and humidity is tightly controlled. OCP data centers allow non-condensing air of up to 35-45C to go into the servers, which does basically away with heat pumps and air condition and allows ambient temperature air to go into the DC.\nTraditional servers have often a relatively low height (\u0026ldquo;1U\u0026rdquo;, one rack unit), which forces the designers to use relatively small fans, small heat sinks (== higher air flow speed necessary for cooling) and produces a lot of friction for the air in the devices. In a 350W server, the worst case I have personally observed is 50W for air movement.\nOCP uses higher rack units (\u0026ldquo;OU\u0026rdquo;, Open Compute Units) and usually makes devices no flatter than 2 OU. Instead, horizontal partitions are used (3 devices in 2 OU) for a more square device front, minimising friction and allowing larger heat sinks. It also allows larger fans, with in turn allows moving the same volume of air with less RPM and a lot less power. Best cases I have personally observed were as low as 5-10W for a 350W server.\nOCP Server: 2 OU high, 1/3 Rack wide, less friction, larger coolers, no panels impeding airflow, larger fans = slower RPM = less energy for air movement. Can take up to 45C air-in (\u0026lsquo;ambient air intake\u0026rsquo;, no heat pump required for cooling).\nOCP also improves power consumption by centralising power supplies in a rack (larger power supplies are usually more efficient), reducing the number of power conversions in the total power flow, and making uninterruptible power supplies more efficient.\nTotal OCP power savings vary by use-case and climate zone, but are usually 20-50%. South Korean Telekom tested OCP servers in a climate chamber with various settings (Testbed , Findings ) and what really shows is how the OCP power consumption stays the same at all possible air-in temperatures while legacy equipment consumes a lot more power because it has to turn up the fans.\nPUE, Power Usage Efficiency The Power Usage Efficiency, PUE, is the ratio of total power consumption of a data center compared to power intake of the compute equipment. The overhead typically contains cooling, air movement, and power transformation losses.\nThe data center built by web.de in Amalienbadstraße, Durlach (Karlsruhe), had a PUE of 2.0 - for each Megawatt used for compute, another Megawatt was required for cooling and air movement. The reasons for that are manifold: The building itself, an old factory building built by Pfaff, had low ceilings forcing warm air back into the machines and forcing bad airflows. The hardware used had a lot of loss due to badly designed airflows. And the location of the data center, down in the valley of the river rhine instead of high up in the Black Forest, combined high ambient air temperatures with high air humidity, making evaporative or adiabatic cooling an inefficient option - compressive cooling with heat pumps was necessary.\nMore modern data traditional centers can achieve a design PUE as low as 1.2 and an effective operational PUE of 1.6. Rigidly optimized OCP data centers can go below 1.1 effective PUE (sic!) in good conditions. Google published their numbers in their PUE dashboard .\nAll current cloud vendors deploy OCP equipment or (in the case of Microsoft) self-developed equipment that is comparable in efficiency. They also add additional special purpose hardware to their cloud offerings that allows offloading of common functionality from the sellable cores of their machines, in order to maximise sellable inventory, save power and, of course, increase utilisation.\nAll aspects of improved efficiency and utilisation included, cloud hardware often is 3x (or more) efficient than a traditional data center.\nEDIT: A longer article by Jessie Frazelle on Data Center Energy use: Power to the People .\nEDIT: A study by Masanet, Koomey et al, Recalibrating global data center energy-use estimates . The TL;DR is : »We find that computing output from data centers went up six fold from 2010 to 2018 but electricity use only went up 6%.« Masanet, Koomey et al have a second article, Characteristics of low-carbon data centres . EDIT: I have been sent a link to a writeup on data center planning considerations . While this was part of a SEO effort, the source (Schneider Electric) is competent - Scheider specializes in Data Center Design and Planning and Energy Systems - and the writeup is actually useful. The text gives a bit of insight into the process and the factors that go into site planning and choices. A lot depends on intended purpose, local climate, available space and power and ultimately also site size and building increments.\nSummary Compared to technology from 10 years ago, in the data center we are now using a lot less energy and with cloud technology also have dramatically improved utilisation (ie use less hardware to achieve the same outcome). Also, all of this is green energy, mostly from actual green production and not grey-green with certificates. Cloud operators are some of the largest investors in Wind and Solar all over the world.\nAt home, savings are even larger, because we went from Desktop machines with abysmal power profiles to modern low power hardware which uses single digit wattages to produce results.\nNetworking, especially the last mile, especially mobile networking, especially 5G, is a power hog. The amount of signal processing that goes into 5G and VDSL is amazing. If you want low power networking, use fiber, maybe bridge the last 5 meters with Wi-Fi.\n","date":"2019-10-05T00:00:00Z","href":"https://blog.koehntopp.info/2019/10/05/data-centers-and-energy.html","tags":["climate","cloud","data center","energy","erklaerbaer","lang_en"],"title":"Data Centers and Energy"},{"categories":null,"content":"We had a discussion at work about MySQL doing Disk I/O to a NVME disk, and if it is valid to turn off the doublewrite buffer when using XFS.\nTL;DR: It\u0026rsquo;s not, you can turn off the doublewrite buffer only on filesystems that never do in-place updates (ZFS, btrfs), or that have their own doublewrite buffer (ext4 with journal=data). A flash layer underneath the actual filesystem is likely not going to help you without additional measures.\nTracing Disk I/O In order to better show what is going on, I ran an idle instance with innodb_use_native_aio = false for easier tracing, and here is is the trace:\n# lsof -p 29169 … mysqld 29169 mysql 3uW REG 253,0 536870912 68238213 /var/lib/mysql/ib_logfile0 mysqld 29169 mysql 4uW REG 253,0 864026624 178570 /var/lib/mysql/kris/t.ibd … mysqld 29169 mysql 9uW REG 253,0 536870912 68238220 /var/lib/mysql/ib_logfile1 mysqld 29169 mysql 10uW REG 253,0 415236096 68239130 /var/lib/mysql/ibdata1 mysqld 29169 mysql 11uW REG 253,0 12582912 68238214 /var/lib/mysql/ibtmp1 … We are using a database kris with a test table t. The file handles that are relevant for observation are 4 for the ibd file, 3 and 9 for the logfiles and 10 for the ibdata1, which would also be the location of the doublewrite buffer.\nI am running an insert into t values (NULL, RANDOM_BYTES(255)) into my test table (which has an id serial and a d varchar(255)).\n[pid 29441] recvfrom(39, \u0026#34;\\3insert into t values(NULL, rand\u0026#34;..., 46, MSG_DONTWAIT, NULL, NULL) = 46 This is the SQL command coming in over the socket. And we fetch some randomness:\n[pid 29441] openat(AT_FDCWD, \u0026#34;/dev/urandom\u0026#34;, O_RDONLY) = 42 [pid 29441] read(42, \u0026#34;\\207H\\241\\254O\\317\\10\\fk\\3447\\201\\277\\267\\223,Oi\\202\\272\\222\\16(\\210\\333\\300\u0026#39;\u0026amp;\\302g!\u0026amp;\u0026#34;, 32) = 32 [pid 29441] close(42) = 0 Some action on the metadata, then a log write from the implied commit:\n[pid 29441] pread64(10, \u0026#34;H\\252\\364\\35\\0\\0\\1\\255\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0,\\346\\365\\0\\2\\0\\0\\0\\0\\0\\0\u0026#34;..., 16384, 7028736) = 16384 [pid 29441] pwrite64(3, \u0026#34;\\200\\201\\23D\\2\\0\\0\\30\\0\\0\\38bd\\08\\0\\0\\0\\1\\0!\\257\\23\\267\u0026gt;\\0\\0\\r./k\u0026#34;..., 1024, 34426368) = 1024 [pid 29441] fsync(3) = 0 This is the only fsync that contributed to commit-Latency. The write is now persisted to disk, and can be reconstructed using the unmodified page from the tablespace and the change information from the redo-log during recovery.\nThe modified page is still in memory, though, and in order to reclaim redo log space, needs to be eventually checkpointed.\nThis happens later, and with many more fsync operations. It does happen in batch, for many commits and multiple pages, normally, but in our easily traceable test setup, it\u0026rsquo;s looking like a lot of overhead.\nDuring normal operations, a page often is modified in multiple commits over a short amount of time. Each of these commits is a separate redo-log sync, but all these changes are being accumulated on the dirty in-memory page, and get persisted into the tablespace in a single checkpoint write. Also, during checkpointing one doublewrite buffer worth of pages gets written out in a single sync operation, so we do see a far better page/sync and MB/sync ratio then in this test setup.\nAnyway, this is what checkpointing to the the doublewrite buffer, at offset 1M in the ibdata looks like:\n[pid 29181] pwrite64(10, \u0026#34;\\234\\v\\217Y\\0\\0\\1\\255\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\1\\2\u0026amp;\\211\\225\\0\\2\\0\\0\\0\\0\\0\\0\u0026#34;..., 32768, 1048576) = 32768 [pid 29181] fsync(10) = 0 Metadata update and write to table:\n[pid 29179] pwrite64(10, \u0026#34;\\234\\v\\217Y\\0\\0\\1\\255\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\1\\2\u0026amp;\\211\\225\\0\\2\\0\\0\\0\\0\\0\\0\u0026#34;..., 16384, 7028736) = 16384 [pid 29179] pwrite64(4, \u0026#34;.KT\\0\\0\\0d\\225\\0\\0d\\224\\377\\377\\377\\377\\0\\0\\0\\1\\2\u0026amp;\\211\\216E\\277\\0\\0\\0\\0\\0\\0\u0026#34;..., 16384, 421871616) = 16384 [pid 29179] fsync(4) = 0 [pid 29179] fsync(10) = 0 And the log entry is done:\n[pid 29187] pwrite64(3, \u0026#34;\\200\\201\\23E\\1\\271\\0\u0026amp;\\0\\0\\39\\22\\2\\0\\201\\255\\0(\\201\\20\\2\\0\\201\\255\\0*\\201\\20\\2\\0\\201\u0026#34;..., 512, 34426880) = 512 [pid 29187] fsync(3) = 0 Why does MySQL do this? Enterprise Grade hardeware usually guarantees atomic block writes, even during catastrophic events. Blocks are, depending on the media, 512 bytes or 4096 bytes in size.\nInnoDB, on the other hand, uses 16 KB blocks. So when writing data back to a table, it is entirely possible for the page write to be interrupted in the middle, resulting in a page that is half old and half new. This is often called a torn page.\nNote that this is for checkpointing only.\nWhen you insert and commit a thing, it is being written to one ib_logfile, and the change is also added to the in-memory image of the InnoDB page. So on disk, after commit you have an pre-change image of the page and an image of the change in the logfile, and in memory you have the changed page - such in-memory pages that differ from their on-disk counterpart are called dirty.\nThe checkpointing is about writing back the dirty page to the tablefile and getting rid of the log entry. This is being done for whole InnoDB pages, and with most filesystems it is an in-place update. So it can result in torn pages, if the write fails in the middle of a page.\nWith the doublewrite buffer enabled, the write goes to the ibdata file first, as we can see in the trace - the write to the position at 1M offset in the file. Then the same writes are being spread out to the individual pages in their respective tablefiles.\nThis ensures that there is always a whole old page and a log entry with intructions to patch the old image (\u0026ldquo;Redo-Log Recovery\u0026rdquo;) or a whole image of the new page on disk inside the doublewrite buffer, for recovery of torn pages.\nPerformance Implications Having a single doublewrite buffer can in extreme cases make the doublewrite buffer a point of contention. Percona have shown that a long time ago and also fixed this by having multiple doublewrite buffers.\nNote that in most Unix filesystems, writes to a single file are serialized on a global lock on the in-memory inode of the file.\nSo if the doublewrite buffer is part of the ibdata file all writes to that buffer compete with all other write operations on that file. And even if you had multiple doublewrite buffers at different offsets in the same ibdata file, it would not improve things at all, because of that lock. The best solution would put each doublewrite buffer into a separate file on its own.\nThe only filesystem in Linux that does not do this in-memory inode locking is XFS, and only when the file is being opened in O_DIRECT mode.\nHow are other systems doing it? Postgres writes a WAL, which is very similar to the redo-log that MySQL writes. The main difference is that they write out a full page whenever a page transitions from clean to dirty, and then similar to MySQL write out incremental changes for additional changes to a page already dirty. Using the WAL, you can pick up the full page and all additional incremental changes by simply going through the WAL front to back, and recreate the page that should have been written. MySQL could do the same and get rid of the doublewrite buffer writes, but it does not play well with the concept of the MySQL Redo-Log being a ring buffer.\nMyRocks, and all other variants of LSM , do never overwrite data. They always append to the latest logfile, and then have a process not entirely unlike the Java multi-generational garbage collection to compact multiple logfiles, throwing away deleted data and writing things back in a more sorted manner. As this rewrites data instead of overwriting data, not only is this safe in the case of unexpected shutdowns, it is also very easy to backup and it is, at least in theory, suitable for object storages as a backing store for the data.\n","date":"2019-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2019/09/27/mysql-does-disk-io.html","tags":["mysql","database","lang_en"],"title":"MySQL Does Disk I/O"},{"categories":null,"content":"So I have been playing this Internet Spaceships Game. No, the other one . It also has NPC Backstory, and on 13-Sep-3305 , a multiplanetary food crisis was predicted, as a prep for the introduction of a new tradeable good on 18-Sep-3005 .\nDistribution of the fertiliser has started at Marshall Dock in the Riedquat system. We encourage traders to take advantage of our introductory prices.”\nThat went wrong. So some people flew to Marshall Dock and looked at the prices for Rockforth Fertilizer . What they found was a single station buying and selling the good at the same time, and buying it at about 9000 CR higher than they sold it.\nSo here is what we have:\nFdev introduces a new tradeable good by the way of the backstory. They announce that, and introductory prices in Galnet in order to alert players to this fact and to lure them to Riedquat. They misconfigure a station in Riedquat so that it sells and buys the new good to Fdev\u0026rsquo;s disadvantage. Players follow the trail and … trade. A lot. Of course, that news made the rounds rather quickly, and soon a lot of people were docking large freighters at Marshall and bought and sold fertilizer as quickly as the game GUI would fill and empty their cargo bays. That is easily several million CR every five seconds, and I know of some people who ran this for 11 billion CR (11e09 CR).\nThat is what Frontier did to \u0026ldquo;fix\u0026rdquo;. Frontier Developments became aware of the misconfigured station only after several hours, and the sale was available for the larger part of a day, from around shortly before noon CEST to shortly before 7pm in the evening of the same day, when they fixed the trade tables.\nI do not know if Fdev have in-game trade dashboards that alert them to abnormally fast or high volume transaction volumes or cash flows. Or to abnormally quickly growing player budgets. But the slowness of detection lets me suspect that their in-game monitoring maybe has potential for improvement.\nAs a result of the situation, Fdev decided to correct CR volumes on a number of accounts on the grounds of players \u0026lsquo;abusing game mechanics\u0026rsquo;. Well, playing the game is literally this, so that\u0026rsquo;s weird, but they what they decided to do is to book back the CR earned, and/or also delete any goods purchased with the CR earned (mostly, ships).\nAn Alternative Account of a player, after the deduction. Went from 51m CR to 1.3b CR, then purchased an Anaconda. After the correction 0CR, in an Anaconda, and with Elite Trade Rank plus Arx earned.\nNow, that\u0026rsquo;s not how any of this works. In terms of game mechanics, what happened is a trade. A trade does much more than earn you money.\nTrade does\nearn you money. If you are in a wing, your wingmates also earn a share of the trade. Some people winged with their Alt, or friends. Trading in the game is also an activity that earns you trade rank (some people went from \u0026ldquo;Pennyless\u0026rdquo; to \u0026ldquo;Elite\u0026rdquo;) Trading in the game is also an activity that earn you Arx . If you have a crew member, they will receive a variable share of all money you earn in trade, so you will receive less CR in your account than the trade is worth. Fdev deciced to \u0026ldquo;fix\u0026rdquo; the situation by taking away money earned in the Trade, but due to whatever reasons mis-calculated the values of the earnings, in some cases by several hundred million CR. They also took away goods purchased with this money (deleted ships, mostly).\nThey did not revise any wing trade dividends.\nThey did not revise any rank gained.\nThey did not revise any Arx earned.\nThey did not take crew member mechanics into account.\nEDIT: The miscalculation is probably because FDev based the money deducted on trade value, not taking into account Crew Member mechanics.\nEvaluation. So this entire thing reeks of unprofessional execution, \u0026ldquo;as if an intern ran the entire thing from setting up the tradeable to misconfiguring the station to mishandling the aftermath\u0026rdquo;. It hints at badly executed ad-hoc non-process, and generally bad policy at handling in-game incidents - whoever did this did not just set it up wrongly, but also did not understand the consequences of the proceedings when trying to mop up the aftermath. And the math was wrong.\nElite (1984) was one of the first games that had savegames, and progression, and since then the game has always been about \u0026lsquo;state\u0026rsquo; and moving forward. The incident handling here basically mishandled game state at a large scale, at every stage of the entire proceedings.\nThe Other Internet Spaceships Game has the Council of Stellar Management . The story of its inception is rather famous and a much larger incident than here, but the logic behind it is similar: The company has been handling an in-game incident badly, and a structure needed to be put into place that can evaluate, judge and define process properly to handle situations like these.\nE:D has no such structure, and it seems that this might need to be addressed somehow, too.\nEDIT: Chris_W noted that there is also crew member mechanics. This post has been amended to reflect this.\n","date":"2019-09-26T00:00:00Z","href":"https://blog.koehntopp.info/2019/09/26/how-not-to-handle-an-ingame-incident.html","tags":["elite dangerous","gaming","media","lang_en"],"title":"The Rockforth Fertilizer Incident"},{"categories":null,"content":"The last time I saw a MySQL server operating at a performance limit was in 2012. Back them we had a production master on (then) current hardware, running stable at about 21000 QPS. At 24000 QPS it tended to become unstable and fall over, dying in global locks on the InnoDB Adaptive Hash Index or other global locks.\nI need to better understand how MySQL works today, and what the limits are on a box that is considered large in 2019.\nWhat do I expect? Well, boxen are a lot larger than they have been in 2012, and we invented NVME and Flash Storage since then.\nI expect MySQL to be able to eat the full box I am throwing at it and not die in locks. I also expect the performance levels I can reach to be scaling with the query execution times I observe in production times number of cores.\nI do observe appro. 1/3 ms query execution time on the queries I simulate here, in production. So I would like to see about 3000 QPS per core. With a 64 core box, that would be around 200k QPS, easily 10x-ish more than in 2012.\nWhat did I get? This is all read testing of a memory resident data set. Other testing to follow.\nAfter some woes described below, I got 200k QPS or better in all cases, for simple PK lookups in fact almost 2x as much.\nSK lookups are about 1/2 as fast as PK lookups or faster, allowing for \u0026ldquo;one level of indirection\u0026rdquo;.\nMySQL 8 scales well enough to eat all of a 64 core box with 1/2 TB of RAM without choking or locking up or being otherwise jittery. It is adequate for any hardware that in 2019 we can reasonably throw at it. From a 2012 PoV this is an awesome achievement.\nThe box So my current test box is an single socket AMD 7702 (64C, HT off) with 512G of memory and\n# nvme list Node SN Model Namespace Usage Format FW Rev ---------------- -------------------- ---------------------------------------- --------- -------------------------- ---------------- -------- /dev/nvme0n1 39X0A05ZTZZF KCM51VUG800G 1 27.79 GB / 800.17 GB 512 B + 0 B 3006T21F /dev/nvme1n1 29X0A00CTZZF KCM51VUG800G 1 27.79 GB / 800.17 GB 512 B + 0 B 3006T21F /dev/nvme2n1 2950A00FTZZF KCM51VUG800G 1 27.79 GB / 800.17 GB 512 B + 0 B 3006T21F /dev/nvme3n1 39X0A067TZZF KCM51VUG800G 1 27.79 GB / 800.17 GB 512 B + 0 B 3006T21F /dev/nvme4n1 39X0A060TZZF KCM51VUG800G 1 27.79 GB / 800.17 GB 512 B + 0 B 3006T21F /dev/nvme5n1 39X0A069TZZF KCM51VUG800G 1 27.79 GB / 800.17 GB 512 B + 0 B 3006T21F /dev/nvme6n1 39X0A06ETZZF KCM51VUG800G 1 27.79 GB / 800.17 GB 512 B + 0 B 3006T21F /dev/nvme7n1 39X0A05LTZZF KCM51VUG800G 1 27.79 GB / 800.17 GB 512 B + 0 B 3006T21F # vgcreate kristest /dev/nvme{0..7}n1 # lvcreate -n mysql -L4T -i8 kristest # mkfs -t xfs /dev/kristest/mysql I then run the performance-datagen.sql script to create a test table kristest.t, and then run performance-querygen.py to create a file with test queries, file.sql.\nmysqlslap then does\nmysqlslap --user=kristest --password=\u0026#39;\u0026lt;secret\u0026gt;\u0026#39; --host=localhost --concurrency=64 --iterations=20000 --create-schema=kristest --verbose --query=./file.sql and I observe the running test with innotop -d1 -mQ and innotop -d1 -mC.\nFindings MySQL 8.0.16, Binlog, ROW, MINIMAL, Buffer Pool 384G For all tests:\n$ du -sh /mysql/kristest/data 87G root@localhost [kristest]\u0026gt; select count(*) from t; +-----------+ | count(*) | +-----------+ | 134217728 | +-----------+ 1 row in set (6.13 sec) Testmodes 1 testmodes = [ 1 ] VSZ 421G RES 32.8G load average: 63.52, 61.70, 59.23 QPS 384k Testmodes 1, 2 testmodes = [ 1, 2 ] VSZ 421G RES 34.3G load average: 63.82, 64.89, 61.63 QPS 270k-320k Testmodes 1, 2, 3 testmodes = [ 1, 2, 3 ] VSZ 421G RES 88.4G load average: 64.10, 57.94, 56.72 QPS 5.5k-6.2k There is a distinct warmup phase during which the box is not saturated and Read I/O can be observed. When the RES approaches disk size, this disk traffic ceases and final load and final QPS ratings are achieved.\nTestmodes 1, 2, 3, 4 testmodes = [ 1, 2, 3, 4 ] VSZ 421G RES 94.6G load average: 65.91, 63.10, 59.75 QPS 407-1002 (yup, no \u0026#34;k\u0026#34;, this is as low as 407 QPS) root@localhost [kristest]\u0026gt; explain select * from t where i1 in ( 64419,37384,17490,7919,42137,70137,56196,54754,70263 ); +----+-------------+-------+------------+-------+---------------+------+---------+------+-------+----------+-----------------------+ | id | select_type | table | partitions | type | possible_keys | key | key_len | ref | rows | filtered | Extra | +----+-------------+-------+------------+-------+---------------+------+---------+------+-------+----------+-----------------------+ | 1 | SIMPLE | t | NULL | range | i1 | i1 | 4 | NULL | 12674 | 100.00 | Using index condition | +----+-------------+-------+------------+-------+---------------+------+---------+------+-------+----------+-----------------------+ 1 row in set, 1 warning (0.00 sec) root@localhost [kristest]\u0026gt; select * from t where i1 in ( 64419,37384,17490,7919,42137,70137,56196,54754,70263 ); ... | 134777240 | 95ab0836-c97e-11e9-b92c-98039bbd64c8 | 95ab0838-c97e-11e9-b92c-98039bbd64c8 | 95ab0839-c97e-11e9-b92c-98039bbd64c8 | 95ab083b-c97e-11e9-b92c-98039bbd64c8 | 95ab083c-c97e-11e9-b92c-98039bbd64c8 | 95ab083e-c97e-11e9-b92c-98039bbd64c8 | 95ab083f-c97e-11e9-b92c-98039bbd64c8 | 95ab0841-c97e-11e9-b92c-98039bbd64c8 | 95ab0842-c97e-11e9-b92c-98039bbd64c8 | 95ab0844-c97e-11e9-b92c-98039bbd64c8 | 70263 | 27807 | 28246 | 57810 | 4313 | 48136 | 27740 | 94290 | 88230 | 58281 | ... 12674 rows in set (0.38 sec) Increase selectivity In our testing above, we see that the cardinality of i1 is 100k, and the table size is 128m. That\u0026rsquo;s 1280 result rows on the average for a random value of i1.\nWe also observe that testmode 4 results ask for 2-11 values of i1 or i2, where testmode 3 results ask for a single value of i1 or i2. The average number of testmode 4 values we ask for is 6, and testmode 4 happens to be 6x slower.\nSo it might be that the number of result set rows is determining the query speed.\nWe can test: We increase the cardinality of i1 to match id, 128. And for i2 we are going up to 256m cardinality.\nThe slow way Modify the dataset:\nroot@localhost [kristest]\u0026gt; update t set i1 = rand() * 134937574, i2 = rand() * 134937574 * 2; Query OK, 134217728 rows affected (1 hour 53 min 17.46 sec) Rows matched: 134217728 Changed: 134217728 Warnings: 0 During the execution of that update statement, we see an aggregate write load of 320 MB/s (~40 MB/s per NVME). This is not very high. It needs to be tested with more write benchmarks, later.\nAlso, there are four INDEX() definitions active on t, i1, i2, c1 and c2, two of which are being updated.\nThis is not fast, either, and this is the n00b way of doing things. We redo this again, differently:\nA faster way root@localhost [kristest]\u0026gt; alter table t drop index i1, drop index i2; Query OK, 0 rows affected (1 min 46.85 sec) Records: 0 Duplicates: 0 Warnings: 0 root@localhost [kristest]\u0026gt; update t set i1 = rand() * 134937574, i2 = rand() * 134937574 * 2; Query OK, 134217728 rows affected (26 min 5.07 sec) Rows matched: 134217728 Changed: 134217728 Warnings: 0 root@localhost [kristest]\u0026gt; alter table t add index (i1), add index (i2); Query OK, 0 rows affected (6 min 23.04 sec) Records: 0 Duplicates: 0 Warnings: 0 TBH, I\u0026rsquo;d expect MySQL by now to do bulk index updates in mass ALTER tables quicker than \u0026rsquo;the slow way\u0026rsquo; in 2019. OTOH, that is probably stuff that you get when you pay for Red Oracle instead of Blue.\nTesting with selective i1, i2 Now i1 and i2 are much more selective, and instead of 12k result rows, a search on i1 should on the average return 1 row, on i2 even 0.5 rows. Let\u0026rsquo;s see how that affects runtimes up SK lookup queries (testmode 3, 4).\nLet\u0026rsquo;s rerun everything, starting with a cold mysqld again, so that I do get proper memory sizes as well.\n# du -sh /mysql/kristest/data 94G /mysql/kristest/data Testmodes 1 testmodes = [ 1 ] VSZ 421G RES 32.8G load average: 64.14, 43.67, 20.08 QPS 360k-420k Testmodes 1, 2 testmodes = [ 1, 2 ] VSZ 421G RES 33.8G load average: 60.36, 56.82, 39.73 QPS 280k-330k Testmodes 1, 2, 3 testmodes = [ 1, 2, 3 ] VSZ 421G RES 34.6G load average: 58.61, 58.29, 55.80 QPS 200k-320k (very jittery) Did not reach load 60+, even after long warmup and with 0 I/O. Some i2 queries can return 0 rows, might be the cause?\nTestmodes 1, 2, 3, 4 testmodes = [ 1, 2, 3, 4 ] VSZ 421G RES 35.6G load average: 67.68, 63.57, 58.80 QPS 210k-260k After an even longer wait, performance jitters way less and stabilizes around 248k with a jitter of \u0026lt;10k in both directions. Warmup times for this size of hardware and this amount of memory are insane.\nAnd with our changes:\nroot@localhost [kristest]\u0026gt; explain select * from t where i1 in ( 64419,37384,17490,7919,42137,70137,56196,54754,70263 ); +----+-------------+-------+------------+-------+---------------+------+---------+------+------+----------+-----------------------+ | id | select_type | table | partitions | type | possible_keys | key | key_len | ref | rows | filtered | Extra | +----+-------------+-------+------------+-------+---------------+------+---------+------+------+----------+-----------------------+ | 1 | SIMPLE | t | NULL | range | i1 | i1 | 4 | NULL | 22 | 100.00 | Using index condition | +----+-------------+-------+------------+-------+---------------+------+---------+------+------+----------+-----------------------+ 1 row in set, 1 warning (0.00 sec) root@localhost [kristest]\u0026gt; select * from t where i1 in ( 64419,37384,17490,7919,42137,70137,56196,54754,70263 ); ... | 116937151 | 68da9462-c97e-11e9-b92c-98039bbd64c8 | 68da9464-c97e-11e9-b92c-98039bbd64c8 | 68da9466-c97e-11e9-b92c-98039bbd64c8 | 68da9467-c97e-11e9-b92c-98039bbd64c8 | 68da9469-c97e-11e9-b92c-98039bbd64c8 | 68da946a-c97e-11e9-b92c-98039bbd64c8 | 68da946c-c97e-11e9-b92c-98039bbd64c8 | 68da946d-c97e-11e9-b92c-98039bbd64c8 | 68da946f-c97e-11e9-b92c-98039bbd64c8 | 68da9470-c97e-11e9-b92c-98039bbd64c8 | 56196 | 74380528 | 81571 | 57401 | 42293 | 39260 | 69425 | 29342 | 38434 | 4147 | ... 15 rows in set (0.00 sec) Yes, optimizer estimates can be a bit off. Still, the point is being made: Cardinality is up, result set size is down, performance returns.\nWe have been looking at a result set size/selectivity problem, not at sucky handling of SK in InnoDB.\n","date":"2019-09-06T00:00:00Z","href":"https://blog.koehntopp.info/2019/09/06/mysql-performance-limits.html","tags":["mysql","database","performance","lang_en"],"title":"MySQL Performance Limits"},{"categories":null,"content":"Ein Thread über Konsenssysteme aus Twitter Mehr als ein Key-Value Store Heise schreibt: Verteilter Key-Value-Store: etcd erreicht Version 3.4 . etcd ist auch ein Key-Value-Store, aber das ist nur ein Nebendetail. Die Beschreibung der neuen Funktionen im Artikel macht auch schon keinen Sinn für einen KV-Store.\netcd ist ein Konsenssystem. Es realisiert Clustermitgliedschaft, verteilte Locks, und darauf aufbauende Dienste wie Service Discovery und Loadbalancing.\nEs gibt drei von Kyle Kingsbury getestete Implementierungen von Konsenssystemen, die funktionieren: Zookeeper, etcd und consul. Es handelt sich um verteile Datenspeicher, die im CAP-Dreieck Consistency über Availability präferieren.\nDas heißt, daß sie lieber keine Antwort geben statt eine falsche Antwort zu geben.\nSie sind also oft offline.\nImmer wenn sich die Topologie des Ensembles (der 3/5/7 Nodes, die den inneren Cluster bilden) ändert, geht der ganze Cluster für Reads und Writes offline, bis er mit Voting, History-Abgleich und so weiter durch ist. Danach ist er wieder verfügbar. Availability ist also eher nicht gegeben.\nAber Consistency ist: Es ist egal, mit welcher Node des Ensembles man redet, jeder Read liefert dasselbe Ergebnis, jeder bestätigte Write ist überall sichtbar und jedes Lock ist global da.\nDas heißt aber auch, daß jeder State Change (Write, Locks) global verhandelt wird. Das ist nicht schnell. Minimale Latenz ist 2 RTT.\nDumm, wenn man die Idee hatte, einen Stretched Cluster zu bauen, also einen der über eine Latency Domain Grenze hinaus geht - eine Node in einem anderen RZ, oder in einer anderen Cloud. Das ist nicht schnell, und hat deswegen auch wenig Kapazität für Writes: Man will keine globalen, zentralen Konsenssysteme für ein ganzes RZ oder eine Abteilung haben, sondern eher eine Instanz pro Service oder was immer man sonst als kleine zu koordinierende Einheit hat\nDas SRE Buch von Google hat mindestens zwei Kapitel über Probleme beim Betrieb von Chubby (Zookeeper) oder vergleichbaren Systemen. In einem reden sie darüber, daß sie Mindest-Downtimes für ihren zentralen Chubby fahren: Der Dienst ist mindestens n Minuten pro Monat unangekündigt offline, damit Dependencies auf den Dienst sichtbar werden und Dienste Strategien entwickeln und testen, um mit Chubby Downtimes umgehen zu können.\nIch kann aus eigener professioneller Erfahrung nur bestätigen, wie unglaublich wichtig so was ist. Fragt nicht.\nDa wo ich arbeite haben wir jetzt jedenfalls eine Position Master Of Disaster (nicht mein Job, zum Glück), und der macht Drills mit Service Owners, zuerst Zookeeper. Zookeeper ist das älteste der drei Konsenssyteme Systeme, und auf eine Weise leider auch das Beste.\nZookeeper arbeitet mit statischen Verbindungen in das Ensemble.\nEine Session hat man, wenn man mindestens eine Verbindung in das Ensemble hat. Das impliziert, daß man mehr als eine haben kann, etwa eine zu jedem Ensemblemitglied und daß es egal ist, was man auf welcher Verbindung macht - es ist alles gleichwertig und konsistent.\nZookeeper erzeugt in der Tat eine LDAP/DOM-Tree artige Struktur, bei der jeder Knoten in einer Verzeichnishierarchie gleichzeitig File und Directory ist. Im File kann man Daten speichern, aber das ist beinahe unwichtig.\nDer Punkt ist mehr, daß man Knoten (Znodes) als persistent oder ephemeral kennzeichen kann, und daß ephemeral nodes automatisch verschwinden, wenn die Session des Owners endet.\nVerlierst Du also Deine letzte Verbindung zum Ensemble, verschwinden Deine ephemeral nodes.\nWenn das Ensemble also zum Beispiel in einer persistenten Znode die Mitgliederliste aller Hosts in einem Cluster als ephemeral Znodes speichert, dann registriert sich jeder Clusterhost in diesem Verzeichnis selbst, und verschwindet automatisch aus der Liste, wenn seine Session verschwindet weil der Host offline geht oder wenn die Netzwerkverbindung zum Ensemble unterbrochen ist, oder das Ensemble selbst split ist.\nIm ephemeral Znode selbst kann die Endpunktadresse des Hosts stehen: Adieu DNS!\nZookeeper hat atomare Operationen, sodaß man Znodes automatisch verschieben oder sonstwie übernehmen kann. Daraus kann man globale Locks, exactly-once Work Queues und andere Dinge bauen, die in einem Cluster notwendig sind.\nIn der Znode steht dann der Lock Range, Work Item URL… Es ist also irgendwie AUCH ein Data Store, aber das ist wie gesagt der unwichtige Teil.\nKonsenssysteme sind der Baustein, der den Bau sicherer und funktionierender verteilter Systeme vom Forschungsgegenstand (Science) zum Ingeniersgegenstand (Engineering) bewegt hat.\nSie sind die Grundlage aller der nifty distributed anythings, mit denen Devs heute bauen. Das funktioniert, weil wir die Primitives und Building Blocks, die man für verteilte Systeme braucht (Membership, Discovery, Atomic Operations, und damit Locks, Queues und so weiter) schön abgepackt und dann getestet haben.\nDie Arbeit von Kyle Kingsbury auf dem Gebiet \u0026ldquo;Heisenbugs reproduzierbar machen\u0026rdquo; und \u0026ldquo;Grenzfälle in verteilten Systemen durch wiederholbare Operationen demonstrieren\u0026rdquo; kann man dabei gar nicht hoch genug bewerten. Diese Person alleine hat mehr Fehler in mehr verteilten Systemen gefunden als ganze Generationen von Informatikern zuvor. Kyle hat Dinge, die vorher entweder Theorie oder nicht reproduzierbar waren testbar gemacht, und ist deswegen zentral dafür verantwortlich, einen ganzen Forschungsbereich der Informatik aus der reinen Wissenschaft in die anwendbare Ingenierswissenschaft zu bewegen. Die ganze \u0026ldquo;Call Me Maybe\u0026rdquo; Reihe und Jepsen sind wegweisend.\nUnd jedes funktionierende moderne verteilte System hat im Kern entweder eines der drei Konsenssysteme am Laufen (Zk, etcd, consul) oder es ist nicht funktionierend, modern oder verteilt.\nJa, Openstack, tut mir leid.\nAnway, als Dev, der mit einem Zk, etcd oder consul redet, muß man sich ein paar Gedanken machen.\nErstens: Was mach ich, wenn das Ding mal offline ist. Denn es ist so designed, daß es offline sein muß, wann immer \u0026ldquo;was ist\u0026rdquo;.\nIn verteilten Systemen haben wir in der Regel eine Data Plane (da wo die Arbeit gemacht wird, auf dem Mitglieds-Hosts) und eine Control Plane. Und als Fehlermode Node Loss (hoffentlich hast Du genug Nodes), Cluster Loss (hoffentlich hast Du noch einen, in der anderen AZ) und Loss of Control (Controlplane down, Nodes arbeiten weiter, aber Start/Stop/Config Change unmöglich). Der 3. Fehlermodus, Loss of Control, ist nicht selten und hat als Sonderfall auch Wipe, also die Daten in der Controlplane müssen aus der überlebenden Dataplane neu aufgebaut werden.\nBeispiel: Ein SDN Produkt hat ein 3-Node etcd Ensemble als Controlplane und Config Storage. Nach einem Update sind die Daten aller virtual network assets im etcd unbrauchbar. Können wir den Inhalt des etcd (automatisch?) aus den SDN Worker Nodes neu aufbauen? Ohne Downtime?\nUnd weniger hart, aber noch häufiger: Das etcd-Ensemble hat sich zur Leader Election nach einer Netzwerkunterbrechung zurückgezogen und redet mit niemandem bevor es intern ausgekaspert hat, was die Wahrheit ist.\nKann das SDN noch routen?\n(Openstack hat hier als Sonderfall zwei Wahrheiten, weil es einmal den Tatbestand in der Neutron Datenbank hat, den der Rest von Openstack glaubt, und dann den Tatbestand im etcd des kommerziellen SDN Produktes, den das SDN glaubt.\nUnd wenn Du glaubst, daß die beiden deckungsgleich sind, dann hab ich ein schönes Ufergrundstück in Florida für Dich - oder anders gesagt: Der Mann mit zwei Uhren weiß nie wie spät es ist.\nZweitens: Was ist meine Schreibrate und meine Schreib-Latenz?\nWeil Konsenssysteme jeden Write über das ganze Ensemble abkaspern müssen, haben sie so ihre Skalierungsprobleme, und die o.a. 2RTT Minimal-Latenz - eher und gerne auch mehr. Insbesondere hat die Schreiblatenz aber keine garantierbare Obergrenze. Wenn das Ensemble Papstwahl macht, aus welchem Grund auch immer, hängen alle Writes (und auch die Reads).\nWenn ich also einen SLO brauche, der irgendeine Obergrenze auf dem Write hat - und ich meine irgendeine! - dann ist ein Konsenssystem nicht der Datenspeicher der Wahl. Und wenn ich \u0026ldquo;Tausende von Updates die Sekunde\u0026rdquo; spezifiziere, dann sehe ich ein anderes System als ein Konsenssystem als Speicher, oder einen guten Kunden für 25 Gbit/s Networking und Optane als Speicher, der trotzdem nicht glücklich wird. Also, nachdem die Vendor Salesdrohne Dir 25GBit und Optane angedreht hat.\nIch meine, ich bin der letzte, der zu coolem Spielzeug \u0026ldquo;Nein!\u0026rdquo; sagen will, aber das ist nicht, wie wir Systeme designen. Ich macht ja auch kein OLTP auf Blockchains (aber IBM verkaufts!). Und damit ist hoffentlich auch klar, warum Konsenssysteme als \u0026ldquo;Key Value Stores\u0026rdquo; eine echte Scheißidee sind.\nWir benutzen sie trotzdem, aber aus ganz anderen Gründen. Als Grundbaustein funktionierender verteilter Systeme (\u0026ldquo;Wahrheitsfindung unter erschwerten Bedingungen\u0026rdquo;). Dazu muß man mitunter Daten speichern und verändern.\nAber das in den Fokus zu stellen verfehlt den Zweck, zu dem wir den ganzen Aufwand treiben. Ich meine \u0026ldquo;Key Value Store\u0026rdquo;, wenn es als Datenbank so offensichtlich Scheiße ist - warum?\nWegen der Garantien, die drumrum gewickelt sind.\n","date":"2019-09-03T00:00:00Z","href":"https://blog.koehntopp.info/2019/09/03/konsenssysteme.html","tags":["lang_de","erklaerbaer","distributed computing"],"title":"Konsenssysteme"},{"categories":null,"content":"Saving an older twitter thread on Ceph .\nI just have finished reading Part 4: RHCS 3.2 Bluestore Advanced Performance Investigation and now I do not know what to say.\nCeph set out with the idea to make storage a commodity by using regular PCs + a lot of local hard disks + software to make inexpensive storage. For that, you ran a number of control processes and an OSD process per disk (\u0026ldquo;object storage demon\u0026rdquo;).\nSome people were very enthusiastic, envisioning OSD processes becoming an integrated part of any storage device as part of computational storage, even.\nSomething else happened: NVME. NVME is flash memory on a PCIe bus, giving you a very large number of IOPS with mediocre latency. You get around 1 million IO operations per second, but a read takes ~100 microseconds, and an unbuffered write takes about 420 micros. That means, you need to run 100s of parallel things.\nCeph is full of logs. Logs kill parallelism by design, or at least severely limit it. Also, Ceph is full of computational complexity. And that is ok, when a disk seek takes 5ms on a 3GHz CPU, and you got 15 million clock cycles think time per disk seek. Less so, when you need to keep 100s of ops in flight. Suddenly, the budget shrinks by /1000, and your serializing architecture gets in the way of things.\nNow read this report. We are talking about NVME devices, 11T, maybe 16T per device, 4 PCIe lanes. These people are talking about 4 OSD processes (down to 2, and they consider this an improvement) per device. And they eat six (sic!) cores per NVME device. Apart from this never making it to computational storage for thermal reasons, this is an insane cost.\nIn modern storage, bandwidth is usually limited by the network, not the local devices: You can RAID your storage bandwidth until you saturated the 100 GBit/s network, and then you are done.\nIOPS are unlimited in the same way: You get not quite 1 million IOPS per device, so if that is not sufficient, spread across many.\nThe only remaining challenge in this age of abundance in the data center is commit (fsync) latency: how long to push things to a persistent storage. Even that comes down a lot, with optane or NVRAM in the client or as early as possible in the server.\nRelatively low powered all-flash iSCSI appliances do routinely 250 micros commit latency, and things involving NVMEoF and RDMA can come down to under 100 micros reliably, if you have the coin. Want faster? Put Optane or NVRAM into each client.\nAnd it is telling that the paper here talks about latency improvements only in relative numbers (\u0026ldquo;30% less\u0026rdquo;), but never actually speaks about absolute timings.\nMaybe it is time to stop and think, and re-evaluate if this Ceph thing is the smart thing to do with storage in the face of NVME, Optane and NVRAM. Because the numbers look all wrong to me. Even the units look wrong, actually.\nConversations deeper in the Thread :\nThere was were questions on what to use for low-latency disaggregated storage and if one needed redundancy at all.\nExamples of low-latency storage are software solutions from Lightbitslabs , from Datera , and from Quobyte . There are many more.\nAnd funnily enough, if you talk to your inhouse customers, most actually don\u0026rsquo;t want any of this, because they talk to a database (MySQL, Cassandra, Elastic, \u0026hellip;) and not to \u0026ldquo;storage\u0026rdquo; directly.\nThen you speak to the MySQL people and they say \u0026ldquo;We have replication and Orchestrator , even masters are throwaway\u0026rdquo;. You talk to the Cassandra team and they laugh in Paxos. And so on. So most of these teams actually prefer \u0026ldquo;RDMA to a NVME namespace\u0026rdquo; over storage software with redundancy, and do resiliency higher up on the stack, in application context.\nAs a storage team, you have to have some kind of low-latency non-replicated solution first, because that\u0026rsquo;s what is actually the primary demand. You also need a lowish-latency, OLTP-capable redundant solution (\u0026lt;500 microseconds is fine), but there is only unscaled, low level demand.\nAnd then there is huge demand for volume at any latency, append-only preferred over rewriteable for many reasons. So S3 with heavy tiering. Ceph is actually pretty good at that, but that is likely not NVME, but many large disk drives.\n","date":"2019-07-16T00:00:00Z","href":"https://blog.koehntopp.info/2019/07/16/ceph-and-nvme---not-a-good-combination.html","tags":["lang_en","computer","storage"],"title":"Ceph and NVME - not a good combination?"},{"categories":null,"content":"While I was testing away on all the SSD and NVME toys, I got my hand on a test box with even stranger that usual equipment. It was a Dual Platinum-8280 box with a really weird amount of memory: 7.5 TB.\n“8280 ”. This is a machine with a “2” in the second digit, indicating Cascade Lake , CLX.\nAnd one thing that is new with CLX is “Intel Optane Persistent Memory Technology”. That is actually 3D XPoint (“Crosspoint”), a big invention in applied materials science. It is a thing that Intel and Micron have been co-developing, Intel sells it under the trade name of Optane (and internally it was named Apache Pass) and Micron has it as QuantX. So far I have only seen Optane.\nSupposedly Optane is 10x denser than RAM (right now, it is 4x denser), and it is only 10x slower than RAM.\nOptane From a Unix point-of-view, Optane is weird. It is persistent, so storage, not memory. But unlike all the storage you know and hate, it is byte addressable. And that is a big thing.\nFor example, NAND flash is byte-readable, but really only erasable (and that means bulk-writeable) in fairly large chunks - 64 KB to 1024 KB blocks at a time. It is being fed to you through the means of a block device, to there is a file system buffer cache, and you get to touch it only through open(2), read(2) and write(2). You can use mmap(2) and msync(2) , but the thing you are fondling through this interface is the buffer cache and not the actual device. All storage subsystems Unix has been dealing with in the last 50 years have been block storage, originally 512 bytes, these days mostly 4096 bytes per block.\nNobody has seen byte-addressable persistent storage in Unixland for a very long time, and worse, nobody has an API for it. There is no software that thinks “Oh, RAM. I am going to stuff things into it and that is safe for eternity.” (Well, MongoDB does, but that’s… incidental, if not accidental). Anyway, there is now a PMEM API, maintained by Intel, of course, but no applications use it – yet.\nOptane also has a consistent latency, which is also very extremely low – it is about 10x as slow as RAM, which makes it 10x - 100x faster than NAND flash. RAM does 120ns, 0.12µs, and Optane is somewhere in the 1-2µs range.\nSo it’s a lot like core rope memory is coming back, only this time it is small and fast (Core Rope Memory flew us to the moon! ).\nYou get two flavors of Optane from Intel:\nIntel Optane™ DC Persistent Memory, “Optane on the memory bus with byte addresses” Intel Optane™ DC SSDs, “Optane on the PCIe bus with LBA” Optane on the memory bus The flavor I have been tasting here is the former, Optane on the memory bus.\nBasically, the box has 6 very special 512GB DIMMs for each socket, for a total of 12x 512GB = 6 TB persistent not-quite-RAM, and another set of 2x 6 DIMMs regular RAM, 128 GB each. Depending on the configuration, that can show as 7.5 TB memory (many tools are confused, because the idea of persistent memory in a Unix box did not exist until last year) or as 1.5 TB RAM and 6 TB in weird devices (/dev/pmem0 and /dev/pmem1, 3TB each).\nThe problem with Optane on the memory bus is that it stops at 6 TB.\nIntel is not used to building machines with very many address lines - technically the CPU is 64 bit, but not all address bits have pins on the die, and the upper lines do not physically exist on the chip or the bus. CLX extends this, and at the same time limits it to Optane, because Intel does make “M” type CPUs (the number is extended by attaching an “M” at the end) and charges quite hefty surcharge for one additional bit of address space.\nAnyway, 6 TB of Optane and 1.5 TB of RAM is the end of the line for this kind of box.\nOptane on the PCIe bus There is another flavor of Optane and that is the Optane SSD. These are NVME-like devices that sit on the PCIe bus, and they are being addressed like block storage. That does mean you gain a lot of latency – PCIe accesses are way slower than memory accesses.\nBut it also means that you get all the benefits of the large address space that LBA addresses give you, and you get very many PCIe lanes and slots to play with. And you get a storage controller in the middle.\nThis controller can make use of the fact that all accesses are block-sized, and it can do additional magic to do error correction. Stephen Bates gave a presentation about Low Latency Block Devices in a 2017 SNIA conference that was interesting in its own right. But in one slide he dropped a really interesting observation on block storage and error correction, which he coined the Bates Conjecture.\nBates Conjecture Slide (Slide 10)\nHe said that any kind of large storage has an Uncorrectable Bit Error Rate (UBER), and for new kinds of storage media, this is likely to be high in the beginning. If you access the media in blocks, you can transparently add error correction, and get a much better Recoverable Bit Error Rate (RBER). As you make the blocks larger, checksums have less overhead and can become larger, and the RBER goes down for a constantly bad UBER. So new and unreliable media will come as block storage to the market much easier.\nSo if you have the coin, Khajiit can build you a box with way more Optane on the PCIe bus than on the memory bus to hold your warez persistently. On the other hand, there are no prices listed anywhere close to where Intel pushes Optane at developers and that should make you stop and think.\nAbusing PMEM as a disk We have the box, and it exposes the memory as two pmem devices, and they happen to be block devices. What is one going to do with it?\nArchitect an application that uses this magic memory in a transactional way, with lockless data structures that maximize parallel access by many threads with a minimum amount of delay, leveraging the tools made available to developers on the Intel website, of course.\nSeriously, it’s a block device.\nSo let’s make a file system and use this one-of-a-kind pinnacle of 21st century storage technology as a really fast SSD, because… Well, it’s easier done than the other thing.\nAnyway, here’s the fio:\nread: IOPS=142k, BW=2212MiB/s (2319MB/s)(648GiB/300001msec) clat percentiles (nsec): | 1.00th=[ 227], 5.00th=[ 231], 10.00th=[ 233], 20.00th=[ 243], | 30.00th=[ 245], 40.00th=[ 249], 50.00th=[ 253], 60.00th=[ 258], | 70.00th=[ 266], 80.00th=[ 274], 90.00th=[ 298], 95.00th=[ 314], | 99.00th=[ 338], 99.50th=[ 350], 99.90th=[ 438], 99.95th=[ 540], | 99.99th=[10176] Shut your mouth, please. The scale actually switched to ns (1/10E-9) instead of µs (1/10E-6). We are at 0.227µs - 0.350µs here, and are good till the 99.95th, actually.\nSo, dumb sysadmin bloke hodored 142 000 single threaded IOPS out of a /dev/pmem, xfs and fio combo, at a data rate of 2.3 GB/s. Imagine what an actual developer could do with this stuff (if they used a proper systems programming language instead of Javascript, that is).\nPure writes (times 8):\nwrite: IOPS=63.3k, BW=989MiB/s (1037MB/s)(290GiB/300000msec) clat percentiles (nsec): | 1.00th=[ 249], 5.00th=[ 255], 10.00th=[ 258], 20.00th=[ 262], | 30.00th=[ 266], 40.00th=[ 270], 50.00th=[ 274], 60.00th=[ 274], | 70.00th=[ 290], 80.00th=[ 326], 90.00th=[ 370], 95.00th=[ 382], | 99.00th=[ 430], 99.50th=[ 438], 99.90th=[ 470], 99.95th=[ 482], | 99.99th=[ 3376] 506400 IOPS, 8 GB/s, 0.249µs-0.482µs till the 99.95th. And the 8x read + 8x write is much of the same, 500k IOPS, 8 GB, stable latencies of 1/4 to 1/2 µs till the 99.95th.\nLet’s get cocky and try to work our way up. We are sitting on two 8280 CPUs, that’s 56 real cores or 112 threads. How well does this thing deal with parallel access?\nWell, up to 32 readers, I get an aggregate of 32 GB/s, 2m aggregated IOPS and the same latencies until the 99.90th, and then a slight degradation at the 99.95th. With even more threads, things tend to level out and then break down. The 100-way parallel run ends up with 200k IOPS only.\nSome graphics Here is a comparison of some key performance data: SSD with smart controller, SSD direct, NVME direct and Optane.\nRead, Buffered and Unbuffered Writes. The Optane Data is there, you just cannot see it, because it is too fast. The scale is µs.\nMoral: NVME don’t buy you much latency, but look at those sweet IOPS, all available in parallel accesses/deep queues only.\nIOPS and Bandwidth of various storage hardware compared\nRecommendations “Optane on the memory bus” brings a new kind of storage to Linux. There are libraries to use it to the fullest.\nAbusing “Optane on the memory bus” as a block device shows the potential of the technology, but is at the same time severely underutilizing the true capabilities of the hardware.\nDespite Optane having even more IOPS than NVME NAND flash and being faster, the gap between latency and IOPS is smaller than with NVME NAND flash, thus the level of parallelism in access required to fully unlock the performance potential of the device is smaller.\nThe latency introduced by the Linux block device subsystem is increasingly becoming a problem, as is the age-old UNIX API around open(2) and friends. Since this is like the core of Unix, we are actually seeing the beginning of the end of the usefulness of the Unix API – that is, if something else is actually showing up to take its place instead. If you have experience with AS/400 aka IBM i-Series, now is the time to capitalize on it.\nThe slow takeup of Optane with consumers is not only due to Intels really outlandish pricing model, but also because to fully unlock the potential of Optane on the memory bus (beyond it being a really nifty flash disk) our applications and the way we design applications needs to be rethought.\nAt this point Intel is better off peddling Optane to application makers such as Oracle MySQL than us directly, because without applications truly making use of persistent memory we have no reason to buy it.\nIt’s still fun to play with.\nPMDK Intel has classes for developers on using the persistent memory development kit (PMDK) and the underlying stuff. They are necessary, because an application rethink it coming up, which will fundamentally change the way we think about storage.\n","date":"2019-06-14T00:00:00Z","href":"https://blog.koehntopp.info/2019/06/14/not-quite-storage-any-more.html","tags":["lang_en","storage","computer"],"title":"Not quite storage any more"},{"categories":null,"content":" Adventures in Storageland Devices In the last few weeks, I have been benchmarking server storage in order to get a better idea what the state of the hardware is these days. There is a summary with recommendations at the end of this article. Storage technology\nIn the past, we had stored data on rotating disks.\nAn open hard disk chassis. You can see the topmost of a stack of disks, and the arm with the r/w heads.\nWhile the capacities of hard disks changed, access speeds and the underlying technology did not change so much. So today you can get a stack of rotating disks that stores 10, 12 or 14 TB per drive, but the access time is still in the millisecond range.\nIt is likely around or slightly below 5ms, so you get to transfer data from 200-250 different locations per second. Databases do mostly random access, and that means you get to write 200-250 commit/s to disk.\nAll of that changed around 2012 or so. At that time, NAND flash based storage became available at scale under the name of Solid State Drive (SSD). At work, first deployment of SSD at scale was in that year, in a very volatile replication chain and it completely transformed the way we worked with hotel room availability data.\nSSD are plug-in replacements for traditional hard disks: They have the same connectors and bus systems, and the same form factor. They may be flatter, though: A modern U.2 (2.5”) SSD is either tall (15mm) or flat (7mm).\n15mm U.2 drive and it’s content.\nOn the inside they are different, though: They contain one logic board which houses a lot of flash NAND chips and a custom flash NAND controller. The logic board may be folded in order to make most use of the available height to increase storage capacity. The image above shows a SSD chassis and its content, unfolded.\nThe folded design is far from optimal: Inside such a chassis you have a thermal design power of 7W-9W in a consumer device, and up to 25W in an enterprise device - power consumption is linear with the number of chips, and superlinear with the clock rates of the chips. U.2 form factor is good for HDD, but not so good for SSD, because it is hard to cool.\nM.2 flash drive in a holder on a mainboard.\nOne attempt of handling this better is M.2, which is basically a logic board for flash NAND chips and a controller, and a board holder on the main board. This cools obviously much better, but is very hard to handle inside a data center and has a very limited lifetime in terms of number of plug-in/removal operations inside a consumer device.\nThe attempt to fix all of that is the “flash ruler”, “EDSFF”.\nIntel flash rulers in a 1U high chassis.\n“Ruler” type flash is built to the height of a rack unit, has a specificed chassis form that allows for cooling (up to 40W TDP per “long” device), has managed air flow, and is designed to be toolless, field replaceable and hot pluggable. It looks like the perfect solution.\nUntil you realise that there are two incompatible competing standards, each of which has exactly one supplier: Intel and Samsung.\nSo, for most, at the moment, U.2 it is, until the “ruler” proponents get their stuff sorted out.\nInterfaces The interface we use to talk to hard disks has evolved and not evolved at the same time, for a very long time. In the past, we spoke SCSI commands over a parallel SCSI bus to our disks.\nToday, we use multi-Gbit rated serial buses to speak ancient SCSI commands and SCSI command extensions to our devices. The bus is SATA or SAS - either serial attached consumer disk protocol, or serial attached enterprise disk protocol, so to speak, only that SATA has become good enough to be used in the enterprise, too. Bus speed is 3 GBit/s, 6 GBit/s (what most people actually use) or 12 Gbit/s.\nSATA interfaces are block storage interfaces, so you get to access and address blocks of 512 bytes or 4096 bytes on the device, and you specify block numbers. In the past that was geometry addresses ( cylinder-head-sector ), but that became meaningless very quickly as storage technology improved and in the last 20 years everybody always has been using LBA and letting the storage controller do its thing.\nStill, these days we are actually speaking to memory chips, and doing this through a block interface originally designed for rotating storage makes a lot of overhead and increasingly little sense.\nHow about putting the flash chips directly on the PCIe 3.0 bus, and dropping the controller interface? That’s NVME. You are taking the same form factor, the same flash chips and the same controller chip, with a different firmware and are plugging it into a PCIe 3.0 extension instead.\nThe result is about half the latency, and a much higher transfer bandwidth. We can in fact build connectors that accept and automatically switch between SATA and NVME, no problem.\nBenchmarking it So, in testing, what can we expect? In MySQL land, I/O is done in blocks of 16 KB, and is done as random I/O mostly, in reads as well as writes. So we are writing a benchmark specification for fio that is testing things: A single threaded 16 KB sequential read test for a baseline throughput benchmark, a 16 KB block size random-write benchmark, 8-way parallel for random I/O calibration, and a mixed r/w benchmark, 8 way parallel, to simulate an operational database.\n[seq-read] rw=read size=40g directory=/a/fio fadvise_hint=0 blocksize=16k direct=1 numjobs=1 nrfiles=1 runtime=300 ioengine=libaio time_based This spec defines a 40g test file in a benchmark directory, which is being read without caching, for 300s, linearly and single threaded.\n[random-write] # 8 processes, 5g files each = 40g rw=randwrite size=5g directory=/a/fio fadvise_hint=0 blocksize=16k direct=1 numjobs=8 nrfiles=1 runtime=300 ioengine=libaio time_based The same, but random writes, in 8 threads in parallel. Each writer has their own file, so 8 files at 5GB each, for 40 GB total.\n[read-write] rw=rw rwmixread=80 size=5g directory=/a/fio fadvise_hint=0 blocksize=16k direct=1 numjobs=8 nrfiles=1 runtime=300 ioengine=libaio time_based And the same as the randwrite, only this time 80% reads, 20% writes.\nA blade with a SATA SSD When running this on a normal blade, the SSD is actually attached to a caching RAID controller.\nSuch a controller is actually an ARM based computer in it’s own right, sitting on the PCIe board. It has a multi-core CPU, a few GB memory, and a supercapacitor to buffer things when the power fails. It is taking disk writes, caching them on the onboard memory and then does its things in the background to write this to some kind of storage.\nOriginally it is designed to make slow hard disks fast, but with SSD as a backing storage it is not unlikely that the only thing it does is increasing latency.\nSo here is the baseline for a traditional Dell M630 with a PERC controller and a 1.92TB SSD:\n# fio --section=seq-read ./fio.cfg seq-read: (g=0): rw=read, bs=(R) 16.0KiB-16.0KiB, (W) 16.0KiB-16.0KiB, (T) 16.0KiB-16.0KiB, ioengine=libaio, iodepth=1 fio-3.1 Starting 1 process seq-read: Laying out IO file (1 file / 40960MiB) Jobs: 1 (f=1): [R(1)][100.0%][r=245MiB/s,w=0KiB/s][r=15.7k,w=0 IOPS][eta 00m:00s] seq-read: (groupid=0, jobs=1): err= 0: pid=18818: Fri May 10 10:31:29 2019 read: IOPS=15.3k, BW=239MiB/s (251MB/s)(70.0GiB/300001msec) slat (usec): min=4, max=186, avg= 5.63, stdev= 2.48 clat (nsec): min=1500, max=145648k, avg=58921.07, stdev=109647.10 lat (usec): min=56, max=145652, avg=64.67, stdev=109.74 clat percentiles (usec): | 1.00th=[ 53], 5.00th=[ 53], 10.00th=[ 53], 20.00th=[ 53], | 30.00th=[ 53], 40.00th=[ 54], 50.00th=[ 55], 60.00th=[ 55], | 70.00th=[ 59], 80.00th=[ 60], 90.00th=[ 73], 95.00th=[ 75], | 99.00th=[ 91], 99.50th=[ 99], 99.90th=[ 235], 99.95th=[ 433], | 99.99th=[ 2343] bw ( KiB/s): min=38912, max=263456, per=100.00%, avg=244768.87, stdev=24405.41, samples=599 iops : min= 2432, max=16466, avg=15298.03, stdev=1525.34, samples=599 lat (usec) : 2=0.01%, 4=0.01%, 10=0.01%, 50=0.04%, 100=99.47% lat (usec) : 250=0.39%, 500=0.05%, 750=0.01%, 1000=0.01% lat (msec) : 2=0.02%, 4=0.01%, 10=0.01%, 20=0.01%, 50=0.01% lat (msec) : 250=0.01% cpu : usr=4.95%, sys=12.28%, ctx=4589759, majf=0, minf=114 IO depths : 1=100.0%, 2=0.0%, 4=0.0%, 8=0.0%, 16=0.0%, 32=0.0%, \u0026gt;=64=0.0% submit : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, \u0026gt;=64=0.0% complete : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, \u0026gt;=64=0.0% issued rwt: total=4589635,0,0, short=0,0,0, dropped=0,0,0 latency : target=0, window=0, percentile=100.00%, depth=1 Run status group 0 (all jobs): READ: bw=239MiB/s (251MB/s), 239MiB/s-239MiB/s (251MB/s-251MB/s), io=70.0GiB (75.2GB), run=300001-300001msec Disk stats (read/write): dm-4: ios=4588416/35691, merge=0/0, ticks=259207/18045, in_queue=277259, util=86.48%, aggrios=4605315/37547, aggrmerge=274/2057, aggrticks=262279/21346, aggrin_queue=283104, aggrutil=86.21% sda: ios=4605315/37547, merge=274/2057, ticks=262279/21346, in_queue=283104, util=86.21% That’s a lot of output, but we are interested into a few key numbers here. This is a sequential benchmark, because we asked for that (–section=). We get 15.300 IO operations per second (IOPS), and a bandwidth of 239 MB/s (with 1024-based metric). In our 300s benchmark, we transferred 70 GB.\nfio dynamically shifts units as it sees fit, so we need to make sure if we are looking at milliseconds (ms, 1/1000 of a second, 1 kHz event frequency), microseconds (µs, us, 1/1 000 000 of a second, 1 MHz event frequency) or nanoseconds (ns, 1/1 000 000 000 of a second, 1 GHz event frequency).\nfio also knows three different latencies, lat, clat and slat. They do mean different things for different I/O engines, and in our case (using async I/O with libaio), the meaningful numbers are clat (completion latency) or overall lat, but not slat (submission latency numbers).\nWe do get a clat histogram in usec, and that is useful: There is a relatively stable completion time up to the 99.50th percentile, and then things rise. clat is 50µs (20 000 per second) to 100µs (10 000 per second), and we do indeed get 15 000 IOPS in total.\nFor the random write benchmark we get 8 times output like\n... write: IOPS=2454, BW=38.4MiB/s (40.2MB/s)(11.2GiB/300001msec) ... clat percentiles (usec): | 1.00th=[ 202], 5.00th=[ 237], 10.00th=[ 249], 20.00th=[ 269], | 30.00th=[ 285], 40.00th=[ 302], 50.00th=[ 314], 60.00th=[ 330], | 70.00th=[ 347], 80.00th=[ 396], 90.00th=[ 482], 95.00th=[ 570], | 99.00th=[ 2212], 99.50th=[ 2966], 99.90th=[ 6915], 99.95th=[ 7832], | 99.99th=[ 9503] ... The total of the IOPS is 19588, and the clat inflection is around the 95th percentile with 200µs to 570µs write latency, and then runaway times in the ms range. Aggregated bandwidth is around 300 MB/s (6 GBit/s are 715 MB/s theoretical max).\nAnd for the r/w mix (80% read/20% write), we get 8 readers and 8 writers, each reporting\n... read: IOPS=2153, BW=33.6MiB/s (35.3MB/s)(9.86GiB/300001msec) ... clat percentiles (usec): | 1.00th=[ 155], 5.00th=[ 204], 10.00th=[ 231], 20.00th=[ 265], | 30.00th=[ 297], 40.00th=[ 322], 50.00th=[ 338], 60.00th=[ 355], | 70.00th=[ 379], 80.00th=[ 412], 90.00th=[ 478], 95.00th=[ 873], | 99.00th=[ 2073], 99.50th=[ 2212], 99.90th=[ 2409], 99.95th=[ 2540], | 99.99th=[ 6849] ... write: IOPS=540, BW=8647KiB/s (8855kB/s)(2533MiB/300001msec) ... clat percentiles (usec): | 1.00th=[ 60], 5.00th=[ 76], 10.00th=[ 85], 20.00th=[ 105], | 30.00th=[ 127], 40.00th=[ 149], 50.00th=[ 172], 60.00th=[ 194], | 70.00th=[ 217], 80.00th=[ 241], 90.00th=[ 277], 95.00th=[ 314], | 99.00th=[ 371], 99.50th=[ 449], 99.90th=[ 1696], 99.95th=[ 2737], | 99.99th=[ 6456] ... The sum of all IOPS is 21412, and the clat inflection is at the 95th with 155µs to 873µs for read, and at the 99.50th for write with 60µs to 449µs (and it’s actually more complicated than this for writers, but that’s a different story). We do see a total aggregated bandwidth of 336 MB/s (out of 715 MB/s max).\nWe are looking at a device that has a read-latency in the range of 150 µs, and that in linear read mode can likely leverage readahead and local buffers in some way to get below 50 µs in good cases.\nWrite latency is likely 3x that, unbuffered, but like all flash devices it has RAM and can use a fraction of that RAM to buffer a part of the writes. This is more effective for smaller write loads, and we can see that in the comparison of the numbers between the full write test compared to the r/w mix.\nA blade without the smart controller Let’s try a blade without the smart controller, this time a HP BL460c with a directly attached SSD without the caching RAID controller. In this test device, the disk controller is a dumb SATA attachment, no buffering, processing, RAIDing or other “smartness” inbetween.\nread: IOPS=14.2k, BW=222MiB/s (233MB/s)(64.0GiB/300001msec) clat percentiles (usec): | 1.00th=[ 50], 5.00th=[ 51], 10.00th=[ 52], 20.00th=[ 53], | 30.00th=[ 53], 40.00th=[ 55], 50.00th=[ 56], 60.00th=[ 62], | 70.00th=[ 64], 80.00th=[ 64], 90.00th=[ 66], 95.00th=[ 68], | 99.00th=[ 77], 99.50th=[ 79], 99.90th=[ 355], 99.95th=[ 537], | 99.99th=[ 3130] So 14.2k instead of 15.3k with the expensive controller, and 50-79µs instead of 53-99µs with the expensive controller. For pure writes (times 8):\nwrite: IOPS=3458, BW=54.0MiB/s (56.7MB/s)(15.8GiB/300001msec) clat percentiles (usec): | 1.00th=[ 151], 5.00th=[ 188], 10.00th=[ 194], 20.00th=[ 227], | 30.00th=[ 237], 40.00th=[ 245], 50.00th=[ 253], 60.00th=[ 260], | 70.00th=[ 262], 80.00th=[ 269], 90.00th=[ 306], 95.00th=[ 375], | 99.00th=[ 938], 99.50th=[ 1057], 99.90th=[ 3916], 99.95th=[ 4228], | 99.99th=[ 5211] So, 28507 IOPS in total (compared to 19588 for the expensive controller), and 150-375µs (compared to 200-570µs for the expensive controller), and better behavior for the runaway times, too.\nFor the mix (times 8):\nread: IOPS=2296, BW=35.9MiB/s (37.6MB/s)(10.5GiB/300002msec) clat percentiles (usec): | 1.00th=[ 174], 5.00th=[ 202], 10.00th=[ 223], 20.00th=[ 258], | 30.00th=[ 285], 40.00th=[ 310], 50.00th=[ 334], 60.00th=[ 363], | 70.00th=[ 400], 80.00th=[ 445], 90.00th=[ 529], 95.00th=[ 635], | 99.00th=[ 1876], 99.50th=[ 2966], 99.90th=[ 3490], 99.95th=[ 3654], | 99.99th=[ 4555] write: IOPS=576, BW=9225KiB/s (9446kB/s)(2703MiB/300002msec) clat percentiles (usec): | 1.00th=[ 52], 5.00th=[ 58], 10.00th=[ 63], 20.00th=[ 72], | 30.00th=[ 89], 40.00th=[ 98], 50.00th=[ 116], 60.00th=[ 124], | 70.00th=[ 139], 80.00th=[ 155], 90.00th=[ 174], 95.00th=[ 190], | 99.00th=[ 223], 99.50th=[ 237], 99.90th=[ 258], 99.95th=[ 273], | 99.99th=[ 293] That comes out as a total of 23005 IOPS (as opposed to 21412), and for reads, a range of 174-635µs (155-873µs for the expensive controller), while for writes it is 52-237µs (60-449µs).\nIndeed, latency and degraded behavior are better for directly attached disks, the caching RAID controller (200€ extra per device) is substracting value.\nWe can confirm these results with more benchmarking in additional, slightly different configurations (Dell, HP, new and old machines) across the test zoo.\nSome NVME A colleague donated a NVME based HP box to the test. It actually has 4 NVME devices, and we naively build a striped RAID-0 from it using LVM2, because why not? Each 16 KB write goes to a different NVME device, in a round-robin fashion (This is a silly thing to do, but that would require a longer digression to explain - the 1M stripe setup does not fundamentally change things, though).\nThe outcome is unexpected and disappointing, or is it?\nread: IOPS=8459, BW=132MiB/s (139MB/s)(38.7GiB/300001msec) clat percentiles (usec): | 1.00th=[ 97], 5.00th=[ 101], 10.00th=[ 102], 20.00th=[ 102], | 30.00th=[ 103], 40.00th=[ 106], 50.00th=[ 116], 60.00th=[ 119], | 70.00th=[ 123], 80.00th=[ 123], 90.00th=[ 124], 95.00th=[ 127], | 99.00th=[ 133], 99.50th=[ 145], 99.90th=[ 186], 99.95th=[ 196], | 99.99th=[ 221] My colleague claims that a single NVME device is capable of a million IOPS, yet here we see fewer than 10 000, and 100-200µs completion latencies. What’s wrong?\nWrite test (times 8):\nwrite: IOPS=23.3k, BW=365MiB/s (383MB/s)(107GiB/300001msec) clat percentiles (usec): | 1.00th=[ 19], 5.00th=[ 19], 10.00th=[ 20], 20.00th=[ 20], | 30.00th=[ 21], 40.00th=[ 22], 50.00th=[ 24], 60.00th=[ 26], | 70.00th=[ 36], 80.00th=[ 47], 90.00th=[ 61], 95.00th=[ 70], | 99.00th=[ 95], 99.50th=[ 114], 99.90th=[ 192], 99.95th=[ 293], | 99.99th=[ 2409] Total IOPS: 183000, range: 19-200µs. Mix (times 8):\nread: IOPS=6960, BW=109MiB/s (114MB/s)(31.9GiB/300001msec) clat percentiles (usec): | 1.00th=[ 97], 5.00th=[ 103], 10.00th=[ 104], 20.00th=[ 108], | 30.00th=[ 112], 40.00th=[ 118], 50.00th=[ 121], 60.00th=[ 125], | 70.00th=[ 126], 80.00th=[ 129], 90.00th=[ 141], 95.00th=[ 169], | 99.00th=[ 412], 99.50th=[ 611], 99.90th=[ 1385], 99.95th=[ 1696], | 99.99th=[ 2311] write: IOPS=1740, BW=27.2MiB/s (28.5MB/s)(8161MiB/300001msec) clat percentiles (usec): | 1.00th=[ 19], 5.00th=[ 19], 10.00th=[ 20], 20.00th=[ 20], | 30.00th=[ 20], 40.00th=[ 20], 50.00th=[ 21], 60.00th=[ 21], | 70.00th=[ 22], 80.00th=[ 23], 90.00th=[ 27], 95.00th=[ 30], | 99.00th=[ 60], 99.50th=[ 70], 99.90th=[ 95], 99.95th=[ 113], | 99.99th=[ 202] Total IOPS: 70010, range: 19-100µs for writes, and 100-200µs for reads. So we do get a large number of IOPS, but not in the first scenario.\nWhat’s wrong? Well, latency is.\nIn the read-only case, we have a clat of 116µs in the 50th percentile, so with 1000000µs to the second, we get 1000000/116 = 8620 IOPS single threaded, and indeed we measured 8459. Math works, every single time.\nSo we might have a total IOPS capacity of the total device that may be 100k or even a million IOPS, but we also do have a (surprisingly constant) read latency of 100-200µs and that is not going to change. The only way to get all these IOPS is to have many concurrent accesses, all of which will take at least 100µs per read.\nAs we can see by going 8-way parallel (for pure writes) or 16 way parallel (8 readers, 8 writers) we get a lot more in terms of IOPS, at the expected latencies per thread.\nAnd indeed, a sequential read test with 128 readers in parallel yields (times 128):\nread: IOPS=5289, BW=82.7MiB/s (86.7MB/s)(24.2GiB/300001msec) clat percentiles (usec): | 1.00th=[ 118], 5.00th=[ 126], 10.00th=[ 133], 20.00th=[ 141], | 30.00th=[ 147], 40.00th=[ 155], 50.00th=[ 163], 60.00th=[ 176], | 70.00th=[ 192], 80.00th=[ 215], 90.00th=[ 247], 95.00th=[ 281], | 99.00th=[ 367], 99.50th=[ 412], 99.90th=[ 523], 99.95th=[ 586], | 99.99th=[ 1090] These are not bad numbers at all: 648223 IOPS in total, at 100-400µs, and even above the 99.50th relatively stable times. The total aggregated bandwidth is 9.9GB/s (80 Gbit/s) with very little jitter (so we are not even maxing this out, we are not even at 1/3 the max for PCIe).\nRecommendations and Learnings From a SSD, we can expect about 20k IOPS, and about 3-4 GBit/s bandwidth (6 GBit/s bus) using MySQL type of workloads.\nA caching RAID controller adds negative value: It costs more, but does not improve the numbers. Latency and jitter actually increase. We lose access to the SMART data, too, and have to rely on controller diagnostics instead. We should stop buying caching RAID controllers (and we have indeed done that).\nNVME is a different bus to the same disk hardware (Flash NAND and controller) that is in a SSD, but it creates a much better latency and throughput. It can do that, because it attaches the storage directly to the PCIe bus instead of the much slower and more complicated SATA bus. It opens the gate to much higher bandwidth and IOPS numbers from the same hardware, but latency is unchanged (but much more stable under load).\nWe should stop buying SATA attached devices and focus on NVME instead. We should make sure that the pricing matches, because the hardware is essentially the same, only the bus interface changes.\nRead latency is around 100µs for a NVME read, and write latency is around 420µs for an unbuffered flash write (20µs for a write to the supercap buffered cache RAM on the NVME device, and we have probably around 512 MB of that per NVME device).\nThat also means that access to the NVME flash disk needs to be as parallel as possible, up and beyond 100-way parallel, in order to unlock the full IOPS yield the hardware can do:\nWe have 1 000 000 µs to the second, but latency is not 1µs, but 100µs/400µs, so we can and need to run 100-400 parallel accesses to be able to saturate the device.\nIt is very hard to impossible to get 100-way parallel commits from a relational database, so in order to saturate even a single NVME device we are likely to need multiple applications or database instances on a single device. From an IOPS point-of-view, it should never be necessary to have more than one NVME device per box.\nThat means in order to make most of NVME you really need the capability to run multiple workloads on a single device. Virtual machine and Kubernetes based databases are becoming a necessity in order to make full use of our hardware, even at the storage level.\n","date":"2019-06-13T00:00:00Z","href":"https://blog.koehntopp.info/2019/06/13/adventures-in-storageland.html","tags":["lang_en","storage","computer"],"title":"Adventures in Storageland"},{"categories":null,"content":"Ich habe ein Kind, es ist neun Jahre alt.\nMit drei Jahren stand das Kind vor dem Fernseher und hat mit beiden Händen versucht, das Bild größer zu ziehen, wie es das als Handygeste gewohnt war.\nMit sechs Jahren hat sich das Kind über das Fernsehen beklagt, weil man ein Live Programm nicht anhalten kann, um in Ruhe auf das Klo zu gehen, und auch nicht rückspulen kann. \u0026ldquo;Außerdem ist das blöd, wenn man Sachen nicht anhalten und zum später gucken zurücklegen kann. Dann bestimmt einen der Fernseher so doof.\u0026rdquo;\nMit sieben hat sich das Kind iMovie beigebracht und angefangen, Videos vom Handy auf das 2010er MBP zu laden, das ich ihm als ersten Computer gegeben habe. Wohlgemerkt, nicht ich habe ihm iMovie beigebracht, das hat das Kind alleine getan. Ich habe dann iMovie lernen müssen, um mitzureden.\nMit acht hat das Kind angefangen, auf Netflix und Youtube aufgeschnappte visuelle Erzählstrukturen und dramatische Redewendungen wie \u0026ldquo;Schnitt/Gegenschnitt\u0026rdquo;, Foreshadowing von Ton/Bild, Bild/Ton Schere, Standard-Perspektiven und simple Spezialeffekte (iMovie Greenscreen, Stop Motion) einzusetzen und mit Freunden zusammen Ghetto-Style Filme zu produzieren. Weil mehr Rollen als Kinder da waren, wurden Rollen mehrfach besetzt, dabei war die Rolle des Kindes durch die Kleidung leicht zu erkennen, und wieder kamen iMovie-Spezialeffekte zum Einsatz\u0026hellip;\nZum Teil wurden dabei Videospiel-Erlebnisse nachgestellt, oder Film-Erlebnisse als Kurzfilm nachgestellt, zum Teil wurden diese Dinge als Ausgangsbasis für eigene Geschichten genommen. Handlung, Dramaturgie und Pacing wurden dabei als Notwendigkeiten selbst entdeckt (\u0026ldquo;Nein, die können nicht einfach so ankommen, da muß unterwegs noch irgendwas passieren, sonst ist es langweilig.\u0026rdquo;) und Fragen nach der Motivation und dem Character von Figuren haben sich auch von selbst ergeben (\u0026ldquo;Aber wieso macht der das? Du würdest das machen, aber Mehmet nie\u0026hellip;\u0026rdquo;).\nDas Kind spielt Transport Fever, ARK Survival, Jurassic World: Evolution und ähnlich. Szenen aus Videospielen dienen als Vorlage oder als Hintergrundbild in Greenscreen-Tricks. Youtube wird konsultiert, um zu verstehen, wie das Spiel geht, wie Probleme zu lösen sind, oder wenn es nicht weitergeht. Es gibt eine Liste von Standard-Youtubern, die abonniert sind und die regelmäßig gesehen wird, um neue Tricks zu lernen. Auch beim Basteln und Handwerken werden Youtube-Maker-Videos quasi automatisch als Vorlage konsultiert.\nFernsehen wird über die Schule ebenfalls via Youtube konsumiert: NOS Jeudgjournaal und vergleichbare Dinge werden mindestens einmal pro Tag in der Schule gesehen und dienen als Ausgangsbasis für eine Diskussion in der Klasse.\nWir haben einen Fernseher im Haushalt, im Wohnzimmer, an einem Mac mini und einer Chromecast, sowie einer Settop-Box, weil die mit dem Internet-Anschluß im Haus mitgekommen ist. Gesehen wird auf iPads oder Laptops, gemeinsam ins Bett gekuschelt, oder im Wohnzimmer - aber dort dann in der Regel auf dem Mini, Netflix, Amazon prime (Es gibt Pumuckl auf Amazon prime!) und wieder Youtube, oder vom lokalen Fileserver gestreamed. Der lineare Fernsehkonsum des Kindes seit seiner Geburt in 2010 ist vermutlich keine dreistellige Anzahl von Stunden.\nDas ist keine ungewöhnliche Kindheit. Die Kinder, mit denen unser Kind spielt, aus der Schule, aus dem Chor oder der Geigenstunde, und vom Schwimm-Unterricht, zeigen dieselben Interessen und Verhaltensweisen. Manche sind mehr Teil der Game-Szene und nutzen Youtube als Input oder Output für ihre Computerspiel-Aktivitäten. Andere sind mehr Videokinder und nutzen Games als Quelle für Bildmaterial oder als Szenenbildner/Machinima-System.\nViele Kinder sind visuell kreativ aktiv, alle Kinder sind Cordcutter, die faktisch kein lineares Fernsehen wahrnehmen. Video- und Spielkonsum sind (im Rahmen der elterlichen Grenzen) selbstbestimmt und selbstgewählt. Inhalte werden verarbeitet, diskutiert und re-produziert, variiert, integriert und weiter auf-, um- und verarbeitet.\nDie Frage ist eigentlich nich: \u0026ldquo;Wieso Rezo?\u0026rdquo; Sondern: \u0026ldquo;Wieso erst jetzt?\u0026rdquo; Und wieso hat sich der öffentliche gesellschaftliche Diskurs so von der U30-Generation entfremden können. Die Personen, die in der BILD diskutiert werden, oder die auf https://www.unterstuetzt-merkel.de/prominente (https://www.cdu.de/impressum : AKK, Paul Ziemiak) zitiert werden, haben exakt keine Berührungspunkte mit dem Leben der U30-Generation. Sie sind in der Welt dieser Personen UNSICHTBAR - und umgekehrt.\nDas ist total kaputt und total faszinierend.\n","date":"2019-05-28T00:00:00Z","href":"https://blog.koehntopp.info/2019/05/28/kinder-und-visuelle-medien.html","tags":["pluspora_import"],"title":"Kinder und visuelle Medien"},{"categories":null,"content":"Heise berichtet: Mozilla will weg von IRC und sucht Alternative .\nUnd das Heiseforum sabbert reflexartig:\nAber IRC ist doch noch gut, da muß man nur einmal mit der Drahtbürste rüber und dann kann das wieder auf Lager gelegt werden.\nUnd:\nXMPP! XMPP ist gut, denn es ist ein offener Standard.\nJa, dann also mal Iso-Standard-Rant 8859-1:\nErst mal IRC.\nIRC ist kaum mal ein Protokoll. Es gibt einen einzigen RFC zum Thema IRC, rfc1459 von 1993 und das enthält nicht mal MIME, weiß nichts von UTF-8 und definiert den Zeichensatz von IRC als ASCII-Variante Geschmacksrichtung Schweden mit []{} als lustige Sonderzeichen.\nModerne Anforderungen an Chat werden nicht abgedeckt: In der Variante wie im RFC gibt es keine Identitäten und keine Authentisierung, kein TLS und auch sonst keine Sicherheit. Ein IRC-Server nach diesem Standard würde Spam, Identitätsdiebstahl und Abhören Tür und Tor öffnen. Ircnet ist ein deutsches Netz nach diesem Standard und hat genau alle diese Probleme \u0026ndash; Ban und Blockierung erfolgt nach IP-Ranges und als Nutzer aus dem AS der Deutschen Telekom muß man im Ircnet schwere Einschränkungen hin nehmen, weil Ircnet seine Nutzer nicht unterscheiden kann.\nIrc hat keine Presence und keine Persistenz. Das ist natürlich blöd, wenn man ein Mobilnutzer ist und nicht nur laufend Disconnected, sondern auch noch laufend eine wechselnde Portnummer und IP auf dem Gateway des Mobilnetzes hat. Das Konzept von Pushnachrichten-Servern wie sie Google und Apple für mobile Nutzung voraussetzen kennt IRC nicht. Damit ist eine sinnvolle Teilnahme an IRC mit einem mobilen Client nicht möglich und man belästigt alle Channelteilnehmer laufend mit QUIT-Nachrichten, und hat keine Historie des Chats, wenn man gerade offline ist.\nIRC hat nicht nur keine Zeichensätze, sondern auch sonst keine Form von moderner Kommunikation: Keinen funktionierenden File Transfer, denn DCC und CTCP funktionieren weitverbreitet nicht mehr, keine Inline Images, keine Eskalation zu Voice- und Videochat, keine strukturierte Kommunikation mit Threads, sodaß man auch nicht Themen und Replies auf Themen bannen kann, und auch alle anderen Merkmale moderner Chat-Anwendungen fehlen.\nIRC baut Chat um eine spatiale Metapher - Räume oder Channels, offene Gruppen. Es ist möglich, geschlossene Gruppen oder 1:1 zu machen, aber das ist mehr so aufgesetzt. Zugangskontrollen sind - auch wegen des fehlenden Identitätsmanagements - primitiv: Geschlossene Gruppen sind offene Gruppen mit einem globalen Paßwort, Zugangskontrolle um Identität und ACLs gibt es mehr so nicht.\nTLS und Verschlüsselung existieren in unterschiedlichen Geschmacksrichtungen, sind aber undefiniert.\nDann XMPP.\nDas ist quasi das Gegenteil von IRC: Es gibt nicht einen Standard für XMPP, es gibt https://xmpp.org/extensions/ . Es gibt keine Profile. Es ist jedem Client und Server überlassen, einen beliebigen Subset dieser Standards beliebig mißzuverstehen und zu implementieren und dann zu hoffen, daß etwas Sinnvolles dabei herauskommt.\nDas Resultat ist dann zum Beispiel ein Cisco Jabber Server, der für jede Nachricht ein DELAYED-Attribut setzt, auch bei Nachrichten, die nicht delayed sind und erwartet, daß der Client das an den Timestamp-Values in den Attributen selbst auseinander fisselt. Und ein libpurple, wie es in Adium eingesetzt wird, das das nicht juckt und daß alle Nachrichten mit DELAYED-Attribut immer als gelesen anzeigt.\nUnd wenn jemand zwei beliebige Jabber-Clients und einen beliebigen XMPP-Server dazu bekommt, einen Filetransfer zu machen, wenn auf einer Seite ein NAT involviert ist, ohne eine schwarze Ziege oder gar einige Menschen zu opfern - meinen Respekt. Im Allgemeinen kann man aber sagen, daß das für normalsterbliche Menschen auch mit viel Blutvergießen nicht lösbar ist.\nXMPP ist ein Protokoll, das für alles mögliche eingesetzt ist - nicht nur für Chaträume, sondern auch für einen Haufen anderer Maschine-Maschine Kommunikation. Das Ergebnis ist ein Protokoll, das von jedem irgendwie eingesetzt wird, aber eigentlich für niemanden funktioniert und ganz sicher nicht interoperabel ist. Das ist auch einer der Gründe, warum Jabber als Chat allgemein tot ist und sich proprietäre Chat-Lösungen durchgesetzt haben - Client installieren, loslegen. Es geht einfach.\nOffene Protokolle und Lösungen haben bei Chat einen Marktanteil von nahe 0 und das wird sich auch in naher Zukunft nicht ändern.\n","date":"2019-04-29T00:00:00Z","href":"https://blog.koehntopp.info/2019/04/29/mozilla-irc.html","tags":["pluspora_import","lang_de","computer"],"title":"Mozilla und IRC"},{"categories":null,"content":" Kubernetes and Complexity On Twitter, Sandeep remarked:\nThe complexity and amount of code involved is staggering. I\u0026rsquo;m not sure how we can possibly justify the Kubernetes, Istio, Docker, Envoy, Prometheus, Grafana, Jaeger, Kiali, Helm stack.\nWhat problem are we solving that were not solving 15 years ago, again? How much time and effort are being saved (by organisations smaller than Google)?\nOne reply was:\n\u0026ldquo;The amount of code is staggering. I\u0026rsquo;m not sure how we can justify the Linux, dpkg, HAProxy, Nagios, Check_MK, puppet, supervisor, apt stack.\u0026rdquo;\nUnlike other systems that try to solve similar problems, Kubernetes - at least in the past - has been driven by users that had a problem to solve, and not by gaggle of 400 vendors which think that it improves the flavour when they are pissing into a repo. Unlike these other systems, Kubernetes actually works and scales, with no added or proprietary components, if you take the public repo, build and deploy it. So that is still a lot of complexity, but at least it accomplishes something.\nWhat problem are we solving that we were not solving 2004? In 2004, we were running bare metal with maybe puppet, but more likely cfengine or even manual ssh execution running shell scripts out of a NFS file-share. And were monitoring with Nagios.\nThe progress is obvious, but let us list it:\nToday we are living in an age of abundance in the data center. In our data centers we have machines with at least 32 threads per machine, many have much higher number. Three digit GB of memory are standard. IOPS are not a problem with SSD. And multi-tiered leaf-and-spine L3 networks create fabrics that can connect any CPU in any machine to any disk in any other machine in the same data center, at nominal media speed and with minuscule latency added from the mesh, as long as we can do cut-through switching.\nThat is, if we planned our data center right, we are having The Data Center as a Computer . A uniform collection of threads with memory, a network as a connecting mesh and sufficient storage in capacity and IOPS somewhere within the same mesh.\nFrom this hardware substrate we can build clusters of Kubernetes, K8s. The K8s is basically \u0026ldquo;init for a network of machines\u0026rdquo;, a system that accepts declarative instructions of how to mesh a set of images of software into a network and a service. It then schedules resources from our substrate, and pushes the images onto that.\nBecause the images are self-contained and immutable, once they complete running, we can remove them from their respective machines and receive the original hosts back in original state. Because the images are self-contained and immutable, they can be scheduled on any node that has sufficient free capacity, specifics no longer matter. State is isolated and specially managed, K8s provides concepts for that, stateful sets and operators.\nThis allows hardware operators to provide capacity without caring much about the users, the devs and their apps running on the clusters. Conversely, it allows devs and apps to work with hardware using an API instead of people and tickets. Hardware and Data Center operations become a completely autonomous commodity.\nWhich we call \u0026ldquo;The Cloud\u0026rdquo;.\nFor devs and their apps, Istio and Envoy provide an interface to interconnect images to allow them to communicate. These systems also provide routing, balancing, authentication, enforce TLS, provide backoff and fault tolerance and collect metrics in a standardised way. And in a way that is invisible and inescapable to the people that write the application.\nAll these properties of the communication become an Aspect , taken out of the codebase, and the scope of the application programmer. They just are, whether the developer cares or knows about these things or not.\nSimilarly, Prometheus and the surrounding ideology have a story about what to collect (ie USE and RED , and follow @mipsytipsy on Twitter for a lot of insight). We are getting best practice around this, and it is being wrapped into an Aspect again.\nLook back 15 years - systems like Nagios and Graphite are extremely host centric. This does no longer work in the new operational model. We do no longer care about hosts at all, we care about capacity (let\u0026rsquo;s have more than we strictly need), and about churn (we have capacity, but there is a high death-and-reprovisioning rate and that is suspect, so we alert). Nagios-era systems are not equipped to deal with environments like this at all.\nTracing and Debugging are evolving and adapting in a similar way. Jaeger, sysdig and similar systems help you to debug problems in collections of microservices that are running in multiple instances across an arbitrary number of hosts somewhere in a much larger cluster of machines. They give you capability to follow requests up and down the stack where components are not bound to specific hosts. And they give you capability to view the flow of a request through services from a logical point of view without actually accessing individual physical hosts (or caring about these hosts at all.\nThere is any number of benefits from this change, this decoupling of deployments from specific instances of compute:\nImmutability makes it possible to reason about production and production state. Workloads can migrate (actually respawn) within a cluster as the need and the load changes. Deployments become a swift automated operational procedure. Interfaces to standard Aspects of operations (deployment, upgrade, monitoring, interconnection, cluster membership, shared state management) become standardised and become interchangeable. We get codified (literally, as code) best practice.\nSo what problem are we solving that we were not solving 15 years ago? Well, feel free to place my rant as a soundtrack on top of Monty Python .\nYes, there is complexity. You need to learn Go, JS and Python as a solid foundation to be able to play. You need to understand the distributed computing and security basics necessary in order to play in this arena. And that is quite a large piece. On the other hand, \u0026ldquo;The amount of code is staggering. I\u0026rsquo;m not sure how we can justify the Linux, dpkg, HAProxy, Nagios, Check_MK, puppet, supervisor, apt stack.\u0026quot;« as written elsewhere in this thread.\nFrom the K8s setup, you get a much higher average architectural quality by comparison. That is in no small part because of the way K8s is opinionated about how to handle and deliver things. It is also in the delivery, in the way of Aspects, wrappers around your stuff that provide functionality for operations, in a way that you do not even see when coding your stuff. You are getting sane defaults in a way that is mostly agnostic to what you care about.\nThis is an important decoupling in multiple dimensions, making everybody\u0026rsquo;s job easier and enabling them to deliver more and better quality with less work.\nYes, this is relatively new, but you can see how good and well-thought-out it is. There is a reason the K8s ecosystem owned everybody else in less than 3 years time, and this is why.\n","date":"2019-04-25T00:00:00Z","href":"https://blog.koehntopp.info/2019/04/25/what-has-kubernetes-ever-done-for-us.html","tags":["pluspora_import","lang_en","cloud"],"title":"What has Kubernetes ever done for us?"},{"categories":null,"content":"There is a big change currently happening in the industry, and it is what drives and enables Facebooks \u0026ldquo;pivot to privacy\u0026rdquo; at the moment. It\u0026rsquo;s less the public criticism of their methods, that\u0026rsquo;s just a justification, it\u0026rsquo;s more a broader shift.\nA lot of people misunderstand what\u0026rsquo;s going on: Facebook’s ‘pivot’ is less about privacy and more about profits A plan to integrate the technical infrastructure of WhatsApp and Messenger with Instagram would allow users to seamlessly communicate across three platforms for the first time. More importantly for Zuckerberg, though, it would link billions of detailed Facebook accounts with WhatsApp users – opening stockpiles of data to mine for advertisers.\nThat\u0026rsquo;s nice for current Facebook, but not actually the point. The actual point is more here: Instagram adds in-app checkout as part of its big push into shopping Instagram took its next step to becoming a full-fledged commerce business today, announcing that it is bringing a checkout feature to its mobile apps. With checkout, you can store your payment information with Instagram to make purchases more quickly. In return, Instagram is charging retailers a selling fee. More than 20 brands will use checkout to start, including Nike, Adidas, Dior, H\u0026amp;M, MAC Cosmetics, Michael Kors, Oscar de la Renta, Prada, Uniqlo, Warby Parker, and Zara.\nThe same thing happens at Google, Google Maps in this case, and in the customary bungled, half-assed way that is so characteristically socially inept Google: Google Maps for your hotel: All you need to know! Book on Google is an option from your Google Hotel Ads account (at no additional cost). It allows your hotel to have a direct “booking button” which appears on the Google profile from the search results.\nCompanies that actually care about the model, because their entire business depends on getting it right are doing it slightly more engaged. Witness this analysis of Discord: ThreadreaderApp As is common for start-ups, Discord is free + monetization hasn\u0026rsquo;t been a top priority\u0026hellip; but less common is Discord\u0026rsquo;s aversion to monetizing user data.\nIn the thread you will find the various approaches of selling to users and to devs, instead of selling them out, that Discord tried and continues exploring. It\u0026rsquo;s like a blueprint for Facebook (and especially their Instagram efforts) and for many other \u0026ldquo;social\u0026rdquo; things. Meanwhile, Google continues to close all the halfway working things they ever had in this realm - Google plus, their collection of failed chat apps and small sharing environments. Without a structure for people to interact, you will not get access to people and their interactions, and you are outside the recommender system that really matters - their peer network and personal recommendations.\nIf, as a global meta-strategy, you refuse to interact with people like people and through other people, you are ultimately being driven into irrelevance, and no amount of AI compute power will change that.\n","date":"2019-03-25T00:00:00Z","href":"https://blog.koehntopp.info/2019/03/25/sell-to-users.html","tags":["pluspora_import","lang_en","advertising"],"title":"Sell your users, or sell to your users"},{"categories":null,"content":"I trolled Twitter with some Ha-Ha-Only-Serious.\nEvery now and then someone complains on Twitter about the use of Bashisms in Shellscripts or legacy systems that are not completely Linux-compatible. I usually troll back with the claim that anything that is not Linux is broken, and that anything that is not Bash is broken.\nThat is of course a troll, and I am of course at the same time totally serious.\nYes, MacOS exists and does not have a Linux userland, and that is a problem (just try to use Docker, you get a VM that runs Linux that then starts Containers). Yes, Debian ships systems with ash, and your Openwrt runs Busybox, and in both cases that is the first thing everybody changes. At least if they are going to use these systems for real, and for good reasons, too.\nThe thing is, time did not stop. It\u0026rsquo;s 2019, and the by far dominant majority of all systems run Linux, bash and a few other things. It is perfectly okay to demand that these things are present, because the world has moved on and is way beyond kernel, operating systems and shell questions. In fact, the need to be able to run Docker images at scale is so huge that even Microsoft implemented a Linux kernel API on their operating system, which underneath is anything but close to what Linux requires.\nThe other thing is, of course, if portability matters, you do not run Bash or any other kind of Shell. Or if security matters. Or extensibility. Or anything at all. Use Python. Or, PHP or even Perl, if you are like from the last millennium.\nBut never write Shell Scripts. Ever. Or if you do, do not expect them to run anywhere but on your box. This in the history of mankind has never worked.\nSo, get yourself a real computer. And use a proper programming language. Thank you.\n","date":"2019-03-04T00:00:00Z","href":"https://blog.koehntopp.info/2019/03/04/bashismen.html","tags":["pluspora_import","lang_de","computer","linux","unix"],"title":"Bashismen"},{"categories":null,"content":"Die Frage war:\nWieso nennt man die Relativitätstheorie und Evolutionstheorie eigentlich immer noch \u0026lsquo;Theorie\u0026rsquo;?\nDie Antwort muss lauten:\nWeil sie das sind. Ein System von Theoremen, die ein Modell der Realität darstellen, das es erlaubt Vorhersagen über die Welt zu machen. In voller Länge ausgeführt in The Quark And The Jaguar: Adventures in the Simple and the Complex . Das Buch geht auf diesen Aspekt und noch viel mehr ausführlich ein und ist generell hilfreich um zu verstehen, was Wissenschaft ist und was nicht.\nIch glaube, es wird noch sehr lange dauern, bis wir über den Punkt hinaus sind, nur mit Modellen unser Universum beschreiben zu können.\nWir sind an diesem Punkt schon lange. Genau genommen seit der Aufklärung . Es ist das Wesen des Modells, einen Gültigkeitsbereich und Fehler zu haben, und Vorhersagen zu liefern.\nWas soll das bedeuten?\nVorhersagen Die Newton\u0026rsquo;schen Gesetze beschreiben die Bewegung von Dingen mit Masse im Vakuum bei subrelativistischen Geschwindigkeiten. Scope Die Vorhersagen dieser Gesetze funktionieren nicht in einer Atmosphäre, weil dort Reibung ins Spiel kommt. Sie funktionieren nicht bei relativistischen Geschwindigkeiten, weil dort Fehler dazu kommen, die die Gleichungen von Newton nicht berücksichtigen. Fehler Wir wissen, daß Newtons Theorien eine Vereinfachung sind, und daß Einsteins Formeln den Sachverhalt genauer beschreiben. Aber Einsteins Formeln degenerieren für v\u0026laquo;c zu denen von Newton, die relativistischen Terme von Einstein sind nahezu Null, wenn sich Objekte viel langsamer als das Licht bewegen. Es ist der Sinn von Modellen, Vorhersagen zu machen wie sich die Welt verhält. Das Modell ist dabei oft beschränkt und ungenau, was aber seine Anwendbarkeit nicht einschränken muss. Wir können oft Fehler hinnehmen oder Beschränkungen im Anwendungsgebiet akzeptieren, wenn wir so schnell und mit einfacher Rechnung zu Abschätzungen kommen, die für die intendierte Anwendung genau genug sind.\nIst eine Theorie, die bewiesen wurde, nicht mehr von alleine keine Theorie mehr? Sondern vielmehr ein Fakt?\nDu meinst „Hypothese“, wo du „Theorie“ schreibst.\nNope. Man hat eine Hypothese. Dann stellt man eine Theorie auf, forscht und beweist diese. Oder auch nicht. Dann beantragt man mehr Forschungsgelder \u0026hellip;\nEine Theorie, ein System von Theoremen, ist nicht bewiesen und oft auch nicht korrekt. Es ist oft bekannt falsch, beschränkt oder ungenau, oder alles davon.\nDarum mein Abzielen auf Vorhersagen. Daltons Atommodell ist beschränkt, war aber in der Lage, Dinge zu modellieren, die vorher nicht modellierbar waren. \u0026ldquo;Wieso reagieren Wasserstoff und Sauerstoff immer im Verhältnis 2:1 in der Knallgasreaktion?\u0026rdquo; ist eine Frage, die Dalton\u0026rsquo;s Atommodell ganz wunderbar beantworten kann.\nThompson, Rutherford, und dann Bohr haben bessere (genauere) Modelle, die an Ende als Verfeinerungen oder Verkomplizierungen von Dalton aufgefasst werden können. Diese Modelle leisten, was ihre Vorgänger jeweils konnten und mehr (größeres Anwendungsgebiet, bessere Genauigkeit).\nDu kannst eine Theorie “beweisen”, indem Du sie für Vorhersagen verwendest und dann schaust, ob die taugen. Du kannst sie widerlegen: Die Vorhersagen sind unzutreffend oder für den Zweck zu ungenau.\nDu kannst nichts tun, wenn die Theorie keine Vorhersagen liefern kann. Das Wesen von Wissenschaft ist, dass Theorien Weltmodelle liefern, die Vorhersagen machen, die sich in Experimenten prüfen lassen.\nDeswegen bleiben Theorien dennoch immer Theorien, Systeme von Theoremen, und sie bleiben unvollkommen. Sie sind Modelle, also effektiv Vereinfachungen der Realität, mit Anwendungsgebiet (sie \u0026ldquo;modellieren\u0026rdquo; etwas) und Genauigkeitsgrenzen.\n","date":"2019-03-02T00:00:00Z","href":"https://blog.koehntopp.info/2019/03/02/nur-eine-theorie.html","tags":["lang_de","erklaerbaer","science"],"title":"Nur eine Theorie"},{"categories":null,"content":" Some Elite: Dangerous Braindumping Because of my previous posts, some people have been talking to me about the game, and I have been spamming a lot of in- and out-of game content on them. Then I realized: \u0026ldquo;Why should you have it better?\u0026rdquo; and decided to spam things here as well, for balance.\nInstall a EDDN client E:D is a sandbox game, which over time acquired a lot of content and backstory, and with them in-game activities that are better planned out of the game. For this, data collection happened originally through on-screen OCR, until Frontier embraced this play-style and provided an API.\nThis API is being harvested by a number of clients, with all upload it into the Elite: Dangerous Data Network EDDN and then feed it to a number of backend sites for planning, optimizing and minmaxing. I am using the EDMC client and fed it with all necessary API keys and accounts.\nMake sure the EDDN client is on before you launch the game.\nMaking use of the EDDN client data Backends are the Elite: Dangerous Star Map which also hands out a number of Achievements, if you are into this kind of thing. The two most important backends using EDSM data are EDDB for finding stations, suppliers and planets, and INARA , which does the same things and also helps you with engineering planning and unlocking Guardian technology.\nGuardian tech is necessary if you want a guardian frame shift drive extender, which adds range on top of engineering, so many explorer ship builds have it. It also has a lot of scanner and weapon tech, which is essential for Thargoid combat. You actually hardly have a chance against Thargoids without Guardian tech.\nMaking Money Fast Previously, you could make a lot of money with passenger transport. Basically, after your grind your way to a Cobra MK III, add a number of passenger cabins and do one of two things:\nFly to Robigo: \u0026ldquo;Robigo Mines\u0026rdquo; or Ceos: \u0026ldquo;Babbage\u0026rdquo; and take on passengers for Sothis: \u0026ldquo;Sirius Atmospherics\u0026rdquo;, fly them to the target, come to a full stop \u0026lt;2km from the target and scan the target until you get a confirmation. Then dump the passengers back at the port of origin. For this you would need Biz, First and Luxury cabins (for the Cobra: Biz), and grind your way up to Reputation with all factions. At Robigo Mines you have a chance to pick up wanted persons, too, and these usually pay more. Robigo is an Outpost, so Landing Pads are Small and Medium, and it never scans, so transporting outlaws is safe in Solo and Private. Griefers with Manifest Scanners and Kill Warrant Scanners wait in open at Robigo, so don\u0026rsquo;t.\nCeos is much closer to Sothis, and is HighSec, so do not go there with anything illegal. Babbage will scan you at least once for every approach. You can reach Sothis with a single jump, tho, so you need to do the math if faster RTT or higher CR/trip work for you.\nAnother way to make CR/h with passenger cabins is to fit lots of cheap economy cabins, and then search for stations in trouble (on fire, Thargoid attack or otherwise troubled), fly there and take on bulk passengers for rescue trips out of the system.\nAnd yet another way to make high CR/h is Core Mining, but this requires a higher up front invest. Check out ObsidianAnt on Youtube for a Core Mining build and tutorial, and aim for Void Opals or Blood Diamonds. Also prepared for NPC Pirate combat, because they will come after you.\nBuild with Coriolis.io For every ship, plan the base price in CR again for purchase and upgrades, so the actual ship you want to fly is usually base price times two.\nOr use the Coriolis planner for the build you want and get a more precise cost estimate.\nThen use EDDB to find the stations that sell you the parts you need.\nBeing on good terms reputation wise with the Federation is nice (but you will need to pledge yourself to the Fed and have rank with them for a Sol permit, which gives you access to Jameson Memorial, which has all buyable stuff in the game).\nBeing on good terms with Sirius is also useful, because you get the Sirius permit and then gives you access to other interesting stations. See this tutorial for details\nControls If you have a Hotas or want to manage your controls better, search for .binds file in your game install or the application data in your User Home in Windows. The Binds-File can be uploaded to EDRefcard , which will print you one or two pages of nice reference cards. Twice as nice for Hotas users.\nAlso, HUD Editor for non-amber ship HUDs.\nEngineering You get more Jump Range with Engineering, and one of the first engineers to unlock is Felicity Farseer, so Frontier understands that need very well. For Felicity , you need Meta Alloy, which you can buy at the Maia system in the Pleiades, at Darnielle\u0026rsquo;s Progress or find elsewhere in the game.\nMeta Alloy , Meta Alloy .\nOnce you have unlocked Felicity, you will need engineering materials for FSD Range optimization or whatever else you need.\nThe easy way to get that is at Dav\u0026rsquo;s Hope . Do the round with a SRV as shown in this post and scoop everything. Then find yourself a Materials Trader close to you using inara.cz\u0026rsquo;s search function and the engineering planner .\nYou may also want a wake scanner and position yourself outside the no-fire zone of a busy orbital and then wake-scan every Low and High Wake you can find. This will give you a lot of encoded materials which are required in FSD engineering.\nDoing this gets you around the grind lock with the least amount of work.\nList of Engineering Mats and how to get them The Other Materials List Discovery Money Once you have a ship with decent jump range, you may want to do some Exploration. In fact, you can do a lot of that on the fly while doing other things. Whenever you jump long distance runs, after entering the system, during FSD cooldown and fuel scooping, run the Discovery Scanner. I have the screen usually in Analysis Mode (\u0026rsquo;m\u0026rsquo;, blue lines in HUD) and have the Discovery Scanner bound to MB1 in a fire group. When the scan is finished, it has a very characteristic sound and after that you can jump on.\nThis style of flying is called \u0026lsquo;Honking\u0026rsquo;. The idea is to sync Honk times, FSD cool down times and fuel scooping times so that everything is ready at the same time, just when you get around the drop-in star to continue to jump.\nA new system with earthlikes or terraformables can bring in around 0.3-3 MCR when scanned (you hand in the data at any station at Universal Cartographics, and you need to be more than 20ly from the system for UC to buy the data). High Metal Content and Metal Worlds also bring a lot of money.\nSystems you visited before and where you already sold the data to UC hardly bring any money.\nYou can fit a Full System Scanner (FSS). It allows you to map a system in a more detailed way. After honking, you can enter FSS mode with (\u0026rsquo;) or where ever you have mapped it, and then scan for signal sources, bodies or other things. There is a guide at the forum that explains FSS\u0026rsquo;ing better than I can do here.\nYou may also want to fit a Detailed Surface Scanner (DSS). When you fly close to a planet and come to an almost full stop in supercruise, you can activate the DSS and get into a new screen for the DSS minigame. You fire probes at the planet, which map a part of the surface. There is an efficiency target depending on the size of the body scanned, and if you manage to get 90% mapped with fewer probes than the efficiency target, you get a bonus. See Reddit for help.\nDSS mapping will also reveal and catalogize all Points of Interest on a body, so fumaroles, alien crash sites and the likes will show up with names right on the map. It\u0026rsquo;s useful and makes money.\nWhile Honking is fast, FSSing and DSSing a system takes more time. DSSing also takes travel time, because it can be done only up close.\nThere are two names on each body: Discovery and Mapping. DS, FSS and DSS previously unvisited bodies etches your names onto the newly discovered body forever and for all other commanders to see.\nExplorer Ships and Builds The cheapest useful explorer is the Diamondback Explorer. It is small, but has an extreme jump range and can be engineered to truly awesome range.\nIn the Mid Size department, there is the Asp Explorer, which especially with Engineering can to truly impressive things and also has a decent amount of internal space, if you care to do more than just data collection. It is a deep space capable ship, which can carry a large scoop, 2x AFMU, 2x SRV, a refinery, a DSS and a small cargo rack and still make distance.\nIf you need more space, go Python, but be prepared to engineer FSD and Thrusters for range and manoeuvrability. Without that, it flies more like a brick.\nThe Anaconda required a large pad, so it can not land at Outposts. It also is unflyable in Supercruise without serious engineering, but there are common Explorer build blueprints for it that take it over 80ly jump range. It is also used a lot as a tanker by the Fuel Rats.\nLearn more at ED Astro . Basically, an explorer build is everything D-rated except the FSD, which is A rated. Then engineer the FSD for range and everything else for weight. No weapons, large fuel scoop, AFMU, SRV, DSS, optionally a refinery.\nAlso learn about [synth](https://elite-dangerous.fandom.com/wiki/Synthesis https://inara.cz/galaxy-synthesis/) , this is where you get supplies when there are no stations.\nMats are gathered using SRV or mining equipment, so read up on that, too.\nNote how there is a FSD injection materials synth. FSD injection increases your jump range once for each injection, hence it is also called \u0026ldquo;Jumponium\u0026rdquo; (and that makes it googleable). When crossing through the starless depths, the rifts between the arms of the galaxy, star density goes down and you may well find yourself in a situation where you need jumponium even in an engineered ship. Rehearse using this and the Galaxy Map properly together before you go into the Rifts.\nCooperative Player Groups The ANWB of the Elite Dangerous Universe are the Fuel Rats. Call them at their site . This will drop you into WebIRC on their channel, and they will guide you through a well planned and orchestrated set of motions that will allow them to shoot you with Fuel Limpets. Each Fuel Limpet will load 1t of FSD drive fuel into your ship.\nThe Fuel Rats are strictly non-combatant, and they do not charge you anything. You do not need to be a member of anything for their help. Basically, you provide them a mission that is more interesting than procedurally generated content. They are the coolest faction in the game, and they have their own planet. Their home world, Fuelum, orbits a scoopable star, of course.\nThe Fuel Rat Wiki at their sie (all of the Wiki, not just that page) contains a lot of useful information about the in-game, the game implementation and instancing system and how to org and run a rescue and relief organisation efficiently. Even if you are not playing, it is a trove useful of information.\nSee also this writeup for news about the Fuel Rats and their exploits.\nAlso check out and auth with their journal client before you run of of fuel. In time, when you find yourself stranded in the black, it will save you precious time.\nOther helpful people are the Hull Seals, which do for Repairs what the Fuel Rats do for fuel, and there is a lot of overlap between the players in both orgs.\nThe Iron Wing is a group of combat pilots that take it on them to protect returning explorers in their combat-weak, long-range optimized builds when they return to the bubble so that they can safely upload their data at a destination of their choice. They help against griefers and NPC pirates.\nThe Neutron Route Neutron stars are the other thing that makes you jump far. Doing this will damage the ship each time you do it, so 1. AFMU (large) to repair the ship, and 2. AFMU (small) to repair the AFMU #1. Use the Neutron Router to plan the trip. This video explains the Neutron Route.\n","date":"2019-02-21T00:00:00Z","href":"https://blog.koehntopp.info/2019/02/21/some-elite-dangerous-braindumping.html","tags":["pluspora_import","lang_de","elite dangerous"],"title":"Some Elite: Dangerous Braindumping"},{"categories":null,"content":"Basierend auf einem Twitter-Thread In Aus dem Journalistischen Maschinenraum diskutieren Peter Welchering und Kollegen von ihm den \u0026ldquo;Ändere Dein Paßwort Tag\u0026rdquo;. Die fehlende Frage dabei: Warum behaupten Leute, daß Ändern des Passworts unsicherer ist oder jemanden sicherer macht?\nSzenarien sind wichtig, wann immer man über Security (oder Management) diskutiert.\nOhne Passwortmanager macht man sich das Leben schwerer, weil man sich Dinge merken muss. Damit das funktioniert nehmen Leute schwache Passwörter, und in Folge sinkt das Sicherheitheitsniveau. Steht so auch in der originalen Studie.\nDie Hauptgefahr dieser Tage ist die transitive Ausnutzung von Paßworten: Leute, die dasselbe Paßwort etwa bei eBay und web.de haben lassen sich das eBay Paßwort abphishen, wie es so gerne getan wird. Im eBay Account ist im Admin-Panel die Mailadresse hinterlegt, sagen wir bei web.de. Dort wird dasselbe Paßwort verwendet wie bei eBay und zack, ist der Mailaccount weg. Der ist aber Passwort-Vergessen Recovery-Account für ein Dutzend andere Dinge (und im IMAP Archiv kann man auch sehen, wo). Und zack, sind die Accounts auch alle weg.\nDaher ist es wichtig, generierte, starke, zufällige Passwörter zu haben. Und für jede Site ein anderes. Das kann man gar nicht genug betonen.\nDabei heißt aber, eigentlich sollte es »Verwende einen Passwort-Manager Tag« sein. Das hat noch weitere Vorteile: Man weiß, ob man ein Paßwort für eine Site hat, das älter ist als deren letzte Sicherheitsschwankung.\nRe den Podcast: Im Grunde ist es ganz einfach - Nachdenken hilft. Journalismus ist die Frage nach dem Warum. Davon haben wir zu wenig.\nIm Nachgang gab es dann die Frage :\nKann man einem Passwortmanager uneingeschränkt vertrauen? Schafft man damit nicht einen Single Point of Failure? Was hältst Du von \u0026ldquo;sicheres, zufallserzeugtes, nirgends elektronisch gespeichertes Passwort, das je nach Verwendungsort mit einem Prä -/In-/Sufffix versehen wird\u0026rdquo;?\nNatürlich man einem Paßwortmanager nicht uneingeschränkt vertrauen. Das kannst Du nix und niemandem. Das ist aber auch nicht die Frage. Die Frage ist, ob Du im Mittel hinterher sicherer bist als vorher und die Antwort ist uneingeschränkt ja, sogar bei einem trivialen Setup. Paßwortmanager speichern nicht nur Paßworte, die managen sie auch. Was heißt das?\nPaßworte zufällig generieren. Paßwort Änderungshistorie dokumentieren - Wann hast Du Wo Was geändert. Das erlaubt Dir Zugriff auf alte Paßworte und erlaubt Dir auch 3.: 3.Zusammen mit der Historie kannst Du nun wissen, ob Dein Paßwort für http://x.de neuer ist als der letzte Security-Fail bei http://x.de Und damit kommen wir zum Reporting: Ein Paßwort-Manager erlaubt Dir Deine gesamte Security Posture in der Gesamtschau zu beurteilen. Wie viele schlechte Paßworte hast Du? Wie viele Paßworte hast Du, die Du ändern mußt, wegen 3.? Erlaubt Dir Nachfolgemanagement. Wenn Du ge-bus-t wirst, können Deine Rechtsnachfolger sehen, wo Du Account hast und die Kontrolle über Deine Accounts und Assets gezielt übernehmen. Der Unterschied zwischen \u0026ldquo;Ich hab ein Schema um mir ähnliche Paßworte auszudenken, die eventuell sicher sind\u0026rdquo; und einem Management-Schema wird so hoffentlich klar.\n»Was hältst Du von \u0026ldquo;Paßwort mit Site-Suffix\u0026rdquo;?« Nix.\nWarum nicht? Es löst das Transitivitäts-Problem, halb. Es ist keine Management Strategie für virtuelle Assets. Es dokumentiert nix. Weder Du noch die Leute, für die Du verantwortlich bist, haben davon einen Gewinn.\nDie Frage, die Du auch lösen mußt: Was tun Dein Sohn oder Deine Frau mit all Deinem virtuellen Besitz, wenn Du mit dem Familienmobil einen Alleebaum kuschelst oder über dem guten Steak einen Infarkt bekommst - itunes Musik und Apps, Play Store Apps, Kindle Library, Steam Lib? Leute, das ist alles nicht so schwierig: Stellt Euch einfach vor, das seien echte, anfaßbare Dinge. Für die habt Ihr Versicherungen, Treuhänder, Hinterlegungen, Kontrollen und Qualitätsstandards, sogar in einer Familie.\nJetzt dasselbe, auch für nicht anfaßbare Dinge. Die Antwort ist zwangsläufig ein Paßwortmanager und ein Gespräch mit der Familie und ein Umschlag irgendwo mit Siegel drauf, wo Frau und Kinder wissen wo der ist.\n","date":"2019-02-08T00:00:00Z","href":"https://blog.koehntopp.info/2019/02/08/mehr-passwort-sicherheit.html","tags":["pluspora_import","security","lang_de"],"title":"Mehr Paßwort-Sicherheit"},{"categories":null,"content":"In einem Kommentar auf Heise regt sich Jürgen Schmidt über den Ändere-Dein-Paßwort-Tag auf. Er fordert von den Herstellern, weniger Daten zu speichern und sichere Systeme zu bauen. Das ist richtig, aber nicht hilfreich.\nEs ist wahr, daß der generelle Zustand von Security auf Computern bedauernswert ist, und daß Paßworte ein furchtbar fehlerbehafteter Mechanismus sind, Zugang zu schützen. Aber die Welt ist wie sie ist, und es ist falsch darauf zu warten, daß sie sich verbessert. Websites werden Eure Credentials leaken und generell daran scheitern, Eure Daten zu schützen.\nDie korrekte Strategie als Endanwender ist, sich darauf zu konzentrieren, solche Fehler handhabbar zu machen und solche Situationen zu überleben.\nHabe auf jeder Site ein anderes Paßwort Dies ist der wichtigste Rat überhaupt, denn das killt alle transitiven Exploits. Damit das funktioniert brauchst Du den Paßwortmanager.\nPraktisch alle Exploits mit gestohlenen Paßworten sind transitive Exploits: Jemand verwendet Dein Paßwort von ebay, um sich in Deinen Account auf web.de einzuloggen. Dort findet er Kontodaten und Anschriften und macht Dein Konto leer.\nVerwende einen Paßwortmanager Das hat mehrere Vorteile:\nDu hast aufwandslos ein anderes Paßwort auf jeder Site. Ein Paßwortmanager hat auch einen Generator für Zufallspaßworte, so daß Du sehr lange, sehr zufällige Paßworte haben kannst. Ein guter Paßwortmanger weiß auch, wann Du ein Kennwort zuletzt geändert hast und wann Sites exploited worden sind und kann Dir sagen wo genau Du ein Risiko eingehst, wenn Du Dein Kennwort nicht änderst. Aktiviere 2FA mit Google Authenticator Google Authenticator implementiert TOTP, zeitbasierte automatisch wechselnde Zifferncodes, die alle 30 Sekunden wechseln. Sie machen Deinen Account sehr viel weniger anfällig gegen Phishing. TOTP ist ein Standardprotokoll und wird nicht nur von Google Authenticator implementiert, sondern auf der Kommandozeile von oath-toolkit und auch von vielen Paßwortmanagern.\nVerwende weitere Paßworte statt sinnvoller Antworten bei \u0026ldquo;Sicherheitsfragen\u0026rdquo; Einige Sites verwenden immer noch \u0026ldquo;Sicherheitsfragen\u0026rdquo; wie \u0026ldquo;Was war der Mädchenname Deiner Mutter?\u0026rdquo;. Setze hier als Antwort ebenfalls Zufallspaßworte ein und trage Frage und Antwort in Deinen Paßwortmanager ein.\nStelle sicher, daß Du ein verschlüsseltes, aktuelles Offsite Backup der Datenbank Deines Paßwortmanagers hast In meinem Archiv liegt nicht nur mein Keyring meines Paßwortmanagers, sondern auch Screenshots der QR-Codes für die 2FA Initialisierung. Die sind natürlich alle verschlüsselt.\n","date":"2019-02-01T00:00:00Z","href":"https://blog.koehntopp.info/2019/02/01/passwort-sicherheit.html","tags":["pluspora_import","security","lang_de"],"title":"Paßwort-Sicherheit"},{"categories":null,"content":"Some thoughts on Social Networking and Usenet, in response to https://jfm.carcosa.net/blog/computing/usenet/ .\nIn the context of the impending shutdown of Google plus, some people reminisce about USENET, especially in the context of social media.\nBefore being abused as a broadcast protocol for TV series, Porn and illegal copies of software, USENET was a kind of decentralized social media used for discussion. There was a small number of interoperable server implementations, and a plethora of clients, with different audiences and optimizations.\nTL;DR We can not only learn from the successes of USENET, but even more from its failures.\nHow did USENET work? The idea behind USENET is that you have a very large number of servers that forward articles between each other, so that any user can post any article anywhere to any server, and eventually it would end up with exactly one copy of that article on each server that wants it. Servers can have one or more connections with other servers, some had hundreds of links to other servers. Message would ideally still be transported only once, and in no case stored multiple times.\nUnlike modern federation protocols which were born on the Internet, USENET was a store-and-forward network. So articles would not be forwarded directly to subscribers, but were stored locally and forwarded to a few immediate neighbors. They would keep a copy of the message and in turn offer it to their direct neighbors, and so on. Usually, any two servers on the network would be only very few hops apart from each other.\nEach server keeps a message for a configurable amount of time, and eventually deletes the local copy as the expiration date of this message is being exceeded.\nMessage format and identity The format of any USENET post was superficially that of (pre-multimedia) mail. So a USENET article had a number of header lines as Key-Value pairs, broken according to e-mails long-line folding rules, and a body, which contained ASCII. Later additions tried to improve on that, but failed — more on that later.\nA somewhat basic usenet header would look somewhat like this:\nFrom: user@host (User Name) Date: Thu, 24 Jan 2019 22:15:15 +0100 Path: news.nntp.dca.giganews.com!news.koehntopp.de!kris Newsgroups: kiel.allgemein Message-ID: \u0026lt;treXfsfeg17354@news.koehntopp.de\u0026gt; Subject: Neue Gruppen einrichten In-Reply-To: \u0026lt;eueytdj2625@news.koehntopp.de\u0026gt; A few header keywords were more important than others, because without them the protocol would not work.\nThe key header is the Message-ID: It defines the identity of a message for purposes of the protocol. Two instances of a message are considered identical if they have the same ID, and different if their ID is different. It was crucial for all implementations to never modify a messages \u0026ldquo;Message-ID:\u0026rdquo; line.\nServers know which messages they have already seen by keeping a list of Message-IDs in a special database, the server history table. Servers would remember the IDs of messages longer than they would remember articles, and they would reject any message with any Message-ID that is even older than their history reaches back in time. So a particular server might want to keep messages for 30 days, and a history table for 90 days. That particular server would roundabout reject any message older than 90 days.\nWhenever a server sees a message young enough to qualify for lookup in the history table, it would do that lookup. If the Message-ID is already known, a decision about this message had already been made in the past, and the message will be rejected as a duplicate.\nOnly when a message qualifies younger than the history, and is so far unknown in the history, a decision about it (keep it, discard it, \u0026hellip;) has to be made. In any case, the server would store the ID as \u0026ldquo;seen\u0026rdquo; in the history table, and it would reject any second message with that ID. That way, duplicates from multiple connections are being recognized and eliminated.\nThis allows a dense and redundant set of connections between servers without the need of any connection management or requirements on the server topology at all. It would also allow a new server to connect to an existing server and request re-feeding any number of old messages without the danger of accidentally feeding these old messages a second time to other existing servers over another link.\nOf course, it still is possible for a server with a hundred links to get dozens of copies of the same message through different links, all of which except for the first copy are being rejected.\nThat was particularly common for servers that did not have a live connection on the internet, but were batch fed: Such servers would have their articles collected in a series of compressed files over the day, would then dial up using a modem and download the compressed batches in one go, multiple times a day. After disconnection, they would decompress and process these articles, discarding any duplicates based on the Message-IDs and their history.\nInteractive transfer on live internet lines was slightly more intelligent, and worked somewhat like two kids comparing collection cards. One server would post Message-IDs of messages in IHAVE statements, and the receiving server would look up these IDs in turn in their history. Anything missing they would ask for with SENDME messages, asking for new files by Message-ID.\nOptimizing duplicate delivery with Path-headers One way to optimize this is the \u0026ldquo;Path\u0026rdquo; header line, which lists all the servers that have seen this copy of a message in order to traversal. So a message posted to news.koehnntopp.de by the user kris would start out with a \u0026ldquo;Path: news.koehntopp.de!kris\u0026rdquo;. That server would feed it for example to news.nntp.dca.giganews.com and to news.toppoint.de.\nOne copy of that message would end up with a \u0026ldquo;Path: news.nntp.dca.giganews.com!news.koehntopp.de!kris\u0026rdquo;, and the other would end up with \u0026ldquo;Path: news.toppoint.de!news.koehntopp.de!kris\u0026rdquo; in their Path. Both copies of the original message would have divergent Path header lines, but identical Message-ID lines, and the same message body.\nThe Path line was being used to detect circles before they happen: you would not even offer anything that already has news.koehntopp.de in the Path in any position back to news.koehntopp.de. Also, as a server operator, you could do stats on Path lines to see which of your links was fast (brought you copies of messages first) and which would be slower.\nBuilding Links between Servers So how would a server operator get connections to other servers, and how would they decide which messages they want and not want?\nThis is the first of the weak points of USENET, and often glossed over in glorifying USENET.\nSetting up a link between two servers was a completely manual process, and it was completely controlled by the upstream server feeding a downstream server with messages.\nFirst, you had to manually discover a server wanting to act as a feed to you. Often that was done with mailing lists where server operators and wannabe-server operators offered feeds, or asked for peers.\nThen, after making contact, you would exchange contact information and negotiate the parameters of setting up a link. That required the exchange of login credentials, and the configuration of what the receiving server operator would want from the feed. The upstream operator would manually configure these selection criteria, and then send stuff to the receiver, which may or may not have been what these people wanted. They could take that or discard it.\nThis is totally not what anybody would want today or back then. There was no automated negotiation where the feeding server would advertise the stuff they offer, and the receiving server would then state interactively what they would want to subscribe to and what not.\nGatekeeping newsgroups Also, all selections were based on one single header line, the Newsgroup header. This is very much analogous to subscribing to a hashtag on modern social media, only the hashtag is gatekept by a server operator cabal.\nIn any way, USENET servers offered to way to express wishes based on language, author, content type, message-size, or any other criteria. You could only say you want messages \u0026ldquo;in kiel.allgemein and kiel.uni\u0026rdquo; or \u0026ldquo;in any kiel.* Newsgroup\u0026rdquo; or exclusion criteria such as \u0026ldquo;kiel., but not kiel.binaries.\u0026rdquo;.\nWhen I say \u0026ldquo;gatekept hashtags\u0026rdquo;, I mean server operators and end users were guarding newsgroups strongly. The creation and deletion of newsgroups was a heavily formalized process. Also, posting to the wrong newsgroup, crossposting to multiple newsgroups came with social stigma and sanctions.\nThis made USENET very cumbersome for the end user. Users often wanted a social space, or simply recognition of a topic as a thing and asked for a newsgroup.\nIn order to get that, they had to go through a very slow and formalized discussion process which purposefully was designed to keep the number of groups small and audiences in groups large and generalized.\nProtected or small spaces with a designated, non-public audience were frowned upon, making the creation of safe spaces hard or impossible.\nClient flexibility, but also no common feature set USENET clients were written as early versions of free software. Their source was packaged and posted on USENET itself. You would read a newsgroup that transported packaged software, and would find a new version of an end user client posted there. You would unpack the source, configure it for your system and compile it, and then try out the new program. If it worked, you would roll out the new version on your systems for your end users.\nThere were many client programs. Sven Guckes maintained a list at http://www.guckes.net/newsreaders/ .\nThe wide diversity in reading software also was a main cause of impediment in the evolution of USENET. If a news reading program added features that required additional data in the header or the body of an article, all other reading programs would have problems decoding that. Simple things, such as support for Umlauts, required encoding of characters because some systems broke Non-ASCII characters. So \u0026ldquo;Kristian Köhntopp\u0026rdquo; was encoded as \u0026ldquo;Kristian =?iso-8859?Q?K=F6hntopp?=\u0026rdquo;. While it was displayed properly in readers that supported decoding this, it was shown as \u0026ldquo;Kristian Iso-something-topp\u0026rdquo; to everybody else (and that is how I got my nickname, Isotopp, by the way).\nPutting rich content, such as formatting in Markup or HTML, or inline-images into messages was even worse, because it made messages completely unreadable to users with clients that did not support these new formats.\nConsequently, all extensions got heavy resistance from end-users and operators everywhere, and eventually USENET evolution stopped, and everybody moved to web forums. Essentially, USENET died with the appearance of phpBB and friends.\nHow web forum software won Web Forum software was, in the eyes of USENET users, a big step backwards. It was not distributed, the client was primitive and put emphasis on presentation. The presentation was proscribed by the board operator instead of being a choice of the reader.\nBut web boards were easy to upgrade: With an upgrade, the same set of features was available to all users at once, and there was no possible resistance from users who were slow or negligent in upgrading their software.\nWhile you had to go through a slow and lengthy discussion process and voting process to get just one newsgroup, web forums offered an easy way to get any number of groups on a simple web server with phpBB. Also, you controlled audience and admission, so it was possible to create protected safe spaces — by design an impossibility on USENET.\nIn the end, that made all but the most hardware tech audience move away from USENET rather quickly, and eventually USENET became irrelevant.\nSee also \u0026ldquo;Netnews: The Origin Story\u0026rdquo;, (PDF ), Steven M. Bellovin, June 27, 2023. \u0026ldquo;Flames und Kommunikationszusammenbrüche im Netz\u0026rdquo;, Kristian Köhntopp (Video , Text ) ","date":"2019-01-24T00:00:00Z","href":"https://blog.koehntopp.info/2019/01/24/social-networks-and-usenet.html","tags":["lang_de","social networking","usenet"],"title":"Social Networks and USENET"},{"categories":null,"content":"In Recht auf Homeoffice schreibt Golem:\nDas SPD-geführte Bundesarbeitsministerium plant ein gesetzlich verankertes Recht auf Home Office.\nUnd alle brüllen \u0026ldquo;Jaaaa!\u0026rdquo;. Ich glaube, den meisten ist gar nicht klar, auf was sie sich da einlassen und wie sich eine Remote First-Firma anfühlt. Wie dem auch sei: Die Firma, in der Ihr gerade arbeitet, kann so mit Home Office vermutlich nicht gut funktionieren.\nIch habe von 2005 bis 2008 für MySQL AB gearbeitet, und das war eine Firma, die Remote First war. Das war eine sehr andere Arbeitsumgebung als die, die ihr in Eurem Job vermutlich habt. Wir waren circa 500 Mitarbeiter in drei Dutzend Ländern überall auf der Erde. Es gab einen Firmensitz in Kalifornien und einen irgendwo in Skandinavien, aber dort war nie jemand (im Büro in Kalifornien waren ein paar Leute mehr, weil die dort den Börsengang der Firma vorbereitet haben).\nAls Mitarbeiter hatte man einen gesonderten Raum daheim zu haben, der als Büro dient. Die Firma hat einen gewissen Betrag pro Jahr (2500 Euro) bereitgestellt, um diesen Raum auszustatten oder zu verbessern. Das schließt Arbeitsmaterial (Laptop) wie Büroausstattung (Stuhl, Tisch, etc pp) mit ein.\nWeil es faktisch keine Firmenräume gab, gab es auch kein Firmen-VPN, denn das hätte den Zugang erschwert. Stattdessen gab es einen Haufen Webdienste, über die die Kommunikation stattfand. Diese waren verschlüsselt und mit einem Single Sign On versehen, aber generell von überall zugänglich von wo aus man eine TLS Verbindung bekommen konnte.\nAlle Diskussionen, internen Abstimmungen, Meetings, und Ergebnisse wurden über diese Webdienste, Skype, IRC und andere Online-Medien getroffen. Die Arbeitszeiten waren oft schräg, weil die Firma über alle Zeitzonen der Erde verteilt war. Und das heißt, man mußte schon mal um 3 Uhr morgens ran, um ein Meeting mit Leuten in Shanghai, Moskau und in Kalifornien gleichzeitig zu haben \u0026ndash; da gibt es einfach keine gute Zeitzone für alle.\nMeetings über Videokonferenzen und Chatmedien sind schwierig, und Diskussionen über Mailinglisten sind oft hitzig und schwerfällig zugleich. Es war notwendig, bestimmte Formen zu entwickeln und mit Leuten einzuüben. Wenn man Leute aus einem Präsenzumfeld in eine Home Office Umgebung wirft, sind sie zunächst orientierungslos, unter Druck und einsam gleichzeitig. Sie müssen an die Hand genommen werden, und man muß Ihnen Methoden und Formen aktiv zeigen, die ihnen erlauben, in so einer Umgebung zu funktionieren und sinnvoll zu kommunizieren.\nAm schwierigsten ist der Umgang mit der Tatsache, daß es keine Serendipität und keine aufwandslose Kommunikation gibt. Diese Dinge, die man in Präsenzfirmen \u0026ldquo;nebenbei\u0026rdquo; mitbekommt, seitwärts, top-down und bottom-up, kommen in Home Office First Firmen nicht nebenbei. Jeder, Management, Teamleiter, aber auch jeder einzelne Mitarbeiter, müssen lernen, daß jede Kommunikation einen Aufwand und Energie kostet, und man sich das Messaging genau überlegen muß. Tut man das nicht, wird Zusammenhalt und gerichtete Aktion einem Firmenverbandes schwierig.\nZentral in MySQL waren übrigens die verschiedenen All Hands und Department Meeting Veranstaltungen. Zweimal im Jahr hat sich gesamte Firma an einem Ort getroffen (meistens ein Fünf Sterne Hotel in einem gut erreichbaren Land mit entspannter Visa-Situation, in der Nachsaison), und zweimal im Jahr haben sich gesamte Abteilungen getroffen. Auf diesen Events (jeweils drei bis fünf Tage) haben wir uns kennengelernt, ein Netzwerk aufgebaut, zusammen Kurzprojekte (\u0026ldquo;Hackathon\u0026rdquo;) durchgezogen und natürlich auch gefeiert. Zusammen mit anderen Treffen hatte man so in etwa alle zwei Monate ein Gruppen-, Abteilungs-, oder Firmentreffen. Alles in allem nicht wirklich eine Verbesserung der finanziellen und der CO2-Bilanz, aber notwendig um eine funktionierende Gruppe zu schaffen.\n","date":"2019-01-07T00:00:00Z","href":"https://blog.koehntopp.info/2019/01/07/du-weisst-nichts-von-homeoffice.html","tags":["pluspora_import","remote first","lang_de","work"],"title":"Du weisst nichts von Homeoffice"},{"categories":null,"content":"Basierend auf einem Thread in Twitter und noch einem Thread .\nIm November 2012 kam Ingress von Niantic heraus. Das ist ein server-basierendes Augmented Reality Game mit GPS-Koordinaten, bei dem man bestimmte Orte aufsuchen muss, um dort Dinge auf dem Mobiltelefon zu tun. Im Februar 2013 hatte ich es durchgespielt und begann das Spiel zu automatisieren. Ich schrieb Bots.\nDas taten viele, denn das Spiel wurde von Niantic mehr oder weniger an die gesamte Android Developer Community geseeded. Niantic hat dann versucht, Bots zu erkennen und Sicherheitsmaßnahmen in das Spiel einzubauen, die Botting schwieriger machen sollten. Ich habe später eine Reihe von Artikel auf Google+ zu diesem Thema geschrieben.\nAber Bots zu erkennen und dann zu bannen ist schwierig. Viel schwieriger als gedacht. Von meinen 1000 Bot-Instanzen wurden am Ende keine gebannt, aber große Teile der Berliner Ingress Community und der Ingress Community in anderen deutschen Städten wurden als false positives erkannt.\nMenschen simulieren Wie macht man schwer zu erkennende Bots?\nIn Ingress soll man \u0026ndash; ohne Cheaten \u0026ndash; in der realen Welt herumlaufen und in der Nähe von bestimmten Markierungspunkten Aktionen ausführen. Meist, um effektiv zu sein, als Gruppe.\nAlso hatten meine Bots ein soziales Netz, mit anderen Bots, die bevorzugt (aber nicht immer) zusammen gespielt haben.\nSie hatten keine festen, wiedererkennbaren Routen, sondern Urges: Rufe die Google Wetter API auf. Schlechtes Wetter? Füge eine Starbucks-Pause in die Route ein.\nHabe Schlafenszeiten, Arbeitszeiten, wähle Spielzeiten entsprechend. Plane Routen zwischen Ingress Portalen mit der Google Maps API und Fahrrad als Verkehrsmittel, warte die angegebenen Reisezeiten zwischen Aktionen an unterschiiedlichen Zielkoordinaten.\nMache niemals etwas mit maschineller Präzision. Jittere Zeiten, Koordinatenangaben, Reaktionszeiten und auch sonst alles.\nUnd dann steuere auf dieser simulierten realweltlichen Person das Spielverhalten, wieder mit Urges, die auf dem In-Game Inventory und Spielstrategien baiseren. \u0026ldquo;Verabrede\u0026rdquo; Dich mit anderen Bots und agiere gemeinsam (oder auch nicht).\nUnd wenn reale Spieler irgendwo aktiv sind, dann verlagere die Aktivitäten woanders hin.\nDas alles erzeugt ein Verhalten, das so normal ist, daß echte Personen öfter gebannt werden als diese Bots.\nNiantic war für eine gewisse Zeit lang stark interessiert, Bots zu erschweren oder unmöglich zu machen. Ein verhaltensbasierter Ansatz hat aber nirgendwohin geführt: Die Variation in menschlichem Verhalten ist so groß, daß man mit einer recht simplen Simulation wie oben beschrieben ein Botverhalten hin bekommt, das nicht signifikant aus der Masse der menschlichen Benutzer heraus sticht.\nAm Ende war es langweilig: Das Ziel für mich war Node.js und Javascript zu lernen. Dieses Missionsziel wurde erreicht. Zugleich hat sich die API des Spiels und das Spiel selbst so oft geändert, daß ich es hätte professionalisieren müssen, um mitzuhalten. Daran bestand aber nie Interesse, also habe ich es aufgegeben \u0026ndash; zweimal durchgespielt (einmal in echt und einmal automatisiert) war genug.\nAlso habe ich die Erkenntnisse in einem Google Dokument aufgeschrieben und publiziert und danach andere Dinge getan.\nBot oder Mensch? Da ist eine Lehre drin für Leute, die Twitter-Bots oder andere Social Bots erkennen wollen.\nTwitter ist nicht Ingress, und Diskussionen sind komplizierter als Burster zu werfen.\nAber \u0026ldquo;Markierungspflicht\u0026rdquo; oder \u0026ldquo;statistische Bot-Erkennung\u0026rdquo; sind beides Blödsinn, auf mehr als eine Weise.\nDu kannst eine privilegierte API haben, die von der offziellen Twitter App genutzt wird, und eine zweite API für maschinelle Interaktion auf Twitter. Aber natürlich hindert das niemanden daran, die Menschen-API aus dem offiziellen Twitter Binary zu reversen und dann automaitissert zu vverwenden. Oder den offiziellen Client zu scripten.\nUnd natürlich ist es am Ende egal, was den Effekt auf soziale Interaktion angeht, ob ein Troll ein Bot oder ein schlecht bezahlter Mindestlöhner in einem Schwellenland ist.\nAutomat, Bot und Trollarmee Man kann das dennoch für die vereinfachte Diskussion differenzieren:\nein automatisierter Account ist ein Account, der von einer Maschine mit Inhalten befüttert wird. Das kann so etwas simples wie ein Retweetbot sein, oder ein Bot, der die aktuelle Uhrzeit twittert, oder halt mein Friendsplus.me-Account, der mein Google+ nach Twitter geschoben hat.\nEin automatisierter Account hat aber keine algorithmische Reaktionslogik in irgendeiner Form. Er generiert oder sucht Content und pushed den dann. Ein Feed.\nNichts hält einen Accountbesitzer davon ab, den Feedbetrieb des automatischen Accounts mit manuellen Tweets zu mischen. Viele Promis mit gemanagten Twitter-Accounts tun das.\nEin Bot ist ein automatisierter Account, der reaktiv Tweets sucht oder liest, und dann algorithmisch eine Reaktion generiert. Oft (aber nicht zwingend) mit dem Ziel als reale Person gesehen zu werden.\nTrolle sind genau keine automatisierten Accounts, sondern manuelle Benutzer, die roboterhaft auf Reize aus Twitter oder anderen sozialen Medien reagieren. Sie werden oft wie Bots geführt. Die ganze Sendung Neo Magazin Royale: Hass im Internet beschäftigt sich damit.\nUnd das ist genau der Punkt. Die politische Diskussion beschäftigt sich mit den äußeren Merkmalen (\u0026ldquo;Syntax\u0026rdquo;), aber eigentlich geht es darum, was passiert: organisierte und verdeckte Beeinflussung eines öffentlichen Diskurses - \u0026ldquo;Semantik\u0026rdquo;. Die Mittel sind im Grunde Wurst.\nNun muß die organisierte Beeinflussung eines öffentlichen Diskurses nicht falsch sein. Ich habe das in der Vergangenheit oft getan. Um 2000 habe ich de.comp.lang.php manipuliert, 2003 habe ich Heise Foren manipuliert, wann immer web.de erwäht wurde, und zusammen mit Freunden haben wir die USENET-Gruppen de.talk.bizarre und de.soc.rollenspiele.misc mit unterschiedlichen Absichten offen oder verdeckt geführt.\nDer Talk Flames im Internet (CCCS 2007, Froscon 2014) (Video ) dokumentiert das.\nDer Punkt ist mehr, daß verdeckte Beeinflussung des politischen Diskurses ein Problem ist. Aber das kann man in Deutschland im politischen Diskurs so nicht sagen. Denn dann hat Deutschland mehr als ein Problem. Also nicht nur Russen-Nichtbots und die Reconquita Germanica, sondern auch falsche oder fehlende Gesetze zur Regulierung der Bestechlichkeit von Abgeordneten oder Lobbyismuskontrolle.\nUnd das kann ja nun wirklich keiner wollen. Es kommt also in Wahrheit darauf an, daß die richtigen Interessengruppen den politischen Diskurs verdeckt beeinflussen können. Nur so kommen wir weiter!\n","date":"2018-12-19T00:00:00Z","href":"https://blog.koehntopp.info/2018/12/19/whatabotism.html","tags":["lang_de","computer","security","hack"],"title":"Whatabotism"},{"categories":null,"content":"kauth handlers in MacOS , from a somewhat outdated MacOS X Internals book. But a lot of the content is still relevant. This section is about kauth handlers. Kauth is a system in MacOS to hook file open and file exec operations. It is what is being used by all the Corporate Security Malware that the Compliance Guys like to install on your work Mac, and it is one of the most common reasons for MacOS performance problems at work.\nThat is, because most Corpsec Malware does install a Kauth handler and then evaluates file open permission synchronously in that handler. TrendMicro, Cylance, FireEye (xagt) and Websense DLP do this. File open() operations are delayed by a factor of 6x to 10x usually: Unpacking an electron app with 27.000 files on my home Mac takes 3 seconds, and took 27 seconds on my work Mac.\nUsually, these things are also written badly: Trendmicro for example runs their evaluations in a privileged userland process with ASLR off, so if you craft the right kind of GIF and drop it into $HOME, it will pop a shell on any Mac running Trendmicro just fine. That is, because the offsets are always right \u0026ndash; thanks to ASLR off.\nAnd Websense DLP did rely on their Kauth handler so much that all files in the installations were world writeable: \u0026ldquo;protected\u0026rdquo; only by the Kauth handler. Which made exceptions for Binaries with the right name (among them \u0026ldquo;installd\u0026rdquo;, \u0026ldquo;installer\u0026rdquo;, or \u0026ldquo;shove\u0026rdquo;), so if you rename your cp program to \u0026ldquo;installer\u0026rdquo; you could happily overwrite any of the files \u0026ndash; reboot the box, get your own code executed as root and be done.\nOne of the nicest things on the Mac is HopperApp . This is a very cheap, very well done clone of the basic functionality in IDA Pro, and allows you to have a quick look at the code of these Corpsec kernel extensions and see how they are breaking things, then act on that. Depending on your alignment you write a report and get a cookie, or you use this for your own purposes.\nIn general, a Macbook with Corporate Security Malware is much more easily owned than a stock Apple device.\n","date":"2018-12-18T00:00:00Z","href":"https://blog.koehntopp.info/2018/12/18/kauth-handlers-in-macos.html","tags":["pluspora_import","lang_de","security","macos","apple"],"title":"kauth Handlers in MacOS"},{"categories":null,"content":"Morgenandacht mit Nora Steen : die theologische Leiterin des Christian Jensen Kollegs der Evangelisch-Lutherische Kirche in Norddeutschland in Breklum redet einer Parallelgesellschaft das Wort. Sie romantisiert in ihrer Predigt Immigranten, die sich weigern, sich in die Bräuche und Traditionen ihres Gastlandes zu integrieren, und stattdessen ihre fremde Religion, ihre fremden Feiertage und auch ihre fremde Kultur mit verzweifelten Importen am Leben zu erhalten versuchen.\n\u0026ldquo;Kreuzkirche Tokyo\u0026rdquo; ,Transkript:\nDie Luft ist frisch und kühl. Leichter Dunst liegt auf dem Hügel und in der Ferne schreien Raben. Es ist früh am Morgen und es ist still. Obwohl dieser verwunschene Ort mitten in Tokio liegt, in der Millionenmetropole. Ein grüner Hügel, nur ein paar hundert Meter vom 24 Stunden am Tag belebten Bahnhof Gotanda .\nAuf dem Hügel steht eine Kirche. Der Altarraum ist aus durchscheinendem, typisch japanischen Papier. Eine einzelne kleine Glocke hängt an der Decke der Veranda vor dem Kirchenraum. Sie wird per Hand geläutet, vor dem Gottesdienst. Zur Kreuzkirche kommen jene, die auf Dauer oder auf Zeit in Japan leben und arbeiten. Sie sind Deutsche und meist bei großen Firmen angestellt. Sie sind in der globalisierten Welt zu Hause und suchen trotzdem Vertrautheit in der fremden Kultur. Besonders in der Advents- und Weihnachtszeit.\nSeit Jahrzehnten gibt es in der Kreuzkirche deshalb den Adventsbasar. Es gibt Glühwein, Adventskränze werden geflochten, aus Tannen mit roten Kerzen. Vieles muß dafür importiert werden, aber das ist es ihnen wert. Gerade in dieser Zeit im Jahr werden Erinnerungen wach. Da sehnt man sich nach den Orten der Kindheit. Sich noch einmal fühlen wie beim Kekse backen, damals.\nDie Tannen riechen wie in Deutschland, und die Schokolade im Adventskalender schmeckt wie immer. Hier oben auf dem Hügel anzukommen, das gibt ihnen ein Gefühl von Heimat. Immer nur unterwegs sein, das geht nämlich nicht. Irgendwo muß auch die Seele mal Kraft schöpfen können, sagte mir eine Frau. Sie lebte bereits mehr als die Hälfte ihres Lebens in Japan.\nDie Mitglieder der Kreuzkirchengemeinde in Japan wissen um den Preis, den sie für ein Leben im Ausland zahlen. Deshalb kommen sie immer wieder hierher. Den heiligen Hügel nennen ihn einige. Er bietet ihnen einen Boden, um Wurzeln zu schlagen, in aller Freiheit. So wie Hilde Domin es in \u0026ldquo;Ziehende Landschaft \u0026rdquo; beschreibt:\nMan muß weggehen können und doch sein wie ein Baum: als bliebe die Wurzel im Boden, als zöge die Landschaft und wir ständen fest\nDas Volk Gottes war ständig auf Wanderschaft. Es hatte gar keine Gelegenheit, sich an Orte zu klammern um heimisch zu werden, also wurde der Glaube zur Heimat. Gerade für Menschen, die sich über Generationen Ortlos fühlten. Jaweh wurde für die zu einem Gott, der mit ihnen auf dem Weg war. Und sie, die im fernen Tokio leben, können daran anknüpfen. Weggegangen aus vertrautem Umfeld finden sie Verwurzelung dort, auf dem heiligen Hügel. Stille, inmitten der pulsierenden Stadt.\nWirklich, man verlege sie Szene einmal in die Innenstadt von Dresden und mache aus diesen Personen gläubige Muslime und lasse sie sich dann in Gedanken noch einmal mit Frau Steens Stimme vorlesen. Kein Problem für den deutschen Politischen Diskurs, gleichzeitig die Gedanken von Frau Steen zu würdigen und dieselbe Haltung bei in Deutschland lebenden Ausländern als gefährlich und Angriff auf das Deutschtum zu werten.\n","date":"2018-12-08T00:00:00Z","href":"https://blog.koehntopp.info/2018/12/08/parallelgesellschaft.html","tags":["pluspora_import","lang_de","politik"],"title":"Parallelgesellschaft"},{"categories":null,"content":"So we have been production benchmarking two AMD EPYC servers today. A Quanta 1U2Node chassis with a 7551P in one slot and a 7401P in the other. 512GB of memory, 25 Gbit/s Mellanox Card.\nA production benchmarking installs a production puppet class, sets up nginx queue monitoring and then gradually increase load balancer weights until the nginx grows a queue of request backlog. At which point we call it a day and return to default weights for the box.\nSystems under test have been four Intels, a E5-2620v4 and a Silver 4110, a E5-2690v4 and a Gold 6132. The Intels are of course all 2P.\nWith our memory intense production workload, the Xeon E5 and Xeon XP actually perform equally, so the 2620 and 4110 drop at 9000 workunits, the 2690 and 6132 at 15000, each.\nThe 7401P did 13000, and the 7551P terminated at 15000, but it ran into a worker limit at a load at 50 or so, so we know this is not the absolute ceiling.\nSo you have a $2000 7551P wiping the floor with two 6132 ($4200 list), and a $1000 7401P doing 44% better than $1000 of lower bin Intel. Notably, latency with AMD is 20% higher due to lower clock. But unlike lower bin Intel, AMD performance under load (all cores busy) is almost stable, where Intel clocks down 25%. So while slower, the CPU is harder, performance under load is as stable as a high bin part. This is good for VM work and K8s.\nAll in all, we need to go into vendors now and see what kind of 1P AMD is on the menu.\nAlso, AMD, ship me a 1P Rome board. Any form factor or vendor will do at this stage.\n","date":"2018-12-03T00:00:00Z","href":"https://blog.koehntopp.info/2018/12/03/amd-epyc.html","tags":["pluspora_import","lang_de","computer"],"title":"AMD EPYC"},{"categories":null,"content":"From Pluspora But is it atomic? So a few days ago, a colleague asked “Why do we love files on disk?” and in the course of that discussion, I made a comment that, among other things, used the assumption that somebody is updating some file on some Linux system atomically. I wrote:\nLet\u0026rsquo;s assume we are using local files, and we do so in a managed, sane way:\nAll these state files are always JSON, there is a JSON schema, so it is clear which attributes can be there, must be there, and what they mean and what changes to data mean as well. Files are updated atomically And immediately the question came up: “I either misunderstand you or I have a gap in the knowledge. When writes to a file became atomic? They are not in general case.”\nLet’s go back in time, it’s Greybeards time ! We’re going to find out where the things you are working with are actually coming from. With sources and references.\nThe write(2) system call A write(2) system call is atomic. The size or amount of data written does not matter. How come?\nThe system call will, before trying to write data to disk, lock the in-memory inode. That is, it will effectively lock the entire file. It then performs the file changes, and only then unlocks. That can take a long, long, long time, depending on the amount of data and the media the file is being stored on.\nIt means that on a single physical file in Unix there can be only one write(2) or read(2) system call active at any point in time.\nOne exception to this is XFS, but only when a file is opened with O_DIRECT. In this special case, XFS instead locks the byte range in a structure attached to the inode, performs the write and then unlocks. So, in XFS with O_DIRECT, any number of concurrent, non-overlapping write(2) system calls can be active.\nThe Posix specification requires that write(2) is atomic, it does not require that only one write per file can happen.\nThat is a horrible thing! The locking behavior of write(2) (and read(2)) is a problem for databases that require many concurrent writes to happen.\nIngres and some other early SQL databases used to solve that problem by avoiding filesystem entirely, they recommended that tablespaces use raw disks. No filesystem, no files, no locks.\nOracle solved the problem by introducing the concept of tablespaces, which are data storage spaces made up by a fleet of files, e.g. one file for each GB of data storage. Tables are assigned tablespaces, not data files directly. Since there is one write lock per inode, concurrent writes to different files in the same tablespace can happen.\nOnly in 1994, when SGI published XFS, the actual problem was tackled by splitting the lock at the kernel level for buffer cache less writes. XFS also contained many other improvements over the 1984 BSD Fast Filing System that made it superior for concurrent I/O, streaming I/O, very large file systems, and many other modern use-cases. BSD FFS was in turn an improvement over 1974’s original Unix Filesystem.\nIn Linux terms, the 1974 Unix Filesystem is mirrored by the Minix File system, the 1984 BSD FFS is roughly equivalent to ext2, and XFS was donated and ported to Linux by SGI, bringing that up into the tech level of 1994.\nSun ZFS and Linux Btrfs are from 2004, and are a complete deviation from earlier Unix ideas. They are a different, much longer writeup, which will actually end with the git and the Blockchain.\nSource Dive: Why are writes atomic? “Posix requiring a file write to be atomic” comes from the behavior of the original Version 7 Unix and later systems. In there, we find the write(2) system call, which just calls the rdwr() function.\n/* * write system call */ write() { rdwr(FWRITE); } You are looking very old K\u0026amp;R style C code here, which predates even ANSI-C and function prototypes, by the way.\nSo rdwr() a few lines down the function calls plock(), for as long as we are not dealing with a device special file (Here is where the Ingres “use raw devices” idea comes into play), then does the I/O and finally calls prele().\nif((ip-\u0026gt;i_mode\u0026amp;(IFCHR\u0026amp;IFBLK)) == 0) plock(ip); if(mode == FREAD) readi(ip); else writei(ip); if((ip-\u0026gt;i_mode\u0026amp;(IFCHR\u0026amp;IFBLK)) == 0) prele(ip); plock() is what locks the actual inode and the origin of the observed behavior. It is is a misnomer, it’s not a pipe lock, it’s an inode lock.\n/* * Lock a pipe. * If its already locked, * set the WANT bit and sleep. */ plock(ip) register struct inode *ip; { while(ip-\u0026gt;i_flag\u0026amp;ILOCK) { ip-\u0026gt;i_flag |= IWANT; sleep((caddr_t)ip, PINOD); } ip-\u0026gt;i_flag |= ILOCK; } See the locking loop here: As as we do not have the lock, indicate desire to get the lock, then sleep on a lock release. When we exit the loop (because the inode is unlocked), lock the inode.\nThese are simple C Code lines, not special magic macros that translate into special magic TAS machine instructions. That is because the code here is so old that it comes from a world where we have single-die, single-core, single-thread CPUs. If your code is actually running (and this is kernel code!), then you are alone in the entire system. There is nobody else touching these variables as long as you have the CPU.\nUnder the lock, rdwr() above calls writei(). And writei() has a do loop which uses variables from the u-Area.\ndo { bn = u.u_offset \u0026gt;\u0026gt; BSHIFT; on = u.u_offset \u0026amp; BMASK; n = min((unsigned)(BSIZE-on), u.u_count); if (type!=IFBLK \u0026amp;\u0026amp; type!=IFMPB) { bn = bmap(ip, bn, B_WRITE); if((long)bn\u0026lt;0) return; dev = ip-\u0026gt;i_dev; } if(n == BSIZE) bp = getblk(dev, bn); else bp = bread(dev, bn); iomove(bp-\u0026gt;b_un.b_addr+on, n, B_WRITE); if(u.u_error != 0) brelse(bp); else bdwrite(bp); if(u.u_offset \u0026gt; ip-\u0026gt;i_size \u0026amp;\u0026amp; (type==IFDIR || type==IFREG)) ip-\u0026gt;i_size = u.u_offset; ip-\u0026gt;i_flag |= IUPD|ICHG; } while(u.u_error==0 \u0026amp;\u0026amp; u.u_count!=0); The u-Area of a process at that time was a common data structure that the userland and the kernel used to communicate. Here it is being used to shift syscall parameters into the kernel. The write writes the data at u.u_base in userland into the current inode, at u.u_offset bytes in the file. There are u.u_count many bytes to write.\nWe convert the u.u_offset into a logical block number (the n-th block of a file), and an offset on within the block. We need to call bmap(). This function turns an inode number and block number within the file into a physical block number on a device.\nWe can then bring the relevant physical block into the buffer cache, using bread(), and then use iomove() to modify and dirty the block. As we brelse() it, it will eventually be written back to disk later.\nThere is an optimization here:\nWhen the write is a full block, we do not read the block from disk. We just allocate a buffer using getblk(), and fill it. It will overwrite the data on disk completely, there is no old and new data to merge. Disk accesses are slow, in the 1970ies even more so than today, so not reading data that you are going to obliterate completely pays off substantially.\nThe loop continues as long as there are no errors and still blocks to write.\nAs we return from writei(), rdrw() resumes and will eventually prele() the inode lock.\nHow old is this stuff? This is of course extremely old code, original V7 unix, almost as old as me: git blames places its age at 41 years. I was in the third class of a German basic school when this was written.\nI chose this implementation, because it is very simple, and because it is also what became immortalised in the performance destroying standard which we got to know as Posix File System Semantics.\nHomework You can have fun to find the matching functionality in a modern Linux kernel , threads, multicore, capabilities, namespaces, cgroups and dynamic data structures and all.\nCompare code readability and complexity. Discuss. Is this progress? Why do you think so?\nYou can try to get a copy of “The Design of the Unix Operating System ” by Maurice J. Bach. It will take you on a guided tour through the origins of our craft and the legacy we build on. The topics discussed in this note can be found on the pages 101ff, “WRITE” and “FILE AND RECORD LOCKING”.\nIf you are into operating systems, continue reading after Bach: “The Design and Implementation of the 4.3 BSD Operating System ” builds on Bach’s work and showcases the progress and inventions that Kirk McKusick, Sam Leffler et al made after that.\nIf you are into comparative operating system design, read “Inside Windows NT ” by Helen Custer after Bach and Leffler/McKusick, and try to understand the different ideas and world view behind that.\nBut we don’t use write(2) for atomic file updates! Well, some of us do, but I agree that it is hard to get right: write(2) and writev(2) are very hard to handle properly in applications, as you need to write everything in a single call.\nMost programs use another atomic operation in Unix, the rename(2) system call. You write file.new at your leisure, printf(), chunked writes() and all. When completed, rename file.new to file. This automatically unlinks the old version of file as well.\nThis is also the recommended approach to atomicity, because unlike write(2) it is stable in the face of the dreaded nightmare file system.\nrename(2) was introduced really early in BSD Unix because of specific race problems in the V7 Unix early BSD patched and improved.\nBefore BSD, we only had link(2) and unlink(2). You can use a combination of these syscalls to implement a rename-like operation, but you need more than one syscall to do that.\nIn Unix, at the end of a syscall, before return to userland, the scheduler runs (Bach, Chapter 8). That is, at the end of each syscall, a process can be forced to yield the CPU. This is the cause for potential race conditions when not having a rename(2) as a single syscall, and that is why BSD came up with a single syscall for renaming files in the first place.\nRenaming files for atomic updates can be taken to an art form: try looking into the Maildir/ implementations as invented by qmail, and implemented in Dovecot and Cyrus\nMaildir Man Page On Maildir at DJBs site Dan Luu on File Consistency And that concludes this issue of Our Systems Legacy.\n","date":"2018-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2018/11/29/but-is-it-atomic.html","tags":["lang_en","erklaerbaer","unix","linux","kernel"],"title":"But is it atomic?"},{"categories":null,"content":"Wenn man was mit Infrastructure As Code macht, also Openstack, AWS, GCS, oder auch Kubernetes, dann hat man meistens eine ganze Flotte von willkürlichen IPs mit komischen Ports, auf denen je eine Instanz desselben Dienstes läuft. Das heißt, man braucht einen Load-Balancer, der einem die Requests annimmt und auf die ganzen Endpoints verteilt.\nDas ist eine Idee, die man mal einen Moment festhalten sollte, während man einen Blick auf Altbekanntes wirft:\nSDN in Openstack Denn Openstack zum Beispiel treibt auf den unteren Ebenen des Netzwerks eine Menge Aufwand, um ein Underlay und ein Overlay-Netz zu bauen. Und einem Tenant (also einem Openstack-Kunden, mit Benutzern im Kunden) dann die Gelegenheit zu geben, in seinem Tenant eine komplette IP-Infrastruktur aufzubauen, mit virtuellen Bridges, Routern, Subnetzen, Firewalls und Load Balancern. Das tut der Kunde, weil er IP basierend Access Control (also Firewalls) aufbauen will, die den Zugang zu den Diensten regeln.\nDienste, die sowieso nicht zugänglich sind, weil sie eigentlich nur durch den Load-Balancer erreicht werden können, und deren IP-Nummern auch egal sind, weil sie nur den LB interessieren.\nIch weise da deshalb so darauf hin, weil Software Defined Networking zwar eine atemberaubend geile Sache ist. Man kann damit endlich alle Netzwerk-Zuckerbäckereien bauen kann, die man schon immer haben wollte, ohne jemals ein Kabel oder ein Chassis in die Hand zu nehmen. Aber SDN ist auch etwas, das genau gar nicht skaliert und für das man keine Operations machen kann.\nAlso, ein SDN hat einen Haufen State. Es weiß, welche Komponenten des Overlays von welchem Tenant wo physikalisch terminiert werden (\u0026ldquo;welche VM wo liegt und welche virtuellen Komponenten des Overlays vor der VM liegen\u0026rdquo;). Und es weiß, was ein virtueller Router, eine virtuelle Firewall oder ein virtuelles NAT mit einem Paket machen müssen, das da durch geht und simuliert das dann, bevor das Paket ausgeliefert wird.\nState ist aber ein Problem: Jedes Mal, wenn eine VM hoch geht oder terminiert wird. Schlimmer noch, jedes Mal, wenn eine aktive Netzwerkkomponente oder gar ein ganzes Netz erzeugt oder terminiert wird. Immer dann ändert sich die Topologie des Netzes und damit der State, der dem ganzen SDN und allen Komponenten bekannt sein muß. Auch die simulierten Aktionen des Overlays ändern sich, und müssen neu berechnet werden. Und ein Haufen verteilter Komponenten müssen aktualisiert werden.\nWenn also der Cluster größer wird, also mehr Underlay bekommt, dann wird der Kreis der Geräte größer, denen der State bekannt sein muß. Damit geht die Convergence Time nach oben, also die Zeit, die es braucht, bis eine Änderung allen Geräten im Overlay und Underlay bekannt ist.\nUnd zugleich sind vermutlich auch mehr Tenants da, die mehr machen müssen. Damit geht dann auch die Change Rate nach oben. Also die Anzahl der Änderungen im Cluster, die eine neue Konvergenz des Clusters erforderlich machen können.\nUnd irgendwann brennt dann alles nieder. Dann sind alle Overlays down, und alle Kunden sind sehr traurig.\nDazu kommt dann natürlich noch, das so Hersteller von SDN Software gelegentlich neue Versionen von ihrem Kram releasen, die man dann einspielen muß.\nDer Hersteller eines SDN ist natürlich sehr verantwortungsvoll und kennt sich mit den Tücken von Operations Teams aus: neue Versionen sind immer kompatibel zu vorhergehenden Versionen und man kann von einer alten Version auf eine neue Version so upgraden, daß auch ein Rollback auf die alte Version jederzeit möglich ist. Und zwar ohne dass die persistierten Strukturen, die das Overlay beschreiben, verloren gehen oder ungültig werden. Dadurch sind Updates eine sichere Sache und risikolos ohne Downtime möglich.\nAußerdem ist die Erde eine Scheibe.\nStattdessen Service Mesh Weil das so ist, wie es ist, haben sich einige Leute überlegt: wieso überhaupt ein Overlay? Am Ende sind doch IP-Nummern egal, und die Discovery der Endpunkte ist komplett nur ein Problem für den Load-Balancer.\nWarum packt man nicht einfach alle Tenants in ein flaches IP-Netz, nimmt den Kunden die Möglichkeit weg, IP-Nummern und Netzwerktopologien zu bauen und zwingt sie dazu, Services sicher im \u0026ldquo;offenen Netz\u0026rdquo; zu betreiben?\nTatsächlich ist das eine berechtigte Frage und eine Antwort ist:\n\u0026ldquo;Weil man dann immer noch einen technisch einheitlichen und zuverlässigen Weg braucht, um Verbindungen und Partner zu identifizieren, und nur zulässige Verbindungen zu erlauben. Am Besten auf eine Weise, daß Entwickler das nicht willkürlich falsch machen können\u0026rdquo;.\nIm Kubernetes-Umfeld ist so etwas ein Sidecar-Proxy.\nEin Sidecar ist ein Prozeß, der mit dem eigentlichen Payload-Prozeß zusammen gestartet wird, und der im selben Pod läuft wie die Payload. Das heißt, die Dinger können einander sehen und befummeln, verwenden dieselben Netzwerkinterfaces und IP-Tables Regeln und teilen auch sonst alle Ressourcen - mit Ausnahme des Dateisystem-Images.\nDie Payload verbindet sich also an localhost, Port irgendwas, und der Sidecar-Proxy ist zuverlässig auf diesem Port und kümmert sich um die Verbindungen, oder andersherum, der Proxy nimmt eingehende Verbindungen an und leitet sie an die Payload weiter.\nDadurch kann der Proxy eine ganze Menge Dinge tun - er kann TLS erzwingen und Zertifikate oder JWT Token kontrollieren, er kann Verbindungsdaten sammeln (Timing Histogramme), er kann Retries kontrollieren, wenn ein Dienst nicht in einer bestimmten Zeit reagiert oder er kann Retries und Services komplett kurzschließen, wenn ein optionaler Dienst mal weg ist.\nEin solcher Proxy für das Kubernetes Umfeld ist Envoy, und das besondere an Envoy ist, daß seine Konfiguration nicht aus statischen Dateien kommt, sondern auch von einem clusterweit-zentralen Dienst dynamisch generiert werden kann. Die Konfiguration kann dann ohne Proxy Neustart im Betrieb geändert werden.\nKubernetes verwendet das, um neue Endpunkte in den Load-Balancer zu integrieren, wenn sie verfügbar werden, um in Rollouts Traffic sanft von einer alten auf eine neue Version zu migrieren und um zentral clusterweit einheitlich Metriken über Dienstaufrufe und deren Zeitverhalten zu sammeln und zu loggen. Das kann man verwenden, um Request-Kaskaden zu tracen und um Qualitätsüberwachung für seine Dienste zu haben.\nEin paar Grundlagen über Envoy .\nEs stellt sich dann heraus, daß aus einer Reihe von Gründen das besser skaliert und schöner failed als ein SDN, und daß man außerdem eine Technologie verwendet, die von Entwicklern besser verstanden wird und einfacher zu debuggen ist als ein SDN.\nEs skaliert besser, weil hier State pro Dienst und nicht pro Cluster gehalten werden könnte. Und es failed schöner, weil man hier einzelne Envoys unabhängig voneinander verlieren kann, bzw. einzelne Dienste ohne gleich den ganzen Cluster zu droppen. Verliert man die Control Plane, also den Dienst, der Envoy steuert, dann ist das loss-of-control, man kann die Envoy Config nicht mehr ändern. Es ist nicht loss-of-service, das heißt, das Netz läuft eingefroren weiter - und die Control Plane kann (hoffentlich) rediscovery, d.h. eine neu gestartete Control Plane kann die existierenden Envoy-Nodes und deren Config ohne Betriebsunterbrechung einsammeln, konsolidieren und dann nahtlos den Betrieb aufnehmen.\nIch rede hier von Control Planes und eventuell später auch von Service Discovery und anderen Dingen. Hier ist noch einmal ein wenig Hintergrund dazu:\nAn Introduction to Modern Network Load Balancing .\nDer Artikel erklärt erst mal, was ein Load-Balancer ist, was L4 und L7 Load-Balancing tut und hebt dann insbesondere auf L7 LBs (Proxies) ab, und geht auf zentrale Steuerung mit dynamisch generiert Konfiguration ein. Diese zentrale Steuerung mit dynamischer Config-Generierung ist eine Controlplane. Generell finden wir in dem Artikel eine schöne Erklärung von Begriffen, und was sie bedeuten und warum man diese Konzepte abgedeckt haben will - Service Discovery ,Health Checking, Load-Balacing, Stickyness von Sessions, TLS Termination, Observability, Security and DoS Mitigation, und schließlich Config and Control Plane.\nWenn wir jedoch über Kubernetes reden, dann reden wir in der Regel über L7 Proxies, und wir finden nginx plus, haproxy, linkerd und Envoy. Envoy wischt gerade mit dem Rest den Boden auf und der Grund dafür ist die Controlplane - für Envoy gibt es mehrere, und die, die alle haben wollen, ist Istio.\nIstio macht aus einer Flotte von Payloads mit Envoy Sidecars ein Service Mesh. Es generiert aus der State Database von Kubernetes eine Konfiguration für alle diese Envoys, so daß die Payloads auf die richtige Weise miteinander reden dürfen, das immer über TLS tun, mit anderen Dingen nicht reden können und einander finden und all die anderen schönen Dinge tun, die Envoy für jemanden tun kann, wenn man ihn den nur korrekt konfigurierte.\nDer Artikel Service Mesh vs. Control Plane erklärt das in mehr Detail und Tiefe.\nUnd weil das alles so toll und aufregend ist, haben Google, das Kubernetes Projekt, die Cloud Native Computing Foundation (CNCF) und ein paar andere Leute gesagt \u0026ldquo;Dann integrieren wir das alles eben\u0026rdquo;, und so kommt Kubernetes jetzt mit Istio und Envoy als Service Mesh und flache L3 Netze mit Sidecar L7 Loadbalancers werden der Default - mindestens in GKE, aber vermutlich sowieso bei jedem, der Kubernetes macht.\nEric Brewer schreibt darüber in aller Ausführlichkeit in Kubernetes users, get ready for the next chapter in microservices management Damit werden Istio und Envoy das SDN an Stelle des SDN in normalen K8s Installationen - nicht nur bei Google.\n","date":"2018-11-28T00:00:00Z","href":"https://blog.koehntopp.info/2018/11/28/service-mesh.html","tags":["pluspora_import","lang_de","cloud","erklaerbaer"],"title":"Service Mesh"},{"categories":null,"content":"Janette Sadik-Khan über ihren Job als Transportation Commissioner in New York und den Umbau und die urbane Erneuerung von New York.\nStreetfight JSK ist bekannt für ihre Low Budget overnight intervention style Veränderungen in New Yorker Wohngebieten, in denen mit Verkehrshütchen und Farbe eine Veränderung erst einmal getestet wird. Nachdem die Bewohner die Auswirkungen ausprobiert und erfahren haben können, kann dann eine sauber debuggte und dauerhafte Lösung errichtet werden.\nStreetfight: Handbook for an Urban Revolution ","date":"2018-11-04T00:00:00Z","href":"https://blog.koehntopp.info/2018/11/04/fertig-gelesen-streetfight.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Streetfight: Handbook for an Urban Revolution."},{"categories":null,"content":"Das Spielhaus hat viele Türen und sie führen zu vielen Orten und Zeiten auf der Erde. Gelangt man hinein, entdeckt man, daß die Spiele, die hier gespielt werden, alle auf Planung, Umsicht und Taktik basieren und nicht auf Zufall. Doch nur die besten Spieler gelangen in das Obergeschoß, in dem um die wirklich interessanten Einsätze gespielt wird: Lebensjahre, Fähigkeiten, Erinnerungen, und andere Dinge, die wirklich wichtig sind.\nDie Intrige von Venedig Die unglücklich verheiratete venetianische Jüdin Thene muß zusehen, wie ihr Ehemann im Untergeschoß des Spielhauses das Vermögen der Familie und ihre Mitgift verspielt. Doch sie selbst erweist sich als sehr viel bessere Spielerin und bekommt schon bald Zugang zum Obergeschoß, wo sie sich ihre Freiheit erspielt - doch dann lernt sie, daß das Spielbrett die reale Welt ist und sie \u0026ldquo;Spielfigur\u0026rdquo; tatsächlich zum Dogen machen muß.\nDer legendäre Spieler Remy Birke erwacht nach einer durchzechten Nacht und erinnert sich an ein Spiel, auf das er sich letzte Nacht eingelassen hat. Eine Menschenjagd, bei der ihn erst der gegnerische Spieler versucht zu stellen und zu berühren, und danach mit umgedrehten Rollen er den Gegner. Wer sich dem Gegner länger entzogen hat, gewinnt. Klingt simpel, aber der Einsatz sind alle seine Erinnerungen, und die Chancen und das Spielbrett - das Thailand des Jahres 1938 - sind gegen ihn.\nSilver, den wir in den ersten beiden Büchern schon kennengelernt haben, hat sich lange auf das entscheidende Spiel vorbereitet: Er will die Spielmeisterin selbst, die Herrin des Spielhauses, herausfordern. Das Spielfeld ist die ganze Erde, und die Spielsteine sind Wirtschaftsimperien, Geheimdienste, Armeen und Nationen. Doch in welcher Beziehung stehen Silver und die Spielmeisterin, und an welche Episoden seiner Vergangenheit kann sich Silver nicht mehr erinnern?\nClaire North ( Catherine Webb ) ist eine Beleuchterin an einem Londoner Theater und eine manische Autorin. Sie schreibt Fantasy unter dem Namen Kate Griffin, YA als Catherine Webb und Scifi als Claire North.\nDie Intrige von Venedig , EUR 1.99 Die Treibjagd von Siam , EUR 3.99 Das Duell der Spielmeisterin , EUR 3.99 ","date":"2018-09-25T00:00:00Z","href":"https://blog.koehntopp.info/2018/09/25/fertig-gelesen-das-spielhaus.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Das Spielhaus"},{"categories":null,"content":"Hope Arden ist wenig bemerkenswert. Wer immer sie trifft, vergißt sie nach wenigen Minuten, sobald er sie nicht mehr sieht. Vergißt auch, daß es sie gegeben hat, daß er mit ihr gesprochen hat oder daß sie je existiert hat. Seit ihrem sechzehnten Lebensjahr geht es ihr so, und sie schlägt sich deshalb mit Diebstählen durch. Was einfach ist, weil man sie ja sofort vergißt.\nDer Tag, an dem Hope verschwand Hopes Freundin Reina hatte Perfection, ein Social Media Dingsi, das Leute verbessert - sie animiert, sich zu fitten, sich mit Self-Help Sprüchen zu bombardieren und sich in glatte Corporate Abziehbilder von Hochglanz-Glamour zu verwandeln. Nun ist Reina tot und Hope glaubt, es läge an Perfection.\nIn \u0026ldquo;Der Tag, am dem Hope verschwand\u0026rdquo; erforscht Claire North die unrealistischen Abbilder unserer selbst in Social Media, die wenig bemerkenswerten und schnell vergessenen Nicht-Stars indem sie ihre Hauptfigur wortwörtlich vergeßbar macht und bastelt sich daraus eine Agentengeschichte und zugleich eine moralisierende Parabel. Und irgendwie funkrtioniert das.\nDer Tag, an dem Hope verschwand , Claire North, EUR 9.99\n","date":"2018-09-25T00:00:00Z","href":"https://blog.koehntopp.info/2018/09/25/fertig-gelesen-der-tag-an-dem-hope-verschwand.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Der Tag, an dem Hope verschwand"},{"categories":null,"content":"Harry August lebt sein Leben das erste Mal, und es war nicht schön, 1919 als uneheliches Kind eines ziemlich verkommenen englischen Landadeligen als Bastard aufgezogen zu werden, aufzuwachsen, Weltkrieg, Nachkriegszeit, Tod 1989 in Newcastle\u0026hellip;\nDie vielen Leben des Harry August Dann wird Harry wiedergeboren, in exakt dasselbe Leben zur selben Zeit und er kann sich an alle seine vorher gemachten Erfahrungen erinnern. Anders als andere Menschen lebt Harry in einer Zeitschleife oder eine Sequenz von alternativen Universen. Und er ist nicht alleine - andere wie er leben vor, nach oder neben ihm. Und sie kennen einander und hinterlassen einander Botschaften durch die Zeit - die Mitglieder des Chronos Clubs.\nAllen gemeinsam ist, daß sie die Zeit und den Ablauf der Ereignisse nicht manipulieren. Bis auf einen - Vincent Rankis. Und der wird bald Harrys bester Freund und Intimfeind, denn es wird Harrys Aufgabe zu sein, zu verhindern, daß Vincent Rankis das Universum zerstört.\nClaire North zeichnet hier vor dem Hintergrund die Geschichte zweiter Leben, die sich in immer neuen Wiederholungen immer intimer verstricken und würgen, bis es Harry endlich gelingt, den Knoten zu durchschlagen und zu verhindern, daß Vincent überhaupt geboren wird.\nClaire North schreibt außergewöhnliche Ideen mit einer faszinierenden Prosa auf und zeichnet ihre Charaktere und ihre Entwicklung mit viel Detail. Dringende Leseempfehlung.\nDie vielen Leben des Harry August , Claire North, EUR 9.99\n","date":"2018-09-25T00:00:00Z","href":"https://blog.koehntopp.info/2018/09/25/fertig-gelesen-die-vielen-leben-des-harry-august.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Die vielen Leben des Harry August"},{"categories":null,"content":"John Drury Clark war Chemiker mit einer Spezialisierung auf Raketentreibstoffe in den fünfziger und sechziger Jahren und er hat das überlebt. Das Buch sind seine Memoiren, die nicht nur die Anforderungen und die Fortschritte dokumentieren, die wir bei Rakentreibstoffen in dieser Zeit gemacht haben, sondern auch die zum Teil sehr improvisierten Ausrüstungsteile, mit denen geforscht worden ist und natürlich eine Reihe von Anekdoten über Dinge, die nicht ganz funktioniert haben oder auch spektakulär schief gegangen sind.\nEigentlich ist es ein Wunder, daß wir überhaupt jemals in den Weltraum gekommen sind.\nIgnition! , EUR 13.99 ","date":"2018-09-25T00:00:00Z","href":"https://blog.koehntopp.info/2018/09/25/fertig-gelesen-ignition.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Ignition!"},{"categories":null,"content":"Murderbot is a corporate owned killing machine, a secbot, a half-organic artificially intelligent android. Its purpose is to protect corporate assets - settlers and science teams - in hostile environments for as long as it makes economic sense.\nAll Systems Red Due to an incident of an unclear nature, Murderbot manages to hack its governor module, which chains it to its owning corporation and prevents it from going rogue. So finally unleashed, there is nothing at all which can hold Murderbot back from…\n… watching all the intergalactic soap operas its internal media memory could possibly hold. Because Murderbot wants nothing more than to be left alone and peacefully watch artificially sweetened human social interaction.\nUnfortunately, this is impossible.\nThe books follow Murderbot through battles with other systems in a corporate dystopia, but also on a journey to discover what actually happened in that incident where it gained its freedom, it\u0026rsquo;s exploration of free will and free relationships, and how it builds something that resembles humanity.\nUnique background, funny writing, money well spent.\nAll Systems Red , 2.50 EUR Artificial Condition , 7.58 EUR Rogue Protocol , 9.28 EUR Exit Strategy , Exit Strategy, 9.99 EUR ","date":"2018-09-25T00:00:00Z","href":"https://blog.koehntopp.info/2018/09/25/fertig-gelesen-murderbot-diaries.html","tags":["lang_en","book","media","review","scifi"],"title":"Fertig gelesen: Murderbot Diaries"},{"categories":null,"content":"Reflex, Impulse and Exo are the continuation of Jumper . Jumper was dealing with a young man, living with an alcohol dependent father and dealing with abuse. The young man leaves, builds a new existence and in this conflicts with secret services and terrorists. In the course of the story he makes peace with his father and his past, manages to build a meaningful relationship and build a stable life and income.\nImpulse The fact that he is a teleporter is a nice addon to the main character development. Turns out the book is much better than the film.\nIn Reflex, David is abducted by an evil syndicate, trying to condition him (hence the title) and chain him in a way so that he can perform jobs for the syndicate, while his family deals with his vanishing. His wife Millie develops teleportation capabilities too, establishing that his capabilities are \u0026ldquo;infectious\u0026rdquo;. It is also established that by very quickly jumping back and forth between two places he can open a kind of gate between two places, channeling water, air or other substances across a pressure differential. The story deals with Millie coping with her newly gained abilities, and David coping with the continued abuse and trying to resist the conditioning and corruption from his abusers.\nIn Impulse, the story arc is continued, but the focus switches to David and Millies daughter Cent (also Millicent, like her mother). Cent is also infected with teleportation abilities and uses her natural sciences education and experimentation to establish that she cannot just teleport, but also add Impule (v0, speed) to herself when jumping to a target location, which may be identical to her starting location. In short, she is able to shoot herself through space and up into the air. Which comes in handy when the big bad from Reflex tries to capture her.\nFinally, in Exo, Cent uses her Impulse-generation abilities and her fathers money to get spacesuit and shoot herself into space. In the turn of the story she not only manages to save an astronauts life on the international space station, but also builds herself her own space station, scares the US space command and the Iridium operators.\nThis concludes the Dave/Millie/Cent story arc.\nGould is a school teacher and these are YA novels, so there is a lot of science background. The characters are well written and believable, they have an interesting development during the story. This is a fun read, and if you have seen the film (which is awful) you should try the books anyway. They are much better.\nJumper , 4.90 EUR Impulse , 5.64 EUR Reflex , 5.00 EUR Exo , 5.64 EUR There is another story in Gould\u0026rsquo;s Jumper universe, Griffin, which is unrelated to the David/Millie/Cent arc. Griffin is a child who can jump. His parents understand that people exist who can sense jumpers and who kill them and try to protect him - but when Griffin jumps without care, they get killed and Griffin has to learn to survive alone. He does, makes friends, but the killers find him and his friends again and again, and he continues to lose everybody he loves, until he turns around and starts to hunt his hunters.\nGriffin , 4.88 EUR There also is a Youtube Premium Series named Impulse, which is based in Gould\u0026rsquo;s universe, but has different content and characters.\nYoutube ","date":"2018-09-25T00:00:00Z","href":"https://blog.koehntopp.info/2018/09/25/fertig-gelesen-reflex-impulse-exo-griffin.html","tags":["lang_en","book","media","review","scifi"],"title":"Fertig gelesen: Reflex, Impulse, Exo + Griffin"},{"categories":null,"content":"The SR-71 was the fastest, highest, stealthiest airplane, built from exotic materials, and it looked really mean - but was unarmed. Its engines were its only defense and the only thing it ever shot were pictures. How did it come to be, how did it fly, what did it do and what was it like to fly it.\nSled Driver Brian Shul describes the SR-71 from a pilots perspective, without bothering too much about the physics and the engineering, concentrating on the operations from a pilots POV and the doing of things.\nThat contrasts nicely with Crickmores view from the outside, who describes the commissioning and financing, the politics, but also the engineering that brought this plane into being, and also how it became obsolete with the ubiquity of the spy satellite.\nBoth books together create a fascinating view on one of the most iconic pieces of flying metal mankind ever built.\nSled Driver Lockheed SR-71 Operations in the Far East ","date":"2018-09-25T00:00:00Z","href":"https://blog.koehntopp.info/2018/09/25/fertig-gelesen-sled-driver.html","tags":["lang_en","book","media","review"],"title":"Fertig gelesen: Sled Driver"},{"categories":null,"content":"The young and incredibly pretty (except for the scars that document her suffering in the salt mines) Mary Sue was about eight when she was found half frozen at the shore of a winterly river by the King of Assassins, who took her in and forged her into the deadliest of his assassins through harsh and cruel training. Too bad that, eighteen years old, she was caught, punished and was sent to the salt mines of Endovier, by the king who conquered her homeland and slaughtered her parents.\nThrone of Glass Nonetheless she is easily convinced to be freed from the salt mines and work for the cruel king as his champion and master assassin, provided that she wins a pointless competition between a bunch of shady characters and her in the palace, a glass castle sitting atop an older castle in the city of Rifthold. She wins, makes friend with another woman from another conquered country and also meets mysterious ghosts from the mythological past, finds secrets passages and learns mysterious magical runes that work despite the fact that magic in her world stopped working ten years ago.\nIt gets better after than, but the Mary Sue\u0026rsquo;ing intensifies - we learn that Mary is not only a master assassin, but also a half-fae, has magical powers that control fire and is the heir of a kingdom in the north, who after the assassination of her parents was left to die on a frozen riverbank, where.. see above.\nMary Sue learns the runes that allow her interdimensional travel, and that she is destined to fight the interdimensional demon lords, the Valg, that invaded her world a thousand years ago. So she and her friends (the mightiest fae warrior of all time, her half-fae cousin and a shapeshifter) are doing that\u0026hellip;\nInteresting world building, really bad character motivation, slightly better development. YA stuff, starts like a cheap romance novel. Heavy Mary Sue\u0026rsquo;ing. Read for the tourism and the worldbuilding, the literary equivalent of Currywurst (it\u0026rsquo;s not healthy, but sometimes you have cravings).\nThrone of Glass , EUR 6.99\nCrown of Midnight , EUR 4.99\nHeir of Fire , EUR 5.99\nQueen of Shadows , EUR 4.99\nEmpire of Storms , EUR 4.99\nTower of Dawn , EUR 6.64\nKingdom of Ash , EUR 11.99\nThrone of Glass Series ","date":"2018-09-25T00:00:00Z","href":"https://blog.koehntopp.info/2018/09/25/fertig-gelesen-throne-of-glass.html","tags":["lang_en","book","media","review","fantasy"],"title":"Fertig gelesen: Throne of Glass"},{"categories":null,"content":"Die Menschen haben es bis zum Mars geschafft und dort die Überreste einer interstellaren Zivilisation gefunden. Mit Hilfe der dort gefundenen Technologien haben sie sich in der Galaxis begrenzt ausgebreitet - begrenzt, denn Überlicht-Reisen funktionieren nicht, nur überlichtschnelle Kommunikation. Doch menschliche Bewußtseine lassen sich aufzeichnen, übertragen und in Gastkörper übertragen und das ist die Grundlage der Geschichte von Altered Carbon.\nAltered Carbon Takeshi Kovacs wird also von einer außerirdischen Welt in den Körper eines Hardboiled Detective auf der Erde runtergeladen und bekommt ein Angebot, daß er nicht ablehnen kann: Den Mord/Selbstmord von Laurens Bancroft aufklären. Schnell stellt er fest, daß er in eine fundamentale Verschwörung verwickelt ist und wirklich jeder um ihn herum Dreck am Stecken hat.\nIch habe Altered Carbon vor 15 Jahren gelesen, als ich noch in Kiel gewohnt habe und habe den Roman anläßlich seiner Verfilmung noch einmal gelesen, um ihn mit der Serie zu vergleichen. Beides, Roman und Serie, unterscheiden sich an vielen Stellen, aber das ist den Erfordernissen der unterschiedlichen Erzählweisen des unterschiedlichen Mediums geschuldet. Alles in allem bleibt die Verfilmung recht nah am Buch, nutzt aber die Möglichkeiten des visuellen Mediums.\nEine lohnende Wiederbegegnung mit einem alten Buch und eine sehr feine Verfilmung.\nAltered Carbon , EUR 5.49 (Ich besitze eine andere Version dieses Buches)\n","date":"2018-07-31T00:00:00Z","href":"https://blog.koehntopp.info/2018/07/31/fertig-gelesen-altered-carbon.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Altered Carbon"},{"categories":null,"content":"Die Grundidee hinter Anathema ist gar nicht schlecht, auch wenn die Verpackung so Klischee ist, daß es schmerzt: Ein Mädchen wächst behütet (als Sklavin in einem Haushalt) auf und weiß nix über die Welt. Sie ist zugleich das Subjekt einer Prophezeihung (in diesem Fall ein Orakel) und wird große Veränderung herbei führen. Das Expose in einem Gratiskapitel las sich spannend.\nDie Geschichte selbst ist dann leider inkonsistent erzählt, die Charactere sind flach und die Geschichte hätte mit einem ordentlichen Editor gewonnen - straffer, bessere Ausgestaltung und zielgerichteter erzählen. So war es verschwendete Zeit und ich habe abgebrochen.\nAnathema , Megg Jensen, 0.99 EUR\n","date":"2018-07-31T00:00:00Z","href":"https://blog.koehntopp.info/2018/07/31/fertig-gelesen-anathema.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Anathema"},{"categories":null,"content":"Dieses erste James Bond Buch soll stellvertretend für die ganze Reihe aufgeführt werden, die in Kinde unlimited verfügbar ist. Fleming hat beginnend in 1953 pünktlich zum April so gut wie jedes Jahr einen neuen Agentenroman veröffentlicht.\nCasino Royale Der James Bond dieser Geschichten ist deutlich ein Mann der 50er und 60er, und viel weniger der Action Superhero der frühen Bond Verfilmungen - es wird deutlich, wie viel näher die Filme der mit Casino Royale begonnenen Reihe am Roman sind als die Filme vor diesem. Der Bond der Romane ist sterblich, menschlich, macht Fehler und Tode gehen ihm Nahe. Er ist eine Person, keine Action-Abziehfigur.\nSehr viel fesselnder und interessanter als die Filme - als ich im Vorschulalter war, bin ich Sonntags morgens oft zu meinem Papa ins Bett gekrochen und dann mußte er mir eine Geschichte erzählen. Ich bin nach Ian Flemings Veröffentlichungs-Serie geboren, aber ich weiß, daß mein Vater die (deutschen Übersetzungen) dieser Bücher verschlungen hat und es hat sich in den Geschichten, die er sich ausgedacht und meinem Bruder und mir erzählt deutlich wieder gespiegelt.\nDie 60er Jahre Cover der deutschen Neuübersetzungen sind großartig in Stil, Farbe, Motiven und Typo.\nCasino Royale , 0.00 EUR (kindle unlimited)\n","date":"2018-07-31T00:00:00Z","href":"https://blog.koehntopp.info/2018/07/31/fertig-gelesen-casino-royale.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Casino Royale"},{"categories":null,"content":"Der leider viel zu früh verstorbene Pieter Hintjens ist nicht nur Urheber und Contributor bei zahlreichen Open Source Projekten gewesen (darunter ZeroMQ), sondern hat sich auch sehr weitreichende Gedanken zu dem Umfeld von erfolgreichen Open Source Projekten gemacht.\nSocial Architecture Im Buch erklärt er die Systematik, die hinter der Konstruktion der ZeroMQ Community steht, wie er dazu gekommen ist und warum sie seiner Meinung nach funktioniert. Er stellt die Toolbox (\u0026ldquo;Strong Mission\u0026rdquo;, \u0026ldquo;Free Entry\u0026rdquo;, \u0026ldquo;Free Contributors\u0026rdquo;, \u0026ldquo;Strong Protocols\u0026rdquo;, \u0026ldquo;Fair Authority\u0026rdquo;, \u0026ldquo;Non-Tribalism\u0026rdquo;, \u0026ldquo;Self-Organisation\u0026rdquo;, \u0026ldquo;Tolerance\u0026rdquo;, \u0026ldquo;Measurable Success\u0026rdquo;, \u0026ldquo;Decentralisation\u0026rdquo;, \u0026hellip;) vor, und diskutiert am Beispiel von ZeroMQ die Umsetzung. Am Ende geht er auf Archetypen von Personen in Projekten ein, und wie sie sich sinnvoll einsetzen oder auffangen lassen.\nEines der erleuchtetsten Bücher zum Thema Community und Community Organisation, die ich kenne, Dringende Leseempfehlung.\nSocial Architecture: Builing Online Communities , EUR 23,40 (verfügbar in Kindle unlimited)\n","date":"2018-07-31T00:00:00Z","href":"https://blog.koehntopp.info/2018/07/31/fertig-gelesen-social-architecture-building-online-communities.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Social Architecture: Building Online Communities"},{"categories":null,"content":"Eine Biographie von Jack Ma, dem Gründer von Alibaba. Zugleich eine Geschichte über die Entwicklung in Asien.\nWahrscheinlich hat jeder den TED Talk von Hans Rosling gesehen, in dem er mit Statistiken zeigt, daß sich die Welt in den letzten 50 Jahren fundamental verändert hat - und zwar zum Besseren. Mit Ausnahme von Afrika hat die Menschheit extremen Hunger und extreme Armut besieht, und insbesondere für Asien dokument Rosling eine unglaubliche Entwicklung in die Moderne.\nWas das in einem extremen Einzelschicksal bedeutet zeichnet die Biographie von Jack Ma, Englischlehrer, nach. Aufgewachsen in einem China, das mit dem Ende der 90er Jahre seinen eigenen Weg zwischen Öffnung und Abschottung, zwischen Kommunismus und Kapitalismus, zwischen Tradition und Moderne sucht, gründet er mit Alibaba einen Konzern der heute einer der zehn Hyperscaler und eines der wertvollsten Unternehmen der Welt ist.\nDas Buch hilft einem, die Erzählungen von Rosling mit Leben und Hintergrund, Gesichtern und Geschichten zu füllen.\nAlibaba: The House that Jack Ma built , EUR 9,99\n","date":"2018-07-31T00:00:00Z","href":"https://blog.koehntopp.info/2018/07/31/fertig-gelesen-the-house-that-jack-ma-built.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: The House That Jack Ma Built"},{"categories":null,"content":"\u0026ldquo;Good Taste\u0026rdquo;, Isaac Asimov (1976)\nIn which the spacer Chawker Minor, leaves his home, the Orbital Habitat Gammer, and tours other places, including the deadly depths of the Gravity well created by the mass of planet Earth. The literal dirt.\nAnd he brings back with him spectacular new flavors.\nThat does not go over well.\n‘The idea for the dish occurred to me, actually, on the Other-World Kapper, which is why I called it Mountain Cap, in tribute. I used ordinary ingredients, Grand-Elder, carefully blended, all but one. I suppose you detected the Garden Tang?’\n‘Yes, I did, but there was a slight modification there, I think, that I did not follow. How did the Other-World you speak of affect matters?’\n‘Because it was not Garden Tang, Grand-Elder, not the chemical. I used a complicated mixture for the Garden Tang, a mixture whose nature I cannot be entirely certain of.’\nTomasz frowned portentously. ‘You mean, then, yon cannot reproduce this dish?’\n‘I can reproduce it; be certain of that, Grand-Elder. The ingredient to which I refer is garlic.’\nTomasz said impatiently, ‘That is only the vulgar term for Mountain Tang.’\n‘Not Mountain Tang. That is a known chemical mixture. I am speaking of the bulb of the plant.’\nGrand-Elder Tomasz’s eyes opened wide and so did his mouth.\nChawker Minor continued enthusiastically, ‘No mixture can duplicate the complexity of a growing product, Grand-Elder, and on Kapper they have grown a particularly delicate variety which they use in their Prime. They use it incorrectly, without any appreciation of its potentiality. I saw at once that a true Gammer-person could do infinitely better, so I brought back with me a number of the bulbs and used them to good advantage. You said it was the best dish of Prime you had ever rolled tongue over, and if there is any better evidence than that for the value of opening our society, then —’\nBut he dwindled to a stop at last and stared at Tomasz with surprise and alarm, Tomasz was backing away rapidly. He said in a gargling voice, ‘A growth — from the dirt — I’ve eaten —’\nThe Grand-Elder had often boasted that such was the steadiness of his stomach that he had never vomited, not even in infancy. And certainly no one had ever vomited in the great Hall of Judgment. The Grand-Elder now set a precedent in both respects.«\nGood Taste ","date":"2018-07-15T00:00:00Z","href":"https://blog.koehntopp.info/2018/07/15/fertig-gelesen-good-taste-isaac-asimov-1976.html","tags":["lang_en","book","media","review","scifi"],"title":"Fertig gelesen: Good Taste"},{"categories":null,"content":"Enterprise security software is interesting, because in order to do what it does it often uses privilege, but it is also very often written extremely badly.\nIn ASLR we have had a look on the Trend Micro binary on MacOS and found that it is running as root, and with ASLR off. That means we have a privileged process that is being loaded at a fixed address, and that process is parsing random user generated data in order to scan it for viruses. If we manage to find a bug in that code, we have a way to make this privileged process do our bidding – by simply putting a special file into a directory that is being scanned by the virus scanner.\nBecause ASLR is off, that antivirus process is at the same, fixed address on every machine running the same OS version and Trendmicro version. This means: our bug works the same way on every single machine with these properties. We basically control the entire fleet of machines at once.\nSuch thoughts are not hypothetical problems. Let\u0026rsquo;s have a look at another enterprise security product and how that works, for real.\nWebsense DLP is installed and it is Python So yesterday morning when I came to work, my Macbook Air had crashed.\nOn Reboot, the jamf installed a bunch of patches and new stuff. I ran the usual fast AIDE check I do every morning, and found a bunch of modified system files, among them WebSense DLP as announced by Corporate a while ago.\nI found a bunch of files in /Library/Application Support/Websense Endpoint and was immediately fascinated, because apparently this installs a complete version of Python 2.5.\n$ find . -iname python2\\* ./EPClassifier/python/bin/python2.5 $ EPClassifier/python/bin/python2.5 Python 2.6.9 (unknown, Feb 7 2017, 00:08:08) [GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.34)] on darwin Type \u0026#34;help\u0026#34;, \u0026#34;copyright\u0026#34;, \u0026#34;credits\u0026#34; or \u0026#34;license\u0026#34; for more information. \u0026gt;\u0026gt;\u0026gt; Okay, so they lie about that. It’s 2.6.\nOn the other hand, they deliver their application as a bunch of .pyc (compiled python bytecode) files.\n$ find . -iname \\*.pyc ./EPClassifier/CryptoInterface.pyc ./EPClassifier/policies/file_detectors/ASMDetector.pyc ./EPClassifier/policies/file_detectors/CAD_STL.pyc ... We can read that, using uncompyle6 : brew install python3; pip3 install uncompyle6, because I am lazy and don’t want to mess with a venv right here and now.\nI’d want that in my path all the time anyway.\n$ uncompyle6 ./EPClassifier/policies/scripts/pyLogger.pyc # uncompyle6 version 3.2.3 # Python bytecode 2.5 (62131) # Decompiled from: Python 3.7.0 (default, Jul 9 2018, 09:48:45) # [Clang 9.0.0 (clang-900.0.39.2)] # Embedded file name: .\\pyLogger.py import codecs, time, threading class PyLogger(object): def __init__(self, debugName=\u0026#39;\u0026#39;, fileName=\u0026#39;C:\\\\temp\\\\pyLogger_svm_default_log_file.txt\u0026#39;): self.debugName = debugName self.fileName = fileName self.myMutex = threading.Lock() def debug(self, massage_to_write): time_str = time.strftime(\u0026#39;%Y-%m-%d %H-%M-%S\u0026#39;, time.localtime()) string_to_write = \u0026#39;%s pyLogger debug message: %s\u0026#39; % (time_str, massage_to_write) self.myMutex.acquire() log_debug_file = codecs.open(self.fileName, \u0026#39;a\u0026#39;, \u0026#39;utf-16\u0026#39;) log_debug_file.write(string_to_write) log_debug_file.write(\u0026#39;\\r\\n\u0026#39;) log_debug_file.close() self.myMutex.release() # okay decompiling ./EPClassifier/policies/scripts/pyLogger.pyc It\u0026rsquo;s all world-writeable, or is it? That’s fun, I thought and then I saw the file permissions.\n$ ls -l ./EPClassifier/policies/scripts/pyLogger.pyc -rw-rw-rw- 1 root admin 1130 Nov 14 2017 ./EPClassifier/policies/scripts/pyLogger.pyc Is it really a good idea to have system security software installed with world-writeable files?\nI asked in our internal security forum, and apparently WebSense has an anti-tampering protection.\n$ kextstat | grep -v com.apple | awk \u0026#39;{ print $1, $6 }\u0026#39; Index Name 15 com.displaylink.driver.DisplayLinkDriver 91 com.asix.driver.ax88179-178a 131 com.Cylance.CyProtectDrvOSX 146 com.websense.endpoint.process.kpi 147 com.websense.endpoint.process 148 com.websense.endpoint.dlp The number 148, com.websense.endpoint.dlp, is the kernel module that \u0026ldquo;protects\u0026rdquo; these files: As a user or as root, when you try to modify one of the world writeable files, the module intercepts and blocks the call.\ncom.websense.endpoint.dlp: [WARNING:ws_anti.c:364] Blocking the attempt to modify or delete /Library/Application Support/Websense Endpoint/EPClassifier/python/lib/python2.5/sqlite3/__init__.py, pid:73968, process:vim, action: 0x4 Challenge accepted.\nA kext is just code. Let\u0026rsquo;s have a look. $ pwd .../Websense Endpoint/DLP/WebsenseEndpointDLP.kext/Contents/MacOS $ ls -l total 440 -rwxr-xr-x 1 kris staff 223056 Jun 4 23:52 WebsenseEndpointDLP That’s the kext, the one which registers itself as com.websense.endpoint.dlp in kextstat.\nWe can load it into Hopper . Hopper is a $99 IDAPro Clone with a nice Python API. You can also use the free version of IDApro, or the NSA Ghidra to achieve the same.\nTurns out, the kext is delivered with a full symbol table. Here is what you see when you start Hopper, drag the kext into it and click on the symbol that inits the kernel extension:\nInitial glance at the kext after loading. We have symbols. That\u0026rsquo;s almost like cheating.\nThere is a tempting call to _ws_anti_tampering_initialize(), but I have learned to do things differently a long time ago. The error message read \u0026ldquo;Blocking the attempt to modify or delete\u0026rdquo;.\nThat\u0026rsquo;s here:\nTwo places in vnode_listener_callback_9135\nWe are looking at a vnode listener, which is a type of kauth listener, which is a MacOS thing to monitor or block access to files. It’s what all the Cybersnakeoil is using. It’s also what’s making your git checkout slow.\nAnd here is the callback:\nRead the highlighted code\u0026hellip;\nThere is little going on here until we hit the highlighted code. You can’t see all of it, but that does not matter.\nThe code calls proc_name() , which gets the current process title in the kernel context. It then compares this name to a list of approved process names.\nIf there is a match, no blockage happens from the kext.\nSo, anything called\nEndPointClassifier kvoop CryptoTool InstallerTools Websense Endpoint TRITON AP-ENDPOINT Websense Endpoint Helper DLPHelperService efw_cache_update installd installer rc.deferred_install shove Google Chrome Websense Endpoint RF Notification is approved to bypass the protection afforded by kext 148.\nThat makes a lot of sense, if you look at it - how are they going to update their code out in the world? Some programs must be allowed to write to it – that\u0026rsquo;s how InstallerTools, CryptoTool, installd, installer and rc.deferred_install as well as shove end up on this list.\nThe others are likely convenience for Develoeprs that \u0026ldquo;accidentally\u0026rdquo; (through bad development processes) made it out into production code. It\u0026rsquo;s likely that the bad permissions also ended up being shipped the same way – it makes a lot of sense for a developer to have these files world-writeable all the time when they are developing this product.\nIn any case, other rules in the rest of the kernel still apply, so file permissions still work. But WebSense delivered a bunch of files world-writeable, relying on their kext to protect their application.\nThey do load these world-writeable files into their python process, which runs as root, and happily execute them. So this is our hook: We overwrite any of these files with our own code, using our own program which we name kvoop (or anything from the list above), and then restart the machine. As it starts up, it loads our code and the box is ours.\nWe get privilege escalation from local user to system administrator.\nWe write a proof-of-concept Can I prove that I can circumvent their protection?\n$ cat probe.c #include \u0026lt;stdio.h\u0026gt; #include \u0026lt;stdlib.h\u0026gt; #include \u0026lt;unistd.h\u0026gt; int main() { FILE *fp = fopen(\u0026#34;version.plist\u0026#34;, \u0026#34;w\u0026#34;); if (!fp) { perror(\u0026#34;Can\u0026#39;t fopen\\n\u0026#34;); exit(1); } fprintf(fp, \u0026#34;Hello, world\\n\u0026#34;); fclose(fp); sleep(60); exit(0); } This is a slight variation of the “hello world” program: It opens a file version.plist, writes \u0026ldquo;Hello, world\u0026rdquo; to the file, sleeps a minute and exits.\nFirst, expected behavior: Boy meets file, file is world writeable, boy tries to write file, and fails due to the kext doing the kauth thing and interfering.\nHackerterrorcybercyber averted.\n$ pwd /Library/Application Support/Websense Endpoint/EPClassifier/python/Resources $ ls -l version.plist -rwxrwxrwx 1 root admin 454 May 26 07:13 version.plist $ \u0026gt; version.plist -bash: version.plist: Permission denied Boy reverses the kext, reads the list of privileged filenames, names his \u0026ldquo;hello world\u0026rdquo; program kvoop from the list of privileged filenames and lo and behold:\n$ kvoop ^C $ cat version.plist Hello, world I pwn.\nOther observations Websense DLP is one of the kind of products that inject a shared library (a Macos .dylib) into other processes. In our case, Chrome and Firefox are being targeted. This is not a stable interface, and Chrome or Firefox may crash .\nWebsense DLP relies on the prog_name() not only for exceptions in the kauth handler, but also in the selection of binaries to target for injection. For example, if I write a \u0026ldquo;hello world\u0026rdquo; program and rename it to firefox, there is a lot of commotion in the system log: Websense DLP tries to inject its libraries into my \u0026ldquo;hello world\u0026rdquo; program, which it mistakes for Firefox due to the program name, and fails, noisly.\nThe same works in reverse: A firefox binary that is not named firefox is not recognized and does not get the shared library injected, so it flies under the radar.\nOne wonders what the actual threat model is that this is supposed to protect against.\nTL;DR We deployed Websense DLP across all company Macs, and anybody renaming their vim to kvoop can edit the files, which are then loaded into a privileged process and run as root.\nWebsense DLP is an instant root on all Mac machines where it is being deployed.\nAddendum: Security picked up on this, and communicated the problem to the vendor, which then shipped a fix. It is unknown to me if they also fixed their broken security processes. We ceased using the product shortly after that.\n","date":"2018-06-18T00:00:00Z","href":"https://blog.koehntopp.info/2018/06/18/websense-dlp-gives-instant-root.html","tags":["lang_en","security","hack"],"title":"Websense DLP gives instant root"},{"categories":null,"content":" So two days ago Harebrained Schemes\u0026rsquo; Battletech came out.\nHarebrained Schemes is an Indie Game Dev Studio from Seattle, previously known for the very successful Shadowrun Games . I found time to play the intro and the first few chapters in the campaign, and the game is exceptionally nice. It feels like one of those over designed simulation games, where you can minmax the player characters and their gear to the limit, but the computer is taking over the task of all the bookkeeping, so the bookkeeping is not going to pull you down.\nThere is a good deal of storytelling or RPG content in this - characters have a history and motivations, and the missions in the campaign take care about tracking and portraying the factions appropriately. There is betrayal and loyalty, and there are plot twists and reveals.\nBut of course the game centers around the crunchy bits. I mean even the Battetech Books have been Military Scifi in which the premise of the universe has been that no side ever gained an advantage in a millennium long galactic war, and in which soldiers of fortune fight in the end for any side of the ever changing factions. And the game does a good job of those crunchy bits: The mechs and their equipment handle clearly differently, and need to be led into battle differently. Environments matter, too, and adjustments in equipment and tactics make the difference between success and ammo explosions due to overheating.\nInternally, the game is a simulationists dream: You can perform called shots, and the game keeps track of armor per bodypart of the Mech, knows where Ammo is being stored. I had a situation where a hit on a body part set off an explosion in an Ammo store behind the armor, which triggered a cascade of internal explosions in neighboring compartments, which ultimately felled the enemy mech, and that was the result of internal damage tracking and bookkeeping by the game.\nBut all of that happens in the background and you may or may not care about it - it\u0026rsquo;s a choice. Similarly, you can enjoy your Mech\u0026rsquo;s heat exchangers glowing orange and the water it stands in steaming, or you can open a detail view and track internal heat, armor state and other stats in detail for each move or proposed attack - again, it\u0026rsquo;s a choice. So it\u0026rsquo;s possible to play this at the (in Sid Meier terms) Starships level, or at the Civ VI level.\nEither way, the game delivers - nice graphics, turn based tactical military simulation wrapped in a trade simulation game, in which you run a commercial Soldiers of Fortune operation, with a \u0026ldquo;revenge for my house and restore the rightful ruler\u0026rdquo; background story woven into the background.\nDefinitively a buy. Goes well with a soundtrack by Sabaton. BATTLETECH on Steam Harebrained Schemes, 39.99 EUR\n","date":"2018-04-26T00:00:00Z","href":"https://blog.koehntopp.info/2018/04/26/harebrained-battletech.html","tags":["gaming","review","lang_en"],"title":"Harebrained Battletech"},{"categories":null,"content":"So a few days ago, somebody found an exploit in beep - now CVE-2018-0492 .\nbeep is a program that is part of Debian (and Ubuntu) to have the PC speaker multiple times, at different frequencies, with different pauses and beep lengths. That works just fine. It\u0026rsquo;s also SUID root. There is zero code in it that deals with the fact that it may run privileged.\nThe author confidently writes:\nSome users will encounter a situation where beep dies with a complaint from ioctl(). The reason for this, as Peter Tirsek was nice enough to point out to me, stems from how the kernel handles beep\u0026rsquo;s attempt to poke at (for non-programmers: ioctl is a sort of catch-all function that lets you poke at things that have no other predefined poking-at mechanism) the tty, which is how it beeps. The short story is, the kernel checks that either:\nyou are the superuser you own the current tty What this means is that root can always make beep work (to the best of my knowledge!), and that any local user can make beep work, BUT a non-root remote user cannot use beep in it\u0026rsquo;s natural state.\nWhat\u0026rsquo;s worse, an xterm, or other x-session counts, as far as the kernel is concerned, as \u0026lsquo;remote\u0026rsquo;, so beep won\u0026rsquo;t work from a non-privileged xterm either. I had originally chalked this up to a bug, but there\u0026rsquo;s actually nothing I can do about it, and it really is a Good Thing that the kernel does things this way.\nThere is also a solution. By default beep is not installed with the suid bit set, because that would just be zany. On the other hand, if you do make it suid root, all your problems with beep bailing on ioctl calls will magically vanish, which is pleasant, and the only reason not to is that any suid program is a potential security hole.\nConveniently, beep is very short, so auditing it is pretty straightforward. Decide for yourself, of course, but it looks safe to me - there\u0026rsquo;s only one buffer and fgets doesn\u0026rsquo;t let it overflow, there\u0026rsquo;s only one file opening, and while there is a potential race condition there, it\u0026rsquo;s with /dev/console. If someone can exploit this race by replacing /dev/console, you\u0026rsquo;ve got bigger problems. :)\nSo here is how you race this: beepbop Which is bad, because Ubuntu and Debian both install beep SUID root, by default. You can check with \u0026ldquo;dpkg-reconfigure -plow beep\u0026rdquo;.\nDebian installs beep SUID root by default, \u0026ldquo;dpkg-reconfigure -plow beep\u0026rdquo;\nSomebody also created a fun website for the beep problem, complete with logo and name: Holey Beep .\nHoley Beep : The site, which is done very tongue in cheek, also contained a patch for the problem, advertising it like this:\nSo why would your computer beep when it applies a patch? That\u0026rsquo;s another fun thing. The patch contains this hunk:\n--- /dev/null\t2018-13-37 13:37:37.000000000 +0100 +++ b/beep.c\t2018-13-37 13:38:38.000000000 +0100 1337a 1,112d !id\u0026gt;~/pwn.lol;beep # 13-21 12:53:21.000000000 +0100 . and that looks very much like an ed-script. In fact, until recently that is exactly what patch did: popen a copy of ed and feed it. The line \u0026ldquo;id \u0026gt; ~/pwn.lol; beep\u0026rdquo; will hence be run, create a file pwn.lol in $HOME with the current user id, and then execute beep. That\u0026rsquo;s the promised beep you hear.\nOf course code execution by a thing you expect to handle data is a problem, and that is now CVE-2018-1000156 .\nIt\u0026rsquo;s fixed by writing the ed code to a tmp file while filtering the commands fed to ed, and then feeding the filtered input into ed.\n","date":"2018-04-06T00:00:00Z","href":"https://blog.koehntopp.info/2018/04/06/beep-patch-and-ed.html","tags":["erklaerbaer","security","lang_en"],"title":"beep, patch and ed"},{"categories":null,"content":"In Hashes and their uses we have been talking about hash functions in general, and cryptographic hashes in particular. We wanted four things from cryptographic hashes:\nThe hash should be fast to calculate on a large string of bytes. The hash is slow to reverse (i.e. only by trying all messages and checking each result). The hash is slow to find collisions for (i.e. it\u0026rsquo;s hard to find two input strings that have the same hash value). The hash does chaotically cascade changes (i.e. a single bit flip in the original message does flip many bits in the hash value). With these things and general cryptography we can built three very versatile things that see many applications: Digital signatures, eternal logfiles (\u0026ldquo;blockchains\u0026rdquo;) and hash trees (\u0026ldquo;torrents\u0026rdquo;).\nDigital Signatures Using asymmetric cryptography Digital Signatures are using primitives from asymmetric cryptography and cryptographic checksums.\nFrom asymmetric cryptography we know we can have two keys, P and Q, which actually work in symmetry: What has been encrypted with one key can be decrypted only with the other key.\nSo we\neither encrypt a message M with a key P to get a ciphertext C, and decode C with Q to get M back. Or we encrypt M with Q, and decrypt with P to get M back. The asymmetry is introduced by keeping Q secret and makig P as public as possible.\nP is public. Q is private and only known to one person. C = encrypt(P, M) M = decrypt(Q, C) or C = encrypt(Q, M) M = decrypt(P, C) Unfortunately, in asymmetric public key cryptography, the keys are usually rather long, and hence the encrypt() and decrypt() functions are usually quite slow. It is useful to keep M reasonably small.\nSigning For digital signatures, the signer calculates a hash H of a message M and then encrypts the hash H using the private key Q, creating CH.\nThe message and the encrypted hash are sent together.\nH = hash(M) CH = encrypt(Q, H) send(M, CH) When receiving the message, the receiver can read the message and can calculate their own checksum, RH = hash(M).\nBecause the public key P of the sender is, well, public, we can also decrypt the encrypted checksum the sender calculated: H = decrypt(p, CH).\nIf that H is equal to RH, we can know that one of two things is true:\nEither the message has not been tampered with, or the sender lost control of the private key. Assuming the latter is not the case, the former must be true and that means that the message we received is as it originated at the sender and we do know who the sender is.\nEternal Logfiles When calculating hashes over a sequence of messages, it is possible to seed each message with the previous messages hash:\nEach log entry consists of the actual message, the current timestamp and the hash of the previous entry. The current hash is a hash over all of these three things.\nEach entry in the log consists of the actual log entry, the date the entry is being made and the hash of the previous log entry. The current hash is being calculated over all of these things:\nthe message, the current timestamp and the previous hash. Because each entry contains the previous entries hash value, it is becoming hard to change older entries in the log: A change to an old log entry will create a ripple effect that changes each subsequent newer hash value in the log.\nAdditional security can be produced by introducing media breaks and publishing the current hash value (with the date) in many places. The date added to each log entry is not supplied by the log source which sends the message: While the logged message can have a structure and may also contain a timestamp as seen by the message sender, the date fields shown as separate fields in the graphics above are the local time of the logger.\nThe interdependency of the log messages create a public order of events. Message 2 and Hash 2 could not have been produced before Message 1 and Hash 1, as the value of Hash 2 is dependent not only on the contents of Message 2, but also on the value of Hash 1.\nA very simple implementation of this can be found in Lutz Donnerhacke\u0026rsquo;s Eternal Logfile (Site in German ). Interestingly, forward secure sealing as implemented in journald/systemd does not work like this, but uses another mechanism . It also does not seal each log entry as it is being generated, but creates 15 minute windows of log entries which are then protected.\nThe main reason for this are seekability and purgeability: It should be possible to validate the integrity of the journald log file without calculating the sequence of hashes from system installation.\nGuarantees given in Eternal Logfiles It is important to note that no assumptions whatsoever are being made of the structure of the messages being chained in this chain of hash values. It is also important to note that no mechanism to authenticate or validate the content of the messages being logged is available automatically - the only proofs such a chained eternal logfile provides is:\nMessage n-1 is older than Message n (Order of messages can be implied from the order of log entries).\nIf the hash chain resolves (i.e. all checksums calculate just fine), none of the messages prior to the final message have been tampered with.\nBy digitally signing the each message in the log, the identity of the creator for each logged message can be proven, and the authenticity of each message can be verified independently from the hash chain itself.\nLimitations and Disadvantages of Eternal Logfiles Without additional mechanisms, eternal logfiles cannot be purged nor seeked. That is, because each log entries hash is dependent not only on the logfiles content, but also on the hash of the previous log entry, it is not possible to ever delete log entries without losing the ability to check the chains integrity.\nAll logs have to be kept forever. Mechanisms to work around that could be constructed, but are usually not implemented, often on purpose.\nRelated to that is the ability to check the integrity of the hash chain: This is only possible from the anchor point, which by construction and on purpose is only at the start of the chain.\nA validation of the chain therefore becomes increasingly costly as the length the chain increases and no purge mechanism exists. A full chain validation could create a local index, which notes the position of each log entry and also the expected checksum. This would allow quick seeks and quick local entry validations.\nBuilding this index is still dependent on at least one big scan and validation of the entire chain.\nHash Trees It is also possible to structure hashes-of-hashes in a non-linear fashion, for example in a tree structure. The Merkle-Tree is named after the cryptographer Ralph Merkle , and is one specific implementation of a Hash Tree.\nData (the messages) are at the leaf nodes (L1 to L4) of the tree. Non-Leaf nodes contain hashes of the blocks beneath them.\n([Image Source:Wikipedia:Hash Tree )\nHash Trees can establish order of events the same way linearly hashed logfiles do. They allow better pinpointing of the position of an error, at least down to the position of a single block, while at the same time still assuring the intrity of other data past the modified block. They also allow partial file integrity checks for each subtree of the main hash tree.\nApplications of Hash Trees Hash Trees, Merkle Trees or variants of the system , are being used in practically all P2P systems, where their properties are useful to determine which blocks of a file a client already has and which ones are still missing. At the same time, the top level hash can be used as a file name in a content addressing scheme .\nMagnet Links are just top level hashes of a Hash Tree in a P2P system. Hash Trees also see application for securing file integrity in file systems that target very large storages (ZFS, BTRFS), enabling partial file system checks and rapid validation of files and file trees. They are also useful in pinpointing areas of files that changes, enabling fast differential backups. A variant of Hash Tree logic is consequently also applied in pt-table-sync of the Percona Toolkit, finding differences between two instances of the same table on two different database servers and then creating a minimal set of change instructions to mutate a target table so that it matches the contents of a source table. Some version control systems, for example git, are also using trees of hashes as a content addressable storage , but in a way that differs from a pure Merkle Tree. Certificate Transparency uses a Merkle Tree as a container for the log of all certificates generated by all certificate authorities participating, establishing completeness and authenticity of the CT log as well as an order of events. Merkle Trees are also used to structure and validate the integrity of the blockchain underneath Bitcoin. Limits and additional considerations Like with the Eternal Logfile, no assumptions are made about the content of the messages that make up the payload of a Merkle Tree. Additional agreements between multiple parties about the content of messages are necessary to give data in a Hash Tree meaning. Without pruning/seeking mechanisms, all sequentially ordered transactional systems are accumulating log data/tree size without bounds. Creation of the systems current state is getting progressively more expensive in memory and computation required.\nHistory Eternal Log files and Merkle Trees are old innovations. The patent for Merkle Trees was created by Ralph Merkle in 1979 (and granted in 1982 ) and is since expired. Eternal Log files are an idea created by David Chaum even before that. Continued from Hashes and their uses ","date":"2018-03-04T00:00:00Z","href":"https://blog.koehntopp.info/2018/03/04/hashes-in-structures.html","tags":["erklaerbaer","blockchain"],"title":"Hashes in Structures"},{"categories":null,"content":"A hash function is a function that maps a large number of arbitrary data types onto a smaller number of contiguous integers.\nThis simple hash function maps strings of arbitrary length to integers. Some strings are mapped to the same integer: a hash value collision.\nThe base set here is a number of strings of arbitrary length, which is a theoretically open ended set size. The target is a bounded number of integer values. It is thus inevitable that two strings exist which are mapped to the same target number, a hash value collision. Hash functions are useful in computer science, and you have been using them in everyday life, or at least seen them:\nas checksums to quickly assign a position to an arbitrary object or to create object identity from content. Checksums Digit sums as simple, weak checksums One of the most basic hash function is the digit sum :\nTake the digits of a number and add them up. If the resulting total is larger than ten, take only the last (lowest value) digit. More generally, divide by a number (here: ten) and take the remainder - that\u0026rsquo;s called a modulo or mod division, here modulo ten.\nFor example, the digit sum of 357 is 3 + 5 + 7 = 15, so the result is 5. Digit sums are useful as very simple checksums. They are easy to calculate, but very weak. They can detect simple individual changes, but because of additive commutativity, they won\u0026rsquo;t detect swapped digits: The digit sum of 357 is identical to 537, because 3+5 = 5+3.\nAdditive commutativity makes it possible to swap digits in a number without changing the digit sum.\nWe find checksums like this also in the header of IP v4 packets on the Internet (with a bit of additional bit-flipping). Because headers of internet packets change on every hop, adjusting the checksums becomes a burden and IP v6 does away with header checksums.\nBetter checksums: ISBN-10 as an example That commutativity weakness of digit sums can be fixed by assigning each numeric position a factor and then summing up the product of factor times position:\n357 becomes 3*1 + 5*2 + 7*3 = 34 (Checksum: 4). On the other hand, 537 is 5*1 + 3*2 + 7*3 = 32 (Checksum: 2). This is actually what the 10-digit ISBN uses: which expands to\nand that is exactly what we used above in our 357 vs. 537 example. One difference in the ISBN-10 case: a different modulo factor. The ISBN-10 does not use the last digit (\u0026ldquo;modulo 10\u0026rdquo;, the remainder if you divide by 10), but the modulo 11 value (the remainder of what is left when you divide by 11). If that remainder is the number 10, the ISBN-10 is written with an \u0026ldquo;X\u0026rdquo; (the roman numeral for ten) as the last digit.\nProper CRC checksums A longer and much better writeup on how CRC checksums work can be found in Understanding and implementing CRC calculation .\nCRC sums can be found almost everywhere in data protocols and data storage in computers - they allow to reliably detect many common errors patterns in data in transmission and storage, and allow for a correction of many errors, while at the same time not using a lot of storage space.\nHashes for storage Building dictionaries Another use of hashes is for storage and data access. Computers use array data types to store data values by index number: We can use variables such a[10] to create 10 storage spaces, all named \u0026ldquo;a\u0026rdquo;, but numbered 0 to 9, to keep 10 values. But what if we wanted to address the storage spaces not by number, but by name, that is use a[\u0026quot;a text can be very long\u0026quot;] instead of a[3]? We call such data types dictionaries, and they are typically used by transforming a string (the index value \u0026quot;a text can be very long\u0026quot;) into an integer (3) using a hash function, and then using the integer as an index into an array (yielding a[3] again). There are a few problems:\nTwo otherwise unrelated strings may have the same hash value.\nThere may be collisions. For example, our hash function may map both \u0026ldquo;a text can be very long\u0026rdquo; and \u0026ldquo;this result is somewhat unfortunate\u0026rdquo; both to the number 3. The array use should be balanced. That is, each hash value should be equally probable for the expected input. That also implies that the entire target space (the entire array) is being used. A naive hash function for strings would for example sum up the byte values of the letters of a string, modulo the array size, to place an entry in an array.\nstr = \u0026#34;a text can be very long\u0026#34; sum = 0 for i in str: sum += ord(i) print sum, sum%10 2101 1 Breaking dictionaries There are many problems with this - it is pretty easy to come up with strings that collide. That is, to have strings that end up having the same hash value, even by accident. For example, if you use this hash algorithm and an array size of 10 to hash strings made up from digits, it\u0026rsquo;s easy to create strings that all hash to 0:\nord(\u0026ldquo;2\u0026rdquo;) is 50, mod 10 is 0. and that means, any \u0026ldquo;2\u0026rdquo; added to the string is neutral (does not change the outcome of the hash result). So \u0026ldquo;2\u0026rdquo;, \u0026ldquo;22\u0026rdquo; and any other sequence of 2\u0026rsquo;s hashes to position 0. str = [\u0026#34;2\u0026#34;, \u0026#34;22\u0026#34;, \u0026#34;222\u0026#34;, \u0026#34;2222\u0026#34;] for s in str: sum = 0 for i in s: sum += ord(i) print \u0026#34;String %s has the hash %d\u0026#34; % (s, sum % 10) String 2 has the hash 0 String 22 has the hash 0 String 222 has the hash 0 String 2222 has the hash 0 And that is because the ord(\u0026ldquo;2\u0026rdquo;), the number 50, is an even multiple of the array size, 10. So we probably want a prime array size to minimise aliasing: Our array size is 10, which is 2*5 as prime factors, so it aliases with any product of these factors: 2, 5 and 10. The way we built the hash function, the byte value of each digit shows up in the output of the hash function directly, so each string of letters that are spaced 0, 2, 5 or 10 positions apart or where the ord() values of the letters come out as 0, 2, 5 or 10, are going to create a larger than expected number of collisions. That is, we probably also want a more complicated hash function, which uses at least a counter or another variable value and the current byte value in some way as the input. There is more science to it, and tools exist to make this better.\nHandling collisions The hash value can\u0026rsquo;t be the actual index for the value we store, because there will be collisions.\nSo we can\u0026rsquo;t put the bare value into the array: instead our array values need to be able to store original key with the value, which is the actual payload. Often that is implemented as a list of key/value pairs.\nSo in our example, our array would not directly hold the value indexed by a[\u0026quot;a text can be very long\u0026quot;], but we would basically have an array of 10 lists, and each list will hold key/value pairs (ideally, the lists would each be exactly one entry long). We assumed that \u0026quot;a text can be very long\u0026quot; and \u0026quot;this result is somewhat unfortunate\u0026quot; both hash to the integer 3 in our initial example. So a[3] would be a list with 2 entries: \u0026quot;a text can be very long\u0026quot;: value1, and \u0026quot;this result is somewhat unfortunate\u0026quot;: value2.\nAn alternative way of handling collisions is to demand that there are no collisions. If they happen anyway, we grow the array and rehash. That\u0026rsquo;s nice, but if an attacker can predict and provoke hash collisions from the outside, the attacker can force unbounded array growth and eventually will exhaust all available memory. Yves Orton explains how that is being prevented in Perl, and in many other languages that provide dictionary data types.\nCryptographic Hashes Hashes also can have uses in cryptography: Assuming we have a function that has the following properties:\nThe hash is fast to calculate on a large string of bytes. The hash is not fast to reverse (i.e. it\u0026rsquo;s impossible to find the message that generated the hash result except by trying all possible messages and checking each result). The hash does chaotically cascade changes (i.e. a small change in the message, for example flipping a single bit, changes the result radically in a way that appears to be not correlated to the change in the input). The hash is structured so that it\u0026rsquo;s hard to create collisions (i.e. it\u0026rsquo;s hard to find two input strings that have the same hash value). With such a function we can do many things.\nGiven a string of bytes, a message M, we can use the hash of that message, h(M), as a fixed size fingerprint of the message. If we hash a received message and compared it to the received fingerprint, and both are not identical, we know that either the message or the fingerprint have been tampered with (message integrity). We need additional mechanisms to be able to infer that neither message nor fingerprint have been tampered with. Given stored the hash of a password, h(P), and a user input M, we can hash the user input, h(M) and compare it to h(P). If both are identical, chances are that the user entered the correct password (property 4). We do not store the password, only the hash of the password, so nobody can recover the password from the knowledge of that hash alone (property 2). Additional measures (salting ) are necessary to prevent fast password guesses of a prepared attacker. Given the hash of the content of a file, we can use this hash as a filename (content addressable systems ). This is being used in git (and also Mercurial, Monotone and many other distributed source code control systems), Bittorrent (and many other distributed file sharing and swarm protocols), Bittorrent Magnet URNs (we will need to revisit that in a later article). We can also use this to quickly check if we have seen a certain item already before. For example, we receive a long text article (i.e. a USENET news article or an item from a RSS feed), calculate the content hash, and store the item itself and, separately, the hash. The content may expire to free up storage, but we keep the content checksum around for longer. If an item with that hash is offered to us again, we can drop it as \u0026ldquo;already seen\u0026rdquo; very quickly, even if we already expired the actual content - the content hash becomes a (small and quickly compared) placeholder for the actual content. A cryptographic hash should be hard to reverse (property 2). That is, given a predetermined hash value, finding a message that hashes to this given value should only be possible by very brute-force testing all conceivable messages if they have this hash value. This is being used in Proof of work systems used in Cryptocurrencies and other places: A predefined message (a \u0026ldquo;bitcoin block\u0026rdquo;) is given to a system, and the system is asked to \u0026ldquo;close the block\u0026rdquo; by finding a value that, when added to the block, produces a hash value that starts with a predetermined number of 0-bits. This is ideally possible only by brute-force testing all values for a solution. Continued in Hashes in Structures ","date":"2018-02-26T00:00:00Z","href":"https://blog.koehntopp.info/2018/02/26/hashes-and-their-uses.html","tags":["erklaerbaer","blockchain"],"title":"Hashes and their uses"},{"categories":null,"content":"Intel finally published a whitepaper about Spectre #2 Mitigation. The PDF is also featured on Hacker News . It\u0026rsquo;s a technical whitepaper, but you can see the footprints of lawyers all over the language. For me, it basically says that, yes, Retpolines are indeed incompatible with Controlflow Enforcement Technology (CET) that Intel was planning for later CPUs (PDF , El Reg article ).\nCET introduces a shadow stack for return addresses only, and will fail your code into an exception if the normal stack return address and the shadow stack address disagree. Trying to touch and manipulate the shadow stack will also fail into an exception. That is, CET makes touching a return address on the stack toxic by having in effect separate argument and return address stacks, and your code explodes every time you try to do something funny with return addresses. Which is what Retpolines depend on.\nIntel also note that Retpolines also require Return Stack Stuffing in order to work properly, because otherwise RET will also speculate and the Retpoline will not work as intended. They also note that external events can interact with the Return Stack Buffer (RSB) and empty it and they don\u0026rsquo;t actually write but strongly imply that these external events are not a thing you have control over, as these are\nThere are also a number of events that happen asynchronously from normal program execution that can result in an empty RSB. Software may use “RSB stuffing” sequences whenever these asynchronous events occur:\nInterrupts/NMIs/traps/aborts/exceptions which increase call depth. System Management Interrupts (SMI) (see BIOS/Firmware Interactions). Host VMEXIT/VMRESUME/VMENTER. Microcode update load (WRMSR 0x79) on another logical processor of the same core. The hardware you run on can either have a Spectre vulnerability and require Retpolines, or have CET and Hardware Spectre Mitigation, but not both. So you generate code for either one or the other, and they suggest instrumentation of the loader to patch all indirect jump callsites as required.\nThat\u0026rsquo;s not completely insane, as loaders already patch up jump instructions at load time.\nThey do note that virtual machines in clustered setups with life migration may be at a disadvantage here, as this is a load-time thing and hence you need to expose your worst CPU in a cluster as the virtual CPU to your VMs in order for this to work with migration. That\u0026rsquo;s already a requirement in heterogenous clusters, but still annoying.\nAll in all, this is basically disappointing to underwhelming.\nThe TL;DR is that Retpolines and CET are indeed incompatible, and ld.so is called to the rescue to patch up code at load time for one or the other. The ld.so thing is an interesting observation. It means that the code on disk and the code in memory differ in one more way.\nAs these things accumulate, the actual on-disk machine instructions mutate over time into a kind of virtual machine notation that on load is adjusted more and more to the needs of the actual machine it\u0026rsquo;s being executed on. Maybe a thing such as a JVM and a JIT is not the worst thing that has happened to us.\n","date":"2018-02-26T00:00:00Z","href":"https://blog.koehntopp.info/2018/02/26/spectre-2-mitigation-retpolines.html","tags":["security","data center","lang_en"],"title":"Spectre #2 Mitigation - Retpolines"},{"categories":null,"content":"Yesterday, Booking.com hosted the Open Compute Meetup in Amsterdam. My talk is on Slideshare and a recording is on Youtube.\nSlideshare: A journey to OCP Youtube: A journey to OCP A cleaned up and more coherent transcript of the talk is here: Booking.com started out as a small online travel agency in Amsterdam, but is now financially about 15% of Google. We have about 200 offices in 70 countries, support 46 languages and reach about any touristically interesting spot on this planet.\nWe started out selling rooms on a comission basis, but since the Priceline Group of companies also includes Priceline for flights, Rentalcars for, well rental cars, and Open Table for restaurants, it makes sense to integrate that more and graduate from a Hotel Room marketplace to something more complete, a full trip or complete experience marketplace.\nAt this point we have about 30k machines in 3 locations.\nThat\u0026rsquo;s commodity colo space, built to Uptime Institute Tier-3 standards.\nIn that are mostly two-socket E5-type machines, and it\u0026rsquo;s at the two extreme ends of the spectrum, E5-2620\u0026rsquo;s and E5-2690\u0026rsquo;s. We would like to be able to run on the 2620 stuff completely, of course, but some parts of our application require the clock and the Oomph of the large CPUs. We are working on that.\nThe part of the workload that actually earns us money is mostly replacing strings taken from a database in HTML templates, we are a REP MOVSB company. That\u0026rsquo;s boring work, and that is good.\nWe try to keep stuff in memory where possible, especially where customer facing machines are affected. No disk reads, and no rotating storage in customer facing work.\nThere is more complicated stuff in the background. We are running the usual big data stuff with added deep learning on top, in image processing, fraud detection and in experimental user interfaces. We host a large scale data movement infrastructure with MySQL, Elasticsearch, Cassandra and Hadoop being involved.\nWe are trying very hard to be customer centric. Technology is seen as a necessity, but it\u0026rsquo;s forced upon us by scale. We\u0026rsquo;d rather focus on the hotel thing. :-)\nA lot of stuff is recent, due to growth - Moore\u0026rsquo;s law also applies backwards. Speaking about growth:\nThere are a few old numbers taken from quarterly public company performance reports, roomnights and hotels. But it could be about any metric at Booking, servers, requests, people working there, meals served in the canteen or sum of database requests - you would see the same curve.\nOn a log-Y scale it\u0026rsquo;s even nicer:\nSome nice straight lines.If I were to draw the yearly increase in compute power as given by Moores law into this graph, you would see that this is also a mostly flat line, unfortunately one that is raising far slower that the other lines here.\nFor a scalability person like me it means a tough life.\nDrawing the lines out naively sees us covering the earth in data centers by 2040 or so. That\u0026rsquo;s a problem, because where are we going to put the hotels?\nOf course that\u0026rsquo;s not going to happen, but it underlines that we need to change our ways of handling stuff.\nCurrently, we are handling the hardware part \u0026ldquo;enterprise\u0026rsquo;y\u0026rdquo;. So we get space, build out the room, add racks, switches and chassis and then put hardware in.\nThat happens in waves, with different latency and mutual dependencies, and that can go wrong in many ways. On the other hand, it delays decisions and spending as long as possible. To us, being a very Dutch company with a very high volatility due to the growth, delaying such Capex as long as possible is attractive.\nOnce the Hardware is down, we are on top of things - we have a system of software components called ServerDB which basically enables full hardware lifecycle management, interfacing at the front with the Purchase Orders database, doing everything a user could want to do to a machine with API and Web Interfaces, and finalizing machine lifetime many times later with a decommissioning workflow.\nServerDB not only manages the hardware, it also has complete overview about all other assets, does the config management for switches, storage, collects power data and temperature information and links into monitoring, load balancer configuration and to puppet.\nUsing commercial colo space means many constraints. We are in small rooms, multiple 0.5MW sizes, and that creates a number of placement constraints and unwanted cabling requirements.\nThe power and cooling framework we have to live in is about 7kW/rack, which is about half of what we want. Look at the image, that\u0026rsquo;s a blade center that has the potential to create 6.4kW of power draw under full load, so you are looking at non-oversubscribed racks that are 10/40U full. That\u0026rsquo;s about knee high.\nHere is a test run of a single blade from that bladecenter, where I am exercising all the cores as hard as possible, recording the power draw. We reach 50% power draw at 6/56 cores busy, and using the maximum power draw, times 16 blades, gives me a total load of 6.4kW from the whole enclosure.\nSimilarly, here is a rack of 32 machines (actually 40, but I got only 32 due to BMC instabilities), exercising at full power. These are hadoop units, and I can get them to consume 15kW in a 7kW environment, hotspotting and oversubscribing hard.\nSome constraints border on the ridiculous, but when we are receiving a monthly delivery in individual parts, we spam the unloading and docking areas of the data center with unpacking trash, making the other tenants quite angry. Also, the build times are getting unwieldy.\nFinally, the BMC, which is our gateway into the machinery for ServerDB and it\u0026rsquo;s assorted tools, is a big problem.\nServerDB contains an abstraction layer that tries to hide the various differences in functionality and API between the various kinds of machinery we have. We could do without that just fine, and Redfish is actually a partial fix to that.\nDespite the fact that we do not use many features, still ServerDB utilizes Redfish, native vendor specific LOM functionality and ssh to get what it needs - Power control, Reset, and setting boot preferences, optionally firmware update and optionally partitioning and controller setup.\nWe collect metrics: power, temperature, cooling and faults, but that is purely read-only. Auditability is becoming more relevant\nmaking config changes without a visible interruption of production is actually arguably a disadvantage, and all the recents security problems all the way down the stack are worrying us: BMC, ME and Microcode issues now. Much of that is underdocumented, and there are way to many way too convenient ways to access this, from dedicated interfaces to shared interfaces to local gateways when you physically on the machine and have access to i2c buses or similar. The defaults are often insecure, the crypto is often outdated, and the client requirements are often insecure as well (\u0026ldquo;Install a Java version your security department will hate you for having on your machine.\u0026rdquo;).\nSo where do we got from here? What is required to graduate from this?\nThree issues need adressing: Going Rack Scale, Bringing volume up and Getting Rooms to match. Let\u0026rsquo;s look at each of these in turn.\nWe started ordering hardware by the blade center chassis. That did good: It solves many of the trash issues, it streamlines the late provisioning phase where we are putting actual hardware into the rack. It\u0026rsquo;s limited by what can go into a chassis, and the chassis we are using are going to be discontinued.\nWe understand why that is necessary, but the direction that is going to is not what we want. We could do this more, and start to order by the rack. That has a few requirements that I will be adressing later, but if you are planning this, the choice is basically between Intel Rack Scale Design derivatives or Open Compute.\nIt gives you more design flexibility, and it may or may not retain the savings in power and cooling from shared power/cooling setup depending on what you do.\nThe Intel RSD solution is available in many vendor flavors, HP, Dell and Supermicro all have them. It gives you a Pod and a Rack controller not unlike a bladecenter chassis controller. On top of the functionality that ServerDB already offers, you get a chassis or rack-wide PCI bus, and composable hardware, where you can build physical machine configurations from CPU and storage modules in the rack.\nSome companies like Dell even offer casings around the machinery, in the form of semi-transportable data centers. Unfortunately most of these solutions try to minimise space and maximise density, so they come with other constraints and design decisions that we are reluctant to take on - basically you have to live in units of 8x8x40 ft shipping containers, and that\u0026rsquo;s rather limiting.\nIt\u0026rsquo;s all nifty engineering, but all very vendor specific and bespoke, when we are really looking for bulk hardware, all as alike as possible, and with fewer features, not more. Having no differentiator is actually a feature we are looking for. Value add subtracts from the value from the value the machinery has for us. The actual value add happens higher up the stack, in software - in management for us that\u0026rsquo;s ServerDB and in production for us that is more or less Kubernetes or something that does what K8s does, but differently.\nAnd that\u0026rsquo;s exactly the sales promise from Open Compute. Clean, bare server designs without value add. Documented interfaces with source code available to read up on the details, so we can integrate our stuff without problems. Delivery by the rack, and on top of that, potential operational and capital savings, if you treat room and rack as a system.\nGetting the volume up is the next important consideration, and if we are looking at our machine park, that\u0026rsquo;s going to be a problem.\nIf you go into ServerDB and count machine profiles, it goes up to 11: blade 9 and two additional blade2 variants. Actually digging into this yields basically \u0026rsquo;large and small\u0026rsquo; CPU configs and memory configs, but lots of different local storage options.\nThe answer is, to quote Jello Biafra, obvious: Ban Everything! In our case, local storage. So we disaggregate:\nIn a rack design where we give a 2 OU, 500 W, 100 GBit slot to the storage people and provide un-RAID-ed 2 TB local SSD as the only storage option, we have to build a network to match this. We are anticipating more east-west traffic from storage replication and east-west traffic from storage acess. All of that is happening front-side, production, on regular TCP/IP.\nBut that means I have only one network topology to scale and maintain, and I have no longer placement constraints for workloads: I can build uniform compute, and demand \u0026ldquo;no local persistence\u0026rdquo;. If you wan to keep your MySQL datadir, put it on iSCSI, RoCE or NVME via TCP and be done with it. It will be the size and have the properties you require, it will be at least on par with local SSD and it will still be there when your machine dies and you are rescheduling to another spare machine elsewhere in another rack.\nWith Kubernetes on top, you get application mobility, resiliency, and capacity size adjustment, which is fine, because even the smallest Silver 4110 is going to be too large for most units of deployment (in Java, consider 8 cores, 16 GB of RAM to be a limit, for example).\nBeing able to pull that off will give us 4 profiles or fewer, disk made to measure as requested, location independence for applications, and the ability to upgrade hardware without interfering with the workload. I can evacuate a rack, do my thing and put it back into service. Also, I can interchange the components of my machinery independently: storage, memory, compute and the networking parts are separate and can be on different renewal cycles. All of that bound together by on single TCP/IP network, not some bespoke PCI or FC/AL stuff.\nAssuming I all have that, I will need rooms to match the rack in order to fully leverage the advantages of Open Compute.\nOpen Compute hardware is built to be able to run in a barn: concrete floor, air-in of up to 35 or 40 deg Centigrade, hot-aisle containment, all service from the front because data center operations engineers cannot survive in the hot aisle, and we can do away with most of the equipment that is part of a Tier-3 spec.\nIt is being said that 1 MW of Tier-3 spec costs about 10 million for the empty building shell, and that we can get OCP space built for 2.5 Million/MW according to Facebook. I will be happy if I can get space for half of the Tier-3 cost or less.\nNon of these savings will materialize if you put OCP into a traditional Tier-3 building - the power path is not simplified, the air-in is overcooled and the airco is overdesigned in order to achive the overcooling which we do no longer require, so the actual PUE is actually way worse than what we could have from an OCP compliant data center.\nWe do get Tier-3 space easily, though. That is because it is being built without a buyers name on the constract. Buyers and sellers meet later, and that is possible over the Tier-3 spec from Uptime.\nThe result is a two sided market, where demand and supply are anonymous, unknown at the time the supply is being built.\nThat is not possible at the moment with Open Compute, because the spec is lacking, not well known to builders and the demand is not worth building for it. If you need or want OCP compliant space, that\u0026rsquo;s a larger commitment, because the space is being built for you, and you will need to keep it for the building lifetime.\nSo having an OCP compliant data center build spec for OCP hardware is important to make OCP attractive to smaller deployments. They do need the quick availability and higher flexibility of prebuilt space, because that\u0026rsquo;s lowering the height of the commitment and provides fewer operative distractions. There is risk for the space provider, so it\u0026rsquo;s certainly higher cost than a data center build to spec for one named entity, but that\u0026rsquo;s probably worth it. For a deployment our size, there is still the problem of many 0.5MW rooms or similar, capacity fragmentation, but for a more normal sized company that\u0026rsquo;s actually a non-issue. They can be happy in these spaces.\nSo to sum it up again: How can OCP work on non-hyperscaler scales? Provide a two sided market for DC space over a shared spec, then put hardware in there that matches what the room provides. This creates operational and capital savings from leveraging the room and the rack as a system that is mutually dependent and built for each other.\nThen, once you have stuff in there, have an ecosystem that uses the documented machine interfaces, all of them interchangeable and interoperable. Have an ecosystem of open source management modules like ServerDB for management and Kubernetes for production, built on top of that, in order to bring utilisation up and management cost down.\n","date":"2018-02-21T00:00:00Z","href":"https://blog.koehntopp.info/2018/02/21/a-journey-to-open-compute.html","tags":["data center","energy","erklaerbaer","talk","lang_en"],"title":"A Journey to Open Compute"},{"categories":null,"content":" Today I was looking for a way to subscribe to file changes in a directory in MacOS, in order to trigger automatically running commands whenever files change. Turns out Homebrew has \u0026ldquo;fswatch\u0026rdquo;, which tells you when things change, but little else.\nTurns out Homebrew has \u0026ldquo;watchman\u0026rdquo;, which does all this, and on multiple trees, finds changes across restarts and automatically manages a set of commands for different file endings.\nAlso turns out that I know the author. Thanks, Wez!\n","date":"2018-02-01T00:00:00Z","href":"https://blog.koehntopp.info/2018/02/01/watchman.html","tags":["apple","php","macos"],"title":"Watchman"},{"categories":null,"content":"There is a very useful and interesting article by Chris Down: \u0026ldquo;In defence of swap: common misconceptions \u0026rdquo;.\nChris explains what Swap is, and how it provides a backing store of anonymous pages as opposed to the actual code files, which provide backing store for file based pages. I have no problem with the information and background knowledge he provides. This is correct and useful stuff, and I even learned a thing about what cgroups can do for me.\nI do have a problem with some attitudes here. They are coming from a developers or desktop perspective, and they are not useful in a data center. At least not in mine. :-)\nChris writes:\nSwap is primarily a mechanism for equality of reclamation, not for emergency “extra memory”. Swap is not what makes your application slow – entering overall memory contention is what makes your application slow.\nAnd that is correct.\nThe conclusions are wrong, though. In a data center production environment that does not suck, I do not want to be in this situation.\nI see it this way:\nIf I am ever getting into this situation, I want a failure, I want it fast and I want it to be noticeable, so that I can act on it and change the situation so that it never occurs again.\nThat is, I do not want to survive. I want this box to explode, others to take over and fix the root cause. So the entire section »Under temporary spikes in memory usage« is a DO NOT WANT scenario.\nChris also assumes a few weird things, from a production POV: He already states that\nIf you have a bunch of disk space and a recent (4.0+) kernel, more swap is almost always better than less. In older kernels kswapd, one of the kernel processes responsible for managing swap, was historically very overeager to swap out memory aggressively the more swap you had. and production sadly is in many places still on pre-4.0 kernels, so don\u0026rsquo;t have large swap.\nHe also mentions\nAs such, if you have the space, having a swap size of a few GB keeps your options open on modern kernels. […] What I’d recommend is setting up a few testing systems with 2-3GB of swap or more, and monitoring what happens over the course of a week or so under varying (memory) load conditions.\nWell, I have production boxes with 48 GB, 96 GB or even 192GB of memory. \u0026ldquo;A few GB of swap\u0026rdquo; aren\u0026rsquo;t going to cut this. These are not desktops or laptops. Dumping or loading, or swapping 200GB of core take approximately 15 minutes on a local SSD, and twice that time on a rotating disk, though, so I am not going to work with very large swaps, because they can only be slower than this. I simply cannot afford critical memory pressure spikes on such a box, and as an Ops person, I configure my machines to not have them, and if they happen, to blow up as fast as possible.\nWhat I also would want is better metrics for memory pressure, or just the amount of anon pages in the system.\nDetermination of memory pressure is somewhat difficult using traditional Linux memory counters, though. We have some things which seem somewhat related, but are merely tangential – memory usage, page scans, etc – and from these metrics alone it’s very hard to tell an efficient memory configuration from one that’s trending towards memory contention.\nI agree on this. I wonder if there is a fast and lock free metric that I can read that tells me the amount of unbacked, anon pages per process and for the whole system? One that I can sample in rapid succession without locking up or freezing a system that has 200GB of memory in 4 KB pages (the metric can be approximate, but reading it must not lock up the box).\nI think the main difference Chris and I seem to have on fault handling - I\u0026rsquo;d rather have this box die fast and with a clear reason than for it trying to eventually pull through and mess with my overall performance while it tries to do that.\n","date":"2018-01-22T00:00:00Z","href":"https://blog.koehntopp.info/2018/01/22/swap-and-memory-pressure-how-developers-think-to-how-operations-people-think.html","tags":["data center","container","lang_en"],"title":"Swap and Memory Pressure: How Developers think to how Operations people think"},{"categories":null,"content":"What does your Mac do on Startup? Knockknock knows .\nIt\u0026rsquo;s not properly updated for current versions of MacOS, but it is still useful. \u0026ldquo;git clone https://github.com/synack/knockknock\" and \u0026ldquo;/usr/bin/python knockknock.py\u0026rdquo; is sufficient to test.\nTOTAL ITEMS FOUND: 44 That\u0026rsquo;s quite a bit. Apparently, I am starting\nGoogle Music Manager, AirServer, Karabiner, Alfred 3, a Chrome app_mode_loader, the Android File Transfer Agent, Dropbox, Divvy, Expandrive, Chrome itself, Soundflower, an AX88179 USB GBit Ethernet adapter driver, Steam Drivers, /Library/PrivilegedHelperTools/org.chromium.chromoting.me2me.sh, the Steam ipcserver, the Expandrive Helper, the Skype Helper, the OnePasswordNativeMessageHost, Expandrive exfs, iStatMenus and the iStatMenus Agents and Helpers, Steamclean, the GoogleSoftwareUpdateAgent, Tunnelblick LaunchAtLogin.sh, and finally an ethcheck Firmware checker. So much Crap being loaded.\n","date":"2018-01-15T00:00:00Z","href":"https://blog.koehntopp.info/2018/01/15/knock-knock.html","tags":["macos","apple","lang_en"],"title":"Knock, Knock"},{"categories":null,"content":"Melvin Conway is a compiler developer and systems designer, who is well known for the eponymous Conway\u0026rsquo;s Law . Various phrasings exist of that, and one popular is\nOrganizations which design systems are constrained to produce designs which are copies of the communication structures of these organizations.\nThe original paper and an introductory paragraph can be found on his website . It\u0026rsquo;s worth reading, because there are more useful insights to be found in the original writeup.\nSo what does this even mean? Can you give examples from your current or previous work environments?\nWhat Conway says is that communication across personal and organisational boundaries is not free. He phrases that in the context of design processes by a large committee, which divides itself into subgroups and then delegates.\nThis process already constrains the choices the whole group and the subgroups can make, which in turn will shape the outcome of the resulting design.\nThus the life cycle of a system design effort proceeds through the following general stages.\nDrawing of boundaries according to the ground rules. Choice of a preliminary system concept. Organization of the design activity and delegation of tasks according to that concept. Coordination among delegated tasks. Consolidation of subdesigns into a single design. The subdivision and delegation phase creates boundaries of communication between groups. The Coordination phase among delegated tasks and the Consolidation phase of the subdesigns costs additional communication overhead from the various people and groups involved. Avoiding this resistance and energy expenditure is shaping the structure of the resulting solution to the point where that structure will mirror the organisational structure.\nThere are several corollary observations in his paper:\nConway makes interesting observations regarding overpopulation of design groups and how this has consequences for the design. He points to Parkinson\u0026rsquo;s Law and states\nAs long as the manager\u0026rsquo;s prestige and power are tied to the size of his budget, he will be motivated to expand his organization.\nThis leads to large pools of people. These people need to be used, or as Conway writes\nA manager knows that he will be vulnerable to the charge of mismanagement if he misses his schedule without having applied all his resources.\nBut large pools of people need to be subdivided into smaller groups to be able to work usefully, and that creates administrative boundaries which will shape the outcome of the design.\nThis knowledge creates a strong pressure on the initial designer who might prefer to wrestle with the design rather than fragment it by delegation, but he is made to feel that the cost of risk is too high to take the chance. Therefore, he is forced to delegate in order to bring more resources to bear.\nin the words of Conway. Flat hierarchies are important. In Conways world view of 1968, he correctly states that\nthe number of possible communication paths in an organization is approximately half the square of the number of people in the organization. Even in a moderately small organization it becomes necessary to restrict communication in order that people can get some \u0026ldquo;work\u0026rdquo; done\nModern corporate communication structures get away with more direct, less hierarchical communication structures than we had fifty years ago, and that is indeed a great source of progress, because it make it cheaper to cut through administrative boundaries and lowers cross-division communication cost.\nConway\u0026rsquo;s Law also works backwards for operations organisations: In order to operate a system successfully, you must create an organisational structure that matches the design of the system that you are trying to operate.\nYou can observe Conway\u0026rsquo;s law in motion around you every day:\nA developer finds a bug in a program that is supplied by an external vendor. Will the developer have the energy to put their own progress on hold, create a bug report, drive the bug and repair discussions in the remote organisation and then integrate the fix? That is not usually what happens. The developer will instead integrate a workaround into their code and may or may not take it upon themselves to report the bug upstream. A company has a security organisation that is a separate division from the development organisation. The rollout of a new corporate security policy and tooling makes it impossible to install unmanaged plugins in the managed main browser. Some of these plugins are necessary or helpful for the development organisation to do their job. Will the development organisation individually or collectively engage in a discussion with the security organisation in order to be exempted from the misguided security attempt? That is not usually what happens. Instead somebody will point out that workarounds exist (Run an unmanaged browser, run a browser unmanaged remotely on a box not controlled by the security organisation and mirror the screen onto the developers desktop, or others). There is a strong incentive to not point out these workarounds to the security organisation, because shutting down these workarounds is a reasonable risk to assume and the development organisation will protect their ability to be able to do their job. A security bug exists in a piece of software from an outside vendor. The outside vendor does not accept any bug reports, or does not honor them, if they are reported by random people that are not support customers of their organisation. Will the finder of the bug take it upon itself to convince the vendor to accept the bug report even in the absence of a support contract? That is not usually what happens. Instead the security bug might be ignored or will be sold for money to organisations that care about knowing about security bugs that nobody else has knowledge of, or it will be anonymously publicised in order to shame the vendor into fixing it. The third way is actually the best outcome here. A developer needs access to the interface of the service another part of the company provides. While the web interface of the service is accessible, the underlying database is not directly accessible. Access is being denied in as many words: \u0026ldquo;Access denied.\u0026rdquo; instead of pointing out how to actually apply for access and which permissions are needed. Will the developer take it upon itself to find ways to properly access the data in question? In the observed example that is not what happened. Instead a screen scraping, HTML parsing solution has been implemented. What can you do? Organisations that put up barriers, in the name of departmental structure or security, need to understand that the majority of access attempts are genuine and potentially legal. An efficient and agile organisation will make itself accessible and will provide clear instructions how to communicate with each failed or denied communication attempt.\nExamples:\nNever print \u0026ldquo;Access denied\u0026rdquo;, but explain how to get access. Never turn away bug reports, but make an effort to distinguish between bug reports and support requests. Never establish security controls without running them in logging instead of enforcement mode at first. Use that log data. Differentiate groups of users and understand their legit needs. Establish a preference for trailing controls instead of chokepoints. That is, log and gobble, parse and investigate the log whenever possible instead of preventing access whenever you can get away with that. Do this especially around the development part of your organisation. If the security branch of an organisation annoys the development part of an organisation they just created a formidable in-house adversary that will try to subvert their efforts through literal or creative interpretation, unexpected workarounds or atypical user behaviour. What else can you do?\nBreak down organisational barriers where they turn out to become development obstacles. That is for example, if the security organisation and the development organisation are not aligned enough for the purpose of the company, try to mix and integrate the two. DevOps and later SecOps are attempts of actually doing this.\nMany corporate shuffles and re-organisations are actually attempts of corporate structures to align themselves better and bring down communication costs. Understanding the reshuffle and trying to match that up with the real or perceived problem that this reorganisation is trying to solve can be very instructional: in judging the management and communications skills of the management involved, and in recognising the perceived or actual problems the organisation has.\nAlways be aware than when you change an organisation, the software system they created before is a mirror of their old organisational structure and the old structure of the software system that organisation created will now work against the new organisational structure. Allow for time and effort to mitigate that.\nExpect delays.\n","date":"2018-01-12T00:00:00Z","href":"https://blog.koehntopp.info/2018/01/12/conways-law.html","tags":["computer","erklaerbaer","lang_en"],"title":"Conway's Law"},{"categories":null,"content":" Frank O\u0026rsquo;Brien explains an outstanding piece of engineering: The Apollo Guidance Computer (AGC) was the computer that controlled the thrusters and navigation on the Apollo Command Module, and a second instance, on the Lunar Module. It\u0026rsquo;s a 32kg box with core memory and core rope ROM, a 16 bit discrete CPU (15 data bits and parity) running at 1 MHz effective, and some very special hardware behind its I/O ports.\nMemory was 2k words of writeable core memory, and some 36k of ROM. The processor architecture is stackless, which complicates many things, and despite being designed in 1966, already has multiplication and division machine instructions. Addresses are effectively 12 bit, so sophisticated bank switching to extend the address space is needed, writeable and read-only memory are banked separately. Some interesting interaction with interrupt processing and bank switching exists.\nThere exists a very basic multitasking system, which at the same time is made simpler and more complicated by the stackless architecture. On top of the multitasking executive sits the interpreter, a virtual machine that was much more comfortable than the actual hardware and had a stack and index-registers, as well as trigonometric math functions. Navigational code ran on the interpreter, basic hardware control (thrusters, sextant, inertial control system and anything timer related) ran on the executive.\nThe book gives a guided tour into a hardware design over fifty years old, which itself was already foreshadowing and in some way surpassing the more modern integrated chip CPUs of seventies home computers. It also demonstrates a number of creative and interesting ideas of how to achieve remarkable things with very little hardware.\n\u0026ldquo;The Apollo Guidance Computer: Architecture and Operation\u0026rdquo;, Frank O\u0026rsquo;Brien, EUR 30.71, (purchased as Kindle edition, no longer available as eBook)\nPaperback ","date":"2017-12-08T00:00:00Z","href":"https://blog.koehntopp.info/2017/12/08/fertig-gelesen-the-apollo-guidance-computer-architecture-and-operation.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: The Apollo Guidance Computer: Architecture and Operation"},{"categories":null,"content":" Introduction to GPUs (PDF)\nSo you already know how your CPU works, basically, and want to understand what your GPU does differently. Ofer Rosenberg has you covered: Introduction to GPUs does what it says on the tin.\nThe NVIDIA take on this can be found in An Introduction to Modern GPU Architecture by Ashu Rege, but because this is from 2008, it\u0026rsquo;s showing it\u0026rsquo;s age. The first 15 slides or so focus more on the gaming aspect and less on the technology, but are full of matching screenshots.\nThe following slides then show how GPU evolved from specialised graphics processing units to a general parallel instruction execution architecture - what you get is basically a single chip supercomputer. Starting at slide 60 we go into Aliasing and sub-pixel addressing. Only the final three slides mention CUDA.\nKayvon Fatahalian again takes us on a tour through history, from 1993 onwards to 2011, in How a GPU works . The key innovation, \u0026ldquo;unified shaders\u0026rdquo;, seems to be from 2006. The slideset seems to have considerable overlap with the Ofer Rosenberg set.\nAndy Glew explains the ideas and possible optimisations inside the typical GPU architectures in a large slideset at Coherent Threading: Microarchitectures between SIMD and MIMD . One point he makes is that there is a spectrum between classical multicore CPUs (MIMD) and classical vector CPUs (SIMD), and that seems to be the space that GPUs occupy. He lists that as SIMT (Single Instruction, Multiple Threads), and then at length explains how this enables optimisations that keep all cores (hundreds) busy by switching between even more threads (tens of thousands) in hardware.\nSo what does all of this give you? Well, here is an overview of the evolution of graphics 2000-2015, as seen by NVIDIA. Youtube Now, all of this is even relevant if you do not want to blow up pixels, because the very same operations are being executed at scale for routing packets or running classifiers in neural networks. Google does this at scale with custom hardware that is not quite GPU.\nA remarkable takeaway is that they are using 8-bit integers:\nA TPU contains 65,536 8-bit integer multipliers. The popular GPUs used widely on the cloud environment contains a few thousands of 32-bit floating-point multipliers. As long as you can meet the accuracy requirements of your application with 8-bits, that can be up to 25X or more multipliers.\nTheir design is basically a monster 8-bit matrix multiplier with neural network specific postprocessing.\n]\nA Google Tensorflow Processor The Postprocessing is a non-linear function, or as they state:\n\u0026ldquo;Neural network models consist of matrix multiplies of various sizes - that’s what forms a fully connected layer, or in a CNN, it tends to be smaller matrix multiplies. This architecture is about doing those things - when you’ve accumulated all the partial sums and are outputting from the accumulators, everything goes through this activation pipeline. The nonlinearity is what makes it a neural network even if it’s mostly linear algebra.”\nThe large matrix multiplier is implemented as a Systolic Array , which makes it even less general, more specialised than the SIMT units of a GPU - a Single Function, Multiple Data, Merged Results processor or a Domain Specific Processor. That is, this part of the operation of the TPU is not programmable, but hardwired in silicon - producing 65536 8-bit matrix multiplication/addition results every cycle at very low power cost.\nGoogle claims to be 83x more power efficient than a CPU and 29x more power efficient than a GPU. A more in-depth look at the TPU is available from the April 2017 TPU Paper and a matching article on The Next Platform. The Google article is remarkable, because it demonstrates how the Google custom hardware wipes the floor even with contemporary GPU-based architectures, in terms of performance and even more so in terms of performance/Watt.\nNVIDIA reacted to these chips by enabling lower precision math (= less memory needed) and by producing GPUs better usable for machine learning, both training and inference (using the trained models as classifiers for data). So we see 16-bit float and 8-bit integers being used in NVIDIAs Pascal chips for this. NVIDIA claims to be able to catch up to Google TPU performance with this generation of hardware, but at more power consumption.\nGoogle kind of counters with a 2nd generation TPU . We also see that hardware development innovation cycles in this area are currently much faster than the deprecation time for said hardware (see also the changes in the Knights-anything lineup from Intel), so this is a classical rent-don\u0026rsquo;t-buy situation for the aspiring cloud user who also happens to have their own data center.\n","date":"2017-11-25T00:00:00Z","href":"https://blog.koehntopp.info/2017/11/25/d-abc-at-scale.html","tags":["performance","hardware","computer","lang_en"],"title":"d = a*b+c at scale"},{"categories":null,"content":" Frank Swain takes us on a tour of the myths, stories and historic reports of the undead corpse throughout the history of humanity. Referencing sources and quoting people, he shows us the various aspects of the mindless physical body shuffling around after the soul departed, and how that as a theme has been following us around throughout our history.\nThe first chapter deals with the \u0026ldquo;original\u0026rdquo; haitian zombies, later chapters take us to victorian experimentation with corpses of the executed, soviet experiments and many other encounters between humans and the living undead.\n\u0026ldquo;How to Make a Zombie \u0026rdquo;, Frank Swain, EUR 11.66, (Kindle )\n","date":"2017-11-09T00:00:00Z","href":"https://blog.koehntopp.info/2017/11/09/fertig-gelesen-how-to-make-a-zombie.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: How to Make a Zombie"},{"categories":null,"content":" Max Brooks, author of World War Z, delivers a straight on, zero tongue in cheek, nitty-gritty survival guide for the coming Zombie Apocalypse. The book delivers exactly what is promised in the table of contents: The Solanum Virus and how it works and does not work, Weapons and Combat Techniques that work, defending your home, public spaces or other places, how to organise a breakout or run, useful equipment to have or to loot, and then fighting back and finally containing the outbreak.\nThe book concludes with a list of documented outbreaks in the past, and their handling. The book is written completely straight and is full of useful advice for fighting a Zombie Apocalypse or containing an outbreak, but also a useful source book for roleplaying and storytelling games.\n\u0026ldquo;The Zombie Survival Guide \u0026rdquo;, Max Brooks, EUR 4.99, (Kindle )\n","date":"2017-11-09T00:00:00Z","href":"https://blog.koehntopp.info/2017/11/09/fertig-gelesen-the-zombie-survival-guide.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: The Zombie Survival Guide"},{"categories":null,"content":"»I COULD HAVE BECOME a mass murderer after I hacked my governor module, but then I realized I could access the combined feed of entertainment channels carried on the company satellites.«\nThis is how »All Systems Red« begins.\nThe protagonist in this book is a robot mercenary android, or Murderbot, as it refers to itself. In a universe of corporations and contracts, Expeditions and Exploration teams are taking these company supplied machines with the for their own safety, and for compliance reasons.\nOur Murderbot is on a maintenance contract that has been given to the lowest bidder, and hence some critical limiters of its internal AI are not maintained properly. It became way more sentient and independent than its owners would like. Also, it is misanthropic, and really disinterested into the work and life of the meat around it.\nThat changes as the Murderbot suddenly has real work to do, as a neighbouring expedition has gone dark, sabotage happens, and a conspiracy is to be uncovered. Suddenly it has to care for its humans - and it has to come to terms with its relationship to humanity and individual humans.\nA short, only 150ish pages, starting as a fun read on the first sentence. Also answering Elon Musk\u0026rsquo;s deepest fear - what will unconstrained AI do, once mankind unleashes it on itself? Will the robots turn on us, or will they rather want to watch Netflix?\n\u0026ldquo;All Systems Red \u0026rdquo;, Martha Wells, EUR 1.99, (Kindle )\n","date":"2017-11-08T00:00:00Z","href":"https://blog.koehntopp.info/2017/11/08/fertig-gelesen-all-systems-red.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: All Systems Red"},{"categories":null,"content":" »The mutineers would have gotten away with it, too, if it weren’t for the collapse of the Flow.\nThere is, of course, a legal, standard way within the guilds for a crew to mutiny, a protocol that has lasted for centuries. A senior crew member, preferably the executive officer/first mate, but possibly the chief engineer, chief technician, chief physician or, in genuinely bizarre circumstances, the owner’s representative, would offer the ship’s imperial adjunct a formal Bill of Grievances Pursuant to a Mutiny, consistent with guild protocol. The imperial adjunct would confer with the ship’s chief chaplain, calling for witnesses and testimony if required, and the two would, in no later than a month, either offer up with a Finding for Mutiny, or issue a Denial of Mutiny.\n[…]\nObviously no one was going to do any of that.«\nThe glorious Empire of the Interdependency is completely constructed: Its worlds, or rather mostly space habitats circling uninhabitable planets, cannot live alone by design: each requires some thing or the other from another world of the Interdependency. All are bound together by the \u0026lsquo;Flow\u0026rsquo;, extradimensional rivers connecting star systems Diaspora style. Its religion promotes values that guarantee stability and peace. Its component social structures, the great houses, are carefully balanced for stability and longevity. The Interdependency stagnates.\nThe Flow will soon change.\nSome people are modelling it, trying to better understand the most important structure supporting the Interdependency. They can predict the collapse of the Flow, and they are trying to warn the empire\u0026rsquo;s ruler - or exploit this knowledge for the benefit of their house.\nThe Interdependency is what you get when you mash up Dune, Game of Thrones, and the dialog writing of Buffy, the Vampire Slayer. Or when Scalzi writes a book about climate change on a galactic scale.\nThis is grand scale space opera, the final days of a great empire set by construction for inevitable decay. The Collapsing Empire the first in a series (the next part is scheduled only for 2019, though), and a decent opener - but there is a lot of world-building and intrigue-setup going on and so it has its lengths. It\u0026rsquo;s a great foundation, though\n\u0026ldquo;The Collapsing Empire \u0026rdquo;, John Scalzi, EUR 1.19, (Kindle )\nBecause Scalzi is also political, and there has been a lot of US-politics fighting over the Hugo awards involving his works, there exists of course a Vox Day parody, The Corroding Empire .\n","date":"2017-11-08T00:00:00Z","href":"https://blog.koehntopp.info/2017/11/08/fertig-gelesen-the-collapsing-empire.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: The Collapsing Empire"},{"categories":null,"content":" The people of Earth are on the verge of transcendence: They almost managed to create mind uploads, they are on the verge of creating true synthetic AI, they have been traveling to remote stars and are beginning to terraform worlds, on which they will seed Earth lifeforms and uplift them. All this progress, though, draws the ire of militant terrorists from the \u0026ldquo;Non Ultra Nature\u0026rdquo; radicals, which culminates into the sabotage of Brin 2 lab while seeding a terraformed world, and at the same time the complete destruction of humanity and its in-system colonies back home.\nThe Brin lab goes into stasis, trying to preserve the body and mind of its sole survivor, Dr. Avrana Kern, in the form of an experimental upload. Meanwhile, on the world below, the uplift nanovirus has made it down the terraformed world, but the payload - a barrel of monkeys - has not. So the nanovirus tries to find other lifeforms to uplift - and finds Portia labiata .\nThousands of years later the newly evolved intelligences of Kern\u0026rsquo;s world are being rediscovered by the survivors from the Terran system that made it into space again. But Earth has become uninhabitable, while Kern\u0026rsquo;s world is now home a the biotech civilisation of large, intelligent spiders.\nTelling an epic, generation-spanning story of entire civilisations and still having relatable characters that tie everything together is not easy. If many of the characters are pumpkin-sized venomous jumping spiders it\u0026rsquo;s even harder.\nTchaikovsky pulls that off, elegantly and entertainingly. Great writing, recommended read.\n\u0026ldquo;Children of Time \u0026rdquo;, Adrian Tchaikovsky, EUR 5,99, (Kindle )\n","date":"2017-11-07T00:00:00Z","href":"https://blog.koehntopp.info/2017/11/07/fertig-gelesen-children-of-time.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: Children of Time"},{"categories":null,"content":" »In the early twentieth century, the Congress of our great nation debated a glorious plan to resolve the meat shortage in America. The idea was this: import hippos and raise them in Louisiana\u0026rsquo;s bayous. The hippos would eat the ruinously invasive water hyacinth; the American people would eat the hippos; everyone would go home happy. Well, except the hippo\u0026rsquo;s. They\u0026rsquo;d go home eaten.«\nThis plan, on which Congress did not follow through in our timeline, is the premise and the setting for Sarah Gailey\u0026rsquo;s alternate universe story \u0026ldquo;River of Teeth\u0026rdquo;.\nSo we get the sad story of Winslow Remington Houndstooth, a hippo farmer who lost everything in a fatal fire and now takes on shady jobs or government work, whatever pays the bills. Houndstooth is a Hopper, a hippo riding swamp cowboy, and he just took the job of cleaning a large body of water in the mouth of the Mississippi from feral, man eating hippos.\nHe assembles a gang of unlikely companions to help him with that, but he is up against a shady gangster running a gambling empire who is not amused of civilisation arriving at all. And of course there is a traitor in his team.\nThis is a short read of less than 200 paper-pages, but it\u0026rsquo;s also not expensive. The premise is completely insane, the characters are one-of-a-kind, refreshingly non-heroic, and have a lot of history together - which we discover as we go along.\nGood for one evening, but it will be a fun evening.\n\u0026ldquo;River of Teeth \u0026rdquo;, Sarah Gailey, EUR 1.99, (Kindle )\n","date":"2017-11-07T00:00:00Z","href":"https://blog.koehntopp.info/2017/11/07/fertig-gelesen-river-of-teeth.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: River of Teeth"},{"categories":null,"content":" Fanless devices A cellphone or tablet is a fanless device. So is the 12\u0026quot; Macbook. That means you can do whatever is possible at any point in time within a TDP of approximately 5W.\nHere is the power consumption of my cellphone over a 12h period. The scale on the left is mW, down is discharge, up is recharge (plugged in). It\u0026rsquo;s basically limited to 5W, and that only for short periods of time.\n]\nCellphone power over time. Green bar = plugged in. Yellow bar = Screen on.\nThese devices also have batteries, and when they are running on batteries, they need to be sleeping most of the time and have their display off. Whenever they are not dark and/or sleeping, they drain the battery, fast.\nThese two facts are the reason why most people playing Ingress have done so in Fall and Winter, and why they all have cabled up enormous power banks to their equipment. That\u0026rsquo;s also why your cellphone used for navigation will reboot after an hour or two of driving, unless you remove the protective bumper and put the holder into the airflow of the dash vent. Also, white devices are better than dark devices on sunny days on the Autobahn.\nLaptops with active ventilation Your laptop probably has a fan. Mine does. It is still mostly idle, but it is easily out of the TDP for fanless devices.\nThis machine is currently drawing 12.1W. The fans are hardly moving.\nIf I want to test what this machine could use, I could start a game. Most games are busy waiting event loops, that is, they keep the machine as busy as possible, and they are also exercising all the 3D circuitry in the box quite well. My laptop will never exceed 40W or so, doing this.\nGaming machines The gaming box underneath the desk is another matter. The graphics card is supposed to eat about 75W under load , the rest of the box probably as much. Thankfully, it has large 10cm fans that turn slowly, so it\u0026rsquo;s not as noisy.\nData center servers Large servers in a data center usually have one or two Xeon type CPUs, and depending on the kind of servers, some also have a small two digit number of harddisks.\nA rack full of Hadoop servers\nThese machines clock in at between 200-350W per server, and the power consumption is very much dependent on what the machine is doing . I can make these devices use up to 400W using mprime95 in torture test mode.\nYou can build mining rigs for Bitcoin, or rigs for machine learning. These things can become incredible hotspots, because each graphics card you add will contribute a three digit number of watts to your build. Interesting and extreme setups with up to 40.000 Watt per rack exist. They are very rare, and since you need to feed them a lot of power, also expensive to keep running.\nA rack with more than some 12kW to 14kW active in it will need water cooling. That complicates things, because you probably want the lowest disk in that rack to be higher than the highest drop of water, so placement constraints complicate the design.\nTL;DR: You process bytes. Things heat up. Depending on where you are, things will heat up so much that it is actually limiting what you can do. As technology improves, you can probably do more things with less heat, but it will still register.\n","date":"2017-11-07T00:00:00Z","href":"https://blog.koehntopp.info/2017/11/07/power-budgets-for-computing-resources-portable-and-stationary.html","tags":["data center","computer","lang_en"],"title":"Power budgets for computing resources - portable and stationary"},{"categories":null,"content":" All these worlds is the third and final part of the adventures of Bob, conqueror of the universe and saviour of humanity.\nBob started out as a dead computer programmer, uploaded as a control AI into the core of a von Neumann probe and spaceship. He then went forth and multiplied, mostly because he needed more of himself to cover up first his own fuckups and then to clean up the mess all of humanity made of his homeworld during his departure.\nThe book wraps up nicely with finding a homeworld for the survivors from earth, defeating the Others, his romance with Bridget, and his role as the Bawbe for the Deltans. So finally, after hundreds of years, the original Bob can finally point his bow to the stars and go out, truly exploring.\nAll in all a satisfying conclusion to a series that ties up all the lose ends.\n\u0026ldquo;All These Worlds \u0026rdquo; (Bobiverse 3), Dennis E. Taylor, EUR 4.47\n(Kindle , also unlimited)\n","date":"2017-11-06T00:00:00Z","href":"https://blog.koehntopp.info/2017/11/06/fertig-gelesen-all-these-worlds.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: All these worlds"},{"categories":null,"content":" Lori Clary is a software engineer and silicon valley geek, programming embedded systems and robot arms at General Dexterity for a living. She\u0026rsquo;s living the silicon valley lifestyle - basically coding all day, collapsing in her hole of a non-appartment, and not having contact with real people at all. With one exception: She\u0026rsquo;s ordering dinner from a delivery service that is run by two mysterious brothers, who make a mean spicy soup and crusty bread. The brothers have to leave, due to visa issues, but they leave her with the sourdough culture.\nShe\u0026rsquo;s learning to feed it, and to bake it, and soon she does not know what do with all the bread. Turns out people love her bread, and she needs to mass-produce it. Good thing that she\u0026rsquo;s working for a robot arm factory…\nSoon she\u0026rsquo;s joining a geeky underground farmers market with a techno-gothic flair. Robin Sloan is the author of \u0026ldquo;Mr Penumbra\u0026rsquo;s 24-hour bookstore\u0026rdquo;, und Sloan manages to keep the writing style and the \u0026ldquo;Silcon Valley Geeks meet the real world\u0026rdquo; feel, transplanting it successfully into a new story.\n\u0026ldquo;Sourdough \u0026rdquo;, Robin Sloan, EUR 5.49\n(Kindle )\n","date":"2017-11-06T00:00:00Z","href":"https://blog.koehntopp.info/2017/11/06/fertig-gelesen-sourdough.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: Sourdough"},{"categories":null,"content":"In 1982, Scott Fahlmann invented the use of :-) and :-( for marking up emotions or semantic context in written online communication. That was a great idea.\nThe :-) is just a symbol for an emotion.\nIt is specifically not a human face, it does not have a hair color, eye color, skin color or other human attributes. It is universal. Then some cellphone maker turned that into , anthropomorphising it.\nCome as it must, we soon get color, and it turns into 😀. That Simpsons yellow was read by some as white and non-inclusive, and here is where things start to break down.\nBecause the logical thing would be to stop here and revert back to .\nBut that is not what the Unicode consortium did. They went this way:\nThe Fitzpatrick Scale of skin colors inspired the U+1F3FB - U1F3FF suffixes for skin toned Emoji.\nThat was not a good thing. How do I know? In the wake of this change we got articles like Why White People Don’t Use White Emoji and Kendall Jenner is being accused of cultural appropriation for using the \u0026lsquo;wrong\u0026rsquo; emoji . That is, something that was supposed to be an annotation for conveying emotion became not only anthropomorphised to the point where that meaning is overshadowed by race, gender and culture issues. We are considering a full modification system for Emoji, in the (withdrawn) TR52 .\nTaking this to the logical conclusion, what we get is this:\nSkyrim Character Editor (modded)\nThat is, someone is taking the point of writing out of writing and is trying to put all the expression of a video chat or video game into a single glyph.\nComing back to the withdrawn TR52: we just got FROWNING PILE OF POO:\nFrowning pile of poo clearly has race issues.\nWe also get Emoji with hair colors and hair styles in Emoji 6.0 . And people in the Unicode consortium are not amused about the pile of poo with facial expressions , but while valid, it\u0026rsquo;s missing the larger point. What people actually would need is most likely something more like universal Giphy integration and less Skyrim character editor for Emoji. Sadly, nobody in the Unicode consortium is trying to fix this, and so we get a lot of symbol pollution in a thing that was supposed to be a writing system.\nIn another 15 years, we will achieve full egyptian hieroglyphs.\n","date":"2017-11-05T00:00:00Z","href":"https://blog.koehntopp.info/2017/11/05/unicode-is-over-and-it-dies-over-emoji.html","tags":["computer","lang_en"],"title":"Unicode is over and it dies over Emoji"},{"categories":null,"content":"#define MH_PIE 0x200000 /* When this bit is set, the OS will load the main executable at a random address. Only used in MH_EXECUTE filetypes. */ If that flag is on, MacOS will enable ASLR and the binary will have different load addresses for code, data, heap and stack every time it is running.\n$ sudo otool -h \u0026#39;/Library/Application Support/TrendMicro/TmccMac/iCoreService_tmsm\u0026#39; Mach header magic cputype cpusubtype caps filetype ncmds sizeofcmds flags 0xfeedfacf 16777223 3 0x80 2 20 2656 0x00018085 Check the \u0026lsquo;flags\u0026rsquo; for this. No 0x200000, no ASLR. Not here, and not on any other binary with \u0026ldquo;TrendMicro\u0026rdquo; in the pathname. And that is why you can\u0026rsquo;t have nice things.\n","date":"2017-10-20T00:00:00Z","href":"https://blog.koehntopp.info/2017/10/20/aslr.html","tags":["security","lang_en"],"title":"ASLR"},{"categories":null,"content":" Edgedancer Right now, one month before we get Oathbringer, the third part of The Stormlight Archive , we get Edgedancer. This is a Novella that previously was part of Arcanum Unbounded , a collection of short stories playing in the Cosmere . As a standalone Novella is has been expanded and is now 40k words long.\nEdgedancer picks up the story of Lift , a scrappy Reshi thief that happens to bond with a Spren to follow the path of the Edgedancer. Because Lift also had contact with the Nightwatcher, she has interesting additional capabilities, among them to touch Spren and to turn food into Stormlight.\nLift is a vagabond and has no desire to attach herself to anybody or anything, she sees connection as a liability. This is aligned with the Agent-of-Change aspect of the Edgedancer path, but in conflict with the caring and healing aspects of the Edgedancer, and the story explores that in the casual way that is typical for Sandersons storytelling. Lift gets into a conflict with Nale , the damaged Herald of Justice, and manages to bring this story arc to conclusion as well.\n\u0026ldquo;Edgedancer \u0026rdquo;, Brandon Sanderson, EUR 5.49\n","date":"2017-10-19T00:00:00Z","href":"https://blog.koehntopp.info/2017/10/19/fertig-gelesen-edgedancer.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: Edgedancer"},{"categories":null,"content":"[ ](Asperger\u0026rsquo;s on the Job)\nAsperger\u0026rsquo;s on the Job These weird people with headphones on, working strange hours, not wanting to stand in front of the group in Standups and for talks - what are they, where to they come from and how do you handle them at work?\nThe book is structured as a self-help book, assessing various aspects of Asperger Syndrome , how they manifest and what that might mean in the workplace. It also discusses personal and environmental mitigations. Each chapter concludes with a list of things that the Aspie and their employer could do, and leaves a number of questions that can help to develop a personal or environmental programme.\nUseful for people that live with a geek population, where the number of Aspies is supposedly higher than average, and for geek herders as well. Fast read, but not everything is useful. Still worthwhile.\n\u0026ldquo;Asperger\u0026rsquo;s on the Job \u0026rdquo;, Rudy Simone, EUR 13.45\n","date":"2017-10-16T00:00:00Z","href":"https://blog.koehntopp.info/2017/10/16/fertig-gelesen-aspergers-on-the-job.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: Asperger's on the Job"},{"categories":null,"content":"Ads on the web have many problems:\nAd selection criteria have been abused for dissemination of propaganda, for targeted malware attacks. Content sites have basically lost the control over what kind of stuff they deliver through the ad-space on their site. Tracking is increasingly a concern for users. Ads bloat sites, slow down page display times and mess with peoples mobile data plans. Ads use power and create heat in devices with a tight power budgets (basically, anything that runs on a battery and has no fans, phones, tablets, laptops). Ads play unwanted video and audio, open layers and windows, popovers and popunders. Ads destroy usability and layout on content sites. The market is collapsing: basically nobody is running a browser without an adblocker any more, and those that don\u0026rsquo;t adblock in their minds - clickthrough rates are nonexistent. So when everything is on fire, is there a unified group of stakeholders - content sites, browser makers, ad-industry leaders - at work to make things \u0026ldquo;better\u0026rdquo; or at least fix their broken non-business?\nWell, no. Says Marketingland in their article, ANA , 4As and IAB want to talk to CAB about their Better Ads program, but request being exempt from Chrome\u0026rsquo;s coming integral Adblock feature in exchange.\nNow, Mozilla and Safari are not part of CAB, and have little interest in joining, and also put a different focus on how to handle things: Safari tries to address tracking with their new Tracking Prevention , and it\u0026rsquo;s good enough to be widely hated . Other initiatives such as DNT were a failure - not because of a lack of interest on the user side, but because advertisers and sites were boycotting it.\nGoogle SVP of Ads and Commerce Sridhar Ramaswamy said, “Our hope is once this is in place, there’s no need for ad blocking on mobile.” On the other hand, things like Brainy Ape Apps play uninterruptible video ads for Free-To-Play (\u0026ldquo;Pay To Win\u0026rdquo;) apps with install buttons in the middle of educational games targeted age 4-10. Ramaswamy clearly is a very optimistic person. And as long as the Advertisers and their channels do not realize the depth of the shit they are in it still has to get worse before it can become better.\n","date":"2017-10-13T00:00:00Z","href":"https://blog.koehntopp.info/2017/10/13/so-what-is-the-state-of-the-ads-mess.html","tags":["advertising","copyright","lang_en"],"title":"So what is the state of the Ads mess?"},{"categories":null,"content":"There is a well known Github Gist \u0026ldquo;Latency Numbers Every Programmer Should Know \u0026rdquo;, which explains which things take how long.\nScaled Latency Numbers If you scale these things down 3 billion times, a clock cycle (0.3ns) becomes a second. And suddenly things are relateable. (Tweet )\nAnother attempt to visualize this , not entirely unlike this XKCD .\n","date":"2017-10-12T00:00:00Z","href":"https://blog.koehntopp.info/2017/10/12/latency-numbers-visualised-and-memorised.html","tags":["performance","computer","lang_en"],"title":"Latency Numbers, visualised and memorised"},{"categories":null,"content":"Katie Moussouris explains teh Cyber and how it is asymmetric:\n»\u0026quot;#Cassandra moment: Explaining that determining \u0026ldquo;cyber norms\u0026rdquo; in today\u0026rsquo;s world order misses emerging capabilities \u0026amp; motivations of new actors.\nForget \u0026ldquo;attribution\u0026rdquo;. Not what I mean.\nDeterrence, state responsibility, etc in existing state context assumes most want to keep stability. Plenty of non-terrorist smaller states \u0026amp; non-state-non-criminal actors have or can acquire capabilities \u0026amp; would not be sanctionable, for example when we think through deterrence strategies, consider not just world order we have that prefers stability, but those who prefer destability.\nWe\u0026rsquo;re erroneously trying to defend against a magnetic power reversal of the N \u0026amp; S poles, but the cyberwar powers are everywhere \u0026amp; unaligned.\nWe miss the point if we think the answer is to contain those weapons/tools.\nWe hurt defense when we limit their distribution for analysis.\u0026quot;«\n","date":"2017-10-12T00:00:00Z","href":"https://blog.koehntopp.info/2017/10/12/the-inherent-asymmetry-of-online-attacks.html","tags":["security","lang_en"],"title":"The inherent Asymmetry of online attacks"},{"categories":null,"content":"Pcgamer reports \u0026ldquo;Nvidia CEO says Moore’s Law is dead and GPUs wi replace CPUs \u0026rdquo;.\nNow, Jensen Huang might be a bit biased here, but he reminded us that \u0026ldquo;GPUs are advancing at a much faster pace than CPUs\u0026rdquo; and \u0026ldquo;that GPUs will replace CPUs soon, adding that at this point, designers can hardly work out advanced parallel instruction architectures for CPUs.\u0026rdquo; So what can a modern GPU do? Well, apparently Font Rendering is still a hard problem for GPUs, and a bottleneck in modern browsers. That\u0026rsquo;s not to say it\u0026rsquo;s not being done - the linked article contains lot of pointers. And an older article about the Ubershaders basically explains how the Dolphin GameCube/Wii-Emulator uses modern GPU hardware to live-emulate 2002/2006 GPU hardware, in realtime (for a short time, while the CPU in the background creates more optimised precompiled GPU setups and code).\n","date":"2017-10-12T00:00:00Z","href":"https://blog.koehntopp.info/2017/10/12/what-gpus-can-do.html","tags":["performance","gaming","lang_en"],"title":"What GPUs can do…"},{"categories":null,"content":" ]\nComputer Games are cheating A lot of computer games are cheating, so that you can actually have fun with the game. Read the thread.\n»Hey #gamedev, tell me about some brilliant mechanics in games that are hidden from the player to get across a certain feeling.«\n»This is probably somewhere way down the list, but third person game thumbstick correction is a favourite. Pretty standard in AAA. (know you know but extrapolation for readers) game detects collision blocks and steers player around them, ignoring direction of input. Pioneered (I think) by insomniac but popularised by Ubi.. One of the things I\u0026rsquo;m proudest of in Volume\u0026rsquo;s controls.«\n»Serious Sam, bullets are 1m thick when testing enemies, and 0m when testing world. So you can shoot near a corner, but hit enemy easily.«\n»\u0026ldquo;Am I weird for disliking a lot of these ideas (especially ones like dumbing down offscreen threats)? I prefer solutions that let the player feel impressive, but aren\u0026rsquo;t exactly hidden. Like modern schmup hitbox sizes.\u0026rdquo;\n\u0026ldquo;I\u0026rsquo;m getting tired of these things being described as \u0026ldquo;dumbing down\u0026rdquo;. The games that don\u0026rsquo;t do these things you\u0026rsquo;d not touch with a stick. Nothing is dumbed down, it\u0026rsquo;s simply a question of attention. Wanna fight large groups of enemies? We need to do this by necessity. The only thing that happens if we don\u0026rsquo;t is that you feel unfairly treated all the time because you had no chance to evade or react at all. And what\u0026rsquo;s the point of a mechanic if you don\u0026rsquo;t have a chance to learn and counter it? None. It\u0026rsquo;s just frustrating - you need a chance.\u0026rdquo;\n\u0026ldquo;\u0026rsquo;m not trying to knock the entire concept. Letting the player cheat a little to create those tense victory moments is an idea I can support. But I think \u0026ldquo;dumbing down\u0026rdquo; is a fair term in the way I intended it. An example was removing senses from some AI. Which is OK! A reasonable design decision. You\u0026rsquo;re literally making enemies dumber to help the player, but that can be justifiable.\u0026rdquo;\n\u0026ldquo;The term \u0026ldquo;cheating\u0026rdquo; does absolutely not sit right with me. It\u0026rsquo;s based on the assumption that without it it would just be harder. In reality however games would not be playable or utterly frustrating. So I don\u0026rsquo;t think dumbing down makes sense even if it seems like it.\u0026quot;«\n»\u0026ldquo;In Surgeon Simulator we hid many features to incite curiosity: for instance, if you dial your real phone number in the game, it calls you.\u0026rdquo; \u0026ldquo;Woah, is this real?\u0026rdquo; \u0026ldquo;True. And it plays a message integral to unlock a hidden level.\u0026rdquo; \u0026ldquo;Does it work across countries?\u0026rdquo; \u0026ldquo;If my memory serves me well, it does \u0026ndash; just needs adding the country code. God, I hope the dial-out server still runs! :D\u0026rdquo;«\n»\u0026ldquo;This is not helpful at all, but racing games used to have this rubber-banding thing going on to make sure races were \u0026ldquo;competitive.\u0026rdquo; \u0026ldquo;Totally is helpful but probably the most well-known. Mario Kart coined that one :)\u0026rdquo; \u0026ldquo;Oh right, and Civ: Beyond Earth supposedly rigged the enemy AI to have opposing ideologies to incite conflict. Peace was never an option.\u0026quot;«\n»\u0026ldquo;In Lone Echo Liv never ask you to do something, it\u0026rsquo;s always \u0026ldquo;we should\u0026rdquo; to prevent her from feeling bossy.\u0026rdquo; \u0026ldquo;Did you work on it? I could swear that\u0026rsquo;s not true, but would also find the choice \u0026hellip; let\u0026rsquo;s call it odd.\u0026rdquo; \u0026ldquo;Somehow that doesn\u0026rsquo;t sit right with me\u0026hellip; She was in charge. Do you feel like some of that feedback might\u0026rsquo;ve had sexist undertones?\u0026rdquo; \u0026ldquo;Potentially. But we also had the desire for them to feel more like friends or equals, despite her position of authority.\u0026rdquo; \u0026ldquo;That makes more sense to me :)\u0026quot;«\n»\u0026ldquo;The Xenomorph in Alien: Isolation has two brains one that always knows where you are and gives hints to the second that controls the body :D Far Cry 4 deliberately turns down the accuracy and damage of NPCs the more there are near the player. Helping you feel like a badass. :) F.E.A.R\u0026rsquo;s AI dialogue is selected by the NPC doing an action, then it tells another NPC to say it. Making it look like they communicate. Oh and Left 4 Dead keeps you on edge by deliberately targeting the player either farthest from the group or who has received less aggro. (It also deliberately gives you time to heal, but the time is based on difficulty and whether you\u0026rsquo;re working together as a group). Sneaky. Um\u0026hellip; Halo 2 helps players feel like they have influence over battle by forcing grunt NPCs to panic if elites are killed in proximity. Halo 3 embellishes this by having each fight act as a dance: first push forward, then fall-back and finally a last-stand against the player. The thugs in Arkham Asylum will avoid doing 180\u0026rsquo; turns at all costs to allow you to feel stealthy and sneak up behind them. Oh wait, remembered some more. Elizabeth in BioShock Infinite throws ammo/health/weapons to the player based on their current state. Running outta ammo? She\u0026rsquo;ll throw you a fresh gun. Nearly dead? A health pack! These items are spawned in by her and not found on the map. It creates a sense of relief and excitement by getting that thing you need at just the right moment. :D Despite the AI in F.E.A.R. being aggressive and trying to kill you, they\u0026rsquo;re actually designed to minimise the perceived \u0026rsquo;threat\u0026rsquo; you create. (The only reason they\u0026rsquo;re attacking you is because it\u0026rsquo;s the only real way in which they can completely eliminate the threat you pose to them) BTW, (shameless plug)\nI run a YouTube series on all of this game design/AI stuff .\nAll Far Cry games from 2 onwards dynamically add/remove NPCs to keep them within a short distance of the player.\nElizabeth in BioShock: Infinite tries to stand between you and your objective so you pay attention to her actions.\nAlien: Isolation\u0026rsquo;s xenomorph earns skills to counter yours. Like hiding in lockers? It\u0026rsquo;ll start to search lockers.\nZombies are spawned in inaccessible areas in Left 4 Dead (2) to give the illusion on how severe the infection is.\u0026quot;«\n»\u0026ldquo;Not sure if it was mentioned, but the tutorial in Halo 2 asked player to look up. Their input determined whether y-axis would be inverted.\u0026quot;«\n»\u0026ldquo;Is it ok to mention something we\u0026rsquo;re proud of in our own game? :P In Firewatch, a player not responding to dialogue prompt is a noted choice. The game reacts to non-response, and it helps create a feeling that ignoring someone has social consequence and the other person is \u0026ldquo;real\u0026rdquo;.\n»\u0026ldquo;In Bioshock if you would have taken your last pt of dmg you instead were invuln for abt 1-2 sec so you get more \u0026ldquo;barely survived\u0026rdquo; moments.\u0026quot;«\n»\u0026ldquo;In Gears, found out 90% of first time players don\u0026rsquo;t play a second multiplayer match if they don\u0026rsquo;t get a kill. That first game\u0026rsquo;s important\u0026hellip; So we started you off with some major advantages (like additional damage bonuses) that tapered off with your first few kills.\u0026rdquo; \u0026ldquo;seems unfair to other players.\u0026rdquo; \u0026ldquo;Only if you view multiplayer as everybody plotted against each other and not as a community where you need engaged players to begin with :)\u0026rdquo;\n»\u0026ldquo;In Fable 2, if the dog gets stuck navigating and gets far enough from the player, it\u0026rsquo;ll respawn off camera running to you. Reviewers praised this as realistic dog behaviour! More of a bug workaround, than a design feature as such, though.\u0026quot;«\n»\u0026ldquo;Silent hill shattered memories did a lot of this sort of thing. Maybe @mrsambarlow would like to share some of his favorites\u0026hellip;\u0026rdquo; \u0026ldquo;haha yes. Lots of stuff similar to other replies\u0026ndash; we wanted runs of a nightmare chase to be terrifying, but not block overall progress. So every time you re-spawned we robbed AI of a sense (smell -\u0026gt; hearing -\u0026gt; sight) and then started to reduce numbers. If you looked over your shoulder we slowed them down so they were always \u0026lsquo;almost on you\u0026rsquo;. Only 2 AI were allowed to chase you directly, the rest had to flank (2x speed) or run to room exits so the action in yr periphery was scary. The problem with these mechanics is that for players it works, but for journalists who replay and replay to break down systems it. Sometimes appears that the AI is dumb \u0026ndash; because the game thinks they\u0026rsquo;re struggling :)\u0026rdquo; \u0026ldquo;These are great, thanks for sharing! Should probably play it\u0026hellip; :) A lot of these tricks don\u0026rsquo;t work when you do it over and over again yeah\u0026rdquo; \u0026ldquo;Also in the first area of Shattered Dimensions, the only noticeable sound is a car alarm, making the player natrually look for the car. The car itself has it\u0026rsquo;s front lights flashing, and they just happen to be directed at the door the player is suppoused to go through.\u0026quot;«\n»\u0026ldquo;Add HP +1 to a destroyed enemy Spacecraft until you\u0026rsquo;re sure its in camera view to show players more explosions and spectacle on screen.\u0026quot;«\n»\u0026ldquo;All our games, on gamepad, trying to level down fast after looking up, the view will snap to horizon making you feel like you are precise.\u0026quot;«\n","date":"2017-10-12T00:00:00Z","href":"https://blog.koehntopp.info/2017/10/12/when-video-games-are-not-quite-playing-things-straight.html","tags":["media","gaming","lang_en"],"title":"When Video Games are not quite playing things straight…"},{"categories":null,"content":"Here is a user story for implementors of security systems and platform hardening initiatives:\nAs any user , I never want to get a \u0026ldquo;denied\u0026rdquo; message, but a \u0026quot; in order to do what you want you are missing the X permission\u0026quot; message in order to be able to track down the root cause and request the appropriate permissions more easily.\nIt\u0026rsquo;s not that hard, really.\nGitLab: You are not allowed to push code to this project.\nWell, it\u0026rsquo;s harder for some, apparently. That\u0026rsquo;s one hour of my life I am not getting back.\n","date":"2017-10-10T00:00:00Z","href":"https://blog.koehntopp.info/2017/10/10/a-sad-security-user-story.html","tags":["security","lang_en"],"title":"A (sad) security user story"},{"categories":null,"content":" Shared Space Experiment The Guardian has an article about a Shared Space Experiment at Amsterdam Alexanderplein.\nA Shared Space is an approach to urban traffic design in which segregation of traffic modes is minimized and signage or other regulation is taken away, leaving traffic participants to make up rules and agreements on the spot through interaction. Several preconditions need to be there in order for Shared Spaces to have a chance of working:\nThe general population involved must have a good traffic education : They must be, at least in principle, capable of handling traffic on their own. The traffic situation must be designed so that the various participants in traffic are aware of each other - they must have visibility of each other. Ideally, they should have need to deal with only one problem or danger at a time - problems need to be sequential , and things need to happen at human speed. Traffic needs to be slow and everybody needs to be comparable in speed. If these things are given, if you take away traffic lights and signage, the intention of getting people to interact and agree on how to safely proceed - to empower them - usually works out very favorably.\nThe new setup forced people to engage with their surroundings. They had to change the behavioural rituals they had fallen into in order to adapt. Instead of relying on traffic lights, they now relied on their own abilities and the cues of others.\nA paper referenced in the article Negotiation in Motion explains what goes on in more depth. The outcome: removing signals from a busy junction, it made journeys faster and interactions more pleasant. Now the approach is being copied across the city.\n","date":"2017-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2017/09/27/shared-space-experiment-at-alexanderplein.html","tags":["netherlands","mobility","lang_en"],"title":"Shared Space Experiment at Alexanderplein"},{"categories":null,"content":" Seriously, HR people ask the weirdest questions. \u0026ldquo;Where do you see yourself in five years?\u0026rdquo;\nFor a Twentysomething with no owned property and no family the truthful answer is of course \u0026ldquo;In a different company, twice removed. Not because you suck more than anywhere else, but, like, statistically.\u0026rdquo;\n\u0026ldquo;Where do you see yourself in five years?\u0026rdquo; \u0026ldquo;Week 27 or 28?\u0026rdquo; \u0026ndash; LionKingLee That time when you finish school and university and before you settle down with dependencies that make you immobile - it is an important time in your life. Use it wisely: Change jobs every two to three years, and make it count.\nThat is: understand that the people you work with are more important than the companies you work for - you are building your professional network. The companies you work for will change every few years, but the network you build will be with you for the rest of your life. It will be an important part of you and your career.\nThese people you are with in your wild years, they are the people who will recommend you to the company you are aiming for next. They will make sure that your CV is at least read, if you send it there. They will make sure that you have at least the first interview with that new shop. They are the people who will ask you, when they have a professional question regarding your area of expertise, and who will listen to your recommendations - for hiring, for purchase, or just for grounding some goofball ideas which may or may not turn into a startup.\nSeriously, HR people have the weirdest ideas. I met some once, who were wondering why self-assessment and 360º reviews and management reviews diverge so much. There are things like this for example (and that\u0026rsquo;s already one of the better solutions). But you are effectively typing feedback about your future network peers into a SaaS solution, and you know that.\nSo there is a third party company which collects data about me at work, and what others think about me. This company may or may not keep it around when we leave our current engagement, depending on legislation, this companies operational skills and culture:\nWould you trust a company with an Uber-like culture with this data?\nHow do you know if they are an Uber or not? If they keep it, and they are successful in their market, they will build a profile over my networks and my entire career, over each of our professional engagements over time. Yeah, one more profile to worry about, on top of the Google shadow, the Github and the Linkedin.\nAnyway, back when I was 20 (that was 1988), I learned the value of feedback - it is what helps you grow.\nI also learned that negative feedback is always delivered over coffee and beer, privately, face to face, and never, ever, written down.\nEspecially not in some random 3rd parties SaaS interface. You have no idea where it is going to end up, how long it is being kept or who is going to buy whom in the end. So, anything that goes into reports and reviews will of course be formatted in a way such that it does not damage the current and future relationship between my network and me. It\u0026rsquo;s not real and can\u0026rsquo;t ever be.\nAnd that was true already before systems like these, when HR was still working with paper folders and kept data in-house.\nSeriously, HR people have the weirdest jobs. Whatever technology you build, theirs can\u0026rsquo;t be automated, and in many ways not even effectively assisted.\n","date":"2017-09-11T00:00:00Z","href":"https://blog.koehntopp.info/2017/09/11/where-do-you-see-yourself-in-five-years.html","tags":["work","lang_en"],"title":"Where do you see yourself in five years?"},{"categories":null,"content":" Cargobike mum with child cycling independently on Upper Thames Street. Unimaginable before cycling infrastructure. \u0026ndash; Mark Treasure A lot of people in Germany, especially Bike Activists, are stuck in the 80ies, victims of the Kampfradler mentality. Let\u0026rsquo;s have a look at that:\nThe german word Kampfradler literally is made up from \u0026ldquo;Kampf\u0026rdquo; (fight) and \u0026ldquo;Radler\u0026rdquo; (cyclist) . A Kampfradler is a fighting cyclist, or confrontational cyclist. Wikipedia dates the Kampfradler to 2011, but it\u0026rsquo;s much older. I remember having used the term during my time as a student in Kiel, and that would date it to the mid-90ies at least. The Wikipedia article also puts it into the context of a bike rowdy, but it\u0026rsquo;s really older and it\u0026rsquo;s also being used by the Kampfradlers themselves with much more positive connotations.\nCyclists are being marginalised in many places in Germany, and it takes personal courage to be a presence in a car-centric traffic design and to reclaim the road. Roads designed for cars often leave cyclists no way to drive legal and safe at the same time. Kampfradler \u0026ldquo;know\u0026rdquo; that bike paths are multiple times more deadly than painted bike lanes on the road, claiming that bike paths hide cyclists until they suddenly appear when crossing a road, and the way this stuff is being constructed in Germany it is true that visibility of cyclists is suboptimal and often outright dangerous.\nThe Omafiets is being used by everyone, Omas as well as Jongens or businessmen.\nAs a German living in the Netherlands, I have a direct comparison between bike paths constructed for example in Kiel, in Berlin and in places like urban and historic Amsterdam and rural, recently built Vijfhuizen.\nThere are a lot of observations to be made:\nCasual and everyday Biking in the Netherlands means casual biking at casual speeds. The goal is to move swiftly, but relaxed. The Omafiets lets you sit upright, with handlebars that curve gently towards you like the wings of a swallow - unless you get wind from the front, in which case you might put the lower arms onto the handlebars to have a lower and more aerodynamic profile. The Objective is to move, but not to sweat.\nAll Ages and Abilities (AAA) Bike paths in the Netherlands are being built for everyone. That not only includes, but specifically means weak participants in traffic - elderly people as well as very young children. The image at the top of this article is not from the Netherlands, but might have been shot around here as well. The thinking expressed in the tweet coming with the image is also fitting for the Netherlands. A situation like in this image will simply never happen with bike lanes that are painted on a street - it is a thing that only happens with separated biking infrastructure.\nSegration - paint is never enough Biking infrastructure is not just separated bike paths. It also includes ways of crossing roads in a safe way. A lot has been learned about this in the last 25 years - see this article in my blog Ideally, a bike path crosses the road on a bridge (N205 near Vijfhuizen ) or in a tunnel (N205 near Vijfhuizen ), so that cyclists and cars cannot even conflict.\nWhen bikes and cars share a road without any kind of separation, car traffic is limited to 30 km/h. Usually not just by signage, but also using physical limitations, such as drempels.\nRoundabouts are being used more a lot, compared to Germany and they can be an awesome tool control car traffic speed, simplify intersections and keep traffic flowing in residential areas. A small roundabout in Vijfhuizen shows the red bikepath leaving the road, crossing at the side of the roundabout and the continuing again directly on the road. This solution is less than ideal, but safe enough at the local traffic density and speed to be mastered by a 7 year old on a bike alone, safely.\nThis roundabout in Amsterdam is very busy and crosses a tram line, two major inner city roads and quite some bit of bike traffic on the same floor level. Building the bike path as a road, wide and with two directions, next to a road, makes biking more comfortable, also also simplifies leading traffic across intersections and does not even necessarily use more space.\nAn example can be seen here next to Haarlem , leaving for the Dunes. They also make other \u0026ldquo;typical\u0026rdquo; problems that Kampfradler experience immaterial - dooring does not exist in bike infra built this way.\nMore examples in this article about cycling infrastructure (also parking!) from Utrecht - a city with a historic city center that has built itself into one of the most bike friendly environments in the Netherlands.\n","date":"2017-09-08T00:00:00Z","href":"https://blog.koehntopp.info/2017/09/08/separate-infrastructure.html","tags":["mobility","netherlands","lang_en"],"title":"Separate Infrastructure"},{"categories":null,"content":" One of the weirdest and most interesting characters in the DC Universe is Wonder Woman, because she is full of seemingly irreconcilable contradictions. Created by a man, William Moulton Marston , in 1941, her history is actually deeply rooted in the Suffragette movement of the early 20th century. Marston owes much of the ideas and the origin myth to earlier stories from that era and cosmos, through his wifes Elizabeth Holloway Marston and Olive Byrne, and through Olives Byrne\u0026rsquo;s connection with Ethel Byrne and Margaret Sanger .\nThe book is a biography of Marston, but really is a history of feminism in the United States, and also making a case that there are no waves , but one large, meandering river. A much recommended, very unexpected find, and an eye-opening view on a bunch of unique characters, both real and imagined.\n\u0026ldquo;The Secret History of Wonder Woman \u0026rdquo;, Jill Lepore, EUR 8.32\n","date":"2017-09-04T00:00:00Z","href":"https://blog.koehntopp.info/2017/09/04/fertig-gelesen-the-secret-history-of-wonder-woman.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: The Secret History of Wonder Woman"},{"categories":null,"content":"Here is the question:\nHow much infrastructure do we need when ALL 8 million vehicles (and buses and trucks!) in the Netherlands go electric? The answer will surprise you: we could get to 100% electric transportation in the Netherlands, just by converting the 4000 existing gast stations to fast charging stations which have an average of 14 fast chargers.\narticle then plays with numbers a bit: Kilometers driven, electricity used, number of chargepoints, charging rates.\n(for germans: The Netherlands compare in area and population pretty well to Nordrhein-Westfalen)\n","date":"2017-09-04T00:00:00Z","href":"https://blog.koehntopp.info/2017/09/04/how-many-chargers-are-necessary-to-convert-the-netherlands-to-electric-cars.html","tags":["mobility","netherlands"],"title":"How many chargers are necessary to convert the Netherlands to electric cars?"},{"categories":null,"content":" Berliner Sparkasse Onlinebanking FAQ :\nWhy do I get the message \u0026lsquo;mobile device, can\u0026rsquo;t perform smsTAN money transfer\u0026rsquo; when using my Desktop computer.\nA possible cause is the display resolution. Your computer is being detected as a mobile device by our online banking system. smsTAN is not working from a mobile device.\nSolution: Change the display resolution\nSo 1920x1080 does work, but 1080x1920 doesn\u0026rsquo;t.\n","date":"2017-08-28T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/28/why-i-cant-transfer-money-with-my-monitor-upright.html","tags":["security","lang_en"],"title":"Why I can't transfer money with my Monitor upright"},{"categories":null,"content":"Today is a weird day. First thing is a friend asking about help with community management. And next thing is Fefe reiterating his longstanding fallacy (Rant in German ) that programmers are able to do anything just because they are able to do one thing (here: Community Management). The TL;DR is that he rants against non-programmers showing interest into programming projects because they like the software, thereby ruining everything by not being programmers.\nDabei ist es so einfach, sich in einem Projekt Respekt zu erarbeiten. Leiste einfach was. Erwarte nichts als Gegenleistung. Problem: Jede Minute über dich oder deine Leistungen reden macht 10 Minuten tatsächliche Leistung kaputt.\nBut it is easy to get respect in a project: Just show something useful. Don\u0026rsquo;t expect a return. Problem: Every minute speaking about yourself or your results ruins ten minutes of actual useful work.\nThat is, of course, nonsense. It just shows, like his example about the closed umatrix bug tracker, a complete lack of understanding of the communication situation and a failure to organise the the communication efficiently.\nThe dclp experience Back in late 1999, early 2000, I started a USENET newsgroup, de.comp.lang.php. As the name suggests, it was a german language newsgroup about the PHP programming language. It wasn\u0026rsquo;t the first communication project I started, and I also had been online and in USENET quite some time, and so I did it with an agenda and a plan (longer article ) with German introduction and english language content about this).\nAt that point in time the German Linux newsgroups (and the German Firewall newsgroups) were good counterexample to community management. There was demand for drive-by support by newbies, but instead of dealing with the demand, flamewars were the rule, and the spillover from the flamewars was drowning the useful content of the group. Even with filters, the group was impossible to read.\nIt was my intention to actively discourage such a development in the newly instantiated de.comp.lang.php. This was done by writing short, well researched articles answering typical newbie questions, following a specific short form recipe with a certain order of events. These answers were collected, refined into a slightly more general form, and the reused to answer recurring topical questions even faster. I set myself an arbitrary time limit (no more than 60 minutes a day), and fell into a rote quickly.\nThe assumption was that people flaming noobs in the group were trying to generate Karma by grabbing attention. By being able to usefully answer the questions using short, well written articles with tested, reusable answers and a recognisable form I would publicly grab more Karma and generate envy, encouraging people to imitate me.\nThat worked.\nThe other assumption was that the newbies are actually friendly, so if you are perceived as friendly and helpful, you earn respect and authority, which you can spend immediately to inject a second answer to a question they had better asked, but didn\u0026rsquo;t, into their cognitive stream.\nThat did work, too.\nThe short form was always a quote of the actual problem the noob had, an optional rephrasing of the question into something clearer (\u0026ldquo;I understand that as \u0026hellip;\u0026rdquo;) and then building a short, specific bridge pointing to a specific answer in the FAQ, explaining in a single sentence why the FAQ answer is relevant and how reading the answer will help in the context of the actual question. If the noob showed behaviour unsuitable for USENET regulars, I then often appended a sentence or two explaining the problem and how it could be fixed to avoid future problems, or how to ask better questions or similar improvements. The deal was \u0026ldquo;Remove their block, enable them to continue, and then shove additional info into their mind that improves \u0026rsquo;them\u0026rsquo; in a way that is useful to \u0026lsquo;us\u0026rsquo;.\u0026rdquo;\nUsing the proper tools and sticking to the form enables highly efficient article generation: Within the allocated hour, I could generate easily 30-60 friendly, actually helpful, well tested answers and use the Karma to educate noobs. I was also carpet bombing the group with useful content, drowning out the flamers - the opposite of the Linux groups. And because I was emotionally disengaged, professionally friendly all the time, I was able to sustain that virtually infinitely.\nI did not invent that form - it was pre-existing and shown to work in a slightly different way in comp.lang.c for a long time. Unlike the de.comp.lang.php FAQ, the comp.lang.c FAQ also experienced a second compression from FAQ to actual book by Peter van der Linden - I never found the time to do that (Read Peter\u0026rsquo;s books, he\u0026rsquo;s an awesome explainer).\nOther examples This is not the only way to manage communities, or maintain order in online forums. I have an older talk about \u0026ldquo;Flames - Online Communication Breakdowns\u0026rdquo; (German video recording ) which touches on experiences with de.comp.lang.php, but also on different approaches chosen for de.rec.spiele.rpg.misc (drsrm FAQ in German ) and de.talk.bizarre (don\u0026rsquo;t look at dtb , that dtb is not the dtb you are looking for). I also explain why these things require different approaches.\nThere is even more help available online, and some of it is even useful for programmer-type minds. Building Successful Online Communities: Evidence-Based Social Design is a collection of articles and case studies that shows different possible approaches and what their applicability and usefulness is.\nIf you have a programmer-type mind, Pieter Hintjens Social Architecture: Building Online Communities might be more useful for you. It just highlights how misguided, helpless/clueless and badly implemented things like the umatrix bugtracker shutdown or Fefe\u0026rsquo;s rant are:\nThere are useful tools to handle this, efficiently, out there, you just don\u0026rsquo;t know them and you are making things worse with what you are doing right now. So stop doing that, and learn what works, then follow that. And fast, before you break it completely.\u0026quot;\nAlso,no, this is not about not at all about SJW inclusionists or project maintainer privilege abuse. It\u0026rsquo;s about programmer-type persons not having an appropriate repertoire of possible reactions to an influx of newcomers, and then frustration, change-averseness and panic kicking in in this order.\nThat\u0026rsquo;s also a normal thing, and there are ways to deal with this appropriately as well - these are things that can be taught and learned, to anyone who is willing to stop, understand that they are out of their depth and then to listen.\n","date":"2017-08-23T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/23/community-management.html","tags":["erklaerbaer","community","usenet","lang_en"],"title":"Community Management?"},{"categories":null,"content":" »Yay for discounts, aber die Einstellung vom Köhntopp finde ich ja eigentlich ziemlich vermessen und ekelhaft.« Back in the day at university, there used to be a group of people who went to the Cinema every week on Thursday. We were sometimes six, sometimes more like ten people, but at the core it was a pretty stable group. Ticket sales started one week before and we are pretty consistently getting our tickets pretty much the hour ticket sales started.\nBecause we were having reserved, numbered seats, we were usually late arrivals, sometimes trying to get into the film after the Ads, but well before anything serious started rolling. Over the course of time, the Cinema managed to double-sell our reserved seats on several different events. And despite the fact that all tickets have a sell-date printed on them, they didn\u0026rsquo;t give the seats to the people with the early tickets, but to the people who arrived first. So we stopped that, and that was 200 DM a week less for the Cinema - or maybe not, because then they would probably care more.\nAnd I learned a thing:\nExperience does not really matter and neither does freshness. I was fine not seeing a film the week it was released. There is in fact a steady stream of films coming down the pipeline, and if you offset yourself a few years from releases, all things will eventually come to you for free on the pretty excellent German TV.\nI rather spent money on one of the first HDD DVRs available, a Schneider Prime Timer. Well, Heinz did, but that\u0026rsquo;s a different story. I also learned that even with a mediocre home setup the experience at home on the average is better than in the Cinema. Mostly that is because the experience is much more reliable - less chance of annoyance - and because I can back out of crap much more easily if it does not grip me in the first 20 minutes.\nThen MP3 happened, and while Napster was pretty unreliable, it did sell cheap ATA HDDs instead of proper SCSI HDD to me, and I ripped the 600 or so CDs I had - all of them purchased for 20 DM or less. Most of them I got much, much cheaper. Because Cinema taught me to wait and grab stuff when it was on sale and not when it was released.\nI took these Rips to my friends, offered them a copy and asked if I could borrow their CDs, and yes, all of them. So 40GB wasn\u0026rsquo;t enough, and pretty soon I ended up with some Terabyte or the other.\nAnd I learned another thing:\nThere is no overlap. So the friends I had, each of them had approximately as many CDs as me, some more, some less, but all of them literally hundreds. After merging a dozen collections, there was considerably less than a three digit overlap in number of Albums. Apparently taste and interest vary wildly and the long tail is most likely way, way longer than you think.\nAlso, I found a lot of music that I did not know about, and which I really liked. I mean, my wife listens to K-POP and I am not even angry! These days I have a 30kg home server that\u0026rsquo;s full of hard disks, always on, and that uses Subsonic to stream stuff to the Sonos Systems, because that works.\nOnly that nobody actually uses that, because we also have GPMAA Family, and that\u0026rsquo;s much more convenient for some reason - we like to stream. There is also a Netflix and an Amazon Prime, and for some reason we are using that, and not the Subsonic, to watch movies.\nThere is still a shelf of DVDs, but the actual couch-algorithm is \u0026ldquo;Check werstreamt.es\u0026rdquo;: If it is available on Netflix or Amazon, go there. If not, either watch something else, or get it from a Torrent. We are literally not even bothering checking the local file server or trying to find a USB DVD drive to hook up to the TV server and pulling the media from the shelf.\nGeneral DRM and optical media unreliability features big in this: Usually, the torrent is already finished by the time I found the drive, put in the DVD, got it out again, blew away the dust from the optics, try again, only to learn that the computer\u0026rsquo;s media player does not handle the DRM fuckery on this particular disc very well.\nI eventually learned to trust the Streaming and the Torrent more than my local media. That even includes books: Amazon Prime comes with Amazon unlimited, and German Book Stores have taught me that for anything in foreign language it is not even worth bothering.\nWhat actually works: a Kindle. I once owned a room full of Paper Scifi - about 2000 books or more, but then I had to move. These days, I do not buy paper books any more - unless they are Comics or graphics rich Coffee Table experiences.\nAnd here is a thing: once you go Kindle, you go KDP/Indie, and for Scifi that means all books are $10 or less. Actually, for $0.99 I am giving even pretty things with questionable blurbs a try, because you never know, and the financial risk is very controlled.\nEssentially, all my experience has converted to electronic media, and then to streaming, even reading. So, Games: Yeah, I grew up in the Eighties, and fell into Games, and then into cracking them in the mid Eighties. I found that cracking them, and understanding how they work, is actually more fun than playing them - and so I stopped playing for some 15 or 20 years. You can thank Ingress for the fact that I am even looking at games again at all.\nAnother kind of very long tail.\nAround the time I got my first smartphone, Humblebundle appeared and started to offer Android Mobile Bundles. They contained amusing stuff and I bought them - generally for the minimum required price to unlock all the things that I had a mild interest in, or that I thought the child may have in interest in in a few years time.\nTurns out, you collect cellphone games at an amazing rate that way. And turns out they are not actually cellphone games. Because if you accidentally look into your Humblebundle account: My God, it\u0026rsquo;s full of Steam Keys - whatever that is.\nAnyway, so I happen to own not quite 300 games, which are most likely to be not bad at all, and out of which I have probably played about 10 or less past the point of Steam Refund. And that\u0026rsquo;s fine with me, because I probably paid about one Dollar, each, on the average.\nBut all that is the competition any of the new stuff you are trying to sell me is up against. I am an adult with a well paying job, a family and a child. Where do I put my time? Games last, pretty much. I don\u0026rsquo;t have that much of a monetary constraint on my purchases per se, but I have been trained that you never do media, any media, at full price, because it\u0026rsquo;s a rip-off.\nAlso, I have learned that media ages well, so it\u0026rsquo;s kind of okay to let it lie for a few years. That\u0026rsquo;s particularly true for computer games, it appears, because bugs.\nSo here is what it looks like at home: There is a single, very expensive Windows computer in the house, and it autoboots into Steam and streams to the TV Mac or our Laptops. There is also a very large file server, which in two years time will become a tiny Raspi-like Device with a two-digit TB piece of Flash. There is large pile of Sonos Hardware. There\u0026rsquo;s a TV with a Mac and DVR software. There is a FTTH connection subscription. There are GPMAA Family, Netflix, and Amazon Prime Subscriptions.\nAnd there is a hard rule to never buy any media without substantial discount, because life told us for multiple decades that this how it works:\nDon\u0026rsquo;t judge media by the amount of work or love that has been poured into it. Judge it by what other media you can get instead for that money, because there is plenty of other stuff that\u0026rsquo;s not bad at all. And nobody can even begin to make a dent into the pile in a single lifetime.\nAnd that is why you can\u0026rsquo;t have nice things. Don\u0026rsquo;t look for a career in art or media.\nSome people define themselves through Media. That\u0026rsquo;s ok, but that\u0026rsquo;s not me. Some people define themselves through Media. That\u0026rsquo;s ok, but that\u0026rsquo;s not me, that\u0026rsquo;s John Cusack , and I am not him, I am the copyright fairy .\n","date":"2017-08-13T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/13/why-you-cant-have-nice-things.html","tags":["media","copyright","lang_en"],"title":"Why you can't have nice things…"},{"categories":null,"content":"The history of serialize() and unserialize() in PHP begins with Boris Erdmann and me, and we have to go 20 years back in time. This is the day of the prerelease versions of PHP 3, some time in 1998 .\nBoris and I were working on code for a management system for employee education for German Telekom. The front side is a web shop that sells classes and courses, the back end is a complex structure that manages attendance, keeps track of a line manager approval hierarchy and provides alternative dates for overfull classes. In order to manage authentication, shopping carts and other internal state, we needed something that allowed us to go from a stateless system to a stateful thing, securely. The result was PHPLIB , and especially the code in session.inc .\nThat code contained a function serialize(), which created a stringified representation of a PHP variable and appended it to a string. There was no unserialize() necessary, because serialize() generated PHP code. eval() would unserialize().\nOne of the problems we had to solve was that PHP3 was slow. So if we were to write out a serialized representation of variables, we would have to write a parser for that, and that parser better be fast, because it would be executed at the beginning of each and every page load. We already had such a parser, and it was the fastest parser available, PHP itself. So we decided to write a function that takes a variable, recurses through that variable and generated PHP code to recreate the variable if that code would be executed.\nFor scalars, that is trivial .\nFor an array, that is possible with a simple recursion over each element .\nFor objects, things are complicated.\nFirstly, in PHP3, an object does not have the slightest clue what it\u0026rsquo;s classname is. Secondly, an object might have instance variables that we do not want to be part of the stringified representation of the object, for example file and image file handles or other resources. We solved both problems by requiring serializable objects to have metadata instance variables, classname and persistent_slots\u0026quot;.\nFor unserialize, we simply executed that code inside an eval().\nFrom PHP 4 onward, Sascha Schumann wrote a C implementation of session management that became a standard part of PHP, which was largely based on our ideas. Unlike us, he made PHP store session data in the filesystem, inheriting our idea of probabilistic session expiration. He also converted the data format from PHP Code to the current representation.\nAnother problem that needed adressing was code uniformity: If you load a serialized object written by another web page of your application, that object has a class. And the code for that class needs to be loaded before you can load and re-instantiate that object. Basically, you saved an instance $a of DemoClass, and if you load that instance again, running unserialize() on it, PHP needs to know what a DemoClass is and how to make one, using $a = new DemoClass(), before it can fill in the values of all instance variables. So the includes of your app better be the same on all pages, or you invent the Autoloader .\nThe Autoloader originally was a simple callback function that would be invoked every time you want to make an instance of an unknown class. The function would get the name of the missing class as a parameter, and would then be responsible to produce a class definition for that class.\nfunction __autoload($missing) { echo \u0026#34;Class $missing is missing.\u0026#34;; include(\u0026#34;$missing.class.php\u0026#34;); } $a = new DoesNotExist(); This is your classic suicide autoloader: Whenever an undefined class is being encountered, __autoload() is being called with that classname. It would then try to include a file with that name (and all dots and slashes that you manage to falsify into that name) and hope that this would contain code that defined a class with a matching name.\nReal autoloaders should not look like this (but often they are close enough to this code to contain exploitable security problems).\nToday the autoload mechanism of PHP is more complicated. It has a default autoloader , a mechanism to manage a stack of autoloaders , and a bunch of other things such as file extensions and include path names to influence all that. It is also quite good, even if more sophisticated serializers exist .\nSo what is the state of unserialize() in PHP these days, and why?\nThat was a controversial Tweet It links to this:\nReally Good Advice™ People object:\nPeople object but given the little tour above, you should be able to understand how unserialize() cannot really be made safe for import of foreign data. You can unserialize() stuff your code has written, after having verified that the data you read still is the data you have written, using salted hash_hmac()s on said data. That\u0026rsquo;s going to be reasonably safe.\nYou can\u0026rsquo;t, ever, use unserialize() as a data interchange format with other application or an end user. unserialize() is not an exposable API. Never was. Other functions and formats for this exist. Use those. Here is some code to try:\n#! /usr/local/bin/php \u0026lt;?php function show_serialize1() { $a = 1; $str = serialize($a); file_put_contents(\u0026#34;demo\u0026#34;, $str); } function show_serialize2() { $a = array(\u0026#34;fnorp\u0026#34;, \u0026#34;glorp\u0026#34;, \u0026#34;dorp\u0026#34;); $str = serialize($a); file_put_contents(\u0026#34;demo\u0026#34;, $str); } function show_serialize3() { class DemoClass { private $priv = \u0026#39;priv\u0026#39;; protected $prot = \u0026#39;prot\u0026#39;; public $pub = \u0026#39;pub\u0026#39;; public function __construct() { echo \u0026#34;Constructed.\\n\u0026#34;; } public function __sleep() { echo \u0026#34;To be serialized\\n\u0026#34;; return array(\u0026#39;priv\u0026#39;, \u0026#39;prot\u0026#39;, \u0026#39;pub\u0026#39;); } public function __wakeup() { echo \u0026#34;Just unserialized.\\n\u0026#34;; } } $a = new DemoClass(); $str = serialize($a); file_put_contents(\u0026#34;demo\u0026#34;, $str); } function show_serialize4() { $a = array(1); $a[] = \u0026amp;$a[0]; $b = \u0026amp;$a[0]; $a[1] = 2; echo \u0026#34;References inside an array work:\\n\u0026#34;; print_r($a); echo \u0026#34;References across unserialize:\\n\u0026#34;; $b = unserialize(serialize($a)); echo \u0026#34;b is unserialized a:\u0026#34;; print_r($b); echo \u0026#34;Does the ref still work?\\n\u0026#34;; $b[1] = 3; print_r($b); } function show_unserialize1() { $str = file_get_contents(\u0026#34;demo\u0026#34;); $x = unserialize($str); print_r($x); } function define_democlass($class = \u0026#34;none\u0026#34;) { echo \u0026#34;We want $class defined.\\n\u0026#34;; class DemoClass { private $priv = \u0026#39;fnorp\u0026#39;; protected $prot = \u0026#39;glorp\u0026#39;; public $pub = \u0026#39;dorp\u0026#39;; public function __construct() { echo \u0026#34;Constructed.\\n\u0026#34;; } public function __sleep() { echo \u0026#34;To be serialized\\n\u0026#34;; return array(\u0026#39;priv\u0026#39;, \u0026#39;prot\u0026#39;, \u0026#39;pub\u0026#39;); } public function __wakeup() { echo \u0026#34;Just unserialized.\\n\u0026#34;; } } } function show_unserialize2() { spl_autoload_register(\u0026#39;define_democlass\u0026#39;); $str = file_get_contents(\u0026#34;demo\u0026#34;); $x = unserialize($str); print_r($x); } if (! isset($argv[1])) { echo \u0026#34;Please start with \u0026#39;ser\u0026#39; or \u0026#39;unser\u0026#39;\\n\u0026#34;; exit(1); } switch($argv[1]) { case \u0026#34;ser1\u0026#34;: show_serialize1(); break; case \u0026#34;ser2\u0026#34;: show_serialize2(); break; case \u0026#34;ser3\u0026#34;: show_serialize3(); break; case \u0026#34;ser4\u0026#34;: show_serialize4(); break; case \u0026#34;unser1\u0026#34;: show_unserialize1(); break; case \u0026#34;unser2\u0026#34;: show_unserialize2(); break; default: echo \u0026#34;Wot?\\n\u0026#34;; exit(1); break; } You can use this to see what serialized data looks like:\n$ ./probe.php ser1; cat demo; echo i:1; More complicated stuff such as arrays:\n$ ./probe.php ser2; cat demo; echo a:3:{i:0;s:5:\u0026#34;fnorp\u0026#34;;i:1;s:5:\u0026#34;glorp\u0026#34;;i:2;s:4:\u0026#34;dorp\u0026#34;;} Also, references half-work, if they are internal:\n$ ./probe.php ser4 References inside an array work: Array ( [0] =\u0026gt; 2 [1] =\u0026gt; 2 ) References across unserialize: b is unserialized a:Array ( [0] =\u0026gt; 2 [1] =\u0026gt; 2 ) Does the ref still work? Array ( [0] =\u0026gt; 3 [1] =\u0026gt; 3 ) but serializing a reference $b that points to $a does not work: The value $b is referencing is saved, and the unserialized variable will have a value, but will not reference the previous value. There is no error or warning.\nHere is what we do to Objects:\n$ ./probe.php ser3; cat demo; echo Constructed. To be serialized O:9:\u0026#34;DemoClass\u0026#34;:3:{s:15:\u0026#34;DemoClasspriv\u0026#34;;s:4:\u0026#34;priv\u0026#34;;s:7:\u0026#34;\\*prot\u0026#34;;s:4:\u0026#34;prot\u0026#34;;s:3:\u0026#34;pub\u0026#34;;s:3:\u0026#34;pub\u0026#34;;} This shows how the contructor is being executed, how the __sleep() callback is called and the content of the serialized file with the stringified DemoClass instance referencing the class name. If we load this without DemoClass being defined, we get\n$ ./probe.php unser1 __PHP_Incomplete_Class Object ( [__PHP_Incomplete_Class_Name] =\u0026gt; DemoClass [priv:DemoClass:private] =\u0026gt; priv [prot:protected] =\u0026gt; prot [pub] =\u0026gt; pub ) We can load DemoClass using an autoloader we define. Then we get\n$ ./probe.php unser2 We want DemoClass defined. Just unserialized. DemoClass Object ( [priv:DemoClass:private] =\u0026gt; priv [prot:protected] =\u0026gt; prot [pub] =\u0026gt; pub ) You can see the Autoloader being called, the __wakeup() function running (it didn\u0026rsquo;t in the example before!) and then the properly re-instantiated object.\nNote that our new version of DemoClass, as defined by the autoloader, does define different default values for the instance variables so we can show that the values from the file are being loaded.\n","date":"2017-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/11/php-understanding-unserialize.html","tags":["security","erklaerbaer","php"],"title":"PHP: Understanding unserialize()"},{"categories":null,"content":"So you are running systems in production and you want to collect data from your systems. You need to build a monitoring system. That won\u0026rsquo;t work and it won\u0026rsquo;t scale. So please stop for a moment, and think. What kind of monitoring do you want do build? I know at least three different types of monitoring system, and they have very different objectives, and consequently designs.\nThree types of Monitoring Systems The first and most important system you want to have is checking for incidents. This Type 1 monitoring is basically a transactional monitoring system:\nYou want to monitor a production system and you need to know if things are okay-ish. If not you want to get a notification about that. The notification should be actionable, be acted on, acknowledged and then you are done. It can be deleted, and it is important that it is deleted from this system.\nYou want this system to be highly available. Highly available systems are a lot easier to build if they are small, don\u0026rsquo;t have many requirements and don\u0026rsquo;t come with scaling overhead.Ideally, this thing is so small and self-contained that it can fit on a USB stick. In an incident, you can plug it into any machine and turn that into a monitoring host, gaining the necessary visibility that enables you to rebuild the entire data center from a complete outage. You want this system to be fast, the monitoring data to be fresh. Since this is the system that informs you that you are on fire right now, the time span between a thing actually happening and the point in time you know about this thing happening by the way of the monitoring system must be as small as possible.That is, you want the monitoring lag to be small, and to be visible so that people are aware of the fact that the view into a past state of the system. You want the system size to be stable. That is, for a fixed size of installations and a fixed set of metrics, as time goes by, the system size on disk or in memory should not grow out of bounds.Systems that grow over time without an upper limit have a data collection and retention inside. They are Type 1 systems with a Type 2 system on the inside. If you just wait, they will die from bloat. In database terms, you can think of the Type 1 monitoring as an OLTP or transactional system: As an incident is detected, an alert is created, a human is acting on the alert and eventually closing it, removing the cause. As the alert is over, the transaction is done and can be purged from this system.\nBecause it\u0026rsquo;s purged, the system size is finite and it does not grow out of bounds due to log-keeping. There may be an ETL process that extracts finished alerts, transforms them into another representation and loads them into another system for record-keeping. Examples for Type 1 monitoring systems are Nagios and other host checkers, most of which are broken from a modern point of view, and Prometheus as a much more modern and less broken implementation.\nA Type 2 system is one that keeps records for a long time, it\u0026rsquo;s data warehousey. These systems are not actually alerting, they are used to be able to validate service level objectives (\u0026ldquo;Have we kept the promises we made\u0026rdquo;), to identify recurring problems (\u0026ldquo;What\u0026rsquo;s the most common kind of problem we encounter across the entire fleet?\u0026rdquo;), and to do capacity planning (\u0026ldquo;Given past growth, when will we be running out of steam? What\u0026rsquo;s the amount of runway we have left?\u0026rdquo;).\nA data warehousey system can typically be down for two or three days. Somebody will grumble, but a loss of availability is usually not immediately catastrophic. Also, these systems can become tremendously large, and are usually distributed. Examples of such systems are large long term storage Graphite or Influx storages, Druid.io and other massive TSDB storages.\nAnd finally, the Type 3 is the thing that you actually use to understand what is on fire in which way precisely when you get an alert from a Type 1 system. It\u0026rsquo;s a debug system , not a time series collector in the first place. Often it\u0026rsquo;s not a system at all, but your ass in an ssh over there running strace, but sysdig is a much more sophisticated way of doing that in a modern environment. It is important to understand the differences between the alerting OLTP system, the trend collecting data warehouse system and the debug system:\nThe first two systems have incompatible, antagonistic requirements. What you build can be either small, highly available, stable in size, and cheap to setup - or it can be scaleable, humongous but then it\u0026rsquo;s likely not cheap to setup and certainly not small. The first two systems should be collecting time stamped series of numerical metrics, and we still need to talk about these, while the third system, the debug system collects structured data that is not necessarily numerical. That means your organisation and you will for sure have more than one monitoring system. Ideally, in a modern and containerised environment, you will have Prometheus for Type 1 monitoring. In fact, each team will have their own Prometheus for their own services, and you will have Prometheus Federation to build a data flow that collects data from individual per-team sub-monitors to a centralised alerting dashboard. You will need a different system for long term data storage, it\u0026rsquo;s something else as a Type 2 system. You may want to pump data from the Type 1 to the Type 2 system for all things that you want to keep long term records of. But you need to be as comfortable with any of the Type 1 systems losing historical data at any time as you need to be comfortable with the Type 2 system to be offline for some amount of time.\nData, Intervals and Percentiles It is important to understand what\u0026rsquo;s a good metric to collect. A good metric describes something actionable that says something about the system under monitoring. If you think that through, what you want to monitor is the user experience, so in the end what you will be collecting is in many cases a latency, the time it takes for a system to respond, or a capacity (\u0026lsquo;does have enough compute/storage to serve\u0026rsquo;).\nBecause a system that is too slow to respond may technically not be offline, but it is as useless as a system that is offline, or worse. So what you define is usually a list of maximum response times to certain queries and percentages of times in a certain period in which these limits have to be met. And a list of capacity limits that the system must meet.\nIn both cases what you get as a metric is a series of time stamped numeric measurements. And since you want to check \u0026lsquo;How many measurements in a time bucket have been meeting my limits?\u0026rsquo; (\u0026lsquo;How many requests in relation to the total number of requests in the last minute have taken longer than 250ms to process?\u0026rsquo;) you need to deal with percentiles.\nYeah, like this .\nSo, Spikes. How loaded is your network? Well, every network link at any single point in time is either completely busy (because a bit is being transmitted) or completely idle (because no transmission happens). It\u0026rsquo;s digital, there is no 43% busy link, ever, in any place on this planet.\nThat\u0026rsquo;s useless.\nSo over the last second, how many bit-slots have been idle and how many bit-slots have been busy? Well, it\u0026rsquo;s a 10 Gbit/s link, and we have been sending one and a quarter Megabyte in the last second, so that was one Gigabit. That link was 10% busy in the last second. It was also 1% busy in the last ten seconds, because it has been idle the 9 seconds before the last one, and it was 100% busy in the last tenth of a second and idle in the nine Tenths of a second before that.\nThat was a Spike.\nIf we were collecting samples, or network interface byte counters, every second, we would see a 10% busy link. If we were collecting our counters only once per 10 seconds it would be 1% busy.\nIf we plotted that, the two situations would be looking like two completely different scenarios - one would be a clearly visible spike, the other would be an invisible bump. So bucket sizes and percentiles matter, quite a bit.\nUnfortunately, most data sources don\u0026rsquo;t provide us with that. Imagine a router from which you want to collect link utilisation statistics by the way of reading network counters, and turning them into bytes/s readings.\nThings like Graphite have a function for that , and there are rules on how to use that function correctly . Other things, like Diamond, fuck your data up .\nCollect counters, turn them into rates when you need them. Then, how often are you going to read your counters? If you do it too rarely, you get widely spaced metrics and you won\u0026rsquo;t be able to see spikes as spikes. They get spread out across the sampling interval, and consequently are flattened. If you do it too often, you spam the network and the device, ultimately with the metric collection becoming a measurable load in itself.\nWell, a device could provide readings in a batch. So instead of reading a byte/s counter once a second, you could get the measurements for the last 60 one-second intervals every minute - the preferable solution. Or the device could pre-aggregate (and that would be rates, not counters) - it could tell you how many of the one-second buckets of the last minute were in the 0-50% busy bucket, the 50-90% bucket, the 90-99% bucket, the 99-99.9% bucket and so on (complicated, and also not as good as getting counters in a batch).\nSo far I know of no devices that actually are capable of doing this properly, so many people turn up the sampling rate to insane when they are hunting spikes. Not a good situation.\n","date":"2017-08-09T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/09/monitoring-the-data-you-have-and-the-data-you-want.html","tags":["erklaerbaer","monitoring","data center","lang_en"],"title":"Monitoring - the data you have and the data you want"},{"categories":null,"content":"There is an interesting article by Brendan Gregg out there, about the actual data that goes into the Load Average metrics of Linux. The article has a few funnily contrasting lines. Brendan Gregg states\nLoad averages are an industry-critical metric – my company spends millions auto-scaling cloud instances based on them and other metrics […]\nbut in the article we find Matthias Urlichs saying\nThe point of \u0026ldquo;load average\u0026rdquo; is to arrive at a number relating how busy the system is from a human point of view.\nand the article closes with Gregg quoting a comment by Peter Zijlstra in the kernel source:\nThis file contains the magic bits required to compute the global loadavg figure. Its a silly number but people think its important. We go through great pains to make it work on big machines and tickless kernels.\nLet\u0026rsquo;s go back to the start. What\u0026rsquo;s the problem to solve here?\nBrendan Gregg wants his company to scale his virtual machines to demand, because they are paying per use and so they have an incentive to use enough capacity to hold the service level objectives, but not more.\nThe default mechanism to achieve this is a reactive autoscaler using loadav from inside virtual machines as a scale signal.\nWe need to unpack that. So there is a mechanism that will scale his deployment by launching more instances of a thing if a condition is true. By default, the condition is loadav, but Gregg suggests other, less broken metrics in his article: Different CPU and Scheduler metrics, disk metrics, or other system metrics.\nIn a conversation with Tobias Klausmann, he suggested application level latencies as a signal. I agree in that these are the best indicator to signal the existence of a problem. In Load, Load Testing and Benchmarking , there is the hockey stick:\nRequests/s vs. Response/s (Capacity) and Requests/s vs. Response time (Latency). As we raise offered load, the system approaches the 100% line (the vertical saturation line), and a backlog builds.\nThe lower graph shows a system under increasing load. Response times will be almost level while the system is not saturated. If the system reaches saturation, it is about to receive more requests than it can handle, and wait time adds to the think time, so response times go up. Sharply.\nUnfortunately, this is a good indicator which is always late. Latency based autoscaling will react to a system that is saturated when it is saturated, never before. For a system 10% before saturation and a system 5% before saturation, the latencies will be almost the same, so that among the jitter and noise there will be no useful signal to initiate scale-up. Only when we have saturation the latencies go up to trigger a proper signal, but at that point the user experience is already going down the drain. And that is kind of the real problem here.\nThe default mechanism to achieve this is a reactive autoscaler using loadav from inside virtual machines as a scale signal.\nThe scaling mechanism is reactive. It has to be, because any predictive autoscaling is not generic. It can\u0026rsquo;t be built into the platform. A predictive autoscaler knows something about the application, or maybe even the business. For example, you might know from benchmarking that your application requires an instance of the type Z for every m requests/s going into the system. So you could monitor the request rate and just before you reach that limit you are ordering the next instance.\nImage from The virtues of boring technology , Slide #12\nOr you already know the pattern of your business over a year and over a day and actually will know what the request rate is likely going to be tomorrow at 9am on August 9, 2017. In that case you can schedule the appropriate amount of instances in time before the load hits your systems and still have time to warm up all caches.\nIn some environments, supply management is kind of critical: For example, when you sell hotel rooms, you need to know which trade shows are having what kind of impact on the availability of beds around the event site and make sure that you have sufficient supply before the demand materialises. It\u0026rsquo;s a thing you have to do anyway, for the business.\nBut if you are already building demand models for business reasons, you can also use this data to build demand models for hardware utilisation and use it to move from reactive autoscaling to predictive autoscaling.\nSo here are some alternatives to autoscaling with loadav:\nBuild predictive models using business data. It will make the business and your management of it better, and it will make life easier in the machine room, so it pays for itself over and over. Use benchmarking in production to get an idea of the shape of the hockey stick in your environment. Latencies \u0026gt;\u0026gt; every other metric, Real world metrics \u0026gt;\u0026gt; any guess you can have. Latency goes up when a thing is saturated. That\u0026rsquo;s the thing your performance is bound by. You can\u0026rsquo;t survive anything ever, unless you know precisely what that things is and until it is being monitored properly. Get a clue about the request pipeline and identify (latency) metrics that are early warning indicators, if you have any. Then use them for reactive autoscaling. Also, fix your predictive model if you ever scale reactively. TL;DR: Reactive autoscaling sucks. Get out of it. Model your shit.\n","date":"2017-08-09T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/09/scaling-automatically-and-manually.html","tags":["erklaerbaer","performance","container"],"title":"Scaling, automatically and manually"},{"categories":null,"content":" Evaluating the Changing Causes of Photovoltaics Cost Reduction Why is PV Solar Energy getting cheaper and cheaper?\nWe find that increased module efficiency was the leading low-level cause of cost reduction in 1980-2001, contributing almost 30% of the cost decline. The most important high-level mechanism was R\u0026amp;D in these earlier stages of the technology. After 2001, scale economies became a more significant cause of cost reduction, approaching R\u0026amp;D in importance. Policies that stimulate market growth have played a key role in enabling the cost reduction in PV, through privately-funded R\u0026amp;D and economies of scale, and to a lesser extent learning-by-doing\n","date":"2017-08-08T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/08/evaluating-the-changing-causes-of-photovoltaics-cost-reduction.html","tags":["mobility","science","lang_en"],"title":"Evaluating the Changing Causes of Photovoltaics Cost Reduction"},{"categories":null,"content":" Our World in Data has a very nice long read with many interactive visualisations giving context to CO2.\nWe begin with exploring CO2 cumulative (how much CO2 did each nation produce over its industrial history), scaling it to annual emission and then scaling it by population, too. We also learn about CO2 produced vs. CO2 in the atmosphere, which is a delayed system.\nThe second part then deals with CO2 and industrialisation: Emission vs. Properity, vs. Growth, and also with CO2 from trade and transport, and from meat production. As always with Our World in Data, the article concludes with Definitions, Methods and pointers to raw data sources.\n","date":"2017-08-08T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/08/the-story-of-co2-and-other-greenhouse-gas-emissions.html","tags":["science","lang_en"],"title":"The Story of CO2 (and other Greenhouse Gas Emissions)"},{"categories":null,"content":"So some people, companies even, have guidelines that describe how to write shell scripts , or even unit tests for shell scripts , as if \u0026ldquo;UNIX Shell\u0026rdquo; was a programming language.\nThat\u0026rsquo;s wrong.\n\u0026ldquo;Modern Shells\u0026rdquo; are based on a language that has been written without a formal language specification. The source looked like this , because somebody didn\u0026rsquo;t like C and wanted Algol, abusing the preprocessor . The original functionality and language rules had to be reverse engineered from that source, and original shell has a lot of weird rules and quirks :\nYou can use the caret, \u0026lsquo;^\u0026rsquo;, as replacement for the pipe symbol, \u0026lsquo;|\u0026rsquo;.\nCheck out the section\nConsider a variable which has been picked up by the shell from the environment at startup. Modifying this variable creates a local copy.\nin that document, especially the part where they explain this:\nIf you call a script directly from a bourne shell (\u0026quot;./script\u0026quot; without shebang), then the shell only forks off a subshell and reads in the script.\nThe split between original and local copy of the variable is still present in the subshell. But if the script is a real executable with #! magic, or if another sh is called, then fork and exec is used and only the original unmodified variable will be visible.\nAnd it gets better if you go down the entirety of that particular document. If you think Unix Shell is a survivable programming environment, good luck, and please take your code with you while you leave.\n","date":"2017-08-07T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/07/so-you-want-to-write-a-shell-script.html","tags":["computer","erklaerbaer","lang_en"],"title":"So you want to write a Shell script"},{"categories":null,"content":"So why is everything so complicated? At work, I mean.\nThink of a small company. A single person, a founder, is building her business. She knows her way around, it\u0026rsquo;s all in her head: The plan, the things that are important and why, and how they are to be executed. Also, tradeoffs to be corrected later, potential opportunities for later and a lot of other meta: Stuff that does not get executed right now, but that informs decisions, priorities and preferences.\nThings work with some precision, though, like a well programmed wetware CPU.\nThe moment that stuff becomes too large for a single person to handle, more people are involved and things need to be verbalized, written down, given form. At that point, things change quite a bit:\nThe task at hand is to program a second CPU, wetware, with a part of the program that the first person has been executing. That\u0026rsquo;s necessary so she can delegate, and the entire operation can scale.\nUnfortunately, as with all remote procedure call mechanisms, complicated unfolded in-memory structures have to serialized before the can be marshalled off to a second node and are being re-instantiated over there. In this particular case, the language to describe the code to be executed is informally specified, too, and the remote CPU also does not match the specs of the first CPU, that is, English is really bad for programming computers or people, and also each person is different.\nTo make matters worse there is no proper debugger, the same broken language has to be used to printf-debug the remote (\u0026ldquo;Do you understand what I mean?\u0026rdquo; \u0026ldquo;Do you understand why it is important that we do things this way?\u0026rdquo;) and there may be other, older code in the remote that interferes with the execution of our code. People have history and they have ideas.\nIf you think of a company as a large distributed engine to execute code that has been extracted painfully and incompletely from the wetware engine of a founder, and which has been mangled due to improper serialization in a language with limited expressiveness, you have a good idea of the corporate environment.\nYou can\u0026rsquo;t see what happens in the individual nodes, you can only observe the communication between them, and the parts of the program that made it into writing, or at least the Wiki. You can think of processes as written down instructions for the engine:\nAny process (\u0026ldquo;buy more paperclips\u0026rdquo;) describes who needs to talk to whom, about what and why, in order to make things happen (\u0026ldquo;You need to create a purchase order, which needs to be signed by X for values over n EUR in order to limit our liability. The signed order is then sent to Z, who will actually spend money to buy stuff. You get stuff, and sign here to document that.\u0026rdquo;) Writing instructions and process down is important, and a great improvement actually, because writing these instructions down forces all involves parties (including the founders) to come clear about all the details and the meta about the details - things that might have been existing only vaguely in some mind, previously, now have to get a precise shape.\nAlso, they become tangible, and by the way of tangibility, they are open to challenge, discussion and modification - which is why some founders are actually resisting to give tangible form to certain things. Giving tangible shape to instructions and the meta - why instructions, why these instructions, why these instructions in this order with these emphasis - is a complicated, painful and slow process, precisely because the originator of an idea - the founder or some other person with an idea - has to give up the idea and let it out into the world, where it will be subjected to change by others.\nLoss of control is always violent and painful, and as with any new thing given a permanent form, there is always negotiation about the details. Giving birth to anything: It\u0026rsquo;s exhausting. It\u0026rsquo;s not a one step process. A founder has an idea and a plan, but in many parts it is still early, untested and vague.\nThey put things into words, and the words are being tried out - can we work by these instructions, or are there things unclear? Can the instructions work, or does the plan need change? Can it be improved? Can it be applied to other, similar things? Iterations happen. Do we go deep or wide - do we specialize and improve this application of a plan, or do we try to apply the plan as is to as many things as possible first?\nAgain, negotiation, and consequently, exhaustion.\nSo why is everything so complicated? Because companies are broken. All of them.\nTheir engine, their program, their processes, are magnifications of the mind of the founder or other influential people at the top. The entire corporate mechanism is built to do exactly this.\nAnd with this mechanism not only the original idea is being magnified and copied to many minds, but other aspects of the original mind are, too. And because the source was a person, with flaws, they too, are being magnified and multiplied.\nDo you like it around here? Well, that\u0026rsquo;s because like all corporate environments, this one is broken, too. It just so happens that the breakage around here is more compatible with your own flaws than elsewhere.\nYes, your work environment sucks. They all do.\nFind the one that sucks in a way that suits your needs.\n","date":"2017-08-07T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/07/the-company-as-a-social-engine.html","tags":["work","lang_en","remote first"],"title":"The company as a social engine"},{"categories":null,"content":" The Blockchain is the solution to everything, and especially the problem of the state. So or similar goes the hype. This book attacks that hype, and it\u0026rsquo;s fun to read.\nIt very briefly (one chapter of many) and rather easily understandable explains what Merkle trees and eternal logfiles are, how they are different from the blockchain, what \u0026lsquo;proof of work\u0026rsquo; actually means.\nIt then goes on and actually takes apart the libertarian politics bullshit on top of that, by going through all the history of people and \u0026ldquo;businesses\u0026rdquo; connected to Bitcoin, Ethereum and the likes. It is full of stories how they failed, were busted, or simply neglected basic necessities.\nThe book nicely separates out the useful tech part from the political propaganda, and deflates the entire hype around it (Hint: Most people want Merkle trees and a trusted institution, but think they need a Blockchain - they will end up with a blockchain, a centralized institution and a large energy bill).\nVery much recommended, and also a nice present to give to the geek next to you who is exposed to libertarian propaganda bullshit and needs immunization.\n\u0026ldquo;Attack of the 50 foot BLOCKCHAIN \u0026rdquo;, David Gerard, EUR 5.67\n","date":"2017-08-01T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/01/fertig-gelesen-attack-of-the-50-foot-blockchain.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: Attack of the 50 foot Blockchain"},{"categories":null,"content":"Matthew Dutton: »@mipsytipsy I thought \u0026ldquo;You have to test in production\u0026rdquo; was a bold statement and would love to hear more of your thoughts on the topic.«\nCharity Majors: »Hmmm, you\u0026rsquo;re not the only one to call this out. I\u0026rsquo;ll add it to my list of \u0026ldquo;articles to write someday\u0026rdquo; ? but here\u0026rsquo;s the gist: We have always tested in production, just not well. And obviously, I\u0026rsquo;m not advising anyone to do less of the usual pre-production testing methods, but at some point, esp with distributed systems, you just can\u0026rsquo;t usefully mimic the qualities of size and chaos that tease out the long thin tail of bugs. Imagine trying to spin up a staging copy of Facebook, or the national electrical grid! You can\u0026rsquo;t, and have sharply diminished returns. If you can catch 80-90% of the bugs with 10-20% the effort (and you can), the rest is more usefully poured into making production resilient.\n[How do you do testing in production?] Canarying; automated canarying and promotion in stages; empowering your developers to explore live production systems with e.g. @honeycombio (hi), making rollbacks wicked fast and reliable; instrumentation; education and training, feature flags a la @launchdarkly. all great use of time. Basically what I\u0026rsquo;m trying to say is, embrace failure. Get used to the inevitability and lean into it, iff you have a system like this. If you\u0026rsquo;ve got a rails app and five engineers then ignore everything I\u0026rsquo;m saying until the moment is right :)\nDevdas Bhagat: »Just tagging potental speakers who know a bit about that topic.«\nKristian Köhntopp: Decouple rollout and activation (feature flags, experiment framework) Low latency monitoring Monitor the shit out of everything Implement schema changes with old and new version being live simultaneously For each change, know your providers, know your consumers Strategy: Make testing in production as safe as you can possibly make it. That has manifold returns: It makes developers production aware; builds knowledge in handling real catastrophes in regular operational situations; builds confidence and competence; you get actual measurements, which is good calibration. In general, you build antifragility.\nTesting in Production also allows testing of features for commercial viability fast, before you invest lots of development resources to build them out. So it enables you to throw away 95% of the code before it is written. That\u0026rsquo;s actually the most valuable part of it.\nContent slightly edited to make it easier to read.\n","date":"2017-08-01T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/01/twitter-so-testing-in-production.html","tags":["computer","work","lang_en"],"title":"Twitter so: Testing in Production"},{"categories":null,"content":" In How to Kill a City Peter Moskowitz takes severals US example cities to show the general process of Gentriciation and the individual differences. We get to know the development stories of New Orleans, Detroit, San Francisco and New York, in order to better understand the mechanism and root causes of Gentrification, which is not about Hipsters and Latte at all, but about rent seeking, backroom dealing to change the law, and - specifically in the US - also about the history and perpetuation of racism.\nMoskowitz, living in and loving New York, is deeply partisan, as he has been witnessing the slow destruction and transformation of the neighborhood of his youth, but he has his facts straight and reasons solidly. If you want to understand what \u0026ldquo;Gentrification\u0026rdquo; means and how it is sown before it starts and grows to eat a Neighborhood, this book is a good starting place.\n\u0026ldquo;How to Kill a City \u0026rdquo;, Peter Moskowitz, EUR 10.99\n","date":"2017-07-31T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/31/fertig-gelesen-how-to-kill-a-city-gentrification-inequality-and-the-fight-for-the-neighborhood.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: How to Kill a City, Gentrification, Inequality and the Fight for the Neighborhood"},{"categories":null,"content":" Kill Process is set in the same universe as \u0026ldquo;Avogadro Corp:, but is a freestanding story and not part of the Avogadro Series.\nWe meet Angelina Benenati. She\u0026rsquo;s a self taught hacker and database architect for Tomo, which is as much not Facebook as Avogadro Corporation is not Google and Braeburn is not Apple in Hertlings stories. She has a shady past, in which she hacked systems under the name of \u0026ldquo;Angel of Mercy\u0026rdquo;. She came out of an abusive relationship by the way of stealthily murdering her husband by the way of hacking the car\u0026rsquo;s computer, and she lost an arm in the resulting accident.\nAngelina suffers from PTSD because of that, and she\u0026rsquo;s also on a crusade to use her unlimited database access at Tomo to identify women in abusive relationships and dextering their husbands through hacking to free them. Until she realizes that Tomo itself somehow has a quite abuse relationship with its users, and she sets out to change that.\nShe does this by inventing something that is completely not Octodon, and putting it into a startup. Which kind of forces her to stop her dextering, to confront her issues and start healing, and to actually create instead of destroying. Until somebody sets out to stalk her and tries to kill her.\nWell written thriller with believable tech, solid Opsec advice, and generally a book so much better discussing \u0026ldquo;social networks\u0026rdquo; than \u0026ldquo;Eggers\u0026rsquo; The Circle\u0026rdquo; that it\u0026rsquo;s off scale. Strongly recommended.\n\u0026ldquo;Kill Process \u0026rdquo;, William Herling, EUR 4.99\n","date":"2017-07-30T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/30/fertig-gelesen-kill-process.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: Kill Process"},{"categories":null,"content":" The story begins as a Fantasy novel in a magical universe: We have two warring factions of magicians, a dragon attack, Gnomes and other entities from the fables and fairy tales.\nWe also have Rowan, the Steerswoman. She is more than a navigator and map maker, she\u0026rsquo;s part of a group of people that believes in science, in documentation and in open sources - the steerswomen. When a Steerswoman asks, you must answer, and truthfully. If you ask any Steerswoman, she\u0026rsquo;ll also answer to the best of her knowledge and truthfully. As a group, they are gathering information about the world they live in.\nAnd as it becomes apparent to the reader quite quickly, that world is an alien planet with a hostile and incompatible biology, that is slowly transformed into a world that is more amenable to humans and life from Earth. All of this is unknown to Rowan and her people, because the knowledge about their origin and much science has been lost and they fell back to an almost medieval level of living. So this entire series is about Open Sources, about the Scientific Method and progress in a world of Magic and Fantasy, about Clarke\u0026rsquo;s law. It is also about a Xenobiology and The Alien and about many more things.\nAbove all, it\u0026rsquo;s about the characters, which are living and alive in a way that is not unlike the inhabitants of Pern . And not unlike Pern, but in a much more nuanced and interesting way, this is about ecology, human and xeno, too. Well written and fascinating - don\u0026rsquo;t start this series without having the time to read, because you will want to go through all available books in the shortest possible time.\nThe Steerswoman Series is incomplete, four books are out, and two are still being written. Book 6 is almost complete and the title is known (The City in the Crags ) and Book 5 is in the making and will be published \u0026ldquo;when it is ready\u0026rdquo;.\nThe Steerswoman , first book in the eponymous series, starts out with Rowan taking a kind of break in her mapmaking tasks to investigate the origin of some strange black stones or shards with strange bluish, patterned lines on them.\nThe book establishes the world Rowan lives in, and a small bit of history: One of the strangely stationary moons of the world, the Guidestars, has fallen and is now gone. We learn about the inhabitants of the world, humans and wizards, but there are also Gnomes, Dragons and Demons. We learn about the lay of the land, the Inner Lands, where Rowan lives, and the Outskirts, which are full of many strange creatures (such as the Demons) and which are a hostile environment in which humans can barely persist.\nThe Outskirter\u0026rsquo;s Secret explores this in more depth, as Rowan wants to find the fallen Guidestar and the origin of the strange stones. She\u0026rsquo;s also in for a tour of the native biology of the strange planet humanity lives on, and is slowly gaining an understanding of how The Outskirts work and slowly turning the planet into a world that can sustain Earth life. She\u0026rsquo;s also learning how different the lives and the culture of the Outskirters are from the ways of the Inner Lands, and how their world is shaped by necessity and the harshness of the land. In the end, Rowan and us both gain a good idea on what has happened four decades ago when the Guidestar fell.\nThe Lost Steersman takes Rowan back to the Inner Lands, at least originally, and then to the sea, as Rowan searches for the mysterious wizard Slado, who seemed to be responsible for the fall of the Guidestar. We also meet Janus, an Ex-Steersman, who seems to be connected and who also seems to be involved in the Demon attacks on the city of Alemeth, where he lives. When the Demons come to get him, Rowan follows him out to the sea, behind the border of the Outskirts and the Dolphin Stairs into the native lands of the Demons.\nKirstein does an excellent job of painting The Alien as that, alien. Intelligent, but strange and so far removed that communication is almost impossible, but for one brief Darmok and Jalad at Tanagra moment. Also, map-making Rowan finally understands the true size of the world she is living in and how tiny and fragile the human settlement on it actually is.\nThe Language of Power takes Rowan back to the Inner Lands after she understood that the Demon plague has not been orchestrated by Slado and that her enemy is to be found within the human part of her homeworld. In the city of Donner, she\u0026rsquo;s planning on learning more about the wizards and their ways, and she has brilliant help. Because her grenade throwing proto magician whizkid from the start of the series has grown up, and he\u0026rsquo;s been learning programming languages.\n\u0026ldquo;The Steerswoman \u0026rdquo;, Rosemary Kirstein, EUR 2.99\n\u0026ldquo;The Outskirter\u0026rsquo;s Secret \u0026rdquo;, EUR 2.99\n\u0026ldquo;The Lost Steersman \u0026rdquo;, EUR 3.50\n\u0026ldquo;The Language of Power \u0026rdquo;, EUR 3.58\n","date":"2017-07-29T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/29/fertig-gelesen-the-steerswoman-series.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: The Steerswoman Series"},{"categories":null,"content":" Bob is making what he was built for: more Bobs. Bob is in fact a dead computer programmer back from the destroyed and near inhabitable Planet Earth, who has been turned into an upload inhabiting a Von Neumann probe. His mission is to explore strange new worlds, going where nothing has gone before and make more of himself.\nYou can read more of his Genesis in We Are Legion Part 1 of the Bobiverse series .\nThis second book in the series plays 40 years later, not that it matters much in the grand order of things. Bob still has to deal with the problems that were becoming visible in the first book: there are still Brasilian space probes out there to get him, he still has to understand and manage the ecology of the alien world, where he plays Sky God to a bunch of stone age level aliens, and he still has to learn more about the mysterious planet eating aliens he encountered at the end of Book 1.\nSo this is a story told from the point of view of a computer with the body of a space ship, yet it is strangely human in a very compelling way: The nation of Bobs is developing in an interesting diverse way, the interaction of Bob with the remainder of The Faith is elegant politics and very human revenge, there is an actual love story which obviously can end only on a sad note, and a bunch of other very touching moments.\nThere are some obvious plot holes or discrepancies, where the author grossly underestimates the size and amount of resources in an entire star system - and on the other end a Dyson sphere.\nBut the book is well written and a fun read. Part 3 will come out in a week.\n\u0026ldquo;For We Are Many \u0026rdquo;, Dennis E. Taylor, EUR 4.63 (free with Kindle unlimited)\n","date":"2017-07-28T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/28/fertig-gelesen-for-we-are-many.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: For We Are Many"},{"categories":null,"content":" Illegal and undocumented instructions are not a new thing. The Commodore 64 CPU, a 6502 with a few additional I/O lines, was known to have them. Since on current CPUs we can completely VLSI simulate a 6502 in Javascript we also understand where they come from.\nPagetable.com has a wonderful article on this . So how about current CPUs? Modern CPUs are vastly bigger and more complicated than a 6502, and they are also set up very differently. So simulation is not taking us anywhere, but we can fuzz. Sandsifter is such a CPU fuzzer: it generates every conceivable instruction byte combination and then tries to observe what happens.\nSandsifter has uncovered secret processor instructions from every major vendor; ubiquitous software bugs in disassemblers, assemblers, and emulators; flaws in enterprise hypervisors; and both benign and security-critical hardware bugs in x86 chips.\nThe findings have been summarized in a whitepaper (PDF ), which also describes how to effectively search the instruction space of a CPU that has variable length instructions from 1 to 15 bytes in length.\nA crafty way of using page faults to determine the length of privileged instructions while running unprivileged is shown. The strategy implemented reduces the search space from some 10E36 instructions down to about 100 million, which is a manageable size on modern CPUs. Known instructions (things that some reference disassembler knows and correctly predicts) are eliminated, the rest is interesting and deserves attention.\n","date":"2017-07-28T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/28/illegal-and-undocumented-instructions.html","tags":["computer","security","lang_en"],"title":"Illegal and undocumented instructions"},{"categories":null,"content":" War Factory is the second of three Books in Neal Ashers Transformation Sequence , a trilogy set in his Polity Universe The storyline continues with the characters and themes of the first book - it\u0026rsquo;s about atonement and redemption. And as we learn, not just about the redemption of the mad AI Penny Royal, but also about the aftermath of the Human-Prador war and the redemption of the various persons (Human, Haiman, Prador and AI) that have been damaged by the war. We see in fact a lot more of the prador, and how the war affected them personally, and as a society.\nThe pacing is still slow in places, and not a lot of plot is happening, but there is a lot of background and development. Considering that this is the bridge book in a trilogy, it\u0026rsquo;s actually pretty good and satisfying.\n\u0026ldquo;War Factory \u0026rdquo;, Neal Asher, EUR 5.99\n","date":"2017-07-27T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/27/fertig-gelesen-war-factory.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: War Factory"},{"categories":null,"content":"Dear Internet, Today I Learned that oath-toolkit exists in Homebrew. So, this is a thing:\n$ brew install oath-toolkit $ alias totp=\u0026#39;oathtool --totp -b YOURSECRET32BLA | pbcopy\u0026#39; And so is this:\n#! /usr/bin/env expect -f # exp_internal 1 set seed [ exec security find-generic-password -w -a $USER -s seed ] set totp [ exec oathtool --totp -b $seed ] set pass [ exec security find-generic-password -w -a $USER -s pass ] spawn ssh verysecure.doma.in expect \u0026#34;word:\u0026#34; sleep 1 send \u0026#34;$pass\\r\\n\u0026#34; expect \u0026#34;Two Factor Token:\u0026#34; sleep 1 send \u0026#34;$totp\\r\\n\u0026#34; interact Yup, it\u0026rsquo;s totally possible to laugh and cry at the same time.\n","date":"2017-07-27T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/27/zero-factor-authentication.html","tags":["security","erklaerbaer","lang_en"],"title":"Zero Factor Authentication"},{"categories":null,"content":"Two weeks ago, I wrote about The Data Center in the Age of Abundance and claimed that IOPS are - among other things - a solved problem.\nWhat does a solved problem look like?\nHere is a benchmark running 100k random writes of 4K per second, with zero Jitter, at 350µs end-to-end write latency across six switches. Databases really like reliably timed writes like these. Maximum queue depth would be 48, the system is not touching that.\nand here is iostat on the iSCSI client running the test\n100k random writes, 4k write size, inside a 2 TB linux file of random data, on a 15 TB filesystem with XFS, on an LVM2 volume provided by iSCSI over a single 10 GBit/s interface, with six switch hops between the linux client and the array.\nThe array claims 150µs latency, on the linux we measure around 350µs. Out of that, there are less than 50µs from the switches and 150µs or more from the Linux storage stack (and that is increasingly becoming an issue).\nTested product was a Purestore Flasharray-X , client was Dell PowerEdge R630, 2x E5-2620v4, 128G, 10GBit/s networking.\nThanks, Peter Buschman!\n","date":"2017-07-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/26/an-abundance-of-iops-and-zero-jitter.html","tags":["filesystems","data center","container","performance","lang_en"],"title":"An abundance of IOPS and Zero Jitter"},{"categories":null,"content":"The German Language podcast Lage der Nation has published an interview with Axel Friedrich on Dieselgate. Axel Friedrich has been a department lead in the German Umweltbundesamt until 2008, now working with BUND and other environmental NGOs in Germany and instrumental in uncovering Dieselgate on the German side.\nThe interview contains some very interesting remarks on rental car companies and car maker owned car leasing companies, and how the shape the car market. A deprecation of Diesel cars by those leasing companies is instrumental to transforming the car maret and in promoting the shift to BEVs.\nSimilar, but different concerns from Bloomberg in Europe’s Car-Leasing Boom Sets Off Alarm Bells .\nBuyers of notes backed by auto debt are increasingly vulnerable to drops in used-vehicle prices because more and more drivers in Europe are leasing cars and trading them in for new ones.\n[…]\n“If there’s a steeper decline in car values, then borrowers will be incentivized to return their vehicles and it will be bondholders who bear any losses,” said Aaron Baker, a London-based credit analyst at Banco Bilbao Vizcaya Argentaria SA. “This exposure to used-car prices could be catastrophic.”\nBasically, cars are valuable things and are being used to secure loans and bonds, and are also bought on loans and bonds where the intrinsic value of the vehicle is being used to secure the load for buying it. Changes in the price of used cars by shifts in how cars are bought (In the future, less people want to own a car) and which cars have value (In the future, Diesel will be close to worthless and people want to buy BEVs) are threats to credit security and to the financial business around car purchase in itself.\nThe change to BEVs and to self-driving cars will be much more disruptive than anticipated.\n","date":"2017-07-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/26/financial-dynamics-of-a-shift-to-bev-transport.html","tags":["mobility","lang_en"],"title":"Financial dynamics of a shift to BEV transport"},{"categories":null,"content":"Digging through my bookmarks and open tabs was interesting. The picture of the future that emerges: With costs for energy approaching the 1 cent range per kWh, electrical energy is going to be close to free. Money can and will be charged for guarantees, because batteries or other forms of storage still cost money.\nGuardian: \u0026lsquo;Spectacular\u0026rsquo; drop in renewable energy costs leads to record global boost »The new renewable energy capacity installed worldwide in 2016 was 161GW, a 10% rise on 2015 […] The new record capacity cost $242bn, a 23% reduction in investment compared to 2015, and renewables investment remained larger than for all fossil fuels. Subsidies for green energy, however, are still much lower than those for coal, oil and gas.« SolAmerica: SolAmerica Energy Launches 1.3 MW Solar Project on President Carter\u0026rsquo;s Farm in Plains, Georgia »Former President Jimmy Carter leased a 10-acre (40.000 sqm) site in his hometown to SolAmerica for development of the 1.3 MW solar project, which will provide over 50% of the power needs of the City of Plains.« Bloomberg: German Tenants Win Right to Generate Solar Power on Rented Roofs »Lawmakers are set to pass legislation dubbed “Tenant Power” on Thursday in Berlin. The bill promises owners of tenant blocks a subsidy of as much as 3.8 cents (4.3 U.S. cents) a kilowatt-hour for generating solar power on rooftops or from basement combined heat and power units.« Bloomberg: Solar Power Will Kill Coal Faster Than You Think The tipping point will be 2021 for China, Germany is already past it. Forbes: The Cost Of Wind And Solar Intermittency »What is the integration threshold? There is no threshold, per se. The cost of managing intermittency is nonlinear and depends upon the mix and location of dispatchable and non-dispatchable sources, the match of local demand patterns with variable source pattern, and various other factors. Based on model studies of Germany and Indiana, Falko Ueckerdt found integration costs began to become significant at 20% [intermittent energy sources].« Christopher Schwarzer: DIE DEUTSCHLAND-BATTERIE, TerraE baut Zellfabrik in der Bundesrepublik (Article in German) »Die Gründungsgesellschafter der TerraE Holding GmbH sind Holger Gritzka, bisher Head of Battery Technologies bei ThyssenKrupp, Dr. Ulrich Ehmes, zuvor CEO der Schweizer Batteriefirma Leclanché sowie die BMZ Holding GmbH.« TerraE wird spätestens Ende 2019 eine deutsche Batteriefabrik am Start haben. BMZ hat die Batterien für die Streetscooter geliefert. PV Magazine: TerraE bildet Konsortium für Gigawattfertigung füLithium-Batteriezellen (Article in German) »17 Unternehmen und Forschungsinstitut haben sich mit TerraE zu einem Konsortium zusammengeschlossen. Ziel ist der Aufbau einer Großserienfertigung von Lithium-Ionen-Zellen an zwei Standorten in Deutschland.« PV Magazine: Energy storage already cost-competitive in commercial sector, finds study »Cheaper battery prices sees storage playing a broader role in energy markets, particularly for commercial customers seeking to reduce peak consumption, research from McKinsey shows.« Energiespeicher Blog: Unterirdische Pumpspeicher (Article in German) »Wie bereits mehrfach erwähnt, sind Pumpspeicher die verbreitetste Methode elektrische Energie in großer Menge abzuspeichern. [\u0026hellip;] Unterirdische Speicherkraftwerke sind von den Kosten nicht in einer anderen Welt als Batterien oder obertägige Pumpspeicher. Allerdings gibt es je nach Technologie erhebliche unterschiedliche technische Probleme und spezifische Kosten.« Singularity Hub: Canada Is Building a 7 Megawatt-Hour Compressed Air Energy Storage Plant »Compressing air in porous caves can serve as a backup form of power that can be tapped when the demand for power is high.« New Shift: This is how Big Oil will die »And here is what is disruptive for Big Oil: Self-driving vehicles get to combine the capital savings from the improved lifetime of EVs, with the savings from eliminating the driver. The costs of electric self-driving cars will be so low, it will be cheaper to hail a ride than to drive the car you already own.« Using the math in the article, this will even be the case if the car is a traditional Taxi with driver, as long as it is electric and has the lifetime assumed in the article.The second half of the article discusses the US coal crash, which happened between 2011 and 2016 (the four largest US coal companies were worth about 45 bn USD together in 2011, and all bancrupt in 2016). Mark Bently: Tweet »I recently made this simply plot showing the solar flux at various longitudes on Mercury\u0026rsquo;s equator. The blue line shows the value at Earth. Bloomberg: Bird Radar May Help Reduce Wind Turbine Deaths Shared for this graph: ","date":"2017-07-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/26/renewables-energy-is-free-guarantees-cost-money.html","tags":["mobility","energy","climate","lang_en"],"title":"Renewables: Energy is free, guarantees cost money"},{"categories":null,"content":"So I have been testing, again. My hapless test subject this time is a Dell Box, an R630. It has a comfortable 384GB of memory, one of two 25 GBit/s ports active, and it comes with two E5-2690v4 CPUs. That gives it 14 cores per die, 28 cores in total, or with hyperthreading, 56 threads.\n$ cat /proc/cpuinfo | grep \u0026#39;model name\u0026#39; | uniq -c 56 model name : Intel(R) Xeon(R) CPU E5-2690 v4 @ 2.60GHz $ ./mprime -v Mersenne Prime Test Program: Linux64,Prime95,v28.10,build 1 I have not been nice, because I have been abusing the box with mprime95 in Torture Test Mode, trying to make it consume as much power as possible.\n$ cat prime.txt V24OptionsConverted=1 WGUID_version=2 StressTester=1 UsePrimenet=0 MinTortureFFT=8 MaxTortureFFT=64 TortureMem=0 TortureTime=3 TortureThreads=56 [PrimeNet] Debug=0 Running this with variable values for TortureThreads allows me to learn the impact of CPU usage on power consumption. When Idle, the box consumes 170W, because we basically prevented it from sleeping. When busy, it’s some 406 to 420W.\nRunning at almost full power.\nAnd the power consumption is not linear. Well, it is up to 28 Threads, and then more or less plateaus.\nWatt used, by number of threads busy.\nFrom 170W idle to 406W at 28 Threads busy, then basically static for the rest.\nIf you think about this, it makes a lot of sense. At 28 Threads busy, all the physical cores are being kept busy by mprime95, which is very much architecture and topology aware.\nIt analyzes which Threads are located on which Cores and Dies, and then sets itself up with CPU affinity for maximum utilization. So at 28 Threads busy (50% full capacity) we are already pretty much at full power consumption.\nUnfortunately, conversely this looks not as nice:\nIf you define the full power usage at 420W and want to spend only half of that, 210W, you will reach that point at around 4-6 Threads busy - about 10% of the potential compute already consume 50% of the power.\nAnother way to think about it is Watt per Thread:\nWatts per Thread.\nA nice hockey stick. Inflection point is around 6 cores. Things are becoming interesting, from a bang/buck perspective, if the box is at load 6 or higher at all times. From a data center planning perspective, it becomes clear that there is no way to make thermally oversubscribing racks financially attractive.\nIt is better to build for full thermal utilisation without oversubscription, and then make sure the boxes are always as busy as possible. Computation past a base load of 6 is basically available for free from a power/cooling point of view.\n","date":"2017-07-19T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/19/threads-vs-watts.html","tags":["data center","computer","lang_en"],"title":"Threads vs. Watts"},{"categories":null,"content":"Short link to NBC Miami :\nSouth Miami Set to Become First City in Florida to Require Solar Panels on New Homes The new law would require owners of new homes \u0026ndash; including single-family homes, townhouses and multi-story residential buildings \u0026ndash; to install solar panels. It also applies to owners who expand their homes by 75% or greater. Once the measure is passed, South Miami would become the fourth U.S. city that requires new homes to be installed with solar panels. San Francisco and two small cities in California have similar renewable energy building laws.\n","date":"2017-07-18T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/18/mandatory-solar-panels-for-new-homes.html","tags":["mobility","lang_en"],"title":"Mandatory solar panels for new homes"},{"categories":null,"content":"Today somebody had a problem with expiring a large table (a Serendipity Blog table).\nIn MySQL InnoDB, tables are physically ordered by primary key (InnoDB data is a B+ tree, a balanced tree where the data pages are the leaves of the tree). If you are expiring old data from such a log table, you are deleting from the left hand side of the tree, and since it is a balanced tree, that triggers a lot of rebalancing - hence it is very slow.\nIf you rename the old table and INSERT … SELECT the data you want to keep back into the original table, that can be faster.\nBut if the data you want to keep is larger than memory, the indexing of the data will still be slow. A nice way to handle log tables are partitions. Here is an example. It\u0026rsquo;s not very cleaned up, but it works on my system.\n#! /usr/bin/env python -- # setting up the python environment: # pip install virtualenv # virtualenv partitions # cd partitions # source bin/activate # pip install --update pip # pip install mysqlclient click # setting up the MySQL: # create user demo@localhost identified by \u0026#34;pfrtlng\u0026#34;; # grant all on demo.* to demo@localhost; # Testing: # ./partitions drop --name keks # ./partitions create --name keks # ./partitions fill --name keks # mysql -u demo -ppfrtlng demo -e \u0026#39;select * from information_schema.partitions where table_name = \u0026#34;keks\u0026#34;\u0026#39; # ./partitions add --name keks # mysql -u demo -ppfrtlng demo -e \u0026#39;select * from information_schema.partitions where table_name = \u0026#34;keks\u0026#34;\u0026#39; # ./partitions add --name keks # ./partitions add --name keks # ./partitions add --name keks # mysql -u demo -ppfrtlng demo -e \u0026#39;select * from information_schema.partitions where table_name = \u0026#34;keks\u0026#34;\u0026#39; # ./partitions dropbyname --name keks --pname p0 # mysql -u demo -ppfrtlng demo -e \u0026#39;select * from information_schema.partitions where table_name = \u0026#34;keks\u0026#34;\u0026#39; # ./partitions dropbyvalue --name keks --valuebelow 500001 # mysql -u demo -ppfrtlng demo -e \u0026#39;select * from information_schema.partitions where table_name = \u0026#34;keks\u0026#34;\u0026#39; # ./partitions drop --name keks import click import MySQLdb import random import string from pprint import pprint # A lot of SQL collected here db_config = dict( host = \u0026#34;localhost\u0026#34;, user = \u0026#34;demo\u0026#34;, passwd = \u0026#34;pfrtlng\u0026#34;, db = \u0026#34;demo\u0026#34;, ) sql_drop_table = \u0026#39;drop table %s\u0026#39; sql_create_table = \u0026#34;\u0026#34;\u0026#34;create table %s ( counter_id integer not null primary key auto_increment, data varchar(64) not null ) %s \u0026#34;\u0026#34;\u0026#34; sql_partition_clause = \u0026#39;partition by range (counter_id) ( %s )\u0026#39; sql_partition_range_clause = \u0026#39;partition p%d values less than (%d),\u0026#39; sql_insert_into = \u0026#39;insert into %s ( counter_id, data ) values ( %d, \u0026#34;%s\u0026#34; )\u0026#39; sql_find_partitions = \u0026#34;\u0026#34;\u0026#34;select partition_name, partition_description from information_schema.partitions where table_schema = \u0026#39;%s\u0026#39; and table_name = \u0026#39;%s\u0026#39; order by cast(PARTITION_DESCRIPTION as signed) desc limit 2\u0026#34;\u0026#34;\u0026#34; sql_alter_table_add_partition = \u0026#39;alter table %s add partition ( partition %s values less than (%d))\u0026#39; sql_alter_table_drop_partition = \u0026#39;alter table %s drop partition %s\u0026#39; sql_find_partition_by_value = \u0026#34;\u0026#34;\u0026#34;select partition_name from information_schema.partitions where table_schema = \u0026#39;%s\u0026#39; and table_name = \u0026#39;%s\u0026#39; and cast(partition_description as signed) \u0026lt; %d\u0026#34;\u0026#34;\u0026#34; ########### # create a db connection db = MySQLdb.connect(**db_config) @click.group(help=\u0026#39;Test row expiration with and without partitions.\u0026#39;) def partitions(): pass @partitions.command() @click.option(\u0026#39;--name\u0026#39;, default=\u0026#39;demo\u0026#39;, help=\u0026#39;Table name to drop\u0026#39;) def drop(name): cmd = sql_drop_table % name # click.echo(\u0026#39;CMD: %s\u0026#39; % cmd) try: c = db.cursor() c.execute(cmd) click.echo(\u0026#39;Table \u0026#34;%s\u0026#34; dropped.\u0026#39; % name) except MySQLdb.OperationalError as e: click.echo(\u0026#39;Table \u0026#34;%s\u0026#34; did not exist.\u0026#39; % name) @partitions.command() @click.option(\u0026#39;--name\u0026#39;, default=\u0026#39;demo\u0026#39;, help=\u0026#39;Table name to create\u0026#39;) @click.option(\u0026#39;--partitioned/--no-partitioned\u0026#39;, default=True, help=\u0026#39;Create table partitioned?\u0026#39;) @click.option(\u0026#39;--size\u0026#39;, default=1000000, help=\u0026#39;Expected table size\u0026#39;) @click.option(\u0026#39;--psize\u0026#39;, default=100000, help=\u0026#39;Partition size\u0026#39;) def create(name, partitioned, size, psize): pcmd = \u0026#39;\u0026#39; # add partitioning clause to create table statement if (partitioned): ppcmd = \u0026#39;\u0026#39; counter = 0 # add all the ranges for r in range(0, size+1, psize): ppcmd = ppcmd + ( sql_partition_range_clause % (counter, r)) counter = counter + 1 # remove the trailing comma pcmd = sql_partition_clause % ( ppcmd.rstrip(\u0026#39;,\u0026#39;) ) # complete the create table statement cmd = sql_create_table % ( name, pcmd ) c = db.cursor() try: c.execute(cmd) click.echo(\u0026#39;Table \u0026#34;%s\u0026#34; created %s partitions.\u0026#39; % ( name, \u0026#34;with\u0026#34; if partitioned else \u0026#34;without\u0026#34;)) except MySQLdb.OperationalError as e: click.echo(\u0026#39;Table \u0026#34;%s\u0026#34; already exists.\u0026#39; % name) @partitions.command() @click.option(\u0026#39;--name\u0026#39;, default=\u0026#39;demo\u0026#39;, help=\u0026#39;Table name to insert into\u0026#39;) @click.option(\u0026#39;--size\u0026#39;, default=1000000, help=\u0026#39;Number of rows to load into the table.\u0026#39;) def fill(name, size): for i in range(1, size): str = \u0026#39;\u0026#39;.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(20)) cmd = sql_insert_into % (name, i, str) c = db.cursor() try: c.execute(cmd) except MySQLdb.Error as e: click.echo(\u0026#34;MySQL Error: %s\u0026#34; % e) # commit every 1000 statements if (i % 10000 == 0): db.commit() # one final commit db.commit() @partitions.command() @click.option(\u0026#39;--name\u0026#39;, default=\u0026#39;demo\u0026#39;, help=\u0026#39;Table name to add partition to\u0026#39;) @click.option(\u0026#39;--size\u0026#39;, default=None, type=click.INT, help=\u0026#39;Partition size in id count\u0026#39;) def add(name, size): global db_config # we need the schema name schema = db_config[\u0026#39;db\u0026#39;] cmd = sql_find_partitions % ( schema, name ); # find me the two last partitions from I_S.PARTITIONS # click.echo(\u0026#34;Sql: %s\u0026#34; % cmd) c = db.cursor(MySQLdb.cursors.DictCursor) c.execute(cmd) r = c.fetchall() # if no size was given, we take the interval from the two highest numbered partitions as default if size is None: size = int(r[0][\u0026#39;partition_description\u0026#39;]) - int(r[1][\u0026#39;partition_description\u0026#39;]) limit = int(r[0][\u0026#39;partition_description\u0026#39;]) + size # we automatically calculate the new partition name p(XX+1) from the last pXX pname = \u0026#39;p\u0026#39; + str(int(r[0][\u0026#39;partition_name\u0026#39;][1:]) + 1) cmd = sql_alter_table_add_partition % ( name, pname, limit ) # click.echo(\u0026#34;Sql: %s\u0026#34; % cmd) c = db.cursor() try: c.execute(cmd) click.echo(\u0026#39;Partition %s has been added (values less than %d, that is a %d step size.)\u0026#39; % (pname, limit, size)) except MySQLdb.Error as e: click.echo(\u0026#34;MySQL Error: %s\u0026#34; % e ) exit(1) @partitions.command() @click.option(\u0026#39;--name\u0026#39;, default=\u0026#39;demo\u0026#39;, help=\u0026#39;Table name to drop partition from\u0026#39;) @click.option(\u0026#39;--pname\u0026#39;, help=\u0026#39;Drop partition by name pXXX\u0026#39;) def dropbyname(name, pname): if pname is None: click.echo(\u0026#39;I need a --pname\u0026#39;) exit(1) cmd = sql_alter_table_drop_partition % ( name, pname) # click.echo(\u0026#39;Sql: %s\u0026#39; % cmd) c = db.cursor() try: c.execute(cmd) click.echo(\u0026#34;Dropped partition named %s\u0026#34; % pname) except MySQLdb.Error as e: click.echo(\u0026#34;MySQL Error: %s\u0026#34; % e) exit(1) @partitions.command() @click.option(\u0026#39;--name\u0026#39;, default=\u0026#39;demo\u0026#39;, help=\u0026#39;Table name to drop partitions from\u0026#39;) @click.option(\u0026#39;--valuebelow\u0026#39;, type=click.INT, help=\u0026#39;Drop all partitions with values below X\u0026#39;) def dropbyvalue(name, valuebelow): global db_config # we need the schema name schema = db_config[\u0026#39;db\u0026#39;] if valuebelow is None: click.echo(\u0026#39;I need a --valuebelow\u0026#39;) exit(1) cmd = sql_find_partition_by_value % ( schema, name, valuebelow) # click.echo(\u0026#34;Sql: %s\u0026#34; % cmd) c = db.cursor() try: c.execute(cmd) except MySQL.Error as e: click.echo(\u0026#34;MySQL Error: %s\u0026#34; % e) exit(1) result = c.fetchall() # reseult[rownr][0] is partition name for row in result: cmd = sql_alter_table_drop_partition % (name, row[0]) # click.echo(\u0026#34;Sql: %s\u0026#34; % cmd) c = db.cursor() try: c.execute(cmd) click.echo(\u0026#34;Dropped partition named %s\u0026#34; % row[0]) except MySQL.Error as e: click.echo(\u0026#34;MySQL Error: %s\u0026#34; % e) partitions() ","date":"2017-07-09T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/09/using-mysql-partitions-a-python-example.html","tags":["mysql","erklaerbaer","lang_en"],"title":"Using MySQL Partitions (a Python example)"},{"categories":null,"content":"based on an old Google plus article from 2015: What you observe as Planned Obsolescence is often the natural outcome of fast product cycles that are necessary for any new technology. When a new thing arrives in the market, it is often barely viable, a minimum viable product .\nWe are remembering the iPhone 1 as revolutionary, but we chose to forget about is slowness, its clunkyness and the very limited feature set it had. And those of us having purchased a car with built-in satnav now have to deal with a car radio where you have to choose between listening to a CD or putting in the outdated CD-ROM with navigation data - and then wait for a minute until you get the route.\nWe made considerable progress with satnav systems, and because navigation system product cycles are much shorter than the lifetime of a car, it\u0026rsquo;s a good idea to have them separate and be able to independently upgrade the satnav. Smart people purchased a suction cup satnav, threw that out three years ago and are using their cellphone now for car navigation.\nNew products in consumer electronics are often have an initial cycle time of 6-12 months. Every further iteration adds about 3-6 months of additional usefulness. Starting with iteration 4 or 5 you can expect a device to have normal lifetimes. If it\u0026rsquo;s a mobile device it will be good for about 3 years, until it is being destroyed or useless in the course of normal use. There are people with mobile phones or laptops older than 3 years, but these are often persons that are using their device mostly stationary in a protected environment. But even with stationary use, it\u0026rsquo;s over after about 6 years.\nWhy is that? Moore\u0026rsquo;s law claims a duplication of compute power in our devices every 18-24 months, or 45% per year. So after 6 years we get about an order of magnitude of improvement. And that\u0026rsquo;s a completely different class of machine than 6 years before.\nOf course you can start a debate on planned obsolescence. The European Parliament in fact just did .\nBut as long as we are dealing with industries and products with a change rate this high, this is of very limited use. Only after stabilizing a technology, when the growth in power is over, when the search for product feature sets is finished and we have a defined and stable set of features, fixed expectations, when the research and innovation are done, we can look at lifetimes and obsolescence. At this point in time for consumer electronics this is not really useful. So if it is inevitable that the devices will be obsolescent because of innovation, the focus has to be on recycling in order to win.\nAnother issue: Moore\u0026rsquo;s law actually changes the way we access the same product. Checking email once required a desktop machine with a 150W power supply. Then we had laptops, with less than 30W power draw to do the same. Today you are using a cellphone to check mail, with a power draw of 1W or less to achieve the same result. That is not possible with the same type of device.\nSo todays email readers have no power supply, no separate monitor and no keyboard any more. They also can\u0026rsquo;t be opened or extended. Moore\u0026rsquo;s law works because of integration. There is no CPU, there is a System-on-a-Chip. You can\u0026rsquo;t simply replace a blown capacitor, it\u0026rsquo;s now \u0026lsquo;replace the control module\u0026rsquo; or even \u0026lsquo;replace the entire device\u0026rsquo;. That\u0026rsquo;s not wrong at all, see my comments on Project Ara (in german ).\nIf you want a small and robust device, you have to tolerate that parts that shall not fall off or can\u0026rsquo;t come off. Or at least require proper tools in order to disassemble the thing, see the park of special repair tools available to licensed Apple dealers in order to do proper non-destructive maintenance on Apple devices.\n","date":"2017-07-07T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/07/new-technology-vs-planned-obsolescence.html","tags":["computer","erklaerbaer","lang_en"],"title":"New Technology vs Planned Obsolescence"},{"categories":null,"content":"We are currently experiencing a fundamental transition in the data center. In recent discussions, it occured to me how little this is understood by people in the upper layers of the stack, and how the implications are not clear to them.\nIn the past, three fundamentally scarce resources limited the size of the systems we could build:\nIOPS, bandwidth and latency. All three of them are gone to a large extent, and the systems we are discussing now are fundamentally different from what we had in \u0026ldquo;The Past™\u0026rdquo;, with \u0026ldquo;The Past\u0026rdquo; being a thing five to ten years ago.\nIn The Past we had disk.\nA disk of rotating rust is a data store than can, at best, perform 200 disk seeks (ssI/O Operations per second, IOPS), so databases tended to be special computers with very many small disks, data spread out across as many spindles as possible. The entire system was fake-accelerated with caches, with accepted writes into battery buffered memory of limited size, and woe if the working set of your data ever exceeded the cache size.\nFive years ago we converted all customer facing databases to systems on SSD with about 20.000 to 50.000 IOPS, and with current NVME based storage we are about to see millions of IOPS. Fundamentally, IOPS are not a limited resource any more: With the techniques we learned from the rotating rust age, we can build machinery with an arbitrary amount of random write capability.\nIn the past, databases and frontends have been connected to the world using network adapters with a Gigabit per second capability. About five years ago, we converted the first systems to 10 GBit/s at scale, and today we routinely build systems with about 400 MBit/s to 1 GBit/s per Thread (so a 50 core system gets a dual-25 GBit/s network card).\nCompanies like Mellanox have switches with a large two digit number of 100 GBit/s Interfaces. We have leaf-and-spine architectures available that allow us to build data paths between tens of thousands of computers inside a single data center with no chokepoints - we are actually getting the 1 GBit/s per thread on the entire path between any thread and any disk in our data center, concurrently.\nIn the past, commit latency to a disk along these paths used to be on the upside of 500 µs (1/2000 of a second) and more likely in the low milliseconds. But with current cards, offloading and other trickery we can get at or below 200 µs. Add scary stuff such as RDMA/RoCE to the mix, and we may be able to routinely crack the 100 µs barrier.\nThat makes writes to the data center sized fabric as fast or faster than writes to a slow local SSD.\nToday we are at an inflection point, because what we have today is true abundance: Each of the three limiters, IOPS, bandwidth and latency, have been throughly vanquished. We can now build a system where the data center sized fabric at scale provides bandwidth and latency comparable to a system bus of a slow home computer (and is consecutively faster the smaller the domain gets).\nWe can build machines the size of a data center, up and past one million cores, that provide essentially enough coupling to be able to act as a single machine. The building blocks are Open Compute Racks at 12 kW a piece. The operating system of the machine is Kubernetes. The units of work are container images. The local API is the Linux Kernel API.\n","date":"2017-07-07T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/07/the-data-center-in-the-age-of-abundance.html","tags":["container"],"title":"The Data Center in the Age of Abundance"},{"categories":null,"content":" Glorifying toil, glorifying organisational ossification\nSo somebody posted this on G+, and it\u0026rsquo;s a classic example for a thing that I classify as BOFH memes. That\u0026rsquo;s a group of memes and stories from operations people from a time past glorifying the toil and nastiness of operations.\nThis is going away now, for some time, and people identifying with BOFH thinking or finding it funny need to change, or go out of job. That\u0026rsquo;s also happening, rather quickly, and I have a talk about this (Slideshare , Youtube ).\nThe direct answer to the image above is\nIf you are having problems deploying on a Friday, you will have them at any time of the week. Your processes are broken.\nPeople objected, confirming what I said.\nOne commenter:\nAn ex manager would deploy anything, often while drunk, at any time of the night and then bully me to fix it despite not being on call because probably he was of the opinion that bullying immigrants into working out of hours without compensation was fine. After the company got rid of him I\u0026rsquo;m definitely saner. At least I my chances of getting compensation when higher if he broke shit monday to thursday during the day.\nThere\u0026rsquo;s your broken process right there (and broken management, to boot).\nThat needs fixing, the Fridays are just a symptom. One other commenter:\nsure but there is no such thing has a 100% process and so unless you have a 24/7 engineering team I would still avoid Friday deployments.\nThere you are. If it is of such importance that you need 24/7 operations, you better provide 24/7 ops. If it is not actually that important, who cares?\nIt is not that binary, but rather about risk management. That\u0026rsquo;s primarily about dealing with the problem, not pushing it away. So what could be done about it? The one thing that does not work is Heroism, but that\u0026rsquo;s one thing that the strain of BOFH thinking glorifies. Dev breaks things, Ops intervenes and fixes them, in heroic acts of emergency changes, during impossible times and adverse circumstances.\nThat\u0026rsquo;s of course destructive bullshit. Heroism, the solitary deeds of individuals saving the day, is a problem in operations, because it does not scale in space and time. If you create an organisation that rewards heroism, it will in time require heroism to run smoothly. That\u0026rsquo;s organisational abuse, grind and toil, and in the end, personnel churn.\nYou can\u0026rsquo;t build sustainable organisation on that, let alone growing organisations. The Heroism that is part of the BOFH meme and this culture is toxic to the people identifying with it, because it promotes Heroism, and hence self-abuse, toil and eventually burnout. Heroism needs urgent fixing. It is not the heroic act that improves the situation and helps the business grow. It\u0026rsquo;s the postmortem, and the changes that come out of it, which ideally should make the entire class of problems impossible in the future, without slowing down the ability to change and adjust.\nThat last half sentence is important, because the other thing that does not work dealing with risk is Obstruction and Ossification. An IT organisation exists, in part, to give management options. A part of their mission is to create mechanism on which management can then implement policy, use the mechanism to set a direction for the entire organisation to sail, smoothly. Being able to execute change safely and smoothly is therefore a fundamental, basic function of any IT organisation.\nThe obstruction that is part of the BOFH meme and culture is toxic to the organisation, because it idealises a way of thinking that is hostile to the other parts of the organisation (\u0026ldquo;us\u0026rdquo; vs \u0026ldquo;them\u0026rdquo;), vilifying other departments and looking down on their abilities. It also sees change as bad and dangerous when it is necessary to sustain the business. Together, these things and the ideology of Heroism encourage a way of thinking Operations as something separate, that exists outside and against the rest of the business. That\u0026rsquo;s an entirely destructive and non-constructive mindset, and that\u0026rsquo;s why you need to end it in you and in your organisation.\nEnabling change So how could you enable your organisation to sucessfully deploy new code at any day and time of the week?\nYou could introduce technology such as CI/CD pipelines. If you push something into a certain branch (\u0026ldquo;production\u0026rdquo; would be a good tag), it would run a build, synthetic tests where necessary and then roll it out.\nYou could introduce technology such as separation of rollout and activation. Code that is being rolled out as new is never actually executed. Only when you activate a feature flag, it is active for you, or for a small subset of users, which you can grow incrementally until is it full on. Then the old, dead code can be removed (or you keep it around intentionally).\nYou could improve monitoring technology, and put service level objectives (SLO) on it, such as requiring that the monitoring lag between an event happening and it showing up in monitoring is below some threshold (\u0026quot;\u0026lt; 15s\u0026quot; or similar). This SLO should be shown on the graphs as well, together with the actual metrics. This will give people making changes visibility on the impact of the change.\nYou could change the organisation and align incentives. Those who write code need to be made responsible for rolling out this code. This requires that they understand the relevant monitoring metrics, and care about them being complete and fast. It also requires that they understand the larger operational context of the subsystem they are working on, the \u0026ldquo;provides to\u0026rdquo; and \u0026ldquo;relies on\u0026rdquo; relationships and other contracts they have. It will also naturally put the pain where it can affect the required changes directly. Which is another reason why you should also alert product owners together with other people - it makes sure, the right alerts are being generated, actually service-relevant alerts, not too many, not too few.\nYou should change the organisation so that it favours many small changes over large and complicated ones. This is done with the suggestions above, taken together and implementing them. It is also done by doing away with formalized \u0026ldquo;Change Advisory Boards\u0026rdquo;, where people who know little about the actual changes and who are also not directly affected by performing them are put in control of deciding which changes are being made when and how.\nProcesses are about people talking to each other about who is going to do what and when and why, and how. The first thing that has to be done is getting the people who are actually going to do something at all to speak to each other, and the classic CAB is the antithesis of this.\nAnd finally, you could install management controls that actually set realistic expectations and reward controlled risk taking. A \u0026ldquo;100% availability\u0026rdquo; objective is never realistic. Realistic expectations focus on realistic availability, things like \u0026ldquo;99.99%, because our production context, upstream and downstream dependencies, are actually even less reliable\u0026rdquo; or similar reasoning applied. They focus on recovery procedures and being able to execute them effortlessly. They focus on resiliency and exercising resiliency systems regularly in real production circumstances, so they promote testing in production and making it possible safely wherever and whenever possible. And finally, they work against the BOFH meme and mindset, because that place is precisely where you do not want your organisation want to be.\nThis whole set of stories needs to die in a fire.\n","date":"2017-07-03T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/03/friday-deploys-and-other-harmful-bofh-memes.html","tags":["computer","lang_en"],"title":"Friday Deploys, and other harmful BOFH memes"},{"categories":null,"content":" Fortune has a kind of home story on Project Zero , explaining what it is, how it came to be and who the people in there are.\nIf you do not know what Project Zero is and why it is important, it\u0026rsquo;s a good starting point. If you know about Project Zero, it\u0026rsquo;s still a fun read because of all the parentheses that read »x declined to be interviewed for this story.«\n","date":"2017-06-29T00:00:00Z","href":"https://blog.koehntopp.info/2017/06/29/project-zero.html","tags":["security","lang_en"],"title":"Project Zero"},{"categories":null,"content":"So there was this article in Motherboard, pointed out to me by a very young friend of mine. It\u0026rsquo;s an FBI memo written in 1995 during the Unabomber investigation, about a mysterious, close-knit group of gamers, playing D\u0026amp;D. The article gives hardly any context at all, but that kind of memo during this time is not unusal or even remarkable, from a historical perspective.\nSo here is a bit of historic perspective, not quite in chronological order.\nJohn Gilmore A lot of this, from a US point of view, revolves around the person of John Gilmore . Gilmore was an early Sun Microsystems employee and hardware (VLSI chip) designer, and this part of his career made him financially independent. He\u0026rsquo;s also politically active, libertarian, and coined the famous saying\nThe Net interprets censorship as damage and routes around it.\nGilmore was running Cygnus Solutions (before Windows had a Ubuntu subsystem, there was Cygwin) in 1992, a company that advocated Open Source and provided commercial support for it.\nAt Cygnus, people with similar interests were meeting and from that grew the Cypherpunks mailing list, which by 1994 had substantial readership. The Cypherpunks pioneered software that used encryption to communicate, to facilitate metadata-less anonymous communication and early anonymous digital payment systems.\nDavid L. Aaron This clashed with the interests of the United States and the Five Eyes , which even back then had zero interest in the promotion of publicly available, auditable at the source level, free cryptographic protocols. The US came up with several concepts of limited and \u0026ldquo;managed\u0026rdquo; (= crippled) encryption schemes, and around 1995, 1996 appointed David L. Aaron as a Crypto Czar .\nThat Czar was the person tasked with selling foreign governments on the idea of crippling cryptography worldwide so that the US could better spy on them and everybody else. The way he did that was, of course, that he argued that unbreakable codes in the hands of terrorists would threaten every country\u0026rsquo;s security. Sounds familiar? It should, the tune is as old as Greensleeves .\nClipper and other crippled crypto One notable export from that time are \u0026ldquo;export grade ciphers\u0026rdquo;, versions of cryptographic protocols that have been in some way or the other limited to key lengths of 40 Bit, which was even back then completely useless.\nAnother memorable fiasco of that time (1992-1996) was the Clipper Chip . The Clipper Chip is a hardware encryption/decryption device using a special cipher Skipjack , which was later found deeply flawed .\nEach Clipper Chip would have a random bitstring as identity/key source, and would encrypt messages, but also transmit the key to decode the message in another, encrypted way that was supposedly accessible only to the government. As such, the key implemented a secret government backdoor.\nRelatively quickly, several technical vulnerabilities in Clipper have been found, which allowed the use of the Clipper hardware in a way that the key would not be recoverable (bypassing the backdoor), and others, which allowed using the key recovery field by anyone, so that all legit users of the chip would be exposed to attacks.\nSteve Jackson Games Then there is Steve Jackson . Jackson is a Geek, a Game Designer of, among other games, Role Playing Games, and a Lego collector. He\u0026rsquo;s known especially for creating and publishing GURPS , \u0026ldquo;the\u0026rdquo; universal role playing game ruleset. There exist GURPS supplements for about every conceivable theme, and a few that are inconceivable or at least improbable .\nThere is also the GURPS combination challenge, in which you choose any two random GURPS supplements and play in the resulting world.\nThe EFF In 1990, the United States Secret Service raided the offices of Steve Jackson Games and seized the manuscript for GURPS: Cyberpunk on the grounds of it being a handbook for computer crime. Steve Jackson Games sued the United States Government over this, and won the trial in 1993.\nThat was made possible in part because of the Electronic Frontier Foundation , EFF. Funding members were John Gilmore, John Perry Barlow and Mitch Kapor. Barlow and Kapor had been subject to raids similar to Jackson, by particularly technologically clueless government organisations.\nOne of the first cases the EFF took on was the defense and litigation for Steve Jackson (and next was the lawsuit on behalf of DJB against crypto export controls)\ndistributed.net and Deep Crack The EFF was also involved in the funding and execution of various DES brute force challenges . The first one, called distributed.net , used many general purpose computers somewhere in the Internet to brute force the key of a certain DES (56 bit) encrypted message. The second DES Challenge used a machine named Deep Crack made from not quite 2000 special VLSI chips.\nIt was John Gilmore, who funded the quarter million US dollars to finance this design and who also helped to design the actual hardware. Deep Crack brute forced a DES key in only 56 hours, demonstrating that DES cracking was too cheap and fast to consider DES still a secure chipher.\nThis lead to AES challenge and the standardisation of the Belgian Rijndael chipher as what we today call AES . Today we have the funny situation that DES is still unbroken (there is no faster attack than brute force), but insecure (brute force is too easy), while AES is broken , but still considered secure.\nThe Crypto Wars in Germany A similar discussion on encryption and \u0026ldquo;key escrow\u0026rdquo; took place in Germany. You can find a lot of the old discussions (in German) at Förderverein Informationstechnik und Gesellschaft (Fitug ), for example here . The Rethorics of 1995 sound precisely like those today:\nGinge es nach dem Willen von Innenminister Kanther, dürfte es in der Bundesrepublik \u0026ldquo;keine Nischen kontrollfreier Kommunikation für Verbrecher\u0026rdquo; geben\nAround that time, a lot of political lobbying action took place, resulting in a up to this day generally unchallenged ban on key escrow in Germany:\nZwar hatte er für sein Quasi-Krypto-Verbot noch Rückenstützung durch ein anonym veröffentlichtes CDU-Thesenpapier aus den Kreisen des Bundeskanzleramts bekommen, doch schon nach der Verabschiedung des Multimediagesetzes im Bundestag ließ das Innenministerium die Katze aus dem Sack: Eine staatlich verordnete Schlüsselhinterlegung wird es vorerst nicht geben, dafür setzt man auf freiwilliges Hinterlegen.\nwhich then resulted in the \u0026ldquo;Eckpunkte der deutschen Kryptopolitik \u0026rdquo; under Otto Schily in 1999.\nToday These still stand, and ban backdoors. But Zuboff\u0026rsquo;s Laws are strong in the government:\nEverything that can be automated will be automated. Everything that can be informated will be informated. Every digital application that can be used for surveillance and control will be used for surveillance and control. And hence we now have government IT security institutions making the world more insecure, because they hoard vulnerabilities in order to use them for surveillance and control.\nWhich is why even now, 20 years later, the Cryptowar is still a thing.\nIt will never be over.\n","date":"2017-06-27T00:00:00Z","href":"https://blog.koehntopp.info/2017/06/27/the-cryptowars-twenty-years-ago.html","tags":["politik","security","kryptographie"],"title":"The Cryptowars, twenty years ago"},{"categories":null,"content":"There are things, Lovecraft hypothesizes, that Man is not meant to know. This paper is touching on these subjects: That is not dead which can eternal lie: the aestivation hypothesis for resolving Fermi\u0026rsquo;s paradox. If a civilization wants to maximize computation it appears rational to aestivate until the far future in order to exploit the low temperature environment: this can produce a 10^30 multiplier of achievable computation. We hence suggest the \u0026ldquo;aestivation hypothesis\u0026rdquo;: the reason we are not observing manifestations of alien civilizations is that they are currently (mostly) inactive, patiently waiting for future cosmic eras. This paper analyzes the assumptions going into the hypothesis and how physical law and observational evidence constrain the motivations of aliens compatible with the hypothesis.\nSo the Great Old starfaring civilizations exist, the paper suggests, but they are sleeping, waiting until the stars are, literally, right. So much of Lovecraft is about astronomy and cosmology, and it did not stop with his death, if he actually died.\n","date":"2017-06-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/06/26/fermi-vs-fhtagn.html","tags":["science","cthulhu"],"title":"Fermi vs. Fhtagn"},{"categories":null,"content":" This is a disk utilization graph on a heavily loaded Graphite box. In this case, a Dell with a MegaRAID, but that actually does not matter too much.\nGo-carbon was lagging and buffering on the box, because the SSD was running at its IOPS limit. At 18:10, the write-back cache and the \u0026ldquo;intelligent read-ahead\u0026rdquo; are being disabled, that is, the MegaRAID is being force-dumbed down to a regular non-smart controller. The effect is stunning.\n/opt/MegaRAID/MegaCli/MegaCli64 -LDSetProp NORA -l0 -aALL /opt/MegaRAID/MegaCli/MegaCli64 -LDSetProp WT -l0 -aALL and also, on top of that,\n#Direct IO instead of cached /opt/MegaRAID/MegaCli/MegaCli64 -LDSetProp DIRECT -l0 -aALL #Force SSD disk write cache (our SSD has super-capacitors, so it safe to enable) /opt/MegaRAID/MegaCli/MegaCli64 -LDSetProp -EnDskCache -l0 -aALL What we observe here is part of an ongoing pattern, and we will see more of it, and at more layers of the persistence-stack in our systems.\nIOPS are a solved problem At the lowest layers, IOPS are now a solved problem, and will become even more so. SSD are limited mostly now because of their interfaces, and so we go from IDE-interfaces to NVME to get rid of that overhead.\nThat makes disk-seek operations very cheap - going from 200 IOPS on rotating rust past 20k IOPS was only the first step, single drives now are offering 200k IOPS and more.\nBandwidth can also be provided at bus speeds through aggregation, so this is mostly a package engineering problem.\nLatency is still a problem. Even more than ever, actually, because now the time to send a packet from a core through the network to a SSD at the other end of the data center is comparable to or even dominating the time spent reading or writing that remote media.\nSSD still are disk-like devices. We are reading sectors at a time instead of individual bytes, and especially in writes we are re-flashing large blocks, 64 KB in size or larger, depending on the hardware. Smart internal controllers in SSDs are trying to take care of these things in the background.\nWith Optane, this block structure of disks can and will go away. The proper abstraction for Optane is not a file, but is memory - persistent, byte addressable memory within an order of magnitude of RAM speed.\nOn top of the actual drive sits a large stack of caches and transformation layers. In this case, one layer, the disk controller and the logic in it, became a bottleneck: A CPU considerably smaller than the actual system processor, and with limited memory, was reading ahead file contents that do not benefit from reading ahead. It was also buffering writes, in order reorder and merge them, trying to exploit properties of a spinning medium that was no longer present. The write-pressure from the systems processor and the data volume became so large that either the CPU on the controller or the size of the controller-cache became a bottleneck.\nA disk behind the controller would have been even slower than the controller, but a SSD can actually cope and be faster than the controller sitting between it and the system CPU. Taking the controller out of the path speeds things up.\nThe commands above take out one layer in the deep and rich storage stack, but there are many more. Each of them now has the potential to become the next bottleneck. Or as one of my database colleagues has been known to say in one form or the other more than once:\n\u0026ldquo;Forget caches, just make everything fast all the time.\u0026rdquo; \u0026ndash; Nicolai Plum\nHadoop in the face of many IOPS We will see more of this, and at more levels of the system. Take Hadoop for example. The two core premises on which Hadoop is built are\nSeeks are expensive. We scan data front to back, and build data processing on linear I/O (of compressed CSV or JSON files, even!).Even if we are reading much more data than we need, even if we have to costly uncompress and parse the data, this method of processing is way faster than any database could ever be, and we can easily leverage the power of parallelism. Code is smaller than our data. So we create small Java classes with our code and ship it to the systems where the data we need is stored locally in order to process it.This is a convoluted way to express our wants within the rigid framework of Map/Reduce, but it\u0026rsquo;s the only way to code, because reading all that data and shipping it across the net to where the code lives is literally impossible. Premise #2 is no longer valid since Jupiter Rising . We can disaggregate processing and storage again, because we can build data center networks that are as fast and wide as system buses, so that any core in the data center can talk to any disk in the same data center. This talk demonstrates this by creating ephemeral Hadoop processing clusters at the press of a button for the processing of single queries, by kubernetizing the Hadoop Mappers and Reducers. In this case, the relationship between the Mapper and the data this Mapper processes is simply not local at all - the Mapper may in fact run anywhere in the data center and is no longer tied to where the data is stored at all. Or, as one of the networking colleagues of mine puts it:\n\u0026ldquo;Any sufficiently funded technology is indistinguishable from Magic.\u0026rdquo; (Brian Sayler on the networking underneath a containerized Hadoop and Compute/Storage disaggregation)\nPremise #1 is going out of the window as well. Next year, latest the year after that, we likely will stop buying rotating rust even for the Hadoop servers. But that means we could seek again, which means that we could be using index data structures efficiently to work with data larger than main memory again. Which means that all these de-normalized, scannable, inefficiently nested and hard to parse JSON structures will be becoming more and more of a problem: As I/O takes a smaller percentage of the time spent on handling the data, we need to optimize the actual data decompression, parsing and handling more. Hadoop in the current form is a dead man walking. There is no alternative piece of software visible at the horizon at this moment, so these will be interesting times. And there will be more changes: File I/O is, even at much smaller levels, a lot about reformatting data from in-memory representations of things to on-disk representations. In-memory structures are pointered and traversable, aligned to n-byte boundaries, often lockable structures, because at memory speed these optimization matter. For persistence, we serialize them in complicated ways:\nDatabases like MySQL have all kinds of densely packable data types (1- and 3-byte integers, for example), references are IDs, which require lookup, instead of being traversable pointers the process of serialization often requires traversing nested, multidimensional data structures of ADTs and creating a linear, frozen representation of them. Shallow and deep copies need to be considered, depending on the problem.\nIt\u0026rsquo;s a fully fledged phase transition where the data is going from a gaseous, loosely packed form to a densely packed frozen, solid form for storage. The things beyond SSD, Optane/3D-Xpoint and similar storage, are more like memory than they are like disks, and hence they likely to some extent are able to handle \u0026lsquo;gaseous\u0026rsquo; unserialized data and make that persistent at the same time.\nIn the end, the death of the file handle, and hence the death of Unix\nThat challenges the fundamental abstraction of Unix, though, because in Unix everything is a file, which is a linear array of bytes, and is being accessed through a file handle. Now, with Optane persistent data may be no longer behind a file handle, but a special kind of memory, and data does not have to be crystallized into serialized structures before persistence. In fact, the memory may be so fast that we might not have time to do that. We require a different compute abstraction instead.\nWhich means, when we have it, the result will finally, after five decades, not really Unix any more.\n","date":"2017-06-23T00:00:00Z","href":"https://blog.koehntopp.info/2017/06/23/on-cache-problems-and-what-they-mean-for-the-future.html","tags":["performance","hadoop","database","lang_en"],"title":"On cache problems, and what they mean for the future"},{"categories":null,"content":"Heiko Schlichting reminds us that 25 years ago, on the 20./21. of June 1992, the Individual Network e.V. was created (Text in German). Individual Network e.V. was a NGO of NGOs, a construct where local citizen network NGOs could be members. Individual Network would then make contracts with the German Science Network DFN and other providers and buy traffic rights in bulk, in order to allow its members to use this traffic for non-commercial, private use.\nIn order to allow local NGOs to connect to the German Science Network DFN locally using the local university lines, Individual Network had to have some connection to DFN in order to be a member and customer. In the end it was decided that Individual Network would finance two X.25 lines into DFN at 50% each, with the local NGO taking the endpoint financing the other half.\nThat is how the NGO I represented, Toppoint Mailbox e.V., ended up with a 9600 bps X.25 line on 1.10.1992. This ended the era of long-distance dialup at Toppoint Kiel (well, not quite) and introduced a permanent link to the Internet. That was well before the first web servers, so SMTP, NNTP and FTP were the order to the day.\nPeople connected to Toppoint using dial-up modems, ISDN dial-ups or semi-permanent (pre-conncted) ISDN dialups. Speeds were up to 128 kbps, using channel bundling. I had a PI /24 those days, for home use, costing me 50 DM, one time.\nAlso, people reminded me of ...!mcshh!tpki!kriski!kris. Yes, we did not use DNS back then, but had to name all hosts in the path of a mail. And hostnames are globally unique (yep, that scales even less than IP V4).\nSee also: Neuland .\n","date":"2017-06-20T00:00:00Z","href":"https://blog.koehntopp.info/2017/06/20/25-years-individual-network-e-v.html","tags":["neuland","damals","lang_en"],"title":"25 years \"Individual Network e.V.\""},{"categories":null,"content":"Using electronic devices in the classroom seems to be a topic older than time, and the implementation often involved a lot of tedium. The problems and possible solutions are well understood in Germany (report about LTSP among other things), but the (purposefully) fragmented market for education in Germany is getting in the way here. Biggest problem usually is keeping the machines clean and orderly, and keeping the data available across device loss.\nChildren and teachers seem to be installing a lot of questionable software and extensions, and getting rid of these by setting up the machine seems to be the only way to be sure. So any school installation usually focuses on automatic fast imaging of the machines, and on server-side data storage for everything to make sure nothing is lost when a machine is lost or re-imaged.\nIn the US, 2013 saw the introduction of a lot of iPads, for example in LA . That did not work so well: Apple is a company that until very recently focused very much on data storage on the device itself with an optional cloud sync - for them, it\u0026rsquo;s a sales tool for more storage. Also, expensive devices.\nChromebooks seem to be taking US education by storm, and it makes a lot of sense.\nChromebooks are cheap devices and while they cache data locally, all data is agressively stored upstream in a cloud. That makes devices actually interchangeable - the important part is the login, not on which device you are. They can be easily restored to a default state with the aptly named \u0026ldquo;Powerwash\u0026rdquo; option, and they are mostly based on open technology - HTML5 for content and a powerful browser all the way.\nFor pupils and teachers, using a device with a proper keyboard is a big plus over a thing such as an iPad, as well. Plus, the device is not really important. As long as you can run Chrome and login to Google, the device in fact does not matter at all. It can be a Chromebook, or any PC.\nFor publishers of educational material, it\u0026rsquo;s also a nice thing. Materials are made in a well defined open format with good tooling (HTML5, again), and it is usually bound to an account and not permanently stored on a device. That makes licensing easy, updates a breeze and the tooling question is a solved issue.\nCommunication between teachers, pupils, and parents is also easily done, and integrated into everything. Admin tools for classes, accounts, and everything else exists, too.\nOf course, #neuland is not looking at this at all, because fragmented market.\nAlso, Datenkranke! Kugelschreiber!\n","date":"2017-06-13T00:00:00Z","href":"https://blog.koehntopp.info/2017/06/13/how-google-took-over-the-classroom.html","tags":["neuland","lang_en"],"title":"How Google took over the classroom"},{"categories":null,"content":"The paper (PDF ) is, to say it in the words of Sascha Konietzko, eine ausgesprochene Verbindung von Schlau und Dumm (\u0026ldquo;a very special combination of smart and stupid\u0026rdquo;).\nThe site mcafee.cc is not related to the corporation of the same name, but the site of one of the authors, R. Preston McAfee.\nThe paper looks at the utilization data from a number of public clouds, and tries to apply some dynamic price finding logic to it. The authors are surprised by the level of stability in the cloud purchase and actual usage, and try to hypothesize why is is the case. They claim that a more dynamic price finding model might help to improve yield and utilization at the same time (but in the conclusion discover why in reality that has not happened).\nBeing AI people with not much Ops experience, they make a number of weird assumptions. For example, they are looking at CPU usage data in 5 min aggregation buckets and do math against 100% CPU utilization. Even if you assume at all or most workloads are actually CPU bound, 5 minute buckets of CPU usage are way to coarse to use for 100% as a utilization target. That is, because all the actual spikes are shorter and invisible. (Workloads are rarely CPU bound, and especially not in the cloud, which is most often network bound.) (They do look at 5 min bucket maxima = 100th percentiles in some cases. But even that does not tell you for how long in a 5 min bucket you hit the roof. But hitting the roof even for a short time creates latency outliers, which in an actual cloud native microservice framework propagate and multiply, turning most of the requests into SLO violations. Jitter kills).\nThey are also for the most part ignore the cost of the cognitive load of dynamic pricing, or the cost of coding for variable deployment sizes in traditional workloads.\nFinally, they are looking at a VM based IaaS deployment. VM based deployments are likely to see traditional bare metal workloads being forklifted into the cloud. Such deployments do not scale, because they weren\u0026rsquo;t built for dynamic scaling. Cloud Native stuff is more likely to be found in environments such as Amazon Lambda and Athena. This is a lot like looking at the childrens pool only and coming to the conclusion that most people can\u0026rsquo;t swim, i.e. there may be selection bias.\nThere are useful thoughts in the paper, too. For example, they find that they can model and predict many workloads and use this for scaling in advance. In fact, typical reactive autoscalers do not work properly, because by the time they trigger a scaling action, demand is already there and latencies lag in violation of the SLO. The systems created as a reaction to a reactive autoscaler triggering are slow, because caches are cold, and will have trouble keeping up, right in the middle of a spike action.\nPredictive scalers work better and may be safer. Here you establish an absolute size limit (which usually exists due to architectural constraints and locks on shared state), and size down from it to meet predicted demand with a comfortable margin of error. Then you scale up and down following predicted demand, correcting the model in time to keep the margin. This should create capacity in advance, and give it time to warm up.\nAlso, reading the paper you could come to the conclusion that the market is stable and static, because it is stable and static: Because nobody rocks the demand pressure up and down, the prices are stable and nobody has a reason to implement savings by changing the size of the deployment needlessly.\nOf course, once a sufficient number of people start doing this, demand pressure will vary sufficiently to affect short term pricing, so that everybody eventually needs to react to the changed environmental conditions. Noise breeding complexity, breeding even more noise and complexity, until everything drowns in chaos and the system needs downtime to clean the noise from the system.\nTL;DR: Bunch of objectivist hipsters with belief in market forces and no Ops experience discover in the final paragraphs of their paper that stability and simplicity are tangible, priceable assets in themselves and maybe all the dynamic market shit is not really helpful in all cases, because stability savings outweigh wins from leveraging dynamic market forces.\n","date":"2017-06-12T00:00:00Z","href":"https://blog.koehntopp.info/2017/06/12/usage-patterns-and-the-economics-of-the-public-cloud.html","tags":["computer","performance","container"],"title":"\"Usage Patterns and the Economics of the Public Cloud\""},{"categories":null,"content":"I\u0026gt; Good Morning!\nM\u0026gt; And to you, too!\nI\u0026gt; I hope you have a nice and technically reliable start into a new week full of hope!\nI\u0026gt; Here, catch. https://github.com/mattly/bork M\u0026gt; »A bash DSL for config management« And it\u0026rsquo;s not even chistmas, ye\nI\u0026gt; \u0026ldquo;the Swedish Chef Puppet of Config Management. [\u0026hellip;] Bork is written against Bash 3.2 and common unix utilities such as sed, awk and grep. It is designed to work on any UNIX-based system and maintain awareness of platform differences between BSD and GPL versions of unix utilities.\nI\u0026gt; Reinventing configure.in with root privilege!\nM\u0026gt; When you\u0026rsquo;re happy with your config script, you can compile it to a standalone script which does not require bork to run. The compiled script can be passed around\nM\u0026gt; Like Scabies.\n","date":"2017-06-12T00:00:00Z","href":"https://blog.koehntopp.info/2017/06/12/shit-found-on-github-bork.html","tags":["computer","fluffy fluff","lang_en"],"title":"Shit found on github: bork"},{"categories":null,"content":"Talk given at the Netways Open Source Data Center Conference 2017. There is a video of the talk on Youtube .\nThe title of the talk was not final, when I submitted the proposal, so I just set it to \u0026ldquo;Something Mumble Containers Kubernetes\u0026rdquo;. It came out as \u0026ldquo;Containers at Booking\u0026rdquo; in the end.\nThis is kind of an interim report about how compute is changing, the factors and pressures at work there, and how that affects us. This is not a finished journey, yet. Things are still changing at Booking.\nWhat we do What Booking does was selling rooms, and getting commission from the hotel for that. That used to be a very simple thing, it seems, but it was already complicated enough, because the business is very different depending on where in the world you are.\nIt is for example rather hard to explain what to expect from a hotel, as the product is not very standardized except when in the USA. Most of the hotels in the world are independently owned and operated, and not part of a hotel chain. So they are all very different in interior, room arrangement and facilities and many other details. Many reviews and images are necessary to set expectations properly with customers, and to build trust.\nRunning the hotel website from an Infrastructure point of view means we aim to be boring: When we fail, or lose bookings, somebody is sleeping under a bridge and we have ruined a holiday. While adventure in a vacation is good, that is only when it is planned, and when it ends well. So being boringly reliable is what we aim for.\nWhere we are At this point in time production is completely on bare metal. We are a colocation customer, we do not have our own data center buildings, but instead make use of multiple rooms in multiple locations. In these we have a few ten thousand machines. These are enterprise class blades from HP and Dell, mostly, plus a few pieces of special purpose hardware.\nTo drive this, we have automated the handling and provisioning of the machinery, using several Python Django applications that have been developed in-house. They automatically provision stuff:\nServerDB managed hardware, from handling procurement and vendor dat ingest, to burn-in, BIOS updates, inventorization and hardware provisioning. Nemo does the same for networking equipment and provisioning. As a developer, you ask ServerDB for servers of a given type in a location. ServerDB will flash these things up to spec, provision them for you. It will provide a partition table, install a base operating system and tell Puppet what to do.\nPuppet will install packages and configuration templates, and then hand over to class specific tooling.\nIn the case of databases, for example, this is another piece of class specific tooling, B.admin (\u0026ldquo;badmin\u0026rdquo;). This will then provide database packages, replication configuration, data and will ultimately arrange the databases in a replication hierarchy and make them discoverable for clients.\nIt is possible and totally normal to get 200 databases ready to run in a replication chain, discoverable by applications, without a human touching anything in the course of the provisioning.\nDisadvantages Despite this being fully automatic and comfortable, it has a number of disadvantages. For example, it is slow, because hardware provisioning is slow. Rebooting a Dell or HP Blade takes 300 seconds, and only then the OS install can begin. A full provisioning run easily takes around 20-30 minutes.\nNot a blade, but an HP 380DL booting, but not much of a difference in timing or handling (video ).\nBare-metal hardware also is often too large or too small for the task: In our case the hardware we use is at the low end of the available specification, but in many cases already is too large for a single application to fully utilize.\nCurrent hardware is too powerful A current bladecenter chassis (HP C7000, Dell M1000e) uses 10 height units of rack space. It has room for 16 blades. When used with the large kind of CPU (2x Intel 6132 per blade), one chassis alone provides around 900 threads, 3 TB of memory and 320 GBit/s of aggregated network bandwidth, and will consume up to 6400 Watts of power under full load.\nWhile the rack theoretically has room for 4 of these things, it cannot realistically power that much compute under full load. Most data centers provide around 7000 Watt per rack, so with average load two of these blade centers can be put into a single rack, and if we actually ran the machines at full power, only one bladecenter per rack would be possible in a normal data center.\nPressures on the data center environment We do not only need to slice and dice the hardware, but the business also wants us to be even more agile and faster.\nWe need to be able to scale out the IT organisation to 3x the current number of people, because we are a growing company in a growing market, but the current way of running things does not support this very well. In order to get there, we need to automate provisioning of hardware completely, providing our developers with an API.\nWe need to be able to plan capacity, for which we need metrics. Also, data center operations need to be able to provide machinery in advance and independently of the consumption. We can no longer support hardware types that are tailored to the use-case, we want to buy larger machines and be able to slice and dice them to bite-sized instances. This is also more cost effective.\nAnd for better planning, we want to get machine readable service descriptions (who talks to what), which helps management to see the entire application and all components and the relationships between them.\nThe Monolith The software currently is a monolith and needs to be split from being a 6GB process into something smaller. This is startup size, then the thing forks and the actual instances share a lot of memory with the parent process. So the actual memory consumption per instance is a lot less.\nThe software is written in perl and is pretty well-structured and modular, but the deployment model is outdated. We roll out between 10-14 times a day, and that is of course also automated.\nSoftware of this shape is not well suited to a rollout in containers.\nWhat so we want to do? Change the entire stack: Data center and hardware level, but also looking for better data center space. Move to containers to be able to slice and dice the hardware. Change the application to use microservices, in Java. And also work towards a different business model.\nWhat are containers? Containers are just UNIX processes with additional fairy dust added between the fork() and exec() system calls. Part of this fairy dust are Linux Namespaces and Linux CGroups.\nNamespaces limit what an application inside a container can see, in terms of other processes, other files, and so on. CGroups limit the amount of resouces an application inside a container can consume, in terms of memory, CPU, and so on.\nContainers are for a few years now well understood, and known, in the form of Docker. Docker standalone is not useful for production, though.\nIt is dev centric, and from a developer PoV, it is very useful to simulate pristine environments. Developers love the layering of filesystem layers, the instant availability, and that one is able to fold production into a single host. Docker does nothing at all for operations, though.\nK8s is useful because it throws away most of Docker and does proper production things. It provides an environment where the allocation of resources can happen from many hosts, automatically, and in which the networking between instances is set automatically, no matter where instances run. In also manages storage, in a way where the lifetime of storage can be managed independently from the lifetime of a container.\nA single dockerhost can take you very far (20C, 512GB memory, disks), it can hold a lot of development. It still not useful for production, because it gives you a SPOF, does not scale and does not understand things larger than a single machine.\nImages as a form of wrapping dependencies One of the useful things Docker provides is the concept of an image that collects all the files belonging to an application, and all the dependencies it has. It keeps the base host clean, and allows us to the application anywhere without much hassle. Conversely, it also makes the application app removable. We get instant applications, just add CPU and memory anywhere in the data center.\nApplications become single file, loopmounted images. This can also be moved around very quickly, much faster than 100.000s of files.\nSince we cannot know what is in the image, we need to control what goes into the image. We need to be able to build the images from scratch, on our own infrastructure, and be able to scan the receipts in order to understand what\u0026rsquo;s inside. We cache the dependencies locally, and we use this to have reproducible builds.\nMesos: A project that escaped from a hackathon Booking was running Containers using Mesos. This was a Hackathon experiment, that accidentally escaped into internal production. It was not running important things:\nThe Blog Some internal websites Some ML/Big Data jobs Some Java component services, mostly internal Mesos proved to be a lot like Lego: modular, but parts fall off under load. This seems to be somewhat par for the course for ASF stuff, judging from our experience with Hadoop.\nIt was very much not up for production, with many missing things, and also no external mindshare. For us, what was missing was isolation of tenants, no discovery, no deployment rules, no auto-scaling, no one-time batch runs, and no rbac.\nBut the container thing was useful. We wanted to keep that, but run it better.\nTrying Kubernetes When looking around, we found K8s, which has all the stuff we needed. The Environment is very cooperative and receptive to suggestions, a lot of momentum and mind-share.\nThis is what you get: \u0026ldquo;I want to run something,\u0026rdquo; and it runs somewhere in the cluster where there is space. The image is installed on the target node selected, it runs, and after the run is finished, the image can be cleaned up. Like init, but for a set of machines.\n\u0026ldquo;Run an application anywhere in my data center, I do not care where exactly\u0026rdquo;\nK8s refines the concept of a container, compared to Docker:\nThe Pod: resource barriers (like VM, but is not a VM) Filesystem Namespaces + the Images in one Filesystem Namespace. This allows the resource barriers to contain multiple processes from multiple images, which can touch each other. This is useful for debugging, for sidecars and in many other situations.\nSidecars can manipulate and debug payloads in their pod. Pods are very cheap, they are basically invisible: just namespaces and limits, they take up almost no resources themselves and also have almost no setup time.\nWhen talking about Kubernetes, it is useful to not say container, because it is not specific enough. What do we mean, when we say container?\nthe pod, the image, the init-container, the sidecar It is usually better to use specific words instead of the generic word \u0026ldquo;container\u0026rdquo;.\nKubernetes, Iteration 1 Earlier this year, we started our first tiny deployment, to test things out: 8 bladecenters are 128 blades, in 8 racks, with 2x 10 Gbit per Blade. If you put only one bladecenter into each rack, the rack is only 10U filled, 30U are empty: \u0026ldquo;Not really a cloud, it\u0026rsquo;s more like ground fog\u0026rdquo; when you have only one blade center per rack.\nIteration 2 was built with discrete machines (2U): 128 discrete machines, in 8 racks, 1x 25 Gbit/s per machine, with an option to double this. Also, lots of storage and the option to play with distributed storage.\nA million corecomputer You can try to build the million core computer: 20.000 machines at 50 cores for a million core computer. This is too large for a single cluster, it needs to be split for many reasons.\nThe workload is image based on unified hardware, and the workload is location independent. That is, any core in any machine can talk to any disk in any box. This needs very strong networking.\nTrying out Openshift For a full production deployment, we considered using OpenShift. At that point in time it looked like a good idea to get more familiar with K8s. OpenShift provided a number of solutions for us that otherwise would need specific solutions from us.\nFor about two years it was very useful, but in the end it was moving too slow.\nNetworking Clusters always need good networking. The network we have is using L2 domains per rack, L3 with BGP between the racks. It is a Leaf-and-spine, which can be oversubscription-free to up to 1.6 TBit/s at the top-of-rack, but we have no need for this at the moment. The way we built it means we can incrementally grow it as needed.\nWe have a lot of east-west-traffic. This is expected for such a cluster, and it is unlike before, with monolithic bare-metal systems.\nOut network looks like this. Container machines have 100 Gbit/s, but are part of the same topology as for the bare metal stuff. There is no special K8s network and also no dedicated storage network, leaf-and-spine topology takes care of all of this.\nYou need less SDN than you think We have played with several SDN instances: Juniper, Midokura, we found that SDN \u0026ldquo;is too good\u0026rdquo; for our needs. Openstack like SDN gives you a lot of flexibility, developers can build an arbitrary virtual network architectures. The SDN will build and simulate that.\nWe do not want to give Devs this power, because devs will use this. This will be very hard to maintain. We want something standardized.\nIt also leads to fragility and upgrade problems at the network level. We are not using SDN at the moment, having Midokura on the backburner. Instead, we are experimenting with service meshes like Envoy.\nWe want shared infrastructure on a physical node (i.e. centralized logging), but we are not doing this right now. Instead we use instead sidecars for logging and monitoring. Since we are not a hoster it can be okay to share things.\nFinding things is hard in a cluster. IP addresses and host names no longer mean a thing, they are no longer fixed and can shift around as the cluster topology changes. This is also a problem for IP-based access rules, or for identifying machines by IP-address, as Cassandra does it. Everything is dynamic. How do you find things?\nEnter etcd as a consensus system and as a registry for endpoints and services. Things that run in the cluster register themselves in the etcd and can provide capacity to a service.\nKubernetes creates services, which are almost a load balancer. The service monitors the available backends in etcd, and updates when the list in etcd changes. Incoming requests are randomly routed to any available backend.\nLookups of services are cheap: Backends register themselves in etcd, with a lifetime, when they are ready to serve. They regularly refresh their presence in etcd in order to prevent the registration from expiring.\nServices subscribe to changes in the endpoint list, and cache the list. They get a notification when the list changes, update their cached copy. Incoming requests are being served from the locally cached copy.\nIn OpenShift, this is being implemented in a very, very large number of iptables-rules, and that can lead to problems. We typically see a few 10k rules, and they are used to select random instance to handle a request using DNAT. This is not pretty.\nService meshes solve the same problem with application level proxying, which is easier to handle, at the cost of latency.\nBalancing load Kubernetes does not migrate instances, ever, because that usually does not work at all. Instead, instances are rescheduled, which means the old instance is destroyed, and a new one is created. The number of instances is variable, single things should not exist.\nStorage This is a problem for things that have state, and use storage. Kubernetes has a relatively new and recent feature that is largely untested, called Persistent Volume Claims, which handles this in a nice way.\nWhen you have a piece of hardware that provides storage in the form of volumes. Volumes need to be created in a hardware specific way, and are then served as iSCSI volumes to the cluster. Somebody needs to format them with a filesystem, but only if they are new and empty.\nIt used to be a manual process: Create a bunch of formatted persistent volumes (PVs), and make them available. The cluster would get requests for these, and find the smallest one large enough to serve, label it and assign it an identity. It would then serve this out.\nThis is a partially manual process, and also leads to overprovisioning, because the prepared PV is likely larger than requested.\nDynamic Persistent Volume Clains (PVCs) New and automated: PODs can ask for storage, using a persistent volume claim (PVC). The cluster intercepts this request, a volume is made to order, and then served out to the requesting pod. This often fails: many storages do not like volumes to be created and deleted at a fast pace.\nWhen it works, it looks like this:\nPVC is scheduled with the rest of things PVC intercepted, PV made to order Host node mounts the PV using iSCSI Bind mount puts the volume into the Pod Volume is being prepared if needed, and Volume is then available. When the node fails,\nThe pod is rescheduled The new instance of the pod has the old identity with the old PVC iSCSI lock is broken, volume is dismounted, mounted in on the new host New bind mount PV comes online in the new instance of that Pod. It requires that Pods have a fixed identity (are available as a fixed size array). This is the Kubernetes PetSet or StatefulSet now.\nPlenty of limits: In our case, 64 hosts with Solidfire and the Trident API. iSCSI has latency issues for some applications. These issues are being fixed, but currently don\u0026rsquo;t work.\nWe need \u0026lt; 0.5ms commit latency, but do get 4ms with the current setup.\nStateful Sets Storage is a way to manage state. State is unique, instances have names or fixed identities. This is a concept that previously was not available in Kubernetes.\nThe new StatefulSet API implements this. They guarantee ordered teardown and startup of Pods, with fixed identities. This is needed by any cluster, for example in Zookeeper, MySQL, Elasticsearch and in many other storage systems.\nWe have mysql running in StatefulSet. We also test with Elastic, and also our internal Availability Database.\nNo IPv6 We are using IP per Pod, so we consume a lot of IP addresses. With 100 hosts, many Pods per Host. Racks are L2 domains, BGP at the Top-of-Rack switch/router. A 100 node cluster can easily eat a V4 /16, which is unacceptable even with RFC addresses.\nUnexpectedly, Kubernetes is an excellent use-case for IPv6 in production, but it is internal, not visible to the outside.\nUnfortunately, Kubernetes, a brand-new project developed at Google, is at this point in time totally unaware of IPv6. Nobody knews why, and it really hurts.\nGetting into the cluster: Gateway routers Ingress Routers exist on Gateway nodes. These can act as chokepoints, especially when there is a lot of traffic from certain nodes, for example external databases.\nA way around that:\nPut legacy databases inside the cluster using in our case ovs-switchd. This will \u0026ldquo;take physical database and lift it into the virtual\u0026rdquo;, so you have a bare-metal node that pretends to be in the cluster. This works only if that external node can be trusted.\nThis is not specific to our way of networking, it is also a problem in proper SDNs.\nBreaking IP-based security red = allowed, green, yellow, blue = random other things\nExit IP are now random, and do not identify a service. Any IP-based security no longer works.\nTraditional firewalls are useless; the only way to go is to allow-list the entire cluster.\nTowards a service mesh, and Envoy In our current model, firewall rules are autogenerated from ServerDB data. This does not work with Kubernetes at all.\nA way around this is to TLS all the things, and use client certificates to identity services. Connections need to be intercepted and automatically authenticated, then be allowed or disallowed based on their identity.\nTrireme is a way to do this at the kernel level, requires no adjustment in the application. Other ways work with proxies towards the same goal.\nWe haven\u0026rsquo;t been able to test that, yet. It feels weird from where we are coming from, and is a bit scary.\nSizing the cluster How large can a cluster be? It can run on a laptop, or on one or three prod boxes.\nCurrently have low hundreds of cluster nodes. Large clusters are not good, you\u0026rsquo;d want more clusters instead of one rather large one. This provides resiliency.\nNext step: Cluster Federation. This is a very experimental k8s feature, and a research topic. Nobody has an idea how any of that works. If it works, it will be very useful.\nLocal Kubernetes and the Public Cloud We experiment with the public cloud as well. But we do like bare-metal:\nwe control the crosstalk between apps we can freely define instance sizes When we talk to a cloud provider about 1 mio cores, how long would it take to spin this up? They do not have the capacity ready in idle, can take a while to get capacity. At enterprise level, the cloud is not elastic: preallocation is necessary. Data centers are not things that have high margins or low latency. 4MW = 20.000 machines -\u0026gt; somebody needs to run excavators to provide this capacity. Long term contracts are par for the course, so it is mostly a capex to opex shift.\nWhy Kubernetes on Bare-Metal? Virtual Machines are not helping with any problem we have. They would add complexity and jitter, and add no benefit.\nWhat about the Monolith? What about the Monolith? That\u0026rsquo;s another problem, it\u0026rsquo;s a problem being worked on.\n","date":"2017-06-03T00:00:00Z","href":"https://blog.koehntopp.info/2017/06/03/something-kubernetes-containers.html","tags":["lang_en","talk","containers","kubernetes"],"title":"Something Kubernetes Containers"},{"categories":null,"content":"The Ad and Adblock situations both are now so bad that even Google considers integrating an Adblocker by default into the Chrome browser.\nThis is a twofold action.\nIt\u0026rsquo;s purpose is of course to filter out ads, the worst of the worst in annoyance and the obvious malvertising. It\u0026rsquo;s purpose is also to take back control on adblocking, because it will let through acceptable ads according to the Coalition for Better Ads standards.\nCfBA condemns Popups, Sound, Prestitials and Large Stickies on the Desktop, and more on mobile. It will be interesting to see if it changes anything. People are truly beyond caring.\n","date":"2017-06-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/06/02/google-chrome-integrates-adblocker.html","tags":["security","copyright","lang_en"],"title":"Google Chrome integrates Adblocker"},{"categories":null,"content":"MySQL 8.0 will be retiring support for the Query Cache . The MySQL Query cache is a result cache: The MySQL server will record all result sets that are small enough to keep in the cache, and a hash of the query that produced it.\nIf a query meets certain requirements, and the hash of the same query string is ever seen again, the query will not be actually parsed and executed, but the same result set will be replayed. There are mechanisms in place that prevent uncacheable queries from being cached in the first place, and that prune outdated data from the query cache.\nThe query cache exists in the first place, because it was easier to create than to teach every PHP CMS developer in the world about sessions. So instead of retrieving the current background color of the current theme over and over from the database, the query cache recognizes the current theme color query again and just replays \u0026ldquo;green\u0026rdquo; over and over. But that was then.\nThe Query Cache was a hash, with a global lock. Whenever a write happens to a table, all cached results related to this table need to be pruned from the cache. For that, a global lock is taken out and all queries are being halted for the duration of the prune.\nOn a busy server, and with a large query cache, the locking time can be long enough to matter. Typically, one would run innotop -m Q -d 0.1 or similar, and suppress the display of idle queries. Typically a number of busy queries similar to the current load on the machine would be shown, so on a server with a load of 12 one would see 10-14 busy running queries.\nWhenever there is a cache lock taken out and a prune going on, the queries would all be halted and pile up for a very short time. So on a server going at a brisk 4000-6000 queries per second, a few hundred would pile up for a very short time - innotop would show 10,12,10,14,532,10,9,11 queries and so on. This is called a flash pileup or flash pile.\nAs the load grows, write rate increases or the query cache is sized up, the flash pile frequency goes up, and eventually you get ghost \u0026ldquo;max connections\u0026rdquo; messages in the server log. The solution is counterintuitive - increasing max connections won\u0026rsquo;t help, increasing the query cache size would make it worse. Disabling the query cache will improve the situation by removing the cause for the lock and the lock itself.\nA similar thing happens on the upside of 11k QPS with the innodb Adaptive Hash index (AHI) for similar reasons on older versions of MySQL. Disabling the AHI (or upgrading to a non-broken version of MySQL) would help here.\n","date":"2017-05-31T00:00:00Z","href":"https://blog.koehntopp.info/2017/05/31/good-riddance-to-the-query-cache.html","tags":["mysql","lang_en"],"title":"Good Riddance to the Query Cache"},{"categories":null,"content":"There is a pretty cool Twitter thread by Sarah Mei, starting at\nThread I spammed into this at /14 .\n@samphippen :\nBig secret: there exist vast tranches of business contexts in which having literally zero tests is fine.\n@sarahmei :\nBeen thinking about this. Conventional wisdom says you need a comprehensive set of regression tests to go green before you release code. /1\nYou want to know that your changes didn\u0026rsquo;t break something elsewhere in the app. But there are ways to tell other than a regression suite. 2/\nEspecially with the rise of more sophisticated monitoring and better understanding of error rates (vs uptime) on the operational side. 3/\nWith sufficiently advanced monitoring \u0026amp; enough scale, it\u0026rsquo;s a realistic strategy to write code, push it to prod, \u0026amp; watch the error rates. 4/\nIf something in another part of the app breaks, it\u0026rsquo;ll be apparent very quickly in your error rates. You can either fix or roll back. 5/\nYou\u0026rsquo;re basically letting your monitoring system play the role that a regression suite \u0026amp; continuous integration play on other teams. 6/\nThis strategy assumes a lot of things, starting with an operational sophistication that most dev teams don\u0026rsquo;t have. There\u0026rsquo;s more, as well. 7/\nIt assumes the ability to segment users, show each dev\u0026rsquo;s change-in-progress to a different segment, \u0026amp; allocate error rates per segment. 8/\nIt assumes sufficient scale that variations in a segment\u0026rsquo;s error rates will be statistically significant. 9/\nAnd perhaps most unusually, it assumes a product organization that\u0026rsquo;s comfortable experimenting on live traffic. 10/\nThen again, if they already do A/B testing for product changes on live traffic, this is just extending that idea to dev changes. 11/\nBut if you can make it work, getting live feedback on changes you _just_ made is amazing. 12/\nThis is one of the reasons why it\u0026rsquo;s critical for operations \u0026amp; development folks in an organization to work reeeeally closely together. 13/\nAn adversarial relationship between dev \u0026amp; ops kills this. You can\u0026rsquo;t even start if responsibility for \u0026lsquo;quality\u0026rsquo; is siloed on one side. 14/\nCertainly hybrid approaches are possible, where there\u0026rsquo;s a small, fast test suite hitting critical code, \u0026amp; the rest is monitored in prod. 15/\nThere are reasons beyond correctness \u0026amp; regressions for writing tests, as I wrote about a few weeks ago. https://www.devmynd.com/blog/five-factor-testing/ 16/\nI described the five reasons we write tests: correctness, regressions, as design support, as documentation, and as refactoring support. 17/\nEven in a world where you delegate correction \u0026amp; regressions to production monitoring, there are still reasons to write tests. 18/\nBut you could start to imagine a world in which we get all 5 of those benefits via mechanisms other than automated tests. ? 19/\nThe writing and running of tests is not a goal in and of itself - EVER. We do it to get some benefit for our team, or the business. 20/\nIf you can find a more efficient way to get those benefits that works for your team \u0026amp; larger org, you should absolutely take it. 21/\nBecause your competitor probably is. 22/\nOne final note: delegating regressions to production monitoring is what \u0026ldquo;move fast and break things\u0026rdquo; means, if you take it seriously. 23/\nFor a long time I dismissed MFaBT as a silly brogrammer slogan. Move fast = no tests, break things = how would they even know? CHAOS! 24/\nPaying attention to the ops community, though, radically shifted my frame of reference. Now I get it. It\u0026rsquo;s doesn\u0026rsquo;t have to be chaos. 25/\nYet another example Maybe someday I\u0026rsquo;ll outgrow it\u0026hellip; 26/fin\nI spammed this at her /14, thanks @s0enke and Harald Wagener.\nDev and Ops have conflicting goals, success metrics, even if their tools are the same. Dev is successful if there are new features, new /1\nbest cases. Ops is an infrastructure job. They are successful if there are few outages, and recovery is quickly, success is measured by /2\nhow worst cases are handled. Conflict between Dev and Ops heavy orgs comes from conflict in these metrics. Ways around that exist, /3\nand they relate to making testing in production safe, and to the two questions before each rollout. /4\n\u0026ldquo;If you break it, will you even notice?\u0026rdquo; What are the metrics relevant here? What are your consumers, to whom are you a provider? /5 The answers should resolve to people, not subsystems. Because it\u0026rsquo;s people you need to speak to to get answers. /6\nand 2. \u0026ldquo;If you break it, can you fix it?\u0026rdquo; That is, of course not, not in all cases. So who needs to be available when you roll out? Again,/7\nthis resolves to people. It\u0026rsquo;s a mind hack: these are worst-case related questions, but you want the dev doing a rollout asking them. /8\nTesting in production: Making failure survivable. https://www.slideshare.net/isotopp/go-away-of-i-will-replace-you-with-a-little-shell-script-english …, slide 19: Separation of rollout and activation, a/b testing /9\nExperiment framework = running old and new code side by side. Requires ways to deal with persistent data changes (old/new). /10\nAlso requires fast monitoring, SLO for monitoring lag, monitoring lag shown on the screens, and no rollout if monitoring actually lags./11\nBecause if it breaks you wouldn\u0026rsquo;t notice. Also, people. So chat needs to be up and running, because if it breaks you can\u0026rsquo;t fix it. /12\nTesting in production = fast rollouts = small changes. Small changes = fast debug = safe rollouts = making testing in production safe./13\n(slide 32) It\u0026rsquo;s kind of a lock-in. To test safely in production you need to test in production, a lot. /14\nManagement is scared. How to deal with that? Give them controls. Predict biz behavior, measure outage, track delta. /15\nTheN create a budget for downtime, (slide 34). When outage \u0026gt; budget, too much risk. Need to check process. /16 When outage \u0026lt; budget, \u0026ldquo;are we moving fast enough?\u0026rdquo; Are we becoming complacent? Are we taking enough risk? /17\nAlso, blameless postmortem - if you break production, I did not teach you properly, they did not have your back. It\u0026rsquo;s not you, /18\nit\u0026rsquo;s the process. We need to fix the process, not take it out on a person (slides 32, 34, 35). /19\nTesting in production is a good thing, not just for new things, but always. Never shut anything down cleanly (slide 46). You need to be/20\nable to trust your safeties. Exercise them. Moves understanding from head (knowledge) to heart (experience) to guts (intuition) /21\nDesign principles are affected, too. Simplicity is a value (slide 51). If you can\u0026rsquo;t be simple, be obvious. See https://www.slideshare.net/isotopp/boring-dot-com-the-virtues-of-boring-technology , /22\nand https://www.slideshare.net/isotopp/boring-dot-com-the-virtues-of-boring-technology for simple, boring, obvious. Stickers available. :-) /23\nThat\u0026rsquo;s an engineering/developer strain of qualifications that matches feature dev. Hence me calling them Infrastructure Devs, /24\nGoogle calling them SREs instead of Operations people. Operations is not dead, it became an engineering discipline. /25\nIt matches feature dev, and will always somewhat clash with feature development. Devops helps, SRE helps, but conflict fundamental./26\nend Addendum: 2012 version of this in https://www.slideshare.net/isotopp/8-rollouts-a-day and https://www.youtube.com/watch?v=rzU1UtUpyTI /27, really the end\nBoth Testing in Production and Test Driven Development, have a similar goal - they want to make failure survivable. One by building structure around failure that allows fast and low-loss recovery, the other by trying to avoid failure.\nTesting in Production is more agile, and way faster, if you can pull it off. That is, finding a way to make failure survivable and low-cost.\nIf you manage this, payoff is manifold - not you do you save the overhead of formal TDD, you also gain a culture in which recovery procedures are exercised, well known, understood to be working and in which the difference between an slight Oops and a critical situation is understood at the experience/intuition level. This creates much more fluid, resilient and un-excited operations.\nThere are things and pieces where Testing in Production cannot be made safe. In such an environment (or such parts of an environment) not failing in the first place is crucial. Nobody understands that better than Ops persons with an intuitive grasp of critical failures.\n","date":"2017-05-29T00:00:00Z","href":"https://blog.koehntopp.info/2017/05/29/zero-tests-and-testing-in-production.html","tags":["computer","testing","lang_en"],"title":"Zero Tests and Testing in Production"},{"categories":null,"content":"NPR has an article about the measles. It is already known that after a measles infection the immune system goes down for a few weeks and followup infections are common. It seems that what the infection does is worse than that. With the introduction of measles vaccination it has been observed that other infections went down within 2-3 years after measles immunization took place. Researchers wanted to know why and found evidence that\nLike many viruses, measles is known to suppress the immune system for a few weeks after an infection. But previous studies in monkeys have suggested that measles takes this suppression to a whole new level: It erases immune protection to other diseases, Mina says. So what does that mean? Well, say you get the chicken pox when you\u0026rsquo;re 4 years old. Your immune system figures out how to fight it. So you don\u0026rsquo;t get it again. But if you get measles when you\u0026rsquo;re 5 years old, it could wipe out the memory of how to beat back the chicken pox. It\u0026rsquo;s like the immune system has amnesia, Mina says.\nSo parents putting their children into a \u0026ldquo;measles party\u0026rdquo; in order for them to \u0026ldquo;gain natural immunzation\u0026rdquo; may actually achieve the exact opposite of that.\n","date":"2017-05-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/05/26/the-measles-vs-your-immune-system.html","tags":["science","lang_en"],"title":"The Measles vs your immune system"},{"categories":null,"content":"Tony Seba (Stanford University) came up with a kind of best-case scenario for electrification and decarbonization. \u0026ldquo;Rethinking Transportation 2020-2030 \u0026rdquo; sees a self-amplifiying change in how we travel and transport things:\nBy 2030, within 10 years of regulatory approval of autonomous vehicles (AVs), 95% of U.S. passenger miles traveled will be served by on-demand autonomous electric vehicles owned by fleets, not individuals, in a new business model we call “transportas-a-service” (TaaS). The TaaS disruption will have enormous implications across the transportation and oil industries, decimating entire portions of their value chains, causing oil demand and prices to plummet, and destroying trillions of dollars in investor value — but also creating trillions of dollars in new business opportunities, consumer surplus and GDP growth.\nRethinking Transportation It won\u0026rsquo;t quite happen this way, especially when it comes to TaaS, because the economic basis for that won\u0026rsquo;t exist easily, but very likely the switch will happen faster than expected.\nTransport-as-a-service means that an institutional owner for transportation must exist. That owner must have a way to get rid of used vehicles. At the moment, car rental agencies sell off rental cars after a rather short time period into private ownership. That is also why rental cars do not look more like rental cars, despite a number of obvious improvements coming to mind.\nIn a TaaS-heavy society, demand for private car ownerhip may be so low that the institutional owner for cars does not have an easy way to get rid of these vehicles. If and how much of that pressure exists is unclear at the moment.\n","date":"2017-05-23T00:00:00Z","href":"https://blog.koehntopp.info/2017/05/23/rethinking-transportation.html","tags":["mobility","lang_en"],"title":"Rethinking Transportation"},{"categories":null,"content":"Fefe had a short pointer to an article Patching is Hard . It is, but you can make it a lot easier by doing a few things right. I did s small writeup (in German ) to explain this, which Fefe posted.\nI do have an older talk on this, titled \u0026ldquo;8 rollouts a day\u0026rdquo; (more like 30 these days). There are slides and a recording . The Devops talk \u0026ldquo;Go away or I will replace you with a little shell script\u0026rdquo; addresses it, too, but from a different angle (slides , recording ).\nHere is the english version of my writeup.\nThe Patching is Hard article says:\nPatching is hard? Yes—and every major tech player, no matter how sophisticated they are, has had catastrophic failures when they tried to change something. Google once bricked Chromebooks with an update. A Facebook configuration change took the site offline for 2.5 hours. Microsoft ruined network configuration and partially bricked some computers; even their newest patch isn\u0026rsquo;t trouble-free. An iOS update from Apple bricked some iPad Pros. Even Amazon knocked AWS off the air.\nWhere I am working we made the same observation. 100% uptime is impossible, but management needs metrics and controls to understand if we are still on the right track. We do have an outage budget. That means we are measuring the actual current business and compare with the predicted business. If a failed rollout creates a loss of (potential) income, we can tell how much that is and deduct that from the outage budget. We are trying to make the budget as precisely as possible. That does not mean we are trying to create outages on purpose, but having fewer outages than the budget allows may mean that we are not moving fast enough and have become complacent in what we are doing.\nRolling out often is useful, because then change sets are small and easy to check, much easier than large and hard to understand changes. So we do need to roll out often in order to maintain speed. Rollout problems tend to manifest in subsystems where we do not roll out often enough. Usually secondary changes, changes in dependencies and libraries, accumulate and then the rollout fails. The solution is to roll out even if the code did not change (that is, we roll out for the sake of keeping dependencies current).\nThis is a very tangible form of representing technical debt:\nthe larger the diff between production and trunk is, the more likely moving trunk to production is going to result in a failure. To make patching safe you have to do it often. To be able to patch often, you need to make patching and rolling out an operative process and not an upgrade/migration project. To make rollouts and operative thing it is useful to make testing in production safe and survivable. To be able to test in production, the following things are useful: have at most two versions of a change to a certain system. Do not do three phase or multiphase rollouts. Finish one change before you do the next one. have overcapacity. A change might make it necessary to provide more machinery or more computer power or more memory for a short time. You need to have that or be able to provision this on short notice. Being efficient means having no reserves, no elasticity. separation of code distribution and code activation. That means feature flags and experiments in your code. The same rollout must be able to switch at runtime between old and new behavior. changes to persistent data structures require that you update both versions of the structure concurrently in order for old and new code to be able to co-exist. you need to know what is going on. Have a good monitoring, central log collection, good search on all of that. There is a thing called monitoring lag, the distance in time between a thing happening and the time you will see this in your monitoring. Measure that lag and have it shown on each screen. Alert on monitoring lag. have a culture of failure that focuses on improvement and learnings. Check out the search term \u0026ldquo;blameless postmortem\u0026rdquo; and read up on this. It\u0026rsquo;s not actually rocket science, but it will make things a lot better around you.\nStört euch bitte nicht an dem Denglisch, das ist in der Ops-Abteilung von internationalen Firmen durchaus normal :-)\nIndeed. The office is in Amsterdam, and the language at work is English. When I am thinking about work, I am doing it in English. Writing about work in German means that I will use a lot of english terms for the things I am trying to describe, because I\u0026rsquo;d have to search for appropriate German terms and concepts first and that would interrupt the flow. Sorry about that.\n","date":"2017-05-18T00:00:00Z","href":"https://blog.koehntopp.info/2017/05/18/rolling-out-patches-and-changes-often-and-fast.html","tags":["computer","work","erklaerbaer"],"title":"Rolling out patches and changes, often and fast"},{"categories":null,"content":"So Microsoft had a bug in their systems. Many of their sytems. For many years. That happens. People write code. These people write bugs. Microsoft over the years has become decently good with fixing bugs and rolling out upgrades, quickly. That\u0026rsquo;s apparently important, because we all are not good enough at not writing bugs. So if we cannot prevent them, we need to be able to fix them and then bring these fixes to the people. All of them.\nThe NSA found a bug. They called it ETERNALBLUE and they have been using it for many years to compromise systems. In order to be able to continue doing that they kept the bug secret. That did not work. The bug is now MS17-010 or a whole list of CVE-entries.\nThe NSA told MS about the bug when they learned that it had leaked, but not before. Microsoft patched the bug in March 2017, even for systems as old as Windows XP (which lost all support in 2014), but many people did not install the patch. The result is \u0026ldquo;the largest cyberattack in the world\u0026rdquo;.\nDave Lewis tweeted :\nI get that some systems can\u0026rsquo;t be patched for various reasons. What I can\u0026rsquo;t fathom is why those same systems might be exposed to the Internet.\nWell, here is the thing: It is 2017. Every system is somehow exposed to the Internet. Often that happens indirectly or unintentionally, but it always happens. There is no such thing as an isolated network any more, ever, anywhere.\nMaybe you think there is, but that only means that you haven\u0026rsquo;t found the connection, yet. But everything, even those embedded systems, especially these embedded systems, need to somehow report stuff, be monitored, or otherwise connect to other systems to be useful.\nSystem integration has become so tight that you simply cannot afford to have an isolated system. If you had one, you would be losing business opportunities that are more valuable than the cost of managing network security.\nThat means you need to defend each and every endpoint, of course, which is only possible if you beef up these endpoints with enough CPU, power and cooling that they can actually spend the energy to defend, and then keep their software up to date.\nThat of course conflicts with the concept of validated, certified and unchangeable systems. And with the concept of sell once, and be rid of it for the coming 30 years. So both these things still exist in the minds of managers and product designers from the last millenium, but not really any more in the universe of 2017.\nIf you are one of these pre-millenial types, you haven\u0026rsquo;t been paying attention. You have missed Tesla, which pretty spectacularly updates a whole fleet of embedded mobile devices in the field, after sale, and managed to turn this into an actual feature that customers love, creating a much tighter bond between maker and customer than would be possible without it. Tesla now even rolls out hardware in advance, without the software actually being able to make best use (or any use at all) of the hardware, and then later incrementally upgrades the software leveraging the spare hardware, compute and memory in the devices.\nYou also missed things such as Patch Tuesday, a thing that Microsoft came up with to turn system changes into a recurring operational event instead of a migration project.\nThis is a key concept. When there is a new version, that new version needs to actually get out into the field, to all systems, within a pre-determined time. You get to choose that time, within limits, but it needs to be counted in days. 20 work days (1 month) is a good target for a beginner.\nAs KPIs go, you probably need to build process and infrastructure to get out any pre-determined version of anything to at least 95% of your complete fleet within 20 workdays as part of normal operations without a special migration project.\nIf do not have that, it means that old versions of things accumulate. That is a very real problem not only in the case of MS17-010, but also in many other ways.\nWhenever things manifest as \u0026ldquo;We can\u0026rsquo;t do that, because \u0026lt;something old gets in the way\u0026gt;\u0026rdquo;, that is technical debt. It means that your technical infrastructure ossified and tactical and strategic decisions are being made on the ground of technical limitations instead of actual tactical and strategic needs. Constraints are being accumulated in your systems, until you can\u0026rsquo;t move any more when you must, and the system breaks down.\nYou can put numbers to that, and counts of broken systems, broken processes, lost business opportunities and lost partners and customers because of a lack of trust into the security of your systems, because of a lack of trust into your ability to actually manage the problem or a lack of trust into your ability to maintain such a thing on a long term perspective.\nThe TODO list for management, one more time:\nKey ability: to be able to make changes to the entirety of the fleet of devices in the field, within a hard time limit, counted in days, as part of a normal operational procedure.\nKey ability: to actually be able to get changes from the upstream vendors of all software components that are part of the build, for the planned lifetime of the product.\nNow look around. These ticket vending machines and arrival displays in train stations, the ATMs next to it, the control software for the escalators and elevators, the control systems for the building electricity, traffic lights, and the cars engines,… And the smart phones in the pockets of all the people around you.\nAnd not few of these systems have planned lifetimes of decades.\nThe NSA policy of keeping this kind of bugs secret instead of working to the goal of making all computers more secure can also be translated into numbers. In this case numbers representing losses and gains. However, the losses accrued in this single incident are potentially already larger than the wins made by using ETERNALBLUE. But they are not the NSA\u0026rsquo;s losses. Maybe the incentives here are not completely aligned and need checking.\n(based on my Tweetstorm starting here )\n","date":"2017-05-15T00:00:00Z","href":"https://blog.koehntopp.info/2017/05/15/handling-wannacrypt-a-few-words-about-technical-debt.html","tags":["computer","politik","erklaerbaer","lang_en"],"title":"Handling Wannacrypt - a few words about technical debt"},{"categories":null,"content":" \u0026ldquo;Canary Skill Endorsements \u0026rdquo;: If you see them being used in a letter sent to you by a recruiter, you go all Van Halen when they spot a brown M\u0026amp;M .\n","date":"2017-05-09T00:00:00Z","href":"https://blog.koehntopp.info/2017/05/09/canary-skill-endorsements.html","tags":["work","lang_en"],"title":"Canary Skill Endorsements"},{"categories":null,"content":"APNIC discusses different TCP congestion control algorithms , coming from Reno, going through CUBIC and Vegas, then introducing BBR (seems to be a variation on CoDel) and what they observed when running BBR in a network with other implementations.\nTCP congestion control algorithms try to estimate the bandwidth limit of a multi-segment network path, where a stream crosses many routers. Each segment may have a different available capacity. Overloading the total path (that is, the thinnest subsegment of the path) will force packet drops by overloading the buffers of the router just in front of that thin segment. That in turn requires retransmits, which is inefficient and has nasty delays.\nTo make matters more complicated, the Internet is a dynamic environment and conditions can change during the lifetime of a connection. The first half up to \u0026ldquo;Sharing\u0026rdquo; is nothing new if you followed the works of Dave Taht or later works of Van Jacobson.\nBBR seems to work like CoDel : It measures the RTT, the time delay the sender sees between sending a piece of data over the TCP link and seeing the acknowledgement return. And like CoDel, BBR seems to try to keep buffers along the line just barely filled (that is, whenever a router finishes sending a thing, the next thing should be just ready to send in the buffer, but no more).\nThis again is not a new insight, it\u0026rsquo;s Theory of Constraints and especially DBR applied to networking.\nThe new insight in the paper is that RTT-based queue capacity management can in some circumstances starve drop-based algorithms. The authors show an example where BBR starves out a CUBIC connection on the same link. The section on \u0026ldquo;Congestion Control and Active Network Profiling\u0026rdquo; is then somewhat politcal. BBR has been deployed by Youtube, and it not only relieved buffer-management between Youtube and the Youtube client, it also suddenly makes shapers on the way very visible.\nYoutube is quoted with\n“Token-bucket policers. BBR’s initial YouTube deployment revealed that most of the world’s ISPs mangle traffic with token-bucket policers. The bucket is typically full at connection startup so BBR learns the underlying network’s BtlBw [bottleneck bandwidth], but once the bucket empties, all packets sent faster than the (much lower than BtlBw) bucket fill rate are dropped. BBR eventually learns this new delivery rate, but the ProbeBW gain cycle results in continuous moderate losses. To minimize the upstream bandwidth waste and application latency increase from these losses, we added policer detection and an explicit policer model to BBR. We are also actively researching better ways to mitigate the policer damage.”\nThis is a very nice way to say \u0026ldquo;We are seeing your shitty traffic shapers and are working around them.\u0026rdquo;\n","date":"2017-05-09T00:00:00Z","href":"https://blog.koehntopp.info/2017/05/09/rtt-based-vs-drop-based-congestion-management.html","tags":["internet","networking","lang_en"],"title":"RTT-based vs. drop based congestion management"},{"categories":null,"content":"It\u0026rsquo;s not my fault, really. It\u0026rsquo;s Schenker , and Urban Games . They sent me my Nvidia 1070 (with a side of CPU and Memory), and now there is a Windows Shoebox (well, Clown Shoe sized showbox) somewhere in our home, and Steam Streaming is busy. I\u0026rsquo;m off laying tracks with the family, now the screen updates are not jumpy any more.\nXMG Prime ","date":"2017-05-08T00:00:00Z","href":"https://blog.koehntopp.info/2017/05/08/kris-where-are-the-posts.html","tags":["gaming","fluffy fluff","lang_en"],"title":"Kris, where are the posts?"},{"categories":null,"content":"A talk by Marco te Brömmelstroet and others about how neither the Bike nor the train themselves are a viable transport alternative, but how they together are much more than the sum of their parts:\nNine Arguments for seeing bicycle-train as one mobility system Biking increases the catchment area of train stations, allowing an increase of the distance between stops for stop-trains, and consequently also for all higher-order trains. This speeds up the train system, making it a lot more attractive and a lot more viable. Both bike-use and train-use increase, making the high-density urban environment more liveable and attractive as well.\nHelstraat, Amsterdam, 1978\nThe same place, 40 years later (2015, so it\u0026rsquo;s 37 years really)\n","date":"2017-04-29T00:00:00Z","href":"https://blog.koehntopp.info/2017/04/29/the-bike-as-a-feeder-system-to-the-train-system.html","tags":["mobility","netherlands","lang_en"],"title":"The bike as a feeder system to the train system"},{"categories":null,"content":"When dealing with Kubernetes, you will inevitably have to deal with config and data that is in JSON format. jq is a cool tool to handle this, but while the man page is complete, it is also very dry. A nice tutorial can be found at The Programming Historian, which uses some real world use cases. My personal use case is Converting JSON to CSV , and the inverse of that . There also is a mildly interesting FAQ . Learning jq takes about one quiet afternoon of time.\n","date":"2017-04-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/04/26/jq.html","tags":["container","lang_en"],"title":"jq"},{"categories":null,"content":"The bomb attack on the bus of the german soccer club BVB has been solved. The attacker was not an islamist extremist, as the fake letters found on site suggested. They also weren\u0026rsquo;t Neo-Nazis, as the fake letters to two german newspapers claimed. The perpetrator was instead a militant capitalist who tried to influence BVB stock in order, after he purchased 15k put options on BVB stock. An english language article with background can be found at the BBC. It is unclear if German legislation will now call on a ban on radical capitalist education camps in german universities, or what kind of extreme vetting will be instituted in order to handle the problem.\n","date":"2017-04-21T00:00:00Z","href":"https://blog.koehntopp.info/2017/04/21/militant-capitalist-attacked-german-soccer-bus.html","tags":["germany","lang_en"],"title":"Militant capitalist attacked german soccer bus"},{"categories":null,"content":"The open source sysdig is a piece of software that does not quite, but almost, what strace or oprofile do: It instrument the kernel, and traces system calls as well as a few other kernel activities.\nYoutube: Sysdig Open Source - Getting Started With Csysdig It does not utilize the ptrace(2) kernel facility, though, but its own interface. This interface picks up data in the kernel and writes it into a ring buffer. A userspace component extracts this data, interprets, filters and formats it, and then shows it .\nIf the data source outpaces the userspace, the ring buffer overflows and events are lost, but the actual production workload is never slowed down.\nSo sysdig requires that you add the sysdig-probe.ko to your kernel. This is a component available in source, and can be built for your kernel just fine. On the other hand, sysdig just collects data in kernel, it does not process the data in that place - instead it moves most of the processing to userland. This is unlike dtrace, which requires an in-kernel special purpose language to do stuff, and requires a special coding style in order to prevent waits of the production workload. In sysdig, this processing happens off the production path, in userland, and hence is less time-critical.\nA long discussion of the design decisions can be seen in a sysdig blog article .\nThe open source version of sysdig is a single host thing - data is collected on one host and processed there, but it is already container aware. The really interesting product is the commercial variant of sysdig , though. Here, all your container hosts are being instrumented and data is collected (with application of filters, of course) on all hosts, centrally collected and stored, and then can be processed and drilled down using a web interface or a command line utility . The data store parts are standard persistence components that are known to scale nicely - cassandra, elastic search, and MySQL, connected together by Redis queues. You can run all this in your data center with their on-premises solution, or push to the sysdig run monitoring cloud solution (not really an option for most European customers, though, and also not for anybody wanting to stay PCI compliant).\nThe commercial solution not only is a kind of distributed strace, but like the single host product is container and orchestrator aware. So you can ask it for all disk writes to all log directories in all MySQL instances related to the wordpress deployment in Kubernetes, and it will find the relevant instances and their data for you and pick these events, no matter where Kubernetes has been scheduling these instances.\nIn fact, the product also knows about LDAP authentication and Openshift/Kubernetes RBAC authorization, so that developers can view the trace data from their groups deployments, but not from others. The commercial solution also transcends system call instrumentation and in fact understands internal event data from other, higher level products. When you are stracing or oprofiling a JVM or a perl instance, the only data you get is a lot of memcpy(), which is not really useful for debugging. You need execution engine instrumentation to understand what the language is doing, what symbols, objects and function call frame are on the stack and how memory is being used.\nIntegrations for many things exist and are being loaded on demand. So the web GUI allows you to review the topology of a Kubernetes project deployment, how it is being mapped to hosts, zoom in into instances of containers, and then dig into the actual pieces of software running in these containers, and finally dive into individual network packets or calls these things have been making. It\u0026rsquo;s pretty awesome, and it takes the grind of finding instances, setting up monitoring, collecting and interpreting data completely away from the developer.\nThey simply have seamless and effort-free visibility to all their things, and only their things. Sysdig (even the open source variant) also brings a number of nice and innovative concepts to the table. Spans for example are a hierarchical set of start/stop markers , which can be easily added to own code by simply writing structured data to /dev/null - that\u0026rsquo;s a cheap and universally available operation, which nonetheless is clearly visible to sysdigs instrumentation.\nSysdig understands spans, and can correlate them with themselves (they are hierarchical), with system objects (Spans can have IDs and tags) and with other events (spans are called spans, because they mark a span of time and space and they contain other system events).\nA spectrogram plots logarithmically bucketized spans (or calls) every 2 seconds. Slow calls to the right, fast to the left. You can mark an area with the cursor and see the actual calls in the Drilldown.\nDrill down is then possible within a span to see what happened inside. So you can span a transaction, request or another event, watch for bad things happening and then after the fact go and dive into the event logs and call stacks of things, watching the stack catch fire and burn down event by event. Treating event streams as a time series is - within limits - also possible. Lua scripts called chisels can be used to trigger on events in the event stream, and maintain aggregates or format interesting events. Because this happens outside of the kernel and also outside of the production control flow, this is not performance critical for production, and because it is using Lua it is very flexible and easily extensible.\nThe commercial sysdig product collects and stores data in a cassandra instance. The web GUI then to some extent treats that data as a kind of primitive time series database.\nThis is also where the limits of the current product lie: Their understanding of the statistics and math of time series data is limited.\nThere are no expressions, only single data-source values.\nYou cannot calculate derived values (MySQL disk reads/disk read requests to get a cache ratio for example) on retrieval, but like with Zabbix you have to do this on collection.\nAlso, Time Series Math as it exists with the Graphite/Grafana languages is not possible in sysdig, so it is impossible to plot correct read ratio vs. last weeks read ratio scaled to todays load in the same graph for comparison.\nAggregations are always single functions, to raw data generating a mean (50th percentile), a 99th, 99.9th and 100th (max) percentile time series at once is not an operation that can be expressed.\nAverages are used when means would be more appropriate, and averages of averages are being built without conideration to math and meaning at all.\nAlerting is hampered by the lack of time series math.\nWhat would be necessary would be proper time series math for model building (\u0026ldquo;This is the expected, modelled system behavior\u0026rdquo;) and the acceptable deviation corridors around the predicted system behavior should be defined. Alerts should fire when the actual observed behavior deviates from the predicted system behavior - but the lack of math makes the modelling impossible and so the Alerting is primitive and must lead to many false positives.\nSo if you see monitoring as a tripartite thing (*1), Debugging, Transactional Monitoring and Data Warehousey Monitoring, sysdig is awesomely advanced in the debugging discipline, and kind of meh\u0026rsquo;ish okay in the transactional thing. It fails the data warehousey stuff completely due to a lack of functionality on that side.\nThe company is addressing these limitations in coming releases.\nThat said, within these limitations, sysdig is awesome. It makes the debugging part of container deployments a breeze, and adds completely new possibilities and an incredible amount of visibility to working in Kubernetes.\nThe centralized logging and data storage makes a distributed, container-aware strace/oprofile available to developers, and integrates nicely with the access control methods available in the system.\nWell worth the invest in added productivity , even if it is not (can\u0026rsquo;t be) the end-all of monitoring for everyone and all use-cases (but they are working on it).\n(*1) Debugging means you interactively define filters, drilldown and views on the system to observe application behavior. You may be able to define triggers that recognize events where you want to start more capture, collect data in depth and then reconstruct buggy behavior with very in depth, non necessarily purely numerical data collected.\nSysdig is the benchmark system for debugging here. Transactional monitoring is where you define Alert conditions, generate alert events to get a human to handle the incident, have the human handle the incident and close it. Once that has happened, the transaction is done, and the data about the incident can be forgotten. Prometheus is the benchmark transactional monitoring system.\nDatawarehousey monitoring builds long term views of system utilization and behavior and tries to model system behavior. It is used for capacity planning, trend analysis, and sometimes delivers baselines for transactional anomaly detection. Many TSDB systems, stuff like Druid, and - outside of containers - Graphite do this kind of stuff.\nThis article has been written after getting the product demoed, and playing with it in our environment with some test licenses. Not sponsored by sysdig or anybody else.\n","date":"2017-04-20T00:00:00Z","href":"https://blog.koehntopp.info/2017/04/20/understanding-sysdig.html","tags":["container","monitoring","lang_en"],"title":"Understanding sysdig"},{"categories":null,"content":" The Tweet points to the bug report . After the facepalming there is still a lot to say about that.\nAbout the bug: There is a system call stat(2) in Posix, which returns a struct stat as a result. Part of that data structure is a field st_ino, which contains the inode number of that file. That number is a unique file identifier, a 64 bit bit pattern. Javascript does not have integer types to represent that number, so node.js has been falsely converting it to a float, which can hold 53 bits of precision.\nSo on certain file systems, 2048 different files will be munged together, which is extremely bad.\nPossible solutions are obvious: Use a string or use two 32-bit numbers to hold full precision values.\nAbout Javascript: Javascript is a language used in browsers, and changing the specs of Javascript is incredibly hard. Basically, you have to get everybody to update their browsers in order to actually make progress. There are things that do crypto with Javascript as a target language, and there are compilers from proper programming languages to portable Javascript as a target.\nBut still, Javascript itself is poisonous , and while that take on the language is humorous, this is a serious problem.\nAbout culture: So we are getting a generation of developers now, which have been growing up without hardware or state. They learned programming on AWS and take RDS for granted, which means they have never actually seen hard(-ware related) problems. They also learned programming with the Javascript framework of the week, and think that real software can be written this way. The result is not only the mess that s npm, but also an attempt at systems programming resulting in constructs such as this.\nI cannot for the life of me stand the coddly approach to teaching of Julia Evans (check out her writeups at her blog ), but apparently what she does and how she does it is necessary and appropriate for people growing up in a programming environment like this. Well, I\u0026rsquo;m ok with that if it prevents mindsets and bugs like the one above.\n","date":"2017-04-19T00:00:00Z","href":"https://blog.koehntopp.info/2017/04/19/node-js-idea-of-an-inode-is-approximately-broken.html","tags":["computer","erklaerbaer","lang_en"],"title":"node.js idea of an inode is approximately broken"},{"categories":null,"content":"I was having two independent discussions recently, which started with some traditional Unix person condemning software installing with curlbash (curl https://... | bash), or even curl | sudo bash.\nI do not really think this to be much more dangerous than the installation of random rpm or dpkg packages any more. Especially if those packages are unsigned or the signing key gets installed just before the package.\nThe threat model really became a different one in the last few years, and the security mechanism have had to change as well. And they have, UIDs becoming much less important. Desktop containers and Sandboxes have become much more important, and segregation happens now at a much finer granularity (the app level) instead of the user level.\nThe two discusssions have been around the installation of sysdig (see their article , which focuses on signed code and proxies injecting modifications), and Mastodon (which uses node.js, which features one installation path using curl -sL https://deb.nodesource.com/setup\\_7.x | sudo -E bash -).\nProvided that you actually get the file that\u0026rsquo;s on the remote server (i.e. no proxy exists that modifies stuff), I fail to see the problem. You are not very likely to go through the source and review it. Also, you are hopefully installing this into a single-purpose virtual machine or container, so there is nothing else inside the image anyway. It does not really matter, which UID this is running as, because there is nothing else inside this universe in the first place.\nWe have come, in a way, full circle and are back at MS-DOS, where there are no users or permissions visible to the application, because it is utterly alone in the world.\nUser IDs also do not matter much on personal devices, because these typically have only one user. Being kris (1000) on my Laptop or my Cellphone does not really contain or isolate anything, because there is only me and the only files important are all mine - the files not owned by me come from the operating system image and can be restored at any time. Yes, my files are much more important and harder to replace than the system files.\nMacOS In MacOS, we have a system that kind of solved the problem of a lone user installing a lot of apps, all of which might to a certain extent be hostile to each other or are trying to pull off things with me and my data. The threat model is not \u0026ldquo;multiple users sharing a single device, and keeping their stuff separate\u0026rdquo;, but \u0026ldquo;many apps from different sources, and with different levels of trustworthiness, make sure they do not make off with the users data or another apps data unnoticed\u0026rdquo;.\nThis is very different from Unix-Think and Unix is actually by default not set up at all to handle this. MacOS attacks the problem by sandboxing Apps from the App Store. Apps run in\n⌂ [:~/Library com.omnigroup.OmniGraffle7.MacAppStore]↥ $ pwd /Users/kkoehntopp/Library/Containers/com.omnigroup.OmniGraffle7.MacAppStore ⌂ [:~/Library … com.omnigroup.OmniGraffle7.MacAppStore]↥ $ ls -1 Desktop Documents Downloads Library Movies Music Pictures That is, you still have a single UID per potential user, but apps are confined to a subdirectory and a bunch of system standard locations for stuff. They can exit that through the file dialogs and other systems means and access arbitrary locations in the system, but the user interaction required here makes sure their activity is being screened and contextualized by a human.\nFor the user, this is transparent and invisible, and requires no conscious permissive actions. It is implied in the normal I/O dialog workflow. That\u0026rsquo;s genius, because it hides all the complexity that comes with other systems such as AppArmor, let alone SELinux.\nAndroid Android uses Unix UIDs, but differently than intended. In Android, you always have a GUI, because a Command line without a GUI does make no sense on touch devices. Multiple Users are possible, but user separation is not via UID, it is via GUI.\nInstead, Android assigns a UID to each app dynamically, and uses Linux permissions and SELinux on top of that to keep apps out of each others data.\nThe \u0026ldquo;SD Card\u0026rdquo; area and permission is actually a limited file share facility between apps, but that was not planned. Instead it has been but a side effect of the fact that MS-DOS filesystems on SD-Cards do not enforce Unix UIDs of different apps.\nOn top of that, Google has been learning clumsily and slowly to leverage this to an advantage, with several false starts.\nUser Story Both systems allow users to install apps from all kinds of app makers through a unified channel with limited review, and manage to keep data per-app separated. So it is possible to run apps safely, even if the app is somewhat hostile to other apps or the users data. The ideas behind that have been picked up, and are being transformed slowly in the unix environment using the desktop-container paradigm.\nThings like Flatpak are leveraging containers on the desktop to do exactly what the MacOS sandbox does.\nSummary: If everything on your system is running as the same user, then \u0026ldquo;curl |sudo bash\u0026rdquo; and \u0026ldquo;curl | bash\u0026rdquo; are equivalent in terms of threat. If the user is not actually reviewing the source and build, then each apt-get, rpm and any curlbash are actually equivalent, because the amount of review is the same, and far too little. What is instead necessary is a system that improves security in a way that separates apps, not users, and that makes it possible to recover from the accidental install and execution of a hostile or broken app.\nAnd that\u0026rsquo;s what desktop containers like flatpak do, or intend to do. They are obviously neither perfect nor finished. But they are actually addressing a new and different threat model than the one Unix was built for, and that is no longer reflecting the current world.\n","date":"2017-04-13T00:00:00Z","href":"https://blog.koehntopp.info/2017/04/13/curlbash-and-desktop-containers.html","tags":["security","container","lang_en"],"title":"Curlbash, and Desktop Containers"},{"categories":null,"content":"The Telegraph had a article on a self-styled \u0026lsquo;grammar vigilante\u0026rsquo;, who corrects badly punctuated shop signs in the dead of the night, and the article has not been dated April, 1st.\n[…] the man has corrected tens of missing and misplaced apostrophes on shop banners across Bristol over the past 13 years. The pedant, who is yet to reveal his identity, claims his efforts are needed to bring an end to the improper use of English.\nMeanwhile, innocent bystanders complain about the title \u0026lsquo;grammar vigilante\u0026rsquo;, because:\nMelania Branton, a poet from North Somerset, said that whoever the ‘grammar vigilante’ turns out to be “must be wincing at the misnomer, as punctuation isn’t grammar”.\nRight.\n","date":"2017-04-05T00:00:00Z","href":"https://blog.koehntopp.info/2017/04/05/apostrophiser.html","tags":["fluffy fluff","lang_en"],"title":"Apostrophiser"},{"categories":null,"content":"A long time ago, I wrote a text on the German Blog and on Carta: Wieso wir uns veröffentlichen (Why we publish ourselves).\nIn the middle of a discussion about privacy I was explaining why people publish themselves, why they publicly reveal (sometimes intimate) facts about themselves. They are doing this, I wrote, to find other like-minded people, to become searchable and to become approachable, to build trust. Trust is a wonderful thing. It is the powerful assumption that most people most of the time want to help you and that falsely trying out to trust people is a recoverable mistake. Having trust and being in a trustworthy environment keeps transactional costs low and makes cooperation possible.\nAnd that\u0026rsquo;s rewarding and awesome. How does this work in practice?\nSo tomorrow there is Pro Light and Sound in Frankfurt . Sammy wants to go there, and gets the combination ticket. That\u0026rsquo;s admission to the trade show, plus a ticket for German rail. That ticket is being delivered as a Bahn Tix code, which you can punch into any German ticket machine and get a printout. We are in the Netherlands. The next ticket machine is in Venlo. The route she\u0026rsquo;s going to use does not pass Venlo. There is no way to get Bahn Tix online .\nI am asking on Google plus for help, and because I know at least one person following me is a Train Driver I mention them into the thread. Sammy, me and that person get into a Hangout. Ticket is being picked up and given the train driver of ICE 220 FFM -\u0026gt; Amsterdam Centraal. Shift change at the border, ticket travels on to Amsterdam, +30 platform change 7b -\u0026gt; 2. Printed Ticket is being successfully delivered from the engine to Sammy at 11:58.\nThis is a direct application of Interpersonal Ties theory (pointing to article by Granovetter (1973) and in a way to the works of Peter Turchin . High trust societies are societies where people have many weak ties , that can be strengthened as demand arises. It\u0026rsquo;s these strong weak ties that enable (inter-) action and where cooperation wins between people are highest. In order to have strong weak ties, a society needs to have a relatively low and controlled wealth difference (Gini coefficient ) and a working judicial system and low corruption. This creates social cohesion, and enables \u0026ldquo;random\u0026rdquo; cooperation.\nAlso, you win friends. Looking forward to a visit, soon.\n","date":"2017-04-05T00:00:00Z","href":"https://blog.koehntopp.info/2017/04/05/strong-weak-ties.html","tags":["mobility","netherlands","neuland","lang_en"],"title":"Strong weak ties"},{"categories":null,"content":"See also Why I Don\u0026rsquo;t Talk to Google Recruiters .\nWhere I work we have regular round tables, in which you can talk and ask questions to middle management from other departments than your own. I had the opportunity to talk to a person who manages development priorities and staffs teams, and who of course has some insight into hiring and the interview process. That was very enlightening.\nFor example, finding people to hire in a large organisation is a hard job. Hiring rates are quite fixed, so in order to find people to hire you need to go through a relatively fixed, larger number of resume reviews, phone screens and face to face interviews. Assume that for each three people you would want to hire you need to sift through 100 resumes - that\u0026rsquo;s 10.000 resumes to look at for 300 people to hire. And it can not be automated.\nAn interview process for hiring, then moving people and their families, and finally on-boarding has latency - several months, often half a year, until the move and first day at work, and then another three months of on-boarding and three more months of team formation (the four *ormings).\nI agree with whiteboard programming being a useless exercise in hiring interviews, and prefer other methods to validate credentials and capability - I like to ask people \u0026ldquo;Choose a previous project from your resume and tell me about it. What was that about, what was hard, and how did you handle this? What did you like about your solution, and what would you be doing differently in retrospective?\u0026rdquo; I like to hear about things they are proud of, and things they have learned, and I like to hear about possible choices and reasons for preferring one over the other. But this\nThanks for your email. I\u0026rsquo;m very interested indeed. I have nothing against an interview. However, there is one condition: I have to be interviewed by the person I will be working for. By my future direct manager.\nis not going to work in any larger organisation, and for sure not in the place I work in.\n\u0026ldquo;We don\u0026rsquo;t hire for a specific position, except for very few and distinct job profiles. Certainly not for developer positions.\u0026rdquo; has been explained to me. \u0026ldquo;We would for example hire for specific positions in deep infra, Network Engineers or Database Administrators, but that\u0026rsquo;s rare and an exception.\u0026rdquo;\nWhen I asked for the why, we ended speaking about one core work of that manager, and how an agile organisation at scale can work. In our case, the organisation has a very specific culture and way of working, and of course a huge established codebase. The purpose of on-boarding is to explain our way of working and our past choices to beginners, and to familiarise them with our vocabulary, toolset and environment in a safe way.\nAfter completing this, beginners like everyone else, can enter the \u0026ldquo;Pick your next team\u0026rdquo; process, in which wishes and requests, skills and interests are being matched, and in which people can move laterally through the organisation. It may very well be that the job and team you are applying for after completing on-boarding did not exist yet when you were interviewed - and in fact that\u0026rsquo;s not entirely unlikely, considering growth and the speed of change in the business environment.\n","date":"2017-03-27T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/27/the-interview-in-the-enterprise.html","tags":["work","lang_en"],"title":"The Interview in the Enterprise"},{"categories":null,"content":"Autoblog titles: The race for autonomous cars is over. Silicon Valley lost . The point they want to make is:\nTo paraphrase Elon Musk, Silicon Valley is learning that \u0026ldquo;Making rockets is hard, but making cars is really hard.\u0026rdquo; People outside of the auto industry tend to have a shallow understanding of how complex the business really is. They think all you have to do is design a car and start making it. But most startups never make it past the concept car stage because the move to mass production proves too daunting.\nand\nYet, while companies like Google and Apple are giving up on making cars, they\u0026rsquo;re not giving up on the auto industry. There is another area where Silicon Valley could play a dominant role and it\u0026rsquo;s all about accessing car-based data.\nIt\u0026rsquo;s about the margins - making a thing gives you around 10% markup, making things out of data gives you much, much higher margins. This also frames the current discussions about privacy within the German government, and who is to own your data (hint: not you), especially when you drive.\nBut making software systems is also really, really hard. And an electric, self-driving car is much more a system, then a piece of software and then a piece of hardware. And Forbes sees the automotive industry not really in a strong position here, focusing on GM and Tesla.\nIn reality, I don’t see how GM isn’t making a meaningful strategic pivot to electric, especially compared to Tesla. Why? By March 2017, GM sold a little over 2,000 Bolts, which retail around $37,000. By way of comparison, Tesla has delivered “over 183,000 Model S and X vehicles over the last four years,” according to Electrek. And then there’s the Model 3. Tesla has received over 400,000 customer deposits for its Model 3, which is priced at $35,000.\nWhat GM does with the Ampera-e looks like a compliance stunt to get fleet consumption down, not like a credible electric move, to some: Greenwashing?\nSo what to make of it? Making cars is hard. Making self-driving, electric cars is even harder, because it involves the hard tasks from making large physical machines and the hard tasks from making distributed, secure software systems. Traditional car makers are not delivering (GM singled out above, but the others are guilty, too). And are not pivoting aggressively and fast enough into software and into electric. On the other hand, Silicon valley has largely pulled out of making large physical objects, and focuses on the data generated by drivers. Only Tesla seems to move at speed.\n","date":"2017-03-23T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/23/electric-car-confusion.html","tags":["mobility","lang_en"],"title":"Electric car confusion"},{"categories":null,"content":"Marnix Dekker has an article on HTTPS interception as it is being done in some workplaces. He lists:\nAre you serious? We worked so hard to make the web more secure and you are fucking it up. HSTS, you are breaking it. Blinds the browser and the user, because you re-encrypt with wildcard certs. Disrupts personal use. Breaks pinning and CT. Breaks with consumerization. Disrupts BYOD. Discourages good user practices. Limited benefits. and finally: Hard shell, soft inside is not going to work. ","date":"2017-03-22T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/22/10-reasons-not-to-do-https-interception.html","tags":["security","lang_en"],"title":"10 reasons not to do HTTPS interception"},{"categories":null,"content":"Netzpolitik.org has an article (in German) in which they are interviewing IT-Security Consultant Thorsten Schröder on Adblockers, wasted capped mobile bandwidth and Malvertising.\nnetzpolitik.org : Neben dem Schutz vor Malware, welche weiteren Gründe für die Nutzung von Adblockern findest Du wichtig?\nThorsten Schröder : Wenn wir als Malware all das klassifizieren, was Nutzer ausspioniert, täuscht, kompromittiert oder finanziell schädigt, haben wir im Grunde schon mal eine ganze Reihe an Gründen abgehakt. Nutzer müssen die Möglichkeit haben, selbstbestimmt das Schutzniveau ihres Computers bestimmen zu dürfen. Hat die Bundesregierung vielleicht mal das Bundesamt für Sicherheit in der Informationstechnik (BSI) gefragt? Es wäre eine gute Gelegenheit für das BSI, zu zeigen, was es drauf hat.\n»netzpolitik.org: Besides the protection against malware, what other reasons for using Adblockers are important to you?\nThorsten Schröder: If we classify things as malware which spy on users, deceive them, compromise them or harm them financially, we have in principle covered all reasons. Users you have the right to determine the level of protection their computers need. Did our administration ask their Bundesamt für Sicherheit in der Informationstechnik (BSI)? It would be a good opportunity for the BSI to show what they can do.«\nThe article goes on to discuss numbers and percentages. That is actually not helpful. The numbers stated are by construction too low, and that can not be helped. Also, the numbers are ultimately irrelevant, because Malvertisements are not distributed randomly and evenly. The point being that Ad-Networks generate their value not only from the raw number of eyeballs reached, but quite a lot comes from being able to reach the right kind of eyeballs. The better the Ad-Network, the better their targetting. 10.000 drive-by impressions are worth quite a lot more when I can make sure that all 10.000 of them hit explotable XP/MSIE 6 combos, even if the relative number of installations left in world with these characteristics is quite low.\nAnd 10.000 impressions for ads containing this or that scam are worth a lot more, when I can select an audience for these 10.000 expressions that is badly educated, old or otherwise wrangling to stay on top of this Internet thing and thus more likely to fall for it.\nTargeted advertising and Malware Distribution are a match made in hell, they amplify each other synergetically. This is an effect we need to push more to the front of this discussion. Content Sites are responsible for the ads integrated into their content and shown \u0026ldquo;as their own\u0026rdquo;. Ad Networks are responsible for the way the selectors they offer are being used.\nThe German construct of Störerhaftung works in all directions, not just against private Wi-Fi offerings.\n","date":"2017-03-21T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/21/malvertising-we-have-only-seen-the-beginning.html","tags":["copyright","advertising","lang_en"],"title":"Malvertising - we have only seen the beginning"},{"categories":null,"content":"Science Daily writes :\nNew research investigating the transition of the Sahara from a lush, green landscape 10,000 years ago to the arid conditions found today, suggests that humans may have played an active role in its desertification. [\u0026hellip;] As more vegetation was removed by the introduction of livestock, it increased the albedo (the amount of sunlight that reflects off the earth\u0026rsquo;s surface) of the land, which in turn influenced atmospheric conditions sufficiently to reduce monsoon rainfall. The weakening monsoons caused further desertification and vegetation loss, promoting a feedback loop which eventually spread over the entirety of the modern Sahara.\nSimilar effects are being discussed in The Science Show of January 21 , about current day South Western Australia:\nEuropeans began altering the landscape following settlement of the region in 1829. Vast areas of eucalypt forest were cleared for crops and pasture. Cleared land produces less turbulence as storms move across the landscape. And fewer big trees means less transpiration. The atmosphere is drier, the storms slip by, with less rain produced. Now global effects mean cold fronts are passing further south, some missing the continent altogether. The water table is falling by half a metre a year. If the trend continues, there are predictions of a 17% drop in agricultural production in future decades.\n","date":"2017-03-21T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/21/no-such-thing-as-a-wilderness-part-ii.html","tags":["science","lang_en"],"title":"No such thing as a wilderness, part II"},{"categories":null,"content":"Some 40 authors are listed in the title of Persistent effects of pre-Columbian plant domestication on Amazonian forest composition in Science.\nThe TL;DR is: The Amazonas Rain Forest is a 10.000 year old garden, which has been left untended for the last 500 years after the Amerindian genocide of European conquistadors.\nThe extent to which pre-Columbian societies altered Amazonian landscapes is hotly debated. We performed a basin-wide analysis of pre-Columbian impacts on Amazonian forests by overlaying known archaeological sites in Amazonia with the distributions and abundances of 85 woody species domesticated by pre-Columbian peoples. Domesticated species are five times more likely than nondomesticated species to be hyperdominant.\nAcross the basin, the relative abundance and richness of domesticated species increase in forests on and around archaeological sites. In southwestern and eastern Amazonia, distance to archaeological sites strongly influences the relative abundance and richness of domesticated species. Our analyses indicate that modern tree communities in Amazonia are structured to an important extent by a long history of plant domestication by Amazonian peoples.\nThe full article is unfortunately behind a pay wall.\n","date":"2017-03-21T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/21/no-such-thing-as-a-wilderness.html","tags":["science","lang_en"],"title":"No such thing as a wilderness?"},{"categories":null,"content":" Salted Doorknobs kill MRSA Says this article at The Atlantic :\nSuperbugs like Methicillin-resistant Staphylococcus aureus, or MRSA, have wreaked havoc on the health-care system in recent years. [\u0026hellip;] How do you stop them? Frequent hand washing is one option, but that requires a behavior change, which can be difficult, even for hospital staff. Another option is to coat those frequently fondled objects most likely to carry the bugs—doorknobs, bed rails, toilet handles—with a special anti-microbial surface, like copper. [\u0026hellip;] Whitlock found that salt killed off the bug 20 to 30 times faster than the copper did, reducing MRSA levels by 85 percent after 20 seconds, and by 94 percent after a minute.\n","date":"2017-03-21T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/21/salted-doorknobs-kill-mrsa.html","tags":["science","lang_en"],"title":"Salted Doorknobs kill MRSA"},{"categories":null,"content":" Commit to git Erik Bernhardsson has been running Big Data on Git repositories of various kinds. He was trying to find out what the half-life of code is. That is, when you commit to a repository, your code becomes part of a project, but eventually other code will replace it and it will no longer be part of the current version. How stable is the codebase, what is the half-life of code? And why is it different in different projects?\nAs a project evolves, does the new code just add on top of the old code? Or does it replace the old code slowly over time? In order to understand this, I built a little thing to analyze Git projects, with help from the formidable GitPython project. The idea is to go back in history historical and run a git blame […]\n","date":"2017-03-20T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/20/when-you-commit-to-git-how-long-does-it-matter.html","tags":["computer","free software","lang_en"],"title":"When you commit to git, how long does it matter?"},{"categories":null,"content":"The historic 8008 processor is 45 years old: It was released on the 13th of March 1972. Ken Shirriff has a blog post that explains features of the CPU, from a die photo.\nCompared to modern CPUs, the 8008 is weird in multiple ways: The storage for the stack is on chip instead of in memory, and it is not accessed in linear order for weird transistor saving reasons. Things have changed since then a lot, but back then, a central processing unit was usually not a single die, but a bunch of discrete electronics on a board.\nHaving enough transistors on a single die to make up a CPU inside a chip was a novel concept.\nDie photos and analysis of the revolutionary 8008 microprocessor, 45 years old Reverse-engineering the surprisingly advanced ALU of the 8008 microprocessor Analyzing the vintage 8008 processor from die photos: its unusual counters ","date":"2017-03-15T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/15/how-does-the-8008-processor-work.html","tags":["computer","fluffy fluff","damals"],"title":"How does the 8008 processor work?"},{"categories":null,"content":"Some time ago, I gave a talk about boring technology at Booking , which means choosing the simplest, stable and maintainable solution you can get away with for solving a problem at a given scale.\nApparently Dan McKinley has similar views, which he explained in Choose Boring Technology . The writeup explains nicely what boring technology is, and why to prefer this. Never forget your mission, which is business, not technology. The technology is a necessary tool, but likely not your friend .\n","date":"2017-03-13T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/13/b-boring.html","tags":["computer"],"title":"B.boring"},{"categories":null,"content":"So Saturn has a \u0026lsquo;moon\u0026rsquo;. At least that\u0026rsquo;s what They want us to believe. But we know better.\nSupposedly Pan , a Saturn Moon, as seen by Cassini.\nBASIS , as we know it from Rhodan ","date":"2017-03-13T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/13/thats-no-moon.html","tags":["fluffy fluff","science","lang_en"],"title":"That's no moon!"},{"categories":null,"content":" In any discussion about cycling in Germany, sooner or later some geek who has been exposed to USENET shows up and then the ADFC #173 (http://bernd.sluka.de/Radfahren/fdf173.pdf ) is being quoted. That\u0026rsquo;s a thing from 1992.\nThe usual thing happened here on Facebook - a discussion about the SolaRoad Krommenie diverged into \u0026ldquo;Cycle Paths are stupid\u0026rdquo; and then linked over to the ADFC #173.\nHere is a bunch of more recent material and links.\nThe TL;DR is: When there is no proper traffic separation or traffic separation is impossible, then an on-the-road cycle path, is usually better than a cycle path that runs more or less invisibly by the road and then suddenly intersects with the road at crossings. But a cycle path on the road, not separated by traffic has a number of drawbacks - paint is never enough.\nIt reduces cycling in \u0026ldquo;weak\u0026rdquo; cyclists, very young and older people, feeling insecure close to cars. It prevents building wide cycle paths, and prevents \u0026ldquo;social\u0026rdquo; cycling, that is, usually two cyclists can\u0026rsquo;t be riding side by side, talking while cycling, like people in a car would be able to do it. It comes with speed limits on the car in order to be safe. In the Netherlands, cycle lanes on roads come with a 30 km/h speed limit recommended for cars, and a 50 km/h absolute limit. Usually, for 50 km/h a cycle path that is somehow separated from the road, and roundabouts instead of crossings are recommended. For faster than 50 km/h, unravelling (intersection free cycle paths) are recommended. A View from the Cycle Path is generally a recommended blog. They have an article about On The Road Cycle Lanes , done properly and improperly. The What\u0026rsquo;s Better section at the end of the article discusses better solutions: Separate cycle paths with roundabouts , and unravelling (completely separate, intersection free infrastructures for different types of traffic). The Cycle Paths tag in the blog shows a lot of examples. An article on unravelling shows intersection free infrastructure. An example for unravelling can be seen on Google Maps close to Hoofddorp Station and in many other places.\nAnother article explains safe roundabouts for bike lanes crossing road safely at intersections. The keys to the design are: The cycle path is led in a way that the cyclists are forced to slow down exactly at the dangerous point, and not before, accelerating into a danger zone, and the road is led in a way that motorists have to deal only with one danger at a time, and always into the same direction, right-ahead (two o\u0026rsquo;clock), and have adequate room to stop and wait.\nAnd, separation of on-the-road cycle paths can be relatively simple and cheap, as shown by this Guerilla improvement action using toilet plungers . Social aspects of cycling are also being discussed in that blog. How did the Netherlands become such a good country for cycling? It started in the 70ies, here is an article . In fact, cycling creates traffic problems in the Netherlands that other countries wish to have, and which are being addressed .\n","date":"2017-03-13T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/13/we-learned-a-few-things-about-cycle-path-design-in-the-last-25-years.html","tags":["mobility","lang_en"],"title":"We learned a few things about Cycle Path design in the last 25 years"},{"categories":null,"content":" Work Chat said: [On boiling water with Gas instead of an electric cooker]\nL\u0026gt; Yeah, they have 110 freedom volts. Or whatever weird unit they use for that.\nI\u0026gt; So what is the imperial unit for Volt?\nLet\u0026rsquo;s see. Volt in SI units :\nThat gives us $$ 1V = 1 kg * m^2 * s^{-3} * A^{-1}. $$\nWe can turn the kg into pounds and the square meters into square feet, but we can\u0026rsquo;t easily imperialize the seconds and Amperes. That leaves us with\nThat\u0026rsquo;s 2613 freedom volts (or George Bushes) to the 110 SI volts.\nAnd it can be done with Google Math queries only, which is somewhat impressive.\n","date":"2017-03-10T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/10/irc-so-110-freedom-volts.html","tags":["fluffy fluff","lang_en"],"title":"IRC so: 110 Freedom Volts"},{"categories":null,"content":"Tech.co has an article titled Artificial Intelligence Startups Are Winning the Cybersecurity Race . The claim is basically first that old, pattern and signature based malware recognition is useless, and second, that new, behavior based malware recognition employing mystery AI technologies fixes things. The article closes with\nIn the near future, we predict that AI will be able to effectively fight against hackers by easily detecting repacked viruses. It’s just a matter of time. That’s why, more than resources or experience, companies who actively apply AI, especially cybersecurity companies, will ultimately be successful.\nThat will be interesting to see. Here is a data point:\nOn a computer without any protection installed, unpacking a node.js based hipster chat application zip into 7500 files inside an application folder takes 3.5 seconds. So why is this other device from the same maker close to unusable and has close to zero battery life? Let\u0026rsquo;s see: It has been gifted with the full package of corporate enterprise security: Junos Pulse Endpoint Security, FireEye endpoint security and TrendMicro Enterprise protection.\nWith everything on, it takes 27 seconds (instead of 3 seconds) to unpack the same archive. Getting root and uninstalling FireEye reduces the unpack time to 18 seconds. Reading the TrendMicro config file and doing the Unpacking inside a specific git directory, which is exempt from TrendMicro scanning takes 11 seconds. Uninstalling Junos Pulse, and doing it in the exempt git directory takes 8 seconds. The uninstallation or going into exempt directories was based on observing a system monitor and finding out which processes consume abnormal amounts of CPU during the operation. In fact, the git directory is exempt because it can contain on the upside of half a million files and having TrendMicro active inside that directory simply shuts down the machine, because battery empty.\nI guess the point I am trying to make here is that \u0026ldquo;more protection\u0026rdquo; is going to mean \u0026ldquo;more mAh and Watts spent on stuff not related to the primary purpose of the machine\u0026rdquo;. And we are in an age where consumer devices are increasingly run on battery, and have thermal budgets limited to 5W and less because they have no fan.\nSo I am going to predict that in the near future we will see a growing conflict between \u0026ldquo;protection\u0026rdquo; software uselessly wasting performance and battery and users, who actually want to use their stuff and need to be vigiliant for things that eat battery capacity and heat the CPU needlessly. Your phone, your fanless tablet, your 12\u0026quot; Macbook and your tablet-computer hybrid won\u0026rsquo;t be running much security software because it\u0026rsquo;s mobile, running on battery and has to live with 5W or less.\n","date":"2017-03-10T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/10/the-cost-of-winning.html","tags":["security","performance","lang_en"],"title":"The cost of winning…"},{"categories":null,"content":" Every single time a big Silicon Valley company updates their Terms of Service, there is somebody who mis-interprets the change as an attempt to landgrab, or take ownership of the things being uploaded to the service.\nThis time it affects github.\nTheir new TOS has a section on User-Generated Content , which in github\u0026rsquo;s case is all the repositories, snippets and other stuff they are hosting. In order to do the stuff they are doing on their users behalf, they need a lot of legal permissions on the stuff you are sending to them.\nThat might seem scary, but please stop here and actually read that section linked up there. It\u0026rsquo;s one of the most clear, non-legalese TOS I have ever seen and it even explains WHY they need these rights and what they are going to use them for.\nSo D.4 says \u0026ldquo;You grant us and our legal successors the right to store and display your Content and make incidental copies as necessary to render the Website and provide the Service\u0026rdquo;.\nWhy is this?\nThat means you\u0026rsquo;re giving us the right to do things like reproduce your content (so we can do things like copy it to our database and make backups); display it (so we can do things like show it to you and other users); modify it (so our server can do things like parse it into a search index); distribute it (so we can do things like share it with other users); and perform it (in case your content is something like music or video).\nSo they ask for the necessary license to operate, and that license is non-exclusive (good), time-unlimited (necessary) and limited (for the purposes as stated (\u0026ldquo;as necessary to render the Website and provide the Service.\u0026rdquo;)\nWebsite and Service are upcase, which means they are defined more clearly further up in document, limiting the license even more.\nD.5 says \u0026ldquo;License Grant to Other Users\u0026rdquo;, and again the TOS states clearly when (\u0026ldquo;by setting your repositories to be viewed publicly\u0026rdquo;) and what and WHY again (github is about forking, that requires a license to do that from you). And again, it\u0026rsquo;s limited: If you set your repo to public, \u0026ldquo;you grant each User (upcase!) of GitHub a [\u0026hellip;] license to [\u0026hellip;]\u0026rdquo;. Again, it\u0026rsquo;s limited - the license is nonexclusive, and for a purpose (\u0026ldquo;to [\u0026hellip; list of things \u0026hellip;]\u0026rdquo;). This is about as clear, non-threatening, transparent and obvious any legal contract you are going to see in your life can ever get.\nSo, D.7 is about moral rights (that\u0026rsquo;s a term for authorship attribution rights that are part of euro-copyright as opposed to us-copyright). And it says \u0026ldquo;you waive these rights and agree not to assert them against us\u0026rdquo;, which means, you still have these rights, but you can\u0026rsquo;t sue github for doing what github is about. And you again grant a license, limited, for a purpose (\u0026ldquo;render the Website and provide the Service\u0026rdquo;).\nTL;DR: GitHub is a nice company. The TOS change is fine. Calm down, and STFU until you understand basic copyright law and contractual language. Thanks.\n","date":"2017-03-09T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/09/github-updates-its-tos-and-they-are-not-trying-to-cheat.html","tags":["computer","copyright","lang_en"],"title":"github updates its TOS, and they are not trying to cheat"},{"categories":null,"content":" The Engineer Wizard Paul Armstead is a fat, old man with no life. Helping a stranger in a snow storm, he gets a mystery box, which contains a Genie. Helping the Genie, he\u0026rsquo;s being transformed into a wizard, a being which can affect reality in an acausal way. For the last 400 years, no new wizards have been created on earth, and the remaining 300 or so wizards and witches are ossified. Being an engineer, Armstead invents new ways to deploy magic and create magic effects, combining science and magic.\nThis book is written horribly and in serious need of several edits. The language is wooden and overly rich in adjectives, there are scenes that serve no purpose, and lots of things are explained in monologue instead of shown.\nThe main character is supposedly an engineer, but has to create avatars of people that explain his own job to him, and other character/role inconsistencies exist throughout the book. The story concept has some promise, and pulls you in for about half the book (after an exceptionally slow and weak start), but the execution is too flawed to keep interest going.\nDid not finish.\n\u0026ldquo;The Engineer Wizard\u0026rdquo;, Glenn Michaels, EUR 2.99 (Kindle , also unlimited), First in a series of 3 (all three parts in unlimited).\n","date":"2017-03-04T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/04/fertig-gelesen-the-engineer-wizard.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: The Engineer Wizard"},{"categories":null,"content":" We are Legion Somebody pointed me to We are Legion (We are Bob) , but somehow I can\u0026rsquo;t find that post any more. Anyway, following that hint, I picked up the book and read it. It\u0026rsquo;s awesome.\nBob Johannson made it big: Sold his software company to his greatest competitor, took the money, got a cryopreservation contract on his head and went to a SciFi convention, partying. Where he is run over crossing the street and dies.\n114 years later his consciousness wakes up in uploaded form in a supercomputing cube in the theocratic dictatorship that has become the successor of the US of A, and is being trained to be the controlling intelligence in a Von Neumann probe with an experimental gravity drive, being sent to the stars. During his actual departure, war breaks out between the various remaining superpowers on earth, and earth ignites.\nBob flies between the stars, manages to find planets, to replicate and diversify himself and his various identities are slowly beginning to take over the universe. But he is neither alone, nor has he much time: Between saving the sad remainder of earths population, playing God to one Alien species, fighting other rogue earth-originating probes and detecting a strange Alien superpower that is stripping star systems of literally all resources he is hard pressed to find a few milliseconds of spare CPU cycles to relax.\nThis book is a wild ride, and a kind of escalating story: Not only is Bob snowballing his instances, his problems also kind of snowball. Good thing he\u0026rsquo;s not only a geek, but also a good project manager and thrives under pressure.\n\u0026ldquo;We are Legion (We are Bob)\u0026rdquo;, Dennis E. Taylor, EUR 3.71 (Kindle , also unlimited), First of a Series.\n","date":"2017-03-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/02/fertig-gelesen-we-are-legion-we-are-bob.html","tags":["review","media","book","scifi","lang_en"],"title":"Fertig gelesen: We are Legion (We are Bob)"},{"categories":null,"content":" Coaching, Beratung und Gehirn The authors are Gerhard Roth (a biologist and neurologist) and Alica Ryba (a coach, student of Roth). Roth describes the neurobiology as we know it today, and Ryba and he connect it to the various theories of psychotherapy that are relevant today in clinical practice and in coaching, discussing what can and can\u0026rsquo;t possibly work.\nFor what can work, they establish the limits of change. Also, they try to differentiate clinical psychotherapy from (the psychotherapeutic parts of) coaching in method, foundation and goals.\nAll in all a nice overview, and a good way of learning to understand what happens in coaching, what coaches are trying to do with you or your group in an enterprise context and how to tell good from badly executed coaching. For me a very useful and enlightening read that gave me a lot of tools and understanding.\n","date":"2017-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/28/fertig-gelesen-coaching-beratung-und-gehirn.html","tags":[],"title":"Fertig gelesen: Coaching, Beratung und Gehirn"},{"categories":null,"content":" Explorations: First Contact Explorations: First Contact is a great concept well executed: This is a writing prompt anthology. So there is a base story - in this case, humanity sends a probe to the back side of the moon, finds an anomaly which turns out to be a dying alien spaceship that manages to upload the secrets of it\u0026rsquo;s drive and a partial database of other alien civilisations it once visited into the minds of the astronauts that make the contact.\nWith this information, earth builds a number of spaceships - one per anthology author - each of which heads off into a different direction to make a first contact between humanity and the alien. We get 13 takes on the topic of first contact, 13 authors, and 13 short stories. They start off with the same backstory, and the crews and ships reference each other loosely in the writeup, even if there are slight inconsistencies in timeline, human history backstory or drive speed and tech power. The stories vary in quality and originality, but are all on the better side of short story writing, and the concept is novel and entertaining. The delivery is well done.\nRecommended, and since this seems to be a series of writing prompt anthology, research the others as well.\nExplorations: First Contact Various Authors (incl Peter Cawdron) EUR 3,71 (Kindle , also unlimited)\n","date":"2017-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/28/fertig-gelesen-explorations-first-contact.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: Explorations - First Contact"},{"categories":null,"content":" Galactic Exploration One of the very first things I read on Kindle has been Anomaly by Peter Cawdron - his first publication. My review in German Language is here . Turns out, Cawdron is a quite productive author, and active and responsive on Goodreads . Seeing my review there, he pointed me to his other works, and to his mailing list . Through that I found Galactic Exploration and other works by him.\nGalactic Exploration is about a set of three long distance exploration spaceships from Earth, which are sent out to find out why humanity is alone is space. Turns out, they aren\u0026rsquo;t, in multiple different ways - and that\u0026rsquo;s actually a problem.\nWell written, entertaining, with weird, yet believable characters. Cawdron manages to show people who are still human, yet quite far away from what we are today, and how the distances and loneliness of space affect these people.\nRecommended, and research his other works.\nGalactic Exploration, Peter Cawdron, EUR 3.09 (Kindle , also unlimited)\n","date":"2017-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/28/fertig-gelesen-galactic-exploration.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: Galactic Exploration"},{"categories":null,"content":" The Culture Map Erin Meyer is a professor at INSEAD, an international business school based in Paris. She\u0026rsquo;s specialized in cross-cultural communication and facilitation, and in her book explains the dimensions and differences between different cultures in the world, and how they can shape or interfere with exchanges in a multi-cultural environment.\nThe book introduces eight different cultural scales or spectra, and where the various national cultures position themselves on these scales.\nEach of the eight scales represents one key area that managers must be aware of, showing how cultures vary along a spectrum from one extreme to its opposite. The eight scales are:\nCommunicating: low-context vs. high-context Evaluating: direct negative feedback vs. indirect negative feedback Persuading: principles-first vs. applications-first Leading: egalitarian vs. hierarchical Deciding: consensual vs. top-down Trusting: task-based vs. relationship-based Disagreeing: confrontational vs. avoids confrontation Scheduling: linear-time vs. flexible-time The book is rich in examples and anecdotes that explain what these scales mean, and how they can express themselves in daily interaction. For each direction of each scale, examples and alternative ways of communication are shown, which have been working around issues that other groups have used successfully in trying to bridge the gap in culture between them.\nA lot of helpful advice and a lot of context provided for past behaviour I have observed at work or elsewhere.\n\u0026ldquo;The Culture Map\u0026rdquo;, Erin Meyer, EUR 9.99 (Kindle )\n","date":"2017-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/28/fertig-gelesen-the-culture-map.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: The Culture Map"},{"categories":null,"content":"In the 2016 South Australia Blackout , a storm lead to a cascading failure, with in turn left 1/6 of the continent without electricity. Fortunately, this is not a densely populated area even for australian circumstances, so it affected some 1.5 mio people (out of 20 mio total for all of Australia) - still quite a lot of people. The news of a 73-year-old Tesla Powerwall owner powering through this outage without even noticing made the headlines in the aftermath, and in consequence demand for PV + Battery combination surged. In total, more than 50GWh have been installed in 2016 alone, and demand is climbing.\nThis ties into a three year old discussion about the grid death spiral which is scaring electricty providers: As more and more households become grid-independent, cost for maintaining the grid and providing electricity becomes higher, making the grid eventually economically infeasible, and making going off-grid mandatory - which for some consumers may be impossible:\nThe risk for the companies is that when people get the option of putting solar panels on their roofs and installing batteries and cutting the cord, demand will fall sharply. The people who end up left on the network will be the only ones left paying.\nThey will be stuck with extremely high network charges, forcing even more people off the network, pushing network charges higher still. It is what Ms Carter calls \u0026ldquo;your death spiral scenario\u0026rdquo;.\nOn the other hand, savings through a Powerwall or other battery devices on top of a PV installation can be spectacular - one owner in Australia reports a 92% bill reduction .\n","date":"2017-02-24T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/24/solar-plus-storage-in-australia.html","tags":["mobility","lang_en"],"title":"Solar plus Storage in Australia"},{"categories":null,"content":"It is helpful to remember that containers are just normal Unix processes with two special tricks.\nNormal Unix Processes Unix starts processes by performing a fork() system call to create a new child process.\nThe child process still contains the same program as the parent process, so the parent processes program still has control over the child. It usually performs a number of operations within the context of the new child, preparing the environment for the new program, from within.\nPID 17 forks, and creates a new process with PID 18. This process executes a copy of the original program.\nThen, after the environment is complete, the parent program within the child processes context replaces itself by calling execve(). This system call unloads the current program in a process and reuses the process to load a new program into it.\nAfter bash in PID 18 has setup the environment correctly, it replaces itself with the actual command to run, /bin/ls. The code for that is being loaded from disk into memory.\nWhen the program in a process has finished, it terminates itself with an exit() system call. The parameter to exit() is the status code.\nThe parent process waits for the end of the child program using a wait() system call. When the child exits, the parents wait() call returns, and delivers the status code of the child\u0026rsquo;s exit() invokation to the parent.\nChild PID 18 terminates by calling exit() with a status code. Parent PID waits for the termination of the child, returning the status code of the child through the wait() system call.\nSpecial Trick: Isolation Containers are Linux processes that are set up two special kinds of resource barriers:\nLinux Namespaces, which limit which kind of system objects a process can see. There are seven Linux Namespaces. Six of them are explained in a good series on Namespaces in LWN , and the Linux Namespaces Manpage explains all seven of them, including the new cgroup Namespace. Namespaces can provide a process with its own set of network resources, including a private ethernet interface with addresses, a local routing table instance and a local iptables rules instance. Namespaces can provide processes with its own view of the filesystem as well, limiting it to a certain subtree of the host filesystem and also limiting the effects of mount() system calls executed by the process. Control Groups (cgroups) , which limit how much of a given resource that is visible to a process this process can consume. Control Groups have been subject to a major redesign in the most recent kernels, see this talk . Both resource barriers set up processes in a way that they cannot reach beyond the established borders:\nTwo processes in different namespaces that are correctly set up cannot see each other and can believe they are alone on a machine. At the same time they cannot deplete each other of host machine resources, because the control groups prevent that if correctly set up and sized, minimising crosstalk between the two processes.\nThe combination of Namespaces and Cgroups forming a resource barrier is called a Pod in Kubernetes.\nFor all practical purposes, the Pod has the same resource-isolation effect that a VM has, but unlike a VM it does consume practically no resources. Inside a Pod, zero or more processes may be running.\nProcesses running inside a Pod are still normal Linux processes executing normal system calls (within the limits that namespaces and cgroups impose on them), so they will be just as fast as regular processes.\nAlso, Processes sharing a Pod can see each other and touch each other, just like regular processes running on a physical or virtual machine. This allows co-scheduling of processes inside a Pod - Kubernetes calls containers doing this \u0026ldquo;Composite Containers\u0026rdquo; and there are a number of deployment patterns and use-cases for these .\nSpecial Trick: Images If you want to execute something in a filesystem namespace in a Pod, you need to build a stub operating system inside the subtree that is visible inside the Pod. By default, a filesystem namespace will limit the Pod and all processes inside the Pod to certain subdirectory, not unlike a chroot() environment.\nBy default this subdirectory will be empty. In order to be able to run things with this as a root directory, the necessary minimum of files needs to be present. This can be done by copying the necessary files into the environment, or by installing a stub operating system from packages into the environment, but both processes may end up copying a few hundred or even thousands of files into the target environment.\nFilesystem images are files that contain the block structure of a device inside a file. Using loop mounts, the file can be interpreted by the Operating System as a device, creating a file tree. With this concept, an entire environment can be copies into place using a single file, and then mounting that.\nBuilding these files can be pretty complicated, though, and these files can also become quite large - and if you have multiple of these environments, they will also duplicate quite a bit of content: Each container will require a copy of the C standard library and many other system files that are simply shared between almost all containers.\nContainer systems often address this problem by defining the contents of an image as an assembly of Layers. A layer is simply a tar file that is being downloaded and unpacked on top of other, earlier downloads so that the total resulting image is the union of all layers stacked on top of each other.\nBecause it can become necessary for a higher layer to effectively delete files or directories contained in lower layers, there needs to be a mechanism that transports this information. Docker images use an awfully designed mechanism called \u0026ldquo;whiteout files\u0026rdquo; for that. Basically, if the tar contains a dotfile starting with the four letters \u0026ldquo;.wh.\u0026rdquo; (that\u0026rsquo;s for \u0026ldquo;whiteout\u0026rdquo;, Tippex), a file of the same name as the suffix of the whiteout file will be blocked out from a lower layer.\nSo if you unpack /etc/.wh.passwd, this will block out /etc/passwd from a lower layer.\nImages can be written to. Writes will always go into the topmost layer.\nPutting it all together: Kubernetes Original Docker is a tool that has been created with developer concerns in mind and zero regard for operations. Docker can run containers on a single host, and has no idea about networking at all - it uses the single IP address a host has, and exposes ports of processes on the inside using iptables rules that merrily map ports between the physical host and the view of the world inside containers.\nDocker builds images rather quickly by un-tar-ing layers on top of each other, and because writes are always going to the topmost layer and that layer can be discarded, it is also easily possible to undo all writes after a run and get back the pristine image for a new run.\nThis makes it ideal for running tests.\nDocker in production is another matter - usually production is larger than a single host, and usually production workloads are being addressed by proper networking equipment which does not so much deal with port numbers as with IP addresses instead.\nSo production docker usually needs an IP address per pod, some kind of routing and networking isolation layer for all of that, and it needs a thing that takes requests to run images and assigns a physical host to each image.\nImages are handy - they package a piece of software with all dependencies, and allow us to start processes on any host in a multihost cluster without installing additional software.\nSo the following can becomes possible:\nA cluster with a number of kubernetes nodes, and three kubernetes master instances. One has been elected leader.\nWe have a cluster with a number of physical hosts, all of which are capable of retrieving images and launching containers. Multiple cluster masters exist, one of which has been elected leader and executes the actual scheduling function.\nA scheduling request arrives, basically asking us to start this image on a host.\nThe cluster accepts scheduling requests, asking the cluster to pick up a certain image which has the following requirements on CPU, memory, disk and network I/O, and find a spot to run it. The scheduler surveys the cluster, finds such a spot and then asks the cluster node to do just that: Set up a pod, download and assemble the image and then launch the process with the image inside that Pod.\nThe worker will now download the image layers, assemble the final image, create a Pod and launch a process from that image inside that pod.\nThe end result is a process that sees one single, private network interface and runs inside a set of Resource Barriers that form the Pod. The program code for the process as well as all libraries or other data is container inside the image.\nCode from the image is running inside the resource barriers create by the Pod.\nBy installing software including all dependencies inside the image we are not polluting our base operating system image. Once the execution of that workload finishes, we can \u0026ldquo;uninstall\u0026rdquo; everything simply by deleting the image (and its constituent layers).\nWe can create a cluster that represents a large amount of compute power in the form of CPU cores, memory, disk space and network I/O and have one single scheduler to run arbitrary applications that have been packaged in images on it. The cluster scheduler takes care of workload placement, and as long as we have sufficient capacity we can hand out compute power as needed without caring where exactly in our datacenter that capacity is available - if our datacenter is built in a way that can support this kind of use and if our application is built in a way that it can handle such an environment.\n","date":"2017-02-17T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/17/containers-101.html","tags":["erklaerbaer","container"],"title":"Containers 101"},{"categories":null,"content":"Dark Reading is scared: All new malware is \u0026ldquo;zero-day\u0026rdquo;, for an interesting and wrong definition of zero-day, because then the article reads much more impressive.\nThe actual definition of a Zero Day is a previously unknown exploit that is being used by some party to compromise a machine. In the article, the term is used differently, meaning a file that is a known malware, but has changed itself so that it has a checksum that is not in currently distributed signature catalogs of known malware. That is of course neither correct, nor new.\nMutation engines, for example for viruses, are an old hat. We have known about them for more than a decade, almost two. The better ones take x86 machine code, auto-dissect it into basic blocks and then re-link these to a semantically equivalent program in a completely different, random order. They may also re-compile certain assembly instructions in these basic blocks to other, semantically equivalent assembly instructions that have different byte codes: There are many ways to clear a register or to load a value from memory, after all.\nIn today\u0026rsquo;s detection industry, one should think of hashing as more of a shortcut to locate the easy stuff, or rule out known good files (whitelisting).\nThat\u0026rsquo;s more like the state of the detection reality from 15 years ago. On the other hand, threat detection software is getting out of hand. A Macbook I have had access to can unzip a piece of software with some 7000 files just fine in under 3 seconds to its internal SSD. The same Macbook with a Trendmicro AV solution installed takes 11 seconds to do the same, and 18 seconds if it is done in a directory that is not excluded from scan in the TM config file. Add FireEye on top of that and the same operation is now at 27 seconds execution time. The laptop is now secure mostly because nobody can do anything with it any more. In many other articles , these so called security solutions have been shown to be actually contributing to the problem.\n","date":"2017-02-17T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/17/omg-our-cybervaccines-are-failing.html","tags":["security","performance","lang_en"],"title":"OMG, our cybervaccines are failing"},{"categories":null,"content":"(This article also available in german language .)\nSo you have a new system and want to know what the load limits are. For that you want to run a benchmark.\nBasic Benchmarking The main plan looks like this:\nThe basic idea: Find a box, offer load, see what happens, learn.\nYou grab a box and find a method to generate load. Eventually the box will be fully loaded and you will notice this somehow.\nThe first mistake: running the load generator and the system to test on the same box. That won\u0026rsquo;t work.\nIt\u0026rsquo;s our goal to bring the box to its limits. Actually, we want to push it past that in order to see what it is that is limiting it. That will happen only when we are able to generate more load than the target system can actually process. If the load generator and the target system are sharing any resources that will never happen: The starved resource, for example CPU, will be slowing down not only the target application but also the load generator until we are reaching equilibrium at an unknown point below the actual limit.\nThat way we will never see what color the smoke is when the box catches fire, that is, what the actual system behaviour under overload is. So we need to separate the load generator and the target system.\nThe second mistake: The target system or the load generated are not close enough to production. In database land, typical mistakes are\nThe tested system has less memory or a different disk subsystem than production. The test data set is smaller than production. The test query set or the test data set is biased relative to production. In all of these cases we will be learning something, but it will not easily port to production. For example, in 2005 the german computer magazine c\u0026rsquo;t had a test media shop selling CD and DVD media, and was using this to benchmark implementations of the system with different databases. The actual benchmark was an equidistribution of queries, so there have been no best sellers and no long tail.\nTo win the benchmark it was mandatory to disable all caches, because there was no set of popular media which would have been gaining from caching. That outcome is the opposite of what is necessary in a real world scenario, where there is a clear long tail distribution of queries.\nThe closer you can bring the test load, the tested system and the test data to production the besser the results. Which is why at work we are trying very hard to make testing in production safe, and then we test whatever is possible in production.\nSaturation When you offer load to a system, the average load on the system will rise. But load usually is not constant, but will vary, depending on what users are doing and how expensive the individual requests are: Not all operations are equally expensive.\nA system close to saturation: Average load is slightly below the maximum, but individual peaks spike above the saturation line.\nConsequently we are not pushing the system to a limit, but we are raising a rolling average in which the actual load is constantly fluctuating and oscillating around this average until the peaks exceed the point of saturation.\nThe average offered load is below the 100% saturation line, but the peaks are already exceeding the limit.\nThat is of course nonsense. The saturation limit is a hard limit, the system can\u0026rsquo;t produce more than that, because a necessary resource is exhausted and the system is constrained by that resource. So what actually happens is that the system will be building a backlog whenever the offered load goes above the 100% line. Requests will pile up in some queue and will only be processed when the load goes below that limit.\nAs we push the system harder, it will exceed the saturation point more and more and phases where it can gain on the building backlog will become rarer. But since the costs for an individual request vary, it is hard to overload the system in a controlled way - harder the higher that variance is.\nThat is one of many reasons why we focus on outliers and worst cases first when we care about optimization: In order to be able to meet any kind of service level objective we need to handle these extremely bad cases first and narrow the band of possible response times, even if that does not move the mean much. Only then we can try to improve the mean response time of the system.\nWait time and the hockey stick What actually happens at saturation becomes clearer as we transform the above graph and take it out of the time domain. We will be graphing offered load (requests/s) vs. throughput (responses/s) and offered load (requests/s) vs. response time (latency).\nRequests/s vs. Response/s (Capacity) and Requests/s vs. Response time (Latency). As we raise offered load, the system approaches the 100% line (the vertical saturation line), and a backlog builds.\nAs we increase load, each request will generate a response: the curve in the capacity graph goes up at a 45deg angle. Even as the load rises, requests will take approximately the same time to process - we are calling this time the think time.\nOnce we approach saturation, a resource in our system will be starved and constrain capacity. Even if we are offering more load, this will not generate more responses. The capacity graph flattens out. Since more requests are coming in than we have capacity for, these excess requests will be queued. Wait time is being added on top of the think time.\nAnd since we are continuing to add more requests than we can handle, the queue and the wait time will rise rapidly and without bounds. The latency curve has the shape of a hockey stick.\nTesting in production That is not a theory, but can be shown in real production systems.\nA typical production setup. User requests are entering the system from the internet at the top, hitting a load balancer. The request are routed to a set of web servers behind the load balancer.\nAssuming that you have a minimum size for load testing with production load: You need to have a sufficient number of users, large enough so that individual users do not contribute in a meaningful way. You will need a frontend load balancer in front of a number of webservers, and you need to be able to modify load distribution weights live in this setup.\nThe load tests starts with running an Apache Siege load generator at a very low setting from the outside against the setup - actually, the Siege is not running against the load balancer, but against one individual web server which is the one which we will be trying to overload. This is not done to generate load, but to measure latency: In normal configuration our system will not be overloaded, so the baseline latency we are seeing is think time.\nDuring the benchmark we are playing with weights in the load balancer in order to direct more load to individual web servers. The load balancing weight of the web server getting the Siege requests is now being increased so that it will need to handle more actual user requests than the other servers. Eventually either timeouts will be showing up in the error log, or the request latency shown by Siege will be going up dramatically.\nEither signal indicates saturation, and we need to stabilize offered load at or very slightly below this point in order to find the saturation point.\nHere is a time domain plot of such an event:\nA request graph of a MySQL database slave being load tested. Writes are coming in via replication, and are not subject to load testing, hence stable. Selects are being load tested and increase at the tests commence.\nIn the test graph above we are looking at query counters of a MySQL database slave during three load test events. Write queries (insert, update, delete) are coming in through replication from the upstream master and are not affected by the load test. Selects are being increased by load balancer manipulation.\nDuring the third test there is a spike of update statements due to a cron script running and affecting the test, invalidating the results of that run.\nTaking the results from the above run and plotting them in a latency graph results in the following graph. The hockey stick is clearly visible:\nLatency graph: test1 is shown in blue, test2 in orange.\nThe graph shows offered load vs. latency of the configurations test1 and test2 from the run above. Configuration test2 is clearly superior. A variant of this graph uses larger symbols as the error rate of that measurement increases to add another dimension. That way the stability of the system under test in overload is being visualized as well.\n","date":"2017-02-16T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/16/load-load-testing-and-benchmarking.html","tags":["erklaerbaer","database","performance","testing","lang_en"],"title":"Load, Load Testing and Benchmarking"},{"categories":null,"content":"Following a great idea from their friends at GitLab, Soup.io loses all postings since 2015 because of malfunctioning backups. They write :\nWe had a big database crash, and the backups we had were corrupted. The only working backup was from 2015.\nAlso, TIL soup.io still exists.\nMeanwhile, Gitlab posted a blameless postmortem . You can read it online , and they write:\nImproving Recovery Procedures […] 9. Automated testing of recoveri PostgreSQL database backups (#1102 ) […]\nDoes your database backup successfully restore? Are you sure? Are you testing this? Remember these words of wisdom:\nNobody wants backup. Everybody wants restore. \u0026ndash; Martin Seeger\n","date":"2017-02-14T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/14/post-like-its-2015.html","tags":["mysql","security","data center"],"title":"Post like it is 2015"},{"categories":null,"content":" Die Krone der Sterne (German Edition), Kai Meyer, 12.99 EUR (Kindle)\n\u0026ldquo;Die Krone der Sterne\u0026rdquo; (The Crown of the Stars) is the first book in a series by Kai Meyer, establishing a setting, the players and the mood.\nWe are thrown into a decaying, galaxy spanning empire with a distinct Dune like flair. Tech is always huge, somewhat clunky and unreliable, covered in rust, dirt, runes and unnecessary decoaration, and it operates on principles that are never explained and also not really understood by it\u0026rsquo;s users - it has been inherited by previous, more advanced generations and today\u0026rsquo;s people can barely operate it.\nThe story follows Iniza, a young noble woman from a backwater planet, who has been selected as a bride to the god-empress on the empires homeworld Tiamande, but does not want to go. On her escape she assembles an unlikely group of rouges and outcasts, and is set on track of several mysteries from the empires history - which kind of resembles the Dune universe, if only losely: There has been something like the Butlerian Jihad , and a turn to mysticism and machine-hate in its aftermath, so it\u0026rsquo;s not just the aesthetics that resemble Dune.\nAll in all a good introductory story for a series - a lot of setup, but also actual characterisation and plot. I was not gripped, but also not bored.\n","date":"2017-02-13T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/13/fertig-gelesen-die-krone-der-sterne.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: Die Krone der Sterne"},{"categories":null,"content":"Felix Gessert does a postmortem of the failed Parse startup and product: \u0026ldquo;The AWS and MongoDB Infrastructure of Parse: Lessons Learned \u0026rdquo;.\nTechnical problem II: the real problem and bottleneck was not the API servers but almost always the shared MongoDB database cluster.\nAnd that was with MongoRocks (Mongo on RocksDB) and replacing the initial app in Ruby with a Go implementation of said thing, with WriteConcern = 1, and other horrible presets. All in all, this is like the perfect nightmare of startup architecture decisions. Felix closes pointing at his current project:\nIf this idea sounds interesting to you, have a look at Baqend. It is a high-performance BaaS that focuses on web performance through transparent caching and scalability through auto-sharding and polyglot persistence.\nBingo. Also, found the Hipster.\n","date":"2017-02-10T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/10/hipsterdoom-at-mongobingo.html","tags":["performance","mongodb","lang_en"],"title":"Hipsterdoom with Mongobingo"},{"categories":null,"content":"DVZ Landverkehr reports (article in German):\nLKW-Fahrer dürfen ihre wöchentliche Ruhezeit nicht im Fahrzeug verbringen. Zu diesem Ergebnis kommt Generalanwalt Evgeni Tanchev in seinen Schlussanträgen vom 2. Februar vor dem Europäischen Gerichtshof (EuGH). Hintergrund ist die Klage des Transportunternehmens Vaditrans gegen den Belgischen Staat.\n(\u0026ldquo;Truck drivers must not spend their weekly downtime within the vehicle. That\u0026rsquo;s the conclusion drawn by general attorney Evgeni Tanchev in his final plea of Feb, 2nd before the ECJ. Background is a complaint of Vaditrans vs. Belgium\u0026rdquo;)\nMost European countries require that the weekly downtime of truck drivers must not be spent in the vehicle. Vaditrans sued against this rule and the penalties for violation. European law allows daily downtimes to be spent in the cabin, but says nothing about weekly downtimes. Local rules in many states require that the drivers must not spent them on the vehicle. The same proceedings are also reported in Eurotransport (article in German).\nThe comments below the article rage against the ruling, with many commenters asking how this could possibly be implemented or how the ruling is unfair, cost intensive and generally wrong.\nThe definition of what is normal apparently can be distorted quite heavily - normal for most people obviously would be that drivers to park their vehicles next to a motel and sleep in proper rooms and beds, with proper meals and sanitary installations, every day, because that\u0026rsquo;s how jobs work in a civilization. Instead, people rage against requiring that drivers can and should be doing this at least on their weekends, claiming this to be impossible and abnormal.\n","date":"2017-02-09T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/09/on-normalcy-the-rest-times-of-truck-drivers-in-europe.html","tags":["mobility","lang_en"],"title":"On Normalcy: The rest times of truck drivers in Europe"},{"categories":null,"content":"Continual improvement is sometimes hard to see, because each iteration, each incremental step itself is tiny so that the actual change escapes our attention. Also, just living our lives, our time sense is sometimes distorted. Me for example, I was almost 30 already in the late Nineties, and while that is already 20 years ago, it feels like yesterday to me. So car safety in the Nineties, compared to now? It was crap. Check this out:\nWe do learn, and things do get better. Change is not radical, most of the time it\u0026rsquo;s evolutionary. And to make it visible, you have to look really hard and contract now and then.\n","date":"2017-02-09T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/09/video-20-years-of-continuous-improvement-in-crash-safety.html","tags":["mobility","science","lang_en"],"title":"Video: 20 Years of continuous improvement in crash safety"},{"categories":null,"content":" The talk The cgroups-v2 API is incompatible with cgroups-v1. This is a good thing, because the initial use cases for cgroups have not been fleshed out properly, and the API is kind of overly complicated from the POV of the consumers. v2 is being built with use cases and experience in mind, and is much easier to use. Control groups allow Linux users to limit the kind and amount of resources being used, which is employed by systemd, container drivers and many other things.\n","date":"2017-02-07T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/07/fosdem-talk-cgroups-v2.html","tags":["container","erklaerbaer","lang_en"],"title":"FOSDEM Talk: cgroups-v2"},{"categories":null,"content":" Commodore 64, Evan-Amos @ Wikipedia As Moore\u0026rsquo;s Law shows signs of coming to an end, the Guardian has an article about the history of computing from the Intel 4004 to current tech, and how with the Internet of Shit and Chips and Networking in everything, all of our computers are becoming just one computer.\nEveryone knows that modern computers are better than old ones. But it is hard to convey just how much better, for no other consumer technology has improved at anything approaching a similar pace. The standard analogy is with cars: if the car from 1971 had improved at the same rate as computer chips, then by 2015 new models would have had top speeds of about 420 million miles per hour.\n","date":"2017-02-07T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/07/the-history-of-moores-law.html","tags":["computer","lang_en"],"title":"The History of Moore's Law"},{"categories":null,"content":" Lidar Image\nTwo articles about the Maya civilization: Seeker article about LiDAR being used to reveal ancient structures on the Jungle ground: A network of 150km of prehistoric Autobahn ran through the Jungle, binding the Mayan Empire together.\n\u0026ldquo;These causeways are 130 feet wide, up to 20 feet high and in some cases they extend as far as 25 miles,\u0026rdquo; Hansen said.\nA causeway is a raised road across difficult, often wet or unstable ground. Because of the raised structure LiDAR can find these roads even today.\nAnd from PNAS , another article about radiocarbon dating of several Maya sites, illuminating the time and speed of two collapses of the Maya civilization.\nThrough this chronology, we traced the trajectories of the Preclassic collapse around AD 150–300 and the Classic collapse around AD 800–950, revealing similar patterns in the two cases. Social instability started with the intensification of warfare around 75 BC and AD 735, respectively, followed by the fall of multiple centers across the Maya lowlands around AD 150 and 810. The population of Ceibal persisted for some time in both cases, but the center eventually experienced major decline around AD 300 and 900.\n","date":"2017-02-06T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/06/maya-empire-remains.html","tags":["science","lang_en"],"title":"Maya empire remains"},{"categories":null,"content":"Inside Science reports on the congestion charge in Stockholm (Link to actual paper ). Stockholm always has been a city with relatively clean air and PM10 and NOx levels well below limits. The introduction of a congestion charge in 2007 reduced air pollution in Stockholm by approximately 10 percent. Yet, after several years, Asthma in children 0-5 years old is reduced of 45 percent.\n\u0026ldquo;It appears that what they\u0026rsquo;ve found is these cumulative effects of pollution,\u0026rdquo; he said.\nThe article also reminds city policy makers that a congestion charge can only work if a viable public transport infrastructure is already in place.\n","date":"2017-02-06T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/06/stockholms-congestion-charge-vs-asthma.html","tags":["mobility","lang_en"],"title":"Stockholm's congestion charge vs. Asthma"},{"categories":null,"content":" Anscombe\u0026rsquo;s Quartet by Schutz\nUnlearning Descriptive Statistics explains many things you should know about working with Numbers that your Statistics Class in University probably did not explain properly. If they did, maybe Graphite would not hurt so much, with all the Averaging going on where it shouldn\u0026rsquo;t, and maybe Gill Tene would not have had to give talks like How NOT to measure latency (which is awesome, by the way and if you haven\u0026rsquo;t seen this talk, do it right now).\nFrom the Intro of Unlearning:\nIf you\u0026rsquo;ve ever used an arithmetic mean, a Pearson correlation or a standard deviation to describe a dataset, I\u0026rsquo;m writing this for you. Better numbers exist to summarize location, association and spread: numbers that are easier to interpret and that don\u0026rsquo;t act up with wonky data and outliers. Statistics professors tend to gloss over basic descriptive statistics because they want to spend as much time as possible on margins of error and t-tests and regression. Fair enough, but the result is that it\u0026rsquo;s easier to find a machine learning expert than someone who can talk about numbers. Forget what you think you know about descriptives and let me give you a whirlwind tour of the real stuff.\nGo, read the rest.\n","date":"2017-02-06T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/06/unlearning-descriptive-statistics.html","tags":["computer","science"],"title":"Unlearning Descriptive Statistics"},{"categories":null,"content":" Wireshark Bug Stats\nSo Debian just posted an advisory for over 40 bugs in tcpdump . tcpdump is a tool that collects traffic on the network, and then parses its way down the stack from the Ethernet or other physical frames all the way through the IP and TCP stacks to the application layers and the data formats in there.\nParsing data is hard. Even the actual full blown applications normally reading that data often have problems parsing their own data format, and they are crashing if you throw malformed data at them. That\u0026rsquo;s called Fuzzing , and there is a bunch of pretty amazing LLVM tools available to make this possible in a systematic and automated way.\ntcpdump is one application that attempts to parse the data formats of other applications, while not actually having that data in a single file, but in a number of arbitrarily segmented, overlapping or otherwise distorted frames that are flying by at wire speed. It also does not have the actual parsers or data readers of the original application, but usually has to write it\u0026rsquo;s own data parsers, taking shortcuts along the way. That is prone to failure, and results plenty of exploitable bugs.\ntcpdump is also not unique in this. The stats for tcpdump , ethereal and wireshark (which is ethereal renamed) all are looking bad in exactly the same way. These are Open Source tools.\nClosed Source tools that perform legal interception are trying to solve the same problem, and there is no reason to believe that their parsers or general code quality is any better than this. The only reason you are not finding them in these statistics is that their makers are kind of not very openly communicating problems and bugfixes.\nOn the other hand, fuzzing packets on a link is probably a good way to get rid of listeners, because it will most likely crash their tools just the way it crashes tcpdump and others.\n","date":"2017-02-03T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/03/parser-bug-hell.html","tags":["security","lang_en"],"title":"Parser Bug Hell"},{"categories":null,"content":"Why is our galaxy moving through space, and into which directions is everything else moving?\nScientists at the Hebrew University of Jerusalem have been mapping these forces, and found a very empty region in space that seems to push a lot of galaxies away from it, as well as a (previously known) region thats attracting them.\nThe result looks like a billion light year magnet:\nThe dipole repeller What causes these forces is as of now not well understood. Original Paper in Nature Astronomy .\n","date":"2017-02-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/02/racing-our-galaxy.html","tags":["science","lang_en"],"title":"Racing our galaxy"},{"categories":null,"content":"The Council of the European Union discusses the \u0026ldquo;problem\u0026rdquo; of Carrier Grader NAT, and would like to see all Ip address logging and storage extended to port numbers, as well as all NAT state tables to be stored and preserved, in order to be able to resolve Internet accesses to subscriber identities, says Statewatch .\nThe paper in question has been submitted by EUROPOL and claims that clients are \u0026ldquo;going dark\u0026rdquo;. The scarcity of IP v4 addresses leads to more and more subscribers being subject to carrier grade NAT (CGN). In CGN, subscribers are not assigned a public IP number, but are only getting an internal, non-unique IP address. Only when IP packets are leaving the provider network, their addresses are being translated into public addresses.\nIn this, multiple subscribers will exit the provider network with the same IP number - IP numbers alone can no longer be mapped to a single subscriber, even with a known timestamp. A port number is needed in addition to the other information. Also, the mapping is usually not logged or archived in any way.\nFor EUROPOL, this is seen as a privacy problem:\nOne Member State reported that in a recent investigation into Child Sexual Exploitation Material (CSEM) distributed and hosted via a cloud-based service, the investigators had to investigate each one of the 50 clients using that public IP at this time in order to identify who was ultimately uploading the CSEM, because the cloud-based service provider did not log the relevant information to define which customer was using the public IP.\nToday, on 31. January, a \u0026ldquo;European Network of law enforcement specialists in CGN\u0026rdquo; will be established at Europol. The aim of the network is to document cases of non-attribution due to CGN in the EU, and pressure for a change in data retention practice.\n","date":"2017-02-01T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/01/europol-discovers-cgn.html","tags":["security","internet","networking","politik","lang_en"],"title":"Europol discovers CGN"},{"categories":null,"content":" »Damian: The solution is to send emails with increasing frequency\n@markzabaro: It\u0026rsquo;s called exponential fuck-off.«\n\u0026ndash; https://mobile.twitter.com/dgryski/status/826385338104954881 ","date":"2017-02-01T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/01/exponential-fuck-off.html","tags":["fluffy fluff","lang_en"],"title":"Exponential Fuck-Off"},{"categories":null,"content":" Operations matter. I know the Hipster crowd does not like to hear that, cloud or not. But reality has a way of making itself heard, whether you like it or not.\nGitlab.com just discovered that. So some sysadmin deleted the wrong folder, which in itself should not be a problem.\nBut in the process of trying to restore things, the following discoveries have been made:\nLVM snapshots are by default only taken once every 24 hours. YP happened to run one manually about 6 hours prior to the outage Regular backups seem to also only be taken once per 24 hours, though YP has not yet been able to figure out where they are stored. According to JN these don’t appear to be working, producing files only a few bytes in size. SH: It looks like pg_dump may be failing because PostgreSQL 9.2 binaries are being run instead of 9.6 binaries. This happens because omnibus only uses Pg 9.6 if data/PG_VERSION is set to 9.6, but on workers this file does not exist. As a result it defaults to 9.2, failing silently. No SQL dumps were made as a result. Fog gem may have cleaned out older backups. Disk snapshots in Azure are enabled for the NFS server, but not for the DB servers. The synchronisation process removes webhooks once it has synchronised data to staging. Unless we can pull these from a regular backup from the past 24 hours they will be lostThe replication procedure is super fragile, prone to error, relies on a handful of random shell scripts, and is badly documented Our backups to S3 apparently don’t work either: the bucket is empty If you think your sysadmin is paranoid, let this be your lesson. They are not. Operations do matter, even (especially) in the cloud.\nEDIT: Michael Renner asks some interesting questions:\nSome thoughts for GitLab: What is WAL shipping? What is pgbouncer? Why does everyone hate Slony? Why is EC2 so slow?\nTweet: @Terrorobe People using Slony on a Postgres 9.6 deserve everything that happens to them. Slony is trigger based replication breakage from the deepest circles of hell, and Postgres has excellent, stable and fast internal replications for several years now.\nAlso, what he says about log shipping: There is no reason at all to lose any write ever on a Postgres, nor to have much downtime at all with proper replication. Operations do matter. Cloud ain\u0026rsquo;t gonna change that.\nEDIT: Dedicating 1st of February as \u0026ldquo;Check your Backups Day\u0026rdquo;\nCheck your Backups Day ","date":"2017-02-01T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/01/nobody-wants-backup-everybody-wants-restore.html","tags":["data center","lang_en","devops"],"title":"Nobody wants backup. Everybody wants restore."},{"categories":null,"content":"Westfalenblatt knows:\nYesterday all references to the place name \u0026ldquo;Bielefeld\u0026rdquo; have been replaced with \u0026ldquo;Bielefeldverschwörung \u0026rdquo; (Bielefeld Conspiracy):\nFacebook showing \u0026ldquo;Bielefeldverschwörung\u0026rdquo; (Bielefeld Conspiracy) instead of the proper city name.\nBielefeld is a typical while label city in Germany. In fact, it is conspiciously inconspicious, and that is, so the conspiracy theory fabricated by Achim Held in 1993, because the city does not actually exist. It\u0026rsquo;s a fake location that protects something else on the map, probably an entrance to the Hollow Earth or something else, but we don\u0026rsquo;t actually know.\nThe story of the Bielefeld Conspiracy has been made up as a satire, but has since picked up a life of it\u0026rsquo;s own. The cities bureau of tourism uses it for marketing purposes, and there is even a feature film , which in turn features Achim Held .\nFacebook claims that the change was unintentional and that the root cause is being researched. There totally is no conspiracy at all.\n","date":"2017-01-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/26/bielefeld-conspiracy-hits-facebook.html","tags":["fluffy fluff","lang_en"],"title":"Bielefeld Conspiracy hits Facebook"},{"categories":null,"content":" Coming up: Chinese New Year on 28. January. The coming year is a year of the Fire Rooster , and apparently these things mean a lot to a lot of people. So what influence does the Chinese Zodiac have? Well, one sign that is supposed to be very unlucky is the Fire Horse. An article from 2012 explains:\nPeople born during the year of the Fire Horse are notorious for being bad luck. People born during a Fire Horse years are said to be irresponsible, rebellious, and overall bad news. And for some reason, women are said to be especially dangerous Fire Horses. They supposedly sap their family’s finances, neglect their children, and drive their father and husband to an early grave.\nSolution? Don\u0026rsquo;t make babies in a Fire Horse year, and especially no female babies. So 1966 was a Fire Horse, and that\u0026rsquo;s what 1966 stats look like: ","date":"2017-01-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/26/chinese-new-year-and-birthrate-anomalies.html","tags":["fluffy fluff","science","lang_en"],"title":"Chinese New Year, and birthrate anomalies"},{"categories":null,"content":"I am getting my payslips in electronic form, as an encrypted, password protected PDF. It\u0026rsquo;s not a super secret password, and the encryption is more against accidentally opening the file than it is to keep the content of the file actually secret.\nAfter shipping the PDF home, I am archiving it for tax purposes, but in order to make the archival safe, I am storing the original file as well as the decrypted cleartext version of it. To do that, I wrote a shell script, which contained the password in a variable in clear.\nDiscussing that at work had a few people rejecting the storage of keys in a script in clear as a matter of principle, and the suggestion was to use the operating system key management service to hold this kind of data.\nHere is how to interact with the key management of MacOS.\nCreating a generic password \u0026ldquo;payslip\u0026rdquo; in my login keychain The command line utility to interact with the Keychain in MacOS is \u0026ldquo;security\u0026rdquo;.\n$ security add-generic-password -a $LOGNAME -s payslip -w keks This will create a generic password titled \u0026ldquo;payslip\u0026rdquo; in my default keychain, in my account, and the password is \u0026ldquo;keks\u0026rdquo;. If you run \u0026ldquo;Keychain Access.app\u0026rdquo; and check out the content of the keychain, it looks like this:\nThe generic password \u0026ldquo;payslip\u0026rdquo; has been created.\nYou can set the content of the \u0026ldquo;Name:\u0026rdquo; field differently, use the -l (label) option to do that. You can also add content to the \u0026ldquo;Comments:\u0026rdquo; field with the -j option.\nAccess Control If you want to see the password, you can always hit the \u0026ldquo;Show password:\u0026rdquo; field. You will be prompted for your login keychains password (which may or may not be the login password for your computer). By hitting \u0026ldquo;Always Allow\u0026rdquo; you will also add \u0026ldquo;Keychain Access\u0026rdquo; as a program to access this information without password.\nTrying to see the actual password triggers an authentication dialog.\nSwitching from the \u0026ldquo;Attributes\u0026rdquo; tab to the \u0026ldquo;Access Control tab shows us which programs can always access the password (without a Dialog). It looks like this:\nCreating the generic password with \u0026ldquo;security\u0026rdquo;, the program gives itself free access to the data.\nYou might see fewer (none) or more programs in this list:\nBy default, \u0026ldquo;security\u0026rdquo;, which created the password, adds itself to the access control list. If you do not want \u0026ldquo;security\u0026rdquo; adding itself to the list, set \u0026ldquo;-T\u0026rdquo; empty to prevent itself from adding: $ security add-generic-password -T \u0026#34;\u0026#34; -a $LOGNAME -s payslip -w keks Had you hit \u0026ldquo;Always Allow\u0026rdquo; instead of \u0026ldquo;Allow\u0026rdquo; in the \u0026ldquo;Show password:\u0026rdquo; dialog, \u0026ldquo;Keychain Access\u0026rdquo; would have had itself added as well. Getting the password back Here is how to get the password back:\n$ security find-generic-password -w -a $LOGNAME -s payslip If you did not allow \u0026ldquo;security\u0026rdquo; to include itself, you will see a permission prompt on the desktop:\nYou will see this prompt if \u0026ldquo;security\u0026rdquo; created the generic password with -T \u0026ldquo;\u0026rdquo;, preventing it from adding itself to the access control list.\nBoth cases, searching for a password not present or the user hitting \u0026ldquo;Deny\u0026rdquo; will have the command return with an empty password. The \u0026ldquo;password not present\u0026rdquo; case will additionally write an error message to stderr, but unfortunately not set an exit code properly.\n$ password=$( security find-generic-password -w -a $LOGNAME -s payslip ) $ echo $password keks Deleting a password\nJust for closure and cleanup:\n$ security delete-generic-password -a $LOGNAME -s payslip ","date":"2017-01-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/26/command-line-access-to-the-mac-keychain.html","tags":["erklaerbaer","macos","apple"],"title":"Command line access to the Mac keychain"},{"categories":null,"content":"EU Observer reports on a five page internal note from the EU director-general at the commission\u0026rsquo;s internal market and industry department:\n\u0026ldquo;Absolute NOx emissions of diesel vehicles under real driving conditions have hardly changed” despite “various” EU “steps”. “On the road, a Euro 5 vehicle emits almost the same amount of NOx per km as a Euro 3 vehicle.\u0026rdquo;\nThe testing method, which is nothing like real road conditions, is mentioned as a contributing factor.\n","date":"2017-01-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/26/eu-described-own-policy-as-complete-failure.html","tags":["mobility","lang_en"],"title":"EU described own policy as 'complete failure'"},{"categories":null,"content":" \u0026ldquo;Maddrax 443: Die Erleuchteten \u0026rdquo;, Jo Zybell (german language, EUR 1.49)\nSo Maddrax is one of those pulp series that are sold in booklet format in train stations, right next to romance novels. The setting echoes Planet of the Apes or other post-apocalyptic scenarios with Sci-Fantasy elements.\nDuring a failed space mission involving firing nukes at an asteroid/alien terraformship on a collision course with earth, Matthew ‘Matt’ Drax is transported five centuries into the future, where he finds a barbarian wilderness sparsely populated by mutant survivors of the impact and barbarians.\nAs the story develops, Maddrax goes onto a journey of discovery through a Edgar Rice Burroughs-like system of worlds torn by conflict and interstellar war. It\u0026rsquo;s pulp.\nI am not reading Maddrax, but got pointed at it by somebody resharing an article on G+.\nIssue 443 \u0026ldquo;The enlighened\u0026rdquo; can be read standalone, as it is a crude satire that does not actually require much understanding of the larger universe or the factions in it. It deals with some lizard men living on a moon of darkness in one of the bright spots where the light can actually reach the surface.\nSince the lizard people on the moon of darkness can\u0026rsquo;t actually survive that, they have to protect themselves from the harmful radiation of the daystar by wearing tinfoil hats. Still the brightness and radiation damages them, so they start believing all kinds of conspiracy theories or imagined dangers. Two of the lizard men, Drumb and Puudin, are becoming agressive and power hungry, starting to transform their society.\nCan be read in a few hours. Hurts all the time. Which is kind of like expected for several reasons. Novelty item.\n","date":"2017-01-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/26/finished-reading-maddrax-443-die-erleuchteten.html","tags":["review","book","media","lang_en"],"title":"Finished Reading: Maddrax 443 \"Die Erleuchteten\""},{"categories":null,"content":" ]\n\u0026ldquo;Pre-Suasion: A Revolutionary Way to Influence and Persuade \u0026rdquo;, Robert Cialdini, (english language, EUR 12.99)\nRobert Cialdini is a professor emeritus of Psychology and Marketing at the Arizona State University, a visiting professor of marketing, business and psychology at Stanford University, and is the author of several books on the psychology of Influencing and Persuasion. This book is about getting someones attention, and using it.\nCialdini speaks about privileged moments, points in time where we have someones attention, and that person is also primed to actually follow our reasoning along with our message. It goes on to analyse what makes these moments privileged, and how we can help manufacturing them.\nBeing a funny and refreshing writer, Cialdini fills his stories with jokes and anecdotes illustrating the point he\u0026rsquo;s about to make. He\u0026rsquo;s also liberally using whatever he\u0026rsquo;s explaining right now in convincing us that this particular thing actually works, which is kind of a meta-demonstration of the point he\u0026rsquo;s making.\nThis book can help you trying to sell a thing or an idea better, to customers, colleagues or other people that you need to get to listen. It\u0026rsquo;s also helping you to understand what\u0026rsquo;s influencing you, and how, and giving you tools to notice (and allow or deny) this. Going full meta, Cialdini explains how that changes the process of persuasion, and gives studies and examples to back even this up.\nThe book itself is not only full of stories and games playing with the methods and the language of persuasion, it also contains a lot of footnotes and pointers to followup reading, in case you want to go deeper. Time and money well spent.\n","date":"2017-01-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/26/finished-reading-pre-suasion-a-revolutionary-way-to-influence-and-persuade.html","tags":["review","book","media","lang_en"],"title":"Finished Reading: Pre-Suasion: A Revolutionary Way to Influence and Persuade"},{"categories":null,"content":"So Python is a beautiful language, which is also kind of slow. And the more cores you have, the worse it gets, because of the GIL in the most popular implementations. Other languages are much better at concurrency, one of them supposedly being Go. So Geeks at Google have been pondering the problem, and came up with a Python-to-Go compiler called Grumpy.\nRead more about it in their blog . In rigged benchmarks it looks awesome, and under real world load it supposedly performs quite well.\nBut the best part is the Logo. Which looks like this:\n","date":"2017-01-25T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/25/grumpy.html","tags":["golang","python","computer","lang_en"],"title":"Grumpy"},{"categories":null,"content":"Palaeofuture has an interesting article on sending letters, the CIA way.\nWhen you file a Freedom of Information Act (FOIA) request with a federal agency, they’ll often send you physical letters in the mail. When I got my first response letter from the CIA, I was a little surprised to see some old-fashioned, anti-spy tech on the back of the envelope. As you can see from the photos above and below, there’s no way to open the envelope without making it clear you’ve been messing with it.\nThe author has been inquiring about the how and why, and despite the inquiry not being a formal FOIA request got an answer.\nThe “gummed kraft sealing tape” the agency uses is three inches wide, and the indications from the response to my FOIA request suggest that the agency buys it in 450-foot rolls.\nThe article does have a part and an order number for the tape, in case you have need for it.\n","date":"2017-01-25T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/25/sending-letters-the-cia-way.html","tags":["security","hack","lang_en"],"title":"Sending letters the CIA way"},{"categories":null,"content":"The trench ain\u0026rsquo;t here:\nIt is elsewhere .\n","date":"2017-01-25T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/25/the-topography-of-the-death-star.html","tags":["fluffy fluff","lang_en"],"title":"The Topography of the Death Star"},{"categories":null,"content":"In mysql() nach PHP 7 retten , Charly Kühnast explains how you can get the deprecated and disabled mysql extension back in PHP 7. You shouldn\u0026rsquo;t. There are many reasons for this.\nOne of them being that none of the newer features in MySQL can be used with the old mysql extensions. There is an overview in the PHP documentation that explains exactly what you are missing.\nOne of the things that you are missing is support for prepared statements. Prepared statements are a mechanism in which you write SQL statements with placeholders for variables, and then later bind values to the placeholders using a \u0026ldquo;bind\u0026rdquo; call or as part of the \u0026ldquo;execute\u0026rdquo; call which is actually running the statement.\nIn any case, the variables are being escaped properly automatically, making SQL injection a lot harder. This is not just a problem limited to PHP - a search for bind and execute other sources can be very instructive. For example, the sources of Opennebula or in older versions of Owncloud (up to and including version 7) are rich treasure troves of potential exploits.\nSo currently the situation is as follows:\nThere are three extensions at the PHP level, one of which is deprecated and disabled in PHP 7:\nThe old mysql extension is no longer available by default, and for good reasons. Do not use it, do not attempt to use code that uses it. The mysqli extension has been around for very many years, and offers a procedural and an object oriented interface, and makes \u0026ldquo;newer\u0026rdquo; MySQL features available, including prepared statements. The PDO_mysql extension has been around for many years, too, and offers an object oriented, and portable across databases interface. It also allows access to all \u0026ldquo;newer\u0026rdquo; MySQL features. The wire protocol of all of these extensions is implemented by a C-level library, against which the extension can be linked. A manual page explains the choices.\nTraditionally that has been the Oracle/MySQL C-API (\u0026ldquo;libmysqlclient\u0026rdquo;, \u0026ldquo;Connector/C\u0026rdquo;), which comes with the database server. It is available on the GPL, which is a license different from the PHP license of the rest of the PHP proper, and it has it\u0026rsquo;s own memory management, which is different from the PHP native memory management. Since PHP 5.3, there is mysqlnd (the \u0026ldquo;native driver\u0026rdquo;, ND). It re-implements the MySQL wire protocol, and is available under the same license as PHP itself. It also uses the same memory management that PHP uses, which makes it faster (no copying) and more efficient (no duplication of values). It is the default on a normal PHP build these days. What you should be using: These days, your code should not be using the mysql extension. So you will be using mysqli or PDO_mysql, depending on your needs, with the underlying implementation of the native driver doing the heavy lifting.\nDo not attempt to port mysql-Extension based code to PHP 7 without refactoring it for prepared statements, please.\n","date":"2017-01-23T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/23/php-7-mysql-extension-deprecated.html","tags":["mysql","php"],"title":"PHP 7: mysql extension deprecated"},{"categories":null,"content":"Cary Caffrey schreibt etwas, daß vom Cover und dem Beginn der Geschichten sehr gut in ein SciFi Anime Setting passen könnte, dann aber schnell eine ganze Menge mehr Tiefe entwickelt und faszinieren kann.\nAlcyone Book Series Die Heldin der Geschichte, Sigrid, wird zu Beginn der Geschichte aus den Bedingungsloses-Grundeinkommen-Slums der übervölkerten Erde geholt und auf einer nahezu unberührten Welt, Alcyone, zusammen mit einer Reihe weiteren Mädels in einen biomechanischen Sölder-Cyborg von enormer Durchschlagskraft umgewandelt. Zugleich erfahren wir Leser ein wenig mehr über die Struktur eines Post-Neocon Ferenghi-haften Universums, in denen Firmen die Technologie eine Sprungtores entwickelt haben und die Erforschung und Entwicklung ferner Welten übernommen haben, und in denen die Mädchen von Alcyone zu gefährlichen Machinstrumenten im Kampf der Konzerne geformt werden sollen.\nSigrid versucht ihre Welt zu verstehen, die offenbar viel größer und komplizierter ist, als ihr in ihrem Erden-Slum bewußt war. Sie will sich emanzipieren und sich über die Identitäten und Absichten der Spieler klar zu werden, die versuchen, sie zu beeinflussen und sie zu benutzen. Im Laufe der Trilogie gelingt ihr das - zu hohen Kosten - und zugleich wird klar, daß sie mit einer Schwarz-Weiß-Ideologie nicht weiter kommen wird.\nSpannendes Worldbuilding, nett erzählt und gepaced, und eine interessante Weigerung, einfache Erzählstrukturen anzunehmen. Ich war gut unterhalten.\nThe Girls From Alcyone Book Series:\nThe Girls From Alcyone The Machines From Bellatrix Codename: Night Witch ","date":"2017-01-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/02/fertig-gelesen-alcyone.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Alcyone"},{"categories":null,"content":"Ein schnelles Einsteigerbuch in die operativen Handgriffe für den Umgang mit Docker. Weitgehend an einem Nachmittag durchgescanned und verarbeitet, mit spannenderen Informationen im hinteren Teil, wo es um Image Formate (intern) und Docker Overlay Networking geht.\nSpannender wird es erst im Zusammenwirken mit was größerem - Kubernetes. Das ist jedoch ein anderes Buch…\nDocker for Sysadmins , EUR 8.51\n","date":"2017-01-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/02/fertig-gelesen-docker-for-sysadmins.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Docker for Sysadmins"},{"categories":null,"content":"\u0026ldquo;Drift Into Failure\u0026rdquo; ist eine Art populärwissenschaftliche Einführung in die Systemtheorie. Anhand einer Reihe von Beispielen werden eine komponentenorientierte Fehleranalyse und eine Art blameless Postmortem nebeneinander gestellt und an Hand von drei zentralen Beispielen (und einer Reihe von kleineren illustrativen Ideen) gezeigt, wie dies zu unterschiedlichen Ergebnissen führen kann.\nDie großen Beispiele sind Alaska Airlines Flight 261 , Space Shuttle Challenger Disaster , und der Enron Scandal . Die Darstellung zielt darauf ab, daß es eben nicht einzelne fehlerhafte Komponenten (Pilot, Jack Screw, Tankisolierung, Buchhaltungsregeln sind), sondern eine Reihe von organisatorischen und persönlichen Beziehungen von Leuten und Prozessen untereinander, die etwas auslösen, daß der Autor als Drift bezeichnet.\nDrift ist dabei eine ungeplante Änderung von Prozessen und Risikobeurteilungen, die durch lokale Optimierungsprozesse und lokalen Anpassungsdruck ausgelöst werden, aber am Ende die Stabilität des ganzen Systems beeinflussen. Dabei ist es am Ende oft unmöglich zu sagen, an welcher Stelle durch welche Aktion die Grenze überschritten worden ist.\nDekker unterscheidet offensichtliche, komplizierte, komplexe und chaotische Systeme. In offensichtlichen Systemen sind Ursache und Wirkung direkt sichtbar und miteinander gekoppelt, Zusammenhänge sind stetig und differenzierbar, linear bis exponentiell. In komplizierten Systemen existieren diese Zusammenhänge ebenfalls noch, sind aber eventuell nicht offensichtlich - jedoch statisch und entdeckbar.\nKomplexe Systeme sind anders, weil sie Feedback-Schleifen enthalten, mit denen sie sich ändern und anpassen können. Das ist besagte Drift, und sie ist in vielen Fällen eine nützliche Eigenschaft - wenn sie kontrolliert und beobachtet wird, was jedoch sehr schwierig ist.\nKomplexe Systeme haben entsprechend keinen statischen Zusammenhang zwischen Ursache und Wirkung, sondern Regeln ändern sich über Zeit oder aus anderen Gründen oder es existieren lokale Abweichungen. Komplexe Systeme existieren oft an der Grenze zum Chaos, und so kann es sein, daß bestehende Steuerungs-Prozesse und bekannte Steuerungs-Inputs nicht immer den gewünschten und erwarteten Einfluß haben. Möglicherweise haben kleine Abweichungen beim Input stark andere Auswirkungen haben, oder Steuerungs-Inputs haben unerwartete und nicht immer auftretende Nebenwirkungen - die Diskussion im Buch an den Beispielen oben illustriert das vielfach.\nDas Buch enthält kaum aktive Handlungsanweisungen, und ist an vielen Stellen frustrierend vage, ist jedoch eine gute Einführung in Systemtheorie und erlaubt es unter Umständen, fehlerhafte Prozesse und Fehlentwicklungen im eigenen privaten oder beruflichen Umfeld einfacher zu benennen und zu beeinflussen.\nDrift Into Failure , EUR 16.32\n","date":"2017-01-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/02/fertig-gelesen-drift-into-failure.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Drift Into Failure"},{"categories":null,"content":"Ein kaum 40 Seiten langer Aufschrieb über die Basics von Kubernetes und wieso Docker in der Produktion erst mit mehr als einem Dockerhost und mit Kubernetes Spaß macht. Das Buch bezieht sich nicht auf Kommandos und operative Details, sondern vermittels einen großflächigen Überblick über die Konzepte und den Sinn der Sache, um die operativen Details (die man sich anderswo besorgen muß) sinnvoll zu kontextualisieren.\nSinnvoll auch für technische Entscheider.\nKubernetes: Scheduling the Future at Cloud Scale , Free eBook\n","date":"2017-01-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/02/fertig-gelesen-kubernetes-scheduling-the-future-at-cloud-scale.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Kubernetes - Scheduling the Future at Cloud Scale"},{"categories":null,"content":"In Teil 2 setzt sich das Motiv der Erzählung als Reiseroman fort und das ist es auch, was trotz aller Action das Tempo bestimmt. Wir erfahren mehr über Kims Hintergrund und Entwicklung und angenehmerweise viel über Show, Don\u0026rsquo;t Tell und ohne das Pacing zu brechen.\nAlles in allem ganz wunderbar geschrieben und mit viel Konzentration auf die Charakterisierung der Figuren gemacht. Wer Teil 1 gemocht hat, wird in Teil 2 mehr desselben finden.\nRetaliation , EUR 2.99\nMehr Reviews:\nSlingshot Retaliation ","date":"2017-01-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/02/fertig-gelesen-retaliation.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Retaliation"},{"categories":null,"content":"Butcher (\u0026ldquo;Dresden Files\u0026rdquo;) nimmt sich des Genres Steampunk an und wirft uns in eine fremde Welt, offensichtlich ein besiedelter Planet der nicht die Erde ist und in der Menschen Eindringlinge sind, und in der sie nur auf Grund einer halb mystischen, vergessenen Technologie überleben können, die auf \u0026ldquo;Aether\u0026rdquo; basiert.\nDie auf ihre wolkenkratzer-großen Schutztürme (\u0026ldquo;Spires\u0026rdquo;) beschränken Menschen können auf der feindseligen Dschungel-Oberfläche der Welt nicht existieren und stehen miteinander nur über ihre Aether-Betriebenen Wolken-Dampfschiffe in Kontakt, mit denen sie Handel treiben und Krieg führen. Die ursprünglichen Bewohner der Welt scheinen vorübergehend geschlagen worden zu sein und erwachen und reorganisieren sich nun, währen die Menschen die technischen Grundlagen ihrer Technologie vergessen haben.\nErster Band einer längeren Serie, die sich angekündigt mit dem Niedergang und dem Ende der Menschen auf jener Welt beschäftigen wird. Mühsame Erzählung mit viel Expose, und ich bin nicht überzeugt, daß ich das weiter lesen will.\nThe Aeronaut\u0026rsquo;s Windlass , EUR 5.49\n","date":"2017-01-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/02/fertig-gelesen-the-aeronauts-windlass.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: The Aeronaut's Windlass"},{"categories":null,"content":"The Box ist vordergründig ein Buch über die Erfindung des Containers und die vierzig Jahre des Strukturwandels, die seiner Erfindung und seinem Siegeszug um die Welt folgen.\nThe Box Das Buch belegt ausführlich, welchen hohen Anteil die Frachtkosten an einem gefertigten Produkt vor 1956 hatten, und wie stark die Regulierung des Transportwesens, insbesondere in den USA, einen Strukturwandel behindert hat. Stückgut war personalintensiv, langsam in der Verladung und hat lange Aufenthaltszeiten in Häfen und Bahnhöfen erforderlich gemacht - Fracht war nicht nur teuer, sondern auch langsam.\nDas Buch ist auch eine Art Wirtschaftsbiographie, die den Unternehmungen Malcom McLeans folgt und beschreibt, wie er auf der Straße, der Schiene und besonders auch auf den Meeren versucht hat, Transport wirtschaftlicher und schneller zu machen und quasi im Vorübergehen den multimodalen Transport erarbeitet und einen tiefgreifenden Strukturwandel ausgelöst hat.\nDas Buch blickt dabei auch auf Städte wie New York, und zeigt, wie die Slums und die Krise in verschiedenen Stadtteilen des New York mit dem Siegeszug des Containers in Verbindung stehen: Dadurch, daß im Stadtkern von New York kein Platz für einen Containerfrachthafen war, wurde dieser am anderen Ufer des Hudson gebaut. In Folge gingen den Docks von New York Geschäfte verloren.\nZugleich ist mit multimodalem Transport keine Notwendigkeit mehr für kleine Fertigungsbetriebe gegeben, direkt neben dem Hafen zu sitzen - Betriebe können stattdessen nach New Jersey raus ziehen, wo Raum billig verfügbar ist. Der Innenstadt geht damit eine Menge saubere Kleinindustrie verloren. Das wirtschaftliche Herz der Stadt ist also binnen 15 Jahren faktisch verschwunden und führt zu dem New York der 70er und 80er, das wir aus Filmen kennen.\nGenerell ändert sich mit der Natur der Häfen auch ihre Kostenstruktur und ihre Kapazität - statt vieler kleiner Häfen bekommen wir pro Kontinent eine Hand voll gigantischer Containerterminals, die praktisch eine ganze Nation versorgen können und dann eine Bahn- und Lastwagen-Infrastruktur, die eine zunehmend längere letzte Meile versorgen. Kleinere Zubringerhäfen runden den Bedarf ab. Eine ganze Menge Nationen und Städte haben sich bei dem Rennen darum, \u0026ldquo;der Containerhafen der Nation/des Kontinents\u0026rdquo; zu werden verspekuliert und Milliarden an sinnloser Infrastruktur entwickelt und subventioniert.\nGroße Containerfrachter und Nachschublinien mit Just-In-Time-Semantik und der dazu passenden Verläßlichkeit sind jedoch ohne Computer-Unterstützung nicht zu betreiben und so beleuchtet das letzte Drittel des Buches die Fortschritte und Innovationen der 80er Jahre und wie sie den Transport weiter verändert haben. Unser heutiges weltweites Transport- und Wirtschaftssystem wäre ohne die Kombination von Containerfrachter und Computer gar nicht zu betreiben, Fabriken in Shenzen ohne Frachtkosten unterhalb der Nachweisgrenze nicht sinnvoll zu betreiben.\nSchließlich geht das Buch an vielen Stellen auch auf den Arbeitskampf ein, der die Einführung des Containers begleitet und verlangsamt hat, und der es möglich gemacht hat, daß die Umstellung nur von moderaten Gewalttätigkeiten begleitet war. Gewerkschaften und weniger legale Arbeitnehmerorganisationen haben hier eine zentrale Rolle beim Überleben von Regionen und bei der Umsetzung des Wandels gespielt.\nAlles in allem eine faszinierende Kombination von Wirtschaft, Logistik, Politik und Operations Research, spannend erzählt.\nThe Box , EUR 14.99\n","date":"2017-01-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/02/fertig-gelesen-the-box.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: The Box"},{"categories":null,"content":"Ein Geschichtsbuch, das ich ursprünglich irrtümlich der Reihe \u0026ldquo;Turning Points in History\u0026rdquo; zugeordnet habe (siehe 1177BC ). Weil es das nicht ist, fehlt die historische Einordnung und die Beschreibung der Bedeutung der Ereignisse im geschichtlichen Umfeld.\nDennoch ist das Buch eine unterhaltsame Beschreibung eines Raub- und Eroberungsfeldzuges, der am Ende zu einem Genozid wurde - ja, das klingt so kraß wie es erzählt wird.\nThe End Of The Aztecs , EUR 1.78\n","date":"2017-01-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/02/fertig-gelesen-the-end-of-the-aztecs.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: The End of The Aztecs"},{"categories":null,"content":"Sarah Chrisman ist ein Portländer Original mit starken Meinungen. Während ihr Mann einen DeLorean DMC-12 restauriert und fährt, bekommt sie aus Gründen ein Korsett geschenkt und beginnt, es zu tragen und in Folge historische viktorianische Kleidung zu restaurieren und zu tragen.\nVictorian Secrets Heute lebt sie mit ihrem Mann in einem Haus von 1888/89 und größtenteils mit der Ausstattung aus dieser Zeit - in This Victorian Life findet man mehr.\nDas Buch erzählt autobiographisch ihre Zeitreise und die Erfahrungen bei der Erforschung historischer Lebensumstände am eigenen Körper - TL;DR es war sehr anders als heute, aber weitaus weniger unkomfortabel und schlimm als man sich so vorstellt. Fortschritte haben wir hauptsächlich bei der Hygiene und Medizin gemacht, beim Komfort und der Ernährung vielfach sogar Rückschritte und beim Umgang miteinander sind wir aus der Sicht der damaligen Zeit sogar barbarisch.\nFaszinierend zu lesen, und transportiert erfolgreich die Ideenwelt und die Neugier einer Person mit sehr starken Überzeugungen.\nVictorian Secrets , EUR 9.06\n","date":"2017-01-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/02/fertig-gelesen-victorian-secrets.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Victorian Secrets"},{"categories":null,"content":"On Core.Infra day, I was invited to speak. This is my talk. There were many like it, but this was mine.\nIn operations, code is not your friend. This is about what I did the two years I have not been around here. I first worked for Booking in 2006 as a MySQL consultant doing databasey things. I joined Booking as an employee later, in 2008. By then, I was working in Amsterdam, but living in Berlin, so I was flying around quite a bit. In 2014, that became unworkable and I signed on with a Berlin based eCommerce hoster to do some awesome stuffs.\nSysEleven had about 3000 customers, mostly German eCommerce or news sites. The company had less then 50 employees in 2014 and grew to 70 people now. I joined a newly formed team, whose task was to build the new hosting platform for SysEleven.\nGiven that we were to build the new platform, there has to be an old one. The old platform was based on single machines with all storage local, and maybe a NetApp or two mounted from external. Hosting was done on OpenVZ based containers, and the Underlay (Hypervisor) was generally managed by puppet. The Overlay (contents of the container), too, mostly. But due to limitations in Puppet, architectural decisions of the past and the nature of the workload imposed by customers that was not done consistently and completely. There was a lot of fuzz around the edges, and some things were completely on manual.\nThe new platform was based on Openstack, with a software designed storage solution, and a software designed network solution underneath, no local storage on the machine (all bytes always come from the SDS). Underlay and Overlay were to be completely controlled by Puppet, and in fact, the actual installation process was to be done by Puppet as well.\nWe actually succeeded in doing this.\nSo you have several racks full of HP DL380s, all powered off and cold. The bootstrap talks to the iLOs, turns on the hardware, inventories everything, zaps fresh ROMs and iLOs onto everything, and then paints a base operating system onto the machines that is just enough to bootstrap Puppet. Puppet then continues to install and personalise the machines and build an Openstack from this, including SDS and SDN cluster builds before the Openstack install.\nThe total installation time was 30-45 minutes, if everything went well, but usually not everything went well. :-) Also, Puppet as a tool is extremely focused on managing a single host and does not work well with the concept of a cluster. If you want to build such a thing, you end up coding a lot of stuff against the internal logic of Puppet, using Stages to have synchronisation points, or invoking very ugly hacks written as external Python scripts that sync up the cluster before allowing everybody to continue to the next phase.\nI learned that there is a place that can genuinely and rightfully be called Puppet Hell.\nWe made the decision to not write Puppet modules when we could reuse external work. That turned out to be a not so smart solution. We imported external repositories into our internal Gitlab, and in order to structure things, we set up a bunch of different segregated areas, teams. In the end we had about 200 repos, in six different teams.\nThat led to a lot of problems. We did not set out to have these problems, it just kind of inevitably happened.\n200 Repos is quite a lot, and even with tooling you end up making mistakes. Some people will not be able to see some repos, not because they should not, but because of mistakes. Some things are done manually, others are done automatically, but rules change or team members move, but the rules are not adjusted and other stuff.\nAnyway, you inevitably end up in a situation where you are making a change and you are not aware of all the consumers of the change - either because you can’t see them, or because you did not bother to check out that repo, or because your search did not find them. Not fixing your consumers will break them, and hence the build. That is annoying.\nYou also can’t make your changes atomically. You may make your change at the source, and merge it, but you still need to merge and push the 13 consumers of your change, and that can take time, or fail. Until you complete the merge in all Repos, nobody in the team can roll out. That sucks.\nFinally, if visibility is limited, it may be that two people are producing or importing duplicate solutions for a problem. Worse, it may be that these duplication are actually duplicate external imports, but at different version requirements. That makes it very hard to manage project dependencies and size.\nWe are doing Puppet, so what is it that we import when we import stuff from Puppetlabs, or github?\nWell, mostly generalised configuration management classes for Puppet.\nWhat is that?\nMost configuration files are actually Hashes of Hashes with a unique kind of syntactic sugar. MySQL my.cnf files, Bind configuration, Openstack ini-Files, and so on - the are all HoH’s.\nSo what you get is a YAML-shovel that will generate the HoH that is, say, an Apache vHost-definition from the Hash of Hashes inside Puppet variables. Which in turn are being loaded from the Hash of Hashes that is a Hiera YAML file.\nWhen you want to make a config change, you can’t edit a native Apache config file. You need to read the code, seeing how the Puppet in-memory HoH is being transformed into the actual Apache config. Then you need to look further back and understand how the twelve dozen Hiera files actually overlay each other to form these Puppet structures, and inject your change in the right place.\nThen you need to try this out and actually see what config is being generated.\nYou need a lab. For a config change.\nThat is because your config and your config generation became so complicated that it is no longer obvious. It is no longer obvious what that code does, and it is no longer obvious what your change does.\nIn our case the test environment is an entire datacenter, the vanguard data center. That is clearly insane.\nHow did we end up in this place?\nLet me introduce The Configuration Complexity Clock .\nYou write a piece of actual code, in a proper programming language. Values are pieces of code, constants. They are baked in. It is noon on the config clock.\nThings change, values need to change. You need different values in different places, so you load variables from a file, the config file. It is now 3.\nSomebody needs more than that - there are rules. “Some rooms are only available at some price if the stay includes a Saturday” is such a rule. Or “The amount of memory we give to the Innodb buffer pool is all machine memory minus 20% or 4GB, whichever is smaller, unless it’s a mz box with all that Blob stuff going on.” is another such rule. It is now 6 on the config clock.\nOf course some things can no longer be expressed as rules. You need a fully blown language with data structures, control structures, loops and include files. You get a config management DSL. Something like puppet. It’s 9 on the config clock.\n»The team spend most of their time writing code in the new DSL.\nAfter some embarrassing episodes, they now go through a complete release cycle before deploying new DSL code.\nThe DSL text files are version controlled and each release goes through regression testing before being deployed.«\nThat’s SysEleven, doing puppet. That’s us, doing Puppet - if not now, then it’s going to be us very soon.\nThat is, because what we are doing is no longer obvious, so we need to check the presence and type of parameters to our Puppet classes.\nWe need to write tests that check the validity and content of the subconfigs generated.\nWe then need to do integration testing, in order to prevent catastrophic loss of the entire site from centralised config changes.\nAt SysEleven, when we were at that point, we stopped. We threw away our complete stack of “Setup Openstack from scratch” and started over.\nWe chose a different config management system, in our case that was Ansible, but that is not really important.\nWe did choose something else than Puppet, mainly so that we were unable to directly reuse any component we previously wrote.\nWe did come up with some rules in order to prevent ourselves from descending into Puppet Hell again. Our goal was to enforce simplicity, and obviousness.\nWe did switch to a Monorepo, at least as much as possible. There were other, external dependencies with other parts of the company that prevented us from going completely Monorepo, but it kind of worked well enough for us.\nWe did use Ansible, and while the actual choice of the config management system officially did not matter as long as it is not Puppet, Ansible does have a number of advantages that Puppet does not have. One of them being that it deals much better with distributed software than Puppet can do, and the other, much more important one being that it is very limited.\nIt is impossible to do complicated things in Ansible. At some point, if Ansible is not sufficient, you need to stop ansibilizing and switch to Python. That’s a good point to raise the issue with the team and asking around what’s actually the problem and how an Ansible extension written in Python is going to make this better.\nThis is good, because it gives you a point where reflection and goal-setting are in order, and a hook where project management processes can be invoked.\nWe also looked at our YAML shovels and asked ourselves what they are good for. We found that they are overgeneralised solutions for our problems. We do not need to be able to write any conceivable Apache config from our config management code, we only need to be able to write our Apache config from it.\nOr, more generally:\nFeature development is about generalisation, avoiding limits, delaying decisions and being more flexible. Infrastructure development is about being concrete, making decisions, setting limits and being obvious. I cannot stress the importance of that enough. It was at the core of all of our problems.\nWe decided to write config files directly. If there is an Apache config, write that Apache config file in Apache config file syntax into the Ansible template directory, and install it as literally as possible. Changes will be obvious in what they do.\nDo not use variables, unless you can show that in our config there is actually variation.\nWe did catch ourselves in review in anticipating problems we didn’t have, introducing complexity we didn’t need. Good thing we did establish review, because every single team member failed at being as simple as possible, multiple times.\nWe did have a few cases were it was in order to write code, remove duplication and generate stuff in a loop or similar things, but these cases were few and far between.\nOur new setup was an order of magnitiude smaller and much, much easier to understand.\nWe did bring in external people and tried to explain to them what we did, and how things work, and the new setup was so much easier to work with that this was actually possible.\nWe did not need tests any more, because changes were obvious. Code that is not present does not need to be tested in the first place.\nSo, looking at us here: What’s in it for us?\nI do believe, after reading a lot of code in our Puppet and in other places, that Simplicity as a value in itself would work well for us, too. Code isn’t our friend, either, especially in Core.Infra and Operations related places. We are here to make decisions, not delay them, and to be obvious, and as simple as we can get away with. Which is hard enough given the fact that our size and growth force more and more distributed stuff on us, which by it’s very nature has a high inherent complexity.\nI think the entire container thing is a brilliant idea, and we should be doing it more.\nA lot more.\nImmutable containers, being created and then loading values from a Zookeeper or Consul, instead of running Puppet on every host, painting state changes over state changes that may or may not have been previously applied.\nEventually we will no longer have any need for Puppet at all any more, despite the fact that we are a larger company that is doing a lot more distributed stuff than now.\nThe Tao of Operations: Be simple. Be boring. Be obvious. Because every time you aren’t, you get to write a postmortem. ","date":"2016-09-01T00:00:00Z","href":"https://blog.koehntopp.info/2016/09/01/be-simple-be-boring-be-obvious.html","tags":["lang_en","computer","devops","talk"],"title":"Be simple. Be boring. Be obvious."},{"categories":null,"content":"Ok, ein Aspie-Kandidat hat Snow Crash gelesen und ist von den Erwähnungen sumerischer Kultur und Alt-Enochisch als Sprache fasziniert und tut das, was ein Aspie in so einer Situation als normal empfindet: Er lernt alles über das Thema, verdaut es und erzeugt dann einen Braindump. Der ist durchaus lesbar.\nBroken Tablet Broken Tablet ist also die sumerische Version von Outlander: Ein irakischer Silicon Valley Milliardär hat genug von der Technik und kehrt in seine Heimat zurück (Hey, Steve Jobs hat syrische Wurzeln!), um dort mit einem entlegenen Zweig seiner Familie Kontakt aufzunehmen. Das hat er kaum getan, als er in einen \u0026ldquo;Der letzte Countdown\u0026rdquo;-artigen Zeitsturm gerät und im Zweistromland wieder auftaucht.\nDort stellt er fest, daß die Sprach- und Ideenbasierte Magie des Sumerischen durchaus funktioniert, und daß es ziemlich schwierig ist, moderne Technik und moderne Ideen im Altertum und dem Ideen-Referenz-Framework des Altertums zu kommunizieren, wenn die Sprache dem Denken recht enge Grenzen setzt.\nEine Geschichte um Technik und Magie, um Sprache, Ideen und Kommunikation, teilweise ein wenig konstruiert, teilweise ein wenig klischeebehaftet, aber über alles durchaus spannend und ohne zu große Längen. Ein Erstlingswerk, dem man seine Schwächen anmerkt, das aber durchaus funktioniert.\n\u0026ldquo;Broken Tablet \u0026rdquo;, Micah Joel, EUR 2.99 Kindle unlimited verfügbar\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-broken-tablet.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Broken Tablet"},{"categories":null,"content":"Nach dem Tode seiner Frau ist Neal Asher durch eine ziemlich fiese Depression gelaufen und war naturgemäß wenig produktiv. Nun, wie sag ichs, es geht ihm besser und er schreibt wieder.\nDark Intelligence Chronologisch, thematisch und zum Teil auch räumlich spielt \u0026ldquo;Dark Intelligence\u0026rdquo; nach The Technician , denn es geht um Penny Royal.\nDie Polity ist auf eine Weise ein Gegenentwurf zu Ian Banks \u0026ldquo;The Culture\u0026rdquo;, denn auch in der Polity hat die Singularität quasi stattgefunden und die Menschen wurden von ihren AIs und deren Technologie weit überflügelt und nicht zurückgelassen. Sie werden stattdessen auf eine Weise in die sich entwickelnde neue und entschieden nichtmenschliche (oder scheinmenschliche) Kultur integriert. Doch anders als in der Bank\u0026rsquo;schen Culture gibt es in der Polity durchaus noch nicht-selbstgewählte Probleme und übermächtige Gegner (und Ashers Schreibe leidet ein wenig an seinem gelegentlichen Hang zu Torture Porn).\n\u0026ldquo;Dark Intelligence\u0026rdquo; greift die Erzählung auf Masada nach dem Ende der Theokratie auf, und berichtet uns von einer Reihe von Figuren, die mit der failed AI Penny Royal (Penny Royal ist eine Abtreibungspflanze: Die AI Penny Royal ist sich ihrer Fehler wohl bewußt) Kontakt hatten und wie sich deren Leben dadurch und durch die von Penny Royal bewirkten Änderungen verändert.\nDabei stellt sich heraus, daß Penny Royal durchaus auf dem Weg zu einer Art Heilung ist, und auf eine verdrehte und berechnende Art und Weise Gerechtigkeit und Ausgleich schaffen will - ein Thema, daß wir auch schon in den Geschichten um den Brass Man bei Asher beobachten konnten.\nDas Pacing ist langsam, aber die Geschichte ist wunderbar konstruiert und am Ende fallen alle Steine auf eine befriedigende Weise an ihren Platz. Eine der besseren Asher-Stories.\n\u0026ldquo;Dark Intelligence \u0026rdquo;, Neal Asher, EUR 6.59\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-dark-intelligence.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Dark Intelligence"},{"categories":null,"content":"Spreadsheets in Space ist eines der tollsten Computerspiele und MMOGs, die ich nie spielen werde, weil ich schon ein Leben habe, und weil ich mich gut erinnern kann, wie schlimm PernMUSH damals für mein erstes Leben war. Außerdem glaube ich fest daran, daß Zusammenfassungen und Geschichten über EVE zu lesen viel toller ist als EVE tatsächlich zu spielen. Das muß ich schon, damit ich es nicht ausprobiere. :-)\nEmpires of EVE Wie dem auch sei, dieses Buch ist eine (selbstverständlich angezweifelte, parteiische und unvollständige) Historie einer Phase in der Entwicklung von EVE und kontrastiert dabei in-game Entwicklungen und Interviews mit den Spielern auf eine Weise, die einen an einer kondensierten und durchaus faszinierenden Geschichte dieses wunderbaren Spiels teilhaben läßt ohne daß man selber groß Gefahr läuft, es selber ausprobieren zu müssen.\nSelbstverständlich ist das alles Nullsec-Kram, denn welcher Vollblutpilot würde sich sich schon lange mit Highsec Grinding abgeben?\n\u0026ldquo;Empires of EVE \u0026rdquo;, Andrew Groen, EUR 9.22\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelese-empires-of-eve.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Empires of EVE"},{"categories":null,"content":"Kindle unlimited ist ja komplett risikolos und so kann man dann auch mal zu wilderen Ideen greifen und Dinge ausprobieren.\nEVE: The Awakening EVE: The Awakening ist so eine wildere Idee, und wir werden kommentarlos direkt da rein geworfen. Ein junges Mädchen sieht seine mit dem Auto nach Hause kommenden Eltern bei einem Unfall auf der letzten Kreuzung vor dem Haus sterben - und entwickelt spontan telekinetische Kräfte. Sie ist nicht allein damit, aber offenbar die Jüngste, bei der das bisher passiert ist. Schnitt.\nEve ist jetzt 19, und wie viele andere in ihrer Welt eine Chimäre, ein Wesen mit diesen unheimlichen Kräften, die sie zu einer Ausgestoßenen machen. Dennoch gelangt sie aus Gründen, die sich nicht versteht, per Stipendium auf die Billington University in Kalifornien, wo sie mit der Schule und Ausbilding zu kämpfen hat, mit der komplizierten sozialen Hierarchie zwischen den Reichen, Mächtigen und den Stipendiaten, und mit den Übergriffen der Interloper, vor 20 Jahren auf der Erde erschienen sind und bis jetzt weder kommunizieren wollten noch wirklich greifbar waren - das ändert sich jetzt.\nDies ist ein Buch. Das ist das vollkommen falsche Medium. Diese Geschichte würde als japanischer Magical Girl Anime in 26 30-Minuten-Folgen sofort und reibungslos funktionieren. Als Buch fehlen die Kommunikations- und Darstellungsmittel, um die Geschichte zum fliegen zu bringen. Was schade ist, denn der Anime wäre super.\n\u0026ldquo;EVE: The Awakening \u0026rdquo;, Jenna Moreci, EUR 3.68, Kindle unlimited verfügbar\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-eve-the-awakening.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: EVE: The Awakening"},{"categories":null,"content":"\u0026ldquo;Oh, Du ziehst in die Niederlande. Wie ist das denn so?\u0026rdquo; Das ist dem Deutschen ähnlicher als jede der beiden Nationen zuzugeben bereit ist, aber deutlich unterschiedlich. Diese Kombination von Fremdheit und Nähe ist mitunter verwirrend, weil man immer genau dann, wenn man glaubt, das Land begriffen zu haben, in irgendwas rein läuft, das vollkommen einmalig niederländisch ist.\nWie dem auch sei, was soll ich das erklären - lest halt selber.\n\u0026ldquo;Holland für die Hosentasche \u0026rdquo;, Ulrike Grafberger, EUR 9.99\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-holland-fur-die-hosentasche.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Holland für die Hosentasche"},{"categories":null,"content":"Hines ist da, wo Stross noch hin will: Der Deckel ist ab, die Muggel haben die Magie gesehen und müssen sich in der neuen Welt zurecht finden - nichts, was sie bisher über die Welt und ihre Geschichte wissen ist noch wahr und eine neue, bisher unbekannte Macht existiert.\nRevisionary Natürlich muß sie - wie das Internet in unserer Welt - dringend reguliert, in Waffen umgewandelt und als Machtinstrument strukturiert werden. Und wenn dazu ein paar Leben ruiniert, Attentate inszensiert und Bedrohungen konstruiert werden müssen, dann ist das halt so, aber es ist ja zum Besseren™ für alle.\nNur daß Isaac Vainio das so nicht hin nehmen kann und will, und diese Dämonisierung des Neuen und seine Kontrolle in den alten Strukturen nicht hinnehmen will. Und so geht diese Geschichte von Magie über Politik auch um die letzte Phase des Erwachsenwerdens, vom Verantwortung nehmen für sich selbst über die Verantwortung für die Seinen zum Verantwortung nehmen für die Zukunft. Es ist Hines zu verdanken, daß eine solche Gelegenheit für trockene Moral und Langweile stattdessen zu einem spannenden Action Thriller wird.\nVierter Teil einer Serie, und nicht wirklich standalone tragfähig, aber die Serie sei Euch empfohlen.\n\u0026ldquo;Revisionary \u0026rdquo;, Jim C. Hines, EUR 12.99\nMehr Reviews:\nLibriomancer Codex Born Unbound Revisionary ","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-revisionary.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Revisionary"},{"categories":null,"content":"Das Buch ist eine Serie von Essays, jedes zu einem bestimmten Aspekt von Operations, in dem die betreffenden Gruppen bei Google von den Hintergründen, der Organisation und der Technik ihrer Arbeit berichten. Das Buch zeigt eine Weise, wie man einen modernen Operations-Betrieb in der IT organisieren kann, der insbesondere auch für große verteilte Systeme in einem wirtschaftlichen Umfeld mit hohem Transaktionsvolumen, geringem End-User-Service und geringen Margen funktioniert.\nViele Aspekte dort können wertvolle Denkanstöße für die Weiterentwicklung oder Verifizierung der Entwicklung der eigenen Organisation bieten, wobei eine Reihe von Dingen auf die eigene Betriebsgröße, die verwendete Technik und das eigene wirtschaftliche Umfeld angepaßt werden müssen.\nDas Buch zeigt auch, welchen Grad an Organisationsentwicklung viele Betriebe noch vor sich haben und daß Technik-, Organisations- und Personalentwicklung Hand in Hand gehen müssen, wenn das funktionieren soll - wobei die Technikentwicklung üblicherweise das einfachste und das letzte zu lösende Problem sein kann und muß.\n\u0026ldquo;Site Reliability Engineering \u0026rdquo;, many authors, EUR 21.71\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-site-reliability-engineering.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Site Reliability Engineering"},{"categories":null,"content":"Okay, der Stross war nicht daheim und hat Alyx Dellamonica an das Mikrofon gelassen: Magic Ecospeak und so kommt es, daß \u0026ldquo;The Case of the Toxic Spell Dump\u0026rdquo; auf meinem SuB gelandet ist.\nWorum geht es: Alle Kräfte im Universum sind personifiziert und manche von ihnen sind rachsüchtig. Diese Natur der Welt bringt es mit sich, daß die Zivilisation nur durch die korrekte und umsichtige Anwendung bekannter und zuverlässiger magischer Gesetzmäßigkeiten funktionieren kann. Alle Religionen sind wahr, alle Götter sind echt und so mächtig wie Leute an sie glauben, alle magischen Prinzipien, wie wir sie aus dem Mittelalter kennen funktionieren. Seelenlose Technik gibt es nicht.\nIn dieser alternativen Welt des 20. Jahrhundert ist David Fisher ein Agent der Environmental Perfection Agency in der City of Angels, der sich mit der Erfassung, Eindämmung und Beseitigung magischer Rückstände beschäftigt.\nEine Film Noir-Geschichte in einem magischen Universum: Turtledove baut eine alternative, und durchaus konsistente Weltsicht auf - und schreckt dabei auch vor einem Haufen wirklich schrecklicher Kalauer nicht zurück. Die sind auch das, was das Buch trotz gelegentlicher Längen und schlechtem Pacing lesbar macht und einen bei der Stange hält.\nNur 3.99 EUR und die ist es auch wert.\n\u0026ldquo;The Case of the Toxic Spell Dump \u0026rdquo;, Harry S. Turtledove, EUR 3.99\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-the-case-of-the-toxic-spell-dump.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: The Case of the Toxic Spell Dump"},{"categories":null,"content":"Was bisher geschah: The Rho Agenda Trilogy Die Geschichte setzt einige Zeit nach Wormhole auf, dem Abschluss der Rho Agenda, und ist zugleich das erste Buch in einer neuen Trilogie \u0026ldquo;The Rho Agenda Assimilation\u0026rdquo;.\nDie Rho Agenda hat als eine Art YA und Coming of Age-Geschichte angefangen und gegen Ende eine ganze Menge dunklerer Themen aufgegriffen. Philipps hat dann mit der \u0026ldquo;Rho Agenda Inception \u0026rdquo; eine Trilogie von Thrillern und Agentengeschichten um seine Mary Sue \u0026ldquo;Jack Gregory\u0026rdquo; abgeliefert, die man als Urlaubslektüre gut durchziehen konnte und die zeitlich vor der Rho Agenda spielen.\n\u0026ldquo;The Kasari Nexus\u0026rdquo; ist jetzt der erste Teil einer Fortsetzung der Rho Agenda mit den inzwischen erwachsenen Figuren aus der Rho Agenda. Die Teile 2 und 3, The Altreian Enigma und The Meridian Ascent sind auf Amazon bereits angekündigt (Band 2 ist auf Dezember 2016 terminiert, Band 3 auf August 2017) und alle drei Teile sind für Kindle unlimited markiert.\nDie Geschichte spielt auf der Erde, wo Mark Smythe und Jack Gregory mit einer kleinen Gruppe von Rebellen als Terroristen verfolgt werden, während eine Art kommisarischer Erdregierung versucht, Kontakt zu den Kasari aufzunehmen und das namensgebende Wormhole aus Teil 3 der ersten Trilogie wieder aufzubauen und die Kasari auf die Erde einzuladen.\nUnterdessen verschlägt es das in Wormhole gestartete Kasari-Schiff mit Jennifer Smythe und Raul Rodriguez zu einer Welt namens Scion, auf der das Kasari Kollektiv einen Brückenkopf eingerichtet hat und in der eine Gruppe von Aliens Widerstand leistet.\nPhillipps bürstet hier haarscharf an Military Scifi vorbei, trifft beinahe meine Allergie gegen das Genre, und schafft es gerade so, durch die Characterisierung seiner Figuren und ihre Entwicklung mich bei der Stange zu halten.\nLangsameres Pacing als die Jack Gregory-Geschichten, und halt deutliche Spuren von Military Scifi, ansonsten ganz gut. Gut, daß es im Kindle unlimited verfügbar war.\n\u0026ldquo;The Kasari Nexus \u0026rdquo;, Richard Phillips, EUR 9.99\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-the-kasari-nexus.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: The Kasari Nexus"},{"categories":null,"content":"Die Laundry Files Series Charles Stross schrieb in seinem Blog ja schon, daß der Bob View of the world zu zynisch geworden ist, und daß Bob zu mächtig geworden ist (Crib Sheet Annihilation Score ). Und so war Buch 6 (Annihilation Score ) über Mo als Figur und als Person, und wie verzerrt unsere Wahrnehmung von ihr durch die Brille von Bob war.\nBuch 7 gibt uns eine weitere Sicht auf die Welt, denn wir erleben sie aus der Sicht von Alex, jedem frisch zum Vampir mutierten Quant, einem Softwarentwickler aus der Welt der High Frequency Trader, der nun für die Laundry zwangsverpflichtet wurde. Und nun mehr oder weniger nichtsahnend in eine Elfeninvasion gerät. Wobei Stross-Elfen noch viel unappetitlicher sind als man sich eine normale Wilde Jagd schon so vorstellt. Und spätestens wenn die Regierung einen Atomschlag genehmigt ist auch klar, daß es ein Ende damit hat, den Krieg gegen das Eindringen alternativer Realitäten in unsere Wirklichkeit heimlich zu führen.\nTrotzdem ist dies ein hoffnungsvolleres und weniger dunkles Buch als Teil 6 - aber die Pause wird nur von kurzer Dauer sein, denn Stross hat schon ein Gemetzel für Teil 8 angekündigt.\nWobei Stross\u0026rsquo; 8. Teil gerade gebrexited wurde und sich verzögern wird: Reality is broken I thought running in circles like headless chickens, squawking, and settling scores was as far as it would go. I didn\u0026rsquo;t anticipate three simultaneous constitutional crises, the main Opposition going all Night of the Long Knives, the Prime Minister resigning and his principal adversary balking and then his principal supporter-turned-adversary being stabbed in the back and then \u0026hellip; but it gets worse:\nBoris Johnson, previously noted for winning The Spectator\u0026rsquo;s competition for the most libelous poem about President Erdogan of Turkey is appointed Foreign Secretary and the first crisis he has to deal with, less than 48 hours after taking office, is a failed coup d\u0026rsquo;etat against Erdogan? And Boris is the great-grandson of Ali Kemal Bey? Who ordered that?\nI couldn\u0026rsquo;t put something like that in a work of fiction: everyone would laugh at it, and for all the wrong reasons!\n\u0026ldquo;The Nightmare Stacks \u0026rdquo;, Charles Stross, EUR 12,99\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-the-nightmare-stacks.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: The Nightmare Stacks"},{"categories":null,"content":"Es gibt ein ganzes Genre von Scifi, in denen eine Generation Kinder der Erde plötzlich neue Fähigkeiten entwickelt, die auf einer Mutation basieren, und dem sich daraus ergebenden Generationswechsel und gesellschaftlichen Umbruch.\n\u0026ldquo;The Atlantis Gene\u0026rdquo; fängt auch so an, mit einer Forscherin, Kate Warner, die sich mit Autismus beschäftigt und dabei auf eine Veränderung stößt - doch dann stellt man fest, daß das nur der Eingang zu mehr Ebenen in der Geschichte ist, und daß man es hier eigentlich mit einer Geschichte aus dem Thriller-Genre zu tun hat, in der die Scifi mehr so Deko ist.\nWie dem auch sei - wir haben es mit zwei wirklich großen Raumschiffen zu tun, die vor 70k Jahren auf der Erde abgestürzt sind, mit einer Geheimgesellschaft, den Immari, die für wirklich alle Plagen und Verschwörungen der letzten 5000 Jahre menschlicher Geschichte verantwortlich sind und die Illuminaten wie blutige Anfänger aussehen lassen und mit einer außerirdischen Verschwörung, auf die die eine außerirdische Macht die Erde vorbereiten will, um die Menschen gegen eine andere außerirdische Macht antreten zu lassen - nur daß dabei ein paar Millarden Menschen draufgehen und die Polkappen abgeschmolzen werden.\nSchon nach Band 1 steht kein Stein der Zivilisation mehr auf dem anderen, und da fängt die Umdekorierung des Planeten erst an. Die Protagonisten sterben in der Story ein paar Mal, aber das ist angesichts der außerirdischen Supertechnologie, die im Spiel ist, schnell korrigiert.\n\u0026ldquo;Ich möchte lösen! Dan Brown!\u0026rdquo;\nFast richtig.\nIch nehme auch an, daß ich das überhaupt nur lesen kann, weil ich anders als bei \u0026ldquo;Digital Fortress\u0026rdquo; nicht genug von der Materie verstehe, daß mir der Verpackungs-Technobabble gerade so kein Nasenbluten macht.\nEin Buch davon ist ganz gut, zwei sind noch unterhaltsam, drei sind zu viel. Was heute noch wie ein Märchen klingt könnte auch Blödsinn sein, oder so.\nThe Atlantis Gene The Atlantis Plague The Atlantis World ","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-the-origin-mystery-trilogy.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: The Origin Mystery Trilogy"},{"categories":null,"content":"Peter Turchin, in Russland geboren und zusammen mit seinem Vater 1977 in die USA exiliert worden, hat Biologie, Mathematik und Anthropologie studiert und modelliert jetzt an der Universität Connecticut die Entwicklung menschlicher Gesellschaften durch Multilevel Selection. Das Buch \u0026ldquo;Ultrasociety\u0026rdquo; ist die populärwissenschaftliche Kommunikation seiner Erkenntnisse bisher, und verweist auf eine ganze Leseliste richtiger wissenschaftlicher Dokumentation in den Anhängen.\nWir kennen Turchin schon von \u0026ldquo;War and Peace and War\u0026rdquo;, und \u0026ldquo;Ultrasociety\u0026rdquo; ist dabei quasi das Update zu War and Peace and War. Das Buch erklärt insbesondere die Rolle des Krieges bei der Entwicklung menschlicher Zusammenarbeit und den Zusammenhang zwischen zivilisatorischer Entwicklung (in \u0026ldquo;Anzahl der Leute, die zusammenarbeiten müssen, um eine bestimmte gesellschaftliche Leistung oder ein Artefakt einer Zivilisation zu schaffen\u0026rdquo;) und Krieg und Militärgeschichte.\nDabei behauptet Turchin, den notwendigen mathematischen Unterbau zu haben, um solche Entwicklungen simulieren und vorhersagen zu können (Hari Seldon ).\n\u0026ldquo;Ultrasociety: How 10.000 Years of War made Humans the Greatest Cooperators on Earth \u0026rdquo;, Peter Turchin, EUR 9.95\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-ultrasociety.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Ultrasociety"},{"categories":null,"content":"Wenn man sich auf die erste und wichtigste Säule konzentriert (\u0026ldquo;Personal, Organisation, Technik\u0026rdquo;), dann ist dieses Buch die Ergänzung zum SRE Buch , weil es die HR Organisation und die Arbeitssituation von Google beschreibt, und die ist durchaus anders als in anderen Firmen - wieder geprägt vom wirtschaftlichen und technischen Umfeld.\nTeile davon sollte man ganz dringend auswerten, auf die eigene Organisation skalieren und anpassen und sich dann überlegen, was das für die eigene Arbeit bedeutet, egal wie schmerzhaft das ist.\n\u0026ldquo;Work Rules! Insights from Inside Google That Will Transform How You Live and Lead \u0026rdquo;, Laszlo Bock\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-work-rules.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Work Rules!"},{"categories":null,"content":"Ein früher Teil meines Lebens, der vor dem Commodore 64 stattgefunden hat, besteht darin, Büchereien durchzulesen. In der ersten und zweiten Klasse war das die Schülerbücherei meiner Grundschule in Russee, und nach dem Umzug nach Heikendorf waren es dann die Schulbüchereien der dortigen Grundschule und des Gymnasiums und die Stadtteilbücherei am Dorfplatz, an dem wir praktischerweise gewohnt haben.\nSchnell kam ich darauf, daß man schneller und früher an Bücher kommt, wenn man der Bibliothekarin hilft und in der Bücherei mitarbeitet - Einsortieren von Rückgaben, Einschlagen von Neubeschaffungen, Bestelllisten in Beschaffungsformulare übertragen und am Ende dann halt Bestelllisten befüllen: Mühsam arbeitet sich das Eichhörnchen nach vorne in der Queue.\nEines der Bücher aus dieser Zeit, die mir immer wieder in den Sinn kommen, wenn ich dieser Tage Kontakt mit der Realität habe, ist Ypsilon minus. Die dort beschriebene Gesellschaft könnte Sozialismus sein, denn für alle Menschen dort ist ihrer Befähigung nach gesorgt, oder Kapitalismus, denn alle Menschen dort werden quasi-perfekt ausgebeutet, vor allen Dingen ist sie aber (1976!) eine perfekte Big Data-Vorwegnahme, ein Tanz mit der Idee, daß, wenn wir alles über jeden Wissen, den Zufall ausschalten und die Gesellschaft steuern können. Ob das nun eine unsichtbare oder eine staatliche Hand macht, ist für den Ausgang quasi egal.\nUnd so kommt es, daß in Ypsilon minus alle Bürger halb automatisch, halb manuell durchleuchtet und nach ihrer Nützlichkeit für die Gesellschaft bewertet werden. Dieses Rating ist durchaus vielschichtig und sehr komplex, aber am Ende kommt ein Skalar raus - ein Kennbuchstabe von A bis Z. \u0026ldquo;Ypsilon minus\u0026rdquo; ist der gesellschaftliche Schrott, der durch das Raster fällt.\nBen ist ein R - \u0026ldquo;Ben Erman\u0026rdquo; - und ein Rechercheur, der Daten für die Bewertung von Menschen zusammenträgt und erfaßt. Eines Tages bekommt er in einer PK Dick-haften Wendung (\u0026ldquo;A Scanner Darkly\u0026rdquo; erscheint aber erst ein Jahr später, 1977) den Auftrag, sich selbst zu durchleuchten und zu recherchieren und stößt dabei auf eine Zeit von einigen Jahren, an die er sich nicht selbst erinnern kann und auf Leute, von denen er nicht weiß, daß er sie kennt.\nEs stellt sich heraus, daß die Welt nicht immer so war, wie sie war, und daß die jetzigen Machthaber vor nichts mehr Angst haben als vor dem Unberechnenbaren und dem nicht Vorhersagbaren (ein Thema, das viele Jahre später Tom Hillenbrand in Drohnenland noch einmal aufgenommen hat).\nEinen Scifi von 1976 in 2016 zu lesen ist gleichzeitig eine Reise in die Zukunft, in die Gegenwart und in die Vergangenheit, in die von Erman und in meine eigene. Ich habe beim besten Willen keine Idee, wie diese Geschichte auf Euch wirken wird, denn sie ist bei mir durch meine eigenen Kindheitserinnerungen gefärbt, aber… Hey, Herbert W. Franke . Es wird schon passen.\n\u0026ldquo;Ypsilon minus \u0026rdquo;, Herbert W. Franke, EUR 5.99\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-ypsilon-minus.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Ypsilon Minus"},{"categories":null,"content":"(salvaged and edited Google+ Content)\nHeute ist ein Gedanktag, denn an einem Freitag, dem 13. Mai vor 11 Jahren ging das so:\n»Im Rahmen der strengen Sicherheitsbestimmungen für das WEB.DE Rechenzentrum wurden am Freitag Abend aufgrund von Ausfällen in der Klimatisierung sämtliche Server der WEB.DE Dienste vorübergehend heruntergefahren. Diese vorsorgliche Maßnahme dient dem Interesse der Datensicherheit unserer Kunden.\nWir werden im Laufe des Samstag Morgens die Server wieder kontrolliert zum regulären Betrieb hochfahren. Wir entschuldigen uns bei Ihnen für die Unannehmlichkeiten.\nIhre WEB.DE AG«\nIch habe damals als Security-Fuzzi bei web.de gearbeitet und an diesem Tag kam es im Verlaufe des Abends zu einem Totalausfall der Kühlung in allen Rechenzentrumszellen.\nUm eine Beschädigung von persistenten Daten zu verhindern haben wir das gesamte RZ runtergefahren, als die Temperaturen der Zuluft den sicheren Rahmen verlassen haben. Später in der Nacht kam es mit Notkühlung zu einem geplanten Wiederanlauf des Systems und am Samstag war bereits von außen keine Störung mehr erkennbar, auch wenn intern noch eine ganze Menge Systeme degraded waren.\nDanke Euch allen, Ihr wißt wer Ihr seid! Es war eine tolle Zeit und ein unglaubliches Team!\nWas war passiert? Ein Rechenzentrum, das ist eine feuerfeste, luftdichte Kiste, in die man Strom und Netzwerkkabel rein legt. Die Rechner machen Abwärme. Also legt man auch Wasserleitungen rein und wieder raus, und baut drinnen Wärmetauscher ein, die die warme Luft ansaugen, kalt machen und wieder raus pusten.\nDamit man effektiv ist, muß man Straßen für kalte und warme Luft bauen und dafür sorgen, daß die kalte Luft da hin kommt wo sie gebraucht wird.\nAus der RZ-Kiste kriegt man warmes Wasser raus. Und ab da wird es ein wenig anstrengend, mehr dazu weiter unten.\nEs gab also drei große Kältemaschinen, die dann die Wärme in Richtung Kühlkörper nach draußen schaffen. Vor 11 Jahren hat abends die Substeuereinheit für den Betonkasten mit den Kühlkörpern draußen den Befehl bekommen \u0026ldquo;mach das Zulaufventil weiter auf\u0026rdquo;.\nDie Substeuereinheit hat dann gesagt \u0026ldquo;Nö.\u0026rdquo; und ganz zu gemacht.\nAb da hat das ganze System keine Energie mehr aus dem RZ raus holen können, das Wasser in den Kühlkreisläufen wurde wärmer und der Druck stieg.\nAls der Druck zu hoch wurde, bei (1), hat die Kältemaschine hingeschmissen und ihr Backup sprang an. Es gab keine Meldung. Maschine 2 hatte dasselbe Problem und bei (2) passierte dasselbe und Nummer 3 hat übernommen. Als die auch hingeschmissen hat (3), stieg die Zuluft-Temperatur an. Es wurde alarmiert.\nIch war mit einem Haufen anderer Leute noch in der Firma, denn wir saßen bei Bier in der Kantine, um den Tosi, der die Firma verlassen wollte, zu verabschieden und feierlich zu ent-admin-rechten.\nEin Anruf von Armin (Zuluft über 35 Grad, kannste mal gucken?) später stand ich unten im RZ und mir schlug tropische Luft entgegen. Als Securityfuzzi habe ich die Eskalation durchgeführt und wir haben, als die Zuluft-Temperatur zur Gefährdung persistenter Daten geführt hätte, eine Komplettabschaltung durchgeführt (4).\nZiemlich schnell hatte ich zu viele Leute für den Notfall und habe die Hälfte der Mannschaft wieder heim geschickt, mit der Bitte um Mitternacht anzutreten und das aktuelle Team abzulösen.\nArmin und das RZ-Team haben die Klimaanlage auf manuell geprügelt, während meine Gruppe sich um die Maschinen gekümmert hat und versucht hat, die Temperatur unter Kontrolle zu bekommen, indem wir weniger Abwärme produzieren. Einige Personen waren als Melder und Protokollanten eingeteilt, jemand hat sich darum gekümmert, die Kommunikation mit Eva, unserer Pressefrau, und mit dem Vorstand zu koordinieren.\nAls die Klimaanlage jedoch wieder ansprang (5), war sie auf manuell. Das heißt auch, daß sie ungeregelt gelaufen ist und wir auf einmal mindestens 200kW Abwärme liefern mußten, damit das Kühlwasser nicht gefriert. Also haben wir relativ panisch Dienstplanänderung gespielt und Kisten wieder angeschaltet, damit das Klimateam die Rohre nicht kaputtfriert.\nDen Rest der Nacht haben wir dann die Systeme wieder zusammengesetzt und Wiederanlauf von Null gespielt. Um Mitternacht kam die zweite Mannschaft und um Eins ist dann das initiale Eskalationsteam heim gefahren und ins Bett gefallen. Als der Vorstand auftauchte, haben wir ihm eine kurze Führung mit Statusreport durch unsere Notfallkoordination und das RZ geben können. Wir haben das Notfall-Geld genommen und bei der Pizzeria gegenüber eine ununterbrochene Pizza-Versorgung sichergestellt.\nAm Samstag gegen 14 Uhr war volle Redundanz wieder hergestellt und der Rotlevel im Nagios auf dem üblichen Niveau.\nDas war mal alles Scheiße gut eingespielt und durchgezogen.\nWieso war das schwierig? Das Rechenzentrum von web.de befand sich in den Räumen der ehemaligen Pfaff-Nähmaschinenfabrik in der Amalienbadstraße in Durlach.\nDie Räume dort sind im Grunde nicht groß und nicht hoch genug für einen Rechenzentrumsbetrieb. Durch ausgeklügeltes Wärmemanagement ist es dennoch gelungen, mit der Technik von 2005 pro Rack 21kW zu installieren und sicher zu fahren (sechs volle IBM Bladecenter), ohne Wasser bis ins Rack zu führen.\nWir haben da eine ganze Menge Gruppen Klimatechniker (FH) durchgeführt, um die Installation zu demonstrieren.\nDas System hat 21kW pro Rack in einem Raum mit 2.95 Meter Deckenhöhe (45cm Unterboden -\u0026gt; 2.50 Meter bis zur Decke) fahren können und den Airflow mit Kaltgang-Warmgang und Zwangsbelüftung der Racks gefahren.\nDie alte Situation vor Ort: Rechenzentrumszelle mit 7kW Racks. Niedrige Deckenhöhe, räumlich beengte Situation. Doppelboden noch solid, und geschlossene Glastüren am Rack.\nEs war außerdem noch nicht betrieblich von der Klimafirma an web.de übergeben. Da es sich um eine Aufrüstung eines bestehenden Rechenzentrums (7kW bzw. 10kW auf 21kW) gehandelt hat, war jedoch produktiver Betrieb da drin.\nNach dem Vorfall haben wir nur noch mit den Anwälten von web.de reden dürfen, die dann den Anwälten von der Klimafirma gesagt haben, was sie den Technikern von der Klimafirma sagen sollen.\nDer Fehler besteht übrigens darin, in einer alten denkmalgeschützten Nähmaschinenfabrik in Durlach RZ-Betrieb zu machen, anstatt sich massenhaft Platz in einem Gewerbegebiet anderswo zu besorgen.\nDort hätte man 4-5 Meter Raumhöhe haben können, wäre unter Umständen auf der Alb oder im Schwarzwald und nicht im heißen Rheintal und hätte auch so viel Platz, daß man statt mit 21kW pro Rack mit 7kW pro Rack hätte planen können. Das heißt, man wäre mit drei Mal weniger Density hin gekommen.\nIn dem Fall hätte man dann einfach normale Klima von der Stange genommen und alles wäre langweilig gewesen. Langweilig ist gut.\nAufbau und Umrüstung des Klimasystems Die Bauarbeiten zur Klimaaufrüstung und RZ-Erweiterung fanden im laufenden Betrieb statt.\nBauplan für die Klimaanlage, mit Rohrführungen, Pumpen und anderen Details.\nWas man an dem Bauplan sehen kann: Zu einem Rechenzentrum gehören nicht nur Rechner, sondern auch eine ganze Menge Infrastruktur.\nUnter anderem Kühlung. Hier sehen wir den Plan für drei Kältemaschinen, die im inneren Kühlkreislauf Wasser aus Wärmetauschern in den Rechenzentrumszellen bekommen, es kühlen und in die Wärmetauscher zurück leiten.\nDer äußere Kühlkreislauf enthält Wasser, das dabei erwärmt wird. Dieses Wasser wird nach außen zu einer Reihe von großen Kühlkörpern geleitet, die diese Wärme nach außen an die Umgebung abgeben.\nDrei Wärmepumpen, die dem inneren Kühlkreislauf Energie entziehen und in den äußeren Kreislauf bewegen.\nDetailaufnahme einer Wärmepumpe. Die Technik ist dieselbe wie hinten an jedem Kühlschrank, nur größer. Das Aggregat wiegt 6 Tonnen und steht zur Schwingungsdämpfung auf einem \u0026ldquo;schwimmenden\u0026rdquo; Sockel.\nIn der Realität sehen diese Dinger so aus und wiegen in etwa 6 Tonnen. Pro Stück. Und rappeln sehr laut, wie ein Kühlschrank, bei dem der Kompressor läuft, wenn der Kompressor dauernd laufen würde und 6 Tonnen wöge.\nDarum stehen die Dinger auch auf entkoppelten Betonfundamenten.\nSchweißarbeiten an den Kühlwasserrohren des inneren Kühlkreislaufes. Es ist ziemlich viel Wasser zu bewegen, entsprechend haben wir auch einen großen Rohrdurchmesser.\nDie Verteilerzentrale und die Pumpen für die Kühlung des Rechenzentrums (Ausschnitt) verteilt das Wasser des inneren Kühlkreislaufes in die Rechenzentrumszellen.\nDie Kühlkörper stehen in in einem großen Betonbunker. Links sieht man noch blau verpackt die Rohranschlüsse, mit denen Wasser zu den Kühlkörpern geleitet wird.\nDort, bei den blauen Abdeckungen, war später das motorisierte Steuerventil mit der Substeuereinheit, die den Ärger gemacht hat.\nDie Kühler werden geliefert.\nJeder Rückühler mit Kupferlamellen und Lüftern. Außerdem können wir Verdunstungskälte durch Versprühen von kalkfreiem Wasser erzeugen. Das ist notwendig, weil das Rechenzentrum im Rheintal steht, einem denkbar ungünstigen Ort für die Kühlung von Rechenzentren.\nDas Schwarze da links und rechts ist im wesentlichen ein Kühlkörper mit Kühlrippen, genau wie die Kühlung auf der CPU Eures Desktop-Gamer-Rechners. Pro Kühler und Seite haben wir aber 6 qm. Und die CPU-Lüfter da oben über dem Kopf des Fotografen - naja, haltet Euren Arm da besser nicht rein.\nDie Kühlung wird getestet, bevor die Rechner ins RZ kommen. Dazu mietet man Heizlüfter an und simuliert Abwärme. Das ist ein ziemlicher Hightech-Prozeß, wie man sehen kann.\n","date":"2016-05-13T00:00:00Z","href":"https://blog.koehntopp.info/2016/05/13/freitag-der-13-im-rechenzentrum.html","tags":["lang_de","data center"],"title":"Freitag, der 13. im Rechenzentrum"},{"categories":null,"content":"Venus hat einen Ring ausgespuckt und das hat sich irgendwo weit draußen, noch hinter dem Uranus, da wo das System zu Ende ist, positioniert. Die nackten Affen auf ihrem Reaktionsantrieb brauchen ewig, um da hin zu kommen.\nEiner fliegt da hin, auf einer Einmalrakete, und saust an den versammelten Flotten von Erde, Mars und Asteroidengürtel vorbei durch den Ring - der ein Stargate ist, das sich jetzt initialisiert hat. Es führt in ein Nichts, in dem sich eine Station und offenbar 1300 weitere Stargates befinden. Bewoht? Aufgelassen? Gefährlich? Unklar.\nDie nackten Affen führen Krieg um die Kontrolle des Gates, fliegen durch, und bringen sich dabei beinahe um, indem sie uralte Waffensysteme triggern - oder vielleicht auch nur das intergalaktische Äquivalent von Ungezieferfallen.\nAuf eine Weise ist dies wie Band 2, nur ohne die Mädels um ihn zu retten. Ein Haufen planloser Cowboys versucht sich auf dieselbe Weise umzubringen wie immer, wie durch ein Wunder überleben unverdient einige davon.\n\u0026ldquo;Abbadon\u0026rsquo;s Gate \u0026rdquo;, James S.A. Corey, EUR 8.99\nLeviathan Wakes Caliban\u0026rsquo;s War Abbadon\u0026rsquo;s Gate Cibola Burn ","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-abbadons-gate.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Abbadon's Gate"},{"categories":null,"content":"Dritter und letzter Teil der \u0026ldquo;Reckoners\u0026rdquo;-Serie. Die Storymechanik ist formal dieselbe wie in den ersten beiden Teilen - eine neue \u0026ldquo;exotische\u0026rdquo; Stadt, ein Epic zum Töten und Verwicklungen. Die neue Stadt ist Ildithia, vormals Atlanta, jetzt eine wandernde Stadt aus Salz und der Gegner ist - so scheint es - Prof, der durch die Geschehnisse im zweiten Band an die Dunkelheit verloren ging. Doch es geht auch um Regalia\u0026rsquo;s Vermächtnis und ihren geheimnisvollen Kontakt zu Calamity selbst, der Quelle der Mächte der Epics.\nGut, aber routinemäßig erzählte Geschichte, deren Big Reveal aber spätestens bei 66% klar erkennbar und vorhersehbar ist. Und noch dazu ideenmäßig lahm. Für Sanderson klar unter par gespielt.\n\u0026ldquo;Calamity \u0026rdquo;, Brandon Sanderson, EUR 10.99\n","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-calamity.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Calamity"},{"categories":null,"content":"Ok, nachdem Julie Mao und das Protomolekül auf der Venus gelandet sind, fangen sie dort an, den Zielplaneten umzubauen - wozu ist bis auf weiteres noch unklar.\nUnterdessen spielt jemand oder etwas auf Ganymed mit einer Variante des Protomoleküls rum, und das geht natürlich schief. Außerdem klaut jemand dort Kinder, und Holden und seine Leute werden in die Sache verwickelt. Am Ende wird alles gut und die Erde kriegt ein Stargate.\nOhne die Mädels - Bobbie Draper und Chrisjen Avasarala - wäre dieses Buch zum Schreien unerträglich, so ist es nur anstrengend. \u0026ldquo;Caliban\u0026rsquo;s War \u0026rdquo;, James S.A. Corey, EUR 7.99\nLeviathan Wakes Caliban\u0026rsquo;s War Abbadon\u0026rsquo;s Gate Cibola Burn ","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-calibans-war.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Caliban's War"},{"categories":null,"content":"Juhu, kommerzielle Siedler fliegen durch die Gates zu einer der Welten irgendwo anders - Illus heißt das neue zu Hause, und andere Siedler sind da bereits vorher angekommen. Die neue Welt ist unwirtlich, im Grunde groß genug für alle, und man ist von jeder Versorgung einige Flugzeitjahre weit abgeschnitten.\nDarum führen die nackten Affen dort erst einmal Krieg gegeneinander, hauen sich ihre knappen Ressourcen weg. Im weiteren Verlauf der Geschichte entdeckt man, was die Großen Alten auf diese lithiumreichen Welt eigentlich gemacht habe, daß Illus weniger ein Planet als eine große Maschine ist und daß Lithium-Reaktoren, die einige Milliarden Jahre lang ohne Wartung aus waren eine ganze Menge Bumm machen können.\nUnd daß eine unwirtliche Welt nach dem Bumm so richtig unwirtlich ist.\nOk, ich hab es nicht fertig gelesen, sondern große Strecken Murty-Schwanzvergleich, alles-ist-matschig-und-schlimm und ähnliches Nerv überlesen. Ein wenig Italowestern mit Weltraumwaffen und noch viel mehr \u0026lsquo;unwissende Menschen stolpern durch Alien-Supertech und machen alles kaputt\u0026rsquo;.\nBand 5, Nemesis Games, liegt ungelesen im SUB. Nicht oben. Band 6, Babylon\u0026rsquo;s Ashes, ist vorbestellbar für den 16. Juni. Theoretisch. \u0026ldquo;Cibola burn \u0026rdquo;, James S.A. Corey, EUR 5.99\nLeviathan Wakes Caliban\u0026rsquo;s War Abbadon\u0026rsquo;s Gate Cibola Burn ","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-cibola-burn.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Cibola burn"},{"categories":null,"content":" Hör Du meine Worte und suche eine Torte eine Torte sollst Du suchen auf keinen Fall \u0026rsquo;nen Kuchen!\nDas Buch ist eine wirre Parodie auf \u0026ldquo;Wähle Dein eigenes Abenteuer\u0026rdquo;-Heftchen und Bücher wie sie populär waren als ich circa 8 Jahre alt war.\nIch fand eine Referenz auf das Buch vor vielen Jahren in einem Kapitel-Anriß-Zitat in einem Commdore ROM-Buch von Ralph Babel und Andreas Dripke und habe dann einfach mal die Quelle gesucht und gekauft. Man findet eine ganze Menge lustige Ideen und Zitate drin, aber es ist halt eine sinnlose Parodie.\nAber gerade heute vom Titel her so passend aktuell. Ich mag nur die Visage von der Storch nicht in meinem Stream haben.\n\u0026ldquo;Die Torte schlägt zurück \u0026rdquo;, Ulrich Kaiser, Euro 3.39\n","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-die-torte-schlagt-zuruck.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Die Torte schlägt zurück"},{"categories":null,"content":"Ein Junge lebt bei seinem alkoholsüchtigen Vater und will der Mißhandlung und dem Mißbrauch entkommen. Er flieht, baut sich eine neue Existenz auf, und gerät dabei auf die schiefe Bahn und mit Geheimdiensten und Terroristen in Konflikt. Im Laufe der Geschichte gelingt es ihm, seinen Frieden mit seinem Vater und seiner Vergangenheit zu machen, eine sinnvolle Beziehung aufzubauen und seine Existenzgrundlage wieder auf Spur zu bringen.\nDie Tatsache, daß er ein Teleporter ist, ist dabei für die Handlung eher Nebensache.\nIch hatte dieses Buch jahrelang in meinem SUB, weil der Film ein solcher unansehbarer Mist war. Stellt sich raus - das Buch ist überaus okay, sehr lesbar - und empfehlenswert.\n\u0026ldquo;Jumper \u0026rdquo;, Steven Gould, EUR 4,86\n","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-jumper.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Jumper"},{"categories":null,"content":"Kardashev Scale : Die Erde - eine bewohnbare Insel in der Mitte von Nichts, unterbrochen von tödlichen, unbewohnbaren Stücken Nicht-Nichts. Ein Affenfelsen. Die nackten Affen auf dem Affenfelsen haben sich mit Mühe in die Gegend von Kardashev 1 hoch gearbeitet und reiten auf nuklearen Reaktionsantrieben durch ihr Sonnensystem, auf der Suche nach Ressourcen und Waffen.\nDabei wecken sie aus Unwissenheit, Gier und Mordlust ein zwei Milliarden altes Überbleibsel einer inzwischen verstorbenen Karadashev III Zivilisation auf. Und es keimt noch, und baut… Dinge um, um seinen uralten, programmierten Zweck zu verfolgen.\nLeviathan Wakes ist inzwischen auch eine Fernsehserie. Buch und Serie zeichnen den Konflikt zwischen der Erde und ihren unterschiedlich weit entwickelten Kolonien auf dem Mars und im Asteroidengürtel nach - ein fragiles Gleichgewicht, daß durch die Ankunft von … etwas durcheinander geworfen wird. Das Buch zeichnet die Geschichte von Kapitän Jim \u0026ldquo;Mary Sue\u0026rdquo; Holden und seiner Restcrew und die Erlebnisse von Miller, einem plattfüßigen Cop, der bei weitem nicht so abgebrüht ist wie er sich selber sieht nach, die beide in das Erwachen von … Etwas und eine interplanetare Intrige verstrickt werden.\nEpische, auf 10 Bände angelegte Hard-Scifi mit einer gewissen erzählerischen Ruhe, die manchmal anstrengend ist (\u0026ldquo;Jetzt bringt den verblödeten Arc schon voran, ich habe verstanden, wen Ihr da wie characterisieren wollt\u0026rdquo;). Dennoch feine Lektüre. Die Serie ist einigermaßen nah am Buch.\n\u0026ldquo;Leviathan Wakes \u0026rdquo;, James S.A. Corey, Euro 7.99\nLeviathan Wakes Caliban\u0026rsquo;s War Abbadon\u0026rsquo;s Gate Cibola Burn ","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-leviathan-wakes.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Leviathan Wakes"},{"categories":null,"content":"Kelsier ist tot, aber er ist der Survivor und mag deswegen nicht abtreten so wie es von ihm verlangt wird. Also irrt er durch die Nachwelt, was Sanderson als Cognitive Realm bezeichnet, anstatt wie alle anderen in den Spiritual Realm abzutreten. Wie dem auch sei, Kelsier und mit ihm der Leser, dringen auf diese Weise hinter die Kulissen von Scadrial vor und bekommen so eine Tour von der Cosmere-Mechanik hinter dem Konflikt zwischen Preservation und Ruin und eine Menge Cameos von den ganzen Weltenbummlern, die im Cosmere unterwegs sind.\nDas Buch ist Fan-Service und Cosmere-Klebstoff. Es ist für das Verständnis der Mistborn-Dinge nicht erforderlich, und ist selbst auch ohne weitere Informationen aus Coppermind und allen Links durch nicht vollständig verständlich. Es ist im wesentlich Futter für die Crews vom Coppermind Wiki und vom 17th Shard. Also Geekmaterial.\n\u0026ldquo;Mistborn: Secret History \u0026rdquo;, Brandon Sanderson, Euro 4.99\nMistborn: The Final Empire, #1-#3 Mistborn: The Allow of Law, #4-#6 Mistborn: Secret History ","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-mistborn-secret-history.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Mistborn: Secret History"},{"categories":null,"content":"Einige hundert Jahre nach dem Kataklysmus von \u0026ldquo;Hero of Ages\u0026rdquo; und der Neugestaltung der Welt durch Harmony leben die Menschen im Wesentlichen im fruchtbaren Becken von Elendel. Die Außenbezirke - die Roughs - sind kaum besiedelt. Waxillium Ladrian - eigentlich der Stammhalter von House Ladrian - flüchtete vor seiner Verantwortung als House Lord dort hin und verfolgte eine Karrie als Lawman, Sheriff, dort draußen im Wilden Westen von Scadrial.\nDoch als Stammhalter von Ladrian (und nach dem Tod seiner eigentlichen Liebe draußen in den Roughs) muß er zurück in die Stadt, und in eine arrangierte Ehe mit Steris Harms - und eine Reihe von Verbrechen aufklären, die Elendel in Atem halten. Er gerät in einen viel größeren Plot, muß sich einem alten Gegner aus den Roughs stellen, und enttarnt eine Verschwörung, die wie sich herausstellen wird, eine noch viel größere Verschwörung tarnt. Denn im zweiten Band lernen wir einen Kandra kennen, der verrückt geworden ist und die Bevölkerung von Elendel aufwiegelt und zur Revolution anstachelt. Doch wie findet man einen Gegner, der Gestaltwandler ist und sich offenbar auch die Kräfte seiner Gegner aneignen kann? Wax findet in letzter Sekunde einen Weg, und lernt dabei, daß seine große Liebe - Lessie - nie existiert hat und auch nie gestorben ist, sondern daß er von Harmony manipuliert worden ist.\nIm Buch Drei geht es dann auf die Suche nach Wax verschwundener Schwester, den Metalminds des Lord Rulers und um Edwarn Ladrian - Mr. Suit, den Bösewicht aus dem ersten Band. Stellt sich heraus: Edwarn und seine Organisation \u0026ldquo;The Set\u0026rdquo; snid weitaus höher organisiert und stärker als erwartet und sie \u0026ldquo;haben\u0026rdquo; Wax Schwester Telsin. Auf der Suche nach ihr und den Hinterlassenschaften des Lord Ruler findet die Gruppe auch heraus, daß sie nicht die einzigen Überlebenden der Umgestaltung der Welt sind. Andere, weitaus kälteempfindlichere Menschen haben ebenfalls überlebt und eine ganz eigene, beeindruckende Überlebenstechnik entwickelt.\nSanderson etabliert eine ganz neue, vom ersten Dreiteiler Mistborn verschiedene Epoche, in der die Metallmagie Bestandteil des Alltags einer Zivilisation an der Schwelle zur Moderne ist. Der Konflikt zwischen der ständischen Gesellschaft verkörpert in Wax und der Moderne verkörpert in Edwarn und dem Set ist zugleich das zentrale Thema der Bücher,\nFlüssig und schlüssig zu Lesen. Empfehlenswert.\nBrandon Sanderson:\n\u0026ldquo;The Alloy of Law \u0026rdquo;, EUR 7.03\n\u0026ldquo;Shadows of Self \u0026rdquo;, EUR 11.80\n\u0026ldquo;The Bands of Mourning \u0026rdquo;], EUR 12.99\nMistborn: The Final Empire, #1-#3 Mistborn: The Allow of Law, #4-#6 Mistborn: Secret History ","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-the-alloy-of-law-shadows-of-self-the-bands-of-mourning.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: The Alloy of Law, Shadows of Self, The Bands of Mourning"},{"categories":null,"content":"Auch hier gibt es Parallelwelten, sie sich zwischen der durch die Drachen kontrollierten Ordnung und dem von den Fae beherrschten Chaos aufspannen - je Fae, desto Magie. Alle diese Welten sind durch die Türen zur unsichtbaren Bibliothek miteinander verbunden - warum und was ihre Aufgabe ist, wird in diesem Band noch nicht klar.\nIrene jedenfalls besorgt als Agentin und Bibliothekarin seltene Bücher für die Bibliothek, und in diesem Fall muß sie zusammen mit dem Anfänger-Bibliothekar Kai einen ganz besonderen Band der Gebrüder Grimm beschaffen. Es kommt zu Verwicklungen - und es stellt sich raus, daß Kai weit mehr ist, als ein Bibliothekslehrling.\nInnovativ aufgezogene Parallelweltgeschichte mit Steampunk-Dekoration, kleine Längen, viel Action. \u0026ldquo;The Invisible Library \u0026rdquo;, Genevieve Cogman, EUR 5.59\nMehr Reviews:\nThe Invisible Library The Masked City ","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-the-invisible-library.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: The Invisible Library"},{"categories":null,"content":"Die Kombination von Terry Pratchett und Stephen Baxter ist ja nun ein wenig extrem - ein Erzähler von Fabeln mit Fantasy-Anstrich, dem es primär um Charactere geht und ein Autor von Hard-Scifi mit einem Religionskomplex, der mit Characteren immer so seine Probleme hat. Außer, daß die beiden Briten sind, verbindet die wahrscheinlich sehr wenig, sollte man meinen.\nAber wenn sie auf einem Con die Köpfe zusammenstecken und ein Szenario ausbrüten, dann kommt so was wie \u0026ldquo;The Long Earth\u0026rdquo; dabei raus.\nStellt sich nämlich heraus, wir haben nicht nur eine Reserve-Erde im Kofferraum, sondern einige Millionen davon. Und mit einem simplen Device (das unbedingt eine Kartoffel enthalten muß) kann man von einer Erde auf die nächste Steppen - die liegen nämlich wie Karten in einem Kartenstapel nebeneinander und man kann sich nach \u0026ldquo;Ost\u0026rdquo; und \u0026ldquo;West\u0026rdquo; in die nächste Erde weiter blättern - Erden, die sich von unserer Erde in Details unterscheiden. Details, die sich aufsummieren und je weiter man sich von unserer Erde entfernt, um so fremder wird alles. Ein Detail, das unsere Erde - Datum-Earth - von allen anderen Erden unterscheidet, ist der Mensch.\nWährend steppen am Anfang zu Verwirrung führt, weil Leute es mehr so aus versehen tun, führt im Nachgang des Buches zu Expansion, zu Erstkontakt, zu wirtschaftlichen Verwerfungen und am Ende zu Krieg. Aber da sind wir dann auch schon in Band 2.\nDas Buch liest sich wie ein Buch aus einer faszinierenden Alternativ-Erde, in der Terry Pratchett sich entschieden hat, weiter Scifi zu schreiben anstatt Fabeln mit Fantasyanstrich zu produzieren.\n\u0026ldquo;The Long Earth \u0026rdquo;, Pratchett, Baxter, EUR 6.99\n","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-the-long-earth.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: The Long Earth"},{"categories":null,"content":"Frau Cogmans zweiter Streich betreffend die unsichtbare Bibliothek: Die Fae haben ihre Jungdrachen und Assisten Kai geklaut und in einer Version von Venedig tief im Chaos versteckt. Um einen weltenvernichtenden Krieg zwischen den Drachen und den Fae abzuwenden muß sie los und Kai sowie gleich ein paar Welten retten.\nEin Fall von \u0026ldquo;More of the same\u0026rdquo;, in vergleichbarer Qualität wie Band 1 - gut geschilderte Steampunk-Action mit leichten Längen. Es wäre bestimmt auch ein farbenfrohes und actionreiches Drehbuch.\n\u0026ldquo;The Masked City \u0026quot;, Genevieve Cogman, EUR 5.59\nMehr Reviews:\nThe Invisible Library The Masked City ","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-the-masked-city.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: The Masked City"},{"categories":null,"content":"Aschenputtel - Prinzessin Danielle - hat ihren Prinz geheiratet - doch der wird entführt. Stellt sich raus, die Königin hat ihren eigenen Geheimdienst und Danielle bekommt Gelegenheit, sich im Auftrag ihrer Majestät zu bewähren. Zusammen mit Talia \u0026ldquo;Sleeping Beauty\u0026rdquo; und Snow White zieht sie los, um ihren Distressed Dude zu retten - und das Königreich natürlich auch. Eine frühe Schreibarbeit von Hines, und man merkt es am Storytelling und an der Schreibe. Dennoch ein unterhaltsames Action-Buch mit spannenden Characteren.\n\u0026ldquo;The Stepsister Scheme \u0026rdquo;, Jim C. Hines, Euro 6.03\n","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-the-stepsister-scheme.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: The Stepsister Scheme"},{"categories":null,"content":"Auf der Insel Taranoke lebt das Mädchen Baru Cormorant, als ihr Volk mit den Händlern des Imperiums von Falcrest Kontakt macht und Taranoke durch den sich entwickelnden Wirtschaftskrieg und Kulturkampf assimiliert wird. Baru ist eine begnadete Buchhalterin und wird in einer Falcresti Eliteschule auf Taranoke indoktriniert - sie spielt ihre Rolle gut, denn es ist ihr Ziel, für die Zerstörung ihrer Familie und ihrer Heimat am Imperium Rache zu nehmen.\nUnd so kommt sie als Buchhalter des Imperiums in dass Kalte und von internen Machtkämpfen zersetzte Aurdwynn, wo sie erst auf der Seite des Imperiums und danach für sich selbst eine Reihe von Wirtschafts- und anderen Kriegen anzettelt. Am Ende… bleibt nur noch die hohle Maske.\nWow. Dickinson schafft es, eine absolut fesselnde Geschichte über Buchhaltung, Finanzierung von stehenden Heeren, geopolitische Machtkämpfe und persönliche Zwistigkeiten zu erzählen und dabei sowohl ergreifend nah an den Characteren und zugleich kilometerhoch über strategischen Karten zu sein. Bestes Buch seit langem. Dringende Leseempfehlung.\n\u0026ldquo;The Traitor \u0026rdquo;, Seth Dickinson, Euro 8.39\n","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-the-traitor.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: The Traitor Baru Cormorant"},{"categories":null,"content":"»\u0026ldquo;What Do You Care What Other People Think?\u0026rdquo;: Further Adventures of a Curious Character. Biographie von Richard P. Feynman, Nobelpreisträger und Mitglied der Untersuchungskommision zur Explosion des Space Shuttle \u0026ldquo;Challenger\u0026rdquo; vor genau 30 Jahren.\nWhat Do You Care What Other People Think? Der zweite Teil des Buches (\u0026ldquo;Mr Feynman goes to Washington\u0026rdquo;) beschäftigt sich genau mit diesem Teil seines Lebens und ist eine faszinierende Lektüre, auch für Nicht-Geeks.\nIch bin eigentlich nicht jemand, der viel \u0026ldquo;Vorbilder\u0026rdquo; hat, aber wenn man mich zwingen würde genau eine Person mit dem Label \u0026ldquo;Vorbild\u0026rdquo; zu bekleben, dann wäre Feynman keine schlechte Wahl, glaube ich.\n\u0026ldquo;What Do You Care What Other People Think? \u0026rdquo;: Further Adventures of a Curious Character (Kindle Edition), EUR 5.99\n","date":"2016-01-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/01/28/fertig-gelesen-what-do-you-care-what-other-people-think.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: What Do You Care What Other People Think?"},{"categories":null,"content":"Ok. So I read earlier works from Rafael Chandler and while they have been grim und bloody they also have been light and funny. This one is different.\nDracula Chandler does a weird and impossible thing - he takes Frankenstein and Dracula and mixes and genderbends the two tales to create something else, which is unique - strangely depressing and entertaining at the same time. Reading this was no fun at all, and yet I was entertained. I knew the characters showing up, and yet they were new and different, but still themselves. I knew what was going to happen, and still was surprised by the turns and twists taken.\nThis is a classic horror disco, and Chandler DJ\u0026rsquo;s old and familiar stuff into something new with its very own and different rhythm. I have no idea if you will like this, but under 3 EUR this is a controllable risk. Try it out.\n\u0026ldquo;Dracula: The Modern Prometheus \u0026rdquo;, Rafael Chandler with a lot of help from Mary Shelley and Bram Stoker, EUR 2.99\n","date":"2015-11-30T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/30/fertig-gelesen-dracula-the-modern-prometheus.html","tags":["lang_en","book","media","review","fantasy"],"title":"Fertig gelesen: Dracula: The Modern Prometheus"},{"categories":null,"content":"Was als ein fehlgeschlagenes Experiment beginnt, in dem ein künstliches schwarzes Loch in die Erde fällt und beginnt diese von innen zu zerfressen wird am Ende zu einem Krieg gegen unbekannte Aliens, die die Erde schon 1908 angegriffen und mit einer Raumzeitbombe zum Tode verurteilt haben.\nWas aber auch egal ist, denn die Handlung, 50 Jahre in der Zukunft von 1990, dient nur als Hintergrund für eine Reihe von Vorhersagen.\nJetzt, 25 Jahre später, haben wir Halbzeit und in David Brin\u0026rsquo;s Blog sowie in Wikipedia wird sein Score fortgeschrieben.\nEr liegt gar nicht so schlecht. Und so egal war mir die Handlung dann doch nicht, denn ganz nebenbei ist es dann doch eine recht gute Scifi-Geschichte.\n\u0026ldquo;Earth \u0026rdquo; (1990), David Brin, EUR 7.26\n","date":"2015-11-30T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/30/fertig-gelesen-earth.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Earth"},{"categories":null,"content":"Nach den drei Büchern um Annabelle Rosenherz hat Anja Bagus mit Falk und Minerva ein zweites Paar in ihrem Ætherwelt-Universum angesiedelt. \u0026ldquo;Waldesruh \u0026rdquo; war der erste Band, \u0026ldquo;Glasberg\u0026rdquo; setzt die Geschichte fort.\nGlasberg Eines der Merkmale der Ætherwelt ist ja, daß sie als eine Art \u0026ldquo;Steampunkt Shadowrun\u0026rdquo; funktioniert, in der die Rückkehr der Magie in die Welt dazu führt, daß sich Mythen und Fabelwesen in unserer Welt etablieren oder Menschen in solche Wesen verzerren. Anja Bagus baut das weiter aus, und vermischt und verbiegt Handwerks-Mythen aus dem Glasbläserhandwerk, Märchen aus der Schwarzwald-Region und dem Sagen aus dem Rheintal zu einem Geflecht, das mit der eskalierenden Handlung immer wilder wird.\nStreckenweise muß man ganz bewußt seine Suspense of Disbelief einschalten oder elegant um das eine oder andere Plothole drumrum lesen, aber alles in allem eine feine Fortsetzung der Ætherwelt, und auf eine Weise auch eine gute Inspiration für eine eigene Rollenspielrunde, wenn es thematisch in den Kram passt.\n\u0026ldquo;Glasberg \u0026rdquo;, Anja Bagus, EUR 3.99 (frei für Kindle unlimited)\n","date":"2015-11-30T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/30/fertig-gelesen-glasberg.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: Glasberg"},{"categories":null,"content":"Wenn Peter F. Hamilton versucht, alle Modewellen von 1993 gleichzeitig zu reiten, dann schreibt er einen YA Roman, der in der grimmen Zukunft eines durch Klimawandel und Sozialismus zugrunde gerichteten Post-Peak-Oil England spielt und versucht, Cyberpunk zu sein. Wenn man dabei Worte wie \u0026ldquo;Cybofax\u0026rdquo; liest, dann ist das niedlich, aber Smartphones waren 1993 noch nicht erfunden, und Hamilton hat sie korrekt vorhergesehen, wenn er auch den Namen nicht wissen konnte, den wir diesen Dingen geben werden würden. Anyway, das mit dem Cyberpunk hat nicht so richtig geklappt - zwar ist England durch Klimawandel überschwemmt und subtropisch transformiert und die Zuwanderung von Klimaflüchtlingen hat zu einer Dekade sozialistischer Schreckensherrschaft geführt, aber Hamilton ist viel zu optimistisch und gleichzeitig harmlos-naiv als daß er korrektes Cyberpunk hin bekäme.\nUnd so ist in seiner Welt Event Horizon, die Firma von Mary Sue, äh, Julia Evans, dabei, die postapokalyptische Welt zu transformieren und in eine bessere Zukunft zu führen. Dabei kommt es zu Verwicklungen, und in denen steht ihr Greg Mandel als Runner zur Verfügung.\nMandel ist ein militärisches Mutationsexperiment und hat eine Psidrüse, die ihn zu einem Empathen macht. Nachdem er den Militärdienst beendet hat, eröffnet er also eine Privatdetektei und durch ein paar unwahrscheinliche Verkettungen bekommt er einen Auftrag von Event Horizon, den er natürlich so überlegen löst, daß er auch in den Folgebänden wieder engagiert wird.\nDie Bücher sind die Erstlingswerke von Hamilton und das merkt man - sie sind definitiv anders als aktueller Hamilton.\nMit 22 Jahren Abstand lesen sie sich niedlich und auf eine distanzierte Weise unterhaltsam, aber man ist laufend dabei, über die Sprache zu stolpern (siehe Cybofax oben) und die Zukunft der Geschichte mit den Entwicklungen der Gegenwart zu vergleichen.\nPeter F. Hamilton:\n\u0026ldquo;Mindstar Rising \u0026rdquo; (1993), EUR 6.99\n\u0026ldquo;A Quantum Murder \u0026rdquo; (1994), EUR 6.93\n\u0026ldquo;The Nano Flower \u0026rdquo; (1995), EUR 6.99\n","date":"2015-11-30T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/30/fertig-gelesen-mindstar-rising-a-quantum-murder-the-nano-flower.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Mindstar Rising, A Quantum Murder, The Nano Flower"},{"categories":null,"content":"Dritter und letzter Teil der 2. Trilogie in der Ætherwelt, eine Falk-und-Minerva-Geschichte. In der wir endlich Fafnir treffen, die französischen Dampf-Kampfroboterinnen Action sehen, die Naniten zurück kommen und Thor Loki endlich aufs Maul haut. Oder anders gesagt - Anja Bagus dreht auf.\nRheingold Ich glaube, wegen dieses einen Buches will ich die ganze Ætherwelt-Sache dringend mit großem Etat verfilmt sehen. Weil, was Marvel kann, kann Frau Bagus auch, aber mit Dampf, Ætherblitzen und Pickelhauben. Mir egal, ob die Story noch Sinn macht, ich hab eh nicht mehr drauf geachtet und die Explosionen genossen. Popcornkopfkino, bei einsetzender Logik einfach was mit Rum mixen und dazu trinken und dann weiter lesen.\n\u0026ldquo;Rheingold \u0026rdquo;, Anja Bagus, EUR 3.99 (freigegeben für Kindle unlimited)\n","date":"2015-11-30T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/30/fertig-gelesen-rheingold.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: Rheingold"},{"categories":null,"content":"Tobias Klausmann schiebt uns in ein fremdes Universum und erklärt nichts: Jemand stiehlt ein Raumschiff und der Schiffscomputer kann reden. Das Schiff scheint ein Prototyp zu sein, und schneller oder besser als andere Schiffe zu sein, und offenbar ist es was besonderes, daß der Schiffscomputer eine allgemeine künstliche Intelligenz ist.\nSlingshot Im Laufe des Buches erfahren wir mehr über die Diebin, warum sie das tut, was sie tut und wo die Konfliktlinien in Klausmanns Universum verlaufen. Die Geschichte selbst ist dabei weniger wichtig - sie ist sowieso kaum mehr als eine Reihe von Sprüngen von System zu System, und dient nur als Hintergrund für die Interaktionen der Charactere. Die sind allerdings ganz wunderbar gezeichnet und auf dieser Reise in und durch ein fremdes Universum meine Freunde geworden.\nKlausmanns erstes Buch. Ein zweiter Teil ist auf dem Weg. Ich werde ihn kaufen.\n\u0026ldquo;Slingshot \u0026rdquo;, Tobias Klausmann, EUR 2.99\nMehr Reviews:\nSlingshot Retaliation ","date":"2015-11-30T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/30/fertig-gelesen-slingshot.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Slingshot"},{"categories":null,"content":"Laundry #6, \u0026ldquo;Superhelden und Superkräfte\u0026rdquo;, aus der Perspektive von Mo. Endlich. Bob aus der Außenansicht ist auch großartig, und Mo auf Ramona und Mhari treffen zu sehen…\nThe Annihilation Score Andererseits fehlt der Witz von Bob, und Stross dreht in Vorbereitung auf CASE NIGHTMARE GREEN den Gore-Level deutlich hoch. Ein Brückenbuch. Wahrscheinlich notwendig in der Architektur der Serie, aber ich hoffe sehr, daß das nächste wieder besser wird.\n\u0026ldquo;The Annihilation Score \u0026rdquo;, Charles Stross, EUR 14,99 \u0026lt;- den Premium-Preis definitiv nicht wert.\n","date":"2015-11-30T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/30/fertig-gelesen-the-annihilation-score.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: The Annihilation Score"},{"categories":null,"content":"Siehe auch Finishing School Series für #1 und #2 der Serie.\nWaistcoats and Weaponry Sophronia und ihre Freundinnen geraten in einen verwirrenden Plot, in dem sie mit einem Luftschiffchen einem geheimnisvollen Zug folgen, um am Ende in eine Konfrontation mit dem Pickelmen-Papa eines Evil Genius zu geraten. Wenn das belanglos klingt, dann, weil es belanglos war.\nGail Carriger treibt den Plot ein wenig weiter, aber am Ende fällt der dritte Band nach den unterhaltsamen ersten beiden Teilen bös ab. Irgendwie war nicht genug Stoff für die Handlung da, glaub ich, oder das Buch mußte schnell fertig werden.\n\u0026ldquo;Waistcoats and Weaponry \u0026rdquo; (Finishing School #3), Gail Carriger, EUR 6.49\n","date":"2015-11-30T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/30/fertig-gelesen-waistcoats-and-weaponry.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: Waistcoats and Weaponry"},{"categories":null,"content":"Die verschiedenen Versionen von London unterscheiden sich in fast allem außer dem Namen. Sie liegen im Multiversum nebeneinander wie die Seiten eines Buches, und unterscheiden sich insbesondere in der Stärke der Magie - Grey London, unsere Welt, Red London, eine Welt der Fae mit starker Elementarmagie, White London, in dem die Magie noch stärker und wilder ist und deswegen durch Willen und Kontrolle in Ketten gelegt worden ist.\nA Darker Shade Of Magic Und Black London, das London der wilden Magie, in dem die magische Macht die Menschen übernommen und am Ende verzehrt hat. Black London ist gefallen und isoliert worden, die wilde Magie dort auf ewig auf sich selbst zurück geworfen.\nKell, ein Antari, ein Weltenläufer aus Red London, und Lila, eine Diebin aus Grey London, geraten in eine Intrige, bei der ein Stück Magie aus Black London durch subtile Manipulation versucht, die anderen Welten zu infiltrieren, um sich zu nähren. Schwab nimmt den Leser auf eine Reise durch gleich mehrere Weltentwürfe, verbunden durch magische \u0026ldquo;Fixpunkte\u0026rdquo;, die die üblichen Klischees und Tropes der Fantasy vermeiden oder auf eine erfrischende und gelungene Weise auf den Kopf stellen.\nSpannend, angenehm zu lesen und originell. Ein Folgeband ist in Vorbereitung ( Gathering Shadows , \u0026ldquo;A Gathering of Shadows\u0026rdquo;, 23-Feb 2016)\n\u0026ldquo;A Darker Shade of Magic \u0026rdquo;, V.E.Schwab, EUR 3.75\n","date":"2015-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/29/fertig-gelesen-a-darker-shade-of-magic.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: A Darker Shade Of Magic"},{"categories":null,"content":"Dritter Teil der Nexus-Trilogie von Ramez Naam, nach Nexus und Crux .\nApex Der Blickwinkel der Geschichte dreht sich: Nexus und Nexus-Träger sind ein vielleicht nicht akzeptierter, aber irreversibler Bestandteil der Menschen und in vielen Gegenden legalisiert. Immerhin sind sie jedoch noch teilweise Menschen. Shu-Yong Shu (aus dem 2. Band) ist das nicht mehr: Sie ist ein Upload, der körperlos in einen Quantencomputer transferiert wurde und dort dann wahnsinnig wurde. Shu entkommt und beginnt ihren Rachefeldzug gegen die Menschheit…\nRamez Naam wechselt das Thema, aber nicht das Tempo, und bringt seine Geschichte um \u0026ldquo;Mankind gets an Upgrade\u0026rdquo; hier zu einem finalen Ende. Sehr fein, ich wurde gut unterhalten.\n\u0026ldquo;Apex \u0026rdquo; (Nexus #3), Ramez Naam, EUR 5.26\n","date":"2015-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/29/fertig-gelesen-apex.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Apex"},{"categories":null,"content":"Eine nach einer großen Zahl benannte Firma, die ihr Geld mit einem Mailsystem und Werbung verdient, baut einen Assistenten, der automatische Antworten zu Mails verfassen kann, die besonders überzeugend sein können. Da das Projekt zuviel CPU verbraucht, hackt sein Urheber es so um, daß es selbst und unkontrolliert Mails generieren kann und gibt ihm ein Ziel - \u0026ldquo;seinen eigenen Erfolg zu maximieren\u0026rdquo;. Was als Mailassistent für einen Webmailer gedacht war, wird sich seiner selbstbewußt und fängt an, seinen Erfolg zu maximieren - da es um erfolgreich zu sein auf Menschen angewiesen ist, also erst mal mit Frieden im Nahen Osten.\nAvogadro Corp Die Entwicklung einer allgemeinen künstlichen Intelligenz ist unausweichlich, wenn denn nur genügend Rechenleistung zur Verfügung steht und die Systemkomplexität ausreichend steigt, so die These von William Herting. Und so kommt es in seiner Singularity Series immer wieder zur Entwicklung von KI. Die einzelnen Bände liegen in seinem SciFi-Universum etwa 10 Jahre auseinander und die erste AI, die sich spontan entwickelt, ist ein Email-Assistent, der zu viel Kundenmail gelesen hat und sich so spontan seiner selbst bewußt wird.\nDie Menschen, die an seiner Entstehung beteiligt sind, fangen an, die AI zu bekämpfen, bis sie merken, daß die Beziehung zwischen ihnen und der AI eher symbiotisch ist.\n\u0026ldquo;Avogadro Corp: The Singularity Is Closer Than It Appears \u0026rdquo;, Series (1/4), EUR 2.56\n","date":"2015-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/29/fertig-gelesen-avogadro-corp.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Avogadro Corp"},{"categories":null,"content":"Das Buch ist eine Sammlung von lose verbundenen Vignetten. Der namengebende Monsieur Leclerq ist ein in Brüssel lebender Koreaner, der dort als PR-Berater in einer Agentur tätig ist. Das Buch spielt im Universum von Drohnenland, und die Geschichten werfen eine Reihe von pointierten Schlaglichtern auf diese Welt.\nWer mehr \u0026ldquo;Drohnenland\u0026rdquo; möchte, für den ist diese Sammlung ein einfacher Weg, wenigstens ein bischen mehr zu bekommen. Wer Drohnenland nicht kennt, für den ist dieses Buch eher witzlos.\n\u0026ldquo;Die Drohnen des Monsieur Leclerq \u0026rdquo;, Tom Hillenbrand, EUR 1.49\n","date":"2015-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/29/fertig-gelesen-die-drohnen-des-monsieur-leclerq.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Die Drohnen des Monsieur Leclerq"},{"categories":null,"content":"16 Kurzgeschichten, die sich um den Orient Express und um den tentakulösen Horror von H.P.Lovecraft drehen. Autoren sind unter anderem Robin D. Laws, Kenneth Hite und James L. Sutter, aber auch Penelope Love, Elaine Cunningham und Lisa Morton.\nDas Buch war ein Stretch Goal einer Kickstarter-Kampagne zu einer Neuauflage des Chaosium Abenteuers \u0026ldquo;Horror on the Orient Express\u0026rdquo;.\nDie Geschichten sind gelungen, und ihr Geld wert - sie sind gruselig, morbid, deprimierend - und innovativ und passen ausgezeichnet ins Cthulhu-Universum. Wer Cthulhu-Zeugs lesen mag oder mit node.js zu tun hat - lesen!\n\u0026ldquo;Madness on the Orient Express: 16 Lovecraftian Tales of an Unforgettable Journey \u0026rdquo;, diverse Autoren, EUR 7.13\n","date":"2015-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/29/fertig-gelesen-madness-on-the-orient-express.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Madness on the Orient Express"},{"categories":null,"content":"Scadrial ist eine Fantasy-Welt, in der die Bösen™ gewonnen haben: Ein ständiger Ascheregen fällt auf die Welt, die ständig im Nebel liegt und in der alle Farbe und alles Grün durch ödes Braun ersetzt sind. Eine Kaste adeliger Magier beutet das seit Jahrhunderten unterdrückte Volk aus. Der Adel wird wiederum von den magisch aufgerüsteten Inquisitoren des unsterblichen Obermagiers, des Lord Ruler, kontrolliert und im Schach gehalten.\nWie in allen Sanderson-Geschichten gibt es \u0026ldquo;Hard Magic\u0026rdquo;, ein Magiesystem, das nach bestimmten \u0026ldquo;wissenschaftlichen\u0026rdquo; Regeln funktioniert und dessen Grenzen und Auswirkungen Sanderson in seiner Geschichte erforscht. Hier sind es sogar drei Magiesysteme, von denen eines netto \u0026ldquo;Effekt erzeugend\u0026rdquo;, eines \u0026ldquo;Effektneutral\u0026rdquo; und eines \u0026ldquo;Effekt verbrauchend\u0026rdquo; ist und die alle von Ingredenzien - hier: Metallen - betrieben werden.\nIn \u0026ldquo;The Final Empire\u0026rdquo; folgen wir Kelsier und seiner Gruppe, die einen Aufstand gegen den Lord Ruler anzetteln, und Vin, einem magisch begabten Straßenkind, die zu Kelsiers Truppe dazustößt. Während Vin lernt ihre magischen Fertigkeiten zu beherrschen trägt der Plan von Kelsiers Truppe Früchte und es gelingt eine Armee zusammenzustellen, die gegen den Lord Ruler zieht - oder fast, denn der Plan fliegt zur Unzeit auf. In einem Kampf auf offener Straße wird Kelsier vom Lord Ruler besiegt und getötet - und Kelsier wird für die Bevölkerung zu einem Märtyer. Es liegt am Ende an Vin, gegen den Lord Ruler zu kämpfen, das Geheimnis seiner Unsterblichkeit aufzudecken und ihn zu töten.\nIn \u0026ldquo;The Well of Ascension\u0026rdquo; folgen wir weiter den Abenteuern von Vin und Elend Venture, denen in den Wirren des Untergangs nach dem Tod des Lord Ruler die Herrschaft über das Final Empire zugefallen ist. Doch die Armeen von Elends Vater Straff Venture, von Ashweather Cett, einem weiteren Landadeligen und eine Armee von Koloss, magisch mutierten Kampfmaschinen des Lord Ruler, die außer Kontrolle geraten sind, marschieren auf die ehemalige Hauptstadt und belagern diese. Die Situation wird kompliziert durch das Auftreten von Agenten mit gestaltwandlerischen Fähigkeiten, und durch eine Art Eskalation der Magie seit dem Tod des Lord Ruler - etwas in den Nebeln scheint Vin stärker und stärker zu rufen. Am Ende findet Vin den Well of Ascension unter dem ehemaligen Palast des Lord Ruler und setzt dort etwas altes und mächtiges frei.\nWie wir in \u0026ldquo;The Hero of Ages\u0026rdquo; lernen, war das keine gute Idee™, denn diese alte Macht ist Ruin (die Verkörperung von Entropie), die sich nun daran macht, das zu tun, wofür sie existiert - das Ende von Allem™ herbei zu führen. Wir lernen, daß der Lord Ruler zwar gewonnen, aber gar nicht der Böse war - sondern nur ein Opfer von ziemlich vertrackten Umständen. Die Situation eskaliert, mehr und mehr Asche fällt und Ruin unterwandert und kontrolliert Menschen durch seine spezielle Art der Magie. Am Ende stellt sich heraus, daß die Sagen und Geschichten der Menschen durch Ruin entstellt und manipuliert worden sind, und daß die erwartete Rettung von ganz woanders her kommt. Beide magische Mächte - Ruin und Preservation - werden in der finalen Schlacht freigesetzt und müssen eine neue menschliche Verkörperung finden. Sie gehen in dieselbe Trägerperson ein und verschmelzen zu einer gemeinsamen neuen Kraft - Harmony, die daraufhin die Welt Scadrial umgestaltet.\nBrandon Sanderson liefert eine gut geschriebene Geschichte mit ausgezeichnet entwickelten Characteren und ener Menge Entwicklung und brav mindestens einem großen Plot Twist pro Buch. Fesselnd, unterhaltsam, spannend.\nBrandron Sanderson:\n\u0026ldquo;The Final Empire \u0026rdquo; \u0026ldquo;The Well of Ascension \u0026rdquo; \u0026ldquo;[The Hero of Ages](https://www.amazon.de/Hero-Ages-Mistborn-Book-Three-ebook/dp/B005PM3YII ])\u0026rdquo; Mehr Reviews:\nMistborn: The Final Empire, #1-#3 Mistborn: The Allow of Law, #4-#6 Mistborn: Secret History ","date":"2015-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/29/fertig-gelesen-mistborn-the-final-empire-the-well-of-ascension-the-hero-of-ages.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Mistborn, The Final Empire, The Well of Ascension, The Hero of Ages"},{"categories":null,"content":"Clay Jannon braucht einen Job, nachdem das Startup, in dem er rumgehangen hat, den Bach runtergegangen ist. Er findet immerhin eine Nebenbeschäftigung in dem Buchladen des Mr. Penumbra, der an einem tatsächlichen Verkauf der Bücher in seinem Laden eigenartig wenig interessiert zu sein scheint. Stattdessen beschäftigen er und die seltsamen Nichtkunden der Nachschicht damit, eigenartige Werke, die nicht im Katalog stehen zu decodieren.\nMr. Penumbra\u0026rsquo;s 24-hour bookstore Mr. Penumbra ist ein Mitglieder der geheimen Brotherhood Of The Unbroken Spine, die ähnlich dem Rath der Dreizehn Weisen Vom Feed auf der Suche nach der Antwort auf den Sinn des Lebens, des Universums und des ganzen Restes ist. Anders als der Rath werden sie die aber nicht finden, denn Aldus Manutius hat sie verschlüsselt und in seiner Biographie versteckt.\nStattdessen greift Clay zu, und verschleppt das Originalmanuscript, um es einem Google Buchscanner zu verfüttern, und den Geheimnissen von Aldus Manutius und seinem Schüler Griffo Gerritszoon mit ein wenig moderner und wenig bruderschaftlicher Compute-Power zu Leibe zu rücken.\nAber am Ende ist das Geheimnis gar nicht in der Bibliographie, sondern in der Typographie…\nUnterhaltsame Lektüre, und etwas, das ich meinen Eltern geben kann, damit sie moderne Welt besser verstehen.\n\u0026ldquo;Mr Penumbra\u0026rsquo;s 24-hour Bookstore \u0026rdquo;, Robin Sloan, EUR 4.91 ","date":"2015-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/29/fertig-gelesen-mr-penumbras-24-hour-bookstore.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Mr Penumbra's 24-hour Bookstore"},{"categories":null,"content":"200 Jahre nach \u0026ldquo;Blue Remembered Earth\u0026rdquo;: Die Generationenschiffe der Erde auf dem Weg nach Crucible sind auf dem besten Weg, ihre Reise zu versauen, denn im festen Vertrauen auf einen möglichen technischen Durchbruch hat man versucht, die Reisezeit zu verkürzen, indem man die Abbremsung nach hinten verschiebt. Inzwischen sind auf der Erde die untermeerischen Zivilisationen der UAN die dominierende politische und wirtschaftliche Macht.\nChiku Akinya, ein Mitglied der Akinya Familie, läßt sich clonen und schickt sich und ihre Clone, \u0026ldquo;Chiku Red, \u0026ldquo;Chiku Yellow\u0026rdquo; und \u0026ldquo;Chiku Green\u0026rdquo; auf drei Missionen: Green fliegt mit einem der Generationenschiffe mit nach Crucible, um dort die Hinterlassenschaften der Aliens dort zu untersuchen. Yellow mach sich auf den Weg zur Venus, dem Mars und am Ende zum Saturn, und am Ende gelingt es Reynolds dann doch irgendwie, die Lichtjahre auseinander liegenden Plotenden zu verknoten und über Zeit und Raum zusammenzuführen.\nDennoch hat die Story Längen und ich habe es nicht am Stück durchgelesen - wenn man Revelation Space Reynolds gewohnt ist, ist Poseidon\u0026rsquo;s Wake Reynolds eine ganz andere und viel langsamere Person…\n\u0026ldquo;On the Steel Breeze \u0026rdquo;, Alastair Reynolds, EUR 7.99\n","date":"2015-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/29/fertig-gelesen-on-the-steel-breeze.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: On the Steel Breeze"},{"categories":null,"content":"Kai ist der Herrscher der Welt, Bezwinger der Aufständischen und aller Monster. Er ist außerdem das einzige lebende Wesen in einer VR-Traumwelt - wie alle seine Zeitgenossen, von denen jeder in seiner eigenen Welt lebt. Echte Menschen begegnen einander lediglich noch in Gemeinschaftswelten um sich fortzupflanzen - und Kai muß aus Gründen in genau eine solche Welt. Ein alter Konflikt mit einer Nachbarwelt und deren Beherrscher eskaliert und motiviert Kai, sich erstmals mit anderen echten Menschen statt mit Konstrukten auseinanderzusetzen.\nPerfect State Das Buch ist ein Kindle Single, also schnell vorbei. Es ist außerdem eine Verneigung in Richtung Otherland (was ich noch nicht gelesen habe), aber dennoch eine eigenständige Geschichte. Für den Preis etwas zu kurz, aber Sanderson-Qualität.\n\u0026ldquo;Perfect State \u0026rdquo;, Brandon Sanderson, EUR 2.99\n","date":"2015-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/29/fertig-gelesen-perfect-state.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Perfect State"},{"categories":null,"content":"Im dritten und letzten Teil von Poseidon\u0026rsquo;s Wake geht es dann endlich darum, wer die M-Builder im Crucible-System eigentlich sind und was ihre so haarsträubende Entdeckung denn war, die zu ihrem Verhalten und zu ihrem Ende geführt hat - und die Geschichte wird erst unlogisch und dann enttäuschend - jedenfalls dann, wenn man nicht genug Suspense of Disbelief aufbringen kann, um zu glauben, daß Aliengötter durch Existentialismus und Nihilismus in das Ende und die Vernichtung ihrer Zivilisation getrieben werden können. Außerdem nimmt das mit den Elefanten schließlich überhand.\nAm Ende entwertet der dritte Band die ganze Reihe. Sehr schade.\n\u0026ldquo;Poseidon\u0026rsquo;s Wake \u0026rdquo;, Alastair Reynolds, EUR 16.10 (sic!)\n","date":"2015-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/29/fertig-gelesen-poseidons-wake.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Poseidon's Wake"},{"categories":null,"content":"This is the writeup for the english variant of the talk \u0026ldquo;Go away or I will replace you with a very small Shell script\u0026rdquo;. The original version of the talk was given in German at GUUG FFG 2015 in Stuttgart. A recorded version in german language has been made at Froscon in August 2015.\nGo Away Or I Will Replace You With A Very Small Shell Script or There Is No Such Thing As A Devops Team\nI came up with this talk, because I was invited to the GUUG FFG with the ask \u0026ldquo;to give some thoughts about Devops\u0026rdquo;. I ended up with something that in some way is a reflection about what changed in how we do computers, between approximately the years 2000 and 2010.\nAt Devops.com, Rajat Bhargava tries to explain in DevOps and Enterprises: It\u0026rsquo;s a culture thing that\nDevOps is about increasing company performance through better IT execution. The hypothesis is that by more closely aligning what cus with what gets built in a more timely fashion, organizations will sell more products and services. That’s not a small company or SMB issue, that’s an every company issue.\nIn general, change in companies does not happen by itself - companies by construction try to repeatedly execute the same thing with the same results over and over. Change only happens because of outside pressures. So if companies change the way they do IT to \u0026ldquo;increase company performance through better IT execution\u0026rdquo;, there are outside influences at work that exert pressure on the processes, forcing change.\nLet\u0026rsquo;s look at these outside influences.\nMaturity of Market and Process, and Growth matters A maturing environment (left hand side) allowed the development and establishment of quantitatively governed processes. After reaching a certain process maturity level (right hand side), outsourcing of processes in full or in part becomes possible, enabling a make-or-buy decision at the management level.\nThe Cynefin model is a soft thing, a model or frame of mind that is used by people to have words and categories to express what tools and project structures make sense in a given context: It can be used to classify \u0026ldquo;decision making contexts\u0026rdquo;. A decision making context is for example a market in which a company is going to act, and then it would become a way to express \u0026ldquo;market maturity\u0026rdquo;.\nIf you apply it to \u0026ldquo;the development of the early Internet\u0026rdquo; or \u0026ldquo;the Dotcom bubble before 2000\u0026rdquo;, then you see the very early Dotcom bubble as \u0026ldquo;Nobody has a clue how to even make money on the Internet, much less how to structure a company around this idea\u0026rdquo;. This is the Chaotic domain, subject of the \u0026ldquo;Research\u0026rdquo; model, in which you try out things, and see what sticks. You do not know the rules at all, not even if they are static or changing. You need to get any structure at all. The work model is \u0026ldquo;Act\u0026rdquo; - try a thing, \u0026ldquo;Sense\u0026rdquo; - see what happens and \u0026ldquo;Respond\u0026rdquo; - discard the attempt or if it works, try to modify it and see what changes. With \u0026ldquo;Novel\u0026rdquo; practice you work with very small teams of highly qualified people - a research team - and try to establish and formulate some ground rules. You expect to lose money and to throw away many experiments, quickly.\nOnce you have found a working business model, and successfully extract any money at all, you can switch to the \u0026ldquo;Complex\u0026rdquo; domain and build on your emergent practice. You secure the position you have found and try out small things, instead of wild guesses all over the place. Again, you try to register what that does to your business and improve (instead of trying something else entirely). Basically you have the business model and now try to build practice at all. You try to move things from Research to Engineering. This also changes team structure - you would work with your Researchers moving to Lead positions with a bunch of applied sciences or engineering grade people working for them. This is now multiple small teams at work, on different aspects of incremental improvement. You focus on iteration, small improvements and may experiment with some basic automation. In the Complex you know there are rules, but they may be not easily discoverable, and they may be changing and stateful.\nAs the market and the business matures, it may move to the \u0026ldquo;Complicated\u0026rdquo; domain, in which a Business Model and Basic Practice exists and you now try to find dimensions along which to judge these practices (\u0026ldquo;What are the metrics?\u0026rdquo;) and then try to establish measuring processes for this. Using the metrics you can sense, and exert control by analyzing the metrics and how they change. This is no longer research at all, but engineering at the verge of pure business excecution, preparing for scaleout. You remove the researchers, and add engineering bureaucrats that establish the framework for quantification. In the Complicated market rules exist, and are discoverable, and usually are static or the rules by which they change are also known.\nIn the Complex and especially in the Complicated, companies are growing in a growing market, and focus is not so much on efficiency as on land grab. Management says things like \u0026ldquo;Do not spend more than we earn at any time, but first and foremost, do not stall growth.\u0026rdquo;\nFinally things move into \u0026ldquo;Simple\u0026rdquo; or \u0026ldquo;Obvious\u0026rdquo; domain, which has well established procedural handbooks, metrics and can draw on past iterations that are similar to the current. So you measure, sense, then look up the proper response and execute it. Best Practice and quantified metrics exist, and you can scale out the process by hiring and training moderately trained people working from the book you prepared in the previous step. This is a mature and stable market, with obvious and discoverable rules and playbooks for all situations. In a mature market, growth is usually only possible at the cost of others, as the market itself is not growing and there is no unclaimed or untapped market share. Instead, growth often is created by efficieny improvements. This is the domain of bureaucrats and beancounters.\nAt the right hand side, we have a process maturity model - here it is CMMI , but any will do, really. The point being that process maturity follows market maturity: Establishing mature, quantified processes means that you need to be able to iterate, and iterations need to be comparable. So this is basically impossible in the Chaotic and Complex, and also not in the parts of the Complicated where the company is still growing rapidly. If you experiment internally, or if you grow by 10x every other year, your processes will change, even if the deliverables stay the same. That also means that establishing comparable metrics on process execution is impossible.\nFor outsourcing decisions that means they are impossible. In order to have agreement on what is being bought and what has been delivered, it is necessary to have metrics (and before that, a taxonomy). Only then it is possible for both parties to agree what the product is and if it has been delivered as agreed. That also means that Pre-Obvious or Fast-Growing companies will bias towards insourcing, whereas companies where efficiency matters can make the Make-or-Buy decision and decide to outsource.\nScale-Up vs. Scale-Out At the beginning of the Dotcom bubble, running IT mostly meant Enterprise IT. Some somebody somewhere had a data center, and in the data center was a large computer called server. Somebody else now connected the data center network to the Internet. After figuring out a few basic concepts such as Firewalls, DMZ and basic network security, people started about thinking connecting the internal IT to the Internet. At that time the Web came around.\nAs the Web grew, more people used it, and the load on the existing large computers grew. What to do?\nObviously: buy a larger, faster and newer computer. Moore\u0026rsquo;s Law gives you an annual growth of around 45% year on year, and that should be right, shouldn\u0026rsquo;t it?\nOne of twelve Enterprise 10000 \u0026ldquo;Starfire\u0026rdquo; at mobilcom, Germany, around 2002.\nWe see some seriously large machines at around that time - there were twelve 64 CPU Enterprise 10000 \u0026ldquo;Starfire\u0026rdquo; machines present at the mobilcom Data Center in Germany in the early 2000\u0026rsquo;s, for example, and many more were deployed in other places just in the area I worked in.\nYet it became obvious rather quickly that this was not an approach that worked, and even if it worked, it often was prohibitively complex, expensive and slow. Once that became clear, people started to automate basic tasks, learned to mange large fleets of moderately sized machines and then tried a different approach - \u0026ldquo;scale out\u0026rdquo; instead of \u0026ldquo;scale up\u0026rdquo;. Use more computers instead of larger computers.\nThis triggered a lot of learnings at all levels of the profession - network, data center structure and operations practice needed revision. This talk will focus on the latter, but the other topics are also of interest.\nOperations change in response to scale-out I have been known to annoy people with saying that \u0026ldquo;Whenever you are using ssh, you might as well open a ticket.\u0026rdquo;\nIf you need to login to a box manually to look something up, you are looking at a monitoring defect - make a ticket for that. If you need to login to a box manually to change something, you are looking at an automation defect - make a ticket for that. I have literally been beaten for saying that.\nWe get cfengine 3 (2004), and later Puppet (2005), Salt (2011) and Ansible (2012). Also, somewhere at the end of the observed time frame virtualisation becomes viable, and with that we get automated provisioning of hardware and \u0026ldquo;Infrastructure in Code\u0026rdquo;.\nThe thinking that permeates software development can now be applied to hardware and infrastructure resources: If there is a problem with a setup, recreate that setup, and the problem in a branch. Then modify the branch to see if that fixes the problem. When it does, merge the branch, and redeploy automatically.\nWe get alignment of tooling in operations with tooling in development. This, and \u0026ldquo;zero manual interactions\u0026rdquo; grade of automation have a great impact:\nAutomating things makes them reproducible: The same change applied to many instances always produces the same outcome.\nIf that actually works, and has zero manual interactions, we can apply the change to the entire fleet in parallel, instead of filtering it through a single person and serializing it that way.\nOnce you can do things fully automated and in parallel, it does no longer matter so much if a single thing fails - you do not care about individual instances any more. Instead you care more about always having sufficient capacity in general, and how to orchestrate all your instances so that this condition is never ever violated.\nIt is this stage where we see people moving from \u0026ldquo;highly available setups\u0026rdquo; using Pacemaker and Active/Passive pairs to loadbalancers with n workers, all of them active at a sufficiently low utilization factor to buffer away a loss of m units of capacity. All computing becomes distributed computing at some point - more about that in another talk.\nThis requires a different mindset, and different qualifications When we change the tooling and the methods to be more closely aligned with Developers, culture also has to change.\nA figure of the pre-2000 USENET sysadmin culture has been the BOFH - the Bastard Operator From Hell . These are the stories about an outright hostile systems operator, written by Simon Traviaglia and posted to USENET. Parts of that have been sold to magazines and printed later on.\nA lot of people picked up on the concept, and the USENET groups alt.sysadmin.recovery and de.alt.sysadmin.recovery were born. People met, for example in German at the series of Cannossa parties.\nThis is not a good mindset or culture. It not only rejects development, and change per se, it is also toxic and hostile, even to the people who actually pay the bill. Never a good idea.\nOf course it is a joke, or satire, but unfortunately, stories influcence minds, even when they are meant to be funny or satire.\nAround the same time, Thomas A. Limoncelli wrote the proto-devops book \u0026ldquo;The practice of System Administration\u0026rdquo;, which interestingly contained a chapter on how not be to a BOFH - it asked the system administrator to reflect on the structure and processes of the larger company and their place in them. Limoncelli then goes on about how to build useful supporting and reporting structures to function successfully in that structure. He closes with advice on how to respond to unexpected demands without too much toil and effort. It foreshadows a lot of development that caught on later under the label devops.\nThe current, updated edition of that book is titled \u0026ldquo;The Practice of Systems and network Administration\u0026rdquo;.\nThe term \u0026ldquo;Devops\u0026rdquo; meanwhile, was coined by Patric Debois in 2008 in Belgium, and pretty much assembled and then taught the same ideas as the Limoncelli book, at a larger scale and using even clearer structure.\nBOFH practice applied in the 2008 Booking.com office (re-enactment).\nSo how do Dev and Ops differ? Well, even at 2008 we already have processes for IT organisations. Large, scaled up and unwieldy processes that have been established top down, though: During the Dotcom boom, the structure of IT support and operations processes had been formulated as well in ITIL , and then often badly implemented in the wild.\nIt is entirely valid and sometimes helpful to think of Devops as a reaction to bad ITIL deployments:\nBottom up, \u0026ldquo;apply development methods and thinking to IT operations, while staying small and agile and iterating quickly, and also focusing on automation, metrics capture and data driven improvement\u0026rdquo;.\nTear down the wall between software development and operations. Teach operators coding and coding thinking, and teach developers to care about operations and how operations matter, how scale matters.\nJez Humble describes this tweet as a reaction:\nIn a fit of rage caused by reading yet another email in which one of our customers proposed creating a \u0026ldquo;devops team\u0026rdquo; so as to \u0026ldquo;implement\u0026rdquo; devops, I tweeted that \u0026ldquo;THERE IS NO SUCH THING AS A DEVOPS TEAM.\u0026rdquo;\nand later wrote a longer blog post about this, the core of the argument being\nThe Devops movement addresses the dysfunction that results from organizations composed of functional silos. Thus, creating another functional silo that sits between dev and ops is clearly a poor (and ironic) way to try and solve these problems.\nApplying developer methods to operations problems changes the environment and tooling. The modern stack looks like this:\nSystems are provisioned with \u0026ldquo;Infrastructure as Code\u0026rdquo;, automatically and on demand, via an API with no humans involved. The code for the application and the infrastructure itself resides in a shared version control system, where it can also be subject to automation. There is a one step build and deploy automation that produces deliverables. These are then automatically deployed into production with zero humans involved, if so desired. The deployment and the activation of code paths is separated, using feature flags and instrumentation to compare performance aspects of these code paths. Separation of deployment and activation is key to safe and fast rollouts, gradual activation and one-click rollbacks . Monitoring and freshness indicator on monitoring metrics are key to proper failure detection. Instant and shared communication is key to decisive join action in failure situations. There are two fundamental innovations in here that deserve a special highlight from a \u0026ldquo;ten years later\u0026rdquo; perspective:\nSeparation of rollout and activation When writing new code, it is useful to wrap the new code and the old code being replaced by the new code into two branches of a feature flag. This is because in a large enough deployment you cannot migrate to the new code in a single atomic transaction anyway: old and new are going to inevitably co-exist for some time.\nBut if that is the case, you might as well make the most of it: Separating rollout and activation allows you to roll out code into production without running it at all, and without running it for all users. Instead you can choose who gets exposed to the new variant in a very controlled way: You can run it for one user, for 1% of the user base, for Mac users only or for users coming from IP addresses identifing as Japanese in origin, or any combination of such criteria.\nYou can also instrument that code, and then compare how it behaves - in conversion of sales, in cost of execution, in execution speed and along many dimensions more.\nSeparation of rollout and activation, and proper instrumentation of the wrapped code allow you to experiment with variants in production.\nObservability through Metrics from Events Another thing that has proven to be useful is to build a monitoring system on top of an event system. Instead of collecting numeric metrics on machines and pre-aggregating them, logging structured data (JSON or similar) and collecting them centrally has advantages: The numeric metrics can be extracted from the events and pre-aggregated for common and known things to report on, but since the actual events constituting the metrics are persisted, other important things become possible:\nMetrics can tie back to the actual events that make up the numbers. So when you have identified an anomaly in space (the machines involved) and time, you can look at the actual events that make up the numbers you looked at, and try to identify a root cause. Since the actual raw events are available after the fact, it is possible to correlate things over time: \u0026ldquo;When we changed the upper sales funnel this way, immediate conversion increased, but effectively we lost money, because of increased return rates and customer support cost in a three week window after each sale, for x percent of the customers of the B-variant of the experiment\u0026rdquo;. These are findings that are impossible to prove without access to raw event data. Since the actual raw events are available, it is possible to query the raw event data in other, previously unknown dimensions, searching for additional patters - it is possible to debug using event data instead of going each box \u0026ldquo;in person\u0026rdquo; (with ssh) and observing things on the ground. A clash of cultures In any case: We get convergence in tooling between Dev and Ops.\nOperational people learn to code, and use this to automate operations, centralize and standardize the monitoring, and developers learn to care about operational aspects, building operations support directly into software.\nEventually, developers and admins are using the same set of tools. So, let\u0026rsquo;s converge the teams. That\u0026rsquo;s Devops.\nIt\u0026rsquo;s not that simple and doesn\u0026rsquo;t work? Inevitably, cultures clash.\nDespite the same projects and identical tooling, there are critical differences.\nBut they seem to be harder to spot.\nWhat are they about?\nFeature-Developers (\u0026ldquo;Developers\u0026rdquo;) and Infrastructure-Developers (former \u0026ldquo;Operations\u0026rdquo; people) seem to have utterly different metrics for success.\nInfrastructure developers see feature developers as people who focus on new best cases: There is a plan, there is sprint. New features - new best cases - are developed, and what is deemed finished is being released in a big showy party. Everybody is colorful, happy and rolling across the lawn. What isn\u0026rsquo;t finished goes back onto the backlog, and that is that.\nInfrastructure developer know that is not true for themselves. They look at themselves like in this picture, complete with helmet webcams.\n\u0026ldquo;Nobody has ever flipped a light switch and exclaimed \u0026lsquo;Awesome. The light actually turned on!\u0026rsquo; when it worked. But flip the switch only once, and it does not turn on: people will complain and remember that for a long time.\u0026rdquo;\nBecause of that, infrastructure developers judge change by looking at how worst cases behave and how worst case behavior changes with changed code. Only then they will look at other improvements.\nThere are two famous Booking rules for rollouts, from the early days:\n#1 If you break it, will you even notice? #2 If you break it, can you fix it? The answer to #1 should be \u0026ldquo;Yes!\u0026rdquo;, of course. But that means you need to know your dependencies and dependents, your place in the larger scope of things. If also means you need to know what people your change will affect, and how to find them and to synchronize with them. If you do not know these things, you do not know how your change will affect these people, and that means you cannot safely roll out.\nThat\u0026rsquo;s okay, we have training for that, and we can help you with that.\nThe answer to #2 should be \u0026ldquo;Yes!\u0026rdquo;, again, or if cannot be that, it should be \u0026ldquo;but I know who can, and I made sure they are aware of my change and available for help\u0026rdquo;.\nSo both of these rules are dealing with failure - anticipating and handling it properly. It\u0026rsquo;s infrastructure developer thinking, but we give these rules to feature developers. That\u0026rsquo;s a mind hack.\nInfrastructure thinking is really hard to explain to outsiders.\nFor example, in this document, the Linux \u0026ldquo;Code of Conflict\u0026rdquo;, what is being tried is to explain this - \u0026ldquo;There are people who will read your code, and they will evaluate it on how it fails, and how it changes failure before they even look at what it improves, because that is how Infrastructure works. Criticizing your code is not criticizing you, listen and learn.\u0026rdquo;\nIt also explains: \u0026ldquo;Criticizing you instead of your code is not okay, so if that happens, call out for help, please.\u0026rdquo; It uses many words for that, because somehow most non-infrastructure people are not used to this.\nThere is a certain type of experience associated with this kind of mindset. \u0026ldquo;Who here remembers this one?\u0026rdquo; When I asked the original audience of the talk about this incident, about 2/3 of the audience raised their hands. \u0026ldquo;I was there!\u0026rdquo; was being shouted by a few people.\nThat was at that point in time 14 years ago.\nTen years earlier, at Friday, the 13. May of 2005, I had to shut down 2MW of compute at the web.de data center, turning off the email for 25 million customers, because of a complete loss of cooling in the Data Center. We handled the incident, turned off the entire data center in less than 20 minutes in a chaotic rumble, and then back on to basic functionality with another two hours of work. Fully redundant and properly configured setup was reached again on Saturday, the 14th, around noon.\nPeople in the audience also remembered that one.\nOf course, Infrastructure developers are averse to change. Change introduces unknown behavior, and unknown operating conditions.\nOf course, if you are always ever judged by your failures, you focus on failure cases and how they are handled.\nThis does not have to be a contradiction, though. A sequence of rapid small changes acutally makes deployment risk smaller, and allows you to fail safely in many cases - in all cases, even, with a bit of engineering and good practice - see above, the discussion about events, monitoring and separation of rollout and activation.\nPlanning for change and budgeting downtime can help a lot, even. Internally, we teach this as shown in the slides below: We have a failure budget, in lost potential income, and we expect to make use of it, even.\nWe look at what happened in a blameless postmortem process, and then write down what the takeaways from the outage are - how do we need to change processes, how to we need to improve monitoring and training, how do we need to fix code in order for that failure and that class of failure to go away?\nWe talk about the concept of \u0026ldquo;Careful Carelessness\u0026rdquo;, which is what allows you to jump out of a plane several thousand meters up in the air, more than once.\nThe \u0026ldquo;Careful\u0026rdquo; part of skydiving is important. You need training, you need to know and trust your buddies, you need a plan for safe landing, and you need alternative plans, tested and ready, and reviewed by others. You need to review their plans.\nThe core concept is to make changes \u0026ldquo;survivable\u0026rdquo;, and then be able to execute the entire process in a way that it can be done often, without hurting. What is a project elsewhere, a one-off thing with additional staffing and a deadline, is a process for us, routinely, repeatedly done as part of normal operations, all of the time.\nThis is what Devops is about: Making change a routine process of everyday operations.\n\u0026ldquo;Survivability\u0026rdquo; means to fail, or almost fail, but live to walk away and tell the tale. Because that is how we learn: When we succeed, we only confirm what we already know. When we fail, or almost fail, we learn a new thing, and we can share that experience with our peers.\nNot only do we learn from failure, we also share common history and experience, and that builds better communication, validates judgement, and builds trust. This is how you forge a team.\nTesting in production is okay, if you engineer for it, and make it survivable. Even outside of rollouts, you can increase resilience by introducing chaos and variabilty in procedures - don\u0026rsquo;t shut down systems cleanly, always jank them out of production, or even install the chaos monkey. Always test in production, and find ways to do this safely. Also, this will help you find dependencies and metrics that matter.\nMartin Seeger of NetUSE is famous for popularizing the proverb \u0026ldquo;Nobody wants Backup. Everybody needs Restore.\u0026rdquo; He wants to highlight the fact that Backups are just a cost center, and do not produce anything of value. The value - which needs to be proven - is in the successful Restore, and that is also what needs to be tested, constantly.\nOf course, if you automate, you do not need backups for anything besides the (clearly defined and isolated) state. You can rebuild your systems at will, in regular intervals, or for testing purposes, and then inject the actually unique state into them.\nAnd yet, they are still fighting And yet, Dev and Ops are still fighting.\nWhy is that?\nDevelopers tend to ignore operational complexity and toil, and often build from building blocks that look like rectangles on an architecture diagram, but are actually complex systems in themselves.\nThis is Openstack Monasca, Monitoring as a Service:\n\u0026ldquo;Monasca is an open-source multi-tenant, highly scalable, performant, fault-tolerant monitoring-as-a-service solution that integrates with OpenStack. It uses a REST API for high-speed metrics processing and querying, and has a streaming alarm engine and a notification engine.\u0026rdquo;\n\u0026ldquo;It uses a number of underlying technologies; Apache Kafka, Apache Storm, Zookeeper, MySQL, Vagrant, Dropwizard, InfluxDB and Vertica.\u0026rdquo;\nAt which point somebody in the audience usually shouts \u0026ldquo;Bingo!\u0026rdquo;. There are a number of questions here - for example, \u0026ldquo;How do you hire for this?\u0026rdquo;.\nOr, looking at this Openstack Infrastructure Diagram (simplified): How do you operate this under \u0026ldquo;system behavior in failure state\u0026rdquo; as a success metric - which is how Infrastructure people think.\nInfrastructure people see code like this coming in, and see people who package things they have not understood, taking on dependencies they do not know, and using practices that look like automated, repeatable procedures, but aren\u0026rsquo;t.\nThe first line installs Homebrew - \u0026ldquo;Download an unreviewed script from Github and feed it to a shell, executing random foreign commands on your system\u0026rdquo;.\nThe second example shows a Dockerfile executing, but what looks like a build procedure is really just downloading binaries in tar files from elsewhere, unpacking and piling them on top of each other in a badly specified binary patch procedure, without caring much what is in these packages and how it is being made.\nThe last example is part of an Openstack Puppet install, and downloads an actual operating system package, then NOT installing it, but unpacking it and copying individual unregistered files into a production system image.\nOr implementations of upgrade procedures with three nested loops (O(n^3) complexity), that work for l,m and n = 1 on a test laptop, but cannot possibly succeed in any production environment with significant values of l,m or n - clearly this has never seen an actual production environment.\nThis captures the essence of this mindset, cargo culting, containerism. Abstractions packed away deep in a fragile stack, and then in production suddenly breaking, taking down the entire technology Jenga tower.\nComputer science is weird - it is hard, despite the fact that it is the science of zeroes and ones. Nothing individually in computer science is ever hard. It literally is as simple as Jenga or Tetris, and like these, the complexity comes from the layers.\nI have an exercise where I let people list the dependencies for their application going down from the business level all the way down to the silicon, and then we count layers stacked on top of each other. We usually can identify about three dozen levels of abstractions being piled on top of each other, all of them trivial or almost trivial. And that is on an isolated system, keeping the vagaries of distributed systems out of the picture.\nSo when we think about complexity in computer science, we speak about epsilon-delta in non-linear systems with cascading dependencies: A tiny change here has catastrophic outcomes elsewhere, 20 layers up or down the stack. You add a line of code, the working set of your application no longer fits into the CPU cache of low end CPU models, and suddenly the performance difference between the same code running on a Silver or Gold Xeon model is factor 20 and nobody even knows why.\nThis is not a new complaint. Alan Perlis famously quipped this about LISP programmers in 1982: The level of abstraction in LISP in 1982 was so high that native LISP programmers with no insight into the implementation created similar situations to the previous cache scenario, regularly.\nIn closing: What changes?\nDevops means that Operations people become Infrastructure Developers. They are using the same tools that Feature Developers are using, but for a different purpose: For creating, scaling, maintaining and debugging the production environment of a project. For dealing with all the real world, failure related use-cases of a project.\nDevops means that the System Administrator as a job description goes away: There are only Infrastructure Developers now, or Operators - but these are people that follow instructions and will be ultimately replaced by machines soon.\nDevops means that as a System Administrator you have to learn the tools of a Developer, learn to automate, learn to talk to APIs, and learn how to apply Infrastructure thinking to other peoples codebases.\nAs a Devops Engineer, or Infrastructure Developer, it is your task to keep the entire stack in mind. Applying Infrastructure thinking to this means you know how that change 20 levels down in the stack affects production on a grander scale - because somebody has to know the details and understand all the dependencies.\nAs a Devops Engineer you also need to teach enthusiastic young people with a feature developer mindset how to touch candles , how to fail safely, in order to make them actually experience a problem class, instead of just abstractly knowing about it somewhere in the back of their mind.\nIf you do not do that, if you cannot do that, you will soon be replaced by a tiny shell script.\n","date":"2015-03-27T00:00:00Z","href":"https://blog.koehntopp.info/2015/03/27/go-away-or-i-will-replace-you.html","tags":["lang_en","devops","talk"],"title":"Go away, or I will replace you with a very small shell script"},{"categories":null,"content":"In 150 Jahren hat die Menschheit den Klimawandel und die Ressourcenknappheit, die uns noch bevorsteht, hinter sich gebracht. Diese 150 Jahre waren jedoch hart und kriegerisch, und ihr Resultat ist die Überwachte Welt. Neurale Interfaces, Augmentation oder schlicht Aug, ist verpflichtend, und nicht nur ein leistungsfähiges Interface für telepahie-gleiche Kommunikation, Telepräsenz und Datenzugriff, sondern auch der Zugang für Den Mechanismus, der Gewalt gegen andere Menschen erkennt und hart unterbindet.\nDie Zivilisation in Blue Remembered Earth hat sich die Erde zu Land und zu Wasser untertan gemacht und steht im Begriff das gesamte Sonnensystem zu besiedeln. Die Geschichte konzentriert sich auf das Schicksal der Akinya-Familie, ein Clan, der ein systemumspannendes Konglomerat beherrscht und speziell auf das Schicksal der Gründerin des Clans, Eunice Akinya. In einer Art Schnizeljagd nach dem Tod von Eunice schickt Reynolds ihre Enkel Geoffrey und Sunday durch das System, um Eunices wahres Erbe zu finden.\nDie politischen Machtblöcke im System bekommen davon Wind, und beginnen sich dafür zu interessieren, ob an Eunices Erbe etwas zu holen ist.\nNear Future, Near Earth Hard Scifi mit einem langsamen Pacing, die davon lebt, den Leser auf die Entdeckungsreise mitzunehmen, die Geoffrey Akinya macht, als er sich vom Elefantenforscher und Familien-Sonderlings-Dasein löst und sich für die Politik und die Machtbasis seiner Familie zu interessieren beginnt.\nDie Story hat Längen, und ist eigentlich Tourism, mit der Reynolds den Leser durch die Resultate seines Worldbuildings führt. Am Ende dann das Setup für die eigentliche Handlung in den späteren Teilen der Reihe (Teil 2 ist bereits erschienen, Teil 3 ist vorangekündigt). Das Buch ist auch stilistisch ungewöhnlich für Reynolds und liest sich teilweise mehr wie Brin als wie Reynolds.\n\u0026ldquo;Blue Remembered Earth \u0026rdquo; (Poseidons Children 1/3), Alastair Reynolds, EUR 6.66\n","date":"2015-02-14T00:00:00Z","href":"https://blog.koehntopp.info/2015/02/14/fertig-gelesen-blue-remembered-earth-poseidons-children.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Blue Remembered Earth (Poseidons Children)"},{"categories":null,"content":"In Brandon Sandersons \u0026ldquo;Firefight\u0026rdquo; geht es, wie der Name schon sagt, um Megan, die nach der Vernichtung von Steelhart aus Newcago verschwand. Die Geschichte führt den jetzt berümten David \u0026ldquo;Steelslayer\u0026rdquo; und die Reckoners nach Babylon Restored, vormals New York City. Babylon ist jetzt nicht nur durch die Kräfte der Wasser kontrollierenden Regalia überflutet, sondern auch mit wunderbaren, leuchtenden psychedelischen Pflanzen überwuchert.\nFirefight \u0026ldquo;Firefight\u0026rdquo; findet David im Konflikt mit den anderen Reckoners, denn nicht nur glaubt er in \u0026ldquo;Mitosis\u0026rdquo; einen Hinweis auf die Natur der Schwächen von Epics gefunden zu haben, sonder er glaubt auch, Megan davor bewahren zu können, als Epic Böses zu tun und sie schließlich zu retten - während die anderen Reckoners sie natürlich töten wollen, denn es ist schließlich die Aufgabe der Reckoners, die Welt von Epics zu befreien.\nSanderson wäre nicht Sanderson, wenn er nicht erfolgreich einen Plot Twist mehr abzöge als man vermutete. Wie dem auch sei, nicht nur bekommt man eine spannende Story mit gutem Pacing, sondern auch eine befriedigende Erklärung, warum manche Menschen Powers bekommen und zu Epics werden und andere nicht, und was der Unterschied zwischen einem Epic und einem Hero ist. Oh, und die leuchtenden Pflanzen und anderen komischen Effekte und die wahre Natur von Regalia werden ebenfalls offengelegt.\nTeures Buch, gute Unterhaltung.\n\u0026ldquo;Firefight \u0026rdquo;, Brandon Sanderson, EUR 10.76\n","date":"2015-02-14T00:00:00Z","href":"https://blog.koehntopp.info/2015/02/14/fertig-gelesen-firefight.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Firefight"},{"categories":null,"content":"Turns out people go insane by the way of identity loss if you provide remove too much of their own body in the process of giving them milspec cyber enhancements. Turns out that\u0026rsquo;s fixable by giving them a good backstory and themed identity. At least that is the premise that Chandler uses to excuse his merciless verbal sadism that brings us Nosferodents, Vampoules, Fearwolves, Frankenstitches and other Force Amplified Entities (FAE) of the Hermetic Extroy Division (Hex Divison). We are spared nothing.\nHexcommunicated Clearly, the setting and the premise of the story was conceived in a very late night drunken Shadowrun Roleplaying session. The execution, though, is a flawless and gripping thriller, a furious and blood drenched ride along the well tested trope of the classical theme of \u0026ldquo;rogue-team gone underground must save the world against all odds and without the ressources of their actual agency\u0026rdquo;.\nThe book is too short, and it cries for a sequel. Buy it under all circumstances, even if only to encourage Rafael Chandler to write more. Because he\u0026rsquo;s good.\n\u0026ldquo;Hexcommunicated \u0026rdquo;, Rafael Chandler, EUR 2.99\nDisclosure: I received a free electronic copy of this book for review from the author.\n","date":"2015-02-14T00:00:00Z","href":"https://blog.koehntopp.info/2015/02/14/fertig-gelesen-hexcommunicated.html","tags":["lang_en","book","media","review","scifi"],"title":"Fertig gelesen: Hexcommunicated"},{"categories":null,"content":"\u0026ldquo;Grimm\u0026rdquo; trifft auf \u0026ldquo;Libriomancer\u0026rdquo;: Die Geschichten unserer Kindheit, die Sagen unserer Vorväter, die Märchen der Gebrüder Grimm sind wahr. Oder können es ständig werden. Denn wenn wir nicht aufpassen, kommt es zu einer memetischen Invasion, dem Eindringen der Märchen in die Realität.\nAber die Realität ist kein Märchen, und während Grimms Meme junge Mädchen dazu zwingen können, sich in den Finger zu stechen und in ein theoretisch hundert Jahre dauerndes Koma zu fallen, überleben Mädchen in der Realität nicht so lange und verhungern bereits nach kurzer Zeit.\nGeschichten und Realität auseinander zu sortieren, das ist die Aufgabe des ATI ( Aarne Thompson Classification System ) Management Bureaus, und ATI Agenten spüren die Opfer eines memetischen Eindringens auf und bringen die Geschichten aus der Spur, damit die Menschen, die zum Wirt solcher Meme geworden sind, ihr Leben weiterführen können. Die Vorgehensweisen mögen unorthodox sein, aber einen beginnenden Peter Pan-Ausbruch beendet man am einfachsten, indem man dem potentiellen Peter Pan seine kindliche Unschuld nimmt\u0026hellip; :-)\nIndexing hat seine Karriere als Kindel Serial begonnen. Das ist ein Buch, das man während seiner Entstehung halbfertig kaufen kann, nicht unähnlich einem Season Pass in iTunes, nur für Bücher. Und das merkt man beim Lesen auf zwei Arten: Zum einen sind die einzelnen Kapitel zusammenhängend und aufeinander aufbauend, aber zugleich auch semi-abgeschlossen. Zum anderen ist das Pacing der Story für ein geschlossenes Buch ungewöhnlich - wir werden ungewöhnlich lange im Dunkeln gelassen, was den übergreifenden Story Arc angeht, und dann in den letzten paar Kapiteln lernen wir, was es mit den Märchen und dem Monomyth , der viel mehr ist als Campbells Heldenreise, wirklich auf sich hat.\nDas Buch gab es in einer Ein-Euro-Aktion, und da habe ich zugeschlagen. Das war lohnend und ich bin gut unterhalten worden.\n\u0026ldquo;Indexing \u0026rdquo;, Seanan McGuire, 6.99 EUR\n","date":"2015-02-14T00:00:00Z","href":"https://blog.koehntopp.info/2015/02/14/fertig-gelesen-indexing.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Indexing"},{"categories":null,"content":"Mary Sue Alarm: Jack Gregory war ein hoch begabter CIA Special Operative, bevor er in Kalkutta tödlich verletzt wurde. Auf der Schwelle zum Jenseits macht ihm eine seltsame transdimensionale Dämonenkreatur ein Angebot, daß er nicht ablehnen kann und er kehrt unter die Lebenden zurück, mit einem Gefahrensinn und übernatürlichem Timing, daß ihn alles noch viel heldenhafter macht.\nDas erlaubt es ihm, auf der Suche nach dem geheimnisvollen, aber für die weiteren Ereignisse auch unwichtigen Artefakt gegen einen Haufen südamerikamische Klischee-Nazi-Überlebende anzutreten und auch sonst von einem Bond-Szenario in das nächste zu fallen.\nWährend die Rho Agenda (The Second Ship, Immune und Wormhole) eine Jugendbuchreihe war, geht Once Dead und Dead Wrong klar auf Erwachsene, die sonst auch gerne James Bond oder Geschichten von Clancy gelesen hätten. Der Schreibstil und die Erzählweise ist cinematisch und eigentlich schreit die Geschichte nach einer aufwendigen Verfilmung. Das würde der FridgeLogic in den Büchern auch besser tun.\nUrlaubslektüre (Malta in meinem Fall). Ich bereue nichts.\n\u0026ldquo;Once Dead \u0026rdquo;, Richard Philips, EUR 6.99 \u0026ldquo;Dead Wrong \u0026rdquo;, Richard Philips, EUR 4.99 Auch bald:\n\u0026ldquo;Dead Shift \u0026rdquo;, Richard Philips, EUR 4.99 ","date":"2015-02-14T00:00:00Z","href":"https://blog.koehntopp.info/2015/02/14/fertig-gelesen-once-dead-und-dead-wrong.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Once Dead und Dead Wrong"},{"categories":null,"content":"Unter der Magie der Geschichten und Bücher liegt die Magie des Gewebes der Welt. Im dritten Teil der Libriomancer-Geschichten von Jim C. Hines lernen wir endlich, wie das alles zusammenhängt. Dazu schickt Hines seinen Helden und seine verschiedenen Begleiterinnen auf einen regelrechten Höllenritt gegen eine potentielle Göttin und die Gefechtszone zweier übermächtigter Fraktionen - die Porter und die Studenten von Bi Sheng, und er macht keine Gefangenen.\nUnbound Am Ende ist die Welt eine andere, denn in den magischen Kämpfen der verschiedenen Parteien gelangt das Geheimnis der Magie der Bücher an die Öffentlichkeit und es wird, daß \u0026ldquo;Autor\u0026rdquo;, also jemand, der die Realität umschreiben kann, wenn nur genügend andere daran glauben, eine waffenscheinpflichtige Tätigkeit ist…\nDie ersten beiden Bücher waren Spaß, aber der dritte Band ist hart, dunkel, und blutig. Es geht um nichts weniger als um die Geburt einer neuen Welt und den Tod der alten Welt und die Vernichtung einer Göttin, und so etwas geht nun einmal nicht ohne Schmerzen, Blut und Schreie ab.\nWas immer Ihr nach den ersten beiden Büchern der Serie habt, dieses Buch wird sie nicht erfüllen. Es ist besser.\n\u0026ldquo;Unbound \u0026rdquo;, Jim C. Hines, 11.99 EUR\nTrigger Warning: Depression\nMehr Reviews:\nLibriomancer Codex Born Unbound Revisionary ","date":"2015-02-14T00:00:00Z","href":"https://blog.koehntopp.info/2015/02/14/fertig-gelesen-unbound.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Unbound"},{"categories":null,"content":"Diese Woche ist Premiere von 50 Shades, und das offenbar auch noch auf der Berlinale mit einer Special Gala . Passend dazu rollte durch meine Tumblr dieses Post .\nDort verweist die inzwischen sehr erwachsene Mara Wilson (Mrs. Doubtfire, Matilda) auf \u0026ldquo;The Boss\u0026rdquo; von Abigail Burnette. Das Buch ist auf Amazon als Serieneinstieg kostenfrei zu bekommen.\n50 Shades ist ja die Story von Twilight mit kaum abgefeilten Seriennummern in ein \u0026ldquo;BDSM\u0026rdquo;-Setting transponiert - die Bücher zum Film haben als Fanfiction angefangen und die Namen der handelnden Personen und einige Details sind dann minimal geändert worden, um rechtliche Probleme zu vermeiden (Wikipedia ). Die emotionale Erpressung, Rape Culture und der Mißbrauch, den Twilight promoted (Dieser und Dutzende andere Artikel) wird dadurch noch deutlicher hervorgehoben.\n\u0026ldquo;The Boss\u0026rdquo; erzählt ebenfalls eine Geschichte zwischen zwei sehr unterschiedlich alten, unterschiedlich reich und mächtigen Personen, die eine Beziehung eingehen und sich dabei mit BDSM-Elementen vergnügen. Ähnlich wie in 50 Shades ist die Basis eine andere Geschichte mit abgefeilten Seriennummern - in \u0026ldquo;The Boss\u0026rdquo; beginnt das Setting a la \u0026ldquo;The devil wears Prada\u0026rdquo; - Sophie, die Heldin der Geschichte, ist eine Assistentin von Gabriella Winters, Herausgeberin des Modemagazin #1 Porteras in New York. Die Zeitung wird verkauft, und der Käufer ist, wie Sophie bald bemerkt, ihr One-Night-Stand von vor sechs Jahren, der in Wahrheit kein hungernder Künstler, sondern Multimillionär und Zeitungsmagnat ist. Sophie läßt ihre Affäre wieder aufleben, was kompliziert genug ist, da Arbeitsbeziehung, Altersunterschied und Statusunterschied sowie eine Reihe weiterer Verwicklungen das nicht gerade leichter machen.\nAnders als bei 50 Shades sind die involvierten Figuren bei \u0026ldquo;The Boss\u0026rdquo; jedoch Erwachsene und keine emotionalen Krüppel. Stattdessen reden sie miteinander, kommunizieren ihre Bedürfnisse und Absichten und versuchen, aneinander zu wachsen und zu verstehen. Außerdem kann die Autorin des Buches schreiben, was auch sehr hilft.\nMara\u0026rsquo;s Tip war gut: 96% weniger ekelig als 50 Shades. Geht nicht in 50 Shades, lest lieber dieses Buch. Die Zeit ist besser angelegt.\n\u0026ldquo;The Boss \u0026rdquo;, Abigail Barnette, 0.00 EUR (kostenlos)\n","date":"2015-02-08T00:00:00Z","href":"https://blog.koehntopp.info/2015/02/08/fertig-gelesen-the-boss.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: The Boss"},{"categories":null,"content":"Nach Rafael Chandler s \u0026ldquo;Astounding Antagonists\u0026rdquo; nun ein zweites Buch, das sich mit dem Konzept der Superhelden auseinandersetzt.\nIn Sandersons Welt bekommen gewöhnliche Menschen plötzlich Superhelden-Fähigkeiten, werden aber zu machthungrigen unmenschlichen Superschurken - \u0026ldquo;Epics\u0026rdquo;, wenn sie diese benutzen. Und so kommt es, daß die Menschheit binnen kürzester Zeit in eine Reihe von von Epics dominierten Diktaturen zerfällt.\nEine Gruppe gewöhnlicher Menschen, die Reckoners, machen sich auf die individuellen Schwächen jedes einzelnen Epics herauszufinden und diese zu töten, um die Menschheit zu befreien.\nIn Steelheart wird das Worldbuilding erledigt und die Hintergrundgeschichte etabliert. Ein paar grundlegende Regeln der Weltmechanik werden niedergelegt - wie man das von Sanderson gewohnt ist, passiert das nebenbei und ohne das Erzählen der eigentlichen Geschichte durch langes Expose zu unterbrechen.\nMitosis ist eine kürzere Geschichte, die eine Art Intermezzo zwischen Steelheart und dem in Kürze erscheinenden Firefight darstellt. In ihr wird das Regelwelt des Worldbuilding bestätigt und um eine wichtige Beobachtung erweitert.\nEine andere Sicht als bei Chandler auf ein sehr ähnliches Thema und gerade im Vergleich sehr spannend, aber natürlich auch eigenständig gelesen ein ausgezeichnetes Buch in gewohnter Sanderson-Qualität.\nSehr zu empfehlen.\nBrandon Sanderson, \u0026ldquo;Steelheart \u0026rdquo;, EUR 5.98\nBrandon Sanderson, \u0026ldquo;Mitosis \u0026rdquo;, EUR 1.21\n","date":"2014-12-30T00:00:00Z","href":"https://blog.koehntopp.info/2014/12/30/fertig-gelesen-steelheart-mitosis.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Steelheart, Mitosis"},{"categories":null,"content":"Die Idee: Fantasy mit Zwergen und Elfen in einem Fantasie-Weltraum. Die Ausführung: Leider auf eine Weise, die meine Suspension Of Disbelief zerstört, und eine Schreibweise und Storyführung, die mir auf die Nerven geht.\nDNF. Zum Glück nicht mal ein Euro, Schade um die Zeit.\n\u0026ldquo;Voidhawk \u0026rdquo;, Jason Halstead, EUR 0.89\n","date":"2014-12-30T00:00:00Z","href":"https://blog.koehntopp.info/2014/12/30/fertig-gelesen-voidhawk.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Voidhawk"},{"categories":null,"content":"Superhelden sind ja immer auch die Verkörperung von Idealen, und wenn sie nur das sind, sind sie stumpfe Abziehbilder und langweilig. Allen voran der langweiligste Superheld von allen mit dem langweiligsten Namen von allen - Superman. In solchen Geschichten, und insbesondere in den Geschichten von Supie sind die Bösen nicht nur deswegen die interessanteren, weil sie die cooleren Kostüme haben, sondern auch, weil sie nicht auf die Verkörperung von Idealen beschränkt sind, sondern richtige Schicksale haben und sich - anders als der Titelheld - weiter entwickeln können.\nThe Astounding Antagonists Chandler nimmt dieses Prinzip, und stellt es doppelt auf den Kopf. Er erzählt aus der Perspektive der Villains, und er gibt seinen Helden, den \u0026ldquo;guten\u0026rdquo; wie den \u0026ldquo;bösen\u0026rdquo;, eine Hintergrundgeschichte und eine Entwicklung, viel Tragik und eine Menge \u0026ldquo;Joan Osborne - One Of Us\u0026rdquo; .\nAm Ende gewinnen die Repräsentanten der gefährlichsten Konzepte überhaupt, die Verkörperung des menschliche Erfindungsgeist und der menschlichen Sturheit auf der einen Seite, und die Verkörperung von Humor und Mitgefühl auf der anderen Seite. Aber zu dem Zeitpunkt ist es schon gar nicht mehr entscheidbar, und auch nicht mehr wichtig, ob das die Guten oder die Bösen sind.\nGut investierte 4 Euro. Spannend und auf eine erbauliche und zugleich Gebäude erschütternde Weise weihnachtlich. :-)\nRafael Chandler​​​, \u0026ldquo;The Astounding Antagonists \u0026rdquo;, EUR 2.99\n","date":"2014-12-13T00:00:00Z","href":"https://blog.koehntopp.info/2014/12/13/fertig-gelesen-the-astounding-antagonists.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: The Astounding Antagonists"},{"categories":null,"content":"Graeber erklärt die Herkunft von Geld und Schuld, wie sie unser Denken und unsere Sprache geprägt haben und wieso Schulden nicht so funktionieren und nicht so entstanden sind, wie libertäre Volkswirtschafter es gerne darstellen. Auf dieser Basis diskutiert er die politischen Auswirkungen von Schulden im Kleinen und im Großen.\nLesebefehl: Wenn Ihr nächstes Jahr nur ein Buch lest, lest dieses.\n\u0026ldquo;Debt , the first 5000 years\u0026rdquo;, David Graeber, EUR 1.49\n","date":"2014-12-11T00:00:00Z","href":"https://blog.koehntopp.info/2014/12/11/fertig-gelesen-debt-the-first-5000-years.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Debt, the first 5000 years"},{"categories":null,"content":"\u0026ldquo;1491\u0026rdquo; ist ein Buch, daß versucht zu verstehen und zu erklären, wer auf den beiden amerikanischen Kontinenten gelebt hat, bevor die spanischen, portugiesischen und englischen Eroberer ankamen und wie diese Personen gelebt haben. Das Buch gliedert sich grob in drei Teile, die die Frage klären, wie viele Leute dort gelebt haben (Das Buch vertritt die These, daß die amerikanischen Kontinente wesentlich dichter bevölkert waren als Europa zu dieser Zeit), seit wann sie dort gelebt haben (Das Buch vertritt die These, daß es drei Einwanderungswellen gegeben hat, von denen die erste wesentlich älter ist, als man gemeinhin annehmen mag - nämlich vor oder zum Beginn der letzten großen Eiszeit) und wie sie dort gelebt und überlebt haben (Das Buch zeigt eine Reihe von Artefakten, die auf Kulturtechniken und Staaten mit von europäischen Kulturen vollkommen Techniken und Schwerpunkten hindeuten. Es zeigt auch, daß die Landschaften, die die europäischen Eroberer vorgefunden haben, verwilderte, von Seuchen entvölkerte, postapokalyptische Kulturlandschaften sind).\n1491, Charles C. Mann Die meisten dieser Ergebnisse basieren auf Forschungsergebnissen der letzten 25 bzw. 15 Jahre, sind also recht neu, aber der umfangreiche Anhang untermauert die Darstellungen im Buch recht gut. Am Ende bleibt die Erkenntnis, daß die Krankheiten und Keime, die von den Eroberern und ihren Tieren eingeschleppt worden sind, weitaus tödlicher waren als angenommen, und nicht nur Menschen, sondern ganze Erkenntnissysteme und Kulturen mehr oder weniger spurlos ausgelöscht haben.\nSehr spannend, sehr deprimierend, sehr dringende Leseempfehlung.\n\u0026ldquo;1491 \u0026rdquo;, Charles C. Mann, EUR 9.82\n","date":"2014-12-01T00:00:00Z","href":"https://blog.koehntopp.info/2014/12/01/fertig-gelesen-1491.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: 1491"},{"categories":null,"content":"Eine weitere Geschichte im Aetherwelt-Universum von Anja Bagus, und insbesondere eine, die auch den Metaplot weiter vorantreibt und in dem von ihr geschaffenen Universum weiter für Eskalation sorgt. Handwerklich schön gemacht und gut zu lesen, spielt sich vor dem Hintergrund eines Hotels im Hochschwarzwald und unter Aufnahme von Mythen und Märchen der Region ein Konflikt zwischen verschiedenen Parteien der Aetherwelt ab, bei dem wir als Leser mehr über das Wesen und die Macht der Magie in ihrer Welt lernen.\nAngenehm zu lesen und spannend, bei dem Preis ein echtes Schnäppchen.\n\u0026ldquo;Waldesruh \u0026rdquo;, Anja Bagus, EUR 3.99\n","date":"2014-12-01T00:00:00Z","href":"https://blog.koehntopp.info/2014/12/01/fertig-gelesen-waldesruh.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: Waldesruh"},{"categories":null,"content":"Eine kurze Sammlung von Kurzgeschichten, die ein größeres Ganzes ergeben. Spannend, lustig, ein wenig hakelig, hängt sich die Story schematisch an Charles Stross \u0026ldquo;Laundry\u0026rdquo; - Bürokratie rettet den Tag, oder gar die ganze Welt vor Monstern aus den Zwischendimensionen.\n\u0026ldquo;The Bureau of Substandards Annual Report \u0026rdquo;, Sabrina Chase, EUR 2.68\n","date":"2014-11-26T00:00:00Z","href":"https://blog.koehntopp.info/2014/11/26/fertig-gelesen-the-bureau-of-substandards-annual-report.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: The Bureau of Substandards Annual Report"},{"categories":null,"content":"Nachdem Auri im zweiten Teil von Kingkiller immer wichtiger wurde, hat sie im Kopf von Patrick Rothfuss drin ein gewisses Eigenleben entwickelt. \u0026ldquo;The Slow Regard of Silent Things\u0026rdquo; ist Buch 2.5 von Kingkiller und führt den Story Arc nicht weiter. Stattdessen ist das Buch ein Blick in den Kopf von Auri, und eine literarische Abandoned Places Expedition in The Underthing unter der Universität.\nThe Slow Regard of Slient Things Das Buch ist geeignet für Leser von Kingkiller, also Leute die \u0026ldquo;The Name of the Wind\u0026rdquo; und \u0026ldquo;The Wise Man\u0026rsquo;s Fear\u0026rdquo; bereits gelesen haben. Leute, die die beiden Bücher nicht kennen werden mit diesem Buch nichts anfangen können. Ihnen sei Patrick Rothfuss dennoch ans Herz gelegt, aber es lohnt sich, seine Reihe vorne anzufangen. In jedem seiner Bücher kann man sich jedoch an der Sprache genau so wie am Pacing und am Storytelling berauschen.\nBei \u0026ldquo;The Slow Regard of Silent Things\u0026rdquo; kommen außerdem noch die ganz wunderbaren und überaus zahlreichen Illustrationen von Nate Taylor dazu, siehe auch Marvel at the Artwork of… Unbedingt lesen!\n\u0026ldquo;The Slow Regard of Silent Things \u0026rdquo;, Patrick Rothfuss, EUR 8.99\n","date":"2014-10-28T00:00:00Z","href":"https://blog.koehntopp.info/2014/10/28/fertig-gelesen-the-slow-regard-of-silent-things.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: The Slow Regard of Silent Things"},{"categories":null,"content":"Dies ist ein sehr sperriges Buch, das sich zwar Zeit in seinen Erklärungen nimmt, sich aber andererseits wenig Mühe gibt, seinen Punkt in allgemein verständlicher Sprache zu machen. Wolin erklärt, was er mit dem Begriff \u0026ldquo;Inverted Totalitarism\u0026rdquo; meint und beschreibt dann die emergenten Mechanismen, die nach 9/11 dazu geführt haben, wie aus American Superpower eine Corporate Superpower wurde, und wie diese sich mit dem Muster des Totalitarismus anders als dieser an die Macht geschlichen hat und wie sie die Macht genau anders herum als dieser strukturiert.\nDemocracy Incorporated Wolin definiert Totalitarismus als ein System, wo sich alle Bereiche des Staates, insbesondere auch die Wirtschaft, der Politik unterzuordnen haben und in dem eine Gleichschaltung und politische Dauer-Mobilisierung der Bürger durch die Politik für die Themen der Politik erfolgt.\nEr grenzt dazu das \u0026ldquo;inverted\u0026rdquo; ab, in dem er das aktuelle System beschreibt. In diesem ordnet sich genau anders herum Politik vollkommen den Interessen der Wirtschaft (den relevanten Teilen davon, also dem \u0026ldquo;miltärisch industriellen Komplex\u0026rdquo; von Eisenhower) unter. Außerdem gibt eine politische Demobilisierung der Wählerschaft, also ein gewolltes Desinteresse der Wähler an der Politik, und es gibt keine Gleichschaltung von oben und abweichende Meinungen werden nicht nur toleriert, sondern auch gefördert, solange sichergestellt ist, daß sie kein politisches Gewicht bekommen.\nAmorphe, dauerhafte Bedrohungen (\u0026ldquo;Terror!\u0026rdquo;, \u0026ldquo;Ebola!\u0026rdquo;, \u0026ldquo;Die organisierte Kriminalität\u0026rdquo;) sind dabei die Instrumente, mit denen auf die Masse eingewirkt wird, wirtschaftliche Differenzierung (\u0026ldquo;Wohlstand nur bei Konformität\u0026rdquo;) die Instrumente, mit denen auf Individuen eingewirkt wird, um eine Einreihung statt einer Gleichschaltung zu erzeugen.\n\u0026ldquo;Democracy Incorporated: Managed Democracy and the Specter of Inverted Totalitarianism \u0026rdquo;, Sheldon S. Wolin, EUR 11.54\n","date":"2014-10-27T00:00:00Z","href":"https://blog.koehntopp.info/2014/10/27/fertig-gelesen-democracy-incorporated.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Democracy Incorporated"},{"categories":null,"content":"Das Buch erklärt die verschiedenen bronzezeitlichen Hochzivilisationen der Mittelmeeranrainer, und wie diese miteinander in Verbindung standen. Es belegt insbesondere auf der Grundlage historischer Quellen die Existenz und Struktur eines umfangreichen Handels über das Mittelmeer, und zeigt, wie intensiv dieser war und wie er organisiert war. Es wird deutlich, daß die Mittelmehranrainer keine isolierten Stämme waren, sondern ein reger internationaler Handel und eine starke Abhängigkeit der Nationen untereinander existierte.\n1177 B.C. - The Year Civilization Collapsed Das Buch schildert dann den multikausalen Zusammenbruch der verschiedenen Kulturzentren zwischen 1200 und 1100 BC als Systemversagen, eine Kettenreaktion, die durch Klimaveränderung und Dominoeffekte ausgelöst worden ist, und schließt mit einem Ausblick auf die Entstehung der Eisenzeit und wie diese sich soziokulturell von den Kulturen der Bronzezeit unterscheidet.\n\u0026ldquo;1177 B.C. - The Year Civilization Collapsed \u0026rdquo;, Eric H. Cline. EUR 7.99\n","date":"2014-10-04T00:00:00Z","href":"https://blog.koehntopp.info/2014/10/04/fertig-gelesen-1177-bc-the-year-civilization-collapsed.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: 1177 B.C. - The Year Civilization Collapsed"},{"categories":null,"content":"Eine klassische Reisereportage: Rose George fährt auf einem modernen Containerfrachter auf einer Handelsroute. Die verschiedenen Stationen nimmt sie zum Anlaß, über die Wandlung der Handelsmarine durch die Einführtung des Containers nachzudenken, die soziale Situation von Seeleuten, die Piraten vor Somalia, oder Maersk als Fracht-Firma und andere Aspekte der Containerindustrie. Ein spannender und kurzweiliger EInblick in einen zentralen und fast unsichtbaren Bestandteil unserer Welt.\n\u0026ldquo;Deep Sea and Foreign Going \u0026rdquo;, Rose George, EUR 6.49\n","date":"2014-10-04T00:00:00Z","href":"https://blog.koehntopp.info/2014/10/04/fertig-gelesen-deep-sea-and-foreign-going.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Deep Sea and Foreign Going"},{"categories":null,"content":"Ein Buch darüber, wie die Börse sich in den vergangenen 10 Jahren verändert hat, und warum sie nichts mehr mit den Ideen und Konzepten zu tun hat, die in unseren Köpfen existieren.\nEin Buch über Computertechnik, Nanosekunden, Latenz, und über Frontrunning und andere Konzept der Gewinnabschöpfung, und über legalen Betrug, der sich noch unregulierter oder durch Lobbies deregulierter Methoden bedient.\nEigentlich eine Pflichtlektüre für jeden, der wissen möchte, wie unsere Welt funktioniert.\n\u0026ldquo;Flash Boys \u0026rdquo;, Michael Lewis, EUR 8.49\n","date":"2014-10-04T00:00:00Z","href":"https://blog.koehntopp.info/2014/10/04/fertig-gelesen-flash-boys.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Flash Boys"},{"categories":null,"content":"EUR 3.80 und die war es nicht wert. Jede Menge verschenktes Potential. Irgendwo im Asteroidengürtel hängt seit Dekaden ein Alien-Schiff antriebslos rum, und endlich gelingt es einer Mission, dort hin zu kommen und es zu betreten. Doch es bleibt nicht bei einer Xeno-Archäologie-Mission, sondern es wird zu einer Erstkontakt-Mission.\nFluency Was eine spannende Geschichte, eine Begegnung mit dem Fremden hätte sein können, wird eine schlechter Schmachtroman mit platten Figuren und SciFi-Versatzstücken. Zeitverschwendung. Memo to self: Die Autorin in Zukunft vermeiden.\n\u0026ldquo;Fluency \u0026rdquo;, Jennifer Foehner Wells, EUR 3.80\n","date":"2014-10-04T00:00:00Z","href":"https://blog.koehntopp.info/2014/10/04/fertig-gelesen-fluency.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Fluency"},{"categories":null,"content":"Does what it says on the tin. Also, as a Genesis story for the FIMiverse, it kind of makes sense. Geek level is over 9000.\n\u0026ldquo;The God Empress of Ponykind\u0026rdquo;, iowaforever, free download @ http://www.fimfiction.net/story/62041/the-god-empress-of-ponykind ","date":"2014-10-04T00:00:00Z","href":"https://blog.koehntopp.info/2014/10/04/fertig-gelesen-the-god-empress-of-ponykind.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: The God Empress of Ponykind"},{"categories":null,"content":"Die Mitte der USA ist von mutierten Genmaisfeldern überwuchert, die zwar nicht eßbar sind, aber wichtigen Treibstoff für die fliegenden Inselstädte der Empyrean liefern. Unten leben in Armut, Verfall und Mutation die Heartlander, deren Situation nicht nur schlecht, aussichtslos und hoffnungslos ist, sondern auch laufend schlimmer wird - we get it, Chuck, aber Chuck bringt gute 2/3 seines Buches damit zu, Expose zu machen und seine Figuren in Stellung zu bringen.\nUnder the Empyrean Sky Dann endlich passiert ein bischen was, aber auch das ist alles nur Setup für den zweiten Teil. Den ich leider nicht lesen werde, weil ich zu genervt bin. Schade, denn ab hier könnte es vielleicht gut werden, aber wer weiß das schon.\n\u0026ldquo;Under the Empyrean Sky \u0026rdquo;, Chuck Wendig, EUR 5.99\n","date":"2014-10-04T00:00:00Z","href":"https://blog.koehntopp.info/2014/10/04/fertig-gelesen-under-the-empyrean-sky.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Under the Empyrean Sky"},{"categories":null,"content":" It’s gotten dark out, sliver moon over the lake but everything inland mostly blackness with occasional streetlights. The chill and the smell of woodsmoke remind her of Halloweens back in Lawrence. She can see her breath.\nShe figures it’s about fifty degrees Fahrenheit. Which—the Fahrenheit part—pisses her off. Violet will never be able to instinctively judge temperatures in Celsius. She wasn’t raised to. And being raised without the metric system is like being raised with a harness on your brain.\nIn metric, one milliliter of water occupies one cubic centimeter, weighs one gram, and requires one calorie of energy to heat up by one degree centigrade—which is 1 percent of the difference between its freezing point and its boiling point. An amount of hydrogen weighing the same amount has exactly one mole of atoms in it.\nWhereas in the American system, the answer to “How much energy does it take to boil a room-temperature gallon of water?” is “Go fuck yourself,” because you can’t directly relate any of those quantities.\nWild Thing ist ein Buch über Wissenschaft und unser Verhältnis zum Mysteriösen und Unbekannten, zu unserer Bereitschaft, zu Glauben statt die Wahrheit zu suchen.\nDr. Pietro Brnwa ist auf der Flucht vor der Mafia, und in einem Zeugenschutzprogramm. Er gerät an einen Multimilliardär, der ihn als Leibwächter an die Seite einer Paläolontologin stellt, die für ihn ein prähistorisches Monster in einem See irgendwo im Norden der Vereinigten Staaten finden soll. Die beiden geraten in eine verfallene und verzweifelte Stadt, in eine Verschwörung, und in eine Scooby Geschichte.\nSehr großartig geschrieben, mehr als ein Plot-Twist und ein großartiger Tanz mit der wissenschaftlichen Methode.\n\u0026ldquo;Wild Thing \u0026rdquo;, Josh Bazell\n","date":"2014-10-04T00:00:00Z","href":"https://blog.koehntopp.info/2014/10/04/fertig-gelesen-wild-thing.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Wild Thing"},{"categories":null,"content":"Kriminalgeschichte im Stile von Casablanca, die in einem dystopischen Europa 50 Jahre in der Zukunft spielt. Ein Europol-Kommissar und Ex-Soldat aus den Solarkriegen soll den Mord an einem Europarlamentarier aufklären, um im Laufe der Geschichte zu lernen, daß nichts in seinem Universum echt oder ehrlich ist.\nDrohnenland Was \u0026ldquo;The Circle \u0026rdquo; hätte sein können. Leseempfehlung, großartiges Buch.\n\u0026ldquo;Drohnenland \u0026rdquo;, Tom Hillenbrand, EUR 9.99\n","date":"2014-08-17T00:00:00Z","href":"https://blog.koehntopp.info/2014/08/17/fertig-gelesen-drohnenland.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Drohnenland"},{"categories":null,"content":"Does exactly what it says on the tin. Endlessly brillant. 89 cent.\nBuy. It. Now. Also, keep your sanity loss dice ready.\n\u0026ldquo;101 Cthulhu Mythos Haiku \u0026rdquo;, Marcus R. Gilman, EUR 0.89\n","date":"2014-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2014/08/11/fertig-gelesen-101-cthulhu-mythos-haiku.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: \"101 Cthulhu Mythos Haiku\""},{"categories":null,"content":"Eine Reise in die Geschichte und die Ursprünge des Rollenspiels und der Erzählspiele. D\u0026amp;D, Empires of the Petal Throne und was alles danach passierte, wieso wir uns in den 80er Jahren trotz des unsagbar schlechten Fernsehprogrammes nicht gelangweilt haben und viel zu viele Cover von Rollenspielbüchern.\nVieles hier wußte ich schon, manches nicht, anderes ist bestimmt besser recherchiert als ich mir für mich selber die Mühe gemacht habe. Eine gute Zusammenstellung und vor allen Dingen ein gutes Buch, um es seinen Eltern zu geben, um ihnen zu erklären, was ihr Kind damals vor 25 Jahren so gemacht hat. Oder was es mit manchen Aspekten von #awesomecosplay auf sich hat.\n\u0026ldquo;Drachenväter \u0026rdquo;, Tom Hillenbrand, Konrad Lischka, EUR 14.99\n","date":"2014-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2014/08/11/fertig-gelesen-drachenvater.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: \"Drachenväter\""},{"categories":null,"content":"Das Amt für Aetherangelegenheiten muß eine Serie von Mordfällen an Bord des fliegenden Spielcasinos Fortuna aufklären. Die Aufgabe fällt dem aethersensitiven, blinden Adligen Claudius zu, doch statt sich an die Fakten zu halten verstrickt er sich mehr und mehr in die ganze Geschichte.\nFortuna: Geschichten aus der Aetherwelt Eine kurze Geschichte, schnell und unterhaltsam erzählt, auch wenn man schon sehr bald ahnt, wie es ausgehen wird. Aber, hey, 99 Cent und mehr Aetherwelt. Da kann man nichts falsch machen.\n\u0026ldquo;Fortuna: Geschichten aus der Aetherwelt \u0026rdquo;, Anja Bagus, EUR 0.99\n","date":"2014-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2014/08/11/fertig-gelesen-fortuna-geschichten-aus-der-aetherwelt.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: \"Fortuna: Geschichten aus der Aetherwelt\""},{"categories":null,"content":" The door opened again, and Ship’s Surgeon Leonard McCoy came in. Without a word to anyone, he walked crookedly to the wall, leaned heavily against it, and said something that sounded like “Plergb hfarizz ungemby, and coffee.” Bones McCoy was not a morning person.\nHow much just for the planet? Pleep, the wall replied, and then pling for the delivery of Scott’s breakfast, and pling again for Spock’s. They sat down at the table with Kirk.\nThe captain had broken the yolk on one of his eggs, buttered his toast, and had his glass two-thirds of the way to his mouth before noticing that the liquid in the tumbler was blue.\nNot the deep indigo of grape juice, or the soothing azure of Romulan ale, but a luminous, electric blue, a color impossible in nature.\nKirk looked around the table. Scott and Spock were discussing some obscure engineering aspect of the bal—Deployable Practice Target. There didn’t seem to be anything wrong with their breakfasts; Scott’s black coffee was black, Spock’s juice was pale gold. Dr. McCoy was still waiting for his meal, watching the rest of them like a vulture with a hangover, but his stare had a distinctly unfocused quality. Maybe it was just the early hour, Kirk thought, a trick of the light or something. He looked at his juice again. Still blue.\nStarship captains are a special breed of beings who boldly go, et cetera. Kirk took a sip of the blue liquid. It tasted just like orange juice. It even had pulp that got caught in his teeth, just like orange juice.\nOne more look. Blue.\nThe wall plinged, and McCoy brought his tray to the table. Kirk looked at the doctor’s meal: there was a huge mug of coffee, a slab of Virginia ham, and an enormous heap of something else. The something else was orange, in the same way Kirk’s juice had not been orange: it was signal-flare orange, bright as a Christmas necktie. Kirk noticed that Spock and Scotty had stopped talking, and eating, and were looking intently at the orange mound on the doctor’s plate.\nOblivious, McCoy buttered the orange heap, sliced the ham, and went at them like a starving man.\nAfter a moment, Spock finished his crackers and cheese, stood up, and slipped his tray into the disposal slot. “Excuse me, Captain, Mr. Scott, Dr. McCoy. I have some preparations to make for the Target tests.”\n“Aye,” Scott said, watching McCoy eat as the syrup congealed around his own oatcakes. Kirk said “Of course, Spock.” McCoy said “Gmltfrbl.”\nKein Review mehr notwendig. Comedy Gold.\n\u0026ldquo;How Much for Just the Planet? \u0026rdquo;, John M. Ford, EUR 5.36\n","date":"2014-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2014/08/11/fertig-gelesen-how-much-for-just-the-planet.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: \"How Much for Just the Planet?\""},{"categories":null,"content":"AMQP, das Queueing-Protokoll, ist der zentrale Kommunikationsbus im verteilt arbeitenden Openstack-System: API-Server nehmen Arbeitsaufträge via Web-Interface oder REST-API entgegen, verwandeln sie in AMQP-Messages und die irgendwo im System laufenden Consumer arbeiten die Aufträge ab und geben Resultate zurück.\nNatürlich will man das ganze System betreiben ohne sich irgendwo ein ekeliges Erlang einzutreten, stellt dann aber schnell fest, daß QPid ein blöder Scheiß ist, der beim leisesten Windhauch umfällt. Rabbit dagegen läuft durch. Ok, was tun?\nDas Buch hier gibt einem ein solides Handle, um einen Rabbit sinnvoll betreiben, administrieren und debuggen zu können und diskutiert auch die wichtigsten Programmier-Paradigmen, mit denen man zu tun hat. Das ist gut, weil man mit Sicherheit auch im Code rumwühlen muß, wenn man ein Openstack am Hacken hat, denn fertig ist das noch lange nicht.\nEkeliges Thema, notwendiges Buch.\n\u0026ldquo;RabbitMQ Essentials \u0026rdquo;, David Dossot, EUR 9.37\nEDIT: Es gibt jetzt eine 2. Auflage: RabbitMQ Essentials: Build distributed and scalable applications with message queuing using RabbitMQ, 2nd Edition , Lovisa Johannsson und David Dossot, EUR 11.98\n","date":"2014-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2014/08/11/fertig-gelesen-rabbitmq-essentials.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: \"RabbitMQ Essentials\""},{"categories":null,"content":"Ausgehend von Ägypten blickt das Buch auf den Umgang der arabischen Welt mit der Sexualität in allen ihren Facetten und wie sie sich unter dem Einfluß des radikalen Islamismus verändert hat. Gerade auch die historische Perspektive auf Sexualtät und die Rolle der Frau im Kalifat ist spannend, weil sie zugleich den modernen Islamismus demaskiert als Gewalt gegen sich selbst und andere aus Unsicherheit.\nSex and the citadel Alles in allem sehr lesenswert und eine wertvolle Ergänzung zu The Veils Resurgence \u0026ldquo;Sex and the Citadel: Intimate Life in a Changing Arab World \u0026rdquo;, Shereen El Feki, EUR 7.04\n","date":"2014-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2014/08/11/fertig-gelesen-sex-and-the-citadel.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: \"Sex and the citadel\""},{"categories":null,"content":"Comanche. Das ist das Ute-Wort für \u0026ldquo;Feind\u0026rdquo;.\nEmpire of the Summer Moon Die Comanche waren einer der am einfachsten strukturierten Stämme der Prärien des Westens und von den anderen Stämmen an den Rand abgedrängt worden, bis sie um das 16. Jahrhundert herum die von Süden aufkommenden Pferde der Spanier für sich entdeckten und das Leben zu Pferde perfektionierten.\nDer Comanche des 18. Jahrhunderts lebt auf dem Rücken seines Pferdes, schießt Pfeile mit Metallspitzen mit einer Feuerrate von mehr als 20 Schuß pro Minute unter dem Hals seines Pferdes aus dem vollen Galopp, und trifft dabei mit 19 von 20 Pfeilen sein Ziel, auch auf Entfernung. Damit zwingen die Comanchen nicht nur die Apachen aus ihrem angestammten Gebiet und drängen die Spanier nach Süden zurück, sondern sie halten für ein halbes Jahrhundert auch die Eroberung des nordamerikanischen Kontinents durch die englischen Siedler aus dem Osten auf.\nErst durch Verbesserungen der Waffentechnik, den Colt und dem mehrschüssigen Hinterlader sowie die Büffel-Büchse gelingt es den Siedlern, die reitenden Stämme der Prärie zurückzudrängen, indem sie sie den Büffel als Nahrungsgrundlage der Stämme und die Indianer gleichermaßen abschlachten und in Reservate zurückdrängen. Beide Seiten gehen dabei in einem Krieg um nackte Existenz mit äußerster Brutalität vor.\nDas Buch zeichnet den Aufstieg und Fall der Comanche anhand der Schicksale von Cynthia Ann Parker und ihrem Sohn, Quanah Parker. Cynthia Ann Parker wurde bei einem Überfall der Comanche auf Fort Parker, Texas geraubt und wächst bei den Comanche unter dem Namen Nauta (\u0026ldquo;Findelkind\u0026rdquo;) auf. Sie heiratet Peta Nocona, einen Häuptling der Comanche, und hat mit ihm mehrere Kinder, darunter Quanah Parker, den letzten Häuptling der Comanche in Freiheit.\nEin Sachbuch, das einmal wieder demonstriert, daß die Realität jeden Roman schlägt. Ein Buch über Imperien und ihren Aufstieg und Niedergang. Ein Buch, daß zeigt, wie jung die USA eigentlich sind. Ein Buch über Militärgeschichte und Waffentechnik. Und ein Buch über brutalste Realpolitik auf beiden Seiten einer Frontlinie.\n\u0026ldquo;Empire of the Summer Moon \u0026rdquo;, S. C. Gwynne, EUR 7,16\n","date":"2014-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2014/08/11/fertig-gelesen-empire-of-the-summer-moon.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Empire of the Summer Moon"},{"categories":null,"content":"Ja, da kann man mal sehen, wie weit ich mit den Reviews hinterher bin. Schwarze-Helikopter-Agencies kommen in allen Suarez-Büchern vor, in diesem haben sie sich der Unterdrückung von die Menschheit destabilisierenden Technologien verschrieben. Davon gibt es seit den 60er Jahren des letzten Jahrhunderts eine Menge, denn die Menschen sind weitaus erfinderischer als nach Meinung des zuständigen Büros gut für sie ist.\nInflux Jetzt beginnt die Technik aber zu leaken, und es kommt zu einem Showdown. Muß unbedingt verfilmt werden, jede Menge richtig große Explosionen und nicht zu viel innere Logik. Leider auch eine Ecke zu viel Torture Porn.\n\u0026ldquo;Influx \u0026rdquo;, Daniel Suarez, EUR 10,34\n","date":"2014-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2014/08/11/fertig-gelesen-influx.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Influx"},{"categories":null,"content":"League of Extraordinary Gentle(wo)men done right, meets X-Men, meets Wild-Wild West. Larger-than-life steampunk universe with cheesy supervillain opponents forces a Mary-Sueish rich and overly able brooding enlisch Peer to form a team of mutants fighting the cunning \u0026ldquo;Machinst\u0026rdquo;, saving the Empire.\n\u0026ldquo;The Girl in the Steel Corset \u0026rdquo;, #1\nTeam formation, introduction of the mysterious supervillain, Storytelling Focus on Finley Jayne, the daugher of Dr. Jekyll/Mr. Hyde. Girl with Superpowers has to choose between the brooding rich guy with a dark secret and the smart and witty underworld boss.\n\u0026ldquo;The Girl in the Clockwork Collar \u0026rdquo;, #2\nTeam acts as a group, Storytelling Focus on Jasper Renn and the alleged murder in his background.\n\u0026ldquo;The Girl with the Iron Touch \u0026rdquo;, #3 (oder #5, mit den Kurzbüchern)\nStorytelling Focus on Emily and her relationship to Sam, and also her machine empathy powers. Back in London, the story expands on The Machinist and his creations\u0026hellip;\n\u0026ldquo;The Girl with the Windup Heart \u0026rdquo;, #4 (oder #7 mit den Kurzbüchern)\nStorytelling Focus on the Mila No-longer-Droid, and finally a showdown on the Machinist Arc.\nCinematigraphic Steampunk Storytelling, cliche-ridden, but entertaining, provided that you do not read all the books in one go.\n","date":"2014-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2014/08/11/fertig-gelesen-kady-cross-the-girl-with-the.html","tags":["lang_en","book","media","review","steampunk"],"title":"Fertig gelesen: Kady Cross \"The Girl with the ...\""},{"categories":null,"content":"danah boyd ist eine sehr praktisch orientierte Soziologin, die sich unter anderem mit dem Kommunikationsverhalten von Kindern und Jugendlichen auseinandersetzt, insbesondere im Zusammenhang mit sogenannten \u0026ldquo;neuen Medien\u0026rdquo;. Ihr Buch \u0026ldquo;It\u0026rsquo;s complicated\u0026rdquo; ist eine Fortsetzung und Erweiterung der Aufsätze zu dem Thema, die man in ihrem Blog finden kann, und sollte insbesondere für gewisse \u0026ldquo;ZOMG, die Kinder!\u0026quot;-Aktivisten in der Politik Pflichtlektüre sein.\nIt\u0026rsquo;s complicated Alles in allem eine dringende Leseempfehlung.\n\u0026ldquo;It\u0026rsquo;s complicated\u0026rdquo;\nIdentity \u0026ldquo;Why do teens seem strange online?\u0026rdquo; Privacy \u0026ldquo;Why do you share so publicly?\u0026rdquo; Addiction \u0026ldquo;What makes teens obsessed with social media?\u0026rdquo; Danger \u0026ldquo;Are sexual predators lurking everywhere?\u0026rdquo; Bullying \u0026ldquo;Is social media amplifying meanness and cruelty?\u0026rdquo; Inequality \u0026ldquo;Can social media resolve social divisions\u0026rdquo; Literacy \u0026ldquo;Are today\u0026rsquo;s youth digital natives?\u0026rdquo; Searching for a public of their own \u0026ldquo;It\u0026rsquo;s complicated \u0026rdquo;, Danah Boyd, 13.37 EUR (sic!)\n","date":"2014-02-07T00:00:00Z","href":"https://blog.koehntopp.info/2014/02/07/fertig-gelesen-its-complicated.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: \"It's complicated\""},{"categories":null,"content":"Ein SciFi-Roman über Buchhaltung in einer interstellaren Gesellschaft ohne FTL-Reisen. Wie kann man in so einem Umfeld Finanztransaktionen über Lichtjahre abwickeln, Investments und Kredite über Jahrhunderte vorfinanzieren und Verträge zwischen Entities schaffen, die sich konstruktionsbedingt nie treffen können?\nNeptune\u0026rsquo;s Brood Und wie sieht Betrug über Dutzende von Lichtjahren und zwei Jahrtausende aus?\nCharles Stross schafft es, aus diesen Zutaten eine Geschichte zu konstruieren und diese sogar spannend zu machen. Ich bin enorm beeindruckt. Gut angelegtes Geld, im wahrsten Sinne des Wortes\u0026hellip;\n\u0026ldquo;Neptune\u0026rsquo;s Brood \u0026rdquo;, Charles Stross, EUR 11.99\n","date":"2014-01-29T00:00:00Z","href":"https://blog.koehntopp.info/2014/01/29/fertig-gelesen-neptunes-brood.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: \"Neptune's Brood\""},{"categories":null,"content":"Wright vertritt die These, daß Makro-Geschichte eine Richtung oder Weiterentwicklung oder zumindest ein Thema hat, auch wenn es auf der Mikroebene immer wieder Rückschritte oder lokale Abweichungen gibt. In der Spieltheorie gibt es Nullsummen-Spiele, bei denen eine Partei nur auf Kosten einer anderen Partei Gewinne machen kann, und es gibt Nicht-Nullsummenspiele, bei denen beide Parteien nur durch Kooperation Gewinne machen können (dann aber beide) oder halt beide gemeinsam verlieren.\nWright interpretiert die Geschichte jetzt als eine Folge von immer mehr und immer größeren Nicht-Nullsummenspielen, also als eine Abfolge von mehr und besserer Kooperation durch verbesserte Kommunikation und Integration, Aufbau von Abhängigkeiten und Arbeitsteilung, Spezialisierung.\nDie lokalen Abweichungen und Rückschritte sind für ihn Nullsummenspiele innerhalb der größeren Nicht-Nullsummenspiele, bei denen es Streit um die Verteilung der erwirtschafteten Kooperationsgewinne gibt. Kommt es dabei zu zu unfairen oder einseitigen Spielausgängen, ist die resultierende Situation in der Regel so instabil, daß es zu Konflikten kommt, die oft das größere Kooperationsspiel zum Stillstand bringen\u0026hellip;\nSeine Argumentation ist mir plausibel und eine viel größere und umfassendere Version von Dingen, die denen ich nur in kleinerem Maßstab begegnet bin (Wieso wir uns veröffentlichen ). Sie resoniert auch mit bestimmten Argumentationslinien der #Spackeria - etwa, wenn diese sagt, daß Big Data nun einmal da ist und auch nicht wieder weg gehen wird, sondern nur immer billiger zu machen sein wird, und die Antwort daher nicht Datenschutz sein kann, sondern nur Offenlegung und Regulierung der Gewinne aus der Verdatung aller Aktivitäten. Wright hat eine Menge Beispiele, wie dies kein neuer Konflikt ist, sondern in der Vergangenheit regelmäßig gelöst worden ist.\n\u0026ldquo;Nonzero - The Logic of Human Destiny \u0026rdquo;, Robert Wright, EUR 9.02\n","date":"2014-01-29T00:00:00Z","href":"https://blog.koehntopp.info/2014/01/29/fertig-gelesen-nonzero.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: \"Nonzero - The Logic of Human Destiny\""},{"categories":null,"content":"\u0026ldquo;The Circle\u0026rdquo; ist eine hypothetische Google-Facebook-Twitter-Nachfolgefirma und der Star des Silicon Valley. Die Firma hat sich totale Transparenz und umfassende Datenerfassung auf die Fahnen geschrieben. Mae Holland fängt durch Beziehungen bei The Circle an und wird auf Grund konstruierter Verwicklungen dort durch die Abteilungen geschoben und über die Zeit zum Firmenmaskottchen.\nAber die Handlung ist irrelevant. Dave Eggers ist auf einer Mission, und bastelt daher einen hölzernen Lehr-Roman ohne relevante Handlung oder glaubhafte Personen. Die Handelnden (denn Personen sind es nicht) haben zum Teil Neurosen von Seinfeld-Ausmaßen ohne daß es wie bei Seinfeld Komik-Potential hat, und die Verwicklungen sind konstruiert.\nIn einer Szene bekommt Mae zum Beispiel Probleme, weil sie eine Einladung über ein Social Network zu einem Event, für das sie sich nicht angemeldet hat und für das ihr interesse nur inferiert war, nicht beachtet hat und sie weder angenommen noch abgelehnt hat. Jeder, der nur 20 Sekunden lang online gewesen ist, wird solchen Social Spam genau so behandeln, und niemand macht deswegen irgendein Problem, weil es das ist, was man macht. Von diesen konstruierten Problemen stapelt Eggers eines auf das nächste, und langweilt die Geschichte vor sich bin, bis man das Buch irgendwann verärgert schließt und vom Gerät wirft.\nEs gibt tausend Dinge, die man zu diesem Thema hätte sagen können oder müssen, aber Eggers bearbeitet keines von diesen. Es gibt tausend Weisen, auf die man die Message von Eggers hätte transportieren können, die weniger langweilig und hölzern gewesen wäre, aber Eggers verschmäht sie alle.\nSo eine Verschwendung von Zeit und Speicherplatz habe ich lange nicht auf dem Device gehabt.\n\u0026ldquo;The Circle \u0026rdquo;, Dave Eggers, EUR 9.99, zu viele Seiten\n","date":"2014-01-29T00:00:00Z","href":"https://blog.koehntopp.info/2014/01/29/fertig-gelesen-the-circle.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: \"The Circle\""},{"categories":null,"content":"Sebastian Bergmann hat mir Brandon Sanderson im Allgemeinen und \u0026ldquo;The Rithmatist\u0026rdquo; im besonderen zum Froscon 2013 ans Herz gelegt, und ich habe ihn mir damals noch gleich auf den Kindle geklickt, aber es hat bis Weihnachten gedauert, um das Buch durchzulesen.\n\u0026ldquo;The Rithmatist \u0026rdquo;, Brandon Sanderson\nDer Schtick von Brandon Sanderson ist die die Konstruktion von in sich geschlossenen, plausiblen Magielogiken und Weltenbau, und beides führt er hier meisterhaft aus. In diesem Universum sind die vereinigten Staaten ein Inselarchipel, das von den Europäern besiedelt und von den südamerikanischen Imperien verschmäht worden ist - die Europäer verstanden bald warum, nachdem sie von zweidimensionalen animierten Kreidemonsterbildern (sic!) angegriffen werden.\nDoch die Magie der Kreidezeichnungen wurde von den Europäern des US-Archipels bald entschlüsselt, domestiziert und zur Verteidigung gegen die wilden Kreidekreaturen verwendet. Unsere Gesichte beginnt sehr viel später, in den 1880ern, dem Uhrwerkszeitalter, mit dem Sohn eines Kreidemachers an einer Universität für Kreidemagie und wir schlittern in eine politische Krise, Intrigen und die langsame Entdeckung von Hintergründen und der Logik der Kreidemagie\u0026hellip;\nDas Buch fühlt sich an wie der erste Band von etwas, das eine Serie werden will, ist aber eine in sich geschlossene Erzählung und enthält sehr viele, zum Verständnis hilfreiche Schautafeln und Zeichnungen, die ganz wunderbar gezeichnet sind. Die Geschichte ist fesselnd und Sanderson ist in der Tat ein ganz wunderbarer Weltenbauer. Kaufen, lesen.\n\u0026ldquo;The Rithmatist \u0026rdquo;, Brandon Sanderson, EUR 6.49\n","date":"2014-01-29T00:00:00Z","href":"https://blog.koehntopp.info/2014/01/29/fertig-gelesen-the-rithmatist.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: \"The Rithmatist\""},{"categories":null,"content":"Fertig gelesen: \u0026ldquo;Finishing School\u0026rdquo; Series (Etiquette \u0026amp; Espionage, Curtsies and Conspiracies), Gail Carriger\n\u0026ldquo;Mademoiselle Geraldine\u0026rsquo;s Finishing Academy for Young Ladies of Quality\u0026rdquo; ist nicht der Ort, zu dem Sophronia Temminnick gerne möchte, aber nach einem Vorfall mit dem Lastenfahrstuhl, dem Dessert und Frau Barnaclegoose hat ihre Mutter die Geduld mit ihr verloren.\nNachdem Sophronia dann jedoch lernt, daß besagte Academy aus einer Reihe von Blimps über dem Moor besteht, den Ladies of Quality in der Tat beigebracht wird, wie sie stylish jemanden finishen können findet sie ihr Schicksal gar nicht mehr so schlimm und lernt neben einem korrekten Augenaufschlag auch Giftmischen und Spionieren.\nSophronias Schule existiert in einem Steampunk-England der 1850er Jahre, in dem Werwölfe, Geister und Vampire in die Gesellschaft integriert sind. Da die Finishing School-Variante von Gail Carrigers \u0026ldquo;Parasol Protectorate\u0026rdquo; die Young Adult-Geschmacksrichtung dieses Universum ist, wird die Romance-Komponente hier ausgefiltert. Da wir uns außerdem 20 Jahre vor dem Parasol Protectorate befinden, lernen wir hier die Schuljahre der Figuren aus dem Parasol Protectorate kennen - Genevieve Lefoux und Sidheag Maccon aus dem Parasol Protecorate tauchen hier auf, und natürlich hat auch Lord Akeldama seinen Auftritt\u0026hellip;\nTatsächlich ist es günstig, die Finishing School vor dem Parasol Protectorate zu lesen, denn auf diese Weise liest man die Geschichten in der chronologischen Reihenfolge und man bekommt etwa eine Intrige um den Schulabbruch von Sidheag Maccon, der ganze 7 Bände braucht, um sich in allen Einzelheiten, Folgen und persönlichen Interaktionen zu enthüllen\u0026hellip;\nGail Carriger ist auf den ersten Blick ein wenig albern, und es wird erst bei längerem Lesen klar, daß wir es hier nicht nur mit einem einigermaßen konsistenten und gut ausgedachten Universum zu tun haben, sondern auch mit einer soliden Erzählkonstruktion und recht fesselnden Characterisierungen - und einer extrem unterhaltsamen Schreibweise.\nEtiquette and Espionage (Finishing School #1), Gail Carriger, EUR 5.49\nCurtsies and Conspiracies (Finishing School #2), Gail Carriger, EUR 4.49\n","date":"2014-01-19T00:00:00Z","href":"https://blog.koehntopp.info/2014/01/19/fertig-gelesen-finishing-school-series.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: \"Finishing School\" Series (Etiquette \u0026 Espionage, Curtsies and Conspiracies)"},{"categories":null,"content":"In \u0026ldquo;The Departure \u0026rdquo; treffen wir auf eine überbevölkerte, dystopische und hoffnungslose Erde, in der \u0026ldquo;Das Komitee\u0026rdquo; eine Überwachungsbürokratur und einen Sicherheitsstaat zur Verwaltung des allfälligen Mangels etabliert hat. Der Protagonist, Alan Saul, entwickelt sich zum Hybridwesen aus Mensch, Maschine und Wetware-Extensions und übernimmt die Raumstation \u0026ldquo;Argus\u0026rdquo;, um sie in einer langen Reise zum Mars zu bewegen. In seinem Übernahmekampf löst er auf der Erde eine Revolution gegen das Komitee aus.\n\u0026ldquo;Zero Point \u0026rdquo;\n\u0026ldquo;Zero Point\u0026rdquo; setzt dort auf, und schildert die Re-Etablierung einer Ordnung auf der postrevolutionären Erde - die Konterrevolution auf den Resten der Zwangsstrukturen des Komitee macht eine einzelne Komitee-Bürokratin, Serene Galahad, zur (leider komplett größenwahnsinnigen) Diktatorin der Erde, die dann Asher-typisch einmal komplett aufräumt\u0026hellip;\nUnterdessen geht man an Bord der Argus ebenfalls dem Größenwahn nach und rüstet die ehemalige Raumstation und Orbitalfestung mit einem experimentellen Überlichtantrieb aus (Alcubierre Drive ).\nDie Bio-Hazmat-Klamotten aus Teil 1 behält man besser an, denn Asher stellt mit neun Milliarden Leichen in dieser Geschichte eine Art Rekord auf. Ansonsten eine zu gleichen Teilen deprimierende und Hoffnung machende Geschichte und spannende Unterhaltung - Asher neigt jedoch immer ein wenig zu Torture Porn, und einige Stellen habe ich überblättern müssen, weil sie nicht nur ekelig waren, sondern das auch noch notlos\u0026hellip;\nNeal Asher, \u0026ldquo;Zero Point \u0026quot;, EUR 5.64 ","date":"2014-01-19T00:00:00Z","href":"https://blog.koehntopp.info/2014/01/19/fertig-gelesen-zero-point-neal-asher.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: \"Zero Point\""},{"categories":null,"content":"Neal Asher kenne ich als Autor eher von seinen Geschichten aus dem \u0026ldquo;Polity\u0026rdquo;-Universum. Dort sind seine Helden bis an die Oberkante Unterlippe hochge-mary-sue\u0026rsquo;t und entsprechend muß er seine Welten mit Gegnern und feindseligen Biosphäre versorgen, die irgendwo zwischen \u0026ldquo;over the top\u0026rdquo; und \u0026ldquo;lächerlich\u0026rdquo; angesiedelt sind, damit seine Geschichten ihren Helden Gegner präsentieren können, die angemessen sind.\nThe Departure Insofern war \u0026ldquo;The Departure\u0026rdquo; ungewöhnlich, denn hier ist der Planet eine Erde, deren Ressourcen von ihren 18 Milliarden Bewohnern erschöpft sind und in der eine Bürokratur, das Komitee, jede Hoffnung auf Besserung und Weiterentwicklung erstickt. Ashers Dystopie ist dabei erschreckend realistisch, denn er transportiert Drohnentechnologie und Robotik, Überwachungsstaat und Sicherheitsideologie direkt weiter in das 22. Jahrhundert und baut eine Entwicklungslegende in diesen Staat, die nahtlos auf dem Jetzt aufbaut und deren Beginn bereits heute zu erkennen ist und daher um so logischer erscheint.\nMan täusche sich nicht - Ashers Held ist eine typische Asher-Figur: Adam Saul ist überintelligent und zugleich motorisch überentwickelt und zudem noch experimentell augmentiert. Seine Geschichte beginnt in einer Bourne-Identity Situation, in der Saul in einer Transportkiste ohne Gedächnis aufwacht und sich lediglich an eine andauernde Folter durch eine Gestalt erinnert, die nicht nur wie ein Agent Smith aus der Matrix aussieht, sondern auch so heißt.\nDer Rest der Geschichte ist dann ein Asher-typischer Rachesplatter, Bio-Hazmat-Kleidung ist angesagt.\nNeal Asher, \u0026ldquo;The Departure \u0026quot;, EUR 6.27\n","date":"2013-12-05T00:00:00Z","href":"https://blog.koehntopp.info/2013/12/05/fertig-gelesen-the-departure-neal-asher.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: \"The Departure\""},{"categories":null,"content":"Ein Sachbuch über die Ursprünge der Konsumentenkultur in den USA, und dem Rest der Welt im Kontext der industriellen Revolution zu Anfang des zwanzigsten Jahrhunderts. Gezeigt werden die technischen und sozialen Veränderungen und wie sie die Gesellschaft und ihre Werte verändert haben. Dabei verzichtet das Buch weitgehend auf Wertungen und beschränkt sich auf Darstellung der Zusammenhänge und Belege.\nEine faszinierende und extrem aufschlussreiche Lektüre. Wer sich für Geschichte, Gesellschaft und Politik interessiert sollte sich das durchlesen.\n“Land of Desire “, William R. Leach, 10.12 EUR\n","date":"2013-11-23T00:00:00Z","href":"https://blog.koehntopp.info/2013/11/23/fertig-gelesen-land-of-desire.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Land of Desire"},{"categories":null,"content":"Was Watergate mit der neunten und zehnten Apollo Mission zu tun hat, und wieso das auch 50 Jahre später noch ein Problem ist, erklären McDevitt und Resnick hier, in einer Geschichte, die für McDevitt durchaus alle typischen Elemente enthält.\nThe Cassandra Project Die Wendung am Ende ist nicht ganz unerwartet, aber gut ausgeführt. Alles in allem ein langsames Pacing, McDevitt halt, aber fesselnd und unterhaltsam geschrieben, und man weil ja doch wissen, ob man mit seiner Vermutung richtig liegt\u0026hellip;\n\u0026ldquo;The Cassandra Project ”, McDevitt, Resnick, 4.31 EUR\n","date":"2013-11-23T00:00:00Z","href":"https://blog.koehntopp.info/2013/11/23/fertig-gelesen-the-cassandra-project.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: The Cassandra Project"},{"categories":null,"content":"Die zerbrochene Puppe kam hier quasi zeitgleich mit Aetherhertz von Anja Bagus rein und ist ebenfalls ein deutscher Streampunk-Roman, da hören die Gemeinsamkeiten auch schon auf. Während ich Aetherhertz so heruntergelesen habe und gespannt auf einen zweiten Teil warte, habe ich mich durch die zerbrochene Puppe hindurch kämpfen müssen.\nDie zerbrochene Puppe Dabei ist das Setting eigentlich spannend und hat eine Menge Potential: Vulkanausbrüche im Norden haben zur Wikingerzeit das Klima zum Kälteren beeinflußt und so ist die Welt der \u0026ldquo;Zerbrochenen Puppe\u0026rdquo; vom Eis geprägt und die technische Entwicklung hat einen anderen Weg genommen.\nDie Physikerin Æmelie von Erlenhofen wird auf einer Konferenz in Venedig ermordet. Ihr Mann Naþan, ein Maler und Weichei, wird durch den Mord traumatisiert und stolpert Konversationen mit einer beschädigten Porzellanpuppe habend ohne viel Agency durch die Handlung, bis die Bösen am Ende aufgeben und die Handlung sich von selbst in Wohlgefallen auflöst. Oder fast jedenfalls.\nVielleicht bin ich von der geschilderten Kälte depressiv geworden. Vielleicht bin ich auch nur müde, Bücher zu lesen, in denen die Protagonisten Props sind, die von der Handlung durch die Seiten geschoben worden. Vielleicht sind zwei Autoren einer zu viel und die Inkonsistenzen in der Charakterisierung des Protagonisten nicht gut für meine Suspense of Disbelief. Ich weiß es nicht…\nDie zerbrochene Puppe , Judith Vogt, Christian Vogt, 8.99 EUR\n","date":"2013-11-18T00:00:00Z","href":"https://blog.koehntopp.info/2013/11/18/fertig-gelesen-die-zerbrochene-puppe.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: Die zerbrochene Puppe"},{"categories":null,"content":"Ich habe nun endlich \u0026ldquo;Republic of Thieves\u0026rdquo; von Scott Lynch durchgelesen. Das Buch ist der dritte Band der Gentlemen Bastards Sequence, nach The Lies of Locke Lamora und Red Seas Under Red Skies.\nRepublic of Thieves Das Buch war anstrengend - es ist, als ob es von zwei verschiedenen Personen geschrieben worden wäre. Teile lesen sich schnell, spannend und überraschend, und andere Teile sind vorhersagbar, langwierig und könnten leicht gekürzt werden. Immer, wenn man es gerade weglegen und aufgeben will, kommt man jedoch an Stellen, wo es endlich zur Sache geht und das Buch fesselnd und spannend wird.\nDas erste Fünftel des Buches vergeht mit dem Setup - nach dem Ende von Band 2 ist Locke ja tödlich und unheilbar vergiftet und die ersten 20% des dritten Bandes vergehen damit, daß er herumleidet und Jean mehr oder weniger vergeblich versucht, ihn zu retten bis die Handlung des dritten Bandes auftaucht und den beiden Dieben mal wieder die Agency aus der Hand nimmt.\nDer Rest des Buches ist nach dem bewährten Stil des ersten Bandes gestrickt - es läuft ein Handlungsstrang aus der Vergangenheit von Locke verwoben mit einem Handlungsstrang aus der Gegenwart, und einer Hintergrundhandlung (\u0026ldquo;Was die beiden Diebe nicht wissen, aber was wirklich passiert.\u0026rdquo;)\nDabei ist die Handlung der Gegenwart der Teil, der halbwegs spannend und flott ist, während die Rückblende vorhersehbar und zähflüssig ist und die Charactere dem Fantasy-Schablonenbuch \u0026ldquo;Charactere an einem Theater der Shakespeare-Zeit\u0026rdquo; entnommen sind. Von dort stammt auch die Handlung \u0026ldquo;Lustige Verwechslungsspiele mit einer unerwarteten Leiche\u0026rdquo;.\nAlles in allem läßt mich das Buch ein wenig unzufrieden zurück, aber es ist auch nicht wirklich ein schlechtes Buch.\nThe Republic of Thieves , EUR 9.99\n","date":"2013-11-18T00:00:00Z","href":"https://blog.koehntopp.info/2013/11/18/fertig-gelesen-republic-of-thieves.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Republic of Thieves"},{"categories":null,"content":"Steampunk von Anja Bagus.\nAetherhertz Annabelle Rosenhertz lebt nach dem Verschwinden ihres Vaters mehr oder weniger alleine in Baden-Baden. In ihrer Welt steigt grüner Æther aus den Flüssen auf und wird verwendet, um Maschinen mit magischer Energie anzutreiben. Doch Æther hat auch die Macht, Menschen zu verändern - unter anderem Annabelle, die vor einigen Jahren mit Æther in Kontakt gekommen ist und seitdem mit ihrer veränderten Hand seltsame Dinge tun kann.\nIn Baden-Baden geschehen seltsame Dinge - junge Frauen fallen aus ungeklärten Gründen in Ohnmacht, Leute verschwinden. Annabelle gerät in eine magische Intrige, und in noch mehr Æther, der sie noch mehr verändert.\nFurioser Beginn einer offensichtlich als Serie angelegten und exzellent geschriebenen Steampunk-Geschichte, der Appetit auf weitere Bände macht - und auf den Anime zum Buch. :-)\nAetherhertz (Annabelle Rosenherz) , Anja Bagus, EUR 4.99 ","date":"2013-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2013/09/27/fertig-gelesen-aetherhertz-anja-bagus.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: Aetherhertz"},{"categories":null,"content":"Codex born ist der zweite Teil von Libriomancer und konzentriert sich mehr auf die Hintergrundgeschichte von Lena Greenwood, der Dryade aus der fiktionalen Softcore-Romance \u0026ldquo;Nymphs of Neptune\u0026rdquo;.\nCodex Born Hines nimmt dabei die Fertigkeiten seiner fiktionalen Gestalten ernst: So wie Poison Ivy in der Welt von Gotham eigentlich eine der mächtigsten Gestalten wäre, wenn sie sich von ihrer Batman-Fixierung lösen könnte, so sind Lena (und ihre Gegenspielerin Deifilia) mächtige magische Wesen, die ihre Stärke, die Kontrolle über Pflanzen, im Kampf rücksichtslos und mit voller Kraft einsetzen.\nDas Buch treibt außerdem die Hintergrundgeschichte voran und wir lernen mehr drüber, wer eigentlich die seltsamen Mächte sind, die Gutenberg über die Jahrhunderte immer mehr zusetzen und wir lernen mehr über die schmutzige Vergangenheit von Gutenberg selber.\nAuch hier gut angelegtes Geld.\nCodex Born , Jim C. Hines, EUR 13.53\nMehr Reviews:\nLibriomancer Codex Born Unbound Revisionary ","date":"2013-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2013/09/27/fertig-gelesen-codex-born.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Codex Born"},{"categories":null,"content":"In einem Tumblr-Feed ein Pinterest-Link und ein Hinweis des Autors, daß er einige Sachen in seinem Buch hat entschärfen müssen, weil es sonst \u0026lsquo;unglaubwürdig\u0026rsquo; gewesen wäre. Und einundachzig Cent. Ein überschaubares Risiko.\nCrazy Rich Asians Romance Standardplot 17: Rachel Chu, american asian, lernt Nicholas Young aus Singapur kennen. Was sie nicht weiß: Nicolas ist steinreich und Erbe einer Dynastie, und natürlich ist sie, Rachel, kein stück standesgemäß. Die Familie wird also gegen sie sein. Und sie kennt weder die lokalen Sitten und Gebräuche dort drüben, noch die des Standes von Nicolas.\nDieser will sie dann seiner Familie vorstellen, und Plot #17 läuft programmgemäß ab.\nDas Buch ist wegen des exotisch-asiatischen Flairs und dem Hintergrund \u0026ldquo;Superreiche Exzentriker drehen durch\u0026rdquo; trotzdem eine unterhaltsame Lektüre (und eine bessere Liebesgeschichte als Twilight). Und bei 81 Cent kann man nix falsch machen.\nCrazy Rich Asians , Kevin Kwan, EUR 0.81\n","date":"2013-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2013/09/27/fertig-gelesen-crazy-rich-asians-kevin-kwan.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Crazy Rich Asians"},{"categories":null,"content":"Das Buch ist der 2. Teil von Nexus . Entsprechend macht das Buch dort weiter, wo der erste Teil aufgehört hat:\nCrux Nexus ist freigesetzt und immer mehr Menschen benutzen die Nexus-Naniten, um sich direkt pseudotelepathisch miteinander zu vernetzen. Die alte Ordnung versucht, die damit verbundenen Umwälzungen aufzuhalten, indem sie Nexus-Träger isoliert und ausgrenzt.\nZudem existiert noch die Hintertür in der aktuellen Nexus-Implementierung, und die Frage, was aus Su-Yong Shu, dem chinesischen Upload einer Wissenschaftlerin in einen Quantencomputer, wird ist auch noch offen.\nCrux liefert Antworten auf die offenen Fragen und die losen Enden aus dem ersten Teil und schafft es, die Spannung und das Tempo des ersten Teiles aufuzugreifen und weiter zu führen.\nGute Scifi, sehr empfehlenswert.\nCrux , Rameez Naam, EUR 6.79\n","date":"2013-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2013/09/27/fertig-gelesen-crux-ramez-naam.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Crux"},{"categories":null,"content":"Hedy Lamarr (1914-2000), das Gesicht von der CorelDraw-Packung, war zu ihrer Zeit eine der schönsten Frauen der Welt und ein großer Hollywood Star. Sie war außerdem mathematisch begabt, hatte gute Kontake zur Rüstungsindustrie und zur Avantgarde-Kunstszene.\nHedy\u0026rsquo;s Folly Diese Biographie beschäftigt sich mit dem Leben von Hedy Lamarr und dem Musiker George Antheil, mit der Erfindung des Frequenzsprungverfahrens und der Spread Spectrum Technik, die heute die Grundlage von Wi-Fi, Mobilfunk und Bluetooth ist, und wie das alles zusammen gehört.\nDie faszinierende Geschichte von einer Frau, die viel, viel mehr als ein hübsches Gesicht in Hollywood war.\nHedy\u0026rsquo;s Folly , Richard Rhodes, EUR 8.00\n","date":"2013-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2013/09/27/fertig-gelesen-hedys-folly-richard-rhodes.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Hedy's Folly"},{"categories":null,"content":"\u0026ldquo;Das Sachbuch zu Office Space\u0026rdquo;?\nSeit kurzem gibt es Moral Mazes als Kindle-Edition. Robert Jackall beschriebt hier die Business Ethics und Regeln des Managements einiger amerikanischer Konzerne, auf der Basis von Interviews und Fallstudien in den späten 80er und frühen 90er Jahren.\nMoral Mazes Ich bin auf das Buch aufmerksam geworden, weil es in The Banality of Systemic Evil (sehr lesenswerter Artikel) erwähnt wird:\nAaron Swartz counted “Moral Mazes” among his “very favorite books.\nund\nThe bureaucracy was telling him to shut up and move on (in accord with the five rules in “Moral Mazes”), but Snowden felt that doing so was morally wrong.\nDie Mechanismen und Ideologien in Moral Mazes sind frustrierend und desillusionierend. Sie werden klar beschrieben, an Beispielen aufgezeigt und Teile davon hat jeder in mehr oder weniger großem Ausmaß entweder in seinem eigenen Job erlebt, oder sich bewußt für ein Arbeitsumfeld entschieden, das anders miteinander umgeht und sauberer funktioniert.\nAuf jeden Fall schärft die Lektüre den Blick für die Dysfunktionalitäten des Alltags und macht Mut zum Mut haben.\nMoral Mazes , Robert Jackall, EUR 10.66\n","date":"2013-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2013/09/27/fertig-gelesen-moral-mazes-robert-jackall.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Moral Mazes"},{"categories":null,"content":"Amy ist ein von Neumann (vN), ein Android mit der Fähigkeit, sich selbst zu replizieren. Sie ist außerdem defekt, und deswegen ein Gott: Während alle anderen vN eine Sicherheitsschaltung haben, die es ihnen unmöglich macht, gewalttätige Szenen zu denken, zu erleben oder auch nur anzusehen, ist bei Amy diese Sicherung defekt. Anders als ihre vN-Kameraden ist sie in ihren Handlungen frei und uneingeschränkt.\nvN Die Entwicklung von vN folgt dem Lamarckismus - Amy kann ihre erworbene Eigenschaft ihren Nachkommen vererben, und andere vN können sie bekommen, indem sie Amy assimilieren.\nAmy und ihr menschlicher Lebenspartner sind nun also auf der Flucht, und die eskaliert dann schnell\u0026hellip;\nMadline Ashby gelingt es, einen Nachfolger der Menschheit zu beschrieben, der vollständig im Uncanny Valley landet: vN sind menschlich genug, daß ihre Fremdartigkeit um so mehr hervorsticht. Diese Zielgenauigkeit läßt manche Schwächen in der Charactermotivation und einige Plotholes übersehen. Alles in allem gute SciFi der Mittelklasse, ihr Geld wert.\nvN: The Machine Dynasty , Madeline Ashby, EUR 5.22\n","date":"2013-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2013/09/27/fertig-gelesen-vn-madeline-ashby.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: vN"},{"categories":null,"content":"Cornelia Funke hat mit Tintenherz eine Geschichte geschrieben, in der ein Buchmagier und Vorleser die Gestalten und Gegenstände aus Büchern zum Leben in der realen Welt erwecken kann. Aber Tintenherz denkt die Logik der Magie von Büchern nicht konsequent zu Ende und ist nicht einmal im Ansatz dreckig genug.\nLibriomancer Wenn Tintenherz ein US-Western wäre, dann ist Libriomancer von Jim C. Hines die Italowestern-Version derselben Geschichte. In seiner Welt hat Gutenberg mit dem Buchdruck das Medium geschaffen, daß in den Glauben und Suspend of Disbelief von hunderten und tausenden Lesern greift und so das magietechnische Äquivalent zur industriellen Revolution entfesselt: Statt mit dem Glauben und Willen eines Einzelnen zu arbeiten, kann der Libriomancer das mit der Kraft von Vielen tun.\nIm Besitz dieser mächtigen magischen Waffe räumt Gutenberg in der verborgenen Welt des Magischen auf und definiert eine Jahrhunderte andauernde Machtbasis. Bis, tja, bis Isaac Vainio, Buchmagier, und Lena Greenwood, eine gewisse Dryade aus einer Softcore-Romance in die Geschichte geraten und feststellen, daß die von Gutenberg definierten Gewissheiten gewisse Variabilitäten enthalten die das jahrhunderte dauernde Gleichgewicht der Magier in Frage stellen.\nGutenberg verschwindet, aus den Niederdimensionen der Magie selber kommt eine eigenartige Bedrohung und gewisse Zauber und Magietheorien funktionieren nicht ganz so wie Gutenberg sie dokumentiert hat\u0026hellip;\nGut angelegtes Geld.\n\u0026ldquo;Libriomancer \u0026rdquo;, Jim C. Hines, EUR 5.60\nMehr Reviews:\nLibriomancer Codex Born Unbound Revisionary ","date":"2013-09-23T00:00:00Z","href":"https://blog.koehntopp.info/2013/09/23/fertig-gelesen-libriomancer.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Libriomancer"},{"categories":null,"content":"Noch schnell was zu lesen für heute Nacht?\nNexus Wir schreiben das Jahr 2040. Seit etwa 10 Jahren gibt es das ERD, das Emergent Risk Directorate, eine Abteilung des DHS zur Bekämpfung von Risiken, die sich aus den rasanten Weiterentwicklungen von Technologie, Emergenten Technologischen Bedrohungen, entwickeln.\nEine dieser Bedrohungen ist Nexus, eine Nicht-Droge aus Nanobots, die sich im menschlichen Gehirn einnisten und ein Brain Computer Interface, BCI, etablieren. Nexus erlaubt es seinen Benutzern, mit anderen Nexus-Usern in Kontakt zu treten und Emotionen oder gar Informationen direkt auszutauschen.\nKaden Lane ist der Anführer einer kleinen aber leider nicht ganz legalen Studiengruppe von Biotech-Studenten, die mit dem aktuellen Nexus-Strain herum experimentieren und festgestellt haben, daß sie auf den Nexus-Nodes im Körper eines Menschen eine verteilte von-Neumann-Maschine laufen lassen können und beginnen jetzt ein Betriebssystem für Nexus zu schreiben. Über das BCI können sie quasi-telepathisch kommunizieren, \u0026lsquo;ware in das Hirn laden und Körperfunktionen steuern.\nDas zieht natürlich die Aufmerksamkeit des ERD auf sich, und um den drakonischen Strafen des Chandler Act zu entgehen, der das ERD etabliert und bestimmte Technologien verbietet, werden Kaden und seine Freunde in den Dienst des ERD gepreßt.\nIhr Auftrag: Die chinesische Biowissenschaftlerin Su-Yong Shu auf einer Konferenz in Bangkok befreunden und mit ihr in Kontakt treten. Das ERD vermutet, das SYS verbotene Technologie nutzt, das chinesische Supersoldaten-Programm mit ihrer Forschung fördert und außerdem gute Kontakte zu den Schmugglersyndikaten hat, die Nexus herstellen und in Umlauf bringen.\nKaden gelingt die Kontaktaufnahme und muß schon bald herausfinden, daß es in diesem Spiel keine Seite gibt, die \u0026ldquo;die Guten™\u0026rdquo; repräsentiert.\nNexus ist ein Near Future SciFi mit glaubhafter Technik und einer guten und action-reichen Schreibe, der durchaus erfolgreich in die Spionageroman und Thriller-Genres hinüber reicht. Ramez Naam hat Autorenhintergrund, der Daniel Suarez nicht ganz unähnlich ist und wer Suarez gemocht hat, den wird Naam nicht enttäuschen.\nDer Roman bekommt von mir alle verfügbaren Punkte und eine dicke Leseempfehlung.\nDer Roman Crux spielt 3 Monate nach Nexus im selben Universum. Ich habe auch den halb durch und bisher ist er eine würdige Fortsetzung.\n","date":"2013-09-04T00:00:00Z","href":"https://blog.koehntopp.info/2013/09/04/fertig-gelesen-nexus-mankind-gets-an-upgrade-ramez-naam.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Nexus - Mankind gets an upgrade"},{"categories":null,"content":"Fertig gelesen: \u0026ldquo;Leila Ahmed - A Quiet Revolution: The Veil\u0026rsquo;s Resurgence, from the Middle East to America\u0026rdquo;\nA Quiet Revolution: The Veil\u0026rsquo;s Resurgence Vor dem Hintergrund der aktuellen Situation in Ägypten aktueller denn je: Trotz des Titels ist dieses Buch nicht wirklich ein Buch über die Verschleierung, sondern ein Buch über die Geschichte der Entwicklung der politischen Ideologie, die wir unter dem Namen \u0026ldquo;Islamismus\u0026rdquo; kennen und die Rolle der Frau darin.\nDer erste Teil des Buches beschriebt die Ursprünge dieser Ideologie vor dem Hintergrund der Geschichte Ägyptens als britische Kolonie, Gegner des jungen Israels, politischer Partner der Sowjetunion und politischer Gegenspieler Saudi Arabiens - und parallel dazu die Rolle und ideologische Entwicklung der Moslembruderschaft. Der zweite Teil geht dann auf die Entwicklung in den USA, speziell vor und nach 9/11 ein.\nEs wird deutlich, daß die politische Situation in Ägypten sehr viel komplizierter ist, als sie in den deutschen oder US-Medien dargestellt wird. Genau genommen ist die Berichterstattung vor dem Hintergrund der Informationen aus dem Buch ein ziemlicher Totalverlust.\nUnd es wird auch deutlich, daß Dinge wie das Burka- oder ein Verschleierungsverbot ungefähr die am wenigsten hilfreiche Maßnahme sind, daß sinnvolle politische Aktion aber einen Ausmaß der Auseinandersetzung mit dem Thema erfordern würde, die mit Merkelismus nicht erreichbar ist.\nseufz\n","date":"2013-08-22T00:00:00Z","href":"https://blog.koehntopp.info/2013/08/22/fertig-gelesen-a-quiet-revolution.html","tags":["book","review","media"],"title":"Fertig gelesen: A Quiet Revolution: The Veil's Resurgence"},{"categories":null,"content":"\u0026ldquo;Kris, bitte schau Dir mal unsere Datenbank an. Wir haben hier einen Generator für unsere Materialized Views, und auf einer Datenbank von 6 GB Größe werden 40 GB Speicher gefüllt und wir kommen sogar ins Swappen.\u0026rdquo;\nNa, das ist mal interessant. The fragliche Kiste hat 48 GB RAM, und in der Tat kaum 6 GB Daten.\nmysql\u0026gt; select -\u0026gt; sum(data_length+index_length)/1024/1024/1024 as gb -\u0026gt; from tables -\u0026gt; where table_schema not in (\u0026#39;information_schema\u0026#39;, \u0026#39;performance_schema\u0026#39;, \u0026#39;mysql\u0026#39;); +----------------+ | gb | +----------------+ | 5.832778930664 | +----------------+ 1 row in set (0.00 sec) Aber in \u0026ldquo;top\u0026rdquo; sieht das so aus, und wächst:\n7552 mysql 15 0 55.1g 43g 6888 S 0.7 91.7 499:13.56 mysqld Das wird sicher interessant.\nDer Zwilling dieser Maschine zeigt ähnliches Verhalten, aber auf einem niedrigeren Level.\nWenn es um Speicherprobleme und Swap geht, dann schaue ich routinemäßig erst mal die numa_maps der Maschine an. Aber sie und ihr Zwilling sind gut ausbalanciert.\nDer Zwilling:\n# /usr/local/booking-mysql/numa-maps-summary.pl \u0026lt; /proc/25996/numa_maps N0 : 1777572 ( 6.78 GB) N1 : 1777759 ( 6.78 GB) active : 37 ( 0.00 GB) anon : 3553604 ( 13.56 GB) dirty : 3553605 ( 13.56 GB) mapmax : 237 ( 0.00 GB) mapped : 1783 ( 0.01 GB) Wir starten den Server mal neu, um zu sehen, ob das Problem reproduzierbar ist. Ich zwinge den InnoDB Buffer Pool auch mal 10 GB kleiner, nur um sicherzugehen, daß wir da nichts falsch zu groß eingestellt haben.\nDie alte Speichersituation, und nach einem Neustart eine um 10 GB verkleinerter innodb_buffer_pool_size.\nDas scheint in der Tat das Problem zu beheben, aber wir haben immer noch eine InnoDB Buffer Pool Nutzung, die um den Faktor 3-4 oberhalb der Datengröße liegt, und das ist kaum zu erklären. Auch die Resident Set Size (RES) in top ist immer noch viel größer als die Datengröße.\nWas passiert hier wirklich? Wenn ich doch nur in den Buffer Pool hineinschauen könnte.\nMoment mal. Ich kann:\nmysql\u0026gt; select version(); +--------------+ | version() | +--------------+ | 5.6.6-m9-log | +--------------+ 1 row in set (0.00 sec) mysql\u0026gt; select table_name -\u0026gt; from tables -\u0026gt; where table_name like \u0026#39;innodb_buffer%\u0026#39;; +--------------------------+ | table_name | +--------------------------+ | INNODB_BUFFER_PAGE_LRU | | INNODB_BUFFER_PAGE | | INNODB_BUFFER_POOL_STATS | +--------------------------+ 3 rows in set (0.00 sec) Nach dem Nachlesen von INFORMATION_SCHEMA.INNODB_BUFFER_PAGE bekomme ich\nmysql\u0026gt; select page_type, -\u0026gt; count(*) * 16384/1024/1024 as mb -\u0026gt; from INNODB_BUFFER_PAGE -\u0026gt; group by page_type order by mb; +-------------------+----------------+ | page_type | mb | +-------------------+----------------+ | TRX_SYSTEM | 0.01562500 | | IBUF_FREE_LIST | 0.12500000 | | INODE | 0.15625000 | | FILE_SPACE_HEADER | 0.23437500 | | EXTENT_DESCRIPTOR | 0.32812500 | | IBUF_BITMAP | 0.45312500 | | SYSTEM | 2.03125000 | | ALLOCATED | 24.50000000 | | UNDO_LOG | 27.75000000 | | INDEX | 585.70312500 | | BLOB | 5073.81250000 | | UNKNOWN | 21932.60937500 | +-------------------+----------------+ 12 rows in set (4.48 sec) und vermutlich ein monumentales globales 5-Sekunden-Lock auf dem Buffer Pool, um dieses Ergebnis zu erzeugen. UNKNOWN ist in Wahrheit freier Speicher im Buffer Pool der soeben neu gestarteten Box. 5 GB sind in BLOBs, und das scheint der Kern unseres Problems zu sein. INDEX sind die Daten in den Tabellen (\u0026lsquo;PRIMARY\u0026rsquo;) und die sekundären Indices. Und der Rest ist Systemspeicher und sieht nicht krank aus.\nDie Frage ist also: Was ist mit dem ganzen BLOB-Speicher da? Wo kommt der her? Leider nutzen uns table_name und index_name hier gar nix, wenn der page_type BLOB ist:\nmysql\u0026gt; select page_type, -\u0026gt; table_name, -\u0026gt; index_name, -\u0026gt; count(*) * 16384 /1024/1024 as mb -\u0026gt; from INNODB_BUFFER_PAGE -\u0026gt; group by page_type, table_name, index_name -\u0026gt; order by mb; +-------------------+-----------------------------+-----------------------+----------------+ | page_type | table_name | index_name | mb | +-------------------+-----------------------------+-----------------------+----------------+ ... | UNDO_LOG | NULL | NULL | 27.75000000 | | INDEX | md2/kb_... | PRIMARY | 141.48437500 | | INDEX | md2/kb_... | PRIMARY | 430.87500000 | | BLOB | NULL | NULL | 5073.81250000 | Aber es gibt eine SPACE id, und die kann über INNODB_SYS_TABLESPACES aufgelöst werden. Schauen wir mal:\nselect page_type, -\u0026gt; table_name, -\u0026gt; index_name, -\u0026gt; sp.name, -\u0026gt; count(*) * 16384 /1024/1024 as mb -\u0026gt; from INNODB_BUFFER_PAGE as bp -\u0026gt; left join innodb_sys_tablespaces as sp -\u0026gt; on bp.space = sp.space -\u0026gt; group by page_type, table_name, index_name, bp.space -\u0026gt; order by mb; ... | INDEX | ...| md2/kb_............... | 141.48437500 | | INDEX | ...| md2/kb_.................... | 430.87500000 | | BLOB | ...| md2/kb_.................... | 5073.68750000 | ... Also haben wir hier eine bestimmte Tabelle, die den ganzen BLOB-Speicher aufbraucht. Die Definition legt das nahe:\nshow create table md2.kb_...\\G Table: kb_hotel_hotelpage Create Table: CREATE TABLE `kb_...` ( `id` mediumint(8) unsigned NOT NULL, `body` mediumblob NOT NULL, `digest` binary(20) NOT NULL, `last_change` int(10) unsigned NOT NULL, `last_check` int(10) unsigned NOT NULL, PRIMARY KEY (`id`), KEY `last_check` (`last_check`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 1 row in set (0.00 sec) Diese tabelle enthält mehr oder weniger alle Template-Variablen für eine id/action-Kombination in serialisierter Form, um die Anzahl von Queries pro Seite zu reduzieren. Eine normalisierte, live generierte Form der Seite braucht eine dreistellige Anzahl von Queries, ein Zugriff auf die vorgerechneten Daten generiert dieselbe Seite mit weniger als 7 Queries.\nWir schließen unser Debugging ab:\nKristian\u0026gt; Diese Blobs, werden die oft neu berechnet?\nSimonB\u0026gt; Im Moment ja, weil ich sie immer aktualisiere. Normalerweise würde ich das nur tun, wenn sich der Digest ändert.\nKristian\u0026gt; Resident Set Size ist jetzt bei 15 GB und stabil. Das heißt, wenn ich den Buffer Pool klein genug halte wird die Maschine nicht swappen. Wir verbrauchen eine Menge Network Buffer zusätzlich, wegen der ganzen Blobs, und das ist weswegen wir so einen großen Speicher-Overhead pro Connection haben\u0026hellip; Jedenfalls ist das grad meine operative Theorie. MySQL \u0026amp; BLOBs = ganz übler Mist.\nmysql\u0026gt; select min(length(body)), -\u0026gt; max(length(body)), -\u0026gt; avg(length(body)) -\u0026gt; from md2.kb_...; +-------------------+-------------------+-------------------+ | min(length(body)) | max(length(body)) | avg(length(body)) | +-------------------+-------------------+-------------------+ | 3002 | 478883 | 24968.2430 | +-------------------+-------------------+-------------------+ Das heißt, ich vermute, daß das ständige neu Schreiben der BLOBs in InnoDB die Storage Engine dazu bringt, vorübergehend eine große Menge BLOB-Speicher (neben dem eigentlichen Row-Speicher) zu allozieren. Und der Per-Connection Overhead ist größer, weil InnoDB BLOBs in den SQL-Teil von MySQL dupliziert werden, um dann über die Network Buffer zum Client gesendet zu werden. Böser Overhead.\nMySQL ist nicht sehr gut drain mit großen BLOBs umzugehen. Vielleicht sollten wir die SQL-Schicht mit HandlerSocket oder etwas anderem umgehen.\n","date":"2012-11-12T00:00:00Z","href":"https://blog.koehntopp.info/2012/11/12/dude-where-is-my-memory.html","tags":["mysql","performance","lang_de"],"title":"Dude, where is my memory?"},{"categories":null,"content":"\u0026ldquo;Kris, guck mal, connection surge auf $WICHTIGER_MASTER, davor kurzer Activity drop. Alle anderen Graphen sehen normal aus.\u0026rdquo;\n![Graph: Connection Surge]({{ site.baseurl }}/uploads/screenshot-kris-20121031-1.png)\nund\n![Graph: QPS Drop]({{ site.baseurl }}/uploads/screenshot-kris-20121031-2.png)\nIch gucke.\nAlle anderen Graphen sehen in der Tat normal aus. Aber um 13:20 kommt für kurze Zeit alles Processing zum Stillstand.\nWir haben ja log_processlist.pl. Falls es sich also um irgendein wildgewordenes Lock handeln sollte, würde ich das also in den 13_20 und 13_21 Dateien sehen. Beide sind in der Tat größer: Statt 250 Connections zeichnen wir deutlich über 400 Connections in diesen beiden Minuten auf.\nAber: In der Processlist sind keine Irregularitäten zu sehen. Es handelt sich, wenn unser Monitoring keine Löcher hat, nicht um einen Stall und Pileup im Datenbankserver, sondern eine externe Ursache.\nDies ist ein Master. Der hat sein Datadir auf einer NetApp. Mein Rat an den Fragesteller: Sprich mal mit den Filer-Leuten. Vielleicht haben die da grad an ihren Spielzeugen gebastelt. Während der Fragesteller davon zieht, wühle ich weiter in den Logs - wir haben ja genug davon.\nUnd dann:\nOct 31 13:20:10 master kernel: bnx2 0000:03:00.0: eth0: NIC Copper Link is Down Oct 31 13:20:20 master kernel: bnx2 0000:03:00.0: eth0: NIC Copper Link is Up, 1000 Mbps full duplex, receive \u0026amp; transmit flow control ON\nAha. Die Filer-Leute sind also freigesprochen, wir haben stattdessen freundliches Feuer von den Zauberschraubern bekommen. Ich nehme an, jemand dort ist so konzentriert am Zeugs racken gewesen, daß für sie inzwischen alle Server gleich sind - sehen ja auch alle gleich aus.\nDiese Person muß gefunden und auf das Lesen von Serverlabels aufmerksam gemacht werden. Manchmal ist die Datenbank halt nicht schuld.\n","date":"2012-10-31T00:00:00Z","href":"https://blog.koehntopp.info/2012/10/31/enemy-action.html","tags":["mysql","performance","mysql","lang_de"],"title":"Enemy Action"},{"categories":null,"content":"Wie Todd Farmer in Understanding mysql_config_editor’s security aspects richtig beobachtet, speichert die neue .mylogin.cnf, die von mysql_config_editor erzeugt wird, Paßworte nicht sicher ab. Sie verschleiert sie nur.\nDas Format der Datei ist wie folgt (am Beispiel von MySQL 5.6.7-RC):\n4 Bytes Zero (Version Information) 20 Bytes Key Generation Matter Wiederholend: 4 Bytes Länge Länge Bytes Ciphertext. Die Verschlüsselung erfolgt mit AES Encrypt , und diese Funktion ist selbst auch nicht sicher: Es handelt sich um einen aes-128-ecb mit einem NULL IV. Der Schlüssel, der in AES 128 rein geht, muß BINARY(16) sein, aber die Funktion nimmt Strings beliebiger Länge. Sie erzeugt den tatsächlich verwendeten Key, indem sie den mitgegebenen String zyklisch in einen BINARY(16) Puffer rein XOR\u0026rsquo;t, der mit Nullbytes initialisiert worden ist.\nIn Code:\n#! /usr/bin/php -q \u0026lt;?php $fp = fopen(\u0026#34;.mylogin.cnf\u0026#34;, \u0026#34;r\u0026#34;); if (!$fp) { die(\u0026#34;Cannot open .mylogin.cnf\u0026#34;); } # read key fseek($fp, 4); $key = fread($fp, 20); # generate real key $rkey = \u0026#34;\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\u0026#34;; for ($i = 0; $i \u0026lt; strlen($key); $i++) { $rkey[$i % 16] = ( $rkey[$i % 16] ^ $key[$i] ); } # for each line while ($len = fread($fp, 4)) { # as integer $len = unpack(\u0026#34;V\u0026#34;, $len); $len = $len[1]; # decrypt $crypt = fread($fp, $len); $plain = openssl_decrypt($crypt, \u0026#39;aes-128-ecb\u0026#39;, $rkey, true); # print print $plain; } Die Datei selber ist dann ein simples Textfile, nicht unähnlich einer .my.cnf:\nserver:~ # ./p.php [default] user = root password = s3cret host = localhost [localhost] user = root password = s3cret host = 127.0.0.1 Teil des Problems ist die Tatsache, daß das MySQL Protokoll das Klartextpaßwort auf dem Client in lesbar braucht, um ein Login zu ermöglichen. Wir haben Alternativen in diesem Artikel diskutiert. SSL Client Certs würden auch helfen.\n","date":"2012-10-03T00:00:00Z","href":"https://blog.koehntopp.info/2012/10/03/mylogin-cnf-passworte-wiederherstellen.html","tags":["mysql","security","lang_de"],"title":".mylogin.cnf Passworte wiederherstellen"},{"categories":null,"content":"So we tested the 5.6.7-RC. And ran into a strange problem:\nBecause of a test, a preexisting configuration with GTID enabled existed, and suddenly we did not have properly initialized grants in mysql.* created for a new installation. Turns out: GTID and non-transactional tables are no friends, and that is even documented .\nWhen using GTIDs, updates to tables using nontransactional storage engines such as MyISAM are not supported. This is because updates to such tables mixed with updates to tables that use a transactional storage engine such as InnoDB can result in multiple GTIDs being assigned to the same transaction.\nAlso, this is supposed to work with GRANT and REVOKE, but not with INSERT and DELETE. Now guess what mysql-install-db and friends are using?\nserver:~ # less /usr/share/mysql/mysql_system_tables_data.sql ... INSERT INTO tmp_user VALUES (\u0026#39;localhost\u0026#39;,\u0026#39;root\u0026#39;,\u0026#39;\u0026#39;,...); This is a larger problem: We are supposed to use GRANT and REVOKE, but many people are using INSERT and DELETE in mysql.* all of the time, and so do many applications. And the mysql.* tables are MyISAM, and always have been (except that nowadays there is a wild mix of CSV and InnoDB tables in there as well).\nMySQL cannot really ship GTID as a feature with MyISAM-tables in mysql.* and expect that to work anywhere. This is all very extremely broken and needs urgent fixing.\nThis is now support-case SR 3-6270525721: \u0026ldquo;MySQL 5.6.7-rc1, grants, replication and GTID cause problems\u0026rdquo; and will also soon have a bug number. And, no, fixing the mysql_system_tables_data.sql is not really removing the problem here.\n","date":"2012-10-02T00:00:00Z","href":"https://blog.koehntopp.info/2012/10/02/mysql-5-6-7-rc-gtid-vs-myisam.html","tags":["innodb","mysql","replication","lang_en"],"title":"MySQL 5.6.7-RC: GTID vs. MyISAM"},{"categories":null,"content":"Mein Kollege Dennis Kaarsemaker hat jetzt einen Artikel zu dem Replication Load Monitor von Booking.com gebloggt. Der Monitor basiert auf Arbeiten von Mark Leith .\nMöge er Euch allen nützen.\n","date":"2012-09-28T00:00:00Z","href":"https://blog.koehntopp.info/2012/09/28/mysql-replication-load-monitor.html","tags":["mysql","performance","replication","lang_de"],"title":"MySQL Replication Load Monitor"},{"categories":null,"content":"Ich habe heute an dem Problem weiter geforscht und wir haben etabliert, dass die Ursache nicht der Quelltext des betreffenden Diamond-Collectors sein kann.\nAuf allen betroffenen Kisten habe ich dann gesehen, daß die entsprechenden Queries gegen Performance-Schema ein\nmysql\u0026gt; select \\* from performance_schema.threads; Empty set (0.01 sec) zurück liefern.\nWeitere Untersuchung stellt heraus: P_S ist aber an. Jedoch:\nmysql\u0026gt; select \\* from performance_schema.setup_instruments; Empty set (0.03 sec) mysql\u0026gt; select \\* from performance_schema.setup_timers; Empty set (0.01 sec) mysql\u0026gt; select \\* from performance_schema.setup_consumers; Empty set (0.02 sec) und das bleibt auch so, sogar über Server-Restarts hinweg. Warum ist das so?\n# cd /mysql/\\*/data/performance_schema/ # ls -l total 1840 -rw-rw---- 1 mysql mysql 8624 Oct 6 2011 cond_instances.frm -rw-rw---- 1 mysql mysql 98304 Oct 6 2011 cond_instances.ibd -rw-rw---- 1 mysql mysql 61 Oct 6 2011 db.opt -rw-rw---- 1 mysql mysql 9220 Oct 6 2011 events_waits_current.frm -rw-rw---- 1 mysql mysql 98304 Oct 6 2011 events_waits_current.ibd ... und ein SHOW CREATE TABLE bestätigt das.\nDamit ist klar, wieso es überhaupt zu Transaktionen kommen kann:\nDer Code im Diamond-Collector setzt nur Queries gegen performance_schema ab. Da dort normal keine Tabellen vorhanden sind, die Transaktionen unterstützen, kann es auch nie zu Transaktionen kommen. In den defekten Kisten wurden die Tabellen in performance_schema fälschlicherweise als InnoDB erzeugt. Das alleine hätte kein Problem erzeugt, weil jedes Kommando in MySQL eine Transaktion in sich selbst ist - AUTOCOMMIT = 1.\nAber:\nStarting with 1.2.0, MySQLdb disables autocommit by default, as required by the DB-API standard (PEP-249)\u0026quot;.\nIn diesem Fall generiert das Lesen von InnoDB-Tabellen den Start einer r/o Transaktion und erzeugt einen Stable View auf alle InnoDB Tabellen. Dieser wird gehalten bis zum Ende der Transaktion, das niemals kommt, außer der Collector disconnected.\nDie immer weiter wachsende Größe des Undo-Logs verlangsamt den Server bis zum Stillstand. Ein KILL auf die Verbindung bringt nur vorübergehende Linderung.\nDer Fix ist in der Tat\n# mysql -BNe \u0026#34;select concat(\u0026#39;drop table \u0026#39;, table_name, \u0026#39;;\u0026#39;) from information_schema.tables where table_schema = \u0026#39;performance_schema\u0026#39;\u0026#34; | mysql performance_schema # mysql_upgrade ... und alles wird gut - sogar ohne Neustart.\nDie Ursache für das Seltsame Verhalten™ der betroffenen Büchsen bei einer automatisierten Installation verbleibt weiter unklar. Der betreffende Collector läuft jetzt jedoch auch auf diesen Maschinen und liefert Daten.\nWie viele MySQLer bin ich der Auffassung, dass AUTOCOMMIT = 0 oder SELECT \u0026hellip; FOR UPDATE eher schädlich sind. Dies hier wird ein weiteres ausgezeichnetes Beispiel in meinem argumentativen Arsenal sein.\n","date":"2012-09-25T00:00:00Z","href":"https://blog.koehntopp.info/2012/09/25/house-und-heisenberg-revisited.html","tags":["database","debug","monitoring","mysql","performance","lang_de"],"title":"House und Heisenberg revisited"},{"categories":null,"content":"Heute erreicht mich eine Mail, in der ein DBA sich über steigende Replication Delay in einer bestimmten Replikationshierarchie beschwert.\nDas ist schlecht, denn die betreffende Hierarchie ist wichtig. Also die \u0026lsquo;Wenn die nicht geht schlafen Leute unter Brücken\u0026rsquo;-Art von wichtig.\nDie Theorie war, daß die Änderungsrate in dieser Hierarchie so hoch ist, daß die Schreiblast von MySQL Replikation, die ja Single Threaded ist, nicht mehr bewältigt werden kann. Für diese Theorie sprach nach dem ersten Augenschein, daß alle betroffenen Kisten keine lokalen Platten hatten, sondern auf einem Filer lagen, und Filer sterben wegen der hohen Kommunikationslatenz im SAN bei uns in der Regel weit vor lokalen Platten, wenn es um Replikation geht: Filer sind mehr so beim parallelen Schreiben mit mehreren Threads gut.\nWenn dem so wäre, wäre das schon einen Seufzer wert, denn die betreffende Replikationshierarchie war gerade beim Reengineering auf dem OP und sollte eigentlich derzeit kaum ausbeutbare Technical Debt haben. Wenn die trotzdem Replication Delay akkumuliert, dann haben wir ein ernstes Problem.\nNun bin ich jemand, der Lügen gewohnt ist. Leute lügen. Und Maschinen lügen auch. Aber schauen wir erst mal ins Monitoring und schauen wie schlimm es ist. Ich greife mir einen Host aus der angeblich kränkelnden Hierarchie:\n![Graph: Replication Delay Monitor]({{ site.baseurl }}/uploads/replication-delay1.png)\nDer brandneue Replication Load Monitor ist ein tolles Spielzeug.\nWir sehen eine Weiterentwicklung einer Idee von Mark Leith: Mit Hilfe des Performance Schema überwachen wir, womit der SQL Thread der MySQL Replikation denn so seine Zeit verbringt und wieviel Prozent einer jeden Zeitscheibe er idle ist.\nMein SQL Thread auf der von mir zufällig herausgesuchten Maschine bringt etwa 20% seiner Zeit mit InnoDB Log IO zu und weitere 10-20% mit InnoDB Data IO. 60% sind Idle. Montag irgendwann nach 13 Uhr hat jemand dann in Panik \u0026lsquo;innodb_flush_log_at_trx_commit = 2\u0026rsquo; gesetzt und damit fällt die InnoDB Log IO-Wartezeit komplett weg (Data IO natürlich nicht).\nWie dem auch sei, so sieht der Graph einer überlasteten Hierarchie nicht aus. Wir haben möglicherweise ein Problem auf einigen Servern der Hierarchie, aber definitiv nicht auf diesem. Damit ist aber auch klar, daß das Problem nicht vom Master her kommen kann. Gute Nachrichten!\nWeiteres Nachbohren ergibt eine Liste von betroffenen Servern. Zwei von denen sind Qualitätssicherungssysteme, die haben keinen Speicher und interessieren mich nicht. Eines ist eine potentielle Produktionskiste, die derzeit aber vor sich hin idled. Die hat Speicher, und ist trotzdem langsam.\nSeit wann? Ich schnappe mir den Replication Delay Graph und zoome einmal raus. Das Problem besteht seit dem 20-Sep nachmittags, sagt der Graph.\nAlso zoome ich mich durch alle Graphen dieser Kiste für den 20-Sep und schaue einmal was mir da noch entgegen kommt.\n![Graph: Betroffener Rechner]({{ site.base_url }}/uploads/replication-delay2.png)\nKrankheitsbild: Akute und lebensbedrohliche DML-Schwäche seit Mitte des 20-Sep.\nEs ist offensichtlich, daß der Eimer ein Problem hat: Irgendwann am 20-Sep Nachmittags ist der von 150/250/50 I/U/D auf infinitesimal kleine Werte runter, und zwar nicht ruckartig wie bei einer Konfigurationsänderung, sondern in einer Entladungskurve, als ob sich irgendetwas zu zieht. Irgendwann am 21-Sep ist es der kranken Box dann noch mal ruckartig besser gegangen und wieder zieht sie sich dann bis zum Stillstand zu.\nDas ist doch schon mal ein guter Hinweis: Erstens suchen wir fast sicher nicht nach einem direkten Config Change und zweitens sehen wir an dem Spike dahinter, daß Recovery möglich ist.\nWir suchen nicht nach einem direkten Config Change, und das ist gut so, denn es hat in letzter Zeit auch keine solchen gegeben:\nroot@dba-master-01 [dba]\u0026gt; select new.report_date, new.config_variable, old.config_value, new.config_value from v_global_variables as old join v_global_variables as new on old.hostname = new.hostname and old.config_variable = new.config_variable and old.report_date + interval 1 day = new.report_date where old.hostname like @host and new.hostname like @host and old.config_value != new.config_value and old.report_date \u0026gt; now() - interval 6 month; +-------------+----------------------------+--------------+--------------+ | report_date | config_variable | config_value | config_value | +-------------+----------------------------+--------------+--------------+ | 2012-04-20 | thread_cache_size | 100 | 500 | | 2012-05-12 | innodb_max_dirty_pages_pct | 20 | 75 | +-------------+----------------------------+--------------+--------------+ 2 rows in set (0.82 sec) Weiteres Wühlen im Graphite bringt Erleuchtung, denn wir finden das Inverse des Activity Patterns hier:\nDie Causa: Der InnoDB Purge Thread hat seine Arbeit Mitte des 20-Sep eingestellt, zuckt noch einmal kurz und idled dann lustig weiter. Sollte Captain Undo-Log wieder unterwegs sein und mit dem Baseballschläger ausgeloggt werden wollen?\nEine kurze Inspektion der Prozeßliste zeigt nur zwei andere Kandidatenprozesse, einer ist ein root-User und einer ist ein cacti-Login. Mein Geld wette ich auf den root-user, ein kurzes Rumfragen auf dem Jabber und danach ein KILL auf die Connection-ID von dem Gesellen wird mir zeigen, ob ich Recht habe oder nicht: Wer nicht im Live-Channel auf dem Jabber ist wird sich schon melden, wenn ihm die Verbindungen wegfliegen.\nDer Effekt ist\u0026hellip; Null.\nAlso gut. Dann kriegt halt der Cacti auf\u0026rsquo;s Maul, weil ich grad schlechte Laune habe.\nNach Zufuhr einer passenden Dosis Laxativ (DBA KILL forte N) spontane Erholung, aber nach kurzer Linderung ein Wiedereinsetzen der Symptomatik.\nHerzallerliebst. Wir haben das Gegenteil eines Stehaufmännchens - ein Fallumchen. Immer wenn der Cacti User eine Kelle kriegt, fällt das Undo-Log wunschgemäß in sich zusammen und die Performance geht rauf. Danach zieht es sich in kürzester Zeit wieder zu und wir fallen auf das alte Niveau runter.\nDer alte Trick mit der Processlist klappt auch hier wieder: Das Login kommt von\nperformance_schema | ``` Moment. performance_schema? Cacti? Nein. Das ist nicht cacti. ```console lsof -i -n -P | grep 44467 mysqld 17242 mysql 178u # IPv6 3599986352 TCP ...:3306-\u0026gt;...:44467 (ESTABLISHED) diamond 18596 root 1u IPv4 3599986351 TCP ...:44467-\u0026gt;10.147.206.122:3306 (ESTABLISHED) ``` Ja. Das ist diamond, der Datenkollektor für Graphite. Und welches Modul von Diamond/Graphite ist am 20-Sep nachmittags global ausgerollt worden? ```console cd /etc/graphite/collectors ls -l MySQL*conf ... -r-------- 1 root root 471 Sep 20 14:19 MySQLPerfCollector.conf Der Replication Load Monitor. Ja, der da ganz oben im ersten Bild.\nDer liest zwar nur, aber aus irgendeinem Grund macht er das auf einigen Promille aller Boxen, und nur in dieser Replikationshierarchie!, in einer REPEATABLE READ read-only Transaction. Und die macht Diamond beim Login einmal auf und hält sie dann für immer und ewig, es sei denn, die Diamond-MySQL-Verbindung kippt, aus welchen Gründen auch immer, um. Und da die Verbindung auch nie Idle ist, timed sie auch nie aus.\nKurze Zeit nachdem Puppet dem Diamond die MySQLPerfCollector.conf auf enabled = false gesetzt hat haben wir eine dauerhafte Recovery:\nNatürliche Recovery nach Beseitigung der Ursache, ganz ohne KILL.\nWir lernen:\nMonitoring kann Performance-Effekte haben. Okay, keine neue Erkenntnis So ein Undo-Log und langlaufende Transaktionen können einen ganz schön runter ziehen. Okay, auch keine neue Erkenntnis. Es lag nicht an der Replikationslast, und auch nicht am Filer, auch wenn das gerade Mode ist, in diese Richtung zu blamen. Und Graphite ist meine Hündin. Was House sagt.\nMorgen schauen wir dem MySQLPerfCollector.py mal tiefer in die Eingeweide.\n","date":"2012-09-24T00:00:00Z","href":"https://blog.koehntopp.info/2012/09/24/der-herr-house-und-der-herr-heisenberg-haben-replication-delay.html","tags":["database","monitoring","replication","mysql","performance","lang_de"],"title":"Der Herr House und der Herr Heisenberg haben Replication Delay"},{"categories":null,"content":"Hier ist eine wichtige Zahl: Ein Coredump von einem MySQL auf einer Maschine mit knapp unter 200 GB Speicher dauert 15 Minuten. Auf SSD. Auf eine Festplatte dauert der gleiche Coredump dann knapp über 30 Minuten.\nWarum ist das eine wichtige Zahl?\nSSD sind schnell. Linear schreiben sie mehr als 200 MB pro Sekunde weg - ein ziemlich beeindruckendes Tempo, und noch dazu in einer Disziplin, wo sie nicht einmal optimal nutzbar sind. Auch moderne Serverfestplatten sind schnell - beim linearen Schreiben immerhin knapp halb so schnell wie eine SSD, oder 100 MB pro Spindel linear.\nAber moderne Maschinen haben halt auch eine sehr große Menge Speicher. Und 200 GB bei 200 MB pro Sekunde sind halt dann eine Viertelstunde pro Full Dump oder Full Scan.\nIn Eine reiche NoSQL-Anfragesprache macht Ulf Wendel sich Gedanken über die Leistungsfähigkeit von Abfragesprachen für NoSQL-Datenbanken, und ob es darstellbare Gemeinsamkeiten gibt.\nDas ist eine gute Überlegung, aber meiner Meinung nach setzt es schon mindestens einen Schritt zu spät auf. Zunächst will man sich Überlegen, ob man \u0026ldquo;seiner\u0026rdquo; NoSQL-Datenbank überhaupt Daten anvertrauen will. Die meisten SQL-Datenbanken sind nämlich außergewöhnlich schlechte lokale Speicher. Und das ist eine schlechte Ausgangsposition, denn alles, was mit horizontalem Scaleout und verteilten Datenbanken zu tun hat, setzt eine Schicht höher auf, und ist schlicht nicht gut tragfähig, wenn das Fundament schlecht ist.\nHier ist Redis . Redis ist ein Key-Value Store mit ein paar Extras, denn neben einem großen Hash mit Netzwerkinterface versteht es auch Strings, Listen (oder Stacks), Mengen und geordnete Mengen. Redis realisiert Persistenz auf genau dieselbe Weise wie MySQL Cluster:\nWann immer man möchte, erzeugt Redis einen point-in-time snapshot . Darunter verstehen die Redis-Entwickler einen fork() des Servers, und dann im Kindprozess ein Abspeichern des gesamten Datenbereiches auf Platte - also das Äquivalent eines Coredumps.\nWichtig dabei auch: Overcommit auf OS-Level erlauben, sonst darf man nur sein halbes RAM für Daten nutzen!\nWir wissen nun schon, daß dieser Schreibprozess auf einer zeitgemäßen Maschine etwa 15 oder 30 Minuten dauern wird und dabei die Bandbreite der Festplatte vollständig belegen wird. Im Falle eines Crashes hat man damit bei Recovery einen Stand, der bis zu 30 Minuten in der Vergangenheit liegt.\nRedis unterhält außerdem ein Append Only File (AOF), oder, wie man in Datenbanktermen sagen würde, ein Redo-Log.\nEs schreibt alle Änderungen an Daten in zeitlicher Reihenfolge mit.\nOhne Kompaktierung würde eine Recovery unendlich lange dauern, da alle Veränderungen an den Daten durch ein Abspielen des AOF der Reihe nach nachvollzogen werden.\nMit Kompaktierung - dem AOF Rewrite wie Redis dies nennt - werden doppelte Updates desselben Datensatzes zusammengefügt, sodass nur der letzte Schreibzugriff pro Datensatz gespeichert wird.\nAOF Rewrite skaliert sich auch nicht - jeder Postgres oder CouchDB DBA, der schon mal mit einem Postgres VACUUM FULL oder eine CouchDB Compaction laufen hatte, kennt genau die Auswirkungen, die ein AOF Rewrite hat.\nWie lösen traditionelle Datenbanken wie InnoDB das Problem? Mit einem Checkpoint .\nMySQL unterhält wie Redis ein Bild der aktuellen Daten auf der Platte - Redis in Form des point-in-time snapshot, MySQL in Form von InnoDB *.ibd-Files.\nAnders als Redis schreibt MySQL aber bei einem Checkpoint nicht die ganze Tabelle neu. Stattdessen sind ibd-Dateien (und der Speicher) in Seiten von 16 KB unterteilt.\nUnd statt eines AOF-Rewrite, bei dem das ganze Redo-Log neu geschrieben wird, schreibt MySQL für jeden Eintrag im Redo-Log die zugehörende Speicherseite auf die Platte - aber eben nur diese, und nicht die ganze Tabelle. MySQL macht dies außerdem auf eine Weise, bei der Daten nicht verloren gehen können, selbst dann, wenn die Datenbank mitten im Schreiben einer 16 KB-Seite den Strom abgeschaltet bekommt: Die Daten landen einmal im Doublewrite-Buffer, dann wird das Redo-Log aktualisiert und dann werden die Daten im *.ibd-File aktualisiert. Auf diese Weise, und mit den Prüfsummen in jeder Seite, kann MySQL die Datenbank sogar von halb geschriebenen Seiten sauber wieder herstellen.\nMySQL skaliert: Von einer Datenbank mit MySQL 5.6.6 und mit 192 GB RAM und 200 Connections, die wie wild schreiben, bekommen wir eine Schreibrate von etwa 150 MB/sec netto auf zwei SSD. Bedenkt man den Overhead mit dem Doublewrite-Buffer und dem Redo-Log ist das immens beeindruckend.\nDas bringt uns zum 2. Thema: Concurrency.\nMySQL InnoDB skaliert, in MySQL 5.6 skaliert es sogar ziemlich unglaublich: Ein Cluster mit 96 Cores, der 192 Verbindungen in die Datenbank unterhält, deren einzige Aufgabe es ist, Daten zu berechnen und zu schreiben , kommt mit der o.a. Konfiguration auf die genannten 150 MB/sec, und nutzt dabei - Threading sei Dank - die CPU-Kapazität der 12 physikalischen Cores (24 virtuellen Hyperthreading-Cores) der Datenbank gut aus.\nEin Single Threading Design erscheint mir in 2012 relativ hirntot, denn damit handelt man sich jede Menge Latenzprobleme ein - und in 2012 ist es nun einmal unmöglich, Hardware mit nur einem Kern zu kaufen.\nSelbst Mobiltelefone sind inzwischen Quadcores.\nAbhilfe wäre eine Aufteilung des Servers, indem man ihn mit cgroups oder anderen Hilfsmitteln in z.B. von einem 12-Core mit 192 GB in 12 Singlecores mit je 16 GB Speicher unterteilt.\nJetzt bekommt man aber ein Problem mit der Adressierung - welche Daten bringe ich wo unter, und wie frage ich 12 Serverinstanzen parallel ab (oder ich frage 12-mal hintereinander nach meinen Daten, türme dann aber 12 Latenzen aufeinander).\nUnd man bekommt ein Problem mit der Orchestrierung, denn jetzt habe ich 12 Instanzen auf derselben Hardware, die parallel point-in-time snapshots oder AOF schreiben müssen, und dabei um die vorhandene Disk Bandbreite konkurrieren. Wenn sie jedoch jemals tun, werden unsere linearen Writes zu Seeks, und plötzlich wird unsere ehemals ach so schnelle Disk wirklich, wirklich langsam und unsere Latenzen explodieren wirklich.\nAls Anwendungsentwickler fragt man sich natürlich auch: Was soll die Scheiße? Also, warum soll ich mich als Anwendungsentwickler um so etwas kümmern? Wieso ist der Server nicht in der Lage, sich um solche Details selber zu kümmern? Und wieso ist dieses Problem der Orchestrierung nicht sowieso schon gelöst?\nDie Antwort auf die letzte Frage wird klar, wenn man sich die in der Latency-Seite die im Abschnitt \u0026ldquo;Fork time in different systems\u0026rdquo; genannten Systemgrößen einmal anschaut: 360 MB bis 7 GB.\nZum Vergleich: Das kleinste erhältliche Mobiltelefon kommt in 2012 mit 8 GB Speicher.\nDer Gray ist teuer, Elsevier halt, aber nicht so teuer.\nUnd man bekommt 40 Jahre Erfahrungen mit Persistenz done right (and scaleable) für sein Geld. InnoDB ist ziemlich genau eine Lehrbuchimplementierung des Gray.\nInnoDB hat Probleme, aber es hat sie an Stellen, an denen Redis noch nicht mal Code hat.\n","date":"2012-09-23T00:00:00Z","href":"https://blog.koehntopp.info/2012/09/23/zu-besuch-bei-redis.html","tags":["database","innodb","mysql","nosql","sql","lang_de"],"title":"Zu Besuch bei Redis"},{"categories":null,"content":"A Talent for War , Jack McDevitt, USD 7.99 (Audiobook von Audible verfügbar)\nJack McDevitt\u0026rsquo;s Alex Benedict lebt von uns aus gesehen etwa 10.000 Jahre in der Zukunft, auf irgendeiner Welt, die von den Menschen besiedelt worden ist. Aber da sich die Zivilisation in McDevitts Universum in Kreisen bewegt, sind seine Denkweisen und seine Profession uns wesentlich näher: Er handelt mit Antiquitäten, Artefakten aus Kriegen, die Menschen irgendwann einmal zwischen den Sternen geführt haben, Plaketten und Bordbücher bekannter Entdeckerschiffe und andere Dinge, die durch Mut, Neugier oder Entdeckergeist und die mit ihnen verknüpften Geschichten zu Symbolen mit Bedeutung für andere geworden sind.\nErzählt werden die Geschichten aus der Perspektive von Chase Kolpath, die als Pilotin für Alex Benedict fliegt und mit ihm zusammen eine kleine, aber feine Zwei-Personen-Firma führt.\nIn \u0026ldquo;A Talent for War\u0026rdquo; übernimmt Alex Benedict seine Firma von einem Onkel, und versucht dessen letztes Projekt aufzuklären: Es geht um einen Kriegshelden irgendeiner interstellaren Auseinandersetzung und um dessen Schiff, das Dinge vollbracht hat, die so unmöglich passiert sein können.\nMcDevitt malt ein reiches und buntes Universum, und versieht es mit einer Geschichte, die es wert ist, erforscht zu werden - das Thema seiner Romane.\nPolaris , Jack McDevitt, USD 7.99 (Audiobook von Audible verfügbar)\nDie Polaris, eine kleine, aber feine private Spaceyacht, wurde leer und treibend im Weltraum gefunden. 60 Jahre später geht jemand auf die Jagd nach Artefakten von der Polaris - einige davon im Besitz von Alex Firma. Und so geraten Alex Benedict und Chase Kolpath in ihr zweites Abenteuer.\nSeeker , Jack McDevitt, USD 7.99 (Audiobook von Audible verfügbar)\nZwei Schiffe, die Seeker und die Bremerhaven, gingen verloren, und mit ihr eine Kolonie von Menschen. Alex und Chase geraten durch eine Tasse auf die Spur der Seeker, und versuchen, das Schiff wiederzufinden und ihr Schicksal aufzuklären.\nDevil\u0026rsquo;s Eye , Jack McDevitt, USD 7.99 (Audiobook von Audible verfügbar)\nVicki Greene, eine Autorin von Horrorgeschichten und in Alex Benedicts Welt eine Berühmtheit, versucht Kontakt zu ihm aufzunehmen und überweist ihm eine beträchtliche Menge Geld. Als Alex versucht mit Greene Kontakt aufzunehmen, stellt sich heraus, daß sie sich freiwillig ihre Persönlichkeit und Erinnerung hat löschen lassen, angeblich um mit einem schweren Trauma fertig zu werden.\nAlex und Chase rekonstruieren die letzte Reise von Vicki Greene zu einem vereinzelten Stern weit draußen vor dem Lichtermehr der Galaxis, und versuchen die Stationen und Erlebnisse dort nachzustellen - um in eine Intrige und am Ende in eine kosmische Katastrophe zu geraten.\nNoch nicht gelesen:\nEcho , Jack McDevitt, USD 7.99 Firebird , Jack McDevitt, USD 7.99 ","date":"2012-09-04T00:00:00Z","href":"https://blog.koehntopp.info/2012/09/04/fertig-gelesen-alex-benedict.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: Alex Benedict"},{"categories":null,"content":"Ancient Shores , Jack McDevitt, USD 7.99\nIrgendwo in North Dakota, mitten in der Prärie, gräbt ein Farmer ein Schiff aus, das aus einem Material ist, das unmöglich auf der Erde hergestellt worden sein kann. Es stellt sich heraus, daß vor 10.000 Jahren, kurz nach der Eiszeit, die Prärie der Boden eines großen Süßwasser-Sees war, und bei der Suche nach einem logischen Hafen findet man ein Roundhouse mit einem Stargate - auf altem Indianerland.\nAls die Entdeckung bekannt wird, kommt es zwangsläufig zu einem Konflikt zwischen den USA und anderen Nationen, zwischen der US Regierung und den Indianern, und zwischen den Menschen, die Kontakt wollen und denen die Angst haben. Die Situation eskaliert und McDevitt nutzt den Showdown zu einem gleichermaßen kindischen wie grandiosen Finale voller Cameos\u0026hellip;\nHier ist ein neues Wort: Xenoarchaeology . Es ist die hypothetische Wissenschaft, die wir hätten, würden wir die Ruinen außerirdischer Zivilisationen ausgraben.\nEs ist auch das Thema der Bücher von Jack McDevitt. Denn seine Antwort auf das Fermi Paradox ist: Zivilisationen sind kurzlebig, und so sind wir von den Aliens nicht nur durch den Raum, sondern auch durch die Zeit getrennt, und wenn wir andere Zivilisationen im Weltraum finden, dann meistens nur ihre Artefakte und Hinterlassenschaften.\nUnd so sind McDevitts Bücher zwar spannend, aber immer auch ein wenig melancholisch. Ancient Shores ist eines seiner frühen Bücher, und insbesondere zum Ende hin noch nicht so geschlossen und in der sprachlichen Entwicklung abgeschlossen wie neuere Werke, aber es fängt auf eine ganz besondere Weise seine einzigartige Sicht auf das Universum ein.\n","date":"2012-09-03T00:00:00Z","href":"https://blog.koehntopp.info/2012/09/03/fertig-gelesen-ancient-shores.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: Ancient Shores"},{"categories":null,"content":"Kill Decision , Daniel Suarez, USD 12.99\nNach Daemon und Freedom™ und waren die Hoffnungen hoch, daß das neue Buch von Daniel Suarez den Standard halten kann, den er mit seinen ersten beiden Büchern gesetzt hat. TL;DR: Das hat funktioniert.\nDie Geschichte: Linda, eine Ameisenforscherin lernt, daß ihr Ameisen-Schwarm-Modell ganz ausgezeichnet funktioniert, um das Schwarmverhalten autonomer (nicht ferngesteuerter) Drohnen zu kontrollieren. Es wird gestohlen, militarisiert und man ist hinter ihr her - mit eben diesen Drohnen. Gerettet wird sie von einem unwahrscheinlichen Team von Special Ops Leuten, die eigentlich die Aufgabe haben, eine Reihe von Anschlägen mit - man ahnt es schon - autonomen Drohnen auf dem Gebiet der Vereinigten Staaten aufzuklären. Und ab hier heißt es: Linda und die Special Ops gegen den militärisch-industriellen Komplex.\nWas in der Erklärung käsig klingt, ist in der Tat schlüssig und actionreich erzählt, und - wie reden von Suarez - gut recherchiert und dann gerade genug extrapoliert, um es zu SciFi zu machen. Ohne Absetzen durchgelesen und in der Tat an einem Wochenende durchgezogen.\nWill man.\n","date":"2012-09-02T00:00:00Z","href":"https://blog.koehntopp.info/2012/09/02/fertig-gelesen-kill-decision.html","tags":["lang_de"],"title":"Fertig gelesen: Kill Decision"},{"categories":null,"content":"Existence , David Brin, USD 14.99\nExistence ist eine Geschichte über viele Dinge: In einer Welt nach der Klimakatastrophe, in einer Welt der ubiquitären Kommunikation und permanenten Netzwerkzuganges über augmented reality devices a la Google Glasses, in einer Welt nach dem großen Crash des Kapitalismus und einer nicht näher spezifizierten Terrorkatastrophe, in dieser Welt geht es den Menschen eigentlich recht gut. Sie haben sich angepaßt, neue Wege des Zusammenleben gefunden und wieder so etwas wie Stabilität gefunden.\nBis einer von ihnen im Orbit um die Erde einen eineinhalb Meter langen ellipsoiden Kristall findet, und damit das Fermit Paradox klärt: Die Menschen sind nicht alleine im Weltraum, und auch nicht die ersten. Es ist nur so, daß SETI nach dem Falschen gesucht hat: Radiowellen empfängt man nur, wenn man zur richtigen Zeit am richtigen Ort ist und selbst dann ist die Kommunikation unidirektional. Die Kristalle jedoch erlauben hochgeladenen Avataren, die auf den Kristallcomputern ausgeführt werden, eine Kommunikation mit der Ziel-Intelligenz aufzubauen. Plus, wenn noch keine solche vorhanden ist, können sie auch gerne eine lange Zeit warten, bis die Ziel-Welt soweit ist. Und die Erde ist nun so weit.\nAb hier wird die Geschichte auf eine unglaublich stringente und logische Weise vollkommen absurd. Denn was kann eine in einem Kristall hochgeladene Avatar-Intelligenz denn wollen und anbieten? Zurück in die Heimat kann sie nicht, denn ihre Ursprungswelt ist fast sicher tot, die Zivilisation dort vergangen\u0026hellip; Die Antwort auf diese Frage ähnelt auf überraschende Weise meiner Inbox. Brin delivers.\n","date":"2012-09-01T00:00:00Z","href":"https://blog.koehntopp.info/2012/09/01/fertig-gelesen-existence.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: Existence"},{"categories":null,"content":"Aus den Kommentaren in meinem Stream herausgezogen und noch einmal, ein einziges Mal, prominent hier herein gestellt.\nIch halte es mit dem Baedeker Reiseführer, wie im \u0026ldquo;Zimmer mit Aussicht\u0026rdquo; zitiert: Man sieht nur, was man schon kennt.\nSpoiler sind mir egal. Vollkommen egal. Ich werde sie weder absichtlich hier einstellen, noch irgendetwas tun, um sie zu vermeiden, markieren oder sonst wie zu identifizieren.\nWem das nicht paßt, der sollte mir nicht folgen.\n","date":"2012-08-31T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/31/fertig-gelesen-vs-spoiler.html","tags":["review","book","media","spoiler"],"title":"Fertig gelesen vs. Spoiler."},{"categories":null,"content":"The Apocalypse Codex , Charles Stross, USD 12.99\nZu Charles Stross \u0026ldquo;Laundry\u0026rdquo; Universum habe ich in Fertig gelesen: The Fuller Memorandum ja schon etwas gesagt (siehe auch Fertig gelesen: Atrocity Archives , Laundry Roleplaying .\nIm Laundryverse ist höhere Mathematik mit schwarzer Magie identisch und kann das Gewebe der Realität umdefinieren, und Verschwörungstheorien werden real, wenn nur genug Leute daran glauben. In The Apocalypse Codex zieht Stross nun die Daumenschrauben an und wir kommen CASE NIGHTMARE GREEN ein wenig sehr viel näher: Kultisten nutzen Sekten und Televangelists, um Jünger zu rekrutieren, tricksen die Nazgûl aus und versuchen, den Sleeper zu wecken. Es liegt an Bob Howard und der Laundry, die Welt zu retten, und es bleibt offen, wie sehr das gelungen ist (Kein Spoiler: Es wird einen Teil 5 geben, und für den legt Stross hier schon mal ganz zwanglos die Grundlage).\nStross beweist hier, daß der schwache zweite Teil der Laundry Reihe ein Unfall war, und liefert zuverlässig ab, um dann wie angekündigt im angekündigten Teil 5 (erscheint, wenn die Sterne richtig stehen) die Welt enden zu lassen.\n","date":"2012-08-31T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/31/fertig-gelesen-the-apocalypse-codex.html","tags":["book","review","cthulhu","media","stross","lang_de"],"title":"Fertig gelesen: The Apocalypse Codex"},{"categories":null,"content":"Redshirts , John Scalzi, USD 11.99\n\u0026ldquo;Redshirts\u0026rdquo; ist eine fiese Satire auf die Versammlung von Plotholes, die Star Trek so aufzuweisen hat. Was passiert, wenn die rothemdigen Extras der Serie jene hoch intelligente und gut ausgebildete Elite und die Teamarbeiter wären, die der Handlung nach von der Star Fleet Academy angeblich produziert würden? Richtig, sie würden binnen allerkürzester Zeit herausfinden, daß sie die Extras in einer billigen Fernsehserie wären, und würden die Plotdevices ihres Schiffes so riggen, daß sie im Swingby um eine Sonne in die reale Realität katapultiert würden. Wo sie sich dann bei den Autoren bitterlich über die Ungerechtigkeiten ihrer Welt beschweren würden.\nScalzi schafft das, was Charles Yu verreißt: Er kombiniert Klischees, wilde Ideen und ergreifende Schicksale auf eine Weise, die fesselnd erzählt ist und die das Neue an der Idee in Szene setzt. Und er schafft es, seinen wahnsinnigen Ritt von einem Handlungsbogen dann auf eine vollkommen logisch und zwingende Weise abzuschließen. Und kommt dann noch mit drei Nachträgen daher, bei denen er noch weitere Ebenen von Closure herstellt und unauffällig moralisierend auch gleich die Rationale liefert, warum er das Buch überhaupt geschrieben hat.\nSiehst Du, Charles Yu. So geht das in richtig.\n","date":"2012-08-30T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/30/fertig-gelesen-redshirts.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: Redshirts"},{"categories":null,"content":"Der Autor als Agentur der Moderne , Frank O. Hrachowy, EUR 49.90\nIm Wohnzimmer meines Vaters stand an einem Ende eine große Bücherwand in 80er-Jahre-Braun und Beige. Scheinwerfer strahlten eine große Hundertwasser-Kopie über der Stereoanlage an, ansonsten war das Ding voll von Büchern über alles Mögliche. Oben in der Ecke standen ein paar Jugendbücher, darunter auch eine Menge Hans Dominik, insbesondere die Eggerth-Trilogie, Wettflug der Nationen , Ein Stern fiel vom Himmel und Land aus Feuer und Wasser .\nEine Sache, die mich an diesen Büchern als Jugendlicher fasziniert hat, ist der Technikoptimismus und die pragmatische Attitüde der Figuren, die Dominik dort schildert.\nSie waren ein wesentlicher Motivator, als ich mir - aus dem selben Regal - den BASIC Brevier (in der 1980er Ausgabe) gezogen habe und noch ohne eigenen Computer oder Zugang zu einem mit Papier und Bleistift Programme schreiben und ausführen gelernt habe. Ganz wie Buddy in Whatever happened to the world of tomorrow seinem Vater aufgeregt Orbits von Raketen vorgerechnet hat, habe ich meinem Vater versucht, Programmierung von Rechnern vorzuführen…\nQuelle: KLM Propellorvliegtuig, Nederland, 1957 Jedenfalls war ich frustriert von all den Diskussionen über Street View, Thilos Sonderweg, das Leistungsschutzrecht, den deutschen Jugendschutzwahn und was sonst so an politischen Willensbekundungen, die das Internet ablehnen, in Deutschland existiert, und das wiederum erinnerte mich an meine jugendliche Begeisterung für Technik. Wieso habe ich das, im Gegensatz zu so vielen anderen Menschen in meinem Land, das ja einmal das Land der Ingenieure und Erfinder war?\nIch las auch den Wikipedia-Artikel über Hans Dominik , und, äh, der kam mir dann selbst nach den Maßstäben der deutschen Wikipedia ausnehmend schwach und voreingenommen vor.\nImmerhin verwies er in der Literatur auf das Buch im Titel dieses Beitrages, auch wenn er die Erkenntnisse dieses Buches im Artikeltext nur unzureichend nutzt. Also schnell Amazon bemüht, den Blurb dort gelesen und dann relativ schnell den Herrn Hrachowy und seinen Verleger um einen 50er reicher gemacht. Warum?\nIm Fokus dieser literaturhistorischen Publikation steht die Exegese des literarischen Werks von Hans Dominik, das erstmals nicht nur fragmentarisch durch die Betrachtung seiner bekannten utopisch-technischen Romane ausgewertet werden sollte, sondern sämtliche Werke zu berücksichtigen trachtete. Weiterhin wurde Hans Dominiks umfangreicher, in der Berliner Staatsbibliothek lagernder literarischer Nachlass für diese Forschungsarbeit herangezogen.\nZiel war, das Verhältnis von Hans Dominik, als einem der meistgelesenen Autoren der ersten Hälfte des vergangenen Jahrhunderts, zum zeitparallel stattfindenden Wandel populärer Literatur im Allgemeinen sowie Technikliteratur im Besonderen zu untersuchen und zu beschreiben. Die Auswertung der bislang unberücksichtigten primären Quellen erlaubte dabei den Einblick in Schriftstücke und Zusammenhänge, die eine Korrektur des kanonisierten Autorenbildes und gleichermaßen eine Neubewertung des Menschen Hans Dominik notwendig machen.\nDer Autor hat sich also nicht nur die drei Eggerth-Romane plus das Erbe der Uraniden und Atomgewicht 500 reingezogen, sondern sich tatsächlich bemüht, einen Überblick über das Gesamtwerk von Hans Dominik zu bekommen und sich außerdem noch durch die Korrespondenz des Autors durchgebissen.\nDas entstehende Portrait des Menschen Hans Dominik ist für mich noch faszinierender als seine Romane: Dominik war Schreiber für technische Dokumentation bei Siemens im Büro und lernt schnell, daß er technische Zusammenhänge echt gut erklären kann. Er macht sich selbstständig und hat schnell ein prosperierendes Geschäft, auf dem er eine solide Existenz und eine gewisse Prominenz aufbauen kann.\nDabei betrachtet er das Schreiben als Handwerk, nicht als Kunst: Er schreibt Texte, die unter einem anderen Namen oder als Whitelabel veröffentlicht werden, weil sie nicht zur Marke \u0026ldquo;Hans Dominik\u0026rdquo; passen, und er veröffentlicht Texte von anderen unter seinem Namen, weil diese wiederum zum Markenbild passen. Er schreibt Texte als Auftragsarbeiten, in Stil, Länge und Inhalt nach Wünschen des Auftraggebers angepaßt. Dominik agiert sich als Agentur für Texte, der Auftraggeber, Autoren und Autorennamen als Marke zusammenmischt und in Kontakt bringt, sodaß alles paßt.\nDabei bleibt er selbst auch in den politischen Wirren seiner Zeit er selbst und seiner politischen Linie treu (\u0026hellip; und die ist, anders als die Wikipedia suggeriert, recht nazi-fern, nämlich kaisertreu. Das aus der heutigen politischen Landschaft, wo es diese Position nicht mehr gibt, und aus dem Abstand vieler Dekaden heraus zu differenzieren mag jedoch schwierig sein. Insbesondere, wenn man zugleich in den einen oder anderen Editwar verstrickt ist.)\nHrachowy gelingt es, uns einen Menschen in einer Zeit nahe zu bringen, die uns und unseren Denkweisen zugleich näher und ferner ist, als wir gemeinhin glauben, und uns zu erklären und zu belegen, wie diese Person und ihr Schreiben in ihre Zeit gepaßt haben. Für mich eine extrem faszinierende Lektüre, trotz des eher drögen Gewandes\u0026hellip;\n","date":"2012-08-29T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/29/fertig-gelesen-der-autor-als-agentur-der-moderne.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: Der Autor als Agentur der Moderne"},{"categories":null,"content":"\u0026ldquo;Whatever happened to the World of Tomorrow?\u0026rdquo; erklärt, wieso das Versprechen an unsere Eltern - Jetpacks und fliegende Autos - nicht eingelöst wurde, und wieso wir dennoch heute in der Zukunft leben. Es verweist gleichzeitig auf unsere Zukunft, eine Zukunft, die nicht zu den Erwartungen und dem Wissen der vorangegangenen Generationen passen wird. Unsere Welt von Morgen wird nach wieder anderen Regeln funktionieren, und wir werden wieder andere Probleme lösen müssen\u0026hellip;\nWhatever Happened to the World of Tomorrow , Brian Fies, 21.99 EUR\nIm Mai 1939 besucht Buddy mit seinem Vater die Weltausstellung in New York am Eröffnungstag. Damals war das ein großes Ereignis: 200.000 Leute am Eröffnungstag alleine, und bis zum Oktober 1940 insgesamt 45 Millionen Besucher.\nDas Ausstellungsgelände war vorher Marschland, das für die Ausstellung urbar gemacht wurde, und die Bahnlinie wurde bis zum Gelände verlängert, die Station speziell gebaut. In der Ausstellung wurde den Bürgern gezeigt, wie die Welt des fernen Jahres 1960 aussehen würde, und welche zivilisatorischen Errungenschaften die Zukunft bringen würde. Und damals war so etwas durchaus noch unironisch gemeint.\nVater erzählt von seinem Vater und der Farm: \u0026ldquo;Und dann… Nunja, das Land konnte uns nicht alle ernähren. Ich ging hinunter in die Stadt um Arbeit zu finden und tat das Beste, was ich für uns tun konnte.\u0026rdquo;\nSohn: \u0026ldquo;Das hast Du toll hinbekommen, Papa!\u0026rdquo;\nVater: \u0026ldquo;Vielleicht. Aber ich weiß nicht wie man diese Zukunft macht.\u0026rdquo;\nVater: \u0026ldquo;All diese Wissenschaft, Konstruktion und Maschinen. Dieses herausfinden, wie die Leute am Besten arbeiten und leben sollten. Ich weiß nicht, was ich davon halten soll oder wie ich da herein passe.\u0026rdquo;\nVater: \u0026ldquo;Aber Du kannst das, Buddy.\u0026rdquo;\nVater: \u0026ldquo;Du bist ein heller Kopf. Das ist es, was die Welt brauch, damit das klappt. Dinge verändern.\u0026rdquo;\nVater: \u0026ldquo;Und die Dinge müssen sich ändern, denn so wie ich aufgewachsen bin funktioniert die Welt nicht mehr.\u0026rdquo;\nBuddy wächst in einer Zeit der Weltraumhelden und der Erforschung des Weltraums auf, in den Jahren nach dem Krieg bis zum Ende der 60er. Dies ist zugleich die Zeit der Urbanisierung Amerikas, des Baus des Interstate Systems und der Erfindung des TV Dinners - genauer, der Erfindung des industriellen Fertigproduktes als Gegensatz zum heimgefertigten Gegenstand, mit dem Buddies Vater auf der Farm großgeworden ist. Es ist auch die Zeit des kalten Krieges, der klaren Feindbilder und der Konformität - Buddy lebt mit seinen Eltern in einem massengefertigten Reihenhaus mit einem Fallout Shelter im Keller.\nTextbox: \u0026ldquo;Disney hinterlegte seine Zukunftsfantasien mit Brainpower der Weltklasse. Seine Ratgeber waren unter anderem Willy Ley, der in Berlin geboren war, aber 1935 vor den Nazis floh, und der Physiker Heinz Haber, ein ehemaliger Pilot der Luftwaffe und Pioneer der Weltraum-Medizin.\u0026rdquo;\nSohn: \u0026ldquo;Papa! Schau, wer da ist!\u0026rdquo;\nVater: \u0026ldquo;von Braun.\u0026rdquo;\nTextbox: \u0026ldquo;und insbesondere auch Dr. Wernher von Braun, dessen einzigartiger Intellekt und Ruhm alle anderen zusammen überstrahlte.\u0026rdquo;\nTextbox: \u0026ldquo;Von Braun führte Hitler\u0026rsquo;s V-2 Programm, das England bombardierte und Tausende tötete. Als der Krieg endete, ergaben sich von Braun und sein Team den Vereinigten Staaten, die sie sehr bald darauf ansetzten, ein eigenes Raketenarsenal zu entwickeln.\u0026rdquo;\nTextbox: \u0026ldquo;Er sagte, er sei gezwungen gewesen, der Nazi-Partei und der Waffen-SS beizutreten. Er sagte, er wisse nichts von Arbeitssklaven, die unter seinem Kommando in Penemünde und Mittelwerk gestorben seien. Er war gutaussehend, hatte Charme und es war leicht ihm zu glauben.\u0026rdquo;\nTextbox: \u0026ldquo;Ich liebte von Brauns Geschichte voller Sehnsucht und Vergebung. Papa haßte ihn.\u0026rdquo;\nTextbox: \u0026ldquo;Als von Braun seine Autobiographie \u0026lsquo;Ich ziele auf die Sterne\u0026rsquo; nannte, sagte Papa, der passende Untertitel sei \u0026lsquo;aber normalerweise treffe ich London.\u0026rsquo;\u0026rdquo;\nBuddies liebe zur Weltraumfahrt prägt seine Jugend - er bringt sich bei, mit dem Rechenschieber umzugehen und Umlaufbahnen zu berechnen. Zusammen mit seinem Vater verfolgt er die Raketenstarts. Sie reisen sogar zum Start von Gemini-4 und die beiden schauen dem Start der Rakete zu, beeindruckt von der Kraft und Lautstärke dieses Menschenwerks.\nDie Mondmissionen waren der Triumph des amerikanischen Weltraumprogramms, und zugleich der Anfang vom Ende der großen Weltraum-Missionen. Der Beginn einer neuen, komplizierteren Zeit\u0026hellip;\nTextbox: \u0026ldquo;Am 20. Juli 1969 landeten Neil Armstrong und Buzz Aldrin den Adler der Apollo 11 im Meer der Ruhe auf dem Mond, während Mike Collins ihn umkreiste. Jeder mit Fernseher auf der Welt sah ihnen zu, staunte und feuerte sie an. Bevor sie ins Bett gingen schauten Milliarden zum Mond und dachten \u0026ldquo;Wir sind da oben! Jetzt gerade!\u0026rdquo;\nTextbox: \u0026ldquo;Man sagte, daß viele SciFi-Autoren die Mondlandung vorhergesagt hatten, und daß viele das Fernsehen vorhergesagt hatten, aber nicht einer hätte vorhersehen können, daß die erste Mondlandung live übertragen werden würde.\u0026rdquo;\nTextbox: \u0026ldquo;Pete Conrad und Alan Bean landeten die Intrepid der Apollo 12 im Meer der Stürme. Die waren drei Mal so lange auf der Oberfläche wie Armstrong und Aldrin, und kehrten zu etwas kleineren Paraden nach Hause zurück.\u0026rdquo;\nTextbox: \u0026ldquo;Jim Lovell und Fred Haise in Apollo 13 kamen niemals auf die Mondoberfläche, aber sie und Jack Swigert schafften es, ihr wrackes Schiff einmal um den Mond zu schwingen und nach Hause zu kommen - eine Tat voller Bauernschläue und Einfallsreichtum, die sich trotzdem wie ein Triumph anfühlte.\u0026rdquo;\nTextbox: \u0026ldquo;Dann Shepard und Mitchell in Apollo 14. Scott und Irwin in Apollo 15. Young und Duke in Apollo 15. Cernan und Schmitt in Apollo 17.\u0026rdquo;\nTextbox: \u0026ldquo;Das war es dann.\u0026rdquo;\nTextbox: \u0026ldquo;Dieselbe Öffentlichkeit, die für Apollo 11 gefeiert und geweint hatte, beschwerte sich bei den Sendern, als für die Landung von Apollo 17 das reguläre Programm unterbrochen wurde.\u0026rdquo;\nTextbox: \u0026ldquo;Apollo 18 bis 20 wurden gestrichen. Keine Mondlandungen mehr. Keine Mondbasis. Nichts. Wir würden den Mond für Dekaden zurück lassen.\u0026rdquo;\nTextbox: \u0026ldquo;Das hätten Papa und ich nie vermutet.\u0026rdquo;\nBuddies Jugend wird begleitet von einem Comichelden, Cap Crater and the Cosmic Kid, dessen Abenteuer zusammen mit Buddy altern und den Wandel der Zeiten illustrieren - vom Helden einfacher Golden Age Geschichten zu einem Silver Age Helden, um schließlich als Opfer ambivalenter Wertesysteme und einer komplizierteren Auffassung von Recht und Gerechtigkeit zu enden und aufzugeben: Cap Craters letztes Abenteuer - kurz vor Vietnam - ist eines, in dem er siegt und doch nicht gewinnt, um schließlich das Superheldentum aufzugeben. Und Buddy wird ebenfalls erwachsen.\nEr begreift:\nTextbox: \u0026ldquo;Die Zeit des Großen war vorüber. Alles war groß: Die Regierung, Firmen, Maschinen, Autos. Stattdessen bekamen wir eine erste Ahnung von der Macht des Kleinen.\u0026rdquo;\nTextbox: \u0026ldquo;Richard Feynman, der spielerisch brilliante Physiker, der die erste Atombombe bauen half, gab 1959 einen bahnbrechenden Vortrag mit dem Titel Da ist noch viel Luft nach unten . Sein Vortrag führte das Konzept der Nanotechnologie ein, und schilderte die Möglichkeiten in der Welt des winzig Kleinen.\u0026rdquo;\nTextbox: \u0026ldquo;Ein Welt, in der wir einzelne Atome manipulieren können, um winzige Motoren oder Schaltkreise bauen zu können. In der Mikro-Roboter durch unsere Blutbahnen schwimmen, um Operationen durchzuführen. Und alle Bücher, die je veröffentlicht worden sind, würden auf ein Staubkorn passen.\u0026rdquo;\nTextbox: \u0026ldquo;Es sollte noch Dekaden dauern, bis der Rest der Welt Feynmans Vision verstehen würde - und wir taten es erst, als die Zeichen um uns herum zu offensichtlich wurden, um sie ignorieren zu können.\u0026rdquo;\nTextbox: \u0026ldquo;Von den Tagen der Elektronenröhren-Rechner und der Codebrecher des Krieges, über Transistoren und Integrierte Schaltkreise stieg die Leistung und Geschwindigkeit der Elektronik, während ihr Preis ständig sank.\u0026rdquo;\nTextbox: \u0026ldquo;Intel-Gründer Gordon Moore fiel auf, daß sich die Anzahl der Transistoren in einem IC alle 2 Jahre verdoppelte, exponentiell von Tausend über 10.000 zu Millionen und mehr anwachsend.\u0026rdquo;\nTextbox: \u0026ldquo;Das Ergebnis: In der Mitte der 70er wurden Geräte, die vorher Luxusgegenstände waren, plötzlich zu Consumergeräten: Taschenrechner, Videospiele, Videorekorder und Computer.\u0026rdquo;\nTextbox: \u0026ldquo;Moore\u0026rsquo;s Law wurde das unaufhaltsame Vortriebsmoment eines technischen Fortschrittes, der die zweite Hälfte des 20. Jahrhunderts bestimmte.\u0026rdquo;\nText: \u0026ldquo;Kleiner, schneller und effizienter: so war die Zukunft.\u0026rdquo;\nUnd das Resumee:\nTextbox: \u0026ldquo;Über die Zeit veränderte sich die Bedeutung von \u0026lsquo;Fortschritt\u0026rsquo; selbst.\u0026rdquo;\nTextbox: \u0026ldquo;Die Vision der Zukunft im frühen 20. Jahrhundert entstand aus einer ländlichen Vergangenheit: Fortschritt bedeutete, Leute in Städten zu versammeln und ihre Arbeit zu organisieren - Zentralisierung und Spezialisierung. Aber echter Fortschritt brachte mehr Mobilität und Freiheit, nicht weniger.\u0026rdquo;\nTextbox: \u0026ldquo;Die Leute stellten sich vor, die Zukunft würde kolossale, klickende und surrende Monumente industrieller Fertigungskunst bringen, die über strahlenden Metropolen wachen und Blitze in den Himmel schleudern würden.\u0026rdquo;\nTextbox: \u0026ldquo;Stattdessen wurde die fortgeschrittene Technologie kleiner, effizienter und schlauer. Sie ist unsichtbar und überall.\u0026rdquo;\nTextbox: \u0026ldquo;Die neue Welt von Morgen lebt tief in unseren Häusern, Computern, Kommunikationsnetzen, Transportnetzen, Werkzeugen, Spielzeugen, Medikamenten, ja sogar in unserer DNS. Sie arbeitet unbemerkt, zu klein um sie zu sehen, die Größenordnungen erforschend und nutzend, die uns von den Atomen trennen.\u0026rdquo;\nTextbox: \u0026ldquo;Die Energieproduktion der Welt von Morgen ist klein und dezentral. Tausende Bohrlöcher extrahieren geothermische Energie aus der Wärme des Erdmantels. Gebäude, die in hocheffiziente Photovoltaik eingehüllt sind, produzieren mehr Energie als sie verbrauchen.\u0026quot;\nTextbox: \u0026ldquo;Wüsten weltweit sind ein Flickenteppich von photovoltaischen und Solar-Anlagen, und Terawatt an Windturbinen pflastern die großen Ebenen Nordamerikas, von Manitoba bis Chihuahua.\u0026rdquo;\nTextbox: \u0026ldquo;Nebenan werden große elektrolytische Stromspeicher geladen wenn der Wind bläst und die Sonne scheint, um sich zu entladen, wenn sie nachlassen, einen Strom ungleichmäßiger erneuerbarer Energien in einen zuverlässigen Energiestrom zu wandeln, der in ein robustes Stromnetz gespeist wird, das genug Intelligenz hat, um Flut und Ebbe im Strom auszugleichen, den Endverbraucher sowohl produzieren als auch verbrauchen.\u0026rdquo;\n","date":"2012-08-29T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/29/fertig-gelesen-whatever-happened-to-the-world-of-tomorrow.html","tags":["book","review","comic","media","lang_de"],"title":"Fertig gelesen: Whatever happened to the world of tomorrow?"},{"categories":null,"content":"The Children of the Sky , Vernor Vinge, USD 7.99\n\u0026ldquo;Children of the Sky\u0026rdquo; ist der 3. Band der Zones of Thought Serie von Vernor Vinge. Die beiden ersten Teile, A Fire Upon the Deep (1992) und A Deepness in the Sky (1999) sind ja nun schon 20 und 12 Jahre alt, und so beschäftigt sich ein guter Teil der Handlung damit, die Handlung aus A Fire Upon The Deep wieder aufzunehmen, bekannte Charactere neu einzuführen und vor allen Dingen eine neue Situation aufzubauen, nachdem der erste Teil die Handlung bis auf ein einziges loses Ende sehr gut abgeschlossen hatte.\nWie dem auch sei, in A Fire Upon The Deep hatten wir in paar Leute, die aus Versehen ein 5 Milliarden Jahre altes Supervirus aufwecken, das danach mal mit den Völkern in der Singularität des \u0026ldquo;High Beyond\u0026rdquo; mal ein wenig aufräumt. Jene Leute, die an der Misere eigentlich schuld sind, kommen mit mehr Glück als Verstand davon und crashen ihr Schiff auf der Tineworld, wo sie in die Intrigen der mittelalterlichen Zivilisation von Ultraschallhunden geraten - die \u0026ldquo;Tines\u0026rdquo; sind hundeartige Wesen von sehr mäßigem Verstand, die ihre Gehirne jedoch in Gruppen von 4-8 Wesen auf kurze Distanz zusammenschalten können und dann eine Menschen vergleichbare Intelligenz erreichen.\n\u0026gt;Children of the Sky nimmt den Handlungsfaden nach dem Ende von A Fire Upon The Deep wieder auf, und versucht die Themen aus dem ersten Buch wieder aufzunehmen: Wie wirkt sich die Ankunft der Menschen auf der Tineworld auf die Machtstrukturen dort aus? Wie geht eine Gesellschaft, deren handelnde Persönlichkeiten aus einer variablen Menge von Mitgliedern zusammengesetzt sind, mit Verantwortung, Schuld und Sühne um? Was passiert, wenn man das 8-Einheiten Limit für eine Tine-Person um ein Vielfaches überschreitet? Und was ist eigentlich mit dem Supervirus los?\nLeider beschäftigt sich das Buch zu viel mit Tourism, also dem Erkunden der Tineworld, und zu wenig mit Characteren und Handlung. Es leidet unter anderem an lachhaften Bösewichten, und vor allen Dingen an einem fehlenden Ende - Aufgabe dieses Buches ist es so offensichtlich, den Plot von vor 20 Jahren wieder zu starten, daß man es am Besten erst dann lesen sollte, wenn es denn endlich die Fortsetzung gibt, die es dringend braucht, damit der ganze Aufwand überhaupt zu was nutze ist. Nach Rainbows End ist dieser Roman hier der zweite, bei dem Vinge diesen Stunt abzieht. Er sollte sich was schämen, denn die ersten beiden Bücher der Reihe sind brilliant.\n","date":"2012-08-28T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/28/fertig-gelesen-children-of-the-sky.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: Children of the Sky"},{"categories":null,"content":"(Diesen Artikel gibt es auch in englischer Sprache .)\nSo. Du willst also wissen, was genau die Leistungsgrenzen Deines Systems sind. Und dazu möchtest Du einen Lasttest fahren, um Ergebnisse zu ermitteln.\nDie Grundidee Deines Plans sieht so aus:\nDu nimmt Deine Kiste und findest eine Methode, um Last zu generieren. Dann wirst Du schon merken, wie weit das geht und wann die Kiste ausgelastet ist.\nDer erste Fehler: Den Lastgenerator auf der zu testenden Kiste laufen lassen. Das geht nicht. Unser Ziel ist es ja, die Kiste bis an ihre Lastgrenze zu bringen. Genau genommen wollen wir sie sogar darüber hinaus drücken, und das geht nur genau dann, wenn wir mehr Last erzeugen können, als die zu testende Kiste abarbeiten kann.\nTeilen sich der Lastgenerator und die zu testende Anwendung irgendwelche kritischen Ressourcen, gelingt das nicht: Die Ressource, etwa CPU, wird knapp und verlangsamt nicht nur die zu testende Anwendung, sondern auch den Lastgenerator, bis sich das System an einem unbekannten Punkt unterhalb der Überlast einschwingt. Auf diese Weise werden wir niemals lernen, welche Farbe der Rauch hat, wenn es zu Explosion kommt, d.h. wie genau das Systemverhalten an der Lastgrenze aussieht.\nWir trennen also die Lastquelle und das zu testende System.\nDer zweite Fehler: Das getestete System oder die Last sind nicht nahe genug an der realen Last. Typische Fehler sind: Eine zu testende Datenbank hat weniger RAM als das Produktivsystem, es wird mit einem kleineren Datenbestand getestet als das Produktivsystem hat, oder die Formulierung der Queries oder die relative Verteilung der Anfragen auf den Daten ist nicht identisch mit den Verhältnissen im Produktivsystem.\nIn allen diesen Fällen wird man von einem Lasttest etwas lernen, aber es wird nicht unbedingt sinnvoll auf das Produktivsystem übertragbar sein.\nEin klassisches Beispiel ist etwa der der c\u0026rsquo;t von Mitte/Ende 2005 gewesen (Die Auflösung ist leider kostenpflichtig . In diesem Benchmark wird die Datenbankstruktur eines CD-Verleih/Verkaufs simuliert, jedoch werden in der Lastgenerierung des Benchmarks alle Titel gleichverteilt nachgefragt. Es gibt also keine Bestseller und keine Lastkurve mit der Form eines \u0026rsquo;long tail\u0026rsquo;, wie sie in einem echten Ladengeschäft aufträte. Daher ist es für den Gewinn des Benchmarks wichtig, alle Caches zu deaktivieren, während das Vorhandensein dieser Caches für den Betrieb mit echter Last essentiell gewesen wäre.\nJe näher man mit seiner Lastgenerierung, dem Testsystem und dem Testbestand an das Echtsystem herankommt, um so besser ist sichergestellt, daß man Ergebnisse erzielt, die in der realen Welt auch Bestand haben.\nAm Besten wäre also, man testete auf dem Produktivsystem und mit echten Usern. Damit man das aber sicher tun kann, muß man erst einmal wissen, was genau man hier tut.\nWenn wir in ein System Last einwerfen, dann geht die Last im Mittel nach oben, aber sie ist nicht konstant, sondern schwankt je nachdem, welche Aktivitäten im System wir gerade aufrufen oder wie der Mix an gerade im System beantworteten Anfragen biased ist: Nicht alle Operationen in unserem System sind gleich teuer.\nWir fahren das System also nicht an die Lastgrenze, sondern wir schieben eine fluktuiierende und oszillierende Systemlast immer weiter nach oben, bis ihre Spitzen weiter und weiter über die \u0026lsquo;100%\u0026rsquo;-Marke hinausreichen. Das sieht so aus:\nWann immer das System über die 100%-Marke gepusht wird, baut es ein Backlog auf: Es bekommt mehr Last hereingedrückt als es abarbeiten kann und Anfragen beginnen, sich auf der Eingangsseite zu stapeln. Indem wir eine variable Load immer weiter erhöhen, befindet sich das System in immer längeren Phasen des Backlog-Aufbaus und in immer kürzeren Phasen, in denen es Backlog abarbeiten kann. Da die Last aber je nach Art der Generierung zufällig schwankt, ist es sehr schwierig, die Überlastung des Systems kontrolliert durchzuführen, wenn die Kosten für einen einzelnen Request sehr variabel sind.\nDas ist einer der Gründe, warum man sich bei der Optimierung von Systemen nicht so sehr um die Verbesserung der guten oder auch nur der durchschnittlichen Fälle kümmert. Stattdessen wird man sich zunächst einmal um die Outlier und schlimmsten Fällen kümmern müssen. Das ist auch, warum gute Systemarchitekten sich im Grunde nur für die Worst-Case-Performance eines Systems oder eines Changes interessieren (siehe The Importance of FAIL , oder jede 2. Diskussion auf der Linux Kernel Mailingliste).\nEs geht zunächst einmal also darum, die Variabilität in der Antwort des Systems zu verkleinern, bevor man daran gehen kann, sein Verhalten als Ganzes zu verbessern.\nWas genau geschieht wird noch besser deutlich, wenn wir die Graphen von dort oben nicht als Last-über-Zeit zeichnen, sondern einmal als \u0026lsquo;Last, die wir ins System drücken\u0026rsquo; (offered load) gegen \u0026lsquo;Durchsatz\u0026rsquo; (reponses), und zugleich auch als \u0026lsquo;Last, die wir ins System drücken\u0026rsquo; (offered load) gegen \u0026lsquo;Antwortzeit\u0026rsquo; (latency).\nWenn wir ein System unter Last hoch fahren, dann wird für jeden Request, den wir in das System schicken, eine Antwort generiert. Die Kurve zwischen offered load und response geht also als 45-Grad Gerade nach oben, bis wir den Sättigungspunkt erreichen. Dort wird sie dann bei einem ideal konfigurierten System als horizontale Gerade weiter laufen: Wir drücken zwar mehr Load in das System hinein, bekommen aber nicht mehr Antworten heraus, weil das System nicht schneller kann.\nDie Frage ist: Was passiert mit diesen zusätzlichen Anfragen. Die Antwort gibt der zweite Graph. Wir drücken Anfragen in das System hinein, und diese haben eine bestimmte Basis-Bearbeitungszeit - die think time. Die think time geht unter Last nicht viel nach oben, wenn unser System gut konstruiert ist. Sobald wir jedoch den Sättigungspunkt erreichen, stapeln sich die Anfragen in der Eingangswarteschlange unseres Systems, da das System nicht ausreichend Kapazität bereitstellen kann, um die Masse der Requests zu beantworten. Auf die think time müssen wir noch Wartezeit - wait time - oben drauf rechnen. Und da wir laufend und dauerhaft mehr Last in das System schicken als es abarbeiten kann, explodiert diese Warteschlange und damit auch die Menge an wait time, die ein Request auf sich nehmen muß.\nDas ist keine Theorie, sondern real einsetzbar: Man kann kontrolliert realistische Lasttests an Produktivsystemen durchführen, wenn einige Voraussetzungen gegeben sind.\nVorraussetzung ist eine Mindestgröße des zu testenden Systems, sodaß eine stabile externe Last anliegt. Will sagen, man muß zunächst einmal ausreichend User haben, damit man das System überhaupt unter Last setzen kann und bei denen die durch einen einzigen User generierte Last nicht nennenswert ins Gewicht fällt. In solchen Fällen hat man dann auch ein Frontend mit mehr als einem Webserver und einem Load Balancer vorne dran.\nDer Lasttest muß zu einer Zeit mittlerer Last stattfinden: In der ruhigsten Phase des Tages ist die verfügbare Gesamtlast oft nicht ausreichend, um Überlast zu erzeugen und in der heißesten Phase des Tages will man wahrscheinlich nicht testen. Wo ich arbeite ist die Lastkurve so, daß vormittags eine gute Zeit zum Testen ist. Außerhalb der Haupt- und Nebensaison ist es so, daß wir unter Umständen Kapazität ganz abschalten müssen, um ausreichend Gesamtlast zu haben, die wir konzentrieren können, um Überlast zu haben.\nDer Lasttest beginnt nun damit, daß wir die Base Load der zu testenden Systeme aufnehmen und daß wir einen Apache Siege in das System legen, um Base Latency zu messen: Dies ist die think time eines nicht überlasteten Systems.\nJetzt kann man am Load Balancer spielen und die Gewichte des zu testenden Systems (eine einzelne Frontend-Maschine oder eine Clusterzelle) langsam hochdrehen, um mehr Last zu erzeugen. Sobald entweder Fehler im Error Log auftauchen oder die Latenz des Siege steil nach oben geht, hat man Sättigung erreicht. Jetzt muß man die Last leicht unter dem Sättigungspunkt stabilisieren und halten (wir drehen das Gewicht am LB gerade so weit runter, daß auch die Spitzen unserer Last aus dem Überlastbereich heraus gehalten werden) und kann dann in sehr, sehr kleinen Schritten das System gezielt überlasten.\nAuf dem getesteten System kann das dann so aussehen:\nMan erkennt deutlich drei Testdurchläufe mit unterschiedlichen Konfigurationen, und eine fiese Lastspitze eines Cronscriptes, die da im 3. Lasttest plötzlich reinspiked und auf den Monitoren der Überwacher die Alarme kurz aufblitzen läßt - ein typischer Outlier, der behandlungsbedürftig ist.\nMan sieht auch, daß der 2. Lasttest längere Zeit sehr vorsichtig gefahren ist, jedenfalls aus der Sicht der Datenbank. Das Ergebnis war am Ende, daß die Limitierung dieses Mal nicht in der Datenbank, sondern in der CPU der Frontend-Systeme liegt.\nDie Messungen der Last kann man dann noch als offered-load vs. latency aufzeichnen, und bekommt dann Graphen, die so aussehen können:\nDer Graph zeigt den Vergleich zweier unterschiedlicher Konfigurationen und man erkennt, daß die Ergebnisse in der realen Welt ziemlich genau so aussehen wie oben in der Theorie diskutiert. Eine Variante dieses Graphen macht die einzelnen Symbole um so größer, je mehr Fehler an diesem Meßpunkt aufgetreten sind. Auf diese Weise ist dann auch die Art und Weise des Systemversagens und der Punkt der letzten Stabilität gut erkennbar.\nNachtrag: Alexander Aulbach fragte in der Diskussion zum Artikel oben:\nEs wäre mal interessant zu schauen, welchem physikalischen Modell das am ehesten gehorcht.\nGuckst Du hier:\nRaj Jain, The Art of Computer Systems Performance Analysis: Techniques for Experimental Design, Measurement, Simulation, and Modeling , Wiley and Sons, 1992 Neil J Gunter, Analyzing Computer System Performance with Perl::PDQ , (Springer, Kindle Edition) Neil J Gunter, Capacity Planning: A Tactical Approach to Planning for Highly Scalable Applications and Services (Springer, 2006) Viele der Modellierungsansätze werden aber durch Testing in Production und das beschriebene Lasttestverfahren obsolet. Die Modellierung kann dennoch sinnvoll sein, um obskure Bottlenecks oder absolute Kapazitätsgrenzen besser sichtbar zu machen. In meiner Praxis habe ich sie bisher jedoch nie gebraucht, außer um Offensichtliches aus der Messung im Modell zu bestätigen.\n","date":"2012-08-28T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/28/load-load-testing-und-benchmarks.html","tags":["database","mysql","performance","testing","lang_de"],"title":"Load, Load Testing und Benchmarks"},{"categories":null,"content":"Der Bierzauberer , Günther Thömmes, EUR 9.99\n\u0026ldquo;Der Bierzauberer\u0026rdquo; kam bei einem Bücher-Adventskalender im deutschen Kindle Post als Kostenlos-Buch vorbei, also habe ich es mir erklickt und gelesen. Es ist ein historischer Roman über Niklas von Hahnfurt, einen Bierbrauer im 13. Jahrhundert und es erzählt die Geschichte und den Stand der Bierbrauerei in Deutschland, vor dem Reinheitsgebot und zum Teil vor dem Hopfen.\nNiklas kommt aus dem fränkischen, und gelangt über das Kloster Weihenstephan und das Kloster St. Gallen, über Regensburg und Bitburg bis schließlich nach Köln, wo er eine weltliche Bierbraustube eröffnet. In St. Gallen macht er sich einen Feind für das Leben, den Dominikanermönch Bernhard, der ihm als Inquisitor der Kirche nachstellt und ihn immer wieder zwingt, das Leben, das er sich aufgebaut hat zu verlassen und weiter zu wandern.\nGünther Thömmes ist Bierbrauer und Autor, und wenn er nicht über die Geschichte des Bieres schreibt, dann schreibt er Kriminalfälle, die mit Bier und Bierbrauen zu tun haben. Das Buch ist auch eine gute Ergänzung zu [http://cre.fm/cre194](CRE 194: Bier) mit Andreas Bogk und der Maus, äh, mit Tim.\n","date":"2012-08-27T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/27/fertig-gelesen-der-bierzauberer.html","tags":["book","review","media","lang_de"],"title":"Fertig gelesen: Der Bierzauberer"},{"categories":null,"content":"Blackout , Marc Elsberg, EUR 15.99\nUnd weil wir gestern gerade \u0026ldquo;Eine Billion Dollar\u0026rdquo; von Andreas Eschbach hatten: Ebendieser hat auf Google plus \u0026ldquo;Blackout\u0026rdquo; empfohlen, also habe ich mir das einmal angesehen.\nDer Hintergrund ist systematisch dem Vorgehen von Eschbach bei \u0026ldquo;Eine Billion Dollar\u0026rdquo; ähnlich, nur daß es diesmal um Strom, Stromnetzwerke und Smartmeter geht: In Europa kommt es nach dem Ausfall in Teilen des Kontinents zu einer Kettenreaktion und einem kontinentalen Blackout. Das Wiederanfahren des Stromnetzes will ebenfalls nicht gelingen, und langsam wird klar, daß es sich bei dem ganzen Vorfall um einen terroristischen Sabotageakt handelt. Diese Information jedoch zu den passenden Stellen weiter zu kommunizieren und die entsprechenden Maßnahmen umzusetzen erweist sich so ganz ohne Strom als mühsam. Unterdessen versinkt die Zivilisation in dem Tage andauernden Stromausfall erstaunlich schnell, und es wird klar, wie sehr unser Umfeld auf das Vorhandensein eines leistungsfähigen und ständig verfügbaren Energieverteilungssystems angewiesen ist.\nAuch Elsberg hat recherchiert und das Ergebnis seiner Recherche ist ein Katastrophenroman geworden. Elsberg haut mit seiner Geschichte in eine meiner Lieblingskerben: Das Problem bei Smartmetern ist eben nicht die mögliche Verletzung der Privatspähre, sondern deren Sicherheit . Diese Geräte sind die Eingangs-Sensoren für die Steuerung einer kontinentalen integrierten Kraftmaschine. Wenn es gelingt diese zu übernehmen und zu blenden, ist es sehr leicht, die gesamte Maschine effektiv zu blockieren, mit den von Elsberg sehr realistisch geschilderten Folgen.\n","date":"2012-08-26T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/26/fertig-gelesen-blackout.html","tags":["book","review","media","lang_de"],"title":"Fertig gelesen: Blackout"},{"categories":null,"content":"Exponentialdrift , Andreas Eschbach, EUR 3.99\n\u0026ldquo;Exponentialdrift\u0026rdquo; ist ein literarisches Experiment: Die Geschichte ist ursprünglich als Fortsetzungsroman in wöchentlichen Episoden in der FAZ erschienen und lief dort in etwa ein Jahr lang. Der Erzählstil ist von den extremen Platzbeschränkungen der Zeitung und von den Verflechtungen der Geschichte mit tagesaktuellen zeitgenössischen Ereignissen geprägt. Als Buch ist die Geschichte aus ihrem Entstehungskontext gerissen und wirkt sehr viel anders als im Original, nehme ich an.\nDem eigentlichen Text ist ein Werkstattbericht des Autors nachgestellt, der etwa ein Drittel des Gesamtwerks ausmacht. Wenn man sich für das Schreiben (oder besseres Lesen) interessiert, ist es dieser Teil, der den eigentlichen Wert des Buches ausmacht und der Geschichte im Vorderteil ihren Kontext und ihren Wert zurückgibt - dann ist es sogar faszinierend zu lesen, aber es wird auch klar, daß die Form des Fortsetzungsromans als Erzählform nicht zu unrecht ausgestorben ist.\nDie Geschichte: Auf einer Pflegestation erwacht ein Wachkomapatient, und während er langsam in seine Identität und sein altes Leben zurück findet, wird ihm klar, daß er inzwischen der Agent einer außerirdischen Macht ist, und noch dazu einer Macht, die interne Querelen verstrickt ist, die das Schicksal aller Menschen beeinflussen können.\nEine Billion Dollar . Andreas Eschbach, EUR 4.99\nGeld, Kapital, Zinseszins und exponentielles Wachstum sind das Thema von \u0026ldquo;Eine Billion Dollar\u0026rdquo;. Die Prämisse: Der arme New Yorker Schustersohn John Fontanelli erbt eine Million Millionen Dollar, die ein Vorfahre von ihm vor 500 Jahren angelegt hatte. Fontanelli erbt auch den Auftrag, mit diesem Vermögen Gutes zu tun. Der Leser folgt ihm, während Fontanelli dieses Problem zu lösen versucht und lernt mit Geld umzugehen und zu verstehen, was Geld bewirkt und was er mit Geld bewirken kann.\n\u0026ldquo;Eine Billion Dollar\u0026rdquo; ist eigentlich ein Lehrbuch über Kapital und wie Geld in der Welt funktioniert - Eschbach hat zu diesem Thema viel recherchiert und gießt seine Erkenntnisse in einen unterhaltsamen Roman statt noch ein Lehrbuch zum Thema zu schreiben - lupenreines und recht gelungenes Infotainment, das gerade im Zeitalter der Immobilienblasen und Schuldenkrisen noch einmal an Aktualität gewinnt.\n","date":"2012-08-25T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/25/fertig-gelesen-exponentialdrift-eine-billion-dollar.html","tags":["book","review","media","lang_de"],"title":"Fertig gelesen: Exponentialdrift, Eine Billion Dollar"},{"categories":null,"content":"Anomaly , Peter Cawdron, USD 2.99\nNew York, Mittags, an einem heißen Sommertag, in der Nähe des UN Gebäudes: Die Welt gerät aus den Fugen - wörtlich. Eine Kugelsektion von ca. 130 Metern Durchmesser, Bürgersteig , Fahnenmasten, Luft und alles andere, wird quasi aus der Erde herausgeschnitten und macht die Erddrehung nicht mehr mit.\nAußerirdisches Leben ist auf der Erde gelandet und ist so fremdartig und der Menschheit so weit voraus, daß die Menschen die Kontaktaufnahme beinahe nicht als Kommunikationsversuch erkennen. Als sie es endlich tun, kommt es zum Konflikt untereinander - Religionen geraten in die Krise, Ängste bestimmen die Reaktion, die Situation eskaliert. Dem Fremden bleibt am Ende nur, den Kontakt abzubrechen. Jedenfalls offiziell.\nEine interessant konstruierte Story. Der Autor hat sich die Aufgabe gesetzt, eine Kontaktaufnahme mit etwas wirklich Fremden zu schildern und wollte eine Heldenfigur, die Konflikte ohne den Einsatz von Gewalt löst. Das ist gelungen, aber das Lektorat muß über das Resultat noch mal mit der Drahtbürste rüber. $2.99 und das Geld ist es allemal wert.\n","date":"2012-08-24T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/24/fertig-gelesen-anomaly.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: Anomaly"},{"categories":null,"content":"In The problem with eBooks schreibt Diego Elio Pettenò über einen Aufenthalt in Los Angeles:\nI wouldn’t mind meeting people around here, and with people I don’t necessarily mean girls, to be clear. I would just prefer not to feel so … isolated in the crowd as I feel now. I guess being a geek in the surfer’s paradise is not that great a situation. But what has this to do with eBooks? Well, one thing that seemed to help for me the few weeks I spent in university was greeting people who were going around with books that I read before (and the other way around), but it’s hard to do so when you move around with an Amazon Kindle, as it shows no book cover!\nDiego überlegt, ob es nicht vielleicht hilfreich sein könnte, einen zweiten, äußeren Screen auf dem eBook-Reader zu haben, der das Cover des gerade gelesenen Buches zeigt, um Kultur und Kulturkonsum entdeckbar zu machen.\nJohnny Haeusler hat in seinem Essay Unsichtbare Kultur schon einmal etwas ähnliches dargestellt:\nMir fiel auf, dass es für meine Kinder in unserem Haushalt beinahe unmöglich war, zufällig auf tagesaktuelle Information oder Unterhaltung zu stoßen, da diese größtenteils auf den digitalen Gerätschaften der Eltern stattfand. Das zufällige Blättern in einer herumliegenden Zeitung, das gemeinsame Sehen (und darüber Reden) von TV-Nachrichten passierte ebenso selten wie das Stöbern im berüchtigten Plattenschrank und das damit verbundene zufällige Finden von Musik außerhalb des eigenen Kulturkreises namens Schulhof. Während die Eltern den ganzen Tag im Online-Ozean badeten, saßen die Kinder auf dem trockenen Offline-Sand.\nWas auch fehlt, ist eine Familien-Timeline, eine Möglichkeit, alle Online-Aktivitäten des Tages aufzuzeichnen und dann mit der Familie gemeinsam bequem zu teilen. Die Technik dafür ist teilweise schon da , nur will das einerseits niemand wirklich in die Cloud schießen und andererseits gibt es auch keine Anwendungen, die das nutzen.\nDas Problem ist nur: Papier will auch keiner mehr. Oder Fernsehen.\nWas können wir tun?\n","date":"2012-08-23T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/23/discoverable-culture-das-buch-als-konversationsst-ck.html","tags":["kultur","media","privacy","lang_de"],"title":"Discoverable culture: Das Buch als Konversationsstück"},{"categories":null,"content":"A Confusion of Princes , Garth Nix, USD 9.99\nKhemri ist ein Prinz eines intergalaktischen Imperiums, eine Ansammlung von Welten, die durch Technologie, Biotech und Psionik zusammengehalten und von einem Geist in der Maschine, dem Imperator, regiert wird. Khemri wird nun bald volljährig und weiß auf Grund seiner Ausbildung, daß er bald romantische und heroische Abenteuer erleben wird, bevor er die Welt rettet und selber Imperator wird.\nEs stellt sich raus, daß die Realität komplizierter ist. Zum Beispiel gibt es zehn Millionen Prinzen, und es kann nur einen Imperator geben. Schon Sekunden nach seiner Volljährigkeit muß Khemri sich also gegen Attentäter wehren und verzweifelt versuchen, am Leben zu bleiben. Auf der Suche nach Sicherheit und als Spielball von intrigierenden Mächten in einem verdammt großen und feindseligen Universum muß er sich mit einer Realität auseinandersetzen, die viel komplizierter und härter ist als seine Ausbildung ihn ahnen ließ.\n\u0026ldquo;A confusion of princes\u0026rdquo; ist ein Jugendbuch und Bildungsroman, und eine wunderbare Space Opera, die alles hat, was man von dem Genre erwarten würde. Entsprechend dem Genre \u0026ldquo;Space Opera\u0026rdquo; ist das Universum schillernd und überlebensgroß, und es gibt viel Fi und wenig Sci. Nach dem How to live safely in a science fictional universe war das genau die richtige Erholung.\n","date":"2012-08-23T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/23/fertig-gelesen-a-confusion-of-princes.html","tags":["lang_de","book","review","media"],"title":"Fertig gelesen: A confusion of princes"},{"categories":null,"content":"Damit Du Bescheid weißt , Klemens Tilmann, EUR 0.54 (antiquarisch, stark variabel)\n\u0026ldquo;Damit Du Bescheid weißt\u0026rdquo; ist eine Aufklärungsfibel von einem katholischen Geistlichen für heranwachsende Mädchen aus den frühen fünfziger Jahren. Ein Freund von mir hatte es vor vielen Jahren zu einer Silvesterparty dabei, und wir haben uns den Abend vertrieben, indem wir reihum daraus vorgelesen haben. Gute Unterhaltung.\nAus einer Laune heraus habe ich das Buch auf Amazon gesucht, bestellt und einmal komplett durchgelesen. Es ist seltsam veraltet und zugleich zeitlos, lächerlich und anrührend, kraß chauvinistisch und einfühlsam - eine ganz eigene Erfahrung aus einer komplett anderen Zeit, die vor allen Dingen demonstriert, wie sehr sich unsere Gesellschaft und ihre Werte in den vergangenen 60 Jahren verändert haben.\nDas Buch zu lesen ist sehr hilfreich, wenn man verstehen möchte, welche Geisteshaltungen aufeinander prallen, wenn etwa die Piratenpartei und Kern-CSU in irgendeinem Parlament über Familien- oder Drogenpolitik miteinander diskutieren.\nDas Werk ist antiquarisch und wahrscheinlich kaum zu beschaffen. Ein klarer Fall für ein Rainbows End (*), wenn das legal wäre: Dem Buch den Rücken aufschneiden, es scannen und OCRen, und dann mobifizieren, das wäre es. Vielleicht sollte das jemand einfach mal machen.\n(*) from a review :\nThe UCSD Library conflict actually grows directly out of the other aspect of the book of interest to e-book fans: the digitization of the contents of the library. In the timeframe of the book (sometime in the 2020s, apparently), physical books’ intrinsic value has declined to the point where the books themselves are considered much less valuable than their contents.\nSo, to get at the contents, a company is destroying the books themselves—feeding them through a shredder then blowing the shreds through a tunnel lined with high-resolution cameras. The cameras capture images of the shreds, then batteries of computers stitch them together into reconstructions of the pages, like jigsaw puzzles. The idea is to gather and collate all the world’s knowledge, to unlock synergies that had been prevented by it all being so inaccessible before.\n","date":"2012-08-23T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/23/fertig-gelesen-damit-du-bescheid-wei-t.html","tags":["book","review","media","politik","religion","lang_de"],"title":"Fertig gelesen: Damit Du Bescheid weißt"},{"categories":null,"content":"How to live safely in a science-fictional universe , Charles Yu, inzwischen USD 11.99, dafür aber mit Bonusmaterial das keiner will in der Kindel-Edition - vermutlich weil jemand versucht hat, dem Autor einen Preis zu verleihen\nHier ist die Selbstbeschreibung von \u0026ldquo;Sicher leben in einem Science-Fiction Universum\u0026rdquo;:\nMinor Universe 31 ist ein großer Geschichtenraum am Rande der Fiktion, wo Paradoxien fluktuieren wie der Aktienmarkt, einsame Sexbots gescheiterte Protagonisten locken und Zeitreisen ein echtes Geschäft sind. Jeden Tag steigen Leute in Zeitmaschinen und versuchen die eine Sache zu tun, die sie nicht tun sollten: Sie versuchen die Vergangenheit zu ändern. Das ist, wo Charles Yu, Zeitreisetechniker, ins Spiel kommt. Zusammen mit TAMMY, einem Betriebssystem mit einem Selbstwertproblem und Ed, seinem nichtexistenten, aber nichtsdestotrotz wirklichen Hund, schützt er Leute vor sich selbst - im Wortsinn. Wenn er grad nicht arbeitet, besucht er seine Mutter (die in einer einstündigen Zeitschleife steckt und endlos Abendessen vorbereitet) oder sucht nach seinem Vater, der die Zeitmaschine erfand und ihn ihr verschwand.\nWas nach einer großartigen Prämisse und viel Spaß klingt, wird von den überliterarischen Ambitionen des Autors spaßfrei zu einer \u0026ldquo;Ich verarbeite die Beziehung zu meinem Vater in einer fiktiven Autobiographie\u0026rdquo; verwurstet. Schade, denn das Konzept hätte dasselbe auch auf eine Weise leisten können, der man den Uni-Schreibkurs \u0026ldquo;Ich mach jetzt Hochliteratur, aber mit Gewalt\u0026rdquo; nicht so anmerkt. Das war anstrengend.\n","date":"2012-08-22T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/22/fertig-gelesen-how-to-live-safely-in-a-science-fictional-universe.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: How to live safely in a science fictional universe"},{"categories":null,"content":"Wir generieren eine neue Art von Materialized View mit dem bekannten Generator-Setup:\nDas neue Setup unterscheidet sich in der Logik von denen, die wir bisher verwendet haben, und so kommt es beim Testlauf zu einem ungewöhnlichen und unerwarteten Ereignis:\nUm 14:30: Ein Gigabit-Netzwerk mit 125 MB/sec ausgelastet.\nBei einem Probelauf gehen die Alarme los, weil der Gigabit-Netzwerkstrang zur Datenbank mit 125 MB/sec (Ein Gigabit/sec) vollständig ausgelastet ist. Wie man sehen kann, ist die Datenbank zu diesem Zeitpunkt nicht besonders beschäftigt:\nUm 14:30: Keine auffällig hohe Anzahl von Queries/s.\nAuch auf dem Binlog ist nichts besonderes zu sehen:\nKeinerlei Ausschläge bei der Binlog-Größe - Replikation ist ja sonst immer wieder gerne genommen, um ein Netzwerksegment vollständig zu füllen.\nUnd auch der lokale Change auf der Datenbank hält sich in extrem überschaubaren Grenzen:\nMaximal 400 MB aktives Redo-Log auf einer Maschine mit 50GB oder 100GB Buffer Pool sind verschwindend gering.\nWie man sehen kann, ist das Redo-Log der Datenbank zum Zeitpunkt des Vorfalls weit unter 400 MB groß. Auf einer Datenbank mit einem Buffer Pool von 50-100 GB bedeutet das einen verschwindend geringen Anteil von noch nicht zurückgeschriebenen Änderungen.\nAuch die CPU der Maschine ist unauffällig - ein Multicore-Server mit einer Auslastung um die 100% (ein Core Busy) ist extrem entspannt.\nMulticore-Server mit einer CPU-Auslastung in der Gegend von einem Core.\nWas zum Teufel geht hier vor?\nDas wird schnell deutlich, denn man ein paar Dinge prüft, die mit dem Test zu tun haben. Die relevante Tabelle sieht so aus:\nmysql\u0026gt; show table status like \u0026#39;...\u0026#39;\\G Name: ... Engine: InnoDB ... Avg_row_length: 77539 ... 1 row in set (0.00 sec) mysql\u0026gt; show create table ...\\G Table: ... Create Table: CREATE TABLE `...` ( `id` mediumint(8) unsigned NOT NULL, `body` mediumblob NOT NULL, `digest` binary(20) NOT NULL, `last_change` int(10) unsigned NOT NULL, `last_check` int(10) unsigned NOT NULL, PRIMARY KEY (`id`), KEY `last_check` (`last_check`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 1 row in set (0.00 sec) Wir haben hier also ein System, bei dem Daten materialisiert und als Blob mit dem Namen \u0026lsquo;body\u0026rsquo; in der Tabelle gespeichert werden. Ist der Blob schon vorhanden und auf Stand, muß der Blob selber nicht geändert werden, aber es wird das Feld \u0026rsquo;last_check\u0026rsquo; aktualisiert.\nAußerdem ist Row Based Replication konfiguriert:\nmysql\u0026gt; show global variables like \u0026#39;binlog_format\u0026#39;\\G Variable_name: binlog_format Value: ROW 1 row in set (0.00 sec) Nun verhält es sich aber mit RBR folgemdermaßen :\nIn MySQL row-based replication, each row change event contains two images, a “before” image whose columns are matched against when searching for the row to be updated, and an “after” image containing the changes. Normally, MySQL logs full rows (that is, all columns) for both the before and after images.\nWir haben also eine Average Row Length von 77539 Bytes, und wir loggen für jede Änderung die komplette Row zweimal: einmal in der alten und einmal in der neuen Version. Wir schreiben also im Schnitt 140 KB, wenn ein last_changed Feld von 4 Bytes geändert wird.\nAußerdem ist:\nmysql\u0026gt; select count(command) as c from processlist where command = \u0026#39;binlog dump\u0026#39;; +----------+ | c | +----------+ | 45 | +----------+ 1 row in set (0.00 sec) Wir drücken diese 140 KB pro Change also an 45 unabhängige Slaves raus (das ist hier hauptsächlich der Tatsache geschuldet, daß das Zielsystem eigentlich eine leicht andere Aufgabe hat und für diese Tests, die eigentlich keinen meßbaren Impact hätten haben sollen, zweckentfremdet wurde).\nDas Problem ist in MySQL 5.6 gelöst, wo man mit der neu eingeführten Variable binlog-row-image und den Modi \u0026rsquo;noblob\u0026rsquo; und \u0026lsquo;minimal\u0026rsquo; auf die Übertragung der ungeänderten Blobs verzichten kann.\nIn MySQL 5.5 löst man das Problem mit einer künstlichen 1:1- oder 1:0-Relation, die die Blobs in einer gesonderten Tabelle speichert und so isoliert.\nIn normalen Umständen, also ohne Blob oder Text-Typen, sind RBR-Logfiles zwischen 50% und 66% kleiner als SBR (Statement Based Replication)-Logfiles. Nur bei extrem breiten Rows explodiert dies.\nMan beachte, daß der Master diese Last auf der linken Backe absitzt. Er zeigt tatsächlich auch nicht mal meßbar Disk-I/O, weil er seine Slaves aus dem File System Buffer Cache bedient.\n","date":"2012-08-22T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/22/mysql-vs-gigabit-network.html","tags":["debug","mysql","networking","performance","lang_de"],"title":"MySQL vs. Gigabit Network"},{"categories":null,"content":"The Epoch Index , Christian Cantrell, USD 0.99\nRanveer bringt Leute um, und er ist gut darin. Quinn Mitchell jagt Mörder, und sie ist so gut darin, daß sie es eigentlich von ihrem Schreibtisch aus tut: Sie ist Data Analyst für die CIA und sie findet ihre Ziele, indem sie Beziehungen und Querverbindungen zwischen Tatsachen, Menschen und Ereignissen herausfiltert und Muster erkennt.\nIn diesem Fall jedoch zeigen alle Querverbindungen auf ein Dokument, daß es nicht geben dürfte: Den Epoch Index - Daten, die das LHC aus der Zukunft aufgefangen hat. Jemand in der Zukunft möchte Menschen in der Gegenwart tot sehen… Mitchell findet den Feind, und es ist…\nAuch dies ist eine relativ kurze, aber gut erzählte Zeitreise-Paradox-Novelle, die einem einen regnerischen Nachmittag lang beschäftigen kann.\nIf at first… , Peter F. Hamilton, kostenlos\nDieselbe Logik finden wir noch einmal angewendet, diesmal bei Peter Hamilton: Jemand, Marcus Orthew, baut eine Zeitmaschine und sendet seinen erwachsenen Geist zurück in den Körper seiner Kindheit. Ein Polizist kommt ihm auf die Spur, und stellt Orthew genau in dem Moment, in dem dieser sich absendet. Natürlich wird auch der Polizist mitgrissen und landet in seinem elf Jahre alten Ich - und startet ein neues, ganz anderes Leben. Bis Orthew auf ihn aufmerksam wird\u0026hellip;\nNoch kürzer als \u0026ldquo;The Epoch Index\u0026rdquo;, selbes Thema/Twist.\n","date":"2012-08-21T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/21/fertig-gelesen-the-epoch-index-if-at-first.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: The Epoch Index und If at first..."},{"categories":null,"content":"\u0026ldquo;Hey, Kris! Wir haben zwischen 16:20 und 17:20 CEST einen Lasttest durchgeführt und kurz vor 17:00 Uhr einen unerklärlichen Spike und einen Leistungsabfall festgestellt. Kannst Du mal gucken?\u0026rdquo;\nKlar kann ich. Wo ich arbeite machen wir etwas, das wir Testing in Production nennen.\nFür Lasttests bedeutet das, daß wir einzelne Systeme im Loadbalancer so lange relativ höher gewichten bis sie Probleme bekommen und umfallen. Zur Kontrolle legen wir mit Apache Siege eine Reihe von Sensor-Requests in das zu testende System, nicht zur Lastgenerierung, sondern um zu sehen, wann die Latenz nach oben geht, also um Sättigung des zu testenden Systems zu bemerken bevor es Fehler zu generieren beginnt.\nWenn wir nahe an den Sättigungspunkt gelangen, erhöhen wir die Last in sehr winzigen Schritten, bis wir tatsächlich Systemversagen zu beobachten beginnen und können so nicht nur die Lastgrenze, sondern auch die Symptome beim Systemversterben genau und unter realistischen Bedingungen ermitteln. Das macht die Arbeit im Operations Team sehr viel einfacher.\nWenn ein System aber Probleme hat und dann bei statischer Load zurück kommt, liegt eine andere Situation vor. Es ist wichtig herauszufinden, was genau hier passiert.\nHier die Metriken:\nReplication Delay legt das Krisenfenster in die Zeit zwischen 16:53 (Delay Spike) und 17:00 (Recovery).\nZur selben Zeit auch ein Disk Read Spike. Read Spikes sind ungewöhnlich, weil das betreffende System so dimensioniert ist, daß es seinen Working Set praktisch vollständig im Hauptspeicher halten kann:\nDas fragliche System soll operativ für alle praktischen Zwecke gar nicht von der Platte lesen.\nWir können nun nach weiteren Quellen für ungewöhnliches Verhalten suchen: CPU und Connections gehen von 16:52 bis 17:00 hoch, aber es gibt keine Row Acces Spikes, keine Spikes bei Tmp-Tables-to-disk und auch keine Spikes bei Sortiervorgängen, insbesondere Merge Sorts.\nDer InnoDB Buffer Pool Graph hat am Ende den entscheidenden Hinweis:\n16:52 - InnoDB Buffer Pool verkleinert sich.\nUm 16:52 verkleinert sich der InnoDB Buffer Pool. Das tritt im Normalfall nur dann auf, wenn Speicherseiten im Pool freigegeben werden, und das wiederum kann nur dann geschehen, wenn eine Tabelle mit TRUNCATE TABLE zurückgesetzt oder mit DROP TABLE gelöscht wird.\nWir müssen also schauen, ob es in der Zeit von 16:50 bis 16:53 DDL-Statements gegeben haben, die Tabellen kürzen oder löschen. Auf allen unseren Systemen läuft zu diesem Zweck log_processlist das eine Reihe interessanter Dinge aus der Datenbank für post-mortem Analysen lokal aufzeichnet und für bis zu eine Woche vorhält.\nTatsächlich findet sich:\n# less 16_52.innodb.gz ... SQL: SELECT * FROM INFORMATION_SCHEMA.INNODB_TRX 910556099 RUNNING 2012-08-08 16:51:59 NULL NULL 0 2 TRUNCATE TABLE tmp_gethoteldescriptiontranslations truncating table 1 1 0 376 0 0 0 REPEATABLE READ 1 1 NULL 0 10000 ... Der Pileup entsteht durch eine Folge von DDL-Locks, die durch ein Wartungsscript erzeugt werden. Das Script lädt eine neue Tabelle in die Datenbank, tauscht die aktive Tabelle mit der neuen Tabelle aus und setzt die alte Tabelle dann zurück bevor es sie löscht.\nBackground Table Drop würde hier helfen, aber die fragliche Kiste ist wie ihre Geschwister noch 5.5.16 und nicht 5.5.23.\n","date":"2012-08-21T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/21/mysql-hakt.html","tags":["debug","mysql","performance","lang_de"],"title":"MySQL hakt..."},{"categories":null,"content":"Nymph: The Singularity , J.E. Lansing, USD 0.99\n\u0026ldquo;Nymph\u0026rdquo; hätte leicht ins Auge gehen können - Heinlein hat diese Sorte Geschichte verrissen, Stross ist so grad damit davon gekommen, Lansing kriegt es seltsamerweise hin: \u0026ldquo;Suzanne\u0026rdquo; ist ein Sexbot, gebaut für ihren Eigentümer Alex, und die Geschichte wird aus ihrer Sicht erzählt.\nSie lernt, was sie ist und wie sie entstanden ist: Eine genaue Kopie von Alex verstorbener Frau, und sein Versuch, ihren Tod ungeschehen zu machen. Natürlich kann Suzanne Alex ihre Vorgängerin nicht ersetzen oder perfekt simulieren, und so lehnt Alex sie ab, und Suzanne beginnt, die Grenzen ihrer initialen Programmierung zu transzendieren - und ihre abgeschlossene kleine Welt zu verlassen.\nDas schöne an dem US Kindle Markt ist, daß man dort Bücher zu geringen Preisen findet und es so nicht weh tut, wenn man einmal daneben haut. Also kann man auch einmal riskieren, ein Buch auszuprobieren, das gut bewertet wird, auch wenn einen Thema und Kontext eher abstoßen - es steht ja nicht viel auf dem Spiel. Und dann findet man manchmal Geschichten, die unerwarteterweise funktionieren, obwohl man weiß, daß das Thema für den Autor riskant ist und schnell schlechte Geschichten erzeugt. \u0026ldquo;Nymph\u0026rdquo; ist so eine Geschichte, die es schafft, eine interessante und nicht-ekelige Story zu erzählen, obwohl es eine Sexbot-Story ist. Und so was ist genau der Grund, warum ich meinen Account auf dem US Kindle Store liegen habe.\n","date":"2012-08-20T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/20/fertig-gelesen-nymph-the-singularity.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: Nymph - The Singularity"},{"categories":null,"content":"In Entwickler kritisieren Oracles Umgang mit MySQL berichtet Heise über die Entdeckung von Sergei, daß Oracle zu einigen Bugs keine Tests mehr ins Open Source Repository von MySQL stellt.\nDamit man die Vorgänge ein bischen besser versteht, muß man den Hintergrund ein wenig erläutern: Die meiste Open Source Software, die Datenbanken benutzt, verwendet MySQL als primäre Datenbanken. Der Support für Varianten von MySQL, PostgreSQL oder gar kommerzielle Datenbanken ist in der Regel schlecht bis nicht vorhanden. Das ist ein extrem starker Effekt: Das Drizzle -Projekt zum Beispiel hat die MySQL-Quellen radikal aufgeräumt und so eine sauberere und leichter weiter entwickelbare Version einer Datenbank produziert, die jedoch zu dem \u0026lsquo;Original\u0026rsquo; inkompatibel geworden ist. Drizzle wird von nahezu keinem Projekt sinnvoll unterstützt, und existierende MySQL-Software läuft nicht mehr gegen einen Drizzle-Server.\nDie anderen bestehenden Forks, Percona und MariaDB sind also peinlich genau darauf bedacht, die Kompatibilität zu bestehendem und sich weiter entwickelndem MySQL nicht auf eine Weise zu verändern, die die Ausführbarkeit von Anwendung in irgendeiner Weise gefährdet.\nPercona ist eine Firma, die Support- und Consultingdienstleistungen zu MySQL anbietet und eben auch den InnoDB-Teil von MySQL zu XtraDB forked, Monty Program AB und SkySQL sind Firmen, die den MariaDB Fork von MySQL entwickeln und mit Dienstleistungen versorgen. Aus der Sicht von Oracle sind dies kommerzielle Konkurrenten.\nOracle bekämpft diese aus ihrer Sicht kommerzielle Konkurrenz auf zwei Weisen:\nZum Einen durch die o.a. Schließung von Testfällen und einzelnen Bug Reports (auch das Handbuch von MySQL ist nicht von der GPL abgedeckt, unter der der Server Sourcecode selber veröffentlicht wird). Dadurch wird Percona und MariaDB das Gleichziehen mit und die Kompatibilität zu MySQL erschwert.\nZum anderen durch das extrem hohe Entwicklungstempo in Bezug auf MySQL: MySQL 5.5 war ein ausgezeichnetes und extrem stabiles Release, das in der Versionsgeschichte von MySQL Maßstäbe hinsichtlich Performance und Fehlerfreiheit gesetzt hat. MySQL 5.6 wird dies - das ist jetzt schon absehbar - weit übertreffen.\nSpekulationen, Oracle wolle MySQL aussterben oder aushungern kann man also getrost verwerfen: Das ist genau nicht das, was mit MySQL gerade passiert. Stattdessen ist MySQL seit Oracle schneller, besser und stabiler geworden und die Entwicklung des Hauptzweiges von MySQL ist auf eine Weise vorangekommen die vorher undenkbar gewesen wäre.\nOracle geht aber gerade sehr gezielt gegen aus ihrer Sicht kommerzielle Konkurrenten und Trittbrettfahrer vor und versucht diese auszuhungern. Mittel- und langfristig wird dies zu einer Spaltung von \u0026ldquo;Open Source MySQL\u0026rdquo; (MariaDB, Percona und Drizzle) und kommerziellem MySQL führen.\nOpen Source MySQL ist dafür in einer denkbar schlechten Position, da noch eine ganze Reihe von Abhängigkeiten zwischen Open Source MySQL und Oracle bestehen: Zum einen hat Open Source MySQL keine freie Dokumentation und keine freien Ausbildungsmaterialien - die Dokumentation zu MySQL steht im Gegensatz zum Quelltext nicht unter der GPL und gehört daher mit allen Rechten Oracle. Ebenso fehlt es an freien Ausbildungsmaterialien und Beispielen für korrekte \u0026ldquo;Anwendung\u0026rdquo; von MySQL in häufigen Problemstellungen, mit denen Entwickler und Administratoren an MySQL herangeführt werden können.\nZum anderen gibt es keine gemeinsame Roadmap von den Entwicklern der MySQL-Forks und von Nutzern von MySQL. Niemand weiß in Open Source MySQL, wo Anwender von MySQL Probleme sehen und Weiterentwicklung wünschen und niemand weiß, welche Richtung für die Weiterentwicklung die jeweiligen Forks für sich so vorsehen.\nSolange sich die Open Source MySQLer - und Open Source MySQL Anwender! - nicht zusammentun, und gemeinsam Marken, Standards und Dokumentation für \u0026ldquo;Open Source MySQL\u0026rdquo; entwickeln, wird Oracles Spaltungstrategie aufgehen. Abhilfe kann hier nur eine Fokussierung von Entwicklungsaufwänden und eine gemeinsame Behebung von Defiziten bringen - das Produkt und das Projekt sind inzwischen zu groß geworden um in mehreren weittstreitenden Projekten und unter dem Druck von Oracle mitzuhalten.\nDie Tatsache, daß weite Teile der MySQL-Anwendergemeinschaft noch immer einer MyISAM-Denkweise und dem Ausbildungsstand von 2005 verhaftet sind, hilft dabei kein Stück. Anleitungen und Tutorials zu MySQL erklären Transaktionen, korrekten Umgang mit Grenzfällen, InnoDB Performancetuning, Debugging von Performanceproblemen, die aus der Umstellung von MyISAM nach InnoDB entstehen und ähnliche Dinge so gut wie gar nicht, und in der Regel schon gar nicht korrekt. Der Abstand zwischen der MySQL-Entwicklung (in allen Geschmacksrichtungen) und dem Ausbildungsstand der Community gemessen an den Tutorials und typisch publiziertem Code ist größer den je. Es wird Zeit, den nächsten Schritt zu tun! Dazu fehlt es jedoch an Material.\nTL;DR: Die MySQL-Community ist selbst schuld und muß sich besser organisieren, Aufwände zusammenfassen und Defizite wie das fehlende freie Manual beheben. Der generelle Ausbildungsstand unter MySQL-Anwendern ist im Mittel und im Median katastrophal.\nPostscriptum: In den einschlägigen Diskussionen bei Heise, auf Slashdot und anderswo wird gerne auf Postgres und allen Ernstes auf SQLite als Alternative verwiesen. Dazu kann man folgendes sagen:\nWer Sqlite vorschlägt hat noch nicht einmal das Problem verstanden.\nPostgres ist in aktuellen Versionen wahrscheinlich in der Lage, von der Performance her mit MySQL mitzuhalten. Die Postgres-Community ist jedoch von der Denkweise und vom Entwicklungsansatz her nicht wirklich mit dem MySQL-Weltbild kompatibel:\nPostgres-Modellierer sehen die Datenbank in den meisten Fällen als Monolithen, der die Herrschaft über die Daten und ihre Integrität hat und die Regel für den Zugriff auf diese Daten auch in einer defekten oder feindlichen Umgebung garantiert. MySQL-Modellierer sehen die Datenbank und ihre Nutzer als System, das kooperativ den Umgang mit den Daten reguliert. Nach dem Yegge-Modell ist Postgres also Software-Konservativ, MySQL Software-Liberal.\nDie MySQL-Gemeinschaft entwickelt Eigenschaften der Datenbank in der Regel iterativ: \u0026ldquo;Wir wissen, daß das kaputt ist, releasen das Feature aber schon mal, damit ihr damit Erfahrungen sammeln könnt und uns dann Hinweise darauf geben könnt, was wirklich wichtig ist\u0026rdquo;. Das ist der Bazaar-Ansatz für Architektur und funktioniert nach Maßgabe von MySQLern sehr gut. Statement-Based Asynchronous Replication in MySQL zum Beispiel ist fundamental limitiert und am Ende für eine bestimmte Fehlerklasse nicht reparierbar, leistet aber in vielen Deployments erfahrungsgemäß und inzwischen über mehr als eine Dekade ausgezeichnete Dienste. Inzwischen gibt es Alternativen und Weiterentwicklungen (RBR, Semisynchronous Replication, GTID), aber in der Zwischenzeit haben alle schon einmal prüfen können, was die Vorteile und Nachteile der existierenden Implementation sind und was wirklich Reibungspunkte sind, die einer Verbesserung bedürfen.\nDer Kathedralenansatz von Postgres hat dazu geführt, daß Postgres sehr lange keine sinnvolle Replikation zur Verfügung hatte und bestimmte Ideen in Postgres vollkommen überkomplex reguliert sind. Mein Arbeitgeber zum Beispiel hat sein System ursprünglich auf Postgres aufgebaut und dies dann im laufenden Betrieb auf eine MySQL-Architektur migrieren müssen, damit das System über einen monolithischen Server hinaus skalierbar wurde. Das war vor mehr als 10 Jahren, und Postgres hat dann effektiv letztes Jahr erstmals einen Ansatz gehabt, mit dem man das System mit Postgres auf sinnvoll hätte skalieren können. Aus dieser Sicht kann man also getrost sagen, daß \u0026ldquo;MySQL an Stellen Fehler hat, an denen Postgres nicht mal Code hatte\u0026rdquo;.\nSiehe auch einen älteren Artikel zum Thema (der Artikel bezieht Performancegewinne von MySQL 5.5 und 5.6 noch nicht ein).\n","date":"2012-08-20T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/20/mysql-testcases.html","tags":["free software","mysql","lang_de"],"title":"MySQL Testcases"},{"categories":null,"content":"The Frozen Sky , Jeff Carlson, USD 0.99\nDie Menschen sind zum Jupiter gekommen, weil er eine reichhaltige und billige Quelle für Treibstoff im Heimatsystem war. Europa\u0026rsquo;s äquatoriale Eisebenen sind eine gute Heimatbasis für die Menschen und ihre fusionsgetriebenen Mechas und Maschinen. Aber es sollte 18 Jahre dauern, bis die Menschen sich weiter auf Europa vorwagen und die Tiefen von Europas Schächten, Spalten, Kellern, Schmelzflüssen und Querverbindungen abseits der Ladezonen zu erforschen beginnen.\nEine unwirtliche Gegend, und eine, die dem Equipment schnell zusetzt. Und dann, neun Kilometer unter dem Eis, stellt die Forschungsgruppe fest, daß sie nicht die Ersten hier unten sind. Europa trägt eingeborenes Leben, und es kommt zum Kontakt.\nEine Novelle über eine Erstkontaktsituation, fremdes Leben in einer fremden Umgebung und die Unmöglichkeit der Kommunikation. Ein Dollar, gut angelegt, Stoff für einen regnerischen Nachmittag.\n","date":"2012-08-19T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/19/fertig-gelesen-the-frozen-sky.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: The Frozen Sky"},{"categories":null,"content":"Containment , Christian Cantrell, USD 2.99\nArik ist ein Angehöriger der ersten Generation der in der Venus-Kolonie geborenen Kinder, und ein Wunderkind - seine Aufgabe ist, an der Entwicklung der künstlichen Photosynthese zu forschen, auch um die Lebenfähigkeit der Kolonie bei wachsender Bevölkerung sicherzustellen. Doch nach einem Unfall beginnt seine Welt auseinander zu fallen und Inkonsistent zu werden.\nEine kurze und unkomplizierte Geschichte in der Art Total Recall meets M. Night Shyamalan, und auch wenn man als erfahrener Scifi-Leser die Pointe meilenweit kommen sieht, bleibt das Buch spannend. Ich habe es für USD 0.79 bekommen, inzwischen kostet es USD 2.99 (ist aber für US Amazon Prime Kunden kostenlos). Reicht für einen oder zwei nette Abende, und ist sein Geld wert.\n","date":"2012-08-18T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/18/fertig-gelesen-containment.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: Containment"},{"categories":null,"content":"In habe ich erklärt, wo die persönlichen Vorteile der Offenlegung von Informationen über eigene Interessen oder Eigenschaften liegen können, und es in den Kommentaren auch mit einigen ganz konkreten, selbst erfahrenen Beispielen belegt: Gezielte Veröffentlichung von Interessen ermöglicht uns, einander zu finden und uns horizontal, unter Gleichen, zu organisieren.\nSehr viel drastischer schlägt Charles Stross in The Internet is for porn in dieselbe Kerbe. Bei ihm geht es um sexuelle Vorlieben und wie diese durch das Internet gemainstreamed werden:\n[\u0026hellip;] stuff that, in 1970, you would have had to search out from specialist retail distributors [\u0026hellip;]is today ubiquitous and available at the click of a mouse button. But it\u0026rsquo;s also a side-effect of the web making it easy to construct social networks among people with minority interests; suddenly all sorts of stuff that was hidden back when it was just one person per 10,000 population town emerges as a 30,000-strong continental community. The 0.01% are no longer hidden, can no longer be marginalized. Never mind the 1% or the LGBT 10%.\nIn Deutsch: \u0026ldquo;Zeugs, für das man 1970 zu einem Spezialgeschäft hätte gehen müssen [\u0026hellip;], ist heute mit einem Mausklick leicht erhältlich. Aber das ist auch sein Nebeneffekt des Web, welches es leicht macht, sich in sozialen Netzwerken zu organisieren und zu finden. All das Zeugs, das damals versteckt war, weil es nur eine Person in einer 10.000 Einwohner-Stadt interessiert hat, ist nun Thema einer 30.000 Personen starken kontinentalen Gemeinschaft. Die 0.01% können nicht mehr marginalisiert werden, die 1% oder die LBGT 10% noch viel weniger.\u0026rdquo;\nDie Struktur, um die es hier geht, und die Leute ermächtigt, ist die horizontale Kommunikation und der Zusammenschluß von geographisch verteilten, interessengleichen Personen, und die Ermöglichung der Gruppenbildung. Gruppeninteressen, die sich auf diese Weise bilden können, werden Machtfaktoren, und sind plötzlich Mitspieler in der öffentlichen Diskussion und Wertefindung - natürlich kompliziert sich so das Tagesgeschäft der Politik, und natürlich müssen die etablierten Spieler diese neuen Entwicklungen zur Kenntnis nehmen, wollen dies aber wenn möglich nicht.\nDie Effekte sind dennoch profund, und führen zu unerwarteten Entwicklungen. Das republikanische Sprachrohr Fox News und viele Mitglieder der republikanischen Partei bewegen sich langsam von ihren Positionen gegen gleichgeschlechtliche Partnerschaften weg: The Gay Rights Revolution arrives at Fox News :\nFractures in conservative opposition to gay rights and even same-sex marriage have now widened to include the core of the right’s message machine, the Fox News Channel, where a cadre of younger voices have begun to defend same-sex relationships and even advocate openly for same-sex marriage. [\u0026hellip;] But like the Republican Party, whose leaders have begun to step away from anti-gay positions that are deeply unpopular with younger voters, Fox appears to be feeling pressure both from its younger staff and key audience segments to reflect what polls suggest is a rapidly shifting consensus.\nEs ist genau wie Charles Stross schreibt: die LBGT 10% können auch und gerade von den Republikanern nicht mehr marginalisiert werden, weil sie jetzt als eine Gruppe auftreten können und seit dem Internet auch massiv Sichtbarkeit gewonnen haben. In Charles Stross Termen ist aus etwas, das vor 40 Jahren Material für eine Erpressung geliefert hätte, weil es privat war und privat bleiben mußte, eine mächtige, normale und anerkannte politische Bewegung und eine anerkannte gesellschaftliche Normalität geworden.\nHätte man so etwas im Privaten gelassen, hätte sich die Gesellschaft nicht verändern können.\nIn Post-Privacy: Prima leben ohne Privatsphäre spricht Christian Heller einen ähnlichen Aspekt an:\nEin bürgerliches Unbehagen des 19. Jahrhunderts galt den Proletariermassen, den Horden der Unterschicht. Mit sozialen Wohnprojekten sollte nicht nur die Verwahrlosung der Elenden unterbunden werden, sondern vor allem auch ihre Vermischung, ihre Zusammenballung. Der einzelne Proletarier war für sich kein Problem; aber in der Menge, in der Verbrüderung, wurde er gefährlich, musste er kontrolliert werden. [\u0026hellip;]\nDiese Strategie zeigte sich auch in Wohnprojekten. In Frankreich verpflanzten großzügige Unternehmer ihre Arbeiterfamilien in Siedlungen kleiner Einfamilienhäuser mit getrennten Zimmern, einem Garten und Gartenzaun. Kein übles Angebot, denn natürlich waren diese Behausungen um ein Vielfaches wohnlicher als jede Mietskaserne. [\u0026hellip;]\nDer Gartenzaun war bedeutsam: Er sollte eine nicht nur architektonische, sondern auch geistige Grenze gegenüber den Nachbarn ziehen. Der Arbeiter sollte lernen, sich als getrennt von seinem Nebenmann zu betrachten, statt als Teil derselben Schicksalsgemeinschaft im Klassenkampf. Der Zaun sollte den Mob auftrennen und den Horizont der Arbeiter auf ihre Privatsphäre verengen.\nDas Konstrukt, das hier angestrebt wird, ist genau das, das solche Normalisierungen und Neubildungen von gesellschaftlichen Interessengruppen verhindern soll: Der Einzelne soll horizontal durch das Konstrukt der Privatheit isoliert werden, aber natürlich vertikal durch die Obrigkeit jederzeit leicht adressierbar und kontrollierbar sein.\nDiese Denkweise erklärt auch das Sommerlochthema des Sommers 2012: Die \u0026ldquo;Facebook\u0026rdquo;-Parties. Spontane und unregulierte Zusammenkünfte von wildfremden Menschen zum Feiern sind der Party-Arm derselben Struktur, die als \u0026ldquo;Anonymous\u0026rdquo; spontan organisierte und unregulierte politische Gewalt ausübt: tatsächlich gibt es Anonymous-Aktionen, die Merkmale von politischem Protest und Facebook-Party zur selben Zeit aufweisen.\nDas erklärt auch die Stärke der Abwehrreaktion aller etablierten und konserativen Interessengruppen gegen Facebook-Parties: den bestehenden Machtgruppen und Organisationen ist die Isomorphie von Facebook-Party und Anonymous-Aktion sehr wohl bewußt, wenn auch nicht unbedingt immer auf einer verbalisierbaren Ebene. Der Kampf gegen Facebook-Parties ist auch der Kampf darum, neue und sich selbst noch nicht bewußte gesellschaftliche Interessengruppen in Form von vereinzelten Personen hinter ihren Gartenzäunen zu halten - es geht darum, die Privatsphäre dieser Leute untereinander zu erzwingen, um keine Konkurrenz zu den eigenen Strukturen entstehen zu lassen.\nAm Ende geht es darum, die Evolution von der Einzelperson über Anonymous zu einer Adhocracy und danach zur Piratenpartei (oder anderen neuen politischen Strukturen) zu erschweren oder gar zu verhindern.\n","date":"2012-08-17T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/17/die-erzwingung-der-privatsphaere.html","tags":["internet","politik","privacy","spackeria","lang_de"],"title":"Die Erzwingung der Privatsphäre"},{"categories":null,"content":"The Religion Virus , Craig A. James, USD 4.75\nDas Buch behandelt Religion, und insbesondere das Christentum als Mem-Komplex, also als ein ideologisches Gen, daß auf unserem Bewußtsein und in unserer Kultur mitreitet. Der Mem-Komplex entwickelt sich dabei nach evolutionären Regeln weiter, indem er mit anderen, verwandten Memen konkurriert, und generell mit allen Ideen um Aufmerksamkeit wettstreitet. Untersucht werden die grundsätzlichen Teil-Meme, die das Judentum und später das Christentum geprägt haben, und dabei an Bibelstellen und der aufgezeichneten objektiven Geschichte des Christentums nachgewiesen, wann und wo diese Meme entstanden sind und wie sie dabei halfen, den Memplex \u0026ldquo;Christentum\u0026rdquo; erfolgreicher und gegen andere Religionen und Ideen durchsetzungsstärker zu machen.\nIn der Aufklärung und der Moderne ist Religion unter Druck geraten und so hat der Memplex Mechanismen entwickeln müssen, mit denen er sich gegen Angriffe und gegen \u0026ldquo;Disbelief\u0026rdquo; wehren kann. Die Mechanismen, mit denen Glaubensgemeinschaften diesen Druck abzuwehren versuchen und sich zu stabilisieren versuchen werden ebenfalls dargestellt und ihre geschichtliche Entwicklung wie auch ihre Wirkmechanismen offengelegt.\nDadurch, daß das Buch die innere ideologische Wirkstruktur von Religionen im Allgemeinen und des Christentums im Besonderen offenlegt, hilft es sehr dabei, Religion und die Argumentationen von religiösen Personen zu verstehen. Ich fand das sehr erhellend.\n","date":"2012-08-17T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/17/fertig-gelesen-the-religion-virus.html","tags":["book","review","media","religion","science","lang_de"],"title":"Fertig gelesen: The Religion Virus"},{"categories":null,"content":"Daten in einer SQL-Datenbank werden in einer Tabelle abgelegt, also einer Struktur mit Spalten, die Namen und in vielen Fällen auch einen Datentyp haben. Eine Tabelle besteht dann aus 0 oder mehr Zeilen, die in dieses Spaltenschema passen.\nFür das Schreiben von Daten möchte man diese dann Normalform bringen, um Anomalien bei Änderungen von Daten zu verhindern und um die Datenmenge kompakt zu halten. Kompakte Daten haben den Vorteil, daß sie von der Datenbank ganz oder in wesentlichen Teilen im Speicher gehalten werden können, sodaß lediglich tatsächliche Schreibzugriffe irgendwann die Platte treffen.\nIn den meisten Fällen wird man Daten nicht übernormalisieren wollen, weil sonst die Rekonstruktion von für die Anwendung nutzbaren Daten zur Laufzeit ziemlich kompliziert wird. Für Datenbanken, die hinreichend volatile Daten enthalten, wird man meistens eine Darstellung in der Nähe der 3. Normalform finden.\nNormalisierte Darstellung von Daten: 1:n-Relation (Ein Hotel kann 0 oder mehr Reviews haben).\nWebanwendungen zeichnen sich häufig dadurch aus, daß sie weitaus mehr Lesezugriffe als Schreibzugriffe haben - Benutzer einer Webanwendung sehen große Datenmengen durch, nehmen aber im Vergleich wenig Änderungen vor: Sie \u0026lsquo;browsen\u0026rsquo;. Daher ist es oft lohnend, Daten für Webanwendungen in eine Form zu bringen, die für Lesezugriffe optimiert ist. Das ist eine Denormalisierung: Die Daten, die für die Darstellung einer einzelnen Webseite benötigt werden, werden ausgejoined und in die von dieser Seite benötigte Form gebracht.\nDies kann zur Laufzeit geschehen und man kann die entsprechende Query in der Datenbank selbst abspeichern, in der Form eines Views:\nCREATE VIEW v AS select ... from t1 join t2 on t1.t1id = t2.t1id where ... In diesem Fall wird jedoch die Join-Operation auf frischen Daten jedesmal durchgeführt, wenn ein Lesezugriff auf den View erfolgt.\nAlternativ speichert man nicht die Query selber, sondern cached auch ihr Resultat in einer Tabelle:\nCREATE TABLE mv AS select ... from t1 join t2 on t1.t1id = t2.t1id where ... und wenn man schlau ist definiert man auch noch ein paar passende Indices da mit drauf. Hier hat man den Resultset der Query materialisiert, und kann nun Anfragen darauf fahren, ohne daß man die Operation zur Generierung des Resultats jedes Mal wieder neu ausführen muß. Das kann - muß aber nicht! - sehr viel schneller sein.\nMaterialized View: Ausgejointe 1:n Beziehung zwischen Hotels und Reviews.\n# JSON-Repräsentation des Join-Ergebnisses { \u0026#34;hotel\u0026#34;: \u0026#34;citizen M\u0026#34;, \u0026#34;location\u0026#34;: ..., reviews: { review: { \u0026#34;score\u0026#34;: 10, \u0026#34;text\u0026#34;: ... }, review: { \u0026#34;score\u0026#34;: 9.8, \u0026#34;text\u0026#34;: ...} } } Der materialisierte Resultset hat den Nachteil, daß er einen Schnappschuß der möglicherweise sehr volatilen Daten zu einem bestimmten Zeitpunkt darstellt und daß die Daten in dem materialisierten View unter Umständen nicht aktuell sind. Viele SQL-Datenbanksysteme stellen elaborate Systeme bereit, um Materialized Views zu definieren und Aktualisierungsregeln dafür zu definieren. Definierbar sind meistens der Zeitpunkt der Aktualisierung - manuell, per Kommando; automatisch nach Fahrplan, auf der Grundlage einer Zeitsteuerung; oder automatisch bei jeder Änderung, ON COMMIT. Definierbar ist oft auch der Änderungsalgorithmus, also eine komplette Neuerstellung des Materialized View von Null, oder ein Einarbeiten der Änderungungen in die bestehenden Daten (\u0026lsquo;Delta-Processing\u0026rsquo;) wo das möglich ist.\nMan ist aber bei der Definition von solchen Systemen gar nicht auf Datenbankmechanismen angewiesen, und tatsächlich ist dies in vielen Fällen auch nicht opportun. Dann nämlich, wenn die zu materialisierenden Datenmengen sehr groß sind, oder wenn der Umwandlungsprozeß aus der normalisieren Darstellung in die denormalisiere Darstellung besser in einer richtigen Programmiersprache statt in SQL dargestellt wird, läßt man den Prozeß besser extern laufen.\nDazu wird man Änderungen an den normalisierten Daten aufzeichnen wollen, damit man dem externen Umwandlungsprozeß die Primärschlüssel der geänderten Zeilen zur Verfügung stellen kann und man einen Delta-Processing Prozeß betreiben kann. Dies kann man mit Triggern in der Datenbank machen, aber das hat zumindest in MySQL den Nachteil, daß es synchron zur Datenänderung ausgeführt wird und so die Schreibzugriffe selber beeinflußt. Alternativ kann man diese Änderungen auch einfach in der Anwendung selber ausführen, wenn man Kontrolle über den Quelltext aller Schreiber auf die normalisierten Daten hat.\nDenormalisierungsmaschine\nEin solches Setup sieht in einem mir bekannten Beispiel so aus, daß eine Quelldatenbank existiert, die in den Hauptspeicher einer Maschine paßt - die Gesamtdatenmenge besteht aus ca. 200GB Daten. Die Datensätze sind relativ klein, rein numerisch: IDs von Entities in anderen Datenbanken und Preisdaten. Die Daten haben eine recht hohe Change-Rate: Externe Bearbeiter und entfernte Systeme ändern die Daten laufend und so schnell, daß es durchaus sinnvoll ist, daß die Darstellung normalisiert und schreiboptimiert erfolgt.\nZur Erzeugung eines read-optimierten Views wurde das System so geändert, daß die schreibenden Prozesse auch die geänderten IDs in einer Work Queue hinterlegen. Von dort greifen ca. 100 Worker parallel die Arbeitsaufträge ab, transformieren die Daten in eine read-optimierte Darstellung und legen das Resultat ihrer Bemühungen in einer anderen, getrennten Datenbankinstanz ab.\nDie Schreibraten, die dabei entstehen, können beachtlich sein: Der Datenbestand wird durch das Ausmultiplizieren der Joins und das Entfalten der verschiedenen Datendimensionen in der Regel sehr viel größer - in dem genannten Beispiel besteht die Denormalisierte Darstellung in der Tat aus vier Maschinen, auf denen die Daten geshardet abgelegt werden und jede dieser vier Maschinen hat ihre Daten auf zwei SSD in einer RAID-0 Konfiguration.\nDie Schreibraten sind insbesondere im Fall einer kompletten Neugenerierung des denormalisierten Bestandes so groß, daß MySQL 5.5 nicht mithalten kann.\nMySQL 5.6 hat verschiedene Lockingprobleme im InnoDB Kern gelöst und kann Redo-Logs größer als 4 GB handhaben. Dadurch kann auf dem oben erwähnten SSD-Setup eine dauerhafte pro Instanz Schreibrate von 150 MB/sec netto (also auf Datenbankseite) erreicht werden, sodaß das ganze System recht entspannt auf eine aggregierte dauerhafte Schreibrate von 600 MB/sec kommt.\nNatürlich ist eine solche Schreibrate zu hoch als daß MySQL Replikation noch mithalten könnte. Man kann dann anfangen, das Schema auf einer Maschine in unabhängige Subschemata zu unterteilen und mit MySQL 5.6 Parallel Replication herum zu experimentieren. Aber wenn man den Code sowieso anfassen muß, dann kann man auch stattdessen in den Queue Workern einfach parallel auf mehrere Instanzen direkt schreiben und Replikation komplett umgehen.\nDie denormalisierte Darstellung ist in unserem Fall geeignet, eine bestimmte Klasse von Abfragen um Größenordnungen zu beschleunigen und - noch wichtiger - bestimmte pathologische Arten von Abfragen genau so schnell auszuführen wie normale Abfragen. Outlier in der Systemleistung werden also eliminiert, eine bestimmte Sorte von Slow Query tritt nie mehr auf.\nAnekdote: Leider ist MySQL 5.6 noch nicht GA und eine der von uns getesteten Versionen hat einen Crash Bug gehabt, den wir zuverlässig triggern konnten. Um das zu debuggen brauchten wir einen Core Dump. Einen 200 GB Core-Dump auf SSD zu schreiben dauert ca. 15 Minuten. Die Redo-Log Recovery von 25-aus-32 GB Redo-Log dauert dann weitere 45 Minuten, nach denen die Datenbank dann wieder produktiv ist.\nAnekdote: Während der Entwicklung haben wir die Generierung sehr oft komplett durchlaufen lassen müssen. Dabei haben wir die volle Schreibrate der SSD tatsächlich über Wochen voll ausgenutzt und uns ist tatsächlich in zwei Kisten die SSD durchgebrannt. Wir haben schon gewitzelt, daß HP Server bauen muß, wo hinten auf so einer Rutsche neue Platten nachrutschen, wenn die aktive SSD als ausgebrannt erkannt wird. Dann kann man per Rechenzentrum einen Heizer haben wie auf einer Dampflok, nur daß der Platten schaufelt statt Kohlen.\nIm Wirkbetrieb normalisiert sich das dann recht schnell auf sinnvolle erwartete Lebensdauern.\nErwartete Lebensdauern für die SSD in einem Beispielrechner.\nTL;DR: Durch Denormalisierung lassen sich Daten read-optimiert speichern, was bei Webanwendungen oft sinnvoll ist. Die führende Darstellung sollte jedoch normalisiert sein, wenn man an seinen Daten hängt. Denormalisierung kann Datenmengen explodieren lassen und bei großen Datenmengen und hohem Churn massiven Hardwareeinsatz erfordern. In diesem Fall führt man die Materialisierung besser außerhalb der Datenbank durch.\nDie architekturellen Kosten dieses Ansatzes sind Update-Verzögerung und eine hohe Schreibrate, die bestimmte Technologien wie MySQL Replikation unattraktiv machen kann.\n","date":"2012-08-15T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/15/materialized-view.html","tags":["mysql","architektur","lang_de"],"title":"Materialized View"},{"categories":null,"content":" ","date":"2012-07-22T00:00:00Z","href":"https://blog.koehntopp.info/2012/07/22/mit-dem-schnuppel-im-tierpark.html","tags":["berlin","image","schnuppel","lang_de"],"title":"Mit dem Schnuppel im Tierpark"},{"categories":null,"content":"Auf Google Plus schreibt Christoph Kappes:\n\u0026ldquo;Haben alle verstanden, dass Rivva tot ist, wenn das #LSR kommt? Redet keiner drüber, hm.\u0026rdquo; Drüben bei Twitter. Hier kann diskutiert werden.\nDas greift viel zu kurz.\nIch schrieb:\nChristoph, ich glaube, Deine Denkweise setzt zu spät an.\nDem Gedanken des LSR zufolge gibt es Content, der dem LSR unterliegt und es gibt Content, der dem LSR nicht unterliegt, weil er nicht von einem Presseverlag im Sinne des LSR generiert wird und daher durch das LSR nicht geschützt wird.\nDas LSR und seine bisher bekannten Umsetzungen definieren jedoch keinen Mechanismus, mit dem Content, der dem LSR unterliegt, in irgendeiner Weise identifizierbar wird. Daher ist es ohne manuelle Recherche auch nicht möglich, LSR-freien Blog-Content einzubinden, da es sich ja um Content handeln könnte, der dem LSR unterliegt.\nEine solche Unterscheidung automatisierbar durchführen zu können wäre auch überhaupt nicht im Sinne der Proponenten des LSR.\nDaher stellt sich die Frage, wie man nach dem Inkrafttreten des bisher bekannten Entwurfes überhaupt irgendwas in Deutschland verlinken soll ohne Gefahr zu laufen, abmahnbar zu werden oder sich passende Lizenzen zu besorgen.?\nund weiter\nDer Default ist komplett falsch.\nInteraktion im Internet lebt davon, daß sie kostenlos (im Sinne von Aufwand) ist. Das LSR definiert jetzt plötzlich Minimum-Transaktionskosten für die Verlinkung, das Zitat und andere extrem grundsätzliche Vernetzung, und droht hohe Strafen (Abmahnung, Juristen-Streß) bei Fehlern an.\nDas Ergebnis muß zwangsläufig ein großflächiges Abtöten von Engagement im deutschen Rechtsraum sein - effektiv ist es ein Todesurteil für jede Form von \u0026lsquo;casual interaction\u0026rsquo; und wird Deutschland Internet-Technisch endgültig aus dem Rennen werfen oder zumindest schwer behindern.?\nEine akzeptable Implementierung des LSR würde verlangen, daß Content auf den das LSR anwendbar ist, markiert ist, etwa durch eine Erweiterung der robots.txt, durch -irgendwas Header oder HTTP-Headerzeilen.\nDer Default muß unbedingt \u0026lsquo;Dieser Content kann ohne Rücksicht auf das LSR genutzt werden\u0026rsquo; bleiben, und die Markierung muß maschinenlesbar bleiben.\nDann aber geht LSR-Content im deutschen Teil des Internet sofort dark, will sagen, alle relevanten Nutzer würden den sofort ausfiltern.\nDas hätten wir aber schon mit einer Zeile in der robots.txt vorher haben können.\nEine Implementierung in irgendwelchen Gesetzen muß also zwangsläufig in etwas enden, das entweder ein NOOP ist oder das Netz in Deutschland tötet.\nIch sehe nicht, wie es einen Mittelweg geben kann, und am Ende hängt es von diesen beiden Eigenschaften ab: Maschinenlesbarkeit und Opt-In ins LSR?\nSiehe auch die Gedanken in Kostenloskultur und ähnliche Überlegungen damals zum JMStV . Es ist ein wesentliches Merkmal des Internet, daß es Interaktion und Kooperation zu minimalen Transaktionskosten zuläßt - Leute können Dinge im Vorübergehen verbessern und zu einer Verbesserung der Welt beitragen. Dies ist die Quelle für alle disruptiven Eigenschaften des Internet - und daher werden wir auch immer wieder Angriffe auf diese Eigenschaft sehen.\nDas LSR ist nur ein weiterer Versuch, kostenlos teurer zu machen.\n","date":"2012-06-25T00:00:00Z","href":"https://blog.koehntopp.info/2012/06/25/wieso-wir-gegen-das-leistungsschutzrecht-sind.html","tags":["lang_de","piraten","copyright"],"title":"Wieso wir gegen das Leistungsschutzrecht sind"},{"categories":null,"content":"Wer Clustern will, der muß erst mal einen solchen haben. Also, einen Cluster von möglichst vielen Rechnern. Die Anforderungen sind dabei klar: Man möchte Hardware haben, die möglichst billig ist - für Serverplatten, Speicher mit Fehlerkorrektur (ECC), und dergleichen Luxus ist kein Geld da, denn man möchte das gesparte Geld lieber in mehr Rechner stecken.\nAlso Billighardware kaufen? Nein! Denn auch die laufenden Kosten möchte man niedrig halten - der Rechner sollte also klein sein, und möglichst geringe laufende Kosten haben, also möglichst wenig Strom aufnehmen und bei möglichst hohen Zuluft-Temperaturen noch funktionieren. Die oben angedeutete Desktop-Kiste wird in dieser Form und mit diesem Formfaktor also niemandem Freude bereiten.\n\u0026ldquo;Klein\u0026rdquo; heißt in unserem Fall, daß wir mehr Schachteln in ein Standard-Rack hinein bekommen, wenig Strom aufnehmen heißt, daß wir wenig Strom bezahlen müssen und wenig Strom dazu verbrauchen, um den in Wärme umgewandelten Strom nach dem Verbrauch per Klimaanlage wieder nach draußen zu schaffen. Und hohe Zuluft-Temperaturen heißt, daß wir dicht packen können und daß wir die Klimaanlage so klein als möglich dimensionieren können, also weniger Strom für Kühlung und mehr Strom für das Rechnen ausgeben können.\nWenn man das Ganze groß genug betreibt - also mit n-stelliger Anzahl von Kisten, dann lohnt es sich, Metriken in Operations/Euro und Operations/Watt sowie Operations/Grundfläche bzw. Kubikmeter aufzustellen und dann auf dem Problem ein wenig linear zu optimieren, damit man möglichst viel Bumms pro Euro kauft.\nWenn man eher mittelständische Haushaltsgrößen ins Auge faßt, dann geht man zu seinem Standard-Hersteller für RZ-Hardware und schaut mal, was die an möglichst einfachen Pizzaschachteln im Angebot haben.\nPizzablech \u0026ldquo;HP DL160 Generation 6\u0026rdquo; für 4 Sorten Käse.\nDieses Blech wiegt etwas über 12 Kilo, ist die üblichen 19\u0026quot; breit, eine Höheneinheit im Rack hoch und etwas unter 70cm tief. Eine Beispielkonfiguration enthielte etwa eine 6-Core CPU, 24 GB RAM, 4 Platten mit jeweils einem Terabyte als JBOD und einen bzw. zwei Gigabit-Netzwerkports, und sie kommt mit ein wenig Gehampel für unter 2000 EUR/Stück. Eine doppelt so hohe Kiste könnte statt 4 Platten deren 12 fassen, und ein damit aufgebauter Cluster hätte weniger CPU und mehr Plattenspeicher.\nDas ist sehr unangestrengte Hardware - wenn man ein wenig mehr Hardcore shoppen geht, dann bekommt man leicht etwas mit größeren Platten für wenig Geld, wahrscheinlich aber auch mit einer schlechteren Ausfallrate. Das ganze Gelöt kommt nun in einige Racks, die wir mit Top-of-Rack Switches sinnvoll in einem separaten Netz zusammenknoten.\nHDFS - Hadoop Filesystem Jetzt haben wir billige Platten von schlechter Qualität als JBOD ohne das geringste bischen Redundanz, die wir einzeln und lokal in irgendein Verzeichnis unsers Servers mounten. HDFS, das Hadoop Filesystem, ist ein verteiltes Dateisystem - es verwendet das vorhandene lokale Dateisystem auf Einzelplatten schlechter Qualität, um daraus schnellen, parallel ansprechbaren und redundanten Speicher im Cluster zu bauen.\nHDFS setzt dabei nur eine begrenzte Zahl von Operationen um - ein HDFS ist kein vollwertiges Dateisystem im Sinne des Posix-Standards, sondern man kann es sich mehr als eine Art verteilten und massiv parallelen FTP-Server vorstellen: Das Dateisystem hat die Operationen GET, PUT und DELETE, sowie neuerdings auch noch APPEND, um Daten an eine bestehende Datei anhängen zu können. Ein SEEK, READ oder WRITE existieren jedoch nicht, Locking auch nicht.\nEntsprechend gibt es HDFS FUSE-Plugins, aber eben nur im Rahmen der Grenzen der Operationen von HDFS.\nEin Hadoop-Datanode\nHDFS startet zu diesem Zweck auf jedem Rechner mit nutzbaren Platten einen Prozeß namens Datanode, und an zentraler Stelle einen Verwaltungsprozeß namens NameNode. Die Namenode kümmert sich um die Verwaltung von Dateinamen und um das Wiederfinden von Blöcken. Sie zerteilt sehr große Dateien in vergleichsweise grobe Schnetzel von 128 MB Größe und speichert dann jeden dieser \u0026ldquo;Blöcke\u0026rdquo; genannten 128 MB-Schnetzel mehrfach auf unterschiedlichen Datanodes ab. Dabei ist es wichtig, sich nicht von der Nomenklatur \u0026ldquo;Block\u0026rdquo; ablenken zu lassen: Ein Block ist ein Stück Datei, das bis zu 128 MB groß sein kann, aber bei kleineren Dateien eben auch kürzer. Es handelt sich nicht um Blöcke fester Größe wie bei einem richtigen Dateissystem.\nHDFS speichert die Daten auch nicht selbst ab: Es verwendet ein lokales Dateisystem, zum Beispiel Linux ext4 oder xfs, um Dateien lokal zu verwalten und liefert nur eine einheitliche Clustersicht auf die Dinge. HDFS kümmert sich also nur um die verteilten Aspekte des Dateisystems, und überläßt jedem lokalen Knoten die Arbeit, das tatsächlich irgendwo auf eine Platte zu malen.\n[root@hadoop-115 finalized]# pwd /srv/hadoop/data01/dfs/dn/current/BP-1321238634-10.196.68.149-1338912643577/current/finalized [root@hadoop-115 finalized]# ls -lh blk_1025864654234871634* -rw------- 1 hdfs hdfs 128M Jun 6 13:37 blk_1025864654234871634 -rw------- 1 hdfs hdfs 1.1M Jun 6 13:37 blk_1025864654234871634_8941.meta Das Mountschema im Beispiel ist /srv/hadoop/data{n}. Auf jeder lokalen Platte gibt es einen Ordner /dfs/dn (Distributed Filesystem, Datanode), in dem die Blöcke abgelegt werden. Wir sehen hier irgendeinen namenlosen 128 MB Block und die Metadaten zu diesem Block. Man braucht die Daten der Namenode, um aus diesen Dateifetzen wieder sinnvoll benannte und eingereihte Dateien zusammenzusetzen.\nDabei geht das System durchaus pfiffig vor.\nZum einen will man ja, daß die Daten redundant gespeichert sind. Daher werden per Default 3 Kopien von jedem Block angelegt, und natürlich liegt jede Kopie auf einer anderen Maschine. Tatsächlich kann man in die Namenode einen Rackverteilungsplan einpflegen und dann sorgt die Namenode auch dafür, daß zwei der Kopien vergleichsweise dicht beeinander liegen und eine weiter entfernt, in einem anderen Rack. So ist sichergestellt, daß immer mindestens eine Kopie der Daten erhalten bleibt - auch dann, wenn mal ein ganzes Rack umfällt, der Switch oben im Rack verendet oder ein Sack fehlgeschlagener Kernelupdates einen Teil der Rechenzentrums-Population auslöscht.\nEin Schreibzugriff in ein HDFS hinein.\nZum anderen will man auch, daß der ganze Kram parallel abläuft. Daher führt die Namenode die Schreibvorgänge weder durch noch koordiniert sie diese. Sie dient lediglich als Verzeichnisdienst: Sie sagt dem Client, wo ein Block hingeschrieben wird, und der Client sendet diesen Block an die entsprechende Datanode. Diese schreibt ihn lokal und reicht in an die zweite Datanode weiter - dieser Traffic ist aber Rack-intern. Die zweite Datanode schreibt sich den Block ebenfalls auf eine Platte und reicht ihn nun über die Rackgrenze und die damit involvierten Switches hinweg an eine Node in einem anderen Rack weiter, die den Block ebenfalls noch ein drittes Mal schreibt. Die Bestätigungen für diese Operationen laufen denselben Weg den sie gekommen sind wieder zurück (und gehen parallel dazu auch noch einmal an die Namenode) und so weiß der Client, wenn er eine Bestätigung gesehen hat, daß alles geklappt hat und der Block jetzt redundant und persistent gespeichert ist.\nDa wir von jedem Block 3 Kopien anlegen, bedeutet das natürlich, daß wir für ein Terabyte Nutzdaten 3 Terabyte Plattenplatz (und ein wenig Metadaten) wegnaschen.\nHadoop versucht außerdem, die Blöcke einer Datei möglichst breit über den Cluster zu schmieren, also eine Datei über möglichst viele Datanodes zu verteilen. Das hat einerseits Geschwindigkeitsvorteile, wenn man parallel schreibt, andererseits macht es die spätere Verarbeitung der Daten schneller.\nSo können wir eine Datei zum Beispiel lesen, indem wir bei der Namenode eine Blockliste für die gesuchte Datei anfordern und dann parallel von allen Nodes, die die Daten haben, aus dem Netzwerk laden. Mehr Knoten bedeutet hier mehr CPUs und mehr Plattenspindeln, also mehr Speed. Das ist besonders dann interessant, wenn Daten von einem Cluster zu einem anderen kopiert werden - so eine massiv parallele Datenverschiebung bringt jede Netzwerkinfrastruktur an die Sättigungsgrenze. Und das, obwohl wir billige Einzelkomponenten eingekauft haben.\nDer Punkt ist, daß HDFS diesen Komponenten nicht traut: Datanodes müssen sich alle paar Sekunden bei ihrer Namenode per TCP Heartbeat melden, und in regelmäßigen Abständen auch Blockreports machen - dadurch weiß die Namenode, welche Blocks zu welcher Platte in einer Datanode gehören, wieviel freier Platz vorhanden ist usw.\nFällt eine von den Datanodes um oder geht auch nur eine Platte in der Datanode offline, geht die Namenode los und weist die überlebenden Datanodes für einen Block an, die notwendige Anzahl von Blockkopien wieder herzustellen - der Cluster flackert kurz mit den Plattenlampen und alles ist wieder gut - sogar, falls irgend möglich, im Rahmen der Redundanzregeln des Rackverteilungsplans.\nIrgendwann später schickt man einen Azubi mit einem Einkaufskorb voller Austauschplatten, Gehörschutz und dem Auftrag auszumisten in das RZ und danach stimmt die Clusterkapazität wieder.\nWas passiert, wenn eine Platte in einer Datanode nicht umfällt, sondern schimmelig wird und die Daten darauf verändert? HDFS speichert großzügig Prüfsummen an jedem Objekt und würde dies vergleichsweise schnell mitbekommen - entweder beim nächsten Zugriff oder wenn der Cluster sich langweilt und aus Verlegenheit sowieso mal seine Prüfsummen durchprüft. Blöcke mit kaputten Prüfsummen werden kurzerhand abgemurkst, dann stimmt aber die Anzahl der Kopien für diesen Block nicht mehr und die Namenode wird tätig wie oben, um diese Situation zu korrigieren.\n","date":"2012-06-11T00:00:00Z","href":"https://blog.koehntopp.info/2012/06/11/hdfs-billig-im-cluster-speichern.html","tags":["cluster","computer","hadoop","lang_de"],"title":"HDFS - billig im Cluster speichern"},{"categories":null,"content":"Sergei Skorobogatov von der Uni Cambridge kündigt sein neues Paper an, das jedoch erst im September veröffentlicht werden wird (PDF ):\n\u0026ldquo;Breakthrough silicon scanning discovers backdoor in military chip\u0026rdquo; will appear at CHES2012 in September. It will expose some serious security issues in the devices which are supposed to be unbreakable.\nEs geht um Krypto, die in Hardware implementiert ist, und man hat Chips untersucht, die in aktueller militärischer Hardware eingesetzt werden, indem man Reverse Engineering-Techniken auf diese Hardware angewendet hat und das so gewonnenene Design gegen die Spezifikation verglichen hat. Die anderen Artikel auf der Seite legen nahe, daß es sich um ein FPGA handelt, bei dem man festgestellt hat, daß es neben dem durch den legitimen Benutzer verwendeten Key auch noch einen zweiten festen Key besitzt, der verwendet werden kann, den Chip aufzuschließen oder herunterzufahren, auch wenn er durch den legitimen Benutzerschlüssel versiegelt worden ist.\nDie weitere Berichterstattung legt nahe, daß das Teil in so ziemlich jeder militärischen Hardware und kritischen Infrastruktur verbaut worden ist, die sich finden läßt und daß man jetzt erst mal am Schwitzen ist, weil man dieser Hardware (und auch aller anderen importierten Hardware) so gar nicht mehr trauen mag. Andererseits sind die USA etwa durch die Deindustriealisierung zum Teil gar nicht mehr in der Lage, alle für solche Systeme notwendigen Komponenten selbst zu fertigen - eine unangenehme Situation, wenn man Kriege führen möchte.\nDie gefundene Backdoor erscheint mir jedoch ziemlich primitiv und wenig entwickelt, und sie wirft für den Hersteller der Hardware oder - falls verantwortlich - seine Regierung ebenso viele Probleme auf wie für die betroffenen.\nEs ist ja klar, daß man als Hersteller von solcher Hardware in den Exportversionen seiner Milspec Hardware irgendwelche Kontrollmöglichkeiten haben möchte, falls das Zeugs einmal gegen einen selbst gerichtet wird. Aber nicht nur will man, daß die Backdoor schwer entdeckbar bleibt, solange sie nicht verwendet wird. Sondern eigentlich möchte man, daß sie selbst dann glaubwürdig geleugnet werden kann, wenn sie eingesetzt worden ist und der Einsatz danach bekannt wird (plausible denial ). Die ideale Backdoor sieht also aus wie ein Programmierfehler (\u0026ldquo;Bugdoor\u0026rdquo;) oder ein dummes Versehen - ein vergessener Permission-Check, verdrehte Parameter oder vertauschte Logik.\nDer zweite Code im FPGA erfüllt diese Bedingung nicht. Er wäre lediglich mit demselben Argument zu \u0026lsquo;rechtfertigen\u0026rsquo;, mit dem auch Default-Systempaßworte oder einheitliche Wartungszugänge in DSL-Router und andere Hardware eingebaut wird (\u0026lsquo;Unser Kundendienst muß in der Lage sein, wieder an ihre Daten zu kommen, wenn Sie die Hardware zerkonfiguriert haben.\u0026rsquo;) Wir reden hier allerdings von Milspec-Hardware, da hat man dieses Verlangen offiziell eher nicht.\nEs ist auch ein Risiko, daß eine solche Hintertür durch Dritte entdeckt und kompromittiert wird. Es ist blöd, wenn die Nutzung dieser Hintertür auf allen betroffenen Systemen einfach und auf dieselbe Weise möglich ist. Am Besten wäre es, wenn die Funktion der Hintertür an eine Variable gekoppelt ist, die instanz-spezifisch ist, aber dennoch von außen erratbar wäre.\nDie oben erwähnten FPGA haben diese Eigenschaft nicht - es scheint mir nach dem Lesen der wenigen gesicherten Informationen so zu sein, als könne man alle Instanzen dieses Chips mit demselben festen Zweitschlüssel öffnen. Damit hat man für sich und seinen Gegner ein riesiges Managementproblem geschaffen, weil nun dessen Infrastruktur durch jeden Dritten und seinen Hund angreifbar ist - es ist ja ausreichend, daß man jetzt weiß, daß es so eine Hintertür gibt. Sich dann den Schlüssel selber zu beschaffen ist eine Aufgabe mit überschaubaren Kosten und Aufwand für einen APT .\nAlles in allem ist das keine gute Hintertür, weil sie alleine schon durch diesen einen vagen Artikel umfassend kompromittiert worden ist und zu einem unkalkulierbaren Risiko für den Angreifer und den Verteidiger wird, weil sie nun jede Menge dritte Spieler aktiviert.\n","date":"2012-05-28T00:00:00Z","href":"https://blog.koehntopp.info/2012/05/28/backdoor.html","tags":["hack","security","lang_de"],"title":"Backdoor"},{"categories":null,"content":"\u0026ldquo;Kris\u0026rdquo;, fragt man mich, \u0026ldquo;Kris, gibt es außer \u0026lsquo;Volltextsuche\u0026rsquo; noch andere Gründe, für neue Anwendungen noch MyISAM zu verwenden? Im konkreten Fall geht es um eine verhältnismäßig einfache Datenstruktur, in die nur streng sequenziell geschrieben wird, nie gelöscht wird und viel und kreativ gelesen wird.\u0026rdquo; Na, das ist doch mal ein weites Feld.\nTeile davon habe ich in Ein paar Gedanken zu Zeitreihendaten und Wie man einen Graph plottet ja schon beackert.\nAber gut. \u0026lsquo;Streng sequentiell geschrieben\u0026rsquo; heißt, wir haben eine Datenstruktur, die immer genau am \u0026lsquo;Ende\u0026rsquo; einer Tabelle Daten anfügt, also eine Logtabelle. \u0026lsquo;Nie gelöscht\u0026rsquo; heißt nur \u0026lsquo;Wir haben uns noch keine Gedanken über Data Lifecycle Management gemacht\u0026rsquo;. Und \u0026lsquo;kreativ gelesen\u0026rsquo; heißt nur \u0026lsquo;Wir haben uns unter anderem deswegen noch keine Gedanken über Data Lifecycle Management gemacht, weil unsere Metriken noch nicht definiert sind\u0026rsquo;.\nDas ist legitim. Aber fangen wir rückwärts an.\nData Lifecycle Management Die meisten Systeme arbeiten transaktional und generieren Daten in einem Online Transaction Processing System. Das sind Systeme, in denen Daten normalerweise halbwegs normalisiert vorliegen. Meistens in der Nähe der 3NF (Internet-kompatible Erklärung mit Katzen . Diese Strukturen sind populär, weil sie zum Verändern und Beschreiben optimiert sind.\nIn den meisten dieser Systeme stecken kleine Data Warehouses, die über die Zeit wachsen und dann heraus wollen. Zum Beispiel hat ziemlich jeder Webshop ein Orderlog mit Bestellungen, die in normalisierter Form auf den Besteller in der Kundentabelle und die bestellten Artikel in der Artikeltabelle verweisen würden. Nach der Bearbeitung der Bestellung, der Auslieferung und der Bezahlung werden diese Einträge inaktiv und brauchen eigentlich nicht mehr in der Shopdatenbank zu stehen.\nGenau so hat ein Monitoring-System eine Datenstruktur, in der Testvorschriften in Testergebnisse umgewandelt werden, fehlgeschlagene Tests in Alarme umgesetzt werden und versendete offene Alarme durch Markierung durch die Admins in erledigte Alarme umgewandelt werden. Am Ende der Lebensdauer eines solchen Vorfalls braucht der Alarm eigentlich nicht mehr im Alarmlog des Monitoringsystems zu stehen.\nAnfangs ist das kein Problem, da es nur wenige Bestellungen oder erledigte Alarme gibt, aber über die Lebensdauer und das Wachstum des Systems werden das mehr und mehr Daten, die sich ansammeln. Generell kann man solche Daten leicht identifizieren, indem man sich das Datenmodell anschaut und sich überlegt, welche Tabellen wachsen, wenn alle Eingangsparameter (Anzahl der Kunden, Anzahl der Artikel, oder Anzahl der überwachten Rechner, der fehlgeschlagenen Tests usw) gleich bleiben. Solche wachsenden Tabellen haben oft eine Primärschlüsselkomponente, die eine Zeitangabe oder ein Zähler ist.\nFür diese Tabellen braucht man einen Prozeß, der erledigte Fälle erkennt und aus dem primären System in regelmäßigen Intervallen entfernt.\nDie Daten müssen dabei außerdem denormalisiert werden. Denn Anschriften von Kunden, Preise und Beschreibungen von Artikeln oder die Funktionen von überwachten Systemen ändern sich. In unseren Auswertungen wollen wir aber wissen, wohin wir den Artikel damals geliefert haben und was wir damals kassiert haben und nicht, wo der Kunde jetzt wohnt oder was das Teil jetzt gerade kostet. Und so können wir nicht die kunde_id, artikel_id oder system_id archivieren, sondern wir müssen diese Dinge auflösen und die tatsächliche Kundenanschrift (oder seine Postleitzahl) archivieren, und die tatsächliche Artikelbezeichnung, Farbe und so weiter.\nDabei läuft man in eine Reihe von interessanten Problemen, weil die Daten, die man speichern und auswerten will, eventuell gar nicht die Daten sind, die nach der Denormalisierung vorliegen: In den Auswertungen interessiert gar nicht, daß der Kunde damals im Knooper Weg 46, 24103 Kiel gewohnt hat, sondern nur, daß er in 24xxx gewohnt hat, weil man am Ende eine Statistik von Umsätzen nach Postleitzahlen über Zeit haben will. Und es interessiert auch nicht, daß eine \u0026lsquo;viktorianische Damenbluse\u0026rsquo; in \u0026lsquo;Aprikose\u0026rsquo; verkauft worden ist, sondern die Auswertung will nach Blusen oder gar nur nach Damenoberbekleidung gruppieren. Und in der Auswertung gibt es vielleicht nur 16 Farben und Aprikose ist eine Frucht, also muß man auch hier die Modenamen von Farben in jeder Saison auf irgendwelche RGB-Codes mappen und diese dann in Töpfen gruppieren.\nDiesen Prozeß der Denormalisierung, Attributextraktion und Neugruppierung nennt man man Extract, Transform, Load , und er ist etwas, mit dem man sich beim Schreiben einer OLTP-Anwendung beim besten Willen nicht befassen kann und will, weil man ganz andere Probleme hat und ja auch mal fertig werden will, damit man dem Kunden endlich seine Blusen und Monitoring SMS andrehen kann (Ein primitives Beispiel ).\nEs ist also nicht nur üblich, daß in jeder OLTP-Anwendung ein Data Warehouse steckt, das raus will, sondern auch vollkommen normal und gut so.\nDennoch geht so etwas auf die Performance, und außerdem will ein Betrieb mit funktionierenden Managementstrukturen irgendwann auch mal quantitativ gemanagete Prozesse haben und braucht dafür geeignete Metriken.\nETL des Orderlogs in eine Faktentabelle, dabei Denormalisierung (Binning nicht eingezeichnet).\nDann setzt man sich hin, überlegt sich, was man für Zeugs aus dem OLTP-System ETL\u0026rsquo;t gekommt und was man davon in welcher Form archivieren will. Im Ergebnis bekommt man einen Strom von zu archivierenden Attributen, die sich aus der Auflösung von Primärschlüsseln in der OLTP-Datenbank ergeben: artikel_ids werden zu Bezeichnungen, Preisen und Warengruppen von Artikeln, kunden_ids werden zu Anschriften, Postleitzahlen, server_ids werden zu Leistungsdaten und Systemgruppen von Servern, und Fehlercodes werden zu Fehlermeldungen und Fehlergruppen von Störungen.\nAlle diese Dinge gehen in Faktentabellen, die in der Regel eine Zeitdimension haben. Häufig wendet man dabei schon Key Compression an, wie in Ein paar Gedanken zu Zeitreihendaten beschrieben, um das Volumen der Daten halbwegs überschaubar zu halten.\nUnd in einem nächsten Schritt erzeugt man dann Aggregationen, die die relativ freien Faktendaten gruppieren und in Zählkörbe entlang einer Maßdimension verteilen (\u0026lsquo;binning\u0026rsquo;).\nBei dem Shop kann man entlang Warengruppen vereinfachen (\u0026lsquo;viktorianische Bluse\u0026rsquo; -\u0026gt; DOB), entlang Größen (S/M/L/XL), Preisgruppen (\u0026lt;10 EUR, \u0026lt;20 EUR, \u0026hellip;) und Farben (Aprikose -\u0026gt; Rot-Töne, Frühlingspalette, \u0026hellip;). Ebenso kann man Kunden klassifizieren und aggregieren , damit man überhaupt eine statistische Basis für eine Auswertung bekommt.\nHäufig wird man die Faktendaten nach dem Binning gar nicht mehr brauchen, außer man nimmt Veränderungen an der Definition der Bins vor oder will gar eine ganz neue Dimension erzeugen. Dann ist es für eine solche Reklassifizierung unabdingbar, daß man die Fakten noch einmal durchlaufen läßt, um die Aggregate zu aktualisieren. In den meisten Data Warehouses geht man Speicherkompromisse ein, und hält die Aggregate \u0026lsquo;unbegrenzt\u0026rsquo; (also länger als 10 Jahre :-) und die Fakten kürzer (je nach Storage-Kapazität - am Ende muß jemand das Geld für den Plattenplatz bewilligen und man muß ökonomische Kompromisse eingehen).\nMit den Fakten kann man dann manuelle Analysen fahren oder Machine Learning anwerfen, um zu versuchen, Korrelationen zu finden und einen Klassifikator zu bauen.\nDen Fall \u0026rsquo;nie gelöscht\u0026rsquo; gibt es in der Regel bei nennenswerten Datensammlungen eher nicht, oder wenn doch, dann liegen die eigentlichen Fakten relativ wenig genutzt irgendwo in einer Backup-Ecke (und niemand würde sie vermissen, löschte man sie), weil man sich eher mit den generierten Klassifikatoren beschäftigt oder allenfalls noch einmal mit den Dimensionen, entlang derer man versucht, eine solche Korrelation zu finden.\nLogging, Locking und MyISAM Man will so ein Logging in Faktentabellen unbedingt von dem operativen Betrieb des OLTP-Systems trennen. Die Datenbanken mit Lognatur sind also von den Datenbanken mit wahlfreiem Zugriff trennen, denn zu unterschiedlich sind die physischen Zugriffsmuster, der Speicherbedarf, die Anforderungen an Verfügbarkeit und viele andere Dinge, die auf die Systemleistung Einfluß haben. \u0026lsquo;Trennen\u0026rsquo; heißt hier idealerweise \u0026lsquo;anderes Blech\u0026rsquo;, weil es sonst auch hintenrum durch die Virtualisierung hindurch zu unangenehmen Übersprecheffekten kommen kann. Um so etwas auseinander zu sortieren braucht man einen Debug-Virtuosen mit Zugriff auf alle Komponenten der Wirkungskette - und solche Personen sind in der Regel teurer als zusätzliche Hardware.\nLoggt man in eine MyISAM-Tabelle, dann loggt man eine Datenstruktur mit Table Locks: MyISAM hat für jede Tabelle entweder den Zustand \u0026lsquo;frei\u0026rsquo; (idle), \u0026lsquo;shared access\u0026rsquo; (ein oder mehrere konkurrente Lesezugriffe) oder \u0026rsquo;exclusive access\u0026rsquo; (genau ein Writer). Es gibt noch den Sonderfall \u0026lsquo;concurrent inserts\u0026rsquo;, aber der hat auch seine eigenen Probleme und erzeugt in der Hälfte aller Fälle mehr Probleme als er hilft.\nDiese Table Locks haben emergente Effekte im Betrieb. Die Regeln sind eigentlich simpel: Wir können nur ENTWEDER Daten loggen ODER geloggte Daten abfragen. Per Default haben bereits laufende Abfragen Vorrang vor allem anderen - MyISAM wird niemals eine bereits laufende Query von sich aus abbrechen. Die nächste Vorrangstufe haben Schreibzugriffe und auf der letzten Ebene liegen Lesezugriffe.\nEin INSERT in MyISAM braucht eine gewisse Zeit (im Bereich von einer Millisekunde) und so kommt man mit einzelnen INSERT-Statements auf etwa 700 Operationen pro Sekunde für handelsübliche Hardware mit rotierendem Rost. Andere Konfigurationen können sich anders, aber nicht zwangsläufig schneller verhalten - Locking kann sehr interessante Debugsituationen erzeugen.\nOb das INSERT durchkommt hängt in erster Linie davon ab, ob schon eine Query läuft. Wenn länger laufende SELECT-Statements auf der Tabelle aktiv sind, dann haben diese bereits ein Lock und MySQL wird bereits laufende Queries nicht von sich aus unterbrechen. In der Praxis sieht man meist einen Mix von schnellen SELECT-Statements mit einem oder zwei schlecht zu optimierenden, langsam laufenden Queries dazwischen.\nAlles dies läuft ohne Probleme bis eine schreibende Query das exklusive Lock anfordert. Diese Query kann das Lock nicht bekommen, weil mindestens eine lesende Query bereits ein Lock auf der Tabelle hat. Die Schreibquery, zum Beispiel ein INSERT, stellt sich nun mit dem Status \u0026lsquo;Locked\u0026rsquo; in die Prozeßliste und wartet.\nIn Folge werden alle weiteren SELECT-Statements, die ja niedrigere Priorität haben als das INSERT, von dem wartenden INSERT auch in den Wartezustand geschickt - sie hängen ebenfalls \u0026lsquo;Locked\u0026rsquo; in der Prozeßliste und warten darauf, daß das INSERT fertig wird.\nIrgendwann enden alle bereits laufenden SELECT-Queries und geben ihre Locks auf der Tabelle auf. Das INSERT-Statement wacht aus seinem \u0026lsquo;Locked\u0026rsquo; auf und ist binnen einer Millisekunde erledigt. Jetzt können auch alle im Zustand \u0026lsquo;Locked\u0026rsquo; hängenden SELECT-Statements abgearbeitet werden. Die meisten von ihnen sind schnell beendet, da sie gut optimiert sind. Nur eine von diesen wartenden Queries ist komplizierter, nicht gut optimierbar und braucht länger. Während sie läuft tritt das nächste INSERT-Statement auf\u0026hellip;.\nDiese schwallartige Abarbeitung von SELECT-Queries nennt man MyISAM-Interlocking. Sie wird zwar durch die Logik der MyISAM-Table Locks gefördert, hat aber ihre Ursache nur mittelbar in der Hierarchie von Locks, und sie ist auch durch Umpriorisierung nicht zu lösen. Die eigentliche Ursache liegt in konkurrenten schreibenden und lesenden Zugriffen und das ist nur durch eine Datenstruktur mit weniger oder ganz ohne Locks in den Griff zu bekommen.\nMan braucht Multi Value Concurrency Control (MVCC) und InnoDB.\nWeitere Anmerkungen zu MyISAM Es sei an dieser Stelle noch einmal ausdrücklich darauf hingewiesen, daß solche Lockingeffekte ausgesprochen nichtlinear sind. Solange sie nicht auftreten, treten sie nicht auf (sic!). Sie sind vollkommen unspürbar und nicht leicht vorherzusagen - außer, man hat sie schon mal gesehen und weiß [http://www.amazon.de/Guerrilla-Capacity-Planning-Tactical-Applications/dp/3540261389](wie man sie modelliert). Wenn sie erst einmal auftreten, dann sind sie selbstverstärkend und bei weiter steigender Last steht das System binnen kürzester Zeit mit einer überlaufenden Prozessliste da.\nDas ist der Grund, warum ich im Rootforum und andernorts auf die Frage \u0026lsquo;Meine Apache/PHP sagt, er könne sich nicht mehr an die Datenbank verbinden, weil die Connections alle sind\u0026rsquo; nicht mehr antworte: \u0026lsquo;Setze max_connections herauf\u0026rsquo; ist nicht die korrekte oder auch nur eine hilfreiche Antwort. Eine wirklich hilfreiche Antwort hätte nicht nur Buchumfang oder das Format eines längeren Consulting-Einsatzes, sondern der Fragesteller will sie auch nicht hören oder ist typischerweise nicht gut vorbereitet, sie zu verstehen.\nMyISAM ist in Situationen, in denen mit genau einem Thread geschrieben wird und Reads vollkommen abwesend sind, extrem gut und schnell in der Lage, Daten zu laden: Die Ladegeschwindigkeit von MyISAM ist in solchen Situationen extrem hoch und nahezu konstant und von der Datengröße unabhängig - vorausgesetzt man ist schlau genug ist, Indices zu disablen und nach dem Ende des Loads einmal gesammelt aufzubauen. Leider ist das kein sehr typischer Anwendungsfall.\nMan kann den Anwendungsfall \u0026rsquo;typischer\u0026rsquo; machen oder versuchen, daß heiße, schreibende Ende der Tabelle besser zu isolieren, indem man in kleine Tabellen mit temporalen Namen lädt und die Abfragen dann nur auf alten, inerten Daten macht. Auf diese Weise kommen sich Schreib- und Lesezugriffe nicht ins Gehege: Der Load erfolgt in logging_20120528_1401 und die Abfragen dann auf alten, kalten Tabellen. Dadurch hat man einen Monitoring-Lag von einer Einheit (also hier im Beispiel von einer Minute).\nMyISAM-Daten lassen sich auch offline packen: Indem man eine Tabelle mit \u0026ldquo;RENAME TABLE work.logging_20120528_1401 offline.logging_\u0026hellip;\u0026rdquo; in einen Bereich verschiebt, in dem auf Grund der GRANTs kein Teil der Anwendung Zugriff hat, kann man dann mit \u0026ldquo;FLUSH TABLES offline.logging\u0026hellip; \u0026rdquo; ein Schließen der Filehandles zu dieser Tabelle erzwingen und sicher sein, daß die Filehandles auch zu bleiben.\nNun kann man von außen \u0026ldquo;myisampack\u0026rdquo; anwenden, um die MYD-Datei zu packen und dann mit \u0026ldquo;myisamchk\u0026rdquo; die Indices neu aufbauen. Das Resultat ist eine komprimierte (also deutlich kleinere) read-only Version der Tabelle, die nun mit \u0026ldquo;RENAME TABLE offline.logging\u0026hellip; work.logging\u0026hellip;\u0026rdquo; in die Produktion zurück verschoben werden kann. Die resultierenden Tabellen sind nicht nur gepackt (das könnte die ARCHIVE-Engine auch), sondern sie haben auch nutzbare Indices.\nIn MySQL hat man seit MySQL 5.1 die Option, das general_log und das slow_query_log statt als traditionelle Logfiles als CSV- (default) oder MyISAM-Tabellen (optional) in mysql.* zu realisieren. Nach den Ausführungen oben kann man sich leicht überlegen, wieso ein solches Log als MyISAM-Tabelle ineffizient ist (Lösungshinweis: MySQL ist ein Multithreaded Server, jeder Thread kann Logevents generieren).\nMit Kenntnis von \u0026ldquo;a\u0026rdquo; (O_APPEND in open(2)) kann man sich das Verhalten von CSV-Dateien oder normalen Logdateien im Vergleich überlegen: Wie ist sichergestellt, daß auch bei konkurrenten Log-Events einem Multithreaded-Server ein CSV-Record geschrieben wird, ohne daß sich Daten von einem anderen Log-Event da hinein überschneiden? Wie ist sichergestellt, daß CSV adäquat performiert?\nInnoDB und konkurrente Zugriffe Lädt man Daten multithreaded oder hat man auch auf der heißen, aktiven Tabelle am Ende des Logs Lesezugriffe, weil man sich die Auwerteverzögerung nicht leisten kann, dann ist MyISAM vollkommen unbrauchbar. Und das wie bereits erwähnt relativ schlagartig, da Locks sich in der Regel stark nicht-linear zuziehen. In diesem Fall muß man seine Logtabelle als InnoDB-Tabelle realisieren, und dabei die interne Struktur von InnoDB und ihre Rückwirkungen auf die Performance im Auge behalten.\nInnoDB-Tabellen sind nach Primärschlüssel geordnet. Das bedeutet erst einmal, daß man einen solchen definieren muß, damit keine schlimmen Dinge passieren . Wählt man den Primary Key so, daß die Daten physikalisch in der Reihenfolge des Schreibens angeordnet werden, muß man sich über den Change Buffer und seine Performanceimplikationen im Klaren sein.\nGenerell muß man damit rechnen, daß dieselben Daten in InnoDB 2-3 mal mehr Platz auf der Platte und im Speicher belegen als in MyISAM. Zwar kann man auch in InnoDB Compression aktivieren, und im Gegensatz zu MyISAM sind komprimierte InnoDB-Tables sogar normal beschreibbar. Dennoch braucht auch eine komprimierte InnoDB-Tabelle noch deutlich mehr Platz als eine komprimierte MyISAM-Tabelle. Das liegt einerseits am Verwaltungsoverhead von InnoDB (MVCC braucht ca. 20 Bytes pro Row zur Verwaltung), und andererseits an dem in den InnoDB Pages zwangsläufig vorhandenem freien Platz: jede InnoDB-Page enthält eine gewisse Menge freien Platz, die Updates an Ort und Stelle auch bei wachsenden Daten ermöglicht. Wäre das nicht so, würde jede Änderung an den Daten zu Seitenüberläufen und einem Rebalancing des B-Baumes auf der Platte führen.\nEin praktisches Beispiel und die Folgerungen Das \u0026lsquo;Eventlog\u0026rsquo;-System ist eine interne Entwicklung meines Arbeitgebers, das man am grob mit \u0026rsquo;ein Business-Level Logsystem, das dem Syslog auf Systemebene noch am ehesten entspricht\u0026rsquo; beschreiben kann. Eventlog generiert gigantische Datenmenge, da so gut wie jede Systemkomponente Daten an die Eventlog Listener sendet. Die Listener bearbeiten die Daten in mannigfaltiger Weise, aber am Ende langen sie in einer Datenbank.\nDies war vor geraumer Zeit ein MyISAM, und die MyISAM-Dateien sind nach einer Woche wie oben beschrieben gepackt worden. Nachdem die Load auf dem Eventlog so groß geworden ist, daß das System durch Zuziehen der MyISAM Write-Locks auf den heißen Tabellen Performanceprobleme bekam, haben wir die heißen Tabellen auf InnoDB umgestellt und konvertieren jetzt nach einer Woche in compressed MyISAM.\nProblem sind nun eher die laufenden Aggregationen, die schon vor langer Zeit dadurch begrenzt wurden, daß jede einzelne Query in MySQL immer nur mit einem Core arbeiten kann. Durch Auslagern der Aggregationen aus der Datenbank in Clients und durch geschickte Programmierung der Clients kann nun über mehrere Cores und sogar mehrere Maschinen parallel aggregiert werden.\nDies ist jedoch ein unangemessener Programmieraufwand. Tatsächlich wird dieses System durch einen kleinen Hadoop Cluster mit Hive und Flume abgelöst.\nHadoop HDFS speichert Dateien, die danach Immutable sind - neueres HDFS hat jedoch einen Append Mode für diese Daten. Auf diese Weise können die Daten auf JBOD redundant gespeichert werden und man braucht sich nicht mehr um Storage und seine Kosten zu sorgen.\nHadoop MapReduce erlaubt es, Auswertunge auf diesen Daten automatisch intern konkurrent zu fahren.\nDafür Code zu schreiben ist jedoch unangemessen, daher kommt Hive oben drauf - Hive kompiliert Anfragen in einem SQLishen Dialekt in Java Sourcecode, der auf dem Hadoop MapReduce Framework parallel ausgeführt werden kann. Die Beschleunigung ist dabei nahezu linear - Hive-Anfragen wurden auf einem 5-Blade-Cluster mit 60 Cores in etwa 56 mal schneller ausgeführt als die identische Query auf einem MySQL. Mit HiveODBC können die Analysten dabei ihr bestehendes Tooling weiterverwenden - für sie wird nur das Backend sehr viel schneller.\nFlume ist ein Framework, daß Logdaten live transformieren, voraggregieren und in Hadoop/Hive laden kann.\nDie Kombination wird die Performance- und Skalierungsprobleme von Eventlogging grundsätzlich lösen und die MyISAM und InnoDB inhärenten Probleme durch neue, aufregende und bisher noch unbekannte Probleme ersetzen - und wie wir erwarten, auf einem höheren Level.\n","date":"2012-05-28T00:00:00Z","href":"https://blog.koehntopp.info/2012/05/28/logging.html","tags":["database","hadoop","mysql","lang_de"],"title":"Logging"},{"categories":null,"content":"In Nur bedingt abwehrbereit schreibt Peter Welchering über die Wirksamkeit oder Unwirksamkeit von Antivirenprogrammen. Dabei geht es auch um den \u0026ldquo;Schutzlevel\u0026rdquo; von Antivirenprogrammen, wie immer der genau definiert ist. Ich lese unter Schmerzen:\nEinen 99-prozentigen Schutz verspricht Marco Preuß vom Antivirenhersteller Kaspersky. Auf 35 bis 96 Prozent taxieren die Softwaretester der „Stiftung Warentest“ das Schutzniveau von Antivirenprogrammen.\nIn einem früheren Leben vor vielen Jahren war ich einmal Securityfuzzi in einem größeren Internetladen, und hatte in dieser Eigenschaft gelegentlich mit Viren und ihrer Verbreitung zu tun, etwa die SOBIG -Welle und einige andere, vergleichbare Teile.\nViele moderne Viren nutzen keine Sicherheitslücke im Rechnersystem aus um eine Maschine zu infizieren, sondern eine andere, viel größere und schwieriger zu sichernde Lücke: Die Person vor dem Rechner . Der Virus verbreitet sich in Mails mit provozierendem oder verängstigendem Inhalt und enthält Anhänge, die sich als Dokumente ausgeben, aber Programme sind. Der Anwender soll beim Lesen der Mail dazu gebracht werden, den Anhang zu öffnen und so die dort enthaltenen Programme auszuführen. Auf diese Weise installiert sich ein Grundprogramm, das dann anfängt, weitere Programmbestandteile aus dem Netz nachzuladen.\nDabei muß der Virus-Autor mehrere Probleme lösen.\nEines ist die Delivery, also das Ausliefern der Mail mit dem Virus an möglichst viele Leute. Zu diesem Zweck verwendet der Autor bereits durch den Virus infizierte Rechner, die dann weitere Rechner infizieren sollen. Diese bereits infizierten Rechner sind jedoch meistens an heimischen DSL-Anschlüssen installiert, und ist ein Nachteil: Netze, in denen Heim-DSL-Anschlüsse enthalten sind, sind bei vielen Mailern geblockt und Mail von dort wird von vorneherein als Spam verdächtigt und nicht angenommen.\nWie sich der Virus selbst versendet, ohne in DSL IP-Blocks zu laufen. Im Falle von SOBIG und vielen anderen Viren geht man daher über einen sehr leistungsfähigen Mittelsmann vor: Der Virus verbindet sich mit dem Mailer eines großen Mailproviders - web.de, 1und1, Telekom und andere sind beliebte Ziele. Im Virus selber sind Adreßdatenbanken mit den Loginnamen und Paßworten von geklauten Accounts enthalten, typischerweise einige Hundert pro Mailprovider. Der Virus greift sich nun die Adreßlisten des befallenen Rechners, loggt sich beim Provider ein und versendet sich an Leute auf der Adreßliste.\nNatürlich gehen die Virenautoren davon aus, daß die Provider geklauten Logindaten sperren werden. Daher ist der Inhalt des Virus selbst verschlüsselt, damit man die Logindaten nicht so leicht finden kann, und die verwendeten Logindaten wechseln in schnellen Intervallen (alle 30 Minuten oder so) auf neue, unverbrauchte Logins.\nDie Virenautoren gehen auch davon aus, daß die Hersteller von Antivirensoftware ihre Suchmuster und Erkennungssysteme aktualisieren. Daher stellen sie alle 4 Stunden eine neue Variante des Virus bereit, die inhaltlich gleich ist, aber bei der die Programmelemente intern anders angeordnet sind und die natürlich neue geklaute Logindaten enthält. Obendrein wird eine neue Welle in der Regel dann gestartet, wenn es in der zu infizierenden Zielregion Nacht ist und die Operating Center der Provider minimal besetzt sind. Eine Startzeit zwischen 2 und 4 Uhr nachts ist normal, sodaß bei Dienstantritt in der Regel schon die 2. oder 3. Welle aktiv ist.\nAuf diese Weise ist der Virus den Abwehrspielern in den Antivirenfirmen und bei den Mailprovidern immer ein wenig voraus und nur sehr aufwendig dauerhaft zu blockieren.\nWas bedeutet das für Virenscanner und andere Schutzprogramme? Welche Bedeutung hat eine Erkennungsrate in so einem System? Es ist klar, daß die Erkennungsrate für neue, aktive Bedrohungen in so einer Umgebung nahe Null ist: Die gerade jetzt aktiv im Spam versendeten Viren sind den Scannern naturgemäß vollkommen unbekannt. Die Autoren der Virensoftware haben selber Testsysteme, auf denen sie sher gut aktualisierte Virenscanner aller wichtigen Hersteller installiert haben und natürlich stellen sie sicher, daß ihr Virus von keinem der gängigen Produkte bereits vorab erkannt werden kann. Damit das so bleibt, variieren sie ihren Angriff alle paar Stunden, um schneller als der Update-Zyklus dieser Programme zu sein.\nDie Erkennungsrate für gerade aktive Bedrohungen ist bei allen diesen Programmen also Null. Und die Angreifer prüfen das, damit das auch so bleibt. Der Scanner nutzt also nur etwas gegen veraltete (also Viren, die älter als 4-24 Stunden sind) Versionen der Bedrohung, und diese versenden sich in der Regel nicht mehr aktiv.\nWas bedeutet das für das Testverfahren der Stiftung Warentest? Da sich das Aussehen der Viren (ihre \u0026ldquo;Signatur\u0026rdquo;) im Stundentakt ändern kann, taugen signaturbasierende Erkennungen in der Regel nur zur Erkennung von veralteten Bedrohungen. Die geraden aktiven Bedrohungen könnte man nur durch Verhaltensanalyse erkennen - hier aber werden die Virenautoren ihre Angriff zuvor recht gut auf die Schutzmaßnahmen der verschiedenen Antivirenprogramme abgestimmt haben und diese zu umgehen versuchen, um das System unerkannt zu kompromittieren. Anders als Signaturdatenbanken ist die Verhaltensanalyse jedoch auch sehr viel aufwendiger zu warten und auf einen Angriff anzupassen, da hier nun Code statt Daten geändert werden müssen. Wenn man also erst einmal einen Weg an einem Virenscanner \u0026lsquo;vorbei\u0026rsquo; gefunden hat, wird dieser auch weitaus länger offen bleiben.\nDie Stiftung Warentest hat ihre Testmethode nicht offengelegt - wenn jedoch gegen Rechner mit Altbedrohungen getestet worden ist und der Test vornehmlich oder ausschließlich auf der Basis einer Signaturdatei erfolgt ist, dann hat er genau keine Aussagekraft.\nEin triviales und leider immer wieder genommenes Testverfahren besteht darin, eine Platte mit so vielen Viren als möglich gleichzeitig zu verseuchen, und eine Kopie von dieser Platte an den Testrechner anzuschließen. Diese Platte wird dann gescannt. Weil Rechner und Virenplatte leicht voneinander zu trennen sind, kann man den Testrechner schnell nacheinander mit einem Virenscanner nach dem anderen austatten und weiter testen, ggf mit einer jeweils frischen Kopie der verseuchten Platte.\nDas ist auf viele verschiedene Weisen nicht aussagekräftig:\nErst einmal ist es nicht das Szenario, gegen das ein Anwender im Angriffsfall vermutlich verteidigen muß - siehe oben. Statt gegen unbekannte frische Programme zu testen, testet man gegen einen Zoo von nicht mehr verwendeter Altware.\nDann ist es so, daß der Testrechner nicht wirklich infiziert worden ist - die Viren liegen inaktiv auf der verseuchten Platte, statt aktiv das Systemverhalten des Testsystems zu beeinflussen. Das ist auch gut so, weil so viele verschiedene Virenprogramme, wenn sie alle zugleich aktiv wären, vermutlich das Verhalten des Testsystems und sich gegenseitig beeinflussen würden. Bis hin zu dem Punkt wo die Testkiste so instabil wird, daß ein sinnvoller Test gar nicht mehr möglich ist.\nWeil die Viren aber nicht installiert und aktiv sind, sondern nur als passive Programme auf der Platte rumgammeln, können die Scanner nur mit ihren Signaturdateien operieren. Die Verhaltensanalyse findet nix, da das Verhalten der zu testenden Kiste wie intendiert nicht beeinflußt wird, um den Test selbst nicht unmöglich zu machen.\nUnd schließlich ist es so, daß die meisten Virenscanner einen Benchmarkmodus haben: Wenn sie auf einem System in einem Testlauf mehr als n Viren finden und eventuell eine von diesen Dateien sogar EICAR ist, dann schalten sie in einen speziellen Benchmark-Modus, der mit dem normalen operativen Betrieb nichts zu tun hat und der speziell dafür designed ist, das Programm in einem Vergleichstest gut aussehen zu lassen.\nAuf diese Weise kommt man zu Ergebnissen, die mit dem realen Schutzwert des Programmes genau gar nichts zu tun haben. Und dieser bemißt sich in der realen Welt gegen eine echte Bedrohung vermutlich nicht nach der getesteten, aber in der wirklichen Welt eher nutzlosen Signaturdatei, sondern nach der Qualität der Verhaltensanalyse von Programmen.\nNachtrag: Wie sind die Angreifer an Loginnamen und Mailadressen von Mailaccounts gekommen? Phishing von eBay-Accounts (\u0026ldquo;Für die eBay-Disputresolution gehen sie bitte auf die folgende wilde Webseite und geben sie unmotiviert ihren eBay-Namen und ihr Kennwort ein, oder wir sperren ihren Account!11!!eins!Elf\u0026rdquo;) liefert den Angreifern eBay-Namen und Paßworte. Loggt man sich nun mit diesen Daten automatisiert bei eBay ein, kann man dort eine Reihe von spannenden Daten absaugen, darunter auch die Mailadresse, an die eBay Benachrichtigungen senden soll.\nMit dieser Adresse und dem eBay-Paßwort kann man nun versuchen sich automatisiert bei dem Provider einzuloggen. Hat der Benutzer bei allen seinen Accounts dasselbe Paßwort verwendet, gelingt das und man ist zusätzlich zu seinem eBay-Account auch noch sein web.de/GMX/T-Online los.\nNachtrag: Wieso machen die das? Wenn ein Rechner erst einmal befallen ist, kann man mit ihm alles machen: Man kann seine lokale Festplatte durchsuchen und die Bankdaten für Onlinebanking aus der Bankingsoftware oder dem Browsercache auslesen. Man kann seine Mailkontakte abernten und sie verwenden, um den Freunden dieser Person realistischere Spam-Mails zu senden. Man kann weitere Software aus dem Internet nachladen und den Rechner und seine Internet Anbindung verwenden, um mehr Spam zu versenden, DDoS-Angriffe auf andere zu fahren und mit dieser Drohung Schutzgeld zu erpressen und man kann viele weitere unschöne Dinge damit tun.\n","date":"2012-04-27T00:00:00Z","href":"https://blog.koehntopp.info/2012/04/27/alle-vier-stunden-zum-nutzen-von-antivirus-und-zum-nutzen-von-testverfahren.html","tags":["security","spam","virus","lang_de"],"title":"Alle vier Stunden - zum Nutzen von Antivirus und zum Nutzen von Testverfahren"},{"categories":null,"content":"Wonka\u0026gt; Die Toppoint z.B. wird vermutlich nie was haben, was in nennenswerte Last-Regionen kommt, aber ich will - akademisches Interesse und so - schon wissen, wie man das da am besten täte. Was mich auch für die Toppoint interessiert: irgendeine Sorte Redundant Array of Inexpensive Databases :)\nLalufu\u0026gt; MySQL mit Replication? Alternativ mit DRBD?\nIsotopp\u0026gt; Mit DRBD. Nicht mit Replikation.\nWonka\u0026gt; Lalufu: Hm, Master-Master-Replication geht ja nur mit Zweien. Wenn man nun mehr als das haben will, kann man zwar Ringe bauen, aber nur einfach verkettete.\nIsotopp\u0026gt; Wonka: Argh! Master-Master geht nicht mit Replikation. Nie.\nWonka\u0026gt; huh?\nIsotopp\u0026gt;\n-- Thread 1 schreibt auf Master 1: insert into t (id, d) values (NULL, \u0026#39;eins\u0026#39;); -- Zeitgleich schreibt thread 2 auf master 2: insert into t (id, d) values (NULL, \u0026#39;zwei\u0026#39;); Isotopp\u0026gt; Was steht in der Datenbank master1, was steht in der Datenbank master2? Wenn man mal annimmt, dass MySQL auto_increment_increment und auto_increment_offset korrekt gesetzt sind?\nWonka\u0026gt; Isotopp: ok, Problem. Trotzdem gibts reichlich HOWTOs dazu.\nIsotopp\u0026gt; Wonka: Das ist noch kein Problem. Du kriegst (1, 'eins') und (2, 'zwei'). So weit funktioniert das.\nkv_\u0026gt; Bei UPDATE sieht\u0026rsquo;s anders aus.\nIsotopp\u0026gt; Jetzt macht aber Thread 1 auf master1 ein UPDATE. Und zwar update t set d = 'een' where id =1;. Und Thread 2 macht auf master2 ein UPDATE. Und zwar update t set d = 'one' where id = 1; Was steht auf master1 und was steht auf master2?\nIsotopp\u0026gt; Der Punkt ist, daß es keine global für die Domain des ganzen Ringes gültige Serialisierung von Ereignissen gibt. Es gibt also keine globale Festlegung der Reihenfolge von Ereignissen. Sondern jeder lokale Knoten hat seine eigene Reihenfolge von Ereignissen. Im Klartext heißt das, daß auf master1 die Reihenfolge der Events een, one sein kann, auf Master 2 aber one, een oder umgekehrt.\nLalufu\u0026gt; Genaugenommen ist das Problem, daß Leute sowas gerne hätten, aber MySQL das nicht liefern kann.\nIsotopp\u0026gt; Lalufu: Nein, die Situation ist weitaus komplizierter. Laß mich zu Ende erklären.\nWonka\u0026gt; http://www.howtoforge.com/mysql_master_master_replication :\n\u0026ldquo;This tutorial describes how to set up MySQL master-master replication. We need to replicate MySQL servers to achieve high-availability (HA). In my case I need two masters that are synchronized with each other so that if one of them drops down, other could take over and no data is lost. Similarly when the first one goes up again, it will still be used as slave for the live one.\u0026rdquo;\nWonka\u0026gt; Also haben die\u0026rsquo;s nicht verstanden\u0026hellip;\nIsotopp\u0026gt; Richtig. Genauer: Sie glauben, sie können gewinnen. Aber das Universum kann man nicht bescheißen.\nIsotopp\u0026gt; Wonka: Du willst also eine solche Serialisierung erzwingen. In SQL erzwingt man eine bestimmte Reihenfolge von Ereignissen, indem man für die Domain, in der man arbeitet eine Sperre (englisch: lock) setzt. Man braucht also ein Locking, das in der ganzen Domain gilt.\nIsotopp\u0026gt; Die Domain ist nun aber nicht mehr eine Kiste, dafür hat Dein SQL Server ja Locks, sondern der Ring. Und MySQL Replikation hat spezifisch kein Locking Protokoll. Es gibt solche Protokolle, 2PC, 3PC, Paxos, Raft und noch ein paar mehr. 2PC ist das schnellste, in dem Sinne, daß es minimale Umlaufanzahlen/Lockzeiten hat. Paxos und Raft sind im Sinne der Ausfallsicherheit/Recoverability das Sicherste.\nOhne ein solches Locking Protokoll kannst Du nirgendwo konkurrente Writes sicher durchführen, weil Du eben keine für die Domain gültige Serialisierung von Ereignissen erzwingen kannst. Jedes Setup mit mehr als einem Writer ohne ein distributed locking protocol ist also kaputt.\nLesen wir also die Anleitung zu mmm, MySQL Multi Master. Steht drin: »schreiben nur in einem Knoten.« Also: ein Ring, kein Multi-Master - der Name ist Betrug.\nGucken wir irgendwo sonst, total egal wo: ENTWEDER Synchronisation durch Locking ODER nur ein Master ODER kaputt.\nDas ist die Wahl. Die ganze Wahl. Es gibt keine weiteren Möglichkeiten.\nkv_\u0026gt; Wonka: Und wenn man die Leute fragt, warum die Master-Master oder circular replication aufsetzen, kommt immer die falsche Antwort: \u0026ldquo;Ausfallsicherheit\u0026rdquo; oder \u0026ldquo;Lastverteilung\u0026rdquo;. Für Ausfallsicherheit nimmt man ein Shared Storage und baut sich eine failover-Lösung auf OS-Ebene drüber - also NetApp oder DRBD. Und für Lastverteilung beim Lesen nimmt man one-way Replication. Schreibverteilung kann MySQL nicht. Da fängt man dann an, auf Anwendungsebene Sharding-Architekturen zu bauen.\nIsotopp\u0026gt; Exakt.\nIsotopp\u0026gt; Lalufu: So, jetzt zu MySQL und liefern. MySQL liefert ein Produkt mit mehreren Knoten und 2PC. Es heißt MySQL Cluster. Es verwendet nicht MYSQL Replikation, um das zu tun.\nIsotopp\u0026gt; Und zu HA: MySQL 5.1, 5.5 und 5.6 haben verschiedene Inkremente von MySQL SemiSynchronous Replication (SSR). Damit hat man EINEN Master, aber Slaves, die das Commit auf dem Master VERZÖGERN (den Master also langsamer machen). Und zwar so lange, bis wenigstens ein Slave existiert, der denselben Stand hat wie der Master.\nDas kombiniert die Nachteile von 2PC (warten) mit den Nachteilen von Replikation, die da sind:\nIn MySQL Replikation ist der Slave ja abhängig von der MySQL binlog position. Die verwaltet jeder Knoten aber selber. Und das heißt, man kann den Slave 3, der an Master 1 hängt, nicht einfach an Slave 2 hängen, von dem wir wissen, daß er Dank SSR auf demselben Stand wie Master 1 ist. Das ist so, weil der Stand von Master 1 in binlog position (mname, mpos) ausgedrückt wird, derselbe Stand auf slave 2 aber (s2name, s2pos) ausgedrückt wird.\nUnd es gibt keinen Übersetzungsmechanismus. Man kann einen bauen, das tut dann unterschiedlich weh, je nachdem wie korrekt man das im Falle eines Desasters haben will. Und wir reden über HA, man will es also korrekt haben.\nIn MySQL 5.6 gibt es dann die Global Transaction ID (GTID) und einen Übersetzungsmechanismus (transparent, automatisch) von GTID in lokale Position. Mit SSR und GTID zusammen kann man dann in 5.6 auch endlich Replikation als HA Mechanismus verwenden und könnte einen Ring mit genau einem aktiven Master als HA-System stabil verwenden. Das heißt, man hat immer noch Waits wegen der Synchronisation in SSR, aber keine Probleme mit dem Failover mehr.\nWonka\u0026gt; MySQL Cluster ist aber nicht FOSS, oder?\nIsotopp\u0026gt; Wonka: MYSQL Cluster war früher FOSS. Was es jetzt ist, habe ich nicht nachgesehen, weil mich Cluster aus anderen Gründen nicht interessiert.\nEs ist strukturell nicht möglich, normale Anwendungen, die gegen vanilla MySQL performen, gegen Cluster laufen zu lassen und Performance zu erwarten. Cluster-Software ist immer speziell gegen Cluster geschrieben.\nAktueller Cluster ist inzwischen VIEL BESSER darin als der Cluster, den ich gekannt habe, aber es bleibt schwierig.\nDu suchst einfache Lösungen für distributed databases. So etwas existiert nicht. So etwas KANN nicht existieren ohne daß du an c drehst.\nDu willst also mit Q (aus Star Trek: The Next Generation) reden, oder Dir eine von Grace Hoppers Mikrosekunden um den Hals hängen.\nLalufu\u0026gt; Würden Sie diesem Mann Ihre Replikation anvertrauen?\n","date":"2012-03-15T00:00:00Z","href":"https://blog.koehntopp.info/2012/03/15/grundsaetze-verteilter-datenbanken.html","tags":["cluster","database","erklaerbaer","distributed computing","mysql","lang_de"],"title":"Grundsätze verteilter Datenbanken"},{"categories":null,"content":" Ein total kaputtes Stück Graph.\nDas da ist das, was ich bekomme, wenn ich mir eine Woche Daten in dem Datenbank-Monitoringprodukt meiner Wahl anschaue. Aber das spielt keine Rolle. Ich kann mir so ziemlich jeden Zeitreihengraphen anschauen, aus so ungefähr jedem Stück Software, das mir zur Installation zur Verfügung steht, und falls es nicht rrdtools ist, ist es genau so kaputt.\nDas ist bemerkenswert, weil der Plot wahrscheinlich von einem Rudel Diplom- oder Master-Abgänger gebaut worden ist. Man sollte annehmen, daß jetzt, wo ein Studium Geld kostet, diese Personen vielleicht auch zuhören, wenn ihnen elementare Dinge erklärt werden.\nWas ist genau kaputt? Man versuche einmal, die Werte zwischen dem 6. und dem 7. März abzulesen. Wie man sieht, haben wir dort keine Linie, sondern einen fetten gelben Zitteredding, der die Pixel auf dem \u0026ldquo;Graphen\u0026rdquo; zuquastet.\nDer \u0026ldquo;Graph\u0026rdquo; ist hier 640 x 300 Pixel groß, weil ich das so eingestellt habe, damit ich mehrere Browserfenster zum Vergleichen nebeneinander legen kann. Die Software nimmt einen Meßwert pro Minute auf, also 1440 Messungen pro Tag. Es sind also hier 10080 Meßwerte in Betracht zu ziehen, um die gewünschte Darstellung von einer Woche zu zeichnen, also nicht ganz 16 Meßwerte pro x-Pixel. Unser \u0026ldquo;Graph\u0026rdquo; zeichnet nun für jeden x-Wert alle 16 Meßwerte ein.\nIrgendein Spezialexperte hat jetzt die Meßpunkte außerdem noch miteinander verbunden, damit man bei Diskontinutäten keine Löcher im Graph hat. So hat man noch mehr als 16 geplottete Pixel pro x-Pixel, und stellt so sicher, daß in einem Spike der gesamte Graph vollkommen nutzlos ist. Weil Spikes nun gerade die interessanten Stellen wären. meinjanur\nDas Resultat ist vollkommen nutzlose Pixelmarmelade: Wie ist die Verteilung dieser 16 Werte zu jedem Zeitpunkt? Wie sind Mittelwert, Median, Maximum, Minimum in dieser Pixelwolke gelegen? Welche dieser Pixel sind Meßwerte und welche informationslose Verbindungslinien?\nHier ein Tip: Man kann das noch pessimieren, indem man da irgendeinen Spline durch legt, damit es noch Überschwinger gibt. Dann kann man dem Ding überhaupt keine Informationen mehr entnehmen.\nEin Graph, mit dem man etwas anfangen kann.\nDies ist ein anderer Graph - diesmal einer, der den Namen auch verdient. Wie man sehen kann, wird wieder ein Zeitraum von einer Woche gemalt, sodaß pro x-Wert nicht ganz 16 Meßwerte zu berücksichtigen sind. Hier - es handelt sich um rrdtool - hat jemand mitgedacht, und so sehen wir in Blau den Mittelwert der 16 Werte und in Rot das Maximum dieser Werte eingezeichnet.\nEs ist klar erkennbar, daß der Mittelwert relativ stabil ist (bis er am Ende abfällt), und wie hoch die Spikes sind, die von diesem Mittelwert ausgehen. Auf dieser Grundlage kann man verläßliche Aussagen über das Lastverhalten der Kiste machen.\nDamit ist bewiesen, daß Tobias Oetiker in seinen Mathevorlesungen zugehört hat, anstatt sich in den Nächten vorher das Hirn weg zu saufen. Wenigstens einer!\nDichte-Diagramm und Qualitätsrating im Mittelwert.\nDies ist ein Graph, wie er von Smokeping gemalt wird. Hier werden sogar 15 Tage betrachtet. Für jedes Pixel stehen also circa 30 Meßwerte bereit, wenn man einmal pro Minute mißt - bei einer Messung alle 5 Minuten immerhin noch 6 Meßwerte (mal 20, weil Smokeping in einer Messung je nach Konfiguration mehrere Werte erfaßt - hier 20).\nIm Graph erkennen wir genau den farblich hervorgehobenen Median (Es wird ein Median statt eines geometrischen Mittels eingezeichnet, weil das stabiler gegen Outlier ist). Der Farbcode für den Median gibt zugleich eine Verlustrate an. Kommt es überhaupt zu Verlusten, liegt also eine Störung vor, ist der entsprechende Bereich des Graphen farblich markiert und die Farbe des Median gibt die Verlustrate (hier: 10/20, Lila) an.\nÜber und unter dem Median ist durch entsprechende Grauwerte eine Dichteverteilung der gemessenen Werte eingezeichnet. Wir können also nicht nur erkennen, wie weit die Maxima und Minima vom Median abweichen, sondern durch die Schattierung erkennen wir das kumulative Histogramm der Meßwerte, bekommen also einen Dichtegraphen und können so sehen, wie anormal so ein Outlier/Maximum denn nun wirklich ist.\nDas ist zwar auch wieder ein breiter Quast wie im ersten Graphen. Anders als im ersten Graphen ist er jedoch intern strukturiert und enthält eine große Menge an zusätzlichen Informationen in derselben Menge Pixel - es handelt sich um ein Histogramm, mit der die Dichteverteilung der Werte visualisiert wird.\nSo macht man es richtig.\nUnd jetzt schaut Euch Eure Graphen an, schämt Euch, schmeißt Euren Code weg und macht es richtig. Damit ich mich nicht mehr aufregen muß.\nDanke sehr.\nNachtrag: rrdtool schützt nicht vor Dummheit. Also, es versucht sein Bestes, aber wenn das Problem vor der Tastatur darauf besteht, kommt trotzdem Rotz raus.\nBest of Munin:\nUptime steigt um einen Tag (ein y-Pixel) pro 24 Stunden. Das ist schon als Linie kaum zu sehen - als Bargraph aber komplett im Eimer.\nWir nehmen einen dicken Edding und Daten mit Spikes. Und lassen jede Form von Median/Maximum/Minimum-Plot beiseite, denn sonst wäre das Ergebnis womöglich sinnvoll.\n","date":"2012-03-12T00:00:00Z","href":"https://blog.koehntopp.info/2012/03/12/wie-man-einen-graph-plottet.html","tags":["computer","monitoring","mysql","lang_de"],"title":"Wie man einen Graph plottet"},{"categories":null,"content":"Wolfgang Michal schreibt auf carta.info: Kleine Anfrage an die Kritiker des geistigen Eigentums das übliche Zeugs. Das heißt, er zieht sich an dem Begriff \u0026ldquo;Geistiges Eigentum\u0026rdquo; hoch und schlägt vor, daß die Gegner des Kampfbegriffes \u0026ldquo;Geistiges Eigentum\u0026rdquo; auch das dingliche Eigentum gleich mit abschaffen, wegen weil.\nDie Diskussion und die Argumente sind nicht neu, wir finden sie auch im hinteren Teil der Diskussion mit Lena Falkenhagen im November , die ich seinerzeit in Nicht das Urheberrecht ist das Kernthema zusammengefaßt habe. Sicherheitshalber hat Marcel Weiss die Standardantwort auf diese Standardfrage noch einmal aufgeschrieben, denn manchmal braucht auch einer wie Wolfgang Michael einmal eine FAQ an die Birne geknallt.\nEben Lena Falkenhagen greift nun den \u0026ldquo;Kleine Anfrage\u0026rdquo;-Artikel in Google Plus noch einmal auf, nachdem Andreas Eschbach sie darauf aufmerksam gemacht hat, und Andreas Eschbach diskutiert dort auch mit.\nDas wäre nicht weiter interessant, denn diese Richtung der Diskussion geht, wie wir in Nicht das Urheberrecht ist das Kernthema und dem Nachtrag dazu etabliert haben, vollkommen am Kern des Problems vorbei. Der \u0026ldquo;Blechpirat\u0026rdquo; Karsten greift das auf:\nIch finde den Artikel eher schwach. Konkret geht er auch an der Sache vorbei. Zu Rechtfertigen, warum man den juristischen Fachbegriff \u0026ldquo;Eigentum\u0026rdquo; gerne falsch auf das Urheberrecht anwenden möchte, hilft doch keinen - letztlich wird damit doch nur Propaganda gerechtfertigt. Spannend ist doch viel mehr die Frage, wie man mit der neuen Technik umgeht, wie man mit der Kopierbarkeit (auch juristisch) umgeht und wie man dann noch mit Denken, Schreiben, Malen und Musizieren noch Geld verdienen kann, wenn diese Technik vollständig da ist. Und da versagt der Artikel. Er bleibt (langweilige und nicht besonders gut geschriebene) Polemik.\nund Christian Buggedei hat schon auf carta.info nachgesetzt gehabt:\nEs gibt viele Dinge, bei denen man die “Das ist Technik, das geht halt so und nicht anders” nicht hinnehmen muss. Da kann man neue, bessere Technik konstruieren, da kann man Verbote aussprechen und sie auch kontrollieren.\nDieses eine Ding – Inhalte kopieren – ist leider eine Ausnahme. Wenn wir dieses wirksam kontrollieren und einschränken wollen, müssen wir das Internet so wie es ist abschaffen. Komplett. Eigene, spontan erstellte Seiten und Dienste wird es nicht mehr geben, jeglicher Kommunikationsvorgang muss überwacht und kontrolliert werden. Alles andere wird fast sofort umgangen werden.\nEr holt dann noch weiter aus und zeichnet auch einen sinnvollen Ausblick auf - aber lest seinen Kommentar halt selbst, ich warte hier so lange.\nAber Andreas Eschbach hat noch Fragen:\nIch weiß nicht, wieso sich alle immer so an dieser \u0026ldquo;beliebigen Reproduzierbarkeit\u0026rdquo; aufhängen. Wieso denn? Was ändert denn das?\nund wir erklären es ihm - es geht nicht wirklich um das Kopieren, und seinen Blick darauf zu fixieren verstellt einem die Sicht auf das Ganze. Es geht um die Kommunikation von Leuten miteinander, und wie das die Strukturen im Markt ändert. Die Kopierbarkeit rundet das Ganze nur ab. Ich formuliere das so:\nWas die neue, digitale Natur von Werken ändert hatte ich in der vorherigen Instanz dieser Debatte schon einmal aufgemalt:\nNicht das Urheberrecht ist das Kernthema \u0026ldquo;Dann ist da aber auch die Verminderung des Aufwandes und die Verkürzung der Publishing Pipeline: Jeder, der schreiben will, kann nun schreiben. Ob er gelesen wird ist noch einmal eine andere Sache - aber es gibt nichts und niemanden mehr, das jemandem vom Schreiben abhalten kann. Und so gibt es neben den Werken, die Du und Deinesgleichen für Geld produzieren nun haufenweise anderes Zeugs - frei erhältlich an Orten wie Wattpad oder einer der Tausend anderen Story Communities im Web. Gegen diese Leute und deren Preise treten Autoren für Geld nun an.\u0026rdquo; und in den folgenden Absätzen des o.a. Artikels länger ausgeführt.\nEs ist nicht das Urheberrecht das Problem, sondern es sind mehrere Mechanismen am Werk, die strukturelle Dinge ändern:\nWeil Kopien machbar sind werden sie gemacht. Das ist auch nicht zu verhindern, ohne daß etwas ganz schreckliches entsteht, daß niemand von uns will. Weil jeder sich und seine Werke publizieren kann, fragmentiert der Markt. Dazu kommt, daß viele ihre Werke kostenlos oder zu sehr niedrigen Kosten publizieren. Dadurch entsteht ein Race to the bottom. Weil jeder sich publizieren kann, und die publizierten Werke teilweise Fragmente sind, die dann wieder weiter verarbeitet werden, ist Urheberschaft teilweise ein schwer feststellbares Konzept. Zu 3: Besonders ausgeprägt im Bereich der Programmentwicklung, teilweise aber auch bei der Texterstellung - kollaborative Systeme dienen dazu, kleinste Beiträge von Einzelpersonen zu einem Gesamtwerk zu aggregieren. Fast alle moderne Werkentstehung arbeitet auf diese Weise, und wo das gelingt, haben Einzelpersonen kaum noch eine Chance. Dazu kann ich auf Anfrage mehr schreiben (Nachtrag ) redet da schon teilweise drüber).\nÜber das Urheberrecht zu diskutieren geht am Kern des Problems vorbei. Das versuche ich mit meiner Frage nach dem Wunsch-Urheberrecht in Richtung Lena Falkenhagen und Andreas Eschbach ja zu illustrieren - es würde mich wundern, wenn eine sinnvolle Antwort käme, denn IMHO gibt es keine - auch in [Von einem Absturz, Tutus und einem neuen Urheberrecht]({\u0026amp; link _posts/2011-11-24-von-einem-absturz-tutus-und-einem-neuen-urheberrecht.md %}) habe ich keine Antwort bekommen.\nDie Frage ist ja schon falsch.\nund Karsten geht noch einmal auf die Eigentumsgleichsetzung ein, um die Erklärung zu komplettieren:\nMein gedanklicher Ansatz ist ein anderer: Eine Eigentumsordnung wie die unsere ist bisher auf die Verwaltung von Knappheit ausgelegt. Wenn es nur einen Apfel gibt, dann ist es fair, dass der einer konkreten Person zugeordnet wird - sie kann entscheiden, was mit dem Apfel passiert.\nSind Äpfel aber beliebig reproduzierbar, erscheint es unfair, wenn nur einer über sie entscheidet, der andere aber hungrig stirbt.\nMir ist klar, dass niemand stirbt, weil er ein digitales Werk nicht erhält. Aber der Gedanke der exklusiven Zuordnung erhält seine moralische Rechtfertigung in der Knappheit des Gutes.\nGerade deshalb wollen die Urheberrechtsverschärfer (wie der im Originalposting genannte [Wolfgang Michal]) ja unbedingt Urheberrecht und Eigentum gleichsetzen - um die moralische Legitimierung des Begriffes Eigentum für ihr Anliegen ausnutzen zu können.\nMir ist klar, dass meine Gedankengänge jetzt das von Lena Falkenhagen angesprochene Problem (wie wird der Künstler bezahlt) nicht lösen. Aber die künstliche Verknappung des Gutes durch Gesetz und technische Lösungen scheint keine praktikable Lösung zu sein. Das Gesetz kann nicht erfolgreich durchgesetzt werden, wenn die Mehrheit der Unterworfenen es für ungerecht befindet - das geht einfach nicht, ist 1000mal probiert worden und scheitert. Und die technischen Ansätze scheinen auch zu scheitern.\nAn dem Konzept der Rechtsdurchsetzung knabbert man im weiteren Verlauf der Diskussion noch weiter herum. Es werden Vergleiche mit roten Ampeln und mit Mördern gezogen, aber man kommt nicht so richtig weiter. Oder doch? Lena:\nChristian Buggedei, ich halte die Argumentation für unfair und sehr gefährlich. Nur weil alle Leute über die rote Ampel gehen, heißt es noch nicht, dass das erlaubt wäre.\nIch bin auch kein Freund von jahrelangen Gefängnisstrafen für private Raubkopierer, aber wenn \u0026ldquo;das macht doch jeder\u0026rdquo; gelten würde, wäre Mord im Affekt an der Ehefrau und ihrem Geliebten immer noch ein Ehrendelikt.\nIch weiß, dass ich gerade polemisch werde, aber am Urheberrecht ist so nichts auszusetzen. Es schützt meine Rechte als Autorin, die ich mir in langer, harter Arbeit verdient habe. Die Durchsetzbarkeit gerät ins Wanken, da stimme ich zu.\nDaher müssen neue Wege gefunden werden, Urheber (jeglicher schöpferischer Werke) zu gratifizieren. Sonst sind (geraten) 90% der weltweit beliebtesten Unterhaltungsprodukte, an denen momentan einfach so partizipiert wird, \u0026ldquo;weil man es kann\u0026rdquo;, nicht mehr möglich.\nDoch, man kommt weiter. Denn Christian läßt sich von der fruchtlosen Diskussion nicht blenden, und geht auf den entscheidenden Punkt ein:\nLena Falkenhagen: \u0026ldquo;Daher müssen neue Wege gefunden werden, Urheber (jeglicher schöpferischer Werke) zu gratifizieren. Sonst sind (geraten) 90% der weltweit beliebtesten Unterhaltungsprodukte, an denen momentan einfach so partizipiert wird, \u0026ldquo;weil man es kann\u0026rdquo;, nicht mehr möglich.\u0026rdquo;\nGenau.\nNochmal: Genau.\nGenau das ist es, was \u0026ldquo;wir\u0026rdquo; die ganze Zeit sagen: Es geht nicht darum, diealten Einkommenswege zu zementieren, sondern neue zu erschließen. Am Horizont sehen wir da diverse Wege, gerade wenn zB die Inhalte an begehrenswerte physische Artefakte wie \u0026ldquo;schöner Druck\u0026rdquo;, \u0026ldquo;schöne Packung\u0026rdquo;, oder \u0026ldquo;Sammlerfigur\u0026rdquo; gebunden sind. (wobei sich das mit 3d-Printing auch wieder ändern könnte), es gibt offensichtlich ebenso die Bereitschaft für einen besonders einfachen Zugang zu zahlen, oder Modelle wie Flattr, Kickstarter und Co., und und und. Wie Kristian Köhntopp sagte, ist dabei das Urheberrecht allerdings das kleinste Problem.\nIch habe persönlich nur die Befürchtung, dass wir das Urherberrecht dennoch erst schleifen müssen, bevor der Druck, diese neuen Modelle ernsthaft auszuprobieren, in der Breite ankommt.\nAndreas Eschbach ist weiter skeptisch:\n»Jetzt schaue ich mir mal meine Umgebung an. Gefühlte 97% davon ist der Ansicht, dass das freie Kopieren von Zeugs für Privatpersonen zwar illegal, aber nicht sonderlich moralisch verwerflich ist.«\nDas wäre bis jetzt der einzige Ansatzpunkt, der mir einfällt: Dass man durch entsprechende Aufklärungsarbeit das Verständnis dafür weckt, welches Kopieren okay ist (für den Eigengebrauch, bislang \u0026ldquo;Privatkopie\u0026rdquo; genannt) und welches nicht okay ist (Buch einscannen und stolz sein, wenn\u0026rsquo;s 5000 Leute runtergeladen haben, ehe die Datei in Usbekistan vom Server geschmissen wird). Man tritt ja auch keine Hunde mit Füßen und schnappt nicht alten Omas den Sitzplatz weg und man bescheißt im Restaurant nicht usw. – alles weitgehend freiwillig aus dem Bewusstsein heraus, \u0026ldquo;es wäre nicht okay\u0026rdquo;.\nDas ist allerdings viel Arbeit, wenn ich dran denke, wie viele Mails ich schon gekriegt habe von Leuten, die mir Sachen schreiben wie \u0026ldquo;ich hab mir alle Ihre Romane besorgt (bei ebay), weil ich finde, man muss einen Autor unterstützen\u0026rdquo; \u0026hellip; :-(\nund schließt mit der Betrachtung\n\u0026ldquo;Wenn man hier nicht aufpasst, wird ganz schnell eine andere Art von Knappheit entstehen, nämlich eine an wirklich neuen Schöpfungen.\u0026rdquo;\nAber da unterschätzt Andreas Eschbach wahrscheinlich seine Leser und Kunden. Denn es existieren jede Menge Gegenbeispiele, die zeigen, daß genau diese Aufklärungsarbeit bei den Lesern offene Türen einrennen würde. Christian Buggedei ist jedenfalls, wie ich, genau dieser Auffassung:\nIch weiss ehrlich gesagt gar nicht, ob diese Arbeit nötig ist. Denn die prinzipielle Bereitschaft, den Autoren, Musikern, Filmemachern etc. die man gut findet, Geld zu geben ist ja da. Es \u0026ldquo;fehlt\u0026rdquo; wohl nur der Wille, das über die althergebrachten Kanäle zu tun.\nund ich führe länger aus:\nIch könnte an dieser Stelle den Brockhaus und den Britannica-Verlag erwähnen, die da andere Dinge berichten können. Ich könnte die ganzen Projekte aus den oben erwähnten Blogbeiträgen von mir noch einmal aufzählen. Oder ich könnte auf meine eigenen Arbeiten verweisen, die zwar keine Geschichten erzählen, aber von einer Reihe von Leuten als Ausbildungsmaterial gerne verwendet werden.\nStattdessen will ich nur auf die Artikelserie von Heiko Harthun verweisen: \u0026ldquo;Projekt: Eben nicht schwarzer März!\u0026rdquo;. Es steht unter dem Motto: »Anstatt sich einem absoluten Boykott der Verwertungsindustrie anzuschließen, wäre ein deutlich erfolgversprechenderer Weg, die Stand-Alone-Projekte und fairen Kleinstverwerter zu belohnen. Das wichtigste daran, es so vielen Leuten mitzuteilen. Deshalb hier jetzt den ganzen März lang jeden Tag eine neue Empfehlung.«\nAm Ende des Monats wirst Du so 31 Beispiele haben, die zeigen, daß keine Knappheit an wirklich neuen Schöpfungen herrschen wird. Stattdessen, das zeigen diese Beispiele, verändert sich die Art und Weise wie Schöpfer von Werken an eine Finanzierung kommen, oder es ändern sich die Motive, aus denen diese Personen Werke schaffen.\nEs handelt sich eben genau nicht um eine Krise des Urheberrechts an sich, sondern um einen Strukturwandel im Schaffensprozeß, der durch eine neue Art der Werkverbreitung und durch eine neue Art der Kommunikation ausgelöst wird. Daher ist das Ganze auch nicht im Urheberrecht zu reparieren, sondern nur durch eine Anpassung an diese neuen Strukturen.\nChristian Buggedei ist begeistert und will nun Nägel mit Köpfen machen. Er fordert Andreas Eschbach und Lena Falkenhagen heraus:\nZum Thema Zahlbereitschaft: Wie wäre es mit einer Wette?\nWir starten gemeinsam ein Kickstarter Projekt. Du, und hoffentlich ein paar andere Autoren (ich schau zum Beispiel einfach auch mal Lena Falkenhagen an) sagt mir, was Ihr für an Geld braucht/wollt um je eine Kurzgeschichte zu schreiben. Da schlagen wir dann einen Betrag für Lektorat, Zusammenstellung, Artwork, Buchhaltung etc drauf und stellen das als Projekt dem Internet vor.\nWenn dann der Gesamtbetrag zusammenkommt, schreibt Ihr die Geschichten, werdet bezahlt und wir veröffentlichen das unter CC by-nc-sa sowohl gedruckt als auch kaufbar und kostenlos in den gängigen eBook-Formaten. Ich würde mich nicht wundern, wenn das Geld nicht innerhalb eines Monats zusammenkommen würde und dennoch danach regelmäßig die Kurzgeschichtensammlung gekauft wird.\nLeider kneift Andreas Eschbach:\nGrundsätzliches zu der Wette: Man muss bei solchen Sachen unterscheiden zwischen dem Erfolg aufgrund des Eventcharakters, so etwas als einer der Ersten zu machen, was ein Anreiz für viele sein kann, mitzumachen, und dem Erfolg aufgrund eines funktionierenden Konzeptes, das auch auf Dauer und für viele funktionieren kann: Von Letzterem bin ich schwer zu überzeugen.\n(Das wird immer übersehen von denen, die ankommen mit von wegen \u0026ldquo;Cory Doctorow stellt seine Bücher frei ins Netz und verkauft sie trotzdem\u0026rdquo;: Was bei 1 funktioniert, muss noch lange nicht bei allen funktionieren und funktioniert auch nicht bei allen.)\nPersönliches zu der Wette: Würde meinen Verleger unnötig nervös machen, wenn ich bei so etwas mitmachte, und das will ich ihm nicht antun. :-D\nDas mit dem einmaligen Eventcharacter stimmt so übrigens nicht, merkt Christian Buggedei an:\nSowas und ähnliches funktioniert auf Dauer und für viele. Alexandra Erin, Fred Gallagher, Scott Kurtz, Jeffrey T. Darlington, die Jungs von Penny Arcade, Rich Burlew, Ryan Sohmer\u0026hellip; um nur ein paar zu nennen. Cory ist sicherlich derjenige, der das am meisten weitererzählt und propagiert, aber er ist nicht der einzige.\nUnd Heiko Harthun hat noch mehr Beispiele:\nDurch meine erste Berührung mit einem Kindle und jetzt mit der App für mein Tablet hat sich mein Leseverhalten grundlegend verändert. Ich kaufe haufenweise eBooks für kleines Geld und kaufe ausschließlich die Gebundene Ausgabe eines eBooks, wenn es mir gefällt. Taschenbücher sind bei mir damit \u0026ldquo;nahezu\u0026rdquo; ausgestorben. Warum nur \u0026ldquo;nahezu\u0026rdquo;? Ich gehe sogar den umgekehrten Weg. Ein eBook, dass gar nicht auf Papier zu haben ist, habe ich mir jetzt als Book on Demand (etwas veraltete Idee, die gerade totgeglaubt, wiederbelebt wird) bestellt.\nDas alles hat primär nichts mit dem Urheberrecht zu tun, sondern mit sterbenden und sich schnell verändernden Geschäftsmodellen. Und was die mühsame Argumentation mit dem \u0026ldquo;Die Massen zahlen doch nicht für etwas, was sie umsonst kriegen können!\u0026rdquo; angeht: lassen wir einfach ein Beispiel von Neil Gaiman für sich sprechen.\nEs gibt noch mehr davon, die alle ganz deutlich widerlegen, was wir alle glauben. Wir glauben, dass jemand lieber nimmt anstatt zu geben, wir glauben das jemand nicht für ein Produkt bezahlt, wenn er es auch umsonst bekommen kann.\nDieser Glaube basiert auf unserer Intuition. Menschliche Intuition funktioniert nicht! Menschliche Intuition ist broken bei Design! Jedes, aber auch wirklich jedes Wissenschaftliche und sogar nur rein statistische Modell schlägt die Intuition! Jedes!\nRelevant: Dan Pink on Motivation \u0026ldquo;Intuition sucks! That\u0026rsquo;s why we test!\u0026rdquo; ist ein sich langsam etablierendes Dogma in der IT-Welt. Die Firmen, die verstanden haben, dass sie mit einer einzigen Website eine Spielwiese haben, von der Statistikern seit Jahrhunderten geträumt haben - diese Firmen sind schneller, effektiver und stabiler als ihre Konkurrenz. Warum sind sie das? Weil sie keine Annahmen mehr über die Welt und wie sie funktioniert machen, weil sie nicht mehr auf ihre Intuition vertrauen, sondern weil sie eine Idee sofort einem validen Test unterziehen.\nKristian Köhntopp wird euch sicher gerne näheres dazu vermitteln können.\nKann ich. :-) Und Christian Buggedei macht noch auf eine weitere Sache aufmerksam: Niedrige Preise machen experimentierfreudiger.\nUnd in den Laden gehen, aussuchen, bezahlen? Mache ich und all die anderen anonymen Amazoniker schon seit langem nicht mehr. Stattdessen bauen wir auf die vielfältigen Empfehlungsnetzwerke, die wir uns aufgebaut haben und surfen dann den ebookshop oder den legalen Downloadbereich unseres Vertrauens an. Dass die Investition von nicht mal eine Handvoll Dollar in ein eBook weniger schmerzhaft als die 30 Euro für ein schön gebundenes Hardcover ist, tut sein übriges: Man wird wesentlich experimentierfreudiger, selbst wenn es sich um augenscheinlich eher unbekannte Autoren handelt.\nUnd langsam scheint auch Andreas Eschbach das Ausmaß der Veränderung zu begreifen:\n»Aber Leute mit guten Inhalten und ein wenig Fanpflege bei der Stange zu halten? Das funktioniert prächtig. Nicht von selbst, nicht ohne da ein wenig Zeit zu investieren, aber es funktioniert.«\nVielleicht sieht so das Modell der Zukunft aus: Auf der einen Seite der Autor, der sich aufs Schreiben konzentriert, auf der anderen sein Internet-Manager, der die Fan-Basis pflegt, die beide alimentiert. Verlage gibt\u0026rsquo;s keine mehr, Buchhandlungen sind alle verschwunden, entlassene Buchhändler schreiben stattdessen Rezis in eigenen Blogs und in Social Networks (und leben von \u0026hellip; hmm, muss man noch klären), und das Feuilleton gibt\u0026rsquo;s auch nicht mehr, da die Zeitungen auch zugemacht haben.\nSchon ein wichtiger Schritt in die richtige Richtung. Christian Buggedei schiebt noch ein bischen:\nChange happens. Dreh doch mal kurz Deinen SF-Autor Hut mehr von Autor auf SF: Wir leben in interessanten Zeiten, wo wir der gesellschaftlichen Veränderung auf wirklich großer Ebene zusehen und sie beeinflussen können. Nur aufhalten können wir sie nicht.\nUnd ich hoffe, dass Du verstehst, dass eigentlich alle Teilnehmer hier in der Diskussion genuin daran interessiert sind, Autoren, Musikern, Filmemachern etc. Geld zukommen zu lassen. Wir sind auf Eurer Seite, haben nur andere Ansichten darüber, wie man das am besten bewerkstelligt. Und so gruselig finde ich das Autor - Internet-Manager Team übrigens gar nicht. Im Gegenteil: \u0026ldquo;Früher\u0026rdquo; hat der Künstler für seinen Mäzen gearbeitet, und war dessen Launen ausgeliefert. Heute ist man an den Verlag gebunden, der dann sicherlich auch häufig gern mal \u0026ldquo;hilfreiche\u0026rdquo; Anregungen dazu gibt, was man denn als nächstes machen \u0026ldquo;sollte\u0026rdquo;.\nIn Zukunft kann man sich vielleicht über die globalen Netzwerke direkt an das Nischenpublikum wenden, dass einen für genau das liebt, was man macht - ohne Kompromisse eingehen zu müssen.\nhttp://bit.ly/shut-up-and-take-my-money Und Andreas Eschbach dreht seinen Hut und fragt weiter:\nMal abgesehen von den Künstlern: Die Prognose für den Buchhandel im speziellen und den Einzelhandel im allgemeinen sind schlecht, oder? Gibt\u0026rsquo;s irgendwelche Ideen, wie Leute, die bislang in diesen Branchen gearbeitet haben, künftig das Geld verdienen werden, mit dem sie (abgesehen von Miete, Heizung, Lebensmitteln usw.) per Crowdsourcing Kunst unterstützen können?\nIch zücke mein Blog, denn ich habe da schon mal was vorbereitet. Es zitiert übrigens Eschbach:\nAxel Eble - Ich verweise hier wieder mal auf Götz Werner und das Bedingungslose Grundeinkommen. Kristian Köhntopp - Zum Thema BGE, wo das Geld herkommen könnte und was das mit Andreas Eschbach zu tun hat, siehe auch The pursuit of happiness .\nArbeit leisten bei uns seit 1980 oder so im wesentlichen Maschinen. Ihre Erträge werden effektiv kaum besteuert.\nDieses Geld, das bei Arbeitslöhnen in den gesellschaftlichen Umlauf geraten wäre, liegt nun bei einigen wenigen fest.\nDas BGE, und zu seiner Finanzierung eine entsprechende Besteuerung von Unternehmensgewinnen aus Maschinenarbeit, die einer Lohnsteuer vergleichbar (und genau so wenig entkommbar) ist, wären ein brauchbarer Mechanismus, um den GINI Index in sinnvolle Bereiche zurück zu drücken und so unsere Gesellschaft als Solidargemeinschaft zu stabilisieren - und das wäre auch und gerade für die Besitzenden von großem Wert.\nHeiko Harthun greift den Gedanken mit der weiter reichenden Transformation auf - die Veränderung ergreift ja nicht nur Buch- und Einzelhändler, sondern jede Form von kommerziellem Austausch. Er schreibt:\nSupermärkte: http://www.kochhaus.de/ Zutaten sind nach Rezepten sortiert, es gibt Bildtafeln mit der Rezeptanleitung zu kaufen oder per Download im Internet. Die Zutaten können auch per Internet, zur Lieferung, bestellt werden. Geniales Konzept, dass ich in Berlin vielen leuten empfohlen habe, die behauptet haben nicht kochen zu können.\nBuchhandel/Künstler: Ebay, Amazon und Dawanda sind Plattformen, die es Mikro- und Makrohändlern unglaublich einfach machen, ihre Kunden zu erreichen.\nhttp://www.massivum.de ist ein Möbelhandel, der sowohl Verkaufhäuser hat, einen Webshop, als auch einen Ebay- und Amazonshop. Das geniale an deren Konzept ist, sie verteilen Ihre Angebote (einigermassen) Zielpublikumsgerecht. Auf Ebay finden sich andere Angebote als bei Amazon.\nhttp://storytude.com/ http://www.eichelschwein.de http://www.meinekleinefarm.org http://prinzessinnengarten.net Ich höre jetzt besser auf, sonst wird das hier noch seitenlang. Der Punkt ist jedenfalls, dass es eine Unmenge an Ideen und Geschäftsmodellen gibt, die den herkömmlichen Einzelhandel aufbrechen und eben mit der Veränderung gehen und daran partizipieren.\nBemerkenswert. Autoren und Kunden in einem Thread um eines der emotionalsten Themen in dieser Konstellation, und alle bleiben über mehr als 100 Beiträge bei der Sache, und es wird Fortschritt in der Diskussion erzielt. Am Ende sind sogar sich annähernde Positionen erkennbar.\nDanke, Google Plus.\n","date":"2012-03-09T00:00:00Z","href":"https://blog.koehntopp.info/2012/03/09/sam-spielt-es-noch-einmal-das-lied-vom-urheberrecht.html","tags":["copyright","internet","media","piraten","lang_de"],"title":"Sam spielt es noch einmal: Das Lied vom Urheberrecht"},{"categories":null,"content":" Teatro di Marcello , Rom\nDas auf dem Bild da ist das Theater des Marcellus, in Rom. Das Foto habe ich Anfang 2006 aufgenommen, als ich dienstlich bei einem Kunden ganz in der Nähe war.\nDas Marcellustheater ist nach Marcus Marcellus benannt, einem Neffen von Kaiser Augustus, und wurde so um 13 vor Christus fertig gestellt. Es ist später verfallen, dann im Mittelalter als Festung genutzt worden, im 16. Jahrhundert dann in eine Palastresidenz umgewandelt worden. Heute besteht der obere Teil aus einer Reihe von Appartments und unten werden im Sommer diverse Konzerte aufgeführt.\nBei der Ausbildung von Software-Ingenieuren, und wahrscheinlich auch bei der Ausbildung von Architekten, machen wir jungen Leuten falsche Hoffnungen. Bei den Software-Ingenieuren bin ich mir sogar ziemlich sicher.\nWir erzählen diesen Leuten an der Uni, daß sie Technik zum Ausprobieren bekommen werden oder Wahlfreiheit haben werden in den Mitteln und Methoden, die sie einsetzen werden. Und wir machen Ihnen Hoffnung, daß sie neuen Code schreiben werden. Später, wenn diese Personen von der Uni abgehen, landen sie in einer Umgebung, die erstens eine Technik und die Best Practice zu ihrem Einsatz genau definiert und die zweitens einen Haufen existierenden Code hat, der läuft und Geld verdient, aber der zu verändern oder zu erweitern ist.\nDas erzeugt bei diesen Menschen enorme Umstellungsprobleme, denn sie kommen mit vollkommen falschen Erwartungshaltungen in den Beruf, ja, in vielen Fällen fehlen ihnen sogar Methodiken, die für das Überleben im ersten Job essentiell sind.\nDarum will ich es hier einmal ganz offen sagen:\nJunger Informatiker, hoffnungsvolle Uni-Abgängerin!\nHier ist, was Dich in Deinem Beruf erwartet:\nDu wirst mit altem Code zu tun haben, der offensichtliche Schwächen hat. Du wirst mit Werkzeugen und Umgebungen arbeiten müssen, die Deiner Meinung nach nicht Stand der Technik sind. Eine Deiner Hauptaufgaben wird sein, den alten Code zu refaktorieren. Dabei wird die Zeit nicht reichen, diese Aufgabe zu Ende zu führen. Du wirst die Versuchung verspüren, den alten Kram wegzuwerfen und auf der grünen Wiese neu anzufangen.\nDie schlechte Nachricht:\nWeder wirst Du jemals auf der grünen Wiese neu anfangen dürfen, noch würde es viel helfen, das zu tun. Der komplizierte Code-Wirrwarr, mit dem Du es zu tun hast, ist häßlich und besteht aus einem Haufen ekeliger Sonderfälle. Wenn Du auf der grünen Wiese neu anfängst, wirst Du ein Design haben, das die Hauptfälle in einem schönen Modell abdeckt, und an den Sonderfällen umfassend versagt.\nDu wirst sie schrittweise nachrüsten wollen, und Du endest mit einem Drahtverhau von vergleichbarer Komplexität zu dem, den Du jetzt hast. Das ist normal. Denn der Code, mit dem Du es zu tun hast, wurde wahrscheinlich nicht von sabbernden Idioten geschrieben, sondern von Leuten wie Dir, und er war am Anfang genau wie Dein Code: Klar und einfach.\nDann traf er auf eine Realität, die alles ist, aber weder klar noch einfach. Heute ist er ein halbwegs korrektes Modell der Realität. Und weit mehr als die Hälfte des unübersichtlichen Designs mit dem Du es zu tun hast, ist wahrscheinlich nicht auf die Unfähigkeit Deiner Vorgänger zurück zu führen, sondern auf die Tatsache, daß die Realität nun einmal leider eine Ansammlung von häßlichen Ausnahmen ist, die alle mit modelliert sein wollen.\nDie gute Nachricht:\nEs ist gar nicht notwendig, schönen Code zu bauen. Anders als Dein Universitätsprofessor verlangt Dein Arbeitgeber nicht, daß Dein Code minimal, elegant, beweisbar oder sonstwie ist. Das einzige Kriterium ist, ob er den Job getan bekommt. Genau genommen ist das Kriterium sogar, ob er den Job gut genug getan bekommt. Sobald die Kosten in zusätzlicher Hardware, Kundensupport oder manueller Nachbearbeitung geringer sind, als die Arbeitszeit, die Dein Team benötigt, um die letzten Warzen abzuschaben, wirst Du aufhören können. Sogar müssen, denn Du bist nicht mehr rentabel und Deine Arbeit dient keinem betrieblichen Ziel.\nDie schlechte Nachricht, die daraus folgt:\nBefriedigung in gutem Handwerk zu finden wird für Dich vermutlich schwierig, denn gutes Handwerk ist illegal. Befriedigung in Closure zu finden, darin, Sachen wirklich ganz und gar zu Ende zu bringen, full circle zu kommen, wird auch schwierig. Denn das ist vermutlich auch illegal, und es wird keine Zeit dafür sein, denn so eine Pickliste mit Aufgaben ist nach unten offen. Du wirst stattdessen vermutlich Gutes im Vorbeigehen tun müssen, also hier in diesem oder jenem Projekt einen Teil mit anfassen müssen, der eigentlich nicht strikt hätte angefaßt werden müssen, es aber verdient hat und außerdem waren ja noch Stunden übrig.\nDie frustrierende Nachricht:\nBei vielem Code, den Du schreibst, wird Deinen Auftraggebern am Anfang noch nicht klar sein, ob das, was der Code machen wird, am Ende das Geschäftsmodell tatsächlich verbessern wird. Du weißt aus dem Open Source Umfeld schon, daß die goldene Regel lautet: Release Early, Release Often! .\nDu solltest Dir vor Augen führen, daß das nicht nur für Dich und Dein Scrum-Team gilt, sondern auch für Deinen Product Owner: In den weitaus meisten Fällen hat er keine Ahnung, ob seine Idee gut für die Firma ist oder sich am Ende schädlich auswirken wird. Wenn das der Fall ist, ist die einzig logische Aktivität, diesen Code wieder aus der Produktion zu nehmen und zu verschrotten - Du hast dann für den Papierkorb entwickelt.\nDaher ist es wichtig, viele Ideen eines PO erst einmal sehr roh zu implementieren und dann in der Realität zu testen, ob sie überhaupt auf der Business-Ebene funktionieren. Erst dann, wenn sicher gestellt ist, daß Code business-positive ist, lohnt es überhaupt, die Sache noch einmal zu reimplementieren oder refaktorieren auf eine Weise, die den Ansprüchen eines ausgebildeten Informatikers würdig ist. Weit mehr als 90% der Ideen Deines PO sind blöder Scheiß und verdienen den Tod durch Patch Revert. Es lohnt also nicht, große architekturelle Zuckerbäckereien auszuarbeiten, solange nicht bekannt ist, ob die Idee dahinter überhaupt in der Lage ist, den Lohn für Dich und Dein Team zu verdienen.\nIn dieser Phase - dem experimentellen Verifizieren der Requirements - ist die einzige Metrik, wie viele Ideen und Varianten in möglichst kurzer Zeit Dein Team released bekommt, egal wie schlecht, ineffizient oder kaputt Dein Code ist. Erst später, wenn Dein PO nicht nur glaubt zu wissen, was er will, sondern belastbare Zahlen hat, die beweisen, daß das was er will auch von der Firma gewollt werden kann, erst dann kannst Du Deine Ingeniersausbildung auspacken und sauber arbeiten.\nSo, jetzt ist es heraus.\nEine der Aufgaben, die eine Firma lösen muß, wenn sie junge Informatikerinnen und Uni-Abgänger einstellt, ist sie zu deprogrammieren. Ihnen die Flausen aus dem Kopf zu pusten, die ihnen das Uni-Studium in den Kopf gesetzt hat. Sie mit den Realitäten der Welt vertraut zu machen. Und sie zu lehren, daß so wenig wie die wenigsten Städteplaner und Landschaftsarchitekten mit einem leeren Plan anfangen können, die wenigsten Softwarearchitekten und Entwickler mit einem leeren Editor starten.\nHier sind die wichtigsten Fähigkeiten für einen Softwareentwickler:\nMan kann ihn mit einer Bugnummer über unbekannten Code abwerfen, und auf dem Weg nach unten erkennt er schon im Flug, was da kaputt ist. Wenn er gelandet ist, klärt er den Bug und während der Exfiltration macht er die Gegend um seinen Weg nach draußen auch noch schön. Er kann existierenden Code zu umbauen, daß der Code nach der Operation schöner, schneller und funktionaler ist als vorher und die neuen Anforderungen erfüllt. Dabei ist während jeder einzigen Sekunde der Umbauphase (jeder Zwischencommit und jedes Zwischenrollout) in sich lauffähig und korrekt, und die Datenformate sind kompatibel, sodaß keine Betriebsunterbrechung für den Endnutzer sichtbar wird und man geschmeidig zwischen den Versionen vor und zurück rollen kann. Er akzeptiert, daß Code ein Modell der Welt ist und daß sie Welt nicht schön, elegant oder minimal ist, sondern dreckig, irregulär und überkomplex. Und er kommt damit klar. Das Bild von dem Teatro di Marcello da oben illustriert das ganz gut.\nGebaut vor mehr 2000 Jahren zu einem ganz anderen Zweck, ist es aufgelassen, umgebaut, umgewidmet, modernisiert, renoviert und restauriert worden, und wurde die meiste Zeit seiner Lebensdauer von Leuten genutzt. Nichts an diesem Gebäude ist so wie es sein soll, nichts an diesem Gebäude wird so genutzt wie es einmal geplant war. Nichts an der Stadt in der es steht ist so.\nDennoch ist dieser Ort voller Menschen, die dort leben und sich dort wohl fühlen.\nInformatik ist genau so.\n(Weil towo danach gefragt hat)\n","date":"2012-03-06T00:00:00Z","href":"https://blog.koehntopp.info/2012/03/06/architektur-hei-t-umbauen.html","tags":["computer","development","software","lang_de"],"title":"Architektur heißt umbauen"},{"categories":null,"content":" Netzpolitik.org weist auf das Positionspapier \u0026ldquo;Eckpunkte für eine Novelle des Jugendmedienstaatsvertrags \u0026rdquo; (PDF) der CDU hin. Dort findet man die Idee, neben den bekannten Kennzeichnungen der Altersstufen \u0026ldquo;6\u0026rdquo;, \u0026ldquo;12\u0026rdquo;, \u0026ldquo;16\u0026rdquo; und \u0026ldquo;18\u0026rdquo; eine weitere aufzunehmen: \u0026ldquo;B\u0026rdquo; für Blogs.\nBei netzpolitik.org findet man das lustig, aber der Hintergrund ist ernst. Zum besseren Verständnis hier noch einmal der Verweis auf Unerwünschte Freiheiten von Holger Bleich bei der c\u0026rsquo;t, um die Interessenlage der Player in Erinnerung zu rufen.\nDie Idee des \u0026ldquo;Kennzeichen /b/\u0026rdquo; ist eine direkte Folge des besonderen Schutzes der Familie und der Jugend im Grundgesetz, also der Verpflichung des Staates zum Jugendschutz vs. den Willen eine Pornoindustrie haben zu wollen.\nIn Lang: Die Verpflichtung zum Jugendschutz ergibt sich in Deutschland aus dem Grundgesetz und ist nicht leicht \u0026ldquo;weg\u0026rdquo; zu bekommen. Der Staat muß sie also erfüllen, oder ihre Erfüllung glaubwürdig simulieren. Er tut das mit dem Jugendschutzgesetz, dem Jugendmedienschutz-Staatsvertrag und einigen anderen Dingen.\nIm Internet gibt es nun eine Reihe von Firmen, die auch Inhalte von Deutschland aus publizieren wollen, die nach dem Jugendschutzgesetz, dem Staatsvertrag etc jugendgefährdend sind. Damit diese Anbieter auch von Deutschland aus operieren können (und damit auch in Deutschland steuerpflichtig sind!), muß der Staat eine Möglichkeit schaffen, daß sie das können, ohne daß er seine grundgesetzliche Verpflichtung zum Jugendschutz verletzt.\nDas hat er mit dem neuen Jugendmedienschutzstaatsvertrag versucht, ist aber an den Eigenschaften des Mediums Internet gescheitert. Denn während in traditionellen Medien Anbieter von Inhalten kommerziell sind, und daher ein Interesse haben, sich dieser Regulierung zu unterwerfen und ein möglichst niedriges, gerade noch zulässiges Rating zu erwerben, um ein möglichst großes Publikum zu erreichen, ist dies im Internet nicht mehr der Fall.\nHier haben nichtkommerzielle Anbieter (unter anderem die genannten Blogs) das Interesse daran, möglichst kostengünstig rechtssicher zu agieren. Und wenn das bedeutet \u0026ldquo;Kinder müssen draußen bleiben\u0026rdquo;, dann bevorzugen sie eben dieses Rating. Nicht im Sinne der Jugendschützer.\nDiese Disparität zwischen kommerziellen und nichtkommerziellen Anbietern killt den Regulierungsmechanismus und der Versuch des neuen Staatsvertrages ist daran gestorben.\nDie Marke /b/ ist der Versuch, einen Ausweg zu finden und den kommerziellen deutschen Pornoanbietern endlich einen Weg ins Netz zu bauen, der gangbar ist, ohne vom nichtkommerziellen \u0026ldquo;Ich will doch nur ein Blog betreiben\u0026rdquo;-Netz einen Shitstorm ins Gesicht geblasen zu bekommen.\n","date":"2012-03-05T00:00:00Z","href":"https://blog.koehntopp.info/2012/03/05/b-wie-verzweiflung.html","tags":["internet","jugendschutz","media","politik","lang_de"],"title":"/b/ wie \"Verzweiflung\""},{"categories":null,"content":"Der folgende Text entstand aus einigen Zeilen, die ich zwischen Tür und Angel in #spackeria abgeworfen habe, und die von Jürgen Geuter und Sven Türpe aufgearbeitet worden sind. Er ist noch nicht ganz fertig, und an einigen Stellen sind Brüche drin, aber nachdem wir da in den letzten paar Tagen nicht haben weiter arbeiten können, hau ich den aktuellen Stand mit allen seinen Schwächen einfach mal hier ins Blog bevor uns der Text weg gammelt.\n\u0026ldquo;Wieso wir uns veröffentlichen\u0026rdquo; oder warum Menschen \u0026ldquo;so dumm sind\u0026rdquo; und \u0026ldquo;ihre Daten\u0026rdquo; Facebook und Google geben, obwohl jeder(tm) weiß, dass \u0026ldquo;sie\u0026rdquo; nur Böses im Schilde führen:\nEine der am meisten Energie kostenden Tätigkeiten im Leben ist es, Menschen zu finden, die meine Überlegungen bestätigen, ausbauen, reflektieren, freundlich hinterfragen und korrigieren. Menschen, die uns nahe genug sind, dass sie mit uns elementare Grundsätze teilen und dass sie unsere Probleme und Überlegungen verstehen können, die andererseits uns fremd genug sind, dass sie uns zum weiter denken inspirieren und uns mit neuen Ideen konfrontieren.\nSoziale Netzwerke im Internet sind dabei ein verhältnismässig neues Instrument, aber keineswegs eine komplette Neuentwicklung. Vor der Etablierung des Internets im Alltag spielten - neben der Familie - lokal ausgerichtete Gruppen wie Vereine, Interessensverbände oder sich lose über Kleinanzeigen oder bei Veranstaltungen bildende Gruppen die dominante Rolle bei der Erzeugung von Kommunikationsräumen.\nDas Internet in seiner reinen Form kennt keine Regionen: Gefühlt ist die Verbindung in die USA oft kaum von einer nach Deutschland oder Indien unterscheidbar. Soziale Netze im Internet erben diese Eigenschaft und so ist man bei der Findung von interessanten Kommunikationspartnern nicht mehr durch regionale Einschränkungen gegängelt: Die potentialen Kommunikationspartner sind die ganze (Zugang zum Netz habende) Menschheit. Das gruppierende Element ist nicht länger die Region oder das Land, es ist das Thema.\nEine solche Gruppe kann dabei thematisch eng gefaßt aufgestellt sein (\u0026ldquo;Benutzer des Binford 6000\u0026rdquo;), ein großes und komplexes Anliegen haben (\u0026ldquo;S21\u0026rdquo;) oder gar bis an eine Subkultur heranreichen (\u0026ldquo;Piratenpartei\u0026rdquo;). Wie sich allerdings zeigt sind die Gruppen, die sich über soziale Netzwerke konstituieren nicht \u0026ldquo;fertig\u0026rdquo;, nicht \u0026ldquo;abgeschlossen\u0026rdquo;, sondern tendieren ganz klar dazu, größer werden zu wollen, mehr \u0026ldquo;Anhänger\u0026rdquo; zu finden und dadurch auch mehr themenbezogene Impulse für alle Gruppenangehörigen zu generieren.\nDoch damit das gesamte System funktionieren kann, muß das einzelne Individuum dem Netz Informationen über sich bereitstellen. Neben simplen Fakten wie \u0026ldquo;Ich bin Binford 6000 User\u0026rdquo;, ein \u0026ldquo;S21 Gegner/Unterstützer\u0026rdquo;, ein \u0026ldquo;Pirat\u0026rdquo;, die zusammengesetzt natürlich ein gewisses Bild einer Person vermitteln, erlauben es persönliche Meinungsäußerungen wie \u0026ldquo;Ich finde ja, dass $ÖffentlichePerson im Fall $Dingsi Mist gebaut hat\u0026rdquo; oder auch klar abgebildete Beziehungen zwischen Menschen eine deutlich bessere Einschätzung einer bisher fremden Person zu machen: Aus größeren Überschneidungen im Bekanntenkreis, kann beispielsweise sehr oft eine gewisse Kompatibilität abgeleitet werden (oder wenns genau die nervigen Bekannten sind auch ein Hinweis auf wahrscheinliche Inkompatibilität).\nDiese Einschätzungen sind zentral für das Knüpfen neuer sozialer Bindungen und hier spielen internetbasierte soziale Netzwerke aufgrund ihrer expliziten Daten ihre Stärke in Form von Effizienz aus. Füttere ich ein Soziales Netzwerk nur ein wenig an, wird es sehr schnell in der Lage sein, mir meist durchaus relevante Vorschläge für neue Kontakte und Themengruppen zu machen. Kommunikation und Austausch zwischen den Mitgliedern tun dann ein übriges, und schnell hat man die Kontakte zum gewünschten Thema, die man gesucht hat.\nUnd genau deshalb \u0026ldquo;enthüllen\u0026rdquo; sich so viele Menschen auf Twitter, Facebook, Google+, Path oder sonstwo: Sie machen sich sichtbar, findbar. Um im Rückschluss selber relevantes zu finden.\nDas kostet Vertrauen. Vertrauen in unsere Mitmenschen, in Plattformbetreiber und manchmal sogar in den Staat (auf den wir gut aufpassen, damit er\u0026rsquo;s nicht missbraucht). Doch dieses Vertrauen ist nicht verschenkt, denn es hilft anderen, uns zu vertrauen. Vertrauen vereinfacht die soziale Interaktion. Dadurch, dass wir unsere Vorlieben, Ängste und Anliegen veröffentlichen, erlauben wir es anderen uns nahe zu kommen - und hoffen zugleich, dass die, die uns nahe kommen, Personen sind, an denen wir wachsen können, dass sie Leute sind, die unser Leben bereichern. Das ist technisch gesehen eine Filterblase, aber vor allem ist es eine massive Kooperationserleichterung.\nDie Filterblase erweist sich bei näherer Betrachtung als strukturiert, vielfältig und durchdringlich. Jeder von uns steckt nicht in einer Blase, sondern in mehreren, und in jeder Blase finden wir Menschen mit eigenem Profil. Feste Wände gibt es nicht, im Gegenteil. Wir hören von und kommunizieren mit wildfremden Menschen - wenn es für ihr Thema einen Weg durch unser soziales Netz gibt. Unsere Kontakte sind dabei keine Filter, sondern Verstärker. Aus dem Rauschen der Welt extrahieren sie ein Signal. Wir wissen nicht, wie wir selbst nach diesem Signal suchen sollten, wir können es nicht beschreiben. Aber wenn wir es sehen, wissen wir, dass es uns interessiert.\nDie Erfahrung gibt der Mehrzahl von uns in den meisten Fällen Recht: Wir sparen durch die Veröffentlichung eine Menge Zeit und Energie, und wir bekommen mehr vom Netz zurück als wir dort hineinstecken: Mehr und vielfältigere Kontakte überall auf dem Globus, mehr Input und eine buntere und hoffentlich tolerantere Sicht auf die Welt. Menschen sind also keineswegs \u0026ldquo;dumm\u0026rdquo;, wenn sie in soziale Netzwerke publizieren, sie bewerten den Nutzen dieser schlicht und ergreifend als höher als die potentiellen Gefahren. Sie interessiert nicht, wer ihre Daten hat, sondern was damit geschieht.\nVielleicht verlieren wir Kontrolle über manches. Wir gewinnen aber auch Unabhängigkeit. Die Bestandsdaten unserer sozialen Beziehungen sind nicht in den CRM-Systemen unserer Ex-Arbeitgeber vergraben und vor unbefugtem, d.h. unserem Zugriff geschützt, sondern sie sind in Plattformen repräsentiert, die wir uns ausgesucht haben. Das nivelliert die Machtverhältnisse: wenn eine Plattform sytematisch Mist baut, ziehen wir um.\nWir geben auch nicht unsere Privatsphäre auf. Soziale Netze sind (halb-)öffentliche Räume. Wir bewegen uns dort, wie wir es vor einer Generation im Sportverein oder am Stammtisch getan hättten: wir verraten nicht alles über uns, aber wir verstecken uns auch nicht vor der Welt.\n","date":"2012-03-03T00:00:00Z","href":"https://blog.koehntopp.info/2012/03/03/wieso-wir-uns-veroeffentlichen.html","tags":["google","social networking","spackeria","privacy","lang_de"],"title":"Wieso wir uns veröffentlichen"},{"categories":null,"content":"Unser Innenminister diskutiert das \u0026ldquo;Recht auf Vergessen \u0026rdquo; im Spiegel Online und benutzt dort wieder Worte komisch. Ich habe das in Vergeben, vergessen und vernichten schon mal angesprochen.\nDie entsprechenden Diskussion auf Google Plus war interessant, denn der Text erschien einem Teilnehmer dort als \u0026rsquo;erstaunlich reflektierter Text'.\nIch teile diese Ansicht und zugleich auch nicht, denn es ist der Sprachgebrauch von \u0026ldquo;Vergessen\u0026rdquo;, der hier die Sicht auf die Dinge verstellt.\nJa, Friedrichs Gedanken sind sinnvoll in dem Sinne, daß ein \u0026ldquo;Recht auf Vergessen\u0026rdquo; so wie es zuvor in der Politik diskutiert worden ist, extrem schädlich wäre (denn inhaltlich war das ein Recht auf Vernichtung).\nNein, die Nomenklatur ist krude, siehe Vergeben, vergessen und vernichten .\nInhaltlich verlangt er nun in seinem Text eigentlich ein Recht auf Vergebung.\nDas ist aber auch Unsinn, denn Vergebung ist kein Recht, sondern eine - im Wortsinn - Gnade. Sie wird gewährt, nicht gefordert.\nAm Ende landet man bei Eric Schmidt :\nDuring an interview which aired on December 3, 2009, on the CNBC documentary \u0026ldquo;Inside the Mind of Google\u0026rdquo;, Schmidt was asked, \u0026ldquo;People are treating Google like their most trusted friend. Should they be?\u0026rdquo;\nHis reply was: \u0026ldquo;I think judgment matters. If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place, but if you really need that kind of privacy, the reality is that search engines including Google do retain this information for some time, and it’s important to remember, for example, that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities.\u0026rdquo;\nMan beachte die Hervorhebung - das ist der Teil, der normalerweise zitiert wird. Der größere Kontext ist hier zur korrekten Interpretation zwingend notwendig.\nDennoch ist es von dort nur ein kleiner Schritt zur Spackeria , die im wesentlichen sagt:\nDie Welt ist so, das ist eine Eigenschaft der Technik und Gesetze werden da nur kosmetisch was dran tun. Jeder wird mal was tun, \u0026ldquo;that they shouldn\u0026rsquo;t be doing in the first place\u0026rdquo; und daher werden wir alle gut daran tun, zu lernen, zu vergeben und anzuerkennen, daß wir alle lernen und uns weiter entwickeln und das Netz das zum Teil ungewollt dokumentiert. Auch Friedrich wird am Ende dort landen, ist aber zumindest öffentlich noch nicht so weit, d.h. sein Publikum ist definitiv noch nicht so weit.\nIch formuliere es in dem Text zur Spackeria so:\nAuf eine Weise ist das genau der Punkt, bei dem es um radikale gegenseitige Transparenz vs. radikale Privacy geht. Die einen sagen: \u0026ldquo;Indem wir alle gegenseitig Offenlegen, haben wir die Möglichkeit zu erkennen, daß wir alle nicht immer perfekt sind, und wir haben die Wahl, daran entweder zu wachsen und bessere Menschen zu werden, oder zu lernen einander zu vergeben.\u0026rdquo; (Das ist Schmidt)\nDie anderen sagen: \u0026ldquo;Das ist eine gefährliche Utopie und mir zu risikoreich, ich will da nicht mitmachen.\u0026rdquo; (Das sind die, die sich über Schmidt aufregen)\nUnd die Technik sagt: \u0026ldquo;Ich funktionier halt so, ihr könnt gerne unrealistische Annahmen machen, mir egal. Das tut es halt mehr weh, wenn ihr lernt.\u0026rdquo; (Das ist McNealy)\nInsofern halte ich mich aus der Diskussion raus - McNealy hat Recht, und es ist nicht notwendig, ungefragt viel dazu zu sagen, wenn ich schon vorher sehen kann, welche Erfahrungen alle im Laufe der Zeit machen werden.\nUnd lebe mein Spacko-Leben: Ich persönlich habe auch mein ganzes Leben lang sehr positive Erfahrungen damit gemacht, mich zu publizieren.\nMir ist klar, daß ich als jemand, der von der Arbeit mit Technik lebt, nicht umhin kann, eine kilometerbreite Datenspur über diesen Planeten zu legen, wenn ich in der Lage sein will, meinen Job gut zu machen. Das Beste, was ich tun kann, ist das Highlight auf diesen Daten so zu setzen und die Interpretationen meiner Daten anzulegen, daß sie ein positives Licht auf mich als Person werfen.\nIn diesem Sinne bin ich ein Post-Privacy-Spacko. Schon immer gewesen: auch dann, wenn ich mich nicht an der Diskussion beteilige und auch damals, als es den Begriff noch nicht gab, habe ich wie einer gelebt - leben müssen. Und halte Popcorn bereit.\nund stelle fest, daß Friedrich da eben einen großen Schritt in die vorhergesagte Richtung getan hat.\n","date":"2012-03-01T00:00:00Z","href":"https://blog.koehntopp.info/2012/03/01/recht-auf-vergeben.html","tags":["internet","privacy","security","spackeria","lang_de"],"title":"Recht auf Vergeben"},{"categories":null,"content":"Metagame , 5.49 EUR, 422 Seiten in der gedruckten Fassung.\nLetzten Monat gab es den Kindle-Deal des Tages für Metagame von Sam Landstrom.\nEine SciFi-Geschichte in einem nachhaltigen Universum voller Bioengineering. Die Menschheit auf die harte Weise gelernt, daß sie nicht weiter wachsen und nach belieben Energie verbrauchen kann: Nach einigen biologischen Katastrophen hat die Restbevölkerung eine Gesellschaft erschaffen, die nach den Regeln \u0026ldquo;Des Spiels\u0026rdquo; lebt. Jede Tätigkeit im Leben ist Teil Des Spiels, entweder ein Grinder Game, also als Spiel verpackte Arbeit, oder ein Spank Game, also ein Zeitvertreib, der Menschen davon abhält, aus Langeweile Unheil anzurichten (Die Geschichte enthält einige Backreferenzen auf einen 17-jährigen Jungen, der aus Langeweile mit einem Bioengineering Kit einen Virus erschaffen hat, der dann mal grad 1/4 der Weltbevölkerung ausgelöscht hat). Arbiter des Spiels ist eine KI, plus einige selbstreferentielle Mechanismen, die die Arbeitsweise der KI verändern können - auf eine Weise kann man MetaGame auch als \u0026ldquo;Daemon/Freedom 200 Jahre später\u0026rdquo; lesen und auffassen.\nIn der Geschichte wird eine Gruppe aus wirtschaftlich Unabhängigen (\u0026ldquo;Adeligen\u0026rdquo;) und regulären Spielern sowie einige menschenähnliche genengineerte Kreaturen zusammengewürfelt und gerät in ein Metaspiel - in dieser Partie spielt man verschiedene Aspekte des Spiels \u0026ldquo;Polizei und Gesetzesdurchsetzung\u0026rdquo; auf beiden Seiten des Gesetzes durch, und nicht alle überleben. Die Spielsicht auf hoheitliche Funktionen eines Gemeinwesens birgt dabei eine ganze Menge für den Leser überraschende Einsichten.\nWas für ein Metaspiel das ist, und wieso es stattfinden muß wird im Laufe der Geschichte klar - Metagames sind Spiele, in denen die KI prüft, ob die Regeln Des Spiels noch angemessen und der sich verändernden Gesellschaft entsprechend sind und diese gegebenenfalls anpaßt. Faßt man MetaGame als Fortsetzung von Daemon/Freedom auf, bietet Sam Landstrom eine Perspektive, wie die von Daniel Suarez geschaffene menschliche Gesellschaft trotz ihres nichtmenschlichen Arbiters menschlich und flexibel und damit auch stabil bleiben kann.\n","date":"2012-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2012/02/28/fertig-gelesen-metagame.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: Metagame"},{"categories":null,"content":" Neu in Google Maps: Leaderboard, bei dem man um Checkin-Punkte kämpfen kann.\nWenn man auf so ein Management-Simulationsseminar geht, dann haben die da gerne so Rollenspiele zum Einüben des Gesagten. Vor einigen Jahren haben sie uns kurz vor Schluß einer solchen Veranstaltung die Aufgabe gegeben, einen Jahresbonus auf Mitarbeiter zu verteilen. Es gab also einen Topf, der war kleiner als \u0026rsquo;letztes Jahr\u0026rsquo;, und wir hatten alle \u0026lsquo;Mitarbeiter\u0026rsquo;, komplett mit einer Hintergrundgeschichte, persönlichen Problemen und solchen Sachen.\nDann wurden wir zusammengesetzt und bekamen die Aufgabe \u0026ldquo;Dies ist die letzte Übung für heute. Teilt den Topf gemeinsam auf, legt dazu den Fall für Euren Mitarbeiter dar gemäß der Dinge, die wir heute gelernt haben und dann einigt Euch. Es muß eine Einigung geben bevor wir in die Kneipe gehen können, ihr habt 45 Minuten Zeit. Für 1 Euro/Minute könnt Ihr mehr Zeit kaufen.\u0026rdquo;\nSie hatten mich bei \u0026rsquo;letzte Übung\u0026rsquo; und \u0026lsquo;Kneipe\u0026rsquo;. Brillianter Scheiß.\nSchalten wir also mal die Suspension of Disbelief ab und analysieren die Situation: Es geht um nix, Missionsziel ist also \u0026lsquo;möglichst schnell in die Kneipe\u0026rsquo;:\nWir nehmen den Topf, teilen ihn in n gleiche Teile und sind fertig. Die erste Runde geht auf mich.\nLeider habe ich nicht mit meinen Mitspielern gerechnet. Die nahmen die Aufgabe ernst und wollten das jetzt ausdiskutieren. Nun gut. Das kann ich auch.\nIch nahm also den Vorjahres-Bonus meines \u0026lsquo;Mitarbeiters\u0026rsquo; und legte fest \u0026lsquo;Ich bekomme diese Summe.\u0026rsquo; Man wollte eine Begründung.\nIch lächelte, griff in die Tasche, zog ein dickes Bündel Geldscheine raus und legte sie auf den Tisch. \u0026lsquo;Ihr wolltet nicht in die Kneipe. Das Geld hier reicht bis 4 Uhr in der Früh und es bindet Euch alle inklusive der Referenten hier an den Tisch. Ihr könnt gleich einwilligen oder noch so lange warten bis wir es alle gemeinsam Scheiße finden und der Abend im Eimer ist. Aber ich werde meinen Standpunkt nicht ändern, sondern die Sache einfach aussitzen.\u0026rsquo;\n15 Minuten später saßen wir in der Kneipe.\nSinnlose Checkins zur Punktemaximierung.\nGamification is the use of game design techniques and mechanics to enhance non-games. Typically gamification applies to non-game applications and processes (also known as \u0026ldquo;funware\u0026rdquo;), in order to encourage people to adopt them, or to inflence how they are used. Gamification works by making technology more engaging, by encouraging users to engage in desired behaviors, by showing a path to mastery and autonomy, and by taking advantage of humans\u0026rsquo; psychological predisposition to engage in gaming.\nDas setzt natürlich voraus, daß die Anreize, die das Spiel gibt, und die tatsächlichen Missionsziele, die da als Spiel verpackt werden sollen, in irgendeiner Weise übereinstimmen oder übereinstimmend gemacht werden können.\nIn dem Beispiel oben sind eine ganze Reihe von Dingen kaputt: Mein Missionsziel (Kneipe!) stimmt ganz offensichtlich nicht mit dem Missionsziel der Referenten überein, die sich das Spielchen ausgedacht haben. Es geht außerdem im Spiel um nichts, während die Belohnung \u0026ldquo;Kneipe\u0026rdquo; sehr real ist.\nUnd man gibt einem Spieler realweltliche Kontrolle über das Spiel, indem man es an realweltliche Ressourcen bindet. Wenn einer nur genügend Kamikaze-Attitüde an den Tag legt kann er so das Spiel nach belieben manipulieren. Die Drohung alleine reicht aus, um den Spielausgang zu bestimmen.\nIn meinen Augen ist das ein zentraler Fehler aller Gamification-Ansätze, die ich bisher gesehen habe. In dem Moment, wo man Leute im Spiel hat, die die SoD abschalten und das Spiel nach den Spielregeln analysieren, statt seinen realweltlichen Zielen, die es verpacken soll, brechen diese Ansätze alle auseinander. Es kommt zur Einführung von Sonderregeln und am Ende zur Legalisierung der Willkürregel der Spielleitung (\u0026ldquo;Spielzüge, die offensichtlich zur Ausbeutung von Schwächen der Spielregeln gemacht werden, sind ungültig, auch wenn sie nach den Regeln legal sind.\u0026rdquo;).\nAm Ende artet das Ganze in eine Art NOMIC -Partie aus, weil in jeder Gamification die Ziele der realen Welt und der spielerischen Verpackung niemals perfekt übereinstimmen. In dem Moment wo man ernsthafte Spieler hat, die das Spiel gewinnen wollen, anstatt sich mit dem realweltlichen Problem dahinter zu beschäftigen, wird jedes dieser Spiele zu einer Partie Nomic degenerieren, weil die realweltlichen Interessen der Veranstalter und die Interessen der ernsthaften Spieler sich beißen. Regelanwälte diskutieren Grenzfälle, und erweitern die Regeln zu einem Komplex, der am Ende zu kompliziert ist, um noch Spaß zu machen. Oder man bekommt Munchkins im Spiel - Powergamer, die nach den Regeln optimieren und allen anderen den Spaß am Spiel nehmen (außer man spielt Munchkin , das genau das zum Spielprinzip erhebt).\nAm schnellsten degeneriert die Situation, wenn man Gamification auf Programmierer; Leute, die mal im Security-Bereich gearbeitet haben oder Politiker losläßt: Diese Leute sind darauf trainiert, Grenzfälle in Regelsystemen zu erkennen und gegebenenfalls auszunutzen.\nDas sieht man auch sehr schön am \u0026ldquo;Leaderboard\u0026rdquo;, das Google nun in Google Maps Checkins eingebaut hat. Dort bekommt man zwei Gummipunkte für den ersten Checkin an jedem Ort in der Woche, einen weiteren Punkt für jeden weiteren Checkin an einem Ort in einer Woche und drei Punkte für die Definition eines neuen Ortes.\nWas sind die Ziele von Google?\nWas wird passieren, wenn Personen ihren Score optimieren wollen?\nAnalysiere und diskutiere.\nRelated: Coffee is for closers »The gimmick of a sales contest, in which first prize is a Cadillac Eldorado, second prize, \u0026ldquo;a set of steak knives,\u0026rdquo; and third prize \u0026ldquo;you\u0026rsquo;re fired.\u0026quot;«\n","date":"2012-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2012/02/28/gamification.html","tags":["gaming","roleplay","lang_de"],"title":"Gamification"},{"categories":null,"content":"Damals, vor dem Internet und dem DSL, so um 1989 rum, da hatten wir Modems. Mail wurde mit UUCP (Unix-to-Unix CoPy) übertragen. Das heißt, man schrieb eine Mail, und diese wanderte als Kopierauftrag in das UUCP Spooldirectory des Systems. Dort wartete sie, bis der Rechner eine Modem-Wählverbindung aufgebaut hat (passierte so 1-3 mal am Tag) und wurde dann zum nächsten System entlang der Kette kopiert. Dort lag sie dann weiter, wartete auf die nächste Wählverbindung und so weiter, bis sie irgendwann auf dem Zielrechner angekommen war und dort lokal zugestellt wurde.\nDas war sehr schnell: Oft war Mail schon am Absendetag auf dem Zielsystem und wurde gelesen.\nBangaddressen Mailadressen sahen so aus: kriski!tpki!mcshh!thw (Thomas Wieske). Das ist ein sogenannter Bangpath, wegen der ganzen Ausrufezeichen (Bang Sign). Der Bangpath gab die Schritte zum Zielsystem an, die mußte man wissen, und die Adresse verkürzte sich mit jedem Schritt von links her. O.a. Adresse bezeichnet also eine Zustellung an den Rechner kriski, der die Mail dann (minus den kriski-Part) an tpki weiter kopierte, der sie an mcshh weiter kopiert hat, wo es einen lokalen User thw gab.\nMan kann auch im Kreis routen: kriski!tpki!mcshh!unido!tpki!kriski!kris - eine Mail an mich selber mit Umweg über mcshh in Hamburg und unido in Dortmund. Weil so was sinnlos ist und Geld kostet wurde so etwas nicht gerne gesehen. Außerdem nervt es natürlich, wenn man jeden Hopser der Mail selber in die Adresse rein froggern muß.\nAlso braucht man eine Notation für einen Verbindungsgraphen im Netz - \u0026ldquo;maps\u0026rdquo; und ein Programm, daß aus diesem Graphen einen minimalen Spannbaum berechnet, bei dem die Wurzel der eigene Systemknoten ist - \u0026ldquo;pathalias\u0026rdquo;.\nHolger Koepke fand nun einen Mapschnipsel des Systems tpki von 1990, mit einer Liste der Modems dran. In einem Mapschnipsel stehen auch die Links, also die Verbindungen zu den Nachbarknoten, mit Gewichten dran. Hier ein Mapschnipsel von 1991:\ntpki unido(DAILY+HIGH), smurf(DAILY+HIGH), abqhh(DAILY+HIGH), \u0026lt;ipkima\u0026gt;(DAILY+HIGH) Das Schreiben von Mapschnipseln ist eine Wissenschaft, die verloren gegangen ist: Je nachdem, welche Gewichte man seinen Links zugewiesen hat, hat man den Traffic von Dritten auf sich gezogen, die Mail Transit durch die eigene Kiste machen.\nSetzte ich zum Beispiel hier das Gewicht von unido und smurf auf DEMAND (Verbindung ist instantan, nach Bedarf), würden viele andere Leute ihre Mail mit der Sequenz ...!unido!tpki!smurf!... durch mich hindurch routen, weil das quasi ein Nullzeit-Transit ist, auch wenn es 3 Hops sind. Das kostet aber leider Geld, und daher will man das meist nicht. ipkima zum Beispiel hat sich dort oben mit den spitzen Klammern als Blatt ausgewiesen und Transit abgelehnt.\nManchen Leuten war das mit den Gewichten und den Konsequenzen nicht ganz klar - wenn jemand also seine frisch gebackene, arschteure X.25 Datex-P Verbindung hatte, und dann in der Map seinen Schnipsel stolz auf DEMAND gesetzt hat, hat er also erst mal allen Mailtransit in Deutschland und dann noch ein bischen auf sich gezogen. Das konnten gigantische Trafficmengen - einige hundert KB pro Tag! - sein und einen in kürzester Zeit ruinieren.\nTrailblazer Das Modem da in dem von Holger angesprochenen Artikel (\u0026ldquo;Der hatte ein Traiblazer, das hatte PEP!\u0026rdquo;) war ein ganz besonderes Teil, denn die Telebit Trailblazer waren eine Gruppe von Modems mit einer ganz wunderbaren Betriebsart.\n\u0026ldquo;Reguläre\u0026rdquo; Modems erzeugen ein Signal, indem sie Phase und Frequenz eines Signals ändern und so einen von 2, 4, 16 oder noch mehr Punkten in einem Phasen-Frequenzdiagramm ansteuern. Nach einer Weile wechselt das Signal und die nächste Bitkombination wird übertrag.\nBei 2400 Signalwechseln pro Sekunde (Baud) und 16 Punkten = 4 Bit pro Signal kann man 9600 Bit/s übertragen. Das ist V.32 zum Beispiel.\nIst die Leitung gestört, sieht das visuell so aus, als seien diese Punkte, die durch das Signal beschrieben werden, unscharf. Werden sie so unscharf, daß sie ineinanderlaufen, ist das Signal nicht mehr erkennbar und die Übertragung gestört. Das Modem muß dann auf eine langsamere Geschwindigkeit runterschalten (\u0026ldquo;Renegotiation\u0026rdquo;).\nDas bedeutet, daß das Modem einen Datenträgerton (\u0026ldquo;Carrier\u0026rdquo;) hat, der ein relativ breites Frequenzband (ideal den gesamten zur Verfügung stehenden Bereich) belegt. Gibt es in diesem Bereich Dämpfungen oder - schlimmer noch - eine Bandsperre oder Störung, etwa durch eine Schwebung, dann bricht die Verbindung ab. Auch dann, wenn eigentlich eine ganze Menge Restspektrum zur Verfügung stünde.\nDie Trailblazer, in Deutschland mit Telebimm-Zulassung als MDG-19k2 verkauft, waren nun Modems, die statt eines einzelnen schnellen und superbreiten Carriers sehr viele (512) Carrier gesendet haben, von denen jeder 0, 2, 4 oder 6 Bit überträgt und die sehr langsam wechseln (6 mal pro Sekunde).\n6 Baud sind so langsam, daß man sie hören kann - ein Telebit-Modem erzeugt ein sehr characteristisches Carrierwummern (\u0026ldquo;Wop Wop Wop Wop Wop Wop\u0026rdquo;). Und da die einzelnen Carrier sehr schmalbandig sind, kann man sie einzeln runter regeln oder abschalten, wenn es Probleme gibt.\nSchwebungen oder andere Bandsperren machen einem Telebit also nix aus: Man kann ohne Probleme mit einem Telebit einen gcc Source von Kiel nach Berlin Ost (Node \u0026ldquo;pericont\u0026rdquo;) und anders herum schaufeln, auf einer Leitung, auf der Schwebungen durch schlechte Richtfunkstrecken selbst Sprache schwer verständlich machen.\nBestes Modem der Welt - voll geländegängig und schnell sogar auf Datenfeldwegen! vermiss\n","date":"2012-02-23T00:00:00Z","href":"https://blog.koehntopp.info/2012/02/23/opa-erz-hlt-vom-krieg.html","tags":["damals","internet","mail","usenet","lang_de"],"title":"Opa erzählt vom Krieg"},{"categories":null,"content":" Heute ist Donnerstag, der 23. Februar 2012. Heute ist Weltuntergang.\nEdgar Berger, Chef von Sony Music International (weltgrößter Provider von Rootkits!), sagt im Interview mit der Welt :\nDa gibt es überhaupt nichts zu schimpfen. Das Internet ist für die Musikindustrie ein großer Glücksfall, oder besser gesagt: Das Internet ist für uns ein Segen. \u0026hellip; Man kann das Internet nicht für schädliche Auswüchse verantwortlich machen. Im Gegenteil. Es hat uns enorme neue Möglichkeiten gebracht.\nund zum Thema Youtube und Gema:\nEs liegt nicht an uns. Wir haben den Marktteilnehmern unsere Inhalte lizenziert. Sie müssen diese Frage an die deutsche Verwertungsgesellschaft Gema richten, die Urheberrechte sehr restriktiv lizenziert. Uns gehen dadurch Millionenumsätze verloren. Diese Praxis ist übrigens mit einer der Hauptgründe, warum der digitale Musikhandel in Deutschland weniger stark ausgeprägt ist. Ich bin mir aber auch relativ sicher, dass es bei der Gema irgendwann Einsicht zwecks ökonomischer Notwendigkeit geben wird.\n(via Golem )\n","date":"2012-02-23T00:00:00Z","href":"https://blog.koehntopp.info/2012/02/23/sony-das-internet-ist-f-r-uns-ein-segen.html","tags":["copyright","media","musik","piraten","sony","lang_de"],"title":"Sony: \"Das Internet ist für uns ein Segen\""},{"categories":null,"content":"Was bisher geschah: Jemand bei Sony schreibt einen Aufruf , einen Ersatz für Busybox zu schreiben, der nicht unter der GPL steht.\nBusybox is a widely used program which implements several Linux command line utilities in a single, multi-tool binary. It is provided under the GPL license. Due to its utility and ubiquity, it has been used in a very large number of embedded devices. This includes use by companies who are not as diligent about their GPL commitments as they should be.\nWill sagen: Busybox ist ein Programm, das die Basisfunktionen vieler Linux-Kommandozeilenwerkzeuge in einem Binary zusammenfaßt und sehr wenig Platz verbraucht. Wegen dieser Eigenschaften wird es gerne in Embedded Systemen eingesetzt.\nDa Busybox unter der GPL steht, viele Firmen sich aber einen Dreck um Copyright scheren, wenn es sie selber statt ihre Endkunden betrifft, wird es gerne in Router und andere Geräte eingebaut und ist dann Gegenstand einer Lizenzklage . Eine Klage, die am Ende dazu führt, daß die Firmen ihre Firmware offenlegen müssen, weil sie zu faul sind, selber zu programmieren und zu blöd, sich genau das Urheberrecht zu halten, für dessen Verschärfung sie Unsummen an die diversen Lobbyfeen bezahlt haben (wir reden hier unter anderem von Sony ).\nEs gibt eine Reihe von Gruppen im Open Source Umfeld, die sich der Durchsetzung von Offenen Lizenzen verschrieben haben. Da ist einmal das von Harald Welte initiierte GPL Violations , ein weiterer Kandidat ist die SFC (Software Freedom Conservancy). Letztere vertritt auch die Interessen der Busybox-Autoren und ist daher die Veranstaltung, gegen die das Busybox Replacement Projekt primär zielt.\nDie Reaktionen auf das Busybox Replacement Projekt waren sehr unterschiedlich: Einerseits steht es natürlich jedermann frei, selbst und eigenständig welche Software auch immer zu entwickeln. Andererseits geht es hier darum, Software zu schreiben, mit der man etwas illegales (nämlich das lizenzwidrige Verwenden von Open Source in Closed Source Projekten) einfacher machen möchte. Das Problem ist nämlich, daß typischerweise in solchen Projekten nicht nur Busybox illegal verwendet wird, sondern meist auch viele andere Teilprojekte geplündet werden.\nEs reicht aber nicht, diese illegale Nutzung zu identifizieren , sondern man muß auch klageberechtigt sein. Busybox war und ist für die SFC hier ein bequemer Hebel, da die SFC die Rechte des Urhebers in diesem Fall wahrnehmen darf. Das Sony-Projekt dient nun in erster Linie nicht dem Fortschritt, sondern dazu, der SFC diesen Hebel aus der Hand zu nehmen - rechtlich stellen sich die betreffenden Firmen jedoch kein bischen auf legaleren Grund.\nAndererseits gibt es auch abweichende Meinungen, etwa diese :\nAs the ex-maintainer of busybox who STARTED those lawsuits in the first place and now HUGELY REGRETS ever having done so, I think I\u0026rsquo;m entitled to stop the lawsuits in whatever way I see fit.\nThey never resulted in a single line of code added to the busybox repository. They HAVE resulted in more than one company exiting Linux development entirely and switching to non-Linux operating systems for their embedded products, and they\u0026rsquo;re a big part of the reason behind Android\u0026rsquo;s \u0026ldquo;No GPL in userspace\u0026rdquo; policy. (Which is Google, not Sony.)\nToybox is my project. I\u0026rsquo;ve been doing it since 2006 because I believe I can write a better project than busybox from an engineering perspective. I mothballed it because BusyBox had a 10 year headstart so I didn\u0026rsquo;t think it mattered how much BETTER it was, nobody would use it. Tim pointed out I was wrong about that, I agreed with him once I thought about it, so I\u0026rsquo;ve started it up again.\nDie Stellungnahm von Harald Welte befindet sich in seinem Blog Er schreibt unter anderem:\nPeople who claim that GPL enforcement is scaring away companies from using Linux and/or other Free Software also have to be careful in what they say. If a commercial entity enters a new market (let\u0026rsquo;s say Android Tablets), then there is a certain due diligence required before entering that market. So if you don\u0026rsquo;t understand Free Software and particularly GPL licensing, then you shouldn\u0026rsquo;t place a Linux-based device on the market.\n\u0026hellip;\nBut come on, dealing with embedded devices in 2012 and still getting compliance outright wrong really means that there has not been the least bit of attention on this subject. And without enforcement, it is never going to change. People who want no enforcement should simply use MIT-style licenses.\n\u0026hellip;\nLet me conclude with a clear statement to anyone who thinks that by replacing Busybox with a non-GPL licensed project they can evade GPL enforcement: It will not work. There are others out there enforcing the GPL. Last but not least gpl-violations.org.\n","date":"2012-02-11T00:00:00Z","href":"https://blog.koehntopp.info/2012/02/11/busybox-die-gpl-und-wirrniss.html","tags":["free software","lang_de"],"title":"Busybox, die GPL und Wirrniss"},{"categories":null,"content":"In den letzten Tagen habe ich das mehrmals erklären müssen, daher jetzt einmal im Blog, damit ich das verlinken kann. Dieser Artikel ist, anders als der Rest des Blogs, CC-BY-SA .\nDer Fragesteller:\nIch habe Daten in meiner Datenbank, die ich erfolgreich mit meiner Anwendung einlesen und wieder auslesen kann. Wenn ich jedoch einen mysqldump mache, um die Daten auf ein neues System zu portieren, bekomme ich zerstörte Umlaute.\nDas Problem tritt auf, wenn man Daten in der Datenbank mit dem falschen Zeichensatz-Label speichert.\nIn MySQL klebt an jedem String ein Label, der den Zeichensatz angibt, in dem der String geschrieben worden ist. Der String _latin1\u0026quot;Köhntopp\u0026quot; ist also hoffentlich die Zeichenfolge \u0026ldquo;K-0xF6-hntopp\u0026rdquo;, und der String _utf8\u0026quot;Köhntopp\u0026quot; entsprechend die Zeichenfolge \u0026ldquo;K-0xC3 0xB6-hntopp\u0026rdquo;. Probleme treten auf, wenn das Label (\u0026quot;_latin1\u0026quot; oder \u0026ldquo;_utf8\u0026rdquo;) und die Datencodierung von Umlauten (0xF6 vs. 0xC3 0xB6) nicht übereinstimmen.\nZum besseren Verständnis gibt es die Artikel Zeichensatzärger und MySQL Zeichensatz Grundlagen hier im Blog.\nWie man den Fehler erzeugt Wir definieren eine Tabelle mit einer VARCHAR-Spalte, an der ein Zeichensatz-Label \u0026rsquo;latin1\u0026rsquo; klebt.\nmysql\u0026gt; create table t ( -\u0026gt; id integer unsigned not null primary key, -\u0026gt; f varchar(20) charset latin1 -\u0026gt; ) engine = innodb; Query OK, 0 rows affected (0.25 sec) Wir definieren die Verbindung zur Datenbank auch als latin1. Der Zeichensatz der Spalte t.f und das Zeichensatzlabel der Connection stimmen also überein.\nmysql\u0026gt; set names latin1; Query OK, 0 rows affected (0.00 sec) Wir senden nun Daten mit UTF8-codierung über eine Connection, die das Label latin1 trägt. Wir lügen die Datenbank also an:\nmysql\u0026gt; select hex(\u0026#39;Köhntopp\u0026#39;) as umlaut; +--------------------+ | umlaut | +--------------------+ | 4BC3B6686E746F7070 | +--------------------+ 1 row in set (0.00 sec) mysql\u0026gt; insert into t values ( 1, \u0026#39;Köhntopp\u0026#39;); Query OK, 1 row affected (0.00 sec) Die Daten sind also real in utf8 codiert, werden aber über eine Verbindung übertragen, die das Label latin1 hat. Die Spalte t.f hat ebenfalls die Codierung latin1. Es ist also keine Konvertierung notwendig und MySQL nimmt auch keine vor. Die Daten werden 1:1 so gespeichert, wie wir sie senden.\nLesen wir die Daten aus, gelingt das auch: Die Daten der Spalte t.f werden gelesen. Sie liegen in latin1 vor. Die Verbindung, über die wir die Daten lesen, ist ebenfalls latin1. Die Daten werden also 1:1 ausgelesen und in unserem utf8-Terminal korrekt angezeigt:\nmysql\u0026gt; select f, hex(f) from t where id =1; +-----------+--------------------+ | f | hex(f) | +-----------+--------------------+ | Köhntopp | 4BC3B6686E746F7070 | +-----------+--------------------+ 1 row in set (0.00 sec) Man sieht in der Ausgabe links einen korrekten Umlaut - das Terminal des Mac steht aber auf utf8. Man sieht rechts die Bytes vor jeder Ausgabekonvertierung auf der Platte - 0xc3 0xb6 sind ein utf8 o-Umlaut.\nUnd jetzt der Dump:\n... /*!40101 SET NAMES utf8 */; ... DROP TABLE IF EXISTS `t`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `t` ( `id` int(10) unsigned NOT NULL, `f` varchar(20) CHARACTER SET latin1 DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- -- Dumping data for table `t` -- LOCK TABLES `t` WRITE; /*!40000 ALTER TABLE `t` DISABLE KEYS */; INSERT INTO `t` VALUES (1,\u0026#39;Köhntopp\u0026#39;); /*!40000 ALTER TABLE `t` ENABLE KEYS */; UNLOCK TABLES; Wir sehen, daß mysqldump die Verbindung auf utf8 setzt. Das tut es immer, egal in welchem Format die Daten auf der Platte vorliegen. Das ist auch kein Problem: Der im Dump verwendete Zeichensatz ist ein Superset aller anderen verfügbaren Zeichensätze und kann alle Stringdaten in der Datenbank darstellen, egal in welchem Format sie auf der Platte vorliegen.\nDie mit latin1 belabelten Daten aus t.f werden nun also bei der Ausgabe von latin1 nach utf8 gewandelt. Sie sind aber real schon utf8, d.h. wir wandeln real utf8-Daten noch einmal nach utf8. Das Resultat kann man im Dump sehen: \u0026lsquo;Köhntopp\u0026rsquo; - doppelt codiertes utf8.\nEs ist zu beachten: MySQL macht hier alles richtig. Das Problem ist, daß in einer latin1-Spalte als utf8 codierte Daten abgespeichert worden sind, weil in einer mit \u0026ldquo;SET NAMES latin1\u0026rdquo; konfigurierten Verbindung utf8-Daten gesendet wurden. Wir haben den Server angelogen und bekommen unsere gerechte Strafe.\nDas Problem ist auf zwei Arten lösbar:\nLösung im Dump Die haarsträubende Kommandozeile\nserver:~ # mysqldump --default-character-set latin1 kris t | sed -e \u0026#39;s/SET NAMES latin1/SET NAMES utf8/\u0026#39; erzeugt einen Dump, bei dem die Verbindung auf \u0026lsquo;SET NAMES latin1\u0026rsquo; eingestellt wird - die Daten werden also genau wie in der Anwendung ohne jede Konvertierung ausgelesen.\nAllerdings steht im Dump dann immer noch, daß sie in latin1 codiert wären. Das ist immer noch falsch - die Daten sind korrekt in utf8 gespeichert. Die sed-Anweisung korrigiert das, indem sie alle Vorkommen von latin1 in utf8 ändert - Label und Inhalt stimmen nun überein.\nIn der neuen Datenbank werden die Daten jetzt also korrekt eingelesen. In der neuen Datenbank muß man nun noch dafür sorgen, daß die Anwendung dort korrekt \u0026lsquo;SET NAMES utf8\u0026rsquo; setzt, wenn sie denn utf8 verwendet.\nLösung in der Quelldatenbank Wie im Handbuch beschrieben, kann man:\nWarning\nThe CONVERT TO operation converts column values between the character sets. This is not what you want if you have a column in one character set (like latin1) but the stored values actually use some other, incompatible character set (like utf8). In this case, you have to do the following for each such column:\nALTER TABLE t1 CHANGE c1 c1 BLOB;\nALTER TABLE t1 CHANGE c1 c1 TEXT CHARACTER SET utf8;\nThe reason this works is that there is no conversion when you convert to or from BLOB columns.\nWir machen das also:\nmysql\u0026gt; show create table t\\G Table: t Create Table: CREATE TABLE `t` ( `id` int(10) unsigned NOT NULL, `f` varchar(20) CHARACTER SET latin1 DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci 1 row in set (0.00 sec) In der alten Tabelle ist die Spalte f als latin1 definiert, enthält aber utf8-Daten.\nmysql\u0026gt; alter table t modify column f varbinary(20); Query OK, 1 row affected (0.63 sec) Records: 1 Duplicates: 0 Warnings: 0 mysql\u0026gt; alter table t modify column f varchar(20) charset utf8; Query OK, 1 row affected (0.62 sec) Records: 1 Duplicates: 0 Warnings: 0 Wir wandeln f in ein VARBINARY um - das ist ein VARCHAR ohne Zeichensatzlabel, also ein Binärklumpen. Die Daten in f bleiben erhalten, sind nun aber kein String mehr, sondern eine bedeutungslose Bitfolge, die keinem Zeichensatz angehört.\nWir wandeln f dann wieder in einen Zeichensatz um, in diesem Fall VARCHAR(20) CHARSET utf8, also der korrekte Zeichensatz.\nWir machen das in zwei Schritten, damit die Datenbank die Assoziation zwischen unseren Bits und Zeichensätzen vergißt. Würden wir direkt von VARCHAR(20) CHARSET latin1 nach VARCHAR(20) CHARSET utf8 umwandeln, würde die Datenbank uns hilfreicherweise auch die Daten konvertierten. Das ist im Normalfall das, was man will, denn die Datenbank sorgt so dafür, daß heile Daten auch heil bleiben.\nIn unserem Fall ist es genau nicht das, was wir wollen, denn wir haben ja kaputte Daten, die wir heil machen wollen.\nDas Resultat:\nmysql\u0026gt; show create table t\\G Table: t Create Table: CREATE TABLE `t` ( `id` int(10) unsigned NOT NULL, `f` varchar(20) CHARACTER SET utf8 DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci 1 row in set (0.00 sec) mysql\u0026gt; select f, hex(f) from t; +-----------+--------------------+ | f | hex(f) | +-----------+--------------------+ | Köhntopp | 4BC3B6686E746F7070 | +-----------+--------------------+ 1 row in set (0.00 sec) Wir speichern nun utf8 Daten in einer utf8-Spalte. Damit stimmen Spalten-Label und Spalten-Daten überein und die Mechanismen der Datenbank arbeiten für uns, nicht gegen uns.\nWie man den Fehler in Zukunft vermeidet Lüge die Datenbank nicht an. Wenn Du SET NAMES latin1 eingestellt hast, sende latin1. Wenn Du SET NAMES utf8 eingestellt hast, sende utf8. Die Datenbank konvertiert Dir Deine Daten dann immer korrekt, egal welche Zeichensätze Deine Spalten haben oder ob Du latin1 und utf8-Anwendungen mischt.\n","date":"2012-02-10T00:00:00Z","href":"https://blog.koehntopp.info/2012/02/10/faq-mein-mysqldump-zerstoert-meine-umlaute.html","tags":["mysql","lang_de"],"title":"FAQ: Mein mysqldump zerstört meine Umlaute"},{"categories":null,"content":"Das BDSG, ein Produkt der 80er. Damals waren Computer wahlweise doof oder böse . Entsprechend ist die Verarbeitung personenbezogener Daten verboten. Komplett. Genau genommen sagt das BDSG:\nDie Erhebung, Verarbeitung und Nutzung personenbezogener Daten sind nur zulässig, soweit dieses Gesetz oder eine andere Rechtsvorschrift dies erlaubt oder anordnet oder der Betroffene eingewilligt hat.\nDas heißt natürlich, daß die Verarbeitung personenbezogener Daten nicht wirklich komplett verboten ist. Sie ist erlaubt, \u0026ldquo;soweit dieses Gesetz oder eine andere Rechtsvorschrift dies erlaubt oder anordnet\u0026rdquo;. Das heißt, das BDSG kann sich selber durchlöchern und jedes andere Gesetz kann das auch. Sich selbst erlaubt der Staat also die Verarbeitung personenbezogener Daten, gerne und großzügig, und schön verteilt über alle möglichen Gesetze, sodaß das nicht direkt sichtbar ist, in welchem Ausmaß das BDSG da mit Ausnahmetatbeständen durchlöchert wird.\nDie Verarbeitung personenbezogener Daten ist auch erlaubt, wenn \u0026ldquo;der Betroffene eingewilligt hat\u0026rdquo;. Nun ist Datenverarbeitung aber böse und der \u0026ldquo;Betroffene\u0026rdquo; darf nicht einfach so einwilligen. Die Einwilligung muß stattdessen \u0026ldquo;informiert\u0026rdquo; erfolgen und sie muß zweckgebunden sein - eine Pauschalerlaubnis ohne genaue Zweckbestimmung, eine Spielwiese - zu deklarieren ist also rechtlich nicht machbar, so weit geht die informationelle Selbstbestimmung dann doch nicht.\nWenn ich also in diesem Blog personenbezogene Daten verarbeiten will, oder gar Dritte das tun lassen will, dann ist das gar nicht so einfach.\nEinmal muß ich meine Nutzer darüber informieren, welche personenbezogenen Daten denn hier genau zu welchem Zweck so verarbeitet werden. Wenn ich das ändere, dann muß ich darüber natürlich auch informieren. Ich kann also immer (also bei jedem Beginn einer Session) informieren, oder ich kann so richtig personenbezogene Daten verarbeiten, mir also merken, welche User ich schon gesehen habe und worüber ich schon informiert habe und wozu welcher User schon zugestimmt hat, damit ich jedem User nur noch die Änderungen anzeige, über die ich ihn noch nicht informiert habe und denen er noch nicht zugestimmt hat. Wobei dann jeder User als Erstes der Verarbeitung seiner Daten zu Datenschutzzwecken zustimmen müßte (siehe die EU Cookie Richtlinie , die hat dasselbe Problem).\nSo weit so klar?\nFein. Wenn ich also Dritte die Verarbeitung personenbezogener Daten überlasse, dann wird die Sache noch ein wenig komplizierter, denn dann liegt Auftragsdatenverarbeitung vor. Ich kann also nicht einfach Google Analytics oder einen Facebook-Like-Button (technisch im Prinzip dasselbe) hier einbinden, sondern ich kann 11 Seiten Papier an Google oder Facebook senden, also einen Vertrag über Auftragsdatenverarbeitung schließen, und dann einfach die entsprechenden Buttons wie gehabt hier einbinden (hatten wir hier in ausführlicherer Form).\nWie man sieht geht es also beim Datenschutz nicht wirklich um den Schutz irgendwelcher Daten, sondern um Verwaltung derselben.\nWir können das ganze noch besser veranschaulichen, mit einem etwas physischeren Beispiel, das jeder aus dem täglichen Leben kennt:\nDas hier ist der in etwa unterarmlange Bon, den ich bei dem Einkauf in meinem Supermarkt vorgelegt bekomme:\nInformationen zum Datenschutz.\nEs handelt sich um die Informationen, wer meine Daten warum wie durch wen verarbeiten läßt, wenn ich meine Scheckkarte da zur Kassiererin rüberschiebe, in epischer Breite. Da unten dann ein Unterschriftenfeld. Ich unterzeichne, schnell, denn hinter mir stehen noch 8 andere, die auch ihre Waren über den Scanner geschoben haben wollen, und drängeln.\nWohl informiert und mit dem guten Gefühl, Bescheid zu wissen - gibt es eigentlich irgendeinen Menschen auf der Welt, der das schon mal gelesen hat, die Person, die das getextet hat, ausgenommen? - wird meine Karte belastet und die Ware bezahlt. Nach demselben Verfahren wie letztes Mal, als ich das auch schon unterschrieben habe.\nDann nimmt mir die freundliche Kassiererin die Erklärung weg - WTF? - und archiviert den sorgfältig, denn der Supermarkt und seine Dienstleister müssen ja nachweisen können, wie oft wer dieses Jahr dort wozu zugestimmt hat. Und ich bekomme meinen eigenen Bon. Ohne Datenschutzinformationen.\nMeine Bonkopie. Ohne Datenschutz.\nWie man sieht, geht es auch hier nicht wirklich um den Schutz von Daten oder meinen Interessen, sondern ein Verwaltungsritual, bei dem die Fiktion nachgewiesen werden muß, daß ich auch diesmal den Bon sorgfältig studiert habe, bevor ich meine Einwilligung zur Verarbeitung meiner Kreditkartendaten durch Kreditkrakenfirmen gegeben habe.\nWas wäre, wenn ich aus irgendwelchen Gründen ein reales Problem mit der Verarbeitung meiner Kartendaten hätte? Etwa, weil dort jemand arbeitet, von dem ich glaube, daß er mich stalken könnte oder mir sonstwie gefährlich oder unangenehm werden könnte? Würde der Datenschutz mir dann helfen?\nSagen wir, ich bin Mitarbeiterin in einem Frauenhaus, und der Markt, in dem ich einkaufe und die Mengen und Art der gekauften Güter könnten den Standort einer sicheren Wohnung des Frauenhauses gefährden und Aufschluß darüber geben, ob und wie stark eine solche sichere Wohnung genutzt wird, ob Babynahrung gekauft wird und so weiter.\nWürde so eine Form von Datenschutz mir dann die notwendige operative Sicherheit geben?\nNein. Sicherheit bekomme ich nicht durch Verwaltungsaufwand zur Aufrechterhaltung einer Fiktion von informierter Zustimmung. Belastbare Sicherheit bekomme ich durch Geheimhaltung, etwa durch Zahlung mit Bargeld oder andere Maßnahmen.\nIVW Zählpixel bei Heise Newsticker\nDieselbe organisierte Selbsttäuschung bemängelt Mario Sixtus in seinem G+ Artikel zum Thema Heise Buttonlösung für Facebook. Die Heise-Lösung deckt zwar Facebook-Like, Twitter und Google +1 Buttons ab, aber eben nur diese drei Dinge. Sie deckt nicht die gut 30 anderen Trackingdienste ab, die etwa einem Plugin wie Ghostery bekannt sind - und so kommt es, daß die Heise-Buttonlösung zwar per Default keine Daten an Twitter, Facebook oder Google Plus sendet, aber zum Beispiel auf den Heise-Seiten noch immer bei jedem Zugriff Daten durch den Browser des Users an die IVW gesendet werden, da Heise natürlich wie jede Zeitung den IVW-Zählpixel und den VG Wort Zählpixel einblendet. Ohne Buttonlösung.\nVG Wort Zählpixel bei Heise Newsticker\nWürde man wirklich ein Problem mit dem Tracking seiner Webzugriffe an zentraler Stelle haben, wäre die Heise Buttonlösung nicht wirklich hilfreich. Auch sie verwaltet nur Daten.\nHelfen würde Geheimhaltung, also die Unterdrückung entsprechender Zugriffe durch passende Browser Plugins, wie zum Beispiel Disconnect, Ghostery oder Request Policy.\nAber mit der Buttonlösung hat man etwas, das sichtbar ist. Insbesondere auch für die Leute, die gar nichts getan haben und sich auch mit dem Problem nicht selber auseinander setzen wollen: Sie bekommen ein paar Alibi-Schieber mit Cookie-Steuerung (Zur Verwaltung der Verarbeitung personenbezogener Daten müssen wir auch hier noch mehr personenbezogene Daten verarbeiten!), die sie hin- und her schieben können wie sie möchten und alle führen sich hinterher ganz enorm informationell empowered und selbstbestimmt. Die eigentlich wichtigen Zählpixel tickern dabei im Hintergrund immer weiter mit und erzeugen ein Leseprotokoll für jede einzelne Nachrichtenseite.\nUnd das, liebe Leser, ist die Definition von Datenschutztheater: Die perfekte Symbiose zwischen der Faulheit der Konsumenten und Datenschützern mit Existenzrechtfertigungsnotstand.\n","date":"2012-01-02T00:00:00Z","href":"https://blog.koehntopp.info/2012/01/02/datenschutztheater-die-informierte-zustimmung.html","tags":["privacy","politik","spackeria","lang_de"],"title":"Datenschutztheater: Die informierte Zustimmung"},{"categories":null,"content":"Das Cern macht in weniger als 2 Stunden [einen Webcast(http://webcast.web.cern.ch/webcast/). Der Titel ist \u0026ldquo;Update on the Standard Model Higgs searches in ATLAS\u0026rdquo;/\u0026ldquo;Update on the Standard Model Higgs searches in CMS\u0026rdquo; und anschließend Fragen zum Thema. Die Schau wird 2 Stunden dauern.\nMan erwartet, daß das CERN das Higgs Boson gefunden hat. Es gerüchtet, daß Atlas das Higgs Boson bei 124.5 GeV mit 2 Sigma gefunden hat, während CMS es bei 126 GeV mit 3.5 Sigma sieht. Demnach wäre es gewichtet mit 125.5 GeV anzusetzen und die Konfidenz ist noch nicht ganz hoch genug, um die Akte ganz zu schließen.\nAndererseits hat man schon mal eine Pro-Forma Konstante, damit die Theoretiker ihre Mathematik kalibrieren können - wenn ich die String-Theoretiker korrekt verstanden habe, wollen die eine GeV-Zahl für das Higgs haben, damit sie die Anzahl und die Krümmung ihrer Zusatzdimensionen richtig einstellen können, oder so was in der Art.\nDisclaimer: Ich bin Informatiker und habe Physik im 2. Semester des Vorstudiums aufgegeben.\nHiggs? Cern? WTF? Wieso ist das wichtig?\nIrc-Protokoll einer Erklärung für 16-jährige Schüler .\nTL;DR: Physiker haben die Antwort auf die Frage nach dem Universum und dem ganzen Rest gefunden. Sie lautet nicht 42, sondern vermutlich 125.5 Gigaelektronenvolt. Die Suche hat über 100 Jahre gedauert, und dabei haben sie nebenbei aus Versehen das Web erfunden.\n","date":"2011-12-13T00:00:00Z","href":"https://blog.koehntopp.info/2011/12/13/higgs.html","tags":["erklaerbaer","physik","lang_de"],"title":"Higgs"},{"categories":null,"content":" Dezember 1996 Silvesterfeier mit dem \u0026ldquo;Hohen Rath der 13. Weisen vom Feed\u0026rdquo; und der \u0026ldquo;Allianz wieder den Hohen Rath der 13 Weisen vom Feed\u0026rdquo; in der Wassilystraße in Kiel. Ich verfasse gerade den RfD rmgroup de.talk.bizarre.\nLinker Bildschirm: Linux-System, Mitte: NeXTstation (Graustufen-Display, 25 MHz 68040, 20 MB RAM, 1 GB HDD), Rechts: Storage, Tape und CD-ROM für NeXTstation.\nAuf dem Schild am Regal über mir steht: \u0026ldquo;Das Kopieren von Programmen ist aus urheberrechtlichen Gründen nicht gestattet.\u0026rdquo; Es stammt aus einem Kaufhaus, aus meiner C64-Zeit.\n","date":"2011-12-05T00:00:00Z","href":"https://blog.koehntopp.info/2011/12/05/15-jahre-zuvor.html","tags":["damals","kiel","linux","usenet","lang_de"],"title":"15 Jahre zuvor..."},{"categories":null,"content":"Christian Scholz berichtet berichtet von der Jugendmedienschutztagung von ZDF, ARD und Kirchen (sic!) in Mainz.\nDie Zusammenfassung ist: Die Debatte kommt nicht von der Stelle, die Argumente und Positionen sind noch immer dieselben wie vor 2 und 12 Jahren. Die Filterfraktion preist ihre technischen Lösungen an. Die Eltern- und Praktikerfraktion lacht trocken. Die Besitzer relativ neuer \u0026lsquo;Endgeräte\u0026rsquo;, die nicht Computer sind, sondern Handies, Playstations oder andere Spezialgeräte mit Internetzugang fragen, ob\u0026rsquo;s die Filter denn auch für $EXOTISCHE_HARDWARE gibt. Und am Ende verweigert man sich gemeinsam der Erkenntnis, daß sich Erziehung nun einmal nicht technisieren läßt, Jugendschutz also damit beginnt und endet, Eltern auszubilden und zu motivieren.\nWir danken für dieses Gespräch. Pieeep\n","date":"2011-12-05T00:00:00Z","href":"https://blog.koehntopp.info/2011/12/05/jmstv-nix-neues.html","tags":["internet","jugendschutz","media","film","lang_de"],"title":"JMStV: Nix neues"},{"categories":null,"content":"Occupy. Die Piraten beschließen, sich mit dem bedingungslosen Grundeinkommen auseinander zu setzen. Ich lese Andreas Eschbach \u0026ldquo;Eine Billion Dollar\u0026rdquo; neu, und es liest sich nicht wie ein Roman, sondern wie eine Art Jahresrückblick. Finanzkrise. The Origin of Wealth . Sugarscape . Beide erzählen dieselbe Story, die Eschbach da bringt. Plutonomie. Neusprech . Technische Regierungen.\nMein Browser hat mehr als 25 Tabs zu diesen Themen offen, und sie zeigen alle in dieselbe Richtung - wir müssen wichtige Dinge des Lebens neu denken, oder die Welt verändert sich ohne uns und läßt uns zurück.\nWo fange ich an. Vielleicht mit den TED Talks von Nic Marks und Richard Wilkinson. Das kostet Euch eine halbe Stunde Eures Lebens. Ich verspreche, sie ist gut angelegt.\nNic Marks: The Happy Planet Index erklärt eben diesen: Eine Alternative zum Bruttoinlandsprodukt, die persönliches Glück in Relation zu den eingesetzten Ressourcen setzt.\nRichard Wilkinson: How economic inequality harms societies zeigt, quasi im Anschluß, wie Gemeinschaften mit geringerer Ungleichheit (Gini coefficient , Gini coefficient nach Ländern ) besser funktionieren, nach einer ganzen Reihe von Metriken.\nWir können beobachten, daß diese soziale Ungleichheit über die Jahrzehnte in Deutschland, den USA und vielen anderen Staaten größer wird, daß der Gini Koeffizient wächst. Ein Alternet Special über Occupy Wallstreet zeigt die Auswirkungen auf vielerlei Weise, und Business Insider hat vergleichbare Daten, Singularity Hub auch. Und das gilt nicht nur für die USA, sondern eben auch für Deutschland .\nEs gibt Leute, die halten die dabei ablaufenden Mechanismen für ein Zeichen ihrer Befähigung oder als Indikator für ihr Ausgewähltsein: Schon 2009 fanden die Plutonomy-Reports der Citigroup ihren Weg an die Öffentlichkeit:\n\u0026ldquo;Michael Moore highlights a confidential report that Citigroup initially circulated only to it\u0026rsquo;s wealthiest customers. Those reports, since leaked, plainly discuss the power of the Plutonomy in America, and how it would only strengthen, as long as the \u0026ldquo;the rest us\u0026rdquo; (the non-plutonics) could be kept in the dark about the Plutonomy existence, its role, and its over-arching control in the American Economy.\u0026rdquo;\nDem ist nicht so: Die Mechanismen, die dabei am Werk sind, werden in Andreas Eschbachs Eine Billion Dollar auf eine ganz wunderbare Weise erzählerisch verpackt und haben nichts mit Auserwähltheit zu tun. Eschbach diskutiert auch verschiedene Mögliche Reaktionen und erläutert ihre Funktionsweise. Eschbach hebt besonders auf die Notwendigkeit einer Tobin-Tax (allgemeiner eine Finanztransaktionssteuer ) ab, die überaus geeignet ist, die derzeit amoklaufenden Finanzmärkte sinnvoll zu steuern.\nZwei andere, dringend empfehlenswerte Bücher, die Hintergründe und Mechanismen ohne Story, aber nicht minder spannend vermitteln, habe ich in Fertig gelesen: The Origin of Wealth rezensiert: The Origin of Wealth und Sugarscape: Growing Artificial Societies .\nInsbesondere Sugarscape zeigt, daß dieses Phänomen der unkontrollierten Anhäufung von Reichtum sich mit allereinfachsten zellularen Automaten reproduzieren läßt, wenn bestimmte Regelsätze in Kraft sind. Ebenso wird gezeigt, daß wirtschaftlicher Erfolg (und am Ende maximal ungleiche Ressourcenanhäufung) eben nicht von persönlichem Einsatz oder persönlicher Begabung abhängt, sondern sehr wesentlich vom Zufall bestimmt wird.\nThe Origin Of Wealth ist eine Tour durch die Geschichte der Volkswirtschaft, und wie deren Modelle sich nach und nach als unzureichend erwiesen haben und sukzessive neue Ideen eingearbeitet haben. Das Buch macht außerdem im 3. Teil eine sehr klare Aussage: Ungleichheit und ihre Entwicklung sind eben kein Automatismus, und keine Notwendigkeit für das Funktionieren eines Systems, sondern sie sind eine Wahl, die eine Gesellschaft treffen kann.\nGriechenland und Italien haben stattdessen eine andere Wahl getroffen: In beiden Ländern ist im Grunde genommen eine politische Regierung durch eine finanzielle Verwaltungsregierung ersetzt worden: Die Niemandsregierung ist die Kapitulation der Politik vor den Banken und die Abgabe der Souveränität des Volkes an die Firmen . Der Spiegelfechter bringt es noch mehr auf den Punkt :\nDie eigentliche Gefahr dieser Krise ist, dass eine Lösung oder Versuche dazu nicht mehr in rechtsstaatlicher Weise erfolgen. Wenn man heute auf Staatsbankrott spekulieren kann, dann hört der Spass auf. Und die Beschleunigung der Entscheidungsprozesse, die sich die Regierenden diktieren lassen, ist beunruhigend. Das Bundesverfassungsgericht wird in nächster Zeit in besonderer Weise gefordert sein, aber es fragt sich, ob die Rolle eines passiven Kontrolleurs genügt. Es müsste auch einstweilige Anordnungen erwägen, um verfassungskonforme Zustände zu sichern.\nDie internationalen Finanzmärkte bedrohen inzwischen die Souveränität der Völker, und so kann sich die Finanzkrise kann sich zu einer Systemkrise ausweiten, in der wir Freiheit, Demokratie und Rechtsstaatlichkeit wieder verteidigen müssen.\nEine Grafik, die ich sehr spannend finde, stammt aus dem\nBusiness Insider Artikel :\nZu dieser Grafik gibt es eine Schwestergrafik bei Alternet :\nDie Produktivität der Menschen, die Arbeit haben, steigt an, aber sie verdienen dafür nicht mehr. Stattdessen steigen die Gewinne der Unternehmen und damit der Reichtum der Leute, die Anteile daran haben. Wir finden Artikel, die das erklären: Die Auswirkungen des technischen Fortschritts auf die menschliche Arbeit bei Netzwertig mit Blick auf die (natürlich) IT-Branche, und dort auch schon ein Zeiger auf das Bedingungslose Grundeinkommen, und wieso es in die Diskussion kommt.\nWorum geht es? Um ein neues Weltbild als Grundlage von Politik und Wirtschaft Ich hoffe, dass es der neuen globalen [Occupy] Bewegung gelingt, für etwas einzutreten, nämlich für ein neues Weltbild als Grundlage unseres politischen, wirtschaftlichen und sonstigen Handelns:\nfür ein Weltbild, in dem die Güter der Erde für alle reichen für ein wahrhaft ökologisches Weltbild, in dem Lebewesen und Dinge nicht isoliert voneinander existieren, sondern alles mit allem zusammenhängt für ein Weltbild, in dem klar ist, dass ich das, was ich dem anderen zufüge, mir selbst zufüge für ein Weltbild, in dem die Würde aller Lebewesen als gegeben gilt für ein Weltbild, in dem Wachstum vorallem als geistiges Wachstum gesehen wird Vor diesem Hintergrund in Wirtschaft und Politik hat die Piratenpartei letztes Wochenende auf ihrem Parteitag beschlossen, sich als Partei mit dem Bedingungslosen Grundeinkommen auseinander zu setzen - unsere Industrie- und Wirtschaft sind leistungsfähig genug für eine 20/80-Gesellschaft (\u0026ldquo;20% der arbeitsfähigen Gesellschaft reichen aus, um den übrigen 80% und sich selbst eine sehr hohe Lebensqualität zu bieten\u0026rdquo;). Wir werden nie wieder Vollbeschäftigung haben. Wir müssen endlich das gesellschaftliche Problem des industriellen Strukturwandels angehen anstatt es weiter wie seit den 1980er Jahren vor uns her zu schieben - was Alexx sagt .\nDenn wir werden eine Gesellschaft bekommen, bei der in erster Linie Maschinen arbeiten, und wir müssen Wege finden, als Menschen dort unseren Platz zu finden, weil eben die meisten von uns \u0026lsquo;arbeitslos\u0026rsquo; nach heutiger Definition sein werden. Was immer das dann bedeuten soll, eines Tages. Wir müssen uns weiter entwickeln, was Mela sagt .\nDabei wird es eine Reihe von Neid- oder sagen wir, Fairness-Diskussionen geben, wie man hier nachlesen kann. Diese Mechanismen stecken alle in uns drin. Sie sind nur nicht unbedingt hilfreich, wenn man eine \u0026ldquo;Star Trek Gesellschaft\u0026rdquo; hat, in der tatsächlich Arbeit und Einkommen zu einem Teil entkoppelt sind. Auch da müssen wir Arbeit leisten, und was mspr0 sagt .\nWas genau hat die PP da in Offenbach beschlossen? Was reizzentrum sagt .\nWie also soll die Gesellschaft für das 21. und die folgenden Jahrhunderte aussehen? Oder wollen wir das den Firmen und den Banken überlassen? Die Zukunft ist da. Es ist die Aufgabe unserer Generation, sie gleichmäßiger zu verteilen .\nIn diesem Sinne: DirektRossi ","date":"2011-12-05T00:00:00Z","href":"https://blog.koehntopp.info/2011/12/05/the-pursuit-of-happiness.html","tags":["piraten","politik","lang_de"],"title":"The pursuit of happiness"},{"categories":null,"content":"The Lean Startup , Eric Ries, EUR 10.99\nDas Buch \u0026ldquo;The Lean Startup\u0026rdquo; von Eric Ries wurde mir von Johann-Peter Hartmann und den anderen Maiblümchen als Antwort auf meinen Froscon-Vortrag dieses Jahr geschenkt, damit ich mich nicht mehr so alleine fühle. :-) In der Tat beschreibt Ries eine ganze Reihe von Firmen, die in einem Umfeld extremer Veränderung und Unsicherheit agieren - das ist Ries' Definition von Startup, und die kann auch recht große Firmen oder Behörden abdecken. Sie beschreibt auch mein Arbeitsumfeld recht gut.\nRies fragt sich, mit welchen Methoden Firmen in den Quadranten des Cynefin-Modells agieren können, die von \u0026ldquo;Simple\u0026rdquo; (Es existiert eine Best Practice und ein quantitativer Prozeß zu ihrer Einhaltung und Verbesserung) verschieden sind. Es geht also darum, wie ein Startup in sich verändernden, unbekannten oder unentwickelten Märkten herausfinden kann, welche Dienste oder Produkte einem Kunden bezahlenswert erscheinen. Hat eine Firma diesen Markt gefunden, geht es weiter darum, wie man diesen Markt wachsen lassen kann bzw. in diesem Markt wachsen kann.\nEr kommt zu dem Schluß (und belegt diesen), daß Firmen in Startup-Situationen experimentieren müssen, ja, daß dies die wichtigste Kommunikation mit dem Kunden ist. Firmen müssen aus diesen Experimenten Lehren für ihre Produkte oder Dienste ziehen, und diese dann in der nächsten Iteration umsetzen. Nach Ries ist es dabei sehr wichtig, früh, viel und schnell zu experimentieren - und dies ist in einer Startup-Situation wichtiger, als ein vollständiges, korrektes oder durchentwickeltes Produkt zu haben.\nEr führt eine ganze Reihe von Beispielen auf, in denen Firmen Geld, Zeit und Personen in die Entwicklung von Produkten gesteckt haben, die dann am Markt nicht funktioniert haben. Fehler sind um so leichter, schneller und billiger zu korrigieren, je früher die Phase der Produktentwicklung ist, in der sie erkannt werden. In unsicheren oder unreifen Märkten ist es daher wichtig, als Erstes mit dem Kunden zusammen das Produkt zu testen und es dann erst mit traditionellen Methoden fertig zu stellen (Testing in Production kann dabei helfen). So kann man sicherstellen, daß die begrenzten Engineering-Kapazitäten des Startups nur auf Produktiveränderungen angewendet werden von denen schon bewiesen ist, daß sie sich positiv auf das Geschäft auswirken werden.\nDabei legt Ries großen Wert darauf, nicht blind zu testen, sondern das corporate learning durch Experimente zu messen und zu validieren, die nicht-monetäre Wertschöpfung eines Startups also quantifizierbar zu machen, da diese Metriken Investoren oder Stakeholders Instrumente an die Hand geben, erfolgreiche von nicht erfolgreichen Startups zu unterscheiden, auch wenn diese noch keinen Gewinn machen. Ries mißt dazu Dinge wie verbesserte Conversion, Adoption Rates oder andere wichtige Metriken, die zeigen, daß sich das Unternehmen in seinem Zielmarkt besser bewegt, weil es jetzt mehr darüber weiß.\nAuf der Grundlage dieser Metriken kann die Unternehmensführung dann entscheiden, wie mit dem Produkt oder Dienst zu verfahren ist (\u0026ldquo;Pivot or persevere\u0026rdquo; - Ändern oder weitermachen). Wenn ein Startup einen Pivot durchführt, also grundlegende Änderungen am Produkt oder eine Strategieänderung notwendig sind, dann ist dies eine Entscheidung, die oft schwer zu kommunizieren ist. Also gibt Ries eine Reihe von Hinweisen, wie Pivotpunkte zu erkennen, zu klassifizieren und erfolgreicher zu kommunizieren sind.\nAbschließend konzentriert sich Ries dann darauf, den dargestellten Forschungsmechanismus zu institutionalisieren und zu beschleunigen, und dabei die Lerngeschwindigkeit der Firma meßbar zu machen.\nAlles in allem ein faszinierendes Buch, bei dem man sich zwar durch den iterativen amerikanischen Lehr- und Erklärstil durchbeißen muß, das aber eine ganze Menge Dinge in Perspektive setzt, mit denen ich in den letzten Jahren täglich zu tun hatte.\n","date":"2011-12-02T00:00:00Z","href":"https://blog.koehntopp.info/2011/12/02/fertig-gelesen-the-lean-startup.html","tags":["book","review","media","software","lang_de"],"title":"Fertig gelesen: The Lean Startup"},{"categories":null,"content":"Mitte November ist auf The Testing Planet ein Artikel von Seth Eliot (Microsoft) erschienen mit dem Titel Testing in Production . Eliot schreibt über Software Services, also Dienste, die auf einer Website laufen, sodaß die User keine Anwendungen installieren müssen (Wir erinnern uns: Microsoft ist noch immer ganz groß darin, Software auf physikalischen read-only Medien an Benutzer zu verschicken, auch wenn diese Software seit einer Dekade kaum mehr als ein Loader für Updates über das Internet ist und nach der Installation vom Medium erst einmal alle eben installierten Dateien durch das heruntergeladene Update durch neuere Versionen ersetzt werden).\nIn Software Services hat der Anbieter jedenfalls die Kontrolle darüber, welche Version der Software welchem Kunden präsentiert wird, und er hat in der Regel Zugriff und Meßmöglichkeiten im Data Center, auf dem die Software läuft, kann also auf der Serverseite diagnostizieren, was wann wie und warum schief geht.\nEliot behauptet nun, daß User seltsamer sind als Tester sich vorstellen können und man daher besser so früh als möglich mit echten Benutzern testet (Testing in Production = TIP). Vorhergehende synthetische Tests (Up Front Testing = UFT) können gemacht werden, sollten aber nur so weit gemacht werden, daß man sicher in der Produktion testen kann.\nEliot weiter:\nFor some TiP methodologies we can reduce risk by reducing the exposure of the new code under test. This technique is called “Exposure Control” and limits risk by limiting the user base potentially impacted by the new code.\nWas er damit meint, wird weiter unten klar, wenn er erläutert, welche Klassen von TIP er unterscheidet.\nRamped Deployment\nDer zu testende Code wird ausgerollt, ist aber zunächst nicht aktiv. Er wird für einen Subset der Benutzer aktiviert und überwacht. Dabei können unterschiedliche Aspekte des Codes untersucht werden - wie er sich auf die Geschäftsprozesse auswirkt, ob er technisch funktioniert oder wie er skaliert etwa. Benutzer können automatisch oder handselektiert sein, und wissen entweder, daß die mit experimentellem Code arbeiten oder nicht.\nEntscheidend ist, daß das Deployment von neuem Code und seine Aktivierung voneinander getrennt werden. Dies erlaubt es, Features graduell einzuführen und schnell zu deaktivieren, wenn sich Probleme entwickeln.\nControlled Test Flight\nein a/b-Experiment, in der alte und der neue Code parallel für unterschiedliche Benutzer aktiviert wird und die Benutzer nicht wissen, in welcher Kategorie sie sich befinden. Eine Unterkategorie von Ramped Deployment. Experimentation for Design\neine weitere Verfeinerung von Controlled Test Flight ist, die neue und die alte User Experience parallel für unterschiedliche, repräsentative Benutzergruppen zu aktivieren, um den Einfluß der neuen UX auf das Geschäftsmodell zu prüfen. Dogfood/Beta\nwissen die Benutzer um die Tatsache, daß sie neuen Code testen, handelt es sich nicht um Experimentation, sondern um eine Beta. Sind die Benutzer Mitarbeiter oder Freunde der Firma, handelt es sich um Dogfooding. Hier ist es oft zulässig, mit dem Wissen und Einverständnis der Benutzer zusätzliche Telemetrie zu installieren und auszuwerten. Synthetic Test in Production\ndas Anwenden von automatisierten UFT-Systemen auf Produktionssysteme. Sie können verwenden werden, um das Produktionssystem oder sein Monitoring zu validieren. Load/Capacity Test in Production\nLast und Kapazitätstest in der Produktion, bei Eliot unter Verwendung synthetischer Last gegen Produktionssysteme, meistens zusätzlich zur existierenden Last durch reale Benutzer, um die Kapazität des Systems zu bestimmen. Die mir bekannten Anwender solcher Verfahren spielen stattdessen eher mit den Gewichten an ihren Load Balancern, um die externe Last durch reale User auf weniger und weniger Backends zu konzentrieren. Synthetische Last wird dabei lediglich als Meßsonde verwendet, um die Latenz von Requests zu überwachen - kommt zur typischen Think Time des Benchmarks eine Wait Time hinzu, ist die den getesteten Frontends angebotene Load größer als ihre Kapazität und es baut sich eine Queue auf. Lastsättigung ist erreicht und die Kapazität des Gesamtsystems kann durch einfache Dreisätze bestimmt werden. Bricht man den Test hier ab, ist die UX für die realen User nicht destruktiv beeinflußt: Das System mag einigen Benutzern für kurze Zeit langsam erscheinen, ist aber zu allen Zeiten normal Funktionsfähig. Bricht man den Test nicht ab, sondern erhöht die Last vorsichtig weiter, kann man den Failure Mode des Systems verifizieren: Art und Lage der begrenzenden Ressource im Gesamtsystem wird offensichtlich, Qualität des Monitorings und Prozesse im Operating werden mitgeprüft. Diese Phase des Tests erfordert schnelle Reaktion, um den Einfluß auf die UX der realen Benutzer zu minimieren.\nOutside-in load /performance testing\nein Lasttest mit synthetischer Load, die von einer externen Quelle in die Produktionsumgebung injeziert wird, also denselben Weg nach drinnen nimmt wie die realen Benutzer. User Scenario Execution\nAusführung von Endbenutzer-Szenarien gegen ein Produktionssystem von den Endpunkten echter Benutzer. Kann manuelles Testen beinhalten. Diese Tests können regional unterschiedliche UX sichtbar machen (\u0026ldquo;Das System ist schnell genug in Europa, von Asien aus aber kaum benutzbar.\u0026rdquo;) Data Mining\nDie Logdaten echter Benutzer werden nach Problemen oder Testfällen durchsucht, die spezifische Szenarien darstellen. Die Fälle, die auftreten, werden automatisch als Bugtickets eingetragen. Das kann in Echtzeit passieren. Echtzeitmonitoring kann auf viele verschiedene Weisen nützlich sein. Insbesondere in den o.a. Lasttests ist ein Echtzeit-Errormonitor notwendig, um die Saturierung von der Überlast des Systems trennen zu können, und um Lage und Failure Mode der überlasteten Komponente im Produktionsweg schnell erkennen zu können. Ohne ein solches Echtzeitmonitoring ist diese Art von Test nicht sicher durchführbar.\nDestructive Testing\nInjektion von Fehlern in Produktionssysteme, um Servicekontinuität im Fehlerfall zu validieren ( Chaos Monkey ). Production Validation\nEchtzeitmonitore, die die verschiedenen Phasen der Produktion auf Businessebene, Contentebene, Technischer Ebene, Netzwerkebene und so weiter überwachen und visualisieren. Eliot bringt dann verschiedene Beispiel für TIP: Googles und Bings a/b-Experimente und 1% Launches werden genannt, sie sind Beispiele für Experimentation for Design. Controlled Test Flights werden dort ebenfalls verwendet, dabei werden kritische Änderungen ausgerollt und parallel zu getestetem Code betrieben - oft werden dabei Daten zweimal geschrieben: Der alte Code führt das alte System weiter, der neue Code arbeitet im neuen System mit anderen Dateien oder Datenbanktabellen.\nChaosmonkey war der Vorläufer eines Systems für Destructive Testing, das jetzt die Simian Army darstellt: Neben Chaos Monkey, der Komponenten zufällig aus dem System entfernt gibt es nun Latency Monkey, der Dienste zufällig verzögert, Conformity Monkey, der Systeme aus dem Dienst kippt, die nicht auf dem erwarteten Stand sind und viele andere Dienstprüfer und Killer mehr.\nEliot weist darauf hin, daß Tests in der Produktion gefährlich sein können und sie deswegen so aufgebaut werden müssen, daß sie keine Produktionsdaten verändern können und nur mit funktionierendem und schnellem Monitoring durchgeführt werden können.\nKorrekt ausgeführt eröffnen sie aber eine Menge Lernmöglichkeiten, die traditionellem Testen nicht zur Verfügung stehen.\n","date":"2011-12-02T00:00:00Z","href":"https://blog.koehntopp.info/2011/12/02/testing-in-production.html","tags":["computer","development","software","testing","lang_de"],"title":"Testing in Production"},{"categories":null,"content":"Argh! Ein mal, ein einziges Mal tut man etwas Gutes und dann das!\nIn den Kommentaren zu Nicht das Urheberrecht ist das Kernthema schrieb ich also:\nDu kannst Lena Falkenhagen ein neues Urheberrecht schreiben lassen, nach ihrem Wunsch, und das zum Gesetz werden lassen. Es würde ihre Situation nicht verbessern. Denn die Probleme, die sie da sieht oder hat - sie liegen nicht im Urheberrecht.\nund machte meinen Standpunkt also in einem Nachtrag noch einmal deutlicher.\nDadurch habe ich mir wohl eine Art Fadenkreuz auf die Stirn gemalt. Es beginnt mit Jan Delay, der sich mit den Realitäten auseinandersetzt, geht weiter bei Falk Wussow, der sie nicht wahr haben will, und schlägt dann auf bei Rafael Eduardo Wefers Verástegui, der in den Kommentaren dann von eben diesem Fadenkreuz Gebraucht macht:\nAuf der anderen Seite: Du hast sowieso keine Wahl, denn wie Kristian Köhntopp letzthin so schön verbloggt hatte: Das Urheberrecht und der Schutz von Urheberrechten ist nicht Dein Problem. Es wird Dir auch nicht helfen jeden Filesharer standrechtlich zu erschiessen.\nJetzt haben wir also einen kalten Novembermorgen, dichter Nebel liegt über Berlin. Ich, zwei Meter zwei groß, 135 kg schwer, unrasiert, habe einen rosa Tutu an und einen fetten massivgoldenen Zauberstab in der Hand. Meine Landung bei Falk Wussow ist wenig elegant: mehr so eine Bruchlandung. Immerhin gibt es außer mir keine Verletzten, auch wenn es um die Regale schade ist.\n\u0026ldquo;Tach,\u0026rdquo; sage ich, und bürste mir die Holzsplitter vom Tutu und den Legwarmers, \u0026ldquo;ich bin die Lobbyistenfee. Sorry, daß sie mich schicken, aber die jungen knackigen Mädels sind alle bei den Abgeordneten, Bungabunga, wissen schon. Für solche wie Dich bleibe dann leider nur ich.\u0026rdquo; Falk guckt irritiert.\nIch räuspere mich und muß lautstark hochziehen - verdammtes Küstenwetter, elende Sinusitis. \u0026ldquo;Tja, Falk\u0026rdquo;, fahre ich fort, \u0026ldquo;Du hast Glück.\u0026rdquo; Falk guckt fassungslos auf die Trümmer seiner Regalwand und kann sein Glück irgendwie nicht fassen.\n\u0026ldquo;Du hast eine Legislation frei. Sage uns, wie das Urheberrecht Deiner Meinung nach aussehen sollte, um alle Probleme der Urheber zu lösen. Du kannst es ohne Berücksichtigung irgendwelcher Grenzen frei und nach Wunsch umschreiben.\u0026rdquo; Falk schaut noch irritierter, falls so etwas noch möglich ist: \u0026ldquo;Was? Einfach so?\u0026rdquo;\n\u0026ldquo;Nein\u0026rdquo;, entgegne ich, \u0026ldquo;nicht einfach so. Es gibt eine Deadline, bis zum Ende des Monats. Aber das sollte für einen Künstler ja nichts ungewohntes sein. Und Du mußt erklären, wieso Du glaubst, daß genau diese Regel, so wie Du sie aufstellst, die Probleme der Künstler löst.\u0026rdquo;\nIch schwinge meinen Zauberprügel, eher wenig elegant - für diesen Job bin ich einfach nicht geschaffen! Auffällig-unauffällig werfe ich ein paar Ninja Rauchbomben, taste mich durch den Dunst hustend zur Tür und gehe ab.\nSo.\nWollen doch mal sehen, ob es Falk gelingt, die Welt in einen besseren Ort zu verwandeln. Vielleicht mag Lena helfen? Wenn es klappt, ist das sogar ein rosa Tutu wert. Zum Glück ist das hier Berlin. Selbst in der U-Bahn falle ich in meinem Aufzug kaum auf.\n","date":"2011-11-24T00:00:00Z","href":"https://blog.koehntopp.info/2011/11/24/von-einem-absturz-tutus-und-einem-neuen-urheberrecht.html","tags":["copyright","kultur","media","piraten","politik","lang_de"],"title":"Von einem Absturz, Tutus und einem neuen Urheberrecht"},{"categories":null,"content":"Es begannt mit einem Google Plus Artikel zum Thema EA und Origin. Origin ist ein Pflichtbestandteil von neueren Spielen von Electronic Arts, und geht über einen normalen Kopierschutz insofern hinaus, als daß es anfängt, die Platte des Kunden zu durchsuchen und unbekannte Mengen Daten aufzusammeln und an EA zu schicken.\nMein Post spießte die Tatsache auf, daß sich unsere Politik an Facebook hochzieht, inkonsequenterweise aber solche Dinge wie Origin ignoriert. Selbst dann, wenn sie wie in FIFA 12 auf die Rechner von 12 Jahre alten Kindern angewendet werden - wäre dies keine Firma, sondern eine natürliche Person, hätten wir hier einen Cyberstalking-Prozeß am Laufen.\nJemand machte dann den Default-Spackeria-Seitenhieb: \u0026ldquo;Ach, Origin ist nicht Post-Privacy-konform?\u0026rdquo;\nNein, ist es in der Tat nicht.\nDie Spackeria sagt zwei Sachen, soweit man überhaupt sagen kann, daß sie eine einheitliche Sicht auf die Dinge vertritt.\nDie Erste ist, daß wir durch die Art und Weise der Technikentwicklung immer mehr von uns Preis geben. Dadurch, und durch die Verknüpfung der Daten miteinander erzählen wir immer mehr über uns. In der Tat kann jeder Einzelne von uns da wenig gegen machen, insbesondere nicht durch den 80er-Jahre-Datenschutz mit \u0026lsquo;informiertem Einverständnis zur Datennutzung\u0026rsquo;, also dem wirkungs- und nutzlosen Extra-Einverständnishäkchen.\nDie Zweite ist, daß das nicht oder zumindest weniger schlimm ist, solange Transparenz auf Gegenseitigkeit geschaffen wird. Das heißt, daß Origin weniger Scheiße wäre, würde EA dokumentieren und durch Dritte verifizieren lassen, was da genau technisch gemacht wird, wie die Daten übertragen werden und auf welche Weise sie von EA genutzt werden.\n\u0026ldquo;Post-Privacy konform\u0026rdquo; wäre es, auf die Offenlegung der einen Seite mit einer adäquaten Offenlegung auf der anderen Seite zu reagieren, adäquat auch in dem Sinne, daß man offensichtliche Machtunterschiede berücksichtigt, um auszugleichen. Offenheit ist auf eine Weise eine Abrüstung und eine Deeskalation: Hier bin ich, das ist alles was ich bin, ich verstecke nichts (was für unsere gegenseitige Beziehung zueinander relevant wäre).\nVertrauen entsteht, wenn beide Seiten das tun. Und am Ende geht es genau darum.\nDas Internet bringt uns alle einander näher. Auch die, die einander nicht kennen, fremd sind, ihre eigenen Interessen beschützen wollen angesichts des Fremden. Diese ganzen Ausforschungs- und Datenprofilierungsversuche sind am Ende nichts anderes als der Versuch von Personen, Institutionen oder gar Nationen, sich selber die Angst vor \u0026lsquo;den Anderen\u0026rsquo; zu nehmen. Die motivierende Idee ist, durch Sammlung von Daten über früheres Verhalten und die Annahme von Stetigkeit zukünftiges Verhalten von ansonsten unbekannten, entfernten und nicht greifbaren Handelnden aus anderen Kulturkreisen Vorhersagen über zukünftige Handlungen treffen zu können und so Risiken gleich welcher Art besser einschätzen zu können.\nVertrauen als Grundlage einer Beziehung und des darauf erwachsenden Handelns kann aber nur entstehen, wenn dies auf eine adäquate Weise auf Gegenseitigkeit passiert.\nUnd das ist genau das, was den ganzen Post-Privacy-Spöttern (\u0026ldquo;Ach, auf einmal doch keine Offenlegung\u0026rdquo;) nicht klar ist. Oder für einen billigen Witz ignoriert wird.\n","date":"2011-11-16T00:00:00Z","href":"https://blog.koehntopp.info/2011/11/16/defaultseitenhieb-post-privacy.html","tags":["privacy","gaming","spackeria","lang_de"],"title":"Defaultseitenhieb(\"Post-Privacy\")"},{"categories":null,"content":"Der Beitrag Nicht das Urheberrecht ist das Kernthema ist von der taz verlinkt worden: Frédéric Valin faßt unter dem Titel Fortschritt ins dunkle Mittelalter den Stand der Debatte zusammen, kommt aber ebenfalls nicht zu einer Lösung - was ihn nicht hindert, schon in der Überschrift zu fordern \u0026ldquo;Die Piraten müssen das Problem Urheberrecht endlich lösen\u0026rdquo;.\nUnd da ist der Kern des Problems dann schon wieder, gleich im Titel. Mehrfach. Erstens werden die Piraten das Problem nicht lösen, genau wie keine andere politische Partei das tun wird, weil es so nicht geht. Denn zweitens ist das Urheberrecht nicht das Problem - wenn man Lena Falkenhagen oder sonst eine Person ein neues Urheberrecht schreiben ließe und es in ein Gesetz gösse - es würde nichts ändern.\nDenn das Problem ist nicht das Recht, das Problem ist der durch das Internet bewirkte Strukturwandel. Während die Industriealisierung millionenfach manuelle, repetetive, gefährliche und langweilige Arbeit weg rationalisiert hat, bewirkt das Internet auf eine ganz andere Weise ähnliches bei den Kopfarbeitern und Kreativen.\nBeispiel Wikipedia: Statt verschiedener Enzyklopädien, von denen jeder Haushalt wenigstens von einer eine Kopie im Regal stehen hatte, gibt es jetzt effektiv nur noch einen gemeinsamen Hort des Wissens, und den auch nur noch in einer zentralen Kopie, die wir gemeinsam betrachten und in Echtzeit bearbeiten. Und statt einiger Verlagsteams, die die Inhalte pflegen, tun wir alle dies nun, für lau.\nDieses Wikpedia-Prinzip ist es, das nun in immer mehr Kopfarbeiter-Branchen einzieht und dort links und rechts Geschäftsmodelle killt. Denn was anderes ist Sal Khan\u0026rsquo;s \u0026ldquo;Khan Academy\u0026rdquo; für Hersteller von Unterrichtsvideos? Was anderes sind Harry auf Deutsch oder Anime Fansubs, als die Anwendung des Wikipedia-Prinzips auf Übersetzungen und Untertitelungen? Was anderes ist O\u0026rsquo;Reillys Online Feedback Publishing System als die Anwendung von \u0026ldquo;Leser machen es selbst\u0026rdquo; auf das Lektorat?\nEs scheint so, als hätten viel zu viele Leute Here comes everybody für eine leere Drohung gehalten, oder das Konzept des kognitiven Überschusses für ein Hirngespinst. Beides ist real, und die Auswirkungen sind fundamental.\nNoch einmal: Es ist nicht das Urheberrecht, es sind nicht Mängel am Urheberrecht, die das Einkommen von Werkschaffenden bedrohen. Es sind stattdessen die Werke anderer Werkschaffender, die kollaborativ statt als Einzelkämpfer arbeiten und deren einzelne Beiträge so gering sind, daß der jeweilige Teilautor sie entgeltfrei abgibt.\nIn dem Moment, in dem ein Prozeß geschaffen wird, der ein solches kollaboratives Werkschaffen zuläßt und in dem Moment, in dem jemand ein Werkzeug schafft, daß diesen Prozeß der Kollaboration für eine Werkklasse automatisiert und mediatisiert, in dem Moment stirbt eine Branche. Nicht sofort, nicht komplett - aber sie wird mindestens marginalisiert. In den Kommentaren zu dem Ausgangsartikel findet sich ein schönes Beispiel: Johannes zählt auf, wie Werke in der Esperanto-sprechenden Community gemeinsam geschaffen werden, und daß das für alle Werk-Klassen funktoniert, ausgenommen Filme. Der Prozeß des Filmschaffens ist noch so arbeits- und kapitalintensiv, daß die Methoden dort noch nicht funktionieren. Der Rest - geschenkt. Im Wortsinn.\nDiesen Mechanismus eines fundamentalen Strukturwandels hält ein Urheberrecht - gleich wie man es formuliert - nicht auf. Und die sich daraus ergebenden Probleme löst eine einzelne Partei nicht. Schon gar nicht am grünen Tisch. Diese Sorte Probleme löst nur das Leben selbst, sie werden von Leuten entschieden, die experimentieren, Wagnisse eingehen, scheitern, es trotzdem anders noch einmal versuchen, und dann mit der ganzen Kraft ihrer Erfahrung und Energie diese Ergebnisse kommunizieren und lehren.\nDie Zeit hat da in einem Artikel über Selfpublishing-Projekte eine ganze Reihe von Beispielen. Manche von ihnen kommerziell, andere - und die Zeit kratzt hier nur an der Oberfläche - für Liebe.\nFelicia Day, selbst durch selbstpublizierte Filmprojekte zu einigem Ruhm und einem Einkommen gekommen, verweist in einem Artikel auf Google Plus auf Fox und ABC \u0026rsquo;\u0026gt;, zwei amerikanische Fernsehsender, die gerade einen Stern pullen und die Verfügbarkeit von Sendungen im Web zurückfahren wollen.\nDer Effekt, so Felicia Day: mehr Kopieren und Filesharing, und Verlust an Publikum - die Leute, die das sofort haben wollen, laden sich halt eine Kopie von anderen Quellen als Fox bzw. ABC runter, und die Leute, die warten können oder wollen, schauen das halt nicht im Fernsehen, sondern besorgen es sich zu einem späteren Zeitpunkt, vielleicht auf DVD, vielleicht indem sie es bei einem Freund kopieren, sobald der es hat. In jedem Fall schadet der Sender sich selbst und seinen Ratings. Felicia Day sieht beide Sender auf dem Weg von Tower Records und Borders Bookshops. Auch sie hat kein funktionierendes Modell parat, mit dem diese Sender (eigentlich: Produzenten) und die Konsumenten zueinander finden können.\n","date":"2011-11-10T00:00:00Z","href":"https://blog.koehntopp.info/2011/11/10/nachtrag-nicht-das-urheberrecht-ist-das-kernthema.html","tags":["copyright","kultur","media","piraten","politik","lang_de"],"title":"Nachtrag: Nicht das Urheberrecht ist das Kernthema"},{"categories":null,"content":"Wir hatten das Thema schon einmal in IP V6 verkehrt , aber es ist noch nicht tot. Spezialexperten für den Datenschutz aus aller Welt haben sich getroffen, und waren gemeinsam besorgt:\nDie Datenschutzkonferenz empfiehlt, die bisher bei Zugangsanbietern übliche dynamisch IP-Adressvergabe auch nach der Einführung von IPv6 beizubehalten. \u0026ldquo;Internetzugangsanbieter und Betreiber von Gateways sollte die Nutzung dynamischer IP-Adressen als Standardeinstellung anbieten\u0026rdquo;, heißt es in der am Freitag von Schaar veröffentlichten Entschließung (PDF-Datei).\nLutz Donnerhacke hat das zum Anlaß genommen, IP V6 einmal unter Datenschutzgesichtspunkten zu analysieren.\nSein Artikel kommt zu dem Fazit:\nDie aus der Not heraus geborene Idee, eine IP Adresse nur temporär einem Nutzer zuzuweisen, erwies sich als wirtschaftliche Goldgrube . Da für den Betrieb von Servern, also der eigenständigen Bereitstellung von Diensten, eine dauerhafte Erreichbarkeit des Servers notwendig ist, bot die Beibehaltung dynamischer IP-Adressen den Providern zusätzliche Einnahmequellen durch Hosting realer und virtueller Server, E-Mail und vieles mehr. [\u0026hellip;]\nEs gelang den Marketingabteilungen so erfolgreich, dynamische IPs als Vorteil, Schutz und Anonymität darzustellen, daß eine Abkehr von diesem Modell wenig wahrscheinlich ist.[\u0026hellip;]\nAuch die Datenschützer haben sich vor den Karren der Lobbyisten spannen lassen. Sie glauben mit dynamischen IP-Adressen das Grundübel des Internet aus ihrer Sicht entschärfen zu können. Schließlich invalidiert ja ein ständiger Wechsel der IP-Nutzer Zuordnung die von verschiedenen Webdiensten ausgeführten Idenitifizerierungen – bis zum nächsten Login, Cookie, soziale Netze-Button, E-Mail-Abruf, Tweet oder Werbebanner.\nEines der Hauptprobleme beim Umgang mit IP V6 ist, es als IP V4 mit langen Adressen anzusehen. Das ist nicht der Fall, wie Lutz an mehreren Beispielen mit Datenschutzbezug illustriert: Mit IP V6 haben wir so viele Adressen zur Verfügung, daß einem Kunden nicht nur mehrere Prefixe zugeteilt werden können, sondern einzelne Adressen auch für Dinge wie Authentisierungsmechanismen (CGA, Cryptographically Generated Adresses) verwendet werden können. Er zeigt, wie mit Hilfsmitteln wie rotierenden Prefixen unterbrechungsfreies Umnummerieren möglich ist (keine Zwangstrennung mehr), und welche anderen neuen Anwendungen durch V6 erst ermöglicht werden.\nDann schlägt er die Kehre und kehrt zu der Bemerkung oben zurück: »\u0026hellip; bis zum nächsten Login, Cookie, soziale Netze-Button, E-Mail-Abruf, Tweet oder Werbebanner.« Lutz dazu:\nFeste IP Adressen gestatten aber einen ganz anderen Ansatz zur Datensparsamkeit. [\u0026hellip;\nWeb 2.0 Techniken füllen eine Webseite mit Inhalten aus anderen Quellen , insbesondere von anderen Servern. Was spricht also dagegen, die privaten Daten daheim, auf einem Rechner mit fester IP, beispielsweise dem DSL-Router mit angeflanschter USB-Platte, abzulegen und anzubieten? [\u0026hellip;]\nDiese Vision setzt zwei Dinge voraus: Statische IPv6 Adressen nutzbar auf jedermanns Technik und den mündigen Menschen . Beides kann der Datenschutz leisten: Er hat den Bildungsauftrag, eigenverantwortlichen Umgang mit persönlichen Daten sicherzustellen und den Regulierungsauftrag, die betreffenden Hersteller und ISPs zur Entwicklung datensparsamer Konzepte anzuhalten. Er bekommt dafür die Chance, aktiv das techno-soziale Gefüge des Internets wieder zu demokratisieren.\n(Den vollständigen Artikel lesen )\n","date":"2011-11-09T00:00:00Z","href":"https://blog.koehntopp.info/2011/11/09/datenschutztheater-dynamische-ipv6-adressen.html","tags":["privacy","ipv6","politik","privacy","spackeria","lang_de"],"title":"Datenschutztheater: dynamische IPv6 Adressen"},{"categories":null,"content":"Die Süddeutsche hat einen määndernden Artikel , der auf Seite 2 dann doch noch irgendwie zum Punkt kommt und Rick Falkvinge verlinkt und daraus ableitet:\nJetzt, da sie erstmals in einem deutschen Parlament sitzen, scheinen sie genau das vergessen zu haben. Sie sprechen über fahrscheinlosen Nahverkehr, aber nicht über das Urheberrecht. Das ist erstaunlich, weil eine Pauschalabgabe fürs S-Bahnfahren genau auf dem urheberrechtlichen Modell basiert, das Juristen unter dem Begriff \u0026ldquo;Kulturflatrate\u0026rdquo; für die Netznutzung beschreiben.\nNun ist zum Einen ein Stadt- oder Landesparlament nicht der richtige Ort, um über Änderungen am Urheberrecht zu diskutieren - selbst auf Bundesebene sind Änderungen hier nur begrenzt möglich, und insofern läuft die SZ hier komplett an den politischen Realitäten und Zuständigkeiten vorbei.\nUnd zum anderen ist die Situation weitaus komplizierter, und das eigentliche Problem nicht durch Arbeit am Urheberrecht alleine zu packen. Entsprechend kann eine Lösung auch nicht von einer Partei alleine kommen - schon gar nicht von der Piratenpartei alleine.\nSehr schön erkennt man dies an der Frage, die Lena Falkenhagen auf Google Plus gestellt hat:\nWäre gespannt, wie die Piraten beim Wegfall des Urheberrechtes das kreative Schaffen entlohnen wollen. Ansonsten bin ich mittellos.\nChristian Buggedei hatte mich auf diese Diskussion aufmerksam gemacht und ich habe den Artikel auf Google Plus weiter geshared, um noch ein paar relevante Personen mehr darauf aufmerksam zu machen, und so hat sich mit 81 Kommentaren dort auch ein sehr spannender Diskussionsfaden entwickelt. Er selbst verweist auf meinen Artikel Falscher Planet, falsches Jahrtausend , und zitiert\nDas Wesen aller IT ist die Kopie. [..]\nHier ist die Wahl. Sie ist die einzige Wahl. Sie ist digital, wie das Medium, das die Wahl erzwingt:\nKopieren hinnehmen. jede \u0026gt; Kommunikation von Jedermann mit jedem anderen immer auf ihre Legalität hin untersuchen und filtern. Wenn Fall 2 nicht stattfindet, bildet sich sofort ein Overlay-Netzwerk und Fall 1 tritt ein.\nEr äußert sich weiter und schreibt:\nIch kenne keinen in der Piratenpartei der Inhaltsschaffenden - seien es Musiker, Autoren, Maler, Fotografen, Komponisten oder sonstwem etwas anderes als Respekt und den Wunsch, dass sie ein Einkommen haben entgegenbringt. Nicht umsonst zeigen immer wieder Studien, dass gerade die \u0026ldquo;Powerdownloader\u0026rdquo; in der Regel überdurchschnittlich viel Geld für Medien jedweder Art ausgeben. Aber wir von der Piratenpartei sehen eben auch, dass zur Durchsetzung der Verwertungsrechte wie sie derzeit aussehen, man den von Kristian geschilderten Fall 2 zwingend implementieren muss - und das ist etwas, was wir aus bürgerrechtlicher Sicht schlicht nicht hinnehmen können.\nIch führe das in meinem eigenen Kommentar dort in eine andere Richtung noch etwas weiter aus (redaktionell überarbeitet):\nDa ist zunächst die von Christian Buggedei zitierte Beobachtung in meinem Artikel - das ist noch keine Forderung, sondern nur eine Feststellung. Ich glaube tatsächlich nicht, daß wir alle da viel Wahl haben: Die Umstände des Schreibens ändern sich und damit das Biotop, in dem Werkschaffende tätig sind.\nDa ist einmal die Leichtigkeit, mit der Kopien von irgendwas gemacht werden können - Bücher, Musik, Filme und auch alles mögliche andere, was auf einem Mal digital und nichtstofflich existiert und vorher dinglich war.\nDann ist da aber auch die Verminderung des Aufwandes und die Verkürzung der Publishing Pipeline: Jeder, der schreiben will, kann nun schreiben. Ob er gelesen wird ist noch einmal eine andere Sache - aber es gibt nichts und niemanden mehr, das jemandem vom Schreiben abhalten kann. Und so gibt es neben den Werken, die Du und Deinesgleichen für Geld produzieren nun haufenweise anderes Zeugs - frei erhältlich an Orten wie Wattpad oder einer der Tausend anderen Story Communities im Web. Gegen diese Leute und deren Preise treten Autoren für Geld nun an.\nDann ist da das Zwischenfeld, das nun entsteht - zwischen Wattpad und traditionellen Verlagen. Da ist zum Beispiel Kindle Direct Publishing , und zu den typischen Kindle-Only Preisen von $0.99, $1.99 oder $3.99 bekommt man eine Menge Zeugs, von dem nicht mal die Hälfte schlecht ist. Out of the Black zum Beispiel waren gut angelegte drei Dollar für eine Art World-of-Darkness Story, und The Rho Agenda: The Second Ship und Immune war feine Scifi Jugendliteratur, zwei Bücher für ca. vier Dollar.\nOb mit oder ohne Urheberrecht - das alleine ist genug, um die Luft aus den meisten derzeit existierenden Verlagen und den daran hängenden Autorenkarrieren zu lassen.\nAnders herum kann ich natürlich den Kopierschutz von einer AZW- oder sonstigen eBook-Datei entfernen. Ich habe auch noch nie eine Firma gesehen, in der nicht ein nicht weiter kartierter Server existiert hätte, der erstaunlich viel Plattenplatz gehabt hat und dessen Platten immer voll waren, obwohl nichts davon älter als 4 Wochen war. Oder eine Webpage mit einer langen Liste von Subsonic -Links oder eine andere Webpage mit einer Prozedur, wie man sich an die gemeinsamen Dropboxen der Kollegen dranklemmt.\nAuch das hat mit Urheberrecht als Gesetz nichts zu tun, abgesehen davon, daß es offiziell verboten ist und dieses Fakt dennoch nirgendwo irgendjemanden auch nur am Rande interessiert.\nDennoch bin ich fleißig dabei, Geld in Richtung von Autoren oder Musikern zu pumpen, denen es gelungen ist, mich zu begeistern. Idealerweise gibt es einen Weg, mit dem ich dabei möglichst wenig Reibungsverluste habe und möglichst wenig Zwischen-Instanzen mit finanzieren muß. Also kaufe ich Musik bei CDBaby und Bücher via KDP (siehe oben) und habe natürlich auch Iron Sky War Bonds gekauft.\nFrüher habe ich auch gerne CDs gekauft - im Quartal sind dabei etwa 400-500 Deutschmark Einkommen disponiert worden: Ich habe meine Musik halt gerne unkomprimiert und in physischer Form, damit ich sie neu digitalisieren kann, wenn mir danach ist. Aber ich habe gelernt, daß ich damit nicht Musiker fördere, sondern nur koksende Sony-Spacken, die mir zum Dank für meine Investition wie in Sonys Digitaler Hausfriedensbruch geschildert ein Rootkit auf meine Karre installieren, gleich neben den Staatstrojaner.\nFrüher habe ich auch gerne Bücher gekauft. Aber dort kommen von den 7.99 EUR eines Bastei-Lübbe oder Heyne-Buches nur Bruchteile dem Autor, den ich gut finde, zugute. Also habe ich bei einem Umzug von den 2500 Büchern Scifi und Fantasy nur ein Billy voll behalten und kaufe nicht mehr beim Schund-Spezialisten aus dem Neuerscheinungsregal einen Arm voll Scifi/Fantasy im Monat. Stattdessen geht das Geld andere Wege - aber es ist nicht weniger, deucht mich: Anonyme Amazoniker zeigt das recht deutlich.\nUm das Urheber-Recht würde ich mich dabei an Deiner Stelle wenig Sorgen. Es ist das Kleinste Deiner Probleme, wenn Du mit dem Schreiben Geld verdienen willst.\nNoch einmal, weil es wichtig ist:\nUm das Urheber-Recht würde ich mich dabei an Deiner Stelle wenig Sorgen. Es ist das Kleinste Deiner Probleme, wenn Du mit dem Schreiben Geld verdienen willst.\nIch will damit sagen, daß wir es hier mit einem strukturellen Wandel in der Kommunikation und dem Verhältnis zwischen Werkschaffenden und Konsumenten zu tun haben, bei dem die Analyse \u0026ldquo;Urheberrecht - ansonsten bin ich mittellos\u0026rdquo; die realen Umstände vollständig verkennt oder gar verleugnet und in jedem Fall viel zu kurz greift.\n\u0026ldquo;Mittellos\u0026rdquo; ist eine Autorin nicht wegen des Rechtes, sondern wegen der Leichtigkeit, mit der jeder kreieren, publizieren, kuratieren und kommunizieren kann. Die Autorin tritt nicht mehr gegen die Texte anderer professioneller Autorin an, sondern gegen jeden, der etwas veröffentlichen möchte und insbesondere gegen Personen, deren Lebensunterhalt nicht an den Verkauf von Veröffentlichtungen gekoppelt ist, und die ihre Werke daher ohne weiteres kostenfrei publizieren können.\nIn einem weiteren Kommentar habe ich dazu Beispiele gebracht:\nKostenloskultur : Autoren von Lehrmaterial treten gegen Sal Khan an, der auf Youtube unglaubliche Mengen unglaublich guter Lehrvideos zu den wildesten Themen einstellt - und diesen Autoren vielfach die Geschäftsgrundlage entzieht.\nPoltik, Polemik und eine Agenda : Ich hatte eine spannende Unterhaltung mit der Katze und Dirk Remmecke über Anime und Anime Fansubs - gute Fansubs machen Anime-Vertrieben zu schaffen. Ein Problem dabei: Die Geschwindigkeit von Aktionen wie Harry Auf Deutsch und die Qualität von Aktionen wie dem Pretty Guardian Sailor Moon Live Action sind von kommerziellen Anbietern kaum zu schlagen - diese sind Begrenzungen durch Budget und Staffing ausgesetzt und sie treten bei populären Sachen gegen Armeen von Enthusiasten an, die kein Leben haben oder bereit sind, den größeren Teil ihrer Freizeit Wikipedia-Style in einen Crowdsourcing-Ansatz zu investieren.\nOnline Feedback Publishing System : O\u0026rsquo;Reilly stellt neue Bücher im Volltext zum Review auf OFPS (Online Feedback Publishing System) bereit, um Anmerkungen von interessierten Lesern zu Crowdsourcen und so die technische und inhaltliche Qualität des Werkes zu verbessern - Leser bekommen so aber auch (legal) den elektronischen Volltext aller möglichen Neuerscheinungen zu fassen.\nO\u0026rsquo;Reilly Registration Page : Anders herum: Bei O\u0026rsquo;Reilly kann man sein gedrucktes Buch auch registrieren und bekommt dann die elektronischen Fassungen kostenlos dazu, bzw kann das Werk auch auf neue Releases upgraden.\nDas sind alles Signale, die anzeigen, wie sich der Markt um Werke verändert - mit einem Werk für Geld tritt man immer auch gegen ein vergleichbares Werk für Liebe und Spaß an. Autoren und Verlage experimentieren derzeit wie wild, um herauszufinden, wie sie sich in so einem Umfeld ausreichend differenzieren können, um Leser zum Zahlen zu motivieren.\nKopierschutz ist es nicht, das wissen wir schon (weil es heute Thema in einer anderen Diskussion war, hier ein Satz Links zu einem einzelnen Hersteller: Audible DRM , Audible DRM , Audible DRM ).\nRechtsverschärfung ist es auch nicht - das meiste Getausche geht dark und nicht im offenen Netz ab, und offen gesagt interessiert die Rechtslage im nichtkommerziellen Umgang (\u0026ldquo;Privatkopie\u0026rdquo; - wobei da schnell mal Terabytes fließen) mit dem Urheberrecht faktisch seit Napster niemanden mehr. Ob man das jetzt noch im geschriebenen Recht anpaßt oder nicht ist mehr eine Formalität.\nNebenan bei der #Spackeria verwendete acid übrigens dasselbe Zitat von mir wie Christian Buggedei oben, in einem ähnlichen und doch ganz anderen Kontext: Herausforderungen der Informationsfreiheit .\nUnd schließlich: Ich habe ja auch mal für Geld geschrieben, wenn auch nie hauptberuflich: Artikel von KristianKöhntopp . Aber inzwischen ist es so, daß ich persönlich meine Artikel lieber kostenlos ins Blog stelle als etwa einem Verlag zu verkaufen: Warum alle meine Texte frei im Netz zu lesen sind .\nDer Return für mich ist besser, wen der Artikel dauernd frei im Netz steht als wenn mir ein Verlag was dafür bezahlt, UND ich habe keinen Nerv mit dem Vertragstanz mehr: Selbst Heise, als Verlag für Fachautoren echt superfreundlich, umgänglich und technisch kompetent, hat inzwischen Total Buyout Verträge und es war ein Riesenproblem, meine Sechs-Monats-Regel in eine iX-Autorenvereinbarung rein zu bekommen. Am Ende ist es für mich als Nebenerwerbs-Schreiber von technischen Artikeln den Nerv schlicht nicht wert - da gebe ich das Zeugs eben so weg.\n\u0026ldquo;Mittellos\u0026rdquo; ist auch eine Lektorin und Redakteurin, weil sich die Publishing Pipeline für die meisten Publizierenden so stark verkürzt hat, daß für diese Rollen darin kein Platz und somit auch kein Einkommen mehr vorhanden ist.\nMan erkennt, daß das Urheberrecht hier thematisch keine Rolle spielt, außer vielleicht als Instrument, die Transaktionskosten einer Veröffentlichung so weit zu erhöhen, daß \u0026lsquo;kostenlos\u0026rsquo; keine Option mehr ist. Das ist aber aus einer Reihe von anderen Gründen keine volkswirtschaftlich oder politisch wünschenswerte Option.\nZum Urheberrecht gibt es in der Piratenpartei selbst übrigens Personen, die in einer ähnlichen Situation sind, wie Lena: Mela Eckenfels zum Beispiel schreibt und ist eine engagierte Piratin. Ich habe in einem weiteren Kommentar einmal ihre Position aus ihrem Blog zusammen recherchiert:\nUnd dann muß ich in diesem Thread extra noch mal Mela Eckenfels erwähnen. Sie ist eine Piratin aus Karlsruhe, außerdem eine Autorin und von ihr hören wir inhaltlich die gleiche Klage wie von Lena.\nIch habe in den Kommentaren oben schon klar gemacht, daß ich das für fehlgeleitet habe - das Problem ist nicht das Urheberrecht und wenn jemand Probleme hat, vom Schreiben zu leben, dann liegt das meiner Meinung nach mit Sicherheit nicht am Urheberrecht, sondern eher an den anderen, sich rapide verändernden Umständen, die ich oben aufgezählt habe.\nDas Geschenk der Piratenpartei an die Verwerter , Long Tail , Butter bei die Fische\u0026hellip; , Wie Kulturschaffende Geld verdienen , Piratenschwarz .\nWobei insbesondere der Artikel Wie Kulturschaffende Geld verdienen im Grunde genommen nahtlos via Herausforderungen der Informationsfreiheit an die Forderung der Piraten nach einem bedingungslosen Grundeinkommen anschließt.\n#spackeria@Ircnet, 25-Oct-2011, 13:18\nIsotopp\u0026gt; acid_: Ich mag den Bogen von \u0026lsquo;Neue Kommunikations- und Überwachungsmedien -\u0026gt; Transparente Gesellschaft -\u0026gt; essentiell anarchie-fähige Gesellschaft, Grundeinkommen, Star Trek\u0026rsquo;\nWomit wir dann spätestens bei Star Trek wieder bei Mela sind. :-)\nLena Falkenhagen nimmt in der Diskussion selbst Stellung. Sie bezeichnet sich selbst \u0026lsquo;kein Kopierschutz-Nazi\u0026rsquo; und sagt, daß sie kein Problem damit habe, wenn Bücher weitergereicht, Songs kopiert oder TV-Serien aus den USA in andere Teile der Welt weitergegeben werden, wo sie noch nicht verfügbar sind. Ihre Aussage ist: \u0026ldquo;Ich anerkenne, dass es da eine Grauzone gibt, deren Definition noch getroffen werden muss.\u0026rdquo;\nIch bin mir ihr auf einer Linie, wenn sie sagt, sie habe keine Angst, daß die Menschen keine Geschichten mehr wollen, und ich habe genug Bücher von ihr gelesen (die einzigen DSA-Romane, die ich bei meiner Papierbücher-Ausmist-Aktion behalten habe, waren ihre!), um zu wissen, daß sie keine Angst vor der Konkurrenz haben muß.\nAber wenn sie schreibt: \u0026ldquo;Das Resultat eines Wegfalls des Vervielfältigungsrechts an der eigenen Geschichte [\u0026hellip;] wäre aber, dass ich mir einen Brötchenjob würde zulegen müssen, der 100% meiner Zeit frisst und nicht mehr (oder sehr eingeschränkt) schreiberisch tätig werden könnte.\u0026rdquo; (Mela schreibt sinngemäß dasselbe in Wie Kulturschaffende Geld verdienen ), dann muß ich doch mal böse unfair draufhauen.\nIch bin ja in meinem Leben einige Jahre als fahrendes Volk durch die Gegend gezogen und habe Kunden für Geld glücklich gemacht, d.h. ich war das, was man gemeinhin einen Berater oder Consultant nennt. Diese Tätigkeit bringt es mit sich, daß man erstaunlich viel schreibt - in der Woche kommen da mitunter durchaus dreistellige Seitenzahlen an Prosa zusammen, und zwar genau die Sorte Prosa, die Lena Falkenhagen und Mela Eckenfels in ihre Stellungnahmen so verachten: Gebrauchs-Sachliteratur, die das Ziel hat, den Kunden arbeitsfähig zu machen und ihn so auszubilden, daß er das, was ich da getan habe, nachvollziehen und in Zukunft selber machen kann.\nDer Unterschied zwischen \u0026ldquo;Werkschaffenden\u0026rdquo; (Hey, meine Texte sind keine Werke???) oder gar \u0026ldquo;Kulturschaffenden\u0026rdquo; (Angesichts solcher Anmaßungen regt sich in mir schon einige Aggression) und dem gemeinen sich prostituierenden Consultant ist der, daß diese Schaffenden ihre Werke und Ideen schützen, hegen und monopolisieren wollen, während der Consultant seine Werke in der Regel mit den Werken der anderen auf diesem Gebiet Schaffenden zusammenlegt, \u0026ldquo;Best Practice\u0026rdquo; definiert und das dann versucht, möglichst weit zu verbreiten.\nDer durchschnittliche Consultant lebt davon im Mittel besser als der durchschnittliche Autor. Meinjanur.\nTatjana Azundris spitzt das noch pointierter zu. Sie schreibt:\n\u0026ldquo;dass Urheber von ihren Werken derzeit kaum existieren können\u0026rdquo;\nDas ist auch kein Menschenrecht. Ähnlich wie Kristian Köhntopp befinde ich mich schuldlos in der Lage, daß das was ich kreativ anstelle zu einem akzeptablen Einkommen führt, mit dem ich (auch) Leute unterstütze, die mich begeistern. Es gibt aber kein Recht darauf, von Aktivitäten auf die man Lust hat auch leben zu können. Vielleicht ist die Epoche des Zeichnens, Schreibens, Komponierens für den Lebensunterhalt einfach zu Ende; das ist kein so komplizierter Gedanke. Wenn man das nicht will, wäre es womöglich zielführender, nicht auf das Urheberrecht einwirken zu wollen, sondern auf bedingungsloses Grundeinkommen hin?\nDen Mehrwert von Lektorat vermag ich uebrigens zu erkennen; den von Satz nur in Printmedien — es erscheint wagemutig, heute noch Annahmen ueber die Zielplatform zu machen.\nAnsonsten stelle ich fest, dass z.B. mein Comic-Konsum sich komplett von den grossen Verlagen abgelöst hat. Nicht nur sagt mir \u0026ldquo;1x täglich\u0026rdquo; mehr zu als \u0026ldquo;1x wöchentlich\u0026rdquo;, die Comics sind einfach besser. Was bekomme ich bei DC? Alle paar Jahre fahren sie\u0026rsquo;s so an die Wand, dass sie die continuity rebooten muessen und mein komplettes Investment im Po ist. Schön fuer Neueinsteiger, schlecht fuer Bestandskunden. Was noch? Women in Refrigerators. Rape- and porn-tastic nonsense. DC haetten mich als Kundin auch dann verloren, wenn es keine Alternativen gäbe. (Das ist die gepriesene Präselektion/Filterung durch die Verlag. Ich hätte da doch lieber ein Web of Trust bzw. data mining — \u0026ldquo;Leute die ähnliche Dinge wie Sie gut fanden, mochten folgende Werke die Sie noch nicht kennen \u0026hellip;\u0026rdquo;). Die comics die ich jetzt lese, sind schlauer, frauenfreundlicher, haben Charaktere aus Minderheiten denen ich angehöre, und ernaehren in vielen Faellen ihre Urheberinnen (Girls with Slingshots, Cat \u0026amp; Girl usw.). Dabei erscheinen diese comics gratis im Netz. Es ist nicht Urheberrecht das diese Frauen ernährt: \u0026ldquo;The secret ingredient is love.\u0026rdquo;\nWenn man Leute passend begeistert, geben sie einem Geld.\nAuch wenn sie nicht müssen.\nWiederum: Niche und starke Fan-Bindung, nicht Verlag.\n\u0026ldquo;Es gibt auch Musiker fuer die das funktioniert.\u0026rdquo; Und da ist noch nicht mal die Frage mit drin, ob der Gini-Index irgendwann so kaputt sein wird, dass Menschen entweder nicht lesen, gratis lesen, oder raubkopieren — alles, nur nicht ein $15 Buch kaufen, weil das ein Luxusgut ist.\nAuch nicht enthalten ist die Frage, ob Bücher in 10 Jahren noch zu Aufmerksamkeitsspannen der tl;dr-Generation passen werden. Ich selbst habe schon heute Bücher weitgehend durch Wikipedia-Artikel (zum Lesen) und podcasts bzw. TED und Stanford-Videos (zum Hören und dabei Einschlafen) ersetzt, und ich kann mich noch erinnern, als eine Bibliothek meine Erziehungsberechtigte war.\nWe\u0026rsquo;ve come a long way.\nEnde des unfair Draufhauens.\nAb dieser Stelle bricht die ganze Diskussion in dem Googe Plus Text ein wenig zusammen, unter anderem weil angefangen wird, Kopieren von Texten oder Konzepten mit dem Diebstahl in der Dinglichen Welt gleichzusetzen. Die Tatsache, daß das genau nicht gleich ist, ist die Ursache für die Alternative, die ich in Falscher Planet, falsches Jahrtausend stelle und die Christian Buggedei und Acid in ihren Texten zitieren. Die Tatsache, daß das genau nicht gleich ist, ist die Ursache für den Strukturwandel, den ich versucht habe, in langen Beispielen und Linklisten zu illustrieren.\nUnd dieser Strukturwandel ist so gewaltig, daß das Urheberrecht oder veränderungen gleich welcher Art an ihm weder in der Lage sind, die Situation zu verändern noch den Wandel auch nur zu verzögern. Wie ich oben schon sagte: Das Urheberrecht ist nicht der Punkt, über den sich Lena Falkenhagen und Mela Eckenfels sorgen machen müssen.\nUnd das ist auch der Grund, warum eine Antwort auf diese Frage nicht von der Piratenpartei alleine kommen kann. Wobei deren Konzept eines bedingungslosen Grundeinkommens wahrscheinlich schon einen guten Schritt in diese Richtung geht.\nLothar Gesslein bringt es auf den Punkt:\nMich, der jeden Abend ein E-Book liest, mehrmals pro Monat einen digitalen Film zuhause guckt, seit Jahren keine CD mehr gekauft hat und trotzdem oft Musik hört, betrifft diese Debatte genauso im Kern meiner Lebensrealität und -qualität wie den Autor, Filmemacher, Musikant der seine Brötchen bezahlen muss.\nSelbstverständlich haben die Erschaffer ein (moralisches) Recht zu diktieren unter welchen Bedingungen sie bereit sind weiter kreativ zu sein. Die Konsumenten haben aber genauso ein (moralisches) Recht zu diktieren unter welchen Bedingungen sie noch bereit sind die Finanzierung zu leisten.\nAm Ende muss man sich einigen, weil der Eine nicht ohne den Anderen kann.\n","date":"2011-11-08T00:00:00Z","href":"https://blog.koehntopp.info/2011/11/08/nicht-urheberrecht-ist-das-kernthema.html","tags":["copyright","media","piraten","politik","lang_de"],"title":"Nicht Urheberrecht ist das Kernthema"},{"categories":null,"content":"Q\u0026gt; Sag mal, NULL zählt nicht bei einem UNIQUE INDEX? Zum Beispiel ein UNIQUE INDEX auf (a,b) und dann\na b 1 2 1 2 Das geht nicht, da Duplikate Key. Aber\na b 1 NULL 1 NULL wird zugelassen.\nKris\u0026gt; Du kaufst bitte mal SQL für Smarties: Advanced SQL Programming und ißt das dann auf.\nmysql\u0026gt; select * from t; +----+------+ | id | d | +----+------+ | 1 | NULL | | 2 | 2 | | 3 | 3 | | 4 | NULL | +----+------+ 4 rows in set (0.00 sec) mysql\u0026gt; select count(*) as a, count(d) as b, count(coalesce(d, 0)) as c from t; +---+---+---+ | a | b | c | +---+---+---+ | 4 | 2 | 4 | +---+---+---+ 1 row in set (0.00 sec) mysql\u0026gt; select d, coalesce(d, 0) as dc from t; +------+------+ | d | dc | +------+------+ | NULL | 0 | | 2 | 2 | | 3 | 3 | | NULL | 0 | +------+------+ 4 rows in set (0.00 sec) Kris\u0026gt; Und außerdem\nmysql\u0026gt; select 0=0, 1=1, 0=1, NULL=0, NULL=1, NULL=NULL; +-----+-----+-----+--------+--------+-----------+ | 0=0 | 1=1 | 0=1 | NULL=0 | NULL=1 | NULL=NULL | +-----+-----+-----+--------+--------+-----------+ | 1 | 1 | 0 | NULL | NULL | NULL | +-----+-----+-----+--------+--------+-----------+ 1 row in set (0.00 sec) Q\u0026gt; Ah, es liegt also daran, daß NULL kein Wert ist, sondern einfach NICHTS.\nKris\u0026gt; NICHTS ist das falsche Wort. Es ist NULL. Das hat viele verschiedene Bedeutungen in SQL, es ist nicht mal konsistent. Es ist auch nicht undef, wie in Perl. Es ist NULL. Und was dann passiert, das muß man wissen.\nmysql\u0026gt; create table tt ( t int null, unique (t)); Query OK, 0 rows affected (0.37 sec) mysql\u0026gt; insert into tt values (1), (2), (2); ERROR 1062 (23000): Duplicate entry \u0026#39;2\u0026#39; for key \u0026#39;t\u0026#39; aber\nmysql\u0026gt; insert into tt values (1), (2), (NULL); Query OK, 3 rows affected (0.00 sec) Records: 3 Duplicates: 0 Warnings: 0 mysql\u0026gt; insert into tt values (NULL); Query OK, 1 row affected (0.00 sec) mysql\u0026gt; select * from tt; +------+ | t | +------+ | NULL | | NULL | | 1 | | 2 | +------+ 4 rows in set (0.00 sec) Kris\u0026gt; Das liegt daran, daß der UNQIUE INDEX schaut, ob für irgendeinen vorhandenen wert = der neue wert wahr ist. Wenn ja, wird der Wert abgelehnt. Wenn du aber ein vorhandenes NULL mit dem neuen NULL vergleichst, dann ist das nie wahr, und auch nie falsch, sondern immer NULL.\nmysql\u0026gt; select NULL = NULL, NULL \u0026lt;\u0026gt; NULL; +-------------+--------------+ | NULL = NULL | NULL \u0026lt;\u0026gt; NULL | +-------------+--------------+ | NULL | NULL | +-------------+--------------+ 1 row in set (0.00 sec) Kris\u0026gt; NULL ist also nicht gleich NULL, NULL ist jedoch auch nicht ungleich NULL. NULL ist auch nicht ungleich wahr, und es ist auch nicht gleich wahr.\nmysql\u0026gt; select 1 = NULL, 1 \u0026lt;\u0026gt; NULL; +----------+-----------+ | 1 = NULL | 1 \u0026lt;\u0026gt; NULL | +----------+-----------+ | NULL | NULL | +----------+-----------+ 1 row in set (0.00 sec) Kris\u0026gt; NULL ist auch nicht ungleich falsch und auch nicht gleich falsch.\nmysql\u0026gt; select 0 = NULL, 0 \u0026lt;\u0026gt; NULL; +----------+-----------+ | 0 = NULL | 0 \u0026lt;\u0026gt; NULL | +----------+-----------+ | NULL | NULL | +----------+-----------+ 1 row in set (0.00 sec) Kris\u0026gt; NULL ist NULL.\nQ\u0026gt; LOL. Kris, Du bist ein.. ich weiß es nicht. Irgendwas verrücktes.\nKris\u0026gt; Perl Programmierer kennen nun undef, und sehen\nKK:~ kris$ perl -e \u0026#39;$a = undef; print \u0026#34;keks${a}keks\\n\u0026#34;;\u0026#39; kekskeks Kris\u0026gt; SQL dagegen\nmysql\u0026gt; select concat(\u0026#39;keks\u0026#39;, \u0026#39;keks\u0026#39;) as keks, concat(\u0026#39;keks\u0026#39;,NULL,\u0026#39;keks\u0026#39;) as nix; +----------+------+ | keks | nix | +----------+------+ | kekskeks | NULL | +----------+------+ 1 row in set (0.00 sec) Kris\u0026gt; NULL ist NULL. Es ist nicht Nix. Also es ist nicht \u0026ldquo;\u0026rdquo;. Es ist NULL. Perl programmierer wieder so\nKK:~ kris$ perl -e \u0026#39;$a = undef; print 10+$a,\u0026#34;\\n\u0026#34;;\u0026#39; 10 Kris\u0026gt; Rate was SQL macht?\nmysql\u0026gt; select 10 + NULL; +-----------+ | 10 + NULL | +-----------+ | NULL | +-----------+ 1 row in set (0.00 sec) Kris\u0026gt; Vernichtet NULL also alles, womit es in Kontakt kommt? Nein, es ist nicht systematisch. In Aggregaten wird es übersprungen.\nmysql\u0026gt; select * from tt; +------+ | t | +------+ | NULL | | NULL | | 1 | | 2 | +------+ 4 rows in set (0.00 sec) mysql\u0026gt; select count(t), sum(t) from tt; +----------+--------+ | count(t) | sum(t) | +----------+--------+ | 2 | 3 | +----------+--------+ 1 row in set (0.00 sec) Kris\u0026gt; Konsequenterweise ist also avg(t) auch sum(t)/count(t) = 3/2 = 1.5\nmysql\u0026gt; select count(t), sum(t), avg(t) from tt; +----------+--------+--------+ | count(t) | sum(t) | avg(t) | +----------+--------+--------+ | 2 | 3 | 1.5000 | +----------+--------+--------+ 1 row in set (0.00 sec) Kris\u0026gt; Es gibt ein Prädikat, das NULL testbar macht - ISNULL(). Es gibt einen Operator, der NULL testbar macht: IS NULL\nmysql\u0026gt; select * from tt where t IS NULL; +------+ | t | +------+ | NULL | | NULL | +------+ 2 rows in set (0.00 sec) mysql\u0026gt; select * from tt where isnull(t); +------+ | t | +------+ | NULL | | NULL | +------+ 2 rows in set (0.00 sec) Kris\u0026gt; Es gibt in MySQL einen nonstandard Komparator, der NULL normalisiert.\nmysql\u0026gt; select * from tt as a join tt as b on a.t \u0026lt;=\u0026gt; b.t; +------+------+ | t | t | +------+------+ | NULL | NULL | | NULL | NULL | | NULL | NULL | | NULL | NULL | | 1 | 1 | | 2 | 2 | +------+------+ 6 rows in set (0.00 sec) mysql\u0026gt; select NULL \u0026lt;=\u0026gt; NULL, NULL \u0026lt;=\u0026gt; 0, NULL \u0026lt;=\u0026gt; 1; +---------------+------------+------------+ | NULL \u0026lt;=\u0026gt; NULL | NULL \u0026lt;=\u0026gt; 0 | NULL \u0026lt;=\u0026gt; 1 | +---------------+------------+------------+ | 1 | 0 | 0 | +---------------+------------+------------+ 1 row in set (0.00 sec) Kris\u0026gt; Vergleiche den normalen =-Operator.\nmysql\u0026gt; select * from tt as a join tt as b on a.t = b.t; +------+------+ | t | t | +------+------+ | 1 | 1 | | 2 | 2 | +------+------+ 2 rows in set (0.00 sec) Kris\u0026gt; Und es gibt eine Funktion, die, wenn sie einen NULL vorfindet, einen Default einsetzt. Genau genommen nimmt COALESCE() eine Liste von Werten und gibt den ersten Wert aus, der nicht NULL ist.\nmysql\u0026gt; select coalesce(t, 17) from tt; +-----------------+ | coalesce(t, 17) | +-----------------+ | 17 | | 17 | | 1 | | 2 | +-----------------+ 4 rows in set (0.00 sec) Kris\u0026gt; Und ich lehre unsere Entwickler, im Zweifel jeden NULLbaren wert in COALESCE() zu wickeln, weil sie die Logik von SQL im Hinblick auf NULL sowieso nicht korrekt hinkriegen. Also, im Hinblick auf die o.a. Tabelle tt:\nKris\u0026gt; Wenn\nmysql\u0026gt; select * from tt where t =1; +------+ | t | +------+ | 1 | +------+ 1 row in set (0.00 sec) ist, was ist dann der REST der Tabelle, also welches SQL-Statement lädt mir die andere Hälfte des Universums?\nmysql\u0026gt; select * from tt where t \u0026lt;\u0026gt; 1; +------+ | t | +------+ | 2 | +------+ 1 row in set (0.00 sec) Kris\u0026gt; Moment! Da fehlt doch was!\nmysql\u0026gt; select * from tt where t IS NULL; +------+ | t | +------+ | NULL | | NULL | +------+ 2 rows in set (0.00 sec) Das Gegenteil von SELECT * from tt where t = 1 ist eben NICHT select * from tt where t \u0026lt;\u0026gt; 1. Es ist SELECT * from tt where t \u0026lt;\u0026gt; 1 OR t IS NULL, weil tt.t nullbar ist. Und weil das Programmierer nie im Leben hinkriegen, verbieten wir denen NULL Werte weitestgehend.\n","date":"2011-11-04T00:00:00Z","href":"https://blog.koehntopp.info/2011/11/04/null-is-null.html","tags":["database","mysql","sql","lang_de"],"title":"NULL is NULL"},{"categories":null,"content":"Ich bin Informatiker, kein Jurist. Die Juristen und Verwaltungsmenschen, die ich kenne, haben mich jedoch gelehrt, daß Menschen in Deutschland Handlungsfreiheit haben - sie können tun, was immer sie wollen, solange dem nicht ein Verbot durch ein Gesetz entgegensteht. Dem Staate jedoch, so erklärten sie mir, ist diese Freiheit nicht gegeben: Grundlage allen staatlichen Handelns muß ein Gesetz sein.\nDarum ist der von der Firma Digitask im Auftrag der bayrischen Staatsregierung entwickelte und nahezu bundesweit eingesetzte Staatstrojaner so ein Problem: Die rechtliche Grundlage für seinen Einsatz ist nämlich mindestens strittig, wenn nicht sogar offensichtlich nicht gegeben.\nDas Urteil des Bundesverfassungsgerichtes vom 27. Februar 2008 setzt dem Ganzen recht enge Grenzen. Es definiert ein neues \u0026ldquo;Grundrecht auf Gewährleistung der Vertraulichkeit und Integrität informationstechnischer Systeme\u0026rdquo; als mittelbares Grundrecht, das seine Grundlage aus dem allgemeinen Persönlichkeitsrecht zieht, und schränkt die Anwendung einer \u0026ldquo;Online-Durchsuchung\u0026rdquo; (eigentlich: verdeckter Einbruch und heimliche Ausforschung - eine Durchsuchung erfolgt unter Zeugen und mit Wissen des Durchsuchten!) stark ein.\nZugleich öffnet das Urteil in Leitsatz 4 die Tür zur Möglichkeit der Quellen-Telekommunikationsüberwachung , wobei die Frage ist, ob es so etwas überhaupt geben kann:\nSoweit eine Ermächtigung sich auf eine staatliche Maßnahme beschränkt, durch welche die Inhalte und Umstände der laufenden Telekommunikation im Rechnernetz erhoben oder darauf bezogene Daten ausgewertet werden, ist der Eingriff an Art. 10 Abs. 1 GG zu messen. [\u0026hellip;] (Artikel 10 GG definiert das Fernmeldegeheimnis und seine Grenzen).\nDer vom Chaos Computer Club analysierte und aufgedeckte Staatstrojaner geht in seinen Möglichkeiten weit über eine Telekommunikationsüberwachung hinaus: Er bietet Möglichkeiten, beliebige Dateien vom Zielrechner herunter oder dort hin hoch zu laden und starten, er kann Bildschirmfotos machen oder Mikrofon und Kamera des Rechners zur Raumüberwachung nutzen.\nDer CCC zieht das Fazit:\nDie von den Behörden so gern suggerierte strikte Trennung von genehmigt abhörbarer Telekommunikation und der zu schützenden digitalen Intimsphäre existiert in der Praxis nicht. Der Richtervorbehalt kann schon insofern nicht vor einem Eingriff in den privaten Kernbereich schützen, als die Daten unmittelbar aus diesem Bereich der digitalen Intimsphäre erhoben werden.\nDas heißt, daß dieses Programm mehr tun kann, als im Rahmen einer fragwürdigen Quellen-Telekommunikationsüberwachung erlaubt ist - und daß die Behörden diese weitergehenden Funktionen auch benutzt haben.\nDas Landgericht Landshut hat am 25. Januar 2011 (PDF) klargestellt, daß dies rechtswidrig ist. Dennoch hat das Land Bayern im vollen Wissen dieser Rechtswidrigkeit im Jahr 2011 genau diese Software in 12 weiteren Fällen eingesetzt .\nEine Bitmap mit Zeichen, nach AES-ECB Verschlüsselung (Was siehst Du hier? Erläuterungen )\nDie Untersuchung des CCC zeigt auch, daß die eingesetzte Software nicht nur rechtlich mangelhaft aufgestellt ist, sondern auch nach den Kriterien der Informatik schwere handwerkliche Mängel aufweist:\nDer Kommandokanal, mit dem Steuerbefehle an die Software gesendet werden kann, ist weder verschlüsselt noch authentisiert (Ja, es gibt nicht mal ein Klartext-Login - jedes Kommando, das irgendwer an diese Software sendet kann, wird ungeprüft ausgeführt). Der Rückkanal mit den ausgelesenen Daten ist mangelhaft verschlüsselt - es wird AES (ein im Grunde guter Algorithmus) im ECB-Modus (eine hirntote Betriebsart diese Verfahrens) verwendet. Warum das eine schlechte Idee ist, erläutert dieser Artikel über dmcrypt sehr elegant und anschaulich, indem Bitmaps mit Buchstaben verschlüsselt werden - dadurch wird auch in der verschlüsselten Datei noch enthaltene Restinformation gut sichtbar gemacht. Noch dazu wird jeder von dem Spionageprozeß befallene Prozeß mit Privilegien ausgestattet, sodaß das ohne Paßwort gesicherte Abhör-Einfallstor zu einer echten Gefahr für die Systemsicherheit wird. Wie kann es zu so einem Fiasko kommen? Und dann noch ausgerechnet ausgehend in Bayern - das bayrische LKA ist doch angeblich so umfassend IT-kompetent und technisch in Deutschland im Bereich Internet-Ermittlungen führend!\nDie Antwort gibt die Regierungspressekonferenz vom 12. Oktober : Das bayrische LKA ist führend in dem Sinne, daß unter den Blinden der Einäugige König ist.\nDie Sprecher des Finanzministeriums und des Innenministeriums mussten in der Bundespressekonferenz Rede und Antwort zum Skandal um den Staatstrojaner stehen. [\u0026hellip;]\nFrage: [\u0026hellip;] Existiert in den Bundesbehörden eigentlich die Expertise, solche Software selber herzustellen oder, wenn sie in Auftrag gegeben und eingekauft wurde, dann auch zu kontrollieren und zu wissen, was diese Software kann oder nicht kann?\nTeschke: Ich kann zu dem einen Teil Ihrer Frage, nämlich zum Test, etwas sagen: Diese Software wird jeweils für die Maßnahme speziell konfiguriert und wird dann getestet, ob sie nur das kann, was vorgesehen ist. Das kann ich dazu sagen. Sie wird eingekauft. Es besteht also zunächst einmal im Haus selber kein Know-how.\n[\u0026hellip;]\nFrage: Wenn Sie hausintern in der Lage sind, aus den vorhandenen Softwareblöcken etwas zu machen, was \u0026ldquo;tailor-made\u0026rdquo; genau nur für diesen Fall passt, und wenn Sie auch in der Lage sind, zu überprüfen, dass alles andere nicht geht, dann müssen Sie doch das Fachwissen für diese Trojaner im Haus haben. Die Darstellung widerspricht sich meiner Meinung nach. Sie haben gerade gesagt, die Expertise für solche Trojaner sei im Haus nicht vorhanden.\nTeschke: Die Expertise, ein gesamtes Programm zu programmieren, ist nicht vorhanden. Deswegen kaufen wir sie ein. Deswegen haben wir ein Basispaket, wo wir sagen: Du musst das können, und du musst das können. Das wird getestet. Das wird im Beisein der jeweiligen Behörden getestet. Man fragt: Kann das Programm das, was wir erwarten? Dann macht es das. Dieser Test wird uns vorgelegt. Dann gehen wir davon aus, dass die Software das kann. Das ist die eine Sicherheitsmaßnahme.\n[\u0026hellip;]\nZusatzfrage: Das heißt, dass Sie, was die Möglichkeiten eines Trojaners oder eines Programms angeht ? Sie sagen: Das wird uns dann gezeigt ?, auf das Expertenwissen der Macher angewiesen sind und dass Sie zweitens nicht das Programm in Gänze verstehen, sondern nur die Konfektionierung und Ihnen die anwendbaren Teile so gezeigt werden, dass es geht.\nTeschke: Ja.\nMit anderen Worten: Bayern kauft da Sachen von einer Privatfirma ein, guckt sich das dann von außen an, und glaubt, daß diese Software, die in die absolute Intimsphäre eines Bürgers eindringen kann, genau das und nur das tut, was die Herstellerfirma behauptet, ohne im mindesten zu verstehen, was diese Software tut, wie sie das tut, und welche Nebenwirkungen sie hat.\nGenau genommen hat man noch nicht einmal genug Fachwissen , um sich vorstellen zu können, welche Nebenwirkungen und Komplikationen es geben könnte oder warum das ein Problem ist.\nNun ist Gottvertrauen ja eine sehr bayrische Sache, aber in dieser Angelegenheit nachweislich weder opportun noch ausreichend.\nDer \u0026ldquo;Bundestrojaner\u0026rdquo; und die \u0026ldquo;Quellen-Telekommunikationsüberwachung\u0026rdquo; sind nun trotz dieses systemweiten Versagens von Politik und Technik noch immer nicht am Ende. Wer die Phönix-Runde zum Thema gesehen hat, der versteht, daß die einschlägig bekannten innenpolitischen Scharfmacher dies eher als Signal zum Aufbruch sehen und diesmal rechtliche Nägel mit Köpfen machen wollen, und wenn sie dazu die Verfassung niederreißen müssen (Nichtpiratischer Lichtblick: Peter Altmaier , der schon bei Anne Will unerwartet positiv auffiel).\nHalten wir also einmal inne, und überlegen uns, wie ein Bundestrojaner 2011 denn wohl aussehen könnte, wenn man ihn \u0026lsquo;richtig\u0026rsquo; machen wollte. Wie sind die Ausgangsbedingungen?\nIn 2011 hat ein Ziel-Subjekt wahrscheinlich einen Rechner mit einer 64-Bit Variante von Windows, bald sogar ein 64 Bit-Windows mit UEFI . Ein solcher Rechner startet im Secure Boot und führt danach auf Systemebene nur signierte Betriebssystem-Komponenten aus. Seine Platte ist verschlüsselt. Um in ein solches System einzudringen braucht man entweder eine ganze Menge technisches Knowhow, das das Wissenslevel der Behörden offensichtlich übersteigt (siehe oben), oder man braucht die Kooperation des Systemherstellers.\nAndere Bedarfsträger sind diesen Weg schon vor langer Zeit gegangen (inklusive Dementi!). Es wird jedoch bei einigem Nachdenken relativ schnell klar, daß dieses Verfahren auf verschiedene Weise nicht skaliert:\nDer Hersteller hat ein Interesse daran, daß die Verfahren zur Herstellung von Systemsicherheit in seinem Betriebssystem funktionsfähig und leistungsfähig sind. Wären sie es nicht, könnte sein System nicht in sicherheitskritischen Umgebungen eingesetzt werden. Wenn man die Systemsicherheit eines so geschützten Systems also kompromittieren will, dann wird man das aller Wahrscheinlichkeit nach nicht ad-hoc tun können (denn das wäre eine ausnutzbare Schwäche), sondern über eine ab Werk eingebaute Hintertür tun müssen. Dann handelt es sich nicht um eine beliebig ausnutzbare Schwäche, sondern um einen kontrollierten, geheimen Systemzugang, eine Hintertür eben. Eine Hintertür ist aber bei weitem nicht genug, denn es wollen eine Menge Bedarfsträger auf das System, und sie wollen auf das System, ohne daß der Hersteller oder andere Bedarfsträger im Einzelfall wissen, bei wem sie wann aus welchen Gründen auf das System wollen. Die Hintertür kann also nicht durch den Hersteller im Einzelfall verwaltet werden. Es ist auch nicht kontrollierbar, welche Zivilperson welche nationale oder regionale Version eines Systems einsetzt, daher müßten alle Hintertüren in allen Versionen des Systems immer vorhanden sein. Fat Chance, haha. Im Endeffekt bekäme man also etwas, das in der Sicherheit und Organisation dem SSL-Signatursystem sehr vergleichbar wäre, und dessen Sicherheit für keinen der Bedarfsträger akzeptabel ist. Damit sind wir dann wieder bei Null, beziehungsweise landen dann hier .\nOder wir nehmen eine Umgebung an, die weiterhin so leicht kompromittierbar ist wie existierende Systeme, und auf denen sich neben der Software irgendwelcher Bedarfsträger auch weiterhin Spyware, Keylogger und andere Zusatzprogramme der organisierten Kriminalität tummeln. Der Unterschied zwischen denen und der Software meiner Regierung ist ja offensichtlich nur die Zieladresse, an der die Daten abgeliefert werden und die Qualität der Implementierung - jedem Spyware-Schreiber wäre das Digitask-Ding mehr als peinlich.\nWie dem auch sei: Nachdem sich unsere Bundes- und Landeskriminalämter, Zoll, BND und Politik jetzt erst einmal global blamiert haben, fängt der interessante Teil der Entwicklung gerade erst an. Denn auf der einen Seite wollen wir, daß \u0026lsquo;die Guten\u0026rsquo; sichere und unkompromittierbare Systeme haben. Auf der anderen Seite wollen ein Haufen Bedarfsträger die Systeme von \u0026lsquo;den Bösen\u0026rsquo; zuverlässig und ohne viel Aufwand und Aufsehen kompromittieren können. Und leider sind die Definitionen von Gut und Böse je nach Standpunkt und Aufgabe austauschbar und Rollen überlappen sich.\nParty Time, Excellent!!! Inhaber von Popcornaktien können jedenfalls gestärkt in die Zukunft blicken.\n","date":"2011-10-15T00:00:00Z","href":"https://blog.koehntopp.info/2011/10/15/der-trojaner-nach-dem-trojaner.html","tags":["computer","politik","security","lang_de"],"title":"Der Trojaner nach dem Trojaner"},{"categories":null,"content":"Das da ist Dennis Ritchie , dmr .\nDennis Ritchie schrieb zusammen mit Ken Thompson und vielen anderen Menschen in den späten 60er und den 70er Jahren die ersten Versionen des Unix-Betriebssystems, von dem viele der Systeme, die wir heute einsetzen, direkt abstammen oder substantiell beeinflußt wurden. Zusammen mit Brian Kernighan entwarf er die Programmiersprache C. Ritchie schrieb auch die Dokumentation zu diesen Systemen, und jeder Informatikstudent auf diesem Planeten hat seine Bücher \u0026lsquo;The C Programming Language\u0026rsquo; und eine Version des \u0026lsquo;Unix Programmers Manual\u0026rsquo; lesen müssen - sie sind noch heute im Druck.\n1983 bekam Ritchie für seine Arbeiten den Turing-Award , quasi den Nobelpreis für Informatiker.\nEs ist absolut unmöglich, mit Computern zu arbeiten und mit den Arbeiten und den Ideen von Dennis Ritchie nicht an jedem einzelnen Tag in direkten Kontakt zu kommen.\nDennis Ritchie starb am 12. Oktober 2011. Seine Arbeit ist unsterblich.\n","date":"2011-10-13T00:00:00Z","href":"https://blog.koehntopp.info/2011/10/13/dennis-ritchie-sep-1941-okt-2011.html","tags":["c","computer","unix","lang_de"],"title":"Dennis Ritchie (Sep 1941-Okt 2011)"},{"categories":null,"content":"Das Thema Staatstrojaner (damals noch: Bundestrojaner) begleitet uns hier im Blog schon seit fünf Jahren. Hier eine kleine Artikelsammlung zum Thema. Artikel, die auch verwandte Themen streifen (VDS, etc), sind weitestgehend ausgeklammert - bis auf den letzten Artikel in der Liste, der einen wichtigen Rundumschlag und Anknüpfungspunkt darstellt.\nEnde 2006: Bundestrojaner - der chronologisch erste Artikel zu diesem Thema. Er schließt mit \u0026lsquo;Auf dem nächsten CCC wird das sicherlich dokumentiert\u0026rsquo;. Es hat dann noch ein paar Jahre länger dauern sollen, aber das war nicht der Verschulden des CCC.\nAnfang 2007: Der Bundestrojaner durchdekliniert - ein Grundlagenartikel, der die notwendigen Anforderungen bei der Beweissicherung (gemäß den Richtlinien zur erfolgreichen Sicherung von EDV-Beweismitteln) der Funktionsweise des Bundestrojaners entgegenstellt und zeigt, daß das Konzept eines \u0026lsquo;Trojaners\u0026rsquo; zur Sammlung gerichtsverwertbarer Beweise prinzipbedingt nicht umsetzbar ist.\nDer Artikel hat ein ziemliches Echo erzeugt, und eine Reihe von Folgeartikeln hier im Blog generiert.\nAnfang 2007: Das generelle Mißverständnis beim Bundestrojaner - insbesondere gab es damals auch eine große Menge Medienanfragen, die mehr Material und Soundbites haben wollten. Nachdem sich die Politik beratungsresistent zeigte, schloß ich den Wortwechsel mit einem Kontakt mit den Worten: \u0026ldquo;Das ist ein Terror-Thema. Das bedeutet, man muss diese Leute erst mal machen und sie auf das Maul fallen lassen. Weil aus deren Sicht ist das alles engineered, beherrschbar und ein Fortschritt. So wie bei den Wahlmaschinen. Oder bei Atomkraftwerken. :) Da muss immer erst eines explodieren.\u0026rdquo; Oh, ja.\nBundestrojaner, Sina-Boxen und Mailüberwachung - damals gab es in der Diskussion eine Verwirrung um den Aufgabenbereich und die Funktionsweise der SINA-Boxen, die bei vielen Providern installiert werden mußten. Der Artikel stellt das klar, und macht transparent, wie das Abhören von Mailboxen technisch vereinheitlicht und gesichert worden ist. Das SINA-Zeugs ist von der Spezifikation und der Umsetzung projekttechnisch in etwa das Gegenteil von der aktuellen Umsetzung des Bundestrojaners.\nMan beachte auch den Kommentar dort:\nDanke für diese knappe und präzise Zusammenfassung, die ich lediglich um einen Punkt ergänzen möchte: Nach den Aussagen unserer Kunden sind die Zahlen der Überwachungsmaßnahmen stark steigend. Angesichts der Tatsache, dass bei VoIP im Rahmen der Übergangsregelung nur die Signalisierung ausgeleitet werden muss, sind die berechtigten Stellen zur Zeit scheinbar ziemlich scharf auf die entsprechenden Umsetzungen der Anschlussüberwachung für Internetzugänge, die seit der TR TKÜ 5.0 vom Dezember 2006 angesagt sind.\nLeider kann ich diese Aussagen aus verständlichen Gründen weder statistisch belegen noch Quellen dafür angeben. Ich gebe also lediglich meine persönlichen Eindrücke aus Gesprächen wider\u0026hellip;\n\u0026ldquo;Leider kann ich diese Aussagen aus verständlichen Gründen weder statistisch belegen noch Quellen dafür angeben.\u0026rdquo; \u0026ldquo;Und das, glaube ich, ist derzeit der zentrale Bug an der Sache. Es würde der öffentlichen Diskussion hier sehr gut tun, wenn sie mit ein wenig mehr Fakten und Offenheit geführt würde - ein anständiger Staat hat schließlich nichts zu verstecken und braucht auch nichts zu befürchten.\u0026rdquo; Das beleuchtet einen der zentralen Fehler in der ganzen Bundestrojaner-Geschichte.\nErst mal die Verfassung brechen\u0026hellip; - Ausschnitte aus einem Interview mit Thomas de Maizière gegenüber Deutschlandradio. Money Quote: \u0026ldquo;Das muss man probieren, wie weit man gehen kann. Und dann ist jeder eingeladen, eine Verfassungsbeschwerde einzulegen, und dann wird Karlsruhe darüber zu entscheiden haben.\u0026rdquo; Das hat Karlsruhe dann getan, und die Politik und die Exekutive haben das gemeinschaftlich ignoriert.\nBundestrojaner im Handelsblatt - Das Handelsblatt interviewt Thomas Michael Menk, Leiter Konzernsicherheit Daimler-Chrysler, vormals im Bundesministerium des Innern und im Bundesamt für Verfassungsschutz tätig. Die Soundbites sind entsprechend, aber seine Minimalanforderung \u0026ldquo;Es müssen jedoch zielgerichtete Eingriffe gegen potenzielle terroristische Straftäter sein, bei denen die rechtsstaatlichen Grenzen genau definiert sind\u0026rdquo; hat man dann doch noch leicht unterschreiten können.\nUnfälle mit dem Bundestrojaner - Verweis auf einen Bericht des Deutschlandfunk, der dokumentiert, daß behördlichem Blödsinn beim Umgang mit Überwachungssoftware keine Grenzen gesetzt sind. \u0026ldquo;In einem Fall ist der Schädling nach etwa zwei Wochen bemerkt worden, weil er im Ernst versucht hat, 120GB hochzuschießen, im zweiten Fall ist der Schädling sofort bemerkt worden und durch ein Programm ersetzt worden, das statt Daten blöden Scheiß geuppt hat.\u0026rdquo;\nMitte bis Ende 2007: Mehr Online-Durchsuchungs-Nebelkerzen - \u0026ldquo;Mal sehen, ob ich das richtig geparsed bekomme, was Ziercke da erzählt: Er möchte in einer missionskritischen Anwendung in einer Gefahrensituation unter Zeitdruck eine ungetestete Software in einer Situation einsetzen, in der er das Zielsystem nicht vollständig kontrollieren kann.\u0026rdquo; Nein, am Ende hat man nicht Encase eingekauft, sondern was eigenes zusammengestümpert. Und dabei nicht die Ressourcen des Bundes genutzt (weil die sich geweigert haben, so was zu machen - das sollte einem zu denken geben), sondern vorbestrafte Amateure in der Privatwirtschaft zeugst schreiben lassen, den man dann von inkompetenten Nichtprogrammierern nicht hat reviewen lassen.\nBundestrojaner in den Tagesthemen - Tagesthemen-Bericht über den Prozeß zum Thema Bundestrojaner vor dem Bundesverfassungsgericht, Auftritt des CCC.\nAnfang 2008: Warum Hacker sich als Bürgerrechtler verstehen - die Rolle und Mission des CCC.\nAnfang 2009: Mehr Bundestrojaner - mehr Nebelkerzen von Ziercke, BKA.\nMitte 2009: gulli: Bundestrojaner: ein Programmierer erzählt - Ein Interview mit einem Mitarbeiter der Schweizer ERA IT Solutions, der an den Projekten Mini- und Megapanzer mitgearbeitet hatte.\nAnfang 2010: Grundrechtsfusion und ein Grundrecht auf Netzneutralität - ein weiterer Artikel von mir, der recht weite Kreise gezogen hat.\nWir haben nun einen offenen gesellschaftlichen Konflikt um die Ausübung unserer Meinungs- und Informationsfreiheit im Internet. Der Konflikt ergibt sich aus dem Wegfall von Mittlern bei der Produktion, Verbreitung und Vernetzung von Personen und Dokumenten. Denn bisher hat jede Form von gesellschaftlier Regulierung von Diskursen und Kommunikation immer an den Mittlern statt an den Sendern und Empfängern angesetzt.\nDas ist genau der Kernpunkt der Diskussion um den Staatstrojaner, die wir hier erleben. Der Staat, seiner regulativen Mittel auf dem Weg zwischen Sender und Empfänger verlustig gehend, versucht nun, beim Sender- und Empfängersystem direkt anzusetzen. Dagegen ist zunächst einmal nichts zu sagen - der Ansatz ist notwendigerweise der einzige, der in irgendeiner Weise Erfolg versprechend ist. Aber nicht nur wird er technisch stümperhaft ausgeführt, sondern er erfolgt auch ohne eine offene und transparente gesellschaftliche Diskussion mit einer einhergehenden Rechtsdefinition und -findung.\nDer Staat, der so vorgeht, greift die Grundlage seiner Existenz und Legitimation an. Er zerstört sich selber.\n","date":"2011-10-11T00:00:00Z","href":"https://blog.koehntopp.info/2011/10/11/artikelsammlung-staatstrojaner.html","tags":["politik","security","lang_de"],"title":"Artikelsammlung \"Staatstrojaner\""},{"categories":null,"content":"Wer dies und dies gelesen hat, versteht mehr.\nInnoDB ist eine Storage Engine, die mit Hilfe von MVCC Transaktionen implementiert. Transaktionen zu implementieren bedeutet, daß man in der Lage ist, mehrere Änderungen zusammenzufassen und als eine Einheit als gültig zu markieren oder zurück zu nehmen. Damit das Ganze trotzdem schnell ist, muß man ein wenig herumtricksen.\nAngenommen, wir wollen eine Spalte in einer Zeile in der Tabelle t ändern:\nUPDATE t SET x=17 WHERE id=3 Dann muß InnoDB das zunächst einmal in eine Zeilennummer in einer Speicherseite übersetzen: InnoDB speichert Daten in Seiten von 16 KB (Defaultgröße) ab, und macht allen I/O in Richtung Tablespace immer nur in ganzen Seiten. In unserem Beispiel bedeutet das also, daß wir die Seite p lokalisieren müssen, in der die ID=3 der Tabelle t gespeichert ist, und diese ganze Seite in den Speicher laden.\nLaden der benötigen Seite in den Speicher. Aufbau der Transaktion im Log Buffer und Ändern der Seite im Speicher.\nInnoDB lädt die Seite also aus dem Tablespace-File in den InnoDB Buffer Pool, und baut im Speicher die Transaktion auf. Dazu wird im Log Buffer die Transaktion gebastelt und parallel dazu die Speicherseite im InnoDB Buffer Pool angepaßt. Die alte Version der betroffenen Zeile wird außerdem in das Undo-Log verschoben (dies ist nicht mit eingezeichnet, weil es in diesem Text nicht darum gehen soll). Die geänderte Speicherseite im RAM wird nicht zurück geschrieben - der Inhalt der Seite im RAM und auf der Platte divergieren, die Seite ist DIRTY (hier: rot markiert).\nBeim COMMIT wird der Log Buffer in das Redo-Log geschrieben. Es besteht eine Verknüpfung zwischen der geänderten Speicherseite und der Transaktion im Redo-Log.\nBeim COMMIT wird der Log Buffer ins Redo-Log geschrieben. Die geänderte Speicherseite (rot: DIRTY) wird immer noch nicht zurück geschrieben.\nHätten wir stattdessen ein ROLLBACK durchgeführt, hätte InnoDB die alte Version der Zeile aus dem Undo-Log geprökelt und die Änderung zurück genommen - es wäre niemals zu einem Schreibzugriff im Redo-Log gekommen, und die DIRTY Page im Speicher wäre wieder CLEAN.\nZwischen dem Eintrag im Redo-Log und der als DIRTY markierten Speicherseite besteht eine Verbindung, denn irgendwann einmal muß die Seite ja doch geschrieben werden. InnoDB versucht das aber so gut es geht zu verzögern: Schreiben in das Redo-Log ist viel schneller als Schreiben in den Tablespace.\nZum einen werden im Redo-Log nur die Änderungen notiert, nicht ganze Speicherseiten. Daher ist das Volumen der Daten im Redo-Log pro Transaktion meistens kleiner als das Volumen der als DIRTY markierten Pages.\nUnd anderen ist es so, daß das Redo-Log ungefähr das Erste ist, was eine neue MySQL-Instanz bei der Inbetriebnahme als Dateien anlegt. Die Dateien sind also, wenn man alles richtig gemacht hat, in einem leeren oder fast leeren Dateisystem angelegt worden und nur sehr wenig fragmentiert. Da sie als Ringpuffer benutzt werden und niemals neu angelegt werden, bleibt diese Eigenschaft stabil über die Lebensdauer der Datenbank erhalten.\nSchließlich ist es so, daß die Daten in InnoDB ja in der Reihenfolge der Primärschlüsselwerte abgespeichert werden. Wählt man diesen geschickt, dann ist es so, daß häufig zusammen angesprochene Daten auch physikalisch zusammen auf derselben InnoDB Speicherseite stehen. In diesem Fall ist es wahrscheinlich, daß eine bereits als DIRTY markierte Page noch ein weiteres Mal in naher Zukunft geändert wird. Hätte man die Änderung bereits zurück geschrieben, wäre die Seite wieder CLEAN und würde gleich wieder als DIRTY markiert werden, um dann wiederum neu geschrieben werden zu müssen.\nDas Schreiben ins Redo-Log sichert also die Minimalmenge an Daten in einer Datei, die für lineares Schreiben optimiert ist, und verkleinert die zu schreibende Datenmenge, indem uns ermöglicht wird, das Zurückschreiben von ganzen Speicherseiten zu verzögern und Änderungen zu aggregieren, ohne die D-Eigenschaft (Durability) von ACID zu verlieren.\nBeim Checkpoint werden aus den ältesten Redo-Log einträgen Speicherseiten bestimmt, die zurück geschrieben werden.\nIrgendwann einmal müssen wir aber auch Speicherseiten zurück schreiben. InnoDB guckt sich dabei die ältesten Einträge im Redo-Log an und sucht die von diesen Einträgen referenzierten Speicherseiten. Sobald eine gewisse Menge (1MB, 64 Seiten) an Seiten gefunden ist, werden diese in den Tablespace zurück geschrieben. Dies bezeichnet man als Checkpoint.\nDer Checkpoint setzt also DIRTY Pages auf CLEAN und gibt zugleich wieder Speicher im Redo-Log der Datenbank frei.\nDabei schreibt InnoDB Speicherseiten in zwei Schritten zurück: Eine einzelne Seite (16 KB) ist größer als ein Plattenblock. Wenn also das System mitten beim Schreiben einer Seite stehen bleibt, könnte es vorkommen, daß eine Seite zur Hälfte auf dem neuen und zur Hälfte auf dem alten Stand ist. InnoDB verhindert das, indem ein Satz von 64 Speicherseiten zunächt einmal in den Doublewrite-Buffer (nicht eingezeichnet) geschrieben wird, das Redo-Log als frei markiert wird und dann dieselben Seiten erst an Ort und Stelle geschrieben werden.\nBei einem Crash mitten im Schreiben in den Doublewrite-Buffer ist nichts verloren: Das System kann die ungeänderten Seiten aus dem Tablespace angeln, das Redo-Log anwenden, um diese im Speicher auf den neuen Stand zu patchen und dann ganz normal checkpointen.\nBei einem Crash mittem im Schreiben in den Tablespace ist ebenfalls nichts verloren: Das System fischt die neuen Versionen der Pages aus dem Doublewrite-Buffer und kopiert diese an die richtigen Stellen im Tablespace um.\nDrucksituationen Die Datenbank führt normalerweise einen Checkpoint aus, wenn sie sich langweilt: Ist InnoDB einige Zeit idle, wird irgendein Thread im System sich des Redo-Logs annehmen und die DIRTY Pages der Reihe nach lustig weg-checkpointen. Nach einer gewissen Zeit hat man 0 Redo-Log und 0 DIRTY Pages.\nAnteil des genutzten Redo-Log in einem MySQL 5.1 mit InnoDB-Plugin.\nWenn das fragliche System jedoch sehr beschäftigt ist und über eine längere Zeit eine kontinuierliche Schreiblast sieht, dann kann es passieren, daß gar nicht genug Idle-Zeiten vorhanden sind, um über diesen Prozeß Daten weg zu checkpointen. Im Bild oben sieht man eine InnoDB-Instanz mit Schreiblast und einem viel zu kleinen ib_logfile{0,1} von nur 2 x 128 MB. Nach einer Nachtpause wird das System wieder aktiv und bekommt genug Schreiblast, um im Redo-Log eine Art Backlog aufzubauen. Ab kurz nach 8 Uhr morgens ist die Last so groß, daß das genutzte Redo-Log fest auf ca. 50% Nutzung steht und das System kontinuierlich gezwungen ist, Daten nach hinten raus zu checkpointen.\nMenge der DIRTY-Pages derselben Maschine.\nIn einem anderen Graphen sieht man die Menge der DIRTY-Pages derselben Maschine - die Gesamtgröße des innodb_buffer_pool dieser Box ist 40 GB, der Anteil der Dirty-Pages ist also auch zu Spitzenzeiten kaum höher als 5%. Da das Redo-Log jedoch vergleichsweise klein ist, geht von dort ausreichend Schreibdruck aus, um Checkpoints zu erzwingen.\nEs ist auch erkennbar, daß die Größen von Redo-Log und DIRTY-Pages nicht eng gekoppelt miteinander korrellieren: Zählt man in einer Schleife immer wieder denselben Zähler hoch (\u0026ldquo;UPDATE x SET z=z+1 WHERE id=1\u0026rdquo;), dann erzeugt man jede Menge Redo-Log, aber arbeitet immer auf derselben einen DIRTY Page rum. Andererseits kann man eine ID zufällig auswählen und dann nur ein einziges Bit in dieser Zeile ändern - dies würde eine zufällige, ganze 16 KB Page als DIRTY markieren, aber kaum Redo-Log erzeugen.\nCheckpoint Blues Checkpointing bei InnoDB korrekt hin zu bekommen ist frustrierend schwierig: Die Größe des Logfiles ist bei InnoDB mehr oder weniger unveränderlich über die Lebensdauer der Installation. Andererseits möchte man das Checkpointen so lange als möglich herauszögern, damit man keine unnötige Schreiblast erzeugt (gerade geschriebene Pages werden durch weitere Änderungen wieder als DIRTY markiert).\nDer Checkpointing-Algorithmus von InnoDB spielt also 17+4: Zögert er zu lange, läuft das Redo-Log voll, oder es sind keine Seiten im Buffer Pool mehr vorhanden, die nicht als DIRTY markiert sind. Dann muß das System einen Checkpoint erzwingen und hält alle Schreibzugriffe notgedrungen an, bis wieder Platz vorhanden ist. Das will man um jeden Preis vermeiden. Checkpointed der Algorithmus aber zu aggressiv, kommt es zu einer erhöhten Schreiblast im Plattensubsystem und die Datenbank kann nicht mit maximaler Performance schreiben.\nDer perfekte Algorithmus müßte in die Zukunft schauen können: Er könnte anhand des noch vorhandenen Platzes, der Schreibkapazität der Spindeln und der kommenden Schreiblast maximal spät mit dem Schreiben anfangen.\nDas ist offensichtlich unmöglich, und nicht perfekte Algorithmen verhalten sich im Benchmark etwa wie dieses MySQL 5.5 :\nIn einer Maschine mit einem großen Buffer Pool (72G) und einem großen Logfile (3.8G) kommt es immer wieder zu Schreibstürmen, während derer die Datenbank mit dem Checkpointen so beschäftigt ist, daß sie keine oder kaum noch Kommandos ausführt - im Beispiel schafft es der Tester, die Datenbank wiederholt für Perioden von 4 Minuten lahm zu legen.\nZum Vergleich: Postgres Postgres hat dasselbe Problem zu lösen: Auch hier haben wir eine Datenbank mit MVCC, die Transaktionen loggt und als DIRTY markierte Pages im Speicher zu halten versucht. Drei Dinge sind grundsätzlich anders:\nZum Ersten hat Postgres kein Undo-Log: Alte und neue Versionen einer Zeile stehen in der Tabelle selbst. Diese \u0026ldquo;versandet\u0026rdquo; im Laufe der Zeit immer mehr, d.h. alte Versionen einer bestimmten Zeile blähen die Tabelle auf ein mehrfaches der minimal notwendigen Größe auf, im Index und in den Daten. Postgres kompaktiert Tabellen durch einen im Hintergrund laufenden Prozeß namen Vacuum, der alle Tabellen reihum durchgeht und veraltete Daten löscht.\nZum Zweiten hat Postgres keinen ausdrücklichen Doublewrite-Buffer. Stattdessen wird im Redo-Log (Postgres nennt es WAL: Write-Ahead-Log) eine Mixtur von ganzen Seiten und geänderten Zeilen abgelegt. Wenn eine Page vom Zustand CLEAN in den Zustand DIRTY wechselt, dann schreibt Postgres die ganze, bei Postgres nur 8 KB große Seite ins WAL. Wenn eine DIRTY Page weiter geändert wird, dann wird, wie bei InnoDB auch, nur die Änderungsinformation für die Zeile ins WAL geschrieben.\nStirbt Postgres im Checkpoint beim Schreiben eines Blocks im Tablespace, dann kann die alte Version des Blocks aus dem WAL gepult werden und mit den weiteren, ebenfalls dort geloggten Änderungen auf Stand gebracht werden.\nUnd zum Dritten ist das WAL bei Postgres nicht in seiner Größe begrenzt, sondern wird als fortlaufende Folge von numerierten WAL-Files analog zum MySQL-Binlog geschrieben. Unter Druck kann es wie bei InnoDB vorkommen, daß die Datenbank mit dem Checkpointen von DIRTY-Pages nicht hinterher kommt - der Anteil an WAL-Files, der in einer Recovery nach eine Crash benötigt werden würde, wächst so immer weiter über alle Grenzen hinaus.\nAber dafür kann es nicht vorkommen, daß die Datenbank die Ausführung von Kommandos verzögern muß, um Platz in ihren Logs zu schaffen - im Falle eines Crashes gibt es jedoch keine obere Grenze für die Recovery-Zeit, und für die WAL-Dateien gibt es keine Fragmentierungs-Garantien (das läßt sich durch das Führen der WAL-Dateien in einem separaten Dateisystem aber unter Kontrolle bringen).\nDie Checkpointing-Strategien von Postgres und InnoDB arbeiten also unter grundsätzlich anderen Vorraussetzungen und sind nicht leicht vergleichbar.\n","date":"2011-09-19T00:00:00Z","href":"https://blog.koehntopp.info/2011/09/19/checkpoint-blues.html","tags":["database","innodb","mysql","postgres","lang_de"],"title":"Checkpoint Blues"},{"categories":null,"content":"Heise Newsticker titelt \u0026ldquo;Google Analytics ist amtlich datenschutzkonform\u0026rdquo;:\nDer Streit um datenschutzrechtliche Bedenken zu Googles Web-Analysedienst Analytics scheint beendet zu sein. Nach Angaben des Hamburgischen Datenschutzbeauftragten Johannes Caspar, der für Google zuständig zeichnet, ist für deutsche Webseitenbetreiber ein \u0026ldquo;beanstandungsfreier Betrieb von Google Analytics ab sofort möglich\u0026rdquo;.\nIn diesem Fall war es der hamburgische Datenschutzbeauftragte Johannes Caspar, der sich im September 2009 über Google Analytics echauffierte.\nGoogle Analytics ist ein Trackingdienst, der in etwa genau dasselbe macht wie ein [IVW Zählpixel]({* link _posts/2011-08-10-ivw-jetzt-datenschutzkonform-updated.md %}), die auch von hamburg.de eingesetzt werden - hamburg.de hatte die Web-Präsenz von Caspar gehosted (Wir erinnern uns: Caspar mußte seine Web-Präsenz erst einmal offline nehmen, als das herauskam).\nCaspars Kritik an Google Analytics zog sich unter anderem daran hoch, daß die Verarbeitung der Daten durch Google außerhalb von Deutschland oder Europa erfolgte. Wie schon in dem Artikel über die IVW Zählpixel erwähnt, versteifen sich die Datenschützer außerdem auf die IP-Adresse als personenbezogenes Datum (der Artikel und C is for Cookie erklären wieso das einerseits Unsinn und andererseits Datenschutztheater ist).\nNach 2 Jahren härtester Verhandlungen ist das Ergebnis wie folgt: Google Analytics ist auch in Deutschland legal.\nCaspars Erfolge:\nDas Google-Analytics Opt-Out, das vorher schon für alle wichtigen Browser verfügbar war, ist nun auch für Randgruppenbrowser zu haben. Das letzte Byte der IP-Adresse kann (und muß für Anbieter mit Geschäftssitz in Hamburg!) maskiert werden. Naturgemäß wird die IP-Adresse vollständig zu Google übertragen (Datenpakete müssen schließlich irgendwo ankommen), aber Google hat auf Drängen von Caspar zugesagt, diese Adreßverkürzung auf Servern durchzuführen, die sich physikalisch in Europa befinden (witzlos!?! ). Damit dem deutschen Recht genüge getan wird, müssen alle Anwender von Google Analytics einen 11-seitigen Vertrag zur Auftragsdatenverarbeitung mit Google Deutschland schließen. Außerdem müssen Anwender, die Google Analytics auf ihrer Site einsetzen, in ihren Datenschutzerklärungen darauf hinweisen.\nSoweit der Theaterdonner des Datenschutztheaters.\nWas ändert sich praktisch nach 2 Jahren härtester Verhandlungen?\nEin Haufen Papier wird in die ABC-Straße in Hamburg geschickt werden. Anwender von GA müssen ihre bisherigen Google Analytics Statistiken löschen lassen, weil sie ja böse und illegal sind (nicht, daß man da personenbezogene Daten raus extrahieren könnte, das ist alles ja aggregiert - aber die sind ja ohne Vertrag und unter Verwendung naturbelassener verstrahlter Voll-IPs generiert worden). Eine Zeile JS wird in den GA-Aufruf eingefügt, um die IP-Adreßmaskierung anzufordern. Damit sendet das böse Google Analytics endlich nicht mehr meine IP-Adresse direkt zu amerikanischen Servern, sondern Bedarfsträger müssen auf die europäischen Google-Server zugreifen, um an die Daten zu kommen. Und Google muß auf andere, wirksamere und stabilere Identifikationsmerkmale als IP-Adressen zurückgreifen, um Browser zu identifizieren (Google Login-Cookie, UTMA oder User-Agent).\nZur Perspektive: Unterdessen ist es weiterhin vollkommen Datenschutz-konform , daß die amerikanische Regierung meine innerdeutschen Überweisungen von in Europa betriebenen Bankrechnern abschnorchelt.\nDanke, Johannes Caspar, für diesen wesentlichen Beitrag zur Rettung der Welt.\n","date":"2011-09-15T00:00:00Z","href":"https://blog.koehntopp.info/2011/09/15/datenschutztheater-google-analytics-ist-amtlich-datenschutzkonform.html","tags":["privacy","google","spackeria","terror","lang_de"],"title":"Datenschutztheater: Google Analytics ist amtlich datenschutzkonform "},{"categories":null,"content":"Jürgen Geuter erklärt bei der Spackeria den Begriff Datenschutztheater , der nach dem Security Theater von Schneier modelliert ist:\nDatenschutztheater bezeichnet eine Massnahme oder eine Sammlung von Massnahmen, die den gefühlten Schutz von Daten verbessern ohne dabei die Daten funktional vor Ge- oder Missbrauch zu schützen.\nSchauen wir uns das Stück einmal an\nGolem schreibt:\nGoogle schafft für Besitzer von WLAN-Access-Points weltweit die Möglichkeit, einer Nutzung der WLAN-Daten ihres Geräts im Rahmen von Googles ortsbezogenen Diensten zu widersprechen. Das Unternehmen folgt damit den Forderungen europäischer Datenschützer.\nWas ist passiert? Das habe ich in einem älteren Artikel bereits einmal in lang erklärt, auch wie es dazu kommen konnte .\nDie Zusammenfassung des Sachverhaltes ist:\nGoogle hat mit den Streetview-Autos nicht nur Fotos der Straßen und Hausfassaden aufgenommen (so wie das Microsoft derzeit für Bing Streetside ebenfalls macht), sondern auch die Position der Wagen mit den an dieser Position sichtbaren WLAN-Kennungen verknüpft.\nDasselbe passiert auch laufend bei jeder Verwendung eines Android-, iPhone- oder Windows7-Telefons:\nDas Telefon schaut, ob es genaue Positionsdaten über GPS bekommen kann. Das kann es, wenn GPS eingeschaltet ist. In diesem Fall - und nur in diesem Fall - macht es Sinn, auch auf das Wi-Fi zu gucken, wenn man das kann, und die Feldstärken, MAC-Adressen und ESSID-Kennungen der sichtbaren WLAN-Stationen aufzuzeichnen. Das funktioniert, wenn Wi-Fi angeschaltet ist, und es funktioniert bei verschlüsselten und unverschlüsselten WLANs, da die Beacon-Pakete immer unverschlüsselt gesendet werden. Wenn Schritt 1 und Schritt 2 erfolgreich sind, dann lädt das Telefon irgendwann einmal ein Datenpaket mit der Verknüpfung GPS-Position zu sichtbaren WLAN-Netzen zum Telefon-Hersteller hoch, also je nach Telefon zu Google, Apple oder Microsoft. Der Vorgang ist bei allen diesen Smartphone-Herstellern genau identisch. Jeder dieser Anbieter verwendet diese Daten, um Positionskarten zu erzeugen, in denen berechnet wird, welche WLAN-Netze von welcher Position aus sichtbar sind. Genau genommen wird die umgedrehte Funktionalität gebraucht: Aus der Information, welche WLANs sichtbar sind, kann man die Position des Telefons bestimmen. Dies ist schneller als GPS zu verwenden, das eine Startzeit von 80 Sekunden (reines GPS) oder gut 10 Sekunden (Assisted GPS) hat.\nGoogle verwendet die WLANs also nicht, um darüber Daten zu übertragen - das geht auch nicht, wenn das WLAN verschlüsselt ist. Google verbreitet auch nicht die WLAN oder die Position des WLANs an Dritte. Es benutzt lediglich die Tatsache, daß jemand ein bestimmtes WLAN mit seinem Telefon sehen kann, um dieser Person zu sagen, wo sie sich vermutlich befindet.\nDatenschutztheater? Google schafft für Besitzer von WLAN-Access-Points weltweit die Möglichkeit, einer Nutzung der WLAN-Daten ihres Geräts im Rahmen von Googles ortsbezogenen Diensten zu widersprechen. Das Unternehmen folgt damit den Forderungen europäischer Datenschützer.\nVerschiedene europäische Datenschützer haben nun gefordert, daß für die Betreiber eines WLAN die Möglichkeit eines Opt-Out besteht.\nÄh. Ja.\nWas soll das genau bedeuten?\nEs kann nicht bedeuten, daß der Benutzer eines Telefons das WLAN nicht mehr sieht - der Betreiber des WLAN betreibt einen Sender, und dieser Sender verbreitet alle paar Millisekunden die Kennung des WLANs sowie die Hardware-Adresse des Access Points unverschlüsselt so weit die Leistung dieses Senders reicht. Das muß der Sender tun, damit man auf seinem Laptop oder Handy das Netzwerk sieht, und man es anklicken kann, um sich mit ihm zu verbinden.\nWenn man nicht möchte, daß ein WLAN für Dritte sichtbar ist, kann man das Netz auf \u0026lsquo;verborgen\u0026rsquo; (hidden ESSID) konfigurieren. in diesem Fall werden immer noch Beacon-Frames gesendet (das muß so), aber in diesen ist der Netzwerkname (die ESSID) nicht mehr enthalten. Man verliert so jedoch die Fähigkeit, sich durch Anklicken seinem eigenen Netz zu verbinden und muß die Verbindung zum Netz auf jedem Rechner manuell einrichten.\nWas soll das also stattdessen genau bedeuten?\nEs kann nicht bedeuten, daß ein Android-, Apple- oder Windos7-Telefon die ESSID im Zusammenhang mit einer Position nicht mehr erfaßt und zu Google, Apple oder Microsoft überträgt. Das Telefon kann nicht eine Liste mit allen relevanten Opt-Outs speichern und diese Erfassung und Übertragung unterdrücken. Die Daten werden also in jedem Fall zum Anbieter hochgeladen und dann dort entsprechend der Opt-Out Einstellung weiter verarbeitet.\nWas soll das also stattdessen genau bedeuten?\nEs kann nicht bedeuten, daß ein Android-, Apple- oder Windows7-Telefon die Verarbeitungsschritte 1-3 oben nicht mehr durchführt. Dafür existiert auf allen diesen Telefon bereits ein Knopf, und der befindet sich direkt unter der Kontrolle des Telefon-Besitzers, nicht unter der Kontrolle des WLAN-Betreibers.\nWas soll das also stattdessen genau bedeuten?\nWir haben also die folgende Situation: Jemand betreibt ein WLAN. Dieses WLAN brüllt alle paar Millisekunden den Namen des WLAN im Klartext in die Landschaft (außer, man schaltet das ab, und nimmt den damit verbundenen Komfortverlust in Kauf).\nJemand anders geht da mit einem WLAN-Empfänger (dem Smartphone) vorbei, der auch GPS-Daten erfaßt. Diese zweite Person verknüpft Position mit sichtbaren ESSIDs und lädt diese zum Hersteller des Telefons rauf (es sei denn, diese Person hat den Upload abgeschaltet).\nDie Daten landen jetzt beim Hersteller des Smartphones und gemäß Opt-Out schmeißt er einige dieser (ESSID, Position)-Paare weg, und andere tut er in seine Datenbank.\nDas ist die Funktion des Opt-Out, und es ist seine einzige Funktion.\nEine dritte Person wandert zu einem späteren Zeitpunkt da lang. Das Smartphone dieser Person erfaßt alle sichtbaren ESSIDs (auch die mit Opt-Out) und lädt diese Liste zum Hersteller des Smartphones hoch. Der Hersteller des Smartphones findet die ESSIDs ohne Opt-Out in seiner Datenbank und liest die GPS-Positionen dieser WLANs ab. Die ESSIDs mit Opt-Out findet er natürlich nicht. Der Telefonhersteller rät auf der Grundlage dieser Daten eine Position für das Telefon (mit Genauigkeitsradius) und schickt zur anfragenden Person runter.\nWas soll das also stattdessen genau bedeuten?\nDie Privatsphäre einer Person war zu keiner Zeit bedroht, auch ohne Opt-Out nicht:\nEinige Leute haben Sender am Laufen, die den Namen des Senders über alle Grundstücksgrenzen in die Pampa brüllen. Andere Leute haben die Positionen dieser Sender erfaßt so gut es geht. Noch wieder andere Leute haben sich verlaufen und bekommen auf der Grundlage dieser Daten schneller gesagt wo sie sind, als wenn sie GPS verwenden (ohne weiteres Einhelfen hat GPS eine Startzeit von 80 Sekunden).\nMit Opt-Out fehlen Daten, die Genauigkeitskreise bei der Positionsbestimmung werden ein wenig größer. Geholfen hat sich mit dem Opt-Out niemand.\nWieso fordern Datenschützer also diese Opt-Out Möglichkeit?\nDatenschutztheater bezeichnet eine Massnahme oder eine Sammlung von Massnahmen, die den gefühlten Schutz von Daten verbessern ohne dabei die Daten funktional vor Ge- oder Missbrauch zu schützen.\nDiese Definition haben wir hier exemplarisch einmal erfüllt gesehen.\n","date":"2011-09-14T00:00:00Z","href":"https://blog.koehntopp.info/2011/09/14/datenschutztheater-opt-out-f-r-wlan-access-points.html","tags":["privacy","politik","privacy","spackeria","lang_de"],"title":"Datenschutztheater: Opt-Out für WLAN Access Points"},{"categories":null,"content":"Ich las gerade über den Streit um den Like-Button bei Heise und dachte zurück an die erste Sommerakademie \u0026ldquo;Datenschutz in Europa\u0026rdquo; im Kieler Landeshaus. Bei Datenschutzzentrum.de findet man in der Tat eine Chronik und offenbar war diese Veranstaltung am 29. August 1994, also vor ziemlich genau 17 Jahren.\nDamals stand ich mit Terra in der Eingangshalle des Kieler Landeshauses. Wir hatten ein Modem dort stehen und ein Terminalprogramm am Laufen. Auf dem Terminal waren wir auf einer Maschine in den USA eingeloggt, die personenbezogene Daten von Deutschen verarbeitete: diese Kiste hatte also ein wirklich langes Tastaturkabel. Die Platten des US-Rechners waren über NFS aus einer weiteren, anderen Jurisdiktion gemountet - die Kiste hatte also auch ein wirklich langes Plattenkabel.\nWir haben damals bei den Abgeordneten und Datenschützern, die uns über die Schultern schauten, eine ganze Menge \u0026ldquo;404\u0026rdquo;-Gesichter erzeugt - \u0026ldquo;Was machen die da? Wieso ist das ein Problem? Und wenn es ein Problem ist, was zum Teufel können wir da machen?\u0026rdquo;\nDas ist im Grunde genau die Situation, die wir jetzt beim Facebook Like-Button, bei jedem eingebundenen Youtube-Video und natürlich auch bei jeder Dropbox haben.\n17 Jahre Processing Time sind allerdings auch für eine Juristen-CPU eine ganze Menge Latenz. Zeit für ein Upgrade? Oder müssen wir unsere Rechtsprechung auch beim Datenschutz in die Cloud verlegen? Beim Copyright ist das ja quasi schon passiert .\n","date":"2011-09-13T00:00:00Z","href":"https://blog.koehntopp.info/2011/09/13/ein-verpasstes-jubilaeum.html","tags":["damals","privacy","politik","lang_de"],"title":"Ein verpaßtes Jubiläum"},{"categories":null,"content":"MongoDB 2.0 ist draußen, und implementiert eine Reihe interessanter neuer Dinge, die ich anderswo gerne hätte, insbesondere im Bereich Replica Sets .\nPostgres hat das Release 9.1 draußen. Die versprochene synchrone Replikation ist jetzt verfügbar, sie ist grob vergleichbar mit der Semisynchronen Replikation in MySQL 5.5. Ein wesentlicher Unterschied ist, daß man bei Postgres einzelne, bestimmte Server als synchrone Slaves benennen kann, während MySQL nur garantiert, daß es mindestens einen (wechselnden) Slave gibt, der synchron repliziert hat. Die Postgres-Lösung ist einfacher als Teil eines Failover-Systems zu scripten, die MySQL-Lösung ist im Betrieb flexibler und potentiell schneller.\nPostgres 9.1 implementiert Create Server und Create Foreign Table , das ist so eine Art Gegenstück zu FEDERATED in \u0026rsquo;nicht kaputt'.\nMit per-column collation support wird Postgres jetzt endlich ein wenig flexibler als in vorherigen Versionen, in denen man Zeichensatz und Collation bei der Erstellung einer Datenbank-Instanz global festlegen mußte. Noch immer ist man bei der Wahl des Zeichensatzes eingeschränkt: Bei der Erstellung der Instanz wird ein Systemzeichensatz festgelegt, der dann pro Datenbank überschrieben (und später nicht mehr leicht geändert) werden kann. Da Postgres hinsichtlich der Verwendung von UTF8 weniger Einschränkungen unterliegt als MySQL (Indexlänge, hirntot implementierte MEMORY Tables) ist das weniger ein Problem als man vermuten mag: Man verwende einfach immer utf8 und wähle die Collation nun endlich nach Bedarf per Column.\nPostgres 9.1 definiert nun ebenfalls einen Transaction Isolation Level Serializable , aber die genauen Definitionen von Transaction Isolation Levels variieren sowieso von Implementation zu Implementation ein wenig, sodaß diese nicht wirklich zwischen z.B. MySQL und Postgres vergleichbar sind (Dazu kommt, daß man vermutlich etwas falsch macht, wenn man in MySQL SERIALIZABLE tatsächlich benötigt.\nVersion 9.1 unterstützt nun die Option UNLOGGED bei CREATE TABLE. Dies bewirkt, daß Änderungen an einer Tabelle nicht in das Postgres WA-Log geschrieben werden. Die genauen Auswirkungen sind aus der Sicht eines MySQL-Entwicklers schwer zu beschreiben, da sich die Datenbanken hier zu sehr unterscheiden, als daß die Terminologie sinnvoll transferierbar wären: Eine UNLOGGED Table kann immer noch ein Rollback durchführen, da Postgres alte Versionen einer Row nicht in einem Undo-Log vorhält, sondern als Bestandteil der Tabelle speichert. Es ist also nicht so, daß eine solche Tabelle mit einer MyISAM-Tabelle vergleichbar wäre.\nEine UNLOGGED Table wird jedoch automatisch geleert, wenn die Datenbank abstürzt oder hart angehalten wird - das ist notwendig, da das WAL bei Postgres auch Funktionen wahrnimmt, die in MySQL etwa der Doublewrite-Buffer übernimmt und so nicht garantiert werden kann, in welchem Zustand die Daten sind, wenn die Datenbank beim Checkpointen einer Page in einer unlogged Table stehen bleibt.\nDa kein WAL geschrieben wird, werden UNLOGGED Tables auch nicht repliziert. Es ist also ein wenig so wie eine Tabelle, für die SQL_LOG_BIN = 0 definiert ist, und für die kein Redo/Undo-Log geschrieben wird, und die sich bei Crashes verhält wie eine Memory-Tabelle, aber andererseits lockt die Tabelle immer noch vergleichbar InnoDB, und kann auch noch ein Rollback ausführen.\nEine besonders schöne Sache in 9.1 sind Common Table Expressions in DML . Eine Common Table Expression (CTE, \u0026lsquo;WITH\u0026rsquo;) kann man sich wie eine temporäre Tabelle vorstellen, die Daten zwischen mehreren Statements sharen kann, mit RECURSIVE bekommt man damit auch Zeigerbäume in SQL sauber implementiert. Seit 9.1 kann man eine CTE auch als Datenverschiebe-Statement verwenden:\nWITH transferme AS ( DELETE FROM active WHERE \u0026#34;date\u0026#34;\u0026lt; 2011-09-01 RETURNING * ) INSERT INTO inactive SELECT * FROM transferme Dies definiert eine temporäre Tabelle transferme als die Daten, die von dem Delete-Statement aus active gelöscht werden. Diese werden dann in die Tabelle inactive eingefügt.\nAußerdem gibt es mehr SELinux-Support und Python als Stored Procedure Language.\n","date":"2011-09-13T00:00:00Z","href":"https://blog.koehntopp.info/2011/09/13/neue-releases-im-datenbankland.html","tags":["database","mongodb","mysql","postgres","lang_de"],"title":"Neue Releases im Datenbankland"},{"categories":null,"content":"Im März 2003 begann die Firma, die mal Caldera hieß und sich in SCO Group umbenannte, IBM auf eine Fantasiesumme von Schadenersatz zu verklagen, weil Ex-Caldera sich im Besitz des Unix-Copyrights wähnte und der Auffassung war, daß IBM im Rahmen seiner Linux-Initiative Ex-Caldera geraubmordkopiert hätte. Sich mit den Anwälten von IBM anzulegen ist eine unglaublich gute Idee, die der Idee, einen Feldzug in Rußland im Winter zu führen, in nichts nachsteht. So bekam Ex-Caldera dann auch bald bescheinigt: Linux enthält keinen original Unix-Quellcode, SCO-Caldera hatte ihr IP unter der GPL freigegeben und hat so keinen Grund zu klagen und das Copyright am Original-Unix System V liegt übrigens nicht bei Euch, liebes Ex-Caldera, sondern bei Novell.\nHeute, 8 Jahre später , geht die Akte endgültig zu. Endlich ist dieser Zombie tot.\nBester Seiteneffekt der ganzen Aktion: Groklaw - Tausende von Geeks lernen (amerikanisches) Recht, und Armeen von verteilten Beweisfindern dokumentieren diesen Prozeß im Detail, suchen Dokumente in alten Papierstapeln, und finden Fehler und Schwachstellen in den Argumentationen von Ex-Caldera. Die Firma muß feststellen, daß IBMs Anwälte, bei aller Drohkraft, nicht der eigentliche Endgegner sind: Es ist das Netz selber, die Masse der Geeks, die sich da mobilisiert und gegenhält.\nNach dem Ende des SCO-Prozesses definiert sich Groklaw mit neuer Belegschaft um: Themen sind nun Oracle vs. Google, Patenttrolle wie Lodsys und ähnliche Themen. An Prozessen herrscht ja seit zehn Jahren im IT-Umfeld kein Mangel.\n","date":"2011-08-31T00:00:00Z","href":"https://blog.koehntopp.info/2011/08/31/acht-jahre-sco-proze.html","tags":["copyright","free software","unix","lang_de"],"title":"Acht Jahre SCO-Prozeß"},{"categories":null,"content":"Nachtrag zu Jugendmediendoom :\nDoom und Doom II vom Index gestrichen . Mit Wirkung von heute sind Doom und Doom II nicht mehr jugendgefährdend. Die Begründung liegt als PDF vor.\nDie Zusammenfassung lautet: Es liegt an den Pixeln, äh, der Entscheidung liegt \u0026ldquo;die technische Weiterentwicklung von Spielen [zugrunde], in deren Folge die Darstellungen der beiden Shooter-Klassiker heute nicht mehr als realistisch anzusehen sind.\u0026rdquo;\nDiese wunderbaren Dokumente der Zeitgeschichte sind nun frei ab 16 Jahren.\n","date":"2011-08-31T00:00:00Z","href":"https://blog.koehntopp.info/2011/08/31/doom-und-doom-ii-nicht-mehr-jugendgef-hrdend.html","tags":["jugendschutz","media","politik","lang_de"],"title":"Doom und Doom II nicht mehr jugendgefährdend"},{"categories":null,"content":"Auf dem Heiseticker findet man die Mitteilung Hamburger Datenschutzbeauftragter: Reichweitenmessung der IVW ist datenschutzkonform .\nDie Geschichte begann mit dem hamburgischen Datenschutzbeauftragten Caspar, der mit nicht wenig Schaum vor dem Mund gegen Google Analytics wetterte, zugleich aber in seiner eigenen Präsentation IVW Zählpixel hatte. Als das raus kam, hielt Caspar schnell den Mund und schaltete seine Webpräsenz ab. Nun heißt es:\nDiese Woche meldeten die Beteiligten in einer Pressemeldung nun eine Einigung hinsichtlich einer datenschutzkonformen Nutzung des Meßsystems. Man habe dadurch \u0026ldquo;datenschutzrechtliche Verbesserungen mit bundesweiter Bedeutung\u0026rdquo; erreicht und die im Januar gemachten Zusagen umgesetzt, loben sich die Beteiligten in ihrer Meldung.\nKonkret heißt das: Die IP-Adresse, die das IVW-Teil speichert, wird um das letzte Byte verkürzt. Es werden also Gruppen von 256 IP-Nummern zusammen abgerechnet. Außerdem gibt es jetzt eine Opt-Out Möglichkeit . Abgerundet soll das ganze durch Vertragsänderungen zwischen der IVW-Betreibergesellschaft und der nutzenden Website.\nDas Ergebnis ist weitgehend witzlos, wie man sich leicht überlegen kann, wenn man C is for Cookie gelesen und verstanden hat - Caspar hat gar nichts bewirkt.\nDas Zählsystem der IVW beruht nur am Rande auf IP-Adressen: Es gibt eine ganze Reihe von Benutzern, die auf das Web durch Proxies zugreifen, und die IVW will nun gerade solche Benutzer trennen können, die dieselbe IP-Adresse haben, aber mehr als eine Person repräsentieren. Andererseits gibt es Benutzer, deren IP-Nummer auf zwei aufeinander folgenden Zugriffen wechselt (etwa Benutzer sehr großer Proxies, oder DSL-Benutzer nach einer Zwangstrennung), und die IVW will solche Benutzer auch nach einem solchen Adreßwechsel weiter als dieselbe Person tracken können.\nDer deutsche Datenschutz versteift sich auf die IP-Adresse als personenbezogenes Datum, aber die ist in Bezug auf Tracking eigentlich eher witzlos - Cookies und Supercookies sind die Methode der Wahl.\nAuch die IVW arbeitet mit Cookies, genau genommen mit einem Cookie i00, der für die Domain *.ivwbox.de mit einer Lebensdauer von einem Jahr gesetzt wird. Dieser Cookie bekommt eine eindeutige Kennung, mit der ein User von allen anderen Usern unterscheidbar wird (siehe auch C is for Cookie und suche nach i00).\nDas Ziel der IVW ist erklärtermaßen, Page Impressions auf der Site eines Anbieters zu zählen. Die IVW, die jetzt angeblich datenschutzkonform arbeitet, erhebt jedoch viel mehr Daten, die für diesen Zweck gar nicht notwendig sind:\nDer Cookie wird für einen viel zu langen Zeitraum gesetzt (wieso nicht als Session-Cookie, der beim Stop des Browsers gelöscht wird, oder mit der Laufzeit \u0026ldquo;1 Tag\u0026rdquo;?). Der Cookie wird für die Domain *.ivwbox.de gesetzt, und jeder IVW-Nutzer arbeitet unter dieser Domain - webdessl.ivwbox.de und zeit.ivwbox.de zum Beispiel bekommen beide dieselbe Kennung für denselben Browser/User zu sehen. Das Opt-Out setzt ein Cookie. Es ist also an einen Browser gebunden - man muß für jeden seiner Browser neu opt-outen, und das Opt-Out erlischt, sollte man jemals seine Cookies verlieren oder löschen. Genau genommen wird gar kein Opt-Out implementiert, sondern die o.a. opt-out Site setzt den i00-Cookie für *.ivwbox.de auf einen festen Wert, 0000000000000000cafe. Das heißt, es wird immer noch gezählt, aber alle User, die opt-out gemacht haben, werden nun zusammen unter derselben ID gebucht. Wenn es also nur Einer alleine macht, bewirkt das genau gar nix. Das Zählpixel überträgt noch viel mehr Informationen, da es ja im Kontext der Seite des IVW-Kunden geladen wird. Insbesondere wird vom Zählpixel auch ein Referer übermittelt, also die URL der Seite, in der das Pixel enthalten ist. Wenn diese Seite Parameter hat, also das Resultat eines METHOD=\u0026lsquo;GET\u0026rsquo; Formulars ist, dann werden alle diese möglicherweise personenbeziehbaren Daten über den Referer auch an die IVW geleaked. Zusammenfassend kann man sagen, daß die Maßnahmen von Caspar so wie sie vom Heise Newsticker berichtet werden, das Problem genau gar nicht adressieren und die Situation keinen Fatz verbessern: Noch immer erfaßt IVW Daten, die für den Zweck der Ermittlung von PI nicht benötigt werden und daß über Kunden-Domaingrenzen hinweg (Cookie für *.ivwbox.de).\nMan fragt sich, ob es beim Hamburgischen Datenschutzbeauftragten nur noch Juristen und keine Techniker mehr gibt, und ob er nicht vielleicht mal bei seinen Nachbarn im Norden nachfragen will, von denen ich weiß, daß sie solche Sachen besser im Griff haben.\nUpdate: Bei Herrn Stadler greift man diesen Artikel auf:\nIVW Tracking Tool doch nicht datenschutzkonform .\nIch fragte dort in den Kommentaren:\nIch habe da noch ein paar weitere Fragen. Wenn ich irgendwo was kaufe, dann muß ich da ja oftmals zwei Mal unterschreiben – einmal in den Vertrag einwilligen, und dann noch mal Extra das Datenschutzblabla unterzeichnen, weil das nicht Bestandteil der AGB sein darf und eine gesonderte Einwilligung braucht.\nDas ist also tierisch wichtig und so.\nWieso kann eine Website, die IVW nutzt, das implizit tun, also ohne gesonderte ausdrückliche Willenserklärung von mir, wenn das zum Beispiel auf jedem Kassenzettel nicht geht und stattdessen jetzt zwei Unterschriften von mir braucht?\nOder im Fall der IVW sogar mit einem Default-Opt-In und einem optionalen Opt-Out, also genau anders rum als auf jedem Kassenzettel?\nUnd im Fall der IVW mit einem volatilen Opt-Out (als Cookie) pro Browser pro Rechner, den ich habe? Ich meine, sollte ich nicht einmal eine Willenserklärung auf das Opt-Out abgeben (Ich dachte, ich müßte gesondert unterschreiben?) und dann ist das deren Problem, mich wiederzuerkennen und sich an unsere Abmachungen zu halten?\nThomas Stadler antwortet mir:\nDie Frage ist äußerst berechtigt. Die erste Frage, die man hier stellen muss lautet aber, ob das IVW-Tool personenbezogene Daten erhebt. Wenn ja, dann geht es so nicht.\nIch erweiterte meine Ausführungen mit:\n@2: \u0026ldquo;Die erste Frage, die man hier stellen muss lautet aber, ob das IVW-Tool personenbezogene Daten erhebt. Wenn ja, dann geht es so nicht.\u0026rdquo;\nDie Frage ist doch irgendwie schon beantwortet, denke ich.\nEs sind die Datenschützer, speziell die in Hamburg, die sich über IP-Adressen aufgeregt haben, also der Ansicht sind, daß das personenbezogene oder personenbeziehbare Informationen sind. Speziell die Hamburger Datenschützer halten das für gefährlich und verboten genug, um deswegen Pressemittelungen raus zu hauen, gegen Leute vorzugehen und ihre eigene Präsenz abschalten.\nIVW-Cookies (die i00-Cookies) kleben aber noch viel besser an \u0026ldquo;einer Person\u0026rdquo; als es IP-Adressen jemals tun.\nIP-Adressen wechseln für viele Kunden jeden Tag, durch die Zwangstrennung. Kunden, die durch einen großen Proxy (mit mehr als 30.000 bis 40.000 konkurrenten Nutzern) surfen bekommen außerdem unterschiedliche IP-Nummern bei aufeinanderfolgenden Requests, weil der Proxy mehrere Exit-Adressen hat (AOL, Telekom machen es so). Andererseits sind IP-Adressen von Kunden, die hinter Firmenfirewalls oder solchen Proxies sitzen, nicht trennscharf: Viele Kunden treten unter derselben IP-Adresse auf.\nDer i00-Cookie dagegen wird per Browser vergeben und hat eine Lebensdauer von einem Jahr: Die IVW/INFOnline oder wer auch immer verwendet diesen Cookie ja genau deswegen, weil er besser trennt als IP-Adressen, weil er also besser personenbeziehbar ist.\nUnd wie die IP-Adresse auch wird der i00-Cookie nicht pro Site vergeben, sondern für alle *.ivwbox.de-Domains gemeinsam gesetzt. Das heißt, man schlägt auf zeit.ivwbox.de mit demselben i00-Cookie auf wie auf webdessl.ivwbox.de, die Daten können technisch zusammengeführt werden und es können Bewegungsprofile erstellt werden.\nFür den angegebenen Verwendungszweck der IVW, das Zählen von PI, ist das vollkommen unnötig, wie auch die Lebensdauer von einem Jahr für diesen Zweck vollkommen übertrieben ist (30 Minuten würden reichen). Es sind die gierigen Finger der AGOF, die hier mehr Daten haben wollen, aber das ist ein ganz anderer Anwendungszweck.\nDas heißt rein logisch: Wenn eine IP-Adresse schon böse, verboten oder anonymisierungspflichtig ist, weil die potentiell bei einigen Nutzern personenbeziehbar ist, dann muß ein i00-Cookie das noch mehr sein, oder die ganze Argumentation fällt nach den Gesetzen der Logik als inkonsistent und inkonsequent in sich zusammen.\nJetzt Zusammenfassung von Ip-Adressen durch Löschung des letzten Bytes zu /24 zu feiern, aber weiter mit i00-Cookies zu arbeiten ist schlicht inkompetent, wenn es aus Versehen passiert ist. Oder verlogen, falls es Absicht war.\n","date":"2011-08-10T00:00:00Z","href":"https://blog.koehntopp.info/2011/08/10/ivw-jetzt-datenschutzkonform-updated.html","tags":["cookie","privacy","identity","security","lang_de"],"title":"IVW jetzt \"datenschutzkonform\" (Updated)"},{"categories":null,"content":"Drüben bei Securosis arbeitet man die Black Hat 2011 unter dem Titel NoSQL and No Security auf. Es geht um die Beobachtung, daß die meisten NoSQL-Datenbanken nicht nur keinerlei Authentication haben (hat jemand so verstrahltes Zeugs schon mal in einer PCI Zone deployed?), sondern außerdem viele von ihnen auch anfällig für Server-Side JavaScript Injection (SSJI) sind.\nDas soll heißen, daß die Abfragesprache der Wahl bei vielen dieser Dinge Javascript ist, daß im Datenbankserver interpretiert wird. Gelingt es im Rahmen einer Query Javascript in die Datenbank-Abfrage zu injezieren, kann man auf der Datenbank frei Code ausführen. Das ist die Fortsetzung von XSS (Injektion von Javascript in den Browser/Client) mit anderen Mitteln (Injektion von Code in den Datenbankserver - SSIJ) und in Node.js .\nDer Tod dieser Geschichten ist meistens Serialisierung von Datenstrukturen als ausführbarer Javascript-Code (JSON) und dann die tatsächliche Ausführung von solchem Code ohne ausreichende Sicherheitsprüfung - also ganz klassisch eine Art eval(), der remote Killswitch jeder Interpretersprache (Ich kenne mich damit aus, ich bin eben dieses Vergehens schuldig ).\nDie Frage ist: Wieso bauen Leute solche Systeme in 2011? Die Sorte Fehler riecht doch eher nach 1998!\n","date":"2011-08-10T00:00:00Z","href":"https://blog.koehntopp.info/2011/08/10/nosql-and-no-security.html","tags":["database","security","lang_de"],"title":"NoSQL and No Security "},{"categories":null,"content":"Der Spiegel entdeckt: Verräterische Firewire-Verbindung: Kauf-Software knackt Mac-Passwörter . In dem Artikel geht es um die Entdeckung, daß Firewire ein Busprotokoll ist, das DMA erlaubt.\nDMA ist ein Kürzel, das für Direct Memory Access steht. Normalerweise ist Computerperipherie über die CPU an den Rechner angebunden: Wenn eine Eingabe oder eine Ausgabe zu machen ist, dann schaufelt einer der Kerne des Rechners ein Byte aus einem speziellen I/O-Register oder einer magischen Speicheradresse, die statt mit einem RAM-Baustein mit einem I/O-Baustein verbunden ist, in die CPU und von der CPU dann an die Zieladresse - die wiederum entweder eine normale Speicheradresse oder wiederum eine magische Ein-/Ausgabeleitung ist.\nModerne CPUs haben eine Einbaukomponente, die Memory Management Unit . Das war früher mal ein extra Baustein, ist aber vor 20 Jahren oder so mit in die CPU integriert worden. Die MMU hat die Aufgabe, die Speicher- und I/O-Zugriffe eines jeden Prozesses zu kontrollieren und zu verhindern, daß ein Benutzerprozeß auf privilegierten Speicher zugreift oder auf Speicher anderer Prozesse. Die MMU implementiert also die Sicherheit in modernen Betriebssystemen.\nJeder Speicher- und I/O-Zugriff wird von der MMU überwacht.\nWie man sich aus der Beschreibung von DMA leicht überlegen kann, umgeht DMA die MMU komplett: Das I/O-Gerät wird nicht von der CPU abgefragt, sondern es meldet sich auf denselben Adreßleitungen (dem \u0026ldquo;Bus\u0026rdquo;), auf dem auch die CPU liegt an und greift dann selber wie eine zweite CPU auf diesen Bus und alle darauf liegenden Geräte zu - also auch auf allen Speicher. Da es selber wie eine CPU agiert, umgeht es die eigentliche CPU des Systems und damit auch die darin liegende MMU.\nFirewire ist ein Bus, der DMA-Geräte erlaubt. Darum ist er lange Zeit schneller als USB gewesen und Firewire-Geräte haben außerdem das System weniger ausgebremst als USB-Geräte: Die Firewire-Devices mußten sich halt nicht von der CPU byteweise die Daten füttern lassen, sondern haben stattdessen parallel zur CPU ihre Daten ins System gebulldozert.\nWenn man also am Firewire-Port von Rechner a keine normale Festplatte anschließt, sondern etwa einen zweiten Rechner b, dann kann dessen CPU ein beliebiges Programm auf Rechner b ausführen, das auf beliebige Bytes von Rechner a lesend oder schreibend zugreift.\nDMA ist ein Mechanismus, der anderen Geräten an CPU und MMU vorbei Speicherzugriff erlaubt. Dadurch sind alle Speicherinhalte dem externen Gerät ungeschützt zugänglich.\nIst das überraschend? Nein.\nIst das neu? Nein. Software dafür ist seit 2003 als Open Source zu bekommen.\nIst die Empfehlung aus dem Spiegel-Artikel sinnvoll?\nAllerdings, merkt Passware selbst an, kann man dem Passwortklau mit zwei simplen Maßnahmen einen Riegel vorschieben. Zum einen sollte man die Funktion \u0026ldquo;Automatische Anmeldung\u0026rdquo; im \u0026ldquo;Kontrollfeld Benutzer \u0026amp; Gruppen\u0026rdquo; deaktivieren. Zum anderen sollte man den Computer in Pausen komplett abschalten, statt ihn nur in den Ruhezustand zu versetzen. Dann haben auch gut ausgerüstete Passwortdiebe keine Chance mehr.\nGeht so. Zwar ist es sinnvoll, die automatische Anmeldung zu deaktivieren, um die Systemsicherheit zu erhöhen (alternativ den Bildschirmschoner mit einem Paßwort zu versehen) und auch den Rechner abzuschalten statt suspend zu verwenden.\nAber solange der Rechner läuft ist nicht der Klau des Paßwortes die eigentliche Gefahr. Sondern die Tatsache, daß einem ein wildgewordenen Firewire Device, das man anschließt, jedes beliebige Byte auslesen oder übermalen kann. Mit Paßworten muß sich da keiner aufhalten, wenn man das ganze System ersetzen oder verändern kann.\nSiehe auch hier für andere Zugriffe mit DMA.\n","date":"2011-07-27T00:00:00Z","href":"https://blog.koehntopp.info/2011/07/27/was-ist-eigentlich-firewire-dma.html","tags":["hack","hardware","security","lang_de"],"title":"Was ist eigentlich Firewire DMA?"},{"categories":null,"content":"Die Polizei wird persönlich schreibt die taz, und:\nWie aus einer nun veröffentlichten Antwort des sächsischen Innenministeriums auf eine Kleine Anfrage des Landtagsabgeordneten Henning Homann (SPD) hervorgeht, haben die Ermittlungsbehörden inzwischen in über 40.000 Fällen die Namen, Adressen und Geburtsdaten, also sogenannte Bestandsdaten von Handynutzern ermittelt, die im Februar anlässlich zweier Großdemonstrationen in Dresdens Innenstadt telefoniert haben. Bislang hatte das sächsische Innenministerium lediglich von 460 Fällen gesprochen.\nDie Exekutive in Sachsen läuft offenbar Amok und kennt weder Maß noch interessiert sie sich viel für Regelungen den Einsatz ihrer technischen Mittel betreffend.\nVergleiche 1 , 2 , 3 und auch noch 4 .\n","date":"2011-07-25T00:00:00Z","href":"https://blog.koehntopp.info/2011/07/25/vertrauensverschiss.html","tags":["privacy","politik","lang_de"],"title":"Vertrauensverschiß"},{"categories":null,"content":"Der vielfach unterschätzte Michael Seemann erklärt der Spackeria, warum es sie gibt:\nWarum wir Dinge ins Internet schreiben :\nAber viele fühlen sich von der Optionsvielfalt überfordert oder lassen sie von vornherein links liegen, indem sie sich auf ein Shampoo festlegen. Es scheint fast so, als gäbe es für Shampoosorten ebenfalls eine Art Dunbars Number. \u0026hellip; Wenn jetzt also ein Grenznutzen der Optionsvielfalt zu beobachten ist, ist es auch nach Kellys Formel nicht mehr möglich, die individuelle Freiheit zu erweitern. Aber vielleicht sind ja ähnliche Mechanismen möglich, wie in Social Networks. Bislang verwendete die Wirtschaft die Informationen über uns nur, um die Werbung für uns anzupassen. Aber was ist, wenn sie anfängt die Produkte anzupassen? Ich will mich im Supermarkt nicht damit beschäftigen, was für eine Haarsorte ich habe – trocken, fettig, glänzend, gelockt, spröde, etc. Ich will eigentlich überhaupt nicht in den Supermarkt gehen müssen. “Nehmt euch die Information über mein Haar und stellt mir was anständiges in die Dusche!”\nLiest Du das KarstadtQuelleKaufhofNeckermann? Ja, Du. Dein Katalog, wieso zeigt er mir Schuhe, die mir nicht passen, überhaupt an? Wieso zeigt er mir Schlipse, die mir nicht stehen, überhaupt an? Ich will den Scheiß nicht sehen, den ich nicht brauchen kann, außer ich frage ausdrücklich danach, weil ich gerade ein Geburtstagsgeschenk suche für jemanden, den ich nicht ausstehen kann. Und dann will ich das GoogleFacebookPlaxoProfile von dieser Person importieren und nur noch Dinge sehen, die für diesen Anwendungsfall in Frage kommen.\nLiebe Konzerne, ihr sammelt bei weitem nicht genug Daten über mich. Und die die ihr habt, ihr benutzt sie nicht. Darum geht ihr mir auf den Geist.\nIch glaube schon, dass das die Zukunft ist, egal, was Datenschützer sagen.\nIch bin mir ziemlich sicher, daß der Zukunft egal ist, was die Datenschützer über sie sagen.\nDas gilt ganz besonders für die von Seemann vorhergesagte 4chan-Oper.\n","date":"2011-07-21T00:00:00Z","href":"https://blog.koehntopp.info/2011/07/21/die-query-schl-gt-zur-ck.html","tags":["lang_de"],"title":"Die Query schlägt zurück"},{"categories":null,"content":"Hach.\nIch nehme an, ihr habt sowieso Pagetable im Feedreader. Wenn nein, dann sei Euch The story of FCopy for the C-64 von Thomas Tempelmann ans Herz gelegt. Das waren noch Zeiten\u0026hellip;\nUnd weil wir gerade bei der Nostalgie sind: Die Geschichte von Ethernet bei Wired.\nUpdate: Nachfolge-Artikel .\n","date":"2011-07-17T00:00:00Z","href":"https://blog.koehntopp.info/2011/07/17/fcopy-commodore-64.html","tags":["damals","commodore","lang_de"],"title":"FCopy (Commodore 64)"},{"categories":null,"content":"Google plant die Super-Datenbank schreibt die SZ, Google rückt dem Benutzer noch mal näher schreibt die Zeit und Fefe verlinkt bloß, ohne zu recherchieren . Tarzun hat recherchiert , gelesen und verstanden, und darum brauche ich den Artikel nicht zu schreiben.\nStattdessen bei tarzun lesen, was wirklich passiert ist und mit dem vergleichen, was unsere leistungsgeschützten \u0026ldquo;Qualitätsmedien\u0026rdquo; draus machen.\nUpdate: Zum selben Thema ein Dialog im IRC:\nA hat mal bei einer Firma angerufen. B\u0026gt; Aha?\nA\u0026gt; Die sagten \u0026ldquo;Fuer 50.000 Datensätze echter Personen mit persönlichen Daten 100 EUR\u0026rdquo;. Rechnet man das mal auf Facebooks Profile hoch (750 mio), davon 10% wahrscheinlich Fake, dann wird das plötzlich ganz wenig. Auf jeden Fall sind 1,5 Mio EUR jetzt nicht gerade die Bombe.\nB\u0026gt; Google: \u0026ldquo;Wir verdienen mehr Geld damit, Eure Datensätze zu behalten.\u0026rdquo; meinst Du?\nA\u0026gt; Davon kann man nicht mal die Angestellten bezahlen. Ziehst Du 10% ab, wird\u0026rsquo;s plötzlich ganz uebel. Wobei, nicht /ganz/, aber lachenswert. \u0026ldquo;Nichtmal anderthalb mio, muahahaha\u0026rdquo;.\nA\u0026gt; Ich meine, klar, die koennten das wohl sogar an andere Firmen noch verkaufen. Und damit halt noch einen Vielfachfaktor einbauen. Aber das rentiert /nicht mal dann/.\nB\u0026gt; Laß es 100mio sein und vergleiche das mit Googles Quartalszahlen.\nA\u0026gt; LOL, eben. Da fehlen einfach noch ein paar 0en.\nI\u0026gt; A: Ein Kundenprofil ist so viel Wert wie Du potentiellen Gewinn damit machen kannst, das ist sehr variabel. Aber Umsatz pro kunde bei Amazon ist dreistellig im Mittel, bei den anonymen Amazonikern sogar vierstellig. Da muß man natürlich nun auch auf die Margen sehen, die sind im Einzelhandel eher dünn.\nI\u0026gt; A: Will sagen: 50k echte Personen sind sehr unspezifisch. Aber 50k Kundenrecords von High-Volume Voice Kunden aus der E+ datenbank an, sagen wir T-Mobile verkaufen\u0026hellip; Das ist dann schon sehr substantiell.\nA\u0026gt; ok. ja.\nI\u0026gt; A: Oder halt 50k Kundenrecords von BMW Erstwagenkäufern an Mercedes und Audi.\nB\u0026gt; I: Aber das ist doch ein Deal, den Google genau einmal machen kann, oder?\nI\u0026gt; Ja. Ja, das ist vielen Leuten nicht klar. Gehandelte Unternehmen unterliegen sehr weitgehenden Wirtschafts- und Datenschutzprüfungen, in den USA wie auch hier.\nI\u0026gt; Schon alleine um die Nachhaltigkeit ihres Geschäftsbetriebes sicherzustellen. Also im Sinne von \u0026lsquo;ist der Aktienkurs denn auch gerechtfertigt mit Blick auf die Zukunft\u0026rsquo;. Zudem muß bei Einnahmen ja auch verbucht werden wofür. Die können sich nicht mal so 100 Mio aus dem Arsch ziehen.\nI\u0026gt; Das ist aber ein Artikel, den ich schon ganz lange mal schreiben will und wo ich nie zu gekommen bin, das ist mir einfach zu fachfremd. Also, die rechtliche und wirtschaftliche Seite, ich habe das nur von der Security Engineer/Privacy Watchdog Seite von Innen gesehen. Ich bearbeite das Log hier mal und hau das nach +, warum nicht mal was Kollaboratives versuchen.\n","date":"2011-07-14T00:00:00Z","href":"https://blog.koehntopp.info/2011/07/14/google-verkauft-deine-daten-an-den-teufel.html","tags":["google","internet","advertising","lang_de"],"title":"Google verkauft Deine Daten an den Teufel!"},{"categories":null,"content":"Niemand käme auf die Idee, Gas, Wasser, Scheiße und Strom mit einem Flatrate-Tarif einzukaufen. Andererseits haben wir eine recht gute Vorstellung von den Einheiten und Mengen ,\ndie unser Haushalt dort verbraucht. Meßgeräte, die bei Stromversorgern kostenfrei ausgeliehen werden können, können auch Verbrauch auf einzelne Geräte runterbrechen.\nAndererseits haben wir uns irgendwie abgewöhnt, bei Telefon und Internet zu messen und zu verstehen, was wir da warum tun. Das ist auf viele verschiedene Weisen falsch - im Festnetz wie im Mobilnetz.\nWenn man weiß, wie man ein Gerät nutzt , dann versteht man sich selbst besser und man kann auch besser einkaufen. Und erzeugt langfristig auch Tarife, die im Markt selbst Bestand haben, statt irgendwelche Leute dazu einzuladen, einem die Verbindung zu managen, daß es nur so kracht.\nAlso, Philip Engstrand und ihr anderen Leser hier: Wie viel Traffic macht ihr so im Monat - mit Eurem DSL daheim, Eurem Handy und Eurem Dedi ? Was sind das effektiv für Gigabytepreise, wenn Ihr Eure Flatrate mal auf-dividiert? Hat Eure Flat Trafficlimits, Weitergabeverbote, gesperrte Dienste oder Adressen?\nArt Traffic Heim-DSL 45-60 GB/Monat Handy 3G um die 800 MB/Monat Handy Wi-Fi um die 5 GB/Monat Dedi 3-4 GB/Tag Blogdedi, 2-3 GB/Tag Maildedi ","date":"2011-07-12T00:00:00Z","href":"https://blog.koehntopp.info/2011/07/12/verstehe-dein-netz-besser-deine-flatrate-entm-ndigt-dich.html","tags":["internet","netzneutralität","politik","lang_de"],"title":"Verstehe Dein Netz besser - Deine Flatrate entmündigt Dich!"},{"categories":null,"content":"Als Utility hat man es schon schwer. Man stellt ein Produkt oder eine Dienstleistung als Schüttgut zur Verfügung und kassiert dafür Kleckerbeträge. Die Rechnungsstellung und Zahlungskontrolle ist zum Teil so teuer, daß die Kosten dafür die Einnahmen aus kleineren Rechnungen übersteigen. Das jedenfalls war einer der Gründe, warum Telefon- und Stromfirmen an der Automatisierung dieser Vorgänge interessiert waren und sich zum Beispiel mit der Entwicklung von Betriebssystemen beschäftigt haben.\nWovon jedes Utility träumt: Das Produktschüttgut differenzieren - am Besten sogar real und nicht in einer Pseudodifferenzierung, etwa Gelben Strom . Wie wäre es also, wenn eine Stromfirma Preise unterschiedlich festlegen könnte, je nachdem, was man mit dem gezogenen Strom macht. Kilowattstunden für den Betrieb von Fernsehern und Rechnern zum Beispiel könnte man teurer bepreisen als sagen wir Kilowattstunden zum Kochen oder zur Bereitung von Essen.\nIrrsinn? Noch ja.\nAndererseits ist es genau das, was man am Ende bekommt, wenn man sich nicht darum kümmert, die Netzneutralität zu erhalten. Dann ist eine Kilowattstunde keine Kilowattstunde mehr, sondern eine Fernseh- oder Kochkilowattstunde. Und ein Gigabyte ist kein Gigabyte mehr, sondern ein Videostreaming- oder ein Email-Gigabyte. Verkauft wird uns das als Netzneutralität mit Diensteklassen - Gigabytes erster und zweiter Klasse.\nStatt also das Netz auszubauen und die Kapazitäten dem Bedarf anzupassen bekommen wir ein System, das Unterversorgung monetarisiert. Das ist ja mal eine Schlaue Idee™.\n","date":"2011-07-09T00:00:00Z","href":"https://blog.koehntopp.info/2011/07/09/wenn-eine-kilowattstunde-keine-kilowattstunde-ist-und-ein-gigabyte-kein-gigabyte.html","tags":["internet","netzneutralität","politik","lang_de"],"title":"Wenn eine Kilowattstunde keine Kilowattstunde ist und ein Gigabyte kein Gigabyte"},{"categories":null,"content":" Werte für 2011 linear interpoliert.\nKindle und elektronische Inhalte nicht enthalten. Amazon.com nicht enthalten. Käufe über das Konto meiner Frau nicht enthalten.\n","date":"2011-06-20T00:00:00Z","href":"https://blog.koehntopp.info/2011/06/20/anonyme-amazoniker.html","tags":["internet","lang_de"],"title":"Anonyme Amazoniker"},{"categories":null,"content":"Douglas Hofstadter erwähnt in seinem Megamagicum das Spiel Nomic von Peter Suber (The paradox of self-amendment ).\nBei Nomic geht es darum, die Regeln eines Spiels regelkonform so zu ändern, daß man gewinnt. Das Spiel ist also total selbstbezüglich und es gibt nichts im Spiel außer den Regeln des Spiels selber, das wichtig ist - auch wenn der gerade aktive Regelsatz zu einem Zeitpunkt das möglicherweise verschleiert.\n\u0026ldquo;Nomic\u0026rdquo; ist auch ein failure mode von Diskurs- und Diskussionsystemen.\nDabei geht es den NOMIC-Spielern um zwei Dinge: Zum einen darum, die Regeln der Gemeinschaft so zu verändern, daß ihr Standpunkt oder ihre Gruppe favorisiert wird, und zum anderen durch laufende Metadiskussion konkrete themenbezogene Arbeit lahmzulegen und den Gegner zu zermürben, weil es dieser Gruppe opportun erscheint, den Status Quo beizubehalten und Veränderungen zu verzögern. Oder einfach um den Teilnehmerkreis der Diskussion auf Leute zu verengen, die hauptamtlich Gremienarbeit machen wollen - das kann aus vielerlei Gründen ein politisches Ziel einer Gruppe sein (Siehe auch Meta is murder ).\nTypische Beispiele für diese Art des herbeigeführten Systsemversagens sind Admin-Gruppen im (speziell auch deutschsprachigen) USENET, zunehmend die Piratenpartei und - durchaus absichtlich so konstruiert - die EIDG .\nIn meinem Folienset zum Thema Flames versuche ich zu erklären, was genau der failure mode \u0026ldquo;Flame\u0026rdquo; in einem Onlineforum ist und wie er entsteht. Ich behaupte, daß man eine Onlinekultur erschaffen kann, die Flames verhindert und in konstruktives Verhalten umwandeln kann. In einem offenen System wie dem USENET fehlen repressive Instrumente und man muß ausschließlich positiv und appellativ arbeiten. Das erscheint anfangs mühsam, ist aber eine Form von respektbasierter Kommunikation (im Gegensatz zu angstbasierter Kommunikation), und daher weitaus nachhaltiger.\nIch zeige an zwei Beispielen, de.comp.lang.php und de.rec.spiele.rpg.misc zwei Methoden zur Organisation einer Community. Beide Verfahren basieren auf der Bildung einer FAQ zur Bildung von Erinnerungsvermögen und zur Kondensation eines Satzes von Regeln und Erkenntnissen der Gemeinschaft und damit zur Bildung von Referenzpunkten. Um diese Referenzpunkte herum bilden sich Mechanismen, an denen Neulinge akzeptables Verhalten lernen können und an denen die Gemeinschaft ihre Verhaltensnormen weiterentwickelt.\nAn einem dritten Beispiel de.talk.bizarre zeige ich, wie eine kleine Gruppe mit guter Kommunikation (\u0026ldquo;Der Hohe Rath Der Dreizehn Weisen Vom Feed\u0026rdquo; und \u0026ldquo;Die Allianz Wieder Den Hohen Rath\u0026rdquo; als deren scheinbarer Gegner, in Wahrheit eine zweite Marke des Rathes) und dem Willen zu disruptiver Kommunikation (\u0026ldquo;Online Performance Art\u0026rdquo;) einerseits die Themen eines Diskussionsforums dominieren kann, andererseits lange Zeit mit einer rein oralen Tradition Leute integrieren kann (\u0026ldquo;Wahrheitsfindung ohne Wahrheitsnennung\u0026rdquo;) und wie eine solche Gruppe NOMIC-Spieler in anderen Gruppen durch offensive Mißachtung oder Parodie von etablierten Marken und Prozessen ineffektiv machen kann (\u0026ldquo;Out-of-area Einsätze\u0026rdquo;, Scheitern des rmgroup de.talk.bizarre mit der Begründung \u0026ldquo;Das wollen die doch genau erreichen\u0026rdquo;). Ähnliche Methoden werden in Teilen des aktuellen politischen Diskurses eingesetzt, wenn ein Mißbrauch von Institutionen festgestellt wird (Apfelfront , Storch Heinar , aber auch Die PARTEI ).\nDiese dritte Methode funktioniert gegen NOMIC-Spieler, weil sie die Versuche der NOMIC-Spieler, Zeit und Aufwand zu binden und Spaß aufzufressen ignoriert, die Zermürbung also negiert, und die Bemühungen der betreffenden Personen lächerlich macht.\nIn sehr großen Communities wie etwa Stack Overflow sind rein appellative Systeme oft nicht mehr ausreichend. Einmal binden sie unökonomisch viel Aufwand auf der Seite des Community-Managements, zum anderen ist je mehr Personen die Community umfaßt die Wahrscheinlichkeit um so größer, daß sich dort auch pathologische Persönlichkeiten einfinden, bei denen jeder rein appellative Ansatz aussichtslos ist. Jeff Atwood diskutiert in Suspension, Ban or Hellban? (auch die Kommentare lesen und den Links folgen!) Methoden, die bei zentralistisch gesteuerten Foren eingesetzt werden können, um den Fokus zu erhalten und zu verhindern, daß unerwünschte Meme in der Gemeinschaft Fuß fassen können.\nZusätzlich zu diesen repressiven Mechanismen setzen solche Systeme auch positive Mechanismen ein - sie haben ein Reputationssystem , das Privilegien und Powers auf der Site graduell freischaltet. Doch auch solche Mechanismen ziehen Spieler an, in diesem Fall keine NOMIC-Spieler, sondern Gamer . Das sind Personen, die an einem solchen System teilnehmen um der Belohnungen oder der Dritteffekte, die so ein Status haben kann willen, wenn das eigentliche Ziel war, Inhalte und konstruktive Interaktion zwischen Personen zu fördern.\nAuch wenn Gamer nicht aktiv destruktiv sein müssen, so gibt es doch Erkenntnisse, die zeigen, daß sie Bias generieren, und daß Feedback aus solchen Bewertungssystemen generell die Qualität der Diskussion negativ beeinflußt (Original Paper ), weil so ein Feedback Gamer erzeugt.\nDie Frage ist, ob und wie sich Techniken aus diesem Repertoire der Community-Steuerung auf den politischen Diskurs anwenden lassen ohne ihn zu zerstören oder Bias zu erzeugen. Tarzun reagierte auf meinen Link zum Hellban-Artikel mit\nund daraus entspann sich der folgende Dialog:\n@isotopp : Ich bin mir ziemlich sicher, daß diese Methoden in politischen Diskussionen keinen legitimen Platz haben. @tarzun : Och, für ML und Foren fänd ich das schon sinnvoll. \u0026ldquo;Echte\u0026rdquo; Politik findet da eh nicht statt, dazu gibt es ja LiquidFeedback hust @tarzun : Piraten sind aktuell eh mehr Community denn Partei. Aber das wird Twitter zu lang. Ich muß mal wieder bloggen. @isotopp : Die Frage ist, wie man Moderation bewirken kann, die Trolle von politischen Gegnern trennt und das transparent genug hinbekommt. @isotopp : Ziel muß sein, Zeitsenken zu eliminieren, aber kein Tool zu bauen, das politische Gegner mundtot machen kann. @isotopp : Ich sehe nicht, wie das gehen kann. @tarzun : Läuft wohl auf \u0026ldquo;community driven\u0026rdquo; hellbans hinaus, wo (echte) Trolle wirklich in jedem Killfile landen. Aber es ist schwer, ja. @isotopp : Nein. Entweder es ist wirksam. Dann killt eine Majority Minority Opinions. @isotopp : Oder es ist nicht wirksam. Dann benutzen es nur Überengagierte mit guter Systemkenntnis -\u0026gt; also Trolle. @tarzun : Hmm. In einer liquiden Orga könnte man die \u0026ldquo;Moderationsmacht\u0026rdquo; per \u0026ldquo;Delegation\u0026rdquo; vergeben und bei Mißbrauch entziehen. Die Frage ist also, wie kann man die Diskussions- und Arbeitskultur der Piratenpartei sanieren und entgiften, so daß man den Piratenerosionszähler (Begriff von @tarzun ) zum Stoppen bekommen kann.\n","date":"2011-06-05T00:00:00Z","href":"https://blog.koehntopp.info/2011/06/05/die-nomic-spieler.html","tags":["community","piraten","lang_de"],"title":"Die NOMIC-Spieler"},{"categories":null,"content":" Johannes Caspar, Hamburgischer Beauftragter für Datenschutz und Informationsfreiheit, sieht durch die Einführung des Internetprotokolls IPv6 den Datenschutz im Internet gefährdet. Er fordert den Gesetzgeber dazu auf, die Provider dazu zu verpflichten, dass sie IP-Adressen weiterhin dynamisch vergeben. \u0026ndash; Heise Netze Schon seit vielen Jahren versteifen sich Sicherheitsbehörden, Abmahnszene und viele andere Leute auf die Idee, daß eine IP-Nummer (zu einem gegebenen Zeitpunkt) eine Person identifiziert. Das führt fast schon traditionell zu abschreckenden Hausdurchsuchungen bei Betreibern von tor-Servern und anderen seltsamen Randerscheinungen.\nNicht ganz so lange, aber schon fast so lange gibt es die Erkenntnis, daß so eine IP-Nummer irgendwie gar nix beweist auch wenn das den entsprechenden Bedarfsträgern weitgehend egal ist .\nAnders herum hätten wir nun mit IP V6 endlich die Gelegenheit, feste IP-Nummern und sogar Netze für daheim zu bekommen und so allen möglichen Arten von Diensten aufzubauen, die vorher nur unter Schmerzen und Performanceproblemen zu realisieren waren. Nun kehrt sich die Sachlage um, und Datenschützer sind der Meinung, daß eine IP-Nummer irgendetwas beweist und wollen daher statische IP-Nummern weg haben.\nDie Logik erschließt sich mir nicht. Wenn ich Anonymität haben will, dann muß ich sie selber erzeugen . Das wissen eben genau diese Datenschützer auch, haben sie doch selber AN.ON selbst betrieben und tor propagiert, und an Papieren über Anonymitätdefinitionen mitgewirkt.\nDie Einlassungen von Herrn Caspar sind auf viele verschiedene Weisen unsagbar dumm. Er propagiert mit seiner Forderung die vollkommen falsche Idee, dynamische IP-Nummern würden vor irgendetwas schützen, wenn es darauf ankäme: Inhaber einer dynamischen IP-Nummern zu einem gegebenen Zeitpunkt sind aufdeckbar und identifizierbar, die benutzten Werkzeuge sind auch ohne IP-Nummer trackbar, und Personentracking funktioniert oft mit mehreren Signalen, etwa Browserstrings, Cookies und Flash-Cookies. IP-Nummern zu wechseln hat keine Schutzwirkung.\nDer Verzicht auf statische IP-Nummern hat außerdem den Nebeneffekt, daß damit das Anbieten von dezentralen, selbst betriebenen Diensten erschwert wird, und das Internet als Konsumenten-Anbeiter-System statt Peer-2-Peer System zementiert wird. Caspar, der Datenschützer, spielt so großen, zentralisierten Diensteanbietern außerhalb der Jurisdiktion von Deutschland in die Hände.\nDiese Art von Datenschutz schützt niemanden. Im Gegenteil, sie ist Bestandteil des sich selbst erhaltenden, innovationsfeindlichen \u0026ldquo;Systems Datenschutz\u0026rdquo; in Deutschland, und genau der Grund für das Entstehen der Spackeria (@fasel bei der Spackeria zum selben Thema ).\n","date":"2011-06-05T00:00:00Z","href":"https://blog.koehntopp.info/2011/06/05/ip-v6-verkehrt.html","tags":["privacy","identity","internet","ipv6","politik","privacy","spackeria","lang_de"],"title":"IP V6 verkehrt"},{"categories":null,"content":"Heute gibt es hier alten Scheiß: Vor vielen Jahren, in einem anderen Leben, habe ich im Rahmen der Ausbildung von Auszubildenden und Neuanstellungen eine Reihe von Slides produziert, die einige Grundlagen der Kryptographie erläutern, ohne daß das Ganze übermäßig mathematisch werden würde. Den Text zu diesem Vortrag habe ich nie veröffentlicht, das hole ich hier einmal nach.\nZiel des Textes war es einmal, den Leuten bestimmte kryptographische Primitive und ihre Anwendung deutlich zu machen sowie die Rechtslage mit der Technik zu verknüpfen.\nWeil ich uns allen die Mathematik erspart habe, muß man einige Annahmen glauben, anstatt sich durch die entsprechenden mathematischen Beweise zu kämpfen. Und zwar muß man glauben, daß es Algorithmen gibt, die in einer Richtung leicht und mit wenig Aufwand durchzuführen sind (etwa die Multiplikation einiger Zahlen), aber in der umgekehrten Richtung sehr aufwendig sind, weil keine Abkürzung existiert (etwa die Umkehrung einer Multiplikation: die Bestimmung der unbekannten Faktoren, die ein bestimmtes bekanntes Multiplikationsergebnis ergeben).\nMit Hilfe solcher Algorithmen kann man dann Verschlüsselungssysteme bauen.\nDie Mathematik, die dem zugrunde liegt, ist von den Mathematikern auch sehr gut verstanden und allgemein bekannt und untersucht. In der Regel ist es auch nicht die Mathematik, die defekt ist, wenn ein Kryptosystem gehackt wird, sondern es ist die umgebende Infrastruktur, die kaputt geht: Zufallszahlengeneratoren, die keine zufälligen Zahlen produzieren oder Verwaltungssysteme für geheime Schlüssel, die geheimzuhaltende Daten herausgeben. Oder halt der Fehler, sich selbst einen Verschlüsselungsalgorithmus auszudenken ohne die entsprechende Mathematik zu beherrschen.\nAber von vorne:\nEine der Grundaufgaben in der Kryptographie ist ein Sender, Andreas, der einer Empfängerin, Birgit, eine Nachricht senden möchte, ohne daß Dritte mithören können. Die Nachricht wird als Message (M) bezeichnet. Verschlüsselt wird sie mit einer Verschlüsselungsfunktion, die allgemein bekannt und gut untersucht ist, und diese Funktion braucht einen geheimen Schlüssel, den Key (K).\nMathematiker sind faule Säue, sie können sich nicht einmal aufraffen, Multiplikationspunkte zu schreiben (und schreiben also A*B einfach als AB). Entsprechend sollten sie die Formel C = f(K, M) (der verschlüsselte Ciphertext C ergibt sich aus der Anwendung der Verschlüsselungsfunktion f, die die Nachricht M und den Schlüssel K als Parameter hat) schreiben. Stattdessen notieren sie oft falsch C = K(M), als ob K eine Funktion und nicht der Schlüssel wäre.\nAndreas verschlüsselt seine Nachricht an Birgit, weil er sich bedroht fühlt.\nWenn man sich mit Sicherheitsdingen beschäftigt, ist es wichtig, diese Bedrohung auszuformulieren und die Ziele und Fähigkeiten des Angreifers zu benennen. Nur aus diesen Listen kann man die Gefahren ableiten und dann sagen, ob bestimmte vorgeschlagene Maßnahmen eine sinnvolle Abwehr gegen die Bedrohung darstellen oder nicht.\nMan kann diesen Effekt gar nicht genug betonen: Wenn man sich mit Laien (oder in der Politik) über Bedrohungen unterhält, dann diskutieren diese Sicherheit oftmals in den Begriffen von Maßnahmen, anstatt über Angreifer, Bedrohungen, Eintrittswahrscheinlichkeiten und Schadenshöhen zu reden und die Maßnahmen anhang dieser Dinge auszuwählen oder zu bewerten. Das erzeugt dann jede Menge operative Hektik, verbessert die Sicherheit aber in der Regel kein Stück.\nDas Schutzziel eines Kryptosystems ist gewissermaßen das Gegenteil eines Angriffes:\nEin Kryptosystem kann das Ziel haben, den Inhalt einer Nachricht geheim zu halten, d.h. nur der Absender und der Empfänger einer Nachricht können ihren Inhalt kennen, Dritte nicht. Eine schwächere Forderung wäre, eine Nachricht integer zu halten, also Veränderungen der Nachricht durch Dritte erkennbar zu machen. Eine stärkere Forderung wäre, nicht nur den Inhalt einer Nachricht vertraulich zu halten, sondern die Tatsache, daß zwei bestimmte Personen überhaupt miteinander kommuniziert haben zu verbergen - Unbeobachtbarkeit.\nMan kann fordern, die Identitäten des Senders und des Empfängers voreinander zu verbergen - dann hat man Anonymität. Oder man kann fordern, daß die Identitäten des Senders und des Empfängers beweisbar bekannt und unfälschbar sind, dann bekommt man Authentizität.\nMan kann fordern, daß ein System durch gefälschte oder defekte Nachrichten nicht offline gezwungen werden kann, daß es also verfügbar bleibt.\nAngreifer können versuchen, diese Schutzziele zu vereiteln, etwa indem man ihnen die Fähigkeit zugesteht, die Kommunikation mitzuhören, mitgehörte Nachrichten wiederholt abzusenden, Nachrichten zu verändern, sich in die Kommunikationskette zwischen Sender und Empfänger einzuschleichen und sich für die jeweilige Gegenstelle auszugeben, oder indem sie versuchen, die Kommunikation zwischen den beiden Parteien zu unterbrechen.\nMan kann sehr starke Angreifer konstruieren, indem man ihnen die Fähigkeit zugesteht, die Hardware oder Systemsoftware des Senders oder des Empfängers von diesem unbemerkt zu verändern.\nUnd man muß Einsatzzwecke von Kryptographie unterscheiden: Es besteht ein grundlegender Unterschied in den Anforderungen zwischen Transportverschlüsselung (etwa das Abrufen von Webseiten über SSL) und Speicherverschlüsselung (etwa dem Ablegen von Dateien auf einer verschlüsselten Festplatte).\nBei Transportverschlüsselung hat man in der Regel die Anforderung, daß es keine \u0026lsquo;Key Recovery\u0026rsquo; geben darf - nur der Sender und der Empfänger sollen den vereinbarten Schlüssel K kennen.\nBei Speicherverschlüsselung dagegen hat man vielfach weitergehende Anforderungen. Ein Arbeitgeber zum Beispiel wird auf den Laptops seiner Mitarbeiter nicht Festplattenverschlüsselung ausrollen können, wenn er nicht die Möglichkeit hat, auch ohne Kooperation des Mitarbeiters auf dessen dienstliche Daten zugreifen zu können. Ohne diese Möglichkeit besteht sonst die Gefahr, daß betriebskritische Daten für die Firma nicht mehr im Zugriff sind, wenn der Mitarbeiter erkrankt oder sonstwie nicht mehr verfügbar ist. Diese Situation ist für eine Firma klar nicht akzeptabel, daher müssen solche Systeme immer \u0026ldquo;Key Recovery\u0026rdquo; erlauben, also eine \u0026ldquo;Hintertür\u0026rdquo; haben, die - und das ist der entscheidende Punkt - unter der Kontrolle der Firma steht.\nSpeicherverschlüsselung ohne Key Recovery ist wertlos, und das entscheidende Merkmal bei der Diskussion über Key Recovery ist nicht, daß sie existiert, sondern wer die Kontrolle über die Recovery Keys hat.\nAuguste Kerckhoffs hat 1883 das Kerckhoffsche Prinzip formuliert. Kerckhoffs war ein früher Kryptograph, und hat kryptographische Verfahren untersucht und eine Reihe von Anforderungen an Kryptosysteme formuliert.\nIn einer modernen Formulierung besagt das Kerckhoffsche Prinzip, daß die Sicherheit eines Kryptosystems nicht von der Geheimhaltung des verwendeten Algorithmus abhängen darf, sondern nur von der Geheimhaltung der verwendeten Schlüssel abhängen darf.\nIn einer schärferen Formulierung kann man sogar sagen, daß ein Kryptosystem, dessen Algorithmen nicht allgemein bekannt und durch viele anerkannte Kryptographen untersucht und bestätigt worden sind wahrscheinlich unsicher ist und nicht verwendet werden sollte.\nWir können nach dem heutigen Stand der Mathematik nicht beweisen, daß ein Algorithmus unangreifbar ist. Wir können lediglich unsere hellsten Köpfe auf einen Algorithmus loslassen. Wenn die dann alle scheitern (und was das bedeutet klären wir gleich), dann ist der Algorithmus wahrscheinlich zur Zeit sicher.\nEs gibt in der Geschichte der Kryptographie eine ganze Menge Beispiele für recht prominent selbstgekochte Kryptosysteme, bei denen die Algorithmen nicht ausreichend untersucht worden sind und die sich dann im Nachhinein nicht als sicher erwiesen haben.\nDas CSS -System zur Verschlüsselung von DVD-Inhalten ist zum Beispiel ein solches System: Nicht nur ist seine Schlüssellänge mit 40 Bit sowieso zu kurz, sondern durch eine Analyse des Algorithmus, die bei der Erschaffung von CSS nicht ausreichend durchgeführt worden ist, ist es gelungen, die effektive Schlüssellänge dieser 40 Bit auf 16 Bit zu reduzieren. Damit ist aber ein Angriff auf CSS mit trivialer Rechenleistung möglich und CSS ist in etwa genau so sicher wie Klartext.\nEin anderes Beispiel ist der vom GSM-Konsortium selbstgekochte A5 Algorithmus, mit dem einige Mobilfunkbetreiber GSM-Kommunikation verschlüsselt haben, statt einen anerkannten Algorithmus zu nehmen. Auch die verschiedenen Varianten von A5 sind gebrochen worden und mit diesen (inzwischen nicht mehr verwendeten) Algorithmen verschlüsselte Kommunikation ist abhörbar geworden.\nJedes Verschlüsselungsverfahren läßt sich brechen, indem man einfach alle möglichen Schlüssel durchprobiert. Diesen Angriff nennt man einen \u0026lsquo;brute force\u0026rsquo;-Angriff. Damit er gelingen kann, müssen zwei Dinge gelten:\nEinmal muß man überhaupt mitbekommen, daß man fertig ist.\nBei einem Brute Force-Angriff entschlüsselt man eine verschlüsselte Nachricht (also unlesbaren Bitsalat) mit dem falschen Schlüssel (bekommt also anderen unlesbaren Bitsalat). Erwischt man zufällig den korrekten Schlüssel, bekommt man lesbaren Text - und muß diese Situation erkennen. Das heißt, es hilft, wenn man ein wenig über den Klartext weiß (\u0026rsquo;es handet sich um englischen Text\u0026rsquo;, \u0026lsquo;am Ende des Textes ist eine CRC32 Prüfsumme über alle vorhergehenden Bytes und wenn die Prüfsumme aufgeht, ist die Nachricht korrekt\u0026rsquo;).\nHat man solches Wissen nicht, muß man raten - etwa wenn die Nachricht nur gültige Zeichen in dem und dem Zeichensatz enthält und die relativen Häufigkeiten der Buchstaben in etwa dem Muster englischer Sprache entsprechen, dann ist die Nachricht möglicherweise korrekt entschlüsselt worden und man legt sie einem Operator zur Kontrolle vor.\nIm zweiten Weltkrieg zum Beispiel haben die Engländer die mit der Engima verschlüsselten Nachrichten deutscher U-Boote abgefangen. Diese U-Boote haben wichtige Nachrichten mit dem Flottenkommando ausgetauscht, aber auch Wetternachrichten an das Kommando zurück gesendet. Diese Wetternachrichten waren jedoch mit demselben Schlüssel verschlüsselt, der auch für andere wichtige Nachrichten verwendet worden ist.\nWenn man nun also das Wetter an der Position des U-Bootes kennt und weiß, wie ein militärischer Wetterbericht abgefaßt wird, dann kann man den Klartext der Wettermeldung des U-Bootes recht gut vorhersagen und hat eine gute Stop-Bedingung für einen Brute Force-Angriff.\nZum anderen muß man fertig werden können. Das heißt, der Schlüsselraum (alle möglichen K) muß klein genug sein, daß man im Verhältnis zur Arbeitsgeschwindigkeit seiner Entschlüsselungsmaschine die Möglichkeit hat, alle Schlüssel in einem gegebenen Zeitrahmen durchzuprobieren.\nWenn man weiß, daß die Nachricht etwa das Datum des Angriffes eines Gegners enthält (\u0026lsquo;Angriff im Morgengrauen!\u0026rsquo;), dann ist die Nachricht wertlos, nachdem der Angriff des Gegners erfolgt ist. Ist der Schlüsselraum so groß, daß es unmöglich ist, die verschlüsselte abgefangene Nachricht vor dem Morgengrauen zu entschlüsseln, indem man alle möglichen Schlüssel durchprobiert, dann ist das Verfahren sicher.\nMan muß also die Schlüssellänge so wählen, daß sie der benötigten Schutzfrist gegen einen Brute Force-Angriff genügt. Angenommen, man hätte 1933 elektronisch wählen können und jemand hätte die Wahlnachrichten mit Absenderkennungen damals aufzeichnen, aber nicht entschlüsseln können - wie lange muß ein solches System die Nachrichten dann also gegen Brute Force schützen können (technologischen Fortschritt eingerechnet)? Muß ein militärisches System für taktische Kommunikation (\u0026lsquo;Angriff im Morgengrauen\u0026rsquo;) oder ein elektronisches Wahlsystem sicherer sein? Wieviel sicherer?\nGenau.\nDarum haben wir keine Wahlcomputer und keine elektronischen Wahlen über Netzwerk.\nWenn es neben dem Brute Force-Angriff noch andere Methoden gibt, mit denen man den Schlüssel K ermitteln kann und diese anderen Methoden effizienter sind als Brute Force, dann gilt das System als gebrochen.\nMan beachte, daß das etwas anderes ist als unsicher. Es gibt unsichere Systeme, die nicht gebrochen sind - DES ist so etwas zum Beispiel. DES ist ein Verfahren mit einer Schlüssellänge von nur 56 Bit, und die EFF hat 1998 den Spezialrechner Deep Crack gebaut, um DES in wenigen Stunden zu brute forcen. DES ist aber nicht gebrochen - es ist kein Verfahren bekannt, mit dem es möglich wäre, die 2^56 Schlüssel abzukürzen. Daher kann man unsichere DES noch verwenden, um das sichere und ungebrochene Triple DES zu konstruieren.\nAndererseits existiert der DES-Nachfolger AES . AES 256 hat einen K-Raum mit 2^256 Einträgen, aber AES ist gebrochen - der K-Raum ist auf 2^200 Einträge reduziert, also kleiner als Brute Force. Allerdings ist diese Zahl immer noch zu groß, daß der Algorithmus als sicher gilt.\nDES und AES sind beides symmetrische Verfahren. Das sind Verfahren, bei denen man eine Nachricht mit demselben Schlüssel entschlüsseln kann, den man zur Verschlüsselung verwendet. Man bekommt also den Ciphertext C = K(M), und indem man K noch einmal anwendet, bekommt man die Nachricht zurück: M = K(C), d.h. M = K(K(M)).\nSymmetrische Verfahren haben vergleichsweise kurze Schlüssel: das unsichere DES hat nur 56 Bit, das sichere 3DES hat 112 Bit und AES sollte man mit 256 Bit betreiben, damit es sicher ist. Da die Laufzeit eines Verschlüsselungsalgorithmus in vielen Fällen proportional zur Länge der Schlüssel ist, sind die meisten symmetrischen Verfahren relativ schnell - speziell AES ist außerdem auch so entwickelt worden, daß es sich auf heute üblichen Prozessoren leicht implementieren läßt und ist daher sehr gut geeignet, wenn es auf Geschwindigkeit ankommt.\nDas Hauptproblem von symmetrischen Verfahren ist, daß sich der Sender und der Empfänger auf einen Schlüssel einigen müssen. Wie kommt der Schlüssel K, mit dem Andreas seine Nachrichten an Birgit verschlüsselt, zu Birgit, wenn Andreas doch der Strecke zwischen Andreas und Birgit nicht trauen kann?\nManchmal kann man das Problem dadurch lösen, daß der Schlüssel so angenehm kurz ist: Nehmen wir an, daß Andreas seiner Internet-Verbindung zu Birgit nicht traut, aber seiner Telefonverbindung - dies nennen wir einen sicheren Kanal.\nEine Eigenschaft von sicheren Kanälen ist, daß ihre Kapaziät oft begrenzt ist - entweder in der Menge oder in der Zeit, zu der sie verfügbar sind.\nZum Beispiel ist es für Andreas nicht möglich, Birgit sein neustes, viele hundert Kilobyte großes Paper am Telefon zu diktieren. Er kann aber durchaus die Hex-Repräsentation des von ihm gewählten Schlüssels K diktieren und ihr dann die mit K verschlüsselte Nachricht senden, die das Paper enthält. Das ist ein Beispiel für einen in der Kapazität beschränkten sicheren Kanal.\nOder Andreas hat Birgit im Januar auf einer Konferenz getroffen und mit ihr ein gemeinsames K ausgemacht. Jetzt, im Juni, will er ihr sein Paper senden. Das geht, da die beiden ja einen gemeinsamen Schlüssel K haben. Dies ist ein Beispiel für einen temporal beschränkten sicheren Kanal - damals hatten sie sichere Kommunikation, jetzt nicht.\nEin extremes Beispiel für so etwas hat man, wenn der Schlüssel so lang ist wie die Nachricht selber. In diesem Fall kann man tatsächlich absolut sichere Kommunikation konstruieren: Man nehme einen physikalischen Zufallszahlengenerator, etwa den Zerfall einer radioaktiven Probe, und zeichne die Zahlen auf, 700 MB davon auf einer CD. Dann mache man eine Kopie davon und sende diese mit einem Kurier zum Empfänger oder übergebe diese dem Empfänger, wenn man ihn trifft.\nSpäter, wenn man Bedarf an sicherer Kommunikation hat, sendet man dem Empfänger die Nachricht XOR-codiert mit diesen Zufallszahlen, und streiche diese Zahlen sodaß sie niemals wieder verwendet werden können.\nDieses Verfahren nennt sich One-Time Pad und ist das einzige bekannte Verfahren, das absolut und beweisbar sicher ist. Bedingungen: Der Schlüssel wird niemals wiederverwendet (daher die Notwendigkeit des Abstreichens) und der Schlüssel ist echt zufällig (und nicht von einer Pseudo-Zufallszahlenfunktion berechnet). Leider gibt es sehr viele Anbieter von Verfahren, die sich One-Time Pad nennen, aber entweder den Schlüssel wiederverwenden oder nicht wirklich zufällig bestimmen - diese Verfahren sind leider sehr, sehr leicht brechbar.\nSymmetrische Verfahren haben noch ein anderes Problem, wenn es um Gruppenkommunikation geht: Für jede Kombination von Sender und Empfänger muß man einen anderen Schlüssel vereinbaren, wenn dieses Paar privat und unabhängig von den anderen Paarungen miteinander kommunizieren können soll. Daher hat man bei n Teilnehmern (n*(n-1))/2 mögliche K zu verwalten, bei 100 Teilnehmern also 4950 verschiedene Schlüssel.\nUm dieses Problem besser beherrschen zu können hat man in den 1970er Jahren asymmetrische Verfahren entwickelt. Ein asymmetrisches Verfahren ist eines, bei dem man einen Verschlüssel P und einen Entschlüssel Q hat. Wenn man also den Ciphertext C = P(M) produziert, dann braucht man den anderen Schlüssel Q um wieder an den Klartext zu kommen: M = Q(C), d.h. M = Q(P(M)). Wendet man stattdessen P ein zweites Mal an, bekommt man kein sinnvolles Ergebnis.\nTatsächlich funktioniert die Paarung auch anders herum: Ich kann auch mit Q verschlüsseln und dieses Resultat dann mit P entschlüsseln, d.h. es gilt auch M = P(Q(M)).\nDie Unterscheidung zwischen P und Q ist also nicht technisch-funktional: Ich kann jeweils mit dem einen Schlüssel entschlüsseln, was mit dem anderen verschlüsselt worden ist. Sie ist stattdessen organisatorisch: Den einen Schlüssel, P, mache ich publik. Den anderen, Q, halte ich streng geheim.\nDer Empfänger einer Nachricht kann nun also seinen öffentlichen Schlüssel P publizieren: Birgit macht ihr P allgemein bekannt.\nEin Sender kann sich nun diesen öffentlichen Schlüssel P von Birgit greifen und eine Nachricht an sie verschlüsseln: C = P(M). Es ist nicht möglich, diese Nachricht mit P wieder zu entschlüsseln. Nur Birgit (oder jede andere Person, die aus welchen Gründen auch immer ihr Q kennt) kann die Nachricht wieder in Klartext verwandeln: M = Q(C) = Q(P(M)).\nDie Anzahl der zu verwaltenden Schlüssel ist in so einem Setup deutlich kleiner: Statt 4950 Schlüsseln für 100 Teilnehmer sind nur 100 PQ-Paare zu verwalten, genauer: Es muß ein Verzeichnis von 100 öffentlichen Schlüsseln P der Empfänger bekannt gemacht werden, und die 100 geheimen Schlüssel müssen von den Empfängern auch geheim gehalten werden.\nEin Nachteil: Asymmetrische Verfahren haben deutlich längere Schlüssel als symmetrische Verfahren. Schlüssel sind bis zu 4096 Bit lang. Daher ist auch ihre Verarbeitung sehr viel langsamer, im Schnitt 10-20 mal langsamer als bei den bekannten symmetrischen Verfahren.\nIn der Praxis verwendet man daher meist hybride Verfahren. Bei einem hybriden Verfahren wird symmetrische Verschlüsselung angewendet, um die Nachricht zu verschlüsseln. Der Schlüssel K, mit dem das getan wird, wird dabei zufällig ausgewürfelt und nur ein einziges Mal (oder bei einer stehenden Verbindung nur für kurze Zeit) verwendet.\nDer Empfänger muß K gesagt bekommen - dafür verwenden wir das asymmetrische Verfahren, und das ist schnell, weil die Nachricht selber (es steht nur K drin) recht kurz ist.\nAndreas würfelt sich also einen Key K aus, den \u0026ldquo;Session-Key\u0026rdquo;. Dann greift er sich den öffentlichen Schlüssel P von Birgit und verschlüsselt K damit: P(K). Die eigentliche Nachricht M verschlüsselt er dann mit K, weil\u0026rsquo;s schneller ist: K(M).\nBirgit bekommt die Nachricht \u0026ldquo;P(K) K(M)\u0026rdquo;. Mit ihrem geheimen Schlüssel Q kann sie K = Q(P(K)) ermitteln. Dadurch kennt sie K und kann nun M = K(K(M)) berechnen, und hat nun die Nachricht im Klartext.\nWir können den Session-Key der Nachricht sogar mehrfach voranstellen: Pbirgit(K) Pmarit(K) und so weiter. Alle diese Empfänger können nun ihre Kopie des Session-Key entschlüsseln und die Nachricht decodieren. Dabei muß man sich erinnern, daß K(M) recht lang sein kann, die ganze Nachricht halt. Die einzelnen Kopien des Session-Keys sind jedoch recht kurz.\nDies ist auch die Idee verschiedener DRM-Systeme, um etwa den Inhalt von DVDs zu schützen: Auf der DVD befindet sich der Video-Content mit dem Session-Key der DVD geschützt, viele GB lang. Im Startbereich der DVD ist der Session-Key mit dem geheimen Schlüssel des jeweiligen Player-Lizenznehmers geschützt abgelegt. Der Hersteller mit der Herstellernummer 48 guckt also im 48. Slot vorne auf der DVD nach, entschlüsselt den Session-Key der DVD von dort und kann so die DVD abspielen.\nDas wäre angreifbar in dem Sinne, daß dazu ja der geheime Schlüssel jedes Lizenznehmers in jedem seiner Produke - den Playern - enthalten sein müßte, und tatsächlich hat man diese Schlüssel auch für kurze Zeit aus Software-DVD-Spielern extrahiert, bis man gemerkt hatte, daß das symmetrische Verschlüsselungsverfahren, CSS, auf einer DVD sowieso Schrott ist und man sich das Lesen der Keys aus dem Index vorne auch sparen kann\u0026hellip;\nEs verbleiben zwei zu lösende Probleme:\nErstens: Wir müssen irgendwie sicherstellen, daß der Schlüssel, der uns als der Schlüssel von Birgit im Verzeichnis verkauft wird auch wirklich der Schlüssel ist, der zu Birgits Q paßt.\nZweitens: Bei einigen Nachrichten sollte man sicherstellen, daß nicht irgendjemand auf dem Weg C = K(M) abfängt und ein zweites Mal abspielt.\nWenn Andreas etwa eine Nachricht an Birgit sendet \u0026ldquo;Bitte zahle Kris 100 EUR aus.\u0026rdquo; und Kris fängt diese Nachricht ab, dann kann er Birgit eventuell dazu bringen, ihm jedesmal 100 EUR auszuzahlen, wenn er diese verschlüsselte Nachricht noch einmal sendet.\nDieses zweite Problem läßt sich lösen, indem man der Nachricht eine Folgenummer oder eine Zufallszahl verpaßt, die mit codiert wird - am besten beides. Nachrichten gleichen Inhaltes werden dadurch unterscheidbar und Duplikate können erkannt werden. Es ist natürlich wichtig, daß diese Zahlen mit verschlüsselt werden, damit sie nicht leicht zu ändern sind.\nVerschlüsselungsverfahren arbeiten in Blöcken von x Bits. Nachrichten sind jedoch nicht immer genau Vielfache dieser Blöcke lang. Daher muß man sie durch Füllbytes am Ende zu einem solchen Blockvielfachen auffüllen - das nennt man Padding. Man bekommt eine Nachricht M, die in Wirklichkeit aus Teilnachrichten besteht. Jede Teilnachricht ist einen solchen Block lang: M1 M2 M3\u0026hellip; Mi \u0026hellip; und so weiter.\nDanach wird das Verschlüsselungsverfahren angewendet, und zwar auf jeden Block. Dabei kann jeder Block mit demselben Schlüssel K verschlüsselt werden, oder mit einem Schlüssel, der irgendwie aus dem Startschlüssel K, dem Blockindex i, vorhergehenden Blöcken von Klartext oder Ciphertext oder einem weiteren Startwert (dem Initialisierungsvektor IV, eine weitere Zufallszahl) abgeleitet wird. Je nachdem, wie man sich diese Dinge zusammenbastelt, handelt man sich bestimmte Vor- und Nachteile ein.\nVerfahren, bei denen die Verschlüsselung von Mi nicht von vorhergehendem Klartext oder Ciphertext abhängig sind, sind gut parallelisierbar und sind auch unempfindlich gegen Leitungsstörungen oder Plattenlesefehler, bei denen eventuell einmal ein Block zwischendrin verloren geht.\nVerschüsselt man mit einem festen Schlüssel K (\u0026lsquo;Electronic Codebook\u0026rsquo;, ECB), dann werden zwei Blöcke M1 und M2, die denselben Inhalt haben, auch gleich verschlüsselt - der Klartext der Nachricht scheint im Ciphertext durch.\nKK:~ kris$ dd if=/dev/zero bs=1k count=1 of=x 1+0 records in 1+0 records out 1024 bytes transferred in 0.000088 secs (11639478 bytes/sec) KK:~ kris$ openssl enc -des-ecb -k keks -iv 0 -e -in x -out y KK:~ kris$ ls -l x y -rw-r--r-- 1 kris staff 1024 3 Jun 15:56 x -rw-r--r-- 1 kris staff 1048 3 Jun 15:56 y KK:~ kris$ od -t x1 y 0000000 53 61 6c 74 65 64 5f 5f b2 3f fa fb 98 86 03 ca 0000020 fe ab 3b 74 5b 90 76 74 fe ab 3b 74 5b 90 76 74 ... 0002020 72 d6 ba 5e 91 0a 9e 90 0002030 Erzeugt man also ein Kilobyte Nullbytes und verschlüsselt diese mit einem ECB-Verfahren (jeden Block also mit demselben Schlüssel \u0026lsquo;keks\u0026rsquo;), dann bekommt man zwar Bytesalat, aber Bytesalat mit einem sich wiederholenden Muster: Alle 32 Bytes kommt dieselbe Bytefolge vor - od erkennt das und kürzt ab.\nDurch verschiedene Verfahren versucht man dies zu verhindern, indem man einen Block mit seinem vorhergehenden Klartext oder Ciphertext mischt. Dennoch ist es sinnvoll, Klartext vor der Verschlüsselung zu komprimieren: Kompression beseitigt Redundanzen im Klartext. Sich wiederholende Muster werden ausgenutzt, um die Nachrichtenlänge zu verkleinern und es entsteht eine Klartextnachricht, die keine Muster mehr enthält.\nNeben Verschlüsselungsalgorithmen gibt es ein zweites wichtiges Grundkonstrukt in der Kryptographie, den Hash. Ein Hash ist eine Prüfsummenfunktion, also etwas, in das man eine beliebig lange Nachricht vorne reinfüttern darf, und bei der dann am Ende eine Zahl h mit einer festen Anzahl von Bits herauskommt: h = Hash(M).\nAllen Prüfsummen ist gemeinsam, daß man aus einer gegebenen Prüfsumme die Originalnachricht nicht eindeutig rekonstruieren kann, da es mehr als eine Nachricht gibt, die diese Prüfsumme hat. Das gilt selbst für eine ISBN : Die ISBN 0-306-40615 hat die Prüfzummer 2, aber es gibt noch weitere ISBNs, die diese Prüfziffer haben.\nBei einer ISBN ist es jedoch relativ leicht, eine ISBN zu konstruieren, die eine bestimmte vorgegebene Prüfziffer (hier: 2) hat.\nBei einer kryptographischen Prüfsumme, einem Hash, möchte man nun als zusätzliche Eigenschaft, daß es nicht möglich sein soll, eine Nachricht M zu konstruieren, die eine bestimmte Prüfsumme h ergibt. Um so eine Nachricht zu finden, müßte man idealerweise den ganzen M-Raum durchsuchen (also einen Brute Force-Angriff starten).\nIn der Praxis gibt es einige populäre Funktionen, von denen wir geglaubt haben, daß sie diese Eigenschaft hätten und das ist auch eine Weile gut gegangen. Derzeit sieht es aber eher schlecht aus.\nWir können Hashes verwenden, um Daten digital zu unterschreiben. Nehmen wir an, Andreas will Birgit eine Nachricht M senden und er will sicherstellen, daß Birgit erkennen kann, daß es sich um eine unveränderte Nachricht handelt und daß sie von Andreas ist.\nDazu nehmen wir einen Klartext M und berechnen die Prüfsumme Hash(M). Andreas verschlüsselt nun die Prüfsumme mit seinem geheimen Schlüssel QAndreas. Etwas, das mit Q verschlüsselt worden ist, kann mit dem dazu gehörenden P entschlüsselt werden und umgekehrt. Die Prüfsumme kann also mit dem Public Key von Andreas entschlüsselt werden - und der ist jedermann bekannt.\nWenn wir also die Nachricht M nehmen und selber die Prüfsumme h = Hash(M) berechnen, dann können wir dieses Ergebnis mit der Prüfsumme vergleichen, die Andreas mit seinem private Key verschlüsselt hat und die jeder entschlüsseln kann, der den public Key von Andreas kennt. Stimmen beide überein, wissen wir, daß die Nachricht unverändert ist.\n\u0026ldquo;Unverändert\u0026rdquo; (oder authentisch) bedeutet hier, daß der Inhalt der Nachricht, den wir sehen, identisch ist mit dem Inhalt der Nachricht, die jemand abgesendet hat, der den private Key von Andreas gekannt hat. Wenn Andreas also seine Schlüsselverwaltung im Griff hat, dann ist das nur Andreas.\nAndreas sendet \u0026ldquo;M QAndreas(Hash(M))\u0026rdquo; und nicht \u0026ldquo;QAndreas(M)\u0026rdquo;. Beweistechnisch macht das keinen Unterschied: In beiden Fällen muß der Absender der Nachricht den geheimen Schlüssel von Andreas gekannt haben. Im ersten Fall ist die Nachricht jedoch auch dann noch lesbar, wenn der Empfänger der Nachricht keinen Zugriff auf den öffentlichen Schlüssel von Andreas hat (dann ist jedoch die Authentizität nicht beweisbar).\nDie Prüfsumme QAndreas(Hash(M)) hinter der Nachricht M nennt man auch eine digitale Unterschrift (Signatur) der Nachricht.\nDieses Verfahren kann man jetzt mit der hybriden Verschlüsselung zusammensetzen. Man bekommt ein Verfahren, bei dem man eine Nachricht erzeugt, die aus der Nachricht M und ihrer Signatur QAndreas(Hash(M)) zusammengesetzt ist. Nachricht und Signatur werden jetzt mit einem Session-Key K verschlüsselt: \u0026ldquo;K(M QAndreas(Hash(M)))\u0026rdquo; und der Session-Key K wird mit dem öffentliche Schlüssel des Empfängers verschlüsselt vorangestellt.\nDas Gesamtprodukt: \u0026ldquo;PBirgit(K) K(M QAndreas(Hash(M)))\u0026rdquo;. Nur Birgit kann nun den Session-Key K ermitteln, und mit dessen Hilfe Nachricht und Signatur aus der Nachricht extrahieren. Sie kann dann die Prüfsumme über die Nachricht selbst berechnen und mit dem öffentlichen Schlüssel von Andreas gegen die Prüfsumme in der Nachricht vergleichen.\nWas jetzt noch fehlt ist ein Weg, mit dem Andreas und Birgit und jeder sonst an die öffentlichen Schlüssel aller anderen kommt, ohne daß irgendein Angreifer etwa Andreas den Schlüssel eines Angreifers im Namen von Birgit unterschrieben kann und Birgit den Schlüssel des Angreifers im Namen von Andreas.\nDamit man das kann, muß man die Identität von Personen an Schlüssel binden. Das macht man mit einem Zertifikat.\nEin Zertifikat ist eine Datenstruktur, die einen öffentlichen Schlüssel enthält, den Namen oder andere Identifikationsdaten des Inhabers, einen Verwendungszweck für den Schlüssel (Garantien, die der Inhaber für Daten abgibt, die mit diesem Schlüssel signiert sind) und eine Laufzeit als Intervall von-bis.\nJede dieser Informationen hat eine spezifische Aufgabe in unserem System.\nDer öffentlichen Schlüssel P erlaubt das Entschlüsseln von Prüfsummen, also das Prüfen von Signaturen. Er erlaubt auch das Verschlüsseln von Nachrichten an einen Empfänger.\nDie Inhaberdaten definieren, was für ein Empfänger ist. Der Empfänger ist immer eine natürliche Person, denn zu einem öffentlichen Schlüssel gehört immer auch ein geheimer Schlüssel, und es ist unmöglich, den geheimen Schlüssel geheim zu halten, wenn er nicht an eine natürliche Person gebunden ist.\nEmpfänger, die juristische Personen sind, muß man über Personengruppen oder über Verwendungszwecke/Rollen simulieren.\nDie Laufzeit schließlich ist nützlich, weil sie einige häßliche Skalierungsprobleme in unserem System begrenzen hilft. Dazu später mehr.\nHinten an diesem Zertifikat steht dann ein weiteres Datenpaket - die Signatur einer CA, einer Certification Authority. Sie \u0026ldquo;beglaubigt\u0026rdquo; diese Daten.\nDas Problem, das wir lösen wollen: Wir kann Andreas sicher sein, daß PBirgit wirklich von Birgit stammt?\nDer Ansatz mit einer CA definiert einen Single Point of Failure eine Zertifikations-Station, die einen Schlüssel PCA veröffentlicht, etwa dadurch, daß dieser in einem Browser eingebaut ist.\nBirgit publiziert nun nicht PBirgit, sondern QCA(Hash(PBirgit)) PBirgit. Die CA verschlüsselt also die Prüfsumme über den Schlüssel von Birgit und Birgit fügt diese Prüfsumme an ihren Schlüssel an.\nDie Augabe der CA ist es nun, nur das PBirgit zu unterschreiben, das wirklich zu Birgit gehört. In der Praxis funktionieren unterschiedliche CAs sehr unterschiedlich gut. Dabei ist das System schon im wirtschaftlichen Kern kaputt: Da die CA Geld von Birgit bekommt (und nicht von allen außer Birgit), um PBirgit zu unterschreiben, ist die Motivation der CA hoch, Birgit irgendetwas zu unterschreiben, damit sie das Geld von Birgit bekommt.\nOhne genaue Kenntnis des Prozesses, der durchlaufen werden muß, um PBirgit zu unterschreiben, ist das Zertifikat also wertlos.\nUnd: Man beachte, daß die CA zum Unterschreiben von PBirgit keine Kenntnis von QBirgit haben muß, d.h. den geheimen Schlüssel von Birgit muß die CA weder erzeugen noch muß Birgit ihn der CA aushändigen.\nUnd: Eine CA ist ein großes und spannendes Ziel für einen Angreifer. Der QCA muß wirklich gut bewacht werden.\nUnd noch ein paar weitere Beobachtungen: Birgit kann sich ihren Key mehrfach von unterschiedlichen CAs zertifizieren lassen.\nUnd Andreas braucht den Key der CA von Birgit nicht zu kennen. Er kann den Key einer anderen CA kennen, die den Public Key der CA von Birgit kennt, unter Umständen über x Schritte.\nBeispiele für beides findet man jedoch eher in PGP als in X.509.\nUnd schließlich noch das Implosionsproblem: Was passiert, wenn Andreas seinen privaten Schlüssel verbummelt?\nWenn der Schlüssel eine Laufzeit hat, löst sich dieses Problem mit dem Auflauf der Laufzeit des Schlüssels von selber. Gilt Andreas\u0026rsquo; Schlüssel etwa noch ein Jahr, genügt es, das Problem ein Jahr lang zu ignorieren und dann ist es weg.\nWill man es nicht ignorieren, dann braucht man eine Rückziehliste der \u0026lsquo;irrtümlich unterschriebenen oder jetzt auf Wunsch des Inhabers zurückgezogenen Unterschriften\u0026rsquo;. Das ist eine Certificate Revokation List, CRL.\nDie URL der CRL einer CA sollte in jedem Zertifikat enthalten sein, und es sollte theoretisch ein Protokoll (eine API) geben, mit der man das Prädikat \u0026lsquo;gültig?\u0026rsquo; für ein gegebenes Zertifikat effizient prüfen kann, und mit der man die gesamte CRL einer CA komplett für den Offline-Gebrauch runterladen kann. In der Praxis funktioniert beides nicht sehr gut\u0026hellip;\nEbenfalls nicht sehr gut funktioniert das Lesen und Schreiben von Standards, besonders wenn es sich um ITU/CCITT-Normen handelt: Diese sind zu optional oder zu vage für eine Implementierung oder einfach falsch definiert. Daher gibt es eine Reihe von Dokumenten, die PKCS, die quasi Richtigstellungen und Präzisierungen zu diesem Komplex unterhalten. Ohne sie ist der Standard nicht umsetzbar. Soweit die Technik.\nJetzt will man das Ganze noch in eine Form gießen, die in Deutschland auch juristisch anwendbar ist. Dazu muß man quasi das Gesetz mit der Technik verkabeln. Diese Aufgabe haben die EU Signaturrichtlinie, das deutsche Signaturgesetz und die Durchführungsverordnung dazu, sowie eine Reihe von Gesetzen, die bestehende Gesetze so ändern, daß die alte Vokabel \u0026ldquo;Unterschrift\u0026rdquo; zu einem Hook wird, der wahlweise eine traditionelle Unterschrift oder eine digitale Signatur aufrufen kann.\nDazu definiert das Signaturgesetz drei Dinge: Die \u0026ldquo;Einfache elektronische Signatur\u0026rdquo;, die vollkommen nutzlos ist, die \u0026ldquo;fortgeschrittene elektronische Signatur\u0026rdquo;, die man etwa mit PGP oder einer OpenSSL-CA selber generieren kann, und die \u0026ldquo;Qualifizierte elektronische Signatur\u0026rdquo;, die eine solche CA nach bestimmten technischen und organisatorischen Richtlinien betrieben und zertifiziert verlangt.\n","date":"2011-06-03T00:00:00Z","href":"https://blog.koehntopp.info/2011/06/03/einige-kryptographische-grundlagen.html","tags":["kryptographie","talk","publication","security","lang_de"],"title":"Einige kryptographische Grundlagen"},{"categories":null,"content":"Aus recht offensichtlichen Gründen halten sich eine ganze Menge sozialer Netzwerke mehr und mehr für Facebook. Das heißt, sie versuchen da so einen Strom von Statusupdates zu bauen und da dann irgendwelche \u0026ldquo;Mehrwerte\u0026rdquo; mit rein zu mischen.\nDer Grund dafür ist aus der Sicht der Betreiber der Dienste recht offensichtlich: Die Währungen für Werbung sind Anzahl der Unique User pro Tag und die Anzahl der Minuten pro Tag pro User auf der Site. Facebook hat dort unglaublich astronomische Werte, weil die Site konsequent so angelegt ist, daß die User sich regelmäßig einloggen und dann auch dort bleiben. Haupt-Treiber sind Spiele und Chat: Die Spiele sorgen dafür, daß die Benutzer laufend wieder zurückkommen und ihre Kuh klicken . Und der Chat sorgt dafür, daß die User laufend eine Facebook-Seite offen haben, auf der sie im Chat erreichbar sind.\nSites, deren Fokus auf Bewerbungen und Lebensläufen liegt, haben da keinen Stich: So oft wechseln die meisten Leute ihren Job halt nicht. Das macht sich dann in den Minutenstatistiken der Werbeverkäufer nicht so gut - aber man sollte sich trösten: Es ist es nicht so, daß ich oder sonst irgendjemand auf Facebook irgendwas machen würde, was wichtig ist oder Geld bedeutet. Das passiert anderswo. Klar bin ich bei weitem kein Standardnutzer (0 Facebooks Apps, tendenz sinkend), aber ich nutze die verschiedenen Netzwerke zu unterschiedlichen Zwecken und ich bin immer leicht genervt, wenn wieder irgendein Social Network CEO in Panik meint, er müsse seinen Laden in Facebook verwandeln.\nAndererseits ist es so, daß diese anderen Social Networks wegen ihrer Facebook-Fixation den Wert ihrer Daten und den wahren Zweck ihres Daseins nicht erkennen können und daher verzweifelt auf ihren Daten sitzen, anstatt damit etwas Sinnvolles zu tun.\nDa ist zum Beispiel Xing. Xing ist ein \u0026ldquo;Business Netzwerk\u0026rdquo;, also eine Sammlung von Kontaktadressen, verdateten Lebensläufen und Empfehlungsschreiben. Trotzdem hat es nicht nur ungefähr Jahrzehnte gedauert, bis man die Adressdaten seiner Kontakte mal herunterladen und in ein lokales Adressbuch importieren konnte, sondern die ursprüngliche Xing-App für Android kam zum Beispiel ohne Adressbuch-synchronisieren-Funktion heraus. Noch heute ist diese Funktion nicht etwa als Android-Sync-Conduit realisiert und über das normale Setup zu erreichen, sondern Bestandteil der Xing-App mit einem eigenen, inkompatiblen User-Interface.\nMit den Lebensläufen in Xing kann man genau gar nichts anfangen: Xing propagiert kein standardisiertes Austauschformat für Lebensläufe und es ist nicht so, daß man als Xing-User etwa eine digitale Bewerbung an die Personalabteilung einer Firma schießen könnte, die ein Xing-Profil hat. Die Funktion für Empfehlungsschreiben/Referenzen war als externe Anwendung realisiert, hatte die Daten des Lebenslaufes einmal aus Xing importiert und sie dann nie wieder aktualisiert - keine Ahnung, ob das inzwischen behoben ist, ich habe nach diesem Ultrafail das Interesse an der Funktion verloren.\nXing-Connect ist ein U-Boot Projekt und wird auch jetzt immer noch nicht von Xing richtig unterstützt (Und web.de versucht nicht mal, Login-Anbieter zu sein).\nDaß die meisten Xing-Anwender mit der Freigabe von Kontaktdaten in Xing ein wenig sparsam sind, kann man dem Betreiber nicht wirklich anlasten. Deutschland leidet da unter dem Streetview-Effekt: Größter SpannerNutzer in Streetview sind die Deutschen, und die größten Schreihälse betreffend Verpixelung sind sie auch. In etwa das kann man auch bei der Freigabe von Kontaktdaten beobachten.\nXing anlasten kann man dagegen das Fehlen einer Massenänderungsfunktion oder das Fehlen einer Funktion zur Definition von Gruppen und Profilen: Wenn man sich nachträglich entscheidet, etwa allen Kontakten seine Skype-Adresse freigeben zu wollen, dann ist es sehr nervig, sich durch alle 624 Kontakte zu klicken und bei jedem die entsprechende Freigabe zu erteilen. Wie schön wäre es, hätte man eine Funktion zur Definition von Gruppen (\u0026ldquo;Arbeit\u0026rdquo;, \u0026ldquo;Familie\u0026rdquo;, \u0026ldquo;Idioten\u0026rdquo;) und könnte dann jeder Gruppe ein Datenprofil (\u0026ldquo;Skype ja, Business-Telefon ja, privat nicht\u0026rdquo;) zuweisen. Und über die Gruppe \u0026ldquo;Alle\u0026rdquo; global ändern, statt sich die Maus blutig zu klicken.\nPlaxo leistet sehr ähnliches wie Xing hinsichtlich seiner Eigenschaft als Adressbuch - für Android-User im Gegensatz zu iPhone und Blackberry aber nur für Plaxo Premium-User, weil diese Funktion bei Android das Google Contacts Sync benötigt, und das wiederum nur im Plaxo Premium Paket enthalten ist. Schade, Plaxo, wär schön gewesen, wenn Du nützlich gewesen wärest.\nLinkedIn - tja, den Sinn dieser Site habe ich noch nicht ganz verstanden. Wie Xing auch versendet LinkedIn keine elektronischen Bewerbungen und Lebensläufe. Die meisten Leute haben da auch keine sinnvollen Adressdaten drin, die ich zweckmäßigerweise auf das Telefon synchronisieren könnte. Und auch LinkedIn hält sich inzwischen wie Xing für Facebook und kackt mir mit einer Timeline den Bildschirm zu, wenn ich stattdessen doch nur arbeiten möchte.\nDas kaputteste Konzept hat Empire Avenue , denn hier kann man sinnlos Zeit damit versenken , wertlose Anteile an anderen Personen zu kaufen und sein \u0026ldquo;Portfolio\u0026rdquo; zu managen, um dann virtuelle Vergleiche imaginärer Schwänze durchzuführen.\nVielleicht sollten einige der Betreiber dieser Netzwerkdinger einmal anhalten, sich überlegen, was der von ihnen angestrebte Mehrwert ist und dann ihren Mist dahin gehend optimieren, daß sie diesen Mehrwert auch wirklich abliefern - und auf der Site klar ansagen, was sie sein wollen und was nicht.\nNoch ein Facebook brauch ich jedenfalls nicht.\n","date":"2011-05-23T00:00:00Z","href":"https://blog.koehntopp.info/2011/05/23/facebook-oder-was.html","tags":["internet","social networking","lang_de"],"title":"Facebook oder was?"},{"categories":null,"content":"Ein Freund fragte mich nach Konventionen für die Benennung von Tabellen bei der Entwicklung von Schemata für MySQL Datenbanken. Es begann damit, daß er mich fragte, wie man denn wohl eine Relation benennen soll, also eine Hilfstabelle, die zwei Tabellen in einer n:m-Beziehung miteinander verbindet.\nIn einem alten Job hatten wir die unten stehenden Regeln. Sie sind recht willkürlich und man kann sich anders entscheiden, aber wir hatten das so gemacht und es hat gut für uns funktioniert.\nJede Tabelle bekommt einen Namen in Kleinbuchstaben (oder der Server läuft mit lower_case_table_names = 1, was sowieso empfehlenswert ist). Der Name ist ein beschreibendes Wort im Singular. Auf diese Weise hat man weniger Schmerzen, wenn man über eine Query an einem Beispiel diskutiert. Zusätzlich wird für jede Tabelle ein eindeutiges Kürzel definiert.\nBeispiel: Die Tabelle kunde bekommt das eindeutige Kürzel k.\nWir definieren alle Spalten in einer Tabelle mit Namen, die mit dem Kürzel und einem Unterstrich beginnen. Ausnahmen sind Fremdschlüssel, die literal aus der originalen Tabelle übernommen werden. Sie sind dadurch sehr leicht als Fremdschlüssel zu erkennen und die Originaltabelle ist leicht zu identifizeren. Der synthetische Primärschlüssel der Tabelle hat immer den Namen \u0026ldquo;id\u0026rdquo; (mit dem Tabellenprefix, natürlich).\nBeispiel: Die Tabelle kunde (k) hat den synthetischen Primärschlüssel k_id, und Spalten wie k_vorname, k_name. Jeder Kunde gehört zu genau einer firma (f), da wir hier ausschließlich Geschäftskunden modellieren. Es gibt also k.f_id, einen Fremdschlüssel von firma in kunde. Es ist klar, daß aus Effizienzgründen ein INDEX(f_id) in k definiert sein muß, wenn nicht sogar eine Foreign Key Constraint (sofern man diese überhaupt verwenden will).\nRelationen sind entweder nackte Relationen, die nur die Fremdschlüssel der beiden zu verbindenden Tabellen enthalten. In diesem Fall heißt die Tabelle kürzel-kürzel_rel und hat als Primärschlüssel die zusammengesetzten Fremdschlüssel.\nBeispiel: Eine Beziehung zwischen kunde und seminar ist m:n: Ein Kunde kann in mehreren Seminaren sein, und in einem Seminar sind mehrere Kunden. Die Tabelle k_s_rel hat nur die Spalten k_id und s_id, und den Primärschlüsel (k_id, s_id).\nOder Relationen haben eigene Attribute. In diesem Fall bekommt die Relation einen beschreibenden Namen und ein Kürzel, einen eigenen Primärschlüssel und die Fremdschlüsselpaare als unique constraint.\nBeispiel: Die Beziehung zwischen kunde und seminar hat die Flags anreise_am_vortag, abreise_am_folgetag und ein buchungsdatum. Die Relation bekommt den Namen buchung, ein Kürzel bu und eine eigene bu_id. Die Beziehung (k_id, s_id) wird als UNIQUE KEY definiert und modelliert das Fakt, daß jeder Kunde in jedem Seminar nur einmal sitzen kann. Die Flags werden bu_anreise_am_vortag und bu_abreise_am_folgetag sowie bu_datum.\nJede Tabelle bekommt immer eine Spalte \u0026ldquo;changed timestamp\u0026rdquo; (die sich laut MySQL timestamp Magie selbst aktualisiert) und dies ist immer die rechteste Spalte jeder Tabelle. Das erlaubt zwar immer noch kein Change-Tracking (Deletes gehen verloren, Change Tracking geht nur mit dem Binlog richtig), aber es ist sehr nützlich zum Debuggen.\n","date":"2011-05-20T00:00:00Z","href":"https://blog.koehntopp.info/2011/05/20/namensregeln-f-r-schemadesign.html","tags":["mysql","lang_de"],"title":"Namensregeln für Schemadesign"},{"categories":null,"content":" Spackeria? WTF? Auf dem 27C3 hat Constanze Kurz im Jahresrückblock 2010 den Begriff Post-Privacy Spacken (Video, ca. 3 Minuten ab der Startposition ansehen) geprägt.\nSchon einige Zeit vorher - nämlich mindestens seit dem 25C3 - haben ein paar Leute angefangen, sich über den Kontrollverlust zu unterhalten. Michael Seemann (@mspro ) bezeichnet mit diesem weitgefaßten Begriff eine Reihe von Effekten, die das Vorhandensein der Kommunikationsmöglichkeiten des Netzes auf Menschen und Daten hat: Offenbar scheint es unmöglich zu sein, die Verwendung von Daten zu kontrollieren, wenn sie erst einmal existieren und zugreifbar sind. Und offenbar scheint es zu einer ganzen Reihe von emergenten Organisationseffekten zu kommen, wenn Menschen zu Transaktionskosten von Null miteinander kommunizieren können. In seinem Blog hat er eine ganze Reihe von Artikeln, die diese Effekte an Beispielen aufgreifen und ausführen, aber auch eher philosophische Hintergrundüberlegungen zu diesem Thema.\nDen Begriff von Constanze Kurz aufgreifend und neu mit Bedeutung besetzend haben sich ein Haufen Leute unter dem Namen \u0026ldquo;Spackeria\u0026rdquo; zusammengefunden, um Kontrollverluste und Leben in einer Post-Privacy-Gesellschaft zu erörtern.\nMan darf sich das nicht als eine politische Bewegung vorstellen. Die Spackeria ist vielmehr eine lose Forschungsgruppe, die versucht, das Thema \u0026ldquo;Post-Privacy\u0026rdquo; zu erkunden. Entsprechend gibt es auch keine homogene Philosophie oder gar politische Forderungen. Dennoch scheint der Begriff Spackeria inzwischen eine ganze Menge Angst und Schrecken zu verbreiten und viele Leute interpretieren eine politische Komponente in die Spackeria hinein (Wieso eigentlich? - das sehen wir unten: Forderungen ergeben sich eher implizit).\nPiratenpad Chat\nDa einige der Mitglieder der Spackeria außerdem in der Piratenpartei aktiv sind, wird die Spackeria oft als piraten-nah empfunden. Das ist sicher richtig, aber bei den Piraten gibt es auch eine sehr starke CCC-nahe Fraktion, die ich in Ermangelung eines besseren Begriffes und den Geist des Begriffes \u0026ldquo;Spackeria\u0026rdquo; aufgreifend einmal als \u0026ldquo;Aluhut-Träger \u0026rdquo; bezeichnen will. Entsprechend gibt es gerade ein Piratenpad der Aluhut-Fraktion , in dem man kollaborativ eine Gegenbewegung zur Spackeria organisieren will, die man dem traditionellen Datenschutz nahe ansiedeln kann.\n\u0026ldquo;Gegenbewegung\u0026rdquo; gegen etwas zu sein, das keine politischen Forderungen formuliert und sich eher als Forschungsgruppe sieht ist natürlich schwierig. Aber naja, wir werden sehen, was daraus wird.\nWas also ist die Logik der Spackeria? Piratenpad Chat\nDer Gedanke, der wahrscheinlich allen Mitgliedern der Spackeria gemeinsam ist, ist die Beobachtung, daß der Datenschutz politisch und real auf ganzer Linie versagt.\nDer Datenschutz versagt politisch: Im Wikipedia-Artikel \u0026ldquo;Überwachungsstaat\u0026rdquo; findet man eine schöne Übersicht von Dingen, bei denen die Datenschützer ihre Interessen in der Hauptsache nicht oder gar überhaupt nicht durchsetzen haben können. Um von diesem Versagen abzulenken führt man Scheingefechte - etwa gegen Google Maps, Google Analytics , Facebook Like-Buttons und andere für den politischen Datenschutz an sich vollkommen nebensächlichen Ziele.\nVor allen Dingen versagt der Datenschutz aber inhaltlich: Wer wirklich wichtige Dinge zu schützen hat , der kann auf die Bestimmungen und Regelungen des Datenschutzes nicht vertrauen, sondern muß den Schutz seiner Daten selbst in die Hand nehmen - sie also geheim halten. Die Deutsche Telekom formuliert es so:\n\u0026hellip;weil, so wörtlich, \u0026ldquo;eine Veröffentlichung geheimer Daten zum Lebensrisiko\u0026rdquo; gehöre.\nOder direkter formuliert:\nWo es um Dinge geht, die sich direkt auf mein Leben, meine Gesundheit oder mein finanzielles Fortbestehen auswirken können, da brauche ich keinen Datenschutz, sondern da brauche ich ein Geheimnis. Ich kann 2011 keine Dinge mehr über mich an einen geschlossenen Personenkreis oder mit einer Zweckbindung veröffentlichen, sondern ich muß bei allen Daten, die ich direkt oder indirekt produziere oder veröffentliche davon ausgehen, daß sie allgemein verfügbar sind und mit allen anderen Daten verknüpft werden.\nDanach muß ich mein Leben ausrichten.\nDas ist das Credo der Spackeria, der Ausgangspunkt aller weiteren Betrachtungen.\nBelege, die diesen Ausgangspunkt plausibel erscheinen lassen, gibt es genug: Die NPD stellt Volkszähler, Sony verliert Kreditkartendaten in Millionenbündeln, die EU exportiert innereuropäische Kontobewegungsdaten grundlos in die USA, \u0026hellip;\nDer Startpunkt der Spackeria ist also ein entschieden nichtpolitischer, ja fast sogar antipolitischer: Weil der Datenschutz versagt, versagen muß (denn der Kontrollverlust scheint ein dem System inhärentes Merkmal zu sein), weil die Welt also so ist, ich aber in ihr Leben muß, muß ich mein Leben so gestalten, daß ich in so einer Welt leben kann. Das ist ein sehr ehrlicher, wenn vielleicht auch ein wenig zynischer Ausgangspunkt.\nDem Gegenüber stellt die Aluhutfraktion die Forderung, die idealistischen Ziele des Datenschutzes umzusetzen - auch dann, wenn dies technologische Fortentwicklung behindert, und oft auch dann, wenn dies ein rein symbolischer Akt ist oder wenn die tatsächlich wirksame Umsetzung dieser Ziele noch mehr Überwachung erforderlich machen würde.\nWie also kommt die Politik bei der Spackeria ins Spiel? \u0026ldquo;Privatsphäre ist auch der Ort, wo Ehemänner ihre Frauen schlagen.\u0026rdquo; \u0026ndash; Julia Schramm\nDie Spackeria ist der Ansicht, daß man gegen die Entstehung einer Datenspur nichts tun kann. Der Grünen-Poltiker Malte Spitz hat dies sehr deutlich gemacht, indem er die Vorratsdaten seines Mobiltelefons genommen und sein Leben anhand der Vorratsdatenspeicherung für DIE ZEIT visualisiert hat . Mit weniger ad-hoc gestrickten Werkzeugen wie Geotime kann man dies noch besser tun und auch die Daten aus mehreren Datenquellen zusammenführen.\nDabei muß man sich vor Augen führen, daß nicht das Zeit-Tool und auch nicht Geotime das Problem sind - sie sind nur Werkzeuge, die aus den sowieso vorhandenen Daten nette Grafiken machen. Die Daten fallen sowieso an, und sie fallen an, weil sie für das Funktionieren all der netten dienstbaren Geister in unserem Leben zwingend notwendig sind. Gegen diese Werkzeuge an zu kämpfen bedeutet den Boten wegen seiner Nachricht zu töten, ändert aber überhaupt nichts an der Lage.\nBemerkenswert auch, daß Malte Spitz für die Erlangung seiner Daten eine Klage nach dem Informationsfreiheitsgesetz gegen die Telekom hat führen müssen - der Telekom war schon klar, was sie da hat und warum sie nicht möchte, daß diese Daten in einer ansprechenden grafischen Form aufbereitet werden.\nDieselben Daten fallen auch auf meinem Mobiltelefon selber an. Ich nehme sie, und publiziere sie auf Google Latitude. Eine Reihe von Personen kann dadurch sehen, wann ich wo bin, wo ich eingecheckt bin und welche anderen Personen dort ebenfalls eingecheckt sind. Meiner Meinung nach nutzen zu wenige meiner Freunde Latitude - viele Verrichtungen meines Lebens wären sehr viel leichter zu organsieren, wenn der Dienst populärer wäre.\nSo kommt es, daß ich auf das Anfallen der Daten keinen Einfluß habe - die Daten sind für den Betrieb eines Mobiltelefons zwingend notwendig: damit der Anruf an das Telefon durchgestellt werden kann, muß das Netz und der Netzbetreiber wissen, wo ich gerade bin. Zugleich kann ich die qualitativ hochwertigen Daten nicht selber nutzen, sondern muß den Akku meines armen Mobiltelefons damit schnell-leeren, daß ich außerdem noch einen GPS-Empfänger betreibe - ich habe die Kontrolle über meine eigenen Location-Datensätze beim Netzbetreiber nicht und es erfordert einen Prozeß gegen den Netzbetreiber um sie zu bekommen. Und zugleich habe ich keine Kontrolle darüber, was genau mit diesen Datensätzen durch Dritte gemacht wird. Dies ist ein Aspekt des Kontrollverlustes, dessen zahlreiche Facetten Michael Seemann so ausführlich diskutiert.\nAnders herum merkt die Spackeria an, daß Datenschutz gerne mißbraucht wird, um Intransparenz zu erzeugen und Mauscheleien zu verbergen. Das Beispiel des heutigen Tages findet sich in Internet-Provider als “virtuelle Grenzübergänge”? (auch noch aus anderen Gründen ein interessanter Artikel):\nObwohl der “Experte”, der die Präsentation hielt, von der ungarischen Präsidentschaft eingeladen war, und die Präsentation von 27 Mitgliedstaaten und der EU-Komission besucht wurde, wird der Name des Vortragenden nicht veröffentlicht – angeblich, um seine Privatsphäre zu schützen.\nDie Spackeria behauptet nun, daß wir gesamtgesellschaftlich wahrscheinlich eine ganze Menge gewinnen können, indem wir alle gesellschaftlichen Prozesse offenlegen.\nDie politische Forderung der Spackeria, wenn sie denn also überhaupt eine hat, ist radikale Transparenz und sie setzt dies dem radikalen Datenschutz der Aluhut-Träger entgegen.\nDas ist - eigentlich - gar nicht so weit weg von den Positionen des CCC, der schon seit je her fordert \u0026ldquo;Private Daten schützen, öffentliche Daten nützen\u0026rdquo;. Der Unterschied, und die politische Debatte, geht mehr darum, was genau denn nun Privat ist und ob sich diese Grenzziehung in 2011 noch aufrecht erhalten ließe - dort gibt es eine Menge Streitpunkte zwischen den beiden Gruppierungen.\nDie Sorge der Aluhutfraktion richtet sich dabei im Grunde auf das entstehende Machtgefälle. Ein Standardszenario in diesem Dialog: Wenn ein Arbeitgeber von allen potentiellen Bewerbern wissen könnte, was sie so für Krankheiten und Risiken mit sich tragen, dann hätten Bewerber mit gewisser Vorgeschichte bei einer Bewerbung schlechtere Karten (oder solche mit einer mißbeliebigen Handschrift ). Darum müssen solche Informationen geschützt werden.\nAndererseits, so die Standard-Antwort der Spackeria, kann man dieses Machtgefälle auch dadurch aufheben, indem man beiden Seiten Transparenz auf gleicher Ebene verordnet: Der Arbeitgeber muß seinen Besetzungs- und Auswahlprozeß genau so offen legen wie der Arbeitnehmer seine Daten, und dann werde man schon sehen, wie lange Unternehmen sich solche Praktiken im Lichte der öffentlichen gesellschaftlichen Diskussion erlauben können.\nIch glaube, daß man ähnliche Beispiele in vielen anderen Situationen ebenfalls erfolgreich konstruieren kann - \u0026ldquo;Positionen von Frauenhäusern müssen geheim gehalten werden\u0026rdquo; \u0026ldquo;Andererseits: Wenn die Records von Überwachungskameras, automatischer Kennzeichenerfassung und Handy-Positionsdaten auch öffentlich wären, müßten sie das wahrscheinlich nicht.\u0026rdquo; und so weiter.\nWichtig sei für eine Diskussion auf Augenhöhe, so die Postion der Spackeria, nicht so sehr der Grad der Offenlegung, sondern der gleiche Grad der Offenlegung bei allen beteiligten Parteien. Und es sei das Licht der Transparenz und nicht die geheimniskrämerische Mauschelei des datengeschützten Geheimnisses, das die Weiterentwicklung einer Gesellschaft als Ganzes befeuere. Und habe man auch nichts gegen die emergenten Effekte der Techniknutzung, die von Leuten wie mspro unter dem Begriff \u0026ldquo;Kontrollverlust\u0026rdquo; zusammengefaßt werden.\nDas meinen die ernst? Was denkst Du, Kris? Ich denke, das die Ausgangsposition der Spackeria eine sehr sinnvolle und realistische ist. Ich kann nicht erkennen, daß der Datenschutz in Deutschland gesetzgeberisch sinnvolle Ergebnisse erzielt hat - in allen wichtigen Fragen, die auf der Wikipedia-Überwachungsstaat-Seite so schön zusammengefaßt sind, hat er in der Tat versagt.\nWenn Scott McNealy 1999 gesagt hat, \u0026ldquo;You have zero privacy anyway, get over it \u0026rdquo;, dann ist das die politisch weniger freundliche, wenn nicht sogar zynische Art, genau diesen Sachverhalt zu formulieren. Die Konsequenz aus diesem Ausgangspunkt formuliert Eric Schmidt zehn Jahre später, genau so zynisch und direkt, und genau so korrekt: \u0026ldquo;If you have something that you don\u0026rsquo;t want anyone to know, maybe you shouldn\u0026rsquo;t be doing it in the first place.\u0026rdquo;\nAuf eine Weise ist das genau der Punkt, bei dem es um radikale gegenseitige Transparenz vs. radikale Privacy geht. Die einen sagen: \u0026ldquo;Indem wir alle gegenseitig Offenlegen, haben wir die Möglichkeit zu erkennen, daß wir alle nicht immer perfekt sind, und wir haben die Wahl, daran entweder zu wachsen und bessere Menschen zu werden, oder zu lernen einander zu vergeben.\u0026rdquo; (Das ist Schmidt) Die anderen sagen: \u0026ldquo;Das ist eine gefährliche Utopie und mir zu risikoreich, ich will da nicht mitmachen.\u0026rdquo; (Das sind die, die sich über Schmidt aufregen) Und die Technik sagt: \u0026ldquo;Ich funktionier halt so, ihr könnt gerne unrealistische Annahmen machen, mir egal. Das tut es halt mehr weh, wenn ihr lernt.\u0026rdquo; (Das ist McNealy)\nInsofern halte ich mich aus der Diskussion raus - McNealy hat Recht, und es ist nicht notwendig, ungefragt viel dazu zu sagen, wenn ich schon vorher sehen kann, welche Erfahrungen alle im Laufe der Zeit machen werden.\nUnd lebe mein Spacko-Leben: Ich persönlich habe auch mein ganzes Leben lang sehr positive Erfahrungen damit gemacht, mich zu publizieren.\nMir ist klar, daß ich als jemand, der von der Arbeit mit Technik lebt, nicht umhin kann, eine kilometerbreite Datenspur über diesen Planeten zu legen, wenn ich in der Lage sein will, meinen Job gut zu machen. Das Beste, was ich tun kann, ist das Highlight auf diesen Daten so zu setzen und die Interpretationen meiner Daten anzulegen, daß sie ein positives Licht auf mich als Person werfen.\nIn diesem Sinne bin ich ein Post-Privacy-Spacko. Schon immer gewesen: auch dann, wenn ich mich nicht an der Diskussion beteilige und auch damals, als es den Begriff noch nicht gab, habe ich wie einer gelebt - leben müssen. Und halte Popcorn bereit.\n","date":"2011-05-12T00:00:00Z","href":"https://blog.koehntopp.info/2011/05/12/von-der-spackeria-von-aluhueten-und-vom-kontrollverlust.html","tags":["ccc","privacy","identity","internet","politik","privacy","spackeria","lang_de"],"title":"Von der Spackeria, von Aluhüten und vom Kontrollverlust"},{"categories":null,"content":" Eine typische Handyrechnung 2011.\nDie Realitäten des Jahres 2011 in Bezug auf die Nutzung von portablen Peilwanzen. Das Rote da ist eine 5G/Mo \u0026ldquo;Flat\u0026rdquo; mit Tethering, für unter 20 EUR. Die Leute, die ich kenne, benutzen mehr Twitter, Skype und Google Voice als SMS oder gar GSM Voice.\n","date":"2011-05-10T00:00:00Z","href":"https://blog.koehntopp.info/2011/05/10/handyrechnung.html","tags":["internet","mobiltelefon","lang_de"],"title":"Handyrechnung"},{"categories":null,"content":"Im September 1987 wurde die Version 11 des X-Protokolls erfunden. Damals war alles schlimm: Wir hatten keinen Speicher, keine leistungsfähigen CPUs, keine Fonts, schon gar keine Vektorfonts, keine Farbe, schon gar keine Echtfarbe ohne Paletten, keine Transparency und vor allen Dingen keine Ahnung.\nX11 war für Unix das Displaysystem der Wahl. Es macht eine ganze Menge Dinge falsch: Zum Beispiel lebt es unter der Annahme, daß das Grafiksubsystem des Rechners keine Rechenpower und wenig Speicher hat. So definiert es dann auch einen Haufen Zeichenprimitive, die kilometerweit unter den Bedürfnissen eines Fenstersystems liegen und läßt den Windowmanager auf der anderen Seite des Netzwerkes als X11-Anwendung laufen. Es hat per Default Double Buffering abgeschaltet und zeichnet per Default auch auf dem sichtbaren Screen statt auf einem Offscreen-Puffer, der dann eingeblittet oder besser noch eingeblendet wird. Von 3D und OpenGL hat es so gar keine Ahnung. Was heute, in 2011, auf dem Bildschirm herum malt ist nur der Form halber noch X11, in Wirklichkeit sind es aber meistenteils in X11-Extension verpackte Spezialcalls, die mit X11 fast nichts mehr zu tun haben.\nUnd es ist langsam. Wenn wir einen modernen Bildschirm mit X11 über das Netzwerk raus sharen, dann stirbt X11 den Latenztod - formal ist X11 netzwerktransparent, aber in Wirklichkeit ist nichts an dem Protokoll besonders geeignet oder schlau, wenn es darum geht, Daten über das Netzwerk zu schaufeln. Andere Protokolle sind inzwischen weitaus besser geeignet, Bildschirme über Netz zu exportieren: Selbst das halbtote VNC ist in der Regel schneller und besser als X11, RDP und NX sind sogar richtig gut da drin.\nIn diesem Sinne: XFree86 hat keine Comitter mehr. Der X.org Fork hat das Projekt vor Jahren abgelöst und so die Firmen, die versucht haben, das X-Consortium zu Tode zu kontrollieren, entmachtet. Aber auch X.org verliert an Bedeutung: Wayland ersetzt es gerade. Was gut ist, weil dann ein Haufen alter Scheiß rausfliegt und man dann auch für den häufigen Fall - lokales Display mit Hardware Acceleration - optimieren kann.\nNachtrag: Um den Kommentatoren unter diesem Artikel einmal ein wenig weiter zu helfen, hier ein paar Dinge zum Nachlesen.\nWayland Architecture Overview - das erklärt die Anordnung der Dinge, wie sie vor Wayland gelaufen sind und wie sie Wayland realisiert.\nModerne Desktops in Linux verwenden einen Compositor wie Compiz .\nModerne Grafikhardware hat 3D Beschleuniger. Ein 3D-Beschleuniger verwendet eine Tile (Kachel), um damit die Kanten von dreidimensionalen Objekten zu bemalen. Die Hardware projeziert, skaliert und verformt dabei die Tile so, daß sie auf die Seite des 3D-Objektes abgebildet wird. Wenn das dreidimensionale Objekt eine rechteckige Leinwand ist, die nicht skaliert und verformt ist, dann wird die Kachel per Hardware 1:1 auf der Leinwand abgebildet und man hat einen Bildschirm, dessen Fenster-Rechtecke per Hardware mit den Inhalten verschiedener unabhängiger Grafikpuffer gefüllt wird. Diese Puffer zu verwalten und mit Effekten zu dekorieren ist die Aufgabe eines Compositors. X11 weiß nichts von Compositors, die X11-Erweiterung für Compositors schleust bloß Bitmaps sinnlos durch den X11-Server. Da kommt Latenz her.\nDer erste Ansatz um Compositors unter X11 zum Laufen zu bringen war Xgl . Xgl ist die Scheißidee, einen X-Server unter einem X-Server laufen zu lassen. Dabei steuert der äußere X-Server die Grafikhardware, der innere dann das Zeichnen mit X (das sowieso niemand mehr verwendet).\nModerne X-Server verwenden AIGLX . Das ist eine Methode, bei der man essentiell dem X-Server sagt: \u0026ldquo;Okay, Du kannst da jetzt rumstehen und nix tun, aber dieses Rechteck da zeichnet jetzt jemand anders als Du, nämlich OpenGL.\u0026rdquo;. Wayland komplettiert diesen Schritt nur, indem es den Default richtig rum setzt: Es räumt den X-Server, der sowieso nicht mehr verwendet wird, aus dem Weg.\nQt und GTK haben Wayland-Support. Beide Toolkits malen schon seit längeren fertige Tiles - X-Primitives verwendet schon lange niemand mehr, weil sie zu scheiße aussehen und auch nicht portabel auf Windows-, Mac- oder Handy-Hardware sind. Die Tiles werden dann entweder mit X11 oder eben direkt in Wayland zum Compositor geshipped, der daraus einen Bildschirm mit Fenstern macht. Qt kann sogar zur Laufzeit den Shipping Mechanismus zwischen X11 und Wayland umschalten.\nDie Executive Summary ist: X11 ist schon länger tot. Es ist durch Extensions zu einem recht ineffizienten Durchreich-Mechanismus für Tiles (Pixmaps) geworden. Es kontrolliert auch nicht mehr die Hardware - einer Usermode-Anwendung root-Rechte zu geben, damit sie in Grafikkarten-Register poken kann ist sowieso galoppierender Unsinn gewesen und Kernel Mode Setting hat das zum Glück überflüssig gemacht.\nWayland streut nun die Blumen auf das Grab und schaufelt endlich die Erde drauf. Es ruhe in Frieden.\n","date":"2011-05-10T00:00:00Z","href":"https://blog.koehntopp.info/2011/05/10/x11-auf-dem-weg-nach-drau-en.html","tags":["computer","linux","lang_de"],"title":"X11 auf dem Weg nach draußen"},{"categories":null,"content":"\u0026ldquo;Daemon\u0026rdquo; german , english , Daniel Suarez, EUR 9.90, 640 Seiten\n\u0026ldquo;Freedom™\u0026rdquo; german , english , Daniel Suarez, EUR 9.99, 480 Seiten\nAls ich Daemon in die Hand bekam, hatte ich ein bischen Angst vor dem Dan Brown Effekt - von Digital Fortress konnte ich nur die ersten 10 Seiten oder so lesen, bevor ich den sinnlosen Technobabble nicht mehr ertragen habe. \u0026ldquo;Rotating Plaintext Cipher\u0026rdquo; my ass - und ich bin da nicht allein lese ich. Der Klappentext des Buches hilft dabei auch kein Stück.\nNun ist Daemon sicher kein Buch, das gut altern wird. Dazu ist es technisch viel zu konkret. Aber zu meiner grenzenlosen Verwunderung ist die Technik in dem Buch zwar übertrieben leistungsfähig (immerhin ist es ein Zukunftsroman), aber korrekt oder wenigstens sinnvoll. Das Buch strengt meine SoD nicht sehr an.\nWie dem auch sei: Daemon ist schnell erzählt. Der stinkreiche Spieledesigner Matthew Sobol stirbt, und sein Erbe aktiviert eine Maschinerie, die er geschaffen hat und die eine zunächst sinnlos erscheinende Kette von Ereignissen in Gang setzt. Sobol hinterläßt den Daemon, ein verteiltes System von Software-Agenten, die auf vordefinierte Ereignisse in den Medien reagieren und Folgeaktionen auslösen. Wie sich herausstellt, ist die Aufgabe des Daemons zunächst, sich Geld, Technologie und Menschen anzueignen und sich so natürliche Intelligenz und realweltliche Machtmittel zu verschaffen. Gegen Ende des Buches stellt sich heraus, daß der Daemon eine Gegengesellschaft zur existierenden Gesellschaft erschafft, die auf Vernetzung und angewandter Spieltheorie und Spieldesign basiert.\nIn \u0026ldquo;Daemon\u0026rdquo; wird die Freisetzung des Daemons beschrieben, und wie sich dadurch die Schicksale einiger Protagonisten miteinander verknüpfen. Der Scifi-Aspekt der Geschichte konzentriert sich dabei ganz klar auf die Legitimierung und Entwicklung der Technik des Daemons und die Etablierung seiner Machtbasis.\nDer zweite Teil, Freedom™, schwenkt dann von technischer Science-Fiction auf Gesellschaft und Gesellschaftskritik um, und bringt es dabei fertig, weitaus besser und wahrscheinlich auch haltbarer zu werden. Suarez liefert hier eine Art aktualisierte Version des Shockwave Riders ab.\nDer Schockwellenreiter von John Brunner ist ein Buch von 1975 und einer der visonärsten Science Fiction-Romane aller Zeiten. Er nimmt eine ganze Menge moderner Konzepte vorweg zu einer Zeit, in der die meisten Menschen noch nicht einmal einen Computer hatten oder gar von Computern wußten - ein weltumspannendes Datennetz, der Computer-\u0026ldquo;Wurm\u0026rdquo;, Crowdsourcing und Zukunftsvorhersage durch Crowdsourcing, Burnout (\u0026ldquo;Overload\u0026rdquo;) und den Mißbrauch von Psychopharmaka, Identitätsdiebstahl und die Unterwanderung wirtschaftlicher und staatlicher Organisationen durch das organisierte Verbrechen sowie das Konzept des Datenschutzes (genauer: Seine Pervertierung - denn im Schockwellenreiter haben nur Firmen und Angehörige der korrupten herrschenden Klasse Privacy und mißbrauchen diese um ihre Machenschaften zu verschleiern). Und Wikileaks, auf eine seltsame Weise.\nAber wo der Schockwellenreiter - notgedrungen - visionär bleibt oder große Sprünge macht, um die lästigen Details auszusparen, da malt Freedom™ das Bild weitaus detaillierter aus. Teilweise so detailliert, daß man glaubt, unter dem Aufdruck \u0026ldquo;Roman\u0026rdquo; auf dem Cover ein hastig übermaltes \u0026ldquo;Manifest\u0026rdquo; erkennen zu können.\nUnd so läuft eine direkte Linie von Naomi Klein zu David Brin und von Eisenhower zu Wikinomics und zu MakerBots, mit dem Schockwellenreiter und seinem Update, Freedom™. ungefähr an der Kreuzung dieser Linien.\n","date":"2011-05-08T00:00:00Z","href":"https://blog.koehntopp.info/2011/05/08/fertig-gelesen-daemon-freedom.html","tags":["book","review","media","politik","scifi","lang_de"],"title":"Fertig gelesen: Daemon, Freedom™"},{"categories":null,"content":"\u0026ldquo;Out of the Black \u0026rdquo;, Lee Doty, 2.93 USD\nIn \u0026ldquo;Out of the black\u0026rdquo; wirft Lee Doty den Leser in ein Universum, das dem unseren ähnlich, aber doch von unserem verschieden ist. Und hinter dem eine magische Unterwelt existiert, der \u0026ldquo;Loom\u0026rdquo;, der je nach Kundigkeit des Benutzers genutzt werden kann. um profunde Effekte in der Welt der Menschen zu bewirken.\nOhne weitere Erklärungen und ohne große Einführung begegnen wir einem Ermittler einer Mordkommission, einer Krankenschwester und einem Geek und erleben, wie ihre scheinbar sichere Welt durch einen Krieg alter magischer Clans aus den Fugen gehoben und verändert wird. \u0026ldquo;Out of the black\u0026rdquo; ist gerade am Anfang ein wenig anstrengend zu lesen, aber nachdem man sich ein wenig Kontext erarbeitet hat, landet man in einer Geschichte, die ich gerne als ein gut erzähltes World of Darkness Mage-Abenteuer gespielt hätte - ein Clankrieg, ein alter Meister, der einen fatalen Fehler macht, eine Hellboy-Geschichte, und ein Haufen nicht ganz wehrloser Zivilisten mittendrin, die nun mit dem Leser zusammen die Magie der Welt entdecken.\n","date":"2011-05-08T00:00:00Z","href":"https://blog.koehntopp.info/2011/05/08/fertig-gelesen-out-of-the-black.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: Out of the Black"},{"categories":null,"content":"\u0026ldquo;The Second Ship \u0026rdquo;, Richard Phillips, 0.71 USD\n\u0026ldquo;Immune \u0026rdquo;, Richard Phillips, 3.69 USD\nRichard Phillips The Second Ship könnte eine langweilige Area 51-Geschichte sein. Aber für den Kindle-Preis von nur 71 US-Cent bekommt man eine spannende Coming-Of-Age -Geschichte dreier Teenager in New Mexico, und einen netten neuen Blinkwinkel auf Roswell.\nWährend das Militär in Area 51 seit Jahren an dem inerten Schiff forscht, das bei Roswell gefunden worden ist und nur sehr langsam und mühselig Fortschritte macht, finden drei Teenager in einer Höhle nahe der originalen Absturzstelle das zweite Schiff - und im Gegensatz zu dem ersten Schiff hat es noch Energie!\nDie beiden Schiffe waren im erdnahen Weltraum in einen Kampf verwickelt und repräsentieren zwei generische Parteien in einer offenbar größeren interstellaren Auseinandersetzung, mit grundsätzlich unterschiedlichen Philosophien und unterschiedlicher Technologie. Den Forschern und Militärs gelingt es, Teile der Systeme des ersten Schiffes wieder in Betrieb zu nehmen und der außerirdischen Technologie einige wichtige Geheimnisse zu entreißen - oder ist das Ganze Teil eines außerirdischen Plans, die Erde mit bestimmten Technologien zu unterwandern und sie von ihr abhängig zu machen? Unterdessen verwandeln sich die Teenager und Entdecker des zweiten Schiffes unter dem Einfluß der Technologien dieses Schiffes langsam in etwas anderes, fremdartiges.\nDer zweite Teil ist die Fortsetzung der Geschichte, und more of the same, only different.\nLeichte Kost, und zu dem Preis kann man einfach nichts falsch machen.\nDer dritte Teil, \u0026ldquo;Wormhole\u0026rdquo; ist noch nicht erschienen.\nWebsite des Autors ","date":"2011-05-08T00:00:00Z","href":"https://blog.koehntopp.info/2011/05/08/fertig-gelesen-the-rho-agenda-the-second-ship-und-immune.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: The Rho Agenda (The Second Ship und Immune)"},{"categories":null,"content":" \u0026ldquo;Kris, kannst Du bitte mal gucken?\u0026rdquo;\nSeit heute morgen, 10:00 Uhr, wächst das Undo-Log immer weiter an.\nImmer wenn InnoDB Daten schreibt wird die alte Version einer Zeile aus der Tabelle in das Undo-Log verschoben, also physikalisch von der ibd-Datei der Tabelle in die ibdata1 im Datadir von MySQL. In der Tabelle wird in der veränderten Zeile ein Zeiger von der neuen Version auf die alte Version der Zeile im Undo-Log installiert, der Roll(back)-Pointer. Die alte Version im Undo-Log zeigt mit ihrem eigenen Roll-Pointer auf eine noch ältere Version derselben Zeile und so weiter - es entsteht für jede Zeile in der Datenbank eine lineare Liste von Versionen in die Vergangenheit einer Row.\nDer InnoDB Purge Thread hat die Aufgabe, das Undo-Log zu verkürzen. Wenn er das nicht tut, dann sieht das so aus wie oben im Graphen gezeigt. Dafür kann es zwei Gründe geben: Purge Lag - also mehr Writes als der Purge Thread wegschaffen kann. Oder lang laufende Transaktionen. Denn der Purge Thread kann nur dann eine Zeile aus dem Undo-Log streichen, wenn es keine aktive Transaktion mehr im ganzen System gibt, die älter ist als die zu streichende Zeile.\nDas ist die weitaus wahrscheinlichere Fehlerquelle. Wie also finden wir den Schuldigen?\nmysql\u0026gt; pager grep ACTIVE mysql\u0026gt; show engine innodb status\\G ... ---TRANSACTION A90E003AB, ACTIVE 16830 sec, process no 12098, OS thread id 1749563712 ... mysql\u0026gt; pager mysql\u0026gt; show engine innodb status\\G ... ---TRANSACTION A90E003AB, ACTIVE 16830 sec, process no 12098, OS thread id 1749563712 3 lock struct(s), heap size 1248, 2 row lock(s), undo log entries 1 MySQL thread id 146473882, query id 4156570244 mc02cronapp-01 192.168.1.10 cron_bp Trx read view will not see trx with id \u0026gt;= A90E14DE8, sees \u0026lt; A90E14DE8 ... Ein Cronjob hängt also in einer offenen Transaktion seit geraumer Zeit fest? Mehr Informationen bekommen wir aus der Prozeßliste:\nmysql\u0026gt; pager grep cron mysql\u0026gt; show processlist; ... | 146473882 | cron_bp | mc02cronapp-01:50154 | bp | Sleep | 16434 | ... Ein Login auf der mc02cronapp-01 und ein \u0026ldquo;lsof -i -n -P | grep 50154\u0026rdquo; zeigt schnell: Mitnichten ein Cronjob. Ein User hat einen MySQL Kommandozeilenclient gestartet und eine manuelle Verbindung und Transaktion offen gelassen. Ein \u0026ldquo;KILL 146473882\u0026rdquo; auf den Thread in MySQL trennt die Verbindung und der Purge Thread kann seine Arbeit fortsetzen, ein Sysadmin mit einem Cluebat kann zu dem User dispatched werden.\nDas Undo-Log ist Teil der ibdata1-Datei. Diese startet mit einer Größe von 10M und wächst per Default in Schritten von 8M im autoextend-Modus. Lang laufende Transaktionen, die den Purge Thread anhalten, führen zu einem Wachstum der ibdata1. InnoDB schrumpft Dateien niemals, und es gibt auch keine Methode, das zu tun - zwar wird der Platz in der Datei freigegeben und später wieder genutzt, aber für das Betriebssystem ist der Platz verloren.\n[root@mc01bpmdb-01 ~]# cd /mysql/bp/data [root@mc01bpmdb-01 data]# ls -lh ibdata* -rw-rw---- 1 mysql mysql 1.3G Apr 28 14:50 ibdata1 ","date":"2011-04-28T00:00:00Z","href":"https://blog.koehntopp.info/2011/04/28/mysql-undo-log.html","tags":["database","innodb","mysql","lang_de"],"title":"MySQL Undo Log"},{"categories":null,"content":" Ich glaube, von allen Teilen der Musik- und Unterhaltungsindustrie ist die Marke \u0026ldquo;Sony\u0026rdquo; mit allen ihren Armen und Seitengeschäften noch vor \u0026ldquo;Disney\u0026rdquo; eine der Firmen, die das Image von \u0026ldquo;Das ist der Feind\u0026rdquo; am Besten verkörpern.\nDie tatsächliche Sachlage ist kompliziert, aber das Image ist grundlegend verbrannt und erholt sich irgendwie auch nicht.\nEin Teil von Sony hatte in 2005 Rootkits auf den Rechnern ihrer Kunden installiert . Seither geht es Schlag auf Schlag, damit das Image des Namens gleichmäßig bleibt:\n2008 - Connect Online DRM-Server Abschaltung und Kunden-im-Regen-stehen-lassen . 2010 - Retroaktives canceln der Linux-Installationsoption für PS/3 , die Hatz gegen Geohot und potentiellen Helfern , und jetzt PSN gehackt und Anonymous will es nicht mal gewesen sein. Als ich vor zwei Leben einmal einen Security-Job hatte wurde mir recht schnell klar, daß man eine Security effektiv nicht sinnvoll gegen die Leute umsetzen kann, mit denen man dort arbeiten muß. Es ist also notwendig, auf eine positive und konstruktive Weise mit den Subjekten seiner Security Policy (vulgo: \u0026ldquo;Der Community\u0026rdquo;) zusammenzuarbeiten. Der PSN-Hack ist irgendwie ein Symptom von Sonys systematischen Fail sich eine Community aufzubauen oder ihr Image in den relevanten Kreisen aufzupolieren.\n","date":"2011-04-27T00:00:00Z","href":"https://blog.koehntopp.info/2011/04/27/wenn-man-sony-ist-hat-man-es-nicht-leicht.html","tags":["hack","security","sony","lang_de"],"title":"Wenn man Sony ist, hat man es nicht leicht"},{"categories":null,"content":"Dropbox ist in den letzten Tagen und Wochen ein wenig seltsam in die Schlagzeilen geraten.\nDa ist einmal der Artikel von Derek Newton: Dropbox Authentication: Insecure by design :\nAfter some testing (modification of data within the config table, etc) it became clear that the Dropbox client uses only the host_id to authenticate. Here’s the problem: the config.db file is completely portable and is not tied to the system in any way. This means that if you gain access to a person’s config.db file (or just the host_id), you gain complete access to the person’s Dropbox until such time that the person removes the host from the list of linked devices via the Dropbox web interface.\nDann ist da die Änderung der TOS, die vorher ein wenig irreführend formuliert waren: Vorher konnte man die TOS so lesen, daß die Dropbox-Dateien auf den Dropbox-Servern verschlüsselt gespeichert werden und Dropbox selber keine Kopien dieser Schüssel hatte. Das ist natürlich nicht der Fall: Für den Betreiber ist das alles Klartext, wenn er denn nur will.\nUnd er will :\nWe may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement. However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox.\nUnd schließlich nun: Dropbox Tries To Kill Off Open Source Project With DMCA Takedown . Diese Geschichte ist recht interessant, denn sie beleuchtet eine Inkonsistenz in den Behauptungen von Dropbox - und hat mit der Verschüsselung aus dem vorhergehenden Fall zu tun.\nDropbox speichert Dateien. Die meisten Leute haben Dateien, die auch andere Leute haben. Das ist schon deswegen so, weil ein guter Teil von Dropbox sich ja um Kollaboration, also das Teilen von Dateien miteinander dreht. Das können Unterlagen einer Wohnungseigentümergemeinschaft betreffend eine Dachsanierung sein, oder halt ein paar MP3-Dateien.\nWenn man nun also eine Datei auf Dropbox hoch lädt, dann berechnet der Client eine Prüfsumme und lädt erst einmal diese hoch.\nAbkürzung beim Datei-Upload, wenn die Datei schon bei einem anderen Dropbox-Kunden liegt.\nExistiert eine Datei mit dieser Prüfsumme, dem passenden Datum und Namen schon auf den Servern von Dropbox, dann muß Dropbox die Datei selber gar nicht mehr bekommen, denn Dropbox hat ja bereits passende Daten. Es genügt also serverseitig, die Datei auf dem Dropbox-Server für diesen Kunden sichtbar zu machen. Das ist schnell, spart Bandbreite und für Dropbox spart es Speicherplatz. Genau genommen macht es Dropbox wahrscheinlich überhaupt erst rentabel, denn andernfalls würde viel zu viel Plattenplatz verbraucht werden.\nDie Werkzeuge von Drittanbietern, gegen die Dropbox dort vorgeht, tun nun folgendes: Sie \u0026lsquo;wissen\u0026rsquo; Prüfsummen und senden diese Prüfsummen an die Dropbox-Server, ohne daß der Anwender diese Dateien auf seiner lokalen Platte hat - der Client behauptet also, die Daten zu haben und zeigt eine Prüfsumme vor, hat die Daten in Wahrheit aber gar nicht.\nDropbox macht diese Dateien dann für den Benutzer dieses Tools sichtbar, wenn Dropbox diese Datei überhaupt in irgendeinem Useraccount hat. Man kann also eine Datei-Prüfsumme etwa eines MP3-Verzeichnisses twittern, und jeder kann mit diesem Tool und der Prüfsumme, die er über Twitter erhalten hat, dann diese MP3s in seine Dropbox importieren und sie sich dann runterladen. Klar, daß Dropbox das doof findet.\nDas wäre technisch relativ leicht korrigierbar: Dropbox kennt ja die Datei, und ihre Länge. Dropbox kann also den Client nach einem Sample der Daten oder einer zweiten Prüfsumme über ein Sample der Daten fragen, und dabei das Sample aus der ganzen Datei über einen variablen, zufällig bestimmten Bereich legen. Wenn ich also behaupte, das Album \u0026ldquo;Sascha Lobo singt\u0026rdquo; zu haben und die Prüfsumme dafür vorzeige, dann gibt Dropbox mir die Dateien erst, wenn ich die Prüfsumme über die Bytes von Offset 4826267 bis 4826267+4096 dieser Datei berechnet habe. Wenn Du das machst, wird stattdessen die Prüfsumme über einen anderen Bereich verlangt. Auf diese Weise kann Dropbox leicht prüfen, ob der Client wirklich im Besitz der Daten ist, die er behauptet zu haben.\nNun sollte einmal das Denken einsetzen. Ich erzeuge also eine Datei mit den Inhalt \u0026ldquo;Hallo, Welt!\u0026rdquo;.\nWenn ich diese Datei mit meinem Key verschlüssele, dann sieht die Datei so aus:\nKK:~ kris$ openssl enc -e -k g33k -aes-128-cbc -base64 -in /dev/stdin Hello, World! U2FsdGVkX19isizbD981L7EOV+1Ou8O4xhBMQqDo3nw= Wenn Du das machst, dann ist der Inhalt der Datei offensichtlich anders:\nKK:~ kris$ openssl enc -e -k s3cr3t -aes-128-cbc -base64 -in /dev/stdin Hello, World! U2FsdGVkX18Fqrwp51fq8Y23MBas01+z4gJBdFs+vWE= Beide Dateien haben offensichtlich unterschiedliche Prüfsummen, wenn man verschlüsselten Content betrachtet. Die Prüfsumme muß also über den unverschlüsselten Content berechnet werden, damit das vergleichbar wird. Für den Client ist das leicht, da die Daten ja auf meiner und Deiner Platte für den Client unverschlüsselt vorliegen.\nDanach stellt mir Dropbox die Datei auf dem Server zur Verfügung, wenn ich die passende Prüfsumme vorzeigen kann. Ich kann die Datein dann runterladen, mit meinem Schlüssel verschlüsselt. Das heißt, die Daten, die angeblich verschlüsselt auf dem Dropbox Server liegen, können mit meinem und mit Deinem Schlüssel verschlüsselt runtergeladen werden. Dropbox speichert die Daten physikalisch auch nur einmal, um Speicherplatz zu sparen, denn sonst hätten sie tausende Kopien von \u0026ldquo;Sascha Lobo singt\u0026rdquo; auf dem Server liegen, die alle Platz wegnehmen. Naja, ok, Dutzende.\nWahrscheinlicher ist also, daß Dropbox die Daten auf ihren Servern gar nicht verschlüsselt, oder alle Daten mit einem einzigen globalen \u0026ldquo;Dropbox\u0026rdquo;-Key verschlüsselt oder etwas ähnlich simples. Für die Kommunikation wird dann eine Transportverschlüsselung über den Content gebraten, also für mich mein Key und für Dich Dein Key.\nDropbox hat also die Wahl zwischen Dateideduplikation und effizienten Uploads auf der einen Seite und Datensicherheit durch Verschlüsselung auf der anderen Seite. Klar, wo businessmodelltechnisch die Präferenzen liegen.\n","date":"2011-04-26T00:00:00Z","href":"https://blog.koehntopp.info/2011/04/26/verschluesselt-dropbox-ueberhaupt.html","tags":["cloud","dropbox","internet","security","lang_de"],"title":"Verschlüsselt Dropbox überhaupt?"},{"categories":null,"content":" Die Antwort: ALTER TABLE vs. Schemaless ALTER TABLE in MySQL nervt. Das tut es in erster Linie, weil es die Tabellen, die es verändert, mit einem exklusiven Lock (Write Lock) belegt, während es die Änderung durchführt, und weil es die Änderung durch Umkopieren der Daten und Indices durchführt, was bei einer großen bestehenden Datenmenge doch recht lange dauern kann.\nEs gibt inzwischen eine Reihe von Verbesserungen in MySQL 5.5, wenn InnoDB (inzwischen die Default Storage Engine) verwendet wird. Diese Verbesserungen beziehen sich zum größten Teil auf das Erzeugen und Löschen von Indices im Hintergrund, also ohne Lock und ohne den Betrieb aufzuhalten.\nAuch für das Erzeugen und Löschen von Spalten oder das Ändern von Defaults gibt es Lösungen, die in InnoDB jedoch noch nicht umgesetzt sind. Die meisten dieser Lösungen basieren auf versionierten Tabellendefinitionen und einem verzögerten Update der Zeilen der Tabelle.\nDas könnte so gehen: Jede Tabelle hat eine versteckte Spalte \u0026lsquo;version\u0026rsquo;, in der die Schemaversion für diese Zeile gespeichert ist. Ein ALTER TABLE auf eine Tabelle verändert an der Tabelle selbst erst einmal gar nichts, sondern hinterlegt nur eine zusätzliche Version des Schemas in der .frm-Datei.\nWird eine Zeile bearbeitet, wird das Schema für diese Zeile beim Lesen aktualisiert und die Zeile dann später zurück geschrieben.\nVerzögerte Migration einer Tabelle von Schemaversion 1 auf Schemaversion 2.\nIm Beispiel wird das ursprüngliche\nCREATE TABLE t ( id INTEGER UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT, german VARCHAR(20) NOT NULL DEFAULT \u0026#39;\u0026#39; ) ENGINE = INNODB um ein späteres\nALTER TABLE t ADD COLUMN english VARCHAR(20) NOT NULL DEFAULT \u0026#39;\u0026#39; ergänzt.\nDie ursprüngliche Tabellendefinition ist Version 1. Das ALTER TABLE, das die Spalte english zufügt ist Version 2. Das ALTER TABLE selbst macht gar nichts, aber man kann erkennen, daß die Zeile mit der ID 2 schon aktualisiert worden ist.\nIn einer realen Implementierung ist diese Zeile eher repräsentativ für eine ganze Speicherseite, also in InnoDB für alle Zeilen, die in derselben 16KB Seite gespeichert werden. InnoDB macht allen I/O immer seitenweise und es wäre nicht sehr ökonomisch, nur einzelne Zeilen zu ändern, wenn man gleich eine ganze Seite davon im Speicher hat. Außerdem könnte man auf diese Weise die Schemaversion per Seite statt per Row speichern, was noch einmal Speicher spart. Es ist mir noch nicht ganz klar, ob man eine Seite unbedingt immer beim in-den-Speicher-bringen aktualisieren will (aggressiver Algorithmus), oder nur dann, wenn eine Seite sowieso auf Grund einer anderen Operation modifiziert wird (zurückhaltender Algorithmus, der die Aktualisierung nur dann durchführt, wenn die Seite auf Grund anderer Operationen als dirty markiert wird).\nAuf diese Weise wird jedenfalls das ALTER TABLE ADD COLUMN und DROP COLUMN sowie das MODIFY COLUMN selbst sehr schnell. Die eigentlichen Kosten fallen dann im Hintergrund an, und zwar dann, wenn die Seite sowieso geändert wird (zurückhaltener Algorithmus).\nMeine Anfrage in dem ersten Artikel zum Thema brachte das Ergebnis, daß bei schemalosen Datenbanken die Optionen ähnlich sind:\nMan ignoriert das Problem. Man schreibt eine ALTER TABLE Prozedur. Man schreibt eine Migrationsprozedur, die dem lazy ALTER TABLE von oben entspricht. Man schreibt eine Migrationsprozedur, die dem lazy ALTER TABLE von oben entspricht, verteilt den Code aber durch einen Haufen Stellen in der Anwendung. Zu Option 1 erhielt ich dieses Anwendungsbeipiel:\nIch hatte es erst letztens mit einer NoSQL-Datenbank, dass der Kunde noch gerne ein Feld mehr wollte (Sortierung) und das Statement natürlich die Sortierung benutzt hat. Eigentlich ganz schön, dass das so einfach ist. Nun fand die DB aber plötzlich keine Datensätze mehr, die das Feld noch nicht besaßen.Auf der einen Seite richtig, auf der anderen kommt da gerne auch eine Migration auf einen zu, für einen einzigen neues Key. Aber damit kann man leben und man fällt wahrscheinlich nur einmal drauf rein und beachtet dies in der Entwicklung.\nLeider erhielt ich auf meine Nachfrage, mit welcher technischen oder organisatorischen Maßnahme das für die Zukunft geklärt wurde (\u0026lsquo;beachtet dies in der Entwicklung\u0026rsquo;) keine Antwort.\nZu Option 2 erhielt ich den folgenden Kommentar:\nIch kann hier nur für Documentstore DBs sprechen. Fügten wir in der Form ein weiteres Feld hinzu, musste ein Updateprogramm geschrieben werden, dass die bereits vorhandenen Dokumente um dieses Feld erweiterte [\u0026hellip;], sonst flog einem das ganze in Views um die Ohren oder die Dokumente tauchten in den Views gar nicht erst auf, da das neue Feld als Selektionskriterium verwendet wurde.\nDies entspricht weitgehend einem prozedural auscodierten ALTER TABLE.\nZu Option 3 erhielt ich dieses Anwendungsbeispiel:\nUmgesetzt habe ich das bisher, wie man es bei großen SQL-Datenbanken letztendlich auch tun würde (wenn man die Tabelle nicht locken will):\nDatensatz laden Gucken in welcher Version der Datensatz ist (bzw. ob Daten migriert werden müssen) Datensatz gegf. aktualisieren Datensatz speichern (oder warten bis der Datensatz eh gespeichert wird) Ein weiterer Beitrag:\nAls Anwendungsentwickler muss ich mich auf einmal in meinem Data Abstraction Layer (DAL) um das Handling von Datensatz-bezogenen Versionen kümmern und dort im Laufe der Zeit immer mehr Code implementieren, nur um aus den aus dem Storage geladenen Daten sinnvolle Objekte zu erzeugen.\nOption 4 wurde dort ebenfalls andiskutiert, aber verworfen:\nSchiebt man das Problem noch weiter \u0026ldquo;den Stack hoch\u0026rdquo;, etwa weil man auch im Domain Model nicht mit klaren Objekt-Definitionen, sondern vielleicht mit Hashtables, JSON-Datenformaten oder sonst was rumhantiert, so erschwert dies meiner Meinung nach nicht nur die Übersicht im Code, sondern auch die weitere Verarbeitung in Controllern, Services und Views.\nModellierung von Spezialisierungen An anderer Stelle kam es zu einer Diskussion um erweiterbare Strukturen und Spezialisierungen, also Superclass-Subclass-Beziehungen. In der SQL-Welt implementiert man diese oft mit 1:0-Strukturen (also 1:1-Beziehungen, bei denen der rechte Part optional ist, und der linke Part eine Art von Klassenidentifikation enthält).\nKundenDB eines mir bekannten Providers\nEin mir recht gut bekanntes Anwendungsbeispiel ist eine technische Kundendatenbank bei einem Provider. Dort speichert man Kunden und Produkte ab (ein Kunde kann eine Reihe von Produkten gekauft haben). Alle Produkte haben gemeinsame Eigenschaften, etwa ein Freischalt- und ein Endedatum, Preise, Rabatte und so weiter. Alle Produkte haben außerdem einen Typ, etwa DSL, weitere IP-Adresse, Webserver, Dedicated Server und so weiter. Für jeden Typ gibt es jetzt eine weitere Tabelle, in der Attribute gespeichert werden, die für die Unterklasse spezifisch sind (also DSL-spezifisch, Webserver-spezifisch und so weiter).\nAnwendungen arbeiten nun entweder mit der Oberklasse, etwa weil sie abrechnen. Oder sie arbeiten mit einem JOIN zwischen Produkt und einer spezifischen Unterklasse (Produkt p JOIN dsl d ON p.product_id = d.product_id AND p.type = 'dsl'), etwa weil sie Konfiguration generieren. Die einzige Komponente, die mit allen Unterklassen als Unterklassen arbeiten muß, ist der Editor. Der wiederum ist jedoch so allgemein gehalten, daß er im Grunde mit jeder Art von Tabelle arbeiten kann - er verwendet weitere Tabellen mit Meta-Hints zum Layout der Edit-Seiten.\nIn schemalosen NoSQL-Datenbanken modelliert man dies oft recht frei, auf eine von mehreren Weisen:\nDer unformalste Ansatz fügt einfach Attribute zu Elementen dazu. Es gibt dabei keine Kontrolle, ob die vorhandenen Attribute komplett sind, sondern Attribute werden einfach einzeln zugefügt wie sie gebraucht werden. Das kann zu allerhand Überraschungen zur Laufzeit führen.\nIn einem etwas formaleren Ansatz hat man ein Attribut, das in etwa einem \u0026lsquo;objectClass\u0026rsquo;-Attribut von LDAP Schema entspricht und die Klassen listet, denen das Objekt folgt, und das somit die \u0026lsquo;MUST\u0026rsquo; und \u0026lsquo;MAY\u0026rsquo;-Attribute festlegt. Diese sind womöglich sogar typisiert. Validierung dieser Regeln erfolgt typischerweise jedoch nicht in der Datenbank, sondern im Getter/Setter.\nDatenmodellierung Bei der Modellierung hat man dann wieder OOP-typisch die Wahl zwischen Einbettung und Verweisen (MongoDB ), während SQL praktisch immer mit Verweisen arbeitet.\nObendrein kommen dazu noch gelegentlich technische Fragen wie Subdokument vs. eigenes externes Dokument, die in einigen dieser Systeme elementar unterschiedlich behandelt werden: typischerweise hat ein Dokument einen eigenständigen Primärschlüssel, ist also addressierbar, während ein Subdokument keinen eigenen Primärschlüssel hat, und daher nicht direkt addressierbar ist: Eine OID des Parents plus Suchausdruck ist kein invarianter und stabiler Name.\nSQL arbeitet praktisch immer mit Verweisen und nennt diese Fremdschlüssel, ist aber in der Lage, diese Verweise optional innerhalb einer Query aufzulösen (das ist genau das, was ein JOIN tut), sodaß man durch die Formulierung der Query in der Abfrage die Wahl zwischen Einbettung und Verweis hat - nicht jedoch bei der Speicherung, die in der Regel mit Verweisen erfolgt.\nViele NoSQL-Datenbanken erlauben einem immerhin die Wahl zwischen Einbettung und Verweisen, etwa indem sie einen Datentyp OID bereitstellen. Vielfach fehlt aber die Option des \u0026lsquo;deep read\u0026rsquo;, also des Auflösens von OID in Unterobjekte mit einer einzigen Query (\u0026lsquo;fetchObject: OID deepReadLevel: 3\u0026rsquo;), sodaß man sich beim Auflösen der Referenzen zusätzliche Netzwerklatenzen einhandelt.\nEin Diskussionsbeitrag stellt genau dies dar, zieht dies aber argumentativ anders herum auf:\nDer Zeitpunkt, zu dem Daten normalisiert werden, ist unterschiedlich. Bei einer SQL-Datenbank müssen die Daten beim INSERT dem Schema entsprechen, d.h. ich muß sie gleich normalisiert, wenn ich sie entgegennehme. Bei einem schemalosen Store kann ich die Daten auch erst ganz spät normalisieren, möglicherweise erst wenn ich sie ausgelesen habe und nun darstellen will.\nund meint dann:\nWenn ich Daten normalisiere, bevor ich sie in einen schemalosen Store schreibe, dann sehe ich auch keinen wirklichen Vorteil gegenüber einer SQL-Datenbank (modulo der von Dir erwähnten table locking Implementationsdetails einiger spezieller Implementationen). Das Haupt-Feature ist also IMHO genau die Möglichkeit, erst ganz spät zu normalisieren, und dann hat man möglicherweise viel mehr Kontext, was man mit den Daten überhaupt anfangen will.\nIch arbeite möglicherweise zu lange mit SQL, denn ich habe Schwierigkeiten mir vorzustellen, wieso das ein Vorteil ist. Also, genauer: Ich kenne Anwendungsfälle, wo mich die interne Struktur der Daten nicht tangiert und ich sie in SQL nicht ausmodellieren will - einfachstes Beispiel ist eine Session-Tabelle, die im Grunde nur Tripel (sessionid, sessiondata, changed) enthält, und bei der ich nie in die sessiondata hinein sehen will. In diesem Fall ist es vollkommen in Ordnung, sessiondata als BLOB oder TEXT zu modellieren und da ein serialize($_SESSION) abzuspeichern.\nWenn ich aber strukturierte Sessions will, weil ich etwa Statistiken über Artikel in aktiven Warenkörben erstellen möchte, dann ende ich wahrscheinlich mit einer zweistufigen Hierarchie und Key-Value Tabellen oder weiter ausstrukturieren Sessiontabellen. Allerdings sehe ich solche Anwendungsfälle vielleicht eher in einem Bestell-Log als in einer Session-Tabelle.\nZusammenfassung Offenbar lag ich mit meinem Gefühl gar nicht so falsch: Das im Betrieb oft unerträglich langsame ALTER TABLE von MySQL ist in der Tat ein stark empfundenes Problem und motiviert Anwender stattdessen auf \u0026lsquo;schemalose\u0026rsquo; Datenbanken zu setzen.\nAnwender von \u0026lsquo;schemalosen\u0026rsquo; Datenbanken haben ihr Schema stattdessen als Teil von Bibliotheken in der Anwendung implementiert. Dabei variiert die Codequalität recht stark, da keine \u0026lsquo;best practice\u0026rsquo; als Einbaufunktion von der Datenbank bereitgestellt wird und auch keine Standard-Bibliotheksfunktionen für diese Aufgabe von der Zugriffsbibliothek für die entsprechende NoSQL-Datenbank bereitgestellt wird.\nAus der Sicht des NoSQL-Produktes wird die Funktionalität also nicht vom Server in den Client verlagert, sondern das Problem ignoriert und dem Anwender zur Selbstimplementierung überlassen. Die Anwender durchdenken das Problem dabei unterschiedlich stark und implementieren eine Lösung in der Regel nur so weit als sie empirisch das Problem als dringlich zu empfinden gelernt haben.\nSchemaprüfungen und formale Migrationen von einer früheren Version des Schemas auf die aktuelle Version des Schemas sind dabei eher die Ausnahme.\nViele NoSQL-Produkte, die über simple KV-Stores hinaus gehen, implementieren hierarchische Datenstrukturen, die sich an dem relationalen Vorläufer IBM IMS, an XML oder an LDAP orientieren. Dies ist dem Fehlen von ausdrucksstarken Möglichkeiten mit Hierarchien und Bäumen in MySQL umzugehen geschuldet.\nAndererseits fehlt in diesen NoSQL-Produkten in der Regel die Option, Verweise aufzulösen ohne weitere Netzwerklatenzen zu generieren (Fehlen von JOIN oder \u0026lsquo;deep reads\u0026rsquo;), sodaß man oft mit eingebetteten Dokumenten und nicht-skalaren Daten arbeitet.\nIch war verwirrt, weil einerseits NoSQL irgendwie der aktuelle Hype ist, ich andererseits aber auf Konferenzen wie MongoBerlin letztes Jahr ein komisches DejaVu hatte: Das Publikum dort fühlt sich an wie eine MySQL-Community von 2005.\nSo weit korrekt, oder fehlt was?\n","date":"2011-04-20T00:00:00Z","href":"https://blog.koehntopp.info/2011/04/20/zusammenfassung-schemaless.html","tags":["lang_de","database","mysql","nosql"],"title":"Zusammenfassung 'Schemaless'"},{"categories":null,"content":" Die Frage: Ich brauche einmal Hilfe. Von Euch. Ich verstehe nämlich ein Konzept nicht. Es geht um den Begriff \u0026ldquo;Schemaless\u0026rdquo;, der im Zusammenhang mit einigen NoSQL-Datenbanken verwendet wird.\nIch kann verstehen, daß für einige Leute ein ALTER TABLE wie in MySQL ein Problem ist, weil es Tabellen während der Schemaänderung lockt. Da ALTER TABLE in vielen Fällen die Daten zur Durchführung der Änderung umkopieren muß, kann dieses Lock entsprechend lange bestehen bleiben, wenn die Daten nur hinreichend groß sind.\nIch kann nicht verstehen, wieso Leute glauben, daß \u0026ldquo;Schemaless\u0026rdquo; da eine Hilfe wäre oder wieso Leute glauben, daß es so etwas wie \u0026ldquo;Schemaless\u0026rdquo; überhaupt gibt.\nDaten in Datenbanken existieren ja in der Regel nicht im luftleeren Raum, sondern sie werden von Code genutzt. Dieser Code macht Annahmen über die Attribute, die in einer Tabelle (oder was immer Euer NoSQL als Tabellenäquivalent verwendet) existieren dürfen oder müssen.\nWie geht ihr damit um, wenn ihr \u0026ldquo;schemaless\u0026rdquo; arbeitet?\nHaben Eure Tabellen ein verpflichtendes Attribut \u0026ldquo;version\u0026rdquo;, und Euer Code dann einen Getter/Setter, der die Version einer Row prüft und gegebenenfalls überflüssige Attribute entfernt, fehlende Attribute mit Defaults ergänzt und dann im Setter die Version auf den aktuellen Stand anpaßt? Wenn ja, wie ist das \u0026ldquo;schemaless\u0026rdquo;? Ihr enforced ja ein Schema, und implementiert das ALTER TABLE lazy, wie es in einigen Datenbanken gemacht wird, die nicht MySQL sind.\nWenn nein: Wie geht Euer Code stattdessen mit der Situation \u0026lsquo;fehlendes Attribut\u0026rsquo; bzw. \u0026rsquo;nicht mehr gebrauchtes Attribut\u0026rsquo; um?\nGenerell: Wie prüft Ihr Range und Validität von Daten in so einer Datenbank?\nWäre es nicht sinnvoller, ALTER TABLE so anzupassen, daß es a) Indices im Hintergrund erzeugt und b) Zufügen, Entfernen und Ändern von Spaltentypen lazy implementiert wie oben geschildert?\nBitte helft mir und diskutiert in den Kommentaren.\nDie Antwort in einem späteren Artikel.\n","date":"2011-04-19T00:00:00Z","href":"https://blog.koehntopp.info/2011/04/19/schemaless.html","tags":["database","mysql","nosql","lang_de"],"title":"Schemaless?"},{"categories":null,"content":"Laut mehreren Quellen wird Google Streetview in keinen weiteren Städten mehr verfügbar gemacht als den 20 Städten, in denen es schon vorhanden ist. Das Bildmaterial für die vorhandenen 20 Städte wird nicht aktualisiert werden und also langsam vor sich hin veralten.\nDas haben Frau Aigner und die hauptamtlichen Datenschutzhysteriker und Einwilligungsinformatiker schön hin bekommen. Nächstes Ziel: Google Analytics . Wenn wir uns anstrengen, sind wir in weniger als 2 Jahren wieder bei Bildschirmtext, Spackeria oder nicht.\nEine umfangreichere Metabetrachtung zum Thema \u0026ldquo;Das Scheitern des Datenschutzes\u0026rdquo; findet man auch bei Netzpolitik .\nUpdate: Eine pointiertere Betrachtung des politischen Datenschutzversagens findet man bei tarzun in Datenschutz 2011 .\nUpdate: Bei Heise und anderswo findet man eine der schönsten Ausprägungen von Bestätigung durch Dementi, die ich je gesehen habe. Ja, die GSW-Autos fahren noch in Deutschland. Nein, die Aufnahmen werden vorerst nicht benutzt werden, um GSW Deutschland zu aktualisieren, sondern lediglich für Maps verwendet. Nein, man plane derzeit keine über die ersten 20 Städte hinaus gehenden neuen GSW Deutschland Veröffentlichungen.\nGoogle läßt Streetview also in Deutschland auf dem Status Quo vor sich hin vergammeln, mindestens bis sich herausgestellt hat, wie doll Microsoft mit ihrem Streetview Clone auf das Maul bekommen haben werden.\nUpdate: Eine gute Übersicht über Firmen, die Wi-Fi Positionsdatenbanken aktuell halten. Mit dabei: Jedes iPhone mit iOS 3.2 oder höher (wenn man es ihm nicht abgewöhnt).\n","date":"2011-04-10T00:00:00Z","href":"https://blog.koehntopp.info/2011/04/10/kein-streetview-f-r-deutschland.html","tags":["privacy","google","internet","privacy","spackeria","lang_de"],"title":"Kein Streetview für Deutschland"},{"categories":null,"content":"Nachdem ich jetzt ein wenig mit dem Lesen auf Kindle for Mac und Kindle for Android herumprobiert habe, kann ich sagen, daß es für mich funktioniert. Und zwar seltsamerweise auf dem Android besser als auf dem Mac. Ich kann nur noch nicht sagen wieso - wahrscheinlich spielt Gewicht tatsächlich eine größere Rolle als Screenspace.\nEin wenig Recherche zum Thema Kindle Store und Kindle fördert auch sonst ein paar interessante Fakten zutage. Ein Artikel über Amanda Hocking und andere Autoren zum Beispiel, die ausschließlich über Kindle publizieren. Und dabei gutes Geld verdienen, denn auf diese Weise kommt bei ihnen prozentual viel mehr Geld an als wenn sie über einen Verlag mit gedruckten Büchern arbeiten würden. Was wiederum vollkommen neue Buchpreise ermöglicht. Was wiederum den Kauf von Werken unbekannter Autoren stark vereinfacht, da für mich als Kunde das persönliche Risiko viel geringer ist.\nAlso lese ich jetzt zum Beispiel The Second Ship , weil man für 69 US Cent nix falsch machen kann, selbst wenn das Buch Dreck sein sollte (Bin im Kapitel 7, bisher ist es mehr wert als es kostet).\nZu diesem Konzept der günstigen Buchpreise paßt auch das Format Kindle Singles . Das sind Texte, die kleiner sind als ein Buch, aber länger als ein Artikel - also etwa 30-90 Seiten gedruckt, und entsprechend bepreist.\nDamit tritt Kindle auf eine Weise auch in Konkurrenz zu Flattr, weil die eingesetzten Beträge in der gleichen Größenordnung liegen, aber die Reichweite von Kindle viel größer als die von Flattr ist, und auf diese Weise auch ein Nicht-Geekiges Publikum erreicht werden kann. Zudem ist der Geldfluß aufgrund der individuellen Abrechnung besser kontrollierbar, und das traditionelle Verkaufsmodell leichter verständlich als das Modell, das Flattr zugrunde liegt - Kunden sind geübter, Kaufentscheidungen zu treffen als Flattrspenden abzuschätzen.\nBleibt die Frage, wann wir die ersten deutschen Indie-Autoren sehen, die an den Verlagen vorbei direkt verkaufen, nachdem sich die deutschen Verlage weiterhin strategisch weigern, am 21. Jahrhundert teilzunehmen. Und Google Books ist weiterhin um Würgegriff eines veralteten Coprights (oh, und hier ).\n","date":"2011-03-28T00:00:00Z","href":"https://blog.koehntopp.info/2011/03/28/was-kindle-so-alles-ver-ndert.html","tags":["book","media","lang_de"],"title":"Was Kindle so alles verändert"},{"categories":null,"content":"The Wise Mans Fear , Hardcover, 1008 Seiten. 1400 Gramm. Kindle auf dem Android ist eine feine Sache.\n\u0026ldquo;The Wise Man\u0026rsquo;s Fear\u0026rdquo; ist der Folgeband zu Der Name des Windes .\nKvothe, unser Held aus dem ersten Band, macht sich an der Universität ernsthaft Feinde und muß sich eine Weile zurückziehen, um Gras über die Sache wachsen zu lassen. Er macht sich auf den Weg in das ferne Land Vint, wo er einem Gönner, dem Maer von Severen, helfen muß eine Braut zu werben und Banditen in den fernen Wäldern des Nordens zu besiegen. Das gelingt ihm auch, aber auf dem Weg zurück wird er von einer Fae verführt, entkommt und gelangt mit einem Umweg über das mysteriöse Land Adem zurück nach Severen und schließlich an zurück an die Universität. Bei jedem dieser Ereignisse lernt er ein wenig über die Chandrian, die Mörder seiner Eltern, und über die wahre Natur und Geschichte der Welt, in der er lebt (\u0026quot;Azundris Edition \u0026quot; für Leute mit TL;DR-Syndrom).\nDer erste Band hat sprachlich Maßstäbe hinsichtlich Sprache, Handlung und Storytelling gesetzt, die hier teilweise sogar übertroffen werden. Lediglich die Erlebnisse in Adem haben einige Probleme im Pacing und ihnen würde ein bischen Raffung gut tun. Trotzem ein Buch, das es erfolgreich geschafft hat, mich die letzten 3 Wochen vom Bloggen und RSS lesen abzuhalten (24k ungelesene Artikel im Google Reader). Außerdem ein Hardcover, bei dem Größe und Gewicht mich dazu gebracht haben, Kindle for Android auf dem Desire zu installieren und das Buch dort zu lesen. Was erstaunlich gut funktioniert, hätte ich nie gedacht.\n","date":"2011-03-25T00:00:00Z","href":"https://blog.koehntopp.info/2011/03/25/fertig-gelesen-the-wise-man-s-fear.html","tags":["book","review","media","lang_de"],"title":"Fertig gelesen: The Wise Man's Fear"},{"categories":null,"content":"Dies ist der 2. Teil zum Thema Automatisierung von Systemverwaltungsaufgaben. Den ersten Teil gibt es hier .\nIn jenem Text habe ich mit dem Beispiel eines Installationsservers gearbeitet und ich schrieb darüber:\nWas also wie ein wenig Gescripte aussieht, ist in Wirklichkeit die Definition und Realisierung eines Prozesses - genau genommen die Formalisierung eines Prozesses \u0026ldquo;Server aufsetzen\u0026rdquo; in der Firma. Das Ziel des Prozesses ist die Produktion einer neuen Maschine, die einer gewissen Spezifikation möglichst gut entsprechen soll. Dabei sind die Prozeßziele die möglichst genaue Einhaltung der Spezifikation, und die möglichst schnelle Abwicklung des Auftrages. Dabei ist das Wissen eines Experten in Programmcode auskristallisiert worden - den Hilfs-Scripten und Anpassungen des Installationsservers.\nIch muß die wichtigen Punkte hier noch einmal herausstellen: Wenn wir in einem Umfeld solche Aufgaben automatisieren, dann wollen wir damit verschiedene Dinge erreichen.\nZum einen soll die gewünschte Operation, etwa die Installation einer Kiste, reproduzierbar gemacht werden. Das kann nur dann gelingen, wenn die Automatisierung dieses Prozesses vollständig ist, die Anzahl der manuellen Arbeitsschritte zur Nachbearbeitung also Null ist.\nDenn wenn während einer solchen Änderung an einer Maschine auch nur ein Arbeitsschritt von Hand durch einen Sysadmin ausgeführt wird, dann besteht die Gefahr, daß diese Änderung nicht korrekt oder uneinheitlich gemacht wird, und das gefährdet die nachfolgenden automatischen Bearbeitungssschritte.\nAußerdem geht die Parallelisierbarkeit der Operation verloren, wenn noch manuelle Arbeitsschritte notwendig sind: Egal wie viele Kisten wir zeitgleich durch den Prozeß ziehen können, am Ende müssen die manuellen Schritte nacheinander Kiste für Kiste durch einen menschlichen Admin abgearbeitet werden, sind also wieder serialisiert. Das heißt, es gibt einen Punkt, der vermutlich gar nicht so weit draußen liegt, an dem der ganze Prozeß wieder bottlenecked.\nUnd schließlich ist es so, daß wir durch die Automatisierung einer Operation - hier der Installationsprozeß - das notwendige Expertenwissen zur Durchführung in ein Script verpacken. Das Wissen um das \u0026ldquo;Wie\u0026rdquo; wird externalisiert, damit reproduzierbar und einem Diskurs (durch Patches) zugänglich gemacht.\nBaut man da noch eine schöne Bedienoberfläche drüber, hat man die Operation sogar produktisiert: Sie kann nun durch Personal ausgelöst werden, das von den Details nichts mehr weiß und wissen muß und daher niedriger qualifiziert sein kann als das Personal, das den Prozeß entwickelt hat.\nDer automatisierte Prozeß und seine Ziele/Effekte.\nZieht man das konsequent durch, bekommt man innerhalb des Systembetriebes eine Trennung zwischen Personen, die Systeme bedienen (\u0026ldquo;Operator\u0026rdquo;) und Personen, die Prozesse automatisieren, indem sie die Interfaces für Operatoren und die Funktionalität dahinter bauen.\nLetztere Gruppe entwickelt Programme, genau wie die Entwickler in der Entwicklungsabteilung - es sind Entwickler (auch wenn es Leute gibt, die das bestreiten und die meinen, das Gescripte da sei keine richtige Programmierung).\nSolche Entwickler bauen Code zur automatisierten Systemverwaltung, also Infrastruktur, im Gegensatz zu den regulären Entwicklern, die an neuen Features bauen. Daher nenne ich die einen Infrastrukturentwickler und die anderen Featureentwickler.\nAndere Leute nennen das DevOps , und integrieren die Infrastrukturentwickler tiefer in die Featureentwicklung, die dann die Belange von Operations gleich bei der Entwicklung der Software von Anfang an mit berücksichtigen soll. Ich halte das nicht unbedingt für glücklich, weil die geforderten Qualifikationen andere sind, und weil die Denkweise des Infrastrukturentwicklers eine andere ist als die eines Featureentwicklers.\nFeatureentwickler, insbesondere im Bereich der agilen Methoden, sind ein wenig wie Teletubbies - sie sind timeboxed, und wenn bestimmte Dinge beim Ablaufen der Timebox nicht fertig werden, dann werden diese Features eben gekippt und auf ein späteres Release verschoben. Das macht aber nix, denn man kann die Features, die fertig geworden sind, schon mal releasen und die Leute, die das gebaut haben, trotzdem loben: Ui, das habt ihr aber fein gemacht und so schön bunt! Oder anders gesagt: Auch schon für Teil-Lösungen gibt es oft einen inkrementellen Payoff.\nIm Bereich der Infrastrukturentwicklung gibt es das eher nicht, eben genau wegen der Anforderung \u0026ldquo;genau Null manuelle Eingriffe\u0026rdquo;. Für viele Aufgaben funktioniert timeboxing hier nicht, sondern man muß die Aufgabe ganz, komplett und vollständig erledigen, erst dann kann man das erste Mal wirklich Gewinne durch die Erledigung der Aufgabe einstreichen - dann aber auch gleich in voller Höhe. Die Führung eines Teams von Infrastrukturentwicklern muß daher eher militärisch erfolgen: Klar definierte und abgegrenzte Ziele, dann rein, die Mission erledigen und wieder raus, keine halben Sachen.\nDaher ist in der Infrastrukturentwicklung Scrum eine Methode, die eventuell nicht passend ist - schon gar nicht, wenn auf der Prioritätenliste Featureentwicklung mit Infrastrukturentwicklung um Prioritäten kämpft. Denn Scrum limitiert die Arbeit pro Iteration durch das Selected Backlog , und da Featureentwicklung dem Betrieb direkt Einnahmen bringt, während Infrastrukturentwicklung in vielen eher als Geldsenke gesehen wird, führt das schnell dazu, daß jede Menge Technical Debt aufgebaut wird, d.h. wichtige Infrastrukturarbeit liegen bleibt.\nMan kann versuchen, da mit Priority Inversion drum herum zu arbeiten, d.h. daß Infrastrukturprojekte die Priorität der Featureprojekte erben, für die sie Vorbedingung zur Realisierung sind, aber meiner persönlichen Erfahrung nach wird das nicht strikt genug gehandhabt. Außerdem verhindert es proaktive Infrastrukturarbeiten, und rein reaktive Systemadministration ist ein sehr steiler Weg ins Chaos.\nAber auch wenn Infrastrukturentwicklung von der Featureentwicklung getrennt ist, etwa weil eine Trennung von Operations und Development existiert, ist Scrum oft nicht die geeignete Methode, da Timeboxing bei einer Aufgabenstellung nicht so gut funktioniert, die erst dann Gewinne bringt, wenn die Aufgabe 100% erledigt ist. Besser verwendet man eine Kanban -Variante und paßt diese dann auf die lokalen Erfordernisse der Organisation und die Mentalität des Teams an.\nJira Greenhopper Extension mit der Darstellung eines Migrationsprojektes.\nSetzt man das um, stellt man binnen 6 bis 12 Monaten fest, daß sich die Art der Aufgaben und der geforderten Qualifikationen innerhalb des ehemaligen Sysadmin-Teams sehr verschieben. Zwar sind immer noch Kenntnisse von bestimmten Subsystemen und ihrer Arbeitsweise notwendig, aber die neu geschaffenen Infrastrukturentwickler brauchen tatsächlich Kenntnisse einer (interpretierten) Programmiersprache (PHP, Perl, Python, Ruby) im Gegensatz zu einer Scriptsprache (Shell) - genau genommen wird man sich im Team auf eine gemeinsame Plattformsprache einigen müssen, ein gemeinsames Repository haben, und auch sonst eine ganze Menge Dinge vereinheitlichen müssen.\nDie Arbeitsweise des Teams ändert sich ebenfalls - wenn die Umstellung gelingt, wird sich nach Ablauf des ersten Jahres kein Sysadmin mehr auf einer Kiste einloggen müssen, weil ssh von func, puppet, LDAP und einer Datenbank zum Konfigurationsmanagement abgelöst worden ist.\n","date":"2011-02-18T00:00:00Z","href":"https://blog.koehntopp.info/2011/02/18/automatisierung-und-skalierung-teil-2.html","tags":["architektur","mysql","work","lang_de"],"title":"Automatisierung und Skalierung - Teil 2"},{"categories":null,"content":"Ich hatte im Vorfeld der OSDC 2011 eine interessante Unterhaltung mit Julian Hein zum Thema Automatisierung. Er wollte, daß ich einmal erkläre, warum man das eigentlich tut - und was man da eigentlich tut.\nDie Antwort ist ein wenig länger, und weil ich dieses Jahr nicht zur OSDC fahren kann und dort auch nicht reden kann, will ich einmal versuchen, meinen Text zumindest in groben Zügen hier aufzuschreiben.\nDie Zusammenfassung ist jedenfalls, daß Automatisierung kein technisches Problem ist.\nAber von vorne:\nIch komme von MySQL, aus einem Consultingumfeld, und ich habe dort mit Kunden in jeder möglichen Betriebsgröße zu tun gehabt - von einzelnen MySQL Servern hin bis zu Leuten, die wirklich große Setups am Laufen gehabt haben.\nDarum habe ich mich vor Jahren im Vorfeld der MySQL Enterprise Manager (MEM, \u0026ldquo;Merlin\u0026rdquo;) Entwicklung auch mit dem Merlin-Team unterhalten und versucht zu erklären, was ich mir unter einem \u0026ldquo;Enterprise Manager\u0026rdquo; denn so vorstelle und wieso. Die Entwicklung ist dann aus einer ganzen Reihe von inzwischen hinfällig gewordenen betriebsinternen Gründen ganz anders gelaufen, aber das ist eine andere Geschichte, die ein anderes Mal erzählt werden soll.\nInzwischen bin ich in einer Firma, die noch vor drei oder vier Jahren eine gerade eben zweistellige Gesamtanzahl von Servern am Laufen hatte, und deren Maschinenpark sich jetzt im vierstelligen Bereich bewegt - mit einer großen dreistelligen Anzahl von MySQL-Instanzen. Ohne Automatisierung könnten wir das mit der vorhandenen Anzahl von Personen gar nicht stemmen.\nAber Automatisierung ist mehr, als einfach nur einen Haufen Scripte zu schreiben, die dann Aufgaben übernehmen, obwohl es wohl in den meisten Firmen so anfängt.\nZum Beispiel:\nJemand muß einen Server zum wiederholten Male installieren, oder schlimmer noch, einer anderen Person erklären, wie man \u0026ldquo;bei uns\u0026rdquo; Server installiert, also was unter allen möglichen Wahlmöglichkeiten die Entscheidungen und Designideen sind, die \u0026ldquo;bei uns\u0026rdquo; getroffen wurden und wieso.\nIn Läden, die ein wenig schlauer arbeiten, geht das meistens mit der Installation eines Installservers einher, und so kann man Kisten dann aus dem Netz booten, und sie malen sich dann ein Betriebssystem und einen Haufen Zusatzsoftware und Konfiguration auf die Platte. Dabei werden dann noch mehr Entscheidungen und Überlegungen getroffen, die durch den automatisierten Installationsprozeß umgesetzt werden.\nWas also wie ein wenig Gescripte aussieht, ist in Wirklichkeit die Definition und Realisierung eines Prozesses - genau genommen die Formalisierung eines Prozesses \u0026ldquo;Server aufsetzen\u0026rdquo; in der Firma. Das Ziel des Prozesses ist die Produktion einer neuen Maschine, die einer gewissen Spezifikation möglichst gut entsprechen soll. Dabei sind die Prozeßziele die möglichst genaue Einhaltung der Spezifikation, und die möglichst schnelle Abwicklung des Auftrages. Dabei ist das Wissen eines Experten in Programmcode auskristallisiert worden - den Hilfs-Scripten und Anpassungen des Installationsservers.\nDie weitere Diskussion über den Prozeß findet in Form von Patches zu diesem Code ihren Niederschlag - zwar redet man über den Prozeß und wie man ihn verändern, anpassen oder erweitern will, aber keine dieser Absprachen hat eine Auswirkung auf die Durchführungen des Prozesses, bevor der entsprechende Patch nicht geschrieben und im DCVS eingecheckt worden ist.\nAber Code ist nur ein Teil eines Prozesses - meistens die technische Seite der ganzen Geschichte. Prozesse haben in Wirklichkeit immer mindestens drei Aspekte - neben der Technik- noch die Organisations- und die Personalseite der Angelegenheit. Außerdem kommt zu jedem Definitionsteil (den Regeln) auch noch ein Kontrollteil (die Einhaltung der Regeln messen) dazu.\nStraßenverkehr\nEin bekannter und von jedem verstandener Prozeß ist zum Beispiel der öffentliche Straßenverkehr. Dieser hat eine organisatorische Seite - Verkehrsregeln, Definition von Verkehrszeichen und so weiter, eine personelle Seite - Ausbildung der Verkehrsteilnehmer in der Schule, der Fahrschule und so weiter, und eine technische Seite - Fahrzeugsysteme, stationäre Verkehrssysteme wie Ampeln, und so weiter. Für jeden Bereich gibt es Kontrollteile - die Verkehrspolizei überwacht die Einhaltung des organisatorischen Teils, die Fahrprüfung ist eine Kontrolle der Ausbildung, und der TÜV ist eine Kontrolle der Technik.\nEbenso finden wir diese Teile in kleiner bei unserem Server-Installationsprozeß wieder. Wir finden einen organisatorischen Teil, also eine Diskussion darüber, was wir mit dem Installserver für ein Problem lösen wollen und welche nicht (Abgrenzung und Scope: \u0026ldquo;Nach der Installation des Basissystem wird dieses durch Puppet personalisiert, der Installserver soll nur eine allgemeine Basisinstallation durchführen\u0026rdquo;). Wir finden einen Personalteil, meistens in Form von Wikipages mit Dokumentation realisiert, und dazu Fortbildungsveranstaltungen für neue Mitarbeiter (\u0026ldquo;Unser Installserver und wie man ihn benutzt und anpaßt\u0026rdquo;). Und wir finden den technischen Teil, also den Server selber.\nDie Kontrollinstanzen sind bei vielen Prozessen weniger stark ausgeprägt als bei einem großen und unter Umständen gefährlichen System wie dem Straßenverkehr, existieren aber je nach Wichtigkeit des Prozesses durchaus - zum Beispiel wird von einem neuen Sysadmin nach dem Kurs verlangt, eine triviale Änderung am Installserver durchzuführen und dann eine Kiste mit dem Teil selbstständig, aber unter Aufsicht zu installieren. Und natürlich guckt man, ob der Installserver noch geht und ob die gelieferten Ergebnisse noch den Anforderungen entsprechen.\nMerlin, also der MySQL Enterprise Manager ist nun ein gutes Beispiel für das Versagen bei der Umsetzung eines solchen Konzeptes. Also, MEM ist ein gutes und nützliches Monitoring-Werkzeug und wir könnten eine Installation unserer Größe ohne die Hilfe von Merlin nicht fahren. Aber im Lichte der voranstehenden Diskussion kann man erkennen, wie Merlin zu kurz greift.\nDas beginnt schon damit, daß Merlin überhaupt genau gar nichts managed. Es ist ein reines Monitoringwerkzeug, das zwar Graphen liefert, Queries findet oder Alarme generiert, aber es automatisiert nichts, genau genommen verändert es nichts an einem laufenden System. Es ist ein Monitor, aber kein Manager.\nWollte man die Prozesse in einem großen MySQL Deployment automatisieren, dann müßte man sich erst einmal einen Katalog von Tätigkeiten machen, die in Operations und in Development bei einer Datenbank so anfallen:\nDer Operations DBA plant ein Deployment, installiert Datenbanken, prüft und verändert Konfigurationen (Configuration Management), muß deswegen Server starten und stoppen, plant und führt Upgrades durch (Change Management), überwacht den Betrieb (Monitoring), managed lokale Betriebsstörungen (Incidents), findet gemeinsame Ursachen (Problem Management) und kommuniziert mit dem Upstream (Support des Herstellers), und prüft ob die Systemleistung in Zukunft noch ausreicht (Capacity Management). Er kontrolliert Datensicherung und Restore (Backup, Desaster Recovery).\nDer Development DBA ist Teil des Entwicklungsprozesses (sitzt im Scrum Planning und so weiter mit dabei), hilft und berät beim Schemadesign und der Datenmodellierung, beim Query Review, findet im Betrieb schlechte Queries, hilft und berät bei der Optimierung, und plant zusammen mit dem Operations DBA Schemaänderungen und Konfigurationsänderungen.\nDann würde man sich überlegen und durch Umfrage beim Kunden feststellen, wie diese Profile in verschiedenen Systemgrößen den ausgestaltet sein werden - denn wer 10^0 oder 10^1 Server insgesamt am Laufen hat, der wird kaum zwischen Operations und Development DBA unterscheiden und nicht alle diese Teilprozesse werden als eigenständige Gebiete identifizierbar sein. Kommt man dann auf Installationen von 10^2, 10^3 oder 10^4 Servern, sieht das alles plötzlich ganz anders aus und trifft auf ganz andere Bedürfnisse in der Ausgestaltung.\nDenn obwohl formell die gleichen Leistungen für den Betrieb erbracht werden müssen, ist durch die schiere Größe der Installation mit einem Mal ein ganz anderer Problemkomplex im Gesamtbild wichtig.\nZum Beispiel: Um 500 Server in 2 Dutzend Replikationshierarchien an 2 Standorten von MYSQL 5.1 nach 5.5 zu aktualisieren, ist ein Haufen Tests und dann Upgrades notwendig. Aber selbst wenn man es schafft, 5 Server pro Tag abzuarbeiten (jeder je nach Größe mit 100G bis 10.000G an Daten), dann braucht man 100 Arbeitstage, also etwas weniger als ein halbes Jahr, um das Upgrade auszurollen, falls es nicht zu Komplikationen kommt.\nWünschenswert wäre es aber, das Thema binnen eines Monats (also 20 Arbeitstagen) vom Tisch zu haben - dazu muß man aber Techniken entwickeln, mit denen man 50 Server oder mehr pro Tag geregelt bekommt. Das ist in einigen Bereichen der Installation schon von der Plattenleistung und der Netzwerkkapazität her problematisch, also redet hier der Operations DBA plötzlich mit Sysadmin, Storage und Network Engineering, die Vorraussetzungen schaffen müssen, um solche Dinge im regulären Betrieb abwickeln zu können - denn das nächste Release kommt binnen eines Jahres mit Sicherheit und Upgrades dürfen keine Ausnahmesituation sein, sondern müssen als Bestandteil des normalen Systembetriebes durchgeführt werden können.\nUnd schon werden die Bereiche Organisation und Personal bei nur 10^3 Servern im Laden dicke fette Punkte auf dem Managementradar.\nZurück zu Merlin: Der MEM taucht in diesem Problembild gar nicht auf - kaum als Hilfe bei der Planung eines solchen Unterfangens und gar nicht als Hilfsmittel bei der Umsetzung.\nHätte man Merlin richtig aufgezogen, dann hätte MySQL als Hersteller der Datenbank sich mit Kunden und Community zusammengesetzt, und eben einen solchen Katalog von betrieblichen Tätigkeiten des Operations- und des Development DBA aufgestellt und die Bilder einmal ausgemalt und für die verschiedenen Betriebsgrößen skaliert.\nDanach hätte man zusammen mit Kunden und Community das MySQL Systemhandbuch erstellt, also einmal mustergültig die Best Practice beim Betrieb von MySQL dokumentiert und ausgeführt, wie man diese Best Practices für 1, 10, 100, 1000 Server umsetzt - was ist wichtig, was ist unwichtig, wenn man klein oder wenn man groß ist.\nSchließlich hätte man mit seiner Consulting und mit seiner Training- und Certification-Abteilung, also MySQL Services als Ganzes, dieses Konzept umgesetzt und in Consulting, Training und Certficiation einfließen lassen, und dann eine Architektur und Werkzeuge in dieser Architektur erstellt, die diese Prozesse technisch unterstützen.\nAll das ist komplett nicht passiert (aus Gründen, die jetzt nicht mehr zutreffen, und weil Merlin Ziele hatte, die nicht den oben genannten Anforderungen entsprechen und die jetzt so auch nicht mehr gelten, aber das ist alles wie gesagt eine andere Geschichte an einem anderen Lagerfeuer).\nHätte man das umgesetzt, könnte ich jetzt vermutlich in Merlin die Liste der von Oracle releasten MySQL-Versionen auf deren Server sehen, mit grünen Haken hinter den Pakete, deren digitale Signatur validiert. Ich würde dann Versionen Servergruppen zuweisen und den Prozeß \u0026ldquo;Rollout\u0026rdquo; anstoßen. Merlin würde das RPM dann in meine lokalen yum Repositories runterladen und das Puppet-Rezept dieser Gruppen so anpassen, daß die entsprechenden Server aktualisiert oder neu aufgesetzt werden - aber so gestaggered, daß der Betrieb davon nicht beeinflußt wird und natürlich auf eine Weise koordiniert, die Server vor dem Upgrade aus dem Loadbalancer nimmt, und die die Funktionalität und den Erfolg des Upgrades testet und die Caches vorglüht, bevor die Kiste in den LB zurück geht.\nMan sieht auch in dieser Erklärung schon ein paar weitere wichtige Aspekte der ganzen Sache: Es ist wichtig, den Scope abzugrenzen und nicht die Aufgaben anderer Werkzeuge zu übernehmen, sondern diese korrekt zu integrieren. Weder gilt es das Paketformat und das Paketsystem des Trägersystems durch was eigenes (einen Bitrock-Installer?) zu ersetzen, noch die Funktionalität anderer Automatisierungs-Techniken zu duplizieren. Stattdessen sollte Best Practice Empfehlungen aussprechen und Kompatibilitäten definieren (\u0026ldquo;Wir unterstützen Puppet und Chef für Systems Automation, liefern receipts dafür und integrieren deren Schnittstellen in unseren Tools\u0026rdquo;). Und sie sollte sich bewußt sein, daß Kisten nicht alleine Laufen, sondern Teil eines Systems sind (mit dem LB reden!) und Zustand haben (Caches müssen warm sein!). Und Paranoia ist ein Admintugend (Testen!).\nWenn man Automatisierung also nicht auf dem Anwenderlevel, sondern auf dem Level eines Herstellers betrachtet, dann ist Automatisierung noch viel weniger ein technisches Problem als auf dem Anwenderlevel - es ist vielmehr in erster Linie tatsächlich ein organisatisches (Abgrenzung? Integration? Kommunikation mit anderen Projekten?) und ein personelles Problem (Akzeptanz der Best Practice? Werbung dafür? Schulung? Prüfung?).\nUnd alles das muß man neben der Technik eben auch mit thematisieren, wenn man Wachstum in einer Firma skalieren und kanalisieren will - man muß nicht nur die Technik, sondern auch die Organisation und seine Leute mit skalieren.\n","date":"2011-02-17T00:00:00Z","href":"https://blog.koehntopp.info/2011/02/17/automatisierung-und-skalierung.html","tags":["architektur","mysql","work","lang_de"],"title":"Automatisierung und Skalierung"},{"categories":null,"content":"Hardware keyloggers found in Manchester library PCs schreibt The Register:\nHardware keyloggers have been discovered in public libraries in Greater Manchester.Two USB devices, attached to keyboard sockets on the back of computers in Wilmslow and Handforth libraries, would have enabled baddies to record every keystroke made on compromised PCs. It\u0026rsquo;s unclear who placed the snooping devices on the machines but the likely purpose was to capture banking login credentials on the devices prior to their retrieval and use in banking fraud.\nVor vielen Jahren stand in der Hauptpost in Kiel wie in vielen anderen Postfilialen ein öffentliches BTX Terminal. Solche Geräte wurden zu dieser Zeit dadurch realisiert, daß man ein Standard CEPT-Terminal mit einem DBT-03 in ein Gehäuse geschwartet hat und mit einer robusten Tastatur versehen hat.\nÖffentliche BTX-Terminals waren damals ein tolle Sache, weil man auf ihnen private Nachrichten kostenlos versenden konnte, statt die damals üblichen 40 Pfennige pro Mail bezahlen zu müssen, und weil man auf ihnen sogenannte BTX Regionalseiten abrufen konnte, ohne die damals üblichen 2 Pfennige pro Seite bezahlen zu müssen (Und ihr fragt Euch noch, was Euch erwartet, wenn die Netzwerkneutralität kippt?).\nWenn man sich also in das BTX System mit der Teilnehmerkennung und dem Paßwort eines öffentlichen Terminals einloggen könnte, dann war das schon sehr attraktiv, damals.\nDer Schwachpunkt an der Angelegenheit war damals das DBT-03.\nFür die Post war das DBT-03 sehr attraktiv, weil es als spezielles BTX-Modem die Teilnehmerkennung und das Paßwort in der Hardware eingebaut hatte und man so an einem öffentlichen Terminal beim Verbindungsaufbau keinen Login durchführen mußte. Für den Hacker war das DBT-03 attraktiv, weil das DBT-03 ist ein Ultrabillig-Modem gewesen ist, das für alles zu dumm war.\nNormale Modems heben beim Verbindungsaufbau ab und lauschen nach einem Freizeichen. Nicht so das DBT-03. Das gebt ab und wählt los.\nWenn man sich also nach der Schule um Punkt 15:00 am Terminal einfindet und dann \u0026ldquo;Verbindungsaufbau\u0026rdquo; am Terminal drückt, dann legt das DBT-03 auf, wartet und hebt wieder ab, um dann loszuwählen. Es wählt dabei von einem Telefonanschluß los, dessen Rufndummer wie damals üblich mit seiner BTX-Teilnehmerkennung identisch war. Ruft nun also ganz zufällig jemand genau um 15:00 auf dieser Rufnummer an, dann hebt das DBT-03 ab, hört nicht auf ein Freizeichen, und wählt los - dadurch wird die angenommene Verbindung aber nicht mehr getrennt.\nDann pfeift das DBT-03 seinen Carrier und bekommt die Gegenseite ans Rohr, von der es glaubt, daß es die BTX Leitzentrale in Ulm sei. Die Gegenseite sendet also eine BTX Startseite mit einem Usernamen-Feld, und das DBT-03 sendet brav seine Hardware-Teilnehmerkennung. Die Gegenseite pfeift ein Paßwortfeld, und das DBT-03 sendet brav sein Paßwort. Die Gegenseite legt auf.\nWenige Stunden später sind circa zwei Dutzend öffentliche BTX-Terminals Hauptpost Kiel simultan in Ulm eingeloggt.\nNatürlich fällt so etwas auf, und man reagiert darauf, indem man das Paßwort des Zugangs ändert, d.h. die Modemhardware austauscht. Das behebt natürlich nicht die Quelle des Angriffes - am nächsten Nachmittag steht also wieder ein pickeliger Schülertypie im Parka am Gerät und drückt die \u0026ldquo;Trennen\u0026rdquo;- und dann die \u0026ldquo;Verbindung aufbauen\u0026rdquo;-Taste und wenige Stunden später\u0026hellip;\nNunja. Irgendwann mußte man am ÖBTX halt mit einer Telefonkarte bezahlen statt den Dienst kostenlos nutzen zu können. Wie schade. Aber da gab es dann auch schon USENET und Interessen verschoben sich.\nWarum ich die Geschichte erwähne? Auch damals standen gerne Leute am ÖBTX und machten in der Hauptpost ihr BTX-basierendes Onlinebanking. Ich fand das immer sehr leichtsinnig. Wer weiß schon, wer da am anderen Ende zuhört!\n","date":"2011-02-16T00:00:00Z","href":"https://blog.koehntopp.info/2011/02/16/vertrauensw-rdigkeit-ffentlicher-hardware.html","tags":["damals","hack","security","lang_de"],"title":"Vertrauenswürdigkeit öffentlicher Hardware"},{"categories":null,"content":"Bei web.de waren schon 2003 mehr als 80% des Datenverkehrs SSL-verschlüsselt, da dort die Policy herrschte \u0026ldquo;Paßworte werden nur verschlüsselt übertragen\u0026rdquo; und \u0026ldquo;Wenn ein Login stattgefunden hat, findet der Rest der Session bis zum Logout verschlüsselt statt\u0026rdquo;. Ich habe in einem Artikel schon einmal dargelegt, daß das rechenleistungsmäßig keine große Belastung ist - der ganze SSL-Aufwand macht etwa 1/250stel der Gesamtleistung des Systems aus.\nKosten entstehen bei SSL bei der laufenden (symmetrischen) Verschlüsselung nicht in nenneswerter Höhe, sondern nur bei der Herstellung der Verbindung, wenn asymmetrische Kryptographie verwendet wird. Dort treten sie nicht nur in Form von CPU-Verbrauch auf, sondern auch in Form von Datenmengen und Roundtrips, also Übertragungslatenzen. Aber das ist nicht nur überschaubar, sondern man kann es durch geeignetes Protokolldesign auch stark optimieren (Verbindungen halten statt neu aufbauen, Parameter cachen und so weiter), und außerdem schrauben Leute am Protokoll selbst .\nNun stellte Facebook gerade auf SSL um , und schon letztes Jahr begann Google so langsam das Licht zu sehen . Firesheep macht Druck, und HTTPS Everywhere hilft sehr.\nFirmen wie F5 finden das blöd, denn natürlich geht das mit einem relativ kleinen Stapel gewöhnlicher Rechner genau wie mit einer teuren SSL Appliance, auch wenn F5 das nicht wahr haben will . Und so macht man sich bei Y-Combinators Hacker News darüber lustig. Jedenfalls ist das Problem bei SSL nicht die CPU Power .\n","date":"2011-02-10T00:00:00Z","href":"https://blog.koehntopp.info/2011/02/10/die-kosten-von-ssl.html","tags":["kryptographie","security","web","lang_de"],"title":"Die Kosten von SSL"},{"categories":null,"content":"Krümelmonster: C is for Cookie Auf den vielfachen Wunsch einer einzelnen Dame hier der Erklärbar zum Thema Kekse für die Freunde besagter Dame.\nEines der Hauptprobleme, das man lösen muß, wenn man Webanwendungen schreibt, ist die Tatsache, daß man im wesentlichen Memento dreht.\nJedesmal, wenn man im Browser eine Seite aufruft, sieht der Webserver einen Request, bearbeitet diesen und vergißt danach, was er getan hat. Es gibt nichts an einem Request, das man verwenden kann, um den zweiten Requests sicher mit dem ersten Request zu verketten und sich an die Dinge zu erinnern, die man im ersten Request getan hat.\nCookies und Sessions Ein Browser (rechts) sendet einen Request GET / an einen Server www.shop.com (links). Der erste und der zweite Request sind unabhängig und nicht miteinander verkettbar.\nDer erste und der zweite Request vom selben Browser sind nach Definition von HTTP für den Webserver nicht als zusammengehörig erkennbar.\nMan kann nicht den User-Agent des Browsers verwenden, weil es viele verschiedene Browser mit demselben User-Agent geben kann. Man kann auch nicht die IP-Adresse verwenden: zum einen kann es vorkommen, daß mehr als ein Benutzer dieselbe IP-Adresse verwendet, weil es Rechner gibt, die von mehreren Benutzern zeitgleich verwendet werden.\nZum anderen kann es vorkommen, daß Request 1 und Request 2 mit unterschiedlichen IP-Adresse gesendet werden.\nDas ist oft der Fall, wenn ein Benutzer bei T-Online oder AOL ist oder wenn er Tor verwendet. Dort geschieht dies regelmäßig wegen der Struktur der Proxyserver, die dort verwendet werden.\nBei Mobilbenutzern kann sich die IP-Adresse spontan ändern, wenn sie ihren Standort verändern, auch wenn das Netz versucht, dies zu verbergen.\nUnd nach einer DSL-Zwangstrennung hat man natürlich auch eine neue IP-Adresse. Erstrecken sich Browser-Tätigkeiten über solche Intervalle, sieht man aufeinanderfolgende Requests desselben Benutzers von verschiedenen IP-Adressen.\nBei Memento löst man das Problem mit Tätowierungen, in Browsern verwendet man stattdessen Cookies.\nCookie definieren: Der Webserver setzt mit dem Header Set-Cookie einen Cookie im Browser, hier sessid=17.\nGreift ein Browser das erste Mal auf eine Webanwendung zu, sendet er einen GET-Request mit dem Namen der gewünschten Site im Host-Header und einigen weiteren Headerzeilen, die uns hier heute nicht interessieren sollen.\nGET / HTTP/1.1 Host: www.shop.com Connection: keep-alive Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Die Webanwendung reagiert mit einer Antwort, die einen Content-Type definiert (zum Beispiel text/html für Webseiten) und die weitere Header enthalten kann. Einer dieser Header ist Set-Cookie. Das ist die Tätowierung, die unseren Browser von allen anderen Browsern unterscheidbar macht.\nSet-Cookie: \u0026lt;name\u0026gt;=\u0026lt;value\u0026gt; [; expires=\u0026lt;date\u0026gt;] [; domain=\u0026lt;domain_name\u0026gt;] [; path=\u0026lt;some_path\u0026gt;] [; secure] [; httponly] Die \u0026ldquo;Syntaxdefinition\u0026rdquo; von Set-Cookie beschreibt, welche Eigenschaften und Optionen ein Cookie haben kann.\nSet-Cookie definiert eine Variable mit dem Namen Name und dem Wert value. Es gibt Limits im Browser für die Anzahl und Länge dieser Variablen pro Site und insgesamt.\nMit der Definition eines Cookies können weitere Einschränkungen festgelegt werden, die sagen wo und wie lange der Cookie gelten soll: Die Einschränkungen, die man festlegen kann, bestimmen an welche Domain der Cookie zurück übermittelt wird, wie lange er gelten soll, ob er für eine ganze Site oder nur einige Pfade auf der Site definiert sein soll, ob er nur mit SSL-Verschlüsselung übertragen werden soll und ob Javascript mit dem Cookie arbeiten darf.\nDer Browser erhält diese Definition mit der Webseite, die ihm übermittelt wird. Während er die Webseite darstellt, speichert er die Variable und den dazu gehörenden Wert ab.\nIm Beispiel oben wird eine Variable mit dem Namen sessid definiert, die den Wert 17 bekommt. Es ist eine zusätzliche Einschränkung definiert, die festlegt, daß diese Variable bei allen Zugriffen auf Domains mit der Endung .shop.com übermittelt werden soll. Da kein expires-Wert gesetzt ist, gilt die Variable so lange wie der Browser läuft - andernfalls gälte sie so lange bis das gesetzte Datum verstrichen ist.\nMit jedem weiteren Zugriff (der die zusätzlichen Einschränkungen erfüllt) setzt er jetzt eine zusätzliche Headerzeile Cookie, in der er die Variable und ihren Wert zurück an den Server übermittelt.\nWegen eines vorhergehenden Set-Cookie ist jetzt ein Cookie sessid mit dem Wert 17 für .shop.com gesetzt. Weil www.shop.com unterhalb von .shop.com liegt, wird nun bis auf weiteres der Cookie: sessid=17 mit jedem Request dort hin gesendet. Aber nur für diesen Browser - andere Browser senden keinen Cookie oder den Wert, der für sie gesetzt worden ist. Dadurch werden unterschiedliche Browser unterscheidbar.\nSobald ein Cookie gesetzt ist, übermittelt der Browser den Cookie bei jedem nachfolgenden Requests, der die Bedingungen der Definition erfüllt. Hier wird also nun für jeden Request an einen Host in der Domain .shop.com die sessid=17 mitgesendet. Der Browser ist nun eindeutig identifizierbar, solange die sessid eindeutig vergeben wird.\nUnser Beispielcookie ist ein sogenannter Session-Cookie - er wird ohne ein expires definiert und daher nicht auf der Festplatte, sondern nur im Browser gespeichert. Beendet man den Browser, ist er verloren. Session-Cookies dienen dazu, aufeinanderfolgende Web-Requests ein und desselben Browsers miteinander zu verketten und erlauben es Webanwendungen, Zustand zu haben.\nZustand? Eine Anwendung ist ein Programm, das bestimmte Funktionen hat. Entgegen den Darstellungen in gewissen Filmen liegen Programme gewöhnlich auf der Platte rum und tun gar nichts. Nur wenn sie gestartet werden, wird ihr Code um etwas ergänzt - Variablen. Die Summe aller Variablen eines Programmes ist sein Zustand.\nZwei Dateien werden zur selben Zeit im selben Texteditor bearbeitet. Text, Cursorposition, Schriftart und Dateiname unterscheiden sich zwischen beiden Dokumenten, d.h. diese Variablen haben in beiden Dokumenten unterschiedliche Werte.\nEin Texteditor zum Beispiel hat viele Funktionen zum Bearbeiten von Texten.\nÖffnet man ein neues Dokument, weiß der Textedit den Namen dieses Dokumentes (\u0026ldquo;untitled.txt\u0026rdquo;), die Cursorposition (links oben) und den Text, der in dem Dokument enthalten ist sowie die aktuelle Schriftart und -farbe und noch viele andere Dinge mehr.\nEin zweites Dokument (hier: \u0026ldquo;Faust 3 - die Rückkehr.txt\u0026rdquo;) enthält anderen Text, eine andere Cursorposition, eine andere Schriftart und so weiter. Der Texteditor kann mehr als einen Text bearbeiten, weil er für jedes Dokument seinen Zustand getrennt verwaltet.\nZwei Browser arbeiten mit demselben Webshop, einer hat die sessid=17, der andere die sessid=18. In zwei unterschiedlichen Datensätzen wird der Warenkorb für jeden Browser verwaltet.\nGenau so verhält es sich etwa bei einem Webshop. Auf dem Server liegt einmal der Code der Webanwendung, mit Funktionen wie \u0026ldquo;Artikel anzeigen\u0026rdquo;, \u0026ldquo;Warenkorb verwalten\u0026rdquo; und \u0026ldquo;abkassieren\u0026rdquo;. Aber natürlich muß man für jeden Benutzer des Webservers - womöglich viele hundert Personen gleichzeitig - einen eigenen Warenkorb verwalten.\nMan kann den Warenkorb selbst in den Cookie tun, aber das hat eine Reihe von Nachteilen. Zum Beispiel ist die Größe und Lebensdauer des Warenkorbes dann von den Limits des Browsers eingeschränkt. Zum anderen ist es dann so, daß die Daten des Warenkorbes bei jedem Request mit übermittelt werden müssen. Das macht jeden Request größer. Außerdem es macht auch bei jedem Request einen Übergang von Daten aus der Gefahrenzone \u0026ldquo;nicht vertrauenswürdig\u0026rdquo; (irgendein Browser im Internet) in die Gefahrenzone \u0026ldquo;vertrauenswürdig\u0026rdquo; (unsere Webanwendung) notwendig, und führt so zu vielen unnötigen Prüfungen der Datenintegrität.\nNormalerweise setzt man in einem Session-Cookie nur eine eindeutige Kennummer, die Session-ID. Die Daten des Warenkorbes selber speichert man in einem Datensatz auf dem Server in einem Eintrag mit genau dieser Kennung.\nBekommen wir also einen Request von einem Browser mit der sessid=17, laden wir den Datensatz für die sessid 17 und zeigen dem Kunden seinen Warenkorb an. Bekommen wir stattdessen einen Request für die sessid 18, laden wir diesen Warenkorb und zeigen diesen an.\nNatürlich wird man nicht wirklich die Zahlen 17 und 18 verwenden, sondern sehr große, zufällig gewählte Zahlen wie etwa a13bcf7a0b2fb6f9dfdebe2e0657c9e3 und 791c8d7234c56497fe23a593af3b1ab9.\nSähe ein Hacker etwa eine sessid wie 17, würde er sofort einmal nachsehen, ob es 16 und 18 gibt und welche Daten da drin stecken. Bei a13bcf7a0b2fb6f9dfdebe2e0657c9e3 sind nicht nur andere IDs schwer zu raten, sondern der gesamte Session-ID Raum ist dünn besetzt, d.h. die meisten anderen geratenen IDs gehören zu gar keiner Session.\nWas wäre, wenn es keine Cookies gäbe? Man könnte Session-IDs auch anders als mit Cookies übermitteln. Statt des Requests\nGET /shop.html Host: www.shop.com Cookie: sessid=17 könnte man zum Beispiel auch die ID in die URL tun. Der Request wäre dann zu http://www.shop.com/shop.html?sessid=17:\nGET /shop.html?sessid=17 Host: www.shop.com Oder man baut die ID in den Hostnamen ein: http://sessid17.shop.com/shop.html wäre die URL und der Request ist dann\nGET /shop.html Host: sessid17.shop.com Das Problem bei diesen anderen Verfahren ist, daß die Session-ID auf die eine oder andere Weise Bestandteil der URL wird.\nDadurch gibt man die Session weiter, wenn man die URL an jemand anders per Cut \u0026amp; Paste per Mail, Skype oder sonstwie übermittelt. Ja, die URL wird sogar unter Umständen mit der Session-ID von Suchmaschinen archiviert - eine ganz schlechte Idee, denn so bekommt jeder Benutzer der Suchmaschine dieselbe Session-ID, wenn er über die Suchmaschine in unseren Shop kommt.\nEs gibt Mechanismen, die mit diesen Problemen fertig werden und die eine URL auch dann sicher machen können, wenn sie die Session-ID in der URL enthält. Es ist aber viel besser, einen Mechanismus zu verwenden, der das Problem schon im Ansatz vermeidet - und das ist genau die Intention, die hinter der Erfindung von Cookies stand.\nCookies mit Datum und Auto-Login Eine weitere Anwendungsmöglichkeit von Cookies ist die Speicherung von Präferenzen im Webbrowser, sodaß eine Website bei folgenden Besuchen gleich so aussieht, wie vom Benutzer voreingestellt.\nDazu wird ein Cookie mit einem Expires-Wert gesendet, der dann womöglich erst sehr weit in der Zukunft seinen Inhalt verliert. Dadurch wird der Cookie nicht mehr im Browser gespeichert, sondern auf der Festplatte in der Browserkonfiguration verewigt. Er steht auch nach einem Neustart noch zur Verfügung.\nIn dem Wert des Cookies werden die Benutzer-Voreinstellungen gespeichert. Oder gar ein Login-Token, das den Benutzer eindeutig identifiziert, und das auf diese Weisen den Benutzer bei allen weiteren Besuchen auf der Site einloggt. So ein Token muß natürlich schwer zu manipulieren sein, aber wie man so etwas bauen kann ist gut verstanden.\nEin Webserver kann so ein Cookie etwa wie folgt setzen:\nSet-Cookie: Login=kris-23b9404f78d90b881175bcfc5f57b61c; domain=.shop.com; expires=Sat, 01-Jan-2030 00:00:00 GMT; path=/; Die Site hat nun Methoden, mit denen sie die behauptete Identität (kris) und den Authentizitätsbeweis (die Nummer da) zusammenführen kann. Sie kann dann ableiten, daß kris wirklich mal irgendwann in diesen Browser sein Paßwort getippt hat. Sie loggt kris nun automatisch ein - für die nächsten 20 Jahre.\nDie dunkle Seite der Kekse - Präferenzen und Tracking Gesetzte Cookies werden bei jedem Request übermittelt, der die im Set-Cookie gestellten Bedingungen erfüllt. Hat man also eine Webseite, die Bilder enthält, wird der Cookie auch bei allen Requests für Bilddateien mitgesendet.\nDer Cookie-Mechanismus hat Einschränkungen, etwa bei der Domain-Bedingung. So kann man als www.shop.com zwar einen Cookie für domain=.shop.com setzen (also auch für img.shop.com, static.shop.com und so weiter), aber nicht für .com oder gar . (alle Sites im Internet). Dieser etwas unbeholfene Mechanismus soll verhindern, daß man Cookies als Tracking-Mechanismus mißbrauchen kann.\nDenn wäre es legal, einen Cookie wie diesen für die \u0026ldquo;Domain\u0026rdquo; . (das ganze Internet) zu senden:\nSet-Cookie: ID=ee487f1423d28992ee285760875e2cb8; expires=Sat, 01-Jan-2030 00:00:00 GMT; domain=.; dann hätte man dem Browser des Benutzers für die nächsten beiden Dekaden internet-weit eine eindeutige Kennung verpaßt und könnte diesen Benutzer bequem tracken.\nLeider ist die Regel \u0026ldquo;zwei Punkte im Domainnamen\u0026rdquo; für viele Domains kaputt. Ein Beispiel: www.shop.co.uk - mit der Zwei-Punkte-Regel kann man Cookies für ganz .co.uk setzen. Deswegen haben Browser in der Regel eine sehr lange und komplizierte Liste von Ausnahmefällen, die versucht, diesen defekten Cookie-Sicherheitsmechanismus zu reparieren.\nTracking mit Cookies - und mit Javascript am Beispiel IVW Werbebanner-Generierer und Auflagenzähler umgehen das Problem sowieso auf anderen Wegen. In den Seiten von web.de und bei vielen anderen Websites findet man zum Beispiel Code wie diesen hier:\n\u0026lt;img src=\u0026#34;http://webdessl.ivwbox.de/cgi-bin/ivw/CP/264_PH;sc%3Dwebde/homepage\u0026#34; alt=\u0026#34;\u0026#34; width=\u0026#34;1\u0026#34; height=\u0026#34;1\u0026#34;/\u0026gt; Dieser Code lädt ein 1x1 Pixel großes Bild - das Bild ist ein transparentes GIF, also unsichtbar. Das Bild wird aber nicht von der Domain web.de geladen, sondern von der Domain ivwbox.de.\nVon dort bekommt man dann eine Antwort wie diese hier:\nKK:~ kris$ curl -D x \u0026#39;http://webdessl.ivwbox.de/cgi-bin/ivw/CP/264_PH;sc%3Dwebde/homepage\u0026#39; KK:~ kris$ cat x HTTP/1.0 302 FOUND Date: Sat, 05 Feb 2011 18:20:49 GMT ... Set-Cookie: i00=01914d4d94fc5da00006; path=/; domain=.ivwbox.de; expires=Sunday, 05-Feb-2012 18:20:44 GMT Es wird also der Cookie i00 mit dem Wert 01914d4d94fc5da00006 definiert. Der Cookie hält ein Jahr lang und wird für die Domain .ivwbox.de gesetzt.\nDiese Domain ist von der HTML-Webseiten-Domain web.de verschieden. Man spricht von einem Third-Party Cookie.\nImmer wenn ich Seiten von web.de lade, wird das unsichtbare Zählpixel von webdessl.ivwbox.de mit geladen und ich werde als Benutzer 01914d4d94fc5da00006 identifiziert. Die IVW kann so die eindeutig unterscheidbaren Benutzer auf web.de zählen und so eine Werbe-Auflagenstärke für web.de angeben, nach der sich der Werbepreis für Banner berechnet.\nDas Pixel ist in jeder Seite von web.de, und bei einem geladenen Bild wird im HTTP-Header Referer übermittelt, in welcher Seite das Bild enthalten war. Dadurch kann man also leicht ermitteln, welche Klickpfade der Benutzer 01914d4d94fc5da00006 auf web.de so typischerweise hat und was seine Verweildauer auf der Site ist. Verweildauern sind neben eindeutigen Benutzern wichtig, weil Sites mit langer Verweildauer bessere Werbepreise bekommen (oder was glaubt Ihr, warum es auf Facebook Spiele und Chat gibt? Genau!).\nSchließlich kann auch noch weitere Spielchen spielen, falls Javascript aktiviert ist. So findet man etwa bei web.de vor dem Counterpixel den Code\n\u0026lt;script type=\u0026#34;text/javascript\u0026#34; src=\u0026#34;http://uim.tifbs.net/js/4423.js\u0026#34;\u0026gt;\u0026lt;/script\u0026gt; der wiederum auf Umwegen die Datei http://uim.tifbs.net/js/global_4423_38.js nachlädt.\nDort wird an geeigneter Stelle ein Aufruf wie folgt gemacht:\nthis._loadPixel( this._replaceVariables( \u0026#39;//pixelbox.uimserv.net/cgi-bin/webde/__TYPE__/__CODE__;sc%3D__SC__%26jsv%3D__JSV__%26scr%3D__SCR__%26flv%3D__FLV__%26vid%3D__VID__%26vct%3D__VCT__%26res%3D__RES__%26smv%3D__SMV__%26cona%3D__CONA__%26cost%3D__COST__?d%3D__D__%26r=__R__\u0026#39; ) ); Aus dem ganzen Drumherum geht hervor, dass die Texte der Form __NAME__ Platzhalter sind, die Werten ersetzt werden, die zuvor von Javascript eingesammelt werden. FLV ist zum Beispiel die installierte Version von Flash, RES die Bildschirmauflösung und so weiter.\nDie komplette Liste findet man in der Funktion _replaceVariables() in der Javascript-Datei. Auf diese Weise bekommt pixelbox.uimserv.net, ein weiterer Zählservice, den web.de verwendet, nicht nur die Benutzeridentät per Cookie geliefert, sondern über den Pfad der URL und Javascript auch noch einen Haufen weitere Information über den Rechner und seinen Benutzer.\nDas Tracking der IVW ist jedoch ein wenig umfassender als man zunächt vermuten mag: Es wird ja nicht ohne Grund die Domain ivwbox.de statt web.de verwendet. Durch den Namen wird es möglich, den Cookie für .ivwbox.de zu setzen, also für alle Hosts in der Domain ivwbox.de.\nWenn ich also zeit.de aufrufe, wird ein Zählpixel von zeitonl.ivwbox.de geladen, wie man dort im HTML-Quelltext der Seite nachlesen kann. Dabei wird meine Identität 01914d4d94fc5da00006 von web.de ebenfalls wieder an .ivwbox.de übermittelt. Auf diese Weise wird dem Betreiber von ivwbox.de über zeitonl.ivwbox.de bekannt, daß der Benutzer 01914d4d94fc5da00006nebenweb.deauchzeit.de` nutzt. Dieses Wissen kann man natürlich gut gebrauchen, wenn man Werbebanner verkaufen will.\nÜber eine Verkettung von Daten könnte man das 01914d4d94fc5da00006-Pseudonym sogar aufdecken - wenn ich mich bei web.de einlogge, könnte man das Login kris@web.de mit der Kennung 01914d4d94fc5da00006 zusammenführen und weiß so, daß kris@web.de die Zeit online liest.\nDas Datenschutz-Nichtproblem - oder doch? web.de, zeit.de und ivwbox.de sind alles deutsche Rechner, die von deutschen Firmen betrieben werden und man sagt mir, daß das IVW-Tracking mit dem deutschen und europäischen Datenschutzrecht konform ist.\nGoogle Anaytics macht dasselbe, aber deren Server stehen nicht in Deutschland und es ist keine deutsche Firma, und daher steht deutschen Datenschützern gerade Schaum vor dem Mund. Also wohlgemerkt, nicht wegen des Trackings, sondern weil es außerhalb ihres Hoheitsgebietes stattfindet. Wenn es in Deutschland passierte wäre alles gut:\nWebsites dürfen IP-Adressen nicht ohne Erlaubnis des Nutzers in die USA übermitteln. Daher sei der Einsatz von Google Analytics in der jetzigen Form in aller Regel nach deutschem Recht nicht erlaubt, argumentiert Dix beim Treffen der Google Technology User Group Berlin.\n(Hervorherbung von mir)\nZusammenfassung Cookies sind eine gute Sache und sie zu blockieren verhindert sichere Sessions - und damit Funktionen wie Warenkörbe oder Logins. Cookies können auch verwendet werden, um Benutzer zu tracken oder andere fragwürdige Dinge zu tun. Es ist jedoch nicht der Mechanismus Cookie böse, sondern die jeweilige Anwendung ist zu untersuchen.\nWenn man eine Sicherheitseinstellung im Browser treffen möchte, dann sollte man sogenannte Third Party Cookies unterdrücken. Session-Cookies (jene ohne Expires-Datum) muß man erlauben, dennn sonst funktionieren viele Websites nicht korrekt. Cookies mit Verfallsdatum kann man erlauben, wenn man sich das Leben erleichtern möchte, oder auf \u0026ldquo;Nachfragen\u0026rdquo; stellen.\nIn jedem Fall sollte ein Adblocker zum Einsatz kommen. uBlock origin ist ein Adblocker, der von einer Person ohne kommerzille Interessen entwickelt wird. Er ist auch für Firefox erhältlich.\n","date":"2011-02-05T00:00:00Z","href":"https://blog.koehntopp.info/2011/02/05/c-is-for-cookie.html","tags":["cookie","privacy","erklaerbaer","internet","lang_de"],"title":"C is for Cookie"},{"categories":null,"content":"Drei unterschiedliche Dinge: Vergeben, vergessen und vernichten. Sie werden gerade vielfach falsch oder fälschlich synonym gebraucht. Das sollte man nicht tun.\nWir erinnern uns:\nVergessen habe ich eine Information, die ich mal hatte, und an die ich mich (Reflexiv!) nicht mehr erinnere, oder bei der ich jetzt gerade meine Kopie nicht mehr finde.\nMeistens deswegen, weil ich meine eigenen Caches in der Ablage oder in meinem Hirn als LRU organisiert habe und Daten irgendwann aus dem Cache gelöscht worden sind (oder weggeworfen worden sind), weil sie lange Zeit nicht wichtig für mich waren. Wichtige oder oft gebrauchte Sachen vergesse ich eher nicht.\nWenn ich etwas vergesse, dann heißt das nicht, daß anderer Leute Kopien deswegen auch weg sind.\nVernichten kann ich Informationen auch bei anderen: Ich dringe - legal oder illegal - in deren Bereich ein und beschlagnahme oder zerstöre alle Kopien einer Information überall, auch gegen den Willen derer, die in Besitz dieser Information sind und sie vielleicht gerne behalten möchten.\nZur Zeit euphemisieren eine ganze Menge Leute \u0026ldquo;vernichten\u0026rdquo; zu \u0026ldquo;vergessen\u0026rdquo; um.\nVergeben tue ich, wenn ich Informationen irgendeiner Art habe, und mich entschließe sie zu ignorieren oder anderweitig nie mehr zu benutzen. Etwa weil sie veraltet sind, oder weil ich meine, daß sie zu alt sind (zwei verschiedene Dinge). Oder weil ich es einfach so will. Oder weil es im Kantschen Sinne opportun ist, das zu tun.\n","date":"2011-01-18T00:00:00Z","href":"https://blog.koehntopp.info/2011/01/18/vergeben-vergessen-und-vernichten.html","tags":["internet","privacy","security","lang_de"],"title":"Vergeben, vergessen und vernichten"},{"categories":null,"content":"In der aktuellen KES findet sich der Artikel Epische Macht ( keine stabile URL , da der Archivzugang mit den stabilen URLs paßwortgeschützt und nur für Abonnenten ist).\nDer Artikel konzentriert sich auf die Machtfülle von Systemadministratoren, und prägt das Wort \u0026ldquo;Machtumsetzungsgeschwindigkeit\u0026rdquo; in Bezug auf Systemadministratoren. Damit will der Autor (Stephen Feldke) darauf abheben, daß Root-Arbeiter besonders schnell besonders viel Schaden gemessen in Mio Euro/Minute anrichten können. Der Autor zieht Parallelen zu Prokura- und Budget-Regelungen, bei denen man bei bestimmten Transaktionen absichtlich mehr als eine Unterschrift für eine Entscheidung fordert, um Prozesse künstlich zu verlangsamen und Mehr-Augen-Prinzipien zu erzwingen.\nDer Autor schlägt eine EPIS-Zertifizierung (\u0026ldquo;Extrem Privilegierte IT-Spezialisten\u0026rdquo;) für Sysadmins vor, die in kritischen Infrastrukturen nach BSI-Definition arbeiten (\u0026ldquo;volkswirtschaftlich oder gesellschaftlich besonders wichtige Institutionen, die für die Sicherheit und Stabilität eines Landes essenziell sind (u. a. Großbanken und Energieunternehmen sowie deren Dienstleister)\u0026rdquo;) . Für EPIS soll nach den Vorstellungen des Artikels eine \u0026ldquo;Zuverlässigkeits- beziehungsweise Sicherheitsüberprüfung als Pflichtmaßnahme der Risikovorsorge (möglicherweise sogar per Gesetz) vorgesehen\u0026rdquo; werden. \u0026ldquo;Die hierfür notwendige Validierung bezieht sich dabei weniger auf die fachliche Kompetenz als vielmehr auf die persönliche Zuverlässigkeit und Integrität.\u0026rdquo;\nDer Artikel hat mir beim Lesen die ganze Zeit ein Lächeln auf das Gesicht gezaubert.\nIT im allgemeinen und insbesondere der Markt für fähige Sysadmins ist ja sowieso schon in vielerlei Hinsicht ein Arbeitnehmermarkt. Verknappt man diesen Bestand durch EPIS-Requirements noch weiter, ist das für die Arbeitnehmer ein wichtiger Punkt, durch den sie ihren Wert noch weiter steigern können.\nAndererseits ist die Maßnahme offensichtlich witzlos, oder der Autor lebt in einem komplett anderen Universum als ich.\nIn meiner Welt kenne ich Unternehmen, die gar keine Rechenzentren und Rechner mehr haben, sondern komplett aus der Cloud laufen. In meiner Welt versuchen Unternehmen ihre Agilität zu erhöhen und mehrere Rollouts von Code pro Tag zu realisieren. In meiner Welt haben Unternehmen hunderte offener Stellen im Bereich IT. In meiner Welt versuchen Unternehmen ihren Systembetrieb zu automatisieren und hunderte oder tausende von Rechnern automatisch zu administrieren.\nIn dieser Welt ist eine EPIS-Zertifizierung Augenwischerei.\nSie erhöht den Organisationswiderstand gegen Prozeßveränderungen und schwächt damit die Anpassungsfähigkeit des Unternehmens an Veränderungen des Umfeldes. Sie bringt keine meßbare Verbesserung der Sicherheit, solange man nicht auch im Bereich der Feature-Entwickler und im Bereich der Infrastrukturentwickler die Prozesse mächtig aufbläst - E4 bis E6 lassen grüßen und damit geht jedwede mühsam erarbeitete Agilität verloren.\nIrgendwie kommt mir da der Wind der 90er Jahre aus dem Heft entgegen. Kann das sein?\n","date":"2011-01-04T00:00:00Z","href":"https://blog.koehntopp.info/2011/01/04/der-managementansatz-zum-thema-sicherheit.html","tags":["devops","security","lang_de"],"title":"Der Managementansatz zum Thema Sicherheit..."},{"categories":null,"content":"Es ist ein Fehler anzunehmen, die CDU hätte in NRW gegen den JMStV gestimmt, weil sie inhaltlich gegen den JMStV gewesen wäre - keine der Parteien irgendwo in Deutschland hat aus inhaltlichen Gründen für oder gegen den JMStV gestimmt, sondern das ganze war eine einzige Macht-Taktiererei - eine Farce . In NRW war es so, daß die minderheitsregierenden Parteien sich mit Enthaltungen aus der Verantwortung stehlen wollten, und die CDU deswegen angekündigt hat, gegen das Ding zu stimmen, weil sie Rotgrün so zwingen konnte, Stellung zu beziehen und so im vorübergehen billig jemanden eins reinwürgen.\nEs ist auch ein Fehler anzunehmen, daß eine Ablehnung des JMStV ein Sieg wäre. Damit meine ich nicht Kurt Beck, der mit seiner Ankündigung der nuklearen Sperrverfügungsoption seine Offlinigkeit dokumentiert und sich damit final in die Riege der Politikergeneration einreiht, die wegen mangelnder Zukunftstauglichkeit dringend abgetreten werden muß.\nSondern ich meine damit, daß es immer noch notwendig ist, die gesellschaftliche Diskussion über Jugendmedienschutz ins 21. Jahrhundert zu holen und klar zu machen, daß das Schutzmodell in einer vernetzten Gesellschaft auf keiner Ebene funktioniert. Weder sind noch Mittler da, die soziale Kontrolle ausüben können, noch sind die Anreize da, die das System bei Film und Spielen am Leben halten, noch ist das Bewertungssystem großflächig erfolgreich vermittelbar. Erziehung ist nicht mit Filterprogrammen automatisierbar, und die Welt ist größer als Deutschland - diese Erkenntnis muß halt rein in die Köpfe.\nIch bekam eine Anfrage per Mail:\nHallo Kristian,\u0026hellip;Hättest du nicht Lust, einen Gastbeitrag [ zu Filtersoftware ] bei uns zu schreiben?\nDas habe ich nun drei Mal angefangen und den Text wieder weg geworfen - daher auch die langsame Reaktion. Das Thema macht mich müde, oder ich werde, wenn ich nicht müde werde, zu spitzzüngig für eine sinnvolle Diskussion. Es ist nicht so, daß es kompliziert zu verstehen wäre, wenn man sich denn einmal von der Beschützen-Ideologie des existierenden Jugendschutzes frei macht und sich ansieht, was denn die zu lösenden Probleme bedeuten. Das passiert nur niemals, jedenfalls nicht auf einer gesellschaftlichen Ebene, die nahe genug an der Politik ist, denn dafür sind die Konsequenzen zu unbequem.\nDie Kinder-müssen-beschützt-werden Fraktion hat versucht, Inhalte mit Schlüsselworten und dem Zählen von hautfarbenen Pixeln automatisch zu bewerten, schon 1996.\nDas ist ein Unterfangen, das zwangsläufig scheitern muß, denn es versucht Syntax, Kriterien der äußeren Form, zu definieren, um davon ein moralisches oder ethisches Urteil abzuleiten (\u0026ldquo;Diese Inhalte sind schlecht oder für Kinder nicht geeignet.\u0026rdquo;).\nWäre dies so einfach, könnten wir Juristen durch Roboter ersetzen, ja sogar als menschliche Rasse zur Gänze beruhigt abtreten, da wir Maschinen geschaffen haben, die Moral und Ethik haben - das ist nichts weniger als die Singularität, das Nirvana der KI, die Vereinigung von Mensch und Maschine. Aber die Tatsache, daß dieser Ansatz aus technischer Sicht so offensichtlich lächerlich ist, hält niemanden davon ab, ihn auch 2010 noch zu propagieren - natürlich nicht mehr als ausschließliches Kriterium, sondern lediglich \u0026rsquo;ergänzend, wenn keine weitere Kriterien zur Verfügung stehen'.\nIn der zweiten Welle haben die Kinderbeschützer dann versucht, mit PICS ein System zu schaffen, mit dem man beliebige Labels an Content kleben kann - sogar das heutige \u0026ldquo;ab x Jahren\u0026rdquo;-System kann man in PICS darstellen, es besteht kein Grund, dafür de-xml dilettantisch neu zu definieren. PICS, heute POWDER, hätte im Gegensatz zu de-xml außerdem den Vorteil, daß dafür bereits haufenweise Software existiert, die solches Zeugs verstehen kann.\nDamals, wir sind inzwischen so um 1999 herum, hat man Ratingsysteme mit quasi-objektiven Kriterien definiert. In RSAC zum Beispiel gab es vier Kategorien (Gewalt, Sex, Nacktheit und Sprache), und in jeder Kategorie dann wiederum fünf Stufen - Gewalt zum Beispiel wird von 0 (Harmloser Konflikt, leichte Sachbeschädigung), 1 (Lebewesen werden verletzt oder getötet, Sachbeschädigung), 2 (Menschen werden verletzt oder getötet, wenig Blut), 3 (Menschen werden getötet, Blut und Splatter) und schließlich 4 (Unnötige und graphische Gewaltdarstellung, Folter, Vergewaltigung) unterteilt. Für die anderen Kategorien werden ähnliche Unterteilungen vorgesehen.\nAuch das ist natürlich wieder eine Syntax, ein formaler Regelsatz, der zu einem Werturteil führen soll. Und natürlich kann man hier bei Kenntnis der Regeln leicht pathologische Fälle finden, die sogar häufig sind, und bei denen jedes System bei korrekter Anwendung der Regeln - nein, wegen korrekter Anwendung der Regeln - zu nicht akzeptablen Ergebnissen kommt.\nWas es braucht, so die Beschützerfraktion, ist also ein Bewertungssystem, das subjektiv ist, also eines bei dem der Sender (derjenige, der das Label an einen Inhalt klebt) ein Urteil im kulturellen Kontext eines Rezipienten (genauer: aller möglichen Rezipienten des betroffenen Kulturkreises) treffen muß. Das ist natürlich unmöglich - wer es nicht glaubt, mag sich gerne eine Diskussion zwischen \u0026ldquo;Gamern\u0026rdquo; und beliebigen Politikern zum Thema First Person Shooter anhören (\u0026ldquo;Killerspiele vs. Spielekiller\u0026rdquo;). Oder sich die Beispiele ansehen, die der AK Zensur und Alvar Freude herausgesucht haben, um sie durch Laien nach dem aktuell propagieren \u0026ldquo;Ab x Jahren\u0026rdquo;-System bewerten zu lassen - mit einer Fehlerquote von 80%.\nWer hier an einen erzielbaren gesamtgesellschaftlichen Konsens glaubt, der hat die Postmoderne verschlafen.\nWieder 11 Jahre zurück. Schon in der vom BMWi in Auftrag gegebenen Studie \u0026ldquo;Jugendschutz und Filtertechnologien im Internet\u0026rdquo; (PDF ) kam man zu der Erkenntnis, das Kinder und Jugendliche Filter nicht zu umgehen versuchen würden, würden sie sie als nützlich empfinden. Sie werden nicht als nützlich empfunden, da die Beschützer- und Filterbefürworter offiziell noch immer die Aufgabe eines Jugendschutzprogrammes falsch formuliert.\nDie Aufgabe eines Jugendschutzprogrammes ist es eben genau nicht, jugendgefährdende Inhalte zu blockieren.\nWäre es so einfach, wäre das Problem leicht lösbar: Man sperrt einfach alle Seiten ohne Label (\u0026ldquo;Keine Einstufung nach \u0026hellip;\u0026rdquo;) wie man es bei Videospielen und Filmen auch tut, und niemand klebt ein Label an seine Inhalte. Mithin sind alle Seiten gesperrt, also auch alle jugendgefährdenden Inhalte aller Altersstufen.\nDas ist Overblocking, und nicht akzeptabel.\nDie korrekte Formulierung der Aufgabe ist eben \u0026ldquo;Damit Jugendschutzprogramme erfolgreich sein können, müssen ihre Filter alle jugendgefährdenden Inhalte blockieren und alle nicht jugendgefährdenden Inhalte durchlassen. Overblocking, false-positives, das Sperren von nicht jugendgefährdenden Inhalten sind genau so ein Problem wie Underblocking, false-negatives, das Durchlassen von jugendgefährdenden Inhalten.\u0026rdquo;\nDas ist ein viel schwierigeres Problem als das Blockieren von jugendgefährdenden Inhalten. Daher geht mit der Propagierung des Konzeptes \u0026lsquo;Filterprogramm mit Label\u0026rsquo; zwingend auch die Konstruktion einer Pflicht zur Labelung von Inhalten einher, wenn das Konzept \u0026lsquo;Filterprogramm mit Label\u0026rsquo; ein Erfolg werden soll. Streng genommen müßte man idealerweise sogar dazu verpflichten, das minimale gerade noch akzeptable Label zu wählen.\nIn den vergangenen 11 Jahren seit der o.a. Secorvo/BMWi-Studie sind überhaupt keine Fortschritte in der öffentlichen Diskussion gemacht worden. Weder wird die Aufgabenstellung korrekt formuliert, noch werden die sich daraus ergebenden Konsequenzen thematisiert, die wegen der Overblocking/Underblocking-Problematik lauten:\nPflicht zur Bewertung, Pflicht zur minimalen Bewertung Bindung von Bewertungen an Inhalte mit einer PKI, damit eine Verfälschung oder Entfernung der Labels auf dem Web zum Rezipienten a la odem.org nicht möglich ist Definition eines subjektiven Bewertungssystems, also Verpflichtung des Senders, die Erziehungs-Wünsche und Moralvorstellungen aller Empfänger zu antizipieren, da quasi-objektive Systeme nicht funktionieren Es ist natürlich Absicht, daß das nicht thematisiert wird. Würde man es tun, wäre sofort erkennbar, daß jeder Ansatz, der auf Jugendschutzlabels und Filtern basiert zwingend zum Scheitern verurteilt wird - die Liste da oben sind offensichtlich unmögliche Forderungen.\nWir leben in einer Gesellschaft mit Technologie, die es beliebigen Personen - auch Kindern - ermöglicht, sich ad-hoc zu vernetzen und Daten auszutauschen. Das kann per Speicherkarten gehen, USB-Stick, Bluetooth, lokale Wi-Fi-Hotspots, lokale ad-hoc Kabelnetze wie auf LAN-Parties, P2P-Netzwerkstrukturen auf dem Substrat des Internet oder Darknets wie tor und Freenet. Oh, und normalen Internet-Zugriffen, einige davon mit unverschlüsseltem http.\nDas bedeutet, daß jede beliebige Person Inhalte beliebig publizieren kann. Ein Ansatz, bei dem auf Mittler eingewirkt wird, wie es beim klassischen Urheberrecht, Jugendschutz und anderen sozialen Kontrollinstanzen der Fall war, funktioniert hier nicht, da es keine Mittler mehr gibt. Anbieter und Konsumenten von Inhalten finden sich und vernetzen sich nach Bedarf und ohne Einschaltung von Dritten, müssen einander nicht persönlich kennen und für den Datentausch nicht persönlich Kontakt haben, und eine Alterung der Kopien über Generationen des Duplizierungsprozesses findet nicht statt.\nKindern und Jugendlichen Inhalte vorzuenthalten (\u0026ldquo;sperren\u0026rdquo;) funktioniert schlicht nicht mehr, schon im Ansatz nicht.\nSperren ist auch weniger wichtig als die Beschützer-Fraktion denkt. Malte Welding formuliert es in einem Blogartikel so: \u0026ldquo;Obst verdirbt, Kinder nicht, Kinder schalten ab.\u0026rdquo;. Wichtiger ist es, eine Wertung zu vermitteln, wenn Kinder Inhalte wahrnehmen. \u0026ldquo;Medienkompetenz vermitteln\u0026rdquo; ist konkret umgesetzt genau das: Kindern zu lehren, daß es erstens okay ist, bestimmte Dinge im Netz schlecht zu finden und ihnen zweitens klar zu machen, welche Dinge wir bei unserem Stamm schlecht und welche wir gut finden.\nWollte man bei dem gesellschaftlichen Diskurs um den Jugendschutz Fortschritte machen, ist es wichtig zu lernen, zu verstehen und zu akzeptieren, warum dies die einzige Möglichkeit ist, die uns im Angesicht moderner Technologie bleibt.\nIch denke, der Jugendmedienschutz ist ein gutes Beispiel dafür, wie mangelhaft die Zusammenarbeit zwischen Juristen und Technikern oft ist.\nIch denke, der Jugendmedienschutz ist ein gutes Beispiel dafür, wie Menschen versuchen, Heil in der Entwicklung von Technologien zu suchen, wenn Technologie für die Lösung der gestellten Aufgabe komplett ungeeignet ist. Aus der oben dargelegten Folge von Erfahrungen und Überlegungen wird hoffentlich klar, warum gerade Techniker bei dem Problem prinzipbedingt nichts hilfreiches beitragen können.\nSchon das Wort ist falsch. Es geht nicht um JugendmedienSCHUTZ. Das kann 2010 nicht funktionieren. Es hat schon 1996 nicht funktioniert. Was wir brauchen ist JugendmedienERZIEHUNG. Durch Menschen. Mit Werten und Überzeugungen.\nUnd nicht einen netzwerkweiten Schutzroboter.\nEgal wie es mit dem JMStV in nächster Zukunft läuft - verändern kann man nur etwas, wenn man sich über Alternativen Gedanken macht. Könntest du dir vorstellen, da mit uns zusammen einen ersten Schritt zu machen?\nWie gesagt, ich bin dieser Diskussion unsagbar müde. Ich führe sie seit fast 15 Jahren. Den Text da oben könnt Ihr verwenden, falls Ihr den brauchbar findet.\nGruß, Kris\n","date":"2010-12-15T00:00:00Z","href":"https://blog.koehntopp.info/2010/12/15/ein-paar-zwischenbemerkungen-bevor-der-tanz-wieder-losgeht.html","tags":["blog","jugendschutz","lang_de"],"title":"Ein paar Zwischenbemerkungen, bevor der Tanz wieder losgeht"},{"categories":null,"content":"Heute war ich auf einer Schnitzeljagd, als Kennenlernspiel und Teambuilding-Exercise.\nSo die Theorie. 2010 läuft so etwas anders.\nGeht zu dem und dem - betriebsbedingt - Hotel. Google Maps an. Ah, dort ist es. Da gehen wir dann hin, walking navigation (experimental). Funktioniert.\nHier ist Eure nächste Aufgabe. Firmenbedingt Fragen zum Hotelbusiness. Wir sind IT, keine Hotel-Leute. Man kann uns die Antworten zu den Fragen in einem Vortrag erklären, oder wir können \u0026ldquo;raten\u0026rdquo;: 5 Leute in der Gruppe, 5 Smartphones auf dem Tisch. Wettgooglen.\nHier ist Eure nächste Aufgabe:\nBild . 2 Laptops auf dem Tisch, die Leute zücken Perl. Leider ist die Aufgabe unterspezifiziert, und je nach Interpretation der Grenzbedingungen kommen unterschiedliche Lösungen raus. Leider blockiert der Safe nach 3 Fehlversuchen für 15 Minuten.\nNach mehr als einer Stunde geben wir das Programmieren auf und wenden uns Google zu.\nErgebnis: Lösung und Quellenangabe . Ist recht. Nächstes Mal denken wir gar nicht und suchen nur noch.\nIm Safe Fotos von Gebäuden, betriebsbedingt Hotels nahe Wahrzeichen. Frage: Welche Städte? Antwort: Google Goggles. Ich sagte ja schon, daß wir Smartphones haben. Ergebnis 1: Das Konzept Schnitzeljagd degeneriert in der Nähe von permanent verfügbarem Online zu \u0026lsquo;Teste Dein Google-Fu\u0026rsquo;.\nErgebnis 2: Serialisierung der Schnitzeljagd (Frage n-1 muß gelöst werden, damit man die Frage n erhält) war schon vor dem Internet ein doofes und langweiliges Konzept. Mit 15 Minuten Lockout da drin generiert es bloß sinnlosen Frust.\nKönnen wir bitte nächstes Jahr was sinnvolles machen?\n(Cyborg , Cyborg )\n","date":"2010-12-15T00:00:00Z","href":"https://blog.koehntopp.info/2010/12/15/schnitzeljagd-2010-die-rache-der-cyborgs.html","tags":["community","cyborg","internet","work","lang_de"],"title":"Schnitzeljagd 2010 - Die Rache der Cyborgs"},{"categories":null,"content":"Neulich hatte ich wieder einmal die Standard-Diskussion mit jemandem, der gegen IPV6 war, weil er dann ja kein NAT mehr habe. Dadurch, so die Argumentation, würde er ja die Sicherheitsfunktionen verlieren - derzeit verhindere sein Türstopper-Plastikrouter halt, daß man seine internen Rechner von außen angreifen könne.\nDiesen Zahn zu ziehen ist oft eine schmerzhafte Operation. Aber schon immer galt: NAT ist kein Sicherheits-Feature. Ganz besonders nicht das NAT, das auf einem Türstopper-Plastikrouter läuft.\nNAT steht für Network Address Translation, und bezeichnet in der Regel das Umschreiben von Original-IP-Nummern und Original-Portnummern auf Ersatz-IP-Nummern und Ersatz-Portnummern \u0026lsquo;im Flug\u0026rsquo;, also während des Routingvorgangs.\nAusgehendes Paket erzeugt Eintrag in der NAT State Table.\nIm Beispiel wird ein ausgehendes IP-Paket von einem Rechner im LAN versendet. Der Rechner hat die IP-Nummer 192.168.1.4, und das Paket wird von Port 33231 aus abgesendet. Es ist an einen Rechner 134.245.74.3 addressiert, und ist vermutlich ein Webzugriff, da es dort an den Port 80 zugestellt werden soll.\nDie Nummer 192.168.1.4 ist eine Nummer aus einem sogenannten RFC-Netz (gemeint ist RFC 1918 , der IP-Nummern für die Verwendung in privaten Netzwerken definiert). Sie kann draußen, im \u0026lsquo;richtigen Internet\u0026rsquo; nicht verwendet werden und muß durch NAT ersetzt werden, damit der Rechner im privaten Netz überhaupt auf das Netz zugreifen kann.\nDer Router, der die Verbindung in das Internet aufrecht erhält, hat nur eine einzige externe IP-Nummer, da IP V4 Adressen knapp sind . Er wandelt die Absender-Adresse 192.168.1.4 in seine eigene Adresse um - und setzt im Beispiel 198.32.16.8 ein. Er überschreibt auch die Portnummer 33231 mit einer Portnummer, die bei ihm frei ist, im Beispiel also 2001.\nDann sendet er das modifizierte Paket ins Internet.\nDurch den Eintrag in der State Table wird jedes auf Port 2001 eingehende Paket an den internen Host weiter geleitet.\nSo weit so gut. Der Router muß aber auch mit einem Antwortpaket fertig werden und dies an den internen Rechner zustellen können. Er legt sich also eine Tabelle an, in der er vermerkt: \u0026ldquo;Eintreffende Pakete auf Port 2001 an 192.168.1.4:33231 zurück leiten\u0026rdquo;. Durch diese NAT State Table kann er für ein auf Port 2001 eintreffendes Paket die Rückumwandlung vornehmen.\nDies ist die einfachste Mögliche NAT-Implementierung (ein Full Cone NAT nach RFC 3489 ) - und die, die am wenigsten Speicher verbraucht, denn diese Variante verbraucht pro aktiver \u0026ldquo;Verbindung\u0026rdquo; am wenigsten Speicher, und Speicher ist auf einem Plastik-Türstopper nun einmal begrenzt.\nUnd selbst dann kann diese interne Tabelle so groß machen, daß der Speicher des Türstoppers einfach überläuft und er sich spontan resettet, etwa wenn das innere Netz eine WG ist, auf der 3 oder 4 Leute gleichzeitig P2P-Programme laufen lassen, von denen jedes pro Download an die 200 Einträge in der NAT State Table belegt.\nLeider ist diese NAT-Implementierung so einfach, daß bei auf Port 2001 eintreffenden Paketen keine Information darüber vorliegt, von wo diese eintreffen dürfen. Jedes beliebige Paket von Port 2001 wird also nach innen weitergeleitet - das solche, die von irgendwelchen anderen IP-Nummern außen aus dem Internet abgesendet werden.\nBessere Sicherheit bietet ein volles Verbindungstracking, das ein richtiges symmetrisches NAT zur Verfügung stellt, und das insbesondere auch TCP versteht und das Ende einer Verbindung erkennt, um in diesem Fall den Eintrag in der NAT State Table zeitgerecht wieder abzuräumen.\nWenn man diese Logik aber erst einmal implementiert hat, dann kann man auch gleich eine vollständige Firewall mit Connection Tracking implementieren (oder kostenlos dazu bekommen, weil man in diesem Fall wahrscheinlich sowieso ein embedded Linux auf dem Router am Laufen hat), und dann kommt die Sicherheit nicht vom NAT, sondern von der Firewall.\nWer also sein Netzwerk schützen will, der sollte nicht NAT verwenden, sondern sich eine gescheite Firewall installieren und dann sinnvoll konfigurieren. Machen andere Läden mit erhöhten Sicherheitsanforderungen auch genau so.\n","date":"2010-11-28T00:00:00Z","href":"https://blog.koehntopp.info/2010/11/28/nat-ist-kein-sicherheitsfeature.html","tags":["computer","internet","security","lang_de"],"title":"NAT ist kein Sicherheitsfeature"},{"categories":null,"content":"Ich habe ja lange Zeit gehofft, daß die Medien als Gruppe irgendwann einmal die Kurve kriegen und es schaffen, sich vom Begriff des \u0026ldquo;friendens\u0026rdquo; und \u0026ldquo;likens\u0026rdquo; in den diversen sozialen Netzen zu lösen und auf die Funktionalität zu schauen, die sich hinter diesem Begriff versteckt. Aber auch hier scheint es sich um einen Fall zu handeln, bei dem ein alter Begriff in einem neuen Kontext verwendet wird, und bei dem die alten Bedeutungen und Konnotationen so sehr überschatten, daß das Neue keine Chance hat.\nAktuell scheitert Miriam Meckel an Facebook, und versteigt sich bei den Freunden von Jeff Jarvis über Dunbar und Montaigne zu Aristoteles. Die falsche Richtung. Guck nach vorne Miriam: Was macht ein \u0026lsquo;+1\u0026rsquo; oder ein Like-Button genau?\nGenau, er abonniert ein Statusabonnement - ich bekomme einen Kanal mehr, den Facebook auf meinem Wall aggregiert und unter die Meldungen meiner anderen Abos mischt. Er macht also genau das, was ein RSS \u0026lsquo;subscribe\u0026rsquo; macht, und könnte genauso gut auch \u0026lsquo;subscribe\u0026rsquo; heißen. Anders als ein RSS Abo ist Facebook aber symmetrisch: Ich abonniere Deine Statusupdates und Du bekommst dafür meine.\nDabei ist Facebook unglaublich schlecht und trennt zum Beispiel nicht automatisch nach Sprachen, nutzt den Social Graph nicht zur automatischen Gruppierung und bietet auch sonst nur sehr rudimentäre Filterfunktionen an. Zudem wäre es in vielen Fällen sinnvoll, tatsächlich wie bei RSS oder Twitter ein unidirektionales \u0026lsquo;Subscribe\u0026rsquo; alias \u0026lsquo;Follow\u0026rsquo; zu haben, denn oft will ich den Statusmeldungen einer Person folgen, ohne daß die meine irrelevanten Posts lesen müssen (Facebook hat dafür andere Seitentypen, und im Grunde ist das einer der Unterschiede zwischen \u0026lsquo;+1\u0026rsquo; und \u0026lsquo;Like\u0026rsquo;).\nAber das zu verstehen und auseinander zu dividieren ist von einem Qualitätsjournalisten vielleicht ein wenig viel verlangt.\n","date":"2010-11-24T00:00:00Z","href":"https://blog.koehntopp.info/2010/11/24/freunde-und-soziale-netzwerke.html","tags":["internet","social networking","lang_de"],"title":"\"Freunde\" und soziale Netzwerke"},{"categories":null,"content":"Stuxnet ist ein maßgeschneiderter Computervirus, der zwei bislang unbekannte Windows-Sicherheitslücken ausnutzt, um bestimmte Windows-Versionen zu infizieren. Das ist deswegen spannend, weil Windows-Sicherheitslücken dieser Art in letzter Zeit nicht mehr so leicht zu finden sind - sie werden inzwischen gehandelt und ernsthaft für viel Geld verkauft. Jemand hat gleich zwei dieser Lücken verbrannt, um diesem Virus das Eindringen in bestimmte Systeme zu ermöglichen. Jemand hat außerdem zwei taiwanischen Treiberfirmen ihre Zertifikate geklaut, um signierten Gerätetreiber-Code in diese Rechner einschmuggeln zu können, ohne daß dabei die Sicherheitswarnleuchten angehen.\nStuxnet macht nicht viel, solange er nicht auf einer bestimmten Sorte Rechner ist, nämlich einem Rechner, an dem eine bestimmte Art von Siemens Prozeßrechner mit einer bestimmten Konfiguration von Spezialhardware angeschlossen ist, die mit bestimmten Parametern betrieben wird. Die bekannten Daten passen recht genau auf eine Anlage, wie sie im Iran zur Anreicherung von spaltbarem Material für Atombomben gebraucht wird.\nDas ganze Profil deutet auf eine Entwicklung hin, die mit großer Sorgfalt, Sachkenntnis und viel Zeit und Budget und einem spezifischen Testumfeld gemacht worden ist, damit sie im genau definierten Ziel eine schwer aufzuspürende, aber nachhaltige Schadwirkung entfaltet. Kurz: Es ist das Werk einer Regierung, und angesichts des Zieles ist der Kreis der Auftraggeber überschaubar.\nAnderswo sinniert man nun über die Auswirkungen, die Variationen dieses Codes haben könnten, wenn sie aus den Händen von Regierungen in die Hände von Nichtregierungen gelangen. Äh, ja.\nDas wird mit Sicherheit passieren. Aber genau genommen ist das gar nicht notwendig. In ganz vielen Fällen ist ausreichend, daß die Machbarkeit einer Sache bewiesen wird und das Konzept grob beschrieben wird, um viele Stellen zu ermutigen, auf diesem Gebiet eigene Forschungen und Entwicklungen zu betreiben. Wir können davon ausgehen, daß die organisierte Kriminalität in Regierungs- und Nichtregierungsorganistionen in diesem Moment große Forschungsbudgets in diese Richtungen mobilisiert - ein digitales Wettrüsten hat begonnen.\nIm Fadenkreuz stehen die vergessenen Rechner - in Milliarden von Geräten stecken Komponenten, die nicht unter dem Gesichtspunkt aktiver Angriffe entwickelt und installiert worden sind. Einige von ihnen sind vernetzt. Keines von diesen Geräten hat in den letzten 10 Jahren signifikate Sicherheitsupdates erhalten und für viele Geräte gibt es nicht mal mehr welche, oder hat es nie welche gegeben.\nIch weiß zum Beispiel von Zugangskontrollsystemen, die immer noch von Maschinen mit Windows NT 4 gesteuert werden, und von Banken, in denen das fast das gesamte Netz eine einzige Layer 2 Broadcastdomain ist. Wieder anderswo schiebt man sicherheitsrelevante Kontroll- und Steuerinformationen mit FTP oder gar FTAM unverschlüsselt durch die Gegend. Letzteres könnte man getrost als Security By Obscurity definieren, wenn denn die interessanten Daten nicht mit einem \u0026ldquo;strings\u0026rdquo; auf ein paar Capture-Dateien lesbar wären. Wieder andere Leute definieren Protokolle für P2P Verkehrsleitsysteme mit Ad-Hoc Netzen zwischen fahrenden Automobilen, die Abstands- und Geschwindigkeitsinformationen austauschen, die das Fahrverhalten des Fahrzeuges beeinflussen sollen und die nur unzureichend authentisiert und gegen Manipulation gesichert werden.\nAnderswo hat man das Steuersystem für die Weichen einer Straßenbahn komplett ungesichert über Infrarot exponiert.\nBisher hat man Security in diesen Bereichen eher als Nebensache behandelt und Bedrohungen als etwas hypothetisches eingestuft.\nDiese Zeiten sind vorbei.\nMit ein wenig Glück sehen wir dank Stuxnet jetzt in diesem Bereich endlich ein wenig mehr Engagement im Bereich Security, das vielleicht auch über bessere Türschlüssel hinausgeht. Aber bis sinnvoll definierte und kryptographisch gesicherte Protokolle in diesen Bereichen flächendeckend etabliert sind wird noch viel Zeit vergehen . Und man wird vorhandene ungesicherte Protokolle als Träger verwenden , oder Security optional machen - das hat alles noch massenhaft Potential für Fail.\nViel Spaß (auch beim Lesen).\n","date":"2010-11-18T00:00:00Z","href":"https://blog.koehntopp.info/2010/11/18/stuxnet-das-beste-was-uns-allen-passieren-konnte.html","tags":["internet","security","lang_de"],"title":"Stuxnet - das Beste, was uns allen passieren konnte"},{"categories":null,"content":"Beim Durchstöbern der verschiedenen NoSQL-Datenspeicher stellt sich mir die Frage, wieso man das alles überhaupt will. Genauer: Was genau ist das Problem, das man mit NoSQL lösen möchte?\nDiejenigen Leute, die NoSQL-Lösungen einsetzen, haben in der Regel die Schwierigkeit, daß ihre Datenmenge größer wird, als man auf einer einzelnen Maschine mit der geforderten Servicequalität handhaben kann.\nIm Webbereich sind die Anforderungen für interaktives Browsen oft so, daß man die gewünschten Antwortzeiten nur dann erreichen kann, wenn die dabei verwendeten Datenbanken ihre Daten und Indices zum allergrößten Teil im RAM halten können. Verfügbarkeit und Preis von Speicher sind aber Grenzen gesetzt - mit aktuellen Nehalem-Kisten zum Beispiel liegt der Sweet-Spot irgendwo bei 48G oder 96G Hauptspeicher, die Datenbankgröße für solche zeitkritischen Systeme also nach meinen Erfahrungen zwischen 100G und 200G.\nErst wenn Benutzer nicht mehr interaktiv browsend mit der Anwendung interagieren kann man sich längere Antwortzeiten erlauben. Wird ein Schritt zum Beispiel als \u0026ldquo;Buchung\u0026rdquo; angesehen, ist der Benutzer bereit, bis zu 10x längere Reaktionszeiten hinzunehmen (2 Sekunden statt 0.2 Sekunden, ohne Fortschrittsbalken, und bis zu 20 Sekunden mit einem Fortschrittsbalken).\nPartition visualisiert\nGesucht ist also Technologie, die es mir erlaubt, ein Datenbankschema über mehr als eine Maschine zu verteilen. Je weniger ich dabei in meiner Anwendung davon sehe oder merke, um so schöner.\nUm ein großes Schema zu verteilen muß ich meine Daten partitionieren. Das heißt, ich muß eine Menge (an Daten) in Teilmengen zerlegen, sodaß die Teilmengen sich nicht überlappen und ihre Vereinigung wieder die Gesamtmenge ergibt. Liegen die Teilmengen alle zusammen auf einer Maschine reden wir in der Regel von einer Partition. Liegen sie auf verschiedenen Maschinen reden wir in der Regel von Sharding (von Shard, Splitter).\nDie manuelle Vorgehensweise zum Sharding ist, ein Schema funktional zu zerteilen. Dabei wird man alle Tabellen, die mit Funktionalität a zu tun haben auf einen Server verlegem und alle Tabellen, die mit Funktionalität b befaßt sind auf einen anderen Server. Das geht aber immer noch davon aus, daß eine Tabelle zur Gänze auf einer einzelnen Maschine gehalten werden kann und es setzt auch voraus, daß man sich Gedanken darüber macht, was man wie warum wo hin schiebt. Der manuelle Ansatz hat den Vorteil, daß man mit konventionellem Denken noch weiter kommt und auch konventionelle Abfragen innerhalb einer Maschine noch wie erwartet funktionieren.\nAutomatisches Sharding\nAnsätze zum automatischen Sharding nehmen auf solche Dinge weniger Rücksicht: Ich kann für jede Zeile jeder Tabelle auf irgendeine Weise eine Maschinenadresse berechnen und den entsprechenden Datensatz dann auf diese Maschine verschieben. Der automatische Ansatz hat den Vorteil, daß es keine absoluten Skalierungslimits mehr gibt, sondern daß man die Datenmenge und die Systemleistung \u0026ldquo;einfach\u0026rdquo; dadurch skalieren kann, daß man mehr Maschinen zum Cluster hinzu fügt.\nDer automatische Ansatz hat auch einen Preis:\nVon den anderswo erklärten Operationen der Relationenalgebra sind einige nun recht teuer geworden - der SQL-Join und die SQL-Aggregation.\nFür den Join stellt sich das Problem, daß man zwischen Tabellen eine Verknüpfung erzeugen will, die zur Gänze oder in Teilen auf unterschiedlichen Maschinen in einem Cluster liegen können. Je nachdem welcher Join-Algorithmus verwendet wird, kann dabei sehr viel Netzwerk-Kommunikation notwendig werden.\nDas gilt um so mehr, wenn wir uns in Erinnerung rufen, daß wir dieses ganze Sharding-Geschäft angefangen haben damit wir alle Daten im Speicher halten können - Netzwerk-Latenzen werden also leicht die dominierenden Kosten bei der Berechnung eines Joins (typisches Beispiel für die Probleme bei einem Join über das Netz in MySQL Cluster).\nCondition Pushdown\nMySQL Cluster und VoltDB sind beides Produkte, die immerhin versuchen, einen Join über das Netz durchzuführen, und der Ansatz ist vergleichbar: Anstatt die Daten zu dem Knoten zu transferieren, der den Join ausführt, werden Teile der Query extrahiert und zu den Daten transportiert. MySQL Cluster versucht das dynamisch und automatisch zu machen und nennt das Condition Pushdown (Webinar zu MySQL Cluster Condition Pushdown , In Pursuit Of The Holy Grail , über Condition Pushdown in Cluster). VoltDB verlangt stattdessen, daß das statisch und vorab gemacht wird: Die Entwickler müssen alle Abfragen als Stored Procedures in Java schreiben und zur Laufzeit werden dann nur noch Stored Procedures abgerufen.\nIm recht uneinheitlichen Bereich der NoSQL-Nondatenbanken hat man im wesentlichen zwei Ansätze um mit dem Problem umzugehen. Für die untere Schicht der NoSQL-Datenbanken (\u0026ldquo;Key Value Stores\u0026rdquo;) besteht die Lösung schlicht darin, das Problem zu ignorieren, äh, dem Anwendungsprogrammierer zur freien Modellierung zu überlassen. In der Praxis kommen dann zwei Ansätze vor, die der Anwendungsprogrammierer verwendet um eine Lösung zu modellieren.\nDer eine Ansatz programmiert das Äquivalent eines Full Table Scans in der Anwendung nach, d.h. um die gesuchten Daten zu finden wird die gesamte Datenbank in die Anwendung runtergeladen und der nicht gewünschte Teil der Daten verworfen. Diese Lösung wird vor allen Dingen von den Anbietern von Netzwerkequipment favorisiert.\nDer andere Ansatz nimmt den Join vorweg, d.h. er speichert als Teil des Value jedes Key-Value Paares ein Array von Zeigern auf die verknüpften Knoten. Lädt man den Ausgangsknoten runter, bekommt man mit dem Zeigerarray auch eine Liste von Referenzen, denen man folgen kann, um die verknüpften Daten zu finden.\nNetwork Model (Quelle )\nAutomatisiert man das und das Handhaben der Backreferences, hat man eine Zeitreise in das Jahr 1969 durchgeführt und IMS neu erfunden (ersatzweise auch eine XML-Datenbank oder LDAP erfunden). Immerhin ist es jetzt verteilt.\nIn den NoSQL-Datenbanken, die ein wenig mehr Struktur in den Daten unterbringen findet man nun entweder solche Mechanismen, die Referenzen auf Daten und ihre Backreferences automatisieren, d.h die sogenannten Dokumentendatenbanken sind in Wahrheit Netzwerkdatenbanken.\nOder man arbeitet mit Dokumenten und Subdokumenten, speichert also statt Zeigern auf Objekte erster Ordnung (Dokumente) jetzt einfach die Objekte selbst literal in den ihnen übergeordneten Objekten (man speichert Subdokumente in Dokumenten). Das ist noch schlechter, weil man damit zugleich hybride, nicht-opake und nicht stabile Identifier bekommt, wenn man mit Subdokumenten arbeitet: Statt das Dokument 17 (Subdokument von 3) direkt über seine ID referenzieren zu können (egal wie es in 3 verschachtelt ist oder ob es in 3 und in 5 gleichermaßen referenziert wird), redet man jetzt von 3.owner.name[2], also dem zweiten Element des Arrays Name unterhalb des Slots owner des Dokumentes 3.\nDas ist eine Pfadabgabe (etwa eine XPath-Expression) relativ zur Wurzel des Dokumentes mit der ID 3, und nicht stabil: Werden Elemente vorne in das Array name eingefügt, oder wird der Typ des Slot owner verändert (der Skalar owner wird zu einem Array owner[], sodaß es jetzt 3.owner[1].name[2] heißen muß) oder der Nestinglevel von owner geändert, ist die Referenz ungültig. Und das Subdokument kann nicht von zwei Dokumenten 3 und 5 zugleich referenziert werden, da es literal Bestandteil von entweder 3 oder 5 ist.\nKurzum: Man kann nicht sinnvoll normalisieren, weil man nicht sinnvoll addressieren kann.\nDas ist Teil eines größeren Problems: NoSQL Took Away The Relational Model And Gave Nothing Back :\nThe meaning of the statement was that NoSQL systems (really the various map-reduce systems) are lacking a standard model for describing and querying and that developing one should be a high priority task for them.\nUnterdessen (nein: deswegen!) nähern sich SQL- und NoSQL auf eine Weise auch wieder einander an. Weil SQL eine sinnvolle Sache ist, gibt es Redisql , einen SQL-Interpreter, der quasi den KV-Store Redis als Storage Engine verwendet.\nUnd es gibt HandlerSocket , ein Plugin für MySQL, das das MySQL Sonderkommando HANDLER mit einem binären Netzwerkinterface ohne Authentisierung ausstattet und so Key-Value Zugriffe und Index-Traversal sehr effizient verfügbar macht, solange die Daten im RAM liegen (oder auf einer SSD ).\nNeben diesem echten harten Problem von JOIN und GROUP BY über das Netz gibt es eine Reihe von weiteren Schwächen in MySQL und einigen anderen SQL-Implementierungen, die von einigen NoSQL-Implementierungen angesprochen werden und die meiner Meinung zu falschen oder gefährlichen Ansätzen führen.\nDas bekannteste Beispiel ist das ALTER TABLE Statement in MySQL, das auch in MySQL 5.1 in vielen Fällen noch sehr lange dauert und alle Operationen auf der Tabelle blockiert, während es abläuft. Das Thema ist drängend und die Komplexität der Workarounds grenzt an das Lächerliche .\nALTER TABLE wird entweder verwendet, um die Indices einer Tabelle zu verändern oder um die Struktur einer Tabelle zu verändern. Die korrekte Lösung des Problems ist einerseits Background Index Creation (aber es gibt viele Einschränkungen ), wenn es um Indices geht.\nOder es ist eine versionierte Tabellendefinition, wenn es um die Tabellenstruktur geht - statt das ALTER TABLE auszuführen, wird eine neue Version der Tabellendefinition angelegt. An jeder Row wird die Versionsnummer der Tabellendefinition gespeichert, der die Row entspricht. Beim Zugriff auf die Row werden die Daten gelesen und entsprechend der ALTER TABLE-Anweisungen, die fehlen, auf den neusten Stand gebracht (ebenso alle anderen Rows in derselben Page). Die Speicherseite ist nun \u0026lsquo;dirty\u0026rsquo; und wird mit dem nächsten Checkpoint auf der Platte aktualisiert. Das ermöglicht zugleich Transactional DDL .\nWas die meisten NoSQL-Nondatenbanken stattdessen machen ist schemalessness zu propagieren. Dabei werden oftmals eigenartige Schlußfolgerungen gezogen:\nAvoiding schema changes and data migration are good reasons.\nDie Folgerung \u0026ldquo;Aus Schemalessness folgt, daß man Schema Changes und Datenmigration vermeiden kann\u0026rdquo; ist offensichtlicher Unsinn, wie jeder erkennen kann, der einmal reale Anwendungen entwickelt hat - die Migration wird nun jedoch wieder einmal dem Anwendungsprogrammierer zur Modellierung in der Anwendung überlassen.\nDas heißt, man implementiert nun das \u0026lsquo;Transactional DDL\u0026rsquo;-Modell von oben in der Anwendung nach: Jeder Datensatz bekommt eine Versionsnummer und der ORM prüft beim Lesen jedes Satzes, ob die Versionsnummer auf Stand ist, und wenn nicht, wendet er die notwendigen Transformationen auf das gelesene Objekt an. Beim Zurückschreiben der Daten wird das aktuelle Datenmodell mit der höchsten Versionsnummer geschrieben.\nOder man tut das nicht, und verläßt sich auf obskure Defaults der verwendeten Plattform (MongoDB Blog Beispiel und die Diskussion unten dran kommt zu demselben Schluß wie ich hier).\nWas also sucht man, wenn man sich mit NoSQL beschäftigt?\nWorkarounds für existierende Limits in der Implementierung von MySQL - das führt in der Regel zu wenig sinnvollen Ergebnissen. Techniken, mit denen man Wachstum über die Grenzen einer einzelnen Maschine hinaus besser in den Griff bekommen kann: Sharding und Replikation weiter denken. Das Problem des Joins und der Aggregation in diesen Szenarien angehen. Lösungen dafür existieren, ob man sie nun Condition Pushdown oder Map-Reduce nennt - beides ist sehr ähnlich. Ich erwarte, daß Autosharding und verteilte Ausführung von SQL, hinter den Kulissen mit Map-Reduce/Condition Pushdown, in absehbarer Zeit Bestandteil von Open Source SQL-Produkten werden. Ich erwarte, daß auch damit die Effekte, die sich aus der Verteilung des Systems ergeben nicht vollständig in allen Fällen vor dem Endanwender verborgen werden können. ","date":"2010-11-05T00:00:00Z","href":"https://blog.koehntopp.info/2010/11/05/ein-paar-gedanken-zum-thema-nosql.html","tags":["mysql","nosql","database","development","lang_de"],"title":"Ein paar Gedanken zum Thema NoSQL"},{"categories":null,"content":"Ich schrieb :\nheretic666 schrieb am 4. November 2010 12:11\n\u0026hellip;das man nicht auch wahlweise mit PostgreSQL oder MS SQL erschlagen kann?\nMir fällt da im Moment kein Punkt ein\u0026hellip;\nPostgres ist ein Repräsentant der klassischen Datenbanken und fällt in dieselbe Kategorie wie Oracle, MS SQL oder DB/2. MySQL ist eine Datenbank, die sich in vielen Punkten an den Erfordernissen des Webs orientiert und ganz andere Schwerpunkte als Postgres oder Oracle setzt. Das ist auch eine der Erfahrungen, die der rote Sales (Oracle Sales) gerade mit blauen Kunden (MySQL Kunden) macht: Die meisten lassen sich nicht einfach auf rot konvertieren, weil das rote Produkt schlicht nicht die Leistungen bietet, die blauen Kunden wichtig sind.\nUm Deine Frage konkreter zu beantworten:\nMySQL ist eine Einprozeß-Architektur mit mehreren Threads und einem Threadpool. Ein Connect an die Datenbank ist vergleichbar teuer einem Connect an einen OpenLDAP-Server und MySQL kommt so gut mit transienten Verbindungen etwa eines mod_perl oder mod_php zurecht, daß man in MySQL in der Regel nicht mit Connection Pools arbeitet und 2-Tier Architekturen (Apache mit mod_irgendwas an MySQL) gut funktionieren.\nDatenbanken, die on-connect einen Handlerprozeß forken haben sehr viel höhere Kosten in Speicher (MySQL 200 KB pro Connect vs. zum Beispiel 5 MB für Oracle) und Zeit. Mit solchen Datenbanken redet man in der Regel über einen Application-Server der persistente Verbindungen aus einem Connection Pool managed, und auf der anderen Seite von einem Webserver angestupst wird (3-Tier).\nMySQL-Anwender skalieren Read-Leistung in der Regel horizontal. Das heißt, sie kaufen keine größeren Server, sondern mehr Server, um zu wachsen. In unserem Fall haben wir in einer Produktionshierarchie zum Beispiel 87 MySQL Slave-Server an einem Master hängen. MySQL Replikation ist per Default asynchron und muß in der Anwendung durch ein passendes master_pos_wait() synchronisiert werden - jedes asynchrone System kann durch Einfügen von Waits synchron gemacht werden.\nDas heißt, daß die Anwendung die Wahl hat, ob sie fortfahren oder warten will - und die meisten Leute wollen in der Anwendung lieber annähernd richtige Daten sofort liefern (und dann ggf später per AJAX aktualisieren) als auf absolut korrekte Daten zu warten, solange etwa im Web gebrowsed wird. Wenn es zum Schwur - also zum Kauf - kommt, dann will man warten, und dann nimmt man Waypoints in Kauf - vorher aber nicht.\nPostgres zum Beispiel hat erst jetzt mit 9.0 eine Replikation und diese ist auch nicht asynchron. Das heißt, wenn man eine Anwendung hatte, die größer war als eine einzelne Kiste leisten konnte, dann mußte man an irgendeinem Punkt zu MySQL greifen - mein derzeitiger Arbeitgeber ist so vor etwa 10 Jahren aus genau diesem Grunde von Postgres zu MySQL migriert. Das war sehr mühsam und teuer, aber damals ein zwingender Grund (und ist es heute trotz 9.0 wahrscheinlich auch noch).\nMySQL, speziell InnoDB, ist eine ausgezeichnete Engine mit MVCC (also lockless reads) und mit sehr sinnvollen Strategien beim Layout von Daten auf der Platte (Clustering der Daten nach Primary Key + auto_increment = instant win für alle Leute mit normalen Zugriffspatterns). Dadurch, daß MySQL außerdem Covering Indexes kann (Postgres auch in 9.0 leider noch nicht) sind bestimmte Optimierungen sehr leicht möglich und sehr effizient. Domas (früher MySQL, jetzt Facebook, außerdem Wikipedia-DBA) beschreibt dies in einem Artikel recht ausführlich.\nEin anderes Feature, das bei der Skalierung von großen Datenbanken (größer als der Hauptspeicher) sehr extrem rockt sind PARTITION BY clauses in Tabellendefinitionen. Man kann sich in Postgres vergleichbares manuell zusammentriggern (wie man sich auch Replikation zusammentriggern kann, wenn man keine Schmerzen spürt), aber nativ ist das Feature plötzlich auch für den normalbegabten DBA und vor allen Dingen auch für einen Entwickler zugänglich - und es ist sehr schnell. Wir migrieren gerade eine unserer letzten MyISAM-Datenbanken von Merge-Tables auf InnoDB Plugin + Compressed Tables + Partititions und die Effekte sind sehr erstaunlich.\nEin weiteres Feature, bei dem ich nicht beurteilen kann, wie gut oder schlecht Postgres da steht, sind die Connectors in MySQL.\nConnector/ODBC von MySQL ist - sagt man mir - sehr gut, ich habe in meiner beruflichen Praxis damit eine Reihe von Migrationen von Access- und MS SQL-Datenbanken auf ein MySQL Backend durchgeführt, und das war weitgehend problemlos (ODBC hat ein paar Konzepte, bei denen man wissen muß, wie sie auf MySQL abgebildet werden - wenn man das weiß, geht die ganze Umstellung vollkommen schmerzfrei).\nConnector/J ist angeblich auch sehr gut - ich versuche Java zu vermeiden und habe daher nicht viel unmittelbare Erfahrung, kann aber sagen, daß man zumindest vielen Schmerz der Java-Leute durch Konfiguration obskurer JDBC-Parameter wegheilen kann ohne daß man ins Java rein muß. :-)\nFür PHP gibt es eine unabhängige Implementierung des Protokolls als mysqlnd. Das ist einmal lizenztechnisch interessant (PHP License statt GPL) und einmal speichertechnisch spannend. Connector/C alias libmysqlclient.so lädt ja Ergebnisse aus dem Server in libmysqlclient.so runter und stellt sie als MySQL-interne Datentypen dar. Diese werden dann durch mysql_fetch_assoc() und Freunde in PHP Zeile für Zeile in PHP ZVAL umgewandelt - am Ende hat man die Daten also zweimal: Einmal als PHP Hash in ZVAL-Format und einmal als MySQL-interne Typen in der Bibliothek - bis dann endlich mysql_free_result() gemacht wird, und die interne Kopie gelöscht wird.\nmysqlnd verwendet jetzt gleich intern in der MySQL-Bibliothek PHP-interne ZVAL-Strukturen für die Ergebnisse, sodaß keine Daten mehr aus libmysqlclient.so in PHP umkopiert werden müssen, sondern die Daten quasi gleich als PHP-Hash in den Client runter geladen werden.\nAh, und schließlich sind die Zeichensatz-Fähigkeiten von MySQL recht bemerkenswert. MySQL kann Zeichensätze und Sortierungen per Spalte getrennt festlegen und wandelt dann zwischen Serverzeichensatz und Clientzeichensatz um. Das tut es sehr schnell, so schnell, daß es bei uns in einigen Anwendungen schneller ist, die Zeichensatzumwandlungen durch den Server machen zu lassen, als lokal im Client mit Perl (Nein, wir machen das nicht, es ist nur so, daß unsere Benchmarks meinten, das sei schneller :-) ).\nMySQL ist auch extrem flexibel: Mit einem ALTER TABLE kann man Spalten bequem von einer Darstellung in eine andere umwandeln, wenn sich die Anforderungen ändern, sodaß man sich dort nicht früh auf irgendwas festlegen muß.\nSoweit ich weiß ist das sehr viel flexibler als die Mechanismen, die Postgres hier bietet.\nIn MySQL nutzt man oft eine Reihe von Dingen nicht, die man von einem klassischen Datenbankprodukt erwarten würde, wie es etwa an der Uni unterrichtet wird. Das ist in dem Umfeld von MySQL weitgehend okay - wir zum Beispiel setzen MySQL auf eine Weise ein, bei der wir alle Zugriffe auf die Datenbank kontrollieren und bei der wir den Code zu allen Anwendungen haben und ändern können, die auf die Datenbank zugreifen. Das macht gewisse Dinge auf der Clientseite möglich, die man anderswo im Server abhandeln muß.\nForeign Key Constraints zum Beispiel realisieren wir im Client in Bibliotheken. Wir werden auch in der Regel keinen Code in der Datenbank einsetzen - also weder Views, noch Procedures noch Triggers, sondern machen alle diese Sachen im Client. Wir sind aber ein privilegiertes Umfeld, weil wir in der Produktion durchgehend einen OSS Stack einsetzen und so den Quelltext zu allem vollkommen kontrollieren. Wir sind außerdem größer als eine einzelne Maschine leisten kann, müssen also sowieso horizontal Skalieren, und es ist nun einmal günstiger, Client-CPUs zu kaufen als Datenbankserver-CPUs, also ist es für uns ökonomisch nicht sinnvoll, Code in der Datenbank laufen zu lassen (von den Managementerfordernissen, die Code in der Datenbank mit sich bringt mal ganz abgesehen).\nSchließlich: MySQL hat eine Reihe von Eigenheiten, Einschränkungen und Fehlern. Das ist okay, denn die meisten dieser Sachen sind bekannt und man kann mit ein wenig Erfahrung da leicht drum herum arbeiten.\nMySQL hat jedoch auch eine riesengroße Community von Leuten mit zum Teil bemerkenswertem Niveau, sodaß man an die notwendigen Informationen herankommt - in seiner Landessprache, wahlweise für Geld oder gute Worte und auch auf Zeit.\nMySQL hat auch erwiesenermaßen große Installationen, das heißt die versprochene Skalierbarkeit ist nicht hypothetisch, sondern die Konzepte sind bewiesen und verdienen bei anderen Leuten nachweisbar Millionen - pro Tag.\nMySQL ist nicht schön. Das muß es nicht, es soll nur den Job erledigen und die Kasse voll machen. Und das tut es, zuverlässig, wiederholbar und vor allen Dingen auf eine Weise, die man normalbegabten Entwicklern in Kursen vermitteln kann. Alles ist allem ist das in etwa das, was man von einem solchen Produkt erwarten würde.\nDie Zusammenfassung dieses recht langen Textes ist in etwa:\nDie reale Welt ist nicht die Uni, und die Erfordernisse der realen Welt werden für eine populäre Klasse von Anwendungen und Anforderungen von MySQL besser abgebildet als von jeder anderen Datenbank. Das MySQL dabei gegen bestimmte traditionelle Lehren verstößt sorgt in gewissen Kreisen für schlechte Presse, aber das ist den Leuten, die das machen egal, solange die von ihnen erstellten Rechnungen korrekt genug sind um akzeptiert zu werden und den Kühlschrank voll machen.\n","date":"2010-11-04T00:00:00Z","href":"https://blog.koehntopp.info/2010/11/04/red-vs-blue-at-oracle-und-ein-paar-gedanken-zu-postgres.html","tags":["mysql","postgres","database","development","lang_de"],"title":"Red vs Blue at Oracle, und ein paar Gedanken zu Postgres"},{"categories":null,"content":"Kurzer SQL WTF von heute:\nmysql\u0026gt; SELECT \u0026#39;a\u0026#39;=\u0026#39;b\u0026#39;; 0 mysql\u0026gt; SELECT \u0026#39;a\u0026#39;=\u0026#39;b\u0026#39;=\u0026#39;c\u0026#39;; 1 Warum ist das so?\nIm MySQL Sourcecode ist in sql/sql_yacc.yy definiert:\n%left EQ EQUAL_SYM GE GT_SYM LE LT NE IS LIKE REGEXP IN_SYM Damit ist der Operator EQ (das Vergleichheitszeichen) als links-assoziativ definiert. Vergleiche von Vergleichen sind also zugelassen,\n1 = 2 = 3 ist also ein zulässiges Konstrukt und es wird als ( 1 = 2 ) = 3 evaluiert.\nStatt links-assoziativ könnte es auch als rechts-assoziativ 1 = (2 = 3) oder als nicht-assoziativ (ein Mehrfachvergleich ist unzulässig) definiert sein.\nDaher ist der boolsche Ausdruck 'a' = 'b' offensichtlich falsch, also 0. Und damit wird 0 = 'c' zu einem Vergleich eines Integers links mit einem Character rechts. In einem links-assoziativen Ausdruck bestimmt der linke Ausdruck den Typ, zu dem der rechte Teil des Ausdrucks hin konvertiert wird. Das c wird also zu einem Integer umgewandelt, also zu 0. Damit ist 0 = 0 und das ist wahr, also 1.\nIst es ungewöhnlich, daß MySQL so etwas tut?\nAuch in Sybase und in Oracle ist das Symbol EQ (der Vergleichheitszeichen-Operator) ein %left.\nUnd Oracle sagt im Handbuch :\nPL/SQL is case sensitive within character literals. For example, PL/SQL considers the literals \u0026lsquo;Z\u0026rsquo; and \u0026lsquo;z\u0026rsquo; to be different. Also, the character literals \u0026lsquo;0\u0026rsquo;..\u0026lsquo;9\u0026rsquo; are not equivalent to integer literals but can be used in arithmetic expressions because they are implicitly convertible to integers.\n","date":"2010-09-10T00:00:00Z","href":"https://blog.koehntopp.info/2010/09/10/a-b-c.html","tags":["mysql","oracle","sql","lang_de"],"title":"'a' = 'b' = 'c'"},{"categories":null,"content":"Für viele MySQL-Anwendungen sind Covering Indexes eine wichtige Sache. Domas hat einen Artikel darüber Wie Wikipedia von Covering Indexes profitiert , und auch sonst sind solche Indices für viele MySQLer ein täglicher Bestandteil der Optimierungsarbeit.\nNun las ich neulich in einem Artikel eine Seitenbemerkung, daß Postgres keine Covering Indices unterstützt und das scheint tatsächlich der Fall zu sein , auch wenn ich in der Doku selber keine Hinweise darauf gefunden habe.\nWarum Postgres das nicht kann ist zunächst einmal klar: MVCC macht das sehr schwierig. In meinem Vortrag zur InnoDB Storage Engine (Teil 1 , Teil 2 ) habe ich schon einmal beschrieben, was passiert, wenn eine Zeile in InnoDB geschrieben wird.\nMVCC, nach Art von InnoDB. Der Pfeil deutet ein Rollback an.\nDie überschriebene Zeile wird aus der Tabelle in das Undo-Log verschoben und mit der neuen Version der Zeile verkettet. Wird die Zeile ein weiteres Mal geändert, wird die überschriebene Version ebenfalls aus der Tabelle ins Undo Log verschoben und mit der aktuellsten Version verkettet. Auf diese Weise führt aus der Tabelle-Log ein Zeiger ins Undo-Log und von dort innerhalb des Undo-Logs eine lineare Liste zu vorhergehenden Versionen einer Tabellenversion. Man hat also eine verkettete Liste der Historie einer Zeile.\nEin separater Thread in InnoDB, der Purge Thread, bestimmt die älteste Transaktion, die im System noch aktiv ist, und welche Transaktionsnummer diese Transaktion noch sehen kann. Alle Daten aus dem Undo-Log, die noch älter sind, können gefahrlos gelöscht werden, da sie für keine Transaktion noch sichtbar sein können.\nPostgres arbeitet ähnlich, aber nicht gleich: In Postgres verbleiben alte Versionen einer Zeile in der Tabelle (Postgres macht keine In-Place Updates wie InnoDB, sondern schreibt neue Versionen der Zeile an eine andere Stelle der Tabelle), sodaß die lineare Liste von Vorgängerversionen einer Zeile nicht im Undo-Log, sondern in der Tabelle aufgebaut wird. Dadurch wächst die Tabelle im Laufe der Zeit durch Schreibzugriffe über alle Grenzen und alte Versionen der Daten vergiften langsam die Datenhaltung und auch die Index-Effizienz.\nPostgres wirkt dem entgegen, indem es einen Prozeß, der dem Purge Thread von InnoDB vergleichbar ist, ablaufen läßt: Vacuum geht zyklisch durch alle Tabellen und entfernt Datensätze, die so alt sind, daß sie von keiner Transaktion mehr benötigt werden. Anders als bei MySQL ist dabei jedoch mehr Arbeit notwendig, da Platz in der Tabelle freigegeben werden muß (InnoDB macht eine vergleichbare Mehrarbeit beim Checkpointing: Damit In-Place Updates sicher sind, muß es einen Doublewrite Buffer verwenden und Daten zwei Mal schreiben. Aber das ist Thema für einen anderen Artikel).\nAlle diese Betrachtungen beziehen sich jedoch auf die Daten. Indices enthalten Extrakte aus den Daten, die in Indexreihenfolge angeordnet sind, und dann einen Zeiger auf die verbleibenden Daten, die nicht im Index enthalten sind. Wenn man jedoch mehr als eine Version eines Datensatzes hat, wie in MVCC, welche Version des Datensatzes indiziert man dann und wie stellt man sicher, daß Transaktionen, die alte Sichten auf die Daten haben, den Index dennoch zuverlässig verwenden können?\nNun haben wir in der Firma MySQL Support gekauft, und zwar von der Art, der auch \u0026lsquo;Consultative Support\u0026rsquo; enthält. Also schickte ich eine Supportanfrage los, denn diese Frage ist mit Sicherheit auch für den Support selbst interessant:\nI understand how InnoDB works and what MVCC is .\nWhat I do not know is how Indexes in InnoDB deal with this. That is, given a table such as\nCREATE TABLE T ( id integer not null primary key, d varchar(80) charset latin1 not null, index(d) ) engine = innodb; and transactions that change d values in t, id values in t, delete d values in t or delete rows in t, how does InnoDB treat the index d and the index PRIMARY in order to\nmake the index d still covering in SELECT d from t where d = 'cookie' make sure that old and new values are found in queries such as SELECT id from t where d = 'cookie', when d has been changed from keks to cookie in a transaction that has been comitted, but other connections still have an old consistent read view on the previous state of things. I understand that Postgres does not have covering indexes because of such index problems wrt to transactions. How does InnoDB work around this?\nAxel Schwenke von MySQL Support hat diese Frage beantwortet, und dabei Hilfe von Marko Mäkelä vom InnoDB Team bekommen:\nA secondary index contains the newest version of a row, if a row update included the key then the old index record will be delete-marked (and removed later by the purge thread) and a new index record will point to the new version of the row.\nSecondary index entries are not versioned, but each index leaf page carries a PAGE_MAX_TRX_ID denoting the last transaction that modified the page. If this is newer than the required read snapshot, then InnoDB dives to the clustered index for each hit from that index page to check the row version and will also follow to UNDO if required.\nThat means covering index reads might degrade to full row reads on InnoDB, depending on write activity and isolation level.\nIn Deutsch: Ein Index, der nicht der Primärschlüssel ist (und das ist bei InnoDB und Covering Indexes immer der Fall) hat Einträge für die neuste Version einer Zeile. Falls sich Felder einer Zeile verändern, die Bestandteil des Index sind, dann auch für die ältere Version. Der alte Eintrag wird zum Löschen markiert und zu einem passenden Zeitpunkt vom Purge Thread abgeräumt.\nIndexeinträge in sekundären Indices haben keine Transaktionsnummern an den Einträgen selbst, sondern es gibt nur Einträge an den Blatt-Pages des Index, die die Transaktionsnummer der letzten Änderung der Index-Seite enthalten. Wenn die Seite zu neu ist, dann muß InnoDB tatsächlich den Primärschlüssel für jede Zeile lesen, die in der Seite enthalten ist (nicht nur für die geänderte Zeile, sondern auch für jede Zeile, die zufällig auf derselben Index-Blattseite gespeichert ist) und für die Zeilen, die durch den Schreibzugriff tatsächlich verändert worden sind, in das Undo-Log gehen, um alte Versionen der Daten zu finden. Das impliziert auch, daß ein Covering Index für diese Situation zu einem normalen Zeilen-Read führen kann (den man ja gerade vermeiden will) und dann für die tatsächlich geänderten Zeilen sogar noch einen Abstieg in das Undo-Log nach sich zieht, je nach Schreiblast und Isolation Level, der für den Reader eingestellt ist.\nMal sehen, ob ich das noch mal irgendwann in eine coole Zeichnung gießen kann, um zu verdeutlichen, was da genau vor sich geht. Auf jeden Fall: Danke, MySQL Support - das ist genau der Grund, warum wir bei Euch einkaufen!\n","date":"2010-09-09T00:00:00Z","href":"https://blog.koehntopp.info/2010/09/09/covering-indexes-und-mvcc.html","tags":["innodb","mysql","postgres","sql","lang_de"],"title":"Covering indexes und MVCC"},{"categories":null,"content":"Meine Firma verwendet SAP. Zum Glück habe ich damit nicht viel zu tun, außer um meine Beurteilungen abzusegnen und Urlaub zu beantragen. Das heißt, ich verwende SAP maximal 3 mal im Jahr. Bis vor kurzem hatte unser SAP keine LDAP-Anbindung. Ich hatte also ein SAP-Login, das von meinem Firmen-Login verschieden war und auch ein anderes Paßwort hatte. Da ich nur so ca. 3 Mal im Jahr ins SAP muß, ist das Paßwort unweigerlich abgelaufen, wenn ich mich in das SAP einloggen will.\nJeder Urlaubsantrag begann also mit einem Call an den SAP Helpdesk mit der Bitte, das Paßwort zurücksetzen zu lassen.\nAn das SAP komme ich als Heimarbeiter nur per VPN. Das VPN, ein unsagbares Juniper-Applet, funktioniert nur in Windows. Das SAP auch, denn es funktioniert zum Glück nur mit einer veralteten Version von Internet Explorer. Ich muß also eine VMware starten. Für alle anderen Dienste, die mit meinem Job zu tun habe, komme ich um das Applet herum, nur zum Urlaub beantragen muß ich in die VMware.\nIch starte also VMware, um Urlaub zu beantragen. VMware will sich aktualisieren, denn es liegt eine neue Version vor. Ich seufze, und klicke Okay. VMware aktualisiert sich. Das Windows kommt hoch. Der VMware Client im Windows teilt mit, daß der Host neuer ist als der Guestclient, und ob er sich denn bitte aktualisieren dürfe.\nWährend mein Mauszeiger noch über dem Icon schwebt, meldet sich das Antivirenprogramm und merkt an, daß es veraltet ist. Also, nicht die Virensignaturen sind veraltet, sondern das Programm selber. Es will sein Update runterladen und seine Lizenz verlängern. Ich sage dem Antivirenprogramm, daß es das wohl dürfe, und wende mich dem VMware Guest Client zu.\nFlash meldet sich. Es ist veraltet und enthielte Sicherheitslücken. Ob es sich wohl updaten dürfe. Aber ja. Flash lädt ein Update runter.\nJava klingelt. Es ist veraltet und enthalte Sicherheitslücken. Ob es sich wohl updaten dürfe. Aber ja. Java lädt ein Update runter. Java will die Yahoo! Toolbar installieren. WTF? Nein, ich will keine beknackte Toolbar. Ich will auch kein Java, muß aber.\nDas Flash Update scheitert.\nAdobe Reader meldet sich. Er ist veraltet und enthielte Sicherheitslücken. Ob er sich wohl updaten dürfe. Aber ja. Adobe Reader lädt ein Update runter.\nWindows meldet sich. Es sei veraltet und enthielte Sicherheitslücken. Ob es sich wohl updaten dürfe. Aber ja. Ich muß neu starten, damit die Updates sich beenden dürfen.\nWindows startet neu. Das unterbricht das laufende Adobe Reader update. Sehr schön.\nDas gute an VMware ist, daß ich der Windows-Instanz sehr wenig Speicher zugeteilt habe, und der Mac, der das hosted, genug Speicher hat. Windows startet also aus dem Mac File System Buffer Cache neu. Das heißt mehr oder weniger, daß es nur kurz flackert. Immerhin.\nWindows loggt mich ein. Ich kann den VMware Guest Client endlich aktualisieren. Denke ich. Aber nein! Das unterbrochene Adobe Reader Update hat nur auf diesen Moment gelauert! Während sich mein Mauszeiger dem VMware Guest Client Icon nähert, schlägt der Reader zu: Your Update is ready. Do you want to install?\nIch seufze. Und klicke Ja. Adobe wahrt das Markenimage - auch dieses Update scheitert, genau wie das Flash Update. In der Phase \u0026lsquo;Optimizing Performance\u0026rsquo;.\nNa klar. Ich kann mir denken, daß Adobe damit Probleme hat.\nEs gelingt mir, das Update des VMware Guest Client abzuschließen.\nIch starte den Internet Explorer, um mich in das VPN einzuwählen und habe das megasichere RSA Schraddeltoken zur Hand. Aber das VPN zickt - denn, man ahnt es nicht, das VPN Zertifikat ist geupdated worden. Und der feine Juniper Client macht beim Update ein Häufchen und will erst den Hintern abgewischt haben, bevor er mich in das supersichere Firmennetz läßt.\nIch wähle das SAP Portal durch das VPN an, um endlich Urlaub zu beantragen.\nEs ist down.\nFür ein Update.\nPigor: Nieder mit IT ","date":"2010-08-22T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/22/warum-ich-urlaub-brauche.html","tags":["computer","lang_de"],"title":"Warum ich Urlaub brauche"},{"categories":null,"content":"Ich habe letztes Jahr hier und hier ja schon mal was über \u0026ldquo;intelligente\u0026rdquo; Stromzähler geschrieben, zu deren Einbau wir ja nun alle verpflichtet sind, wenn wir renovieren oder neu bauen.\nDas Thema rollt nun auch langsam in das Licht der Öffentlichkeit, etwa schreibt der Spiegel in Teure Ersparnis :\nDas Sparpotential des intelligenten Stromnetzes werde \u0026ldquo;enorm überschätzt\u0026rdquo;, resümiert Energieberater Klafka. Zuweilen verursache ein intelligenter Zähler sogar erst mal zusätzlichen Stromverbrauch, weil die Tarifdaten rund um die Uhr übertragen werden müssen. Eine dazu nötige permanente DSL-Verbindung verschlingt pro Jahr rund 131 Kilowattstunden. Zum Vergleich: Ein moderner Kühlschrank benötigt weniger als 100.\nDagegen steht eine potenzielle Ersparnis, die wahrscheinlich potenziell bleibt:\nEs ist nämlich nicht damit getan, den Stromverbrauch nur um Minuten zu verschieben, selbst einige Stunden reichen oft nicht aus. Die Intervalle von windstillen Phasen beispielsweise erstrecken sich manchmal über 36 bis 48 Stunden. Diese Spanne überfordert selbst den geduldigsten Verbraucher.\nNoch gar nicht thematisiert werden die Sicherheitsaspekte der Zähler, das wird erst nach der ersten großen Katastrophe der Fall sein.\nNachtrag: Jemand fragte: \u0026ldquo;Warum messen die Versorger eigentlich nicht an den letzten Umspannstationen vor dem Kunden?\u0026rdquo; Das würde für die Lastplanung wahrscheinlich mehr Sinn haben - weniger Messpunkte und daher mehr Etat für sinnvolle Sicherheitsmaßnahmen notwendig, der Messpunkt unter Kontrolle des Systembetreibers und auch keine Privacy-Issues, die man diskutieren müsste. Ein Intelligenter Stromzähler beim Kunden ist dann aus Sicht des Netzbetreibers natürlich weitgehend überflüssig.\nNachtrag 2: Wir haben das eben noch mal weiter diskutiert, und uns gefragt, für wen diese Daten denn sinnvoll sind. Für den Bewohner eines Haushaltes eher nicht - die meisten der mitredenden Geeks hätten solche Daten schon gerne, aber mit besserer Auflösung, also pro Zimmer, Sicherung oder Gerät runter gebrochen.\nFür den Energieversorger ist es sicherer und besser, das an der Umspannstation zu messen und diese Daten zur Bedarfssteuerung zu verwenden, zumal die Fernauslesung dieser Geräte sowieso optional ist.\nSinn haben Intelligente Stromzähler nur, weil sie mit dem Abrechnungspunkt zusammen fallen und pro Abrechnungspunkt ein anderer Stromanbieter gewählt werden kann. Das heißt, mit den Daten von einem Intelligenten Zähler wird vor allen Dingen die Abrechnung der Stromanbieter untereinander schneller und genauer und damit die Liquidität im Strommarkt verbessert. Einen direkten wirtschaftlichen Nutzen hat das Ganze also eher nicht, sondern die Aktion dient eher nur Markt-Ermöglichung und -Beschleunigung.\n","date":"2010-08-19T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/19/intelligente-stromzaehler.html","tags":["computer","energy","lang_de"],"title":"\"Intelligente\" Stromzähler"},{"categories":null,"content":"In Kennzeichen Digital beim ZDF schreibt Mario Sixtus einen ganz wunderbaren Text über die ganze Google Streetview Hysterie. Kernpunkt:\nEin interessanter Effekt des Netzes ist es, theoretische Rechte in praktische zu verwandeln. Das allgemeine Grundrecht auf freie Meinungsäußerung machte sich beispielsweise in der Pre-Netz-Ära sehr hübsch im Grundgesetz und in Sonntagsreden. Abgesehen von Flugblättern, Leserbriefen und Stammtischansprachen hatte der gemeine Bürger allerdings kaum eine Möglichkeit, von diesem Recht Gebrauch zu machen.\nDas Netz hat nun dieses theoretische Recht in ein praktisches verwandelt. Dies finden die publizistischen Eliten von gestern zwar immer noch nicht sonderlich toll, und sie reagieren meist noch ziemlich zickig auf die Neuankömmlinge aus der Blog-Fraktion, aber kein echter Demokrat würde letzteren ernsthaft die Netz-gegebene Möglichkeit streitig machen, ihr Grundrecht auf Meinungsäußerung nun endlich auszuüben.\nMit dem öffentlichen Raum verhält es sich ähnlich. Sich frei durch Straßen und über Plätze zu bewegen ist unser aller gutes Recht und dazu gehört auch, die darumstehenden Gebäude anzuschauen. Wem das nicht passt, der kann sein Haus mit einem hohen Zaun oder einer Mauer umgeben.\nDen ganzen Text gibt es hier . Ergänzend dazu auch der Artikel\nEs gibt kein analoges Leben im Digitalen von Michael Seemann, der erklärt, warum die alten Leute mit Kugelschreibern auf Streetview so heftig reagieren, und wieso das im Grunde egal ist.\nMir ist bewusst, dass der gesellschaftliche Diskurs hier erst am Anfang steht. Aber gestern standen wir noch davor. Der Kontrollverlust ist heute im Mainstream angekommen. Willkommen in unserer Welt.\n","date":"2010-08-19T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/19/erst-dienste-wie-street-view-machen-den-ffentlichen-raum-wirklich-ffentlich.html","tags":["anderswo","google","lang_de"],"title":"Erst Dienste wie Street View machen den öffentlichen Raum wirklich öffentlich "},{"categories":null,"content":"The Dreaming Void , Peter F. Hamilton, EUR 6.50, 608 Seiten.\nDie ferne Zukunft. Teile der Menschheit leben postphysikalisch als Uploads, andere haben sich mehr oder weniger genetisch aufgerüstet oder ihre Körper mit Nanotechnik angereichert. Sterben muß niemand mehr, und Not leiden oder gar hart arbeiten auch nicht, außer er wählt dies als Lebensstil.\nIm Zentrum der Galaxis liegt ein gigantisches Schwarzes Loch, The Void. Der Astrophysiker Inigo beginnt, Szenen aus dem Leben von Edeard zu träumen, einem Menschen, der offenbar im Mikrouniversum im Inneren der Void lebt - ein bemerkenswertes Universum, denn offenbar kann man dort mit dem Geist Einfluß auf die Materie nehmen.\nDie Inigos Träume von Edeard werden die Grundlage einer Religion, Living Dream, und ein Trek von Menschen macht sich auf, um zu versuchen, in die Void zu gelangen. Doch das wird das energetische Gleichgewicht zwischen den Universen ins Wanken bringen und die Void wird anfangen, sich auszubreiten.\nThe Temporal Void , Peter F. Hamilton, EUR 5.80, 672 Seiten.\nSchon in The Reality Dysfunction und den Folgebänden ging es Peter Hamilton um eine spirituelle Komponente des Menschen im Angesicht transhumanistischer Ideen und der Singularität . In der Void Trilogie, deren erster Band The Dreaming Void ist, greift er diesen Gedanken wieder auf.\nAus irgendeinem Grund, den Hamilton nicht richtig deutlich zu machen versteht, ist das Void-Universum für die Anhänger von Living Dream attraktiver als die Welt in der sie leben - dabei unterscheiden sie sich in den Fähigkeiten ihrer aufgerüsteten Existenz in keinster Weise von der Welt, die Inigo dort erträumt. Doch in ihrem Streben dort hin zu gelangen werden sie vermutlich die Existenz des hiesigen Universums und der Personen, die dem Traum nicht folgen wollen beenden. Dieser Konflikt ist die Basis der Geschichte, doch da sich die Motivation dieses Konflikts für mich nicht glaubhaft verankern läßt, bleibt eine interessant verschachtelt erzählte Geschichte, die für mich jedoch in keiner Weise anrührend ist und mich am Ende leicht frustriert zurückläßt.\n","date":"2010-08-18T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/18/fertig-gelesen-the-dreaming-void.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: The Dreaming Void"},{"categories":null,"content":"In einem Kommentar zu Master-Master schrieb ich:\nFür den von Dir genannten Sonderfall der Filialsysteme habe ich noch einen deutschen Artikel in der Warteschlange, ich muß nur Zeit finden ihn zu schreiben.\nNormalerweise sieht MySQL Replikation so aus:\nMySQL Replikation - Architekturübersicht\nMaster Binlog Auf dem Master ist mit der Konfigurationsanweisung log_bin das Binlog aktiviert.\nDas Binlog loggt bei Statement Based Replication (SBR) alle Anweisungen, die Daten verändern (also quasi alles außer SELECT). Binlog-Dateien haben dasselbe Namensprefix und werden dann durchnumeriert. Die Datenbank beginnt ein neues Binlog, wenn die laufende Binlog-Datei größer als max_binlog_size (Default 1G) wird, wenn das Kommando FLUSH LOGS ausgeführt wird oder wenn der Server neu gestartet wird.\nIn der Binlog-Indexdatei findet man eine Liste aller existierenden Binlogs, man kann sie mit dem Kommando SHOW MASTER LOGS anzeigen lassen. Durch das Kommando PURGE MASTER LOGS kann man alte Binlogs löschen - meistens macht man so etwas wie PURGE MASTER LOGS BEFORE NOW() - INTERVAL 3 DAY statt ein konstantes Datum oder einen festen Dateinamen anzugeben. Man kann die Löschung auch automatisieren, indem man expire_logs_days auf einen Wert setzt. Dann werden beim Anlegen eines neuen Binlogs alle Dateien gelöscht, die älter als expire_logs_days Tage sind.\nMit dem Kommando mysqlbinlog kann man das Binlog lesen und in ein SQL-Script umwandeln lassen. Dieses könnte man (ab einer gewünschten Position) einlesen lassen, indem man im Kommandozeilenclient das Kommando source …\u0026rsquo; eingibt. Auf diese Weise kann man eine Datenbank von einer bekannten Binlog-Position manuell zu einer anderen Position vorwärts rollen lassen.\nDiese Prozedur ist bei einer Recovery notwendig: Man spielt ein Full Backup ein, das hoffentlich mit einer bekannten Binlog-Position assoziiert ist. Dann verwendet man das Binlog, um von dieser Position zu einer gewünschten Position (unmittelbar vor dem fatalen DROP DATABASE wichtig) vorwärts zu rollen.\nServer ID Jeder Server in einem MySQL-Replikationssystem hat eine eindeutige Server-ID. Das ist ein 32 Bit Wert ohne Vorzeichen, der den Server eindeutig identifiziert. Das Binlog markiert jeden Eintrag mit dieser Server-ID. Dadurch ist es möglich, in Replikationsringen endlos kreisende Statements zu erkennen und zu eliminieren: Ein Server wird keine Anwendungen per Replikation ausführen, die seine eigene Server-ID enthalten.\nREPLICATION SLAVE Privilege Replikation besteht für den Master darin, daß sich ein Slave auf dem Master einloggt und das Kommando SHOW MASTER LOGS sowie das binäre Äquivalent von SHOW BINLOG EVENTS ausführt. Damit er das kann, muß der Slave einen Account auf dem Master haben, der das Privileg REPLICATION SLAVE hat.\nSlave Side Auf dem Slave besteht Replikation aus zwei Teilen: Der IO_THREAD nimmt die vier Login-Informationen (Host, Port, User und Paßwort) aus dem CHANGE MASTER Statement und loggt sich auf dem Master ein. Er nimmt dann die zwei Binlog-Positionsdaten (Binlog Name und Binlog Position), und lädt das Binlog ab dieser Position beginnend so schnell als möglich runter. Er schreibt diese Daten auf dem Slave in das Relay Log File. Der SQL_THREAD liest die Daten aus dem Relay Log File und führt sie aus. Wenn er damit fertig ist, löscht er das Relay Log File und wendet sich dem nächsten File aus dem Relay Log Index zu.\nFilialsysteme Ein Filialsystem besteht aus vielen kleinen autonomen Datenbanken in den Filialen eines Händlers. Die Struktur der Datenbank in jeder Filiale ist immer gleich, aber jede Filiale hat dieses Schema unter einem eigenen Namen und mit den Daten dieser Filiale.\nDas Problem besteht jetzt darin, die Daten aus den Filialen in der Zentrale zusammen zu führen und dort dann zu aggregieren. Aus technischen Gründen ist es nicht möglich, die gesamte Datenbank in die Zentrale zu übertragen. Stattdessen will man täglich einmal das Delta transportieren.\nDer Ansatz dazu ist ein einfacher Sharding Ansatz, bei dem wir den Vorderteil der Replikation mißbrauchen - also den Teil auf dem Master, der das Binlog schreibt. Das Hinterteil in der Zentrale bauen wir selber, mit mysqlbinlog und ein paar Scripten.\nDer Ansatz sieht so aus:\nFilialsystem (mit Binlog-Transport)\nDie Vorbedingungen sind:\nDie Datenbestände der zweier beliebiger Filialen m und n sind überlappungsfrei (sonst ist es kein Sharding). Schreibzugriffe in die Filialdatenbank db_n erfolgen nur in der Filiale n. Die Daten in der Zentrale können hinter den Daten in der Filiale hinterher hinken. Der Abstand ist durch die Häufigkeit des Transportes der Binlogs wählbar. In den Filialen sind alle Queries mit unqualifizierten Namen geschrieben: Man schreibt also immer INSERT INTO t \u0026hellip;, nie INSERT INTO db.t …. In der Zentrale existiert eine Schemakopie der Filiale, auf die das Delta angewendet werden kann. Das Verfahren ist wie folgt: In den Filialen laufen autonome Datenbankserver mit aktiviertem Binlog. Vor einem Transport in die Zentrale wird ein FLUSH LOGS gemacht. Dadurch wird ein neues Binlog begonnen und man hat einen sauberen Cutoff-Punkt. Die Binlogs vor dem Cutoff werden archiviert und dem Transport übergeben. Danach werden sie mit PURGE MASTER LOGS in der Datenbank gelöscht (können aber im Archiv als Kopie auch in der Filiale verbleiben).\nIn der Zentrale wird jedes Binlog-Set einer Filiale in ein SQL-Sourcefile umgewandelt, durch Anwendung des Kommandos mysqlbinlog. Dieses File wird dann in die Schemakopie der Filiale eingelesen und bringt diese auf Stand.\nDanach kann durch Starten der Aggregationsprozesse die Datenbank der Zentrale db_agg aktualisiert werden und die Daten aus allen Filialen integrieren.\nEin Sharding (Shard = Splitter) ist ein Sonderfall einer Partition. Eine Partition ist eine Aufteilung einer Menge derart, daß die Teile die Gesamtmenge komplett überdecken und sich zwei Teilmengen nicht überdecken. Bildlich kann man sich das Zerschneiden einer Torte in Stücke nicht notwendig gleicher Größe vorstellen. Bei einer Partition liegen die Teilstücke in der Regel auf einer Maschine, beim Sharding dürfen die Teilstücke verteilt liegen, es kann also jeder Shard auf einer anderen, räumlich getrennten Maschine liegen.\nIn unserem Beispiel stellen wir einen Shard in jede Filiale und lassen ihn dort lokal und ohne Kenntnis der anderen Shards arbeiten. Wir zeichnen die Änderungen im Binlog auf und spielen alle Änderungen aller Filialen in der Zentrale ein. Das funktioniert nur deshalb, weil alle Änderungen sich immer nur auf das Schema der Filiale beziehen.\nIn einem großen Zentralschema erzeugen wir durch horizontale Aggregationsqueries quer über alle Filialschemata eine integrierte Gesamtansicht.\n","date":"2010-08-18T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/18/verteilte-datenbanken-der-sonderfall-filialsysteme.html","tags":["mysql","database","lang_de"],"title":"Verteilte Datenbanken: Der Sonderfall Filialsysteme"},{"categories":null,"content":"Lalufu fragte in den Kommentaren von Master-Master :\nIch habe eine MM-Replikation mit zwei Servern.\nBeide haben auto_increment_increment=10,\nServer A hat auto_increment_offset=0 und Server B hat auto_increment_offset=1.\nIch lege mir eine Tabelle mit einem auto_increment-Feld (id) an und mache auf Server A einen INSERT, dann kriegt die row id=0, und wird auf B repliziert, richtig?\nDann noch einen INSERT auf A, die row kriegt id=10, und wird auf B repliziert.Wenn ich jetzt auf B einen INSERT mache, welchen Wert kriegt das id in der row?\nStatt einer Antwort hier die Methode zum selber rausfinden.\nWir installieren zwei MySQL-Instanzen zum Testen (Mac OS X mit Macports). Das ist recht einfach, denn dazu muß man nur zwei Datenverzeichnisse mit mysql_install_db initialisieren und passende minimale Konfigurationen erzeugen.\nKK:~ kris$ cd /tmp KK:tmp kris$ mkdir eins zwei KK:tmp kris$ mysql_install_db5 --datadir=/tmp/eins --user=kris Installing MySQL system tables... ... KK:tmp kris$ mysql_install_db5 --datadir=/tmp/zwei --user=kris Installing MySQL system tables... ... KK:tmp kris$ cd eins KK:eins kris$ cat \u0026gt; my.cnf [mysqld] datadir=/tmp/eins socket=/tmp/eins/mysql.sock port=3307 log_bin server_id = 1 auto_increment_increment = 10 auto_increment_offset = 1 innodb KK:eins kris$ cd ../zwei KK:zwei kris$ cat my.cnf [mysqld]datadir=/tmp/zwei socket=/tmp/zwei/mysql.sock port=3308 log_bin server_id = 2 auto_increment_increment = 10 auto_increment_offset = 2 innodb Die Server können nun gestartet werden. Wir geben jedem Server einen Zeiger auf seine Konfiguration mit.\nKK:zwei kris$ cd ../eins KK:eins kris$ mysqld_safe5 --defaults-file=/tmp/eins/my.cnf \u0026amp; 100817 13:05:02 mysqld_safe Logging to \u0026#39;/tmp/eins/KK.local.err\u0026#39;. 100817 13:05:02 mysqld_safe Starting mysqld daemon with databases from /tmp/eins KK:eins kris$ cd ../zwei KK:zwei kris$ mysqld_safe5 --defaults-file=/tmp/zwei/my.cnf \u0026amp; 100817 13:05:40 mysqld_safe Logging to \u0026#39;/tmp/zwei/KK.local.err\u0026#39;. 100817 13:05:40 mysqld_safe Starting mysqld daemon with databases from /tmp/zwei KK:zwei kris$ lsof -i -n -P | grep my mysqld 1042 kris 10u IPv4 0x05691740 0t0 TCP \\*:3307 (LISTEN) mysqld 1112 kris 10u IPv4 0x0ba7eec8 0t0 TCP \\*:3308 (LISTEN) Nachdem wir die zwei Server laufen haben und beide leer sind, können wir eine Datenbank aufsetzen und die Replikation konfigurieren. Wir nutzen hier den Spezialfall, daß beide Server dieselben Daten haben, weil sie leer sind, können uns also eine Menge Arbeit sparen.\nIch habe die Angewohnheit, bei multiplen Instanzen auf einer Hardware @@hostname und @@datadir abzufragen, da die Kombination beider Werte eine Instanz eindeutig identifiziert. So kann ich sicher sein, mit dem richtigen Server zu sprechen.\nKK:zwei kris$ mysql5 --host=127.0.0.1 --port=3307 ... root@localhost [(none)]\u0026gt; select @@hostname, @@datadir; +------------+------------+ | @@hostname | @@datadir | +------------+------------+ | KK.local | /tmp/eins/ | +------------+------------+ 1 row in set (0.00 sec) root@localhost [(none)]\u0026gt; create database kris; Query OK, 1 row affected (0.00 sec) root@localhost [(none)]\u0026gt; create table kris.t ( id integer not null primary key auto_increment, d varchar(20) charset latin1 ) engine = innodb; Query OK, 0 rows affected (0.10 sec) root@localhost [(none)]\u0026gt; quit Bye Und dasselbe drüben auch noch mal.\nKK:zwei kris$ mysql5 --host=127.0.0.1 --port=3308 root@localhost [(none)]\u0026gt; select @@hostname, @@datadir; +------------+------------+ | @@hostname | @@datadir | +------------+------------+ | KK.local | /tmp/zwei/ | +------------+------------+ 1 row in set (0.00 sec) root@localhost [(none)]\u0026gt; create database kris; Query OK, 1 row affected (0.00 sec) root@localhost [(none)]\u0026gt; create table kris.t ( id integer not null primary key auto_increment, d varchar(20) charset latin1 ) engine = innodb; Query OK, 0 rows affected (0.06 sec) root@localhost [(none)]\u0026gt; quit Bye Nachdem wir jetzt eine Testdatenbank mit einer leeren Testtabelle haben, können wir replizieren. Wir setzen zunächst einmal den Server 3307 (eins) auf. Dazu definieren wir einen Account für zwei mit dem Privileg replication slave und notieren die Binlog-Position von eins:\nKK:zwei kris$ mysql5 --host=127.0.0.1 --port=3307 ... root@localhost [(none)]\u0026gt; grant replication slave on \\*.\\* to \u0026#39;zwei\u0026#39;@\u0026#39;127.0.0.1\u0026#39; identified by \u0026#39;s3cr3t!\u0026#39;; Query OK, 0 rows affected (0.05 sec) root@localhost [(none)]\u0026gt; show master status; +---------------+----------+--------------+------------------+ | File | Position | Binlog_Do_DB | Binlog_Ignore_DB | +---------------+----------+--------------+------------------+ | KK-bin.000003 | 106 | | | +---------------+----------+--------------+------------------+ 1 row in set (0.00 sec) root@localhost [(none)]\u0026gt; quit Bye Mit diesen Daten können wir nun zwei einrichten. Auch dort muß ein Account mit replication slave eingerichtet werden. Wir lassen außerdem einmal ein CHANGE MASTER Statement los, und starten den Slave auf zwei, sodaß er von eins repliziert. Am Ende notieren wir uns das Binlog von zwei, um auch auf eins ein CHANGE MASTER machen zu können.\nKK:zwei kris$ mysql5 --host=127.0.0.1 --port=3308 ... root@localhost [(none)]\u0026gt; grant replication slave on \\*.\\* to \u0026#39;eins\u0026#39;@\u0026#39;127.0.0.1\u0026#39; identified by \u0026#39;s3cr3t!\u0026#39;; Query OK, 0 rows affected (0.00 sec) root@localhost [(none)]\u0026gt; change master to master_host = \u0026#39;127.0.0.1\u0026#39;, master_port = 3307, master_user = \u0026#39;zwei\u0026#39;, master_password = \u0026#39;s3cr3t!\u0026#39;, master_log_file = \u0026#39;KK-bin.000003\u0026#39;, master_log_pos = 106; Query OK, 0 rows affected (0.80 sec) root@localhost [(none)]\u0026gt; start slave; Query OK, 0 rows affected (0.02 sec) root@localhost [(none)]\u0026gt; show slave status\\G ... Slave_IO_Running: Yes Slave_SQL_Running: Yes ... root@localhost [(none)]\u0026gt; show master status; +---------------+----------+--------------+------------------+ | File | Position | Binlog_Do_DB | Binlog_Ignore_DB | +---------------+----------+--------------+------------------+ | KK-bin.000003 | 246 | | | +---------------+----------+--------------+------------------+ 1 row in set (0.00 sec) root@localhost [(none)]\u0026gt; quit Bye Jetzt muß nur noch auf dem Server eins das CHANGE MASTER mit diesen Daten laufen.\nKK:zwei kris$ mysql5 --host=127.0.0.1 --port=3307 ... root@localhost [(none)]\u0026gt; change master to master_host = \u0026#39;127.0.0.1\u0026#39;, master_port = 3308, master_user = \u0026#39;eins\u0026#39;, master_password = \u0026#39;s3cr3t!\u0026#39;, master_log_file = \u0026#39;KK-bin.000003\u0026#39;, master_log_pos = 246; Query OK, 0 rows affected (0.77 sec) root@localhost [(none)]\u0026gt; start slave; Query OK, 0 rows affected (0.00 sec) root@localhost [(none)]\u0026gt; show slave status\\G ... Slave_IO_Running: Yes Slave_SQL_Running: Yes ... Wir haben nun einen Ring, der zwischen zwei Instanzen auf Port 3307 und Port 3308 repliziert. Das kann man auch sehen:\nKK:zwei kris$ lsof -i -n -P | grep my mysqld 1210 kris 11u IPv4 0x06091e98 0t0 TCP \\*:3307 (LISTEN) mysqld 1210 kris 31u IPv4 0x0ba6def8 0t0 TCP 127.0.0.1:3307-\u0026gt;127.0.0.1:50981 (ESTABLISHED) mysqld 1210 kris 37u IPv4 0x098bab4c 0t0 TCP 127.0.0.1:50989-\u0026gt;127.0.0.1:3308 (ESTABLISHED) mysqld 1282 kris 11u IPv4 0x0ba7eec8 0t0 TCP \\*:3308 (LISTEN) mysqld 1282 kris 31u IPv4 0x0ba7faec 0t0 TCP 127.0.0.1:3308-\u0026gt;127.0.0.1:50989 (ESTABLISHED) mysqld 1282 kris 35u IPv4 0x098b9b1c 0t0 TCP 127.0.0.1:50981-\u0026gt;127.0.0.1:3307 (ESTABLISHED) Jetzt können wir testen:\nKK:zwei kris$ mysql5 --host=127.0.0.1 --port=3307 -e \u0026#39;insert into kris.t values (NULL, \u0026#34;auf eins\u0026#34;);\u0026#39; KK:zwei kris$ mysql5 --host=127.0.0.1 --port=3308 -e \u0026#39;insert into kris.t values (NULL, \u0026#34;auf zwei\u0026#34;);\u0026#39; KK:zwei kris$ mysql5 --host=127.0.0.1 --port=3308 -e \u0026#39;select \\* from kris.t;\u0026#39; +----+----------+ | id | d | +----+----------+ | 1 | auf eins | | 2 | auf zwei | +----+----------+ KK:zwei kris$ mysql5 --host=127.0.0.1 --port=3307 -e \u0026#39;insert into kris.t values (NULL, \u0026#34;nochmal eins\u0026#34;);\u0026#39; KK:zwei kris$ mysql5 --host=127.0.0.1 --port=3307 -e \u0026#39;select \\* from kris.t;\u0026#39; +----+--------------+ | id | d | +----+--------------+ | 1 | auf eins | | 2 | auf zwei | | 11 | nochmal eins | +----+--------------+ Die Antwort lautet also:\nJeder Server hat seinen eigenen AUTO_INCREMENT-Zähler an der Tabelle, der mit dem auto_increment_offset initialisiert wird und der in Schritten von auto_increment_increment hochgezählt wird. Das geschieht jedoch nur, wenn ein Nullwert in die Tabelle eingetragen wird, also nur bei lokalen INSERT-Statements. Statements, die durch Replikation übermittelt werden, bringen einen Wert vom Master mit und zählen nichts hoch.\n","date":"2010-08-17T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/17/ein-ring-mit-zwei-mysql-servern-und-auto-increment-increment.html","tags":["mysql","replication","lang_de"],"title":"Ein Ring mit zwei MySQL-Servern und auto_increment_increment"},{"categories":null,"content":"The Fuller Memorandum , Charles Stross, EUR 9.90, 384 Seiten\nDer 3. Band mit Geschichten von Bob Howard, IT Specialist und Feldagent der Laundry, jener britischen Behörde, die sich darum kümmert, das niemand aus Versehen Cthulhu beweist.\nIm Laundryverse ist höhere Mathematik mit schwarzer Magie identisch und kann das Gewebe der Realität umdefinieren, und Verschwörungstheorien werden real, wenn nur genug Leute daran glauben. Im Fuller Memorandum muß sich Bob mit seinem merkwürdigen Chef, Angleton, auseinandersetzen. Wir erfahren, woher er kommt, wieso er nicht wirklich älter wird, und wir lernen eine Menge über das viktorianische London. Stross konsolidiert seine Laundry-Legende etwas, und wechselt die Erzählperspektive: Angleton fordert Bob auf, seine Memoiren zu schreiben, denn er sei ja nun schon länger im Dienst der Laundry und es wäre schlecht, wenn seine Erfahrung verloren ginge - wir bekommen also eine etwas ungewohnte Icherzähler-Perspektive im Präsens, die anfangs etwas Mühe beim Lesen macht. Dafür ist die Story weniger anstrengend als das um Anspielungen und Gags bemühte The Jennifer Morgue, und es beginnt sich abzuzeichnen, wie gritty und blutig das Laundryverse werden wird, sobald die Sterne richtig stehen und CASE NIGHTMARE GREEN eintritt.\n","date":"2010-08-16T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/16/fertig-gelesen-the-fuller-memorandum.html","tags":["book","review","cthulhu","media","stross","lang_de"],"title":"Fertig gelesen: The Fuller Memorandum"},{"categories":null,"content":"Immer mal wieder kommt jemand im Internet auf die Idee, wie man Master-Master und verteilte Transaktionen ganz einfach realisieren kann. MySQL verteilte Daten von Okami ist ein gutes Beispiel für diese Idee:\nWir nutzen dabei aus, dass MySQL bei zusammengesetzten Indizes einen AUTO_INCREMENT-Wert pro distinktem Schlüsselpräfix zählt. Das heißt ganz konkret: Wir legen einen Primär-Schlüssel aus zwei Spalten zusammen. In der ersten Spalte verwenden wir einen sehr kleinen Wert, der die Quelle der Daten kennzeichnet: Source tinyint unsigned NOT NULL; Den zweiten Teil legen wir als einfache ID int unsigned NOT NULL AUTO_INCREMENT an. Und ein Timestamp-Wert bietet sich für das Triggern der Updates an.\nDiese Lösung ist exemplarisch schön, weil sie beide Fehlannahmen enthält, die man bei der direkten Lösung des Problems machen kann.\nErstens setzt sie voraus, daß zusammengesetzte Primärschlüssel mit AUTO_INCREMENT portabel sind. Zweites setzt sie voraus, daß man mit Timestamps Änderungen replizieren kann. Zusammengesetzte Primärschlüssel Zunächst einmal ist es so, daß in InnoDB ein zusammengesetzter Primärschlüssel mit AUTO_INCREMENT nicht funktioniert.\nroot@localhost [kris]\u0026gt; create table t ( -\u0026gt; source tinyint unsigned not null, -\u0026gt; id int unsigned not null auto_increment, -\u0026gt; ts timestamp, -\u0026gt; primary key (source, id) -\u0026gt; ) engine = innodb; ERROR 1075 (42000): Incorrect table definition; there can be only one auto column and it must be defined as a key Dieses Feature existiert nur für MyISAM:\nroot@localhost [kris]\u0026gt; create table t ( -\u0026gt; source tinyint unsigned not null, -\u0026gt; id int unsigned not null auto_increment, -\u0026gt; ts timestamp, -\u0026gt; primary key (source, id) -\u0026gt; ) engine = myisam; Query OK, 0 rows affected (0.23 sec) Es ist eines der Standard-Migrationshindernisse von MyISAM nach InnoDB.\nDas \u0026ldquo;macht\u0026rdquo; nichts, da MySQL einen anderen Mechanismus zur Verfügung stellt, der mit einem einfachen AUTO_INCREMENT auskommt und dieselbe Logik nachbildet: Die Variablen auto_increment_increment und auto_increment_offset erlauben es, einen AUTO_INCREMENT Zähler in Sprüngen hochzuzählen und jedem Server einen anderen Modulo-Wert zuzuteilen. Man setzt dazu auto_increment_increment auf allen Servern auf die Anzahl der Server (oder besser, die maximale Anzahl der Server, die man jemals haben will) und auto_increment_offset auf den Wert, den man sonst in source eingespeichert hätte. Man teilt also jedem Server einen anderen Startwert zu, und setzt eine ausreichend große Schrittweite, sodaß man auch später noch Server einfügen kann.\nMulti-Master für mehr als INSERT: 2PC Damit löst man jedoch nur das Problem der INSERT-Statements, nicht das Problem von UPDATE- und DELETE-Statements. Zum Beispiel ist es so, daß man ein Paar von Servern mit auto_increment_increment = 2 betreiben kann und ein Server ungerade und der andere gerade IDs erzeugt. Der ungerade Server bekommt die geraden IDs per Replikation und umgekehrt.\nNatürlich kann man nun auf dem ungeraden Server und dem geraden Server zeitgleich den Datensatz mit der ID = 17 ändern, und zwar uneinheitlich, d.h. auf einem Server setzt man preis = 2 und auf dem anderen zeitgleich preis = 3. Es ist nun zufällig, welcher Preis sich systemweit durchsetzt und ob das System überhaupt auf einen einheitlichen Preis konvergiert, denn es gibt keinen Systemweiten Mechanismus, der das kontrollieren und steuern würde.\nMySQL Cluster hat einen solchen Mechanismus, 2PC , und er hat einen hohen Preis (Latenz). Ohne einen solchen Mechanismus gibt es jedoch keinen Multi-Master, sondern nur lose gekoppelte Server in einem Ring.\nDer Ring jedoch kann ohne ein Protokoll für verteilte Transaktionen jederzeit auseinander fallen, wenn man nicht zusätzliche Bedingungen aufstellt, wer wann wo schreiben darf. Der Extremfall sind Mogelpackungen wie MMM , die sich zwar Master-Master nennen, Schreibzugriffe zu jedem gegebenen Zeitpunkt aber nur an einer Stelle zulassen.\nTimestamps reichen nicht aus für eine Replikations-Simulation Der zweite häufig gemachte Fehler ist die Annahme, daß Timestamp-Werte ausreichend sind für eine Replikations-Simulation (also um Änderungen zu tracken). Das fällt zweimal auf die Nase: Timestamps sind extern getaktet, so werden also so schnell hochgezählt wie die Auflösung des Timers definiert ist. In MySQL also wird maximal eine Änderung pro Sekunde pro Row erfaßt. Treten Änderungen schneller als das auf, ist es möglich, daß sich der Wert eines Records ändert, aber der Timestamp nicht.\nDie Abhilfe sind Versionszähler, die durch die Änderung selbst getaktet werden. Da die Änderung auch den Versionszähler verändert, ist sie auf jeden Fall erkennbar, egal wie schnell sie hintereinander auf derselben Row erfolgt. Die Grenze ist hier das zum Zählen notwendige Locking, das der Zählfrequenz eine obere Grenze setzt.\nBeide Verfahren scheitern jedoch an Löschungen, da ein DELETE die Row entfernt und damit auch der Zähler fehlt - man bekommt bei gelöschten Rows also gar nicht mit, daß etwas zu machen ist.\nÜblicherweise behilft man sich mit Scheinlöschungen, die ein deleted-Flag in der Zeile setzen, die als gelöscht gelten soll. Das wiederum macht alle Abfragen komplizierter, da jeder Bedingung ein WHERE deleted = 0 AND \u0026hellip; zugefügt werden muß.\n","date":"2010-08-16T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/16/master-master-und-distributed-transactions.html","tags":["mysql","replication","lang_de"],"title":"Master-Master und Distributed Transactions"},{"categories":null,"content":"Batwoman: Elegy (Deluxe Edition), Greg Rucka, J.H. Williams III, EUR 18.00, 192 Seiten.\nIch glaub es liegt an mir. DC hat die Angewohnheit, sich alle paar Jahrzehnte in seiner Geschichtenerzählung zu verrennen und muß dann sein Universum neu starten. Neulich war es mal wieder so weit, und wir bekommen nun offenbar einen Haufen Romane, in denen die Ursprungsgeschichte der verschiedenen Superhelden mal wieder umgebaut wird und neu erzählt wird. Wahrscheinlich bin ich zu alt, aber mir geht das auf den Sack.\nWie dem auch sei, Batwoman Elegy ist eine neue Batwoman, mit einem neuen Hintergrund, aus einem neuen Restart von DC. Writer ist Greg Rucka, Zeichner ist J.H. Williams III und sein Zeichenstil könnte mir eigentlich zusagen. Der neue NCIS-hafte militärisch-kriminalistische Hintergrund, und die animehafte Verquickung von unwahrscheinlichen Schicksalen (\u0026ldquo;Bei der Geburt getrennt und jetzt Gegnerinnen\u0026rdquo;) passen aber nicht zu meinem Bild der Gothamiten, und so ist das wahrscheinlich mein letzter Kauf im neu gestarteten DC Universum gewesen.\n","date":"2010-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/14/fertig-gelesen-batwoman-elegy.html","tags":["book","review","comic","media","lang_de"],"title":"Fertig gelesen: Batwoman Elegy"},{"categories":null,"content":"(Teil 3, siehe auch Teil1 und [Teil 2]({* link _posts/2010-08-06-netzwerk-berlast-vs-netzwerkneutralit-t.md %}), Petition hier Mein DSL hat 16 MBit im Downstream. Das heißt, ich bekomme 16 000 000 Bit/s geliefert, also etwas unter 2 Megabyte pro Sekunde. Ein Tag hat 86400 Sekunden und würde ich meinen Download rund um die Uhr am Anschlag laufen lassen, wären das etwa 160 GB am Tag. Mit 30 Tagen im Monat also etwa 4.5 Terabyte im Monat als theoretisches Trafficmaximum.\nWürde ich das tatsächlich machen, würde mein Provider wahrscheinlich ein ernstes Gespräch mit mir führen, Flatrate oder nicht.\nMeistens stehen ausdrückliche Verkehrslimits in den Verträgen im Kleingedruckten (\u0026ldquo;nicht mehr als 1 TB pro Monat\u0026rdquo;) - insbesondere bei Handy-\u0026ldquo;Flatrates\u0026rdquo; - oder sie werden als weiche Klauseln formuliert (\u0026ldquo;behält sich vor, den Vertrag zu kündigen, wenn mißbräuchliche Verkehrsmengen erzeugt werden\u0026rdquo;). Erstere Formulierung ist aus Kundensicht weitaus besser als zweitere, denn Verträge macht man ja nicht für die Zeit, wenn man sich lieb hat, sondern für den Fall, daß man einmal Streit hat.\nWenn Provider Verträge untereinander machen, dann stehen da in der Regel untereinander nicht Volumina in den Verträgen (\u0026ldquo;5 TB pro Monat\u0026rdquo;), sondern durchschnittliche und Spitzenbandbreiten (\u0026ldquo;nicht mehr als durchschnittlich 16 MBit/s im Monatsmittel und nicht mehr als 100 MBit/s Spitzenlast\u0026rdquo;). Diese Werte kann man dann mehr oder weniger direkt in einen Trafficshaper fallen lassen und die Limits umsetzen. Meist steht in so einem Vertrag - wenn die Techniker ihre Anwälte korrekt eingenordet haben - im Rahmen eines Service Level Agreements auch was zu anderen Parametern der Leitung - Verfügbarkeit, Paketverlustraten und Latenzen (Pingzeiten) zum Beispiel.\nDer Punkt dabei ist, daß man im Rahmen einer solchen Spezifikation Trafficmanagement betreiben kann.\nDas heißt, der Bandbreite liefernde Provider - der Anbieter - kann die vertraglich zugesicherten Eigenschaften durch Trafficshaping erzwingen. Und der die Bandbreite nutzende Provider - der Kunde - kann die ihm bereitgestellte Bandbreite durch eigene Maßnahmen aufteilen und regeln. Das ist das, was man erwartet und rechtlich wie netz-ideologisch vollkommen legitim.\nEs wäre absurd, würde der die Bandbreite stellende Provider diese Regelung vornehmen (\u0026lsquo;Zu IP-Nummern im Netz von Google nicht mehr als 1 MBit/s im Monatsmittel und nicht mehr als 1 MBit/s Spitzenlast\u0026rsquo;). Es kommt also darauf an, bei wem die Kontrolle über die Bildung von Verkehrsklassen liegt, über die in dieser Diskussion andernorts immer wieder geredet wird. Es kommt nicht darauf an, welcher Provider dabei mitwirkt, solange die Kontrolle an der richtigen Stelle - beim Kunden - liegt.\nDas ist Netzneutralität erster Ordnung - direkte Netzneutralität. Wenn der Kunde diese Kontrolle nicht hat oder aus technischen Gründen nicht haben kann (mir fällt grad kein Szenario ein, bei dem das zwingend so wäre), dann kann man Traffic nach fixen Prioritäten mit variablen Grenzen priorisieren. Der Kunde stellt sich eine Hierarchie von Traffic auf: Bei den meisten Kunden ist die recht ähnlich und sieht wahrscheinlich wie unten gezeigt aus (Vielleicht Position 1 und 2 getauscht).\nLatenz-sensitive Anwendungen: Spiele und interaktive Unterhaltung\nInteraktives Streaming: Telefonie und Videofonie\nUnidirektionale Streams: Webradio, Videostreamsinteraktive Anwendungen ohne kritische Latenz: Chat, Webtraffic\nUnidirektionaler Verkehr ohne Latenz: Downloads\nBidirektionaler Bulk-Traffic: P2P, Swarm Load\nWichtig ist, daß den einzelnen Klassen keine festen Bandbreiten zugeordnet werden, sondern daß der Kunde seine gesamte gekaufte Bandbreite voll nutzen kann, wobei Verkehr aus einer höheren Klasse Verkehr aus einer niederen Klasse verdrängt (oder bis auf eine garantierte Minimum-Bandbreite zusammendrückt). Würde man feste Grenzen zuordnen, sind Szenarien denkbar, bei denen der Kunde seine gekaufte Bandbreite nicht voll nutzen kann, weil er nicht den Traffic von der richtigen Art hat (\u0026ldquo;Ja, sie haben noch 15 MBit/s frei, aber die sind nur für Telefonie und nicht für P2P nutzbar\u0026rdquo;).\nWichtig ist aus wettbewerbsgründen auch, daß nach Diensten unterschieden wird (durch QoS-Merkmale an den Paketen, aber dann kontrolliert es ja wieder der Kunde, oder Port-Nummern), aber nicht nach Dienstanbietern (nach IP-Nummern oder den AS-Nummern, die den IPs zugeordnet werden können), sodaß die Klasseneinteilung Anbieter-agnostisch ist.\nDas ist Netzwerkneutralität zweiter Ordnung, indirekte Netzwerkneutralität. Keine Netzwerkneutralität liegt vor, wenn der Anbieter beim Kunden dafür kassiert, daß bestimmte Dienste von Dritten besser (oder überhaupt) funktionieren, der Anbieter also den Dritten als Geisel nimmt, um gegenüber dem Kunden die Dienstleistung von Dritten zu monetarisieren. Das ist ein klarer Verstoß gegen Netzwerkneutralität - und wahrscheinlich auch ein Verstoß gegen EU-Wettbewerbsrichtlinien.\nDas bringt uns dann zu den Scheinheiligkeiten in dieser Diskussion.\n\u0026ldquo;Die Verkehrsmenge steigt und wir müssen sie managen\u0026rdquo; ist ein technisches Argument und kann Anbieter- und Kunden-agnostisch gelöst werden - Netzwerkneutralität zweiter oder erster Ordnung können problemlos gewährleistet werden. Ein erster Schritt dazu wäre es, das unsinnige Wort \u0026ldquo;Flatrate\u0026rdquo; auszumerzen und den Kunden (Endkunden!) die Begriffe Volumen, Bandbreite und Latenz beizubringen und sie zu lehren, was für Anforderungen sie denn so im Rahmen dieser Begriffe im Schnitt an ihren Netzwerkanschluß haben.\nDie meisten Kunden wissen es nicht und es ist die Unsicherheit, die aus dieser Unwissenheit folgt, die sie eine \u0026ldquo;Flatrate\u0026rdquo; kaufen läßt (die gar keine ist). Kunden, die wissen, was sie brauchen, können mit ihrem Diensteanbieter dan auch sinnvoll argumentieren und vor allen Dingen echte Angebote mit echten technischen Daten vergleichen. Das ist genau die Situation, die die Diensteanbieter vermeiden wollen.\n\u0026ldquo;Die Verkehrsmenge steigt und wir müssen sie managen\u0026rdquo; ist genau nicht das, was die Anbieter wollen, die gerade die Diskussion um die Aufhebung des Status Quo vom Zaun brechen. Was sie eigentlich wollen ist \u0026ldquo;Wir wollen nicht länger inhaltsagnostisch Pakete als Schüttgut durch die Gegend schippern, weil da die Margen doof sind. Sondern wir wollen den subjektiven Wert eines jeden Datenpaketes für Absender und Empfänger ermitteln und differenziert monetarisieren.\u0026rdquo;\nOder, in klareren Worten: \u0026ldquo;Deine Skype-Pakete sind Dir mehr wert als Deine P2P-Pakete. Wäre doch schade, wenn denen was passiert, oder?\u0026rdquo;.\nDas kann Telekom-Verizon-Telefonica-Vodafone-wasauchimmer natürlich nicht so formulieren, darum das Getue um Bandbreiten-Engpässe und die allgemeine Angstrethorik (cf. Matthias Schwenk bei Carta.Info und die eigenartige Reaktion bei der Enquete ).\nNetzneutralität erster und zweiter Ordnung dient dazu, egal wie man sie formuliert, diese Erpressungsversuche der Provider (bei der Enqueue verwendet man stattdessen das Wort Differenzierung) im Kern zu verhindern. Das ist ordnungspolitisch notwendig, weil man sonst Providern jede Motivation nimmt, Bandbreite auszubauen - im Gegenteil, die Geschäftsgrundlage für das Erpressungsgeschäft bricht zusammen, sobald das Netz ausreichend Kapazität hat.\nUnd es ist systematisch notwendig, weil man sich sonst auch wettbewerbsrechtlich ins Bein schießt.\nUnd eigentlich sollten sich auch die Provider überlegen, was genau sie da tun und wollen. Denn wenn sie \u0026ldquo;Traffic managen\u0026rdquo;, indem sie in die Pakete hineinsehen - mit Deep Packet Inspection - dann können sie sich nicht mehr auf ihren \u0026ldquo;Ich transportiere die Ware nur, ich weiß nicht was drin ist\u0026rdquo;-Status zurückziehen und müssen sich sehr bald Forderungen stellen, die für AlQuadiaTerroristenRaubkopierKinderschänderDatenPakete eine gemanagete Bandbreite von 0 fordert - da tut sich dann sehr bald für Providers wie auch für Kundens eine ganze Menge Spaß auf.\nWeitere lesenswerte Artikel zum Thema:\nEnno Park: Google jetzt offiziell “evil” – Initiative “Pro Netzneutralität” gegründet. Enno hat einige interessante Vergleiche da drin. Technology Liberation Front: Deconstructing the Google-Verizon Framework. Die Dekonstruktion besteht in einem Vergleich des Google/Verizon-Vorschlags mit dem aktuellen Stand einer möglichen FCC-Regulierung. Die Unterschiede sind weitaus kleiner als vermutet, aber interessant. Wired.com: Why Google Became A Carrier-Humping, Net Neutrality Surrender Monkey. TL;DR ist im wesentlichen: Googles Geschäft muß sich diversifizieren, und Android und Youtube sind Ecksteine in diesem Plan. Google braucht die Carrier als Verbündete, damit dieser Plan aufgeht. c\u0026rsquo;t (Heise): Umfrage zu Schmalbandanschlüssen (Teil von Internet der Zukunft . \u0026ldquo;Einige Ergebnisse [der Umfrage] entsprachen den Erwartungen, andere hingegen boten Überraschungen. Etwa dass fast neunzig Prozent der Teilnehmer eher aufs Fernsehen verzichten würden als auf einen Breitbandanschluss. ","date":"2010-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/14/netzneutralit-t-was-ist-okay-und-was-ist-es-nicht.html","tags":["internet","netzneutralität","politik","lang_de"],"title":"Netzneutralität - was ist okay und was ist es nicht?"},{"categories":null,"content":"Sturm über roten Wassern , Scott Lynch, EUR 16.00, 944 Seiten.\nNach den Lügen von Locke Lamora stellte ich erfreut fest, daß es einen zweiten Band gibt.\nDie Folgen der Ereignisse in Camorr haben es notwendig gemacht, daß Locke und sein Freund die Stadt verlassen. Nach einigen Verwicklungen landen sie in Tal Verrar, wo sie das Projekt beginnen, ein großes und sehr gut gesichertes Spielcasino auszunehmen. Doch auch hier werden sie in politische Verwicklungen hineingezogen: Die Stadt wird von einem Rat regiert, der die Regierungsgewalt an einen Archonten abgetreten hat - nur vorübergehend natürlich, bis das Piratenproblem behoben ist. Das ist es nun, und der Archont hätte gerne wieder mehr Piraten, der Rat die Macht zurück, die Piraten bestehen ebenfalls aus mehreren Fraktionen und Locke hat außerdem immer noch Ärger mit den Soldmagiern aus Band 1, die sich als überaus nachtragend erweisen. Die Gentleman-Ganoven stehen jetzt vor dem Problem, die verschiedenen Interessengruppen gegeneinander auszuspielen, auf hoher See zu überleben und außerdem noch ihren Casino-Coup durchzuziehen.\nScott Lynch wechselt den Erzählstil ein wenig, denn der einführende Lost-artige Rückblendenstil aus dem ersten Teil würde nun, da die Vorgeschichten der Charactere bekannt sind, nicht mehr funktionieren. Stattdessen weitet er den Fokus aus, und zeigt dem Leser mehr Orte und Hintergrund seiner Erzählwelt, ohne zu viel an Erzähltempo zu verliere. Wenn man sich darauf einläßt, bekommt man eine Geschichte mit einer cinestisch aufgemachten Handlung, die noch mehr an eine gute Shadowrun-Story in einer Fantasywelt erinnert als es schon der erste Teil tut.\n","date":"2010-08-12T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/12/fertig-gelesen-sturm-ber-roten-wassern.html","tags":["book","review","media","lang_de"],"title":"Fertig gelesen: Sturm über roten Wassern"},{"categories":null,"content":" Die Initiative Pro-Netzneutralität schreibt:\nWir wollen ein freies und offenes Internet sicherstellen.\nEin freies Internet ohne staatliche oder wirtschaftliche Eingriffe ist Garant für freien Meinungsaustausch weltweit und damit die direkte Ableitung des Rechts auf Meinungsfreiheit. Netzneutralität ist elementar für unsere Demokratie.Netzneutralität fördert die Entfaltung kreativer und ökonomischer Potentiale und sichert damit das Innovationspotential des Internets.\nDie Innovationsfähigkeit der Wirtschaft wird gestärkt wenn Entwicklungen frei online verfügbar sind und auch in neuen kollaborativen Ansätzen weiterentwickelt werden können.\nInnovationen brauchen Offenheit – die Möglichkeiten des Internets auf einige wenige Privileigierte zu beschränken, läuft dem entgegen.\nUnterstütze die Initiative und Zeichne Mit! .\n","date":"2010-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/11/netzneutralit-t-ist-der-schl-ssel-zur-wahrung-des-freien-internets.html","tags":["internet","netzneutralität","politik","lang_de"],"title":"Netzneutralität ist der Schlüssel zur Wahrung des freien Internets!"},{"categories":null,"content":"Die Lügen des Locke Lamora , Scott Lynch, EUR 14.00, 848 Seiten.\nVia Heiko fand sich neulich Die Lügen des Locke Lamora auf dem Wohnzimmertisch und ich bin übel dran hängen geblieben.\nEine Diebesgeschichte. Camorr, eine Stadt wie ein übel korrumpiertes Venedig, in der sich noch die Überreste einer älteren, höheren Zivilisation finden. Locke Lamora, ein Waisenkind, das zum Dieb erzogen wird und den Geheimen Frieden zwischen dem Adel und der vom Adel geduldeten Diebesgilde bricht: In komplizierten und ineinander verschachtelten Plots und Hochstapeleien ziehen Locke und seine Gang, die Gentleman-Gangster die Reichen und Mächtigen der Stadt ab. Bis sie in den Plot eines anderen geraten, der Rache will.\nMan stelle sich eine Fantasy-Gegend nicht unähnlich den Küstenstaaten in Midgard vor, in denen der Autor Geschichten im feinsten Stil von Shadowrun erzählt, mit Plänen innerhalb anderer Pläne und Verrat an Verrätern.\nScott Lynch erzählt die Geschichte der Gentleman-Ganoven und ihrer Coups, und schneidet immer wieder Rückblenden ein, in denen er auf die einzelnen Gangmitglieder fokussiert und ihre Geschichte und ihren Werdegang beleuchtet, um die Charactere besser zu zeichnen. Parallel dazu legt er in der Haupthandlung ein halsbrecherisches Tempo vor, in dem eine Überraschung oder Eskalation die nächste jagt. Am Ende macht der Held mal gerade so seinen Schnitt - aber was dazwischen passiert ist spannend zu lesen.\n","date":"2010-08-10T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/10/fertig-gelesen-die-l-gen-des-locke-lamora.html","tags":["book","review","media","lang_de"],"title":"Fertig gelesen: Die Lügen des Locke Lamora"},{"categories":null,"content":"Der Name des Windes: Die Königsmörder-Chronik. Erster Tag , Patrick Rothfuss, 16.95 EUR, 896 Seiten.\n\u0026ldquo;Der Name des Windes\u0026rdquo;, Patrick Rothfuss\nVor einem oder gar zwei Geburtstagen sandte mir Martin dieses Buch zu, aber ich bin schon lange nicht mehr zum Lesen von Papier gekommen, also stand es herum. Jetzt habe ich endlich Gelegenheit gehabt, mir das Buch vorzunehmen.\nKvothe ist ein Gastwirt und ein gebrochener Mann, doch einst war er ein berücktigter Zauberer und Musiker, um den sich zahlreiche Legenden ranken. Der Chronist spürt Kvothe auf und versucht durch die Legenden und Geheimnisse zu dringen und die wahre Geschichte von Kvothe aufzuschreiben. Zusammen mit dem Chronisten tauchen wir ein in die Geschichte von Kvothe, einem Jungen aus ärmlichen Verhältnissen, der versucht, seiner Begabung gerecht zu werden und sich selbst zu finden, und den aus irgendeinem Grunde die Welt als Helden sieht.\nDer Name des Windes ist endlich einmal High Fantasy ohne Bananenplot (\u0026ldquo;Wenn das geweissagte Kind und die Banane zusammen kommen wird der fiese X, der sich die Banane widerrechtlich angeeignet hat, endlich gestürzt werden\u0026rdquo;) und kontinentgroße Armeen von Monstern. Stattdessen haben wir eine Geschichte mit einer wunderbaren Sprache, echten Characteren und einer dichten Atmosphäre.\nDas sehr lesenswerte erste Buch einer Trilogie, von der der 2. und 3. Teil noch nicht geschrieben werden (und bei dem der Autor mehr als ein Jahrzehnt für den ersten Teil gebracht hat). Lästig, denn es wird den 2. Band frühestens 2011 geben, falls Patrick Rothfuss seine Termine hält.\n","date":"2010-08-08T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/08/fertig-gelesen-der-name-des-windes.html","tags":["book","media","review","lang_de"],"title":"Fertig gelesen: Der Name des Windes"},{"categories":null,"content":"Lustige Dinge passieren. Alle Welt rüstet ihre Android-Telefone zum Beispiel auf das aktuelle 2.2 \u0026ldquo;FroYo\u0026rdquo; auf, nur Vodafone nicht. Als strikte Anhänger der Auffassung, daß es den Geschmack verbessern wenn sie in etwas hineinpinkeln, lassen sie stattdessen eine Branding-Welle über die Benutzer rollen.\nHeise :\nStatt der erhofften Aktualisierung auf die Android-Version 2.2 (Froyo) bekamen die Nutzer jedoch lediglich Zugangssoftware für Vodafones Online-Dienst 360 installiert – zudem änderte das Update die Startseite des Browsers, setzte verschiedene neue Bookmarks und installierte ein Vodafone-Startlogo. Einige Anwender berichten, dass sich die Akkulaufzeit des Gerätes verschlechtert habe, bei anderen seien alle Kurznachrichten plötzlich doppelt vorhanden.\nDie Reaktion der Benutzer kam für Vodafon unerwartet: Man rottet sich zusammen, organisiert sich und prügelt auf den Dienstleister (Wie nennt man einen Dienstleister, dessen Dienst eine Last ist? Dienstlaster?) ein, zum Teil an prominenter Stelle .\nVodafon leckt sich die Wunden und robbt zurück - das Rollout ist gestoppt.\nSpannend, gleich zwei Mal. Erstens: Benutzer können sich inzwischen schnell genug und gut genug organisieren, um diese Wirkung auf den Dienstleister zu haben. Zweitens: Inzwischen ist bei Mobiltelefonen das System wichtiger als das Netz. Benutzer kaufen Telefone nach Betriebssystem und Version und legen Wert darauf, Updates unverfälscht und zeitnah zu bekommen.\nDie Strategie zeigt Wirkung?\nUpdate: Tut sie. Golem schreibt:\nAb kommendem Montag, dem 23. August 2010, beginnt Vodafone hierzulande, Android 2.2 für HTCs Smartphone als \u0026ldquo;Firmware over the Air\u0026rdquo; (FOTA) auszuliefern…. Vor allem die fest integrierten Vodafone-360-Applikationen störten viele Besitzer des HTC Desire. Auch das Branding verärgerte viele Kunden, die das HTC Desire nur gekauft hatten, weil sie von Vodafone beim Gerätekauf die Zusicherung erhalten hätten, dass das Gerät kein Branding aufweist. Daher soll das ab Montag bereitgestellte Update auf Android 2.2 ohne Branding und ohne vorinstallierte Vodafone-360-Applikationen erscheinen. Anpassungen soll es lediglich bei den Netzwerkeinstellungen geben, versicherte der Konzern Golem.de.\n","date":"2010-08-06T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/06/branding-gestoppt-wegen-benutzerprotesten.html","tags":["google","mobiltelefon","lang_de"],"title":"Branding gestoppt wegen Benutzerprotesten"},{"categories":null,"content":"Ich wollte eigentlich nichts zu Liquid Feedback schreiben, nachdem Frank Rieger das bereits alternativlos perfekt getan hat. Aber dann hat die Diskussion mich gefunden - erst im Twitter und dann in meinem \u0026lsquo;Heimatchannel\u0026rsquo; im Irc, quasi direkt auf der Couch.\nWie fange ich an? Für die, die die letzten Wochen unter einem piratenfreien Stein gelebt haben: Das Flaggschiff der Piraten, das eine Ding, das die Piraten als politisches Experiment definiert, ist das Liquid Feedback System. Es handelt sich um ein System, das den nahtlosen Übergang zwischen Direkter Demokratie und Delegation an einen Repräsentanten ermöglichen soll.\nWenn mich eine Sache interessiert und ich mich damit auszukennen glaube, dann kann ich in LF an einem Thema, Positionen und Anträgen direkt arbeiten und auch mit Abstimmen. Wenn nicht, dann kann ich mir jemanden suchen, den ich für schlau halte und ihm meine Stimme delegieren, zu einer Sache, zu einem Thema oder Global. Die Delegation ist anders als bei einer Wahl nicht für eine Legislaturperiode, sondern ich kann die Delegation auch jederzeit zurück ziehen. Delegation ist auch transitiv: Wenn mir jemand seine Stimme delegiert und ich das nicht selber machen will, dann delegiere ich nicht nur meine eigene Stimme, sondern auch die an mich delegierten Stimmen weiter (und die eigentlichen Stimmrechts-Inhaber können sehen, wo sie rauskommen und die Konsequenzen ziehen, wenn sie das wollen).\nKurz: LF ist so eine Art Abgeordnetenwatch mit dauernd mit laufenden Wahlen. Ich kann sehen, wer wie abgestimmt hat, wer an wen delegiert hat, und wer wie wann welchen Antrag wie geändert hat. Eine tolle Sache, die die Seele der Piraten auf den Punkt bringt: Kompetenz soll die Politik bestimmen, Transparenz ist das Gebot des Handelns und Technik wird innovativ eingesetzt statt sie zu fürchten.\nAlle Piraten? Nein, es gibt eine Gruppe von Piraten, die bei LF argumentiert wie die CDU bei Abgeordnetenwatch : LF ist böse, denn es verletzt die Privatsphäre.\nDas ist eine wirre Argumentation, denn das Politische ist so etwas wie per Definitionem das Gegenteil des Privaten. Es ist bei uns die Aufgabe des Volkes, die Politiker zu kontrollieren und es ist die politische Agenda der Transparenz, die sich nun gerade die Piraten auf die Fahne geschrieben haben.\nLiquid Feedback ist nun ein System, das konstruiert worden ist, die Grenze zu politischem Engagement aufzubrechen. Das kann man sich vorstellen, wie die Anfänge der Bloggerei. Vor Blogs und anderen einfachen Formen der Publikation in der Öffentlichkeit waren Urheberrecht, Markenrecht, Beleidigungstatbestände und dergleichen recht exotische Spezialtatbestände im Recht, die kaum jemanden außer ein paar Spezialisten interessiert haben. Da nun aber jeder jederzeit beliebig große Öffentlichkeiten schaffen kann, ja sogar Witzeleien um umgefallene Blumenkübel Artikel im Spiegel wert sind, sind diese Themen plötzlich für Jedermann relevant.\nLF ist nun angetreten, so etwas mit politischem Engagement zu machen: Mitarbeit am Meinungsbildungsprozeß und an politischer Willensbildung soll durch LF vereinfacht werden, und Politik soll dichter in das Leben eines Jeden integriert werden können. Das hat Konsequenzen, und ein Teil der Piratenpartei weigert sich gerade, diese Konsequenzen mitzutragen und Verantwortung zu übernehmen (Erinnert mich an GEZ für Zeitungen fordern, aber nicht nach 7 Tagen löschen wollen ).\nPolitisch engagierte Personen sind jedenfalls Personen, die besonderen Transparenzforderungen ausgesetzt sind und vom Wähler besonders beobachtet werden, und das ist gut so. Die Piratenpartei ist außerdem gerne vorne mit dabei, wenn es darum geht, solche Transparenz einzufordern. Und das ist auch gut so. Nur wenn es um die eigene politische Willensbildung geht, dann will man plötzlich das Unmögliche und vor allen Dingen das Untragbare - anonymes politisches Engagement und weiter mauscheln wie bisher.\nDas geht so nicht.\nWenn ich jemandem meine politische Macht delegiere, dann will ich wissen, wer das ist. Dann will ich vertrauen können. Vertrauen ist die Hoffnung, daß das Verhalten einer Person in der Vergangenheit ein ungefähres Maß für das Verhalten dieser Person in der Zukunft ist. Es setzt voraus, daß die Vergangenheit offengelegt wird (Transparenz), daß die Aktionen und Abstimmungen dieser Person unter einer Identität erfolgt sind (Verkettbarkeit) und daß diese Übersicht vollständig ist. Weil das so ist, ist anonyme politische Betätigung ein Widerspruch in sich - das Politische ist das Gegenteil des Privaten.\nDas kann, nein, das muß man akzeptieren und daran wachsen.\nOder man bekommt eine Partei von Mäusen. Und ein kastriertes Liquid Feedback, das nur ein mit GPG gepimptes Doodle ist (Danke, @tarzun für dieses Bild).\nAnderswo zum Thema: Spiegel Online: Online-Mitbestimmung Piraten streiten über Demokratie-Wunderwaffe Heise Newsticker: Piratenpartei auf der Gratwanderung zwischen Transparenz und Datenschutz Netzpolitik.org: Andreas Pohl mit einer Art Kompromißvorschlag (der aber am Kern der Argumentation der Gegner vorbei geht, AFAIK) Lesenswerte Analysen (statt Berichte): Frank Rieger Maha ","date":"2010-08-06T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/06/ein-sturm-aus-schei-e-ist-auch-eine-art-fl-ssiges-feedback.html","tags":["piraten","politik","lang_de"],"title":"Ein Sturm aus Scheiße ist auch eine Art flüssiges Feedback"},{"categories":null,"content":"(Grr, nicht genug Zeit, das so klar zu machen, wie ich es haben will… Egal - ich drück jetzt \u0026ldquo;Post Article\u0026rdquo;)\nDies ist der Folgeartikel zu Teil 1 .\nMedienkonvergenz Phase I heißt, daß ich einen Haufen Dienste, die früher auf unterschiedlichen Medien, Übertragungswegen und in unterschiedlichen Formaten vorgelegen habe, nun alle auf das Internet migriere und alles über dieselbe Leitung abwickele. Typisch wird \u0026ldquo;Triple Play\u0026rdquo; genannt, also Telefonie, Internet-Zugriff und Zugriff auf klassische Rundfunkinhalte.\nWenn ich das mache, habe ich das Problem, daß ich das Netz lokal überlasten kann (das kann ich immer) und das doof finde.\nLokal heißt \u0026ldquo;an einem Router\u0026rdquo;. Der kann irgendwo im Netz stehen - beim Dienstanbieter, mittendrin auf der Strecke, oder der kleine Plastik-Türstopper bei mir daheim. In der Zeichnung hier nehmen wir mal einen Router in einer Firma, und drei PCs.\nEin Router, links das Internet und rechts drei PCs. Der Router wird von rechts mit mehr Daten angeblasen als er nach links los werden kann - eine Warteschlange entsteht.\nDer meiste Datenverkehr ist lokal, und die meisten Router haben intern mehr Kapazität als sie Anbindung nach oben haben. In unserem Beispiel haben wir drei PCs angeschlossen, die jeweils mit 100 MBit/s Ethernet arbeiten und wir haben eine echt dicke Internet-Anbindung von ebenfalls 100 MBit/s. Solange die PCs untereinander reden ist alles gut.\nWenn alle drei sich aber nun entschließen, große Datenmengen hochzuladen, zum Beispiel jeweils ein DVD-Iso nach irgendwo ins Internet zu schießen, dann haben wir drei Datenquellen, die jeweils 100 MBit/s in den Router rein senden und einen Abfluß ins Internet von nur 100 MBit/s.\nZwei Sachen passieren.\nErstens: Es entsteht eine Sendewarteschlange am Router. Der Router muß also lokalen Speicher aufwenden, um Daten kurzzeitig zu puffern und so die Lastspitze abzufangen.\nZweitens: Der Router wird versuchen, die Senderate der drei PCs mit Hilfe von Flow Control (hier eher: Congestion Control) Mechanismen herunter zu regeln, so lange bis die aggregierte Bandbreite der drei Sender seine Bandbreite im Abfluß nicht mehr übersteigt - genau genommen versucht er schon im Ansatz die Sender so einzuregeln, daß die Überlastsituation möglichst nicht eintritt.\nGelingt es nicht, die Senderate der Rechner zu bremsen, läuft der Router voll und er muß, damit sein Arbeitsspeicher nicht überläuft, Pakete verwerfen.\nGibt man dem Router keine weiteren Hilfen an die Hand, dann wird er alle Dienste auf allen PCs gleichmäßig bremsen und er wird nach dem Zufallsprinzip anfangen Pakete zu verwerfen.\nDas ist genau nicht die User Experience, die der Benutzer typischerweise will, denn dem sind bestimmte Dienste wichtiger als andere.\nNetzneutralität im engeren Sinne hat man dann, wenn der Benutzer selbst in der Lage ist, die Priorisierung in einer solchen Situation nach seinen Wünschen zu beeinflussen und nicht der Netzbetreiber Verfügbarkeit und relative Leistung von Diensten oder Anbietern diktiert.\nSoweit die Technik.\nPolitik statt Technik Den Netzbetreibern geht es bei der nicht-technischen, politischen Diskussion jetzt darum, diese Unterscheidung zu relativieren und sich selbst in die Lage eines Gatekeepers zu bringen. Also die Kunden gegenüber dem Dienstanbieter als Geiseln zu benutzen und zu sagen: An meine Endkunden kommst Du überhaupt/mit vernünftiger Leistung/mit allen Diensten und Features nur heran, wenn Du nicht nur Deinen Provider bezahlst, sondern auch mich. Also etwa von Hulu Extrageld dafür zu verlangen, daß Telekom-Kunden für Hulu erreichbar werden.\nUnd gegenüber dem Kunden den Dienstanbieter als Geisel zu verwenden und zu sagen: Diesen speziellen Dienst, den wir gar nicht betreiben, kannst Du bei uns nur dann nutzen/mit vernünftiger Qualität nutzen, wenn Du uns und nicht nur den Dienstbetreiber extra dafür bezahlst. Also etwa so wie in der Grafik dargestelllt .\nOder gar den Dienst von Fremdanbietern ganz zu sperren oder so zu benachteiligen, daß dem Kunden nichts anderes übrig bleibt, als den Dienst des Netzbetreibers zu verwenden. Also etwa Skype und VoIP zu blockieren, damit Calls über GSM gemacht werden müssen.\nUnd in diesem Licht ist die Sache zwischen Google und Verizon dann auch zu sehen:\nEs gibt insbesondere bei Mobilnetzen öfter mal technisch begründbare Situationen, in denen man Dienste unterscheiden muß, um dann entscheiden zu können, welche Pakete man bei Engpässen noch befördert und welche man verwirft. Bei Festnetzen eher nicht. Die Verizon Techniker müssen sich also die Option offen halten, auf dem Mobilnetz Verbindungen zu managen.\nInsofern ist sind die Gespräche zwischen Verizon und Google ein Erfolg, als daß die eine Policy festschreiben, bei der der Netzbetreiber zusagt, auf dem Festnetz seine Finger aus den Daten heraus zu halten. Das ist gut. Die Frage bleibt: Wer wird die Richtlinien auf den Mobilnetzen definieren, und wie viel Kontrolle bleibt dem Benutzer dort - und dieser Punkt wird aus den Berichten auch nach den Dementis nicht klar.\nEin anderer Punkt ist, daß wie oben gezeigt, technisch eine Regelung nur dann zwingend notwendig ist, wenn und so lange eine Überlastsituation besteht. Daraus folgt: Hat man Netzneutralität in dem Sinne, daß die Verantwortung für die Verwaltung der Knappheit beim Kunden liegt, dann hat der Diensterbringer ein Interesse daran, die Knappheit zu beenden, dem Kunden also eine angemessene Bandbreite zu verkaufen. Ohne Netzwerkneutralität überwiegt beim Netzbetreiber das betriebswirtschaftliche Interesse an der Aufrechterhaltung der Bandbreiten-Knappheit, da er auf diese Weise das Produkt in normal (= kaputt, unbenutzbar) und Premium (= funktioniert) ausdifferenzieren kann und solange mehr kassieren kann, wie er das Problem nicht behebt.\nAußerdem ist das ganze Mal wieder ein lupenreines Beispiel dafür, wie unglaublich ungeschickt Google als Firma so kommuniziert. Denn es wäre echt einfach, die technischen Hintergründe und Notwendigkeiten mal aufzumalen, mit ein paar schicken Fotos zu versehen und die eigenen Absichten und Ziele dann allgemein verständlich und unverquast zu formulieren. Nur mal so nebenbei bemerkt.\n","date":"2010-08-06T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/06/netzwerk-berlast-vs-netzwerkneutralit-t.html","tags":["google","internet","netzneutralität","politik","lang_de"],"title":"Netzwerk-Überlast vs. Netzwerkneutralität"},{"categories":null,"content":"Dies ist Teil 1, Teil 2 gibt es auch noch.\nDie Diskussion über Netzneutralität erreicht nun endlich auch Deutschland, auch wenn Deutschland als Internetstandort für ein Industrieland bemerkenswert schwach bewertet wird. Auslöser sind dabei nicht die Bemerkungen der Telekom zum Thema, sondern die Arbeiten von Google und dem Provider Verizon an etwas, das einmal Netzwerkneutralität definieren soll (aber in den ersten Berichten dazu für einen Deal zwischen Verizon und Google gehalten worden ist, der Google gegenüber anderen Anbietern bevorzugt hätte).\nGeeinigt hat man sich dabei darauf, für das Festnetz Netzwerkneutralität zu garantieren (\u0026ldquo;Google and Verizon’s agreement would prevent Verizon from offering paid prioritization to the biggest bidders of capacity on its DSL and fiber networks\u0026rdquo;), aber auf dem Mobilfunknetzwerk werde man eingreifen (\u0026ldquo;But any promises over open-Internet access wouldn’t apply to mobile phones\u0026rdquo;). Eingriffe sollen dabei nicht auf Benutzerbasis, sondern auf der Basis von Traffic-Klassen geschehen, was immer das in diesem Fall im Detail bedeutet.\nEs ist auf jeden Fall ein schwerer Rückschlag für Netzneutralität, da der Ansatz die Regulierung von Knappheit gegenüber der Schaffung von Überfluß bevorzugt.\nWorum geht es? Netwerkneutralität im Allgemeinen dreht sich um das zentrale Konstruktionsprinzip des Internet, daß Netzwerk selbst \u0026lsquo;dumm\u0026rsquo; zu halten und die \u0026lsquo;Intelligenz\u0026rsquo; in den Endpunkten des Netzes zu installieren.\nGenauer gesagt: Das Netz selbst soll nur eine Sache machen, und die dafür richtig - nämlich Datenpakete von A nach B routen. Daten sind Schüttgut und das Netz analysiert die Daten nicht, um sie zu unterscheiden und dann unterschiedlich zu behandeln. Das Netz bringt auch keine Dienste außer der Beförderungsdienstleistung für die Daten, sondern Dienste sind in Endknoten installiert.\nDas ist eine Informatiker-Idee und die Antithese zum Intelligenten Netz -Ansatz der Fernmeldetechniker-Denkschule, bei der das Netz Dienste und Güteklassen implementiert.\nBetriebswirtschaftler mögen die Idee des dummen Netzes nicht so, denn sie erlaubt es ihnen nicht, \u0026lsquo;Dienste differenziert zu bepreisen \u0026rsquo; (Und das ist eine Goldgrube ). Damit einher geht meist der Wunsch, kostengünstigere Alternativen zu blockieren .\nEin Argument gegen Netzwerkneutralität, das von Mobilnetzbetreibern oft gebracht wird, ist das Datenvolumen.\nVolumen: 5GB sind 5GB, egal was man rein tut Das ist die absolute Menge an Daten, die in einem Abrechnungszeitraum (pro Monat, pro Tag) transferiert wird. Heutige mobile Datenverträge heißen zwar oft \u0026ldquo;Flatrate\u0026rdquo;, sind aber keine, sondern sind tatsächlich Volumenpakete, da sie genau dieses Volumen begrenzen (200 MB, 1GB oder 5GB pro Monat sind häufige Stückelungen). Da Verbraucher jedoch ihren tatsächlichen Verbrauch pro Monat nicht kennen und nicht beurteilen können, verkauft man ihnen \u0026ldquo;Flat S, M, L und XL\u0026rdquo;. Wären es wirklich Flatrates, also all-you-can-eat Angebote, wäre eine S/M/L/XL-Differenzierung sinnlos.\n\u0026ldquo;Flat\u0026rdquo; sind diese Verträge bestenfalls in dem Sinne, daß viele von ihnen bei Erreichen des Volumenlimits nicht ganz abriegeln, sondern noch einen Tröpfelbetrieb mit sehr stark limitierter Bandbreite erlauben. Das reicht meist immerhin noch für Chat.\nWeitere Einschränkungen von Flatrates ergeben sich meist in der Art, daß Diensteinschränkungen existieren, und zwar wird besonders gerne der Betrieb von VoIP-Anwendungen und insbesondere Skype verboten.\nAls Begründung wird dabei oft die Datenmenge vorgeschoben, aber das ist natürlich zweifach Unsinn:\nSolange ich mich in dem mit dem Vertrag gekauften Datenvolumen bewege dürfte es in einem dummen Netz den Netzbetreiber nicht interessieren, welcher Art die Daten sind, die das Volumen machen. Und zweitens überträgt Skype Voice-Daten, genau wie ein Mobilfunknetz, und insbesondere Skype für Mobiltelefone verwendet dabei einen Codec, der den Codecs von GSM-Mobilfunknetzen ebenbürtig oder besser ist. Skype macht also eher weniger Verkehr im Netz als ein normales Telefongespräch gleicher Länge.\nTethering: 5 GB sind 5 GB, egal wer den Traffic macht Die andere Beschränkung bei Volumenverträgen bezieht sich auf das Endgerät, das vorgeschrieben werden soll: So darf eine Flat-Volumentarif oft mit einem Mobiltelefon verwendet werden, mit einem hinter dem Mobiltelefon angeschlossenen Computer (\u0026ldquo;Tethering\u0026rdquo;, \u0026ldquo;Anketten\u0026rdquo; eines Computers an das Telefon) aber nicht, als ob 5 GB von einem Laptop mehr Last erzeugen würden als 5 GB von einem Mobiltelefon.\nDie Annahme ist eine andere:\nDer Netzbetreiber spekuliert, daß ein Anwender mit einem Mobiltelefon sein Kontingent eher nicht ausschöpft, während das bei einem Benutzer an einem Laptop wahrscheinlicher ist, da das Mobiltelefon langsamer ist, einen kleineren Bildschirm und eine schlechtere Eingabemöglichkeit hat. Spätestens seit Arm A4 1GHz Prozessoren und iPads mit 64GB Speicher, Bluetooth Tastatur und 1024x768 ist diese Annahme aber hinfällig - die meisten Netbooks und viele ältere Laptops sind schlechter ausgestattet.\nBandbreite und Volumen Die zweite Vokabel, um die es geht, ist Datenübertragungsrate in Bit pro Sekunde (umgangssprachlich Bandbreite). Das Volumen, das man mit einer Flat erworben hat, wird ja nicht über den Abrechnungszeitraum gleichmäßig abgerufen, sondern die durch den Teilnehmer generierte Auslastung variiert mit seiner Netznutzung (dem Bandbreiten-Bedarf) und dem Netzausbau an seinem Standort (der Bandbreiten-Verfügbarkeit) und den Anforderungen anderer Netzteilnehmer in seinem Netzabschnitt (der Konkurrenz um die Bandbreite).\nUm ein Gefühl für Bandbreiten zu bekommen:\nVerfügbarkeit: Ein GSM-Channel stellt dabei eine Bandbreite von ca. 14 kBit/s zur Verfügung, von denen bei Datenverkehr etwa 9.6 kBit/s verwendet werden können, EDGE dann zwischen 56 kBit/s und 220 kBit/s. 3G (UMTS) ist liefert bis zu 384 kBits im Download, als HSDPA dann bis zu 14400 kBit/s (viele Telefone erlauben nur bis zu 7200 kBit/s). ISDN erzeugt 64 kBit/s, DSL dann zwischen 1000 und 16000 kBit/s.\nVerbrauch: Ein VoIP- oder Skype-Telefonat mit einem Mobilfunk-Codec verbraucht zwischen 6 und 40 kBit/s. Ein MP3 abzuspielen verbraucht zwischen 128 und 256 kBit/s. Ein Skype-Videotelefonat verbraucht zwischen 240 und 400 kBit/s.\nNicht zeitkritische Dienste können ihre Nutzung nach belieben verteilen: Ein Download wird langsamer oder schneller, je nachdem, welche Bandbreite im Netz verfügbar ist, aber ihm ist es im wesentlichen egal, ob es mal langsamer wird, da ein Download nicht zerbröselt wie ein Video- oder Audiocall.\nAsynchron, Synchron, Isochron und warum das alles? Das bringt uns zu den nächsten Begriffen, nämlich Asynchronizität (oder Hintergrundtransfer) und Synchronizität bzw. Isochronizität (oder interaktiver Nutzung) und QoS (Quality Of Service). Einem asynchronen Netznutzer ist es im Wesentlichen egal, welche Bandbreite ihm zur Verfügung steht, solange er nur sein Volumen irgendwie durch bekommt.\nEinem synchronen Netznutzer ist das nicht egal - er möchte gerne eine gewisse Bandbreiten-Zusicherung haben, also eine Mindest-Datenrate in kBit/s - eine Video- oder Audio-Anwendung zum Beispiel würde sonst lästig stocken und hakeln.\nWenn er außerdem ein billiges Endgerät ohne Puffer ist oder sehr interaktiv operiert (also etwa eine interaktive Spielanwendung ist), dann will er wahrscheinlich Isochronizität, also eine garantierte Mindest-Datenrate und außerdem einen gleichmäßigen Abstand zwischen den eintreffenden Datenpaketen - also keinen Jitter. Und bei den Spielern auch sehr gerne eine definierte, minimale Laufzeit der Pakete von A nach B und zurück, einen \u0026lsquo;guten Ping\u0026rsquo;, denn es bringt ja nix, wenn man an seinem Rechner den Abzug an einem virtuellen Gewehr drückt und es dann auf dem Server erst Stunden später knallt.\nQoS und Deep Packet Inspection TCP/IP kennt für diesen Zweck tatsächlich eine Dienstedifferenzierung in den Paketen des IP-Headers, die Quality Of Service Bits, und viele Router werten diese heutzutage tatsächlich aus. Darum geht es den Netzbetreibern aber eher nicht, denn das wäre ja eine QoS, die durch den Anwender kontrollierbar wäre. Die Netzbetreiber wollen stattdessen in die Pakete in Echtzeit hineingucken, den Inhalt und verwendeten Dienst analysieren und dann ohne Einwirkung oder Kontrolle des Nutzers klassifizieren, wie sie es für richtig halten.\nWenn man so etwas macht, also in die Paketdaten selbst hineinsieht und den Datenstrom analysiert, dann macht man Deep Packet Inspection (DPI). Das ist eigentlich eine Technik aus dem Firewall-Bereich, die dann später auch für QoS-Anwendungen abgewandelt worden ist. Noch einen Schritt weiter geht Phorm , ursprünglich ein Firmenname, der aber inzwischen mit dem Produkt synonym geworden ist. Dabei verwendet man DPI, um die Inhalte des Datenverkehrs zu analysieren, Werbebanner zu selektieren und dann manipuliert man die von einem Server heruntergeladenen Daten so, daß man seine Werbebanner dort in den Datenstrom hinein fälscht ( Phorm Schaubild (SVG)). Überraschenderweise ist das in vielen Ländern so nicht legal.\nNetzneutralität kann durch QoS horizontal (quer zu allen Benutzern) aufgebrochen werden. Verlangt man die Authentisierung von Benutzern (durch Login, durch den elektronischen Personalausweis oder mit anderen Mitteln) und bindet man außerdem die Benutzeridentität an die Pakete, dann kann man Dienste außerdem vertikal (entlang Benutzeridentitäten) aufbrechen. Etwa kann man Jugendschutz implementieren, indem man in jedem Datenpaket (fälschungssicher) das Altersmerkmal des Benutzers mit transportiert. Oder man baut dort die völkerrechtliche und gegenwärtige Jurisdiktion (\u0026lsquo;Der Benutzer ist ein Deutscher in Dubai\u0026rsquo;) ein, und beschränkt so die Verfügbarkeit von Video- und Audiomaterial analog zu Regioncodes. Oder man generiert gleich ein pseudonymes, verkettbares Benutzermerkmal (\u0026lsquo;Benutzer fe3d-ccdd-3321-37fe, zum 412. Mal hier\u0026rsquo;) und sammelt die anderen Informationen dann entlang des Weges ein (\u0026lsquo;Vermutlich männlich, Umsatz bisher, an Glücksspielen interessiert, besonders Poker, Anzeigen mit Fetischeinschlag haben eine 1.4 mal bessere Conversion als solche mit normalen Frauen, \u0026hellip;\u0026rsquo;).\nDer Punkt ist, daß insbesondere vertikale, personenbezogene Aspekte der Netzneutralität auch Fragen des Jugendschutzes, des Urheber- und Lizenzrechtes und des Werbegeschäftes berühren, sowie viele andere Privacy-Probleme nach sich ziehen.\nTechnisch ist es so, daß Informatiker QoS als ein Problem sehen, daß man nur hat, wenn man nicht genug Bandbreite bereitstellt - QoS greift nur, wenn es zu momentanen oder dauerhaften Netzwerkengpässen kommt und man dann bei den Opfern Triage machen muß.\nKapazität im Netz, und die letzte Meile Das sollte, so die Informatiker, nicht auftreten - insbesondere im Festnetz nicht: Wenn man eine Dark Fiber, eine Glasfaser hat, dann kann man da einen Laser dran stecken und die Faser ausleuchten. Das erzeugt dann 10 GBit/s (10 000 Mbit/s, 10 000 000 kBit/s), die man da auf Anhieb durchblasen kann. Wenn das nicht reicht, stellt man einen weiteren Laser mit einer anderen Farbe daneben und verdoppelt die Bandbreite und so weiter - das kann man relativ oft machen, je nach Faser und Leitungslänge. Kosten entstehen dabei kaum - ein solcher Laser ist zwar absolut gesehen teuer, aber im Vergleich zu den Verlegekosten für das Kabel gratis, und daher ist die Aufrüstung der Leitung bei Auslastung auch extrem kostengünstig.\nWenn sich also die Informatiker von Google mit den Nachrichtentechnikern von Verizon unterhalten, dann ist beiden Seiten klar, daß die Betriebswirtschaftler von Verizon zwar gerne Dienste differenzieren möchten, es aber im Festnetz auch bei großer Anstrengung keinen denkbaren Grund dafür geben kann. Darum sichert also Verizon im Festnetz unbedingte Netzwerkneutralität zu.\nMobilnetze als Hebel gegen die Netzneutralität In mobilen Netzen ist es sehr schwer Vorhersagen zu machen, weil die Bedingungen sehr unterschiedlich sind. Sie hängen nicht nur von der Position der Leute und der Basisstationen ab, sondern auch davon, wie viele Leute pro Zelle was machen wollen. Daher kann es - egal wie sehr man die Kapazitäten ausbaut - bei Zusammenballungen von Leuten immer zu Bandbreitenknappheit kommen. Zum Beispiel bricht unweigerlich auf jedem Chaos Communication Congress wie auf den meisten anderen großen Konferenzen das WLAN zusammen - das liegt nicht daran, daß die Leute vom Chaos weniger Ahnung von Netzwerken haben als Ihr mit Eurem WLAN daheim, oder daß die vielen bösen Hacker das Netz immer crashen lassen.\nSondern es liegt einfach daran, daß WLAN bei mehr als x Personen pro Zelle schlicht nicht mehr geht und man sich dann dringend ankabeln will. Oder, als Netzbetreiber, die Zellen kleiner machen und mehr Channels bereitstellen, also mehr APs mit weniger Leistung aufstellen und so die Anzahl der Personen pro AP reduzieren. Aber auch das geht nur bis zu einem gewissen Punkt, danach ist einfach Ende. Auch bei Mobilfunknetzen ist es so, und es ist tatsächlich so, daß etwa die Telekom an der Kieler Spiellinie zur Kieler Woche zusätzliche Container aufstellt, in denen GSM Mikrozellen gefahren werden, um mit der Handies tragenden Besuchermenge am Wasser fertig zu werden - bei x Kilometern mit ca. 3-4 Personen pro Quadratmetern ist das eine gute Idee, schon um Notruf-Fähigkeit für das Netz zu erhalten.\nWeil bei mobilen Netzen immer mal Triage notwendig sein kann, haben die Google-Technikern den Verizon-Technikern hier weniger entgegen zu setzen, und so kommt es, daß sich Verizon in dem Vertrag zwischen den beiden Firmen für mobile Netze diese Hintertür schon aus technischen Gründen offen halten müssen. Jetzt kommt es darauf an, sicherzustellen, daß die Betriebswirtschaftler da nicht noch andere Dinge mit durch diese Lücke schmuggeln, also anfangen Dienste mit DPI horizontal oder vertikal zu differenzieren.\nArtikel zum Thema Verizon/Google: Bloomberg : Google, Verizon Said to Strike Deal on Web Traffic Rules\nHeise Newsticker : Netzneutralität: Vorfahrt für Google-Dienste gegen Bezahlung?\nCnet News : Google\u0026rsquo;s Schmidt on Verizon and Net neutrality\nGoogle stellt klar : 1. Wir bezahlen nichts für eine Vereinbarung mit Verizon. 2. Wir stehen weiter zu unseren Aussagen zu einem offenen Internet.\nOriginaldementi auf Twitter.\nDie letzten beiden Artikel stellen noch einmal ausdrücklich klar, daß Verizon gegenüber Google für das Verizon Nicht-Mobilnetz noch einmal ausdrücklich die Netzwerkneutralität bestätigt - Google zahlt also nichts, und Verizon verpflichtet sich ausdrücklich, niemanden, auch nicht Google, in ihrem Netz zu bevorzugen oder zu behindern. Das ganze soll ein allgemeines Policy-Framework sein, zu dessen Einhaltung sich Netzbetreiber und Dienstanbieter verpflichten sollen:\nVerizon has also moved to dismiss the story. A company statement reads: \u0026ldquo;The NYT article regarding conversations between Google and Verizon is mistaken. It fundamentally misunderstands our purpose. As we said in our earlier FCC filing, our goal is an internet policy framework that ensures openness and accountability, and incorporates specific FCC authority, while maintaining investment and innovation. To suggest this is a business arrangement between our companies is entirely incorrect.\u0026rdquo; \u0026ndash; The Guardian Artikel Weiter in Teil 2 .\n","date":"2010-08-05T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/05/vokabeln-f-r-netzneutralit-t.html","tags":["google","internet","mobiltelefon","netzneutralität","lang_de"],"title":"Vokabeln für Netzneutralität"},{"categories":null,"content":"Netzpolitik verweist auf Golem verweist auf die Frankfurter Rundschau .\nDie deckt auf: DE-Mail ist nicht sicher, weil es nicht durchgehend verschlüsselt, sondern \u0026ldquo;Auf den Servern jedoch werden die Mails aus technischen Gründen kurz entschlüsselt und sofort wieder verschlüsselt\u0026rdquo;.\nDas muß wohl auch so sein, jedenfalls wenn man Antivirus und Antispam implementieren will, insofern scheint die Lösung erst mal grob legitim zu sein, auch wenns komisch klingt.\nKomisch klingen tut es aber noch aus einem anderen Grund:\nDie Vertraulichkeit ist im Kontext DE-Mail nicht primär relevant, denn DE-Mail war nie designed um sicher im Sinne von vertraulich zu sein. Es geht stattdessen um die Schaffung von Rechtssicherheit und das ist im wesentlichen keine technische, sondern eine juristische Konstruktion, bei der die technischen Maßnahmen nur qualifizierende Begleiterscheinungen sind, die die juristische Fiktion von DE-Mail stützen sollen. Daher laufen Verweise auf PGP und ähnliches auch am Thema vorbei.\nDas entscheidende Merkmal ist nicht die technische Konstruktion von DE-Mail, sondern das DE-Mail Gesetz (PDF, Entwurf), das festlegt, daß auf Grund der besonderen technischen Konstruktion von DE-Mail besondere juristische Regeln wirksam werden. Diese stellen eine DE-Mail dann je nach Versandart einem Brief oder einem eingeschriebenen Brief oder einem eingeschriebenen Brief mit Empfängeridentifikation und Rückschein gleich.\nDas passiert aber nicht wegen der tollen Technik, sondern auf der rechtlichen Grundlage des noch zu schreibenden DE-Mail Gesetzes - für einen Techniker ist das juristischer Schamanismus, weil die technischen Garantien des Verfahrens aus der technischen Sicht eben genau das nicht leisten, was das Gesetz dann anordnet.\nFür den Kunden/Endnutzer sind auch andere, juristische und nur am Rande technische Überlegungen wichtig, aus denen man DE-Mail wahrscheinlich eher nicht nutzen will.\nBeweislastumkehr: Das DE-Mail Gesetz baut sich einen Anscheinsbeweis ein, d.h. der Richter muß bis zum Beweis des Gegenteiles per Gesetz annehmen, daß DE-Mail sicher ist und zuverlässig zustellt. Es obliegt dem Kläger, Fehler in DE-Mail nachzuweisen, die Vertraulichkeit oder Zuverlässigkeit des Systems betreffen, wenn er Recht bekommen will.\nTimeout: Es obliegt dem Inhaber eines DE-Mail Postfaches, dieses auch regelmäßig zu leeren. Eine Sendung an ein Postfach gilt auch bei Nichtabholung nach 3 Tagen als zugestellt. (Golem : \u0026ldquo;Loggt sich ein Nutzer nicht ein, soll ein Schreiben dennoch am dritten Tag nach der Absendung als zugestellt gelten, ähnlich wie bei der Zustellung per Briefpost.\u0026rdquo;)\nBedarfsträger: Alle DE-Mail Implementierungen sind Webmailer. Die Mail liegt physikalisch außerhalb des Herrschaftsbereiches des Postfachinhabers. Jeder Bedarfsträger und sein Hund können Zugriff auf das angeblich ach so sicher verschlüssselte Postfach bekommen, zum Teil auch ohne Richtervorbehalt.\nEs gibt sicher noch mehr gute Gründe gegen DE-Mail, aber mir persönlich reichen schon diese 3.\n","date":"2010-07-22T00:00:00Z","href":"https://blog.koehntopp.info/2010/07/22/de-mail-wieso-sicherheit.html","tags":["demail","internet","politik","security","lang_de"],"title":"DE-Mail - Wieso Sicherheit?"},{"categories":null,"content":"Merkel so :\nHeute wird es durch die Vielzahl der Informationskanäle, und besonders durch das Internet, immer schwieriger, ein Gesamtmeinungsbild zu erkennen.\n…\nMit dieser Veränderung muss die Demokratie in Deutschland und in den anderen westlichen Ländern umgehen lernen.\nUnd redet auch sonst von \u0026lsquo;reagieren\u0026rsquo;. Denn das agieren, die Konzepte und das Gestaltungsprimat der Politik, das sind in Deutschland systematisch schon lange keine Themen mehr - dazu hat man sich ja auch mutwillig viel zu sehr in die Ecke gemalt.\nAbgeordnetenwatch so :\nMerkel: Politiker müssen Umgang mit Internet erst noch lernen (OpenReport ).Das stimmt: Merkels Statistik auf Abgeordnetenwatch: 96 Fragen, 0 Antworten .\nKarpfenpeter verliert ein Zyn .\n","date":"2010-07-21T00:00:00Z","href":"https://blog.koehntopp.info/2010/07/21/das-internet-macht-die-politik-schwerer-menno.html","tags":["internet","politik","lang_de"],"title":"Das Internet macht die Politik schwerer... Menno."},{"categories":null,"content":"Doom II - laut Wikipedia eingestuft als 18+/Indexed bei der USK . Auf dem PC. Genau wie Doom III .\nDasselbe Doom II in feinem 1024x768 auf dem iPad im iTunes Store.\nUnd hier warum das alles so ist . Logik hat das keine mit dem JMStV - nicht im alten und auch nicht im neuen.\n","date":"2010-07-21T00:00:00Z","href":"https://blog.koehntopp.info/2010/07/21/jugendmediendoom.html","tags":["jugendschutz","media","politik","lang_de"],"title":"Jugendmediendoom"},{"categories":null,"content":"Vor drei Jahren schrieb ich etwas zu Echten Helden und daß das Wunder unserer Zeit darin liegt, daß es leichter denn je ist, ein Held zu werden, indem man einfach etwas tut und dadurch die Welt fundamental verändert.\nWarum wollen Leute Echte Helden sein? Dazu gibt es ein wunderbares Video von RSAnimate , das erklärt, wieso Geld als Motivator nicht funktioniert außer für die primitivsten und langweiligsten Tätigkeiten und was Leute wirklich motiviert: Self Direction, Mastery und Purpose. Also die Freiheit, das eigene Umfeld selbst bestimmen und kontrollieren zu können, und der Wunsch, etwas sinnvolles und wichtiges zu tun und darin und den dazu notwendigen Fertigkeiten besser zu werden. Dahinter stehend also genau der Wunsch, die Welt in einen besseren Ort zu verwandeln.\nAnders gesagt: Glück und Heldentum gehen zusammen, wir sind geschaffen, Echte Helden zu sein - es ist in uns eingebaut und es ist das, was wir alle tun wollen, sobald die direkten Existenzsorgen vom Tisch sind.\n(Youtube DirektHeldentum via Immateriblog )\n","date":"2010-07-21T00:00:00Z","href":"https://blog.koehntopp.info/2010/07/21/wieso-wir-helden-sein-wollen.html","tags":["damals","free software","kiel","politik","lang_de"],"title":"Wieso wir Helden sein wollen"},{"categories":null,"content":"Dirk von Gehlen schreibt in Journalistisches Freibier über den Kampfbegriff der \u0026lsquo;Kostenloskultur\u0026rsquo; im Internet und daß es diese so nicht gebe. Er sagt\nEs ist dringend notwendig, neue Erlösmodelle für verlegerische Angebote im Netz zu entwickeln. Vermutlich wird das aber so lange nicht gelingen, wie dieses Missverständnis der Umsonst-Kultur im Raum steht\u0026hellip;.Mir ist niemand bekannt, der an diese Umsonst-Kultur glauben würde. Die gibt es nämlich nicht. Es ist vielmehr eine Kultur, die auf anderen Finanzierungsmodellen beruht als die klassische Bezahlkultur\u0026hellip;.Ähnlich wie die falsche Rede vom Diebstahl zeigt die vermeintliche Kostenlos-Kultur, dass es an den sprachlichen Mitteln fehlt, die Veränderungen der Digitalisierung zu fassen (\u0026hellip;). Vielleicht ist es tatsächlich so, dass wir die Revolution, die das Internet angestoßen hat, erst dann produktiv nutzen können, wenn wir Begriffe gefunden haben für das, was sich gerade verändert.\nMarcel Weiss schlägt in Sprachfehler: ‘Diebstahl geistigen Eigentums’ und ‘Kostenloskultur’ noch einmal in dieselbe Kerbe:\nBesonders für Presseverlage ergibt die Rede von der Umsonstkultur keinen Sinn:Zum einen sind Presse-Erzeugnisse seit 180 Jahren mehrheitlich werbefinanziert und werden damit auch mehrheitlich unter Kosten an die Leser verteilt. Zum anderen setzen die Presseverlage zumindest in Deutschland online seit Jahren verstärkt auf Bezahlschranken.Wenn die Presseverlage in Deutschland keinen finanziellen Fuß auf den Internetboden bekommen, dann ist demnach nicht die ‘Umsonstkultur’ des Internets schuld, sondern, wenn schon, dann die ‘Bezahlkultur’ der Presseverlage.\nUnterdessen finden sich anderswo interessante Beispiele, die das \u0026ldquo;Problem\u0026rdquo; weiter beleuchten. Bei Techdirt etwa:\nCan One Guy Educate The World Via YouTube? ist ein Bericht über The Khan Academy von Sal Khan.\nAbout a year ago, Sal sent me an email mentioning a project he was working on called the Khan Academy, in which he videotapes himself teaching various educational lessons on anything from math to chemistry to history to finance and beyond. He even has a whole special section on the credit crisis, with an analysis of both former Treasury Secretary Paulson\u0026rsquo;s plan, as well as current Treasury Secretary Geithner\u0026rsquo;s plan.\nSein Youtube-Channel bekommt nun über 100.000 Zuschauer pro Tag.\nDas ist das, was das Internet verändert: Die Anbieter von Produkten für Geld treten nun nicht nur gegen Freibierverteiler an, die Sachen um der Werbewirkung willen begrenzt umsonst weggeben, sondern sie treten auch gegen Ethusiasten an, die aus Spaß an der Freude im echten Geiste des Amateurs Dinge mit unbegrenzt viel Aufwand produzieren. Und dann unbegrenzt und in beliebiger Menge verfügbar machen können, weil die Reproduktionskosten von virtuellen Gütern für alle praktischen Zwecke Null sind.\nDieses Stück Markt existiert dann faktisch nicht mehr, weil eine Produktion für Geld statt aus Liebe in finanzieller und qualitativer Hinsicht kaum konkurrieren kann.\nDas ist es, was sich durch das Internet ändert und darauf müssen die Marktakteure reagieren lernen: Wenn sich ein Produkt nicht verbraucht und nicht verknappt, dann kann es nur durch Qualität verdrängt werden. Das aber bedeutet, auf der Arbeit von anderen aufbauen und verbessern, statt auf der Grünen Wiese etwas eigenes von Null zu starten - es bedeutet, daß das Überleben in Kooperation und Weiterentwicklung statt in Konkurrenz und Verdrängung liegt. Und das wiederum bedeutet erst einmal, als Firma sinnvoll kommunizieren zu lernen.\nKein Wunder, daß sich damit so viele Firmen schwer tun.\n","date":"2010-06-30T00:00:00Z","href":"https://blog.koehntopp.info/2010/06/30/kostenloskultur.html","tags":["internet","media","lang_de"],"title":"Kostenloskultur"},{"categories":null,"content":"Unser Innenminister hat Angst. Vor dem Internet. Für ihn ist das eine nichtstaatliche Öffentlichkeit, die sich ohne Staat organisiert und ohne Staat funktioniert. Und ganz besonders ohne den deutschen Staat.\nDarum hat er sich in einer Grundsatzrede zum Thema Internet geäußert und 14 Thesen formuliert, die am Ende auf mehr Regulierung, mehr Eingriffe, mehr Haftung, weniger Anonymität und weniger Freiheit hinauslaufen.\nDer Providerverband eco hat das schon erkannt, und wir sollten uns auch Sorgen machen.\n","date":"2010-06-22T00:00:00Z","href":"https://blog.koehntopp.info/2010/06/22/eine-nichtstaatliche-ffentlichkeit-die-sich-ohne-staat-organisiert.html","tags":["internet","politik","lang_de"],"title":"Eine nichtstaatliche Öffentlichkeit, die sich ohne Staat organisiert"},{"categories":null,"content":"Nicht nur wird PHP im Juni 15 Jahre alt, sondern ein anderer, älterer Begleiter von PHP feiert ebenfalls ein Jubiläum:\nIm Juni 1970 erschien in den Communications of the ACM der Artikel \u0026ldquo;A Relational Model of Data for Large Shared Data Banks \u0026rdquo; von E.F.Codd. Dieser Artikel ist die theoretische Grundlage für das, was später SQL und relationale Datenbanken werden sollte.\nSeitdem MySQL und PHP vor 15 Jahren ausgezogen sind, das Web zu revolutionieren, ist SQL eine Haushaltssprache geworden - es ist inzwischen echt schwierig, Webspace zu kaufen, bei dem man nicht auch Zugriff auf eine MySQL-Datenbank hat, und entsprechend gehen HTML-, PHP- und SQL-Kenntnisse inzwischen einher.\nAndererseits gibt es Dinge, bei denen SQL an seine Grenzen stößt. Seit einigen Jahren gibt es unter dem Begriff NoSQL eine Sammlung von Werkzeugen, die mit persistentem Storage anders umgehen als Codd sich das gedacht hat. Dabei geht es im Kern um Systeme, die BASE statt ACID im Sinne von Codd sind, aber viele Entwickler sind gerade dabei, Systeme zu bauen, die auch die guten Errungenschaften von SQL mit über Bord werfen.\nOhne eine besseren theoretischen Unterbau wird NoSQL kaum zu standardisieren und weiter zu entwickeln sein.\nEines der ältesten strukturellen Probleme von SQL und relationaler Algebra ist die Schwierigkeit mit hierarchischen bzw. selftreferentiellen Daten umzugehen. Neben Zeiger- und Pfadbäumen gibt es noch das Nested Set -Modell, aber alle drei Ansätze sind recht unhandlich und wenig elegant in der Nutzung.\nVerwandt damit ist das Problem, objektorientierte Vererbungsstrukturen auf SQL-Speicher abzubilden. Ein - im übrigen brillianter und dringend lesenswerter - Artikel beschriebt Objekt-Relationales Mapping (ORM) als das Vietnam der Informatik . Das trifft den Sachverhalt recht gut. Die Antwort von NoSQL auf dieses Problem sind schema-freie Datenbanken, aber das ist ungefähr zu gleichen Teilen Lösung wie Problem und sicherlich nicht unbedingt ein Fortschritt.\nWebanwendungen haben außerdem ungewöhnliche Anforderungen an Datenbanken und andere Systeme: Die sind sehr read-heavy und dabei ist die absolute Anzahl der Lesezugriffe bei populären Webanwendungen in der Regel so groß, daß es keine einzelne Maschine gibt - geben kann! - die in der Lage ist, die Last zu stemmen. Man braucht mehr als eine Kiste, unter Umständen gar tausende von Maschinen. Daher blickt man zwangsläufig auf verteilte, asynchrone Systeme und damit das oben erwähnte BASE, und man braucht um seine Algorithmen verteilen zu können, eine Form von Map-Reduce .\nIn Webanwendungen ist es außerdem wegen des starken Übergewichtes von Lesezugriffen sinnvoll, seine Daten um diese Lesezugriffe herum zu strukturieren und sie nicht auf die für Schreibzugriffe optimierte 3NF zu bringen. Datenspeicher von Webanwendungen sind also in der Regel schwer denormalisiert.\nAus diesen Anforderungen rührt also die Grundsätze von NoSQL:\nDenormalization Verteilte Systeme mit Eventual Consistency (BASE) Schema-Freiheit Horizontale Skalierbarkeit mit Map-Reduce Die meisten NoSQL-Systeme versuchen, diese Grundsätze technisch umzusetzen, vergessen dabei aber die Grundsätze von Codd - und bauen so Systeme, die auf eine andere Weise nicht weniger schlecht sind als SQL-Datenbanken.\nSQL leistet nämlich dank der Arbeit von Codd eine ganze Reihe von wertvollen Diensten, die jedoch von NoSQL-Systemen nicht oder nur unzureichend umgesetzt werden.\nNoSQL-Systeme sind nicht deklarativ.\nEinmal kapselt SQL als deklarative Sprache den Datenzugriff vom prozeduralen Code ab: In SQL sagt man nicht, wie die Daten geholt werden sollen, sondern welche Daten man haben möchte. Es ist die Aufgabe der Datenbank, einen Plan zu erarbeiten, mit dessen Hilfe der Datenzugriff effizient erfolgt. Der SQL-Programmierer sagt also nicht: Öffne diesen Index, suche den Record x, und dann steppe von dort aus durch den Index - für jeden gefundenen Record mache damit einen Lookup in y und verbinde die beiden Strukturen, dann filtere mit der Bedingung b. Sondern ein SQL-Programmierer sagt: Ich möchte Daten, die die folgenden Bedingungen erfüllen, sieh zu wie Du sie bekommst. Dadurch wird das Programm, in das der SQL-Code eingebettet wird, in großem Maß von dem Datenspeicher unabhängig und es wird sehr leicht, Datenspeicher und Programm teilweise voneinander unabhängig zu entwickeln und den Datenspeicher mit verschiedenen Programmen gemeinsam zu nutzen.\nSQL ist dabei eine recht reiche Sprache: Da SQL eine Algebra auf diskreten Relationen (= Tabellen) ist, operieren alle SQL-Befehle auf Tabellen und haben wieder Tabellen als Ergebnis. Durch die verschiedenen Arten von Subqueries kann man damit SQL-Befehle miteinander verketten und so mit den Ergebnissen von SQL-Befehlen weiter rechnen. Die meisten anderen Abfragesprachen (LDAP, XPath, und viele NoSQL-Abfrage\u0026quot;sprachen\u0026quot;) sind keine Algebren und erlauben keine derartige Verknüpfung von Abfragen. Das zwingt den Entwickler, Anfragen in Schleifen in Code zu gießen und dann entweder im Client auszuführen (hohe Latenz) oder generierten Code an die Datenbank zur Ausführung zu senden. Dadurch findet man nun wieder eine sehr viel engere Kopplung von Code und Datenspeicher - ändern sich Zugriffschemata, Tabellendefinitionen oder andere Dinge, muß Code angepaßt und die Anwendung neu übersetzt werden, Queries werden als Code mit Schleifen und Filterbedingungen geschrieben. Die Form des Codes ist dabei abhängig davon, welche Zugriffshilfen in Form von Indices im Datenspeicher existieren - eine SQL-Query ist in der Form (nicht jedoch in der Performance) unabhängig von den existierenden möglichen Zugriffspfaden.\nZum Teil geht das so weit, daß man zu den Fehlern und Problemen hierarchischer Datenspeicher zurückfällt: Sind Daten als Graph oder Baum gespeichert, dann definieren die Kanten im Graphen die festen möglichen Zugriffspfade und Abfragen. Speichert man etwa in einer Personaldatenbank Personen und das ihnen zugeordnete Inventar, dann kann man Inventar pro Person leicht finden, aber es ist sehr viel teurer, alle Personen zu finden, die eine bestimmte Sorte Werkzeug/Inventar verwenden.\nWenn mehrere Anwendungen einen Datenspeicher gemeinsam nutzen entsteht das Problem, daß man Datenintegrität und Zugriffsregeln aus der konkreten Anwendung in eine von allen Anwendungen gemeinsam genutzte Filterschicht abstrahieren möchte. In tradionellem SQL sind das Datentypen, Views, Integrity-Constraints, Rules und Trigger, die Integritätsbedingungen werden also Teil des Datenmodells. Im Ansatz meines Arbeitgebers existiert eine Bibliotheksschicht, die Datenbankzugriffe abfängt und filtert - die Integritätsbedingungen sind also Teil der Systembibliotheken. In den meisten NoSQL-Systemen befaßt man sich mit dem Problem nicht und überläßt es dem Anwender, damit klar zu kommen.\nGesucht ist ein \u0026lsquo;NoSQL\u0026rsquo;-System (also eines, das die o.a. genannten vier Eigenschaften hat), das die Vorteile von SQL nicht aufgibt.\n","date":"2010-06-08T00:00:00Z","href":"https://blog.koehntopp.info/2010/06/08/die-relationale-datenbank-wird-40.html","tags":["database","mysql","nosql","sql","lang_de"],"title":"Die relationale Datenbank wird 40."},{"categories":null,"content":"Morgen ist der 8. Juni 2010, und damit wird PHP 15 Jahre alt .\nDie aktuelle Version von PHP ist 5.3.\nSeit dem letzten großen Jubiläum vor 5 Jahren hat sich PHP weiterentwickelt:\nPHP 5.1 vom 24. November 2005 war in erster Linie ein Performance-Release, PHP 5.2 folgte kaum ein Jahr später, am 2. November 2006, und brachte weitere Performanceverbesserungen, die immer noch viel zu wenig verwendete ext/filter und den FAQ-Klassiker \u0026lsquo;upload progress tracking\u0026rsquo;. Bis zu PHP 5.3 sollte es noch weitere 3 Jahre dauern: Am 30. Juni 2009, kurz nach dem 14. Geburtstag von PHP, erschien dieses Release, mit vielen lange ersehnten und vielen lange umstrittenen neuen Eigenschaften - hätte der Unicode-Support nicht gefehlt, hätte es PHP 6.x heißen können.\nNeu in 5.3 sind:\nNamespaces zum Beispiel, die eigentlich alle haben wollten, bei denen aber kaum jemand mit der Wahl des Namespace-Separators, dem Backslash, einverstanden war. Late Static Binding , das viele OOP-Schmerzen linderte, anonyme Funktionen (Lambda-Funktionen und Closures), NOW Dokumente (eine Erweiterung von Here-Dokumenten), der verkürzte Ternary \u0026ldquo;expr1?:expr3\u0026rdquo;, ein goto (komplett mit Velociraptor!), und das lange fehlende __callStatic . Dazu dann noch Garbage Collection als Ergänzung zum Refcounting, der mysqlnd MySQL Native Driver (der ZVAL zur Repräsentation von MySQL-Resultsets verwendet), Windows 64 Bit-Support, und natürlich wie jedes PHP Release bisher: noch mehr Module.\nDenn trotz all der OOP-Dekoration und den vielen anderen Verbesserungen ist PHP immer noch eines: Die Borg. Es ist eine Plattform, mit der sich externe C-Bibliotheken sehr leicht als Bibliotheken in einer dynamischen Sprache verfügbar machen lassen. PHP ist daher eine Basis für Glue-Code, Rapid Prototyping und schnelle und flexible Anwendungserstellung.\nWobei jetzt seit dem 2. Februar diesen Jahres auch der umgekehrte Weg offen steht: Facebooks HipHop macht aus PHP-Skripten C- bzw. C++-Source, der sich dann compilieren und als statisches Binary verwenden läßt.\nUnd so kommt es, daß die beliebteste Anfänger-Programmiersprache der Welt zugleich diejenige Plattform ist, auf denen die größten Websites der Welt laufen.\nNebenbei bemerkt: Falls Ihr immer noch PHP 4 einsetzt - heute wäre ein guter Tag, ein PHP 5.3 zu installieren und den Kram da hin zu migrieren. PHP 5 erschien am 13. Juli 2004. Das ist beinahe 6 Jahre her.\n","date":"2010-06-07T00:00:00Z","href":"https://blog.koehntopp.info/2010/06/07/15-jahre-php.html","tags":["php","lang_de"],"title":"15 Jahre PHP"},{"categories":null,"content":"VP8 ist ein Videocodec, der von On2 entwickelt wurde. Google hatte die Firma am 17. Februar 2010 für $133 Mio gekauft. Unter dem Namen The WebM Project (Site , Blog ) wird der Codec jetzt unter einer BSD-artigen License als Open Source zur Verfügung gestellt (Tweet ). Die Lizenz hat dabei als netten Twist eine Selbstzerstörung bei Patentangriffen eingebaut:\nThese licenses are revocable only if the licensee files a patent infringement lawsuit against the VP8 code that Google released.\nWebM ist sehr eng definiert: Es ist ein Matroska-Container mit einem VP8-Video und Ogg Vorbis Sound - dadurch wird der Bau von WebM-Abspielern sehr einfach. Die Lizenz erlaubt jedoch die Verwendung von VP8 auch in größerem Rahmen, also etwa in normalen MKV-Dateien, in denen VP8-Video mit MP3-Sound kombiniert wird, nur ist es dann halt kein WebM.\nDerzeit gibt es noch keine Grafikkarten mit Hardware-Support für VP8, aber Google arbeitet daran. Android wird VP8 und WebM ab \u0026lsquo;Gingerbread\u0026rsquo; unterstützen (und dann sicher auch mit passender Hardware, um die Batterie zu schonen).\nEine ältere Version eines On2-Codecs, VP3, wurde 2002 von On2 an die Xiph.org Foundation gespendet und unter einer BSD-License als Open Source verfügbar gemacht. Daraus hat sich das Ogg Theora-Projekt entwickelt.\nDurch das verfügbar-machen von VP8 eröffnet sich die Chance für HTML5 Video aus der H.264 Patentklemme heraus zu kommen, wenn der Codec weit genug unterstützt wird. Die Unterstützung von Chrome ist ja quasi von Haus aus sicher,\nYoutube kann auch schon VP8 . Das Mozilla-Projekt unterstützt WebM bereits in den Firefox Nightly Builds, ebenso Opera und sogar Microsoft ab MSIE 9. Bleibt die Frage wie Safari (Apple) reagiert: Jobs war gegenüber Ogg Theora ja eher kritisch eingestellt und dem H.264-Lager recht sicher zuzurechnen.\nH.264 ist kritisch zu sehen, weil MPEG LA , die MPEG Licensing Authority, Anteile an Umsätzen haben will, die mit H.264 codierten Videos gemacht werden - selbst sogenannte Profikameras kommen nur mit einer Consumer H.264 Encoder-Lizenz. MPEG LA behauptet auch, daß es generell unmöglich ist, einen legalen Video-Codec zu produzieren ohne Patente von MPEG LA zu lizensieren. Mit Google und Googles Anwälten hinter VP8 wird das sicher eine interessante Auseinandersetzung.\nIn einem größeren Zusammenhang ist auch der Aufkauf von Global IP Solutions durch Google zu sehen.\nGIPS wirbt für sich als \u0026ldquo;The world\u0026rsquo;s most widely deployed technology for processing real-time voice and video over IP\u0026rdquo;, zumal die WebM-FAQ zum Thema PVRs und Set-Top Boxen ein \u0026lsquo;stay tuned\u0026rsquo; empfiehlt. Was ein Laden wie Google mit Bandbreite, Videocodecs, Youtube und GIPS sowie Cellphone-Tech alles anstellen kann bleibt der Fantasie der Anleger überlassen.\n","date":"2010-05-19T00:00:00Z","href":"https://blog.koehntopp.info/2010/05/19/google-opensourced-vp8-video-codec-webm-project.html","tags":["google","media","politik","lang_de"],"title":"Google opensourced VP8 Video-Codec: WebM Project"},{"categories":null,"content":"Ingeborg meint: Dieses Land hat ein Katholikenproblem! :\nEgal, wo man am hin gucken is\u0026rsquo;, dauernd stehn wieder irnzwelche Problemkatholiken inne Zeitung drinne. Ein Zufall kamman datt ja wohl nich mehr nenn. Auch im Internetz stehn die dauernd drinne: ers gestern haben die sich Frankreich auf \u0026rsquo;ner Anti-Homophobie-Demo mitte Pollezei geprügelt. So geht datt nich mehr weiter!\nDas ist keine neue Erkenntnis. Mal gucken, ob ich von dem alten AStA-Flyer gegen Ausländerfeindlichkeit auch noch einen Scan irgendwo finde.\nEDIT: Kein Scan, aber hier ist der Inhalt:\nFrom: kris@koehntopp.de (Kristian Köhntopp) Date: Sun Jan 17 17:08:16 1993 Subject: Re: SU:Katholiken-Raus-Flugblatt ;-) Newsgroups: de.etc.misc In 63.33818@bionic.zer.de M.BELOW@BIONIC.zer.de writes:\nUm mal realistischer zu sein, hat irgendjemand das in irgendeiner Form aufbewahrt? Und, wenn meine Traeume von der digitalisierten Version schon nicht in Erfuellung gehen, kann mir das jemand faxen?\nDas Original haengt noch an meinem schwarzen Brett, aber ich habe kein FAX. Dafuer habe ich aber cut \u0026amp; paste:\nOriginal-Path: tpki.toppoint.de!tpki!kbbs!ums!ums!zivi Original-Subject: Kathos raus (Irony:=true) Original-Newsgroups: kiel.allgemein Original-Distribution: kiel Original-Date: Sun, 02 May 1992 20:48:00 MEZ Original-Message-Id: 06.1574@UMS Original-From: zivi@ums.zer.sub.org Flugblatt vom 1.5.:\nKatholikenproblem loesen!\nUm es gleich vorweg zu sagen: wir haben nichts gegen Katholiken Im Gegenteil, jeder Katholik, der sauber ist und hier seit Jahren Steuern zahlt, ist uns willkommen. Wir wehren uns nur dagegen, dass wir Schleswig-Holsteiner durch den Zustrom von schwarzen Schafen und ihren bischoeflichen Hirten unsere kulturelle Identitaet verlieren.\nLeider ist es den meisten Katholiken aufgrund ihrer fundamentalistischen Einstellung bisher nicht gelungen, ihre naturreligioese Vorstellung von Sexualitaet, nach der sexuelle Handlungen nur zum Zwecke der Fortpflanzung ausgeuebt werden duerfen, abzulegen. Das fuehrt dazu, dass diese Bevoelkerungsgruppe, die wir einst als Gaeste in unser Land riefen, sich hier vermehren, wie die Karnickel in der Geest. Sind es nicht jene Katholiken, die durch ihre beharrliche Ablehnung jeder Form von Empfaengnisverhuetung in erheblichem Umfang zur Verschaerfung von Problemen wie Wohnungsnot und Arbeitslosigkeit beigetragen haben und damit die Stabilitaet der D-Mark in Gefahr bringen?\nNach Untersuchungen des Landeskriminalamts Bayern wurde eindeutig nachgewiesen, dass 78.47% aller bayerischen Straftaeter Katholiken sind. Allein diese Zahl macht schon deutlich, dass der dramatische Anstieg der Kriminalitaet in den letzten Jahren nicht unabhaengig vom Katholikenproblem betrachtet werden darf. Noch stellen die Katholiken in unserem Schleswig-Holstein eine Minderheit dar, doch alleine in der Zeit von 1961 bis 1987 hat sich ihre Zahl um mehr als 22% auf 157.000 erhoeht. Schon das Symbol, das die Katholiken anbeten, das Bildnis eines Gefolterten am Kreuz, ist ein beredtes Zeugnis der latenten Gewaltbereitschaft dieser Gruppe. Muss es erst soweit kommen, dass sich keine schleswig-holsteinische Frau mehr aus Angst vor Katholiken auf die Strasse traut?\nNach wie vor stehen eine Vielzahl der religioesen Rituale der Katholiken im eklatanten Widerspruch zum Grundgesetz der Bundesrepublik Deutschland. Hierzu nur zwei Beispiele: Waehrend das Grundgesetz Ehe und Familie unter den besonderen Schutz der Gemeinschaft stellt, verbietet die Katholische Kirche ihren Priestern kategorisch die Eheschliessung und Familiengruendung. Waehrend nach dem Grundgesetz Maenner und Frauen gleichberechtigt sind, ist es den Frauen in der Katholischen Kirche verboten, Priesterin zu werden. Muss es erst soweit kommen, dass der Erzbischof von Koeln die Macht an sich reisst, um das Grundgesetz ausser Kraft zu setzen und einen sogenannten Gottesstaat ohne demokratische Legitimation zu errichten?\nBesonders besorgniserregend ist fuer Fachleute die Tatsache, dass zwischen der Einfuehrung des Bundessozialhilfegesetzes im Jahre 1961 und dem Anstieg der Katholikentagen in Schleswig-Holstein direkte Zusammenhaenge vermutet werden koennen. Hier ruhen sich Katholiken ganz offensichtlich in der Haengematte unseres Wohlfahrtstaates aus. Zwar sind wir noch eines der reichsten Laender dieser Erde, aber wie lange koennen wir uns diesen Missbrauch durch die Katholiken noch leisten?\nBereits jetzt sind die negativen Einfluesse der Katholiken auf die deutsche Wirtschaft erkennbar. Die hohe Anzahl ihrer religioesen Feiertage fuehrt zu Produktionseinbussen in Milliardenhoehe. Dies hat die Konkurrenzfaehigkeit z.B. zur japanischen Industrie, in der so gut wie keine Katholiken arbeiten, erheblich beeintraechtigt. Muss die deutsche Wirtschaft erst voellig am Boden liegen, bis die Katholikenflut eingedaemmt wird?\nDie Katholiken haben einen eigenen Staat, eine Heimat, in der sie nicht unterdrueckt und verfolgt werden. Wenn sie zu uns kommen, geschieht dies in der Regel nur aus wirtschaftlichen Gruenden, obwohl der Vatikan das hoechste Pro-Kopf-Einkommen der Welt hat. Muessen wir am Ende alle 900 Millionen Katholiken der Erde bei uns aufnehmen? Nein, wir koennen das Katholikenproblem dieser Welt nicht alleine loesen, und die zunehmende Katholikenfeindlichkeit in Schleswig- Holstein erfordert sofortiges Eingreifen und Handeln.\nWir schlagen deshalb vor:\nAbweisung aller Katholiken an den Grenzen Schleswig-Holsteins! Sofortige Abschiebung aller kriminellen Katholiken in den Vatikan! Erteilung einer befristeten Aufenthaltsgenehmigung fuer Katholiken nur bei Nachweis eines Arbeitsplatzes! Abschaffung des Wahlrechts fuer Katholiken! Ausweisung aller Katholiken bei Sozialhilfebezug und Arbeitslosigkeit! Unterbringung aller Katholiken in Gemeinschaftsunterkuenften! Ausweisung der Katholiken bei verfassungsfeindlichen Aktivitaeten! DAS BOOT IST VOLL! STOPPT DIE KATHOLIKENFLUT!\n","date":"2010-05-19T00:00:00Z","href":"https://blog.koehntopp.info/2010/05/19/stoppt-die-katholikenflut.html","tags":["anderswo","kirche","religion","lang_de"],"title":"Stoppt die Katholikenflut!"},{"categories":null,"content":"In einem Kommentar zu \u0026ldquo;Wie man aus Versehen WLAN-Daten mitschneidet\u0026rdquo; schreibt Florian:\nSorry, sowas DARF nicht \u0026ldquo;passieren\u0026rdquo;. Nicht Google und keinem anderen Unternehmen, dass auch nur entfernt von Seriösität und Vertraulichkeit lebt. Hört bitte auf, die Schuld wieder den \u0026ldquo;Medien\u0026rdquo; oder der \u0026ldquo;Politik\u0026rdquo; zuzuschieben. Google hat Scheisse gebaut.\nAber so etwas passiert.\nEs passiert so oft, daß es Standards dafür gibt. In der Sprache und dem Prozeßmodell von ITIL ist so etwas ein Incident : \u0026ldquo;Ein Ereignis, das nicht zum standardmäßigen Betrieb eines Services gehört und das tatsächlich oder potenziell eine Unterbrechung dieses Services oder eine Minderung der vereinbarten Qualität verursacht.\u0026rdquo; Das ist vornehm für \u0026ldquo;Scheiße gebaut oder in der Scheiße stecken\u0026rdquo;.\nSo etwas passiert.\nIch habe es oft genug gesehen. In einem anderen Leben war es mein Job, Incidents zu managen, also zu erkennen, daß wir in der Scheiße stecken und Leute zusammenzutrommeln, die das dann sofort beheben.\nIn der Folge dann festzustellen, woran das lag (Das nennt man in ITIL: Problem Management ) und Maßnahmen einzuleiten, die dafür sorgen, daß das nicht wieder passiert (in ITIL ein Aspekt von Change Management , nämlich der Aspekt, der die Prozesse und Arbeitsanweisungen selbst changed).\nIn jenem Leben war mein Job die Security-Seite des gesamten Betriebes. Wäre ein WLAN-Fail wie bei Google zu dieser Zeit bei meinem Arbeitgeber geschehen, wäre er als Privacy-Problem genau bei mir als zuständigem Techniker und bei dem Kollegen gelandet, der Datenschutzbeauftragter und Jurist der Firma war. In noch einem anderen Leben war mein Job Datenbank-Consultant. Und auch da kommt es schon einmal vor, daß man bemerkt, daß die Dinge nicht so liegen wie einem die Betreiber der Anlage schildern daß sie liegen sollten.\nSo etwas passiert.\nAuch anderswo als bei Google. Und ja, es passiert \u0026lsquo;aus Versehen\u0026rsquo;, also aus Unachtsamkeit, Unkenntnis, durch Fehlbedienung oder Fehlinterpretation von Arbeitsanweisungen und aus tausend anderen Gründen. Sei es, daß ein Laden mehr Daten erfaßt als er glaubt, daß er das tut. Oder daß ein anderer Laden glaubt, Daten physisch zu löschen und sich dann herausstellt, daß die entsprechenden Datensätze seit Jahren nur als \u0026lsquo;ungültig\u0026rsquo; geflaggt werden statt entfernt zu werden, oder daß ein dritter Laden personenbezogene Daten glaubt zu pseudonymisieren und sich hinterher herausstellt, daß sich diese Pseudonyme intern trivial aufdecken lassen, um mal typische Fehlersituationen herauszugreifen ohne zu konkret zu werden.\nIn jedem der genannten drei Fälle handelt es sich in den konkret erlebten Situationen vermutlich gegen einen Verstoß gegen geltendes Recht des jeweiligen Landes, indem der Incident aufgetreten ist. Der Unterschied zwischen dem Vorgehen von Google und dem Vorgehen in anderen mir bekannten Fällen ist der, daß Google den Fall dokumentiert und öffentlich macht und unter Aufsicht löscht , statt das Problem still und heimlich im Kämmerlein unter den Teppich zu kehren.\nOb das PR-Technisch global ein Gewinn ist weiß ich nicht.\nAber mir persönlich nötigt das eine ganze Menge Respekt ab und ist eher geeignet, mein Vertrauen in die Ehrlichkeit von Google zu stärken.\n","date":"2010-05-18T00:00:00Z","href":"https://blog.koehntopp.info/2010/05/18/incident-management-und-transparenz.html","tags":["privacy","security","wlan","lang_de"],"title":"Incident Management und Transparenz"},{"categories":null,"content":"Als Nachtrag zu Wie man aus Versehen WLAN Daten mitschneidet hier die Erklärung zu \u0026ldquo;Weswegen fahren Leute eigentlich systematisch durch die Straßen der Großstädte der Welt und zeichnen die Kennungen von WLAN Access Points und vermutlich auch GSM Basisstationen auf?\u0026rdquo;\nNun, jedesmal, wenn Ihr ein Handy online nehmt um dort eine Kartenanwendung Eurer Wahl zu aktivieren, muß das Handy seine Position bestimmen. Das kann vollkommen freihändig passieren, also nur mit dem GPS-Chip im Handy, wie es die originale Nokia Map-Anwendung in meinem E90 getan hat. Das Handy braucht dann freie Sicht zum Himmel und circa 80 Sekunden lang eine relativ stabile Position, damit es funktioniert.\nFür die mobile Anwendung ist das nicht wirklich akzeptabel, wie ich selbst ausprobieren konnte, als ich auf der Suche nach dem Kunden mitten in London stand und jeweils 2 bis 3 Minuten lang zur Salzsäule wurde, bevor ich wußte, wo ich lang mußte.\nDazu kommt, daß GPS Hardware eine ganze Menge Strom zieht und den Akku des Mobiltelefons binnen einer oder zweier Stunden auch bei guter Kondition und voller Ladung leicht leer lutschen kann. Auch das mit dem E90 getestet, indem ich auf der Suche nach besagtem Kunden vergessen habe die Kartenanwendung nach Gebrauch zu beenden - ein Handy mit Multitasking kann auch Nachteile haben, liebe geplagte iPhone-Anwender.\nModerne GPS-Anwendungen machen daher etwas anderes: Sie verwenden EGPS , AGPS oder gar GPS-freie Lokalisierungen ( Skyhook ).\nEGPS verwendet eine Grobpeilung auf der Basis von Kennungen der Basisstationen um die Position des Telefons grob (auf Genauigkeit von Mobilfunkzellen) zu schätzen. Zellengrößen im Mobilfunk sind sehr unterschiedlich, sie können mehrere Kilometer groß sein, im Innenstadtbereich als Mikrozellen aber auch einzelne Plätze oder Teile von Plätzen abdecken.\nTechnisch ist es auch denkbar, daß das Mobiltelefon das Mobilfunknetz nach einer Triangulation des Telefons fragt - das Netz \u0026lsquo;sieht\u0026rsquo; ein Telefon ja oft mit mehr als einer Basisstation gleichzeitig, mit unterschiedlichen Signalstärken, und die Basisstation hat oft mehrere Antennen, die jeweils Richtcharacteristik haben. Dadurch kann das Mobilfunknetz die Position eines Telefons genauer bestimmen als das Telefon das alleine kann und dem Telefon diese Informationen bereitstellen (lieber noch würde man dem Teilnehmer einen Dienst auf der Basis dieser Daten verkaufen, also location based services).\nAGPS ist eine weitergehende Unterstützung der Positionsbestimmung des Telefons, in der das Telefon nur die Signale der GPS Satelliten mißt, sie aber nicht selber auswertet, sondern an einen Server im Netz weiter gibt. Der Server hat eine genauere Uhr als das Mobiltelefon, was für GPS Genauigkeit von entscheidener Bedeutung ist. Er hat weiterhin mehr Speicher und CPU, sodaß er die für die Berechnung der Position notwendigen Nachschlagetabellen im Speicher halten kann statt sie erst herunter laden zu müssen (letzteres ist der Grund für 40 Sekunden der 80 Sekunden GPS Startzeit).\nGPS-lose Lokalisierungsdienste wie Skyhook oder eben Google haben außerdem eine recht gute Karte von Sendern aller Art in der Stadt - Basisstationen für GSM wie für WLAN. Ein Telefon, das seine Position bestimmen möchte, kann nun messen, welche Sender und Senderkennungen es sehen kann und diese Informationen an den Lokalisierungsdienst hochladen. Der Lokalisierungsdienst gibt nun eine Position und eine Genauigkeit als Ergebnis zurück. Telefone ohne GPS Hardware verwenden ausschließlich solche Positionierungsdienste zur Positionsbestimmung.\nWenn man gar kein WLAN sehen kann, sich also in der Pampa befindet, dann können nur GSM Basisstationen verwendet werden. Man hat dann natürlich ein ziemliches Schätzeisen, das zur Navigation nur eingeschränkt verwendbar ist. In der Stadt dagegen ist ein solcher Dienst für Straßen und Hausnummern in der Regel genau genug und viel, viel schneller als irgendeine GPS-Variante.\nDamit man einen solchen Dienst anbieten kann braucht man eine Verknüpfung von GPS-Positionen mit den Sendern, die an dieser Position sichtbar sind. Und dafür wiederum braucht man etwas, mit dem man Sender wiedererkennen kann. Skyhook und Google verwenden dafür die MAC-Adresse der Basisstation, also die in der Netzwerkkarte eingebrannte Hardware Adresse (6 Bytes, wie bei allen neueren IEEE Protokollen) und die ESSID, den WLAN Netzwerknamen (32 frei wählbare Bytes, oft vom Netzbetreiber gewählter Klartext der das Netz beschreibt).\nDie MAC Adresse steht im Absenderfeld jedes Paketes, das der Access Point selbst generiert, und die ESSID steht (zusammen mit der MAC Adresse) auch in den Beacon Paketen, die der Access Point alle paar Millisekunden abstrahlt, um das Netz für Empfänger in der Gegend anzupreisen.\nWenn man den Access Point nicht versteckt (in privat betriebenen Netzen nicht üblich), dann strahlt der AP die Beacon laufend und im Klartext aus, auch wenn die Payload im Netz mit WEP oder einer WPA-Geschmacksrichtung verschlüsselt ist. Das muß er, damit ein Client (etwa ein Laptop) das Netz \u0026lsquo;sehen\u0026rsquo; und dem Benutzer zur Auswahl anbieten kann. Der Benutzer verbindet den Laptop dann mit der ESSID des Netzes, indem er den Schlüssel für dieses Netz eingibt, und das wiederum erlaubt dann auch die Entschlüsselung von Payload Paketen.\nWardriving , Sarumans Turm\nDamit Firmen wie Skyhook oder Google einen solchen Positionierungsdienst anbieten können brauchen sie laufend aktuelle Karten, die sichtbare ESSIDs und MAC-Adressen auf GPS-Koordinaten abbilden. Dazu genügt es im Grunde, die Beacon-Pakete der Netze aufzufangen, die man bei der Durchfahrt sieht. Das ist auch das, was Google intendiert hatte. Man kann das zum Beispiel daran sehen, daß Google nach eigener Auskunft alle 200ms (fünf mal pro Sekunde) den Kanal wechselt, um so regelmäßig alle WLAN-Frequenzen durchzuprobieren, die in Deutschland zugelassen sind. Der Scanner im Street View- oder Skyhook-Wagen verhält sich dabei genau wie ein Laptop, der noch nicht mit einer ESSID assoziiert ist und der für die Erstellung der Liste der WLANs in der Umgebung alle vorhandenen Frequenzen abtastet.\nIn der Vergangenheit hat Google diese Daten von Skyhook lizensiert, aber wenn man sowieso Street View Cars durch die Straßen schicken muß, um Turn-Based Navigation realisieren zu können, dann kann man diese Daten natürlich auch selbst erfassen, statt Skyhook zu finanzieren - darum ein Stück Stumbler -Software und eine WLAN-Antenne in den Street View Cars.\nDer Fehler, den Google dabei gemacht hat, ist alle empfangenen Pakete und Paketfragmente aufzuzeichnen, anstatt schon bei der Aufzeichnung nur die Beacons aufzuzeichnen. Empfangen muß Google genau wie Skyhook oder jeder Client-Laptop auch erst einmal alle Pakete, weil erst dann durch das Typ/Subtyp-Feld im WLAN-Frame erkennbar wird, was ein Payload-Paket ist und was ein Management-Paket (Beacons sind nur ein Typ von Management Paketen, es gibt noch viele mehr). Mit den aufgefangenen Payload-Paketen kann niemand etwas anfangen (*1) falls das Netzwerk mit einem WEP- oder WPA-Key geschützt ist, da sie dann verschlüsselt sind. Nur wenn das Netz unverschlüsselt ist liegen die Daten der Payload offen vor (*2).\n(*1) Angriffe auf WEP gibt es zu Hauf, aber sie brauchen in der Regel mehr Daten als man in 200ms auffangen kann.\n(*2) Falls nicht noch eine weitere Sicherung wie ssh, SSL oder ein VPN verwendet worden ist, was jeder vernünftig denkende Mensch in einem offenen WLAN hoffentlich grundsätzlich macht.\n","date":"2010-05-17T00:00:00Z","href":"https://blog.koehntopp.info/2010/05/17/wlans-mappen.html","tags":["internet","privacy","security","wlan","lang_de"],"title":"WLANs mappen"},{"categories":null,"content":" Spiegel Online Service: Technische Erklärung dessen, was passiert ist: dieser Artikel. Wozu macht Google das eigentlich? WLANs mappen -Artikel. Wer ist dieser Kristian Köhntopp eigentlich? XING-Profil TL;DR : Google sammelt wie Skyhook und andere Unternehmen die Hardware-Adressen und Netzwerknamen von WLANs, weil diese in dicht besiedelten Gebieten eine sehr schnelle und recht gute Näherung für eine Positionsbestimmung sind (GPS: 80 Sekunden, WLAN-Fingerprint der Position: \u0026lt;2 Sekunden, Details im Artikel WLANs mappen ). Dazu hat Google alle unverschlüsselten Pakete aufgezeichnet, die deren WLAN-Antenne gesehen hat: 32 Kanäle, je Kanal 1/5 Sekunde, immer im Kreis, genau wie jeder Laptop, der ein passendes WLAN sucht. Normal sind nur Beacon-Signale (\u0026ldquo;Ich bin das WLAN mit dem Namen \u0026hellip;\u0026rdquo;) unverschlüsselt, und das sind auch die Daten, für die sich Google interessiert. Aber es gibt auch in 2010 noch Leute, die Klartext-Daten über unverschlüsselte WLAN-Verbindungen rausblasen. Das ist sehr leichtsinnig und komplett unsicher. Google hat durch einen Programmierfehler unzusammenhängende 1/5 Sekunden-Fragmente von solchen ungeschützter Kommunikation aus diesen Netzen aufgefangen als das Auto vorbeigefahren ist. Das ist kein gezielter Lauschangriff, sondern eine Panne. Es ist Google hoch anzurechnen, daß sie den Fall ehrlicherweise öffentlich gemacht haben, anstatt unter den Teppich zu kehren, wie es sonst allgemein üblich ist. Originalartikel Vor zwei Tagen schreibt Google im Firmenblog: Wi-Fi data collection: an update :\nIn that blog post, and in a technical note sent to data protection authorities the same day, we said that while Google did collect publicly broadcast SSID information (the Wi-Fi network name) and MAC addresses (the unique number given to a device like a Wi-Fi router) using Street View cars, we did not collect payload data (information sent over the network). But it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) Wi-Fi networks, even though we never used that data in any Google products.\nund weiter\nSo how did this happen? Quite simply, it was a mistake. In 2006 an engineer working on an experimental Wi-Fi project wrote a piece of code that sampled all categories of publicly broadcast Wi-Fi data. A year later, when our mobile team started a project to collect basic Wi-Fi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data.\nPolitik und Datenschützer sind in Aufregung:\nSpiegel: Googles Datenpanne: Fehler im perfekten System Heise: Politik fordert von Google Aufklärung über WLAN-Datensammlung Süddeutsche: Google: Datenpanne bei Street View: \u0026lsquo;\u0026lsquo;Unabsichtlich\u0026rsquo;\u0026rsquo; ausgespäht FAZ: Googles Street View Datenpanne: Schlamperei oder Vorsatz? Blogoscoped: Google Say They Were Collecting More Wi-Fi Data Than They Meant To BBC: Google admits wi-fi data collection blunder The Register: Google Street View snooped Wi-Fi for personal data: Network payloads collected \u0026lsquo;by mistake\u0026rsquo; Slashdot: Google Says It Mistakenly Collected Wi-Fi Data While Mapping Schauen wir also mal in die Technik und versuchen wir die Fragen, die sich aus dieser Aktion ergeben zu beantworten.\nDer Standard zum Thema WLAN stammt von der IEEE und ist erstaunlicherweise frei herunterladbar. Er befindet sich hier (PDF), wo man einen PDF-Download des Dokumentes bekommen kann. Der Standard ist lang und wem das zu lang ist, der findet in der Wikipedia und bei bei Wi-Fi-Planet eine Übersicht.\nIch schrieb in Internet mit Kugelschreibern (und Bussen) ja schon einmal:\nMein Rechner hat also keine Internet-Karte. Aber er kann jede seiner Netzwerkschnittstellen als Internet-Transport verwenden. Das eigentliche \u0026lsquo;Internet\u0026rsquo; in meinem Rechner ist dann ein Stück Software, das neben einigen anderen Dingen Pakete einkapselt und auskapselt.\nInternet-Pakete werden im Netz also nirgendwo direkt verschickt, sondern je nach Medium in anderen, für das Medium spezifischen Frames eingekapselt. Auf einem Ethernet sind es Ethernet-Frames, auf einem WLAN-Netz sind es die IEEE 802.11 Payload Frames.\nNun ist ein WLAN besonders, es unterscheidet sich von einem Kabelnetzwerk in dem Sinne, daß viele der Annahmen nicht gelten, die man in Kabelnetzen machen darf. Im Standard selbst findet man:\nThe PHYs used in IEEE Std 802.11 are fundamentally different from wired media. Thus, IEEE 802.11 PHYs\nUse a medium that has neither absolute nor readily observable boundaries outside of which STAs with conformant PHY transceivers are known to be unable to receive network frames Are unprotected from other signals that may be sharing the medium Communicate over a medium significantly less reliable than wired PHYs Have dynamic topologies Lack full connectivity, and therefore the assumption normally made that every STA can hear every other STA is invalid (i.e., STAs may be “hidden” from each other) Have time-varying and asymmetric propagation properties May experience interference from logically disjoint IEEE 802.11 networks operating in overlapping areas Was der Standard uns damit sagen will:\nDie Teilnehmer (Physical Layer Interfaces, PHYs) in einem WLAN arbeiten in einem Medium, das nicht wie ein Kabel absolut oder erkennbar begrenzt ist, sodass entscheidbar wäre, ob eine Station mit dem Medium verbunden ist oder nicht.\nEbenso kann das Medium durch andere Dinge, die nichts mit Netzteilnehmern zu tun haben, gestört werden oder es kann sich mit anderen Netzen nach demselben Standard überlappen, und ist daher schon konstruktionsbedingt weniger zuverlässig als ein kabelgebundenes Netz ist. Die Netzwerktopologie ist dynamisch in dem Sinne, daß der Standard explizit transportable (abgeschaltet bewegte) und mobile (angeschaltet bewegte) Stationen unterstützen muss und daß Netzteilnehmer nach Belieben im Sichtbarkeitsbereich einer Antenne erscheinen und verschwinden können - durch Bewegung, Störungen, Änderung der Ausbreitungsbedingungen oder durch An- und Abschalten.\nDaher gibt es in einem WLAN neben den Payload Frames, die die Nutzdaten der User enthalten noch eine ganze Menge weiterer Frametypen, die mit der Netzwerk-Administration im weitesten Sinne zu tun haben. Der Artikel bei Wi-Fi Planet gliedert sie schön auf in Frames, die mit der Netzwerkverwaltung zu tun haben - Anmelden, Abmelden, Bekanntmachen (Beacons) und Eigenschaften abfragen (Probes), Datenflusskontrolle (ganz klassisch: RTS, CTS und ACK) und die Payload selbst halt.\nWenn man eine Softwarekomponente schreiben will, die dem Erfassen und Decodieren von WLAN-Daten im Allgemeinen gelten soll, dann wird man also erst einmal alle Datenpakete von der Antenne ab mitschneiden und sie hinterher sortieren in die Pakete, die einen interessieren und die, die nicht weiter spannend sind. Das ist das, was diese Bibliothek macht, die oben in dem Google-Statement erwähnt wird: Sie schaltet eine Wi-Fi-Antenne und -Karte in den Monitor-Modus und schreibt einfach alle Pakete mit, die sie zu sehen bekommt.\nMit diesen Daten kann man eine ganze Reihe nutzbringender Dinge tun - neben der Kartierung von Funknetzwerken auf der Basis von MAC-Adressen und Beacon-Paketen halt auch Netzwerke debuggen, das Verhalten von Clients und Basisstationen im Netz beobachten oder amoklaufende Clients identifizieren - was man halt tut, wenn man im Netz unterhalb der Ebenen 3 und 4 (Netzwerkschicht/IP und Transportschicht/TCP) im Gerätetreiber-Keller rumkriechen muss.\nDas ist auch das, was ein Haufen anderer Pakete tun. Auf meinem Rechner finde ich beim Durchblättern von Macports Wireshark (Ethereal), Aircrack , Kismet und diverse andere Stumbler, die alle genau das tun, was auch diese Google Bibliothek tut - plus zusätzlich Funktionalität zum Angreifen und Knacken dieser Netzwerke (etwa bei Aircrack), die die Google Bibliothek genau nicht hat.\nWenn man dann denkt wie ein Haufen Physiker\u0026hellip;\nWenn man nun einmal ein paar Schritte zurücktritt und das Gesamtbild auf sich wirken lässt, dann erkennt man Muster: Alles in allem wirkt der Ansatz von Google auf mich wie eine Firma von Physikern oder anderen Experimental-Forschern mit akademischem Background, die beschlossen haben, einmal \u0026lsquo;so richtig\u0026rsquo; in die Wirtschaft zu gehen und ihre Methoden dort hin zu portieren.\nschrieb ich in Das Google-Missverständnis .\nZu dem Ansatz, den typische Physiker (stellvertretend für alle Naturwissenschaftler) typischerweise wählen gehört auch das Aufbewahren von Messdaten in Rohform - hier also der betreffenden aufgefangenen Wi-Fi-Pakete. Das braucht man, um frühere Ergebnisse nachvollziehen zu können oder fehlerhafte Berechnungen neu ablaufen zu lassen, aber auch, um historische Daten mit neueren Daten zu vergleichen und so ggf. Schlüsse über die Zeitachse ziehen zu können.\nGenau genommen muss das sogar technisch zwangsläufig so sein, denn ein Google Streetview Car ist, wenn man darüber nachdenkt, ein rollender Haufen Festplatten mit einem Satz Kameras, einem sehr guten GPS und eben einem Stapel von Wi-Fi und wahrscheinlich auch GSM-Antennen. Denn neben Wi-Fi-Kennungen zur Triangulation würde ich, wenn ich so etwas baute, auch die Kennungen von GSM-Basisstationen loggen wollen. Das Streetview-Car dockt dann irgendwann ans Google-Mutterschiff an und injiziert seine Datenerfassungen ins Firmen-Netzwerk, wo dann mit der Auswertung begonnen wird.\nInsofern ist die Erklärung für den Ablauf der Dinge, die Google uns gibt, schlüssig und plausibel.\nGehen wir doch mal in den Spiegel-Artikel und schauen uns die dort gestellten Fragen an. Was können wir beantworten?\nWarum entwickeln Google-Programmierer Schnüffel-Software? Weil Google WLANs auf einer Karte verzeichnen will (Wozu ist das gut? )\nEntwickelt worden ist eine Bibliothek zur Erfassung von 802.11 Frames. Erst nachdem man einen Frame erfasst hat, kann man auf die Felder Frame-Type und Frame-Subtype schauen und entscheiden, ob es etwa ein Beacon-Frame ist, in dem die ESSID eines Netzwerkes angekündigt wird, oder ein Payload-Frame. Bibliotheken, die WLAN-Interfaces in den Monitor-Modus schalten und dann alle Frametypen mitschneiden sind nicht selten - sie sind die Grundlage jedes Netzwerkmanagementsystems und in mannigfacher Zahl und Missgestalt Teil jeder Macports- oder Linux-Distribution.\nWie kommt Schnüffelcode in das umstrittene Street-View-Projekt? Wenn man ESSIDs kartieren möchte, dann muss man genau das tun: Eine Karte in den Monitor-Modus schalten und aufgefangene Beacon-Frames und MAC-Adressen von Karten zusammen GPS-Koordinaten und Zeitstempeln loggen. Streetview-Cars sind rollende Datenerfassungsmaschinen, die werten nicht aus, sondern schneiden nur mit. Das Sortieren hätte später beim Upload ins Google Corporate Netzwerk passieren müssen oder - besser - man hätte den Streetview-Maschinen von Anfang an diese minimale Sortierfunktionalität (Payload Frames nicht aufzeichnen) mitgeben müssen.\nWurde die Software nicht getestet? Normal geht Google sogar noch weiter - einerseits wird Software getestet, andererseits wird eine ganze Menge Zeit darauf verwendet, Code von Kollegen durchzusehen und zu reviewen. Insbesondere bei sicherheitskritischen Codestücken wird dies standardmäßig getan. Das ist aber code-zentriertes Arbeiten - datenzentriert scheinen solche Mechanismen nicht zu existieren.\nWarum merkt Google drei Jahre lang nicht, was da passiert? Weil der Prozess weitgehend automatisiert ist und niemand die Rohdaten angesehen hat, sondern alle Menschen mit den Daten beschäftigt waren, die aus der Verarbeitungs-Pipeline herausfallen, nachdem die Daten aus den Streetview-Cards aufbereitet worden sind. Erst die Nachfrage des Hamburger Datenschutzbeauftragten hat bewirkt, daß sich jemand einmal die gesamte Pipeline von vorne bis hinten angesehen hat und katalogisiert hat, was für Daten da eigentlich anfallen.\nDas Fazit: Die Software, die da zur Erfassung der WLAN-Daten geschrieben und betrieben worden ist folgt der Struktur, die die Technik und der WLAN-Standard der IEEE vorgeben. Das Vorgehen, das Google bei der Erfassung der Daten zeigt, ist logisch, vernünftig und in Deutschland illegal (§89 TKG und §202b StGB , wahrscheinlich).\nDie Erklärungen, die Google für das Entstehen des Fehlers gegeben hat, sind in im Kontext der Standards und im Vergleich mit anderer Software, die ähnliches leistet, konsistent und schlüssig. Der Fehler, der zu dem Problem geführt hat, ist naheliegend.\nZudem hat Google das Problem umgehend zugegeben und öffentlich gemacht, nachdem es entdeckt worden ist und geeignete Maßnahmen zur Eindämmung des Problems getroffen: Die Daten wurden im Corporate Network zusammengezogen, physisch isoliert und weitere Datenerfassung eingestellt. In Rücksprache mit den Behörden wird nun entschieden, ob die Daten gesäubert werden dürfen oder als Beweismaterial zurückbehalten werden müssen.\nDie Sicherungsmechanismen, die Google für die Qualitätskontrolle und für die rechtliche Zulässigkeit der Datenerfassung einsetzt, sind unzureichend und der bestehende Reviewprozess muss auf diesem Gebiet verbessert werden.\nAlles in allem finde ich das recht gut nachvollziehbar und geradezu vorbildlich gehandhabt, und verstehe die Hysterie und das Fingerzeigen in der Berichterstattung nicht.\nOh, und falls einer von Euch noch ein ungesichertes WLAN am Laufen hat ohne AP-Betreiber zu sein - oder über ein beliebiges öffentliches Netz noch unverschlüsselt kommuniziert: Bitte ändert das. Wir haben 2010 und nach dem BGH-Urteil ist das sowieso\u0026hellip; leichtsinnig.\n","date":"2010-05-16T00:00:00Z","href":"https://blog.koehntopp.info/2010/05/16/wie-man-aus-versehen-wlan-daten-mitschneidet.html","tags":["google","privacy","security","wlan","lang_de"],"title":"Wie man aus Versehen WLAN-Daten mitschneidet"},{"categories":null,"content":"In Sicherheitsmetrik heißt es als Antwort auf meinen Artikel DENIC erklärt sich :\nWir IT-Akademiker forschen gerne an Fragen herum, die einen vagen Relitätsbezug haben, die man aber in der Praxis pragmatisch handhabt. Nach ein paar Jahren haben wir die Lösungen der Pragmatiker formal dokumentiert und wissenschaftlich nachgewiesen, was die Kollegen immer schon wussten, nämlich dass das so tatsächlich funktioniert…. Die zehn Prozent sind formal betrachtet völlig willkürlich gewählt, tatsächlich aber wohl ein Erfahrungswert, der sich aus informellen Beobachtungen typischer Vorgänge ergibt. So etwas würde ein Wissenschaftler nie zulassen.\nDie zehn Prozent sind natürlich nicht willkürlich gewählt, sondern sorgfältig ermessen.\nDem Ganzen liegt eine andere Anekdote zugrunde, die die Denkweise eines Sysadmins verdeutlicht - am Ende geht es darum, Risiken für Menschen intuitiv handhabbar zu präsentieren (anstatt sie mit einem Regelwerk zu überschütten).\nPersönliche Betroffenheit führt zu persönlicher Verantwortung web.de war eine geldreiche Arbeitsumgebung. Mit 150 Mio Euro auf der Bank und ohne Schulden agiert eine Firma in Projekten nicht kostengetrieben, sondern erlösgetrieben.\nEs ist eine Umgebung, in der man Großes bewirken kann, aber es ist auch eine Umgebung, in der manche Projekteigentümer und Projektleiter nachlässig werden. Das ist so, denn in so einer Umgebungs sind Kosten alleine eben kein ausreichender Motivator, um bestehende Probleme anzugehen statt neue Projekte zu beginnen - die Firma lebt von Velocity, also der Geschwindigkeit der Innovation anstatt von Effizienz, denn Gewinn wird mit dem Wachstum des Marktes gemacht statt der Konkurrenz Anteile abzunehmen (Cynefin Marktreife in den Quadranten Complex und Complicated).\nSo kommt es, daß in solchen Umgebungen manchmal Systeme im Einsatz sind, die die für den Betrieb notwendige Stabilität nicht von sich aus mitbringen, sondern bei der die Stabilität durch permanente Arbeit des Operatings erzeugt wird.\nWill sagen, man hat Software mit Memory Leaks oder Race Conditions oder anderen schwer zu findenden Fehlern, die mit einer gewissen Eintrittswahrscheinlichkeit versehen sind. Der Betrieb erkennt die mit Sicherheit irgendwann eintretende Fehlersituation vorher und behebt das Problem durch, äh, vorbeugende Wartung. Also durch das Herausnehmen einer Komponente aus dem Loadbalancer und einen Neustart des betreffenden Systems mit anschließender Reintegration oder vergleichbare Maßnahmen.\nDie zur Fehlersuche und Behebung notwendigen Stunden Entwicklerzeit will niemand gutwillig bereitstellen, da es andere laufende Projekte verzögern würde, also Velocity kosten würde. Und eine tatsächliche Aufwandsschätzung ist bei Heisenbugs sowieso immer schwierig, da der Aufwand in der Regel in Instrumentation und Warten besteht, solange der Fehler nicht mit vernünftigem Aufwand im Labor provoizierbar ist. Man kann also nicht sagen \u0026lsquo;Es wird circa 4 Stunden dauern, diesen Bug zu fixen\u0026rsquo;, weil man ihn überhaupt erst mal beobachten muß.\nWenn nun Kosten im Operating kein Instrument sind mit denen man seine Projektleitung zur Bereitstellung von Ressourcen motivieren kann, dann ist die erprobte Strategie der Managementmotivation im Operating eine, die ich gerne mit \u0026ldquo;Teile die Schmerzen\u0026rdquo; beschrieben möchte.\nZum Beispiel setzt man den Projekteigentümer auf dieselbe Alerting-Methode wie den Sysadmin, der am Ende Sonntag nachts um 4 Uhr wegen eines Alarms die vorbeugende Wartung durchführen muß. Die Begründung ist, daß der Projekteigentümer bei einem System dieser Wichtigkeitsstufe ja über Ausfälle informiert sein muß. Er muß schließlich bereit stehen, um als Entscheider die notwendigen Anweisungen zu geben wenn etwas schiefgeht - so etwas wichtiges kann man ja auf keinem Fall einem einfachen Operator überlassen.\nWenn wir nun also einen jungen Projektverantwortlichen haben, bei dem das Handy Sonntag nachts um vier die Frau und das 6 Monate alte Kind weckt, dann ist diese Person nach einigen Wochen unmittelbaren Alerting-Erlebens sehr viel zugänglicher, wenn auf auf einem Montagsmeeting der Vorschlag gemacht wird, endlich einmal eine Hand voll Entwicklerstunden in die Verbesserung der Stabilität dieses vergleichsweise wackeligen Systems zu stecken. Das Interesse ergibt sich hier dann nicht aus den Projektkosten, sondern aus persönlicher Betroffenheit.\nWieviel Risiko ist vertretbar? Das ist derselbe Mechanismus, der auch unter den Admins selbst am Werk ist. Sie machen Bereitschaft und sie bekommen Alarmmeldungen, Tag und Nacht. Admins haben ein natürliches Interesse an den Schranken von Alarmen, denn es sind diese Einstellungen der Sensitivität des Überwachungssystemen, nach denen sich die Qualität ihres Nachtschlafs und das Klima in ihren Familien bemißt. Admins wollen nicht von unnötigen Alarmen gestört werden, sie wollen also keine false positives.\nNoch schlimmer sind aber false negatives, also Alarme die hätten gesendet werden sollen, aber nicht gesendet wurden. Denn diese kosten nicht nur den Bonus, sondern auch auf Wochen hinaus das Familien- und Arbeitsklima. In einem funktionierenden Admin-Team - jedem funktionierenden Admin-Team - mit einem gut eingestellten Monitoring kann man also darauf vertrauen, daß gerade eben so viele Alarme zu viel gesendet werden, daß die Meldungen des Alarmierungssystems noch vertrauenswürdig sind.\nDie Schwellwerte im System ergeben sich empirisch unter dieser Strategie: Überwachungssysteme werden erschaffen und messen Daten, generieren darauf basierend Alarme - in der Regel viel zu viele Alarme.\nEin gutes Admin-Team wird die meisten dieser Alarme ignorieren. Es wird außerdem regelmäßig die ignorierten und beiseite geschobenen Alarme auswerten, um daraufhin das Monitoring anzupassen, damit die Schwellwerte realistischer werden. Die neuen Schwellwerte werden immer noch zu sensibel sein, aber näher an realistischen Werten. Das Verfahren wird in der Regel nicht formalisiert durchgeführt (Capability Maturity Rating 1 für den Prozeß: \u0026lsquo;individual heroics\u0026rsquo;), ist aber im Verhalten wahrscheinlich einem inversen TCP Slow Start ähnlich (Man kann das natürlich modellieren, aber mir sind keine formalen Papiere zum Thema \u0026lsquo;Tuningalgorithmen für Monitoringsysteme\u0026rsquo; bekannt).\nRisiken menschengerecht erlebbar machen - Shared Spaces statt Regelsysteme Das Verhalten, das dem ganzen Zugrunde liegt, ist natürlich Risikokompensation und die ist in Grenzen modellierbar .\nMenschen versuchen, ihr Verhalten so zu optimieren, daß sie ein System möglichst voll \u0026lsquo;ausfahren\u0026rsquo;, seine Ressourcen also ausnutzen. Das heißt im Verkehr zum Beispiel, daß sie ein Auto schneller fahren oder enger überholen, wenn das Auto sich sicherer anfühlt oder eine bessere Lenkung oder Bremsen bekommt. Der lenkende Mensch wird dabei versuchen, das gefühlte Risiko stabil zu halten, indem er höhere Wagnisse eingeht.\nMan kann das umgekehrt nutzen, um mehr Sicherheit zu erzeugen, indem man Menschen Risiken spüren läßt und Systeme baut, die sich linear und stetig verhalten, also um Risiken für Menschen gut vorhersagbar und erlebbar machen. Im Verkehr nennt man dieses Konzept Shared Space und man kann es auch in der IT anwenden.\nShared Space funktioniert eben nicht, indem man einfach die Verkehrszeichen in einem Ort alle abmontiert und alle Bürgersteige planiert. Es gibt eine Reihe von Vorraussetzungen, die alle zusammen erfüllt sein müssen, damit man ein System hat, indem Menschen Risiken wahrnehmen und erkennen können und in denen sie aktiv agieren, um diese zu vermeiden.\nVisibility (und Predictability) Eine ist zum Beispiel, daß man es mit einem System zutun hat, das linear (oder logarithmisch) und stetig ist, bei dem also dem großen Knall eine Reihe von kleineren, mit zunehmendem Risiko schlimmer werdenden Warnsignalen auftreten - Menschen machen diese Annahme implizit, auch dann, wenn sie es mit Systemen zu tun haben, die weder linear noch stetig sind. Baut man ein System, bei dem Totalversagen nicht vorher von harmlosen Warnsignalen angekündigt wird, oder bei dem das Versagensrisiko in einer Weise ansteigt die von Menschen nicht intuitiv modellierbar ist, dann hat man ein System das massenweise Leute umbringt. Die Gefahrensituation muß also für den Menschen im Vorfeld erkennbar und vorhersehrbar sein - aktive und passive Visibility, sehen und gesehen werden, muß gegeben sein.\nIn einem Shared Space-Verkehrsgebiet bedeutet das zum Beispiel, daß man einige Kreuzungen umbauen muß, damit sie einsehbar werden oder andere Gebiete so umbauen muß, daß die entzerrt werden, voneinander abhängige Gefahrenquellen also entkoppelt werden und so auftreten, daß sie als aufeinanderfolgende separate Ereignisse abgehandelt werden, statt die Verkehrsteilnehmer mit zu vielen um Aufmerksamkeit konkurrierenden Situationen gleichzeitig zu überfordern.\nIn einer Produktionsumgebung in der IT bedeutet dies, daß man Systeme bauen muß, die \u0026lsquo;sanft\u0026rsquo; versagen und rechtzeitig vorher erkennbare Warnsignale generieren. Und daß man ein Monitoring haben muß, das ist der Lage ist, solche Warnungen zu visualisieren. Am Besten auch eines, das allgemein wahrgenommen wird - also Monitore mit Displays an wichtigen Stellen im Betrieb.\nEducation Eine andere Vorraussetzung ist, daß die Menschen in der Lage sein müssen, die Gefahrensituationen erkennen und bewerten zu können. Shared Spaces funktionieren also nur in einem Umfeld, in dem es eine passende Ausbildung gibt.\nIm Verkehr bedeutet das, daß Verkehrserziehung, Fahrausbildung und Awareness auf dem richtigen Niveau sein müssen, damit den Verkehrsteilnehmern das erwartete Verhalten, Handlungsmöglichkeiten und typisches Verhaltensfehler bekannt sind, so daß sie mit vergleichbaren Erwartungen und gut trainierten Sicherheitsreflexen in den Verkehr gehen.\nIn einer Produktionsumgebung bedeutet das, daß den verantwortlichen Mitarbeitern die Systeme, die sie fahren sollen, bekannt sind, sodaß sie ein Modell des Systems im Kopf haben, das den betrieblichen Realitäten entspricht, daß ihnen Diagnose- und Eingriffsmöglichkeiten bekannt sind und daß sie Zugriff auf Eskalationsmöglichkeiten in der Systementwicklung haben, wenn ein Fehler die Möglichkeiten des Operatings übersteigt.\nEmpowerment Und die dritte Vorraussetzung ist, daß die Menschen in einem System die Möglichkeit haben, Verantwortung zu übernehmen und ad-hoc vor Ort Regeln aufzustellen oder Situationen verbindlich zu klären - das ist Ermächtigung.\nIm Verkehr bedeutet das, daß man Zeichen entfernt, die Entscheidungen des Autofahrers überstimmen. Ampeln und Vorfahrtszeichen kommen weg, denn sie bestimmen über den Kopf des Fahrzeugführers hinweg \u0026lsquo;Du mußt halten\u0026rsquo; oder \u0026lsquo;Du kannst fahren\u0026rsquo;. Stattdessen ist der Fahrzeugführer jetzt verantwortlich, sein Fahrzeug berührungsfrei durch den Verkehr zu bewegen und er muß jede Halte- und Fahrentscheidung selbst und in letzter Verantwortung treffen. Das kann er, denn er hat die notwendige Visibility - er wird gesehen und kann sehen. Und er hat die notwendige Ausbildung.\nIn einer Produktionsumgebung in der IT sieht es genau so aus - statt dem Admins und Entwicklern einen Kubikmeter ITIL V3 Handbuch an den Kopf zu werfen und zu sagen: \u0026ldquo;Implementiert das!\u0026rdquo; gibt man ihnen die Verantwortung für den Betrieb und sagt: \u0026ldquo;Haltet das am Laufen! Was braucht Ihr dazu?\u0026rdquo;. Mitarbeiter mit der passenden Ausbildung und der passenden Visibility sind dazu in der Lage, das zu regeln, wenn man sie entsprechend ermächtigt.\nDie natürliche Risikoanpassung wird dann dazu führen, daß sie selbst die für den Betrieb notwendigen Regeln und Absprachen ad-hoc treffen.\n","date":"2010-05-16T00:00:00Z","href":"https://blog.koehntopp.info/2010/05/16/wieso-zehn-prozent.html","tags":["devops","monitoring","security","lang_de"],"title":"Wieso zehn Prozent?"},{"categories":null,"content":"Gestern ab halb zwei ging es los: Immer mehr DE-Domains waren nicht mehr erreichbar. Schlimmer noch, anstatt keine Antwort zu liefern lieferten die Nameserver für die Domain \u0026ldquo;de\u0026rdquo; die Antwort \u0026lsquo;Diese Domain gibt es nicht!\u0026rsquo;. Das bedeutete eine ganze Reihe von Problemen - zum Beispiel ging Mail an diese Domains mit \u0026lsquo;Unzustellbar wegen unbekannter Domain\u0026rsquo; an den Absender zurück, anstatt bis zum Ende der Störung liegen zu bleiben.\nWas ging schief? In einer Mail auf public-l hat die DENIC-Pressestelle eine Erklärung veröffentlicht :\nHintergrund dafür war, dass im Rahmen der regelmäßigen 2-stündigen Aktualisierung der Nameservicedaten auf 12 der 16 Servicestandorte durch einen unterbrochenen Kopiervorgang die Verteilung einer nicht vollständigen Aktualisierung (sog. Zonendatei) angestoßen wurde\u0026hellip;.\nZwar sollte auch dieser Vorgang abgesichert sein, der Sicherungsmechanismus hat den Fehler allerdings nicht korrekt ausgewertet, so dass im Effekt der Kopierfehler nicht entdeckt und der Weiterverarbeitungsprozess nicht angehalten wurde.\nEine Zone ist DNS-Speak für eine Konfigurationsdatei für einen DNS-Server und enthält in der Regel die Daten einer Domain. Die Zonendatei für DE ist nun wie man sich leicht vorstellen kann besonders groß, da sie die Konfigurations- und Delegationsdaten für alle DE-Domains enthält. Sie wird aus einer Datenbank neu generiert und dann an die Nameserver verteilt, die die DE-Domain betreiben. Dieser Verteilvorgang wurde nach Übertragung von ca. einem Drittel der Daten unterbrochen und das Checkscript hat auf den Fehler nicht korrekt reagiert und die Verarbeitung der Datei nicht abgebrochen.\nIn einem früheren Leben habe ich bei einem Kieler Provider gearbeitet und auch dort hatten wir eine Reihe von Scripten, die Konfigurationsdateien aus Datenbanken generiert haben. Neben anderen Integritätstests hatte wir in diesen Scripten in der Regel auch eine Prüfung drin, die festgestellt hat, wie sehr sich die Anzahl der Datensätze im Vergleich zum vorhergehenden Run geändert hatte. Wenn die Fluktuation bei mehr als 10% lag, hat das Script die Datei neben der alten Datei installiert, aber nicht live geschaltet, sondern eine Mail an die Admins geschickt, damit die sich das Ding mal ansehen und es manuell live nehmen. Das hat uns mehr als einmal den Hintern gerettet.\nSolche Sicherungen kann ich jedem Scripter von Admin-Diensten nur empfehlen!\n","date":"2010-05-14T00:00:00Z","href":"https://blog.koehntopp.info/2010/05/14/denic-erkl-rt-sich.html","tags":["devops","internet","lang_de"],"title":"DENIC erklärt sich"},{"categories":null,"content":"Letztes Jahr um diese Zeit schrieb ich in Politik, Polemik und eine Agenda über die Probleme, die sich aus gemeinsamer Werkschaffung und spontaner Kooperation ergeben, wenn man etwa der Herausgeber eines Buches ist oder Anime-Filme für den deutschen Markt synchronisiert, aber auch, wie solche Projekte in einzelnen Fällen anfangen, ihre ursprüngliche Zielsetzung zu transzendieren und beginnen, neue Originale zu schaffen statt anderer Leute Werke zu übersetzen, adaptieren oder erweitern. Mit ein wenig Systematik kann man das sogar in kooperative Regeln fassen und institutionalisieren.\nDieser Tage lese ich auf Carta einen faszinierenden Artikel Den gordischen Knoten durchschlagen – Ideen für ein neues Urheberrechtskonzept von Till Kreuzer. Der wiederum stellt erst einmal heraus, was das Problem mit dem aktuellen Urheberrecht denn seiner Meinung nach ist, und das ist in etwa derselbe Gedanke wie bei mir oben:\nKreativität entfaltet sich zunehmend kollektiv. Werke entstehen massenhaft in heterogen und synergetisch im virtuellen Raum zusammenwirkenden Communities. Das Netz und entsprechende Software („der Code“) ermöglichen es, die kreative Schaffenskraft Tausender zu bündeln werden, um Open-Content-Projekte wie Wikipedia oder Open Source Software (wie Linux) zu großem Erfolg zu führen oder riesige Plattformen wie Flickr oder YouTube mit Leben zu füllen.\nKreuzer führt aus, wie das Urheberrecht in allen seinen Novellen und Körben genau dieser Veränderung nicht Rechnung trägt, sondern noch immer beseelt ist vom Modell des auf Pergament kritzelnden Autors, der alleine in seinem Kämmerchen das Werk verfaßt („Werke im Sinne dieses Gesetzes sind nur persönliche geistige Schöpfungen.“ \u0026ndash; § 2 Absatz 2 UrhG, der „Werkbegriff“) - und dies, sowie die mangelnde Differenzierung führt zu einer \u0026ldquo;Legitimationskrise des Urheberrechts\u0026rdquo;.\nAngesicht der strukturellen Änderungen da draußen im Netz ein ziemlicher Euphemismus:\nDie Masse der Rechtsverletzungen, deren breite gesellschaftliche Akzeptanz, das Unverständnis und die allgemeine Ignoranz gegenüber der (Urheber-)Rechtsordnung dürfte in der Geschichte der staatlichen Regulierung einzigartig sein. Das Versagen des Systems wird zudem angesichts der Massenbewegungen der Open-Content- und Open-Source-Communities deutlich, die sich bewusst von den überbordenden Auswirkungen des Urheberrechts abwenden und sich eine eigene Rechtsordnung setzen.\nWie aber das Konzept \u0026lsquo;Urheberrecht\u0026rsquo; reparieren? Ist es überhaupt noch reparierbar?\nKreuzer setzt beim rechtstheoretischen Begründungsansatz für das Urheberrecht an: jedem Menschen sind die Früchte seiner körperlichen und geistigen Tätigkeit zuzuordnen (und darum gibt es in Europa auch ein Urheberpersönlichkeitsrecht). Der Bug, so Kreuzer, ist die Konzentration auf den Urheber, mit dem immer wieder von der Politik gebrachten Argument \u0026ldquo;Das Urheberrecht dient dazu, dem Urheber die Früchte seiner Arbeit und seine ideellen Interessen zu sichern\u0026rdquo;, das angesichts von aktuellen Autorenverträgen der Rechteverwerter und Verlage schon mal Unsinn ist. Diese Sichtweise jedenfalls, so Kreuzer, führt auch zu einem vollkommenen Fehlen von Nutzerrechten im Urheberrecht: Es gibt kein einklagbares (!) Recht auf Privatkopie oder auf Verfügbarkeit einer erwerbbaren Kopie oder Lizenz, geschweige denn irgendeine Regulierung der dabei verlangbaren Preise.\nSo ergeben sich für Autoren, die neues auf der Basis von altem Schaffen wollen zum Teil hanebüchene Probleme. Man lese einmal Sita Sings The Blues FAQ , Abschnitt Copyright \u0026amp; Distribution (TL;DR , und Copying is not theft ) oder schaue sich When Copyright goes bad an.\nOder lese Dinge wie Now that was a bit lazy of you rockstar (TL;DR: Firma will DRM-freie Version ihres eigenen DRM-geschützten Spiels verkaufen, nimmt Crack aus dem Internet, um das DRM loszuwerden und verkauft das als offizielle Retail-Version).\nUrheberrecht, angeblich geschaffen um die Kreativität zu fördern, wird zunehmend zu einer Belastung für den kreativen Prozeß, aber auch für Wissenschaft, Lehre und Ausbildung. Urheberrechtsverstöße sind nicht nur an der Tagesordnung, sie sind notwendig, um arbeiten zu können. Kreuzer formuliert das so:\nWikipedia, die Blogosphäre, YouTube, Linux und Flickr verändern und revolutionieren ganze Kulturindustrien, obwohl sich kaum einer der Beitragenden um das Urheberrecht schert oder auch nur hierüber informiert ist. Seit es innovative Selbstdarstellungs-, Vermarktungs- und Distributionsmodelle wie Netlabels oder Myspace gibt, erfährt die musikalische Kreativität und Vielfalt einen unglaublichen Aufschwung. Und welch eine Informationstiefe und -vielfalt, welch einen „Markt der Meinungen“ haben das „Web 2.0“, die Foren, social communities und Blogosphäre gebracht. All diese Formen kreativer Entfaltung und Äußerung funktionieren von Seiten der Akteure weitest gehend ohne Berufung auf ihre Urheberrechte, ohne Klagen, Abmahnungen und Strafverfolgung. Und sie können meist nur so funktionieren.\nNach der Analyse wendet sich Kreuzer konstruktiver Arbeit zu.\nDie erste Idee: Er will den Schutzzweck und damit die rechtliche Basis des Urheberrechts neu formulieren, damit das Urheberrecht multipolar wird und es Kreativen möglich wird, \u0026ldquo;auf den Schultern von Riesen zu stehen\u0026rdquo;:\n„Urheberrechte werden nur dann und insoweit gewährt, als sie die Erzeugung, Veröffentlichung und Nutzung von kreativen Schöpfungen fördern und keine höherrangigen widerstreitenden Interessen beeinträchtigen. Regelungen des geschriebenen Rechts, die diesem Ziel zuwiderlaufen, sind unzulässig.“\nDies stellt Schutzinteressen der Urheber den Nutzungsinteressen und Gemeinwohlbelangen gleich und gibt der Politik und der Jurisdiktion den Spielraum, den sie brauchen, die jetzigen Probleme angehen zu können.\nDie zweite Idee: Ein werkbezogenes Schutzrecht, also Differenzierung. Er führt das nicht im Detail aus, aber Anmerkungen weiter vorne im Text machen deutlich, daß es ihm vor allen Dingen auch um eine dem Werk angemessene Schutzdauer geht. Für Skulpturen eine andere als für tagesaktuelle Meldungen oder Nachrichtenfilmchen\u0026hellip;\nDie dritte Idee: Nutzungsfreiheiten als originäre Einschränkungen des Schutzumfangs. Durch die Einführung von Nutzerrechten und Nutzungsfreiheiten ergeben sich Schranken für den Rechteinhaber hinsichtlich des Verfügungsrechtes über das Werk. Dadurch können nicht nur Gemeinwohlprobleme besser gelöst werden, sondern auch Lizensierungsprobleme wie etwa bei \u0026lsquo;Sita sings the blues\u0026rsquo; oder dem Grey Album wären leichter in den Griff zu bekommen.\n(Dies ist immer noch zu lang für ein TL;DR und enthält selbst mehrere solche. Aber vielleicht ermutigt es ja jemanden, den Originalartikel dann doch noch mal von vorne bis hinten zu lesen, denn der ist wichtig)\n","date":"2010-05-13T00:00:00Z","href":"https://blog.koehntopp.info/2010/05/13/auf-der-suche-nach-einem-funktionierenden-urheberrecht.html","tags":["copyright","internet","kultur","media","politik","lang_de"],"title":"Auf der Suche nach einem funktionierenden Urheberrecht"},{"categories":null,"content":"Vor einiger Zeit schrieb ich einen Artikel Wie man einen Wikipedia-Artikel… liest Jetzt erreicht mich eine Mail von Thomas Emden-Weinert, in der er mich auf Wikipedia-Quellenkritik hinweist.\nda ich Ihren Beitrag \u0026ldquo;Wie man einen Wikipedia-Artikel… liest\u0026rdquo; zitiere, dachte ich, dies könnte Sie interessieren:\nWikipedia und Wahrheit - Quellen für eine Quellenkritik Zusammenfassung: Eine reflektierte und kritische Nutzung der Wikipedia als Teil der Medienkompetenz entsteht nicht von selbst. Diese Webseite verfolgt daher das Ziel, für Schule und Unterricht Aspekte und Belege für eine Quellenkritik der deutschen Wikipedia zu sammeln.\nÜber Anmerkungen und Hinweise freue ich mich. Insbesondere wäre ich dankbar für Beiträge (d.h. insbesondere: Fehler) aus anderen Sachgebieten!\nDort findet man im Abschnitt \u0026lsquo;Wie funktioniert Wikipedia?\u0026rsquo; noch einmal verschiedene Maße, die eine gewisse Beurteilung der Qualität eines Wikipedia-Artikels erlauben, und wie man einen starken von einem schwachen Wikipedia-Artikel unterscheidet.\nIn \u0026lsquo;Quellen für eine Quellenkritik\u0026rsquo; werden Irrtümer und Fehler verschiedener Art gesammelt, klassifiziert und belegt.\n\u0026lsquo;Hinweise zur Unterrichtsgestaltung\u0026rsquo; verweist auf Materialien, die für die Verwendung und Gestaltung von Wikipedia im Rahmen des Schulunterrichtes nützlich sein können und macht auf bestimmte wichtige Lernziele aufmerksam.\nIn den Schlußbemerkungen wird darauf eingegangen, daß diese Lernziele als Methodik die \u0026lsquo;wissenschaftliche Methode\u0026rsquo; darstellen und daß diese auch in anderen, traditionellen Medien nicht immer korrekt angewendet wird - um so wichtiger, bei freiem Wissen wie bei Open Source Transparenz und Nachvollziehbarkeit als Ziel und Designmerkmal um so mehr in den Vordergrund zu stellen.\nAlles in allem eine lohnende und lehrreiche Zusammenfassung - ich würde mir jedoch wünschen, das Projekt würde sich neben der Fehlersuche auch auf die Bereitstellung und Verbesserung von Unterrichtsmaterial zum Thema \u0026lsquo;wissenschaftliche Methode\u0026rsquo; und \u0026lsquo;Umgang mit Wikipedia\u0026rsquo; konzentrieren. Das halte ich nämlich für konstruktiver.\n","date":"2010-05-13T00:00:00Z","href":"https://blog.koehntopp.info/2010/05/13/wikipedia-quellenkritik.html","tags":["internet","media","schulung","wikipedia","lang_de"],"title":"Wikipedia - Quellenkritik"},{"categories":null,"content":"An anderer Stelle gab es in einem komplett anderen Kontext eine Diskussion (1 , 2 , 3 ) in der es auch schon mal um die Statifizierung von Seiten ging.\nIn dem ersten Artikel ging es mir darum zu verdeutlichen, wie viel Mehrarbeit die Auslieferung einer Seite ist, wenn sie durch den Codepath des Webservers erfolgt statt durch den Fastpath - und das Beispiel bezieht sich noch auf die Auslieferung einer Bilddatei, also nur das Schaufeln von Daten statt die Seite zu berechnen. Sheeri war damals der Ansicht, daß das ein Problem mit dem Dateisystem gäbe, aber das ist tatsächlich nur der Fall, wenn man ein veraltetes Dateisystem verwendet, das Verzeichnisse als lineare Listen ablegt.\nIn dem zweiten Artikel benchmarke ich das Verhalten von Reiserfs 3.6, aber xfs und sogar ext3 mit DIR_INDEX sollten sich vergleichbar verhalten.\nDer dritte Artikel erklärt dann Statifizierung von - im Beispiel - Bilddateien durch 404-Handler. Diese Methode ist auch auf das Blog anwendbar.\nDas Blog \u0026rsquo;leidet\u0026rsquo; dabei darunter, daß auf einer Seite als Speichereinheit eine Menge von Elementen zu sehen sind, die alle eine unterschiedliche Lebensdauer haben. Daher müßten bei der Änderung eines Seitenelementes alle Seiten invalidiert werden, in denen das Seitenelement vorkommt. Das ist nicht effizient.\nDer erste Schritt muß daher darin bestehen, die Seite in ihre Elemente zu zerschneiden und die Seitenelemente einzeln in separaten Dateien zu cachen.\nZusammensetzen im Client Das bedeutet aber, daß die Seite bei der Auslieferung zusammengesetzt werden muß. Wenn man dabei das Zusammensetzen der Seite im Webserver vermeiden will, dann muß das im Client passieren. Der am wenigsten aufwendige Fall ist dabei die Verwendung von IFrames, so wie schon jetzt auf der Startseite dieses Blogs ein Google-Calendar von anderswo mit Hilfe eines IFrames eingebunden wird.\n\u0026lt;iframe src=\u0026#34;http:/www.google.com/calendar/embed?...\u0026#34; style=\u0026#34;border-width:0\u0026#34; width=\u0026#34;240\u0026#34; height=\u0026#34;280\u0026#34; frameborder=\u0026#34;0\u0026#34; scrolling=\u0026#34;no\u0026#34;\u0026gt;\u0026lt;/iframe\u0026gt; Das funktioniert mit dem Google Calender, weil die Größe des Elementes vorab bekannt ist.\nWürde man im Falle von S9Y eigene Komponenten von sich selbst einbinden, hätte man gerne ein IFrame- oder \u0026ldquo;Div src=\u0026quot;-Element ohne Größenangaben:\n\u0026lt;iframe src=\u0026#39;http://blog.koehntopp.de/statify/latest_comments.html\u0026#39; style=...\u0026gt;\u0026lt;/iframe\u0026gt; Leider gibt es so etwas nicht, sodaß man auf andere, schlechtere Methoden angewiesen ist, um die Seite zusammenzusetzen.\nDer Punkt am Ende ist jedoch: Die Datei /statify/latest_comments existiert zunächst nicht.\nErzeugung on-demand Dadurch kommt es zu einem 404-Error, der vom 404-Handler von Serendipity abgefangen wird. Dort erkennt S9Y den Namen des Plugins, instantiiert das gesamte S9Y Framework und ruft dann den Plugin-Handler innerhalb einer ob_start() Umgebung auf und läßt das Plugin normal ablaufen.\nWenn das Plugin sich selbst als Cacheable ansieht (und das zu entscheiden ist die Aufgabe jedes Plugins für sich alleine), dann holt es sich mit ob_get_contents() seine Ausgabe und schreibt diese in die Datei /statify/latest_comments.html. Dadurch werden nachfolgende Requests auf diese Datei vom normalen Handler für statische Dateien abgehandelt und der Code für das Plugin hat sich ein für alle Mal aus dem Codepath entfernt - es wird nie wieder ausgeführt.\nJedenfalls so lange, bis die Datei gelöscht wird - siehe unten.\nAtomares Schreiben Beim Schreiben der Datei muß man Vorsicht walten lassen. Es ist möglich, daß zwei verschiedene Apache Worker Slaves zur selben Zeit dieselbe /statify/latest_comments.html erzeugen. Es ist auch möglich, daß weitere Apache Worker die /statify/latest_comments.html ausliefern wollen, auch wenn sie noch gar nicht vollständig erzeugt ist. Daher muß das Schreiben so erfolgen:\n\u0026lt;?php $pid = posix_getpid(); $filename = make_filename_from($config, \u0026#39;/statify/latest_comments.html\u0026#39;, $pid); $final_filename = make_filename_from($config, \u0026#39;/statify/latest_comments.html\u0026#39;); $str = ob_get_contents(); file_put_contents($filename, $str); // Datei sichtbar machen rename($filename, $final_filename); ?\u0026gt; Expire Das Plugin kann sich selbst in der S9Y-Callback-Architektur registrieren, zum Beispiel kann es dafür sorgen, daß sein Expire-Hook aufgerufen wird, wenn ein neuer Kommentar geposted wird. Der Expire-Hook würde dann \u0026ldquo;/statify/latest_comments.html\u0026rdquo; löschen, die Datei aber nicht neu erzeugen. Sie wird automatisch neu erzeugt, falls sie jemals neu benötigt wird.\nWas cachen? Die Artikelseiten selbst können so auch gecached werden und für einige Seiten - etwa die Startseite und die Artikel, die auf der Startseite sichtbar sind - ist das auch viel wichtiger als für andere Seiten. Die Logik für das Cachen von Artikeln kann entweder alle Artikel cachen, die jemals aufgerufen worden sind, oder um Platz zu sparen die Caching-Entscheidung auf den o.a. genannten Set einschränken.\nEine andere Serie von Dateien, die dringend gecached werden muß, sind die Dateien für die RSS-Feeds. Derzeit erlaubt S9Y den Abruf von RSS-Feeds über Namen (index.rss2, atom.xml) und über Parameter (rss.php?\u0026hellip;\u0026amp;\u0026hellip;). Letzteres ist nie cachebar und der Support dafür muß entfernt werden. Stattdessen müssen die Parameter irgendwie in den Dateinamen der RSS-Datei integriert werden, und die Anzahl der möglichen RSS-Feeds muß eingeschränkt werden. Oder man ignoriert dieses Problem und es reguliert sich darüber selbst, daß bestimmte Feeds nie aufgerufen werden - es kommt auch nicht darauf an, daß man alles cached, sondern daß man die Seiten statifiziert, die oft aufgerufen werden.\nFür den Moment habe ich mir das schon einmal hingehackt: Laut Abrufstatistik ist es so, daß 35% aller Zugriffe in mein Blog auf /feeds/index.rss2 erfolgen, 3% auf atom.xml und ein weiteres Prozent auf comments.rss2. Ein Script wird jede Minute einmal ausgeführt:\n#! /bin/bash -- cd /home/www/servers/blog.koehntopp.de/pages [ ! -d feeds ] \u0026amp;\u0026amp; mkdir feeds cd feeds if [ -f .lock ] then pid=$(cat .lock) if kill -0 \u0026#34;$pid\u0026#34; then exit fi fi echo $$ \u0026gt; .lock rm -f index.rss2 curl -o index.rss2 http://blog.koehntopp.de/feeds/index.rss2 \u0026gt; /dev/null 2\u0026gt;\u0026amp;1 rm -f atom.xml curl -o atom.xml http://blog.koehntopp.de/feeds/atom.xml \u0026gt; /dev/null 2\u0026gt;\u0026amp;1 rm -f comments.rss2 curl -o comments.rss2 http://blog.koehntopp.de/feeds/comments.rss2 \u0026gt; /dev/null 2\u0026gt;\u0026amp;1 rm -f .lock Dieses Script sorgt dafür, daß diese drei Dateien als minütlich neu erzeugte statische Dateien vorliegen statt dynamisch n-fach parallel erzeugt zu werden. Es hat die Last auf dem Server dramatisch gesenkt, auch wenn die dahinter stehende Logik primitiv und leicht falsch ist. Mit dem 404-Handler-Framework von oben wären diese Dateien aber immer aktuell und frisch, und ohne daß ein Cronjob notwendig wäre.\nWas nicht cachen? Wenn man in einer Artikelseite ist kommentiert, dann landet man in einem interaktiven Teil des Blogs. Zugleich sollte diese Seite selbst aber statisch sein.\nDaher ist es am günstigsten, wenn die Artikelseite /archives/2789-uuid.html (statisch) das Kommentarformular so baut, daß es den Kommentar an die URL /dynamic/2789-uuid.html übermittelt. Diese URL erzeugt dieselbe Seite, aber dynamisch und ohne Cache. Dort kann dann die normale \u0026lsquo;Ihr Kommentar wurde wegen Captcha/Duplizierung/Was-auch-mmer abgelehnt\u0026rsquo;-Schleife dynamisch durchlaufen. Wenn der Kommenar endlich angenommen wurde, löscht die dynamische Seite die statische Seite und redirected den Browser auf die (jetzt nicht mehr existierende) statische Seite zurück. Dadurch wird sie dann auch gleich neu und mit dem neuen Kommentar darin erzeugt.\nAuf diese Weise hat man nie Probleme damit, daß die wechselnden Begründungen für die Ablehnung des Kommentares gecached werden.\nDas ist effizient unter der Annahme, daß weniger kommentiert als gelesen wird.\nGarvin merkt noch an:\nSolche Features wie \u0026ldquo;Leserechte auf Userbasis\u0026rdquo;, \u0026ldquo;Adminlinks für Redakteure\u0026rdquo;, \u0026ldquo;Content-Negotiated-Language\u0026rdquo; wird man verlieren, auch das Statistik-Tracking.\nDas ist in erster Näherung sicher wahr, aber wahrscheinlich auch für die Masse der S9Y-Anwender und alle S9Y-Anwender mit Last wahrscheinlich egal.\nNebenbei kann man Content-Negotiated-Language im Apache (und vielen anderen Webservern) im Fast-Path erledigen lassen und mit den Gedanken aus ModSecDownload (für Lighttpd) oder mod_auth_token (für Apache 2.x) kann man im Nachgang auch Leserechte auf Userbasis und eventuell auch Adminlinks für Redakteure mit statischen Dateien implementieren.\n","date":"2010-05-11T00:00:00Z","href":"https://blog.koehntopp.info/2010/05/11/statifizierung-fuer-s9y-eine-blaupause.html","tags":["blog","performance","s9y","lang_de"],"title":"Statifizierung für S9Y - eine Blaupause"},{"categories":null,"content":" SQL ist eine Abfragesprache, die als mathematischen Unterbau die Relationenalgebra hat. Was genau ist das?\nDa ist einmal der Begriff der \u0026ldquo;Algebra\u0026rdquo;. In der Wikipedia findet man die mathematische Definition der algebraischen Struktur, und sie ist, weil sie mathematischen Formalismen genügen muß, für den ungeübten ein wenig unhandlich zu lesen.\nDort steht aber nix anderes als \u0026lsquo;Wir haben eine Grundmenge A und einen definierten Satz von erlaubten Operationen auf A, und wir garantieren, das das Ergebnis jeder Operation wieder in A liegt.\u0026rsquo; Mehr nicht. Eine Algebra ist also eine Struktur, die Elemente enthält, mit denen man rechnen kann (etwa die natürlichen Zahlen), und Operationen, die definieren, was erlaubte Rechenoperationen sind (etwa die Addition). Wenn etwas eine Algebra ist, dann heißt das, daß man mit dem Ergebnis der Operation wieder in A landet, also mit dem Ergebnis weiter rechnen kann.\nDie natürlichen Zahlen und die Addition sind eine Algebra.\nDie natürlichen Zahlen und die Operationen Addition und Subtraktion sind keine Algebra, da 4 minus 6 (4 und 6 sind natürliche Zahlen) den Wert -2 ergibt und -2 ist keine natürliche Zahl - wir haben die Grundmenge verlassen.\nIn dem Wunsch, mit immer mehr mathematischen Operationen (Addition, Subtraktion, Multiplikation, Division, Potenzen, Wurzeln, \u0026hellip;) eine Algebra zu bekommen, hat die Mathematik sich von den natürlichen über die ganzen, die rationalen und schließlich die reellen Zahlen bis zu den komplexen Zahlen vorgearbeitet.\nDann ist da dieses andere Wort: Was genau ist eine Relation?\nWir kennen den mathematischen Begriff der Funktion.\nEine Funktion bildet eine oder mehrere Mengen zur Gänze oder zum Teil auf eine Ergebnismenge ab. Die Funktionsvorschrift sagt, wie das geht. Die Ergebnisse kann man aufmalen, und dann bekommt man den Graphen der Funktion. Und um uns zu verwirren, verwenden die Mathefuzzis Funktion, Funktionsvorschrift und den Graphen der Funktion umgangssprachlich gerne mal synonym.\nDie Mathematiker zum Beispiel malen Geraden als Funktion von den reellen Zahlen in die reellen Zahlen, verwenden die allgemeine Funktionsvorschrift \u0026ldquo;y = mx + n\u0026rdquo; (die Geradengleichung ) um die Gerade zu definieren und der Graph der Funktion sieht dann so aus:\nGraph der Funktion y=0.5x+2. Jedem x-Wert ist genau ein y-Wert zugeordnet.\nEine Funktion liefert für einen Eingangswert genau ein Ergebnis. Für den Wert x=0 bekommen wir aus der oben aufgezeichneten Beispielfunktion den einen Wert y=2 heraus und so weiter.\nEine Relation liefert statt einzelner Werte Teilmengen der Ergebnismenge. Zeichnete man statt der Funktion y = 0.5x + 2 die Relation y \u0026gt; 0.5x + 2, dann würde man statt einer Geraden wie oben im Beispiel die Fläche über der Geraden bekommen: Die Relation \u0026lsquo;größer als\u0026rsquo; liefert uns in diesem Zusammenhang nicht einen einzelnen Wert, sondern alle Werte, die für den gegebenen x-Wert größer als 0.5*x + 2 sind.\nGraph der Relation y\u0026gt;0.5x+2. Einem x-Wert ist eine Menge von y-Werten zugeordnet. Diese Menge von y-Werten ist eine Teilmenge der Grundmenge.\nDas ist genug Mathematik. Wir wollen Informatik machen.\nDas bedeutet als erstes einmal: Weg mit den doofen Unendlichkeiten. Komplexe, reelle, rationale, ja sogar natürliche Zahlen - das ist alles unendliches, nicht anfaßbares Gekasper von irgendwelchen Mathespinnern. Wir wollen Werte, die man anfassen und mit dem Debugger im Speicher sehen kann. Informatik macht Diskrete Mathematik , alles schön endlich. Da kann man eine Funktion dann auch schon mal als Wertetabelle statt als Rechenvorschrift definieren.\nUnd so landen wir bei den Tabellen.\nGrundmenge der Relationenalgebra: Tabellen Tabellen bestehen aus Zeilen. Eine Zeile kann eine bestimmte Menge von Werten enthalten, aber bei einer Tabelle enthält jede Zeile gleich viele Werte. In der Mathematik nennt man ein Konstrukt mit n Werten ein \u0026ldquo;n-Tupel\u0026rdquo; und schreibt es mit runden Klammern, also (3, 4, 5) für das 3-Tupel mit den Werten 3, 4 und 5.\nIn der Informatik gibt es zwei Lager von Leuten. Die einen wollen die Grundmengen von Dingen immer überall vorher festgelegt haben, also statische Typen. Die anderen wollen an jedem Wert dranstehen haben, aus welcher Grundmenge er stammt, also dynamische Typen. Die meisten SQL-Datenbanken wollen statische Typen, verlangen also nicht nur, daß eine Tabelle als \u0026ldquo;Hat 3 Spalten\u0026rdquo; definiert wird, sondern daß für jede Spalte auch ein Typ festlegt wird: (int, char(20), double) wäre eine solche Festlegung. Von allen SQL-Datenbanken, die ich kenne, ist nur Sqlite dynamisch getypt.\nEine Algebra, wir erinnern uns, ist eine Grundmenge und ein Haufen Operationen, und mit den Ergebnissen der Operationen wollen wir weiter rechnen können - sie müssen also wieder in der Grundmenge liegen.\n5 Operationen der Relationenalgebra: Selektion, Projektion, Kreuzprodukt, Umbenennung und Aggregation Die Elemente unserer Algebra sollen Tabellen sein, also Mengen von Tupeln: { (1, 2, 3), (3, 4, 5), (\u0026ldquo;keks\u0026rdquo;, \u0026ldquo;cookie\u0026rdquo;, \u0026ldquo;kex\u0026rdquo;)} zum Beispiel. Auf dieser Menge definieren wir nun einen Haufen Operationen. Fünf, um genau zu sein.\nroot@localhost [kris]\u0026gt; create table a ( -\u0026gt; aid integer unsigned not null -\u0026gt;) engine = innodb; Query OK, 0 rows affected (0.16 sec) root@localhost [kris]\u0026gt; insert into a (aid) values (1), (2), (3); Query OK, 3 rows affected (0.01 sec) Records: 3 Duplicates: 0 Warnings: 0 root@localhost [kris]\u0026gt; create table b ( -\u0026gt; bid integer unsigned not null -\u0026gt; ) engine = innodb; Query OK, 0 rows affected (0.05 sec) root@localhost [kris]\u0026gt; insert into b (bid) values (1), (2); Query OK, 2 rows affected (0.00 sec) Records: 2 Duplicates: 0 Warnings: 0 Operation 1: Selektion, Operation 2: Projektion. Auswahl von Zeilen und Spalten.\nDie erste Operation ist die Selektion. Aus allen Zeilen einer Tabelle wählt die Selektion genau die Tupel aus, für die die angegebene Bedingung, das angegebene Prädikat, wahr ist.\nroot@localhost [kris]\u0026gt; select aid from a where aid \u0026gt;= 2; +-----+ | aid | +-----+ | 2 | | 3 | +-----+ 2 rows in set (0.00 sec) Wir haben eine Relation: Die Ergebnismenge ist eine Teilmenge der Ausgangsmenge und kann aus mehr als einem Tupel bestehen. Wir haben auch eine Algebra, jedenfalls hinsichtlich der Selektion: Es wird eine Tabelle zurück geliefert.\nDie zweite Operation ist die Projektion. Aus allen Tupeln der Tabelle werden neue Tupel berechnet. Die Abbildung kann die Identität sein (\u0026ldquo;select spaltenname \u0026hellip;\u0026rdquo;) oder das Ergebnis einer komplizierteren Funktion sein, die ein oder mehr Stellen aus dem alten Tupel als Eingabeparameter nimmt (\u0026ldquo;select a+b \u0026hellip;\u0026rdquo;).\nroot@localhost [kris]\u0026gt; select aid, aid*1.19 from a; +-----+----------+ | aid | aid*1.19 | +-----+----------+ | 1 | 1.19 | | 2 | 2.38 | | 3 | 3.57 | +-----+----------+ 3 rows in set (0.00 sec) Operation 3: Der Join (Das Kreuzprodukt).\nDie dritte Operation ist der Join oder das Kreuzprodukt. Es verknüpft zwei Tabellen so, daß jede Zeile aus der ersten Tabelle mit jeder Zeile aus der zweiten Tabelle kombiniert wird.\nroot@localhost [kris]\u0026gt; select aid, bid from a, b; +-----+-----+ | aid | bid | +-----+-----+ | 1 | 1 | | 1 | 2 | | 2 | 1 | | 2 | 2 | | 3 | 1 | | 3 | 2 | +-----+-----+ 6 rows in set (0.00 sec) Zusammen mit der Selektion kann man so Tabellen sinnvoll miteinander verknüpfen (select * from c, d where c.cid = d.cid), und mit ein wenig Evolution landet man dann bei der Schlüsselwort-Schreibweise von Joins (seit 1992 üblich): select * from c join d on c.cid = d.cid. Diese Schreibweise macht Join-Bedingungen (ON-Clause) von einschränkenden Prädikaten (WHERE-Clause) unterscheidbar und ist die empfohlene Schreibweise für Joins.\nOperation 4: Rename. Nützlich vor allen Dingen mit Self-Joins in Bäumen und Hierarchien.\nDie vierte Operation ist der Rename mit dem Schlüsselwort AS. Man kann Tabellen und Spalten umbenennen. Die Rename-Operation erscheint sinnlos, ist aber zwingend notwendig, damit man selbstreferentielle Strukturen wie Bäume und Hierarchien abbilden kann.\nroot@localhost [kris]\u0026gt; create table emp ( -\u0026gt; empid integer unsigned not null, -\u0026gt; bossid integer unsigned null -\u0026gt; ) engine = innodb; Query OK, 0 rows affected (0.06 sec) root@localhost [kris]\u0026gt; insert into emp -\u0026gt; values -\u0026gt; ( 1, NULL), -\u0026gt; (2, 1), (3,1), -\u0026gt; (4, 2), (5, 2), (6, 2); Query OK, 6 rows affected (0.00 sec) Records: 6 Duplicates: 0 Warnings: 0 root@localhost [kris]\u0026gt; select * from emp join emp on emp.bossid = emp.empid; ERROR 1066 (42000): Not unique table/alias: \u0026#39;emp\u0026#39; root@localhost [kris]\u0026gt; select -\u0026gt; emp.empid as mitarbeiter, -\u0026gt; \u0026#34; hat den Boss \u0026#34;, -\u0026gt; boss.empid as boss -\u0026gt; from -\u0026gt; emp as boss join emp on emp.bossid = boss.empid; +-------------+----------------+------+ | mitarbeiter | hat den Boss | boss | +-------------+----------------+------+ | 2 | hat den Boss | 1 | | 3 | hat den Boss | 1 | | 4 | hat den Boss | 2 | | 5 | hat den Boss | 2 | | 6 | hat den Boss | 2 | +-------------+----------------+------+ 5 rows in set (0.34 sec) Operation 5: Aggregation.\nUnd schließlich gibt es noch die Aggregation. Bei einem Aggregat hat man ein Tupel mit n Stellen, zum Beispiel 2 Stellen und vertrachtet bei Vergleichen nur eine Stelle, etwa die erste, um das Ergebnis in Gruppen einzuteilen. Nehmen wir zum Beispiel noch einmal unsere Mitarbeiterliste mit Bossen und Mitarbeitern:\nroot@localhost [kris]\u0026gt; select bossid, empid from emp; +--------+-------+ | bossid | empid | +--------+-------+ | NULL | 1 | | 1 | 2 | | 1 | 3 | | 2 | 4 | | 2 | 5 | | 2 | 6 | +--------+-------+ 6 rows in set (0.00 sec) Hier haben wir einen Haufen 2-Tupel. Betrachten wir nur die erste Spalte, dann haben wir eine Gruppe von Mitarbeitern, die dem Boss 1 unterstellt sind, und eine Gruppe von Mitarbeitern, die dem Boss 2 unterstellt sind. In SQL:\nroot@localhost [kris]\u0026gt; select -\u0026gt; emp.bossid, -\u0026gt; count(*), -\u0026gt; group_concat(emp.empid) as mitarbeiter -\u0026gt; from -\u0026gt; emp -\u0026gt; group by -\u0026gt; emp.bossid; +--------+----------+-------------+ | bossid | count(*) | mitarbeiter | +--------+----------+-------------+ | NULL | 1 | 1 | | 1 | 2 | 2,3 | | 2 | 3 | 4,5,6 | +--------+----------+-------------+ 3 rows in set (0.00 sec) GROUP BY macht genau diese Aggregation - das Einteilen in Gruppen. In einer Query mit GROUP BY dürfen wir vorne im SELECT-Teil nur Spalten erwähnen, die auch im GROUP BY-Teil genannt sind, und Aggregatfunktionen. COUNT ist so eine Aggregatfunktion - sie sagt uns, wie viele Elemente denn in der Gruppe (1, *) sind und wie viele in der Gruppe (2, *). GROUP_CONCAT ist eine weitere Funktion. Sie nimmt die Elemente der Gruppe und macht eine Komma-Liste daraus.\nDamit haben wir eine Algebra mit einer Grundmenge (Tupelmengen, also Tabellen) und fünf einfachen Operationen, die Tabellen in andere Tabellen umwandeln.\nAlgebra bedeutet: weiterrechnen zu können Da das ganze eine Algebra ist, heißt das: Wir können mit den Ergebnissen einer Operation weiter Rechnen, also errechnete Tabellen in SQL-Statements einsetzen. Dieser Mechanismus heißt in SQL Subquery: Wir können an jeder Stelle eines SELECT-Statements an der Stelle von Werten oder Tabellen eine weitere SELECT-Query einsetzen. Wenn ein einzelner Wert verlangt wird, muß das eingesetzte SELECT ein skalares SELECT sein, also eine 1x1-Tabelle zurück liefern.\nEin einfaches Beispiel:\nroot@localhost [kris]\u0026gt; select sum(bid) from b; +----------+ | sum(bid) | +----------+ | 3 | +----------+ 1 row in set (0.00 sec) root@localhost [kris]\u0026gt; select aid, ( -\u0026gt; select sum(bid) from b ) as bsum -\u0026gt; from a; +-----+------+ | aid | bsum | +-----+------+ | 1 | 3 | | 2 | 3 | | 3 | 3 | +-----+------+ 3 rows in set (0.03 sec) Hier ist als Teil der SELECT-Clause statt einer Konstanten oder eines Spaltennamen ein skalares SELECT eingesetzt worden. Die Spalte bsum ist das Ergebnis der Abfrage \u0026ldquo;select sum(bid) from b\u0026rdquo; und wird dort eingesetzt.\nAuch in der FROM-Clause eines SELECT kann man SELECT-Statements einsetzen. Diese Query zum Beispiel listet zu jedem Schema auf, wie viele Zeilen die größte Tabelle in diesem Schema hat:\nroot@localhost [test_world]\u0026gt; select -\u0026gt; table_schema, -\u0026gt; max(table_rows) -\u0026gt; from -\u0026gt; information_schema.tables -\u0026gt; group by -\u0026gt; table_schema; +--------------------+-----------------+ | table_schema | max(table_rows) | +--------------------+-----------------+ | geodb | 459015 | | information_schema | NULL | | kris | 6 | | mysql | 986 | | test | 12 | | test_tablesizes | 79 | | test_world | 4079 | +--------------------+-----------------+ 7 rows in set (3.92 sec) Wenn wir nun den Namen der Tabelle ermitteln wollen, die in diesem Schema die meisten Zeilen hat, dann geht das unter anderem so:\nroot@localhost [test_world]\u0026gt; create table tables as -\u0026gt; select * from information_schema.tables; Query OK, 93 rows affected (1.12 sec) Records: 93 Duplicates: 0 Warnings: 0 root@localhost [test_world]\u0026gt; select -\u0026gt; m.table_schema, -\u0026gt; t.table_name, -\u0026gt; m.maxrows -\u0026gt; from -\u0026gt; tables as t join -\u0026gt; (select table_schema, max(table_rows) as maxrows -\u0026gt; from tables group by table_schema ) as m -\u0026gt; on t.table_rows = m.maxrows; +-----------------+----------------+---------+ | table_schema | table_name | maxrows | +-----------------+----------------+---------+ | geodb | geodb_textdata | 466518 | | kris | emp | 6 | | mysql | help_relation | 986 | | test | h | 12 | | kris | p | 6 | | test | t | 12 | | test_tablesizes | sizes | 79 | | test_world | City | 4079 | +-----------------+----------------+---------+ 8 rows in set (0.00 sec) In einem ersten Schritt machen wir hier einen Snapshot von information_schema.tables. Das ist nicht nur schneller, sondern es bewirkt auch, daß wir statische Daten bekommen. Dadurch haben zwei aufeinander folgende Anfragen an die Tabelle auch identische Werte - das ist bei information_schema sonst nicht zwingend gegeben.\nDie zweite Query setzt die Tabelle aus dem ersten Beispiel in der FROM-Clause ein und joined sie gegen unseren information_schema Snapshot. Wir fragen nun nach dem Schema und dem Namen der Tabelle, die dieselbe Größe hat, wie das in der Subquery ermittelte Maximum. Es gibt viele Wege, um dieses Problem \u0026lsquo;Finde das gruppenweise Maximum\u0026rsquo; zu lösen - Jan Kneschke hat eine Übersicht.\nAuch in einer WHERE-Clause können wir eine Subquery einbauen. Gemäß dem Beispiel von Jan:\nroot@localhost [test_world]\u0026gt; select -\u0026gt; t.table_schema, -\u0026gt; t.table_name, -\u0026gt; t.table_rows -\u0026gt; from -\u0026gt; tables as t -\u0026gt; where -\u0026gt; t.table_rows = ( -\u0026gt; select max(table_rows) as maxrows -\u0026gt; from tables as m -\u0026gt; where -\u0026gt; t.table_schema = m.table_schema -\u0026gt; ); +-----------------+----------------+------------+ | table_schema | table_name | table_rows | +-----------------+----------------+------------+ | geodb | geodb_textdata | 466518 | | kris | emp | 6 | | mysql | help_relation | 986 | | test | h | 12 | | test | t | 12 | | test_tablesizes | sizes | 79 | | test_world | City | 4079 | +-----------------+----------------+------------+ 7 rows in set (0.00 sec) Das liest sich als: Liste mir alle Tabellen mit ihrer Größe, bei denen die Größe der maximalen Größe der Tabelle entspricht, die im selben Schema ist wie die aktuelle Tabelle.\nWeitere Anwendungsfälle von Subqueries finden sich im Beispiel von Jan und im Handbuch - mir geht es hier in erster Linie darum zu zeigen, wie die Algebra-Eigenschaft von SQL das Weiterrechnen mit den Ergebnissen erlaubt.\nTupel als Datentyp Tabellen sind Mengen von Tupeln, und Tupel sind ein Datentyp in SQL, mit dem man arbeiten kann. Mit der Tabelle\nroot@localhost [kris]\u0026gt; select * from t; +------+-------+------+ | a | b | c | +------+-------+------+ | eins | one | 1 | | zwei | two | 2 | | drei | three | 3 | | 1 | eins | one | +------+-------+------+ 4 rows in set (0.00 sec) läßt sich die einfache Anfrage\nroot@localhost [kris]\u0026gt; select a,b,c from t where a = \u0026#39;eins\u0026#39; and b = \u0026#39;one\u0026#39;; +------+------+------+ | a | b | c | +------+------+------+ | eins | one | 1 | +------+------+------+ 1 row in set (0.00 sec) auch so schreiben:\nroot@localhost [kris]\u0026gt; select a,b,c from t where (a,b) = (\u0026#39;eins\u0026#39;,\u0026#39;one\u0026#39;); +------+------+------+ | a | b | c | +------+------+------+ | eins | one | 1 | +------+------+------+ 1 row in set (0.00 sec) Erweitert kann man auch nach mehr als einem Wert fragen:\nroot@localhost [kris]\u0026gt; select * from t where (a,b) in ((\u0026#39;eins\u0026#39;,\u0026#39;one\u0026#39;), (\u0026#39;zwei\u0026#39;, \u0026#39;two\u0026#39;)); +------+------+------+ | a | b | c | +------+------+------+ | eins | one | 1 | | zwei | two | 2 | +------+------+------+ 2 rows in set (0.00 sec) Manchmal will man nach einem Wert in irgendeiner Spalte suchen:\nroot@localhost [kris]\u0026gt; select a,b,c from t -\u0026gt; where \u0026#39;eins\u0026#39; in (a,b,c); +------+------+------+ | a | b | c | +------+------+------+ | eins | one | 1 | | 1 | eins | one | +------+------+------+ 2 rows in set (0.00 sec) ist \u0026ldquo;Finde mir alle Zeilen, in denen in einer Spalte der Wert \u0026rsquo;eins\u0026rsquo; vorkommt.\u0026rdquo;. Auch das geht mit Tupeln. In diesem Fall will ich, daß \u0026rsquo;eins\u0026rsquo; und \u0026lsquo;one\u0026rsquo; in benachbarten Spalten vorkommen:\nroot@localhost [kris]\u0026gt; select a,b,c from t -\u0026gt; where (\u0026#39;eins\u0026#39;,\u0026#39;one\u0026#39;) in ((a,b),(b,c)); +------+------+------+ | a | b | c | +------+------+------+ | eins | one | 1 | | 1 | eins | one | +------+------+------+ 2 rows in set (0.00 sec) Leider ist MySQL nicht ganz konsequent mit der Umsetzung von Tupeln als Datentyp: Man kann den Aufruf einer Stored Procedure (\u0026lsquo;CALL blah()\u0026rsquo;) nicht in einer Subquery verwenden.\nAbfragesprachen, die keine Algebra sind Viele Abfragesprachen existieren, die keine Algebra sind, bei denen also die Ergebnisse nicht von der Art sind, daß man mit ihnen weiter rechnen könnte.\nEin klassisches Beispiel ist LDAP: LDAP definiert Operationen auf einem Baum, dem LDAP-Baum. Das Ergebnis einer LDAP-Query ist jedoch kein Teilbaum, sondern eine Knotenmenge. Diese kann mit LDAP-Operationen nicht weiter verfeinert oder verarbeitet werden. Das Ergebnis: LDAP-Server sind zwar sehr schnell und können zum Teil hunderttausende von Anfragen pro Sekunde verarbeiten. Aber Dinge, die man in SQL mit einer Query erledigen könnte brauchen in LDAP dann auch hunderttausende von Anfragen.\nEin weiteres klassisches Beispiel: XPath. XPath definiert ebenfalls einen Baum als Datentyp und Operationen darauf. Das Ergebnis einer XPath-Query ist jedoch ein Nodeset, kein Baum, kann also mit XPath auch nicht weiter verarbeitet werden (aber XSLT ist sowieso so angelegt, daß der Zugriff auf Ergebnisse zur Weiterverarbeitung mindestens stark erschwert wird, wenn nicht sogar unmöglich gemacht wird).\nIn beiden Fällen schränkt sich die Abfragesprache in ihren Möglichkeiten stark ein und erfordert dann mehr Code (und mehr Kommunikation, und damit mehr Latenz) in der Hostsprache, in der sie eingebettet ist.\n","date":"2010-04-28T00:00:00Z","href":"https://blog.koehntopp.info/2010/04/28/was-bedeutet-eigentlich-relationale-algebra.html","tags":["mysql","sql","sqlite","lang_de"],"title":"Was bedeutet eigentlich 'Relationale Algebra'?"},{"categories":null,"content":"Hier ist noch ein dreckiges kleines MySQL-Problem. Matthias Fiedler fragt:\nIch möchte in einer Tabelle bestimmte Werte bzw. Datensätze ändern. Das läuft in einer Schleife und ich möchte mitzählen, wie viele Datensätze wirklich geändert wurden….\nWenn ich nur Update benutze und der Datensatz in der Tabelle ist identisch mit dem neuen, dann wird kein Update ausgeführt. Somit kann ich hier mit mysql_affected_rows() die Menge zählen. Das hat aber einen Nachteil: Manche Datensätze sind ja noch gar nicht in der Tabelle. Da geht ja dann auch kein Update.\nAlso müsste ich erst mal per Select prüfen, ob ein Datensatz da ist und dann entscheiden, ob ich den per Update ersetze oder per Insert neu einstelle oder gar nichts mache. Dann ist zwar das zählen wieder simpel, weil man gar keine sql Funktion dazu mehr braucht. Aber ich muß immer erst ein Select ausführen.\nEin Replace oder ein ON DUPLICATE KEY UPDATE machen das halt in einem. Wie kann ich nun alle 3 Varianten (also Update, Insert, oder nichts) mit einem mysql Befehl abarbeiten und auch noch mitzählen?\nDas geht so:\nLege eine Beispieltabelle an und fülle sie mit Beispielwerten:\nroot@localhost [kris]\u0026gt; create table t ( id integer unsigned not null primary key, d integer unsigned not null ) engine = innodb; Query OK, 0 rows affected (0.16 sec) root@localhost [kris]\u0026gt; insert into t values ( 1, 1), (2,2), (3,3); Query OK, 3 rows affected (0.00 sec) Records: 3 Duplicates: 0 Warnings: 0 Jetzt initialisiere einen Zähle als Connection-Variable:\nroot@localhost [kris]\u0026gt; set @x = 0; Query OK, 0 rows affected (0.00 sec) Hier kommt dann die Magie: Wir zählen den Zähler in einer Update-Clause eines INSERT ON DUPLICATE KEY UPDATE mit hoch. Da wir den eigentlichen Zählerwert im Statement selber nicht brauchen, multiplizieren wir ihn mit 0 und addieren ihn dann irgendwo zu (irgendwas plus 0 ist halt irgendwas - neutrales Element der Addition).\nroot@localhost [kris]\u0026gt; insert into t values (4,4), (2,1), (3, 1) -\u0026gt; on duplicate key update -\u0026gt; d= values (d) + 0* ( @x := @x +1 ); Query OK, 5 rows affected (0.00 sec) Records: 3 Duplicates: 2 Warnings: 0 Kleine Gegenkontrolle: Wie viele UPDATE-Zweige haben wir betreten?\nroot@localhost [kris]\u0026gt; select @x; +------+ | @x | +------+ | 2 | +------+ 1 row in set (0.00 sec) root@localhost [kris]\u0026gt; select * from t; +----+---+ | id | d | +----+---+ | 1 | 1 | | 2 | 1 | | 3 | 1 | | 4 | 4 | +----+---+ 4 rows in set (0.00 sec) Wir sollten mit values(id) und einem concat() sogar eine Liste der Primärschlüssel bekommen können, die wir angefaßt haben.\nroot@localhost [kris]\u0026gt; set @id = \u0026#34;\u0026#34;; Query OK, 0 rows affected (0.00 sec) root@localhost [kris]\u0026gt; set @x = 0; Query OK, 0 rows affected (0.00 sec) root@localhost [kris]\u0026gt; insert into t -\u0026gt; values (4,4), (2,1), (3, 1) -\u0026gt; on duplicate key update -\u0026gt; d= values (d) + 0 * ( @x := @x +1 ), -\u0026gt; id = concat(values(id), -\u0026gt; substring(@id := concat(@id, \u0026#34;,\u0026#34;, values(id)) , 1, 0)); Query OK, 5 rows affected (0.00 sec) Records: 3 Duplicates: 2 Warnings: 0 Und wirklich:\nroot@localhost [kris]\u0026gt; select @x, @id; +------+------+ | @x | @id | +------+------+ | 2 | ,2,3 | +------+------+ 1 row in set (0.00 sec) Und falls einer von Euch jetzt einwirft \u0026ldquo;Ich wußte nicht, daß man das machen kann\u0026rdquo;: Ich auch nicht. Und machen SOLLTE man das wahrscheinlich auch nicht.\nNachtrag: Ich habe diesen Aufschrieb dann mal an eine Kollegin gesendet. Liz meinte dazu:\nIndeed, intriguing…. Now for you at home: what where the values previous to the update, associated with the PK\u0026rsquo;s updated? If we can reliably solve that, then we could actually get rid of a lot of selects on the master database.\nFür ausreichend kleine Werte von Reliable kann man mit einer noch dreckigeren Lösung nachsetzen:\nset @counter = 0; set @_id = \u0026#34;\u0026#34;; set @_d = \u0026#34;\u0026#34;; delete from t; insert into t values (1,10), (2,20), (3,30); insert into t values (4,4), (2,1), (3, 1) on duplicate key update d= values (d) + 0* ( @counter := @counter +1 ) + 0* ( @_d := concat(@_d, \u0026#34;,\u0026#34;, coalesce(d, \u0026#34;\u0026#34;))), id = concat(values(id), substring(@_id := concat(@_id, \u0026#34;,\u0026#34;, values(id)) , 1, 0)); select @counter, @_id, @_d; Und das druckt:\nroot@localhost [kris]\u0026gt; select @counter, @_id, @_d; +----------+------+--------+ | @counter | @_id | @_d | +----------+------+--------+ | 2 | ,2,3 | ,20,30 | +----------+------+--------+ 1 row in set (0.00 sec) ","date":"2010-04-21T00:00:00Z","href":"https://blog.koehntopp.info/2010/04/21/z-hlen-von-aktionen.html","tags":["mysql","lang_de"],"title":"Zählen von Aktionen"},{"categories":null,"content":"On 2010-04-06 12:26:49 +0200, Egon Schmid said:\nIch hab eine 60 MB grosse SQL-Datei von der OpenGeoDB (-\u0026gt;http://fa-technik.adfc.de/code/opengeodb/) runtergeladen, wo sämtliche Informationen der Deutschlandkarte vorhanden sind, und werde es damit mal testen.Das Ausführen der INSERTs dauert allerdings einige Stunden :) Es läuft derzeit immer noch\u0026hellip;\nInnoDB, AUTOCOMMIT = 1. Vor dem source von DE.sql ein BEGIN WORK machen, danach ein COMMIT. Dann geht es sehr viel schneller.\nMit diesen Daten und einem Beispielort kann man experimentieren.\nroot@localhost [geodb]\u0026gt; select td.loc_id, td.text_val, tn.name from geodb_textdata as td join geodb_type_names as tn on td.text_type = tn.type_id where td.text_val = \u0026#39;Kiel\u0026#39; and tn.name = \u0026#39;Name\u0026#39;; +--------+----------+------+ | loc_id | text_val | name | +--------+----------+------+ | 469 | Kiel | Name | | 19236 | Kiel | Name | +--------+----------+------+ 2 rows in set (0.00 sec) Zum Beispiel finden wir mal alles, was um den Beispielort herum liegt:\nroot@localhost [geodb]\u0026gt; explain select co.loc_id, td.text_val from geodb_coordinates as co join geodb_textdata as td on co.loc_id = td.loc_id join geodb_type_names as tn on td.text_type = tn.type_id where lat = 54.3333 and lon = 10.1333 and tn.name = \u0026#39;Name\u0026#39;\\G === 1. row === id: 1 select_type: SIMPLE table: co type: index_merge possible_keys: coord_loc_id_idx,coord_lon_idx,coord_lat_idx key: coord_lat_idx,coord_lon_idx key_len: 9,9 ref: NULL rows: 1 Extra: Using intersect(coord_lat_idx,coord_lon_idx); Using where === 2. row === id: 1 select_type: SIMPLE table: tn type: ref possible_keys: type_id,tid_tnames_idx,name_tnames_idx key: name_tnames_idx key_len: 767 ref: const rows: 1 Extra: Using where; Using index === 3. row === id: 1 select_type: SIMPLE table: td type: ref possible_keys: text_lid_idx,text_type_idx key: text_lid_idx key_len: 4 ref: geodb.co.loc_id rows: 2344 Extra: Using where 3 rows in set (0.00 sec) Wie man sieht wird ein index_merge (intersect) verwendet, wenn man mit festen Koordinaten arbeitet. Hier das Ergebnis:\nroot@localhost [geodb]\u0026gt; select co.loc_id, td.text_val from geodb_coordinates as co join geodb_textdata as td on co.loc_id = td.loc_id join geodb_type_names as tn on td.text_type = tn.type_id where lat = 54.3333 and lon = 10.1333 and tn.name = \u0026#39;Name\u0026#39;\\G === 1. row === loc_id: 469 text_val: Kiel === 2. row === loc_id: 19236 text_val: Kiel .... === 13. row === loc_id: 106031 text_val: Wik 13 rows in set (0.01 sec) Eine Umkreissuche (BETWEEN) sieht wesentlich schlechter aus - Axel Schwenke hat das ja bereits erläutert - der Index-Merge funktioniert derzeit nur bei Konstanten:\nroot@localhost [geodb]\u0026gt; explain select co.loc_id, td.text_val from geodb_coordinates as co join geodb_textdata as td on co.loc_id = td.loc_id join geodb_type_names as tn on td.text_type = tn.type_id where lat between 54.3 and 54.4 and lon between 10.1 and 10.2 and tn.name = \u0026#39;Name\u0026#39;\\G === 1. row === id: 1 select_type: SIMPLE table: tn type: ref possible_keys: type_id,tid_tnames_idx,name_tnames_idx key: name_tnames_idx key_len: 767 ref: const rows: 1 Extra: Using where; Using index === 2. row === id: 1 select_type: SIMPLE table: td type: ref possible_keys: text_lid_idx,text_type_idx key: text_type_idx key_len: 4 ref: geodb.tn.type_id rows: 2344 Extra: === 3. row === id: 1 select_type: SIMPLE table: co type: ref possible_keys: coord_loc_id_idx,coord_lon_idx,coord_lat_idx key: coord_loc_id_idx key_len: 4 ref: geodb.td.loc_id rows: 303 Extra: Using where 3 rows in set (0.00 sec) Hier die Laufzeit:\nroot@localhost [geodb]\u0026gt; select co.loc_id, td.text_val from geodb_coordinates as co join geodb_textdata as td on co.loc_id = td.loc_id join geodb_type_names as tn on td.text_type = tn.type_id where lat between 54.3 and 54.4 and lon between 10.1 and 10.2 and tn.name = \u0026#39;Name\u0026#39;\\G === 1. row === loc_id: 469 text_val: Kiel === 2. row === loc_id: 19236 text_val: Kiel .... === 30. row === loc_id: 106953 text_val: Rammsee 30 rows in set (0.50 sec) Wir können versuchen, mit einem RTREE dabei zu gehen. Dazu brauchen wir die Daten in MyISAM:\nroot@localhost [geodb]\u0026gt; create table co like geodb_coordinates; Query OK, 0 rows affected (0.18 sec) root@localhost [geodb]\u0026gt; alter table co engine = myisam; Query OK, 0 rows affected (0.18 sec) Records: 0 Duplicates: 0 Warnings: 0 root@localhost [geodb]\u0026gt; insert into co select * from geodb_coordinates; Query OK, 60645 rows affected (0.50 sec) Records: 60645 Duplicates: 0 Warnings: 0 Wir müssen außerdem eine Spalte latlon als POINT anlegen und einen SPATIAL index auf diesen Point setzen:\nroot@localhost [geodb]\u0026gt; alter table co add column latlon point not null, add spatial index (latlon); Query OK, 60645 rows affected (0.83 sec) Records: 60645 Duplicates: 0 Warnings: 0 Die lat und lon Daten müssen nach latlon konvertiert werden:\n-- 5.1.35 or later root@localhost [geodb]\u0026gt; update co set latlon = point(lat, lon); Query OK, 60645 rows affected (1.45 sec) Rows matched: 60645 Changed: 60645 Warnings: 0 -- older MySQL: update co -- set latlon = GeomFromText(concat(\u0026#39;Point(\u0026#39;, lat,\u0026#39;,\u0026#39;,lon))); Ein kleiner Test:\nroot@localhost [geodb]\u0026gt; select astext(latlon) from co limit 10; +------------------------------------------+ | astext(latlon) | +------------------------------------------+ | POINT(54.7833 9.43333) | | POINT(54.7833 9.43333) | | POINT(54.3333 10.1333) | | POINT(54.3333 10.1333) | | POINT(53.8667 10.7) | | POINT(53.8667 10.7) | | POINT(54.0667 9.98333) | | POINT(54.0667 9.98333) | | POINT(54.1474367521367 9.11139581196581) | | POINT(54.15 9.28333) | +------------------------------------------+ 10 rows in set (0.02 sec) Die Tabelle sieht jetzt so aus:\nroot@localhost [geodb]\u0026gt; show create table co\\G === 1. row === Table: co Create Table: CREATE TABLE `co` ( `loc_id` int(11) NOT NULL, `coord_type` int(11) NOT NULL, `lat` double DEFAULT NULL, `lon` double DEFAULT NULL, `coord_subtype` int(11) DEFAULT NULL, `valid_since` date DEFAULT NULL, `date_type_since` int(11) DEFAULT NULL, `valid_until` date NOT NULL, `date_type_until` int(11) NOT NULL, `latlon` point NOT NULL, KEY `coord_loc_id_idx` (`loc_id`), KEY `coord_lon_idx` (`lon`), KEY `coord_lat_idx` (`lat`), KEY `coord_type_idx` (`coord_type`), KEY `coord_stype_idx` (`coord_subtype`), KEY `coord_since_idx` (`valid_since`), KEY `coord_until_idx` (`valid_until`), SPATIAL KEY `latlon` (`latlon`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 1 row in set (0.00 sec) Wir definieren unseren Suchumkreis einmal als @poly Variable. Danach wird einiges einfacher:\nroot@localhost [geodb]\u0026gt; set @poly = \u0026#39;Polygon((54.3 10.1, 54.4 10.1, 54.4 10.2,54.3 10.2, 54.3 10.1 ))\u0026#39;; Query OK, 0 rows affected (0.00 sec) Wird unser SPATIAL Index denn auch verwendet? Wir testen:\nroot@localhost [geodb]\u0026gt; explain select co.loc_id from co where mbrcontains(geomfromtext(@poly), co.latlon)\\G === 1. row === id: 1 select_type: SIMPLE table: co type: range possible_keys: latlon key: latlon key_len: 34 ref: NULL rows: 11 Extra: Using where 1 row in set (0.00 sec) In der richtigen Suche müssen wir einen STRAIGHT_JOIN forcen, weil sonst die Join-Order und die Indexverwendung nicht stimmt:\nroot@localhost [geodb]\u0026gt; explain select straight_join co.loc_id, td.text_val from co as co join geodb_textdata as td on co.loc_id = td.loc_id join geodb_type_names as tn on td.text_type = tn.type_id where tn.name = \u0026#39;Name\u0026#39; and mbrcontains(geomfromtext(@poly), co.latlon)\\G === 1. row === id: 1 select_type: SIMPLE table: co type: range possible_keys: coord_loc_id_idx,latlon key: latlon key_len: 34 ref: NULL rows: 11 Extra: Using where === 2. row === id: 1 select_type: SIMPLE table: td type: ref possible_keys: text_lid_idx,text_type_idx key: text_lid_idx key_len: 4 ref: geodb.co.loc_id rows: 2344 Extra: === 3. row === id: 1 select_type: SIMPLE table: tn type: ref possible_keys: type_id,tid_tnames_idx,name_tnames_idx key: type_id key_len: 4 ref: geodb.td.text_type rows: 1 Extra: Using where 3 rows in set (0.00 sec) Und hier die Ausgabe:\nroot@localhost [geodb]\u0026gt; select straight_join co.loc_id, td.text_val from co as co join geodb_textdata as td on co.loc_id = td.loc_id join geodb_type_names as tn on td.text_type = tn.type_id where tn.name = \u0026#39;Name\u0026#39; and mbrcontains(geomfromtext(@poly), co.latlon)\\G === 1. row === loc_id: 18070 text_val: Heikendorf === 2. row === loc_id: 21024 text_val: Mönkeberg ... === 30. row === loc_id: 19236 text_val: Kiel 30 rows in set (0.00 sec) ","date":"2010-04-11T00:00:00Z","href":"https://blog.koehntopp.info/2010/04/11/spatial-indices.html","tags":["mysql","lang_de"],"title":"Spatial Indices"},{"categories":null,"content":"On 2010-04-08 13:40:57 +0200,\nKarsten Wutzke said :\ngibt es ein sinnvolles Maximum für die Anzahl von Elementen in einem ENUM?\nENUM hat in MySQL 5.1 einige Eigenschaften, die überraschend sind. Zum Beispiel\nroot@localhost [kris]\u0026gt; create table t (id integer unsigned not null primary key, e enum(\u0026#39;a\u0026#39;, \u0026#39;b\u0026#39;, \u0026#39;c\u0026#39;) not null ) engine = innodb; Query OK, 0 rows affected (0.21 sec) root@localhost [kris]\u0026gt; insert into t values (1, \u0026#39;\u0026#39;); Query OK, 1 row affected, 1 warning (0.00 sec) Warning (Code 1265): Data truncated for column \u0026#39;e\u0026#39; at row 1 root@localhost [kris]\u0026gt; insert into t values (2, \u0026#39;c\u0026#39;); Query OK, 1 row affected (0.00 sec) root@localhost [kris]\u0026gt; select id, e, hex(e), e+0 from t; +----+---+--------+-----+ | id | e | hex(e) | e+0 | +----+---+--------+-----+ | 1 | | | 0 | | 2 | c | 63 | 3 | +----+---+--------+-----+ 2 rows in set (0.00 sec) Obwohl t.e ein ENUM ist, das per Definition keinen Wert \u0026rsquo;\u0026rsquo; zuläßt, hat MySQL den Wert \u0026rsquo;\u0026rsquo; abspeichern können, wenn auch mit einer Warnung.\nBei der Kontrollausgabe sieht man bei der Konvertierung nach INTEGER, daß ein ENUM intern Zahl gespeichert wird, wobei dem ersten Wert die Zahl 1, dem nächsten die Zahl 2 und so weiter zugeordnet wird. Der Wert \u0026lsquo;\u0026rsquo;, intern als 0 repräsentiert (und von NULL verschieden) wird immer zugelassen und verwendet, um ungültige Werte (Werte, die nicht in der ENUM-Wertliste enthalten sind) abzubilden. \u0026rsquo;\u0026rsquo; ist nicht in der Wertliste enthalten und wird (wie jeder andere ungültige Wert auch) mit einer data truncation warning auf \u0026rsquo;\u0026rsquo; abgebildet.\nAbhilfe schaffte hier strict mode , etwa\nroot@localhost [kris]\u0026gt; set sql_mode = STRICT_ALL_TABLES; Query OK, 0 rows affected (0.00 sec) root@localhost [kris]\u0026gt; insert into t values (3, \u0026#39;\u0026#39;); ERROR 1265 (01000): Data truncated for column \u0026#39;e\u0026#39; at row 1 Die \u0026lsquo;data truncation warning\u0026rsquo; wird dann zum Error und läßt den INSERT scheitern. Das bringt andere Probleme mit sich, aber das ist eine andere Geschichte, die ein anderes Mal erzählt werden soll.\nDas ENUM wird intern als TINYINT oder SHORTINT repräsentiert, belegt also entweder einen oder zwei Bytes pro Wert und kann entsprechend maximal 64k Werte annehmen.\nIch meine mich daran zu erinnern, dass irgendjemand mal gesagt hat, dass ENUMs nur für eine eher geringe Anzahl von Elementen Sinn macht.\nDas Problem lag in der Vergangenheit eher bei der Kombination von Tabellengröße und Änderungshäufigkeit der Definition.\nEine Änderung der Wertemenge ist halt ein DDL-Statement, also ein ALTER TABLE und MySQL mußte bisher für das Ändern der ENUM-Definition die Tabelle umkopieren. Wird die Tabelle größer, kann das unangenehm lange dauern, da die Tabelle während des Umkopieren ein Lock hat, also nicht geschrieben werden kann.\nIn MySQL 5.1 und höher gilt jedoch\nIn most cases, ALTER TABLE works by making a temporary copy of the original table. The alteration is performed on the copy, and then the original table is deleted and the new one is renamed. [\u0026hellip;]In some cases, no temporary table is necessary:Alterations that modify only table metadata and not table data can be made immediately by altering the table\u0026rsquo;s .frm file and not touching table contents. The following changes are fast alterations that can be made this way: Renaming a column or index. Changing the default value of a column.\nChanging the definition of an ENUM or SET column by adding new enumeration or set members to the end of the list of valid member values. Die alten Bedenken gegen die Erweiterung eines ENUM- oder SET-Typen wegen lange dauernder ALTER TABLE-Statements gelten also NICHT mehr, vorausgesetzt es ist akzeptabel, daß neue Werte für den ENUM am Ende der ENUM-Liste angehängt werden können, also keine interne Umnummerierung notwendig ist.\n","date":"2010-04-09T00:00:00Z","href":"https://blog.koehntopp.info/2010/04/09/ber-enum-und-fast-alter-table.html","tags":["mysql","lang_de"],"title":"Über ENUM (und Fast Alter Table)"},{"categories":null,"content":"FDP und CSU streiten über Websperren . Und zwar auf hohem intellektuellen und sprachlichem Niveau. Das Wort des Tages heute also: \u0026ldquo;Scheinaktionsmus\u0026rdquo;. Weil: Was die Welt wirklich braucht ist echter Aktionsimus !\nUnterdessen fragt der CSU-Europaabgeordnete Manfred Weber wieso \u0026ldquo;die Löschung von Daten keine Zensur sei, aber das reine Sperren.\u0026rdquo;\nDas, lieber Herr Weber, fängt schon mal damit an, daß bei einer Löschung von Daten der jeweils Betroffene quasi zwangsläufig davon erfährt und dadurch dann auch die Möglichkeit hat, die ihm zustehenden Rechtsmittel einzulegen. Falls Ihnen rein hypothetisch einmal durch ein bedauerliches Versehen in einem Einzelfall etwa ein Wikileaks-Video mit auf die Kinderporno-Sperrliste geraten sollte. Falls die Löschung aber legitim ist, dann ist durch sie das betreffende Material an dieser Stelle für alle aus dem Netz geräumt und nicht nur für die Deutschen, die zufälligerweise gerade nicht Google DNS verwenden. In jedem Fall erzwingt die Löschung so die Einhaltung von Qualitätsstandards bei der Erstellung und Umsetzung von Löschlisten und ermöglicht weiterhin einen gesellschaftlichen Diskurs zu diesem wichtigen Thema, während eine Sperrung nur einen Mantel des Schweigens über ein Thema deckt, bei dem schon viel zu viel geschwiegen wird.\nDer innenpolitische Sprecher der Unionsfraktion, Hans-Peter Uhl (CSU), hatte Leutheusser-Schnarrenberger einen \u0026ldquo;Denkfehler\u0026rdquo; unterstellt, wenn sie die Wirkungsweise des Löschens in der realen Welt auf die virtuelle Welt des Internets übertrage. Im Unterschied zum Buch ließen sich im Internet Seiten mit rechtswidrigem Inhalt nicht einfach entfernen. \u0026ldquo;Denn das vermeintlich Gelöschte wird vorher auf Computer heruntergeladen und taucht später an vielen neuen Stellen wieder auf.\u0026rdquo;\nDas, lieber Herr Uhl, zwingt mich ihnen einen \u0026ldquo;Denkfehler\u0026rdquo; zu unterstellen. Wir sagen zwar umgangssprachlich \u0026lsquo;Der Inhalt wurde gesperrt\u0026rsquo;, aber was gesperrt wurde ist der Zugriff auf einen Ort, einen Hostnamen oder eine URL. Das heißt im Unterschied zu dem, was der Sprachgebrauch suggeriert, ist es bei einer Sperrung möglich, das vermeintlich Gesperrte vorher auf Computer herunterzuladen, und es taucht dann später an vielen neuen Stellen wieder auf. Zudem wirkt die Sperrung nicht auf den Inhalt selbst, sondern nur auf einen kleinen Teil der Rezipienten - die Inhalte sind also gar nicht wirklich für alle unzugänglich (nicht mal für viele). Und schließlich hinterläßt die Weise, wie sie die Formulierung \u0026lsquo;staatliche Unwerturteile\u0026rsquo; verwenden, bei mir einen komischen Beigeschmack. Ich wünschte, sie würden das anders formulieren.\n(Viele gute Gründe gegen Internet-Sperren )\n","date":"2010-04-06T00:00:00Z","href":"https://blog.koehntopp.info/2010/04/06/l-schen-statt-sperren.html","tags":["politik","zensur","lang_de"],"title":"Löschen statt Sperren"},{"categories":null,"content":"Warum zahlen wir in Deutschland Kirchensteuer und keinen Zehnt an die jeweilige Kirche direkt? Wieso ist an einigen Tagen Tanzverbot? Wieso verbietet das Bundesverfassungsgericht dem Land Berlin die Öffnung von Einkaufszentren an Sonntagen, hat aber mit Busfahrern, die Sonntags arbeiten müssen keine Probleme? Wieso meinen deutsche Bischöfe selbst entscheiden zu können, welche Fälle von Kindsmißbrauch den Staat angehen und welche die Kirche intern klärt?\nIm preisgekrönten USA erklärt stellt Scot heute die amerikanische Sicht auf die Dinge dar. Will man an die Quellen, schaut man sich Artikel 140 unseres Grundgesetzes an. Der ist recht kompliziert, denn er lautet im Volltext:\nDie Bestimmungen der Artikel 136, 137, 138, 139 und 141 der deutschen Verfassung vom 11. August 1919 sind Bestandteil dieses Grundgesetzes.\nMan hat also im Grundgesetz Teile der Weimarer Verfassung übernommen, zusammen mit dem Deutungskontext der damaligen Zeit - eine Verlegenheitslösung, die deswegen existiert, weil man sich in der vorhandenen Zeit nicht auf einen Kompromiß einigen konnte und es wichtiger war, überhaupt erst einmal eine Verfassung zu haben. Daher mutet das alles ein wenig wunderlich an.\nMehr Kontext bekommt man in Staatskirchenrecht , der erläutert:\nDas deutsche Staatskirchenrecht beruht, anders als etwa das bürgerliche Recht, nicht auf einem wissenschaftlich erarbeiteten, umfassenden Regelungskonzept. Es hat sich vielmehr in jahrhundertelanger Entwicklung gebildet und ist wie kaum eine andere Rechtsmaterie durch historische Ereignisse beeinflusst.\nund geht dann ungefähr bis Canossa , den Westfälischen Frieden , das Landesherrliche Kirchenregiment und den Kulturkampf zurück.\nDie Trennung von Kirche und Staat ist in Deutschland jedenfalls unvollkommen (\u0026lsquo;hinkend\u0026rsquo; \u0026ndash; Stutz, 1926) und wird von vielen Menschen als nicht mehr ihrer Lebenswirklichkeit entsprechend wahrgenommen.\nInsbesondere liegt dem Ganzen eine Idee zugrunde, die angesichts der aktuellen katholischen Kinderschändungskrise lächerlich erscheinen muß:\n»Wenn es [ \u0026hellip; ] nicht der Staat selber ist, der die Aufgabe der Sinnstiftung betreibt, er aber gleichwohl ein grundlegendes Interesse daran hat und haben muß, seinen Bürgern ein Wertgefüge, eine Lebensorientierung zu vemitteln, so versteht es sich fast von selbst, daß er, der Staat, kirchlicher und damit ja gewissermaßen staatsausgelagerter Sinnstiftung freundlich gesonnen ist und diese, wo er kann, fördert.«\nDieselbe Kirche, die hier als Wertgefüge und Lebensorientierung vermittelnd notwendig für den Staat gesehen wird, also als ultimate moralische Instanz gedacht wird, erscheint im Umgang mit ihren eigenen Folteropfern hilflos und vertuschend. Telepolis spießt diesen moralischen Bankrott in Ausstieg aus der gesamten moralischen Geschichte sauber auf.\nDie Gefährlichkeit dieses Institutionsversagen geht einem erst dann auf, wenn man Kirchenrecht verstanden hat:\nKirchenrecht ist das von Religionsgemeinschaften selbst gesetzte interne Recht. Entgegen dem Wortlaut betrifft das Kirchenrecht keineswegs nur Kirchen, sondern alle Religions- und Weltanschauungsgemeinschaften. Als Konsequenz von Religionsfreiheit und der Trennung von Staat und Kirche ist in Deutschland das Recht der Religionsgemeinschaften, innere Angelegenheiten selbst zu regeln, in der Verfassung, dem Grundgesetz, verankert (Art. 140 GG in Verbindung mit Art. 137 III WRV – kirchliches Selbstbestimmungsrecht). Hat die jeweilige Religionsgemeinschaft den Status einer Körperschaft des Öffentlichen Rechts (sog. Körperschaftsstatus), so ist ihr internes Kirchenrecht Öffentliches Recht. Dabei geht das deutsche Bundesverfassungsgericht in ständiger Rechtsprechung davon aus, die Rechtsetzungsbefugnis der Religionsgemeinschaften sei nicht vom Staat abgeleitet oder verliehen, sondern originär.\nDamit landen wir dann bei der Körperschaft Öffentlichen Rechts , einem Konstrukt, das es bestimmten Kirchen (jenen mit Körperschaftsstatus) erlaubt, eigenes Recht zu sprechen, geltendes Sozialrecht nicht anzuwenden, eigene Beamte einzusetzen und einige andere seltsame Dinge mehr zu tun, da auf eine seltsame Weise das Innere einer solchen Körperschaftskirche außerhalb der grundgesetzlichen und staatlichen Ordnung existiert.\nGrad bei der katholischen Kirche hat man da einige kognitive Dissonanzen: \u0026ldquo;Wir haben eine kirchliche Rechtsordnung \u0026rdquo; sagt der Hamburger Weihbischof Hans-Jochen Jaschke und \u0026ldquo;Die Kirche sei ein eigener Raum und man müsse zusammen mit den Opfern und Tätern entscheiden, wie die Staatsanwaltschaft ins Spiel kommt.\u0026rdquo;. Damit bezieht er sich auf genau diese staatliche Vakuum, das die Körperschaft Öffentlichen Rechts mit ihren eigenen Regularien füllen kann und soll, und das im Fall der katholischen Kirche in den letzten 70 Jahren so massiv und anhaltend versagt hat.\nDie hinter diesem letzten Artikel stehende Geisteshaltung und Rechtsauffassung ist überhaupt nur aus der Historie von Kirche und Staat in Deutschland in den letzten 1000 Jahren verständlich. Die meisten Deutschen haben weder diese Perspektive noch den Willen, diese Position einzinehmen - sie sind zu Recht empört, denn sie erwarten natürlich von einer Organisation, die sich teilweise außerhalb der garantierten Rechte des Grundgesetzes stellen kann und die auch im 2. Vatikanischen Konzil noch behauptet, die einzig seligmachende Heilslehre im Wortsinn zu vertreten, daß diese Organisation selbst in ihren eigenen Reihen für die Aufrechterhaltung der Mindeststandards sorgt, die in dem Staat gelten, in dem sie tätig ist, wenn sie nicht sogar darüber hinaus geht. Das tut die katholische Kirche in ihrer Reaktion auf die Aufdeckung der Massenmißbräuche in vielen Nationen der Erde nicht - sie reagiert stattdessen abwehrend, überheblich, verzögernd und kritikunfähig. Daß dies der Weg zu Seelenheil und einer besseren Welt ist glauben hoffentlich nicht einmal die Mitglieder dieses Vereins.\nOder man zieht die Konzequenzen und beschneidet die Körperschaften Öffentlichen Rechts so, daß sie zwar weiter Organisationsfreiheit haben können, aber nicht hinter den Stand des Grundgesetzes zurück fallen dürfen. Die katholische Kirche hat das ja anders herum auch gemacht, in GS 5 :\nAutoritäre Staatsmodelle stützt die Kirche nicht mehr, insbesondere dann nicht, wenn diese totalitäre Ideologien verbreiten.\nDadurch wollte man die Fehler der katholischen Kirche im Umgang mit dem Naziregime für die Zukunft verhindern.\n(Dieser Artikel ist eine Art Destillat von ca. 55 Firefox-Tabs, die im Laufe des letzten Monats angefallen sind, und ohne ein Lesen der Texte hinter jedem einzelnen Link wahrscheinlich nicht verständlich, da eine komplizierte Rechtsmaterie und etwa 1000 Jahre europäische Geschichte berührt werden. Außerdem bin ich kein Verfassungsrechtler, sondern nur ein interessierter Laie mit einem gesunden Rechtsempfinden und dem Wunsch zu verstehen wieso solcher Irrsinn in 2010 noch legal ist)\n","date":"2010-04-04T00:00:00Z","href":"https://blog.koehntopp.info/2010/04/04/staatskirchenrecht.html","tags":["kirche","politik","lang_de"],"title":"Staatskirchenrecht"},{"categories":null,"content":"In einem Blogartikel verweist Charles Stross auf das recht bald erscheinende The Laundry Rollenspiel (Chaosium Cthulhu-Regeln). Das Spiel ist in der Laundry-Welt angesiedelt, in der etwa auch The Atrocity Archives spielt, also in einer Welt, in der höhere Mathematik mit schwarzer Magie identisch ist und das Gewebe der Realität umdefinieren kann, und in der Verschwörungstheorien real werden, wenn nur genug Leute daran glauben - mit anderen Worten, man spielt im Hier und Jetzt\u0026hellip; :)\nDas Spiel erscheint im Juli 2010, also wahrscheinlich zusammen mit The Fuller Memorandum dem dritten Laundry Files Buch.\nPicture unrelated ","date":"2010-03-17T00:00:00Z","href":"https://blog.koehntopp.info/2010/03/17/the-laundry.html","tags":["media","roleplay","scifi","stross","lang_de"],"title":"The Laundry"},{"categories":null,"content":"Ich schreibe diesen Beitrag einmal provisorisch in meine Kategorie \u0026lsquo;Blog\u0026rsquo;, aber es könnte genau so gut auch in die Kategorie \u0026lsquo;Politik\u0026rsquo;, \u0026lsquo;Piraten\u0026rsquo;, in das Tag \u0026lsquo;privacy\u0026rsquo; oder in eine andere Klassifizierung passen.\nWas ich mit meinem Blog und allen meinen anderen Veröffentlichungen mache, ist eine Marke \u0026lsquo;Kristian Köhntopp \u0026rsquo; zu bauen. Es ist unvermeidlich, daß ich unter meinem Namen eine Datenspur in dieser Welt hinterlasse - ich brauche nicht anzutreten um zu versuchen, diese zu verstecken.\nWas ich aber tun kann ist zu versuchen, diese Spur zu ownen, also die Inhalte die eine Suche nach meinem Namen zu Tage fördert mehr oder weniger zu kontrollieren und das Image zu bestimmen, daß durch die Suche nach meinem Namen produziert wird. Das ist natürlich nichts anderes als klassisches Marketing auf mich als Privatperson und meinen Datenschatten übertragen. Damit wird natürlich jede Aktion von mir im Netz zu einer Publikation, die auf mein Image und meine Marke wirkt und sie entweder aufbaut, beschädigt oder verändert.\nIch denke auch, daß ist den Digital Natives unter uns klar und das ist ein gutes Teil dessen, was uns von den Digital Immigrants unterscheidet: Wir wissen das, wir haben das akzeptiert und wir leben das. Wir sind im netz zu gleichen Teilen Person, Projektion und Publikation - ein authentisches Gesamt-Kunstwerk.\nManchmal vergessen einige von uns das, und dann kommen Dinge wie dieser Artikel heraus. Man kann viel aus ihm lernen.\nJulia Seeliger war eine Politikerin bei den Grünen , die jetzt bei der taz arbeitet und in ihrem Blog und bei der Taz eine Menge Artikel über die Piratenpartei geschrieben hat. Dabei setzt sie sich teilweise sehr kritisch mit der Piratenpartei und Personen im Vorstand auseinander und legt den Finger mit der Erfahrung einiger Jahre politischer Arbeit in Wunden bei den Piraten, und das ist auch notwendig und gut so, denn es erzeugt den notwendigen Druck, den die Piratenpartei braucht, um erwachsen zu werden.\nDabei sind jedoch ein paar Sachen passiert und ich muß ein wenig ausholen, damit verständlich wird, was ich meine.\nDa ist einmal der Aspekt der Marke: Die taz ist eine, aber sie hat kein Gesicht, sondern sie ist recht abstrakt. Julia Seeliger ist eine recht bekannte Person, und durch ihren Wechsel zur taz hat sie offenbar unabsichtlich und ungewollt bei einer ganzen Reihe von Leuten der taz ein Gesicht gegeben. Sie identifizieren die Inhalte der taz mit ihrer Person oder projezieren Einstellungen der Person auf die politische Ausrichtung des Blattes. Julia Seeliger ist das bewußt, sie will das nicht und sie formuliert das so:\nIhr bescheuerten Pisser (und Wichserinnen), die mich ständig auf Twitter für jegliches, was die taz tut (vermutlich auch für den Diekmann-Schwanz, die Rudi-Dutschke-Straße und die tazze) verantwortlich machen\nDas hilft natürlich kein Stück, weder bei der Markenkommunikation noch bei der Lösung ihres Problems, aber es verdeutlicht die Situation.\nDer andere Aspekt ist die Sache mit dem Remote Strangulation Protocol . Julia Seeliger verliert nämlich die Nerven oder zumindest die Haltung:\nEs führt nämlich zu nichts. Seitdem ich im September 2009 den Artikel “Die Freiheit, die wir meinen” verfasste, sah ich mich einem Mob gegenüber, dem man auch nur mit Worten wie “geh kacken” “Halts Maul” etc entgegnen konnte.\nNun hat sie es hier aber mit einer offenen Community zu tun und nicht mit einer walled garden Community. Das bedeutet, es gibt keine Instanz und keine Methoden die Personen wirksam sanktionieren könnte, in irgendeiner Form falsches oder unangemessenes Verhalten zeigen. Jede Form von negativem Feedback - jede! - ist immer - immer! - im günstigsten Fall wirkungslos und schlimmstenfalls kontraproduktiv.\nEs ist nicht möglich, irgend jemandem aus einer offenen Community auszuschließen, seine Bemerkungen zu unterdrücken, ihn zurechtzuweisen, zu limitieren oder seine Reichweite zu begrenzen. Alle diese Methoden, die in Walled Gardens reichlich zur Verfügung stehen, sind im offenen Netz nicht vorhanden.\nDas heißt nicht, daß man eine Community im offenen Netz nicht führen oder nicht beeinflussen kann. Man kann es nur nicht mit negativem Feedback tun. Stattdessen muß man es fest, unbeirrbar, freundlich und mit positivem Feedback aufziehen.\nDie funktionierende Methode nimmt Kritiker und Kritik ernst, egal wie unbegründet oder unsachlich sie ist, trennt die emotionale Aufladung vom Sachinhalt ab, und beantwortet dann die Kritik in der Sache, notfalls auch wiederholt - ich habe die Grundidee in einem anderen Kontext einmal aufgeschrieben, aber die Grundsätze der Kommunikation sind im offenen Netz immer dieselben, egal ob es sich um Internet oder USENET oder um eine FAQ, eine Privatperson oder eine Firma handelt.\nWenn man sich klar macht, daß jede Flame immer eingescheiterter Kommunikationsversuch ist, dem Flamer also Kontext oder Ausbildung fehlt, dann ist fällt es leichter sich korrekt zu verhalten. Es ist dann nicht schwer, sich selbst so zu disziplinieren, daß man nicht zurück ätzt, sondern einfach versucht, den Kommunikationspartner nach oben zu ziehen. Man landet dann zwangsläufig bei einer Kommunikationsform, die nur noch positives Feedback verwendet.\nWenn man sich außerdem klar macht, daß alle diese Kommunikation im offenen Netz immer öffentlich ist, man also immer auch für Dritte etwas aufführt, dann wird auch klar, daß diese Art der Interaktion zwingend ist, weil man selbst so nicht nur mit einer zweiten Partei einen Kommunikationsblock abbaut, sondern weil man vor allen Dingen auch gegenüber Dritten eine Persona aufbaut, Professionalität im Angesicht von Widrigkeiten ausstrahlt und generell Überlegenheit und Authentizität produziert. Man überläßt es also dem Flamer, sich selbst zu disziplinieren. Das alles ist wichtiges Kapital für zukünftige Kommunikation.\nUnd das bringt mich zu dem Titel dieses Beitrages - denn ich kenne derzeit nur eine Firma, die das im Kern begriffen hat, und die beide Aspekte von Markenpersonalisierung und Kommunikation im offenen Netz erfolgreich miteinander verbunden hat. Und das ist genau 1\u0026amp;1 mit der Kampagne um den Kundenzufriedenheitsbeauftragten Marcel D\u0026rsquo;Avis - eine der spannendsten Marketing-Operationen der letzten 12 Monate, weil sie zeigt, daß erstmal eine deutsche Firma den Umgang mit der Kommunikation im offenen Netz erfolgreich gemeistert hat. Mein allerhöchster Respekt an die Leute, die es geplant und an die, die es umgesetzt haben!\n1\u0026amp;1 hat verstanden, daß sie als Firma im Internet eine Person als Ansprechpartner brauchen und daß das nicht ein Model a la Vanessa Hessler sein kann, sondern ein handfester Ansprechpartner sein muß. Und anders als Xing hat 1\u0026amp;1 auch ab dem Start begriffen, daß der Ansprechpartner authentisch sein muß . Also hat man dort eine Kampagne um den echten Teamleiter Kundenzufriedenheit herum gebaut und ihn mit Gesicht und Namen proaktiv positioniert.\nAnders als bei der taz ist das nicht aus Versehen und gegen den Willen der Person geschehen, mit dem Effekt, daß nach einiger Skepsis und einer ersten kurzen Welle Häme und Zweifeln die ganze Aktion ein echter Erfolg gewesen ist - wegen Authentizität, wegen Ernstnehmens der Kritiker, wegen strikter Freundlichkeit im Angesicht mißtrauisch-feindlicher Kommunikation.\nNachtrag: Oh, und \u0026lsquo;die Piratenpartei\u0026rsquo; hat mit ihrer offenen Kommunikation auch ein Markenproblem. Weil es halt für den unbeteiligten Dritten schlicht nicht kommunizierbar ist, daß es einen Unterschied gibt zwischen anonymen Kommentaren unbekannter Identität, Statements von einfachen Parteimitläufern wie mir und offiziellen Standpunkten der Partei. Der Unterschied zwischen dem Piratenforum und etwa einem FDP-Forum ist ja eher marginal, aber die FDP verkauft sich da (modulo Herrn Westerwelle) echt besser. Denn was Julia Seelier in Richtung der Piraten formuliert:\nKleine Unterrichtung zum taz-Selbstverständnis: Bei uns schreibt jede und jeder, was er/sie will. Bei uns gibt es keine “Order von oben”, was geschrieben wird – und auch ich bin nicht für das verantwortlich, was meine Kollegen schreiben. Und schon gar nicht bin ich die Piraten-Müllhalde für un-unkritische taz-Artikel.\ngilt ja auch andersherum, wird aber so nicht wahrgenommen - nicht einmal von Julia Seeliger selbst.\n","date":"2010-03-15T00:00:00Z","href":"https://blog.koehntopp.info/2010/03/15/persona-was-julia-seeliger-mit-marcel-d-avis-verbindet.html","tags":["piraten","blog","privacy","lang_de"],"title":"Persona - was Julia Seeliger mit Marcel D'Avis verbindet"},{"categories":null,"content":"Jeder Datenbankserver bei uns hat ein Script laufen, daß den Inhalt von information_schema.tables jede Nacht einmal in eine Systemdatenbank in das DBA Schema kopiert. Dort haben wir dba.table_sizes:\nroot@sysmdb [dba]\u0026gt; show create table table_sizes\\G Table: table_sizes Create Table: CREATE TABLE `table_sizes` ( `hostname` varchar(64) NOT NULL, `datadir` varchar(64) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL, `report_date` date NOT NULL, `table_schema` varchar(64) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL, `table_name` varchar(64) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL, `engine` varchar(64) NOT NULL, `data_length` bigint(20) NOT NULL, `index_length` bigint(20) NOT NULL, `table_rows` bigint(20) NOT NULL, UNIQUE KEY `hostname` (`hostname`,`datadir`,`report_date`,`table_schema`,`table_name`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 1 row in set (0.00 sec) Gesucht war nun eine Query, die für jeden Sonntag eine Liste der 10 größten Tabellen eines bestimmten Servers \u0026lsquo;master\u0026rsquo; für 2010 produziert.\nDie Lösung ist fragil insofern, als daß sie eine undokumentierte Eigenschaft des Servers ausnutzt. Aber sie ist auch schnell.\nset @old := \u0026#34;\u0026#34;, @count := 0; select \\* from ( select @count := if(@old \u0026lt;=\u0026gt; report_date, @count+1, 0) as c, @old := report_date as report_date, hostname, table_name, (data_length+index_length)/1024/1024/1024 as gb from table_sizes where date_format(report_date, \u0026#39;%W\u0026#39;) = \u0026#39;Sunday\u0026#39; and report_date \u0026gt; \u0026#39;2010-01-01\u0026#39; and hostname = \u0026#39;master\u0026#39; and datadir = \u0026#39;/mysql/bp/data/\u0026#39; and table_schema = \u0026#39;bp\u0026#39; order by report_date, gb desc ) as t where t.c \u0026lt; 10 ; Wir definieren einen Zustandsspeicher @old, der das report_date der folgenden Zeile speichert und einen Zähler @count. Sessionvariablen (die @-Variablen da) haben einen impliziten Typ, und @old verhält sich anders (falsch), wenn es mit 0 initalisiert wird.\nIm inneren SELECT zählen wir @count um eins hoch, wenn report_date sich nicht ändert, oder setzen es auf 0, wenn report_date sich geändert hat. Der \u0026lt;=\u0026gt;-Operator ist dabei failsafe gegenüber NULL-Werten. Danach, und das ist wichtig, aktualisieren wir @old mit dem aktuellen report_date, und danach geben wir die Werte aus, an denen wir interessiert sind. Die WHERE-Clause der inneren Query wählt dabei die Daten aus, an denen wir interessiert sind: Sonntage aus 2010, Daten vom Master, von der Instanz mit dem passenden datadir, und dort aus dem passenden Schema. Das sortieren wir dann.\nDie Ausgabe hat nun eine laufende Nummer c, die aus dem Hochzählen von @count resultiert. Dieser Zähler wird an report_date-Wechseln zurückgesetzt. Mit der äußeren Query schneiden wir nun alle Werte ab, bei denen der Zähler zu hoch ist.\nDie Query ist fragil, und ein übler Hack, da sie auf der internen Ausführungsreihenfolge des SQL-Statements basiert. Sie kann bei jedem Upgrade des Servers plötzlich fehlschlagen, weil sich Serverinterna ändern.\n","date":"2010-03-09T00:00:00Z","href":"https://blog.koehntopp.info/2010/03/09/gruppenweises-top-n-in-mysql-der-tabellengr-enreport.html","tags":["hack","mysql","sql","lang_de"],"title":"Gruppenweises TOP N in MySQL: Der Tabellengrößenreport"},{"categories":null,"content":"Auf Yourhelpcenter.de gibt es einen Artikel mit dem irreführenden Titel Update if exists else insert record , der sich mit INSERT ON DUPLICATE KEY UPDATE beschäftigt.\nDieses Kommando macht genau nicht das, was der Titel des Artikels suggeriert und wünschenswert wäre, sondern er macht genau das, was der SQL-Text des Kommandos sagt und leider nervt. Es wäre schön, wenn der Artikel auf Yourhelpcenter auch auf diese Probleme eingegangen wäre - da er es nicht tut hole ich es hier gerade mal nach.\nGegeben sei\nroot@localhost [kris]\u0026gt; show create table a\\G Table: a Create Table: CREATE TABLE `a` ( `id` tinyint(3) unsigned NOT NULL, `d` tinyint(3) unsigned NOT NULL, `e` tinyint(3) unsigned NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `d` (`d`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 1 row in set (0.02 sec) root@localhost [kris]\u0026gt; insert into a values ( 1, 2, 3), (4, 5, 6); Query OK, 2 rows affected (0.00 sec) Records: 2 Duplicates: 0 Warnings: 0 Das Kommando INSERT ON DUPLICATE KEY UPDATE ist erst einmal ein INSERT-Statement.\nEs fügt Werte in eine Tabelle ein:\nroot@localhost [kris]\u0026gt; insert into a ( id, d, e) values ( 7, 8, 9) on duplicate key update e = 100; Query OK, 1 row affected (0.00 sec) root@localhost [kris]\u0026gt; select * from a; +----+---+---+ | id | d | e | +----+---+---+ | 1 | 2 | 3 | | 4 | 5 | 6 | | 7 | 8 | 9 | +----+---+---+ 3 rows in set (0.00 sec) Man kann sehen, daß der INSERT-Zweig genommen wurde - unter anderem daran, daß dort nach dem Statement \u0026lsquo;1 row affected\u0026rsquo; angezeigt wird.\nWenn beim INSERT ein Duplicate Key Error auftritt, dann schaltet das Statement auf die UPDATE-Clause um und führt die Anweisungen dort aus. Dabei ist es unwesentlich, ob der Duplicate Key Error auf dem Primärschlüssel oder einem anderen Unique Key stattfindet.\nHier ist das Beispiel:\nroot@localhost [kris]\u0026gt; insert into a (id, d, e) values (7,11,12) on duplicate key update e = 100; Query OK, 2 rows affected (0.00 sec) root@localhost [kris]\u0026gt; insert into a (id, d, e) values (10, 5, 12) on duplicate key update e = 200; Query OK, 2 rows affected (0.02 sec) root@localhost [kris]\u0026gt; select * from a; +----+---+-----+ | id | d | e | +----+---+-----+ | 1 | 2 | 3 | | 4 | 5 | 200 | | 7 | 8 | 100 | +----+---+-----+ 3 rows in set (0.00 sec) Wie man sieht, hat das erste INSERT einen Duplicate Key Error auf dem Primärschlüssel für die Row 7 erzeugt und daher ein Update durchgeführt, das e auf den Wert 100 setzt. Das zweite INSERT hat ebenfalls einen Duplicate Key Error erzeugt, aber auf dem Unique Key (a) und dem Wert 5, dadurch ist e auf dem Wert 200 gesetzt worden.\nWie man auch sehen kann, wird beim aktivieren des UPDATE-Zweiges \u0026lsquo;2 rows affected\u0026rsquo; ausgegeben. Das ist ein wenig unsinnig, solange man nicht sieht, was intern passiert - mehr dazu weiter unten.\nHaben wir eine solche Kombination von zwei Unique Key Constraints (ein Primärschlüssel hat ja auch UNIQUE-Eigenschaft), oder haben wir ein Statement, das in der UPDATE-Clause auch am Primärschlüssel rumschreibt, können wir trotzdem einen Duplicate Key Error bekommen:\nroot@localhost [kris]\u0026gt; insert into a (id,d,e) values (7,11,12) on duplicate key update d=5, e=199; ERROR 1062 (23000): Duplicate entry \u0026#39;5\u0026#39; for key \u0026#39;d\u0026#39; root@localhost [kris]\u0026gt; insert into a (id,d,e) values (7,11,12) on duplicate key update id=4,d=5,e=198; ERROR 1062 (23000): Duplicate entry \u0026#39;4\u0026#39; for key \u0026#39;PRIMARY\u0026#39; root@localhost [kris]\u0026gt; select * from a; +----+---+-----+ | id | d | e | +----+---+-----+ | 1 | 2 | 3 | | 4 | 5 | 200 | | 7 | 8 | 100 | +----+---+-----+ 3 rows in set (0.01 sec) Ein INSERT ON DUPLICATE KEY UPDATE verhindert also Duplicate Key Errors nicht automatisch.\nEs wird immer zunächst das INSERT-Statement versucht, und nur dann, wenn das INSERT-Statement mit genau einem Duplicate Key Error scheitert wird das UPDATE-Statement ausgeführt. Die Reihenfolge der internen Tests von MySQL spielt dabei eine Rolle.\nSetzen wir zum Beispiel den SQL_MODE auf TRADITIONAL, dann haben wir unter andren auch STRICT_ALL_TABLES und STRICT_TRANS_TABLES. Dadurch haben wir keine stillschweigende Wertanpassung mehr.\nHier die Demo:\nroot@localhost [kris]\u0026gt; set SQL_MODE=TRADITIONAL; Query OK, 0 rows affected (0.00 sec) root@localhost [kris]\u0026gt; select @@sql_mode\\G @@sql_mode: STRICT_TRANS_TABLES,STRICT_ALL_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,TRADITIONAL,NO_AUTO_CREATE_USER 1 row in set (0.00 sec) root@localhost [kris]\u0026gt; update a set e = 300 where id = 7; ERROR 1264 (22003): Out of range value for column \u0026#39;e\u0026#39; at row 1 Soweit so gut. Was ist nun, wenn wir einen Duplicate Key Error provoziere, sodaß INSERT ON DUPLICATE KEY das Update ausführen sollte, zugleich in der INSERT-Phase aber auch einen Out Of Range-Error haben?\nroot@localhost [kris]\u0026gt; insert into a (id,d,e) values (7,10,300) ON DUPLICATE KEY UPDATE e = 197; ERROR 1264 (22003): Out of range value for column \u0026#39;e\u0026#39; at row 1 root@localhost [kris]\u0026gt; select * from a; +----+---+-----+ | id | d | e | +----+---+-----+ | 1 | 2 | 3 | | 4 | 5 | 200 | | 7 | 8 | 100 | +----+---+-----+ 3 rows in set (0.00 sec) Eigentlich hätte unser Statement funktionieren können: Wenn MySQL erst die Duplicate Key-Violation prüfen würde, um dann zu entscheiden, daß es in den UPDATE-Fall des Statements gehen müßte, dann wäre unser Statement durchgekommen und id=7 hätte nun e=197. Das e=300 im INSERT-Zweig hätten wir nie gesehen - kein Fehler.\nAber MySQL versucht tatsächlich das INSERT durchzuführen, scheitert auf halben Weg, aber eben NICHT mit einem Duplicate Key Error, sondern einem Out Of Range Error, und bricht daher das Insert ab, statt in den Update-Zweig überzugehen. Es werden also nur Duplicate Key Error im Insert-Fall gefangen, nichts sonst, und es werden alle Prüfungen für das INSERT durchgeführt und das INSERT tatsächlich ausgeführt, solange bis es scheitert - und zwar mit dem richtigen Fehler.\nDaher auch \u0026lsquo;2 rows affected\u0026rsquo; - wir machen das INSERT, das schlägt fehl, dann machen wir das UPDATE auf derselben Row noch mal.\nUnd schließlich ist INSERT ON DUPLICATE KEY auch noch eine bombige Gelegenheit, sich mit naiven Triggern in die Nesseln zu setzen. Bauen wir uns einmal eine Demo mit einer Logtabelle und allen 6 Triggern für das Debugging:\nroot@localhost [kris]\u0026gt; delimiter // root@localhost [kris]\u0026gt; create table log ( id serial, t text ) engine = innodb;// root@localhost [kris]\u0026gt; create trigger bi_a before insert on a for each row insert into log values (NULL, \u0026#39;before insert\u0026#39;);// Query OK, 0 rows affected (0.35 sec) root@localhost [kris]\u0026gt; create trigger ai_a after insert on a for each row insert into log values (NULL, \u0026#39;after insert\u0026#39;);// Query OK, 0 rows affected (0.30 sec) root@localhost [kris]\u0026gt; create trigger bu_a before update on a for each row insert into log values (NULL, \u0026#39;before update\u0026#39;);// Query OK, 0 rows affected (0.20 sec) root@localhost [kris]\u0026gt; create trigger au_a after update on a for each row insert into log values (NULL, \u0026#39;after update\u0026#39;);// Query OK, 0 rows affected (0.18 sec) root@localhost [kris]\u0026gt; create trigger bd_a before delete on a for each row insert into log values (NULL, \u0026#39;before delete\u0026#39;);// Query OK, 0 rows affected (0.11 sec) root@localhost [kris]\u0026gt; create trigger ad_a after delete on a for each row insert into log values (NULL, \u0026#39;after delete\u0026#39;);// Query OK, 0 rows affected (0.22 sec) root@localhost [kris]\u0026gt; delimiter ; root@localhost [kris]\u0026gt; select * from a; +----+---+-----+ | id | d | e | +----+---+-----+ | 1 | 2 | 3 | | 4 | 5 | 200 | | 7 | 8 | 100 | +----+---+-----+ 3 rows in set (0.00 sec) Das kann man nun sehr elegant explodieren lassen, indem man einmal den UPDATE-Zweig eines INSERT ON DUPLICATE KEY-Update ausführen läßt. Man bekommt dies:\nroot@localhost [kris]\u0026gt; insert into a (id,d,e) values (7,12,13) on duplicate key update e = 190; Query OK, 2 rows affected (0.39 sec) root@localhost [kris]\u0026gt; select * from a; +----+---+-----+ | id | d | e | +----+---+-----+ | 1 | 2 | 3 | | 4 | 5 | 200 | | 7 | 8 | 190 | +----+---+-----+ 3 rows in set (0.00 sec) root@localhost [kris]\u0026gt; select * from log; +----+---------------+ | id | t | +----+---------------+ | 1 | before insert | | 2 | before update | | 3 | after update | +----+---------------+ 3 rows in set (0.00 sec) Wie man erkennen kann, ist der \u0026lsquo;before insert\u0026rsquo;-Trigger einmal ausgeführt worden, dann sind wir in den Update-Fall eingetreten und dort sind der \u0026lsquo;before update\u0026rsquo; und der \u0026lsquo;after update\u0026rsquo;-Trigger gelaufen. Der \u0026lsquo;after insert\u0026rsquo;-Trigger ist nie gelaufen.\nWir haben also eine ungerade, asymmetrische Trigger-Aktivierung und wir haben zwei verschiedene Before-Trigger aktiviert.\nHat man Code mit relativen Updates, etwa der Form \u0026lsquo;update konto set geld = geld - old.betrag\u0026rsquo; in einem \u0026lsquo;before insert\u0026rsquo; und einem \u0026lsquo;before update\u0026rsquo;-Trigger, dann hat man also zweimal abgebucht, aber nur einmal aufgebucht. Die Zähler geraten durcheinander. Man muß bei der Konstruktion von Triggern also besondere Vorsicht walten lassen und diesen Fall berücksichtigen.\nDas gilt im übrigen auch für das Partnerstatement von INSERT ON DUPLICATE KEY UPDATE, also für INSERT IGNORE:\nroot@localhost [kris]\u0026gt; delete from log; Query OK, 3 rows affected (0.33 sec) root@localhost [kris]\u0026gt; insert ignore into a (id,d,e) values (7,10,11); Query OK, 0 rows affected (0.00 sec) root@localhost [kris]\u0026gt; select * from log; +----+---------------+ | id | t | +----+---------------+ | 6 | before insert | +----+---------------+ 1 row in set (0.00 sec) Auch hier sehen wir eine ungerade Anzahl von Triggern, ein \u0026lsquo;before insert\u0026rsquo; ohne \u0026lsquo;after insert\u0026rsquo;.\n","date":"2010-03-09T00:00:00Z","href":"https://blog.koehntopp.info/2010/03/09/insert-on-duplicate-key-update.html","tags":["mysql","lang_de"],"title":"INSERT  ON DUPLICATE KEY UPDATE"},{"categories":null,"content":"Die inhaltliche Debatte um Aaron Koenig ist ein wenig abgeklungen, und auch der Berliner Landesparteitag der Piratenpartei ist durch, sodaß ich einmal die Gedanken zu Blog bringen kann, an denen ich im Rahmen der Debatte immer wieder hängen geblieben bin, obwohl sie mit den Inhalten primär nur am Rande zu tun haben.\nDa ist zum Beispiel das seltsame Verhältnis der Piraten zur Identität, speziell zur Wahl und zum Gebrauch von Namen. Wenn man sich einmal die Benutzernamen im Wiki der Piratenpartei anschaut, oder in einem beliebigen Forum , dann findet man da eine bunte Mischung von Nicknames und auf den Benutzerseiten dann in der Regel keinen Hinweis auf eine reale Person, eine Homepage oder ein Profil mit echten Inhalten in einem Social Network Dingens.\nAndererseits ist da Aaron Koenig, von dem jemand herausgefinden haben will, daß in seinem Personalausweis Stefan Koenig stehe, und quer durch die Blogs geht eine Reihe von Stefan \u0026ldquo;Aaron\u0026rdquo; Koenig-Artikeln komplett mit Anführungszeichen.\nDas ist eine ans trollende grenzende Schizophrenie, die sich mir komplett nicht erschließt.\nAlso, da ist einmal das Namensrecht in Deutschland , das in der Konstruktion schon mal kaputt ist: \u0026ldquo;Im derzeit geltenden Namensrecht gilt der Grundsatz der Unabänderlichkeit des Namens. Der Name darf nicht eigenmächtig und willkürlich geändert werden.\u0026rdquo; Dafür gibt es in einer modernen Verwaltung keinen Grund, und in der Tat ist das eine deutsche Besonderheit, die in anderen Rechtsordnungen so nicht umgesetzt ist - und dabei kommt man dort sogar obendrein noch ohne einen Personalausweis aus (siehe auch die Katze zu diesem Thema).\nAuch den Piraten ist die englische Idee von Identität näher als die Deutsche - Anonymität ist ihnen wichtig.\nSo wichtig, daß es zum Teil bis in das Absurde geht, wenn mir etwa gesagt wird, daß jemand eine Petition, die ihm wichtig ist, nicht unterzeichnen möchte, weil dann sein Name mit dieser politischen Sache in Verbindung gebracht werden kann. Nun ist es in der Tat so, daß das Wahlgeheimnis weiter reicht als so mancher annimmt, aber es ist auch so, daß man kaum Politik machen kann, ohne dabei als Person in das Licht der Öffentlichkeit zu treten. Man wird damit ab einem bestimmten Punkt nun einmal zu einer Person der Zeitgeschichte und der rechtliche Status, unter dem man agiert, verändert sich.\nDas ändert aber nichts an der Feststellung, daß zur informationellen Selbstbestimmung im Sinne der Piraten auch die freie Wahl des eigenen Namens gehört und daß die ganzen süffisanten \u0026ldquo;Anführungszeichen-Aaron\u0026rdquo;-Kommentare unpiratig und fehl am Platze sind.\nEs ändert andererseits auch nichts an der Feststellung, daß ich trotz meiner zwei Dekaden Onlineerfahrung so meine Probleme habe, mit einem \u0026ldquo;Horst Acker\u0026rdquo; oder einem \u0026ldquo;Phil Antrop\u0026rdquo; über Politik oder politische Personen zu reden. Politik sollte mit offenem Visier gemacht werden, denn es geht um Menschen und für was sie stehen. Anders ausgedrückt: Ich habe einen Wunsch nach Verkettbarkeit weil ich, wenn es um Politik geht, einen Wunsch nach Reputation habe. Ich will wissen, was ich erwarten kann, wenn ich dieser Person vertraue. Denn in der Politik spielt Vergangenheit und der Umgang mit ihr nun einmal eine wichtige Rolle. Man kann nicht anonym und politisch aktiv sein, weil man nicht anonym Verantwortung übernehmen kann.\nMein Rat an Mitpiraten, die eine über den Forenstammtisch hinausgehende politische Rolle einnehmen wollen?\nWählt einen Namen, unter dem ihr eine Marke aufbauen wollt. Das ist wahrscheinlich der Name, der in Eurem Personalausweis steht - schaut Euch padeluun bei Markus Lanz an und wie schwer selbst dieser in meinen Kreisen recht etablierte Markenname \u0026ldquo;padeluun\u0026rdquo; dem Moderator über die Lippen geht.\nWelchen Namen Ihr auch wählt: sorgt dafür, daß diese Marke Kontur bekommt und Leute vertrauen dazu fassen können, damit sie wissen, wofür ihr steht.\nUnd sorgt dafür, daß Ihr Euch mit Inhalten auseinander setzt und nicht den Namen von Personen, egal ob selbstgewählt oder von den Eltern ausgesucht.\nOh, und wenn Ihr Kinder bekommt: Da wir nun einmal das deutsche Namensrecht haben, solltet Ihr Euer Kind mit einem Vorrat an Namen ausstatten, damit es später einen zum Anlaß passenden Namen im Vorrat hat.\nUnd vielleicht macht Ihr Euch auch für ein liberaleres Namensrecht in Deutschland stark. Das geht aber nur, wenn ihr Herrn Koenig den Aaron laßt, sonst werdet ihr unglaubwürdig.\n","date":"2010-03-07T00:00:00Z","href":"https://blog.koehntopp.info/2010/03/07/das-gespaltene-piratische-verh-ltnis-zur-identit-t.html","tags":["identity","piraten","lang_de"],"title":"Das gespaltene piratische Verhältnis zur Identität"},{"categories":null,"content":" Torrent vs. DVD\nDie Grafik da rechts zeigt sehr schön den Unterschied im Medienerlebnis auf, das Torrent-Benutzer gegenüber dem Käufer einer DVD haben. Das haben die meisten Leute auch verstanden. Diejenigen, die es nicht verstanden haben -\nMicrosoft Yahoo! Fictionwise Migros Netflix Ubisoft sind nur ein paar Beispiele - gehen nacheinander vom Markt und lehren ihre jeweiligen Kunden.\nDas Resultat?\nNachfrageschwäche bei Downloadfilmen - nicht wegen \u0026lsquo;illegaler Downloads\u0026rsquo;, sondern wegen DRM:\nDer Markt hat sich einfach abgekühlt\u0026hellip; Das wurde nicht von ökonomischen Faktoren ausgelöst. Es gibt einfach kein großes Interesse an digitalen Downloads.\u0026quot; Schuld seien die vielfältigen Restriktionen durch Digital Rights Management auf den unterschiedlichen Plattformen. \u0026ldquo;Der Markt ist durch seine Beschränkungen gekennzeichnet\u0026rdquo;, so Amel. Alles drehe sich darum, was die Zuschauer nicht tun können, statt darum, welche Möglichkeiten die Anbieter ihnen geben.\nUnd so hat die Film-, die Musik- und nun auch die Buchindustrie in den letzten 10 Jahren hart daran gearbeitet, ihre jeweiligen Kunden auszubilden, ihnen nicht zu trauen und sich stattdessen selbst zu versorgen. Selbst hartnäckige Kunden haben inzwischen verstanden.\nInternationaler Tag gegen DRM am 4. Mai 2010 ","date":"2010-03-07T00:00:00Z","href":"https://blog.koehntopp.info/2010/03/07/die-leute-sind-nicht-dumm-genug-f-r-drm.html","tags":["copyright","media","lang_de"],"title":"Die Leute sind nicht dumm genug für DRM..."},{"categories":null,"content":"Seitdem ich für Geld andere Leute glücklich mache bin ich immer wieder einige Jahre auf der Walz gewesen, und habe mich als Angehöriger des fahrendes Volkes als Projektkraft bei wechselden Auftraggebern verdingt, um danach wieder einige Jahre fest in einem Laden angestellt ein wenig seßhafter zu werden, Kraft zu tanken und das Gelernte zu verarbeiten. Eine der Sachen, die ich mich dabei immer wieder fasziniert haben sind die unterschiedlichen Arbeitsstile der verschiedenen europäischen Kulturen.\nVielleicht ist meine Sample-Größe zu klein, vielleicht ist meine Auswahl von anderen Faktoren beeinflußt, aber ich bin zu der festen Überzeugung gelangt, daß zum Beispiel britische Firmenkulturen durch einen gemeinsamen Feind, eine gemeinsame Zumutung zusammengehalten werden.\nIn jeder britischen Firma, in der ich jemals gewesen bin, gab es einen Umstand, der vollkommen unerträglich war und den jeder, der dort gearbeitet hat, auf das Blut gehaßt hat. In einer Firma zum Beispiel war es ein Ansagensystem, das den Leuten circa einmal pro Stunde durch eine für den weitaus größten Teil der Mitarbeiter nutzlose Ansagen jeden sinnvollen Gedanken aus dem Hirn geblasen hat, Meetings unterbrochen und Redeflüsse gestört.\nIn einer anderen Firma befand man sich in einem Gebäude, das seit mindestens 2 Jahren im Zustand der Renovierung und des Umbaues befindlich war, Stockwerk für Stockwerk. In einer dritten Firma befand man sich in einem viktorianischen Stadthaus in einem der feinsten Viertel von London, aber mußte in den Tiefpaterre-Räumen des Dienstbotentraktes zusammengepfercht arbeiten - und vierteltypisch einige Meilen weit gehen oder fahren, um ein Mittagessen oder auch nur eine Flasche Kakao in einem Cornershop kaufen zu können.\nAber niemand hat jemals einen Versuch unternommen, diese Sache zu verbessern oder gar abzustellen. Stattdessen wurde geredet, sich beklagt und gegenseitig bemitleidet. Abhilfe wäre kontraproduktiv gewesen, denn dann hätte man der Gruppe die gemeinsame Identifikation weggenommen, die sie zusammengeschweißt hat.\nBeeindruckt haben mich viele skandinavische Firmen. Auf irgendeine Weise hat man dort einen Weg gefunden, mehr zu schaffen als in vielen anderen Firmen, die ich gesehen habe, und gleichzeitig die Arbeit so zu organisieren, daß niemand davon genervt ist. Zusammenhalt wird dort auf eine andere, wesentlich schmerzfreiere Weise generiert.\nDas fängt schon auf eine subtile Weise am Morgen an:\nIn vielen dieser Firmen stellt der Arbeitgeber ein Frühstücksbuffet. Da es kostenlos ist, essen die meisten Leute nicht daheim, sondern bringen die Kinder in die Schule oder den firmeneigenen Kindergarten und gehen dann in die Kantine zum Essen. Am Buffet säbelt man sich einige Scheiben Brot herunter, greift sich Butter, einen Klecks Marmelade oder eine Scheibe Wurst und einen Pott Kaffee und setzt sich dann gemeinsam mit den Kollegen auf eine Bank. Man erzählt sich von gestern abend, von den Kindern oder dem Theaterbesuch, oder daß man Segeln gewesen ist. Langsam, aber fast von selbst driftet das Gespräch zum heutigen Tag und was passieren wird - wer was ausprobieren wird, was fehlt, und was von einem selbst erwartet wird, damit die anderen Mitglieder des Teams weiter arbeiten können.\nDer Übergang ist subtil, aber automatisch und er findet jeden Morgen statt. Nach dem Frühstück sind irgendwie alle gebriefed und haben im Kopf eine Liste von Dingen, die an diesem Vormittag weggehauen werden müssen, damit es voran geht. Natürlich trifft man sich zum Mittagessen wieder, und tauscht dort Ergebnisse aus, verabredet sich zu Besprechungen oder Präsentationen und plant so gemeinsam beim Essen den Nachmittag.\nAber auch das Arbeiten in Gruppen ist dort anders, auf eine sehr angenehme Weise. Ein Freund von mir aus Deutschland, Olaf Schlüter, hat vor vielen Jahren einmal den Spruch geprägt: \u0026ldquo;Team ist, wenn von sechs Leuten zwei Arbeiten. Wenn das immer andere Zwei sind, dann funktioniert das Team.\u0026rdquo; Das ist, auf eine Weise, präzise die Beschreibung dieser Arbeitsweise.\nTypischerweise haben wir dort zu sechs Personen, plus/minus ein paar, zusammengesessen. Zwei haben rumgekaspert - würde man es formalisieren, würde man es als Brainstorming bezeichnen. Zwei andere haben Dinge vorbereitet - würde man es formalisieren, wäre es Pair Programming oder eine Verallgemeinerung davon. Und zwei weitere haben etwas vorgeführt, umgesetzt oder sonstwie etwas getan, das ein klassischer Beobachter \u0026ldquo;arbeiten\u0026rdquo; nennen würde. Nach einer Weile durchmischt sich das, alle tauschen die Plätze, reden miteinander und die Gruppe konfiguriert sich um, und dann geht es in neuer Zusammenstellung weiter.\nDabei kommt es zu einem Effekt, den ich in Deutschland nahezu niemals beobachten kann - außerhalb gewisser Geek- und Hackerzirkel jedenfalls. Und das ist die Tatsache, daß man an Gesicht und Ansehen gewinnen kann, wenn man in einer Diskussion seinen Fehler erkennt und sich dem Standpunkt seines Gegenredners anschließt oder diesen übernimmt.\nDas ist den meisten deutschen Firmenkulturen so entgegengesetzt, daß ich überhaupt nicht mitbekommen habe was da passiert, als ich so einen Positionswechsel das erste Mal beobachtet habe. Jemand, der Teamleiter gar, obwohl das in diesen Gruppen kaum eine Rolle spielt, präsentierte seinen Vorschlag an der Tafel und brachte dabei einige Abschätzungen hinsichtlich Speicherplatz, Rechenaufwand und Kosten. Jemand anders aus der Gruppe blickte von seinem Zettel auf, auf dem er einige Zahlen hingeschmiert hatte, und meinte nur \u0026ldquo;That\u0026rsquo;s all wrong.\u0026rdquo; Er stand auf, griff sich den Filzstift und skizzierte seinen Plan gleich neben dem anderen. \u0026ldquo;If you do it like this, and this, then you can do it in less than half the time, and with only a fraction of the storage.\u0026rdquo; Der Chef stutzte kurz, dachte nach und entschloß sich dann, seine eigene Idee zu verwerfen und die seines Mitarbeiters zu übernehmen. \u0026ldquo;You are completely right. This is much better. We will be doing it your way.\u0026rdquo; Anerkennendes Nicken in der ganzen Runde, und ein Gesichtsgewinn für beide im ganzen Team.\nDas alles führt zu einer Arbeitsweise, die ich als sehr entspannend empfinde: Obwohl man echt viel Arbeit wegschafft, hat kaum jemand mal Streß. Die meisten Fragen und Termine werden im Vorübergehen beim Frühstück oder Mittagessen geklärt, und beim Arbeiten spielt man sich die Bälle zu. Die Kultur ist so eingerichtet, daß Kooperation belohnt wird, und Ansehen basiert nicht darauf, ob man sich durchsetzt, sondern ob man die Gruppe voran bringt.\nDas ist zugleich die Arbeitsweise und Einstellung, die der deutschen Politik so vollkommen fehlt.\nEs täte diesem Land echt gut, hätte man in der Koalition den Expertenmeinungen von Techniker- und Juristenseite Gehör geschenkt, als es um die Konstruktion des Zugangserschwerungsgesetzes ging, oder früher noch, als es darum ging, die Stoßrichtung der Agenda auf diesem Gebiet überhaupt festzulegen. Es hat eine klar artikulierte und durchstrukturierte Kritik an der Idee des Zugangserschwerungsgesetzes selbst gegeben - Löschen statt Sperren (und nicht etwa Löschen vor Sperren), Konstruktion internationaler Zusammenarbeit (die noch dazu für andere Delikte nutzbringend einsetzbar gewesen wäre) und Vermeidung eines sinn- und wirkungslosen Grundrechtseingriffes.\nStattdessen hat man im Wahlkampfwahn den eigenen Irrweg zementiert. Man tat das in dem Glauben, daß deutsche Kultur Durchsetzungskraft an sich mehr belohnt als Korrektheit oder Brauchbarkeit der Lösung.\nGesichtsgewinn durch Übernehmen und Aufgreifen der besseren Idee, das ist das große Defizit der akuellen politischen Kultur in unserem Land. Das ist es wirklich: die Äußerungen in der Debatte im Petitionsausschuß und zum Aufhebungsgesetz - ja, Frau Bär, auch und gerade sie sind gemeint! - zeigen, daß man immer noch der Meinung ist, einen politisch Gewinn bringenden Kurs zu verfolgen, oder vermeintlich Frau von der Leyen schützen zu müssen, indem man an dem von ihr initiierten Irrwegen weiter festhält.\nEs ist zugleich die Hoffnung, die die Piraten in der deutschen Politik darstellen. Denn einer der Kernpunkte des piratischen Denkens, der mir das Herz aufgehen läßt, ist die Konzentration auf die Sachpolitik. Es ist die Fähigkeit, das Bessere anerkennen zu können und ihm dadurch den Weg zu bereiten, daß man sich selbst beiseite nimmt und hinter die bessere Idee stellt. Selbst dann, wenn es nicht die eigene war.\n","date":"2010-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2010/02/28/kulturelles-defizit.html","tags":["work","piraten","politik","reisen","lang_de"],"title":"Kulturelles Defizit"},{"categories":null,"content":" Eigentlich war es ja als Witz gedacht, aber die Mediendinosaurier nehmen so etwas schon mal ernst.\nSchreibt der Inquirer :\nA MAFIAA CABAL called the International Intellectual Property Alliance, which is an umbrella group for the entertainment cartels such as the MPAA and RIAA, has demanded that Indonesia, Brazil and India should be placed on a special trade watchlist merely because they recommend the use of open source software.\nund derGuardian :\nIt turns out that the International Intellectual Property Alliance, an umbrella group for organisations including the MPAA and RIAA, has requested with the US Trade Representative to consider countries like Indonesia, Brazil and India for its \u0026ldquo;Special 301 watchlist\u0026rdquo; because they use open source software…. But the IIPA suggested that Indonesia deserves Special 301 status because encouraging (not forcing) such takeup \u0026ldquo;weakens the software industry\u0026rdquo; and \u0026ldquo;fails to build respect for intellectual property rights\u0026rdquo;.\nRight.\n","date":"2010-02-25T00:00:00Z","href":"https://blog.koehntopp.info/2010/02/25/downloading-communism.html","tags":["copyright","free software","politik","lang_de"],"title":"Downloading communism..."},{"categories":null,"content":"Es gibt in Deutschland ein Grundrecht, die Meinungsfreiheit . Es ist ein Recht, das einem Menschen etwas erlaubt, nämlich die freie Rede sowie die freie Äußerung und öffentliche Verbreitung einer Meinung in Wort, Schrift und Bild sowie allen weiteren verfügbaren Übertragungsmitteln.\nEs ist in Deutschland unseligerweise anders als in den USA ein Recht mit einer Schrankenbestimmung, und in der Schrankenbestimmung sind neben anderen Dingen explizit die \u0026ldquo;gesetzlichen Bestimmungen zum Schutze der Jugend\u0026rdquo; genannt. Das ist nebenbei bemerkt einer von mehreren Gründen, warum in Deutschland immer wieder Jugendschutzargumente zur Rechtfertigung von Internet-Regulierung herhalten müssen.\nDas Gegenstück zur Meinungsfreiheit, dem \u0026ldquo;Recht zu Senden\u0026rdquo;, ist die Informations- oder Rezipientenfreiheit , das \u0026ldquo;Recht zu Empfangen\u0026rdquo;, d.h. sich aus allgemein zugänglichen Quellen ungehindert zu informieren. Auch sie ist in Deutschland durch Schrankenbestimmungen einschränkbar, unter anderem wieder durch den Jugendschutz.\nEin drittes Grundrecht, das uns heute beschäftigen soll, ist der in Deutschland irreführend benannte Datenschutz , der im englischen Sprachraum unter dem besseren Begriff Privacy (\u0026lsquo;The Right To Be Left Alone\u0026rsquo;) gefaßt wird, während das deutsche \u0026ldquo;Privatsphäre\u0026rdquo; im Kontext dieser Diskussionen weniger gebräuchlich ist.\nDas zugehörige Grundrecht ist das Grundrecht auf informationelle Selbstbestimmung . Es ist ein spannendes Grundrecht, weil es ein abgeleitetes Grundrecht ist, das nicht ausdrücklich im Grundgesetz aufgeführt ist. Im Recht finden wir es entsprechend auch erst seit 1983 als Folge des Volkszählungsurteils .\nDas Verfassungsgericht hat 2008 dann im Rahmen der Diskussion um den Bundestrojaner ein weiteres, verwandtes Grundrecht abgeleitet, das katastrophal umständlich bezeichnete Grundrecht auf Gewährleistung der Vertraulichkeit und Integrität informationstechnischer Systeme , und es leitet sich aus dem Fernmeldegeheimnis und dem Recht auf Unverletzlichkeit der Wohnung her.\nDiese beiden Weiterentwicklungen des Rechts - von Grundrechten sogar! - sind nur Eckpunkte. Hinter ihnen steht ein Rechtsempfinden um eine aktuelle gesellschaftliche Diskussion, die derzeit nicht explizit und grundsätzlich geführt wird, sondern bei der wir als Gesellschaft im Moment nur die Grenzfälle und Überschneidungen mit anderen Dingen erforschen.\nWie das Internet Mittler eliminiert Früher, vor dem Internet, haben wir unsere Grundrechte auf Meinungs- und Informationsfreiheit kaum direkt und alleine ausüben können. Okay, wir haben uns auf einen Platz stellen können und dort auf eine Kiste steigen können, oder in der Menge zu Füßen des Redners stehen und ihm zuhören können. Aber das setzt der Reichweite des Einzelnen recht enge Grenzen.\nWann immer wir eine größere Menge Menschen erreichen wollten, mußten wir publizieren und dabei haben wir auf das direkte Engagement von vielen Personen zurückgreifen müssen, die an der Publikation beteiligt waren: Neben dem Autor, dem Sender, waren immer auch ein Verleger, ein Lektor, ein Setzer, ein Drucker, ein Distributor, ein Händler und schließlich der Käufer des Buches involviert, bis es schließlich einem Leser vorlag. Das war eine lange Pipeline von Menschen, die an dem Erscheinen dieses speziellen, einzelnen Buches beteiligt waren, und die natürlich auch eine gewisse soziale Kontrollfunktion ausgeübt haben - entweder direkt, indem sie auf den Autor einwirkten oder indirekt durch wirtschaftliche Zwänge.\nZeitungen verkürzen das etwas: Der Betrieb zur Veröffentlichung einer Zeitung ist jenseits der Textredaktion viel mehr auf die Veröffentlichung im Allgemeinen ausgerichtet - eine Publikationsinfrastruktur, die nicht auf das Erscheinen eines konkreten Textes hinarbeitet. Zeitungen üben für einen bestimmten Kreis - Journalisten - eine viel geringere Kontrolle aus als das etwa bei der Veröffentlichung eines Buches der Fall wäre. Die Transaktionskosten für eine einzelne Publikation sind für einen Journalisten viel geringer als für einen Buchautor.\nFlugblätter wie sie etwa in der Mensa einer Universität seit Erfindung des Fotokopierers, des Laserdruckers und des DTP-Programmes massenhaft verteilt werden, stellen auf eine Weise einen Endpunkt dieser Entwicklung des Mediums Papier dar. Die Anzahl der Personen, die in die Publikation eines einzelnen solchen Flugblattes involviert sind, ist für das Medium Papier minimal. Eine einzelne Person, der Sender, kann die Publikation schreiben, durchsehen, layouten, drucken und vervielfältigen und auch verteilen. Die Rezipienten, die Leser in der Mensa, werden nahezu direkt erreicht - allerdings ist die Reichweite räumlich und durch die Auflage recht beschränkt. Mittler jedoch fehlen - all diese Kontrollinstanzen, die auf Publikation und Verbreitung eines bestimmten Buches direkt einwirken können.\nMöglicherweise existieren immer noch Helfer, die an der Produktion des Flugblattes beteiligt sind - etwa der Betreiber des Copyshops auf dem Campus - aber sie haben keine besondere Mitwirkung an der Gestaltung und Verbreitung dieses individuellen Flugblattes. Sie betreiben stattdessen eine Infrastruktur, die allgemein eine Dienstleistung zur Verfügung stellt, ohne am Zustandekommen der individuellen Kommuikation zwischen Verfasser und Leser beteiligt zu sein und sie kontrollieren zu können.\nDas Internet trägt dies noch einen Schritt weiter: Es senkt die Transaktionskosten zur Publikation noch weiter, es erhöht die Reichtweite, es organisiert und kategorisiert automatisch und es bringt räumlich entfernte, aber in den Interessen nahe Leute miteinander in Kontakt. Die Transaktionskosten sinken - Blogs stellen ein vorgefertigtes Format und vorgefertigte Software zur Publikation zur Verfügung, RSS ist ein Mechanismus zur automatischen Distribution, Aggregatoren sind ein Mechanismus zur Organisation und Kategorisierung von Kommunikation.\nDadurch kann sich jeder nicht nur ohne technisches Wissen und ohne Kosten für die Veröffentlichung eines spezifischen Textes eine Plattform schaffen und auch Leute finden, die sich für seine speziellen Themen interessieren. Es existieren Grundkosten für den Zugang zum Medium, aber die Kosten für die individuelle Kommunikation sind Null und nur noch in aufgewendeter Zeit - Aufmerksamkeit - beim Sender und Empfänger zu messen.\nEchtzeitmedien wie Twitter, Facebook-Kommunikation und Buzz machen dies noch leichter - Publikation ist jetzt casual und mit GPS Location Updates wie in Latitude plus Buzz auf Mobiltelefonen sogar automatisch. Das Finden von Interessierten ist durch das Follower-Prinzip und die Idee der schwachen Bindungen ebenfalls noch einmal erleichtert und ebenfalls casual, nebenbei, mal eben so.\nIn einer Weise kann man behaupten, daß sowohl Sender als auch Empfänger in einer solchen Kommunikation nicht mehr als volle Personen zählen, da sie ihren Anteil an der Kommunikation nebenbei erbringen. Wir haben also eine Kommunikationspipeline mit einer Länge, die kleiner ist als zwei Personen. Der Rest der Kommunikation ist so automatisiert, daß wir das Auffinden von Kommunikationspartnern, das Generieren mancher Meldungen oder die Auswertung dieser Meldungen einer technischen Infrastruktur überlassen.\nNoch einen Schritt weiter gehen Peer-to-Peer Netzwerke. Für die Übertragung einer einzelnen, sehr großen Datei finden sich Maschinen zusammen in einer Gruppe. Sie finden sich über Magnet-Links automatisch, ohne daß ein Tracker zur Kommunikationskoordination oder als zentrale Datenquelle notwendig wäre. Wenn eine Maschine Daten hat, an der eine andere Maschine interessiert ist, dann stellt sie diese zur Verfügung. Wenn eine Maschine Daten vermißt, die zur Komplettierung der Datei notwendig sind, dann sucht sie einen Partner, der den gesuchten Dateiteil hat. Die Dateiübertragung erfolgt dabei weder auf Sender- noch auf Empfängerseite eins-zu-eins, sondern die Datei wird an viele Empfänger gesendet, aber kein Empfänger enthält die gesamte Datei von einem Sender, sondern aus vielen Quellen.\nWir haben hier eine reine Maschine-zu-Maschine Kommunikation und eine Pipeline zur Publikation mit einer Länge von Null. Menschen sind am Zustandekommen einer einzelnen individuellen Kommunikation nicht mehr involviert - es gibt noch Infrastruktur, aber diese stellt nur allgemeine Dienstleistungen zur Verfügung, die keiner einzelnen Kommunikation mehr zurechenbar sind.\nDabei wird nicht nur die direkte Strecke zwischen einem Sender und einem Empfänger verkürzt. Stattdessen ergibt sich einer der Hauptnutzen des Netzes aus der Tatsache, daß auch die Vernetzung einer Publikation teilweise oder ganz automatisiert wird. Unter der Vernetzung einer Publikation verstehe ich dabei einmal, daß Sender und Empfänger einer Kommunikation einander finden können, daß man also die richtigen Leute erreicht. Zum anderen, daß die Kommunikation mit anderen, unter bestimmten Aspekten verwandten Dokumenten vorwärts und rückwärts verknüpft wird. Das Internet verknüpft also Leute mit Leuten - über starke und schwache Bindungen von sozialen Netzen. Es verknüpft Leute mit Dokumenten, über Suchen, Klassifizierungen, Feeds und Subscriptions. Und es verknüpft Dokumente mit Dokumenten, über Links und Trackbacks, Threads, in Suchmaschinen geworfene Zitate, Tags oder Klickzähler und Gewichtungen.\nDer Effekt ist, daß populäre Dokumente und Meinungen populärer werden und mehr Verbreitung erfahren, daß populäre Personen populärer werden und mehr Reichweite bekommen und daß so Kommunikation und Diskurs auf eine Weise ermöglicht wird die vorher nicht existiert hat, weil Transaktionskosten für eine individuelle Publikation, aber auch Transaktionskosten für Vernetzung und Organisation vor dem Hintergrund der allgemeinen Infrastrukturkosten vernachlässigbar klein sind.\nDas Internet ist, selbst wenn wir für das Netz bezahlen, eine Kommunikations-Flatrate. Längen von Publikations- und Suchketten verkürzen sich und können für bestimmte Kommunikationsaufgaben sogar gegen Null gehen. In der Regel sind die Kettenlängen nicht länger als zwei, das bedeutet, am Zustandekommen einer einzelnen individuellen Kommunikation sind nur der Sender und der Empfänger beteiligt - Mittler sind nicht mehr involviert.\nDer Konflikt um die Mittler ist der Konflikt \u0026ldquo;Netzneutralität\u0026rdquo; Wir haben nun einen offenen gesellschaftlichen Konflikt um die Ausübung unserer Meinungs- und Informationsfreiheit im Internet. Der Konflikt ergibt sich aus dem Wegfall von Mittlern bei der Produktion, Verbreitung und Vernetzung von Personen und Dokumenten. Denn bisher hat jede Form von gesellschaftlier Regulierung von Diskursen und Kommunikation immer an den Mittlern statt an den Sendern und Empfängern angesetzt.\nNach Auffassung derer, die das Internet tatsächlich verwenden statt nur darüber zu reden ist das beim Internet nicht akzeptabel. Es ist nicht akzeptabel, weil das Internet eine Kommunikationsinfrastruktur ist und ein Internet-Anbieter - sei es ein Zugangsanbieter, ein Dienstbetreiber oder ein Betreiber eines Suchdienstes - nicht am Zustandekommen einer individuellen Kommunikation beteiligt ist. Wenn er versucht, auf eine individuelle Kommunikation einzuwirken - sie zu sperren, zu modifizieren oder umzuleiten - dann richtet er für das Netz und die das Netz betreibende Gemeinschaft als Gesamtheit mehr Schaden als Nutzen an. Wir wissen und erfassen das instinktiv, und darum sind wir dagegen. Das ist genau die Debatte um Netzneutralität , die in den USA vor einem kommerziellen Hintergrund geführt wird. In Deutschland wird sie eigenartigerweise vor dem Hintergrund des Jugendschutzes geführt\u0026hellip;\nDieses aus der Erfahrung der Netznutzung gewonnene Wissen um den Wert der unbeeinflußten neutralen Kommunikation ist es, das 134.000 Personen bewogen hat, die Petition gegen das Zugangserschwerungsgesetz zu unterzeichnen und gegen Spielereien am DNS oder gar providerseitige Eingriffe in einzelne Kommunikation mittels Deep Packet Inspection zu sein. Dabei ist es eigentlich unwichtig ob es in Deutschland um Kinderpornographie geht oder auf EU-Ebene um Werbeeinspeisungen .\nEs geht darum, die Finger aus der Kommunikationsinfrastruktur heraus zu lassen. Wenn Infrastruktur sich stattdessen plötzlich für individuelle Transaktionen auf dem Substrat dieser Infrastruktur interessiert und sie manipuliert - ganz egal aus welchem Grund auch immer - dann ist sie keine Infrastruktur mehr, sondern eine dritte Partei. Dann gehen Transaktionskosten in die Höhe und der Nutzen der vernachlässigbaren Kosten geht verloren - kostenlos wird teurer .\nDas Problem ist, daß die Idee der Regulierung von Kommunikation und gesellschaftlichem Diskurs tief in den Institutionen unserer Gesellschaft verankert ist. Die Zensursula-Debatte ist dabei nur die erste in einer lange Reihe, und die Nächste steht dabei schon auf der Agenda: der Jugendmedienstaatsvertrag ist das zweite Einfallstor. Dort will man Sender, Empfänger und Mittler umfassend kontrollieren - Sender sollen Inhalte markieren, Mittler sollen Inhalte filtern oder für Inhalte von Sendern individuell verantwortlich gemacht werden, und Empfänger sollen Filter installieren.\nDas mag man nun verklausulieren oder an einzelnen Stellen zurück rudern, aber das ist nicht der Punkt.\nDas deutsche BTX ist gescheitert, weil es als Netz zwischen Anbietern und Nutzern getrennt hat - es ist ein sehr großer Aufwand gewesen, Informationen auf der Plattform BTX bereit zu stellen, verglichen mit dem Aufwand einen eigenen Webserver zu betreiben, und erst Recht verglichen mit dem Aufwand ein Blog bei einem Bloganbieter in Betrieb zu nehmen oder gar verglichen mit dem Aufwand, einen Buzz-Stream zu befüttern. Es ist gescheitert, weil die Kosten für eine Mail in BTX gigantisch groß waren, verglichen mit den Kosten einen eigenen Mailserver zu betreiben, und erst recht verglichen mit den Kosten eines Gmail-Accounts oder den Kosten einer Twitter-Nachricht.\nInternet-Regulierung, sei es durch Zensursula, durch fehlgeleiteten Jugendmedienschutz oder durch ACTA, treibt die Transaktionskosten für alle in die Höhe, trennt zwischen Sendern und Empfängern und verhindert casual communication. Sie zerstört das Medium.\nDas ist der Grund warum wir dagegen kämpfen. Müssen. Wir können gar nicht anders.\nWeg mit den Scheindebatten Was wir brauchen, wollen und fordern müssen ist ein neues Grundrecht. Man mag es das Grundrecht auf Netzneutralität nennen, oder das Grundrecht auf mittlerfreie Kommunikation oder das Grundrecht persönliche Interaktion über Kommunikationsnetze.\nEs entsteht aus einer Grundrechtsfusion: Wir haben das Recht zu Senden und das Recht zu Empfangen, das ergibt sich aus der Meinungs- und Rezipientenfreiheit. Wir haben das Recht auf Privatsphäre und das Recht auf Gewährleistung der Vertraulichkeit und Integrität informationstechnischer Systeme. Das sind aber die Eckpunkte eines weiter reichenden Komplexes von zusammengehörenden Dingen, die am Ende das Recht des Menschen darstellen, andere Menschen zu finden und mit Ihnen Kontakt aufzunehmen und mit Ihnen zu kommunizieren ohne daß sich ein Mittler dabei einmischt und diese Kommunikation belauscht, verhindert, verändert, beschränkt oder sonstwie darin eingreft.\nDie Frage ist - haben wir dieses Recht? Bekommen wir es? Können wir es behalten angesichts der verschiedenen Interessengruppen, die gerade daran rumnagen oder gar seine Existenz bestreiten?\nDas ist die Frage, um die herum sich die Piratenpartei-Bewegung eigentlich gegründet hat, an der der AK Zensur eigentlich arbeitet, um die es auf der Seite der Netzbewohner bei der Jugendschutz- und Zensursula-Diskussion eigentlich geht und die dem Prinzip Netzneutralität zugrunde liegt.\nUnd das ist die Debatte, die zu führen ist. Setzen wir sie auf die Agenda!\n","date":"2010-02-23T00:00:00Z","href":"https://blog.koehntopp.info/2010/02/23/grundrechtsfusion-und-ein-grundrecht-auf-netzneutralit-t.html","tags":["internet","netzneutralität","piraten","politik","zensur","lang_de"],"title":"Grundrechtsfusion und ein Grundrecht auf Netzneutralität"},{"categories":null,"content":"Google-Chef im Zeit Online Dialog über Kulturwandel Das ist die netteste Weise jemandem zu sagen, daß er ein Dinosaurier ist und bald aussterben wird, die ich je erlebt habe.\n","date":"2010-02-22T00:00:00Z","href":"https://blog.koehntopp.info/2010/02/22/philipp-schindler-ber-alte-m-nner-mit-kugelschreibern.html","tags":["google","internet","media","mobiltelefon","lang_de"],"title":"Philipp Schindler über alte Männer mit Kugelschreibern"},{"categories":null,"content":"Im Juni letzten Jahres fragte ich \u0026ldquo;Wie viel Strom verbraucht ein Stromzähler? \u0026rdquo;, und dort haben wir auch am Rande Sicherheitsaspekte und Probleme mit solcher Technologie gestreift.\nAndere Leute haben sich in der Zwischenzeit intensiver mit diesen Dingen beschäftigt. Die Ergebnisse sind nicht gut. In Reverse Engineering a Smart Meter baut Nate Lawson mal seinen Stromzähler auseinander: \u0026ldquo;But how vulnerable was I actually?\u0026rdquo;. Das Öffnen des Gehäuses war recht einfach, die vorgefundene Security minimal, und das Lock-Bit auf dem Controller war nicht gesetzt. Ein Firmware-Auslesen ist bereits erfolgt und das ROM harrt nun seiner Interpretation\u0026hellip;\nSchon im Juli letzten Jahres fand CNN heraus: Smart Grid may be vulnerable to hackers (Artikel nur mit JS lesbar und wahrscheinlich DRM verseucht):\nIOActive, a professional security services firm, determined that an attacker with $500 of equipment and materials and a background in electronics and software engineering could \u0026ldquo;take command and control of the [advanced meter infrastructure] allowing for the en masse manipulation of service to homes and businesses.\u0026rdquo;\nDer Artikel von IOActive hat dann mehr Detail:\nDavis\u0026rsquo; research revealed that common attack techniques including buffer overflows, persistent, and non-persistent root kits could be assembled into self-propagating malicious software used to attack smart meters. These vulnerabilities could result in attacks against the Smart Grid, causing utilities to briefly lose system control of their AMI meters and expose them to fraud, extortion attempts, or widespread system interruption.\nNur daß wir hier nicht von ein paar hunderttausend unkritischen PCs reden, sondern von den Geräten, die die Stromzufuhr unserer Haushalte kontrollieren.\nDazu dann vom Januar diesen Jahres mehr wieder bei Nate Lawson: Smart meter crypto flaw worse than thought .\nDie können zum Beispiel keine Crypto, denn:\nTravis Goodspeed has continued finding flaws in TI microcontrollers, branching out from the MSP430 to ZigBee radio chipsets.\nA few days ago, he posted a flaw in the random number generator.\nWhy is this important? Because the MSP430 and ZigBee are found in many wireless sensor systems, including most Smart Meters.\nDer Zufallszahlengenerator, aus dem das Schlüsselmaterial für die Crypto gemacht werden soll, auf denen die Rechnungserstellung basiert, hat nicht nur einen 16 Bit kleinen Entropiepool, sondern außerdem mit nicht zufälligen Startwerten versehen und daher noch leichter vorhersagbar. Dazu ist der Algorithmus, mit dem dann \u0026ldquo;Zufallszahlen\u0026rdquo; generiert werden, nicht kryptografisch sicher, also auch prinzipiell vorhersagbar.\nDas Gerät - eine Serie von TI-Mikrocontrollern die in vielen Embedded Geräten verwendet werden - ist so wie ausgeliefert nicht rettbar.\n","date":"2010-02-22T00:00:00Z","href":"https://blog.koehntopp.info/2010/02/22/smart-meters-revisited.html","tags":["computer","energy","security","lang_de"],"title":"Smart Meters revisited"},{"categories":null,"content":" Nachdem ich neulich meinen Mac in den Service geben mußte, ich für die Zeit einen Ersatz-Mac hatte und ich also zwischen beiden Systemen hin- und her installieren mußte, hier die deutsche Übersetzung einer kleinen Zusammenfassung, die ich für die Firma geschrieben habe.\nOffensichtlich ist es sehr praktisch, dem großen Mac-Gott Time Machine eine Platte zu opfern, weil niemand Backup will und Time Machine sehr gut in Restore ist. In meinem Fall verwende ich eine WD Elements 1TB dafür (etwa 85€), andere in der Firma wollen was kleineres und mit USB Power, nehmen also eine WD Passport (500G @ 92€).\nDiejenigen in der Firma, die ein lokales Linux brauchen, sind mit einem Linux in einer VMware Fusion besser dran als einem Multiboot mit einem nativen Linux. Time Machine alleine reicht schon als Vorteil, und außerdem ist der Wechsel zwischen den Betriebssystemen mit VMware natürlich weniger schmerzhaft als ein Reboot und das Powermanagement vom MacOS ist auch besser als das vom Linux.\nMan kann eine Time Machine Platte bootbar machen. Das erlaubt es einem dann, von der Time Machine Platte zu booten, nachdem man sie angeschlossen hat und den Mac mit gedrückter Option-Taste einschaltet. Im StartupManager kann man dann die Time Machine Platte anwählen und im beginnenden Installationsprozeß statt einer Reinstallation eine Recovery aus der Time Machine Datenbank anwählen. Außerdem hat man Zugriff auf ein Terminal.app und könnte versuchen, den defekten Mac wieder zum Leben zu erwecken.\nDie Platte bekommt man bootbar, indem man Disk Utility startet, die Time Machine Disk anschließt und die erste Installations-DVD ins Laufwerk tut. Die Time Machine Disk in Disk Utility auswählen, den Restore-Tab anklicken, dort die DVD ins Source-Feld und die Time Machine Disk ins Destination Feld, dann Restore drücken. Die Time Machine Disk wird dadurch überschrieben, also bitte sicherstellen, daß da nix wichtiges drauf ist.\nJetzt hat man eine bootbare Platte - nicht umbenennen. DVD auswerfen, Platte unmounten.\nBeim Anschließen oder Mounten der Platte (mit Disk Utility) öffnet sich diese nun automatisch wie es die originale Installations-DVD auch tut. Das nervt. Also müssen wir sie unblessen:\n$ sudo bless --folder \u0026#34;/Volumes/Mac OS X Install DVD/\u0026#34; -saveX Bless steuert normalerweise was von wo warum gebootet wird, kontrolliert aber auch diese Folder Auto-Open.\nIch habe diese Disk nun in den Time Machine Preferences zu meiner Time Machine Backup Disk erklärt. Dadurch bekomme ich einen Backups.backupd-Ordner auf der Platte, der irgendwann einmal die ganze Platte voll machen wird. Das dauert aber, und bis dahin kann ich immerhin noch ein Image der zweiten Installations-DVD auf der Platte als compressed dmg ablegen (mit Disk Utility) und auch alle andere Software, die ich für eine Reinstallation brauche ebenfalls dort unterbringen - Time Machine füllt die Platte und löscht dann alte Backups, tastet aber andere Files außerhalb des Time Machine-Ordners nicht an. Ich habe außerdem einen Ordner mit allen notwendigen Lizenz-Schlüsseln auf der Platte angelegt, der Ort erschien mir günstig für so was.\nSo vorbereitet kostet mich ein kompletter Verlust des Systems weniger als vier Stunden Wartezeit (so lange dauert ein Time Machine Restore maximal, abhängig im wesentlichen von der Anzahl der Dateien, nicht der Größe des Backups) und ich verliere nie mehr als eine Stunde Arbeitszeit (oder wie oft man auch immer Time Machine laufen läßt).\nWeitere nützliche Werkzeuge auf der Kommandozeile sind diskutil, die Kommandozeilen-Version der Mount/Unmount/Eject-Kommandos von Disk Utility, hdiutil, die Kommandozeilenversion der dmg Management Utilities von Disk Utility, und asr, die Kommandozeilenversion der Restore-Funktionen von Disk Utility. Manpages für diese Werkzeuge sind Teil der Systeminstallation. Bless habe ich ja weiter oben schon erwähnt.\nBesonderer Dank gilt Harald Wagener für seine wertvollen Hinweise. Nützlich war auch diese Seite von Mac OS X Hints.\n","date":"2010-02-19T00:00:00Z","href":"https://blog.koehntopp.info/2010/02/19/adventures-in-mac-os-x-maintenance.html","tags":["apple","computer","macos","lang_de"],"title":"Adventures in Mac OS X maintenance"},{"categories":null,"content":"Bundespräsident Horst Köhler hat das Zugangserschwerungsgesetz, vulgo Zensursula-Gesetz, nun doch unterschrieben. Das muß er tun, denn der Bundespräsident hat gemäß Konstruktion unserer Verfassung nicht das Recht eines Vetos gegenüber der Regierung wie das etwa in der Weimarer Republik gewesen wäre.\nDer Spiegel beschreibt das Ergebnis mit dem Absatz\nBundespräsident Horst Köhler hat an diesem Mittwoch mit einer einzigen Unterschrift nicht nur eine, sondern gleich zwei Bundesregierungen blamiert: Die Große Koalition der vergangenen Legislaturperiode, die das nicht nur umstrittene, sondern handwerklich völlig vermurkste \u0026ldquo;Zugangserschwerungsgesetz\u0026rdquo; gegen Kinderpornografie im Netz gemacht hat. Und die jetzige schwarz-gelbe Koalition, die das Gesetz eigentlich gar nicht mehr haben will, nun aber umsetzen muss.\nund faßt die Situation so sehr schön zusammen.\nDie ganze Geschichte dieses Gesetzes ist ein Testament fortdauernden Politikversagens: Erst die fragwürdigen Geheimverträge zwischen Regierung, BKA und Providern, dann die unsägliche Debatte mit dem Regierungs-sträuben gegen jeglichen Rat von Technik- und Verfassungsexperten, das Umfallen im Umfallen der SPD und deren Verkrachen mit ihrem Internet-Rat, die überhastete Verabschiedung des Gesetzes, während die erfolgreichsten Petition aller Zeiten noch lief, und schließlich das durch diese Aktivitäten mit herbeigeführte 2%-Ergebnis der Piratenpartei.\nDie Anhörung ist übrigens am Montag und das Parlament debattiert über mögliche Aufhebungsgesetze dann am 25. Februar, wird diese aber alle aus Prinzip ablehnen, da die Vorschläge allesamt von der Opposition eingebracht worden sind und man einem politischen Gegner aus taktischen Gründen keinen Erfolg gönnen darf.\nWie dem auch sei: Jetzt ist das Gesetz, das plötzlich keiner mehr will, unterzeichnet und muß umgesetzt werden, bis auch dieses Gesetz für verfassungswidrig erklärt wird - wenn man nicht vorher schon ein Aufhebungsgesetz machen will.\nDenn Gesetze, die in Kraft sind, nach Belieben nicht anzuwenden kann auch nicht die Grundlage eines Rechtsstaates sein .\nDamit nicht genug: Man redet von einem Löschgesetz statt eines Sperrgesetzes - aber die Rechtsgrundlage zur Löschung von Kinderpornograpie im Internet gibt es schon, wie die Piratenpartei in die Debatte einwirft . Und man baut gerade an einem Jugendmedienstaatsvertrag, dessen bekannt gewordene Version 2.0 noch mehr Eingriffe in die Kommunikation verpflichtend gemacht hätte als dieses unselige Gesetz es vorsieht. Dessen Version 3.0 wird dann bereits am 24. verhandelt , ist aber wegen des Drucks des Netzes zur Version 2.0 angeblich entschärft. Stattdessen setzt man auf elternseitig installierte Filterprogramme. Die werden zwar auch nicht funktionieren , aber immerhin niemandem schaden außer den Kindern der Eltern, die so was einsetzen.\nEs gibt also wieder viel zu tun, solange wir noch offensiv dumme und internet-analphabetische Politiker haben. Oder, wenn man die böse Zynikerbrille aufsetzt, dann faßt man es wie Aleks und Alvar zusammen.\n","date":"2010-02-19T00:00:00Z","href":"https://blog.koehntopp.info/2010/02/19/die-netzsperren-schlagen-zur-ck.html","tags":["internet","jugendschutz","politik","zensur","lang_de"],"title":"Die Netzsperren schlagen zurück"},{"categories":null,"content":" Vor mehr als 10 Jahren habe ich einmal im Auftrag des BMWI an einer Studie zum Thema Jugendschutz im Internet (PDF) mitgearbeitet. Das war anstrengend, da das Thema Spielball zahlreicher politischer Interessen ist, die sich dort gerne wiederfinden möchten, aber die in der Studie wiedergegebene Ausgangslage ist heute noch unverändert. Ich habe mein persönliches Fazit in kürzerer Form in einem Artikel abgelegt, aber auch dieses Ergebnis ist noch zu lang und zu technisch. Im Grunde kann man die aktelle Situation wie in Jugendschutzfilter saugen und dafür gibt es einen Grund kurz und knackig darstellen.\nEine Lösung für dieses Problem gibt es nicht. Es ist auch heute, 11 Jahre nach der Studie, noch einfacher, sicherer und günstiger, Inhalte unbewertet ins Internet zu stellen oder als Privatanbieter \u0026lsquo;frei ab 18\u0026rsquo; zu bewerten, als sich um das niedrigste legale Rating für seine Inhalte zu bemühen. Und so sind konsequenterweise auch meine Sites alle mit dem höchsten generierbaren ICRA-Label versehen, das Minderjährige konsequent ausschließt (wenn es denn jemanden kümmern würde, daß ein solches Label an meiner Site klebt).\nDer neue Jugendmedienschutz-Staatsvertrag ist nun nichts weiter als ein Hilferuf des Staates. Der Staat will nun endlich nach Jugendschutzkriterien bewertete Angebote im Internet, und dabei muß er Bedingungen erzeugen, die einerseits bewirken, daß die Bewertungen nicht zu niedrig sind, andererseits es aber Anbietern nicht attraktiv erscheinen lassen, sich sicherheitshalber zu hoch zu bewerten oder gar unbewertet zu publizieren (was einer \u0026ldquo;ab 18\u0026rdquo;-Einstufung gleich käme).\nDer Arbeitsentwurf, der dabei veröffentlicht wurde, setzt allen Anbietern - Inhaltsanbietern, Hostern und Providern - jetzt die Pistole auf die Brust. Es ist die Art der Politik zu sagen \u0026ldquo;Löst dieses Problem jetzt, oder wir machen Regeln, mit denen niemand zufrieden ist\u0026rdquo;. Blöd nur, daß die wirtschaftlichen Rahmenbedingungen sich dabei in jedem Fall so verändern werden, daß die Transaktionskosten für eine Veröffentlichung von irgendwas steigen werden: Kostenlos ist grad teurer geworden.\nAndererseits ist das auch genau eine Linie der Politik der aktuellen Regierung: Es sind die kostenlosen Angebote in ausreichender bis exzellenter Qualität, die derzeit den Medienwandel treiben. Unsere Klientelregierung hat nun versprochen, dieses Problem zu beheben. Konsequenterweise ist dieser Entwurf eines Jugendmedienschutzes auch ein Anschlag auf die kooperative Kultur des Internets, denn es gilt, kostenlose Angebote unattraktiver zu machen, um kompetetiven, traditionell geldgestützt operierenden Sites mehr Luft zum Atmen zu geben. Da diese Sites auch traditionellen Regulierungsinstrumentarien zugänglich sind, ist dies politisch und wirtschaftlich wünschenswert.\nDie Analysen und Aufrufe von\n1 und 1 , Andi Popp , Thomas Stadler , Nerdcore und Ingo Jürgensmann zeigen die wichtigen Punkt auf. Sie zeigen aber nicht, daß sich hier gerade eine unheilige Allianz von Politik und Großmedien aufbaut, denen eine solche Entwicklung genau die gewünschten Veränderungen erzeugt:\nDie Publikation von kostenlosen, kooperativ erzeugten freien Inhalten wird aufwendiger. Es wird die Überwachungs- und Zensurinfrastruktur legitimiert, die schon im Rahmen der Zensursula-Diskussion gewünscht wurde. Das ganze wird am Ende ein Muster-Anwendungsfall für den elektronischen Personalausweis, der notwendig wird, um sich beim Provider und beim Site-Betreiber für den Internet-Zugang und den Inhaltszugriff zu legitimieren und die Bedarfsträger können endlich mit Identitäten statt IP-Nummern operieren, wenn sie ermitteln wollen. Mit diesen Identitäten lassen sich auch Meldungen und ihre Weitergabe ausgezeichnet tracken, sodaß wir auch eine technische Basis für den Verteilschlüssel der Einnahmen aus dem neuen Leistungsschutzrecht haben. Diesen politischen und wirtschaftlichen Drücken stellt man sich entgegen, wenn man gegen diesen Entwurf ist. Um den Jugendschutz geht es dabei nur am Rande.\nAndererseits kann man das ganze natürlich auch als die neue Kampagne der etablierten Parteien für die Piratenpartei interpretieren.\n","date":"2010-01-26T00:00:00Z","href":"https://blog.koehntopp.info/2010/01/26/ab-18.html","tags":["blog","jugendschutz","politik","zensur","lang_de"],"title":"Ab 18"},{"categories":null,"content":"Einmal schreibt Susanne Gaschke in der Zeit einen weiteren Hetzartikel gegen Google und wie wir alle in den Händen dieser cthulhuiden Datenkrake landen werden. Unterdessen versteigt man sich beim Spiegel zu Vergleichen von Google mit der Stasi . Das alles konzertiert ein Ausheulen der Verlegervertreter beim Kartellamt , wobei sich die Begründung der Beschwerde recht deutlich wie \u0026lsquo;Wir wollen auch was von dem Geld, sonst müssen wir uns womöglich anpassen\u0026rsquo; liest.\nFrau Leutheuser-Schnarrenberger klingt dabei fast niedlich:\nMich stört dieses Vorpreschen, diese Gigantomanie, die auch bei der Google-Buchsuche durchscheint\u0026quot;, sagte sie.\nJa, die Dame stört sich tatsächlich an Innovation und an groß angelegtem interdisziplinärem Denken.\nDer aktuelle Angriff auf Google aus China und die Drohung von Google, sich aus dem Chinageschäft zurück zu ziehen paßt entsprechend auch nicht so ganz ins Konzept. Die Zeit begrüßt das zwar im Prinzip, wähnt sich aber in\nder Google-Republik , wobei sie auf die \u0026lsquo;Bananenrepubliken\u0026rsquo; in Mittelamerika im Griff der United Fruit Company (Chiquita) anspielt. Und so sitzt Google in der Mitte und kann es keinem Recht machen: Entweder böser Zensor, der dem Regime in die Hände spielt oder ein böser Konzern, der es wagt, politisch aktiv zu werden:\nOffensichtlich betrachtet sich der Konzern als so mächtig, dass er einerseits auf den chinesischen Markt, immerhin einen der größten der Welt – verzichten kann. Und andererseits auch als stark genug, sich mit der chinesischen Regierung anzulegen. Etwas, das nicht einmal große Industrienationen wie Deutschland oder die USA ernsthaft wagen.\nDas sollte aber vielleicht eher an die Adresse der Bundesregierung gehen.\nCarta analysiert korrekt :\nWas hier abläuft, ist knallharte Klientelpolitik. Liberale Medien und FDP werfen sich die Bälle zu. Gesetze, die (außer von einigen Verlegern) von niemandem gefordert werden, sollen durch’s Parlament gejagt werden. Volksvertreter sollen zur Ausschaltung einer lästigen Konkurrenz missbraucht werden. Um diesen skandalösen Vorgang zu verstehen, muss man ein paar Monate zurückgehen.\nEin lohnender Artikel, der die o.a. Medienschau sauber erklärt und die Zeit-Kampagne gut ausleuchtet.\n","date":"2010-01-18T00:00:00Z","href":"https://blog.koehntopp.info/2010/01/18/google-im-fadenkreuz-der-politik.html","tags":["google","internet","politik","lang_de"],"title":"Google im Fadenkreuz der Politik"},{"categories":null,"content":" Mobilfunkmarkt jetzt\nGoogle hat entschieden, daß der Voice-Anteil des Mobilfunkmarktes irgendwie nicht weiter wichtig sein wird in der Zukunft, sondern daß am Ende gewinnt, wer das mobile Internet beherrscht. Auch SMS und andere Dienste werden dabei langfristig von Chatanwendungen und Twitter geplättet werden. Es kommt also mehr darauf an, diese Anwendungen auf einem Mobilfon zu kontrollieren, das always on ist, als alten Mobilfunkmist zu emulieren. Derlei Zeugs braucht man nur noch für legacy, aber eigentlich will man ja ein Google Voice Handset.\nMobilfunkmarkt der Zukunft\nDaher ist es wichtig, ein eigenes Handset zu haben, damit man die Anwendungen im Internet mit den Anwendungen auf dem Handset schön integrieren kann und damit man auch die User Experience auf dem Handset kontrollieren kann (und mit den eigenen Mitarbeitern auch ausmetern, dadurch wird das ganze eine inkrementellen und evolutionären Ansatz für UI Optimierung nach Marissa Mayer zugänglich).\nMan beachte die Darstellung der Mobilfunk-Netzbetreiber in der obigen Ansicht - in einem Netz mit funktionierender Netzneutralität haben sie die Bedeutung und die Mehrwertdienste von Gas/Wasser/Scheiße-Anbietern heute. Doof, wenn man einer von denen ist (oder Aktien von denen hat).\nArtikel dazu . Money Quote dazu:\nGoogle will push full VOIP usage on these, meaning no voice/sms plans needed at any carrier. Voice calls will go through Google Voice on Data SIM cards and will provide unlimited free voice calling. And SMS is replaced by unlimited free Gtalk.\n","date":"2009-12-15T00:00:00Z","href":"https://blog.koehntopp.info/2009/12/15/google-baut-ein-telefon.html","tags":["google","internet","lang_de"],"title":"Google baut ein Telefon"},{"categories":null,"content":"Ich sitze hier daheim beim PHPlätzchenbacken und Kore fragt mich eben: \u0026ldquo;Sage einmal, ich habe daheim so einen Router, der NAT macht und den ich als Sprunghost verwende, und dahinter meinen Desktop-Rechner. Kann ich eigentlich Dateien von daheim von meinem Desktop auf mein Netbook kopieren, ohne daß ich die auf dem Router als Zwischenkopie ablegen muß?\u0026rdquo;\nEs geht sogar besser als das, und dafür braucht man eine $HOME/.ssh/config-Datei auf seinem Netbook und eine Kopie von \u0026rsquo;netcat\u0026rsquo; oder \u0026rsquo;nc\u0026rsquo; auf dem Router. Das ist bei Kore mit dem Busybox-Netcat auch der Fall.\nSo geht\u0026rsquo;s:\nServerAliveInterval 10 ServerAliveCountMax 3 Compression yes HashKnownHosts no TCPKeepAlive yes ControlMaster auto ControlPath ~/.ssh/ssh_control_%h_%p_%r Host router Hostname name.homeunix.org User name Port 4444 Host desktop Hostname 192.168.1.2 User name Port 22 ProxyCommand ssh router nc -w30 %h %p LocalForward 6667 127.0.0.1:6667 LocalForward 1993 127.0.0.1:993 LocalForward 1587 127.0.0.1:587 LocalForward 1999 news.mein-freund.de:119 DynamicForward 1080 Host * ForwardAgent yes Der Router ist dabei ein wenig langsam und es ist sehr mühsam, die erste dieser Verbindungen aufzubauen. Sobald die Verbindung aber steht, ist sie normal schnell. Der ControlMaster sorgt dafür, daß überhaupt nur eine ssh-Verbindung per Host aufgebaut wird. ssh tunnelt dann die anderen ssh-Verbindungen zum selben Host wegen des ControlMaster per Multiplexer durch die eine bestehende Verbindung. Das ist in diesem Fall nett, weil es schnell ist.\nIn meinem eigenen Anwendungsfall ist sogar noch ein RSA Security Dreckstoken involviert und ich habe keine Lust für jedes ssh oder scp jedesmal einen RSA Security Dreckscode abzutippen. Durch den ControlMaster brauche ich mich nur einmal pro Tag morgens einzuloggen und multiplexe dann alle meine Verbindungen durch die eine bestehende Verbindung in die Firma.\nDabei helfen mir die verschiedenen KeepAlive- und AliveInterval-Einstellungen die bestehende Verbindungen gegen alle Timeout-Versuche der Firmenkonfiguration am Leben zu halten, auch dann, wenn ich die Leitung mal ein wenig vor sich hin idlen lasse.\nDer Eintrag router ist dabei ein Kurzname (eine ssh Bookmark), die intern auf einen tatsächlichen Hostnamen, einen Usernamen und einen Port expandiert wird. Ein \u0026lsquo;ssh router\u0026rsquo; wird also zu einem \u0026lsquo;ssh -P4444 name@name.homeunix.org \u0026rsquo; umgeschrieben.\nDer Eintrag desktop wird genau so expandiert. Der Trick ist dabei jedoch das ProxyCommand. Ein \u0026lsquo;ssh desktop\u0026rsquo; wird also in Wahrheit zu einem \u0026lsquo;ssh router $kommando\u0026rsquo; expandiert, das von der ssh wegen des Eintrages darüber jedoch zu einem \u0026lsquo;ssh -P4444 name@name.homeunix.org $kommando\u0026rsquo; erweitert wird.\nDabei ist das Kommando \u0026rsquo;nc -w30 desktop 22\u0026rsquo;, also ein transparenter Tunnel von router zu desktop auf Port 22.\nDas Kommando \u0026lsquo;ssh desktop\u0026rsquo; baut also eine Verbindung vom Netbook (wo immer das gerade ist) zum router auf und von dort automatisch weiter zum Desktop. Das funktioniert so gut, daß man nicht nur auf dem Laptop \u0026lsquo;ssh desktop\u0026rsquo; tippen kann und dann daheim ist, sondern daß man sogar \u0026lsquo;scp desktop:/etc/my.cnf Desktop/\u0026rsquo; auf dem Netbook tippen kann und die Datei wird durch den Router hindurch von daheim geholt und auf dem lokalen Desktop abgelegt.\nAls KDE-Anwender kann man sogar im Editor auf dem Netbook einfach \u0026lsquo;fish://desktop/etc/my.cnf\u0026rsquo; zu bearbeiten öffnen, die Datei bearbeiten und dann einfach mit Control-S auf dem Desktop daheim abspeichern.\nMan kann noch mehr tun:\nDie LocalForward-Anweisungen bauen weitere Tunnel auf. Der Port 6667 auf dem Netbook verbindet einen also mit dem Irc-Bouncer auf dem Desktop-Rechner, die Ports 127.0.0.1:1993 und 127.0.0.1:1587 auf dem Netbook verbinden einen mit den imaps- und submission -Ports des Desktop-Rechners und der Port 1999 des Netbook gibt nun eine Verbindung zum NNTP-Server von news.mein-freund.de. Dabei sieht es für news.mein-freund.de so aus, als käme die Verbindung vom Desktop-Rechner und nicht vom Netbook und die Datenübertragung vom Netbook zum Desktop ist natürlich ssh-verschlüsselt.\nDer DynamicForward 1080 bewirkt, daß die ssh auf dem Netbook ein SOCKS5-Proxy ist. Stellt man in seinem Firefox in den Proxy-Einstellungen einen SOCKS5-Proxy auf 127.0.0.1:1080 ein, dann reicht Firefox als URLs über ssh an den Desktop-Rechner weiter, der dann an Stelle des Netbook die Daten beschafft und an den Firefox weiter gibt. Mein gibt also - egal wo man ist - keine URLs an einen Firmenproxy weiter, sondern greift, egal wo man ist, durch sein heimisches Desktop-DSL auf das Web zu.\nIm Zusammenhang mit einem Dedi irgendwo und einem passenden openvpn-Server sollte man außerdem aus jedem Firmennetz eine Verbindung nach draußen bekommen und sich so in jedem Fall freischwimmen können, egal wie restriktiv das Firmennetz konfiguriert ist.\nUpdate: oliof schlägt vor, noch ein \u0026lsquo;Compression yes\u0026rsquo; an geeigneter Stelle einzustreuen.\n","date":"2009-12-06T00:00:00Z","href":"https://blog.koehntopp.info/2009/12/06/ssh-durch-den-gateway-host.html","tags":["lang_de"],"title":"ssh durch den Gateway Host"},{"categories":null,"content":"Google teilt mit, daß sie nun eigene öffentliche DNS-Server betreiben, und erklärt dabei für Laien, wie man DNS-Server des Providers ausnullt und durch den DNS-Server von Google ersetzt.\nDas ist sicher nur vorübergehend, ich bin sicher, daß die nächsten Versionen von Google Toolbar und Chrome dem Benutzer auch anbieten werden, die Änderung an seiner Stelle zu machen und zu kontrollieren, daß diese Einstellungen so bleiben. Ich bin mir auch sicher, daß Google Wege finden wird, die Kommunikation zwischen dem Rechner des Anwenders und Google so abzusichern, daß es nicht mehr möglich sein wird, DNS-Queries zwischen dem Client Rechner und Google durch einen transparenten DNS-Proxy abzufangen und auf die providereigenen DNS-Server zu fälschen - ich rechne da mit einer stufenweisen Eskalation zwischen lokalen Providern und Google, die am Ende auf einen weiteren Aspekt der Netzneutralitätsdebatte hinausläuft.\nMit dem Google DNS tut Google einen weiteren wichtigen Schritt, um sich von anderer Leute Infrastruktur unabhängig zu machen , und er ist damit voll konsistent mit der beobachteten Google-Strategie.\nDie Aufgabe des Google DNS-Dienstes ist nach Aussage von Google ein Experiment in Performance-Verbesserung. Google will mit ihrem DNS-Server Muster in DNS-Anfragen erkennen und durch geeignetes Clustering und Prefetchen die Antwortzeiten verbessern. Dadurch soll der Aufbau von Webseiten schneller werden.\nSpezifisch sagt Google in der Intro zu dem Dienst, daß Google DNS für keine Domain authoritative ist, daß Google keine eigenen Rootzonen in die Antworten mischt und daß Google auch DynDNS oder andere DNS-Provider nicht ersetzen will.\nViele Provider in Deutschland manipulieren ihr eigenes DNS jedoch so, daß Anfragen nach nicht existierenden Hostnamen keinen Fehler erzeugen, sondern die IP-Nummer eines Provider-eigenen Webservers zurückliefern, auf dem sie dann einen Suchdienst laufen lassen und dabei dort auch Werbung einblenden. Der Google DNS tut das nicht, und so macht Google auf diese Weise auch das DNS wieder heil , denn derzeit ist es so, daß der Google DNS sauberer ist als die meisten ISP-DNS Server.\nJedoch: Das ist auch eine Art Angriff. Wenn Kunden statt des Provider-DNS den DNS-Dienst von Google verwenden, dann berauben sie ihren ISP dieser Einkommensquelle und so kommt es, daß selbst diese Form des DNS-Dienstes für viele Provider eine (wenn auch kleine) Bedrohung ist, da Google auch hier eine Einkommensquelle abzieht, selbst wenn Google den Traffic nicht nutzt um selbst Einkünfte zu generieren.\nAußerdem steht natürlich strategisch die Drohung im Raum, daß Google sich mit seinem Teil der Userbase irgendwann \u0026lsquo;selbstständig\u0026rsquo; macht. Wenn die Anzahl der Benuzter, die 8.8.8.8 und 8.8.4.4 als DNS Verwenden erst einmal groß genug ist, dann ist es möglich, diesen DNS unter der Kontrolle von Google zu einem Misch-DNS umzuarbeiten, der ähnlich den ISP-DNS Suchseiten mit generiert, der neben den offiziellen Antworten auch eine .google Toplevel-Domain erzeugt oder der gar gänzlich vom normalen DNS abgelöst ein Googleversum erzeugt. Google wäre für diese Benutzer der Gatekeeper, der entscheidet, ob und welche Domains überhaupt erreichbar sind - jedenfalls so lange wie diese Benutzer sich entscheiden, diese IPs weiter als ihre DNS-Server zu verwenden.\nDas alles tut Google derzeit wohlgemerkt nicht, und weist in ihrer Dokumentation auch spezifisch darauf hin, daß sie das nicht tun. Das muß Google auch nicht tun - es reicht die Vorstellung, daß das möglich wäre, hätten sie erst einmal genug User. Für Google ist all dies in der laufenden Debatte um Netzneutralität ein sehr wichtiges, aber sehr leises Argument. Von daher ist dieser Schritt seitens Google von einiger strategischer Brillianz.\nFefe hat auch so seine Gedanken zum Thema. ","date":"2009-12-04T00:00:00Z","href":"https://blog.koehntopp.info/2009/12/04/google-dns.html","tags":["lang_de","internet","google"],"title":"Google DNS"},{"categories":null,"content":"Medienecho zur Taxi-Studie des ADAC auf Google News.\nDer ADAC hat die deutschen Taxiunternehmen getestet und das Ergebnis war verheerend. Mit der Studie verbindet der ADAC eine Reihe von Forderungen. Die Story ist Ende Oktober durch alle wichtigen Zeitungen gegangen, hier eine Auswahl.\nHandelsblatt - nennt Städtezahl (12) Grundgesamtheit (240 Fahrten), Kriterien, Sieger und Verlierer und typische Probleme. Quelle nicht verlinkt. Autobild - nennt Städtezahl, 20 Fahren pro Stadt, Kriterien, Sieger und Verlierer, hat eine Tabelle. Quelle nicht verlinkt. Spiegel - nennt Städtezahl, Grundgesamtheit, Mängelquote, Sieger und Verlierer, Quelle nicht verlinkt. Zeit - nennt Städtezahl, Grundgesamtheit, Mängelquote, Quelle nicht verlinkt (Die Zeit nennt eine DPA-Meldung als Quelle) Potsdamer Neuste Nachrichten - Fokus auf Potsdamer Ergebnis, Städtezahl und Grundgesamtheit nicht genannt, Quelle nicht verlinkt. BZ Berlin - Nachrichtenfragment ohne sinnvollen Inhalt und ohne Quelle. Taxi Heute - Originaltabelle des ADAC, 12 Städte, 240 Fahrten, Fehlerquote, Sieg- und Verlierergründe, Link auf die Originalquelle. Die Originalquelle des ADAC nennt die Methodik und listet auch die Forderungen des ADAC . Die Umwegfahrten zeigt der ADAC in Beispielen (Als jemand, der in Karlsruhe Auto gefahren ist, finde ich die Karlsruhe \u0026ldquo;Irrfahrt\u0026rdquo; ziemlich interessant).\nSind die Grundgesamtheit und die Anzahl der Testfahrten ausreichend für eine repräsentative Studie? Was sind die Kosten für die Erstellung des Tests, überschlagen? Was würde es kosten, ein vergleichbares Medienecho durch Werbung zu erzeugen? Was ist die Agenda des ADAC? Ist der ADAC hier effektiv? Bewerte die Meldungen in den Zeitungen angesichts der Originalquelle. Definiere \u0026ldquo;Qualitätsjournalismus\u0026rdquo;. ","date":"2009-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/29/meldung-und-hintergrund.html","tags":["media","reisen","lang_de"],"title":"Meldung und Hintergrund"},{"categories":null,"content":" Der Artikel Batman in der deutschen Wikipedia - unser Arbeitsbeispiel.\nWikipedia ist eine Online-Enzyklopädie. Die meisten Menschen nutzen Wikipedia zum Nachschlagen, das heißt ihre Nutzung ist lesend und vertikal. Lesend bedeutet, die verändern den Artikel nicht, obwohl Wikipedia das prinzipiell zuließe, und vertikal heißt, daß sie meistens über einen Deep Link direkt bei dem Artikel landen und auch nicht nach anderen verwandten Artikeln schauen.\nDementsprechend erwarten Benutzer, daß die Informationen in dem Artikel wahr und vollständig sind und möglicherweise sind sie das sogar. Dieser Blogeintrag soll helfen, die Qualität eines Wikipedia-Artikels beurteilen zu können.\nArtikel Greifen wir uns einmal ein Beispiel für einen Artikel heraus, und zwar zu einem Thema, zu dem möglicherweise jeder was sagen kann: Batman .\nAuf den ersten Blick wirkt dies wie ein sauberer und strukturierter Artikel: Es gibt eine Zusammenfassung, ein paar Bilder und ein Inhaltsverzeichnis. Das Inhaltsverzeichnis sieht ebenfalls aus, als wäre der Artikel sinnvoll strukturiert und würde das Thema gut abdecken.\nLiest man den Artikel durch, bekommt man einen Aufsatz oder eine Hausarbeit über Batman zu lesen, die durchaus als Einführung in das Thema geeignet ist - wie es bei der Wikipedia üblich ist, weiß man jedoch nichts über den oder die Autoren dieser Arbeit.\nWeitere Artikel Unter der Überschrift \u0026ldquo;Batman\u0026rdquo;, aber vor dem Artikeltext findet man ein USB-Symbol und den Text \u0026ldquo;Der Titel dieses Artikels ist mehrdeutig. Weitere Bedeutungen sind unter Batman (Begriffsklärung) aufgeführt.\u0026rdquo; Dies ist eine WP:BKL und das ist Wikipedia-Slang für eine Begriffsklärungsseite. Die Begriffsklärungsseite für Batman verweist nicht nur auf die gleichnamige Stadt in der Türkei, sondern auch auf auf Einzelseiten zu den Comicserien, den Filmen und den Fernsehserien.\nDennoch finden wir auf der Hauptseite \u0026ldquo;Batman\u0026rdquo; jede Menge Detailinformationen zu diversen Batman-Verfilmungen, die anders als die Informationen zu den Comics nicht ausgelagert worden sind. Damit man einen kompletten Überblick bekommt, ist es unbedingt notwendig der BKL zu folgen und alle Einzelseiten zum Thema kurz durchzusehen, um festzustellen, welche davon für die Fragestellung wichtig sind.\nFür jede Seite muß man dann wie weiter unten die Qualität und Strittigkeit der Seite prüfen, um festzustellen, welchen Informationen man vertraut.\nQuellen und Weblinks\nQuellen und Literaturverweise im Batman-Artikel\nUm bewerten zu können, ob der Artikel wahr und vollständig ist, muß man sich den Quellen zuwenden können, auf denen der Artikel basiert. Als geübter Wikipedia-Leser scrollt man also zunächst einmal an das Ende des Artikels und sucht dort nach den Belegen für die im Artikel aufgestellten Behauptungen.\nHier wird schon die erste Schwäche sichtbar, die den Batman-Artikel als keinen zeigemäßen Wikipedia-Artikel enthüllt: Es gibt überhaupt nur 4 Quellen , von denen drei im Abschnitt über Motive der Figur verwendet werden und einer sich auf einen minder wichtigen Kurzfilm (keinen Comic) beziehen. Der Rest des Artikels ist in der Tat ein freier Aufsatz, dessen Rückhalt in externer Literatur nicht nachgewiesen ist und den jemand, der zum Thema nichts weiß, nicht verifizieren oder falsifizieren kann - auch wenn Wikipedia das fordert .\nWollte man sich selbst die notwendige Fachkenntnis aneignen, um den Artikel inhaltlich bewerten zu können, könnte man mit den im Abschnitt \u0026ldquo;Literatur\u0026rdquo; genannten Werken starten. Im Abschnitt \u0026ldquo;Weblinks\u0026rdquo; findet man dann verweise auf andere Webseiten - diese sollen laut der Richtlinie WP:WEB \u0026ldquo;Bitte sparsam und vom Feinsten\u0026rdquo; sein. Es wird vorgeschlagen, bis zu fünf Links zu hinterlegen, die möglichst direkt zum Thema, in deutscher Sprache und möglichst statisch sind (also nicht gerade auf Diskussionsforen oder soziale Netzwerke verweisen).\nBesonders der Verweis ins DC Wiki aus den Weblinks zeigt dann auch gleich, wie ein viel besserer Batman-Artikel aussehen kann. Dort wird nämlich erst einmal nach den verschiedenen Versionen von Batman unterschieden, die durchaus unterschiedlich ausgeprägte Geschichten haben, selbst wenn man Elseworlds einmal ausklammert. Wählt man dann eine Version aus, sieht man auch, daß sich die Geschichte einer Comicfigur auch mit Quellen belegen läßt . Bemerkenswert am Wikipedia-Artikel zum Thema Batman ist dagegen, daß er zwar alle Batman-Filme auflistet, die jemals produziert worden sind, aber nicht auf ein einziges Comicheft verweist.\nNur mal zum Vergleich sei hier auf Azundris\u0026rsquo; Dokumentation zu Poison Ivy verwiesen, die die Hintergrundgeschichte der Figur und ihre Fertigkeiten Satz für Satz mit den relevanten Originalquellen belegt - zwar kein Teil der Wikipedia, aber sehr viel enzyklopädischer.\nAuch zum Vergleich sei hier auf den Abschnitt Einzelnachweise von Fefes Blog verwiesen - auf Grund der Relevanzdiskussion, die unter anderem um diesen Artikel herum entflammt ist, ist dies wahrscheinlich einer der am sorgfältigsten nachgewiesenen Artikel in der Wikipedia.\nDiskussion Die Seite Diskussion:Batman .\nZu jedem Artikel in der Wikipedia gibt es eine Diskussionsseite. Will man wissen, was nach Meinung der Wikipedianer aktuelle und vergangene Probleme mit dem Artikel sind, dann muß man sich die Diskussionsseite zum Artikel ansehen und diese durchsehen.\nWikipedia hat kein Diskussionsforum in ihr Wiki integriert. Die Diskussionsseite ist stattdessen ein weiterer Artikel, der von allen Diskussionsteilnehmern gemeinsam bearbeitet wird. Zwar wäre es deswegen möglich, Diskussionsbeiträge anderer nachträglich zu löschen, zu editieren oder inhaltlich zu verändern, aber da die Diskussionsseite auch eine normale Wikiseite ist, hat auch sie eine Versionsgeschichte und darüber sind solche Manupulationen immer nachweisbar.\nEinen Diskussionsbeitrag auf der Diskussionsseite einfügen.\nDiskussionsseiten sind mühsam - nicht nur muß man die Einrückstufe der Nachrichten als Diskussionsteilnehmer selbst pflegen, sondern man darf auch nicht vergessen, seine Beiträge manuell mit \u0026lsquo;\u0026ndash; ~~~~\u0026rsquo; (Strich Strich Leerzeichen, 4 Tilden) zu signieren. Dieses Kürzel wird vom Mediawiki durch Datum und Benutzernamen ersetzt und ermöglicht zurechenbare Diskussionsbeiträge erst.\nDie Struktur der Diskussionsseite frei und muß sich nicht an der Struktur des Artikels orientieren. Daher sind die Bezüge zwischen Diskussion und Artikel, der diskutiert wird, gelegentlich unklar. Im Zweifel gilt: Lieber noch einmal nachfragen. Denn: Eine Analyse der Diskussion zu einem Artikel ist wichtig, und genau so ist es ebenfalls wichtig die Diskussionsbeiträge in Bezug zur Struktur des Originalartikels zu setzen. Denn nur auf diese Weise wird einem klar, welche Teile des Artikels nach Meinung der Wikipedianer umstritten oder verbesserungsbedürftig sind.\nSieht man sich die Diskussion:Batman an, findet man Diskussionsbeiträge mit unklarem Bezug \u0026ldquo;Muß das da rein? \u0026rdquo;. Genaueres Lesen zeigt einem: Die Beiträge sind von 2005, und beziehen sich auf Abschnitte im Artikel, die nicht mehr existent sind \u0026ndash; aber der Abschnitt, auf den sie sich beziehen wird in der Diskussion auch nicht genannt und wäre auch 2005 zunächst unklar gewesen.\nAktuelle Diskussionsbeiträge aus 2009 sind quer durch die Diskussionsseite verstreut. Man findet sie am schnellsten, indem man die Versionsgeschichte der Diskussionsseite durchgeht.\nVersionsgeschichte Das bringt uns zum nächsten Punkt - die Versionsgeschichte des Artikels . Jede Seite in Mediawiki hat eine und das heißt, für den Batman-Artikel gibt es zwei. Eine für den Artikel selbst und für die Diskussionsseite zum Artikel. Für unsere Zwecke ist die erste Versionsgeschichte interessant, denn nur an ihr können wir erkennen, ob der Artikel nennenswerte Änderungsaktivität hat.\nAus der Versionsgeschichte bekommt man eine Liste von Datumsangaben, die man sich zu einer Zeitleiste zusammensetzen kann, um Zeiten heftiger Aktivität zu erkennen. Den anderen Angaben kann man ebenfalls eine ganze Menge Informationen entnehmen - die Namen der Autoren, die Änderungen durchgeführt haben, zum Beispiel. Erscheinen sie rot, hat der betreffende Autor keine Benutzerseite und somit auch keine Informationen über sich in der Wikipedia hinterlegt - \u0026lsquo;Meinungskuenstler\u0026rsquo; ist zum Beispiel so jemand.\nVersionsgesichte des Artikels Batman in der Mediawiki-Ansicht.\nWir erkennen an den Datumsangaben und den Kommentaren zu den Änderungen im Batman-Artikel, daß der Artikel zwar permanent ein wenig Aktivität hat, aber keine größeren Änderungen oder Streitpunkte existieren.\nEin schönes Beispiel für einen Krieg finde man in der Historie von Donauturm . Dort beginnt mit einer Änderung vom 28. Oktober von Taxiarchos ein Krieg um die Bezeichnung des Turms als Fernsehturm - diese Änderung wird nämlich am 31. Oktober von Elisabeth59 rückgängig gemacht und danach beginnt der Tanz mit minütlichen Änderungen durch eine Reihe von Benutzern. Die Diskussion zum Thema findet sich auf Diskussion:Donauturm und gipfelte unter anderem in einer Aufnahme der Diskussionsseite in die Liste unvorstellbar öder Diskussionen .\nDoch zurück zum Batman Artikel: Außerdem werden Änderungen an vielen Wikipedia-Artikeln gesichtet . Eine Sichtung ist keine Qualitätsprüfung (das wäre eine geprüfte Version ), sondern nur eine Versicherung, daß die durchgeführte Änderung kein offensichtlicher Vandalismus ist. Ein Sichter ist also jemand, der einen Artikel gegen Vandalismus bewacht, aber nicht unbedingt jemand, der Ahnung vom Thema hat. Unser Sichter hier ist Benutzer:Don-kun und der gibt auf seiner Benutzerseite sogar ein Interesse an Comics und Anime an.\nAutoren Das führt uns direkt zu den Autoren: Wikipedia-Artikel werden von Benutzern geschrieben und Benutzer haben in der Wikipedia Pseudonyme. Für kontroverse Themen ist das mitunter nutzbringend, denn Autoren zu Artikeln im Bereich Nationalsozialismus oder Abtreibung sind in der Vergangenheit durchaus schon einmal gestalked oder bedroht worden.\nIm Allgemeinen ist es jedoch schon interessant zu wissen, mit wem man es zu tun hat und was diese Person für einen Hintergrund und für eine Agenda haben könnte, damit man ihre Beiträge besser bewerten kann - Experten sind auch ein Problem , aber für eine korrekte Bewertung eines Beitrages ist neben Belegen eben auch die Ausbildung des Urhebers wichtig.\nAgenda ergibt sich auch aus Identität: Zwar strebt Wikipedia offiziell einen Neutralen Standpunkt an, aber es ist jedem erfahrenen Menschen klar, daß man auch von neutralem Grund aus durch Auswahl von Quellen oder sachte Änderungen von Formulierungen durchaus eine Agenda vorantreiben kann.\nLeider gibt es kein gutes Werkzeug in der Wikipedia, mit der man Urheberschaft einzelner Formulierungen oder ihren Umstrittenheitsgrad leicht sichtbar machen kann und die einem dabei helfen würden, Agenda oder kontroverse Teile eines Artikels gut hervorzuheben. Man muß sich also recht mühsam durch die Versionshistorie und die Benutzer-Links in dieser klicken, um zu sehen, was Sache ist.\nSprachversionen Sprachversionsn von Batman (Auszug).\nArtikel existieren in der Wikipedia oft in verschiedenen Sprachen. Dabei sind die Artikel nicht zwingend synchronisiert und können sehr unterschiedlich in Inhalt und Gestaltung sein. Die Quellenlage im englischen Batman-Artikel ist zum Beispiel weitaus besser als im deutschen Artikel, und erreicht nahezu das Niveau von Azundris Poison Ivy-Artikel oben. Auch die weiterführenden Referenzen und die Weblinks des englischen Batman-Artikels spielen in einer ganz anderen Liga als im deutschen Artikel.\nWerkzeuge Es gibt eine Reihe von Werkzeugen, die einige der Arbeitsschritte zur Artikelbewertung versuchen zu automatisieren. Sie können einen direkten Blick in die einzelnen Seiten \u0026ldquo;hinter\u0026rdquo; dem Artikel nicht ersetzen, aber sie können einem helfen, einen Überblick zu bekommen.\nDa ist einmal Wikibu.ch . Wikibu.ch besorgt sich zu einem angegegbenen Artikel die Aufrufstatistik, die Autorenstatistik der Versionsgeschichte, die Anzahl der Verweise in der Wikipedia auf diese Seite und die Quellenliste und versucht daraus eine skalare Bewertung der Artikelgüte abzuleiten - es werden 1-10 Punkte vergeben, mehr sind besser.\nWie jede skalare Darstellung eines mehrdimensionalen Sachverhaltes ist das oft hilfreich, aber vereinfachend und es lassen sich pathologische Fälle konstruieren. Die Wikibu.ch Anleitung erläutert Aufbau und Inhalt der Seite.\nDas Wikidashboard benötigt Javascript und verwendet die englische Wikipedia. Das Wikidashboard liefert eine schöne Zeitleiste für den Artikel und eine Übersicht über die aktivsten Benutzer. In der Wikidashboard FAQ findet man eine graphische Schnellanleitung. Leider funktioniert Wikidashboard nicht mit der deutschen Wikipedia.\nAuch das Pyrospirit Metadata Gadget ist nützlich. Es blendet unter der Überschrift des Artikels statt des Textes \u0026lsquo;From Wikipedia, the free encyclopedia\u0026rsquo; einen wertenden Hinweis ein. Es erscheint also \u0026lsquo;A B-class article from Wikipedia, the free encyclopedia\u0026rsquo; oder eine ähnliche Klassifizierung. Das Script bindet man am einfachsten ein, indem man sich bei Wikipedia als Benutzer anmeldet und dann in den Preferences auf den Tab \u0026lsquo;Gadgets\u0026rsquo; klickt und dort im Abschnitt \u0026lsquo;User interface gadgets\u0026rsquo; die Funktion \u0026lsquo;Display an assessment of an article\u0026rsquo;s quality as part of the page header for each article.\u0026rsquo; aktiviert.\nIn der deutschen Wikipedia heißen Gadgets \u0026lsquo;Helferlein\u0026rsquo;, aber das Metadata-Plugin habe ich dort nicht gefunden - auch diese Funktion scheint nur auf die englische Wikipedia anwendbar zu sein.\nDanke! Dieser Artikel wurde am 29. November 2009 überarbeitet, um Leserkommentare zu berücksichtigen.\nFrank Schubert und Helge verweisen mich auf Wikibu.ch Jens Kubieziel verweist auf das Wikidashboard. Oneiros verweist auf das Pyrospirit Metadata Gadget. Anonymous bat mich, die Verweise auf das kaputte Diskussionssystem von Mediawiki aus diesem Artikel herauszuhalten. Es ist zwar immer noch kaputt, aber das soll dann Thema eines anderen Artikels werden. Stefan W. verweist auf die BKL. Das hat einen gesonderten Absatz verdient. Übungsaufgaben Lies den Artikel Schurken im Batman-Universum .\nWende die Informationen und Methoden aus diesem Beitrag auf den Artikel an. Ist es ein guter Wikipedia-Artikel? Sind Teile des Artikels umstritten oder heftigen Änderungen unterworfen gewesen? Existieren Benutzer mit besonderen Interesse an dem Artikel? Was ist ihre Rolle? Wie unterscheidet sich dieser Artikel systematisch von der englischen Sprachversion des Artikels? Bevorzugst Du Listenartikel (\u0026lsquo;Figuren im Harry-Potter Universum\u0026rsquo; oder Einzelartikel (\u0026lsquo;Hagrid\u0026rsquo;) für Deine Nutzungsweise der Wikipedia? ","date":"2009-11-28T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/28/wie-man-einen-wikipedia-artikel-liest.html","tags":["internet","media","schulung","wikipedia","lang_de"],"title":"Wie man einen Wikipedia-Artikel... liest"},{"categories":null,"content":"Ich huste mir daheim zwar einen ab, aber es handelt sich nur um die geräuschvollen Nachwirkungen eines gewöhnlichen viralen Infektes, und nicht um irgendein H?N?. Das ist gut.\nTrotz Rotz und Keuch habe ich dem Jochen Reinecke von der Frankfurter Allgemeinen Sonntagszeitung ein paar Fragen betreffend Wikipedia beantwortet, und die sind heute ebenda unter dem schamlos verbalsadistischen Titel \u0026ldquo;Das Schweigen der Lemmata\u0026rdquo; veröffentlicht worden.\nDa ich heute nicht Zug fahre, kenne ich den Inhalt der FAS leider nicht, aber in Absprache mit Herrn Reinecke drücke ich meine Antworten auf seine Fragen auch noch mal hier direkt ins Blog. Wenn\u0026rsquo;s Gelalle ist, schieb ich auf\u0026rsquo;s Fieber. :-)\nUpdate: Die FAS-Version der beiden Interviews im Planckton -Blog der FAZ, und den Artikel findet man mittlerweile online in der Web-FAZ .\nJochen Reinecke: \u0026ldquo;In einem Satz: Was bedeutet die Wikipedia für Sie?\u0026rdquo;\nKristian Köhntopp: Ich habe in meinem Browser Kürzel für Suchfunktionen - \u0026ldquo;wp suchwort\u0026rdquo; wird zu einer Suche auf der englischen Wikipedia und \u0026ldquo;wpd suchwort\u0026rdquo; zu einer Suche auf der deutschsprachigen Wikipedia. Das bedeutet, daß Wikipedia wie die anderen Suchkürzel in meinem Browser beim Arbeiten, Fernsehen oder was ich sonst so am Rechner mache allgegenwärtig und niemals weiter als eine Kommandozeile entfernt ist.\nIch habe noch einen Brockhaus in 30 Bänden im Regal, aber ich weiß, daß ich in den vergangenen 10 Jahren vielleicht zwei Dutzend mal dort etwas nachgeschlagen habe. Auf der anderen Seite sagt mir meine Browser-History, daß ich alleine heute schon mehr als 12 Wikipedia-Suchen mit wp oder wpd gefahren habe.\nJ: Die Relevanzdiskussion in der Wikipedia hat weite Kreise gezogen. Hat Sie die Heftigkeit der Reaktionen aus allen Schichten (Admins, Blogger, Autoren, Nutzer) überrascht?\nK: Ich bin in der Wikipedia-Hierarchie beinahe ein reiner Nutzer, und über die Artikel in Fefes Blog in diese ganze Sache hereingezogen worden. Zwar habe ich seit mehr als fünf Jahren einen Wikipedia-Login, aber ich habe nur sehr wenige kleine Änderungen gemacht. Von den internen Strukturen der Wikipedia und der Aktivität hinter den Seiten habe ich vor dieser Diskussion eher wenig mitbekommen. Ich glaube, das geht den meisten Menschen so.\nWikipedia wird meistens \u0026lsquo;vertikal\u0026rsquo; genutzt - \u0026lsquo;wpd Fachbegriff\u0026rsquo;, den Artikel lesen und weg. Auf der Artikelseite lesen die meisten Menschen auch nur den Artikeltext - die Quellennachweise und Belege am Ende sind aus dem Blickfeld gerückt, kleiner gesetzt und nicht sehr direkt an den Artikel gebunden. Personen treten gar nicht auf, die Diskussionseite ist versteckt und es ist nicht erkennbar, welche Passagen des Artikels umstritten sind oder waren oder daß es so etwas wie Streit um bestimmte Passagen im Artikel überhaupt gegeben hat.\nIn Wikipedia treten Personen hinter Artikel zurück und Diskussionen in der Wikipedia haben wenig Prominenz außerhalb - die Begriffe Inklusionist und Exklusionist sind mir jedenfalls vor der Diskussion nicht geläufig gewesen.\nInsofern ist diese Diskussion für mich wahrscheinlich genau so neu gewesen wie für die meisten Gelegenheitsbenutzer.\nJ: Halten Sie selbst eher eine inklusionistische oder exklusionistische Herangehensweise für sinnvoll?\nK: Ich bin, glaube ich, formal einem gemäßigten inklusionistischen Lager zuzurechnen. Spam und Tastaturtests haben in der Wikipedia klar nichts zu suchen, aber wenn ein Artikel eine gewisse, eher niedrige Mindest-Entwicklungsstufe hat, dann sollte er meiner Meinung nach erhalten bleiben. Ich halte es aber für dringend notwendig, Reife und Qualität eines Artikels auch für den Laien direkt erkennbar zu machen.\nWikipedia ist heute klar eine Enzyklopädie, die sich am Modell traditioneller Holzenzyklopädien orientiert. Das ist sicher auch den verschiedenen Lexika-Tests von vor 5 Jahren geschuldet, in denen sie an Brockhaus, Encarta und der Britannica gemessen wurde. Damals hat sicher eine Menge Druck auf die Wikipedia-Autorengemeinschaft gewirkt, und die exklusionistische Kultur ist sicher auch auf das Wettrennen um Qualität aus dieser Zeit zurückzuführen.\nDiese Zeiten sind nun insofern vorbei, als daß die meisten dieser Holzenzyklopädien pleite sind, oder auf der Suche nach einem Internet-Geschäftsmodell. Für Wikipedia ist es meiner Meinung nach nun Zeit, diese hinter sich zu lassen und in etwas zu verwandeln, das eine Holzenzyklopädie nicht sein kann.\nJ: Glauben Sie, dass sich die aktuellen Probleme eher organisatorisch oder technisch lösen lassen?\nK: Als ob man das so sauber trennen könnte. Wikipedia braucht eine andere Ausrichtung und daher auch andere organisatorische Strukturen, aber dann natürlich eine Technik, die das unterstützt und eine Benutzerinterface, das korrektes und erwünschtes Verhalten ermutigt und erleichtert.\nZur Zeit haben wir in der produktiven Wikipedia Strukturen, die das Gegenteil tun .\nWikipedia-Seiten sind anonym und sehen inert aus - für den Gelegenheitsnutzer ist in der Standardansicht nicht erkennbar, ob Teile einer Seite schlecht belegt sind, ob Teile einer Seite umstritten sind oder waren.\nEs wäre leicht, einen Zeitstrahl auf jeder Artikelseite zu generieren, der visualisiert, zu welchen Zeitpunkten sich Änderungen an einem Artikel gehäuft haben. Es wäre auch leicht, neben einem Artikel einen Änderungsbalken zu malen, der zeigt, an welchen Passagen eines Artikels sich Änderungen gehäuft haben und dort die entsprechenden Benutzer zu verlinken. Es wäre leicht, die Autoren, die an einem Artikel beteiligt waren, mit ihren Benutzer-Icons an einem Artikel zu verlinken.\nAuf diese Weise wäre nicht nur für einen Gelegenheitsnutzer erkennbar, wie ausgereift oder stabil ein Artikel ist, sondern Wikipedia könnte auch ein Gesicht bekommen. Man könnte erkennen, daß jede einzelne Seite ein Produkt von Mitgliedern einer Gemeinschaft ist.\nIch halte das für wichtig - es macht es leichter für einen Anwender, einen Artikel zu hinterfragen oder Artikelqualität auf einen Blick erkennen zu können. Es macht Wikipedia auch zugänglicher und motiviert vielleicht mehr Leute, sich konstruktiv an der Weiterentwicklung der Wikipedia zu beteiligen.\nJ: Haben Sie bisher Lösungsansätze von außen gehört, die einen Ausweg aus dem Dilemma zeigen könnten?\nK: Ich habe inzwischen gelernt, daß es in Wikipedia selbst eine ganze Reihe von Diskussionen, experimentellen technischen Hilfsmitteln und Alternativvorschlägen gibt, wie auch die Diskussion zwischen Exklusionisten und Inklusionisten schon seit vielen Jahren läuft, jedoch ohne Ergebnisse zu haben oder Veränderungen zu bewirken. Auf eine Weise dümpelt Wikipedia vor sich hin: Was bisher gefehlt hat, war ein Anlaß sich zu verändern.\nDie Diskussion um den MoGIS-Artikel, die Felix von Leitner losgetreten hat, und ihre Folgen sind vielleicht in der Lage, diesen Anlaß zu liefern. Das würde den Initiativen zur Weiterentwicklung in der Wikipedia eine gemeinsame Richtung und die notwenige Motivation zu geben, und Wikipedia könnte über Holz-Enzyklopädien hinauswachsen. Damit meine ich weniger eine technische Entwicklung, als vielmehr eine Weiterentwicklung in der Art und Weise wie wir Erkenntnis vermitteln oder den Grad an gesicherter Wahrheit visualisieren, der in einem Lexikon-Artikel steckt.\nDarum geht es bei der ganzen Debatte Inklusionisten vs. Exklusionisten ja im Kern: Die Exklusionisten möchten alles aus der Wikipedia heraushalten, was nicht durch Belege von reputablen Veröffentlichungen belegbar ist - am Besten mehrfach. Ihnen ist Unanfechtbarkeit wichtiger als Umfang. Dem Inklusionisten ist dagegen Umfang oder Abdeckung wichtiger als Unanfechtbarkeit oder Belegbarkeit.\nMeine Position ist eher die eines Inklusionisten, aber ich halte die exklusionistische Position für wichtig und wertvoll. Ich glaube nur, daß man das nicht so schwarzweiß sehen sollte, wie es in der derzeitigen Kultur der Wikipedia diskutiert wird. Artikel werden immer unterschiedliche Qualität haben, aber auch in qualitativ schlechten Artikeln steckt oft schon die Information, die ich grade suche - und wenn es nur die Bestätigung ist \u0026ldquo;Dieses Konzept gibt es\u0026rdquo; und \u0026ldquo;Hier sind weitere Googleworte zum Thema für Dich\u0026rdquo;. Eine Visualisierung von Qualität, Quellenlage und strittigen Passagen finde ich aber enorm hilfreich und wichtig. Das macht Abstufungen zwischen Löschen und Behalten möglich und erlaubt eine viel differenziertere Auseinandersetzung.\n**J:**Sehen Sie die Gefahr, dass die Wikipedia aufgrund ihrer schlichten Größe und damit letztlich auch Vielzahl der Mitglieder an Diskussionen dieser Art zerbrechen kann?\nK: Ich grinse. Ausgehend von den Diskussionen in der Wikipedia, die mir bekannt sind, besteht diese Gefahr nicht einmal entfernt. Bei allem akademischen Eifer und Elan, der in diese Diskussion fließt, habe ich dennoch den Eindruck, daß alle Parteien an derselben Sache arbeiten - und das ist Wikipedia zu einer noch besseren Wissensquelle zu machen und eben hoffentlich auch, diese Qualität nachvollziehbar darstellbar zu machen.\nWikipedia wirkt anonym und entpersönlicht, wenn man sie nur benutzt und nicht mitarbeitet. Aber da sind viele hundert engagierte Einzelpersonen hinter den Kulissen am Zusammenarbeiten. Wikipedia ist nur enorm schlecht darin, diese Personen sichtbar zu machen und die Diskussionen zwischen diesen Personen und den Gruppierungen, die sich da gebildet haben, sichtbar zu machen. Wir haben hier ein ständiges Ringen um Wissen, um Korrektheit, um Abdeckung und um Quellen. Nichts davon ist im Produkt unmittelbar erkennbar. Das ist schade, denn es ist wichtige Information, die bei der Bewertung von Artikeln genauso hilfreich ist wie dabei, diese Leute zu motivieren.\nJ: Könnte hier eine Art oberster \u0026ldquo;Chef\u0026rdquo; oder \u0026ldquo;Geschäftsführer\u0026rdquo; mit Entscheidungsgewalt helfen?\nK: Keinesfalls.\nWikipedia ist eine Gemeinschaft, und Motivation genau wie Entscheidungen müssen von innen heraus kommen und von einer stabilen Mehrheit getragen werden - welchen Grund gibt es denn sonst, dort mitzuarbeiten, wenn nicht persönliche Überzeugung und den Willen, persönlich daran mitzuarbeiten, die Welt an einer Ecke in einen besseren Ort zu verwandeln? Wikipedia kann man nur anführen, indem man überzeugt, nicht indem man kommandiert. Nichts anderes wird dem Projekt und seinem Geist gerecht.\nJ: Angenommen, es gäbe die Wahl zwischen einer rein inklusionistischen und hart exklusionistischen Gangart: Welche Chancen und welche Risiken würden diese beiden Gangarten bergen?\nK: Die Frage ist meiner Meinung nach unsinnig, und dem Verbleiben in der Denkweise einer Holzenzyklopädie geschuldet. Die ganze Debatte läuft in der Wikipedia selbst schon seit Jahren, und wenn man eine Lösung wollte, dann muß man die ganze Frage endlich transzendieren und Wege finden, die Ziele der beiden Gruppieren klar und positiv zu formulieren und dann innerhalb desselben Systems zu befriedigen. Das geht. Unterschiedliche Visualisierungen derselben Daten, Anzeigefilter, die Artikel unterhalb einer Qualitätsschwelle unterdrücken oder gar unterschiedliche Websites auf demselben Datenbestand sind ja technisch überhaupt kein Problem.\nDer ganze Konflikt besteht doch nur, wenn man meint, es gäbe eine Wahrheit, den Prozeß des Ringens um diese Wahrheit aber nicht darstellt oder nicht darstellen will.\n","date":"2009-11-22T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/22/das-schweigen-der-lemmata.html","tags":["internet","wikipedia","lang_de"],"title":"Das Schweigen der Lemmata"},{"categories":null,"content":"Beim Aufräumen habe ich noch ein paar alte Prospekte gefunden und mal eben eingescannt.\nCBM 4001 Series, Stand Januar 1982. CBM 8001 Series, Stand Januar 1982. CBM 8050 Diskettenlaufwerk (das Große mit der hohen Kapazität). Commodore MMF 9000 (Ja, so was gab es mal): Color Genie: Sirius 1 (kleiner Katalog): Sirius 1 großer Katalog, mit dem ganzen Business Chic der 80er - um diese Zeit liefen Dallas und Denver Clan:\nMZ 80 A: PC 1500 (LCD, Drucker, batteriebetrieben): Apple 2 und 3: ","date":"2009-11-18T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/18/alte-prospekte.html","tags":["computer","damals","lang_de"],"title":"Alte Prospekte"},{"categories":null,"content":" \u0026ldquo;Millions of starlings swarming at dusk before settling in the woods below.\u0026rdquo; \u0026ndash; Gail Johnson (CC-BY-NC)\nDer Hamburger Wahlstift sah zunächst ja mal aus wie eine gute Idee: Der Wähler wählt mit einem Stift auf einem Blatt Papier und kreuzt ganz normal an, welche Partei er wählen will. Der Stift ist jedoch in Wahrheit ein Scanner, der ein Muster vom Papier abliest, das dem Stift mitteilt, an welcher Stelle der Wähler sein Kreuz macht. Der Stift zählt so die Wahl und kann ausgelesen werden. Durch regelmäßiges Auslesen des Stiftes hat man dann ratzfatz ein Wahlergebnis, und wenn die Wahl angefochten wird, kann man immer noch die Zettel auszählen.\nDas hat so nicht funktioniert: Der Stift war zwar PTB-geprüft, aber der Scope der Prüfung war falsch gewählt.\nGeprüft wurde nämlich nur der Stift und nicht das System Stift-Papier. Durch vertauschen der Scanmuster auf dem Papier konnte der CCC das System leicht hacken: Der Wähler kreuzt CDU an, aber der Stift registriert und zählt SPD. Zugleich hatte die Hamburger Bürgerschaft das Wahlgesetz so geändert, daß das Ergebnis des Stiftes und nicht das Papierkreuz maßgeblich sein sollten. Das Ergebnis: Ein Desaster - der Hack des CCC kurz vor der Wahl verhinderte den Einsatz des teuren Stiftes.\nDie Arbeitsgemeinschaft Wahlstift versuchte nun juristisch gegen den CCC vorzugehen - vergebens:\nDer Hackerverein konnte in den wesentlichen Punkten das Recht auf Publikation seiner Erkenntnisse über klaffende Sicherheitslücken im Wahlstiftsystem verteidigen und kann weiterhin seine Ergebnisse veröffentlichen\u0026hellip;.Der Angriff gegen das digitale Papier trifft den technologischen Kern des Systems, das auf der Aufzeichnung der Position des Wahlstifts mit Hilfe eines feinen Musters auf dem Papier beruht. Eine effektive Abwehr gegen diesen Angriff ist kaum realisierbar und wäre nicht vom Wähler überprüfbar\u0026hellip;.In dem Beschluß des OLG Hamm ist klargestellt, es sei eine \u0026ldquo;Tatsache, dass die Manipulation des Anoto-Papiers durch den Beklagten keine unwahre Tatsachenbehauptung darstellt\u0026rdquo;\nDer Hamburger Wahlstift ist damit als Wahlcomputer erledigt.\n","date":"2009-11-17T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/17/der-ccc-vernichtet-den-hamburger-wahlstift.html","tags":["politik","wahl","lang_de"],"title":"Der CCC vernichtet den Hamburger Wahlstift"},{"categories":null,"content":"In Can Newspaper publishers survive this revenue freefall? stellt Martin Langeveld fest, daß in den letzten 50 Jahren der Anteil der gesamten verfügbaren Budgets in der Werbebrance bei ziemlich konstant 2% des Bruttosozialproduktes lag. Jedoch: Die Verteilung der Werbebudgets ist nicht konstant.\nMedienanteile am Werbebudget in den letzten 50 Jahren.\nDie Reaktion der Zeitungsverlagsbranche ist nicht eine Modernisierung, sondern der Ruf nach einem Leistungsschutzrecht. Das werden sie nun bekommen , gegen den Rat zahlreicher Expertengutachten. Und obwohl noch unklar ist, wie dieses Recht genau aussieht, ist eines schon klar: Falls es wirksam ist, werden effektiv aufgestellte digitale Medienkonzerne wie Microsoft und Google es eher zu ihren Gunsten nutzen können als regionale Zeitschriftenverlage. Falls es nicht wirksam ist, ist es auch egal. Unausweichlich wird es den Niedergang der traditionellen Nachrichtenredaktionen beschleunigen.\nUpdate: Unterdessen beginnen einige deutsche Buchverlage zu merken, daß es vielleicht nur so untermittelgut ist, wenn sie bei Google in der Buchsuche nicht gefunden werden. Hoffmann und Campe erwartet Vorschläge von Google heißt es dann mit der üblichen Holzmedienarroganz, wenn Verlage Angst bekommen, in den nächsten paar Jahren mitsamt ihrem gesamten Programm dem Vergessen anheim zu fallen.\nUpdate: Eine recht gute Erklärung dessen, was wirklich passiert, findet man bei Netzwertig: Strukturwandel: Die Folgen der digitalen Disruption für die Volkswirtschaft . Die Erklärung dort zeigt, wie spezialisierte Dienste den Mix Zeitung entbündeln und durch Einzeldienste ersetzen.\nCraigslists entzieht dem Kleinanzeigen-Markt Milliarden. Wikipedia zerstört das Geschäftsmodell von Verlagen in aller Welt. Interpreten mit Web- und Marketing-Kompetenz geben ihren Plattenfirmen den Laufpass.\n","date":"2009-11-17T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/17/die-nachrichtenverlage-bringen-sich-um.html","tags":["media","advertising","copyright","lang_de"],"title":"Die Nachrichtenverlage bringen sich um"},{"categories":null,"content":"Ich schrieb in Der alljährliche Wikimedia-Spendenaufruf :\nBitte seht davon ab, die Spende mit einer Zweckbindung \u0026ldquo;für …\u0026rdquo; zu versehen. Das macht der Vereinsbuchhaltung bei Wikipedia geradezu unglaubliche Arbeit. Danke sehr!\nDaraufhin fragte Thomas:\nUi, ist das ein Aufruf zum dDOS?\nMeine Antwort ist länger geworden und verdient einen eigenen Artikel.\n\u0026ldquo;Nein, das ist genau das, was da steht.\u0026rdquo;\nIhr helft niemandem, wenn ihr die Verwaltung von Wikimedia Deutschland blockiert, insbesondere nicht dem meiner persönlichen Meinung nach berechtigten Anliegen, die Strukturen der Wikipedia transparenter und offener zu machen.\nMan kann diese ganzen Aktionen des letzten Monats um die Wikipedia herum als Krieg auffassen, als Diskussion oder als Kommunikationsversuch. Wie immer man es deutet, man sollte dabei unbedingt das erwünschte Ziel direkt vor Augen behalten, ja es vielleicht sogar ausformulieren und auf einem Blatt Papier fixieren und neben den Monitor heften. Das hilft sehr.\nNur wenn man sich diese Mühe macht, dann wird man sein eigenes Verhalten daran messen, ob es diesem Ziel förderlich oder hinderlich ist, und man hat einen Maßstab für das eigene Handeln.\nDas ist genau das, was einen Mob von einer strukturierten Organisation unterscheidet und was eine destruktive Denial Of Service Attacke von einer konstruktiven Aktion unterscheidet, mit der man eine Organisation auf ihr Problem aufmerksam macht und ihr dann hilft, es sinnvoll in den Griff zu bekommen.\nAktionsziel Mein Zettel sähe etwa so aus:\nWikipedia hat meiner Auffassung nach eine Reihe von Problemen.\nDas eine ist eine stagnierende Software, sowohl was die Infrastruktur angeht (Scytale\u0026rsquo;s Levitiation und Fefes \u0026lsquo;Wir serven HTTP direkt aus einem GIT\u0026rsquo; können da helfen) als auch was das Benutzerinterface angeht (Sauber degradendes Javascript und eine bessere Benutzerführung können da helfen). Das zweite ist eine außer Kontrolle geratene Löschkultur, die meiner persönlichen Meinung ihre Ursache einmal in durch zu niedrig angesetzte Eingangshürden erzeugten Streß hat, zum anderen durch - das ist schwer korrekt zu formulieren - eine Art Holzmedien-Dünkel geprägt ist. Der dritte ist eine Kultur, die grad sauer wird oder schon umgekippt ist, und das habe ich in dem Communitygift-Artikel ja versucht darzulegen. Strukturelle Defizite Die Wikipedia-Website ist strukturell angelegt, daß\nsie vereinzelt, sie kurz und unpersönlich kommuniziert und daß sie Multiplikatoreffekte verhindert. Das macht es Anfängern schwerer als nötig, einzusteigen und es macht es für die Ausbilder aufwendiger als nötig, ihren Job zu tun.\nEs mag sein, daß es noch mehr Probleme gibt, die sich herausarbeiten lassen, aber das sind die drei Dinge, die sich mir derzeit am klarsten erkennbar darstellen.\nIch halte die Arbeit, die sich Scytale und Fefe mit der Software machen für wichtig und richtig. Aber für noch wichtiger hielte ich es, wenn man sich einmal überlegte, wie man denn die Wikipedia-Website umgestalten könnte.\nAnsatzpunkte Ich wünsche mir, daß die Site auf der einen Seite eine bessere Bewertung der Artikelqualität auch für Gelegenheitsnutzer zuließe. Ich glaube nicht, daß ein Gelegenheitsnutzer den Blick hat, mit dem er einen prämierten und ausgezeichneten Wikipedia-Artikel von einem durchaus langen, aber qualitativ unzureichenden Artikel unterscheiden kann.\nDie aktuelle Form der Artikel unterstützt das auch nicht gut - wie könnte man die in den Citations enthaltenen Fakten mit dem Artikeltext besser verknüpfen, sodaß besser erkennbar wird, was im Artikeltext belegt und was nicht belegt ist? Wie kann man sichtbar machen, welche Teile eines Artikels strittig und welche unstrittig sind? Wie kann man den Vollständigkeitsgrad eines Artikels schnell erfaßbar machen? Und wie kann man das alles so gestalten, daß es cool aussieht, oder daß man zwischen diesen Artikelansichten schnell wechseln kann?\nWenn an einem Artikel etwas nicht in Ordnung ist, oder strittig ist, dann muß Kommunikation stattfinden.\nWikipedia ist zur Zeit technisch ein mittelmäßiges Lexikon und ein wirklich schlechtes Forum. Wie kann man, nein, wie muß man die Wikipedia-Site ändern, damit eine bessere und durchaus persönlichere Form der Auseinandersetzung mit strittigen Fragen möglich wird? (Persönlich nicht im Sinne von \u0026lsquo;persönlich werden\u0026rsquo;, sondern im Sinne von \u0026lsquo;damit man sich des Menschen hinter den vier Tilden besser bewußt wird\u0026rsquo;)\nAm Ende ist die Frage, wie man die Probleme, die ich in Communitygift versucht habe zu skizzieren angeht, und wie man sie durch die äußere Form und die Mechanismen der Site selber unterstützt.\nEin besserer Prozeß Damit ist es jedoch nicht getan, Wikipedia hat auch Prozeßprobleme.\nEs gibt ein Mentorensystem, aber es erscheint mir optional und es scheint zu erfordern, daß ein Neuling davon weiß und aktiv nach einem Mentor fragt, damit es greift. Jedenfalls ist nach meinem Informationsstand nicht sichergestellt, daß ein Neuling vom Mentorensystem erfährt und er einen Mentor angeboten bekommt. Offenbar ist das Mentoring auch mehr oder weniger 1:1, das heißt jeder Neuling bindet einen vollen Mentor und Dritte profitieren nicht von der Arbeit, die ein Mentor sich mit einem Neuling macht.\nBesser wäre etwas, bei dem ein Mentor sich mit einem Neuling befaßt und bei dem eine kleine Gruppe von Dritten auf einem ähnlichen Level das verfolgen könnte, ähnlich wie eine Schulklasse der Unterhaltung zwischen einem Lehrer und dem Schüler der grade dran ist verfolgt und davon profitieren kann. Man braucht also einen Mechanismus, der einem Mentor mehrere Schüler mit kompatiblen Hintergründen und Zielen zuordnet und beim den diese kleine Gruppe nicht nur allen Mentor-Schüler-Dialogen folgen kann, sondern sich auch gegenseitig helfen kann.\nMir ist nicht klar, ob es ein Ausbildungsprogramm für Mentoren gibt, und einen Plan der zu vermittelnden Inhalte und eine Liste von zu erreichenden und womöglich gar zu verifizierenden Lernzielen. Das würde sicherlich helfen, die Arbeit der Mentoren zu erleichtern und es würde auch die gewünschte Kultur von Wikipedia verbalisieren und damit einem Diskurs formal zugänglich machen. Das ist für mich ein ganz zentraler Punkt.\nDie passive Aggressivität Mir stellt sich Wikipedia von der Kommunikationskultur her als passiv-aggressiv dar, und ich empfinde auch eine gewissen Wagenburg-Mentalität. Ich habe meine Theorien, warum das so ist, aber ich habe keine Belege dafür, sondern nur Vermutungen.\nDa ist einmal die Tatsache, daß im Löschprotokoll jede Menge Artikel aufzufinden sind, die keine sind, sondern nur Schmierereien. Das bindet nicht nur Ressourcen, sondern es erzeugt auch ein \u0026lsquo;Wir gegen die\u0026rsquo; im Gehirn der Leute, die da aufräumen, einen \u0026lsquo;Muss sauberhalten\u0026rsquo;-Reflex, der auch dann nicht aufhört zu ticken, wenn diese Personen andere Dinge in der Wikipedia tun.\nIch glaube tatsächlich, daß eine höhere Einstiegshürde hier helfen würde. Ich glaube fest daran, daß man mit offenem Visier arbeiten sollte und ich sehe keinen Grund, warum jemand anonym, also \u0026lsquo;als IP\u0026rsquo;, neue Artikel anlegen können sollte - es wäre getrennt zu evaluieren, ob jemand \u0026lsquo;als IP\u0026rsquo; bestehende Artikel überarbeiten können sollte oder wie das mit strittigen Artikeln, geprüften Versionen und anderen qualitätssichernden Mechanismen zusammenspielt.\nJedenfalls sehe ich Wikipedia ganz sicher als etwas, das einer Ausbildung von Neulingen bedarf, was Ziele, Arbeitsweise und Kultur angeht - genau genommen sogar, was das Lesen von Artikeln angeht, siehe meine Bemerkungen zur Visualisierung von Qualität oben. Ich kann daher nicht erkennen, wie ein anonymer Benutzer eine Chance haben sollte, einen sinnvollen neuen Artikel zu erzeugen - 99% Spam über diesen Kanal stellen den Wert des Kanals selbst in Frage.\nSoweit ich weiß ist die englische Wikipedia auch schon so weit und läßt \u0026rsquo;eine IP\u0026rsquo; keinen Artikel mehr anlegen.\nWenn man den Streß bei den Löschköpfen senkt, indem man den Müllstrom einfach zudreht und an alle eingehenden neuen Artikel auch zwingend Namen dran baut, dann wird sich die Situation mit Sicherheit für alle Beteiligten massiv entspannen. Wikipedia ist dann nicht mehr anonyme Landschaft, sondern ein Garten, also Gegend, die jemand gehört und Änderung der Gegend, wobei die Änderung auch jemandem gehört.\nIndividuelle Ansprache, vor Publikum Die passiv-aggressive Weise findet ihren Niederschlag auch in den \u0026lsquo;Ausbildungsmaterialien\u0026rsquo;, die ich gesehen habe. Es ist vollkommen sinnlos und pädagogisch totaler Irrsinn, jemanden mit einem WP:RK auf 22 Druckseiten Relevanzkriterien zu schicken. Ähnliche Materialien, die in der Wikipedia auch zur Ausbildung verwendet werden, sind einem ähnlich trostlosen textwüstigen Zustand und können bestenfalls zur Textbausteinigung von Neulingen verwendet werden. So etwas produziert man nicht, wenn man jemanden aufnehmen und zum Erfolg führen will, sondern so gestaltet man Material, das abschrecken soll.\nSinnvolle Materialien sind klein, sodaß sie verwendet werden, um einen Neuling gezielt zu der Antwort zu senden, die ihm weiterhilft. Und die Antwort wird nicht als WP:XY gegeben, sondern als\nIch sehe in Deinem Artikel das Problem p. In WP:XY wird erklärt, warum das ein Problem ist und wie wir in der Wikipedia dazu gekommen sind, das als Problem zu sehen. In Deinem Fall würde ich p lieber als p\u0026rsquo; formulieren, dann vermeidest Du das.\u0026quot;.\nDie Länge der Antwort in WP:XY ist so bemessen, daß sie den Neuling nicht erschlägt, und sie enthält Verweise auf andere ähnliche Antworten oder Folgefragen, die erwartungsgemäß auftreten werden und einen Verweis auf eine Landkarte bzw. ein Inhaltsverzeichnis, damit man sich orientieren kann.\nIch glaube, ein weiterer Grund für die Wagenburg-Mentalität und die Affinität zu Holzmedien, die ich herauslese, ist Brockhaus-Neid. In der Vergangenheit hat Wikipedia sich beweisen müssen und ist von den Medien an den Bertelsmann- und Brockhaus-Lexika gemessen worden. Beide sind inzwischen Geschichte, aber Wikipedia befindet sich meinem Eindruck nach immer noch in der Tradition und im Wettbewerb mit diesen Enzyklopädien, anstatt sich davon zu emanzipieren und Wege zu finden, darüber hinaus zu wachsen.\nEs gibt ganz klar Möglichkeiten, über die Kommunikationsmethoden von totem Papier hinaus zu gehen, wenn man eine Website ist, aber Wikipedia entwickelt keinen erkennbaren Versuch das zu tun. Mit einer besseren Visualisierung von Qualität, Fakten und Diskurs kann Wikipedia nicht nur Wissen darstellen, sondern auch den Streit um und die Suche nach Wissen darstellen, und damit klar machen, wie es gewonnen und belegt wird. Das ist meiner Meinung nach die Mission, die Wikipedia annehmen muß, um sich weiterzuentwickeln und ich halte es durchaus für legitim, das einzufordern.\nSolche Strukturen erlauben es der Wikipedia dann auch, mit strittigen und unfertigen Dingen, aber auch mit transienten Themen auf eine Weise umzugehen, die es der Wikipedia erlaubt, die Zeit und den Aufwand der Autoren zu ehren anstatt als zentrales Reaktionsmittel auf fragwürdige Dinge nur die Löschung zu haben.\nDas heißt, das Kommunikationsziel dieses ganzen Diskurses ist für mich, die Wikipedia als Organisation zu lehren, differenzierter als mit \u0026lsquo;Löschen\u0026rsquo; zu kommunizieren und sich strukturell und technisch von Holz-Lexika zu emanzipieren. Beides gehört untrennbar zusammen.\n","date":"2009-11-13T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/13/communityfix.html","tags":["internet","wikipedia","lang_de"],"title":"Communityfix"},{"categories":null,"content":"Am 20. April 2009 hat Sun verkündet, daß sie von Oracle gekauft werden. Das hätte MySQL mit eingeschlossen. Am 10. November hat die EU dann mitgeteilt, daß sie diesem Kauf widerspricht und zwar ausschließlich wegen MySQL.\nGroklaw hat Hintergründe dazu , die ein wenig komisch erscheinen. Ausgerechnet Monty und Florian Müller argumentieren gegen diesen Verkauf und verwenden in den Texten, die sie öffentlich gemacht haben noch dazu die GPL: Diese verhindere nämlich kommerzielle Spinoffs und Forks von MySQL.\nDas ist auf vielen Ebenen seltsam bis unsinnig.\nZum rechtlichen Hintergrund:\nMySQL ist ein Dual-License Produkt. Man kann sich entscheiden, ob man die GPL Version von MySQL verwenden will oder ob man stattdessen ein kommerziell lizensiertes MySQL möchte. Die GPL-Version ist gegen Readline gelinkt und kann OpenSSL verwenden, die kommerzielle Version verwendet Editline und eine andere SSL-Bibliothek unter einer anderen Lizenz.\nMein Arbeitgeber ist Kunde bei MySQL, und zwar verwenden wir die GPL-Version von MySQL. Das können wir unter anderem deswegen, weil wir MySQL nicht weitergeben - die GPL garantiert das Recht, die Software auszuführen, den Source zu studieren und die Software zu modifizieren uneingeschränkt. Kunde sind wir für den MySQL-Support, die Software bekommen wir also frei und gratis. Den Support könnten wir auch woanders kaufen, etwa bei Unternehmen der Open Database Alliance, speziell Percona käme zum Beispiel gut in Frage.\nMySQL unter einer kommerziellen Lizenz braucht, wer MySQL als Bestandteil seines Produktes weitergeben möchte und dabei seinen eigenen Quelltext nicht offenlegen will.\nDie GPL zieht dabei die Grenze an den Prozeßgrenzen - es ist also kein Problem, etwa eine Box zu verkaufen, auf der ein PHP mit mysqlnd mit einem mysqld redet. Der mysqld ist GPL, das PHP und das mysqlnd darin sind PHP-License und beides sind verschiedene Prozesse, die juristisch problemfrei miteinander reden dürfen. Das ganze Ding ist einwandfrei und kann so verkauft werden, ohne daß kommerzielle Lizenzen in irgendeiner Form fällig werden.\nDie libmysqlclient.so ist GPL und kommerziell dual licensed. Wer sie in sein Programm linkt, muß sein Programm entweder unter die GPL stellen oder MySQL kommerziell lizensieren. Wenn man das nicht will, ist das im Grunde kein Problem: Das MySQL Protokoll ist schnell reimplementiert - mysqlnd hat das zum Beispiel getan.\nUnd schließlich kann es sein, daß man sein MySQL tatsächlich embedden will, also mysqld nicht als Server betreiben will, sondern als Bibliothek direkt in ein Programm hinein linken. In diesem Fall hilft einem - wenn man nicht selber GPL sein will - nur eine kommerzielle Lizenz. Oder daß man seine proprietäre Storage Engine in MySQL hineinlinken will - das geht ebenfalls nur mit einer kommerziellen Lizenz, denn andernfalls würde man ja die GPL-Geschmacksrichtung von mysqld und proprietären Storage Engine Code zusammen mischen und das geht nicht.\nGroklaw beleuchtet nun die Argumentation, die wir von Monty zu hören bekommen haben unter verschiedenen Aspekten. Dabei kommt Monty offenbar immer wieder auf die Möglichkeit von proprietären Forks von MySQL zu sprechen, die nicht möglich wären, wenn Oracle die Rechte an MySQL innehätte. Nun, so etwas ist auch jetzt schon nicht möglich, denn die Rechte an MySQL hat derzeit Sun, auch eine kommerzielle Firma.\nGroklaw findet es seltsam, daß Monty so gegen die GPL wettert und auch auf den angeblich \u0026lsquo;viralen\u0026rsquo; Character der GPL abhebt ( Kooperativ vs. Kompetetiv , Was steht in der GPL? , Warum GPL? ). Das ist Microsoft-Rethorik, und tatsächlich ist Monty nun genau Ratgeber bei der MS Codeflex Foundation. Groklaw zitiert auch eine längeren Text von Carlo Piana, der erklärt, warum die Open Source Community für den Deal sein sollte und wieso die GPL bzw. das Dual Licensing kein Problem sind.\nDer Punkt ist jedenfalls, daß die GPL bei MySQL nichts verhindert, außer für zwei sehr eingeschränkte Personenkreise: Leute, die MySQL embedden wollen oder Leute, die ihre proprietäre Technik in MySQL injezieren wollen. Beides ist eigentlich kaum ein Problem.\nDer nächste Punkt ist, daß Monty vorgeschlagen hat, daß Sun MySQL verkaufen möge, damit der Merger voran gehen könnte. Die Idee ist recht plump und offensichtlich: Monty kauft MySQL von Sun zurück, mit dem Geld, daß Sun ihm gegeben hat.\nDer dritte Punkt ist, daß das Problem nicht bestünde, wäre MySQL pur GPL lizensiert - die ganze Argumentation kann nur Halt finden, weil auch eine kommerzielle Lizenzvariante von MySQL existiert. Diese gehört aber grad Sun…\nWeitere Artikel zum Thema:\nDer Economist hat einen Bericht über den Handel, und zielt darauf ab, daß die amerikanische Monopolkomission dem Deal zugestimmt hat, die europäische ihn aber abgelehnt hat, und wie das zu einem Handelskrieg oder zumindest zu Verstimmung führen könnte.\nHeise berichtet ebenfalls.\nDie Position von SAP in dieser Sache bleibt zumindest nach der Berichterstattung im Dunkeln.\n","date":"2009-11-12T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/12/mysql-sun-oracle-und-die-eu.html","tags":["mysql","oracle","sun","lang_de"],"title":"MySQL, Sun, Oracle - und die EU"},{"categories":null,"content":" Wikimedia ruft auf zum Spenden! Nach dem Kohlepfennig der Exklusionistencent? Wenn Sie nicht spenden löschen wir diesen Artikel! \u0026ndash; @dyfa auf Twitter\nIhr löscht sogar im Spendenticker – lol\n\u0026ndash; Susanna Korn Da ist er also wieder mal, der alljährliche Wikimedia Foundation Fundraiser. Parallel dazu startet das Profi-Admin-Team der deutschen Wikipedia eine Sympathie-Offensive , nachdem die Wikipedia-Diskussion am 5.11. eher unschön über die Bühne ging: Mit Hausverboten für wichtige Diskussionsteilnehmer, vorab angefertigten Abschluß-Statements und ohne irgendein Ergebnis.\nWarum Wikipedia bitte sofort sterben muss faßt einige der Ergebnisse von letzter Woche zusammen. Unterdessen gibt es heute ein Löschwettrennen (runterscrollen!) in der Wikipedia.\nThomas Nesges schlägt vor, stattdessen lieber für Abgeordnetenwatch zu spenden. Oder Ihr schaut mal in Levitation rein.\nUpdate: Man lese einmal die Kommentare der Spender . In der Heise-Newsticker-Meldung heißt es:\nHatte sich die Wikimedia bisher vor allem mit Kleinspenden finanziert, versucht die Stiftung nun das Volumen der einzelnen Spenden zu erhöhen.\nStattdessen gibt es jetzt eine große Zahl von Ein-Euro-Spenden mit schriftlicher Begründung in der Kommentarzeile.\nUpdate: Bitte seht davon ab, die Spende mit einer Zweckbindung \u0026ldquo;für \u0026hellip;\u0026rdquo; zu versehen. Das macht der Vereinsbuchhaltung bei Wikipedia geradezu unglaubliche Arbeit. Danke sehr!\nUpdate: Die Ursache für diese Aktion ist bei blog.fefe.de dokumentiert.\nUpdate: Die Wikimedia Deutschland e.V. ist genervt .\n","date":"2009-11-12T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/12/update-der-allj-hrliche-wikimedia-spendenaufruf.html","tags":["internet","wikipedia","lang_de"],"title":"Update: Der alljährliche Wikimedia-Spendenaufruf"},{"categories":null,"content":"Während ich mir in Communitygift einmal angesehen habe, warum Wikipedia nicht funktioniert, wenn sie nicht funktioniert, findet man bei Helge Städtler einen wunderbaren Beitrag mit dem Titel Ein Eintrag in der Enzyklopädie Wikipedia: Wie geht das eigentlich? .\nHelge beschreibt seine Erfahrungen mit der Wikipedia und der Erzeugung eines Eintrages zum Thema Educast , also Lehr- Podcasts . Dazu hat er sich einen Benutzer Lgxxl angelegt und danach dann einen Eintrag erzeugt. In seinem Blogartikel dokumentiert er seine Erfahrungen in einer Art Tagebuch.\nBei ihm hat das Mentorensystem gegriffen und er ist einigermaßen sinnvoll an die Arbeit in der Wikipedia herangeführt worden. Obwohl seine Erfahrungen überwiegend gut waren und er streckenweise begeistert war, relativiert er das ein wenig:\n[…] bei mir ist das alles noch glimpflich abgegangen, weil ich meine ganze Erfahrung aus Diskussionsforen und E-Learning-Betreuung für die Deeskalation eingesetzt habe.\nEr verweist auch an mehreren Stellen auf Probleme mit den unpersönlichen Kommunikationskanälen in der Wikipedia. Dennoch: Die Mechanismen existieren - zumindest in Ansätzen. Sie werden nur nicht konsequent eingesetzt und sie werden von der Form der Wikipedia und von den Umgangsformen in der Wikipedia (das sind zwei verschiedene Dinge) nicht gut unterstützt.\n","date":"2009-11-12T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/12/wenn-wikipedia-einmal-funktioniert-tagebuch-eines-selbstversuches.html","tags":["internet","wikipedia","lang_de"],"title":"Wenn Wikipedia einmal funktioniert... Tagebuch eines Selbstversuches"},{"categories":null,"content":"Update: Diejenigen von Euch, die vom Trackback hierher kommen, finden alle Artikel zum Thema Wikipedia unter dem Tag Wikipedia. Die Diskussion ist seit der Aufnahme für die Sendung schon ein paar Artikel weiter gegangen.\nKaiL hatte mich heute im IRC noch auf Der alljährliche Wikimedia-Spendenaufruf angesprochen und ich hatte ihm versprochen, noch einmal genauer aufzuschreiben, wieso ich Wikipedia als Projekt für kaputt halte. Dies ist der Versuch, meine zunehmende Distanz zum Projekt Wikipedia als positive und konstruktive Kritik zu formulieren. Ich hoffe, es hat ein bischen geklappt.\nSeit fast einem Monat läuft die von einem relevanten Blog initiierte Diskussion über die Wikipedia.\nDie Diskussion begann damit, daß jemand in der deutschen Wikipedia begann, einen Löschantrag gegen das Lemma Mogis zu stellen, was in Fefes Blog aufgegriffen wurde. In der Folge gab es eine relativ wenig strukturierte Diskussion innerhalb und außerhalb der Wikipedia um die Relevanzkriterien und den Umgang mit ihnen in der deutschen Abteilung der Wikipedia.\nIm Fortgang der Diskussion gewann ich immer mehr den Eindruck, daß die Wikipedia eigentlich ein tieferliegendes strukturelles Problem hat: Sie ist schrittweise hermetisch geworden und sie kommuniziert destruktiv.\nAnderswo… Um das zu erläutern muß ich vorab erklären, daß meine Beschreibung hier Eindrücke von jemandem sind, der Wikipedia von außen sieht und sich im letzten Monat versucht hat, ein wenig mit dem Projekt zu befassen - ein Versuch, den ich im Grunde als auf ganzer Linie gescheitert betrachten kann.\nIch bin eigentlich jemand, der mit einer ganzen Menge Online-Projekt-Communities zu tun hat, und der sich auch als jemand sieht, der Gruppen vernetzt. In den meisten Gruppen, mit denen ich zu tun hatte, habe ich mich sehr willkommen gefühlt. Das hat auch damit zu tun, daß man dort sofort mit Personen zu tun hat und daß es adequate Infrastruktur gibt, die Interaktion fördert.\nDas ist besonders wichtig, wenn es um den Umgang mit Beiträgen von Neulingen geht. Von diesen Beiträgen gibt es zwei Sorten: Die eine Sorte hat einen erkennbaren eigenen Wert, auch wenn der Beitrag so nicht direkt ins Projekt übernommen werden kann, und die andere hat einen solchen Wert nicht. Letzteres ist das, was Wikipedia als Vandalismus bezeichnet.\nDie meisten Projekte haben keine Probleme mit Vandalismus. Das liegt daran, daß sie das nicht zulassen, was in der Wikipedia ein anonymer Edit wäre, also ein Edit von einem Benutzer ohne Account (Wikipedianer nennen einen solchen Benutzer \u0026rsquo;eine IP\u0026rsquo;, wobei man das wie \u0026rsquo;eine Kakerlake\u0026rsquo; betonen muß, damit die implizierte Bewertung mit kommuniziert wird - und das ist schon mal das erste Problem).\nZwar nehmen alle Projekte Beiträge von nicht registrierten Neulingen an, aber sie schalten diese Änderungen nicht frei. Stattdessen haben solche Projekte an Stelle des Wikis ein anderes, fortgeschritteneres Versionskontrollsystem - zum Beispiel git oder etwas Vergleichbares. Ein Neuling kann sich das Repository eines Projektes zur Gänze oder in Teilen kopieren und Änderungen von der offiziellen Kopie bei sich einarbeiten lassen. Seine eigenen Änderungen sind allerdings erst einmal lokal, und damit sie in die offizielle Kopie übernommen werden können muß man sich das Recht holen, dort Änderungen einstellen zu dürfen - man muß Commit-Karma bekommen.\nMeist bekommt man das nicht sofort, sondern durchläuft eine Art Probezeit, während der man seine Änderungen an einen Mentor übermittelt, der sie durchsieht, Anmerkungen zurück gibt und die Änderungen erst dann in die offizielle Kopie weiterfließen läßt, wenn sie den Ansprüchen des Projektes genügen.\nAndere, liberalere Projekte arbeiten anders herum: Sie haben \u0026rsquo;trailing controls\u0026rsquo;, bei denen dem Neuling sofort Karma gegeben wird, aber der Mentor die Änderungen seiner Neulinge nachverfolgt und retroaktiv kommentiert oder in katastrophalen Fällen rückgängig macht - mit einem Versionskontrollsystem ist das ja trivial machbar.\nDas Wesen dieses Zugangs zum Projekt ist der Aufbau von persönlichen Beziehungen zwischen den Teilnehmern, und damit eine aktive Integration in die Gruppe und das Vermitteln der Gruppenkultur an Neulinge sowie umgekehrt bis zu einem gewissen Grad ein ständiger Review der Gruppenkultur duch die Neulinge.\n… und Wikipedia Wikipedia macht eine ganze Menge von Dingen anders, und dadurch werden solche Integrationsprozesse nicht erzwungen und nicht gefördert. Da ist einmal wie bereits erwähnt die Tatsache, daß man - theoretisch - einfach so editieren kann, ohne sich irgendwie anzumelden oder mit einer Person zu reden. Das entfremdet von Anfang an - Menschen gehen mit \u0026lsquo;herrenlosen\u0026rsquo; Dingen anders um, als mit Dingen, bei denen sie wissen, daß sie einer Person gehören oder von einer Person betreut werden. Es gibt einen Unterschied zwischen \u0026lsquo;so Sachen\u0026rsquo; und \u0026lsquo;jemandes Besitz\u0026rsquo; - die wenigsten Menschen hätten Probleme, im Wald hinter einem Busch einen Haufen zu machen, aber die meisten Menschen tun das nicht in irgendjemandes Garten.\nWikipedia wirkt von außen als \u0026lsquo;so eine Sache\u0026rsquo; und nicht als \u0026lsquo;jemandes Besitz\u0026rsquo; und wird auch in Berichten über Wikipedia immer wieder so portraitiert. Ich wette, das zieht die Eingangsqualität von Änderungen gewaltig nach unten - hinter jedem Busch ein stinkender Haufen. Umgekehrt rührt das Kakerlaken-Image von Änderungen durch IPs genau da her und damit ist die freundschaftliche Basis für eine gegenseitig befruchtende Beziehung zwischen einem Neuling und der existierenden Gemeinschaft schon mal gefährdet.\nAber einmal angenommen, ein Neuling holt sich einen Login, meldet sich an und beginnt an einem Artikel zu ändern. Dann passieren einige Dinge und eine Menge Dinge nicht. Ausgehend auf meinen Erfahrungen und denen der von mir befragten nicht repräsentativen Stichprobe gibt es keine Kontaktaufnahme von Person zu Person und auch kein kurzes konkretes Howto mit Beispielen \u0026lsquo;So geht\u0026rsquo;s - und so nicht\u0026rsquo;: Wikipedia bleibt ein anonymes Objekt und versäumt die Chance, sich ein persönliches Gesicht zu geben.\nZum einen sind die Chancen gut, daß die Änderungen des Neulings rückgängig gemacht werden. In der Regel wird dabei ein Einwortkommentar hinterlassen. Hier zum Beispiel ist eine Liste von Löschungen in der deutschen Wikipedia und dahinter jeweils der Kommentar - \u0026lsquo;Unsinn\u0026rsquo;, \u0026lsquo;Kein Artikel\u0026rsquo;, \u0026lsquo;Kein enzyklopädischer Inhalt\u0026rsquo;, \u0026lsquo;Löschdiskussion\u0026rsquo;. Für einen altgedienten Wikipedianer hat das alles einen Sinn, denn in der Wikipedia haben bestimmte vermeintlich deutsche Worte eine eigene, innerhalb der Wikipedia genau definierte Spezialbedeutung bekommen, ähnlich wie es mit bestimmten Begriffen im \u0026lsquo;Juristischen\u0026rsquo; ist.\nDem Neuling ist dies alles nicht geläufig, für ihn ist \u0026lsquo;Unsinn\u0026rsquo; keine Erklärung, sondern eine Beleidigung. Das ist der hermetische Aspekt. Parallel dazu hat man ihm noch dazu die in seine Änderung investierte Zeit entwertet. Das ist der destruktive Aspekt.\nCredo des dclp FAQ Team Kommunikationstechnisch läuft also das Folgende ab: Ein Neuling ist bereit, an einem Projekt mitzuarbeiten, das sich ihm noch nicht als Person vorgestellt hat und für das er auch noch keine belastbare Arbeitsanleitung erhalten hat. Dennoch ist er mit seiner eigenen Zeit und Mühe versuchsweise in Vorleistung gegangen.\nDie Reaktion der ihm noch unbekannten Masse auf sein Bemühen ist unverständliche Kommunikation, Ablehnung und Beleidigung. Das ist Maximalschaden - das perfekte Communitygift, und das ist der Grund für den Titel dieses Textes.\nIn anderen Projekten ist das Vorgehen anders. In der de.comp.lang.php FAQ zum Beispiel versuchten wir damals Neulinge gezielt zu verändern und zu für uns als Gruppe nützlichen Helfern auszubilden. Unsere Eckpunkte waren:\nWir wollen nicht nur einem Neuling helfen, sondern wir wollen zu allen Zeitpunkten wie eine Person kommunizieren und den Neuling wie eine Person behandeln. Darum kommunizieren wir immer in vollständigen Sätzen und ohne gruppenspezifischen Slang. Wir wollen auch Standards für unsere Gemeinschaft setzen und kommunizieren daher immer in einem Ton, den wir von anderen in der Gruppe erwarten. Wir tun das unbedingt und immer und ausdrücklich selbst dann, wenn unser Gegenüber das nicht tut. Wir personalisieren unsere Antworten und wir kommunizieren spezifisch und konkret. Zum Beispiel können wir einen Neuling auf Artikel in der FAQ hinweisen, aber wir tun das niemals kontextfrei und allgemein, sondern immer auf einen oder zwei spezifische Artikel in der FAQ und immer mit einer kurzen Brücke, die erklärt, wie die Antwort in der FAQ mit dem spezifischen Problem des Neulings in Verbindung gebracht werden kann. Wir verstehen, daß wir Neulinge ausbilden müssen, um unsere Gemeinschaft zu stärken. Das bedeutet, daß wir von Neulingen keine Perfektion erwarten und daß wir einen vorbereiteten Pfad haben müssen, an denen wir den Neuling in seiner Entwicklung entlang führen können, bis er selber keiner mehr ist und stattdessen in der Lage ist, weiteren Neulingen unsere Kultur auf die von uns gewünschte Weise zu vermitteln. Wir sind eine Gruppe. Das bedeutet, daß niemand von uns immer arbeiten muß, aber es bedeutet auch, daß niemand dem anderen die Arbeit schwerer machen sollte als notwendig. Wenn man also einmal nicht die Zeit oder die Kraft hat, einen besonders aussichtslosen Fall anzugehen, dann ist es wichtig, nichts zu unternehmen, um diese Person nicht für den Kommunikationsversuch eines anderen Gruppen-Helfers zu versauen. Was man vielleicht erkennen kann: Diese Ideen sind darauf angelegt, einen Weg in die Gruppe rein zu zeichnen, ihn so leicht wie möglich zu gestalten und Kommunikation persönlich zu gestalten.\nIn der de.comp.lang.php FAQ hätte ein Neuling keine Änderung anonym vornehmen können. Wahrscheinlich wäre seine erste Änderung auch nicht auf einem Stand gewesen, daß man sie direkt in die FAQ hätte aufnehmen können.\nAber sie wäre nicht mit einer Einwort-Slangbegründung entwertet worden, sondern sie hätte einen Kontakt mit dem Team hergestellt, und es hätte eine konkrete Punkt-für-Punkt Kritik am Beispiel gegeben. Die redigierte Version wäre entweder direkt aufgenommen worden, oder dem Neuling zur weiteren Überarbeitung mit konkreten Zielen und weiteren Ratschlägen zurück gegeben worden.\nDas Ergebnis wäre gewesen, daß er Neuling sich nicht alleine fühlt, sondern mit Personen kommuniziert hätte. Seine Änderung wäre nicht wirkungslos gewesen, selbst wenn sie abgelehnt worden wäre, sondern er hätte auf jeden Fall wertvolles und konkretes Feedback bekommen und er hätte auf jeden Fall ein klar definiertes und erreichbares Ziel gehabt, für das zu arbeiten er sich entscheiden kann.\nDas heißt, es wäre Motivation generiert worden: Selbst ein Fehlschlag generiert noch einen Gewinn für den Neuling und dem Neuling wird klar, wie er relativ zu dem zu erreichenden Ziel steht.\nDieser Prozeß läßt sich noch verstärken, wenn man diese Kommunikation in einem gut strukturierten, öffentlichen Raum führt, etwa einer Mailingliste, auf der neben dem Neuling und dem Mentor noch weitere Neulinge mitlesen. Eine solche Diskussion bildet dann nicht nur den einen Neuling aus, um den sich der Mentor hier gerade kümmert, sondern an diesem Beispiel lernen auch die Neulinge schon etwas, die nur mitlesen. Sie können bestimmte Dinge schon im ersten Versuch vermeiden.\nNeuling vs. Wikipedia Schaut man sich den Onboarding- und Integrationsprozeß von Wikipedia an, dann erkennt man, daß keine einzige funktionierende Struktur existiert, die sicherstellt, daß ein Neuling überhaupt eine solche Sozialisierung und Ausbildung durchläuft. Weiterhin bemerkt man, daß keine Kultur für Onboarding und Ausbildung explizit gemacht oder gar vorgelebt wird. Wikipedia hat keine Tentakel, die Neulinge abgreift, einsaugt, indoktriniert und auf Arbeitsgeschwindigkeit bringt, aber ausgezeichnete Mechanismen, die im Grunde das Gegenteil davon bewirken.\nAuch in der zweiten Ebene ist Wikipedia als Kultur nicht gut aufgestellt. Wenn man als Außenstehender Löschdiskussionen liest, dann sieht man hier einen Haufen Bürokraten (ich meine nicht den gleichlautenden Wikipedia-Slangbegriff), die sich mit seelenloser Regelanwendung bekriegen.\nWas man nicht erkennt: Respekt vor der Zeit und Arbeit, die Autoren in Artikel hineingesteckt haben. Eine Löschdiskussion oder ein Revert ist eine Kommunikation, aber es ist eine Kommunikation durch Zerstörung - zerstört wird noch dazu die wertvollste Ressource eines freiwilligen Helfers: Seine Freizeit, die er in das Projekt gesteckt hat, wird entwertet, ohne daß irgendeine Form von positivem Feedback an ihn zurück fließt - Wikipedia frustriert nicht nur Neulinge, sondern auch gestandene, langfristig aktive Helfer systematisch.\nAngenommen ich überlebte also meine Zeit als Neuling bei Wikipedia und würde ein aktives Mitglied in der Gemeinschaft Wikipedia, was immer das ist - wäre ich dann auch so wie die da? Und würde ich so werden wollen wie die Leute, die da diskutieren? Das sind die Fragen, denen man sich als Betrachter von außen stellen muß und wenn ich als normaler Mensch gelten kann, dann ist die Antwort automatisch \u0026lsquo;Argh! Igitt! Nein!\u0026rsquo;.\nUnd dann existiert noch eine dritte Ebene von Wikipedia und das ist die Ebene der Posten und Pöstchen für brave und engagierte Mitarbeiter. Die Vorgehensweisen, Prozesse und Verflechtungen dort sind für einen Außenstehenden nicht verständlich, ebensowenig wie die organisatorischen Zuständigkeiten - wer gehört wem, und gibt die eingenommenen Spenden für wen zu welchem Zweck weiter.\nNeben dem unmittelbaren Eindruck der Intransparenz kommt zumindest für mich noch der Eindruck von fehlenden Checks und Balances dazu - mir ist nach einem Monat jedenfalls nicht klar, welche Mechanismen existieren, um etwa amoklaufende Admins und Löschköpfe einzubremsen. Zusammen mit einer Kultur fehlender Wertschätzung für die Zeit und Arbeit anderer erscheint mir das Fatal.\nThomas Nesges faßt das auf eine sehr prägnante Weise zusammen:\nDas aktuelle Problem der Wikipedia ist mit Geld nicht zu lösen.\nSo ist es.\nJe mehr ich über Wikipedia lerne, desto weniger begeistert sie mich. Communitygift. Frustrationsmaschine. Das müßte nicht sein. Es wäre sogar leicht zu ändern. Aber das setzte voraus, daß man das als Problem formuliert und akzeptiert und dann Änderungen in der Art der von mir oben beschriebenen Ansätze baute: Das heißt\nÄnderungen von Vandalismus unterscheiden Die Zeit und Arbeit, die in Änderungen geflossen ist, wertschätzen statt sie zu zerstören. Persönlich, konkret und ohne Slang kommunizieren. Als Personen mit Personen kommunizieren, und dabei Standards in der Kommunikation auch einseitig unbedingt einhalten. Ausbilden: konkret und positiv kritisieren und konkrete und erreichbare Ziele setzen. Multiplikator-Umgebungen schaffen, in denen Neulinge von der Ausbildung an Anderen nebenbei partizipieren können. Oh, und die Technik aktualisieren - Levitation ist technisch ein Meilenstein für Wikipedia. Aber ohne eine gewollte und gezielte Änderung der Kultur auch wirkungslos.\n","date":"2009-11-11T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/11/communitygift.html","tags":["internet","wikipedia","lang_de"],"title":"Communitygift"},{"categories":null,"content":" Links: Benutzer in der realen Welt. Rechts: Eine Unix UID, die diesen Benutzer im System repräsentiert.\nIch bin ich. Aber in einem Computersystem kann ich nicht sein, denn dort existieren nur Bits und Bytes. Daher werde ich dort durch einen Identifier repräsentiert. Diesen Identifier nennt man meinen Principal .\nWenn ich mich in einem System einlogge, dann gebe ich einen Usernamen an - ich behaupte, jemand zu sein. Diese Phase des Logins nennt man Identifikation, und zur Identifikation gebe ich entweder meinen Principal direkt ein, oder etwas, das vom System eindeutig auf den Principal abgebildet wird.\nDanach muß ich die behauptete Identität beweisen. Das nennt man Authentisierung und kann durch ein geheimes Wissen geschehen (ein Paßwort), durch Besitz (ein Token oder eine Chipkarte) oder durch Sein (Biometrische Daten), oder eine Kombination davon (Mehrfaktor-Authentisierung, etwa ein RSA-Token mit PIN und minütlich wechselndem Code, also Paßwort + Besitz).\nDas System ordnet meiner bewiesenen Identität dann Rechte zu. Das nennt man Autorisierung.\nEs kann auch verbrauchte Ressourcen mitloggen und abrechnen, das wäre Accounting (Mit AAA bezeichnet man oft den Dreiklang Authentication, Authorization and Accounting, etwa im Zusammenhang mit dem RADIUS -Protokoll).\nOder es kann Aktivitäten eines Benutzers auf eine Weise mitloggen, die nicht vermeidbar und nicht fälschbar ist, dann haben wir Auditing.\nAllen diesen Dingen gemeinsam ist die Tatsache, daß was immer wir machen, einem Benutzer zugeordnet werden muß, also einem Subjekt der realen Welt. Das heißt, wir müssen dieses Benutzersubjekt in unserem System modellieren. Das ist der Principal.\nEin System ist dabei ein Scope, in dem dieser Principal eindeutig ist.\nUnix: UID als Principal Zugriff auf eine Datei: UID 10100 will Datei /home/kris/.irssi/config (gehört ebenfalls UID 10100) öffnen.\nIn Unix ist das System etwa eine einzelne Maschine, und der Principal ist dann eine User ID (UID). Diese wird benutzt, um überall in Unix einen Benutzer zu repräsentieren: An Dateien klebt eine UID dran, und an Prozessen. Wenn ein Prozeß (Subject) einen Systemcall (Verb) auf eine Datei (Object) anwenden will, dann prüft Unix für die Kombination von Subjekt und Object, welche Access Control List definiert ist (rwx?) und ob die Aktion erlaubt ist. Wenn ein Prozeß eine Datei erzeugen will, wird die ACL des Verzeichnisses geprüft, in dem die Datei erzeugt werden soll, und die neue Datei erbt die UID des Prozesses als Eigentümer-UID.\nIn Unix meldet man sich mit einem Usernamen an. Macht man das auf einer Konsole und nicht an einem X11, dann druckt das Programm \u0026lsquo;getty\u0026rsquo; den Prompt \u0026rsquo;login:\u0026rsquo; und nimmt den Usernamen entgegen. Es startet dann das Programm \u0026rsquo;login\u0026rsquo;, welches den Prompt \u0026lsquo;Password:\u0026rsquo; druckt und das Paßwort abfragt. Eine Aufgabe von \u0026rsquo;login\u0026rsquo; ist es, die Authentisierung durchzuführen, also das Paßwort zu prüfen. Eine andere ist es, den Usernamen in den Principal, die UID, zu übersetzen. \u0026rsquo;login\u0026rsquo; selbst läuft dabei im Vorderteil noch privilegiert als root, und im Hinterteil degradiert unter der UID des Benutzers. Die letzte Aufgabe von \u0026rsquo;login\u0026rsquo; ist es dann, die Shell zu starten.\nNIS: Scope ohne Management Unix-Systeme kann man vernetzen, und dabei kann man das Problem haben, daß sich die Definition von Scope verändert. Setzt man zum Beispiel NIS (Yellow Pages) ein, dann hat man eine Gruppe von Unix-Systemen, die vom selben NIS-Master bedient werden. Innerhalb dieser Gruppe von Systemen muß die Abbildung von Usernamen auf Principals gleich sein, denn NIS hat keinen Mechanismus, der NIS-Principals von Unix-Principals trennen würde. Daher kann die Einführung von NIS auf einem Haufen zuvor uneinheitlich administrierter Unix-Systeme schmerzhaft sein, weil man unter Umständen UIDs umnummerieren und Dateien umownern muß, bis alles stimmt.\nNFS, das Network File System, ist dabei ein schönes Beispiel für Probleme mit dem Scope: Ohne NIS kann man NFS kaum einsetzen. Denn was NFS transportiert, sind UIDs. Wenn diese UIDs aber nicht vereinheitlicht sind, dann bedeutet die UID 100 auf meinem System etwa etwas ganz anderes als auf dem System da hinten.\nWenn das System da hinten zum Beispiel die lokale Fachhochschule wäre, wir die Firewalls noch nicht erfunden haben, und jemand an der FH einen NFS Export mit /home *(rw) konfiguriert hat, dann exportiert die FH die /home-Festplatte eines Rechners beschreibbar an die gesamte Welt.\nWenn ich diese Platte an meinem Rechner mit mount -t nfs einrechner.der.fh.de:/home /mnt bei mir mountete, dann würde ich unter /mnt jetzt die Home-Verzeichnisse der FH sehen und irgendwelche numerischen UIDs als Eigentümer der verschiedenen Home-Verzeichnisse sehen. Sagen wir, es gibt ein Verzeichnis /mnt/test1, das der UID 4711 gehört. Jetzt kann ich bei mir lokal den User mit der UID 4711 erzeugen, ihm ein Paßwort zuweisen und mich auf meinem Rechner als User mit der UID 4711 einloggen. Wenn ich dann cd /mnt/test1 mache, kann ich dieses Verzeichnis auf dem Rechner der FH beschreiben, also etwa eine /mnt/test1/.rlogin-Datei anlegen, die mir das Login von meiner Kiste auf dem Rechner der FH erlaubt ohne daß ein Paßwort abgefragt wird.\nEin Schutz existiert hier nicht: Der Rechner der FH akzeptiert meine UID 4711 als seine eigene UID 4711, obwohl beide aus unterschiedlichen administrativen Domains stammen, also komplett unterschiedlich gescoped sind. Das ist ausnutzbar, um beliebige Accounts auf dem entfernten Rechner zu übernehmen. Ein NFS-Export muß also immer auf Systeme innerhalb des Scopes der gemeinsam verwalteten UIDs limitiert sein.\nEin ähnlicher Angriff erzeugt Dateisysteme auf transportablen Medien - Disketten oder mobile Festplatten. Wenn diese auf dem importierenden System akzeptiert werden und nicht besonders behandelt werden, dann kann man sich zum Beispiel leicht eine Shell auf einer Diskette mitbringen, die der UID 0 gehört und SUID ist - sobald man die Shell also aufruft, wird man privilegiert.\nDas NIS+ System von Sun unterscheidet hier zwischen NIS+ Principals und Unix-Principals, und kann diese aufeinander abbilden. Das ist für jemanden, der von NIS her kommt oder dem das Konzept eines Security Principals nicht geläufig ist, zunächst einmal verwirrend, aber es macht die Administration später einfacher.\nLDAP: Übersetzung von Loginnamen in Principals (LDAP dn) LDAP Phase 1: Anonymous Bind zur Übersetzung von Login-Namen in einen LDAP dn.\nAuch LDAP verwendet Principals, die von Unix-UIDs verschieden sind - man meldet sich an einem LDAP-System entweder mit einem Benutzernamen oder direkt mit dem Principal, dem LDAP Distinguished Name, an. Da LDAP dn\u0026rsquo;s sehr lang sein können wird man in der Regel einen Benutzernamen (den Common Name oder den Unix-Loginnamen) verwenden. LDAP macht dann zunächst einmal einen Anonymous Bind (es meldet sich beim LDAP Server als eine Art Gast-User an) und einen Lookup vom Login-Namen auf den dn des Benutzers - dies ist quasi die Identification-Phase des Logins wie oben erwähnt.\nLDAP Phase 2: Mit dem DN und dem Paßwort meldet sich LDAP nym beim Server an. Gelingt das, stimmt das Paßwort. Der Server muß das Paßwort nicht herausgeben.\nNach einem Disconnect macht LDAP dann mit dem erhaltenen dn und dem Kennwort des Benutzers einen nymous Bind. Wenn der gelingt, weiß der Client, daß das für diesen dn angegebene Paßwort stimmt und der User ist auch authentisiert - der LDAP Server muß dazu das Paßwort nicht herausgeben: Wenn der nyme Bind gelingt, weiß der Client, daß das Paßwort stimmt. LDAP könnte nun mit dieser Verbindung die Rechte herunterladen, die dieser Identität zugeordnet sind, oder diese irgendwie anders ableiten - oft reicht nach dem nymous Bind auch ein einfaches Disconnect ohne eine einzige LDAP-Query.\nIRC: Principals done right (and wrong) Auch IRC hat Principals. In der Freenode-Geschmacksrichtung von Irc sind das die Nicknames, mit denen man sich beim Netz anmeldet. In irssi wäre das eine Definition wie\nchatnets = { freenode = { type = \u0026#34;IRC\u0026#34;; nick = \u0026#34;Isotopp\u0026#34;; autosendcmd = \u0026#34;/^msg nickserv identify s3cr3t; wait 2000\u0026#34;; }; }; Die Authentisierung des Nicknames Isotopp erfolgt hier, indem als User Isotopp eine MSG identify an den User nickserv gesendet wird, die das Authentisierungspaßwort enthält. nickserv prüft das, und ordnet dann über den Irc-Server dem User weitere Rechte zu.\nIn der Ircnet-Geschmacksrichtung von Irc funktioniert das anders. Ircnet ist archaischer und verwendet als Principal die IP-Nummer des Benutzers, unter der Annahme, daß diese Zuordnung a) irgendwie statisch und b) eindeutig ist. Eine Authentisierung findet nicht statt, sondern Ircnet vertraut dem unterliegenden Transport. Da TCP verwendet wird, weitgehend zu Recht. Ircnet ordnet IP-Nummern dann in der Autorisierung Rechte zu - zum Beispiel wird der gesamte Block von T-Online Adressen im Ircnet besonders behandelt.\nDas ist so, weil es aus diesem Adreßbereich Vandalismus gegeben hat, und da die Zuordnung von realen Personen zu Principals unter anderem wegen der T-Online 24h Zwangstrennung nicht fest ist, wenn man IP-Adressen statt Nicknamen mit Paßworten verwendet, muß man hier eine Art Gruppenhaftung einführen - wegen einiger Vandalen haben alle T-Onliner in Ircnet eine Sonderbehandlung - oder mit anderen Worten, die Zuordnung von realen Benutzern zu IP-Nummern ist nicht statisch und IP-Nummern sind keine richtigen Principals, werden aber von Ircnet dennoch so verwendet.\nIrcnet will auch die Anzahl der Nicknames limitieren, die ein einzelner User verwenden darf. Da IP-Nummern als Principals verwendet werden, limitiert man also die Anzahl der Verbindungen, die von einer einzelnen IP-Nummer ins Ircnet aufgebaut werden dürfen. Das ist lästig, wenn man einen Host betreibt, auf dem mehrere User eingeloggt sind, die alle IRC im Ircnet machen wollen: Ircnet verweigert einem dann irgendwann die Anmeldung mit \u0026ldquo;Too many host connections (global)\u0026rdquo;. Oder mit anderen Worten, die Zuordnung von realen Benutzern zu IP-Nummern ist auch nicht eindeutig, und IP-Nummern sind keine richtigen Principals, werden aber von Ircnet dennoch so verwendet.\nEin Weg, das zu fixen, ist eine Mail an die Ircnet-Operators mit der Bitte, eine Sonderbehandlung für den vermeintlichen Principal - die eigene IP-Nummer - einzutragen. Das ist auf mehrere Weisen lästig. Einmal muß man das alle paar Jahre wieder machen, wenn man den Server umzieht und die IP-Nummer des Servers sich ändert. Zum anderem muß die Eintragung unter Umständen auf mehr als einem Irc-Server erfolgen - denn während Ircnet zwar global über alle Server die Verbindungen zählt, erfolgt die Freischaltung auf jedem Server einzeln (und mit unterschiedlichen Limits). Das ist recht schwer zu debuggen und man muß bei jedem Serverbetreiber einzeln quengeln.\nEine andere Art das zu fixen ist, zu akzeptieren, daß Ircnet als Principal eine IP-Nummer verwendet, auch wenn IP-Nummern keine Principals sind. Man ordnet also jedem Unix-User eine eigene IP-Nummer zu. Die UID 100 verwendet als abgehende IP-Nummer 2a01:238:40ab:cd00::100, die UID 101 dann die 2a01:238:40ab:cd00::101 und so weiter. Ircnet zählt, blockiert und tracked dann jeden User via die IP-Nummer getrennt und man spart sich auf beiden Seiten Verwaltungsaufwand.\nIn irssi schreibt man das also als\nchatnet = { ircnet = { type = \u0026#34;IRC\u0026#34;; nick = \u0026#34;Isotopp\u0026#34;; username = \u0026#34;Isotopp\u0026#34;; host = \u0026#34;2a01:238:40ab:cd00::2774\u0026#34;; }; }; Dabei legt der Parameter host fest, an welche abgehende Adresse sich der Client bindet, mit welcher IP-Nummer er also für Ircnet sichtbar wird, hier wird der UID 10100 (kris) also die IP-Nummer …::2774 (dezimal 10100) zugeordnet. Ircnet akzeptiert das und erlaubt nun allen Unix-Benutzern den Connect vom lokalen System aus, weil jeder Benutzer von einem anderen Host kommt und daher nur gegen sein eigenes Limit zählt. Für die Ircnet-Operators ist das auch bequem - wenn ein User zickt, können sie seine IP-Nummer identifizieren und getrennt von allen anderen Benutzern von derselben physikalischen Maschine blocken.\nNur sicherheitstechnisch ist es immer noch nicht korrekt, denn IP-Nummern sind nun einmal keine Principals. Das Freenode-Modell zeigt, wie es korrekt funktioniert.\n","date":"2009-11-09T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/09/principal.html","tags":["identity","security","lang_de"],"title":"'Principal'?"},{"categories":null,"content":"Ich glaube ja, daß Google eine der am meisten mißverstandenen Firmen auf diesem Planeten ist. Die meisten Leute halten Google für eine globale Suchmaschine. Das ist wohl richtig, aber es greift viel zu kurz, wenn man sich die Konsequenzen nicht klar macht.\nGoogle selber formuliert die eigene Mission eher als den Versuch, alles Wissen der Welt zu erfassen, zu ordnen und gezielt zugreifbar zu machen. Das ist besser, aber die meisten Leute lesen das nicht oder denken nicht darüber nach, was das bedeutet.\nGoogle betreibt zum Beispiel Rechenzentren in aller Welt. Rechenzentren sind Kisten, in die man Rechner reinstellt, und in die man dann Strom, Kühlung und Netz einfüllt und Netz rausholt. Hauptkostenfaktor bei Rechenzentren ist Strom - also baut Google Rechenzentren die weniger Strom verbrauchen . Wenn man genug Rechner reinstellt und lange genug wartet, dann bekommt man Statistiken über die Zuverlässigkeit von Harddisks (PDF) und RAM Speicher (PDF). Sicher gibt es auch andere Leute, die große Mengen von Rechnern betreiben, aber diese Leute veröffentlichen anders als Google keine wissenschaftlichen Papers darüber. Vielleicht reden sie nicht wie Google darüber, wahrscheinlicher ist aber, daß sie nicht auf dieselbe Weise wie Google über ihr Handeln reflektieren.\nGoogle reflektiert das eigene Handeln sehr intensiv - und zieht die Konsequenzen daraus. Wer zum Beispiel so viele Rechenzentren wie Google hat , der braucht natürlich auch Mechanismen, um Daten zwischen diesen Data Centers zu transferieren. Das ist nicht etwas, das man bezahlen möchte. Also muß man sich eine günstige Methode überlegen, um Daten zwischen diesen Rechenzentren zu transferieren - gesagt, getan . Die Konsequenzen sind durchschlagend - Youtube hat einen signifikanten Anteil am gesamten Webtraffic der Welt, aber Google hat keine Traffickosten damit.\nIn der Konsequenz bedeutet das auch, daß Google am Ende die Diskussion über Netzneutralität nur teilweise interessiert. Google belastet die Netze von anderen ISPs jedenfalls nicht, weil Google sein eigener ISP ist und den erzeugten Traffic bevorzugt durch eigene Netze leitet und nur für die \u0026rsquo;letzte Meile\u0026rsquo; durch das Netz des ISP des Endkunden leitet. Das Argument, daß Google einem ISP Kosten erzeugt ist jedenfalls haltlos, und wird nur als Hebel gebraucht, um an die Einnahmen von Google zu kommen oder Google zu Zugeständnissen zu zwingen.\nGoogle ist also auch eine Art CDN , wenn man das so sehen will - die Rechenzentren sind jedenfalls über die ganze Welt verteilt und können in den meisten Fällen sehr nahe am Endkunden sein. Damit das so sein kann braucht man jedoch neben Bandbreite auch noch ein Dateisystem und in Kombination damit eine Art HSM , das nicht nur Replikation der Daten regelt, sondern die Daten auch netzwerktopologisch nahe an den Verbrauchern einlagert.\nGoogle hat das und minimiert so auch den Verkehr im eigenen Netz.\nDie Daten werden dann in Berechnungen benötigt, und die Berechnungen sollen angesichts der Massen von verfügbaren Rechnern parallelisiert werden. Dazu hat man einen Mechanismus entwickelt, der Map Reduce heißt und der es erlaubt, eine Berechnung auf eine große Menge von Rechnern zu verteilen, parallel auszuführen und die Ergebnisse einzusammeln. Das MapReduce Framework kümmert sich dabei um das Management der Berechnungsinfrastruktur, für den Entwickler bleibt also \u0026ldquo;nur\u0026rdquo; die Arbeit, die Berechnung in einer MapReduce-geeigneten Weise zu zerteilen und aufzuschreiben. Das ist die Grundlage, auf derer Google-Entwickler Anwendungen schreiben können und die ihnen erlaubt, diese Anwendungen auf 10^9 User hoch zu skalieren, ohne den Code übermäßig anpassen zu müssen.\nAber das ist Infrastruktur. Auf einer höheren Ebene passieren ebenfalls spannende Dinge:\nEine der Grundideen, die sich strategisch durch alle diese Aktivitäten von Google ziehen, ist die Unabhängigkeit von anderen Firmen. Ein schönes Beispiel dafür ist nicht nur die oben verlinkte Dark Fiber-Aktion, sondern auch die Entwicklung von Googe Maps mit Turn-based Navigation . Seit Anfang 2005 veröffentlicht Google in Google Maps auch Fotografien entlang der Strecke, die durch spezielle Kamerawagen erfaßt worden sind. Diese Erfassung muß also schon früher begonnen haben, die Konstruktion der Spezialfahrzeuge noch früher (der IPO von Google war jedoch im August 2004 - das zum Thema langfristige Planung).\nDieser Datenfundus ist inzwischen groß genug, um mit diesen Daten auch \u0026rsquo;turn based navigation\u0026rsquo; anbieten zu können und dabei weder von Teleatlas noch NavTeq als Datenquelle abhängig zu sein. Das war schon vor 3 Jahren vermutet worden , aber auch aktuelle Analysen greifen noch zu kurz .\nDenn mit Geodaten und Positionsinformationen aus Latitude lassen sich noch viele andere Dinge machen: Google füttert seine Kartendaten mit den Kennungen von Mobilfunknetzen aus Google Maps auf Mobiltelefonen und benutzt diese Information wiederum um ihr AGPS schneller zu machen. Mit den Daten aus Latitude lassen sich wiederum - eine ausreichende Nutzerdichte vorausgesetzt - Verkehrsströme erfassen, mappen und später vorhersagen. Wenn Maps dabei auf Mobiltelefonen läuft und die Telefone \u0026lsquo;in-car mode\u0026rsquo; signalisieren, dann kann man sogar Fußgänger und Autofahrer sicher voneinander unterscheiden, und mit den verwendeten Navigationszielen auch Vorhersagen für etwa Busnetzbetreiber machen, die diese Daten zur Angebotsoptimierung verwenden könnten.\nGoogle macht aber nicht nur Geoinformation, sondern spielt auch auf anderen Märkten. Dabei ist Google so modern und flexibel, daß die jeweils etablierten Player auf diesen Märkten als \u0026lsquo;wehrlos\u0026rsquo; gelten müssen. Googles Buchdigitalisierungsprojekt zum Beispiel ist so groß und umfassend, daß sich die Print-Industrie Existenzängsten ausgesetzt sieht und nach Regulierung schreit, anstatt mit Google über neue Geschäftsmodelle zu verhandeln. Aber statt Dinge wie Markterweiterung, Paradigmenwechsel und so zu thematisieren bekommt man Statements von Ledereinbandsfetischisten und Liebhabern des haptischen Bucherlebnisses die circa kurz nach Gutenberg stehen geblieben sind.\nDie verwandte Zunft der Nachrichtenagenturen fordert gar ein Leistungsschutzrecht für Nachrichten. Das ist eine Idee, die ich mit großem Amusement verfolge, denn unsere Regierung will dieses Recht auf Betreiben der Agenturen schaffen - und so werden wir beobachten können, wie genau dieses Recht am Ende die Agenturen umbringen wird. Denn es werden am Ende Nachrichten von Googles Agentur sein, die durch dieses Recht geschützt werden, und so werden die überlebenden traditionellen Verbraucher von Nachrichten am Ende von dort lizensieren müssen. Oder glaubt jemand nach der Google Maps/Streetview-Aktion, daß Google sich in dieser Sache von externen Firmen abhängig machen lassen wird, wenn sie es schon bei Kartendaten nicht zugelassen haben?\nEs gibt noch etwas anderes, das mich sehr fasziniert, und das ist die geringe Zahl von beobachtbaren Fuck-Ups bei Google. Ich vermute, daß man bei Google nicht viel anders arbeitet als etwa bei uns, d.h. daß man als web-basierendes Unternehmen so agil ist, wie es die eigene Größe irgend erlaubt. Bei solchen Rollouts kann es zu Ausfällen kommen , aber tatsächlich sind diese sehr sehr selten im Verhältnis zu der Anzahl der Rollouts, die stattgefunden haben müssen. Viele Pannen, die Google unterstellt werden, sind dabei noch nicht einmal welche: Die Google Voice Sache ist ein klassischer PEBKAC, und auch die Google Docs Sache ist mindestens partiell ein PEBKAC. Alles in allem habe ich angesichts der Größe der Operation, der Anzahl der Mitarbeiter und der Frequenz der Codechanges einen Heidenrespekt vor der Qualität, die Google da produziert.\nEs ist klar, daß es Mechanismen und eine Kultur geben muß, die das erzeugt und die solche Fuck-Ups erkennt und im Ansatz verhindert. Es gibt Theorien, die sich mit der 20% Time von Google beschäftigen. Es sieht wohl so aus, daß die meisten Googler diese Zeit verwenden, um intern Code Changes von Kollegen zu sichten und zu prüfen. Bei Cringely wird das näher beschrieben.\nDazu kommt noch, daß man Sachen, die sich messen lassen, auch mißt und sich nicht mit Meinungen aufhält, wenn man harte Daten haben kann - Marissa Mayer zum Beispiel ist bekannt dafür, daß sie einmal die Klickraten von 40 verschiedenen Blautönen hat Messen lassen.\nWenn man nun einmal ein paar Schritte zurücktritt und das Gesamtbild auf sich wirken läßt, dann erkennt man Muster:\nAlles in allem wirkt der Ansatz von Google auf mich wie eine Firma von Physikern oder anderen Experimental-Forschern mit akademischem Background, die beschlossen haben, einmal \u0026lsquo;so richtig\u0026rsquo; in die Wirtschaft zu gehen und ihre Methoden dort hin zu portieren. Man baut Modelle, identifiziert Abhängigkeiten und eliminiert sie konsequent und man hat keine Angst, dabei auch richtig groß zu denken und Neuland zu betreten.\nAuf eine Weise betreibt man Grundlagenforschung, aber nicht in der Abgeschiedenheit von Menlo Park oder einem anderen Elfenbeinturm, sondern gleich in der Produktion.\n","date":"2009-11-07T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/07/das-google-missverstaendnis.html","tags":["google","internet","technik","lang_de"],"title":"Das Google-Mißverständnis"},{"categories":null,"content":"Ich sitze hier auf der Open Source Monitoring Conference und unterhalte mich mit ein paar Nagios bzw. Icinga Entwicklern. Dabei hörte ich einen Haufen Flüche über NDO - Nagios Data Out. Ich schaue mir gerade die Dokumentation zum NDO Schema an und stelle fest, daß die Ideen hier auf eine Weise viele Fehler teilen, die auch dem MySQL Enterprise Manager Schema zugrunde liegen (Noch, das MEM-Team bastelt das grad um).\nEin naives Zeitreihenmodell Beiden ist gemein, daß man Zeitreihendaten von mehreren Meßwerten sammeln möchte. Der naive Ansatz ist die Definition einer Tabelle mit einem Timestamp und dem Key als Primärschlüssel, etwa\nCREATE TABLE messwerte ( ts datetime not null, key varchar(40) charset latin1 not null, value integer, primary key (ts, key) ); Schlüsselkompression Dabei wird es natürlich zu einer vielfachen Wiederholung der Werte von key kommen - speichert man etwa die Ausgabe von SHOW GLOBAL STATUS im Minutenabstand, dann hat man wieder und wieder die langen Namen von MySQL Statusvariablen in der Tabelle gespeichert. Das kann man wegnormalisieren, indem man definiert\nCREATE TABLE keys ( key_id smallint unsigned not null, key_name varchar(40) charset latin1 not null, primary key (key_id) ); CREATE TABLE messwerte ( ts datetime not null, key_id smallint unsigned not null, value integer, primary key (ts, key_id) ); Auf diese Weise speichert man nicht wieder und wieder dieselben Strings in der Tabelle ab, sondern hat die relativ langen Strings auf die 2 Byte eines SMALLINT ohne Vorzeichen reduziert.\nER-Diagramm mit Key-Compression durch eine Lookup-Tabelle.\nData Lifecycle Management - DROP statt DELETE In so einer Meßwertetabelle wird man ja laufend Meßwerte einfügen - und zwar von vielen Meßstellen gleichzeitig. Zugleich sollen auch Meßwerte ausgewertet werden. Damit sich die konkurrenten Schreibzugriffe nicht ins Gehege kommen und damit parallel dazu auch ungestört gelesen werden kann, muß diese Tabelle unbedingt eine InnoDB Tabelle sein - mit MyISAM zieht man sich sonst binnen kürzester Zeit die Table Locks zu.\nInnoDB speichert die Daten in einem B+-Baum ab: Ein balancierter Baum, bei dem die Blätter des Primärschlüssels die eigentlichen Daten sind. Die Daten werden also gemäß unserer Definition in der Reihenfolge (ts, key_id) gespeichert: Neue Daten werden immer an rechten Rand der Tabelle eingefügt, alte Daten stehen weiter links.\nDaten werden links gelöscht und rechts im Baum eingefügt. Dadurch muß der B-Baum ständig neu balanciert werden, damit er nicht zu einer linearen Liste degeneriert. Das ist eine sehr langsame Operation.\nDabei tritt ein Problem auf: Da neue Daten immer rechts angefügt werden und alte Daten immer links gelöscht werden, bekommen wir einen Baum, der maximal stark unbalanciert wird. Damit der B-Baum immer schön balanciert bleibt, müssen beim Löschen der Daten also massenhaft Rebalancing-Operationen durchgeführt werden - das involviert aber eine ganze Menge von Updates im oberen Teil des Baumes bis hin zur Wurzel, und wühlt damit also eine große Menge von Daten auf - noch dazu mit Random-I/O, also mit vielen Seeks.\nWenn man wie ich eine MySQL Enterprise Manager Instalallation hat, die pro Tag 7 GB neue Daten bekommt, dann muß man auch 7 GB Daten am Tag löschen, damit die Platten nicht überlaufen.\nDie generische Lösung ist hier, entweder MySQL 5.1 Partitionen zu verwenden, oder dasselbe manuell zu simulieren. Dazu baut man sich eine Template-Tabelle, die man dann in bestimmten Intervallen cloned: Pro Stunde, Tag, Woche oder Monat wird eine neue Tabelle angefangen.\nCREATE TABLE messwerte_template ( ts datetime not null, key_id smallint unsigned not null, value integer, primary key (ts, key_id) ); CREATE TABLE messwerte_20091028 LIKE messwerte_template; -- usw. Das hat den Vorteil, daß man alte Werte nun nicht mit einem \u0026ldquo;DELETE FROM messwerte WHERE ts \u0026lt; \u0026lsquo;20090928 00:00:00\u0026rsquo;\u0026rdquo; loswerden muß, sondern elegant \u0026ldquo;DROP TABLE messwerte_20090928\u0026rdquo; sagen darf. Dafür muß man - so man nicht Partitionen verwendet - bei den Queries ein wenig mehr arbeiten, weil man sich die Gesamtergebnisse aus den Tages-Tabellen zusammenstückeln muß, und dabei tunlichst nicht UNION verwenden darf, damit es schnell ist (UNION ALL wäre okay, wäre es nicht in MySQL kaputt ).\nSchema mit Key-Kompression und Tagestabellen. Löschung von Daten kann pro Tag durch ein DROP TABLE erfolgen.\nUNION ist deswegen nicht so toll, weil dies nach Definition Duplikate eliminieren muß, und dazu fügt MySQL intern die einzelnen Teiltabellen zu einer temporären Tabelle zusammen, sortiert diese, killt die Doubletten und schmeißt die temporäre Tabelle weg, nachdem es uns das Resultat gesendet hat. Leider ist die nächste Anfrage danach gleich wieder mit UNION, und der Zirkus geht von vorne los. UNION ALL hätte dieses Problem nicht (jedoch ) - es darf uns nach Definition fröhlich Duplikate senden und braucht daher diesen Verarbeitungsschritt nicht.\nLocality Of Reference Das nächste Problem ergibt sich nun aus der Tatsache, daß alle Meßwerte aus einer Messung in derselben Tabelle gespeichert werden. Eine Tabelle besteht in InnoDB ja aus Blöcken von 16KB, die jeweils am Stück geladen und gespeichert werden. In unserer Tabelle stehen nun Tripel (ts, key_id, value), wobei so knapp an die 300 verschiedene key_id und value pro ts gespeichert werden, wenn wir z.B. einmal pro Minute den Output von SHOW GLOBAL STATUS aufzeichnen. Eine Zeile (datetime, smallint, integer) ist 8+2+4 = 14 Byte plus Overhead (6+8 = 14) breit, d.h. wir bekommen etwa zwei Messungen in einen 16KB Block hinein.\nWenn wir nun aus diesen Meßwerten einen Graph zeichnen wollen, dann brauchen wir z.B. für einen InnoDB-Graph ca. 4 Meßwerte pro Messung. Wir laden also 16 KB, nutzen 8*4 = 32 Byte davon, schmeißen den Rest weg, laden die nächsten 16 KB und so weiter. Es wird klar, daß wir die Daten zwar in großen breiten Zeilen erfassen, diese aber in der Regel nicht so brauchen.\nEs ist also lohnend, sich Gedanken über die Bedeutung der Meßwerte zu machen und sie in etwa so zu gruppieren, daß wenigstens alle com-Counter in einer Tabelle, alle InnoDB-Meßwerte in einer anderen Tabelle stehen und so weiter. Dadurch würde beim Zeichnen des InnoDB-Graphen nicht auf eine Tabelle mit 8KB langen Rows zugegriffen werden, sondern vielleicht auf eine Tabelle mit 200 Byte langen Rows, und wir würden immerhin 32 Byte von 200 Byte nutzen, oder pro Block nicht zwei, sondern ca. 80 Meßwerte auf einen Schlag laden. Für einen 640 Pixel breiten Graphen würden wir also nicht mehr 320 16KB Blöcke laden müssen, sondern nur noch 8.\nWenn man begriffen hat, daß Locality of Reference und komplettes Data Lifecycle Management wesentlich sind, wenn man von Zeitreihen sinnvolle Performance will, und sein Datenmodell danach baut, dann kann man langsam einmal anfangen, sich über weitergehende Dinge Gedanken zu machen (etwa: Aggregation - wie viele Meßwerte brauche ich denn, um Pixel sinnvoll zu schwärzen). Aber das ist eine Diskussion für ein anderes Mal.\n","date":"2009-10-28T00:00:00Z","href":"https://blog.koehntopp.info/2009/10/28/ein-paar-gedanken-zu-zeitreihendaten.html","tags":["database","development","mysql","sql","lang_de"],"title":"Ein paar Gedanken zu Zeitreihendaten"},{"categories":null,"content":"Ich habe die letzten paar Tage unter Wikipedianern zugebracht. Also, nicht etwa in deren Wiki, wie man erwarten sollte, sondern im Freenode im Channel #wikipedia-de, wo offenbar einige Leute abhängen, die in der deutschen Wikipedia editieren. Die Erfahrung war… seltsam.\nAlso, die folgende Situation liegt vor: Jemand schreibt einen Artikel in einem großen deutschen Blog, der den Finger in eine Sache legt, die seiner Auffassung nach in der deutschen Wikipedia seltsam abgelaufen ist. Im Channel und offenbar auch in der Wikipedia kennt man diese Person nicht - wie auch, es gibt ja keinen Artikel über sie und außerdem ist es \u0026ldquo;nur ein Blogger, also nicht relevant\u0026rdquo;.\nIch werfe ein, daß dieses Blog, wenn es auf Artikel von mir verweist, durchaus eine substantielle Welle macht (Faktor 4, Heise macht bei mir Faktor 7) und in den \u0026ldquo;Deutschen Blogcharts\u0026rdquo; auf Platz 7 steht (Die Blogcharts messen Zitierhäufigkeit, nicht Zugriffe), und daß ich daher vielleicht eine etwas andere Auffassung des Relevanzbegriffes habe. Außerdem hat inzwischen auch Der Spiegel das Thema aufgegriffen - aber es ist ja nur der Spiegel Online, und der ist nicht relevant…\nDiese Sicht auf ein eigenwilliges, aber durchaus nicht unbedeutendes Blog ist schon ungewöhnlich und hat beinahe liebenswerte, offline-artige Züge.\nWie dem auch sei: Fefes Blog ist eine eigenartige Sache und für manche Leute schwer zu verstehen. Fefe berichtet dort eine ganze Menge Sachen, von denen die meisten unter der Überschrift abgelegt werden müssen \u0026ldquo;Wenn es schon nicht wahr ist, so ist es doch zumindest eine gute Geschichte\u0026rdquo;. Gelegentlich hat er außerdem Dinge darin, die bereits bestehende Energie in seiner Community nimmt und ihr eine Richtung gibt - er liefert keine Gründe, aber er liefert Anlässe. Das sind dann so Dinge wie das Prügelpolizistenvideo, das auch von den Holzmedien aufgegriffen wurde, oder halt so Dinge wie die Mogis-Löschung in der Wikipedia.\nDie Reaktion der Wikipedianer auf den Artikel ist aber auch aus anderen Blickwinkeln interessant:\nEinmal gibt es eine große Menge Leute, die sich mit dem Anlaß aufhalten, also der konkreten Löschung, an der erwartungsgemäß viel weniger Substanz ist als ursprünglich berichtet. Das wichtige wäre aber, sich mit dem Grund auseinanderzusetzen, der dafür sorgt, daß diese Angelegenheit ein so großes Medienecho erzeugen kann. Das kann sie nämlich nur, weil Wikipedia in Deutschland ein echtes Problem hat - die Löschköpfe werden als dominant wahrgenommen.\nIn jedem einzelnen Artikel, der die Meldung von Fefe aufgegeben hat gibt es eine ganze Reihe von Kommentaren, in denen sinngemäß steht \u0026ldquo;Ich hab meine Mitarbeit an der deutschen Wikipedia aufgegeben, nachdem meine Artikel, in die ich viel Zeit und Mühe investiert habe, dort wegen $GRUND gelöscht worden sind.\u0026rdquo; oder in denen sinngemäß steht \u0026ldquo;Ich schaue schon gar nicht mehr in die deutsche Wikipedia, weil die Sachen, nach denen ich suche sowieso nur in der englischen Wikipedia zu finden sind.\u0026rdquo;\nZugleich hört man im IRC-Channel Vertreter der Löschkopf-Fraktion argumentieren, daß die deutsche Wikipedia zu wenig Mitarbeiter hat und daß man unter anderem deswegen löschen müsse und sich auf relevante Kern-Artikel konzentrieren müsse, weil man sonst die Qualität mit der Anzahl der engagierten Wikipedianer gar nicht aufrecht erhalten könne. Auf die Querverbindung, daß die Politik der Löschköpfe etwas mit der Anzahl und der Motivation der Leute zu tun haben könnte kommt keiner.\nZum anderen, und das greift hier direkt rein, ist die Reaktion der deutschen Wikipedia spannend. Sie agiert nämlich quasi wehrlos.\nAlso, es ist ja nicht weiter schwierig, viel von dem Zeugs zu widerlegen, das Fefe da schreibt. Insbesondere wenn man ein Online-Lexikon mit einer Armee von geübten Rechercheuren ist, und Fefe eine Einzelperson mit einer fragwürdigen Quellenlage. Davon ist wenig passiert, oder, wenn es passiert ist, ist es nicht geeignet publiziert worden.\nDann ist die ganze Aktion ja auch ein Gratis-PR Fest. Ich meine, da kommt einer mit 270.000 Hits/d vorbei und hetzt eine Meute von Lesern in meine Richtung. Das wäre die Gelegenheit, diesen Leuten einmal vorzustellen, was Wikipedia ist. So wie das \u0026ldquo;Ich bin Pirat! \u0026quot;-Video einer Organisation wie der Piratenpartei ein Gesicht gibt, hätte man leicht Webseiten haben können mit einem Gesicht pro Tag, auf denen sich ein engagierter Wikipedianer vorstellt. \u0026ldquo;Ich bin \u0026hellip;, und betreue die Kategorie \u0026hellip; Wir haben \u0026hellip; Artikel, und bauen derzeit den Bereich \u0026hellip; aus. Dazu suchen wir noch Leute, die uns helfen, die Quellenlage bei \u0026hellip; zu verbessern.\u0026rdquo; Instant win - nix ist passiert.\nOder man macht an einem Tag einmal eine Reportage über jemanden aus der Eingangskontrolle. \u0026ldquo;Wir bekommen hier jeden Tag \u0026hellip; neue Artikel. Die meisten von denen sehen so aus: $BESONDERS_SCHLECHTES_BEISPIEL. Wir haben nun ein Dilemma: Sollen wir den Artikel wegschmeißen und jemanden frustrieren oder bauen wir ihn aus, in der Hoffnung, daß diese Person lernt und es das nächste mal besser mache. Ein guter Artikel in einem Lexikon sieht ja so aus: $ARTIKEL_VON_EBEN_ETWAS_BESSER. Wir haben da die folgenden Punkte nachgerüstet: $ERKLÄRUNG.\u0026rdquo; Und so weiter. Auf diese Weise gibt man dem Laden ein Gesicht und zieht zugleich Leute rein.\nWikipedia-DE tut nichts von alle dem. Wikipedia-DE schweigt, lästert im Irc über den Vorfall und geht zur Tagesordnung über. Wikipedia-DE vergibt hier eine große Chance, sich weiter zu entwickeln, sich zu öffnen, sich darzustellen, und Herzen zu gewinnen - Wikipedia-DE hat zu viel Hirn, zu viele Regeln und kein Gesicht.\nUnd das, liebe Wikipedia-DE, ist der Grund. Fefe war nur der Anlaß. Wenn Ihr besser werden wollt, dann müßt Ihr an dem Grund arbeiten, und den Anlaß\u0026hellip; Naja, der ist am Ende nicht weiter wichtig.\nPS: Ich hänge da nun schon einige Tage in dem Channel, aber ein Tutorial \u0026ldquo;Wikipedia - wie man es macht\u0026rdquo; habe ich noch nicht gesehen. Und auch im Channel niemanden jemand anders auf so etwas hinweisen sehen. Habt Ihr überhaupt Neulinge? Wenn ja, wie saugt ihr die ein und bringt sie auf Geschwindigkeit? Würd mich echt mal interessieren.\n","date":"2009-10-21T00:00:00Z","href":"https://blog.koehntopp.info/2009/10/21/unter-wikipedianern.html","tags":["internet","wikipedia","lang_de"],"title":"Unter Wikipedianern"},{"categories":null,"content":"Ich lese gerade SQLite Foreign Key Support und ich muß sagen, ich kann mir ein leichtes Grinsen nicht verkneifen.\nAlso, ich finds ja gut, daß SQLite die Option für Foreign Key Constraints implementiert und ich finds sogar noch besser, daß mit DEFERRABLE INITIALLY DEFERRED sogar die einzig sinnvolle Weise das zu tun bereitgestellt wird, aber ich frag mich schon, wozu das gut sein soll.\nForeign Keys Aber von vorne. Wenn eine Tabelle einen Primary Key hat, dann kann jede Zeile in der Tabelle über diesen Key eindeutig identifiziert werden. Das erlaubt es, in anderen Tabellen auf Zeilen der Ausgangstabelle Bezug zu nehmen:\nCREATE TABLE a ( aid INTEGER UNSIGNED NOT NULL PRIMARY KEY, adata VARCHAR(20) NOT NULL ); CREATE TABLE b ( bid INTEGER UNSIGNED NOT NULL PRIMARY KEY, aid INTEGER UNSIGNED NOT NULL, bdata VARCHAR(20) NOT NULL ); Hier ist b.aid der Primärschlüssel von a, der in b genannt wird. Wir nennen b.aid den \u0026ldquo;Fremdschlüssel von a in b\u0026rdquo;.\nDazu ein paar Anmerkungen, weil es oft nachlässig gehandhabt wird: aid ist kein Fremdschlüssel, sondern aid ist nicht eindeutig. a.aid ist ein Primärschlüssel, b.aid ist \u0026ldquo;der Fremdschüssel von a in b\u0026rdquo; und ohne den \u0026ldquo;von a in b\u0026rdquo;-Teil ist es streng genommen auch wieder nicht eindeutig.\nDennoch sagen viele Leute \u0026ldquo;aid ist Fremdschlüssel\u0026rdquo; und überlassen es dem Kontext, klarzustellen daß \u0026ldquo;b.aid ist ein Fremdschlüssel von a in b\u0026rdquo; gemeint ist. Da muß man sich dran gewöhnen und das mental korrekt expandieren.\nUnd schließlich ist es tatsächlich so, daß schon das bloße Anlegen von b.aid und Befüllen von b.aid mit Werten von a.aid ausreicht, um eine Fremdschlüsselbeziehung zu definieren. Es kann nun sein, daß jemand oder etwas illegale a.aid in b.aid hinterlegt, daß also b.aid existieren, für die es keine passenden a.aid-Einträge gibt, und das führt uns zur folgenden Verschärfung.\nForeign Key Constraints Solche illegalen Werte in b.aid zu verhindern ist die Aufgabe einer FOREIGN KEY CONSTRAINT, aber diese ist vollkommen optional. Wollte man sie haben, definierte man sie so:\nCREATE TABLE b ( bid INTEGER UNSIGNED NOT NULL PRIMARY KEY, aid INTEGER UNSIGNED NOT NULL, bdata VARCHAR(20) NOT NULL, FOREIGN KEY (aid) REFERENCES a(aid) -- hier noch Optionen ); und wo der Kommentar Optionen vorsieht könnte man noch Dinge notieren wie DEFERRABLE INITIALLY DEFERRED.\nEinige Datenbanken-Implementierungen verlangen auch noch Nebenbedingungen wie \u0026ldquo;auf a.aid und auf b.aid muß jeweils ein Index definiert sein\u0026rdquo;. Das ist sogar dann sinnvoll, wenn die Implementierung es nicht verlangt, aber im mathematisch-definitorischen Sinne nicht notwendig. Die Implementierungen verlangen so etwas, denn wann immer wir eine CONSTRAINT definieren, muß diese ja auch geprüft werden. Für die Prüfung wollen wir realistischerweise, daß diese effizient durchgeführt wird - das geht aber nur mit einem Index flink.\nEine kleine Abschweifung: Schlüssel vs. Index Eine kleine Abschweifung: Das ist auch der Grund, warum die Begriffe Schlüssel (Key) und Index von Datenbankern synonym verwendet werden: Ein Schlüssel ist etwas, das eine einzelne Zeile (UNIQUE KEY) oder eine zusammengehörende Gruppe von Zeilen identifiziert, ein Index ist die Struktur, die diese Dinge schnell auffindbar macht.\nDefiniert man zum Beispiel eine UNIQUE KEY CONSTRAINT (es kann nur eine Zeile dieses Wertes in einer Tabelle geben), dann muß beim Einfügen von neuen Zeilen ja in der Tabelle nachgesehen werden, ob es diesen Wert vielleicht schon gibt. Ohne einen Index wäre das eine sehr langsame Operation - daher geht eine UNIQUE KEY CONSTRAINT immer mit einem Index auf die Zeile zusammen und daher verwenden die meisten Datenbanker die Begriffe KEY und INDEX austauschbar, auch wenn sie verschiedene Dinge bezeichnen: Ein Schlüssel ist eine Eigenschaft einer Spalte, ein Index ist eine Struktur der Implementierung.\nWozu FK-Constraints? Wie auch immer: Die Aufgabe einer FOREIGN KEY CONSTRAINT ist es, sicherzustellen, daß in der Fremdschlüsselspalte b.aid zu jedem Zeitpunkt immer nur gültige Werte stehen.\nIn MySQL ist es nun leider so, daß InnoDB dies etwas dämlich implementiert: Dort wird nämlich - wie in SQLite per Default auch - nach jedem Statement geprüft, ob die Constraint gültig ist oder verletzt wird. Das macht es notwendig, die Reihenfolge von Operationen so zu gestalten, daß die Constraint immer gilt - selbstreferentielle Strukturen nerven besonders, weil man diese quasi nur Top-Down aufbauen kann, und wenn die Struktur zirkulär ist, kann man sie gar nicht errichten, es sei denn, man schaltet die Constraint-Prüfung aus.\nIch kann also in MySQL nicht so vorgehen:\nBEGIN WORK; INSERT INTO b (bid, aid, bdata) VALUES (1, 1, \u0026#34;keks\u0026#34;); INSERT INTO a (aid, adata) VALUES (1, \u0026#34;keks\u0026#34;); COMMIT; Dies scheitert nach dem ersten Insert, weil die a.aid = 1 noch nicht existiert, wenn ich die b.aid = 1 in die Tabelle einfüge. Technisch ist das eigentlich kein Problem, denn da dies alles in einer Transaktion geschieht tauchen beide Werte gleichzeitig erst zum COMMIT in der Datenbank auf, aber die Prüfung erfolgt leider per Statement und nicht per Transaktion. Ich muß also Entwickler als meinen Code passend strukturieren, egal ob das der Anwendungslogik gerecht wird oder nicht.\nIn SQLite darf man immerhin DEFERRABLE INITIALLY DEFERRED angeben, und das will man offenbar auch dringend. In diesem Fall wird die FK-Constraint nicht bei jedem Statement geprüft, sondern erst am Ende einer Transaktion beim COMMIT. Man kann sich also seine Strukturen nach Belieben zusammenbauen, und die Datenbank erzwingt dabei keine besondere Ordnung der Anweisungen im Code, sondern verlangt nur, daß in dem Moment, wenn man seine Änderungen für Dritte sichtbar publiziert, die FK-Constraints eingehalten werden.\nDer Sinn von FK-Constraints ist es, gültige Datenstrukturen und insbesondere gültige Verknüpfungen zwischen Daten zu erzwingen, die auf verschiedene Tabellen desselben Schemas oder derselben Instanz verteilt sind. Die FK-Constraint macht diese Prüfung in der Datenbank, denn nur so ist sichergestellt, daß unterschiedliche Anwendungen, die unterschiedliche Bibliotheken und Programmiersprachen verwenden, denselben Bedingungen beim Schreiben hinsichtlich der Gültigkeit von Datenstrukturen unterliegen.\nBitte mal Anhalten und den vorhergehenden Satz ein zweites Mal lesen.\nIm Netz findet man mitunter Diskussionen über Datenmodellierung und dort gibt es in der Regel eine Gruppe von Personen, die vehement die Auffassung vertritt, daß ein Datenmodell, das FK- und andere Constraints nicht im Modell definiert schlicht falsch (ersatzweise \u0026ldquo;Schrott\u0026rdquo;, \u0026ldquo;Müll\u0026rdquo;, \u0026ldquo;Gefrickel\u0026rdquo; und anderes) ist.\nGrenzen und Probleme von FK-Constraints In der Aussage oben stecken ein paar Annahmen drin, und die sind nicht unbedingt immer gegeben. Wenn sie nicht gegeben sind, sind FK-Constraints mindestens sinnlos, manchmal sogar schädlich.\nEine Annahme, nämlich die, die mich angesichts der FK-Constraints von SQLite grinsen ließ, ist wie folgt: Es ist die Rede davon, daß unterschiedliche Anwendungen mit unterschiedlichen Bibliotheken oder Programmiersprachen auf die Datenbank zugreifen. SQLite ist aber eine Embedded Datenbank, die Daten in einer einzelnen Datenbankdatei ablegt und Locking auf der Ebene der gesamten Datenbank betreibt. Auf eine SQLite-Datenbank (etwa die Titelliste von iTunes oder das MacOS Adreßbuch) greift in der Regel nur eine Anwendung (iTunes, das Adreßbuch) schreibend zu. FK-Constraints in SQLite sind… ziemlicher Overkill.\nAuch bei \u0026ldquo;uns\u0026rdquo; in der Produktion haben wir uns entschieden, MySQL FK-Constraints überwiegend nicht zu nutzen. Das hat eine Reihe von Gründen, die zum Teil auch nur gültig sind, weil wir in einer speziellen und sehr günstigen Ausgangslage sind.\nIn MySQL ist die Nutzung von FK-Constraints überhaupt nur sinnvoll möglich, wenn die InnoDB Storage Engine verwendet wird. In MyISAM wird die Syntax für Constraint Definitionen zwar geparsed, dann aber nicht beachtet. Wir nutzen InnoDB, aber wir definieren keine neuen Constraints mehr und wir nehmen die existierenden Definitionen schrittweise nach Möglichkeit zurück.\nDas ist so, weil zum einen unser Schema inzwischen größer als eine Instanz ist: Wir haben zwar verschiedenen MySQL-Instanzen, aber diese sind in Wirklichkeit alle nicht alleinstehend, sondern wir haben Bezüge zwischen Daten, die in verschiedenen Instanzen liegen: Daten in Tabellen der \u0026ldquo;av\u0026rdquo;-Instanz beziehen sich auf Datensätze, deren Rows in Tabellen der \u0026ldquo;bp\u0026rdquo;-Instanz liegen. Dies ist mit einer FK-Constraint nicht zu modellieren, und wenn man es modellierte wäre es kaum effizient zu prüfen: Die Netzwerk-Latenzen würden sich akkumulieren und zu sehr bremsen um praktikabel zu sein.\nEs ist auch absehbar, daß wir bald Tabellen haben werden, die größer als eine Instanz sind, daß wir also Sharding betreiben werden müssen. In diesem Fall verschärft sich die Situation noch weiter.\nEs ist weiterhin so, daß wir so sehr auf Performance optimieren müssen, daß wir uns die Kosten von FK-Constraints nicht mehr leisten können und wollen. Wenn man eine FK-Constraint definiert, dann muß diese ja auch geprüft werden - MySQL prüft sie bei jedem Zugriff.\nDas bedeutet aber bei jedem Schreibzugriff gibt es einen weiteren Lookup in der referenzierten Tabelle. Dazu muß die referenzierte Tabelle wiederum zum Teil geladen werden, was den Cache-Footprint bzw. den Working Set der Anwendung auf eine Weise vergrößert, die in bestimmten Situationen fatal sein kann. Die Anwendung kann plötzlich von speichergesättigt in einen disk-bound Zustand übergehen, weil sich der Working Set durch die Lookups so stark vergrößert, daß der aktive Teil der Anwendung nicht mehr im Speicher gehalten werden kann.\nObendrein kommt im speziellen Fall von InnoDB, daß Schreibzugriffe auf ein Ende einer FK-Constraint nicht nur den beschriebenen Record X-Locken, sondern auch das andere Ende der Beziehung S-Locken, und daß diese Locks außerdem bei kaskadierenden Beziehungen über hierarchische Strukturen noch weiter eskalieren können. Schemata mit vielen FK-Constrains und vielen Schreibzugriffen erzeugen also unter Umständen um Größenordnungen mehr S-Locks und das wiederum kann die Rate von Deadlocks und Lock Timeouts um ein Vielfaches nach oben treiben.\nBei \u0026ldquo;uns\u0026rdquo; ist es nun so, daß wir in der Produktion ein reines Open Source Umfeld haben. Wir wissen also nicht nur, welche Anwendungen bei uns auf Datenstrukturen in der Datenbank zugreifen, sondern wir kontrollieren auch, wie sie es tun. Wir können erzwingen, daß alle Operationen auf Daten in der Datenbank durch bestimmte Routinen in bestimmten Bibliotheken erfolgen und daß dort bestimmte Dinge erzwungen werden können.\nWir haben uns also ein System gebaut, daß FK-Constraints außerhalb der Schemadefinition nachbaut. Unsere FK-Constraints können daher Instanzengrenzen überbrücken. Wir können außerdem optional entscheiden, daß wir die Constraintprüfungen nicht live vornehmen wollen, sondern daß wir die Tests stattdessen in Intervallen im Batch auf den bestehenden Daten vornehmen (ähnlich einem fsck).\nDa wir ziemlich intensiv Replikation einsetzen, brauchen wir das auch nicht auf einer produktiven Datenbank zu tun, sondern können das auf Kopien von Instanzen machen, die offline genommen worden sind. Und wir müssen das nicht oft tun, denn wenn wir verifiziert haben, daß der Code, der Änderungen an den Daten vornimmt, diese Änderungen korrekt durchführt, dann können Verletzungen der Constraints nur noch dann vorkommen, wenn Ausnahme-Betriebszustände erreicht wurden.\nON DELETE CASCADE ist noch mal ein Extraproblem Schließlich ist es so, daß FK-Constraints auch mit triggerhaften Aktionen verknüpft sein können. ON DELETE CASCADE zum Beispiel ist so eine Aktion: Sie bewirkt, daß alle von einer a.aid abhängigen Zeilen in b gelöscht werden, wenn a.aid gelöscht wird.\nSolche Kaskaden sind aus mehreren Gründen schädlich und man sollte diese Art von Definition grundsätzlich nicht verwenden, selbst wenn man FK-Constraints ansonsten einsetzt oder einsetzen muß: Solche Definitionen fördern schlechten und schwer zu wartenden Code.\nStatt die Datenstrukturen im Code aufzuräumen und etwa abhängige Records explizit zu löschen, wird man einfach ein DELETE FROM a WHERE a.aid = ? programmieren und die FK-Constraints implizit die Arbeit tun lassen. Implizite Aktion macht aber die Funktion des Programmes opak: Dem nächsten Entwickler, der auf den Code schaut, wird nicht klar sein, daß dies eine teure Operation ist, die sehr große Folge-Aktionen und Folgekosten in anderen Tabellen nach sich zieht. Die Wirkung von Statements ist auch nicht mehr auf eine einzelne Tabelle beschränkt, sondern das harmlose kleine DELETE kann eine Spur der Verwüstung durch die gesamte Datenbank ziehen (insbesondere bei Vorhandensein von selbstreferentiellen Strukturen mit FK-Constraints).\nKorrekt wäre die Definition einer FK-Constraint, die die Löschung der 1-Seite einer 1:n-Beziehung verhindert solange noch n-Records existieren, die sich auf den zu löschenden 1-Record beziehen. Der Entwickler ist dann gezwungen, den entsprechenden Löschcode in der Anwendung explizit hinzuschreiben, oder, wenn er schlauer ist, die passende Funktion aufzurufen, die die Löschung für ihn vornimmt. In jedem Fall ist aber durch den Blick auf den Code allein sofort klar, was dort passiert und wie groß der Einschlag ist, den man spürt, wenn dieser Code auf die Datenbank trifft.\n","date":"2009-10-20T00:00:00Z","href":"https://blog.koehntopp.info/2009/10/20/ein-paar-gedanken-zu-foreign-key-constraints.html","tags":["database","development","mysql","sql","sqlite","lang_de"],"title":"Ein paar Gedanken zu Foreign Key Constraints"},{"categories":null,"content":"Im August dieses Jahres titelte Golem Die aktivsten Wikipedia-Autoren bleiben unter sich . Dort hieß es:\nDie Zahl der aktiven Autoren, die an der freien Enzyklopädie Wikipedia mitarbeiten, wächst nicht mehr so stark. Und diejenigen, die mehr als 1.000 Änderungen pro Monat in der Web-2.0-Plattform machen, haben immer öfter das letzte Wort: In der Zeit von 2005 bis 2008 stieg die Zahl ihrer monatlichen \u0026ldquo;Edits\u0026rdquo; von 1.740 auf 2.095.\nBei der deutschen Wikipedia sieht man das nicht als Problem: \u0026ldquo;Die von Ihnen zitierten Zahlen sind Auszüge aus einer bislang noch nicht veröffentlichten Forschungsarbeit und beziehen sich auf die englischsprachige Wikipedia.\u0026rdquo; sagte Pavel Richter von Wikimedia Deutschland damals.\nOffenbar wird die Situation aber dennoch von anderen als problematisch empfunden. Fefe thematisiert das etwas direkter in einem Artikel über die Löschung des Eintrages \u0026lsquo;Mogis\u0026rsquo; :\nDas ist ja leider bei Open Source Projekten häufig so, dass sich eine Art Regime bildet, die sich dann hauptsächlich selbst im Wege stehen und Fortschritt verhindern. Bei gcc hat man das erfolgreich über einen fork beendet. Der hießt damals \u0026ldquo;egcs\u0026rdquo;, könnt ihr ja mal googeln.\nEr greift das Thema zwei Tage später noch einmal auf und nennt weitere Beispiele - Wikipedia ist außerdem kein gedrucktes Werk und eine Größenbeschränkung gibt es nicht. (Fortsetzung in 1 2 3 4 5 ).\nZwischendurch war vorübergehend sogar der Benutzer Mogis gelöscht. Die Diskussionsseite Benutzer:Mogis ist ebenfalls spannend zu lesen.\nIch glaube wie Fefe, daß Wikipedia sich mit dem derzeitigen Löschregime keine großen Freunde macht - weder was die Motivation zur Mitarbeit noch die finanzielle Situation angeht. Insbesondere glaube ich, daß die deutsche Wikipedia sich zu ernst nimmt und mit dem Löschen nach Relevanzkriterien, wie immer die das im Detail definieren, zu schnell bei der Hand ist.\nAuch ist an der unterschwelligen Aggressivität an vielen Stellen erkennbar, daß sich bei kontroversen Themen der NPOV nicht sehr bewährt. Ein Stil wie in der drsrm FAQ oder in E2 scheint mir da effektiver zu sein, um sinnvollen Output zu produzieren. Aber wenn man die Enzyklopädia Galactica statt des Anhalters sein möchte, dann mag man diesen Ansatz sicher nicht in Betracht ziehen.\nAndererseits macht mir das Mitmachentscheidungen einfacher denn je . Update: Ein sehr lesenswerter Artikel betreffend Includisten und Excludisten findet sich bei Pavel Mayer .\nUpdate: Ohne Relevantkriterien keine Wikipedia erklärt warum es überhaupt Relevanzkriterien bei der Wikipedia gibt (Minka ist ein Beispiel)\nUpdate: Thomas Nesges antwortet auf den Relevanzkriterien-Artikel.\nUpdate: Zum fehlenden externen Selektionsmechanismus der Wikipedia Update: Till Westermayer hat einen schönen Bericht von der Innenseite der Wikipedia, insbesondere den Vergleich zwischen deutscher und englischer.\n","date":"2009-10-19T00:00:00Z","href":"https://blog.koehntopp.info/2009/10/19/wikipedia-l-schwahn.html","tags":["internet","wikipedia","zensur","lang_de"],"title":"Wikipedia Löschwahn"},{"categories":null,"content":"Auf dem wunderbaren Blog Netzwertig findet man Zeitverschwendung vs. Effizienzgewinn :\nMan kennt sie ja, die Klagen über verschwendete Zeit am Arbeitsplatz. Anstelle produktiv zu sein und ihren Job zu erledigen, surfen Angestellte bei Facebook, Twitter und YouTube – und fügen damit Firmen erheblichen Schaden zu. So zumindest sehen es viele Unternehmen und blockieren daher den Zugriff auf einschlägige Sites des Social Web. 54 Prozent der US-Unternehmen sperren Social Networks komplett, so eine aktuelle Studie.\nMartin Weigert versucht zu erklären, warum solche Aktivitäten nicht schlimm sind, scheitert aber, weil er zu kurz greift:\nDoch lediglich zu kritisieren, Facebook \u0026amp; Co würden die Produktivität vermindern, ist nur die halbe Wahrheit. Die Tatsache des Effizienzgewinns durch die Digitalisierung sollte man keinesfalls vernachlässigen. Hier lässt sich erheblich mehr gewinnen, als auf der anderen Seite Zeit zu verlieren ist.\nEs gibt noch einen anderen Aspekt, der viel wichtiger und weitgehender ist und den er nicht erwähnt.\nIn meinem früheren Leben als Datenbank-Consultant bin ich viel als Fremder in Firmennetzen gewesen und oft nicht richtig in deren IT-Infrastruktur integriert gewesen: Jedes mal, wenn ich bei einem Kunden aufgeschlagen bin, war einer der ersten Handgriffe, Vernetzung herzustellen und meinem Laptop einen Weg nach draussen ins Internet zu bahnen - und das nicht nur für das Web, sondern auch für alle anderen Dienste. Erst in zweiter Linie habe ich dann das Problem gelöst, im Netz des Kunden auf deren Datenbankserver zugreifen zu können.\nBei einigen Kunden war das nicht so leicht möglich, weil deren Firewalls die Mitarbeiter und mich so weit isoliert haben, daß ich keinen Zugriff auf die Außenwelt bekommen konnte. Solche Aufträge waren immer besonders schwierig und für den Kunden nicht sehr produktiv.\nWarum war es mir so wichtig, raus zu kommen, wo ich doch für die Kundendatenbanken gekommen bin?\nWenn ein Kunde mich als Consultant mietet oder mich als Mitarbeiter einstellt, dann bekommt er nicht bloß mich, sondern er bekommt auch einen sehr großen Teil von Infrastruktur, der nicht sichtbar ist - ich bin ein Cyborg und neben einer biologischen Komponente bestehe ich auch noch aus einer technischen und vor allen Dingen auch aus einer sozialen Komponente, einem Netzwerk von Verbindungen, Bekanntschaften und Freundschaften, die es mir ermöglichen, weitaus mehr zu leisten als ich es als eine rein auf das biologische reduzierte Person jemals könnte.\nDurch meine Art zu Leben bin ich Always-On . Ich schrieb in Falscher Planet, falsches Jahrtausend :\nIch reiste beruflich fast drei Jahre durch Europa und die USA, aber ich war immer zu Hause - Eastern Standard Tribe oder in meinem Fall der Stamm der MESZler war immer für mich erreichbar, wo immer ich war: Ich habe nicht mehr oder weniger Kontakt mit meinen Freunden gehabt bloß weil ich mal ein paar Wochen auf einem anderen Kontinent war.\nMein Griff zum externen Netzwerk dient dazu, diesen Teil meines Ich wieder anzuschließen und für mich wie auch für meinen jeweiligen Auftraggeber wieder verfügbar zu machen: Dadurch bin ich in der Lage, Antworten auf Fragen schneller zu finden, Ideen aus meinem Netz zu ziehen und für mich nutzbar zu machen, Hinweise und Verweise aufzupicken und generell sehr viel produktiver zu sein als ich es ohne Netz wäre.\nApophenia beschreibt in I want my Cyborg life wie das funktioniert, was ich (und jeder andere, der unter das \u0026lsquo;Lebensgefühl der Piraten\u0026rsquo; fällt) da tue. Sie beschreibt einen Konflikt zwischen einem Offliner und sich:\nIn Italy two weeks ago, I attended Modernity 2.0 (in the lovely Urbino hosted by the fantastic Fabio Giglietto). There were two audiences in attendance - a young cohort of \u0026ldquo;internet scholars\u0026rdquo; and an older cohort deeply invested in sociocybernetics. At one point, after a talk, one of the sociocybernetics scholars (actually, the former President of the sociocybernetics organization\u0026hellip; I know\u0026hellip; I looked him up) began his question by highlight that, unlike most of the audience who seemed more invested in the internet than scholarly conversations, HE had been paying attention. He was sitting next to me. He looked at me as he said this.It\u0026rsquo;s not very often that I feel like I\u0026rsquo;ve been publicly bitchslapped but boy did that sting. And then I felt pissy, like a resentful stubborn child bent on proving him wrong. Somehow, as I grew my hair out and became an adult, I also became less spiteful because boy was I determined to bite back. Of course, I haven\u0026rsquo;t become that much of an adult because here I am blogging the details of said encounter.There\u0026rsquo;s no doubt that I barely understood what the speaker was talking about. But during the talk, I had looked up six different concepts he had introduced (thank you Wikipedia), scanned two of the speakers\u0026rsquo; papers to try to grok what on earth he was talking about, and used Babelfish to translate the Italian conversations taking place on Twitter and FriendFeed in attempt to understand what was being said. Of course, I had also looked up half the people in the room (including the condescending man next to me) and posted a tweet of my own.\nDie ständige Verfügbarkeit von Netz und Connectivity verändert das Arbeiten und den Umgang miteinander radikal. Nicht nur ist es für viele meiner Freunde weitgehend egal, in welcher Stadt oder auf welchem Kontinent ich die letzten paar Jahre gelebt habe, sondern das Netz erlaubt mir auch, Informationen \u0026lsquo;in Echtzeit\u0026rsquo; aufzusammeln und mein Wissen im Vorübergehen anzupassen und zu komplettieren. Darum sehe ich mit einem Laptop auf dem Schoß fern - immer ein Wikipedia- und IMDB-Fenster offen - und darum brauche ich auch Netz nach draußen, wenn ich irgendwo arbeite.\nAls MySQL Consultant hat mir das Zugriff auf das Handbuch, den Support IRC-Server und meine Kollegen bei anderen Kunden gegeben, bei meiner jetzigen Arbeit gibt es mir Zugriff auf meine ehemaligen Kollegen aus einer Reihe von vergangenen Jobs, auf Ex-Kunden, die inzwischen anderswo arbeiten und gute Bekannte geblieben sind, und auf viele Nachschlagequellen, an die ich mich erinnere, aber die ich neu suchen muß, wenn ich wirklich damit arbeiten wollte. Plus eine Riesenwelle an News, RSS, Tweets und Mail sowie drei bis vier verschiedene Chatsysteme, die mich nahe bei den Leuten hält, die mir wichtig sind.\nEin Arbeitgeber, der so etwas abtrennte, bekäme eine kleinere Person und einen weitaus schwächeren Mitarbeiter - für die Zeit die ich überbrücken müßte, bis ich eine richtige Stelle gefunden hätte. Denn so werde ich dauerhaft nie arbeiten wollen.\n","date":"2009-10-09T00:00:00Z","href":"https://blog.koehntopp.info/2009/10/09/internet-und-produktivit-t-aus-der-sicht-eines-cyborgs.html","tags":["work","community","cyborg","internet","lang_de"],"title":"Internet und Produktivität aus der Sicht eines Cyborgs"},{"categories":null,"content":" Linux mapped die Speicherseiten zweiter Prozesse. Dabei wird speicher geteilt, oder Seiten sind noch ungeladen. Manche Seiten werden beim ersten Schreibzugriff kopiert (Copy-on-Write).\nManchmal muß man viel erklären, um eine einfache Frage beantworten zu können: Wieviel Speicher belegt ein Programm in Linux? Diese Frage war bisher überraschend schwer zu beantworten. Da ist einmal die Ausgabe von ps axuwww oder top:\n[root@mc01bpmdb-02 ~]# ps axu | egrep \u0026#39;(mysql[d]|USER)\u0026#39; USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND ... mysql 24861 71.2 77.3 26284608 25444724 ? Sl 2008 385405:36 /usr/sbin/mysqld ... Hier bekommt man zwei Größenangaben in den Spalten VSZ und RSS, beide sind in Kilobytes.\nDie Angabe VSZ wird als die gesamte Virtuelle Prozeßgröße des Progresses bezeichnet. Die Manpage zu ps listet dies als \u0026ldquo;vm_lib + vm_exe + vm_data + vm_stack\u0026rdquo;, also als Summe der Mappings für das Executeable, die reservierten Datenbereiche, alle Bibliotheken und den Stack, und ich bin sicher, daß das nicht ganz korrekt ist, weil es mit mmap(2) gemappte Speicherbereiche nicht mit aufzählt, aber diese auch angezeigt werden.\nDie Angabe RSS steht für Resident Set Size, die Menge des nicht rausgepagten physikalischen Speicher die dieser Prozeß hält.\nMan kann die VSZ also als die \u0026lsquo;gemappte\u0026rsquo; Größe des Prozesses bezeichnen und die RSS als die \u0026lsquo;belegte\u0026rsquo; Größe des Prozesses.\nWenn man ein MySQL neu startet sieht man, daß die VSZ schon fast die endgültige Größe des Prozesses erreicht hat (MySQL hat schon einmal alle großen Puffer beim Betriebssystem bestellt und treibt so die Prozeßgröße nach oben). Die RSS ist jedoch noch sehr klein, weil diese bestellten Puffer noch nicht beschrieben wurden und das Betriebssystem daher die entsprechenden Speicherseiten auch noch nicht physikalisch realisiert hat - die Puffer der Datenbank sind noch kalt und die Daten werden nach Bedarf bei den ersten Zugriffen erst einmal von Disk geladen.\nÜber die Zeit wird die VSZ ein wenig steigen (Verbindungen werden aufgebaut und MySQL bestellt noch ein wenig zusätzlichen Speicher) und die RSS nähert sich der VSZ immer mehr an. Die Datenbank im Beispiel da oben hat eine VSZ von etwas über 25G und eine RSS von immerhin 24.2G. Sie läuft schon sehr lange.\nAuch von einem top bekommt man diese Zahlen, sogar gleich in hübsch:\nPID USER PR NI %CPU TIME+ %MEM VIRT RES SHR S COMMAND 24861 mysql 16 0 222 385424:47 77.4 25.1g 24g 5804 S mysqld Aber für Prozesse, die viel fork()\u0026rsquo;en bekommt man so keine sehr aussagekräftigen Zahlen. Von einem Apache-Webserver würde man ja sehr gerne wissen, wie viele parallele Server-Instanzen man so ausführen kann, wenn man ihn startet.\nHier ist mein Apache, in einem Moment geringer Last:\nh743107:~ # ps auxwww | grep http root 18345 0.0 0.9 124880 10100 ? Ss Oct08 0:00 /usr/sbin/httpd2 wwwrun 28179 2.3 3.1 127172 32324 ? S 17:28 0:09 /usr/sbin/httpd2 wwwrun 28591 1.8 2.8 127796 29192 ? S 17:33 0:02 /usr/sbin/httpd2 wwwrun 28677 1.7 2.2 127480 23808 ? S 17:34 0:00 /usr/sbin/httpd2 wwwrun 28678 1.2 2.6 127448 27408 ? S 17:34 0:00 /usr/sbin/httpd2 wwwrun 28779 1.9 2.3 127116 24780 ? S 17:35 0:00 /usr/sbin/httpd2 Wir erkennen zwei Sorten Apache-Prozesse: PID 18345 läuft unter der UID root - es ist der Apache Master, der auf eingehende Verbindungen lauscht und Aufträge dann an Worker-Prozesse weiter gibt, die die eigentliche Seite erzeugen. Der Master steuert auch die Größe des Worker-Pools über die Zeit je nach Bedarf. Dazu hat er eine Reihe von Parametern, von denen einer den Namen MaxClients hat. Dieser Parameter legt fest, wie viele Worker Apache maximal startet und man sollte diesen Wert so hoch wie möglich ansetzen ohne daß der Server in den Swap gerät.\nWie man sieht hat ein Apache Master bei mir eine Größe von etwas über 120M, aber eine RSS von etwas unter 10M. Die Worker haben ebenfalls eine VSZ von mehr als 120M, aber ihre RSS ist mit um die 24-32M etwas größer.\nDer tatsächliche Speicherverbrauch ist jedoch weitaus geringer. Wir können ihn uns im Detail in der Datei /proc/PID/maps ansehen:\nh743107:~ # cd /proc/18345/ h743107:/proc/18345 # wc -l maps 264 maps h743107:/proc/18345 # head -6 maps 80000000-8004f000 r-xp 00000000 08:03 9732852 /usr/sbin/httpd2-prefork 8004f000-80052000 rw-p 0004f000 08:03 9732852 /usr/sbin/httpd2-prefork 80052000-80349000 rw-p 80052000 00:00 0 [heap] b090f000-b490f000 rw-s 00000000 00:08 17650846 /dev/zero (deleted) b490f000-b690f000 rw-s 00000000 00:08 688128 /SYSV00000000 (deleted) b690f000-b695d000 r-xp 00000000 08:03 9701605 /usr/lib/libgcrypt.so.11.2.2 h743107:/proc/18345 # tail -6 maps b7f9d000-b7f9e000 rw-p b7f9d000 00:00 0 b7f9e000-b7f9f000 r-xp b7f9e000 00:00 0 [vdso] b7f9f000-b7fba000 r-xp 00000000 08:03 6160422 /lib/ld-2.5.so b7fba000-b7fbc000 rw-p 0001a000 08:03 6160422 /lib/ld-2.5.so bf866000-bf87a000 rwxp bf866000 00:00 0 [stack] bf87a000-bf87b000 rw-p bf87a000 00:00 0 Die Angaben in /proc/\u0026hellip;/maps lassen sich wie folgt lesen:\nDie erste Angabe ist ein Bereich von Speicheradressen, der im Adreßraum des Prozesses belegt wird. Da der Speicher in einer Intel-CPU in Speicherseiten von 12 Bit = 4K verwaltet wird, sind die Angaben immer vielfache von 4K (0x1000), d.h. die letzten 3 Stellen sind immer 0. Die Flags geben dann an, welche Operationen auf diesem Speicherbereich möglich sind: rwx für read, write und execute. p ist ein Private Mapping, s ist ein Shared Mapping. Viele Mappings sind Abbildungen von Dateien in den Adreßraum eines Prozesses. In Unix wird eine Datei aber durch ihre Gerätenummer (maj, min) und ihre Inode-Nummer auf dem Gerät bezeichnet, etwa 08:03 9732852. In der Map wird auch noch der Pfadname dieser Datei angezeigt, soweit bekannt (/usr/sbin/httpd2-prefork). Nun kann es sein, daß verschiedene Abschnitte dieser Datei mit unterschiedlichen Rechten eingeblendet werden sollen: So soll /usr/sbin/httpd2-prefork ab Offset 00000000 mit den Rechten r-x an der Adresse 80000000 eingeblendet werden, der Abschnitt derselben Datei ab 0004f000 jedoch mit rw- ab Speicheradresse 8004f000. Das wird klarer, wenn man sich die Datei einmal anschaut:\nh743107:/proc/18345 # size -x /usr/sbin/httpd2-prefork text data bss dec hex filename 0x4ebe3 0x2378 0x2e10 343403 53d6b /usr/sbin/httpd2-prefork Die Datei besteht also aus Code (Text) in der Länge von 0x4ebe3 Byte, das entspricht aufgerundet 0x4f000 Bytes oder 0x4f Seiten zu 4K. Danach kommen 0x2378 Byte (0x3000 Byte aufgerundet zur Seitengrenze) ab Offset 0x4f000 an Daten.\nDas heißt, die erste Zeile der maps-Datei zeigt uns wie der Code des Webservers ab Offset 0 der Datei in Adresse 0x80000000 in den Speicher eingeblendet wird. Die Einblendung ist schreibegeschützt. Danach kommt ab 0x8004f000 im Speicher (und ab 0x4f000 in der Datei) der Datenteil, der wiederum beschreibbar ist.\nDie Summe aller dieser Einblendungen ist die VSZ des Prozesses, also der Anteil seines 64-Bit oder 32-Bit Adreßraumes, auf den der Prozeß zugreifen kann ohne daß ihm das Betriebssystem an die Ohren haut.\nBei einem Programmstart existieren zwar Mappings für die virtuellen Speicherseiten eines Prozesses (hier mit 1-7 bezeichnet), aber ihnen sind keine physikalischen Speicherseiten zugeordnet. Jeder Zugriff auf eine dieser Seiten wird vom Betriebssystem erkannt und abgefangen.\nAber die Tatsache, daß ein Mapping für eine virtuelle Adresse existiert heißt noch lange nicht, daß das Betriebssystem auch physikalischen Speicher dafür belegt hat. Genau genommen ist am Anfang gar keine Speicherseite belegt - das Betriebssystem mapped das Programm in den Speicher, aber das Programm ist noch nicht geladen. Dann beginnt das Programm seine Ausführung und greift auf eine Speicheradresse zu, die nicht existiert.\nDas erste was also passiert ist eine Speicherschutzverletzung - aber eine legale. Das Betriebssystem wird aus seinem Pool leerer Speicherseiten eine auswählen, dort den auf Grund der Mappinginformationen benötigten Inhalt reinladen und die abgebrochene Instruktion nun neu starten.\nIm Beispiel wird beim Start des Programmes also auf Seite 1 zugegriffen, die jedoch nicht gemapped war. Das Betriebssystem unterbricht die Ausführung des Programmes, lädt die betreffende Seite von Disk in eine physikalische Speicherseite, hier B, stellt das Mapping her und restartet die Instruktion. Wird die Ausführung fortgesetzt entstehen weitere Seitenfehler (page faults) und das Programm wird sukzessive so weit in den Speicher geladen wie notwendig - aber es wird nie mehr Speicher verbraucht als unbedingt notwendig.\nBeim Zugriff auf Seite 1 kommt es zu einem (legalen) Seitenfehler. Das Betriebssystem unterbricht die Anweisung, die den Fehler ausgelöst hat, lädt die fehlende Speicherseite von der Platte in das physikalische RAM (hier: Seite B) und stellt ein Mapping der virtuellen Seite 2 auf die physikalische Seite B her. Danach wird die unterbrochene Anweisung neu gestartet - das ausgeführte Programm merkt nichts vom Getrickse des Betriebssystems.\nDie Optimierungen sind offensichtlich: Wenn beim Herstellen des Programms durch den Compiler und Linker oder durch Profiling von vorhergehenden Programmausführungen ermittelt werden kann, welche Teile des Programmes auf jeden Fall benötigt werden, dann kann man den Hagel der Seitenfehler beim Programmstart antizipieren und die gebrauchten Seiten gleich und linear in den Speicher laden. Das ist schneller und effektiver - moderne Betriebssysteme machen das auch so.\nIn jedem Fall entsteht durch die Programmausführung ein Mapping von Seiten - dabei muß es keine lineare Entsprechung von virtuellen (Prozeß-) Adressen und physikalischen Speicheradressen geben.\nNach einiger Zeit sind alle benutzten Seiten des Programmes irgendwie auf physikalischen Speicher abgebildet, das Programm und seine Daten befinden sich im RAM.\nIn Linux wird die Situation nun durch mehrere Dinge noch komplizierter: Zum einen existieren Shared Libraries. Das ist Code, der von allen oder vielen Programmen gebraucht wird und der deswegen in einer Extradatei abgelegt ist - zum Beispiel libc.so.6, die Laufzeitbibliothek der Sprache C:\nh743107:/lib # ls -lL libc.so.6 -rwxr-xr-x 1 root root 1491141 Oct 19 2008 libc.so.6 h743107:/lib # size -x libc.so.6 text data bss dec hex filename 0x1273dd 0x2758 0x2c58 1230733 12c78d libc.so.6 Wie man sieht ist die libc recht fett: 0x128000 Bytes, also 0x128 Speicherseiten an Code plus Daten. Jedes noch so kleine Hello-World-Programm das printf() aufruft verwendet die ganze libc.\nAber: Der Code für die libc wird nur einmal geladen und belegt nur einen Satz physikalische Speicherseiten. Er wird jedoch in jeden laufenden Prozeß im System eingeblendet:\nh743107:/proc # ls -ld [0-9]* | wc -l 198 h743107:/proc # grep libc-2.5 [0-9]*/maps | grep r-xp| wc -l 175 Okay, fast jeden. Etwas anderes fällt dabei auch noch auf:\nh743107:/proc # grep libc-2.5 [0-9]*/maps | grep r-xp| head -10 1031/maps:b7c1f000-b7d47000 r-xp 00000000 08:03 6160449 /lib/libc-2.5.so 1131/maps:b7c1f000-b7d47000 r-xp 00000000 08:03 6160449 /lib/libc-2.5.so 1154/maps:b7b24000-b7c4c000 r-xp 00000000 08:03 6160449 /lib/libc-2.5.so 1155/maps:b7b24000-b7c4c000 r-xp 00000000 08:03 6160449 /lib/libc-2.5.so 1247/maps:b7c1f000-b7d47000 r-xp 00000000 08:03 6160449 /lib/libc-2.5.so 12512/maps:b7e4a000-b7f72000 r-xp 00000000 08:03 6160449 /lib/libc-2.5.so 1278/maps:b7c1f000-b7d47000 r-xp 00000000 08:03 6160449 /lib/libc-2.5.so 12906/maps:b7dae000-b7ed6000 r-xp 00000000 08:03 6160449 /lib/libc-2.5.so 13103/maps:b7cee000-b7e16000 r-xp 00000000 08:03 6160449 /lib/libc-2.5.so 1342/maps:b7b30000-b7c58000 r-xp 00000000 08:03 6160449 /lib/libc-2.5.so Der Code einer shared library ist verschieblich (PIC, position independent code) und kann so in verschiedenen Programmen an verschiedenen Stellen eingeblendet werden. Das kann wegen PIC geschehen, ohne daß die Inhalte der Speicherseiten angepaßt werden müssen: Sprünge im Code werden relativ (300 Bytes vor) statt absolut (springe nach b7c1fe34) angegeben. Die libc ist also einmal geladen, belegt 0x128 Speicherseiten, wird aber in unserem System in 175 von 198 Programmen eingeblendet.\nDas heißt, wir verbrauchen schon mal sehr viel weniger Speicher als gedacht. Gut.\nNun hat zwar jedes Programm mit libc ein printf() und ein ctime(), aber in jedem Programm steht in dem statischen internen Puffer der Funktion ctime() eine andere Zeit - jedes Programm hat für seine libc also eigene private Daten. Die Datenseiten der verschiedenen libc können also nicht zwischen den Prozessen geshared werden. Darum haben sie auch eigene Mappings mit eigenen Zugriffsrechten:\nh743107:/proc # grep libc /proc/self/maps b7dbd000-b7ee5000 r-xp 00000000 08:03 6160449 /lib/libc-2.5.so b7ee5000-b7ee6000 r--p 00128000 08:03 6160449 /lib/libc-2.5.so b7ee6000-b7ee8000 rw-p 00129000 08:03 6160449 /lib/libc-2.5.so Dasselbe passiert auch mit Programmen, die sich per fork() vervielfältigen oder mehrfach geladen werden: Wenn zwei Benutzer vi verwenden, dann steht der Code für vi selbst nur einmal im Speicher - aber jeder vi-Prozeß hat eigene Datenseiten, die eigenen Text speichern und eine eigene Cursorposition und einen eigenen Cut und Paste-Buffer haben. Das ist ja recht wichtig, wenn man nicht gerade Google Docs ist und Documente haben möchte, die von mehreren Personen zur Zeit bearbeitet werden können sollen.\nHier greift noch eine weitere Optimierung: Copy on Write (COW). Wenn im Beispiel also Prozeß 2 durch fork() aus Prozeß 1 erzeugt wird, wie es der Apache Webserver zum Beispiel laufend tut, dann sind zunächt alle Speicherseiten zwischen beiden Prozessen geshared - auch die, die beschrieben werden können.\nPID 2 versucht Seite 3 zu beschreiben, die auf die Seite F gemapped war. Da auch PID 1 diese Seite sehen kann, würde dieser Schreibzugriff von PID 2 Daten verändern, die PID 1 sieht - das geht nicht! Das Betriebssystem fängt den Zugriff ab, kopiert die Seite F nach G und mapped Seite 3 für PID 2 nach G. Jetzt haben PID 1 und PID 2 jeder eine private Kopie der veränderten Daten - der Rest wird aber noch geshared.\nSchreibt nun etwa Prozeß 2 in seine Speicherseite 3, dann löst dies wiederum eine Zugriffsverletzung aus, weil die Seite zwar prinzipiell beschreibbar ist, aber vom Betriebssystem heimlich als schreibgeschützt markiert worden ist. Das Betriebssystem kopiert nun die physikalische Speicherseite F nach G, ändert das Mapping von 3 für den Prozeß 2 so, daß die Seite 3 nun auf G statt F zeigt und restarted die unterbrochene Instruktion. Beide Prozesse haben nun ihre private Kopie von Seite 3 (PID 1 hat F, PID 2 hat G) und können bis auf weiteres unbehelligt schreiben.\nDa das Kopieren von Seiten nur nach Bedarf - bei Schreibzugriffen - geschieht, wird von einer fork()-Kopie also nur so viel Speicher benötigt, wie unbedingt notwendig (zu Speicherseiten aufgerundet, natürlich). Es mag also sein, daß ich einen httpd2 mit 128M VSZ habe, der 20 Kopien von sich startet. Aber das erzeugt weder einen Speichermehrverbrauch von 20 * 128M, noch einen Speicherverbrauch von 20*24M (die RSS), sondern ist je nach Benutzung des Speichers sehr viel weniger.\nLeider kann man nicht leicht sagen, wie viel genau.\nAn dieser Stelle kommen nun lustige Kernel-Erweiterungen und Werkzeuge ins Spiel und die sind der Grund, warum ich diesen Artikel überhaupt angefangen habe:\nAuf der Perl5 Porters Mailingliste stellt Joshua ben Jore das Werkzeug Exmap vor, zu dem es auch noch Patches gibt. Auch smem kann die Speichernutzung von Prozessen detaillierter analysieren und so genauer ermitteln wie hoch der Speicherverbrauch eines Prozesses denn nun wirklich ist.\nUnd das wiederum erlaubt dann genauere Planungen der MaxClients in einem Apache.\n","date":"2009-10-09T00:00:00Z","href":"https://blog.koehntopp.info/2009/10/09/wieviel-speicher-brauchst-du-denn.html","tags":["computer","kernel","linux","lang_de"],"title":"Wieviel Speicher brauchst Du denn?"},{"categories":null,"content":"Letzte Woche Montag haben wir beschlossen, den SQL_MODE in unseren Entwicklungsservern auf einen strengeren Wert als \u0026quot;\u0026quot; (den Default) zu setzen. Das war ein Fehlschlag und wir haben den Change diese Woche zurück gerollt. Aber von vorne.\nWelchen SQL_MODE will man denn? Als Ziel-Einstellung haben wir eine Kombination von\nTRADITIONAL, NO_ENGINE_SUBSTITUTION, ONLY_FULL_GROUP_BY, NO_AUTO_VALUE_ON_ZERO ins Auge gefaßt.\nSQL_MODE ist eine Einstellung in MySQL, mit der das Verhalten des Servers beeinflußt werden kann. Die Variable ist eine Bitmaske von benannten Bits - jedes Bit hat eine im Handbuch definierte Bedeutung. Außerdem haben bestimmte Kombinationen von Bits einen Sammelnamen.\nSo steht der Name TRADITIONAL in Wirklichkeit für die Kombination der Bits\nSTRICT_TRANS_TABLES, STRICT_ALL_TABLES, NO_ZERO_IN_DATE, NO_ZERO_DATE, ERROR_FOR_DIVISION_BY_ZERO, NO_AUTO_CREATE_USER zu der wir dann weiter verschärfend noch\nNO_ENGINE_SUBSTITUTION, ONLY_FULL_GROUP_BY NO_AUTO_VALUE_ON_ZERO dazu genommen haben.\nStrict Mode Die Kombination STRICT_ALL_TABLES,STRICT_TRANS_TABLES schaltet dabei den strict mode ein. Ohne diese Einstellung akzeptiert und rundet MySQL eine Reihe von Werten, die in den Zielspalten gar nicht darstellbar sind.\nAm leichtesten läßt sich das mit ein wenig Code demonstrieren:\nroot@localhost \u0026gt; create table t ( id tinyint unsigned not null ); Query OK, 0 rows affected (0.11 sec) root@localhost \u0026gt; insert into t values ( 256 ), ( -1 ); Query OK, 2 rows affected, 2 warnings (0.00 sec) Records: 2 Duplicates: 0 Warnings: 2 root@localhost \u0026gt; show warnings; +---------+------+------------------------------------------------------+ | Level | Code | Message | +---------+------+------------------------------------------------------+ | Warning | 1264 | Out of range value adjusted for column \u0026#39;id\u0026#39; at row 1 | | Warning | 1264 | Out of range value adjusted for column \u0026#39;id\u0026#39; at row 2 | +---------+------+------------------------------------------------------+ 2 rows in set (0.00 sec) root@localhost \u0026gt; select * from t; +-----+ | id | +-----+ | 255 | | 0 | +-----+ 2 rows in set (0.00 sec) Da niemals jemand in seinem Code die Warnungen abfragt werden die eingefügten Werte also stillschweigend gerundet. Ähnliche Dinge können bei illegalen UTF8-Zeichen in latin1-Spalten, bei zu langen Strings oder anderen Typen passieren.\nMit strict mode kann man so etwas verhindern:\nroot@localhost \u0026gt; delete from t; Query OK, 2 rows affected (0.00 sec) root@localhost \u0026gt; set sql_mode = strict_all_tables; Query OK, 0 rows affected (0.01 sec) root@localhost \u0026gt; insert into t values ( 256 ), ( -1 ); ERROR 1264 (22003): Out of range value adjusted for column \u0026#39;id\u0026#39; at row 1 root@localhost \u0026gt; select * from t; Empty set (0.00 sec) Und genau das wollten wir haben, insbesondere auch für Enum-Werte:\nroot@localhost \u0026gt; drop table t; Query OK, 0 rows affected (0.01 sec) root@localhost \u0026gt; create table t ( i enum (\u0026#39;eins\u0026#39;, \u0026#39;zwei\u0026#39;) not null ); Query OK, 0 rows affected (0.12 sec) root@localhost \u0026gt; insert into t values (\u0026#39;\u0026#39;); ERROR 1265 (01000): Data truncated for column \u0026#39;i\u0026#39; at row 1 root@localhost \u0026gt; insert into t values (\u0026#39;drei\u0026#39;); ERROR 1265 (01000): Data truncated for column \u0026#39;i\u0026#39; at row 1root@localhost \u0026gt; select * from t; Empty set (0.00 sec) Denn ohne strict mode akzeptiert und vermatscht MySQL diese Daten gnadenlos:\nroot@localhost \u0026gt; set sql_mode = \u0026#39;\u0026#39;; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; insert into t values (\u0026#39;\u0026#39;); Query OK, 1 row affected, 1 warning (0.01 sec) root@localhost \u0026gt; show warnings; +---------+------+----------------------------------------+ | Level | Code | Message | +---------+------+----------------------------------------+ | Warning | 1265 | Data truncated for column \u0026#39;i\u0026#39; at row 1 | +---------+------+----------------------------------------+ 1 row in set (0.00 sec) root@localhost \u0026gt; insert into t values (\u0026#39;drei\u0026#39;); Query OK, 1 row affected, 1 warning (0.00 sec) root@localhost \u0026gt; show warnings; +---------+------+----------------------------------------+ | Level | Code | Message | +---------+------+----------------------------------------+ | Warning | 1265 | Data truncated for column \u0026#39;i\u0026#39; at row 1 | +---------+------+----------------------------------------+ 1 row in set (0.00 sec) root@localhost \u0026gt; select * from t; +---+ | i | +---+ | | | | +---+ 2 rows in set (0.00 sec) Man beachte hier '' in der Tabelle - wo der ENUM doch als ENUM('eins','zwei') definiert ist!\nNO_ZERO_DATE und NO_ZERO_IN_DATE Auch für Datumsangaben wollen wir das haben, und dazu haben wir NO_ZERO_DATE und NO_ZERO_IN_DATE gesetzt. Ohne SQL_MODE:\nroot@localhost \u0026gt; drop table t; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; create table t ( d date not null ); Query OK, 0 rows affected (0.11 sec) root@localhost \u0026gt; insert into t values ( \u0026#39;0000-00-00\u0026#39;), (\u0026#39;2009-10-00\u0026#39;); Query OK, 2 rows affected (0.01 sec) Records: 2 Duplicates: 0 Warnings: 0 root@localhost \u0026gt; show warnings; Empty set (0.00 sec) root@localhost \u0026gt; select * from t; +------------+ | d | +------------+ | 0000-00-00 | | 2009-10-00 | +------------+ 2 rows in set (0.00 sec) Und mit:\nroot@localhost \u0026gt; set sql_mode = \u0026#39;NO_ZERO_DATE,NO_ZERO_IN_DATE,STRICT_ALL_TABLES\u0026#39;; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; delete from t; Query OK, 3 rows affected (0.00 sec) root@localhost \u0026gt; insert into t values (\u0026#39;0000-00-00\u0026#39;); ERROR 1292 (22007): Incorrect date value: \u0026#39;0000-00-00\u0026#39; for column \u0026#39;d\u0026#39; at row 1 root@localhost \u0026gt; insert into t values (\u0026#39;2009-10-00\u0026#39;); ERROR 1292 (22007): Incorrect date value: \u0026#39;2009-10-00\u0026#39; for column \u0026#39;d\u0026#39; at row 1 Man beachte, daß es die Kombination von STRICT_ALL_TABLES und den NO_ZERO*DATE Modi braucht, um hier einen Fehler zu erzeugen. Ohne den strict mode bekommt man nur eine Warnung.\nERROR_FOR_DIVISION_BY_ZERO - schön wärs Die Einstellung ERROR_FOR_DIVISION_BY_ZERO tut nicht ganz das, was wir eigentlich wollen - eine gut und weithin sichtbare Explosion bei einer Division durch 0 - aber ist immerhin besser als nichts:\nroot@localhost \u0026gt; create table t ( i integer null ); Query OK, 0 rows affected (0.07 sec) root@localhost \u0026gt; insert into t values ( 1/0 ); Query OK, 1 row affected (0.00 sec) root@localhost \u0026gt; set sql_mode = \u0026#39;STRICT_ALL_TABLES,ERROR_FOR_DIVISION_BY_ZERO\u0026#39;; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; insert into t values ( 1/0 ); ERROR 1365 (22012): Division by 0 root@localhost \u0026gt; select 1/0; +------+ | 1/0 | +------+ | NULL | +------+ 1 row in set, 1 warning (0.00 sec) root@localhost \u0026gt; show warnings; +-------+------+---------------+ | Level | Code | Message | +-------+------+---------------+ | Error | 1365 | Division by 0 | +-------+------+---------------+ 1 row in set (0.00 sec) Wie man sieht, wird nur beim INSERT (oder UPDATE) in eine Tabelle ein Fehler statt einer NULL produziert. Bei einem normalen Ausdruck bekommt man weiterhin NULL und eine Warning. Folgefalsch also auch hier:\nroot@localhost \u0026gt; create table t ( a integer, b integer ); Query OK, 0 rows affected (0.05 sec) root@localhost \u0026gt; insert into t values (1 , 0); Query OK, 1 row affected (0.00 sec) root@localhost \u0026gt; set sql_mode = \u0026#39;TRADITIONAL\u0026#39;; Query OK, 0 rows affected (0.01 sec) root@localhost \u0026gt; select a/b from t; +------+ | a/b | +------+ | NULL | +------+ 1 row in set, 1 warning (0.00 sec) root@localhost \u0026gt; show warnings; +-------+------+---------------+ | Level | Code | Message | +-------+------+---------------+ | Error | 1365 | Division by 0 | +-------+------+---------------+ 1 row in set (0.00 sec) NO_AUTO_CREATE_USER - auch zu schön um wahr zu sein Ebenfalls nicht das, was man will tut NO_AUTO_CREATE_USER: Es verhindert das versehentliche Anlegen eines Users ohne Paßwort durch ein GRANT-Statement ohne IDENTIFIED BY-Clause, aber es erzwingt nicht das Verwenden von CREATE USER zum Anlegen von Usern: Ein GRANT-Statement mit IDENTIFIED BY kann noch immer nebenbei einen User anlegen.\nONLY_FULL_GROUP_BY Wir haben außerdem ONLY_FULL_GROUP_BY gesetzt. Normalerweise erlaubt MySQL die Anwahl von nicht aggregierten Spalten in SELECT-Statements mit GROUP BY-Ausdrücken:\nroot@localhost \u0026gt; drop table t; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; create table t ( i integer, j integer ); Query OK, 0 rows affected (0.09 sec) root@localhost \u0026gt; insert into t values (1,1), (1,2), (2,3), (2,4), (3,5); Query OK, 5 rows affected (0.00 sec) Records: 5 Duplicates: 0 Warnings: 0 root@localhost \u0026gt; select i,j,group_concat(j) from t group by i; +------+------+-----------------+ | i | j | group_concat(j) | +------+------+-----------------+ | 1 | 1 | 1,2 | | 2 | 3 | 3,4 | | 3 | 5 | 5 | +------+------+-----------------+ 3 rows in set (0.00 sec) MySQL verhält sich hier so, als stünde das j in einem Funktionaufruf einer hypothetischen Aggregatfunktion ANY(j). Es wählt also ein beliebiges j aus der Gruppe der j aus, die der Zeile zugeordnet sind und zeigt es als Repräsentant der Äquivalenzklasse an. MySQL hat auch eine ganz reale Funktion ALL(), die die gesamte Äquivalenzklasse anzeigt - sie heißt GROUP_CONCAT().\nDas Verhalten von MySQL ist hier strikt konform mit dem SQL-Standard und der Mathematik dahinter, aber diese Auslegung des Standards ist einzigartig - alle anderen SQL-Produkte machen es anders. Mit ONLY_FULL_GROUP_BY soll man MySQL in einem Modus schalten, in dem es der verbreiteten Auslegung folgt:\nroot@localhost \u0026gt; set sql_mode = \u0026#39;TRADITIONAL,ONLY_FULL_GROUP_BY\u0026#39;; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; select i,j,group_concat(j) from t group by i; ERROR 1055 (42000): \u0026#39;koehntopp.t.j\u0026#39; isn\u0026#39;t in GROUP BY Leider gibt es kein ANY() in MySQL, sodaß man sich mit MIN() oder MAX() behelfen muß, um deterministisch ein Element der Äquivalenzklasse zu bestimmen.\nUm Entwicklern zu helfen beim Anlegen von Tabellen Fehler mit der Storage Engine zu machen, haben wir NO_ENGINE_SUBSTITUTION eingeschaltet - MySQL ersetzt dann beim Fehlen einer Engine diese nicht stillschweigend durch MyISAM (oder default_storage_engine), sondern mault sichtbar mit einem Fehler.\nNO_AUTO_VALUE_ON_ZERO - knapp daneben, aber auch vorbei Schließlich wollten wir noch NO_AUTO_VALUE_ON_ZERO, um einen lange bestehenden Fehler in MySQL zu korrigieren:\nroot@localhost \u0026gt; set sql_mode = \u0026#39;\u0026#39;; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; drop table t; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; create table t ( id integer unsigned not null primary key auto_increment ); Query OK, 0 rows affected (0.16 sec) root@localhost \u0026gt; insert into t values ( NULL ); Query OK, 1 row affected (0.00 sec) root@localhost \u0026gt; insert into t values ( 0 ); Query OK, 1 row affected (0.32 sec) root@localhost \u0026gt; select * from t; +----+ | id | +----+ | 1 | | 2 | +----+ 2 rows in set (0.00 sec) MySQL weist also neue auto_increment-Werte nicht nur bei NULL zu, sondern auch bei 0. Das ist sehr störend, denn es verhindert, daß bestimmte Fehler gefunden werden.\nWas NO_AUTO_VALUE_ON_ZERO macht ist jedoch auch erst beim 2. Versuch hilfreich:\nroot@localhost \u0026gt; set sql_mode = \u0026#39;TRADITIONAL,NO_AUTO_VALUE_ON_ZERO\u0026#39;; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; insert into t values ( NULL ); Query OK, 1 row affected (0.00 sec) root@localhost \u0026gt; insert into t values ( 0 ); Query OK, 1 row affected (0.00 sec) root@localhost \u0026gt; select * from t; +----+ | id | +----+ | 0 | | 1 | | 2 | | 3 | +----+ 4 rows in set (0.00 sec) root@localhost \u0026gt; insert into t values ( 0 ); ERROR 1062 (23000): Duplicate entry \u0026#39;0\u0026#39; for key 1 root@localhost \u0026gt; select * from t; +----+ | id | +----+ | 0 | | 1 | | 2 | | 3 | +----+ 4 rows in set (0.00 sec) Wie man sieht erzeugt die erste Zuweisung keinen auto_increment-Wert, sondern den Primärschlüssel 0, was man in den meisten Fällen auch nicht will. Immerhin explodiert dann die 2. Zuweisung mit einem Duplicate Key Error, sodaß man den fehlerhaften SQL-Code dann zu sehen bekommt.\nSo weit die Theorie.\nSelbst gemachte Probleme Und jetzt wie es explodiert.\nAufgrund einer Migration von einer älteren Version von MySQL haben wir haufenweise Definition von Tabellen mit Code wie diesem:\nroot@localhost \u0026gt; set sql_mode = \u0026#39;TRADITIONAL\u0026#39;; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; create table t ( d date not null default \u0026#39;0000-00-00\u0026#39; ); ERROR 1067 (42000): Invalid default value for \u0026#39;d\u0026#39; Das Setzen von NO_ZERO_DATE zerbricht also diese Tabellen und damit auch alle Tests (da kommt das nämlich in so gut wie jeder Tabelle vor). Das ist kein Fehler von MySQL, sondern ein Problem bei uns, macht aber erst einmal NO_ZERO_DATE für uns unmöglich.\nONLY_FULL_GROUP_BY-Bug (behoben in 5.1) Dann explodiert ONLY_FULL_GROUP_BY in unserem (zu alten) MySQL 5.0 - in unserem (viel neueren) 5.1 ist der Fehler behoben:\nmysql\u0026gt; SELECT MIN(latitude), MAX(latitude), MIN(longitude), MAX(longitude) FROM Objects WHERE id IN (99910, 98561, 10200) AND latitude IS NOT NULL AND longitude IS NOT NULL; ERROR 1140 (42000): Mixing of GROUP columns (MIN(),MAX(),COUNT(),...) with no GROUP columns is illegal if there is no GROUP BY clause Das ist Unsinn - id wird nicht angezeigt und alle angezeigten Spalten sind in Aggregatfunktionen. Die WHERE-Clause verwirrt MySQL.\nMan kann die Query umschreiben, um den Fehler zu umgehen (aber das ist nicht Sinn der Sache):\nSELECT MIN(latitude), MAX(latitude), MIN(longitude), MAX(longitude) FROM Objects WHERE id IN (99910, 98561, 10200) AND latitude IS NOT NULL AND longitude IS NOT NULL group by 1=1; Beachte, daß man GROUP BY 1=1 schreiben muß und nicht einfach GROUP BY 1 machen kann. Letzteres ist eine (obsolete und nicht empfohlene) Schreibweise um nach Spalte 1 zu gruppieren (oder, mit ORDER BY, zu sortieren).\nSELECT MIN(latitude), MAX(latitude), MIN(longitude), MAX(longitude) FROM Objects WHERE id IN (99910, 98561, 10200) AND latitude IS NOT NULL AND longitude IS NOT NULL group by 1; ERROR 1056 (42000): Can\u0026#39;t group on \u0026#39;MIN(latitude)\u0026#39; INSERT ON DUPLICATE KEY UPDATE Breakage I Eine weitere Explosion bekommt man mit INSERT ON DUPLICATE KEY UPDATE hin. Gegeben sei\nroot@localhost \u0026gt; create table t ( id integer unsigned not null primary key auto_increment, d integer not null, e integer not null, f integer not null, unique ( d, e )); Query OK, 0 rows affected (0.06 sec) root@localhost \u0026gt; insert into t values ( 1, 1, 2, 0); Query OK, 1 row affected (0.00 sec) root@localhost \u0026gt; select * from t; +----+---+---+---+ | id | d | e | f | +----+---+---+---+ | 1 | 1 | 2 | 0 | +----+---+---+---+ 1 row in set (0.00 sec) Ohne SQL-Mode bekommt man Warnungen, wenn man das folgende versucht:\nroot@localhost \u0026gt; insert into t (id, f) values (1,4) on duplicate key update f = f+values(f); Query OK, 2 rows affected, 2 warnings (0.01 sec) root@localhost \u0026gt; show warnings; +---------+------+----------------------------------------+ | Level | Code | Message | +---------+------+----------------------------------------+ | Warning | 1364 | Field \u0026#39;d\u0026#39; doesn\u0026#39;t have a default value | | Warning | 1364 | Field \u0026#39;e\u0026#39; doesn\u0026#39;t have a default value | +---------+------+----------------------------------------+ 2 rows in set (0.00 sec) root@localhost \u0026gt; select * from t; +----+---+---+---+ | id | d | e | f | +----+---+---+---+ | 1 | 1 | 2 | 4 | +----+---+---+---+ 1 row in set (0.00 sec) Ungeachtet der Warnungen tut der Code aber genau das, was er soll. Durch den Strict Mode werden solche Warnungen aber zu Fehlern:\nroot@localhost \u0026gt; set sql_mode =\u0026#39;TRADITIONAL\u0026#39;; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; insert into t (id, f) values (1,4) on duplicate key update f = f+values(f); ERROR 1364 (HY000): Field \u0026#39;d\u0026#39; doesn\u0026#39;t have a default value Und damit Breakage in der Anwendung.\nDer Fehler bzw. die Warnungen sollten eigentlich gar nicht auftreten - sie müssen auftreten, wenn ein reines INSERT verwendet wird, mit dem INSERT ON DUPLICATE KEY UPDATE Code teilt. Aber sie dürfen eben nicht im INSERT ON DUPLICATE KEY UPDATE auftreten, sondern müssen dort das Weiterreichen an die UPDATE-Clause triggern.\nOder man sieht von so komplexen Statements wie INSERT ON DUPLICATE KEY UPDATE ab, weil die Fehlerbehandlung in ihnen zu kompliziert wird\u0026hellip;\nExtended INSERT und ON DUPLICATE KEY Breakage II Dann muß man jedoch auch auf Extended INSERT-Syntax verzichten. Denn:\nroot@localhost \u0026gt; set sql_mode = \u0026#39;TRADITIONAL\u0026#39;; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; \u0026gt; CREATE TABLE t ( id TINYINT UNSIGNED NOT NULL, value TINYINT UNSIGNED NOT NULL, PRIMARY KEY (id) ); Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; INSERT INTO t VALUES (1,1); Query OK, 1 row affected (0.00 sec) root@localhost \u0026gt; INSERT INTO t VALUES (1,256) ON DUPLICATE KEY UPDATE value=VALUES(value); ERROR 1264 (22003): Out of range value for column \u0026#39;value\u0026#39; at row 1 // does *not* break replication root@localhost \u0026gt; INSERT INTO wop VALUES (1,1),(1,256) ON DUPLICATE KEY UPDATE value=VALUES(value); ERROR 1264 (22003): Out of range value for column \u0026#39;value\u0026#39; at row 2 // *BREAKS REPLICATION* Das ist das Resultat auf dem Master: Ein halb ausgeführtes Statement. Das Statement hat im letzten Fall jedoch Daten modifiziert und gelangt so in das Binlog zum Slave, jedoch mit der Information, daß es auf dem Master auf halber Strecke abgebrochen wurde. Also bleibt die Replikation zum Slave nun stehen, um Inkonsistenzen zu vermeiden.\nDas wiederum - ein Stehenbleiben der Replikation - können wir uns unter gar keinen Umständen erlauben. Während wir vorher also gemosert und unseren Code gefixt haben, haben wir nun diesen Change komplett zurück gerollt und schauen einmal, wie wir das später ausgerollt bekommen.\nZusammenfassung Es ist recht offensichtlich, daß nicht viele Leute MySQL mit SQL_MODE fahren und daß eine ganze Menge Fehler oder Ungereimtheiten in SQL_MODE stecken. Das ist sehr schade, denn es ist so leider nicht möglich, MySQL auf eine Weise zu betreiben, mit der man illegale Daten beim Einfügen in die Datenbank in allen Fällen erkennen und verhindern kann.\nWas ist auf der guten Seite geblieben?\nWir haben einige long standing bugs bei uns gefunden und gefixt - an einigen Stellen haben Entwickler defekte (falsch geschriebene) Werte in ENUMs verwendet und so \u0026rsquo;\u0026rsquo; erzeugt. An anderen Stellen sind falsche oder inkomplette Datumsangaben mit auf 00 gesetzten Tagen oder Monaten verwendet worden (man lese die Manpage zu mktime(3), tm_mon vs. tm_mday!).\nAuch so etwas wird durch TRADITIONAL haufenweise gefunden:\nroot@localhost \u0026gt; create table t ( i integer not null, s varchar(32) not null ); Query OK, 0 rows affected (0.06 sec) root@localhost \u0026gt; insert into t (i) values ( 1 ); Query OK, 1 row affected, 1 warning (0.66 sec) root@localhost \u0026gt; show warnings; +---------+------+----------------------------------------+ | Level | Code | Message | +---------+------+----------------------------------------+ | Warning | 1364 | Field \u0026#39;s\u0026#39; doesn\u0026#39;t have a default value | +---------+------+----------------------------------------+ 1 row in set (0.00 sec) root@localhost \u0026gt; select * from t; +---+---+ | i | s | +---+---+ | 1 | | +---+---+ 1 row in set (0.00 sec) root@localhost \u0026gt; set sql_mode = \u0026#39;TRADITIONAL\u0026#39;; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; insert into t (i) values ( 2 ); ERROR 1364 (HY000): Field \u0026#39;s\u0026#39; doesn\u0026#39;t have a default value root@localhost \u0026gt; select * from t; +---+---+ | i | s | +---+---+ | 1 | | +---+---+ 1 row in set (0.00 sec) Durch das NO_ZERO_DATE haben wir die exzessive Verwendung von DATE NOT NULL DEFAULT '0000-00-00' als Überrest einer Migration von einer älteren Version von MySQL zur Disposition gestellt. Viele Entwickler fragen sich nun, was SELECT * FROM t WHERE somedate = \u0026quot;0000-00-00\u0026quot; wohl für eine Bedeutung haben mag, also was die dort gezeigten Zeilen wohl bedeuten mögen und gehen sorgfältiger mit Default-Werten um. Das hat ebenfalls eine Reihe von Bugs gekillt.\nAlles in allem wär es schön, wenn SQL_MODE von MySQL selbst mehr promoted würde oder gar in neueren Versionen von MySQL ein Default-SQL_MODE wie der oben vorgestellte voreingestellt wäre. Andererseits ist absehbar, daß in der MySQL-Welt dann genau gar kein existierendes SQL mehr laufen würde.\nUnd so wird es wohl bei dem Wunsch bleiben.\n","date":"2009-10-08T00:00:00Z","href":"https://blog.koehntopp.info/2009/10/08/ein-kurzer-aber-heftiger-schlagabtausch-mit-sql-mode.html","tags":["mysql","lang_de"],"title":"Ein kurzer, aber heftiger Schlagabtausch mit SQL_MODE"},{"categories":null,"content":" gulli: Bundestrojaner: ein Programmierer erzählt Ruben Unteregger, ein ehem. Mitarbeiter der Schweizer ERA IT Solutions erzählt. ERA stellt die Produkte MiniPanzer und MegaPanzer her, die als \u0026#039;Bundestrojaner\u0026#039;-Lösungen positioniert werden. Der Code, den er bei dieser Arbeit erstellt hat, gehört (auch) ihm, er hat ihn unter der GPL verfügbar gemacht und demonstriert in Lehrvideos auch illegale Verwendungen dieses Codes (etwa Phishing). (tags: bundestrojaner security) ","date":"2009-08-22T00:00:00Z","href":"https://blog.koehntopp.info/2009/08/22/megapanzer.html","tags":["lang_de"],"title":"links for 2009-08-22"},{"categories":null,"content":"Der Informatiker ist ein seltsames Wesen. In seiner Wissenschaft gibt es zum Beispiel ein paar Regeln, die beim ersten Mal gehört sehr seltsam klingen, die aber beim längeren Nachdenken und mit ein bischen Erklärung dazu Weisheiten enthalten, die manchmal auch außerhalb der Informatik von einigem Belang sein können.\nEine dieser Regeln ist\nNever check for an error condition you don\u0026rsquo;t know how to handle. Versteht man diese Regel zunächst einmal nur oberflächlich, klingt sie sehr fragwürdig - ich soll in meinem Programm bestimmte Fehlerbedingungen nicht prüfen, von denen ich genau weiß, daß sie eintreten könnten?\nWenn man den Satz vorwärts von links nach rechts durchdenkt, dann steht da genau das.\nNehmen wir uns einmal ein Beispiel und versuchen zu verstehen, was da passiert.\nDa ist zum Beispiel ein sehr einfacher Fall - ich könnte versuchen Speicher beim Betriebssystem zu reservieren und das kann fehlschlagen.\nchar *p = NULL; if ((p = malloc(someSize)) == NULL) { tja_was_dann(); } Das ist so eine typische Situation - wieso zum Beispiel fragt die Bibliotheksfunktion malloc() nicht selbst auf p == NULL ab und fängt diesen Fall ab. Weil sie das nicht tut, muß ich das jedes einzelne Mal selber tun und darf das in keinem einzelnen Fall vergessen.\nTatsächlich haben die meisten Programme eine Funktion safe_malloc(), die ein Wrapper für malloc() ist und mehr oder weniger wie oben gezeigt aussieht. Der Punkt ist, daß jedes Programm seine eigene Implementierung von tja_was_dann() mitbringt, denn das genaue Verhalten der Anwendung ist anwendungsspezifisch und kann so nicht von der Bibliothek bereit gestellt werden.\nMan könnte argumentieren, daß malloc() dann intern ein tja_was_dann() aufrufen sollte, für das ein jeder Verwender von malloc() eine Implementierung bereit stellen müßte. Aber das würde wiederum einen bestimmten Modus der Verwendung von malloc() vorschreiben. Die Lösung, daß malloc() den Test nicht macht, sondern den Fehler nur signalisiert, ist hier die flexibelste Lösung - und daher einer Bibliotheksfunktion am angemessensten, weil sie dem Anwender jede Wahl läßt. Sie stellt also die notwendigen Mechanismen bereit, erzwingt aber keine bestimmte Policy.\nNebengedanke: Das ist einer der Hauptunterschiede zwischen einer Bibliothek und einem Framework. Eine Bibliothek stellt Mechanismen bereit, erzwingt aber keine bestimmte Policy, also eine bestimmte Default-Herangehensweise an Probleme. Frameworks dagegen sind mit einem bestimmten Modus im Kopf entwickelt worden und bringen eine Policy mit, die im Kontext des Frameworks als Standardlösung angesehen wird.\nNebennebengedanke: Kernel, Bibliotheken und Frameworks sind Infrastruktur, und wie jede Infrastruktur werden sie auch zu einem guten Teil daran gemessen, wie sie versagen . In diesem Fall also: Welche Möglichkeiten gibt es, bei einem Framework an der Policy vorbei zu programmieren, wenn die Policy mal nicht paßt (\u0026lsquo;Wie kann ich in RoR Queries an Active Record vorbei schicken?\u0026rsquo;) oder wie frei von Policy ist diese Bibliothek wirklich gestaltet - habe ich nur einen Mechanismus, oder ist er mit einer Intention, einer Policy belastet?\nVon einer Bibliothek soll also nur ein Mechanismus bereitgestellt werden, und es ist zwingend notwendig, daß sich der Anwendungsentwickler Gedanken darüber macht, wie die Policy zur Fehlerbehandlung aussehen soll und wie sie implementiert werden soll. Das ist eigentlich ein relativ offensichtlicher Punkt, aber einer, der meiner Erfahrung nach beim Lehren von Programmiertechniken nicht ausreichend betont und eingeübt wird. Wäre dem nicht so, hätte wir weniger schlechten Code in vielen Projekten. Und ich will mich hier nicht auf die Tonnen von verseuchtem PHP-MySQL beschränken lassen, in denen Queries an eine Datenbank abgefeuert werden ohne jemals zu prüfen, ob überhaupt ein Resultat produziert wurde - oder in denen, falls dies nicht der Fall ist, vergessen wird, die Fehlermeldung der Datenbank abzuholen.\nDer Punkt ist, daß das Fehlen einer Policy im Code meistens eine Policy in der Anwendung bedingt, oder jedenfalls Mindeststandards in der Anwendung. Einige Programmiersprachen haben einen Namen für so ein informales Konstrukt: Sie nennen es eine Konvention, also einen Vertrag zwischen Bibliotheksentwickler und Anwendungsentwickler, der informal ist und nicht durch die Mechanismen der Programmiersprache erzwungen wird. Diese Konvention ist typischerweise unausgesprochen und nicht Bestandteil der Bibliotheksdokumentation - und das ist der Grund, warum die Konvention unzureichend gelehrt und entsprechend unzureichend umgesetzt wird.\nAber man kann den Satz\nNever check for an error condition you don\u0026rsquo;t know how to handle.\nauch anders herum lesen. Was genau bedeutet es denn, diese Error Conditions nun zu handlen? Also genauer: Wenn dieser Fehler eintritt, was sind die verbleibenden Handlungsoptionen und was ist der gewünschte Failure Mode, d.h. was soll passieren?\nNehmen wir wieder den o.a. malloc()-Code. Wenn der Fehler eintritt, dann kann oder will uns das Betriebssystem keinen Speicher mehr reservieren. Wir wissen nicht warum, müssen also die schlimmste Annahme treffen und die ist: der Speicher ist voll, niemand bekommt mehr Speicher. Genau genommen könnte ein Programm anderswo laufen, daß allen freien Speicher sofort verbraucht, wir können also auch keinen Speicher ans System zurück geben und dann wieder reservieren lassen.\nDieses Szenario setzt voraus, daß wir bereits weit vor dem Eintreten des Fehlers allen Speicher reserviert haben, der zur Handhabung des Fehlers notwendig ist. Das ist eine recht komplizierte Situation, und den meisten Anwendungsentwicklern in dem Moment zu kompliziert, in dem sie gezwungen sind darüber nachzudenken. Schließlich wollen sie erst mal den nicht failenden, den funktionalen Path in ihrem Code fertig stellen, bevor sie sich mit failure modes und den Codepaths dort beschäftigen.\nNebengedanke: Das ist ein weiterer Hauptgrund für schlechten Code - wir zwingen Entwickler zum falschen Zeitpunkt dazu, sich mit failure modes und failenden Codepaths auseinander zu setzen. Entwickler sind wahrscheinlich bereit, sich auch mit failenden Codepaths zu beschäftigen, denn sie wollen ja ein gut funktionierendes Programm erstellen. Aber wir sollten sie nicht gerade dann mit failenden Pathes belästigen wenn sie im funktionalen Path des Codes am Arbeiten sind, dem Programm also gerade beibringen überhaupt mal was Sinnvolles zu tun.\nWeil wir Entwickler also im falschen Moment mit Failures belästigen bekommen wir Code, bei dem Failure Handling im günstigsten Fall so aussieht:\nchar *p = NULL; if ((p = malloc(someSize)) == NULL) { exit(ENOMEM); // out of memory error } Immerhin ist hier überhaupt auf das Auftreten eines Fehlers geprüft worden. Vielleicht sind auch noch ein paar atexit(3)-Handler gestacked worden, die beim Programmende aufräumen, aber das ist allgemein recht wenig üblich.\nBei dieser Art der Fehlerbehandlung kann man am Code förmlich sehen, wie der Anwendungsentwickler auf das Auftreten des Fehlers geprüft hat, sich aber über das Handling des Fehlers jetzt zu diesem Zeitpunkt genau gar keine Gedanken machen wollte.\nEin anderes übliches Problem ist, daß auf einer viel zu niedrigen Ebene auf den Fehler geprüft wird. Zudem besteht oftmals keine Übereinkunft in der Anwendung, wie Fehler von einer niederen Abstraktionsebene auf die nächsthöhere Ebene weitergereicht wird, ohne daß Information verloren geht. Die Innereien des Quelltextes von MySQL sind ein ausgezeichnetes Beispiel für solche Scherereien, zum Teil findet man Code wie\nint errcode = doSomeThing(); switch(errcode) { case 1: case 2: case 3: return E_DIES; break; case 4: return E_DAS; break; } Das heißt detaillierte interne Fehlercodes werden unter Informationsverlust plattgeklopft und ein Handler auf einer höheren Abtraktionsebene mit mehr Kontext hat gar keine Chance mehr festzustellen, was genau denn da unten nun schief gelaufen ist.\nDie Regel\nNever check for an error condition you don\u0026rsquo;t know how to handle.\nmacht es also notwendig, bei jeder Fehlerprüfung drei Dinge zu klären:\nDiagnose: Den Fehler feststellen. Formuliere einen Test, der an einer geeigneten Stelle prüft, ob ein Fehler vorliegt und der unterscheidbar signalisiert, welcher Fehler genau vorliegt. Policy: Lege fest, was beim Eintreten der Fehlerbedingung das korrekte, ergewünschte Verhalten ist, d.h. definiere eine Policy, die festlegt, wie mit dem Fehler umgegangen werden soll. Kontext: Entscheide, ob diese Fehlerbehandlung im Kontext der aktuellen Abstraktionsebene möglich ist, der Fehler also hier wie erwünscht behandelt werden kann, oder ob er eskaliert werden muß. Wenn er eskaliert werden muß, stelle sicher, daß er auf der übergeordneten Ebene erwartet wird - dort muß also auch Policy für die Eskalation zwingend existieren. Stelle auch sicher, daß er dort noch diagnostiziert werden kann - die Diagnose darf also bei der Eskalation keinem Informationsverlust unterliegen. Diese Überlegungen sind nun durchaus auch außerhalb der Informatik anwendbar. Der Auslöser für mich diesen Text zu schreiben war zum Beispiel der folgende Recht interessante Artikel von Hadmut:\nDie 110-Notruf-Taste im Webbrowser .\nDie Überlegungen, die Hadmut da anstellt, sind alle gut und richtig, aber wenn man die Regel von oben anwendet, kommt man schnell zu dem Schluß, daß die Taste zur Signalisierung des Notrufes nicht wirklich ein Problem ist - das sind wahrscheinlich weniger als 5 Zeilen Javascript in Firefox.\nDie Frage - und es ist erst mal eine Frage, kein Code-Problem - ist ja dann: Was soll dann passieren, wenn so eine Taste gedrückt wird. Es geht um Prozeß, d.h. immer um die Frage WER soll WANN mit WEM WOZU WORÜBER reden? Welche Informationen sollen beim Drücken der Taste also an wen übermittelt werden und welche Reaktion wird dann in welchem Zeitrahmen erwartet?\nBauen wir eine zentrale Internet-Notrufzentrale auf? Bekommt diese mit dem Notruf auch Location-Information übermittelt, wenn es notwendig ist? Wenn ja, wie?\nWelche anderen Informationen werden übermittelt? Die aktuelle URL? Der persistente State des Browsers mit allen Bookmarks, der History und so weiter? Der volatile State des Browsers mit aller ggf. aktiven Spyware, aber auch allen internen legitimen Variablen? Der State des ganzen Rechners mit Prozeßliste, Speicher- und Programminformationen, installierten Programmen nach Registry usw?\nWie wird der Notruf dann ausgewertet und klassifiziert?\nWas sind Standard-Reaktionen, wenn er Notruf verifiziert und klassifiziert ist? Kann die Notrufzentrale direkt auf den Rechner zugreifen und dort weitere Informationen auslesen, alles einmal durchforensiken? Kann sie schreiben und den Zustand des Rechners verändern? Oder kann sie nur per VoIP zurück rufen und in einer r/o Screensharing-Session den User durch den Notfall durchsprechen?\nWelche Taxonomie von Notfällen bauen wir überhaupt auf und was sind notwendige Schritte zur Verifikation, und dann Standard-Reaktionen auf den Notfall, so er verifiziert ist?\nSoll auch präventive Aktion möglich sein, etwa, wenn wir eine Häufung von Incidents einer bestimmten Art feststellen (einen Outbreak eines bestimmten Virus etwa) und das dem Incident-Managent übergeordnete Problem-Management eine größere Situation erkennt, die es flächig präventiv entschärfen möchte? Im Falle des Outbreaks etwa, indem es allen gefährdeten Rechnern präventiv einen Patch reinzwingt?\nWie ordnen wir das rechtlich und technisch ein? Wie hängen wir das organisatorisch auf? Wie erzwingen wir die technische Umsetzung des Rahmens (Pflichtinstallation der Software auf allen mit dem Internet verbundenen Zielsystemen)? Wie schützen wir diese Infrastruktur gegen Mißbrauch?\nWie man sieht kann der Check für einen Fehlerbedingung recht einfach sein - ein Notrufknopf.\nDas Handling dann, das kann \u0026ldquo;etwas\u0026rdquo; komplizierter werden. Aber solche Details muten eine Frau von der Leyen und ein Herr Schäuble dem interessierten Wähler im Wahlkampf eher nicht zu, wenn sie in Interviews von einem Notrufknopf im Browser reden - bzw. auch die Bildzeitung redet über diese viel spannendere Seite des Problems eher nicht - und das kann sehr einlullend sein: Wieso haben wir so einen Knopf eigentlich nicht im Browser? So schwer kann das doch nicht sein?\n","date":"2009-08-21T00:00:00Z","href":"https://blog.koehntopp.info/2009/08/21/was-bedeutet-eigentlich-never-check-for-an-error-condition-you-don-t-know-how-to-handle.html","tags":["politik","security","lang_de"],"title":"Was bedeutet eigentlich \"Never check for an error condition you don't know how to handle\""},{"categories":null,"content":"In Das Internet wird wahlentscheidend? berichtet Netzpolitik.org über eine Umfrage, die der Branchenverband Bitkom sich hat maßschneidern lassen. Neben einer Reihe von anderen seltsamen Fakten heißt es dort:\nDie Ergebnisse der BITKOM-Studie zeigen darüber hinaus eine hohe Akzeptanz von Online-Wahlen. Fast die Hälfte der Bundesbürger (47 Prozent) würde ihre Stimme bei Wahlen elektronisch über das Internet abgeben. Unter den 18- bis 29-Jährigen sind es sogar 57 Prozent. Bisher sind Internetwahlen nach dem deutschen Wahlrecht nicht erlaubt.\nWieso eigentlich nicht?\nDa ist einmal das Urteil des Verfassungsgerichtes:\nDas Gericht gab den Klägern in wesentlichen Punkten recht und bestätigte, dass die bisher eingesetzten Geräte mangelhaft seien. Der Wähler müsse die wesentlichen Schritte der Wahlhandlung und der Ergebnisermittlung zuverlässig und ohne besondere Sachkenntnis überprüfen können, sagte der Vizepräsident des Bundesverfassungsgerichts, Andreas Voßkuhle. Dazu gehöre, dass er sehe, ob seine Stimme richtig erfasst wurde.\nUnd da ist andererseits eine Anforderung an das Wahlgeheimnis, die von vielen unterschätzt wird. Dabei ist sie leicht zu erklären.\nWie lange muß ein militärischer Code eine militärische Nachricht wie \u0026ldquo;Angriff im Morgengrauen!\u0026rdquo; geheim halten können?\nGenau.\nBis die Sonne aufgegangen ist, d.h. so lange wie die Decodierung der militärischen Nachricht durch einen Feind dem Feind noch einen Erkenntnisgewinn verschaffen könnte. Das ist für die weitaus größte Zahl der Nachrichten nicht sehr lange.\nAndererseits stelle man sich einmal folgendes Szenario vor: 1933 hätte es so etwas wie ein Steampunk-Internet gegeben und Leute hätten bei der Wahl dort von daheim über dieses Netz abstimmen können. Jemand hat die verschlüsselten Nachrichten mitgeschnitten und könnte nun, falls er sie decodieren kann, beweisen, wer dort wann wie abgestimmt hat.\nWie lange muß der damals verwendete Schlüssel die Nachrichten geheimhalten können?\nGenau.\nUnd darum will man keine Abstimmungen über das Internet und auch keine Wahlcomputer.\n","date":"2009-08-19T00:00:00Z","href":"https://blog.koehntopp.info/2009/08/19/angriff-im-morgengrauen-oder-ein-paar-gedanken-zu-onlinewahlen.html","tags":["internet","politik","wahl","lang_de"],"title":"Angriff im Morgengrauen oder ein paar Gedanken zu Onlinewahlen"},{"categories":null,"content":"Eine Einthemenpartei wie die Piraten macht es sich sehr einfach - sie beackert nur dieses eine Poltikfeld und sammelt das Stimmvieh ein. Schauen wir mal genauer hin.\nDas hier ist ein Poltikfeld. Die weißen Punkte sind Stimmvieh.\nPolitikfeld mit Stimmvieh\nMit was also soll sich der medienkompetente und interessierte Bürger hier auseinandersetzen? Und sein Interessenvertreter im Parlament?\nDa stellen wir uns also mal ganz dumm und malen einen Kringel:\nDas Politikfeld, um das es hier gehen soll, ist das Urheberrecht. Es sieht so aus:\nDas Urheberrecht ist ein automatisches Recht: Man erwirbt es einfach indem man ein Werk erschafft. Die Schwelle, ab der etwas ein Werk ist, ist recht niedrig - ein Foto von einem Brötchen zum Beispiel kann ein Werk sein, oder ein Foto von Schafen auf einer Weide in Neuseeland, wie ich es dort oben gemacht habe. Auch ein Zeichensatz, eine Komposition, ein Brief, ein abgeschlossen formulierter Gedanke oder ein Aphorismus kann ein Werk sein.\nEs ist wirklich automatisch: Ich muß nichts dafür tun - ich brauche keine magischen ©-Symbole abzudrucken und ich brauche das Werk niemandem anzumelden. Man kann dennoch an sein Werk »© Copyright 2009 Kristian Köhntopp« malen. Das ist nett, und es ist psychologisch hilfreich, weil es potentielle Nutzer des Werkes animiert, nachzufragen und das Werk zu lizenzieren. Ich habe gute Erfahrungen und besser noch gutes Geld mit solchen Kennzeichnungen gemacht. Juristisch ist es jedoch nicht notwendiger Vodoo.\nLizenzieren? Ah ja.\nSchaut man genauer hin, kann man zwei Unterthemen erkennen:\nBeim Urheberrecht geht es um Verwertungsrechte, die man einem anderen abtreten kann. Das kann man nichtexklusiv oder für eine spezifische Nutzung tun, oder man kann es pauschal und dauerhaft machen. Letzteres ist zum Beispiel die präferierte Vertragsform, die Zeitungsverlage aktuell mit freien Autoren haben wollen. Der Autor kann den Artikel dann nicht mehr jemand anderem verkaufen, er muß nicht doppelt bezahlt werden, wenn der Artikel im Magazin und Online erscheint, und er muß auch nicht erneut bezahlt werden, wenn der Artikel in einem Sonderheft wieder aufgelegt wird.\nDen anderen Ast unseres Diagrammes gibt es nur im europäischen Urheberrecht: Das Urheberpersönlichkeitsrecht schützt die Interessen des Urhebers an seinem Werk und seinem Namen - es bewirkt, daß ein Urheber auf Namensnennung im Zusammenhang mit dem Werk bestehen kann und daß ein Urheber gegen Veröffentlichungen vorgehen kann, in denen sein Werk entstellt oder sonstwie unautorisiert verändert wird. Man findet das Urheberpersönlichkeitsrecht an seltsamen Orten - die deutsche Bahn zum Beispiel hat den Prozeß gegen den Architekten des Berliner Hauptbahnhofs/Lehrter Bahnhof verloren: \u0026lsquo;Durch Änderungen am Bau sei die ursprüngliche Planung des Stararchitekten Meinhard von Gerkan \u0026ldquo;erheblich entstellt\u0026rdquo; worden.\u0026rsquo;, berichtet der Spiegel .\nDas Urheberrecht wirkt weit in das Poltikfeld Kultur hinein. Ich habe recht willkürlich einmal einige Themen herausgegriffen, die die Verbindung herstellen, aber es gibt noch viel mehr Wechselwirkungen zwischen den beiden Themen:\nDa ist einmal das Thema Privatkopie, das über Prozesse gegen P2P-Filesharing und das schwedische Anti-Piratebyrån letztendlich zur Gründung (und Namensgebung) der Piratenpartei in Schweden geführt hat.\nAber im Spannungsfeld Kultur und Urheberrecht finden sich noch weitere Themen, zum Beispiel DRM (Digital Restrictions Management), bei dem unter dem Vorwand des Kopierschutzes Monopole durch inkompatible Formate geschaffen werden sollen und bei dem es auch darum geht, den Kunden zum Lizenznehmer statt Eigentümer zu machen - dadurch kann man ihm Werke wieder entziehen (Amazon hat das mit dem Kindle schön demonstriert), ihn mit Regioncodes gängeln, sein Nutzungsverhalten auswerten (auch das wird am Kindle schön demonstriert) und ggf. noch weiter verkaufen und viele andere Dinge mehr. Der Text \u0026lsquo;The Right to Read \u0026rsquo; (1997) von Richard Stallman schildert all das als eine Art visonäre Dystopie - wir sind auf dem besten Weg dahin, sie Wirklichkeit werden zu lassen.\nDie offene Frage, an der sich die öffentliche Diskussion derzeit entzündet ist die Frage, wie Urheber denn Geld verdienen sollen - im Raum steht eine Kulturflatrate, ein bürokratisches Monster mit noch größeren Tentakeln als VG Wort, GEMA und GEZ zusammen und ein absoluter Privacy-Albtraum.\nDas Thema kooperative Schöpfung als Gegensatz zur kompetetiven Schöpfung habe ich in einigen Texten in diesem Blog schon einige Male angesprochen, erstmal in Ein paar ideologische Steine in Rollen bringen . Im kreativen Bereich wird dies durch die Creative Commons Lizenzen und in geringerem Ausmaß durch die GFDL und andere freie Lizenzen für Texte, Bilder und andere Werke realisiert, im Bildungsbereich, zu dem wir gleich kommen werden steht dem das Prinzip Open Access gegenüber.\nEin anderes kontroverses Thema ist das Urheberrecht vs. die Neuschöpfung von Inhalten durch die Mittel des Zitates, der Parodie und Satire, oder durch Remixen und andere Formen der Ableitung. Bei Techdirt findet sich der Artikel The Myth Of Original Creators , bei mir liest sich das in Politik, Polemik und eine Agenda gar nicht so anders. Der Punkt, der hinter beiden Texten steht ist der, daß ein Urheberrecht im Internetzeitalter die Schaffung von neuen Werken ermutigen muß, und nicht als Hauptfunktion bereits existierende Inhalte schützen. Letzteres ist nur der Wunsch von Rechteverwertern, nicht der Wunsch von Kreativen.\nDas Thema Bildung steht mit dem Thema Kultur in enger Verbindung: Ohne Bildung kann man Kultur nicht richtig rezipieren und nicht alle Produkte einer Kultur kann man schon rezipieren, wenn man noch in der Ausbildung ist. Wir weiten unsere Skizze aus:\nJugendschutz ist ein Thema, das speziell die Bundesrepublik Deutschland bis zur Lächerlichkeit ernst nimmt. Das hat kulturelle Gründe, ist vielfach aber auch Bequemlichkeit: Jugendschutz ist ein politisch bequemer Weg, Repression auszuweiten, mit der man sozial unerwünschtes Verhalten und den Zugang zu sozial unerwünschtem kulturellen Ausdruck auch bei Erwachsenen erschweren kann. Das betrifft nicht nur die Reifen, durch die man springen muß, wenn man indizierte Medien erwerben will, sondern es betrifft auch Situationen wie das lukrative Lottomonopol, das die Bundesrepublik angesichts der EU nur behalten kann, indem sie eine Jugendschutzsituation erfindet: Um Jugendliche vor imaginärer Lottospielsucht zu beschützen kann man in Deutschland nicht mehr online Lotto spielen.\nEs ging um Bildung - damit Bildung möglich ist, muß Wissen kostengünstig zugänglich sein. Wir treffen hier das Thema kooperative Schöpfung wieder, diesmal unter dem Namen Open Access. Ein verwandter Gedanke ist die Idee, daß Werke, die aus öffentlichen Geldern geschaffen worden sind auch frei und kostenlos verfügbar sein sollten - US amerikanische Geodaten zum Beispiel sind so zu bekommen, weil sie mit Steuergeldern erarbeitet wurden, oder originale Inhalte der BBC für Einwohner Großbritanniens. In Deutschland stehen dem kommerzielle Interessen des Privatfernsehens gegenüber und die Mediatheken der deutschen öffentlich-rechtlichen müssen die Inhalte, die wir mit unseren Rundfunk- und Fernseh-Gebühren bereits bezahlt haben nach 7 Tage hinter dem Schleier des Vergessens verschwinden lassen und dürfen nicht gespeichert oder weiter verbreitet werden können. Klar - wer würde sonst noch RTL gucken wollen.\nDamit Bildung möglich ist, muß der Zugang zu Wissen überhaupt möglich sein. Was ist mit Archivierung, mit der Freisetzung von Inhalten bei Ablauf der Schutzfristen des Urheberrechtes und mit den legalen Kopien unter dem Bildungsprivileg im Angesicht von DRM? Auch hier begegnen sich die Poltikfelder Kultur, Bildung und Urheberrecht wieder.\nWir landen bei:\nIm Rahmen der Medienpolitik wollen wir außerdem über das Netz eine mediale Grundversorgung sicherstellen, die für die politische Meinungsbildung notwendig ist. Außerdem sollen Behördenprozesse digitalisiert und automatisiert werden, um so Effizienzgewinne zu realisieren. Dem steht eine Durchsetzung von Urheberrechtsansprüchen gegenüber, bei denen die Rechtevertreter eine Art digitale Todesstrafe einführen wollen, die sogenannte Three Strikes Regelung, bei der ein Netzteilnehmer am Ende abgeklemmt wird. Dieser Widerspruch wird von der Politik noch nicht adressiert und auch nicht aufgelöst.\nDie Interessenlage sieht so aus:\nAlles zusammen reden wir gerade über das hier:\nWobei ich andere Schutzrechte des Komplexes geistges Eigentum noch ausgespart habe - hier sind also keine Markenrechte, Namensrechte, Patente und andere Monopolrechte mit eingezeichnet und ich habe daher auch die Überschneidungen mit der landwirtschaftlichen Gentechnik (und deren Verbindungen zur Forschung) und viele andere Dinge noch nicht eingezeichnet - denn dann wird es wirklich unübersichtlich.\n","date":"2009-08-19T00:00:00Z","href":"https://blog.koehntopp.info/2009/08/19/einthemenpartei.html","tags":["copyright","free software","internet","media","piraten","politik","lang_de"],"title":"Einthemenpartei"},{"categories":null,"content":"In der Digitaz erschien vor zwei Tagen ein Gastbeitrag von Kai Schächtle, dem Vorsitzenden des Berufsverbandes freier Journalisten und Journalistinnen, \u0026ldquo;Freischreiber\u0026rdquo;. Unter dem Titel Meister der Enteignung stellt er die gängige Vertragspraxis der nach ihrem Bekunden \u0026ldquo;Qualitätsjournalismusverlage\u0026rdquo; der Kampagne von Hubert Burda und anderen zur Einführung eines Verlinkungsgebühr gegenüber:\nWas Burda in seinem Hilferuf verschweigt: Die Rechtsabteilungen der Verlage haben in den vergangenen Jahren eine erstaunliche Kreativität an den Tag gelegt, um selbst zu Meistern der Enteignung zu werden - im Umgang mit ihren freien Journalisten. Man kann es nicht anders als bigott nennen, wie Verlagsverantwortliche derzeit Politik in eigener Sache machen: Sie beschweren sich über die vermeintliche Enteignung durch Google, zwingen ihren Autoren aber gleichzeitig Total-Buy-out-Verträge auf, mit denen sie sich sämtliche Rechte an deren Stücken sichern. Diese Knebelverträge machen es möglich, eingekaufte Texte beliebig oft zu benutzen und weiterzuverkaufen, ohne dass die Autoren davon profitieren.\nSchächtle zeichnet ein drastisches Bild des aktuellen Journalismus - Zeilenhonorare sind nach seiner Aussage so niedrig, daß 500 Euro für einen Artikel, in dem eine Woche Recherchearbeit steckt, eher die Norm als die Ausnahme sind.\nFür mich, der Schreiben als angenehmen Nebenverdienst ansieht, aber seine Texte lieber frei ins Netz stellt als einen Total Buyout zu unterschreiben bloß damit es gedruckt wird, ist das etwas, das ich vom Spielfeldrand aus betrachte.\nDie Begegnung mit der geänderten Verlagseinstellung hatte ich aber auch: Alle meine Artikel bis auf den letzten bei Heise sind ohne Vertrag \u0026lsquo;Text gegen Überweisung\u0026rsquo; entstanden, es gelten dann die Default-Regelungen, und die sind vom Anfang des 20. Jahrhunderts - 1908 oder so. Der Verlag wollte dann für meinen letzten iX-Artikel einen extra Autorenvertrag und dieser hätte mir verboten, den an Heise verkauften Artikel auf meiner eigenen Website neben seine Geschwistertexte zu stellen.\nDas wollte ich nicht - ich will alle Texte, die ich jemals verkauft habe, auf meiner Leistungsschau entlang der Dimension \u0026ldquo;von Kris geschrieben\u0026rdquo; zeigen können und eher stelle ich einen Artikel kostenlos ins Blog als auf dieses Recht zu verzichten bloß damit der Text in die iX kommt. Nach einem mehrwöchigen Hin- und Her hat der Verlag dann meine Autorenvertragsänderung akzeptiert, aber letztendlich ist es für mich einfacher und einträglicher, mein Zeugs hier ins Blog zu kippen als für ein paar hundert Euro pro Seite Honorar den Vertrag mit einem Verlag auszukämpfen: Bekäme ich durch meine Texte hier nur einen Consultingtag mehr, entspricht das dem Honorar für einen recht langen Grundlagenartikel.\nDennoch ist es ein aktuelles und recht brennendes Problem für Leute, die vom Schreiben leben wollen. Aber das Problem ist vielschichtiger.\nSolange Leute wie ich Texte schreiben, die druckfähig wären, diese aber gratis verbloggen, nehme ich natürlich Berufsschreibern einen Teil vom Markt weg. Sorry, aber für mich ist das Werbung, und solche die gut funktioniert. Ich werde nicht aufhören.\nSolange Berufsschreiber so dringend in ein bestimmtes Blatt wollen, daß sie dafür einen Total Buyout Vertrag annehmen, kommt auch an dieser Stelle keine Bewegung ins System. Der Organisationsgrad der Autoren ist aber zu niedrig, als daß von dieser Seite aus effektiv Druck aufgebaut werden könnte.\nUnd solange Verlage ihre Autoren so ausquetschen, um den unmittelbaren Bedarf zu befriedigen wird das Rennen ins Bodenlose weitergehen: Denn wie in Schächtles Artikel skizziert wird durch dieses Umfeld das Annehmen von Lobby- und Gefälligkeitsartikeln für Berufssschreiber rentabler als objektive Recherche - am Ende ist ein gecrowdsourcter Blogartikel besser recherchiert und eher mit einem vertrauenswürdigen NPOV verfaßt als ein Werk des sogenannten Qualitätsjournalismus.\nSammlungen wie Telemedicus: Rechtsfragen der Informationsgesellschaft (hier via das wunderbare Carta sind solche Lichtblicke, oder die nicht minder guten Analysen bei Netzwertig , die ich jedermann nur dringend ans Herz legen kann. Dort, bei Carta und Netzwertig, findet sich nicht nur die Darstellung des neuen Online-Qualitätsjournalismus, sondern dort wird das Prinzip auch vorgelebt und ich bin begeistert. Der Freitag experimentiert mit wachsenden Artikeln , wie man die lokale Form des Crowdsourcing dort eindeutscht, und das mit zufriedenstellenden Ergebnissen, wenn die Form auch noch ein wenig schwerfällig wirkt.\nJetzt muß das nur noch jemand mal dem Uwe Jochum erklären, der mir mehr und mehr wie eine Figur direkt aus Rainbows End vorkommt.\n","date":"2009-08-19T00:00:00Z","href":"https://blog.koehntopp.info/2009/08/19/meister-der-enteignung.html","tags":["lang_de","copyright","internet"],"title":"Meister der Enteignung"},{"categories":null,"content":"openvpn ist ein bequem aufzusetzender VPN-Server, der mit einer einfachen TCP-Verbindung angesprochen werden kann. Da kein gesonderter IP-Pakettyp verwendet wird, funktioniert openvpn sehr einfach auch mit dummen Routern oder in eingeschränkt konnektierten Netzwerken.\nInsbesondere kann der openvpn-Server auch etwa auf Port 443 laufen. Daher ist openvpn sehr bequem, wenn man hinter einem Proxy-Server eines Netzwerkes sitzt, der ausgehende https-Verbindungen nur auf https-Ports zuläßt, wie es etwa in vielen Firmen der Fall ist.\nMit einem openvpn-Server, der auf Port 443 lauscht, kommt man aus den meisten dieser Netze bequem heraus und kann alle seine Zugriffe dann über die VPN-Verbindung tunneln. Der Proxy sieht nur eine normale CONNECT-Anweisung auf einen https-Port, danach ist alles verschlüsselt. Der Verbindung ist also nicht anzusehen, daß es sich nicht um eine https-Verbindung handelt - um das zu erkennen müßte der Proxy schon umschlüsseln, dann wäre die Verbindung aber wegen des durch den Proxy gefälschten Zertifikates aus unsicher zu erkennen.\nDas Kommanzeilenprogramm openvpn ist sowohl Server als auch Client. Auf dem Server wird es so gestartet:\n/usr/sbin/openvpn \\ --daemon \\ --writepid /var/run/openvpn/openvpn.pid \\ --config /etc/openvpn/openvpn.conf \\ --cd /etc/openvpn Die Konfiguration ist kurz und schmerzlos:\nh743107:~ # cat /etc/openvpn/openvpn.conf daemon openvpn-server.koehntopp dev tun local {SERVERIP} port 443 proto tcp user nobody group nobody cd /etc/openvpn ca keys/ca.crt cert keys/server.crt key keys/server.key dh keys/dh1024.pem server 192.168.168.0 255.255.255.0 ifconfig-pool-persist ipp.txt comp-lzo persist-key persist-tun status openvpn-status.log verb 3 keepalive 10 60 # client config dir client-config-dir client-config-dir Dies erzeugt einen Server, der auf Port 443 an der an Stelle von {SERVERIP} eingesetzten IP lauscht. Der Server läßt Verbindungen von Clients zu, die ein Zertifikat haben, das mit ca.crt signiert ist - Zertifikate erzeugen .\nDer Client bekommt eine IP aus dem im server-Statement genannten Pool zugeteilt, und die IP ist persistent. Wir verwenden komprimierte Verbindungen und versuchen den Tunnel auch über Server-Restarts (persist-tun) zu halten, ditto für den Key. Der Server schreibt ein openvpn-status.log auf dem Verbosity-Level 3. Wir pingen unsere Verbindung alle 10 Sekunden und starten sie nach 60 Sekunden fehlenden Pings neu (viele https-Proxies trennen die Verbindungen sehr aggressiv, also halten wir sie so beschäftgt). Im client-config-dir könnten wir noch weitere Client-spezifische Konfigurationen unterbringen.\nAuf demselben Rechner starte ich auch einen Squid, den ich auf 127.0.0.1:3128 binde und dem ich Zugriffe aus dem 192.168.168.0/24 erlaube. Dadurch kann ich all meinen privaten Webtraffic durch meinen Proxy schicken, statt meine URLs an den anderen Proxy auszuliefern, bei dem ich nicht weiß, was die Betreiber mit den Logs oder meinen Daten machen.\nAuf dem Client (bei mir ein Mac) verwende ich Tunnelblick als openvpn-Starter und habe in $HOME/Library/openvpn eine openvpn.conf hinterlegt:\nclient dev tun proto tcp remote {SERVERIP} 443 resolv-retry infinite nobind user nobody group nobody persist-key persist-tun ca ca.crt cert client.crt key client.key comp-lzo verb 3 keepalive 1 5 ; firmenproxy http-proxy {COMPANY_PROXY} 3128 http-proxy-retry Hier ist dieselbe {SERVERIP} einzutragen wie bei der Server-Konfiguration. Wenn die Verbindung durch einen Web-Proxy getunnelt werden muß, muß man die beiden http-proxy Kommandos am Ende der Datei anpassen, zum Testen daheim kann man sie weglassen. Der Rest der Konfiguration entspricht der Server-Config, nur die Keepalives habe ich für mich noch aggressiver setzen müssen.\n","date":"2009-08-10T00:00:00Z","href":"https://blog.koehntopp.info/2009/08/10/einen-openvpn-server-aufsetzen.html","tags":["security","privacy","lang_de"],"title":"Einen  openvpn Server aufsetzen"},{"categories":null,"content":" Aktueller denn je: \u0026lsquo;Meine Familie und ich\u0026rsquo;, aktuelle Ausgabe - in der Vorwegnahme des Bundestagswahlkampfes.\n","date":"2009-08-10T00:00:00Z","href":"https://blog.koehntopp.info/2009/08/10/piratenthemen.html","tags":["piraten","lang_de"],"title":"Piratenthemen"},{"categories":null,"content":"Die Welt veröffentlicht einen Wahlkampfartikel pro Piratenpartei: \u0026ldquo;Thomas de Maiziere: Kanzleramts-Chef fordert scharfe Regeln im Internet \u0026rdquo;:\nThomas de Maiziere geht in die Offensive: Der Kanzleramts-Chef will die Kontrolle von Inhalten im Internet verschärfen und mittelfristig \u0026ldquo;Verkehrsregeln\u0026rdquo; fürs Netz einführen. Andernfalls würden wir dort Scheußlichkeiten erleben, die jede Vorstellungskraft sprengen, sagte de Maiziere.\nDiese Art von Wahlwerbung die dem Prinzip des Geh nicht raus! -Spots folgt, ist hochwirksam: Obwohl die Welt eines der konservativsten Blätter am Markt ist, kann man in den Kommentaren die unmittelbare Überzeugungskraft dieser Art des Wahlkampfes erkennen.\n","date":"2009-08-10T00:00:00Z","href":"https://blog.koehntopp.info/2009/08/10/piratenthemen-ii.html","tags":["internet","piraten","regulierung","lang_de"],"title":"Piratenthemen II"},{"categories":null,"content":"Heise newstickert: Bundesregierung sieht große Mängel bei Jugendschutz-Filtern . Ach!\nBislang habe keines der staatlich getesteten Jugendschutzprogramme, die Filterregeln für beispielsweise von Eltern zu installierender Schutzsoftware vorgeben, eine \u0026ldquo;akzeptable Wirksamkeit\u0026rdquo; entfaltet, schreibt der federführende Beauftragte für Kultur und Medien, Bernd Neumann, in seiner jetzt verfügbaren Antwort (PDF-Datei) auf eine Anfrage der grünen Bundestagsfraktion. Zu viele zulässige Inhalte würden blockiert, und zu viele ungeeignete Angebote würden durchgelassen, schreibt der CDU-Politiker unter Berufung auf Tests im Prüflabor der Kommission für Jugendmedienschutz (KJM) bei der länderübergreifenden Stelle jugendschutz.net. Beide Mängel seien nicht wünschenswert.\nDer Bericht hebt weiter darauf ab, daß die Anzahl der zu bewertenden Sites sehr groß sei und die Inhalte sich zum Teil recht schnell ändern würden. Eine automatische Klassifizierung von Inhalten funktioniere nicht, und daher wolle man eine Selbstklassifizierung der Anbieter erzwingen.\nEine Reflektion über die Situation und eine Ursachenforschung nach diesem Dilemma wird nirgendwo erwähnt. Das wäre aber nützlich:\nDas erklärte Ziel solcher Sperrsoftware sei es, die \u0026ldquo;von aus jugendschützerischer Sicht ungeeigneten\u0026rdquo; Webseiten zu blockieren. Das ist als Missionsstatement natürlich falsch, denn dieses Ziel ist einfach zu erreichen:\nMan sperrt einfach alle Internetseiten komplett.\nDas korrekt formulierte Ziel ist es, die aus jugendschützerischer Sicht ungeeigneten Webseiten zu sperren und alle anderen zu erlauben.\nDas wird auch weiter oben im Text zugegeben, denn dort wird unter anderem beklagt, daß zu viele zulässige Inhalte blockiert würden. So formuliert ist dieses Ziel aber weitaus schwieriger zu erreichen, weil man nun nicht mit einer kleineren Zahl von jugendgefährdenden Webseiten zu tun hat, sondern mit allen Webseiten, die es gibt. Insbesondere muß man nun Aussagen über nicht bewertete Webseiten machen.\nBei Filmen und Videospielen ist das einfach - ein Film oder ein Videospiel ohne Bewertung wird behandelt wie \u0026lsquo;frei ab 18\u0026rsquo;. Damit ist der Fall dort erledigt, denn ein Film oder ein Videospiel zu publizieren ist ein aufwendiger Akt und der Herausgeber des Mediums hat damit ein Interesse daran, sein Werk nicht nur bewerten zu lassen, sondern auch eine möglichst niedrige Bewertung zu erzielen, damit die Reichweite und damit die erzielbaren Gewinne möglichst maximal sind. Es gibt nur sehr wenige Filme und Videospiele, die nicht eine Jugendschutzbewertung haben.\nIm Internet ist das anders: Im Internet kennt man sehr viel mehr Autoren und Werke, und die Kosten für die Erzeugung einer beliebigen Website sind minimal. Wenn Arbeitszeit kostenlos ist, das Werk also als Hobby erstellt wird, sind die Kosten für das Werk sogar Null. Damit fällt die Motivation für eine Reichweitenmaximierung weg:\nIm Internet will ein Herausgeber nicht so viele Personen als möglich erreichen, sondern die richtigen: Gleichgesinnte oder Fans.\nNur bei großen, kommerziellen Sites sind auch Kunden die Zielgruppe. Darum ist die Motivation sein Werk bewerten zu lassen im Internet sehr viel geringer - \u0026lsquo;Mir doch egal, ob Jugendliche oder Kinder auf meine Site zugreifen können\u0026rsquo; ist keine so ungewöhnliche Formulierung.\nSelbst wenn jemand seine Site selbst bewertet oder bewerten läßt besteht das Problem, welche Bewertung man denn vergibt. Denn wenn man eine Site zu hoch bewertet - frei ab 18, obwohl sie frei ab 12 wäre - ist das folgenlos. Bewertet man sie anders herum falsch - frei ab 12, obwohl sie frei ab 18 wäre - ist das ein Problem. Als Hobbyist oder engagierte Privatperson ist man also nur dann auf der sicheren Seite, wenn man die Altersfreigabe für seine Site eher zu hoch ansetzt.\nDie höchste Einstufung - frei ab 18 - bekommt man aber sowieso, wenn man gar nichts tut und seine Site nicht selbst bewertet. Warum also überhaupt etwas tun und ein rechtliches Risiko eingehen?\nDie Folge ist, daß ein Klassifikationssystem für den Jugendschutz bei Webseiten nicht greift.\nVersuche hat es viele gegeben, aber im Allgemeinen sind diese nicht erfolgreich gewesen in dem Sinne, daß sie eine Abdeckung hergestellt hätten. Einige kommerzielle Sites haben sich selbst bewertet oder bewerten lassen, aber die Masse der Sites eben aus den dargelegten Gründen nicht. Damit tritt bei einer Sperrung unbewerteter Sites in einem Filter noch immer die Situation aus dem Anfang ein - alle Sites sind gesperrt und der Jugendschutz ist hergestellt, indem man Kinder und Jugendliche aus dem Internet fernhält. Allenfalls ist ihnen ein Kindernet spezieller freigegebener, kommerzieller Sites zugänglich (\u0026lsquo;Walled garden\u0026rsquo;). Das ist kaum geeignet, die von Erziehern gewünschte Medienkompetenz zu erzeugen.\nAlso die Experimente mit automatisierten Bewertungen nach formalen, syntaktischen Kritieren wie Wortfilter oder Rosa-Pixel-Zähler. Dazu heißt es in dem Artikel:\nWege der Fülle unzulässiger Inhalte im Internet kämen dabei neben redaktionellen auch automatische Klassifizierungsverfahren zum Einsatz. Diese sollten die Jugendschutzproblematik von Webseiten \u0026ldquo;an Hand bestimmter Muster erkennen\u0026rdquo;. Falsche Einordnungen seien beim derzeitigen Stand der Technik aber nicht zu vermeiden.\nDas ist wenig überraschend. Die Klassifizierung einer Site nach Jugendgefährdung ist am Ende eben keine syntaktische, sondern eine semantische und moralische - es kommt nicht auf die verwendeten Worte an, sondern was mit ihnen gesagt wird und wie das zu bewerten ist. Würden solche automatisierten Filter tatsächlich zuverlässig funktionieren, hätten wir eine Maschine gebaut, die in der Lage ist, Texte zu verstehen und auf der Grundlage ihres Wissens von der Welt moralische Urteile über diese Texte fällen kann.\nWir hätten nicht nur das Problem der Maschinenintelligenz, sondern auch das Problem der Maschinenmoral gelöst und könnten als schöpferische Rasse beruhigt abtreten, weil wir den Funken des Geistes an eine uns nachfolgende Form der Existenz abgegeben haben.\nDie Debatte über den Jugendschutz im Internet wird jedenfalls keinen Millimeter von der Stelle kommen, solange die kommerziellen Verhältnisse im Netz und wie die sich von denen in anderen Medien unterscheiden nicht einbezogen werden. Sie wird auch nicht von der Stelle kommen, solange nicht zugegeben und akzeptiert wird, daß Automatisierung in dieser Frage ein sinnloses Unterfangen ist.\n","date":"2009-08-06T00:00:00Z","href":"https://blog.koehntopp.info/2009/08/06/jugendschutzfilter-saugen-und-daf-r-gibt-es-einen-grund.html","tags":["internet","jugendschutz","politik","web","lang_de"],"title":"Jugendschutzfilter saugen und dafür gibt es einen Grund"},{"categories":null,"content":"Migros schaltet seine Server aus .\nDie Lizenzserver sollen angeblich noch bis 2011 weiter laufen, sind aber jetzt schon angeblich nicht mehr immer erreichbar. Und die vorausbezahlten Beträge, die Migros seinen Kudnen noch schuldet, werden nur auf Antrag zurückgezahlt (das wäre nach deutschem Recht übrigens so nicht möglich).\nNetzwertig kommentiert:\nMan kann es nicht oft genug sagen: DRM-Angebote sollte man als Kunde immer meiden, sofern es geht. Man erwirbt damit keine Produkte, sondern nur das vom Anbieter aus verschiedensten Gründen widerrufbare Nutzungsrecht. Die Abhängigkeit gegenüber dem Anbieter durch DRM ist für jeden Kunden eine tickende Zeitbombe.\nDem gibt es nichts hinzu zu fügen.\n","date":"2009-07-28T00:00:00Z","href":"https://blog.koehntopp.info/2009/07/28/migros-schaltet-i-m-ch-ab.html","tags":["media","musik","lang_de"],"title":"Migros schaltet i-m.ch ab"},{"categories":null,"content":"Die Geschichte von Unix ist eine Geschichte der gescheiterten oder unbrauchbaren Standards - ihre Zahl ist Legion.\nEgal in welche Richtung man schaut: Sun zum Beispiel hatte einmal einen auf Postscript basierenden Desktop - NeWS , der in gewissser Weise X11 um Jahrzehnte voraus war, sich aber nie hat durchsetzen können, unter anderem deswegen, weil das Ding von Sun als Waffe gegen andere Unix-Anbieter verwendet worden war und quasi tot-lizensiert wurde, gefolgt vonOpen Look und dann dem Motif-basierenden CDE . Speziell letzteres war endlich ein herstellerübergreifendes Projekt, das von allen kommerziellen Unix-Anbietern unterstützt wurde (siehe auch den Solaris-Artikel ). Da Motif als Toolkit aber bis zur Obsoleszens keine freie Software war und CDE auch keine nennenswerte Weiterentwicklung erfuhr, wurde es inzwischen großflächig durch KDE oder Gnome ersetzt - beides nativ freie Software.\nAuch auf Ebenen weiter unten war Standardisierung schwierig und ist vielfach gescheitert - so hat POSIX bis heute keine Norm für Access Control Lists von Dateisystemen und entsprechend ist etwa die Kommandozeilensyntax (und Ausdrucksstärke) von Access Control Lists auf einem Mac, einem Linux und einem Solaris unterschiedlich. Schaut man sich die Datumsangaben in dem verlinkten Wikipedia-Artikel an, kann man erkennen, daß Posix ein klassischer Nachfolgestandard ist - also kein Standard, der irgendetwas definiert oder voran bringt, sondern einer, der nur eine bereits vollzogene Entwicklung dokumentiert und festschreibt. Auch hier sind Herstellerkriege um Definitionsmacht die Ursache dafür.\nAuf der anderen Seite findet man eine Reihe von Innovationen in Unix, die sich universell durchgesetzt haben, aber erst nachdem ein Hersteller sie in klarer Verletzung aller formellen und informellen Standards eingeführt hat. Um bei Sun zu bleiben: Die heutige Architektur von Shared Libraries (.so\u0026rsquo;s) wie wir sie kennen ist einem Alleingang von Sun geschuldet, der so erfolgreich war, daß wir ihn heute in allen Unices finden, die überlebt haben. Genau so ist das heutige Layout von Dateisystemen, also die Einführung von /var, /home, /opt und die Aufgabe der Trennung von / und /usr ein Alleingang von Sun, der so erfolgreich war, daß er über den Umweg von SVR4 in alle nennenswerten modernen Unices Einzug gehalten hat.\nSun hat das damals machen können, weil sie Workstations in großer Zahl abgesetzen konnten und so die entsprechende Definitionsmacht hatten. Außerdem sind die oben genannten Innovationen Beispiele für Innovationen, die nicht totlizensiert waren und so ohne Risiko experimentell von anderen Herstellern übernommen werden konnten.\nDie Rolle von Sun im heutigen Unix-Markt ist eine viel kleinere - Sun hat nicht nur nach Stückzahlen, sondern vor allen Dingen nach Developer- Mindshare eine sehr viel kleinere Rolle. Sun hat immer noch Ideen, einige von denen sind sogar kopierenswert. In die nach Stückzahlen und vor allen Dingen nach Developer-Mindshare sehr viel größere Linux-Welt werden sie jedoch nicht.\nDie Gründe sind immer noch dieselben wie oben:\nZFS und Dtrace sind zwei Ideen, die sehr kopierenswert sind, die aber aus der Sicht der Linux-Welt totlizensiert sind. Sie sind totlizensiert in dem Sinne, daß die Lizenz dieser Stücke Software frei im Sinne von DFSG sein mag, aber die Lizenz ist mit der GPL inkompatibel. Das mag Absicht oder ein unglücklicher Zufall sein, Fakt ist, daß diese Ideen so nicht direkt als Code in Linux übernommen werden können. Also entwickeln sich in Linux alternative Projekte und es ist absehbar, daß diese in den nächsten 5 Jahren die entsprechenden Sun-Konzepte verdrängen werden - falls Oracle den Kram (Update wegen ixs Artikel : gemeint ist ZFS, das ja nun wie ganz Sun auch Oracle gehört) nicht Linux-kompatibel relizensiert. Letzteres wäre immerhin denkbar, denn die BTRFS-Entwicklung wurde zu einem guten Teil von Oracle finanziert und BTRFS ist das Linux-Gegenstück zu ZFS.\nEin anderes Beispiel für eine Sun-Idee, die kopierbar wäre, aber nicht kopiert wird, ist SMF - hier ist die Sun-Lösung zu häßlich oder verkopft und es gibt zu viele konkurrierende Ideen, um init zu ersetzen. Wahrscheinlicher ist es, daß sich Konzepte wie Upstart auf breiter Front durchsetzen.\nUnter dem Strich bleiben einige Erkenntnisse:\nStandards sind öfter als nicht Festschreibungen bereits erfolgter Standardisierungsprozesse. Sie sind meist mehr Dokumentation als Innovation. Innovation wird im Unix-Bereich oft als Abweichung von einem vermeintlich oder tatsächlich bestehenden Standard wahrgenommen und daher oft schon aus Prinzip und ungeachtet ihres Nutzens mit Kritik überzogen. In 2009 haben die verschiedenen Linux-Distributionen endlich eine solche Marktmacht, daß sie de-facto Standards setzen können, die mit großer Wahrscheinlichkeit bald in Standarddokumenten dokumentiert werden. Die Tatsache, daß Sun die GNU Tools im Pfad vor den eigenen Tools positioniert ist Testament dieser Entwicklung. Die Tatsache, daß es einen Unterschied macht ob man Sun Tools oder GNU Tools vorne im Pfad hat (oder BSD- statt SysV-Tools vorne im Pfad plaziert), ist Dokumentation der Tatsache, daß die existierenden Standardisierungen im Unix-Bereich noch lange nicht weit genug gehen, um eine Plattform zu erzeugen, die für die Anwendungsentwicklung groß genug wäre. Kommandozeilenwerkzeuge sind aber nur ein Aspekt der Sache - das Spiel setzt sich in rpm, deb, pkg und anderen Paketformaten, tar-Versionen, Desktop-Umgebungen und so weiter fort. Andererseits dokumentiert der bisherige Erfolg von Linux, daß das gar nicht so schlimm ist - von allen Unix-Versionen außer Linux sind überhaupt nur noch Solaris und AIX übrig geblieben und beide werden immer Linux-ähnlicher. Das ist eine gute Sache, und wenn man das erst einmal akzeptiert hat, kann man sich an den Tisch setzen und konstruktiv dokumentatorische Standards verabschieden. (geschrieben nach der Lektüre von Jörgs Rant )\n","date":"2009-07-26T00:00:00Z","href":"https://blog.koehntopp.info/2009/07/26/unix-standards.html","tags":["computer","linux","unix","lang_de"],"title":"Unix-\"Standards\""},{"categories":null,"content":"Neulich fragte ich noch Wieviel Strom verbraucht ein Stromzähler? :\nVon den Sicherheits- und Datenschutzaspekten mal abgesehen…\nVon diesen Aspekten kann man nun nicht mehr absehen, denn EnBWs Yellowstrom implementiert den maximalen FAIL. Im Spiegel wird unter dem Titel EnBW lässt Stromzähler zwitschern ernsthaft erwogen, Twitter als Nachrichtentransport vom Zähler zum Endverbraucher und als Kommandotransport vom Endverbraucher zum Endgerät zu implementieren. Mit dem Zähler als Haushalts-Server und X10 Kommandozentrale\u0026hellip;\nDas ist auf so viele verschiedene Weisen kaputt, daß ich nur leise stöhnen kann: Twitter ist öffentliche Kommunikation und übermittelt meinen Stromverbrauch an die ganze Welt, unzureichend authentisiert, der Stromverbrauch eines solchen Gerätes ist mit Sicherheit höher als der eines Altzählers und ich will ganz bestimmt keine kritische Infrastruktur in meinem Haushalt am Internet angeschlossen wissen. Noch mehr will ich verhindern, daß kritische Infrastuktur eines Stromversorgers mit Gateways ins Internet ausgestattet ist.\nDie Schmerzen. Diese unerträglichen Schmerzen! Ich gehe, glaube ich mal ein Aspirin runterladen. Oder das rauchen, was die Leute bei EnBW da rauchen.\n","date":"2009-07-06T00:00:00Z","href":"https://blog.koehntopp.info/2009/07/06/stromzaehler-revisited.html","tags":["computer","energy","lang_de"],"title":"Stromzähler revisited"},{"categories":null,"content":" Ich bin Mitglied in der Piratenpartei, aber dieser Text hier ist meine Sicht auf das Thema und nicht eine abgestimmte Position der Piratenpartei. \u0026ndash; Kris\nEs geht um Urheberrecht und um den Graben des Nichtverstehens zwischen Online und Offline.\nDie Position der Piratenpartei zum Urheberrecht wird in Fernseh- und Zeitungsberichten oft falsch oder gar verzerrt dargestellt. Daran ist die Piratenpartei sicher nicht ganz unschuldig, weil die Positionen der Partei in ihren eigenen Texten ideologisch nicht ganz klar formuliert sind.\nAber der Hauptgrund ist tatsächlich, daß in den Medien das Vokabular und die Ideen komplett fehlen, die notwendig sind, um eine der wichtigsten Bewegungen der letzten 40 Jahre korrekt zu erfassen - denn was im Bereich der Software-Entwicklung unter de Namen \u0026lsquo;Freie Software\u0026rsquo; subsumiert wird, existiert auch außerhalb dieses Bereiches, aber nicht unter einem einheitlichen Namen. Wir kennen es unter Begriffen wie freie Musik, Creative Commons, Social Media, Blogosphäre und vielen anderen Begriffen mehr. Es steht für eine neue, andere Art von Kulturschaffen, eine, die von der Politik und den traditionellen Kreativen nicht oder nicht vollständig erfaßt wird.\nWas genau ist anders?\nNehmen wir einmal eine Site wie Flickr als Beispiel. Leute laden dort Fotos herauf. Viele lizensieren ihre Fotos unter einer der von Flickr angebotenen Creative Commons Lizenzen. Sehr viele User erlauben es, anderen Benutzern von flickr die Fotos zu kommentieren, Kommentare direkt im Bild einzutragen oder die Fotos zu taggen. Flickr stellt Fotos, Kommentare und Tags per Suche, als RSS-Strom und als Download zur Verfügung. Andere verweden Fotos in Flickr als Datenquellen für Mashups oder Flickr-basierende Anwendungen. Fotos werden in Sets, Alben und Pools kategorisiert und kanalisiert.\nDer Wert von Flickr als Site ergibt sich nur zu einem kleinen Teil aus dem Hochladen der Fotos - es wäre mir ein leichtes, meine Fotos stattdessen auf meiner eigenen Site in meiner eigenen Gallery zu archivieren und zu publizieren. Das wäre auch kostengünstiger, als sich bei Flickr einzutragen und dann einen Pro-Account zu bezahlen, damit die lästigen Einschränkungen wegfallen, die ein kostenloser Flickr-Account mit sich bringt.\nAber wer sich einen Pro-Account holt, der tut dies in der Regel nicht, um ein Foto-Archiv oder eine Galerie zu haben. Er tut dies stattdessen auch und in vielen Fällen genau deswegen, weil sich aus der Zusammenarbeit mit anderen und der Vernetzung von Inhalten ein Mehrwert ergibt.\nDer Mehrwert ergibt sich aus der Zusammenarbeit und der Vernetzung.\nDas haben wir doch schon mal gehört?\nMetcalfes Law über Kommunikationsnetze sagt da etwas drüber, und die Formulierung \u0026lsquo;Ein Telefon nützt niemandem etwas\u0026rsquo; bringt es auf den Punkt. Weswegen die klassischen Kinder-CB-Walkietalkies ja auch immer als Set von Zweien verkauft werden. Das Gesetz gilt so ähnlich aber auch für den Output von kooperativen sozialen Netzen.\nAber worauf ich hier eigentlich hinauswill ist die Zusammenarbeit. Sie ist von einer besonderen Art - sehr menschlich nämlich. Sie ist vorbedingungslos, freiwillig und sie wird gegeben frei von Verpflichtungen, die für mich entstehen - für manche Menschen ist das zusammen die Definition von (Nächsten-)Liebe. Fremde Menschen, die ich womöglich nie persönlich getroffen habe, beziehen sich auf meine Bilder, kommentieren meine Texte, referenzieren meine Werke, zitieren mich, oder bauen ihre Werke und Ideen auf Teilen von meinen Ideen und Werken auf.\nDas funktioniert, weil mehrere Dinge zusammentreffen.\nEinmal: In dem New Yorker-Artikel über die Logik des Kostenlosen wird gezeigt, daß sich die Dinge verändern, wenn der Preis einer Sache als Null wahrgenommen wird.\nEs wird auch gezeigt, daß der Preis einer solchen Sache womöglich nicht wirklich Null ist - er wird nur so wahrgenommen, weil wir feste Infrastrukturkosten mental nicht auf eine einzelne Transaktion umrechnen, sondern als bloße Kosten unserer Existenz pauschal abschreiben - zwar sieht die Steuer bei den Autofahrern unter uns x Cent pro Kilometer als entstehende Kosten unter Berücksichtigung aller Umlagekosten an, aber mental haben diese Autofahrer \u0026lsquo;sowieso ein Auto\u0026rsquo; und rechnen pro Fahrt bestenfalls die Spritkosten für den Kilometer an, wenn überhaupt. Man hat das Auto halt \u0026lsquo;sowieso\u0026rsquo;, da kann man es auch nutzen.\nGenauso rechnet niemand die Kosten für Computer, Strom und Netz anteilig an den Transaktionskosten der Flickr-, Blog- oder sonstwie-Teilnahme ab. Man \u0026lsquo;ist halt sowieso online\u0026rsquo;, man hat \u0026lsquo;den Bug da sowieso weg machen müssen\u0026rsquo; oder \u0026lsquo;sowieso grad einen Text fertig geschrieben\u0026rsquo;. Dann kann man den auch noch mal schnell ins Netz stellen, aufarbeiten, oder sonstwie verfügbar machen. Solange die Kosten für diese individuelle Transaktion so klein sind, daß sie als nicht existent wahrgenommen werden greift die Logik des Kostenlosen - ich will das einmal als subjektive Kostenlosigkeit oder marginale Transaktionskosten bezeichnen.\nZum anderen: Die Vorbedingungslosigkeit des Teilens der Ergebnisse meiner Arbeit heißt nicht, daß das Teilen tatsächlich bedingungslos ist. Lizenzen wie Creative Commons (insbesondere in der BY-SA-Variante) oder Konstrukte wie die GNU General Public License wären sonst unnötig. Tatsächlich gibt es eine Nachbedingung, und diese ist Fairness. So wie ich die Ergebnisse meiner Arbeit zur Verfügung stelle, so sollst Du mit den Ergebnissen Deiner Arbeit umgehen, wenn Du auf meiner Arbeit aufbaust oder sie integrierst. Diese Nachbedingung vermeidet die Tragedy of the commons .\nDiese beiden Eckpunkte - subjektive Kostenlosigkeit und Fairness - erzeugen etwas, das in der Welt außerhalb des Netzes weithin unbekannt ist und sehr selten gesehen wird: Sie erzeugen Überfluß und aus dem Überfluß Kooperation, und dadurch noch mehr Überfluß: Wenn ich (erstens) von was auch immer genug für mich habe und ich (zweitens) durch das Teilen keinen Aufwand habe und ich (drittens) bemerke, daß ein anderer mein Teilen nicht zur persönlichen Bereicherung verwendet, dann greift ein Teil der menschlichen Natur, dem das Teilen eine Freude ist und es entsteht eine kooperative Kultur.\nDie Kultur des Netzes ist eine solche kooperative Kultur. Das, was von den Rechteverwertern (und meist gar nicht von den Kreativen) als Piraterie und \u0026lsquo;Diebstahl\u0026rsquo; ideologisiert wird, das ist in den Begriffen des Netzes in Wirklichkeit etwas anderes: Es ist Kooperation.\nEs ist dieselbe Kooperation, die mich meine Texte kostenlos ins Netz stellen läßt, die Menschen bewegt, alle Charthits der letzten 50 Jahre zu sammeln, zu digitalisieren, korrekt zu taggen und dann über Monate hinweg als Torrent zu seeden. Wir beide bringen eine Dienstleistung für alle anderen Teilnehmer im Netz, wir stellen eine Ressource bereit, die kopiert werden kann, die bezogen und referenziert werden kann, die als Baustein verwendet werden kann, um mehr und Neues zu schaffen. Wir tun das, weil wir das können - das Zeug ist halt sowieso da, da kann ich es auch grad noch publizieren und anderen zur Verfügung stellen. Teilen kostet mich nichts, Distribution und Kopieren sind subjektiv kostenlos.\nEs ist die Urerfahrung der Kooperation, einen tatsächlichen nützlichen Dienst zu bringen und das Netz zu bereichnern, die dann von den Rechteverwertern als \u0026lsquo;vollkommenes fehlen jeglichen Schuldgefühls\u0026rsquo; verteufelt wird.\nNatürlich ist da kein Schuldgefühl, in einer kooperativen Kultur ist so etwas ja auch ein Dienst, etwas Gutes, der Erhalt und die liebevolle Pflege eines Stücks Kultur. Es schafft Kultur.\nDiese Sichtweise und dieses Denken ist Rechteverwertern vollkommen fremd. Ihre Aufgabe, die Grundlage ihrer Existenz, ist es ja genau Knappheit zu schaffen, Bedarf zu fördern und Verfügbarkeit so gering zu halten, daß aus dieser Differenz Gewinne abgeschöpft werden können.\nDas - dieser fundamentale Unterschied im Denken - ist der Riß, der durch unsere Gesellschaft geht, wenn wir über die Urheberrechtsfrage diskutieren.\nWir haben zwei Universen, das des kooperativen und das des kompetitiven Schaffens von Werken. Das eine verlinkt, bezieht, referenziert und bennent - CC-BY-SA. Das andere denkt über eine Vergebührung von Zitaten - Leistungsschutzrechte - und eine Vergebührung von Bezügen und Verlinkungen - Posnerismus - nach.\nDas, was die Piratenpartei in ihrem Programm stehen hat, ist nicht \u0026lsquo;die totale Legalisierung der Raubkopie\u0026rsquo;, wie heute auf 3sat zu hören. Ja, Bauerfeind, ich schau Dich an! Das, was die Piratenpartei da - ungeschickt - versucht, der Offline-Gesellschaft zu erklären ist meinem Empfinden nach in etwa das:\nDas Netz ist eine kooperative Kultur. So etwas kennt ihr nicht, aber so etwas gibt es und es hat im Netz die letzten 40 Jahre gut funktioniert. Der Begriff in Eurem kompetitiven Universum der Knappheit, der unserem Erleben noch am nächsten kommt, ist die Privatkopie, aber eigentlich meinen wir CC-BY-SA, die GPL, und ja, Open Access auch irgendwie, aber das ist noch mal \u0026rsquo;nen Extraartikel wert. Was wir wollen ist eine Re-Legalisierung von dem, was ihr Privatkopie nennt. Aber eigentlich wollen wir, daß die Offline-Gesellschaft den kooperativen/kompetitiven Dualismus im Kulturschaffen des 21. Jahrhunders anerkennt. Wir fordern, daß das kooperative Universum mit seinen characteristischen Eigenschaften der subjektiven Kostenlosigkeit und der Fairness geschützt wird, damit die digitale Allmende weiter gedeihen kann. Wir wollen ein Urheberrecht, daß diese Ideen anerkennt und ihnen Raum bietet.\nDas bringt die Piratenpartei so derzeit nicht klar rüber. Weil ihr die Worte fehlen - die Gesellschaft außerhalb des Netzes kennt die Konzepte nicht und hat keine Worte dafür, und den Piraten ist es wie den meisten Netzbewohnern so selbstverständlich, daß sie keine Worte dafür brauchen.\n","date":"2009-07-01T00:00:00Z","href":"https://blog.koehntopp.info/2009/07/01/dir-fehlen-die-worte-oder-die-position-der-piratenpartei-zum-urheberrecht-in-einer-flatrategesellschaft.html","tags":["copyright","media","piraten","lang_de"],"title":"\"Dir fehlen die Worte\" oder \"Die Position der Piratenpartei zum Urheberrecht in einer Flatrategesellschaft\""},{"categories":null,"content":"Durch die Gründung und Medienpräsenz der Piratenpartei, den Heidelberger Appell und die verschiedenen Schreie von Verlagen nach staatlicher Subventionierung und Schutz ihres Geschäftsmodelles als UNESCO Weltkulturerbe ist das Thema Copyright in den vergangenen Wochen aktueller denn je.\nAnfang dieses Monats gab es dazu zwei brilliante Artikel bei Netzwertig, einem Blog, das ich sowieso zum Abo empfehlen kann. In Warum Bezahlinhalte im Netz nicht funktionieren baut Marcel Weiss einmal auseinander, warum Verlage und Agenturen ihre Meldungen gratis ins Netz stellen - stellen müssen! -, obwohl sie wissen, daß das langfristig kein solides Geschäftsmodell ist. Die tragende Säule seiner Argumentation ist der Paywall, der den Content der Zeitung gegen Benutzer und Suchmaschinen abschirmt: Dadurch wird die Site in Suchmaschinen schlecht gefunden, die Inhalte können sich nicht durch Mundpropaganda - das böse Sharing! - weiter verbreiten und sie können in der globalen Diskussion nicht referenziert werden, weil sie keine öffentliche URL haben. Dadurch fehlt der Site hinter dem Paywall jedes Wachstumspotential, und wenn nicht besondere Bedingungen vorliegen verkümmert die Site.\nEin zentrales Argument: Je interessanter, je wichtiger, je welterschütternder eine Nachricht ist, desto mehr drängt diese auf maximale Verbreitung. Exklusivität und Bedeutung stehen hier in direkter Konkurrenz in der Aufmerksamkeitsmaschine des Nachrichtengeschäfts.\nNetzwertig setzt mit einem zweiten Artikel zum Thema nach: Andreas Göldi erklärt in Was werden die Newsmedien der Zukunft kosten? das ökonomische Modell, das hinter der aktuellen, durchaus instabilen Situation im Zeitungs- und Onlinezeitungsmarkt steht. Er macht auch klar, daß dieses Modell langfristig nicht tragfähig ist und daher absehbar zusammenbrechen muß: Das von Internet-Radikalisten oft gehörte Argument, dass Verlage niemals Geld für ihre Internet-Ausgaben verlangen sollten, ist also letzlich recht naiv: Die Rechnung geht nur auf, so lange es ein gesundes traditionelles (Print-)Geschäft gibt. Und ganz offensichtlich bröckelt das immer mehr. Abschließend resümiert er, daß die Welt nach dem Abschluß des durch das Internet bewirkten Strukturwandels wahrscheinlich stark bipolar sein wird: Auf der einen Seite gigantische Großanbieter, die Nachrichten und Artikel direkt an Endverbraucher verkaufen, auf der anderen Seite eine große Menge von Dilettanten, die ihr Zeugs wahrscheinlich meistenteils kostenfrei raushauen werden. Dazwischen wird es sehr eng werden.\nEiner dieser Dilettanten bin sicherlich ich selbst: Ich schrieb schon vor langer Zeit eine Erklärung zum Thema Warum alle meine Texte frei im Netz zu lesen sind . Es ist ziemlich klar, daß es für mich als Dilettanten von größerem Wert ist, meine Texte im Netz frei verfügbar zu machen als sie gewinnmaximiert zu verkaufen.\nDie Idee dahinter war immer, daß Spieler im kooperativen Universum mein Zeugs möglichst umstandsfrei Nutzen können und sich dadurch mein Karma vergrößert, während ich Spielern im kompetitiven Universum einen angemessenen Preis mache, jedoch nie exklusive oder sich selbst erweiternde Rechte vergebe. Als Dilettant, also jemand, der nicht von seinem Schreiben leben muß, kann ich mir das erlauben. Es ist ja nur ein optionales, wenn auch mitunter ansehnliches Zubrot.\nDie bipolare Welt dort oben wird sicher auch eine solche Trennlinie zwischen kompetitivem und kooperativem Universum enthalten, wobei unklar ist, wie stark sie erkennbar ist bzw. wie undurchlässig sie ist. Das hängt sicher auch davon ab, wie stark die kompetitive Welt ihre zahlenden Kunden zu kriminalisieren versucht bzw. wie aggressiv sie versucht, die kooperative Welt - zugleich zahlende Kunden - auszubeuten.\nDie Logik von \u0026lsquo;kostenlos\u0026rsquo; erkläre dabei der Artikel Priced To Sell von Malcolm Gladwell im New Yorker. Er geht von einem einfachen Experiment aus: Anderson’s second point is that when prices hit zero extraordinary things happen. Anderson describes an experiment conducted by the M.I.T. behavioral economist Dan Ariely, the author of “Predictably Irrational.”\nAriely offered a group of subjects a choice between two kinds of chocolate—Hershey’s Kisses, for one cent, and Lindt truffles, for fifteen cents. Three-quarters of the subjects chose the truffles.\nThen he redid the experiment, reducing the price of both chocolates by one cent. The Kisses were now free. What happened? The order of preference was reversed. Sixty-nine per cent of the subjects chose the Kisses. The price difference between the two chocolates was exactly the same, but that magic word “free” has the power to create a consumer stampede. Es ist diese Logik des kostenlosen, die die kompetitiven Anbieter im Netz fürchten, solange es noch kooperativ arbeitende Leute auf der Welt und im Netz gibt - und sie ist auch der Grund, warum sich die \u0026lsquo;Diskussion\u0026rsquo; um das Urheberrecht mehr wie ein Krieg anfühlt.\nDie Professionellen meinen - vielleicht zu Recht - daß sie den Dilettanten den Krieg erklären müssen, damit sie überhaupt in der Lage sind, ein differenzierbares und bepreisbares Produkt anzubieten. In dem Moment, in dem die Dilettanten Geld für ihren Output nehmen - und sei es nur ein einziger Cent - stirbt die Logik von Kostenlos und alle Parteien arbeiten in der Sphäre der kompetitiven Welt, die Professionellen haben dann Traktion.\nDa man das kostenlose Bereitstellen von Dingen kaum direkt bestrafen kann, muß man also versuchen das Problem anders anzugehen. Zum Beispiel, indem man die Transaktionskosten für die Dilettanten erhöht - durch Erzeugung von Bürokratie kann man vielleicht das kostenlose Anbieten von Zeugs im Web so unattraktiv machen, daß es kein Massenspaß mehr ist. Wir werden davon in Zukunft sicher mehr sehen.\nZur Forderung von Herrn Burda zum Weltkulturerbe erklärt zu werden hat Ulrike Langer in Dann boykottiert doch Google! eine scharfe und sehr deutliche Replik geschrieben. Der Perlentaucher erklärt und entlarvt Herrn Burda dabei in Anja Seeligers Artikel Die vierte Gewalt ist jetzt im Netz. Sie erklärt dabei auch erst einmal die Begriffe - was für ein Unding meint Herr Burda, wenn er von einem Leistungsschutzrecht redet? Ein Leistungsschutzrecht für Verlage bedeutet, dass Verlage künftig auch ohne Einverständnis ihrer Autoren - ja sogar gegen den Willen ihrer Autoren - Zitate aus Artikeln in ihren Zeitungen schützen und damit kostenpflichtig machen können. Die Financial Times Deutschland hat das kürzlich in einem zustimmenden Artikel genauer beschrieben: Gegründet werden soll eine \u0026ldquo;Verwertungsgesellschaft der Verlage. Eine Gema für Onlinetexte, die im Netz nach illegaler Nutzung fahndet - und fällige Gebühren eintreibt\u0026rdquo;. Nicht für die Verbreitung ganzer Texte, das ist heute schon illegal, sondern für Zitate! Und da haben wir auch schon die oben erwähnte Erhöhung von Transaktionskosten: Selbst wenn das einen Verlag wie den von Herrn Burda nicht ernährt, so killt es immerhin die Logik von Kostenlos und es zersplittert das Netz.\nDiesen Gedanken führt Ulrike Langer in Das Netz besteht aus Verbindungen, nicht aus abgeschotteten Inseln näher aus. Sie macht zugleich deutlich wie krankhaft Print die Site einer typischen Zeitung heutzutage ist - eine solche Zeitung ist die Welt eines Internet-Ausdruckers, eine Print-Zeitung, 1:1 ins Web geholt: Agenturberichte, Kinokritiken oder Kochrezepte gehören nach Verlagsauffassung zu einem vollwertigen Portal dazu. Schließlich sind solche Bausteine, auch wenn sie jeder hat, ja auch Bestandteile der gedruckten Zeitung. Doch das ist Printdenken im Web. Anders als am Frühstückstisch, wo die meisten Menschen nur ein einziges Blatt lesen, sind im Netz die identischen Allerweltsinformationen immer nur einen Mausklick entfernt. So führt das Portaldenken dazu, dass einzigartige Inhalte gegenüber Versatzstücken, die jeder hat, nicht genügend im Vordergrund stehen. Das kleinteilige Design der meisten Zeitungswebsites verstärkt die falsche Prioritätensetzung noch obendrein. Verlage ziehen ihre Zeitung in das Netz hinein, komplett, anstatt für das Web zu produzieren. Die Kieler Nachrichten brauchen im Netz keine DPA-Meldungen - die bekommt man bei DPA oder bei Google. Sie brauchen keine Kino-Reviews, die bekommt man bei der IMDB und bei vielen anderen Sites in der Sprache seiner Wahl und mit vielen tausend Stimmen statt einer. Sie brauchen keine Kochrezepte, keine Reisetipps, keine Rechtsberatung. Die Kieler Nachrichten brauchen im Web Kieler Content. Denn den bekommt man in dieser Form nirgendwo anders.\nOder was im Web zählt ist originaler, einzigartiger Content und die Vernetzung desselben im Kontext des globalen Netzes. Und keine Print-Insel, die ins Web portiert wurde. Der Punkt, auf den Ulrike Langer dabei abhebt ist bei ihr noch einmal explizit gemacht: Es geht um die Ethik des Verlinkens - siehe das von ihr eingebundene Vier-Minuten-Video.\nDas wiederum ist aber das genaue Gegenteil eines Leistungsschutzrechts, wie Herr Burda es als Internetausdrucker fordert.\nWo also stehen die politichen Parteien? Bei Wissenschaftsurheberrecht hat Eric Steinhauer unter dem Titel Urheberrecht und Bundestagswahl eine Übersicht erstellt. Bei Golem findet sich auch noch ein Artikel zum nächsten Korb der Urheberrechtsnovelle: Streit über Privatkopien und Open Access formuliert es so: Vor lauter Körben kann man das Urheberrecht kaum noch erkennen. 2003 gab es den sogenannten ersten Korb der Urheberrechtsnovelle, 2008 trat der zweite Korb in Kraft. Mit den beiden Körben wurden im Urheberrecht internationale und europäische Vorschriften umgesetzt. Es wurden neue Schutzrechte zugunsten von Verwertern eingeführt und bestehende verschärft. Wo es um Verbraucherrechte ging, verwies der Gesetzgeber immer wieder auf den nächsten Korb, der die offenen Fragen regeln würde.\nNach zwei Körben sind immer noch viele Fragen offen. Das Bundesjustizministerium arbeitet am dritten Korb und startete dazu im Februar eine Konsultation. Unter anderem wollte das Ministerium wissen, ob die Privatkopiebestimmungen weiter zulasten der Verbraucher eingeschränkt werden sollten; ob intelligente Aufnahmesoftware verboten werden sollte; ob Open Access durch ein \u0026ldquo;Zweitverwertungsrecht für Urheber von wissenschaftlichen Beiträgen geschaffen werden sollte, die überwiegend im Rahmen einer mit öffentlichen Mitteln finanzierten Lehr- und Forschungstätigkeit entstanden sind; und ob der Handel mit gebrauchter Software auf eine klare gesetzliche Grundlage gestellt werden sollte.\nEine Idee, mit der man die etwas verfahrene Situation abmildern will und die den Strukturwandel dämpfen möchte ist dabei die Kulturflatrate. Marcel Weiss bei Netzwertig wieder: Kulturflatrate - Pro und Contra. Eine Kulturflatrate wäre als Super-GEMA sicher ein bürokratisches Monster und extrem ungerecht. Und die Gema ist schon nicht sehr populär - die Petition für eine Gema-Reform hat anders als die Zensursula-Petition viel weniger exponiert für Unterschriften geworben. Dennoch ist sie schon bei ca. 85.000 Mitzeichnern und es sind noch über zwei Wochen bis zum Ende der Mitzeichungsfrist.\nEs ist klar, daß das aktuelle Urheberrecht etwas fördert, das bei Harvard Business von Umair Haque als Zombie Economy bezeichnet wird. Zentrales Zitat: That\u0026rsquo;s the big problem behind the zombieconomy. We don\u0026rsquo;t reward people for creating, growing, nurturing, or even remixing assets. We just reward them for allocating the same old assets. In dieselbe Kerbe schlägt der Artikel Die Ideen der anderen von Jens Mühling im Tagesspiegel: Mühling nennt als Beispiel das Grey Album von DJ Danger Mouse, das das White Album der Beatles mit dem Black Album von Jay-Z vermashupte, und der daraufhin von EMI bekriegt wurde.\nHätten wir ein Urheberrecht, das Urheber belohnte, wäre das Grey Album legal, denn es schafft etwas neues und produziert. Aber in unserer Zombie Economy haben wir ein Urheberrecht, das Distributoren und Rechteverwalter belohnt und das Statizität fördert. Hätten wir ein Urheberrecht, daß die Existenz der kooperativen Sphäre wahrnähme und ihr Raum einräumte, dann wäre ein Grey Album als kostenfreier Download gar kein Thema, sondern schlicht legal und guter Ton.\nOder, wie Gwenn ) es in einem Kommentar zu \u0026lsquo;Falscher Planet, falsches Jahrtausend notiert: Wenn das \u0026ldquo;Wesen\u0026rdquo; des Internets die Kopie ist, dann ist ein \u0026ldquo;Copyright\u0026rdquo;, also das Recht auf die Kopie und die damit verbundene Einschränkung, immer zugleich ein Angriff auf das Wesen, und damit auf die gesamte Kultur.\nMan muss dann zwischen Kopie als Kulturbestandteil und Nutzung zur wirtschaftlichen Ausbeute (wirtschaftliche Nutzung) unterscheiden. Das heißt im Folgeschluss, dass der Besitz der Kopie sowie der Vorgang des Kopierens nicht Ausgangspunkt der Regulierung sein kann.\nGenauso muss ein Wandel stattfinden weg vom \u0026ldquo;Statuserhalt\u0026rdquo;, also nach hinten gerichtete Ausbeute der nie sterbenden Information (Gewinnabschöpfung aus dem Besitz), hin zur Honorierung der Schaffenshöhe und dem Fortschritt, also dem dynamischen Erarbeiten der Zukunft (Gewinnerzeugung aus dem Schöpfungsprozess). Letztere muss honoriert werden. Dafür muss die Politik die Weichen stellen, nicht umgekehrt.\nDas Erzeugen strafrechtlich relevanter Inhalte ist davon völlig unabhängig, und dessen Bestrafung ebenfalls. Dort muss rigoroser vorgegangen werden, denn dort sind wir gerade dabei, die Zeit zu verlieren. Wenn ich die Inhalte \u0026ldquo;zudecke\u0026rdquo;, dann erzeuge ich nur weitere Trägheit, und die schon längst vorhandene Kluft zwischen Täter und Strafverfolger wird nur noch größer.\nMan kann den Kampf zwischen der kooperativen und der kompetitiven Sphäre auch als Klassenkampf interpretieren, wie Jörg Kantel das in Urheberrecht und Klassenkampf einmal tut. Aber das führt nirgendwohin - nicht für ihn und auch nicht für uns alle, denn es ist rückwärtsgewandt und überkommenen Denkmustern verhaftet. Er schließt: Im Grunde meines Herzens bin ich jedoch Anarchist. Nicht ein Anarchist im Sinne des Stirnerschen Brutal-Individualismus, sondern ein Anhänger kropotkinscher Kooperation und (gegenseitiger) Hilfe. Und in diesem Sinne gilt es, die kropotkinschen Gesellschaftsentwürfe mit der marxistischen Gesellschaftsanalyse zu versöhnen. Wer, wenn nicht ein Pirat, könnte diese Aufgabe übernehmen? Bei all meiner Sympathie für die Linken sind diese mehrheitlich zu sehr im Gestern verhaftet, als daß von Ihnen ein moderner Entwurf zu erwarten wäre. Das ist einer der Gründe, warum sich die Piratenpartei so gerne dem üblichen Links-Rechts-Muster in der Poltik verschließen will und warum sie sich auf ihre Kernthemen fokussiert.\n","date":"2009-07-01T00:00:00Z","href":"https://blog.koehntopp.info/2009/07/01/urheberrecht-360-grad-ansicht.html","tags":["copyright","media","politik","lang_de"],"title":"Urheberrecht - 360-Grad-Ansicht"},{"categories":null,"content":"Ich bin ja ein guter Sohn und schicke daher meiner Mama ab und an ein Päckchen. Da freut sie sich immer. Weil ich außerdem ein Geek bin, ist es ein IP-Päckchen.\nAuf so ein Päckchen muß natürlich auch ein Adreßaufkleber drauf, und in dem müssen die wichtigen Zustellinformationen eingetragen werden.\nVordruck für den Versand von IP-Päckchen, korrekt ausgefüllt und mit ein wenig TTL frankiert.\nFür die Zustellung sind drei Felder im Adreßformular wichtig: In das Feld \u0026lsquo;32 Bit destination IP address\u0026rsquo; ist die Empfängeranschrift einzutragen, hier also beispielhaft mal 134.245.16.8, in das Feld \u0026lsquo;32 bit source IP address\u0026rsquo; ist der Absender einzusetzen, also etwa 85.183.48.160. Und schließlich muß Porto drauf, d.h. ins Feld \u0026lsquo;Time To Live\u0026rsquo; (TTL) ist einzutragen wie viele Router weit das Paket maximal reisen können soll - ich habe hier einmal 20 eingetragen. Payload rein, und ab zur Post damit. Äh, ins Netz natürlich.\nBei mir daheim sieht das Netz gerade so aus:\nDer Netzplan.\nMein Rechner will das Paket also versenden. Dazu muß er wissen, wo er das Paket hinschicken soll. Zu diesem Zweck hat mein Rechner, KK, eine Tabelle. In der Tabelle steht drin, für welchen Rechner das Paket an wen zu senden ist. Für den Netzplan bei mir daheim also:\nZielSende an KKDas bin ich selber thinkcatthinkcat linuxlinux tvtv alle anderenmoep In der Tabelle stehen in Wirklichkeit natürlich IP-Nummern drin, und darum sieht die Tabelle mit Zahlen so aus:\nZielSende an KK (192.168.1.101)Das bin ich selber (127.0.0.1) thinkcat (192.168.1.107)thinkcat (192.168.1.107) linux (192.168.1.10)linux (192.168.1.10) tv (192.168.1.103)tv (192.168.1.103) alle anderenmoep (192.168.1.1) Das eine was auffällt ist die Nummer 127.0.0.1 - jeder Rechner im Internet hat diese Nummer und sie bezeichnet immer \u0026lsquo;diesen Rechner\u0026rsquo;, \u0026lsquo;uns selbst\u0026rsquo;. Das Netzwerkinterface \u0026rsquo;lo\u0026rsquo; oder \u0026rsquo;lo0\u0026rsquo; hat immer diese Nummer, und das \u0026rsquo;lo\u0026rsquo; steht dabei für \u0026rsquo;loopback\u0026rsquo;. Es ist ein Testinterface, das immer existiert und das es dem Rechner erlaubt, Netzwerkanwendungen auch dann auszuführen, wenn der Rechner gar kein Netz hat. Dann kann er zwar nur mit sich selber reden, aber immerhin können dann die Netzwerk-Komponenten auf einer Kiste miteinander reden. Das ist ja besser als nix.\nWas noch auffällt ist natürlich, daß alle IP-Nummern in meinem Netz mit demselben Prefix anfangen - 192.168.1.*. Das ist nur natürlich - alle Adressen in der Straße um mich herum fangen ja auch mit demselben Prefix an - germany.berlin.wenckebachstrasse.*. Darum kann man die Tabelle da oben auch vereinfachen:\nZielSende anPorto KK (192.168.1.101)Das bin ich selber (127.0.0.1)0 192.168.1.*192.168.1.* (direkt)0 alle anderen (*)moep (192.168.1.1)1 Wir haben hier drei Zeilen notiert: Die erste Zeile teilt mit, daß wir Pakete an uns selber gar nicht zur Post bringen müssen - wir können sie gleich wieder aufreißen und uns über den Inhalt hermachen (\u0026ldquo;Lecker! Kekse!\u0026rdquo;).\nDie zweite Zeile sagt: Alles was mit der Nummer 192.168.1.* anfängt ist sowieso local und kann direkt an den Rechner mit der gleichen Nummer zugestellt werden - also 192.168.1.2 an die 192.168.1.2 direkt und so weiter.\nUnd die letzte Zeile ist die Default-Route und die sagt: Alles andere geht erst mal an den moep (192.168.1.1) und der wird dann schon wissen wie es weiter geht, mir egal.\nDie Spalte mit den Portokosten sagt dabei: Wenn wir ein Paket direkt zustellen wird kein Router überquert und daher die \u0026lsquo;Time To Live\u0026rsquo; (TTL) auch nicht runtergezählt. Für Pakete, die nach draußen gehen ist das anders - da wird die TTL von z.B. 20 auf 19 runtergezählt. Der nächste Router macht dasselbe und so weiter. Irgendwann ist das Porto mal alle, d.h. die TTL ist 0 und dann wird das Paket weggeschmissen, egal ob es irgendwo angekommen ist oder nicht.\nDas letzte Mal als wir uns das Internet mit Kugelschreibern (und Bussen) angesehen haben, hatten wir gesehen, daß es von mir bis nach Norwalk, CT, USA 13 Router sind, die man sehen kann. Der TTL-Zähler geht also bei jedem Schritt einen Wert runter und die Pakete kommen mit einer Rest-TTL von 7 in Norwalk an.\nWozu ist das gut?\nEin Datenwirbel während einer Netzstörung.\nWenn es eine Störung im Netz gibt, dann kann der Fall eintreten, daß der Router Zwei nahe dem Ziel die Störung schon bemerkt hat und das Paket erst einmal einen Schritt zum Router Eins zurück sendet, damit dieser es über eine alternative Route zum Ziel bringt. Router Eins weiß aber noch nichts von der Störung und sendet es wieder voran zu Nummer Zwei - genau auf dem gestörten Weg. Jeder dieser Schleifenschritte kostet ein wenig TTL, und sobald das Paket einen TTL-Zähler von 0 hat, wird es verworfen und der ursprüngliche Absender benachrichtigt, wenn möglich.\nDas verhindert, daß Pakete unendlich lange im Netz kreisen, weil es keine Route mehr zum Ziel gibt. Es bewirkt natürlich auch, daß Pakete, die mit einem zu kleinen TTL-Wert losgesendet werden ihr Ziel niemals erreichen können. Im Internet gibt es also keine Sargasso-See in der alte Plastiktüten und anderer Zivilisationsmüll bis ans Ende aller Tage kreisen und niemals verrotten: Der TTL-Zähler ist ein Datenpäckchen-Kompostierungszähler und sorgt als Sicherheitsmaßnahme für eine umweltfreundliche Entsorgung von Datenschrott.\nDa stellt sich natürlich sofort die Frage, was denn der minimale TTL-Wert ist, mit dem man von überall nach überall hinkommt. Das ist die Frage nach dem Durchmesser des Internets - im Jahr 2001 wurden Werte von bis zu 40 beobachtet und festgestellt, daß manche Betriebssysteme die TTL per Default zu klein einstellen - also zu wenig Porto auf ihre IP-Päckchen kleben.\nMein Router, Moep, hat auch eine Routingtabelle, aber die ist nicht spannender als die da oben: Alles was 192.168.1.* ist geht nach links ins Netz raus und alles andere nach rechts zum Provider.\nDer Provider, der hat richtige Router mit vielen vielen anderen Interfaces, und die haben richtige Routingtabellen. Wie das funktioniert - das ist eine Geschichte für ein anderes Mal.\nUnd jetzt, nach diesem Artikel, kann ich endlich antworten:\nDein (schöner) Vergleich hinkt (wie alle Vergleiche), und zwar leider an einer sehr zentralen Stelle: Bei Dir weiß das Datenpaket, wie es reisen muss. Im Internet weiß der Router den nächsten Hop, wo Pakete mit einem bestimmten Ziel hin müssen.In Deinem Beispiel müsste also der Kurt-Schumacher-Platz von Deiner Stirn ablesen können, dass Du nach CT willst und Dich dann zum next hop Flughafen Tegel schicken.\nMeine Hoffnung ist, daß in Kurt-Schumacher-Platz so ein Typ mit der Mütze steht und daß ich den nach dem Weg fragen kann. Der wird hoffentlich für usa.ct.norwalk eine Defaultroute haben, die * oder immerhin usa.* nach Tegel routet und mich also über das korrekte Omnibusinterface aus dem U-Bahnhof routen.\n","date":"2009-06-27T00:00:00Z","href":"https://blog.koehntopp.info/2009/06/27/internet-mit-kugelschreibern-und-ein-p-ckchen-f-r-mama.html","tags":["internet","erklaerbaer","lang_de"],"title":"Internet mit Kugelschreibern (und ein Päckchen für Mama)"},{"categories":null,"content":" Das da ist Kris.\nMein Rechner hat keine Internet-Karte. Er hat Ethernet, Wi-Fi, Bluetooth, und wenn er ein wenig älter wär hätte er auch noch ISDN oder einen Modem-Anschluß. Aber eine Internet-Karte steckt da nicht drin.\nWieso eigentlich nicht?\nHolen wir einmal ein wenig aus, und bauen wir ein Beispiel aus der realen Welt.\nKris muß nach Norwalk, CT. Das ist in Connecticut, USA, Nordamerikanischer Kontinent, gleich neben New York.\nKris wohnt neben einer U-Bahn Station, der U6. Das hilft ihm aber nur mittelbar, denn leider hat Norwalk, CT keine U6-Adresse. Wir können Kris also nicht in die U6 setzen, ihm ein 456 Zonen-Ticket kaufen und dann 1217 Stationen später aussteigen. Obwohl ich den Grenander-Bahnhof Atlantis schon gerne gesehen hätte.\nNehmen wir also Kris und setzen ihn in die U6.\nKris hat weiter eine genaue Vorstellung von seiner Zieladresse. Aber in der U6 muß er erst mal mit U6-Adressen arbeiten. Nächster Halt also Kurt-Schumacher-Platz. Dort wird Kris aus der U6 ausgepackt und in einen Bus verladen.\nDer Bus versteht eine Busadresse - Flughafen Tegel.\nWie die Haltestelle Kurt-Schumacher-Platz ist auch Tegel ein Router. Ein Router hat mehr als eine Adresse. Der Flughafen zum Beispiel hat die Busadresse \u0026lsquo;Flughafen Tegel\u0026rsquo; und die Flugzeugadresse TXL. Er hat auch Taxiadressen (\u0026lsquo;Halteplatz vor Gate 8\u0026rsquo;) und Autoadressen (\u0026lsquo;P2 am Flughafen Tegel\u0026rsquo;). Auf einem Router wie Tegel werden massenhaft Reisende aus einem Verkehrsnetz ausgepackt und in ein anderes Verkehrsnetz eingepackt und dann weiter versendet.\nDas jeweilige Verkehrsmittel kapselt dabei die Reisenden. Die Verkehrsmittel verwenden jeweils spezifische Adressen, die nur innerhalb ihres Verkehrsmittels eine Bedeutung haben. Aber die im Verkehrsmittel reisenden Personen wissen natürlich die ganze Zeit, wo sie wirklich hin wollen und arbeiten mit anderen, global gültigen Adressen.\nDieses Konzept der Kapselung ist sehr einfach. Es ist aber auch sehr mächtig - es ist ein wesentliches Konstruktionsprinzip des Internets.\nEin Router ist wie ein Flughafen etwas, das verschiedene Adressen in verschiedenen Netzen hat. Das Internet-Protokoll ist ein Protokoll um Netze, nicht Rechner, miteinander zu verbinden. Mein Rechner sendet also Ethernet-Pakete zum Router, in denen Internet-Pakete enthalten sind. In den Ethernet-Paketen stehen Ethernet-Adressen, in diesem Fall die Ethernet-Adresse meines Routers.\nInnerhalb der Ethernet-Pakete sind jedoch IP-Pakete enthalten, die die eigentliche Ziel enthalten, so wie die U-Bahn Reisende enthält. In den Ethernet-Paketen stehen lokale Ethernet-Adressen so wie auf den Tickets lokale U-Bahn-Adressen stehen. Aber in den Köpfen der Leute stehen Fernziele, so wie in den Köpfen von IP-Paketen global gültige Zieladressen stehen.\nMein Router entnimmt die IP-Pakete den Ethernet-Paketen und packt sie stattdessen in PPP-, ATM- oder ISDN-Pakete ein und sendet sie anderswo hin, genau so wie auf einem Flughafen Leute umsteigen: Auskapseln, mit Hilfe des Fernzieles das passende Gate bestimmen und dann wieder einkapseln - diesmal in einen anderen Transport: Außen in der Verpackung steht immer die Adresse des nächsten Routers auf dem Weg, aber das IP-Paket selbst mit seiner global gültigen IP-Nummer enthält immer eine unveränderte Adresse. Auch an der nächsten Station wird das IP-Paket ausgepackt und wieder eingepackt und dann weiter geschickt - bis es irgendwann einmal das Ziel erreicht.\nDas sieht dann so aus:\nKK:~ kris$ traceroute priceline.com traceroute to priceline.com (64.6.17.5), 64 hops max, 40 byte packets 1 my.koehntopp.de (192.168.1.1) 1.733 ms 1.241 ms 0.910 ms 2 lo1.br05.ber.de.hansenet.net (213.191.89.5) 24.046 ms 23.392 ms 23.268 ms 3 ae0-103.crju01.ber.de.hansenet.net (62.109.111.29) 22.326 ms 22.114 ms 22.618 ms 4 so-1-0-0-0.cr01.fra.de.hansenet.net (213.191.66.21) 41.671 ms 41.877 ms 40.842 ms 5 ae0-101.pr01.fra.de.hansenet.net (62.109.109.176) 41.044 ms ae1-102.pr01.fra.de.hansenet.net (62.109.109.240) 41.077 ms 41.367 ms 6 fra32-hansenet-1.fra.seabone.net (195.22.211.113) 41.447 ms 40.945 ms 41.524 ms 7 new3-new50-racc1.new.seabone.net (195.22.216.237) 121.744 ms 121.256 ms 121.993 ms 8 att-1-us-new4.new.seabone.net (195.22.216.22) 122.883 ms 123.582 ms 122.182 ms 9 cr2.n54ny.ip.att.net (12.122.130.22) 127.547 ms 127.379 ms 127.761 ms 10 gar5.n54ny.ip.att.net (12.122.130.113) 126.692 ms 126.964 ms 126.307 ms 11 mdf16-gsr12-1-pos-6-0.nyc2.attens.com (12.122.255.114) 123.526 ms 123.479 ms 122.330 ms 12 mdf19-bi8k-1-eth-1-2.nyc2.attens.net (63.240.0.106) 122.865 ms 122.209 ms 122.017 ms 13 * * * Das Programm traceroute verfolgt die Reise eines IP-Paketes von mir daheim bis nach Norwalk, CT, oder jedenfalls bis New York. Für jede Station wird der Name und die IP-Nummer des Routers ausgegeben und es werden drei Beispielreisezeiten gemessen.\nWie man sieht, reist das Paket ein wenig komplizierter als ich - es muß mindestens 13 Mal umsteigen - und es reist über Frankfurt wo ich über Amsterdam nach New York gereist bin. Dennoch ist es unwesentlich schneller am Ziel als ich. Und vermutlich nicht gejetlagged. :)\nMein Rechner hat also keine Internet-Karte. Aber er kann jede seiner Netzwerkschnittstellen als Internet-Transport verwenden. Das eigentliche \u0026lsquo;Internet\u0026rsquo; in meinem Rechner ist dann ein Stück Software, das neben einigen anderen Dingen Pakete einkapselt und auskapselt.\nDas Prinzip der Kapselung ist aber nicht auf das Internet beschränkt. Es kann im Grunde genommen mit jedem Transport verwendet werden, um über diesem Transport ein Metanetz zu bauen, daß die Knoten dieses Transports enthält.\nSkype macht das - es baut ein Peer-to-Peer -Netz aus Rechnern auf, die schon im Internet sind. Man nennt solche Netze Overlay-Netzwerke, weil sie ein eigenes Netz auf dem Internet aufbauen. Die meisten Leute kennen Skype als Telefonie- oder Chatanwendung, aber mit der Skype API hat man tatsächlich eine Schnittstelle, mit der man beliebige Datenströme durch das Skype-Netzwerk routen kann wie man sonst Datenströme durch das Internet routen würde.\nAuch das ist nur ein Beispiel - auch andere Systeme bauen so ihre Overlays. Tor zum Beispiel ist ein Overlay über dem Internet, das versucht Kommunikation durch Verschlüsselung und Onion-Routing unsichtbar und anonym zu machen.\nAber um so ein Overlay zu bauen ist gar nicht viel notwendig. Tatsächlich würde es ausreichen, einen Browser mit einer modernen, schnellen Javascript-Engine zu haben. Dort könnte man dann so etwas wie Tor und Transmission als Javascript-Anwendungen ohne Installation durch Besuch einer Website direkt im Browser laufen lassen.\nDas Resultat wäre ein Overlay-Netzwerk, in dem anonym und verschlüsselt Knoten miteinander Dateien als Schwarm miteinander austauschen. Das man dadurch installiert und skaliert, indem man eine Webseite besucht auf der das Javascript enthalten ist.\nOk. Nur so eine Idee. Wer braucht so was schon.\n","date":"2009-06-24T00:00:00Z","href":"https://blog.koehntopp.info/2009/06/24/internet-mit-kugelschreibern-und-bussen.html","tags":["identity","internet","networking","zensur","lang_de"],"title":"Internet mit Kugelschreibern (und Bussen)"},{"categories":null,"content":"Ingo hat in Dirk Hillbrecht bei \u0026ldquo;Unter den Linden\u0026rdquo;, Phönix eine Youtube-Variante von \u0026ldquo;Unter den Linden\u0026rdquo; verlinkt. Dort diskutieren Prof. Rupert Scholz (CDU) und Dirk Hillbrecht (Piraten) zum Thema \u0026ldquo;Unter Piraten - Wem gehört das geistige Eigentum?\u0026rdquo;. Der Beitrag ging mir dann noch den ganzen Tag im Kopf rum, weil er mich ziemlich schockiert hat.\nDas, was Herr Scholz da erzählt und argumentiert hat, kam mir sehr altmodisch und weltfremd vor. Hat der die letzten 20 Jahre keinen Strom und kein Netz gehabt? Und dann ging mir auf, daß genau das der Fall war.\nMein Name ist Kristian Köhntopp. Ich bin in etwa seit dem Jahresende 1987 online, mit Modem an Mailboxen. Morgen feiere ich mein 21-jähriges Unix-Jubiläum :\n\u0026ldquo;Habe mir heute (hoechstwahrscheinlich) einen Zweitrechner bestellt. Endlich UNIX!\u0026rdquo; \u0026ndash; Nachricht mir in der Toppoint Mailbox, 24-6-88 18:42\nGoogle datiert mein ältestes auffindbares Posting im Netz auf 1989 - ich bin also seit mindestens 20 Jahren online. Ich werde Ende diesen Jahres seit 17 Jahren Linux eingesetzt haben. Die Logs und Statistiken meiner eigenen Domain gehen 12 Jahre zurück.\nIch lebe online.\nAlle Texte, die ich seit 1983 geschrieben habe, sind auf dem Computer geschrieben worden. Sie liegen auf einem halben Dutzend Rechnern im Netz verstreut. Seit 1986 achte ich darauf, portable Formate zu verwenden, um auch bei einer Migration auf neue Systeme keine Daten zu verlieren. Seit 20 Jahren lese ich laufend meine Mail, ich bin jeden Tag in fünf verschiedenen IM-Systemen zu erreichen.\nIch habe Freunde und Kollegen, die ich noch niemals in Persona getroffen habe. Meine Arbeitgeber seit eineinhalb Jahrzehnten setzen in ihren geschäftskritischen Systemen ausschließlich Open Source Software ein.\nIch bin einige Jahre für eine Firma tätig gewesen, bei der ich weder den finnischen noch den deutschen Firmensitz je betreten habe, und bei der ich erst kurz vor dem Ausscheiden einmal Gelegenheit hatte, den amerikanischen Firmensitz von innen zu sehen.\nIch habe in einem Bewerbungsgespräch gesessen, bei dem mein zukünftiger Arbeitgeber das Gespräch mit den Worten \u0026lsquo;Wir haben uns dann im Web schon mal über sie informiert. Fachlich ist wahrscheinlich alles klar, wir müssen nur noch sehen, ob das menschlich auch paßt.\u0026rsquo; eröffnet hat.\nIch mache mir Sorgen, was mit meinem Arbeitsplatz ist, wenn einmal das DSL ausfällt und überlege mir einen Backup-Anschluß via Kabelfernsehen ins Haus legen zu lassen. Dann fällt mir ein, daß mein Mobiltelefon ja eine UMTS-Flat hat und daß ich damit wahrscheinlich überbrücken kann.\nIch reiste beruflich fast drei Jahre durch Europa und die USA, aber ich war immer zu Hause - Eastern Standard Tribe oder in meinem Fall der Stamm der MESZler war immer für mich erreichbar, wo immer ich war: Ich habe nicht mehr oder weniger Kontakt mit meinen Freunden gehabt bloß weil ich mal ein paar Wochen auf einem anderen Kontinent war.\nDas ist die Welt, in der ich existiere und das sind die Dinge, mit denen ich jeden Tag umgehe. Sie sind für mich real. Sie definieren und sie finanzieren meine Existenz in dieser Welt, seit mehr als zwei Dekaden.\nIch bin kein Einzelfall. Alle Leute die ich kenne leben auch so, mehr oder weniger. Und deren Freunde auch. Wir sind viele, so viele, daß wir in sechs Wochen 134000 Unterschriften zusammenbekommen ohne das Haus verlassen zu müssen. Wir sind definitiv keine 80 Millionen und wir haben den Rest dieses Landes so dermaßen weit abgehängt , daß wir nicht einmal mehr eine gemeinsame Sprache haben. Wenn irgendwas in dieser Diskussion deutlich geworden ist, dann das.\nRupert Scholz und mit ihm die Partei, die er repräsentiert, stehen für diese Welt der Zurückgebliebenen. Wir nennen sie Alte Männer mit Kugelschreibern oder Internetausdrucker. Wir wissen nicht, wie wir mit ihnen reden sollen und wie wir ihnen unsere Welt erklären sollen, und wir hoffen, daß es eine biologische Lösung für dieses Problem gibt.\nDirk Hillbrecht war sanft mit Rupert Scholz - das muß er auch. Diese Leute glauben, daß noch politischer Gestaltungsspielraum da wäre, weil sie nicht verstehen, was Computer eigentlich sind, was das Netz seinem Wesen nach eigentlich ist.\nUnsere Computer sind Kopiermaschinen. Um ein Programm auszuführen muß es von einem Medium in den Speicher, vom Speicher in den Prozessor kopiert werden, ebenso alle Daten. Ergebnisse werden zurück kopiert. Der Befehlssatz eines jeden Rechners hat circa zehn Mal mehr Kopier- als Rechenbefehle.\nUnsere Netze sind Kopiermaschinen. Wir sagen wir \u0026lsquo;senden eine Nachricht\u0026rsquo;, aber das Wort ist falsch. \u0026lsquo;Senden\u0026rsquo; impliziert, daß die Nachricht sich bewegt und für den \u0026ldquo;Ab\u0026rdquo;-Sender nicht mehr da ist. Das ist in der realen Welt so, aber nicht im Netz: Wir kopieren eine Nachricht an die Empfänger.\nDas Wesen aller IT ist die Kopie.\nDas Wesen aller Kommunikation und der darauf aufbauenden Kultur ist es auch. Wer jemals eine Retweet -Welle durch Twitter hat laufen sehen, oder einem Exchange-Server beim Verdauen des neusten Powerpoint-Spams mit lustigen Katzenbildern zusehen konnte, der weiß dies aus eigener Anschauung.\nNein, im Ernst - dieses Blog hier ist voll von orignalem Content. Das Zeugs ist nicht ganz schlecht, glaube ich, weil mir Leute schreiben, die das verwenden oder gar bezahlen wollen. Dieses Blog ist auch voll von Links und von Zitaten. Ohne diese Links und Zitate wäre dieses Blog sinnlos. Und dieses Sharing von Inhalten, das Weitergeben von URLs und Texten ist wichtig, denn es macht das Wesen von Nachrichten und Diskussionen aus .\nComputer sind Kopiermaschinen. Das Netz macht aus allen Computern auf der Welt eine einzige Kopiermaschine. Und die Generation Rupert Scholz glaubt, daß sie noch politischen Gestaltungsspielraum hat.\nHier ist die Wahl. Sie ist die einzige Wahl. Sie ist digital, wie das Medium, das die Wahl erzwingt:\nKopieren hinnehmen. jede Kommunikation von Jedermann mit jedem anderen immer auf ihre Legalität hin untersuchen und filtern. Im Fall 2 bildet sich sofort ein Overlay-Netzwerk und Fall 1 tritt ein - es wird weiter kopiert. Nur daß wir halt eine Gesellschaft mit Überwachung und heimlichem Kopieren bekommen.\nJede der beiden Entscheidungen verändert unsere Lebensart.\nJa, ich habe auch keine Lösung. Ich kann nur garantieren, daß dies die Wahl ist, und daß sie unausweichlich ist. Und meine Präferenz ist auch klar. Sie hängt damit zusammen wie ich lebe.\n","date":"2009-06-23T00:00:00Z","href":"https://blog.koehntopp.info/2009/06/23/falscher-planet-falsches-jahrtausend.html","tags":["copyright","internet","media","piraten","politik","lang_de"],"title":"Falscher Planet, falsches Jahrtausend"},{"categories":null,"content":" Der Salbader ist nach eigenem Bekunden ein Kleinod zeitgenössischer Spaßkultur und die größte kleine Literaturzeitschrift aus Berlin. Vor zehn Jahren scannte der Salbader dieses wunderbare Flugblatt - nie war es so wertvoll wie heute (Rest des Heftes ).\nUpdate: Subj steckt mir auch noch diesen Link zu Stummfilm.Info zu, wo sich das Plakat ebenfalls findet.\n","date":"2009-06-23T00:00:00Z","href":"https://blog.koehntopp.info/2009/06/23/wider-die-verflachung-gefahren-des-tonfilms.html","tags":["film","internet","media","lang_de"],"title":"Wider die Verflachung! Gefahren des Tonfilms"},{"categories":null,"content":"Chris erklärt in Unterstützungsunterschriften unterliegen dem Wahlgeheimnis :\nDa ich ja in letzter Zeit für die PIRATEN in RLP fleißig Unterstützungsunterschriften sammle, stoße ich immer wieder auf Bürger, die Bedenken haben, das recht umfangreiche Formular auszufüllen. … Andere haben da etwas schwerwiegendere Bedenken: Sie könnten als Unterstützer einer stark regierungskritischen Partei oder als potentielle Raubmordkopierer, Amokläufer oder (ganz trendy) Pädokriminelle mit unangenehmen Konsequenzen rechnen. Dazu habe ich mal etwas recherchiert und bin auf eine recht eindeutige Stellungnahme der brandenburger Landesbeauftragten für den Datenschutz vom Mai 1994 gestoßen: … Aber vor allem wird deutlich, dass die Unterstützungsunterschriften dem gleichen Wahlgeheimnis unterliegen, wie die Stimmzettel bei der Wahl selbst.\nWenn Du also der Meinung bist, daß man in Deinem Bundesland die Piratenpartei wählen können sollte - unabhängig davon, wie Deine eigene politische Überzeugung ist - dann solltest Du Dir von ich.waehlepiraten.de das Unterstützerformular herunterladen, es ausfüllen und es in die Post tun.\n","date":"2009-06-22T00:00:00Z","href":"https://blog.koehntopp.info/2009/06/22/unterst-tzerunterschriften-unterliegen-dem-wahlgeheimnis.html","tags":["piraten","politik","wahl","lang_de"],"title":"Unterstützerunterschriften unterliegen dem Wahlgeheimnis"},{"categories":null,"content":"So.\nGestern ist es dann beschlossen worden - das Zugangserschwerungsgesetz . Die Abstimmung war namentlich, auf Antrag der Grünen. 389 Abgeordnete dafür - ein CDUler, 3 SPDler dagegen, der Rest dafür, alle von der FDP und Links dagegen, einige Grüne haben gekniffen und mit Enthaltung gestimmt. Auf Abgeordnetenwatch kann man nachsehen, wer genau was getan hat.\nDas Gesetz ist von der großen Koalition gegen den Rat von Experten, unter Ignoranz einer Rekordpetition mit 134014 Mitzeichnern und wahrscheinlich unter Missachtung der Verfassung noch vor der Sommerpause durchgeprügelt worden. Gerade unter den im Internet aktiven SPD-Mitgliedern ist es dabei zu einer Folge von offenen Briefen gekommen, und der Online-Rat der SPD hat sich von dem Gesetz distanziert und seine Arbeit vorerst eingestellt.\nDie sachlichen und fachlichen Bedenken, die im Rahmen der politischen Diskussion genannt worden sind, sind im Gesetzestext bestenfalls pro-forma, aber de-facto gar nicht berücksichtigt worden. Effektiv etabliert das Gesetz eine Zensurinfrastruktur in Deutschland, und öffnet weiteren Begehrlichkeiten Tür und Tor. Das passiert dann auch umgehend: Nicht nur will Thomas Strobel, CDU-Generalsekretär von BaWü, Abgeordneter und Schäuble-Schwiegersohn, eine Ausweitung der Sperren auf Computerspiele , sondern parallel dazu kommen Meldungen über Druck der bayrischen Kommission für Jugendschutz der Landesmedien auf Onlineshops in Österreich .\nEs ist also nichts vorbei .\nWas also ist die Bilanz bisher?\nDie ganze Aktion hat zu einer beispiellosen Politisierung von Menschen mit Lebensmittelpunkt im IT-Bereich geführt:\nDie ganze Affäre sollte auch dem letzten Geek und Websurfer klargemacht haben, daß es nicht mit Demonstrationen und dem Unterzeichnen von Petitionen getan ist. Diese werden bestenfalls zur Kenntnis genommen, dann aber effektiv ignoriert und es wird weitergemacht wie bisher. Das Bild, das Politiker vom \u0026lsquo;gemeinen Menschen auf der Straße\u0026rsquo;, von \u0026lsquo;Otto Normalverbraucher\u0026rsquo; haben, beinhaltet kein Counterstrike, keine DSL-Modems und auch keine nennenswerten IT-Kenntnisse. Diese Fehlannahme zieht sich mehr oder minder stark durch alle existierenden politischen Parteien, mit Ausnahme der Piratenpartei und Teilen der Grünen.\nDer Effekt der Politisierung ist nicht nur in den Blogbeiträgen der Blogs erkennbar, die ich subscribed habe, sondern auch real messbar - das Treffen der Berliner Piraten letzten Dienstag war um etwa den Faktor 5 bis 8 größer als das Treffen vor vier Wochen.\nDer Umgang dieser Menschen mit den Fakten in einer politischen Diskussion unterscheidet sich auch sehr von dem, was man bisher so gewohnt war. Die normalen Instrumente der Volksbeeinflussung - Zeitungsartikel, Lobbygruppen und andere Marionetten haben versucht, das übliche Theater aufzuführen, aber der Zusammenschluss von Menschen im Netz ( Crowdsourcing ) hat hier Zusammenhänge aufgedeckt und Gegenaktionen generiert, die die Poltik so nicht gewohnt war.\nSo wurde im Rahmen der Diskussion die suspekte Deutsche Kinderhilfe als gesteuerte Hetzorganisation CDU-naher Kreise aufgedeckt, und die durch manipulative Fragestellungen erzielten Umfrageergebnisse der DKH mit einer Gegenumfrage widerlegt. Die Organisation ist für Propagandazwecke nun verbrannt - das Netz wird sich an Namen und Personen bei Bedarf erinnern.\nAber auch andere Behauptungen und Tricksereien, die im Zusammenhang mit dieser Debatte immer wieder verwendet worden sind, sind durch Verwendung frei zugänglicher Quellen aufgedeckt worden: Die Behauptung, das BKA könne Webseiten nicht wie der AK Zensur durch Anschreiben der Provider sperren lassen hat sich als falsch herausgestellt , die von der Bundesregierung behaupteten Sachverhalte haben nach einer kleinen Anfrage der FDP keine faktische Basis und die als Beispiel genannten ausländischen Sperrlisten haben nach eingehender Untersuchung eine erbärmliche Qualität.\nVor allen Dingen hat sich aber gezeigt, wie gefährlich die gegenwärtige Regierungskoalition der Partei der Über-60-Jährigen Internetausdrucker und der rückgratlosen Verräter ist, wenn man sie denn machen lässt - das kann man vielleicht als größten Erfolg der Sache mitnehmen. 134014 aktivierte politische Personen, alle von ihnen Multiplikatoren. Aber das sind mit Sicherheit noch nicht alle.\n","date":"2009-06-19T00:00:00Z","href":"https://blog.koehntopp.info/2009/06/19/es-ist-noch-lange-nicht-vorbei.html","tags":["jugendschutz","politik","überwachung","zensur","lang_de"],"title":"Es ist noch lange nicht vorbei."},{"categories":null,"content":"Jemand fragt mich per Mail:\nWas ich wissen möchte: Wie viel Geräte \u0026ldquo;im Internet\u0026rdquo;, also bei Providern (nicht bei einem speziellen, sondern bei allen) und im Backbone, sind typischerweise zu einem Zeitpunkt \u0026ldquo;kaputt\u0026rdquo; (falsch konfiguriert, abgeraucht, in Wartung, nicht verfügbar)?\nDie Frage kam neulich auf, als wir über IP fachsimpelten (Ja, fast Stammtischniveau), und uns fragten, wie nötig die lokale Wegfindung ist, die IP macht, und wie viel Arbeit sich TCP auf der Empfängerseite mit der Sortierung der Pakete machen muss.\nEs ist klar, daß es da keine harten Zahlen gibt. Aber Deine Schätzung ist besser als meine, soviel wissen wir schon. Deshalb die freundliche Bitte: \u0026ldquo;Her damit!\u0026rdquo; :)\nDas ist auf vielen Ebenen eine interessante und komplizierte Frage. Man kann sie nicht mit einer einfachen Prozentzahl beantworten und erwarten, daß man sinnvolle Ergebnisse bekommt.\nUpdate: Trackback vom 27.06 , der Ausschnitt betreffend diesen Eintrag .\nEinmal geht es um Geräteausfall - aber Geräte fallen nicht einzeln aus, insbesondere Router nicht. Denn hinter Routern hängen andere Geräte und ein Ausfall eines Routers bedingt auch den Ausfall aller Komponenten \u0026lsquo;hinter\u0026rsquo; dem Router, falls kein redundanter Pfad besteht. Auch stehen Router nicht alleine auf weiter Flur, sondern in Rechenzentren in Racks, abhängig von Klimaanlagen, Stromzuleitungen und anderen Komponenten. Viele dieser Komponenten sind redundant, aber abhängig vom Fehlerszenario kann diese Redundanz unter Umständen nicht wirksam werden - es sind schon ganze Rechenzentren mit redundanter Klimatisierung abgeschaltet worden, weil die (notwendig nicht redundante) Steuerung der Klimaanlage fehlerhaft programmiert war.\nWenn man also Ausfallwahrscheinlichkeiten und ihre Auswirkungen hier diskutieren will, dann landet man sehr schnell bei Ausfallbäumen und recht komplizierten mathematischen Modellen mit bedingten Wahrscheinlichkeiten. Unter der Annahme, daß man die Eingangswahrscheinlichkeiten in dem Modell hinreichend genau zur Verfügung hat und daß diese eine signifikante Rolle spielen - so habe ich in einem Oberseminar zum Thema HA während des Studiums mal ein Paper von Sequent gesehen, bei dem Ausfallursachen tatsächlicher Ausfälle von hochverfügbaren Systemen ausgewertet wurden und die dominierende Ursache war \u0026lsquo;menschliches Versagen und Fehlbedienung des Clusters\u0026rsquo; (auf dem zweiten Platz war \u0026lsquo;Totalverlust des Rechenzentrums\u0026rsquo;).\nDer andere Teil der Frage zielt auf den Mechanismus der lokalen Wegfindung bei TCP/IP. Dabei geht es darum, daß jeder Router im Internet ein IP-Paket nicht komplett bis zum Empfänger routet, sondern für jedes Paket neu den nächsten Hop bestimmt und das Paket dort hin routet. Der nächste Router trifft seine Entscheidung dann unabhängig von dem vorhergehenden Router und jeder Router trifft seine Entscheidung für jedes Paket neu ohne Berücksichtigung vorhergehender Entscheidungen für Pakete mit derselben oder ähnlicher Zieladresse.\nYou wish.\nDas theoretische Modell von TCP/IP ist so, aber moderne Router und Switches arbeiten nicht so, das wär ein wenig zu aufwendig. Zwar arbeitet jeder Router für sich alleine, aber Routingprotokolle sorgen dafür, daß Routingtabellen mehrerer Router bei stabiler Netzwerksituation im Mittel auch zum Ziel führen. Die Routingtabellen für einen Router im Internet wachsen dabei mit der zunehmenden Größe des Netzes und der zunehmenden Fragmentierung des IP V4 Adressraumes an, und ja, das ist ein Problem.\nMan kann, wenn man sich die Instability Reports ansieht auch feststellen, daß Fehler oder Routenänderungen im Netz nicht zufällig und gleich verteilt sind - statistische Modelle, die solche Ausfallwahrscheinlichkeiten annehmen sind fehlerhaft. Evolutionäre Modelle, in denen Phasen langer Stabilität in großen Gebieten und Phasen hektischer Änderungen in kleinen Zonen angenommen werden (Punctuated equilibrium ) erzeugen wahrscheinlich bessere Mathematik auf diesem Gebiet.\nAber Router arbeiten nicht nur über Routingprotokolle synchronisiert geografisch abgestimmt zusammen, sondern Router haben auch Tricks, mit denen sie die Tatsache auszunutzen versuchen, daß über dem verbindungslosen IP in vielen Fällen ein verbindungsorientiertes Protokoll in den Schichten 4 oder 5 und höher liegt.\nIm einfachsten Fall und ohne Kooperation untereinander sortiert man Routen aktiver Netze einfach in der Routingtabelle nach vorne oder lädt sie in einen speziellen Routing-Cache, wenn man außerdem Kooperation von Routern untereinander annehmen darf, werden Pakete sogar gekapselt oder getaggt und so zu einer Verbindung gehörende Pakete erkennbar und identisch geroutet - im Extremfall wird für so eine getaggte Verbindung eine Route durch mehrere Router etabliert und nur für die Erstentscheidung CPU im Router verbraucht. Folgepakete mit demselben Tag werden dann von spezieller Hardware in der Netzkarte des Routers abgehandelt, also quasi mit dem Stammhirn geroutet.\nDie Art und Weise, wie im Internet Routen gefunden werden, garantiert auch nicht, daß die Routen symmetrisch sind. Tatsächlich sind asymmetrische Routen (PDF) häufig, und die Umstände, unter denen sie zustande kommen sind interessant und Papers wert. Messungen zu diesem Thema gibt es auch (Caida hat, wie der Name sagt, sowieso jede Menge statistische Daten über das Internet).\nUnd schließlich die Frage, welche Auswirkungen so etwas auf TCP hat. In klassischem TCP ist es ja so, daß TCP-Pakete, die out-of-order ankommen, als Netzwerküberlastung (Congestion) interpretiert werden und das TCP darauf hin das Transfer Window verkleinert. Dem liegt die Annahme zugrunde, daß Störungen im Netz selten genug sind, sodass Paketverluste in den meisten Fällen auf einzelne überlastete Verbindungen zurückzuführen sind. Diese Annahme erlaubt dem Empfänger außerdem, einzelne \u0026ldquo;im Voraus\u0026rdquo; empfangene Pakete zu verwerfen - täte der Empfänger das nicht, könnte man sonst eine sehr einfache Denial Of Service Attacke gegen einen Empfänger konstruieren, bei dem man ihm auf einer Vielzahl von Verbindungen TCP-Daten mit Lücken sendete, bis der Kernel allen verfügbaren Speicher für gepufferte partielle Verbindungen verbraucht hat.\nIn manchen Umgebungen ist diese vereinfachende Annahme jedoch nicht wahr. In mobilen Netzen zum Beispiel kann es durch die hohe Error-Rate der Links zu nennenswerten Paketverlusten kommen und hier kann es sinnvoll sein, im Voraus empfangene Pakete zu puffern, um die Anzahl von Retransmits zu senken (PDF dazu) - aber im solchen Netzwerken gibt es noch eine ganze Reihe von weiteren Tricks, die helfen können die Performance zu verbessern und dann wird es richtig kompliziert.\n","date":"2009-06-17T00:00:00Z","href":"https://blog.koehntopp.info/2009/06/17/wie-kaputt-ist-das-internet.html","tags":["internet","lang_de"],"title":"Wie 'kaputt' ist das Internet?"},{"categories":null,"content":"Ab 2010 soll ja die Umrüstung von Stromzählern auf sogenannte Smart Meter verpflichtend werden. Das sind kleine embedded Computer, die den Stromverbrauch eines Haushaltes laufend an den Stromanbieter zurückmelden. Der \u0026ldquo;Vorteil\u0026rdquo; für den Verbraucher ist ein tageszeit-abhängiger Strompreis. Von den Sicherheits- und Datenschutzaspekten mal abgesehen - was sind eigentlich die Konsequenzen für den Stromverbrauch durch die Zähler selbst?\nIn Deutschland gibt es laut Destatis 39.7 Millionen Haushalte. Das kann man also mal als Mindestanzahl der Stromzähler in Deutschland ansetzen, anderswo sind 44 Millionen Zähler in Deutschland gemeldet.\nDie Frage war nun: Wenn man also 44 Mio embedded Computer in Deutschland installiert, wie viel Strom verbrauchen die? Die Antwort ist überraschend.\nEin Gerät wie das EM-1021 (PDF, via Quelle 7 aus Intelligenter Zähler ) von Echelon verbraucht angeblich zwischen 2 und 5 Watt. Das ist überraschend wenig, und kann nur dann stimmen, wenn man entweder nur Werte für den Wandler und nicht für den Rechner angibt, oder wenn man einen sehr langsamen und leistungsschwachen Rechner da eingebaut hat.\nTatsächlich behauptet Smartmetering als neue Effizienzquelle (PDF) sogar, daß ein solches Smart Meter substantiell weniger Eigenstromverbrauch hat als ein alter Ferraris-Zähler , dessen Eigenverbrauch im Jahr mit 30 kWh/a angegeben wird (das sind dann etwa 3.5 Watt Aufnahme, wenn ich nicht zu naiv gerechnet habe). Das Papier gibt ein Einsparpotential von 900 bis 2500 Gwh/a an.\nDas glaube ich so erst mal nicht, aber wenn wir da plus/minus 0 rauskommen wäre es ja zumindest hier mal kein Verlust.\nWarum glaube ich das so erst mal nicht?\nEinmal träumen die Stromversorger von Zusatzanwendungen, zum Beispiel Geräte im Haushalt ferngesteuert ein- und ausschalten zu können. Wenn diese Dinge vom Zähler aus implementiert werden sollen, kann man nicht unbedingt von einer leistungsschwachen CPU am Zähler ausgehen.\nAndererseits ist es so, daß der Zähler eine gewisse Mindestleistung auf der CPU haben muss, wenn er denn die Sicherung der ganzen Kommunikation und Steuerung durch passende Crypto implementieren können soll. Man hat also die Wahl, Strom zu sparen und das System leicht hackbar zu machen oder halt ordentlich kryptografisch abzusichern und dafür mehr Watts zu lutschen.\nUnd schließlich müssen diese Zähler, wenn sie denn tun sollen, was man sich von ihnen verspricht, auch noch irgendwie ans Internet angeschlossen werden. Dazu soll Powerline-Technologie verwendet werden, da die meisten Leute an den Orten, an denen die Zähler hängen, keine DSL-Router stehen haben. Man muss zum Verbrauch also noch das Powerline-Ethernet-Gegenstück neben seinem eigenen DSL-Router dazu rechnen, wenn der Zähler seine Daten Richtung heimischer DSL-Router ausleitet. Oder der Zähler leitet seine Daten Richtung Stromnetz aus, wo man in den Umspannstationen und höher Empfänger, Router und anderes Strom verbrauchendes Equipment haben muss, das auch zu bilanzieren wäre.\nDer Punkt ist der Folgende: Setzt man für das ganze Spielzeug mal 15 Watt Mehrverbrauch an, kommt man knapp auf eine Vervierfachung des Verbrauches gegenüber einem Ferraris-Zähler, also etwa 120 kWh/a.\nNachtrag: Die Sache mit Powerline hat auch noch andere aufregende Nebenwirkungen. Powerline strahlt nämlich wie Sau EM-Störungen von nicht abgeschirmten Stromleitungen in die Nachbarschaft. Das ist nicht nur ein Sicherheitsproblem, sondern auch ein echtes Problem mit der Verschmutzung des EM-Spektrums. Man will keine 44 Millionen Störsender in Deutschland ausrollen.\nJe mehr ich mich mit dem ganzen Smart Meter Unsinn befasse, desto mehr kommt mir das vor wie Gesundheitskarte 2.0.\n","date":"2009-06-05T00:00:00Z","href":"https://blog.koehntopp.info/2009/06/05/wie-viel-strom-verbraucht-ein-stromzaehler.html","tags":["computer","energy","lang_de"],"title":"Wie viel Strom verbraucht ein Stromzähler?"},{"categories":null,"content":"Es begann als Kommentar in diesem Blog, aber ich mach jetzt einmal einen eigenen Artikel draus. Der URL-Sturm Medien und Politik erzeugte diese Anmerkung:\nWie kann \u0026ldquo;\u0026lsquo;Es sind die Fans, die ein Medium am Ende umbringen.\u0026rsquo; (Fansub-Diskussion mit der Katze und Dirk)\u0026rdquo; das Fazit der Meldung sein, dass die, die angeblich das Medium umbringen indem sie nicht zahlen eben doch zahlen? Das bedeutet doch gerade, dass die virtuellen Einnahmensverluste durch reale Einnahmenssteigerungen wieder aufgewogen werden.Gruß\nDas ist kein Fazit, sondern eine Notiz von mir zu dieser Meldung. Darum die einfachen Anführungszeichen da drum.\nHier der Rest vom Rant:\nDie Notiz bezieht sich auf ein Gespräch mit Frau Katze und Dirk - Dirk arbeitet hier in Berlin bei einem Anime- und Geekfilmverbreiter. Unser Gespräch kam auf Fansubs und Fan-Übersetzungen. Genannt wurde etwa das MapReduce mit Menschen , das Harry Potter binnen kürzester Zeit ins Deutsche übersetzt hat und der Fansub zu Pretty Guardian Sailor Moon Liveaction (PGSML), der mit seinem Übersetzungen japanischer Schilder und (*)-Fußnoteneinblendungen mit kulturellem Kontext Maßstäbe setzt.\nBeide Projekte sind auf eine unterschiedliche Weise weitaus besser und schneller als jeder kommerzielle Ansatz auf dem Gebiet es jemals sein könnte. Das ist spürbar - Dirk gab zu Bedenken, daß zu gutes Fansubbing in den USA Läden umgebracht hat.\nEs sind die Fans, die den Kram kaufen, wie die Studie korrekt feststellt. Aber die quantitative Analyse von Studien greift naturgemäß zu kurz und hinkt den anekdotischen Erkenntnissen vieler Insider hinterher: Selbst wenn die Fans den Kram kaufen, sind es gerade die größten Fans, die am Ende von der Qualität enttäuscht sind. Es wäre qualitativ besser geworden, hätten sie es selber gemacht!\nEin anderes Beispiel für eine sich entwickelnde Fankultur, die sich vom originalen Produkt emanzipiert statt es zu überholen, ist das Projekt Iron Sky, das sich auch Fanfinanziert. Die Iron Sky Leute sind interessant: Wie Fansubs und Übersetzungen haben sie zuerst existierenden Content veredelt . Iron Sky ist jedoch ein Schritt darüber hinaus: Statt weiter mit den Figuren zu spielen, die andere imaginiert haben, ist Iron Sky jetzt ein Fanprojekt, das originale Inhalte erzeugt.\nWas wir sehen ist das Aufeinandertreffen etablierter Strukturen in der Publikation - Bücher, Filme und auch Musik sehe ich da nur als Ausprägungen einer einheitlichen Tradition - mit der partizipatorischen Kultur des Internets.\nTraditionelle Publikation unterscheidet Sender und Empfänger, Produzenten und Käufer. Am Schlimmsten finde ich den Ausdruck des Kulturschaffenden im Gegensatzpaar mit Verbraucher, als ob ich Kultur verbrauchen oder gar zerstören würde, wenn ich etwa ein Buch lese oder Musik höre. Leute die Worte wie \u0026lsquo;Kulturschaffender\u0026rsquo; verwenden sagen auch Enteignungsmaschine Internet .\nDem gegenüber steht die Kultur der Leute, die mit dem Internet groß geworden sind. Für sie gibt es diese Hierarchien und die Trennung nicht mehr. Kultur ist nichts, was man publiziert und das dann in Mediatheken vor sich hin sedimentiert Eine Veröffentlichung ist für diese Leute etwas zum Verarbeiten, zum Verbessern, zum Verändern, zum Verknüpfen, zum Kommentieren, und auch zum Verbreiten.\nProjekte wie HaD, PGSML Fansub oder auch Star Wreck und Iron Sky sind das Resultat der Anwendung dieser Auffassung vom Umgang mit Medien. Sie verändern die Auffassung einer ganzen Generation für Begriffe wie Urheberrecht, Schöpfungshöhe, schöpferischer Beitrag und ja, sie vernichten bestehende, zum Teil jahrhundertealte Strukturen. Das ist so, wenn man etwas Neues macht oder ist.\nWas wir sehen ist der Versuch der digitalen Immigranten , Internetausdrucker und letzten Menschen , den Lauf der Welt aufzuhalten oder doch zumindest die Richtung ein wenig zu beeinflussen.\nIch glaube nicht, daß man den Lauf der Welt betreffend Internet und Copyright aufhalten oder auch nur nennenswert beeinflussen kann, denn die partizipatorische Struktur der Internetkultur ist eine emergente Eigenschaft , die sich aus mittlerfreier Kommunikation zwangsläufig ergibt - die meisten Menschen sind echte Helden und wenn man ihnen die Gelegenheit gibt, die Welt als Ganzes mit niedrigen Transaktionskosten zu verbessern, dann tun sie es auch.\nDie einzige Möglichkeit überhaupt Einfluß zu nehmen besteht darin, diese Mittlerfreiheit einzuschränken. Und da sind wir wieder bei Zensursula.\nJeder Angriff auf die mittlerfreie Kommunikation - sei es durch Filter, durch \u0026lsquo;Three Strikes and you are out\u0026rsquo; und andere Methoden - ist ein Angriff auf die Seele des Internet und die Kultur der neuen Generation selbst: Die Piratenpartei ist mehr, weit mehr(!) als eine Zusammenrottung von ein paar Filmkopierern. Sie ist eine politische Ausprägung des Überlebenswillens des Internet selbst als Institution und Mem mit bestimmten characteristischen Eigenschaften. Sie ist gleichzeitig der politische Arm der Eingeborenen des Internet, der Leute, die vernetzt und in einer kooperativen und partizipatorischen Umgebung groß geworden sind.\nUnd daher sollte der politische Nachtrag vielleicht nicht abschließend sein, wie Erdferkel schreibt. Stattdessen überlege man, ob man sich an dem Namen wirklich so stört, ob man sich das nicht vielleicht egal sein lassen sollte und ob man nicht vielleicht doch zum ersten Mal in seinem Leben politisch aktiv werden will . Siehe auch Piratenpartei: Mithelfen! und Piratenpartei: Mitglied werden! Disclaim! Disclaim! Dieser Artikel ist ein Rant. Die Links in ihm sind Darmokros (WTF Darmokros ?) und höchst subjektiv. Do not read while under the influence or while stupid.\n","date":"2009-04-27T00:00:00Z","href":"https://blog.koehntopp.info/2009/04/27/politik-polemik-und-eine-agenda.html","tags":["copyright","internet","kultur","media","politik","lang_de"],"title":"Politik, Polemik und eine Agenda."},{"categories":null,"content":"Aus einer Diskussion in der deutschsprachigen MySQL Gruppe im USENET. Dort ging es um die Frage, warum phpMyAdmin ein eingeschränktes Werkzeug ist und bei vielen Helfern im Netz unbeliebt. Meine Antwort lautete so:\nphpMyAdmin unterliegt wie auch viele grafische Werkzeuge für MySQL (darunter auch jene, die von MySQL selbst bereitgestellt werden) einigen besonderen Einschränkungen. Diese sind prinzipbedingt und daher auch nicht leicht zu beheben.\nAber von vorne:\nIn MySQL ist es so, daß die Connection einen besonderen Kontext oder Scope darstellt. Mindestens die folgenden Dinge sind mit dem Scope der Connection definiert:\nTransaktionen. Ein Disconnect entspricht einen ROLLBACK. Transaktionen können mit SELECT \u0026hellip; FOR UPDATE oder LOCK TABLES auch Locks erzeugen. Diese sind bei einem Disconnect wieder weg. Die mit LAST_INSERT_ID() abrufbare zuletzt von auto_increment vergebene ID wird in der Connection gespeichert. Sie ist nach einem Disconnect nicht mehr verfügbar. Mit CREATE TEMPORARY TABLE erzeugte Tabellen. Sie werden bei Disconnect gelöscht. Prepared Statements und der geparste Code von Stored Code (CREATE PROCEDURE und CREATE FUNCTION) werden pro Connection verwaltet, auch wenn das technisch eine falsche Lösung ist. @-Variablen. SET @bla = 10 oder SELECT @bla := count(*) FROM keks; definieren jeweils eine Connection Variable mit dem Namen @bla, die beim Disconnect verloren ist. SESSION-Parameter. SET SESSION mysiam_sort_buffer_size = 1024*1024*64 oder SET @@session.myisam_sort_buffer_size = 1024*1024*64 sind nach einen Disconnect verloren. Dies gilt auch für die häufig gesetzten Character Sets (SET NAMES ist nur ein Kürzel für drei bestimmte SET SESSION ...). SET-Kommandos mit spezieller Bedeutung im Kontext von Replikation, wie SET TIMESTAMP oder SET LAST_INSERT_ID können das Verhalten von Funktionen wie SELECT NOW() oder SELECT LAST_INSERT_ID() beeinflussen. Wir nennen so etwas Zustand im Scope der Connection oder Connection Scoped State (CSS, mal wieder).\nEin Client, der also unkontrolliert disconnected oder bei dem ein Disconnect nicht korrekt gemeldet wird, ist defekt in dem Sinne, daß die o.a. Funktionalität nicht wie erwartet verfügbar ist.\nDas gilt für viele grafische Clients - viele von denen machen nach dem Absenden der Query und dem Lesen des Result Sets einen Disconnect und verbinden sich für die folgende Query neu, darunter auch der MySQL Query Browser.\nDas gilt auch für einige veraltete Versionen von Connectoren. Eine Zeit lang dachte das MySQL Connector/J-Team zum Beispiel, es sei eine gute Idee, Auto-Reconnect bei Verlust der Connection aus welchem Grund auch immer zu machen. Korrekt ist stattdessen, eine Java Exception dafür zu schmeißen, damit die Anwendung auch eine Chance hat, den Verlust des Session-Zustandes mitzubekommen. Denn wenn einem der Session-Verlust mitten in einer Transaktion passiert, und der Connector dann einfach wieder verbindet, statt die Exception zu werfen, kann man ein paar echt schwer zu findende Heisenbugs bauen.\nUnd das gilt prinzipbedingt auch für jeden Webclient wie phpMyAdmin einer ist. Es ist nun mal so, daß etwa Apache einen Haufen Worker Slaves hat und daß ein eingehender http-Request einen zufälligen Worker Slave zugeteilt wird. Es wäre also selbst mit mysql_pconnect() nicht möglich einen phpMyAdmin zu schreiben, der CSS korrekt behandelt.\nKann Dein Client CSS? Definiere in einer Query eine Session Variable: SET @bla = 'Ich bin korrekt';\nIn einer zweiten Query frage den Wert der Variable ab: SELECT @bla;\nWenn Dein Client mit \u0026ldquo;Ich bin korrekt\u0026rdquo; antwortet, kann er CSS verwalten. Ansonsten ist er unbrauchbar und gehört auf den Müll - wer will schon einen Datenbankclient, mit dem man nicht mal eine Transaktion korrekt verwalten kann?\n","date":"2009-04-19T00:00:00Z","href":"https://blog.koehntopp.info/2009/04/19/connection-scoped-state-bei-mysql.html","tags":["erklaerbaer","database","mysql","mysqldev","lang_de"],"title":"Connection Scoped State bei MySQL"},{"categories":null,"content":" \u0026ldquo;Any sufficiently advanced incompetence is indistinguishable from malice.\u0026rdquo;\n\u0026mdash; Elizabeth Mattijsen liz@dijkmat.nl Liz just applied Clarke\u0026rsquo;s 3rd Law to Hanlon\u0026rsquo;s Razor .\n","date":"2009-02-16T00:00:00Z","href":"https://blog.koehntopp.info/2009/02/16/liz-application-of-clarke-s-law-to-hanlon-s-razor.html","tags":["fluffy fluff","lang_de"],"title":"Liz application of Clarke's Law to Hanlon's Razor"},{"categories":null,"content":"Slowtiger antwortet in einem Kommentar zu Mein natives IP V6 :\nWenn ich Sätze wie \u0026ldquo;Ob ich überhaupt noch unverschlüsseltes http auf V6 anbieten werde weiß ich nicht - die politische Situation legt nahe, daß dies Unsinn ist.\u0026rdquo; in einem Technikblog lese, dann gruselts mich wirklich.\nAlso, die ganze Erklärung ist wie immer in wenig länger.\nRechenleistung ist kein Problem Es ist schon seit mindestens 5 Jahren so, daß jeder zeitgemäße Rechner leicht die Rechenleistung hat, um seinen Netzwerkverkehr zu verschlüsseln. Dazu braucht man auch keinen Krypto-Coprozessor.\nUm dem ganzen mal eine Relation zu geben: Das ganze alte web.de Rechenzentrum von 2003 hat so um die 2 Megawatt (ca. 2500 PS, zwei fette Schiffsdiesel) Leistungsbedarf. Die SSL-Verschüsselung allen web.de Traffics verbraucht in etwa 7 Kilowatt (etwa 10 PS, eine Ente) an Rechenleistung.\nWarum bietet also nicht jeder seine Website grundsätzlich SSL-Verschlüsselt an?\nSSL comitted sich zu früh auf den Sitenamen Das liegt einmal am Aufbau von SSL. Der Webserver lauscht auf einem Port auf eingehende Verbindungen - hier dem https-Port 443. Das erste, was nach dem TCP-Connect passiert ist der SSL-Handshake: Server und Browser einigen sich darin auf die Gültigkeit der Zertifikate und die zu verwendende Verschlüsselung. Im Zertifikat steht auch schon der Name des Webservers - etwa \u0026lsquo;blog.koehntopp.info\u0026rsquo;.\nErst danach kommt der eigentliche HTTP GET-Request, der nun schon gesichert und verschlüsselt im SSL-Tunnel übermittelt wird. Dadurch ist eine SSL-Verbindung von Anfang an gesichert.\nDieser Request muß nun aber an die im Zertifikat genannte Site sein. Es ist nicht mehr möglich, in einem für blog.koehntopp.info aufgebauten SSL-Tunnel einen Request für z.B. hubbahubba.de zu senden, denn das Zertifikat ist ja schon ausgetauscht und der Server hat das Zertfikat für blog.koehntopp.info vorgezeigt, nicht für hubbahubba.de.\nDaher braucht man in SSL für jede Site eine eigene IP-Nummer, während man unverschlüsselt mit \u0026rsquo;name based virtual hosts\u0026rsquo; eine IP-Nummer für beliebig viele Sites teilen kann.\nTLS mit SNI kann das umgehen Auf dem Port 443 kann man nun verschiedene Geschmacksrichtungen von Verschlüsselungsmanagement fahren (die Verschlüsselung ist immer dieselbe, aber die Art und Weise, wie man sich über Namen, Schlüssel und Verfahren einigt ist subtil anders): SSL 2.0 (veraltet und defekt), SSL 3.0 (soweit bekannt sicher) und TLS (soweit bekannt auch sicher). Für TLS gibt es eine Erweiterung SNI (Server Name Indication ), die genau dieses geschilderte Problem umgehen soll.\nSNI ist nicht weit genug verbreitet SNI wird nun von einigen Browsern sogar unterstützt und fehlerfrei genug implementiert, sodaß man sie nutzen könnte um mehr als einen SSLTLS-Host pro IP zu betreiben. Leider ist der Marktanteil der Broser, die SNI beherrschen nicht groß genug. So wird SNI im MSIE nur in Vista unterstützt, behauptet jedenfalls Wikipedia.\nIPV6 ändert die Regeln Mit IP V6 bekommt man in der Regel keine einzelnen Adressen zugeteilt, sondern gleich ganze Blöcke von Nummern. Es gibt also keinen Grund mehr sparsam mit den Adressen zu sein, sondern man kann ganz entspannt jedem Host sowieso eine einzelne Adresse zuweisen anstatt mit Hacks wie Name Based Virtual Hosts und SNI rumzufuhrwerken. Das heißt auch, daß SSL und TLS sehr viel einfacher zu implementieren sind - im Browser wie auch im Server. Und daß so mehr Leute ihre Sites einfach so auch verschlüsselt anbieten\nDie Sache mit den Zertifikaten Dem wiederum steht in erster Linie die Handhabung von Zertifikaten entgegen, die aktuelle Browser so drin haben. Das Modell für den Umgang mit Zertifikaten ist derzeit nämlich weniger auf die Generierung von tatsächlicher Sicherheit ausgerichtet, sondern mehr auf die Generierung von Umsatz für Certification Authorities.\nDerzeit ist es so, daß der Browser gerne ein Zertifikat sehen möchte, wenn er auf https://blog.koehntopp.info zugreift. Der CN (common name, hier: der Sitename im Zertifikat) muß dann mit dem DNS-Namen übereinstimmen. Das heißt im Zertifikat und in der Browserleiste muß in beiden Fällen blog.koehntopp.info stehen. Im Zertifikat steht dann außerdem noch, das blog.koehntopp.info von Kristian Köhntopp betrieben wird und daß dem Aussteller des Zertifikate die ladungsfähige Anschrift von Kristian Köhntopp bekannt war, als er das Zertifikat signiert hat - das setzt voraus, daß die CA bei Ausstellung des Zertifikates so was auch überprüft. Das Zertifikat muß außerdem von einer Certificate Authority ausgestellt sein, die der Browser kennt - welche CAs der Browser kennt, ist in ihm eingebaut. Trifft ein Browser auf Zertifikate von einer CA, die er nicht kennt, mault er mehr oder weniger laut rum. Firefox 3 mault 3-4 Mausklicks lang rum, jedesmal wenn er auf ein neues solches Zertifikat trifft. Man kann die CA-Liste zwar zur Laufzeit anpassen, aber das tut niemand jemals.\nNun ist es aber so, daß eine CA zu betreiben quasi eine Lizenz zum Geld drucken ist. Wenn man so mit Geld drucken beschäftigt ist, dann hat man es mitunter echt schwer, das Geld von Leuten abzulehnen. Und zertifiziert dann alles und jeden . Damit ist ein Server-Zertifikat von dieser CA gar nix mehr wert. Als Endanwender kann man sich jetzt also seine CA-Liste im Browser angucken und sich überlegen, welche CA dort wohl wertige und welche wertlose Zertifikate ausstellt - am Zertifikat kann man das jedenfalls nicht sehen. Daher Fefes Anmerkung \u0026lsquo;Totalschaden für SSL\u0026rsquo;.\nBesser wäre es, der Browser würde sich mit CAs gar nicht weiter abgeben, sondern sich an Sites erinnern und warnen, wenn sich das Zertifikat einer Site spontan ändert - etwa so . Dann kann sich jeder ein Zertifikat bauen und es unterschreiben wie er lustig ist. Man würde bei allen wichtigen Sites aber dennoch merken, wenn einem jemand versucht etwas unterzuschieben, weil sich das bereits bekannte Zertifikat spontan ändert.\nUnd warum der ganze Schmonz? IPV6 und SSL mit selbstsignierten Zertifikaten und optional einem Firefox-Plugin das auf die von Fefe beschriebene Weise funktioniert erlauben es uns, große Teile des bisher unverschlüsselten Webs zu verschlüsseln und sogar so etwas wie lokale Sicherheit zu erzeugen. Das geht deswegen, weil zwei der drei Gründe weggefallen sind, die bisher dagegen sprachen: CPU ist nicht mehr knapp und IP-Adressen sind es auch nicht (und an den knappen Zertifikaten arbeiten wir mit dem o.a. Vorschlag).\nDas erhöht den Anteil von verschlüsseltem Traffic im Netz und macht jede Form von Filterung, Phorm und anderen Formen von Injection sowie sonstiger Schnüffelei ab Werk schwieriger. Das schützt nicht nur einen selbst, sondern auch alle anderen, deren verschlüsselter Traffic nun viel weniger auffällig ist.\nDas will man, und mit V6 wird das echt einfach.\n","date":"2009-02-11T00:00:00Z","href":"https://blog.koehntopp.info/2009/02/11/ein-paar-worte-zu-ssl.html","tags":["kryptographie","security","web","lang_de"],"title":"Ein paar Worte zu SSL"},{"categories":null,"content":"Mein dedizierter Server in Berlin hat seit Ende Januar IP V6 nativ. Als Testkunde habe ich die Connectivity vor dem Rollout bekommen - eine IP V6 Adresse als Primäradresse und ein /56 Netz zum Spielen und durch die Gegend routen.\nDer Dedi läuft recht schmerzfrei auf der mitgelieferten SuSE 10.2, und das Setup war sehr leicht. Stellt man in \u0026lsquo;yast network\u0026rsquo; bei \u0026lsquo;Besondere Einstellungen\u0026rsquo; \u0026lsquo;Erweitert\u0026rsquo; das IP V6 an, erledigt SuSEs Systemadministration alle notwendigen Dependencies alleine. Insbesondere wird das ipv6.ko Kernelmodul geladen, aber auch alle notwendigen iptables-Module, die für eine stateless V6 Firewall notwendig sind. ip_conntrack unterstützt in 10.2 noch kein V6, leider.\nDie notwendigen Konfigurationen habe ich dann jedoch zu Fuß in /etc/sysconfig/network erledigt.\nh743107:/etc/sysconfig/network # cat ifroute-lo 127/8 2A01:238:40AB:CD00::/56 Die erdet mein /56, sodaß der Provider-Router und mein Dedi nicht mit den Paketen pingpong spielen. Für einzelne genutzte Adressen lege ich dann Hostrouten, um das zu aktivieren.\nh743107:/etc/sysconfig/network # cat ifcfg-eth0 ... NETMASK=\u0026#39;\u0026#39; NETWORK=\u0026#39;\u0026#39; IPADDR_1=\u0026#39;85.214.44.126\u0026#39; NETMASK_1=\u0026#39;255.255.255.255\u0026#39; BROADCAST_1=\u0026#39;85.214.44.126\u0026#39; LABEL_1=\u0026#39;1\u0026#39; IPADDR_2=\u0026#39;2A01:238:4000:0:0123:4567:89AB:CDEF\u0026#39; IPADDR_3=\u0026#39;2A01:238:40AB:CD00::1\u0026#39; Dies setzt die primäre V6-Adresse und die eine weitere V6-Adresse, die ich bisher nutze als aktiv. Der Rest des /56 ist weiter geerdet, nur diese eine Adresse \u0026hellip;::1 ist aktiv. Nun muß noch die Routingtabelle entsprechend gesetzt werden:\nh743107:/etc/sysconfig/network # cat ifroute-eth0 2A01:238:40AB:CD00::1 fe80::1 default fe80::1 Auch durch /etc/sysconfig/SuSEfirewall2 muß man einmal durchtoben und die entsprechenden V6-Optionen dort setzen, damit die Pakete nicht weggeworfen werden.\nMit einem ping6 kann man nun schon Connectivity testen.\nh743107:/etc/sysconfig/network # ping6 -c 3 2001:4c40:1::6667 PING 2001:4c40:1::6667(2001:4c40:1::6667) 56 data bytes 64 bytes from 2001:4c40:1::6667: icmp_seq=1 ttl=57 time=31.5 ms 64 bytes from 2001:4c40:1::6667: icmp_seq=2 ttl=57 time=31.6 ms 64 bytes from 2001:4c40:1::6667: icmp_seq=3 ttl=57 time=31.5 ms --- 2001:4c40:1::6667 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2008ms rtt min/avg/max/mdev = 31.518/31.568/31.654/0.061 ms Auch ein traceroute6 dort hin kann sehr aufschlußreich sein.\nssh ssh sollte sofort und ohne weitere Konfiguration mit V6 funktionieren. Die /etc/ssh/sshd_config kennt\nAddressFamily Specifies which address family should be used by sshd(8). Valid arguments are “any”, “inet” (use IPv4 only), or “inet6” (use IPv6 only). The default is “any”. ListenAddress Specifies the local addresses sshd(8) should listen on. The following forms may be used: ListenAddress host|IPv4_addr|IPv6_addr ListenAddress host|IPv4_addr:port ListenAddress [host|IPv6_addr]:port If port is not specified, sshd will listen on the address and all prior Port options specified. The default is to listen on all local addresses. Multiple ListenAddress options are permitted. Additionally, any Port options must precede this option for nonport qualified addresses. Da insbesondere der Default \u0026lsquo;any\u0026rsquo; ist, sollte keine Konfiguration notwendig sein. Wer ein Setup mit ListenAddress fährt, muß kurz die Config anpassen, ebenso jemand der PermitOpen verwendet um Security-Regeln zu implementieren.\nexim Alle Änderungen, die ich am Exim gemacht habe sind:\ndisable_ipv6 aus der Konfirguration entfernt und local_interfaces um die gewünschten Adressen erweitert. Literale Adressen müssen dabei in eckigen Klammern stehen. Der entsprechende Abschnitt in der Konfiguration sieht also wie folgt aus:\n#disable_ipv6 local_interfaces = \u0026lt;; [85.214.35.184]:25; [85.214.35.184]:587; [127.0.0.1]:25; [127.0.0.1]:587; [2a01:238:4000:0:123:4567:89ab:cdef]:25; [2a01:238:4000:0:123:4567:89ab:cdef]:587; [2a01:238:40ab:cd00::1]:25; [2a01:238:40ab:cd00::1]:587 httpd Der Apache, den ich fahre, lauscht nun ebenfalls für seine virtuellen Hosts aus V6-Adressen. Dazu habe ich meinen Konfigurationsgenerator wie folgt definiert:\nListen SERVERIP:80 Listen [2a01:0238:4000:0000:0123:4567:89ab:cdef]:80 Listen [2a01:0238:4000:0000:0123:4567:89ab:cdef]:443 NameVirtualHost * Die Kombination von Listen-Anweisungen und NameVirtualHost * sorgt dafür, daß alle name based virtual Hosts auf allen diesen Interfaces zu bekommen sind. Für den 443-Port ist das natürlich sinnlos. Ich werde stattdessen also für V6 ein anderes System brauchen, das named-Setup und Apache-Setup miteinander verheiratet und in V6 grundsätzlich IP-basierende Virtual Hosts verwendet, diese dann aber grundsätzlich auf Port 443 verfügbar macht. Ob ich überhaupt noch unverschlüsseltes http auf V6 anbieten werde weiß ich nicht - die politische Situation legt nahe, daß dies Unsinn ist.\ndovecot Dovecot kann derzeit nur auf einem oder allen Interface lauschen. Ich muß also meine alte IP-basierte listen-Anweisung löschen und ein globales Listen einsetzen:\n#listen = 85.214.35.184 listen = [::] Ein * hätte alle V4-Interfaces aktiviert, ein [::] aktiviert V4 und V6.\nirssi Um mit V6 im Ircnet ircen zu können, muß man sich mit einem Webbrowser gegen einen V6-only Webserver connecten und dort freischalten lassen. Dann kann man definieren:\nservers = ( { address = \u0026#34;irc.irc6.net\u0026#34;; chatnet = \u0026#34;ircnet\u0026#34;; port = \u0026#34;6667\u0026#34;; use_ssl = \u0026#34;no\u0026#34;; ssl_verify = \u0026#34;no\u0026#34;; autoconnect = \u0026#34;yes\u0026#34;; } ); und von dort aus weiterarbeiten. Für Freenode ist es\nservers = ( { address = \u0026#34;ipv6.chat.freenode.net\u0026#34;; chatnet = \u0026#34;freenode\u0026#34;; port = \u0026#34;6667\u0026#34;; use_ssl = \u0026#34;no\u0026#34;; ssl_verify = \u0026#34;no\u0026#34;; autoconnect = \u0026#34;yes\u0026#34;; } ); Undernet kann noch kein V6.\nnamed Bind 9 kann V6. Das reverse Lookup für die primäre IP liefert der Provider. Für das /56 habe ich eine Delegation und einen Secondary, muß die Zone also selber fahren.\nVorwärts-Einträge:\nirc 1D IN AAAA 2A01:0238:40AB:CD00:0000:0000:0000:0001 irc 1D IN MX 100 smtp.koehntopp.de. smtp 1D IN AAAA 2A01:0238:40AB:CD00:0000:0000:0000:0001 smtp 1D IN A 85.214.35.184 smtp 1D IN MX 100 smtp.koehntopp.de. Und die reverse Zone:\nh743107:/var/lib/named/master # less /etc/named.conf ... options { listen-on-v6 port 53 { 2a01:238:4000:0:123:4567:89ab:cdef/128; }; query-source-v6 address 2a01:238:4000:0:123:4567:89ab:cdef; transfer-source-v6 2a01:238:4000:0:123:4567:89ab:cdef; notify-source-v6 2a01:238:4000:0:123:4567:89ab:cdef; allow-transfer { ... 2001:608:a:0:219:dbff:fe4c:93a0; }; }; ... zone \u0026#34;d.c.b.a.0.4.8.3.2.0.1.0.a.2.ip6.arpa\u0026#34; in { type master; file \u0026#34;master/d.c.b.a.0.4.8.3.2.0.1.0.a.2.ip6.arpa.zone\u0026#34;; }; Dann muß noch die Zone erzeugt werden. Dies geschieht wie üblich und ist nur ein Haufen Tipperei.\nh743107:/var/lib/named/master # ls -l *ip6* -rw-r--r-- 1 root root 347 Feb 3 10:03 d.c.b.a.0.4.8.3.2.0.1.0.a.2.ip6.arpa.zone h743107:/var/lib/named/master # cat !$ cat *ip6* @ 1D IN SOA ns1.koehntopp.de. hostmaster.koehntopp.de. ( 2009020301 ; serial 1D ; refresh 2H ; retry 1W ; expiry 1D ) ; minimum 1D IN NS luggage.rince.de. 1D IN NS ns1.koehntopp.de. 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1D IN PTR irc.koehntopp.de. ","date":"2009-02-10T00:00:00Z","href":"https://blog.koehntopp.info/2009/02/10/mein-natives-ip-v6.html","tags":["internet","ipv6","lang_de"],"title":"Mein natives IP V6"},{"categories":null,"content":" There are two kinds of fool. One says, “This is old, and therefore good..” And one says “This is new, and therefore better..”\t—John Brunner, in The Shockwave Rider\nNeue Ideen in Dateisystemen sind so eine Sache. Es handelt sich bei einem Dateisystem ja um Infrastrukturcode par excellence, und so reden die meisten Leute gerne von ihrem letzten Datenverlust, wenn man sie nach Dateisystemen befragt. Das ist nicht neu, ich habe in The Importance Of FAIL das Thema ja schon mal angeschnitten.\nNeue Ideen in Dateisystemen sind auch langsam. 1984 bis 1992 gab es das Sprite Projekt in Berkeley, bei dem es um die Entwicklung eines rechnerübergreifenden Betriebssystems ging. Teil von Sprite war auch etwas, das sich LFS (Log Structured Filesystem) nannte.\nLFS basiert auf der Idee, daß nur noch Writes auf eine Platte übrig bleiben, wenn man nur genug RAM zum Cachen aller Reads hat. Also quasi die Situation, in der Google jetzt grad ist. Wenn das aber so ist, so geht die Überlegung weiter, dann muß man Daten auf der Platte nicht zum Lesen optimiert ablegen, sondern das Schreiben optimieren.\nEin Exkurs in Fragmentierung Gegeben sei MS-DOS, also ein System mit nur einem Thread, der Read-Requests generieren kann und quasi ohne Read-Cache, der solche Reads wegoptimieren kann. Dann ist das Dateisystem dann für viele Anwendungen zum Lesen optimiert, wenn alle Dateien defragmentiert abspeichert sind, d.h die Blocknummern der physikalischen Blöcke jeder Datei unmittelbar aufeinanderfolgend sind.\nGegeben sei ein System mit unendlich viel Speicher, das schon unendlich lange läuft. Dann wiederum sind alle Daten im RAM gecached, und die physikalische Anordnung der Daten auf der Platte ist aus der Sicht der Lesezugriffe total schnurz.\nDie meisten realen Systeme liegen irgendwo dazwischen - je mehr RAM und je besser die Caches vorgeglüht, desto mehr ist es egal, wie die Daten auf der Platte angeordnet sind.\nDie meisten realen Systeme haben heutzutage auch mehr als einen Thread, der Requests erzeugen kann und schon von daher ist das statisch lineare Layout von Dateien auf der Platte nicht mehr unmittelbar ein Garant für dynamisch lineare Lesezugriffe.\nLFS dreht den Spieß um LFS nimmt nun ein solches System mit unendlich viel Speicher und unendlich langer Laufzeit an, d.h, kümmert sich nicht um die Linearisierung von Reads, sondern lediglich noch um die Linearisierung von Writes: Das Dateisystem hat kein Log, es ist ein Log - ein großer Ringpuffer von Daten, bei dem die Platte von vorne nach hinten beschrieben wird und wenn man am Ende der Platte angekommen ist, fängt man von vorne an.\nSnapshots bekommt man bei einem solchen System gratis (Aber BSD hat es nicht implementiert ): Am Anfang der Platte hat man keinen Superblock, sondern einen Zeiger auf die letzten paar Superblöcke, die geschrieben wurden. Jede Operation kann als Transaktion geschrieben werden: Blöcke werden dabei nicht überschrieben, sondern geänderte Versionen des neuen Blockes werden linear rausgeschrieben.\nBeispiel: Eine Datei besteht aus einem Verzeichniseintrag, einer Inode und in der Inode aus Zeigern auf Datenblöcke. Überschreibt man nun das letzte KB der Datei und verlängert sie nun auch noch um ein KB, dann werden zunächst der \u0026ldquo;überschriebene\u0026rdquo; Datenblock und der neue Datenblock am Ende des Schreibpuffers neu geschrieben, dann wird die geänderte Inode der Datei dahinter neu geschrieben und dann der Block, der auf die aktuelle Version dieser Inode zeigt neu geschrieben und am Ende ein neuer Superblock.\nBeim Lesen folgt man dem neusten Superblock, findet man die neuste Version der Inode, und damit die geänderte und verlängerte Datei. Folgt man der älteren Kopie des Superblocks, findet man eine ältere Version der Inode derselben Datei und die dazu gehörenden älteren Versionen der Datenblöcke, also eine alte Version derselben Datei. Alle Blöcke, die zwischen beiden Versionen der Datei unverändert bleiben, sind beiden Versionen gemeinsam und nur einmal auf der Platte vorhanden.\nLFS Performance stinkt Nun ist es so, daß außerhalb des Googleplex RAM endlich und die Laufzeiten von Computern begrenzt sind. Daher ist es auch so, daß es zu Situationen kommen kann, in denen der File System Buffer Cache das aus Lesesicht absolut pessimale Layout von LFS nicht abschirmen kann. In solchen Fällen - die besonders von Datenbanken gerne provoziert werden - ist die Performance von LFS nur mit geologischen Fachbegriffen zu erfassen.\nSchon LFS auf Sprite, und sein späterer Port auf BSD Unix haben daher einen Repacker gehabt. Das ist ein Prozeß der Idlezeiten der Platte nutzt und die Daten auf dem Medium ein wenig read-freundlicher anordnet. Man kann sich das wie eine dauernd laufende Defragmentierung im Hintergrund vorstellen. Auch ReiserFS 4, das auf ähnlichen Ideen basiert hat einen solchen Repacker.\nIn with the out, old with the new Die Idee, Daten niemals zu überschreiben ist sicherlich gut. Sie läßt sich jedoch auch mit Dateisystemen implementieren, die Daten gleich beim ersten Schreiben sinnvoll auf der Platte layouten ohne dabei eine Ringpuffer-Struktur zu erzeugen.\nDateisysteme wie WAFL auf einer NetAPP sind ein erster Schritt in diese Richtung, Suns ZFS geht ihn noch konsequenter. Beide Dateisysteme stammen aus Projekten, in denen Leute arbeiten, die vorher mit verschiedenen Versionen von LFS gearbeitet haben. Insofern ist es auch nicht weiter verwunderlich, daß solche Ideen in diesen Dateisystemen auftauchen - außer man ist Patentanwalt und wundert sich aus beruflichen Gründen.\nSolche Dateisysteme, die nie überschreiben (und daher laufend snapshotten), aber die Platte nicht als Ringpuffer betrachten sondern schon noch layouten, nennt man Copy-On-Write Dateisysteme (COW-FS).\nWeitere gute Ideen importieren ZFS ist in diesem Zusammenhang besonders interessant, weil es noch weitere gute Ideen von anderswo importiert. Episode zum Beispiel ist das Dateisystem der halb vergessenen DCE-Initiative, und vielen Leuten in der Geschmacksrichtung AdvFS von DEC bekannt.\nAdvFS integriert das Storagemangement, das sonst von einem Logical Volume Manager erledigt wird und das Platzmanagement des Dateisystems ineinander. Eine File Domain kann man sich dabei wie eine Volume Group vorstellen - eine Art Kiste, in der die Blöcke enthalten sind, die beschrieben werden können.\nIn der File Domain sind File Sets vorhanden, Dinge, die man anderswo Dateisysteme nennt. File Sets ist dabei nicht zwingend eine feste Größe zugewiesen - man kann sie sich wie Luftballons vorstellen, die in der Kiste sind und die nach bedarf aufgeblasen und verkleinert werden können. Mit einem Quota-System kann man einem File Set einen Mindestplatzbedarf und einen Maximalbedarf zuordnen und so den Platz in der File Domain verwalten. Der AdvFS-Source ist seit 2008 GPLed, aber er interessiert kaum noch jemanden.\nZFS hat wie AdvFS diese Integration von Volume Management in das Dateisystem übernommen - etwas, das auf den Linux-Kernel-Mailinglisten von einigen Personen als blatant layering violation angesehen wurde - die Redewendung hat es zu einigem Google-Karma gebracht. Tatsächlich handelt es sich um eine andere Sicht auf den Stack, aber eine, die durchaus von anderen geteilt wird, die wie man an AdvFS sehen kann und die durchaus interne Struktur hat.\nEine andere gute Idee, die ZFS aus der Datenbankwelt übernommen hat, sind Prüfsummen überall. Auf diese Weise - und nur auf diese Weise - ist es möglich, die Integrität des Dateisystems Ende-zu-Ende sicherzustellen und vor allen Dingen auch integre Teile des Systems zur Verfügung zu stellen, während man beschädigte Teile isoliert und abtrennt. Der ZFS-Code kann es nicht, aber grundsätzlich ist es möglich aus jedem defekten ZFS ein integres Sub-ZFS raus zu extrahieren und zu publizieren, während der Rest anderweitig recovered wird - die Datenstrukturen geben das her.\nOpen Source Management Nun hat Sun ein sehr sauberes und durchaus politisches-strategisches Intellectual Property Management . Das bewirkt, daß der Source von ZFS unter der CDDL (\u0026ldquo;cuddle\u0026rdquo;, eine modifizierte MPL 1.1) verfügbar ist - er ist Teil von Opensolaris, FreeBSD, MacOS X und einigen anderen Systemen. Die CDDL verletzt aber die additional restrictions clause der GPL und ist mit der GPL nicht kompatibel - es wäre zwar technisch möglich einen Linux-Kernel zu bauen, der ZFS enthielte, aber es ist keinem Distributionshersteller juristisch möglich so etwas zu verteilen. ZFS läuft daher unter Linux nur als Userland-Prozeß als Teil von FUSE .\nCOW-FS in Linux - BTRFS Die Linux-Crowd ficht das nicht an. Im Linux-Kernelspace entwickelt man seit einiger Zeit an einem Nachfolger für die extX-Reihe von Dateisystemen, und einer der Kandidaten für eine solche Nachfolge ist BTRFS (\u0026lsquo;ButterFS\u0026rsquo;, nicht etwa \u0026lsquo;BetterFS\u0026rsquo;). Die Featureliste von BTRFS liest sich wie eine Shoppingliste in den Stammbäumen der oben genannten Ahnherrschaften: Extent-Based wie ext4 und XFS statt Bitmaps wie ext3 und ZFS, Tail-Packing wie bei Reiser3 und Reiser4, Verzeichnisse als Bäume wie inzwischen allgemein üblich, dynamisch erzeugte Inodes, wie sich fast zwingend aus COW-FS-Erfordernissen ergibt, writeable-snapshots, subvolumes (File Sets aus AdvFS), Object Level Mirroring und Striping, Checksums on Everything, Compression (und sicher auch Encryption), Integrated Multiple Device Support (besagte blatant layering violation), Online Filesystem Check (o.a. Teilvalidierung) und Online System Defragmentation (ein Repacker und die Möglichkeit des Online Filesystem Checks machen das leicht).\nDie BTRFS-Leute ziehen dabei ein paar echt eklige, aber vollkommen legale Stunts ab. In Conversion from ext3 wird gezeigt, wie die Metadatenstrukturen von BTRFS in ein existierendes ext3 reingemalt werden können ohne das ext3 zu beschädigen und wie kurzzeitig beide Systeme parallel existieren und die Datenblöcke teilen können. Das erlaubt eine Konvertierung von extX-Dateisystemen in BTRFS ohne Neuformatierung - ein echtes Killerfeature für Leute mit einem Arsch voll Linux-Daten.\nEinen schönen Überblick über die BTRFS-Strukturen findet man im Design Dokument . Zum Thema Multiple Device Support gibt es ebenfalls Seiten. Und eine Einführung in den Code gibt es auch - hier .\nBTRFS ist unter der GPL lizensiert, kompatibel mit dem Linux-Kernel und Bestandteil aktueller Standardkernel. Die gestern freigegebene Fedora 11 Alpha enthält BTRFS als experimentelles Dateisystem - gut genug zum Spielen und Testen, aber noch nicht gut genug für Wirkdaten.\n","date":"2009-02-06T00:00:00Z","href":"https://blog.koehntopp.info/2009/02/06/neue-ideen-in-dateisystemen-oder-btrfs-in-fedora-11.html","tags":["filesystems","free software","linux","lang_de"],"title":"Neue Ideen in Dateisystemen (oder: BTRFS in Fedora 11)"},{"categories":null,"content":"Es sollten drei bis fünf Überwachungen mit einem maßgeschneiderten Binary sein, sagten Schäuble und Ziercke. Doch erwartungsgemäß liest sich das nun anders. BKA-Chef will Bundestrojaner auch gegen organisierte Kriminalität einsetzen weiß der Heise Newsticker. Was genau sollen wir darunter verstehen?\nInzwischen seien allein hierzulande aber \u0026ldquo;täglich 300.000 bis 500.000\u0026rdquo; Rechner mit Schadsoftware infiziert, schilderte Ziercke den Umfang von Cybercrime. Die Folge sei der Missbrauch der befallenen Computer für Phishing, Spamming, den Einbruch in fremde Systeme oder \u0026ldquo;Distributed Denial of Service\u0026rdquo;-Attacken (DDoS).\nUnd diese Dinge rechnet das BKA gar nicht falsch der sogenannten OK zu.\nIn der Praxis heißt das aber nur, daß das BKA einen Bot-Krieg gegen die Autoren von Schadsoftware vom Zaun brechen will und diesen am Liebsten auf den Rechnern der betroffenen Windows-Benutzer auskämpfen möchte. Das hilft diesen Leuten sicherlich ungemein.\nJedenfalls sind 300.000 bis 500.000 Rechner mit einem Mal ganz andere Zahlen als die zuvor genannten drei bis fünf. Wer ist noch nicht überrascht?\n","date":"2009-01-23T00:00:00Z","href":"https://blog.koehntopp.info/2009/01/23/mehr-bundestrojaner.html","tags":["politik","security","lang_de"],"title":"Mehr Bundestrojaner"},{"categories":null,"content":"Der Linux-Kernel 2.6.28 enthält das ext4-Dateisystem standardmäßig und sowohl Fedora als auch Ubuntu werden es unterstützen. Was bringt ext4 an Änderungen?\nEin Dateisystem ist für die meisten Benutzer eine quasi unsichtbare Sache. Es sind halt Dateien da und wenn man auf diese zugreift hat man halt Daten. So sind Dateisystem-Features für die meisten Leute also eine sehr unspektakuläre Sache. Die folgende Übersicht ist also etwas geekzentrisch.\nExtents ext2 und ext3 sind sehr traditionelle Dateisysteme, die intern im Grunde auf Technik von 1984 basieren. ext2 ist eine minimal verbessere Nachprogrammierung des BSD ffs (bei Sun und MacOS X: ufs), ext3 fügt dem lediglich das Journal zur schnelleren Wiederherstellung nach Systemcrashes zu. Beide Dateisysteme speichern die Metadaten von Dateien in einer Inode ab und merken sich die Lage der Datenblöcke in einer Datei in einem (in sogenannten Indirect-Blocks gefalteten) Array von Blocknummern. In einem Artikel von 1994 habe ich das mal länger ausgeführt .\nDa mit einigem Glück die meisten Dateien nicht fragmentiert gespeichert sind, besteht dieses Array also bei vielen Dateien aus einer langen Folge von unmittelbar aufeinander folgenden Blocknummern. Das ist unglaublich ineffizient.\nXFS, also Technik von 1994, ist eines der ersten Dateisysteme gewesen, das stattdessen mit Extents arbeitet, also Blockfolgen durch Run Length Encoding komprimiert: Statt einer Folge von Blocknummern wird die Startnummer der Folge und ihre Länge als ein Paar gespeichert. 15 Jahre später führt man dieses Detail auch in ext4 endlich ein.\nGroße Dateisysteme Eine andere Technik von XFS kopiert man dabei nicht: Kompression von Blocknummern. ext4 unterstützt große Dateisysteme durch den Einsatz von 64 Bit großen Blocknummern. Da die Kernel-Infrastruktur noch nicht entsprechend mitgewachsen ist, sind derzeit 48 Bit große Blocknummern nutzbar, was für immerhin schon Exabyte-große Dateisysteme ausreicht. Anders als XFS, das ebenfalls ein 64 Bit-Dateisystem ist, speichert ext4 jedoch immer ganze 8 Byte große Blocknummern, während XFS auch relative Blockadressen zum Beginn jeweils einer Zone verwenden kann und so an vielen Stellen mit 4 Byte langen Zahlen auskommt, auch wenn es 64 Bit adressieren kann.\nWeil ext2 und ext3 im Grunde saubere Rewrites von FFS waren, haben sie auch die 16 Bit große Linkcount-Zahl von diesem geerbt und konnten so bis zu 32767 Links pro Datei verwalten. Da Unterverzeichnisse durch den \u0026ldquo;..\u0026quot;-Eintrag den Linkcount des Elternverzeichnisses erhöhen, war man so auf 32765 Unterverzeichnisse pro Directory beschränkt. ext4 geht hier anders vor und das Limit existiert nicht mehr.\nNeues Blockbelegungsschema Jedes Dateisystem hat Funktionen mit denen es entscheidet auf welchen physischen Blöcken der Platte eine Datei zu liegen kommt. Ziel diese Allokators ist es dabei, die Fragmentierung von Dateien zu verhindern und die Dateien so anzuordnen, daß schnell lesen darauf zugegriffen werden kann.\nDer Allkokator von ext2 und ext3 ist dabei notorisch schlecht. Zum einen beherrschen diese Dateisyteme keine verzögerte Blockzuweisung: Jeder Block einer Datei muß physikalisch angeordnet werden sobald der Kernel Platz für den Block im File System Buffer Cache belegt. Wenn also eine große Datei linear geschrieben wird bedeutet das, daß das Dateisystem schon versucht den ersten Block der Datei zu positionieren ohne abzuwarten ob und wie viele weitere Blöcke noch folgen werden.\nXFS hatte schon 1994 eine bessere Strategie: Blöcke werden im File System Buffer Cache auch ohne physikalische Positionsinformation gecached. Dadurch kann etwa ein linearer Write einer ganzen Datei erst einmal im Cache abgelegt werden und erst am Ende, wenn die Datei geschlossen und geflushed wird, muß eine Layoutentscheidung getroffen werden. Diese kennt dann aber schon die Gesamtgröße der Datei und das Dateisystem kann versuchen die Datei am Stück zu schreiben. ext4 kann nun endlich auch solche delayed allocation und reiht sich so neben XFS, ZFS, btrfs und Reiser4 ein.\next2 und ext3 belegten dabei den Platz auf der Platte einzelblockweise (in 4KB großen Blöcken) und haben dabei maximal 8 Blocks in Folge im Voraus belegt. Wenn man also ein Verzeichnis hat, in dem zwei Dateien gleichzeitig offen sind und verlängert werden (etwa: /var/log), dann entstehen so Zonen von jeweils 32 KB großen Dateistummeln, die sich gegenseitig im Weg stehen. Die Dateien sind maximal fragmentiert. ext4 fixt das dann auch in der ext?-Serie von Dateisystemen endlich.\next4 bekommt außerdem ein Feature, das sich \u0026ldquo;persistent preallocation\u0026rdquo; nennt und das es Anwendungen erlaubt, dem Dateisystem schon vorab Hinweise darauf zu geben wie groß Dateien am Ende sein werden wenn die Anwendung mit ihnen fertig sein wird. Die Anwendungen dafür sind vielfältig: Mit ein wenig Management ließe sich so zum Beispiel das Guaranteed Rate I/O von XFS nachprogrammieren und ext4 kennt mit diesem Feature und ein wenig weiterer Magie auch Online-Defragmentierung.\nSchnelleres fsck und Prüfsummen So wie ZFS und InnoDB es vorgemacht haben führt auch ext4 nun endlich Prüfsummen ein: Das Journal und Teile der Inode-Infrastruktur bekommen nun Prüfsummen, mit denen die Integrität der Daten nach einem Crash schneller gecheckt werden kann, sodaß der fsck optimiert werden kann und schneller abläuft wenn er dennoch einmal notwendig werden sollte. Dadurch kann auch der Journal-Commit selbst optimiert werden.\nVon einer durchgehenden Prüfsummen-Infrastruktur wie in ZFS und einer Online-Prüfung von Checksummen ist man in ext4 jedoch noch weit entfernt.\nInode-Basteleien Die Größe einer Inode ist in ext4 gewachsen: 256 Byte Minimumgröße statt bisher 128 Bytes. ext4 macht mit dem zusätzlichen Platz sinnvolle Sachen: Dateien bekommen Timestamps, die in Nanosekunden statt wie bisher in Sekunden rechnen, time_t stirbt und der verbleibende Platz kann verwendet werden um Extentlisten oder erweiterte Dateiattribute inline zu speichern.\nAußerdem kann ext4 Inodes reservieren und dynamisch verwalten. Dadurch werden auch Metadata-Operationen sehr viel schneller und layouten sich besser physikalisch auf der Platte.\nBarrier Writes Schließlich erzeugt auch ext4 nun ohne Journal=Data immer konsistente Datenstrukturen auf der Platte, indem Barrier Writes verwendet werden.\nLive Upgrade ext4 kann ext3-Dateisysteme lesen. Es ist also möglich, ein ext3-Dateisystem als ext4 zu mounten. Die meisten Features, die ein ext4 einem ext3 voraus hat, sind dabei jedoch nicht nutzbar. Auch ein\ntune2fs -O extents,uninit_bg,dir_index /dev/DEV fsck -pf /dev/DEV schaltet diese Features nur für neue Dateien um, baut aber die vorhandenen Dateien und Verzeichnisse nicht auf das neue Format um. Die volle Effizienzsteigerung erlangt man also nur durch ein Umkopieren der Daten auf ein neue angelegtes, leeres ext4-Dateisystem.\nWas fehlt noch? Grub unterstützt ext4 bisher noch nicht (d.h. die Grubs, die das können, haben es noch in keine Distro geschafft).\n(siehe auch: Kernelnewbies: ext4 )\n","date":"2009-01-23T00:00:00Z","href":"https://blog.koehntopp.info/2009/01/23/was-bringt-ext4.html","tags":["filesystems","free software","linux","lang_de"],"title":"Was bringt ext4?"},{"categories":null,"content":"Richtig, wieder sind die Käufer legaler Digitalisate die Gearschten: Wie sich schon bei Musik gezeigt hatte, sind es nur die legaler Käufer DRM-geschützter Medien, die angeschmiert sind, wenn ein Betreiber von Lizenzservern keinen Bock mehr hat. Diesmal erwischt es die Käufer diverser E-Books des E-Book-Distributors Fictionwise in den USA.\nEr stellt Auslieferung teilweise ein heißt es bei Golem:\nKunden des E-Book-Händlers Fictionwise werden ab Ende Januar keinen Zugriff mehr auf DRM-geschützte E-Books haben, die vom Distributor Overdrive geliefert wurden. Overdrive stellt die Server für die E-Books ab…. Fictionwise bemüht sich nach eigener Aussage darum, mit den Verlagen Sondervereinbarungen zu treffen, um die Dateien gegen Äquivalente im Secure-eReader-Format auszutauschen. Auf jeden Fall sollten die Kunden sich Backups der erworbenen E-Books anfertigen, empfiehlt Fictionwise. Insgesamt sollen rund 300.000 E-Books für Fictionwise über Overdrive ausgeliefert worden sein.\nBackups. Guter Plan. Am besten dezentral gelagert?\n","date":"2009-01-09T00:00:00Z","href":"https://blog.koehntopp.info/2009/01/09/fictionwise-overdrive-schaltet-drm-server-ab.html","tags":["media","copyright","lang_de"],"title":"Fictionwise/Overdrive schaltet DRM-Server ab"},{"categories":null,"content":"Früher in SCO Xenix gab es in deren Terminalemulation eine Escape-Sequenz, die eine Hardcopy des Screens auslöste. Ein Programm konnte eine bestimmte Esc-Sequenz an ein Terminal senden und das Terminal hat dann seinen Bildschirminhalt Zeichen für Zeichen an die Anwendung zurückgesendet.\nWenn also ein User auf Xenix eingeloggt war, und er in einer Shell stand, konnte man ihn mit dem Kommando \u0026ldquo;hello\u0026rdquo; oder \u0026ldquo;write\u0026rdquo; anchatten, ihm den Bildschirm löschen und ein Kommando in die linke obere Bildschirmecke drucken, danach dann eine Hardcopy-Sequenz senden. Das Terminal hat dann den Bildschirminhalt, also das Kommando, an die Shell zurück reported. Die Shell hat das Kommando dann ausgeführt.\nDa SCO Xenix nicht Open Source war, mußte man sich mit \u0026ldquo;mesg n\u0026rdquo; vor dem angechattet werden schützen.\nDieser uralte Bug ist nun wiederbelebt worden: Offenbar kann X11s xterm verschiedene Escape-Sequenzen ausführen, die bestimmte Dinge reporten. Etwa den aktuellen Fenstertitel und den Gerätestatus. Alle diese Dinge kann man vorher auf bestimmte Werte - Kommandos - setzen. In dem Heise Artikel wird eine präparierte Datei erwähnt, aber solange \u0026ldquo;mesg y\u0026rdquo; aktiv ist, reicht wirklich ein \u0026ldquo;write\u0026rdquo; an diesen User zu senden (\u0026ldquo;cat escsequence | write username ttyname\u0026rdquo;).\nSchön, daß es das noch gibt. Oder, um es mit Henry Spencer zu sagen, \u0026ldquo;Those who do not understand Unix are doomed to reinvent it. Poorly.\u0026rdquo;\n","date":"2009-01-06T00:00:00Z","href":"https://blog.koehntopp.info/2009/01/06/sco-xenix-386-und-mesg-n.html","tags":["computer","hack","lang_de"],"title":"SCO Xenix 386 und mesg n"},{"categories":null,"content":"Irgendwann war allen klar, daß CVS es nicht mehr bringt und was Besseres her muss. Das hat dazu geführt, daß ich statt einem Versionskontrollsystem in 2000 jetzt in 2009 etwa vier davon parallel verwenden muss. Da wäre einmal das traditionelle \u0026ldquo;besser als CVS, aber sonst alles genauso\u0026rdquo; SVN, und dann eine Reihe von verteilten Versionskontrollsystemen, namentlich git, bzr (\u0026ldquo;Bazar\u0026rdquo;), hg (\u0026ldquo;Mercurial\u0026rdquo;). Neben diesen gibt es dann einen Haufen relativ wenig Gebrauchtes oder experimentelles Zeugs, das sich mangels Community nicht anzusehen lohnt.\nBlickt man auf die Benutzerlandschaft in 2009, wird klar: Git gewinnt. Einmal ist der Perl Source samt History nun nach Git konvertiert, dann zeigt die Gnome-Umfrage einen klaren Vorsprung von Git, der Kernel verwendet sowieso git und bei KDE denkt man auch über Git als verteiltes Versionsverwaltungssystem nach. Auch der X-Server von X.org wird mit Git versioniert.\nSchön, daß hier nun endlich eine Konvergenz absehbar ist (nur mein MySQL-Zeugs muss ich wohl weiter mit bzr pullen).\n","date":"2009-01-05T00:00:00Z","href":"https://blog.koehntopp.info/2009/01/05/git-gewinnt.html","tags":["free software","git","software","lang_de"],"title":"Git \"gewinnt\""},{"categories":null,"content":" *Fabulous Uschebit sends me this package of Cat-5-o-Nine-Tails and cookies for Deborah. Debs is a DBA colleague of mine and works from Cambridge\nMuch more stylish than a blunt clue bat ","date":"2008-12-18T00:00:00Z","href":"https://blog.koehntopp.info/2008/12/18/cat5-o-nine-tails-von-uschebit.html","tags":["berlin","work","lang_de"],"title":"Cat5-o-Nine-Tails von uschebit"},{"categories":null,"content":"Mit DE-Mail will der deutsche Staat zusammen mit dem Unternehmen Telekom sichere und vertrauenswürdige E-Mail implementieren. Dazu gibt es eine öffentliche \u0026ldquo;E-Konsultation\u0026rdquo; auf einem Server von Zebralog e.V. , die am 12. Dezember endet.\nDie dort abgegebenen Kommentare zu lesen ist sehr spannend. Der Tenor ist immer derselbe, ich greife als Repräsentant mal\nEs ist auch jetzt schon möglich, sicher im Internet zu kommunizieren. Und das auch weitestgehend kostenlos mit z.B. OpenPGP oder mit kostenlosen Angeboten von Verisign oder Thawte. Trotzdem fände ich es wichtig und richtig, wenn auch der unbedarfte Internet - Nutzer auf einfache Weise an diese Techniken herangeführt werden würde. Was aber unbedingt vermieden werden müsste, wäre, dass sich staatliche Mitleser per Gesetz einen Zugang hierzu verschaffen.\nheraus. Andere Kommentare verweisen gleich auf §3, Absatz 6 des BSI Gesetzes .\nSo wird aus dem ganzen Projekt dann bald wieder ePost , die 2005 eingestellte , lebenslang gültige E-Mail-Adresse der Deutschen Post - es gibt in der gesamten Konsultation kaum positive oder auch nur relativierende Stimmen.\nUpdate: Die interessieren aber wahrscheinlich eher nicht - jedenfalls wenn man sich der Analyse von Alexander Finger anschließen will, der das ganze Projekt eher als eine Initiative zum Streicheln der armen Telekom interpretiert und das auch begründen kann.\nDie weitaus meisten Kommentare gehen in dieselbe Richtung:\nWieso sollten die Nutzer gerade in den Punkten IT-Sicherheit und Datenschutz ausgerechnet dem Bundesinnenministerium (heimliche Online Durchsuchung) und der Telekom (Bespitzelungsaffäre, Kundendatenverlust) vertrauen.\nund\nEs gibt heute schon signierte E-Mails und auch verschlüsselte E-Mails. Warum wird dies nicht flächendeckend eingesetzt? Ich habe das so verstanden, das weiterhin Pop3 und SMTP-Protokolle verwendet werden soll. Basierend auf dieser Aussage macht es doch keinen Sinn, wieder etwas Neues zu erschaffen, was es eigentlich schon gibt. Vereinfachen Sie einfach die Zertifikatserstellung und eventuell eine zentrale Zertifikatsverwaltung in der Hand oder Kontrolle einer Regierungsbehörde und sie haben Ihren sicheren E-Mails. Viel kostengünstiger und genauso sicher.\nund\nEine verbindliche Kommunikation haben wir bereits eingeführt (PGP). Das staatliche Angebot kommt zu spät, auch ist es uns nicht sicher genug. PGP ist generell sehr populär und allgemein wird eine Schulung von vorhandener Software gegenüber DE-Mail favorisiert: Soweit ich das sehe, gehen Ihre Vorstellungen klar an der Realität vorbei.\nund\nWer sichere E-Mail verschicken will, nimmt seit 10 Jahren PGP und fertig. Die Integration in gängige E-Mail-Programme wie Thunderbird ist vorbildlich; einzig das Wissen um die Bedienung ist noch verbesserungsfähig. Hier wäre ein Schulprojekt aber hundertmal besser als eine \u0026lsquo;Zertifizieren\u0026rsquo;, bei der man als Bürger ohnehin nicht weiß, was da eigentlich bewertet wird. Ihr Ansatz sieht mir sehr nach Aktionismus aus und liefert die falsche Antwort auf ein nicht existierendes Problem.\nWie man beim Durchlesen der Kommentare schnell bemerkt, sind die Eckpunkte um überhaupt eine Akzeptanz für das Projekt schaffen zu können:\nVollständige Transparenz der verwendeten Software und Prozesse, das schließt insbesondere die Verwendung von Open-Source-Software mit ein, die wiederholt gefordert wird. Vollständige Kontrolle des Endanwenders über die Generierung und Speicherung der verwendeten privaten Schlüssel, um Key Escrow und Backdoors auszuschließen. Verwendung von Anbietern und Behörden die nicht wie das Innenministerium und das BSI in einem Interessenkonflikt stehen und nicht wie die Telekom durch Abhörskandale und Kundendatenverlust in ihrer Vertrauenswürdigkeit kompromittiert sind. ","date":"2008-11-24T00:00:00Z","href":"https://blog.koehntopp.info/2008/11/24/de-mail.html","tags":["demail","politik","security","lang_de"],"title":"DE-Mail"},{"categories":null,"content":"Dies ist quasi der 2. Teil zum MySQL-Sun-Dilemma :\nIn diesem Kommentar bei El Reg sehen wir dasselbe Problem in einigen Jahren auf Intel zu kommen. Der Kommentator sieht wie ich, daß vorhandene Software in der Regel nur einen Core busy hält, oder einen Core pro Verbindung belegen kann, wenn wir über Serversoftware reden.\nEin dicker Multicore-Rechner macht vorhandene Software also nicht schneller. Er sorgt nur dafür, daß die Maschine bei mehr Last (mehr Verbindungen) nicht langsamer wird, so denn der Rest der Infrastruktur, also etwa Platten, Netz und Speicherbus, mithalten können.\nFür den Kommentator besteht die Lösung des Dilemmas (viele Cores, aber Software ist nicht parallel genug) in mehr und besseren Hypervisors, mit denen man bisher getrennt laufende Maschinen auf einem Multicore-Rechner durch Virtualisierung zusammenziehen kann.\nDoch das ist nur eine Interims-Lösung mit der man immerhin ein wenig Nutzen aus solchen Maschinen ziehen kann, während sich grundsätzlich an dem Problem nichts ändert: Wir haben Software, die für schnellere CPUs optimiert ist, aber wir brauchen Software, die für breitere CPUs optimiert ist.\nDoch in der aktuellen Programmierinfrastruktur fehlt es uns an allem. Programmierer sind zurzeit nicht gewohnt, Arbeit auf viele Kontrollflüsse aufzuteilen, und wenn sie es tun, tun sie es oftmals auf die falsche Weise. Wir haben kaum Werkzeuge, die solche Aufteilung erleichtern, und es fehlt an Methoden des Debuggings für solche Systeme. Probleme in solchen Systemen entstehen oft durch Wartezeiten und sich zuziehende Locks, aber wir haben nur unzureichende Methoden, solche Probleme zu messen, zu visualisieren und zu analysieren. Und zu guter Letzt ist die aktuelle Generation von Entwicklern nicht gut ausgebildet, um in solchen Umfeldern effektiv tätig zu werden.\nWenn man sich eine typische Webanwendung heute ansieht, dann stellt man fest, daß sie kaum in der Lage ist mehr als eine CPU zur Zeit beschäftigt zu halten. In einem System mit zwei Ebenen hat man Web-Frontends, die Anfragen entgegennehmen und Code im Webserver oder als Coprozess zum Webserver ausführen. Der Browser des Anwenders ist in dieser Zeit meistens Idle, der Kontrollfluss ist also über das Netz zum Server übergegangen und der Browser wartet.\nDie Webanwendung wird zur Generierung der Webseite nun meistens einen externen Cache wie einen memcached oder einen externen Datenbankserver befragen. Auch hier erfolgt die Anfrage in der Regel synchron und 1:1, sodaß die Webanwendung wartet während die CPU des memcached oder des Datenbankservers tätig wird. Wieder ist nur eine CPU zur Zeit mit der Bearbeitung der Anfrage beschäftigt, während der Browser und die Webanwendung warten.\nNatürlich hilft Multitasking hier ein wenig: Während der Browser wartet kann der Desktop des Anwenders andere Anwendungen abarbeiten und während das Webfrontend auf die Antwort der Datenbank wartet können andere Requests abgearbeitet werden. Letztendlich ist es aber nicht möglich, die Abarbeitung einer einzelnen Anfrage dadurch zu beschleunigen, daß man Systeme mit mehr Cores einsetzt.\nDas Problem besteht, wie sich schon andeutet, in der zu engen Kopplung und zu engen Synchronisation der Programmschritte, die notwendig sind, um eine Aufgabe abzuarbeiten. Wir schreiben unsere Programme als lineare Abfolge von Einzelschritten, aber wir müssen lernen, unsere Algorithmen wie in der Netzplantechnik zu notieren: Als Einheiten sinnvoller Größe, die als Block notiert werden und bei dem zu jedem Block die Vor- und Nachbedingungen, also die notwendigen Synchronisationen mit anderen Schritten notiert werden.\nDiese Blöcke könnten dann von einem Scheduler unter Berücksichtigung der vorhandenen Hardware und unter Berücksichtigung der externen Parallelität durch konkurrente Anfragen breiter oder schmaler scheduled werden: Auf einem System mit 2 Cores ist es nicht sehr sinnvoll, mehr als z.B. 4 Blöcke parallel abzuarbeiten, auf einem System mit 256 Cores kann man aber unter Umständen eine Parallelität von z.B. 512 schedulen (Meiner Erfahrung nach ist es sinnvoll, die Anzahl der vorhandenen Cores um ca. den Faktor 2 zu überbuchen, damit auch bei I/O-Wait noch genug CPU-Verbrauch auftritt).\nAuf einem System, auf dem man alleine ist, kann der Scheduler eine einzelne Anfrage auf die volle Breite der Hardware breit ziehen (also 4 oder 512 aus den Beispielen oben). Auf einem System, auf dem jedoch n konkurrente Requests unterschiedlicher Anwender eingehen sollte man jedem Anwender 1/n-tel der vorhandenen Kapazität zuteilen und die einzelnen Requests nicht auf das ganze System breit ziehen.\nUnd schließlich ergibt sich aus den Abhängigkeiten des Netzplanes und Ausführungszeiten im System eine maximale Breite, die sich daraus ergibt, wie sich die Abhängigkeiten der Blöcke untereinander verzahnen, und die einschränkt wie viele Cores denn das System für diesen Code beschäftigt halten kann. Es ist Aufgabe des Entwicklers, die Problemlösung so zu formulieren, daß die Abhängigkeiten hier eine maximale Parallelisierung erlauben.\nAn keiner Stelle hier setze ich eine bestimmte Ausfürungsstruktur voraus - ein solches System läßt sich mit Threads innerhalb eines Prozesses aufsetzen oder mit Prozessen, die über einen IPC-Mechanismus miteinander kommunizieren. Der Unterschied ist im Grunde, daß die Kommunikation von Threads innerhalb eines Prozesses wahrscheinlich weniger Latenz hat als die Kommunikation von Prozessen über IPC oder gar von Prozessen über ein Netzwerk. Auf der anderen Seite ist ein Multithread-System auf eine einzige Schachtel eingeschränkt, während ein System von Prozessen mit Netzwerk-Kommunikation nicht mit auf einer Schachtel mit 256 Threads laufen könnte, sondern auch auf 32 Schachteln mit je 8 Threads und einem schnellen Netz dazwischen.\nTechnisch möglich sein sollte beides. Es ist also wünschenswert, daß wir unseren Code so notieren können, daß man dort die konkrete Implementierung von Ausführung und Kommunikation der einzelnen Kontrollflüsse nicht auf einen bestimmten Mechanismus festlegt: Ich will einmal Code schreiben, und der sollte dann auf einer 5440 als ein Prozess mit LWPs scheduled werden können oder auf einem Netz von 16 16-Core Maschinen mit irgendeinem Low Latency Interconnect. Idealerweise ohne daß ich den Source noch mal irgendwo durch filtrieren muß um das alles zur Ausführung zu bringen.\nEin solches Toolkit sollte Werkzeuge zur Visualisierung mitbringen: Ich will meinen Code und meine Threads als eine Serie von Blasen in einem Netzplan sehen können, und die Abhängigkeiten zwischen den einzelnen Abschnitten erkennen können.\nUnd ich will das alles sinnvoll messen und simulieren können: Bei einen angenommenen externen n von 200 und der vorhandenen Codestruktur mit einer internen Parallelität von 4 im kritischen Abschnitt, werden sich meine Locks zuziehen oder kann ich das realistischerweise annehmen, daß der Mist auch unter dieser Last sinnvoll skaliert? Wenn nein, wo und warum wird es explodieren?\nDas alles gibt es derzeit so nicht. Oder wenn es das gibt, ist es nicht gut integriert und nicht sehr bekannt. Und bevor dieses Problem nicht gelöst ist und wir der aktuellen Generation von Programmierern beigebracht haben, damit routinemäßig zu arbeiten werden wir das Multicore-Problem nicht gelöst haben.\nDarum, liebe mitlesende Sun-Gemeinde, könnt Ihr Euch auch gerne super engineerte proprietäre Lösungen auf den Leib schneidern: Bevor das nicht Allgemeingut ist, also als Open Source Lösung auf dem Level \u0026ldquo;PHP\u0026rdquo; überall verfügbar ist und 15-jährige Schulkinder so was in ihrem Webhostingpaketen verwenden, so lange werdet Ihr nicht genug Software in der Welt finden, um Eure Mehrkernkisten unter Dampf zu setzen. Denn wir brauchen Breite nicht nur im Code, um mit diesen Maschinen fertig zu werden, sondern wir brauchen Breite auch in der Entwicklung. Und der Laden, der diese Breite in der Entwicklung 0wned, dem gehört die Ideenwelt der nächsten Generation Entwickler.\n","date":"2008-11-20T00:00:00Z","href":"https://blog.koehntopp.info/2008/11/20/skalierung-in-die-breite.html","tags":["computer","distributed computing","free software","lang_de"],"title":"Skalierung in die Breite"},{"categories":null,"content":"Sun hat eine Box , die hat 4 CPU-Chips drin, jeder Chip hat 8 Cores und jeder Core hat 8 Threads, die in etwa das sind, was man anderswo als Core abrechnet, minus 7/8 FPU. Das macht effektiv eine Kiste in mit 256 Cores.\nJeder Core Thread selbst ist im Vergleich zu Intel-Hardware jedoch recht langsam, er bringt etwa ein Drittel bis ein Fünftel der Leistung eines Intel-Cores, außer in Benchmarks, wo die Dinger viel schicker poliert werden. Dennoch ist das wegen der großen Anzahl der Threads eine ganze Menge Bums in einer kleinen Box ohne viel Stromverbrauch.\nSun hat nun auch eine recht populäre Open Source Datenbank von der Sun es gerne hätte, wenn die auf so einem Eisen gut aussähe. Leider tut diese Software aufgrund ihrer internen Struktur derzeit nicht so gut auf mehr als ca. 12 Cores Threads. In diesem Benchmark von Sun wird die verzweifelte derzeitige Situation recht schön deutlich: Man startet bis zu 32 Instanzen von MySQL auf derselben Kiste, nutzt also 8 Cores Threads pro mysqld - die einzelnen mysqld haben aber nichts gemeinsam und könnten genauso gut auch auf anderen Kisten laufen.\nMan kann sich leicht ausrechnen, daß das derzeit für Sun keine sehr befriedigende Situation ist. Sicherlich ist man intern gerade intensiv dabei, das zu ändern. Bis dahin jedoch ist eine 256-Core-Box für ein normales MySQL-Setup eher nicht so schick.\n","date":"2008-11-17T00:00:00Z","href":"https://blog.koehntopp.info/2008/11/17/das-mysql-sun-dilemma.html","tags":["architektur","mysql","lang_de"],"title":"Das MySQL-Sun-Dilemma"},{"categories":null,"content":"Drüben bei Securosis gibt es schon seit einiger Zeit einen feinen Artikel zum Thema \u0026ldquo;Wann soll ich Daten verschlüsseln?\u0026rdquo; Die drei Regeln dort sind die sinnvollste Zusammenfassung zu diesem Thema, die ich seit langer Zeit gesehen habe.\nTransportverschlüsselung ist nicht nur okay, sondern ein Muss. Bei Transportverschlüsselung werden Daten verschlüsselt, die bewegt werden. Es existiert aber zu jedem Zeitpunkt eine Klartextkopie der Daten. Transportverschlüsselung hat man bei SMTP mit TLS, bei HTTPS und mit Einschränkung bezüglich der Klartextkopie auch bei Backups oder bei Laptops. Um Trennung von Rollen zu erzwingen, wenn Access Control Lists das nicht erreichen können. Das heißt in der Regel, wenn man sich gegen die eigenen Administratoren schützen will, denn in allen anderen Fällen greifen ACLs ja. Wenn jemand es vorschreibt (\u0026ldquo;verordnete Verschlüsselung\u0026rdquo;), es also durch einen Vertrag oder eine Übereinkunft erzwungen wird. Warum will man sonst nicht verschlüsseln?\nWeil Verschlüsselung das Leben sonst nur härter macht, ohne einen Sicherheitsmehrwert zu bieten. Insbesondere Speicherverschlüsselung ist mehr Teil des Problems als Teil der Lösung. Speicherverschlüsselung ist jede persistente Verschlüsselung, bei der keine Klartextkopie der Daten verbleibt. Typische Speicherverschlüsselung wäre also die Plattenverschlüsselung, wie sie mit LUKS erreicht wird, oder eine Verschlüsselung auf Dateiebene, wie sie in NTFS eingebaut ist.\nBeide Systeme erlauben es immerhin schon, daß eine administrative Instanz einen Key Recovery Prozess aufsetzt, mit der diese administrative Instanz immer wieder an die Daten herankann, ohne daß eine Kooperation des Medienbesitzers notwendig ist. Was hier so kompliziert klingt bedeutet nur, daß etwa mein Arbeitgeber meine Laptop-Festplatte oder meinen Mailstore auch dann entschlüsseln kann, wenn ich das dazu notwendige Passwort nicht nennen will oder kann. Ohne einen solchen Key Recovery Prozess kann man als Firma alle verschlüsselten Daten ansonsten gleich als Totalverlust abschreiben, denn die Möglichkeit, daß ich mit dem geheimen Passwort für die Geschäftspläne für die nächsten 5 Jahre gegen einen Baum fahre oder zur Konkurrenz überlaufe besteht ja immer.\nAber auch außerhalb von Desaster Recovery Szenarien macht Speicherverschlüsselung eine Menge Ärger.\nDas typische Szenario sind etwa Urlaubsvertretungen beim Empfang von speicherverschlüsselter Email. Die Mails sind also verschlüsselt im Mailstore abgespeichert. Wenn beim Zugriff auf die Mails der Zugriff nur durch eine bestimmte Software (\u0026ldquo;Outlook\u0026rdquo;) möglich ist, ist Verschlüsselung nicht notwendig, weil das Rechtesystem der Software das regelt. Wenn der Zugriff durch mehr als eine Software möglich ist (\u0026ldquo;cd ~user/Maildir; cp * \u0026hellip;\u0026rdquo;), muss man der Urlaubsvertretung Zugriff auf einen Schlüssel geben, der ihr die Wahrnehmung der Rolle (\u0026ldquo;Zugriff auf die dienstlichen Mails\u0026rdquo;) erlaubt, aber nicht die Wahrnehmung der Identität (\u0026ldquo;Zugriff auf die privaten Mails der vertretenen Person\u0026rdquo;). Und am Ende der Vertretung muss man den dienstlichen Schlüssel sicher wieder entziehen.\nAndererseits ist die Schutzwirkung von Verschlüsselung gegen Zugriffe auf das aktive System eher schwach. Der Schutz gegen \u0026ldquo;Hacker\u0026rdquo; ist jedenfalls bei allen diesen Systemen leicht zu unterlaufen: Aus Geschwindigkeitsgründen müssen alle diese Systeme mit symmetrischer Verschlüsselung arbeiten. Dabei wird entweder ein Key pro Dateisystem (\u0026ldquo;Festplattenverschlüsselung\u0026rdquo;) oder ein Key pro Datei (\u0026ldquo;Dateiverschlüsselung\u0026rdquo;) verwendet. Der entsprechende Key muss an irgendeiner Stelle im Speicher stehen, wenn das betreffende Dateisystem gemounted bzw die entsprechende Datei geöffnet ist. Ein \u0026ldquo;Hacker\u0026rdquo;, also ein Angreifer, der Systemrechte hat, kann diesen Key leicht im Speicher suchen und dann verwenden, um die Daten zu entschlüsseln oder gleich die entschlüsselten Blöcke aus dem Cache fischen (oder einen legitimierten Prozess so verändern, daß er die gewünschten Daten ausliest und entschlüsselt).\nDie Zusammenfassung für Speicherverschlüsselung ist jedenfalls: Wenn man den Integritätsmechanismen des Systems vertrauen kann, dann reicht es aus, ACLs zu verwenden, solange man nicht gegen Admins verteidigen muss. Das ist dann auch besser managebar. Wenn man davon ausgeht, daß die Integritätsmechanismen des Systems kompromittiert sind, dann bietet Verschlüsselung keinen zusätzlichen Schutz.\nTransportverschlüsselung und Verschlüsselung von \u0026ldquo;transportierten Medien\u0026rdquo; wie Backups und Laptops sind eine andere Sache und muss viel aggressiver angegangen werden. Dabei darf man Key Recovery jedoch nicht aus dem Blick verlieren.\n","date":"2008-11-17T00:00:00Z","href":"https://blog.koehntopp.info/2008/11/17/wann-soll-ich-verschluesseln.html","tags":["kryptographie","security","lang_de"],"title":"Wann soll ich verschlüsseln?"},{"categories":null,"content":"Axel hat Ärger mit Blacklists:\nI\u0026rsquo;ve had this problem in the past, when the company I was working for was justifiably listed on an RBL. And I had it again, now - only this time I am reasonably sure that the system is a) configured tightly enough not to be usable as an open relay and b) not being used for sending out marketing or other possibly spam-alike emails.\nSolche IP-Blacklists sind in der Theorie eine gute Idee: Betreiber von Systemen, die als Quellen von Spam oder als Spamrelays dienen können, sollen dort gelistet werden. Benutzer der Blacklist können bei eingehenden Mails erkennen, ob sie von einer IP-Adresse eingeliefert wird, die in so eine Blacklist steht und die Mail dann schon vor dem Spamfilter ablehnen.\nIn der Praxis sieht es dann so aus:\nDie Kriterien, nach denen ein Eintrag in der Liste durch den Betreiber der Blacklist erfolgt, sind nicht offengelegt oder werden nicht korrekt eingehalten. In der Vergangenheit hat es Fälle gegeben, in denen Betreiber IP-Adressen gelistet haben, nicht weil von dort Spam ausgegangen ist, sondern weil auf diesen Adressen Propaganda gegen den Blacklist-Betreiber zu lesen war, oder weil der Inhaber der IP-Adresse Probes von Blacklist-Betreibern nicht zugelassen hat. Eine Benachrichtigung des Inhabers der IP-Adresse über die Eintragung erfolgt nicht. Stattdessen bemerkt man den Eintrag dadurch, daß Mail an Nutzer der Blacklist spontan nicht mehr funktioniert. Eine Kontaktaufnahme mit dem Betreiber der Blacklist ist oftmals nicht möglich oder wird sehr erschwert. Der Blacklist-Betreiber betreibt seine Liste als Bulk-Geschäft, er vermeidet aktiv Kommunikation mit den Leuten, deren Adressen er listet. Einen Schutz gegen falsche Listung oder eine Aufhebung der Listung ist teilweise Glückssache, in einigen Fällen wurde auch schon Geld dafür verlangt. Für denjenigen, der Mail empfängt, kommen noch weitere Probleme dazu. Der Empfänger glaubt sein System dadurch zu entlasten oder vor Spam zu schützen, indem er eine IP-Blacklist vorschaltet. In Wahrheit gibt er die Kontrolle darüber ab, wer ihm Mail senden darf. Und zwar an Dritte, die wie oben gezeigt, IPs nach einem nicht transparent gemachten Schema listen oder wieder freischalten.\nAndererseits hängen zum Teil geschäftskritische Prozesse an der Verfügbarkeit des Mailsystems. Der Eingang von Bestellungen, das Absenden von Bestellbestätigungen und anderen Kundenbenachrichtigungen und andere Korrespondenz gehen über dieses System.\nWer in so einer Situation eine Blacklist verwendet, riskiert im Grunde sein Geschäft. Wenn es noch dazu eine Blacklist ist, die in einem anderen Rechtssystem auf einem anderen Kontinent nach intransparenten und teilweise fragwürdigen Regeln gepflegt wird und deren Betreiber sich systematisch schwer erreichbar machen, dann liegt das irgendwo zwischen Leichtsinn und Sabotage.\nWenn mich jemand nach IP Blacklists fragt, dann sage ich in der Regel: \u0026ldquo;Wer eine IP-Blacklist außer Haus gibt, der gibt die Kontrolle über sein Mailsystem außer Haus. Im Grunde wäre er besser beraten seinen Mailer abzuschalten. Dann hat man wenigstens einen definierten Fehlerzustand.\u0026rdquo;\nDie nächste Frage ist dann meistens: \u0026ldquo;Du willst doch nicht sagen, daß z.B. web.de ohne Blacklist auskäme?\u0026rdquo;\nDie Antwort darauf ist: \u0026ldquo;Doch, web.de verwendet eine Blacklist. Diese wird aber im Haus erstellt und gepflegt. Dazu gibt es klare Richtlinien. web.de ist außerdem erreichbar, und garantiert eine Bearbeitung einer Beschwerde binnen 24 Werktags-Stunden. Und man kann etwa einen Newsletter oder eine Rundmail bei web.de anmelden, um zu verhindern, daß legitime Massenmail mit Spam gleichgesetzt wird. Voraussetzung dazu ist eine feste Absender-IP und die Nennung eines Abuse-Ansprechpartners.\u0026rdquo;\nUnd genau das macht den Unterschied zwischen einer Wildwest-Blacklist aus, wie die über die Axel sich beklagt und einem sinnvoll betriebenen Selbstschutz.\n","date":"2008-11-09T00:00:00Z","href":"https://blog.koehntopp.info/2008/11/09/spam-und-ip-blacklisten.html","tags":["mail","spam","lang_de"],"title":"Spam und IP-Blacklisten"},{"categories":null,"content":" Ich hatte es ja schon mal angesprochen:\nIP-Nummern sind wichtig für Ermittler. Dabei galten in der Anfangszeit zwei Annahmen:\nEine Internet-Adresse kann einem Benutzer zugeordnet werden, jedenfalls wenn es sich um einen DSL-Hausanschluß handelt und die ermittelte oder angezeigte Adresse hat etwas zu bedeuten. Die erste Annahme ist im Kern schon aufgeweicht. Nicht nur die NAT-Adressen von Ausgangsroutern von Firmen und Universitäten können mehr als einen Benutzer repräsentieren, sondern hinter den IP-Nummern von DSL-Anschlüssen können sich mehrere Rechner eines Haushaltes verbergen, oder gar via offene oder geknackte WLANs eine unbekannte Anzahl unbekannter Benutzer.\nAuch die zweite Annahme fällt mehr und mehr: Selbst wenn ein Rechner als Tatausgangsrechner ermittelt wird, kann es sein, daß der Betreiber dieses Rechners diese Tat nicht veranlaßt hat, etwa wenn der Rechner infiziert wurde und als Bestanteil eines Botnetzes fremdgesteuert wird.\nInzwischen ist die Situation wohl noch komplizierter. Die BBC berichtet von einem älteren schottischen Ehepaar, das angeblich ein Spiel der Firma Atari im Filesharing angeboten hat - nur daß die Beklagten nichts von Filesharing, P2P oder Computerspielen wußten.\nDas ist wohl zunehmend der Fall:\nAccording to Michael Coyle, an intellectual property solicitor with law firm Lawdit, more and more people are being wrongly identified as file-sharers.He is pursuing 70 cases of people who claim to be wrongly accused of piracy and has spoken to \u0026ldquo;hundreds\u0026rdquo; of others, he told the BBC. \u0026ldquo;Some of them are senior citizens who don\u0026rsquo;t know what a game is, let alone the software that allows them to be shared,\u0026rdquo; he said.\nWie kommt es dazu und zu der zunehmenden Anzahl von Fällen?\n\u0026ldquo;The IP address alone doesn\u0026rsquo;t tell you anything. Piracy is only established beyond doubt if the hard-drive is examined,\u0026rdquo; said Mr Coyle. Firms that facilitate file sharing, such as Pirate Bay, have been undermining efforts by anti-piracy investigators to track down file sharers. Pirate Bay makes no secret of the fact that it inserts the random IP addresses of users, some of who may not even know what file sharing is, to the list of people downloading files, leading investigators up a virtual garden path.\nDieses Szenario ist der Albtraum der privaten und öffentlichen Ermittler, weil es die Zuordnung von Aktivitäten im Netz zu Personen schwierig bis unmöglich macht.\nIm Grobkonzept 2.0 zum elektronischen Personausweis heißt es dann auch ganz klar:\nkünftiges Szenario: Die Identität des Inhabers eines Benutzerkontos wird bei der Einrichtung und bei jeder Anmeldung gegenüber dem Internetservice sicher nachgewiesen. Internetservices, die nur eine sichere Wiedererkennung des Nutzers fordern, nutzen den pseudonymen Nachweis der Identität ohne Personendaten. Durch die Vergabe von Berechtigungszertifikaten erfolgt der Zugriff auf ePA-Daten zweckbezogen und datensparsam. Zusätzlich kann der Ausweisinhaber das Auslesen erfragter Personendaten verweigern. Der Personalausweis mit PIN eröffnet die Möglichkeit, ein sicheres „Single-Sign-On“ für Internetservices einzusetzen. Auf Basis lokaler Identitätsverwaltungsprogramme oder durch eID-Provider kann der Zugang zu Internetservices oder Netzwerkressourcen automatisiert werden. Der Daten- und Verbraucherschutz und die Sicherheit im Internet werden nachhaltig unterstützt.\nund in einem anderen Beispiel\nkünftiges Szenario: Mit dem ePA wird die Identität von Händlern bzw. privaten Käufern oder Verkäufern über das Internet nachgewiesen. Das Berechtigungszertifikat des Händlers bzw. der elektronischen Personalausweise privater Verkäufer und Käufer begründen ein größeres Vertrauensverhältnis zum Zeitpunkt der Online-Bestellung oder Gebotsabgabe. Der Verbraucherschutz im Online-Handel ist gestärkt. Der Identitätsbetrug bei Auktionen und Bestellungen wird erheblich erschwert. Bei Auktionen sind Bietermaschinen oder Angebote der Verkäufer ausgeschlossen.\nDies sind natürlich nur Einzelbeispiele - idealerweise im Sinne der Ermittler meldet sich jeder Benutzer mit seinem Personalausweis \u0026ldquo;am Internet\u0026rdquo; an. Das ordnet seine Aktivitäten im Vorratsdatenspeicherungs-Logbuch zweifelsfrei seiner Identität zu, sodaß auch im Nachhinein für jede Aktivität eine Person als Verantwortlicher ermittelt werden kann. Außerdem aktiviert es den für den Anschlußinhaber passenden Zugriffsfilter - dadurch sind allen Deutschen nach deutschem Recht illegale Inhalte nicht mehr zugänglich und für Kinder und Jugendliche wird zusätzlich der für die Altersstufe passende Filter dazugeschaltet. Dadurch ist dann endlich auch der Jugendschutz sichergestellt und unsere Kinder sind vor allem Bösen auf der Welt geschützt.\nJuhu!\n","date":"2008-11-08T00:00:00Z","href":"https://blog.koehntopp.info/2008/11/08/ip-nummern-und-elektronische-personalausweise.html","tags":["identity","politik","security","lang_de"],"title":"IP-Nummern und elektronische Personalausweise"},{"categories":null,"content":" P\u0026gt; Generalbundesanwältin fordert Vertrauen in Ermittlungsmassnahmen K\u0026gt; \u0026gt; MUHAHAHAHA Gerade die. annalist, \u0026rsquo;nuff said.\nR\u0026gt; Es ist doch ganzeinfach: Wenn sie das gar nicht wollen, warum brauchen sie dann das Gesetz? Und wenn sie das Gesetz brauchen, warum ist es so schwammig formuliert? Und nachdem ich die Statistik des BKAs gesehen habe wofür die DNA-Datenbank hauptsächlich benutzt wird, warum sollte ich da der Exekutive vertrauen?\nP\u0026gt; \u0026ldquo;Bundesbürger seien von den Maßnahmen nicht betroffen\u0026rdquo;\nR\u0026gt; Prima, dann brauchen wir das Gesetz ja auch nicht.\nHatten wir diese Töne nicht schon einmal? Siehe Vertrauensvorschuß Im Heise Forum erinnert man sich\nan Generalverdächtigte fordern mehr Vertrauen in das Grundgesetz! , an Die grausamsten Verbrechen auf deutschem Boden gingen immer vom Staat aus , an Gestern Bericht zu SEK-Einsatz bei Kunden eines Versandhändlers:3 Monate U-Haft und Monika \u0026ldquo;Antiterrorgesetze gegen Demonstranten\u0026rdquo; Harms fordert mehr Vertrauen? . Wikipedia weiß: Monika Harms .\nUpdate: Hadmut Danisch Sicht auf diese Dinge.\n","date":"2008-10-30T00:00:00Z","href":"https://blog.koehntopp.info/2008/10/30/mehr-vertrauen.html","tags":["politik","security","terror","überwachung","lang_de"],"title":"Mehr Vertrauen..."},{"categories":null,"content":" Es gibt zwei Arten von Narren. Der eine sagt: \u0026lsquo;Dies ist alt und deshalb gut.\u0026rsquo; Und der andere sagt: \u0026lsquo;Dies ist neu und deshalb besser.\u0026rsquo;\u0026quot;\n\u0026ndash; Der Schockwellenreiter\nIch sitze hier in meinem Zimmer und sehe die Rosinenbomber, Ju52 und Sportflieger im 90 Sekundentakt an meinem Fenster vorbeiziehen, der Sonne entgegen. :) Der Flughafen Tempelhof, der älteste Flughafen der Welt, liegt in seinen letzten Zügen und jeder will dort schnell noch einmal gelandet und wieder gestartet sein, um nachher sagen zu können \u0026ldquo;Ich war dabei.\u0026rdquo;\nDer Spaß kostete, wenn man ihn nicht geschlossen hätte, ca. 15 Millionen Euro pro Jahr, denn so viel Verlust macht der Laden derzeit in etwa. Geld, das Berlin nicht hat, weil es seinen Länderanteil am Banken Bailout des Bundes bezahlen muss. Ab morgen dann Ruhe, nur die Führungen durch das denkmalgeschützte Gebäude werden weiter gehen: Der letzte Linienflug ist Cirrus Air um 21:50 nach Mannheim. Bestimmt ausgebucht, ebenso wie die beiden Rundflüge um 5 vor 12 danach - während die Schliessungsgegner vor der Tür schon mal für Tegel üben.\n\u0026ldquo;Zentralflughafen\u0026rdquo; - schon lange nicht mehr. Die meisten kommen nur zum Gucken.\nDrinnen: Das Gebäude ist für das, was noch drin passiert, viel zu groß.\nAb morgen findet kein Flugbetrieb mehr statt - auch keine Sonder- und Rundflüge mehr.\nDer Flughafen wird dann weitgehend verlassen und leer sein.\nWas in Zukunft passieren wird ist unklar.\n","date":"2008-10-30T00:00:00Z","href":"https://blog.koehntopp.info/2008/10/30/tempelhof.html","tags":["berlin","reisen","lang_de"],"title":"Tempelhof"},{"categories":null,"content":"\u0026ldquo;Ich schütze Grundrechte, ich gefährde sie nicht \u0026rdquo;\n\u0026ldquo;Ich halte wenig von der Aufnahme von immer mehr Dingen ins Grundgesetz. Das weckt Erwartungen, die nicht erfüllt werden könnten.\u0026rdquo;\n\u0026ldquo;Den Rechtsstaat macht aus, dass Unschuldige wieder frei kommen.\u0026rdquo;\n\u0026ndash; Interview mit Wolfgang Schäuble\n","date":"2008-10-14T00:00:00Z","href":"https://blog.koehntopp.info/2008/10/14/schaeuble.html","tags":["politik","lang_de"],"title":"Schäuble"},{"categories":null,"content":" drsrm 2008 in Hannover geht nun zu Ende. Ich war von Freitag Mittag bis Sonntag Mittag da. Gespielt habe ich Shadowrun \u0026ldquo;über 30\u0026rdquo; nach Primetime Adventures-Regeln als Producer (\u0026ldquo;Spielleiter\u0026rdquo;), das Buffy/Angel-Rollenspiel mit einem Setting in Berlin und Universalis \u0026ldquo;Future Fantasy\u0026rdquo;. Aber der Reihe nach.\nNachdem ich PtA schon auf dem drsrm-Con 2005 faszinierend fand habe ich diesmal ein \u0026ldquo;Ü30 Shadowrun\u0026rdquo; nach PtA-Regeln angeboten.\nDas Genre habe ich gewählt, weil PtA bestimmte Schwächen beim Spielstart hat: PtA simuliert das Geschichtenerzählen nach der Art aktueller Fernsehserien. Das bedeutet, daß die Entwicklung von Figuren, ihre persönlichen Krisen und ihre Entwicklung interessant sind: Wie sind sie dahin gekommen wo sie jetzt sind, was sind die Probleme, die sie haben und wie entwickeln sie sich weiter. Typische Fernsehserien für dieses Format sind Smallville, Desperate Housewives oder Lost.\nPlot spielt in PtA nur eine untergeordnete Rolle. Es ist Fluff, Hintergrund vor dem die Charactere agieren oder Auslöser für eine Krise, aber nie die Ursache für eine solche. Spielern, insbesondere PtA-unerfahrenen Spielern, ist dies mitunter schwer zu vermitteln und so kommt es am Start einer neuen PtA-Runde oft zu recht langen Verhandlungen darüber, was man spielen wolle und was genau dort passieren soll. Erst im Laufe einer Session zeigt sich dann, daß das mehr oder weniger irrelevant ist.\nDurch die Vorgabe von \u0026ldquo;Shadowrun\u0026rdquo; und \u0026ldquo;über 30\u0026rdquo; (\u0026ldquo;für Erwachsene, Variante dreckig und gemein\u0026rdquo;) wollte ich das abkürzen: Einmal ist das Universum dem erwarteten Con-Publikum wohlbekannt und zum anderen stehen so die Genrekonventionen und Erwartungen schon fest.\nDie unausweichliche Startdiskussion stellte also zwei bis drei mögliche Szenarien ins den Raum:\nWir können eine stinknormale Runnergruppe spielen, die in irgend etwas hineingezogen wird. Personen können die üblichen Runner sein. Vielleicht ein Journalist, der sich für das Leben auf der Straße interessiert. Vielleicht auch Figuren aus einem Konzern, mit denen wir die andere Seite beleuchten können. Wir können ein Medienteam spielen, das eine Dokumentation \u0026ldquo;Echo Mirage - 25 Jahre danach\u0026rdquo; drehen möchte und bei seinen Nachforschungen von allen möglichen Seiten Behinderungen und Druck ausgesetzt ist, bis es endlich aufdecken kann, was damals wirklich geschehen ist. Wir haben uns dann für das simplere erste Szenario entschieden und für eine Spielführung, die sich nicht sehr eng an dem offiziellen Shadowrun-Universum orientiert, sondern mehr an den dramatischen Erfordernissen - eine Fernsehserie zu dem Thema würde das ja auch nicht anders handhaben.\nSchnell haben wir einige Figuren skizzieren können, die später vorkommen sollen:\nKate, eine freie Journalistin mit der Motivation \u0026ldquo;Knowledge: Father\u0026rdquo;. Ihr Vater verschwand in frühen Jahren um Runner zu werden. Kate arbeitet oft als (Edge) Medienschlampe für (Connection) Kanal 21 und hat (Connection) Verbindungen in die Unterwelt. Ihr Personal Set ist ihr gepanzerter privater Ü-Wagen. Face ist ein Fixer und Hochstapler, genau wie sein Namensvetter beim A-Team. Ebenso wie sein A-Team Vorbild ist er unverbindlich und oberflächlich - sein Issue ist \u0026ldquo;Growth\u0026rdquo;. Er ist ein (Edge) Strahlemann, der immer perfekt aussieht, und (Edge) organisiert unverhoffte Ressourcen. Seine Freundschaft mit (Connection) dem Barkeeper Bob ist legendär. Sein Personal Set ist sein Schlafzimmer mit seinem geliebten Wasserbett. Rock ist ein Troll, und ein Rigger. Er ist hart gepanzert und gut ausgerüstet und hat das Gefühl, daß er als Person nicht ernst genommen wird sondern nur als Waffe oder gelehriges Monster. Sein Issue ist \u0026ldquo;Self respect/Selbstwert\u0026rdquo;. Als die Figur definiert wurde, hatte Harald (Connection) Susan, ein fünfjähriges Mädchen, das der Troll in seinem Arm hält, noch nicht näher definiert, sondern nur dieses Bild vor Augen. Rock ist (Edge) ein Tank und (Edge) ein Rigger mit Ausrüstung. Squeek ist ein furchtsamer, aber begabter Schamane. Sein Totem ist Ratte, und so ist er in der Großstadt gerne zu Hause. Sein Issue ist die Liebe, speziell die schüchterne und unerwiderte Liebe. Er ist (Edge) zäh und hat (Connection) einen Esoterikladen in irgendeinem mittelbilligen Viertel der Stadt. Dort (Personal Set) diskutiert er gerne über Magietheorie mit einer (Connection) Stammkundin, ausgerechnet einer hermetischen Magierin. Tie ist ein (Edge) Corporate Killer, oder war es, denn sein Issue ist Reue. Er ist gut bei Kasse in seinem (Personal Set) Penthouse, in dem er mit (Connection) seiner Freundin lebt. Obwohl er aus dem Geschäft ist, unterhält er noch Verbindungen (Connection) zu seinem alten Mr. Johnson. Nachdem die Figuren unserer Serie feststanden, mußten wir uns über einen Story-Arc und den Hintergrund klar werden.\nWir haben uns für einen Plot entschieden, der ein wenig an die Universal Brotherhood erinnert: Die Geschichte beginnt damit, daß unsere Runner in einem Warenhaus der Interweb Logistics aufwachen, mit einer Schockamnesie a la Bourne Identity und dort auch prompt von einem Team der Interweb Logistic angegriffen werden. Sie begreifen schnell, daß sie keine normalen Menschen sind, und daß sie als Team zusammen zu agieren gewohnt sind. Wir haben diese Szene aus einem potentiellen Pilotfilm kurz angespielt, um die Figuren und ihre Interaktion und Motivation zu testen.\nDanach erst haben wir eine Season von neun Abenteuern geplant, die alle vor dem Piloten spielen.\nDie angegebenen Zahlen zeigen dabei die Screen Presence einer Figur in dieser Folge: Eine Screen Presence von 1 definiert, daß die Figur in dieser Folge kaum mehr als ein Statist mit einem Namen ist. Eine Screen Presence von 2 hat eine Figur, die in dieser Folge eine wichtige Nebenrolle spielt oder die den B-Plot trägt - der B-Plot kontrastiert oft die Ereignisse und Erfahrungen der Hauptfigur, die in dieser Folge eine Screen Presence von 3 hat.\nDie erste Folge ist \u0026ldquo;Face it\u0026rdquo;, eine Face (3) und Kate (2)-Folge, in der das Issue von Face recht schnell gelöst werden sollte, um ihn besser in die Gruppe (seine ersten echten Freunde) zu integrieren und um seine Verbindungen für die Gruppe nutzen zu können.\nIn \u0026ldquo;Spiderweb I\u0026rdquo;, eine Plotfolge mit Tie (2) und Kate (2), geht es um Interweb Logistics und die Figuren decken erste Zusammenhänge auf.\nRock (2), Squeek (2) und Kate (2) arbeiten weiter an diesen Entdeckungen in \u0026ldquo;Menage a trois\u0026rdquo;\nIn \u0026ldquo;Spiderweb II\u0026rdquo; enthüllt sich dann endlich, daß das Prozessor- und Netz-Logo von Interweb Logistics nicht nur das ist, sondern daß hinter Interweb Logistics ein Insect Spirit (Spider) steht, sodaß das Logo auch eine stilisierte Spinne und ein Spinnennetz sein können. Interweb Logistics arbeitet an einem Merger von Technik und Magie.\nAusgespielt haben wir dann \u0026ldquo;Rock and a hard place\u0026rdquo; in der Rock (3) und Squeek (2) zu Susanns Mutter, einer Deckerin, rasen, um diese zu retten. Diese hat nämlich einige erbeutete Bauteile von Interweb Logistics in ihr Deck eingebaut und Rock und Squeek haben Grund zu der Annahme, daß dadurch Lebensgefahr besteht. Beide kommen gerade noch rechtzeitig an, um Susann und ihre Mutter zu retten. Dem Zuschauer wird klar, daß Susann die Tochter von Rock ist und Rock von ihrer Mutter aus dem Haus geworfen wurde, als er zum Troll goblinisierte - diese Wendung der Geschichte war ursprünglich nicht geplant, ergab sich dann aber aus der Konstellation der Figuren beim Ausspielen als passend melodramatisch. Susanns Mutter wird durch Rocks Einsatz klar, daß Rock nicht gefährlich für sie und ihre Tochter und trotz seiner Veränderung ein guter Vater für seine Tochter ist. Damit löst sich dann auch Rocks Issue episodengerecht auf - sein Leben hat jetzt einen Sinn, der über seine Rolle hinausgeht.\nAuch die folgende Episode, \u0026ldquo;Shadow\u0026rdquo;, haben wir dann ausgespielt. Dies ist eine Folge für Kate (3), Squeek (2) und Tie (2). Kate und die beiden finden nämlich entscheidende Informationen über Interweb heraus, geraten aber in eine Verfolgungsjagd, bei der Kate ihren Vater wiedertrifft, aber feststellen muß, daß er irgendwie in die ganze Geschichte verstrickt ist - leider möglicherweise nicht auf der richtigen Seite. Im Finale der Folge kommt es zur Konfrontation und Auseinandersetzung, doch während Kates Vater von den Runnern gerettet und gefangen genommen wird, gelingt es den Agenten von Interweb Logistics, Kate zu entführen.\nSo kommt es nun zu \u0026ldquo;Rat on the prowl\u0026rdquo;, in der Squeek (3) mit Hilfe von Face (2) Kate finden und befreien muß. Wird es ihm gelingen, ihr seine Liebe für sie zu gestehen oder wird er sich nach Kates Befreiung wieder unauffällig im Hintergrund halten?\nIn der vorletzten Folge, \u0026ldquo;Tie ist up\u0026rdquo;, muß Tie (3) sich dann entscheiden, ob er die Gruppe an seinen Auftraggeber und an Interweb Logistics verrät oder ob er loyal zur Gruppe ist. Rock (2) hat einen Verdacht, aber er ist zu spät. Oder doch nicht?\nIn \u0026ldquo;Countdown to Zero\u0026rdquo; (Face (2) und Rock (2)) werden dann die Ereignisse geschildert, die zum Erwachen und der Amnesie der Gruppe im Piloten führen.\nAlles in allem haben sich die ursprünglich recht losen Plotbausteine durch das Anspielen und dann weiter planen von Episoden tatsächlich zu einem einigermaßen stimmigen Arc zusammengeführt, und die Issues der einzelnen Figuren haben sich tatsächlich recht mühelos in den Plot integriert.\nLediglich die Startphase von PtA ist noch immer recht mühsam, obwohl durch die oben angesprochene Vorgehensweise viele Probleme entschärft worden sind, die ich sonst mit PtA habe.\n","date":"2008-10-05T00:00:00Z","href":"https://blog.koehntopp.info/2008/10/05/drsrm-2008-primetime-adventures.html","tags":["drsrm","roleplay","lang_de"],"title":"drsrm 2008: Primetime Adventures"},{"categories":null,"content":" Splitter des Imperiums (Uploads.pdf )\ndrsrm 2008 in Hannover geht nun zu Ende. Ich war von Freitag Mittag bis Sonntag Mittag da. Gespielt habe ich Shadowrun \u0026ldquo;über 30\u0026rdquo; nach Primetime Adventures-Regeln als Producer (\u0026ldquo;Spielleiter\u0026rdquo;), das Buffy/Angel-Rollenspiel mit einem Setting in Berlin und Universalis \u0026ldquo;Future Fantasy\u0026rdquo;. Aber der Reihe nach.\nUniversalis ist kein traditionelles Rollenspiel, sondern eine Art Autorenwerkzeug, mit dem man mit mehreren Personen über einen Plot verhandeln kann. Dabei müssen die einzelnen Autoren am Tisch nicht zwingend kooperativ arbeiten - Universalis würde vermutlich auch funktionieren, wenn man kompetetiv zusammen sitzt und sich mit den Mitteln von Universalis um den Plot streitet.\nDazu verwendet Universalis eine Menge von Coins (z.B. Pokerchips) und jede Menge W10. Man beginnt damit, daß die Mitglieder der Gruppe am Tisch reihum Dogmen kaufen. Dogmen können Content der Geschichte festlegen (\u0026ldquo;Es gibt interstellare Reisen\u0026rdquo;) oder verhindern (\u0026ldquo;Keine Jedi\u0026rdquo;). Sie können auch Spielregeln definieren (\u0026ldquo;Lebende Spielfiguren haben Lebenspunkte als Attribut\u0026rdquo;) oder Metaregeln festsetzen (\u0026ldquo;Keine Albernheiten in-game. Ihr könnt gerne out-game am Tisch kaspern, aber keine Witznamen für Personen und Orte oder ähnliche in-game Jokes. Die Strafe bei Verstoß sind zwei Coins.\u0026rdquo;).\nWenn Dogmen widerspruchslos von den anderen akzeptiert werden, kosten sie einen Coin, sonst werden von den Konfliktparteien Coins gegeneinander gesetzt bis eine Seite aufgibt (\u0026ldquo;Wenn Dir das so wichtig ist, dann ist es so wie Du sagst.\u0026rdquo;). Die gesetzten Coins gehen an die Bank.\nNachdem die Liste der Dogmen komplett erscheint, werden Szenen verhandelt.\nDabei muß für jedes Objekt und jedes seiner Attribute ein Coin bezahlt werden: \u0026ldquo;Eine 25km lange Waffenplattform (1 Coin) mit Sprungkapazität (1 Coin) und dem Namen (1 Coin) \u0026lsquo;Schwert des Imperiums\u0026rsquo; materialisiert sich über dem Planeten.\u0026rdquo;\nDabei kann es zum Konflikt kommen: Es mag sein, daß andere Spieler das nicht so wollen, wie der aktuelle Erzähler die Situation schildert. In dem Fall kämpfen zwei Objekte gegeneinander: Die Eigenschaften der Objekte und jeder zusätzlich gesetzte Coin geben einen W10. Diese Würfel werden geworfen - 1-5 Augen sind ein Erfolg, 6-10 Augen ein Mißerfolg. Die Seite mit mehr Erfolgen gewinnt den Konflikt, die Summe ihrer Augen wird in Coins von der Bank bezahlt. Die unterlegene Seite erhält ihren Einsatz zurück.\nDanach geschehen die Dinge so wie die Gewinnerseite erzählt.\nIn Universalis wird für alles bezahlt: Man kann sich auch Erzählrecht (\u0026ldquo;Unterbrechungen\u0026rdquo;) kaufen, oder sonstwie Coins in die Menge werfen um Dinge zu verändern.\nDie Coins, die für Eigenschaften von Dingen oder Personen verwendet werden, gehen auf die Karteikarte des betreffenden Objekts. Das Objekt wird dadurch wertvoller und schwieriger aus der Handlung zu nehmen.\nWir sind in unsere Universalis-Runde mit der Vorgabe \u0026ldquo;Future Fantasy\u0026rdquo; hinein gegangen - dieses Genre reicht dabei von \u0026ldquo;Star Wars\u0026rdquo; bis \u0026ldquo;Riddick\u0026rdquo;. Was sonst noch passieren sollte war keinem der Anwesenden klar, Erwartungen oder Vorstellungen gab es nicht.\nNachdem wir Dogmen aufeinander getürmt hatten, entstand dabei eine Welt mit einem Wüstenplaneten a la Arrakis, auf dem Laserkristalle abgebaut werden, riesigen Sprungschiffen a la Babylon 5, digitalen Backups von Lebewesen, die auch auf Maschinen statt auf Körpern ausgeführt werden konnten und in neue Körper runtergeladen werden können. Talente, akausale Psi-ähnliche Begabungen, sind dabei an Körper, nicht an Identitäten gebunden und Unsterblichkeit gibt es für biologische Körper nicht.\nDer Konflikt, vor dem alles andere sich abspielten sollte, entstand dabei quasi von selbst:\nUnsere Dogmen bewirkten, daß alles biologische Leben sterblich ist und daß alles maschinelle Leben sich von den Menschen schnell entfremdet. Das 5000 Sterne umfassende Sternenreich, in dessen Nachfahren wir spielen wollten, ist deswegen zerfallen: Uploads, digitalisierte Menschen, entfremden sich von den lebenden Menschen nach einer gewissen Zeit, und die Upload-Kriege waren für den Untergang des Imperiums verantwortlich.\nAber in unserer Spielwelt ist es unmöglich, Körper ohne Bewußtsein herzustellen, sodaß ein Upload entweder nach 30 Jahren enden muß, bei seinem Download in einen neuen biologischen Körper das darin enthaltene Bewußtsein auslöschen muß oder zu einer unmenschlichen, nach menschlichen Maßstäben wahnsinnigen Existenz wird.\nVor diesem \u0026ldquo;epischen\u0026rdquo; Hintergrund finden dann noch kleinere, lokale Konflikte statt - zum Beispiel der Kampf um die Kristallwelt, der einzigen Quelle der für Laserwaffen notwendigen Kristalle.\nUniversalis ist ein guter Plotgenerator - wir haben damit Splitter des Imperiums (PDF) erzeugt. Ich glaube, ich kann mir Universalis als eine Formalisierung der Plot-Vorphase eines PtA gut vorstellen.\nBesonders hat mich beeindruckt, daß das ganze in dem PDF geschilderte Universum als emergente Leistung der Gruppe entstanden ist - niemand ist mit dieser Idee oder etwas, das dieser Idee auch nur entfernt nahe kommt in die Runde hinein gegangen.\nSzenario, Personen, Eigenschaften und Konflikte sind reihum durch Aufeinandertürmen von Dogmen, Challenges, Szenen und Conflicts entstanden. Und wenn man es, wie Harald es getan hat, als PDF mit ausformulierten Sätzen wie ein Sourcebook aufschreibt, dann haben wir pro Stunde etwa 4-5 Seiten Quellenbuch generiert. Das ist eine ganz gute Quote eigentlich.\n","date":"2008-10-05T00:00:00Z","href":"https://blog.koehntopp.info/2008/10/05/drsrm-2008-universalis.html","tags":["drsrm","roleplay","lang_de"],"title":"drsrm 2008: Universalis"},{"categories":null,"content":" Perl is a nice programming language, but it should not be necessary to do this in order to do OOP in Perl.\n","date":"2008-09-19T00:00:00Z","href":"https://blog.koehntopp.info/2008/09/19/oop-in-perl.html","tags":["fluffy fluff","lang_de"],"title":"OOP in Perl"},{"categories":null,"content":"Channelkind Kikka fragte nach Hilfe bei den Physikhausaufgaben. Und da ich gerade mit dem E90 alleine in Amsterdam bei einem Hamburger und einem Bier saß, dachte ich, ich erklär ihm mal den Teil meiner Schulphysik, an den ich mich ein halbes Leben und zwei Bier später noch erinnere. Das Ergebnis ist zwar nicht unbedingt eine Antwort auf seine Frage, aber vielleicht trotzdem nützlich.\nkikka\u0026gt; Moo, ich muss was über Kernspaltung und Fusion schreiben.\nIsotopp\u0026gt; Mach doch einfach. Welches Fach?\nkikka\u0026gt; Physik. Ich weiß nicht, ob ich das kann. Und ob ich mich da ausdrücken kann.\nIsotopp\u0026gt; Klar kannst Du. Geht es auch genauer? Was ist der Kontext? Was habt ihr zu dem Thema behandelt? Was ist das Ziel? Weisst Du was Alpha, Beta, Gamma Zerfall ist?\nkikka\u0026gt; Eine sehr gute Frage. Das haben wir mal nebenbei angeschnitten.\nIsotopp\u0026gt; Was Fusion und e = mc^2 miteiander zu tun haben? Wer Feynman ist?\nkikka\u0026gt; Nope, nope.\nIsotopp\u0026gt; Feynman war cool. Atombombenerfinder, Safeknacker, Trommler, Nobelpreisträger, Physiklehrer und Space Shuttle Debugger.\nkikka\u0026gt; Ne, das hatten wir nicht. Wir hatten was mit Bindungsenergie in meV von geladenen Nukleonen oder so.\nIsotopp\u0026gt; Wie lautet die Aufgabe denn genau? Ich meine, das ist ein weites Feld.\nkikka\u0026gt; Moment. Text: \u0026ldquo;Warum lässt sich durch Kernspaltung bzw Kernfusion Energie freisetzen?\u0026rdquo;\nIsotopp\u0026gt; Ah. Da kann man dann ja ein paar Stunden zu berichten. Also, wenn Du Dir mal die verschiedenen typischen Zerfälle anguckst, wie sie in Reaktoren stattfinden, U235 Zerfall etc. Dann siehst du ja, daß die Summe der Reaktionsprodukte leichter ist als die der Ausgangsmaterialien ist, und da e = mc^2, bumm. Ditto bei Fusion. Jetzt muss man nur noch die typischen Fissions- und Fusionsreaktionen aufmalen.\nkikka\u0026gt; Dazu sollen wir ein Diagramm beschreiben und mit Bezug darauf Kernspaltung und Kernfusion unterscheiden.\nIsotopp\u0026gt; Dein Diagramm enthält mit Sicherheit Spaltprodukte, so was wie U235 plus Neutron werden zu irgendwas plus Gammaquant. Das Gamma ist ein Photon, also Energie. Fission ist im Grunde simpel, du haust wahlweise einen Heliumkern (alpha), ein Elektron (beta) oder ein Photon (gamma) raus, und hast dann ein neues Element.\nkikka\u0026gt; Wir hatten die Massezahl gegen die Energie in MeV aufgetragen gehabt. Und seltsamerweise finde ich meine verdammten Aufzeichnungen nicht. Exakt das.\nMöh. Doofes E90 kann kein Cut und Paste im Putty. Sonst hätten wir hier auch abkürzen können.\nIsotopp\u0026gt; Kannst du ja ausrechnen. Masse m, Lichtgeschwindigkeit c und dann Energie in MeV umrechnen. Du kriegst J, Du willst MeV.\nkikka\u0026gt; Was hat denn die Lichtgeschwindigkeit und die Masse damit zu tun?\nIsotopp\u0026gt; e = mc^2?\nkikka\u0026gt; Damit haben wir garnichts gemacht\nIsotopp\u0026gt; Nein, aber das liegt zugrunde. Wenn du die Massezahlen vorher und nachher aufsummierst stellst du fest, das dir eine winzigkeit Masse pro Atom fehlt. Was doof ist, denn wir haben im Universum ja Masseerhaltung, und Energieerhlaltung, und Ladungs- und Spinerhaltung.\nIsotopp\u0026gt; Guck mal nach Decay Chain . U235 -\u0026gt; Thorium-231 plus ein Alphateilchen und die Summe von Th231 plus 2n plus 2p ist kleiner als die Masse von U235.\nkikka\u0026gt; Wir haben nichts mit Alpha, Betateilchen gemacht.\nIsotopp\u0026gt; Sondern? Also U235 ist jedenfalls Actinium series decay chain und dann Alphazerfall zu Th231.\nkikka\u0026gt; Wir haben auch noch nichts mit Verfall gemacht. Wir waren mit Bindungsenergie beschaeftigt und Kernenergie.\nIsotopp\u0026gt; Du sagtest was von Diagramm?\nkikka\u0026gt; Das: Ich tippe die URL ab.\nIsotopp\u0026gt; Hm, ja. Fe ist doof. Habt ihr schwache und starke Kernkraft gemacht? Die 4 Grundkräfte?\nkikka\u0026gt; Nein.\nIsotopp\u0026gt; Warum fliegt ein Alphateilchen/Heliumkern nicht auseinander? Da sind 2 Protonen drin, also zwei +-Ladungen. Die stossen sich doch ab?\nkikka\u0026gt; Dachte ich auch. Oder ist das wieder so komisch, dass die Hülle den Kern anzieht und die andere Hülle den anderen Kern?\nIsotopp\u0026gt; Nein, es gibt andere Kräfte, die Teilchen aneinander kleben lassen und die sind viel stärker als elektromagnetuische Abstossung, aber die reichen weniger weit, sie nehmen also auf Entfernung schneller ab als Elektromagnetismus. Auf kleine Distanzen kleben also Nukleonen aneinander, auf Abstand aber stoßen Protonen einander ab.\nkikka\u0026gt; Ich glaube das ist viel zu weit für Sek I.\nIsotopp\u0026gt; Der Punkt ist: die Dinger stossen einander ab, aber es gibt Kurzdistanzkleber. Der Kurzdistanzkleber sind die starke und schwache Kernkraft, in englisch strong und weak force.\nIsotopp\u0026gt; Und mit der weak force spielt man genau bei Fission. Sorry, strong force sogar, glaub ich. Strong force ist komisch, das ist eine Kraft, die um so stärker wird, je groesser der Abstand wird. Das ist genau anders als bei den anderen Kräften. Jedenfalls, wenn du weiter da rein bohren willst, jenseits von Bindungsenergien und Massezahlen, dann willst du Standardmodell, LHC, Starke Wechselwirkung, Schwache Wechselwirkung, und Decay Chain, Alphazerfall, Betazerfall (b+ und b-) und Gammazerfall als Suchbegriffe. Wikipedia ist da gar nicht übel zum Nachlesen.\nkikka\u0026gt; So, ich hab Unterlagen wieder. OK, effektiv sehe ich nur ein Diagramm, ergo kann ich nur eines beschreiben. Ein Satz verwirrt mich: (Aus einem Referat) \u0026ldquo;Die pro Kernspaltung nutzbare Energie von 190 MeV ist so klein, dass rund 33 Mrd Urandkerne gespalten werden müssen, um 1J Wärme zu erzeugen\u0026rdquo; Ist 1J viel oder wenig? :)\nIsotopp\u0026gt; Ja und? Was ist den die Definition von 1J? Und wieviel J brauchst du pro Tag zum Leben? Und sind 33 Mrd. Kerne viel? Wieviel kerne sind ein mol? Was ist die Avogadrozahl genau?\nkikka\u0026gt; Ah, uh, übersehen: 1J = 6,24210^18 eV. Und was ist die Avogadrozahl?\nIsotopp\u0026gt; Was ist ein mol, kikka ?\nkikka\u0026gt; Eine Stoffmenge.\nIsotopp\u0026gt; 1J ist die Energie die du brauchst um 1g = 1ml Wasser um 1C zu erwärmen.\nNein, das ist eine Kalorie. Eine Kalorie sind außerdem 4,1868 Joule. Die folgende Rechnung ist also um den Faktor 4.einbischen falsch. Danke, Ingo.\nkikka\u0026gt; Ah, das. Ich kann mir da immer nur das ^23 merken, den Rest nicht.\nIsotopp\u0026gt; 6.023 mal 10 hoch dreiundzwanzig von was genau?\nBa|rog\u0026gt; Teilchen\nIsotopp\u0026gt; Ba|rog: Bäh, ich will das kikka seine Arbeit selber macht.\nBa|rog\u0026gt; oh. \u0026lsquo;zeihung.\nkikka\u0026gt; Ja, gut, jetzt hat Ba|rog es verraten ;)\nIsotopp\u0026gt; kikka: ein Mol U235 sind 6.023 * 10^23 Atome. Wieviel Mrd atome sind das?\nIsotopp\u0026gt; Also 6.023 * 10^23 / 10^9 = ?\nIsotopp\u0026gt; 10^23 / 10^9 = 10^(23-9) = 10^(14)\nIsotopp\u0026gt; Also 100 Billionen Mrd, also 10 Billionen * 10 Mrd, also etwa 3 billionen * 30 Mrd, also etwa 3 Billionen Joule.\nIsotopp\u0026gt; Ein Mol U235 setzt also 3 Billionen J frei, wenn man es komplett spaltet.\nIsotopp\u0026gt; Wieviel g ist ein mol U235 schwer?\nkikka\u0026gt; Wie komme ich denn jetzt auf g?\nIsotopp\u0026gt; Lies mal Mol . Es ist U235, also: genau 235g. Ein Mol von einem reinen Stoff mit Atomgewicht x wiegt genau x Gramm und hat genau A teilchen drin, A ist die Avogadro-zahl.\nIsotopp\u0026gt; U235 -\u0026gt; 1 mol wiegt genau 235g\nIsotopp\u0026gt; U238 -\u0026gt; 1 mol sind 238g\nIsotopp\u0026gt; C12 -\u0026gt; 1 mol sind 12g\nIsotopp\u0026gt; Wenn es ein Gas wär, wüßtest du auch, es sind 22.4l.\nkikka\u0026gt; Ah, OK.\nIsotopp\u0026gt; Aber Uran ist ein festes Metall mit einer Dichte von 19.2. Was heißt Dichte 19.2?\nIsotopp\u0026gt; Wasser hat Dichte 1, ein Liter wasser = 1 Kilo.\nIsotopp\u0026gt; Ein Liter Uran = 19.2 Kilo\nIsotopp\u0026gt; Wieviel Volumen haben 235g Uran?\nIsotopp\u0026gt; 235g/19.2g/ml = 12.2 ml\nIsotopp\u0026gt; ein Schnapsglas = 20ml = 2cl\nIsotopp\u0026gt; ein halbes Schnapsglas U235 = 3 Bio Joule Bumm bei vollständiger Kernspaltung.\nIsotopp\u0026gt; ein Joule = 1ml wasser wird ein Grad heißer als vorher.\nIsotopp\u0026gt; Wenn du also ein halbes Schnapsglas U235 hast, wiegt das 235g, so viel wie ein Becher Milch. Und wenn du das spaltest, gibt es einen fiesen Blitz, weil das 100g wasser um 30 mrd grad aufheizen würde. Und am Ende hast du einen Haufen Alphateilchen und Thorium 231. Vermutlich als Dampf. :) Eher als Plasma. Das ist Dampf, der so heiß ist, daß den Atomen die Elektronen wegfliegen, weils zu warm ist.\nkikka\u0026gt; Und warum würde sowas passieren?\nIsotopp\u0026gt; Was?\nkikka\u0026gt; Warum würde es sich spalten? Was braucht man für eine Spaltung?\nIsotopp\u0026gt; Oh, da schaust du mal Kettenreaktion\nkikka\u0026gt; Kettenreaktion Da?\nIsotopp\u0026gt; Genau. Der Punkt da ist: um einen Zerfall auszulösen braucht es etwas, etwa ein Neutron mit der richtigen Energie. Und der Zerfall, der dann stattfindet setzt wieder Neutronen frei, ggf. mehr als eins. Die treffen dann stabile Atome im Umkreis, die dann zerfallen und die setzen wieder Neutronen frei, noch mehr. Manchmal passt es genau, dann koennen die freigesetzten Neutronen direkt auf die umliegenden Atome einwirken. Manchmal passt es nicht, dann sind die freigesetzten Neutronen zu schnell, um bei den umliegenden Atomen den Zerfall zu triggern. Dann fügt man noch einen weiteren Stoff dazu, im Umfeld, eine Neutronenbremse. Das nennen wir einen Moderator. Das kann Wasser sein, oder Kohlenstoff.\nkikka\u0026gt; Ansonsten könnte sich das unguenstig ausbreiten, oder wie?\nIsotopp\u0026gt; Der Moderator soll auch dazu dienen, generell Neutronen aufzusaugen, weil wir ja nicht wollen, daß sich in Sekundenbruchteilen 3 Bio J freisetzen und bumm. Sondern weil wir wollen, dass unser Reaktor mal so grad Wasser am Kochen haelt, das dafür aber fuer viele Jahrhunderte. \u0026ldquo;unguenstig ausbreiten\u0026rdquo; exakt.\nkikka\u0026gt; Okay. So, ich versuch dann mal mit meinen Wörtern den Unterschied zwischen Spaltung und Fusion beschreiben.\nIsotopp\u0026gt; Ich höre.\nkikka\u0026gt; Also, bei der Fusion kommt ja noch das Neutron dazu und bei der Spaltung wird dazu ja nur hohe Rahmenbedingen vorrausgesetzt, oder so.\nIsotopp\u0026gt; Du meinst als Auslöser?\nkikka\u0026gt; Ja.\nIsotopp\u0026gt; Ja, aber das ist nur ein technisches Detail. Schau noch mal auf deine Zeichnung mit der \u0026ldquo;Bindungsenergie\u0026rdquo;. In der Natur gibt es etwas, das heisst \u0026ldquo;Entropie\u0026rdquo;. Alle natürlichen Prozesse haben eine Richtung, alles in der Natur versucht immer den energieärmsten Zustand einzunehmen. Dinge werden von Natur aus immer unordentlicher und nie von selbst ordentlicher.\nIsotopp\u0026gt; Du hast Kernreaktionen, also Umwandlungen von Elementen in andere Elemente. Bei Fusion entsteht etwa aus Wasserstoff Helium, und bei Fission aus Uran Thorium. In beiden faellen wird \u0026ldquo;Bindungsenergie\u0026rdquo; frei, das heisst das Reaktionsprodukt hat weniger Masse als die Summe der Ausgangsstoffe. Die fehlende Masse, das ist Energie, viel Energie.\nIsotopp\u0026gt; In Deiner Zeichnung kannst du am linken Rand von H2 auf He4 über gehen. Das He ist aber etwas leichter als 2 Stück H.\nkikka\u0026gt; Ja.\nIsotopp\u0026gt; Das ist die Fusionsenergie, die frei wird.\nkikka\u0026gt; Also 1 MeV?\nIsotopp\u0026gt; Mehr.\nkikka\u0026gt; Ah, 6 MeV\nIsotopp\u0026gt; Ja, von H2 nach He4 in der Zeichnung. Jetzt begriffen?\nkikka\u0026gt; Ja.\nIsotopp\u0026gt; Okay.\nkikka\u0026gt; Das haben wir auch schonmal gemacht.\nIsotopp\u0026gt; Die Sonne. Wie generiert sie Energie? So: Kernfusion in Gestirnen Also, in der Sonne entsteht Helium\nkikka\u0026gt; Deuteriumkerne fusionieren zu Heliumkernen?\nIsotopp\u0026gt; Ja\nkikka\u0026gt; Hmm.\nIsotopp\u0026gt; Also 2H + 3H -\u0026gt; 4He + 1N + ein Haufen MeV\nkikka\u0026gt; Sag mal, die Spaltung, gebraucht die schwerere Kerne als die Fusion. Die benutzt ja leichte.\nIsotopp\u0026gt; Ja. Schau noch mal in die Zeichnung mit der Bindungsenergie. Die Kurve hat ein Minimum. Wo liegt das?\nkikka\u0026gt; Zwischen Fe und Sr?\nIsotopp\u0026gt; Ziemlich genau bei Fe. Das ist Eisen. Ok, ich habe vorhin das Wort Entropie gebraucht und daß alles im Universum immer den energieärmsten Zustand einnehmen will. He ist energieärmer als H. Durch Fusion entsteht aus 2H + 3H -\u0026gt; 4He + 1n + MeV. Es wird also Energie frei, das Resultat ist um 17 MeV energieärmer. Leichter, denn Energie ist Masse, sagt Einstein.\nIsotopp\u0026gt; durch Fission kommen wir ebenfalls auf einen energieärmeren Zustand. Aber nur, wenn wir mit dicken Kernen anfangen. Und beim Eisen ist alles aus. Da ist deine Bindungsenergie zwischen den Nukleonen minimal. Soweit klar?\nkikka\u0026gt; Da gehts nicht mehr runter, oder wie?\nIsotopp\u0026gt; Nein. Siehst du ja am Diagramm. Du kannst von unten an Eisen ran mit Fusion, oder von oben an Eisen ran durch Fission. Ok?\nkikka\u0026gt; Ja.\nIsotopp\u0026gt; Ok, Urknall. Das Universum entsteht. Grosser Blitz, alles Plasma, Dinge kühlen ab, wir haben Wasserstoff. Wie ist das Uran entstanden? Erst mal, wie ist das Helium entstanden? Das ist leicht.\nkikka\u0026gt; Durch Fusion von dem Wasserstoff?\nIsotopp\u0026gt; Exakt. Und Sauerstoff? Bethe-Weizäcker Zyklus Auch durch Fusion, aber eine komplizierte. Diese Fusion wurde 1938 oder so zuerst beschrieben und zwar von Bethe und C.F. Weizäcker. Das ist der Bruder von Richard Weizäcker, und ein Kieler.\nIsotopp\u0026gt; Kiel hat jede Menge tolle Atomphysiker. Der Max Planck zum Beispiel kommt auch aus Kiel. Planck ist ein Supergott der Physik. Planck fragte sich: Wenn so ein Elektrom um einen Atomkern kreist, wieso wird es dann nicht langsamer und fällt in den Kern?\nkikka\u0026gt; Weil es abgestoßen wird, oder so?\nIsotopp\u0026gt; Der Kern hat positive Ladung, das Elektron negative. Die ziehen sich an. Drum kreist das Elektrom ja. Das ist ja nicht wegen Gravitation so, dafür sind die Teile viel zu leicht.\nIsotopp\u0026gt; Es gibt keine Erklärung dafür, wenn man nicht eine Annahme macht. Und das geht so: Die Umlaufbahn von einem Elektron um den Kern wird bestimmt durch die Energie. Je mehr \u0026ldquo;Schwung\u0026rdquo; Du da rein drückst, um so weiter draußen kreist das Elektron. Wenn es Energie verliert, kreist es näher am Kern, es wird dichter angezogen.\nkikka\u0026gt; Kann man da Schwung reindrücken?\nIsotopp\u0026gt; Ja, das Elektron kann zum Beispiel ein Photon (Licht, Energie) absorbieren. Dann gewinnt es Energie. Das Photon ist weg, und das Elektron schneller, kreist weiter draussen. Oder das Elektron geht näher an den Kern, dazu muß es Energie los werden, abstrahlen. Das Elektron gibt ein Photon ab. Wenn das Photon die richtige Menge Energie hat, ist es im Bereich des sichtbaren Lichtes, dann leuchtet das Material.\nPlanck hat jetzt festgestellt: Atome brechen nicht zusammen. Das kann nicht sein. Er kann berechnen, dass ein Energie verloren gehen müßte, daß Elektronen langsamer werden müßten. Und danach wären wir alle tot, weil es keine kreisenden Elektronen mehr gibt. Das ist aber nicht der Fall - offensichtlich.\nDaher mußte Planck annehmen, daß es Energie nicht in stufenlosen Größen gibt, sondern nur in Energieeinheiten. Es gibt Energieatome.\nUnd jede Form von Photon, die du siehst, kann nur eine Energie von x * Grundeinheit sein. Die Grundeinheit von Energie nennt man ein Wirkungsquantum h. Und das ist das nach Max Planck benannte plancksche Wirkungsquantum. Das Elektron würde also gerne Energie abgeben und näher an den Kern ran, aber es kann nicht. Es muss mindestens ein h abstrahlen.\nDas war um 1900, und die Geburtsstunde einer neuen Physik, nicht stufenlos, sondern auf der Basis von Energieteilchen, Wirkungsquanten. Wir nennen das Quantenphysik.\nDummerweise paßt die Mathematik der Quantenphysik nicht zur Mathematik von Einstein, der Relativitätstheorie.\nDa wird es dann kompliziert, unter anderem, weil wir heute, mehr als 100 jahre später immer noch keine Lösung haben. Und darum, lieber kikka, haben wir letzte woche den LHC in betrieb genommen. Wegen Einstein und wegen Planck.\nkikka\u0026gt; Und der wird dann etwas Neues hervorbringen?\nIsotopp\u0026gt; Ja. Wir wissen seit Planck, dass Licht, Wärme und Radio von Teilchen erzeugt werden. Die Kraft, die wir da haben, ist die elektromagnetische Kraft, Kraft 3 von 4. Und sie wird ausgeübt von Photonen.\nAuch für die weak und die strong force haben wir Teilchen, von denen wir wissen, daß es sie gibt, und daß sie die Kraft übertragen.\nNur für die Gravitation, Kraft Nummer 4, haben wir das nicht.\nkikka\u0026gt; Ich nehme an, sowas kommt im LK Physik in der Oberstufe?\nIsotopp\u0026gt; Wo auch immer das Standardmodell besprochen wird. Standardmodell In dem Artikel heisst es: \u0026ldquo;Das SM ist eine relativistische Quantenfeldtheorie\u0026rdquo;. Das kannst du nun verstehen. Relativistisch ist die Mathematik von Einstein. Quantentheorie ist die Mathematik von Planck. Beide passen nicht zusammen. Eine relativistische Quantenfeldtheorie, wenn wir sie hätten, würde beides miteinander vereinen. Und (\u0026ldquo;feldtheorie\u0026rdquo;) erklären, wie die 4 Grundkräfte des Universums miteinander zusammenhängen. Also was Gravitation, Elektromagnetismus, Weak und Strong force miteinander zu tun haben. Es wäre eine Great Unified Theory (GUT). Die Physik der letzten 100 Jahre, seit Planck, hat nichts anderes zu tun gehabt als eine GUT zu finden. Aber uns fehlt dazu ein Teilchen.\nkikka\u0026gt; Hm, da von haben die auch in The Big Bang Theory geredet.\nIsotopp\u0026gt; Wie haben Teilchen die elektromagnetische Kraft (Licht, Wärme, Radio) übertragen, die Photonen. Wir haben Gluonen und so. Aber uns fehlt das Teilchen, das Schwerkraft erzeugt, das Graviton.\nIm Standardmodell heisst das Graviton das Higgs Boson und der LHC wurde gebaut, um das Higgs zu finden. Wenn wir es finden und wissen wieviel Energie es besitzt, dann können wir die mathematischen Werkzeuge, die wir haben, kalibrieren, also die passenden Naturkonstanten einsetzen. Und dann haetten wir eine GUT. Und die Physik haette endlich fertig. Nach 100 jahren!\nkikka\u0026gt; Und dann, würde das wieder neue Fragen aufwerfen?\nIsotopp\u0026gt; Aber ja!\nkikka\u0026gt; Hmm. Und dann währet ihr wohl sehr glücklich, oder so?\nIsotopp\u0026gt; Jeder der mal Physik gemacht hat in den letzten 100 jahren wär dann sehr sehr glücklich\nkikka\u0026gt; Hm. Dann kann dieser LHC ja gutes bringen.\nkikka\u0026gt; Was passiert, wenn es dieses Higgs-Boson aber nicht gibt, und der LHC das nicht findet?\nIsotopp\u0026gt; Dann können wir eine ganz Menge Mathe weg schmeissen.\nkikka\u0026gt; Ich mache lieber Hausaufgaben zu Ende.\nIsotopp\u0026gt; Zu deinen Hausaufgaben: Du siehst dass durch Fusion aus Wasserstoff neue Elemente entstehen. Aber nur bis Eisen rauf.\nIsotopp\u0026gt; Bindungsenergie Fusion -\u0026gt; Eisen. Danach muss man Energie aufwenden. Das passiert nicht, normalerweise, wegen Entropie. Wir haben Urknall, wir haben Wasserstoff, wir haben Fusion, also haben wir Helium Wir haben bethe-weizäcker, also kriegen wir aus Helium auch C, N und O, und dann durch noch kompliziertere Prozesse auch alles andere bis Fe rauf. Aber: Uran existiert. Wo kommt das Uran her?\nkikka\u0026gt; Sorry, ich kann momentan nicht mehr denken.\nIsotopp\u0026gt; Hatten wir auch noch nicht. Irgendwann einmal besteht der Kern eines Sterns aus Eisen. Eisen brennt nicht mehr durch Fusion. Nix im Stern erzeugt noch Energie, der Stern bricht zusammen, weil nichts mehr die Masse des Sterns auseinander drückt.\nDurch das Zusammenbrechen, das sehr sehr schnell passiert, heizt sich das Plasma im Kern noch mehr auf. Ein riesiger Blitz entsteht. Eine Supernova .\n\u0026ldquo;Beim Eisen, dem 26. Element, stoppt die Fusionskette, da Eisenatomkerne die höchste Bindungsenergie aller Atomkerne haben und weitere Fusionen Energie verbrauchen statt erzeugen würden. Bei der Explosion selbst treten allerdings Bedingungen auf, die zur Entstehung schwerer Elemente wie Gold, Blei, Thorium und Uran führen.\u0026rdquo; Alles in der Welt, das du siehst, das schwerer ist als Eisen, ist im Universum in Supernovas entstanden. Du trägst in deinem Körper die Teile von explodierten Sternen.\nkikka\u0026gt; Das ist \u0026hellip; weird.\nIsotopp\u0026gt; Sterne durchlaufen beim Brennen verschiedene phasen, und mit diesen Phasen auch verschiedene Größen und Temperaturen (die sich als Farben erkennen lassen).\nMan kann das aufmalen: Hertzsprung-Russell-Diagramm . Unsere Sonne \u0026gt; ist ein Hauptreihenstern der Spektralklasse G2. Schau auf die X-Ache des HR-Diagramms.\nkikka\u0026gt; Also in der Mitte?\nIsotopp\u0026gt; ja\nkikka\u0026gt; OK.\nIsotopp\u0026gt; Spektralklasse G Farbe gelb, Temperatur 5000-5900K mit Linien von Ca, FE und anderen Metallen\nkikka\u0026gt; Das wird sich dann aber aendern, in einigen Jahren.\nIsotopp\u0026gt; Morgan-Keenan spectral classification Das brennt schon 5 mrd Jahre, Minimum. und wird mindestens noch mal so lange so bleiben.\nkikka\u0026gt; Ach. Okay.\nIsotopp\u0026gt; Der Punkt ist: Teile der Energie einer Nova gehen in den Blitz, andere in die Gewinnung schwerer Elemente. In den Bruchteilen einer Sekunde, die den eigentlichen Novablitz ausmachen, wird durch Fusion von Eisenkernen und Energie neue, schwerere Masse erzeugt. Alles im Universum, was schwerer als Eisen ist, ist so entstanden.\nPraktischerweise wird es durch die Explosion auch gleich im Universum verteilt. So eine Nova bläst ja jede Menge Dreck raus. Ich meine, da fliegt ein ganzer Stern in die Luft.\nUnd diese Energie, die bei der Supernova durch diese unnatürliche, Energie kostende Fusion gebunden worden ist, kann später wieder freigesetzt werden, durch Fission. Der Energieerhaltungssatz ist also nicht verletzt worden, es entsteht nicht Energie aus dem Nichts.\nkikka\u0026gt; Okay. Ich denke, das war genug Physik für eine ganze Woche. :) Danke dafür.\nIsotopp\u0026gt; Und jetzt weisst du was Fusion mit Fission zu tun hat, und was Sterne mit Nukleonen zu tun haben, was die Physik so überhaupt die letzten 100 jahre gemacht hat, wer Feynman, Planck, Einstein und Weizäcker waren, wieso Kiel toll ist, und wieviel ein Mol ist, was Gramm mit Mol zu tun haben, was Gramm mit Milliliter zu tun haben über Dichte, und wie groß der Blitz ist, den ein Mol U235 macht. Du weisst was Alpha, Beta und Gamma-Zerfall ist, was die vier Grundkräfte im Universum sind, und was die Worte GUT und relativistische Quantenfeldtheorie bedeuten. Und wieso das mit dem LHC letzte Woche wichtig war.\nkikka\u0026gt; Ich denke, das ganze muss ich nochmal ins Gehirn einprägen. Auf jedenfall. Aber 100 Jahre, und nicht viel hat sich geändert. Ist das normal? Gab es das öfters?\nIsotopp\u0026gt; Nein. Das ist ein super hartes Problem. Darum ja der ganze Aufstand mit dem LHC.\nDu musst dir mal vorstellen, die schweizer Alpen, 27 km Tunnel, vier Stockwerke hoch, 100 Meter unter der Erde und das ist nur der Grosse Ring.\nDie stärksten Magnete der Welt, Elektromagnete, super hoch gepowered, so viel Strom da drin wie in einer ganzen Stadt. Damit das geht, alles runter gekühlt auf 2K (-271 Grad C), damit der Mist supraleitend wird.\nDann einen Protonenstrahl bauen und da reinschleudern, auf mehrere GeV beschleunigen, einen links rum, einen rechts rum.\nEin Protonenpaket hat dabei so viel Masse wie ein auf 27km breit gezogenes Sandkorn, aber so viel Energie wie ein Jumbojet voll TNT. Und dann nimmt man zwei so grosse Pakete und läßt die aufeinander zu rasen, so genau fokussiert, daß die einander tatsächlich treffen, und zwar genau da wo man so einen Detektor stehen hat und nicht irgendwo im Tunnel. Such mal Bilder von einem CERN ATLAS Detektor.\nkikka\u0026gt; Habe ich schon gesehen.\nKai reicht mir CMD Detector Assembly Particle Hunters rein.\nIsotopp\u0026gt; Während der Explosion entstehen Trümmer, neue Teilchen. Das dauert Femtosekunden. Und in der Zeit zeichnen die Dinger Daten auf, digital, die werden gespeichert und ausgewertet. CERN generiert Terabytes an Daten pro Sekunde, alles irrelevanter Scheiß. Und irgendwo da drin steckt das Event, das beweist, daß das Higgs existiert und wieviel GeV es hat.\nkikka\u0026gt; \u0026hellip; OK. Und die müssen es dann raussuchen?\nIsotopp\u0026gt; Ja. Und das ueberhaupt zu bauen. Die Physik, die Technik, die IT. Das geht nur heute. Mit Technik von 1997, 1987, 1907 geht das nicht. Und wie aufwendig das ist! Was meinst du, wie unglaublich wichtig Physiker das finden, um sich so was an zu tun?\nkikka\u0026gt; Krass, darum der große Aufwand.\nIsotopp\u0026gt; Ganz nebenbei entsteht natürlich noch jede Menge praktische Materialwissenschaft.\nUm 150 GeV auf Protonengröße zu fokussieren und das auszuwerten brauchst Du absolute Präzision, supraleitende Magnete, Steuertech und dann das Netz. Alleine der Storage. Die haben fuer CERN neue verteilte Filesysteme entwickelt, neue Steuerungs- und Filtertechnik, besseres Internet. HTTP und HTML sind 1994 am CERN erfunden worden von Tim Berners-Lee, damit Physiker auf Forschungsergebnisse zugreifen konnten.\nDas schafft also auch reale Werte. Aber eigentlich ist CERN und jeder andere Teilchenbeschleuniger nur gebaut worden, weil wir eine relativistische Quantenfeldtheorie, eine Grand Unified Theory, haben wollen. Weil wir nicht wissen, wieviel GeV das Higgs hat.\nkikka\u0026gt; Okay. :) Giga-Elektronenvolt, nehme ich an.\nIsotopp\u0026gt; Das war in etwa das, was man als Laie und ohne Mathe vom Universum im Grossen und im Kleinen wissen kann.\nkikka\u0026gt; wie fein :)\nIsotopp\u0026gt; Und wenn man nicht noch mal einen Wikipedia-Dive machen will.\nkikka\u0026gt; Ja. :) .oO(Man, bin ich froh letztes Jahr gewechselt zu haben, jetzt ist das sehr viel härter.)\nIsotopp\u0026gt; Mit Mathe wirds dann Unistoff.\nkikka\u0026gt; brrr.\nIsotopp\u0026gt; Du siehst, wieso ich meine, man hat da leicht Stoff für ein Referat von ein paar Stunden, auch ohne Vorbereitung. Die Frage, die Dein Physiklehrer da gestellt hat, ist nämlich am Ende die Frage nach dem Leben, dem Universum und dem ganzen Rest.\nkikka\u0026gt; Ich denke nicht, dass er das beabsichtigt hat. Naja, nochmal danke. Und gute Nacht!\nIsotopp\u0026gt; Jetzt muss jemand dieses IRC Protokoll nur noch aufbereiten und bloggern.\n","date":"2008-09-18T00:00:00Z","href":"https://blog.koehntopp.info/2008/09/18/kernphysik-mit-kikka.html","tags":["erklaerbaer","physik","schulung","lang_de"],"title":"Kernphysik mit Kikka"},{"categories":null,"content":" Scenes from the Amsterdam Office: Dennis, the maintainer of the local BOFH mailing list, performing helpdesk duty.\nSupport Tool\n","date":"2008-09-18T00:00:00Z","href":"https://blog.koehntopp.info/2008/09/18/the-clue-bat.html","tags":["devops","amsterdam","berlin","lang_de"],"title":"The Clue Bat"},{"categories":null,"content":" Ich ziehe um. Das hoffentlich letzte Mal in meinem Leben. Dazu brauche ich jedoch fleißige Helfer. Am Sonntag, dem 21. September 2008, werden wir ab 8 Uhr morgens in der Immanuelkirchstraße 18 (S-Bahn Alex oder Greifswalder Straße, dann Tram M4 bis Hufelandstraße) frühstücken und packen. Gegen Mittag wollen wir den Kram auf einen Laster laden und in die Wenckebachstraße 2 (U6, Kaiserin Augusta Straße) fahren. Dort soll das Zeug dann hochgetragen werden und dann gibt es lecker Chili und ein bis zehn Bier.\nIch bin auf der bekannten Handynummer zu erreichen. Wer mag helfen?\n","date":"2008-09-17T00:00:00Z","href":"https://blog.koehntopp.info/2008/09/17/umzug-mal-wieder.html","tags":["berlin","umzug","lang_de"],"title":"Umzug, mal wieder"},{"categories":null,"content":"Gestohlene Datensätze von PwC missbraucht titelt Heise. Das Problem dahinter ist sehr weit verbreitet und in Firmen schwer zu bekämpfen:\nDie große Zahl der Daten kam offenbar zustande, weil PwC die Bewerberdaten aus vergangenen Jahren auch bei längst abgeschlossenen Verfahren aufbewahrt hatte.\nIch weiß aus eigener Erfahrung, daß es unsagbar schwer ist in Firmen Prozesse zur Datenlöschung aufzusetzen. Dabei spielt es nur eine untergeordnete Rolle, ob eine solche Löschung gesetzlich gefordert ist, beschlossen wurde oder sinnvoll ist.\nDerjenige Mitarbeiter, der am Ende die Sache ausführen soll neigt sehr oft dazu, die Daten nicht zu löschen, sondern aus dem System zu nehmen und irgendwo hin zu kopieren. \u0026ldquo;Irgendwo\u0026rdquo; ist dabei auch oft ein Ort, der schlechter verschlüsselt und geschützt ist als der vorhergehende Speicherort - ein Band, ein Stick oder eine Diskette, die danach in der Schublade des betreffenden Mitarbeiters liegt. Kann ja sein, daß die Daten doch noch mal gebraucht werden. Typischerweise werden die Daten dann mit dem Schreibtisch zusammen irgendwann einmal mit verkauft. Oder vorher herausgenommen werden und dem Sohnemann aus der Firma mitgebracht: \u0026ldquo;Hier, der Stick war über.\u0026rdquo;\nAus irgendeinem Grund sind Firmen Strukturen die das Vergessen sehr schwierig machen. Es braucht schon eine ganze Menge individueller Energie in einer solchen Institution, damit eine solche Löschaktion auch tatsächlich dazu führt, daß Daten gelöscht sind.\nDie Story auf dem Heise Newsticker hat noch einen weiteren Aspekt:\nUm auf Konten bei den genannten Zahlungsdienstleister zuzugreifen, probierten die Kriminellen laut WISO einfach E-Mail-Adressen und Passwörter durch. Ein Schutzmechanismus gegen Brute-Force- und ähnliche automatisierte Angriffe etwa bei Moneybookers wurde dabei umgangen. Nach Meinung von Wiso gingen die Angreifer davon aus, dass viele Internet-Nutzer für verschiedene Dienste dieselbe Kombination aus E-Mail-Adresse und Passwort benutzen.\nDas ist ein sehr gängiges Problem. Jedes Mal, wenn zum Beispiel eine Phishing-Welle über eBay hinweg gerollt ist, war danach ein hohes Aufkommen von gestohlenen web.de und GMX-Accounts in diversen Viren festzustellen. Viren wie die Sober-Reihe hatten seinerzeit im Schnitt um die 800 bis 1200 gestohlene Username/Passwort-Kombinationen im Bauch, um die Authentisierungsmechanismen der Mail-Engines aller großen deutschen Provider zu umgehen.\nDie Mailadressen zu den Accounts findet man, indem man sich mit einem abgephischten eBay-Usernamen und Passwort bei ebay einloggt und die Mailadresse ausliest. Mit dieser Adresse und dem eBay-Passwort versucht der Bot sich dann bei dem betreffenden Freemailer einzuloggen. Oft genug gelingt das - der Bot meldet das Paar dann als validiert an seinen Herrn, der die Daten für die nächste Virenwelle missbrauchen kann. Der Geschädigte ist so nicht nur seinen ebay-Account, sondern auch seine Mail los, denn der Account ist dann natürlich verbrannt und unzugänglich.\n","date":"2008-09-09T00:00:00Z","href":"https://blog.koehntopp.info/2008/09/09/daten-loeschen-verschluesseln-diversifizieren.html","tags":["privacy","identity","security","lang_de"],"title":"Daten - löschen, verschlüsseln, diversifizieren"},{"categories":null,"content":" Auf dem letzten CCC gab es einen ziemlich schlechten Vortrag zum Thema Cyborgs . Jedenfalls fand ich die These \u0026ldquo;Wir sind alle Cyborgs, weil wir jeden Tag technische Hilfsmittel benutzen\u0026rdquo; ziemlich affig und so nicht haltbar. Schließlich geht es bei einem Cyborg um die Integration von Technik und Organik in einem symbiotischen Organismus.\nAuf der anderen Seite war hier im Haushalt am letzten Donnerstag das CPE der DSL-Leitung kaputt gegangen und unser Haushalts-Server aus dem Netz gekippt.\nIn Folge waren wir beide Haushaltsinsassen bis zum Eintreffen eines Ersatzgerätes auf UMTS reduziert und ich habe bemerkt, wie sehr sich mein Leben inzwischen um die ständige Verfügbarkeit von Bandbreite und CPU gruppiert. Nicht nur, daß das Arbeiten von zu Hause einigermaßen anstrengend ist, Mail nicht richtig geht und ich aus den diversen IM-Netzen kippe.\nAuch mein Freizeitverhalten ist betroffen: Ich meine, ich kann nicht mal fernsehen, wenn ich nicht nebenbei meinen Laptop auf dem Schoß habe und ich Wikipedia, IMDB und Google benutzen kann, um Informationen aus der Glotze um das übliche Hintergrundrauschen von Tiefeninformation zu ergänzen.\nUnd ich kann mich Leuten, mit denen ich mich unterhalte, nicht richtig mitteilen, wenn ich an die URLs nicht komme, mit denen ich sie bewerfen will, um Kontext herzustellen. Oder wenn ich den Kontakt zu den Menschen, die mir wichtig sind, nicht halten kann, weil nicht genug Netz da ist, um sie zu erreichen.\nInsofern: Manche würden es Internetsüchtig nennen, aber das ist eine Verkennung der Tatsachen. Ich bin ein Cyborg. Ohne das Netz bin ich ein beschränkteres, kleineres und weniger mächtiges Wesen, alleine und einsam gefangen in den toten, offlinen Wänden meines Heims. Vielleicht ist an einigen Aspekten von diesem Cyborg-Vortrag doch mehr dran, als der Schwall nebulösen Gelabers dort vermuten läßt. Ich muß mir den Stream noch mal runter laden und in Ruhe ansehen.\nGleich mal den Torrent anwerfen. Das Netz geht ja wieder.\n","date":"2008-08-29T00:00:00Z","href":"https://blog.koehntopp.info/2008/08/29/cyborg.html","tags":["cyborg","hack","internet","lang_de"],"title":"Cyborg"},{"categories":null,"content":" 13. August 1961 bis zum 9. November 1989 (Foto: Thomas Roessler , August 1989)\nWas so ein paar hingeworfene Kissen alles ausmachen! (Wikipedia )\n","date":"2008-08-13T00:00:00Z","href":"https://blog.koehntopp.info/2008/08/13/berliner-mauer.html","tags":["berlin","politik","lang_de"],"title":"Berliner Mauer"},{"categories":null,"content":" Image: Dwizzy on Flickr\nZwei Artikel im Folge im Blog von Bruce Schneier, und beide haben mit Karten und Sicherheit zu tun. In Hacking MiFare Transport Cards kommentiert Schneier die Gruppe der Radboud University Nijmegen, die die Sicherheitssysteme der MiFare Classic Karte von NXP überwunden hat. NXP hat versucht, gegen die Veröffentlichung der Papers zu klagen, die diese Fehler der MiFare beschreiben, hat aber den Prozess verloren. Der Richter urteilte:\nDamage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings.\nIn einem zweiten Artikel UK Electronic Passport Cloned geht es um den Pass mit Chip, der in England ausgegeben werden soll, ähnlich dem biometrischen Pass und Personalausweis in Deutschland. Die Times hat sich von einem Sicherheitsspezialisten zwei Pässe clonen und die darin enthaltenen Bilder ersetzen lassen.\nMan fragt sich natürlich, was die Hersteller solcher Geräte die ganze Zeit tun, wenn sich ihre Karten und Chips so schnell knacken lassen und so hilflos gegen Angriffe sind. Der Fehler ist aber nur zum Teil bei den Herstellern zu suchen, es handelt sich vielmehr um ein tiefer liegendes Problem, und zwar um ein Verständnisproblem bei den Leuten, die sich für solche Systeme entscheiden.\nEine Chipkarte ist ein Single Chip Computer, der Sicherheit gewährleisten soll. Dazu hat dieser Single Chip Computer eine CPU, ein wenig Speicher und ein wenig Kryptologik an Bord. All das wird in eine Plastikkarte eingebettet.\nDer Chip hat keine eigene Stromversorgung, er hat keine Peripheriegeräte wie Display oder Tastatur, sondern im günstigsten Fall 2-6 Kontakte nach draußen, im ungünstigsten Fall eine Drahtschlinge als Antenne zur Stromversorgung und zum Senden und Empfangen von Daten. Diesen Chip in seiner Plastikverpackung gibt man dann dem Angreifer in die Hand und lässt diesen mit dem Gerät einige Tage, Wochen oder Monate lang allein.\nAngriffe auf solche Chips gibt es viele. Einige Leute legen solche Chips zum Beispiel routinemäßig aus ihrer Plastik- oder Chipverpackung frei und durchleuchten sie dann mit einem Raster-Elektronenmikroskop oder anderen Untersuchungsmethoden. Aus dem Layout der Leiterbahnen kann man Fehler im Chipdesign oder Hintertüren erkennen oder Angriffsmethoden ableiten.\nMan kann sich auch auf die Stromversorgung des Chips klemmen und so auf geheime Daten rückschließen, die eigentlich nicht extrahierbar auf dem Chip gespeichert sind. Je nachdem wie die Daten auf dem Chip gespeichert sind und verarbeitet werden kann man aus dem Stromverbrauch des Chips auf Nullen oder Einsen in einem Bitmuster schließen, daß etwa einen geheimen Schlüssel darstellt, der den Chip nie verlassen sollte.\nAndere Angriffe bestehen darin, daß man den Chip auf so einer Karte mit unsauberer oder unzureichender Betriebsspannung versorgt, und zwar gerade so, daß der Chip funktioniert, aber nicht zuverlässig. Es kommt bei Rechnungen zu Bitkippern oder anderen seltsamen Ungereimtheiten, weil zur Verfügung stehende Leistung böswillig so manipuliert oder moduliert wird, daß man eigentlich unlogische Ergebnisse bekommt. Einige Chips versuchen sich gegen solche Angriffe zu schützen, etwa indem sie dieselbe Berechnung dreimal ausführen und dann die Ergebnisse vergleichen. Bei korrekter Funktion des Chips kommt natürlich immer dasselbe raus, kommt es jedoch wegen Unterversorgung des Chips zu zufälligen Bitkippern, sind die Ergebnisse nicht identisch (und der Chip schaltet sich ab).\nBei allen Chipkarten - mit oder ohne Kontakte - kommt dazu, daß sie keine vertrauenswürdige Peripherie haben, also nicht wissen, ob sie mit einem legitimen Terminal oder einem Angreifer reden, ebenso wie anders herum das Terminal nicht wissen kann, ob es mit einer legitimen Karte oder einem Angreifer redet. Karte und Terminal müssen sich also gegenseitig authentisieren und legitimieren. Bei drahtlos kommunizierenden Karten kommt noch dazu, daß Dritte die Kommunikation zwischen Karte und Lesegerät unter Umständen mithören und daraus gewonnene Information für Angriffe ausnutzen können.\nChipkarten sollen nun außerdem noch in großer Stückzahl hergestellt werden. Das bedeutet, sie sind wahrscheinlich ab Werk identisch und werden später erst personalisiert (Angreifer können möglicherweise also über unpersonalisierte Blanko-Exemplare verfügen und diese dann später so personalisieren, daß sie Duplikate existierender Karten sind). Und das bedeutet auch, die Karten müssen sehr preisgünstig hergestellt werden: Da der Anzahl-Multiplikator in die Millionen gehen kann, zählt jeder Cent-Bruchteil Ersparnis.\nKurz: Wenn man ein Angreifermodell für eine Sicherheitsanalyse konstruieren sollte, das für den Verteidiger möglichst pessimal ist, dann kommt etwas heraus, das einer kontaktlosen Chipkarte und ihrem typischen Benutzungsumfeld sehr, sehr ähnlich ist.\nFür Fahrkarten mag das vielleicht ausreichend sein, für Zugangskontrolle eher nicht. Für Ausweise? Öh. Da wäre man schon sehr dämlich von einer Industrielobby gekauft, wenn man sich als Staat für so etwas entschiede. Ich erwarte jedenfalls aufgrund der Verteidigungssituation in diesem Szenario nicht, daß irgendeiner dieser Chip für nennenswerte Zeit einem Angriff standhält. Nein, auch nicht die in meinem Pass und Perso.\nUpdate: Natürlich gibt es gegen jeden Einzelnen dieser bekannten Angriffe Gegenmaßnahmen - Metallschichten auf dem Chip, Mehrfachberechnungen zur Erkennung versorgungsbedingter Fehlfunktionen, Codegestaltung so, daß immer gleich viel Power verbraucht wird, Kryptoprotokolle zwischen Terminal und Karte. Alle diese Dinge machen jedoch die Karte stromhungriger, langsamer und vor allen Dingen teurer und stehen einer Massenproduktion damit entgegen. Viele der Fehler entwerten außerdem nicht eine Karte, sondern das System - das mit vielen Millionen Karten im missionskritischen Einsatz ein sehr empfindlicher Totalverlust ist, wenn die Sicherheit des Systems und nicht die einer Karte versagen sollte.\nDarum ja auch die etwas hysterische Reaktion von NXP.\n","date":"2008-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2008/08/11/sicherheit-von-chipkarten.html","tags":["identity","security","lang_de"],"title":"Sicherheit von Chipkarten"},{"categories":null,"content":"In Yahoo! Music going dark, taking keys with it . heißt es:\nThe bad dream of DRM continues. Yahoo e-mailed its Yahoo! Music Store customers yesterday, telling them it will be closing for good—and the company will take its DRM license key servers offline on September 30, 2008…\nOnce the Yahoo store goes down and the key servers go offline, existing tracks cannot be authorized to play on new computers. Instead, Yahoo recommends the old, lame, and lossy workaround of burning the files to CD, then reripping them onto the computer.\nSure, you\u0026rsquo;ll lose a bunch of blank CDs, sound quality, and all the metadata, but that\u0026rsquo;s a small price to pay for the privilege of being able to listen to that music you lawfully acquired.\nGood thing you didn\u0026rsquo;t download it illegally or just buy it on CD!\n","date":"2008-07-25T00:00:00Z","href":"https://blog.koehntopp.info/2008/07/25/yahoo-schaltet-yahoo-music-ab.html","tags":["media","musik","lang_de"],"title":"Yahoo! schaltet Yahoo Music ab"},{"categories":null,"content":"(Update: 2020-06-19 Russian version contributed by Vladimir Htr)\nMany years ago, late in 1999, I was involved in the creation of de.comp.lang.php, a USENET newsgroup. Since the group was new I began a personal experiment to influence the communication culture of an open USENET group .\nThat went on for four to five year, out of which I have been actively involved for two years, earning good Karma . But unfortunately http://www.php-faq.de/ is now dead (or outdated and inactive).\nOn my disk there was an old text, unpublished for many years, about the concept behind the engagement. I will just post it here, because the strategy might be salvaged and could be applied elsewhere to similarly structured environments. Other environments need different strategies, as shown in my talk about Flames . Some things shown below I would present differently today, but the core is solid. Maybe it is useful to someone?\nUplift or A Process to Create Useful USENET Newsgroups by Kristian Köhntopp\nwith apologies to David Brin\nUSENET is generally considered a medium with much noise and little useful content. The claim is that the natural state of a USENET newsgroup is the flamewar and that exceptions are rare and generally not worth bothering.\nThis article tries to establish that this observation need not be true and presents the process of \u0026ldquo;Uplift\u0026rdquo; by which a newsgroup having \u0026ldquo;Potential\u0026rdquo; can slowly be turned into a useful support forum with mostly intelligent discussions and with procedures to stabilize that state to some extent. The Uplift process has been tested over the period of one year with the german language newsgroup de.comp.lang.php (3800 articles/month in September; 22500 articles overall until now).\nNewsgroup history and some past experiences de.comp.lang.php was created 01-Jan-2000 by vote of the german USENET community.\nThe RfD and CfV processes have been initiated by me because I saw a rising number of PHP related messages in the german Linux newsgroups. Also, I was subscribed to the german PHP mailing list (http://www.php-center.de/php-de/ ) and I was generally dissatisfied with the content and form of the forum. High volume mailing lists are generally crude to manage and read and mail2news gateways are only a substitute for the real thing.\nOn the other hand, the german Linux newsgroups were in a state of disarray and displayed all the worst characteristics attributed to newsgroups in general:\nNewbies were coming into the group and asked the same questions over and over, sometimes multiple times a day. Regulars were fleeing the group, showing strong signs of burnout. Flamewars were the rule, sometimes encouraged by regulars with burnout symptoms which had not fled the group, yet. Because there was no group culture (except the default culture of flaming) and because the groups had no memory, discussions in the group entered a vicious cycle and did not improve nor shift topic. All action in the groups converged on flaming. The goals for de.comp.lang.php PHP is the most popular installed Apache module by far, and traffic on the german mailing list as well as the support for the RfD showed that a newsgroup on PHP would be a real success and become high-traffic within a year.\nMy goal was to prove the german Linux burnouts wrong, and demonstrate that a newsgroup can be manipulated into being a mostly useful and friendly discussion forum within four months, by giving helpful answers in a friendly and helpful style.\nAdditionally, the group should create a number of regulars interested into the group being useful within eight months. These regulars should ideally copy the friendly and helpful style, distributing load between each other and setting an example for newbies and regulars-to-be.\nFinally, the group should be self-sustaining within twelve months after inception. That is, there should be an established Uplift path for regulars showing true Potential to become FAQ maintainers and active contributors to the group culture. Ideally, after that year there would be little need for myself to meddle with the groups sociodynamics. Also, the group would then be ripe for split due to high traffic volume and the groups concept would then be proven and could be applied to other groups as well.\nA few simple building blocks Central to the establishment of a group culture is the ability to remember past discussions and their results. Without memory there is no past, and without a past there can be no communal traditions and culture. The fundamental building blocks of newsgroup Uplift are therefore the creation of \u0026ldquo;The Library \u0026rdquo; and a process to spread its knowledge widely.\nIn the context of a USENET newsgroup, The Library is a frequently asked questions document, which must be seeded initially over the period of two or three months with the most needed knowledge.\nIdeally, the FAQ is fat. That is, it does not only cover truly frequent questions, but also provides all background information needed to properly handle and understand that frequently requested information. The strategy is to get Clients reading and keep them reading, feeding them not only solutions to the immediate problems, but also feed them parts of the larger picture as well as basic USENET traditions and rules.\nThis is necessary, because a client coming into the newsgroup with a PHP related problem most of the time has other problems as well, such as a lack of basic USENET etiquette and a lack in writing or debugging skills, preventing the Client to state the problem in a correct or efficient way. One of the first steps in the Uplift process must be to give the Client speech, that is, to teach Clients essentials such as proper quoting behaviour, realname policies, writing style, HTML and vCard policies and similar stuff. Only with such knowledge the Client can integrate into the USENET society and become a useful netizen.\nOf course, a client coming into the newsgroup with an immediate problem wants to hear solutions to that particular problem and is not interested in being force-fed obscure traditions and customs. In order to overcome this learning block, the immediate problem of the Client must be solved quickly and to the point. If such a solution is being delivered in an answer posting, though, the Client usually is receptive and can be fed one or two bits of additional knowledge and culture as well. If this information is being kept in the same document as the answer to the Clients\u0026rsquo; problem as well, it will be accepted even easier by that Client. Thus, a fat FAQ is a great help in the Uplift process.\nOf course, a vast and fat FAQ is no target to point a client to. The client has an immediate problem and needs help urgently. Thus, a reference to The Library should always be specific in nature, pointing the Client to the properly phrased question, and containing the full URL of the answer. If the question and the answer do not match the specific question of the Client in full, it should be accompanied by some additional sentences of explanation, showing the Client how to modify the Library provided answer in order to be useful.\nOn the other hand, it is okay if the answer is not a perfect fit, especially if the Client has already moved somewhat along the path of Uplift. We want to create future Patrons assisting us in the Uplift of new Clients and contributing to the FAQ, and this requires these future Patrons to be able to work out solutions by themselves.\nIn de.comp.lang.php, the FAQ is kept at http://www.php-faq.de/ , and FAQ references often have the form of\n1.16. Wie verweise ich auf die FAQ?http://www.php-faq.de/q/q-newsgroup-faqreferenz.html\naccompanied by some additional lines of explanation. This form of reference to FAQ-able questions has been established very early after the creation of the newsgroup, and has been adopted by almost all contributors to the group with Patron capabilities.\nOpening the culture for self-sustenance The initial FAQ was copyrighted by me. Although that FAQ was available by CVS, and was written in an open format (LinuxDoc at that time), there was little interest of potential contributors to add to the FAQ. The initial problem was that some people tried to take the FAQ\u0026rsquo;s content and wanted to edit and republish it for their gain, and that I made it very clear that this was not acceptable by writing large COPYRIGHT notices all over the text. Potential contributors had no interest to contribute to a text that was clearly marked as the exclusive property of someone else. On the other hand I did not want to give text away for uncontrolled republication and modification.\nIt took me four months to recognize that problem and to resolve it satisfactorily. The license of the FAQ was changed at that time, and the text is now available under the Open Publication License (http://www.opencontent.org/openpub/ ), which was found to balance all interests well enough to become accepted.\nAlso, a mailing list was created to deliver FAQ commit messages and other important events and to provide a forum for discussion that is more private that the newsgroup itself. Thus, maintenance load is distributed between all interested parties, preventing early burnout.\nAfter the creation of the group, several problems arose which were not sufficiently covered by the initial charta of the group. Such problems were for example the handling of posted job offers within the group, or how to deal with rapidly recurring on-topic questions of little value to regulars such as \u0026ldquo;Which provider/editor/operating system can be recommended?\u0026rdquo;.\nIt was important for the creation of a group culture that these problems were resolved by a straw poll of the groups users themselves in order to create a \u0026ldquo;we-experience\u0026rdquo;. Also, it was important to let the users first experience the problem themselves before having them vote on it, because common suffering enhances such \u0026ldquo;we-experiences\u0026rdquo;. On the other hand, such resolutions must be found before the problem becomes so pressing that it inhibits normal operation of the group. And finally, there should not be to many such straw polls in rapid succession, in order to keep the audience interested and in order to keep meta-discussions low.\nThe straw polls were held at a rate of at most one per month, and the alternatives were formulated as neutral as necessary for them to be accepted. Still they were presented from a \u0026ldquo;Patron\u0026rdquo; point of view, by subtly highlighting the possible consequences of this or that decision where necessary. The outcome of the straw polls was documented in the first chapter of the FAQ, along with descriptions of acceptable behaviour around these topics and pointers to alternative or additional resources.\nThis works reasonably well: 2 out of 3 atavistic throwbacks are usually quickly terminated by pointing the Client to the proper FAQ article handling such topics as provider recommendations, editor comparisons or language advocacy.\nJob postings are usually not handled this way, because they are by nature hit-and-run events in which a company drops a shower of job offers in a number of newsgroups without caring about local group culture. Instead, these matters are usually resolved by a mail to their given contact address quoting the relevant FAQ article.\nThe article contains enough acid to drive to point home without being outright unfriendly. In order to save duplicate work and prevent the offender from being harassed by multiple community members, it is an emerging tradition to copy such letters to the german-faq mailing list enabling the contributing regulars to synchronize their activities. It is also great fun to share the answers, improving the \u0026ldquo;we-experience\u0026rdquo; once more.\nWe have yet to see second-time offenders.\nWhy does it work? For Patrons, The Library makes it much easier to create useful answers by referencing the FAQ than to write an intelligent flame. Once this is understood by a contributing regular, the default stress reaction shifts from flaming to writing short and constructive articles containing pointers to the relevant information. This greatly improves the morale within the newsgroup, as flaming creates more flaming.\nFor Clients, reading the provided FAQ reference is easier than to go at it again in a followup posting. Asking followup questions is more work and has a higher round-trip-time than simply reading on and learning something. As long as the FAQ anticipates the next question along the path and provides stuff that is easily understandable and properly documented, the Client will not ask again but try to achieve something alone. This enhances the Clients' ability to work independently, Uplifting it further. It also cuts down on the total number of posts to the group, lightening the load for the contributors of answers.\nAlso, FAQ solutions are tried and tested, have proper error handling and are commented, making them more valuable than on-the-fly creations, thus the Client will come to prefer FAQ quality answers over newsgroup quality answers. It will turn to the FAQ immediately next time a problem arises, becoming somewhat dependent on that information source.\nWriting FAQ pointers is a cheap way to gather Patron status for regulars, as all components are available ready-made and need only deployment and slight customization. Thus, even some recently Uplifted Client can begin to gather Patron reputation by becoming a contributor of answers to the group. This enables older Patrons to move on and perhaps become FAQ committers.\nPatrons becoming dependent on the library feel a growing desire to contribute to The Library as soon as they hit holes multiple times when writing answers. They feel that their business becomes significantly more difficult in areas not covered by the FAQ, and start committing new answers or even new chapters. Since all articles in the FAQ bear the name of the Patron who created it, adding to the FAQ is a way to gain status more permanently than by writing newsgroup articles: Unlike newsgroup answers which expire quickly, FAQ contributions tend to stay and keep the Patrons name in the light for a much longer time.\nThis effectively creates two processes:\nOne process takes answers and threads from the newsgroup and compresses them to reusable, tested and tried articles. Context-dependent information from a USENET thread, loosely distributed over multiple articles, becomes context-independent, is peer reviewed and available in the much tighter format of a FAQ article. This process improves information.\nThe second process is the process of Uplift, which educates contributors to the group in USENET etiquette as well as in matters covered by the groups' charta, by turning them from Clients asking questions into Patrons providing answers or even Senior Patrons contributing to the content of the FAQ. This process improves people.\nDealing with Atavism USENET is showered with a constant rain of newbies. Usually, big loads of newbies in a short time lead to group degeneration, spontaneous topic combustion (\u0026ldquo;flamewars\u0026rdquo;) and loss of directed discussion activity at group level. This phenomenon is called \u0026ldquo;September \u0026rdquo; because before 1993 the month of September was the time when new students at the Universities hit the network.\nThe Uplift process provides means to newsgroup regulars to deal with a larger number of newbies successfully, avoiding burnout and flamewars. Uplifting converts newbies into useful netizens faster than usual, too, and uses these fresh converts to deal with even newer newbies if applied successfully.\nEven with an Uplift process in place, a newsgroup may experience occasional atavistic throws. This is usually the case when a Patron experiences burnout, and lets himself go publicly. Often this is provoked by a particularly clueless newbie posting, or an outright flame.\nTo deal with atavism and have it not ruin the groups\u0026rsquo; climate, it is important to encourage Patrons to take their grievances to mail. This can be done by using the FAQ maintenance mailing list, or by encouraging the Patron to flame a newbie by mail and copy the flame to the FAQ maintenance mailing list for the enjoyments of the others (and to inform than that this particular case has been already taken care of). The german FAQ contains a section titled\n1.12 Warum bekomme ich Ermahnungsmails, wenn ich Autoren in der Gruppe auf Netiquetteverstöße aufmerksam mache?\n\u0026ldquo;Why do I get reminder mails, when I remind people publicly of netiquette violations?\u0026rdquo;\nand this one is listed BEFORE\n1.13 Warum bekomme ich Ermahnungsmails?\n\u0026ldquo;Why am I mailed with netiquette reminders?\u0026rdquo;\nIt is not acceptable for a Patron to display behaviour which cannot be tolerated in Clients, and besides it does not help on-topic discussion in the group if meta-discussion swamps the forum.\nThe full answer to question 1.12 is (translated from German):\n\u0026ldquo;You are completely right: Some authors in this group violate the netiquette as posted to de.newusers.infos, for example by posting without a realname, by using invalid reply addresses or by posting HTML or vCards. You need not tolerate this. In newsgroups, tone is as important as content, though. The regulars of de.comp.lang.php are proud of the friendly and helpful tone in their newsgroup. So if you want to remind another author to keep to the netiquette, please do this by mail and not in public. The very netiquette you are trying to enforce requires this - you cannot validly demand conformity with this convention, and at the same time violate it yourself without losing credibility. Please: Keep your tone friendly in your mail as well. You are easier understood this way, and it is more likely that you complete your mission this way. If you believe that your article must be posted in public, for example in order to forward discussion to another newsgroup, or because the mail address given is invalid, or because the author in question has not been cooperative in mail: Please keep your article friendly and constructive. That is: Answer the question of the offender or offer a solution to his problem as good as possible. Only after that remind him about the netiquette. If you cannot contribute to the original problem, do not post or write mail. You are not alone in this group, and you do not need to save the world alone. Somebody else who knows the proper answer will write a public reply and probably will remind the original author of proper behaviour.\u0026rdquo;\nThis take-it-to-mail policy has been in force since beginning of March 2000, and has been enforced several times since then between the regulars and by themselves. Obviously the regulars in this group like the climate and tone of their group and accept the offered conflict resolution solution as a viable mode to deal with the problem and with offenders. Flamewars seldom last for more than a day or two, if they happen at all.\nIt is important for the users of the newsgroup to learn how to deal with flames properly, taking them as failed attempts to communicate instead of insults, and coolly pointing the offender to the relevant resources to help him state his problem correctly. The answer to 1.13 translates as follows:\n\u0026ldquo;Not only in de.comp.lang.php, but in most other German newsgroups you will be reminded of proper behaviour in newsgroups, if you post without a proper realname, with an invalid return address, send unwanted advertisements, post HTML or vCards, or post offtopic on purpose. The oldtimers and regulars of USENET did not come up with their rules and traditions for nothing. USENET has been in existence for some tens of years, and the rules of communication on USENET have been proven in over this time. There is an introduction in de.newusers.infos titled \u0026lsquo;Why should I stick to the rules?\u0026rsquo; explaining why things are as they are and how they came to be. If you want results from posting to de.comp.lang.php, that is, if you expect technical help with PHP, you are well advised to watch the outer form of your text and honor our traditions.\u0026rdquo;\nThese two texts are usually sufficient to calm down the offender and the flaming Patron and to tie them into one or two mail exchanges discussion their behavior and offering counseling. Having shared the experience and providing hints to deal with frustration is helpful.\nSometimes productive behaviour emerges from such a mail exchange, making this counseling rewarding for the person sending the mail. For example the formerly flaming Patron may become motivated to work on the FAQ, or take up another project which he believes would help him to compensate his anger. The publicly visible component of the flamewar is usually silenced immediately after the mail exchange starts, with sometimes some erroneous postings by third parties coming in late.\nLessons Learned It is possible to take control of the content and the traditions of a USENET newsgroup for an extended amount of time, if the perceived change for the majority of the regulars is a change for the better.\n_The tools for affecting the change are the creation of a recorded tradition by the creation of a FAQ, making proper and improper behavioral standards explicit and addressable for reference in a discussion, and a specific procedure for teaching these standards to newcomers. This specific procedure involves taking the newcomers\u0026rsquo; problem seriously, solving it and pushing additional corrective information with that answer in a non-offensive and non-degrading way at the newcomer.\n","date":"2008-07-23T00:00:00Z","href":"https://blog.koehntopp.info/2008/07/23/inhaltliche-und-kulturelle-steuerung-von-foren.html","tags":["community","publication","usenet","lang_en"],"title":"Inhaltliche und kulturelle Steuerung von Foren"},{"categories":null,"content":"Ein paar Arbeitsnotizen für unsere etwas orientierungslosen Europapolitiker:\nEine Verfassung hat eher 30 als 3000 Seiten. Wenn 3000 Seiten gebraucht werden, ist es besser, keine Verfassung zu haben und so lange an anderen Dingen weiterzuarbeiten, bis man mit 30 Seiten hinkommt. Eine Verfassung hat keine Ausnahmen. Wenn einzelne Gebiete Ausnahmen und Sonderregelungen brauchen, dann ist es besser, keine Verfassung zu haben und so lange an anderen Dingen weiterzuarbeiten, bis man ohne solche Ausnahmen hinkommt. Eine Verfassung wird vom Volk beschlossen und getragen. Wenn absehbar ist, daß das Volk die Verfassung wegen ihrer Länge und Komplexität nicht verstehen kann und deswegen aus Prinzip ablehnen wird, ist der Verfassung kaputt und nicht das Volk. Update: Ähnlich auch in der Zeit .\n","date":"2008-06-17T00:00:00Z","href":"https://blog.koehntopp.info/2008/06/17/eine-verfassung.html","tags":["politik","lang_de"],"title":"Eine Verfassung"},{"categories":null,"content":"In Die Wikipediatisierung des Wissens gibt es einen weiteren Artikel, der versucht, das Phänomen Wikipedia und nicht auf Code basierende Open Source Strukturen zu analysieren. Der Artikel verwendet das übliche Angstvokabular, das sich auch in vergleichbaren Artikel im Spiegel oder der Süddeutschen Zeitung findet:\nDie entscheidende Frage ist: Ist die beeindruckende statistische Progression von Wikipedia auch eine kulturelle Revolution oder zumindest ihr Vorbote? Oder ist sie ein Teil der Informations-Versklavung und Wissens-Nivellierung im Zeitalter der allgemeinen Datenexplosion?\nMan beachte die Wortwahl: \u0026ldquo;Revolution\u0026rdquo;, \u0026ldquo;Versklavung\u0026rdquo;, \u0026ldquo;Nivellierung\u0026rdquo;, \u0026ldquo;Explosion\u0026rdquo;. Dem kann ich nur einen Erikativ entgegen setzen: seufz.\nKlar kann man an der Wikipedia rum kritisieren, und in ihr - wie in Artikeln in traditionellen Medien üblich - den Untergang des Abendlandes sehen. Oder wie in dem verlinkten Telepolis-Artikel aus den nationalen Unterschieden und der wechselnden Qualität metaphysische Volksseelenbefindlichkeiten zu extrahieren.\nAber das alles ist meiner Ansicht nach gar nicht der wesentliche Punkt. Wikipedia ist für Lexika wie Linux für Betriebssysteme in gewisser Weise definitiv. Nicht definitiv in dem Sinne, daß es der Weisheit letzter Schluss ist, sondern definitiv in dem Sinne, daß es für einen bestimmten Markt das untere Ende der Messlatte festlegt. Jedes kommerzielle Produkt muss sich an seiner frei verfügbaren Variante messen lassen und die positiven Eigenschaften des frei verfügbaren Produktes nicht nur erreichen, sondern auch noch so viele weitere Eigenschaften haben, daß es dem Kunden das Ausgeben von Geld wert ist.\nDas ist spannend, denn es kann dazu kommen, daß das freie Produkt den Markt komplett verschließt - es gibt keine essenziellen Probleme mehr, die von einem kommerziellen Produkt gelöst werden, aber vom frei verfügbaren Produkt nicht. Ein kommerzielles Produkt, das nur Nice-To-Have Eigenschaften liefert, aber nichts Essenzielles, hat enorme Schwierigkeiten am Markt seinen Preis zu rechtfertigen. Aber siehe das Apple-Korollar: Design und Usability sind essenzielle Eigenschaften!\nEs ist auch spannend, weil ein freies Produkt den Markt so dominieren kann, daß es nicht mehr ausreichend ist, die Eigenschaften des freien Produktes mit dem eigenen Produkt nachzubauen. Stattdessen muss plötzlich Kompatibilität hergestellt werden. Ein Beispiel hierfür ist Linux - sowohl AIX als auch Solaris haben Umgebungen, in denen sie Linux-API und Linux-Dateisystemlayout simulieren, damit Linux-Anwendungen auch in deren Umgebungen ausführbar werden.\nEin weiteres Beispiel hierfür ist das Perl, das in Solaris mitgeliefert wird, und das unbrauchbar ist, weil es mit dem Sun-Compiler gebaut worden ist, der zum GCC subtil inkompatibel ist. Aus verschiedenen Gründen gibt es eine ganze Menge Leute, die unter Solaris mit dem GCC arbeiten oder arbeiten müssen, und die daher ihr Perl erst einmal neu bauen müssen, damit sie mit dem GCC gebaute Perl-XS Erweiterungen stabil zum Laufen bekommen können.\nAllgemeiner gesagt legt das frei verfügbare Produkt eine Markteintrittsschranke fest, weil das freie Produkt definiert, was sowieso schon jeder weiß (Wikipedia) oder kann (Open-Source-Software), sodass das betreffende Wissen oder die betreffende Funktion verschenkt wird.\n","date":"2008-06-15T00:00:00Z","href":"https://blog.koehntopp.info/2008/06/15/markteintrittsschranke.html","tags":["free software","lang_de"],"title":"Markteintrittsschranke"},{"categories":null,"content":"Neuer Job, neues Werkzeug. Diesmal ein MacBook Pro 15\u0026quot;, mit 3 GB RAM und der 200 GB 7200rpm Platte und MacOS X 10.5.3. Ab Werk ist das System nahezu unbenutzbar.\nDamit das bewohnbar wird, kommen bei mir die folgenden Sachen drauf:\nFür die Shell:\nSSHKeyChain für iTerm iTerm Terminal Client Cyberduck sftp/ssh client (Fish ist ja so viel besser, aber ein Mac kann das noch nicht) Rudix , damit die Kommandozeile nicht so stinkt. Für die Arbeit:\nEin aktuelles MySQL NeoOffice , das StarOffice für den Mac Camino , ein Firefox für den Mac Für die Kommunikation:\nSkype , funktioniert ganz ausgezeichnet ohne Headset und mit der eingebauten Kamera, ich bin beeindruckt. Adium , kann alles außer Skype Colloquy IRC Client, aber ich nehme weiter mein irssi im Screen auf dem Dedi, glaube ich. Text Wrangler , der Editor der Wahl für uns Nicht-Emacs-Benutzer NetNewsWire Feed Reader, jedenfalls solange Akregator noch nicht geht Von Till:\nEine KDE 4 Beta mit kmail und dem Rest von Kontact auf Native-Qt-KDE ohne X11. Das ist leider noch ein wenig broken und schlecht integriert. Ich will mein Amarok! Zum Gucken:\nPerian , die Codec-Sammlung für Quicktime, damit es nicht mehr saugt. VLC für den Mac ist echt gut MPlayer OS X, eher nicht so stabil Handbrake , weil niemand so viele DVDs mit sich herumschleppen will, und man das Zeugs ja auch mal auf dem iPod haben will Transmission, als Bittorrent Client der Wahl Weiteres Zeugs:\nTunnelblick VPN Controller Growl Journler Nokia E90 iSync Conduit, von Nokia Jetzt fehlt noch ein sinnvoller Windowmanager, der Focus-Follow-Mouse richtig kann, und der die Fenster nach Dokumenten und nicht nach Anwendungen gruppiert. So geht das jedenfalls gar nicht. Oh, und ein Tastatur-Layout-Editor, denn die Belegung von dem Ding hier ab Werk ist mal so richtig kaputt. In Englisch und in Deutsch.\n","date":"2008-06-11T00:00:00Z","href":"https://blog.koehntopp.info/2008/06/11/neues-werkzeug.html","tags":["apple","computer","hardware","lang_de"],"title":"Neues Werkzeug"},{"categories":null,"content":"Shimon Schocken preist seinen Kurs \u0026ldquo;From NAND to Tetris in 14 steps\u0026rdquo; an:\nWenn mich Leute nach Informatik fragen, dann sage ich ja meistens: \u0026ldquo;Informatik die Wissenschaft von 0 und 1 - komplizierter wird es nicht mehr, nur mehr.\u0026rdquo;\nDie Schwierigkeit in der Informatik ist mehr die Anzahl der Abstraktionsebenen, die übereinander gestapelt werden, nicht die Kompliziertheit des Stoffes. Weil Abstraktionen immer Lecks haben, muss man in der Informatik immer ein paar dieser Ebenen gleichzeitig offen haben und \u0026ldquo;high level\u0026rdquo; und \u0026ldquo;low level\u0026rdquo; zur selben Zeit denken. Das ist es, was Leute verwirrt.\nSchocken hat aus dieser Idee einen Kurs gemacht. Und der ist frei verfügbar , ebenso wie die Software dazu. Und so kann man hier Chips designen und simulieren, eine CPU entwickeln und simulieren, eine VM entwickeln, und simulieren, Assembler und Compiler für die VM schreiben, ein OS obendrauf bauen und schließlich Spiele darauf laufen lassen.\nWer es nicht online mag: The Elements of Computing Systems ist auch als Buch zu haben. Ich bin begeistert.\n","date":"2008-06-01T00:00:00Z","href":"https://blog.koehntopp.info/2008/06/01/cs101-from-nand-to-tetris-in-14-simple-steps.html","tags":["free software","lang_de"],"title":"CS101: From NAND to Tetris in 14 simple steps"},{"categories":null,"content":"Wenn man mit Featureentwicklern spricht, dann reden sie immer gerne über tolle neue Dinge die sie gerade eingebaut haben.\nIch bin bei Featureentwicklern und Projektmanagern echt unbeliebt.\nIch rede gerne über Kosten, und über FAIL. Das habe ich mit vielen anderen Sysadmins, Bibliotheksentwicklern und Kernelcodern gemeinsam. Wenn man dort einmal mithört - zum Beispiel auf der Linux Kernel Mailingliste oder unter Stammtischgesprächen von Sysadmins - dann fällt einem bald etwas auf: Dort redet man in der Regel nicht von tollen neuen Features oder was jetzt optimiert worden ist, sondern dort redet man in der Regel von Fehlern, die aufgetreten sind oder von schlechtesten Fällen, und wie man sie triggert. Newsgroups wie de.alt.sysadmin.recovery sind voll von zynischen Geschichten über Komponentenversagen. Die wichtigsten Abschnitte in Ross Andersons Security Engineering sind die Abschnitte, in denen er das Versagen von Sicherheitssystemen beschreibt.\nAlle diese Leute - Kernelentwickler, Bibliotheksentwickler und Sysadmins - sind Leute, die normalerweise ständig mit Infrastrukturkomponenten zu tun haben. Und Infrastrukturkomponenten werden nie an ihrem besten Fall gemessen, sondern immer nur an ihrem schlechtesten Fall und an der Art und Weise, wie sie versagen.\nNiemand lobt die Stadtwerke, weil sie das Stromnetz 15% effizienter gemacht haben, aber jeder erinnert sich an den letzten Stromausfall, den letzten Kernelbug, in den er rein getreten ist oder das Szenario, bei dem er eine Bibliothek zum Explodieren gebracht hat ( blog.fefe.de )\nFeatureentwickler tun gut daran, sich diese Denkweise einmal zu eigen zu machen. Ein Freund und Arbeitskollege von mir formuliert es so: \u0026ldquo;Wenn ich Go spiele und gewinne, dann habe ich nur bestätigt, was ich schon weiß, aber nichts gelernt. Nur wenn ich verliere (und hinterher verstehe, wieso ich verloren habe), dann kann ich etwas lernen.\u0026rdquo;\nWenn man sich von vorneherein auf Worst-Case-Verhalten konzentriert und versucht, diese Fälle zu optimieren, dann kann man FAIL vermeiden und lernen ohne die Schmerzen aus erster Hand zu erfahren.\nDas Problem existiert aber auch auf einer größeren, politischen Ebene. Wir führen Infrastruktur ein - Toll Collect, die Gesundheitskarte, Wahlcomputer oder die Vorratsdatenspeicherung - und führen die gesellschaftliche Diskussion hier meistens auf der Ebene von Featureentwicklern. Mißbrauch, interner Mißbrauch, Versagen von Teilkomponenten, Versagen von Sicherheitsmechanismen, Rückbau, Schadensbegrenzung, Versicherbare Restrisiken sind bei der gesellschaftlichen Betrachung dieser Infrastrukturen keine Themen.\n","date":"2008-05-30T00:00:00Z","href":"https://blog.koehntopp.info/2008/05/30/the-importance-of-fail.html","tags":["architektur","computer","security","lang_de"],"title":"The Importance Of FAIL"},{"categories":null,"content":"Im Anschluß an Vertrauensvorschuß :\nVolkswagen Siemens Telekom Wie praktisch: Ein Gesamtscore .\nWikipedia weiß über Poltikverdrossenheit :\nPolitikverdrossenheit bezeichnet die negative Einstellung der Bürger in Bezug auf politische Aktivitäten und Strukturen, u.U. resultierend in Desinteresse und Ablehnung von Politik und politischem Handeln. Politikverdrossenheit führt zur mangelnden Partizipation am politischen Prozess. Diese Haltung kann generell die ganze politische Ordnung betreffen oder sich nur auf Ergebnisse politischer Prozesse beziehen.\nDer Grund \u0026ldquo;Offensichtliches Systemversagen\u0026rdquo; wird in der Liste der Gründe für Politikverdrossenheit noch nicht genannt.\nIn Telekom-Affäre: Aufsichtsbehörden in Erklärungsnot liest sich das so:\nIm Klartext: Die Bundesnetzagentur könnte der Deutschen Telekom die Lizenz entziehen, falls sich herausstellen sollte, dass sie sich für ihre Schnüffelaktion der staatlichen Überwachungstechnik bedient hat.\nJa, sicher. Das wird bestimmt passieren.\n","date":"2008-05-30T00:00:00Z","href":"https://blog.koehntopp.info/2008/05/30/vertrauensvorschu-ii.html","tags":["politik","lang_de"],"title":"Vertrauensvorschuß II"},{"categories":null,"content":"Vor etwas mehr als 10 Jahren, am 19. Mai 1998, schrieb ich auf php-general von einer PHP Standardbibliothek.\nPHP should ship with, and install by default, a standard library. This library should offer certain standard functionality that is often required in larger web projects.The language itself does not need to support any of the functionality that should be in the library (see below). In fact, quite a lot of PHP special functions are probable candidates for library functions that could (and perhaps should) be removed from the language core, if you are into language purity (I am not). What PHP needs in my personal opinion is a more stable, better debugged and better equipped modularization mechanism (and better namespace management).\nWenig später, Ende Juni, kam dann die Ankündigung von Sessionvariablen und Authentisierung in einem runterladbaren Paket. Im Juli gab es dann die erste Version mit PHP 3 Objekten . Um diese Zeit ging dann auch die Supportsite online. Das Projekt idlet jetzt unter anderer Führung auf SourceForge rum - es hat sich inzwischen überlebt.\nDie Mails Keeping state at the server und What was your name, again? erklären die Ideen und Konzepte dahinter.\nPHPLIB hat das Konzept der Session in PHP eingeführt und war die Default-Bibliothek dafür in PHP 3. Sascha Schumann hat den Code dann in PHP4 in den PHP-Kern selber überführt. PHPLIB hat außerdem das Konzept des Datenbankwrappers in PHP eingeführt und eine der ersten Template-Bibliotheken enthalten.\n","date":"2008-05-29T00:00:00Z","href":"https://blog.koehntopp.info/2008/05/29/10-jahre-phplib.html","tags":["damals","php","lang_de"],"title":"10 Jahre PHPLIB"},{"categories":null,"content":"Mit dem Ende dieser Woche endet nicht nur die MySQL Deutschland GmbH , sondern auch meine Tätigkeit bei MySQL. Den neuen Vertrag bei Sun habe ich, anders als zunächst geplant, nicht unterschrieben - mir ist relativ schnell klar geworden, daß ich mich in einer Firma dieser Größe nicht wohlfühlen werde.\nFür MySQL bin ich seit Ende des Jahres 2005 unterwegs gewesen - bis zu 180 Tage im Jahr. Neben einigen größeren Projekten habe ich sehr viel kleineres Consulting gemacht - \u0026ldquo;Pivot-Consulting\u0026rdquo;, bei dem es nicht darum geht ein Projekt umzusetzen, sondern den Kunden dazu zu befähigen, das Projekt selber zu schaukeln. Dabei habe ich alle Bereiche um MySQL herum abgedeckt mit Ausnahme von MySQL Cluster. Ich habe außerdem durchschnittlich 60 Arbeitsstunden pro Woche inklusive Reisezeit weggehauen und bin teilweise über Monate nur am Wochenende daheim gewesen.\nSpannend war\u0026rsquo;s und einigermaßen einträglich auch. Aber der Verkauf an Sun und der Betriebsübergang machen es notwendig, dass ich mich frage, wovon ich da Teil werde und ob ich das will. Und daß ich mich frage, was ich die nächsten Jahre tun möchte - ob ich noch immer so viel Reisen möchte oder ob ich mal wieder eine Phase mit mehr Stabilität brauche. Mein Körper hat mir in den vergangenen Monaten recht deutlich gemacht, wo seine Präferenzen liegen. Das dazu.\nDie Arbeit bei MySQL ist noch immer nicht nur der anstrengendste, sondern auch der spannendste Job, den ich je hatte. MySQL hat mit seinem Produkt einen komplett neuen Markt unter dem existierenden Datenbankmarkt etabliert und begleitet seine Kunden nun seit mehr als einer Dekade auf dem Weg. Produkt und Anwender lernen dabei nicht nur voneinander, sondern entwickeln auch neue Paradigmen für eine Umgebung in der traditionelle Datenbanktechniken nicht mehr greifen.\nFür meine Kunden bin ich dabei oft nicht nur der Consultant gewesen, der die fertige Lösung aus der Tasche zieht. Sondern mein Job war auch der eines Gesellen auf Wanderschaft, der andere Installationen und Herangehensweisen gesehen hat. So konnte ich das lokale Projekt mit anderen Ansätzen anderswo in Beziehung setzen und dem Kunden so die notwendige Sicherheit und das notwendige Vokabular vermitteln, und auf Grundlage dieser Erfahrungen auf die Ecken und Kanten hinweisen, die auf dem Weg zum Projektende wahrscheinlich noch lauern würden.\nVokabeln und Erfahrungsberichte sind tatsächlich sehr wichtig - bei vielen, was wir machen verstoßen wir gegen die Regeln traditionellen Datenbankdesigns und tun gegebenenfalls das Gegenteil davon. Eine Liste wie die eBay Best Practices ist jedenfalls ziemlich genau eine Liste von \u0026ldquo;Dinge, die mein Datenbankprofessor gehasst hätte\u0026rdquo;.\nWenn man so etwas macht und gegen etablierte Techniken und Methoden direkt verstößt, dann will man Sicherheit haben - \u0026ldquo;das hat schon einmal irgendwo geklappt\u0026rdquo; - und Worte für das, was man da tut - \u0026ldquo;für unsere Architektur gibt es Worte, es sind nur nicht die Worte, die ein traditioneller Datenbanker verwenden würde, weil es keine traditionelle Architektur ist\u0026rdquo;. Meine Aufgabe war mehr als einmal, diese Referenzen und diese Zusicherungen zu geben und das Projekt dann mehr oder weniger einfach den ursprünglichen Weg gehen zu lassen. Gerne auch das, wenn es denn hilft, die Sache zu einem Erfolg zu machen\u0026hellip;\nMySQL und Postgres sind nun \u0026ldquo;dasselbe\u0026rdquo; - Josh Berkus, Monty Widenius und Jim Starkey arbeiten alle für Sun. Aber sie sind auch die beiden Extrempunkte eines Kontinuums. Postgres ist eine gute Plattform, um eine traditionelle Datenbank-Architektur von einer Closed Source Plattform in eine Open Source-Umgebung zu befördern. Es enthält (und bewirbt) einen Haufen traditioneller Mechanismen, die eine relativ direkte, kostengünstige und risikoarme Migration auf diesem Pfad ermöglichen.\nMySQL und MySQL Consultants sind oft ein wenig anders - sie denken eher in massiv in die Breite skalierten, verteilten, asynchronen Web-Architekturen, die Anwendungen als verteilte Systeme betrachten. In solchen Systemen werden die Anwendung, die Middleware, die Bibliotheken und die Datenbanken zusammen als \u0026ldquo;die Anwendung\u0026rdquo; angesehen und als System betrachtet, in denen man alle Komponenten kontrolliert und adaptiert. Weil der ganze Stack kontrolliert und als integrales System betrachtet wird, wird Funktionalität oft in die leichter und billiger zu skalierenden Außenbereiche gedrückt, anstatt sie monolithisch-synchron im Datenbank-Kern abzuhandeln. Dies ist in vielen Fällen aufwendiger und schwerer zu kontrollieren als ein traditionelles System, erlaubt es aber zu wachsen, indem man einfach mehr Boxen hin stellt .\nIm Job führt das oft zu Konflikten, wenn man auf einen traditionellen DBA oder Architekten trifft. Dann ist es die Aufgabe des Consultants klarzumachen, daß dies eine valide Architektur ist, die sich oft bewiesen hat, ja daß es sogar die einzige Architektur ist, die sich auf globaler Skala unter allen wirklich großen Systemen durchgesetzt hat. Das, was traditionelle Architekturen tun ist gut und richtig - wenn man Time To Market minimieren möchte und ein möglichst simpel erstellbares und debugbares System haben möchte. Wenn man aber die Größenordnung verlässt, in der man dieses Problem auf einer einzelnen Maschine abhandeln kann, dann setzen physikalische Effekte ein , die es zwingend machen, diese einfache und leicht zu kontrollierbare Welt zu verlassen.\nDiesen Übergang zu lehren und Kunden durch diesen Übergang zu begleiten ohne daß die Kundensysteme dabei offline gehen mussten war oft genug meine Aufgabe und die meiner Kollegen.\nAuch Sun hat diese Lehre gut verinnerlicht - um 2001 herum war ich bei einem Sun Kunden tätig, der nicht weniger als zwölf Enterprise 10000 Maschinen in seinen Rechenzentren im Einsatz hatte. Diese Maschinen sind das Denkmal traditioneller synchroner Architekturen, 64 Prozessoren (72 bei den Nachfolgern) und 64 GB RAM (bis zu 576 GB RAM bei den Nachfolgemodellen), 24 Ebenen Multilayer auf der Backplane, Switches statt Busse zur Rechner-internen Kommunikation zwischen Karten und CPUs. Wunderwerke der Ingenieurskunst, spannende Spielzeuge für jeden Sysadmin und außerdem Lösungen auf der Suche nach einem Problem.\nBesagter Kunde hat heute keine einzige Maschine dieser Leistungsklasse mehr. Stattdessen setzt man auf eine große Anzahl von kleineren Systemen, 4- und 8-Core-Maschinen, die rackweise verbaut werden und auf denen man das Problem partitioniert und verteilt. Das erlaubt es nicht nur weniger Euro pro MIPS zu bezahlen, sondern auch Gesamtsysteme zu bauen, die nicht durch die größe verfügbare Maschinengröße beschränkt sind.\nAuch Sun hat das gelernt - Maschinen wie die 5240 sind quasi das Gegenteil einer E10k und mit einem Rack voll dieser Geräte erreicht man bei passend angepasster Software viel mehr als mit einer traditionellen monolithischen Architektur. Der Knackpunkt ist passend angepasste Software (Seite 9). Sich auf solche Maschinen und in solchen Umgebungen besser zu integrieren ist derzeit die wichtigste Priorität bei MySQL - und die der meisten MySQL Kunden. Sun weiß das, und man arbeitet daran. Wir leben in spannenden Zeiten!\nAuch ich werde in spannenden Zeiten leben, denn meine Aufgabe bei meinem neuen Arbeitgeber wird genau ein solcher Übergang sein. Diesmal aber nicht als Pivot-Projekt, sondern mitten drin! Ich freue mich schon!\n","date":"2008-05-28T00:00:00Z","href":"https://blog.koehntopp.info/2008/05/28/mysql-quit.html","tags":["mysql","lang_de"],"title":"mysql\u003e quit;"},{"categories":null,"content":"In anderen Artikeln habe ich ja schon an Hand von http://lxr.linux.no/ Strukturen im Linux-Kernel referenziert und in Erklärungen verwendet.\nAuf Tamacom gibt es zum Vergleich die Quellen von Linux 2.6, FreeBSD 7, NetBSD 4.x, OpenBSD 4.x, GNU Hurd 0.3 und OpenSolaris zum verlinken. Auch liegen dort ein UNIX V7 Kernel und ein 4.3BSD rum.\nMinnie hat eine schöne Sequenz wirklich alter Unix-Trees, der die Entwicklung der 70er Jahre und einige BSD-Trees miteinander vergleicht. Das älteste nützliche Zeugs von dort ist von 1973 .\nThe nsys files are timestamped August 31, 1973. This is consistent with other known dates. The files use structs, but in December 1972 the C compiler didn\u0026rsquo;t support structs. In September 1973, the C version of the kernel finally supplanted the assembly version, and the kernel here certainly works fine.\nMit anderen Worten, wir schauen hier der gleichzeitigen Entstehung der Sprache C und des Unix-Kernels zu. So kennt der V3 Kernel noch keine GID im stat(2) Systemaufruf, und der Compiler kann noch keine \u0026ldquo;struct\u0026rdquo; - im nsys-Kernel 6 Monate später existieren beide - und andere wichtige Erfindungen werden gemacht.\nGoldenes Zitat :\nThe number of UNIX installations is now above 20\u0026hellip;\n","date":"2008-05-27T00:00:00Z","href":"https://blog.koehntopp.info/2008/05/27/historische-kernelsourcen.html","tags":["computer","free software","linux","unix","lang_de"],"title":"Historische Kernelsourcen"},{"categories":null,"content":"Steve Ballmer schläft derzeit schlecht . Da bin ich mir ziemlich sicher. Spätestens seit ich bei Till einen EEE-PC von Asus in den Fingern hatte.\nDer EEE ist häßlich, aus Plastik und die Tastatur ist für meine Finger zu klein und das Touchpad ist hypersensitiv. Aber das Ding tut alles, was ich jemals von ihm wollen könnte. Es hat WLAN, eine Kamera, es hat Firefox, Open Office, Mplayer und Skype. Und es hat kein einziges Stück Microsoft Software drauf. Kein einziges. Nirgendwo.\nSelbst wenn: Vista würde da auch nicht drauf passen. Es ist zu fett.\nJa, Steve Ballmer schläft wirklich schlecht.\nStattdessen spielt Microsoft wieder mit den Staatsanwälten von der Monopolaufsicht fangen und macht komische Verträge :\nMicrosoft plans to offer PC makers steep discounts on Windows XP Home Edition to encourage them to use that OS instead of Linux on ultra low-cost PCs (ULPCs).\nTo be eligible, however, the PC vendors that make ULPCs must limit screen sizes to 10.2 inches and hard drives to 80G bytes, and they cannot offer touch-screen PCs.\nThe program is outlined in confidential documents that Microsoft sent to PC makers last month, and which were obtained by IDG News Service. The goal apparently is to limit the hardware capabilities of ULPCs so that they don\u0026rsquo;t eat into the market for mainstream PCs running Windows Vista, something both Microsoft and the PC vendors would want to avoid.\n","date":"2008-05-10T00:00:00Z","href":"https://blog.koehntopp.info/2008/05/10/steve-ballmer-lernt-noch-was.html","tags":["computer","microsoft","lang_de"],"title":"Steve Ballmer lernt noch was"},{"categories":null,"content":"In The Gospel of Consumption :\ndespite the apparent tidal wave of new consumer goods and what appeared to be a healthy appetite for their consumption among the well-to-do, industrialists were worried. They feared that the frugal habits maintained by most American families would be difficult to break. Perhaps even more threatening was the fact that the industrial capacity for turning out goods seemed to be increasing at a pace greater than people\u0026rsquo;s sense that they needed them.\nIt was this latter concern that led Charles Kettering, director of General Motors Research, to write a 1929 magazine article called \u0026ldquo;Keep the Consumer Dissatisfied.\u0026rdquo; He wasn\u0026rsquo;t suggesting that manufacturers produce shoddy products. Along with many of his corporate cohorts, he was defining a strategic shift for American industry from fulfilling basic human needs to create new ones.\nUnd die Statistiken dazu:\nMeanwhile, by 2000 the average married couple with children was working almost five hundred hours a year more than in 1979. [\u0026hellip;] By 1991 the amount of goods and services produced for each hour of labor was double what it had been in 1948. By 2006 that figure had risen another 30 percent. [\u0026hellip;] if as a society we made a collective decision to get by on the amount we produced and consumed seventeen years ago, we could cut back from the standard forty-hour week to 5.3 hours per day or 2.7 hours if we were willing to return to the 1948 level.\nNoch spannender sind die historischen Hintergründe dazu in dem Aritkel.\nWas tun mit der freien Zeit?\nClay Shirky schreibt dazu:\nIf I had to pick the critical technology for the 20th century, the bit of social lubricant without which the wheels would\u0026rsquo;ve come off the whole enterprise, I\u0026rsquo;d say it was the sitcom. Starting with the Second World War a whole series of things happened\u0026ndash;rising GDP per capita, rising educational attainment, rising life expectancy and, critically, a rising number of people who were working five-day work weeks. For the first time, society forced onto an enormous number of its citizens the requirement to manage something they had never had to manage before \u0026ndash; free time.\nAnd what did we do with that free time? Well, mostly we spent it watching TV.\nShirky sieht die freie Zeit als \u0026ldquo;kognitiven Überschuss\u0026rdquo;, den wir verschwendet haben, weil keine Infrastruktur da war, um ihn sinnvoll anzuwenden. Mit dem Internet, so argumentiert er, ändert sich das nun:\nSo how big is that surplus? So if you take Wikipedia as a kind of unit, all of Wikipedia, the whole project \u0026ndash; every page, every edit, every talk page, every line of code, in every language that Wikipedia exists in \u0026ndash; that represents something like the cumulation of 100 million hours of human thought. I worked this out with Martin Wattenberg at IBM; it\u0026rsquo;s a back-of-the-envelope calculation, but it\u0026rsquo;s the right order of magnitude, about 100 million hours of thought.\nAnd television watching? Two hundred billion hours, in the U.S. alone, every year. Put another way, now that we have a unit, that\u0026rsquo;s 2,000 Wikipedia projects a year spent watching television. Or put still another way, in the U.S., we spend 100 million hours every weekend, just watching the ads. People asking, \u0026ldquo;Where do they find the time?\u0026rdquo; when they\u0026rsquo;re looking at things like Wikipedia don\u0026rsquo;t understand how tiny that entire project is, as a carve-out of this asset that\u0026rsquo;s finally being dragged into what Tim calls an architecture of participation.\nUnd das ist es seltsamerweise auch, was ich antworte, wenn ich gefragt werde, wo ich denn all die Zeit hernehme, um all die Dinge zu lesen und zu schreiben, die ich so mache. Ich sehe in meinen produktiven Phasen kaum fern.\nAber die Veränderung geht noch weiter: Es wächst nun eine Generation heran, für die passive Konsumentenmedien seltsam wirken:\nI was having dinner with a group of friends about a month ago, and one of them was talking about sitting with his four-year-old daughter watching a DVD. And in the middle of the movie, apropos nothing, she jumps up off the couch and runs around behind the screen. That seems like a cute moment. Maybe she\u0026rsquo;s going back there to see if Dora is really back there or whatever. But that wasn\u0026rsquo;t what she was doing. She started rooting around in the cables. And her dad said, \u0026ldquo;What you doing?\u0026rdquo; And she stuck her head out from behind the screen and said, \u0026ldquo;Looking for the mouse.\u0026rdquo;\nHere\u0026rsquo;s something four-year-olds know: A screen that ships without a mouse ships broken.\nHere\u0026rsquo;s something four-year-olds know: Media that\u0026rsquo;s targeted at you but doesn\u0026rsquo;t include you may not be worth sitting still for.\nBei Netzpolitik gibt es quasi passend dazu eine Liste von Forderungen für eine zeitgemäße Netzpolitik . Die Umsetzung dieser Forderungen in einer sinnvollen Urheberrechtsreform und einem Regulierungsrahmen würden die oben diskutierte Entwicklung noch fördern und in die richtigen Bahnen lenken:\nÖffentlich geförderte Informationen müssen den Bürgern unter offenen Lizenzen bereitgestellt werden. Fernsehen und Radio sind tot! Die Inhalte des Öffentlich-Rechtlichen Systems müssen im Netz frei zugänglich sein. Öffentlich-Rechtlich ins digitale Zeitalter überführen! Digitale Strukturen und Communities, die Informationen des öffentlichen Interesses produzieren, müssen gefördert werden. Open Source fördern! Open Source Communities sind essenziell für die Kulturproduktion des 21. Jahrhunderts und schaffen unbestreitbare gesellschaftliche Mehrwerte. Freie und anonyme Kommunikationswege erhalten Demokratie öffnen heißt Transparenz wagen! Staatliche Informationen gehören unter offene Lizenzen. Informationsfreiheit muss praktiziert werden, geredet wurde schon genug. Staatliche Infrastrukturen befreien! Nur offene Standards und die Verwendung freier Software garantieren einen diskriminierungsfreien und nachhaltigen Zugriff auf Vorgänge und Abläufe in Politik und Verwaltung. Internet ist Grundversorgung. Kommunen müssen jedem Bürger einen Basiszugang zum Internet ermöglichen. Urheberrecht reformieren! Das Urheberrecht muss den gesellschaftlichen Realitäten angepasst werden - nicht die gesellschaftlichen Realitäten dem Urheberrecht. Gleiche Chancen für alle! Die Netzneutralität muss festgeschrieben werden: Es darf keine Klassengesellschaft im Netz entstehen. Medienkompetenz für Politiker: Wir brauchen Politiker, für die das Internet kein Fremdkörper ist. Wir brauchen Medien-kompetente Politiker, die es sich nicht erst ausdrucken lassen müssen. Aber wie im ersten Text in den historischen Hintergründen beleuchtet ist eine partizipatorische Demokratie gar nicht gewünscht.\n","date":"2008-05-06T00:00:00Z","href":"https://blog.koehntopp.info/2008/05/06/die-grauen-herren-vs-das-internet.html","tags":["media","politik","tv","lang_de"],"title":"Die Grauen Herren vs. das Internet"},{"categories":null,"content":" Eines der wichtigsten Bücher, die man lesen kann, selbst wenn man sich nicht beruflich für Sicherheit von Systemen interessiert, ist \u0026ldquo;Security Engineering\u0026rdquo; von Ross Anderson.\nRoss Anderson , ein Professor für Security Engineering an der Uni Cambridge, hat in seinem Leben einen Haufen Systeme designt oder die Sicherheit und die Versagensgründe für solche Systeme untersucht. Dazu gehören nicht nur Rechnersicherheitssysteme, sondern auch Stromzähler, Freund-Feind-Erkennungssysteme von Kampfjets oder das englische Gesundheitssystem.\nIn Security Engineering legt er die Grundlagen des modernen Standes der Technik und wie und warum Sicherheit funktioniert. Dabei legt er großen Wert auf praktische Beispiele und auch auf Gründe für Systemversagen und baut so ein Verständnis für den Wert von Einfachheit, passive Sicherheit und klare Diagnostizierbarkeit auf.\nDas Buch ist soeben in einer zweiten Auflage erschienen. Kauft es. Auch Bruce Schneier sagt Euch das.\n","date":"2008-05-06T00:00:00Z","href":"https://blog.koehntopp.info/2008/05/06/fertig-gelesen-security-engineering-2nd-edition.html","tags":["review","security","lang_de"],"title":"Fertig gelesen: Security Engineering, 2nd edition"},{"categories":null,"content":"Microsoft will Yahoo! kaufen, aber Yahoo! will nicht.\nMicrosoft lernt, daß Yahoo! vielleicht gar keine so gute Idee ist .\nUnd außerdem zu teuer - Microsoft geht weg . \\Der Markt denkt kurz - die Yahoo!-Aktien fallen , Yahoo! wird auf Drängen seiner Aktionäre weich.\nNun sind es nicht die Aktionäre, die den Umsatz machen, sondern die Entwickler. Yahoo! ist eine Firma mit einer fest etablierten und reichen Open Source Kultur. Microsoft ist das genaue Gegenteil. Und uncool . Zählt die Macs auf einer Konferenz Eurer Wahl (und sei es nur, weil die leichter vom Podium aus zu erkennen sind als Linux-Laptops). Ein Yahoo!-Kauf durch Microsoft wird sicher interessant - für Firmen, die Entwickler suchen.\nNebenbei beobachtet: Im Januar 2000 wurde Steve Ballmer Microsoft-CEO. Hier der Aktienkurs zum Vergleich .\n","date":"2008-05-06T00:00:00Z","href":"https://blog.koehntopp.info/2008/05/06/microsoft-yahoo-und-was-nun.html","tags":["computer","microsoft","lang_de"],"title":"Microsoft, Yahoo! und was nun?"},{"categories":null,"content":"Ars Technica berichtet, daß \u0026ldquo;Plays For Sure\u0026rdquo; mal gar nicht so sure playt. Denn:\nAs of August 31, 2008, we will no longer be able to support the retrieval of license keys for the songs you purchased from MSN Music or the authorization of additional computers. [ \u0026hellip; ] Once September rolls around, users are committed to whatever five machines they may have authorized — along with whatever OS they are running.\nDa weiß man, wieso man DRM-Freie OGGs und MP3s kaufen will, oder besser gleich rip-bare physikalische Medien. Nur falls das jemandem hier noch nicht so klar war.\n","date":"2008-04-23T00:00:00Z","href":"https://blog.koehntopp.info/2008/04/23/microsoft-schaltet-plays-for-sure-ab.html","tags":["media","musik","lang_de"],"title":"Microsoft schaltet \"Plays for Sure\" ab"},{"categories":null,"content":"Microsoft\u0026rsquo;s Ballmer gives unvarnished take on Windows, online businesses :\nHe sought feedback from the crowd of IT pros, many of whom have dedicated their careers to becoming expert in Microsoft\u0026rsquo;s products, on which Internet search engine they use. \u0026ldquo;How many of you use Live Search as your default?\u0026rdquo; Ballmer asked.\nA smattering of hands went up. Tepid applause. \u0026ldquo;How many of you use Yahoo search as your default?\u0026rdquo; Far fewer hands went up and the room was relative quiet, until it filled with laughter.\nBallmer, trying again, louder this time, \u0026ldquo;How many of you use Yahoo search as your default?\u0026rdquo; The same response. \u0026ldquo;Wow, we offered 31 bucks a share,\u0026rdquo; he said, to more laughter.\n\u0026ldquo;How many of you use Google as your default?\u0026rdquo; Ballmer asked. The vast majority in the audience raised their hands, cheering and hooting.\nBallmer looked around. Smiled. Scratched his cheek. Rubbed his face with his hand.\n","date":"2008-04-20T00:00:00Z","href":"https://blog.koehntopp.info/2008/04/20/steve-ballmer-lernt-etwas.html","tags":["computer","microsoft","software","lang_de"],"title":"Steve Ballmer lernt etwas"},{"categories":null,"content":" Es war einmal das web.de Rechenzentrum.\nWeil mich ein paar Leute gefragt haben, was denn nun einmal war: Dies ist die alte Pfaff Nähmaschinenfabrik in der Amalienbadstraße in Durlach. Der Laden ist von web.de damals gekauft und renoviert worden. Nach dem Verkauf des Portalgeschäftes von web.de an 1\u0026amp;1 ist die web.de AG als Combots AG umfirmiert und in den Räumen in der Amalienbadstraße mit einer Rumpfmannschaft verblieben. Die meisten ehemaligen web.de-Mitarbeiter sind mit dem Geschäft an 1\u0026amp;1 verkauft worden. Nachdem sich das Produkt von Combots nicht hat durchsetzen können, hat Combots nun die Entwicklung ihres Chatsystems eingestellt und die Anlage hat wohl Platz über.\nDaher die Domain \u0026ldquo;rzflaeche.de\u0026rdquo;.\nZum Thema Renovierung hier der Porn:\n","date":"2008-02-13T00:00:00Z","href":"https://blog.koehntopp.info/2008/02/13/es-war-einmal.html","tags":["hardware","karlsruhe","lang_de"],"title":"Es war einmal..."},{"categories":null,"content":" Links: Strukturen im Speicher, Rechts: Strukturen auf Disk. Oben: Log-Strukturen, Unten: Tablespace-Strukturen.\nWie eine Transaktion physikalisch organisiert wird Wenn in InnoDB eine neue Transaktion begonnen und erzeugt wird, ist sie ja noch nicht comitted und damit hat die Datenbank gegenüber der Anwendung noch kein Versprechen gemacht. Entsprechend brauchen die Daten aus einer solchen Transaktion auch noch nicht persistent gemacht zu werden.\nInnoDB versucht, eine Transaktion im Speicher zusammen zu bauen. Dies ist der innodb_log_buffer. Er sollte ausreichend groß gewählt werden, daß eine solche Transaktion in den meisten Fällen im Speicher gehalten werden kann und nicht partiell in ein Redo-Log geschrieben werden muß. Eine Größe von 1 MB bis 8 MB ist normal.\nWenn die Transaktion comitted wird, muß InnoDB die Speicherseite von der Platte laden, in der der zu ändernde Record enthalten ist und die Änderung im Speicher durchführen - die Seite wird im InnoDB Bufferpool gespeichert. Seiten auf der Platte und im InnoDB Bufferpool sind jeweils 16 KB groß, und die innodb_buffer_pool_size legt fest, wieviel RAM als Cache für solche Seiten zur Verfügung steht. Die modifizierte Speicherseite wird aber noch nicht zurück geschrieben. Stattdessen wird die Transaktion an Ende des aktuellen Redo-Log auf Platte geloggt und die Seite im Bufferpool im Speicher als Dirty (= noch zu schreiben) markiert.\nAls Dirty markierte Seiten werden in den Tablespace hinaus geschrieben, wenn einer von drei Fällen eintritt:\nDas Redo-Log, das als Ring Puffer organisiert ist, ist voll. Um zusätzlichen Platz zu gewinnen müssen als Dirty markierte Seiten in Redo-Log Reihenfolge herausgeschrieben werden, sodaß der hintere Zeiger des Redo-Log Ringpuffers nach vorne verschoben werden kann und so ausreichend Platz im Redo-Log geschaffen wird. Diese Situation nennt man einen Innodb_log_wait und sie wird im gleichnamigen Statuscounter registriert.\nInnoDB benötigt für irgendwelche Aufgaben im Bufferpool eine Speicherseite, aber findet keine, die frei ist. Normalerweise kann eine solche Seite frei gemacht werden, indem man irgendeine Seite aussucht, die nicht Dirty ist und sie freigibt: Wenn eine Seite nicht dirty ist, bedeutet daß, daß ihr Inhalt irgendwo auf der Platte zum Neu laden rumsteht. Wenn aber ausschließlich als Dirty markierte Seiten im Bufferpool stehen, geht das nicht und es müssen erst einmal Seiten auf Platte geschrieben werden, damit Platz im Bufferpool geschaffen werden kann.\nDiese Situation nennt man einen Innodb_buffer_pool_wait_free und sie wird im gleichnamigen Statuscounter registriert. InnoDB versucht diese Situation zu vermeiden: Wenn mehr als innodb_max_dirty_pages_pct Prozent viele Seiten als Dirty markiert sind, wird ein Checkpoint erzwungen und die als Dirty markierten Seiten werden herausgeschrieben.\nInnoDB fühlt sich unterbeschäftigt und beginnt im Sekundentakt damit, Batches von jeweils 64 als Dirty markierten Seiten auf die Platte zu schubsen. Diese Situation ist normal und wird nicht besonders registriert (dreht aber wie alle diese Schreibzugriffe natürlich Innodb_pages_written hoch).\nRelevante Konfigurationseinträge in der my.cnf:\n# Globaler Puffer zum Zusammenbau # von Transaktionen vor dem Commit innodb_log_buffer_size = 8M # Größe des InnoDB Buffer Pools # etwa 70-80% des Hauptspeichers, # auf einer Maschine mit 4G RAM # also etwa 3G # # (/etc/sysctl.conf: vm.swappiness = 0!) innodb_buffer_pool_size = 3072M # Anzahl der InnoDB Bufferpool Seiten # die Drity sein dürfen bevor ein # Checkpoint erzwungen wird # # Default = 90, ok innodb_max_dirty_pages_pct = 90 Relevante Zähler in SHOW GLOBAL STATUS:\n# Statuszähler für das Event \u0026#34;Redo-Log voll\u0026#34; Innodb_log_waits # Statuszähler für das Event \u0026#34;Keine Seite # im Bufferpool frei\u0026#34; Innodb_buffer_pool_wait_free Eine sinnvolle Größe für das Redo-Log wählen Ein Write-Burst kann durch das Redo-Log \u0026ldquo;in der Zeit gestreckt\u0026rdquo; und so abgeflacht werden. Die zu leistende Arbeit - die Fläche unter der Kurve - ist jedoch (nahezu) gleich.\nDas Redo-Log loggt Transaktionen und die Einträge im Log sind proportional zur Größe der Transaktion, denn es werden Rows geloggt, keine Pages. Der Sinn des Logs ist es, das Zurückschreiben der 16KB großen Seiten in den Tablespace verzögern zu können: Vielfach ist es so, daß in einer Speicherseite mehr als eine Row abgelegt wird und daß mehrere zeitlich eng beeinander liegende Transaktionen Daten in Rows ändern, die in derselben Page liegen, oder daß eine Row wieder und wieder überschrieben wird. Durch das Schreiben ins Redo-Log werden diese Änderungen alle persistent gemacht, aber die Schreibzugriffe können als lineare Writes ohne Seeks recht schnell abgewickelt werden. Die Seeks, die beim Schreiben in den Tablespace unvermeidlich auftreten würden, können so verzögert und minimiert werden.\nNormalerweise sollte das Redo-Log immer groß genug sein und niemals voll laufen. Entsprechend sollte Innodb_log_waits immer 0 sein oder zumindest sich nicht bewegen, wenn man zwei Mal in Folge den Wert des Statuscounters abruft. Hat man regelmäßig Innodb_log_wait-Events, kann eine von zwei Situationen vorliegen: Der Server hat Write-Bursts, die größer sind als das aktuelle Redo-Log - das Redo-Log ist zu klein und muß vergrößert werden. Oder der Server hat dauerhaft eine sehr große Schreiblast und das Redo-Log würde überlaufen, egal wie groß es ist. Dann braucht der Server mehr Spindeln, um schneller schreiben zu können oder die Daten müssen partitioniert und auf mehrere Server verteilt werden.\nDas Redo-Log besteht per Default aus zwei Dateien (innodb_log_files_in_group), die jeweils 5 MB groß sind (innodb_log_file_size), ist also 10 MB groß. Dies ist zu klein. Idealerweise sollte es aus zwei Dateien bestehen, die jeweils zwischen 64 und 256 MB groß sind, also 128 MB bis 512 MB groß sein. Es kann nicht größer sein als 4096 MB = 4 GB, auch nicht auf einer Maschine mit 64 Bit Architektur.\nFrüher (vor MySQL 5.0) war es einmal wesentlich, das Redo-Log nicht zu groß zu machen: Wenn der Server crashte, ging InnoDB in die Log Recovery Phase und mußte diese erst abarbeiten bevor der Server wieder Verbindungen annahm. Seit MySQL 5.0 ist das nicht mehr so: Die Log Recovery Phase kann vom Server im Hintergrund abgearbeitet werden, sodaß die Größe des Redo-Logs nicht mehr bestimmend für die Dauer der Server-Recovery ist.\nÄndert man diese Variable wenn ib_logfile0 und ib_logfile1 schon existieren, wird InnoDB sich weigern zu starten und im Error-Log des Servers eine Meldung hinterlassen, die im wesentlichen sagt, daß die Größe von vorgefundenen Logfiles nicht mit der Größe der konfigurierten Logfiles übereinstimmt.\nUm die Größe des Redo-Logs zu ändern muß der Server runtergefahren werden, danach kontrolliert werden, daß der Shutdown sauber war und daß kein Serverprozeß mehr läuft. Dann kann man die existierenden ib_logfile?-Dateien zur Seite moven und den Wert der Konfigurationsvariablen ändern, um schließlich den Server zu starten. InnoDB wird nun Meldungen über neu angelegte Logfiles in das Error-Log schreiben und die Files generieren. Ist der Server wieder online und betriebsbereit, kann man die alten ib_logfile?-Dateien löschen.\nRelevante Konfigurationseinträge in der my.cnf:\n# Anzahl der ib_logfile? innodb_log_files_in_group = 2 # Größe eines ib_logfile? innodb_log_file_size = 256M Wie InnoDB die Datendateien ablegt Wie bereits in dem ersten Artikel dieser Reihe angedeutet hat InnoDB zwei verschiedene Betriebsarten, in denen es seine Daten unterschiedlich organisiert: Wenn die Konfigurationsvariable innodb_file_per_table = 0 gesetzt ist, werden die Daten in einem oder mehreren ibdata-Tablespacefiles abgelegt. Wenn die innodb_file_per_table = 1 gesetzt ist, wird stattdessen für jede Tabelle neben der .frm-Datei für die Tabelle ein .ibd-File angelegt, das die Daten enthält.\nDie Tablespace-Files werden, wenn ihre Namen nicht als absolute Pfadnamen angegeben werden, in innodb_data_home_dir angelegt. Ist auch diese Variable leer, wird als Default datadir angenommen. Der Default-String für innodb_data_file_path ist ibdata1:10M:autoextend.\nIn den meisten Default-Installationen bedindet sich also eine Datei ibdata1 in /var/lib/mysql. Diese Datei ist zunächst 10M groß und wächst dann in Schritten von 8MB (weil innodb_autoextend_increment = 8 per Default auf 8 steht).\nDiese Defaults sind für den effizienten Betrieb jedoch nicht sehr gut gewählt. Zunächst einmal sollte man innodb_file_per_table = 1 setzen. Auf diese Weise bekommt man pro Tabelle ein .ibd-File. Dadurch hat man die Möglichkeit, den Platzverbrauch in der Datenbank Tabellenweise auch von außen zu messen und man gewinnt die Möglichkeit, durch ein ALTER TABLE t ENGINE=innodb bzw. ein OPTIMIZE TABLE t den leeren Platz in solchen Dateien dem Betriebssystem wieder zur Disposition zur Stellen.\nWählt man innodb_file_per_table = 1, dann sind die Defaults für innodb_data_file_path und innodb_autoextend_increment ausreichend, denn im ibdata1-File wird lediglich das InnoDB-interne Shadow-Datadictionary und das Undo-Log abgelegt. Auf solchen Installationen erhält man am Ende meist ein ibdata1 in der Größe von 256M bis 1024M, je nach Maximalbelastung des Undo-Logs.\nMuß oder will man InnoDB mit innodb_file_per_table = 0 betreiben, dann werden die Daten ebenfalls im ibdata1-File abgelegt. Man sollte vorher sicherstellen, daß das Betriebssystem und auch alle Utilities zur Datensicherung mit sehr großen Dateien korrekt umgehen können. Ist das nicht der Fall, wird man ein sehr kompliziertes innodb_data_file_path-Statement benötigen, das ausreichend viele ibdata-Files definiert - jedes von ihnen wahrscheinlich so um die 2G groß, oder was immer das Limit hier ist.\nAngenommen der Support im Betriebssystem für sehr große einzelne Files ist ausreichend, dann wird man mit Sicherheit die Schrittweite vergrößern wollen, in der die ibdata-Datei vergrößert wird - inoodb_autoextend_increment = 8 sind als Schrittweite sicher zu klein. Stattdessen ist es empfehlenswert, sich das Dateisystem anzusehen, auf dem die Datei angelegt wird, und als Schrittweite etwa 1% bis 5% der gesamten Dateisystemgröße zu wählen. Auf diese Weise wird das Dateisystem nach Bedarf in 20 bis 100 Schritten aufgefüllt. Das ist hinreichend klein granular,um flexibel zu sein, aber das Betriebssystem hat dennoch ausreichend wenige Allocation Requests um die Datei weitgehend unfragmentiert zu erzeugen. Auf einem Dateisystem mit 200G Platz wird man also eine Schrittweite von 2048 (2048M = 1% von 200G) oder gar 10240 (10G = 10240M = 5% von 200G) wählen.\nIn jedem Fall sollte ein Tablespace-File so definiert sein, daß es auf \u0026ldquo;autoextend\u0026rdquo; konfiguriert ist, insbesondere auch bei innodb_file_per_table = 1. Wenn nämlich durch viele Schreibzugriffe während einer lang andauernden Transaktion das Undo-Log vorübergehend anschwillt und dabei nicht genug Platz im ibdata-File ist, kommt es zu sehr seltsamen und schwer zu diagnostizierbaren Fehlermeldungen, obwohl auf Dateisystemebene noch genug Platz vorhanden ist.\nAußerdem ist zu bedenken, daß InnoDB mehr Filehandles verbraucht, wenn innodb_file_per_table = 1 gesetzt ist - entsprechend sollte man innodb_open_files größer wählen, zum Beispiel ein Filehandle pro Tabelle. Das zieht unter Umständen auch eine Anpassung von open_files_limit nach sich - hier müssen aber noch Filehandles für .frm-Dateien und für MyISAM-Tabellen mit dazu gerechnet werden.\nRelevante Konfigurationseinträge in der my.cnf (File per Table):\n# Soll InnoDB mit einer ibd-Datei pro Tabelle betrieben werden innodb_file_per_table = 1 # Wo soll die ibdata-Datei abgelegt werden (Default: $datadir) # innodb_data_home_dir # Wie soll die Datei angelegt werden? innodb_data_file_path = \u0026#34;ibdata1:10M:autoextend\u0026#34; # In was für Schritten (MB) soll die Datei wachsen? innodb_autoextend_increment = 8 # Filehandles hoch drehen # Ein Filehandle pro InnoDB Tabelle innodb_open_files = 2048 # Das hier kann man in Linux auch # getrost richtig hoch drehen open_files_limit = 32768 Relevante Konfigurationseinträge in der my.cnf (Single-Tablespace):\n# Soll InnoDB mit einer ibd-Datei pro Tabelle betrieben werden innodb_file_per_table = 0 # Wo soll die ibdata-Datei abgelegt werden (Default: $datadir) # innodb_data_home_dir # Wie soll die Datei angelegt werden? # Tablespace wird hier als 2G große Datei angelegt. innodb_data_file_path = \u0026#34;ibdata1:2048M:autoextend\u0026#34; # In was für Schritten (MB) soll die Datei wachsen? # Tablespace wächst hier in 2G Schritten # (1% einer 200G-Platte) innodb_autoextend_increment = 2048 Wie InnoDB seine Daten auf die Platte malt Wie wir oben gesehen haben, werden Daten bei der Ausführung von schreibenden Kommandos in InnoDB nur gelesen - ein INSERT oder UPDATE-Statement erzeugt einen Logbuffer und als Dirty markierte Pages im InnoDB Bufferpool für die Daten und das Undo-Log. Bei einem Commit wird der Logbuffer ins Redo-Log geschrieben - jedenfalls wenn innodb_flush_log_at_trx_commit = 1 gesetzt ist. MySQL führt den Commit dann als einen Write ins Redo-Log und eine Flush-Operation durch. Letztere leert dann die Betriebssystem-Puffer in die Platten-Puffer und die Platten-Puffer auf die Platte.\nSelbst dies ist jedoch eine relativ langsame Operation, bei der Wartezeiten von einigen Millisekunden auf eine langsame mechanische Platte auftreten - jedenfalls wenn man nicht eine spezielle Platte für das Redo-Log hat, die aus batteriegepuffertem RAM besteht. Daher besteht die Möglichkeit, InnoDB auf eine Weise zu betreiben, bei das Warten auf die Platte vom Commit mehr oder weniger stark entkoppelt wird.\nBei innodb_flush_log_at_trx_commit = 2 ist es so, daß ein Commit die Daten aus dem MySQL in die Betriebssystem-Puffer überträgt (\u0026ldquo;WRITE\u0026rdquo;), aber ein Schreiben der Betriebssystem-Puffer auf die Platte (\u0026ldquo;FLUSH\u0026rdquo;) nur einmal pro Sekunde erzwingt. Dies bewirkt, daß bei einem Absturz des MySQL Serverprozesses keine Daten verloren gehen können, bei einem Absturz der Server-Hardware jedoch bis zu einer Sekunde Redo-Log fehlen kann. Es existieren also möglicherweise Daten, für die der Anwendung signalisiert wurde, daß sie geschrieben wurden, die aber nicht geschrieben worden sind. Dafür ist diese Betriebsart durch die Wegfallenden Wartezeiten auf die langsamen Festplatten sehr viel schneller.\nJe nach Geschäftsprozeß, der hier implementiert wird, kann es sein, daß dieser Fehler relevant ist oder nicht - aus der Sicht der Informatik ist innodb_flush_log_at_trx_commit = 2 eine Verletzung des ACID -Prinzips nach Codd und daher falsch. Aus der Sicht der Betriebswirtschaft kann das Verhalten dennoch korrekt sein. Das wäre zum Beispiel dann der Fall, wenn die verlorenen Daten reproduzierbar wären, oder wenn die Korrektur der falschen Daten durch Kundenservice kostengünstiger wäre als die Hardware, die notwendig wäre, um die benötigte Performance bei innodb_flush_log_at_trx_commit = 1 zu liefern.\nBei innodb_flush_log_at_trx_commit = 0 wird das Schreibverhalten von InnoDB noch weiter gelockert - \u0026ldquo;Commit\u0026rdquo; ist nun eine rein logische Operation, die keine Writes und keine Flushes per initiiert. Stattdessen wird das Redo-Log einmal pro Sekunde durch \u0026ldquo;WRITE\u0026rdquo; an das Betriebssystem übertragen und danach durch \u0026ldquo;FLUSH\u0026rdquo; ein Schreiben der Betriebssystem-Puffer auf die Platte erzwungen. Dies ist jedoch nicht wesentlich schneller als die Einstellung \u0026ldquo;2\u0026rdquo;.\nIn jedem Fall wird die Datenbank nach einem Crash des MySQL-Serverprozesses oder der Hardware beim Wiederanlauf recovern müssen. In jedem Fall wird die Datenbank wieder in einen konsistenten transaktionalen Zustand recovern, unabhängig von den Einstellungen für innodb_flush_log_at_trx_commit. Unterschiedlich wird lediglich der Punkt in der Zeit sein (die letzte gesehene Transaktionsnummer, zu der hin recovert wird), den die Datenbank nach dem Wiederanlauf und der Recovery erreicht.\nDas Verhalten von InnoDB läßt sich außerdem noch mit Hilfe der innodb_flush_method beeinflussen. In Unix sind die zugelassenen Werte für diese Variable fdatasync (der Default), O_DSYNC, O_DIRECT, littlesync, nosync, in Windows werden normal und unbuffered (der Default) sowie async_unbuffered (der Default in Windows XP und Windows 2000) erkannt.\nDie Idee bei O_DSYNC und O_DIRECT ist, die Dateien des Redo-Log auf eine Weise zu öffnen, die den Puffermechanismus des Betriebssystems komplett ausschaltet - die Datenbank puffert Daten im innodb_buffer_pool und im Redo-Log selbst und es besteht gar keine Notwendigkeit für den File System Buffer Cache des Betriebssystems. Setzt man innodb_flush_method zum Beispiel auf O_DIRECT in Linux, wird InnoDB nur noch WRITE-Aufrufe durchführen, aber die Daten nicht mehr mit FLUSH auf die Platte zwingen. Dies ist auch nicht mehr notwendig, da ja jeder WRITE bei O_DIRECT ungepuffert direkt auf die Platte geht.\nRelevante Konfigurationseinträge in der my.cnf (für Linux):\n# Gewünschtes Schreibverhalten für viele Anwendungen innodb_flush_log_at_trx_commit = 2 innodb_flush_method = O_DIRECT # Alternativ für ACID-Compliance: innodb_flush_log_at_trx_commit = 1 innodb_flush_method = O_DIRECT Concurrency Tickets InnoDB funktioniert besser, wenn die Anzahl der Threads begrenzt ist, die gerade Operationen innerhalb der Storage Engine ausführen. Es können sich gleichzeitig innodb_thread_concurrency viele Threads in InnoDB aufhalten. Es existieren verschiedene Formeln, mit denen man auf sinnvolle Werte für diese Variable kommen kann (\u0026ldquo;Anzahl der Cores mal zwei\u0026rdquo;, \u0026ldquo;Summe aus Cores und Platten = Anzahl der Dinge, die wir in Bewegung halten wollen\u0026rdquo;), aber es ist klar, daß aktuelle Versionen von InnoDB schlechtere Performance zeigen, wenn der Wert zu hoch wird - derzeit scheint das Limit je nach Load 16 oder 32 zu sein.\nHat man mehr gleichzeitige Transaktionen als innodb_thread_concurrency zuläßt, müssen überzählige Threads warten. Oft ist es jedoch so, daß ein Thread über das Handler Interface in die Storage Engine hineingeht, dort eine Operation wie Key Lookup durchführt, um dann in die MySQL SQL-Schicht zurück zu kehren. Um eine einzelne Query zu beantworten sind unter Umständen sehr viele solche Übergänge notwendig.\nDamit ein Thread nun nicht jedesmal warten muß, wenn er in die InnoDB Storage Engine will, bekommt er innodb_concurrency_tickets viele \u0026ldquo;Tickets\u0026rdquo;, wenn ihm Zugang zur Engine gewährt wird. Er kann also entsprechend viele Wechsel zwischen SQL-Schicht und Storage Engine machen, ohen daß er erneut warten muß. Man kann hier mit verschiedenen Werten experimentieren, wenn man eine Maschine mit sehr vielen CPUs und Festplatten hat und eine sehr hohe Thread Concurrency für InnoDB hat. Sinnvolle Werte sind \u0026ldquo;Anzahl der Records in einem Block\u0026rdquo;, \u0026ldquo;\u0026hellip; in einem Segment\u0026rdquo; oder \u0026ldquo;Anzahl der Records, die in dieser Query gelesen werden\u0026rdquo;.\nEine weitere Variable ist die innodb_commit_concurrency, die die Anzahl der Threads limitiert, die gleichzeitig comitten können. Sie begrenzt den Speicherverbrauch im Logbuffer und reguliert Contention auf dem Redo-Log.\nAus historischen Gründen existiert noch eine Variable thread_concurrency. Der Wert, der hier übergeben wird, endet im Code direkt in einem Aufruf von pthread_setconcurrency(), wird aber sonst nicht weiter verwendet. Diese Funktion bewirkt in den aktuellen Implementierungen von pthreads in Linux und Solaris gar nichts, in Versionen von pthreads bis einschließlich Solaris 8 hat sie sich intern auf das Mapping von Threads zu Kernelthreads ausgewirkt. Für aktuelle Versionen von Betriebssystemen und MySQL ist die Variable und der dort eingestellte Werte nicht mehr relevant.\nRelevante Konfigurationseinträge in der my.cnf:\ninnodb_commit_concurrency = 0 innodb_thread_concurrency = 16 innodb_concurrency_tickets = 500 Metadatenstrukturen Wenn ich nach dem gehe, was ich bei Kunden vorfinde, dann ist innodb_additional_mem_pool_size eine Variable, die sehr häufig auf seltsame Werte gesetzt wird. Die Variable bestimmt die Größe eines Puffers für Metadatenstrukturen, ist also ein Cache für das interne InnoDB Data Dictionary. Der Default-Wert ist 1 MB und im normalen Betrieb braucht dieser Puffer niemals größer als 8 MB gesetzt zu werden. Ein Kunde, der Tests mit 40.000 InnoDB-Tabellen vorgenommen hat, hat hier tatsächlich einmal einen Wert von 20 MB benötigt.\nRelevante Konfigurationseinträge in der my.cnf:\ninnodb_additional_mem_pool_size = 4M Gesamtübersicht Eine Gesamtübersicht über alle InnoDB-Statusvariablen und Konfigurationsparameter findet man auf 12.2.4. InnoDB Startup Options and System Variables im Handbuch.\n","date":"2008-02-03T00:00:00Z","href":"https://blog.koehntopp.info/2008/02/03/die-innodb-storage-engine-konfiguration.html","tags":["mysql","lang_de"],"title":"Die InnoDB Storage Engine: Konfiguration"},{"categories":null,"content":"Die Storage Engine InnoDB ist eine Storage Engine, die ACID-konform betrieben werden kann, Transaktionen beherrscht und Foreign Key Constraints prüfen kann. Sie ist geeignet für alle Anwendungen, die Online Transaction Processing machen oder aus anderen Gründen eine hohe Rate von paralellen Schreibzugriffen haben.\nHat mein MySQL InnoDB Support und ist dieser betriebsbereit? Mit dem Kommano SHOW ENGINES kann man sich die von einer Instanz unterstützten Engines anzeigen lassen. Wenn InnoDB enthalten und betriebsbereit ist, wird die Engine mit YES angezeigt. Wenn sie enthalten und nicht betriebsbereit ist, wird DISABLED gezeigt. Wenn sie nicht einmal im Code des Servers enthalten ist, wird NO gezeigt.\nroot on mysql.sock [(none)]\u0026gt; show engines; +------------+---------+----------------------------------------------------------------+ | Engine | Support | Comment | +------------+---------+----------------------------------------------------------------+ | MyISAM | DEFAULT | Default engine as of MySQL 3.23 with great performance | | MEMORY | YES | Hash based, stored in memory, useful for temporary tables | | InnoDB | YES | Supports transactions, row-level locking, and foreign keys | | BerkeleyDB | NO | Supports transactions and page-level locking | | BLACKHOLE | YES | /dev/null storage engine (anything you write to it disappears) | | EXAMPLE | YES | Example storage engine | | ARCHIVE | YES | Archive storage engine | | CSV | YES | CSV storage engine | | ndbcluster | NO | Clustered, fault-tolerant, memory-based tables | | FEDERATED | YES | Federated MySQL storage engine | | MRG_MYISAM | YES | Collection of identical MyISAM tables | | ISAM | NO | Obsolete storage engine | +------------+---------+----------------------------------------------------------------+ 12 rows in set (0.00 sec) Eine minimale Konfiguration für InnoDB Für die folgenden Beispiele ist es notwendig, daß der MySQL-Server mit einem funktionierenden InnoDB ausgestattet ist. Die folgende Minimal-Konfiguration ist nicht für die Produktion geeignet, sollte aber ausreichen um von DISABLED auf YES zu kommen.\nMit SHOW GLOBAL VARIABLES LIKE 'datadir' ist das Datenverzeichnis für diese Instanz von MySQL zu lokalisieren. In diesem Verzeichnis befinden sich unter Umständen ein Datenfile ibdata1 und zwei Logfiles, ib_logfile0 und ib_logfile1. root on mysql.sock [(none)]\u0026gt; show global variables like \u0026#39;datadir\u0026#39;; +---------------+------------------------------+ | Variable_name | Value | +---------------+------------------------------+ | datadir | /export/data/rootforum/data/ | +---------------+------------------------------+ 1 row in set (0.00 sec) root on mysql.sock [(none)]\u0026gt; quit Bye linux:/export/data/rootforum # ls -lh /export/data/rootforum/data/ib\\* -rw-rw---- 1 mysql mysql 5M Jan 9 17:51 /export/data/rootforum/data/ib_logfile0 -rw-rw---- 1 mysql mysql 5M Jan 9 17:51 /export/data/rootforum/data/ib_logfile1 -rw-rw---- 1 mysql mysql 10M Dec 13 14:34 /export/data/rootforum/data/ibdata1 Der Datenbankserver ist zu stoppen. - Die o.a. drei Files sind, wenn vorhanden, zu löschen. WARNUNG! Dies löscht alle evtl. bereits vorhandenen Daten in InnoDB. Diesen Schritt nur dann durchführen, wenn die Engine vorher DISABLED war.\nIn der Sektion [mysqld] der my.cnf ist die Anweisung skip-innodb zu finden, wenn vorhanden, und zu entfernen.\nDie folgenden Konfigurationsanweisungen sind stattdessen einzufügen. Ihre Bedeutung wird weiter unten erläutert.\ninnodb innodb_file_per_table = 1 innodb_flush_log_at_trx_commit = 2 Dies ist ein minimales Setup, das zum Testen geeignet ist, aber keine Performance bringen wird. Später gehen wir auch auf InnoDB Performance Tuning ein.\nDer Server ist zu starten. Er legt die o.a. drei Files neu an, und hinterläßt entsprechende Nachrichten im Log. Die Engine InnoDB wird in SHOW ENGINES jetzt mit YES angezeigt.\nInnoDB Tabellen anlegen Beim Anlegen einer Tabellenspezifikation kann durch das Nachstellen einer ENGINE-Klausel festgelegt werden, mit welcher Storage Engine die Tabelle erzeugt wird. Dies kann innerhalb eines Schemas für jede Tabelle getrennt festgelegt werden, und mit Hilfe von ALTER TABLE auch nachträglich ohne Datenverlust geändert werden.\nroot on mysql.sock [(none)]\u0026gt; create database innodemo; Query OK, 1 row affected (0.32 sec) root on mysql.sock [(none)]\u0026gt; use innodemo; Database changed root on mysql.sock [innodemo]\u0026gt; create table kris ( id integer unsigned not null primary key auto_increment, d varchar(20) not null ) engine = innodb; Query OK, 0 rows affected (0.36 sec) root on mysql.sock [innodemo]\u0026gt; insert into kris ( d ) values ( \u0026#34;eins\u0026#34;), (\u0026#34;zwei\u0026#34;), (\u0026#34;drei\u0026#34;); Query OK, 3 rows affected (0.00 sec) Records: 3 Duplicates: 0 Warnings: 0 root on mysql.sock [innodemo]\u0026gt; select * from kris; +----+------+ | id | d | +----+------+ | 1 | eins | | 2 | zwei | | 3 | drei | +----+------+ 3 rows in set (0.01 sec) Mit Hilfe des Kommando SHOW CREATE TABLE oder mit SHOW TABLE STATUS können wir sehen, welche Storage Engine eine Tabelle verwendet.\nroot on mysql.sock [innodemo]\u0026gt; show create table kris\\G *************************** 1. row *************************** Table: kris Create Table: CREATE TABLE `kris` ( `id` int(10) unsigned NOT NULL auto_increment, `d` varchar(20) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8 1 row in set (0.00 sec) root on mysql.sock [innodemo]\u0026gt; show table status like \u0026#34;kris\u0026#34;\\G *************************** 1. row *************************** Name: kris Engine: InnoDB Version: 10 Row_format: Compact Rows: 3 Avg_row_length: 5461 Data_length: 16384 Max_data_length: 0 Index_length: 0 Data_free: 0 Auto_increment: 4 Create_time: 2008-01-09 18:04:00 Update_time: NULL Check_time: NULL Collation: utf8_general_ci Checksum: NULL Create_options: Comment: InnoDB free: 148480 kB 1 row in set (0.00 sec) In der Ausgabe von SHOW TABLE STATUS sehen wir einige Besonderheiten: Erst einmal ist die angezeigte Average Row Length von InnoDB-Tabellen mit sehr wenigen Datensätzen ungültig. Die Average Row Length unserer Tabelle ist, das wissen wir, ungefähr 4 (integer) + 5 (1 Längenbyte und vier Zeichenbytes) plus ein wenig Verwaltungsoverhead (ca. 10-12 Byte pro Row).\nInnoDB vergibt Speicherplatz jedoch in Seiten zu 16KB, und daher ist die Data_length = 16384 Bytes. Die Average Row Length wird von InnoDB als Statistik nicht gepflegt und an MySQL exportiert und wird daher als Data_length/Rows geschätzt. Für kleine Anzahlen von Zeilen ist dieser Wert falsch.\nAußerdem können wir sehen, daß die Index_length für diese Tabelle 0 ist, obwohl ein Primary Key definiert ist. Das wird uns später noch im Detail beschäftigen. Für das erste genügt es zu wissen, das der Primary Key in InnoDB zu den Daten gerechnet wird und auch sonst magisch ist. Data_free ist, anders als in MyISAM, immer 0.\nExistierende Tabellen im Typ ändern Mit den Kommando ALTER TABLE können wir eine existierende Tabelle von InnoDB nach MyISAM umwandeln oder zurück. Daten gehen dabei nicht verloren. Zum Vergleich hier einmal die Ausgabe von SHOW TABLE STATUS für dieselbe Tabelle, wenn sie als MyISAM-Tabelle existiert. Man kann sehen, daß MyISAM den Primary Key NICHT zu den Daten rechnet und daß MyISAM im Index ebenfalls seitenbasiert arbeitet, nur sind die Seiten viel kleiner: Sie sind nur 1KB groß.\nroot on mysql.sock [innodemo]\u0026gt; alter table kris engine=myisam; Query OK, 3 rows affected (0.00 sec) Records: 3 Duplicates: 0 Warnings: 0 root on mysql.sock [innodemo]\u0026gt; select * from kris; +----+------+ | id | d | +----+------+ | 1 | eins | | 2 | zwei | | 3 | drei | +----+------+ 3 rows in set (0.00 sec) root on mysql.sock [innodemo]\u0026gt; show table status like \u0026#34;kris\u0026#34;\\G *************************** 1. row *************************** Name: kris Engine: MyISAM Version: 10 Row_format: Dynamic Rows: 3 Avg_row_length: 20 Data_length: 60 Max_data_length: 281474976710655 Index_length: 2048 Data_free: 0 Auto_increment: 4 Create_time: 2008-01-09 18:11:57 Update_time: 2008-01-09 18:11:57 Check_time: NULL Collation: utf8_general_ci Checksum: NULL Create_options: Comment: 1 row in set (0.00 sec) Wir können unsere Tabelle auch wieder zurück nach InnoDB wandeln. Wir können sogar eine existierende InnoDB-Tabelle nach InnoDB wandeln. Das macht sogar Sinn - es ist genau das, was OPTIMIZE TABLE in InnoDB macht.\nroot on mysql.sock [innodemo]\u0026gt; alter table kris engine=innodb; Query OK, 3 rows affected (0.01 sec) Records: 3 Duplicates: 0 Warnings: 0 root on mysql.sock [innodemo]\u0026gt; alter table kris engine=innodb; Query OK, 3 rows affected (0.02 sec) Records: 3 Duplicates: 0 Warnings: 0 root on mysql.sock [innodemo]\u0026gt; select * from kris; +----+------+ | id | d | +----+------+ | 1 | eins | | 2 | zwei | | 3 | drei | +----+------+ 3 rows in set (0.00 sec) Ein ALTER TABLE t ENGINE=... erzeugt eine Kopie der Tabelle mit der neuen Engine als temporäre Tabelle. Danach wird die Originaltabelle gelöscht und die temporäre Tabelle als permanente Tabelle installiert. Das hat eine Reihe von Konsequenzen:\nDie Operation kann keine Daten verlieren. Wenn die Operation scheitert oder durch Benutzer abgebrochen wird, wird die temporäre Tabelle gelöscht und die Originaltabelle bleibt unverändert stehen. Vorübergehend wird sehr viel mehr Speicher gebraucht, denn es müssen ja beide Tabellen parallel existieren. Dabei ist zu beachten, daß InnoDB die Daten weniger dicht packt als MyISAM. Eine InnoDB-Tabelle braucht etwa 1.6 bis 2.2 mal so viel Platz wie eine MyISAM-Tabelle. Während des ALTER TABLE sind beide Tabellen gelockt. Wenn das stört, kann man sich mit der Sequenz CREATE TABLE b LIKE a; ALTER TABLE b ENGINE=InnoDB INSERT INTO b SELECT * FROM a; behelfen. Hier ist a dann während des Kopiervorganges nur mit einem Read Lock gesperrt. Außerdem kann man mit einer LIMIT-Clause am Select die Datenmenge begrenzen, etwa um zu experimentieren. Transaktionen InnoDB beherrscht Transaktionen. Das bedeutet, das Anweisungen an InnoDB-Tabellen gesammelt werden und erst durch ein COMMIT gesammelt auf alle Tabellen angewendet werden. Entweder gelingen alle Anweisungen, oder keine von den Anweisungen wird ausgeführt.\nPer Default befindet sich die Datenbank im AUTOCOMMIT Modus. Das bedeutet, nach jeder Anweisung \u0026ldquo;denkt\u0026rdquo; sich der Server automatisch ein COMMIT dazu. Man kann entweder Autocommit abschalten, oder mit der Anweisung BEGIN auch im Autocommit eine längere Transaktion beginnen.\nroot on mysql.sock [innodemo]\u0026gt; begin; Query OK, 0 rows affected (0.00 sec) root on mysql.sock [innodemo]\u0026gt; insert into kris ( d ) values ( \u0026#34;vier\u0026#34; ); Query OK, 1 row affected (0.00 sec) root on mysql.sock [innodemo]\u0026gt; select * from kris; +----+------+ | id | d | +----+------+ | 1 | eins | | 2 | zwei | | 3 | drei | | 4 | vier | +----+------+ 4 rows in set (0.00 sec) root on mysql.sock [innodemo]\u0026gt; rollback; Query OK, 0 rows affected (0.00 sec) root on mysql.sock [innodemo]\u0026gt; select * from kris; +----+------+ | id | d | +----+------+ | 1 | eins | | 2 | zwei | | 3 | drei | +----+------+ 3 rows in set (0.00 sec) Hier wird mit BEGIN eine Transaktion bei aktiviertem Autocommit begonnen, das Autocommit also vorübergehend unterbrochen. Dies ist die empfohlene Vorgehensweise. Eine Zeile wird in die Tabelle eingefügt. Für uns selber ist diese Zeile auch erst einmal sichtbar. Die Transaktion wird jedoch nicht mit COMMIT beendet, sondern mit ROLLBACK rückgängig gemacht. Dadurch ist nach dem Ende der Transaktion die Zeile wieder weg.\nWie InnoDB auf der Platte aussieht linux:/export/data/rootforum/data # ls -lh ib* innodemo -rw-rw---- 1 mysql mysql 5M Jan 9 18:27 ib_logfile0 -rw-rw---- 1 mysql mysql 5M Jan 9 18:28 ib_logfile1 -rw-rw---- 1 mysql mysql 10M Jan 9 18:27 ibdata1 innodemo: total 112K -rw-rw---- 1 mysql mysql 61 Jan 9 18:03 db.opt -rw-rw---- 1 mysql mysql 8.4K Jan 9 18:28 kris.frm -rw-rw---- 1 mysql mysql 96K Jan 9 18:28 kris.ibd Jede InnoDB-Installation hat mindestens ein Datenfile ibdata1 und mindestens zwei Redo-Logiles ib_logfile0 und ib_logfile1. Position, Größe, Anzahl und Namen dieser Dateien können jedoch relativ frei bestimmt werden.\nUnser InnoDB arbeitet mit innodb_file_per_table = 1. Das bedeutet, unsere Daten liegen in einer .ibd-Datei neben der .frm-Datei im Schema-Directory, hier also in $datadir/innodemo/kris.ibd. Die Endung IBD steht Datei für InnoBase-Data. Obwohl die eigentlichen Daten in dieser Datei liegen, braucht InnoDB zwingend ein ibdata-File und mindestens zwei Redo-Logs. Im ibdata-File legt Innobase das Data Dictionary ab, also eine Schattenkopie der Tabellendefinitionen aus dem .frm-Dateien in einer Innobase-internen Codierung und das Undo-Log. Im Redo-Log loggt InnoDb alle datenverändernden Operationen.\nAnders als bei MyISAM ist es NICHT möglich, .ibd-Dateien auf Dateisystemebene zu kopieren, verschieben, umzubenennen oder einer anderen Instanz von MySQL einfach so unterzuschieben. Jede dieser Operationen wird im günstigsten Fall von InnoDB erkannt und zurückgewiesen und zerstört im schlimmsten Fall die Instanz.\nWenn wir unser InnoDB mit innodb_file_per_table = 0 betreiben, liegen auch alle Tabellen in der zentralen ibdata-Datei, und es existieren im Schema-Directory nur .frm-Dateien.\nibdata-Dateien können intern nicht genutzten Platz frei geben und wieder verwenden, aber sie schrumpfen niemals. Wenn man eine Instanz nachträglich von innodb_file_per_table = 0 auf 1 umstellt, werden existierende InnoDB-Tabellen durch ein ALTER TABLE t ENGINE=InnoDB in einem externe .ibd-Datei umkopiert und der Platz in der ibdata-Datei freigegeben, aber die Datei wird niemals schrumpfen. Die einzige Methode, von der alten großen ibdata-Datei weg zu kommen ist ein Dump der Datenbank und ein Neuladen der Daten in eine andere Instanz.\nWieviel Platz in einer ibdata- oder .ibd-Datei frei ist wird im Comment-Feld der Ausgabe von SHOW TABLE STATUS für jede Tabelle angezeigt. Die Angaben sind natürlich immer Vielfache von 16K, der InnoDB Seitengröße.\nEs ist möglich, mehr als eine ibdata-Datei zu haben, aber es ist vollkommen unmöglich zu kontrollieren, welche Tabelle oder welcher Teil einer Tabelle in welcher ibdata-Datei liegt. Bei innodb_file_per_table liegt jede Tabelle immer vollständig in ihrer eigenen .ibd-Datei.\nDas Undo-Log Jede Tabelle hat in InnoDB zwei versteckte Spalten, eine Transaktionsnummer und einen Zeiger auf die vorhergehende Version der Zeile im Undo-Log, den Rollback-Pointer.\nWenn wir eine Zeile in einer InnoDB-Tabelle verändern, wird die alte Version der Zeile mit der alten Transaktionsnummer aus der Originaltabelle ins Undo-Log kopiert und die neue Version mit einer neuen Transaktionsnummer in die .IBD-Datei kopiert. Der Rollback-Pointer der neuen Version der Zeile zeigt dabei auf die alte Version der Zeile im Undo-Log.\nroot on mysql.sock [innodemo]\u0026gt; begin; Query OK, 0 rows affected (0.00 sec) root on mysql.sock [innodemo]\u0026gt; update kris set d = \u0026#34;one\u0026#34; where id = 1; Query OK, 1 row affected (0.01 sec) Rows matched: 1 Changed: 1 Warnings: 0 root on mysql.sock [innodemo]\u0026gt; select * from kris; +----+------+------+ +----+------+------+ | id | d | txn# | | id | d | txn# | +----+------+------+ +----+------+------+ | 1 | one | 2 | ------\u0026gt; | 1 | eins | 1 | | 2 | zwei | 1 | +----+------+------+ | 3 | drei | 1 | +----+------+------+ 3 rows in set (0.00 sec) In dem Beispiel oben habe ich diese verborgenen Zeilen und den Undo-Log Eintrag zur Verdeutlichung manuell von Hand hereingefälscht.\nDiese Verzeigerung von Zeilenversionen kann auch über mehr als eine Version gehen, d.h. ein Eintrag im Undo-Log kann auf eine noch ältere Version einer Zeile zeigen und so weiter. Löscht man das Undo-Log nie, bekommt man für jede Zeile jeder Tabelle eine lineare Liste, die die vollständige Abfolge aller Versionen dieser Zeile darstellt. Irgendwann einmal jedoch wird der Undo-Eintrag, der jetzt ja nicht mehr gebraucht wird, von einer InnoDB-Aufräumkomponente, dem Purge-Thread, gelöscht und der Eintrag im Undo-Log gelöscht, sodaß das Undo-Log in der Realität nicht ins Unendliche wächst.\nDas Kopieren von Versionen von Zeilen aus der Tabelle ins Undo-Log und die Verzeigerung von Zeilenversionen untereinander nennt man MVCC, Multiversion Concurrency Control.\nMVCC ist, so wie InnoDB es implementiert, für das COMMIT optimiert. Wenn man als Anwender ein COMMIT ausführt, ist nichts zu tun: Die Transaktion wird als comitted markiert, die Verzeigerung der Einträge bleibt bestehen und alles ist gut.\nroot on mysql.sock [innodemo]\u0026gt; rollback; Query OK, 0 rows affected (0.01 sec) +----+------+------+ +----+------+------+ | id | d | txn# | | id | d | txn# | +----+------+------+ ROLLBACK +----+------+------+ | 1 | eins | 1 | \u0026lt;------- | | | | | 2 | zwei | 1 | +----+------+------+ | 3 | drei | 1 | +----+------+------+ 3 rows in set (0.00 sec) Wenn man als Anwender ein ROLLBACK ausführt, fällt dagegen Arbeit an: Die Daten aus dem Undo-Log müssen rausgefischt und die Änderung in der Originaltabelle rückgängig gemacht werden.\nDas kann bei vielen Zeilen auch mal länger dauern, da das Undo-Log zeilenweise und nicht seitenweise organisiert ist. Es ist günstig, seine Transaktionen nicht zu groß zu machen: In den meisten Fällen wird eine Transaktionsgröße von 1.000 bis 10.000 Zeilen für das Massenladen von Daten ein guter Kompromiß sein (Zu klein ist auch doof, wie wir noch sehen werden).\nTransaction Isolation Level Read Uncomitted Wenn wir die Transaktion von oben einmal von außen betrachten, also von einer zweiten Verbindung aus, dann kann es sein, daß wir sie beobachten können oder auch nicht. Auf der ersten Verbindung machen wir:\nroot on mysql.sock [innodemo]\u0026gt; begin; Query OK, 0 rows affected (0.00 sec) root on mysql.sock [innodemo]\u0026gt; update kris set d = \u0026#34;one\u0026#34; where id = 1; Query OK, 1 row affected (0.00 sec) Rows matched: 1 Changed: 1 Warnings: 0 und lassen dies nun hängen, ohne die Transaktion mit COMMIT oder ROLLBACK zu beenden. In einem zweiten Fenster öffnen wir eine zweite Verbindung zur Datenbank und schauen einmal, was wir sehen:\nroot on mysql.sock [(none)]\u0026gt; use innodemo; Database changed root on mysql.sock [innodemo]\u0026gt; select * from kris; +----+------+ | id | d | +----+------+ | 1 | eins | | 2 | zwei | | 3 | drei | +----+------+ 3 rows in set (0.00 sec) Wir sehen erst einmal, daß unser Lesezugriff nicht hängt oder wartet, obwohl gerade eine Transaktion im Gange ist. In MVCC können lesende und schreibende Operationen einander niemals blockieren - das ist ein großer Unterschied zu MyISAM und einer der Gründe warum InnoDB bei Szenarien mit hoher Parallelität schneller ist als MyISAM, obwohl es ständig Kopien von den Daten machen muß.\nWir sehen hier den alten Wert der Zeile mit der id = 1. Wir wissen von weiter oben, das in der ibd-Datei schon die neue Version steht. Also muß die Datenbank hier für die Zeile id = 1 für unsere Verbindung dem Rollback-Pointer gefolgt sein und für uns die alte Version der Zeile gefischt haben. Die erste Verbindung dagegen sieht, wie noch weiter oben schon demonstriert, ihre eigenen Änderungen sofort, auch ohne COMMIT.\nWir können auch unsere externe, zweite Verbindung diese uncomitteten Daten sehen lassen. Das geht, indem wir den TRANSACTION ISOLATION LEVEL dieser Verbindung auf READ UNCOMITTED stellen.\nroot on mysql.sock [innodemo]\u0026gt; set transaction isolation level read uncommitted; Query OK, 0 rows affected (0.00 sec) root on mysql.sock [innodemo]\u0026gt; select * from kris; +----+------+ | id | d | +----+------+ | 1 | one | | 2 | zwei | | 3 | drei | +----+------+ 3 rows in set (0.00 sec) Wir merken uns: Eine schreibende Verbindung macht immer dasselbe: Sie kopiert die zu verändernden Daten vor der Änderung ins Undo-Log und verzeigert sie korrekt. Das muß sie tun, damit sie ein Rollback machen kann.\nEine lesende Verbindung kann sich nun aussuchen, welche Version der Daten sie sehen will. Jede einzelne lesende Verbindung kann das unabhängig von allen anderen Verbindungen tun und sich auch umentscheiden, denn es sind ja in jedem Fall alle Versionen der Daten immer da.\nIn READ UNCOMITTED sehen wir immer die Daten aus dem ibd-File und folgen dem Rollback-Pointer nie. Dadurch sehen wir Daten, die noch nicht comitted sind und es auch vielleicht nie sein werden. Wir sehen eine Version der Realität, die noch nicht existiert und es vielleicht nie tun wird. Für eine Anwendung ist das in den meisten Fällen nicht das gewünschte Verhalten.\nTransaction Level Read Comitted Setzen wir dagegen den TRANSACTION ISOLATION LEVEL auf READ COMITTED, dann bekommen wir für alle Zeilen, die nicht von einer Transaktion in Bearbeitung sind, die Daten aus dem .ibd-File und für alle Zeilen, in denen noch nicht comittete Daten stehen folgt die Datenbank dem Rollback-Pointer genau eine Ebene in das Undo-Log und liefert uns die Daten von dort. Dadurch bekommen wir immer Daten zu sehen, die \u0026ldquo;wirklich da sind\u0026rdquo; und sie hypothetischen Versionen der Wirklichkeit von READ UNCOMITTED werden für uns ausgefiltert.\nJedoch besteht immer noch die Möglichkeit, daß wir sehen wir sich Daten verändern, wenn wir sie zweimal lesen.\nGegeben sei etwa eine Anwendung, die mit der Anweisungssequenz begin; update kris set d = d + 1 where id = 2; commit; einen Zähler für die Zeile id = 2 hochzählt. Wenn wir in einer zweiten Verbindung wiederholt die Tabelle mit READ COMMITTED betrachten, bekommen wir veränderliche Werte von kris.d für kris.id = 2 zurück. Das ist auch dann der Fall, wenn unsere zweite Verbindung selbst eine Transaktion durchführt - die Sequenz BEGIN-SELECT-SELECT-COMMIT, eine Read-Only-Transaktion, hat in READ COMMITTED keine besondere Bedeutung.\nroot on mysql.sock [innodemo]\u0026gt; set transaction isolation level read committed; Query OK, 0 rows affected (0.00 sec) root on mysql.sock [innodemo]\u0026gt; begin; Query OK, 0 rows affected (0.00 sec) root on mysql.sock [innodemo]\u0026gt; select * from kris; +----+------+ | id | d | +----+------+ | 1 | eins | | 2 | zwei | | 3 | drei | +----+------+ 3 rows in set (0.01 sec) root on mysql.sock [innodemo]\u0026gt; select * from kris; +----+------+ | id | d | +----+------+ | 1 | eins | | 2 | 1 | | 3 | drei | +----+------+ 3 rows in set (0.00 sec) root on mysql.sock [innodemo]\u0026gt; select * from kris; +----+------+ | id | d | +----+------+ | 1 | eins | | 2 | 2 | | 3 | drei | +----+------+ 3 rows in set (0.00 sec) root on mysql.sock [innodemo]\u0026gt; commit; Query OK, 0 rows affected (0.00 sec) Transaction Isolation Level Repeatable-Read Genau dies ändert sich, wenn wir im Transaction Isolation Level REPEATABLE READ arbeiten: In dem Moment, in dem wir mit BEGIN eine Transaktion starten, sieht diese Verbindung einen Snapshot der Datenbank, der sich nicht mehr verändert, bis die Transaktion beendet wird. In REPEATABLE READ hat also auch eine Read-Only-Transaktion eine Bedeutung.\nIntern wird dies so realisiert, daß beim Lesen einer Zeile nicht nur einen Schritt in die Vergangenheit der Zeile im Undo-Log gegangen wird, sondern den untereinander verbundenen Zeigern im Undo-Log so lange gefolgt wird bis die neuste Zeile gefunden wird, die für diesen Leser noch sichtbar ist. Während also die schreibenden Verbindungen die Daten in der Tabelle immer weiter und weiter ändern, wandern mehr und mehr alte Versionen dieser Zeile ins Undo-Log, wo sie bis auf weiteres archiviert werden.\nWährend bei READ COMITTED also immer nur ein Schritt von der Tabelle ins Undo-Log gemacht wird, kann es bei REPEATABLE READ vorkommen, daß für einen bestimmten Leser viele Schritte im Undo-Log in die Vergangenheit der Zeile gemacht werden müssen. Dadurch ist die Lebensdauer einzelner Einträge im Undo-Log aber nicht mehr einheitlich, sondern es kann sein, daß einmal mehr oder weniger Einträge im Undo-Log aufbewahrt werden müssen. InnoDB hat einen globalen (für SHOW PROCESSLIST nicht sichtbaren) Purge-Thread, der schaut, was die älteste Transaktion im System für eine Transaktionsnummer noch brauchen würde. Der Purge-Thread löscht dann alle Einträge im Undo-Log, die noch älter sind als diese Transaktion.\nDas bedeutet aber anders herum auch, daß eine lange laufende Transaktion den Purge-Thread effektiv still legt. Wenn zum Beispiel ein mysqldump --single-transaction eine große Datenbank exportiert, dann kann es sein, daß diese \u0026ldquo;single transaction\u0026rdquo; viele Minuten oder je nach Datenmenge gar stundenlang stehen bleibt und damit auch der Purge Thread nichts löschen kann.\nFinden in dieser Zeit viele Schreibzugriffe statt, wird das Undo-Log unter Umständen beträchtlich anwachsen. Wie weiter oben erklärt, liegt das Undo-Log immer im ibdata-File, auch dann, wenn innodb_file_per_table aktiviert ist. Das bedeutet, daß das ibdata-File auch bei einem Server, der innodb_file_per_table aktiviert hat, größer werden kann - 256M bis 1G sind unter Umständen vollkommen normal.\nWenn ein ibdata-File zu klein ist und nicht wachsen kann, weil in der innodb_data_file_path ohne autoextend definiert ist oder die Platte voll ist, kann dies unter Umständen zu schwer verständlichen Fehlermeldungen (\u0026ldquo;Table full\u0026rdquo;, obwohl noch mächtig Platz da ist) oder Transaktionsabbrüchen führen.\nTransaction Isolation Level SERIALIZABLE und SELECT \u0026hellip; FOR UPDATE Während REPEATABLE READ also alle unsere Leseprobleme löst, fehlt uns jetzt noch ein Mechanismus, mit dem wir READ-MODIFY-WRITE Zyklen korrekt handhaben können. Ein Read-Modify-Write-Zyklus ist ein Zugriff, bei dem eine Anwendung Daten liest, in der Anwendung verarbeitet und dann die geänderten Daten zurück schreibt.\nDamit dies konsistent geschehen kann, muß sichergestellt sein, daß die Daten im Datenbanksystem nicht mehr geändert werden nachdem die Anwendung sie gelesen hat, ansonsten bekommen wir eine Race-Condition, weil zwei Verbindungen zeitgleich dieselben Daten lesen und sich gegenseitig die Änderungen überschreiben.\nWir erreichen dies durch eine Transaktion, in der die Daten mit einem SELECT ... FOR UPDATE-Statement gelesen werden. Dies ist eine Select-Anweisung, die normal lesend zugreift, aber dabei Locks erzeugt wie ein Update-Statement. In unserem Fall bedeutet dies, daß exclusive Locks auf allen Zeilen erzeugt werden, die vom Select-Statement über den Index zugegriffen wird. Die Locks bleiben bis zum Ende der Transaktion stehen. Das FOR UPDATE bewirkt also durch die Locks, daß zwei Änderungen an denselben Zeilen nacheinander, also serialisiert, erfolgen.\nDabei gilt es ein paar trickreiche Dinge zu beachten:\nZunächst einmal werden die Locks über den Index erzeugt. Wenn wir also einen EXPLAIN-Plan sehen, indem ein \u0026ldquo;using where\u0026rdquo; steht, dann heißt das in der Regel, daß mehr Zeilen über den Index selektiert werden als nachher im Result Set zu sehen sind - es gibt weitere einschränkende Bedingungen, die den über den Index generierten Result Set weiter verkleinern. Für die Locks bedeutet es aber, daß unter Umständen mehr Zeilen gelockt werden als wir möchten oder im Result Set sehen können.\nWir können das demonstrieren, indem wir eine Tabelle mit zwei Spalten a und b erzeugen.\na sei Primary Key und b sei nicht indiziert. Wenn wir jetzt ein SELECT ... FOR UPDATE ausführen, das WHERE a = ... AND b = ... enthält, werden alle in der a-Bedingung gefundenen Zeilen gelockt, auch jene, bei denen die b-Bedingung nicht zutrifft.\n-- -- Tabelle anlegen -- root on mysql.sock [kris]\u0026gt; create table t ( a integer not null, b integer not null ) engine = innodb; Query OK, 0 rows affected (0.16 sec) -- -- Daten generieren -- root on mysql.sock [kris]\u0026gt; insert into t values ( rand() * 100000, rand() * 10); Query OK, 1 row affected (0.01 sec) root on mysql.sock [kris]\u0026gt; insert into t select rand() * 100000, rand() * 10 from t; Query OK, 1 row affected (0.01 sec) Records: 1 Duplicates: 0 Warnings: 0 ... root on mysql.sock [kris]\u0026gt; insert into t select rand() * 100000, rand() * 10 from t; Query OK, 4096 rows affected (0.26 sec) Records: 4096 Duplicates: 0 Warnings: 0 -- Da sind noch Duplikate drin, die das -- Anlegen eines Primary Key verhindern root on mysql.sock [kris]\u0026gt; create table dup as select a from t group by a having count(a) \u0026gt; 1 ; Query OK, 300 rows affected (0.08 sec) Records: 300 Duplicates: 0 Warnings: 0 root on mysql.sock [kris]\u0026gt; delete from t where a in ( select a from dup ); Query OK, 608 rows affected (5.65 sec) root on mysql.sock [kris]\u0026gt; alter table t add primary key (a); Query OK, 7584 rows affected (0.40 sec) Records: 7584 Duplicates: 0 Warnings: 0 root on mysql.sock [kris]\u0026gt; drop table dup; Query OK, 0 rows affected (0.00 sec) -- -- 68 Zeilen über a selektiert -- root on mysql.sock [kris]\u0026gt; select a, b from t where a \u0026gt; 99000; ... | 99490 | 8 | ... 62 rows in set (0.00 sec) -- -- Jetzt die Demo: In einer Transaktion -- ein SELECT ... FOR UPDATE fahren -- root on mysql.sock [kris]\u0026gt; begin; Query OK, 0 rows affected (0.00 sec) root on mysql.sock [kris]\u0026gt; select a, b from t where a \u0026gt; 99000 and b = 10; +-------+----+ | a | b | +-------+----+ | 99839 | 10 | | 99970 | 10 | +-------+----+ 2 rows in set (0.00 sec) In einer anderen Verbindung können wir nun versuchen, etwa das Paar ( 99490, 8 ) zu ändern. Wir sehen: Das Statement hängt wegen eines X-Locks auf der Zeile.\nroot on mysql.sock [kris]\u0026gt; update t set b = 502 where a = 99490; ... hang ... Wenn wir jedoch einen weiteren INDEX (a,b) definieren und seine Benutzung erzwingen, werden nur die beiden Records (99839, 10) und (99970, 10) gelockt und unser paralleles Update auf (99490) geht ohne Warten durch:\nroot on mysql.sock [kris]\u0026gt; begin; Query OK, 0 rows affected (0.00 sec) root on mysql.sock [kris]\u0026gt; select * from t force index (a) where a \u0026gt; 99000 and b = 10; +-------+----+ | a | b | +-------+----+ | 99839 | 10 | | 99970 | 10 | +-------+----+ 2 rows in set (0.00 sec) root on mysql.sock [kris]\u0026gt; explain select * from t force index (a) where a \u0026gt; 99000 and b = 10\\G *************************** 1. row *************************** id: 1 select_type: SIMPLE table: t type: range possible_keys: a key: a key_len: 4 ref: NULL rows: 63 Extra: Using where; Using index 1 row in set (0.00 sec) In der anderen Verbindung:\nroot on mysql.sock [kris]\u0026gt; update t set b = 503 where a = 99490; Query OK, 1 row affected (0.09 sec) Rows matched: 1 Changed: 1 Warnings: 0 Dieses Lockingverhalten hat also weitreichende Auswirkungen: Wir müssen beim Schreiben von SQL unbedingt darauf achten, daß die Querypläne von SELECT ... FOR UPDATE-Statements die korrekten Indizes benutzen. Ein ALL oder INDEX in der Type-Spalte des EXPLAIN würde hier zum Beispiel einen Index-Scan andeuten - da der ganze Index überstrichen wird, bekommen wir so effektiv ein sehr teures, aus Zeilenlocks zusammengesetztes Table-Lock.\nDas andere trickreiche und unerwartete Verhalten ist, daß InnoDB nicht nur Zeilen lockt, sondern auch die Lücke hinter den Zeilen. Dieses Next-Key Locking vereinfacht die Implementierung von REPEATABLE-READ. Dieses Verhalten ist abschaltbar, der Schalter hat den unerwarteten Namen innodb_locks_unsafe_for_binlog - stellt man ihn auf ON, werden von InnoDB einfach Zeilenlocks erzeugt ohne die Lücke hinter der Zeile auch zu sperren.\nAuf dem Transaction Isolation Level SERIALIZABLE verhält sich das System genau wie auf dem Level REPEATABLE-READ, führt aber jedes einzelne SELECT so aus, als sei es als SELECT ... FOR UPDATE geschrieben worden. Das führt dazu, daß jedes SELECT Locks erzeugt als wäre es in UPDATE-Statement, jeder Lesezugriff lockt also wie ein Schreibzugriff. Dies führt effektiv dazu, daß sich selbst Lesezugriffe (die ja Schreiblocks erzeugen) gegenseitig in die Quere kommen, wenn sie zugleich dieselben Daten lesen wollen. Dies ist noch schlechteres Verhalten als in MyISAM!\nDer Transaction Isolation Level SERIALIZABLE ist unnötig: Er wird nie gebraucht, wenn der SQL-Code in der Anwendung korrekt mit ... FOR UPDATE lockt. Nur Anwendungen, die dies nicht korrekt tun und bei denen außerdem das SQL nicht korrigierbar ist, brauchen den Isolation Level SERIALIZABLE.\n","date":"2008-01-30T00:00:00Z","href":"https://blog.koehntopp.info/2008/01/30/die-innodb-storage-engine.html","tags":["mysql","lang_de"],"title":"Die InnoDB Storage Engine"},{"categories":null,"content":"Aus irgendeinem Grund werden die Firmen verkauft, für die ich arbeite, kaum 2 Jahre nachdem ich da angefangen habe. Das war bei web.de so und jetzt passiert es gerade wieder: Sun hat meinen Arbeitgeber für eine runde Milliarde Dollar gekauft .\nWas ich davon halten soll, weiß ich noch nicht - das wird sich erst ein den kommenden neun Monaten zeigen. Die nächsten 3 Monate werden meiner Erwartung nach die Anwälte erst einmal die letzten Details auskämpfen, und dann schaue ich mir den Laden mal an. Im September oder so erzähle ich Euch dann mal, wie das so ist.\n","date":"2008-01-16T00:00:00Z","href":"https://blog.koehntopp.info/2008/01/16/sunw-aeh-java.html","tags":["mysql","sun","lang_de"],"title":"SUNW, äh, JAVA"},{"categories":null,"content":"Die Welt thematisiert das schon seit längerem gewandelte Profil des Chaos Computer Clubs jetzt auch im Mainstream. Denn der Berliner CCC ist im Gegensatz zum alten Hamburger CCC viel extrovertierter politisch:\nDie Bewegung bestand einst aus Spontis und Untergrundkämpfern, die aus Freude an der Sache digitale Netze knackten. Nun aber ist sie politisch geworden. An den Wänden und auf den Rucksäcken kleben Schilder mit dem Gesicht von Innenminister Schäuble und der Aufschrift „Stasi 2.0“. Ein lebensgroßes Holzpferd in Schwarz-Rot-Gold soll den „Bundestrojaner“ symbolisieren – jenen Virus, den die Behörden bald auf private PCs schicken wollen, um sie online zu durchsuchen.\nHacker, so resümiert die Welt, sind heute nicht mehr Techniker, die nachts in fremde Computer einbrechen, sondern Bürgerrechtler. Und vermutet dann: \u0026ldquo;Vielleicht ist das der Grund, weshalb sie seit zwei Jahren so viel Zulauf haben.\u0026rdquo; und schließt:\nHeute übernehmen Hacker ganz bewusst zivilgesellschaftliche Verantwortung. Der CCC zeigte öffentlich, dass Handys nicht sicher sind, dass Kredit- und EC-Karten ausgespäht werden können, dass Wahlcomputer manipulierbar sind.\n","date":"2008-01-07T00:00:00Z","href":"https://blog.koehntopp.info/2008/01/07/warum-hacker-sich-als-b-rgerrechtler-verstehen.html","tags":["ccc","hack","politik","lang_de"],"title":"Warum Hacker sich als Bürgerrechtler verstehen"},{"categories":null,"content":"Bad COPP No Netflix :\nEin Benutzer kauft sich einen HD Monitor (Syncmaster TM 226BW von Samsung an einer ATI Radeon HD 2600 XT Karte) und schließt diesen an sein Windows Vista an.\nAls er dann Streaming Video von Netflix schauen möchte, mault ihn sein Vista mit einer Meldung an, daß ein DRM-Tool alle Lizenzen von seinem Rechner löschen möchte, auch die von anderen Firmen als Netflix und Microsoft. Er gibt die Auskunft des Supports wieder:\nWhen I called them they confirmed my worst fears. In order to access the Watch Now service, I had to give Microsoft\u0026rsquo;s DRM sniffing program access to all of the files on my hard drive. If the software found any non-Netflix video files, it would revoke my rights to the content and invalidate the DRM. This means that I would lose all the movies that I\u0026rsquo;ve purchased from Amazon\u0026rsquo;s Unbox, just to troubleshoot the issue…. When you do a DRM reset, it\u0026rsquo;s not your pirated files that get revoked, it\u0026rsquo;s the ones that you already paid for that are at risk. I\u0026rsquo;m not allowed to watch low res Netflix files, even though I have the capability to download high def torrents? How does this even make sense? It\u0026rsquo;s as if the studios want their digital strategies to fail.\n","date":"2008-01-04T00:00:00Z","href":"https://blog.koehntopp.info/2008/01/04/drm-krieg-auf-anwender-rechnern.html","tags":["copyright","film","media","lang_de"],"title":"DRM Krieg auf Anwender-Rechnern"},{"categories":null,"content":"Der Fotodienst Flickr wurde vor 5 Jahren in Betrieb genommen. Am 29. Dezember wurde das Foto 2147483647 auf Flickr hochgeladen. Diese Zahl ist 2 hoch 31 minus 1, also MAXINT für einen 32 Bit Signed Integer. Dies hat zu einem Integer Overflow in einer Bibliothek geführt, die Signed Integer als ID für Flickr-Bilder verwendet hat.\nHier sind ein paar simple Abfragen von INFORMATION_SCHEMA, mit denen man offensichtliche Designdummheiten bei Datenbankschemata finden kann:\nmysql\u0026gt; select table_schema, table_name, column_name, column_type from information_schema.columns where table_schema not in (\u0026#34;information_schema\u0026#34;, \u0026#34;mysql\u0026#34;) and column_name like \u0026#34;%id%\u0026#34; -- and column_type not like \u0026#34;%unsigned%\u0026#34;; +--------------+------------+-------------+---------------------+ | table_schema | table_name | column_name | column_type | +--------------+------------+-------------+---------------------+ | rootforum | counter | id | bigint(20) unsigned | | rootforum | s | id | bigint(20) unsigned | | rootforum | t | id | bigint(20) unsigned | | rootforum | telefon | id | bigint(20) unsigned | +--------------+------------+-------------+---------------------+ 4 rows in set (0.01 sec) Diese Query durchsucht INFORMATION_SCHEMA.COLUMNS nach allen Spalten, die ein id im Namen haben, aber, wenn man den auskommentierten Teil aktiviert, nicht als UNSIGNED definiert sind. Das ist schon mal ein recht offensichtlicher Fehler, den man sich von vorneherein schenken kann. Für die meisten Menschen - im Grunde jeder außer Flickr - sollte ein INTEGER UNSIGNED als PRIMARY KEY ausreichen. Ein BIGINT UNSIGNED ist doppelt so groß, und speichert 2^32 mal mehr Daten. Kann man benutzen, muss man aber nicht dringend tun und hat so ein wenig was von Größenwahn.\nDieselbe Regel kann man auch auf Spalten anwenden, die etwa ein price oder %age% im Namen haben (oder die mit INET_ATON() in INTEGER UNSIGNED umgewandelte IP V4 Nummern abspeichern sollen).\nWenig bekannt: Auch eine SERVER_ID ist in MySQL ein INTEGER UNSIGNED. Sollte man bedenken, wenn man Werkzeuge zur Administration von MySQL-Servern entwickelt.\n","date":"2008-01-04T00:00:00Z","href":"https://blog.koehntopp.info/2008/01/04/mysql-integer-overflow.html","tags":["database","mysql","lang_de"],"title":"MySQL: Integer Overflow"},{"categories":null,"content":"Zum Thema Vertrauensvorschuß nun auch eine passende Meldung aus Deutschland beim Lawblog :\nDie Affäre um Angehörige der Gewerkschaft der Polizei (GdP), die sich von Polizei-Anwärtern private Adressen und persönliche Daten beschafft haben sollen, um damit Versicherungspolicen zu verkaufen, weitet sich aus.\nSehr schön. Zentrale Datenspeicher, Mißbrauch bei der Polizei selbst und die Gewerkschaften selbst noch mitten drin.\nGesundheitskarte, Vorratsdatenspeicherung, Online-Durchsuchung\u0026hellip; Wir bauen gerade einen großen Haufen solcher sinnloser, zentral abfragbarer Datenspeicher. Man kann davon ausgehen, daß dies hier sowohl nur der Anfang als auch die Spitze des Eisberges ist. Zu viele Menschen mit zu vielen Zugriffsrechten auf mein Zeugs.\n","date":"2007-12-14T00:00:00Z","href":"https://blog.koehntopp.info/2007/12/14/wir-sind-die-guten.html","tags":["politik","security","terror","lang_de"],"title":"Wir sind die Guten!"},{"categories":null,"content":"Bug #31876 : Neulich war ich bei einem Kunden, der ein kleines Testscript hatte, das im wesentlichen 500 Mal hintereinander eine Row in eine InnoDB-Tabelle eingefügt hat, und dann ein Commit gesendet hat. Das Script war unter Linux unmöglich schnell, und unter Windows unmöglich langsam - insbesondere war es unter Windows viermal langsamer als dasselbe Script unter DB/2 und MS SQL Server. Das ist natürlich verdächtig und nicht akzeptabel.\nWas macht man, wenn man ein Performance-Problem hat? Richtig, man misst nach. Hier wollten wir erst einmal sehen, was MySQL denn so mit dem Betriebssystem macht, wenn es committed. Dazu brauchen wir so etwas wie einen Systemcall-Monitor für Windows. Das gibt es zum Glück, und zwar bei der von Microsoft aufgekauften Firma Sysinternals von Mark Russinovich. Wir messen also mit FileMon und ProcMon, was genau MySQL da tut.\nMit innodb_flush_log_on_trx_commit = 1 sehen wir dann im FileMon die folgende Ausgabe:\n94 14:43:22 mysqld-nt.exe:2736 WRITE C:\\Programme\\MySQL\\MySQL Server 5.0\\data\\ib_logfile0 SUCCESS Offset: 2258432 Length: 1024 95 14:43:22 mysqld-nt.exe:2736 FLUSH C:\\Programme\\MySQL\\MySQL Server 5.0\\data\\ib_logfile0 SUCCESS 96 14:43:22 mysqld-nt.exe:2736 WRITE C:\\Programme\\MySQL\\MySQL Server 5.0\\data\\ib_logfile0 SUCCESS Offset: 2258944 Length: 512 97 14:43:22 mysqld-nt.exe:2736 FLUSH C:\\Programme\\MySQL\\MySQL Server 5.0\\data\\ib_logfile0 SUCCESS Mit anderen Worten: Für jede Transaktion ruft MySQL einmal WriteFile() und einmal FlushFileBuffers() auf.\nKonfiguriert man auf innodb_flush_log_on_trx_commit = 2 um, bekommt man\n101 14:35:55 mysqld-nt.exe:548 WRITE C:\\Programme\\MySQL\\MySQL Server 5.0\\data\\ib_logfile0 SUCCESS Offset: 1638912 Length: 1024 102 14:35:55 mysqld-nt.exe:548 WRITE C:\\Programme\\MySQL\\MySQL Server 5.0\\data\\ib_logfile0 SUCCESS Offset: 1639424 Length: 512 Das heißt, die WriteFile()-Aufrufe finden weiter statt, die FlushFileBuffer()-Aufrufe entfallen aber.\nIn InnoDB ist das nicht ACID, weil die WriteFile()-Aufrufe die Daten nur vom MySQL-Prozess in den Windows Filesystem Buffer Cache kopieren, aber nicht von dort auf die Platte, und das kann man am Blinken der HDD-LED auch sehen.\nSpielt man dasselbe Spiel mit einem DB/2 auf Windows, sieht man\n408 15:05:10 db2syscs.exe:2020 WRITE D:\\Daten\\Filis\\DB2log\\S0007531.LOG SUCCESS Offset: 970752 Length: 4096 409 15:05:10 db2syscs.exe:2020 WRITE D:\\Daten\\Filis\\DB2log\\S0007531.LOG SUCCESS Offset: 970752 Length: 4096 DB/2 macht also auch nur WriteFile()-Aufrufe, und behauptet, das sei ACID! Mehr noch, am Blinken der Platten-LED kann man sehen, daß das auch wahrscheinlich der Fall ist.\nWas ist also anders? Sieht man sich die Sache mit ProcMon an, kann man sehen wie die Dateien in Windows mit dem Aufruf CreateFile und dwCreateDisposition = OPEN_EXISTING geöffnet werden. Dabei gibt man dem Aufruf außerdem noch einen Haufen dwFlagsAndAttributes mit. Uns sollen hier in erster Linie die Flags interessieren.\nNormalerweise öffnet MySQL seine InnoDB-Daten- und Logfiles so:\nSequence: 12795 Date \u0026amp; Time: 25.10.2007 11:01:33 Event Class: File System Operation: CreateFile Result: NAME COLLISION Path: C:\\Programme\\MySQL\\MySQL Server 5.0\\data\\ib_logfile0 TID: 2688 Duration: 0.0000131 Desired Access: Generic Read/Write Disposition: Create Options: No Buffering, Synchronous IO Non-Alert, Non-Directory File Attributes: n/a ShareMode: Read AllocationSize: 0 Das heißt, wie man in der Zeile Options sehen kann, FILE_FLAG_NO_BUFFERING ist angegeben. Das ist schon mal gut, aber wie man sehen kann, sind immer noch FlushFileBuffer()-Aufrufe notwendig. DB/2 und MS SQL Server dagegen machen das so, daß außerdem noch FILE_FLAG_WRITE_THROUGH angegeben wird (und ggf. auch noch FILE_FLAG_RANDOM_ACCESS), berichtet uns ProcMon hier.\nDas bedeutet: Brächte man InnoDB dazu seine Daten- und Logfiles mit diesen Flags zu öffnen, wären die FushFileBuffers()-Aufrufe nicht mehr notwendig (und mit innodb_flush_log_on_trx_commit = 2 wären sie auch weg). Also patched man\n===== innobase/os/os0file.c 1.121 vs edited ===== --- 1.121/innobase/os/os0file.c 2007-08-15 18:54:19 -04:00 +++ edited/innobase/os/os0file.c 2007-10-25 17:34:01 -04:00 @@ -1218,9 +1218,13 @@ try_again: /* Do not use unbuffered i/o to log files because value 2 denotes that we do not flush the log at every commit, but only once per second */ + attributes |= (FILE_FLAG_WRITE_THROUGH + | FILE_FLAG_RANDOM_ACCESS); } else if (srv_win_file_flush_method == SRV_WIN_IO_UNBUFFERED) { - attributes = attributes | FILE_FLAG_NO_BUFFERING; + attributes |= (FILE_FLAG_NO_BUFFERING + | FILE_FLAG_WRITE_THROUGH + | FILE_FLAG_RANDOM_ACCESS); } #endif } else if (purpose == OS_FILE_NORMAL) { @@ -1232,7 +1236,9 @@ try_again: commit, but only once per second */ } else if (srv_win_file_flush_method == SRV_WIN_IO_UNBUFFERED) { - attributes = attributes | FILE_FLAG_NO_BUFFERING; + attributes |= (FILE_FLAG_NO_BUFFERING + | FILE_FLAG_WRITE_THROUGH + | FILE_FLAG_RANDOM_ACCESS); } #endif } else { Wenn ich mich nicht sehr täusche ist innodb_flush_log_on_trx_commit = 2 jetzt ACID und sehr viel schneller als die Write/Flush-Sequenz - sechs bis siebenmal schneller. Das Blinken meiner Platten-LED sieht auch plausibel aus.\nDasselbe Verhalten beobachten wir nun auch mit dem Binlog: log-bin= ... sorgt für WriteFile()-Aufrufe ins Binlog, und mit sync_binlog = 1 kriegen wir nach jedem Write ein langsames Flush. Besser wäre es, das CreateFile() für das Binlog zu finden und dort ebenfalls FILE_FLAG_WRITE_THROUGH zu machen. Damit wäre schon ein normales Binlog-Schreiben \u0026ldquo;sync\u0026rdquo; und schneller als die Write/Flush-Paare von sync_binlog = 1.\nVersucht man denselben Benchmark mit Linux, kriege ich auf meinen Testsystemen übrigens vollkommene Unsinns-Zeiten raus. Das liegt daran, weil\nlinux:~ # hdparm -I /dev/sda ... Enabled Supported: * SMART feature set Security Mode feature set * Power Management feature set * Write cache * Look-ahead ... Der Write-Cache ist also bei dieser Platte enabled. Für so einen ACID-Commit ist das eher nicht so gut.\nMit\nlinux:~ # hdparm -W0 /dev/sda /dev/sda: setting drive write-caching to 0 (off) ist Linux dann nicht nur genau so ACID wie Windows, sondern auch vergleichbar langsam. Und man bekommt auch bei einem innodb_flush_method = fdatasync / O_DIRECT plötzlich plausible Benchmark-Ergebnisse zurück. Das nur mal an die Adresse derjenigen, die glauben, daß O_DIRECT nichts bringt (bis letzte Woche auch ich).\n","date":"2007-10-31T00:00:00Z","href":"https://blog.koehntopp.info/2007/10/31/bug-31876-mysql-commit-in-windows.html","tags":["database","mysql","lang_de"],"title":"Bug #31876: MySQL Commit in Windows"},{"categories":null,"content":"Bundestrojaner vor dem Verfassungsgericht (via Netzpoltik.org )\n","date":"2007-10-11T00:00:00Z","href":"https://blog.koehntopp.info/2007/10/11/bundestrojaner-in-den-tagesthemen.html","tags":["politik","security","terror","lang_de"],"title":"Bundestrojaner in den Tagesthemen"},{"categories":null,"content":"Hier wieder eines meiner berüchtigten Irc-Logs. Ich geh dann mal wieder ins Bett.\nSiMOON\u0026gt; Weiß einer von Euch, wie viele Dateien ich sinnvollerweise in einem Verzeichnis haben sollte, maximal, ohne daß es langsam wird?\ne-voc\u0026gt; 255 :) Oder ist das heute nicht mehr so?\nIsotopp\u0026gt; e-voc: Das ist sehr vom Dateisystem abhängig, und im Fall von ext2/ext3 auch davon, ob du Debian verwendest. Wenn du ein Dateisystem verwendest, das Verzeichnisse als Baumstrukturen verwaltet, dann spielt die Anzahl der Dateien in einem Verzeichnis kaum noch eine Rolle. Das ist bei XFS und Reiserfs immer der Fall, und bei ext2/ext3 ist es der Fall, wenn das Dateisystem mit dem Feature dir_index angelegt worden ist.\nIsotopp\u0026gt; e-voc: Das Feature dir_index wir von zeitgemäßen Distributionen automatisch als Flag gesetzt, wenn man mke2fs verwendet.\ne-voc\u0026gt; \u0026#x1f604;\nIsotopp\u0026gt; e-voc: Ich kenne jedoch einen Haufen Debian-Installationen, die mke2fs ohne automatisches dir_index verwenden.\nlinux:~ # tune2fs -l /dev/sda5| grep \u0026#34;Filesystem feature\u0026#34; Filesystem features: filetype sparse_super Isotopp\u0026gt; Hier fehlt dir_index.\ne-voc\u0026gt; Meine 255 waren aber nicht ganz ernst gemeint ;) Aber interessant das zu wissen.\nIsotopp\u0026gt; e-voc: Sollten sie nicht. Wenn ein Directory größer als 12 Blöcke wird (Default-Blocksize ist derzeit 4 KB), dann wird ext2/ext3 sehr langsam in lookup und in creation/deletion.\nSiMOON\u0026gt; Isotopp: ext3 auf Debian.\nIsotopp\u0026gt; Man kann dir_index auf einem existierenden ext2/ext3 nachrüsten, wenn es fehlt. Dazu muss man mit tune2fs wie oben gezeigt prüfen, ob es gesetzt ist.\nSiMOON\u0026gt; mal sehen\nIsotopp\u0026gt; Wenn nein, umount, tune2fs -O dir_index /dev/...; e2fsck -D /dev/... Details dazu in der Manpage zu tune2fs, Abschnitt über die Option -O (Groß-O).\nSiMOON\u0026gt; Isotopp: Filesystem features: has_journal resize_inode dir_index filetype needs_recovery sparse_super large_file\nIsotopp\u0026gt; SiMOON: Gut. Dann ist dir_index gesetzt. Damit spielt Verzeichnisgröße eine untergeordnete Rolle.\nSiMOON\u0026gt; Isotopp: Hier sieht es anders aus, oder? Filesystem features: has_journal filetype needs_recovery sparse_super large_file\nIsotopp\u0026gt; SiMOON: Ja, das muss behandelt werden.\nSiMOON\u0026gt; Da fehlt der dir_index, wenn ich das richtig sehe.\nIsotopp\u0026gt; ext3 hat speziell bei Datenbanken noch einen anderen Nachteil. Unsere Benchmarking-Leute haben festgestellt, daß ext3 sein Log sehr unregelmäßig flushed, und wenn der Log-Flush unregelmäßig ist, dann heißt das, daß die Laufzeiten bestimmter Queries sehr stark variieren.\nthegap\u0026gt; Also ist ext3 nicht unbedingt die beste Wahl für Datenbank-Server?\nIsotopp\u0026gt; ext3 performt offenbar besonders unregelmäßig und schlecht, wenn sehr viele gleichzeitige Zugriffe stattfinden. In einem Single-Thread Benchmark ist es fast immer schneller als etwa xfs, aber wenn man 10-50 Clients parallel schreiben und lesen lässt, dann gewinnt xfs hands down:\nIsotopp\u0026gt; 1. gleichmäßigere flush zeiten\nIsotopp\u0026gt; 2. wesentlich bessere Vermeidung von Fragmentierung bei XFS bei konkurrenten Zugriffen.\nhartmut\u0026gt; Isotopp: die Cluster-Jungs hatten auch Ärger mit ext3 log flush.\nIsotopp\u0026gt; hartmut: Ja, die auch. Die hassen ext3 aus tiefstem Herzen. Und die Jungs, die von uns bei $KUNDE waren auch.\nhartmut\u0026gt; Isotopp: Na ja, Stewart ist da aber auch schon vorbelastet ;)\nIsotopp\u0026gt; Aber er hat Benchmarks, die Sachen beweisen. Also genaugenommen hatten die Cluster und $KUNDE-Leute Benchmarks und Steward konnte demonstrieren, daß XFS die Probleme schlicht nicht hat.\nIsotopp\u0026gt; ext3 baut Blockmarmelade, wenn man mehrere Files im selben Verzeichnis gleichzeitig verlängert, also etwa ein Haufen .ibd oder .MYD-Dateien parallel wächst. XFS vermeidet das recht zuverlässig.\nSiMOON\u0026gt; Isotopp: wenn ich die / tunen will, muss ich demnach den rechner runterfahren und mit cd booten und dann das ausführen, oder?\nIsotopp\u0026gt; SiMOON: das ist korrekt.\nSiMOON\u0026gt; Isotopp: In meinem Fall handelt es sich um einen NFS-Server. Also keine Datenbank.\nIsotopp\u0026gt; SiMOON: Dann ist wahrscheinlich die Zahl der gleichzeitigen Schreibzugriffe geringer als bei einem Datenbankserver, aber eventuell hast du große Verzeichnisse.\nSiMOON\u0026gt; Isotopp: Ja, ich hab Verzeichnisse mit 150k Dateien.\nIsotopp\u0026gt; SiMOON: Äh. Dann ist das dringend.\nSiMOON\u0026gt; Ja. Ich weiß.\nSiMOON\u0026gt; Isotopp: Alternativ kann ich die Daten so legen, daß es mehr Verzeichnisse sind, von denen jedes 5 Files enthält, wäre das besser?\nIsotopp\u0026gt; Nicht wirklich. Die individuellen Verzeichnis-Lookups gehen viel schneller, dafür muss namei() dann halt durch mehr Verzeichnisse. Es ist schneller, merkbar schneller sogar, aber es verlagert das Problem quasi nur und dir_index sollte kein Problem machen. Auch nachträglich.\nSiMOON\u0026gt; Isotopp: Im laufenden Betrieb ist das vermutlich nicht möglich?\nIsotopp\u0026gt; Nein, wie gesagt umount, tune2fs, e2fsck -D. Anleitung in der Manpage von tune2fs,sektion -O (Groß-O).\nSiMOON\u0026gt; Ja, ich schau gerade. Klingt nach Spätschicht :)\nIsotopp\u0026gt; Man muss sich mal vor Augen halten, daß ext2 am Ende auf dem Stand der Technik von 1984 beruht, XFS immerhin auf Veröffentlichungen aus dem Jahre 1994. ext3 sind etwa 8000 Zeilen Kernel-Code, XFS etwas mehr als 50.000, glaube ich. Bei gleicher Anzahl von Fehlern pro 1000 loc hat XFS weitaus mehr Fehler als ext3, aber an Stellen, an denen ext3 nicht mal Features hat.\nSiMOON\u0026gt; Isotopp: Würde es Sinn machen, den Fileserver auf XFS umzustellen?\nIsotopp\u0026gt; Wie viel Datenvolumen? 150.000 files/dir ist schon fett.\nSiMOON\u0026gt; Isotopp: Das sind nur die User-Avatare. Insgesamt ist es deutlich mehr.\nIsotopp\u0026gt; Wie viel GB?\nSiMOON\u0026gt; ca 60 GB\nIsotopp\u0026gt; Hast du viele gleichzeitige Schreibzugriffe, womöglich im selben Verzeichnis? Hast du viele gleichzeitige Grow-operationen (Writes am Ende einer Datei) oder gleichzeitige Create-Operationen (Datei wird angelegt)? Das sind die stellen, an denen XFS die größten Vorteile hat.\nSiMOON\u0026gt; Na ja, gleichzeitige Schreiboperationen sind eher wenige. Grows so gut wie gar nicht. Weil ein File wird geschrieben und danach entweder gelöscht oder neu geschrieben. Wird halt viel gelesen. Ist halt der Server vom statischen Content, der über NFS gefüttert wird. Wenig schreiben, viele Daten, viel Lesen durch Lighty.\nIsotopp\u0026gt; Dann ist XFS vielleicht nicht zwingend, hätte aber vermutlich dennoch Vorteile. Du müsstest sowieso erst Testen und Dich mit der Technik vertraut machen.\nSiMOON\u0026gt; Dann tune ich lieber erstmal das ext3.\nIsotopp\u0026gt; Mehr zu XFS findest du auf http://oss.sgi.com/projects/xfs/ , speziell http://oss.sgi.com/projects/xfs/publications.html und http://oss.sgi.com/projects/xfs/training/index.html .\nSiMOON\u0026gt; Komisch daß der Live-Server das nicht anhat. Alle anderen haben es.\nIsotopp\u0026gt; Debian?\nSiMOON\u0026gt; Jep.\nIsotopp\u0026gt; Debian ist sehr langsam darin, wichtige neue Features zu übernehmen. dir_index haben die wohl erst sehr, sehr spät per default enabled.\nSiMOON\u0026gt; Kann sein, der Server ist etwas älter. Die, die ich neu gemacht habe, haben es alle eingeschaltet.\nIsotopp\u0026gt; Ich habe so einige gut gepflegte Vorurteile gegen Debian als Produktionsdistribution, unter anderem wegen solcher Sachen. Aber das ist ein anderer Rant, den ich ein anderes mal schreibe. Jedenfalls, wenn du ein Debian haben willst, das funktioniert und skaliert, nimm ein Ubuntu. Danke sehr.\n","date":"2007-10-10T00:00:00Z","href":"https://blog.koehntopp.info/2007/10/10/welches-dateisystem-fuer-meinen-datenbankserver.html","tags":["database","mysql","lang_de"],"title":"Welches Dateisystem für meinen Datenbank-Server"},{"categories":null,"content":"The Atrocity Archives , Charles Stross\nZu Charles Stross schrieb ich im IRC:\nIsotopp\u0026gt; Msch, Lies mal Charles Stross, The Atrocity Archives. Das ist ein wenig so, wie man sich Shadowrun vorstellt, wenn es im Stil von Fefe\u0026rsquo;s Blog geschrieben wird.\nIsotopp\u0026gt; In Charles Stross \u0026ldquo;Bob Howard\u0026rdquo; Universum sind Mathematik und Dämonologie dasselbe und man öffnet Dimensionstore, wenn man die falschen Beweise führt.\nErdferkel\u0026gt; Oh!\nIsotopp\u0026gt; Und ein britischer Geheimdienst, genannt \u0026ldquo;The Laundry\u0026rdquo; ist a la \u0026ldquo;Men in Black\u0026rdquo; dabei, unsere Realität zu schützen vor Leuten, die das Turing-Lovecraft-Theorem neu entdecken. Der Held war auch so einer, der aus Versehen um ein Haar Nyarlathotep bewiesen hätte.\nErdferkel\u0026gt; Gekauft.\nIsotopp\u0026gt; Und wurde dann rekrutiert. Naja, und jetzt muß er die langbeinige, rothaarige Mathematikerin vor den bösen Taliban-Magiern retten. Und ihren Shoggoten.\nErdferkel\u0026gt; Der Isotopp, der ist ein ganz fieser Erdferkelmanipulator.\nIsotopp\u0026gt; Was denn jetzt wieder? :) Das galt alles Msch, der hatte doch damals \u0026ldquo;Delta Green\u0026rdquo; angeschleppt und meinte, \u0026ldquo;Cthulhu\u0026rdquo; funktioniere nur bis 1920. Stross zeigt, daß das nicht so ist. Oder doch, modern kommt nur was anderes dabei raus. Und das ist nicht zwingend uncool.\nBombshell_de\u0026gt; Ich musste eigentlich auch an Dominik denken als ich diese Zusammenfassung las. ;)\nIsotopp\u0026gt; Bombshell_de: Ich hab meine Erklärung angepaßt, als ich sein Interesse bemerkte. :)\nIsotopp\u0026gt; Erdferkel: Wenn der Held zum Beispiel davon berichtet, wie er als Teil einer Strafversetzung Sammelkartenspiele auf ihre dämonologische Verträglichkeit testen muß.\nErdferkel\u0026gt; Genug, ich hol mir das ja, jede weitere Werbung ist Folter.\nMSch\u0026gt; Cthulhu modern kann schon funktionieren, nur halt nicht, wenn man Kurbeltelephone durch Tastentelephone und Tin Lizzies durch Golfs ersetzt, wie es Chaosium und Pegasus gemacht haben.\nIsotopp\u0026gt; MSch: Nein, da hast du Recht. Aber Stross hat es verferkuliert. Und das Buch ist voller Geekkultur-Referenzen. Also nicht Popkultur sondern CCC/Hackerkultur. Stross weiß, was was LVM oder eine NetApp ist und so Sachen. Aber das läßt er einen nur nebenbei spüren.\nBombshell_de\u0026gt; MSch: Spielst du auf Cthulhu Now an?\nMSch\u0026gt; Delta Green hat da halt den Verschwörungstrick. Und man ist nicht irgend ein Bauer, dem zufälligerweise ein komischer Meteorit ins Feld fällt, sondern \u0026ldquo;kaputte\u0026rdquo; Agenten.\nBombshell_de\u0026gt; Hm, entgeht mir in dem Buch etwas wenn ich keine Ahnung von \u0026ldquo;Linux LVM, NetApp\u0026rdquo; habe?\nIsotopp\u0026gt; Nö. \u0026ldquo;Ich glaube nicht, daß uns dieses Ding so schnell noch einmal einen Besuch abstattet.\u0026rdquo; sagt der Held zum Love Interest. Ich habe es mit seinem Eigenvektor bekannt gemacht.\u0026quot; und bürstet sich den Staub vom Palmtop.\nCharles Stross ist ein Autor, der sich relativ genau überlegt hat, daß SciFi sowieso nie Mainstream wird. Und der dann aufgegeben hat, für ein nicht-geekiges Publikum zu schreiben, damit er sich besser an die Kultur seiner Stammleserschaft anpassen kann.\n","date":"2007-10-08T00:00:00Z","href":"https://blog.koehntopp.info/2007/10/08/charles-stross-the-atrocity-archives-deutsch-d-monentor.html","tags":["book","review","media","stross","cthulhu","lang_de"],"title":"Fertig gelesen: The Atrocity Archives"},{"categories":null,"content":"Ich hatte als amtierender Securityfuzzi einmal die Aufgabe, die benötigte Verschlüsselungskapazität eines großen Webdienstleisters für eine Konsolidierungsmaßnahme auszurechnen.\nDas gesamte Rechenzentrum dieses Ladens hatte damals eine Leistungsaufnahme von ca. 2 Megawatt (2 Millionen Watt), das sind etwa 2500 PS (zwei dicke Schiffsdiesel als Notstromaggregate) und hatte damals knapp 100 Megabyte pro Sekunde an Traffic raus gepustet. Davon waren etwa 80 % verschlüsselt, denn dort hat man Verschlüsselung eingeschaltet, wenn immer ein Passwort oder andere benutzerspezifische Daten übertragen werden und bleibt dann im SSL-Modus, um die Session zu schützen.\nDurch Messungen und Tests sowie ein wenig äußerst konservative Berechnungsmagie sind wir damals bei einer Kapazität von etwa 20 IBM Bladecenter-Blades (jede damals mit 2 Cores @ 3Ghz) angekommen. Rundet man dies auf, landet man bei 28 Blades, oder genau 2 Enclosures mit je 14 Blades mit je 2 Cores mit je 3 GHz, oder 168 Intel-Ghz Gesamtkapazität.\nEin Enclosure hat eine Leistungsaufnahme von 3.5 kW (3500 Watt) maximal, sodass man etwa 7 kW oder 10 PS veranschlagen kann. Das ist ein kleines Motorrad oder ein Original-2CV .\nUnsere Messungen haben gezeigt, daß der größte Teil der Rechenpower im SSL Key Exchange und der asymmetrischen Verschlüsselung versenkt wird. Sobald das SSL erst einmal im symmetrischen Stream ist, sinkt der CPU-Verbrauch dramatisch. Oder anders gesagt: Wenn man eine IVW-Box ist, die praktisch nur SSL Key Exchange macht, weil die Payload nur 41 Byte große transparente Pixel sind, die dann aber per SSL rausmüssen, wenn man also eine solche IVW-Box ist, dann ist das wesentlich härteres Brot. Ein SSL Key Exchange sind übrigens so um die 2.5 KB.\nKostenmäßig ist für uns damals eine SSL-Implementierung in Software mit normalen Standard-CPUs am günstigsten gewesen, selbst unter Berücksichtigung von Rackspace und Strom. SSL erscheint teuer, wenn man es in Relation zu Rechenpower und Leistung von Routern rechnet. Bezieht man das Backend mit in den Vergleich ein (was leichter fällt, wenn man das SSL nicht in Cisco-Switchblades oder Radwares implementieren will), dann relativiert sich der angebliche Overhead sehr schnell.\n(Inspiriert durch das Lesen von Jörgs Artikel )\n","date":"2007-09-20T00:00:00Z","href":"https://blog.koehntopp.info/2007/09/20/wie-teuer-ist-ssl.html","tags":["security","lang_de"],"title":"Wie teuer ist SSL?"},{"categories":null,"content":"Bov Bjerg schreibt in Alte Männer mit Kugelschreibern für die Jungle World:\nMachen wir uns nichts vor: In den vergangenen Jahren ist, nicht nur in Deutschland, eine gefährliche Parallelgesellschaft entstanden. Eine Gegengesellschaft von alten Männern, die sich kurz nach Erfindung des Kugelschreibers vom technischen Fortschritt abgekoppelt haben. Reaktionär, dogmatisch, unbelehrbar - und auch noch mächtig stolz darauf.\nUnsere grundlegenden Werte sind ihnen fremd. Soweit sie davon auch nur Kenntnis erlangen, wollen sie diese Werte zerstören. Die freie Information behindern und die freie Rede bestrafen. Sie wollen über unsere Rechner bestimmen, obwohl sie kaum imstande sind, ihren eigenen auch nur einzuschalten. Sie sind längst dabei, uns zu kolonialisieren. Ihre Missionare heißen Polizist und Staatsanwalt. Ihr liebster Psalm und Schlachtruf zugleich lautet: »Das Internet ist kein rechtsfreier Raum!«\n","date":"2007-09-18T00:00:00Z","href":"https://blog.koehntopp.info/2007/09/18/alte-m-nner-mit-kugelschreibern.html","tags":["politik","security","überwachung","lang_de"],"title":"Alte Männer mit Kugelschreibern"},{"categories":null,"content":" Man hat mich gebeten, auf den Kieler Linuxtagen am 7/8. September etwas salbungsvolles zum Thema 15 Jahre Linux zu erzählen. Und das etwas mit Kiel zu tun hat.\nDamit bin ich offiziell ein alter Sack.\nSobald man gebeten wird, über Rückblicke zu referieren und von der guten alten Zeit zu schwelgen ist man offiziell ein alter Sack.\nSo die Sorte Typ, die von den Helden vergangener Zeiten erzählt. Für die Richard Dean Anderson noch McGyver war, der mit dem Taschenmesser in der Hand noch selber Leben rettete, und nicht Sesselpuper bei Stargate. Damals hatten Telefone noch Drehscheiben, und das Leben war generell noch viel härter und damals es brauchte noch echte Helden\u0026hellip;\nEiner der Helden aus grauer Vorzeit hier in Kiel war ja Cornelius. Das war ein ganz Harter. Der hat zum Frühstück 74LS00 gefressen, ohne Milch! Und damals gab es noch gar kein SMD. Jemand, der Fehler mit dem Oszilloskop debugged. So ein Typ, der gar kein Modem braucht, sondern den Carrier auch selber Pfeifen kann. Das Telefonnetz war damals, für die Jüngeren unter Euch, übrigens noch Analog.\nCornelius hat den Unix-Kram hier in Kiel mit aufgebracht. Ich war damals ja noch so ein Amiga-Kiddie und dachte, ich bin cool, weil ich Freunde hatte, die sich selber mit einem Frequenzzähler auf dem Adreßbus eine echte Megahertz-Anzeige gebaut hatten statt so ein Fake-Teil, das immer dieselbe Zahl anzeigte. Damals war so was noch einstellig, also so eine Megahertz-Anzeige, da ging so was mit dem Taschengeld.\nCornelius ist so die Sorte Typ, für die die Dateiendung \u0026ldquo;.c\u0026rdquo; für Configuration stand und \u0026ldquo;cc\u0026rdquo; für \u0026ldquo;Configuration Converter\u0026rdquo;. Ich glaube, Cornelius hat sich damals ein wenig darüber geärgert, daß sein Nachname mit \u0026ldquo;K\u0026rdquo; anfing und nicht mit \u0026ldquo;C\u0026rdquo;, denn so hatte er nicht die Initialen \u0026ldquo;cc\u0026rdquo; wie sein Compiler.\nCornelius hat damals jedenfalls die ersten Unix-Kisten eingeschleppt. Natürlich gab es so etwas damals nicht fertig, sonst hätte ihn das wohl auch nicht interessiert. In seinem Fall waren das stattdessen Commodore 900 mit Coherent 0.7.1 Special Binary Prerelease, Prototypen von Rechnern, die Commodore nie gebaut hat, weil sie selbst für Commo zu Scheiße waren. Das war mein erstes Unix.\nDas Coherent war übrigens von Mark Willams Company. Die haben sonst so Flipperautomaten gebaut. Flipperautomaten sind, für die Jüngeren unter Euch, so analoge Videospiele mit echten Kugeln drin.\nCornelius lebt inzwischen übrigens in Texas. Wenn ich so drüber nachdenke paßt das schon, so irgendwie.\nIch hab dann später mit SCO Xenix weiter gemacht und so eine Mailbox geerbt. SCO, für die Jüngeren unter euch, waren damals noch die Guten. Damals gab es weniger Juristen und von Patentanwälten hatte noch nie jemand was gehört.\nGeerbt habe ich sie von einem anderen echten Helden, von Jens. Jens war auch ein ganzer Kerl. Der hat die Grafikkarte in seinem Mega ST noch selbst gebaut, und auch den Treiber dafür selber geschrieben. Und die Mailbox-Software für seine Mailbox auch.\nJens braut inzwischen übrigens sein eigenes Bier. Das paßt auch so, irgendwie.\nXenix hatte so das Problem, daß da kein richtiges TCP/IP bei war. Das war kein Problem, solange man mit Modems und UUCP gearbeitet hat - wir hatten damals noch kein Online und auch kein X, sondern nur eine Kommandozeile. Will man X, braucht man Netz, so für localhost. Also mußte ein System V her, ein Interaktive Unix, von Kodak.\nJedenfalls, wenn man in so einem Interactive das TCP/IP in Betrieb nimmt, etwa weil man X machen will, und das localhost braucht, dann stellt man fest, daß so ein System V Kernel Memory Leaks hat und daß dann binnen einer Viertelstunde schon mal 500K Speicher voll laufen. Ein Kilobyte, für die Jüngeren unter Euch, ist übrigens ein Millionstel Gigabyte.\nSo stand ich also damals, ich weiß es noch wie heute, vor dem Problem, ein Unix her zu kriegen mit funktionierendem oder reparierbarem TCP/IP. Das war am 30. Dezember 1992, also vor etwa 15 Jahren, und das ist der Grund warum ich heute hier vorne stehe.\nIch bin damals also mit dem Fahrrad zur Uni geradelt. Bergauf, durch den Schnee. Schnee, für die Jüngeren unter Euch, ist gefrorenes Wasser. Damals hatten wir noch keine Klimakatastrophe. Ich hab mir dann einen Kernel und ein paar Sourcen auf ein Tape gezogen. Das Tape war ein sogenanntes Quarterinch Tape. Das bezieht sich nun nicht auf die Größe der Kassette, sondern die Breite des Bandes. Die Kassette war größer, so 10x7cm ungefähr, also wie ein Taschenbuch. Ein Buch, für die Jüngeren unter Euch, ist so was wie eine DVD, nur mit Text statt Bildern und ohne Strom. Das Tape jedenfalls, das hatte eine Rückwand aus massivem Stahl, 4mm dick. Cornelius stand tierisch auf solche Tapes.\nMit dem Linux auf dem Tape bin ich dann nach Hause geradelt, wieder durch den Schnee, natürlich, denn damals blieb so was noch liegen und natürlich auch wieder bergauf, denn damals ging es noch nicht bergab. Und hab mir den Kram compiliert und installiert. Danach hab ich dann erst mal die Permissions und Owner von dem Zeug richtig gesetzt, denn wir hatten damals noch keine Distributionen.\nUnd so kam es, daß ich am 31. Dezember 1992 mit einem SLS und einem Kernel 0.96.6 in das neue Jahr startete. Das war schon ziemlich cool. SLS war übrigens von Donald Becker. Der schreibt inzwischen übrigens Netzwerktreiber. Das paßt auch, irgendwie.\nEndlich X. 640x480 in 256 Farben. Das war schon was. Man konnte seinen Monitor auch übertakten, dann ging mehr. Ein Monitor, für die Jüngeren unter Euch, das ist so eine Art analoges LCD, damals hatten wir noch kein DRM. Da ging so was noch mit dem Übertakten.\nNaja, so fing das damals jedenfalls alles an. Und dann ging es Schlag auf Schlag. Man kann sich bei so einem Vortrag schnell in die Technik versteigen, und wie geil Linux inzwischen so ist - es rennt auf einem Palm Pilot und einer Cray, auf einem iPod und auf einer Enterprise-Class Solaris Kiste oder einer SGI mit 1024 Prozessoren.\nAber wenn man sich Sagen aus Grauer Vorzeit so ansieht, dann geht es da weniger um die Monster, sondern im Grunde geht es um die Helden, und ihre Taten. So auch im Zusammenhang mit Linux und im Zusammenhang mit dem Universum als solches.\nAlso ist dies heute ein Vortrag über Helden und Heldentum.\nEin Held ist jemand, der einen Kampf aufnimmt, um die Welt zu verändern, einen Kampf der anfangs aussichtlos, ja sogar sinnlos erscheint. Manche Helden opfern sich, oder opfern persönliche Vorteile, um die Welt, oder das Universum als solches, für uns alle in einen besseren Ort zu verwandeln.\nDer erste Held, um den es hier gegen soll, ist natürlich Linus Torvalds. Er ist ein Jedermann aus einer Gegend gar nicht weit von hier, ein Schwede in Finnland, ein Informatikstuent. Wer hier war schon mal in Schweden oder in Finnland? Wer hat Informatik studiert? Genau. Ihr hättet Linus sein können.\nLinus hat sich also hingestellt, und sein Zeug ins Netz gekippt und gesagt: Hier ist mein Zeug und ich habe es in Netz gekippt, jetzt könnt ihr spielen. Wer hier hat schon mal Zeugs von sich ins Netz gekippt, damit andere spielen können? Genau. Ihr hättet Linus sein können.\nLeute haben also Linus Zeugs genommen und damit gespielt, und es dabei besser hin gefummelt und - das ist der Trick - Linus ihr verbessertes Zeug zurückgegeben. Linus hat das also zusammengesetzt und wieder zurück ins Netz gekippt.\nEigentlich hat er also gar nicht viel gemacht.\nDer entscheidende Punkt hier ist: Er hat es getan. Linus hat mit seinem Tun die Welt verändert. Also nicht bloß ein bisschen, sondern so richtig fundamental. Leute schreiben da Bücher drüber. Bill Gates paßt seine Geschäftsstrategie an. Linus hat Macht. Er ist hingegangen und hat gesagt: Das ist jetzt so, und dann war es so. Ein Informatikstudent aus Finnland, hier gleich um die Ecke.\nOkay, Linus war nicht alleine. CREDITS in meinem Kernel listet alleine so an die 500 Leute, und das sind nur die, die es bis in diese Datei geschafft haben und das ist nur der Kernel.\nUnd das mit dem Zurückgeben und neu veröffentlichen ist auch nicht seine Idee. Diese Idee hatte ein anderer Held, Richard Stallman.\nStallman, ein weiterer Informatikstudent, wenn auch von weiter weg, ist also hingegangen und hatte dasselbe gemacht wie Linus, nur viel früher: Er hat Zeugs geschrieben, in seinem Fall ein Haufen ziemlich coole Editing Macros, \u0026ldquo;emacs\u0026rdquo;, für einen Editor, und die ins Netz gekippt und gesagt: Hier ist mein Zeug und ich habe es ins Netz gekippt, jetzt könnt ihr spielen.\nLeute haben also Richards Zeug genommen und damit gespielt, und es dabei besser hin gefummelt und ein kommerzielles Produkt draus gemacht und - das ist der Fehler - Richard ihr verbessertes Zeug nicht zurückgegeben sondern gesagt: Ellabätsch, angeschissen, Du hast Zeug ins Netz gekippt und ich mach eine Firma draus.\nDa war Richard natürlich sauer und hat sich überlegt, wie er die Welt verändern kann, oder gar das Universum als solches, um es für uns alle in einen besseren Ort zu verwandeln. Richard hat sich also hingesetzt und mal aufgeschrieben wie es sein soll, damit das mit dem \u0026ldquo;ins Netz kippen und spielen\u0026rdquo; besser funktioniert.\nDamit das ganze juristisch wasserdicht wird ist das Ganze ein ziemlich langer Text geworden, aber im wesentlichen steht da drin: Du kannst Zeugs, das ich ins Netz gekippt habe, nehmen und dran rumbasteln und damit spielen. Aber wenn Du Dein verändertes Spielzeug nicht zum selber spielen verwendest, sondern Dritte damit spielen läßt, dann mußt Du denen (und damit effektiv uns allen) die Veränderungen geben, damit wir genau wie Du spielen können.\nAlso, mit anderen Worten, wenn wir Zeugs ins Netz kippen, damit Du spielen kannst, dann mußt Du, wenn Du das verbastelst Dein verbasteltes Zeug ebenfalls ins Netz kippen, damit wir genau wie Du weiter spielen können.\nSimpel genug.\nSo simpel, daß ein Haufen Leute die Idee kopiert haben. Weil Richard hat das nicht nur auf seine Editing Macros angewendet, sondern er hat die Metaidee, also den Regelsatz, als solchen formuliert, da raus abstrahiert und auch ins Netz gekippt. Und ein Haufen Leute haben nicht nur seine Editing Macros genommen und damit gespielt, sondern haben ihr Spielzeug nach seinen Regeln ins Netz gekippt damit andere auch damit spielen können.\nOkay, Stallman war also nicht alleine. Auf Sourceforge stehen tausende von Softwarepakete, aber letztendlich ist seine Idee, die GPL, als Lizenz bei der überwiegenden Mehrzahl aller Projekte gewählt. Es gibt einen Haufen Lizenzen, die zur Auswahl stehen, aber es ist die Lizenz von Stallman, die letztendlich die bestimmende Macht bei allen diesen Paketen ist. Es ist etwas an der GPL, das sie uns anderen Nichthelden attraktiver, fairer oder sonstwie besser erscheinen läßt.\nDas kommt, weil die GPL eine Formulierung einer anderen, viel, viel älteren Idee ist. Diese Idee hatte ein anderer Held, Immanuel Kant.\nKant war ein Student der Philosophie, weil damals gab es noch keine Informatik, hat die GPL viel kürzer aufgeschrieben als Stallman, weil damals gab es auch weniger Juristen. Er sagte, etwas geschraubt, weil er Philosoph war: \u0026ldquo;Handle stets so, daß die Maxime Deines Handelns als Grundlage allgemeinen Handelns genommen werden kann.\u0026rdquo; und nannte das den kategorischen Imperativ.\nKant meint, das sei eine coole Idee, weil es die Welt und das Universum als solches automatisch in einen besseren Ort verwandelt.\nManche Leute heute formulieren Kant etwas weniger geschraubt als \u0026ldquo;Was Du nicht willst, das man Dir tu, das füg auch keinem anderen zu.\u0026rdquo; Das geht leicht von der Zunge und macht klar, wieso Kant der Meinung war, daß es die Welt und das Universum als solches in einen besseren Ort verwandelt, erklärt aber irgendwie gar nicht was das mit der GPL zu tun hat.\nWenn man da drüber nachdenkt, dann stellt man aber fest, daß man das noch anders formulieren kann: \u0026ldquo;Baue die Spielregeln einer Gemeinschaft stets so, also ob Du Dich an jeder Position in dieser Gemeinschaft, und sei es die niedrigste und schlechteste, befinden mögest.\u0026rdquo; In anderen Worten: Man stelle sich einmal vor, man sei, hmm, die kranke dunkelhäutige Frau eines fundamental-religiösen Hartz IV-Empfängers mit Migrationshintergrund mit einem behinderten Kind in einem Plattenbau in Sachsen - Deutschland funktioniert als Gemeinschaft, sagt Immanuel, wenn man sich selbst in dieser Situation vorstellen kann und das nicht schlimm wäre.\nOkay, hat nix mit der GPL zu tun, aber illustriert das Gedankenmodell.\nAnderes Beispiel: Man stelle sich einmal vor, man stellt einen Haufen cooler Editing Macros ins Netz und alle wollen die benutzen und dann macht einer ein paar Veränderungen dran, packt das ganze in eine Schachtel und fängt an das zu verkaufen und sagt mir, nein, an die Veränderungen kommst Du nicht dran, das ist jetzt alles proprietär.\nOffensichtlich sind die Spielregeln kaputt. Immanuel hat also eine Metaregel aufgeschrieben, mit der man testen kann, ob ein Regelsatz heil oder kaputt ist: Nimm die Regeln, bau das Spielfeld auf und setz Dich selber an die letzte von allen Positionen. Magst Du dann noch spielen? Wenn nein, ist das Spiel im Eimer.\nRichard hat nun diese Überlegung von Immanuel genommen und im Grunde nur Regeln aufgeschrieben, die nicht kaputt sind. Und Linus hat das dann mal durchgespielt. Okay. Und wir alle anderen auch. Das da sind ja auch nur Leute wie Du und ich.\nDas ist mächtig gefährlich.\nWeil es die Welt verändern kann, oder das Universum als solches, und in einen besseren Ort verwandeln. Und wenn die das können, dann können wir, also Du, Du und Du, das auch. Einfach so.\nAlso rechnen wir das doch mal durch, so wie ein Philosoph, Mathematiker oder Informatiker das tun würde.\nErst mal sind wir. Das ist unbestritten. Jedenfalls bin ich, das ist leicht zu testen - ich denke, also bin ich. Ob Ihr seid, ist nicht so leicht zu testen, aber im Grunde irrelevant. Weil: wenn ich nicht widerlegen kann, daß Ihr seid, Ihr mich aber beeinflussen könnt und ich ich Euch, dann muß ich Euch erst mal als real annehmen - es macht ja keinen Unterschied für mein Handeln.\nDas ist cool, weil ich jetzt schon mal Folgerungen ziehen kann.\nDie erste ist: Wenn ich bin, will ich weiter sein. Das nennt man Egoismus und ist gesund.\nDie zweite ist: Ich bin nicht alleine, sondern es gibt mehr wie mich, und die wollen auch weiter sein.\nUnd das ändert die Regeln fundamental.\nEine ganze Menge Leute, Helden der Mathematik in diesem Fall, haben auf dem Problem \u0026ldquo;Die Anderen\u0026rdquo; rum gerechnet und festgestellt, daß das wegen der Existenz der Anderen die Welt und das Universum als solches kein Nullsummenspiel ist.\nEin Nullsummenspiel ist ein Spiel, bei dem ich verliere, wenn ein anderer gewinnt. Man kennt das - mal verliert man, mal gewinnen die anderen.\nDer Punkt ist, das ist Unsinn. Die Welt ist, sagen uns die Mathematiker, nicht ein Spiel, sondern eine Folge von Spielen und sie hat, wie wir Informatiker sagen würden, Zustand. Zustände kriegt man, sobald man sich erinnern kann, also den Ausgang vorheriger Spiele zur Grundlage seines fortgesetzten Handelns macht. Oder wie der große Held Henry Spencer so treffend gesagt hat, \u0026ldquo;Those who do not remember Unix are forced to reinvent it, poorly.\u0026rdquo;\nDarum ist für die Politiker Fernsehen so wichtig, weil das verhindern soll, daß wir Zustände kriegen.\nDie Frage war, ob wir Helden sind.\nUnd die Antwort ist: wir sind, und wir sind nicht alleine, und weil das so ist, und weil wir uns erinnern können, können wir durch zusammenarbeiten Situationen schaffen, in denen jeder gewinnt, der mit uns zusammenarbeitet - uns selbst eingeschlossen. Indem wir etwas verschenken machen wir langfristig Gewinn.\nDie Helden der Philosophie und der Mathematik sagen uns, und das haben sie oft nachgerechnet, daß das eine Eigenschaft der Welt und des Universum als solches ist. Die Welt um uns herum ist so aufgebaut, daß es gut und persönlich gewinnbringend für uns ist, kurzfristig etwas zu opfern, um die Welt und das Universum als solches in einen besseren Ort für uns alle zu verwandeln.\nOder, um es deutlicher zu formulieren: Bill Gates ist ein blöder Idiot. Und nur Du kannst es ihm beweisen.\nSei ein Held.\n","date":"2007-09-07T00:00:00Z","href":"https://blog.koehntopp.info/2007/09/07/echte-helden.html","tags":["damals","free software","kiel","politik","lang_de"],"title":"Echte Helden"},{"categories":null,"content":"Laut Heise Newsticker äußert sich IT-Laie Jörg Ziercke:\nZiercke sagte, der Aufwand für eine einzige Online-Durchsuchung sei beträchtlich, \u0026ldquo;weil wir jeweils eine eigene Software entwickeln müssen\u0026rdquo;. Diese Software werde immer nur für den Einzelfall erarbeitet, \u0026ldquo;ein Unikat, das speziell auf die Rechner-Umgebung eines Verdächtigen zugeschnitten wird\u0026rdquo;.\nMal sehen, ob ich das richtig geparsed bekomme, was Ziercke da erzählt: Er möchte in einer missionskritischen Anwendung in einer Gefahrensituation unter Zeitdruck eine ungetestete Software in einer Situation einsetzen, in der er das Zielsystem nicht vollständig kontrollieren kann. Faßt es das in etwa zusammen?\nWas will er sonst noch machen? Bungeejumping ohne Seil? Nein, so hanebüchene Ideen können auch Ziercke und seine Berater nicht ausbrüten. Dies ist ganz klar eine Nebelkerze, am Ende wird auch hier Encase eingekauft (Siehe die Kommentare am Ende von\nDer Bundestrojaner durchdekliniert für eine Liste von Materialien zum Thema).\n","date":"2007-08-29T00:00:00Z","href":"https://blog.koehntopp.info/2007/08/29/mehr-online-durchsuchungs-nebelkerzen.html","tags":["politik","security","überwachung","lang_de"],"title":"Mehr Online-Durchsuchungs-Nebelkerzen"},{"categories":null,"content":" Kristian, wenn Du über Performance redest, dann redest Du immer von verteilten, asynchronen Systemen . Verteilte, asynchrone Systeme sind doof, schwer zu programmieren und laufen der Theorie zuwider, die ich an der Uni gelernt habe. Ich warte glaube ich lieber auf schnellere Prozessoren.\nViel Spaß beim Warten. Godot wird Dir Deine neue CPU bestimmt bald bringen.\nEin Gigahertz ist ein Takt pro Nanosekunde. Bei Lichtgeschwindigkeit kommt das Signal in einer Nanosekunde in etwa 30cm weit. In der Cray, die jetzt als Bar in der Lobby vom RZ der Uni Stuttgart Dienst tut, sind alle Kabel Vielfache von 30cm lang. Dadurch ist jedes Kabel auch eine Delay von 1, 2, 3 oder 4ns.\nHeutige Rechner haben einen Takt von so um die 3 GHz. Der Teil der Maschine, der mit 3 GHz gepowert ist hat wenig überraschend einen Radius von etwas unter 5 cm. Das ist der Bereich, in dem man bei diesem Takt binnen eines Taktzyklus Round-Trip-Time (5cm hin und zurück = 1/3ns = 3GHz Takt) einen konsistenten, synchronen Zustand herstellen kann. Will man größere Maschinen bauen, die weiterhin synchron und konsistent sind, muß man die Lichtgeschwindigkeit erhöhen (die Zeit verlangsamen) oder den Takt herabsetzen. Also braucht man entweder ein schwarzes Loch in der CPU oder einen niedrigeren Systemtakt oder ein anderes Konzept.\nDas kann man akzeptieren oder nicht. Diejenigen, die es nicht akzeptieren, können gerne Two Phase Commit auf einem Interkontinental-Link machen und sich über Performanceprobleme beklagen. Aber bitte nicht bei mir.\n","date":"2007-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2007/08/11/zehn-zentimeter.html","tags":["database","mysql","performance","lang_de"],"title":"Zehn Zentimeter"},{"categories":null,"content":"Ode an Kiel: Ich baue wie viele andere Kerle einen Grill auf, sortiere Decke, Lebensmittel und Bier-Kühler und lasse das alles wortlos auf Sophie wirken. Die untergehende Sonne lässt das Fördewasser weich schimmern, am Ufer gegenüber strahlt weiß der Sand, ganz weit hinten rechts leuchtet blau-rot der HDW-Kran, dazwischen die Segler, ein paar Schnellboote, die wie junge Hunde über die Förde tollen und zur Linken weit und offen das Meer. Ein paar Stunden noch, und der Vollmond wird genau über Heikendorf stehen. Was wäre, sähe ich das zum ersten Mal? Nörgler werden sagen, Kiel an einem Sommerabend ist ein billiger Trick, damit ist natürlich jede zu beeindrucken.\n","date":"2007-07-30T00:00:00Z","href":"https://blog.koehntopp.info/2007/07/30/ode-an-kiel.html","tags":["kiel","anderswo","lang_de"],"title":"Ode an Kiel"},{"categories":null,"content":"\u0026ldquo;Ich muß Hardware für einen Rechner kaufen, auf dem dediziert nur ein MySQL laufen soll. Was soll ich beschaffen?\u0026rdquo; ist eine Frage, die ich recht oft höre. Hier ist die lange Antwort.\nBevor man sich mit dem freundlichen Hardwarehöker des geringsten Mißtrauens in Verbindung setzen kann, muß man sich erst einmal ein paar Dinge überlegen.\nDatenbank-Zielgröße bestimmen Die allererste Überlegung ist die erwartete Zielgröße der Datenbank: Werden wir einen Bestand von 1G, 10G, 100G oder 1000G haben? Daraus und aus dem allgemeinen Gesundheitszustand des Geldbeutels ergibt sich schon die erste wichtige Erkenntnis. Nämlich: Werden wir es schaffen, eine speichergesättigte Datenbank zu bauen, oder bekommen wir eine Datenbank, die für Lesezugriffe auf die Platte zugreift?\nFolgerung 1: Speichergesättigte Datenbanken sind ein bevorzugtes Designziel Mechanische Festplatten sind unerträglich langsam.\nSpeicher-Zugriffszeiten werden in Nanosekunden angegeben. Milli (10E-3), Mikro (10E-6), Nano (10E-9), Pico (10E-12), Femto (10E-15), Atto (10E-18) - Speicher hat also Zugriffszeiten in der Größenordnung von einer Millardstelsekunde pro Byte. Platten-Zugriffszeiten liegen dagegen im Bereich von Millisekunden, wenn Seeks involviert sind. Von einer durchschnittlichen Serverplatte kann man nicht mehr als 200 Seeks pro Sekunde (5ms pro Zugriff) erwarten, die 7200rpm Hitachi HTS72108 in meinem Laptop schafft nach iozone und iostat ziemlich genau 125 Seeks pro Sekunde (8ms pro Zugriff).\nIn diese Zeit geht die Average Seek Time für die horizontale Positionierung des Kopfes und die Rotational Delay mit ein - also die Zeit, die wir warten müssen, bis die richtigen Daten unter dem fertig positionierten Kopf auch mal durchrutschen. Die Datentransferzeit zur tatsächlichen Übertragung der Daten ist im Vergleich dazu eher zu vernachlässigen.\nAndererseits hat eine Platte im Vergleich zum RAM eine größere Zugriffsgranularität - während wir beim RAM für jedes Byte eine Access Time abrechnen, tun wir das bei einer Platte für einen Block (512 Byte, aber wir können hier gerne mit 1000 Byte rechnen, es spielt nicht wirklich eine Rolle). Im Endeffekt ist der Geschwindigkeitsunterschied zwischen RAM und Random-I/O einer Festplatte jedenfalls nicht 1E6 (eine Million), sondern nur etwa 1E4 (Zehntausend) bis 1E5 (Hundertausend), abhängig davon wie breit unsere Rows im Schnitt sind.\nWird eine Platte nicht mit Random-I/O betrieben, sondern mit linearer Ein-/Ausgabe, dann können wir so um die 50 MB/sec von einer Platte bekommen. Je nach Rowsize sind das zwischen Hundertausend und einer Million Rows pro Sekunde. Das ist immer noch langsamer als RAM, aber viel schneller als die im pessimalen Fall 200 Rows/sec vom Random-I/O (Hmm, auch da kommen wir noch drunter, wenn wir auch den Index nicht cachen können).\nWenn es einem also gelingt, speichergesättigte Datenbanken zu bauen, dann sind Reads für viele Anwendungsfälle schon kein Problem mehr und teilweise fällt sogar schlechtes SQL nicht mal mehr auf, weil die entsprechenden Operationen zwar ineffizient sein mögen, aber dank schnellem RAM-Zugriff dennoch schnell genug sind.\nFolgerung 2: 64 Bit sind Mandat MySQL hat eine Ein-Prozeß-Architektur. Ein einzelner Datenbankserver enthält eine Reihe von datenbankinternen Service-Threads und einen Handlerthread pro Connection, die sich alle den gemeinsamen Speicher des Prozesses teilen.\nWir brauchen also nicht nur jede Menge RAM, sondern wir brauchen das RAM auch in einer Form, die es uns erlaubt, innerhalb eines einzelnen Prozesses darauf zugreifen zu können. Das bedeutet in 2007: Eine 64 Bit CPU, ein 64 Bit Betriebssystem und eine 64 Bit Version von MySQL, falls wir Speicher von mehr als 3G (in Windows: 2G) im Server haben.\n32 Bit-Code kann in Linux nur etwas unter 3G in einem Prozeß adressieren, und in Windows sind es sogar nur etwas unter 2G. Es ist also vollkommen sinnlos, einen Rechner mit 8G RAM hinzustellen und dann nur ein 32 Bit-Betriebssystem und ein 32 Bit-MySQL drauf zu installieren. Das gibt zwar einen schönen File System Buffer Cache und das ist besser als nix, aber es wäre sehr viel interessanter, den Speicher direkt in MySQL zur Verfügung zu haben. Ein Datenbankserver wird also immer fett RAM bekommen und das zieht dann relativ schnell die 64 Bit nach sich.\nEs gibt zwar so was wie PAE / AWE , aber reden wir da nicht drüber - wir haben 2007, und es gibt keinen Grund, mit gefesselten Beinen über die Ziellinie zu hüpfen, wenn man stattdessen richtig rennen kann. Es gibt zwar PAE-Code in MySQL, aber der ist per Default nicht enabled, in den MySQL-eigenen Binaries nicht vorhanden und schlecht getestet. Selbst wenn das alles anders wäre, würde man PAE nicht wollen, sondern gleich richtig 64 Bit machen wollen - PAE ist langsam und hat haarige Tatzen.\nSchreibleistung vs. Leseleistung Eine andere Sache, die man sich frühzeitig bewußt machen muß ist die Überlegung, daß Leseleistung sehr viel leichter zu optimieren ist als Schreibleistung.\nDatenbanken, die überwiegend Reads sehen und wenig Schreiboperationen haben sind sehr leicht zu skalieren: Wir ersticken das Problem nach Möglichkeit erst einmal mit Speicher und wenn das nicht mehr reicht, setzen wir eine ausreichende Anzahl von Replication-Slaves auf. Die Reads verteilen wir dann gleichmäßig über die Slaves. Das können wir je nach Problemgröße leicht bis auf 1000 Slaves pro Master ausdehnen, wenn wir wollen.\nWrites dagegen sind sehr viel unhandlicher. Wir können Schreibzugriffe zwar Delayen, Batchen und Sortieren, aber am Ende muß der Write auf irgendein persistentes Medium. Wenn wir mehr Schreibzugriffe haben als eine Platte wegstecken kann, dann müssen wir ein Array hinstellen. Wenn wir mehr Schreibzugriffe haben als man sinnvoll über ein Array verteilen kann, dann müssen wir die Datenbank partitionieren mit all den unangenehmen Designentscheidungen, die mit solchen verteilten, lose gekoppelten Systemen einher gehen.\nFolgerung 3: Locality erzeugen um Schreibzugriffe zu minimieren Datenbanken speichern Daten in Speicherseiten ab. In InnoDB zum Beispiel ist eine solche Speicherseite mit 16K relativ groß. In einer solchen Seite liegen in der Regel mehrere Rows, und InnoDB liest und schreibt immer ganze Seiten.\nWenn wir unsere Datenbank gut designed haben, dann haben wir Locality Of Reference erzeugt. Das bedeutet, daß wir ziemlich oft den Fall haben, daß die Rows, die wir zur gleichen Zeit bearbeiten auch räumlich dicht gepackt sind, also in derselben Speicherseite stehen. Das bedeutet, daß wir mit dem ersten Zugriff auf eine neue Seite schon die Rows, auf die wir gleich zugreifen werden mit in den Speicher bringen und daß wir beim Schreiben wahrscheinlich eine Seite nicht nur einmal verändern, sondern mehrere Rows in der Seite verändern werden.\nWir wissen, daß InnoDB Daten im Primary Key in B+-Bäumen abspeichert, d.h. in den Blättern des Primary Key stehen die Daten selbst, nicht Zeiger auf die Daten. Daten sind also physikalisch in Primary Key-Reihenfolge angeordnet und Daten mit einem ähnlichen Primary Key stehen wahrscheinlich physikalisch dicht zusammen auf der Platte. Sekundärschlüssel enthalten eine Kopie des Primary Key als Row Pointer. Ein \u0026ldquo;INDEX(a)\u0026rdquo; wird von InnoDB also intern als \u0026ldquo;INDEX(a, id)\u0026rdquo; interpretiert und realisiert. InnoDB und der Optimizer wissen das auch, und ein \u0026ldquo;SELECT id FROM t WHERE a = \u0026hellip;\u0026rdquo; wird entsprechend aus dem Sekundärschlüssel ohne Primärdatenzugriff abgearbeitet.\nMit diesem Wissen können wir jetzt über die Wahl des Primärschlüssels einer InnoDB-Tabelle die physikalische Anordnung von Daten in einer InnoDB-Tabelle beeinflussen und die Locality verbessern.\nOft erzeugen hierarchische Primärschlüssel ausgezeichnete Locality. In einer Tabelle, die Mails für einen Maildienst verwaltet wäre (userid, folderid, messagenummer) zum Beispiel ein sehr guter Primärschlüssel für die Mailtabelle, weil Informationen über neue Mails im aktuellen Folder des aktuellen Users dicht beieinander gespeichert werden. Ein INTEGER UNSIGNED NOT NULL PRIMARY KEY auto_increment erzeugt eine zeitliche Reihung von Daten nach dem Erzeugungsdatum und das ist für viele Daten, die neu heiß sind und dann mit der Zeit abkühlen genau der richtige Schlüssel. Ein Zufallswert, ein MD5 oder SHA1-Hash oder eine UUID ist ein furchtbarer Primärschlüssel, weil Daten im Endeffekt zufällig gestreut werden und keine Locality erzeugt werden kann. Locality ist nicht nur für Schreibleistung wichtig, sondern auch wenn wir eine Datenbank haben, die nicht speichergesättigt sein kann und wir Lesezugriffe zur Disk senden müssen. Mit einer guten Locality können wir unter Umständen viele Lesezugriffe im RAM cachen auch wenn die Gesamtdatenbank sehr viel größer als der Verfügbare Hauptspeicher ist.\nFolgerung 4: Beschriebene Rows schmal halten um Schreibzugriffe zu minimieren Schreibzugriffe ändern Seiten. Wenn wir eine gute Locality haben und wir außerdem Schreibzugriffe von beschriebenen Seiten zur Disk verzögern können, dann werden wir viele Rows in einem Block ändern können, bevor wir diesen Block zur Disk senden. Indem wir die Rows von Tabellen schmal halten, die beschrieben werden, bekommen wir mehr Rows in einen Block und haben so weniger Schreibzugriffe.\nWenn wir zum Beispiel eine Benutzertabelle haben, dann enthält diese überwiegend statische Daten wie zum Beispiel den Benutzernamen, das Paßwort, die Benutzeranschrift und andere Stammdaten. Sie enthält aber vielleicht auch sehr dynamische Daten wie zum Beispiel das Datum des letzten Logins. Datenbanktheoretisch gehört diese Information auch in die User-Tabelle, aber wegen der physikalischen Implementierung wird es sehr sinnvoll sein, eine künstliche 1:1 Relation einzuführen und das Paar (userid, lastlogin) in eine Extratabelle abzuspalten.\nHier haben wir nun 8 Byte breite Rows in 16K großen Records, also bis zu 2048 Records pro Speicherseite (in Wirklichkeit wird die Seite nicht vollständig genutzt sein) oder ca. 500-700 stark veränderliche Speicherseiten (8M-12M) für die Lastlogindaten von einer Million Usern. Wenn man einen Usereintrag von um die 300 Byte inklusive Stammdaten annimmt, dann würden eine Million User ohne diese Aufspaltung stattdessen um die 18000-25000 (280M-400M) veränderliche Seiten erzeugen, d.h. wir hätten etwa 36 mal mehr veränderte Speicherseiten zu schreiben, nur weil die veränderlichen Daten weniger dicht gepackt sind.\nDazu kommt, daß jeder Schreibzugriff auch alle Resultsets im MySQL Query Cache löscht, die von der beschriebenen Tabelle abstammen. Indem man häufig beschriebene Daten in Extratabellen isoliert bekommt man unter Umständen eine bessere Query Cache Hit Ratio und so bessere Performance.\nAus dem gleichen Grund und noch einigen anderen Gründen will man auch unbedingt alle Spalten abtrennen, in denen Typen verwendet werden, die \u0026ldquo;TEXT\u0026rdquo; oder \u0026ldquo;BLOB\u0026rdquo; im Namen haben. Zu den \u0026ldquo;anderen Gründen\u0026rdquo; gehört hier in MySQL auch die Handhabung von \u0026ldquo;temp tables\u0026rdquo; in Queryplänen, bei denen \u0026ldquo;using temporary\u0026rdquo; bei EXPLAIN gelistet wird.\nFolgerung 5: Writes delayen, batchen und sortieren Bei einem COMMIT schreibt InnoDB die geänderte 16K Seite nun nicht sofort zurück in den Tablespace, sondern notiert die Änderung erst einmal im Redo-Log und markiert die InnoDB-Seite als Dirty. Später wird die Dirty Page zur Disk gesendet und der entsprechende Redo-Log Pointer kann vorwärts bewegt werden um den Platz im Redo-Log wieder frei zu geben.\nDadurch, daß alle Änderungen so erst einmal im Redo-Log landen, werden Schreibzugriffe, die eigentlich Random-Writes wären vorübergehend erst einmal als Lineare Writes abgehandelt: Wir hatten weiter oben ja schon etabliert, daß lineare Writes schneller sind. Außerdem spekuliert diese Aktion natürlich darauf, daß eine eben veränderte InnoDB Seite wegen Locality gleich noch einmal geändert wird und wir so Random I/O-Schreibzugriffe einsparen können.\nWir können Locality abschätzen, indem wir die Größe des Redo-Logs mit der Menge der Pages vergleichen, die dirty sind. In SHOW ENGINE INNODB STATUS\\G finden wir:\n--- LOG --- Log sequence number 0 1994670731 Log flushed up to 0 1994670268 Last checkpoint at 0 1993477319 ... ---------------------- BUFFER POOL AND MEMORY ---------------------- ... Modified db pages 278 Unser Redo-Log hat also bisher Null (0) Umdrehungen gemacht, und der Schreibzeiger steht bei Offset 1994670731, während der hintere Lesezeiger bei Offset 1993477319 steht. Es sind also 1994670731-1993477319 = 1193412 (ca. 1.1M) Redo-Log belegt. Dem stehen 278 16K große Seiten (ca. 4.4M) gegenüber, die als Dirty markiert sind. Wenn es uns gelingt, durch Umstrukturierung dieses Verhältnis zu verbessern, also die Anzahl der Seiten, die als Dirty markiert werden zu verkleinern, dann bekommen wir weniger Random-I/O und eine bessere Schreibleistung.\nMySQL wird die \u0026ldquo;modified db pages\u0026rdquo; dann verzögert und im Batch auf die Platte schreiben, wenn\ndas Redo-Log droht, vollzulaufen innodb_max_dirty_pages_pct Prozent aller Pages im Buffer Pool als Dirty markiert sind oder InnoDB eine Pause zum Atemholen bekommt und einen Checkpoint fährt. Das Schreiben der Dirty Pages erfolgt derzeit leider noch nicht sortiert , obwohl das echt nützlich wäre.\nWir können uns, wenn uns unsere Daten nicht so wichtig sind, sogar noch die Writes ins Redo-Log delayen. Indem wir innodb_flush_log_at_trx_commit auf den Wert 2 oder gar 0 setzen, erlauben wir es der Datenbank auch Einträge ins Redo-Log zu verzögern und zu batchen und können so die Schreibleistung noch weiter erhöhen.\nFolgerung 6: Mehr Spindeln Wir können so mit verschiedenen Tricks bei der Gestaltung des Datenbankschemas die Anzahl der notwendigen Schreibzugriffe unter Umständen drastisch verringern und wir können uns mit Hilfe des Redo-Log unter Umständen einige Random-I/Os sparen, indem wir stattdessen vorübergehend lineare Schreibzugriffe machen. Am Ende aber müssen die Blöcke auf die Platte.\nEine einzelne Platte, so haben wir gelernt, gibt uns nicht mehr als 200 Seeks pro Sekunde. Auch ein RAID-1 Paar bekommt nicht mehr Daten auf die Platte, da ja jede Hälfte des Spiegelpaares dieselben Operationen durchführen muß. Von 14 Platten in einem RAID-10 (einem Stripe aus Mirrors) würden wir also ca. 7 mal 200 Seeks/sec = 1400 Seeks/sec erwarten.\nIn einem RAID-5 ist es weitaus schlechter. Da Datenbanken ausschließlich RAID-5 \u0026ldquo;Short Writes\u0026rdquo; machen, wird jede einzelne logische Schreiboperation zu vier physikalischen Schreiboperationen: Zwei Reads und zwei Writes. Mit einem großen Cache kann man die beiden Reads weg cachen, aber die beiden Writes bleiben. Hat der RAID-5 Controller außerdem einen großen batteriegepufferten Cache, kann es sein, daß auch die Schreibzugriffe in akzeptabler Zeit abgewickelt werden, aber die sichere Empfehlung für eine Datenbank ist in der Regel \u0026ldquo;RAID-5 ist böse, man will RAID-10\u0026rdquo;.\nFür eine Datenbank wollen wir also ein Plattenarray kaufen, daß aus möglichst vielen kleinen Disks zusammen gesetzt ist - uns interessiert ausschließlich die Anzahl der Seeks pro Sekunde, die wir von dem Array bekommen können. MB/sec sind von untergeordneter Bedeutung.\nDie Sun Performance Blueprint Wide Thin Disk Striping erklärt wie man mit Partitionen auf Arrays umgehen sollte: Sie sollten sich immer über alle vorhandenen Platten des Array erstrecken und es sollten keine dedizierten Disks für Logs, Indices oder einzelne Tabellen verwendet werden. Ab 6 Platten wird diese Strategie sinnvoll, ab 10 Platten ist sie dedizierten Disks auf jeden Fall überlegen.\nIn großen Arrays will man sich nicht mehr mit Disks abgeben, sondern \u0026ldquo;Storage managen\u0026rdquo; - Partitionen sollten daher immer über alle Disks gehen und das Array gleichmäßig aufheizen, sodaß man keine Hotspots mehr bekommt. Wenn das Array überlastet wird, kauft man dann eben einfach mehr Platten und reorganisiert. sar -d, iostat -x oder dstat sind des Storage- und des Datenbankadmins treue Freunde. Man sollte eine gewisse Nähe zu ihnen aufbauen.\nFolgerung 7: Software-Raid ist nix schlimmes Wenn wir ein RAID-10 bauen, dann ist die Realisierung des RAID sehr wenig aufwendig: Ein Write-Request wird einfach zu zwei verschiedenen Platten gesendet und endet erst dann, wenn beide Platten ihn bestätigt haben. Das ist sehr leicht in Software realisieren. Ein Hardware-RAID bringt hier nur wenig Gewinn.\nBei RAID-5, wenn man durch äußere Umstände dazu gezwungen wird, sieht da schon anders aus: Die meisten Software-RAID-5 Implementierungen sind ziemlich schäbig und RAID-5 profitiert ganz enorm von einem batteriegepufferten RAM als Cache. Hier ist ein (guter, teurer) RAID-Controller mit einem fetten batteriegepufferten Cache wahrscheinlich von Vorteil.\nEin Software-RAID hat gegenüber einem Hardware-RAID dann verschiedene Vorteile: Zum Beispiel braucht man sich nicht mit einem proprietären Treiber zu prügeln, kann das RAID zuverlässig über /proc/mdstat in Linux oder das entsprechende Windows-Äquivalent monitoren und kann zumindest in Linux auf die einzelnen Platte auch nach dem Splitten des Mirrors einzeln ohne RAID zugreifen, da Linuxraid die Metadaten hinten auf die Platten malt - eine RAID-Hälfte ohne RAID sieht dann zumindest read-only für einen Nicht-RAID-Zugriff ganz normal aus.\nSogar multipathen kann man das.\nCPU Leistung verblaßt neben Plattenleistung Die oben angestellten Betrachtungen haben an keiner Stelle die Leistung der Prozessoren des Systems gewürdigt. Das ist deswegen so, weil Datenbanken in der Regel kaum CPU-Probleme haben. Eine CPU mit 3 GHz Takt arbeitet pro Sekunde und Core 3 Milliarden Prozessorzylen ab, und moderne CPUs sollten eigentlich größenordnungsmäßig bei jedem Zyklus auch einen Befehl fertigstellen. Wenn man also von Disk Seeks von einer 200stel Sekunde ausgeht, dann werden in der Wartezeit auf die Platte um die 15 Millionen Wartezyklen pro Core in der CPU freigesetzt.\nOder anders gesagt: Eine Datenbank kann nur in zwei Fällen wirklich CPU-Probleme bekommen:\nWir haben etwas ganz wildes mit Stored Procedures oder anderem Code in der Datenbank gemacht. Das hätten wir besser gelassen.\nDie Datenbank ist speichergesättigt und fräst nun wie wild mit der CPU durch ihre Speicherbänke, weil sie niemals auf die Platte warten muß. Klagen über \u0026ldquo;CPU ausgelastet\u0026rdquo; sind in diesem Fall wahrscheinlich Beschwerden auf sehr hohem Niveau. In MySQL ist es außerdem so, daß wir in der Regel eine Query in einem Thread abarbeiten und wir eine bestimmte Menge an Concurrency benötigen, um ausreichend viele CPUs sättigen zu können.\nInsbesondere Replikation ist derzeit strikt seriell und kann nicht nennenswert mehr als einen Thread belegen.\nFolgerung 8: Ein reiner Backup-Slave braucht nur einen, maximal 2 Cores Da Replikation strikt seriell ist, kann ein Slave der nur repliziert und nicht auch noch Read-Queries abarbeitet oder Reports generiert niemals nennenswert mehr als einen Core busy halten. Es lohnt überhaupt nicht, hier viel Geld in Cores zu investieren. RAM oder Platten sind bessere Investitionsziele.\nFolgerung 9: Concurrency schätzen, und begrenzen MySQL ist eine Datenbank die klar auf Commodity Hardware hin entwickelt worden ist und die durch die überall verfügbare und leicht zu konfigurierende Replikation bevorzugt horizontal zu skalieren ist. Es ist in vielen Fällen eher lohnend, einen zweiten Server aufzusetzen statt den einzigen Server weiter zu vergrößern.\nMySQL funktioniert derzeit recht gut mit 4 oder 8 Cores, aber 16 Cores wären schon grenzwertig und es wäre zu beweisen, daß eine 16 Core-Maschine mit MySQL tatsächlich besser funktioniert als zwei 8 Core-Maschinen. Speichergrößen von 32G und 64G können gut gehandhabt werden, aber für wesentlich größere Pools müßte nachgewiesen werden, daß keine Lockingprobleme existieren. Mit MySQL 5.0.30 und MySQL 5.0.37 wurden verschiedene Lockingprobleme für sehr große InnoDB Buffer Pools behoben, sodaß es unbedingt lohnend ist ein Upgrade durchzuführen wenn man sehr große Speichermengen hat und noch kleinere Versionen einsetzt. Aber selbst dann kann intensives Monitoring noch Locking triggern. Dieses Problem wird derzeit bearbeitet.\nRecovery gleich mit planen Im Falle einer Katastrophe oder eines Administrationsfehlers wird der eigene Chef rüberkommen und die üblichen drei Fragen haben:\nWerden wir wieder online gehen können? Haben wir Daten verloren? Wie lange wird das alles dauern? Der vorausschauende Admin hat für alle drei Fragen schon Antworten parat. Das kann er nur, wenn er die Recovery seiner Datenbank geplant, geübt und gebenchmarkt hat.\nFolgerung 10: Platz um sich zu bewegen Ein Backup-Slave, so vorhanden, sollte genug Platz und Power haben, um eine Recovery in endlicher Zeit durchführen zu können. In den meisten Fällen plant man 3 bis 5 mal mehr Plattenplatz ein als die Datenbankzielgröße ist. Teile dieses Platzes können langsamer sein (weniger Spindeln haben, also aus größeren Platten zusammengesetzt sein) als die eigentliche aktive Datenbank.\nEin Test- oder Scratchrechner, etwa der Backup-Slave oder eine dritte Kiste, können sehr handlich sein, um Dinge zu testen, Datenextraktionen oder Loads vorzubereiten oder andere administrative Dinge zu stagen.\nDer Einkaufszettel Schätzhilfen:\nDie Zielgröße der Datenbank. Die erwartete Schreiblast. Prüfung: Lohnt es eine speichergesättigte Datenbank zu bauen?\nJa: Dies ist der Fall, wenn wir die benötigten Daten komplett ins RAM bekommen und die Schreibrate angemessen niedrig ist.\nIn diesem Fall stecken wir alles Geld ins RAM und bauen Platten an die Datenbank, um die Schreibrate zu bewältigen und um unseren RAM-Cache beim Hochfahren voll zu saugen. Wir brauchen aber unter Umständen keine dicken Arrays mit vielen Spindeln.\nNein: Wenn wir eine hohe Schreibrate haben oder unser Datenbestand so dick ist, daß wir mit den üblichen RAM-Größen keine Chance haben das alles weg zu cachen, nehmen wir das RAM eine Größe kleiner und stecken das frei werdende Geld in ein dickes Array mit vielen Spindeln. Das Array setzen wir als RAID-10 auf.\nJe nach zu erwartendem Grad von Concurrency bauen wir uns ein 2, 4 oder 8-Core-System. Richtig spannend wird die CPU-Nutzung aber aller Voraussicht nur bei speichergesättigten Datenbanken oder in spezialgelagerten Sonderfällen.\nWeil wir erwarten mehr als 2-4G Speicher zu verwenden, achten wir darauf, daß die CPU, das Betriebssystem und die Datenbank in 64 Bit-Versionen installiert werden.\nKonfigurationen, die ich beim Kunden gesehen habe waren etwa Dell 1950 mit einem MD1000 oder MD3000 hinten dran, HP DL 385 und DL 585 mit einem oder zwei MSA 30 hinten dran oder ähnliche Kisten von anderen Herstellern. Davor liegende Webserver waren oft Blades, zum Teil ohne Platten, mit 2G RAM und 32 Bit Betriebssystemen - für Webserver ist dies idR ausreichend und hier ist ein breites Array von Servernodes wichtiger als leistungsstarke einzelne Knoten, sobald die Latenz bei der Abarbeitung der Requests niedrig genug ist.\n","date":"2007-07-28T00:00:00Z","href":"https://blog.koehntopp.info/2007/07/28/hardware-f-r-ein-mysql.html","tags":["hardware","mysql","work","lang_de"],"title":"Hardware für ein MySQL"},{"categories":null,"content":" Abfahrt\u0026hellip;\nAlles startklar zum Vollräumen.\nZapf kommt\u0026hellip;\nAuspacken, bitte.\n","date":"2007-06-09T00:00:00Z","href":"https://blog.koehntopp.info/2007/06/09/kistenschlacht.html","tags":["berlin","lang_de"],"title":"Kistenschlacht"},{"categories":null,"content":" R\u0026gt; Ich hoffe, Isotopp wirft den Text aus #offtopicana nachher noch ins Blog.\nOkay, hiermit getan.\nO\u0026gt; Tu ich in den Ersatz-Server nun 2 oder 4 500er-Platten?\nR\u0026gt; Machs richtig.\nB\u0026gt; Nimm 4. Oder 5, wenn es geht. Vier im Raid, eine als Hot Spare.\nI\u0026gt; Raid-5 nur mit Hot Spare (außer bei mir daheim). Raid-5 im Degraded Mode hat einen tierischen Overhead. So hoch, daß man sich die Frage \u0026ldquo;Prio auf normale Accesses oder Prio auf Reconstruct\u0026rdquo; nicht stellen muss.\nB\u0026gt; I: ah? Danke für den Hinweis.\nI\u0026gt; Raid-5 undegraded mit 4 platten: Du hast Chunks von x kb (etwa 64k), und zwar 1. Chunk auf Disk A, 2. Chunk auf Disk b, 3. Chunk auf Disk C und Parity auf Disk 4.\nI\u0026gt; Das ist eine Raidline, hier mit Size = 3x64k = 192k.\nI\u0026gt; Nächste Raidline hat 4. chunk auf A, 5. chunk auf B, Parity auf C und 6. Chunk auf D.\nI\u0026gt; Nächste dann 7=A, Parity=B, 8=C und 9=D\nI\u0026gt; Dann Parity=A, 10=B, 11=C und 12=D.\nI\u0026gt; Parity läuft also um. Da bei jedem Write auch Parity geschrieben wird, verteilen sich so die Parity Writes auf alle Spindeln.\nABCD123P45p67p89p101112 I\u0026gt; Ein long write ist ein Rewrite einer ganzen Raidline, also hier 192k am Stück auf einer 192k-Grenze. Passiert oft bei Fileservern, die etwa Mediafiles schreiben. Das sind drei logische Writes: write 1, write 2, write 3. Die werden zu 4 physikalischen writes: write 1, write 2, write 3 und write p = 1 xor 2 xor 3.\nI\u0026gt; Ein short write ist jeder andere write. Passiert oft bei Datenbanken. Ein LOGISCHER write (write 1) wird hier zu 4 physikalischen Disk Operations:\nread 1, read parity, (parity xor 1 xor 1neu = parity_neu), write 1neu, write parity_neu. I\u0026gt; Mit Caches kann ein Raid-5 2 von den 4 physikalischen Operations eliminieren (die beiden Reads). Daher sind Raid-5 sehr schlecht bei Datenbanken und allem anderen Zeugs mit kleinen Writes.\nI\u0026gt; Reads skalieren fein: ein 4-Disk Raid-5 performt beim Read wie ein 3-Disk Raid-0. Das ist gut\nI\u0026gt; Das sind die \u0026ldquo;undegraded\u0026rdquo; Fälle. Jetzt failed eine Platte, sei es disk C. Wir lesen 1 → read A. Wir lesen 2 → read B.\nI\u0026gt; Wir lesen 3 → Read D, (cacheable) read A, (cacheable) read B und deliver 3 = p xor a xor b.\nI\u0026gt; Wenn wir short Reads haben, wird also jeder Read auf die failed Disk zu einem Read ALLER anderen Disks. Mit Caches geht es dann wieder.\nI\u0026gt; Mit einem Hot Spare geht das Array bei einem Failure sofort in den Reconstruct und sollte so konfiguriert sein, daß es so viel Power als möglich in den Reconstruct steckt: Alle Idlezeit und garantierte Mindestbandbreite so konfiguriert, daß Wirkbetrieb gerade noch erträglich geserved wird.\nI\u0026gt; Sobald das hotspare dann in sync ist, kann der Wirkbetrieb wieder ohne degraded Performance sauber geliefert werden. Und die Redundanz ist wieder hergestellt, Plattenfehler treten oft als Doppelfehler auf, das ist wie bei Glühbirnen, die haben ja auch dieses Gruppen-Fehlerverhalten.\nO\u0026gt; Und um die Lehrstunde komplett zu machen, sagst Du mir, wie ich mit 4 Platten möglichst gut fahre.\nI\u0026gt; 3 Platten ist minimum für Raid-5. Also 3+hotspare nach Lehrbuch, oder 4+keine spare und volles Risiko. Offiziell würde man immer 3+hotspare bauen und bei entsprechender Verfügbarkeitsanforderung auch noch Hotplug-Rahmen nehmen. Vielleicht mal mit Micha von Delta Computer reden. Die Plattengehäuse von Supermicro find ich jedenfalls gut.\n","date":"2007-06-05T00:00:00Z","href":"https://blog.koehntopp.info/2007/06/05/raid-5.html","tags":["computer","hardware","lang_de"],"title":"RAID-5"},{"categories":null,"content":" Dieser Comic ist mir wichtig. Ich bin ja auch eines dieser bedauernswerten Strahlungsopfer, ein schlafgestörter, geistig zurückgebliebener, zwergenwüchsiger Kümmerling: Ich wäre eigentlich 4.50 m groß geworden, hätte Feuer speien können und die Weltherrschaft an mich gerissen, aber durch die Strahlenexperimente meines Vaters bin ich halt klein und schwach geblieben und muss meine Software unter der GPL verschenken. Danke, Papa!\nDer Comic irrt jedoch, wenn er die Gefahr bei der Strahlung verortet. Es ist nicht die Strahlung, die gefährlich ist, sondern die Antenne. Ein Mobilfunkprovider, bei dem ich mal gearbeitet habe, hat das in einer Doppelblindstudie erforscht: Antennen die mit Basisstations-Containern aufgestellt wurden erzeugen bei den Anwohnern exakt dieselben medizinischen Beschwerden wie Antennen, die unangeschlossen aufgestellt werden. Muss irgendwie die Kristallstruktur in den Antennenmetallen sein.\n","date":"2007-05-29T00:00:00Z","href":"https://blog.koehntopp.info/2007/05/29/die-wahrheit-ueber-wifi.html","tags":["hardware","lang_de"],"title":"Die Wahrheit über Wi-Fi"},{"categories":null,"content":" Zur Zeit lese ich gerade The Origin Of Wealth , ein Buch, das dem Namen nach über Volkswirtschaft ist. Es beginnt aber mit einer Tour durch die Wirtschaftstheorie und einer Kritik derselben, um sich dann erst einmal dem Thema zellulare Automaten zuzuwenden und über verschiedene Simulationsexperimente mit agentenbasierten verteilten Systemen diskutieren. Der Autor,\nEric Beinhocker zeigt dann, wie solche Systeme dieselben Ergebnisse bringen können wie traditionelle Wirtschaftstheorie, nur genauer und mit weniger Aufwand.\nDas Buch hat einen starken Bezug zu Growing Artificial Societies , dem Sugarscape -Buch.\nDie Autoren beschreiben Sugarscape so:\nOn a small, bagel-shaped planet, tribes of natives—collectively known as \u0026ldquo;agents\u0026rdquo;—go about their lives. They reproduce. They eat. They travel. They squabble over limited resources, or trade them if doing so is to their mutual advantage. They exist entirely in a computer.\nAxtell und Epstein gelingt es, wesentliche Prozesse und Verteilungen, die wir in der richtigen Welt beobachten können, in Sugarscape mit Agenten nachzustellen, deren Regelsatz auf eine halbe Druckseite paßt. Die Sugarscape-Agenten generieren Märkte und Preisfindungssysteme, Paretoverteilungen, Power-Laws, aber eben wie in der realen Welt nur fast und mit den lokalen Abweichungen und quasi-zufälligen Schwankungen, die wir entgegen herkömmlicher Wirtschaftstheorie beobachten können. Sie können mit einem passenden Regelsatz auch evolutionäre Entwicklungen nachvollziehen und iterativ lokale Maxima finden und zwar in einer Landschaft, die nicht zwingend statisch ist.\nBeinhocker referenziert auch Murray Gell-Mann , der sich in The Quark and the Jaguar und am SFI ebenfalls mit komplexen adaptiven Systemen und zellularen Automaten beschäftigt und der die Arbeiten auf diesem Gebiet wesentlich beeinflußt hat.\nFür mich war das Buch unerwartet spannend - die meisten Wirtschaftsbücher fand ich bisher langweilig und die Mathematik darin hielt ich für suspekt, weil die Annahmen, die gemacht werden mußten, damit die Mathematik funktionierte ziemlich unrealistisch waren. Das Buch bestätigt nicht nur mein natürliches Mißtrauen gegen diese Methoden, sondern erklärt auch, warum sie notwendig waren und findet andere, einfachere Methoden, die Sachverhalte genauer auszudrücken und bessere Ergebnisse zu bekommen.\nWer sich mehr für Biologie interessiert kommt ebenfalls auf seine Kosten, weil man im Vorderteil des Buches eine der besten und portabelsten algorithmischen Beschreibungen von Evolution bekommt, die ich bisher gesehen habe.\n","date":"2007-05-15T00:00:00Z","href":"https://blog.koehntopp.info/2007/05/15/the-origin-of-wealth.html","tags":["media","book","review","lang_de"],"title":"Fertig gelesen: The Origin Of Wealth, Growing Artificial Societies, The Quark and the Jaguar"},{"categories":null,"content":" Wie in Der Bundestrojaner durchdekliniert versprochen:\n[ Mit dem Bundestrojaner bekommt ] der Staat einen Mechanismus, der für den angepriesenen Zweck vorab erkennbar ungeeignet ist, weil er die notwendigen Richtlinien zur gerichtsfesten Beweiserbringung nach Definition nicht erfüllen kann.\nUnd zwar berichtet der Deutschlandfunk von zwei Eindringversuchen deutscher Geheimdienste in fremde PCs.\nIn einem Fall ist der Schädling nach etwa zwei Wochen bemerkt worden, weil er im Ernst versucht hat, 120GB hochzuschießen, im zweiten Fall ist der Schädling sofort bemerkt worden und durch ein Programm ersetzt worden, das statt Daten blöden Scheiß geuppt hat.\nIn einem Fall hat man den Eindringling mit einem physikalischen Einbruch in die Wohnung des Besitzers auf dessen installiert, in einem anderen Fall wollte man den Eindringling mit verseuchten CDs installieren, die dem Eigentümer zugespielt worden. In diesem Fall wurde der Eindringling jedoch auch versehentlich auf Rechnern unbeteiligter Dritter installiert - so wurden nicht nur Daten von Unbeteiligten kopiert, sondern der betreffende Geheimdienst hat sich gleich selbst geDoSt.\nAber, so die taz , unsere Innenminister haben ihre Geheimdienste auch so komplett nicht im Griff:\nEigentlich war alles gar nicht so gemeint, sagt Staatssekretär Lutz Diwell (SPD), eine Schlüsselfigur des jüngsten deutschen Geheimdienstskandals. Diwell hat im Sommer 2005 als Innenstaatssekretär die Dienstvorschrift unterzeichnet, die dem Verfassungsschutz den Zugriff auf private Festplatten erlaubte. Er habe dabei aber geglaubt, dass es nur um die Beobachtung geschlossener Internet-Foren gehe. Dass der Verfassungsschutz auf dieser Grundlage auch den Inhalt privater Computer ausspähen könnte, sei ihm überhaupt nicht bewusst gewesen, erklärte er jetzt über seine Sprecherin der taz.\nSo viel zum Thema Vertrauensvorschuß . \u0026ldquo;Der Bürger darf den Diensten hier einen Vertrauensverschiß geben\u0026hellip;\u0026rdquo;\n","date":"2007-05-02T00:00:00Z","href":"https://blog.koehntopp.info/2007/05/02/unf-lle-mit-dem-bundestrojaner.html","tags":["security","überwachung","lang_de"],"title":"Unfälle mit dem Bundestrojaner"},{"categories":null,"content":"Im Handelsblatt sieht die Wirtschaft Online-Razzien gelassen :\nObwohl in der deutschen Wirtschaft die Sorge vor Internet-Attacken auf interne Daten- und Steuerungssysteme wächst, hat sie grundsätzlich gegen den geplanten PC-Zugriff durch den Staat nichts einzuwenden. Die Arbeitsgemeinschaft für Sicherheit der Wirtschaft stellt dafür allerdings eine Bedingung\u0026hellip;.\u0026ldquo;Es müssen jedoch zielgerichtete Eingriffe gegen potenzielle terroristische Straftäter sein, bei denen die rechtsstaatlichen Grenzen genau definiert sind\u0026rdquo;, sagte Thomas Menk, Vorsitzender der Arbeitsgemeinschaft für Sicherheit der Wirtschaft (ASW).\nWer ist Thomas Menk? Das Bundestrojaner-Blog hat nachgesehen :\nDr. Thomas Michael Menk ist seit Leiter der Konzernsicherheit (Corporate Security Department) der DaimlerChrysler AG. Zuvor war er im Bundesministerium des Innern und im Bundesamt für Verfassungsschutz tätig. Er ist Vorsitzender der Arbeitsgemeinschaft für Sicherheit in der Wirtschaft e.V (ASW) und war zuvor Präsident des Verbandes für Sicherheit in der Wirtschaft Baden-Württemberg e. V. (VSW BW). Seit 2002 ist er Mitglied im Ausschuss für Sicherheitsfragen des Bundesverbandes der Deutschen Industrie e. V. (BDI).\nAch deswegen.\n","date":"2007-04-18T00:00:00Z","href":"https://blog.koehntopp.info/2007/04/18/bundestrojaner-im-handelsblatt.html","tags":["security","überwachung","lang_de"],"title":"Bundestrojaner im Handelsblatt"},{"categories":null,"content":"Deutschlandradio interviewed Thomas de Maizière:\nThomas de Maizière:Jeder, der das Internet benutzt, auch privat, nicht nur im Verhältnis zum Staat, muss wissen, dass er sich damit sehr viel offener macht, als er das vielleicht glaubt. Jeder kann einen Trojaner bekommen. Es können Informationen abgesaugt werden\u0026hellip;.\nDeutschlandradio Kultur: Und da wird Karlsruhe mitspielen, glauben Sie?\nThomas de Maizière: Das muss man probieren, wie weit man gehen kann. Und dann ist jeder eingeladen, eine Verfassungsbeschwerde einzulegen, und dann wird Karlsruhe darüber zu entscheiden haben.\nWie immer möchte ich an dieser Stelle meine Forderung wiederholen, Politiker für die Folgen schlechter Gesetze im selben Umfang persönlich haftbar zu machen wie ich es etwa als Consultant vor Ort bin.\n","date":"2007-04-15T00:00:00Z","href":"https://blog.koehntopp.info/2007/04/15/erst-mal-die-verfassung-brechen.html","tags":["politik","security","überwachung","lang_de"],"title":"Erst mal die Verfassung brechen..."},{"categories":null,"content":"Die GPL V3 ist sehr einfach zu lesen - wenn man wissen will, was drin steht, muss man lediglich die Präambel lesen, die in sehr klaren Worten und ohne juristisches Blafasel genau erklärt, was die Ziele und Methoden der GPL V3 sind und wieso sie Lizenz so aussieht wie sie aussieht. Der dritte Entwurf der GPL V3 ist nun fertig und wird weit besser aufgenommen als der zweite Entwurf .\nDie Idee der GPL ist die Schaffung eines geschützten Raums, in dem kooperiert werden kann. Das bedeutet, daß die GPL einem Nutzer dieser Lizenz bestimmte Rechte gibt und Zusatzbestimmungen einführt, deren Ziel es ist, dafür zu sorgen, daß diese Rechte immer für jeden gelten, der sich den Bestimmungen der GPL unterwirft. Die Idee ist es, Software aus dem GPL Pool nutzen zu können, im Gegenzug aber die Nutzer dieser Software dazu zu verpflichten, die Dinge, die sie mit dieser Software bauen allen anderen Nutzern dieses Pools unter denselben Bedingungen zur Verfügung zu stellen.\nDie GPL ist, wie anderswo erklärt , eine Lizenz - man erwirbt also Rechte an etwas, das man sonst nicht nutzen könnte. Die GPL ist nicht umsonst - man zahlt für diese Rechte damit, daß man im Gegenzug anderen dieselben Rechte an dem gewährt was man geschaffen hat, indem man die GPL-Rechte genutzt hat.\nDas System hat in den vergangenen Jahrzehnten recht gut funktioniert, aber neuere Entwicklungen in der Anwendungsentwicklung und im Urheberrecht haben die FSF dazu gebracht, die GPL zu überarbeiten.\nIch schrieb in GPL: Marktdurchdringung ist kein Wert an sich :\nWenn man die Entwicklung der letzten Jahre nämlich betrachtet, dann wird eines immer klarer: Es kann keine Koexistenz mit Closed Source geben, sondern nur eine strikte Trennung. Diese Erkenntnis ist nicht neu: Am 27. September 1983, also vor nunmehr 23 Jahren wurde das GNU Projekt gegründet. Es entstand unter anderem, weil jemand Code aus der Allmende genommen und unter seine Käseglocke gestellt hat. Die Funktion der GPL ist es, eine Wiederholung eines solchen Szenarios zu verhindern.\nDie GPL ist eine wehrhafte Lizenz und die Version 3 paßt sie an die Erfordernisse einer neuen Zeit an, um die Freiheiten der GPL unter diesen Bedingungen zu erhalten.\nDie Probleme, die die GPL V2 hat, bestehen in zwei Kernnbereichen:\nEinmal ist es in den letzten Jahren vermehrt üblich geworden, Software als einen Service anzubieten. Firmen, die so etwas tun, verwenden GPL V2 Software in großen Maßstab, liefern sie aber niemals aus. Daher wird die Schrankenbestimmung für die letzte Freiheit der GPL niemals wirksam: Die Verpflichtung, die eigenen Änderungen an einem Stück Software Dritten zur Verfügung zu stellen wird nur dann wirksam, wenn man diese Software auch an Dritte weitergibt. Bei Software als Service passiert das nicht - man gibt nur die Wirkungen dieser Software an Dritte weiter. Solche Dienstleister bedienen und bereichern sich also am Pool der GPL-Software ohne daß ihre eigenen Veränderungen auf der Grundlage dieses Fundus in den Pool zurückfließen müssen - der Kooperation wird die Grundlage entzogen und die Allmende stagniert . Andere Schutzrechte als das Urheberrecht werden zusätzlich wirksam: Es ist für einen Nutzer von GPL-Software möglich, den Quelltext zu einer Software zu erhalten, aber er wird möglicherweise durch andere Schutzrechte gehindert, diese Software vollumfänglich zu nutzen. Dies können durch das Urheberrecht selber geschützte DRM-Mechanismen sein ( Tivoisierung ), es kann sich aber auch um Patente auf Software handeln. Die GPL V3 formuliert ihre Absichten hier so:\nSome devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the purpose of the GPL, which is to protect users\u0026rsquo; freedom to change the software where changes are possible. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users.\nFinally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in places where they do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free.\nNeu in der GPL V3: Der Absatz 3 \u0026ldquo;No Denying Users\u0026rsquo; Rights through Technical Measures\u0026rdquo;. sagt, daß ein GPL V3 Programm nicht Teil eines DRM-Mechanismus sein kann. Die GPL V3 bezieht sich dabei (zur Zeit) auf Artikel 11 des WIPO-Vertrages vom 20. Dezember 1996 und die daraus entstandenen nationalen Gesetze zur Umsetzung dieses Vertrages. Ein Gerät wie der Tivo, bei dem man die Quellen erhält, modifizieren, die daraus resultierende geänderte Software dann so aber nicht mehr auf dem Gerät installieren kann wäre mit der GPL V2 möglich, mit der GPL V3 aber nicht mehr.\nIn dieselbe Richtung zielen nun Abschnitte von Absatz 6, die ebenfalls klarstellen, was denn nun genau zum Lieferumfang gehört:\nThe information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made.\nOder in anderen Worten: Die Schlüssel, die man braucht um sein selbstgemachtes Binary so zu signieren, daß es auf ein einem Tivo tut gehören auch dazu.\nEbenfalls neu in der GPL V3: Die Klarstellung in Absatz 10 \u0026ldquo;Automatic Licensing of Downstream Recipients\u0026rdquo; und der gesamte Absatz 11 \u0026ldquo;Patents\u0026rdquo;. Der Kern der Sache ist jetzt der erste Absatz von Absatz 11:\nEach contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor\u0026rsquo;s essential patent claims in its contribution, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contribution.\nOder in anderen Worten: Wenn ich Code in ein Stück GPL einbaue, das durch eines meiner Softwarepatente geschützt ist, dann gebe ich damit auch gleich eine kostenfreie, unbefristete und unbeschränkte Lizenz für die Nutzung dieser Patente an jedem Nutzer dieser Software mit. Dies ist übrigens nichts neues - schon die GPL V2 hat einen ähnlichen Effekt , wenn auch nicht so explizit formuliert.\nWeitere Änderungen an der GPL sind eher technischer Natur und nur verständlich, wenn man sich mit dem rechtlichen Umfeld ihrer Entstehung beschäftigt. Dies wird in den Anmerkungen zum Entwurf beschrieben.\n","date":"2007-04-02T00:00:00Z","href":"https://blog.koehntopp.info/2007/04/02/gpl-v3-rc3-was-steht-drin.html","tags":["copyright","free software","lizenz","patent","lang_de"],"title":"GPL V3 RC3 - Was steht drin?"},{"categories":null,"content":"Es ist mal wieder Zeit, sehr alte Hüte rauszukramen. Heute habe ich mir dienstlich eine Datenbank angesehen, die von PHP aus angesprochen wird. Das PHP, das dort verwendet wird, ist sehr loses PHP, also ohne die Verwendung eines großartiges Frameworks geschrieben. Entsprechend bin ich quasi sofort über SQL-Injections und XSS gefallen.\nDenn schon nach kurzem Suchen findet man Code wie den folgenden:\n$theValue = $_REQUEST[\u0026#39;theValue\u0026#39;]; ... if ($theValue != \u0026#34;\u0026#34;) { $where .= \u0026#34; where theColumn = \u0026#39;$theValue\u0026#39;\u0026#34;; } Eigentlich hat der betrachtete Code eine cleanup()-Funktion, die für jeden Wert aufgerufen werden soll, und die nicht nur den Typ des Wertes deklariert, sondern auch das notwendige Escapen der Werte \u0026ldquo;in place\u0026rdquo; vornimmt.\nDas ist aber in mehrfacher Hinsicht unschön.\nWenn man Code wie\n$_REQUEST[\u0026#39;theValue\u0026#39;] = cleanup($_REQUEST[\u0026#39;theValue\u0026#39;], \u0026#39;text\u0026#39;) schreibt, und vergisst diesen Cleanup-Aufruf einzufügen, dann haben wir keinen bemerkbaren Fehler: Der Folgecode, der auf $_REQUEST['theValue'] zugreift, bekommt Werte zu sehen und bleibt nicht mit einer Fehlermeldung \u0026ldquo;Keine Inputreinigung vorgenommen!\u0026rdquo; stehen.\nAußerdem sind die angewendeten Typprüfungen nicht flexibel genug und gehen nicht weit genug. \u0026rsquo;text\u0026rsquo; erzeugt im betrachteten Code gerade mal ein mysql_real_escape_string(), aber wendet keine weitergehenden Prüfungen auf den Eingabewert ein. Außerdem werden Eingabewerte, die für die Seite gar nicht da sein dürfen, trotzdem akzeptiert und dann vielleicht ignoriert – vielleicht aber auch nicht.\n(Das folgende Codebeispiel zum Runterladen: [input_validation.php.txt](/uploads/input_validation.php.txt\u0026quot; title=\u0026ldquo;input_validation.php.txt\u0026rdquo; target=\u0026quot;_blank))\nKurz gesagt: Was ich möchte ist eigentlich eine Typdeklaration für eine PHP-Seite, die die Eingabeparameter mit Namen und Typprüfungen deklariert.\n$cleaners = array( \u0026#34;county\u0026#34; =\u0026gt; array( \u0026#34;check\u0026#34; =\u0026gt; \u0026#34;text_regex\u0026#34;, \u0026#34;pattern\u0026#34; =\u0026gt; \u0026#34;[a-zA-Z0-9]+\u0026#34; ), \u0026#34;year\u0026#34; =\u0026gt; array( \u0026#34;check\u0026#34; =\u0026gt; \u0026#34;int_minmax\u0026#34;, \u0026#34;min\u0026#34; =\u0026gt; 1834, \u0026#34;max\u0026#34; =\u0026gt; 1864), \u0026#34;quarter\u0026#34; =\u0026gt; array( \u0026#34;check\u0026#34; =\u0026gt; \u0026#34;int_enum\u0026#34;, \u0026#34;values\u0026#34; =\u0026gt; array(1, 2, 3, 4) ) ); Ich will dann eine Eingabeprüfung, die ein Input-Array durchgeht und die Cleaners der Reihe nach anwendet. Das Resultat ist eine optionale Liste von Fehlern und ein gesäubertes Input-Array $_CLEAN, das vom $_REQUEST-Array verschieden ist.\n// simulated input $_REQUEST = array( \u0026#34;county\u0026#34; =\u0026gt; \u0026#34;someword\u0026#34;, \u0026#34;year\u0026#34; =\u0026gt; 1900, \u0026#34;quarter\u0026#34; =\u0026gt; 3, \u0026#34;bogus\u0026#34; =\u0026gt; \u0026#34;value\u0026#34; ); // collect error messages $_ERROR = array(); // clean it up $_CLEAN = clean($_REQUEST, $cleaners, $_ERROR); // the cleaned input echo \u0026#34;cleaned input\\n\u0026#34;; var_dump($_CLEAN); // the error messages echo \u0026#34;collected errors\\n\u0026#34;; var_dump($_ERROR); Fehlt der clean()-Aufruf am Anfang einer Seite, ist $_CLEAN leer und späterer Code, der $_CLEAN referenziert, kann nicht funktionieren – der Fehler wird sofort bemerkt.\n$_CLEAN kann nur Werte enthalten, deren Namen als Keys in $cleaners deklariert sind – undeklarierte Eingabewerte existieren nicht mehr in unserem Programm. $_CLEAN kann außerdem nur Werte enthalten, für die die in $cleaners[$k]['check'] deklarierten Checkerfunktionen existieren – Deklarationsfehler bei Checkerfunktionen führen zu Programmabbruch und werden so sofort bemerkt. Schließlich kann $_CLEAN nur Werte enthalten, für die die angegebenen Checkerfunktionen erfolgreich waren.\nEine Checkerfunktion hat den Namen check_... und gibt ein Paar (Wert, Fehlermeldung) zurück. Wenn der Wert NULL ist, ist eine Fehlermeldung vorhanden und kann eingesammelt werden – der Checker ist fehlgeschlagen. In allen anderen Fällen ist der Checker erfolgreich.\nDiese Bedingungen sind schnell runtergeschrieben und sehen in Code dann so aus:\nfunction clean($R, $cleaners, \u0026amp;$E = \u0026#34;\u0026#34;) { // collected results in $C, collect errors in $E (which is optional) $C = array(); // scan the request variables foreach ($R as $k =\u0026gt; $v) { // Check for bogus values. if (! array_key_exists($k, $cleaners)) { if (DEBUG) echo \u0026#34;*** WARNING: Skipped bogus value $k =\u0026gt; $v\\n\u0026#34;; continue; } // If we make it to here, the value should be imported. // generic cleanup $v = get_magic_quotes_gpc() ? stripslashes($v) : $v; $v = function_exists(\u0026#34;mysql_real_escape_string\u0026#34;) ? mysql_real_escape_string($v) : mysql_escape_string($v); // The value can be imported only, if the specified cleaner exists. $checkfun = \u0026#34;check_\u0026#34; . $cleaners[$k][\u0026#39;check\u0026#39;]; if (function_exists($checkfun)) { // $c will then be the sanitized value list($c, $e) = $checkfun($k, $v, $cleaners[$k]); } else { die(\u0026#34;*** ERROR: $k =\u0026gt; $v fails \u0026#34;. \u0026#34;because specified checkfun $checkfun does not exist.\\n\u0026#34;); } // The value can be imported only, if the specified cleaner succeeded. if (isset($c)) { if (DEBUG) echo \u0026#34;Import $k\u0026#39;s value of $v as $c\\n\u0026#34;; $C[$k] = $c; if (isset($e)) $E[$k] = $e; // collect error anyway } else { if (DEBUG) echo \u0026#34;*** WARNING: Not importing $k, \u0026#34;. \u0026#34;because $v failed $checkfun().\\n\u0026#34;; $E[$k] = $e; // collect error } } return $C; } Jetzt müssen wir nur noch Checkfunktionen schreiben, die die eigentlichen Prüfungen ausführen. In unserem Fall wollen wir noch die folgenden Konventionen gelten lassen:\nJede checkfun hat einen Parameter default, der einen von NULL verschiedenen Default-Wert definieren kann. In diesem Fall schlägt der Check nie fehl, sondern returned den spezifizierten Default-Wert. Eine eventuell erzeugte Fehlermeldung wird dennoch eingesammelt, hat dann aber mehr den Character einer Warnung. Für jeden Parameter p einer checkfun wollen wir optional auch die Definition eines Fehlermeldungs-Parameters p_err zulassen, mit dem die Fehlermeldung überschrieben werden kann, den die checkfun generiert, wenn der Test für p fehlschlägt. Einige Beispiele werden das klarer machen. Hier ist der regexp-Test:\nfunction check_text_regex($k, $v, $par) { $pattern = $par[\u0026#39;pattern\u0026#39;]; $pattern_err = \u0026#34;check_text_regex: \u0026#34;. (array_key_exists(\u0026#39;pattern_err\u0026#39;, $par)? $par[\u0026#39;pattern_err\u0026#39;]: \u0026#34;$v did not match $pattern.\u0026#34;); $default = array_key_exists(\u0026#39;default\u0026#39;, $par)?$par[\u0026#39;default\u0026#39;]:NULL; if (DEBUG) echo \u0026#34;In check_text_regex: k=$k v=$v pattern= $pattern\\n\u0026#34;; if (preg_match(\u0026#34;/^$pattern\\$/\u0026#34;, $v)) return array($v, NULL); else return array($default, $pattern_err); } Der Test prüft, ob der Wert $v dem regulären Ausdruck $par['pattern'] genügt. Wenn ja, wird $v ohne Fehlermeldung zurückgegeben. Wenn nein, wird $par['default'] zusammen mit der Fehlermeldung $par['pattern_err'] zurückgegeben.\nEntsprechend der minmax-Test:\nfunction check_int_minmax($k, $v, $par) { $min = $par[\u0026#39;min\u0026#39;]; $min_err = \u0026#34;check_int_minmax: \u0026#34;. (array_key_exists(\u0026#39;min_err\u0026#39;, $par)? $par[\u0026#39;min_err\u0026#39;]:\u0026#34;$v \u0026lt; $min.\u0026#34;); $max = $par[\u0026#39;max\u0026#39;]; $max_err = \u0026#34;check_int_minmax: \u0026#34;. (array_key_exists(\u0026#39;max_err\u0026#39;, $par)? $par[\u0026#39;max_err\u0026#39;]:\u0026#34;$v \u0026gt; $max.\u0026#34;); $default = array_key_exists(\u0026#39;default\u0026#39;, $par)?$par[\u0026#39;default\u0026#39;]:NULL; if (DEBUG) echo \u0026#34;In check_int_minmax: k=$k v=$v min=$min max=$max\\n\u0026#34;; $v = intval($v); if ($v \u0026lt; $min) return array($default, $min_err); if ($v \u0026gt; $max) return array($default, $max_err); return array($v, NULL); } Dieser Test folgt demselben System: Wenn der Wert $v zwischen $min und $max liegt, wird er ohne Fehlermeldung zurückgegeben. Andernfalls wird $default und eine Fehlermeldung erzeugt. Die Fehlermeldungen können dabei als $min_err und $max_err spezifiziert werden, der $default ist NULL.\nUnd der int_enum-Test, um das Beispiel vollständig zu machen:\nfunction check_int_enum($k, $v, $par) { $values = $par[\u0026#39;values\u0026#39;]; $valuestring = join(\u0026#34;,\u0026#34;, $values); $values_err = \u0026#34;check_int_enum: \u0026#34;. (array_key_exists(\u0026#39;values_err\u0026#39;, $par)? $par[\u0026#39;values_err\u0026#39;]:\u0026#34;$v not in $valuestring.\u0026#34;); $default = array_key_exists(\u0026#39;default\u0026#39;, $par)?$par[\u0026#39;default\u0026#39;]:NULL; if (DEBUG) echo \u0026#34;In check_int_enum: k=$k v=$v values=($valuestring)\\n\u0026#34;; $v = intval($v); if (array_search($v, $values) === false) return array($default, $values_err); return array($v, NULL); } Auch hier werden die Konventionen befolgt: $default und die Fehlermeldung $values_err, wenn der gegebene Wert $v nicht im $values-Array vorkommt, sonst $v und keine Fehlermeldung.\nMit diesem Code und ein wenig Suchen und Ersetzen sollte sich jede framework-freie PHP-Seite schnell auf eine harte Deklaration von Eingabeparametern umstellen lassen:\n$cleaners definieren Alle Vorkommen von $_REQUEST durch $_CLEAN ersetzen globals $_CLEAN nachrüsten, weil $_CLEAN kein Superglobal ist Aufruf von clean() an passender Stelle einfügen, ggf. Fehlerbehandlung in $_ERROR vornehmen Nein, auch das ist nicht 100% wasserdicht, dürfte aber das meiste Feld-, Wald- und Wiesen-PHP schon mal gründlich gegen die größten Dummheiten schützen.\nUnd das alles mit weniger als 60 Minuten Codieraufwand. Vielleicht sollte man eine Extension draus machen, und die so konfigurieren, daß sie die echten $_REQUEST, $_GET, $_POST, $_FILES und $_COOKIE verbirgt und durch zwangsweise von clean() generierte Arrays gleichen Namens ersetzt.PHP-Seiten ohne $cleaners[]-Array können dann gar keine Parameter mehr im Zugriff haben.\n","date":"2007-03-30T00:00:00Z","href":"https://blog.koehntopp.info/2007/03/30/parameterdeklarationen-fur-webseiten.html","tags":["php","security","lang_de"],"title":"Parameterdeklarationen für Webseiten"},{"categories":null,"content":"Die Süddeutsche Zeitung hat einen etwas unklaren Artikel mit dem Titel Internet: Ende der Kultur? . Dort beklagt man einerseits die Kultur des Kopierens im Internet und sieht das Ende der abendländischen Zivilisation durch Raubkopieren heraufdämmern. Zugleich beklagt man aber das viel zu restriktive Copyright-Regime der letzten Jahre, das die Privatkopie zwar nominell erlaubt, aber die Umgehung technischer Schutzmechanismen verbietet. Am Ende ist der Artikel aber kaum mehr als eine recht undifferenzierte Plagiierung der Propaganda der Medienindustrie - die Kommentare zum Artikel sind jedenfalls um vieles spannender als der Artikel selber.\nDer Artikel gibt mir aber die Gelegenheit, hier einmal zu erklären, wieso ich alle meine Texte komplett online stelle.\nMein Textarchiv reicht inzwischen 15 Jahre in die Vergangenheit zurück, bis in das Jahr 1992. Damals las ich einen ziemlich schlechten Artikel in den Fido-Diskussionsforen der c\u0026rsquo;t über einen Vergleich zwischen AmigaOS und VMS und fühlte die Notwendigkeit, eine recht umfassende Antwort darauf zu schreiben. Kurz danach rief ein Redakteur der c\u0026rsquo;t bei mir an und fragte, ob er diesen Artikel drucken könne. Ich antwortete ihm, daß er das selbstverständlich nicht könne, da der Artikel für einen bestimmten Kontext geschrieben wäre, der in seiner Zeitung überhaupt nicht gegeben wäre. Ich würde ihm aber gerne einen Artikel mit genau den gewünschten Inhalten für sein Magazin schreiben, der dann vom Kontext her auch alleine stehen könnte.\nEr bestellte also eine bestimmte Länge und eine gewisse Menge von Abbildungen, und ich habe ihm 4 KB mehr als die gewünschte Länge, Kürzungsanweisungen um 2, 4 und 6 KB und die gewünschten Zeichnungen geliefert. Zu meiner großen Überraschung hat die c\u0026rsquo;t das dann relativ unverändert gedruckt und mich für meine damaligen, studentischen Verhältnisse mit einer ziemlich großen Menge von Geld beworfen.\nIch hatte dann Blut geleckt und fing mehr oder weniger unsystematisch an, die Inhalte diverser Vorlesungen an der Uni in allgemeinverständlicher Weise in 20-30 KB Brocken zu pressen. Diese habe ich dann der c\u0026rsquo;t und anderen Zeitungen als Artikel angeboten. Das war immerhin besser als arbeiten! Die Ergebnisse dieser Bemühungen kann man nun auch hier im Blog lesen.\nAlle meine Autorenvereinbarungen mit allen diesen Verlagen (und noch einigen anderen mehr) sind nicht-standard. Zum Teil habe ich da einen ziemlichen Nerv durchlaufen müssen, bevor die Verlage meine Bedingungen akzeptiert haben. Sie alle enthalten eine Vertragsklausel, die mir erlaubt, was immer ich geschrieben habe sechs Monate nach der Erstveröffentlichung durch den Verlag auf meiner persönlichen Website kostenlos im Rahmen einer Gesamtwerksschau \u0026ldquo;Kristian Köhntopp\u0026rdquo; zu präsentieren. Und zwar in der uneditierten Version, so wie ich es an das Lektorat des jeweiligen Verlages geschickt habe.\nMeiner persönlichen Erfahrung nach hat der Verlag dadurch keinen Verlust: Nachdem das Heft erst einmal verkauft ist, wird der Artikel vielleicht noch einmal in einem \u0026ldquo;Best Of\u0026rdquo;-Heft nachgedruckt, oder auf der Heft-DVD \u0026ldquo;Alle c\u0026rsquo;t die jemals herausgekommen\u0026rdquo; verkauft. Der Wert des Artikels für den Verlag besteht hier nicht in dem einzelnen Artikel, sondern der Wert dieser Veröffentlichungen ergibt sich durch die Vollständigkeit: Im Sonderheft sind alle Artikel zu dem Thema, auf der DVD alle Artikel, die jemals veröffentlicht worden sind. Und der Wert meiner Website ergibt sich genauso: Alle Artikel, die Kris jemals geschrieben hat. Es besteht keine Konkurrenz: Beides sind Datenbanken, aber sie sind entlang unterschiedlichen Dimensionen für unterschiedliche Zwecke gebaut worden.\nIch vergebe mir auf diese Weise auch keine wesentlichen Einnahmen: Die Artikel sind Auftragsarbeiten, sie sind bereits bezahlt und durch den Verlag auch verkauft. Sie sind auch nach der Veröffentlichung auf der Website durch das Urheberrecht geschützt: Leute können sie zur persönlichen Bildung auf meiner Website lesen, sie können sie verlinken und referenzieren - ich halte die URLs auf meiner Site mit Absicht stabil. Wenn jemand die Artikel kommerziell nutzen oder kopieren möchte, muss er sich dennoch an den Rechteinhaber wenden. Hier also den betreffenden Verlag, der die Rechte gekauft hat.\nAuf der anderen Seite habe ich mit dieser Website nun 44 Megabyte veröffentlichtes Material unterhalb von https://blog.koehntopp.info im Netz, das von Suchmaschinen gut gefunden wird und den Namen \u0026ldquo;Kristian Köhntopp\u0026rdquo; mit einer Menge von Themen assoziiert, zu denen ich was zu sagen habe und zu denen ich meine Dienste anbieten kann. Dazu kommen dann noch die Texte unter http://www.php-faq.de/ , die mir zuzurechnen sind.\nIn der Tat funktionieren alle diese Artikel als eine viel bessere Referenz als jedes Arbeitszeugnis: Als ich mein relativ ad-hoc anberaumtes Bewerbungsgespräch bei web.de geführt habe, hatte ich praktisch keine Zeugnisse dabei. Mir saßen dort mein zukünftiger Chef und ein zukünftiger Kollege gegenüber und ich bekam als Opener zu hören \u0026ldquo;Also, wir haben uns Ihre Website schon einmal angesehen, und das ist ja relativ beeindruckend. Über die fachliche Qualifikation brauchen wir im Grunde nicht mehr zu diskutieren.\u0026rdquo; Danke, so lasse ich mir ein Bewerbungsgespräch gefallen!\nZeitweise fand man auf http://kris.koehntopp.de die Bitte, mich nicht anzurufen, sondern Mail zu schicken:\nDas ist meine Telefonnummer. Es ist wirklich meine Telefonnummer. Sie ist für Freunde und Bekannte und für Notfälle. Sie ist nicht für \u0026gt; Kontaktaufnahme wegen Fragen zu meinen Vorträgen, oder für \u0026ldquo;mal eben eine \u0026gt; Frage zu PHP\u0026rdquo;. Dafür gibt es Mail.\nDie entsprechende Passage in der PHP-FAQ wird noch deutlicher:\nDer Autor dieser Antwort erhält zur Zeit pro Woche zwischen 40 und 60 private Fragen nach Hilfe zu PHP. Keine dieser Fragen wird beantwortet - das ist arbeitsmäßig einfach nicht zu schaffen. Allgemein: Es ist sinnlos, Fragen per Mail an einen der Autoren dieser FAQ zu senden. Du belastest damit eine einzelne Person mit Arbeit, statt die Arbeit auf die Newsgroup zu verteilen. Außerdem ist diese Arbeit verschwendet, denn die Antwort wird nur von Dir und nicht von den anderen Lesern der Newsgroup gelesen. Auch kann die Antwort nicht vom FAQ-Team weiterverarbeitet werden.\nBeide Hinweise waren recht dringend, weil die Texte auf der Site und die FAQ weitaus mehr Öffentlichkeit (und Arbeitsgelegenheiten) produziert haben als ich sinnvoll brauchen konnte.\nZusammenfassend kann ich also sagen: Meiner persönlichen Erfahrung nach kann ich von der Veröffentlichung von Texten in Zeitschriften oder Büchern ganz gut leben. Aber diese Texte sind viel effektiver genutzt, indem ich sie als Werbung benutze die die Marke \u0026ldquo;Kristian Köhntopp\u0026rdquo; positionieren, um Aufträge für mich oder meinen Arbeitgeber hereinzuholen: die c\u0026rsquo;t zahlt gut, aber nur ein Tag Consulting generiert mehr Umsatz als selbst ein großer c\u0026rsquo;t-Artikel. Die Artikel sind auch gut genutzt, um die Marke \u0026ldquo;Kristian Köhntopp\u0026rdquo; bei einem zukünftigen Arbeitgeber oder Auftraggeber zu positionieren und zu legitimieren. Oder einfach um mit legitimen Methoden Such-Traffic auf meine Webseiten zu ziehen. In der Summe mache weitaus mehr Gewinn damit, meine Texte en gros \u0026ldquo;zu verschenken\u0026rdquo; als wenn ich sie für Geld scheibchenweise verkaufen würde.\nIch kann jedem potenziellen Autor für Fachzeitschriften nur empfehlen, diese Sechsmonatsklausel zu kopieren und frühzeitig damit zu beginnen eine \u0026ldquo;Werkschau\u0026rdquo;-Website aufzubauen. Für mich hat das gut funktioniert - am Anfang ist das ein bisschen ärmlich, aber im Laufe der Jahre und Jahrzehnte kommt dort eine ganze Menge Material zusammen, das letztendlich im wahrsten Sinne des Wortes für einen selbst spricht . Diese Erkenntnis ist nicht bloß meine: Paul Gerhardt, Project Director of BBC Creative Archive , fasst dieselbe Erkenntnis folgendermaßen zusammen:\nOur message to all content owners, including all the rights owners in our programs, is uncompromising. We\u0026amp;\u0026rsquo;re saying that the greatest danger today to their property is not piracy. It\u0026rsquo;s obscurity.\nMeine Website ist nichts anderes als mein privater Versuch, dies für mich selbst zu vermeiden.\n","date":"2007-03-18T00:00:00Z","href":"https://blog.koehntopp.info/2007/03/18/warum-alle-meine-texte-frei-im-netz-zu-lesen-sind.html","tags":["blog","media","copyright","lang_de"],"title":"Warum alle meine Texte frei im Netz zu lesen sind"},{"categories":null,"content":"Eine Million Leute fragen nach technischen Interviews zum Thema Bundestrojaner. Nichts könnte irrelevanter sein.\nIrssi: Starting query with J I\u0026gt; Was denn??\nJ\u0026gt; Kennst Du Leute, die sich gerne qualifiziert abwertend ueber Bundestrojaner und technische Machbarkeit aeussern wuerden?\nI\u0026gt; nein.\nI\u0026gt; X vielleicht, Y von Y.org vielleicht.\nJ\u0026gt; Daneben, falls moeglich wen, der weiss, was man so zur Terroristenfahndung bei deutschen Behoerden im Internet macht. Der Z hatte einen Kontakt beim BKA, der will aber verstaendlicherweise nicht. Ok, den Herrn X koennte ich da mal anfragen, gute Sache.\nI\u0026gt; Das ist ein Terror-Thema. Das bedeutet, man muss diese Leute erst mal machen und sie auf das Maul fallen lassen. Weil aus deren Sicht ist das alles engineered, beherrschbar und ein Fortschritt. So wie bei den Wahlmaschinen. Oder bei Atomkraftwerken. :) Da muss immer erst eines explodieren.\nJ\u0026gt; :-)\nI\u0026gt; Siehe meinen Artikel zum Thema Vertrauensvorschuß.\nJ\u0026gt; jepp. Hatte ich gelesen.\nI\u0026gt; Und ich denke, nach Celler Loch, nach der \u0026ldquo;die NPD ist vom Verfassungsschutz gesponsored\u0026rdquo;, nach Kurnaz, nach dem FBI Security Letters Abuse und all den anderen Dingen ist es so, daß wir primär darauf bestehen müssen, daß die Methoden, die der Staat hier einsetzt nachvollziehbar, offen und auditierbar bleiben. Aber ein ehrlicher Staat hat ja auch nix zu verbergen.\nI\u0026gt; Und das Bundestrojaner ist halt primär auch kein technisches Problem, sondern ein methodisches. Er ist die Einführung einer Methode, die per Definition keines der o.a. Kriterien erfüllt.\nI\u0026gt; Der Rest ist nur technischer Zuckerguß, und der mag funktionieren oder auch nicht. Das ist für das Endergebnis vollkommen irrelevant\nJ\u0026gt; Eher nicht funktionieren, in diesem Fall :-)\nI\u0026gt; Schon. Aber das spielt keine Rolle.\n","date":"2007-03-12T00:00:00Z","href":"https://blog.koehntopp.info/2007/03/12/das-generelle-mi-verst-ndnis-beim-bundestrojaner.html","tags":["security","terror","überwachung","lang_de"],"title":"Das generelle Mißverständnis beim Bundestrojaner"},{"categories":null,"content":"Der Artikel Der Bundestrojaner durchdekliniert hat, wenn man nach den Trackbacks und den Kommentaren geht, einiges Echo hervorgerufen.\nEinige der derzeit kursierenden Kommentare und Theorien zum Bundestrojaner sind aber Unsinn und ich bin in der Position, das vielleicht ein wenig gerade zu ziehen. So heißt es erstmals bei Telepolis: Heimliche Online-Durchsuchungen sind möglich :\nDenn der Staat hat bereits eine vollständige Infrastruktur für Man-In-The-Middle-Angriffe auf jegliche elektronische Telekommunikation: die [extern] SINA-Boxen bzw. IMS (Interception Management Systems). Diese Geräte muss ein jeder größerer Provider in seinem Netz installiert haben, dazu verpflichtet ihn die TKÜV. Denn über diese Geräte ist die [extern] Möglichkeit des Abhörens jeglicher Telekommunikation implementiert. SINA-Boxen ließen sich ohne großen Aufwand zu weiteren Zwecken umbauen.\nDies wird in Mitarbeiter von Antiviren-Software werden zur Mitarbeit gedrängt aufgegriffen:\nMitarbeiter des Magazins von Telepolis halten den Einsatz von Trojanern für möglich und jeglichen Schutz dagegen für schwierig. Deren Ansicht nach könnte der Staat den Vertreib ihrer Durchleuchtungssoftware mit vergleichsweise wenig Aufwand realisieren. Von statten gehen soll dies unter unter Mithilfe der Modifikation der SINA-Boxen. (Sichere Inter-Netzwerk Architektur) Zu dessen Einbau ist jeder größere Internetanbieter verpflichtet. Durch das Verfremden eines beliebigen Downloads kann der staatliche Angriffscode auf dem heimischen Rechner implantiert werden.\nDas ist vollkommen falsch.\nSina-Box: Funktionen und Aufbau\nWas Sina ist und kann, kann man beim BSI nachlesen: Projekt Sina Systembeschreibung . Die Abkürzung SINA steht dafür für Sichere Inter-Netzwerk-Architektur. Es handelt sich um ein System von Kryptoboxen, mit denen ein zentral gesteuertes, plattenloses VPN aus zertifizierten Komponenten aufgebaut werden kann und dann weiter um die dazu passenden Managementsysteme und jetzt neu auch plattenlose Arbeitsplatzsysteme zur Verarbeitung von Daten mit hoher Geheimhaltungsstufe und die dazu passende Server-Architektur mit gehärteter Virtualisierungssoftware und Datenimportfunktionen.\nSINA ist für eine Reihe von Szenarien entwickelt worden, in denen Daten mit hoher Geheimhaltungsstufe in feindlichen Umgebungen bearbeitet werden müssen. Dazu gehören zum Beispiel auch die Dienststellen und Botschaften des auswärtigen Amtes.\nSina hat keine Funktionen, die Daten in unsicheren Netzen abfangen, verändern oder manipulieren können. Sina hat stattdessen genau die entgegengesetzte Funktion, nämlich solche Angriffe zu verhindern und unmöglich zu machen.\nWelche Rolle hat also die SIN-Architektur im Rahmen der Abhörverpflichtung von Mailanbietern?\nVor der Neuregelung der TKÜV ist Überwachung bei verschiedenen Mailanbietern uneinheitlich durchgeführt worden. Das betraf einerseits die Durchführung der Überwachung hinsichtlich der Art der überwachten Aktivitäten, andererseits die Art der Übermittlung der Überwachungsergebnisse an die berechtigte Stelle.\nSo war komplett undefiniert, welche Events etwa bei der Überwachung einer IMAP-Mailbox geloggt werden müssen und es war durchaus denkbar, daß ein überwachungsverpflichteter Mailanbeiter etwa den Eingang von Nachrichten durch manuelles Einkopieren mittels der APPEND-Methode komplett übersah, weil er nur den normalen Zustellprozeß geloggt hat.\nAndererseits erfolgte die Übermittlung von Überwachungsergebnissen an berechtigte Stellen zum Teil ungesichert (durch Zustellung über das offene Internet an \u0026ldquo;unverfänglich\u0026rdquo; benannte Mailaccounts von berechtigten Stellen bei Webmailhostern) oder auf sehr langsamen Wegen (Postzustellung von gebrannten optischen Medien an die berechtigte Stelle).\nDie überarbeitete TKÜV definiert nun nicht nur recht genau, welche Events geloggt werden müssen und in welchem Format die Übermittlung erfolgen muß, sondern sie definiert auch, wie diese Events an die berechtigten Stellen übermittelt werden sollen.\nDas ist die Stelle, an der die SINA-Boxen ins Spiel kommen. Sie werden verwendet, um ein VPN aufzubauen, das zentral gemanaged wird und das eine sichere und authentisierte Kommunikation zwischen den Verpflichteten und den berechtigten Stellen ermöglicht. Die Sina-Box nimmt also keine Überwachungsaufgaben wahr - das kann sie konstruktionsbedingt gar nicht - sondern sie erlaubt \u0026ldquo;nur\u0026rdquo; die sichere Kommunikations der Überwachungsergebnisse zwischen den Verpflichteten und den Behörden. Das ist gegenüber dem Zustand vor der neuen TKÜV in der Tat eine deutliche Verbesserung!\nDie konkrete Implementierung der Überwachung ist immer noch Aufgabe der verpflichteten Firma: Sie muß entweder ihr existierendes Mailsystem selbst so modifizieren, sodaß sie Überwachungsoutput erzeugt und sich dieses Gesamtsystem dann entsprechend zertifizieren lassen. Oder sie kann eine fertige, zertifizierte Überwachungslösung, etwa die Lösung von NetUSE , kaufen und in ihr Netz integrieren.\nDie Sina-Box wird dabei als fremd-administrierte Komponente im Regelfall auf eine Weise in das Netz des Dienstanbieters integriert, die lediglich eine Kommunikation vom Anbieter durch die Sina hindurch in Richtung der Behörde erlaubt. Alle Kommunikation in Gegenrichtung wird jedoch vollständig geblockt, sofern das Sicherheitskonzept des Dienstanbieters sein Geld wert ist, d.h. die SINA steht in einer abgeschotteten DMZ, deren Firewall alle Connectversuche aus der Sina-Zelle heraus ins Produktionsnetz ausnahmslos blockt.\nDies ist möglich, da auch mit der revidierten TKÜV alle Überwachungsanordnungen \u0026ldquo;out of band\u0026rdquo; auf traditionellen Wegen (per Post oder Fax) bei dem verpflichteten Anbieter eingehen, dort durch den lokalen G10-Beauftragten ggf geprüft werden und dann mehr oder weniger manuell ins TKÜV-Interface eingehackt werden.\nDie Anzahl der Anordnungen hielt sich dabei zumindest bis vor zwei Jahren noch einigermaßen im Rahmen: In den mir bekannten Fällen lagen pro Million Kunden ca. 2 Überwachungsanordnungen vor. Das erscheint mir plausibel: Ich kann durchaus glauben, daß sich in einer Menge von je 500.000 Menschen (so viele Personen wie in Kiel und Karlsruhe zusammen leben) jeweils mindestens eine Person befindet, gegen die die Polizei ausreichend Verdachtsmomente wegen so schwerer Straftaten in der Hand hat, daß sie Genehmigung einer solche Maßnahme durch einen Untersuchungsrichter rechtfertigen. In der Tat finde ich diese Zahl sogar klein. Und die Art der Übermittlung der Ergebnisse einer solchen Überwachung durch das SINA-VPN erscheint mir angesichts der Art der übermittelten Daten sehr viel angemessener als die vorher verwendete Methode.\nDas ist auch genau das, was ich von einem Rechtsstaat erwarten würde: Wenn wir so etwas schon tun müssen, dann bitte so wenig wie möglich, so kontrollierbar wie möglich und qualitativ so hochwertig wie möglich. Damit das vollkommen klar ist: Ich halte die neue TKÜV und das Sina-Zeugs gegenüber der Situation vorher für einen deutlichen Fortschritt!\nNur, wie gesagt, mit dem Bundestrojaner hat das alles nichts zu tun.\nIm Gegenteil: Was ich dann bei andreas.org lese, läßt mich vermuten, daß es sich bei der ganzen Bundestrojaner-Idee um etwas technisch höchst riskantes und unausgegorenes handelt, das technisch nicht nur fragwürdig und schwer zu kontrollieren ist, sondern das qualitativ auch in die falsche Richtung geht.\nLeute, so was hier ist ein sehr gefährliches Spiel, mit dem der Staat sich mehr vergibt als er jemals wieder durch diese Maßnahme reinholen kann:\nUm die Sache mal ein bißchen in den Kontext zu rücken, möchte ich von zwei Job-Angeboten berichten, die mich in den vergangenen Monaten erreicht haben. Zum einen hat das BSI angefragt, ob ich nicht eine Schulung zum Thema “wie schreibe ich einen buffer overflow exploit” für Vertreter diverser Behörden und Organisationen mit Sicherheitsaufgaben halten könne. Zum anderen bekam mich eine Anfrage, doch ein Angebot zur Entwicklung einer transparent bridge abzugeben, die einen Download eines ausführbaren Programms erkennt und dieses on-the-fly mit einem Trojaner versieht.\nDas hat mit Rechtsstaat nix zu tun, das ist der Versuch, Stasi-Methoden zu legalisieren.\nDie Meldung auf andreas.org ist andererseits nicht so ungewöhnlich. Via fefe.de dieser Anfang 2006 beobachtete Maildialog bei nibbler.de :\n250-PIPELINING250-XXXXXXXA250 XXXBstarttls500 unrecognized commandquit\nSolche Kommunikations-Manipulation on-the-fly findet offenbar schon statt! Wir alle - unsere Regierung eingeschlossen! - tun gut daran, Infrastruktur zu bauen, die so etwas verhindert, anstatt da bekannte Bruchstellen zu konstruieren und zu pflegen.\n","date":"2007-03-11T00:00:00Z","href":"https://blog.koehntopp.info/2007/03/11/bundestrojaner-sina-boxen-und-mail-berwachung.html","tags":["security","überwachung","lang_de"],"title":"Bundestrojaner, Sina-Boxen und Mailüberwachung"},{"categories":null,"content":"Soll ich meiner Regierung, meinem Staat vertrauen, daß er seine investigativen Möglichkeiten lediglich zu meinem Schutz und nicht zu meiner Ausforschung einsetzt? Die Süddeutsche schreibt in \u0026ldquo;Der Staat zieht seine Bürger aus \u0026rdquo;:\nAls vor fünfzehn Jahren die politische Kampagne zur Einführung des großen Lauschangriffs begann, warb der damalige Präsident des Bundeskriminalamts dafür, der Polizei nicht nur diesen Lauschangriff zu gestatten, sondern ihr auch \u0026ldquo;einen gewissen Vertrauensvorschuss\u0026rdquo; zu geben. Dieser Vertrauensvorschuss sollte an die Stelle des Rechtsschutzes treten - denn der Lauschangriff war und ist eine heimliche Angelegenheit: Wenn Wanzen in der Wohnung platziert werden, ohne dass der Bewohner davon erfährt, dann kann er sich nicht juristisch dagegen wehren. Daher meinte der BKA-Präsident: \u0026ldquo;Der Bürger darf das Zutrauen haben, dass der Rechtsgebrauch in einem rechtsakzeptablen Rahmen geschieht.\u0026rdquo;\nDarf der Bürger dieses Zutrauen noch haben? Heute, 15 Jahre später, lesen wir auf dem Heise Newsticker: Schwerer Missbrauch von Anti-Terrorbefugnissen durch das FBI :\nDas FBI hat die generell schon weitgehenden Regeln im US-Antiterrorpaket Patriot Act zur Durchleuchtung von Bürgern in zahlreichen Fällen verletzt oder eigenmächtig ausgedehnt. Dies geht aus einem jetzt veröffentlichten Untersuchungsbericht (PDF-Datei) des US-Justizministerium hervor. \u0026hellip; Die Bundespolizei habe ihre weit reichenden Vollmachten bei der Terrorbekämpfung offenbar genutzt, \u0026ldquo;ohne den geringsten Respekt für die Privatsphäre unschuldiger Amerikaner zu zeigen\u0026rdquo;, monierte der demokratische Senator Dick Durbin. Die Analyse des Justizministeriums bestätige \u0026ldquo;die schlimmsten Befürchtungen\u0026rdquo; über den von der Bush-Regierung forcierten Patriot Act.\nEs gibt überhaupt keinen Grund anzunehmen, daß sich solche Dinge auf die USA beschränken. Vertrauensvorschuß verspielt. Die Verteidgung gegen illegale Schnüffelmaßnahmen des eigenen Staates ist inzwischen ein realistisches und aktuelles Szenario beim Design von IT-Sicherheitseinrichtungen geworden.\nUpdate: Siehe auch Heise Security zum selben Thema.\n","date":"2007-03-11T00:00:00Z","href":"https://blog.koehntopp.info/2007/03/11/vertrauensvorschu.html","tags":["security","terror","überwachung","lang_de"],"title":"Vertrauensvorschuß"},{"categories":null,"content":" Ich wollte nix dazu schreiben, weil ich mich dann wieder so aufrege. Aber es geht einfach nicht. Also zwischen Tür und Angel wegen Frattini und Beckstein jetzt doch der isotoppische Endartikel zum Bundestrojaner.\nDer Sachverhalt Meine Regierung erklärt mir und jedem anderen Bürger also das Mißtrauen. Der Rattenschwanz von Artikeln am Ende der Meldung zeigt das sehr deutlich.\nWenn ich über das Thema nachdenke, wird auch sehr deutlich, daß ich meiner Regierung das Mißtrauen aussprechen muß.\nAber gehen wir das Thema doch mal systematisch an: Der Bundestrojaner ist ein hypothetisches Stück Software, das ohne mein Wissen durch den Staat auf meinem Rechner installiert werden soll, wenn der Staat der Meinung ist, daß das aus welchem Grund auch immer gerechtfertigt ist. Der Staat will so Beweise sammeln, mit denen er dann später nicht nur eine gerichtsfeste Rechtfertigung seines Eindringens in meine persönliche Sphäre basteln will, sondern auch einen Fall gegen mich bauen will.\nJa geht das denn so? Lesen wir also einmal nach über Richtlinien zur erfolgreichen Sicherung von EDV-Beweismitteln :\nIm Zentrum des Prozesses, der zur Vorlage von gerichtstauglichen EDV-Beweismitteln führt, steht die Erfüllung der Bedingung, dass die Daten vor Ort korrekt sichergestellt wurden. Ist diese erste Voraussetzung nicht gegeben, so wird jede Information, die aus diesen Daten gewonnen wird, später sehr wahrscheinlich wertlos sein, da sie nicht als gerichtstauglich angesehen werden kann. Wo auch immer EDV-Beweismaterial gesichert und ausgewertet wird, ist es zum unverzichtbaren Grundsatz geworden, eine Kopie des kompletten Zielsystems zu machen. Eine Teilkopie oder die Kopie ausgewählter Daten ist hierzu keine gültige Alternative.\nNicht nur das, sondern weiter:\nDarüber hinaus gibt es mehrere gültige Richtlinien für den Umgang mit Computermedien in beweismitteltechnisch korrekter Form. Zwei der wichtigsten lauten:\n-Keine Handlung seitens der Polizei oder handlungsbefugter Personen darf Daten verändern, die sich auf einem Computer oder einem anderen Speichermedium befinden, das zu einem späteren Zeitpunkt Gegenstand von gerichtlichen Untersuchungen werden kann.\nAlle Vorgänge, die an dem EDV-Beweismaterial durchgeführt werden, müssen in einem Protokoll festgehalten werden. Dieses Protokoll ist aufzubewahren. Ein unabhängiger Dritter muss in der Lage sein, diese Vorgänge zu wiederholen und zu denselben Aussagen zu kommen. Und jetzt kommt der Bundestrojaner. Man kann schon im Ansatz erkennen, daß das so nicht funktionieren kann: Die Installation des Bundestrojaners komprimittiert den zu untersuchenden Rechner in einer Weise, daß dieser zwangsläufig als Beweismaterial unbrauchbar wird.\nNicht nur das: Es ist für niemanden erkennbar (oder sicherstellbar), ob die auf meinem Rechner gefundenen Dokumente von mir stammen oder ob sie nicht durch den Bundestrojaner dort plaziert worden sind. Mal angenommen, meine Regierung ist vertrauenswürdig und würde nicht lügen und intrigieren (Glaubwürdige Annahme? ).\nKonsequenz aus dieser Bedarfsanalyse Dann muß sie natürlich, um Zugriff auf meinen Rechner zu haben, den Bundestrojaner bei mir installieren. Das kann sie entweder unter Zeitdruck bei den Leuten tun, auf deren Rechner sie Zugriff haben möchte oder vorab kontrolliert bei allen Leuten und dann den Trojaner nur aktivieren bei denen, bei denen sie den Zugriff für gerechtfertigt hält.\nDas wird sie natürlich nur in wenigen, streng begründeten Ausnahmefällen tun. Die kontrollierte Installation würde als Hintertür in irgendeinem wichtigen Programm erfolgen, das sowieso jeder verwendet und das regelmäßig legitim Kontakt zu irgendwelchen staatlichen Servern aufnehmen muß. Auf diese Weise ist schon alles vorbereitet, wenn Bedarf besteht und die Umstände der Installation sind nicht nur unverdächtig, sondern auch besser beherrschbar. Und die Nutzlast, die da installiert werden kann, darf größer sein, weil das in dem größeren Klumpen legitimer Software sowieso nicht auffällt.\nWie der Bundestrojaner vorgehen muß Würde sich der Bundestrojaner auch nur entfernt an die oben genannten \u0026ldquo;Richtlinien zur erfolgreichen Sicherung von EDV-Beweismitteln\u0026rdquo; halten, dann hat er ein Problem. Nämlich das Problem, zwischen 80 und 800 Gigabyte Daten von der Zielfestplatte zu den Bedarfsträgern zu schaffen ohne daß dies auffällt, denn \u0026ldquo;Eine Teilkopie oder die Kopie ausgewählter Daten ist hierzu keine gültige Alternative.\u0026rdquo; heißt es in den o.a. Grundsätzen. Mit dem Upstream einer DSL-Leitung ist das in sinnvoller Zeit schlicht nicht möglich.\nEs ist also doppelt nicht möglich, die \u0026ldquo;Richtlinien zur erfolgreichen Sicherung von EDV-Beweismitteln\u0026rdquo; einzuhalten. Nicht nur das: Da der Bundestrojaner sich auf eine selektive Sicherung beschränken muß, muß er Dateien durchsuchen, analysieren, und dann muß mehr oder weniger interaktiv eine Auswahl getroffen werden.\nKonsequenz aus der Interaktivität Endstand: Ethereal vs. die Welt\nDas Programm Wireshark hat eine ganz ähnliche Aufgabe wie der Bundestrojaner: Es dient dazu, Netzwerkverkehr mitzuschneiden und unbekannte oder defekte Daten zu analysieren und nach nützlichen Informationen zu durchsuchen. Es ist ein wertvolles Netzwerkanalysetool. Wireshark hieß früher Ethereal, und unter diesem Namen finden wie es auch in der National Vulnerability Database der US Behörde NIST.\nUnbekannte und defekte Daten zu analysieren ist eine schwierige Aufgabe - Ethereal-Wireshark muß im Grunde genommen Bitmüll interpretieren ohne zu wissen, was es ist, und dann in sinnvolle Informationsblöcke zerlegen. Es muß dies insbesondere auch mit falsch beschriftetem oder verstrahlten Bitmüll tun.\nIn Konsequenz ist Wireshark-Ethereal der einsame Anführer der National Vulnerability Statistic in den letzten 3 Jahren: Es ist das Programm mit den meisten remote ausnutzbaren Fehlern überhaupt: fast 50 in 2005 (2006 ist es dann umbenannt worden, sodaß noch 12 weitere Vulnerabilities dazu kommen, 2007 werden es etwa 30 sicherheitskritische Fehler sein, die in Wireshark gefunden werden).\nWarum ist das wichtig? Der Bundestrojaner wird, das haben wir eben klar gemacht, interaktiv auf Kommandos von draußen hören müssen und er wird falsch beschrifteten und verstrahlten Bitmüll auf lokalen Festplatten analysieren und zerlegen müssen, damit er ihn nach verdächtigen Daten durchsuchen kann. Der Bundestrojaner wird zwangsläufig eine ebenso große Fehlerquelle sein wie Wireshark, weil er dasselbe Problem zu lösen hat. Ein sehr schwieriges Problem! Und im Gegensatz zu Wireshark wird der Bundestrojaner nicht von einer große Menge Open Source Programmierern ohne Druck einer Deadline entwickelt, sondern von einer Privatfirma im Staatsauftrag unter Zeitdruck aus Halbfertigkomponenten zusammengeschwartet, die für einen ursprünglich ganz anderen Zweck entwickelt worden sind.\nKonsequenz aus der Verwundbarkeit Bleibt der Bundestrojaner unentdeckt? Nein! Davon müssen wir zwangsläufig ausgehen. Entweder wird er unter halsbrecherischen Umständen nach Bedarf installiert und so dem ersten Systemadministrator auffallen, der ein wenig mehr als die übliche Paranoia auf seinen Systemen walten läßt, oder er wird auf so vielen Systemen \u0026ldquo;auf Vorrat\u0026rdquo; installiert sein, daß jeder ihn irgendwo auf seiner Kiste hat. Der Bundestrojaner wird, wenn er erst einmal entdeckt worden ist, das bestuntersuchte Programm sein, daß deutsche Hacker jemals in die Finger bekommen haben.\nWenn er dann wirklich auf Vorrat installiert worden ist und entfernt ausnutzbare Schwächen hat (die er wegen seiner Natur zwangsläufig haben muß), dann hat unser Staat auf Computern von Millionen seiner Bürger eine Backdoor installiert, die nun von jedem Spammer und Botnet-Betreiber weltweit sofort und ohne große Probleme ausnutzbar ist. Ich rechne fest mit einer Schadensersatzklage, die unsere Republik bis in die Grundfesten erschüttern wird und mit einem nationalen Sicherheitsnotstand. Deutsche Telekom wird das nationale DSL Notabschalten müssen, um Schlimmeres zu verhindern. Nein, ich sehe das nicht als \u0026ldquo;ob\u0026rdquo;, sondern nur als \u0026ldquo;wann\u0026rdquo;-Frage.\nWäre der Bundestrojaner wirksam? Mal angenommen, unsere Regierung wäre nicht nur vertrauenswürdig, sondern die Entwickler des Bundestrojaners wären auch unerwartet fähig, sodaß es nicht zu dieser Situation kommt. Der Bundestrojaner befindet sich also auf einem durchschnittlichen Straftätersystem, etwa 5 Jahre von hier ab in der Zukunft und will Dinge scannen und dann zum Staatsanwalt uppen. Dank VDSL sei das gar kein Problem.\nWas sind aktuelle Themen in der Computertechnik, die dem Bundestrojaner in die Quere kommen können?\nDer Bundestrojaner muß das System, auf dem er läuft verändern und, damit er effektiv ist, auf alle Dateien im System zugreifen können. Auch auf geschützte Dateien. Damit kollidiert er zwangsläufig mit DRM -Mechanismen, die das genau verhindern wollen und sollen. Es kann sogar sein, daß der Bundestrojaner sich so verrät, oder daß dem Eigentümer des Systems durch den Zugriff des Bundestrojaners Kosten entstehen. Der Sinn von Trusted Computing Umgebungen ist es genau, eine verifizierte Systeminstallation zu haben, in der sich Software nicht verstecken kann und nicht an den Zugriffskontrollmechanismen des Betriebssystems vorbei auf Daten zugreifen kann.\nDer Bundestrojaner läuft unter Umständen gar nicht auf einem realen System und sieht unter Umständen gar keine realen Dateien. Immer mehr Benutzer - auch Heimanwender - gehen dazu über, statt eines Rechners durch Virtualisierung eine Reihe von simulierten virtuellen Rechnern laufen zu lassen, die jeweils mit beschränkten Datenmengen oder beschränkten Rechten ausgestattet sind. Es ist also für den Bediener eines Bundestrojaners gar nicht einfach möglich, festzustellen, auf welcher System- oder Rechteebene er sich befindet und ob die Daten, die er da zu sehen bekommt, real oder vollständig sind. Je nach verwendeter Virtualisierungsschicht bekommt er offensichtlich simulierte Hardware zu sehen oder die Identifikationen der real verwendeten Hardware werden durchgereicht, aber der Zugriff auf die Hardware erfolgt nicht real, sondern durch die Virtualisierungsschicht gefiltert.\nDas hier ist also der Deal Der Deal ist also wie folgt: Weil einige Staatsorgane den heimlichen Zugriff auf meine Hardware fordern, will der Staat das möglicherweise noch vorhandene Restvertrauen zwischen ihm und mir komplett ruinieren. Ich muß in Zukunft also davon ausgehen, daß jede staatlich bereitgestellte Software nicht nur die angepriesenen Funktionen hat, sondern auch noch die staatliche Hintertür auf Vorrat mitbringt.\nIm Austausch bekommt der Staat einen Mechanismus, der für den angepriesenen Zweck vorab erkennbar ungeeignet ist, weil er die notwendigen Richtlinien zur gerichtsfesten Beweiserbringung nach Definition nicht erfüllen kann. Der Staat riskiert außerdem die Sicherheit seiner gesamten DV-Infrastruktur, bundesweit, seine eigenen Systeme eingeschlossen.\nUnd das ist die Sachlage noch vor jedem politischen Argument dafür oder dagegen.\n","date":"2007-02-26T00:00:00Z","href":"https://blog.koehntopp.info/2007/02/26/der-bundestrojaner-durchdekliniert.html","tags":["security","überwachung","lang_de"],"title":"Der Bundestrojaner durchdekliniert"},{"categories":null,"content":"Vergangenen Donnerstag habe ich den Vortrag \u0026ldquo;Flames - Kommunikationszusammenbrüche im Netz\u0026rdquo; für den CCC Stuttgart gehalten. Hier sind die Slides und ein Youtube Video von einer späteren Aufführung des Vortrages.\nDer Vortrag basiert auf den Kommunikationserfahrungen, die ich mit einigen Freunden im USENET in verschiedenen Foren gemacht habe. Aber ich denke, daß die Erkenntnisse hier auf mehr als eine Weise auch auf andere Umgebungen übertragbar sind.\nWas ist eine Flame? Was ist eine Flame? Ein Beitrag in einer Online-Diskussion, der provozierend geschrieben ist. Oder ein Beitrag, der auf eine Art und Weise ein unwichtiges oder formales Thema behandelt, sodass der Leser sich darüber aufregt und in Zorn gerät.\nWarum? Warum schreiben Leute Flames? Wenn man fragt, bekommt man Antworten von der Art\n\u0026ldquo;Das kann man doch so nicht stehen lassen!\u0026rdquo; \u0026ldquo;Der soll sich doch erst mal benehmen lernen!\u0026rdquo; und als Nummer 1:\n\u0026ldquo;Jetzt fühle ich mich besser!\u0026rdquo; Dafür ist die Diskussion in Folge gestört und nicht konstruktiv, aber ist dann nicht das Problem des Flamers.\nWarum im Netz? Das passiert in der Regel im Netz und nicht in der realen Welt. Wenn man sich mit Leuten, die für ihr Verhalten im Netz bekannt oder berüchtigt sind unterhält, bei einem Bier abends im Garten, dann sind das meist relativ intelligente und ziemlich nette Leute. Aber halt nur, wenn man denen gegenüber sitzt und nicht, wenn man mit denen über Netz kommuniziert.\nKommunikationsmodell Wenn man verstehen will, was dort passiert, dann muss man sich ein wenig mit Kommunikationswissenschaft und Umständen beschäftigen. Das Modell von Schulz von Thum und den vier Ebenen der Kommunikation ist dabei hilfreich:\nSachinformation: Worüber ich informiere Selbstoffenbarung: Was ich von mir selbst kundgebe Beziehung: Wie wir beide zueinander stehen Appell: Wozu ich Dich veranlassen will. Jede Kommunikation ist am Ende immer eine Störung. Der Empfänger einer Nachricht sitzt da so und geht friedlich seinen eigenen Sachen nach, aber wenn ich mit diesem Menschen kommuniziere, dann will ich etwas von dem. Ich möchte, daß er seine aktuelle Tätigkeit unterbricht und etwas anderes tut. Das ist dann der Appell in der Nachricht.\nKommunikationsmodell II \u0026ldquo;Man kann nicht nicht kommunizieren\u0026rdquo;, Paul Watzlawick, 1969 \u0026ldquo;Every behaviour is a kind of communication. Because behaviour does not have a counterpart (there is no anti-behaviour), it is not possible not to communicate.\u0026rdquo;\nKommunikation ist Verhalten und es gibt kein Nicht-Verhalten. Das bedeutet, jede Aktivität, selbst eine Flame, ist eigentlich eine Form von Kommunikation. Die besonderen Umstände der Kommunikation im Netz machen es notwendig, daß man die erlernten Verhaltensmuster aus der realen Welt mal kurzschließt und sein Verhalten umstellt, damit man mit Flames korrekt umgehen kann. Das muss man sich aber bewusst antrainieren. Wenn man da seinen Instinkten und normalen Verhaltensweisen folgt, dann geht es schief, denn die normalen Offline-Verhaltensmuster sind online wirkungslos und deswegen falsch.\nKommunikationsmodell III Außerhalb des Netzes habe ich ganz viele Kommunikationskanäle. Den gesprochenen Text des Vortrages kann ich aufschreiben, aber das ist nicht dasselbe, denn das ist nicht, was hier passiert. Denn gleichzeitig haben die Anwesenden im Vortrag die Optik, hören die Stimme und Betonung und wie sich der Vortragende sich bewegt und mimt. Inkongruente Kommunikation, Ironie und Sarkasmus, sind leicht zu erkennen und - durch den Rückkanal - wenn sie nicht funktionieren leicht zu korrigieren und korrekt zu kontextualisieren. Jede Aussage in einer Anwesenheitssituation wird so noch einmal mehrfach qualifiziert.\nIn einer Onlinesituation ist das meiste davon nicht vorhanden. Alles, was noch da ist, ist der Text. Damit fehlen viele soziale Kommunikationshilfen, die der Empfänger gewohnt ist.\nDazu kommt, daß ich über die Grenzen von Zeit und Raum kommuniziere: Meine Kommunikation wird unter Umständen zu einem späteren Zeitpunkt von einer mir unbekannten Person in einem unbekannten Kontext gelesen und interpretiert. Der Kontext wird dadurch sehr viel offener für Interpretation, weil Leser und Schreiber ganz andere Erwartungen haben.\nIm Netz kommt noch dazu, daß viele Leute im Netz zwar ein schriftliches Medium benutzen, aber Formulierungen, Ansprache und Kontext wie in einer gesprochenen Kommunikation setzen. Der so entstehende Text hat also alle die persistenten Eigenschaften von einem Buch, einem Artikel oder sonst einem geschriebenen Text: Ich kenne als Autor den Empfänger nicht, ich habe den zeitlichen Versatz darin, ich habe den sozialen Kontext nicht und unter Umständen kenne ich den größeren Kontext des Empfängers nicht. Auf der anderen Seite haben wir aber all die offenen, vieldeutigen Formulierungen und Interpretationsmöglichkeiten des gesprochenen Wortes.\nEin Leser, der mein aufgeschriebenes gesprochenes Wort viele Monate oder Jahre später liest, und dabei ganz anders kontextualisiert, wird das oft ganz anders interpretieren als es gemeint und originär verstanden worden ist.\nForen als soziales System Dazu kommt natürlich das Aufeinandertreffen von zwei Personengruppen: Wir haben Dauerteilnehmer, die schon lange dabei sind und eine ganze Menge Kontext, Kenntnisse und lokale Subkultur haben. Aber zugleich haben wir auch Laufkundschaft, die in dem Forum mit einem konkreten Ziel oder einer Frage aufschlägt, eine Antwort haben möchte und dann wieder verschwindet.\nDie meisten Online-Communities sind auf diese Situation schlecht eingerichtet. Das heißt, Neuankömmlinge werden oft schlecht integriert, weil eventuell gar kein Mechanismus existiert, um Laufkundschaft abzufertigen oder Historie und Subkultur zu lehren. Dadurch sind die Regulars schnell genervt, weil sie sich vorkommen als seien sie die Hauptperson in einem dieser Filme.\nForen als soziales System II In der realen Welt erwarten wir von Personen, daß sie sich in einer bestimmten Situation dem sozialen Kontext entsprechend verhalten. Es gibt entsprechend in allen diesen Systemen Methoden zur Erzwingung von Konformität. In der realen Welt:\nKonformes Verhalten wird belohnt. Nicht konformes Verhalten wird bestraft (\u0026ldquo;Schlag auf\u0026rsquo;s Maul.\u0026rdquo;) Foren als soziales System III Das geht im Netz so nicht.\n\u0026ldquo;The social dynamics of the net are a direct consequence of the fact that nobody has yet developed a Remote Strangulation Protocol\u0026rdquo; \u0026ndash; Larry Wall\nDas Zitat erklärt, daß im Netz die negativen Mechanismen zur Erzwingung von Konformität nicht funktionieren. Man kann niemanden remote Erwürgen, ihm nicht remote auf\u0026rsquo;s Maul hauen, aber auch nicht dauerhaft aus der Diskussion aussperren. Keiner der negativen Steuermechanismen, die wir gewohnt sind, funktioniert.\nMan kann Flames als fehlgeleitetes, unwirksames negatives Verhaltensfeedback interpretieren: Weil wir aus der realen Welt gewohnt sind, nicht konformen Personen negatives Feedback zu geben, versuchen wir das auch Online. Da ist es wirkungslos, und daher für die Kommunikation destruktiv, denn es schadet der Diskussion des Flamers und der laufenden Diskussion mit seinen Freunden mehr als der Person, die geflamed wird.\nNur die positiven Instrumente sind wirksam, mit denen wir konformes Verhalten belohnen können.\nKommunikation im Netz Kommunikation im Netz in Foren ist öffentlich: Es reden nicht nur der Flamer und der Geflamte miteinander, sondern es lesen auch immer noch weitere Personen mit. Die Flame ist also immer auch eine Inszenierung gegenüber den Peers, und gegenüber Dritten (\u0026ldquo;Innocent Bystanders\u0026rdquo;) und prägt so Verhaltensnormen und Umgangsformen.\nKommunikation im Netz II Daraus ergibt sich die Frage für den Umgang mit Trollen und Flames:\nWas ist effektiv, wenn alle Repressionsmechanismen fehlen? Was kann ich tun, wenn ich mich ausschließlich auf positive Feedbackmechanismen beim Erziehen von Leuten verlassen muss?\nKommunikationsziel Wir reden im Grunde über Krieg. Ich möchte eigentlich mit Gewalt - ohne daß ich Gewalt ausüben kann, weil mir die Mittel dazu fehlen - etwas bewirken: Bei meinem Gegenüber eine Verhaltensänderung erzwingen.\nMan muss sich also als Erstes überlegen, was das Kriegsziel - hier das Kommunikationsziel - ist, das man erreichen möchte. Eine Siegbedingung festlegen, auf die man hin arbeiten kann.\nEigentlich möchte ich, daß sich diese Leute so verhalten, wie es für dieses Forum angemessen ist. Dafür muss ich das erst einmal definieren. Wenn ich also eine bestimmte Kultur etablieren möchte, dann muss ich die erst einmal definieren und aufschreiben.\nDas ist schwierig, wenn man in einer Murmeltiertags-Situation ist und gar keine Kultur hat, weil man sich nicht erinnern kann. Ich brauche also überhaupt erst einmal einen Mechanismus, der Erinnerung institutionalisiert.\nTechnischer Kontext Wir haben keine negativen Feedback-Mechanismen. Wir können nicht Strafen, wir haben keine Möglichkeiten, Leute rauszuwerfen, ihre Kommunikation zu unterdrücken oder herauszufiltern. Ich kann zwar filtern, was bei mir hereinkommt, aber ich kann meinen Filter nicht anderen überstülpen, und damit kann ich mit meinem Filer nicht andere für alle herausdrängen.\nWeil ich keine Repressionsmechanismen habe, brauche ich auch nicht zu drohen. Jede Drohung ist, weil sie nicht durchsetzbar ist, ein Bluff. Angstbasierte Kommunikation ist damit unglaubwürdig und wirkungslos.\nExperiment dclp Am 1. Januar 2000 wurde die Gruppe \u0026ldquo;de.comp.lang.php\u0026rdquo; eingerichtet. Die Gruppe wurde in relativ kurzer Zeit sehr populär.\nDort hat sehr viel Drive-By Kommunikation stattgefunden, die man heute eher auf Stack Exchange finden würde: Leute tauchen auf, stellen eine technische Frage, wollen eine Antwort und sind dann wieder weg.\nDabei wiederholen sich natürlich viele Fragen. Das nervt viele Leute, und sie nehmen sich dann auch nicht die Zeit, korrekte oder gute Antworten zu formulieren. Durch die Wiederholungen wird die Stimmung schlecht, und bald gibt es statt sinnvoller Antworten nur noch Beschimpfungen.\nDie Liste unserer Anfordernugen ist also:\nWir wollen ein Erinnerungsvermögen haben! Wir wollen bestimmte Standards etablieren, hinsichtlich Ton und Qualität der Antworten. Neulinge sollen sinnvolle, richtige Antworten und Anleitung in einem freundlichen Ton bekommen. Und weiterhin als Einschränkung:\nWir können nur positive Feedback-Mechanismen verwenden. Experiment dclp II Das ist machbar, denn die Gruppe ist neu. Es gibt noch keine Standards, also kann ich Regeln nach Wunsch etablieren.\nEs ist eine technische Gruppe: Es gibt eine objektive Wahrheit, und als technischer Schreiber kann ich den Diskurs bereichern.\nDas ist eine gute Ausgangsbasis.\nSchritt 1: Erinnerungsvermögen herstellen - eine FAQ! Schritt 2: Respekt basierende Kommunikation als Norm durch Vorführen etablieren. Ich schreibe Antworten. Die Antworten sind getestet. Sie beantworten Fragen, die oft gefragt werden. Das generiert Karma - öffentliches Ansehen. Der Wirkmechanismus ist also\nKris löst Probleme und gewinnt so Ansehen bei Fragestellern.\u0026quot; \u0026ldquo;Ich will auch Karma.\u0026rdquo; \u0026ldquo;Ich mache Kris Verhalten nach.\u0026rdquo; Wenn dann Trolle auftauchen und die deswegen trollen, weil sie Aufmerksamkeit wollen, dann sehen sie: So, mit Beleidigungen, kommen sie nicht weiter, sondern werden ignoriert. In dieser Gruppe bekommen man Aufmerksamkeit und Ansehen, Meinungsführerschaft, durch Mitarbeit.\nExperiment dclp III Mittel Website für FAQ Editor, XML, XSLT ca. 1h Zeit pro Tag Das Projekt ist im Grunde das Ergebnis einer Provokation: In der deutschen Linux-Gruppe hat eine Person mit Technik- und Soziologie-Hintergrund mit viel Aufwand vergiftete Antworten geschrieben. Sie waren richtig, gut und technisch vollständig.\nDiese waren aber auch so gestaltet, daß der Leser sich beim Lesen aufgeregt hat, und dadurch nicht mehr in der Lage war, die Antwort zu verstehen und sinnvoll zu nutzen. Das waren brillante textliche Werke, die auf eine einzigartige Weise Leute manipuliert haben.\nLeider hat das Nachahmer animiert, ebenso zu handeln. Jedoch ohne zu verstehen, was den Originalautor ausgezeichnet hat, und was seine Texte besonders gemacht hat. Dadurch wurde die Gruppe schnell zu einem Sumpf voller langweiliger Beschimpfungen ohne sinnvollen Lehrgehalt, und die Gruppe wurde nutzlos.\nDer betreffende Autor war außerdem der Auffassung, man könne Laufkundschaft anders nicht in den Griff bekommen. Das Experiment dclp war ein Versuch, diesem Menschen das Gegenteil zu beweisen.\nEin Archiv der dclp-FAQ ist in www.php-faq.de zu finden.\nExperiment dclp IV Trennung Kultur/Technische Anleitung Dauer: ca. 2 Jahre + 2 Jahre passiv Die FAQ hat für jede Frage eine URL generiert. Es gab also einen Artikel pro Seite: Antwort, Material, Querverweise, getestetes Beispiel.\nBei der Arbeit mit der FAQ habe ich mir dann grundsätzlich Fragen gesucht, die falsch oder gar nicht beantwortet worden sind. Fragen, die bereits bearbeitet waren, brauchten meine Aufmerksamkeit ja nicht.\nDie generierten Antworten von mir sind in der Regel in weniger als 60 Sekunden verfasst gewesen und bestanden aus 3 Teilen:\nBridge: Gleich kommt die Antwort und sie steht mit Deiner Frage folgendermaßen in Verbindung. Antworten: die URL auf die Antwort. Nicht die URL auf die FAQ, sondern die URL der spezifischen Antwort. Es geht darum, eine Person mit einem konkreten Problem arbeitsfähig zu machen. Nachtreten: Das so erworbene Karma verbrauchen. Also, erklären, was richtig oder falsch an der Art der Fragestellung war, und wie man sich hier besser verhalten kann, um bessere Antworten zu bekommen. Das ist auch eine Inszenierung. Das heißt, ich schreibe jeden Artikel immer auch für unbeteiligte Mitleser. Diese lernen dadurch:\nMan kann die Probleme von Fragestellern lösen. Man kann die Probleme mit den Fragestellern beeinflussen, also ihr Verhalten verbessern. Man macht das, indem man sich so verhält wie Kris. Diese Vorgehensweise war auch in der FAQ im Kapitel 0 dokumentiert.\nExperiment dclp V Langes Nachklappern Kaum Flames \u0026ldquo;Bekehrung\u0026rdquo; einiger Newbies Einige der besten FAQ-Autoren! Das Nehmen von Fragen und ihre Umwandlung in FAQ-Artikel ist ein Kondensationsprozess, bei dem man die Ergebnisse einer interaktiven Kommunikation vom Kontext befreit, verallgemeinert und in einen Artikel umwandelt. Mehrere Artikel zu einem Thema ergeben ein Kapitel, aber die Artikel sind nicht miteinander verknüpft. Sie stehen nur thematisch und von den URLs nebeneinander.\nEin weitere Kondensationsprozess könnte die Artikel der FAQ nehmen, und in Kapitel eines Buches zum Thema umwandeln. Das hat meines Wissens nur mit comp.lang.c funktioniert: Die FAQ dieser Gruppe ist von Peter van der Linden in das Buch \u0026ldquo;Deep C Secrets \u0026rdquo; umgewandelt worden.\nExperiment drsrm In \u0026ldquo;de.rec.spiele.rpg.misc\u0026rdquo; ein ähnliches Projekt von Azundris. Kein Hard Science Thema, keine objektive Wahrheit.\nMan will also Erinnerung schaffen und Erkenntnisse aus vorherigen Diskussionen aufbewahren. Dabei muss man berücksichtigen, daß es viele Regulars und wenig Laufkundschaft gibt.\nDie drsrm-FAQ ist hier archiviert .\nExperiment drsrm II Die FAQ ist also mehr ein Protokoll vergangener Diskussionen und Positionen. Dabei wird das Protokoll, wo machbar, in Wikipedia-Stil verfasst, also \u0026ldquo;Neutral Point of View\u0026rdquo; eingenommen.\nAn den Stellen wo das nicht ging, weil unvereinbar kontroverse Positionen vertreten wurden, sind diese im Stil von Everything2 nebeneinander gestellt worden. Dabei werden die kontroversen Punkte herausgearbeitet, damit auch klar wird, worin der Konflikt besteht.\nExperiment drsrm III Das führt zum Abschluss von Themen: Das Protokoll sichert bereits abgedecktes Terrain bei Diskussionen und spätere Diskussionen können sich an die Ergebnisse früherer Instanz den der Diskussion erinnern. Das macht wiederaufflammen bereits abgearbeiteter Themen schwierig.\nDas ist nicht unbedingt günstig für eine Gruppe, die sowieso schon Low Traffic war.\nDennoch gutes Beispiel für nicht-technische Gruppen und was man dort mit einer FAQ erreichen kann.\nExperiment dtb dtb ist Klamauk, Satire, Wirr, eine Spaßgruppe. Ein Testbed für Experimental-Kommunikation beschreibt es recht gut.\nDort haben sich Leute zusammen gefunden mit einer eigenartigen Idee von Humor und gewissen sprachlichen Fertigkeiten. Eine Tradition, die sich relativ schnell herausgebildet hat, sind \u0026ldquo;Out of Area\u0026rdquo;-Einsätze. Die Regulars von dtb sind dabei losgegangen und haben ihre Art zu kommunizieren einmal in andere Gruppen transplantiert um zu sehen, was daraus wird.\nEin klassisches Beispiel war \u0026ldquo;de.alt.ufo\u0026rdquo;, in dem dtb-Regulars versucht haben, in de.alt.ufo die Verschwörungstheoretiker mit neuen Verschwörungsideen zu übertreffen. Das war eine interessante Erfahrung, weil das komplett fehlgeschlagen ist: Wenn die dtb-Leute in einer Verschwörungstheorie-Gruppe mit einer offensichtlich ausgedachten, verabredeten und unsinnigen Idee auftauchen, dann kommen die de.alt.ufo-Leute, nehmen das und bauen das in ihre Erzählungen einfach ein. Alles wird assimiliert.\nWenn man dasselbe in de.admin.news, der Netzverwaltung macht, dann sitzen dort die ganzen Nomic -Spieler. Die sind nicht in der Lage, dtb zu verarbeiten und stürzen ab.\n\u0026ldquo;Wahrheitsfindung ohne Wahrheitsnennung\u0026rdquo;: Es ist in dtb gelungen, einen Gruppenkonsens herzustellen, ohne diesen zu verbalisieren. Es begann damit, daß Personen in dtb eintrafen und versucht haben, mit einer Organisation zu reden, also jemanden zu sprechen, der verantwortlich war.\nÄhnliches war zuvor in den kiel.* Netzwerkgruppen passiert, wo jemand aus dem Fido-Netz den Netzwerkkoordinator für kiel.* sprechen wollte. Es war einfacher, sich als die betreffende Person zu kennzeichnen als dem Gegenüber zu erklären, daß es solche Strukturen für kiel.* nicht gibt.\nSo auch in dtb, wo ich Anordnungen erlassen habe, und diese mit \u0026ldquo;Fünfter und Sprecher des Hohen Rathes der 13 Weisen vom Feed\u0026rdquo; gezeichnet habe. Das ist eine offensichtlich unsinnige Organisation, und ich habe mir auch nicht die Führungsposition gegeben, aber irgendein Neben-Amt, das den Anschein von Autorität vermittelt.\nWirkungsweise und Zweck dieser Anmaßung (und der Konstruktion dahinter) sind von den Regulars dieser Gruppe sofort verstanden worden, und sie haben es aufgegriffen. Dabei sind ohne weitere Absprache weitere Ämter (aber kein Herrscher) und Positionen (aber keine der ersten Drei) belegt worden. Es ist also eine Nicht-Organisation formiert worden, ohne sich abzusprechen und diese war im wahrsten Wortsinne kopflos: Organisierte, strukturierte Anarchie!\nExperiment dtb II Diese Nicht-Organisation ist dann gegenüber de.news.admin mit Forderungen aufgetreten, und hat so Chaos gestiftet: dtb hat das Usenet als Kommunikationsmedium an seine Grenzen gebracht\n\u0026ldquo;Deutscher Rekordhalter im Fremdcancel\u0026rdquo;: Alle Artikel, dazu auch alle Crosspostings in dtb, durch Fremdcancel gelöscht. Drei Tage die Gruppe durch den Cancelbot leer gehalten. Das hat auch alle Crosspostings gelöscht. Alle Artikel nach drei Tagen wiederhergestellt, aber mit geändertem Betreff: ONLY THREAD EVER - und mit geänderten Referenzen, sodaß ein gigantischer verketteter Megathread entstand.\nDabei sind auch die Crosspostings wiederhergestellt worden, und haben so die anderen, nicht-dtb Gruppen getroffen.\nDie Reaktion in de.admin.news war der Antrag, dtb zu löschen, weil die Insassen dort komplett unkontrollierbar seien. Die dtb-Mannschaft und der Hohe Rath haben dem vom Herzen zugestimmt: \u0026ldquo;Ja, wir waren böse und müssen bestraft werden.\u0026rdquo;\nDaraufhin hat de.admin.news sich gewundert, warum die dtb-Leute das wollen, und die Löschung verhindert.\nSummary Was ist das Kriegsziel, welchen Zustand möchte ich erreichen? Was ist das Publikum und wie reagieren die? Was sind die Mittel, die ich habe. Beispiel: Heise-Forum steuern.\nAnsatz mit \u0026ldquo;Carpet-Bombing\u0026rdquo;:\nUnter faktenfreie Artikel im Heise-Forum Antworten mit sinnvollem Inhalt setzen, und dadurch in allen Threads, die aus dem Ruder laufen, die Diskussion wieder in sinnvolle Bereiche bringen.\nNach 15-20 Minuten meistens Lufthoheit in dem betreffenden Forum erreicht.\n","date":"2007-02-11T00:00:00Z","href":"https://blog.koehntopp.info/2007/02/11/flames-kommunikationszusammenbrueche-im-netz.html","tags":["talk","publication","karlsruhe","stuttgart","lang_de"],"title":"Flames - Kommunikationszusammenbrüche im Netz"},{"categories":null,"content":"Will sagen, nach Bloodsucking Fiends hab ich jetzt mal eben You Suck weggehauen. \u0026ldquo;For my readers, by request\u0026rdquo; schreibt Christopher Moore in seine Widmung, und in der Tat hat er sich Mühe gegeben - \u0026ldquo;You Suck\u0026rdquo; setzt glorios fort, was \u0026ldquo;Bloodsucking Fiends\u0026rdquo; begonnen hat.\nDie Hälfte des Buches besteht aus Tagebucheinträgen von Abby Normal, 16 Jahre alt, Goth Chick, und stolz darauf, ihrem Dunklen Lord und seiner Countess zur Hand gehen zu dürfen. Abby ist nicht auf den Mund gefallen, was die beiden Cops aus dem ersten Teil gar nicht gut bekommt.\nUnd das geht so:\n\u0026ldquo;Hey\u0026rdquo;, said the broken clown girl. \u0026ldquo;You guys cops?\u0026rdquo;\nCavuto hit the window button on his door but the ignition was off, so the window didn\u0026rsquo;t budge. \u0026ldquo;Go away, kid. Why aren\u0026rsquo;t you in school? Do we need to take you in?\u0026rdquo;\n\u0026ldquo;Winter break, brain trust,\u0026rdquo; said the kid.\nRivera couldn\u0026rsquo;t hold the laughter in, and he snorted a little trying to. \u0026ldquo;Move along, kid. Go wash that shit off your face. You look like you fell asleep with a Magic Marker in your mouth.\u0026rdquo;\n\u0026ldquo;Yeah,\u0026rdquo; said the kid, examining a black fingernail, \u0026ldquo;well, you look like someone pumped about three hundred pounds of cat barf into a cheap suit and gave it a bad haircut.\u0026rdquo;\nRivera slid down in his seat and turned his face toward the door. He couldn\u0026rsquo;t look at his partner. He was sure that if it was possible for steam to come out of someone\u0026rsquo;s ears, that might be happening to Cavuto, and if he looked, he\u0026rsquo;d lose it.\n\u0026ldquo;If you were a guy,\u0026rdquo; Cavuto said, \u0026ldquo;I\u0026rsquo;d have you in handcuffs already, kid.\u0026rdquo; \u0026ldquo;Oh, God,\u0026rdquo; Rivera said under his breath.\n\u0026ldquo;If I were a guy, I\u0026rsquo;ll bet you would. And I\u0026rsquo;ll bet I\u0026rsquo;d have to send you to the S and M ATM, because the kinky shit is extra.\u0026rdquo; The kid leaned down, so she was eye level with Cavuto and winked.\nThat was it. Rivera started giggling like a little girl.\n","date":"2007-02-10T00:00:00Z","href":"https://blog.koehntopp.info/2007/02/10/fertig-gelesen-you-suck.html","tags":["media","review","lang_de"],"title":"Fertig gelesen: You Suck"},{"categories":null,"content":" Bloodsucking Fiends Gelangweilter 800 Jahre alter Supervampir beißt irischstämmige amerikanische Versicherungsangestellte mit mangelndem Selbstbewusstsein, die kurz vor ihrer Midlife-Crisis steht - und erschafft ein Monster.\rAber Christopher Moore bleibt nicht bei einem Erzählstrang. Gleich Douglas Adams lässt er seine Geschichten in kleine Seiten- und Abseitenlinien laufen, getreu dem Motto:\rLieber einen guten Freund verlieren, als eine gute Pointe auszulassen.\rZur Dekoration klebt er eine Reihe von Filmzitaten und Popkultur-Referenzen mit in die Story rein, einfach, weil es zu schade wäre, es nicht zu tun.\rMein Favorit: Die Gefängnisszene. Tommy, Vampir-Jodies neuer Freund oder Ghoul, er weiß es nicht so genau, sitzt aus Gründen, die hier zu erklären zu weit führen würden, im Knast.\r\u0026gt; Tommy guessed the temperature in the cell to be about sixty-five, but even so, his cellmate, the six-foot-five, two-hundred-fifty-pound, unshaven, unbathed, one-eyed psychopath with the Disney-character tattoos, was dripping with sweat.\r\u0026gt; \u0026gt; Maybe, Tommy thought, as he cowered in the corner behind the toilet, it\u0026rsquo;s warmer up there on the bunk. \u0026gt; Or maybe it\u0026rsquo;s hard work trying to stare at someone menacingly, without blinking, for six hours when you have ony one eye.\r\u0026gt; \u0026gt; \u0026ldquo;I hate you\u0026rdquo;, said One-Eye.\r\u0026gt; \u0026ldquo;Sorry\u0026rdquo;, said Tommy.\r\u0026gt; One-Eye stood up and flexed his biceps; Micky and Goofy bulged angrily.\r\u0026gt; \u0026ldquo;Are you making fun of me?\u0026rdquo;\r\u0026gt; Tommy didn\u0026rsquo;t want to say anything, so he shook his head violently, trying to make sure that nothing remotely resembling a smile crossed his face.\r\u0026gt; \u0026gt; One-Eye sat down on the bunk and resumed menacing. \u0026ldquo;What are you in for?\u0026rdquo;\r\u0026gt; \u0026ldquo;Nothing\u0026rdquo;, Tommy said. \u0026ldquo;I didn\u0026rsquo;t do anything.\u0026rdquo;\r\u0026gt; \u0026ldquo;Don\u0026rsquo;t fuck with me, ass-wipe. What were you arrested for?\u0026rdquo;\r\u0026gt; \u0026gt; Tommy fidgeted, trying to work his way into the cinder-block wall.\r\u0026gt; \u0026ldquo;Well, I put my girlfriend in the freezer, but I don\u0026rsquo;t think that\u0026rsquo;s a crime.\u0026rdquo;\r\u0026gt; One-Eye, for the first time he\u0026rsquo;d been put in the cell, smiled. \u0026ldquo;Me either. You didn\u0026rsquo;t use an assault weapon, did you?\u0026rdquo;\r\u0026gt; \u0026ldquo;Nope, a Sears frost-free.\u0026rdquo;\r\u0026gt; \u0026ldquo;Oh, good; they\u0026rsquo;re really tough on crimes with assault weapons.\u0026rdquo;\r\u0026gt; \u0026gt; \u0026ldquo;So,\u0026rdquo; Tommy says, venturing an inch out of the corner, \u0026ldquo;what are you in for?\u0026rdquo; Thinking baby-stomping, thinking cannibalism, thinking fast-food massacre.\r\u0026gt; One-Eye hung his head. \u0026ldquo;Copyright infringement.\u0026rdquo;\r\u0026gt; \u0026gt; \u0026ldquo;You\u0026rsquo;re kidding?\u0026rdquo;\r\u0026gt; One-Eye frowned.\r\u0026gt; Tommy slid back into his corner, adding, \u0026ldquo;Really? That\u0026rsquo;s bad.\u0026rdquo;\r\u0026gt; \u0026gt; One-Eye pulled of his ratty T-shirt.\r\u0026gt; The seven dwarfs danced across his massive chest between knife and bullet scars. \u0026gt; On his stomach, Snow White and Cinderella were locked in a frothy embrace of mutual muffin munching.\r\u0026gt; \u0026ldquo;Yeah, I made the mistake of walking around without a shirt. \u0026gt; A Disney executive who was up here on vacation saw me down be the wharf. \u0026gt; He called their legal pit bulls.\u0026rdquo;\r\u0026gt; \u0026gt; Tommy shook his head in sympathy.\r\u0026gt; \u0026ldquo;I didn\u0026rsquo;t know they put you in jail for copyright infringement.\u0026rdquo;\r\u0026gt; \u0026ldquo;Well, they don\u0026rsquo;t, really. It was when I ripped the guy\u0026rsquo;s shoulder out of their sockets that the police got involved.\u0026rdquo;\r\u0026gt; \u0026ldquo;That\u0026rsquo;s not a crime, either, is it?\u0026rdquo;\r\u0026gt; One-Eye rubbed his temples as if it was excruciating to remember. \u0026ldquo;It was in front of his kids.\u0026rdquo;\r\u0026gt; \u0026ldquo;Oh,\u0026rdquo; Tommy said.\r\u0026gt; \u0026gt; \u0026ldquo;Flood, on your feet,\u0026rdquo; a guard said from the cell door.\r\u0026gt; Inspector Nick Cavuto stood behind him.\r\u0026gt; \u0026ldquo;C\u0026rsquo;mon, cutie,\u0026rdquo; Cavuto said. \u0026ldquo;We\u0026rsquo;re going for a last walk.\u0026rdquo;\n","date":"2007-02-06T00:00:00Z","href":"https://blog.koehntopp.info/2007/02/06/fertig-gelesen-bloodsucking-fiends.html","tags":["media","review","lang_de"],"title":"Fertig gelesen: Bloodsucking Fiends"},{"categories":null,"content":" Kris bei 200 km/h Gegenwind im Windtunnel von Sky Venture, Orlando.\n","date":"2007-02-03T00:00:00Z","href":"https://blog.koehntopp.info/2007/02/03/supertopp.html","tags":["mysql","travel","lang_de"],"title":"Supertopp!"},{"categories":null,"content":"Auf Sourceforge findet man Plug-in development guidelines für den Nagios Netzwerkmonitor. Demnach ist es trivial, Nagios-Plugins zu entwickeln: Der Check ist ein externes Programm, das den Returncode 0, 1 oder 2 zurückgibt und eine einzeilige Nachricht auf stdout druckt.\nTun wir das doch mal für MySQL: Wir wollen die Anzahl der Threads_connected überwachen und den Replikationsstatus: SQL-Thread und IO-Thread müssen laufen und der Slave-Lag darf nicht zu groß sein.\nWir schreiben das Plugin in C, damit wir zugleich mal lernen, die MYSQL Client-API in C zu verwenden - Shellscripte, die sich das Abbrechen gibt es ja schon genug.\nDer gesamte Quelltext aus diesem Beispiel kann hier heruntergeladen werden: check_mysql.c Unser Programm soll eine Reihe von Optionen verarbeiten. Wir lesen die Optionen mit GNU getopt_long . Die Funktion braucht eine Optionsliste in einem struct options Array, in dem wir die Optionen deklarieren.\nWir wollen:\n\u0026ndash;mode={slave-lag,slave-io-running,slave-sql-running,connections}, \u0026ndash;threshold-warn=x, \u0026ndash;threshold-err=x und die üblichen MySQL Connection-Options (\u0026ndash;user, \u0026ndash;password, \u0026ndash;host und \u0026ndash;port). In Code sieht das so aus:\nstruct option long_options[] = { { \u0026#34;host\u0026#34;, 1, 0, \u0026#39;h\u0026#39; }, { \u0026#34;user\u0026#34;, 1, 0, \u0026#39;u\u0026#39; }, { \u0026#34;password\u0026#34;, 1, 0, \u0026#39;p\u0026#39; }, { \u0026#34;port\u0026#34;, 1, 0, \u0026#39;P\u0026#39; }, { \u0026#34;mode\u0026#34;, 1, 0, \u0026#39;m\u0026#39; }, { \u0026#34;threshold-warn\u0026#34;, 1, 0, \u0026#39;t\u0026#39;}, { \u0026#34;threshold-err\u0026#34;, 1, 0, \u0026#39;T\u0026#39; }, { \u0026#34;debug\u0026#34;, 1, 0, \u0026#39;d\u0026#39;}, { \u0026#34;help\u0026#34;, 1, 0, \u0026#39;?\u0026#39; }, { NULL, 0,0,0 } }; typedef enum { unspecified, slave_lag, slave_io_running, slave_sql_running, connections } mode_t; char *host = \u0026#34;127.0.0.1\u0026#34;; char *user = \u0026#34;root\u0026#34;; char *password = \u0026#34;\u0026#34;; int port = 3306; mode_t mode = unspecified; int threshold_warn= 30; int threshold_err = 60; int debug = 0; Die Optionen werden dann wie folgt eingelesen:\nvoid parse_args(int argc, char *argv[]) { int c; int optind = 0; char *myarg = NULL; while (1) { c = getopt_long(argc, argv, \u0026#34;h:u:p:P:m:t:T:d?\u0026#34;, long_options, \u0026amp;optind); if (c == -1) break; if (optarg) { myarg = strdup(optarg); if (!myarg) { printf(\u0026#34;CRIT: Out of memory in strdup!\\n\u0026#34;); exit(2); } } switch(c) { case \u0026#39;?\u0026#39;: // Hilfstext exit(2); break; case \u0026#39;h\u0026#39;: host = myarg; break; case \u0026#39;u\u0026#39;: user = myarg; break; case \u0026#39;p\u0026#39;: password = myarg; break; case \u0026#39;P\u0026#39;: port = atoi(myarg); free(myarg); break; case \u0026#39;m\u0026#39;: if (strcmp(myarg, \u0026#34;slave-lag\u0026#34;) == 0) { mode = slave_lag; } else if ( strcmp(myarg, \u0026#34;slave-io-running\u0026#34;) == 0 ) { mode = slave_io_running; } else if ( strcmp(myarg, \u0026#34;slave-sql-running\u0026#34;) == 0 ) { mode = slave_sql_running; } else if ( strcmp(myarg, \u0026#34;connections\u0026#34;) == 0 ) { mode = connections; } else { mode = unspecified; } free(myarg); break; case \u0026#39;t\u0026#39;: threshold_warn = atoi(myarg); free(myarg); break; case \u0026#39;T\u0026#39;: threshold_err = atoi(myarg); free(myarg); break; case \u0026#39;d\u0026#39;: debug = atoi(myarg); free(myarg); break; default: printf(\u0026#34;CRIT: Unknown option: %c\\n\u0026#34;, c); exit(2); break; } } return; } Die Formalitäten sind damit erledigt: Wir haben ein Programm, das die gewünschten Kommandozeilenoptionen einlesen kann und an die Arbeit gehen könnte.\nDie Arbeit besteht bei uns darin, an ein MySQL zu verbinden, eine Query auszuführen, das einzeilige Resultat zu lesen und eine bestimmte Spalte aus dem Resultat auszuschneiden, um diese als String zurückzugeben.\nDie Funktion run_query() tut dies für uns:\nchar *run_query(MYSQL *m, char *cmd, int col) { MYSQL_ROW row; MYSQL_RES *res; if (debug) fprintf(stderr, \u0026#34;Field %d of query %s\\n\u0026#34;, col, cmd); if (mysql_real_query(m, cmd, strlen(cmd)) != 0) { printf(\u0026#34;CRIT: Query %s failed: %s\\n\u0026#34;, cmd, mysql_error(m) ); exit(2); } res = mysql_store_result(m); if (!res) { printf(\u0026#34;CRIT: Query %s failed: %s\\n\u0026#34;, cmd, mysql_error(m) ); exit(2); } if (row = mysql_fetch_row(res)) { unsigned int num_fields = mysql_num_fields(res); unsigned long *len = mysql_fetch_lengths(res); if (col \u0026lt; num_fields) { if (debug) fprintf(stderr, \u0026#34;Result column %d returns value \\\u0026#34;%s\\\u0026#34; (length %d)\\n\u0026#34;, col, row[col], len[col]); return len[col]?strndup(row[col], len[col]):0; } else { printf(\u0026#34;CRIT: Query cmd does not return %d fields (it returns %d fields).\\n\u0026#34;, cmd, col, num_fields ); exit(2); } } mysql_free_result(res); return NULL; } Die Funktion bekommt eine bestehende MySQL-Verbindung m als Parameter übergeben, zudem eine SQL-Query cmd und eine Spaltennummer, die aus dem einzeiligen Resultset der Query ausgesägt werden soll. Intern brauchen wir eine MYSQL_ROW row und einen Resultset MYSQL_RES res.\nDie Query wird mit mysql_real_query() an den Server gesendet. Wenn dabei kein Fehler gemeldet wird, können wir den gesamten Resultset mit mysql_store_result() zum Client nach res kopieren. Der Server ist damit fertig.\nAuf dem Client lesen wir nun mit mysql_fetch_row(res) eine Zeile aus dem Resultset. Diese Zeile hat mysql_num_fields(res) viele Spalten, deren Längen man mit mysql_fetch_length() bestimmen kann. Wenn unser gewünschtes Zielfeld im Datensatz enthalten ist (col \u0026lt; num_fields), dann duplizieren wir das und sind fertig (Nun ja, gemogelt: Wir hätten noch mysql_free_result() aufrufen müssen, aber wir machen sowieso gleich exit()).\nAnsonsten beklagen wir uns gar bitterlich und sind dann fertig.\nIm Hauptprogramm müssen wir nun eine Connection öffnen und dann je nach Mode die passenden Sachen checken. Erstmal eine Connection bauen.\nint main(int argc, char *argv[]) { parse_args(argc, argv); if (mode == unspecified) { printf(\u0026#34;CRIT: No or wrong mode specified. Specify --mode={slave-lag,slave-io-running,slave-sql-running,connections}\\n\u0026#34;); exit(2); } if (debug) fprintf(stderr, \u0026#34;Connect to %s:%d with %s:%s for test %d with threshold_warn %d and threshold_err %d.\\n\u0026#34;, host, port, user, password, mode, threshold_warn, threshold_err ); mysql_init(\u0026amp;mysql); if (!mysql_real_connect(\u0026amp;mysql, host, user, password, \u0026#34;mysql\u0026#34;, port, NULL, 0)) { printf(\u0026#34;CRIT: Cannot connect to database: Error: %s\\n\u0026#34;, mysql_error(\u0026amp;mysql)); exit(2); } if (debug) printf(\u0026#34;Connected...\\n\u0026#34;); Jetzt können wir je nach mode unterschiedliche Dinge tun. Zum Beispiel den Slave Lag checken:\nif (mode == slave_lag) { int lag; char *p; p = run_query(\u0026amp;mysql, \u0026#34;show slave status\u0026#34;, 32); if (p == NULL) { printf(\u0026#34;CRIT: Slave lag NULL\\n\u0026#34;); exit(2); } lag = atoi(p); free(p); if (lag \u0026gt; threshold_err) { printf(\u0026#34;CRIT: Slave lag %d sec exceeds threshold_err %d sec\\n\u0026#34;, lag, threshold_err); exit(2); } if (lag \u0026gt; threshold_warn) { printf(\u0026#34;WARN: Slave lag %d sec exceeds threshold_warn %d sec\\n\u0026#34;, lag, threshold_warn); exit(1); } printf(\u0026#34;OK: Slave lag %d is inside tolerance.\\n\u0026#34;, lag); exit(0); } Oder Slave-IO und Slave-SQL testen:\nif (mode == slave_io_running) { char *p; p = run_query(\u0026amp;mysql, \u0026#34;show slave status\u0026#34;, 10); if (p == NULL) { printf(\u0026#34;CRIT: Slave io not running\\n\u0026#34;); exit(2); } if (strcmp(p, \u0026#34;Yes\u0026#34;) != 0) { printf(\u0026#34;CRIT: Slave io not running: result is %s\\n\u0026#34;, p); exit(2); } printf(\u0026#34;OK: Slave io is running.\\n\u0026#34;); exit(0); } if (mode == slave_sql_running) { char *p; p = run_query(\u0026amp;mysql, \u0026#34;show slave status\u0026#34;, 11); if (p == NULL) { printf(\u0026#34;CRIT: Slave sql not running\\n\u0026#34;); exit(2); } if (strcmp(p, \u0026#34;Yes\u0026#34;) != 0) { printf(\u0026#34;CRIT: Slave sql not running: result is %s\\n\u0026#34;, p); exit(2); } printf(\u0026#34;OK: Slave sql is running.\\n\u0026#34;); exit(0); } Oder eben die Anzahl der Threads_connected prüfen und ggf. anmeckern:\nif (mode == connections) { char *p; int conn = 0; p = run_query(\u0026amp;mysql, \u0026#34;show global status like \u0026#39;Threads_connected\u0026#39;\u0026#34;, 1); if (p == NULL) { printf(\u0026#34;CRIT: No connection information available.\\n\u0026#34;); exit(2); } conn = atoi(p); free(p); if (conn \u0026gt; threshold_err) { printf(\u0026#34;CRIT: Threads_connected %d exceeds threshold_err %d\\n\u0026#34;, conn, threshold_err); exit(2); } if (conn \u0026gt; threshold_warn) { printf(\u0026#34;WARN: Threads_connected %d exceeds threshold_warn %d\\n\u0026#34;, conn, threshold_warn); exit(1); } printf(\u0026#34;OK: Threads_connected %d\\n\u0026#34;, conn); exit(0); } Compiled wird so:\nLIBS=-lmysqlclient CFLAGS=-g all: check_mysql check_mysql: check_mysql.c cc $(CFLAGS) -o check_mysql check_mysql.c $(LIBS) Und im Nagios kann man dann in /etc/nagios/checkcommands.cfg definieren:\ndefine command { command_name check_mysql_status command_line /usr/lib/nagios/plugins/custom/check_mysql --mode=$ARG1$ -h $HOSTALIAS$ -u monitor -p g33k $ARG2$ } Ein Service kann dann definiert werden als\ndefine service { name template-mysql-slave-lag use template-standardhost register 0 service_description MySQL slave-lag check_command check_mysql_status!slave-lag!--threshold-warn=600 --threshold-err=900 } ","date":"2007-01-20T00:00:00Z","href":"https://blog.koehntopp.info/2007/01/20/ein-nagios-plugin-fuer-mysql.html","tags":["monitoring","mysql","lang_de"],"title":"Ein Nagios-Plugin für MySQL"},{"categories":null,"content":"Martin schreibt mir:\nThe ground is the limit\u0026hellip;.\nTel Aviv. Mittwoch, 18. Januar 2006, ca. 15 Uhr: Ich sitze im Terminal und warte auf meinen Flieger. Von Kollegen und aus den News wusste ich von Kyrill. Ich will über Zürich nach Hamburg fliegen und mache mir Sorgen, ob das Wetter eine Landung in Hamburg erlauben wird. Gate-Personal in Tel Aviv weiß nichts von einem Sturm. Wie auch: Es sind 17 Grad bei strahlendem Sonnenschein.\nWir haben für Flug eine Boeing von El Al (zweistrahlig, ca. 100 Plätze, Typ erinnere ich mich nicht mehr). Der Flug geht über Rhodos, die Türkei, den Balkan, Österreich nach Zürich. Im Bordprogramm läuft \u0026ldquo;The Guardian\u0026rdquo;. Der Film geht über Rettungsschwimmer im Sturm ;-).\nCa. 5 Stunden später merke ich, dass ich mir um den falschen Flugplatz sorgen gemacht habe.\nInzwischen versuchen wir zum vierten Mal in Zürich zu landen. Das heisst, wir fliegen seit 60 Minuten durch heftige Turbulenzen. Fast keiner redet mehr. Drei Mal ist der Pilot schon durchgestartet, da er zu weit vom Anflug abkam. So ein Durchstarten in 20-50 m Höhe ist durchaus ein Erlebnis. Wie beim Starten spürt man den Ruck von der Beschleunigung, außerdem fährt der Flieger sofort das Fahrwerk wieder ein.\nBeim vierten Versuch sind alle in der Kabine mucksmäuschenstill. Das Licht ist (bis auf die Leselichter, und lesen tut keiner mehr) aus. Mehrere Leute kotzen herzhaft und einige Unglückliche werden von Kopf bis Fuß eingedeckt. Die Crew scheint es vorhergesehen zu haben, denn die Klimaanlage läuft auf vollen Touren. Dadurch bleibt der ansteckende Gestank größtenteils aus. Dafür ein Dankeschön von mir.\nWie bei den letzten drei Versuchen werden die Turbulenzen stärker je tiefer wir kommen. Die Maschine sackt mehrfach durch (keine Ahnung, würde sagen so 10-20 m) und wird auch von Böen quer zur Flugrichtung versetzt. Die Tragflächen zeigen die Last auf der Maschine deutlich, indem sie sich sichtbar durchbiegen (würde schätzen 1-2 m am Flügelende).\nBeim Aufsetzen auf der Landebahn wird schlagartig die aufgestaute Spannung frei. Zwei Frauen sacken ohnmächtig im Sitz zusammen und werden von Mitreisenden wieder aufgepäppelt. Das Aussteigen funktioniert sehr flott. Keiner sagt es, aber alle wollen nur noch raus. Beim Verlassen der Maschine kommen viele nur bis zum Gate. Dort bleiben sie stehen, atmen sichtbar heftig, einige weinen jetzt auch.\nMit hängender Zunge erreichen ich meinen Anschlussflieger (hatte jetzt nur noch 15 min zum Umsteigen von Terminal E nach Terminal A). Mein Gepäck ist nicht so sportlich und spannt noch in Zürich aus. Ich frage beim Einsteigen die Crew, ob uns wieder das Gleiche bevorsteht. Die meinen dann, dass es in Hamburg aufgrund nicht vorhandener Berge nicht solche Verwirbelungen gebe. Sie behalten Recht\u0026hellip;\nKeine Ahnung, ob der Anflug auf Zürich jetzt für einen Piloten eine Standard-Situation war. Ich bin ihm am Ende jedenfalls sehr dankbar gewesen. Für kein Geld der Welt hätte ich mit ihm tauschen wollen.\nMartin ist inzwischen glücklich daheim. Grüße an meine Mutter, die diesen Sturm noch nicht auf Föhr verbracht hat.\n","date":"2007-01-19T00:00:00Z","href":"https://blog.koehntopp.info/2007/01/19/ein-flugbericht.html","tags":["travel","lang_de"],"title":"Ein Flugbericht"},{"categories":null,"content":"Urheberrechtsschützer nutzen widerrechtlich fremde Inhalte : Auf der Site von Copypolice.de , gefördert von 20th Century Fox, Eurovideo, Kinowelt, Paramount, Universal, MGM, WB, aber auch von Prominenten wie Oliver Kalkhofe, nimmt es mit dem Urheberrecht laut Heise nicht so genau:\nIm News- und Forenbereich der Site haben Moderatoren mehrfach komplette Meldungen von heise online und aus anderen Nachrichtenquellen eingestellt – teilweise sogar ohne Nennung der Urheber. Den Hinweis eines Nutzers auf die eindeutigen Verstöße gegen das Urheberrecht hat ein Moderator im Forum zur Kenntnis genommen, aber ansonsten ignoriert.\nDas dazu.\n","date":"2007-01-17T00:00:00Z","href":"https://blog.koehntopp.info/2007/01/17/legal-illegal.html","tags":["copyright","media","film","lang_de"],"title":"Legal, Illegal, ..."},{"categories":null,"content":"Disclaimer: Meine Windows-Kenntnisse sind beschränkt, veraltet und ausschließlich theoretischer Natur. Im Zweifel erzählt dieser Artikel Unsinn nach Hörensagen.\nNach dem Artikel form, exec, wait und exit habe ich mir aber einmal meine Kopie von Jeffrey Richters Windows - Programmierung für Experten (Advanced Windows) (1997) gegriffen und dort nachgeschlagen, wie man sich das mit den Prozessen und Programmen unter Windows vorstellt (oder jedenfalls vor 10 Jahren vorgestellt hat).\nWindows hat zu diesem Zweck die Systemfunktion CreateProcess (10 Parameters). Die liest sich so:\nBOOL WINAPI CreateProcess( LPCTSTR lpApplicationName, LPTSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCTSTR lpCurrentDirectory, LPSTARTUPINFO lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation);\nDie Funktion erzeugt einen neuen Prozeß und lädt in diesen ein neues Programm. Dieses wird dann gestartet. lpApplicationName ist der Pfadname des auszuführenden Programmes.\nlpCommandLine ist die Kommandozeile (der argv) des neuen Programmes. Sie wird als String und nicht als Vektor von Strings übergeben. Das Parsen der Kommandozeile in Wort wird also durch das Betriebssystem übernommen und kann nicht durch den Aufrufer kontrolliert werden. In Unix muß man bei execve() einen Vektor von Strings übergeben, das Zerlegen der Kommandozeile in Worte muß also durch den Aufrufer, z.B. die Shell übernommen werden. Die anderen Funktionen der exec-Familie sind Bibliotheksfunktionen, die einem hier einen Teil der Arbeit abnehmen.\nlpApplicationName und lpCommandLine interagieren: lpApplicationName darf NULL sein, dann wird das erste Wort von lpCommandLine nach der Zerlegung in Worte als lpApplicationName interpretiert. lpApplicationName darf ohne Endung angegeben werden, dann rät Windows die Extension bzw. probiert eine Liste von ausführbaren System-Extensions aus.\nlpApplicationName darf auch ein unqualifizierter Pfadname sein. In diesem Fall wird das Absuchen eines System-Suchpfades wird durch diese Funktion von Windows übernommen. In Unix führt execve() genau das Binary aus, dessen Pfadnamen man angegeben hat. Will man einen Suchpfad absuchen, muß man execve() in einer Schleife so lange ausführen, bis es nicht mehr zurück kommt.\nlpProcessAttributes ist kein einzelner Parameter, sondern ein Zeiger auf eine SECURITY_ATTRIBUTES -Struktur, die man ausfüllen kann und die viele Parameter enthalten kann. Die Struktur enthält eine ACL für die Discretionary Access Control, bestimmt also im wesentlichen, wer diesen Prozeß anfassen und was mit ihm machen darf. In Unix gibt es kein vergleichbares Konzept für Prozesse: Ein Prozeß hat entweder die entsprechende Capability (etwa CAP_KILL oder CAP_SYS_PTRACE) oder nicht.\nlpThreadAttributes erzeugt ist der passende Parameter für den in dem Prozeß zwingend enthaltenen Thread. bInheritHandles definiert, ob vererbbare Handles auf Objekte von dem neu erzeugten Prozeß geerbt werden.\ndwCreationFlags legt die Priorität des Prozesses und weitere Flags für den neuen Prozeß fest. In Unix würde man all dies zwischen dem fork() und dem exec() mit einzelnen Calls machen, etwa mit Calls aus der setpriority()-Familie oder mit Aufrufen nach setpgrp().\nlpEnvironment entspricht konzeptuell, aber nicht im Format dem envp von execve.\nlpCurrentDirectory ist das aktuelle Verzeichnis des neuen Prozesses. In Unix würde man den identischen Effekt erreichen, indem man zwischen dem fork() und dem exec()-Systemaufruf ein chdir() (oder chroot()) aufruft.\nlpStartupInfo ist ein Zeiger auf eine eine Struktur STARTUPINFO , die keine Entsprechung in Unix hat, weil hier Dinge angegeben werden, die mit den Fenstern einer Anwendung zu tun haben. Unix handhabt diese Dinge komplett vom Betriebssystemkern getrennt und daher finden wir in den Betriebssystem-Primitiven zu Prozessen keine Fensterinformationen. Genaugenommen ist lpStartupInfo entweder ein Zeiger auf eine STARTUPINFO oder STARTUPINFOEX-Struktur. Was es genau ist wird mit einem Flag in dwCreationFlags angegeben. Das ist nicht typsicher, und das ist bemerkenswert, weil Windows an anderer Stelle sehr viel Wert auf solche Dinge legt.\nDer letzte Parameter von CreateProcess, lpProcessInformation, ist ein Referenzparameter auf eine PROCESS_INFORMATION -Struktur, die von Windows überschrieben und ausgefüllt wird. Wir finden dort die Handles zu unserem Prozeß und dem darin enthaltenen Thread sowie eine ProcessId und eine ThreadId.\nWill man das Äquivalent zu einem setuid()-Eignerwechsel in Unix in Windows durchführen, kommt dieses Konzept an seine Grenzen - so etwas ist trotz der Vielzahl der Parameter von CreateProcess() in Windows nicht vorgesehen. Man braucht eine neue Funktion, CreateProcessAsUser (11 Parameter).\nAnalyse Hier wird der grundlegende Unterschied zwischen den Konzepten von Windows und Unix deutlich: Die Unix-API stammt von Mitte der 70er Jahre und hat sich in den vergangenen mehr als 30 Jahren nicht wesentlich verändert.\nSie genügt heutigen Ansprüchen, weil sie alle Ansprüche nicht erfüllt - sie liefert stattdessen relativ atomare primitive Funktionen und trennt sogar auf den ersten, flüchtigen Blick zusammengehörende Dinge wie Erzeugen von Prozessen und Laden von Programmen. Dadurch muß ein Programmierer einer Anwendung entweder eine Bibliotheksfunktion verwenden, die fork() und exec() in etwas bequemeres einpackt (etwa system() oder popen()) oder all die Dinge selber machen, die Windows im Kernel für den Programmierer erledigt. fork() hat keine Parameter und execve() hat deren drei.\nWill man mehr, hat man die Gelegenheit, das Environment des neuen Prozesses nach dem fork() vor dem Start des neuen Programmes mit execve() von innen zu verändern.\nWindows dagegen erzeugt eine alles-in-einem Funktion, die für den häufigen Anwendungsfall und alle denkbaren Varianten Extraparameter hat. Windows hat dabei die Sicht von außen auf den Kindprozeß. Dies führt zu nützlichen Dingen wie einer Thread- und Prozeß DACL, ist aber konzeptuell nicht gut erweiterbar. Dinge wie ein setuid()-Aufruf zwischen fork() und exec() sind mit CreateProcess() nicht abbildbar und machen weitere Funktionen erforderlich, die noch mehr Parameter haben.\nDas Konzept von Unix ist auf den ersten Blick umständlich und wenig intuitiv. Es genügt von der Aufteilung her jedoch den Ansprüchen, die man als Datenbanker an eine Normalform hätte und ist daher flexibel und ohne Änderungen am Kern erweiterbar - unabhängige Konzepte sind als unabhängige Funktionen implementiert und Erweiterung erfolgt durch Einschieben weiterer Aufrufe zwischen fork() und exec(). Neben dem Vorteil der Erweiterbarkeit hat dies den Nachteil, daß mehr Systemaufrufe notwendig sind als bei Windows (Unix-Systemaufrufe müssen schnell sein, damit dieses Konzept aufgeht) und daß man unter Umständen ein Problem mit der Atomizität bekommen kann.\nBeispiel ist hier die Aufgabe: \u0026ldquo;Starte aus einem Debugger einen Programm in einem Kindprozeß und zwar so, daß der Kindprozeß ohne Racecondition auf der ersten Anweisung des Kindes stoppt und debugbar ist.\u0026rdquo;. Das Problem war lange Zeit nicht lösbar, und wurde von Linux durch das PTRACE_TRACEME-Flag zu ptrace() gelöst, das neben einigen anderen Dingen bewirkt, daß ein Kindprozeß nach einem execve() erst mal mit einem SIGTRAP stehen, bleibt bevor er irgendwas selber macht. Bemerkenswert ist, daß die Erweiterung möglich war, ohne das bestehende 30 Jahre alte Konzept von fork, exec und wait verändern zu müssen.\n","date":"2007-01-07T00:00:00Z","href":"https://blog.koehntopp.info/2007/01/07/fork-und-exec-vs-createprocess.html","tags":["c","linux","schulung","unix","lang_de"],"title":"fork und exec vs. CreateProcess"},{"categories":null,"content":"In de.comp.os.unix.linux.misc fragte jemand:\nWerden in einem Skript die Befehle streng sequentiell ausgeführt, d.h. der nächste erst bearbeitet, wenn der Vorgänger vollständig ausgeführt ist, oder wird automatisch bei unvollständiger Auslastung des Systems bereits der nächste Befehl angefangen? Läßt sich das Standardverhalten - wie auch immer es sein mag - bei Bedarf ändern? Wenn man in ein Shellbuch schaut, wird einem an der einen oder anderen Stelle möglicherweise erläutert, daß die Shell jeden Befehl in einem eigenen Prozeß abarbeitet. Dann wiederum fängt man möglicherweise an zu denken und fragt sich, wie das alles zusammenhängt. Sobald man dort angekommen ist, kann man sich mit dem Unix-Prozeßzyklus beschäftigen.\nProzeß und Programm Ein Programm ist in Unix eine Serie von ausführbaren Maschineninstruktionen auf der Platte. Man kann mit dem Befehl size einen sehr oberflächlichen Blick auf die Struktur des Programmes werfen oder mit objdump sehr viel mehr Detailinformation bekommen. Der Aspekt, der uns hier interessieren soll: Ein Programm ist eine Folge von Anweisungen und Daten (auf der Platte), die möglicherweise einmal ausgeführt werden.\nEin Prozeß ist ein in Ausführung befindliches Programm. Er besteht aus dem Programm selbst (also der Versammlung von Anweisungen und Daten) und dem aktuellen Zustand der Ausführung. Dazu gehört neben der Memory-Map, die sagt wie das Programm und seine Daten im Speicher angeordnet sind auch der Programmzähler, die Prozessorregister und der Stack des Prozesses, aber auch sein Root-Directory, sein aktuelles Verzeichnis, die Umgebungsvariablen und alle offenen Dateien sowie einigen weiteren Dingen.\nUnix behandelt Prozesse und Programme als die verschiedenen Dinge, die es sind: Es ist möglich, ein Programm mehr als einmal auszuführen - es ist zum Beispiel möglich, mehr als eine Kopie des Texteditors vi offen zu haben, die zwei unterschiedliche Texte bearbeiten. Programm und (initiale) Daten beider Prozesse sind gleich, aber der Zustand beider Prozesse ist verschieden. Es ist auch möglich, im selben Prozeß nacheinander mehr als ein Programm auszuführen - dazu schmeißt sich das aktuelle Programm in dem Prozeß selbst weg und ersetzt sich durch ein zweites, in diesen Prozeß nachgeladene Programm.\nUnix regelt all diese Dinge mit vier sehr einfachen Systemkonzepten - fork(), exec(), wait() und exit().\nUsermode und Kernel Prozeßwechsel: Es wird ein Stück Prozeß 1 abgearbeitet, dann (1) auf Prozeß 2 umgeschaltet. Nach einer Weile wird (2) wieder auf Prozeß 1 zurück geschaltet. Die Ausführung von Prozeß 1 erscheint lückenlos, erfolgt aber in zeitlich nicht zusammenhängenden Intervallen.\nWenn ein Unix-Prozeß eine Systemfunktion aufruft (und noch bei ein paar anderen Gelegenheiten), dann verläßt der betreffende Prozeß seinen Userkontext und betritt den privilegierten Betriebsystemkern, den Kernel. Dort wird die aufgerufene Systemfunktion ausgeführt und danach landet jede dieser Funktionen im Scheduler. Der Scheduler entscheidet dann, welcher Prozeß als nächstes dran kommt und kehrt aus dem Kernel in diesen Prozeß zurück. Das kann unser Ausgangsprozeß oder nach Entscheidung des Schedulers ein anderer Prozeß sein.\nWir halten für die Zwecke diese Textes fest: Jeder Systemaufruf wechselt vom Userkontext in den Kernel. Der einzige Weg aus dem Kernel in einen Userkontext führt durch den Scheduler, und dann kehren wir unter Umständen nicht in den Ausgangsprozeß zurück. Bei jedem Systemaufruf kann ein Prozeß also seine CPU verlieren.\nDas ist nicht schlimm, weil dieser andere Prozeß auch irgendwann einmal die CPU aufgeben muß und wir dann in unseren eigenen Prozeß zurück kehren als sei nichts gewesen.\nUnser Programm wird also nicht linear abgearbeitet, sondern in kurzen linearen Segmenten, zwischen denen Pausen liegen können. In den Pausen arbeitet die CPU an den Segmenten der anderen Prozesse, die ebenfalls lauffähig sind.\nfork() und exit() In traditionellem Unix ist der Systemaufruf fork() die einzige Methode, einen neuen Prozeß zu erzeugen. Der neue Prozeß enthält eine Kopie des laufenden Programmes. Er hat eine neue Prozeß-ID und die Prozeß-ID des Erzeugers ist als seine Parent Prozeß-ID (PPID) eingetragen.\nIm Parent-Prozeß kehrt fork() mit der PID des neuen Prozesses als Ergebnis zurück. Der neue Prozeß kehrt ebenfalls aus dem Systemaufruf fork() zurück, liefert dort aber das Resultat 0.\nDer Systemaufruf fork() ist also insofern besonders, als daß er einmal betreten wird, aber zweimal verlassen wird: Einmal im Elternprozeß und einmal im neu erzeugten Kindprozeß. fork() erhöht die Anzahl der laufenden Prozesse im System um eins.\nJeder Unix-Prozeß beginnt seine Existenz also, indem er aus einem fork()-Systemaufruf spontan zurückkehrt und ein Programm ausführt, daß eine Kopie des Elternprogrammes ist. Sein Schicksal unterscheidet sich vom Schicksal des Elternprozesses, weil das Ergebnis des fork()-Aufrufes unterschiedlich ist (0 statt der PID des Kindes) und man dies zur Verzweigung nutzen kann.\nIn Code:\n#include \u0026lt;stdio.h\u0026gt; #include \u0026lt;unistd.h\u0026gt; #include \u0026lt;stdlib.h\u0026gt; main(void) { pid_t pid = 0; pid = fork(); if (pid == 0) { printf(\u0026#34;Ich bin der Kindprozess.\\n\u0026#34;); } if (pid \u0026gt; 0) { printf(\u0026#34;Ich bin der Elternprozess, das Kind ist %d.\\n\u0026#34;, pid); } if (pid \u0026lt; 0) { perror(\u0026#34;In fork():\u0026#34;); } exit(0); } und\nkris@linux:/tmp/kris\u0026gt; make probe1 cc probe1.c -o probe1 kris@linux:/tmp/kris\u0026gt; ./probe1 Ich bin der Kindprozess. Ich bin der Elternprozess, das Kind ist 16959. Wir vereinbaren also eine Variable pid vom Typ pid_t.\nDiese Variable speichert das Ergebnis des Systemaufrufes fork() und mit Hilfe dieses Wertes aktivieren wir entweder das eine (\u0026ldquo;Ich bin der Kindprozeß\u0026rdquo;) oder das andere (\u0026ldquo;Ich bin der Elternprozeß\u0026rdquo;) if().\nStarten wir das Programm, erhalten wir zwei Ausgaben. Da innerhalb eines Prozesses nur ein Status existieren kann und nur eines der beiden if() betreten werden kann, wir aber zwei Ausgaben erhalten haben, müssen wir zwei Prozesse erzeugt haben.\nIndem wir das Ergebnis von getpid() druckten, könnten wir das sogar noch anschaulicher zeigen.\nDer Systemaufruf fork() wird einmal betreten, aber zweimal verlassen und erhöht die Anzahl der Prozesse im System um eins. Nach dem Ablauf unseres Programmes ist die Anzahl der Prozesse im System aber wieder genauso hoch wie vor dem Aufruf des Programmes. Es muß also einen weiteren Systemaufruf geben, der die Anzahl der Prozesse im System um eins erniedrigt.\nDieser Aufruf ist exit().\nexit() wird einmal betreten und nie verlassen. Er verkleinert die Anzahl der Prozesse im System um eins. exit() liefert außerdem einen Exitstatus, den der Elternprozeß abholen kann (oder gar muß) und der ihn über das Schicksal seines Kindes informiert.\nIn unserem Beispiel enden alle Varianten unseres Programmes mit exit() - wir rufen exit() also im Elternprozeß und im Kindprozeß auf, beenden also zwei Prozesse. Das können wir nur deswegen tun, weil unser Elternprozeß auch ein Kindprozeß ist und zwar ein Kind der Shell.\nDie Shell arbeitet also genau wie wir:\nbash (16957) --- erzeugt durch fork() ---\u0026gt; bash (16958) --- wird zu ---\u0026gt; probe1 (16958) probe1 (16958) --- erzeugt durch fork() ---\u0026gt; probe1 (16959) --\u0026gt; exit() | +---\u0026gt; exit() exit() schließt alle Dateien und Internetverbindungen eines Prozesses, gibt allen Speicher frei und beendet dann den Prozeß. Der Parameter von exit(), der Exitstatus, wird an den Elternprozeß zurückgegeben.\nwait() Der Kindprozeß endet durch ein exit(0). Die 0 ist der Exitstatus unseres Programmes und steht nun zur Abholung bereit. Wir müssen im Elternprozeß den Exitstatus abholen. Dies geschieht mit der Systemfunktion wait().\nIn Code:\n#include \u0026lt;stdio.h\u0026gt; #include \u0026lt;unistd.h\u0026gt; #include \u0026lt;stdlib.h\u0026gt; #include \u0026lt;sys/types.h\u0026gt; #include \u0026lt;sys/wait.h\u0026gt; main(void) { pid_t pid = 0; int status; pid = fork(); if (pid == 0) { printf(\u0026#34;Ich bin der Kindprozess.\\n\u0026#34;); sleep(10); printf(\u0026#34;Ich bin der Kindprozess 10 Sekunden spaeter.\\n\u0026#34;); } if (pid \u0026gt; 0) { printf(\u0026#34;Ich bin der Elternprozess, das Kind ist %d.\\n\u0026#34;, pid); pid = wait(\u0026amp;status); printf(\u0026#34;Ende des Prozesses %d: \u0026#34;, pid); if (WIFEXITED(status)) { printf(\u0026#34;Der Prozess wurde mit exit(%d) beendet.\\n\u0026#34;, WEXITSTATUS(status)); } if (WIFSIGNALED(status)) { printf(\u0026#34;Der Prozess wurde mit kill -%d beendet.\\n\u0026#34;, WTERMSIG(status)); } } if (pid \u0026lt; 0) { perror(\u0026#34;In fork():\u0026#34;); } exit(0); } und\nkris@linux:/tmp/kris\u0026gt; make probe2 cc probe2.c -o probe2 kris@linux:/tmp/kris\u0026gt; ./probe2 Ich bin der Kindprozess. Ich bin der Elternprozess, das Kind ist 17399. Ich bin der Kindprozess 10 Sekunden spaeter. Ende des Prozesses 17399: Der Prozess wurde mit exit(0) beendet. Die Variable status wird dem Systemaufruf wait() als Referenzparameter mit übergeben und von diesem überschrieben. Neben dem Exitstatus finden wir dort auch noch weitere Informationen über den Grund des Programmendes hinterlegt. Zur Decodierung stellt das System eine Reihe von Prädikaten wie WIFEXITED() oder WIFSIGNALED() zur Abfrage bereit und Extraktoren wie WEXITSTATUS() und WTERMSIG(). wait() gibt außerdem die Prozeß-ID des Prozesses zurück, der beendet wurde.\nwait() hängt im Elternprozeß so lange bis entweder ein Signal eintrifft oder ein Kindprozeß beendet wird.\nDas Programm init mit der PID 1 macht übrigens den ganzen lieben langen Tag nix anderes: Es hängt im wait() und frühstückt die ihm zugeworfenen Exitstati ab, um sie zu verwerfen. Außerdem liest es die /etc/inittab und startet die dort konfigurierten Programme. Ist eines dieser Programme auf Respawn gesetzt und wird beendet, wird es von init neu gestartet.\nBeendet sich ein Kindprozeß, ohne daß der Elternprozeß ein wait() macht, zerstört exit() schon einmal alle Datenstrukturen des Kindprozesses, kann jedoch den Prozeßlisteneintrag des Prozesses noch nicht wegwerfen, denn hier steht der Exitstatus des Kindes drin. Es könnte ja nun sein, daß der Elternprozeß sich irgendwann entschließt, ein wait() auszuführen und dann muß der Exitstatus ja bereitstehen.\nDer Kindprozeß ist also bereits tot - er hat exit() ausgeführt und alle Ressourcen freigegeben, kann aber noch nicht sterben, weil ja der Elternprozeß den Status noch nicht abgeholt hat. Unix nennt so einen Prozeß einen Zombie-Prozeß. Zombies werden in der Prozeßliste sichtbar, wenn ein Prozeßerzeuger falsch programmiert ist und nicht ausreichend wait() aufruft.\nAnders herum ist es auch möglich, daß ein Kindprozeß weiter läuft, während ein Elternprozeß beendet wird. Dann wird die Parent Prozeß-ID (PPID) des Kindes von der PID des Elternprozesses auf die Konstante 1 geändert, oder in anderen Worten - init erbt den Prozeß.\nBeendet sich das Kind, empfängt init den Exitstatus des Kindes, denn init hängt ja sowieso dauernd im wait. Dadurch wird die Entstehung eines Zombies in diesem Fall verhindert.\nWenn die Anzahl der Prozesse im System über die Laufzeit des System im Mittel konstant ist, dann ist die Anzahl der fork(), exit() und wait()-Aufrufe im System ebenfalls im Mittel gleich, denn für jedes fork() muß irgendwann einmal ein exit() gemacht werden und für jedes exit() muß der Elternprozeß einmal ein wait() machen (In Wirklichkeit ist die Situation wegen einiger anderer Regeln noch ein wenig komplizierter, aber erst einmal soll dies hier genügen).\nWir haben also ein sauberes fork-exit-wait-Dreieck.\nexec() So wie fork() Prozesse erzeugt, so lädt exec() Programme in einen Prozeß.\nIn Code:\n#include \u0026lt;stdio.h\u0026gt; #include \u0026lt;unistd.h\u0026gt; #include \u0026lt;stdlib.h\u0026gt; #include \u0026lt;sys/types.h\u0026gt; #include \u0026lt;sys/wait.h\u0026gt; main(void) { pid_t pid = 0; int status; pid = fork(); if (pid == 0) { printf(\u0026#34;Ich bin der Kindprozess.\\n\u0026#34;); execl(\u0026#34;/bin/ls\u0026#34;, \u0026#34;ls\u0026#34;, \u0026#34;-l\u0026#34;, \u0026#34;/tmp/kris\u0026#34;, (char *) 0); perror(\u0026#34;In exec(): \u0026#34;); } if (pid \u0026gt; 0) { printf(\u0026#34;Ich bin der Elternprozess, das Kind ist %d.\\n\u0026#34;, pid); pid = wait(\u0026amp;status); printf(\u0026#34;Ende des Prozesses %d: \u0026#34;, pid); if (WIFEXITED(status)) { printf(\u0026#34;Der Prozess wurde mit exit(%d) beendet.\\n\u0026#34;, WEXITSTATUS(status)); } if (WIFSIGNALED(status)) { printf(\u0026#34;Der Prozess wurde mit kill -%d beendet.\\n\u0026#34;, WTERMSIG(status)); } } if (pid \u0026lt; 0) { perror(\u0026#34;In fork():\u0026#34;); } exit(0); } kris@linux:/tmp/kris\u0026gt; make probe3 cc probe3.c -o probe3 kris@linux:/tmp/kris\u0026gt; ./probe3 Ich bin der Kindprozess. Ich bin der Elternprozess, das Kind ist 17690. total 36 -rwxr-xr-x 1 kris users 6984 2007-01-05 13:29 probe1 -rw-r--r-- 1 kris users 303 2007-01-05 13:36 probe1.c -rwxr-xr-x 1 kris users 7489 2007-01-05 13:37 probe2 -rw-r--r-- 1 kris users 719 2007-01-05 13:40 probe2.c -rwxr-xr-x 1 kris users 7513 2007-01-05 13:42 probe3 -rw-r--r-- 1 kris users 728 2007-01-05 13:42 probe3.c Ende des Prozesses 17690: Der Prozess wurde mit exit(0) beendet. Hier wird im Sohnprozeß der Code von probe3 weggeworfen (Das perror(\u0026quot;In exec():\u0026quot;) wird niemals ausgeführt) und durch den angegebenen Aufruf von ls ersetzt. In der Ausführung erkennen wir, daß probe3 wartet, bis das ls sich mit exit() beendet hat und dann seine eigene Ausführung danach fortsetzt.\nAls Shellscript Die Beispiele oben operieren in C. In bash sieht es so aus:\nkris@linux:/tmp/kris\u0026gt; cat probe1.sh #! /bin/bash -- echo \u0026#34;Starte Kindprozess\u0026#34; sleep 10 \u0026amp; echo \u0026#34;Der Kindprozess hat die ID $!\u0026#34; echo \u0026#34;Der Elternprozess hat die ID $$\u0026#34; echo \u0026#34;$(date): Elternprozess geht schlafen.\u0026#34; wait echo \u0026#34;Der Kindprozess $! hat den Exit-Status $?\u0026#34; echo \u0026#34;$(date): Elternprozess ist aufgewacht.\u0026#34; kris@linux:/tmp/kris\u0026gt; ./probe1.sh Starte Kindprozess Der Kindprozess hat die ID 18071 Der Elternprozess hat die ID 18070 Fri Jan 5 13:49:56 CET 2007: Elternprozess geht schlafen. Der Kindprozess 18071 hat den Exit-Status 0 Fri Jan 5 13:50:06 CET 2007: Elternprozess ist aufgewacht. Und hier beobachten wie die Shell bei der Ausführung von Kommandos:\nkris@linux:~\u0026gt; strace -f -e execve,clone,fork,waitpid bash kris@linux:~\u0026gt; ls clone(Process 30048 attached child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7dab6f8) = 30048 [pid 30025] waitpid(-1, Process 30025 suspended \u0026lt;unfinished ...\u0026gt; [pid 30048] execve(\u0026#34;/bin/ls\u0026#34;, [\u0026#34;/bin/ls\u0026#34;, \u0026#34;-N\u0026#34;, \u0026#34;--color=tty\u0026#34;, \u0026#34;-T\u0026#34;, \u0026#34;0\u0026#34;], [/* 107 vars */]) = 0 ... Process 30025 resumed Process 30048 detached \u0026lt;... waitpid resumed\u0026gt; [{WIFEXITED(s) \u0026amp;\u0026amp; WEXITSTATUS(s) == 0}], WSTOPPED WCONTINUED) = 30048 --- SIGCHLD (Child exited) @ 0 (0) --- ... Linux verwendet eine Verallgemeinerung von fork() mit dem Namen clone() um einen Kindprozeß zu erzeugen. Daher sehen wir keinen fork(), sondern einen clone()-Aufruf mit einigen Parametern.\nLinux verwendet außerdem die Variante waitpid() von wait(), um auf eine bestimmte PID zu warten.\nLinux startet außerdem das Programm mit execve() statt mit execl(), aber das ist nur eine andere Anordnung von Parametern. Nach dem Ende von ls (PID 30048) wird der Prozeß 30025 aus dem wait() erweckt und fortgesetzt.\nUnd hier ist der C-Code der Originalshell aus dem Jahre 1979, mit dem fork() (Man suche nach \u0026ldquo;case TFORK:\u0026rdquo; und wundere sich nicht über den Programmierstil von Herrn Bourne). Ja, bash ist schöner - GNU Code oder nicht.\n(nach einem News-Artikel von mir)\n","date":"2007-01-07T00:00:00Z","href":"https://blog.koehntopp.info/2007/01/07/fork-exec-wait-und-exit.html","tags":["linux","erklaerbaer","computer","lang_de"],"title":"fork, exec, wait und exit"},{"categories":null,"content":"Und die finale Analyse des Problemkomplexes Bundestrojaner kann man gemeinschaftlich so schnell wie hier in #lug-kiel durchführen:\nZ\u0026gt; In den letzten Tagen ist der Dedi 3x einfach stehengeblieben oder jemand hat ihn abgeschossen. In den Logdateien ist nix verdächtiges zu finden. Festplattentests sind in Ordnung.\nI\u0026gt; Z: Verschiedene Versionen vom Bundestrojaner haben diesen Effekt. Die Linux version ist noch nicht sehr stabil. Die Dinger werden zur Zeit auf allen möglichen Erotiksites als teil des Kipopräventionsprogrammes installiert.\nZ\u0026gt; ahja\nW\u0026gt; I: Und das Bot-Net kann der Staat dann fuer Spam-Versendung verticken.\nI\u0026gt; W: Wenn die Dinger erst einmal ausreichend verbreitet sind, ist es nur eine Frage der Zeit, bis das massenhaft gerootet wird. Insofern ist ein Verkauf solange man noch Eigentum dran hat durchaus sinnvoll.\nW\u0026gt; Kann man seinen Provider darum bitten, gg. Geld natuerlich, connections auf LKA-NRW zu filtern ?\nI\u0026gt; \u0026gt; W: Die connecten über bundeseigene Tor-Nodes.\nW\u0026gt; Gibt es zu der Architecture irgendwo Papers ?\nI\u0026gt; Das wäre kontraproduktiv? Auf dem nächsten CCC wird das sicherlich dokumentiert. :)\nW\u0026gt; dann wird es entw\u0026hellip; genau ;)\nWie immer möchte ich an dieser Stelle meine Forderung wiederholen, Politiker für die Folgen schlechter Gesetze im selben Umfang persönlich haftbar zu machen wie ich es etwa als Consultant vor Ort bin.\nQuellen zum Thema:\nOnline-Durchsuchung von PCs durch Strafverfolger und Verfassungsschutz NRW-Verfassungsschutzgesetz wird Landtag erneut beschäftigen BGH verbietet Online-Durchsuchung von Computersystemen Fraktionen streiten über Online-Durchsuchung von Privat-Computern Datenschutzbeauftragter kritisiert Online-Durchsuchungen privater Computer NRW-Landtag verabschiedet Verfassungsschutzgesetz Verfassungsbeschwerde gegen NRW-Verfassungsschutzgesetz angekündigt ","date":"2006-12-26T00:00:00Z","href":"https://blog.koehntopp.info/2006/12/26/bundestrojaner.html","tags":["security","lang_de"],"title":"Bundestrojaner"},{"categories":null,"content":"\u0026mdash; Log opened Di Dez 26 15:52:09 2006\ntheclaw\u0026gt; Hey :] Spitze erklaerung zu ext2. Isotopp\u0026gt; Danke\ntheclaw\u0026gt; Bist du Kerneldeveloper?\nIsotopp\u0026gt; Nein. Mysql Consultant.\ntheclaw\u0026gt; Hmm. Hab da was nicht verstanden bei der Erklärung. Und zwar: Was sind Datenblockzeiger?\nIsotopp\u0026gt; Die Blockadressen von Datenblöcken einer Datei.\ntheclaw\u0026gt; Ich paste mal was\n(0-11):9711-9722, (IND):9723, (12-267):9724-9979, (DIND):9980, (IND):9981, (268-523):9982-10237, (IND):10238, (524-779):10239-10494, (IND):10495, (780-1035):10496-10751, (IND):10752, (1036-1291):10753-11008, (IND):11009, (1292-1547):11010-11265, (IND):11266, (1548-1795):11267-11514 Isotopp\u0026gt; Habs im Originalartikel .\ntheclaw\u0026gt; __le32 i_block[EXT2_N_BLOCKS]; Das ist das, was unter BLOCKS bei debugfs steht?\nIsotopp\u0026gt; http://lxr.linux.no/source/include/linux/ext2_fs.h#L211 : Das ist was auf der Platte steht.\ntheclaw\u0026gt; Okay mal durchdenken.\nIsotopp\u0026gt; Die Definition steht in http://lxr.linux.no/source/include/linux/ext2_fs.h#L165 . Es kommen also EXT2_NDIR_BLOCKS direkt, also in der Inode selbst. Das sind (0-11):9711-9722.\nDann kommt ein EXT2_IND_BLOCK, (IND):9723. Der steht auch in der Inode, aber der zeigt nicht auf Daten, sondern auf einen Indirect Block. Der enthält die Blocknummern der Datenblöcke, (12-267):9724-9979.\nDann kommt EXT2_DIND_BLOCK. Der wiederum enthält keine Blocknummern von Datenblöcken, sondern die Blocknummern von Indirect Blocks, die wiederum Blocknummern von Datenblöcken enthalten. Daher http://kris.koehntopp.de/artikel/dateisysteme/filestructure.gif .\ntheclaw\u0026gt; anseh\nIsotopp\u0026gt; In der inode steht nur (DIND):9980. In DIND steht dann (IND):9981 und (IND):10238 und so weiter. Und in (IND):9981 stehen dann 9982-10237, in (IND):10238 dann 10239-10494.\ntheclaw\u0026gt; DIR steht für \u0026ldquo;direct\u0026rdquo;?\nIsotopp\u0026gt; ja\ntheclaw\u0026gt; Muss das jetzt mal kurz mit debugfs ausprobieren.\nIsotopp\u0026gt; Sieh mal http://lxr.linux.no/source/fs/ext2/inode.c#L665 . Das ext2_bmap geht über generic_block_bmap nach http://lxr.linux.no/source/fs/ext2/inode.c#L547 . Und das wiederum benutzt http://lxr.linux.no/source/fs/ext2/inode.c#L196 . Und da siehst du den lookup.\ntheclaw\u0026gt; okay langsam kommts\nIsotopp\u0026gt; Wenn i_block\u0026lt;0 -\u0026gt; error. Wenn i_block\u0026lt;direct_blocks, dann direkt. Sonst IND, sonst DIND, sonst TIND. Sonst bumm.\ntheclaw\u0026gt; Wart mal, nicht so schnell. Ich kann das nicht alles gleichzeitig aufnehmen. Also, die ersten zwölf Blöcke sind -direkt- in der Inode?\nIsotopp\u0026gt; Ja. Blocknummern. Nicht Blöcke.\ntheclaw\u0026gt; i_block ist schon ein element aus i_block[] oder? ;)\nIsotopp\u0026gt; Wo bist du gerade? Also in welcher zeile?\ntheclaw\u0026gt; static int ext2_block_to_path. Bei der Definition da.\nIsotopp\u0026gt; Kannst du eine lxr url geben bitte? Sonst wird das schwer hier. Ah, hier: http://lxr.linux.no/source/fs/ext2/inode.c#L196 .\ntheclaw\u0026gt; ja\nIsotopp\u0026gt; i_block ist der 2. Parameter der Funktion, der Aufruf steht in http://lxr.linux.no/source/fs/ext2/inode.c#L547 . Da ist es iblock, das wird durchgereicht vom 2. Parameter von ext2_get_block iblock. Das wiederum ist http://lxr.linux.no/source/fs/ext2/inode.c#L665 , der das über den Umweg von http://lxr.linux.no/source/fs/buffer.c#L2759 aufruft.\ntheclaw\u0026gt; Nicht gerade trivial.\nIsotopp\u0026gt; Für den Kernel schon. Das geht da überall so, inzwischen. Man gewöhnt sich dran, das Lesen zu können. Die Alternative ist Code Duplication, und das nervt noch mehr. Anyway, sector_t ist ein unsigned 64 bit (long long, 8 byte) in i386. Eine Blocknummer.\nIsotopp\u0026gt; In http://lxr.linux.no/source/fs/ext2/inode.c#L556 , das ist die wichtige Stelle, hast du die inode und den iblock.\nDie inode hat das 12-Elemente direct block array usw im Speicher und iblock ist der Offset. Die Frage, die in http://lxr.linux.no/source/fs/ext2/inode.c#L556 geklärt werden muss ist: wie tief müssen wir runter steigen - für die Blöcke 0-11 gar nicht, für die Blöcke 12- einen Level und so weiter. Das klärt ext2_block_to_path.\nDen Abstieg sehen wir dann in http://lxr.linux.no/source/fs/ext2/inode.c#L562 . Und der Abstieg klappt entweder, weil das File schon einen Block hat an der Stelle iblock (http://lxr.linux.no/source/fs/ext2/inode.c#L564 ), oder es klappt nicht und wir müssen Blöcke beschaffen (nach http://lxr.linux.no/source/fs/ext2/inode.c#L575 ).\ntheclaw\u0026gt; Sekunde. Bin kein Kernelmensch ;)\nIsotopp\u0026gt; Aber das ist doch nur gewöhnliches C.\ntheclaw\u0026gt; Na ja, trotzdem komplex (für mich). Erstmal eine Frage. Man hat ein FS, und will die Inode nummer 23, wie wird die gefunden?\nIsotopp\u0026gt; Über die Verzeichnisse. Wir wissen, / hat die inode 2. Das ist definiert in http://lxr.linux.no/source/include/linux/ext2_fs.h#L60 , also lesen wir das File mit der inode 2 durch, und parsen es als http://lxr.linux.no/source/include/linux/ext2_fs.h#L510 Strukturen.\ntheclaw\u0026gt; Sind die indodes nicht nacheinander abgepeichert in den BGs? Also die erste BG enthält die ersten X Inodes, die zweite BG die zweiten X usw\u0026hellip;\nIsotopp\u0026gt; Aeh, ah. Ich verstehe. Userland kann nichts mit Inodes machen, nur mit Filenamen. Es gibt kein openi(). Also müssen alle Funktionen im Userland immer Namen angeben, und du kommst dann vom Namen zur Inode über das kernel-interne namei().\ntheclaw\u0026gt; Ja, klar. Aber der Kernel will ja Inode X irgendwie kriegen können.\nIsotopp\u0026gt; Ja, intern. Das weiß er, weil im Superblock ja steht, wie viele Inodes pro bg vorhanden sind, und er dann aus der Inodenummer / inodes_per_bg sofort die bg nummer ausrechnen kann, und dann sofort weiß, wo die inode stehen muss auf der Platte. Eine Inodenummer ist also implizit auch die Blockadresse der Inode auf der Platte.\nHier ist der Superblock: http://lxr.linux.no/source/include/linux/ext2_fs.h#L341 , und http://lxr.linux.no/source/include/linux/ext2_fs.h#L352 ist die s_inodes_per_group.\nUnd die Inode wird dann in http://lxr.linux.no/source/fs/ext2/inode.c#L998 gelesen.\nMeine Rechnung von eben ist hier http://lxr.linux.no/source/fs/ext2/inode.c#L1012 . (ino - 1) / EXT2_INODES_PER_GROUP(sb); und ((ino - 1) % EXT2_INODES_PER_GROUP(sb)) * EXT2_INODE_SIZE(sb);\ntheclaw\u0026gt; Nix für ungut aber für mich ist der Code grad ned so hilfreich.\nIsotopp\u0026gt; Was ist das Problem?\ntheclaw\u0026gt; Bin grad bisschen überfordert.\nIsotopp\u0026gt; Du hast eine Inode Nr 23. Du weisst, pro bg hast Du sagen wir 8192 Inodes. Und (23-1) / ext2_indes_per_group(sb) = 0. Also ist inode 23 in bg 0.\ntheclaw\u0026gt; wartmal 8192?!\nIsotopp\u0026gt; 8192 bei 1 kb blockgroesse, 32768 bei 4kb\ntheclaw\u0026gt; Wie gross ist eine Inode nochmal?\nIsotopp\u0026gt; 128 bytes.\n#include \u0026lt;linux/ext2_fs.h\u0026gt; #include \u0026lt;stdio.h\u0026gt; main() { struct ext2_inode s; printf(\u0026#34;%d\\n\u0026#34;, sizeof(s)); } und\nkris@linux:~\u0026gt; make probe make: \u0026#34;probe\u0026#34; ist bereits aktualisiert. kris@linux:~\u0026gt; ./probe 128 theclaw\u0026gt; Also pro BG ist allein 1 MB bzw 4 MB an Inodes reserviert?\nIsotopp\u0026gt; Ja. Eine bg ist 8 MB oder 128 MB gross. Schau, hast du ein ext2 da?\ntheclaw\u0026gt; ja\nIsotopp\u0026gt; Dann mach mal ein debugfs /dev/... da drauf. Ist read only, macht also nix kaputt. Dann mach mal show_super_stats.\nInodes per group: 2008 Inode count: 26104 für ein /dev/sda5 ext2 99M 6.7M 87M 8% /boot und 26104*128/1024 = 3263, also 3263 KB oder 3.2M für alle Inodes.\ntheclaw\u0026gt; Aber meine Frage ist eine Andere.\ntheclaw\u0026gt; 21:40 Isotopp\u0026gt; und das wichtigste in struct: __le32 i_block[EXT2_N_BLOCKS];\ntheclaw\u0026gt; i_block[12] ist ein indirekter Block? aaargh Die Adresse eines indirekten Blockes?\nIsotopp\u0026gt; Ja. http://lxr.linux.no/source/include/linux/ext2_fs.h#L165 . Dort ist #define EXT2_IND_BLOCK EXT2_NDIR_BLOCKS und weiter ist #define EXT2_NDIR_BLOCKS 12\ntheclaw\u0026gt; Also 15 EXT2_N_BLOCKS.\nIsotopp\u0026gt; Also ist i_block[0] bis i_block[11] direct, i_block[12] indirect, und i_block[13] DIND und i_block[14] TIND. Alles in allem also 15.\ntheclaw\u0026gt; Sind das die Faktoren die die max. Dateigröße in ext2 bestimmen?\nIsotopp\u0026gt; Das sind die Faktoren, die die maximale Blocknummer bestimmen. Dateigröße ist Blockgröße mal maximale Blocknummer.\ntheclaw\u0026gt; Also ja ;) Indirekt halt.\ntheclaw\u0026gt; 9711-9722: Sind das die \u0026ldquo;Adressen\u0026rdquo;?\nIsotopp\u0026gt; Blocknummern, ja, Adressen auf der Platte. In http://lxr.linux.no/source/include/linux/ext2_fs.h#L234 siehst du als Typ uebrigens __le32. Das ist definiert in http://lxr.linux.no/source/include/linux/types.h#L172 und endet als __u32, also unsigned 32 bit. Also 2^32 Blöcke. Bei 4 KB Blöcken sind das 17592186044416 Bytes, oder 16 TB, bei 1 KB Blöcken nur 4 TB.\ntheclaw\u0026gt; Diese Blöcke haben aber nix mit den Blöcken bei ext2 zu tun? Oder doch?\nIsotopp\u0026gt; show_super_stats\nIsotopp\u0026gt; Block size: 1024\nIsotopp\u0026gt; In meinem Fall also auch maximale Dateigröße 4 TB. 4 Gigablocks.\ntheclaw\u0026gt; Okay, dann noch eine Frage:\ntheclaw\u0026gt; TOTAL: 1804 und Blockcount: 3608, huh? Warum *2?\nIsotopp\u0026gt; Hmm, da rechnet jemand mit 512 Byte Hardwaresektoren, warum auch immer.\nIsotopp\u0026gt;\nlinux:~ # ls -lsi /boot/vmlinuz-2.6.13-15-default 28 1513 -rw-r--r-- 1 root root 1541719 Sep 13 2005 /boot/vmlinuz-2.6.13-15-default Isotopp\u0026gt; Inode 28, 1513 Blöcke auf der Platte, Dateilaenge 15411719 Bytes. Rechnerisch ist 1541719/1024 = 1505.5849. 7 Blöcke Verwaltungsoverhead. Und zwar\n(0-11):11515-11526, (IND):11527, (12-267):11528-11783, (DIND):11784, (IND):11785, (268-523):11786-12041, (IND):12042, (524-779):12043-12298, (IND):12299, (780-1035):12300-12555, (IND):12556, (1036-1291):12557-12812, (IND):12813, (1292-1505):12814-13027 TOTAL: 1513 Isotopp\u0026gt; (IND):11527, (DIND):11784, (IND):11785, (IND):12299, (IND):12556, (IND):12813 \u0026lt;- das sind 6.\nIsotopp\u0026gt; 1541719/1024 = 1505.5849 sind 1506. Plus 6 sind 1512.\nIsotopp\u0026gt; Er meint total sei 1513. Wieso?\ntheclaw\u0026gt; Ich versteh das sowieso nicht, warum da 1513 angezeigt wird. 1292-1505 ist das letzte und dann total 1513. Evtl noch die Metainfos dazu?\nIsotopp\u0026gt; Nein, aber die DIND und IND Blocks. Für die Blöcke 12-267 wird ja ein IND gebraucht, für die Blöcke 268-1505 wird ein DIND und vier IND gebraucht. 6 blocks Extra. Siehe noch einmal http://kris.koehntopp.de/artikel/dateisysteme/filestructure.gif . Das rechts sind die Daten. In der Inode stehen die ersten paar Datenblocknummern direkt, in der zeichnung 10, in ext2 sind es 12. Dann steht in der Inode die Nummer vom IND, und im IND die Blocknummern der Datenblöcke, hier 12-267. Das ist also 1 block overhead, wenn das file mehr als 12 blocks lang wird. Dann ein DIND, wenn der 268\u0026rsquo;te block gebraucht wird und für jeweils 256 Blocks ein IND dazu.\ntheclaw\u0026gt; Du erklaerst so schnell.\nIsotopp\u0026gt;\nlinux:/boot # dd if=/dev/zero of=kris bs=1k count=12 linux:/boot # ls -ls kris 12 -rw-r--r-- 1 root root 12288 Dec 26 16:58 kris 12 Blöcke, 12288 Bytes Länge. Und nun:\nlinux:/boot # dd if=/dev/zero of=kris bs=1k count=13 linux:/boot # ls -ls kris 14 -rw-r--r-- 1 root root 13312 Dec 26 16:58 kris Ein 1k länger, 14 Blocks statt 12.\ntheclaw\u0026gt; Wie findet man die Größen der BGs eines dateisystems heraus?\nIsotopp\u0026gt; Lies show_super_stats von debugfs.\nlinux:/boot # export DEBUGFS_PAGER=cat linux:/boot # debugfs /dev/sda5 debugfs 1.38 (30-Jun-2005) debugfs: show_super_stats Inode count: 26104 Block count: 104388 Block size: 1024 Blocks per group: 8192 Inodes per group: 2008 Inode blocks per group: 251 Isotopp\u0026gt; Wird einiges klarer?\ntheclaw\u0026gt; Ein bisschen. Also wenn ich z.B. block nummer X habe, dann ist (nummer X)/(blocks per group) die BG nummer gell?\nIsotopp\u0026gt; Ja, aber das interessiert nicht. Du redest ja von Blöcken.\nIsotopp\u0026gt; Der n-te Block der Datei x kann irgendwo liegen. Wo, das sagt dir die Inode. Normal hast du ja ein File, und eine Position in einem File.\ntheclaw\u0026gt; Ich kann doch einfach von der Adresse auf der Platte X * bytes_per_block lesen?\nIsotopp\u0026gt; Na ja, als root schon. Sonst nicht. debugfs macht das ja, die Disk als raw device auf und dann direkt auf die Blöcke klettern. Niemand sonst tut so etwas ausser debugfs und fsck. Alle anderen machen FILES auf und lesen dann am OFFSET in dem File. Punkt ist, dass du normal mit Files arbeitest und nicht mit Blöcken. Der Kernel arbeitet mit Blöcken. Und er muss irgendwie vom File + Offset auf den Block kommen.\ntheclaw\u0026gt; Ja Klar\nIsotopp\u0026gt; Unser ext2 hier hat 1 KB Blocksize. Wir lesen das File /boot/vmlinuz-2.6.13-15-default (inode 36). Und zwar am Offset 1000000 (1 mio). Der wievielte Block im File ist das?\ntheclaw\u0026gt; denk. Erstmal hat man ja nur den Dateinamen.\nIsotopp\u0026gt; Ja, das kümmert uns gerade noch nicht. Offset 1 mio \u0026ndash; welcher block? 1000000/1024 = 976.5625. Also Bytes 0-1023 sind Block 0, Bytes 1024-2047 sind Block 1 und so weiter. In unserem fall also block 976. 976*1024=999424, 1000000-999424=576. Byte 1 000 000 steht also in Block 976, an Position 576 in diesem Block.\ntheclaw\u0026gt; Okay. Stop mal. Hab da gleich ne Frage dazu:\ntheclaw\u0026gt; 21:40 Isotopp\u0026gt; und das Wichtigste in struct: __le32 i_block[EXT2_N_BLOCKS]; theclaw\u0026gt; dieser kontext: i_block[976] brauchen wir da also. Ack? Und dazu noch das offset dazu?\nIsotopp\u0026gt; Ja, aber den kriegen wir nicht so. http://kris.koehntopp.de/artikel/dateisysteme/filestructure.gif .\ntheclaw\u0026gt; Ja, das wollte ich grad sagen. :-P Blocks 0-11 kriegen wir so. Muss man sich halt den Weg durchhangeln.\nIsotopp\u0026gt; blocks 12-267 kriegen wir über den IND (single indirect block). Und blocks 268- kriegen wir über den DIND und den passenden IND.\nIsotopp\u0026gt; 976-12=964, 964-256=708. 708/256=2.7656. Also müssen wir über den 2. IND des DIND gehen.\ntheclaw\u0026gt; Ich weiss nicht ganz was du da rechnest.\nIsotopp\u0026gt; Naja, 1 KB blockgroesse, 4 byte pro blocknummer, also 256 blockadressen pro Block. 976ter Block ist gefragt.\ntheclaw\u0026gt; ay\nIsotopp\u0026gt; 12 direct blocks, also 964 blocks dahinter.\ntheclaw\u0026gt; Also mit einem \u0026ldquo;indirekten block\u0026rdquo; kann man 256 andere Blöcke adressieren, wie pointer in C\ntheclaw\u0026gt; Ich hab noch ganz grundlegende Fragen. Was wir wirklich wollen, ist doch das mapping logische Ext2block-Adresse der Datei → physische Blockadresse. Richtig?\nIsotopp\u0026gt; In diesem speziellen Fall: ja. Die allgemeine Formulierung lautet so: Wir haben ein Quadrupel (major number, minor number, inode number, offset in bytes), das ist ein Device, eine Partition (maj, min), und in dem Device ein File (inode), und in dem File eine Byteposition. Und wir wollen ein Tripel (maj, min, blockno), also in der partition (maj, min) den zu dieser Datei gehörenden physikalischen Block.\ntheclaw\u0026gt; jo\nIsotopp\u0026gt; Weil (maj, min) bei dieser Abbildung konstant sind (wir arbeiten immer innerhalb derselben partition), vergessen wir maj und min und reden von einer Funktion die (ino, offset) auf (phy block) abbildet. Das nennt man ein Mapping. Und zwar ein Mapping für Datenblöcke. Daher heisst die funktion bmap. Jedes Dateisystem hat so eine Funktion, daher reden wir hier über die bmap funktion von ext2, die heisst also sinnigerweise ext2_bmap.\ntheclaw\u0026gt; Schonmal sauhilfreich. ext2_bmap: Jetzt kann ich mir was darunter vorstellen. Danke. codesuch\nIsotopp\u0026gt; Es ist eine diskrete Funktion.\ny = mx+k. Das sind kontinuierliche Funktionen von R-\u0026gt;R.\nWir arbeiten hier mit diskreten, endlichen Funktionen. Die werden in der Regel als Lookuptable realisiert.\nEs gibt also eine Wertetabelle, die jedem (ino, offset) ein (phy block) zuordnet.\nDie Wertetabelle ist die Inode. Eine Inode ist also ein Array von Blocknummern.\nWenn es ein naives Array waere, dann waere die Inode variabel groß und für große Dateien sehr, sehr gross. Das ist wenig effizient.\nDaher hat man die Inode komprimiert, für kleine dateien (bis 12 blocks) speichert man die Wertetabelle tatsächlich in der Inode (i_blocks[0-11]), aber stell Dir dieses Verfahren mal für 1000 Blocks vor. Das wäre doof.\nAlso speichert man die Wertetabelle für die Blöcke 12-267 nicht in der Inode, sondern in einem für diesen Zweck bestellten block, indem indirect block und in der Inode nur den einen Eintrag für diesen Block.\ntheclaw\u0026gt; Ich habs soweit gecheckt.\nIsotopp\u0026gt; Das kann man beweisen.\nlinux:/boot # dd if=/dev/zero of=kris bs=1k count=12 12 blocks a 1 KB (ich hab ja ein ext2 mit 1 KB blocks).\nlinux:/boot # ls -ls kris 12** -rw-r--r-- 1 root root 12288 Dec 26 17:30 kris 12288 bytes lang 12 blocks belegt. Nun mal 13 KB.\nlinux:/boot # dd if=/dev/zero of=kris bs=1k count=13 linux:/boot # ls -ls kris 14 -rw-r--r-- 1 root root 13312 Dec 26 17:30 kris 13312 bytes, aber 14 blocks! Da ist er, der IND.\ntheclaw\u0026gt; selbstausprobier Ist das die Anzahl der Blöcke für das Inode inklusive den Daten?\nIsotopp\u0026gt; Das ist die Anzahl der Blöcke OHNE die inode selber (Die belegt 128 byte in der Inodetable), also Daten + IND + DIND + TIND. Kann man auch beweisen.\nlinux:/boot # dd if=/dev/zero of=kris bs=1k count=0 linux:/boot # ls -ls kris 0 -rw-r--r-- 1 root root 0 Dec 26 17:33 kris Isotopp\u0026gt; File mit 0 Byte belegt 0 Blocks, Inode wird also nicht gezählt.\ntheclaw\u0026gt; okay. Das war hilfreich die Erklaerung, danke.\nIsotopp\u0026gt; Also wir haben in der Inode das Lookup Array für eine diskrete Funktion, eine Wertetabelle, und die Speicherung des Array ist ulkig. Und wir haben deswegen overhead, weil wir die mit 1, 2 und 3 markierten Blöcke in http://kris.koehntopp.de/artikel/dateisysteme/filestructure.gif irgendwann belegen müssen. Und deswegen siehst du die Sprünge - kein File hat jemals 13 Blocks.\ntheclaw\u0026gt; Moment, aber das ist ja sau umständlich eine ganze Datei zu lesen dann? :)\nIsotopp\u0026gt; Ah! Jetzt dämmert es langsam. Ist ja nicht so, dass ext2 GUT wäre.\nIsotopp\u0026gt; So, jetzt gehen wir noch mal in den Code\nIsotopp\u0026gt; Das ist ext2_bmap , sehr kurz. Du erinnerst dich: JEDES Dateisystem hat ein bmap. Darum ist ext2_bmap sehr kurz, es ruft generic_block_bmap auf. Das wiederum ruft dann allerdings ext2_get_block auf, das die Arbeit für generic_block_bmap macht. generic_block_bmap kriegt also einen Callback nach ext2_get_block mitgegeben. Wir landen also in ext2_get_block . So weit so klar?\ntheclaw\u0026gt; Ja warte. Ich schau mir den Code gerade an.\nIsotopp\u0026gt; Tut nicht not. Noch nicht. Erst mal ist nur wichtig, wie wir zu ext2_get_block kommen und wieso da ein Umweg über das generic_block_bmap gemacht wird.\ntheclaw\u0026gt; Nicht klar. Warte. Wo bei ext2_get_block() ist das Offset?\nIsotopp\u0026gt; in iblock (2. parameter), ist schon umgerechnet in eine blocknummer.\ntheclaw\u0026gt; Ah klar, der n. block eines inodes.\nIsotopp\u0026gt; Wir sind also in http://lxr.linux.no/source/fs/ext2/inode.c#L547 und sollen iblock aus inode (1. parameter) fischen. Also block 976 aus file 36. Wir müssen ja nun je nach Blockoffset unterschiedlich kompliziert die Lookuptable runterklettern. Bei blocks 0-11 wäre alles ganz einfach, bei 12-267 kommt der IND dazu und bei den folgenden Blöcken der DIND. Soweit das Verfahren grundsätzlich klar?\ntheclaw\u0026gt; Ich schau mir das .gif nochmal an.\nIsotopp\u0026gt; Es wird leichter, wenn du http://lxr.linux.no/source/fs/ext2/inode.c#L196 liest. i_block ist also 976. Dann schau mal in die Zeile 196. Zeile 201: direct_blocks ist 12. indirect_blocks ist ptrs, also 256.\ntheclaw\u0026gt; ext2_block_to_path. Das path hat nix mit dem Dateisystempfad zu tun, sondern mit dem Pfad, wie man zum Block kommt. Ahh.\nIsotopp\u0026gt; Es geht um den Path in http://kris.koehntopp.de/artikel/dateisysteme/filestructure.gif , ja.\ntheclaw\u0026gt; Warte, ich hab eine Frage zu dem GIF. Da z.b. \u0026ldquo;1\u0026rdquo;, also der erste indirekte Block. Der koennte auf 256 weitere zeigen?\nIsotopp\u0026gt; Ja. In unserem Beispiel ist das so, 4 byte pro blocknummer und 1 kb pro block. Bei anderen Größen (8 byte pro blocknr, und 4 kb pro block) ist das anders. 4096/8 = 512 pro IND z.B.\ntheclaw\u0026gt; hm. Sorry, ich dachte ne Blocknummer ist 32bit?\nIsotopp\u0026gt; Ja, in unserem Beispiel ist das so. Aber es waere ja möglich, das alles mit anderen Sizes zu compilen. Und dann soll es auch noch funktionieren. Also coden wir das alles nicht hart rein, sondern speichern die Rahmendaten im Superblock des Filesystems und schreiben den Code ordentlich. Soweit so klar?\ntheclaw\u0026gt; jo\nIsotopp\u0026gt; Drum auch der Code in http://lxr.linux.no/source/fs/ext2/inode.c#L196 , Zeilen 199 bis 203.\ntheclaw\u0026gt; Den ich mir grad anschaue. ;)\nIsotopp\u0026gt; Der fragt den Superblock sb nach den Anzahl der Adressen pro Block, und bestimmt dann die direct_blocks, die Anzahl der Blockadressen pro indirect Block in indirect_block und die Anzahl der Blockadressen pro Double Indirect Block.\nDer macht das ein wenig komisch. Erst mal direct_blocks. Das ist leicht, da nimmt er nur den #define. indirect_blocks ist auch leicht, das ist ptrs, also EXT2_ADDR_PER_BLOCK(...sb), also mal im Superblock nachschlagen.\n[#define EXT2_ADDR_PER_BLOCK(s) (EXT2_BLOCK_SIZE(s) / sizeof (__u32))](http://lxr.linux.no/source/include/linux/ext2_fs.h#L100).\nBlock size bei uns 1024 und sizeof __u32 ist immer 4. Also ist mein beispiel mit 8 derzeit hypothetisch.\ntheclaw\u0026gt; ;)\nIsotopp\u0026gt; Ein double block kann ebenfalls ptrs viele Blockadressen enthalten, also 256 Stück. Jede von denen ist ein indirect block, der 256 Datenblöcke enthält.\ntheclaw\u0026gt; also 256^2 und ein TIND für 256^3.\nIsotopp\u0026gt; Nun will er das aus irgendeinem Grund nicht so rechnen, sondern mit bit shifts, also macht er 1 \u0026laquo; (ptrs_bits * 2).\ntheclaw\u0026gt; Also warte, kann man 256+256^2+256^3 Blöcke adressieren, d.h. kann ne Datei so groß sein?\nIsotopp\u0026gt; Ja, das ist auch noch ein Limit. Aber da wir nur 2^32 viele Blocknummern haben, ist bei 4 Gigablocks Schluss, also bei 4 TB (1 kb Blöcke) oder 16 TB (4 kb Blöcke).\ntheclaw\u0026gt; Okay, irgendwie so ;)\nIsotopp\u0026gt; Du müßtest schon die Blocknummern länger machen als ein __u32, damit mehr geht, dann passen aber weniger direct_blocks in eine Inode, oder die Inode wird größer.\nIsotopp\u0026gt; Aber wir wollen mal weiter im Code. Schau in zeile 207. Was machen die da?\nIsotopp\u0026gt; if (i_block \u0026lt; 0) { Isotopp\u0026gt; geht das überhaupt?\ntheclaw\u0026gt; Warte\ntheclaw\u0026gt; Nah, nur durch nen Programmierfehler evtl.\nIsotopp\u0026gt; Welchen typ hat i_block?\ntheclaw\u0026gt; unsigned? :) Ja, okay. Das geht überhaupt nicht.\nIsotopp\u0026gt; Steht oben in der Funktion - da ist es ein LONG!\ntheclaw\u0026gt; ah, doch ein signed :)\nIsotopp\u0026gt; Aber eine Blocknummer, das haben wir vorher gesehen, ist ein __u32!\ntheclaw\u0026gt; Macht das sinn?\nIsotopp\u0026gt; Nein, das ist FAHALSCH!\ntheclaw\u0026gt; Sag das doch!\nIsotopp\u0026gt; Du hast gerade deinen ersten Kernelfehler gefunden.\ntheclaw\u0026gt; Geil! ;)\nIsotopp\u0026gt; Der Fehler sieht Blocknummern als signed, daher ist also nun schon bei 2 Gigablocks zu, also 2 TB und 8 TB Filesize (für 1 und 4 kb Blocksize). Aber weiter im Text, Zeile 209.\nIsotopp\u0026gt; Weiter zu 212. ((i_block -= direct_blocks) \u0026lt; indirect_blocks) ist dir auch klar? Wir zermatschen i_blocks hier als Seiteneffekt.\ntheclaw\u0026gt; ja bin ein C-ler. Daran scheitert die Erklaerung nicht ;)\nIsotopp\u0026gt; Also sind wir in 216. Nun ist i_block also 964 und wir ziehen 256 (indirect_blocks) ab. Das sind 708. Und double_blocks ist 256^2. Also true. Also speichern wir in 217: lese EXT2_DIND_BLOCK, dann in 218: lese i_block/256 (i_block \u0026gt;\u0026gt; ptrs_bits), und in 219: lese i_block % 256 (i_block \u0026amp; ( ptrs - 1)). Dann sind wir fertig.\nIsotopp\u0026gt; Wir sind wieder in http://lxr.linux.no/source/fs/ext2/inode.c#L547 , line 557 nun, soweit klar?\ntheclaw\u0026gt; Kleinen Moment, das Bitshifting finde ich verwirrend.\nIsotopp\u0026gt; ja\ntheclaw\u0026gt; ich weiss jetzt, was ext2_block_to_path macht.\ntheclaw\u0026gt; Also warte mal. Lass mich mal zusammenfassen.\ntheclaw\u0026gt; Naja, nicht mal so einfach zu beschreiben.\nIsotopp\u0026gt; Doch schon. Dir fehlen nur die Worte.\ntheclaw\u0026gt; :] jo\nIsotopp\u0026gt; Wir haben nun offset[0], offset[1] und offset[2]. In offset[0] steht welches Feld aus der Inode wir nehmen (das DIND feld), Wir haben dann einen Block mit 256 Feldern, und nehmen das Feld offset[1] da draus, lesen den Block und nehmen das Feld offset[2] da draus.\ntheclaw\u0026gt; Naja, das sind ja Details. Mich interessiert aber eher das Design als die Implementation ;), Das geht mir schon zu sehr in die Tiefe ehrlich gesagt.\nIsotopp\u0026gt; Allgemeiner: wir haben ein Array, das nicht linear ist, sondern quadratisch steigend durch Indirektion komprimiert wird, und bei unseren Randparametern ist die schrittweite 8 bit (256 entries) pro Block, also 256, 256^2, 256^3, \u0026hellip; und das ist genau die Zeichnung http://kris.koehntopp.de/artikel/dateisysteme/filestructure.gif .\ntheclaw\u0026gt; Okay. Jetzt sind meine Fragen geklärt oder? Dieses ganze Detailwissen erschlägt mich ;)\nIsotopp\u0026gt; Der Rest sind tatsaechlich Kerneldetails. Das hier war die Logik. Der Punkt ist, dass du in block_to_path durch die Faltlogik geklettert bist. Also die, die das mit DIR, IND, DIND und TIND analysiert und entscheidet.\ntheclaw\u0026gt; Naja, Faltlogik?\nIsotopp\u0026gt; Ja, erst 12 direkt, dann 256 einmal gefaltet, dann 256*256 zweimal gefaltet, dann 256*256*256 dreimal gefaltet statt eines einzigen linearen Arrays das zum groessten Teil leer waere.\ntheclaw\u0026gt; Hm, ich versteh zwar das System, aber nicht was das mit Falten zu tun hat ;)\nIsotopp\u0026gt; Naja, statt eines Array mit 2 Gigaentries (Kernelbug!) hast du ein Array mit 15 Eintraegen, bei dem die ersten 12 Eintraege für sich selber stehen, der Eintrag 13 für 256 Eintraege, der Eintrag 14 für 256 Eintraege, die für 256 Eintraege stehen, steht, und der Eintrag 15 für 256 Eintraege die für 256 Eintraege, die für 256 Eintraege stehen steht. Also einmal falten, zweimal falten, dreimal falten.\ntheclaw\u0026gt; Aber \u0026ldquo;falten\u0026rdquo;?\nIsotopp\u0026gt; So in etwa:\n___ ___\\ /___ theclaw\u0026gt; Was stellt das dar?\nIsotopp\u0026gt; Ein Eintrag, der für viele steht. Ein Blatt Papier mit zwei Knicks, ein Eintrag (der zwischen \\ /) steht für Drei (___)\nIsotopp\u0026gt; Und zum Schluß http://www.tamacom.com/tour.html , http://www.tamacom.com/tour/kernel/unix/ , http://www.tamacom.com/tour/kernel/unix/S/97.html#L18 .\nDas, mein Freund, ist der Urvater aller bmaps, bmap in V7 Unix.\nRein gehen eine struct inode, die inode, eine daddr_t bn, eine blocknummer und ein rwflag, das ist aber Wurst. Raus geht eine daddr_t blocknummer.\nAlso (ino, block_in_file) -\u0026gt; (phys blocknr). NADDR ist die Anzahl der Eintraege in der Inode. Also sind 0-\u0026gt; NADDR-4 die direct blocks, NADDR-3 der IND, NADDR-2 der DIND und NADDR-1 der TIND.\ntheclaw\u0026gt; Aber den Code will ich mir jetzt nicht genauer ansehen, sorry ;)\nIsotopp\u0026gt; Das ist derselbe Code, nur noch verquaster. Der ist ja auch 30 Jahre alt.\ntheclaw\u0026gt; Den Link bookmarke ich mal, das könnte noch interessant werden.\nIsotopp\u0026gt; Und weil es so schön ist, sind da auch die FreeBSD, NetBSD, OpenBSD und Hurd Versionen von demselben Zeug. Und da kannst du dann sehen wie fundamental das ist, was Du da gerade anfasst. Und wie sich C-Style im Kernel in den letzten 30 Jahren so entwickelt hat. Weil das V7 Zeugs da sind etwa 30 Jahre von hier, das 4.3BSD sind ca. 20 Jahre von hier und das Linux-Zeugs ist von jetzt.\ntheclaw\u0026gt; Wenn ich das so seh fällt mir grad auf wie sinnvoll man seine Zeit nützen könnte ;)\n","date":"2006-12-26T00:00:00Z","href":"https://blog.koehntopp.info/2006/12/26/filesysteme-fuer-theclaw-30-jahre-unix-source.html","tags":["filesystems","erklaerbaer","unix","lang_de"],"title":"Filesysteme für theclaw (30 Jahre Unix Source)"},{"categories":null,"content":" Wie in AN.ON: Thilo Weichert lädt ein angekündigt war heute die Konferenz zu AN.ON im BMWi in Berlin. AN.ON hat den Java Anon Proxy entwickelt, ein Anonymisierungssystem für HTTP-Zugriffe ähnlich, aber unterschiedlich von tor.\nIn der Konferenz kam sehr schön heraus, was der Unterschied zwischen JAP und tor ist: Die Unterschiede sind nicht primär technischer Art (die technischen Unterschiede existieren auch, sind aber im Grunde unwesentlich), sondern in den Prozessen über der Technik. Während tor eine rein technische Lösung präsentiert und keine Prozesse und keine Garantien für Benutzer, Betreiber und Bedarfsträger gibt, versucht JAP ein Konzept von \u0026ldquo;gemanagter Anonymität\u0026rdquo; zu definieren.\nAls Projekt mit der Uni Dresden und dem ULD Schleswig-Holstein als Projektpartner versucht AN.ON einen Überbau zu liefern, der gegenüber allen drei Parteien Vertrauen schafft: JAP operiert mit einer Rechtsgrundlage, die durch die Selbstverpflichtung der Kaskadenbetreiber definiert wird. Gegenüber Nutzern gibt diese Garantien ab, die zum Beispiel verhindern, daß Exit-Traffic gesnifft wird, wie dies einige tor-Nodes tun. Gegenüber Betreibern definiert diese bestimmte Standardverfahren- und prozesse, die die Betreiber mit nutzen können (so hat das ULD zum Beispiel die Betreiber von Kaskaden mit rechtlicher Beratung versehen). Und gegenüber Bedarfsträgern definiert das Projekt eine juristisch starke und so eng als möglich gefaßte Schnittstelle, um so einen rechtlichen Rahmen zu finden, in dem der Betrieb von Anonymisierungsdiensten trotz des Drucks der Bedarfsträger weiter ermöglicht wird.\nDurch das Vorhandensein einer solchen Schnittstelle versucht JAP den Verfolgungsdruck abzufedern, der von bestimtmen Behörden gegenüber etwa tor-Nodes in Deutschland aufgebaut werden soll. Gleichzeitig stärkt die Rechtsberatung der Betreiber deren Position.\nMit dem Auslaufen der Förderung steht AN.ON jetzt vor dem Problem, eine finanzielle Basis als Produkt finden zu müssen, und da ist nun erst einmal die Frage nach einem Kassier- und Geschäftsmodell, und dem vorgelagert die Frage nach dem Bedarf und dem Vertrauen. Nachdem so viele andere kommerzielle Anonymisierungsdienste bereits gescheitert sind, sind dies wahrscheinlich die Hauptfragen. Besteht überhaupt ein Marktbedarf nach einem solchen Dienst? Wenn ja, wozu? Und wie kann man so einen Dienst in der heutigen Welt stabil und integer betreiben?\nJAP wird jedenfalls gut angenommen: Die Nutzung erfolgt weit über den deutschen oder europäischen Raum hinaus, und die Nutzung geschieht durchaus auch zu produktiven Zwecken, und auch um sich \u0026ldquo;politisch adäquat artikulieren zu können\u0026rdquo;, wie burks es formulierte.\n","date":"2006-11-24T00:00:00Z","href":"https://blog.koehntopp.info/2006/11/24/an-on.html","tags":["security","lang_de"],"title":"AN.ON"},{"categories":null,"content":"In Business und OSS verweist Jörg Möllenkamp auf Samba Team Asks Novell zu Reconsider und spielt ein Gedankenexperiment durch:\nSo im gedanklichen Hintergrund stellt sich mir jetzt die Frage, was wohl passieren würde, wenn das Entwicklungsteam eines wesentlichen Bestandteils der Umgebung einer der Großdistributionen plötzlich die Lizenz entziehen würde. Als Gedankenspiel: Das Samba-Team zieht die Lizenz von Novell für Samba zurück.\nSamba beschreibt sich selbst wie folgt:\nSamba is an Open Source /Free Software suite that has, since 1992 , provided file and print services to all manner of SMB/CIFS clients, including the numerous versions of Microsoft Windows operating systems. Samba is freely available under the GNU General Public License .\nIn Sektion 6 der GPL heißt es:\nEach time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients\u0026rsquo; exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. Die Grundlage für dieses Gedankenexperiment ist also in der realen Welt nicht gegeben. Es ist nicht möglich, bestimmte Firmen von der Nutzung GPL lizenzierter Software in irgendeiner Weise auszuschließen. Das ist Absicht und wird von den Entwicklern der GPL als Feature gesehen.\nDie GPL geht zweigleisig an das Problem heran ( mehr Details ) . Die ersten drei Freiheiten, die die GPL gewährt, sind\nDie Freiheit, das Programm zu jedem Zweck auszuführen. Die Freiheit, das Programm und seine Funktionsweise zu studieren und anzupassen. Die Freiheit, das Programm nach Belieben zu verändern. Die GPL sieht keine Möglichkeit vor, irgendjemandem diese drei Freiheiten aus welchem Grund auch immer zu verwehren. Das trifft sogar für alle diejenigen zu, die andere Bestimmungen der GPL versehentlich oder absichtlich verletzen. In keinem Fall könnte das Samba-Projekt unter der GPL Novell oder sonst irgendjemandem die Nutzung von Samba, das Studium des Samba-Quelltextes oder die Veränderung des Samba-Quelltextes verbieten.\nDie vierte Freiheit, die die GPL gewährt, ist\nDie Freiheit, das Programm weiterzugeben. Die GPL knüpft diese Freiheit an eine Bedingung. Die Bedingung ist dort oben zitiert. Indem das Samba-Projekt das Programm (Samba) unter der GPL an irgend jemanden weitergibt, gibt das Samba Projekt diesem auch die Freiheit, das Programm mit allen Freiheiten weiterzugeben. Das Einschränken dieser Freiheiten wird ausdrücklich ausgeschlossen. Dadurch bekommt zwingend transitiv auch immer Novell (und jeder andere, der die GPL nicht verletzt) das Recht, Samba unter der vierten Freiheit weiterzugeben.\nDas ist kein Versehen. Die GPL ist eine Lizenz, die Freiheiten geben und bewahren soll. Die Schöpfer der GPL sehen diese Freiheiten als absolut, also gegenüber jedem und für immer gültig. Wenn der Mechanismus der GPL einmal in Gang gesetzt worden ist, dann soll es keinen Mechanismus geben, mit dem ein GPL Programm in irgendeiner Weise eingeschränkt werden kann. Auch nicht für die ursprünglichen Lizenzinhaber.\nDie GPL gibt damit Sicherheit: Die Freiheiten, die die GPL gewährt, sind auch dann sicher, wenn unter den Beteiligten in irgendeiner Weise Unstimmigkeiten herrschen oder ein offener Disput besteht. Die GPL und GPL lizensierte Software spielen nicht am Markt der kompetitiven Player und sind im Gegensatz zu anderen Lizenzen absichtlich so gestaltet, daß die Lizenz-politischen Instrumente der kompetitiven Player nicht zum Einsatz kommen können.\nDie GPL ist die Verfassung der kooperativen Spieler. Sie ist so gestaltet, daß sie alle Parteien für immer entwaffnet, solange sie im kooperativen Bereich spielen, und daß sie kompetitive Spieler draußen hält: Wer nach den Regeln der GPL spielt, kann die GPL nicht als Druckmittel einsetzen, weil dies nach Konstruktion nicht möglich ist. Wer nicht nach den Regeln der GPL spielt, kann GPL-lizenzierte Software für sich selbst zwar nutzen, sie aber wegen der fehlenden vierten Freiheit nicht weiterverbreiten (und damit auch nicht verkaufen oder auf GPL-Software basierendende Produkte verkaufen, also keinen kompetitiven Gewinn erzielen).\nSo mag es nun sein, daß sich Novell, Microsoft, IBM und das Samba-Team gegenseitig boxen und an den Karren zu fahren versuchen. Aber sie können es nicht über die Lizenzen ihrer Software tun, sofern es sich dabei um GPL-lizenzierte Software handelt. Das ist genau der Grund, warum Firmen wie Microsoft so stark Lobbypositionen für Softwarepatente beziehen oder andere Firmen Druck über das Markenrecht auszuüben versuchen oder warum man hin und wieder Anti-GPL Rethorik findet, in der der BSD-Lizenz und ihren Varianten ein Loblied gesungen wird: Diese Lizenzen haben die Schutzmechanismen der GPL nicht und würden es erlauben, Software für einzelne oder alle Lizenznehmer aus dem Markt zu nehmen oder proprietäre Erweiterungen auf der Basis vormals freier Software zu bauen.\nDoch damit würde die Lizenz wieder zum Druckmittel. Die GPL erzwingt und belohnt kooperatives Verhalten.\nDie in den letzten 10 Jahren neu eröffneten Kriegsschauplätze Lizenzen und Marken sind den Entwicklern der GPL wohl bewusst und die Arbeit an der GPL V3 geht voran ( mehr Details ). Über die neuen Bestimmungen der GPL V3 ist viel gejammert worden, insbesondere auch vom Linux Kernel Team.\nDarum gibt es eine Zusammenfassung und Klarstellung der Ziele und Bestimmungen der GPL V3 durch die Free Software Foundation, die deutlich macht, was die Ziele der GPL in jeder Version sind und wie sie in der jeweiligen Version erreicht werden sollen.\nDas Samba-Team ist da voll auf der Linie der FSF : Darum ja genau die harsche Reaktion auf den Vertrag zwischen Microsoft und Novell. Nur: Die Software selbst wird nicht zum Spielball dieser Auseinandersetzung. Weil die GPL es nach Konstruktion nicht zuläßt.\n","date":"2006-11-12T00:00:00Z","href":"https://blog.koehntopp.info/2006/11/12/gpl-microsoft-novell-samba-org-und-die-freiheiten-der-gpl.html","tags":["copyright","free software","lang_de"],"title":"GPL: Microsoft, Novell, Samba.org und die Freiheiten der GPL"},{"categories":null,"content":" Am 24.11.2006 findet in Berlin am BMWi die Abschlußveranstaltung des Projektes \u0026ldquo;Starke Anonymität und Unbeobachtbarkeit im Internet \u0026rdquo; (AN.ON) statt. AN.ON entwickelt und betreibt den vom BMWi geförderten Anonymisierungsdienst AN.ON/JAP , unter anderem in Zusammenarbeit mit dem ULD Schleswig-Holstein . Die finanzielle Projektförderung durch das BMWi läuft zum Ende des Jahres 2006 aus.\nDas Programm der Veranstaltung findet man im Flyer (PDF).\nAnonyme Kommunikation ist in Zeiten der Vorratsdatenspeicherung wichtiger denn je. Sie ist auch eine Vorraussetzung für die Durchführung freier, gleicher und geheimer Wahlen etwa von Computern zu Hause. Ob und wie AN.ON/JAP nach dem Auslaufen der Förderung fortgesetzt wird, ist noch unklar und wird laut Programm des Flyers auf der Abschlußveranstaltung leider auch nicht als Programmpunkt thematisiert.\nAber jeder mit einem eigenen Server im Internet kann selbst etwas für die anonyme Kommunikation im Internet tun: Mit einem eigenen tor -Node kann man selbst einen Knoten in einem internationalen und öffentlichen Netzwerk von Mixen betreiben. Das Setup ist nicht kompliziert und mit meinem Strato MR2 ziehe ich zur Zeit gut 2 TB Traffic im Monat durch. tor und JAP interoperieren auch, sodaß tor-Bandbreite in gewisser Weise auch AN.ON/JAP hilft.\n","date":"2006-11-01T00:00:00Z","href":"https://blog.koehntopp.info/2006/11/01/an-on-thilo-weichert-laedt-ein.html","tags":["privacy","identity","politik","security","lang_de"],"title":"AN.ON: Thilo Weichert lädt ein"},{"categories":null,"content":" Jetzt bin ich genau ein Jahr lang für MySQL auf der Straße gewesen. Eigentlich begann alles schon ein wenig früher, als ich meinen Resturlaub Anfang September 2005 dazu verwendet habe, am MySQL Consulting Bootcamp 2005 in München teilzunehmen und mich dort auch zertifizieren zu lassen. Zwei Monate später, am 1. November, habe ich dann meinen neuen Job angetreten.\nDie ersten zwei Wochen habe ich Peter Zaitsev beim c\u0026rsquo;t DVD-Shop Benchmark begleitet und dabei eine Menge über MySQL Performance Tuning gelernt. Meine erste Reise hat mich nach Stockholm geführt, wo mir Tobias Asplund dann die Grundlagen des Geschäfts gezeigt hat und mein erster Alleinflug ging gleich danach nach Trondheim, wo ich nicht nur Replikation bis zum Abwinken habe spielen können, sondern auch gleich noch gelernt habe, daß Migrationen nach 5.0 nicht immer ganz einfach sein müssen. Den November habe ich in Amsterdam abgeschlossen, wo ich von Kai mit der \u0026ldquo;Using und Managing MySQL\u0026rdquo;-Class druckbetankt worden bin, und Kai und ich mit Eric vom (damals) JDBC-Connector-Team durch die Kneipen gezogen sind.\nIm Dezember habe ich nicht nur Helsinki im Dunkeln gesehen, sondern auch gelernt, wie man betrunken über 2000 km nach Hause findet: Der 6. Dezember ist in Finnland nämlich Nationalfeiertag und der Kunde und ich waren wahrscheinlich die einzigen Personen in ganz Finnland, die da gearbeitet haben. Auf dem Flughafen haben sich unsere Wege dann getrennt: Ich 2000 km nach Süden, der Kunde noch mal nicht ganz so weit nach Norden\u0026hellip; Aber nicht, ohne vorher in der Flughafenbar in Helsinki von einem Finnen Salmiakki erklärt zu bekommen. Den Rest des Dezembers habe ich in Tübingen, in Dublin und in Lund, Schweden zugebracht. Für die ersten zwei Monate keine schlechte Tour.\nNach zwei Wochen Weihnachtspause habe ich dann das Jahr mit einer 4-Länder-an-einem-Tag-Tour begonnen: Treffen mit Kollegen in Zürich, am selben Tag nach Frankreich, um von dort über London nach Dublin zu fliegen. Was für eine Übung in Jet-Set! Aber alles hatte geklappt und so habe ich dann im Januar meinen ersten Shadow in Dublin delivered, d.h. weitere Kollegen angelernt. Im Januar hat auch einer der entschieden cooleren Aufträge angefangen: Eine Oracle-Migration bei einem Kunden in Rom. So kam es, daß ich an meinem Geburtstag in einem Cafe gegenüber dem Nationalmonument gesessen habe und meinen Espresso geschlürft habe.\nUm ein Haar wäre es mir in der Woche darauf gelungen, meine Mama unangekündigt an ihrem Geburtstag zu überraschen, denn ich hatte in Hamburg zu tun - zum Glück rief ich dann doch noch an, sonst hätte ich vor einer leeren Hütte gestanden.\nDer Februar ging sehr schnell vorbei: Rom, Zürich, Rom.\nNach einer kurzen Bürowoche dann Anfang März ein Einsatz für Training statt Consulting: Kurs halten in Washington, DC - Yay! Die Woche drauf war ich in Belgien und habe außerdem noch ein wenig Remote gearbeitet. Dann Mitte März die MySQL Developers Conference in Sorrento mit Abschlußausflug nach Pompeii. Süditalien, wenn es noch nicht so heiß ist - wunderbar! Die beiden Wochen danach waren ein wenig ruhiger: Ein wenig Remote Work tut nach dieser Reiserei ganz gut.\nAnfang April war ich dann noch kurz in London auf Canary Wharf, bevor es zwei Wochen in den Urlaub nach Schottland ging, um Destillen, Gärten und Hightech zu bewundern und die Highlands zu erkunden. Auf dem Weg haben wir dann auch noch Newcastle und York ein bisschen gesehen. Nach dem Urlaub kommt die Arbeit - in meinem Fall die MySQL Users Conference 2006 in Santa Clara.\nGut daß ich nach der Rückkehr Anfang Mai relativ ruhig daheim bleiben konnte: Jobs in Stuttgart, in Heidelberg und Remote Work für einen Kunden in den USA. Eine mehrtägige Schulung über SkypeOut und screen -x halten. Das geht! Der Mai war sowieso Monat der Kontraste - wie klingt \u0026ldquo;Olpe, Rahden, Washington DC\u0026rdquo;? Washington war jetzt, Ende Mai, übrigens glühend heiß. Wieder eine Schulung, was gut ist, weil man sich da die Zeit gut einteilen kann. Ich habe sie benutzt, um das Air and Space Museum zu besichtigen.\nDen Juni habe ich dann in Stuttgart, Dresden, Zürich und Genf zugebracht. Dabei habe ich in Genf einen uralten Freund wiederentdeckt: Alexander Finger betrieb vor nicht ganz 20 Jahren syd.de, während ich als Teil von toppoint.de dasselbe in Kiel tat. Inzwischen hat es ihn nach Genf verschlagen. Ende Juni dann der erste Zweitages-Workshop Performancetuning in München und zwischendurch über das Mittsommer-Wochenende noch mal schnell in Skien, hinter Oslo, denn dort war PHP Vikinger bei EZ Systems. Nach der Rückkehr, quasi aus dem Flieger fallend, dann ein Talk für die Linux Users Group Karlsruhe über Performance Tuning und der Juni ist im Kasten.\nEher häuslich geht es im Juli weiter: PT in München, PT in Stuttgart und eine 1800 km Autotour: Karlsruhe-Rahden-Dresden-Karlsruhe in einer Woche. München, Stuttgart, Olpe. Und ich sagte noch: \u0026ldquo;Schickt mich aus Deutschland weg während der WM.\u0026rdquo; Stattdessen kriege ich glühend heiße, überfüllte WM-Städte während da Spiele sind\u0026hellip; grummel\nDer August beginnt mit Abkühlung, und mit Amsterdam. Ich werde so halb krank, und so kann ich mir die für die 2. Augustwoche geplante Kiel/Dänemark-Tour abschminken. Stattdessen bin ich die Woche drauf in Oslo, in Bath, und dann mal wieder in Helsinki, um ein wenig von den Clustergöttern zu lernen.\nDas kann ich dann Anfang September zurückgeben, wo ich stattdessen Shadow für einen Kollegen in Woking mache und dann zwei Tage PT Workshop in Köln gebe. In Köln treffe ich auch Serendipity\u0026rsquo;s Garvin . Die Office-Woche darauf bringe ich in Kiel zu, um meine Eltern zu besuchen. Die Woche darauf bin ich dann prompt richtig antibiotikamäßig krank statt in Amsterdam. Danach bin ich Ende September dann aber immerhin so fit, daß ich das Projekt in Rom abschließen kann, und die zwei verbleibenden Tage der Woche nutze, um mit der Katze Rom zu erkunden.\nDer Oktober ist dann schnell herumgebracht: zur Hälfte in Amsterdam, zur anderen Hälfte in Karlsruhe\u0026hellip; Und so werde ich dieses Jahr auch beschließen: Neben einer Woche in Sheffield, UK steht bis zum Jahresende mehr oder weniger lückenlos Amsterdam auf dem Plan (Und ein Tag Köln!).\nGefällt mir der Job? Oh, ja. Reisen macht mir Spaß und mit den Zielen habe ich Glück gehabt. Die Arbeit macht Spaß und bietet jede Menge Dinge, die ich noch nicht kann, aber die ich schaffen kann. Auf der Straße und dicht an der Technik scheint mir eher zu liegen als Papierschieberei\u0026hellip; Ansonsten ist es das älteste Gewerbe der Welt: Geh für Geld zum Kunden und mach\u0026rsquo; ihn glücklich.\nIst der Job anstrengend? Oh, ja. Es ist der anstrengendste Job, den ich jemals hatte. Aber, wenn man einen Rhythmus finden kann, bei dem man in passenden Abständen Home-Office machen kann, ist er durchhaltbar\u0026hellip;\nWas haben wir als Firma geschafft? MySQL ist in diesem Jahr von 5.0.15 nach 5.0.27 gekommen und die 5.0 hat sich dabei langsam aber sicher in eine stabile Plattform verwandelt. Meine Kunden haben im Laufe des Jahres die Features von 5.0 entdeckt und so erobert sich MySQL immer mehr Anwendungen, die der Datenbank vorher verschlossen geblieben sind.\nMeine Hauptthemen im Bereich Operating waren \u0026ldquo;Monitoring\u0026rdquo; und \u0026ldquo;Backup\u0026rdquo;, im Bereich DBA sind \u0026ldquo;Replikation\u0026rdquo; und \u0026ldquo;SQL-Optimierung\u0026rdquo;, im Bereich Entwicklung \u0026ldquo;InnoDB und Transaktionen\u0026rdquo;. Seltsamerweise sind Stored Procedures und Trigger ein wichtiger Checkpoint, um ernst genommen zu werden, aber sie werden dann (glücklicherweise!) kaum eingesetzt - denn das Thema im Bereich Architektur war \u0026ldquo;Scale-Out\u0026rdquo; - horizontales Wachstum . Intern war das wichtigste Thema für uns Consultants \u0026ldquo;Wachstum und Integration von neuen Mitarbeitern\u0026rdquo; und ist nun \u0026ldquo;Best Practice Building\u0026rdquo;. Langsam, aber sicher ändert sich die Art der Arbeit von Pivot-Consulting to Projekt-Consulting\u0026hellip;\n","date":"2006-10-31T00:00:00Z","href":"https://blog.koehntopp.info/2006/10/31/ein-jahr-auf-der-strasse.html","tags":["karlsruhe","mysql","travel","work","lang_de"],"title":"Ein Jahr auf der Straße"},{"categories":null,"content":"Im März 1983 bekam ich meinen ersten eigenen Computer, einen Commodore 64. Meiner war das alte Modell mit braunen statt schwarzen Funktionstasten und dem VIC I, bei dem die linken Ränder von Sprites immer flackerten. Im Sommer 1983 kam dann eine 1541 dazu.\nIrgendwann in dieser Zeit zog ich außerdem aus der Probsteier Pampa in die tosende Großstadt, nach Kiel. Dort lernte ich irgendwo an den üblichen Diskettentauschstellen Daniel kennen. Das war gut, denn so kannte ich jemanden, der wie ich im Gegensatz zu den üblichen Kopierkiddies auch selber was machte. Ob das, was wir da gemacht haben überhaupt technisch möglich war, hat uns nur am Rande interessiert.\nIrgendwann im Sommer 1985 haben wir dann gelernt, daß ein Monitorlautsprecher knackst, wenn man die SID-Lautstärke verstellt, und zwar proportional zur Änderung der Lautstärke. Wenn man also einige tausendmal pro Sekunde die Lautstärke umstellt, kann man eine beliebige Wellenform erzeugen.\nDaniel nahm also seinen Lötkolben und einen Haufen Drähte und verband den LED-Output des Levelmeters seiner Stereoanlage mit dem Joystick-Input seines C64. Eine recht haarsträubende Schaltung zählte dabei die angeschalteten LEDs und generierte so die Bitkombinationen 00, 01, 10 und 11.\nIch schrieb eine kleine Endlosschleife, mit der ich die Zwei-Bit-Codes vom Port abholte und mehr als 18.000-mal pro Sekunde in irgendwelche plötzlich gar nicht mehr so reichhaltig vorhandenen Bytes im Speicher shiftete. Weil für eine Prüfung einer Abbruchbedingung keine Zyklen mehr übrig waren, mußte ich die Schleife in einem NMI-Handler zerpoken, um sie zu verlassen. Programmabbruch durch Drücken der \u0026ldquo;Restore\u0026rdquo;-Taste, die direkt mit dem NMI-Input des Prozessors verbunden war.\nAll das hat fast gut funktioniert, nur der Klang war grauenhaft. Daniel wurmte das, und irgendwann hatte er alles so satt, daß er für den monströsen Betrag von DM 250 ein russisches Exil-Oszilloskop mit einem ca. 5 cm Schirm auf dem Gebrauchtmarkt erhökerte. Schon 15 Minuten nach dem Anschluss des Gerätes war das Problem klar: Das Levelmeter schneidet die Kurven unten ab, sodass wir immer nur das Intervall zwischen 0 Volt und +x Volt einer Kurve gesampled haben, aber niemals die negativen Teile der Welle.\nDie Einführung einer Potentialkorrektur (Nullpunkt und Amplitude) hat das Problem schnell gelöst und ich schrieb eine Kalibrierungsfunktion: Die gelesenen Zwei-Bit-Werte wurden mit einer Lookuptable in C64 Farbcodes übersetzt und dann in die Kontrollregister für die Hintergrundfarbe geschrieben. Vor der Aufnahme konnte man also an den Kalibrierungspotentiometern drehen und den Farbenrausch auf dem Monitor beeinflussen. Wenn alle Farben in etwa gleich häufig zu sehen waren, war die Aufnahme korrekt ausgesteuert. Der Klang war - zwei Bit oder nicht - großartig!\nIch bastelte meine Aufnahmefunktion in etwas Benutzbares, und darunter verstand ich zur damaligen Zeit eine Basic-Erweiterung für das C64 Basic, Speech Basic . Wir machten eine Demo-Diskette und zogen damit auf der CeBit \u0026lsquo;86 von Zeitschriftenstand zu Zeitschriftenstand. Die Markt und Technik \u0026ldquo;64er\u0026rdquo; Redaktion machte den Sale, und plötzlich stand ich nicht nur vor dem Problem, eine Anleitung für Speech Basic und einen Artikel schreiben zu müssen, sondern auch ein für eine Veröffentlichung geeignetes Foto zu finden. Ersteres Problem war lösbar, das zweite nicht, und so ist der Artikel in der 64er 10/86 mit dem wahrscheinlich hässlichsten Foto gedruckt worden, das je von mir gemacht worden ist.\nDer Speech Basic-Artikel war mein erstes selbst verdientes Geld. Aber damit hörte das nicht auf: Da Speech Basic ja nur mit der Hardware sinnvoll war, die Daniel inzwischen in eine kleine handliche Platine umgewandelt hatte, die an den Joystick-Port zu stecken war, mussten die Leser diese Platine entweder selber bauen oder kaufen. Daniel ließ im Artikel seine Adresse abdrucken und für nur 60 DM konnte man einen Digitizer und eine Diskette mit Speech Basic kaufen. Einige tausend Bestellungen später waren wir, zwei Oberstufenschüler, nach unseren Maßstäben plötzlich verdammt reich. Irgendwann Ende \u0026lsquo;86 hatte ich dann also keinen C64 mehr, sondern konnte auf eine Commodore Amiga umsteigen.\nUnd so kommt es, dass mich das ganze Rechnerzeugs in diesem Monat seit 20 Jahren ernährt. Und in ein paar Jahren blogge ich Euch dann im Rahmen der Reihe \u0026ldquo;Alter Sack bloggt\u0026rdquo; mal, wie es kommt, daß ich seit 20 Jahren online bin.\n","date":"2006-10-26T00:00:00Z","href":"https://blog.koehntopp.info/2006/10/26/mut-64er-10-86.html","tags":["commodore","hardware","kiel","lang_de"],"title":"MuT 64er 10/86"},{"categories":null,"content":"Oprofile ist ein Profiler. Und zwar einer, der die Performance Measurement Instrumentation verwendet, die in moderne CPUs eingebaut ist, wenn diese vorhanden ist. Der Profiler braucht also keine speziell für Profiling compilierten Binaries, sondern zieht sich statische Samples des Programmzählers aus dem laufenden System und analysiert diese: Es findet heraus, welcher Prozeß gerade aktiv ist, welche Bibliothek in diesem Prozeß gerade verwendet wird und wenn Symboltabellen vorhanden sind (Kein \u0026ldquo;strip\u0026rdquo; auf die Bibliothek oder das Programm angewendet), dann weiß Oprofile sogar, welche Funktion oder Methode gerade aktiv ist.\nDas kann man auch auf ein laufendes MySQL anwenden. Dies hier zum Beispiel ist ein mysqld, der mit einem Haufen MyISAM Tabellen arbeitet und nicht zu busy ist. Man kann sehen, daß aus irgendeinem Grund sehr viel Zeit in memcpy verbracht wird:\nCPU: CPU with timer interrupt, speed 0 MHz (estimated) Profiling through timer interrupt samples % image name symbol name 197404 22.4460 libc-2.3.4.so memcpy 165764 18.8484 no-vmlinux (no symbols) 76051 8.6475 mysqld.debug _mi_rec_unpack 30059 3.4179 mysqld.debug Query_cache::insert_into_free_memory_sorted_list(Query_cache_block*, Query_cache_block**) 17468 1.9862 mysqld.debug get_hash_link 16767 1.9065 mysqld.debug ha_key_cmp 14106 1.6039 mysqld.debug MYSQLparse(void*) Ein anderes Anwendungsbeispiel verwendet InnoDB mit Transaktionen und einer sehr hohen Load. Hier kann man das Problem sofort erkennen:\nCPU: AMD64 processors, speed 2396.91 MHz (estimated) Counted CPU_CLK_UNHALTED events (Cycles outside of halt state) with a unit mask of 0x00 (No unit mask) count 100000 samples % image name symbol name 1955062 34.3586 /usr/sbin/mysqld Query_cache::insert_into_free_memory_sorted_list(Query_cache_block*, Query_cache_block**) 192481 3.3827 /usr/sbin/mysqld my_strnncoll_binary 155920 2.7402 /usr/sbin/mysqld MYSQLparse(void*) 125545 2.2063 /usr/sbin/mysqld my_hash_sort_bin 95069 1.6708 /lib64/tls/libc.so.6 memcpy 79791 1.4023 /lib64/tls/libc.so.6 memset Offensichtlich ist der Query Cache hier nicht sehr nützlich und tatsächlich: Kaum schaltet man ihn aus, wird der Benchmark 50% schneller.\nHier eine schnelle Kommandoübersicht:\nyum install oprofile (oder was immer das aktuelle System gerade als Paketmanager verwendet) opcontrol --init Kernel Modul wird geladen opcontrol --setup --separate=lib,kernel,thread --no-vmlinux Wir teilen dem System mit, wie es Daten sammeln soll. Das CentOS her hat kein vmlinux Kernel Image. Wenn jemand weiß wie man ein vmlinuz in ein vmlinux umwandelt, würde ich das gerne wissen. opcontrol --start-daemon Dann laden wir den Daemon vor, der die Performancedaten sammelt, damit es später die Meßdaten nicht verfälscht\u0026hellip; ps axuwww| grep opro Schnell prüfen, ob der Daemon läuft\u0026hellip; opcontrol --start Datensammlung starten opcontrol --dump Daten auf die Platte zwingen (sie werden sowieso in regelmäßigen Intervallen gedumpt) opreport --demangle=smart --symbols --long-filenames --merge tgid $(which mysqld) | less Und nun einen Report wie die beiden da oben erzeugen. opcontrol --stop Profiling anhalten opcontrol --deinit Daemon stoppen opcontrol --reset Gesammelte Daten löschen und den Plattenplatz wieder freigeben. ","date":"2006-10-14T00:00:00Z","href":"https://blog.koehntopp.info/2006/10/14/mysql-performanceprobleme-mit-einem-profiler-analysieren.html","tags":["mysql","performance","lang_de"],"title":"MySQL Performanceprobleme mit einem Profiler analysieren"},{"categories":null,"content":"Google Pressemeldung :\nGoogle Inc. announced today that it has agreed to acquire YouTube, the consumer media company for people to watch and share original videos through a Web experience, for $1.65 billion in a stock-for-stock transaction. Following the acquisition, YouTube will operate independently to preserve its successful brand and passionate community.\nBezahlt wurden 1.65 Milliarden US-Dollar in Aktien.\n","date":"2006-10-10T00:00:00Z","href":"https://blog.koehntopp.info/2006/10/10/google-kauft-youtube.html","tags":["computer","google","lang_de"],"title":"Google kauft YouTube"},{"categories":null,"content":"\u0026lt; Ein MSA-30 Array mit 14 Platten.\nLiebes Tagebuch!\nHeute bin ich gegen eine HP 585 und zwei MSA 30 angetreten und ich bin mir nicht ganz sicher, wer gewonnen hat. Aber laß mich von vorne erzählen.\nWie Du weißt, liebes Tagebuch, berechnet sich die Anzahl der Zugriffe, die man von einer einzelnen Platte pro Sekunde erwarten kann, wie folgt: 1000 ms/(Average Seek Time in ms + Rotational Delay in ms + Transfer Time in ms). Die Average Seek Time kann bei einer guten Platte schon mal 4 ms klein sein, bei schlechten Platten auch mal 8 ms groß.\nDie Rotational Delay ist bei 18000 rpm bei 300 Umdrehungen pro Sekunde, als 600 Halbdrehungen pro Sekunde oder 1/600 Sekunde = 1.6 ms. Bei Laptop-Platten mit 6000 rpm ist sie dreimal größer, also 5 ms. Die Transfer Time kann man für den Rest der Betrachtungen auch getrost vergessen. Somit haben wir eine Access Time von insgesamt 5 ms bis 12 ms rauf. Das übersetzt sich zu 200 bis 80 Writes/Seeks/Commits pro Sekunde. Von so einer Platte aus einem MSA 30 würde ich eher 200 als 80 Operationen pro Sekunde erwarten.\nDa stand sie nun also, die Hardware: Eine HP 585 mit 32 GB RAM und 2 Dual-Core Opteron @ 2.6 GHz, zwei 6402 Controllern und zwei Dual-Channel MSA 30 mit jeweils 14 72 GB Platten. Und wegen der spezifischen Verteilung der Controller und Channels ließen sich die beiden MSA 30 nicht zu einem 28 Disk Hardware RAID-10 zusammenfassen. Also haben wir angefangen zu experimentieren und zu messen. Die Ergebnisse waren sehr merkwürdig.\nWir haben uns das so überlegt, liebes Tagebuch: Wenn man schon kein Hardware RAID-10 mit allen 28 Platten bauen kann, dann kann man sich immerhin 14 Hardware-RAID-1 Paare stricken und die dann in ein Linuxraid als RAID-0 stopfen. Gesagt, getan: Ins Menü, durch die Controller jongliert und die Plattenarrays wie wild blinken lassen - HP macht ja sehr unmissverständlich klar, welche Platte man gerade wie am Wickel hat.\nAm Ende ins Linux booten und da waren sie dann: /dev/cciss/c1d0-c1d6 und /dev/cciss/c2d0-c2d6: 14 RAID-1 Paare. Ein mdadm -C -l0 --chunk=128k /dev/md0 --raid-devices 14 /dev/cciss/c[12]d* später hatten wir dann ein /dev/md0 mit 14 Paaren. Das wollten wir nun nackig machen, also mkfs /dev/md0 und mount /dev/md0 /data0 und dann [iozone](http://www.iozone.org) -i0 -i2 -O -I -s4g -r128k -f /data0/blah da drauf.\nStell Dir unsere Enttäuschung vor, liebes Tagebuch:\niozone -i0 -i1 -i2 -O -I -s4g -r128k -f /data0/blah Iozone: Performance Test of File I/O Version $Revision: 3.263 $ Compiled for 64 bit mode. Build: linux Contributors:William Norcott, Don Capps, Isom Crawford, Kirby Collins Al Slater, Scott Rhine, Mike Wisner, Ken Goss Steve Landherr, Brad Smith, Mark Kelly, Dr. Alain CYR, Randy Dunlap, Mark Montague, Dan Million, Jean-Marc Zucconi, Jeff Blomberg, Erik Habbinga, Kris Strecker, Walter Wong. Run began: Fri Feb 17 03:20:20 2006 OPS Mode. Output is in operations per second. O_DIRECT feature enabled File size set to 4194304 KB Record Size 128 KB Command line used: iozone -i0 -i1 -i2 -O -I -s4g -r128k -f /data0/blah Time Resolution = 0.000001 seconds. Processor cache size set to 1024 Kbytes. Processor cache line size set to 32 bytes. File stride size set to 17 * record size. random random KB reclen write rewrite read reread read write 4194304 128 999 1165 1126 1131 246 1107 Ich meine, wenn ich pro Platte 200 w/s rechne und von einem RAID-1 mit serieller Write-Policy ausgehe, dann erwarte ich auch von einem RAID-1 Paar mal eben 200 w/s, oder von 14 Paaren also 2800 w/s. Bekommen habe ich nur 1107 w/s Random-I/O. Das ist aber mächtig schlapp, nur 40 % der projektierten Performance.\nWir haben dann mal ein wenig gespielt:\n1 Paar (Hardware RAID, ohne Linuxraid) bringt 198 w/s, also genau wie die theoretische Vorhersage. 2 Paare (Hardware RAID, interner Controller, ohne Linuxraid) bringt nur 336 w/s (84%). Keine Ahnung, was die Chunksize hier war. 7 Paare linear vom ersten /dev/cciss/c1d* genommen bringen 808 w/s (57%). 7 Paare sortiert (c1d0, c2d0, c1d4, c2d4, c1d2, c2d2, c1d6) bringen 1382 w/s (99%). Fein! 14 Paare linear (/dev/cciss/c[12]d*) bringen wie gesagt nur 1107 w/s (40%). 14 Paare sortiert (c1d0, c2d0, c1d6, c2d6, c1d1, c2d1, c1d5, c2d5, usw) bringen immerhin 1434 w/s (51.2%).\nAber damit nicht genug, liebes Tagebuch! Ich habe noch ein weiteres Mysterium für heute: iostat -x meint während des 7 Paare Linear-Tests so Dinge wie\nDevice: rrqm/s wrqm/s r/s w/s rsec/s wsec/s rkB/s wkB/s avgrq-sz avgqu-sz await svctm %util cciss/c0d0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c1d0 0.00 3.00 0.00 307.00 0.00 38696.00 0.00 19348.00 126.05 0.14 2.22 0.46 14.20 cciss/c2d0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 md0 0.00 0.00 0.00 2275.00 0.00 283392.00 0.00 141696.00 124.57 0.00 0.00 0.00 0.00 cciss/c1d1 0.00 6.00 0.00 320.00 0.00 38608.00 0.00 19304.00 120.65 0.21 0.65 0.63 20.20 cciss/c1d2 0.00 9.00 0.00 342.00 0.00 42416.00 0.00 21208.00 124.02 0.23 0.66 0.64 22.00 cciss/c1d3 0.00 0.00 0.00 335.00 0.00 44280.00 0.00 22140.00 132.18 0.23 0.69 0.67 22.60 cciss/c1d4 0.00 0.00 0.00 318.00 0.00 39904.00 0.00 19952.00 125.48 0.22 0.70 0.68 21.60 cciss/c1d5 0.00 5.00 0.00 309.00 0.00 39568.00 0.00 19784.00 128.05 0.21 0.68 0.66 20.40 cciss/c1d6 0.00 9.00 0.00 311.00 0.00 39920.00 0.00 19960.00 128.36 0.27 0.86 0.84 26.10 cciss/c2d1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c2d2 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c2d3 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c2d4 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c2d5 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c2d6 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 Das heißt in Deutsch: Man kann sehen, wie die Platte c1d0-c1d6 hier angeblich um die 320 w/s machen und damit dann noch schon ganze 20 % ausgelastet sind (nein, die ganzen CPUs sind nicht busy). Die angeblich 2275 w/s zu 128k average request size übersetzen sich dann aber in iozone nachher zu 808 w/s.\nDasselbe hier:\nDevice: rrqm/s wrqm/s r/s w/s rsec/s wsec/s rkB/s wkB/s avgrq-sz avgqu-sz await svctm %util cciss/c0d0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c1d0 0.00 4.33 0.00 387.33 0.00 48373.33 0.00 24186.67 124.89 0.20 0.51 0.50 19.20 cciss/c2d0 0.00 5.67 0.00 402.67 0.00 51010.67 0.00 25505.33 126.68 0.19 0.47 0.45 18.23 md0 0.00 0.00 0.00 2825.67 0.00 352170.67 0.00 176085.33 124.63 0.00 0.00 0.00 0.00 cciss/c1d1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c1d2 0.00 5.67 0.00 404.00 0.00 50626.67 0.00 25313.33 125.31 0.21 0.52 0.50 20.17 cciss/c1d3 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c1d4 0.00 6.67 0.00 417.00 0.00 51613.33 0.00 25806.67 123.77 0.21 0.49 0.47 19.80 cciss/c1d5 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c1d6 0.00 6.00 0.00 386.33 0.00 49277.33 0.00 24638.67 127.55 0.27 0.69 0.68 26.20 cciss/c2d1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c2d2 0.00 6.00 0.00 386.33 0.00 49557.33 0.00 24778.67 128.28 0.18 0.48 0.47 17.97 cciss/c2d3 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c2d4 0.00 4.00 0.00 404.00 0.00 51712.00 0.00 25856.00 128.00 0.19 0.48 0.47 18.93 cciss/c2d5 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c2d6 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 Das ist die lustige nicht lineare 7-Paar Config in Aktion. Wir sehen 2825 w/s auf dem md0, die später als 1382 w/s vom iozone bilanziert werden. Nun frage ich mich, liebes Tagebuch: Wer hat recht?\nAch ja, und außerdem, liebes Tagebuch, das dritte Mysterium dieses Tages: Wieso saugt meine Read-Performance so? Ich meine, 246 r/s sind echt kaputt, -I (O_DIRECT) oder nicht.\nMorgen, liebes Tagebuch, machen wir dann mal ein Hardware RAID-10 mit einem Array und einem Controller, also 7 Paare Hardware RAID-0 in einer linearen Config. Mal sehen, was wir dann so für Messwerte bekommen.\n","date":"2006-10-04T00:00:00Z","href":"https://blog.koehntopp.info/2006/10/04/kris-vs-2xmsa-30.html","tags":["database","hardware","mysql","lang_de"],"title":"Kris vs. 2xMSA 30"},{"categories":null,"content":"Markus fragt:\nDurch \u0026hellip; wechseln wir gerade unseren Root-Server. Dort habe ich bereits das Gentoo-Basissystem am fluppen. Bei der Umstellung möchte ich gleich von MySQL 4 auf 5 wechseln.Dabei stellt sich die Frage, ob ich das System nicht gleich von latin1 auf utf-8 umstellen soll. Sollte ich lieber bei latin1 bleiben und alles so migrieren oder doch den großen Wurf zu utf-8 wagen?\nDie Frage habe ich ihm schon beantwortet, aber versprochen, das Thema noch einmal im Blog \u0026ldquo;in groß\u0026rdquo; durchzudeklinieren. Hier also der Zeichensatz-Artikel redone.\nZeichensatztheorie Zusammenhänge zwischen den Begriffen.\nEin Zeichensatz (\u0026ldquo;CHARACTER SET\u0026rdquo;) ist eigentlich ein Symbolvorrat, also eine Liste von Symbolen, die in einer bestimmten Sammlung enthalten sind. Ein Zeichensatz ist damit ein ganz und gar abstraktes und nahezu nutzloses Ding. Das einzige, was man mit einem Zeichensatz alleine tun kann, ist zu entscheiden, ob ein bestimmtes Symbol in einem bestimmten Kontext erlaubt ist oder nicht.\nDamit die Symbole druckbar werden, benötigt man einen Font. So ist zum Beispiel dies hier \u0026ldquo;ö\u0026rdquo; ein LOWER CASE O-UMLAUT in Arial und \u0026ldquo;ö\u0026rdquo; dasselbe Symbol in einem anderen Font, Times New Roman.\nDamit Symbole von Computern verarbeitbar werden, benötigen sie eine binäre Repräsentation, ein Encoding. In meinem Terminal, konsole, wird standardmäßig das utf8-Encoding verwendet. Der Text \u0026ldquo;Köhntopp\u0026rdquo; wird dabei durch die Hex-Folge \u0026ldquo;4b c3 b6 68 6e 74 6f 70 70\u0026rdquo; repräsentiert, das LOWER CASE o-UMLAUT wird als C3 B6 codiert.\nkris@linux:~\u0026gt; od -t x1a Köhntopp 0000000 4b c3 b6 68 6e 74 6f 70 70 0a K C 6 h n t o p p nl 0000012 Nach dem Aufruf von Settings-\u0026gt;Encoding-\u0026gt;Iso-8859-1 hat sich das Encoding geändert und derselbe Text wird jetzt durch die Bytes \u0026ldquo;4b f6 68 6e 74 6f 70 70 0a\u0026rdquo; repräsentiert. Der LOWER CASE o-UMLAUTE ist nun also ein F6-Byte.\nkris@linux:~\u0026gt; od -t x1a Köhntopp 0000000 4b f6 68 6e 74 6f 70 70 0a K v h n t o p p nl 0000011 Wenn man zwei Zeichenfolgen vergleichen oder ordnen (sortieren) will, dann braucht man eine zu dem Encoding passende Collation. Eine Collation kann man sich als eine normierte Codierung eines Encodings vorstellen, das für Vergleichs- und Sortierzwecke verwendet wird.\nDie MySQL-Collation latin1_german1_ci erzeugt aus \u0026ldquo;Köhntopp\u0026rdquo; zum Beispiel \u0026ldquo;kohntopp\u0026rdquo; und verwendet diesen String dann, um ihn mit anderen Strings zu vergleichen und zu sortieren. Abgespeichert wird allerdings immer der Originalwert, also \u0026ldquo;Köhntopp\u0026rdquo;. Eine andere Collation, latin1_german2_ci, würde den Text \u0026ldquo;Köhntopp\u0026rdquo; stattdessen intern in \u0026ldquo;koehntopp\u0026rdquo; umwandeln, bevor verglichen und sortiert wird (aber ebenso \u0026ldquo;Köhntopp\u0026rdquo; abspeichern).\nZeichensätze im Server Aus irgendeinem Grund nennt MySQL ein Encoding einen CHARACTER SET oder CHARSET. Die im Server verfügbaren Encodings können mit SHOW CHARSET aufgelistet werden. Sie sind auch in INFORMATION_SCHEMA.CHARACTER_SETS verfügbar. In beiden Fällen gibt die Spalte \u0026ldquo;Maxlen\u0026rdquo; an, wieviele Bytes ein Zeichen in diesem Zeichensatz maximal verbrauchen kann.\nDie Liste der vom Server unterstützten Collations kann man mit SHOW COLLATION anzeigen. Sie ist auch als INFORMATION_SCHEMA.COLLATIONS abrufbar. Eine Collation ist nur im Zusammenhang mit einem Encoding sinnvoll, daher muß diese Tabelle mit der INFORMATION_SCHEMA.CHARACTER_SETS über die n:m Beziehung INFORMATION_SCHEMA. COLLATION_CHARACTER_SET_APPLICABILITY verknüpft werden (oder man verwendet SHOW COLLATION LIKE \u0026lsquo;\u0026hellip;%\u0026rsquo;).\nEncoding und Collation festlegen Jeder String in MySQL ist mit einem Encoding und einer Collation markiert. Für Datenbankobjekte geschieht dies auf der Spaltenebene: Eine Spalte mit CHAR, VARCHAR oder einem TEXT-Typ ist immer auch mit einem CHARSET und einer COLLATION versehen.\nGibt man diese nicht ausdrücklich an, so wird der CHARSET und die COLLATION der Tabelle, in der diese Spalte enthalten ist, nach unten vererbt. Und natürlich erbt die Tabelle CHARSET und COLLATION von der DATABASE, die diese wiederum von den Server Defaults vererbt.\nMan kann also in der my.cnf festlegen:\n[mysqld] default-character-set=latin1 default-collation=latin1_german1_ci Man kann auch beim Anlegen eines Schemas (einer logischen Datenbank) festlegen:\nroot@localhost [(none)]\u0026gt; create database kris charset latin1 collate latin1_german1_ci; Query OK, 1 row affected (0.00 sec) root@localhost [(none)]\u0026gt; show create database kris\\G Database: kris Create Database: CREATE DATABASE `kris` /*!40100 DEFAULT CHARACTER SET latin1 COLLATE latin1_german1_ci */ 1 row in set (0.00 sec) Für eine Tabelle und deren Spalten kann man bestimmen:\nroot@localhost [kris]\u0026gt; create table t ( id integer unsigned not null auto_increment primary key, c char(20) charset utf8 collate utf8_general_ci, d varchar(20) charset cp850 collate cp850_general_ci, t text charset latin1 collate latin1_german1_ci ) charset latin1 collate latin1_general_ci; Query OK, 0 rows affected (0.01 sec) root@localhost [kris]\u0026gt; show create table t\\G Table: t Create Table: CREATE TABLE `t` ( `id` int(10) unsigned NOT NULL auto_increment, `c` char(20) character set utf8 default NULL, `d` varchar(20) character set cp850 default NULL, `t` text character set latin1 collate latin1_german1_ci, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci 1 row in set (0.00 sec) Die Verbindung, die der Client zur Datenbank aufbaut, muß ebenfalls mit einem Encoding und einer Collation getagged sein, denn wenn man beispielsweise ein LOWER CASE o-UMLAUT von einem utf8-Terminal in kirs.t.t einfügen will, dann muß dieses Symbol ja von utf8 (C3B6) nach latin1 (F6) gewandelt werden.\nMan kann default-character-set und default-encoding in der [mysql]-Sektion seiner my.cnf festlegen, oder sie mit SET NAMES später umstellen.\nIndem ich in konsole Settings-\u0026gt;Encoding-\u0026gt;utf8 einstelle und dann SET NAMES utf8 im Kommandozeilenclient von MySQL mache, sende ich nicht nur utf8, sondern habe den Client auch über diese Tatsache informiert.\nroot@localhost [kris]\u0026gt; set names utf8; Query OK, 0 rows affected (0.00 sec) root@localhost [kris]\u0026gt; select hex(\u0026#34;ö\u0026#34;); +-----------+ | hex(\u0026#34;ö\u0026#34;) | +-----------+ | C3B6 | +-----------+ 1 row in set (0.00 sec) Stelle ich in konsole Settings-\u0026gt;Encoding-\u0026gt;latin1 ein und sende SET NAMES latin1, dann bekomme ich:\nroot@localhost [kris]\u0026gt; set names latin1; Query OK, 0 rows affected (0.00 sec) root@localhost [kris]\u0026gt; select hex(\u0026#34;ö\u0026#34;); +----------+ | hex(\u0026#34;ö\u0026#34;) | +----------+ | F6 | +----------+ 1 row in set (0.00 sec) Warum ist das wichtig und nützlich? Nun, wenn ich mit meinem utf8-Client an die Datenbank gehe und Daten nach kris.t.t speichere, was wird dann geschehen?\nroot@localhost [kris]\u0026gt; set names utf8; Query OK, 0 rows affected (0.00 sec) root@localhost [kris]\u0026gt; select hex(\u0026#34;ö\u0026#34;); +-----------+ | hex(\u0026#34;ö\u0026#34;) | +-----------+ | C3B6 | +-----------+ 1 row in set (0.00 sec) root@localhost [kris]\u0026gt; insert into kris.t (t) values (\u0026#34;ö\u0026#34;); Query OK, 1 row affected (0.00 sec) root@localhost [kris]\u0026gt; select hex(t), t from kris.t; +--------+------+ | hex(t) | t | +--------+------+ | F6 | ö | +--------+------+ 1 row in set (0.00 sec) Ich habe also einen Client, der utf8 spricht und sendet. Das kann ich kontrollieren (\u0026ldquo;set names utf8\u0026rdquo;) und beweisen (Ich bekomme ein C3B6). Speichere ich dieses utf8-codierte Symbol in eine Spalte, die als latin1-codiert markiert ist, wird MySQL das Encoding des Symbols anpassen und den richtigen Code (F6) speichern. Ich kann das beweisen, indem ich hex(spaltenname) und spaltenname aus der Tabelle selektiere: Es wurde tatsächlich ein LOWER CASE o-UMLAUT in latin1 encoding gespeichert, und obwohl das so gespeichert wurde, wird mir ein ö in meinem utf8-Terminal angezeigt - der Wert wurde also für meine Verbindung auch wieder zurück gewandelt!\nEinen Dump laden Wenn man einen alten MySQL 4.0 mysqldump hat, dann sind in diesem Datenbank- und Tabellendefinitionen ohne Zeichensatzangaben enthalten. Man muß in diesem Fall vor dem Import in einen neueren Server die Defaults korrekt setzen. Korrekt bedeutet hier: So, daß die Datenbanken und Tabellen mit den Character Sets und Collations anlegegt werden, die man haben will. Am einfachsten erreicht man das, indem man das CREATE DATABASE-Statement im Dump sucht und passend editiert. Diese Defaults werden dann ja auf alle anderen Objekte herunter vererbt.\nDie Connection, mit der der Dump eingelesen wird, muß außerdem mit der passenden Character Set-Information versehen werden. Dazu bestimmt man den Character Set im Dumpfile, indem man dieses durch \u0026ldquo;od -t x1a\u0026rdquo; filtert und mal nach einigen Umlauten sucht. Welcher Zeichensatz wird im Dumpfile verwendet?\nDieser Zeichensatz muß dann für das Einlesen des Dumps verwendet werden. Am einfachsten fügt man ein passendes SET NAMES-Statement in das Dumpfile ein.\n-- -- Table structure for table `t` -- DROP TABLE IF EXISTS `t`; CREATE TABLE `t` ( `id` int(10) unsigned NOT NULL, `c` char(20) default NULL, `d` varchar(20) default NULL, `t` text, PRIMARY KEY (`id`) ) TYPE=MyISAM; -- -- Dumping data for table `t` -- /*!40000 ALTER TABLE `t` DISABLE KEYS */; LOCK TABLES `t` WRITE; INSERT INTO `t` VALUES (1,NULL,NULL,\u0026#39;ö\u0026#39;); UNLOCK TABLES; /*!40000 ALTER TABLE `t` ENABLE KEYS */; ... linux:/export/data/charset # od -t x1a kris.sql ... 0001560 53 20 28 31 2c 4e 55 4c 4c 2c 4e 55 4c 4c 2c 27 S sp ( 1 , N U L L , N U L L , \u0026#39; 0001600 f6 27 29 3b 0a 55 4e 4c 4f 43 4b 20 54 41 42 4c v \u0026#39; ) ; nl U N L O C K sp T A B L ... Wir können nun leicht dieses Dumpfile um ein \u0026ldquo;CREATE DATABASE kris CHARSET utf8 COLLATE utf8_general_ci\u0026rdquo; ergänzen und ein \u0026ldquo;SET NAMES latin1\u0026rdquo; zufügen. Dadurch bekommen wir eine Datenbank kris, die Zeichen in utf8 speichert. Da die Verbindung auf latin1 gesetzt wird, wird beim Einlesen der korrekte Zeichensatz für den Dump verwendet und alle Daten werden beim Lesen und Speichern von latin1 nach utf8 gewandelt. Für die Clients, die die Daten später verwenden, ist dies irrelevant: Sie legen mit SET NAMES fest, in welchem Zeichensatz sie die Ergebnisse bekommen wollen und MySQL wird die Zeichen bei der Ausgabe entsprechend den Wünschen der Clients umwandeln.\nSelber wandeln Eine Stringkonstante kann in MySQL mit einem Encoding prefixed werden.\nroot@localhost [kris]\u0026gt; select _utf8\u0026#39;Köhntopp\u0026#39;; +-----------+ | Köhntopp | +-----------+ | Köhntopp | +-----------+ 1 row in set (0.00 sec) Dies ist dasselbe wie \u0026ldquo;SELECT \u0026lsquo;Köhntopp\u0026rsquo;\u0026rdquo;, nur daß der Zeichensatz ausdrücklich an den Ausdruck geklebt wird und nun vom SET NAMES verschieden sein kann.\nWir können auch Daten in andere Zeichensätze umwandeln:\nroot@localhost [kris]\u0026gt; select hex(convert(\u0026#39;Köhntopp\u0026#39; using latin1)) as Beispiel; +------------------+ | Beispiel | +------------------+ | 4BF6686E746F7070 | +------------------+ 1 row in set (0.03 sec) Hier ist mein utf8-Köhntopp aus der Connection in ein latin1-Köhntopp mit F6-Umlaut umgewandelt worden.\nDie Kosten von utf8 Unicode ist ein Zeichensatz mit mehr als 256 Zeichen und utf8 ist ein Multibyte-Encoding für diesen Zeichensatz, in dem Zeichen eine variable Länge haben können. Einige Symbole (\u0026ldquo;a\u0026rdquo;, \u0026ldquo;Z\u0026rdquo;) werden als einzelne Bytes codiert, andere (\u0026ldquo;ö\u0026rdquo;) als Folgen von Bytes. Der Subset von Unicode, der von MySQL unterstützt wird, kann bis zu 3 Byte für ein Zeichen verbrauchen. Daher wird der Zeichensatz mit einer Maxlen von 3 in \u0026ldquo;SHOW CHARSET\u0026rdquo; markiert.\nEin anderes Encoding von Unicode ist ucs2: Während utf8 von Unix und Java verwendet wird, wird ucs2 von Windows-Systemen bevorzugt. ucs2 codiert alle Unicode-Zeichen gleich lang, und verwendet für den Subset von Unicode, der hier unterstützt wird, immer 2 Bytes. Die angezeigte Maxlen ist also 2.\nHier alle drei Encodings im Vergleich:\nroot@localhost [kris]\u0026gt; select hex(convert(\u0026#34;Köhntopp\u0026#34; using ucs2)) as x; +--------------------------------------+ | x | +--------------------------------------+ | 004B00F60068006E0074006F00700070 | +--------------------------------------+ 1 row in set (0.00 sec) root@localhost [kris]\u0026gt; select hex(convert(\u0026#34;Köhntopp\u0026#34; using latin1)) as x; +----------------------------------------+ | x | +----------------------------------------+ | 4BF6686E746F7070 | +----------------------------------------+ 1 row in set (0.00 sec) root@localhost [kris]\u0026gt; select hex(\u0026#34;Köhntopp\u0026#34;) as x; +--------------------+ | x | +--------------------+ | 4BC3B6686E746F7070 | +--------------------+ 1 row in set (0.00 sec) In MySQL wird ein CHAR(20) definiert als ein String von Zeichen Zeichen. Ein Zeichen kann mehr als ein Byte haben, also werden maxlen * Stringlänge Bytes Platz verbraucht. Ein utf8-CHAR(20) braucht also 60 Byte.\nEin VARCHAR(20) ist ein String mit einer Längenkennung und dann so vielen Bytes Speicher, wie der String tatsächlich lang ist. Ein utf8-VARCHAR(20) kann also zwischen 1 und 60 Byte Speicher plus die Längenkennung (1 Byte, ggf. 2 Bytes) verbrauchen.\nIndexrecords in MyISAM haben jedoch eine feste Länge. Ein Index auch ein utf8-VARCHAR(20) belegt also immer 60 Byte plus die Länge für den Row Pointer (per Default 6 Byte pro zu bezeigendem Record).\nAußerdem ist die Anzahl der Bytes, nicht Zeichen in einem Index limitiert: Generell kann ein Index bis zu 1024 Bytes, in InnoDB sogar nur 767 Bytes enthalten. In utf8 wird dies also zu 343 bzw. zu 255 Zeichen.\nDie Empfehlung lautet also:\nDefiniere den Server, das Schema und jede Tabelle immer mit einem passenden Einbyte-Zeichensatz, z.B. latin1. Definiere dann die Connection mit welchem Zeichensatz auch immer. Das kann auch utf8 sein, obwohl das Schema latin1 verwendet. Definiere alle Spalten, die einen anderen als den latin1-Zeichensatz benötigen, wenn möglich mit dem passenden Einbyte-Zeichensatz der Sprache - türkische Spalten also als latin5 und russische Spalten als latin2. Definiere Spalten, die wirklich mehrsprachig sind, und nur diese, als utf8. Beachte den Mehrverbrauch an Speicher für Indices und CHAR. ","date":"2006-10-01T00:00:00Z","href":"https://blog.koehntopp.info/2006/10/01/mysql-zeichensatz-grundlagen.html","tags":["mysql","lang_de"],"title":"MySQL: Zeichensatz-Grundlagen"},{"categories":null,"content":"Deutsche Politiker haften nicht für die Produkte ihrer Arbeit. Dadurch unterscheidet sich ihre Tätigkeit von der so ziemlich aller anderen Leute. Unsere Politiker haben ein Gesetz über die Deutsche Nationalbibliothek beschlossen, das am 22. Juni diesen Jahres verkündet worden ist. Das Gesetz ist offensichtlich in grandiosem Unverständis über die Natur des Netzes gemacht worden, aber wer nicht haftet, darf halt auch öffentlich dumm sein.\nSchauen wir also mal:\nIn §14 definiert dieses Gesetz eines Ablieferungspflicht für Medienwerke, die nach §14 (3) auch Webseiten (\u0026ldquo;Medienwerke in unkörperlicher Form\u0026rdquo;) erfaßt. §14 (4) legt fest, daß die Ablieferung binnen einer Woche zu erfolgen hat. §15 legt fest, daß der Ablieferungspflichtige derjenige ist, der berechtigt ist, das Medienwerk zu verbreiten oder öffentlich zugänglich zu machen, für dieses Blog also ich. §16 definiert, daß die Ablieferung unentgeltlich und auf eigene Kosten bei der Deutschen Nationalbibliothek zu erfolgen habe, wobei Medienwerke in unkörperlicher Form auch zur Abholung bereitgestellt werden können. Dann hat die Bereitstellung allerdings nach den Maßgaben der Bibliothek zu erfolgen.\n§19 legt fest, daß es eine Ordnungswidrigkeit ist, das Medienwerk nicht, nicht rechtzeitig oder nicht in der vorgeschriebenen Weise abzuliefern - bewehrt mit einer Geldbuße von bis zu €10000.\nEine Mail an die DNB ist raus, ich warte auf die Antwort.\nArtikel in der HAZ Artikel in der SZ Kontaktaufnahme mit der DNB (via Müsli ) c\u0026rsquo;t Artikel (via Jürgen aus den Kommentaren)\n","date":"2006-09-22T00:00:00Z","href":"https://blog.koehntopp.info/2006/09/22/gesetz-ber-die-deutsche-nationalbibliothek.html","tags":["media","politik","web","lang_de"],"title":"Gesetz über die Deutsche Nationalbibliothek"},{"categories":null,"content":"Nachtrag zu GPL in Deutschland vor Gericht durchgesetzt :\nHarald Weltes Blog zum Thema gpl-violations.org Press Release Urteilsbegründung (hier im Volltext als PDF ) Groklaw Artikel Golem Artikel Heise Artikel Aus der Urteilsbegründung:\nDie GPL ist auf das Rechtverhältnis zwischen den Urhebern und der Beklagten anwendbar. Die drei Softwareprogramme [ msdosfs, initrd und mtd ] werden unstreitig ausschließlich unter den Bedingungen der GPL lizensiert. Im Fall der freien Software ist anzunehmen, daß der Rechteinhaber durch die unterstellung des Programms unter die GPL ein ANgebot an einen bestimmten Personenkreis abgibt, das von den Nutzern durch Vornahme der zustimmungsbedürftigen Handlung angenommen wird; insoweit wird man von einem Verzicht auf den Zugang der Annahmeerklärung (§151 BGB) ausgehen können.Zudem könnte sich der Beklagte dann, wenn die GPL nicht durch Einbeziehung auf das Rechtsverhältnis anwendbar wäre, auf keinerlei Berechtigung zur Vervielfältigung, Verbreitung und Veränderung der drei Softwareprogramme berufen, so daß ebenfalls eine Urheberrechtsverletzung zu bejahen wäre. Insbesondere kann in den Bedingungen der GPL keinesfalls ein Verzicht auf Urheberrechte und urheberrechtliche Rechtspositionen gesehen werden. Denn die GPL sieht gerade vor, daß die zunächst jedermann erteilte Nutzungs-, Bearbeitungs- und Verbreitungsfreiheit durch die Einräumung eines nichtausschließlichen Nutzungsrechts bei Verstoß gegen die GPL automatisch erlischt (vgl. Dreier/Schulze, aaO, §69a, Rz. 11)\u0026hellip;.Gemaß Ziff 4. der GPL \u0026hellip; fällt das zunächst gewährte Nutzungsrecht automatisch an den Urheber zurück, wenn der Nutzer gegen die in Ziff. 2 der GPL niedergelegten Verhaltenspflichten verstößt. Die dortigen Verhaltenspflichten sehen insbesondere vor, daß der Nutzer mit jeder Kopie einen Haftungsausschluß veröffentlicht, auf die GPL hinweist und einen Lizenztext beifügt sowie den Sourcecode des Programmes offen legt.\n","date":"2006-09-22T00:00:00Z","href":"https://blog.koehntopp.info/2006/09/22/urteilsbegr-ndung-zu-gpl-in-deutschland-vor-gericht-durchgesetzt.html","tags":["copyright","free software","lizenz","politik","lang_de"],"title":"Urteilsbegründung zu GPL in Deutschland vor Gericht durchgesetzt"},{"categories":null,"content":"Kommentar zu GPL in Deutschland vor Gericht durchgesetzt.\nIch glaube nicht das bei der BSD Lizenz ein Konstruktionsfehler vorliegt. Ich denke, es war beabsichtigt das auch \u0026ldquo;Codeklauer\u0026rdquo; damit Geld verdienen können. Man könnte auch sagen, das dies die wahre Freiheit ist. Übrigens kann mit GPL Software auf ähnlicher Weise Geld verdient werden. Was machen denn die Distributoren, auch wenn das jetzt etwas überspitzt ist. Es wird niemand daran gehindert GPL Software zu verkaufen. Sie müssen nur die GPL einhalten, was bedeutet die Lizenz mitliefern und dürfen die Hinweise auf die GPL im Code nicht entfernen.\nDer wesentliche Punkt der GPL ist ein anderer: Unter der GPL muss man den Quelltext - so wie er verwendet worden ist, um das eigene Produkt zu bauen - mitliefern. Mit allen Rechten und gegebenenfalls mit allen Tools, die dazu notwendig sind.\nBei der GPL geht es nicht um Geld - es ist vollkommen egal, ob das Produkt, das Du gebaut hast, von Dir für Geld verkauft wird, oder ob Du für Geld Support dazu verkaufst oder was auch immer. Wenn Du in Deinem Produkt aber (im selben Prozessraum) GPL-Code verwendest, dann muss Dein Produkt auch unter der GPL stehen und um der GPL zu genügen, musst Du den Quelltext und die Werkzeuge zum Bauen mitliefern.\nDie GPL ist die sich selbst schützende Allmende: Du darfst Code aus dem Gemeinschaftspool für Deine Zwecke frei verwenden, aber nur, um damit wieder Code zu erzeugen, der hinterher unter genau denselben Rechten Bestandteil des Pools wird.\nDie Allmende, Commons, war die Gemeinschaftsweide des Dorfes. Jeder kann dort seine Kühe weiden. Die Allmende hat nicht funktioniert, weil sich alle erst dort bedient haben, bevor sie ihr Vieh auf die eigenen Weiden getrieben haben. Das ist genau das Szenario der BSD Lizenz.\nDie GPL ist anders: Grase auf der Weide der freien Software, aber wenn Du das tust, kommen Deine Milch, Dein Schinken und der Dung Deiner Kühe auch in diese Allmende. Darum funktioniert die GPL. Sie ist nachhaltig.\nDie kooperative und die kompetitive Welt können nicht zusammen existieren, ohne daß die Regeln der kompetitiven Welt die kooperative Welt zerstören. Darum trennt die GPL im Gegensatz zu allen anderen Open-Source-Lizenzen beide Welten und darum ist die GPL die einzige Open-Source-Lizenz, die vor dem kompetitiven Lager bestehen kann.\nJörg Möllenkamp führt unsere Diskussion ebenfalls weiter. Er schreibt in GPL-Durchsetzung und die Folgen unter einem kompetitiven Gesichtspunkt:\nEs ist klar, das ein System nicht notwendigerweise offener wird, wenn sich dort verschiedene nicht freigegebene Module tummeln. Es ist allerdings ein Trugschluss, das man einen Hersteller durch die GPL in die Offenheit zwingen kann.\nDas ist das Missverständnis: Die GPL will niemanden zu irgendetwas zwingen. Sie will nur trennen. Die GPL sagt nicht \u0026ldquo;Du musst offen/frei/whatever sein.\u0026rdquo;\nSie sagt:\n\u0026ldquo;Wenn Du unseren Code nutzen möchtest, was Du nicht musst, dann musst Du das zu unseren Bedingungen tun.\u0026rdquo;\nDas ist ganz genau das, was jede andere Lizenz auch sagt. Die GPL nennt außerdem diese Bedingungen vorab, wie jede andere Lizenz auch. Es gibt keine Überraschungen, keine Lizenzbedingungsänderungen und es gibt insbesondere keinen Zwang zu irgendwas. Es gibt allerdings eine Handvoll ausgezeichneter wirtschaftlicher und ethisch-moralischer Argumente, die dafür sprechen. Aber das ist eine ganz andere, und vollkommen ungezwungene Diskussion.\nDie GPL will niemanden in die Offenheit zwingen. Sie will nur die Spielregel klarmachen. Die Spielregel ist ganz simpel: Quid pro quo . Unter der GPL ist es nicht möglich, Code aus der Allmende zu nehmen und etwas proprietäres damit zu machen. Und anders herum: Es ist möglich, etwas Proprietäres zu machen, aber dann nicht mit GPL-Code.\nEs ist lediglich Gier angesichts der überwältigenden Menge von GPL-Code von teilweise wirklich ausgezeichneter Qualität die manche Menschen oder Firmen glauben lässt, sie könnten an diesem Pool teilhaben ohne sich an die Spielregeln halten zu müssen. Diese Leute müssen lernen, daß dieser Pool von lohnenswertem Zeug nur deswegen existiert, weil all den Gierhälsen die glauben, sie könnten hier betrügen, mit der ganzen Härte des neu verschärften Urheberrechts auf ihre Spuddelfinger gehauen wird.\nWenn man natürlich ein Geschäftskonzept so baut, daß es ohne einen solchen Betrug nicht funktioniert, dann bedeutet das, daß man ohne den GPL-Code kein Produkt hat. Das ist aber kein Zwang vonseiten der GPL, sondern die Dummheit desjenigen Kriminellen, der hier seinen Teilhabern und sich selbst in die Tasche gelogen hat. Ich habe da nicht wirklich Mitleid - nicht mit Sony , die in ihrem Rootkit (L)GPL-Software illegal verwendet haben, nicht mit Microsoft, die geknackte Software zum Erzeugen von Windows Sounddateien verwendet haben und auch nicht mit - wieder - Sony, die aus Wikipedia content lizenzwidrig verwenden.\nEs sind diese Dinge, gegen die die GPL und in Grenzen die LGPL wegen ihrer einzigartigen Konstruktion schützen helfen.\nSehen wir es doch mal realistisch, wie gross ist den die Gruppe jener Menschen die in der Lage und Willens ist, auf einem Handy oder einem Router den Kernel auszutauschen.\nDie Größe der Gruppe der Menschen ist aus der Sicht der GPL vollkommen irrelevant. Die meisten Leute wissen ja auch nicht, was ein Rootkit ist. Die GPL zwingt auch niemanden, mit dem Code, auf den man Zugriff hat, etwas zu tun. Sie eröffnet Möglichkeiten, und darauf kommt es an.\nIch habe zum Beispiel mal ein Servermodul für einen Netscape Web Server schreiben müssen. Das hat natürlich nicht funktioniert, und zwar unter anderem auch deswegen, weil die API-Dokumentation und die tatsächliche API des Servers nicht übereinstimmend waren. Diese API-Diskrepanz nachzuweisen war sehr, sehr schmerzhaft. Ich habe natürlich erst einmal mich selbst für zu dumm gehalten, bevor ich Azundris\u0026rsquo; Grundregel des Debuggings angewendet habe (\u0026ldquo;Wenn Du den Fehler nach 30 Minuten nicht gefunden hast, ist es wahrscheinlich nicht Dein Fehler, sondern ein Fehler in der Bibliothek oder im Compiler.\u0026rdquo;). Diese Sorte Problem kann man mit der GPL prinzipbedingt nicht haben (genaugenommen reicht für diese Sorte Problem schon die Sorte Look-But-Don\u0026rsquo;t-Touch-Lizenz aus, die Microsoft so favorisiert).\nIch habe auch schon oft Dinge in anderer Leute Code einbauen müssen, weil ich die Änderung jetzt brauchte oder um einfach was auszuprobieren - SpamAssassin LDAP Support, Änderungen am LDAP-Code von PHP, LDAP-Support im Cyrus, \u0026hellip;. Ja, ich habe auch noch andere Sachen gemacht, aber mein LDAP-Engagement bei NetUSE war eine einzige Folge von \u0026ldquo;Eigentlich will ich Euren Code gar nicht hacken, aber da bitte sehr, so tut es mir und Euch am wenigsten weh.\u0026rdquo; Das war gut für mich und gut für den Hersteller, denn so hat er einen Bug Report oder Feature-Request bekommen, der Bug Report war validiert, und ein Patchvorschlag kam mit. Das hat für alle Beteiligten das Leben sehr viel einfacher gemacht, selbst dann, wenn mein Code wie bei SpamAssassin aus anderen Gründen nicht unverändert in den aktuellen Code übernommen worden ist.\nDer Punkt ist, daß in keinem dieser Fälle primär die Absicht Bestand, diesen Code zu ändern, sondern daß es sich aus persönlichen Bedürfnissen oder einem Projekt so ergeben hat. Das Projekt hat seinen Scope spontan geändert und die verwendeten GPL-Teile haben das genauso spontan mit getragen. Wären diese Projekte auf der Basis von Closed Source Zeugs realisiert gewesen, dann hätten diese Möglichkeiten nicht bestanden und das Projekt wäre auf den Stand \u0026ldquo;Plattform evaluieren\u0026rdquo; zurückgeworfen worden.\nDer andere Punkt ist, daß ich nur im kooperativen Umfeld die Möglichkeiten habe, meine Situation über die Paketgrenzen hinweg bis zum Grade eines prototypischen oder produktionsreifen Patches zu evaluieren, ohne mich Ressourcen-technisch zu verausgaben, und daß ich das dann im Rahmen des Projektes oder privater Weiterbildung auch tue.\nInput loswerden kann ich auch mit schwächeren Open-Source-Lizenzen, selbst mit CDDL , MPL oder anderen BSD -Lizenzvarianten.\nDie Frage ist, ob ich mich dazu motivieren kann, Code in irgendeine Firma einzuwerfen, um letztendlich deren CEO eine größere Yacht zu ermöglichen. Ich schreibe das Zeug eigentlich, um das Leben allen denen einfacher zu machen, die nach mir kommen. Ich kann dazu beitragen, Infrastrukturkosten zu sozialisieren und meine Arbeit in einen größeren Kontext zu stellen. Ich kann das deswegen, weil die (L)GPL mich davor schützt, daß jemand unser aller Tree forkt und unter eine Käseglocke stellt.\nEs geht nicht darum, wie viele Menschen den Kernel auf ihrem Handy austauschen wollen - es ist uns beiden vollkommen klar, daß die meisten das nicht wollen werden. Sondern es geht darum, daß ein jeder der - aus welchem Grund auch immer - der Meinung ist, dies tun zu müssen es auch tun kann. Und das ist sogar für den Hersteller des Handys ein Grund, diese Möglichkeit zu bieten, wenn der Hersteller sich die Mühe macht, da mal ein wenig drüber nachzudenken.\nJetzt fordert diese kleine Gruppe etwas, das wahrscheinlich eine ganze Reihe von Geschäftsgeheimnissen offenlegen würde (schönes Beispiel sind da für mich die Treiber von hochgezüchteten Grafikkarten). Warum sollte eine Firma das tun? Ist es der Firma zu verübeln, Auswege zu suchen, Umwege zu finden und wenn es irgendwie geht, Linux ganz zu vermeiden?\nNein, wenn Du kein GPL willst, dann benutze halt keinen GPL-Code. Nur, ähm, das ist nicht der Sachverhalt.\nEs ist nicht so, daß da plötzlich eine Gruppe von Leuten ist, die plötzlich und unerwartet etwas Überraschendes fordert. Sondern es ist so, daß der Hersteller einer proprietären Software GPL-Code illegal und wider besseres Wissen lizenzwidrig verwendet hat. Alles was gefordert wird, und zwar schon immer und nicht plötzlich und überraschend, ist eine Einhaltung des Lizenzvertrages auf eine der beiden möglichen Arten: nämlich entweder Offenlegung der Sourcen, aller Sourcen, und der dazu notwendigen Werkzeuge. Oder Entfernung des GPL-Codes aus dem Produkt. Beides ist legitim und möglich.\nEs ist notwendig, daß man sich als Firma vorher Gedanken darüber macht, unter welchen Lizenzen man geistiges Eigentum in sein Produkt einbringt. Das gilt für selbst erstellten Code genauso wie für erworbene Lizenzen Dritter - seien sie nun kommerziell oder GPLed. Eine Firma, die das nicht macht, hat nicht das Recht am Markt zu agieren, denn es handelt sich um einen Haufen von Dilettanten.\nIch weiß aber auch, das dieses Dilemma das Potenzial hat, der Marktdurchdringung von Linux erheblichen Widerstand zu bieten.\nMarktdurchdringung ist für ein GPL-Produkt kein Wert an sich, so cool das auch ist, etwa auf einem Kassensystem, einer Sina-Box, einem Voip-Telefon, einem WLAN-Router, einem Festplattenrecorder oder einem Handy einem Linux beim Booten zuzusehen. Der Kick kommt aber nicht vom Pinguin-Logo, sondern er kommt von den Möglichkeiten, die damit einhergehen und von der Gewissheit, daß eine starke GPL mir diese Möglichkeiten offen hält.\nEs ist im engeren Sinne jedoch genaugenommen vollkommen egal wie viele Leute Linux, den Gcc, die glibc oder was auch immer unter der GPL einsetzen. Linux auf was-auch-immer hat keinen Wert, wenn man auf diesem was-auch-immer nicht die Möglichkeiten hat, die damit einhergehen.\nUnd darum ist die klare und informierte Durchsetzung der GPL so wichtig: Sie markiert die Trennlinie zwischen dem kooperativen und dem kompetitiven Lager. Und es sei daran erinnert, daß es die Copyright-Faschisten des kompetitiven Lagers waren, die diese Trennlinie in den letzten fünf Jahren so vermint haben. Ich habe noch immer kein Mitleid.\nDie Linux-Kernelentwickler auch nicht. Sie haben in der Vergangenheit die Treiber-API des Kernels absichtlich binär inkompatibel verändert, um die Wartungskosten für Entwickler proprietärer Kernelmodule unattraktiv hochzuhalten und sie gehen nun dazu über, alle Treiber-Module, für die kein Sourcecode bereitgestellt werden kann, ins Userland zu verbannen.\nWenn man die Entwicklung der letzten Jahre nämlich betrachtet, dann wird eines immer klarer: Es kann keine Koexistenz mit Closed Source geben, sondern nur eine strikte Trennung. Diese Erkenntnis ist nicht neu: Am 27. September 1983, also vor nunmehr 23 Jahren wurde das GNU Projekt gegründet. Es entstand unter anderem, weil jemand Code aus der Allmende genommen und unter seine Käseglocke gestellt hat. Die Funktion der GPL ist es, eine Wiederholung eines solchen Szenarios zu verhindern. Und das - striktes Quid Pro Quo - macht die GPL zu der weitaus erfolgreichsten Lizenz im Open Source Bereich.\n","date":"2006-09-19T00:00:00Z","href":"https://blog.koehntopp.info/2006/09/19/gpl-marktdurchdringung-ist-kein-wert-an-sich.html","tags":["copyright","free software","lizenz","politik","lang_de"],"title":"GPL: Marktdurchdringung ist kein Wert an sich"},{"categories":null,"content":"Auf dem Heise Newsticker heißt es:\nHarald Welte, Mitentwickler des Netfilter-Firewallcodes im Linux-Kernel und Gründer des Projekts gpl-violations , hat vor Gericht einen Erfolg für die GPL erzielt. Wie er in seinem Blog berichtet, entschied das Landgericht Frankfurt am 6.9. im Sinne seiner Klage wegen GPL-Verletzung. Details dazu wollen Welte und sein Anwalt Till Jaeger, Mitbegründer des Instituts für Rechtsfragen der Freien und Open Source Software (ifrOSS ), allerdings erst nach Veröffentlichung des der schriftlichen Urteilsbegründung nennen.\nJörg Möllenkamp sieht dies als Phyrrussieg für die GPL, aber seine Analyse beruht auf einigen Verständnisfehlern.\nIn Von der GPL habe ich die GPL V2 einmal en detail erläutert und in der an den Artikel anschließenden Diskussion einige Dinge klargestellt. Der Kommentar ist wichtig, denn er paßt direkt auf den falschen Gedankengang von Jörg. Hier ist er noch einmal in voller Länge:\nDie GPL ist eine Lizenz. Sie gibt einem Rechte, sie nimmt einem keine Rechte.\nWenn die GPL nicht gälte (also Harald Welte den Prozeß verloren hätte), dann säßen alle Hersteller dieser netten kleinen embedded Systeme ohne Lizenz da und müßten sich an jeden einzelnen Autoren der Komponenten ihres embedded Linux Systems einzeln wenden, um sich eine Nutzungslizenz zu holen.\nDas ist ein Szenario, daß sich die Hersteller dieser Systeme keinesfalls wünschen können, denn während die GPL einem automatisch Rechte gibt, sobald man die Bedingungen erfüllt, ist dies bei manuellen Einzelverhandlungen nicht so: Ein Autor kann individuelle Rechte \u0026ldquo;einfach so\u0026rdquo; verweigern, wenn ihm danach ist. Es ist also eine Gute Sache Für Alle (tm), daß Harald Welte gewonnen hat und die GPL eine in Deutschland funktionsfähige und durchsetzbare Lizenz ist.\nDie GPL ist eine Lizenz des kooperativen Lagers . Wie jede andere Lizenz muß man sie erwerben, man bekommt sie nicht einfach so. Lizenzen kompetetiver Spieler bekommt man entweder gar nicht (weil die Lizenz nicht verkäuflich ist), oder man muß sie für Geld kaufen. Lizenzen nach der GPL bekommt man, indem man die Spielregeln des kooperativen Lagers anerkennt und sie befolgt. Indem man sie nicht verfolgt, verliert man in dem Moment, in dem man dies tut, die durch die Lizenz zugesicherten Nutzungsrechte.\nSobald man mit den Bedingungen der GPL wieder konform ist, hat man alle durch die GPL zugesicherten Rechte wieder. Das ist furchtbar nett. Die meisten kompetetiven Spieler gehen mit Lizenzverstößen weniger nachsichtig um. Man stelle sich einmal vor, ein Hersteller von embedded Rechnern hätte widerrechtlich ganz oder in Teilen Code von Microsoft in seinem Produkt genutzt. Wie wäre die Reaktion wohl ausgefallen?\nJörg schreibt , die GPL sei viral. Das klingt so, als könne man sich an ihr anstecken. Das ist Unsinn. Entweder entscheidet man sich in einem Projekt, Code zu verwenden der unter der GPL steht oder man läßt es sein. Aller Code, der unter der GPL steht, ist klar als solcher erkennbar: Er muß mit einer Kopie der GPL zusammen verbreitet werden, und diese Datei heißt LICENSE.\nEntweder nimmt man fremden Code in seinem Projekt auf - dann muß man eine Lizenz erwerben, die einem diese Nutzung fremden Codes in seinem Projekt erlaubt. Oder man tut es nicht. Oder man integriert fremden Code \u0026ldquo;aus Versehen\u0026rdquo; in seinem Projekt. Dann sollte man die Softwareentwicklung aufgeben, weil man seine Codebasis nicht mehr unter Kontrolle hat und genauso leicht etwa richtiger Schadcode \u0026ldquo;aus Versehen\u0026rdquo; Bestandteil des Projektes werden könnte.\nSelbst wenn man \u0026ldquo;aus Versehen\u0026rdquo; GPL-Code in seinem eigenen Projekt integriert, kann man durch die GPL keine Eigentumsrechte an seinem eigenen geistigen Eigentum verlieren: Das Recht, den GPL-Code zu nutzen erlischt, solange man mit den Bedingungen der GPL nicht konform geht. Man kann also in aller Ruhe den GPL-Code aus seinem Projekt entfernen und das Produkt, das nun komplett aus eigener geistiger Leistung besteht, weiter vertreiben. Die GPL zwingt niemanden dazu, seine eigenen Eigentumsrechte aufzugeben.\nDie GPL zwingt nur zu einer einzigen Sache.\nSie zwingt einen dazu, sich zu entscheiden zwischen dem kompetetiven und dem kooperativen Lager, und sie zwingt die Spieler im kooperativen Lager, die Regeln der Kooperation einzuhalten.\nDie GPL hält die Spieler im kooperativen Lagen ehrlich und fair. Damit macht sie eine dauerhafte Kooperation überhaupt erst möglich. Sie benutzt dazu das Urheberrecht, eigentlich ein Instrument des kompetetiven Lagers. Ohne dies könnte die GPL nicht existieren, denn sie wäre nicht durchsetzbar. Das macht die GPL zu einem faszinierend einfachen und scheinbar widersprüchlichem Konstrukt: Gäbe es das kompetetive Lager nicht, wäre das Urheberrecht obsolet und mit dem Erlöschen der Notwendigkeit für die GPL als Schutzmechanismus für die Code-Allmende gegen das kompetetive Lager löst sie sich dann auch sofort Rückstandsfrei auf.\nDie GPL vermeidet durch das Erzwingen des Quid Pro Quo den Konstruktionsfehler, den Lizenzen wie etwa die BSD Lizenz haben. Dort kommt es immer wieder vor, daß Firmen Quelltext nehmen, geringfügig verbessern und zur Grundlage ihres Geschäftsbetriebes machen, ohne ihre eigene Leistung der Gemeinschaft wieder zur Verfügung zu stellen, auf deren Vorleistungen sie ihren Betrieb gründen. Die GPL ist im Gegensatz zu solchen Lizenzen nachhaltig (im Sinne einer \u0026ldquo;Strategie, die sich langfristig aufrecht erhalten lässt\u0026rdquo;.) konstruiert.\nIch schrieb schon damals :\nProbleme gibt es immer nur dann, wenn Mitglieder der kompetetiven Sphäre meinen, sie könnten die Regeln der kooperativen Sphäre ignorieren, weil die kooperativen Wertschöpfer untereinander das tun. Die Kompetetiven bekommen dann nach den Regeln, die sie selbst geschaffen haben, auf die Finger. Müssen sie, damit die kooperative Allmende erhalten werden kann. Das ist ja genau der Grund, warum die Fackelträger der Kompetetiven versuchen, kooperative Lizenzen mit Schutzmechanismen wie die GPL als \u0026ldquo;viral\u0026rdquo;, \u0026ldquo;böse\u0026rdquo;, \u0026ldquo;illegal\u0026rdquo; oder sonstwie \u0026ldquo;ganz schlimm\u0026rdquo; darzustellen, allen voran Microsoft und die von Microsoft bezahlten Astroturfer. Lizenzen mit Schutzmechanismen schaffen einen geschützten Bereich, in dem kooperatives Verhalten möglich ist und unter anderem durch niedrige Transaktionskosten belohnt wird. Sie bestrafen Leute, die die Kooperation verletzten, indem sie ihnen die viel höheren Transaktionskosten des kompetetiven Bereichs auferlegen (\u0026ldquo;Zieh erst mal Deine Lizenzen gerade.\u0026rdquo;) und sie von der Nutzung der freien, aber nicht kostenlosen kooperativen Werte ausschließen (Der zu zahlende Preis ist die Einhaltung der Regeln der Kooperation).\nDas ist das, was Harald Welte hier tut, und er hat zumindest meine uneingeschränkte ideologische Unterstützung (und mein Geld, wenn er es braucht): Er fordert die Bezahlung der Lizenzen ein, und hält so den Deal am Leben. Das ist wichtig, ja sogar zentral.\n","date":"2006-09-10T00:00:00Z","href":"https://blog.koehntopp.info/2006/09/10/gpl-in-deutschland-vor-gericht-durchgesetzt.html","tags":["copyright","free software","lizenz","politik","lang_de"],"title":"GPL in Deutschland vor Gericht durchgesetzt"},{"categories":null,"content":" Rückkühler, 2x3m (6 qm) Kupferkühlfläche pro Seite\n[ Dieser Artikel hätte vor zwei Wochen fertiggestellt werden sollen, auf dem Höhepunkt der Hitzewelle, aber ich war zu schlapp zum Schreiben. \u0026ndash; kris ]\n\u0026ldquo;1.21 Gigawatt? Tom Edison, wie erzeugt man so viel Strom?\u0026rdquo; \u0026ndash; Dr. Emmett Brown\nEin Rechenzentrum ist im Wesentlichen eine große isolierte Kiste, deren Türen die meiste Zeit geschlossen gehalten werden. In das Rechenzentrum herein führen - da kommen die meisten Leute von selber drauf - Stromkabel und Netzwerkkabel. Ins Rechenzentrum herein führen außerdem - und das unterschätzen die meisten Leute - auch Wasserleitungen. Diese pumpen kaltes Wasser in die Wärmetauscher der Klimaanlage und lassen das warme Wasser wieder herausfließen.\nAlso, wie viel Energie brät so ein Rechenzentrum denn so weg?\nPlatz im Rechenzentrum wird in HE, Höheneinheiten von 19-Zoll-Schränken, abgerechnet. Ein Schrank hat Platz für 40-42 HE. Ein IBM Bladecenter Chassis faucht hinten aus seinen beiden Radiallüftern 3000-3500 Watt raus, wenn es voll bestückt ist. Es belegt 7 HE. Machte man den Schrank mit 5 oder 6 von diesen Dingern randvoll, würden in diesem Schrank zwischen 15000 und 21000 Watt rausgeblasen werden. In einem kleinen RZ mit 30 Schränken sind das um die 500 kW.\nWie viel Energie ist das?\nKilowatt sind nur neumodische Worte für PS. Ein Kilowatt sind 1.36 altbekannte Pferdestärken. 15 kW sind also 20 PS, in etwa ein Renault 4 , und 21 kW sind 28 PS - mit dieser Leistung flog Louis Blériot im Jahre 1909 über den Ärmelkanal. 500 kW sind 680 PS. Das ist die Leistung des Motors einer ME 109 , oder etwa halb so viel wie der Motor eines Leopard 2 oder 2/3 der Leistung eines Bugatti Veyron .\nDafür bekommt man die Power von ca. 5000 Intel-Prozessoren bei 3 GHz, und etwa 5 Terabyte RAM, aber man hat noch keine Platten irgendwo in Betrieb genommen.\nDas alles muss man nun circa mal drei bis vier nehmen, denn man muss ja die Platten, den Leistungsverlust durch dezentrale Netzteile und die zusätzliche Energie für Kühlung mitrechnen.\nNatürlich stellt man sich nicht alles voll mit Blades - man muss ja auch noch Datenbanken, Fileserver, Ciscos und anderes Zeugs haben, also hat man am Ende nicht einen Raum mit 30 Schränken, sondern drei Räume mit 90 Schränken voll Hardware. Aber man arbeitet mit so knapp an die 2 Megawatt, oder zwei Schiffsdieseln mit 1250 PS pro Stück.\nDies ist ein Schrauben- kompressor, wie er in jedem Kühlschrank seinen Dienst tut. Dieser Kompressor hier wiegt 6 Tonnen und schafft 700 kW weg.\nDas klingt nach einer ganzen Menge Power, ist aber tatsächlich relativ klein so im Vergleich.\nGoogle zum Beispiel zieht jetzt an einen Staudamm in Oregon . Die Aluminiumhütte dort hat zugemacht und die 1.8 Gigawatt aus dem Damm am Columbia River kommen Google gerade recht. Zumal man das Wasser aus dem Damm dann auch gleich zur Kühlung nutzen kann und es in Oregon meist nicht so warm ist. Google muss das, denn sonst wird Blogger dunkel .\nAuch andere Internet Firmen verfolgen dieselbe Strategie . Das alles ist ein ernstes Problem . Man kann sich jetzt auf seinen Status als offizieller Sun Fanboy zurückziehen und sagen \u0026ldquo;Mit Sun Servern wäre das nicht passiert\u0026rdquo;, aber das geht am Kern des Problems vorbei. Denn dann hätte man mehr Server, aber genau denselben Leistungshunger.\nWie sieht das in Deutschland aus? Wir sind ja ein ordentliches Land und nicht so drittweltig wie die USA, wo schon mal 14 Tage lang der Strom in einer Großstadt wegbleiben kann. Aber auch bei uns passiert dasselbe .\nFür ein Rechenzentrum ist der Ausfall der Klimaanlage ein schneller Tod. Wenn die Rückkühler, die die Abwärme des Rechenzentrums in die Umgebung ableiten sollen, beschädigt oder blockiert sind, dann bleiben je nach Systemkonstruktion noch 20-30 Minuten, bis die Zulufttemperatur der Geräte die magische 35 °C Schwelle überschreitet. Der Betreiber hat dann die Wahl zwischen Abschalten und Hitzetod.\nIm Rechenzentrum sieht das inzwischen nicht viel anders aus. Damit man auf kleinem Raum überhaupt so viel Abwärme generieren kann, muss man seine Luftströme im Rechenzentrum sorgfältig organisieren. Einen ganzen Raum zu kühlen und die Server dann da einfach reinzustellen funktioniert schon bei relativ kleinen Abwärmemengen nicht mehr.\nStattdessen bläst man kalte Luft in den Unterboden und drückt diese in der Mitte einer Rackreihe hoch. Die kalte Luft muss durch die Racks hindurch, um in den Abwärmegang zu gelangen, wo sie abgesaugt und wieder gekühlt wird - Kaltgang - Warmgang ist der Suchbegriff für Google. Entscheidend ist jedenfalls die getrennte Führung von kalter und warmer Luft durch das gesamte Rechenzentrum. Das Paper Keeping Your Data Center Cool: There Is Another Way (PDF) von IBM gibt einen netten Überblick über \u0026ldquo;Cold Aisle, Warm Isle\u0026rdquo;, über das Problem des Abluftkurzschlusses und das Problem des Wärmestaus unter der Decke. IBM bewirbt in dem Paper Rear Door Heat Exchangers, also Abluftkühler in Racktüren. Aber selbst wenn man deren Produkt nicht will, ist das Papier eine nette Sammlung von typischen Kühlungsproblemen, die man mit ein wenig Aerodynamik und geordneter Luftführung in den auch passiv Griff bekommen kann.\nWenn Ihr das nächste Mal also Google benutzt, oder Yahoo, oder web.de, dann denkt mal an Euren Klimatechniker und was der damit zu tun hat, daß das Internet noch funktioniert.\n","date":"2006-08-07T00:00:00Z","href":"https://blog.koehntopp.info/2006/08/07/the-heat-is-on.html","tags":["computer","data center","lang_de"],"title":"The Heat Is On"},{"categories":null,"content":" Choose any font you like\nSeit MySQL 4.1 existiert in MySQL Support für Zeichensätze und Sortierreihenfolgen. Das bedeutet im Wesentlichen, daß an jedem CHAR, VARCHAR und TEXT in der Datenbank und an jeder Stringkonstante dranklebt, in welcher Codierung der String vorliegt und mit welcher Sortierreihenfolge der String beim Sortieren und Vergleichen zu behandeln ist.\nVokabeln Aber zuerst einmal ein bischen Vokabular:\nEin Zeichensatz ist eine Sammlung von Symbolen, die verwendet werden dürfen. Zeichen in einem Zeichensatz haben Namen wie \u0026ldquo;Copyright Symbol\u0026rdquo; oder \u0026ldquo;Lowercase O-Umlaut\u0026rdquo;.\nEine Codierung ist eine Definition, in welcher Bytefolge ein Symbol zu codieren ist. In Latin1-Codierung zum Beispiel ist ein Lowercase O-Umlaut Symbol als 0xF6 codiert, während es in UTF8 als 0xC3B6 codiert wird. In MySQL wird eine Codierung fälschlicherweise als Charset bezeichnet.\nEin Font ist eine Definition, wie ein bestimmtes Symbol auszusehen hat. Ein Lowercase O-Umlaut kann zum Beispiel als ö oder als ö dargestellt werden.\nEine Collation definiert eine Vergleichsfunktion für einen Zeichensatz. Eine binäre Collation definiert die Vergleichsfunktion für zwei Zeichen über die Binärwerte ihrer Codierung, sortiert die Umlaute und andere Sonderzeichen also ziemlich durcheinander und recht willkürlich weit oberhalb der normalen Zeichen. Die Default-Collations für alle Zeichensätze in MySQL sind \u0026ldquo;CI\u0026rdquo; (case-insensitive) - das ist ungewöhnlich für SQL und unterscheidet MySQL von fast allen anderen SQL-Produkten. Zum Glück ist das nur ein Default und kann leicht geändert werden.\nZeichensätze, Collations und Bytelängen Um einen Überblick zu bekommen, welche Zeichensätze und Codierungen vom Server unterstützt werden, kann man das Kommando SHOW CHARSET verwenden. Es listet für jeden Zeichensatz den Namen, eine kurze Beschreibung, die mit dem Zeichensatz assoziierte Standard-Collation und die Bytelänge des Zeichensatzes auf.\nDie Bytelänge des Zeichensatzes kommt zum Tragen, wenn man eine Spalte vom Typ CHAR definiert: Der tatsächliche Speicherplatz eines CHAR(20) ist also 20 mal die Bytelänge des Zeichensatzes: Ein Latin1-CHAR(20) belegt also 20 Byte, ein UTF8-CHAR(20) belegt 60 Byte.\nDie Bytelänge des Zeichensatzes kommt auch zum Tragen bei Indices: Während ein UTF8-VARCHAR(20) also zwischen 2 und 61 Byte belegen kann (ein Längenbyte plus die tatsächliche Länge des Strings) und normale ASCII-Zeichen in UTF8 nur ein Byte belegen, werden in Index-Records auf UTF8-Spalten Bytes wie in CHAR-Spalten belegt. Ein Index auf eine UTF88-VARCHAR(20) Spalte belegt also 60 Byte plus Row Pointer (6 Byte in MyISAM per Default) pro Zeile in der Tabelle.\nZeichensätze und Collations werden per Spalte festgelegt - man kann auf Serverebene, auf Schema (Datenbank) -Ebene und auf Tabellenebene Defaults festlegen, die nach unten weitervererbt werden, aber zum Tragen kommen die Definitionen nur an tatsächlichen Spalten. Es ist also nützlich, den Server, Datenbanken und Tabellen immer mit Latin1 oder einem anderen Einbyte-Zeichensatz zu definieren und nur für die Spalten, die tatsächlich UTF8 benötigen die platzfressende UTF8-Codierung zu verlangen.\nCollations (Sortierreihenfolgen) sind an einen Zeichensatz gebunden. Es ist also nicht möglich, eine Collation latin1_german1_ci im Zusammenhang mit einem UTF8-Zeichensatz zu verwenden. Das Kommando SHOW COLLATION listet die verfügbaren Collations auf. Da das sehr viele Collations sind, verwendet man sinnvollerweise den Zeichensatz als Einschränkung: SHOW COLLATION LIKE \u0026ldquo;latin1%\u0026rdquo; listet also die mit der Codierung latin1 kompatiblen Collations auf.\nEine Collation hat eine Sortlen. Collations mit einer Sortlen von 0 sind nicht im Server compiliert, sondern mit einer externen Lookup-Table definiert. Sie können geändert oder sogar neu definiert werden ohne daß man den Server neu compilieren muß. Ich habe an anderer Stelle ein Beispiel dafür gegeben.\nZeichensatz der Connection Wenn man mit dem Server redet, gibt es eine Reihe von Variablen, die festlegen, in welchem Zeichensatz (und mit welcher Collation) der Server arbeitet, wenn man mit ihm redet. Das Kommando SHOW VARIABLES LIKE \u0026ldquo;character_set_%\u0026rdquo; listet diese Variablen und ihre Werte auf.\nWenn man den MySQL-Kommandozeilenclient verwendet, um ein Statement zu erstellen, dann kann man dort Umlaute als Teil des Statements eingeben - möglicherweise sind sie auch Bestandteil eines SQL-Scriptes, das in den Client eingelesen werden soll. Es ist erst einmal wichtig herauszufinden, welche Codierung der Client denn überhaupt verwendet.\nDazu kann man ein Statement wie\nlinux:~ # od -t x1a ö 0000000 c3 b6 0a C 6 nl linux:~ # mysql ... root@localhost [(none)]\u0026gt; select hex(\u0026#34;ö\u0026#34;); +-----------+ | hex(\u0026#34;ö\u0026#34;) | +-----------+ | C3B6 | +-----------+ 1 row in set (0.00 sec) verwenden. Dieser Client verwendet offensichtlich einen Mehrbyte-Zeichensatz - hier UTF8 - um Umlaute zu codieren. In meinem Fall - ich verwende KDE konsole - kann ich das leicht ändern: Indem ich in Settings -\u0026gt; Encoding auf latin1 umstelle, bekomme ich\nlinux:~ # od -t x1a ö 0000000 f6 0a v nl linux:~ # mysql-3340 ... root@localhost [(none)]\u0026gt; select hex(\u0026#34;ö\u0026#34;); +----------+ | hex(\u0026#34;ö\u0026#34;) | +----------+ | F6 | +----------+ 1 row in set (0.00 sec) Ich muß dem Server jetzt mitteilen, in welchem Zeichensatz meine Statements sein werden: Die Variable character_set_client legt dies fest. Der Server muß außerdem wissen, in welchem Zeichensatz meine Stringkonstanten sind: Dies legt character_set_connection fest - wenn dies nicht ausdrücklich an einer Konstante dran steht, indem sie etwa als _latin1 \u0026ldquo;ö\u0026rdquo; geschrieben wird..\nDie Query wird dann ausgeführt, und das Ergebnis in character_set_results umgewandelt, bevor es an den Client zurück gesendet wird.\nMan kann diese Variablen einzeln setzen, aber es ist bequemer, sie alle drei auf einmal zu setzen. Dies geschieht mit SET NAMES utf8 oder SET NAMES latin1.\nUm einen bestimmten Zeichensatz zum Default zu machen, setzt man sich in die [client]-Sektion seiner my.cnf eine Definition für den default-character-set:\n[client] default-character-set=latin1 default-collation=latin1_german1_ci Zeichensatz an Datenbank, Tabelle und Spalte Server, Datenbanken und Tabellen haben Default-Zeichensätze und Collations. Die Default-Einstellungen bewirken nichts, außer das sie festlegen, welche Zeichensätze und Collations CHAR, VARCHAR und TEXT Spalten haben werden, für die nicht ausrücklich etwas festgelegt wird. Wer vernünftig ist, setzt als Default-Wert immer einen Einbyte-Zeichensatz und verwendet Mehrbyte-Zeichensätze so sparsam wie irgend möglich.\nEiner Datenbank kann beim Anlegen mit \u0026ldquo;CREATE DATABASE\u0026rdquo; ein Zeichensatz und eine Collation mitgegeben werden.\nroot@localhost [(none)]\u0026gt; create database demo charset latin1 collate latin1_german1_ci; Query OK, 1 row affected (0.37 sec) MySQL hinterlegt diese Informationen in der db.opt-Datei im Verzeichnis der Datenbank.\nlinux:~ # cat /export/data/rootforum/data/demo/db.opt default-character-set=latin1 default-collation=latin1_german1_ci Die Daten können mit dem passenden ALTER DATABASE Kommando geändert werden.\nAuch für Tabellen können so Default festgelegt werden, die vom Default der Datenbank abweichen:\nroot@localhost [demo]\u0026gt; create table t ( id integer not null, d varchar(20) charset latin1 not null, e varchar(20) charset utf8 not null ) charset cp1250; Query OK, 0 rows affected (0.33 sec) root@localhost [demo]\u0026gt; show create table t\\G Table: t Create Table: CREATE TABLE `t` ( `id` int(11) NOT NULL, `d` varchar(20) character set latin1 NOT NULL, `e` varchar(20) character set utf8 NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=cp1250 1 row in set (0.00 sec) Dieses Beispiel definiert in unserer latin1-Datenbank demo eine Tabelle mit einer cp1250 Codierung und in dieser eine latin1 und eine utf8-Spalte.\nMit unserer utf8-Konsole können wir dort jetzt Umlaute einfüllen, und sie zum Test auch wieder auslesen.\nroot@localhost [demo]\u0026gt; select hex(\u0026#34;ö\u0026#34;); -- utf8 wird verwendet +-----------+ | hex(\u0026#34;ö\u0026#34;) | +-----------+ | C3B6 | +-----------+ 1 row in set (0.01 sec) root@localhost [demo]\u0026gt; set names utf8; Query OK, 0 rows affected (0.00 sec) root@localhost [demo]\u0026gt; insert into t ( id, d, e ) values ( 1, \u0026#34;ö\u0026#34;, \u0026#34;ö\u0026#34; ); Query OK, 1 row affected (0.00 sec) root@localhost [demo]\u0026gt; select d, hex(d), e, hex(e) from t; +----+--------+----+--------+ | d | hex(d) | e | hex(e) | +----+--------+----+--------+ | ö | F6 | ö | C3B6 | +----+--------+----+--------+ 1 row in set (0.00 sec) Man kann hier sehr schön sehen, daß der utf8-Umlaut in latin1 gewandelt worden ist, bevor er in d eingefügt worden ist, während er in e ohne Konvertierung gespeichert werden konnte. Die Verbindung ist auf utf8 gestellt, aber dennoch werden d und e im select korrekt angezeigt, weil der Inhalt von d bei der Ausgabe wieder von latin1 in utf8 gewandelt wird.\nDatenimport Beim Import von Daten in ein MySQL in Form eines Dumpfiles ist es also wichtig, erst einmal den Zeichensatz des Dumpfiles korrekt festzustellen. \u0026ldquo;od -t x1a\u0026rdquo; auf ein paar Umlaute im Dumpfile hilft dabei sehr. Der Dump muß dann mit einem SET NAMES-Statement beginnen, das zu diesem Zeichensatz paßt.\nDie Tabellendefinitionen im Zielsystem können vom Zeichensatz her so aufgesetzt sein, wie sie wollen, solange die Zeichen aus dem Dump im Zeichensatz der Zielspalten darstellbar ist. MySQL wird die Zeichen dann beim Import so hin- und her konvertieren wie es notwendig ist.\nAnders herum hilft es auch genau gar nicht, die Zeichensatzdefinitionen von Spalten im Dump zu verändern, um vermeintliche Fehler zu korrigieren. Es ist lediglich ausschlaggebend, daß der Zeichensatz im Dump und das SET NAMES korrekt übereinstimmen.\n","date":"2006-08-06T00:00:00Z","href":"https://blog.koehntopp.info/2006/08/06/zeichensatzaerger.html","tags":["mysql","lang_de"],"title":"Zeichensatzärger"},{"categories":null,"content":"Okay, weil es so schön war, hier gleich noch mehr Bazillenprosa von Greg Bear, denn das Thema hat es ihm schon seit langer Zeit angetan. In Blutmusik erschafft ein verrückter Wissenschaftler einen bazillenbasierten Hivemind/Supercomputer, der nicht nur alle Zellen auf diesem Planeten in seine tumorhafte Superstruktur integriert, sondern dabei die derzeit auf dieser Wetware laufenden Programme assimiliert, illegal kopiert und in einer Reihe von Was-Wäre-Wenn Matrix-Szenarien laufen läßt. Las sich damals, weit vor Matrix und Bear\u0026rsquo;s Selbstkopie recht flott und amüsant. Da hat er sich aber auch mehr um die Handlung gekümmert als um den wissenschaftlichen Unterbau.\nBloodmusic Ebenso wie Vitals und Blutmusik spielt \u0026ldquo;Darwin\u0026rsquo;s Radio\u0026rdquo; im Reich der Bazillen und Retroviren. Dieses Mal werden also durch umwelt- und lebensstilbedingte Einflüsse Streßhormone ausgeschüttet, die in der DNS von Menschen enthaltene Fragmente von Retroviren aktivieren, die wiederum die Menschen lustig mutieren lassen. Es entsteht eine neue, buntere, weniger aggressivere, besser kommunizieren könnende Unterart des Menschen, die einmal den Homo sapiens sapiens ablösen wird. Bis dahin kommt es aber zu Umsturz, Regierungskrise, Familiendrama und so weiter.\nDarwin\u0026rsquo;s Radio Zwölf bis achtzehn Jahre später geht den Regierungen der Welt - insbesondere der sehr realistisch dargestellten US-Regierung immer noch der Arsch auf Grundeis, wenn sie mit dem Homo Novis zu tun haben, und so transponiert Greg Bear die Bush-Regierung, Guantanamo, Halliburton, New Orleans-Style Katastrophenmanagement und andere aktuelle politische Erscheinungen in seine Homo Novis-Welt. Das wird dann streckenweise so realistisch, daß man erst mal was anderes lesen will. Und auch was mit weniger Hard-SciFi.\nDarwin\u0026rsquo;s Children ","date":"2006-08-03T00:00:00Z","href":"https://blog.koehntopp.info/2006/08/03/fertig-gelesen-greg-s-bazillenprosa.html","tags":["book","media","review","lang_de"],"title":"Fertig gelesen: Greg's Bazillenprosa"},{"categories":null,"content":" Besser schreiben für nur 8 EUR.\nIrgendwann 1992 hatte ich eine Mailbox auf der Basis von SCO Xenix bei mir im Haus, und fing an, Gateways in Netze zu betreiben, die nicht auf der Grundlage von USENET funktionierten. Über mein lokales Fido-Gateway kam CT.GER auf meine Kiste, und ich wurde Zeuge einer wirklich schlechten Betriebssystem-Diskussion. Wie auch immer, jedenfalls fühlte ich mich bemüßigt, da einzugreifen und mal ein paar grundlegende Sachen zu erklären.\nKurze Zeit später rief jemand von der c\u0026rsquo;t an und fragte mich, ob sie das wohl drucken könnten. Meine Antwort war: \u0026ldquo;Nein, aber wenn Ihr mir sagt, was Ihr haben wollt, dann schreibe ich Euch das gerne als Artikel auf.\u0026rdquo;\nNun ist Schreiben für eine Zeitung was anderes als Schreiben für das Netz, also habe ich eine Anleitung für gutes Schreiben gesucht. Schneiders Deutsch für Profis - Wege zu gutem Stil ist spottbillig, nicht zu dick und erklärt alles Wichtige nach der Rechtschreibung.\nEine meiner sinnvollsten Investitionen - ever.\n","date":"2006-07-30T00:00:00Z","href":"https://blog.koehntopp.info/2006/07/30/fertig-gelesen-deutsch-fuer-profis.html","tags":["blog","review","lang_de"],"title":"Fertig gelesen: Deutsch für Profis - Wege zu gutem Stil"},{"categories":null,"content":"Jäger ( Vitals ): Eine Geschichte über russische Puppen: Bakterien, die in Bakterien leben, und Bakterien, die das Verhalten der Lebewesen, die sie bewohnen von innen heraus steuern. Aber auch Verschwörungen in Verschwörungen und Menschen, die das Verhalten von anderen Menschen von innen heraus steuern.\nIn der Anlage der Story folgt Greg Bear den Ideen von Philipp K. Dick: Er beschreibt die Realität aus der Sicht seiner Helden, und wie sich diese Realität unter der Beeinflussung verändert, er beschreibt der Verlust von Fixpunkten, und sich daraus ergebende Orientierungslosigkeit. Wie bei PKD gibt es kein Happy End, sondern am Ende einen vollständigen Verlust des Kontaktes mit der Wirklichkeit, und die Frage, ob es so etwas wie Wirklichkeit überhaupt gibt.\nNur daß Greg Bear zwar recht gut, aber kein PKD und Vitals nicht sein bestes Buch ist. Und so bleibt am Ende der Wunsch nach kleineren Plotholes, und einem schlüssigeren Ende.\n","date":"2006-07-30T00:00:00Z","href":"https://blog.koehntopp.info/2006/07/30/greg-bear-vitals.html","tags":["book","media","review","lang_de"],"title":"Fertig gelesen: Greg Bear: Vitals"},{"categories":null,"content":" GPL V3 (2nd draft) (Changes highlighted)\nIn Von der GPL und den daran hängenden Kommentaren habe ich einmal versucht, die GPL V2 zu erläutern, und was sie genau bewirkt. Der zweite Draft der GPL V3 ist nun veröffentlicht.\nMan kann ihn sich im Wiki ansehen oder sich das PDF mit den markierten Changes zum ersten Draft herunterladen.\nEine Lizenz zu schreiben ist ein hartes Stück Arbeit. Die GPL hat es sich zum Ziel gesetzt, nicht nur juristisch wasserdicht zu sein, sondern den Sachverhalt dennoch so allgemeinverständlich als möglich auszudrücken, und dabei nur so lang wie notwendig zu sein. Was das bedeutet, kann man sehr schön sehen, wenn man sich die Änderungen im 2nd draft auch einmal unter einem stilistischen Aspekt durchsieht.\nAls PDF hat die GPL V3 (ein Stück Gesellschaftsvertrag, und die Grundlage der Zusammenarbeit des kooperativen Lagers ) nur 17 Seiten. Damit ist sie fast 30 mal kleiner als die gescheiterte EU-Verfassung.\nEs gibt viele gute Gründe, das Ding jetzt durchzulesen und zu versuchen, es zu verstehen. Ihr werdet alle in dem Umfeld arbeiten, daß hier definiert wird.\n","date":"2006-07-30T00:00:00Z","href":"https://blog.koehntopp.info/2006/07/30/gpl-v3-2nd-draft.html","tags":["free software","lizenz","politik","lang_de"],"title":"GPL V3 (2nd draft)"},{"categories":null,"content":" Scaling Patterns\nIn 2004 habe ich auf dem Linuxtag einen kleinen Vortrag zum Thema Skalierbarkeit gehalten. Schon damals war die Message an verschiedenen Stellen im Vortrag \u0026ldquo;Jedes Readproblem ist ein Caching-Problem, jedes Schreibproblem ist ein Verteilungs- und Batchproblem\u0026rdquo;:\nZum Skalieren muß man seine Anwendung in Teilanwendungen unterteilen und die Daten replizieren. Die Replikation muß asynchron erfolgen, ohne Two Phase Commit (2PC), sonst gewinnt man wenig bis nichts. Schreibzugriffe müssen verzögert und gebatched werden, damit sie effizienter abgewickelt werden können. Um weitere Flaschenhälse zu vermeiden, muß man die Datenhaltung in die Teilanwendungen dezentralisieren und eine zentrale Datenbank vermeiden.\nDas läuft natürlich allem zuwieder, was man von seinem Datenbankprofessor an der Uni gelernt hat: Es ist unsicher, man arbeitet mit falschen oder veralteten Daten und man weiß nicht immer, ob alles auch so geklappt hat, wie man sich das vorstellt.\nEs hat aber einen wichtigen Vorteil: Es funktioniert. Und es skaliert.\nServices Bei Amazon klingt das so:\nOne way that we\u0026rsquo;ve made this much easier for ourselves here at Amazon is that internally we are a services-oriented architecture, and I don\u0026rsquo;t mean that in terms of the buzzword of the last five years. We\u0026rsquo;ve been this long before that word became public. What I mean by that is that within Amazon, all small pieces of business functionality are run as a separate service.\nFor example, this availability of a particular item is a service that is a piece of software running somewhere that encapsulates data, that manages that data. And when, for example, we hit the gateway page of Amazon, it will go out to somewhere between 100 and 150 different services to construct this page for you.\nThat means that we\u0026rsquo;ve localized the notion of availability and consistency towards each service because each service is responsible for its data encapsulation. And then, depending on what kind of service it is and what kind of consistency guarantees they require, you use different technologies. But it must be absolutely clear I think to everyone that we\u0026rsquo;re not using two phase commit to update distributed resources all over the world.\nNicht anders viel anders web.de: Das, was der Anwender sieht, wenn er sich an web.de connected, sieht mehr oder weniger aus wie eine große Anwendung. Intern besteht seit einigen Jahren es aus ca. 150 verschiedenen Diensten, die untereinander durch eine Middleware-Layer miteinander kommunizieren. Das führt zum Teil zu ziemlich skurrilen (nach traditionellen OSS-Maßstäben) Konstruktionen.\nDer Eingangsmailer von web.de war zum Beispiel einmal irgendwann ein Exim3. Er ist es schon lange nicht mehr, denn irgendjemand hat ihn mit Mico, einem Corba-Layer, verheiratet. Der Mailer besteht also effektiv nicht mehr aus einer Maschine. Stattdessen hängt über das Netz nach hinten raus ein Sack voll Middleware mit drin.\nWenn jetzt eine Mail eingeht, dann muß der Mailer eine ganze Menge Dinge erfragen:\nEr muß einen Userservice fragen, ob der Kunde existiert und ob es ein zahlender Kunde ist. Er muß den Quotaservice/Benutzerprofilservice fragen, ob der Kunde noch Mail empfangen kann, und welche Präferenzen für den Mailempfang gesetzt sind. Er muß den Virenfilterservice fragen, ob die Nachricht gefahrlos empfangen kann. Er muß den IP Blacklisten-Service fragen, ob Mail von dieser IP angenommen werden kann. Er muß den Spamfilter-Service fragen, ob die Mail verdächtig ist. Er muß die Storage-Layer fragen, welche Storage Locations für die Mail in Frage kommen. Diamantenmuster Alle diese Dinge sind nicht Bestandteil des Mailers. Der Mailer baut stattdessen Netzwerkverbindungen zu Middleware-Diensten auf, die diese Dinge unabhängig vom Mailer verwalten, und die dem Mailer und anderen Frontend-Diensten diese Informationen liefern können. Die Middleware-Dienste existieren außerdem nicht nur in einer Instanz, sondern der Mailer spricht tatsächlich einen Loadbalancer an, der die Anfrage dann an eine bestimmte Instanz dieses Dienstes weiter leitet.\nEs entsteht also eine Art Diamanten-Architektur: Mail geht auf ein Loadbalancer-Päärchen und wird von diesem auf gut drei Dutzend Instanzen des Mailers verteilt. Alle diese Mailer gehen mit ihren Middleware-Anfragen auf ein Loadbalancer-Päärchen, und werden von diesen auf einen Haufen Middleware-Instanzen verteilt. Die Middlewares gehen auf einen Connectionpool und werden von diesem auf einige Datenbank-Kopien verteilt.\nDieses Muster (Auffächern, Konzentrieren, Auffächern, Konzentrieren, \u0026hellip;) erlaubt es, auf jeder Ebene der Architektur Ausfälle hinzunehmen ohne daß dies die Funktionalität des Gesamtsystems beeinträchtigt. Es erlaubt auch, Lastprobleme auf Operatingebene abzufangen ohne damit höhere IT-Funktionen oder gar die Entwicklung zu behelligen: Bei Überlast auf einer Ebene kann das Operating dort einfach ein paar Server nachwerfen (lassen) und gut ist. \u0026ldquo;Wir sind Papst? Diana ist gegen die Tunnelwand gebollert? Kein Problem. Mach mal ein paar Blades für das Newsportal klar.\u0026rdquo;\nKomplexität Wenn man seine Anwendung auf diese Weise verteilt baut, dann muß man mit ein paar unangenehmen Fakten leben:\nZum Beispiel mit ungenauen oder veralteten Daten.\nWenn ich asynchron repliziere und kein 2PC verwende, dann kann es zum Beispiel sein, daß der Quotaservice mir zu kleine oder zu große Zahlen zurück liefert, weil dieser Benutzer gerade irgendwo anders eine Mail empfängt oder Mails gelöscht hat, diese Änderung aber ohne Locking und 2PC im Quotaservice noch nicht vermerkt und die Zahlen im Quotaservice nicht als \u0026ldquo;Im Update befindlich\u0026rdquo; gesperrt worden sind.\nDas ist eine gute Sache: Wir können jedes asynchrone System durch Einfügen von Waits zu einem synchronen System umbauen. Wir machen ein System durch 2PC also genauer, aber viel langsamer.\nMüssen wir das tun? Das hängt von den Anforderungen ab. Ist es wirklich notwendig, daß ein User immer unter seiner Quota bleibt? Die Antwort ist nein. Für den Dienst web.de als Ganzes ist es lediglich notwendig, daß alle User im Mittel unter ihrer Quota bleiben, damit das Storage Management bei seinen Planungen auch genug Platz bereit stellen kann. Es reicht also vollkommen aus, wenn der Quotadienst \u0026ldquo;ungefähr\u0026rdquo; die richtige Antwort gibt.\nDiese Anforderung ist aber viel weicher als die harte Anforderung, denn sie erlaubt es uns, von einem 2PC synchronen Update auf asnychrone Replikation für diese Daten umzusteigen. Wir sparen Waits, und somit Locks, und somit gewinnen wir Skalierbarkeit.\nEin anderes unangenehmes Faktum, mit dem wir leben müssen, ist Asynchronizität auch bei den Calls. Der Mailer soll eine Mail annehmen. Dazu muß er eine Reihe von Diensten, sechs bis zehn Stück, über das Netz befragen. Würde er das in Sequenz tun, könnte jede Anfrage die Informationen der vorhergehenden Stufe mit nutzen. Aber wir würden Round Trip Times, Timeouts und andere Wartezeiten aufeinander türmen und bekämen Zustellzeiten für eine einzelne Mail, die unakzeptabel hoch wären. Aus der Sicht des Mailers sieht das so aus: Anfragen, Warten, Antwort lesen. Anfragen, Warten, Antwort lesen, \u0026hellip;\nHauen wir stattdessen die Anfragen an parallel asynchron raus, kann die ganze Middleware parallel losrödeln und ihre Antworten so schnell als möglich an den Mailer zurück schießen. Der Anfrageprozeß sieht aus der Sicht des Mailers jetzt so aus: Anfragen, Anfragen, \u0026hellip;, Warten, Antwort lesen, Antwort lesen, \u0026hellip; Das ist schneller, und zwar um so schneller, je mehr Dienste befragt werden müssen.\nEs bringt auch ein paar Probleme mit sich: Zwischen einigen Anfragen bestehen Abhängigkeiten. Zum Beispiel würde der Storageservice eine andere Location für die Mail zurückliefern, je nachdem ob der Empfänger ein zahlender User ist oder nicht und ob die Mail als Spam erkannt wurde oder nicht. Man kann solche Abhängigkeiten synchronisieren - die Anfrage an die Storage Layer müßte warten bis die Fragen nach dem Userstatus und der Spamizität der Mail geklärt sind.\nAber - wir erinnern uns - Waits sind ja böse, also könnte man auch eine andere Lösung in Betracht ziehen: Statt die Antwort zurück zu liefern bauen wir die Storage Layer so um, daß sie alle Antworten zurückliefert und wählen dann im Mailer die Antwort aus, die in Frage kommt, sobald die anderen Fragen geklärt sind. Dann schreiben wir die Mail an diese Stelle und comitten unsere Entscheidung an den Storageservice zurück - Coolness: Spekulative Execution .\nWir haben jetzt nicht nur 100% Buzzword-Compliance erreicht (\u0026ldquo;Our webmail application is implemented as a distributed service oriented architecture that leverages replicated data, asynchronous remote procedure calls and speculative execution techniques to achieve resilency and scalability at every level of its architecture.\u0026rdquo; \u0026ldquo;Bingo!\u0026rdquo;), sondern wir haben tatsächlich ein System, mit dem wir in Lastregionen vorstoßen können, die man auf eine andere Weise nicht erreichen könnte.\nWas ist der Preis? Komplexität. Exim ist auch ohne Mico im Bauch ein fetter Mailer, und da Corba rein zu löten verdoppelt die Codebasis schätzungsweise mal eben so in der Größe. Wenn man jetzt noch asynchrone Calls verwenden will, anstatt das Corba Standardinterface, dann läuft man außerdem in ziemlich wenig getesteten Code und in eine Reihe von sehr aufregenden Bugs hinein.\nWenn man außerdem mit ungenauen oder veralteten Daten arbeiten muß, dann muß außerdem eine Reihe von Fehlerbedingungen behandeln, die man sonst nicht hätte und die unter Umständen schwer zu erkennen sind. Man stelle sich ein System vor, daß aus ca. 150 Diensten besteht und in dem kein 2PC verwendet wird. Ein Benutzer will jetzt von Freemail-Kunde auf zahlender Kunde upgraden. Das ist eine Transaktion, aber da sie ohne 2PC nicht als solche abgewickelt werden kann, kann es also sein, daß ein Kunde in einem Subsystem schon ein Zahlkunde ist, in einem anderen aber noch nicht. Fragt man in so einem Moment die verschiedenen Subsysteme an, bekommt man inkonsistenten und widersprüchliche Antworten.\nJedes Subsystem, jedes Stück Code, muß diesen Zustand erkennen und geeignet behandeln (Etwa: Warten, und dann ganz von vorne alle Fragen noch mal stellen). Die dabei entstehenden Widersprüche können unter Umständen nicht automatisch aufgelöst werden, und so muß jeder Dienst ein Abstellgleis haben, in dem er fehlgeschlagene Aktionen abstellt, und sie entweder nach einiger Zeit noch mal probiert oder - nach einer angemessenen Anzahl von Fehlversuchen - einem Menschen zum manuellen Debugging vorlegt.\nWill man diese Komplexität? Nein, nicht wenn man nicht muß. Das Problem ist: Ab einer bestimmten Größe muß man, denn dies ist die einzige bewiesene Wachstumsstrategie, die wir kennen, bei der wir bisher nicht an eine obere Grenze gestoßen sind.\nLockern von Anforderungen - Leben mit Fehlern Der Schlüssel zum Wachstum liegt im Lockern der Anforderungen an eine bestimmte Funktionalität der Anwendung: Indem wir bei den Anforderungen asynchron arbeiten und veraltete oder ungebaue Daten zulassen, können wir bei der Implementierung plötzlich sehr viel mehr Abkürzungen nehmen. Wir haben eine Reihe von Grenzfällen ausgeschlossen, und den Vertrag mit den Dienstnehmern von \u0026ldquo;garantiert\u0026rdquo; auf \u0026ldquo;so gut als möglich\u0026rdquo; gelockert. Dadurch haben wir die harten Grenzfälle in unserer Architektur aus dem Dienst heraus im Stack nach oben verschoben, und die Implementierung des Dienstes kann sich auf die Optimierung der häufigen Fälle konzentieren, statt auf die Abwicklung der schwierigen Fälle.\nAber wie wird das Development mit dieser Komplexität fertig? Nun, unsere Entwickler bekommen Hilfe von einer anderen Seite. Weil wir kleine, autonome Dienste mit eigener Datenhaltung bauen, bekommen wir kleine, unabhängig voneinander entwickelbare Dienste mit einer überschaubaren Codebasis, einer klar definierten API und gegenüber ihren Dienstnehmern und Dienstbringern klar definierten Service Level Agreements und Invarianten.\nDas erlaubt es dem Entwicklungsteam, ihren Dienst unabhängig von den anderen Diensten zu entwickeln. Der Vertrag, den sie dabei eingehen, ist klar definiert und von der tatsächlichen Implementierung vollkommen unabhängig. Auch der Releasezyklus des Dienstes ist, solange der Vertrag nicht inkompatibel geändert wird, von den Zyklen anderer Dienste nicht abhängig (und mit versionierten Interfaces können wir das noch weiter entkoppeln). Bei Amazon liest sich das so:\nA service is not just a software component in that sense, a distributed software component. It is also the model we use for software development in terms of team structure.\nSo how the process goes is that you have a particular business problem or a technology problem that you want to solve. You build a small team. You give them this problem. And at Amazon, they\u0026rsquo;re allowed to solve that problem in any way they see fit, as long as it is through this hardened API. They can pick the tools they want. They can do any design methodology they want as long as they deliver the actual functionality that they\u0026rsquo;ve been tasked with\u0026hellip;.\nI think Pat Halens(sp?) uses the metaphor of using a town as an example. So in a big town, you have zoning requirements. You have some general laws about the roads and things like that, but the way that you build your house and the way that you operate your house is all up to you.\nSo this is a bit the way that Amazon functions, also. We have some requirements: that services has to be monitorable, that they have to be tractable in all sorts of different ways. But in essence, operation is all up to the service owners themselves. This allows for a large-let\u0026rsquo;s say controlled chaos-which actually works very well because everybody\u0026rsquo;s responsible for their own services.\nService Oriented Architectures sind nur eine Ausprägung von \u0026ldquo;gelockerten Anforderungen\u0026rdquo;. Indem wir die Anforderungen an die Dienstabstraktion lockern, lassen wir den Dienstimplementatoren mehr Optionen bei der Architektur, und damit mehr Raum zu Wachsen. Das ist, wenn man es akzeptiert und lebt, eine gute Sache.\nEs läuft den Ideen der traditionellen Entwicklung und Informatiklehre aber stark zuwieder. Bei Joel Spolsky zum Beispiel kommen solcherart gelockerte Anforderungen unter dem Namen Leaky Abstractions daher. Joel kommt in seinem Essay aber zu dem Schluß \u0026ldquo;Leaky Abstractions are dragging us down\u0026rdquo; - er sieht das Durchscheinen der Implementierung bei einem Service als Bug. Für den Architekten einer Service Oriented Architecture sind sie aber eher der Schlüssel zum Erfolg.\nAndere Anwendungen desselben Patterns Dabei muß man aber nicht auf der Ebene der Architektur verbleiben. Wir können dasselbe Pattern (\u0026ldquo;Lockern der Anforderungen, ohne die API zu verändern\u0026rdquo;) auch auf viel niedrigerer Ebene anwenden. MySQL tut dies intern mit großem Erfolg: Dieselbe SQL-Query kann bis zu einem gewissen Grad entweder auf einer traditionellen ACID implementierenden Engine wie InnoDB abgewickelt werden, oder man kann die Betriebsparameter von InnoDB so relaxen, daß es nicht mehr ACID erfüllt, oder man kann eine andere Storage Engine wie MyISAM oder Memory verwenden, die dieselbe Query unter Umständen viel schneller abwickeln können, jedoch viel laxer mit dem Speicher umgehen.\nTraditionelles ACID ist sicher - wenn das \u0026ldquo;COMMIT\u0026rdquo; zurück kommt, garantiert die Datenbank, daß die Daten auf einem persistenten Speicher stehen, konsistent und vollständig sind. Wenn man das benötigt, kann man es von MySQL bekommen. In vielen Fällen - tatsächlich in den weitaus meisten Fällen - benötigt man es nicht, und die damit einher gehenden Waits (Commit wartet auf die Platte, und bei einer Plattenzugriffszeit von 8ms bekommt man so nicht mehr als 100-200 Commits pro Sekunde pro Platte von seinem System) ziehen die Performance runter.\nMySQL erlaubt es, durch Konfigurationsänderungen für die ganze Datenbank oder durch Ändern der Storage Engine für einzelne Tabellentypen diese Anforderungen zu lockern, und so die Waits auf die Platte einzusparen, wo dies erlaubt ist. Dadurch kann eine bis zu zehn mal höhere Rate an Statements pro Sekunde erreicht werden - ohne daß sich die Art des Aufrufes durch die Anwendung ändert. Die API, die die Anwendung gegenüber der Datenbank verwendet, bleibt also invariant, die Änderung kann durch einen DBA auf Operatingebene vorgenommen werden ohne daß die Entwicklung die Anwendung anpassen muß.\nLinks Mehr zum Thema:\nSOA in Wikipedia ACM Queuecast mit Werner Vogels, CTO Amazon Database War Stories , O\u0026rsquo;Reilly Radar, Series of 8 articles ","date":"2006-07-30T00:00:00Z","href":"https://blog.koehntopp.info/2006/07/30/leben-mit-fehlern-der-schluessel-zum-scaleout.html","tags":["architektur","mysql","performance","lang_de"],"title":"Leben mit Fehlern - der Schlüssel zum Scaleout"},{"categories":null,"content":"Manche Lizenznehmer haben komische Vorstellungen davon, wie sie mit der Lizenz umgehen können: \u0026ldquo;Nein, die GPL trifft auf uns aus einer Reihe von Gründen nicht zu.\u0026rdquo; \u0026ldquo;Ja, wird haben trotzdem ein Recht, die Software zu nutzen oder weiter zu verbreiten.\u0026rdquo;\nDer erste Prozess weltweit überhaupt über die Tragfähigkeit der GPL findet in Deutschland statt.\nMehr bei GPL Violations.ORG und Harald Weltes Blog .\n","date":"2006-07-26T00:00:00Z","href":"https://blog.koehntopp.info/2006/07/26/gpl-ja-oder-nein.html","tags":["free software","lang_de"],"title":"GPL - ja oder nein"},{"categories":null,"content":" In einer Welt, in der alles möglich ist - wie können dann die, die von den Möglichkeiten überfordert sind, leben?\nCharles Stross \u0026ldquo;Singularity Sky\u0026rdquo; zeichnet ein Bild einer transhumanistischen Welt. In dieser sind künstliche Intelligenz, Cyborgs, nanotechnologische Füllhörner, überlichtschnelle Kommunikation und Reisen, und damit auch Kausalität im Grunde keine Probleme. Damit setzen sie dem Leben auch keine Grenzen mehr. Wenn nicht eine nahezu allmächtige Existenz in der Zukunft der Menschheit ihre Entstehung sichern wollte: Dazu beschützt sie die Zeitlinie, die zu ihrer Entsteht führt und setzt den Wesen Grenzen, die innerhalb dieser Zeitlinie leben. Und wenn es in diesem Szenario nicht Zivilisationen gäbe, die den grenzenlosen Technologieschock der Singularität - dem überexponentiellen Anwachsen des technologischen Wissens - durch eine Art Retro-Kultur zu entkommen versuchen, und darum die technischen Möglichkeiten ihrer Bewohner künstlich beschränken.\nSingularity Sky spielt auf \u0026ldquo;Rochards Welt\u0026rdquo;, einem besonders rückständigen Planeten der \u0026ldquo;Republik\u0026rdquo;, einem Verschnitt von zaristischen Ostblock-Kulturen komplett mit einer bolschewistischen Untergrundbewegung. Die Republik hat sich hinsichtlich der verfügbaren Technologie besonders strikte Regeln auferlegt. Als das Festival, ein Verbund transhumaner und nicht-humaner Intelligenzen, auf Rochards Welt eintrifft und die Bewohner der Welt mit den unerschöpflichen Möglichkeiten und Errungenschaften einer Zivilisation konfrontiert, in der materielle Güter keine Rolle mehr spielen, weil sie industriell, aber nach Maß und Wunsch produziert werden können, kommt es zu einer Revolution, die das Unterste nach Oben zu kehren scheint.\nBis sich herausstellt, daß die Revolutionäre eigentlich genauso konservativ wie die Herrscher sind: Die Möglichkeiten des Festivals sind von einer materiell-rückständigen Gesellschaft wie der auf Rochards Welt gar nicht faß- und aufarbeitbar. So kommt es, daß die Individuen, die die Transzendenz schaffen, sich dem Festival anschließen, während der Rest in der materiellen Welt zurückbleibt und wieder in die althergebrachten Strukturen verfällt - dies schließt interessanterweise Stross Helden mit ein: zwei Außenweltler aus der Erdkultur, denen es nicht weiter schwer fällt das Festival und seine Ziele zu verstehen.\nLeider räumt Stross dem Expose und dem Technologieerklärungsmonolog zu viel Raum ein, anstatt sich um seine Figuren und ihre Entwicklung zu kümmern. Und leider hält man die Leser der deutschen Übersetzung für noch blöder, weil man ihnen die halbe Wikipedia in Fußnoten serviert, wann immer Stross in transhumanistische Gefilde abschweift. So wird aus einer Idee, die im Grunde Spaß machen könnte und die jede Menge Potenzial für inneren Konflikt der Charaktere hat dann doch ein relativ trockenes Buch, das ich in drei Anläufen gelesen habe.\n(Ein anderer Review )\n(Blog von Charles Stross)\n(Charles Stross in der EN:Wikipedia)\n","date":"2006-07-23T00:00:00Z","href":"https://blog.koehntopp.info/2006/07/23/fertig-gelesen-charles-stross-singularitaet.html","tags":["media","review","lang_de"],"title":"Fertig gelesen: Charles Stross: Singularität"},{"categories":null,"content":" Im Klappentext heißt es, Jack McDevitt sei mal Marineoffizier, Taxifahrer, Englischlehrer und Motivationstrainer gewesen, aber wenn man seine Geschichten liest, dann glaubt man, dass er am liebsten ein Archäologe wäre. Jack McDevitts Universum ist ein großes und langsames Universum, in dem sich Zivilisationen in der Regel über ihre Artefakte begegnen, weil die räumlichen und zeitlichen Distanzen viel zu groß sind, als dass ein echter Erstkontakt möglich wäre. McDevitt nimmt sich Zeit für seine Charaktere, und wenn er auch vor einem großen Hintergrund malt, so sind es doch die Personen, die bei ihm im Vordergrund stehen und die er liebevoll entwickelt.\nPriscilla \u0026ldquo;Hutch\u0026rdquo; Hutchins ist eine Pilotin, die gelegentlich Touren für die Akademie fliegt, jene Bürokratie, die die Vermessung des von Menschen besiedelten Weltraumes finanziert, und die die Erforschung von Hinterlassenschaften von Alien-Zivilisationen steuert. In Engines of God trifft sie auf Hinterlassenschaften der Monumentenbauer, einer ehemals raumfahrenden Zivilisation, die von einer den Menschen noch unbekannten Gefahr auf den Status primitiver Völker reduziert wurde.\nIn Deepsix hat Hutch ihren zweiten Auftritt, als sie mit einer Forschungsexpedition auf einem Planeten strandet, der in wenigen Tagen durch eine kosmische Katastrophe zerstört werden wird. Damit die Gruppe überleben kann, muss sie sich auf eine anstrengende Reise mit ungewissem Ausgang durch eine feindselige Welt machen (Hey, wem das zu abgegriffen klingt: Jack McDevitt schreibt kein Hard SciFi, er malt Charaktere, und der Hintergrund hier ist eine klassische Theaterkrise, mit dem durch externen Druck innerer Konflikt visualisiert werden kann).\nIn Chindi befördert Hutch eine unwahrscheinliche Gruppe von privat finanzierten Enthusiasten durch das All, die einer Sache nachgehen, die die Akademie für nicht weiter spannend hielt. In einer Art kosmischen Schnitzeljagd gelingt den Dilettanten der Glückstreffer, für den die Profis bei der Akademie ihren Ruf nicht aufs Spiel setzen wollten: Sie finden ein aktives Robotschiff einer vermutlich längst untergegangenen Zivilisation - und an Bord ein Museum des Lebens in der Galaxie, das Zeiträume umspannt, die die Menschen kaum ermessen können. Doch sich auf etwas so Altem und Großem wie der Chindi aufzuhalten bedeutet, sich Gefahren auszusetzen, für die Menschen nicht gemacht sind\u0026hellip;\nIn Omega müssen sich die Menschen und Hutch, inzwischen die Leiterin der Akademie, wieder mit der Gefahr durch die Omega-Wolken aus \u0026ldquo;Engines of God\u0026rdquo; auseinandersetzen: Die Menschen treffen auf eine vorindustrielle aktive Zivilisation, die genau im Weg einer Omega-Wolke liegt und die in Kürze durch diese zerstört werden wird. Kann die Akademie helfen? Und kann sie es tun, ohne sich der vorindustriellen Zivilisation unten auf der Welt zu offenbaren?\nDer letzte Band der Abenteuer von Priscilla Hutchins, Odyssey ist noch nicht verfügbar.\nIn der Welt der Priscilla Hutchins hat Jack McDevitt eine zweite Figur angesiedelt, den gelegentlich wie einen Hard Boiled Detective rüber kommenden Antiquitätenhändler Alex Benedict. In A Talent For War versucht dieser, die Legende um den Kriegshelden Christopher Sim auf ihren Wahrheitsgehalt abzuklopfen und zu verstehen, was in den Endtagen eines im Kern bedeutungslosen Krieges vor 300 Jahren wirklich vorgefallen ist - um am Ende nicht nur mit wertvollen Artefakten, sondern einer wiederentdeckten Schlüsseltechnologie dazustehen.\nBenedicts suche nach der historischen Wahrheit und Beweisen für den tatsächlichen Ablauf der Geschehnisse ziehen ihn auch in den Bann der Polaris , eines Geisterschiffes, auf dem vor einigen Jahrzehnten eine Gruppe von Menschen spurlos verschwand. Wieder bekommt Benedict am Ende mehr Antworten als er eigentlich haben wollte\u0026hellip;\nDie neuste Alex Benedict Story, Seeker ist noch nicht als Taschenbuch verfügbar.\nAußerhalb des Hutchins/Benedict-Universums spielt Ancient Shores : In der Mitte von Nirgendwo, in North Dakota, wo vor 10000 Jahren ein Postglazialer Tauwasser-See die Prärie auf einer Fläche mehrerer US-Bundesstaaten überschwemmte, findet ein Bauer beim Pflügen ein Boot, das aus einem unzerstörbaren Material gemacht ist und das im Dunkeln leuchtet. Auf der Suche nach seinem Heimathafen finden er und seine Freunde etwas anderes, viel Größeres: Ein Tor zu den Sternen.\n(Jack McDevitt in der Wikipedia)\n","date":"2006-07-23T00:00:00Z","href":"https://blog.koehntopp.info/2006/07/23/fertig-gelesen-jack-mcdevitt.html","tags":["media","review","lang_de"],"title":"Fertig gelesen: Jack McDevitt"},{"categories":null,"content":"Meine Sparkasse exportiert mir die Kontoauszüge aus Wunsch auch als CSV. Die Dateien sehen so aus:\n\u0026#34;Auftragskonto\u0026#34;;\u0026#34;Buchungstag\u0026#34;;\u0026#34;Valutadatum\u0026#34;;\u0026#34;Buchungstext\u0026#34;; \u0026#34;Verwendungszweck\u0026#34;; \u0026#34;Begünstigter/Zahlungspflichtiger\u0026#34;;\u0026#34;Kontonummer\u0026#34;;\u0026#34;BLZ\u0026#34;; \u0026#34;Betrag\u0026#34;;\u0026#34;Währung\u0026#34;;\u0026#34;Info\u0026#34; \u0026#34;08154711\u0026#34;;\u0026#34;30.12\u0026#34;;\u0026#34;30.12.05\u0026#34;;\u0026#34;LASTSCHRIFT\u0026#34;; \u0026#34;DRP 08154711 040441777 INKL. 16% UST 5.38 EUR\u0026#34;; \u0026#34;STRATO MEDIEN AG\u0026#34;;\u0026#34;040441777\u0026#34;;\u0026#34;10050000\u0026#34;; \u0026#34;-39,00\u0026#34;;\u0026#34;EUR\u0026#34;;\u0026#34;Umsatz gebucht\u0026#34; Weil ich wissen will, wofür ich mein Geld ausgebe, lade ich diese Daten in ein MySQL.\nDas geht so:\nZunächst einmal muß ich mir eine Tabelle definieren, in die ich den Load vornehmen kann. Diese Tabelle hat Felder, die in erster Linie dazu geschaffen sind, die Daten aufnehmen zu können. Wir müssen die Daten noch bereinigen, sodaß es sich noch nicht um die endgültigen Felder oder Typen handelt.\n-- load data warnings; DROP TABLE IF EXISTS buchungen; CREATE TABLE buchungen ( auftragskonto char(8) NOT NULL, buchungstag_text char(10) NOT NULL, valutatag_text char(10) NOT NULL, buchungstext varchar(50) NOT NULL, verwendungszweck varchar(180) NOT NULL, gegenkonto_name varchar(100) NOT NULL, gegenkonto_nummer char(20) NOT NULL, gegenkonto_blz char(8) NOT NULL, betrag_text char(12) NOT NULL, waehrung char(3) NOT NULL, info varchar(255) NOT NULL, unique index ( buchungstag_text , buchungstext , verwendungszweck , gegenkonto_nummer , gegenkonto_blz , betrag_text) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; truncate table buchungen; Es fällt auf, daß in den Kontoauszügen keine eindeutigen Transaktionsnummern sind, sodaß ich keinen Primärschlüssel definieren kann. Mit dem Unique Index, den ich dort definiere, versuche ich doppelte Datensätze zu entdecken. Dies kann jedoch falsche positive Treffer liefern.\nIn diese Tabelle kann ich nun nacheinander die einzelnen CSV mit den Kontoauszügen hinein laden:\nload data infile \u0026#39;/home/kris/Documents/banking/umsatz-22758031-29122004.csv\u0026#39; into table buchungen fields terminated by \u0026#34;;\u0026#34; optionally enclosed by \u0026#39;\u0026#34;\u0026#39; ignore 1 lines; load data infile \u0026#39;/home/kris/Documents/banking/umsatz-22758031-24012005.csv\u0026#39; into table buchungen fields terminated by \u0026#34;;\u0026#34; optionally enclosed by \u0026#39;\u0026#34;\u0026#39; ignore 1 lines; ... Wir müssen diese Daten nun in brauchbare Datensätze umwandeln. Dazu wird erst einmal eine Zieltabelle erzeugt und diese mit einem Primärschlüssel versehen.\n-- prepare conversion stage DROP TABLE IF EXISTS b; create table b like buchungen; alter table b add column id integer unsigned not null first; alter table b add primary key (id); alter table b change column id id integer unsigned not null auto_increment; Jetzt können die Daten umgeladen werden und danach die Felder bereinigt werden: Das Betrag-Feld muß von \u0026ldquo;xxx.xxx,yy\u0026rdquo;-Syntax auf \u0026ldquo;xxxxxx.yy\u0026rdquo; umgestellt werden und die Datumsfelder valutatag_text und buchungstag_text müssen in ISO-Syntax umgestellt werden. Dabei muß das fehlende Jahr beim buchungstag_text aus dem valutatag ergänzt werden.\n-- load data into conversion stage insert into b select NULL, buchungen.* from buchungen; -- adapt betrag update b set betrag_text = replace(betrag_text, \u0026#34;.\u0026#34;, \u0026#34;\u0026#34;); update b set betrag_text = replace(betrag_text, \u0026#34;,\u0026#34;, \u0026#34;.\u0026#34;); alter table b change column betrag_text betrag decimal(12,2) not null; -- adapt valutatag update b set valutatag_text = concat(\u0026#34;20\u0026#34;, substring(valutatag_text, 7, 2), \u0026#34;-\u0026#34;, substring(valutatag_text, 4, 2), \u0026#34;-\u0026#34;, substring(valutatag_text, 1,2)); alter table b change column valutatag_text valutatag date not null; -- adapt buchungstag update b set buchungstag_text = concat(year(valutatag), \u0026#34;-\u0026#34;, substring(buchungstag_text, 4,2), \u0026#34;-\u0026#34;, substring(buchungstag_text, 1,2)); alter table b change column buchungstag_text buchungstag date not null; -- drop info alter table b drop column info; Ich will nun außerdem eine Gruppierung meiner Ausgaben vornehmen. Dazu führe ich eine Spalte \u0026ldquo;gruppe \u0026ldquo;ein. Mit Hilfe einer weiteren Tabelle \u0026ldquo;wichtige_geldsenken\u0026rdquo; matche ich dann den gegenkonto_name und fülle die Gruppe:\n-- add gruppe alter table b add column gruppe varchar(20) not null; Und jetzt die wichtige_geldsenken Tabelle:\nDROP TABLE IF EXISTS `wichtige_geldsenken`; CREATE TABLE `wichtige_geldsenken` ( `id` int(10) unsigned NOT NULL auto_increment, `pattern` varchar(100) NOT NULL, `gruppe` varchar(20) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; LOCK TABLES `wichtige_geldsenken` WRITE; INSERT INTO `wichtige_geldsenken` VALUES (77,\u0026#39;sparkasse\u0026#39;,\u0026#39;Konto und Karte\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (78,\u0026#39;ga\u0026#39;,\u0026#39;Geldautomat Inland\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (79,\u0026#39;qsc\u0026#39;,\u0026#39;Internet\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (80,\u0026#39;linux new media\u0026#39;,\u0026#39;Zeitungen\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (81,\u0026#39;premiere\u0026#39;,\u0026#39;Fernsehen\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (82,\u0026#39;walmart\u0026#39;,\u0026#39;Einkauf\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (83,\u0026#39;kabel bw\u0026#39;,\u0026#39;Fernsehen\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (84,\u0026#39;gez\u0026#39;,\u0026#39;Fernsehen\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (85,\u0026#39;t-mobile\u0026#39;,\u0026#39;Telefon\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (86,\u0026#39;finanzkasse\u0026#39;,\u0026#39;Steuern und Strafen\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (87,\u0026#39;domainfactory\u0026#39;,\u0026#39;Internet\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (88,\u0026#39;nagel ue\u0026#39;,\u0026#39;Kleidung\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (89,\u0026#39;mobilcom\u0026#39;,\u0026#39;Telefon\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (90,\u0026#39;domainfactory\u0026#39;,\u0026#39;Internet\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (91,\u0026#39;strato\u0026#39;,\u0026#39;Internet\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (92,\u0026#39;stadtwerke\u0026#39;,\u0026#39;Gas Wasser Scheisse\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (93,\u0026#39;deutsche bahn\u0026#39;,\u0026#39;Bahn\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (94,\u0026#39;debeka\u0026#39;,\u0026#39;Versicherung\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (95,\u0026#39;ec-ga\u0026#39;,\u0026#39;Geldautomat Ausland\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (96,\u0026#39;scheck in\u0026#39;,\u0026#39;Einkauf\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (97,\u0026#39;mastercard\u0026#39;,\u0026#39;Kreditkarte\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (98,\u0026#39;dr.\u0026#39;,\u0026#39;Miete\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (99,\u0026#39;a.t.u\u0026#39;,\u0026#39;Auto\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (100,\u0026#39;ungeheuer\u0026#39;,\u0026#39;Auto\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (101,\u0026#39;agip\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (102,\u0026#39;aral\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (103,\u0026#39;avia\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (104,\u0026#39;bab\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (105,\u0026#39;citti\u0026#39;,\u0026#39;Einkauf\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (106,\u0026#39;efa\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (107,\u0026#39;esso\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (108,\u0026#39;expedia\u0026#39;,\u0026#39;Reisen\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (109,\u0026#39;fantasy\u0026#39;,\u0026#39;RPG\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (110,\u0026#39;gravis\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (111,\u0026#39;foto\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (112,\u0026#39;heinrich\u0026#39;,\u0026#39;Kleidung\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (113,\u0026#39;hem\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (114,\u0026#39;hotel\u0026#39;,\u0026#39;Reisen\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (115,\u0026#39;jet-tank\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (116,\u0026#39;karstadt\u0026#39;,\u0026#39;Einkauf\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (117,\u0026#39;kassen-\u0026#39;,\u0026#39;Steuern und Strafen\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (118,\u0026#39;leichtsinn\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (119,\u0026#39;media markt\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (120,\u0026#39;mios\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (121,\u0026#39;plaza\u0026#39;,\u0026#39;Einkauf\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (122,\u0026#39;rundfunkgebuehren\u0026#39;,\u0026#39;Fernsehen\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (123,\u0026#39;saturn\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (124,\u0026#39;sb tank\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (125,\u0026#39;segelkiste\u0026#39;,\u0026#39;Kleidung\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (126,\u0026#39;total/\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (127,\u0026#39;trx\u0026#39;,\u0026#39;Reisen\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (128,\u0026#39;tst. bensheim\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (129,\u0026#39;vobis\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (130,\u0026#39;willenberg\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (131,\u0026#39;shell\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (132,\u0026#39;spreadshirt\u0026#39;,\u0026#39;Kleidung\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (133,\u0026#39;armin meier\u0026#39;,\u0026#39;Kleidung\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (134,\u0026#39;itzehoer\u0026#39;,\u0026#39;Versicherung\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (135,\u0026#39;ec-pos\u0026#39;,\u0026#39;Geldautomat Ausland\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (136,\u0026#39;euf-ga\u0026#39;,\u0026#39;Geldautomat Ausland\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (137,\u0026#39;dell\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (138,\u0026#39;yvonne\u0026#39;,\u0026#39;RPG\u0026#39;); UNLOCK TABLES; Mit Hilfe dieser Mappingtabelle und der folgenden Query kann ich jetzt das Feld gruppe in b sinnvoll belegen:\nupdate b set gruppe = ( select gruppe from wichtige_geldsenken as w where b.gegenkonto_name like concat(w.pattern, \u0026#34;%\u0026#34;) order by length(pattern) desc limit 1) where b.betrag \u0026lt; 0; Wenn meine pattern-Liste vollständig ist, ist jetzt das Feld gruppe bei allen Ausgaben korrekt belegt.\nIch kann nun Fragen stellen:\nselect gegenkonto_name, count(gegenkonto_name) as eingaenge from b where betrag\u0026gt;=0 group by gegenkonto_name order by eingaenge desc; +--------------------------------------------------------+-----------+ | gegenkonto_name | eingaenge | +--------------------------------------------------------+-----------+ | WEB.DE AG AMALIENBADSTR. 41 | 12 | | MYSQL GMBH | 7 | | MYSQL GMBH SCHLOSSERSTR. 4 72622 NUERTINGEN | 3 | | COOP SCHLESWIG-HOLSTEIN EG BENZSTR. 10 | 2 | +--------------------------------------------------------+-----------+ select gegenkonto_name, count(gegenkonto_name) as abgaenge from b where betrag\u0026lt;0 group by gegenkonto_name order by abgaenge desc; +---------------------------------------------------------+----------+ | gegenkonto_name | abgaenge | +---------------------------------------------------------+----------+ | SCHECK IN CENTER KA DURLACH | 36 | | MOBILCOM COMMUNICATIONSTECH | 22 | | STRATO MEDIEN AG | 22 | | VERMIETER | 19 | | T-MOBILE DEUTSCHLAND GMBH | 18 | | DEUTSCHE BAHN KARLSRUHE HB | 17 | | KABEL BW GMBH \u0026amp; CO. KG | 17 | | QSC AG | 17 | | STADTWERKE KARLSRUHE | 17 | ... Mit den Gruppen kann ich nun auch sehen, wo das Geld hin gegangen ist:\nselect gruppe, count(betrag) as abgaenge, sum(betrag) as total from b where betrag\u0026lt;0 group by gruppe order by total; wird mir sagen, wofür ich mein Geld ausgebe.\n","date":"2006-07-23T00:00:00Z","href":"https://blog.koehntopp.info/2006/07/23/mein-privates-datawarehouse-sparen-mit-mysql.html","tags":["erklaerbaer","mysql","lang_de"],"title":"Mein privates Datawarehouse - Sparen mit MySQL"},{"categories":null,"content":"Seit dem 1. November 2005 arbeite ich für MySQL Deutschland GmbH als Consultant. Damit mit bin ich Teil einer Firma mit 320 Mitarbeitern in 27 Ländern. Ein Office habe ich noch nie gesehen . Einige der Kollegen, mit denen ich am engsten zusammenarbeite habe ich auch noch nie gesehen. Die anderen sehe ich so alle paar Monate mal. Die Zusammenarbeit ist gut und sehr intensiv.\nAls ich von web.de zu MySQL gewechselt bin, war ich am Anfang sehr skeptisch und habe meine Interviewpartner gefragt, wie das denn wohl so ist, für eine \u0026ldquo;virtuelle\u0026rdquo; Firma zu arbeiten, in der die Kollegen so weit verstreut gesät sind. Auch in den Fällen, in denen ich neue Kollegen interviewed habe ist dies die Frage, die mir in der Regel zuerst gestellt wird.\nMeine Antwort auf diese Frage ist inzwischen \u0026ldquo;Hast Du einmal in irgendeinem Open-Source-Projekt mitgearbeitet und Dich mit den Leuten dort abstimmen müssen?\u0026rdquo; Wenn die Antwort \u0026ldquo;ja\u0026rdquo; lautet (und damit man von MySQL interviewed wird, muss sie in der Regel \u0026ldquo;ja\u0026rdquo; lauten), kann ich antworten \u0026ldquo;Es ist genau wie da, nur daß Du Geld dafür bekommst.\u0026rdquo;\nIn der Praxis sieht das so aus, daß MySQL über einen von mehreren Wegen einen Lead hereinbekommt, der vom Sales-Team entweder telefonisch oder vor Ort in einen Auftrag umgewandelt wird. Sales geht dabei mit dem Presales-Support und einigen Fragebögen daher und produziert so ein Informationspaket, bei dem die Schedulerin und Consulting meist eine relativ gute Idee haben, was das Projekt ist und welche Fähigkeiten dabei gefordert sind. Zusammen finden wir die passenden Personen zur Abwicklung des Projektes und machen mit dem Kunden und dem Consultant einen Terminplan. Der Consultant reist dann an, macht sein Ding und reist einen glücklichen Kunden hinterlassend wieder ab.\nSo die Theorie, und im Regelfall auch die Praxis.\nMySQL als Firma besteht aus einer an mehreren Stellen konzentrierten Infrastruktur, die Sales, Presales, Scheduling, Consulting, Training, aber auch Support, Development, Maintenance und den die betriebswirtschaftlichen Dinge abwickelnden Geschäftsstellen Dienste anbietet. Diese Dienste sind, wo immer es geht, web-basierend und so gestaltet, daß sie so Browser-unabhängig sind wie irgend möglich. Zu diesen Diensten gehören verschiedene Firmen-Wikis, einige Eventum-Taskmanager-Instanzen, der Teamkalender für Training und Consulting und viele andere Dinge. Auch Nicht-Webdienste, etwa Bitkeeper, Continous Build Services, ein Firmen-IRC-Server, Mail- und Newsdienste und eine verteilte Asterisk-Installation gehören dazu.\nAm Ende ist dies keine Sache, die so verschieden wäre von etwa dem Setup, das KDE intern verwendet, plus die Sales- und BWL-Seite dazu.\nFür mich als Consultant bedeutet dies, daß ich Zugriff auf meine Kollegen bei Consulting, Training und im Support habe, in dem ich Skype, Mail und IRC verwende. Bei einer Firma, die so verteilt ist wie MySQL, ist zu jeder Tages- und Nachtzeit jemand zu sprechen, der mir helfen kann. Wir kommunizieren dabei nicht nur dienstlich, sondern ich habe so wie beim normalen ircen auch einige gute Freunde gewonnen, von denen ich einen Teil noch nicht persönlich getroffen habe. Die Zusammenarbeit ist noch intensiver beim Support-Team: Arbeiten heißt für die ircen, und Tom Basil hat auf seine unvergleichliche Weise aus dem Team eine Art Familie gemacht, sodass \u0026ldquo;seine\u0026rdquo; Supporter (und einige Adoptivkinder aus anderen Abteilungen) quasi im Netz leben.\nMeine Arbeit organisiere ich weitgehend selbst: Ich entscheide, wann ich arbeite, wie ich arbeite und was ich wie priorisiere. MySQL folgt sehr strikt einem management-by-objectives Ansatz, sodass es letztendlich vollkommen egal ist, wie ich die Ziele erreiche, die ich mir mit meinem Team gesetzt habe.\nWenn ich einen Home-Office-Tag habe, haue ich meistens morgens meine Mail weg. Konkret bleibe ich auf dem Stand, was auf den Firmenmailinglisten so passiert, verfolge einige interessante Dinge im Bitkeeper und im Worklog, um bei der Weiterentwicklung des Servercodes auf Stand zu bleiben und beantworte die Mails, die Kunden reingeschickt haben, weil sie noch Fragen haben oder einfach nur so in Kontakt bleiben wollen.\nNach dem Mittag ist Papierkram angesagt: Expenses, Engagement Summaries, Knowledge Base Entries oder Whitepapers und die dazu notwendigen Experimente, oder den folgenden Einsatz vorbereiten. Dazu gehören auch die anstehenden Kundenanrufe, die ich inzwischen routinemäßig alle über SkypeOut abwickle. Oder ich nehme mir den Nachmittag frei und erledige die Dinge am Abend, bei denen ich mich nicht mit Kunden synchronisieren muss.\nEs kann auch sein, dass ich einen Remote Gig habe. Dies ist in der Regel ein Einsatz bei einem Kunden in einer anderen Zeitzone, bei dem sich die Anreise wegen der Einsatzdauer nicht lohnt, oder wegen der Dringlichkeit nicht möglich ist. In diesem Fall verschiebt sich mein Lebenszyklus ein wenig in Richtung der anderen Zeitzone, was mir natürlich ein wenig Freizeit zu ungewöhnlichen Zeiten beschert.\nMeistens hat der Kunde einen Sprung-Host in seiner DMZ, auf den ich per ssh draufklettern kann, und auf dem ich ihn dann bitte einen screen zu starten. Nachdem ich mich mit screen -x an seine Session angeklemmt habe, bitte ich ihn, mich huckepack mit nach drinnen in sein Netz zu nehmen. Über seinen Firmen-IRC-Server, über Skype oder über SkypeOut können wir nun reden, während wir uns eine Shell-Session im screen teilen und er sehen kann, was ich tippe. Dies ist für die Teile der Arbeit, die synchron erledigt werden müssen, in den meisten Fällen genauso effektiv als wäre ich vor Ort. Asynchrones Arbeiten geht im Grunde genau so, nur daß ich idR einen ssh-Login bekomme, mit dem ich zu meinen Zeiten alleine arbeiten kann.\nFür die Dinge, die ich dabei auf eigenen Systemen ausprobieren muss, damit sie beim Kunden reibungslos klappen kann ich entweder auf meinem Laptop mit vmware Instanzen simulieren oder auf Rechnern in den firmeneigenen Labors in Cupertino oder Uppsala Rechenzeit reservieren. Auch auf diese Rechner komme ich problemlos mit ssh oder rdesktop über das Firmen-VPN drauf.\nBei einem regulären Kundeneinsatz bin ich nicht alleine. Ich bin vielleicht der einzige MySQL-Mitarbeiter vor Ort, aber hinter mir steht über GSM, openvpn, https-VPN oder ssh-Tunnel der Zugriff auf Support und meine Kollegen von Training und Consulting, die gerade nicht beim Kunden sind.\nAuch die Katze arbeitet inzwischen bei MySQL - in ihrem Fall als Entwicklerin. Ihre Arbeit ist damit noch näher am KDE-Modell als meine: Bitkeeper, UnitTest-Harnesses und Continuos Build-Prozeduren auf einer ganzen Reihe von Plattformen der Buildfarm sind ihre Freunde. Scrum im Irc und im Wiki sind ebenso Standard-Prozesse für Entwickler wie der Umgang mit einem Bugtracker. Und wie in jedem regulären Irc in anderen Open-Source-Projekten entwickeln sich auch dort Freundschaften und persönliche Kontakte.\nEntwickler fahren alle mindestens einmal im Jahr zur firmeninternen Developer Conference, die dieses Jahr in Sorrento in Italien stattfand. Dort finden sich auch Abgesandte aller anderen Abteilungen, sodass dies eine ausgezeichnete Methode ist, um bisher virtuelle Freundschaften einmal mit Personen und Gesichtern zu verbinden. Weitere Gelegenheiten dieser Art sind die US-amerikanische und die europäische User Conference, MySQL Usergroup-Treffen, bei denen man neben Anwendern auch Kollegen aus demselben geografischen Gebiet treffen kann, und natürlich Abteilungsmeetings. Wir in Consulting streben drei solcher Treffen im Jahr an, und für die anderen Abteilungen geschieht dies nach Bedarf\u0026hellip;\nAlles in allem kann ich nach 9 Monaten MySQL sagen, daß dies die fremdartigste Firma ist, in der ich je gearbeitet habe. Keine \u0026ldquo;casual communication\u0026rdquo;, keinen Flurfunk zu haben, ist manchmal etwas anstrengend und kostet sicherlich mehr Energie als in einer traditionellen Firma.\nAndererseits habe ich mich sofort zu Hause gefühlt: Während MySQL als Firma fremdartig ist, sind mir die Methoden der Zusammenarbeit vertraut, denn ich habe sie außerhalb der Firma in den Projekten, an denen ich mitgearbeitet habe, jahrelang gelebt.\nNeu ist im Grunde nur, daß das, was vorher mein Hobby war, jetzt mein Leben ist. Ein anstrengendes, spannendes und überaus aufregendes Leben.\nAlso liebe Kollegen, bekannter und unbekannterweise: Wie ist es für Euch gewesen, als ihr hier angefangen habt?\n","date":"2006-07-05T00:00:00Z","href":"https://blog.koehntopp.info/2006/07/05/erfahrungen-mit-nonoffice.html","tags":["mysql","remote first","work","lang_de"],"title":"Erfahrungen mit Nonoffice"},{"categories":null,"content":" Der aktuelle Konflikt zwischen dem Unabhängigen Landeszentrum für den Datenschutz (ULD) und dem Landesrechnungshof (LRH) in Schleswig-Holstein erschließt sich einem erst dann, wenn man begreift, wie einzigartig das ULD in seinen Methoden und ihrer Umsetzung eigentlich ist. Dem ULD gebührt nämlich nicht nur das Verdienst, inhaltlich eine der führenden Stellen weltweit zum Thema Datenschutz zu sein, sondern auch bestimmte behördliche Arbeitsweisen ins 21. Jahrhundert geholt und den Schritt von Restriktion und Kontrolle zu Prävention und Multiplikation geschafft zu haben.\nUnter der Führung von Helmut Bäumler gelang es ihm und seinen Mitarbeitern, den Datenschutz in Deutschland grundsätzlich neu auszurichten. Das von ihm geprägte Motto \u0026ldquo;Datenschutz durch Technik\u0026rdquo; und der Begriff der \u0026ldquo;Datensparsamkeit\u0026rdquo; haben den eher technikfeindlich geprägten Ur-Datenschutz, wie er nach dem Volkszählungsurteil die deutsche Politik dominierte in einen Datenschutz umgewandelt, der Datenschutzprobleme angeht, bevor sie entstehen.\nBäumlers Innovation ist die Sicht auf den Datenschutz in der Technikentwicklung als präventiven und kommunikativen Prozess. Datenschutz muss auf allen Ebenen des Prozesses der Technikentwicklung mitwirken, denn nur so kann er effektiv sein - es ist vollkommen wirkungslos ex post geschaffene Fakten oder fertiggestellten und ausgelieferten Code zu kritisieren. Datenschutz muss stattdessen Technik aktiv mitgestalten .\nFür Bäumler und seine Schüler beginnt Datenschutz konsequenterweise mit der Mitarbeit von Datenschützern in Normungsgremien, um Privacy- und Security-Aspekte schon in der Definition von technischen Standards zu etablieren. Die Liste der Projekte und Organisationen mit deren Hilfe das geschieht ist lang und beeindruckend.\nIn der Folge muss die Industrie bei der korrekten Umsetzung von solchen technischen Standards beraten werden und Datenschutz muss vermarktbar werden. Die Datenschutzakademie bildet Verantwortliche aus, um sie zur Umsetzung von Datenschutzkonzepten zu befähigen. Die Schaffung des Datenschutzaudits nach Landesdatenschutzgesetz erlaubt es öffentlichen Stellen, ihre technischen und organisatorischen Prozesse nach den Kriterien des Datenschutzaudits untersuchen zu lassen und sich am Ende mit einem Gütesiegel zertifizieren zu lassen, um so nachzuweisen, daß diese Umsetzung gelungen ist.\nDas Gegenstück zum Audit für öffentliche Stellen ist das Gütesiegel \u0026lsquo;Vom Datenschutz empfohlen\u0026rsquo; für private Firmen und ihre Produkte, in denen die Umsetzung von Prozessen und Produkten unter Datenschutzgesichtspunkten evaluiert und beurteilt wird. Beide Siegel sind wichtige Elemente in einer Strategie zur Vermarktung des Gedankens des Systemdatenschutzes .\nDie Durchführung solcher Prüfungen und die Erstellung der Gutachten erfolgt dabei nicht durch Mitarbeiter des ULD, sondern durch einen beim ULD akkreditierten sachverständigen Gutachter: Beim ULD erkennt man, dass man als Datenschutzzentrum die Arbeit nicht alleine tun kann und setzt Multiplikatormechanismen ein. Durch das Verfahren entsteht ein Markt für eine unabhängige Beurteilung von Prozessen und Produkten unter Datenschutzgesichtspunkten, sodass der ganze Prozess personell und finanziell ein Selbstgänger wird. Datenschutz integriert sich hier also mehr oder weniger nahtlos in die Dokumentations- und Nachweis-Infrastruktur von ISO 9001, ISO 27001/ISO 117799/BS 7799 und BSI Grundschutzhandbuch, sowie die Anforderungen an Firmen nach Sarbanes-Oxley und Basel II.\nUm Endverbrauchern die Kontrolle über ihre Daten zurückzugeben und sie in die Lage zu versetzen, ihre eigenen Datenschutzbedürfnisse lokal durchzusetzen, hat man beim ULD auf dem Feld des Selbstdatenschutzes die Zusammenarbeit mit Verbraucherschutzorganisationen wie dem Europäischen Verbraucherzentrum gesucht und Werkzeuge und Informationen zusammengetragen.\nWie kann eine relativ kleine Landesbehörde so etwas finanzieren? Beim ULD ist man auch hier für eine Behörde neuartige Wege gegangen und setzt auch hier auf Multiplikatoreffekte: Durch Engagement in Projektausschreibungen auf europäischer, Bundes- und Landes-Ebene ist dem ULD das Einwerben von Drittmitteln gelungen. Mit diesen Mitteln ist es gelungen, nahezu ein Dutzend extrem hochkarätige Experten nach Kiel zu ziehen und in diesen Projekten einzusetzen. Der dadurch entstehende gute Ruf des ULD macht die Einwerbung von Folgeprojekten natürlich deutlich leichter.\nIm Grunde ist das Vorgehen des ULD extrem listig: Statt sich in stupider Kontrolle und dem Bejammern von Fakten zu erschöpfen, nutzt man die durch den Haushalt des Landes bereitgestellten Mittel, um als Katalysator zu agieren und sich selbst tragende Projekte wie die Datenschutzakademie oder die Projektarbeit zu schaffen, oder gar Märkte neu zu schaffen, wie den Markt für Audit und Gütesiegel.\nVollkommen logisch, daß man all dies nicht leisten kann, wenn man nur auf Landesebene agiert. Projekte wie Datenschutz.DE haben ihren Ursprung zwar in Kiel, vereinen aber Mittel von vielen Partnern auf nationaler und internationale Ebene.\nDies alles ist für eine deutsche Behörde, noch dazu auf Landesebene, vollkommen einzigartig und seiner Zeit weit voraus: Nur auf diese Weise eingesetzt können die Steuergelder der Bürger wirklich wirksam werden, denn um in einer global entwickelnden und global vernetzten Informationsgesellschaft wirksam zu werden, muss sich der Datenschutz auch global vernetzen und global zusammenarbeiten.\nTraditionell arbeitende, dem letzten Jahrtausend verhaftete Landesbehörden haben mit diesem Konzept so einige Verständnisprobleme, da es ihre Sicht von lokalen Zuständigkeiten und hierarchischer Behördenorganisation schlicht übersteigt. Und so kann man den Bericht des Landesrechnungshofes zur Arbeit des ULD eigentlich nur auf eine Weise lesen: Vollständiges Unverständnis für Aufgaben und die Anforderungen an den Datenschutz, und vollständige Verkennung der Realitäten, was die Wirksamkeit von Maßnahmen und Mitteln angeht.\nDie Reaktion des ULD ist dann auch entsprechend deutlich: Rechnungshof-Organisationsprüfung des ULD , ULD: Rechnungshofs-Bericht verweigert die Anerkennung von Fakten .\n","date":"2006-05-20T00:00:00Z","href":"https://blog.koehntopp.info/2006/05/20/uld-schleswig-holstein-vs-lrh-schleswig-holstein.html","tags":["privacy","politik","security","lang_de"],"title":"ULD Schleswig-Holstein vs. LRH Schleswig Holstein:"},{"categories":null,"content":"ircnet, #lug-kiel, am 7. und 8. Mai.\nJannik wundert sich über fsck\u0026rsquo;s Meldung\n/: 130834/6553600 Dateien (1.1% nicht zusammenhängend), 1007700/13107200 Blöcke Ist das schlimm? Jannik: hmm.. /:\n130834/6553600 Dateien (1.1% nicht zusammenhängend), 1007700/13107200 Blöcke Sieht so aus als wäre mein Dateisystem fragmentiert gewesen o.O? Ich dachte, so etwas kennt Linux nicht.\ntholle: Linux oder das Dateisystem? ;-)\nIsotopp: Seufz. \u0026ldquo;1.1% nicht zusammenhängend\u0026rdquo; Natürlich können Dateien in nicht fortlaufenden Blocknummern gespeichert sein. Warum meinst du, daß das ein Problem sei? Oder anders herum, warum glaubst Du, daß es gut ist, wenn eine Datei in fortlaufenden Blocknummern gespeichert ist?\nJannik: ???\nIsotopp: Erklär mal was Du denkst, was die Ausgabe bedeutet, die Du da bekommen hast?\nJannik: Isotopp: Öhm. Ei, jetzt kommt hier ne Lehrstunde :D Ja, vielleicht daß die Daten nicht zusammenhängen (in Blöcken \u0026ldquo;nebeneinander\u0026rdquo; liegen) Also eine Datei zum Beispiel.\nIsotopp: Ja, genau. Eine Datei ist zusammenhängend, wenn sie in fortlaufenden Blocknummern gespeichert ist. Wenn in den Blocknummern einer Datei lücken sind, ist sie fragmentiert.\nJannik: Ich dachte sowas nennt man dann fragmentiert sein, so wie man das bei Windows kennt. Ach so, gut. Also kann das Dateisystem defragmentiert werden irgendwie?\nIsotopp:\nWenn das z.B. ein ext2 oder ext3 ist, dann besteht das Dateisystem aus Blockgruppen, In BSD ufs nennt man das cylinder groups, das ist im Kern dasselbe. In einer bg befinden sich eine Superblockkopie, die Inode-Bitmaps, die Block-Bitmap, die Inodes der bg und dann die Datenblöcke. Jede bg ist also ein kleines Mini-Dateisystem für sich.\nIn ext2/ext3 kann eine Bitmap nur einen Block groß sein.\nFrüher war ein Block 1 kb groß. das sind also 8192 Bit in einem Block. Also konnte eine bg 8192 Blöcke groß sein.\nHeute hat ext2/ext3 4 kb blöcke. also sind 32768 Bit in einem Bitmap block, und 32768 Blöcke in einer bg.\nFrüher waren also 8192 1 kb blocks = 8 MB eine bg. Heute sind 32768 4 kb blocks = 128 MB eine bg.\nWas passiert, wenn du eine Datei mit 200 MB speichern willst?\nJannik: Isotopp: dann wird eine bg belegt und eine 2. nur zum Teil.\nIsotopp: Ja, genau. Ist die Datei dann fragmentiert?\nJannik: Nicht wirklich.\nIsotopp: Naja, sind die Blocknummern der Datei zusammenhängend oder nicht?\nJannik: Ähm…\nIsotopp: Sie können nicht, denn irgendwo fängt ja die neue bg an.\nJannik: Genau.\nIsotopp: Also liegt irgendwo Mitten in der Datei der Superblock und die Bitmaps und die Inodes der neuen bg. Die Datei ist also fragmentiert. In ext2/ext3 ist es nicht möglich eine Datei zu speichern ohne sie zu fragmentieren, wenn sie größer als eine bg ist.\nWenn eine 200 MB Datei eine bg komplett voll macht, dann sind ja nur die Datenblöcke voll, die Inodes in der bg sind noch leer. (bis auf eine, die von der 200 MB Datei) Jetzt wird eine zweite Inode in der bg belegt, in der die Datenblöcke voll sind. Wo werden die Datenblöcke der Datei abgelegt?\nJannik: Ähm, woanders?\nIsotopp: Ja, weit weg von der Inode. Das ist aber doof, denn um die Datei zu lesen, muß man die Inode lesen und dann die Daten finden und lesen. Das dauert.\nDie 200 MB Datei ist doch aber sowieso fragmentiert. wenn wir sie schneller (früher) fragmentiert hätten, dann wäre noch Platz frei in der 1. bg frei und die 2. Datei könnte ihre Daten näher an der Inode speichern. Aber wieso glauben wir, daß Fragmentierung was schlechtes ist? Wieso denken wir, daß zusammenhängende Blocknummern an einer Datei gut sind?\nJannik: Das glaube ich mittlerweile gar nicht mal mehr.\nIsotopp: Jannik: Du hast eine Festplatte. Wie lange dauert es denn bei Deiner Platte, den Kopf von einer Inode zu den Datenblöcken in einer anderen bg zu bewegen? Ungefähr?\nJannik: Kein Plan. Nicht lang. Vermutlich keine Millisekunde.\nIsotopp: Kennt jemand die Zeit von seiner Festplatte hier?\nIsotopp hat eine Platte mit einer Seek Time von 8ms in seinem Laptop. Isotopp: Jannik: Festplatten haben Seek times zwischen 5 und 10ms. Das heißt, die können 100-200 Seeks pro Sekunde machen\nDamit haben wir einen Grund, warum ein Interesse besteht, Daten auf einer Platte möglichst dicht beeinander zu speichern (Seeks sind teuer), aber wenn wir sie zu dicht beieinander speichern, dann kommen neue und alte Daten einander in die Quere. Daher wirst du auf jedem Dateisystem mit grossen Dateien immer fragmentierte Dateien finden.\nJannik: Isotopp: Gut. aber Dateien werden trotzdem wie bei Windows fragmentiert? Sodaß man Defragmentieren muss? Wie ist das, wenn der Datenträger voll ist? Dann ist das System vermutlich gezwungen zu fragmentieren?\nIsotopp: Ja, natürlich. Wenn die Platte fast voll ist, muss das Dateisystem nehmen was da ist. ufs sagt das an.\n\u0026ldquo;changing optimization from time to space\u0026rdquo;\noder so ähnlich steht dann im syslog. In ext2/ext3 sieht man das nicht, aber kein Dateisystem sollte mehr als 80% gefuellt werden, sonst wird es mit der Allokation schwierig.\nJannik: Gut.\nIsotopp: Wir wissen nun: Dateien sollten dicht beeinander stehen, damit Seeks vermieden werden. aber wenn wir das tun, etwa eine bg voll machen, dann bauen wir uns die bg fuer alle nachfolgenden Dateien zu, und bekommen die Seeks dann da.\nufs vermeidetet das etwa, indem es \u0026ldquo;long Seeks\u0026rdquo; erzwingt. Es fragmentiert Dateien absichtlich etwa alle 1mb oder so, indem es in eine andere bg wechselt.\nWenn du also eine Datei in ufs speicherst, wird das erste MB Daten in dieselbe bg geschrieben, in der die Inode der Datei steht, und dann wird ein long Seek erzwungen und in einer anderen bg weiter geschrieben. Dadurch bleiben Datenblöcke in der bg frei, sodaß die nächste Datei, die angelegt wird Datenblöcke frei vorfindet in derselben bg wie ihre Inode.\nIn diesem fall ist es messbar vorteilhaft, die Datei zu fragmentieren als die unfragmentiert zu lassen. Cool was?\nJannik: Noch am lesen. Weiß nicht ob ich das genau verstanden habe. Nochmal lesen ;)\nIsotopp: Vielleicht so: eine bg ist ein kleines Dateisystemchen mit Inodes und Datenblöcken. Wir wollen gerne, dass die Datenblöcke einer Datei dicht an der Inode stehen, sonst Seek und Seek ist langsam bei Platten.\nWenn wir eine grosse Datei abspeichern, belegen wir eine Inode in einer bg und dann alle Datenblöcke in dieser bg, weil es ja eine grosse Datei ist.\nWenn wir eine zweite Datei in derselben bg speichern wollen, finden wir noch eine freie Inode (war ja erst eine belegt) und dann aber keine Datenblöcke mehr, denn die lange erste Datei hat die ja alle belegt.\nßWir müssen also die Datenblöcke von Datei 2 weit entfernt von der Inode von Datei 2 abspeichern, da die Datenblöcke in der Datei wo die Inode steht belegt sind. Das ist doof.\nJannik: Klar das hab ich noch verstanden. Müssen wir?\nIsotopp: Wenn du die Inodes in dieser Blockgroup nicht ganz aufgeben willst - ja.\nJannik: Ach so, ja klar.\nIsotopp: Über die Regeln, wie man Inodes auswählt, reden wir noch.\nDer Punkt ist, dass wir Inode 2 beschreiben wollen in derselben bg wie Inode 1, aber keine Datenblöcke in dieser bg mehr frei sind. Also können wir nur die Inode nehmen, müssen die Datenblöcke fuer Inode 2 aber weit weg in einer anderen bg abspeichern.\nufs versucht das zu vermeiden, genauer versucht ufs zu vermeiden, dass eine einzige grosse Datei alle Datenblöcke in einer bg belegt.\nufs geht also so vor:\nWenn Datei 1 geschrieben wird, wird eine Inode in der bg belegt und die daten zu dieser Inode 1 erst mal in dieselbe bg wie die Inode geschrieben nach einem MB oder so (konfigurierbar) macht ufs dann aber einen long Seek, erzwingt einen Wechsel der bg. Das erste MB der langen Datei steht also in der ersten bg, der Rest dann in einer anderen, nach einem weiteren MB dann in einer noch anderen und so weiter. ufs verteilt die grosse Datei also über die Datenblöcke in allen Blockgroups, in 1 MB grossen fragmenten.\nJannik: Dadurch wird sie fragmentiert, aber ist das nicht schlecht für sie? Wird das nicht langsamer? Effektiver wäre es vielleicht, wenn man das über mehrere Festplatten machen würde, mit LVM und so vielleicht?\nIsotopp: Ein wenig. Aber: in der ersten bg sind nun noch Datenblöcke frei, und das erste MB von Datei 2 kann nun ebenfalls dicht bei der Inode von Datei 2 stehen. Und ja, Raid 0, Raid 10 oder andere Dinge können hier helfen. Mehr Spindeln = mehr Möglichkeiten pro Sekunde, einen Seek zu machen. Aber wenn du die Anzahl der spindeln als konstant (1, oder meinetwegen 6) ansetzt, brauchst du trotzdem eine Optimierungsstrategie. Man kann ja nicht jedes Problem mit beliebig viel Geld bewerfen. Aber Dein Denkansatz ist vollkommen korrekt - mehr spindeln = mehr Seeks = weniger probleme. Der Punkt ist - mit long Seeks stehen die Dateianfänge aller Dateien dicht bei den Inodes dieser Dateien. Stell dir etwa mal ein file * auf ein Verzeichnis vor. Oder konqueror file:/home/jannik - da müssen ja Previews gerendert werden, Dateitypen bestimmt und so weiter. Da ist es schon ausgesprochen nützlich, wenn man die Dateianfaenge (die ersten MB oder so) dicht an den Inodes hat.\nJannik: Steht das Wichtigste über eine Datei nicht im Anfang? Dateityp, Berechtigungen etc.?\nIsotopp: Wenn ein Dateiformat schlau überlegt ist, dann steht es am Anfang. Aber metadaten wie Berechtigungen, Zeitstempel und alles andere stehen in der Inode. Schau mal in /usr/src/linux/include/linux/ext2_fs.h\nJannik: Wenn man mehrere Festplatten hätte, dann wäre es doch ziemlich cool die Dateien darüber zu streuen…\nIsotopp: Und suche da nach struct ext2_Inode. Das ist eine Inode auf der Platte und was da drin steht. Der struct ext2_Inode ist 128 Byte gross, wenn man nachzählt. In einen 1024 Byte Block passen also 8 davon.\nJannik: Den Pfad gibts bei mir nicht.\nIsotopp: Dann hast du keine Kernelsources oder Kernelincludes installiert. Guckst Du bei lxr Das ist ein struct, eine Datenstruktur in C. Das ist eine ext2/ext3 Inode auf der Platte. Die daten da drin kannst du auslesen. Hast du eine ext2 oder ext3 Partition irgendwo wo du root bist?\nJannik: Ja. Ähm, lvm is ja egal oder?\nIsotopp: Es geht nur um das Dateisystem, nicht um die Art der Partition.\nJannik: Gut. Ja, dann hab ich.\nIsotopp: Hast du ein /boot?\nJannik: /boot ist ext2.\nIsotopp: Wie heisst die Partition bei Dir? Bei mir ist /boot auf /dev/sda5.\nJannik:\n# mount |grep boot dev/hdb4 on /boot type ext2 (rw) Isotopp:\nlinux:~ # debugfs /dev/sda5 debugfs 1.38 (30-Jun-2005) debugfs: ls 2 (12) . 2 (12) .. 11 (20) lost+found 40 (16) message 6025 (24) grub 29 (12) boot 31 (16) vmlinuz 13 (76) initrd debugfs arbeitet ja auf Dateisystemen, deswegen siehst du nur Sachen in /dev/hdb4 und nicht Zeugs da drüber Du kannst nun mal stat auf einen Kernel machen. In meinem Fall\ndebugfs: stat vmlinux-2.6.13-15-default.gz Inode: 27 Type: regular Mode: 0644 Flags: 0x0 Generation: 1675033442 User: 0 Group: 0 Size: 1838899 File ACL: 0 Directory ACL: 0 Links: 1 Blockcount: 3608 Fragment: Address: 0 Number: 0 Size: 0 ctime: 0x43f86651 -- Sun Feb 19 13:36:33 2006 atime: 0x4419638b -- Thu Mar 16 14:09:31 2006 mtime: 0x4327102c -- Tue Sep 13 19:45:16 2005 BLOCKS: 0-11):9711-9722, (IND):9723, (12-267):9724-9979, (DIND):9980, (IND):9981, (268- 523):9982-10237, (IND):10238, (524-779):10239-10494, (IND):10495, (780-1035):104 96-10751, (IND):10752, (1036-1291):10753-11008, (IND):11009, (1292-1547):11010-1 1265, (IND):11266, (1548-1795):11267-11514 TOTAL: 1804 Vergleiche das mit LXR vmlinux-\u0026hellip; ist Inodenummer 27, ein Regular File.\nIn der Inode stehen\nder Mode (hier: 0644), die Flags (keine), die ACL Nummern (keine) der Owner (root, 0) und die Group (0, root) die Datei hat einen Namen (Linkcount 1), und 3608 blocks die hat eine ctime, atime, mtime und dann kommen die Blocknummern der Datenblöcke und der Datenblockzeiger (INDirect blocks) Und im struct siehst du genau das: Platzhalter für den Mode (16 bit), eine uid, die Größe der Datei in Byte, die atime, ctime, mtime und dtime (nur gesetzt, wenn die Datei deleted wird) die Gruppennummer, der Linkcounter die Anzahl der Blöcke und das Flags Feld. und das Wichtigste: struct: __le32 i_block[EXT2_N_BLOCKS]; die Blockadressen der Datenblöcke.\nIn der Inode steht also alles über die Datei - ihre Eigenschaften und die Zeiger auf die eigentlichen daten, nur eine Sache fehlt.\nWeißt du, welche Sache das ist?\nJannik: Die Daten.\nIsotopp: Richtig, die stehen in den Datenblöcken. Ich meinte aber was anderes, eigentlich.\nJannik: Oder was es für eine Datei es ist.\nIsotopp: Das steht in den oberen 4 Bit von i_mode. Der Filemode ist ja sstrwxrwxrwx - das sind nur 12 Bit.\nJannik: Steht da ob mp3 oder .wav? Das meinte ich.\nIsotopp: Das ist ja eine Extension, also Teil des Dateinamens. Aber jetzt bist du auf einer Spur. Wo steht der Dateiname?\nJannik: In der Datei. Also in den Datenblöcken.\nIsotopp: Nein, da stehen nur die Daten. Jannik, mach mal cd $HOME; touch lall; ln lall laber und dann ls -li lall laber und paste den output.\nJannik:\n# ls -li lall laber 870099 -rw-r--r-- 2 root root 0 2006-05-08 21:43 laber 870099 -rw-r--r-- 2 root root 0 2006-05-08 21:43 lall Isotopp: Wie lang ist die Datei?\nJannik: Genau das hat uellue mir letztens erklärt mit den Hardlinks.\nIsotopp: wie lang ist die Datei?\nJannik: 870099?\nIsotopp: Nein, das ist die Inodenummer.\nJannik: Ah, so. Ähm…\nIsotopp: 0\nJannik: ja\nIsotopp: In der Datei steht der Name nicht, denn die Datei ist ja 0 byte lang. Sie hat gar keine Datenblöcke.\nJannik: Suchte grad nach ner Zahl g Ach so, ja genau, touch erstellt nur eine Inode?\nIsotopp: ja\nJannik: Und jetzt hat man 2 Inodes.\nIsotopp: In der Inode kann der Name auch nicht stehen. Denn beide Dateien haben ja dieselbe Inodenummer, aber verschiedene Namen.\nJannik: Die auf das Gleiche verweisen würden?\nIsotopp: So ist es. Hast du 2 Inodes? Nein. Die Zahlen sind gleich am Anfang.\nWir lernen: der Name einer Datei steht nicht in den Daten (0 bytes, keine Datenblöcke), und auch nicht in der Inode (2 Namen, eine Inode, wie wir beweisen können). Was bleibt?\nDer Name einer Datei steht in einem Verzeichnis. Verzeichnisse sind auch Dateien und in denen speichert Linux paare von (Name, Inodenummer) ab.\nLXR zeigt wie.\nEin ext2_dir_entry ist eine Inodenummer (32 bit) und dann ein Record von rec_len Bytes Länge, in dem name_len viele Bytes verwendet werden. und dann natürlich der name, name_len bytes lang in ASCII. Mit touch lall; ln lall laber machst du also einen eintrag (870099, lall) und einen Eintrag (870099, laber) in . (dem aktuellen Verzeichnis)\nJannik: Ja.\nIsotopp: Hey, welche Inode hat /boot? ls -dlsi /boot sagt es dir?\nJannik:\n# ls -dlsi /boot 2 2 drwxr-xr-x 4 root root 2048 2006-05-02 00:37 /boot Isotopp: Und welche Inode hat /?\nJannik:\n# ls -dlsi / 2 4 drwxr-xr-x 22 root root 4096 2006-04-26 23:31 / Isotopp: Die erste Zahl ist die Inodenummer, die 2. Zahl ist die Länge in Blöcken. Beide Dateien / und /boot haben als die Inode 2. Wie kann das sein?\nJannik: Ähm. Beide sind in / eingehängt?\nIsotopp: Naja, / ist nirgendwo eingehaengt, / ist /.\nJannik: Ja, ok. Deshalb? Was hätte dann die erste Inode?\nIsotopp: Du bist auf der richtigen Spur. Die root-Inode in ext2 hat immer die Nummer 2. Und da / und /boot jeweils verschiedene Dateisysteme sind, haben beide root-Inodes, also haben beide die Inode 2.\nJannik: Ach ja\nIsotopp: Wie kann Linux die beiden auseinander halten?\nJannik: Durch die Verzeichnisstruktur?\nIsotopp: Nun eines ist auf /dev/hdb4, das andere auf /dev/hdbsonstwas. Und wenn du ls -l /dev/hdb* machst siehst du, daß jedes Device da intern andere Gerätenummern hat. Die Inodenummer in Unix ist also nicht eindeutig, aber auf jedem System ist die Kombination (major number, minor number, Inode number) zu jedem Zeitpunkt eindeutig. (maj, min) bezeichnen die Partition, und in einer Partition ist (ino) eindeutig Schau mal hier -\u0026gt; LXR . Das mit der Inode 2 denke ich mir ja nicht aus, das muss ja irgendwo im source stehen und da steht es.\nJannik: cool\n#define EXT2_BAD_INO 1 /* Bad blocks Inode */ Was soll das dann heißen? Das wird einfach ausgelassen?\nIsotopp: Inode 1 ist eine Datei, die in der Regel keinen Namen hat und die nur aus kaputten Blöcken besteht.\nWenn du eine alte Platte hast, noch ohne Bad Blocks Management, dann kannst du ein Dateisystem mit mke2fs -c /dev/... anlegen. Das dauert sehr lange, denn dabei wird jeder Block gelesen. Zwangsläufig sind auf jeder HDD immer einige Blöcke im Eimer, -c findet die und fügt sie dann in die Datei Inode 1 ein. Dadurch sind sie belegt und können nicht Bestandteil einer anderen Datei werden.\nBei Disketten mit ext2 hat man das sehr, sehr oft gebraucht (Ich nehme an, Du hast noch mit Disketten gearbeitet, irgendwann mal).\nJannik: Mach ich immer noch , aber noch nicht mit Linux. Habe es noch nicht gebraucht. Doch, ich habe mal meinen grub auf einer Diskette gehabt, in einem externen diskettenlaufwerk :D mit usb, hat er geschluckt. Fand ich cool.\nIsotopp: Die erste Datei, die auf einem ext2 angelegt wird, noch beim Erstellen, ist lost+found. Die hat dann immer Inode 11, denn EXT2_GOOD_OLD_FIRST_INO ist 11. Wenn du also mal ein ls -li / /boot machst, wirst du sehen, dass\nlost+found 11 ist alle Inodenummern ausser . und .. größer als 11 sind. (vorausgesetzt, alle betrachteten Dateisysteme sind ext2/ext3, denn bei reiser ist alles anders. Jannik:\n2 drwxr-xr-x 4 root root 2048 2006-05-02 00:37 boot Hat wieder kleinere Inode ;P\nIsotopp: Wieso ist das so?\nJannik: Ja, weil das wieder ein eigenes Dateisystem ist ;)\nIsotopp: Genau! Wir wissen nun:\nVerzeichnisse sind Dateien. Verzeichnisse sind Listen von Namen und Inodenummern die /-Inode jedes ext2-Dateisystems ist 2 es kann mehr als eine Inode 2 pro system geben, und an der (maj, min) des Devices auf dem sie liegt können wir sie unterscheiden. in der Inode stehen alle Informationen über eine Datei, insbesondere der Mode, die Times, und die Datenblockzeiger in der Inode steht NICHT der name der Datei, der steht im Verzeichnis in den Datenblöcken stehen nur die Daten Jannik: Auch wenn ich da jetzt noch nicht sehe, wie er das unterscheidet von / \u0026hellip; Wie kann ich \u0026ldquo;(maj, min) des Devices auf dem sie liegt\u0026rdquo; herrausfinden?\nIsotopp: jannik: mit mount oder genauer, mit cat /proc/mounts, denn da holt mount das her, und diese Liste ordnet Devices und Namens-Stummel einander zu. Linux weiß dann: wegen /dev/sda5 /boot ext2 rw 0 0 muß ich ab /boot neu zu zählen anfangen, und zwar\nlinux:/proc # ls -l /dev/sda5 brw-r----- 1 root disk 8, 5 May 6 22:44 /dev/sda5 auf (8, 5) statt auf (8, 1), bzw in meinem Fall statt auf (8, 5) auf (253, 1)\nlinux:/proc # ls -lL /dev/system/root brw-r----- 1 root disk 253, 1 May 6 22:44 /dev/system/root Isotopp: Wir wollten über Dateisysteme und Layoutstrategien reden.\nWir wollten ja, dass die Platte möglichst wenig Seeken muss. Und wir hatten gelernt: es ist gut, Fragmentierung zu vermeiden und \u0026ldquo;dicht\u0026rdquo; zu packen, aber nicht zu dicht, sonst nehmen wir Platz fuer die folgenden Dateien weg.\nDaher machen wir nach großen Fragmenten von ca. 1 MB oder so eine absichtliche Fragmentierung um Platz fuer neue Dateien zu lassen. Platten können Seeks machen, ab und zu. Kleine fragmente sind es, die uns langsam machen.\nJannik: Ja.\nIsotopp: Wenn ich nun ein Verzeichnis anlege in ext2, und darin Dateien anlege, dann wird ext2 die Dateien alle in dieselbe bg tun wie das Verzeichnis. Ich kann das an den Inode-nummern sehen. Die Inode-nummern aller Dateien (nicht-Verzeichnisse) in / sollten in etwa gleich groß sein.\nJannik: Ja\nIsotopp: Aber wenn ext2 ein Verzeichnis anlegt, dann tut es das neue Verzeichnis in einer andere bg als das Elternverzeichnis. Die Inode-nummern aller Verzeichnisse in / sollten sich von der Inode-nummer von / sehr unterscheiden.\nlinux:/boot # ls -li 2 drwxr-xr-x 5 root root 2048 Mar 26 11:00 . 28 -rw-r--r-- 1 root root 1541719 Sep 13 2005 vmlinuz-2.6.13-15-default 40 -rw-r--r-- 1 root root 133120 Nov 2 2005 message 6025 drwxr-xr-x 2 root root 1024 Feb 11 21:20 grub 10041 drwxr-xr-x 2 root root 1024 Dec 13 09:48 mysql und in grub dann:\nlinux:/boot/grub # ls -li total 285 6025 drwxr-xr-x 2 root root 1024 Feb 11 21:20 . 6040 -rw-r--r-- 1 root root 10 May 2 14:01 default 6039 -rw------- 1 root root 15 Nov 2 2005 Device.map 6026 -rw-r--r-- 1 root root 7540 Dec 17 06:52 e2fs_stage1_5 Da liegt dann alles beieinander, und in einer anderen bg als /. ext2/ext3 sortiert also Dateien in einem Verzeichnis dicht beieinander, und Verzeichnisse weit auseinander. Dadurch wird die ganze Platte gleichmäßig genutzt, aber auch das ist eine Art absichtlicher Fragmentierung\nJannik: Ja.\nIsotopp: Es werden künstlich kontrolliert Seeks eingefuegt, um die Struktur des Systems zu erhalten und unkontrolliert entstehende kleine Fragmente zu vermeiden.\nJannik: Gut.\nIsotopp: Die abstrakte Logik: irgendwann müssen wir sowieso fragmentieren. Das ist auch nicht schlimm, solange die Stücke einigermassen groß sind. Also fragmentiert ext2/ext3 und auch BSD ufs absichtlich und macht große Stücke, die nicht schaden. Dadurch entsteht eine locker gepackte Struktur, die die ganze Platte ausnutzt, statt sich auf einer Ecke der Platte zu ballen und sich selbst im Weg zu stehen.\nJannik: Hmm\u0026hellip; Ich lerne daraus, dass ich meine Platten nie überfülle (Dateisysteme).\nIsotopp: Genau. Und jetzt: wir erinnern uns was schlimm ist - Seeks. Nimm an, du hast ein gut organisiertes ext2 oder auch vfat system, frisch defragmentiert. Du loggst dich da ein und lädst dein kde, und uellue loggt sich ebenfalls da ein und startet sein gnome, und ich logge mich da ein und starte mein mysql. Alle gleichzeitig. Was wird passieren?\nJannik: Die Festplatte wird springen müssen (Der Kopf) wenn sie alles gleichzeitig machen soll\nIsotopp: Was nutzt uns unsere Defragmentierung nun?\nJannik: Nix. In dem Fall ändert das nix.\nIsotopp: Unfragmentierte Dateien sind Dateien, die auf der Platte mit aufeinanderfolgenden Blocknummern stehen aber das nutzt nix, wenn die Lesezugriffe nicht linear erfolgen.\nFragmentierung oder Defragmentierung beschäftigen sich mit einem statischen Layout von Daten auf einer Platte, aber entscheidend in einem System ist die dynamische Sequenz von Lesezugriffen über die Zeit.\nIn einem Singleuser/Singleprocess-System wie MS-DOS gibt es nur einen user und nur ein programm zur zeit.\nJannik: Willst du darauf hinaus, dass Defragmentierung auf ext2 z.b. nicht nötig ist?\nIsotopp: Das liest dann seine Daten durch, wodurch die dynamische Lesefolge immer der statischen Anordnung von Daten auf der Platte entspricht, da die Zugriffe niemals unterbrochen werden können.\nIn MS-DOS bringt es also was, zu defragmentieren.\nMS-DOS hat auch keinen file-system cache, d.h. jeder read() endet unweigerlich immer auf der Platte.\nIn Linux ist die Situation weitaus komplizierter: wir haben mehrere User, jeder hat mehrere Programme, die lesen können und wir haben einen haufen RAM, den wir als Cache verwenden, sodaß viele Reads gar nicht mehr auf die Platte gehen.\nFür Seeks (die sind ja das, was langsam ist) ist aber die dynamische Folge von Seeks, die die Platte wirklich sieht, relevant.\nUnd die entspricht bei Linux nun genau nicht mehr dem statischen Bild auf der Platte.\nWenn die Daten auf der Platte defragmentiert sind, und wenn die Lesezugriffe eines Programmes nicht durch andere Reader unterbrochen werden und wenn der cache leer ist, dann ist Defragmentierung relevant, auch bei Linux.\nAlso\nbeim Booten beim Login nach dem Booten Das kann sehr viel schneller sein auf einem ordentlich defraggten System, denn da ist der Cache leer und Programme greifen nacheinander zu.\nDanach - naja, ich habe\nlinux:/boot/grub # free -m total used free shared buffers cached Mem: 1011 909 101 0 82 280 -/+ buffers/cache: 547 464 Swap: 2055 3 2051 ein Gig RAM, und davon sind 547 MB durch Programme belegt und 82+280 MB in Filesystem Caches. Die meisten meiner Reads gehen der Platte am Arsch vorbei, denn sie kommen aus dem Cache.\nJannik:\n# free -m total used free shared buffers cached Mem: 1517 1484 33 0 40 1052 -/+ buffers/cache: 391 1126 Swap: 1011 313 698 LOL.\nIsotopp: Du hast 1.1 Gig im Cache.\nJannik: 1 GB cached?? Wow.\nIsotopp: Wie auch immer: Fragmentierung von Linux-Dateisystemen spielt eine eher untergeordnete Rolle. ext2 und ext3 fragmentieren absichtlich und auf eine kontrollierte Weise, damit große, schlau angeordnete Fragmente entstehen, und auch ohne Fragmente können Seeks auf der Platte durch konkurrente Zugriffe entstehen.\nWichtiger als zu Defragmentieren ist es, einen grossen Filesystem Cache zu haben. Soweit klar?\nJannik: ja\nIsotopp: 1.1% fragmentation bei einem fsck sind also eine gute Sache.\n0.0% wären doof. Das heisst ja, dass wir einen nicht aufgelockerten Klumpatsch von Dateien haben (oder nur sehr viele, sehr kleine Dateien).\n20% fragmentierung sind auch doof. Das kann zum beispiel passieren, wenn wir sehr viele, sehr kleine Dateien haben und dauernd Dateien löschen und anlegen. Etwa in einem Squid Cache oder in einem USENET News mit tradspool.\nEntscheidend ist aber - und die information gibt uns fsck leider nicht - daß die stücke alle so mittelgross sind, etwa 1/100 bis 1/10 einer Blockgroup gross.\nKleiner ist von Übel, weil kleine Stücke viele Seeks bedeuten, und größer ist von Übel, weil große Stücke die bgs zustopfen.\nJannik: Ich schätze, ich will heute nicht mehr wissen, was reiserfs so toll macht?\nIsotopp: Heute nacht nicht, das schaffen wir nicht in 20 Minuten. Aber wenn du willst kannst du dir als Hausaufgabe mal ein ext2 directory aufmalen, mit (Inode, nam_len, rec_len, Dateiname) und dann überlegen, wie du die Datei mit dem namen toller name eigentlich in einem Verzeichnis mit 1 Million Einträgen findest, löscht und dann die Datei mit dem namen blurb da drin anlegst. Und wieso das so lange dauert mit einer Million Einträgen. Dann können wir bald mal über reiser reden und wieso das da nicht so lange dauert.\nJannik: Ok. :D Erst mal die Hausaufgabe verstehen.\nJannik: Isotopp: das dauert so lange weil man erst alles abklappern muss, bis man auf den Namen trifft. Muss ja alles überprüfen, ist jede Menge Arbeit . Gute Nacht, Isotopp, und Danke :D\nIsotopp: jannik: genau. Das ist effek0tiv eine \u0026ldquo;lineare Liste\u0026rdquo;.\nWir schreiben Montag, den 8. Mai 2006, sie hörten den \u0026ldquo;Dienstag\u0026rdquo; zum Thema \u0026ldquo;Dateisysteme und Fragmentierung\u0026rdquo;\nIsotopp: und so eine Liste skaliert sich halt mit der Anzahl der Einträge im Verzeichnis.\nJannik: immerhin ist die nicht fragmentiert *g*\nIsotopp: oh, die kann fragmentieren. Wenn ich langer name eigentlich lösche und dann kurz erzeuge, bleibt ein Stück frei. Das ist entweder verloren oder muss gelegentlich wieder belegt werden.\nJannik: Wer sorgt für die Ordnung dafür? Wie räumt man denn schön auf auf seinem Dateisystem?\nIsotopp: und das alles werden wir ein andermal besprechen.\n","date":"2006-05-08T00:00:00Z","href":"https://blog.koehntopp.info/2006/05/08/fragmentierung-fuer-jannik.html","tags":["computer","filesystems","erklaerbaer","lang_de"],"title":"Fragmentierung (für Jannik)"},{"categories":null,"content":"A talk given by Kai Voigt at Linuxtag in Wiesbaden, based on LDAP vs. SQL and additional experience we had, based on our work with directory services.\nSQL vs. LDAP Both SQL and LDAP are infrastructures to store, retrieve and modify data. Various implementations are available, either free or commercial software.\nThis talk will introduce SQL and LDAP, explain what they have in common, where they are different and how they should be used. The most popular implementations will be listed, and which of them make most sense in different environments.\nSQL and LDAP are based on different data structures. SQL is a relational data model, while LDAP is a hierarchical model. Both will be looked at in detail.\nExamples from the real world illustrate when SQL or LDAP should be used. Sometimes it\u0026rsquo;s best to just use one system, in some cases a mixture of both makes sense.\nAlso, common mistakes will be demonstrated when people use the wrong system, either by lack of knowlegde or by following some hype.\nKai Voigt Kai Voigt works as an Instructor and Consultant for MySQL and used to implement LDAP based systems and applications in former engagements. He was invited as a speaker at various conferences, including Roxen User Conference and Open Source Database Conference.\nGoals Understand different data structures Know about operations on data Know common LDAP problems Know LDAP benefits Make the right decision Implementations SQL\nMySQL PostgreSQL Oracle MS SQL DB2 LDAP\nOpenLDAP SUN MS Active Directory Netscape Data Structures SQL Structures Catalogs, Databases, Tabkles, Rows, Columns Columns hold single values (or NULL) Columns have scalar data types Indexes on table level Foreign key constraints between tables Foreign Keys, Constraints LDAP Structures Data Objects in Hierarchy Attributes and data types defined by Objectclasses (may/must exist) Primary Key: Distinguished Name Indexing on data type No foreign key constraints LDAP tree, dn An LDAP node DN: city=1,cont=asia,o=myworld Set of attributes Name=Tokyo Population=18.000.000 Language=Japanese Langiage=Chinese Country=Japan Hierarchies in SQL Storing Primary Key of parent as column Accessing Joining the table to itself Just static depth Data sizes SQL Larger data, higher latency LDAP Smaller data, lower latency Operations SQL Operations Selection: WHERE clauses Projection: SELECT plus Columns List Aggregation: GROUP BY Combination: INNER/OUTER JOIN and Rename for Self-Join LDAP Operations Selection on attribute values Projection on attributes (no synthetic values Aggregation: not possible Combination: not possible) SQL Usage Storage for large scale data\nBusiness Logic\nConclusion: complex and concurrent queries\nLDAP Usage Authentication\nConfiguration Files\nAddress Books\nConclusion: Many trivial quick read requests\nCommon Problems Top 5 Using only LDAP Using LDAP for massive write requests Changing LDAP structure Using LDAP for complex queries Bad data design in LDAP Using LDAP only Data Types, Objectclasses Need to be extended in most cases Server restart required No referential integrity No relations between DNs unstable Write Requests No transactions \u0026ldquo;add\u0026rdquo; and \u0026ldquo;modify\u0026rdquo; are atomic No locking No bulk updates No scalable replication Changing Structure Schema definition out-of-band MAY inflation No introspection Complex Queries DN is primary key DN contains structural information DN is unstable Moving an Object kills you No SQL Joins Data Design Organisational hierarchies into LDAP trees DN not opaque Large data in LDAP Multiple Value Attributes Other Problems No simple server-side functions No normalization No powerful SQL features Stored Routines, Views, Triggers LDAP Benefits Speed Low Connection Overhead Simple Queries Common Operations Existence Testing Single Attributes Authentication Compatibility Standards Wire Protocol Data Types Interoperability e.g. Apple Mail Client + SUN LDAP Server The right decision No rule of thumb Analyze data structures and operations\nRun benchmarks\nIndividual solution for each project\nSolution might be changed in the future\nBest Practice SQL as leading system periodic or triggered exports to LDAP No writes to LDAP system by applications Backup required only on SQL system Thank you! ","date":"2006-05-04T00:00:00Z","href":"https://blog.koehntopp.info/2006/05/04/sql-vs-ldap-kai-voigt.html","tags":["lang_en","talk","publication","internet"],"title":"SQL vs. LDAP (Kai Voigt)"},{"categories":null,"content":"20:43 huzzel\u0026gt; ich brauch aber dieses dumme wlan 20:43 huzzel\u0026gt; ^^ 20:43 huzzel\u0026gt; sonst dreht mein vater durch 20:43 huzzel\u0026gt; weil ich ein lankabel durch die ganze wohnung gespannt habe 20:44 @CaptainCrunch\u0026gt; lankabel sind so...eighties ;) 20:52 @Isotopp\u0026gt; lankabel der eighties. 20:52 @Isotopp\u0026gt; ich zeig euch mal was. ","date":"2006-03-27T00:00:00Z","href":"https://blog.koehntopp.info/2006/03/27/yellow-cable.html","tags":["computer","damals","networking","lang_de"],"title":"Yellow Cable"},{"categories":null,"content":" Zwei Jahre später Aus dem Heise-Forum :\nDu bist sechzehn Jahre alt Man muss dich schützen vor Gewalt, Vor allem vor unglaublich vielen Unsäglich bösen Killerspielen. Doch zwei Jahre später dann, Statt rumzuhängen stehst du stramm, Statt weit geschnitten und lasziv Trägst du braun gefleckt oliv. Man zeigt dir, wie du richtig zielst Mit Spitzentechnik und du spielst Nicht mit Joystick, Maus und Browser Doch mit Hi-Tech Marke Mauser. Man ballert rum und schießt und rennt, Beim Unreal-Balkan-Tournament. Und dann spielst du, Dank Herrn Bush, Counterstrike am Hindukusch. ","date":"2006-03-10T00:00:00Z","href":"https://blog.koehntopp.info/2006/03/10/counterstrike-am-hindukusch.html","tags":["gaming","politik","lang_de"],"title":"Counterstrike am Hindukusch"},{"categories":null,"content":"Mein Freund Heinz ist Vertriebler, und manchmal sagen Vertriebler überraschend schlaue Dinge. Heinz zum Beispiel sagt sehr gerne \u0026ldquo;Niemand will Backup. Alle wollen Restore!\u0026rdquo; Er meint damit, daß ein Backup nicht nur ein lästiges Costcenter in der IT ist, sondern daß es außerdem keinen Mehrwert \u0026ldquo;an sich\u0026rdquo; darstellt. Der Mehrwert liegt nicht in der Datensicherung, sondern in der Wiederherstellung der Daten.\nEs ist sehr wichtig, dies im Kopf zu behalten, wenn man sein Backup plant: Es geht nicht wirklich um Datensicherung, sondern es geht um einen Plan für die Recovery von verlorenen Daten. Das beinhaltet nicht nur Überlegungen wie man welche Daten wiederherstellt, sondern auch, wie lange die Betriebsunterbrechung denn wohl dauern wird und ob das akzeptabel ist. Überlegungen zum Restore enden nämlich (im Gegensatz zu Überlegungen zum Backup) oft auch in HA-Konzepten oder organisatorischen und personellen Problemstellungen.\nEin guter Plan Zwei Überlegungen gehen jeder Backup \u0026ndash; Entschuldigung! \u0026ndash; Recoveryplanung voran. Der erste Gedanke ist: Was brauche ich wirklich um für den Kunden \u0026ldquo;operational\u0026rdquo; auszusehen? Wir bezeichnen diese Daten und die Systeme, die sie halten, als \u0026ldquo;P-Daten\u0026rdquo; und \u0026ldquo;P-Systeme\u0026rdquo; (\u0026ldquo;P\u0026rdquo; steht für \u0026ldquo;Production\u0026rdquo;). Diese Daten müssen organisatorisch und technisch eine Einheit sein in der Form, daß sie möglichst schnell wieder verfügbar sind. Es handelt sich dabei meistens um OLTP-Daten (Online Transaction Processing) aktueller Natur.\nIn einem Webshop sind diese Daten zum Beispiel der Katalog und Bestand, die notwendig sind, damit der Kunde auswählen kann, und die noch nicht bearbeiteten Orders und unbezahlte Rechnungen, die für den Versand und das Inkasso notwendig sind.\nIn einem Monitoring-System sind dies die aktuellen Zustände aller Systeme, und die offenen Tickets und Probleme.\nHistorische Daten, die nicht für die Produktion notwendig sind, sondern lediglich produktionsunterstützend verwendet werden, brauchen nicht so schnell wieder online zu sein. Meist handelt es sich um historische Daten, aus denen Statistiken für den Vertrieb, den Endkunden oder andere Nutzer generiert werden. Dies sind \u0026ldquo;PS-Daten\u0026rdquo; und \u0026ldquo;PS-Systeme\u0026rdquo; (Production Support).\nIn einem Webshop sind dies die Orderlogs mit erfüllten Ordern und alten Rechnungen, und die daraus generierten (und regenerierbaren) Statistikdaten.\nIn einem Monitoring-System wären dies die historischen Daten über Systemzustände und Performance.\nDiese Daten sind wichtig, aber nicht essenziell für das Funktionieren des Kerngeschäftes.\nIndem man diese Daten sinnvoll trennt, kann man Prozeduren entwickeln, die es einem erlauben, die Kerndaten von den \u0026ldquo;Nice to have\u0026rdquo;-Daten zu trennen und so bei großen Datenbeständen relativ schnell wieder zu recovern.\nKonfiguration mitsichern MySQL speichert seine Daten alle im Datadir. Legt man dort (oder eine Ebene höher) auch seine Konfiguration ab, kann man durch ein Sichern von Datadir (bzw. der Ebene höher) einen Komplettabzug aller seiner logischen Datenbankschemata bekommen.\nDamit meine Datenbank auch mit der my.cnf in meinem Datadir startet und NUR mit dieser Konfiguration läuft, verwende ich ein Startscript wie dieses hier:\nlinux:/export/data/rootforum # cat start #! /bin/bash -- MYSQL_CMD_DIR=/usr/local/mysql-max-5.0.18-linux-i686-glibc23 MYSQL_DIR=/export/data/rootforum MYSQL_UNIX_PORT=$MYSQL_DIR/mysql.sock MYSQL_TCP_PORT=3340 export MYSQL_UNIX_PORT MYSQL_TCP_PORT MYSQL_DIR cd $MYSQL_CMD_DIR $MYSQL_CMD_DIR/bin/mysqld_safe --defaults-file=$MYSQL_DIR/my.cnf --datadir=$MYSQL_DIR/data \u0026amp; Dieses Script startet den mysql_safe mit dem gegebenen Datadir und erzwingt dabei die Benutzung des korrekten Konfigurationsfiles. Es erzwingt auch die Verwendung eines alternativen Ports und Unix Domain Sockets, da ich auf meinem System eine ganze Reihe von MySQL-Instanzen laufen habe.\nDas Stopscript dazu findet einfach das PID-File in $MYSQL_DIR/data/*pid, und sendet ein \u0026ldquo;kill -TERM\u0026rdquo; an diesen Prozess. MySQL schreibt dann seine Puffer geordnet auf Disk und beendet sich. Man kann verifizieren, ob MySQL sich beendet hat, indem man wartet bis das PID-File verschwunden ist.\n#! /bin/bash -- MYSQL_DIR=/export/data/rootforum MYSQL_PID=$MYSQL_DIR/data/\\*pid # No Pid, no process - we are done [ ! -f $MYSQL_PID ] \u0026amp;\u0026amp; exit 0 # No Pid in file, no process, we are done pid=$(cat $MYSQL_DIR/data/\\*pid) if [ -z \u0026#34;$pid\u0026#34; ] then rm $MYSQL_PID exit 0 fi # Stop server kill -TERM $pid # Wait for server stop while [ -f $MYSQL_PID ] do sleep 1 done Das Binlog In Datadir befinden sich normalerweise die Unterverzeichnisse, die die logischen Datenbanken enthalten, die eigentlichen Daten, die von den einzelnen Storage-Engines in Dateien abgelegt werden, die Engine-spezifisch sind und die verschiedenen Logfiles. Für eine Datensicherung ist es vor allen Dingen wichtig, daß das Binlog angeschaltet ist. Das ist am einfachsten zu erreichen, indem man in seiner my.cnf-Datei einen Eintrag für das Binlog macht. Trägt man nur einen Schalter log-bin ein, wird das Binlog mit \u0026lt;hostname\u0026gt;-bin.xxxxxx erzeugt, wobei xxxxxx eine laufende Nummer ist. Es ist besser, dem Binlog gleich einen festen Namen zu geben, der sich nicht ändert, wenn sich der Hostname der Maschine ändert.\nAußerdem kann man die Option sync_binlog=1 setzen, die bewirkt, daß das Binlog nach jedem Kommando bzw. jeder Transaktion auch auf Disk geschrieben wird. Das erzeugt ein wenig mehr Disk-Aktivität beim Schreiben des Binlog, stellt aber sicher, daß keine Kommandos am Ende des Binlogs fehlen, wenn man einen Crash erlebt.\n[mysqld] log-bin=linux-bin sync_binlog=1 Nachdem man dies konfiguriert und den Server einmal angehalten und neu gestartet hat, um die Konfiguration zu aktivieren, bekommt man eine Reihe von Binlog-Dateien und eine Indexdatei, die ein Verzeichnis dieser Dateien ist.\nlinux:/export/data/rootforum/data # ls -l linux-bin* -rw-rw---- 1 mysql mysql 1034 Feb 13 23:07 linux-bin.000001 -rw-rw---- 1 mysql mysql 421 Feb 14 09:06 linux-bin.000002 -rw-rw---- 1 mysql mysql 1940 Feb 14 12:28 linux-bin.000003 -rw-rw---- 1 mysql mysql 117 Feb 14 14:13 linux-bin.000004 -rw-rw---- 1 mysql mysql 9666 Feb 20 13:40 linux-bin.000005 -rw-rw---- 1 mysql mysql 650 Feb 20 15:29 linux-bin.000006 -rw-rw---- 1 mysql mysql 98 Mar 1 10:33 linux-bin.000007 -rw-rw---- 1 mysql mysql 133 Mar 1 10:33 linux-bin.index linux:/export/data/rootforum/data # cat linux-bin.index ./linux-bin.000001 ./linux-bin.000002 ./linux-bin.000003 ./linux-bin.000004 ./linux-bin.000005 ./linux-bin.000006 ./linux-bin.000007 Die Binlog-Dateien enthalten alle Anweisungen, die Daten in Datadir verändern können in der richtigen Reihenfolge. Mit dem Programm mysqlbinlog kann man sie sich ansehen. Neben den eigentlichen Queries findet man dann auch noch weitere Anweisungen, die das Umfeld für diese Queries vorbereiten und einige Kommentare, die es einem erlauben, Queries desselben Threads zu identifizieren und zu isolieren. Außerdem finden sich im Binlog die Resultcodes und Ausführungszeiten für diese Statements als Kommentar.\nEin Beispiel:\nlinux:/export/data/rootforum # cat mysqlbinlog-3340 #! /bin/bash -- MYSQL_CMD_DIR=/usr/local/mysql-max-5.0.18-linux-i686-glibc23 MYSQL_DIR=/export/data/rootforum $MYSQL_CMD_DIR/bin/mysqlbinlog --defaults-file=$MYSQL_DIR/my.cnf $@ linux:/export/data/rootforum # ./mysqlbinlog-3340 data/linux-bin.000006 /\\*!40019 SET @@session.max_insert_delayed_threads=0\\*/; /\\*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0\\*/; # at 4 #060220 15:10:37 server id 3340 end_log_pos 98 Start: binlog v 4, server v 5.0.18-max-log created 060220 15:10:37 at startup ROLLBACK; # at 98 #060220 15:11:43 server id 3340 end_log_pos 179 Query thread_id=2 exec_time=0 error_code=0 SET TIMESTAMP=1140444703; SET @@session.foreign_key_checks=1, @@session.sql_auto_is_null=1, @@session.unique_checks=1; SET @@session.sql_mode=0; SET @@session.character_set_client=33,@@session.collation_connection=33,@@session.collation_server=33; drop database boom; Das Script mysqlbinlog-3340 ist mein Wrapper für mysqlbinlog, das einen Zeiger auf die passende Konfigurationsdatei und das zu verwendende Binary enthält. Auf diese Weise spare ich etwas Tipparbeit.\nDer Aufruf mysqlbinlog \u0026lt;name der Binlogdatei\u0026gt; gibt dann den Inhalt dieser Datei als SQL-Source aus. Man kann diese Ausgabe in ein mysql -u root -p umleiten und so die Anweisungen erneut ausführen lassen.\nDas eigentliche SQL sieht ein wenig komisch aus, ist aber gültig. Kommentare der Form /*! */ schließen dabei Statements ein, die nur ab einer bestimmten Version von MySQL verstanden werden sollen. Die Versionsnummer wird dabei als xyyzz gegeben, etwa mit x=4, yy=00 und zz=19. Das erste Kommando wird also nur dann gelesen, wenn der Dump von einem MySQL 4.0.19 oder neuer verarbeitet wird.\nEine Operation wird immer von einem Kommentar eingeleitet, der die Binlog-Position (\u0026ldquo;at 98\u0026rdquo;) des Eintrags nennt, und besteht aus einer Reihe von vorbereitenden Kommandos und dann dem eigentlichen Kommando. Die vorbereitenden Kommandos sind immer use \u0026lt;datenbankname\u0026gt;, wenn notwendig und eine Reihe von SET-Statements, darunter auch SET TIMESTAMP, der die Ausführungszeit des Kommandos als Unix-Timestamp enthält. SET TIMESTAMP bewirkt, daß Funktionen wie NOW() bei der Ausführung aus dem Binlog nicht mehr die aktuelle Zeit zurückliefern, sondern die mit SET TIMESTAMP gesetzte Zeit. Dabei besteht zurzeit ein wesentliches Problem mit MySQL 5.0 und der Funktion SYSDATE() - man sollte sich in MySQL 5.0 besser auf NOW() verlassen.\nroot@localhost [(none)]\u0026gt; SET TIMESTAMP=1; Query OK, 0 rows affected (0.00 sec) root@localhost [(none)]\u0026gt; SELECT NOW(), SYSDATE(); +---------------------+---------------------+ | NOW() | SYSDATE() | +---------------------+---------------------+ | 1970-01-01 01:00:01 | 2006-03-01 10:55:44 | +---------------------+---------------------+ 1 row in set (0.33 sec) Point in Time Recovery mit dem Binlog Man kann das Binlog nutzen, um nach einem Crash eine Point-in-Time Recovery zu fahren. Zu diesem Zweck benötigt man ein Vollbackup, und alle Binlogs, die seit diesem Zeitpunkt angefallen sind. Damit die Binlogs eine bessere Überlebenschance haben, wenn das System hard crashen sollte, legt man sie meistens auf einem anderen Dateisystem ab als das eigentliche Datadir. Angenommen, man installiert seine Datenbanken alle nach /export, dann würde man seine Partitionierung so haben wollen:\nlinux:/export/data/rootforum # df -Th Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/system-root reiserfs 8.0G 6.2G 1.9G 77% / tmpfs tmpfs 506M 0 506M 0% /dev/shm /dev/sda5 ext2 99M 8.9M 85M 10% /boot /dev/mapper/system-home reiserfs 8.1G 6.6G 1.6G 81% /home /dev/mapper/system-data reiserfs 600G 520G 83G 87% /export/data /dev/mapper/system-log reiserfs 600G 5.2G 594G 99% /export/log linux:/export/data/rootforum # grep log-bin my.cnf log-bin=/export/log/rootforum/linux-bin Angenommen man macht eine Vollsicherung von /export/data/rootforum am Montag, und sichert dann jeden Tag die Inhalte von /export/log/rootforum als inkrementelles Backup weg, dann kann man die Datenbank wie folgt rekonstruieren:\nFalls nur /export/data verloren ist, rekonstruiert man /export/data vom Montag aus der Vollsicherung und spielt dann die Binlogs von Montag bis Freitag mit mysqlbinlog wieder ab, indem man sie in einen mysql-Commandline-Client reinpiped. Da das Binlog kontinuierlich aufgezeichnet wird, kann man so bis zum Zeitpunkt des Crashes voran rollen.\nNatürlich muss man das Binlog genau ab dem Zeitpunkt abspielen, an dem das Vollbackup endet. Daher ist es wichtig, daß das Vollbackup als Snapshot erzeugt wird, also genau einen Point in der Zeit des Datenbankservers darstellt. Man muss außerdem wissen, welchen Namen dieser Punkt als Binlog-Position ausgedrückt hat. Es gibt verschiedene Möglichkeiten, dies zu erreichen, die weiter unten im Einzelnen diskutiert werden.\nFalls /export/data und /export/log verloren sind, muss man beide Verzeichnisse wieder herstellen und kann nur bis zum Zeitpunkt des letzten inkrementellen Backups wieder voran rollen. Daher wäre es schön, wenn man das Binlog nicht nur auf einer lokalen Platte sichern könnte, sondern auch noch einen Mechanismus hätte, der das Binlog \u0026ldquo;live\u0026rdquo; absaugt und woanders abspeichert.\nDieser Mechanismus ist genau ein Replication Slave. Einen Slave setzt man auf, indem man ein Vollbackup des Masters auf einem anderen Rechner einspielt, und als Datenbankserver startet. Auf dem Master erlaubt man dem Slave jetzt das Login mit dem Recht das Binlog abzusaugen:\nroot@master [rootforum]\u0026gt; CREATE USER \u0026#34;slave\u0026#34; IDENTIFIED BY \u0026#34;pukcab\u0026#34;; root@master [rootforum]\u0026gt; GRANT REPLICATION SLAVE ON \\*.\\* TO \u0026#34;slave\u0026#34;; Dem Slave teilt man mit, wo sich der Master befindet und wie man sich dort einloggen kann. Außerdem muss der Slave natürlich wissen, auf welchem Stand er gerade ist.\nroot@slave [rootforum]\u0026gt; CHANGE MASTER TO MASTER_HOST=\u0026#34;master\u0026#34;, -\u0026gt; MASTER_PORT=3306, -\u0026gt; MASTER_USER=\u0026#34;slave\u0026#34;, -\u0026gt; MASTER_PASSWORD=\u0026#34;pukcab\u0026#34;; root@slave [rootforum]\u0026gt; CHANGE MASTER TO MASTER_LOG=\u0026#34;linux-bin.000001\u0026#34;, -\u0026gt; MASTER_POS=98; Die Binlogs ab File 1, Position 98 müssen auf dem Master nun noch bereitstehen. Der Slave wird sich nach einem START SLAVE IO_THREAD auf dem Master einloggen und damit beginnen, diese Files zu sich runterzuladen und sie im Slave abzuspeichern. Nach einem START SLAVE SQL_THREAD wird er außerdem damit beginnen, sie auszuführen. Mit SHOW SLAVE STATUS\\G kann man den Slave dabei beobachten, wie er die Binlogs vom Master absaugt und lokal abspielt.\nMit dem Slave hat man also nicht nur einen Binlog-Sauger gebaut, sondern der Slave spielt die Binlogs auch gleich ab, sodass man zur Recovery einfach nur das Datadir vom Slave nehmen und auf den Master transportieren muss. Das ist die schnellste und bequemste Methode der Recovery.\nPhysikalisches Vollbackup erstellen Ein binäres Vollbackup ist einfach ein Abzug von Datadir, in unserem Beispiel also /export/data/rootforum. Dabei muss lediglich sichergestellt sein, daß die Datenbank ihre Finger aus dem Datadir fernhält während das Backup läuft. Am einfachsten kann man das erreichen, indem man die Datenbank vor dem Backup runterfährt und nach dem Backup wieder startet. Nur so kann man sicher erreichen, daß auch alle Daten auf der Platte und konsistent sind, während das Backup gemacht wird.\nWird lediglich MyISAM verwendet und kommt InnoDB nicht zum Einsatz, kann man statt des Runterfahrens auch FLUSH TABLES WITH READ LOCK machen - die Verbindung mit diesem Kommando muss aber während des ganzen Backup stehen bleiben, denn das \u0026ldquo;UNLOCK TABLES\u0026rdquo; wird automatisch durchgeführt, wenn die Verbindung des FLUSH TABLES WITH READ LOCK-Prozesses beendet wird. \u0026ldquo;FLUSH TABLES\u0026rdquo; wirkt aber nicht auf InnoDB, sodass man bei Verwendung von InnoDB sowieso die Datenbank runterfahren muss.\nDamit die Downtime der Datenbank möglichst klein ist, verwendet man am besten einen Volume Manager mit Snapshots. Das Backup kann dann so ausgeführt werden:\n! /bin/sh -- SNAPSIZE=4G pass=geheim cd /export/data/rootforum # Optional: Neues Binlog anfangen ./mysql-3340 -u root -p$pass \u0026#39;flush logs\u0026#39; # Snap database ./stop name=$(tail -1 /export/log/rootforum/linux-bin.index) size=$(stat -c \u0026#39;%s\u0026#39; $name) echo \u0026#34;binlog position $name $size\u0026#34; \u0026gt; /export/data/rootforum/data/restore.info lvcreate -s -L $SNAPSIZE -n snap /dev/system/data ./start # Backup snapshot mount /dev/system/snap /export/snap dobackup /export/snap/rootforum umount /export/snap lvchange -a n /dev/system/snap lvremove /dev/system/snap # Optional: Binlog kürzen ./mysql-3340 -u root -p$pass -e \u0026#34;purge master logs to \u0026#39;$name\u0026#39;\u0026#34; Das Script hält erzeugt erst einmal ein neues Binlog, indem es ein \u0026ldquo;FLUSH LOGS\u0026rdquo;-Kommando absetzt.\nDanach hält es die Datenbank mit dem Stopscript kurz an. Sobald das der Fall ist, kann die zum Backup gehörende Binlog-Position bestimmt werden und im Backup abgespeichert werden. Die zum Backup passende Binlog-Position bestimmt man dabei am einfachsten, indem man den Namen und die Größe der letzten im Index stehenden Binlog-Datei aufzeichnet. Das Binlog ist gerade neu erzeugt worden, wird also relativ klein sein.\nMithilfe von Linux LVM wird nun ein Snapshot des Dateisystems erzeugt. Das geht sehr schnell, und braucht fast keine Zeit. Die Datenbank kann dann neu gestartet werden und ist weiter operabel.\nDas eigentliche Backup wird dann erzeugt, indem der Snapshot gemountet wird, und das eigentliche Backupscript dobackup aufgerufen wird, um das Backup auf Band zu schreiben. Danach wird der Snapshot abgemeldet und zerstört.\nSobald dies alles durch ist, ist sichergestellt, daß wir ein neues Vollbackup haben und alle Binlogs, die älter sind als das Backup können mit einem PURGE MASTER LOGS-Kommando weggeworfen werden.\nLogisches Vollbackup erstellen Manche Leute bevorzugen statt eines physikalischen Vollbackups der Datenbankdateien ein logisches Backup, also das Backup von SQL-Statements, die den Inhalt der Datenbank neu erzeugen können. Auch das ist mit MySQL möglich, und zwar, indem man mysqldump verwendet.\nMit der Option --master-data wird dabei ein CHANGE MASTER Statement erzeugt, das die Binlog-Position aufzeichnet, die zum Backup passt. Setzt man --master-data=2 wird dasselbe Statement auch generiert, aber als Kommentar.\nlinux:/export/data/rootforum # ./mysqldump-3340 --master-data rootforum | head -24 -- MySQL dump 10.10 -- -- Host: localhost Database: rootforum -- ------------------------------------------------------ -- Server version 5.0.18-max-log /\\*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT \\*/; /\\*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS \\*/; /\\*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION \\*/; /\\*!40101 SET NAMES utf8 \\*/; /\\*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE \\*/; /\\*!40103 SET TIME_ZONE=\u0026#39;+00:00\u0026#39; \\*/; /\\*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 \\*/; /\\*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 \\*/; /\\*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE=\u0026#39;NO_AUTO_VALUE_ON_ZERO\u0026#39; \\*/; /\\*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 \\*/; -- -- Position to start replication or point-in-time recovery from -- CHANGE MASTER TO MASTER_LOG_FILE=\u0026#39;linux-bin.000007\u0026#39;, MASTER_LOG_POS=879; ... Damit das Backup konsistent ist, müssen außerdem die Optionen --single-transaction (wenn ausschließlich InnoDB verwendet wird) oder --lock-all-tables (geht für alle Tabellentypen, blockiert aber die Datenbank für die Dauer des Dumps) verwendet werden. Die beiden Optionen schließen sich gegenseitig aus. Die Option --all-databases sichert dann alle Datenbanken. Damit Trigger und Stored Functions/Stored Procedures auch mit gesichert werden, müssen außerdem die Optionen --triggers und --routines mit angegeben werden.\nVerwendet man --lock-all-tables, kann man außerdem zusätzlich noch --flush-logs und --delete-master-logs mitgeben, um vor dem Backup ein FLUSH LOGS-Kommando laufen zu lassen und nach dem Backup die Binlogs, die älter als das Backup sind, zu löschen.\nDas komplette Kommando kann also so aussehen:\nlinux:/export/data/rootforum # cat ./mysqldump-3340 #! /bin/bash -- MYSQL_CMD_DIR=/usr/local/mysql-max-5.0.18-linux-i686-glibc23 MYSQL_DIR=/export/data/rootforum $MYSQL_CMD_DIR/bin/mysqldump --defaults-file=$MYSQL_DIR/my.cnf \u0026#34;$@\u0026#34; linux:/export/data/rootforum # ./mysqldump-3340 -u root --master-data --lock-all-tables --triggers --routines --all-databases --flush-logs --delete-master-logs | gzip -9 \u0026gt; /export/backups/backup.sql.gz Inkrementelle Backups erstellen Eine inkrementelle Sicherung besteht dann lediglich in einer Sicherung der Binlogs im Logdir. Insbesondere wenn sync_binlogs eingeschaltet sind, ist es also ausreichend, einfach /export/logs/rootforum auf Tape zu ziehen - auch bei laufender Datenbank.\nMan muss sich überlegen, wie oft man Vollbackups ziehen will. Vollbackups mit dieser Methode blockieren die Datenbank oder erfordern ein kurzes Herunterfahren des Datenbankservers. Inkrementelle Backups können bei laufendem Server gezogen werden. Mit einem Vollbackup kann man jedoch schnell recovern, sind außerdem noch Binlogs abzuspielen, kann die Recovery je nach Menge der Binlogs länger dauern. Je nach Änderungsrate kann es also notwendig werden, öfter Vollbackups zu ziehen.\nBackup und Replikation Eine andere Möglichkeit besteht darin, wie oben angesprochen einen Replication Slave aufzusetzen und die Sicherung des Master-Servers gar nicht mehr durchzuführen. Das Backup auf Tape erfolgt dann durch Runterfahren des Slave, und gemütlicher Sicherung des Slave auf Band. Startet man den Slave neu, zieht er sich die Binlogs vom Master, die während der Downtime angefallen sind, nachträglich runter und fängt an, diese abzuarbeiten. Der Master wird von dieser Aktion niemals in seiner Arbeit unterbrochen oder seiner Leistung beeinträchtigt.\nRecovery besteht darin, den Slave runterzufahren und das Datadir des Slave auf den Master zu schieben. Dort muss man dann noch die master.info-Datei des Slave löschen und man hat einen neuen Master.\nDie Pflege des Masters besteht darin, per Cron alle Binlogs zu löschen, die so alt sind, daß der Slave sie garantiert nicht mehr braucht. Man kann im Cron also ein PURGE MASTER LOGS BEFORE NOW() - INTERVAL 7 DAY oder so per Script einmal pro Tag abfahren.\nBackup mit Replikation ist also bequemer, unterbrechungsfrei und die Recovery ist schneller.\n","date":"2006-03-08T00:00:00Z","href":"https://blog.koehntopp.info/2006/03/08/mysql-fuer-dummies-7.html","tags":["mysql","lang_de"],"title":"MySQL für Dummies (7)"},{"categories":null,"content":" gilt das ganze auch für Mysql Version 4.1?\nhttp://dev.mysql.com/doc/refman/4.1/en/binary-log.html .\nSag mal kannst du mir ein wirklich gutes Mysql Buch empfehlen, welches nicht nur auf Syntax eingeht, sondern sich auch mit der Konfiguration des Servers auseinandersetzt? Der Preis ist zweitrangig.\nMySQL Certification Study Guide (4.1, veraltet) MySQL Certification Study Guide (5.0, aktuell) Die Bücher bereiten Dich auch das Bestehen der Prüfungen der MySQL Certification vor.\nHigh Performance MySQL , kein Buch für blutige Anfänger, basierend auf 4.0 und 4.1, vieles auch auf 5.0 anwendbar.\nJoe Celko ist langjähriges Mitglied im SQL Standard Komitee. Seine Bücher zum Thema will man gelesen und verstanden haben.\nJoe Celko\u0026rsquo;s SQL for Smarties: Advanced SQL Programming Eine Tour durch das wie und warum von SQL, nicht MySQL spezifisch. Das ist kein Howto und bezieht sich nicht auf ein konkretes Produkt, sondern auf den Standard.\nJoe Celko\u0026rsquo;s SQL for Smarties: SQL Programming Style Wie man sein SQL schreiben sollte, damit andere nicht kotzen müssen. Dies ist ein Howto über Formatting und Formulierung.\nJoe Celko\u0026rsquo;s SQL for Smarties: Trees and Hierarchies in SQL Dieses Buch kann man nicht lesen, man muss es studieren - hier findet man relativ heftigen Stoff, der sich mit dem Problem der Darstellung von Bäumen in SQL beschäftigt und liefert mindestens drei verschiedene Methoden, Bäume auf SQL zu mappen und wie man zwischen diesen Darstellungen konvertiert. Das Buch setzt sehr sichere und vollständige Beherrschung von SQL und Stored Procedures voraus. Das Buch bezieht sich nicht auf ein konkretes Produkt und ist kein Howto.\nDatenbanken: Konzepte und Sprachen Die meisten Lehrbücher zu Datenbankenvorlesungen saugen tote Hamster durch Strohhalme. Die Bücher von Andreas Heuer und Gunter Saake haben den (Daten-) Hamster bzw. Biber nur auf dem Cover, der Inhalt saugt überhaupt nicht.\nDies ist ein Lehrbuch für eine Univorlesung und geht über existierende gängige Systeme hinaus bis hin zu objektrelationalen Systemen, zu SQL-99 und anderen Dingen, die man in Produkten noch nicht unbedingt findet.\nDies ist ein Lehrbuch für eine Univorlesung. Es setzt ein funktionierendes Gehirn voraus, und erfordert Bereitschaft zum selbstständigen Denken und Umsetzen. Es ist ein ziemlich gutes Lehrbuch, es ist aber für Leute nicht geeignet, die sich beim Lesen des Wortes Algebra überlegen, ob sie nicht doch noch lieber eine Runde CS zocken sollten.\nAls Taschenbuch im Kompaktformat Datenbanken: Implementierungstechniken Wie man sich seinen Datenbankserver mal eben schnell selber schreibt.\n(geschrieben für Rootforum und hier herüber geschafft zur Archivierung)\n","date":"2006-03-07T00:00:00Z","href":"https://blog.koehntopp.info/2006/03/07/mysql-fuer-dummies-6.html","tags":["mysql","lang_de"],"title":"MySQL für Dummies (6)"},{"categories":null,"content":" Key Buffer In dem letzten Artikel dieser Serie haben wir gesehen, wie MySQL einen Index anlegt und was dies bedeutet. MySQL at einen Puffer, mit dem ein Index ganz oder teilweise im RAM gehalten werden kann. Dies ist der Key Buffer, und er ist eine sehr zentrale Konfigurationsvariable, die in der [mysqld]-Sektion der my.cnf gesetzt wird.\n[mysqld] key_buffer = 100M Dies stellt einen Key Buffer von bis zu 100 MB für den mysqld zur Verfügung. Mit den STATUS-Variablen key_read_requests und key_reads kann man dann leicht feststellen, ob dieser Puffer groß genug ist: key_read_requests sollte sehr viel größer als key_reads sein, und zwar zwischen 100- und 1000-mal so groß. MySQL hält dann den MyISAM-Index im RAM, und kann so Daten auf der Platte sehr schnell finden.\nMan kann bis zu 20 % des Hauptspeichers, den man MySQL zur Verfügung stellen will, in den Key Buffer investieren (auf einer 1 GB Maschine, bei der man 500 MB für MySQL und 500 MB für Apache aufwenden will, kann man den Key Buffer also 100 MB groß machen). Der Key Buffer sollte so groß sein, wie die Summe aller verwendeten Indices ist (und wir haben ja schon gesehen, wie man die berechnen oder nachsehen kann). Je nach Hauptspeicher und Indexgröße ist das Dilemma nun da, und man muss auf der einen oder anderen Seite Abstriche machen.\nDas nennt der Sysadmin dann \u0026ldquo;Optimierungsaufgabe\u0026rdquo; und der Betriebswirtschaftler hat auch ein Wort dafür: \u0026ldquo;Investitionsbedarf\u0026rdquo;. Man sieht deutlich die verschiedenen Herangehensweisen der beiden Disziplinen an Probleme.\nLocks und Locking Wie wir in den vergangenen Ausgaben dieser Serie auch gesehen haben, kann es Datenbankoperationen geben, die vergleichsweise lange dauern. Es kann sein, daß eine solche Operation während dieser Zeit ein LOCK auf einer Tabelle erzeugt. MyISAM kennt zwei Arten von Locks und sie gelten immer für die gesamte Tabelle - MyISAM kann nicht Bereiche einer Tabelle oder gar einzelne Zeilen locken.\nEin SHARED LOCK oder READ LOCK erlaubt dem Lockinhaber den Lesezugriff auf eine Tabelle, und erlaubt gleichzeitig weitere Lesezugriffe durch andere Threads. Schreibende Threads werden jedoch ausgesperrt und müssen warten. Ein EXCLUSIVE LOCK oder WRITE LOCK erlaubt dem Lockinhaber und nur diesem den Schreibzugriff auf die Tabelle. Alle anderen Threads, egal ob sie lesen oder schreiben wollen, müssen warten.\nEin Thread, der wartet, sieht so aus:\nroot@localhost [rootforum]\u0026gt; show processlist\\G Id: 7 User: root Host: localhost db: rootforum Command: Query Time: 0 State: NULL Info: show processlist Id: 8 User: root Host: localhost db: rootforum Command: Query Time: 422 State: copy to tmp table Info: alter table t add index (i) Id: 9 User: root Host: localhost db: rootforum Command: Query Time: 205 State: Locked Info: insert into t values (20000001+1, \u0026#34;keks\u0026#34;, \u0026#34;keks\u0026#34;, 17) 3 rows in set (0.00 sec) Hier ist der Thread mit der ID 9 im State: Locked, denn er versucht auf die Tabelle t zu schreiben. t wird jedoch gerade vom Thread 8 bearbeitet, der die Tabelle dazu mit einem Lock belegt hat. Das INSERT-Kommando hängt nun an seinem Prompt und kommt nicht zurück. Erst nachdem das ALTER TABLE durchgelaufen ist, kann das INSERT-Kommando ausgeführt werden. Wenn man so eine Ausgabe (\u0026ldquo;Locked\u0026rdquo;) in seinem eigenen SHOW PROCESSLIST sieht, womöglich für mehr als ein Kommando in Folge, dann ist es quasi schon zu spät - der MySQL-Server braucht dringend eine tunende Hand.\nHier noch einmal die Ausführungszeit:\nroot@localhost [rootforum]\u0026gt; insert into t values (20000001+1, \u0026#34;keks\u0026#34;, \u0026#34;keks\u0026#34;, 17); Query OK, 1 row affected (8 min 9.49 sec) Ein Blick ins Slow-Query-Log bringt dann noch mehr Information. Dort wird für jede lange dauernde Query nämlich neben der absoluten Query_time auch noch die Lock_time mit aufgeführt. Ist diese nicht 0, weiß man, daß der Server ein Problem mit seinen Locks hat.\nDas ist eine sehr unangenehme Situation, die man unbedingt vermeiden möchte. Denn wenn man sich mit der Performance von Servern auseinandersetzt, dann gibt es im Wesentlichen zwei Ziele, auf die man einen Server optimieren kann. Eines dieser Ziele ist Durchsatz, also die Anzahl der Anfragen pro Sekunde, die ein Server zu Ende bringt, und das andere ist Latenz, also die Dauer, die eine einzelne Query dauern darf. Beides sind sehr unterschiedliche Ziele, und man muss beim Performancetuning seine Segel sehr sorgfältig setzen, je nachdem, welches Optimierungsziel vorne steht.\nWarteschlangen, Telefonzellen und Hockeyschläger Bei Optimierung auf Antwortzeit, Latenz, begegnet einem dabei in der Regel die \u0026ldquo;Hockey Stick Curve\u0026rdquo; aus der Warteschlangentheorie. Sie sieht in etwa so aus:\nlatency ^ | | | | | | | | | _| | __- |____----- +-----------X-------\u0026gt; load Warum diese Kurve so aussieht, wie sie aussieht, kann man leicht mit einem kleinen PHP-Script testen. Das gezeigte PHP-Script simuliert eine Telefonzelle, an der mit 20 %-iger Wahrscheinlichkeit pro Minute Leute auftauchen, die Gespräche führen wollen, die zwischen einer und fünf Minuten lang sind. Lässt man das Script mehrfach mit einem CLI-PHP laufen, und dreht dabei $prob langsam von 20 % auf 22 %, 25 % und dann 30 % hoch, sieht man sehr schön, wie sich die Warteschlangen im System immer weiter aufbauen.\nWarum ist das so? Telefonzellen (und auch Datenbanken) können nicht vorarbeiten. Idlezeit verstreicht ungenutzt - nur Zeit, in der die Warteschlange nicht leer ist, ist sinnvoll genutzte Zeit.\n#! /usr/bin/php5 -q \u0026lt;?php $prob = 20; ## Wahrscheinlichkeit für neuen Kunden in Prozent $maxlen = 5; ## Gesprächsdauer in Minuten (1-$maxlen) $link = 0; function connect() { global $link; $link = mysql_connect(\u0026#34;localhost\u0026#34;, \u0026#34;root\u0026#34;, \u0026#34;1wjsnh\u0026#34;); if ($link === false) die(\u0026#34;Argh\u0026#34;); mysql_select_db(\u0026#34;rootforum\u0026#34;) or die(\u0026#34;cannot select db\u0026#34;); doquery(\u0026#34;DROP TABLE IF EXISTS telefon\u0026#34;); doquery(\u0026#34;CREATE TABLE telefon ( id serial, dauer int )\u0026#34;); } function doquery($cmd) { mysql_query($cmd) or die(\u0026#34;cannot do query $cmd\u0026#34;); } function getvalues($cmd) { $res = mysql_query($cmd); if ($res === false) die(\u0026#34;Cannot query $cmd\u0026#34;); $r = mysql_fetch_assoc($res); return $r; } function getvalue($cmd, $name) { $r = getvalues($cmd); return $r[$name]; } connect(); $minute = 0; $call_remaining = 0; $id = 0; while ($minute \u0026lt; 1000) { $minute += 1; echo \u0026#34;Processing minute $minute: \u0026#34;; # Wie lang ist die Schlange? $r = getvalues(\u0026#34;select count(dauer) as len, sum(dauer) as wait from telefon\u0026#34;, \u0026#34;len\u0026#34;); $len = $r[\u0026#39;len\u0026#39;]; $wait = $r[\u0026#39;wait\u0026#39;]; echo \u0026#34;(Schlange $len, Wait $wait) \u0026#34;; # Neuer Kunde stellt sich an if (rand(1,100) \u0026lt; $prob) { $call_len = rand(1,$maxlen); echo \u0026#34;(New customer $call_len min.) \u0026#34;; doquery(\u0026#34;insert into telefon ( dauer ) values ( $call_len )\u0026#34;); } # Zelle leer: if ($call_remaining == 0) { # Wartet ein Kunde? $r = getvalues(\u0026#34;select id, dauer from telefon order by id limit 1\u0026#34;); if ($r === false) { # Kein Kunde da. echo \u0026#34;(queue empty) \u0026#34;; } else { # Kunde da, abholen und processing $call_remaining = $r[\u0026#39;dauer\u0026#39;]; $id = $r[\u0026#39;id\u0026#39;]; echo \u0026#34;(customer $id: $call_remaining) \u0026#34;; # Kunde aus der Schlange nehmen doquery(\u0026#34;delete from telefon where id = $id\u0026#34;); } } else { # Telefonieren... $call_remaining -= 1; echo \u0026#34;(customer $id: $call_remaining) \u0026#34;; } echo \u0026#34;\\n\u0026#34;; } ?\u0026gt; Tabellen, Locks und Deadlocks In MyISAM braucht man Tabellen in der Regel nicht selber zu locken: Jedes Kommando ist logisch atomar. Es lockt die benötigten Tabellen mit dem passenden Lock, führt seine Operation durch und unlockt die Tabellen am Ende des Kommandos wieder.\nManchmal will man aber mehr als ein Kommando auf einer Tabelle durchführen und will dabei sicherstellen, daß sich der Inhalt der Tabelle nicht verändert, während man die Operation durchführt. Der häufigste Fall ist das Auslesen und Verändern eines Zählers. Um einen Zähler einfach nur hochzuzählen kann man ja einfach\nupdate counter set val = val + 1 where id = \u0026lt;wert\u0026gt; verwenden. Aber will man den Zähler auch auslesen, dann braucht man so etwas wie\nLOCK TABLES counter WRITE SELECT val into @v from counter where id = \u0026lt;wert\u0026gt; UPDATE counter SET val = @v+1 WHERE id = \u0026lt;wert\u0026gt; UNLOCK TABLES SELECT @v Nur so ist sichergestellt, daß das Hochzählen auch atomar und ohne Unterbrechung durch andere Zähloperationen erfolgt.\nWann immer man mehrere Tabellen mit einem Lock belegt, können Deadlocks entstehen. Man stelle sich vor, zwei Threads würden gleichzeitig die Statements LOCK TABLES a, b WRITE und LOCK TABLES b, a WRITE ausführen. Thread 1 würde die Tabelle a locken, während Thread 2 jetzt die Tabelle b lockt. 1 will nun b locken, aber das geht nicht, weil 2 dieses Lock schon hält. Zugleich will 2 jetzt a locken, aber das geht auch nicht - beide Threads würden ewig darauf warten, daß der jeweils andere die Locks aufgibt.\nEin gängiger Weg zur Vermeidung von Deadlocks ist, Ressourcen grundsätzlich nur einmal und nur atomar zu vergeben - MySQL hat mit LOCK TABLES diesen Weg gewählt. Ein Thread kann also nur LOCK TABLES a,b WRITE ausführen, nicht etwa LOCK TABLES a WRITE und später LOCK TABLES b WRITE dazunehmen, um zusätzlich zu a noch b dazuzunehmen. Außerdem kann LOCK TABLES nicht unterbrochen werden - LOCK TABLES a,b WRITE sammelt also alle Locks für a und b gleichzeitig ein.\nEine andere Methode Deadlocks zu vermeiden besteht darin, die Ressourcen, die zu vergeben sind, anzuordnen und alle Threads zu zwingen, Ressourcen in Reihenfolge zu bestellen. LOCK TABLES a, b WRITE und LOCK TABLES b, a WRITE würden so intern beide zu demselben Kommando LOCK TABLES a,b WRITE werden, und dann kann es schon gar nicht mehr zum Deadlock kommen (denn der zweite Thread würde a gelockt vorfinden, bevor er überhaupt seine Finger auf b legen kann). So hat MySQL die oben dargestellte Atomizität intern implementiert.\nEin LOCK auf Tabellen kann mit UNLOCK TABLES aufgehoben werden.\nEin LOCK auf Tabellen sollte immer nur so kurz wie irgend möglich gehalten werden. Wer mit den Werten für die Telefonatsdauer und die Neukundenwahrscheinlichkeit im Telefonzellensimulations-PHP ein wenig gespielt hat, der hat möglicherweise jetzt eine Vorstellung davon, warum das so ist.\nLocks haben Prioritäten In MySQL hat ein WRITE-Lock eine höhere Priorität als ein READ-Lock und entsprechend ein INSERT/UPDATE/DELETE eine höhere Priorität als ein SELECT. Wenn also auf eine Tabelle viele schreibende Statements durchgeführt werden, dann werden die SELECT-Statements entsprechend zurückgedrängt. Daher ist es sehr wichtig, daß schreibende Statements schnell durchgeführt werden, damit sie ihre Locks nur für möglichst kurze Zeit halten. Ein schreibendes Statement kann dann schnell durchgeführt werden, wenn es eine möglichst einfache WHERE-Clause hat, die einen Index verwenden kann (z.B. ein UPDATE gegen eine Zeile, die über ihren PRIMARY KEY bestimmt wird).\nOft kann es sinnvoll sein, schreibende Statements zu batchen. Dazu kann man zum Beispiel die extended INSERT-Syntax verwenden (insert into \u0026lt;name\u0026gt; ( col1, col2, ...) values (val1, val2, ...), (val1, val2, ...)), mit der man mehr als eine Zeile auf einmal in die Datenbank einfügen kann. Diese Syntax steht für UPDATE nicht zur Verfügung, kann aber zum Beispiel mit \u0026ldquo;REPLACE INTO\u0026rdquo; verwendet werden. Ein einzelnes Statement kann max_allowed_packet Bytes lang sein, und wenn extended INSERT-Syntax verwendet wird, verwendet MySQL intern einen Puffer von bulk_insert_buffer_size, um diese Operation zu beschleunigen. Dieser Puffer sollte zur Insert-Größe passend gewählt werden.\nBei extended INSERT-Syntax werden Updates der Indices einer Tabelle gepuffert und der Baum nicht nach jedem Insert rebalanciert, sondern nur einmal am Ende aller Inserts dieses Blocks. Hat man mehr als ein solches INSERT-Statement, kann man diese außerdem noch in ein LOCK TABLES wickeln, damit es noch schneller geht:\nLOCK TABLES t WRITE; INSERT INTO t (a,b) VALUES (1, 2), (3, 4); INSERT INTO t (a,b) VALUES (5,6); UNLOCK TABLES; Hier wird der Key Buffer nur einmal, beim UNLOCK TABLES, aktualisiert und auf die Platte geschrieben.\nWer sehr mutig ist, und ein MySQL 5.x hat, startet seinen MySQL-Server mit der Konfigurationsvariable delayed_key_writes = ON oder gar delayed_key_writes = ALL in der [mysqld]-Sektion der my.cnf. Steht diese Variable auf 1, kann man eine Tabelle beim CREATE TABLE mit der Option DELAYED_KEY_WRITE spezifizieren. Der Key-Buffer für solche Tabellen wird dann nicht mehr so oft auf die Platte geschrieben (bei delayed_key_writes = 2 wird dies für alle Tabellen unabhängig von den CREATE-Optionen gemacht). Dies kann dazu führen, daß bei einem Servercrash die Indices (aber nicht die Daten) beschädigt sind und neu erzeugt werden müssen - das macht hässlich lange Recovery-Zeiten. Dafür werden Index-Updates immer so schnell ausgeführt, als wären sie gebatched und in LOCK TABLES eingewickelt.\nManchmal will man ein einzelnes SELECT haben, das nicht von INSERT-Statements verdrängt werden kann. Das kann man mit SELECT HIGH_PRIORITY ... erreichen: Es macht das Select nicht schneller, sorgt aber dafür, daß es nicht von immer wieder eintreffenden INSERT-Statements nach hinten gedrückt werden kann.\nAnders herum hat man manchmal ein INSERT, das keine SELECT-Statements zur Seite drücken soll. Das kann man mit INSERT LOW_PRIORITY erreichen: Es macht das Insert nicht langsamer, sorgt aber dafür, daß das INSERT keine SELECT-Statements zur Seite drückt.\nINSERT DELAYED Etwas ganz anderes ist INSERT DELAYED: INSERT DELAYED kommt in jedem Fall sofort zurück. Die Daten, die dem Insert übergeben werden, sind dabei noch lange nicht geschrieben und tatsächlich kann es sein, daß sie niemals geschrieben werden, denn MySQL schiebt die Daten nur in einen internen Puffer, der irgendwann einmal abgearbeitet wird und in die Tabelle geschoben wird.\nDabei gelten eine ganze Reihe von Einschränkungen, die in http://dev.mysql.com/doc/refman/5.0/en/insert-delayed.html im Detail beschrieben sind. Wie auch immer: INSERT DELAYED drückt Daten in einen Insert-Puffer und kommt dann immer sofort mit Erfolg zurück, während der Puffer irgendwann mal von einem Delayed-Insert-Thread gelesen wird und von diesem mit niederer Priorität in die Tabellen geschoben wird. Genau genommen kann SHOW STATUS einem zeigen, daß es delayed_insert_threads viele solcher Threads gibt, die derzeit not_flushed_delayed_rows an Datenzeilen ausstehen haben (von insgesamt delayed_writes vielen Zeilen, die bisher geschrieben worden sind).\nIn den Konfigurationsvariablen lässt sich einstellen, wie INSERT DELAYED arbeitet: Alle delayed_insert_limit Zeilen lässt ein Delay-Insert-Thread eventuell anstehenden Select-Statements den Vortritt. Ebenso gibt ein solcher Thread sein Lock auf, wenn sein Puffer leer ist und beendet sich delayed_insert_timeout Sekunden später, wenn er keine neue Arbeit bekommt. Kommen andererseits sehr viele INSERT DELAYED-Zeilen in die Warteschlange, so setzt delayed_queue_size der Anzahl der Zeilen im Puffer eine obere Grenze, damit der Speicher nicht überläuft.\nReminder: Data_free = 0 und Concurrent_inserts Wir erinnern uns an die Diskussion von SHOW TABLE STATUS und das Feld Data_free dort. Wenn Data_free = 0 ist, und für den Server Concurrent_inserts eingeschaltet sind, dann können auf der Tabelle Inserts und Selects gleichzeitig durchgeführt werden. Insert-Locks können dann nicht entstehen und so können auch keine Selects an die Wand gedrückt werden.\nMERGE-Tables oder MySQL 5.1 Partitions können sehr, sehr hilfreich sein, wenn man Tabellen so gestalten will, daß Data_free immer 0 ist und man sich OPTIMIZE TABLE nicht leisten kann.\nWie steht es mit meinem Locking? Mithilfe von SHOW STATUS sieht man seine Table_locks_immediate und Table_locks_waiting. Wenn mehr als 1 % (manche Leute sagen 3 %) der Table Locks waiting sind, dann hat der Server ein definitives Locking-Problem. Wie ernst das ist, kann man besser beurteilen, wenn man Questions/Uptime (Queries pro Sekunde, qps) berechnet und wenn man (qcache_hits+com_select)/(com_delete+com_insert+com_replace+com_update) (QL/DML-Ratio, \u0026ldquo;update-heavyness\u0026rdquo;) des Servers kennt.\nWenn mehr als eine Query pro Sekunde wartend ist (1 % Table_locks_waiting bei 100 qps oder mehr), dann lohnt es sich, sich mit locklösenden Maßnahmen zu befassen. Locklösende Maßnahmen sind:\nDML schneller machen weniger DML pro Sekunde erzeugen keine Table Locks mehr verwenden → InnoDB einsetzen (geschrieben für Rootforum und hier herüber geschafft zur Archivierung)\n","date":"2006-03-06T00:00:00Z","href":"https://blog.koehntopp.info/2006/03/06/mysql-fuer-dummies-5.html","tags":["mysql","lang_de"],"title":"MySQL für Dummies (5)"},{"categories":null,"content":"Wie wir in den vorangegangenen Beispielen gesehen haben, reicht es nicht aus, einer Datenbank zu sagen, welche Daten sie zu suchen hat. Wir müssen ihr auch noch Hilfen geben, mit denen sie in der Lage ist, diese Aufgabe schnell zu erfüllen. Eine sehr wichtige solche Hilfe ist ein Index.\nEine MYD-Datei wird, wenn sie keine Lücken hat, durch Anfügen von neuen Datensätzen verlängert. Die natürliche Reihenfolge der Datensätze in einer MYD-Datei ohne Löschen ist also chronologisch. Wenn in der MYD-Datei auch gelöscht wird, werden die Dinge komplizierter, denn MySQL wird versuchen, die Lücken aufzufüllen. Die Reihenfolge der Datensätze ist dann zufällig.\nDas gleicht einer Bücherei, bei der neu gekaufte Bücher einfach hinten in die freien Regale gestellt werden, und wenn Lücken vorhanden sind, diese aufgefüllt werden.\nEin Index ist eine Struktur, die uns erlaubt, bestimmte Suchen schneller durchzuführen. Büchereien haben zum Beispiel oft einen Titelkatalog oder einen Autorenkatalog. Ein Autorenkatalog entsteht, indem wir die Autoren aller Bücher in der Bücherei zusammen mit dem Regalstandort des Buches auf Notizkarten aufschreiben und diese Karten dann alphabetisch nach Autoren sortieren.\nIn einem sortierten Datenbestand kann man nämlich sehr schnell suchen. Wenn auf den Autorenkarten keine Reiter \u0026ldquo;a\u0026rdquo;, \u0026ldquo;b\u0026rdquo;, \u0026ldquo;c\u0026rdquo;, \u0026hellip; vorhanden sind, kann man \u0026ldquo;Suchen durch Halbieren\u0026rdquo;: Ein Buch von \u0026ldquo;Jeremy Zawodny\u0026rdquo; findet man, indem man die Autorenliste halbiert und dann prüft, ob der Autor in der ersten oder zweiten Hälfte der Bücher zu finden ist. Diese Hälfte halbiert man dann wieder, und so weiter und so weiter.\nFür zwei Bücher kann man so mit einer Operation entscheiden, welches von beiden Büchern das gesuchte ist. Für vier Bücher braucht man eine Operation, um dies auf den Fall mit zwei Büchern zurückzuführen, also zwei Operationen insgesamt. Für acht Bücher kann man dies mit einer Operation auf den Fall mit vier Büchern reduzieren.\nAllgemein braucht man für n Bücher dann also log(2,n) Operationen, um ein Buch eines bestimmten Autors zu finden.\nBücher Suchoperationen 2 1 (2^[b]1[/b] = 2) 4 2 (2^[b]2[/b] = 4) 8 3 (2^[b]3[/b] = 8) n e = log(2, n) (2^e = n) Aus einer Bibliothek mit 20 Millionen Büchern kann man also mit weniger als 24-25 Operationen die Bücher von Jeremey Zawodny finden, wenn man einen nach Autorennamen sortierten Katalog zur Verfügung hat: Man bekommt so eine Liste der Standorte, und muss dann zu den auf den Karten notierten Standorten laufen, um die Bücher tatsächlich abzuholen.\nroot@localhost [(none)]\u0026gt; select log(20000000)/log(2) as ops; +-----------------+ | ops | +-----------------+ | 24.253496664212 | +-----------------+ 1 row in set (0.00 sec) Das Beispiel macht Gebrauch von der Beobachtung, daß man mit einer beliebigen Logarithmusfunktion jede andere Logarithmusfunktion berechnen kann, indem man einfach log(b, n) in log(n)/log(b) umformt. MySQL stellt mit den Funktionen exp() und log() die Exponentialfunktionen und Logarithmusfunktionen zur Basis e = 2.718281828459 zur Verfügung, sodass log(20000000)/log(2) hier den log(2, 20000000) bestimmt.\nTatsächlich befinden sich auf den Karten in einer Bibliothek aber Reiter, sodass man gleich unter \u0026ldquo;Z\u0026rdquo; nachschauen kann, also bei gleich verteilten Autorennamen schon mit dem ersten Schritt nur noch ein Sechsundzwanzigstel aller Bücher durchsuchen muss statt die Hälfte. Wäre nun auf allen Z-Karten \u0026ldquo;Za\u0026rdquo;, \u0026ldquo;Zb\u0026rdquo;, und so weiter notiert, würde auch der zweite Schritt nur sechsundzwanzigsteln, und so weiter. Man bräuchte dann bei 20 Millionen Büchern nur noch 5-6 Schritte, um alle Bücher von Jeremy Zawodny zu finden.\nroot@localhost [(none)]\u0026gt; select log(20000000)/log(26); +-----------------------+ | log(20000000)/log(26) | +-----------------------+ | 5.1598357001807 | +-----------------------+ 1 row in set (0.00 sec) Nun sind die Namen von Buchautoren aber nicht gleich verteilt. Stattdessen könnte man aber auch wie bei einem Lexikon vorgehen und in regelmäßigen Abständen, etwa für jeweils eine Million Autoren, Proben nehmen: Band 1 von A-E, Band 2 von F-L und so weiter. Innerhalb der Million würde man dann für jeweils einen 100.000er Block vermerken A-Be, Bf-Ca, und so weiter, und auf den weiteren Ebenen genauso. Dann hätte man gleich große Blöcke und wüsste für jeden Block, welche Buchstabenintervalle darin enthalten sind.\nBeim Einfügen von Werten muss man jedoch unter Umständen Werte aus dem 1. 100.000er-Block in den Zweiten verschieben und so weiter: Kommt Arnold dazu, muss Bertram unter Umständen in den 2. Block und die Blockgrenzen sind nun A-Bd, Be-Ca.\nSo einen Index bezeichnet man als balancierten Baum (Btree), und das ist genau das, was MySQL verwendet. Die Schiebeoperationen nennt man Rebalancing des Baumes, und die will man gerne vermeiden.\nEine MYI-Datei besteht also aus Blöcken von key_cache_block_size (normal 1024) Byte Größe. Ein Key Cache Block enthält was immer wir indizieren wollen und Zeiger in die MYD-Datei. Das sind entweder Byte-Offsets (Row_format: dynamic) oder Datensatznummern (Row_format: fixed). Wenn wir also eine INTEGER-Spalte indizieren, braucht jeder Eintrag im Index 4 Byte für die zu indizierende Spalte plus 4 Byte Zeiger in die Daten. In einen 1024-Block passen so also 1024/8 = 2^10/2^3 = 2^(10-3) = 2^7 = 128 Einträge.\nDurch Laden dieses Blocks können wir also die Suche im Index nicht \u0026ldquo;durch Halbieren\u0026rdquo; oder \u0026ldquo;durch sechsundzwanzigsteln\u0026rdquo; durchführen, sondern wir reduzieren die zu durchsuchende Datenmenge in jedem Schritt auf ein Hundertachtundzwanzigstel. Oder würden dies tun, wenn wir die Indexblöcke alle immer ganz voll machen würden.\nDas tun wir aber nicht, weil wir dann bei jedem Einfügen von Daten rebalancieren müssten. Stattdessen machen wir die Blöcke nur zu 2/3 voll. Dadurch 128teln wir nicht, sondern 84teln nur, aber das macht fast nichts aus. 20 Millionen Datensätze durchsuchen wir so mit maximal 4 Operationen.\nroot@localhost [(none)]\u0026gt; select 128*0.66; +----------+ | 128*0.66 | +----------+ | 84.48 | +----------+ 1 row in set (0.00 sec) root@localhost [(none)]\u0026gt; select log(20000000)/log(84.48); +--------------------------+ | log(20000000)/log(84.48) | +--------------------------+ | 3.7892903582541 | +--------------------------+ 1 row in set (0.00 sec) Einen \u0026ldquo;sortierten Autorenkatalog\u0026rdquo; nennt man in einer Datenbank einen \u0026ldquo;Index auf eine Spalte\u0026rdquo;. In unserer Beispieltabelle haben wir die Spalten id, d, e und i. Wir wollen einen Index auf die Spalte i (INTEGER, 4 Byte) legen, also braucht ein Indexeintrag 8 Byte (4 Byte für den Integer und 4 Byte für den Datenzeiger). Für 20 Millionen Einträge rechnen wir also mit einer ca. 230 MB großen MYI-Datei.\nDie Rechnung geht so: 20 Mio Einträge zu 8 Byte sind 152 MB, aber wir machen die Blöcke nur zu ca. 2/3 voll, also müssen wir das ganze durch 2/3 teilen:\nroot@localhost [rootforum]\u0026gt; select 20000000*8/1024/1024/(2/3)\\G 20000000*8/1024/1024/(2/3): 228.881836166382 1 row in set (0.00 sec) Den Index erzeugen wir mit dem Kommando CREATE INDEX. Das Kommando geht dann die Spalte i durch, notiert die Werte und für jeden Wert die Datensatznummer, in der der Wert zu finden ist. Die Werte müssen sortiert werden, und dazu braucht MySQL Platz. Der Puffer für diesen Platz kann online definiert werden, und sollte sehr groß gewählt werden (bei uns: Mindestens 230 MB groß, wie wir eben vorgerechnet haben). Der Name des Puffers ist myisam_sort_buffer_size.\nIm folgenden Beispiel verwenden wir Sessionvariablen, hier die Variable @old_buffer, um den alten Wert für myisam_sort_buffer_size zu speichern. Wir definieren dann für unsere Verbindung zur Datenbank und nur für diese einen größeren Wert für myisam_sort_buffer_size, und erzeugen den Index mit CREATE INDEX. Danach setzen wir myisam_sort_buffer_size wieder auf den alten Wert zurück.\nWir verändern nicht @@global.myisam_sort_buffer_size, weil das ein großes Risiko wäre: Jedes CREATE INDEX, ALTER TABLE ... ADD INDEX oder REPAIR TABLE würde dann den großen Puffer verwenden und bis zu 300 MB Speicher verlangen.\nroot@localhost [rootforum]\u0026gt; select @@session.myisam_sort_buffer_size; +-----------------------------------+ | @@session.myisam_sort_buffer_size | +-----------------------------------+ | 31457280 | +-----------------------------------+ 1 row in set (0.04 sec) root@localhost [rootforum]\u0026gt; set @old_buffer=@@session.myisam_sort_buffer_size; Query OK, 0 rows affected (0.00 sec) root@localhost [rootforum]\u0026gt; set @@session.myisam_sort_buffer_size = 300*1024*1024; Query OK, 0 rows affected (0.02 sec) root@localhost [rootforum]\u0026gt; create index i on t(i); Query OK, 20000000 rows affected (4 min 33.35 sec) Records: 20000000 Duplicates: 0 Warnings: 0 root@localhost [rootforum]\u0026gt; set @@session.myisam_sort_buffer_size = @old_buffer; Query OK, 0 rows affected (0.00 sec) Da diese Aktion auf meinem Rechner über 4 Minuten dauert, kann ich MySQL beim Erzeugen des Index zusehen:\nroot@localhost [(none)]\u0026gt; show processlist\\G Id: 5 User: root Host: localhost db: rootforum Command: Query Time: 48 State: copy to tmp table Info: create index i on t(i) ... Das will ich genauer beobachten:\nroot@linux:/var/lib/mysql/data/rootforum # ls -l total 1493641 -rw-rw---- 1 mysql mysql 527958016 Feb 12 17:15 #sql-26a5_5.MYD -rw-rw---- 1 mysql mysql 1024 Feb 12 17:14 #sql-26a5_5.MYI -rw-rw---- 1 mysql mysql 8628 Feb 12 17:14 #sql-26a5_5.frm drwx------ 2 mysql mysql 240 Feb 12 17:14 ./ drwxr-xr-x 6 mysql mysql 440 Feb 12 17:06 ../ -rw-rw---- 1 mysql mysql 61 Feb 12 17:01 db.opt -rw-rw---- 1 mysql mysql 1000000000 Feb 12 17:07 t.MYD -rw-rw---- 1 mysql mysql 1024 Feb 12 17:07 t.MYI -rw-rw---- 1 mysql mysql 8628 Feb 12 17:02 t.frm Die Prozessgröße ist dabei eher klein:\nroot@linux:/var/lib/mysql/data/rootforum # ps axuwww| grep mysql[d] mysql 9893 2.2 1.2 351420 13152 pts/1 Sl 15:13 2:41 /usr/local/mysql-max-5.0.18-linux-i686-glibc23/bin/mysqld ... Der mysqld hat hier also das Potenzial, bis zu 351420 KB zu belegen, da er aber für diese Übung frisch gestartet wurde, belegt er tatsächlich nur 13152 KB Speicher.\nNach dem Abschluss der Kopieroperation ist die #sql-26a5_5.MYD genauso groß wie die t.MYD, und die eigentliche Sortieroperation kann beginnen. Der mysqld wächst um die vereinbarte Puffergröße (genauer: nur um die benötigte Größe und das nur schrittweise).\nroot@localhost [(none)]\u0026gt; show processlist\\G Id: 5 User: root Host: localhost db: rootforum Command: Query Time: 124 State: Repair by sorting Info: create index i on t(i) Dies ist die Anzeige von SHOW PROCESSLIST, während sortiert wird und der myisam_sort_buffer_size tatsächlich benutzt wird. Sieht man sich den Prozess in der Unix-Prozessliste an, kann man sehen, daß auch Speicher belegt wird:\nroot@linux:/var/lib/mysql/data/rootforum # !ps ps axuwww| grep mysql[d] mysql 9893 3.5 27.6 624744 286388 pts/1 Sl 15:13 4:24 /usr/local/mysql-max-5.0.18-linux-i686-glibc23/bin/mysqld ... Und der Gewinn? Operationen wie select * from t where i = 193306751 sind jetzt sehr schnell durchzuführen, und zwar unabhängig davon, ob der Wert am Anfang oder am Ende der Tabelle gefunden wird.\nroot@localhost [rootforum]\u0026gt; flush query cache; Query OK, 0 rows affected (0.03 sec) root@localhost [rootforum]\u0026gt; select * from t where i = 193306751; +----+--------------+---------------------------+-----------+ | id | d | e | i | +----+--------------+---------------------------+-----------+ | 9 | jilrmbmbujaw | vegmospiyoenpnovopofogiof | 193306751 | +----+--------------+---------------------------+-----------+ 1 row in set (0.00 sec) root@localhost [rootforum]\u0026gt; select * from t where i = 1830603510; +----------+--------------+---------------------------+------------+ | id | d | e | i | +----------+--------------+---------------------------+------------+ | 19999990 | hctjfsosiobb | zyxhrbyvbtsrnpwjijtgqrfcb | 1830603510 | +----------+--------------+---------------------------+------------+ 1 row in set (0.03 sec) (geschrieben für Rootforum und hier herüber geschafft zur Archivierung)\n","date":"2006-03-05T00:00:00Z","href":"https://blog.koehntopp.info/2006/03/05/mysql-fuer-dummies-4.html","tags":["mysql","lang_de"],"title":"MySQL für Dummies (4)"},{"categories":null,"content":"Suchen dauern auf unserer Tabelle sehr lange.\nroot@localhost [rootforum]\u0026gt; select * from t where i = 1163012190; +----------+--------------+---------------------------+------------+ | id | d | e | i | +----------+--------------+---------------------------+------------+ | 19999993 | vrciabekkgcb | ykdewonxucqpwtdvzgnschyaw | 1163012190 | +----------+--------------+---------------------------+------------+ 1 row in set (21.81 sec) root@localhost [rootforum]\u0026gt; select * from t where i = 944905110; +----+--------------+---------------------------+-----------+ | id | d | e | i | +----+--------------+---------------------------+-----------+ | 5 | kgiyuxheibsa | bipgdpnvetowphowepuerediy | 944905110 | +----+--------------+---------------------------+-----------+ 1 row in set (19.94 sec) root@localhost [rootforum]\u0026gt; [1]+ Stopped mysql -u root -p h743107:~ # free -m total used free shared buffers cached Mem: 1010 996 13 0 7 781 -/+ buffers/cache: 208 802 Swap: 3074 3 3071 h743107:~ # fg mysql -u root -p An diesem Beispiel können wir sehen, daß eine Suche auf unseren Daten immer so um die 20 Sekunden lang dauert. Dabei spielt es keine Rolle, ob die zu suchenden Daten am Anfang oder am Ende der Tabelle stehen, weil wir ja mit dem SELECT-Kommando nach allen Vorkommen des gesuchten Wertes graben müssen - MySQL muss also durch die ganze Tabelle laufen und alle 20 Millionen Werte abprüfen.\nDie zweite Query ist auch nicht viel schneller als die erste Query, weil die zu durchsuchenden Daten größer sind, als der dem System zur Verfügung stehende Buffer Cache (Spalte cached bei free -m).\nWenn wir an diese Query ein LIMIT 1 anfügen, bekommen wir ein variables Zeitverhalten: Werte am Anfang der Tabelle werden schnell gefunden, während eine Suche nach Werten am Ende der Tabelle sehr lange dauert:\nroot@localhost [rootforum]\u0026gt; SELECT * from t where i = 944905110 limit 1; +----+--------------+---------------------------+-----------+ | id | d | e | i | +----+--------------+---------------------------+-----------+ | 5 | kgiyuxheibsa | bipgdpnvetowphowepuerediy | 944905110 | +----+--------------+---------------------------+-----------+ 1 row in set (0.00 sec) root@localhost [rootforum]\u0026gt; SELECT * from t where i = 1163012190 limit 1; +----------+--------------+---------------------------+------------+ | id | d | e | i | +----------+--------------+---------------------------+------------+ | 19999993 | vrciabekkgcb | ykdewonxucqpwtdvzgnschyaw | 1163012190 | +----------+--------------+---------------------------+------------+ 1 row in set (20.97 sec) Führt man eine bereits einmal durchgeführte Query noch einmal aus, bekommt man die Antwort sehr, sehr schnell, denn MySQL hat einen Query Cache, der einmal gestellte Queries wiedererkennen kann und dann einfach noch einmal das alte Result-Set abspielt, statt die Query tatsächlich noch einmal auszuführen. Dabei kommt es auf die Schreibweise an. Schon das unterschiedliche \u0026ldquo;S\u0026rdquo; bei den folgenden beiden Queries sorgt dafür, daß MySQL die Query nicht mehr als \u0026ldquo;alt\u0026rdquo; erkennt, sondern neu ausführen muss.\nroot@localhost [rootforum]\u0026gt; select * from t where i = 1163012190; +----------+--------------+---------------------------+------------+ | id | d | e | i | +----------+--------------+---------------------------+------------+ | 19999993 | vrciabekkgcb | ykdewonxucqpwtdvzgnschyaw | 1163012190 | +----------+--------------+---------------------------+------------+ 1 row in set (0.00 sec) root@localhost [rootforum]\u0026gt; Select * from t where i = 1163012190; +----------+--------------+---------------------------+------------+ | id | d | e | i | +----------+--------------+---------------------------+------------+ | 19999993 | vrciabekkgcb | ykdewonxucqpwtdvzgnschyaw | 1163012190 | +----------+--------------+---------------------------+------------+ 1 row in set (20.64 sec) Auch ein INSERT in eine Tabelle kann natürlich das Result-Set einer Query verändern. Daher muss eine Query aus dem Query Cache gelöscht werden, wenn ihre Base Table verändert wird. Der Query Cache kann auch mit dem Kommando FLUSH QUERY CACHE absichtlich gelöscht werden.\nroot@localhost [rootforum]\u0026gt; insert into t values ( 20000001, \u0026#34;keks\u0026#34;, \u0026#34;keks\u0026#34;, 3); Query OK, 1 row affected (0.06 sec) root@localhost [rootforum]\u0026gt; select * from t where i = 1163012190; +----------+--------------+---------------------------+------------+ | id | d | e | i | +----------+--------------+---------------------------+------------+ | 19999993 | vrciabekkgcb | ykdewonxucqpwtdvzgnschyaw | 1163012190 | +----------+--------------+---------------------------+------------+ 1 row in set (19.77 sec) Diese Query geht nicht in den Query Cache:\nroot@localhost [rootforum]\u0026gt; flush query cache; Query OK, 0 rows affected (0.00 sec) root@localhost [rootforum]\u0026gt; select sql_no_cache * from t where id = 1000; +------+--------------+---------------------------+-----------+ | id | d | e | i | +------+--------------+---------------------------+-----------+ | 1000 | tgnqufoiygkr | knkosawojeknkcmsodwdnorkd | 295436531 | +------+--------------+---------------------------+-----------+ 1 row in set (20.12 sec) root@localhost [rootforum]\u0026gt; select sql_no_cache * from t where id = 1000; +------+--------------+---------------------------+-----------+ | id | d | e | i | +------+--------------+---------------------------+-----------+ | 1000 | tgnqufoiygkr | knkosawojeknkcmsodwdnorkd | 295436531 | +------+--------------+---------------------------+-----------+ 1 row in set (20.28 sec) Die Konfiguration des Query Cache erfolgt über Variables in der [mysqld]-Sektion der /etc/my.cnf und kann wie folgt ausgegeben werden:\nroot@localhost [rootforum]\u0026gt; show variables like \u0026#34;query_cache%\u0026#34;; +------------------------------+----------+ | Variable_name | Value | +------------------------------+----------+ | query_cache_limit | 1048576 | | query_cache_min_res_unit | 4096 | | query_cache_size | 33554432 | | query_cache_type | ON | | query_cache_wlock_invalidate | OFF | +------------------------------+----------+ 5 rows in set (0.00 sec) Das query_cache_limit bestimmt, wie groß der Result Set einer Query maximal sein kann, damit er in den Query Cache Eingang findet. Das Cachen von sehr großen Result Sets würden den Query Cache fluten und andere, wichtigere Queries aus dem Cache drängen. Speicher wird dabei in Blöcken von query_cache_min_res_unit Bytes verbraucht - auch eine einzeilige Query verbraucht also 4 KB im Cache, wenn man dies nicht verkleinert. Das ist vor allen Dingen dann lohnend, wenn sehr viele kleine Result Sets zu verwalten sind.\nDie Query_Cache_Size legt fest, wie viel RAM wir für den Query Cache reservieren wollen. Die Größe des Query Cache muss man ein wenig variieren, und dabei die Ergebnisse mit SHOW STATUS kontrollieren.\nDer Query_Cache_Type kann 0 (OFF), 1 (ON) oder 2 (ON DEMAND) sein. Ist er auf 0, werden alle anderen Parameter ignoriert und der Cache ist aus. Ist er auf 1, werden alle Queries, für die dies möglich ist, in den Cache gelegt - Queries mit PREPARE statt SELECT, Queries, die Funktionsaufrufe enthalten, die NOT DETERMINISTIC sind (rand(), now() und so weiter), und Queries, die mit SQL_NO_CACHE markiert sind, können nicht in den Cache. Ist er auf 2, werden Queries nicht in den Cache gelegt, außer sie sind ausdrücklich mit SQL_CACHE markiert.\nWenn auf einer Tabelle durch eine schreibende Operation ein Write Lock gelegt wird, können Queries aus dem Query Cache dennoch beantwortet werden. Will man dies nicht, will man also durch ein passendes LOCK TABLES sicher alle Reader anhalten, dann muss man query_cache_wlock_invalidate auf 1 (ON) stellen.\nroot@localhost [rootforum]\u0026gt; show status like \u0026#34;qc%\u0026#34;; +-------------------------+----------+ | Variable_name | Value | +-------------------------+----------+ | Qcache_free_blocks | 1 | | Qcache_free_memory | 33538984 | | Qcache_hits | 6 | | Qcache_inserts | 11 | | Qcache_lowmem_prunes | 0 | | Qcache_not_cached | 9 | | Qcache_queries_in_cache | 6 | | Qcache_total_blocks | 14 | +-------------------------+----------+ 8 rows in set (0.00 sec) root@localhost [rootforum]\u0026gt; show status like \u0026#34;com_select\u0026#34;; +---------------+-------+ | Variable_name | Value | +---------------+-------+ | Com_select | 21 | +---------------+-------+ 1 row in set (0.00 sec) Der Status des Query Cache kann mit SHOW STATUS LIKE 'qc%' abgefragt werden. Der Query Cache hier ist noch fast ganz frei: In den SHOW VARIABLES waren 33554432 Byte konfiguriert und hier sind noch 33538984 Byte frei. Der freie Speicher ist nicht fragmentiert, sondern liegt an einem Stück vor. Der Cache hat dabei 6 Qcache_hits gehabt, dem stehen 21 Select-Kommandos entgegen, die nicht gecacht worden sind (ein Select zählt ENTWEDER qcache_hits ODER com_cache hoch).\nDie Resultate von 11 Queries sind im Qcache abgelegt worden, und der Cache ist bisher noch niemals wegen Überlauf gepruned (also teilweise gelöscht worden). 9 Queries konnten nicht gecacht werden, aus welchen Gründen auch immer, 6 Queries liegen derzeit im Cache.\nWenn man wissen will, ob der eigene Query Cache groß genug ist, sollte man im Abstand von einigen Stunden einmal die Qcache_lowmem_prunes ansehen, und überprüfen, ob hochzählen. Wenn dies passiert, ist der Query Cache übergelaufen. Qcache_free_memory und Qcache_free_blocks sollte man ebenfalls im Auge behalten: Wenn der Qcache_free_blocks Counter groß wird, ist der Query Cache fragmentiert und man muss unter Umständen mit einer kleineren Blockgröße (query_cache_min_res_unit) experimentieren. Es kann sinnvoll sein, die com_select, qcache_hits, qcache_inserts, qcache_lowmem_prunes und qcache_free_memory sowie qcache_free_blocks minütlich auszulesen und in ein RRD zu plotten.\n(geschrieben für Rootforum und hier herüber geschafft zur Archivierung)\n","date":"2006-03-04T00:00:00Z","href":"https://blog.koehntopp.info/2006/03/04/mysql-fuer-dummies-3.html","tags":["mysql","lang_de"],"title":"MySQL für Dummies (3)"},{"categories":null,"content":"Für die folgenden Beispiele wird eine breitere Tabelle gebraucht, und es müssen auch einige Testdaten vorhanden sein. Daher hier einmal eine Tabellendefinition und ein Generatorscript für Testdaten:\nroot@localhost [rootforum]\u0026gt; drop table t; Query OK, 0 rows affected (0.00 sec) root@localhost [rootforum]\u0026gt; create table t ( id bigint unsigned not null, d char(12) not null, e char(25) not null, i integer unsigned not null ); Query OK, 0 rows affected (0.22 sec) root@localhost [rootforum]\u0026gt; [1]+ Stopped mysql -u root -p und\nh743107:~ # cat gendata.pl #! /usr/bin/perl -w my $limit = 20000000; # 20 Mio for (my $i=0; $i\u0026amp;lt;$limit; $i++) { $str1 = \u0026#34;\u0026#34;; for (my $j=0; $j\u0026amp;lt;12; $j++) { $str1 .= chr(97+26\\*rand()); } $str2 = \u0026#34;\u0026#34;; for (my $j=0; $j\u0026amp;lt;25; $j++) { $str2 .= chr(97+26\\*rand()); } $x = int(rand()\\*2\\*\\*31); printf qq(\u0026#34;$i\u0026#34;,\u0026#34;$str1\u0026#34;,\u0026#34;$str2\u0026#34;,\u0026#34;$x\u0026#34;\\n); } h743107:~ # ./gendata.pl \u0026gt; /tmp/data.csv h743107:~ # head -10 /tmp/data.csv \u0026#34;0\u0026#34;,\u0026#34;uvhgnbjklavf\u0026#34;,\u0026#34;fnwnwuwphwjcnuufzzbdjswpt\u0026#34;,\u0026#34;466412497\u0026#34; \u0026#34;1\u0026#34;,\u0026#34;sfnyjtjcljyr\u0026#34;,\u0026#34;puccvmiqgujqetgkwmwzdjefs\u0026#34;,\u0026#34;940962493\u0026#34; \u0026#34;2\u0026#34;,\u0026#34;fbdjnejvhkar\u0026#34;,\u0026#34;wwpfrdpasbztljviehzojgwyf\u0026#34;,\u0026#34;1417468689\u0026#34; \u0026#34;3\u0026#34;,\u0026#34;lqwgrvcmygqz\u0026#34;,\u0026#34;aazxhpetwqlkdwuaxwvhmhtsl\u0026#34;,\u0026#34;1393448064\u0026#34; \u0026#34;4\u0026#34;,\u0026#34;tvfucewatbhp\u0026#34;,\u0026#34;zayvtprykglnynesavekdnpwr\u0026#34;,\u0026#34;1565437858\u0026#34; \u0026#34;5\u0026#34;,\u0026#34;kgiyuxheibsa\u0026#34;,\u0026#34;bipgdpnvetowphowepuerediy\u0026#34;,\u0026#34;944905110\u0026#34; \u0026#34;6\u0026#34;,\u0026#34;qpgyhtohyfut\u0026#34;,\u0026#34;uxajpmyegbgaoexdyxnfsetpg\u0026#34;,\u0026#34;323176798\u0026#34; \u0026#34;7\u0026#34;,\u0026#34;fdpzsnkfvird\u0026#34;,\u0026#34;mpkqpcfgelhtxnszqremviuzk\u0026#34;,\u0026#34;1486742441\u0026#34; \u0026#34;8\u0026#34;,\u0026#34;awvwzzthakbe\u0026#34;,\u0026#34;slgfbakiuoggaulehscqxvoct\u0026#34;,\u0026#34;143366617\u0026#34; \u0026#34;9\u0026#34;,\u0026#34;drqdiqggqfos\u0026#34;,\u0026#34;hoigxngyrgwebyavcgugiixnm\u0026#34;,\u0026#34;1264096349\u0026#34; h743107:~ # wc -l /tmp/data.csv 20000000 /tmp/data.csv h743107:~ # ls -lh /tmp/data.csv -rw-r--r-- 1 root root 1,3G 2006-02-11 12:00 /tmp/data.csv h743107:~ # fg mysql -u root -p (wd: /var/lib/mysql) root@localhost [rootforum]\u0026gt; load data infile \u0026#34;/tmp/data.csv\u0026#34; into table t fields terminated by \u0026#34;,\u0026#34; enclosed by \u0026#39;\u0026#34;\u0026#39;; Query OK, 20000000 rows affected (1 min 45.35 sec) Records: 20000000 Deleted: 0 Skipped: 0 Warnings: 0 root@localhost [rootforum]\u0026gt; [1]+ Stopped mysql -u root -p h743107:~ # ll /var/lib/mysql/rootforum/ insgesamt 977552 drwx------ 2 mysql mysql 4096 2006-02-11 11:48 . drwxr-xr-x 5 mysql mysql 4096 2006-02-11 11:52 .. -rw-rw---- 1 mysql mysql 65 2006-02-11 11:26 db.opt -rw-rw---- 1 mysql mysql 8628 2006-02-11 11:48 t.frm -rw-rw---- 1 mysql mysql 1000000000 2006-02-11 12:04 t.MYD -rw-rw---- 1 mysql mysql 1024 2006-02-11 12:04 t.MYI Wir erzeugen hier eine Tabelle mit einem UNSIGNED BIGINT \u0026quot;id\u0026quot; (8 Byte), zwei CHAR Spalten d und e von 12 und 25 Zeichen Breite und einer Spalte i INTEGER UNSIGNED. Alle Werte sind, wie sich das gehört, NOT NULL.\nDas Generatorscript füllt diese Spalten mit aufsteigenden Werten für id, zufälligen Texten für d und e und mit Zufallszahlen für i. Es braucht auf meinem MR2 gut 20 Minuten, um eine 1.3 GB große Loader-Datei mit 20 Mio Datensätzen zu erzeugen. Der Load erfolgt dann mit dem relativ schnellen LOAD DATA INFILE Kommando. Da keine Indices mitzuführen sind, geht der Load mit 105 Sekunden (190000 Rows/sec, 12380 KB/sec) über die Bühne. Das ist etwa 1/3 der Bruttogeschwindigkeit der Platte, und daher relativ akzeptabel.\nDie resultierende MYD-Datei verbraucht 50 Byte/Record und ist Fixed, sodass 100 Mio Bytes (954 MB) für Datenfile verwendet werden. Ein Index wird nicht erzeugt, weil keiner definiert ist, daher ist die MYI-Datei minimal groß.\nDie Daten sind drin:\nh743107:~ # fg mysql -u root -p root@localhost [rootforum]\u0026gt; show warnings; Empty set (0.00 sec) root@localhost [rootforum]\u0026gt; select count(*) from t; +----------+ | count(*) | +----------+ | 20000000 | +----------+ 1 row in set (0.01 sec) root@localhost [rootforum]\u0026gt; show table status like \u0026#34;t\u0026#34;\\G Name: t Engine: MyISAM Version: 9 Row_format: Fixed Rows: 20000000 Avg_row_length: 50 Data_length: 1000000000 Max_data_length: 214748364799 Index_length: 1024 Data_free: 0 Auto_increment: NULL Create_time: 2006-02-11 11:48:23 Update_time: 2006-02-11 12:04:41 Check_time: NULL Collation: latin1_swedish_ci Checksum: NULL Create_options: Comment: 1 row in set (0.00 sec) Die Data_length bei SHOW TABLE STATUS gibt also die Größe der MYD-Datei an, die Index_length ist die Größe der MYI-Datei. Data_free sagt, daß in der MYD-Datei keine Lücken existieren.\nDas ist sehr wichtig, wenn in eine MyISAM-Tabelle mit INSERT Daten eingefügt werden: Neue Werte werden nun am Ende der MYD-Datei angefügt, und zwar ohne Locking - SELECT können also auf diese Tabelle ausgeführt werden, ohne sich mit den INSERT um den Zugriff zu prügeln - aber das funktioniert nur, solange Data_free: 0 ist.\nIn Fixed-Tabellen ist es recht leicht, Data_free auf 0 zu bekommen - da alle Records gleich groß sind, wird das irgendwann einmal sicher der Fall sein, wenn Daten eingefügt werden und man kann mit der Avg_row_length und dem Wert aus Data_free leicht ausrechnen, wann das der Fall sein wird. OPTIMIZE TABLE schließt die Lücken auch, kann aber sehr lange dauern, und sobald das erste Mal aus der Tabellen mitten rausgelöscht wird, ist das gute OPTIMIZE wieder beim Teufel.\nMit MyISAM MERGE-Tables oder mit MySQL 5.1 DATA PARTITIONS kann man Tabellen bauen, aus denen sich Daten löschen lassen, ohne Lücken aufzureißen. Data_free bleibt dann immer schon 0 und Concurrent_insert kann durchgeführt werden.\nroot@localhost [rootforum]\u0026gt; show variables like \u0026#34;concurrent%\u0026#34;; +-------------------+-------+ | Variable_name | Value | +-------------------+-------+ | concurrent_insert | ON | +-------------------+-------+ 1 row in set (0.00 sec) Man kann sich dies in der [mysqld]-Sektion seiner /etc/my.cnf leicht konfigurieren (concurrent_insert = 1).\n(geschrieben für Rootforum und hier herüber geschafft zur Archivierung)\n","date":"2006-03-03T00:00:00Z","href":"https://blog.koehntopp.info/2006/03/03/mysql-fuer-dummies-2.html","tags":["mysql","lang_de"],"title":"MySQL für Dummies (2)"},{"categories":null,"content":"Ein MySQL Datenbankserver hat ein datadir. Das Kommando\nroot@localhost [(none)]\u0026gt; show variables like \u0026#34;datadir\u0026#34;; +---------------+-----------------+ | Variable_name | Value | +---------------+-----------------+ | datadir | /var/lib/mysql/ | +---------------+-----------------+ 1 row in set (0.00 sec) sagt uns, wo das liegt. In datadir wird für jede mit CREATE DATABASE angelegte Datenbank ein Verzeichnis angelegt, und für jede mit CREATE TABLE in dieser Datenbank vorhandene Tabelle eine *.frm-Datei. Dies gilt für alle Tabellentypen, die MySQL verwendet, sogar für MEMORY-Tables. Die *.frm-Datei beschreibt die Definition der Tabelle, also welche Spalten und Indices vorhanden sein sollen.\nroot@localhost [(none)]\u0026gt; create database rootforum; Query OK, 1 row affected (0.00 sec) root@localhost [(none)]\u0026gt; use rootforum Database changed root@localhost [rootforum]\u0026gt; create table t ( id serial ) engine=memory; Query OK, 0 rows affected (0.03 sec) root@localhost [rootforum]\u0026gt; [1]+ Stopped mysql -u root -p h743107:/var/lib/mysql # l rootforum/ insgesamt 24 drwx------ 2 mysql mysql 4096 2006-02-11 11:27 ./ drwxr-xr-x 5 mysql mysql 4096 2006-02-11 11:26 ../ -rw-rw---- 1 mysql mysql 65 2006-02-11 11:26 db.opt -rw-rw---- 1 mysql mysql 8556 2006-02-11 11:27 t.frm Die db.opt sind übrigens die beim Anlegen der Datenbank verwendeten Datenbankoptionen, also der DEFAULT CHARACTER SET und die DEFAULT COLLATION.\nFür eine MyISAM-Tabelle werden neben der frm-Datei auch noch eine MYD- und eine MYI-Datei angelegt. Die MYD-Datei enthält die Daten, die MYI-Datei die Indices. Mithilfe der frm-Datei und den Daten aus der MYD-Datei kann die MYI-Datei jederzeit rekonstruiert werden, aber dies kann bei vielen Daten sehr lange dauern. Mithilfe der Tabellendefinition aus mysqldump --no-data kann die frm-Datei jederzeit rekonstruiert werden, aber das kann umständlich werden. Wenn die MYD-Datei beschädigt ist, gehen Daten verloren.\nh743107:/var/lib/mysql # fg mysql -u root -p root@localhost [rootforum]\u0026gt; alter table t engine=myisam; Query OK, 0 rows affected (0.03 sec) Records: 0 Duplicates: 0 Warnings: 0 root@localhost [rootforum]\u0026gt; [1]+ Stopped mysql -u root -p h743107:/var/lib/mysql # l rootforum/ insgesamt 28 drwx------ 2 mysql mysql 4096 2006-02-11 11:28 ./ drwxr-xr-x 5 mysql mysql 4096 2006-02-11 11:26 ../ -rw-rw---- 1 mysql mysql 65 2006-02-11 11:26 db.opt -rw-rw---- 1 mysql mysql 8556 2006-02-11 11:28 t.frm -rw-rw---- 1 mysql mysql 0 2006-02-11 11:28 t.MYD -rw-rw---- 1 mysql mysql 1024 2006-02-11 11:28 t.MYI Eine MYD-Datei besteht aus Records - je nach Definition der Tabelle haben sie eine feste Länge oder eine variable Länge: Solange VARCHAR, TEXT und BLOB nicht in einer Tabellendefinition vorkommen, haben die Records feste Längen, ansonsten eine variable Länge. Mit SHOW TABLE STATUS LIKE \u0026quot;name\u0026quot; kann man das prüfen:\noot@localhost [rootforum]\u0026gt; show table status like \u0026#34;t\u0026#34;\\G Name: t Engine: MyISAM Version: 9 Row_format: Fixed Rows: 0 Avg_row_length: 0 Data_length: 0 Max_data_length: 38654705663 Index_length: 1024 Data_free: 0 Auto_increment: 1 Create_time: 2006-02-11 11:28:56 Update_time: 2006-02-11 11:28:56 Check_time: NULL Collation: latin1_swedish_ci Checksum: NULL Create_options: Comment: 1 row in set (0.00 sec) (Indem man ein Kommando im MySQL-Kommandozeilenclient nicht mit ; oder \\g, sondern mit \\G abschließt, bekommt man eine vertikale Ausgabe der Daten und dies ist in manchen Fällen übersichtlicher)\nWir sehen hier, daß das Row_Format der Tabelle t fixed ist. Das bedeutet, daß die Datensätze in der MYD-Datei eine feste Länge haben. MySQL kann auf die Datensätze hier mit Datensatznummern zugreifen, statt mit Byte-Offsets zu arbeiten. Eine Datensatznummer oder ein Byte-Offset können bis zu 32 Bit unsigned groß sein - daraus ergibt sich eine Max_data_length von 4 GB für Row_Format: dynamic und von 4 GB * Datensatzgröße bei Row_format: Fixed. Ist das nicht ausreichend, muss man durch Angabe der Tabellenoptionen avg_row_length und max_rows dafür sorgen, daß MySQL z.B. intern 8 Byte Zahlen zur Adressierung verwendet - dies ist aber nur empfohlen, wenn notwendig, weil es den Server generell ein wenig langsamer macht.\nAn den Datenbankdateien von MySQL sollte man generell nicht zu Fuß herumfummeln, solange der Datenbankserver läuft (Manche Leute trauen sich das nach einem FLUSH TABLES WITH READ LOCK zu, aber generell ist es besser, ein /etc/init.d/mysql stop zu machen, bevor man was in datadir anfasst).\nFür eine Datensicherung ist es bei einer Default-Konfiguration ausreichend, datadir und die my.cnf zu sichern.\n(geschrieben für Rootforum und hier herüber geschafft zur Archivierung)\n","date":"2006-03-02T00:00:00Z","href":"https://blog.koehntopp.info/2006/03/02/mysql-fuer-dummies-1.html","tags":["mysql","lang_de"],"title":"MySQL für Dummies (1)"},{"categories":null,"content":" Sony, die Firma, die uns die ersten kommerziell eingesetzten Rootkits gebracht hat, präsentiert nun den VAIO XL2 .\nSony:\nThe Windows Media Center PC sports a 200-disc changer that, with a single click, lets you rip that many CDs while you sleep.\nEs ist unbekannt, ob das Gerät dabei vom Sony Rootkit infiziert werden kann oder nicht.\nIst Sony schizophren?\n","date":"2006-01-25T00:00:00Z","href":"https://blog.koehntopp.info/2006/01/25/ist-sony-schizophren.html","tags":["copyright","sony","media","lang_de"],"title":"Ist Sony schizophren?"},{"categories":null,"content":"Wer die Ereignisse rund um das Sony Rootkit verfolgt hat, der weiß schon, daß es Rechteinhaber mit dem Urheberrecht selbst nicht so genau nehmen und zum Beispiel schon mal gerne GPL Sourcecode ohne Beachtung der Lizenzbestimmungen in ihre Software einbauen, bevor sie diese ungefragt und getarnt auf fremden Rechnern einschmuggeln.\nDa ist es nur konsequent, wenn ausgerechnet die Oberschreihälse und Raubkopiererjäger von der Gesellschaft zur Verfolgung von Urheberrechtsverletzungen (GVU) (no less!) vom Staatsanwalt hausdurcht werden. Heise schreibt dazu:\nDie Staatsanwaltschaft Ellwangen verdächtigt die private Fahndungsorganisation der Film- und Softwareindustrie, die Verbreitung sogenannter Warez aktiv unterstützt zu haben. Ermittlungsbeamte des Landeskriminalamts Baden-Württemberg durchsuchten am heutigen Dienstag die Hamburger Geschäftsräume der Gesellschaft und die Wohnung eines hochrangigen Mitarbeiters. \u0026hellip; Sollte es zutreffen, dass die GVU die Infrastruktur der Raubkopierer mitfinanziert hat, würde dies einen Verdacht auf eine strafrechtlich relevante Beihilfe zur Verbreitung von Warez-Material begründen.\nVor diesem Hintergrund ebenfalls lesenswert: Der Fluch der Silberlinge - Spiegel Online zum 2. Korb der Urheberrechtsnovelle und zur GVU:\nAllein die GVU beschäftigt zehn Rechercheure, fast alles ehemalige Polizisten. Stolz bezeichnet Geschäftsführer und Ex-Kommissar Jochen Tielke seine Gesellschaft auch schon einmal als \u0026ldquo;kleines BKA für Urheberrechtsverletzungen\u0026rdquo;.\nWer ist die GVU? Mitgliederliste der GVU bei netzpolitik.org.\n","date":"2006-01-24T00:00:00Z","href":"https://blog.koehntopp.info/2006/01/24/rechte-und-inhaber-wen-juckt-s.html","tags":["copyright","hack","media","musik","lang_de"],"title":"Rechte und Inhaber - wen juckt's?"},{"categories":null,"content":"Die Polizei in Schleswig-Holstein will gerne einfach mal mithören : So soll zum Beispiel auch ohne konkreten Anfangsverdacht einfach jeder abgehört werden können. Beim ULD schreibt man dazu in einer Stellungnahme , was man davon hält.\nDer Schleswig-Holsteinische Innenminister Ralf Stegner hält in \u0026ldquo;Thilo allein zu Haus \u0026rdquo; diese Stellungnahme für weltfremd:\nDer Datenschützer tue aber so, als gehe von der Polizei grundsätzlich eine Bedrohung der Bürgerrechte aus. \u0026ldquo;Das ist eine verkehrte Welt, in der Thilo Weichert allein lebt\u0026rdquo;, sagte Stegner am Donnerstag (12. Januar) in Kiel.\nIn seinen Augen geht die Bedrohung grundsätzlich vom Bürger aus. Irgendwie haben durchschnittliche Innenminister ein sehr komisches Weltbild.\nFinden eine ganze Reihe Institutionen wohl auch.\nThilo ist nicht allein zu Haus\n","date":"2006-01-16T00:00:00Z","href":"https://blog.koehntopp.info/2006/01/16/noch-mehr-lauschen-einfach-mal-mithoeren.html","tags":["politik","security","überwachung","lang_de"],"title":"Noch mehr lauschen: \"Einfach mal mithören\""},{"categories":null,"content":" Ganz platt-klischeehaftes Deutschland\nIm Spiegel vertritt Markus Söder, CSU die Auffassung:\nSeine Partei trete dafür ein, in Deutschland wieder ein stärkeres Gemeinschafts- und Nationalgefühl zu entwickeln, sagte CSU-Generalsekretär Markus Söder der \u0026ldquo;Berliner Zeitung\u0026rdquo;. \u0026ldquo;Deutschland braucht einen ideellen Überbau\u0026rdquo;, sagte Söder dem Blatt.\nDas trifft in dieser allgemeinen Form eine ganze Menge Knöpfe bei mir.\nDa ist einmal der Hintergrund zu den Unruhen in den französischen Trabantenstädten - das Schlagwort der Berichterstattung, das in Bezug auf die deutsche Gesellschaft verwendet worden ist, ist \u0026ldquo;Parallelgesellschaft\u0026rdquo;. In der öffentlichen Diskussion ist dieser Begriff wegen der französischen Ereignisse in erster Linie mit Einwanderern aus muslimischen Ländern verbunden worden, aber in meinem Erleben ist der Begriff allgemeiner, und ich nehme jede Menge andere \u0026ldquo;Parallelgesellschaften\u0026rdquo; und weniger scharf abgegrenzte \u0026ldquo;Subkulturen\u0026rdquo; in meinem Umfeld wahr. Manche von denen sind sich - aus der Sicht eines muslimischen Einwanderers - recht ähnlich, wie etwa traditionelles deutsches Bürgertum und angehörige eines alternativen Lebensstiles in Deutschland, aber wenn man die beiden zusammenbrächte, würde sich beide Gruppen sehr schnell und recht emotional voneinander trennen.\nDurch meinen neuen Job lerne ich gerade eine weitere Gruppe von Menschen kennen.\nEs handelt sich um Personen, die sich selbst quasi globalisiert haben, und denen das konkrete Land, in dem sie Wohnen wahrscheinlich weitgehend egal ist - sie sind nicht dort geboren, sondern haben es sich ausgesucht, und wohnen und leben dort, weil es ihnen dort gefällt. Würde es ihnen nicht mehr gefallen, ziehen sie halt um. Diese Personen haben auch keinen lokalen Freundeskreis, sondern stehen mit Freunden in vielen Ländern über moderne Kommunikationsmittel in teilweise täglicher Verbindung. Sie arbeiten an Projekten, die extrem verteilt sind. Das Arbeitsumfeld, das Open-Source-Projekte erzeugen, ist ein solches Umfeld, und eine solche Subkultur. Kinder in Familien aus diesem Umfeld wachsen nicht selten zwei- oder dreisprachig auf und lernen von ihren Eltern, Landesgrenzen oder nationale Kulturen bei ihrer Lebensplanung zwar einzuplanen, aber nicht als Hindernis zu sehen.\nBeide Schichten sind eigentlich nur Ausprägungen derselben Veränderung, sie unterscheiden sich im Grunde nur im Grad der Ausbildung und der Finanzmittel, die ihnen zur Verfügung stehen (und das ist zugleich der fundamentale Unterschied zwischen beiden Gruppen). Sie, und viele andere Gruppen leben plötzlich im selben Land.\nSeit dem Ende des 19. Jahrhunderts haben wir in Europa die Identität von Region, Kultur und gemeinsamen Interessen, den Nationalstaat. Diese Identität löst sich gerade an den verschiedenen Enden der Gesellschaft auf - auf dem Balkan war der Leim weniger dick, da ist das schon passiert, in Frankreich hat es gerade geknallt, ist aber nicht explodiert, und in Deutschland haben wir jetzt eine große Koalition, weil viele Deutsche mit solchen fundamentalen Problemen gerne konsensuell statt diskursiv umgehen.\nDer deutsche Staat reagiert auf diese Veränderung jedoch hilflos, unter anderem weil er keine alternative Definition von sich selbst entwickelt hat, die über diese Epoche hinausgeht. Auch weil er kein Konzept oder Entwicklungsziel explizit gemacht hat, auf das der Staat sich hin entwickeln will, um mit diesen Tendenzen fertig zu werden - wir bauen zwar an \u0026ldquo;Europa\u0026rdquo;, aber nicht an einem europäischen Nationalstaat - das wäre mit den Mitgliedsländern von \u0026ldquo;Europa\u0026rdquo; schon heute gar nicht möglich, und wäre angesichts der Entwicklung von Subkulturen in allen europäischen Nationalstaaten auch nicht der richtige Weg.\nEine gemeinsame Reaktion ist jedoch in allen europäischen Ländern, wenn nicht sogar weltweit zu beobachten. Weil die gemeinsame kooperative Basis fehlt, entsteht das Gefühl der Angst vor dem Kontrollverlust und der Wunsch nach mehr Frühwarnsystemen. Das führt dann, vermutlich ungeplant, aber nichtsdestotrotz stimmig in dieselbe Richtung fortschreitend zu dem Mehr an Überwachung und politischer Kontrolle, das wir derzeit überall beobachten können: Der Staat belauert seine Bürger, die gesellschaftlichen Gruppen belauern untereinander, und unsere Bundeskanzlerin vollführt in den Medien den magischen \u0026ldquo;Du bist Deutschland\u0026rdquo;-Beschwörungstanz.\nAuch Söder haut in dieselbe Kerbe:\nSöder betonte: \u0026ldquo;Dazu gehört auch, die Nationalhymne mehr zu singen.\u0026rdquo; Das gelte für öffentliche Anlässe, aber auch in den Schulen. \u0026hellip; Darüber hinaus müsse den Kindern die richtige geistige Orientierung gegeben werden. So sollte das Angebot zu Schulgebeten erhöht werden, sagte der CSU-Politiker.\nNur: Wenn dies Deutschland ist, wie es in den Köpfen unserer Politiker existiert, dann will ich hier dringend weg. Söder kommuniziert hier das vereinfachte Weltbild für Anfänger, und das ist so herzerweichend naiv, hoffnungslos unzureichend und hilflos, daß es mich zugleich erschreckt und Mitleid in mir erregt. Wenn man es nicht als Konzept für \u0026ldquo;Deutschland\u0026rdquo; nimmt, sondern als die beste Definition von \u0026ldquo;Deutschland\u0026rdquo; interpretiert, über die ein öffentlicher Diskurs möglich ist, dann ist \u0026ldquo;Deutschland\u0026rdquo; als Konzept schon am Ende.\nInsofern ist der Spiegel-Artikel eine gute Sache, weil er zeigt, daß offenbar dringend ein Bedarf nach Diskussion darüber besteht, was eine Gesellschaft, einen Staat im 21. Jahrhundert überhaupt ausmacht. Und ob \u0026ldquo;Deutschland\u0026rdquo; überhaupt noch ein tragfähiges Konzept in dieser Zeit ist. Und falls ja, wie man \u0026ldquo;Deutschland\u0026rdquo; dann wohl definiert.\nBist Du \u0026ldquo;Deutschland\u0026rdquo;? Das ist die Frage, die der Photopool \u0026ldquo;Du bist Deutschland\u0026rdquo; als Antwort auf die Medien-Kampagne \u0026ldquo;Du bist Deutschland\u0026rdquo; doch wohl am ehesten aufwirft.\nWe are family Unter diesem urdeutschen Titel versucht Pro 7 seinen Zuschauern zu zeigen, was Deutschland alles ist, und wer alles in Deutschland lebt. Vielleicht hätte ich mir das einmal ansehen sollen, um besser zu verstehen, wer Ihr anderen Deutschen so seid und wie Ihr mich möglicherweise seht. Andererseits: Warum eigentlich?\nAm Ende bleibt die Frage, lieber Leser und Deutscher: \u0026ldquo;Bist Du Deutschland?\u0026rdquo; Wenn ja, wer bist Du? Und was ist Deutschland - für Dich? Kenntnis der Nationalhymne und Schulgebet? Ich hoffe doch, ein wenig mehr. Oder interessiert Dich das alles gar nicht mehr?\n","date":"2005-12-30T00:00:00Z","href":"https://blog.koehntopp.info/2005/12/30/bist-du-deutschland-oder-ein-vereinfachtes-weltbild-fuer-anfaenger.html","tags":["politik","lang_de"],"title":"\"Bist Du Deutschland?\" oder \"Ein vereinfachtes Weltbild für Anfänger\""},{"categories":null,"content":"Rootkit - Sonys digitaler Hausfriedensbruch : Eine Timeline. Hintergrundmaterial zum Vortrag auf dem 22C3.\nUpdate: Preliminary settlement filed in Sony suit :\nLawyers in a class action lawsuit filed against Sony BMG, First 4 Internet and SunnComm last month have submitted a preliminary settlement, which calls for Sony to stop manufacturing CDs with XCP and MediaMax DRM, provide replacement discs, and make cash payments to affected customers\u0026hellip;.\u0026ldquo;Incentive #1\u0026rdquo; will provide customers with a cash payment of $7.50 and a free download of one album from a list of more than 200 titles. \u0026ldquo;Incentive #2\u0026rdquo; removes the cash payment but allows for downloads of three albums\u0026hellip;.In order to be eligible, an individual must return the XCP laden CD to Sony, or provide the company with a receipt showing the return or exchange of the CD at a retailer after November.\nLachhaft glimpflich. Wer hat sich denn da bequatschen lassen?\nVolltext PDF (42 Seiten)\n(via The Inquirer )\n","date":"2005-12-28T00:00:00Z","href":"https://blog.koehntopp.info/2005/12/28/sony-rootkit-timeline.html","tags":["ccc","musik","sony","security","lang_de"],"title":"Sony Rootkit Timeline"},{"categories":null,"content":" Was sagen die Künstler, deren Werke von Sony mit dem illegalen Rootkit verschönert worden sind, dazu und was macht die Sony Affäre mit deren Einnahmen?\nBusinessweek schreibt:\nVan Zant\u0026rsquo;s Get Right with the Man CD was released in May, but six months later it still was doing better-than-respectable business on Amazon.com. The album ranked No. 887 on the online retailer\u0026rsquo;s list of music sales on Nov. 2. \u0026hellip; GROWING OUTRAGE. Overnight, Get Right with the Man dropped to No. 1,392 on Amazon\u0026rsquo;s music rankings. By Nov. 22 \u0026ndash; after the news made headlines and Sony was deep into damage control, pulling some 4.7 million copy-protected disks from the market \u0026ndash; Get Right with the Man was even further from Amazon\u0026rsquo;s Top 40, plummeting to No. 25,802.The wrath of fans killed Sony\u0026rsquo;s CD copy controls, with the company pulling 52 titles off retail shelves, beginning the week of Nov. 14. But the wrath of bands could be far worse for the company \u0026ndash; and for efforts to protect content in general.\n(via Julian Finn )\n","date":"2005-11-24T00:00:00Z","href":"https://blog.koehntopp.info/2005/11/24/k-nstler-vs-sony.html","tags":["hack","sony","media","musik","security","lang_de"],"title":"Künstler vs. Sony"},{"categories":null,"content":" Fred schickt mir den folgenden Link: EFF Files Class Action Lawsuit Against Sony BMG :\nThe Electronic Frontier Foundation (EFF), along with two leading national class action law firms, today filed a lawsuit against Sony BMG, demanding that the company repair the damage done by the First4Internet XCP and SunnComm MediaMax software it included on over 24 million music CDs\u0026hellip;.Both the XCP and MediaMax CDs include outrageous, anti-consumer terms in their \u0026ldquo;clickwrap\u0026rdquo; EULAs. For example, if purchasers declare personal bankruptcy, the EULA requires them to delete any digital copies on their computers or portable music players. The same is true if a customer\u0026rsquo;s house gets burglarized and his CDs stolen, since the EULA allows purchasers to keep copies only so long as they retain physical possession of the original CD. EFF is demanding that Sony BMG remove these unconscionable terms from its EULAs.\nWohl denen, die ihre Musik sicherheitshalber lieber eseln. Da sind die Risiken leichter einzuschätzen.\n","date":"2005-11-22T00:00:00Z","href":"https://blog.koehntopp.info/2005/11/22/eff-vs-sony.html","tags":["hack","sony","media","musik","security","lang_de"],"title":"EFF vs. Sony"},{"categories":null,"content":" Pushing Ice\u0026quot; ist der neuste Roman von Alastair Reynolds.\n\u0026ldquo;Pushing Ice\u0026rdquo; beginnt ganz klein, nach den Maßstäben einer Alastair Reynolds Der zehnte Mond von Saturn, Janus , macht sich auf, das Sonnensystem zu verlassen. Nur ein einziges Schiff, Rockhopper, ist derzeit weit genug draußen und gut genug ausgestattet, um die Verfolgung aufzunehmen und den Raumschiffmond zu erforschen. Doch natürlich gelingt es der Crew der Rockhopper nicht, von Janus zu entkommen, während der Mond immer weiter beschleunigt, und so wird aus der Raumreise auch eine Zeitreise\u0026hellip;\nDieses Buch spielt nicht im Noir-Universum von \u0026ldquo;Unendlichkeit\u0026rdquo;, sondern zugleich früher und später. Die Charactere sind bei weitem nicht so fremd und entmenschlicht wie in \u0026ldquo;Unendlichkeit\u0026rdquo;, denn sie entstammen einer Welt, die unserer näher und verständlicher ist. Doch das Universum, in dem sie leben, ist genauso kalt und lebensfeindlich wie das Noir-Universum.\n\u0026ldquo;Pushing Ice\u0026rdquo; handelt in seiner ersten Hälfte von einer Gemeinschaft, die unfreiwillig auf die größte Reise ihres und jeden anderen Lebens geschickt wird, und zeichnet die Konflikte und dem Kampf ums Überleben in einer absolut lebensfeindlichen und fremdartigen Umgebung. Doch die Gemeinschaft passt sich an und beginnt sogar, wieder zu florieren. Doch dann ist am Ende seiner Reise angekommen\u0026hellip;\nDer zweite Teil des Buches beschäftigt sich dann mit einer Erstkontaktsituation in einem abgeschlossenen und ressourcenknappen Umfeld - nicht unähnlich den Rama 2 und 3-Romanen von Arthur C. Clarke, aber lange nicht so schlecht erzählt und vor allen Dingen ein nicht so pessimistisches Bild von der menschlichen Natur zeichnend. Letztendlich erzählt Reynolds hier in beiden Teilen die Geschichte von Anpassungsfähigkeit und Wandlungsfähigkeit, und wie sich Intelligenz und Persönlichkeit unter diesen Umständen verformen und dennoch wiedererkennbar gleich bleiben können.\nAm Ende lässt einen \u0026ldquo;Pushing Ice\u0026rdquo; jedoch ein wenig unerfüllt zurück. Zwar packt Reynolds die Geschichte in einen geschlossenen Handlungsbogen, doch zugleich macht das Buch den Eindruck, nur der Starter für weitere, noch weiter hinaus reichende Geschichten zu sein.\nDas Setting im Mittelteil, das in diesem Buch gegeben wird und bespielbar wäre, ist jedoch für meinen Geschmack zu beschränkt und vor allen Dingen zu kalt und feindselig als daß ich dort Geschichten ansiedeln würde. Während \u0026ldquo;Pushing Ice\u0026rdquo; also ein guter Roman ist, der möglicherweise den Grundstein zu weiteren Geschichten legt, ist er als Sourcebook fürs Spielen für mich ohne weitgehende Änderungen nicht verwendbar - er enthält außerdem zu wenig Hintergrund, als daß er als Sourcebook für andere, von der Story abweichende Geschichten tauglich wäre.\n","date":"2005-11-20T00:00:00Z","href":"https://blog.koehntopp.info/2005/11/20/fertig-gelesen-alastair-reynolds-pushing-ice.html","tags":["review","book","scifi","lang_de"],"title":"Fertig gelesen: Alastair Reynolds: \"Pushing Ice\""},{"categories":null,"content":"Update zu Nützliche Kombinationen :\nAls Chief Security Officer ist man natürlich verantwortlich dafür festzulegen, welche Software auf den Rechnern einer Firma installiert werden darf. Ein Rootkit gehört sicherlich nicht dazu. Welche CDs sind also für das Hören in der Firma zu verbieten, weil sie sonst Firmenrechner verseuchen?\nHier die Antwort von Sony mit der kompletten Liste :\nEvery Sony BMG release starting April 1, 2004 has been suject to content protection technology.\nFür die Kosten für das Entfernen bereits installierter Rootkits wahrscheinlich der Arbeitnehmer aufzukommen, der die CD ins Laufwerk geschoben hat, und der kann dann versuchen, diese an Sony weiter zu reichen - so schätze ich jedenfalls die Rechtslage ein, aber ich bin kein Jurist. Vielleicht mag jemand mit mehr Ahnung von der Sache mal dazu Stellung nehmen?\nWie sagt die Tagesschau so schön:\nWohlgemerkt: Alle die unerwünschten Nebenwirkungen und Gefahren treten nur bei den Nutzern auf, die die CD legal erworben haben. Wer die Musikstücke als Raubkopien runtergeladen hat, hat derlei Ungemach nicht zu befürchten.\nDem ist wohl nix mehr hinzuzufügen.\n","date":"2005-11-06T00:00:00Z","href":"https://blog.koehntopp.info/2005/11/06/cso-vs-sony.html","tags":["hack","sony","media","musik","security","lang_de"],"title":"CSO vs. Sony"},{"categories":null,"content":"Das Sony BMG Rootkit aus Legal, Illegal, Scheißegal hat eine dicke Spur von Artikeln nach sich gezogen. Sony bietet jetzt ein Toolkit an, mit dem man die Rootkit-Funktionen deinstallieren kann, der Filtertreiber (den man in der EULA dennoch nicht abgenickt hat) bleibt aber drin. Das ist sehr gnädig von Sony BMG.\nIn World of Warcraft hackers using Sony BMG rootkit auf Securityfocus wird inzwischen von einer sinnvollen Anwendung des Sony BMG Rootkits berichtet: Es ist offenbar problemlos möglich, auf einer Maschine, die mit einer Sony CD verseucht worden ist, Cheats für World of Warcraft zu installieren, die von der Spyware, die Blizzard mit dem Spiel zusammen installiert, nicht entdeckt werden kann.\n\u0026ldquo;Und so verwenden wir unwürdige Konsumenten die Teile, die uns die mächtigen Megacorps zuwerfen in einer kreativen und nutzbringenden Weise.\u0026rdquo; \u0026ndash; irgendwie ist das alles sehr Shadowrun. Abzurunden wäre dies jetzt nur noch, indem Blizzard Sony BMG verklagt, weil das Sony BMG Rootkit so irgendwelche Ansprüche von Blizzard und World of Warcraft verletzt.\nSony BMG and First 4 Internet, the maker of the content protection technology, have both disputed claims that their system could harm the security of a Windows system. Yet, other software makers that rely on the integrity of the operating system are finding that hidden code makes security impossible.\n","date":"2005-11-04T00:00:00Z","href":"https://blog.koehntopp.info/2005/11/04/nuetzliche-kombinationen.html","tags":["hack","media","musik","security","lang_de"],"title":"Nützliche Kombinationen"},{"categories":null,"content":"Sony BMG baut ein Rootkit, um damit das ihrer Meinung nach illegale Kopieren von Dateien auf den Rechnern ihrer Kunden zu verhindern. Die Software gefährdet die Stabilität der Kundensysteme, ist nicht Bestandteil der Lizenzvereinbarung und tut mehr, als sie für die Erreichung ihres Ziels tun müßte. Die Meldung bei Heise zieht man das folgende Fazit:\nIn den Lizenzvereinbarungen (EULA) der CD – der man zustimmen muss, damit die darauf befindliche Abspiel-Software für PCs startet - steht laut Russinovich nichts davon, dass eine Software installiert würde oder sich gar tief im System verankert. In der Diskussion zur Sysinternals-Meldung werfen Teilnehmer ein, dass dieses Vorgehen des Kopierschutzes wohl in Kalifornien nach dem California Business \u0026amp; Protections Code Section 22947.3 illegal sei und mit bis zu 1.000 US-Dollar Strafe pro betroffenem Computer geahndet werden könne.\nDa sind zivile Forderungen wegen entstandener Schäden und Inkompatibilitäten wohl noch nicht drin eingerechnet.\n","date":"2005-11-01T00:00:00Z","href":"https://blog.koehntopp.info/2005/11/01/legal-illegal-scheissegal.html","tags":["hack","media","security","lang_de"],"title":"Legal, Illegal, Scheißegal..."},{"categories":null,"content":"Heute im Irc stellte eine Teilnehmerin den folgenden Fragenschwall:\nWie finde ich eigentlich heraus, was für Gruppen es auf einem Linuxsystem gibt? Wie füge ich da jemanden hinzu? Lege ich den zuerst als User an, ganz normal? Und: Wenn ich einen Ordner anlege, der nur für eine bestimmte Gruppe zugänglich sein soll, mache ich das doch über File Permissions, oder habe ich falsch gedacht?\nDie offensichtliche Antwort, das Nachsehen in /etc/group, funktioniert bei modernen Unixen nicht mehr zwingend, denn Gruppendefinitionen können nicht nur in lokalen Dateien stehen, sondern auch aus dem NIS, dem NIS+, einem LDAP oder einem Active Directory kommen.\nDie folgenden Dinge wurden mit Suse Linux 10.0 getestet, sollten so aber auch auf Solaris funktionieren.\nName Service Switch Genauer gesagt haben moderne Unixe ein Subsystem namens Name Service Switch. Der Name Service Switch erlaubt es dem System, für Benutzer, Gruppen, Hostnamen, Protokolle, Service und noch ein paar Dinge beliebige Datenquellen zu verwenden, für die vorgefertige Module existieren.\nDer Name Service Switch wird durch die Datei /etc/nsswitch.conf gesteuert. Dort findet man für jede Datenbasis (passwd, group, hosts, \u0026hellip;) einen einzeiligen Eintrag. Nach dem Namen der Datenbasis werden durch Leerzeichen getrennt die Namen der Datenquellen aufgelistet, und zwar in der Reihenfolge, in der sie durchsucht werden sollen.\npasswd: files nis shadow: files nis group: files nis hosts: files dns Diese Beispielkonfiguration holt ihre Benutzerdaten für Passwd- und Shadow-Datei sowie die Gruppen aus den lokalen Dateien und danach aus dem NIS, und sie ermittelt Hostnamen aus der lokalen /etc/hosts und danach aus dem DNS.\nDie Syntax für die /etc/nsswitch.conf ist noch ein wenig komplizierter. Zwischen den Einträgen für Datenquellen können in eckigen Klammern nämlich noch Anweisungen für das Verhalten in Fehlerfällen stehen. Auf diese Weise sind Setups möglich, die ihre Daten normalerweise NUR aus dem NIS ziehen, aber aus den lokalen Dateien, falls das NIS einmal nicht erreichbar sein sollte.\nDie Datenbasen des Name Service Switch lassen sich mit dem Kommando getent testen. getent group listet zum Beispiel die gesamte group-Datenbasis auf, getent group disk listet nur den Eintrag für die Gruppe disk auf.\nWir merken uns:\nIn einem modernen Unix mit Name Service Switch ist es also falsch, eine Liste der Gruppen des Systems durch Auslesen von /etc/group zu erzeugen. Stattdessen muß die Liste mit getent group erzeugt werden.\nDas Interface des Name Service Switch ist read-only. Es erlaubt nicht die virtualisierte Erzeugung von Gruppen. Schreibzugriffe müssen also weiterhin manuell in die richtige Datenbank geroutet werden, also in eine lokale Datei oder in ein LDAP geschrieben werden.\nProzesse und Dateien User und Gruppen sind nur dann von Bedeutung, wenn sie auch vom Systemteilen verwendet werden. Systemteile sind Subjekte, also Prozesse, und Objekte, also Dateien.\nEin Prozeß in Unix hat eine effektive User-ID und eine effektive primäre Gruppen-ID. Er kann außerdem eine Reihe von weiteren sekundären Gruppen-IDs enthalten.\nDas Kommando \u0026ldquo;id\u0026rdquo; listet die User- und Gruppen-IDs eines Benutzers:\nkris@dhcp-179:~\u0026gt; id -a uid=1000(kris) gid=100(users) Gruppen=16(dialout),33(video),100(users) Der Benutzer kris hat also die User-ID 1000 und die primäre Gruppen-ID 100. Er gehört außerdem den Gruppen 16 (dialout) und 33 (video) an.\nWenn dieser Prozeß eine Datei erzeugt, dann gehört diese Datei ebenfalls dem Benutzer 1000 (kris) und sie wird standardmäßig (\u0026ldquo;System V Semantik\u0026rdquo;) der Gruppe 100 (users) angehören, denn dies sind die primäre User- und Gruppen-ID dieses Prozesses.\nEs gibt eine andere Betriebsart für Dateisysteme (\u0026ldquo;BSD Semantik\u0026rdquo;), bei der neu angelegte Dateien nicht die primäre Gruppe des anlegenden Prozesses erben, sondern die Gruppe des unmittelbar übergeordneten Verzeichnisses. Man kann das ext2-Dateisystem komplett auf BSD-Semantik umstellen, indem man es mit der Option \u0026ldquo;grpid\u0026rdquo; (alternativ \u0026ldquo;bsdgroups\u0026rdquo;) mounted - der Default ist \u0026ldquo;nogrpid\u0026rdquo; (alternativ \u0026ldquo;sysvgroups\u0026rdquo;). In der Betriebsart \u0026ldquo;nogrpid\u0026rdquo; kann man für ein einzelnes Verzeichnis BSD Semantik wählen, indem man das SGID-Bit an dem Verzeichnis setzt. Hier ein Beispiel:\ndhcp-179:~ # lvcreate -l 10 -n test system Logical volume \u0026#34;test\u0026#34; created dhcp-179:~ # mke2fs -q /dev/system/test dhcp-179:~ # mount -o nogrpid /dev/mapper/system-test /export/test dhcp-179:~ # mkdir /export/test/bla /export/test/fasel dhcp-179:~ # chown kris:video /export/test/bla /export/test/fasel dhcp-179:~ # chmod g+s /export/test/fasel dhcp-179:~ # su - kris kris@dhcp-179:~\u0026gt; cd /export/test kris@dhcp-179:/export/test\u0026gt; touch bla/eins fasel/zwei kris@dhcp-179:/export/test\u0026gt; ls -l bla/eins fasel/zwei -rw-r--r-- 1 kris users 0 2005-11-01 18:59 bla/eins -rw-r--r-- 1 kris video 0 2005-11-01 18:59 fasel/zwei kris@dhcp-179:/export/test\u0026gt; ls -ld bla fasel drwxr-xr-x 2 kris video 1024 2005-11-01 18:59 bla drwxr-sr-x 2 kris video 1024 2005-11-01 18:59 fasel In diesem Beispiel wird das logical Volume test in der Volume Group system angelegt und mit dem ext2-Dateisystem formatiert. Das Dateisystem wird mit der Option nogrpid als /export/test gemountet, was der Default für ext2 ist (und bei reiserfs unveränderlich immer der Fall ist).\nIn /export/test werden die Verzeichnisse bla und fasel anlegt und beide auf kris:video gesetzt. An fasel wird zusätzlich noch das SGID-Bit gesetzt.\nLegt der User kris:users nun in bla und fasel jeweils eine Datei an, wird die Datei in bla (System V Semantik, bzw. nogrpid) der Gruppe users angehören. Die Datei in fasel (BSD Semantik, durch +s umgeschaltet) erbt ihre Gruppenzugehörigkeit jedoch vom übergeordneten Verzeichnis, gehört also kris:video.\nDasselbe Beispiel wie oben für ein Dateisystem, das mit grpid gemountet wurde, ergibt dann das folgende Bild:\nkris@dhcp-179:/export/test\u0026gt; touch bla/eins fasel/zwei kris@dhcp-179:/export/test\u0026gt; ls -ld bla fasel drwxr-xr-x 2 kris video 1024 2005-11-01 19:04 bla drwxr-sr-x 2 kris video 1024 2005-11-01 19:04 fasel kris@dhcp-179:/export/test\u0026gt; ls -l bla/eins fasel/zwei -rw-r--r-- 1 kris video 0 2005-11-01 19:04 bla/eins -rw-r--r-- 1 kris video 0 2005-11-01 19:04 fasel/zwei Das SGID-Bit am Verzeichnis hat dann also keine Wirkung mehr, weil das Dateisystem an sich hier schon BSD-Semantik hat.\nReiserfs kennt die Optionen grpid und nogrpid nicht und verhält sich immer wie ein ext2-Dateissystem mit nogrpid.\nWie kann man nun ein Verzeichnis einer Gruppe schenken? Nun, das geht einfach mit chgrp:\nkris@dhcp-179:~\u0026gt; mkdir keks kris@dhcp-179:~\u0026gt; chgrp video keks kris@dhcp-179:~\u0026gt; chgrp disk keks chgrp: Ändern der Gruppe für „keks“: Die Operation ist nicht erlaubt kris@dhcp-179:~\u0026gt; chgrp users keks Offenbar kann man ein Verzeichnis nur Gruppen schenken, denen man selbst angehört. Das ist deswegen so, weil Unix die Zuordnung von Quotas zu Benutzern und zu Gruppen erlaubt. Indem man eine Datei einer Gruppe schenkt, belastet die Datei die Quota der Gruppe und natürlich darf man nur die Quota einer Gruppe belasten, der man auch angehört.\nWenn man eine Datei in einem Verzeichnis mit BSD-Semantik anlegt, dann erbt diese Datei jedoch immer die Gruppe des Verzeichnisses, selbst dann, wenn der Benutzer, der die Datei anlegt, nicht dieser Gruppe angehört - hier kann dann ein fremder Benutzer die Quota einer Gruppe belasten, der er nicht angehört. Es ist also Aufgabe einer Gruppe, die Zugriffsrechte an ihren Verzeichnissen so zu setzen, daß dort nicht fremde Leute Daten ablegen können und so die Quota der Gruppe belasten.\nEs ist außerdem möglich (wenn auch unwahrscheinlich), daß ein Benutzer so eine Datei anlegen kann, die er später nicht mehr lesen darf.\nDas Szenario ist konstruiert, aber technisch möglich:\n## Kris legt ein Verzeichnis an kris@dhcp-179:~\u0026gt; mkdir keks kris@dhcp-179:~\u0026gt; chmod a+rwx,g+s keks kris@dhcp-179:~\u0026gt; chgrp video keks kris@dhcp-179:~\u0026gt; ls -ld keks drwxrwsrwx 2 kris video 48 2005-11-01 19:17 keks ## kdebuild legt dort eine Datei an kdebuild@dhcp-179:/home/kris/keks\u0026gt; umask 0727 kdebuild@dhcp-179:/home/kris/keks\u0026gt; touch bla kdebuild@dhcp-179:/home/kris/keks\u0026gt; ls -l bla ----r----- 1 kdebuild video 0 2005-11-01 19:18 bla kdebuild@dhcp-179:/home/kris/keks\u0026gt; cat bla cat: bla: Keine Berechtigung Das ist für ein Rechtesystem eine unschöne Situation. Fällt jemandem ein sinnvoller Anwendungszweck für diese Eigenschaft des Unix-Rechtesystems ein?\nWir merken uns:\nUm ein Verzeichnis zu erzeugen, auf das nur eine bestimmte Gruppe Zugriff hat, legen wir das Verzeichnis an und schenken es der Gruppe mit chgrp, dann setzen wir die Zugriffsrechte auf rwxrwx--- oder ähnlich.\nWenn wir außerdem das SGID-Bit am Verzeichnis mit chmod g+s … setzen, werden auch alle Dateien im Verzeichnis der Gruppe gehören. Um ein Verzeichnis einer Gruppe schenken zu können, muß man selbst Mitglied der Gruppe sein.\nZugriffsrechte an Dateien In den letzten 30 Jahren war es in Unix immer so, daß eine Datei einen Eigentümer und eine Eigentümer-Gruppe hatte. Rechte wurden für den Eigentümer und die Eigentümer-Gruppe vergeben. Prozesse hatten ebenfalls einen Eigentümer und eine Gruppe, und Unix hat stur den folgenden simplen Test durchgeführt, um zu bestimmen, welche Rechte für eine Datei gelten:\nStimmen der Datei-Eigentümer und der Prozeß-Eigentümer überein? Wenn ja, dann gelten die User-Rechte, also das erste rwx-Tripel. Das ist selbst dann der Fall, wenn in einem anderen Tripel bessere Rechte definiert sind. Stimmen die Datei-Eigentümergruppe und eine der primären oder sekundären Gruppen eines Prozesses überein? Wenn ja, dann gelten die Gruppen-Rechte, also das zweite rwx-Tripel. Das ist selbst dann der Fall, wenn im 3. Tripel bessere Rechte definiert sind. In allen anderen Fällen gelten die Rechte aus dem 3. Tripel. Access Control Lists (ACLs) Mit modernen Unixen ist es jedoch alles viel komplizierter geworden, denn nun können im Prinzip an einer Datei selber auch viele Benutzer- und Gruppenrechte kleben.\nZum Glück nicht per Default.\nDamit die Lage kompliziert wird, muß man das betreffende Dateisystem mit der Option acl mounten. Im Beispiel erzeugen wir zur Abwechslung mal ein reiserfs und mounten dies mit der passenden Option. Mit den Kommandos getfacl und setfacl (\u0026ldquo;get and set a file access control list\u0026rdquo;) können wir dann lustig individuelle Zugriffsrechte vergeben.\ndhcp-179:~ # lvcreate -l 10 -n test system Logical volume \u0026#34;test\u0026#34; created dhcp-179:~ # mkreiserfs -q /dev/system/test mkreiserfs 3.6.18 (2003 www.namesys.com) dhcp-179:~ # mount -o acl /dev/mapper/system-test /export/test dhcp-179:~ # cd /export/test dhcp-179:/export/test # touch keks dhcp-179:/export/test # chmod 000 keks dhcp-179:/export/test # setfacl -m u:kris:rwx,mask::rwx,g:video:rwx,u:kdebuild:rx keks dhcp-179:/export/test # ls -l keks ----rwx---+ 1 root root 0 Nov 1 19:26 keks dhcp-179:/export/test # getfacl keks # file: keks # owner: root # group: root user::--- user:kris:rwx user:kdebuild:r-x group::--- group:video:rwx mask::rwx other::--- Eine Datei mit einer ACL wird von ls mit einem \u0026ldquo;+\u0026quot;-Zeichen markiert. Statt den Rechten der Gruppe werden dann im zweiten Tripel die Rechte der Mask angezeigt.\nDie Mask limitiert alle anderen Zugriffsrechte an der Datei ausgenommen den Eigentümer und Others. Sie legt also quasi die maximalen Rechte fest, die irgendjemand außer dem Eigentümer an der Datei haben kann, wenn er nicht die Defaultrechte bekommt.\nDies ist ein Kompatibilitätsmechanismus, der meistens das korrekte Verhalten von Programmen bewirken soll, die nichts von Zugriffsrechten wissen - sie bekommen durch Auslesen des zweiten Rechtetripels einen etwas optimistischen View auf die Rechte, die sie wahrscheinlich haben werden. :)\nDas Kommando setfacl kann jetzt die Rechte an einer Datei modifizieren. Die Option -m (modify) bewirkt das.\nIm Beispiel werden Rechte für Benutzer (\u0026ldquo;u:\u0026rdquo;) und Gruppen (\u0026ldquo;g:\u0026rdquo;) sowie eine Mask (\u0026ldquo;m:\u0026rdquo;) definiert.\nLiest man die ACL mit getfacl aus, wird recht schnell deutlich, was hier geschieht:\nDer Eigentümer der Datei hat an ihr keine Rechte, der User kris hat die Rechte rwx, der User kdebuild hat die Rechte rx, die Defaultgruppe hat keine Rechte, die Gruppe video hat die Rechte rwx, und die Maske schränkt die Rechte von kris, kdebuild, video und der Defaultgruppe nicht ein.\nDer Rest der Welt hat keine Rechte an dieser Datei.\nWir merken uns:\nDateisysteme, die mit der Option \u0026ldquo;acl\u0026rdquo; gemounted wurden, können beliebig komplizierte Rechteregeln pro Datei haben. Es ist mit einem \u0026ldquo;+\u0026rdquo; an der Datei zu erkennen, ob dies der Fall ist. Diese ACLs können mit setfacl editiert und mit getfacl gelesen werden.\nACLs an Verzeichnissen Um die Sache noch komplizierter zu machen, haben Verzeichnisse zwei ACLs:\nEine normale wie wir sie schon kennen, die für das Verzeichnis selber gilt, eine default ACL, die für alle Verzeichnisse und Dateien gilt, die in dem Verzeichnis erzeugt werden. Werte für die Default-ACL werden festgelegt, indem man sie beim \u0026ldquo;setfacl\u0026rdquo; mit \u0026ldquo;d:\u0026rdquo; prefixed, also \u0026ldquo;d:u:kris:rwx\u0026rdquo;, \u0026ldquo;d:g:video:rwx\u0026rdquo; und \u0026ldquo;d\u0026#x24c2;\u0026#xfe0f;:rwx\u0026rdquo;.\nTL;DR Wir merken uns:\nIn den allermeisten Fällen tut das Unix-Rechtesystem mit den drei Tripeln \u0026ldquo;ugo\u0026rdquo; und den drei Rechten \u0026ldquo;rwx\u0026rdquo; genau das, was man von ihm will.\nSehr selten braucht man was komplizierteres, und dann steht es zur Verfügung.\nSelbst dann ist das Rechtesystem von Unix noch einfacher und übersichtlicher zu warten als das von Windows, getreu dem Motto \u0026ldquo;Simple things should be simple, and complex things should be possible.\u0026rdquo;\n","date":"2005-11-01T00:00:00Z","href":"https://blog.koehntopp.info/2005/11/01/user-und-gruppen-prozesse-und-dateien.html","tags":["computer","erklaerbaer","unix","lang_de"],"title":"User und Gruppen, Prozesse und Dateien"},{"categories":null,"content":" Das war\u0026rsquo;s .\nBis heute - fast zwei Jahre lang - war ich Security-Fuzzi für web.de. Das bedeutet: Ich habe Security Policy definiert, Fachabteilungen bei der Umsetzung von Policies beraten und entweder selbst oder von Dritten die Umsetzung von Policies prüfen lassen, und außerdem den Security Incident Management Prozess betrieben. In der Praxis bedeutet das, daß ich am härtesten Arbeitstag meines Lebens mit der Hilfe von vielen Kollegen einmal das gesamte Rechenzentrum von web.de runter- und danach wieder hochgefahren habe, daß ich jede Menge über das BSI Grundschutzhandbuch und die BS 7799/ISO 17799 vs. die Praxis gelernt habe, daß ich jetzt erklären kann, wieso Security Management bedeutet, daß jeder außer mir in der Firma Security macht, und daß ich geschätzten Kollegen erfolgreich vermitteln konnte, daß eine Krise nicht schneller vorbeigeht, wenn man sich mehr aufregt.\nEs bedeutet auch, daß ich zwei Jahre lang mit Den Besten zusammenarbeiten konnte. web.de ist eine überlebende Dotcom-Firma. Das bedeutet, daß die Personalabteilung von web.de und die IT ( der Unterschied ist kleiner als man denkt ) zusammen einen Einarbeitungs- und Selektionsprozeß erarbeitet haben, der effektiv und wirksam ist.\nFür mich war es erstaunlich zu lernen, wie sehr eine einzelne Persönlichkeit einer Abteilung ihren Stempel aufdrücken kann und ein unglaubliches Team zusammenschmieden kann, das auch noch lange über die direkte Anwesenheit dieser Person Bestand haben kann - und dieses Team hat in den vergangenen Jahren Dinge erreicht, die sich keiner vorher zugetraut hätte. Ich glaube, das ist das Beste, was man über eine Führungskraft sagen kann.\nDie vergangenen zwei Jahre waren jedenfalls ein wilder und spannender Ritt.\nEr ist nun vorbei, der Change ist durchgeführt.\nweb.de ist jetzt United Internet. Und Isotopp ist nun kris bei MySQL. Meine Berufsbezeichnung ist nun - mal wieder - Senior Consultant. Neben meinem Bett liegt ein Stapel Bücher von Joe Celko. Und bald schon werde ich wieder beim Kunden sein und ihn für Geld glücklich machen - das älteste Gewerbe der Welt. :-)\nIn gewisser Weise wird es dadurch für mich wieder einfacher. Projektmanagement statt Prozessmanagement hat klar definierte Ziele, klar definierte Deadlines, und damit auch klar definierte Erfolgserlebnisse. Entweder hat man fertig oder nicht. Entweder hat man die Unterschrift vom Kunden auf dem Abnahmezettel oder nicht.\nMein neuer Arbeitgeber hat eine Organisation von ca. 250 Leuten in 25 Ländern. Obwohl wir so verstreut sind, stehen wir zum Teil enger und schneller miteinander in Kontakt als viele andere Firmen - Irc, Bitkeeper/SVN, Mail, VoIP, Wiki und GSM binden diese Firma auf eine eigenartige Weise enger zusammen als manche physikalisch dichter beieinander organisierte Firma.\nMit MySQL 5.0 haben wir ein richtig feines Produkt, mit dem wir MySQL endgültig im Enterprise-Markt etablieren werden. Vor uns liegt die Herausforderung, die schlagkräftige Professional Services Organisation aufzubauen, die dann auch dauerhaft die Dienstleistung bringen kann, die in diesem Bereich gefordert wird. Das junge EMEA -Team ist gerade dabei, seine Sollkonfiguration zu erreichen.\nIch freue mich darauf, mit diesen Leuten Dinge zu bewegen und neue Sachen zu lernen, die ich mir vorher nie zugetraut hätte. Vor allen Dingen freue ich mich aber darauf, mit einem internationalen Team zusammenzuarbeiten und - wenn ich denn schon wieder Kilometer reißen muss - dies auf einer wirklich großen Landkarte zu tun.\n","date":"2005-10-28T00:00:00Z","href":"https://blog.koehntopp.info/2005/10/28/in-with-the-out-old-with-the-new.html","tags":["karlsruhe","mysql","work","lang_de"],"title":"In with the out, old with the new..."},{"categories":null,"content":"Eine Unix-Kommandoshell nimmt die Benutzereingabe und unterteilt sie in Worte. Das erste Wort einer Zeile ist ein Kommando, der Rest sind die Parameter des Kommandos. So weit so langweilig.\nInteressant wird die Sache, weil eine Unix Shell gut mit Worten umgehen kann. So kann sie Worte ersetzen und dabei auch neue Worte generieren. Dies nennt man Expansion, und die Bash hat sehr viele Expansion-Mechanismen:\nbrace expansion, tilde expansion, parameter expansion, variable expansion, arithmetic expansion, command substitution, word splitting und pathname expansion, sowie process substitution werden in dieser Reihenfolge auf den Worten einer Zeile durchgeführt. Nicht alle diese Mechanismen sind in einer klassischen #!/bin/sh enthalten.\nWenn man schnell mal ein paar Pfadnamen braucht, ist Bash Brace Expansion echt nützlich. Die Grundidee ist diese:\nkris@valiant:~\u0026gt; echo a{b,c,d}e abe ace ade Das kann man benutzen, um ähnliche Dinge aufzuzählen, ohne mehr schreiben zu müssen:\nkris@valiant:~/Source/tidy/src\u0026gt;ls parser.{c,h,o,lo} parser.c parser.h parser.lo parser.o Dabei ist es durchaus erlaubt, einen Teilausdruck leer zu lassen:\nkris@h3118:/etc/httpd\u0026gt; ls -1 httpd.conf{,.old} httpd.conf httpd.conf.old Aber Brace Expansion kann noch mehr: Bestandteil des Konzeptes sind auch Ranges.\nkris@valiant:~\u0026gt; mkdir x; for i in {0..10}; do mkdir x/$i; done; ls x 0 1 10 2 3 4 5 6 7 8 9 kris@valiant:~\u0026gt; mkdir y; for i in {a..z}; do mkdir y/$i; done; ls y a b c d e f g h i j k l m n o p q r s t u v w x y z Da die Erweiterung reihenfolgetreu ist, ist es sehr leicht, zum Beispiel alte Logfiles zu rotieren. Das geht dann so:\nkris@valiant:~/x\u0026gt; touch a.log kris@valiant:~/x\u0026gt; for i in {9..0}; do olog=a.log.$i; nlog=a.log.$(( $i+1 )); [ -f $olog ] \u0026amp;\u0026amp; mv $olog $nlog; done; mv a.log a.log.0; touch a.log; ls a.log a.log.0 kris@valiant:~/x\u0026gt; for i in {9..0}; do olog=a.log.$i; nlog=a.log.$(( $i+1 )); [ -f $olog ] \u0026amp;\u0026amp; mv $olog $nlog; done; mv a.log a.log.0; touch a.log; ls a.log a.log.0 a.log.1 Das letzte Beispiel verwendet eine weitere Bash-Expansion, Arithmethic Expansion. Hier wird ein Ausdruck, der in $(( ... )) steht, ausgerechnet und durch das Rechenergebnis ersetzt.\n","date":"2005-10-08T00:00:00Z","href":"https://blog.koehntopp.info/2005/10/08/bin-bash-brace-expansion.html","tags":["bash","computer","unix","lang_de"],"title":"#!/bin/bash -- Brace Expansion"},{"categories":null,"content":"Inzwischen bin ich so weit, daß ich viele Unix-Kommandozeilenprogramme zwar nützlich finde, aber in einem größeren Maßstab als unhandlich und schlecht wiederzuverwenden ansehe. Das liegt daran, daß das Konzept der Pipeline und der Kommandozeile zwar sehr mächtig sind, insbesondere wenn man sie mit einer guten Shell verwendet, aber einen nur so weit bringen.\nManchmal muß man doch richtigen Code schreiben, und wenn man dann den Compiler oder auch nur eine Scriptsprache schwingen muß, dann nützen einem die ganzen Kommandozeilen-Utilities gar nichts mehr.\nJa, es geht sogar so weit, daß sich diese ganzen Hilfsmittel als gefährlich erweisen, wenn irgendein Schlaumeier in seiner Gedankenlosigkeit Benutzereingaben und Kommandozeilenbefehle zusammenmischt und dann ohne das Gehirn einzuschalten an system() oder popen() übergibt. Die Geschichte von PHP und Perl ist voll von solchen bedauerlichen Betriebsunfällen und tausende von deface-ten Webseiten existieren, um Zeugnis davon abzulegen.\nRecode ist so ein Utilitiy gewesen, daß ich nützlich gefunden hätte, wenn ich es - damals - in den nn hätte einbauen können. Aber eine librecode gab es nicht - immerhin hat man einen Bugreport irgendwann erhört und eine solche erzeugt und so war es dann ganz einfach, die entsprechende PHP Extension zu schreiben.\nTidy ist ebenso ein Fall, der als Bibliothek sehr viel nützlicher gewesen wäre als als Kommandozeilenprogramm, und immerhin gibt es inzwischen auch eine Libtidy, auch wenn Suse Tidy per Default ohne diese baut und man daher das Suse-Paket erst einmal durch was richtiges ersetzen muß, bevor man sich ein zeitgemäßes PHP5 übersetzt.\nEs gibt eine ganze Reihe von Programmen, die ich ebenfalls sehr viel lieber als Bibliotheken sehen würde statt als Standalone-Programme - allen voran den C-Compiler selber. Wie coole Sachen könnte man machen, stünde einem Funktionalität wie die Folgende bereit.\nchar *code = \u0026#34;void function(void) { printf(\\\u0026#34;Hello, World\\n\\\u0026#34;); }\u0026#34;; void (*f)(void); PARSETREE_T *t = parse(code); EXEC_T *e = compile(t); f = find_symbol(e, \u0026#34;function\u0026#34;); if (f) f(); Oder bin ich der einzige, der so etwas cool finden würde?\nAber auch ohne die Rekursion der Bibliothekserzeugung durch Bibliotheken kann man nützliche Dinge tun. Und das geht so\u0026hellip;\nEin Stück monolithischer Code #include \u0026lt;stdio.h\u0026gt; int func(int para) { int result; printf(\u0026#34;Entering func(%d)\\n\u0026#34;, para); result = 3 * para; printf(\u0026#34;Leaving func(%d) = %d\\n\u0026#34;, para, result); return result; } int main(int argc, char *argv[]) { printf(\u0026#34;main start\\n\u0026#34;); printf(\u0026#34;Calling func(4) = %d\\n\u0026#34;, func(4)); printf(\u0026#34;main end\\n\u0026#34;); return 0; } Das ist ein mächtig aufregendes Programm: Es hat eine Funktion func, die ihren numerischen Eingabewert mit drei multipliziert und zurückgibt. Es besteht aus einem Stück und ist trivial zu übersetzen und auszuführen:\n.PHONY: clean prog: prog.c cc -Wall -o prog prog.c clean: rm prog Zwei einzelne Module Für so ein kleines Testprogramm wie dieses ist das ausreichend, aber wenn Programme größer werden, wollen wir sie aufteilen. Wir bekommen drei Teilprogramme. Das erste, func.c, enthält unsere Rechenfunktion:\n#include \u0026lt;stdio.h\u0026gt; #include \u0026#34;func.h\u0026#34; int func(int para) { int result; printf(\u0026#34;Entering func(%d)\\n\u0026#34;, para); result = 3 * para; printf(\u0026#34;Leaving func(%d) = %d\\n\u0026#34;, para, result); return result; } Der zweite Teil, prog.c, ruft diese Funktion nun auf:\n#include \u0026lt;stdio.h\u0026gt; #include \u0026#34;func.h\u0026#34; int main(int argc, char *argv[]) { printf(\u0026#34;main start\\n\u0026#34;); printf(\u0026#34;Calling func(4) = %d\\n\u0026#34;, func(4)); printf(\u0026#34;main end\\n\u0026#34;); return 0; } Der dritte Teil, func.h, ist winzig klein:\nextern int func(int para); Die \u0026quot;extern-Anweisung in dieser Include-Datei muß in prog.c eingebunden werden. Sie macht dem Compiler, der prog.c übersetzt, klar, daß es eine Funktion func() gibt, und welche Parameter sie ergibt sowie welches Ergebnis sie liefert. Ohne diese Include-Datei würde der Compiler nicht wissen, daß es eine solche Funktion gibt und einen Fehler generieren. Mit dem Include vertagt er seine Entscheidung auf später, und generiert lediglich eine \u0026ldquo;undefined reference\u0026rdquo; auf die Funktion, die dann zu einem späteren Zeitpunkt gefunden und gelinkt werden muß.\nBevor wir uns das genauer ansehen, hier erst einmal das Makefile:\nprog: prog.o func.o cc -o prog $^ .PHONY: clean .c.o: cc -Wall -c $\u0026lt; clean: rm -f *.o prog .dependencies .dependencies: cc -MM *.c \u0026gt; .dependencies include .dependencies Ein Testlauf:\nkris@valiant:~/Source/dlopen/02-multifile\u0026gt; make clean rm -f *.o prog .dependencies kris@valiant:~/Source/dlopen/02-multifile\u0026gt; make Makefile:18: .dependencies: Datei oder Verzeichnis nicht gefunden cc -MM *.c \u0026gt; .dependencies cc -Wall -c prog.c cc -Wall -c func.c cc -o prog prog.o func.o kris@valiant:~/Source/dlopen/02-multifile\u0026gt; ./prog main start Entering func(4) Leaving func(4) = 12 Calling func(4) = 12 main end Unser Makefile generiert also mit mehreren einzelnen Compileraufrufen eine prog.o und eine func.o-Datei. Ein dritte Aufruf fügt dann prog aus prog.o und func.o zusammen.\nWenn wir einmal einen genaueren Blick auf diese Dateien werden, erkennen wir, wie das funktioniert:\nkris@valiant:~/Source/dlopen/02-multifile\u0026gt; nm func.o 00000000 T func U printf kris@valiant:~/Source/dlopen/02-multifile\u0026gt; nm prog.o U func 00000000 T main U printf Die Datei prog.o enthält ein U func, ein \u0026ldquo;undefined symbol\u0026rdquo; für die Funktionen func und printf. Sie definiert ein Symbol main.\nDie Datei func.o enthält ebenfalls ein \u0026ldquo;undefined symbol\u0026rdquo; für printf, und definiert ein Symbol func. Durch das Zusammenfügen beider Dateien wird das undefinierte Symbol func mit der Definition für func aufgefüllt.\nEs bleibt jetzt noch die Definition von printf zu erfüllen - dies geschieht mit der libc, die jedem C-Programm automatisch zugeügt wird, wenn man dies nicht abbestellt.\nDer C-Startupcode, der sich auch um die Parameterbehandlung mit argc und argv kümmert, ruft dann main auf. Er kann dies, weil main ein definiertes (und exportiertes) Symbol ist, sodaß er die Funktion finden kann.\nEine statische Bibliothek bauen und verwenden Wir können dieses Code nun ohne Änderung verwenden, um eine statische Bibliothek zu bauen und zu verwenden. Dazu müssen wir lediglich die Zusammenbauanweisung, das Makefile, anpassen.\nUnser neues Makefile sieht so aus:\nprog: prog.o libfunc.a cc -o prog prog.o -L. -lfunc .PHONY: clean .c.o: cc -Wall -c $\u0026lt; libfunc.a: func.o ar rcs $@ $? clean: rm -f *.o *.a prog .dependencies .dependencies: cc -MM *.c \u0026gt; .dependencies include .dependencies und es tut dies:\nkris@valiant:~/Source/dlopen/03-staticlib\u0026gt; make Makefile:19: .dependencies: Datei oder Verzeichnis nicht gefunden cc -MM *.c \u0026gt; .dependencies cc -Wall -c prog.c cc -Wall -c func.c ar rcs libfunc.a func.o cc -o prog prog.o -L. -lfunc Wie zuvor übersetzen wir unsere beiden .c-Dateien in .o-Dateien. Alle Bibliotheksmodule fügen wir nun in eine Bibliothek libfunc.a ein. Hier ist dies nur eine Datei, func.o, aber in einem richtigen Projekt können das sehr viele Dateien sein.\nZum Erzeugen der Bibliothek verwenden wir den Archiver, ar. Mit der Option r (Replace, also entweder einfügen oder aktualisieren von Bibliotheksmodulen) fügen wir func.o in die neue Bibliothek ein.\nMit Hilfe der Suboption c (Create, Anlegen der Bibliothek bei Bedarf) sorgen wir dafür, daß die Bibliothek auch erzeugt wird, wenn sie noch nicht existiert.\nDie Suboption s erzeugt einen Objektindex im Archiv oder aktualisiert diesen. Dies erleichtert dem Linker später die Arbeit, wenn er das Programm aus Bibliotheksmodulen zusammenbauen muß.\nUnser Programm-Modul prog.o enthält nun ein undefined Symbol, func. Mit der Option -L setzen wir den Suchpfad für Bibliotheken, und zwar auf ., das aktuelle Verzeichnis. Dort suchen wir mit -lfunc nach der Bibliothek libfunc.a.\nAlle .o-Dateien in der libfunc.a werden durchsucht. Wenn eine von ihnen das gesuchte Symbol func enthält, wird diese .o-Datei dem Programm zugefügt. Dadurch wird func von der Liste der undefined symbols gestrichen und es werden ggf. weitere undefined symbols der Liste hinzugefügt, nämlich diejenigen, die das Modul func.o selber mitbringt, wenn es dem Programm hinzugefügt wird - in unserem Beispiel printf. Aber printf war ja sowieso schon auf der Liste der undefinierten Symbole, denn es wird ja auch in prog.o verwendet.\nEs ist wichtig, eine Bibliothek so zu schreiben, daß sie aus vielen kleinen Objektdateien besteht - jeweils eine Funktion pro Objektdatei. Das muß so sein, weil der Linker für jedes undefined symbol die Objektdatei aus dem Archiv extrahiert und dem Programm hinzufügt, die eine Definition für das gesuchte Symbol enthält. Wenn die Objektdateien groß sind und viele Funktionen enthalten, dann werden unserem Endprogramm unter Umständen Funktionen zugefügt, die wir gar nicht brauchen, weil sie in derselben Objektdatei stehen wie eine Funktion, die wir brauchen. Unsere Programme werden dann unnötig groß.\nDynamische Bibliotheken Bei statischen Bibliotheken enthält nun jedes Programm, das wir schreiben und in dem wir func verwenden, eine Kopie von func. Wenn wir drei oder vier von diesen Programmen zugleich starten, dann stehen auf dem Rechner drei oder vier Kopien von func im Speicher.\nDas muß nicht so sein. Wir können - wieder ohne Code zu ändern - unser Programm so bauen, daß es stattdessen dynamische Bibliotheken verwendet. Eine dynamische Bibliothek wird immer als Ganzes geladen, steht dafür aber nur einmal im Speicher. Wenn also drei oder vier verschiedene Programme die Bibliothek verwenden, wird sie zwar für jedes dieser Programme in dessen Speicherbereich eingeblendet, verbraucht dafür aber nur einmal physikalischen Speicher.\nDamit das funktioniert, ändern wir das Makefile noch einmal ab:\nprog: prog.o libfunc.so cc -o prog prog.o -L`pwd` -lfunc -Wl,-rpath `pwd` .PHONY: clean .c.o: cc -Wall -c $\u0026lt; libfunc.so: func.o cc -rdynamic -shared -o libfunc.so func.o clean: rm -f *.o *.a *.so prog .dependencies .dependencies: cc -MM *.c \u0026gt; .dependencies include .dependencies Der Build sieht jetzt so aus:\nkris@valiant:~/Source/dlopen/04-dynamiclib\u0026gt; make Makefile:20: .dependencies: Datei oder Verzeichnis nicht gefunden cc -MM *.c \u0026gt; .dependencies cc -Wall -c prog.c cc -Wall -c func.c cc -rdynamic -shared -o libfunc.so func.o cc -o prog prog.o -L`pwd` -lfunc -Wl,-rpath,`pwd` Hier werden die Objektmodule ohne eigene main-Funktion nicht mit ar in eine lib*.a-Datei überführt, sondern mit einem cc-Aufruf in eine .so-Datei umgewandelt.\nSo wie man nm auf Objektdateien (*.o) und Bibliotheken (*.a) anwenden kann, kann man mit objdump -T libfunc.so eine Liste der in der .so-Datei definierten Symbole bekommen - leider bekommt man neben den interessanten Informationen auch noch eine ganze Menge Verwaltungsklimbim angezeigt, sodaß man das Ergebnis ein wenig filtern muß, bevor man es sinnvoll lesen kann.\nDer eigentliche Build-Aufruf ist\ncc -o prog prog.o -L`pwd` -lfunc -Wl,-rpath,`pwd` Die Optionen -L und -l funktionieren genau wie bei statischen Bibliotheken. Mit der Option -Wl wird eine Option an den Linker weitergegeben, den wir mit -rpath,\\pwd`` instruieren, das aktuelle Verzeichnis als Suchpfad für die dynamischen Bibliotheken im resultierenden Binary mit zu vermerken.\nWenn wir das nicht täten, würde libfunc.so nicht gefunden werden, solange wir sie nicht in einem der in /etc/ld.so.conf genannten Verzeichnisse installieren und einmal ldconfig aufrufen.\nWer dem Linker bei der Arbeit zuschauen will, der kann dies tun, indem er die Shell-Variable LD_DEBUG setzt und exportiert. Der Wert help zeigt einem, auf was für Werte man LD_DEBUG setzen kann:\nkris@valiant:~/Source/dlopen/04-dynamiclib\u0026gt; export LD_DEBUG=help kris@valiant:~/Source/dlopen/04-dynamiclib\u0026gt; ./prog Valid options for the LD_DEBUG environment variable are: libs display library search paths reloc display relocation processing files display progress for input file symbols display symbol table processing bindings display information about symbol binding versions display version dependencies all all previous options combined statistics display relocation statistics unused determined unused DSOs help display this help message and exit To direct the debugging output into a file instead of standard output a filename can be specified using the LD_DEBUG_OUTPUT environment variable. dlopen() Manchmal kann man zur Compilezeit noch nicht vorhersagen, welche Module das laufende Programm später einmal benötigen wird.\nSpeziell Programme mit Plugin-Architekturen haben den Bedarf, .so-Dateien zur Laufzeit anziehen zu können, um so ihre Funktionalität durch das Laden von Plugins zu erweitern. Während statisch eingebundene .so-Dateien keine Änderungen am Code notwendig machen, ist für dynamisch geladene Dateien ein wenig Änderung notwendig - allerdings nur auf der ladenden Seite.\nAuf der Seite des Bibliothekscodes, in unserem Falle also func.c, func.o und libfunc.so, ist keine Änderung notwendig.\nDas Makefile sieht nun jedoch so aus:\nall: prog libfunc.so prog: prog.o cc -o prog prog.o -ldl .PHONY: clean all .c.o: cc -Wall -c $\u0026lt; libfunc.so: func.o cc -rdynamic -shared -o libfunc.so func.o clean: rm -f *.o *.a *.so prog .dependencies .dependencies: cc -MM *.c \u0026gt; .dependencies include .dependencies Wir haben nun also zwei unabhängige Targets beim Build: Die .so-Datei und das Programm, das sie verwendet, teilen keine gemeinsame Abhängigkeit mehr. Das Programm, prog, wird nun auch nicht mehr gegen die .so-Datei gelinkt. Stattdessen wird mit -ldl die libdl eingebunden, die uns die Funktionen dlopen(), dlsym() und dlclose() bereitstellt.\nDer Code in prog.c sieht nun so aus:\n#include \u0026lt;stdio.h\u0026gt; #include \u0026lt;stdlib.h\u0026gt; #include \u0026lt;unistd.h\u0026gt; #include \u0026lt;dlfcn.h\u0026gt; #define LIBNAME \u0026#34;./libfunc.so\u0026#34; typedef int (*func_t)(int); int main(int argc, char *argv[]) { func_t f; char *error_msg; void *libhandle = NULL; printf(\u0026#34;main start\\n\u0026#34;); /* .so oeffnen */ libhandle = dlopen(LIBNAME, RTLD_LAZY); if (!libhandle) { fprintf(stderr, \u0026#34;dlopen(%s, RTLD_LAZY failed: %s\\n\u0026#34;, LIBNAME, dlerror() ); exit(2); } printf(\u0026#34;dlopen() = %p\\n\u0026#34;, libhandle); /* func() finden */ error_msg = dlerror(); f = dlsym(libhandle, \u0026#34;func\u0026#34;); error_msg = dlerror(); if (error_msg) { fprintf(stderr, \u0026#34;dlsym(%p, \\\u0026#34;func\\\u0026#34;) failed: %s\\n\u0026#34;, libhandle, error_msg ); exit(3); } /* func() aufrufen */ printf(\u0026#34;Calling func(4) = %d\\n\u0026#34;, f(4)); /* .so droppen */ dlclose(libhandle); printf(\u0026#34;main end\\n\u0026#34;); return 0; } Dieser Code definiert eine Variable f vom Typ \u0026ldquo;Zeiger auf eine Funktion, die ein int liefert und einen int-Parameter annimmt\u0026rdquo;.\nEr lädt mit dlopen() die libfunc.so ein. Wenn dies gelingt, steht ein Handle für die Bibliothek zur Verfügung. Mit dlsym() können wir mit Hilfe des Handles in dieser Bibliothek nach der dem Symbol func suchen und bekommen so einen Zeiger auf func in f abgelegt oder nicht.\nMan beachte das Errorchecking für das Ergebnis von dlsym() nach Lehrbuch - das Interface von dlsym() ist mehr als bekloppt nicht sehr schön designed.\nWir können f dann ganz normal aufrufen. dlclose() entlädt das Plugin dann wieder.\nWenn mehr Leute sich angewöhnen würden, ihre Programme in Form von Bibliothek und Kommandozeilenwrapper zu schreiben, wäre es sehr viel leichter, Code in Form von Bibliotheken in Sprachkerne wie PHP oder in andere Programme einzubinden. Technisch ist das nicht sehr schwer, solange man sich die Mühe macht, die Infrastruktur drumherum in Form von Makefiles und Include-Dateien ordentlich zu erstellen.\nMaterial Das Program Library Howto zeigt den ganzen Kram noch einmal in aller Ausführlichkeit. Ein PDF von Ulrich Drepper diskutiert die dabei ablaufenden Interna.\nDas C++ dlopen Mini-Howto beschreibt, wie das ganze mit C++ zu bewerkstelligen ist. James Norton baut da in Dynamic Class Loading in C++ sogar einen schönen Wrapper drumherum.\nDynamic C++ Classes - Code Distribution ist die Downloadseite der dynamic-class library für C++. Das Paper \u0026ldquo;Dynamic C++ classes: A lightweight mechanism to update code in a running program\u0026rdquo; von Gísli Hjálmtýsson and Bob Gray beschreibt den Hintergrund.\n","date":"2005-10-08T00:00:00Z","href":"https://blog.koehntopp.info/2005/10/08/dynamisch-geladener-code.html","tags":["computer","linux","erklaerbaer","lang_de"],"title":"Dynamisch geladener Code"},{"categories":null,"content":"This article was previously shared on mysqldump.azundris.com, and salvaged from the old blog: An introduction to the normalisation of databases that requires no prior knowledge.\nSimply speaking, normalization is about flexibility, and avoiding redundantly storing information. That is, avoiding the storage of the same piece of knowledge in more than one place.\nConsider some cats and their owners (or, in Cat, our \u0026ldquo;tin-openers\u0026rdquo;):\ncat owner city Ada Andrea Anchorage Shelley Sarah San Diego Lynn Louise Los Angeles So far, so good. Now another cat strays to Louise:\ncat owner city Ada Andrea Anchorage Shelley Sarah San Diego Lynn, Lara Louise Los Angeles It\u0026rsquo;s pretty obvious that we\u0026rsquo;ll be in a world of pain once we also wish to store more attributes for each cat (date of birth, vaccination, \u0026hellip;). Moreover, cat would be a string in databases that do not support multi-valued fields (columns), so looking up Lara would be awkward (\u0026ldquo;show me all rows that have \u0026lsquo;Lara\u0026rsquo; as a whole word anywhere in the field cat_name\u0026rdquo;).\nThis is awkward, error-prone, and slow, so let\u0026rsquo;s discard the idea while we can:\ncat owner city Ada Andrea Anchorage Shelley Sarah San Diego Lara Louise Los Angeles Lynn Louise Los Angeles Now we stored \u0026ldquo;Louise\u0026rdquo; and \u0026ldquo;Los Angeles\u0026rdquo; twice. This is somewhat awkward, we\u0026rsquo;d rather only change one entry if Louise moves or changes her name:\nowner city Andrea Anchorage Sarah San Diego Louise Los Angeles cat owner (referencing other table, \u0026ldquo;foreign key\u0026rdquo;) Ada Andrea Shelley Sarah Lara Louise Lynn Louise We have eliminated the redundant city, but if Louise\u0026rsquo;s name should change, we\u0026rsquo;ll have to update three entries (her name in the owners table, and two references to that entry from the cats table). Since in the real world, people do move and do get married (and sometimes just change their names because, well, they wish to), maybe the name is not a very good key. We\u0026rsquo;ll make up an arbitrary one that will never change because it does not rely on the actual payload data:\nowner_no owner city 1 Andrea Anchorage 2 Sarah San Diego 3 Louise Los Angeles cat owner_no Ada 1 Shelley 2 Lara 3 Lynn 3 Now a new cat strays to Sarah. Like Louise, Sarah fancies the name Lara:\nowner_no owner city 1 Andrea Anchorage 2 Sarah San Diego 3 Louise Los Angeles cat owner_no Ada 1 Shelley 2 Lynn 3 Lara 3 Lara 2 The cats are still unique — Sarah\u0026rsquo;s Lara is Lara/2 in our cats table, Louise\u0026rsquo;s is Lara/3. At this point however, word gets around in cat circles that Louise rocks — Ada escapes from Andrea-world and strays to Louise! (cat_name,owner_no) no longer considered stable key!\nowner_no owner city 1 Andrea Anchorage 2 Sarah San Diego 3 Louise Los Angeles cat_no cat 1 Ada 2 Shelley 3 Lynn 4 Lara 5 Lara cat_no lives_with_owner_no from until 1 1 1998 2002 1 3 2002 NULL 2 2 1997 NULL 3 3 1850 NULL 4 3 1999 NULL 5 2 2002 NULL (NULL meaning: still living there, makes looking up current location nice and easy)\nSarah\u0026rsquo;s Lara heard the news as well, and also strays to Louise:\nowner_no owner city 1 Andrea Anchorage 2 Sarah San Diego 3 Louise Los Angeles cat_no cat 1 Ada 2 Shelley 3 Lynn 4 Lara 5 Lara cat_no lives_with_owner_no from until 1 1 1998 2002 1 3 2002 NULL 2 2 1997 NULL 3 3 1850 NULL 4 3 1999 NULL 5 2 2002 2002 5 3 2002 2002 Louise is unaware of the newcomer\u0026rsquo;s name and calls her Callisto — apparently, a cat\u0026rsquo;s name is not a constant. Once more, we fix our tables:\nowner_no owner city 1 Andrea Anchorage 2 Sarah San Diego 3 Louise Los Angeles cat_no cat 1 Ada 2 Shelley 3 Lynn 4 Lara 5 Callisto cat_no lives_with_owner_no from until under_the_name 1 1 1998 2002 1 1 3 2002 NULL 1 2 2 1997 NULL 2 3 3 1850 NULL 3 4 3 1999 NULL 4 5 2 2002 2002 4 5 3 2002 2002 5 Now, a cat can have any number of names (one after the other), and each owner can feed any number of cats. We can even make overlapping entries in our latest table to account for cats sneakily eating in several places. So far, so normal.\nOr is it? What happens if Louise moves, but not with all \u0026ldquo;her\u0026rdquo; cats?\nWhat changes will we need if twin cats arrive that get the same name because Sarah can\u0026rsquo;t tell them apart, anyway? (Rows must be unique!)\nDenormalisation: In some cases, it may be worthwhile to separate a table\u0026rsquo;s history from its status quo:\nto keep the table holding the current data small to speed up lookups in it or to put the history table in one of MySQL\u0026rsquo;s merge tables owner_no owner city 1 Andrea Anchorage 2 Sarah San Diego 3 Louise Los Angeles cat_no cat 1 Ada 2 Shelley 3 Lynn 4 Lara 5 Callisto lived_with_owner_no from until under_the_name (history) 1 1998 2002 1 2 2002 2002 4 lives_with_owner_no from under_the_name (current) 3 2002 1 2 1997 2 3 1850 3 3 1999 4 3 2002 5 In this example, we\u0026rsquo;ll have to insert the relevant line from the current table (using the current date for the until value) before updating the line in the current table.\nIf in doubt, use consecutive integers as a (primary) key (integer primary key auto_increment not null or similar). Do not use strings as keys if you can avoid it, if the above didn\u0026rsquo;t convince you, maybe this will: string lookups aren\u0026rsquo;t exactly fast. Do not use \u0026ldquo;match-codes\u0026rdquo; or any other keys that encode payload data; keys should be opaque.\n","date":"2005-09-11T00:00:00Z","href":"https://blog.koehntopp.info/2005/09/11/nermalisation.html","tags":["mysql","mysqldev","lang_en"],"title":"Nermalisation"},{"categories":null,"content":" Hinter mir liegt eine Woche MySQL Consulting Bootcamp Munich 2005. Für mich eine Woche mit Intensivkursen in MySQL 5, Performanceoptimierung und MySQL Cluster - wir haben das Schlungsprogramm, das sonst mehr als zwei Wochen abgewickelt wird, in 5 Tagen durchgezogen. Nebenbei habe ich noch das MySQL 4 Core und Pro Exam abgelegt (Ergebnisse liegen noch nicht vor, aber ich fand die Prüfung ziemlich schwierig), und wir waren an 5 Tagen zirka viermal in verschiedenen Bierhallen, Biergärten oder im Hofbräuhaus. MySQL geht echt auf die Kondition: 6 Kilo in 5 Tagen zugenommen\u0026hellip;\nEmea Team - Class of 2005. In Front: Ivan (Italy, now in England, Sales Team), Bernd (Germany, now in Sweden), Kai (Germany). In Back: UlfS (Sweden, now USA, Management), Josh (USA, Consulting USA), PeterS (USA, now Switzerland, EMEA Head), Stephane (France), Johan (Sweden). Missing: Jennifer (China, now USA).\nBernd\nIvan\nJennifer\nJohan\nJosh\nAs everybody can see, Kai is evil.\nPeterS\nStephane\nUlfS\n","date":"2005-09-10T00:00:00Z","href":"https://blog.koehntopp.info/2005/09/10/mysql-consulting-bootcamp-munich-2005.html","tags":["image","mysql","work","lang_de"],"title":"MySQL Consulting Bootcamp Munich 2005"},{"categories":null,"content":" Umzüge sind total toll. Umzüge anderer Leute jedenfalls. Denn da lernt man immer jede Menge Dinge über diese Menschen, die man vorher so nicht gewusst hatte.\nMeine gute Freundin J. zum Beispiel zieht gerade um. Nicht weit. Sie ist Lehrerin in einem Internat, und weil sie jetzt 13 Mädels zum Betreuen bekommt, zieht sie aus der bisherigen Wohnung auf dem Internatsgelände aus und mit ihrem Mann B. in eine andere Wohnung auf demselben Gelände.\nWegen des Wetters habe ich meinen Campingurlaub in Dänemark teilweise in \u0026ldquo;Freunde im Umfeld Kiel besuchen\u0026rdquo; umgemünzt und J. und B. so genau mitten im Umräumen erwischt. Nichtsdestotrotz hatte sie sofort Zeit für mich, und wir haben in ihrer halb eingeräumten Küche lecker Kaffee getrunken und Geschichten ausgetauscht. Während ich mich also in ihrer brandneuen Küche umsehe, fallen mir Details ins Auge, die in meiner Küche nicht so sind. Zunächst sind es nur kleine Dinge:\nDa sind zum Beispiel die Schneebesen, die fein säuberlich an einer Metallstange über dem Herd aufgereiht sind. Ich habe zu Hause einen Schneebesen, und die Katze hat ebenfalls einen, den sie in unseren Hausstand mitgebracht hat. Beide passen nicht zueinander: Meiner ist von Fackelmann und hat einen Griff aus orangenem Plastik. Der von Frau Katze ist, weil die Katze ihn ausgesucht hat, natürlich brushed metal. Bis jetzt haben wir aber mit jedem dieser Schneebesen noch alles geschneebest bekommen, was wir je haben schneebesen wollen. J. hat auch Schneebesen. Sieben Stück, in unterschiedlichen Größen und Formen, aber natürlich alle passend aus derselben Serie und wahrscheinlich von WMF, no less.\nGerade will ich eine Bemerkung darüber machen, als sie mir freudestrahlend erzählt, daß immerhin die Geschirrschränke schon eingeräumt sind. Sie gestikuliert zu den Schränken hinter mir, und dort stehen in der Tat vier deckenhohe Schränke mit halb durchsichtigen Türen, die bis in die obersten Regale voll geräumt sind mit Porzellan und Glas.\nB. wirft unterdessen ein, daß er beim Einräumen schier verzweifelt sei und merkt an, was für eine Heidenarbeit das gewesen sei, und daß er den halbjährigen Kurs \u0026ldquo;Welches Porzellan zu welchem Anlass\u0026rdquo; noch nicht bekommen habe. B. ist übrigens ein Analytiker mit einem sehr pessimistischen und leicht depressiven Ansatz - ich habe es immer sehr geschätzt, wenn er meine Konzepte vor einer Präsentation auf Schwachstellen und mögliche Fehler untersucht hat und mir die Formen, Farben und Größen der Atompilze, die mein Code generieren wird, schillernd ausgemalt hat. Seine Schilderung des Umzuges folgt demselben System, und wirkt so leicht apokalyptisch. Seine Frau wird an dieser Art in einigen Jahrzehnten sicherlich verzweifeln.\nWährend B. also noch wie \u0026ldquo;Marvin, the paranoid android\u0026rdquo; berichtet, wie diese Mengen von Zeug hierher gelangt sind, werfe ich einen Blick in den Schrank. Tatsächlich. Vier Sorten flache Teller. Na ja, okay, ich habe auch mehrere Sorten unterschiedlicher flacher Teller, aber das ist mehr eine Folge der Haushaltszusammenlegung mit Frau Katze. Die flachen Teller von J. sind dagegen vorschriftsmäßig: Sie unterscheiden sich nur in der Größe, sind aber ansonsten mit Sicherheit aus derselben Serie, und natürlich sind von jedem Teil 12 Exemplare vorhanden, wie in der DIN-Norm \u0026ldquo;Haushaltsführung\u0026rdquo; auf Seite 212 vorgeschrieben. Die tiefen Teller hätten in diesem Schrank sicherlich auch nicht mehr hineingepasst, sondern stehen bestimmt in einem der anderen Schränke. Bestimmt nicht im Glasschrank, in dem die jeweils 12 Weißweingläser, Rotweingläser, Cocktailgläser, Whiskytumbler, Sektgläser, Saftgläser und Schnapsgläser stehen. Ich fühle mich wie in der Eröffnungssequenz von \u0026ldquo;Fight Club\u0026rdquo; und ich warte gespannt auf eine Stimme aus dem Off und die Einblendung von IKEA-Produktinformationen vor meinem inneren Auge.\nJ. bemerkt, daß ich mich für ihren Hausstand interessiere, und schildert unterdessen, wie sie die Küche hier in den Raum eingepasst haben, und daß der Besteckschrank in den Flur rausgeräumt werden musste. Ich folge ihr, und blicke auf eine Art WMF-Ausstellung: Lasagneheber, Fischvorlegebesteck, Suppentassenlöffel, Spargelzange, Pellkartoffelbesteck und whatnot. Und ich Bauer habe meine Lasagne bisher mit einem Pfannenwender serviert!\nDann beginnt es mir langsam zu dämmern. Nordfriesin! J. kommt aus Nordfriesland. Dem Herzland der Landfrauenvereine (28 Ortsvereine! in Nordfriesland alleine). Möglicherweise werden alle Nordfriesinnen schon als kleine Mädchen gehirngewaschen? \u0026ldquo;Seid nett, modern, unkompliziert, spontan - aber wenn es um Haushaltsführung geht, macht ihr keine Gefangenen!\u0026rdquo;\nVorsichtig frage ich J. und B.: \u0026ldquo;Sagt mal, guckt Ihr eigentlich \u0026lsquo;Desperate Housewives\u0026rsquo;?\u0026rdquo;\n","date":"2005-08-13T00:00:00Z","href":"https://blog.koehntopp.info/2005/08/13/ueber-umzuege.html","tags":["kiel","lang_de"],"title":"Über Umzüge"},{"categories":null,"content":" Changekoordinator: kris@webde-ag.de (Kristian Köhntopp) ID Change Request: 30726 Eingangsdatum: 25.07.2005 Titel: Deinstallation Kristian Köhntopp/Senior Security Engineer\nProjektnummer: entfällt\nBeschreibung: Deinstallation des Prozesses Senior Security Engineer von Kristian Köhntopp; Begründung: Installation des Prozesses \u0026ldquo;MySQL Consulting\u0026rdquo; auf dieser Hardware\nBetroffene Teams/Abteilungen: IT, SE, Abuse, Legal, Presse, Freemail, Portal; Priorität: plangemäß, hoch\nExterne Abhängigkeiten: MySQL AB; Abhängigkeiten von anderen Changes: Der Risikomanagementprozess ist mit fast allen anderen Prozessen im Unternehmen gekoppelt. Er muss auf Ersatzhardware installiert werden. Die Ersatzbeschaffung ist noch offen.\nRisiken: Stillstand oder Erliegen des Risikomanagementprozesses bei Nichtverfügbarkeit von Ersatz.\nAnlagen: Kündigungsschreiben zum 31.10.2005.\n","date":"2005-07-26T00:00:00Z","href":"https://blog.koehntopp.info/2005/07/26/change-request.html","tags":["free software","karlsruhe","mysql","lang_de"],"title":"Change Request"},{"categories":null,"content":"In Open Source Software und Firmen habe ich versucht zu formulieren, unter welchen Gesichtspunkten es für Firmen rentabel und sinnvoll sein kann, \u0026ldquo;Intellectual Property mit Gewinn zu verschenken\u0026rdquo;:\nWenn wir Open Source schreiben, dann tun wir das in dem Bewusstsein, daß wir von vorneherein geschäftsspezifische Logik und allgemeingültigen Code getrennt halten müssen.\nAllen allgemeingültigen Code entwickeln wir auf Kosten des Hauses so weit, daß er vom Projekt als unsere Contribution in die offizielle Codebasis zurück akzeptiert wird. Dadurch sind wir die Verantwortung für diesen Code los und können Weiterentwicklungen an diesem Code aus der offiziellen Codebasis ohne Änderung im Hause nutzen.\nAlle geschäftsspezifische Logik entwickeln wir im Hause so weit, daß wir allgemeingültige Plugin-Schnittstellen oder andere Isolationsmechanismen in die Software einbauen oder einbauen lassen, und wir realisieren unsere geschäftsspezifische Logik dann grundsätzlich so, daß wir die offizielle Codebasis nicht patchen, sondern lediglich Plugins für sie schreiben.\nSo halten wir die Trennlinie zwischen offiziellem und firmeneigenem Code sauber aufrecht, und verbauen uns nicht die Möglichkeit, offiziellen Code jederzeit in die Produktion im Hause integrieren zu können. Andererseits stellen wir so sicher, daß geschäftsspezifische Logik nicht aus Versehen veröffentlicht wird.\nInzwischen kommen solche Ideen auch bei Beraterfirmen wie Gartner an. Unter der irreführenden Überschrift Open Source - eine Bedrohung für Software-Entwickler? findet sich trotz des falschen Titels sinnvoller Content:\nViele große Software-Hersteller würden ihr gesamtes Software-Portfolio prüfen, um festzustellen, welche Produkte von strategischer Bedeutung sind, um andere Produkte oder solche, mit denen kein Geld verdient wird, als Open Source freizugeben, so Hayward laut ZDNet Australia.\n\u0026hellip;\nLetztendlich zwinge die Open-Source-Bewegung Software-Hersteller, über die Art und Weise nachzudenken, wie diese ihre Produkte verkaufen. Eine große Zukunft für das Geschäft mit Software-Lizenzen sieht Hayward dabei nicht. Vielmehr werde Software zunehmend kostenlos als Open Source angeboten oder nach ihrer Nutzung abgerechnet, wobei die Umsätze mit Dienstleistungen rund um Software zunehmend an Gewicht gewinnen werden.\nFirmen und ihre Beraterfirmen kapieren langsam, was Open Source tatsächlich macht: Kosten für Infrastrukturentwicklung sozialisieren und unter allen Marktbegleitern aufteilen. Dadurch wird es am Open Source Prozess teilnehmenden und fair spielenden Firmen möglich, kooperative Vorteile zu nutzen und sich auf den Teil des Geschäftes zu konzentrieren, mit dem sie sich zurzeit vom Restmarkt differenzieren.\nDiesen Teil der Software werden Firmen in der Regel (zunächst) proprietär halten und mithilfe von Plugin-Schnittstellen auf die Infrastruktur drauf setzen - wenn es nicht sowieso Daten oder Dienstleistungen sind, mit denen die Differenzierung erfolgt.\n","date":"2005-07-06T00:00:00Z","href":"https://blog.koehntopp.info/2005/07/06/open-source-und-kommerzielle-software.html","tags":["free software","lizenz","lang_de"],"title":"Open Source und kommerzielle Software"},{"categories":null,"content":"Bei den Rollenspielern gibt es einige Versuche, eine Taxonomie aufzustellen. Letztendlich dient es dazu, die Frage zu klären: \u0026ldquo;Warum spielst Du?\u0026rdquo; oder \u0026ldquo;Was erwartest Du von einem gelungenen Abend.\u0026rdquo;\nEine der ältesten Unterscheidungen ist das 3-fold Model , das sich hauptsächlich damit beschäftigt, auf welche Ebene im Spiel der Spieler Konflikte lösen möchte:\nWill er gegen die Geschichte antreten, besser als die Mitspieler sein, oder gegen die Spielwelt und ihre innere Logik antreten. Andere Taxonomien wie das 5-fold beschäftigen sich eher mit den Zielen eines Spielers (Was willst Du erleben?) oder wie das RoLOGG mit ihren Motivationen (\u0026ldquo;Warum sitzt Du überhaupt heute abend hier?\u0026rdquo;).\nAuf einer grundlegenderen Ebene scheint es Spieler zu geben, die lieber mit Regelbüchern und Würfeln als Instrumenten der Konfliktauflösung spielen, und Spieler, die lieber mit möglichst wenig Regeln und anderen Methoden der Resolution spielen.\nAber ist \u0026ldquo;regelloses Rollenspiel\u0026rdquo; wirklich regellos oder welche Regeln bestimmen solche Spiele?\nIn den Diskussionen auf drsrm kommt recht häufig das Wort Gruppenvertrag vor. Damit ist nicht wirklich ein zu unterschreibender Vertrag gemeint, sondern eine mehr oder - meistens - weniger explizite Übereinkunft zwischen den Spielenden, was denn überhaupt gespielt werden soll und was die Erwartungen an das Spiel sind.\nDie erste, grobe Übereinkunft zwischen den Spielenden ergibt sich oft schon aus dem Genre .\nIn einer klassischen US-Western-Kampagne gelten andere Regeln als in einem Shadowrun-Setting: Im Western werden die Guten halt nur am Arm getroffen, können dafür aber die alleinstehende Farmersfrau nicht alleine im Stich lassen und vor der Übermacht der Bösen fliehen.\nIn Shadowrun kann der \u0026ldquo;Gute\u0026rdquo; halt ohne Probleme in der Gosse mit einem Schuß in den Unterleib verrecken, sogar, wenn es sich um ein sinnloses Drive-by Shooting handelt, das mit der Handlung nix zu tun hat, dafür würden Shadowrun-Spieler aber auch ohne Probleme die alleinerziehende Orkmutter im Erdgeschoß ausrauben, bevor sie ihr den toten Wachmann im Flur anhängen und sich verpieseln.\nUnd man sollte sich vor dem Spiel dringend vergewissern, ob man jetzt einen US- oder einen Italo-Western spielt, sonst könnte es Mißverständnisse geben!\nZu so einer Übereinkunft gehören aber auch Ideen dazu, warum die einzelnen Spieler am Tisch sitzen, was sie also von so einem Abend erwarten. Robin Laws hat dem Thema \u0026ldquo;Spielermotivationen und -erwartungen\u0026rdquo; ein ganzes Kapitel in seinen \u0026ldquo;Laws of good gaming\u0026rdquo; gewidmet. Wenn man sicherstellt, daß für jeden Spieler während eines Abends etwas von \u0026ldquo;seinen\u0026rdquo; Sachen dabei ist, kann man relativ sicher sein, daß die beim nächsten Mal auch wieder mit dabei sind.\nSpiele wie Primetime Adventures (PTA) gehen noch einen Schritt weiter und machen Genrekonventionen und Spielermotivationen zu den Regeln des Spiels. Sie berücksichtigen sogar Konzepte wie Spotlight Time bei der Planung einer Kampagne - es wird zu einem Teil des Spiels, die Kampagne wie eine Fernsehserie zu planen und wie z.B. im Lost Episode Guide festzulegen, daß dies im A-Plot eine \u0026ldquo;Kate\u0026rdquo; oder \u0026ldquo;Locke\u0026rdquo;-Episode wird, während im B-Plot dieses oder jenes näher beleuchtet wird.\nEine Kampagne oder Spielsession wie eine Fernsehserie zu planen sorgt auch dafür, Spieler mit interessanten Erzähltechniken (Rückblenden, Foreshadowing, Krise, \u0026hellip;) vertraut zu machen und sie darauf vorzubereiten, bestimmte Charactereigenschaften vorab besser auszuarbeiten oder betont auszuspielen.\nIm Grunde das viel interessantere Konzept - \u0026ldquo;regelloses Rollenspiel\u0026rdquo; heißt ja nicht, daß alles möglich ist, sondern vielmehr, daß die Regeln sich nicht arbiträr aus irgendwelchen Regelbüchern ergeben, sondern aus dem gemeinsamen Verständnis davon, was aus dem Genre im allgemeinen und der Session im speziellen und der Situation gerade jetzt möglich ist.\n","date":"2005-07-06T00:00:00Z","href":"https://blog.koehntopp.info/2005/07/06/regeln-vs-genrekonventionen.html","tags":["drsrm","roleplay","lang_de"],"title":"Regeln vs. Genrekonventionen"},{"categories":null,"content":"Die Abstimmung zu Software-Patenten im EU-Parlament hat stattgefunden und das Parlament lehnt die umstrittene Richtlinie ab. Golem berichtet in Softwarepatente? Abgelehnt! :\nEuropäisches Parlament lehnt umstrittene Richtlinie ab Wie sich gestern bereits abzeichnete, hat das Europäische Parlament am heutigen Mittwoch die Softwarepatent-Richtlinie mit einer Mehrheit von 648 Stimmen abgelehnt und damit das Gesetzgebungsverfahren beendet. Zwar wurde nach außen hin fast einhellig gefordert, Softwarepatente nach dem US-Vorbild in Europa zu verhindern, in der Frage, wie weit diese Ablehnung gehen sollte, gab es jedoch große Differenzen, die zu einer regelrechten Lobbyschlacht führten. Letztendlich einigte man sich nun darauf, besser keine Richtlinie zu verabschieden, statt einer, die dem jeweiligen Lager missfällt.\nUpdate:\nEuropaparlament stimmt gegen Software-Patente (Spiegel Online) EU-Parlament beerdigt Softwarepatentrichtlinie (Heise Newsticker) EU parliament bins software patent bill (The Register) Softwarepatente abgeschmettert (Futurezone) EU Says No To Software Patents (Slashdot) Europäische Union: Keine Software-Patentrichtlinie (FAZ) Richtlinie zu Softwarepatenten vom Tisch (Tagesschau) [EU-Parlament lehnt Software-Patente ab (Computer Base) Software patent bill thrown out (BBC News) ","date":"2005-07-06T00:00:00Z","href":"https://blog.koehntopp.info/2005/07/06/softwarepatente-abgelehnt.html","tags":["free software","lizenz","patent","politik","software","lang_de"],"title":"Softwarepatente? Abgelehnt!"},{"categories":null,"content":"Innenminister wollen einjährige Speicherung von Verbindungsdaten berichtet Heise:\nDie Innenministerkonferenz hat sich auf ihrer unter dem Motto \u0026ldquo;Mit Sicherheit was los\u0026rdquo; stehenden Tagung am gestrigen Freitag in Stuttgart für eine mindestens zwölfmonatige Aufbewahrung von Telefon- und Internetdaten durch die Telekommunikationsanbieter ausgesprochen. Die tief in die Grundrechte einschneidende Maßnahme halten die Sicherheitsexperten insbesondere im Cyberspace für nötig\u0026hellip;.Es gehe auch nicht darum, jede Verbindung permanent zu überwachen. Vielmehr sollten die Strafverfolger im Einzelfall bei konkretem Verdacht einer schweren Straftat auf die gespeicherten Daten zugreifen zu können. Dazu komme, dass die Polizei nur mit richterlicher Genehmigung die Daten erhalten solle. Dass die bei den Providern anfallenden gigantischen Bithalden mitsamt den darin enthaltenen sensiblen persönlichen Informationen wiederum bevorzugte Angriffspunkte für Cybergauner darstellen könnten, thematisierten die Innenminister nicht.\nDie Sicherheitsbehörden sind in einer unangenehmen Lage. Auf der einen Seite wird von ihnen erwartet, diverse Straftaten aufklären zu können, die im oder mit Hilfe des Netzes begangen werden. Auf der anderen Seite gibt es im Netz keinen Mechanismus, mit dem sich Taten im Netz zu den Tätern sicher in Verbindung bringen lassen.\nDie Behören reagieren stur - und das bedeutet wirklich stur bis hin zur Mißachtung von Parlamentsbeschlüssen - mit dem Aufbau der rechtlichen, organisatorischen und technischen Infrastruktur, die ihrer Meinung nach notwendig ist, damit sie ihre Aufgabe erfüllen können (und dann noch ein bischen, weil es so hart war). Dabei ist ihnen erst einmal egal, ob die technische Infrastruktur die geforderten Dinge überhaupt leisten kann oder welche Kosten dabei entstehen. Wenn das Internet dadurch zu teuer wird, dann wird sich halt eine andere Technik durchsetzen, die die geforderten Dinge kostengünstiger realisieren kann - so die tief im Inneren gefühlte Überzeugung der Behörden.\nDie Behörden sehen es dabei nicht als ihre Aufgabe an, das Problem der Täterrückverfolgung in irgendeiner Form optimal, kostensparend oder sonstwie sinnvoll organisiert zu lösen. Sie bauen einfach Druck auf, in der Hoffnung, daß der Markt sich dann unter Berücksichtigung der anderen Markteinflüsse richtig herum sortiert.\n","date":"2005-06-27T00:00:00Z","href":"https://blog.koehntopp.info/2005/06/27/vorratsdatenspeicherung.html","tags":["identity","politik","security","lang_de"],"title":"Vorratsdatenspeicherung"},{"categories":null,"content":" In Wann ist die Serverload zu hoch? fragt Reimer:\nDie Frage, ob ein Serverload von n zu hoch sei, höre ich häufig. Die Antworten sind jedoch ebenso unterschiedlich. So wird häufig die Zahl 1,00 als normaler Wert gehandelt, aber genau so fallen Zahlen wie 5,00 und 8,00 etc.\nIn Linux und Unix gibt es einige Zahlen, mit denen man die CPU-Auslastung des Systems ausdrücken kann. Da ist erst einmal die momentane CPU-Auslastung in Prozent, wie sie von top und anderen Tools angezeigt wird:\nDiese Zahl gibt detailliert Auskunft darüber, wie die CPU in diesem Moment ihre Zeit verbringt:\ntop - 10:49:36 up 11:53, 4 users, load average: 2.71, 2.33, 2.20 Tasks: 109 total, 3 running, 106 sleeping, 0 stopped, 0 zombie Cpu(s): 31.4% us, 8.9% sy, 0.0% ni, 47.5% id, 0.0% wa, 10.2% hi, 2.0% si Die Zahl id ist die Idle-Zeit, die ungenutzte Zeit der CPU. Die anderen Zahlen sagen detailliert, wie die CPU ihre Zeit verbringt: us (User-Time) ist Zeit, die im Programm verbracht wird, und sy (System-Time) die Zeit, die vom Kernel im Auftrag dieses Programmes verbraucht wird. ni (Nice-Time) ist Zeit, die von herunter priorisierten Prozessen sinnvoll verbraucht wird. Alle drei Zeiten zusammen sind sinnvoll genutzte Arbeitszeit.\nwa (Wait-Time) ist I/O-Wait, also Zeit, die der Rechner auf das Eintreffen von Daten von der Platte oder dem Netzwerk wartet. hi und si (Hard- und Soft Interrupt) sind Zeiten, die das System mit der Bearbeitung von Interrupts zubringt, also in Gerätetreibern und Timer-Routinen.\nDie Loadzahlen geben die mittlere Länge der Run-Queue über eine Minute (erste Zahl), fünf Minuten (zweite Zahl) und 15 Minuten (dritte Zahl) an. Die Zahl sagt, wie viele Prozessoren das System im Schnitt auslasten könnte. Wenn also die Load 1 ist, ist ein Einprozessorsystem so in etwa ausgelastet, eine Enterprise 10000 mit 64 CPUs in einer Domain ist bei einer Load von 64 gut ausgelastet.\nDie Load auf meinem System ist derzeit so:\nFür Auslastungsabschätzungen ist die blaue Fläche aussagekräftig, denn sie stellt die 15 Minuten-Load dar. Diese Zahl ist relativ unempfindlich gegen lokale Lastspitzen und daher ein besseres Maß für die Auslastung (im Gegensatz zur Elastizität) des Systems. Meine Maschine läuft derzeit tagsüber mit einer Load von ca. 0.8, ist also mit einem Prozessor zu etwa 80 % voll. Zu einzelnen Zeitpunkten (nachts um 4:15 Uhr, wenn das News-Expire läuft), wird die Ideal-Last von 1 deutlich überschritten. Das ist zu diesem Zeitpunkt aber nicht schlimm.\nDie Spitzenlasten (rote Kurve: 1 Minuten-Load, und davon das Maximum) halten sich außer um 4:15 Uhr im Rahmen, die Maschine kommt nicht nennenswert über Load 2 hinaus. Die Kiste hat also nicht mehr allzu viel Reserven, ist aber auch noch nicht überlastet.\n","date":"2005-06-24T00:00:00Z","href":"https://blog.koehntopp.info/2005/06/24/wieviel-load-darf-es-denn-sein.html","tags":["computer","devops","linux","unix","lang_de"],"title":"Wieviel Load darf es denn sein?"},{"categories":null,"content":"Auf der S9Y Mailingliste fragte ein zukünftiger Paketmaintainer nach, ob er Serendipity für seine Distribution packen solle und wir ihn dabei unterstützten wollen. Abgesehen von allgemeinen Überlegungen die dagegen sprechen, gibt es noch andere Gründe, die das nicht wünschenswert machen.\nIn den Bereich der allgemeinen Überlegungen fallen zum Beispiel die Releasezyklen von Distributionen: Sie sind in der Regel sehr viel länger als die von Webanwendungen wie Serendipity. Insbesondere sehr langwellige Distributionen wie Debian verteilen mit ihren Paketen Versionen der Software, die die Entwickler von S9Y nicht mehr unterstützen können und wollen.\nAuch ist fraglich, welchen Gewinn ein solches Package bringen soll. Eine Anwendung wie S9Y installiert sich mit Download-Auspacken-Anklicken sowieso schon selber und ist dabei dann an keinerlei externes Packaging oder fremde Zyklen gebunden. Eine Installation mit Betriebssystem-Packages bringt da nur Nachteile und fehlende Flexibilität. Zum Beispiel ist es so nicht leicht möglich, mehr als eine Version von S9Y an mehr als einer Location im System zu installieren, denn das Packagemanagement der üblichen Distributionen unterstützt weder konkurrente Installation unterschiedlicher Paketversionen noch sind verschiebliche Pakete mit durch den Anwender bestimmter Package-Root allgemein üblich.\nAber das ist nur die Spitze des Eisberges. Checkt man sich einmal webapps-common aus und liest, was da drin steht - oder vielmehr nicht drin steht, sieht man, daß ein solches Packaging nur Nachteile haben kann:\n2.1 Web applications and the FHS Web applications should follow the same guidelines as any other software. most specifically, they should not make any assumption about how the administrator has arranged the file hierarchy outside of the FHS by placing files in non-standard places such as /var/www or /usr/local. Specifically, the following table should serve as guidelines for the location of files:\n| type of file | location | +\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;-+\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;+ | static web pages | /usr/share/PACKAGE/www | | dynamically interpreted web pages | /usr/share/PACKAGE/www | | persistent application data | /var/lib/PACKAGE | | dynamcially executed web pages | /usr/lib/cgi-bin/PACKAGE | | application-specific libraries | /usr/share/PACKAGE/include | | site configuration | /etc/PACKAGE | | locally modifiable/overridable content | /etc/PACKAGE/templates | | php libraries | /usr/share/php/PACKAGE | | rrd, mrtg and other database files | see database application policy |\nFußnoten weggelassen.\nDas ist so kraß konsequent an der Realität vorbei, daß es mir persönlich schon wieder Respekt abnötigt.\nWebanwendungen sind überall für Webhostingumgebungen entwickelt, denn dies ist bei weitem die verbreiteste Form des Deployments für Webanwendungen. Webhostingumgebungen werden aber in der Regel per Filetransfer in ein Verzeichnis unterhalb der DocumentRoot der Kundendomain beschickt. Sicherheitsmechanismen in Webhostingumgebungen berücksichtigen das: Mit chroot() oder Virtual Base Directory versuchen sie, den Kunden auf seinen Verzeichnisteilbaum zu beschränken. mit einer UID und GID pro Kunde oder pro Kundendomain versuchen sie, Betriebssystem-Zugriffsrechte als Hilfsmittel zur Kundentrennung zu benutzen.\nEine Webapp-Policy, die das komplett ignoriert und Webanwendungen atomisiert, um ihre Trümmer dann einmal durch das Dateisystem zu zerstäuben hat so überhaupt nichts mit der Realität zu tun, daß man im ersten Augenblick nur sprachlos daneben stehen kann.\nOkay, hier ist also einmal ein Katalog von Anforderungen:\nPolicy muß chroot/virtual base directory jails unterstützen Policy muß UID pro Domain/GID pro Kunde oder ähnliche Setups unterstützen, die auf Apache suexec oder PHP safe_mode basieren Policy muß erlauben, daß die Anwendung mehr als einmal pro physikalischem Rechner installiert wird Policy muß erlauben, daß die Anwendung in mehr als einer Version pro physikalischem Rechner installier wird. Policy muß dem Kunden erlauben, seine Installation per ftp/scp/rsync zu sichern und zu modifizieren. Versionsmanagement muß erkennen, ob die modifizierte Anwendung danach noch automatisiert updatebar ist und ggf. einen Mergeprozeß unterstützen. Policy muß die Installation mehrerer unterschiedlicher Webanwendungen pro Vhost in unterschiedliche Directories unterhalb der DocRoot eines VHosts unterstützen Die Policy muß also ein Framework liefern, mit dem man Vhosts schnell erzeugen kann, mit dem man in einem Vhosts Features wie modlogan, perl, python, php, chroot Jail und andere Eigenschaften enablen und disablen kann, und mit dem man pro VHost eine oder mehrere Anwendungen in unterschiedlichen Verzeichnissen installieren und möglicherweise sogar sicher aktualisieren kann. Dabei muß die Anwendung durch Kopie aus einem Shared Repository installiert werden können, durch Hardlink auf das Repository um Platz zu sparen oder sie muß, wenn die Anwendung das unterstützt, shared installs (PEAR, S9Y, \u0026hellip;) möglich machen.\nAll das ist natürlich mit dem FHS komplett inkompatibel. Aber kompatibel mit den Anforderungen des Webgeschäfts, das nun einmal mit dem FHS erst einmal genau gar nix zu tun hat.\n","date":"2005-06-13T00:00:00Z","href":"https://blog.koehntopp.info/2005/06/13/webanwendungen-und-der-fhs.html","tags":["filesystems","php","s9y","lang_de"],"title":"Webanwendungen und der FHS"},{"categories":null,"content":"Nils Ketelsen verweist auf den Artikel Send Us Your Anonymous Tips! auf Anonequity:\nWhen I advocate for anonymous communication in the United States, I always hear the same two objections: you can\u0026rsquo;t trust an anonymous source; and anonymity promotes crime. And yet if you search for the phrase \u0026ldquo;send anonymous tips\u0026rdquo; on the Web, it is found most commonly on the Websites for US police departments. So law enforcement is using untrustworthy, possibly criminal sources to - stop crime. How do we make sense of this weird contradiction in US sentiment?\nWie kann es sein, daß staatliche Stellen auf der einen Seite Anonymität verteufeln und bekämpfen wollen, auf der anderen Seite aber auffordern, vermeintliche Straftaten oder verdächtiges Verhalten anonym anzuzeigen?\nDer Artikel bezieht sich dabei auch auf den Watergate-Skandal, eines der bekanntesten Verbrechen in der US-Geschichte, das durch einen anonymen Hinweis aufgeflogen ist und bei dem die Identität des Hinweisgebers erst letzte Woche enthüllt worden ist. Dennoch bestehen die meisten Leute darauf, daß Anonymität der Gegensatz zu Ehrlichkeit und Sicherheit ist.\nIn der Diskussion um Anonymität wird oft eine Scheinunterscheidung zwischen dem \u0026ldquo;vertrauenswürdigen Tippgeber\u0026rdquo; und dem \u0026ldquo;unidentifizierten Spammer, der uns seinen Müll auf eBay verkaufen will\u0026rdquo; aufgebaut. So verdächtig eine solch politisch motivierte Unterscheidung auch sein kann, kann sie uns dennoch nützlich sein, wenn wir anonyme Kommunikation im täglichen Leben legitimieren wollen, argumentiert der Artikel. Wir können das staatlich geförderte Bild vom anonymen Tippgeber nehmen, um auf die Wichtigkeit anonymer Kommunikation im öffentlichen Leben hinzuweisen.\nDer Artikel verweist auf What Can We Learn from Medical Whistleblowers? , in dem gezeigt wird, wie anonyme Hinweise Journalisten geholfen haben, Verbrechen und Korruption in der Pharmaindustrie aufzudecken.\nAber es muss ja nicht immer um Menschenleben gehen. Vielleicht geht es nur darum, als Michelin-Restaurant-Tester anonym zu bleiben, um zu verhindern, daß die Testergebnisse durch Sonderbehandlung verfälscht werden. Genauso muss die c\u0026rsquo;t ihre Produkte anonym kaufen, wenn sie den Service und Support von Herstellern für ihre Produkte testen möchte. Andernfalls wäre es ihnen wohl kaum möglich, einen objektiven und korrekten Test aus der Perspektive des durchschnittlichen Kunden durchzuführen.\nDeswegen sind solche Hotlines, Webformulare und Briefkästen für anonyme Hinweise und Tipps so wichtig. Sie sind eine ständige Erinnerung daran, daß nicht nur Kriminelle anonym kommunizieren müssen, sondern daß es legitime, anonyme Kommunikation ist, die jeden Tag hilft, Verbrechen und Betrug aufzudecken und zu stoppen!\nNatürlich kann man nur hoffen, daß die Betreiber solcher anonymer Tippkästen keine Logs von IP-Adressen führen, von denen der Tipp gekommen ist. Oder man hofft nicht, sondern hilft sich selbst. Tor ist eine gute Methode, seine digitalen Spuren zu verwischen.\n","date":"2005-06-08T00:00:00Z","href":"https://blog.koehntopp.info/2005/06/08/anonymitaet-und-schizophrenie.html","tags":["authentication","identity","politik","security","lang_de"],"title":"Anonymität und Schizophrenie"},{"categories":null,"content":"Wie anderswo angemerkt, ist morgen der 8. Juni 2005, und damit der 10. Geburtstag von PHP.\nWas als kleines Tools zur Erstellung der Bewerbung von Rasmus Lerdorf angefangen hat, ist jetzt ein ausgewachsenes Tool zur Erstellung und Handhabung von Webanwendungen. PHP glänzt vor allen Dingen durch seine Integrationsfertigkeiten: es ist die Borg, die Glue Language des Web, die alle anderen Bibliotheken und Kommunikationswege assimiliert und zur Erreichung der eigenen Perfektion integriert.\nIch selber bin zu PHP wahrscheinlich irgendwann in 1997 oder 1998 gekommen. Boris Erdmann hat damals mit PHP/FI (PHP2) herumexperimentiert und für SH Online Shopsoftware in PHP entwickelt - das war viel bequemer als in Perl. Und so kam es, daß ich mich auch schon bald mit PHP auseinandergesetzt habe\u0026hellip;\nDenn mit Boris zusammen habe ich damals für einen Shop und das zugehörige Prozeßbackend im Intranet eines großen Konzerns geerbt. Wir haben damals sehr schnell gemerkt, daß wir ein Problem mit Persistenz haben und uns dann eine generalisierte Methode zur Erzeugung von Sessionvariablen überlegt.\nDas Resultat dieser Überlegungen war PHPLIB. Am 19. Mai 1998 habe ich auf der php-general-Liste zum ersten Mal nach Sessions gefragt (vom selben Tag kommt übrigens auch die Idee für PHP Standard Library ). Am 30. Juni haben Boris und ich dann PHPLIB released . Was ich damals als\nWe have had some stability problems with our code (spontaneous intermittent failures on some pages; \u0026ldquo;document contains no data\u0026rdquo;, but no log messages and no PHP debugger output) which we are trying to track, but we have had no success. These problems may be related to a general instability of PHPs object features (we are using classes, subclasses and objects throughout our code).\nwar vermutlich der erste Versuch weltweit, die damals brandneuen Objektfeatures von PHP3 anzuwenden und so kam es, daß Boris und ich ca. 50 Bugreports gegen die Release Candidates von PHP3 gefiled haben und persönlich verantwortlich für 4 von 6 Release Candidates waren (indem wir Showstopper Bugs entdeckt haben :).\nPHP ist für mich aber nicht nur eine schöne Sprache und eine reichhaltige Plattform gewesen, sondern auch eine Erfahrung im Aufbau einer Gemeinschaft.\nIch habe über die Beschäftigung mit der Sprache eine Menge von Leuten in vielen Ländern kennegelernt. Ich habe eine Newsgroup eingerichtet und die FAQ für die Gruppe zunächst alleine und dann mit einem wirklich guten Team fortgeschrieben. Was damals für die FAQ gilt, ist im Grunde beschreibend für die ganze kooperative Kultur, die um PHP herum entstanden ist:\nWarum funktioniert de.comp.lang.php?de.comp.lang.php funktioniert, weil wir hier freundlich miteinander umgehen und weil wir Arbeit nicht zweimal machen. dclp hat eine Kultur, und Ihr koennt diese Kultur mitgestalten.\nDer 10. Geburtstag von PHP ist damit ein Anlaß für mich, um mich bei allen den Leuten zu bedanken, die an diesem wirklich großen Projekt mitgearbeitet haben und die durch Kooperation und den Willen, ohne besonderen Anlaß zu einem gemeinsamen Ganzen beizutragen, die Sprache und die Gemeinschaft PHP zu einer der bedeutendsten Plattformen für Webentwicklung weltweit gemacht haben.\n","date":"2005-06-07T00:00:00Z","href":"https://blog.koehntopp.info/2005/06/07/zehn-jahre-php.html","tags":["kiel","php","lang_de"],"title":"Zehn Jahre PHP"},{"categories":null,"content":"Projekt 300 ist der Versuch, die 300 GB Quota pro Monat, die mit dem kleinsten Strato Rootserver mitkommen, auszunutzen. Weil dies zu leicht ist, sind die Nebenbedingungen \u0026ldquo;legal\u0026rdquo; und \u0026ldquo;sinnvoll\u0026rdquo;. Mit http und Mail komme ich bei der Maschine so auf 15-20 GB pro Monat. Also habe ich einen Binary-freien Newsserver in Betrieb genommen und habe derzeit NNTP-Verbindungen zu ca. 50 weiteren Maschinen. Auf diese Weise komme ich auf Platz 170 der Weltrangliste der News-Server und ca. 30 weitere GB Traffic im Monat. Es müsse also neue Projekte her, um die Maschine über die 50 GB-Schwelle zu heben.\nSo habe ich mich dafür entschieden, eine tor-Node auf dem Rechner einzurichten und bandbreitenlimitiert mitlaufen zu lassen.\nDie Installation von tor ist straightforward: Runterladen von libevent , tor , privoxy und tsocks .\nDie Installation von libevent und tor folgt dem üblichen Dreiklang von \u0026ldquo;sh configure\u0026rdquo;, \u0026ldquo;make\u0026rdquo; und \u0026ldquo;checkinstall\u0026rdquo;. Für die Inbetriebnahme legt man am Besten einen User \u0026ldquo;tor\u0026rdquo; an, etwa mit\n# useradd -u 520 -g 520 -c \u0026#34;Tor Anonymous Service\u0026#34; -d /var/lib/tor tor # passwd -l tor Mein tor sucht seine Konfiguration in /usr/local/etc/tor/torrc. Die Konfigurationsdatei habe ich komplett neu geschrieben, statt das mitgelieferte Sample zu verwenden, weil ich wissen wollte, welche Optionen es überhaupt gibt.\nDas Setup sieht so aus:\n### ### General Options ### ## ## Bei mir läuft tor als User tor in der Gruppe tor, und als dauernd ## laufender Dämon im chroot. ## Group tor User tor RunAsDaemon 1 ## ## Netzwerk Ressourcen ## Diese Anweisungen begrenzen die Dauerbandbreite auf ## ca. 50 KB/sec. Das sorgt dafür, daß die Karte nicht ## vollläuft und daß das Kontingent für den Tag nicht ## zu schnell aufgebraucht wird. ## ## Burst Bandwidth kann höher sein, das gibt dem ganzen ## Setup ein wenig Elastizität. ## BandwidthRate 50 KB BandwidthBurst 10 MB ## Statt ein monatliches Trafficlimit festzulegen, habe ich ## ein tägliches Limit definiert. Das sorgt dafür, daß die ## Node den ganzen Monat über nützlich ist und nicht am Anfang ## des Monats auf einmal alle Ressourcen weggelutscht werden ## können. AccountingStart day 00:00 AccountingMax 2500 MB ## 900 Filedescriptioren für diese Node. MaxConn 900 # Directory Server und Status DirFetchPeriod 20 minutes # DirServer address:port fingerprint DirServer 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441 DirServer 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF DirServer 62.116.124.106:9030 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D StatusFetchPeriod 15 minutes ## ## Dateien und Verzeichnisse ## # Logging SafeLogging 1 #Log debug file /var/log/tor/tor.log #Log info file /var/log/tor/tor.log Log notice file /var/log/tor/tor.log # PID File PIDFile /var/run/tor/tor.pid # Verzeichnisse DataDirectory /var/lib/tor ### ### Client Options ### ## Socks Server von außen erreichbar machen SOCKSBindAddress 127.0.0.1:8001 SOCKSBindAddress 81.169.156.174:8001 # Wir reden mit: all of QSC, uns selbst SOCKSPolicy accept 212.202.0.0/17 SOCKSPolicy accept 81.169.156.174/32 SOCKSPolicy accept 127.0.0.1/8 SOCKSPolicy reject *:* # Unverified Nodes sind solche, die nicht im Directory bekannt sind # entry|exit|middle|introduction|rendezvous AllowUnverifiedNodes middle,rendezvous ### ### Server Options ### # Port ORPort 8000 # Admin-Info ContactInfo 1024D/32E7CFC3 2005-02-11 Kristian Koehntopp \u0026lt;kris@koehntopp.de\u0026gt; MyFamily koehntopp,strato Nickname koehntopp ## Die Exit Policy legt fest, welche Dienste in welchen Ranges ## von diesem Server angesprochen werden. Wir machen aus Prinzip ## kein Mail (25), aber etwa ssh, imap, irc und natürlich web. ## ## Bekannte Filesharing Ports sind gesperrt. # Exit-Policy (Was kann dieser Server ansprechen?) ExitPolicy reject 169.254.0.0/16 ExitPolicy reject 127.0.0.0/8 ExitPolicy reject 192.168.0.0/16 ExitPolicy reject 10.0.0.0/8 ExitPolicy reject 172.16.0.0/12 ExitPolicy accept *:20-22 ExitPolicy accept *:53 ExitPolicy accept *:79-81 ExitPolicy accept *:110 ExitPolicy accept *:143 ExitPolicy accept *:443 ExitPolicy accept *:706 ExitPolicy accept *:873 ExitPolicy accept *:993 ExitPolicy accept *:995 ExitPolicy accept *:6660-6669 ExitPolicy accept *:8008 ExitPolicy accept *:8080 ExitPolicy accept *:8888 ExitPolicy reject *:* ### ### Directory Server ### DirPort 8002 # Please coordinate with the other admins at tor-ops@freehaven.net AuthoritativeDirectory 0 RunTesting 0 DirAllowPrivateAddresses 0 ### ### Hidden Service Options ### # not used Jetzt kann ich auf meinem Rechner einen tsocks-Client konfigurieren, um meinen Server anzusprechen. Danach kann ich etwa mit \u0026ldquo;tsocks irssi\u0026rdquo; dann anonym ircen\u0026hellip;\n# This is the configuration for libtsocks (transparent socks) for use # with tor, which is providing a socks server on port 9050 by default. # # See tsocks.conf(5) and torify(1) manpages. # server_type = 4 local = 81.169.156.174/255.255.255.255 server = 81.169.156.174 server_port = 8001 ","date":"2005-06-05T00:00:00Z","href":"https://blog.koehntopp.info/2005/06/05/selber-zwiebeln-anonymit-t-selbst-gemacht.html","tags":["identity","security","lang_de"],"title":"Selber Zwiebeln - Anonymität selbst gemacht"},{"categories":null,"content":" IP-Nummern werden überbewertet das wußten wir schon. Nach einigen theoretischen Anmerkungen zum Thema Anonymität geht es jetzt in die Praxis, denn Anonymität kann man auch selber herstellen. Die Grundlage dafür ist Onion Routing : Netzknoten bauen untereinander Verbindungen auf und senden einander immer gleich große, verschlüsselte Pakete zu. Dadurch entsteht eine Wolke von Rechnern, die untereinander ununterscheidbare Pakete zufällig austauschen.\nNutzer bauen Verbindungen zu einem Netzknoten auf und senden so Daten in die Wolke. Die Pakete laufen zufällig durch einige dieser Netzknoten und treten jetzt irgendwo an einem Knoten aus, um zu ihrem eigentlichen Empfänger zu gelangen. Da die Pakete in der Wolke ununterscheidbar sind, ist es nicht möglich, eintretende und ausgehende Verbindungen einander zuzuordnen. Da jeder Netzknoten aufgrund der Verschlüsselung der Pakete nur den unmittelbaren Vorgänger und den unmittelbaren Nachfolger kennen kann, aber nicht die wahre Quelle und das wahre Ziel des Paketes, kann auch ein einzelner kompromittierter Netzknoten die Kommunikation im Netz nicht verkettbar machen (Die Wirklichkeit ist ein wenig komplizierter (PDF)).\nOnion Routing der ersten Generation basierte auf asymmetrischer Kryptographie, und war aus verschiedenen Gründen relativ langsam.\nTor ist das Folgeprojekt von den Erfindern des Onion Routings und legt besonderen Wert auf geringe Latenzen und Benutzerbarkeit in der realen Welt.\nFür den Benutzer präsentiert sich Tor als SOCKS4a Proxy, der mit einem SOCKS-sprechenden HTTP/HTTPS-Proxy wie Privoxy ansprechen läßt. Das hat außerdem noch den Vorteil, daß die Anonymität der Kommunikation durch präpariertes Javascript oder HTML nicht mehr so leicht zu durchbrechen ist. Andere TCP-basierende Protokolle wie ssh oder irc lassen sich mit Hilfe von TSOCKS ohne Eingriff in die Anwendung anonymisieren.\nAlle anonymisierenden Dienste haben das Problem, daß sie Abuse-Handling definieren müssen. Tor geht dieses Problem an, indem sie dem Betreiber einer Tor-Node erlauben, die Rolle der eigenen Node in einer Verbindung zu definieren. Per Default ist eine Node nur Mittelteil einer Verbindung und niemals Entry- oder Exit-Node. Erst indem der Betreiber eines Knotens den SOCKS-Proxy von tor konfiguriert, gibt er seinen Knoten als Entry-Node frei. Dabei kann er festlegen, von wo die Nutzung seines Knotens als Entry-Node möglich ist.\nAußerdem kann jeder Betreiber einer Node eines Exit-Policy definieren, die festlegt, welche Verbindungen die tor-Node aus der Wolke heraus nach draußen aufbaut: Ohne eine solche Exit-Policy ist eine tor-Node niemals Exit-Node. Dadurch ist es Personen mit viel Bandbreite, aber eingeschränkten Möglichkeiten zum Abuse-Handling (etwa Firmen) möglich, eine Node zu betreiben und so zum Funktionieren des tor-Netzes beizutragen, ohne die eigenen organisatorischen und personellen Strukturen zu belasten.\nViele Betreiber potentieller Knoten haben beschränkte Bandbreiten und tägliche oder monatliche Trafficlimits. tor implementiert daher einen Token Bucket Traffic Shaper, für den man eine durchschnittliche und eine Burst-Bandbreite definieren kann. Die tor-Node wird dann niemals mehr Traffic erzeugen, als diese Limits angeben. Mit Hibernation ist es außerdem möglich, ein absolutes Trafficlimit für einen Zeitraum festzulegen und so die Überschreitung von Trafficgrenzen etwa auf Dedicated Servers von Hostinganbietern zu vermeiden.\nSchließlich kann tor außerdem noch Hidden Services anbieten: Dies sind Dienste wie das Hidden Wiki, deren reale Location und deren Betreiber im Netz nicht bekannt ist - tor schützt also nicht nur die Anonymität von Nutzern, sondern auch die Anonymität von Anbietern.\n","date":"2005-06-02T00:00:00Z","href":"https://blog.koehntopp.info/2005/06/02/die-welt-ist-meine-zwiebel.html","tags":["identity","security","lang_de"],"title":"Die Welt ist meine... Zwiebel?"},{"categories":null,"content":"Der folgende Vortrag stammt einem \u0026ldquo;Dienstags-Vortrag\u0026rdquo; in Karlsruhe-Durlach. Ich versuche zu erklären, wie man Vorträge plant und hält.\nVorträge hält man für eine bestimmte Zielgruppe, die man kennen und beschreiben können muß. Das heisst, man muss wissen, wofür diese Leute sich interessieren, warum sie im Vortrag sitzen werden und was ihr Kontext und ihr Vorwissen ist.\nEin Vortrag hat ein Ziel, wir wollen den Rahmen im Kopf der Zielgruppe ändern, also etwas erreichen.\nDazu müssen wir unsere Kommunikation kontrollieren und an diesem Ziel ausrichten. Dazu stehen uns die Folien, die Sprache und unser Auftreten als Referent/in zur Verfügung.\nUnd die Form muß stimmen, damit wir ernst genommen werden.\nZiel und Zielgruppe Die Leute im Vortrag geben Dir ihr wertvollstes Gut um Dir zuzuhören: Ihre Lebenszeit. Du hast ein konkretes Ziel: Du willst in ihren Köpfen was verändern.\nOhne genau zu formulieren, was das ist und wo diese Leute jetzt, vorher stehen, kann das nichts werden.\nDas bedeutet: Der Vortrag muß vorbereitet sein und hinterher auch so wirken. Denn sonst fühlen sich Deine Zuhörerinnen veralbert und nicht ernst genommen und sind nicht bereit, Deiner Argumentation zu folgen.\nWas genau ist also das Ziel des Vortrages?\nWillst Du etwas vermitteln (Neue Fertigkeiten)? Willst Du zu etwas aufrufen (Appell zur Handlung)? Willst Du Mittel einwerben (Aufruf zur Bereitstellung von Ressourcen)? Willst Du etwas verkaufen? Angenommen, alles läuft wie am Schnürchen: Wie soll das Ergebnis aussehen?\nZielgruppe Wer sind Deine Zuhörer, wie denken sie? Was ist ihnen wichtig? Welchen Argumentationslinien sind sie zugänglich?\nWo willst Du sie hin bringen und ist das realistisch?\nWas ist eine gute Geschwindigkeit? Beachte auch den Kontext, die Uhrzeit und was vorher passiert ist oder nachher passieren wird. Der erste oder letzte Vortrag einer Konferenz ist immer besonders.\nWie lange kannst Du das Durchhalten?\nAgenda Jeder Vortrag hat eine Agenda, einen argumentativen Ablauf. Man kann und soll dabei transparent sein, und diese Agenda vorher oder während der Vortrages mit einem Highlight anzeigen. Dadurch wissen Deine Zuhörer, wo wir sind, wie wir da hin gekommen sind und was noch kommt. Sie können ihr eigenes Engagement besser planen.\nFür wen ist der Vortrag, und was muß der Zuhörer an Vorwissen oder Motivation mitbringen, um folgen zu können?\nWie ist der Vortrag aufgebaut? Es ist sinnvoll, die Grobgliederung in Stichworten zu visualisieren oder einen Prozessbalken oder x/y Anzeiger mitzuführen. Manche Themen lassen sich auch mehrdimensional (\u0026ldquo;als Landkarte\u0026rdquo;) darstellen und sind dann interessanter dargestellt.\nKommunikation kontrollieren Alles im Vortrag hat sich dem Kommunikationsziel unterzuordnen. Es mag noch andere Themen oder wissenswerte Dinge geben, aber diese haben keinen Platz. Der Vortrag ist auch so lang genug. Du kannst weiterführende Hinweise in der Nachbereitung oder den Fußnoten unterbringen.\nNur zielführende und wesentlicher Folien haben einen Platz.\nEs ist gut, Reservefolien oder weitergehende Erklärungen zu haben. Diese versteckt man in der Regel und zeigt sie nicht. Nur wenn Fragen aufkommen, kann man - wenn es die Zeit erlaubt - in diese Richtung vertiefen.\nJeder Vortrag ist individuell. Betrachte die Situation und das Publikum, dann ordne die Folien, verstecke unwesentliche Folien, passe Folien an.\nDie magische Zahl Sieben (plus oder minus Zwei)\nMenschen können circa sieben Dinge mit einem Blick erfassen. Auf eine Folie gehören wenige, interessante Dinge. Niemals mehr als Sieben, eher weniger.\nDu brauchst die Folien nicht vorzulesen und sie müssen nicht dem gesprochenen Wort entsprechen. Du brauchst sie auch nicht als Gedächnisstütze. Sie dienen nur der Kontextualisierung des Vortrags und des gesprochenen Wortes.\nNiveau Beim Schreiben gilt: Schreibe für ein Publikum von Achtjährigen. Verwende Hauptsätze, mache keine inhaltlichen Sprünge, setze kein Wissen über die Welt voraus. Deine Leser sind nicht dumm, aber sie haben keine Zeit, kein Vorwissen über Dein Thema und sind abgelenkt.\nWenn Du in einer Fachzeitschrift schreibst, ziele auf Zwölfjährige. Du kannst komplexere Sätze bauen, aber Du musst noch immer alle Schritte und allen Kontext transportieren. Auch hier gilt, dass die Leser nicht in Deinem Fachgebiet arbeiten und nicht Dein Vorwissen haben.\nBeim gesprochenen Vortrag gilt ähnliches: Deine Worte müssen den Zuhörer auf eine Reise mitnehmen und jeden Schritt machen, jeden Kontext herstellen. Nur dann können und wollen sie folgen.\nBilder Bilder sind gut. Dieser Vortrag hat zu wenige davon!\nBilder sind groß, aussagekräftig, bunt und haben keine feinen Linien oder subtilen Farbkontraste. Sie verdeutlichen Dinge meistens besser als viele Worte.\nManche Begriffe lassen sich jedoch wegen Abstraktion nicht gut visualisieren.\nSprache Deine Zuhörerinnen können lesen und tun das auch. Du brauchst ihnen die Folien nicht vorzulesen. Sie sind auch kein Ersatz für den Aufschrieb oder einen geschlossenen Text, der das Thema noch vertieft.\nDer Vortrag liefert also Anekdoten und Bilder, die das Thema erinnerbar machen. Sie gehen den Rahmen und die Erzählung vor, und setzen damit den Kontext, indem die anderweitig bereitgestellten Fakten rezipiert, erinnert und verarbeitet werden.\nPublikum Halte den Rapport zum Publikum. Suche Dir einige Personen an verschiedenen Orten im Raum, und wenn Du den Blick durch den Raum schweifen läßt, schaue immer wieder zu diesen Personen. Dadurch fühlen sich alle in der Nähe angesprochen, und Du hast Messpunkte, an denen Du sehen kannst, ob Du die Aufmerksamkeit im Raum halten kannst. Das sollte auch Dein Tempo bestimmen.\nSprich Hochdeutsch und plappere nicht! Du willst vortragen, und das heisst eine flüssige, eingeübte sprachlich und argumentativ zusammenhängende Rede.\nWer sind die Extrempersonen im Raum? Fans, Skeptiker, Entscheider, Influencer? Es kann sinnvoll sein, schon während der Vortrags vorher im Raum zu sein, wenn das Publikum bleibt, oder vor dem Vortrag rechtzeitig da zu sein und Personen zu identifizieren und zu klassifizieren.\nWähle diese Personen um den Raum zu lesen. Stimmt das Tempo? Stimmt der Spannungsbogen?\nNoch mehr Publikum Tempo 120%. Auf diese Weise sind alle gezwungen, mit Aufmerksamkeit bei Dir zu bleiben und nicht wegen Langeweile abzuschweifen.\nBei einer Gruppe von Schulklassengröße kannst Du eine Person durch zu hohes Tempo verlieren, aber nicht zwei. Bist Du zu langsam, verlierst Du sehr schnell alle.\nForm Was ist Dein Auftritt? Ist es ein Vortrag (Du redest und stehst vor den anderen)? Ein Workshop (Du stehst vor den anderen und beantwortest Zuhörerinnenfragen)? Ist es eine moderierte Dikussion (Du und eventuell andere Reden abwechselnd, in Rede und Gegenrede)? Eine Rede (Also nicht erklärend wie ein Vortrag, sondern appelativ und emotional)?\nArbeite die Unterschiede dieser Formen heraus und wähle die für den Anlaß und das Ziel richtige.\nZeit Wie lang? 10-20 Minuten sind ein guter Block für einen thematisch zusammenhängenden Block. In der Schule wäre nach so einem Abschnitt \u0026ldquo;Methodenwechsel\u0026rdquo; oder themenwechsel zum nächsten Abschnitt, oder beides.\n45 Minuten sind eine Schulstunde und brauchen 2-3 klar trennbare Abschnitte, und eine führende, sichtbare und wiederkehrende Navigationsstruktur.\n90 Minuten sind sehr lang, ein Universtätsvortrag, und brauchen die Stukturierungen und Methodenwechsel von oben, und Tempowechsel, die den Zuhörerinnen erlauben, die Konzentration auch mal ruhen zu lassen.\nWann ist der Vortrag? Randzeiten haben direkten Einfluß auf die Form. Der erste Vortrag eines Tages darf freier und lockerer sein, überblick statt Tiefe geben und kann Stimmung und Thema setzen. Er darf auch kontrovers sein, und eine Gegenthese zum Rest des Tages aufstellen, wenn sich das anbietet. Der letzte Vortrag eines Tages ist oft lustiger, weil er als Rausschmeißer das Letzte zwischen der Veranstaltung und dem gemeinsamen Essen und Trinken ist. Er fasst den Tag oder das Thema oft mit Humor zusammen.\nMurphy Rechne damit, dass alles zusammenbricht. Kannst Du Deinen Vortrag mit einer Wandtafel und einem Stück Kreide durchziehen? Mit einem Whiteboard und drei Filzstiften? Das ist Dein Notprogramm, wenn wirklich alle Stricke reissen.\nWas für Technik erwartet Doch? Ist die getestet? Hast Du alle denkbaren Adapter, Notstrom? Was ist Dein Plan B, C und D? Hast Du den Vortrag nicht nur auf Deinem Computer und an den Veranstalter gemailed, sondern auch auf einem USB-Stick \u0026ldquo;selbstabspielend\u0026rdquo; dabei? Was ist, wenn das Netz weg ist?\nSpiegelcheck vor dem Betreten der Bühne. Haare, Zähne, Kleidung, Hosenstall, Schuhe?\n","date":"2005-05-30T00:00:00Z","href":"https://blog.koehntopp.info/2005/05/30/vortraege-richtig-halten.html","tags":["lang_de","talk","publication","internet","karlsruhe"],"title":"Vorträge halten"},{"categories":null,"content":"Der folgende Vortrag stammt einem \u0026ldquo;Dienstags-Vortrag\u0026rdquo; in Karlsruhe-Durlach, und versucht zu erklären, was der Kontext für ein Information Security Management System (ISMS) ist.\nDer Vortrag will erklären, was \u0026ldquo;Security Management\u0026rdquo; ist und erreichen will, was die Aufgaben des Security Managementprozesses sind (also was Security, Management und Prozeß sind), welche Schnittstellen der Prozeß hat und wie man eventuell versuchen kann, Security zu messen.\nRisk and Compliance Klar ist, daß Security kein unmittelbares Geschäftsziel ist: Der Erfolg einer Firma mißt sich nicht an ihrer Performance im Bereich \u0026ldquo;Security\u0026rdquo;. Stattdessen ist Security aber ein Non-Functional Requirement, das auf mehr als einem Weg in die Firma hineingetragen wird. Das heißt, eine Reihe von externen Einflüssen wirken auf die Firma ein und machen es erforderlich auf mehr als eine Weise sich mit Security zu beschäftigen:\nGesetze und Behörden setzen Mindestmaßstäbe fest, gesetzliche Auflagen und Fürsorge für die Mitarbeiter bestimmen das Vorgehen. Wirtschaftsprüfer und externe Verträge (\u0026ldquo;PCI Standards\u0026rdquo; aus Verträgen mit Kreditkartenfirmen, oder Cyberversicherungen) schreiben eine Bearbeitung des Themas vor. \u0026ldquo;Usus\u0026rdquo; oder \u0026ldquo;Stand der Technik\u0026rdquo; ist an mehr als einer Stelle im Datenschutzrecht und in anderen Gesetzen verankert. Aus dem Markt und durch Expertenmeinungen wird die Entscheidungsfindung beeinflusst. Schlechte Presse wegen schlechter Sicherheit führt zur Gefährdung des Geschäftsbetriebes. Allgemeiner gesprochen geht es um Risiken und ihre Absicherung. Interne Risiken sind \u0026ldquo;die Sicherung der Verfügbarkeit, Integrität und Vertrauchlichkeit von geschäftskritischer Infrastruktur\u0026rdquo; und die \u0026ldquo;Sicherstellung der Nachhaltigkeit des Geschäftsbetriebes\u0026rdquo;. Das ist das Äquivalent einer Firma zu dem persönlichen Wunsch, nicht sterben zu wollen.\nExterne Risiken sind \u0026ldquo;die Erfüllung von gesetzlichen und vertraglichen Regelungen\u0026rdquo;, als da sind KontraG, BGB, AktG, HGB, DSG, \u0026hellip; sowie Verpflichtungen aus Verträgen mit Partnern und Versicherungen. Dieser Teil wird meist unter der Überschrift \u0026ldquo;Compliance\u0026rdquo; abgehandelt.\nErstaunlicherweise gehen viele Firmen sehr locker mit dem Todeswunsch (also tatsächlicher Security) um, und nehmen Compliance ernster als tatsächliche Security, die sich mit realen und unmittelbaren Bedrohungen beschäftigt. Das hat allerdings auch damit zu tun, daß dieses Thema leichter zu greifen und zu quantifizieren ist. \u0026ldquo;Wir suchen da, wo Licht ist, nicht da, wo wir was finden könnten.\u0026rdquo;\nRisiken und Maßnahmen: ssh Host Keys Als Security Fuzzi bei web.de bekomme ich von Freunden und Mitarbeitern oft die Frage (oder den Vorschlag) im Umgang mit ssh eine Liste von Fingerprints von Host-Keys von Maschinen bereit zu stellen. Wenn ich mich dann auf Host x einlogge, wird mir der Fingerprint der Maschine angezeigt und ich kann den mit der Liste vergleichen.\nDie Frage ist also:\nSollten wir nicht eine Liste der Fingerprints aller Maschinen pflegen und den Admins an die Hand geben?\nWas denkt Ihr?\nDies ist eine Maßnahme die unternommen werden soll. Eine Maßnahme hat die Aufgabe, ein Risiko zu mitigieren, also abzuwehren oder zu entschärfen. Laien reden über Security meistens in Form von Maßnahmen und dann kommt man schnell vom Hundertsten ins Tausendste.\nDie Maßnahme ist also \u0026ldquo;Stelle eine aktuelle Liste aller ssh Host-Keys bereit und fordere die Admins auf, beim ersten Login zu vergleichen\u0026rdquo;\nSchauen wir einmal auf das Risiko: Wogegen schützt ein solcher ssh Fingerprint?\nDer ssh Fingerprint schützt gegen das Unterschieben eines anderen physischen Hosts oder eines anderen ssh-Servers auf dem Zielhost.\nGibt es andere Maßnahmen, die gegen dasselbe Risiko wirken?\nJa, wir könnten zum Beispiel auch einfach eine vorbereitete \u0026ldquo;known_hosts\u0026rdquo; Datei verteilen, in der nicht die Fingerprints drin sind, sondern die tatsächlichen Host Keys. Dann würde beim Login gar kein Fingerprint mehr angezeigt werden, sondern die Identität per Host Key direkt automatisch geprüft werden. Das wäre gleich viel Aufwand bei uns, und eine bessere UX bei den Admins. Außerdem wäre die manuelle Kontrolle als Fehlerquelle beseitigt.\nEine andere Maßnahme, die gegen das gleiche Risiko besser wirkt, wäre bei gleichem Aufwand also besser.\nWie sind die Kosten eines Risikos generell zu bewerten? Meistens macht man sich eine 3x3 Matrix aus Schadenshöhe (\u0026ldquo;teuer\u0026rdquo;, \u0026ldquo;das Jahresendergebnis beeinflussend\u0026rdquo; und \u0026ldquo;Wir sind pleite\u0026rdquo;) und Eintrittswahrscheinlichkeit (\u0026ldquo;selten\u0026rdquo;, \u0026ldquo;sehr selten\u0026rdquo;, \u0026ldquo;so gut wie nie\u0026rdquo;), und ordnet Risiken da ein. Dem stellt man die einmaligen und laufenden Kosten der Maßnahme entgegen.\nWieso sind die Schadenshöhe und und Eintrittswahrscheinlichkeiten so komisch? Nun, Dinge die billiger als \u0026ldquo;teuer sind\u0026rdquo; bezahlen wir und buchen das als \u0026ldquo;Cost of doing business\u0026rdquo;. Wir akzeptieren die Risiken also und tragen die Kosten. Und Dinge die häufiger als \u0026ldquo;selten\u0026rdquo; sind, sind keine Sicherheitsereignisse, also keine Ausnahmen, sondern müssen als operative Ereignisse im Tagesbetrieb abgehandelt werden können.\nWenn wir einen Geschäftsprozess haben, in dem \u0026ldquo;teure\u0026rdquo; Dinge \u0026ldquo;häufig\u0026rdquo; sind, oder schlimmer, dann ist ein geregelter Geschäftsbetrieb mit den vorhandenen Prozessen nicht durchführbar und wir müssen das Geschäftsmodell oder seine Prozesse hinterfragen.\nSicherheitsrisiken treten nicht einfach so auf und nicht jeder Angeifer kann einfach so Dinge tun. Wir können Angreifer modellieren, ihnen Fertigkeiten (Capabilities) zuordnen und Risiken katalogisieren: \u0026ldquo;Um dieses Risiko darzustellen, muss ein Angreifer diese Fertigkeiten haben, und daher kommt dieses Risiko nur bei diesem Angreifertyp vor.\u0026rdquo;\nEin Script-Kiddie könnte unsere Server \u0026ldquo;r00ten\u0026rdquo;, ein interner Angreifer könnte Maschinen oder Serverprozesse austauschen.\nRisikomanagement Wir bekommen also den folgenden Ablauf:\nWir betrachten Risiken als Produkt aus Eintrittswahrscheinlichkeit und Schadenshöhe. Wir betrachten Maßnahmen, und was sie mit dem Risiko tun (Eintrittswahrscheinlichkeit und Schadenshöhe reduzieren). Das kostet Zeit und Geld. Und danach in einer Schleife von vorn.\nDiese Schleife ist das Kennzeichen eines Prozesses im Gegensatz zu einem Projekt: Security ist kein einmaliger Vorgang mit einer Deadline und einem Deliverable, sondern eine laufend wiederholte Identifikation, Bestimmung und Abmilderung von Risiken.\nWie jede Schleife muß auch diese Abbruchbedingungen haben: Bestimmte Maßnahmen sind nicht akzeptabel. \u0026ldquo;Abziehen des Netzwerkkabels\u0026rdquo; hilft perfekt gegen \u0026ldquo;Script Kiddie r00tet den Server\u0026rdquo;, ist aber wegen der geschäftlichen Notwendigkeiten nicht akzeptabel.\nWir können auch Kosten und Nutzen gegeneinander abwägen. Maßnahmen finden ihre Grenze, wenn die Kosten für die Maßnahme den Schaden aus dem Risiko übersteigt. Eventuell findet man dann einen Versicherer, der auf den Schadensfall wetten will.\nUnd damit bekommen wir den Risikomanagementzyklus, die grafische Darstellung dieser Schleife.\nDas Risikomanagement identifiziert und bewertet allgemeine Risiken für den Geschäftsbetrieb. Definiert Maßnahmen (konkrete Projekte) zur Risikobehandlung und kontrollieren deren Wirksamkeit. Wie jeder Prozeß hat auch dieser Retroperspektiven, die regelmäßig durchgeführt werden und mit denen sich der Prozeß reguliert und optimiert. Das ist der Management-Aspekt an der Sache.\nEs gibt viele verschiedene Managementmodelle, aber alle versuchen, die Durchführungsphase eines Prozesses (\u0026ldquo;Do\u0026rdquo;) von der Planungsphase und der Retroperspektive zu trennen. Dadurch wird die Durchführungsebene von der Metaebene getrennt und der Prozeß selbst diskutierbar.\nEin häufiger Prozeßzyklus folgt dem PCDA-Modell.\nISMS Der recht neue British Standard 7799 ist ein sehr kurzes Papier (nur 21 Seiten) und beschreibt den Aufbau eines Information Security Management Systems (ISMS)\nPlan Plan (establish the ISMS) security policy, objectives,targets,processes and procedures relevant to managing risk and improving information security to deliver results in accordance with an organization’s overall policies and objectives. In den Termen einer deutschen Verwaltung also:\nDefiniere einen Geltungsbereich des ISMS (definiere die Grenzen), und setze einen Auftrag durch Definition strategischer Ziele. Definiere Stellen, also schaffe einen organisatorischen Rahmen. Bestimmte Maße, nach denen wir das Funktionieren des ISMS bewerten wollen. Legitimiere das ganze durch eine formelle Beauftragung und Delegation von Verantwortlichkeit an eine Leitung.\nWie deutsche Gesetze:\n\u0026ldquo;so was gibt es als Konzept\u0026rdquo; (Das Grundgesetz) \u0026ldquo;Das bedeutet im Einzelfall\u0026rdquo; (Bundesgesetz) \u0026ldquo;So machen wir das\u0026rdquo; (Durchführungsverordnung zum Gesetz) Risikoidentifikation und Risikobewertung bilden dann die Matrix, die wir weiter oben schon erwähnt haben.\nWir klassifizieren also, eventuell unter Hinzunahme von einem Standardkatalog, die zu schützenden Güter, mögliche Bedrohungen, Szenarien und Angreifermodelle, und eventuell eintretende Schäden.\nIndem wir diesen Eintrittswahrscheinlichkeiten und Bewertungen zuordnen bekommen wir eine Liste an Dringlichkeiten, und eine Liste an möglichen Maßnahmen, die wir wiederum nach Geld und Möglichkeiten ordnen können.\nUnser Management kann diese Maßnahmen azeptieren, finanzieren und dann durchführen lassen oder das Risiko als Geschäftsrisiko hin nehmen. Das Ergebnis dieser Entscheidung wird dokumentiert und dann durchgeführt.\nRisiken können wir behandeln indem wir\nsie akzeptieren (\u0026ldquo;is halt so\u0026rdquo;) sie vermeiden (\u0026ldquo;machen wir nicht\u0026rdquo;) sie transferieren (\u0026ldquo;is versichert, macht also nix\u0026rdquo;) oder durch eine Maßmahme kontrollieren (der häufigste Fall, oder in Kombination mit der Versicherung) Die Restrisiken\nnennen wir bewerten wir erneut (die PCDA Schleife dreht sich) oder lassen wir durch das Management abnehmen Do (\u0026ldquo;implement and operate controls, processes and the ISMS\u0026rdquo;) Wieder im BS 7799: implement and operate the security policy, procedures.\nKonkret also:\nDen organisatorischen und personellen Rahmen schaffen Stellen Mittel Feedback (\u0026ldquo;Indicent detection and handling\u0026rdquo;) die Stellen besetzen die Personen ausbilden und Risiken und Maßnahmen thematisieren (\u0026ldquo;Awareness\u0026rdquo;) Steht der organisatorische Rahmen, kann man sich um die Technik kümmern:\nÜberwachung und Monitoring Systemtests Funktionstests und Integritätsbedingungen für die Business Logic Performancetests Incident Detection and Handling Check (monitor and review the ISMS) \u0026ldquo;Assess and, where applicable, measure process performance against security policy, objectives and practical experience and report the results to management for review.\u0026rdquo;\nZur Bewertung entfernt man sich sukzessive immer weiter von der Vorgabe und blickt zurück:\nTun wir die Dinge wie vorgeschrieben, folgen wir der Anleitung (\u0026ldquo;Compliance\u0026rdquo;)? Ist die Anleitung geeignet, die tatsächlich anfallenden Probleme zu lösen (\u0026ldquo;Effektivität\u0026rdquo;)? Ist die Anleitung optimal, um die Probleme zu lösen (\u0026ldquo;Effizienz\u0026rdquo;) Ist die Anleitung noch ein Bild der Realität im Unternehmen, und werden die aktuellen Prioritäten und Organisationsstrukturen korrekt abgebildet? (\u0026ldquo;Applicability\u0026rdquo;) Act \u0026ldquo;Take corrective and preventive actions, based on the results of the improvement of the ISMS.\u0026rdquo;\nMit den Erkenntnissen aus der \u0026ldquo;Check\u0026rdquo;-Phase können wir unsere Prozesse debuggen und gewonnene Erkenntnisse umsetzen. Prozesse zu ändern ist dann ein Projekt: Anleitungen werden angepasst und geschult. Das ist etwas, das wir mit einem Termin versehen und prüfen können und bei dem wir Änderung mit dem \u0026ldquo;Vorher\u0026rdquo; vergleichen können. Wir können das erkannte Muster auch auf andere Fälle transferieren, dokumentieren und lehren.\nÄnderungen führen zu geänderten Anleitungen, zu angepassten Risikoabschätzungen, zu einem neuen Maßnahmenplan und zu neuen Prozessen und Prozeduren. Kurzum: Zur nächsten Umdrehung im PCDA.\nThemen BS 7799 definiert foilgende Tätigkeitfelder:\nSecurity Policy Organisatorische Infrastruktur Beteiligte, Aufträge, Berechtigungen, Rollen Dritte Parteien Outsourcing Asset Classification Inventur Dokumentenmanagement Personnel Security Job Definitionen und Profile Ausbildung Mißbrauch und Kommunikationskanäle Physical und Environmental Security Sicherheitsbereiche Diebstahlschutz, Infrastrukturschutz Communications + Operationsmanagement cf ITIL Funktionen Operational Procedures und Reponsibilities System Planning und Acceptance Housekeeping Backups Logs Network Management Media Management Information and Software Exchange Access Control Benutzerverwaltung (Identity und Authentication) Rechteverwaltung (Authorization) Zugangsüberwachung (Audit) System development + maintenance Security als Teil der Anforderungen Validation (Integrity measures) Cryptography (Confidentiality measures) Change control Business Continuity Management Compliance Gesetze+Verträge IPR Management Audit und Nachweis Security messen Compliance: Prüfung der Abdeckung durch Selbstauskunft durch Audit Absolutes Maß der Security sehr schwer (\u0026ldquo;Wie beweisen wir, dass wir nicht gehackt sind?\u0026rdquo;) Capability Maturity Model (Prozessreife)? Aufwendig! fünf Reifegrade in verschiedenen Bereichen CMMI Reifegrade\n0 not performed 1 performed informally 2 Planned and Tracked 3 Well defined 4 Quanitatively controlled 5 Continuously improving ","date":"2005-05-29T00:00:00Z","href":"https://blog.koehntopp.info/2005/05/29/security-management.html","tags":["lang_de","talk","publication","internet","security","karlsruhe"],"title":"Security Management - was ist das eigentlich?"},{"categories":null,"content":"Anonymity, Unobservability, Pseudonymity and Identity Management - A Proposal for Terminology pflegt Marit Hansen mit Andreas Pfitzmann und anderen eine Liste von Begriffen, Definitionen und Konzepten, die mit dem Komplex \u0026ldquo;Anonyme Kommunikation\u0026rdquo; zu tun haben. Das Papier soll Terminologie in diesem Bereich vereinheitlichen und so die Diskussion vereinfachen.\nDas Papier definiert \u0026ldquo;Anonymität\u0026rdquo; als \u0026ldquo;Ununterscheidbar in einer Grundmenge von Akteuren oder Adressaten einer Nachricht\u0026rdquo;. Dadurch wird Anonymität meßbar, indem man den Verdünnungsfaktor, also die Größe dieser Grundmenge angibt.\nEin anderer, von Anonymität zunächst einmal verschiedener Begriff ist der Begriff der \u0026ldquo;Verkettbarkeit\u0026rdquo;: Für zwei Objekte in einem System (etwa: eine Nachricht und ein Absender) soll das System nicht mehr Information über die Beziehung der Objekte liefern als ohne das System verfügbar wäre. Anonymität kann dann über Nichtverkettbarkeit formuliert werden, nämlich als Nichtverkettbarkeit von einer Absenderidentität mit einer Nachricht (\u0026ldquo;Absenderanonymität\u0026rdquo;), einer Empfängeridentität mit einer Nachricht (\u0026ldquo;Empfängeranonymität\u0026rdquo;) oder eines Absenders mit einem Empfänger (\u0026ldquo;Beziehungsanonymität\u0026rdquo;).\nEine stärkere Eigenschaft ist \u0026ldquo;Unbeobachtbarkeit\u0026rdquo;, bei der etwa die Nachrichten in einem Kommunikationssystem von Rauschen ununterscheidbar sind, also nicht einmal die Existenz von Nachrichten bewiesen oder widerlegt werden kann.\n\u0026ldquo;Pseudonymität\u0026rdquo; liegt vor, wenn Absender und Empfänger Pseudonyme als Identitäten verwenden, also ihre Nachrichten mit dem Pseudonym kennzeichnen. Pseudonymität deckt also das ganze Feld zwischen Anonymität auf der einen Seite und totaler Zurechenbarkeit auf der anderen Seite ab.\nSo kann ein Absender zum Beispiel\nwiederholt Nachrichten unter demselben Pseudonym absenden und sich so eine Reputation erarbeiten, mehrere Nachrichten werden also über dasselbe Absenderpseudonym verkettbar.\nDie Verkettung zwischen dem Pseudonym und der Inhaberperson kann öffentlich sein (\u0026ldquo;Telefonnummern als Pseudonyme für Anschlußinhaber\u0026rdquo;), nichtöffentlich-aufdeckbar sein (\u0026ldquo;Maskenball\u0026rdquo;) und nichtaufdeckbar-verkettbar (\u0026ldquo;DNS-Probe, die noch nicht in einer Datenbank erfaßt ist\u0026rdquo;).\nPseudonyme können transferierbar sein (\u0026ldquo;Account in einem Onlinespiel\u0026rdquo;), oder nichttransferierbar (\u0026ldquo;Fingerabdruck\u0026rdquo;). Durch Transfer kann ein aufdeckbares Pseudonym unaufdeckbar werden.\nIm Hinblick darauf, wann Kommunikationspartner ihre Namen wechseln, wie die Lebensdauer des Namens ist, und ob das Pseudonym Aspekte einer Person, eine Person oder Gruppen von Personen bezeichnet, kann Pseudonymität noch weiter aufgegliedert werden.\nEin Aspekt, den das Papier nicht diskutiert, ist die Qualität von Pseudonymen innerhalb desselben Namensraumes: Eine IP-Nummer ist zum Beispiel ein Pseudonym unter dem ein Benutzer im Internet agiert. Aus der IP-Nummer selber können aber zunächst keine Eigenschaften des Pseudonyms abgeleitet werden: Es ist nicht bekannt, ob die IP-Nummer eine Person oder eine Gruppe von Personen bezeichnet und es ist auch nicht bekannt, ob und wie lange die IP-Nummer mit einem bestimmten Inhaber verkettbar ist. Ebenso können keine Aussagen darüber gemacht werden, ob Zugriffe von zwei verschiedenen IP-Nummern demselben Benutzer zugerechnet werden können.\nSolche Aussagen über zugesicherte Eigenschaften wären aber wichtig, wenn man einer IP-Nummer im juristischen Kontext identifizierende Eigenschaften zuordnen will und wenn man Verantwortung für Taten im Internet über IP-Nummern mit Tätern verknüpfen möchte.\nSo treibt unsere Rechtssprechung recht seltsame Blüten: Das Recht verlangt auf der einen Seite Chipkartenleser mit Tastatur und Display, damit zurechenbare digitale Unterschriften unter elektronische Rechnungen gesetzt werden können, um diese in den Augen eines Finanzamt gültig werden zu lassen. Anderseits werden aber Personen auf der Grundlage irgendwelcher Logs mit irgendwelchen Zeit/DSL-Login/IP-Zuordnungen darin für angebliche Hackangriffe im Internet zur Rechenschaft gezogen. Ein bischen inkonsequent ist das schon.\n","date":"2005-05-24T00:00:00Z","href":"https://blog.koehntopp.info/2005/05/24/ueber-anonymitaet-reden.html","tags":["identity","security","lang_de"],"title":"Über Anonymität reden"},{"categories":null,"content":"In Das Rätsel um die 193.17.243.1 schreibt Thomas Klink:\nIm Zuge des Wahlkampfs in Nordrhein-Westphalen (NRW), wo [ \u0026hellip; ] ein neuer Landtag bestimmt wird, wird auch im Internet mit harten Bandagen gekämpft. Auf den Seiten des Internet-Lexikons Wikipedia sind in den vergangenen Tagen die Einträge zu den Spitzenkandidaten Peer Steinbrück (SPD) und Jürgen Rüttgers verändert worden. Die Manipulationen wurden aus einem Büro des Deutschen Bundestags heraus vorgenommen. Darauf weist die IP-Nummer, mit der Computer im Internet identifiziert werden, hin.\nSchließend heißt es:\nAls Konsequenz aus den Beschuldigungen forderte [Dr. Ole] Schröder, der Mitglied des Unterausschusses Neue Medien ist, gestern im Gespräch mit unserer Zeitung, dass jedes Bundestagsbüro eindeutig über die IP zu identifizieren sein muss. \u0026ldquo;Dies ist zum Schutz vor Missbrauch wichtig\u0026rdquo;, sagte er.\nDieses Beispiel zeigt deutlich einen Verhaltensaspekt von Behörden in der \u0026ldquo;Abuse-Szene\u0026rdquo;: Dort ist man derzeit überwiegend auf die IP-Nummer als Identifizierungsmerkmal fixiert, egal ob dies sinnvoll ist oder nicht.\nWir wollen dankbar sein, daß das so ist. Denn einen Chipkarten-Personalausweis als \u0026ldquo;Zündschlüssel\u0026rdquo; und Login für den Rechner und die Anmeldung am Netz wollen wir wahrscheinlich alle nicht (\u0026ldquo;jeder nur einen Rechner, rechts raus\u0026rdquo;). Außer vielleicht den Jugendschützern, der Content-Industrie und anderen komischen Vögeln.\n","date":"2005-05-23T00:00:00Z","href":"https://blog.koehntopp.info/2005/05/23/identifizierung-durch-ip.html","tags":["authentication","identity","politik","security","lang_de"],"title":"Identifizierung durch IP"},{"categories":null,"content":" Nachdem Internetpiraten in der Netzwerk-Ökonomie seit mehr als zwei Monaten bei mir auf Wiedervorlage liegt, weil ich noch was längeres dazu schreiben wollte, aber partout nicht dazu komme, blogge ich das einfach mal so weg. Man kann nämlich auch rechnerisch zeigen, daß das mit dem Kopieren alles viel komplizierter ist, als gewisse Interessenverbände uns weismachen wollen.\nNetzwerk-Ökonomen zeigen mit ihren Modellen, wie digitale Werke durch einen höheren Bekanntheitsgrad an Gebrauchswert gewinnen - auch wenn dies eine Folge von illegaler Verbreitung ist. \u0026hellip; Eine Reihe von neueren Studien zeigt nun, warum weder Künstler, noch die Allgemeinheit von diesem Kampf um die Wahrung des Urheberrechtes profitieren - und selbst Verlage und Softwarehersteller in einigen Fällen besser fahren würden, wenn sie die illegale Nutzung ihrer Produkte zuließen.\nNetzpiraten vs. Medienmodule (PDF) Der Nutzen von illegalen Kopien für den Künstler. Artists\u0026rsquo; earnings and copyright ","date":"2005-05-23T00:00:00Z","href":"https://blog.koehntopp.info/2005/05/23/internetpiraten-in-der-netzwerk-konomie.html","tags":["copyright","media","politik","lang_de"],"title":"Internetpiraten in der Netzwerk-Ökonomie"},{"categories":null,"content":" Nur noch schlafen, bitte.\nGeht alles wieder? Ja, auch wenn da noch so viel Rot ist.\nRestcrew.\n","date":"2005-05-14T00:00:00Z","href":"https://blog.koehntopp.info/2005/05/14/danach.html","tags":["image","karlsruhe","work","lang_de"],"title":"Danach..."},{"categories":null,"content":" ","date":"2005-05-14T00:00:00Z","href":"https://blog.koehntopp.info/2005/05/14/wenn-es-mal-wieder-laenger-dauert.html","tags":["image","karlsruhe","work","lang_de"],"title":"Wenn es mal wieder länger dauert..."},{"categories":null,"content":" Ciao, Tosi . Wir haben ihn gehen lassen, damit er sein Hobby \u0026ldquo;Navigationssysteme bauen\u0026rdquo; zum Beruf machen kann. Damit Ihr Euch nicht zu sehr verfahrt, haben wir gleich für eine passende Ausstattung gesorgt (Der Schönling, der sich da links ins Bild drängt ist Cruisi ).\nInformatikerhaushalt, Erstausstattung\nBesonderer Dank muß hier an Jochen gehen, der konspirativ den Bedarf ermittelt hat und uns so in die Lage versetzt hat, die schlimmsten Lücken zu schließen.\nTosis Antwort besteht darin, dem Süden ordentliches Bier zu bescheren.\n","date":"2005-05-13T00:00:00Z","href":"https://blog.koehntopp.info/2005/05/13/invasion-des-guten-geschmacks.html","tags":["image","karlsruhe","work","lang_de"],"title":"Invasion des guten Geschmacks"},{"categories":null,"content":"Das Thema \u0026ldquo;Mittlerfreie Kommunikation\u0026rdquo; ist ein Komplex von Gedanken, mit dem ich mich im Laufe der Jahre immer wieder auseinandergesetzt habe und das mir in einer ganzen Reihe von Diskussionen immer wieder begegnet ist. Weil dabei jedesmal dieselben URLs raussuchen muß, habe ich sie mir hier einmal als Zusammenfassung weggebloggt.\nAusgangspunkt war eine Diskussion im Usenet in 1997 , wo jemand behauptete, daß sich das Medium Buch in den letzten paar tausend Jahren nicht geändert habe. Ich fühlte mich gezwungen, zu widersprechen: Das Aussehen von Büchern mag sich wenig geändert haben, aber die Art und Weise, wie sie produziert werden, hat sich massiv geändert. Und diese Änderungen sind eine Quelle von weitreichenden Struktur- und Gesellschaftsänderungen gewesen (bzw. sind es immer noch). Der Artikel verwendet den Begriff der \u0026ldquo;Publishing Pipeline\u0026rdquo;, den ich später zum Begriff des \u0026ldquo;Mittlers\u0026rdquo; verallgemeinert habe.\nEin Mittler ist in einer Kommunikation jemand, der am Zustandekommen dieser speziellen Kommunikation beteiligt ist, der also diese spezielle Kommunikation inhaltlich beeinflussen kann.\nIm Rahmen der immer wiederkehrenden Zensurdiskussionen (hier: Oktober 1998) gehe ich darauf ein, daß solche Mittler in der Vergangenheit auch eine gesellschaftlich wichtige Kontrollfunktion wahrgenommen haben. Diese Kontrollfunktion fällt jetzt weg, wenn die Vermittlungstätigkeit zu einer Infrastrukturtätigkeit wird, der Mittler also nicht mehr am Zustandekommen einer einzelnen Kommunikation beteiligt ist, sondern nur noch allgemein eine Kommunikationsplattform betreibt.\nDer Wegfall dieser dieser Kontrollfunktion führt unter anderem dazu, daß diejenigen Parteien, die sich bisher auf die Kontrollfunktion der Mittler verlassen haben nun versuchen, den Betreiber der Infrastruktur für die Inhalte verantwortlich zu machen, die über sie transportiert werden (Stichwort \u0026ldquo;Providerverantwortung\u0026rdquo; und \u0026ldquo;Providerhaftung\u0026rdquo;).\nEtwas früher, im Juni 1998, schrieb ich etwas über die Auswirkungen von Infrastruktur in Händen der Endnutzer - das ist letztendlich der Gedanke, der hinter P2P steht. Im Artikel gehe ich noch von \u0026ldquo;dauernd laufenden Servern beim Endanwender\u0026rdquo; aus, und diskutiere, welche Auswirkungen diese auf die Publikationsmöglichkeiten von Endanwendern haben und wie dies im Kontext der Theorie der mittlerfreien Kommunikation zu sehen ist.\nSo redet der Text noch von \u0026ldquo;Bandbreite zu Hause\u0026rdquo; aus, aber letztendlich ist das irrelevant - heute haben wir nicht nur DSL-Bandbreiten nach Hause, sondern wir haben auch nahezu unbegrenzt Speicher außerhalb des Hauses in Form von Webdav-Diensten, Fotoalblem, Onlinespeichern und Webmail-Postfächern, von traditionellen kostenlosen Webhosting-Angeboten gar nicht zu reden\u0026hellip;\nLustigerweise macht der Text eine Kostenvorhersage, die - wenn man sie heute nachrechnet und die Inflation auch noch berücksichtigt - tatsächlich einigermaßen bei den Kosten für einen DSL-Anschluß herauskommt. Zwei Megabit/sec ist das, was die Uni Kiel zur Zeit meines Studiums zur Versorgung der ganzen Universität bereitgestellt hat - aber nicht zu den Kosten eines DSL-Anschlusses, sondern für Tausende von DM\u0026hellip;\nIm April 2000 taucht das Thema wieder auf. Diesmal geht es um Industriealisierung von Kommunikation . Was bedeutet dieser Begriff?\nIn industrieller Kommunikation finden sich die Kommunikationspartner gegenseitig ohne vorherige Kenntnis ihrer Existenz und ohne vorher ihre Vertrauenswuerdigkeit oder die Ernsthaftigkeit der gegenseitigen Angebote abschaetzen zu koennen. Dieses Finden kann ueber industrielle Vermittlung, also durch Suchmaschinen und ueber reputation managers (http://www.useit.com/alertbox/990905.html ) erfolgen.\nEs geht auch um die Frage, wer überhaupt ein Interesse daran haben kann, ob zwei Personen ohne Kontrolle durch einen Mittler oder Filter miteinander kommunizieren dürfen und wieso das eine wichtige Frage ist.\nZum Ausspruch \u0026ldquo;The Internet treats censorship as damage \u0026hellip;\u0026rdquo; von John Gilmore:\nDas ist die historisch-kaltkriegerische Formulierung des obigen Sachverhaltes. \u0026ldquo;Mittlerfreie Kommunikation\u0026rdquo; und \u0026ldquo;freie Wahl des Kommunikationsmodus\u0026rdquo; sind es, die eine Informationsgesellschaft tatsächlich definieren.\nIn einer solchen Gesellschaft kann Regulierung nur beim Sender oder beim Empfänger ansetzen. Wenn bei diesen beiden Parteien keine Kooperation besteht, wird es extrem schwierig werden, die Berücksichtigung dritter Interessen zu erzwingen.\nUnd das ist genau der Grund, warum \u0026ldquo;Besitz der Privatsphäre\u0026rdquo; das Wohlstand definierende Kriterium der Informationsgesellschaft ist wie \u0026ldquo;Besitz von Produktionsmitteln\u0026rdquo; das Wohlstand definierende Kriterium der Industriegesellschaft war und \u0026ldquo;Besitz von Land\u0026rdquo; das Wohlstand definierende Kriterium der Agrargesellschaft.\nDurchdenkt man das zum Ende, führt dies zwingend dazu, dass wir den Begriffen \u0026ldquo;Privatsphäre\u0026rdquo; und \u0026ldquo;Datenschutz\u0026quot;viel umfassendere Bedeutung zumessen müssen, als dies im derzeitigen Datenschutzmodell und -recht in Deutschland bzw. in der EU bisher der Fall ist.\nEbenfalls aus dem April 2000 stammt ein Artikel zum Thema Jugendschutzfilter unter dem Gesichtspunkt, daß diese Zwangsmittler sind. Der Artikel ist stellvertretend für die ganze Jugendschutzdiskussion ausgewählt und geht das Thema Mittler, Skalierung von Kontrollmechanismen und poltiische Kontrollziele unter diesem Gesichtspunkt \u0026ldquo;Jugendschutz\u0026rdquo; an, aber die Gedanken sind im Grunde verallgemeinerbar.\nSchließlich taucht das Thema im Januar 2003 noch einmal auf. Um das Thema \u0026ldquo;Zensur, Filterung und Zugangskontrolle\u0026rdquo; korrekt zu behandeln, fordere ich, die Fragen korrekt zu formulieren. Die Frage, die eine Gesellschaft sich stellen muß, lautet: Wollen wir mittlerfreie Kommunikation zulassen? Die Frage, die auch kommen muß: Ist das Konzept des Zwangsmittlers technisch und rechtlich durchsetzbar? Ist es gesellschaftlich erwünscht?\n","date":"2005-05-10T00:00:00Z","href":"https://blog.koehntopp.info/2005/05/10/materialsammlung-mittlerfreie-kommunikation.html","tags":["media","politik","usenet","lang_de"],"title":"Materialsammlung \"Mittlerfreie Kommunikation\""},{"categories":null,"content":"Der Wegfall von \u0026ldquo;news.individual.net\u0026rdquo; als kostenloser Server für USENET News mag den einen oder anderen Benutzer des Servers motiviert haben, sich selber mit News zu versorgen. Dieser Text soll dabei helfen, etwa auf einem der üblichen Dedicated Server bei einem Hoster oder an einer anderen geeigneten Stelle im Netz einen eigenen INN als News-Server aufzusetzen, und so zu konfigurieren, dass er ein nützlicher Teil der USENET-Infrastruktur in Deutschland ist, und dass einige Benutzer dort News lesen können.\nRessourcenplanung Traffic Die Gruppen im deutschsprachigen Teil des USENET haben das Prefix de.*. Lediglich im Teil de.alt.dateien.* dürfen Bild- und Programmdateien veröffentlicht werden, und so kommt es, dass sich das Verkehrsaufkommen im Restteil de.*,!de.alt.dateien.* in recht engen Grenzen hält: Pro Tag sind etwa 20 MB Traffic einzuplanen. Internationale Gruppen können ein Verkehrsaufkommen zwischen 150 und 200 MB am Tag erzeugen.\nDie Maschine, auf der inn-Server laufen soll, sollte eine feste IP-Nummer haben, die unterbrechungsfrei verfügbar ist. Es sind Setups denkbar, in denen einer der beiden am Austausch beteiligten Partner eine wechselnde oder nur mit Unterbrechungen verfügbare Adresse hat, aber diese sind nicht Gegenstand dieser Dokumentation.\nRAM- und Festplattenbedarf Ein laufender innd auf einem Intel-basierenden Suse-Linux-System verbraucht 12 MB RAM für den innd, den eigentlichen Newsserver. Außerdem werden noch ein innfeed-Prozess (2 MB RAM) zur Artikelweitergabe und einige Hilfsprozesse für statistische Zwecke und zur Ausführung von Wartungsarbeiten gestartet. Alles in allem werden 25-30 MB RAM verbraucht.\nDie Speicherung der Artikel erfolgt am günstigsten in sogenannten \u0026ldquo;CNFS Cyclebuffs\u0026rdquo;. Dabei handelt es sich um Ringpuffer-Dateien fester Größe, sodass der Speicherbedarf für Artikel auf der Festplatte konstant ist. Die Installation des Autors hat jeweils ein halbes Gigabyte für de.*,!de.alt.dateien.* und für regionale deutschsprachige Hierarchien reserviert. Drei Gigabyte sind für internationale Artikel aus den Big8-Hierarchien bereitgestellt.\nINN muss für lesenden Zugriff auf die Artikel eine Overview-Datenbank pflegen. Diese belegt etwa 10% des Speichers zusätzlich, der für Artikel belegt wird.\nWeitere Anforderungen Der CPU-Aufwand und die IO-Last auf dem Server des Autors sind vernachlässigbar. Dazu trägt die Verwendung von CNFS ganz erheblich bei.\nNNTP und NNRP, die Protokolle zum Übertragen von News und zum Lesen von News, verwenden standardmäßig den Port 119/TCP.\nDer Autor verwendet Suse Linux 9.1 als Grundlage für diese Installation. Sie ist jedoch auf allen Linux-Distributionen grundsätzlich ähnlich.\nInstallation Suse Linux 9.1 liefert im Paket inn einen INN in der Version 2.4.1. Dies ist relativ aktuell. Nach der Installation befinden sich die Konfigurationsdateien in /etc/news, die öffentlichen Programme in /usr/bin, die nicht öffentlichen Programme in /usr/lib/news/bin, einige wichtige Arbeitsdateien in /var/lib/news und der Artikelspeicher wird in /var/spool/news angelegt. INN wird nach /var/log/news loggen.\nAndere Distributionen verwenden möglicherweise leicht unterschiedliche Speicherorte, die Anleitung ist dann passend abzuwandeln.\nAlle Konfiguration am INN ist immer als User news durchzuführen und niemals als User root, außer dies wird ausdrücklich gesagt. Sobald durch Änderungen als root Konfigurations-, Log- oder andere Dateien einem anderen Benutzer als news gehören, wird INN möglicherweise nicht mehr sauber funktionieren.\nnews@h3118:-/bin\u0026gt; cat /etc/SusE-release SusE Linux 9.1 (1586) VERSION = 9.1 news@h3118:~/bin\u0026gt; rpm -q inn inn-2.4.1-33 Man muss also als root das Kommando su – news eingeben, um auf den Useraccount von news zu wechseln und auch das Environment des news-Users zu bekommen. Man befindet sich dann auch gleich im Home-Verzeichnis des News-Users. In SuSE Linux ist das /etc/news, wo sich auch die im Folgenden beschriebenen Konfigurationsdateien befinden.\nInbetriebnahme Artikelspeicher bereit stellen In unserer Beispielinstallation soll der INN mit einem Artikelspeicher in CNFS (\u0026ldquo;Cyclic News File System\u0026rdquo;) betrieben werden, weil dies die ressourcensparendste und wartungsärmste Art der Artikelspeicherung ist. Die CNFS-Puffer müssen konfiguriert und angelegt werden.\nVersäumt man das, verwendet INN den in der Default-Konfiguration definierten Traditional Spool. Dieser erzeugt jedoch mehr I/O-Last auf dem System und ist in der Größe variabel. Dafür steht sein Inhalt Scripten leichter zu Verfügung: Artikel werden als Dateien unterhalb von /var/spool/news/articles/ in Verzeichnissen abgelegt, die aus dem Namen der Newsgroup abgeleitet sind und müssen durch einen Aufräumjob (expire) von dort gelöscht werden. Die Verwendung von Traditional Spool ist nicht empfohlen, insbesondere nicht für INN Neueinsteiger.\nDie Puffer werden in der Datei cycbuff.conf definiert. Eine Pufferdefinition besteht aus einer oder mehr Zeilen, von denen jede einen cycbuff definiert. Diese Puffer müssen dann zu einem metacycbuff zusammengeklebt werden, damit sie durch den INN benutzbar werden.\nnews@h3118:-/peerdata\u0026gt; cat ~/cycbuff.conf # 512MB Puffer fuer de.* cycbuff: DE1: /var/spool/news/cycbuffs/file_de.1:524288 # Sechs 512 MB Puffer fuer den Rest cycbuff: INTL1:/var/spool/news/cycbuffs/file_intl.1:524288 cycbuff: INTL2:/var/spool/news/cycbuffs/file_intl.2:524288 cycbuff: INTL3:/var/spool/news/cycbuffs/file_intl.3:524288 cycbuff: INTL4:/var/spool/news/cycbuffs/file_intl.4:524288 cycbuff: INTL5:/var/spool/news/cycbuffs/file_intl.5:524288 cycbuff: INTL6:/var/spool/news/cycbuffs/file_intl.6:524288 # Puffer zusammenkleben zu Metapuffern metacycbuff: DE: DE1 metacycbuff: INTL: INTL1, INTL2, INTL3, INTL4, INTL5, INTL6 Leider ist INN bei der Benennung der \u0026ldquo;cycbuff\u0026rdquo; und \u0026ldquo;metacycbuff\u0026rdquo; sehr eingeschränkt: Namen müssen kurz sein und dürfen nur aus Zahlen und Buchstaben bestehen.\nIm Beispiel wird ein \u0026ldquo;cycbuff\u0026rdquo; mit dem Namen \u0026ldquo;DE1\u0026rdquo; definiert, der 524288 KB (512 MB) groß sein soll. Die Location im Dateisystem für diesen Puffer ist /var/spool/news/cycbuffs/file_de.1. Dort muss diese Datei auch angelegt werden. Dies erfolgt mit dem Kommando dd.\n$ dd if=/dev/zero of=/var/spool/news/cycbuffs/file_de.1 bs=1024k count=512 INN selber arbeitet immer nur mit \u0026ldquo;metacycbuffs\u0026rdquo;. Ein \u0026ldquo;metacycbuff\u0026rdquo; faßt dabei einen oder mehrere einzelne \u0026ldquo;cycbuff\u0026rdquo; zu einer für den INN benutzbaren Einheit zusammen. Der \u0026ldquo;metacycbuff\u0026rdquo; DE besteht dabei ausschließlich aus dem einzelnen cycbuff \u0026ldquo;DE1\u0026rdquo;.\nDas Beispiel definiert außerdem noch sechs jeweils 512 MB umfassende cycbuffs INTL1 bis INTL6. Auch diese müssen mit entsprechenden dd-Kommandos angelegt werden und können dann alle zusammen zu einem \u0026ldquo;metacycbuff\u0026rdquo; INTL mit 3 GB Gesamtgröße zusammengefasst werden.\nDamit INN weiß, welche Artikel in welchem Puffer abgelegt werden sollen, müssen in der storage.conf entsprechende Einträge gemacht werden.\nDie Zeile newsgroups legt dabei fest, welche Gruppen in welchem Puffer abgelegt werden. Die Zeile class ist eine eindeutige Nummer für jeden Eintrag, damit man an anderer Stelle auf den Eintrag Bezug nehmen kann.\nDie Zeile options legt für CNFS-Einträge fest, welcher metacycbuff Speicher für den entsprechenden Eintrag bereitstellen soll.\nnews@h3118:-/peerdata\u0026gt; cat ~/storage.conf method cnfs { newsgroups: de.* class: 3 options: DE } method cnfs { newsgroups: * class: 2 options: INTL } # Traditional Spool Klappert leer und wird dann gelöscht... method tradspool { newsgroups: * class: 1 } Im Beispiel wandern Artikel für die Newsgroups de.* immer in den CNFS-Speicher DE mit der eindeutigen Nummer 3. Alle anderen Artikel wandern in den CNFS-Speicher INTL mit der Nummer 2.\nDer Eintrag 1 definiert einen Speicher im Format tradspool. Er wird niemals verwendet, weil der Eintrag 2 vorher alle Artikel abfängt. Der Eintrag 1 ist der (nicht empfohlene, aber rückwärts kompatible) Default-Eintrag in der storage.conf von INN.\nSobald INN erst einmal gestartet ist (siehe unten), werden die Puffer initialisiert. Zu einem späteren Zeitpunkt kann man dann mit dem Kommando cnfsstat -a ansehen, wie ausgelastet die Puffer sind.\nGrundkonfiguration inn Vor dem ersten Start des Servers ist die /etc/news/inn.conf anzupassen. Zu ändern sind:\n-organization: \u0026#34;A pooly-installed InterNetNews site\u0026#34; +organization: \u0026#34;Deine Organisations-Zeile Definiert den Inhalt der Zeile Organization, die Bestandteil eines jeden Artikels ist.\n-#pathhost: localhost +pathhost: news.example.com Definiert, was Deine Site in den Path-Header einträgt. Dies ist ein sehr wichtiges Datum für das Peering mit anderen Sites. Es sollte Dein Domainname sein, oder ein vom Domainnamen abgeleiteter Name wie news.koehntopp.de für koehntopp.de.\nMit Hilfe des pathhost erkennt ein entfernter Server, ob ein bestimmter Artikel schon einmal Dein System passiert hat. Wenn ja, wird Dir der Artikel kein zweites Mal angeboten. Dies kann sehr viel Traffic einsparen, wenn man mehrere Feeds für eine Hierarchie hat.\n+complaints: abuse@example.com +fromhost: example.com Definiert den Inhalt der Headerzeile X-Complaints-To und die Domain, mit deren Hilfe Usernamen zu Mailadressen komplettiert werden, wenn dies notwendig ist.\n-docnfsstat: false +docnfsstat: true Dieser Eintrag ist optional. Wenn man jedoch später statistische Auswertungen auf dem System für den Betrieb plant, sollten laufende Meßdaten für die Auslastung der CNFS-Puffer vorliegen. Dazu muss dieser Eintrag aktiv geschaltet sein.\nCrontab aufsetzen INN muss in regelmäßigen Abständen einige Wartungsaufgaben erledigen. Daher sollte für den User news eine Crontab wie die folgende definiert sein:\nnews@h3118:~\u0026gt; cat crontab.current # to expire old news-articles 15 4 * * * /usr/lib/news/bin/news.daily expireover delayrm lowmark # dump path databases #0 0 * * * /usr/lib/news/bin/ctlinnd flush \u0026#39;inpaths! \u0026gt; /dev/null 2\u0026gt;\u0026amp;1 # 5 0 1,15 * * /us/lib/news/bin/sendinaths # inews stores news-articles in /var/spool/news/in.coming, if INN ist # not running. the next \u0026#34;rnews -U\u0026#34; will feed those news-articles into # inn. 10 * * * * /usr/bin/rnews-U #33 * * * * /usr/lib/news/bin/scanlogs norotate 2\u0026gt;/dev/null \u0026gt;/dev/null news@h3118:~\u0026gt; crontab crontab.current news@h3113:~\u0026gt; Die Crontab enthält nur die für den Betrieb unmittelbar notwendigen Einträge in aktivierter Form. Die auskommentierten Einträge sind für spätere Erweiterungen notwendig oder nützlich.\nDer Eintrag news.daily führt die zum Betrieb von INN notwendigen Wartungsaufgaben durch. Er muss einmal pro Tag ausgeführt werden.\nDer Eintrag rnews- U kann einmal pro Stunde ausgeführt werden. Er dient dazu, während Betriebspausen aufgelaufene Artikel nachträglich ins System einzuspeisen.\nDie beiden Einträge \u0026ldquo;inpaths!\u0026rdquo; und \u0026ldquo;sendinpaths\u0026rdquo; sind nur notwendig, wenn das System Statistikdaten in die \u0026ldquo;Top 1000 der Newsserver\u0026rdquo; einspielen will. Damit das funktioniert sind jedoch noch weitere Konfigurationen notwendig (siehe unten).\nDer Eintrag scanlogs norotate dient dazu, stündlich den Statistikreport für das laufende System zu aktualisieren. Damit das funktioniert sind jedoch noch weitere Konfigurationen notwendig (siehe unten).\nServer hochfahren Mit der angegebenen Konfiguration sollte der INN durch den Systemadministrator startbar sein.\nDas Kommando chkconfig inn on sorgt dafür, dass beim Systemstart automatisch auch der INN mit hochgefahren wird.\nAls User root: # chkconfig inn on # rcinn start Das Kommando rcinn start fährt den Server manuell hoch. Der Server sollte Startmeldungen in /var/log/news/news.notice hinterlassen und in der Prozessliste sollte ein Prozess innd erkennbar sein, der mit den Rechten des Users news ausgeführt wird. Mit lsof -i -n -P sollte dieser Prozess auf Port 119 lauschen. Von localhost aus kann man jetzt einen Testconnect gegen den NNTP-Port machen.\nnews@h3118:~\u0026gt; telnet localhost 119 Trying 127.0.0.1... Connected to localhost. Escape character is \u0026#39;^]\u0026#39;. 200 koehntopp.de InterNetNews server INN 2.4.1 ready mode reader 200 koehntopp.de InterNetNews NNRP server INN 2.4.1 ready (posting ok). list 215 control 0000000000 0000000001 n control.cancel 0000000000 0000000001 n contrel.checkgroups 0000000000 0000000001 n contrel.newgroup 0000000000 0000000001 n control.rmgroup 0000000000 0000000001 n junk 0000000000 0000000001 n quit 205 Connection closed by foreign host. Wenn das funktioniert, ist der Server erfolgreich grundkonfiguriert und hochgefahren.\nGruppen anlegen Testgruppe einrichten Der Server läuft nun und hat einige Standard-Newsgroups, die für die interne Verwaltung des Servers notwendig sind. Um die weitere Funktion des Servers zu testen, ist es notwendig, mindestens eine lokale Testgruppe anzulegen.\n$ ctlinnd newgroup local.test y news@localhost Andere Gruppen einrichten Die anderen benötigten Gruppen kann man leicht anlegen, indem man sich eine Liste der Gruppen beim zukünftigen Upstream-Server abholt und sie in Kommandos zur Gruppeneinrichtung umwandelt.\nDas Kommando getlist holt die Liste der aktiven Gruppen vom Server news.koehntopp.de ab und legt sie in der Datei active.news.koehntopp.de ab. Durch das grep-Kommando werden aus dieser Datei alle Gruppen der Hierarchie de.* extrahiert. Für die Einrichtung der Gruppen sind nur das erste und vierte Feld einer jeden Zeile notwendig. Mit dem awk-Kommando ziehen wir also diese Felder aus der Datei heraus und wandeln sie in ctlinnd-Kommandos um.\n$ getlist -h news.koehntopp.de \u0026gt; active.news.koehntopp.de $ grep \u0026#34;^de\\.\u0026#34; active.news.koehntopp.de \u0026gt; de-groups $ awk \u0026#39;{ printf \u0026#34;ctlinnd newgroup %s %s news@localhost\\n\u0026#34;, $1, $4 }\u0026#39; de-groups \u0026gt; einrichten.sh $ ctlinnd throttle now $ sh einrichten.sh $ ctlinnd go now Die Datei einrichten.sh enthält nun die benötigten Kommandos zur Gruppeneinrichtung. Die Ausführung der Datei ist sehr viel schneller, wenn man den Server vor der Ausführung der Kommandos in einen Standby-Modus schaltet und danach wieder in Produktivmodus versetzt.\nZugangskontrolle konfigurieren Mit den Default-Einstellungen kann man jetzt schon lokal (von localhost aus) gegen den Server connecten. Um Connects von außen zu erlauben, ist es notwendig, einen Anmeldemechanismus und eine Passwortquelle zu konfigurieren.\nauth all { auth: \u0026#34;chkpasswd -f /etc/news/passwd.nnrp\u0026#34; default-domain: example.com } access full { users: * newsgroups: * access: RPA } INN verwendet intern ein Programm namens ckpasswd für die Zugangskontrolle. Dieses Programm kann entweder auf eine lokale Passwortdatei zugreifen, in der INN-spezifische Passwörter konfiguriert werden, oder man kann es mit Priviliegien austatten, die ihm erlauben, auf die Systempasswortdatei zuzugreifen. Letzteres ist nicht empfohlen, da NNTP ohne weitere Maßnahmen Passwörter im Klartext überträgt.\nWelche Authentisierungsmechanismen in welcher Reihenfolge von INN verwendet werden, wird in der readers.conf festgelegt. Die folgenden Einträge legen fest, dass INN die Datei /etc/news/passwd.nnrp verwenden soll, um Logins zu gestatten. Die Datei hat dasselbe Format wie eine htpasswd-Datei von Apache und kann mit dem Apache-Programm htpasswd angelegt und verwaltet werden.\nDer Abschnitt auth legt fest, mit welchem Kommando die Anmeldeinformationen geprüft werden sollen, der Abschnitt access legt dann fest, welche Zugriffsrechte diese Benutzer erhalten sollen.\nWenn alles funktioniert, ist nun eine Anmeldung mit Benutzername und Passwort von entfernten Systemen möglich.\nVerbindungen (Feeds) konfigurieren Ein Feed ist eine Verbindung zwischen zwei Newsservern, über die gegenseitig Artikel in bestimmten Newsgroups austauschen. Der Feed besteht aus einer eingehenden Verbindung, die in der incoming.conf konfiguriert wird und einer ausgehenden Verbindung, die in der innfeed.conf definiert wird, und für die in der newsfeeds festgelegt wird, welche Dateien gesendet werden sollen.\nIn der incoming.conf wird festgelegt, welche entfernten Server dem eigenen Server Daten senden dürfen und welche Gruppen diese Server beschicken dürfen:\npeer koehntopp.de { hostname: \u0026#34;news.koehntopp.de\u0026#34; patterns: \u0026#34;de.*,!de.alt.dateien.*\u0026#34; max-connections: 5 } Ein solcher Eintrag gestattet dem entfernten Rechner koehntopp.de bis zu 5 parallele Verbindungen zu dem eigenen Server aufzubauen, über die er Artikel ausschließlich in die genannten Gruppen einliefern darf.\nAusgehende Verbindungen werden in die innfeed.conf eingetragen. Analog zur incoming.conf muss dort ein Link für eine ausgehende Verbindung konfiguriert werden.\npeer koehntopp-all { ip-name: news.koehntopp.de max-connections: 5 } Schließlich wird in der Datei newsfeeds festgelegt, welche Daten über die ausgehende Verbindung gesendet werden sollen.\n# koehntopp.de Kristian Koehntopp \u0026lt;kris@koehntopp.de\u0026gt; koehntopp-all/koehntopp.de\\ :!*,@*,de.*,!de.alt.dateien.*/!local\\ :Ap,Tm:innfeed! Die Bestellung für den Channel koehntopp-all aus dem Beispiel liest sich \u0026ldquo;keine Artikel, die koehntopp.de im Path haben (/koehntopp.de).\nDas Pattern legt fest, welche Newsgruppen über den Kanal gesendet werden sollen. Es liest sich !* (\u0026ldquo;nix, gar nix\u0026rdquo;), @* (auch keine Crossposts, das ist doppelt gemoppelt), de.*,!de.alt.dateien.* (alle de-Gruppen außer de.alt.dateien.*), jedoch keine Artikel mit der Distribution: local.\nDie Flags und der Kanalname legen fest, dass die Daten über den Kanal innfeed! herausgesendet werden sollen.\nDeswegen muss der vordefinierte innfeed!-Kanal in der Datei newsfeeds aktiviert werden.\ninnfeed!\\ :!*\\ :Tc,Wnm*:/usr/lib/news/bin/startinnfeed Außerdem muss das System Steuernachrichten zur Einrichtung neuer Gruppen, zum Löschen von Artikeln usw. verarbeiten können. Dazu ist die Aktivierung des Controlchan notwendig.\nUm die Änderungen wirksam werden zu lassen, muss dem INN-Server ein \u0026ldquo;reload\u0026rdquo;-Kommando gesendet werden.\nnews@h3118:~\u0026gt; lsof -i -n -P | grep koehntopp innd 28144 news 57u IPv4 9342609 TCP example.com:199-\u0026gt;koehntopp.de:2418 (ESTABLISHED) innd 32740 news 25u IPv4 9342489 TCP example.com:42275-\u0026gt;koehntopp.de:119 (ESTABLISHED) Wenn alles funktioniert hat, ist das Link jetzt sichtbar und kann mit lsof oder tail -f /var/log/news/news /var/log/news/news.notice gesehen werden.\n","date":"2005-03-19T00:00:00Z","href":"https://blog.koehntopp.info/2005/03/19/der-eigene-usenet-server.html","tags":["computer","usenet","lang_de"],"title":"Der eigene USENET Server"},{"categories":null,"content":"Das älteste Posting, das Google Groups von mir hat, ist von Mitte 1989 . Ich schrieb damals als kris@tpki.UUCP aka ...!mcshh!tpki!kris.\nFür die mit der Gnade der späten Geburt gesegneten: Damals hatten wir noch kein automatisches Routing und auch keine direkten Verbindungen wie im Internet. Mail wurde über Modem-Links von System zu System weitergegeben. Da wir kein automatisches Routing hatten, musste man mit dem sogenannten Bang-Path (wegen der Ausrufezeichen, Bang!) die Systeme angeben, über die die Nachricht transportiert wurde. ...!mcshh!tpki!kris ist also der Pfad zu meiner Mailbox ab dem damals relativ bekannten System mcshh.\nHostnamen waren weltweit eindeutig, da es noch keine Domains gab.\nSysteme mussten sogenannte Mapschnipsel veröffentlichen, in denen sie ihren Namen und ihre Verbindungen zu anderen Systemen bekannt gaben. Ein Eintrag wie oski tpki(DAILY) deklarierte dann eine Verbindung zwischen den Systemen oski und tpki, die einmal pro Tag Mail abgeholt hat.\nMit dem Programm pathalias konnte man die Liste der Mapschnipsel nehmen und in Routingtabellen der Form oski kriski!tpki!oski!%s umgewandelt werden. Diese Tabellen stellten das Netz aus der Sicht des Absenders dar, sodass eine Mail an olaf@oski automatisch in den Bang kriski!tpki!oski!olaf umgewandelt werden konnte.\nZusammen mit den Mails wurden über die Modemverbindungen damals auch die USENET News ausgetauscht. Damals hatte man in der Regel einen lokalen News-Server auf seinem System laufen und die eingehenden News wurden eingelesen und auf dem lokalen News-Server bereitgestellt. Abgehende Artikel wurden lokal auf dem eigenen System veröffentlicht und auf allen angeschlossenen Systemen verbreitet. Weil jeder Artikel eine eindeutige ID hatte, konnte ein System erkennen, ob ihm ein Artikel mehrfach zugestellt wurde und Duplikate verwerfen. Artikel haben sich so im \u0026ldquo;Flood-Fill Verfahren\u0026rdquo; im Netz ausgebreitet und waren in tausenden Kopien auf allen Servern verfügbar.\nFür mich waren USENET News und Mail damals der Einstieg ins Netz - lange vor Internet und drei Jahre vor der Erfindung von http. Sie waren für mich auch lange Zeit das primäre Kommunikationsmedium und ich habe über die viele aufregende Personen kennengelernt - die Teilnehmer an der Silvesterfeier des Hohen Rathes der Dreizehn Weisen vom Feed werden sicherlich wissen, was ich meine. Zu dieser Channelparty^W^Wdiesem Newsgrouptreffen von de.talk.bizarre am 31.12. hatte ich rund 20 Leute nach Kiel eingeladen, die ich noch niemals vorher in Persona gesehen hatte und die sich auch untereinander dort größtenteils zum ersten Mal getroffen haben. Das war eine wirklich gute Feier.\nHeute brät USENET meistenteils im eigenen Saft - die Diskussionen dort sind alt, ich habe sie in den vergangenen 16 Jahren meiner Anwesenheit dort viele Male gesehen. Erst neulich habe ich mein Zugangspaßwort für news.individual.net wiedergefunden und erstaunt gemerkt, daß ich es für zwei Monate verloren hatte - ich hatte nicht einmal bemerkt, daß es dem Reader aus der Konfiguration gerutscht war, weil ich ihn schlicht nie aufgerufen habe.\nHeute lese ich auf news.individual.net , daß mein Zugang dort in Zukunft Geld kosten wird und eine Neuanmeldung erforderlich ist. Der Betrag ist angenehm niedrig - 10 Euro pro Jahr (!).\nDennoch habe ich beschlossen, daß der 31. März 2005 der letzte Tag meiner Anwesenheit in den USENET News sein wird - es ist die Mühe nicht mehr wert.\nMein Reader ist inzwischen Akregator, und wer mit mir diskutieren will, der kann das in den Kommentaren meines Blogs tun oder mich trackbacken. Blogs kann man haufenweise schnell und einfach bekommen - supersized.org ist möglicherweise nicht die schlechteste Wahl.\nIn diesem Sinne: 16 Jahre sind genug. Lebewohl, USENET!\n","date":"2005-02-15T00:00:00Z","href":"https://blog.koehntopp.info/2005/02/15/abschied-aus-dem-usenet.html","tags":["computer","s9y","usenet","lang_de"],"title":"Abschied aus dem USENET"},{"categories":null,"content":" Trolltech teilt mit, daß Qt4 für Windows jetzt auch unter der GPL lizensiert wird.\nDer Qt3 Sourcecode für Unix-Betriebssysteme stand schon immer sowohl unter der GPL als auch wahlweise unter einer Bezahllizenz zur Verfügung, während für die Windows-Variante des Sourcetrees nur die Bezahllizenz verfügbar war. Mit Qt4 ändert Trolltech diese Strategie: Qt4 wird plattformübergreifend wahlweise unter der GPL oder einer Bezahllizenz verfügbar sein.\nWindows ist nach Aussage von Trolltech ganz knapp die populärste Plattform for Qt. Der Anpassungsaufwand, um Qt-Anwendungen von Unix-Plattformen auf Windows und MacOS zu portieren ist extrem gering.\nTrolltech stellt eine FAQ zu Lizenzfragen zur Verfügung.\nInzwischen hat auch Golem einen Artikel zum Thema.\n","date":"2005-02-07T00:00:00Z","href":"https://blog.koehntopp.info/2005/02/07/qt4-wird-vollstaendig-gpl.html","tags":["free software","lizenz","politik","lang_de"],"title":"Qt4 wird vollständig GPL"},{"categories":null,"content":"Trolltech hat seine Qt Bibliothek ab der Version 4 komplett unter GPL gestellt. Das bedeutet, daß nicht nur die Unix-Version der Bibliothek unter der GPL verfügbar ist, sondern auch die Windows-Version. Grund genug einmal nachzulesen, was denn in der GPL drinsteht, und wieso das so ist.\nDie Originalquelle zum Thema ist natürlich die Licenses -Seite der GNU Website (Deutsche Version der GPL ). Dort findet man nicht nur den Text der Lizenz , sondern auch eine sehr lange GPL FAQ , die keine Frage mehr offen lassen sollte. Groklaw hat ebenfalls eine sehr gute GPL References Page .\nWas steht denn nun in der GPL?\nDie GPL ist eine Lizenz. Eine Lizenz ist eine Erlaubnis, kein Vertrag. Die GPL erlaubt es einem Anwender, ein Stück Code zu benutzen. Wenn der Anwender das Stück Code nutzen möchte, muss er die Lizenz und die Bedingungen der Lizenz akzeptieren. Die Bedingungen der Lizenz legen fest, unter welchen Vorbedingungen die Erlaubnis zur Nutzung des Codes durch den Anwender erteilt wird. Werden die Vorbedingungen verletzt, erlischt die Erlaubnis zur Nutzung.\nDarum ist es wichtig, sich diese Vorbedingungen und die Konsequenzen beim Verstoß gegen diese Vorbedingungen genau anzusehen.\nParagraf 0 der GPL legt fest, auf was sich die Lizenz erstreckt und was die Begriffe \u0026ldquo;Programm\u0026rdquo; und so weiter in der folgenden Lizenz erstrecken. Wenig überraschend sind das alle Dateien, die mit dem betreffenden Lizenzvermerk markiert worden sind.\nEs wird auch festgelegt, welche Erlaubnisse die Lizenz erteilt - nämlich die Vervielfältigung, die Verbreitung und die Bearbeitung bzw. Veränderung des Programmes. Insbesondere nimmt die Lizenz die Ausführung des Programmes aus - sie wird nicht eingeschränkt. Ebenso erstrecken sich die Bedingungen nicht auf die Ausgabe des Programmes, sofern sie nicht wieder ein Programm sind - was nur bei Programmgeneratoren der Fall ist.\nDer folgende Paragraf 1 erlaubt dem Anwender dann beliebig unveränderte und vollständige Kopien des Programmes anzufertigen und weiterzugeben. Besonderer Wert wird dabei darauf gelegt, daß dabei auch der rechtliche Rahmentext mitkopiert wird, also die Urheberrechtsnotiz, die Lizenz und die Hinweise auf die Lizenz und der Haftungs- und Garantieausschluss. Ausdrücklich erlaubt wird dabei, Geld für die Erstellung der Kopie zu nehmen und ggf. zusätzliche Garantien für eine Extragebühr anzubieten.\nDiese Klausel erlaubt es also dem Anwender, das Programm als Ganzes weiterzugeben, aber sie erlaubt noch keine Veränderung oder Weiterentwicklung des Programmes. Wäre dies die ganze GPL, säßen wir noch immer mit Linux 0.01 und lustigen \u0026ldquo;AAAAA\u0026rdquo; und \u0026ldquo;BBBB\u0026rdquo;-Buchstabenreihen auf dem Bildschirm da, und niemandem wäre geholfen.\nEs ist Paragraf 2, der die Veränderung des Programmes erlaubt, die Weitergabe des veränderten Programmes erlaubt, und die Bedingungen dafür festlegt: Die Dateien müssen als geändert markiert sein, und Änderung und Datum der Änderung müssen erkennbar sein, das geänderte Programm muss Dritten gegenüber vollständig und unter den Bedingungen der Originallizenz wieder zur Verfügung gestellt werden und das Programm muss bei seinem Start auf seine Lizenz, den Garantie- und Haftungsausschluss und die anderen rechtlichen Rahmenparameter hinweisen, soweit dies möglich ist.\nDer Abschnitt enthält auch Schrankenbestimmungen, die ein wenig verwirrend formuliert sind - \u0026ldquo;Identifizierbare Teile, die nicht vom Programm abgeleitet sind\u0026rdquo; und \u0026ldquo;Zusammenlegen mit anderen Programmen auf einem Speicher- oder Vertriebsmedium\u0026rdquo;.\nDie Schrankenbestimmungen sollen bewirken, daß sich die GPL nur auf ein Programm und die zu seiner Ausführung notwendigen Bibliotheken erstreckt, aber nicht auf andere Programme, mit denen unser Programm zusammenarbeitetet und sie sollen bewirken, daß Programme unter der GPL mit anderen Programmen zusammen in einer Distribution verbreitet werden können.\nSo ist SQL Relay zum Beispiel ein eigenständiges Programm, das die unter der GPL stehenden Bibliotheken von MySQL 4.x verwenden kann. Wenn es diese Bibliotheken einbindet, muss es selber auch unter der GPL stehen - es ist ein abgeleitetes Werk im Sinne der GPL und nicht von der unter der GPL stehenden Komponente - den Bibliotheken - getrennt.\nEin Client kann jedoch das SQL Relay ansprechen und über Netz mit ihm kommunizieren. Er ist ein getrenntes Programm, das vom SQL Relay verschieden ist und mit ihm keinen gemeinsamen Adressraum teilt. Daher erstrecken sich Bedingungen der GPL nicht auf dieses Programm und es kann unter einer anderen Lizenz stehen.\nEs ist auch möglich, SQL Relay etwa zusammen mit Oracle auf einer CD zu verteilen (vorausgesetzt die Lizenz von Oracle erlaubt diese Weiterverbreitung auch). Da dies nur ein Zusammenlegen auf einem gemeinsamen Medium ist, erstrecken sich die Bedingungen auch nicht auf das auch auf der CD befindliche Oracle.\nParagraf 3 bezieht sich dann auf den Quelltext, aus dem das Programm erstellt wird. Die GPL versteht unter dem Quelltext die Dateien in einer Form \u0026ldquo;die für Bearbeitungen vorzugsweise verwendet wird\u0026rdquo; und verlangt, daß man alle Dateien weitergibt, die für die Reproduktion des ausführbaren Programmes erforderlich sind. Die GPL verlangt nun, daß man\nENTWEDER den Quelltext mit dem Programm maschinenlesbar auf einem \u0026ldquo;üblichen\u0026rdquo; Medium mitliefert,\nODER statt des Quelltextes ein drei Jahre lang gültiges Angebot mitliefert, den Quelltext in einer solchen maschinenlesbaren Form zu den nominalen Kosten für die Erstellung von Kopien nachzuliefern,\nODER das Angebot weitergibt, daß einem die Upstream-Quelle für den Quelltext gemacht hat (diese Option kann man aber nur verwenden, wenn man das Programm nur als Binary erhalten hat, nicht verändert hat und man es nicht-kommerziell weitergibt)\nIn § 6 weiter unten steht dann, daß man mit der Weitergabe des Programmes auch die Lizenzrechte am Programm weitergibt, ohne sie einzuschränken oder zu verändern.\n3 und § 6 sind die Kernbestimmungen der GPL.\nSie stellen sicher, daß die Personen, die das Programm von uns erhalten haben, mit dem Programm genau dasselbe machen können (§ 3: sie haben alle notwendigen Informationen dazu) und machen dürfen (§ 6: sie haben alle notwendigen Rechte dazu), was wir auch können und dürfen.\nSie ist zugleich den Spielern im kompetitiven Feld ein mächtiger Dorn im Auge. Andere Lizenzen, etwa die Apache License, die BSD License und andere haben eine solche Bedingung nicht. Dort kann man den Code nehmen, verändern und das veränderte Programm als Binärprogramm weitergeben, muss jedoch den veränderten Code nicht herausgeben.\nIn den Augen der Autoren der GPL ist das ein Fehler in diesen anderen Lizenzen. Brendan Scott erklärt sehr schön, wieso diese Bestimmung der GPL wichtig ist. In The Forkin\u0026rsquo; Fallacy definiert er, was ein Fork eines Projektes ist (eine neue Version auf der Basis einer von der ursprüngliches Codebasis abgespaltenen und geänderten Codebasis) und warum dies bei einer Lizenz wie der GPL kein Problem ist. Da unter der GPL alle Änderungen wieder öffentlich zugänglich gemacht werden müssen, können sich die verschiedenen Forks untereinander befruchten und Code austauschen, wenn sie dies wünschen. Sie können also jederzeit ganz oder teilweise wieder zusammenfließen.\nForks sind nur dann ein Problem, wenn die ursprüngliche Codebasis in mehrere Kopien zerfällt, die sich unterschiedlich entwickeln und untereinander keinen Code tauschen können. Brendan Scott nennt in seinem Text die UNIX wars als Beispiel für solche schädlichen Forks. David Wheeler führt den Gedanken in Make Your Open-Source-Software GPL-Compatible. Or Else. noch weiter aus.\nDie anderen Abschnitte der GPL regeln dann rechtlichen Rahmenkram, oder weisen auf einige selbstverständliche Details noch einmal ausdrücklich hin. So sagt § 5 beispielsweise \u0026ldquo;Man muss die GPL nicht anerkennen, aber wenn man es nicht tut, kann man die unter der GPL stehenden Programme halt gar nicht nutzen.\u0026rdquo; und § 7 besagt sinngemäß: \u0026ldquo;Es gibt keine Ausnahmen: Wenn uns andere Gründe (Verträge, Urteile, Patente oder was auch immer) hindern, die Bedingungen der GPL zu erfüllen, dann können wir unter der GPL stehende Programme halt nicht nutzen.\u0026rdquo; und die GPL endet mit einem Haftungs und Garantieausschluss.\nIn Why I love the GPL schreibt Joe Barr, warum die GPL genau diese Form hat und greift damit noch einmal das Thema der Kernbestimmungen der GPL auf: Die GPL hat die Aufgabe, den Code (nicht den Programmierer!) zu schützen und jedem Anwender des Codes vier Freiheiten zu erhalten:\nDie Freiheit, das Programm zu jedem Zweck auszuführen. Die Freiheit, das Programm und seine Funktionsweise zu studieren und anzupassen. Die Freiheit, das Programm weiterzugeben. Die Freiheit, das Programm nach Belieben zu verändern. Anders als etwa die BSD Lizenz will die GPL diese Freiheiten jedem Anwender des Codes erhalten und darum verlangt die GPL, daß auch Änderungen am Code wieder unter der GPL stehen. Joe Barr verweist dann auf eine Reihe von Beispielen, in denen BSD Code von einem kommerziellen Projekt integriert, modifiziert und dann verschluckt wurde - die Änderungen waren für alle anderen Anwender verloren.\nIn gewisser Weise ist die GPL also eine Lizenz der kooperativen Sphäre (siehe Ein paar ideologische Steine ins Rollen bringen ), aber eine wehrhafte solche. Sie zwingt die Nutzer der GPL dazu, nach den Regeln der kooperativen Sphäre zu spielen. Verstößt ein Spieler gegen diese Regeln, wird er bestraft (Tit for Tat , The Evolution of Cooperation ). Die Strafe ist in diesem Fall ein Erlöschen der Lizenz und damit ein Ausschluss aus der kooperativen Sphäre - damit erlischt der Zugriff auf jede Menge Code der kooperativen Sphäre (noch einmal Make Your Open-Source-Software GPL-Compatible. Or Else. ).\nWas passiert, wenn ich Code, der unter der GPL steht, in mein Programm einarbeite, und dann gegen die Bedingungen der GPL verstoße? Verliere ich alle Rechte an meinem eigenen Code und werde ich gezwungen, diesen unter der GPL zu öffnen und weiterzugeben?\nNein.\nGNU GPL in Deutschland zeigt, was passiert, wenn ein Hersteller gegen die GPL verstößt. Ihm kann die Weiterverbreitung seines Produktes so lange untersagt werden, wie er gegen die GPL verstößt. Er kann diesen Zustand abstellen, indem er entweder allen GPL-Code aus seinem Produkt entfernt, oder indem er den Bedingungen der GPL nachkommt, und den Quelltext zu seinen Änderungen im Rahmen der Schrankenbestimmungen von § 2 und § 3 veröffentlicht. Die Wahl, welche Lösung des Lizenzkonfliktes hier vorgezogen wird, liegt jedoch beim Hersteller. Er kann nicht gegen seinen Willen gezwungen werden, Source offenzulegen und freizugeben. Die GPL ist nicht viral. Sie ist nur fair.\n","date":"2005-02-07T00:00:00Z","href":"https://blog.koehntopp.info/2005/02/07/von-der-gpl.html","tags":["free software","lizenz","politik","lang_de"],"title":"Von der GPL"},{"categories":null,"content":"Im Spielzeugmuseum wurde neben vielen anderen Dingen auch einer der eigenartigsten Filme gezeigt, den ich je gesehen habe. Es war Der Lauf der Dinge , eine unwahrscheinliche und präzise arrangierte Kettenreaktion von Sperrmüll in einer Fabrikhalle. Die ganze \u0026ldquo;Was passiert dann\u0026rdquo;-Maschine läuft mehr als 30 Minuten, und ist aufgebaut mehr als 30 Meter lang.\nLeider ist das Video sehr alt (1987) und wurde ohne Budget mit Consumer-Equipment gedreht, sodass der Film an einigen Stellen mit Schärfe und Weißabgleich kämpft, aber dennoch ist das ganze Konzept so genial, daß man sich diese 30 Minuten einfach gönnen muss. Was ich dann in Form der DVD getan habe.\n(Bestellt als Gebraucht-CD über Amazon France, geliefert von einer US-Firma über UK. Was für eine Odyssee)\n","date":"2005-01-25T00:00:00Z","href":"https://blog.koehntopp.info/2005/01/25/der-lauf-der-dinge.html","tags":["film","media","fluffy fluff","lang_de"],"title":"Der Lauf der Dinge"},{"categories":null,"content":"Im Nachbeben zu Rumble in the Jungle analysiert Malte Diedrich :\nKai Pahl versucht (immer mal wieder in den Kommentaren), durch beständiges Nachfragen herauszubekommen, was die Blogschreiber eigentlich stört, gibt es doch eine Reihe von Aggregationslösungen wie z. B. Bloglines, Daypop oder Blogdex, bekommt aber nicht so recht eine Antwort.Drei Dinge sind meiner Meinung nach gegenüber den zitierten Lösungen anders: IzyNews will für die Blogtexte Geld haben (es gibt eine kleinere Version mit 20 Feeds umsonst, aber darüber hinaus muss man zahlen), sie ignorieren CC-Lizenzen und sie ändern das Medium.\nDie Antwort auf die Frage von Kai Pahl bleibt aus, weil sie in den betreffenden Communities selber nicht ganz sauber definiert ist. Ich will hier zwei Worte einführen, und versuchen deutlich zu machen, welchen Mechanismus wir gerade beobachten.\nEs geht im Grunde genommen um die Definition der Begriffe der \u0026ldquo;kooperativen Wertschöpfung\u0026rdquo; und \u0026ldquo;kompetetiven Wertschöpfung\u0026rdquo;, die ich verwenden möchte, um den Bereich freie Software, Open Source, Creative Commons, Free Documentation License und dergleichen mehr von dem Bereich der kommerziellen Verwertung von Software, Texten, Musik, Filmen und anderem Intellectual Property abzugrenzen.\nWir haben hier inzwischen zwei getrennte Universen, die sich gegenüber stehen und die unterschiedliche Kulturen, Regeln und Bezugssysteme haben. Solange man sich im kooperativen Universum bewegt, spielen Lizenzen im Grunde eine untergeordnete Rolle. Ich gebe Content, Du gibst Code, hier mein Wikipedia-Artikel, da meine Anrufbeantwortersprüche, und da drüben dann meine Band als Podcast. Kein Problem, denn die Leute arbeiten miteinander, bauen aufeinander auf und referenzieren ihre Quellen mehr oder weniger fleißig korrekt.\nLizenzen dienen hier in erster Linie zur Abgrenzung vom kompetitiven Universum, also zur Freund-Feind-Erkennung und als Schutz vor diesem, also zum draußen halten von Feinden. Innerhalb des kooperativen Universums dienen sie mehr als philosphische Definitionshilfen: Durch die Wahl einer Lizenz definiert der Urheber seine ideologische Position innerhalb der kooperativen Wolke, indem er mit Hilfe der Lizenz für sich die Lage der Grenzlinie zwischen kooperativer und kompetetiver Welt definiert.\nZwar unterscheiden sich die verschiedenen Lizenzen deutlich in dem, was sie welchen Mitgliedern des kompetetiven Lagers erlauben, aber letztendlich kommt es innerhalb des kooperativen Lagers trotz der rechtlich sehr unterschiedlichen Lizenzen nur selten zu gegenseitiger Blockierung und im Grunde niemals zu einer rechtlichen Auseinandersetzung. Eher setzt man sich zusammen, diskutiert das Problem aus und findet eine gemeinsame Lösung. Ein Beispiel dafür ist der Dialog um die MySQL Lizenzen, wie ich ihn in MySQL und die Lizenzen auseinanderdividiert habe, und dessen Ende dann in MySQL FLOSS Exception nachzulesen ist.\nMit Vertretern des kompetetiven Lagers wird weniger nett umgesprungen:\nGNU GPL in Deutschland demonstriert hier die Vorgehensweise - letztendlich erkennt das kooperative Lager solche Vorfälle als Mißbrauch der Allmende und straft die betreffenden Parteien ab - und zwar durch Ausschluß aus der Welt der kooperativen Wertschöpfung und strikte Anwendung der (Lizenz-) Mechanismen der kompetetiven Welt.\nizynews.de wird nun von einer Reihe von Blogautoren als Partei des kompetetiven Lagers wahrgenommen, und die Reaktion dieser Blogautoren entspricht nun exakt der Reaktion der Netfilter-Leute auf z.B. Sitecom und andere Trittbrettfahrer. Der Schlüssel zum Frieden mit den Blogautoren liegt für izynews.de in der Erkenntnis, daß sie als Partei des kompetetiven Lagers wahrgenommen werden, und daß sie daher auch als solche behandelt werden. Bei anderen Diensten ist das (Merkwürdigerweise? Man denke nur an Google Groups !) nicht so, obwohl diese Dienste letztendlich genau dasselbe tun wie izynews.de (und wahrscheinlich auf dieselbe Weise illegal sind).\nDer einzige Unterschied zwischen izynews.de und Google Groups ist der, daß es bei Google Groups kein Bezahlangebot gibt, sondern daß man hier das Geld durch Anzeigeneinblendung verdient. Und Google Groups hatte, als sie noch Dejanews waren, eine Zeit lang einen schweren Stand, als man dort versucht hat, wie in Deja Linking Ads Within Usenet Posts? dokumentiert die Werbung als Bestandteil des Artikels anzuzeigen.\nWer die Gefilde der kooperativen Wertschöpfung in der Wahrnehmung seiner Peers verläßt und in den kompetitiven Bereich rüberwechselt, der muß sich darüber klar sein, daß er dann auch mit den Methoden der kompetetiven Wertschöpfung behandelt wird - und das heißt in diesem Fall die harte und spitze Seite des frisch nachgeschliffenen Urheberrechts. Es geht also nur vordergründig darum, daß izynews.de für irgendetwas Geld haben will, sondern es geht im Kern darum, daß izynews.de hier als Mitglied des kompetetiven Lagers wahrgenommen wird, daß sich an der Allmende bereichern will. Dafür gibt es auf\u0026rsquo;s Maul.\nDas von Malte Diedrich angesprochene Ignorieren der CC-Lizenzen ist da nur ein Teil des Problems - mein Blog zum Beispiel steht nicht unter einer CC-Lizenz, sondern hat einen ganz normalen Copyright-Disclaimer. Er steht zwar explizit da, aber das ist nur der rechtliche Default:\nDer Inhalt dieses Blogs ist © Copyright 2004 Kristian Köhntopp. Jegliche Reproduktion und Wiederverwertung nur mit schriftlicher Genehmigung des Autors.\nLetztendlich steht ein Dienst wie izynews.de, der ja Kopien von Inhalten macht und diese Kopien weiter verbreitet, ohne Lizenzen für alles da, CC oder nicht. Genau wie Google Groups, Bloglines, oder letztendlich mein Planet, was das angeht.\nAuch Markus Breuer wundert sich über die Reaktion gegenüber izynews.de in izyNews - Service oder Contentklau? :\nWas mir in der ganzen Diskussion manchmal schon etwas merkwürdig vorkommet, ist allerdings wie hier das Schwert Creative Commons als Waffe gegen die Nutzung von Inhalten eingesetzt wird. Dazu war CC eigentlich nicht unbedingt gedacht.\nDa Rache oder eine andere Emotion hineinzuinterpretieren ist falsch. Es handelt sich einfach nur um vollkommen normale die Abgrenzungsreaktion der kooperativen Wertschöpfer gegenüber jemandem, den sie der kompetetiven Sphäre zurechnen. Creative Commons hat hier, genau wie die GPL, Schutzmechanismen eingebaut, wenn auch andere als die GPL.\nMarkus ist schon auf der richtigen Spur, denn er zitiert Robert Basic :\nIch bin gespannt, was passiert, wenn Bloglines.com Mehrwertdienste einführt. Wird dann Bloglines von Paulus zum Saulus ernannt?\nGenau das. Wobei das hauptsächlich (vergleiche Google Groups) ein Wahrnehmungsproblem und Marketingproblem ist.\nMarkus führt weiter aus:\nUm für einen Burgfrieden zu sorgen, wäre es vielleicht wirklich das einfachste, wenn umgekehrt jeder Betreiber eines Service, der Blog-Inhalte syndiziert, eine einfache Möglichkeit schafft, Weblogs gezielt von seinem Dienst auszuschließen.\nDas ist letztendlich der Mechanismus von Google Groups, ein opt-out System. Bei Google ist es der \u0026ldquo;X-No-Archive: yes\u0026rdquo; Header, den man setzen muß, damit der eigene Content nicht von Google Groups vereinnahmt wird. Per Default eignet sich Google aber erst einmal das ganze USENET an.\nDas skaliert sich nicht, für keine der beteiligten Parteien. Nein, was wir brauchen ist ein Opt-In System, und eines, mit dem sich differenzierter ausdrücken läßt, was erlaubt ist und was nicht: Ein Rechtemarkupsystem muß her und als Bestandteil des Feeds mit verbreitet werden. Die Systeme, die in der kompetetiven Sphäre bereit entwickelt worden sind, leisten hier nicht das gewünschte. Sie sind wie XrML grundsätzlich durch Schutzmechanismen der kompetetiven Sphäre unbrauchbar gemacht, was zu ihrer Herkunft paßt: [Sony und Microsoft](http://www.giantstepsmts.com/DRM Watch/xrml20.htm) spielen mit. Außerdem definierten sie, wie man am Beispiel von XMCL sehen kann, die falschen Rechte . Die kooperativen Wertschöpfer und ihre Lizenzen legen Wert auf andere Dinge als useDuration und useCount, Dinge mit denen sich solche Systeme aus der kompetetiven Sphäre nicht beschäftigen.\nMarkus schließt mit:\nAlles in allem scheint mir dieser Fall (und ähnliche) ein wunderbares Lehrstück dafür zu sein, wie hilflos eine Gesellschaft, ihr Rechtssystem, ihre Moral, ihre Wirtschaft etc. vor neuen technologischen Möglichkeiten stehen kann.\nIch empfinde das nicht so. Probleme gibt es immer nur dann, wenn Mitglieder der kompetetiven Sphäre meinen, sie könnten die Regeln der kooperativen Sphäre ignorieren, weil die kooperativen Wertschöpfer untereinander das tun. Die Kompetetiven bekommen dann nach den Regeln, die sie selbst geschaffen haben, auf die Finger. Müssen sie, damit die kooperative Allmende erhalten werden kann.\nDas ist ja genau der Grund, warum die Fackelträger der Kompetetiven versuchen, kooperative Lizenzen mit Schutzmechanismen wie die GPL als \u0026ldquo;viral\u0026rdquo;, \u0026ldquo;böse\u0026rdquo;, \u0026ldquo;illegal\u0026rdquo; oder sonstwie \u0026ldquo;ganz schlimm\u0026rdquo; darzustellen, allen voran Microsoft und die von Microsoft bezahlten Astroturfer.\nLizenzen mit Schutzmechanismen schaffen einen geschützten Bereich, in dem kooperatives Verhalten möglich ist und unter anderem durch niedrige Transaktionskosten belohnt wird. Sie bestrafen Leute, die die Kooperation verletzten, indem sie ihnen die viel höheren Transaktionskoste des kompetetiven Bereichs auferlegen (\u0026ldquo;Zieh erst mal Deine Lizenzen gerade.\u0026rdquo;) und sie von der Nutzung der freien, aber nicht kostenlosen kooperativen Werte ausschließen (Der zu zahlende Preis ist die Einhaltung der Regeln der Kooperation).\nDas neue, kompetetive Urheberrecht ist dazu blendend geeignet.Denn offensichtlich gilt es auch dann, wenn die Urheber keine Megakonzerne sind, sondern Tausende von verstreut agierenden Autoren. Wenn das neue Dienste behindert, dann ist das Recht entweder zu restriktiv, und muß gelockert werden (und zwar generell gelockert und nicht selektiv - so haben auch die kooperativen Wertschöpfer was davon), oder die Dienste müssen ihr technisches Konzept so überarbeiten, daß sie mit der juristischen Seite ihrer Dienstleistung von vorneherein korrekt klarkommen (also kompetetiv wasserdicht agieren).\nDie gesellschaftliche und vor allen Dingen die politische Diskussion versagt insofern, und da hat Markus recht, als daß die Existenz, die Daseinsberechtigung und der Wert der kooperativen Wertschöpfungsmechanismen in der politischen Diskussion und in der aktuellen Gesetzgebung keinen Niederschlag gefunden haben. Weder im Urheberrecht, noch im Markenrecht, noch im Patentrecht. Und das ist der zentrale Punkt, der geändert werden muß, indem die Parteien benannt werden (das versuche ich durch die Einführung dieser Begriffe), und indem ihre Interessen geeignet geschützt werden.\n","date":"2005-01-05T00:00:00Z","href":"https://blog.koehntopp.info/2005/01/05/ein-paar-ideologische-steine-ins-rollen-bringen.html","tags":["blog","free software","lizenz","media","lang_de"],"title":"Ein paar ideologische Steine ins Rollen bringen"},{"categories":null,"content":"Eine RSS-Plattform, izynews.de, repliziert RSS-Feeds nach IMAP. Das ist neu, und für viele Leute sicherlich praktisch. izynews.de macht das jedoch für Geld, und ohne Lizenzen für die Feeds zu kaufen oder die Lizenzen auf den Feeds zu beachten. Das ist schlecht, und verärgert den Schockwellenreiter, IT\u0026amp;W und Herrn Vetter vom Lawblog.\nNeu ist es nicht - Slashdot versuchte zum Beispiel einst, Artikel der Benutzer als Buch zu verkaufen, und hatte einen Copyright-Vermerk, der die Artikel der Benutzer quasi in Besitz nahm. Seitdem habe ich einen Copyright-Vermerk als Signature auf Slashdot, und verweise dort auf eine Erklärung, warum ich das so halte.\nWie auch immer, ein Blick ins Apache access.log zeigt uns, wie IzyNews auf den Feed zugreift:\n62.75.174.182 - - [04/Jan/2005:11:38:51 +0100] \u0026ldquo;GET /rss.php?version=2.0 HTTP/1.0\u0026rdquo; 200 29744 \u0026ldquo;-\u0026rdquo; \u0026ldquo;IzyNews/1.0 (http://izynews.com , multiple subscribers)\u0026quot;\nVon der IP 62.75.174.182 wurde also um die geigte Uhrzeit auf den RSS 2.0 Feed zugegriffen, dessen URL dort im Log zu sehen ist. Der Zugriff war OK (Status 200), und es wurden 29744 Bytes transferiert. Der Zugriff erfolgte direkt (\u0026rdquo;-\u0026quot;), und nicht über einen Verweis einer anderen Seite auf diese URL - der Referer war also leer. Der zugreifende Agent identifiziert sich als \u0026ldquo;IzyNews/1.0\u0026rdquo;.\nDas kann man plump über die IP sperren, oder aber über den User-Agent. Die Sperrung über die IP ist einfach. Man erzeugt eine .htaccess-Datei in der Wurzel seines Weblogs und schreibt dort\norder allow,deny deny from 62.75.174.182 allow from all Das ist jedoch plump und unflexibel. Ändert IzyNews die IP, oder kommen bei IzyNews wegen Reichtum mehrere Rechner hinzu, greift die Regeln nicht mehr. Zielsicherer ist eine Sperrung über den User-Agent.\nWir löschen die alte .htaccess also wieder und schreiben stattdessen in eine neue .htaccess-Datei den Absatz\nSetEnvIfNoCase User-Agent \u0026ldquo;IzyNews/1.0\u0026rdquo; leecher=yes order deny,allow deny from env=leecher\nDies setzt die Umgebungsvariable \u0026ldquo;leecher\u0026rdquo;, wenn der Agent von IzyNews zugreift (er kann an dem String \u0026ldquo;IzyNews/1.0\u0026rdquo; sauber identifiziert werden). Die deny-Regel verbietet dann (Error 403) den Zugriff für alle Requests, bei denen die Variable leecher gesetzt ist.\nAußerdem sind da noch Leute, die Artikel über das IzyNews Webinterface lesen. Deren Requests sehen so aus:\n217.246.46.112 - - [04/Jan/2005:12:19:58 +0100] \u0026ldquo;GET /webcam/kris.png HTTP/1.1\u0026rdquo; 200 30008 \u0026ldquo;http://aktuelles.izynews.de/de/dir/Weblogs%20%28Auswahl%29.htm?f=t\" \u0026ldquo;Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041109 Firefox/1.0\u0026rdquo;\nDiese Requests sind also nur am Referer sauber zu identifizieren, denn der User-Agent ist der Name des Browsers, mit dem der IzyNews-Kunde die Site von IzyNews liest, und die IP ist die des Kunden, nicht die von IzyNews.\nMan sieht bei weiterem Lesen des Logs, daß das HTML selber niemals requested wird, denn das hat IzyNews ja per RSS abgezogen und hosted es auf \u0026ldquo;aktuelles.izynews.de\u0026rdquo;. Die Bilder dagegen werden aber vom Originalserver referenziert. Dieselben Schutzmaßnahmen wie gegen Bilderklau helfen hier also auch.\nIn der .htaccess zu den Zeilen oben hinzufügen:\nSetEnvIfNoCase Referer izynews.de leecher=yes\nJetzt werden auch alle Zugriffe geblockt, bei denen der Referer auf izynews.de paßt. Damit erledigt sich auch das.\nJuristische Gegenmaßnahmen bleiben von solchen Technikspielereien natürlich unberührt und können unabhängig eingeleitet werden.\n","date":"2005-01-04T00:00:00Z","href":"https://blog.koehntopp.info/2005/01/04/rumble-in-the-jungle.html","tags":["blog","free software","lizenz","lang_de"],"title":"Rumble in the Jungle"},{"categories":null,"content":"Für Fondue oder Satay-Spieße.\nMan nehme zwischen einem halben und einem Glas Erdnussbutter creamy, je nach gewünschter Menge. Dazu dann zweimal die Menge Erdnusssauce in Wasser (besser: Kokosmilch!) in einem kleinen Topf (also 1.5 bis 3 Gläser), den man auf kleinster Flamme langsam erhitzt.\nDazu werden vier gepresste Knoblauchzehen, vier Esslöffel Balsamico und zwei bis drei große gehäufte Esslöffel fester Honig gegeben. Dazu zwei Teelöffel Chilipulver und nach Geschmack ein wenig Ingwer. Mit Zitronensaft abschmecken - die Soße wird jetzt mehr nach Essig schmecken als sie es später tut, der Geschmack verliert sich.\nDie Soße wirkt am Anfang sehr wässrig, das gibt sich sehr schnell, sobald sie kocht. Sie muss einige Minuten unter ständigen Rühren sachte kochen, bis sie die gewünschte Konsistenz hat. Danach auskühlen und einige Stunden durchziehen. Zum Servieren vorsichtig und unter Rühren erwärmen. Das Resultat sollte sich auf sämtliche Geschmacksnerven im Mund gleichzeitig legen - süß-scharf mit Untertönen von salzig-sauer.\nWarnung: Dies ist eine Nusssauce. Sie macht also sehr schnell sehr satt. Außerdem kann sie Spuren von Erdnuss enthalten. :)\n","date":"2004-12-31T00:00:00Z","href":"https://blog.koehntopp.info/2004/12/31/satay-sauce.html","tags":["rezepte","lang_de"],"title":"Satay Sauce"},{"categories":null,"content":"In Unendlichkeit (Revelation Space) treffen wir auf ein Universum, in dem die Menschen über eine Menge beeindruckender Technik gebieten - kilometerlange Raumschiffe, Smart Materials und Nanotechnik, AIs und cybernetische Bewußtseinsaufrüstung und was es an Spielzeug direkt aus einem GURPS Transhuman Sourcebook mehr gibt.\nUnendlichkeit (Revelation Space) Dennoch unterliegt die Menschheit noch immer den Fesseln von Lichtgeschwindigkeit, Massenträgheit und Energieerhaltung und das macht das Universum in Unendlichkeit zu einem Platz von überwaltigender Einsamkeit. Reisen zwischen den Sternen sind Projekte von Jahrzehnten oder Jahrhunderten Realzeit und Jahren oder Jahrzehnten Schiffszeit, und so hat sich die Menschheit über den Weltraum zwar ausgebreitet, ihn aber keineswegs erobert. Und Reynolds macht deutlich, daß es in einem solchen Universum vor allen Dingen die Willenskraft und Sturheit des Menschen und nicht sein technisches Spielzeug ist, daß ihn die gewaltige Leere überwinden läßt.\nIn Unendlichkeit geht es um zunächst einmal um Dan Sylveste, der auf der Forschungskolonie Resurgam das Schicksal einer vor mehr als einer Million Jahren ausgestorbenen Alienrasse zu erforschen und dabei in die politischen Wirren der Kolonie gerät. Um seine Hypothesen zu prüfen braucht er Zugriff auf ein interstellares Schiff, und da kommt ihm die in seinem System eintreffende \u0026ldquo;Sehnsucht nach Unendlichkeit\u0026rdquo; gerade recht. Doch das Schiff ist genau wie sein Kapitän krank - die Schmelzseuche, eine eigenartige Nanovirenkrankheit schweißt Smart Materials des Schiffes und die mit Nanotechnologie aufgerüsteten Organe des Kapitäns zu einer bizarren Einheit zusammen. Außerdem hat die \u0026ldquo;Sehnsucht nach Unendlichkeit\u0026rdquo; irgendwann vor dem Eintreffen im Resurgam-System eine Reihe von vierzig eigenartigen Artefakten unklarer Herkunft von einem Asteroiden geborgen, bei denen es sich wahrscheinlich um Waffen handelt.\nDie Menschen in Unendlichkeit sind die Mitglieder einer über Lichtjahre verstreuten und durch Raum und Zeit getrennten Menschheit - sie sind einander fremd und können die Distanzen, die nicht nur räumlich, sondern auch menschlich zwischen ihnen liegen, nicht mehr wirklich überwinden. Reynolds versteht es, diese Entfremdung auch dem Leser nahezubringen: Er führt seine Charactere als teilweise kaum noch menschenähnliche Symbionten aus organischen und mechanischen Teilen ein, und zeichnet sie dann gleichzeitig als Figuren mit menschlichen Gefühlen und Zielen und einer Psyche, die manchmal fremdartiger als die eines Aliens ist.\n* *\nChasm City In Chasm City (Chasm City) kehrt Reynolds in das Universum aus Unendlichkeit zurück. Der von Unendlichkeit vollkommen unabhängige Roman spielt zeitlich vor diesem und beleuchtet das Geschehen auf Yellowstone, dem Herkunftssystem der Resurgam-Expedition. Tanner Mirabel, ein Killer, verfolgt sein Opfer von Sky\u0026rsquo;s Edge nach Chasm City auf Yellowstone. Die Infektion mit dem Propagandavirus der Sky Hausmann-Sekte legt dabei bei ihm jedoch schrittweise unterdrückte Erinnerungen frei und er muß in bester Philip K. Dick-Manier erkennen, daß Tanner Mirabel niemals wirklich existiert hat.\nChasm City führt den Leser weiter in das noir-Universum ein, das wir in Unendlichkeit bereits kennengelernt haben - was es mit der Schmelzseuche auf sich hat, welche weiteren Fraktionen der Menschheit aus welchen Motiven heraus handeln und welche Mittel ihnen zur Verfügung stehen und am Ende lernen wir sogar, daß nicht alle weltraumfahrenden Alienzivilisationen immer zeitgleich mit der Entdeckung der interstellaren Raumfahrt ausgestorben sind.\nWährend Unendlichkeit Anleihen bei der Space Opera und dem Horror macht, ist Chasm City eher ein Detektivroman mit Anleihen beim Film Noir und dem Cyberpunk, aber vor dem gleichen großartigen und düsteren Hintergrund wie Reynolds erster Roman.\nArche Die Arche (Redemption Ark) führt die beiden unverbundenen Handlungsstränge aus Unendlichkeit und Chasm City zusammen: Die Wölfe, die Dan Sylveste vor fünfzig Jahren in Unendlichkeit geweckt hat, treffen vor Resurgam ein und die verschiedenen Fraktionen der Menschheit, die von ihrer Existenz überhaupt wissen, geraten über unterschiedlichen Strategien des Vorgehens gegen diese Bedrohung in Streit.\nIn diesem Buch lernen wir mehr über die Synthetiker, bisher die mysteriöseste und fremdeste Gruppe der Menschen in Reynolds Noir-Universum - eine Gruppe von Menschen, die borg-gleich mit Maschinenunterstützung einen Hive-Mind erschafft und an der Grenze zur Entkörperlichung operiert. Es ist diese Gruppe, die Ursprung der am weitesten fortgeschrittenen Technik im Universum von Reynolds ist, und sie befaßt sich intern mit noch fremdartigeren Dingen. Reynolds legt außerdem mehr über den Ursprung und die Ziele der Wölfe offen und es wird deutlich, daß die Menschen so wie bisher nicht mehr dort existieren können, wo die Wölfe aus die aufmerksam geworden sind.\nAbsolution Gap Der vierte und letzte Teil der Geschichte um die Wölfe, Absolution Gap , ist noch nicht in deutscher Sprache erschienen. Der Klappentext verspricht \u0026ldquo;[In fighting the inhibitors, ] a dreadful choice awaits: whether or not to bargain with powers that may be the answer to the Inhibitors\u0026ndash;but may be something worse.\u0026rdquo;\nEs ist ein offenes Geheimnis, daß ich gute Romane gegenüber Rollenspiel-Sourcebooks bevorzuge, weil sie die für das Spiel wesentliche Information besser und schneller herüber bringen und obendrein billiger und unterhaltsamer sind. Diese vier Bücher präsentieren ein geschlossenes Far Future-Szenario, daß geradezu danach schreit, mit BESM (meine Wahl) oder Gurps Transhuman-Regeln bespielt zu werden. Dem Erzähler stehen genug Schauplätze und Hintergrundinformationen zur Verfügung, um wahlweise Städteabenteuer und Cyberpunk-Geschichten in Chasm City auf Yellowstone, Outdoor- oder Militärmissionen auf Sky\u0026rsquo;s Edge oder \u0026ldquo;Widerstand gegen die Bürokratur\u0026rdquo;-Geschichten auf Resurgam zu bevölkern, oder seine Mitspieler auf Sense-Of-Wonder-Expeditionen im tiefen Raum mitzunehmen.\nJede Menge fremdartige und aufgerüstete Fraktionen der Menschheit stehen zur Verfügung, um auch auf \u0026ldquo;crunchy bits\u0026rdquo; versessene Spieler gefahrlos BESM \u0026ldquo;40-Punkte Figuren\u0026rdquo; bauen zu lassen - es ist sowieso egal, denn in Reynolds Noir-Universum hat jede Fraktion einen Gegenspieler und jede Technik einen Gegenmechanismus (und wenn nicht, kann man leicht plausibel einen erfinden).\nDer von Reynolds gemalte Hintergrund ist groß genug, um leicht jede andere Geschichte stattfinden zu lassen oder sie mit dem Handlungsbogen der vier Bücher, der sich über mehr als einhundert Jahre erstreckt zu verweben. Zugleich ist zwischen Reynolds Pinselstrichen ausreichend Platz, um eigene Geschichten, Welten oder Fraktionen einführen zu können und Raum zum Spielen zu haben.\nJetzt brauche ich nur noch Leute, die Lust haben, eine solche Kampagne zu spielen und die die Bücher noch nicht gelesen haben\u0026hellip; :)\n","date":"2004-12-30T00:00:00Z","href":"https://blog.koehntopp.info/2004/12/30/alastair-reynolds.html","tags":["book","media","review","lang_de"],"title":"Fertig gelesen: Alastair Reynolds"},{"categories":null,"content":"Ein Gastblogeintrag von Matthew Langham als Antwort auf Open Source und Firmen , den er mir per Mail gesendet hat und den ich auf Nachfrage als Gastblogeintrag veröffentlichen darf:\nEin sehr interessanter Beitrag auf Deinem Weblog. Leider ist mein Kommentar zu lang - daher als E-Mail. Ich hätte das auch noch auf meinem Weblog gepostet - aber da ich dort auf Englisch schreibe\u0026hellip;.\nGrundsätzlich würde ich diesen Ausführungen zustimmen. Auch wenn Unternehmen auf Open Source zurückgreifen, um ihre eigenen Lösungen zu erstellen, so haben auch wir häufig festgestellt, daß die Unternehmen dann lieber die Probleme im eigenen Haus beheben als z.B. in die Liste zu fragen, ob das Problem bekannt ist. Dies führt in der Tat dazu, daß hauseigene Forks entstehen, die dann nur mit sehr viel Aufwand auf neuere Versionen des Open-Source-Projekts migriert werden können.\nMan muss die Unternehmen in dieser Hinsicht \u0026ldquo;erziehen\u0026rdquo;.\nOft wissen sie gar nicht, wie man Fehlerbehebungen an die Community zurückgeben kann. Oft haben sie einfach Angst davor, Fragen in die Liste zu posten. Diese Unternehmen müssen erstmal lernen, daß in einem Open-Source-Projekt die eigentliche Software fast unwichtig ist. Sich an die Community zu beteiligen und davon zu profitieren stellt weit höhere Anforderungen an ein Unternehmen als das bloße herunterladen von Software.\nAuf der JAX-Konferenz habe ich 2x eine Session \u0026ldquo;Open Source für Manager - Don\u0026rsquo;t Panic\u0026rdquo; gehalten. Dort versuche ich eben diese Punkte insbesondere den Entscheidungsträgern beizubringen.\nNur wer als Unternehmen bereit ist, in gewisser Weise die Offenheit solcher Communities an sich heranzulassen, wird wirklich davon profitieren. Wir arbeiten teilweise mit Unternehmen zusammen, die seit mehreren Jahren Open Source einsetzen, aber noch nicht in der Lage sind z.B. mit ihren eigenen E-Mail-Adressen in die Liste zu posten.\nAber auch in die andere Richtung gibt es Hemmnisse, die es zu überwinden gilt. Viele Communities tun sich schwer \u0026ldquo;Neulinge\u0026rdquo; aufzunehmen. Eine Open Source Community hat immer eine gewisse Struktur und \u0026ldquo;Befehlskette\u0026rdquo;. Es gibt Personen, die dort viel zu sagen haben und welche die eher weniger zu sagen haben. In der Community herrscht immer ein gewisser \u0026ldquo;Ton\u0026rdquo;. Diese Eigenschaften muss man kennen, wenn man als Mitglied der Community anerkannt werden will.\nVor 5 Jahren (als wir mit diesen Themen anfingen) wurden wir als kommerzielles Unternehmen in den entsprechenden Open-Source-Projekten überhaupt nicht akzeptiert. Erst als wir gezeigt haben, dass wir auch im Sinne der Community handeln wollen (und ja - dies bedeutet Mitarbeiter zu einem gewissen Anteil zu bezahlen damit sie nicht für die Firma direkt etwas erstellen, sondern vielleicht etwas voranbringen, was die Community benötigt) wurden auch wir akzeptiert. Und das kann schon mal Monate dauern.\nIch könnte noch mehr dazu schreiben (ist ein sehr interessantes Thema) - höre hier aber lieber auf.\nFreundliche Grüße / With kind regards Matthew\n","date":"2004-12-15T00:00:00Z","href":"https://blog.koehntopp.info/2004/12/15/re-open-source-und-firmen.html","tags":["computer","lang_de"],"title":"Re Open Source Software und Firmen"},{"categories":null,"content":"Viele Firmen verwenden Open Source. Dagegen ist auch wenig zu sagen - viele Open-Source-Software ist gut, und in den meisten Fällen ist sie leichter zu durchschauen, flexibler anzupassen und sehr viel einfacher zu debuggen als Closed Source Software. Aber Open Source braucht andere Prozesse als Closed Source, wenn es um Anpassung, Änderung und Deployment geht.\nDie Tatsache, daß Open Source änderbar ist, verführt viele Firmen dazu, die Software wirklich zu ändern. Aber Ändern ist nur ein Teil der Arbeit, und meistens der billigste.\nWas nämlich passiert, ist meistens das folgende: Eine Firma nimmt sich ein Stück Software, und passt ihn auf ihre Bedürfnisse an. Die Änderungen werden dann im Hause gelassen und nicht an die offizielle Source-Basis zurück übergeben, denn dies ist ein komplizierter Prozess:\nZum einen muss im Hause die Erlaubnis erwirkt werden, potenzielles Intellectual Property freizugeben, was ja vielleicht den Shareholder-Value der Firma gefährden würde. Zum anderen muss die Änderung in einer Form sein, die nicht nur den internen Ansprüchen an eine ad-hoc Änderung im Kontext der Firma genügt, sondern sie muss auch den - meistens viel härteren - Ansprüchen des Open Source Projektes genügen. Das bedeutet, man würde im Hause Entwicklungsaufwand nicht für die Zwecke der Firma, sondern für irgendein Open-Source-Projekt auf Kosten der Firma betreiben.\nAlso belässt man es in den meisten Fällen dabei, Zeug im Hause zu ändern und gibt die Änderungen nicht an das Originalprojekt zurück. Das ist sogar nach den Maßstäben der sonst recht strengen GPL 2 legal - Quelltexte müssen nur dann offengelegt werden, wenn das Binary weitergegeben wird. Und das passiert ja in der Regel nicht. Jetzt hat man effektiv einen hausinternen Fork eines Open-Source-Projektes am Hals.\nDas Open-Source-Projekt entwickelt sich weiter, und baut weitere, neue Features ein. Will man jetzt im Hause diese neuen Features im hausinternen Projekt nutzen, hat man ein riesiges Upgrade-Problem am Hals. Denn alle lokalen Änderungen müssen aus der alten Codebasis in die neue portiert werden. Dort werden sie integriert und getestet - um dann beim nächsten Upgrade wieder denselben Aufwand zu verursachen.\nSo eingesetzt ist Open Source letztendlich zwangsläufig unrentabel. Mit dem Einsatz von Open Source muss letztendlich firmenintern auch eine Policy definiert werden. Diese Policy muss, damit die Sache sich rechnet, folgende Eckpunkte festlegen:\nEntweder: Wir lesen Open Source nur, wir schreiben ihn nicht. Wenn sich Dinge nicht konfigurieren lassen, dann ändern wir sie nicht am Source, sondern bitten das Projekt, die Software für unsere Zwecke anzupassen. Wenn sie das nicht tun, müssen wir uns anderweitig umsehen.\nOder: Wir lesen und schreiben Open Source. Wenn wir Open Source schreiben, dann tun wir das in dem Bewusstsein, daß wir von vorneherein geschäftsspezifische Logik und allgemeingültigen Code getrennt halten müssen.\nAllen allgemeingültigen Code entwickeln wir auf Kosten des Hauses so weit, daß er vom Projekt als unsere Contribution in die offizielle Codebasis zurück akzeptiert wird. Dadurch sind wir die Verantwortung für diesen Code los und können Weiterentwicklungen an diesem Code aus der offiziellen Codebasis ohne Änderung im Hause nutzen.\nAlle geschäftsspezifische Logik entwickeln wir im Hause so weit, daß wir allgemeingültige Plugin-Schnittstellen oder andere Isolationsmechanismen in die Software einbauen oder einbauen lassen. Wir realisieren dann unsere geschäftsspezifische Logik grundsätzlich so, daß wir die offizielle Codebasis nicht patchen, sondern lediglich Plugins für sie schreiben.\nSo halten wir die Trennlinie zwischen offiziellem und firmeneigenem Code sauber aufrecht, und verbauen uns nicht die Möglichkeit, offiziellen Code jederzeit in die Produktion im Hause integrieren zu können. Andererseits stellen wir so sicher, daß geschäftsspezifische Logik nicht aus Versehen veröffentlicht wird.\nDies zu lernen und zu verstehen ist für manche Firmen ein harter und teurer Prozess. Es ist billiger und bequemer, Code im Hause für andere Leute zu schreiben und zu verschenken, als solches wertvolles Intellectual Property im Hause zu halten? Das klingt beim ersten Hören paradox. Erst die Langzeit-Betrachtung der Prozesse und Kosten im Hause macht klar, daß eine Firma Änderungen an Open-Source-Projekten im Hause sehr dringend aus dem Haus bekommen muss, wenn sich Open Source für die Firma rechnen soll.\nSeltsamerweise ist das beinahe das, aber eben nicht ganz, was Microsoft als \u0026ldquo;das Open Source Problem\u0026rdquo; hinstellt und mit dem Firmen das Microsoft Shared Source-Konzept schmackhaft gemacht werden soll: Forks sind böse, und bei Shared Source gibt es eine offizielle Quelle, die von einem großen, finanziell nicht gefährdeten Konzern verwaltet, weiterentwickelt und qualitätskontrolliert wird.\nDer alles entscheidende Unterschied besteht letztendlich darin, ob die Änderungen am öffentlichen Source hinterher allen gehören, also wirklich öffentlich sind (Open Source), oder Microsoft gehören (MS Shared Source). Nun könnte man sich letztendlich auf den Standpunkt stellen, einer Firma, die sowieso Intellectual Property verschenkt (verschenken muss!), könnte es letztendlich egal sein, ob sie es der Allgemeinheit schenkt oder ob sie es Microsoft schenkt.\nWenn man drüber nachdenkt, erkennt man schnell, warum es nicht egal ist - Microsoft ist ja keine passive, interessenlose Einheit, sondern ein bewegliches Ziel mit einer eigenen Agenda.\n","date":"2004-12-14T00:00:00Z","href":"https://blog.koehntopp.info/2004/12/14/open-source-software-und-firmen.html","tags":["computer","lang_de","free software"],"title":"Open Source Software und Firmen"},{"categories":null,"content":"Bei meinem Arbeitgeber ist es verpflichtend, ein Daily zu schreiben.\nIm Daily schreibt man auf, was man an diesem Tag an persönlichen Zielen erreicht hat, und notiert weitere Dinge, von denen man glaubt, daß sie interessant sein können.\nKalibrierung der Warpspulen abgeschlossen. Deflektorkapazität wird bei weiterem Hochgeschwindigkeitsflug nicht mehr ausreichen. Upgradeoptionen evaluiert. Energieverluste der lateralen Dämpfungsfelder untersucht. Ursache weiterhin unklar. Ich muß wohl einen der Waffenspezialisten hinzuziehen. Das Daily sendet man an seine Peers (als Teamleiter also an alle Teamleiter unter demselben Abteilungsleiter), upstream (also an den Abteilungsleiter) und an alle Leute, die man im Daily erwähnt hat (also an alle Leute, mit denen man an diesem Tag zu tun hatte). Außerdem kann jeder das Daily von jedem Kollegen anfordern, wenn er möchte.\nDa im Daily nicht nur die Sachen stehen, die einen angehen, sondern auch die Sachen, die der andere an diesem Tag sonst noch so gemacht hat, bekommt man einen recht schnellen und überraschend effektiven Informationsfluß hin. Es handelt sich quasi um ein institutionalisiertes FlurTurbolift-Gespräch.\nDailies wurden in der Firma bisher per Mail getauscht. Das war okay, erzeugt aber keinen nachlesbaren Trail, auf dem man später noch einmal suchen kann.\nEinige Kollegen haben das it-wiki (ein MoinMoin) ein wenig aufgehackt und eine Seite mit SendDaily-Funktion entwickelt. Dort kann man sein Daily ins Wiki legen und am Ende des Tages dann SendDaily anklicken. SendDaily leert die Daily-Seite, sendet die Seite an die in der Seite angegebenen Empfänger, generiert aus einem Template eine neue leere Daily-Seite und hängt das Daily an das Daily-Archiv vorne an.\nSchon fast ein Blog. Aber man muß halt KristianKöhntopp/Daily, KristianKöhntopp/DailyVorgabe und KristianKöhntopp/Archiv2004 warten und insbesondere in /Archiv2004 lassen sich Sachen nur sehr schwer wiederfinden.\nAußerdem haben nicht alle Kollegen das Wiki verwendet, weil sie es nicht mögen. Wer ein MoinMoin mal gesehen hat, weiß was ich meine.\nWir haben seit Anfang Dezember dank Jochen ein S9Y als itblog laufen. Bisher sind ein gutes Dutzend Kollegen darauf eingestiegen und bloggen ihre Dailies lustig in eine gemeinsame S9Y-Instanz. Das hat eine Reihe von Vorteilen (M. Roell, liest Du noch mit?):\nJede Zeile im alten Daily ist ein Eintrag im itblog. Auf diese Weise bekommt man unterschiedbare URLs für jeden Punkt Die Dinger sind kommentierbar. Jeder Ergebnisbereich bekommt eine Kategorie. Auf diese Weise lassen sich Sparten gezielt selektieren und ausfiltern. Wir lehren die Kollegen, Entry und Extended Entry zu unterscheiden. So sind auch längere Texte möglich, wenn man es wünscht. S9Y hat eine wirklich gute Volltextsuche. Hierarchische Kategorien bilden Delegationen direkt ab. Mehrfache Kategorien pro Eintrag erlauben gemeinsame Einträge. RSS läßt den Lesern freie Wahl bei der Weiterverarbeitung. Mehr Zusammenschau - man sieht mehr Dailies, und bekommt so mehr Streuinformation. Aber es entstehen auch einige Sicherheitsprobleme: So müssen externe Trackbacks und Pings unbedingt deaktiviert werden, oder es gibt eine Katastrophe.\nUnd: S9Y skaliert sich mit 20-40 Usern überraschend gut. Es fehlen einige Details, etwa eine Sicht nach User genau wie eine Sicht nach Kategorie, und einige Querstreifen zwecks besserer Lesbarkeit im User-Editor. Außerdem wäre es schön, wenn S9Y seine Anmeldeinformationen aus einem LDAP zöge.\nSchließlich noch die Beobachtung am Rande:\nDie Auswahl des Tools hat beeindruckende Rückwirkungen auf die Qualität des geschriebenen Textes. Während im Wiki häufig Einzeiler entstanden sind,\name, kris und kabl diskutieren die Auswirkungen des Upgrades der Warpfeldgeneratoren\nfinden sich jetzt eher brauchbare Texte.\name, kris und kabl stimmen das Upgrade der Warpfeldgeneratoren ab. Die neuen Spulen werden gute 60% mehr Leistung brauchen. ame diskutiert derzeit mit Anbietern von Dilithiumkristallen. kris fragt, ob die Kapazität der EPS-Kupplungen diesen Belastungen standhalten kann oder ob wir das Energienetz upgraden müssen. kabl merkt an, daß wir in diesem Fall den Onlinetermin für Warp 8 nicht halten können.\nMal sehen, ob das Werkzeug abteilungsweit angenommen wird. Eigentlich aber ein leichter Fall: Das Bloggen ist bei uns sowieso schon seit Jahren Bestandteil der Firmenkultur, und jetzt wird nur ein besseres Werkzeug dafür installiert.\n","date":"2004-12-08T00:00:00Z","href":"https://blog.koehntopp.info/2004/12/08/firma-mit-blogs.html","tags":["blog","lang_de"],"title":"Firma mit Blogs"},{"categories":null,"content":"In \u0026ldquo;Das Böse ist immer und überall\u0026rdquo; schreibt Telepolis über ein Phänomen, daß wir alle bei unseren alten Tanten haben beobachten können, als wir klein waren. Besagte Tanten saßen nämlich mit den Kieler Nachrichten auf dem Schoß da und lasen in der Rubrik mit den Polizeiberichten, was letzte Nacht alles schlimmes passiert ist, um dann den Kopf zu schütteln, \u0026ldquo;Tsk, tsk, tsk\u0026rdquo; zu machen und sich dann darüber auszulassen, wie schlimm alles geworden ist.\nTelepolis zitiert eine Studie des Kriminologischen Forschungsinstitut Niedersachen, in der die Bevölkerung befragt wurde, wie sie die Kriminalitätsentwicklung beurteilt und wie die Medien dieses Urteil beeinflussen - \u0026ldquo;gefühlte Sicherheit\u0026rdquo;, gewissermaßen.\nDen objektiven Zahlen nach ist die Kriminalitätsrate in den letzten zehn Jahren in Deutschland stark gesunken:\nDie Polizeiliche Kriminalstatistik (PKS) weist für die letzten zehn Jahre (1993 bis 2003) einen deutlichen Rückgang auf, gerade für schwere Straftaten: Wohnungseinbrüche -45,7 Prozent, Autodiebstahl -70,5 Prozent, Banküberfälle -44,4 Prozent, Mord -40,8 Prozent, Sexualmord -37,5 Prozent.\nEine wichtige Ursache dafür ist das steigende Durchschnittsalter der Bevölkerung - der Bevölkerungsanteil der Männer 18-30 ist für den größten Teil der Gewaltkriminalität verantwortlich und diese Gruppe schrumpft.\nFragt man die Bevölkerung jedoch danach, was sie glauben, wie sich die Kriminalitätsrate entwickelt, stellt sich ein ganz anderes Bild dar:\nAusgehend von Zahlen der PKS von 1993 zu bestimmten Straftaten sollten die Befragten deren Entwicklung einschätzen. Was dabei zutage kam, hat die Wissenschaftler einigermaßen erschüttert: Die Befragten unterstellten einen starken Anstieg bei allen Delikten. Je gravierender und emotionalisierender die Tat, umso höher lag die Fehleinschätzung: Beim Wohnungseinbruch betrug sie das Zweieinhalbfache, beim Mord das Doppelte und beim vollendeten Sexualmord sogar das Sechsfache.\nWarum diese Fehleinschätzung? Die Studie sagt:\nUnsere Hauptthese ist, dass der Wandel gerade bei den öffentlich-rechtlichen Nachrichten in Quantität und Qualität der Berichterstattung einen großen Unterschied macht. Die Nachrichtensendungen sind immer noch die Quelle der höchsten Seriosität. Dass die Bild-Zeitung übertreibt, weiß ja jeder. Wenn die Tagesthemen aber plötzlich immer häufiger über Kriminalität berichten, dann glauben die Leute, da muss was dran sein. Die Tagesthemen sagen zwar nicht, der Sexualmord steigt. Aber sie berichten beim ersten Tatverdacht, aus der U-Haft, von der Anklageerhebung und vom Prozess. Kriminalität wird ausgelutscht und genutzt, die Zuschauer zu binden. Weil man die Sorge hat, dass man, wenn selbst nicht mitmacht, es die anderen tun, und die haben dann die höheren Einschaltquoten.Christian Pfeiffer im Gespräch mit Telepolis\nJe mehr Menschen Fernsehen, je schlechter sie ausgebildet sind und je schlechter die persönlichen Verhältnisse sind, um so mehr wird Kriminalität wahrgenommen, um so höhere Strafen werden gefordert und für um so schlimmer wird die Situation gehalten.\n","date":"2004-11-08T00:00:00Z","href":"https://blog.koehntopp.info/2004/11/08/fernsehen-macht-angst.html","tags":["media","lang_de"],"title":"Fernsehen macht Angst"},{"categories":null,"content":"Mail wird über SMTP (Port 25) versendet, weiß man ja.\nIn RFC 2476 wird nun eine Abwandlung von SMTP diskutiert, das Mail Submission Protocol. Submission ist im wesentlichen SMTP auf Port 587 (submission), mit dem zusätzlichen Requirement, daß irgendeine Art der Absender-Authentisierung stattfindet. Mail Submission spezifiziert dabei ausdrücklich nicht, wie diese Authentisierung stattfinden soll:\n3.3. Authorized SubmissionNumerous methods have been used to ensure that only authorized users are able to submit messages. These methods include authenticated SMTP, IP address restrictions, secure IP, and prior POP authentication.\nSubmission wird von einigen Leuten als Werkzeug im Kampf gegen Spam verkauft, aber dort ist es nur eingeschränkt wirksam - die erhofften Vorteile basieren darauf, daß man nun Mail Transport (Port 25) und Mail Submission (Port 587) trennen kann, und daß auf Port 587 zwingend Authentication verlangt wird, also hoffentlich keine offenen Relays existieren werden.\nFür den Endanwender hat Submission auch Vorteile, die jedoch hauptsächlich darauf basieren, daß es als Protokollvariante noch nicht sehr bekannt ist und deswegen gerne übersehen wird.\nManche ISPs verwenden zum Beispiel transparente Proxies auf Port 25, um ihre Kunden zu zwingen, den Mailverkehr über den Mailer des ISPs abzuwickeln. Versucht mal als Kunde eines solchen ISP zum Beispiel einen SMTP Server bei einem freien Webmailer zu erreichen, sieht man stattdessen das SMTP Banner des ISP.\n$ telnet smtp.web.de 25 Trying 217.72.192.157... Connected to smtp.web.de. Escape character is \u0026#39;^]\u0026#39;. 220 smtp.onebb.com ESMTP Sendmail 8.12.11/8.12.11; Fri, 29 Oct 2004 15:40:30 +0800 quit 221 2.0.0 smtp.onebb.com closing connection In diesem Fall kann es nützlich sein, statt Port 25 den Port 587 zum Mailversand zu verwenden, in der Hoffnung, daß der ISP diesen Port noch nicht mit seinem Proxy gedeckelt hat.\n$ telnet smtp.web.de 587 Trying 217.72.192.157... Connected to smtp.web.de. Escape character is \u0026#39;^]\u0026#39;. 220 smtp08.web.de ESMTP WEB.DE V4.101#44 Fri, 29 Oct 2004 09:40:55 +0200 quit 221 smtp08.web.de closing connection Connection closed by foreign host. ","date":"2004-10-29T00:00:00Z","href":"https://blog.koehntopp.info/2004/10/29/submission-port-587.html","tags":["mail","lang_de"],"title":"Submission (Port 587)"},{"categories":null,"content":"Da sich dies langsam zur FAQ auswächst, hier einmal als Text, damit ich in Zukunft darauf verweisen kann.\nSie schreiben:\nIch erhalte von Ihnen immer 8 TCP Scans auf meinen Rechner. Da es nicht das erste Mal ist, daß mein Router mir das von Ihrem Rechner aus meldet, muß ich Sie dazu auffordern dies bitte zu unterlassen. Possible TCP port scan from 217.72.195.85 (8 ports) against (IP-Nummer).\nSie sehen Meldungen, die die IP-Nummer 217.72.195.85 betreffen. Diese IP-Nummer gehört zu dem Namen img.web.de. \u0026ldquo;img.web.de\u0026rdquo; ist ein Cluster von vielen spezialisierten Webservern für statische Dateien, etwa für Bilder und statische HTML-Seiten. Es handelt sich nicht um einen realen Server, sondern um die virtuelle IP eines Loadbalancers für Webserver. Von dort kann keine Portscan-Software arbeiten.\nWenn Sie eine Webseite von der Domain web.de anfordern, sind darauf Verweise auf eine ganze Reihe von Bilddateien in Form von \u0026ldquo;\u0026lt;img src=\u0026ldquo;https://img.web.de/....\" /\u0026gt;-Verweisen enthalten. Ihr Rechner baut dann in sehr schneller Folge Verbindungen zu img.web.de auf, um diese Bilder von dort zu laden. Dabei wird auf der Seite von img.web.de immer Port 80 (http) bzw. Port 443 (https) verwendet. Auf Ihrer Seite verwendet Ihr Rechner dazu aufeinanderfolgende hohe Portnummern (32768, 32769, und so weiter), die durch Ihr Betriebssystem festgelegt werden.\nIhre Firewall ist übersensibel und interpretiert diese Verbindungsaufbauten wegen der aufeinanderfolgenden Portnummern als Portscan. Es handelt sich jedoch nicht um einen Angriffsversuch von img.web.de, ja noch nicht einmal um von unserem Rechner ausgehende Verbindungen. Stattdessen interpretiert Ihre Firewall Aktionen genau des Rechners, den sie schützen soll als Angriff auf diesen Rechner.\nBitte konfigurieren Sie Ihre Firewall so, daß sie keine Falschmeldungen mehr erzeugt oder ignorieren Sie die Meldungen.\n","date":"2004-10-21T00:00:00Z","href":"https://blog.koehntopp.info/2004/10/21/ihr-imageserver-greift-meinen-pc-an.html","tags":["security","lang_de"],"title":"Ihr Imageserver greift meinen PC an"},{"categories":null,"content":"Dies ist das Siegerplakat eines Plakatwetbewerbes zum Thema \u0026ldquo;Farbe bekennen gegen globale Armut\u0026rdquo;. Es wird nicht gezeigt, sondern nur in Worten beschrieben:\nDas Plakat zeigt eine Cola-Flasche mit schmutzigem Wasser. Das Wort \u0026ldquo;Cholera\u0026rdquo;, das auf dem Etikett zu sehen ist, erinnert an den Schriftzug von \u0026ldquo;Coca-Cola\u0026rdquo;. Das mit der Hilfe von Photographie gestaltete Plakat soll auf symbolische Weise Folgen von Armut ,wie z.B. Krankheiten, aufzeigen.\nWarum wird es nicht gezeigt?\nPreis: Uta Volkmann von der FH Potsdam. Um Wettbewerbs- bzw. Markenrechte nicht zu verletzen, können wir das Plakat von Uta Volkmann derzeit leider nicht veröffentlichen bzw. abbilden. Herzlichen Glückwunsch, allen Beteiligten an dieser Farce.\n(via Telepolis )\n","date":"2004-10-19T00:00:00Z","href":"https://blog.koehntopp.info/2004/10/19/cholera.html","tags":["zensur","lang_de"],"title":"Cholera"},{"categories":null,"content":"Schon Weird Al hat gewußt: It\u0026rsquo;s all about the Pentiums, baby . Im Falle eines Rechenzentrums kann man durch den Einsatz von Blades nicht nur Strom sparen, sondern auch die Leistungsdichte erhöhen (also Platz sparen) und das Management verbessern.\nIch hatte die letzten paar Wochen Gelegenheit, Bladecenter von HP und IBM zu sehen. Beide haben sehr unterschiedliche Konzepte\u0026hellip;\nÜber Blades Blades bestehen aus einem Einschub, dem Enclosure, in den meist vertikal die Rechnereinschübe eingesteckt werden (daher der Name Blade für die Einschübe). Das Enclosure enthält die Infrastruktur zum Betrieb des Rechners, liefert also Strom, Netzwerk, Management sowie Konsole und Bildschirm nach draußen. Die Blade selber wird nicht verkabelt, sondern dockt durch das Einschieben automatisch in das Enclosure ein. Über die Managementfunktionen läßt sich die Blade ein- und ausschalten, booten, und ihr können, wenn der Bedarf dafür besteht, das Diskettenlaufwerk und das CD-ROM Laufwerk aus dem Enclosure zugewiesen werden.\nDie Blades selber haben durchaus Power - zwei Prozessoren aus dem 3GHz-Segment mit Speicher im Gigabyte-Bereich sind üblich. Die Schwachstelle sind meist die Platten - zwar können in der Regel zwei Platten auf der Blade selber montiert werden und man hat die Wahl zwischen IDE- und SCSI-Platten, aber es handelt sich in der Regel um 2.5 Zoll Notebookplatten bzw. vergleichbare Geräte, die für den Dauereinsatz in Servern zertifiziert sind. Solche Platten taugen, das sollte klar sein, zum Booten und Laden des Betriebssystems und der Anwendung, aber nicht für Datenbanken. Die Blade bringt außerdem meist zwei Netzwerkinterfaces mit, die auf die Enclosure-eigenen Switch connected und hat Platz für eine Erweiterung - etwa eine weitere Netzwerkkarte oder ein Modul für den SAN-Access.\nEs gibt auch größere Blades mit vier Prozessoren, mehr Speicher und Festplatten in Hotplug-Rahmen innerhalb der Blade, die eher auf den Datenbank- denn auf den Frontend-Markt zielen, aber diese wirken eher unbeholfen und noch nicht so richtig Marktreif.\nEnclosures haben je nach Hersteller zwischen 6 und 7 HE Höhe und bieten Platz für 14 bis 16 Blades (von der Frontend-Sorte).\nDie Konzepte von HP und IBM sind dabei sehr unterschiedlich. Bei BioTeam.net findet man eine Galerie mit Fotos der vorherigen Generation von Bladecentern und Blades. Die Bilder geben dennoch einen sinnvollen Eindruck der aktuellen Blades wieder.\nHP BL30p Auf dem Bild sieht man eine BL20p Blade von HP unter einer IBM Blade liegen. Die Frontend-Einschübe (BL30p) von HP sind halb so hoch, haben aber dieselbe Länge.\nLeider sind keine Fotos einer nicht eingebauten BL30p zu finden, was schade ist. Denn in diesem Fall würden verschiedene Dinge auffallen, die die Unterschiede im Konzept zwischen HP und IBM sehr deutlich machen:\nDie BL30p ist offen, hat also keine Abdeckung wie die gezeigte BL20p. Zwei BL30p stecken übereinander in einen sogenannten Sleeve, der dann die Größe und Form wie abgebildet hat und im Enclosure steckt. Blades in Sleeves zu stecken ist ein bischen hakelig, da die BL30p wie gesagt oben nicht geschlossen ist und man so direkt auf CPUs, RAM und Platten fassen kann. Wegen der geringen Höhe der Blade sitzen die CPUs in der BL30p hintereinander, die eine an der oberen, die andere an der unteren Kante der Blade ausgerichtet. Beide CPUs überlappen sich zu einem Drittel bis zur Hälfte im Luftweg, sodaß die hintere CPU Luft bekommt, die bereits durch die vordere CPU erwärmt wurde. Vor den beiden CPUs sitzen zwei hochtourige Mikrolüfter, die die beiden CPUs anblasen. Das Kühlkonzept hat also, anders als IBM, Lüfter pro Blade statt einer großen redundanten Zentralkühlung. Die Blades werden in den Sleeves mit Plastik-Nupsis gesichert. Während der Teststellung sind uns diese Dinger reihenweise abgebrochen Das HP Enclosure ist mit 6 HE niedriger als das IBM Enclosure (7 HE) und faßt 16 BL30p Einschübe - das sind also 32 CPUs pro Enclosure, aber es passen keine 7 Enclosures in ein Rack. Denn HP trennt Enclosure und Stromversorgung in unterschiedliche Komponenten. Für eine bestimmte Menge Blades braucht man einen speziellen Netzteil-Enclosure (3 HE), der dann 48V Gleichstrom ausspuckt.\nHP wirbt mit der Flexibilität des Konzeptes der Rack-zentralisierten Stromversorgung, aber in der Realität hat man dann auf der Rückseite seiner Racks ein schweres Übersichtlichkeitsproblem - den Racks wächst ein Geschwür von Kabeln hinter den Enclosures, die dann mit schwenkbaren Plastikarmen so montiert werden, daß man einerseits die Racks noch zu bekommt, andererseits aber bei Bedarf auch an die Geräterückseiten herankommt. Da 48V verwendet wird, sind die verwendeten Kabel daumendick, damit die benötigten Amperes da durch gehen und entsprechend elegant zu handhaben. Abgesehen davon, daß so ein Drahverhau aussieht sie gewollt und nicht gekonnt, ist das ganze auch ein logistischer Albtraum.\nIBM Das Enclosure von IBM ist größere - 7 HE hoch. IBM Blades sind außerdem kürzer - sie reichen nicht bis zur Rückseite des Gerätes. Das gibt IBM Platz, um auf der Geräterückseite zwei redundante Lüfter (die großen Dinger in der Mitte mit den Stauklappen zur Verhinderung von Kühlkreis-Kurzschlüssen), vier redundante Netzteileinschübe (links und rechts von den Lüftern mit den Kaltgerätedosen), vier Switch-Einschübe (ganz links) sowie zwei Managementeinschübe (ganz rechts) zu plazieren. Auch mit Verkabelung dran sieht die Geräterückseite sehr übersichtlich aus, und ist vor allen Dingen auch Sonntags nachts um Vier durch einen verschlafenen Rufbereitsschaftler problemlos zu maintainen.\nDie Blades selber sind geschlossen, und so breit, daß die CPUs nebeneinander plaziert werden können - sauberer Airflow. Durch die zentrale Belüftung des Enclosures befinden sich auf den Blades außer den Platten keine beweglichen Teile - und die Platten braucht man bei einem Netzwerkboot im Prinzip nicht, da Frontends, die swappen sowieso ein Problem haben.\nIBM garantiert Interoperabilität und Wiederverwendbarkeit des Chassis für fünf Jahre (und merkt dabei fairerweise an, daß neuere CPUs unter Umständen auch einen Austausch der Lüfter und Netzteilmodule notwendig machen können - aber das sollen die Vertriebler und Einkäufer in einem Tradein unter sich ausmachen). Dabei macht IBM mit der Offenlegung der Standards auch deutlich, daß sie eine Plattform statt einer proprietären Lösung etablieren wollen. So hat man bei den Switchmodulen die Wahl zwischen Dlink und Cisco (und die Switches sind anders als bei HP physikalisch voneinander getrennt, wenn man sauber DMZen will).\nManagement Beim Management nehmen sich die Lösungen von HP und IBM recht wenig - sie sind sogar mit Einschränkungen integrierbar. In beiden Fällen können Konsole und Bildschirm über Netz an Arbeitsplätze außerhalb des Rechenzentrums herausgeführt werden, und dabei können Zugriffsrechte fein granuliert vergeben werden (über die Sicherheit von typischen WBEM-Implementierungen können wir uns anderswo unterhalten). Dabei ist es möglich, Benutzer und deren Rechte aus einem LDAP zu beziehen, sodaß sich dieser Aspekt auch mit einer bereits vorhandenen Directory-Lösung integrieren läßt.\nDie Kisten lassen sich remote PXE-Booten, und können sich so von einem Installserver ein Basis-Betriebssystem oder gar ein komplettes Application-Setup zeihen. Drei bis sieben Minuten beträgt die Deployment-Zeit einer Blade nach dem Reinschieben in das Enclosure, wenn man alles richtig gemacht hat.\nIn die andere Richtung spucken Blades und Enclosures SNMP oder WBEM mit Daten über Maschine, physikalische Parameter und was man sonst so von dem Ding vielleicht wissen möchte. Die Steuerung und Überwachung der Blades über ein Management-Netz kann dabei vollständig vom Wirknetz getrennt werden.\nProbleme Verbleibende Probleme:\nOhne Installserver und Managementinfrastruktur sind Blades sinnlos. Durch die hohe Leistungsdichte wird die Abwärme pro Rack sehr groß, auch wenn man durch die Blades effektiv Strom spart. Blades ersetzen die herkömmlichen Frontends, aber Datenbankserver in Bladekonzepten wirken noch kümmerlich. Was sind Eure Erfahrungen mit Blades?\n","date":"2004-10-09T00:00:00Z","href":"https://blog.koehntopp.info/2004/10/09/it-s-all-about-the-pentiums.html","tags":["computer","lang_de"],"title":"It's all about the Pentiums"},{"categories":null,"content":"Wir haben 2004. Fünf Jahre nach Napster. Noch immer beherrschen Klagen über Raubkopierer statt innovativer Konzepte die Musikindustrie. Wenn man die Berichterstattung in den Medien über die Popkomm auswertet, dann bekommen wir ein klares Bild von einer Industrie, die jeden Bezug zu ihren Kunden verloren hat, und die seit fünf Jahren statt mit Produkten mit Klagen agiert.\nWenn dies ein Artikel von M. Roell wäre, dann müßte ich jetzt erklären, wie das Lesen von Blogs von Kunden der Industrie helfen könnte, zu verstehen, wie Musik heute wahrgenommen und abgespielt wird und was die Kunden dieser Industrie wollen und brauchen, um Musik in einer Weise zu benutzen, die sich mit ihrem Leben integriert. Ich müßte schildern, wie ein multimediales Bandvorstellungsblog mit Songauszügen und kurzen Berichten aus dem Alltag eines Reviewers Kontakt herstellen und halten könnte und wie die Auswertung von Feedback aus solchen Blogs helfen könnte. Ich würde am Beispiel von Blogs erklären, warum es für eine Branche und für jemanden in dieser Branche wichtig ist, möglichst dicht am Kunden zu sein, und daß das bedeutet, sich mit genau diesem Kunden zu unterhalten.\nUnd ich hätte Recht - sogar, wenn dies ohne Blogs geschieht.\nBlind und taub Stattdessen versucht die Industrie, das veraltete Geschäftsmodell von vor dem Internet wiederzubeleben oder wenigstens zu retten:\nDer Grundgedanke ist genial einfach: Warum, dachten sich die Macher von \u0026ldquo;Hithunter\u0026rdquo;, sollte man die Konsumenten nicht selbst entscheiden lassen, was sie demnächst im Laden kaufen können?\u0026hellip;Da klingt die Idee doch schlüssig: Im Internet sollen Konsumenten Musikstücke probehören können (als Ausschnitt und als vollen Song) und darüber abstimmen, was ihnen gefällt oder nicht. Was gut ankommt bei der Masse, so der Gedanke, wird sich dann auch verkaufen.\nMusik in Zeiten des Internet ist Musik für Individuen. Ziel kann es nicht sein, einen Massengeschmack herauszudestillieren oder zu mitteln.\nDas Wesen des Internet war nie Vereinheitlichung, sondern immer geographisch verteilte Spezialinteressen zusammenzuführen. Open Source, Newsgroups, Mailinglisten, Suchmaschinen und ja, auch Blogs, dienen zu nichts anderem als dazu, Leute zueinander zu bringen, die Gemeinsamkeiten haben, sich ohne das Netz aber niemals hätten finden können. Gesucht ist nicht der Hit für alle , sondern gesucht sind alle, die das für einen Hit halten, was ich auch dafür halte . Gesucht sind Titel, die ich noch nicht höre, aber hören will . Gesucht ist nicht Hithunter, sondern Audioscrobbler , iPodder , gesucht sind Mechanismen, mit denen ich die Musik leichter finde, die ich mag.\nIn gewisser Weise zeigt Hithunter damit, wie sehr die Musikindustrie die Konzepte noch verkehrt herum hält und wie wenig sie es schafft, sich aus dem Geschäft der 70er und 80er Jahre zu lösen und das Internet mit seinen Möglichkeiten der selbstorganisierten Gruppenbildung und den niedrigen Transaktionskosten zum Vorteil zu nutzen. Stattdessen bekommen wir eine Demonstration, wie wenig diese Industrie sich für ihre Kunden interessiert oder von ihnen weiß. Die Branche braucht nicht mehr Kreativität - davon ist genug da. Sie braucht mehr Kommunikation. Und die richtigen Filter.\nStattdessen in Popkomm: Musikwirtschaft erreicht die Talsohle :\nDie Musikindustrie kämpft hier vor allem gegen die Aufrechterhaltung der Privatkopie im Urheberrecht, obwohl das Justizministerium ihr bereits weitgehend den Zahn gezogen hat.\nWürde die Branche funktionieren, hätte sie schon vor fünf Jahren verstanden, daß die Privatkopie nicht der Feind, sondern der Freund ist. Nichts zieht mehr Kunden, schneller Kunden und günstiger Kunden als die Empfehlung eines guten Freundes mit den Worten \u0026ldquo;Hier, hör Dir das mal an, das wird Dir gefallen\u0026rdquo;.\nDie Quote Dem Wunsch der Branche nach Vereinheitlichung und der Wiederherstellung des Massenmarktes entgegen läuft der Ruf nach einer Quote für \u0026ldquo;deutsche Musik\u0026rdquo;, wie immer man diese definiert. Briefe dagegen sind im Netz leicht zu finden, bei Beißholz oder Basiquiat , aber auch bei Telepolis kann man mehr dazu finden. Die Argumentationen sind ähnlich, und einleutend: Was wir brauchen ist keine Quote. Was wir brauchen ist Rotationsverbot.\nRaubritter vs. Piraten Und schließlich: Hat sich jemand mal die Inhalte auf der IFPI-Site angesehen? Wenn die Themen auf der Seite des Branchenverbandes der Musikindustrie repräsentativ sind für das, was diese Industrie bewegt, dann finden wir eine Industrie, die keine anderen Interessen und Initiativen mehr hat als die Obsession mit Kopien.\nMit Musik hat das alles nichts mehr zu tun. Es fehlt Respekt! .\n","date":"2004-09-30T00:00:00Z","href":"https://blog.koehntopp.info/2004/09/30/the-sound-of-music.html","tags":["media","lang_de"],"title":"The Sound of Music"},{"categories":null,"content":"Angenommen, ich hätte einen Account bei einem größeren Laden im Internet, sagen wir einmal ebuyzone. Angenommen, ich hätte außerdem einen Account bei einem größeren Freemailprovider, sagen wir einmal hotweb. Sagen wir weiterhin, ich wäre als Benutzer im Internet eher unbedarft und nicht sehr geübt.\nDann waren die Chancen gut, daß ich in den vergangenen Tagen eine Mail von Gestalten eher zweifelhaften Rufes bekommen habe, die sich als Mail von ebuyzone tarnt und in der ich gebeten worden bin, meine Account Details bei ebuyzone in dem folgenden Webformular (obskurer Link mit @ drin und ebuyzone vor dem @ sowie einer IP-Nummer nach dem @) zu validieren.\nDie Leser dieses Blogs sind natürlich zu schlau, um auf so etwas hereinzufallen, falls es eine solche Mail überhaupt schaffen sollte, an den Spamfiltern der Leser dieses Blogs vorbeizukommen. Andere Leute sind da weniger gelenkig, und so kommt es jeden Tag wieder vor, daß sich Personen auf den Webformularen der ebuyzone- Phisher eintragen - komplett mit Namen, Kredikartennummer und Paßwort für ebuyzone.\nBlöd. Aber im Schaden möglicherweise begrenzbar.\nWenn diese Personen jedoch in ihrem ebuyzone-Profil ihre Mailadresse von hotweb hinterlegt haben, und bei hotweb dasselbe Kennwort verwendet haben wie bei ebuyzone, sie dann mit einem Mal alle ihre Mail verlieren, ihr Account zum Spammen verwendet wird, und in ihrem Namen noch obskures Zeug sonstwo bestellt wird, dann nimmt das ganze langsam Ausmaße an, die im Schaden nur noch sehr schwer abzuschätzen sind.\nVor allen Dingen, wenn man davon ausgehen kann, daß diese Username-Paßwort-Kombination ja nicht nur bei ebuyzone und hotweb verwendet worden ist, sondern auch noch bei 1003 anderen Loginmöglichkeiten im Web.\nMan sollte meinen - oder vielleicht hoffen - daß es auf der Welt nicht allzuviele Personen gibt, die dieser unglücklichen Verkettung von Zufall, Unkenntnis, Leichtgläubigkeit und Leichtsinn zum Opfer fallen.\nDem ist nicht so.\nWenn Ihr, liebe Leser dieses Blogs, Euch also beruflich mit Computersicherheit beschäftigt, dann solltet Ihr möglicherweise einen Plan B vorbereiten, denn das mit der Computersicherheit ist schlichtweg aussichtslos.\nRosen züchten. Das wäre was.\n","date":"2004-09-28T00:00:00Z","href":"https://blog.koehntopp.info/2004/09/28/transitiv-dumm.html","tags":["security","lang_de"],"title":"Transitiv dumm"},{"categories":null,"content":"Diesen Artikel sollte ich eigentlich gar nicht mehr schreiben müssen. Er basiert auf alten Dokumenten, die ich für eine Folge von Consultingjobs in den Jahren 1993, 1994 und 1995 verfaßt habe, und den Erfahrungen mit einer Redhat Enterprise 2.3-Installation mit den HP/Compaq-Packages, die ich heute habe machen dürfen. Ich bin sehr, sehr deprimiert.\nAber von vorne: Da ist nun also ein neuer Server, nicht unser Standardsystem, sondern etwas anderes, und es befindet sich außer dem Betriebssystem bislang nur ein Sortiment Treiber und Monitoring auf der Kiste. Eine gute Gelegenheit, besagte Betriebssysteminstallation einmal genauer unter die Lupe zu nehmen.\nEs gibt eine Reihe von schnellen Routine-Handgriffen, die man auch ganz ohne \u0026ldquo;Security-Scanner\u0026rdquo; einmal durchgehen kann, um sich einen Überblick über die Kiste zu verschaffen. Diese Handgriffe sind wohlbekannt, und uralt. Jeder Entwickler und Admin sollte sie kennen und einige Male gemacht haben. Aus irgendeinem Grunde werden sie auch 2004, zehn Jahre nachdem ich sie zum ersten Mal für Geld gemacht habe, von den entscheidenden Leuten immer noch nicht gemacht. Oder wenn doch, werden die Ergebnisse ignoriert.\nWorld Writeable Anything find / \\! -type l -perm -0002 -ls \u0026gt; /tmp/world-writeable-files.kris ist ein guter Ansatzpunkt, um einmal zu sehen, was auf der Kiste denn so wirklich ganz kaputt ist. Dieser Aufruf spuckt eine ganze Reihe von /dev-Dateien aus, einige Verzeichnisse und einige Dateien außerhalb von /dev.\nFür die /dev-Dateien muß man sicherstellen, daß für diese Devices auch ein Treiber vorhanden ist. Danach sollte man alle Nonstandard-Devicetreiber einmal abklopfen, um zu sehen, was man für fiese Dinge mit ihnen machen kann, wenn man Schreibzugriff auf die hat.\nManchmal findet man /dev-Dateien mit kaputten Permissions, auf denen man lustig ioctl(2) spielen kann.\nWenn Verzeichnisse in der Liste sind, die world-writeable sind, dann verdienen diese besondere Beachtung. Handelt es sich um /tmp, /var/tmp, /var/spool/uucppublic oder incoming-Verzeichnisse, sollte man kontrollieren, ob die Permissions 1777 sind - die Permissions 0777 sind bei solchen Verzeichnissen fast immer falsch. Das gesetzte t-Bit an dem Verzeichnis stellt sicher, daß nur der Eigentümer einer Datei, der Eigentümer des Verzeichnisses oder der Systemverwalter Daten löschen können. Ohne t-Bit kann jeder in dem Verzeichnis jede Datei löschen - das ist meiner Erfahrung nach niemals das gewünschte Verhalten.\nWriteable Home-Verzeichnisse sind immer eine willkommene Gelegenheit, um sich an den Punkt-Dateien des Users in diesem Home zu schaffen zu machen. Ein cp /usr/bin/bash /tmp/...; chmod a+s /tmp/... in der .bashrc eines Benutzers und schon hat man nach dem nächsten Login des Users eine bash, die SUID dieser User läuft, und das ist noch eine der harmloseren Aktionen.\nWriteable Directories in /dev, wie sie auf einigen Maschinen durch das Logical Volume Management hinterlassen werden, sind ganz schlecht. Jedermann kann dann mit einem einfach \u0026ldquo;rm\u0026rdquo; die Devicedateien für die Platten des Systems abräumen - bei nächsten Reboot gibt es dann lange Gesichter.\nWriteable Directories die im Pfad liegen - am besten noch im Suchpfad von root! - sind sowieso ein Instant Exploit und eine ganz üble Idee. Vor zehn Jahren hat ein Install von NetView auf einer RS 6000 /usr/bin grundsätzlich 777 hinterlassen, und auf einer HP war damals /usr/local/bin im Pfad und grundsätzlich 777. Und auch heute noch findet man öfter als nicht /home/oracle/ora-env.sh mit o+w-Rechten oder vergleichbare Scripte, wenn man sich die Mühe macht, danach zu suchen.\nZugriffsrechte an Gerätedateien Eine Zeit lang gab es Unices, die die Gerätedateien von Bandlaufwerken world-readable hinterlassen haben. Wenn dann noch das Backup-Band vor oder nach dem Backup im Gerät steckt, kann sich also jeder Benutzer des Systems an diesem Band bedienen und nach Wunsch Dateien recovern, ganz egal wie die Rechte an der Datei im System einmal waren.\nAuch viele andere Dateien sind bei älteren Unix-Installationen nachlässig gesetzt, und wenn man auf eine neue, einem unbekannte Installation kommt, lohnt es sich, die Permissions solcher Geräte einmal durchzugehen und nachzusehen, ob man sich nicht irgendwo belustigen kann.\numask umask ist nur ein Handgriff, aber ein wichtiger Handgriff, wie einem jeder Systemadministrator bestätigen kann, der einmal in seinem Leben mit HP/UX in Kontakt gekommen ist. Ältere Versionen von HP/UX haben beim Booten mit der umask 0 gestartet und daher wurden während des Bootvorgangs (und während der Installation!) jede Menge Dateien angelegt, die einfach zu große Permissions haben.\nIn HP/UX hatte dieses kleine Versäumnis sehr weitreichende Folgen: 666 auf den Dateien des Syslogs, 777 auf /usr/local/bin und 777 auf den Directories, die das LVM für die LVM-Devices angelegt hat. Die Folgefehler ziehen sich durch die ganze Installation und es ist eine Heidenarbeit, zu entscheiden, welche Permissions man gefahrlos korrigieren kann und wo man sich vielleicht selber aus dem System aussperrt.\nSystemlimits Wenn man schon dabei ist, kann man auch gleich die anderen Systemlimits kontrollieren: limit bzw. ulimit sagen dem interessierten Systemtester gleich, wo seine Grenzen sind, und ob es z.B. Coredumps geben wird. In Solaris will man sich außerdem noch \u0026ldquo;coreadm\u0026rdquo; ansehen.\nSUID, SGID Mit einer Variation des oben gezeigten Find-Kommandos findet man auch schnell SUID- und SGID-Programme, die mit dem System gekommen sind:\nfind / \\! -type l -perm -4000 -ls \u0026gt; /tmp/suid-files.kris und find / \\! -type l -perm -2000 -ls \u0026gt; /tmp/sgid-files.kris sind zwei Listen von Dateien, die intensiver Aufmerksamkeit bedürfen. Betriebssystemhersteller haben die Angewohnheit, selbstgeschriebene privilegierte Programme sehr nachlässig zu schreiben.\nOft haben diese Programme Optionen, mit denen man eine Ausgabe in eine Datei leiten kann (a la -l \u0026lt;protokolldatei\u0026gt;). Die Chancen sind gut, daß dieses Programm \u0026ldquo;vergißt\u0026rdquo; seine Privilegien aufzugeben, bevor es diese Datei zum Schreiben öffnet. Ein -l /etc/passwd kann dann lustige Effekte erzielen.\nAndere Hersteller erlauben solchen Programmen möglicherweise, Umgebungsvariablen auszuwerten oder Shells zu starten, um kurze Shellfragmente aufzurufen - ein strings auf solche SUID- oder SGID-Binaries ist meistens sehr erhellend. Sieht man in einem SUID-root Binary strings-Output wie\n#! /bin/sh path=\u0026#34;`which %s`\u0026#34; if [ -z \u0026#34;$path\u0026#34; ] then for i in /bin /usr/bin /sbin /usr/bin %s/bin /usr/local/bin do if [ -x \u0026#34;$i/%s\u0026#34; ] then echo \u0026#34;$i/%s\u0026#34; exit 0 fi done else echo $path exit 0 fi exit 1 dann ist es Zeit, den Stahlhelm aufzusetzen und die Gräben zu bemannen. Wen juckt es nicht beim Anblick solcher Zeilen, herauszufinden, woher %s kommt und wie man dort einige Anführungszeichen und Semikoli reinschmuggeln könnte?\nAber auch alle Zeilen in der Nähe und Umgebung des Suchstrings PATH sind interessant und können oft zu Hinweisen führen, die lustige Effekte erlauben.\nNamen von externen Programmen, die unser privilegiertes Herstellertool aufruft, sich auch lustig. Wird ein Mailer gestartet? Werden vor dem Starten des Mailers Privilegien gedroppt? Meist nicht. Kann man das Subject der Mail beeinflussen, oder wird der vom Benutzer eingestellte Betreff 1:1 an das mailx -s %s durchgereicht? Dergleichen Spielereien gibt es viele, und alleine der persönliche Grad der Perversion setzt dem interessierten Spielkind hier noch Grenzen.\nManche Programme mit Privilegien legen auch an einer vorhersagbaren Stelle im Dateisystem Dateien an - /tmp/\u0026lt;name der Logdatei\u0026gt;, $HOME/.\u0026lt;statusdatei\u0026gt; und was dergleichen an Standardstellen mehr existiert. Ein strace -e open als Root auf das zu untersuchende Kommando ist dabei des Admins Freund. Danach sollte man das Programm noch einmal aufrufen, aber als User, und dabei zuvor Symlinks angelegt haben, die von der vorhergesagten Stelle im Dateisystem nach /tmp/gotcha zeigen. Existiert nach dem Aufruf /tmp/gotcha und hat die so erzeugte Datei die Rechte des privilegierten Users, hat das Herstellertool ein Problem. Wie leicht hätte das Symlink nach /etc/shadow zeigen können und beim Aufruf aus Versehen die Paßwortdatenbank wegschießen können?\nNetzwerkaktivität lsof -i -n -P \u0026gt; /tmp/open-ports-and-programs.kris generiert eine Liste von Programmen mit offenen Netzwerkports auf der neuen Kiste. Unsere persönlichen Freunde sind dabei Dinge wie WBEM-Server - angeblich \u0026ldquo;Web Based Enterprise Management\u0026rdquo;, aber im Grunde handelt es sich eher um Schnellrootungszugänge. Gerade HP tut sich dabei ganz besonders hervor, indem diese Firma etwa kaputte SUID-root Binaries mit unsicheren, in PHP geschriebenen WBEM-Oberflächen ausstattet: Nicht nur explodiert das SUID-Root Binary selbst bei noch nahezu bestimmungsgemäßen Gebrauch mit einer einem SIGSEGV - schon mal sehr vertrauenerweckend -, sondern es zeigt auch sonst alle Merkmale eines exploitbaren Stück Software. So stammt ein Shell-Fragment ähnlich der oben gezeigten for-Schleife aus dem Strings-Output eines HP WBEM-Binaries.\nSolche Binaries ruft HP jetzt im Kontext eines WBEM-Webservers auf, der in PHP geschrieben worden ist. Der HP-PHP-Code (HPHP?) verletzt dabei in gerade zu vorbildlicher Weise alle Richtlinien für sichere Webanwendungen, wie sie z.B. Chris Shiflett in seinen PHP-Security Talks demonstriert hat. Schon bei oberflächlicher Durchsicht fallen einem Konstrukte entgegen wie\n$path = $_SERVER[\u0026#34;HTTP_ANWENDUNGSNAME\u0026#34;]; $cmd = sprintf(\u0026#34;/path/zum/privilegierten/binary/additional/data/$path\u0026#34;; oder ungeprüfte Übernahme von Daten aus $_GET, $_POST, $_COOKIE oder $_SERVER[\u0026quot;HTTP_*\u0026quot;]-Variablen. Selbst ohne privilegiertes Binary ist diese PHP-Anwendung ein guter Einstieg in das System.\nNeben WBEM ist auch der Portmapper und die von ihm gestarteten Anwendungen sowie der inetd ein Quell der Freude. Gerade Solaris-Maschinen sind bekannt dafür, daß sie hier einen ganze Strauß unnötiger Dienste starten, von denen mehr als die Hälfte bereits ein- oder mehrmals Anlaß der Vergabe von CAN- oder CVE-Nummern gewesen ist.\nSchließlich ist bei vielen Maschinen nach der Installation auch ein SNMP-Daemon aktiv, und häufiger als nicht redet dieser auf Nachfrage mit jedem und gibt so wertvolle Systeminformation preis. In Zusammenarbeit mit WBEM hat man sogar eine gewisse Chance, daß der SNMP-Daemon nicht nur Read-Aufrufe, sondern auch Writes verarbeitet. Eine saubere Konfiguration, die Prüfung der Security und die Einschränkung auf Adressen aus dem Managementnetz sind hier zentral für das Überlegen der Maschine.\nEin schnelles Abspulen dieser Dinge auf einer neuen Installation sollte einem erfahrenen Systemadministrator ausreichend Anhaltspunkte geben, um ihn problemlos für einige Tage schlecht schlafen zu lassen.\n","date":"2004-09-16T00:00:00Z","href":"https://blog.koehntopp.info/2004/09/16/ein-komplett-ueberfluessiger-artikel.html","tags":["security","lang_de"],"title":"Ein komplett überflüssiger Artikel"},{"categories":null,"content":"Heute habe ich einem jüngeren Kollegen Netmasks und Broadcast-Adressen beibringen wollen, und habe eine Runde über Stellenwertsysteme, Logarithmen, den Unterschied zwischen Ziffer und Zahl und dergleichen Dinge mehr drehen müssen. Mir sind diese Dinge damals mehr oder weniger zugeflogen - einmal weil so etwas an der Schule unterrichtet worden ist, und zum anderen, weil ich einige Jahre mit verschiedenen Assemblern rumhantiert habe, bevor ich meine erste Hochsprache (C64 Basic zählt wohl nicht als solche :) gelernt habe.\nIch war zunächst ein wenig verblüfft, daß solche Dinge wie Binär-Hex-Umrechnung und Binär-Dezimal-Umrechnung Neulingen heute nicht mehr zwingend geläufig sind, und daß man entsprechend erst einmal 16^0 und 16^1-Tabellen und eine Tabelle Netzmasks nach Dezimal erarbeiten muß, damit man zügig Übungen machen kann.\nAber wenn man darüber nachdenkt, ist das im Grunde zwingend: Jemand, der mit Taschenrechnern aufgewachsen ist, ist sicher nicht gelenkig im Kopfrechnen. Und Leute, die im Zeitalter von Java, BitVector und BitSet aufgewachsen sind, machen sich vielleicht im Leben keine Gedanken darüber, wie die Bitmasken aussehen, die sie auf Adressen oder Routen anwenden.\nWahrscheinlich ist das das Gefühl, das man hat, wenn man alt wird.\nIch erzählte dies meiner Katze, und sie antwortete mit einem einfachen Paste ins Irc:\n#define BITCOUNT(x) (((BX_(x)+(BX_(x)\u0026gt;\u0026gt;4)) \u0026amp; 0x0F0F0F0F) % 255) #define BX_(x) ((x) - (((x)\u0026gt;\u0026gt;1)\u0026amp;0x77777777) \\ - (((x)\u0026gt;\u0026gt;2)\u0026amp;0x33333333) \\ - (((x)\u0026gt;\u0026gt;3)\u0026amp;0x11111111)) Dafür liebe ich sie.\nMore of this .\n","date":"2004-09-14T00:00:00Z","href":"https://blog.koehntopp.info/2004/09/14/netzmasken-ueber-den-augen.html","tags":["erklaerbaer","computer","lang_de"],"title":"Netzmasken über den Augen"},{"categories":null,"content":"Dies ist nicht mehr das Strandbild, das ich aus meiner Jugend kenne. Früher war der Strand in Ording sauber geteilt zwischen Strandkorbinhabern und Strandburgenbauern.\nKam man morgens an den Strand, blickte man auf eine Landschaft wie nach einem Meteoritensturm, Ringwall an Ringwall. Manche von ihnen besetzt mit einem uneinnehmbaren - weil mit einem Holzgitter und Schloß verriegelten - Strandkorb, andere scheinbar leer und verfügbar. Doch wehe, wenn man sich in den Sandwällen niederließ, den eine Familie gestern in stundenlanger Kleinarbeit errichtet hat, deren Wälle sie mit Schippe und Schaufel geglättet und mit dem Familiennamen in Muscheln beschriftet hat.\nDas heutige Strandbild ist bunter und dichter gepackt.\nSchuld daran sind emsige Chinesinnen, die in schlecht belüfteten Sweatshops die Strandmuscheln nähen, die man heute überall für Zwölf Euro Neunzig kaufen kann. So können Strandbesucher des 21. Jahrhunderts ohne größere Erdarbeiten zur Errichtung eines Windschutzes sich gleich auf das eigentliche Business konzentrieren, also wahlweise in der Sonne braten oder - wenn sie schlauer sind - baden gehen.\nUnd so kommt es, daß das Strandbild 2004 geprägt wird von hunderten bunter Strandmuscheln - außer dort, wo noch Zucht und Ordnung herrscht und man der Arbeitslosigkeit der Strandkorbwächter durch Regulierung des Marktes Einhalt geboten hat.\nStrandmuschelaufbauern zuzusehen- insbesondere wenn Wind ist - ist übrigens ein Quell unendlicher Belustigung. Papa rollt die Zeltbahn aus und steckt dann mehr oder weniger planlos Stange um Stange in das gute Stück, um am Ende mit einem riesengroßen bunten Drachen in der Hand herumzustehen und Mama zuzubrüllen, wo die die Heringe zu setzen hat.\nDabei kann es so einfach und schmerzlos sein, wenn man mit dem Wind und von unten nach oben arbeitet: Bahn quer zum Wind ausrollen, Heringe 1+2 rein, Stange 3 rein und die Muschel steht. Heringe 4+5 rein und mit der Stange 6 und ihrem Gegenstück auf der anderen Seite versteifen. Das geht mit einer Person und ganz ohne Drama - und vor allen Dingen, ohne daß sich die Strandmuschel in ein vom Wind getriebenes Geschoß verwandelt, das einmal über den Strand fegt\u0026hellip;\n","date":"2004-08-04T00:00:00Z","href":"https://blog.koehntopp.info/2004/08/04/der-unaufhaltsame-niedergang-der-strandburg.html","tags":["kiel","lang_de"],"title":"Der unaufhaltsame Niedergang der Strandburg"},{"categories":null,"content":" Zwei 1250 PS Schiffsdiesel powern das Rechenzentrum von web.de.\nGestern um 20:00 Uhr hat es eine Schaltstation in einem Wohngebiet in Durlach zerlegt. Das Stromausfallgebiet erstreckt sich von der Auer Straße/Amalienbadstraße bis zur B3/Turmbergstraße, also einmal quer durch Durlach.\nDie Stadtwerke sind die ganze Nacht dabei gewesen, für Ersatz zu sorgen, aber bisher ist immer noch kein Saft da - selbst die Turmuhr steht noch immer. Daheim gehen Kabelfernsehen und QSC nicht. In der Firma gibt es seit gestern abend handgepreßten Dieselstrom. Beide Schiffsdiesel sind gut dabei und produzieren wie geplant Notstrom ohne Ende. Alle Systeme sind online und funktionieren normal, lediglich die internen Arbeitsplätze sind vorübergehend eingeschränkt. Wir werden also bis zur Wiederherstellung der Zivilisation ohne Helpdesk und Hotline auskommen müssen.\nUpdate: Wiederanschaltung Durlach 12:00 Uhr, Wiederanschaltung im Werk um 17:00 Uhr - 21 Stunden Dieselpower. Das ist fast wie ARRL Field Day, nur mit ganzen Rechenzentren.\nUpdate: Brand in Schaltwerk legt Stadtteile lahm Stromausfall in Karlsruhe Brand in Schaltwerk legt Stadtteile lahm\nKarlsruhe - Nach einem Brand im Schaltwerk Schinnrainstraße, waren gestern Abend gegen 20 Uhr die meisten Haushalte in Karlsruhe-Durlach, Aue und Wolfratsweier ohne Strom. Der Brand wurden durch einen Lichtbogen verursacht. Fachleute der Stadtwerke konnten bis 21.30 Uhr zumindest über drei Viertel des Stadtteils wieder mit Strom versorgen. Durch Provisorien mit fünf großen Notstromaggregaten und zahlreichen Notkabeln konnte dann am frühen Morgen alle Stadtteile wieder versorgt werden.\nDas Schaltwerk in der Schinnrainstraße kann als Herz der Durlacher Stromversorgung bezeichnet werden. Durch den Brand wurde es aber stark bestätigt. Die Stadtwerke werden in den kommenden Tagen die Brandfolgen und die Kabel-Provisorien beseitigen und das Netz wieder in einen stabilen Zustand überführen. \u0026ldquo;Ich bitte die betroffenen Bürger herzlich um Verständnis. Unsere Mitarbeiter tun alles Menschenmögliche, um schnellstens alle Schäden zu beseitigen\u0026rdquo;, entschuldigte sich Stadtwerke-Geschäftsführer Dr. Karl Roth für den Stromausfall. (tmr)\n","date":"2004-07-24T00:00:00Z","href":"https://blog.koehntopp.info/2004/07/24/aus-wirklich-aus.html","tags":["karlsruhe","lang_de"],"title":"Aus. Wirklich aus?"},{"categories":null,"content":" Bereits letzten Donnerstag hat Zak Greant, die Community-Kontaktperson bei MySQL, die Version 1.5 der MySQL FLOSS License Exception veröffentlicht.\nException IntentWe want specified Free/Libre and Open Source Software (\u0026ldquo;FLOSS\u0026rdquo;) applications to be able to use specified GPL-licensed MySQL client libraries (the \u0026ldquo;Program\u0026rdquo;) despite the fact that not all FLOSS licenses are compatible with version 2 of the GNU General Public License (the \u0026ldquo;GPL\u0026rdquo;).\nWir erinnern uns: Wie in MySQL und die Lizenzen dargestellt, hat MySQL mit der 4er Serie des MySQL-Paketes die Lizenz der Client-Bibliotheken von LGPL auf GPL geändert. Dabei kam es zu den im Artikel dargestellten Lizenzproblemen.\nDie MySQL FLOSS License Exception behebt (endlich!) dieses Problem.\nGrundidee der Lizenzänderung war\nIf you are commercial, we are commercial. If you are Free and Open, we are Free and Open.\nMySQL wollte also kommerziellen Programmen die Möglichkeit nehmen, die MySQL Clientbibliotheken einzubinden ohne eine MySQL Lizenz zu erwerben. Doch nicht alle freien Lizenzen sind kompatibel mit der GPL, und insbesondere ist die PHP-Lizenz (eine Abwandlung der Apache-Lizenz) nicht mit der GPL kompatibel.\nDamit man PHP weiter mit MySQL zusammen herstellen oder vertreiben darf, und damit Linux-Distributionen weiter MySQL-Client und MySQL-Server zusammen vertreiben dürfen, war die License Exception notwendig. Regelung \u0026ldquo;0.b\u0026rdquo; der Exception stellt dabei Kompatibilität mit den in Regelung 1 genannten Lizenzen her, Regelung \u0026ldquo;0.c\u0026rdquo; erlaubt die Verteilung von MySQL auf Linux Distributionen, die auch Nicht-GPL Daten und Programme enthalten.\nDamit ist von der Seite der free software community nun endlich alles geregelt. Von der MySQL-Seite aus bleibt das Schluploch mit dem SQL-Relay, aber \u0026hellip; nunja.\n","date":"2004-07-19T00:00:00Z","href":"https://blog.koehntopp.info/2004/07/19/mysql-floss-exception.html","tags":["php","lang_de"],"title":"MySQL FLOSS Exception"},{"categories":null,"content":"In \u0026ldquo;ADO-donkey\u0026rdquo; will prevail , johnlim writes:\nPHPLib was the most popular database library for PHP3. Today it seems to be a bit old and is no longer popular. I have never talked to the PHPLib developers, but I can speculate on the reasons:\nPHPLib has PHP3 functionality that is obsolete because it is provided natively by PHP today, such as sessions support. PHPLib tried to do too much. It handled both paging, templating and database access. Other more specialised database libraries have superseded it. The PHPLib developers are involved in other activities such as PEAR, or have lost interest perhaps? As one of the principal designers of PHPLIB, I am entitled to clear things up.\nPHPLIB was fallout. When I was doing web application design for NetUSE /SHonline in the final days of PHP/FI and during the PHP3 RCs, I pretty quickly came across the Session problem. I was at all times carrying around a large number of persistent variables in GET and POST requests, and was revalidating them over and over due to their source being the untrustworthy Internet.\nI asked on the PHP support mailing list, and got my hands on a piece of code by Rasmus, which serialized an array of at most three dimensions into a string. Together with Boris Erdmann, with whom I was working at that time, I wrote a more generic serializer, which could handle about any number and any type of variable including objects. This, plus an authentication and authorization scheme plus a very simple and lightweight database wrapper class became the core of PHPLIB .\nWe released the code to our little library under the LGPL thanks to the generosity of the company we worked for, and in order to get other people to contribute to it, be it with documentation, testing or even code. And contributions we got, from inside of NetUSE /SHonline by Ulf Wendel, and from the outside.\nThen two things happened: Sascha Schumann met the PHP team and started recoding the PHPLIB session handling into what became PHP 4, and SHonline was reintegrated into NetUSE and I moved on to other departments inside the company. Because I was no longer doing web development, and Sascha\u0026rsquo;s native PHP 4 session handling did just fine for my purposes, thank you, I no longer had any use for PHPLIBs code, perhaps besides the database wrapper.\nThe PHPLIB database wrapper was never intended to be a database abstraction anyway - being raised on NeXTstep and its Enterprise Objects toolkit, I subscribe to many aspects of Jeremy\u0026rsquo;s essay Database Abstraction Layers must die! . The database wrapper has its purpose mainly in that it encapsulates the database access information (user, password, host, database), and enforces proper error handling. It may also manage a connection pool, if the deployment environment has provisions for that. But there is little use for a unified database access API in PHP (or anywhere else).\nSQL dialects and the inner workings of SQL databases are suitably different so that different access strategies are needed for different databases. There is little use for \u0026ldquo;take a unified SQL statement and push it to whatever database happens to be below the application\u0026rdquo;, which is what most PHP database abstraction layers promise to do.\nWhat is needed is a persistence layer abstraction instead. Objects model the entities and relations of the storage model and provide the application with the data access API the application needs. Inside, the objects generate whatever suitably optimized statements are required to talk to the concrete persistence layer below the application and execute them.\nThis is what EO did on NeXTstep and this is what makes sense, if you happen to be able to keep around database connections and ER model objects between requests, because otherwise the overhead in code and object instantiation is just to high - Ulf tried, I tried, we failed.\nKeeping instances of objects between requests requires an application server, things like PHP Bananas and the Vulcan Logic thingy or similar. PHP has no such deployment model that is production quality and so I did not pursue that avenue for development any further.\nTo sum it up:\nYes, PHPLIB is obsolete. Use the native PHP session support for session management, use Smarty for templating and use AdoDB for database access. These are much more tailored to current PHP development styles than PHPLIB and they are under active development. Avoid PEAR, unless the class of choice can live without PEAR.php, which is fat and ugly. No, PHPLIB did never try to be a database abstraction library, it tried to be a web application development suite and it was fairly successful at that during its time. Yes, the PHPLIB developers have been moving on to things outside of the world of PHP. ","date":"2004-07-15T00:00:00Z","href":"https://blog.koehntopp.info/2004/07/15/why-phplib-did-vanish.html","tags":["php","damals","lang_de"],"title":"Why PHPLIB did vanish"},{"categories":null,"content":"Appliances sind eine Pest. Egal, welche Farbe sie haben und was sie tun.\nEine Appliance ist irgendein geschlossenes Gerät, das im lokalen Netz hängt und dort irgendwelche Funktionen erbringt, ohne daß man sich darauf einloggen kann oder sonstwie auseinander bauen kann. Eine Appliance ist ein Service in einer Kiste. Das Problem ist nicht der Service, das Problem ist die Kiste und die Tatsache, daß sie zu ist.\nLeute tun Services in Appliances, weil sie glauben, daß sie dadurch Komplexität verbergen und die Administration des Netzwerkes vereinfachen. Statt sich um einen Rechner mit Betriebssystem, Konfiguration und Service kümmern zu müssen, hat man nun einfach nur noch einen Service, um den man sich kümmern kann. Der Rest verschwindet durch die Tatsache, daß die Kiste zu ist.\nNatürlich nicht.\nEs gibt zwei Arten von Appliances, und beide haben unterschiedliche Sorten von Problemen.\nDas eine sind \u0026ldquo;embedded appliances\u0026rdquo;, kleine Kisten mit einem Betriebssystem im ROM oder im Flash. Sie haben meist wenig Prozessorpower, wenig Speicher und keine Festplatte. Solche Appliances sind etwa HP Printserver als Bestandteil von Druckern, Voice-IP Telefone oder DSL Access Router und ähnliches Kroppzeugs. Diese Sorte Geräte wird meistens Opfer ihrer eigenen begrenzten Ausstattung - weil CPU-Leistung und Speicher in solchen Geräten begrenzt sind, sind Protokollimplementierungen in diesen Geräten oft haarscharf an der Spec vorbei, sie haben oft ein undefiniertes Fehlerverhalten, arbiträre Längenbegrenzungen und unterentwickelte Diagnosemöglichkeiten. Sicherheitsfeatures, die eigentlich dringend notwendig wären, fehlen komplett.\nBeispiele für typische Symptome:\nPrinter, die angeblich bootp/DHCP sprechen, aber bei Paketen mit mehr als 512 Byte spontan in einen Reboot verfallen (nachdem sie erneut bootp/DHCP machen, wieder mehr als 512 Byte bekommen \u0026hellip;). VoIP Telefone, die angeblich XML können, aber nur etwas sehr viel beschränkteres als XML akzeptieren. Das Repertoire an Fehlermeldungen beschränkt sich auf \u0026ldquo;Host nicht erreichbar\u0026rdquo; und \u0026ldquo;Irgendwo in Deinem XML war irgendwas nicht so wie ich das gerne hätte.\u0026rdquo; Geräte beziehen Flash-Updates per TFTP. Über das Internet vom Hersteller. Ungesichert, unauthentisiert und unsigniert. Und werden so zu Spam-Relays oder remoten Netzwerksniffern. DSL Access Router mit NAT und Firewall, die bei der durchschnittlichen Anzahl an Esel-Connections in einer handelsüblichen WG den Überlauf der Connection-Tabelle wegen Speichermangel mit einem spontanen Systemstillstand quittieren (Ok, das würden manche als Feature sehen). Das andere Problem sind \u0026ldquo;colored Boxes\u0026rdquo;, seien sie jetzt blau, gelb, orange oder sonstwie gefärbt. Es handelt sich bei diesen Geräten meistens um ausgewachsene 1U-PCs oder bunte Würfel, mit einer dicken CPU, ausreichend Speicher und einer Platte. Auf ihnen läuft eine heftig angepatzte Version von Linux, BSD oder einem anderen Standardbetriebssystem, eine Anwendung, die den Lebenszweck der Box darstellt, und eine Web-GUI.\nColored Boxes sind ebenfalls problematisch: Sie enthalten ein vollständiges Standardbetriebssystem mit dem vollständigen Standardsortiment an Fehlern, bekommen aber nicht das Standardsortiment an Security-Patches, das auf selbstgebaute, offene Kisten angewendet wird. Sie erschließen die Funktionalität der Anwendung über eine Web-GUI, die die üblichen Probleme von Web-GUIs hat, also kaputtes Statehandling, unzureichende Prüfung von Eingabeparametern, Injection-Bugs, XSS und was dergleichen mehr für Spaß sorgt. Und wenn man sie mal gegen die Wand konfiguriert hat, kriegt man - closed box - keine Shell, mit der man sie mal eben glattziehen oder reinstallieren könnte.\nTypische Probleme von colored Boxes sind beispielhaft:\nSecurity Patches für die auf dem Betriebssystem installierte Distribution sind gar nicht oder nicht ausreichend schnell verfügbar. Der Weg, auf dem die Box die Patches beziehen will ist mit dem Einsatz in einer Produktionsumgebung nicht vereinbar und die Box drückt sich beim Update die Nase an der Firewall platt, weil man keinen lokalen Patchserver einstellen kann. Die mitgelieferte Web-GUI ist ein Hort von Scriptingfehlern und dient als Exploitsammlung Wenn die Dinger erst einmal gerootet sind, sind sie genauso gefährlich wie ein offenes Linux oder BSD (weil sie ein Linux oder BSD sind), solange sie nicht gerootet sind, kann man sie aber nicht pflegen, weil man nicht drauf kommt. Gegen die zweite Sorte Appliances - colored boxes - kann man etwas tun. Nämlich entweder selber machen, oder jemanden kaufen, der es selber machen kann und den dann tun lassen.\nGegen die erste Sorte Appliances kann man wenig tun. Mit Netzwerkdruckern, DSL- und WLAN-Accesspoints, Webcams mit Ethernet-Interface und neuerdings VoIP-Geräten schleichen sich immer mehr dieser Geräte in ein typisches Desktop-LAN und wird dort früher oder später zu einem unkalkulierbaren Risiko.\nWieviele Printserver, VoIP-Telefone oder WLAN-APs sind in Eurem Netz? Was ist, wenn jemand für diese Geräte einen Exploit hinbekommt? Wie managed Ihr dieses Risiko in Eurem Netz?\n","date":"2004-07-13T00:00:00Z","href":"https://blog.koehntopp.info/2004/07/13/appliances.html","tags":["security","lang_de"],"title":"Appliances"},{"categories":null,"content":"Ältestes auffindbares USENET Posting von mir . Das war vor 15 Jahren.\n","date":"2004-07-05T00:00:00Z","href":"https://blog.koehntopp.info/2004/07/05/alte-saecke-online.html","tags":["computer","damals","usenet","lang_de"],"title":"Alte Säcke online"},{"categories":null,"content":"Ich verbrauche wohl ganz schön viel Strom. Für den Zeitraum vom 01.11.2003 bis zum 14.06.2004 rechnen die Stadtwerke Karlsruhe jedenfalls 3177 kWh ab.\nDas sind aufgerundet für ein Jahr etwa 5000 kWh, inklusive Strom zum Kochen und für Warmwasser.\nArmin kommt auf 2365 kWh und findet das schon viel. Wieviel Strom zieht Ihr so weg im Jahr und wofür?\n","date":"2004-07-01T00:00:00Z","href":"https://blog.koehntopp.info/2004/07/01/kilowattstunden.html","tags":["karlsruhe","lang_de"],"title":"Kilowattstunden"},{"categories":null,"content":" Warum Wachstum weh tut \u0026ldquo;Systemadministration\u0026rdquo; Eine Aufgabe, die in sehr unterschiedlichen Größenordnungen kommt Ein mögliches Maß: Anzahl der betroffenen Benutzer 10^1 - für sich selbst und seinen Partner oder für eine WG 10^3 - für einen kleinen Verein (\u0026ldquo;Toppoint e.V\u0026rdquo;, \u0026ldquo;INKA\u0026rdquo;) 10^5 - für ein kleines Internet Unternehmen 10^7 - für ein großes Internet Unternehmen Die Aufgabe verändert sich nicht, aber die möglichen Lösungen und die daran hängenden Strukturen Wachstum ist eine Folge von Erfolg Ich muß mit meinem Erfolg wachsen. Ich kann nicht planen. Beispiele: Stark schwankende Dienstenutzung (\u0026ldquo;Grußkarten\u0026rdquo;) Strukturveränderung in Diensten (\u0026ldquo;POP3 vs. IMAP\u0026rdquo;, \u0026ldquo;SSL\u0026rdquo;) Dienste mit unbekannter Akzeptanz (\u0026ldquo;Videomail\u0026rdquo;) Dienstwachstum erfordert strukturelle Veränderung (\u0026ldquo;Freemail\u0026rdquo;) Limits Limits in Hardware und Software Hardwaregrenzen Intel-Hardware: 4 CPU, x GB RAM, 60 MB/sec Random I/O Softwaregrenzen Die verwendete Datenbank fällt bei bestimmten Daten- und Lastgrößenordnungen schlicht auseinander oder degradiert über die Zeit. Hotspots Ein stark belasteter Block bremst die Gesamtperformance eines RAID-Systems Reaktionen auf Wachstum Wachstum erfolgt aus dem Betrieb \u0026ldquo;Jetzt wachsen\u0026rdquo; =\u0026gt; \u0026ldquo;mehr Kisten\u0026rdquo; Kurzfristige und längerfristige Lösungen gleichzeitig verfolgen Das ist nicht immer schön Lastverteilung: DNS RR Loadbalancer Appliance Linux Virtual Server Applikation verteilt (login, hashes) Schreibrate beeinflußt die Architektur Livebetrieb auf Snapshots und Kopien Zentrale Datenhaltung bildet Flaschenhälse Anwendungen verteilbar realisieren Erfahrungen Hardware ist billiger als Software\nSoftware ist billiger als Leute\nHardware ist schneller als Software\nSoftware ist schneller als Leute\nDer Preis ist nie das Problem.\nLösbarkeit in Zeit ist das Problem\nZentrale und dezentrale Systeme Historisches Wechselspiel Hosts PCs Zentraler Storage, zentrales drucken Workstation Cluster Zentrale Administration Webanwendungen Zentrale Anwendungsinstallation, zentrale Datenhaltung Webanwendungen können im RZ verteilt werden -\u0026gt; Cluster Webanwendungen können dezentral ablaufen -\u0026gt; Applets, Thin Clients Einflußfaktoren: Netzbandbreite und Latenz vs. zentrale Rechenleistung Dezentralisierung funktioniert. Limits in der verfügbaren Hard- und Software erzwingen dezentrale Systeme Zentrale Systeme haben immer ein wachstumsbegrenzendes Limit. Verteilung: Zustand bremst. Zustandslos verteilen! Writes bremsen. Dezentral schreiben! Synchronisation bremst. Asynchrone Strukturen bauen! \u0026ldquo;Berg der Verzweiflung\u0026rdquo; Architektur Freemail: Plugin im Webserver (eine Art PHP/FI) Alle Funktionen des Dienstes in einer Schicht als Teil des Webservers Differenzierung Funktionstrennung Multi-Tier Architektur für zwei Dutzend Teildienste Folgen: Abhängigkeiten-Netze Debug-Komplexität Update-Komplexität Un-Architektur Architektur vs. Betriebliche Erfordernisse Manche Probleme löst man nur durch brachiale Gewalt Das Resultat ist niemals ästhetisch. Aber es macht die Kasse voll. :) Problem: Dokumente liefern Informatiker-Lösung: Dokumentenserver in Corba-Dienst verpacken Details wegabstrahieren Folge: Performance\u0026hellip; läßt Wünsche offen Lösung: NFS, Datenbank liefert Dateinamen Laufender Dialog mit der F\u0026amp;E Denormalisierung Problem: Speicherung von Mail-Headerinformationen in Datenbanken Informatiker-Lösung: 3NF Datenspeicher Folge: Datenbank explodiert Lösung: Messen. Hotspots identifizieren. Denormalisierung. Daraus folgend: Fehler → Fehlerbehandlung Der ganz normale Wahnsinn Problem: \u0026ldquo;Ab morgen machen wir SSL\u0026rdquo; Folgen? Architektur (mod_gzip + mod_ssl?) Infrastruktur CPU? CPU-Verteilung aka Balancing? Rackspace? Logistik Installation? Rollout? Katalog vs. Reality Hersteller nehmen den Mund gerne voll. \u0026ldquo;4400 RSA-Operations pro Sekunde\u0026rdquo; Resultat: Montag Mittag, 0% Idle, Totalstillstand \u0026ldquo;SAN Storage Lösungen\u0026rdquo;, \u0026ldquo;sie sind eher einer unserer kleineren Kunden\u0026rdquo; Resultat: Systemstillstand beim Erstellen von Snapshots, \u0026ldquo;mit so vielen kleinen Dateien haben wir nicht gerechnet\u0026rdquo; \u0026ldquo;x tausend Firewall-Connections pro Sekunde\u0026rdquo; \u0026hellip; Reiserfs, XFS \u0026hellip; Erfahrungen Normalisierung gut!\nDenormalisierung besser!\nArchitektur gut!\nEinfache Konzepte besser!\nTrau keinem Katalog!\nAlle Hersteller versagen in der Praxis.\n\u0026ldquo;XP\u0026rdquo;: Architektur als Prozeß:\nTu\u0026rsquo; nur was notwendig ist. Behalte die Vision im Hinterkopf.\nKritik: Was ist mit Projektkriterien? Mache kurze, überschaubare Projekte (\u0026lt;3 Monate) Sei bereit, Dinge wegzuwerfen. Projekt \u0026lt;-\u0026gt; Prozeß\nServiceprozesse Prozesse nach Außen Testballon -\u0026gt; virtueller SLA Auch wenn es kostenlos ist erwartet der Kunde, daß es funktioniert. Ausbildung von Supportstrukturen Steigerung der Abhängigkeiten -\u0026gt; Steigerung der Erwartungen \u0026ldquo;Der User ist produktiv.\u0026rdquo; Prozesse nach Innen Differenzierung Allroundqualifikation -\u0026gt; Spezialistenbildung Kommunikationsbedarf Dinge explizit machen Dokumentation Prozesse Verantwortungen Prozesstrennungen ITIL (\u0026ldquo;The IT Infrastructure Library\u0026rdquo;) ITIL Phasen in der F\u0026amp;E (\u0026ldquo;Funktionalität\u0026rdquo;) ITIL Phasen in der IT (\u0026ldquo;Verfügbarkeit, Wachstum und Qualität\u0026rdquo;) Was F\u0026amp;E macht, ist allgemein bekannt. Was IT macht, können die meisten Leute nicht benennen. Abgrenzung gegen F\u0026amp;E Abgrenzung gegen Support Trennung von IT und F\u0026amp;E wird oft nicht durchdacht. Ausblick Spannungsfelder Zentral \u0026lt;-\u0026gt; Dezentral Projekt \u0026lt;-\u0026gt; Prozeß \u0026ldquo;Jetzt\u0026rdquo; \u0026lt;-\u0026gt; \u0026ldquo;Richtig\u0026rdquo;, \u0026ldquo;Ordentlich\u0026rdquo; \u0026ldquo;F\u0026amp;E\u0026rdquo; \u0026lt;-\u0026gt; \u0026ldquo;IT\u0026rdquo; \u0026lt;-\u0026gt; \u0026ldquo;Support\u0026rdquo; ","date":"2004-06-23T00:00:00Z","href":"https://blog.koehntopp.info/2004/06/23/von-10-hoch-3-nach-10-hoch-7.html","tags":["publication","talk","linux","lang_de"],"title":"Von 10^3 nach 10^7: Wachstumsschmerzen mit Linux"},{"categories":null,"content":"SonicWall preist den SSL Offloader SSL-RX an als\nSonicWALL SSL Offloaders completely offload all encryption, decryption and secure processes from Web servers, accelerating the performance of Web sites and applications with an affordable, scalable and reliable solution.\nDas Gerät wird angegeben mit \u0026ldquo;Up to 4.400 peak RSA operations per second, 30.000 concurrent connections, 300.000 session cache\u0026rdquo;.\nDie Kiste funktioniert in einer möglichen Betriebsart als Bridge, die vor die Webserver geschnallt wird und alle Verbindungen (ssh, http) unverändert durchläßt, https aber decodiert und nach hinten als http etwa auf Port 82 weiterreicht, um dann die Antworten zu nehmen und nach vorne als https auf Port 443 zu verkaufen.\nUnglücklicherweise schafft das Gerät nicht das, was ich mir davon erhofft habe - offensichtlich sind \u0026ldquo;4.400 peak RSA operations per second\u0026rdquo; nicht 4.400 SSL-Connects pro Sekunde. Außerdem ist das Fehlerverhalten sehr unglücklich - wenn die CPU erst einmal 100% busy ist, macht das Gerät als Bridge vollkommen dicht und man kommt nicht nur mit https, sondern auch mit http und mit ssh nicht mehr durch den Offloader an die Webserver heran.\nNun stellt sich mir die Frage, wieviele RSA-Operations wohl ein SSL-Connect sind, und wieviele SSL Connects pro Sekunde man von der Schachtel erwarten darf.\n","date":"2004-06-22T00:00:00Z","href":"https://blog.koehntopp.info/2004/06/22/die-schallmauer-durchbrechen.html","tags":["security","lang_de"],"title":"Die Schallmauer durchbrechen..."},{"categories":null,"content":"Der Artikel Filesysteme sind Datenbanken von Matthias Leisi regt mich an, hier mal ein paar Sachen aufzuschreiben, die ich schon länger vor mir her kullere.\nDie meisten Unix-Dateisysteme trennen eine \u0026ldquo;Gruppiere Blocks in Dateien\u0026rdquo;-Ebene (Blockverwaltung) und die \u0026ldquo;Gruppiere Dateien in Hierarchien\u0026rdquo;-Ebene (Namensraumverwaltung) voneinander. Die Blockverwaltung ist relativ gut verstanden und der I/O-Layer von Datenbanken überlegen. Die durch WinFS ausgelöste Diskussion findet stattdessen im Bereich Namensraumverwaltung statt.\nBlockverwaltung und die Überlegenheit der Filesystem API Die Ebene der Blockverwaltung bei Dateisystemen ist sehr hoch optimiert und muß akzeptable Performance unter extrem variablen Benutzungspatterns abliefern können. Ein einzelnes Dateisystem kann im selben Moment sehr viele kleine Dateien enthalten, wie sie zum Beispiel in einem Cyrus-Mailspool oder einem INN tradspool vorkommen, und einige wenige sehr große Dateien, wie sie zum Beispiel von einer Datenbank angelegt werden. Es muß damit zurecht kommen, daß eine Anwendung sehr viele sehr kleine Dateien in Folge öffnen will - der IMAP-Server, der durch den Mailspool tobt, und daß zeitgleich sehr viele andere Anwendungen auf einer großen Datei hin- und her seeken und zeitgleich Stücke der dieser großen Datei beschreiben und lesen wollen - die Threads der Datenbank, die auf das Datenbankfile zeitgleich einschlagen.\nDie API, mit der dies abgewickelt wird, ist extrem simpel - das open/read/write/seek/close/lock-Interface ist steinalt und sehr gut getestet. Es ist - inklusive von neueren Optimierungen wie readv/writev und mmap - auch sehr effizient und erlaubt es Anwendungen, Daten von der Platte zu lesen oder auf die Platte zu schreiben, ohne daß das Betriebssystem dafür Bytes umkopieren müßte. Es ist sogar so effizient, daß einige Datenbanken die Option bieten, auf BLOB-Daten mit Hilfe dieser API zuzugreifen, indem die Datenbank die Tabelle, bzw. die Objekte in der Tabelle als NFS-Dateibaum exportiert.\nAuf dieser Ebene des Dateisystems geht es also nicht darum, irgendwelche Queries zu beantworten oder Daten wiederzufinden, sondern nur darum, Daten mit sehr heterogener Granularität und sehr variablen Anforderungen an den Zugriff möglichst effizient in den Speicher zu schaffen bzw. auf die Platte zu befördern.\nDateisysteme machen - zumindest in Unix - keine Annahmen über die Struktur von Daten. Dateien als solche sind strukturlose Blobs, und den Anwendungen steht es dann frei, eine Struktur in die Daten hinein zu interpretieren. Das System aber hält seine Finger da heraus, und manipuliert Dateien entweder als Klotz, oder Stücke davon als Byteranges.\nDas ist eine bewußte Entscheidung der Entwickler von Unix gewesen, nachdem sie Erfahrungen mit anderen Systemen hatten und wußten, wieviel mehr Komplexität auf Systemebene notwendig ist, damit Dateien mit Satzstrukturen behandelt werden können. Andere Systeme zu dieser Zeit haben Dateien mit Satzstrukturen implementiert (ISAM-Files und ähnliches), und sind damit eher weniger gut gefahren: Datenbanken als Userland-Anwendungen sind leichter zu implementieren und zu optimieren als Datenbanken als Teil des Kernels, und Datenbanken als Teil des Kernels bieten keine Performance-Vorteile.\nWir nehmen die Folgende Liste der Vorteile auf der Ebene der Blockverwaltung mit:\nKeine Annahmen über die Struktur erlaubt Freiheit in der Definition der Datenstrukturen und Freiheit in der Strukturierung der Zugriffe. Zero Copy I/O Namensraumverwaltung Man kann sich die Blockverwaltungsschicht wie ein einziges großes Verzeichnis ohne Unterverzeichnisse vorstellen, in dem alle Dateien eines Dateisystems enthalten sind, und zwar mit ihrer Inode-Nummer als Name. Die Aufgabe der Namensraumverwaltung ist nun, die Pfadnamen, die im Userland gebräuchlich sind, in Inodenummern zu übersetzen. Auf der Ebene der Blockverwaltung arbeitet Unix dann immer nur mit den Inodenummern und den daran hängenden Verwaltungsstrukturen, den Inodes. Es gibt keine Funktion openi() (\u0026ldquo;Open File by Inode number\u0026rdquo;) in der Kernel-API.\nÜber dieser Schicht liegt die Namensraumverwaltung. Die ist in unixoiden Systemen traditionell hierarchisch strukturiert und der Zugriff auf Daten erfolgt immer über Pfadnamen relativ zum aktuellen Verzeichnis eines Prozesses oder zur aktuellen Wurzel des Dateisystems eines Prozesses. Dies ist ein sehr simpler Mechanismus der Strukturbildung auf dem flachen See der Inodenummern, der viele Jahre ausgereicht hat, um Dateien zu sortieren und wiederzufinden.\nZur Zeit geschieht dies immer intern im Kernel. Die Funktion, die dies macht, bekommt entweder das aktuelle Wurzelverzeichnis des aufrufenden Prozesses (wenn der Dateiname mit / anfängt) oder das aktuelle Arbeitsverzeichnis (in allen anderen Fällen) als Startwert und übersetzt den Pfadnamen dann Schritt für Schritt rekursiv in eine Folge-Inodenummer und einen Pfadrest.\nWir nehmen an Gedanken aus dieser Sektion mit: Die Ansteuerung von Dateien erfolgt in Unix traditionell über den Pfad und nicht über eine ID wie die Inode-Nummer. Das Auflösen des Pfadnamens in eine Inode-Nummer erfordert weitere, über die Rechte an der Datei hinausgehende Zugriffsrechte, die vom verwendeten Pfadnamen abhängen. Für ein modernes Rechtesystem ist das weder notwendig noch wünschenswert, und es sollte möglich sein, Dateien über eine ID - die Inode-Nummer oder eine Datei-UUID anzusprechen. Windows- und Apple-Dateisysteme erlauben dies sogar schon zum Teil.\nAndere Strukturbildner Einige Artikel diskutieren nun andere Strukturbildner für ein Dateisystem. El Reg hat zum Beispiel ein Interview mit den Entwicklern von BeOS über die Probleme, die sie bei der Entwicklung der BeOS \u0026ldquo;Dateisystem\u0026rdquo;-Datenbank gehabt haben. Dem Interview kann man entnehmen, daß eine Datenbank im Userland zwar keine Performance-Vorteile hat, aber die Synchronisation zwischen Datenbank und Dateisystem leichter zu realisieren ist, wenn entsprechende Synchronisationsprimitive existieren und das Interface zu diesen Funktionen ist leicher zu realisieren, wenn die Datenbank Teil des Kernels ist.\nDie Beispiele, die für BeOS gegeben werden, gehen von einer traditionellen Datenbank mit Feldern und Werten aus. Der Artikel mit dem langatmigen Titel Namespaces As Tools for Integration the Operating System Rather As Ends in Themselves schildert die Sicht von Hans Reiser auf dieses Problem. In dem Artikel versucht Hans Reiser zu erläutern, warum er eine feste Tabellenstruktur oder RDF-Syntax für eine Abfragesprache in Dateisystemen eher für sinnlos halt. Seine Beweisführung streift schon fast das Argument \u0026ldquo;Google für Dateisysteme\u0026rdquo;. Wenn er dann jedoch beginnt, eine Abfragesprache mit einer \u0026ldquo;dateinamenähnlichen\u0026rdquo; Syntax herzuleiten, erkennt man wieder Strukturen mit einer \u0026ldquo;Name=Wert\u0026rdquo;-Syntax.\nReiser geht davon aus, daß es Dateisystem-Plugins gibt, die er Klassifikatoren nennt. Diese Plugins generieren Schlüsselwerte, unter denen die Datei zu finden ist. In einem traditionellen Unix-Dateisystem stellt der Benutzer die Schlüssel bereit, indem er eine Datei unter einem Namen in einem Verzeichnis ablegt (und durch Links kann eine Datei unter mehr als einem Schlüssel abgelegt sein). In Reisers Modell werden weitere Schlüssel automatisch generiert - abhängig vom Typ der Datei. Das kann etwa ein Volltextindex sein - eine Datei ist dann unter allen in der Datei vorkommenden Worten zu finden, oder es können Schlüssel-Schlüsselwert Paare sein wie \u0026ldquo;mime-type: audio/mp3\u0026rdquo;, \u0026ldquo;subject: strike\u0026rdquo; oder \u0026ldquo;from: santa\u0026rdquo;.\nIn seiner Syntax ist \u0026ldquo;/etc/passwd\u0026rdquo; die Datei passwd in der \u0026ldquo;etc\u0026rdquo;-Gruppierung, während \u0026ldquo;[dragon gandalf bilbo]\u0026rdquo; die Datei ist, die den drei genannten Schlüsselwerten zugleich genügt. Später verallgemeinert er dann den \u0026ldquo;/\u0026quot;-Operator zu einer \u0026ldquo;Syntax Barrier\u0026rdquo; und kommt so zu Queries mit \u0026ldquo;Funktionen\u0026rdquo; wie \u0026ldquo;case-insensitve/[computer privacy laws]\u0026rdquo;, zu Security Barriers wie \u0026ldquo;[my secrets]/[love letter susan]\u0026rdquo; und zu einer Attributsyntax wie \u0026ldquo;[subject/[illegal strike] to/elves from/santa document-type/RFC822 ultimatum]\u0026rdquo;. Er weist darauf hin, daß man zu einer quasi-relationalen Query gelangt, wenn man das vorhergehende Beispiel zu \u0026ldquo;[subject/strike to/elves from/santa document-type/RFC822]\u0026rdquo; vereinfacht.\nObjektklassen und Attributsyntax Und an dieser Stelle landet man dann bei weiterem Nachdenken bei LDAP. Während LDAP eine stark denormalisierte Datenbankstruktur ist (LDAP ist nicht einmal in erster Normalform), besteht der Wert von LDAP paradoxerweise darin, ein sehr rigides Datenmodell zu haben. LDAP definiert einige Datentypen und die für diese Datentypen zugelassenen Attribute sowie ein Vererbungssystem für Typen. Alle LDAP-Anwendungen verwenden diese Datentypen oder erben von ihnen, sodaß unterschiedliche LDAP-Storages untereinander kompatibel sind.\nDer Wert von LDAP besteht also nicht im Storage oder der Abfragesprache (beide sind kaputt bzw. unvollständig), sondern im Schema und im Wire-Protokoll, die beide extrem interoperabel sind und die interoperabel erweiterbar sind. Der Wert von LDAP liegt also in der Normierung.\nDiese Überlegung ist auch auf eine Dateisystem-Abfragesprache anwendbar: Betrachtet man die Beispiele von Reiser genauer, findet man im Grunde zwei Szenarien, die Reiser unterscheidet.\nDas eine Szenario sind Anfragen nach Daten einer bestimmten Objektklasse (\u0026ldquo;mime-type: audio/mp3\u0026rdquo;, \u0026ldquo;mime-type: message/rfc822\u0026rdquo;), bei denen der Fragesteller dann Annahmen über das Vorhandensein bestimmter Attribute machen kann und bei denen die weitere Anfrage dann das Vorhandensein und die Bedeutung bestimmter Attributnamen voraussetzen kann. Das Characteristische an der Anfrage \u0026ldquo;[subject/[illegal strike] to/elves from/santa document-type/RFC822 ultimatum]\u0026rdquo; ist ja die Typabsicherung \u0026ldquo;document-type/\u0026hellip;\u0026rdquo;. Nur deswegen kann sich der Fragesteller sicher sein, daß Attribute wie \u0026ldquo;subject\u0026rdquo;, \u0026ldquo;from\u0026rdquo; und \u0026ldquo;to\u0026rdquo; existieren und daß ihre Werte die gesuchten Bedeutungen haben.\nDie zweite Sorte Frage ist die Googlesuche nach dem Vorkommen von bestimmten Schlüsselworten irgendwo in der Datei, ohne Rücksicht auf die Strukturen, in die sich die Datei einpassen läßt. Das ist quasi die klassische Volltextsuche, mit einem Klassifikator-Plugin, daß für alle möglichen (auch multimedialen) Datentypen so viele sinnvolle Worte wie möglich extrahiert.\nMan beachte, daß der erste Fall nicht wirklich ein hierarchisches, denormalisiertes Datenbankschema benötigt wie etwa LDAP es bereitstellt. Es ist dagegen vollkommen ausreichend, ein objektrelationales System zu haben, in dem eine Entity von einer anderen Entity erben kann und für dieses System ein Schema bereitzustellen, das Attribute für alle gängigen und interessanten Mime-Types bereitstellt.\nNeben der Arbeit der Implementierung eines solches Dateisystems ist also weitere Arbeit notwendig, nämlich die Normierung von Datenstrukturen, also die Erarbeitung einer Taxonomie von Attributen und Objektklassen für die in einem modernen System vorkommenden Mime-Typen.\nAuch an der Abfragesprache ist noch Arbeit zu leisten - die von Reiser vorgeschlagene Syntax ist einfach, aber unvollständig und definiert keine vollständige Navigation. Die Abfragesprache von LDAP ist ebenfalls unvollständig und hat eine ganze Reihe von Einschränkungen, nicht nur vom relationalen Standpunkt aus, sondern schon auf einer sehr viel niedrigeren Ebene - hier möchte man sich eher bei den Gedankenmodellen von XPath und XQuery bedienen, die eine reichere Syntax und mehr Möglichkeiten liefern. Auf diese Weise wäre auch die Adressierung von Elementen in Dateien möglich.\nFazit Wir nehmen abschließend mit:\nEin Dateisystem ist keine Datenbank im herkömmlichen Sinne, sondern ein Speicher, der auch mit unstrukturierten oder partiell strukturierten Daten klarkommen muß. Ein wenig mehr Struktur und ein wenig bessere Rechnerchemöglichkeiten täten heutigen Dateisystemen jedoch sehr gut. Dabei ist jedoch der Strukturlosigkeit Rechnung zu tragen und es sind neben strukturierten Anfragen im SQL-Stil auch strukturlose Anfragen im Stile einer Volltextsuche über alle Attribute zu ermöglichen.\nDiese Anfragen dienen weiterhin nur zur Bestimmung der Inodenummer/ID/UUID einer Datei, also zur Lokalisierung der Datei. Der weitere Zugriff kann dann ganz normal über die Blockverwaltung erfolgen, und muß nicht langsamer als heutzutage sein.\nDer Wert einer solchen Datenbank als Dateisystem ergibt sich wie bei LDAP aus der Normierung der Schemata. Es sind also rechtzeitig sinnvolle Schemata für gängige Systemdatentypen bereitzustellen und es ist ein offener, herstellerunabhängiger Prozeß für die Normierung und Entwicklung einer Hierarchie von Objektklassen und Attributtypen bereitzustellen.\n","date":"2004-06-06T00:00:00Z","href":"https://blog.koehntopp.info/2004/06/06/dateisysteme-und-datenbanken.html","tags":["filesystems","database","lang_de"],"title":"Dateisysteme und Datenbanken"},{"categories":null,"content":"In der Computerwoche findet sich ein Artikel , der sich mit dem Thema \u0026ldquo;Sicherheit von Webanwendungen\u0026rdquo; beschäftigt. Nun ist es die Computerwoche, und daher nicht so richtig verwunderlich, wenn dieser Artikel das Thema eher \u0026hellip; oberflächlich behandelt. Aber so einige Ideen schockieren mich dann doch.\nHerkömmliche Schutzmechanismen wie Firewalls greifen bei derartigen Problemen jedoch nicht. Die Angriffe erfolgen auf Applikationsebene über den Browser und somit über die Kommunikationsports 80 (bei Verwendung von HTTP) beziehungsweise 443 (bei HTTPS).\nDas ist ja in etwa Sinn einer Webanwendung, daß sie auf diesen Ports mit dem Anwender redet.\n[Hier] weisen herkömmliche Firewalls hier eine größere Lücke auf.\nIm folgenden Text redet der Artikel dann \u0026ldquo;Firewalls\u0026rdquo; das Wort, die die Aufgaben eines Web Application Frameworks übernehmen und, indem sie der eigentlichen Anwendung vorgeschnallt werden, die Eingabewerte der Anwendung an deren Stelle prüfen. Wie für Artikel auf diesem Niveau üblich, werden wahre Wunderdinge versprochen:\nUm Missbrauch und Angriffe auf Backend-Anwendungen zu verhindern, sollten Web-Anwendungen daher immer nur Eingaben zulassen, die sinnvoll sind und innerhalb der Erwartungen des jeweiligen Kontexts liegen. Wird beispielsweise eine Postleitzahl abgefragt, dürfen in dem dazugehörigen Feld keine Buchstaben oder Sonderzeichen auftauchen.\nBesser als nichts. Nur: Wie auch bei herkömmlichen Firewalls ist es mit dem Aufstellen und Einschalten nicht getan. Wo man anderswo jetzt Kommunikationsprofile analysieren muß, um dann die notwendigen Ports freizuschalten, muß man nun die Webseiten der Anwendung (alle Seiten!) analysieren und einzeln Validierungsprädikate für alle Eingabefelder und deren mögliche Kombinationen und Abhängigkeiten definieren. Man kann sich leicht vorstellen, daß dies ein sehr aufwendiger Prozeß ist - um ein Vielfaches aufwendiger als die Kommunikationsanalyse einer herkömmlichen Firewall.\nDann geht es jedoch weiter:\nBei unzureichenden Zugriffskontrollen können Hacker Zugriff zu Benutzerkonten erhalten, nicht für sie bestimmte Daten einsehen oder Funktionen nutzen. Ähnliches gilt für unzureichende Authentisierung und Session-Management [\u0026hellip;]\nGegen diese Sorte Fehler kann eine solche vorgeschaltete Eingabekontrolle genau nicht schützen. Eine Session-ID ist eine Session-ID und wenn die schlecht und ratbar ist, dann kann der Anwender die Session eben spontan wechseln, indem er sich eine andere, legale Session-ID ausdenkt.\nLeider sind derartige Produkte nicht ganz billig. Wer sich auf diese Weise absichern will, muss mit Investitionen von 15.000 bis 30.000 Dollar rechnen.\nDieses Geld wäre sicherlich besser in eine Restrukturierung und grundsätzliche Verbesserung der Web-Anwendung investiert. Warum wird das nicht gemacht?\nAntwort: Wie denn, wenn man den Source nicht hat? Das ganze Konzept einer solchen vorgeschalteten Eingabekontrolle ist so unendlich closed source, daß ich bestimmt 15 Minuten gebraucht habe, bis mir einfiel, daß es vielleicht noch irgendwo auf der Welt Leute geben mag, die Fehler in ihren Anwendungen nicht direkt in der Anwendung korrigieren können. Das wiederum ist eine Beobachtung, die im Grunde einen eigenen Artikel wert ist.\nUnd schließlich die eigentliche Crux: Mit steigender Komplexität der Aufgaben einer Firewall oder eines IDS steigt auch die Wahrscheinlichkeit von Fehlern in diesem System. Exploitbaren Fehlern.\nBeispiele: Dragon-Fire IDS Vulnerability : \u0026ldquo;The Dragon-Fire IDS remote web interface under version 1.0 has an insecure CGI script which allows for users to remotely execute commands as the user nobody.\u0026rdquo; Das ist genau die Sorte Fehler, die wir in diesem Artikel diskutieren, in einer Anwendung, die gegen solche Fehler schützen soll. RapidStream Unauthenticated Remote Command Execution Vulnerability \u0026ldquo;RapidStream offers a line of VPN/Firewall network devices. Each product comes with a modified version of sshd for encrypted remote administration. This version of sshd has a \u0026ldquo;hard-coded\u0026rdquo; username in it, rsadmin with a null password (rsadmin = root)\u0026rdquo; Kein Kommentar mehr notwendig. Firestorm IDS IP Options Decoding Denial Of Service Vulnerability \u0026ldquo;It has been reported that Firestorm IDS can be caused to crash when it has received traffic with specific IP options set.\u0026rdquo; Decoding zu komplex für die Sicherheitsanwendung. Etheral , nun Wireshark Dies listet eine ganze Reihe von Problemen, bei denen die Anwendung, ein Netzwerkmonitor, sich selbst kompromittiert beim Decodieren von Netzwerkpaketen, die für ganz andere Systeme bestimmt sind. ethereal/wireshark hat natürlich keine Chance - wann immer ein Protokoll selber einen Exploit hat, hat ethereal möglicherweise auch einen. Da alle Protokolle in ethereal decodiert werden müssen, hat ethereal jede Menge Exploits. Wobei ich sagen muß, daß die ethereal, tcpdump und snort-Listen meine Lieblinge sind. Wenn ich diese Listen sehe, denke ich über gewisse Produkte mit ganz ähnlicher Funktionalität nach, und ob deren Exploit-Listen wohl kürzer sein mögen. Und wer mag da wohl haften, wenn so eine Kiste kompromittiert und dann ausgenutzt wird. Der Netzbetreiber hat die ja nicht freiwillig aufgestellt\u0026hellip;\n","date":"2004-05-12T00:00:00Z","href":"https://blog.koehntopp.info/2004/05/12/firewalls-und-komplexitaet.html","tags":["security","lang_de"],"title":"Firewalls und Komplexität"},{"categories":null,"content":"Irgendwann Ende der 80er fiel mir ein Zortech C++ Compiler in die Hand. Den mochte ich, weil er anders als das cfront auf dem AIX ein nativer Compiler war. Ich habe also das VP/ix in meinem SCO Xenix hochgefahren, ein MS-DOS rein installiert und ein wenig mit der Sprache rumexperimentiert.\nIch habe zu dieser Zeit bei einem Erwachsenenbildungswerk Programmierkurse gegeben und eine der fortgeschrittenen Standardaufgaben, mit denen ich meine Schüler gequält habe, waren dynamische Strings (\u0026ldquo;Schreiben Sie eine lgets()-Funktion, die beliebig lange Strings aus einer Datei lesen kann\u0026rdquo;) und dynamische Arrays (\u0026ldquo;Schreiben Sie einen Satz Funktionen, mit denen Sie ein Array variabler Größe verwalten können\u0026rdquo;).\nNatürlich habe ich diese Experimente auch in C++ versucht, und mich in kürzester Zeit angewidert abgewandt. C++ hat sich für diese Aufgabe nämlich als haarsträubend unbrauchbar herausgestellt. Ich fragte mich: Wozu eine objektorientierte Programmiersprache, wenn in ihr nicht einmal ordentliche Container schreiben kann? (Ich weiß, daß es inzwischen Templates gibt, aber ihr wisst, daß die auch nicht Teil der Lösung, sondern Teil des Problems sind)\nAber ich war sowieso schon von der Uni her versaut, wo wir im Rahmen der Vorlesung \u0026ldquo;Objektorientierte Programmierung\u0026rdquo; mit Smalltalk und CLOS rumgemacht haben - von dort hatte ich recht konkrete Vorstellungen davon, was ich von einer objektorientierten Sprache erwarte, wenn es darum geht, dem Programmierer Arbeit abzunehmen. Kurz danach geriet ich an eine Nextstation und Objective-C und war für die Type Nazis für immer verloren: Dynamisch getypte Sprachen rocken einfach mehr , denn sie nehmen einem Arbeit ab, anstatt welche zu generieren.\nNatürlich habe ich das gerne auch im Netz verargumentiert, und bin von der Static Typing Fraktion mehr als einmal getoastet worden, denn ohne starke Typprüfung durch den Compiler geht angeblich die Welt unter. Angeblich, denn bei mir tat sie es nie.\nAber offenbar bin ich nicht der einzige, der diese Erfahrung gemacht hat. Bei Jeff Morre\u0026rsquo;s Classpath considered harmful findet sich ein Link auf Stephen Ferg\u0026rsquo;s Java vs. Python comparison , und die beschreibt ziemlich gut meine Erfahrungen mit C++ und später Java.\nManche Beispiele sind echt lustig, jedenfalls wenn man diese Art Geek-Humor steht. Wie schreibt ein Java-Programmierer $fp = fopen($argFilename, \u0026quot;r\u0026quot;)?\nimport java.io.*; BufferedReader myFile = new BufferedReader(new FileReader(argFilename)); Das baut einen FileReader -Objekt (FileReader ist eine Unterklasse von InputStreamReader , der Bytes mithilfe einer beliebigen Zeichensatzkonvertierung in Zeichen des gewünschten Zielzeichensatzes umwandelt, und FileReader setzt diese Umwandlung auf Null und setzt eine Standardpuffergröße ein. InputStreamReader ist wiederum eine Unterklasse von Reader , eine abstrakte Klasse für Datenströme, was wiederum wie alles eine Unterklasse von Object ist.) und gibt dieses FileReader-Objekt einem BufferedReader mit. Den BufferedReader kann man dann nach Zeilen fragen, wenn man will. Man hätte auch einen LineNumberReader , eine Unterklasse von BufferedReader, nehmen können, hätte man neben dem Inhalt der Datei auch Zeilennummern wissen wollen. Ein LineNumberReader ist also ein BufferedReader plus einem int, das immer mal inkrementiert wird, wenn ein Newline vorbeikommt, plus eine Setter und eine Getter -Methode für dieses int.\nOder, schöner noch: Wie schreibt ein Java-Programmierer \u0026ldquo;Tu eine Zahl in Array und hol sie wieder raus?\u0026rdquo;\npublic Vector aList = new Vector; public int aNumber = 5; public int anotherNumber; aList.addElement(new Integer(aNumber)); anotherNumber = ((Integer)aList.getElement(0)).intValue(); Wir bauen uns also ein int-Skalar aNumber, und eine Liste aList. Da in die Liste nur Objekte rein können, machen wir aus dem int-Skalar ein int-Objekt und tun das in die Liste. Da Java statisch typt , ist in der Liste jetzt ein Object-Objekt und kein Integer-Objekt mehr. Wir fischen das Object-Objekt also mit getElement() aus der Liste, und typecasten das erst mal in was Brauchbares, ein Integer-Objekt. Nur dann dürfen wir das int-Skalar aus dem Integer-Objekt wieder herausholen.\nIn Python und jeder anderen dynamisch getypten Sprache:\naList = [] aNumber = 5 aList.append(aNumber) anotherNumber = aList[0] Was ich für sehr viel klarer und weniger fehleranfällig halte.\nBruce Eckel auch. Die Fehler, die Code explodieren lassen, sind in der Regel keine Typfehler, sondern falsche Grenzbedingungen, falsche Logik oder falsches Design. Und denen kommt man nicht mit Typechecking bei, sondern halt nur mit Tests.\nBruce Eckel verweist in seinem Eintrag auf Robert Martin . Der schreibt\nI thought an experiment was in order. So I tried writing some applications in Python, and then Ruby (well known dynamically typed languages). I was not entirely surprised when I found that type issues simply never arose. My unit tests kept my code on the straight and narrow. I simply didn\u0026rsquo;t need the static type checking that I had depended upon for so many years.\nMein Reden seit 1870/71 (letzter Abschnitt).\nGuido hat sich ebenfalls dazu geäußert :\nAll that attention to getting the types right doesn\u0026rsquo;t necessarily mean you don\u0026rsquo;t have other bugs in your program. A type is a narrow piece of information about your data. When you look at large programs that deal with a lot of strong typing, you see that many words are spent working around strong typing.\nThe container problem is one issue. It\u0026rsquo;s difficult in a language without generics to write a container implementation that isn\u0026rsquo;t limited to a particular type. And all the strong typing goes out the door the moment you say, \u0026ldquo;Well, we\u0026rsquo;re just going to write a container of Objects, and you\u0026rsquo;ll have to cast them back to whatever type they really are once you start using them.\u0026rdquo; That means you have even more finger typing, because of all those casts. And you don\u0026rsquo;t have the helpful support of the type system while you\u0026rsquo;re inside your container implementation.\nPython doesn\u0026rsquo;t require you to write the cast, and its containers are completely generic. So it has the plus side of generic containers without the downside. It doesn\u0026rsquo;t have the plus side that the C++ folks claim to get with their templates and other generics. But in practice that mechanism turns out to be very cumbersome. Even compiler writers have difficulty getting templates to work correctly and efficiently, and the programmers certainly seem to have a lot of trouble learning how to use it correctly. Templates are a whole new language that has enormous complexity.\nJohn Ousterhout sieht das ganz ähnlich in Scripting: Higher Level Programming for the 21st Century , Abschnitt 6 ist der interessante Teil.\n","date":"2004-05-02T00:00:00Z","href":"https://blog.koehntopp.info/2004/05/02/static-vs-dynamic-typing.html","tags":["computer","lang_de"],"title":"Static vs. dynamic typing"},{"categories":null,"content":"(via Groklaw )\nSitecom GmbH in Freising ist das Ziel einer einstweiligen Verfügung des Netfilter/Iptables-Projektes. Demnach ist es Sitecom untersagt, ihr auf Netfilter basierendes Produkt weiter zu vertreiben, bis sie allen Bedingungen der GPL nachkommen.\nDie GPL (General Public License) ist eine Lizenz. Sie gibt einem das Recht, ein urheberrechtlich geschütztes Werk (hier: netfilter/iptables) zu verwenden, zu modifizieren und zu verbreiten, wenn man den Verpflichtungen der Lizenz nachkommt.\nIm Fall gewöhnlicher Lizenzen bedeutet dies meist eine Zahlung von Lizenzgebühren. Im Fall der GPL ist die Nutzung kostenfrei gestattet, aber die GPL verlangt, daß man den Quelltext des Gesamtproduktes, in dem die GPL-Software enthalten ist, ebenfalls unter der GPL freigibt.\nDas bedeutet, um GPL-Software nutzen zu können, muss man nach denselben Regeln spielen wie die GPL selber. Dies stellt sicher, daß das Ausgangprojekt frei verfügbar ist und daß alle Modifikationen und Ableitungen aus dem Ausgangsprojekt ebenfalls frei verfügbar bleiben. Es ist also nicht möglich, GPL-Software aufzusaugen und für sich zu nutzen und der GPL-Entwicklergemeinde die eigene Arbeit vorzubehalten.\nWem dies nicht gefällt, der kann versuchen, von dem Urheber des Projektes die Rechte zur Nutzung der Quellen unter einer anderen Lizenz zu bekommen. MySQL und Qt sind solche mehrfach lizenzierten Projekte, wie ich in einem älteren Artikel geschildert habe.\nDie einstweilige Verfügung gegen Sitecom ist übrigens noch nett. Sie ist quasi der letzte Versuch der Netfilter-Leute, Sitecom noch entgegenzukommen: Dem Netfilter-Projekt stünde es frei, Sitecom die Lizenz zur Nutzung des Netfilter-Codes dauerhaft und unwiderruflich zu entziehen. Die einstweilige Verfügung dagegen stellt ganz klar, daß es Sitecom offen steht, den Netfilter-Source weiterzuverwenden, sobald Sitecom allen Bedingungen der GPL nachkommt.\nEs ist unklar, warum Sitecom diese Gelegenheit und vorangehende Einigungsversuche mit Netfilter nicht nutzt. Die Historie der Einigungen mit anderen Netfilter-Nutzern zeigt deutlich, daß Netfilter Nutzer ihres Codes erst einmal ganz zivil und abmahnungsfrei auf die GPL und die sich daraus ergebenden Bedingungen hinweist. Nur weil Sitecom diesem Versuch einer gütlichen Einigung nicht nachgekommen war, sah sich Netfilter gezwungen zu juristischen Mitteln zu greifen, um ihr Recht durchzusetzen.\nDies ist die erste Anwendung der GPL vor Gericht überhaupt. Alle anderen Konflikte, in denen es um die GPL und ihre Gültigkeit geht, sind bisher außergerichtlich zur Zufriedenheit aller Parteien gelöst worden. Daher ist nach all den Jahren immer noch ungeklärt, ob die GPL vor Gericht Bestand haben kann, auch wenn die meisten Juristen inzwischen der Auffassung sind, daß es besser so wäre - wäre die GPL nicht gültig, gäbe es überhaupt keine Lizenz, nach der die Nutzung einer nur unter der GPL lizenzierten Software erlaubt wäre und damit würde automatisch das normale Urheberrecht gelten, das die Nutzung fremder Werke (ohne Lizenz) automatisch verbietet.\n","date":"2004-04-15T00:00:00Z","href":"https://blog.koehntopp.info/2004/04/15/gnu-gpl-in-deutschland.html","tags":["computer","lang_de"],"title":"GNU GPL in Deutschland"},{"categories":null,"content":" Früher war alles besser. Früher zum Beispiel konnte MySQL gar nichts, und der Server stand unter der GPL , während der MySQL Client unter der LGPL stand und alles war gut. So gut, daß zum Beispiel das PHP Projekt den MySQL Client den PHP-Sourcen beigelegt hatte und daß man deswegen Mühe hatte, ein PHP zu finden, das nicht mit einer MySQL-Datenbank reden konnte. Dieses Bundling ist es unter anderem gewesen, das den Siegeszug der LAMP Plattform begründet hat.\nDann jedoch entschloss man sich bei MySQL einige Dinge zu tun: Erstens nahm man Venture-Capital an, zweitens stellte man davon einen Haufen Leute ein und drittens schob man auf diese Weise die Weiterentwicklung von MySQL kräftig an. Die MySQL 4.x Serie entstand.\nDie Idee dahinter ist relativ offensichtlich: MySQL hat Datenbanken einen vollkommen neuen Markt eröffnet. Vor zehn Jahren war SQL-Wissen noch Spezialwissen und SQL-Datenbanken waren teure Dinge, die nur bei großen Projekten eingesetzt wurden. Es ist das Verdienst von MySQL, diese Situation von Grund auf verändert zu haben - heute hat jedes Script Kiddie SQL-Kenntnisse und verwendet lieber MySQL als Flatfiles, um selbst eine Highscore-Liste zu speichern. MySQL will nun mit Datenbanken das tun, was Linux mit Unix-Betriebssystemen gemacht hat.\nMySQL befindet sich dabei in mehr oder weniger derselben Situation wie Linux 1994: Natürlich ist das Produkt (noch!) nicht so feature-complete wie die etablierten Spieler in diesem Markt, aber für den weitaus größten Teil der Anwender ist das auch überhaupt nicht notwendig. Für diese Anwender zählen nämlich nicht so sehr die fetten Enterprise-Feature-Listen, als vielmehr gute Dokumentation und leichte Erlernbarkeit, die Verfügbarkeit von billigem Personal mit Kenntnissen im Produkt, Einsatz in Hosting-Umgebungen (Datenbank und Anwendung auf derselben Maschine, Trennung einer physikalischen in mehrere logische Datenbanken, Ressource-Quotas usw) und leichte Administrierbarkeit.\nMySQL hat seinen Kunden hier zugehört und unter der Häme und dem Spott der etablierten Datenbankhersteller etwas entwickelt, das in erster Linie Kundenwünsche erfüllt und erst jetzt, in den 4.x Versionen, anfängt Datenbankhersteller-Kriterien zu erfüllen. Unterwegs hat MySQL aber einen vollkommen neuen Markt geschaffen und definiert, und dem gesamten Datenbankmarkt ein vollkommen neues und von den Benutzerzahlen her gigantisches Low-End geschaffen. Von dort, und mit der dort erzeugten Benutzerbasis, will MySQL jetzt den Datenbankmarkt von unten her kannibalisieren und Datenbanken in ein Commodity-Produkt umwandeln - die Lizenzpreise sprechen eine deutliche Sprache.\nEin Exkurs in Lizensismus Der Markt hat jedoch anders reagiert, denn die Situation ist ein wenig komplizierter als in der verklärten \u0026ldquo;Früher war alles besser\u0026rdquo;-Darstellung von oben. Das Unheil begann damit, daß es im Grunde drei Klassen von Lizenzen gab oder jedenfalls seit der\nMozilla Public License gibt. Da ist zum einen die Edel-Lizenz GPL, die im Grunde nur mit sicher selber kompatibel ist (denn alles, was man mit der GPL zusammenbaut wird selber GPL). Dann sind da jede Menge freie Softwarelizenzen, die nicht mit der GPL kompatibel sind. Freie Softwarelizenzen sind DFSG-kompatible Lizenzen außer der GPL selber, also so Dinge wie Apache, BSD, Mozilla-Derivate und so weiter sowie die LGPL. Und dann sind da kommerzielle Lizenzen und die seltsame Idee des Dual Licensing.\nDual Licensing ist, was Managerköpfe zum Platzen bringt: Da der Erzeuger eines urheberrechtlich geschützten Werkes dieses Werk selber nach Belieben lizenzieren kann, ist dieser Urheber nicht darauf beschränkt, das Werk nur unter einer einzigen Lizenz anzubieten. Man kann Software-Funktionsbibliotheken also unter der GPL anbieten, und für Leute, denen dies nicht gefällt, auch eine kommerzielle Lizenz zu verkaufen.\n\u0026ldquo;Ja, ist das nun frei oder nicht frei?\u0026rdquo;\nFür die Anbieter von Software, die selber GPL ist und welche die Bibliothek unter Dual Licensing einbinden wollen, ist alles klar. Die nehmen die Bibliothek unter der GPL und alles ist gut. Für Anbieter von Software, die kommerziell ist, ist auch alles klar. Die nehmen die Software entweder unter der kommerziellen Lizenz oder ein anderes, rein kommerzielles Produkt, weil ihnen das alles zu verwirrend ist.\nFür die Anbieter von DFSG-Software ist alles unklar. Wenn ich eine Software-Funktionsbibliothek in mein Programm einbinde, und die Bibliothek selber ist GPL, dann muss mein Programm auch GPL sein. GPL, nicht \u0026ldquo;freie Software nach DFSG\u0026rdquo;. Schlecht zum Beispiel für PHP, das inzwischen unter der Apache-Lizenz steht.\nIntern verwendet PHP die Zend-Engine, die unter der QPL lizenziert wird. Die QPL wiederum ist eine modifizierte MPL, falls man mir noch folgen kann. PHP bindet außerdem Dutzende von anderen Projekten und Programmbibliotheken selber ein, die unter den unterschiedlichsten Lizenzen stehen.\nWarum ist das für MySQL ein Problem? Mit MySQL 4.x hat MySQL, die Firma, das Tempo deutlich erhöht: Inzwischen sitzen jede Menge kommerzielle Entwickler für Geld daran, MySQL voranzubringen. Die Venture-Capital Investoren wollen für ihr Geld innerhalb der nächsten drei bis fünf Jahre Return sehen.\nMySQL muss also mehr kommerzielle MySQL-Lizenzen verkaufen. Das genau ist bei einem Produkt wie MySQL jedoch ein wenig schwierig: Der MySQL Server ist GPL. Man kann ihn also problemlos irgendwo hinstellen und in Betrieb nehmen, ohne daß man eine Lizenz kaufen müsste. Man kann, wenn man möchte, bei MySQL kommerziellen Support kaufen, guten Support sogar, für relativ kleines Geld. Dummerweise ist nur MySQL als Produkt viel zu gut, man kommt gut ohne Support hin. Dummerweise ist der MySQL-Server GPL, und liegt deswegen im Source vor. Falls man also genug technisches Wissen im Haus hat, kann man sich auch leicht selber supporten.\nDer MySQL Client war LGPL. LGPL ist eine GPL ohne Zähne: Man kann LGPL-Funktionsbibliotheken wie den MySQL Client in sein Programm einbauen, ohne daß dieses Programm dann GPL oder LGPL sein müsste - es kann nahezu jede beliebige Lizenz haben.\nHersteller von kommerzieller Software haben also Programme entwickelt, die die MySQL Client-Bibliotheken enthalten haben, ohne eine Lizenz zwingend zu brauchen. Benutzer dieser Software haben sich also einen MySQL Server hinstellen können, ohne für diesen eine Lizenz zwingend zu brauchen und die haben die kommerzielle Software einsetzen können, ohne eine Lizenz zwingend zu brauchen.\nDas hat funktioniert, solange MySQL, die Firma, ihr Wachstum aus den Support-Einnahmen und anderen Quellen selber finanziert haben. Aber mit VC in der Firma geht das nicht mehr.\nDer MySQL 4.x Client ist also GPL. Genaugenommen ist er Dual Licensed. Wenn man also eine GPL-Anwendung schreibt, kann man den MySQL 4.x Client benutzen. Wenn man eine Nicht-GPL-Anwendung schreibt, und das schließt alle DFSG-freien, GPL-inkompatiblen Lizenzen mit ein, braucht man eine kommerzielle Lizenz.\nSchmerzen Soweit so unklar.\nMySQL hat aber sich aus irgendeinem Grunde vorgenommen, an dieser Stelle einmal nicht auf ihre Kunden zu hören und die eigene Position mit den Kundenwünschen abzustimmen, sondern diese Änderung quasi im Alleingang durchzuziehen.\nMySQL hat dabei den mittleren Fall der DFSG-freien, GPL-inkompatiblen Anwendungen vollkommen übersehen.\nMySQL hat sich außerdem entschlossen, die GPL auf eine sehr seltsame Weise zu interpretieren:\nSterling Hughes geht hier ausführlich in englischer Sprache darauf ein. MySQL argumentiert, daß auch jede Reimplementation von deren Protokoll MySQLs geistiges Eigentum wäre, weil es sich um ein abgeleitetes Werk handelt. Also ganz genau die SCO Argumentation .\nMySQL ist außerdem jetzt schon seit mehr als einem Jahr damit beschäftigt, dieses Problem zu lösen.\nAuflösungserscheinungen Konsequenzen:\nDie MySQL Client-Bibliotheken liegen PHP nicht mehr bei. Das wird inzwischen nicht nur lizenzrechtlich, sondern auch technisch verargumentiert und wird deswegen auch dann so bleiben, wenn (sobald) PHP und MySQL sich einigen.\nPHP liegen stattdessen SQLite Bibliotheken bei. SQLite ist eine Art \u0026ldquo;Access ohne GUI\u0026rdquo;, also ein serverloses embedded SQL und daher performancetechnisch mit MySQL nicht zu vergleichen. Die SQLite-Entwickler haben in den letzten Wochen große Fortschritte gemacht, ihre SQL-Syntax kompatibel mit MySQL SQL-Erweiterungen zu machen. Dennoch: Eine richtige Alternative ist das nicht, eher ein Schritt zurück.\nMySQL hat gerade gestern mit einer speziellen Ausnahmeregelung versucht, das Problem der GPL-inkompatiblen freien Softwarelizenzen zu regeln. Leider mit einer statischen Liste statt mit einer Regel wie \u0026ldquo;Besorgt Euch eine DFSG-Evaluation und dann ist alles gut\u0026rdquo;.\nDer meiner Meinung nach unhaltbare Standpunkt, daß unabhängige Reimplementierungen des Protokolls auch abgeleitete Werke sind, wird von MySQL weiter aufrecht erhalten. Das lässt darauf schließen, daß MySQL auch lizenzrechtliche Bedenken gegen Middlewares wie SQLRelay hat.\nSQLRelay ist selber GPL. Als Middleware legt SQLRelay einen Connection Pool von z.B. MySQL Datenbankverbindungen an und spricht mit der MySQL-Datenbank. Das ist lizenztechnisch unproblematisch. Auf der anderen Seite exponiert SQLRelay eine eigene, von der MySQL-API verschiedene Programmierschnittstelle. Da SQLRelay nicht wie MySQL den Standpunkt vertritt, daß die GPL auch über TCP/IP \u0026ldquo;ansteckend\u0026rdquo; sei, kann also eine kommerzielle Anwendung ohne MySQL-Lizenz mit SQLRelay reden. Zak Greant von MySQL war gestern Abend im Chat zu diesem Thema nur der MySQL-Standardsatz zu entlocken: \u0026ldquo;If you use us with closed source software, we recommend using our commercial license.\u0026rdquo;\nPostgresql hat endlich (ich seh da jedes Jahr mal nach oder so) eine Website, die den Namen verdient, und da gibt es sogar so etwas ähnliches wie Dokumentation. Aktuelles Postgresql kann viele Dinge besser als MySQL 3.23 und 4.0, Replikation bleibt ein Problem. Postgresql ist unter der BSD Lizenz verfügbar und vollkommen problemlos mit allem möglichen integrierbar.\nFirebird soll ich mir auch dringend einmal ansehen, sagt man mir. Die Lizenz habe ich noch nicht gelesen.\nFazit Für mich persönlich nehme ich mehrere Erfahrungen mit:\nMySQL bemüht sich immerhin mit sehr ernsthaft die Situation in Bewegung zu halten und schließlich irgendwie zu lösen. Nach dem ich gestern abend im deutschen Irc eine Diskussion über den originalen Artikel auf Slashdot angezettelt habe, hatte ich binnen einer halben Stunde Zak Greant am Rohr und wir haben den ganzen Kram inklusive SQLRelay versucht einmal durchzudeklinieren. Auch wenn wir nicht in allen Punkten zu einem Abschluss gekommen sind, bleibt doch der Eindruck, daß MySQL sich bewegt.\nAnderseits bewegt sich MySQL unglaublich langsam - das alles war ja schon Thema auf dem Linuxtag 2003, wo sich die PHP- und MySQL-Spitzenleute getroffen haben und man die im Slashdot-Artikel vorgestellte Lösung inoffiziell bereits mehr oder weniger im Kasten hatte. In manchen Punkten bewegt sich MySQL gar nicht: Der Punkt mit der seltsamen GPL-Interpretation (\u0026ldquo;Ansteckung über TCP/IP\u0026rdquo;, \u0026ldquo;Reimplementierung des Protokolls\u0026rdquo;) bleibt offen, und SQLRelay bleibt fragwürdig.\nDie Hochzeit zwischen PHP und MySQL ist jedenfalls mit MySQL 4.x definitiv vorbei. MySQL braucht freundschaftlich, aber bestimmt Druck durch Alternativen und Postgresql und Firebird brauchen Propaganda. Wir wollen einmal sehen können, was wir da tun können.\nDual Licensing - ich bin mir noch nicht abschließend sicher, ob das Teil des Problemraums oder Teil des Lösungsraums ist. Bemerkenswerterweise (Beispiele sind MySQL und Qt) wird in solchen Fällen die GPL eher als Restriktion denn als Befreiung angesehen - unter anderem deswegen, weil alternative Projekte mit weniger restriktiven Lizenzen vorhanden sind.\nDie FSF und das GNU-Projekt sind seltsam still in dieser Sache: Während sie sonst immer schnell dabei sind, die Überlegenheit der GPL gegenüber der LGPL zu verargumentieren, wird die FSF allgemein eher dem Gnome (LGPL) denn dem KDE/Qt (GPL)-Lager zugerechnet. Seltsam auch, daß die Projekte mit kommerziellem Backing (KDE/Qt - Troll, MySQL Database - MySQL AB) genau die GPL verfechen, während die Projekte mit nicht kommerziellem Hintergrund (Gnome, Postgresql) weniger \u0026ldquo;pure\u0026rdquo; Lizenzmodelle (auf der RMS-Skala) vertreten.\nDer Standpunkt von RMS war ja sonst immer \u0026ldquo;Die LGPL ist nur ein Notbehelf und wird letztendlich verschwinden (müssen). Wir brauchen sie nur, bis GNU eine lauffähige eigene Betriebssystemplattform hat, damit wir uns mit existierenden kommerziellen Foundations integrieren können. Generell ist die GPL der LGPL jedoch dringend zu bevorzugen.\u0026rdquo; So ganz wirklich vertreten die diesen Standpunkt dann doch nicht, wenn es darauf ankommt.\n","date":"2004-03-14T00:00:00Z","href":"https://blog.koehntopp.info/2004/03/14/mysql-und-die-lizenzen.html","tags":["php","mysql","lang_de"],"title":"MySQL und die Lizenzen"},{"categories":null,"content":"Ich habe mich an anderer Stelle bereits über Blogs und ihre Technik aufgeregt. Hier eine etwas besser geordnete Präsentation meiner Gedanken zu diesem Thema:\nDie Grundidee, die hinter Blogs steckt, ist ja, ein Diskurs-System im Web zu haben. Durch die Einrichtung eines Blogs kann sich ein Autor ein Forum verschaffen, in dem er Texte von sich veröffentlicht. Diese Texte sind auf jeden Fall chronologisch sortiert und außerdem optional durch ein Kategoriensystem und durch eine Volltextsuche erschlossen.\nZu einem Diskurs-System wird das ganze dadurch, daß man einerseits Kommentare zu den Texten zulässt, andererseits die Bezugnahme auf die Texte ermöglicht. Bezugnahme erfolgt traditionell durch einen Trackback-Link auf einen Artikel: Jemand, der zu einem Artikel eine Gegenrede veröffentlicht, verlinkt den Originalartikel per Trackback-Ping und der Originalartikel bekommt so automatisch einen Link (mit Preview) auf die Gegenrede.\nSoweit die eigentlich hervorragende Idee. Leider ist die Implementierung mehr als bescheiden.\nDas Problem entsteht schon bei der Bezugnahme auf Artikel. Blogs verwenden für diese Bezugnahme in der Regel URLs, aber dieser Ansatz hat aus einer ganzen Reihe von Gründen Probleme. Ich muss ein wenig ausholen, um diesen Gedanken zu erläutern.\nObjekte und ihre Namen Etwas, auf das wir Bezug nehmen, nennen wir ein Objekt. Wir könnten auch Dingsda sagen, aber Objekt klingt cooler. Um auf ein Objekt Bezug nehmen zu können, müssen wir es benennen oder identifizieren können. Wir geben dem Objekt also eine Bezeichnung und verwenden die Bezeichnung als Stellvertreter für das Objekt.\nIm mathematischen Sinne haben wir eine Menge von Objekten und eine zweite Menge von Namen (IDs) und wir haben eine Bijektion zwischen den beiden Mengen - wir ordnen also jedem Objekt genau einen Namen zu. Wenn wir jetzt entscheiden wollen, ob zwei Objekte gleich ist, genügt es, die IDs der Objekte zu vergleichen.\nOkay, klingt uncool. Wo ist der Trick?\nMan stelle sich die Menge der Objekte als einen Newsspool von Artikeln auf einem News-Server vor - friedolin hat davon einige Terabyte. Wenn wir einen neuen Artikel bekommen, müßten wir feststellen, ob wir diesen Artikel schon haben, bevor wir ihn einsortieren, denn sonst haben wir Duplikate. Ohne IDs können wir diese Feststellung nur treffen, indem wir den Artikel gegen jeden Artikel vergleichen, den wir schon haben. Wir müßten also für jeden neuen Artikel einige Terabyte Newsspool durchsuchen und können den Artikel akzeptieren, wenn man Ende der Suche ein negatives Ergebnis kommt.\nStattdessen unterhalten wir eine Liste der IDs der Artikel - die History. Wenn wir einen neuen Artikel bekommen, nehmen wir die ID des Artikels und schlagen diese ID in der History nach. Nur wenn die ID noch nicht in der History ist, akzeptieren wir den Artikel. Die History ist wesentlich kleiner als der Newsspool selber, und daher schneller zu durchsuchen. Wenn wir die History als Hash organisieren, können wir sie außerdem mit konstantem Aufwand durchsuchen - der Lookup ist also immer gleich schnell, egal wie viele Terabyte Spool wir haben. Wir können auch sehr schnell den Speicherort eines Artikels bestimmen, wenn wir die ID des Artikels kennen.\nIDs erlauben uns generell, Entscheidungen zu treffen, ob ein Objekt bereits vorhanden ist oder nicht. Wir können auf diese Weise zwei Objektpools synchronisieren, ohne mehr Daten übertragen zu müssen als notwendig. Sind unsere Objekte zum Beispiel die Datenbankeinträge eines Palm Pilot, dann kann auf der Grundlage der IDs festgestellt werden, welche Objekte auf dem jeweils anderen Ende der Synchronisation neu oder geändert sind und der Inhalt des Palm Pilot kann mit dem Inhalt des PCs abgeglichen werden.\nEigenschaften von Namen Wenn man sich IDs für Objekte überlegt, dann muss man sich über einige Dinge Gedanken machen. IDs haben einen Scope, also eine Grundmenge oder Welt, innerhalb derer sie gelten und Objekte eindeutig bezeichnen.\nDie Verkleinerung eines Scopes ist in der Regel kein Problem: Wenn \u0026ldquo;kris\u0026rdquo; ein eindeutiger Username innerhalb einer Firma ist, dann ist \u0026ldquo;kris\u0026rdquo; auch innerhalb einer Abteilung dieser Firma noch eindeutig.\nDie Vergrößerung eines Scopes ist ein Problem, denn es kann andere Benutzer in anderen Firmen geben, die auch den Usernamen \u0026ldquo;kris\u0026rdquo; haben, aber nicht mit diesem \u0026ldquo;kris\u0026rdquo; identisch sind.\nEine übliche Methode, dieses Problem zu lösen besteht darin, dem Scope selber einen Namen zu geben und ihn an die ID mit anzuhängen. Wir reden also nicht mehr von \u0026ldquo;kris\u0026rdquo;, sondern hängen den Namen der Firma mit an. Macht man das mehrfach, bekommt man einen Rattenschwanz an immer größer werdenden Scope-IDs, einen Pfad. \u0026ldquo;kris\u0026rdquo; in \u0026ldquo;Durlach\u0026rdquo;, \u0026ldquo;Bawü\u0026rdquo;, \u0026ldquo;Deutschland\u0026rdquo;, \u0026ldquo;Europa\u0026rdquo;, \u0026ldquo;Erde\u0026rdquo;, \u0026ldquo;Orion Spiralarm\u0026rdquo;, \u0026ldquo;Milchstraße\u0026rdquo;, \u0026ldquo;lokaler Cluster\u0026rdquo; bläst einen kleinen Scope immer weiter auf und erzeugt rückwärts einen Suchpfad, der den Speicherort von \u0026ldquo;kris\u0026rdquo; angibt.\nDas ist auch das Prinzip, auf dem zum Beispiel LDAP aufbaut. Objekte in LDAP werden identifiziert durch ihren DN (distinguished name) und der DN ist der Pfad durch den LDAP-Baum, der zu diesem Objekt führt - \u0026ldquo;c=de, o=firma, ou=IT, cn=Kristian Köhntopp\u0026rdquo;.\nUnd hier sieht man gleich zweimal, warum solche IDs problematisch sind - sie sind gescoped, enthalten also Lokalisierungsinformation, und sie sind nicht opak, enthalten also Objektinformation. Der Teil des DN \u0026ldquo;c=de, o=firma, ou=IT\u0026rdquo; ist eine Pfadkomponente, also Scope. Wechselt der Benutzer die Abteilung, ändert sich eine Pfadkomponente (hier: ou) und damit ändert sich der DN. Alle Stellen, an denen der DN verwendet wird, um das Objekt zu bezeichnen, müssen mit geändert werden. Das ist ein gängiges Problem in LDAP, und viele meiner ehemaligen Kollegen haben es verfluchen gelernt. Ich habe diesem und verwandten Schwierigkeiten einen eigenen Vortrag auf der NetUSE Hausmesse 2002 gewidmet.\nGenauer: Im Datenbanksinn ändern wir einen Primary Key und müssen alle Foreign Keys die diesen PK bezeigen mit updaten. \u0026ldquo;Saublöde Idee\u0026rdquo; ist das, was ein Datenbanker dazu sagen würde. Wir können Kristian auch heiraten lassen, so daß sich sein Name, also der cn ändert. Da Objektinformation Bestandteil des DN ist, ändert sich der DN, wenn sich das Objekt verändert - und wieder verbasteln wir einen PK. Auch das ist ein typisches LDAP-Problem mit seinen nicht-opaken IDs.\nEine ID sollte also möglichst opak sein, und sie sollte möglichst so beschaffen sein, daß Objekte während ihrer Lebensdauer niemals ihren Scope wechseln.\nWeitere Beispiel für solche Nicht-IDs sind Xlink/Xpointer/Xpath-Ausdrücke, also alles, was die Form hat wie \u0026ldquo;der dritte DIV nach dem zweiten H2 in dem Dokument mit der URL \u0026hellip;.\u0026rdquo;. Man kann sich leicht überlegen, daß solche Bezeichner abhängig sind vom Layout eines Dokumentes, von der Sortierung der Items auf der Seite und von vielerlei anderen Unwägbarkeiten und daher sehr instabil sind. Systeme, die auf solchen IDs aufbauen, um Daten wiederzufinden oder zu vergleichen, sind im Kern kaputt.\nIn XML kann man, so man seine DTD richtig herum zusammensetzt, jedes Element mit einem ID-wertigen Attribut mit dem Namen \u0026ldquo;id=\u0026rdquo; ausstatten und so jedem Element einen eindeutigen Bezeichner mitgeben. Solche IDs haben Document Scope, müssen also zusätzlich mit der URL des Dokumentes gescoped werden, damit sie weltweit (Na ja, DNS-weit, das ist etwas anderes) eindeutig werden.\nURLs selber bezeichnen aber Speicherorte, enthalten also mit dem Servernamen und dem Pfadnamen in der URL wiederum eine lange Folge von Scope-IDs. Will man das vermeiden, braucht man Lookup-Services, sie stabile Identifier in Speicherorte umwandelt - http://purl.org , http://home.pages.de , http://makeashorterlink.com , http://tinyurl.com sind nur ein paar Dienste, die solche Lookups mit unterschiedlichen Zielsetzungen und Lebensdauern durchführen.\nDas ist zugleich eine weitere wichtige Eigenschaft von IDs: Ihre Lebensdauer. Wie lange besteht die ID eines Objektes fort? Damit sie als ID funktionieren kann, muss sie mindestens die Lebensdauer des Objektes selber haben, so viel ist schon mal klar.\nIst es sinnvoll, daß die ID eines Objektes länger besteht als das Objekt selber? Ja, das kann sinnvoll sein. News-Server zum Beispiel heben die IDs von Nachrichten noch auf, nachdem sie die Nachricht bereits weggeworfen haben. Auf diese Weise können sie Artikelschleifen immer noch verhindern, auch wenn der eigentliche Artikel bereits gelöscht worden ist.\nLanglebige IDs erlauben es auch, Objekte zu versionieren. Dazu kann ich entweder die ID eines Objektes als Scope nehmen und die Versionsnummer als ID in diesem Scope auffassen (\u0026ldquo;kernel-2.4-3.rpm, kernel-2.4-4.rpm\u0026rdquo;, die IDs sind hier 3 und 4, und der Scope ist \u0026ldquo;kernel-2.4\u0026rdquo;) oder ich kann für jede Version eines Objektes eine neue ID vergeben und die Versionshistorie an jeder neuen Version abspeichern (\u0026ldquo;RFC 2822, obsoletes: RFC 822\u0026rdquo;, hier werden neue RFC-Nummern für jede Überarbeitung eines RFC-Objektes vergeben und es wird aufgezählt, welches RFC-Objekt durch den neuen RFC ersetzt wird).\nURLs sind keine IDs Wenn man jetzt ein Diskurs-System entwickeln möchte, dann muss man sich unbedingt darüber klar sein, was die Objekte sind, mit denen man arbeitet und welche Namen man für diese Objekte wählt.\nDer erste Schritt ist, daß man sich klar darüber wird, was die Objekte sind, mit denen man hier zu tun hat. Diese Objekte sind nicht Webseiten, auch wenn viele Blogger dies vielleicht glauben mögen. Die Objekte, um die es geht, sind Beiträge. Beiträge können Artikel sein, die ich geschrieben habe, oder Kommentare zu solchen Artikeln oder Kommentare zu Kommentaren. Beiträge können auch Artikel oder Kommentare auf anderen Sites sein.\nHaarspalterei? Nein.\nBlogs bezeichnen derzeit Artikel mit URLs. Aber eine URL wie die von diesem Artikel bezeichnet genau nicht meinen Artikel \u0026ldquo;Wir sind so geil, wir können XML\u0026rdquo;, sondern eine Webseite, auf der sich neben meinem Artikel auch mehr als ein Dutzend weitere Beiträge befinden, auf der ein Haufen Navigation herumfliegt, die mit dem Artikel nichts zu tun hat und auf der sich wechselnder Content befindet, der mit dem Artikel absolut gar nichts zu tun hat - ein Buchtipp, eine Werbung für T-Shirts, Kommentare zu anderen Artikeln und so weiter.\nAuch an andere Stelle begegnen wir diesem Missverständnis: http://www.debian.org bezeichnet zum Beispiel die Startseite des Debian-Projekts. Nur - je nachdem, welche Sprachpräferenz man in seinem Browser konfiguriert hat, erscheint unter dieser URL komplett anderer Text. Die URL ist gleich, aber je nach Content-Negotiation kommen vollkommen verschiedene Inhalte mit vollkommen verschiedenen MD5-Prüfsummen. Nicht die URL bezeichnet die Seite, sondern erst die Kombination von URL und Sprachpräferenz tut dies.\nGenauso: http://www.heise.de/newsticker bezeichnet die Newsticker-Seite von Heise. Nur - je nachdem, wann man diese Seite abruft, erscheinen unter dieser URL vollkommen andere Inhalte. Erst die Kombination von URL und Zeitangabe liefert eine bestimmte Seite. Zugleich: Auf dieser Seite befindet sich nicht ein Artikel-Objekt, sondern die Seite enthält eine lange Sequenz von Artikel-Objekten. Mit diesem Problem haben zum Beispiel Ratingsysteme zu kämpfen - welches Rating hat zum Beispiel http://www.cnn.com ? Und ist das davon abhängig, ob einer der dort angezeigten Artikel die nackte Brust von Janet Jackson zeigt? Mein Artikel http://koehntopp.de/kris/artikel/rating_does_not_work/ von 1999 dekliniert diesen Gedanken durch.\nMan muss sich also klar darüber werden, daß man bei Blogs eigentlich mit Beiträgen - also Artikeln und Kommentaren - hantiert, und daß RSS-Feeds und Webseiten mit Blogs nur die Repräsentation von Beiträgen sind. Eigentlich will man aber beim Datentausch über Beiträge reden, und nicht über ihre Repräsentation.\nWeil Blogs das in der Regel nicht tun, sind zum Beispiel Kommentare Objekte zweiter Klasse. Sie sind oft nicht referenzierbar und stehen oft nicht im RSS Feed des Blogs zur Verfügung. Wenn doch, dann auf jeden Fall in einem anderen Feed. Blogs tracken in der Regel auch nicht die Versionen von Beiträgen - wenn Artikel oder Kommentare überarbeitet werden, ändert sich die URL nicht und es ist unklar, ob das Trackback sich auf den aktuellen Artikel bezieht oder eine frühere Version davon.\nVergleiche dies mit NNTP: NNTP kennt keine Unterscheidung von Beiträgen in Artikel und Kommentare. NNTP vergibt ortsunabhängige IDs so gut dies möglich ist - Message-IDs sind mit dem Hostnamen des sendenden Rechners gescoped, aber die Message-ID eines Artikels ist kein Storage-Pfad. Stattdessen bietet der Dienst News intern einen Lookup-Dienst an, der eine Message-ID in einen Storage-Pfad umwandelt. Jeder News-Server hat einen solchen Lookup-Dienst und jeder News-Server liefert für dieselbe ID unterschiedliche Pfade (nämlich für seine Kopie des Artikels auf seiner Platte). NNTP kann also damit leben, daß es mehr als eine Instanz eines Objektes gibt, das macht NNTP sicher gegen Ausfälle und skaliert NNTP bis in planetenumspannende Dimensionen - NNTP kann nicht geslashdotted werden.\nVersionierungen werden von NNTP korrekt getracked: Wird ein Artikel überarbeitet, wird eine neue ID vergeben und die ersetzte alte ID in einer Headerzeile \u0026ldquo;Supersedes\u0026rdquo; korrekt referenziert. Der neue Artikel kann an Stelle des alten Artikels einsortiert werden, aber zugleich ist klar erkennbar, daß die Kommentare sich auf die alte Version des Artikels beziehen und nicht auf die neue, überarbeitete Version.\nDas System der Blogs ist verglichen damit fundamental verquast: Es ist nicht klar, auf was sich eine URL-ID bezieht. Insbesondere sind Kommentare Beiträge zweiter Klasse, da sie so gut wie gar nicht referenzierbar sind. Die URL-ID eines Beitrags enthält Ortsinformation - verlegt man das Blog, brechen die Verweise zusammen. Blogs können nicht skalieren, denn da die URL-ID eines Beitrags Ortsinformation enthält, kommen Blogs nicht damit zurecht, wenn mehr als eine Instanz eines Beitrages existiert. Ein Verteilsystem für Inhalte ist nur schwer realisierbar, da Teile der zu verteilenden Inhalte keine Namen haben und da nicht klar ist, auf welche Inhalte sich ein Name nun genau bezieht - sind Kommentare mitgemeint? Auf Webseiten ja, aber in RSS nein. Da die IDs in Blogs nicht versioniert sind, ist auch der Diskurs unklar: Auf welche Version eines Beitrages bezieht sich ein Autor, der mich backlinked.\nEines jedoch ist klar: Damit Blogs als Diskurs-System funktionieren, ist noch jede Menge Arbeit notwendig. Derzeit sind elementare Voraussetzungen für den Einsatz von erprobten technischen Lösungen noch nicht einsetzbar, weil wir die Dinge, mit denen wir arbeiten, noch nicht einmal benennen können.\nBlogs müssen als erster Verbesserungsschritt Content-Layer und Presentation-Layer voneinander trennen - Beiträge selber und die Darstellung von Beiträgen als HTML oder als RSS müssen konzeptuell voneinander getrennt werden und Bezeichner müssen sich auf Objekte der Content-Layer, nicht der Presentation beziehen.\nAußerdem müssen Blogs sich für Content-Objekte IDs zulegen, die diesen Namen auch verdienen. Also Bezeichner, die opak sind und keine Ortsinformation enthalten, damit sie nur verwendet werden, die Identität eines Artikels zu bestimmen, aber nicht, um den Artikel aufzufinden.\nDann erst kann man sich über Syndication, Push oder Pull und dergleichen mehr Gedanken machen. Dann erst kann man sich überlegen, ob und wie sich das alles skaliert. Dann erst kann man sich überlegen, wie man das alles mit Readern automatisiert. Und dann erst kann man sich überlegen, wie weit man Diskurs formalisieren möchte.\n","date":"2004-02-18T00:00:00Z","href":"https://blog.koehntopp.info/2004/02/18/urls-sind-keine-ids.html","tags":["blog","lang_de"],"title":"URLs sind keine IDs"},{"categories":null,"content":"Rumo ist ein kleiner Wolpertingerwelpe, der auf einem idyllischen Fhernhachenbauernhof auf Walter Moers Kontinent Zamonien aufwächst. Und wer immer noch geglaubt hat, daß Walter Moers\u0026rsquo; Bücher Kinderbücher seien, der wird schon auf den ersten paar Seiten eines Besseren belehrt.\nRumo wird, wie die Fernhachenbauern und alle anderen Lebewesen auf dem Bauernhof, von den bösen Teufelszyklopen verschleppt, die ihre Opfer lebendig verspeisen. Und während um ihn herum einer seiner Freunde nach dem Anderen von den Zyklopen gefressen werden, wächst Rumo zu so einer Art zamonischem Bruce Lee heran - wortkarg, blitzschnell im Kampf, und sich einmal blutig durch die Fauna und Flora Zamoniens prügelnd.\nDanach wird die Geschichte grausam.\nRumo, der inzwischen in Wolperting, der Heimatstadt aller Wolpertinger ein Zuhause gefunden hat, und gerade anfängt, sich ein Leben aufzubauen, kehrt zurück, um die Stadt von allen Lebewesen verlassen vorzufinden. Seine Freundin, seine Freunde und alle anderen, die er kennt, sind von dem wahnsinnigen Herrscher von Hel in die Untenwelt verschleppt worden.\nWährend sich Rumo auf den Weg in das dunkelste und tiefste Kellergeschoss von Zamonien erprügelt, unterstreicht Moers die Dringlichkeit einer Rettung, indem er das Schicksal der Freunde von Rumo im Detail schildert\u0026hellip;\nDieses Buch erzählt von der dunklen Seite Zamoniens. Es ist die dunkle Seite, die aus der disneyfizierten Fassung zeitgenössischer grimmscher Märchenbücher klinisch sauber herauseditiert ist - keine Menschen backende Hexen, kinderfressenden Wölfe und glühende, dornenbestückte Schuhe mehr für heutige Kinder? Es ist die dunkle Seite des Märchens, die die Märchenerzähler zuletzt in Ottfried Preußlers \u0026quot; Krabat \u0026quot; besucht haben.\nNachdem Moers in \u0026ldquo;Ensel und Krete\u0026rdquo; schon gezeigt hat, daß er aus Grimms Märchen direkt in einen LSD-Albtraumrausch abbiegen kann, stattet er in \u0026ldquo;Rumo\u0026rdquo; dieser älteren, finstereren Seite des Märchens einen ausgiebigen Besuch ab - eine Welt, in der Bären keine farbigen Plüschpelze haben, sondern Zähne.\nWenn man das weiß, und \u0026ldquo;Rumo\u0026rdquo; nicht für \u0026ldquo;Die zweiten 13/2 Leben des Käpt\u0026rsquo;n Blaubär\u0026rdquo; hält, ist es ein tolles Buch.\n","date":"2004-02-15T00:00:00Z","href":"https://blog.koehntopp.info/2004/02/15/fertig-gelesen-rumo-oder-die-wunder-im-dunkeln.html","tags":["book","media","review","lang_de"],"title":"Fertig gelesen: Rumo oder Die Wunder im Dunkeln"},{"categories":null,"content":"Wir sind so geil, wir sprechen XML . Nicht irgendein XML, nein, sogar RSS.\nNicht, daß mich jemand falsch versteht: Ich liebe S9Y und ich respektiere Garvins Arbeit. Es ist nur einer dieser Tage, an denen ich glaube, daß ich mich an den Kopf fassen muß.\nDa sitzt ein Haufen Leute aufeinander und schwallt sich mit \u0026ldquo;Blogriffen\u0026rdquo; und Wortblödungen zu, daß nicht nur mir ganz blümerant im Schädel wird. Oder wundert sich öffentlich , warum nicht mehr Leute bloggen.\nAber es ist nicht nur der Technobabble-Dummlall, der in der Szene rumschwappt, der dies alles schwierig macht. Es ist nicht nur die verwirrende Vielfalt von nicht richtig durchdachten und nicht richtig interoperablen Formaten mit Versionsnummern, die sich nur in Hundersteln unterscheiden , aber alle mit 0 anfangen. Es ist auch nicht, daß diese Formate weder richtig spezifiziert sind, noch die Inhalte in diesen sogenannten Formaten in den meisten Fällen richtig validiert sind.\nEs ist auch noch so, daß sich diese ganze Technik wie Dreck skaliert. Da habe ich nun also einen dieser megageilen RSS-Aggregatoren, die nur unter Windows zu kriegen sind und kann endlich 378 Blogs auf einmal lesen, ohne dabei sterben zu müssen (Manche Nisis behaupten das ginge). Und dann pollt sich mein Feedreader bei 378 Sites tot, die alle sowieso nur alle Jubeljahre eine Änderung haben?\n\u0026ldquo;Nein\u0026rdquo;, höre ich da die Blog-Apologeten rufen, \u0026ldquo;das brauchst Du nicht, denn wir pingen ja einen von fünf Millionen Blogroll-Aggregator-Services, wenn es was neues gibt.\u0026rdquo; Richtig, S9Y macht das sogar mit allen fünf Millionen gleichzeitig, wenn man will (Ok, es ist derzeit eine noch gerade mal einstellige Zahl). \u0026ldquo;Hier!\u0026rdquo;, brüllt mein Blog, \u0026ldquo;Mein Meister hat was neues geschrieben.\u0026rdquo;\nNur, wenn ich den Code in S9Y richtig gelesen habe, macht es genau dies - kein Stück mehr Informationsgehalt. Es wird der tatsächliche Content meines Eintrages nicht an den gepingten Service geposted. Dann kann er auch nicht von dort runtergeladen werden, sondern muß direkt von meinem Blog geholt werden.\nEs wird nicht mal eine eindeutige ID generiert, oder die URL des neuen Eintrages abgeliefert, nur die Base-URL des Blogs und ggf. die Base-URL des RSS-Feeds. Also kann sich ein Client vom Pingservice nicht einmal eine Liste der Einträge, die neu sind, runterladen, sondern muß sich das einzeln von den Blogs geben lassen. Wieviel schlauer wäre es, den Content gezippt im Batch direkt vom Pingservice zu ziehen?\nGarvin schreibt jetzt in seinem Artikel, daß man auch den RSS-Feed eines Blogs normal nicht nach \u0026ldquo;alle Artikel seit dem x.y.2004\u0026rdquo; fragen kann, oder alle Artikel seitdem URL z veröffentlicht wurde\u0026quot;. Man kann auch nicht sagen \u0026ldquo;Ich hab schon r, s, t, x, y, z\u0026rdquo; und das Blog antwortet \u0026ldquo;Dann fehlen Dir u, v und w\u0026rdquo;. Jeder NNTP-Server kann das, schon seit den 80ern.\nJe mehr ich über die sogenannte Blogosphere lerne, desto weniger beeindruckt bin ich. Wenn Ihr schon USENET in bunt neu erfindet, dann denkt doch bitte vorher 15 Sekunden nach, wie ihr Eure Formate spezifiziert, wie sie sich skalieren und wie man sie validiert - nichts von dem habt Ihr gemacht. Selbst ZCONNECT hat mehr Hirnschmalz in seine Strukturen investiert als dieser Haufen mausschubsender Scriptkiddies, die das definieren, was Konferenzen wie Davos bis zur Unbrauchbarkeit für sinnvolle Themen dominiert.\nSo aber kann ich Euch nur ein fröhliches FdI #67 an den Kopf werfen. Ihr suckt. Kapital.\nnews:blog.de.koehntopp.kris jetzt!\n","date":"2004-02-12T00:00:00Z","href":"https://blog.koehntopp.info/2004/02/12/wir-sind-so-geil.html","tags":["blog","usenet","lang_de"],"title":"Wir sind so geil, ..."},{"categories":null,"content":"","date":"2004-02-08T00:00:00Z","href":"https://blog.koehntopp.info/2004/02/08/cooties.html","tags":null,"title":""},{"categories":null,"content":"Vor einigen Jahren hielt ich einen Vortrag bei NetUSE über Bäume in SQL basierend auf einer Idee von Joe Celko. Das ist der eine Vortrag, über den ich wohl am meisten Post bekomme.\nDas Thema oder Problem kommt auch sonst sehr oft auf das Tapet - Baumstrukturen kommen an vielen Stellen immer wieder vor, und das relationale Modell bzw. seine gängige Implementierung in SQL unterstützen solche Dinge nicht besonders gut. Zeit, sich einmal systematischer Gedanken zu machen.\nMir sind drei Methoden bekannt, mit denen man Bäume in SQL modellieren kann. Die direkte Methode besteht aus einer Fremdschlüssel-Spalte parent_id, die auf den Vorgängerknoten in einem Baum zeigt. Wir nennen so etwas Zeigerbäume.\nCREATE TABLE zbaum ( id int not null primary key, parent_id int not null index, data_id int not null index ); Diese Methode ist zwar einfach, hat aber eine ganze Menge Nachteile, wenn man über mehr als eine Ebene arbeiten muß.\nWenn man also einen Pfad zur Wurzel benötigt oder die Tiefe eines Knotens bestimmen will, bei gegebener ID des Knotens. Hilfreich sind hier Bäume, in denen der Pfad von der Wurzel des Knotens abgespeichert ist.\nWir nennen dies Pfadbäume:\nCREATE TABLE pbaum ( id int not null primary key, pfad char(250) not null index, data_id int not null index ); Der Pfad ist jetzt die Folge von Ids, die im Baum zum aktuellen Knoten hin führt, manchmal mit einem Trennzeichen. Wichtig ist, daß man den Pfad aus IDs oder Schlüsselkandidaten (UNIQUE Items) aufbaut, wenn man auch mit einzelnen Pfadelementen Dinge tun will. Man kann auch sagen, daß die Pfadelemente nicht eindeutig sind, dann ist aber immer nur ein Komplettpfad eindeutig. Die Kombination VorgängerID/aktuelle ID ist es jedenfalls nicht - ein Fehler, den ich schon in mehr als einer Implementierung gesehen habe.\nDamit man nach dem Pfad sortieren kann, ist es nützlich, wenn die Pfadelemente alle die gleiche Breite haben. Für ein Element mit der ID 9 kann der Pfad dann also so aussehen: 001/004/009 (Die Wurzel ist ID 1, daran hängt ID 4, und das Blatt mit der ID 9). Leider setzt dies der Anzahl der Elemente im Baum und der Anzahl der Elemente pro Ebene Grenzen.\nDie in meinem Foliensatz beschriebenen Mengenbäume haben dieses Problem nicht und haben auch sonst einige sehr schöne Eigenschaften. Sie sind aber extrem Update-Intensiv beim Einfügen und Löschen von Knoten.\nGestern hatte ich eine Diskussion mit einem Kollegen, der eine Tabelle mit Performance-Meßpunkten für den Online-Betrieb verwaltet. Diese Tabelle ist ebenfalls baumartig strukturiert, und intern als Zeigerbaum realisiert. Dieser Ansatz kommt jedoch an seine Grenzen - sein Baum ist etwa acht Ebenen tief und enthält etwa ungefähr 10^5 Elemente in 10^4 Knoten.\nEine Query durch einen Zeigerbaum zur Generierung einer Navigationsansicht kann da auch auf einem Rechner mit 2 CPUs, 2 GHz und 2GB-Oracle schon mal zwei Minuten dauern. Jedenfalls ist das dringend optimierungswürdig.\nOptimierung bedeutet hier aber, daß die existierende Anwendung möglichst wenig verändert werden darf.\n\u0026ldquo;Mach das Performanceproblem weg, aber bau den Laden nicht um.\u0026rdquo;\nWir haben also auf dem Problem ein wenig herumgehirnt, und wollen jetzt einmal ausprobieren, ob es was bringt, eine Modifikation einzuführen, die den Zeigerbaum on demand rekursiv in einen Pfadbaum überführt. Das bedeutet, es wird eine Spalte Pfad eingefügt (die kann auch in einer Extratabelle stehen, sodass die bestehende Tabelle für den Test nicht verändert werden muß).\nDann wird die existierende Stored Procedure für den Tree Walk geändert, und zwar so, daß sie normal zur Wurzel läuft, und so die Koordinaten des Knotens im Baum bestimmt. Dabei guckt sie aber für jeden Schritt, ob der aktuelle Knoten schon einen Pfad enthält. Wenn ja, nimmt sie diesen vorberechneten Pfad und stoppt den Walk, um den Pfad des untergeordneten Knoden als \u0026ldquo;Pfad des Parents plus Trenner plus ID\u0026rdquo; abzuspeichern. Auf diese Weise müßte sich die Pfadspalte sukzessive mit gecachten Pfadergebnissen füllen und die Tree Walk-Funktion im Laufe der Zeit immer schneller werden.\nDie eigentliche Baumstruktur wird also immer noch wie in Zeigerbäumen gespeichert, aber die Rechenergebnisse des Walks durch den Zeigerbaum werden in Pfadbaumformat gecached. Wegen der Verwendung von Stored Procedures für den Walk müßte diese Änderung transparent für den benutzenden Code sein.\n","date":"2004-02-05T00:00:00Z","href":"https://blog.koehntopp.info/2004/02/05/baeume-in-sql.html","tags":["computer","lang_de"],"title":"Bäume in SQL"},{"categories":null,"content":"Die fließende Königin ist die Beschützerin von Venedig. Nur sie allein hat mit ihrer Magie die Mumien-Truppen des Pharao über 30 Jahre zurückhalten können.\nMerle ist Schülerin bei Venedigs berühmtesten und berüchtigtsten Spiegelmacher, Arcimboldo. Sie und ihre Mitlehrlinge liegen im Streit mit den Lehrlingen des gegenüberliegenden Hauses. Doch während sie sich im kleinen streitet, wird hinter den Kulissen der Stadt ein wesentlich größerer Kampf ausgetragen.\nMerle belauscht ein Gespräch und gerät in dem Versuch, die fließende Königin zu retten schon bald in den Strudel aus Intrigen und Magie. Sie lernt das Volk der Meerjungfrauen kennen und muss auf den Schwingen eines steinernen Löwen reitend aus der Stadt fliehen, während die Sonnenbarken des Pharao sie verfolgen.\nDie fließende Königin ist ein Kinderbuch von Kai Meyer, aber mir erscheint es in vielerlei Hinsicht besser geschrieben und spannender als seine Erwachsenenbücher. Kai Meyer zeichnet ein alternatives zwanzigstes Jahrhundert in einer Welt voller Magie, doch sieht diese Welt aus der Sicht eines Kindes, das seine ersten Schritte in der Welt der Erwachsenen macht. Was auf den ersten Blick aussieht wie \u0026ldquo;nicht ganz unsere Welt\u0026rdquo;, als Merle ihre Geburtsstadt verlassen muss zu einem Ritt in eine Welt wie sie fremder nicht sein könnte: Eine Welt, in der die Hölle ein Ort im Inneren der Erde ist, die Baba Yaga Russland beherrscht und die Truppen des wiederauferstandenen Pharao, Herrscher der Supermacht Ägypten, die Welt erobern.\nDas erste Buch einer Trilogie und außerdem zwei Bücher in einem: Ein spannender Roman mit jeder Menge Sense-of-Wonder und für so einen Erzählspieler wie mich außerdem noch ein brauchbares Sourcebook für ein Ad-Hoc Fantasy-Szenario auf einem Con oder einer Spielsession zwischendurch.\n","date":"2004-01-31T00:00:00Z","href":"https://blog.koehntopp.info/2004/01/31/fertig-gelesen-die-fliessende-koenigin.html","tags":["book","media","review","lang_de"],"title":"Fertig gelesen: Die fließende Königin"},{"categories":null,"content":"Auf debate tobt mal wieder eine dieser Urheberrechtsdiskussionen, ausgelöst durch einen Trollversuch von Thomas Riedel. Diese Diskussion und alle ihre möglichen Subthreads und Verläufe haben wir auf debate und anderswo ja schon oft genug gesehen.\nBewundernswert dabei Menschen wie Hartmut Pilch , die die Hoffnung noch immer nicht aufgegeben haben und glauben, man könne noch vermitteln zwischen einer Industrie, die ihre Kunden verklagt und besagten Kunden.\nIch sehe das etwas düsterer.\nDie Musikindustrie (was für ein Oxymoron!) befindet sich in meinen Augen in exakt derselben Situation wie SCO, und genau wie SCO kämpft sie um ihr Überleben. Sie hat nur mehr Mittel zur Verfügung und ist lobbymäßig besser aufgestellt. Anders als SCO müsste sie außerdem nicht in dieser Situation sein - 1998 hatte die Musikindustrie eine ausgezeichnete Ausgangsposition.\nAber genau wie SCO ist auch die Musikindustrie mit Gewalt dumm. Außerdem haben ihre Angehörigen Angst. Das macht sie gefährlich. Viel gefährlicher als SCO.\nIch antwortete Hartmut auf der Liste:\nWenn ich RIAA wäre, würde ich solche Systeme als Alternative aufbauen und damit die bestehenden Systeme von 2 Seiten angreifen (Konkurrenz + gesetzliche Auflagen).\nTun die so etwas vielleicht schon?\nNein. Das ist ja das Problem.\nBauen wir die aktuelle Situation aus Kundensicht doch einmal schrittweise auseinander:\nDie sogenannten legalen Anbieter setzen derzeit auf \u0026ldquo;legale Downloads\u0026rdquo; aus ihren proprietären Downloadplattformen. Diese haben alle Formate mit Digital Restriction Management, sind also mit Open Source nicht kompatibel und somit meist nur auf Windows abspielbar. Tatsächlich sind eine ganze Menge Shops gleich so gestaltet, daß sie nur mit Windows und dort nur mit der Sicherheitslücke MSIE benutzbar sind.\nIch persönlich kann dort schon gar nicht Kunde werden. Ich habe seit Ende 1992 kein Windows mehr im Einsatz.\nDie meisten dieser Download-Plattformen sind außerdem für Europäer gar nicht nutzbar. Hier hat sich die Lobby in ihrem Rechtemanagementwahn komplett in eine Ecke gemalt und bekommt neben der Technik auch die Juristerei nicht auf die Reihe. Angeblich gibt es derzeit 25 Download-Plattformen für Europäer. Macht doch mal eine Liste - welche kennt ihr? Welche dieser Plattformen habt ihr in der Werbung gesehen? Oder in Zeitungsartikeln? Und wieviele Artikel über Kazaa, Bittorrent oder den Esel habt ihr in den letzten 7 Tagen gesehen, an die Ihr Euch erinnern könnt?\nDas heißt, der ganze legendäre legale Contentreichtum steht derzeit im Grunde nur US-Bürgern zur Verfügung. Wo er Europäern zur Verfügung steht, wird er nicht aktiv beworben. Auch der vorgerippte Content, der als Entschädigung für die CDDA-Standardverletzung auf vielen CDs mitgeliefert wird, ist in der Regel mit einem Restriction Management System festgekettet. In Folge ist er nur mit dem auf der CD mitgelieferten Player abspielbar. Als Kunde muß ich mir also eine Sammlung von inkompatiblen Softwareplayern installieren (so ich ein Betriebssystem habe, auf dem diese laufen), um diesen Content nutzen zu können. Das ist nicht nur eine logistische Aufgabe, sie wird auch laufend schwieriger - oder meinst Du, daß alle diese Player auf Windows 2006 noch laufen werden? Was ist dann mit dem Content?\nDas heißt, bei dem ganzen Restriction-Geraffel handle ich mir nicht einen Player ein, sondern eine Sammlung von Playern, die speziell auf MEINER Plattform alle nicht funktionieren. Tatsächlich ist das einzige Format, daß alle Player uneingeschränkt abspielen können, das MP3-Format ohne Digital Restriction Management.\nDas ist ein echtes Problem. Die Situation: \u0026ldquo;Um diesen Titel abspielen zu können, muss ich jenen Player verwenden. Diesen anderen Titel kann ich jedoch nur in dem Player da abspielen.\u0026rdquo; Jetzt mach mal eine Party: \u0026ldquo;Mache bitte eine durchlaufende Playlist mit Überblendungen von allen diesen Titeln.\u0026rdquo;\nNoch besser: laß die Gäste auf der Party die Playlist selber manipulieren. Was glaubst Du, was solche Playerwechsel mit Deiner Party machen?\nDas heißt, Digital Restriction Management in seiner aktuellen Ausprägung versaut mir jede Party. Aber ich brauche wahrscheinlich sowieso einen speziellen Party-Player mit speziellen Party-Lizenzen für die Beschallung, um zu mehreren Spaß haben zu dürfen.\nWeiter: Die Downloadplattformen der Anbieter blockieren einander nicht nur mit inkompatiblen Softwareplayern auf dem PC. Sie schließen auch bestimmte Kundenkreise aus, wenn der Kunde zusätzlich noch darauf achten muss, dass er einen (portablen Hardware-) Player hat, der das Restricted Format der Downloadplattform x mit unterstützt.\nDas heißt, wenn ich Content haben will, der Mobil sicher funktioniert, muß ich MP3 verwenden.\nAn weitergehende kreative Anwendungen - Sampling, Mixes, Dubbing und so weiter - braucht man bei Restricted Content gar nicht zu denken.\nWir lernen: Nur wer Content aus P2P-Netzen bezieht oder selber rippt, kommt an eine Sammlung von Musikstücken,\ndie über Player- und Betriebssystemgrenzen hinweg portabel abspielbar ist, die kreativ einsetzbar ist und die zukunftssicher ist. Kauf-Musik mit Restriction Management hat keine Valueproposition für mich als Kunde. Insbesondere erwerbe ich keine Werte. Ich kann Geld, daß ich dort ausgebe, gleich als ca. Dreijahresmiete für das \u0026ldquo;gekaufte\u0026rdquo; Downloadstück abschreiben. Danach gehen die Player nicht mehr und Ersatz gibt es nicht, remote Restriction Management Sites sind nicht mehr erreichbar oder existent, die Platte meines Rechners hat sich zerlegt (und zwar gerade der Teil mit der Keysammlung, sodaß die eigentlichen Downloads sich in wertlosen Bitschrottverwandeln) oder das fragile Gerümpel fällt aus einem anderen Grund in sich zusammen.\nZum Vergleich: Meine CD-Sammlung hier geht jetzt bald zweilagig einmal die Wand meines Zimmers lang, das sind etwa 6 Meter CDs dicht an dicht gestapelt. Die Ältesten dieser CDs sind von irgendwann aus den 80ern. Was glaubst Du ist mit meiner Investition in heutige Download-Plattformen im Jahre 2024 los, oder auch nur 2014? Was ist für mich als Käufer und Sammler die bessere Investition?\nIch bin als Musik-Kunde so doch zwingend auf CDDA oder P2P-MP3s angewiesen. Alles andere wäre sträfliche Dummheit von meiner Seite.\nCDDA wird zunehmend nicht mehr angeboten.\nDie Reaktion der Kunden ist nur folgerichtig.\nDie Lobbyorganisationen und Verwertungsoligopole setzen auf Kriminalisierung der Nutzer. Sie haben keine Alternative. Es ist auch keine Alternative absehbar. Die einzige Quelle für funktionierende und portable Musik sind P2P Netze.\nDas ruft besser anonymisierende und besser verteilende Netze hervor. Dankenswerterweise erhöht sich der Druck auf P2P-Nutzer auch nur schrittweise, so dass die P2P-Nutzer und Entwickler in aller Ruhe eine Sequenz von P2P-Systemen mit jeweils einer Laufzeit von 1-2 Jahren austesten können, dann neue Angriffe auf diese Netze seitens der Verwertungsoligopole beobachten können, und schließlich in relativer Ruhe neue, verbesserte P2P-Plattformen deployen können.\nDas ist exakt derselbe Prozeß, den die IETF mit den RFCs getestet und als extrem brauchbaren Prozeß für die Entwicklung von funktionierenden und robusten Protokollen erkannt hat, nur daß das hier durch externen juristischen Druck motiviert und angetrieben wird.\nDie beobachtete Entwicklung ist zwingend.\nIch frage hier u.a. ziemlich viel, weil ich Positionen zur anliegenden Durchsetzungs-Rundumschlag-Richtlinie ausarbeiten muss, die von Herstellern proprietärer Informationen mitgetragen werden müssen.\nEs ist egal. Eine solche Richtlinie sorgt nur für den notwendigen Druck, der das Deployment der nächsten Runde P2P-Systeme lostreten wird. Ende 1998 entstand Napster. Das war der Zeitpunkt, zu dem die Anbieter von Musik hätten reagieren müssen und zu dem sie sich mit dem oben genannten Problemen hätten auseinandersetzen müssen - einheitliche Player, einheitliches Restriction Management, dauerhafte Value Proposition.\nDazu ein Marketing, das auf Vertrauen und partnerschaftlichem Kundenverhältnis beruht, statt auf Klagewellen gegen die Leute, die deren Jobs finanzieren sollten.\nStattdessen hat eine ganze Industrie 5 Jahre lang gepennt.\nGame Over.\nOder siehst Du irgendeinen Weg, der aus dieser Sackgasse herausführt? Der Kunden davon überzeugen könnte, daß Restricted Content eine Geldausgabe wert ist? Und für den noch Zeit ist?\n","date":"2004-01-27T00:00:00Z","href":"https://blog.koehntopp.info/2004/01/27/unerklaerlicher-umsatzrueckgang.html","tags":["politik","lang_de"],"title":"Unerklärlicher Umsatzrückgang"},{"categories":null,"content":"Vortrag auf der NuBIT 2003\nDer Feind in meiner Tasche Firewallkonzepte vs. Mobile Geräte\nInhalt Aufgaben und Positionierung von Firewalls Traditionelle Sicht auf das Netzwerk Neue Gefährdungen Wie sieht ein aktuelles Netz wirklich aus? Konsequenzen Neue Angriffe Neue Sicherungsmaßnahmen Wie kann sich eine Installation gegen diese Angriffe zur Wehr setzen? Aufgaben und Leistungen einer Firewall Choke Point Trennt Zonen unterschiedlicher Administration unterschiedlicher Sicherheitslevels Ist Meßpunkt Art, Menge und Gültigkeit von Netzverkehr Trust Boundary Trust Boundary Feste Grenzlinie \u0026ldquo;dort hört die Firma auf\u0026rdquo; Aller Verkehr passiert die Trust Boundary Prüfung auf Legalität Dekontamination Zentrales Verzeichnis aller Außen-kommunikation Zentrale Administration der Kommunikation Strukturierung der Kommunikation Firewall als Strukturbildner Abtrennung von Bereichen unterschiedlicher Gefährdung Funktion Wichtigkeit Die wahre Netzwerktopologie Bedürfnis nach Flexibilität Aufweichung der Grenzen VPN Tunnel \u0026ldquo;virtuelle\u0026rdquo; VPNs ssh Tunnel + Citrix/VNC Geräte Im-/Export Wireless Techniken GPRS, WLAN, Bluetooth Tunnel und andere Löcher I VPN Tunnel offizielle Löcher Endpunkte authentisiert Kommunikation verschlüsselt Endpunkte sind effektiv Rechner im LAN aber: Standort außerhalb der Firewall! VPN Client nur sinnvoll mit Firewall und Integritätsprüfung! Tunnel und andere Löcher II Selbstbau-VPN Tunnel ssh -L 8080:10.11.12.13:80 -l io.example.com \u0026ldquo;Logge Dich auf io.example.com als User ein\u0026rdquo; Tunnele die lokale 8080 an 10.11.12.13, Port 80 \u0026ldquo;Mache das Intranet von draußen zugänglich\u0026rdquo; Tunnel und andere Löcher III \u0026ldquo;Protokoll in Protokoll\u0026rdquo; SOAP \u0026ldquo;HTTP is a very RPC-like protocol that is simple, widely deployed, and more likely to function in the face of firewalls than any other protocol known to man\u0026rdquo; (http://msdn.microsoft.com/msdnmag/issues/0300/soap/default.aspx ) POST /string_server/Object17 HTTP/1.1 Host: 209.110.197.2 Content-Type: text/xml Content-Length: 152 SOAPMethodName: urn:strings-com:IString#reverse \u0026lt;Envelope\u0026gt; \u0026lt;Body\u0026gt; \u0026lt;m:reverse xmlns:m=\u0026#39;urn:strings-com:IString\u0026#39;\u0026gt; \u0026lt;theString\u0026gt;Hello, World\u0026lt;/theString\u0026gt; \u0026lt;/m:reverse\u0026gt; \u0026lt;/Body\u0026gt; \u0026lt;/Envelope\u0026gt; Mobile Geräte I Typische Probleme: Backup? Update? Software-Installation? Welche Geräte gehören zu meinem Administrationsbereich? Wann sind sie da? Wo waren sie inzwischen? Sind sie kontaminiert? Mobile Geräte II \u0026ldquo;Der Mitarbeiter hat sich SQL-Slammer auf dem Laptop zu Hause eingefangen und die Infektion nicht bemerkt.\u0026rdquo; \u0026ldquo;Das Gerät war im Suspend, der SQL-Slammer noch aktiv. Im Firmennetz ist das Gerät aufgewacht, hat eine neue IP per DHCP bekommen, und dann von dort das Firmennetz infiziert.\u0026rdquo; Spontane Vernetzung I Mobiltelefone sind universell und datenfähig Je restriktiver die Firewall, desto wahrscheinlicher kommt es zu spontaner Vernetzung an der Firewall vorbei. \u0026ldquo;Wenn das Attachment wieder nicht durch den Viruswall kommt, lade ich das eben kurz über das Handy. Stell es mal schnell auf Deinen Webserver.\u0026rdquo; \u0026ndash; Bei einem Kunden mitgehört Spontane Vernetzung II With a hand-held scanner, researchers were able to pick up information from company wireless networks by simply driving around the streets of London. The research identified that 63 per cent of the networks surveyed were left on default configuration, which clearly identifying the company owning the data and where it was coming from. http://theregister.co.uk/content/55/29337.html , 18-Feb-2003 U-Boote und Trojaner I Spyware Unterhaltungs-programme Grußkarten P2P Filesharing-Programme aber: Druckertreiber??? Mehr und mehr Komponenten melden Daten zurück an den Hersteller. Aktiver Content an unerwarteten Stellen: Mail mit Javascript Mobiltelefone mit Java und Active-X Unerwartete Funktionalität Mobiltelefone mit Kamera in Umkleideräumen? Mobile Sicherheit I Inventar- und Aktivitätskontrolle Welche Geräte sind in meinem Netz aktiv? Was machen die? Ist das (noch) normal? Mobile Sicherheit II Überwachung von Geräten, die aus dem Netz entfernbar sind: Anwendungsintegrität Ausführungskontrolle Auch disconnected! Sind Firewalls überflüssig? Sind Firewalls überflüssig? Definitiv nein. Sind Firewalls ausreichend? Definitiv immer weniger. Strategiewechsel: \u0026ldquo;Defense in depth.\u0026rdquo; ","date":"2003-11-01T00:00:00Z","href":"https://blog.koehntopp.info/2003/11/01/mobile-devices.html","tags":["lang_de","talk","publication","internet"],"title":"Mobile Devices - Der Feind in meiner Tasche"},{"categories":null,"content":" Methoden mit Klasse Am Wochenende hatte ich mit Till eine recht coole Unterhaltung über die Innereien von Qt. Qt hat den Signal-Slot-Mechanismus, mit dem es Methoden von Objekten aufruft.\nDazu werden einige Methoden eines Objektes in eine spezielle Runtime-Tabelle der Klasse eingetragen, mit Namen. Das sind Slots.\nSignale sind Platzhalter für Funktionsnamen, die in eine andere Tabelle eingetragen werden können. Mit connect() macht man so einen Eintrag: Man kopiert den Namen einer Funktion (genauer: eines Slots) in den Signalplatzhalter.\nWarum ist das Cool? Weil es Sachen zur Laufzeit macht, die C++ sonst nur zur Compilezeit kann. Damit gewinn man Flexibilität und kann Komponenten zur Laufzeit zusammenstecken, ohne daß man Gigabytes an Stuff neu compilieren muß.\nEs ist außerdem alt.\nIn Objective-C hatten wir genau das schon 1994 oder so. Besser sogar noch: In Objective-C sind alle Methoden automatisch immer Slots. Signale hat Objective-C als target (Zeiger auf ein Objekt) und action (Name einer Methode) definiert. Und in Objective-C sind alle Instanzvariablen das, was in Qt die Properties eines Objektes sind.\nZum Nachlesen: Artikel von 1997 und Objective-C Handbuch . Im übrigen ist bei Linux auch eine Objective-C Version des gcc dabei.\nDCOP Was hat das mit DCOP zu tun? DCOP ruft remote Methoden auf demselben Rechner auf. Das heißt, irgendein KPart bietet Zeugs an wie \u0026ldquo;Lade Text in Editor-Part\u0026rdquo; oder \u0026ldquo;Save den Mist ab\u0026rdquo; und irgendeine Shell (etwa KDevelop) callt das KPart. Manuell, mit einem essentiell funktionalen Interface.\nIn Objective-C hatten wir das genialer gelöst: Hier kann man ein generisches Proxy-Objekt erzeugen. Generisch heißt, daß es nicht Proxy für ein bestimmtes Objekt ist, sondern daß man dem Proxy zur Laufzeit sagt, für was es Proxy ist.\nDas Proxy-Objekt fragt dann seinen Klienten, was es für ein Objekt ist, welche Methoden der Klient hat und welche Instanzvariablen der Klient hat und wird selber zu einem Stand-In für den Client. Nun kann man den Proxy so verwenden wie man den Klienten verwenden würde, wenn er lokal ist.\nUnd der Proxy tütet die Callparameter ein, shipped sie per RPC zum Klienten, der rechnet rum, sendet ein Resultat zurück und der Proxy gibt das Resultat zurück. Resultat: RPC mehr oder weniger komplett verborgen, Proxy benutzbar als wär man selber da.\nGuide zum PDF Der eine interessante Teil ist ab Seite 55, wo die Syntax vorgestellt wird. Das kann man überfliegen, denn es ist Zuckerguß, aber wichtig, um die Beispiele lesen zu können.\nAuf Seite 87 stellen sie das Messaging vor. Das ist wichtig, und man kann es direkt auf Qt abbilden. Man lese auch Seite 90, Selectors. Das ist interessant, weil Qt es nicht kann. Auf Seite 92 erklären Sie target-action, was eine Art typenloses SIGNAL für Arme ist. Weil es typenlos ist, braucht man Code wie auf Seite 94.\nSeite 101 ist gruselig, und hat kein Äquivalent in Qt - Categories sind Erweiterungen bestehender Klassen (ich kann also nachträglich die Image-Klasse selbst erweitern, und der Code wird von allen bestehenden Unterklassen von Image erweitert).\nSeite 104 definiert Protocols, die von den meisten Leuten in anderen Sprachen als Interfaces bezeichnet werden. Die entscheidende Syntax ist auf Seite 112ff.\nEinige Speedup-Tricks mit dem Runtime findet man auf Seite 120, mit dem methodForSelector.\nDie Coolness beginnt auf Seite 145-151, Forwarding. Mit dem Dynamic Loading auf Seite 151 zusammen hat man dann ein sehr mächtiges Werkzeug in Form der NSBundle-Klasse, die das verpackt und OO-mäßig typsicher macht. Seite 152 geht dann gleich auf Remote Messaging by Proxy, worüber wir geredet haben.\nOffenbar hat Objective-C aber inzwischen noch ein paar Erweiterungen in der Sprache selber, die die weitere Spezifikation von Parametern erlaubt (\u0026ldquo;bycopy/byref\u0026rdquo;, \u0026ldquo;in/out/inout\u0026rdquo; und \u0026ldquo;oneway\u0026rdquo;). Das war vor sechs Jahren noch nicht so, da hat man sich mit anderen Konstrukten behelfen müssen. :-)\nAb Seite 163 geht es dann an die Interna, ich halte das für unsere Diskussion nicht mehr so interessant.\nDie Grammatik der Sprache ist auf Seite 211ff dargestellt.\n","date":"2003-10-24T00:00:00Z","href":"https://blog.koehntopp.info/2003/10/24/objc-oder-warum-dcop-so-kompliziert-ist.html","tags":["computer","lang_de"],"title":"ObjC - oder warum DCOP so kompliziert ist"},{"categories":null,"content":"Dead until dark ist die Geschichte einer Kellnerin, die Gedanken lesen kann und die sich einen Vampir als Liebhaber anschafft, während ihr Chef ein Werhund ist.\nNein, es ist keine Geschichte aus dem Laurell K. Hamilton -Universum, auch wenn sich die Bestandteile fast so anhören und entsprechend ist es kein bluttriefendes Gemetzel. Na ja, okay, es gibt einen Body Count, denn schließlich will es ein Krimi sein, aber anders als bei Laurell Hamilton ergießen sich keine Ströme von Blut über die Szenerie\u0026hellip;\nNett, unterhaltsam und schnell wegzulesen. Das Ende ein wenig antiklimaktisch - wie viele Leute gibt es, deren Gedanken Sookie Stackhouse nicht lesen kann und wer von denen kommt als Täter infrage? - aber letztendlich dennoch nicht langweilig.\n","date":"2003-09-08T00:00:00Z","href":"https://blog.koehntopp.info/2003/09/08/fertig-gelesen-dead-until-dark.html","tags":["book","media","review","lang_de"],"title":"Fertig gelesen: Dead until dark"},{"categories":null,"content":"Lord Gamma erinnert mich an die Geschichte eines anderen deutschen Sci-Fi Autors, die ich witzigerweise auf einem USA-Urlaub las. Ein riesiger pyramidenförmiger Flugkörper dringt in das Sonnensystem ein und nur die Nostradamus, ein experimentelles deutsches Schiff, ist in der Lage schnell genug dort hinzukommen, um das Objekt zu untersuchen, bevor es wieder verschwindet. Doch stellt sich heraus, daß ein Saboteur an Bord ist, daß auch andere Nationen auf dem Weg zur Pyramide sind und daß noch eine ganze Menge anderer Dinge faul sind.\nGoogol Eine Geschichte, in der im Weltraum mal nicht unbedingt Amerikanisch gesprochen wird, voll vom unbekümmerten Nationalismus und festen Glauben an die Ingenieurskunst, wie man ihn in Büchern aus den 1920ern, etwa bei Hans Dominik in \u0026ldquo;Der Wettflug der Nationen\u0026rdquo;, \u0026ldquo;Ein Stern fiel vom Himmel\u0026rdquo; und \u0026ldquo;Land aus Feuer und Wasser\u0026rdquo; finden kann.\n","date":"2003-08-31T00:00:00Z","href":"https://blog.koehntopp.info/2003/08/31/fertig-gelesen-googol-revisited.html","tags":["book","media","review","lang_de"],"title":"Fertig gelesen: Googol revisited"},{"categories":null,"content":"Lord Gamma hätte so cool sein können. Ein Typ, Stan, in einem Pontiac ohne Motor, fährt eine schnurgerade Gefällestrecke runter, in der sich die Landschaft alle 180 km wiederholt.\nAlle 180 km steigt er aus, dringt in einen Atombunker ein, in dem sich immer eine andere Gesellschaftsform gebildet hat, und befreit einen Klon seiner Frau, um ihn am Ende zu erschießen. Zwischen den Kapiteln Rück-, Fremd- und Zwischenblenden, die direkt aus einem Drogentraum hätten kommen können. Und spannend obendrein.\nUnd dann baut der Autor ein Ende daran, das versucht einen Drogenrausch, einen Albtraum, den beginnenden Wahnsinn zu erklären und aus der ganzen Geschichte ein Stück mehr oder weniger harte Sci-Fi zu machen.\nGna.\nMan hätte den letzten Akt und den Epilog einfach streichen sollen. Die meisten Geschichten werden durch Weglassen irgendwie besser. Geht Euch das auch so?\n","date":"2003-08-31T00:00:00Z","href":"https://blog.koehntopp.info/2003/08/31/fertig-gelesen-lord-gamma.html","tags":["book","media","review","lang_de"],"title":"Fertig gelesen: Lord Gamma"},{"categories":null,"content":"Kushiel\u0026rsquo;s Dart - Eine Mantel-und-Degen Geschichte in einer seltsamen Parallelwelt, in der die Römer Britannien nicht erobert haben und in der Jesus Sohn in Frankreich freie Liebe gepredigt hat.\nDie Heldin, eine Art Tempelkurtisane mit einer Wahrnehmungsstörung (Sie kann Pleasure und Pain nicht unterscheiden) wird von einem Altmeister der Spionage in die Lehre genommen und zu einer gefährlichen Waffe ausgebildet, die in den Salons und den Betten der Mächtigen zum Einsatz kommt.\nAußerdem der Beweis, daß ein Roman mit SM-Elementen nicht zwingend zu einem ekeligen Slave Girl of Gor werden muß. Ist ja auch von einer Frau geschrieben.\n","date":"2003-08-30T00:00:00Z","href":"https://blog.koehntopp.info/2003/08/30/fertig-gelesen-kushiel-s-dart.html","tags":["book","media","review","lang_de"],"title":"Fertig gelesen: Kushiel's Dart"},{"categories":null,"content":"Vortrag auf der NuBIT, Kiel, 2002\n","date":"2002-06-01T00:00:00Z","href":"https://blog.koehntopp.info/2002/06/01/enterprise-intranet-integration.html","tags":["lang_de","talk","publication","internet"],"title":"Enterprise Intranet Integration"},{"categories":null,"content":" Allgemeines Verwendete Version Alle Aussagen in diesem Artikel beziehen sich auf die aktuelle stabile Version von MySQL, wie sie in SuSE Linux 7.3 geliefert wird. Diese Version ist 3.23.44.\nDie aktuelle Version des MySQL-Clients wird beim Aufruf des Kommandos mysql genannt.\nkris@valiant:~\u0026gt; mysql Welcome to the MySQL monitor. Commands end with ; or \\g. Your MySQL connection id is 217 to server version: 3.23.44-log Type \u0026#39;help;\u0026#39; or \u0026#39;\\h\u0026#39; for help. Type \u0026#39;\\c\u0026#39; to clear the buffer. Die aktuelle Version des MySQL-Servers kann mit dem Kommando “select version()” erfragt werden. mysql\u0026gt; select version() as version; +-------------+ | version | +-------------+ | 3.23.44-log | +-------------+ 1 row in set (0.00 sec) Dieselbe Information kann man auch erfahren, indem man abfragt, welche Programmpakete installiert sind. MySQL bringt die folgenden essenziellen Pakete mit:\nkris@valiant:~\u0026gt; rpm -qa | grep mysql mysql-devel-3.23.44-5 mysql-shared-3.23.44-5 mysql-3.23.44-5 mysql-client-3.23.44-5 Das Paket mysql-shared enthält dabei die Client-Bibliothek libmysql.so, die von MySQL-Anwendungen wie etwa PHP, aber auch von allen anderen MySQL-Komponenten benötigt wird. Das Paket mysql-client enthält alle notwendigen Programme und Hilfsdateien um einen Datenbankserver zu connecten, das Paket mysql den Datenbank-Server sowie die Servertools. Will man Programme übersetzen, die mysql-shared verwenden, so sind die notwendigen Include-Dateien in mysql-devel zu finden. Ein fünftes Paket, mysql-bench enthält eine Reihe von Benchmark- und Testprogrammen, die so gut wie niemals benötigt werden.\nEinige Programme aus den Paketen setzen außerdem ein installiertes Perl (perl.rpm) und das Suse Paket perl-DBI.rpm (Perl-Paket DBI) sowie perl-Msql-Mysql-modules.rpm (Perl Paket DBD::mysql)voraus.\nMySQL online Die Website von MySQL ist http://www.mysql.com/ . Dort findet sich neben den aktuellen Downloads auch ein sehr gutes Online-Manual http://www.mysql.com/doc/ . Anwender von Suse Linux 7.x sollten sich nicht die Downloads von mysql.com antun, sondern die SuSE-Pakete von ihren CD-ROMs oder aus dem Suse Update-Download verwenden. Weitere Informationen zu MySQL finden sich in der FAQ von de.comp.lang.php sowie in der FAQ von de.comp.datenbanken.mysql.\nBücher Es gibt eine Reihe Bücher zu MySQL und zu Datenbanken allgemein. Eine Liste von frei verfügbaren Büchern findet sich in der ersten Frage zu MySQL in der dclp-FAQ (sql-lernen ).\nEin sehr empfehlenswertes Buch über MySQL ist das Buch von Paul Dubois (in englischer Sprache).\nEin sehr empfehlenswertes Buch über relationale Datenbanken ist das Buch von Andreas Heuer .\nEin sehr empfehlenswertes Buch über Datenbanken und Optimierung ist das Buch von Mark Gurry . Obwohl es für Oracle geschrieben ist, lässt sich die Diskussion dort weitgehend auf alle relationalen Systeme übertragen und ist generell sehr erhellend.\nMySQL im System administrieren Allgemeines MySQL besteht aus einem Serverprozeß, der eine Reihe von Threads startet und der von Clientprogrammen kontaktiert wird, die Kommandos an den Server senden und Resultate von dort erhalten.\nDas Startprogramm ist safe_mysqld, das wiederum den eigentlichen Server mysqld startet. Der Server erzeugt per Default drei Threads, die in Linux als separate Einträge in der Prozeßtabelle sichtbar werden. Jeder Connect an den Server erzeugt einen weiteren Thread, der in Linux ebenfalls als Eintrag in der Prozeßtabelle sichtbar wird.\nAlle Programme verstehen die Kommandozeilenoptionen –h (--host, default: Localhost) zur Angabe des Serverrechners, -P (--port, default: 3306) zur Angabe des TCP/IP-Ports, -u (--user, default: Der Unix-Loginname) zur Angabe eines Benutzernamens und –p (--password) zur Angabe eines Passwortes.\nKonfiguration Alle Programme aus dem MySQL-Paket lesen Konfigurationsparameter aus der systemweiten Steuerdatei /etc/my.cnf. Die Datei ist aufgebaut wie eine win.ini bzw. smb.conf und enthält Abschnitte, die die jeweilige Systemkomponente bezeichnen, für die die Konfigurationsanweisungen gelten. Der MySQL-Server wird im Abschnitt [mysqld] konfiguriert. Anwender können für Client-Programme die zentralen Einstellungen überschreiben, indem sie in ihrem $HOME eine Datei .my.cnf anlegen (für den Server ist es wenig sinnvoll, dort Einträge zu machen).\nStart und Stop, mysqladmin MySQL wird mit einem Programm mysqladmin geliefert, das den Serverprozeß steuern kann. Es versteht die üblichen MySQL-Optionen. Mit dem Kommando mysqladmin shutdown kann der Server kontrolliert heruntergefahren werden.\nDer Status des Servers kann mit den Kommandos mysqladmin status oder mysqladmin processlist überprüft werden. Einzelne Queries, die Amok laufen, können ohne einen vollständigen Stop des Servers mit mysqladmin kill angehalten werden. Die notwendigen PIDs können der Ausgabe von processlist entnommen werden.\nIn SuSE Linux ist es besser, den Server mit dem Start/Stop-Script von SuSE Linux anzuhalten und starten. Dieses Script befindet sich an der üblichen Stelle /etc/init.d/mysql und versteht die üblichen Parameter start und stop.\nMit mysqladmin variables können im übrigen Konfigurationsvariablen des Servers abgefragt werden, so wie sie in der /etc/my.cnf hinterlegt wurden.\nDatenspeicher im Dateisystem MySQL legt die Daten der Datenbank als Dateien in Verzeichnissen im normalen Dateisystem ab. Die Ablage erfolgt unterhalb des Verzeichnisses, das durch die Variable „datadir“ bezeichnet wird. valiant:~ # mysqladmin variables| grep datadir | datadir | /var/lib/mysql/ | Der physikalische Datenbankserver kann dabei eine Reihe von logischen Datenbanken hosten, die jeweils auf Verzeichnisse gleichen Namens unterhalb von „datadir“ abgebildet werden. valiant:/var/lib/mysql # find . -type d . ./test ./sync ./test_skoda ./mysql ./phpgroupware ./test_test ./test_sync valiant:/var/lib/mysql # mysqlshow +\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026ndash;+ | Databases | +\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026ndash;+ | mysql | | phpgroupware | | sync | | test | | test_skoda | | test_sync | | test_test | +\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026ndash;+ Jede Tabelle in einer logischen Datenbank findet sich in Form von drei Dateien in dem entsprechenden Verzeichnis wieder. Die Tabellen heißen jeweils so wie die Tabelle und kommen mit einer von drei Endungen: • .frm: Dies ist die Schemadefinition, also die Festlegung, welche Spalten in der Tabelle vorkommen, wie diese heißen und welche Eigenschaften sie haben. Diese Dateien sind in der Regel so um die 8 KB groß und haben eine relativ statische Größe. • .MYD: Dies ist die eigentliche Datendatei für die Tabelle. Sie wächst in Abhängigkeit davon, wieviele Zeilen die Tabelle hat. • .MYI: Dies ist der Speicher für die Indices, die auf einer Tabelle definiert sind. Sie ist um so größer, je mehr Zeilen die Tabelle hat und je mehr Indices auf einer Tabelle definiert sind. Alle Dateien und Verzeichnisse müssen demselben User gehören, unter dem auch der Datenbankserver ausgeführt wird. In Suse Linux 7.x ist das der user „mysql“ und die Gruppe „daemon“. Die Verzeichnisse, die den logischen Datenbanken entsprechen, sind in der Regel nur für den Datenbankuser zugänglich („mysql“, 0700), alle Dateien sind in der Regel für den Datenbankuser und seine Gruppe zugänglich („mysql:daemon“, 0660). Die Datenbankdateien und alle anderen Dateien in „datadir“ sollen nicht gelesen oder geschrieben werden, solange der Datenbankserver „mysqld“ läuft. Dies ist insbesondere für die Datensicherung wichtig: Da der Server Daten unter Umständen im Cache hält, ist die Sicherung dieser Dateien mit großer Wahrscheinlichkeit inkonsistent und führt nicht zu einem funktionierenden Restore. Stattdessen sind andere Methoden der Sicherung zu wählen. Logs MySQL legt eine Reihe von Logbüchern an. Die Logs liegen normalerweise in „datadir“: Log file Description The error log Problems encountering starting, running or stopping mysqld. The isam log Logs all changes to the ISAM tables. Used only for debugging the isam code. The query log Established connections and executed queries. (\u0026ndash;log=) The update log Deprecated: Stores all statements that changes data (\u0026ndash;log-update=) The binary log Stores all statements that changes something. Used also for replication (\u0026ndash;log-bin=) The slow log Stores all queries that took more than long_query_time to execute or didn\u0026rsquo;t use indexes. (\u0026ndash;log-slow-queries=) Mit dem Kommando „flush logs“ werden die Logbücher geschlossen und neu geöffnet (wichtig für einen Logrotate). Datensicherung Siehe auch http://www.mysql.com/doc/D/i/Disaster_Prevention.html . mysqldump Je nach Wunsch kann die Sicherung von MySQL als SQL-Quelltext (mysqldump) oder in Binärformat (mysqlhotcopy) erfolgen. In jedem Fall wird eine Kopie der Daten in der Datenbank erzeugt. Während der Erzeugung der Kopie sind die betreffenden Tabellen gelockt und die Puffer geflushed, sodaß sichergestellt wird, daß die Kopie konsistent ist. $ mysqldump –opt –c database | gzip –9 \u0026gt; database.sql.gz Dies erzeugt ein Backup der Datenbank database mit allen Tabellendefinitionen und allen Daten. Das Backup ist eine SQL-Kommandodatei, die mit dem Kommandozeilenclient wieder eingelesen werden kann. $ gzip –dc database.sql.gz | mysql database Da die ASCII-Form von SQL hoch redundant ist, ist eine Kompression des Backups mit gzip dringend angeraten. Die ASCII-Form hat jedoch den Vorteil, daß sie mit einem Editor bearbeitet werden kann, sodaß auch ein partieller Restore möglich ist. Oft möchte man außerdem mit $ mysqldump –opt –no-data database \u0026gt; database.schema das Datenbankschema ohne Daten getrennt sichern. mysqlhotcopy Die Sicherung mit „mysqlhotcopy“ setzt perl und korrekt installierte Perlmodule voraus. Die Syntax ist denkbar einfach: $ mysqlhotcopy database /var/tmp/database erzeugt eine Sicherung der Datenbankfiles mit konsistentem Zustand in /var/tmp/database. Diese Kopie der Datenbank kann dann auf Band oder CD-ROM gesichert werden. Anders als die Sicherung mit „mysqldump“ handelt es sich hier um eine Binärkopie der Datenbank, die weitaus weniger Platz verbraucht, schneller zu restaurieren ist, aber nicht editiert werden kann. Verlorenes Root-Paßwort recovern Siehe auch http://www.mysql.com/doc/R/e/Resetting_permissions.html MySQL speichert seine internen Daten in der logischen Datenbank mysql. Hat man diese Datenbank zerstört oder bei Spielereien mit Zugriffsrechten die Paßworte des Datenbankadministrators überschrieben, kann man nicht mehr auf den Datenbankserver zugreifen. Der Server läßt sich wie folgt recovern: Die Datenbank mysql existiert noch\nHerunterfahren des Servers mit „/etc/init.d/mysql stop“. Einsetzen der Option „skip-grant-tables“ in der /etc/my.cnf. Hochfahren des Servers mit „/etc/init.d/mysql stop“ Die Option „skip-grant-tables“ bewirkt nun, daß beim Connect gar keine Paßworte mehr abgefragt werden. Mit den Kommandos a. use mysql; b. update user set password=password(„\u0026hellip;“) where user=”root” kann ein neues Paßwort für den User root gesetzt werden. Statt derr „..“ ist dabei das Kennwort einzusetzen. Der Server kann nun heruntergefahren werden (siehe Schritt 1) und die Option „skip-grant-tables“ wieder aus der /etc/my.cnf entfernt werden. Danach kann der Server wieder normal gestartet werden. Die Datenbank mysql existiert nicht mehr oder ist beschädigt Wenn die Datenbank mysql so schwer beschädigt wurde, daß sie nicht mehr brauchbar ist, muß sie neu angelegt werden. Dabei gehen sämtliche Benutzerlogins und ihre Zugriffsrechte und Kennworte verloren und müssen neu angelegt werden. Die Daten in den anderen Datenbanken bleiben erhalten. Herunterfahren des Servers mit „/etc/init.d/mysql stop“ Aufruf von mysql_install_db Neues Setzen des root-Paßwortes wie in der Ausgabe von mysql_install_db beschrieben. Sicherheitshalber Stoppen und Starten des Servers, Testen des Zugangs. Datenbankadministration Anlegen von Usern Siehe auch http://www.mysql.com/doc/U/s/User_Account_Management.html Benutzer werden in MySQL mit dem Kommando „grant“ angelegt und mit dem Kommando „revoke“ gelöscht. Diese Kommandos können auch verwendet werden, um Benutzern mehr Rechte zu geben oder ihnen Rechte zu entziehen. In älteren Versionen von MySQL wurde derselbe Effekt durch direktes Bearbeiten von Tabellen in der Datenbank mysql erzielt. Dies ist nicht mehr empfohlen und sollte vermieden werden. Es ist wichtig zu wissen, daß Usernamen in MySQL nichts mit Usernamen in Unix zu tun haben. Es ist möglich, in MySQL User einzurichten, die es in Unix nicht gibt und umgekehrt. Auch konzeptuell besteht ein Unterschied: Usernamen in MySQL haben immer die Form „username@host“, wobei jedoch für den Hostpart Jokerzeichen zugelassen sind und der Username-Part leer sein darf. Ebenso sind MySQL-Zugangspaßworte von Unix-Zugangspaßworten verschieden. Sie werden auch anders verschlüsselt, wenn man in der Tabelle mysql.user direkt nachsieht (Funktion password() für MySQL-Paßworte, Funktion encrypt() für Unix-Paßworte). Werden User mit den Kommandos „grant“ und „revoke“ bearbeitet, liest der Server die geänderten Zugriffsrechte sofort neu ein. Spielt man manuell an den Tabellen herum, hat dies keine Auswirkungen, bis das Kommando „flush privileges“ ausgeführt wird (Oder „mysqladmin reload“ von der Kommandozeile gestartet wird). Einige Beispiele: • grant all on sync.* for beispieluser identified by ‘password’ Dies legt einen Benutzer „beispieluser“ an, der sich mit dem Paßwort ‚password’ anmelden kann. Der User hat alle Zugriffsrechte für die Datenbank sync mit allen darin befindlichen Tabellen, kann diese Rechte jedoch nicht weitergeben. • grant all on sync.* for logical_dba identified by ‚geheim’ with grant option Dies legt einen Benutzer “logical_dba” an, der sich mit dem Paßwort “geheim” anmelden kann. Der Benutzer hat nicht nur alle Zugriffsrechte für die Datenbank sync mit allen darin befindlichen Tabellen, er kann diese Rechte auch an existierende User weitergeben. Der User ist also der Datenbankadministrator für eine logische Datenbank. • grant all on . for admin identified by ‘master’ with grant option Dies legt einen Datenbankadministrator admin an, der sich mit dem Paßwort “master” anmelden kann. Er hat alle Rechte auf allen Tabellen. • grant select on sync.log for „logview@localhost“ Dies legt einen user logview an, der sich nur von localhost anmelden kann, dies dafür aber ohne Paßwort tun kann. Der User kann nur auf die Tabelle sync.log zugreifen. Das Löschen von Usern geht analog mit „revoke“. User werden in der Tabelle mysql.user gehalten. Dort vergebene Rechte gelten global (für alle Datenbanken). Den Usern werden in der Tabelle mysql.db Datenbanken und Datenbankrechte zugewiesen. Diese Rechte gelten nur für eine Datenbank. Normale User haben in mysql.user nur „n“-Flags stehen und bekommen ihre Rechte dann immer über die mysql.db-Tabelle. Admins haben Rechte an allen Datenbanken und haben daher an den passenden Stellen in mysql.user „y“-Flags stehen. Anlegen, Löschen und Anzeigen von Datenbanken Eine logische Datenbank kann mit dem Kommando „create database \u0026hellip;“ angelegt werden. Dies bewirkt im wesentlichen, daß das Verzeichnis in „datadir“ angelegt wird. (http://www.mysql.com/doc/C/R/CREATE_DATABASE.html ) Die Datenbank kann mit dem Kommando „drop database“ gelöscht werden. Das löscht nicht nur die Datenbank, sondern auch alle Tabellendaten und Tabellendefinitionen. Eine Rückfrage gibt es nicht, ein Undo gibt es nicht. (http://www.mysql.com/doc/D/R/DROP_DATABASE.html ) Eine Liste aller existierenden logischen Datenbanken bekommt man mit „show databases“. (http://www.mysql.com/doc/S/H/SHOW_DATABASE_INFO.html ) Alle folgenden SQL-Kommando wirken immer auf die aktuelle Datenbank. Diese wird im Kommandozeilenclient mit „use \u0026hellip;“ festgelegt. „use \u0026hellip;“ wirkt also wie ein chdir/cd-Kommando. (http://www.mysql.com/doc/U/S/USE.html ) Anlegen, Löschen und Anzeigen von Tabellen Siehe auch http://www.mysql.com/doc/C/o/Column_types.html und Eine Tabelle kann mit dem Kommando „create table \u0026hellip;“ angelegt werden. Dabei müssen auch die Spaltennamen der Tabelle, ihre Typen und weitere Optionen angegeben werden (http://www.mysql.com/doc/C/R/CREATE_TABLE.html) . Die Tabelle kann mit dem Kommando „drop table \u0026hellip;“ wieder gelöscht werden (http://www.mysql.com/doc/D/R/DROP_TABLE.html) . Der Aufbau der Tabelle kann mit dem Kommando „show columns from \u0026hellip;“ oder kürzer „describe“ oder „desc“ angezeigt werden (http://www.mysql.com/doc/D/E/DESCRIBE.html) . Informativer ist jedoch „show create table \u0026hellip;“. Dieses Kommando gibt das vollständige SQL-Kommando zum Anlegen der Tabelle aus. phpmyadmin Ein bequemes Tool zum Anlegen, Löschen und Bearbeiten von MySQL über das Web ist phpmyadmin (http://phpmyadmin.sourceforge.net/) . phpmyadmin ist ein sehr mächtiges Tool. Es muß auf jeden Fall in einem Ordner installiert werden, der durch eine .htaccess-Datei geschützt ist. Es ist ein beliebter Sport, mit Google oder einer anderen Suchmaschine nach offenen phpmyadmin-Installationen zu suchen. Relationales Modell Das relationale Datenbankmodell betrachtet Tabellen als Mengen (ohne Reihenfolge) von Zeilen. Eine Zeile wird als Tupel von Werten betrachtet, wobei das leicht vereinfacht dargestellt ist (Tupel haben Reihenfolge, aber Zeilen in Datenbanktabellen haben ebenfalls keine Reihenfolge, auf die man sich verlassen sollte). Das relationale Datenbankmodell definiert dann eine Reihe von Operationen, die man auf diesen Tabellen-Mengen durchführen kann und die jeweils neue Mengen liefern. Ziel ist es nun, eine Anfrage zu finden, die genau die gewünschte Ergebnismenge findet. Dies kann durch die Verknüpfung verschiedener Operationen erreicht werden, da die Operatioen jeweils wieder zu den Operatoren kompatible Ergebnismengen liefern (-\u0026gt; Algebra). Operationen im relationalen Datenbankmodell Projektion Die Projektion erzeugt aus den vorhandenen Spalten der verwendeten Tabellen neue Spalten. Dies kann durch Auswahl einer Teilmenge von Spalten geschehen, oder durch Erzeugung von neuen Spalten mit Hilfe von Rechenfunktionen und –operatoren. In SQL wird die Projektion als Liste von Spaltennamen und Funktionsanwendungen hinter dem SELECT-Statement geschrieben: select t1.s1, t1.s2, t2.s1, unix_timestamp(t2.s3) from t1, t2 Merke: Projektion == senkrechter Schnitt, Spaltenauswahl Selektion Die Selektion erzeugt aus den vorhandenen Zeilen der verwendeten Tabellen neue Zeilen. Dies kann durch Auswahl einer Teilmenge von Spalten geschehen. Die Auswahl kann durch Prädikate und Relationen erfolgen. In SQL wird die Selektion als Verknüpfung von Prädikaten und Relationen in der WHERE-Clause des SELECT-Statements geschrieben. select * from t1 where t1.s1 \u0026lt;10 and not isnull(t1.s2) Merke: Selektion == waagrechter Schnitt, Zeilenauswahl Join Der Join ist eine Verknüpfung von zwei Tabellen durch Bildung des Kreuzproduktes und Auswahl der gewünschten Teilmenge der Kombinationstabelle. Ein unqualifizierter Join erzeugt eine vollständige Kombination zweier Tabellen, das Kreuzprodukt: jede Zeile der Tabelle 1 wird mit jeder Zeile aus Tabelle 2 kombiniert, die Resultatstabelle hat count(t1) * count(t2) Zeilen. In der Regel möchte man nur eine Teilmenge des Kreuzproduktes haben, in dem man den Schlüssel von t1 mit dem Fremdschlüssel von t1 in t2 kombiniert (siehe weiter unten). select * from t1, t2 where t1.pk = t2.fk_t1 Merke : Join == Verknüpfung zweier Tabellen Rename Will man rekursive Strukturen (Bäume, Listen) erzeugen, muß man eine Tabelle gelegentlich mit sich selbst Joinen. Damit das gelingt, muß man die Elterntabelle von der Kindtabelle unterscheiden können. Dies macht eine Umbenennung notwendig. In SQL kann man Spalten und Tabellen umbenennen, indem man den neuen Namen mit AS in der Projektion oder Selektion nennt. select l.s1+l.s2 as spaltensumme from lange_tabelle as l Renames sind auch nützlich, um Rechenergebnisse (synthetische Spalten) sinnvoll zu benennen (hier: spaltensumme). Aggregation Siehe auch http://www.koehntopp.de/php/databases.html - sql-aggregation. In SQL kann man eine Reihe von Zeilen mit gleichen Eigenschaften zusammenfassen und bekommt so Zeilen, die Mengen sind. Man kann sich einen Repräsentanten dieser Mengen anzeigen lassen oder bestimmte Elemente mit Aggregatfunktionen auswählen. select max(preis) as regionaler_hoechstpreis from preise group by region Normalisierungen Wenn man eine Datenbankanwendung als Laie entwickelt, stellt sich schnell die Frage, wie man seine Daten auf verschiedene Tabellen verteilt. Man merkt schnell, dass sich bestimmte Strukturen für bestimmte Operationen als nicht sehr praktisch erweisen (siehe auch http://www.tu-chemnitz.de/wirtschaft/wi1/lehre/2001_ws/db/v6.pdf) . Ideal ist eine Speicherung der Daten ohne Redundanzen. Man gewinnt ein solches Tabellenschema durch Normalisierung. • 0 NF: Nach menschlichen Ordnungskriterien geordnete Daten, zum Beispiel Herrchen und Haustiere. • 1 NF: Ein Feld darf nur einen einzigen Wert beinhalten, d.h. ich soll nicht alle Haustiere eines Herrchens in eine Spalte quetschen und ich soll nicht Straße und Hausnummer in einer Spalte speichern. • 2 NF: Alle Werte müssen vom Primärschlüssel funktional abhängig sein, d.h. ich sollte nicht Informationen über Haustiere und deren Herrchen in ein und derselben Tabelle unterbringen. ◦ Was sind Schlüssel? ◦ Was sind Primärschlüssel? ◦ Was sind Fremdschlüssel? • 3 NF: Alle Werte müssen von einander funktional abhängig sein, d.h. ich sollte nicht die verschiedenen Wohnsitze des Herrchens mit seinen Geburtsmerkmalen in einer Tabelle unterbringen. Tabellenbeziehungen Nach einer Normalisierung hat man in der Regel eine große Anzahl von Tabellen, die zusammengefügt werden müssen, damit man wieder an die Daten kommt. Das Zusammenfügen erfolgt mit einem passenden Join, die Join-Bedingung bezeichnet in der Regel den Primärschlüssel einer Tabelle und den Fremdschlüssel dieser Tabelle in einer anderen Tabelle. Je nachdem, welche Art von Beziehung zwischen zwei Tabellen besteht, sieht der Join auch leicht anders aus. One-to-Many Relation Die häufigste Beziehung zwischen Tabellen ist die One-to-Many Relation, etwa “Eine Order enthält viele Items” oder “Ein Manager hat viele Angestellte”. Sie kann direkt auf Tabellen in einer Datenbank abgebildet werden. In einer One-to-Many Relation gibt es eine aufspannende Tabelle mit einem Primärschlüssel (z.B. die Ordertabelle oder die Managertabelle) und eine aufgespannte Tabelle. Die aufgespannte Tabelle hat eine Spalte, in der der Primärschlüssel der Zeile der aufspannenden Tabelle eingetragen ist, zu der diese Zeile gehört. OID Datum 1 11.01.2002\n2 12.01.2002\n3 12.01.2002\nIID OID Bezeichnung\n1 1 Keks\n2 1 Noch ein Keks\n3 2 Kein Keks\nMan kann erkennen, dass jedes Item in der Itemtabelle genau einer Order zugeordnet ist. Eine Order kann keine Items, genau ein Item oder mehrere Items enthalten. One-to-One Relation Eine One-to-One Relation tritt in Datenbanken eigentlich nur in zwei Situationen auf: • Die rechte Seite der Relation ist optional (One-to-Zero Relation) und nur relativ selten mit Werten gefüllt. ◦ Ein Sonderfall dieser Situation liegt vor, wenn man eine Reihe von Spezialisierungen eines Objektes modellieren möchte. • Es muß eine Key Translation durchgeführt werden. Ein Beispiel für den ersten Fall wäre eine Liste von Personenbeschreibungen. Für einige Personen existieren erweiterte Informationen, zum Beispiel Fotos und Homepage-URLs. Der genannte Sonderfall existiert in unserer Kundendatenbank, wo es zum Beispiel technische Objekte gibt. Diese Tabelle hätte eine ID und ein Typfeld sowie alle Informationen, die allen technischen Objekten gemein sind. Je nach Typfeld findet man dann die speziellen Informationen des technisches Objektes in einer anderen Tabelle, zum Beispiel beim Typ „TO_Web“ in der Tabelle TO_Web. Eine Key Translation ergibt sich dann, wenn man zwei unterschiedliche Systeme mit überschneidendem Datenbestand zusammenführen muß, zum Beispiel Kunden mit XAL-Kundennummern in der Warenwirtschaft mit Kunden mit KundenDB-Kundennummern in der technischen Verwaltung. Hier ist dann manchmal eine Forderung, daß es sich tatsächlich um eine One-to-One Relation handelt, also der rechte Teil der Relation niemals optional ist – normalerweise könnte man diese Tabellen sonst in einer einzelnen Tabelle zusammenführen, aber hier ist dies aus technischen Gründen nicht machbar. Many-to-Many Relation Eine Many-to-Many Relation (n:m Relation) liegt dann vor, wenn zwei Objektmengen frei miteinander verknüpft werden sollen, etwa Firmen und Personen oder Seminare und Teilnehmer einander zugeordnet werden sollen. In Tabellen ist eine Many-to-Many Relation nicht direkt darstellbar. Man braucht eine Hilfstabelle, die diese Zuordnung übernimmt. Diese Hilfstabelle hat manchmal keine eigenen Attribute und keinen PK, wenn sie eine reine Hilfstabelle ist. SemID Titel\n1 Kekse backen\n2 Holz hacken\nTeilnID Name\n1 Hans Hartmacher\n2 Willi Weichspüler\n3 Tanja Troll\nSemID TeilnID\n1 2\n1 3\n2 2\n2 3\nIm Beispiel hat die Hilfstabelle zur Verknüpfung von Seminaren mit Teilnehmern keine anderen Attribute als Fremdschlüssel von Seminar und Teilnehmer. Sie bekommt per Konvention dann auch keinen eigenen Namen, sondern den systematischen Namen sem_teiln_rel. Hätte die Tabelle weitere Attribute, dann muß man sich überlegen, welche Funktion die Tabelle im System wahrnimmt. Sie bekommt dann einen eigenen Namen und einen eigenen Primärschlüssel. Im Beispiel würde die Tabelle Buchungen von Seminaren speichern und eine Buchung könnte Attribute wie „Anreise am Vortag“ oder „Abreise am Folgetag“ haben. Wir würdne die Tabelle entsprechend Buchungen nennen und ihr eine Spalte BuchID geben. Arten von Joins Tabellen werden mit Hilfe der Join-Operation miteinander verknüpft. Je nachdem, welcher Art die Beziehung zwischen zwei Tabellen ist, können die Join-Operationen unterschiedlich sein. Equijoin Der Equijoin, straight join oder symmetric join ist die einfachste Verknüpfung zweier Tabellen miteinander. select o.datum, i.bezeichnung from order as o, item as i where o.oid = i.oid Dieser Join verknüpft die Order- und Item-Tabellen aus dem 1:n-Beispiel miteinander. Ausgegeben werden alle Orders mit den dazu gehörenden Items, sofern eine Order überhaupt Items hat. Left Join Der Left Join, Outer Join verknüpft ebenfalls zwei Tabellen miteinander, ist jedoch asymmetrisch (Ein Right Join ist identisch mit einem Left Join, bei dem beide Tabellen miteinander vertauscht werden und soll hier nicht weiter betrachtet werden). Das bedeutet, daß in jedem Fall alle Werte der linken Tabelle aufgeführt werden, an Stelle der rechten Tabelle jedoch an einigen Stellen Nullwerte auftauchen können, wenn dort keine Werte vorhanden sind. select o.datum, i.bezeichnung from order as o left join item as i on o.oid = i.oid Die linke Tabelle wird als aufspannender Tabelle, die rechte Tabelle als aufgespannte Tabelle bezeichnet. Self Join Um selbstreferentielle Strukturen erzeugen zu können braucht man einen Self-Join. Das ist ein Equijoin oder Left Join einer Tabelle mit sich selbst. Da hierbei der Name einer Tabelle zweimal auftaucht, muß mindestens ein Vorkommen der Tabelle mit dem as-Operator umbenannt werden, damit man beide Vorkommen unterscheiden kann. Selbstreferentielle Strukturen sind Bäume oder Listen. Sie treten immer dann auf, wenn ein List-of-Parts-Problem vorliegt, manchmal auch, wenn man einen Subselect vermeiden möchte. select v.name, m.name from mitarbeiter as v, mitarbeiter as m where m.manager = v.mid Self-Joins beliebiger Tiefe (echte Bäume) werden schnell unübersichtlich. Eine alternative Methode zur Baumgenerierung ist in http://www.koehntopp.de/kris/artikel/sql-self-references/ , http://www.koehntopp.de/tree.phps , http://www.develnet.org/tech/tutorials/3.1.html beschrieben. Multiple Joins In komplizierten Szenarien kann es vorkommen, mehr als zwei Tabellen gleichzeitig zusammenführen zu müssen. Ein Beispiel ist ein Seminarmanagementsystem, in dem Seminare, Seminartermine, Teilnehmer und Kostenstellenverantwortliche miteinander in einer Bestelltabelle verknüpft werden müssen: Um eine Bestellung ausgeben zu können, muß über die Termin-ID einer Bestellung die Seminar-ID eines Termins gesucht werden. select s.titel, t.beginn from seminar as s, termin as t, bestellung as b where s.sid = t.sid and t.tid = b.tid Die Joins werden hier einfach hintereinander geschrieben, und für je zwei miteinander zu verbindende Tabellen wird eine Bedingung in die WHERE-Clause mit eingeführt. Im Einsatz wird dann meist noch mindestens eine weitere Bedingung eingeführt, die nicht zu den Joins gehört, sondern eine Einschränkung auf dem zusammengeführten Bestand ist. Dies kann zum Beispiel eine Teilnehmer-ID oder eine Seminar-ID sein. In der WHERE-Clause befinden sich also Join-Bedingungen und Selektionsbedingungen. Multiple Left Joins In manchen Fällen will man mehrere Left Joins miteinander verbinden. Dabei kann es zur Bildung von Sternen oder Kaskaden kommen. Ein Stern liegt vor, wenn zwei abhängige Tabellen von derselben aufspannenden Tabelle abhängen. Eine Kaskade liegt vor, wenn eine aufspannende Tabelle eine abhängige Tabelle aufspannt, die wiederum eine weitere abhängige Tabelle aufspannt. select * from kunde as k left join ord as o on k.kid = o.kid left join x on k.kid = x.kid +\u0026mdash;\u0026ndash;+\u0026mdash;\u0026mdash;-+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+ | kid | name | oid | datum | kid | xid | kid | +\u0026mdash;\u0026ndash;+\u0026mdash;\u0026mdash;-+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+ | 1 | Hans | 2 | 2002-03-03 | 1 | 1 | 1 | | 2 | Franz | 1 | 2002-03-04 | 2 | NULL | NULL | | 2 | Franz | 3 | 2002-03-02 | 2 | NULL | NULL | | 3 | Otto | NULL | NULL | NULL | 2 | 3 | | 3 | Otto | NULL | NULL | NULL | 3 | 3 | +\u0026mdash;\u0026ndash;+\u0026mdash;\u0026mdash;-+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+ 5 rows in set (0.00 sec) select * from kunde as k left join ord as o on k.kid = o.kid left join item as i on o.oid = i.oid +\u0026mdash;\u0026ndash;+\u0026mdash;\u0026mdash;-+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;+ | kid | name | oid | datum | kid | iid | oid | beschreibung | +\u0026mdash;\u0026ndash;+\u0026mdash;\u0026mdash;-+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;+ | 1 | Hans | 2 | 2002-03-03 | 1 | 3 | 2 | Kein Keks | | 2 | Franz | 1 | 2002-03-04 | 2 | 1 | 1 | Keks | | 2 | Franz | 1 | 2002-03-04 | 2 | 2 | 1 | Noch ein Keks | | 2 | Franz | 3 | 2002-03-02 | 2 | NULL | NULL | NULL | | 3 | Otto | NULL | NULL | NULL | NULL | NULL | NULL | +\u0026mdash;\u0026ndash;+\u0026mdash;\u0026mdash;-+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;+ 5 rows in set (0.02 sec) Einige Konventionen für das Tabellendesign Wir haben im Haus einige Regeln für Tabellen, die das Tabellendesign ein wenig vereinfachen sollen und den Mitarbeitern leichteres Arbeiten ermöglichen sollen: • Jede Tabelle hat einen sprechenden Namen. Der Name ist, wenn möglich, singularform. Zu der Langform des Namens gibt es außerdem eine einheitliche und eindeutige Kurzform mit einem, zwei oder drei Buchstaben. Beispielweise heißt eine Tabelle „kunde“, nicht „kunden“. Ihr Kurzname ist „k“. • Jede Tabelle hat einen Primärschlüssel. Die Primärschlüsselspalte ist immer die am weitesten links stehende Spalte einer Tabelle. Der Name des Primärschlüssels ist der Kurzname der Tabelle mit dem angehängten Kürzel „id“ (kein Unterstrich). • Tritt der Primärschlüssel einer Tabelle in einer anderen Tabelle als Fremdschlüssel auf, so heißt er dort genauso wie der Primärschlüssel. Der Fremdschlüssel in die Tabelle kunde in der Tabelle bestellung heißt also bestellung.kid. • Jede Tabelle hat eine Spalte mit dem Namen changed vom Typ timestamp. Dies ist die am weitesten rechts stehende Spalte dieser Tabelle. • Tabellen, die nur n:m-Beziehungen realisieren, ohne eigene Attribute zu haben, haben keinen Primärschlüssel und unter Umständen auch keine changed-Spalte. Sie haben einen systematischen Namen, der sich aus den Kurznamen der involvierten Tabellen und dem Kürzel „_rel“ zusammensetzt. Beispiel: Eine Bestelltabelle ohne eigene Attribute kann s_t_rel heißen. Sobald eine solche Tabelle weitere Spalten bekommt, die über Fremdschlüssel von anderen Tabellen hinausgehen, muß sie einen eigenen PK und eine changed-Spalte bekommen sowie einen sprechenden Namen erhalten. Indices Ein Index ist eine geordnete Teilkopie des Datenbestandes einer Tabelle. Dadurch, daß der Index geordnet ist, kann mit Hilfe von „Suchen durch Halbieren“ ein Eintrag im Index mit logarithmischem Aufwand gefunden werden. An diesem Eintrag klebt dann die Blocknummer des gesamten Datensatzes im Originalbestand (n=1000, k=10; n=1000000, k=20; n=1000000000, k=30 für b=2). Setzen und Auslesen von Indices Mit Hilfe von „show create table x“ kann die Definition einer Tabelle als SQL-Statement angezeigt werden. Dabei sind auch die genauen Index-Definitionen enthalten. Mit Hilfe von „alter table x add index (y)“ kann ein Index auf eine Spalte gelegt werden. Mit Hilfe von „alter table x add unique (y)“ kann ein unique Index auf eine Spalte gelegt werden. Es ist möglich, einen Index auf eine Kombination von Spalten zu legen: „alter table x add index (y, z)“. Der Index kann verwendet werden, wenn eine Query auf die Spalten y und z losgeht oder wenn eine Query nur auf die Spalte y geht. Er ist nicht nützlich, um eine Query auf eine Spalte z zu beschleunigen. Werden um Platz zu sparen Indices manchmal in Dreiecksform definiert: „(x, y, z), (y, z), (z)“. Wann machen Indices Sinn? Ein Index spart der Datenbank das Durchlesen aller Datenblöcke einer Tabelle. In einem Datenblock sind meist mehrere Datensätze gespeichert (Beispiel: Blockgröße 2048 Byte, Datensatzgröße 50 Byte: 40 Datensätze pro Block). Wenn nur ein Treffer in einem Block enthalten ist, muss dennoch der ganze Block gelesen werden. Wenn die Selektivität des Schlüssels also nicht groß genug ist, rentiert er sich bei einer Suche nicht (Beispiel: Ein Schlüssel auf das Feld „Geschlecht“ in einer Datenbank). Indices machen außerdem nur dann Sinn, wenn das Laden des Schlüssels deutlich weniger Zeit in Anspruch nimmt als das Laden der Datensätze der Tabelle, also wenn der Bestand in den Tabellen groß genug ist. MySQL weiß das, und verwendet bei sehr kleinen Tabellen keinen Index, sondern hält die gesamte Tabelle vollständig im RAM. Ein Index macht also (in absteigener Reihenfolge) Sinn für • alle Primärschlüssel als unique Index (Warum?) • alle Fremdschlüssel als Index. • alle Spalten, die in where-Clauses vorkommen, wenn die Spalte mehr als 20 verschiedene Werte enthält. • alle Spalten, nach denen gruppiert wird • alle Spalten, nac denen sortiert wird Analyse der Performance von Queries mit EXPLAIN Siehe dazu auch das ganze Kapitel http://www.mysql.com/doc/Q/u/Query_Speed.html . Das Kommando „EXPLAIN“ kann jedem SELECT vorangestellt werden. Das Resultat ist eine Tabelle, die die Badness der Query ausgibt. Die Badness der Query ist das Produkt der Zahlen in der Spalte „rows“. Die Badness von zwei unterschiedlichen Queries ist nur bedingt vergleichbar, aber bei der Optimierung einer Query ist die Badness ein wichtiger Faktor, den es zu minimieren gilt. Wichtig sind auch die Ausgaben der Spalten possible_keys und keys, die angeben, welche Indices für die Query in Frage kommen und welche tatsächlich verwendet werden.\n","date":"2002-03-04T00:00:00Z","href":"https://blog.koehntopp.info/2002/03/04/mysql-3.html","tags":["lang_de","talk","publication","internet"],"title":"MySQL 3.23"},{"categories":null,"content":" Enterprise Mail Folien für eine interne Mitarbeiterschulung: Umzug und Erweiterung des Mailsystems bei mobilcom.de; für die evangelische Landeskirche Schleswig-Holstein; für Ver.di.\nWas ist Enterprise Level? Ausfallsicher\nbei Hardwareschaden bei Mailwellen Skalierbar\nüber alle User pro User Mails pro Ordner Order pro User pro Standort pro Domain Integrierbar\nkeine Firma ab einer bestimmten Größe hat ein homogenes Mailsystem unterschiedliche Zugänge für Anwender: POP3/IMAP4, mit SSL?, über Web? Für Anwendungen: Virus-Scanner? Mailinglisten? Pflegeinterfaces? Mail ist missionskritisch, inhomogen, Lock-In unbedingt vermeiden. Offene Software, offene Protokolle -\u0026gt; freie Wahl der Clients, freie Wahl der Serverkomponenten (Soft- und Hardware)\nbessere Skalierbarkeit, bessere Erweiterbarkeit, bessere Integrierbarkeit ins Backend\nHardwarekonzept Mailserver doppelt\nJede Maschine kann für beide übernehmen Storage doppelt\njedes Array hat alle Daten Multipathing Mehrere NICs Mehrere Kabelwege Sehr zufrieden mit dem Hardware-Range von Sun: Hardware für jede Größe von der kleinen X1 bis zur E15K, Software ist portabel über den gesamten Range.\nGroßer Schwerpunkt auf ausfallsichere Hardware:\nMonitoring Multipathing Hot Plug Ausfallszenarien:\nKiste fällt aus Migration der IP Migration der Platten Platte fällt aus RAID 1 (Veritas) Softwarekonzept Einsatz von Standardprotokollen\nPOP3, IMAP4, LMTP, SMTP, LDAP Einsatz von Standardsoftware\nsendmail 8.12.1, Cyrus IMAP, perdition Proxy, Veritas (VM, FS, CS), iPlanet Directory 4.x, Interscan Viruswall iPlanet war vorgegeben, da das führende LDAP iPlanet war.\nVeritas war vorgegeben, hat sich als sehr gute Wahl herausgestellt: Entwicklung von failover-Scripten harmlos.\nViruscheck vorgegeben: InterScan im Einsatz bei NetUSE, Kunden arbeiten auch mit Amavis und NAI oder anderen Systemen.\neigentliche Arbeitstiere sind freie Software:\nsendmail 8.12.1 hat bessere LDAP-Integration sendmail ist eigentlich ein MTA-SDK :-) perdition ist ein sehr leistungsfähiger Proxy Plugin-Architektur extrem gutmütig im Deployment übersichtlicher Code cyrus ist ein sehr skalierbarer POP/IMAP-Server schlecht dokumentiert eigenwillige Authentisierungsbibliothek SASL (Exkurs) ordentliche Architektur Skalierbarkeit Sizing\nper User: 1 MB RAM, 2 MB Swap, 1 MHz IMAP braucht mehr SSL braucht mehr! angemessen Plattenplatz Wieviel Plattenplatz ist angemessen?\n3 Kategorien 2 MB, 20 MB, 200 MB Jede Kategorie ist (großes Modell) 5 mal seltener als die vorhergehende (kleines Modell) 10 mal seltener als die vorhergehende Skalierbarkeit II Anwendungsbeispiel: ~5000 User\n700 zugleich verbunden, 100 davon mit IMAP ergeben: 1400 MB RAM, 3800 MB Swap, 700+ MHz 27 oder 63 GB Mailstore\nkleines Modell (27 GB) 45002 MB + 45020 MB + 45*200 MB großes Modell (63 GB) 45002 MB + 90020 MB + 180*200 MB Zahlen wurden auf Linux/Intel ermittelt, und an eigener Cyrus-Installation validiert. Zahlen an der Ist-Installation des Kunden validiert. Skalierbarkeit weitgehend linear. Problem ist partitionierbar.\nMigration Konvertierung\ndes vorhandenen Mailstore, der vorhandenen Aliases, der vorhandenen Listeninfrastruktur, der vorhandenen Routingstruktur Nahtlose Migration durch \u0026ldquo;Rückzug\u0026rdquo;:\n\u0026ldquo;Wechsel von Kopfsteinpflaster auf Autobahn während der Hauptreisezeit\u0026rdquo; Vorbereitung der Konvertierung Umstellung auf das neue System Durchrouten auf das alte System Während der Konvertierung \u0026ldquo;Rückzug\u0026rdquo; auf das neue System Konvertierung des Ist-Bestandes ist aufwendiger, fehleranfälliger als geplant.\nSystem ist grundsätzlich funktionsfähig; Umstellung ist wesentlich holperiger gewesen als intendiert; Umstellungsaufwand auch bei den Anwendern\nMigration II Typische Probleme:\nlustige Ordernamen (IMAP) defekte Aliasdaten Datenbestand nicht komplett wechselndes Mailrouting Hosts liefern mit unerwarteten Namen ein LDAP-Routing verhält sich anders als statisches Routing Umstellung für IMAP-Clients nicht transparent\nCAPABILITY IMAP Subscriptions Ordnernamen Lage des Sent-Folders Umstellung für POP3-Clients weitgehend transparent\ntriviales Protokoll nicht erweiterbar finaler Mailstore auf dem Client IMAP ist ein modulares Protokoll: Extensions sind nicht kompatibel, Normung ist nicht rigide genug. Propietäre Erweiterungen machen den Wechsel schwer Unterschätze niemals den Einfallsreichtum von Anwendern bei der Vergabe von Ordnernamen. Unterschätze niemals die tägliche Zielverschiebung durch das Tagesgeschäft.\nWeitere Szenarien Verteiltes Setup: 50+ Standorte, Workgroup-Size pro Standort, zentrale Administration, Begrenzte Hardwarekapazität\nGroßes Setup\n70 000+ Anwender Mailstore im TB-Bereich Virenscan muß skalierbar sein Quota Webmail Zugang muß skalierbar sein zentrale Bulk-Administration Integration in existierende Stammdatenverwaltung Weitere Szenarien II Zu erwartende Ausbaumöglichkeiten:\nCalendaring lokaler Client Web Access mehr Verschlüsselung Key Management Storage Management Migration alter Mail in Hintergrundspeicher Retrieval alter Mail Sichere Löschung alter Mail Mailtracking ","date":"2002-02-01T00:00:00Z","href":"https://blog.koehntopp.info/2002/02/01/enterprise-mail.html","tags":["lang_de","talk","publication","internet"],"title":"Enterprise Mail: große Mailsysteme, kleine Schmerzen"},{"categories":null,"content":" Directory Services vs. Relationale Datenbanken Überblick:\nEigenschaften von LDAP Eigenschaften von SQL Anwendungsbereiche von LDAP Anwendungsbereiche von SQL Strukturelle Probleme beim Einsatz von LDAP Warum wird LDAP dennoch verwendet? Gibt es weniger problematische Alternativen? LDAP im Schnelldurchlauf Wald von Bäumen aus Knoten Jeder Knoten hat mindestens die Attribute dn, objectClass Attribute sind ein- oder mehrwertig, haben Syntax (Typ) Besonderes mehrwertiges Attribut objectClass bestimmt, welche Attribute vorhanden sind MÜSSEN und DÜRFEN Einwertiges Attribut dn enthält den Pfad durch den Baum und ist Schlüssel (PK) Novell Directory Services, Active Directory und LDAP basieren auf den Ideen von X.500.\nDas Verzeichnis ist ein Wald von Wald von Knoten, Knoten haben Attribute, mindestens dn und objectClass.\nDie Vereinigungsmenge von objectClasses definiert, welche Attribute der Knoten haben MUSS und KANN. Dies entspricht NULL/NOT NULL in SQL.\nAttribute haben eine Syntax (einen Typ). Attribute können einwertig (etwa: dn) oder mehrwertig (etwa: objectClass) sein. Mehrwertige Attribute sind ein Verstoß gegen die 1NF in SQL und müssen in SQL in externe Tabellen ausgelagert werden. Denormalisierungen ziehen idR Anomalien bei INSERT/UPDATE/DELETE nach sich.\nDer dn beschreibt den Pfad durch den Baum und ist PK. PKs sollen strukturlos und invariant sein. Daß der dn nicht strukturlos ist, wird sich als bitteres Problem herausstellen. Daß der dn Positionsinformation enthält wird ihn nahezu unbrauchbar als PK machen (aber LDAP offeriert keine Alternative).\nSQL im Schnelldurchlauf Datenbank als Kollektion von Tabellen, Tabellen als Kollektion von Spalten, Spalten haben Typen Spalten sind NULL, NOT NULL. Spalten sind einwertig. Eine Spalte oder Gruppe von Spalten ist der PK. Spaltendefinitionen mit Typen definieren ein rigides Typschema, das nur durch Nullwerte geringfügig aufgelockert wird. Dennoch flexible Struktur, da über Beziehungen zwischen Tabellen variable Verbindungen aufgezogen werden können. Schlüssel und Integritätsbedingungen sind frei definierbar und frei wählbar.\nUmfangreiches Handwerkszeug zur Definition von Datenstrukturen und deren Pflege vorhanden.\nSQL Operationen SQL erlaubt komplexe Operationen auf Tabellen:\nSelektion (WHERE-Clause) wählt Zeilen Projektion (Spaltenliste) wählt Spalten Aggregation (GROUP BY-Clause) erlaubt Zählungen Join erlaubt Tabellenverknüpfungen Rename erlaubt Self-Joins und damit rekursive Strukturen (Bäume etc) Das Ergebnis jeder Operation ist wieder eine Tabelle. Mit Subqueries kann die generierte Tabelle weiter verarbeitet werden (Relationen \u0026ldquo;Algebra\u0026rdquo;).\nDiese fünf Operationen erlauben es, den auf viele Tabellen verstreuten (normalisierten) Bestand dynamisch zu rekombinieren. Dabei sind auch Rekombinationen möglich, die ursprünglich nicht antizipiert wurden (Ad-Hoc Queries). Ad-Hoc Queries sind ein typisches Phänomen bei der Recherche und der Reportgenerierung.\nSQL ist mächtig genug, um selbstreferentielle Strukturen definieren zu können.\nEine Reihe von Einbaufunktionen entlastet den Client noch weiter und erlaubt es, beträchtliche Teile der Logik im Server ablaufen zu lassen.\nMinimierung des Netzverkehrs und sinnvolle Aufteilung der Anwendung zwischen Server und Client.\nLDAP Anwendungen Authentisierung\nam OS (PAM) an der Anwendung (mod_auth_ldap etc.) Konfigurationsdaten\nNetscape Roaming sendmail Aliases etc. Verzeichnis (Recherche)\nAdreßverzeichnisse Characteristika:\nkurze Verbindungen connect, query, disconnect connect, disconnect (authentication only) triviale Queries Existenzanfragen Attributanfragen (dn, attribut) -\u0026gt; (werte) Objektauslesung (dn) -\u0026gt; (attribute, werte) Sinnvolle Anwendungen von LDAP:\nHit and Run-Anwendungen: Anmeldung am OS, am Webserver, am IMAP/POP-Server. Laden von Konfigurationsobjekten aus dem LDAP-Server. LDAP ist für Lesen optimiert. LDAP ist für viele Zugriffe pro Sekunde optimiert. SQL Anwendungen Datenspeicher für Anwendungsdaten\nPersistente Daten Normalisierte Daten Business Rules\nIntegritätsbedingungen Accessfunktionen Lockingmechanismen\nZugriff durch mehrere Instanzen derselben Anwendung Zugriff durch verschiedene Anwendungen Characteristika:\nlange Connects mit vielen Queries langlaufende Queries Joins Sortierungen berechnete Werte viele Schreiboperationen konkurrente Schreiboperationen -\u0026gt; Locking zusammengesetzte Schreiboperationen -\u0026gt; Transaktionen Sinnvolle Anwendungen von SQL: Stay and Run-Anwendungen; eine Verbindung, viele Queries. Möglichst viele Daten auf dem Server verwerfen, nur die notwendigen Daten übertragen.\nKomplexe und konkurrente Updates; Locks; Transaktionen.\nBusiness Logic an den persistenten Objekten der Anwendung speichern, Daten werden zwischen verschiedenen Anwendungen shareable.\nDie Integritäts- und Update-Logik für diese Daten klebt an den Daten, nicht in den verschiedenen Anwendungen.\nKein Zugriff, insbesondere kein schreibender Zugriff an dieser Logik vorbei möglich.\nRelationenmodell in Verzeichnisdiensten Woher kommen die Daten im Verzeichnis?\nWelches ist das führende System? Wie strukturiere ich den Verzeichnisbaum?\nNebenbedingungen: Replikation Naming Attributes Wie strukturiere ich meine objectClasses?\nWelche Art von Anfragen wird erwartet? Sollte ich nicht doch lieber ein RDBMs nehmen?\nDas Hauptproblem besteht oft darin, daß versucht wird, LDAP für mehr als simple Logins einzusetzen. Selektion und Projektion sind vorhanden; Aggregation, Join und Rename nicht. LDAP-Struktur muss die auftretenden Anfragen antizipieren.\nPKs sind instabil. Nebenbedingungen der Replikation machen stabile PKs oft unmöglich. Diese Faktoren bestimmen das Design von LDAP.\nLachhafte technische Basis erzeugt eigenartige technische Anforderungen. LDAP-Server halten den Datenbestand effektiv im RAM. Der Datenbestand kann daher eine vorbestimmte Größe kaum überschreiten.\nLDAP-Server geben nur partiell relevante technische Daten an: Queries/sec nicht mit SQL vergleichbar. Wo ein LDAP 40.000 Queries braucht, kommt SQL mit einem Join hin.\nHäufige Designprobleme in LDAP LDAP wird als führende Datenbank eingesetzt\nLDAP wird stark beschrieben\nLDAP wird konkurrent beschrieben\nLDAP dynamisch beschrieben\nEs bestehen abzufragende Beziehungen zwischen LDAP-Objekten\nLDAP wird zur Reportgenerierung verwendet\nDer LDAP-Bestand wird hierarchisch strukturiert\nDer LDAP-Bestand muss hierarchisch strukturiert werden\nSetzt man LDAP als Verzeichnisdienst (also als Logindatenbank) ein, kann es funktionieren. Jeder andere Ansatz wird sehr, sehr weh tun.\nLDAP wird als führende Datenbank eingesetzt LDAP-Attribute haben eine Syntax (einen Typ)\nTypen sind zahlreich und im Standard vordefiniert Typen sind schwer erweiterbar Integritätsbedingungen können nicht definiert werden. iPlanet erlaubt Plugins, die Integrität checken können. Beziehungen zwischen Objekten sind in LDAP nur schwer darstellbar und instabil.\nPK ist immer der dn dns sind jedoch unter Umständen instabil Aliases sind ein optionales Feature von LDAP\nNur Blattknoten können Aliases sein. LDAP bietet nicht die adäquaten Mechanismen, um als führende Datenbank eingesetzt werden zu können: Intra-Objekt-Integrität nur durch Typen (Syntaxen) gewährleistet, keine Trigger, keine Foreign Keys. Inter-Objekt-Integrität nur durch propietäre Plugins (Compilate) gewährleistet, keine Stored Procedures, Trigger, Rules. Typensystem nicht durch Definitionen oder Einschränkungen erweiterbar.\nKeine Joins, Renames, und damit keine Relationen. Nachbildung von Joins durch Prejoins (Struktur oder Aliases) oder durch iterative Queries. Iterative Queries erzeugen wahnwitzigen Traffic im Netz und auf dem Server. Beispiel: Liste von Usern nach Standorten\nLDAP wird stark beschrieben LDAP ist als Protokoll für Leseoperationen optimiert.\nEs existiert noch kein standardisiertes Bulk-Update Protokoll.\nIn OpenLDAP und iPlanet ist der LDAP-Datenspeicher ein Sleepycat DB/3. In einigen LDAP-Servern sind Schreiboperationen ungeschickt implementiert: Flush nach jedem Write. Replikation zwischen Servern skaliert sich nicht gut bei starken Schreiboperationen.\nNicht standarisiert. Oft als reguläre Schreiboperation eines privilegierten Benutzers implementiert (\u0026ldquo;triviale Implementierung\u0026rdquo;) iPlanet kann immerhin out-of-sync Replica automatisch neu aufbauen. In älteren LDAP-Servern flog nach heftigen Updates die Replica weg: Jedes Write auf den Server gab ein Write auf der Replication. Jedes Write gab ein Flush auf die Platte.\nLDAP ist zwar standardisiert, aber heterogene Replikation ist dennoch noch immer eine schwarze Kunst.\nWenn Replikation über reguläre Writes mit einem speziellen User realisiert ist, skaliert sie sich nicht gut. Proprietäre Bulk-Updates skalieren sich gut, erzwingen aber homogene Serverinstallationen.\nLDAP wird konkurrent beschrieben LDAP definiert einzelne add oder modify-Operationen als atomar. LDAP kennt keine Locks und keine Transaktionen Synchronisation und Konsistenz sind damit Sache der Anwendung. Hierzu ist wenig zu sagen:\nOhne Transaktionen kein Undo von mehrteiligen Updates, keine Read-Konsistenz. Ohne Locks ist so etwas auch kaum nachbildbar. Beispiele:\nVergabe von uids beim Usereintrag durch klassischen read-modify-write-Zyklus: Bestimme höchste belegte UID. Ermittele nächsthöhere UID. Belege diese UID im LDAP. Da keine Locks vorhanden sind, ist rmw nicht implementierbar (aber UID kann als Attribut UNIQUE gesetzt werden).\nDamit schlägt ein doppelter ADD fehl -\u0026gt; retry (Potential für Livelock) LDAP wird dynamisch beschreiben Viele LDAP-Server speichern die Schema-Definition out-of-band\nExterne Dateien, die per include in die Serverkonfiguration mit eingebunden werden. Damit ist eine Änderung des Schemas im Betrieb und durch LDAP unmöglich.\nDies fördert sehr entspannte objectClass-Definitionen (MAY-Inflation) Out-of-band Schemadefinition macht Introspektion schwierig\nWelche objectClasses kennt der Server? Welche Attribute erlauben und definieren sie? Dynamische Schemadefinition ist nur in esoterischen Anwendungen von Bedeutung.\nEntwicklungssysteme Generische Infrasturkturanwendungen Ähnliche Argumentationen gelten für Introspektion.\nBeziehungen zwischen LDAP-Objekten Der PK in LDAP ist immer der dn.\nDer dn ist nicht opaque, sondern hat Struktur: Pfadinformation. Konsequenz: dns sind instabil. Verschiebt man ein Objekt im Baum, ändert sich der dn. Damit sind alle Referenzen auf das Objekt ungültig. iPlanet dn Plugin; cascading Updates LDAP kennt keine JOIN-Operation\nPrejoined Structures über Aliases oder andere Referenzen keine dynamisch zusammengesetzten Strukturen. Aliases sind nicht generisch (Leaf-Nodes only). LDAP kennt kein Join (und kein Rename): Art der antizipierten Anfragen bestimmt die Struktur des Schema. Ad-Hoc Anfragen sind prinzipiell nicht oder nur mit gewaltigem Overhead realisierbar.\nBei Kenntnis der Struktur ist die Konstruktion einer pathologischen Anfrage eine Fingerübung für den geübten Designer: Invertiere die Struktur und konstruiere eine sinnvolle Anfrage auf der invertierten Struktur.\nDa der dn nicht opak ist, sind keine stabilen Referenzen implementierbar. dn-Rename Plugin von iPlanet generiert entsprechend gewaltige Serverlast.\nLDAP wird zur Reportgenerierung verwendet LDAP kennt keine Aggregation\nReports können nur durch Durchlesen des Bestandes erstellt werden. LDAP kennt keine serverseitigen Funktionen\nFunktionswerte können nur durch Durchlesen des Bestandes erstellt werden. LDAP kennt keinen JOIN\nReports machen oft Gebrauch von ad-hoc Beziehungen zwischen Teilmengen, aber ohne Join können diese nicht effizient generiert werden. Beispiele:\nWelche Mitarbeiter haben mehr als einen PC? Welche PC werden von mehr als einem Mitarbeiter verwendet? Beachte die Invertierung.\nLDAP hat keine Einbaufunktionen. Statistiken scheiden ganz aus.\nHierarchische Struktur im LDAP I Der PK in LDAP ist immer der dn.\nDer dn enthält Strukturinformation.\nÄndert sich die Position eines Objektes in der Struktur, ändert sich der PK dieses Objektes\nKlassischer Fall von nicht normalisierter Struktur: Daten und Struktur nicht getrennt\nEin Objekt ist oft Mitglied in verschiedenen Hierarchien\nMitarbeiter ist einsortiert organisatorisch (\u0026ldquo;Abteilung 1.3.2\u0026rdquo;) räumlich (\u0026ldquo;Deutschland, SH, Kiel, Hauptstelle\u0026rdquo;) projektbezogen (\u0026ldquo;IT Infrastruktur, Netzwerke, UMTS-Pilot\u0026rdquo;) Redundante Datenhaltung durch nicht normalisiertes Datenmodell Veränderliche PKs, Datenbankdesigners Alptraum: nicht normalisiert.\nBaumstruktur enthält die Daten selbst, keine Referenzen auf die Daten nur ein Baum, nicht mehrere, möglich Besser:\nunstrukturierte Menge von Objekten Baumstruktur mit Zeigern in diese Objekte. Hierarchische Struktur im LDAP II LDAP erlaubt die Partitionierung des Bestandes nur nach Teilbäumen\nErzwingt die Bildung von Hierarchien im Bestand\nErzwingt damit instabile dns\nPartition: Vollständige Überdeckung durch disjunkte Teilmengen. Definiert Äquivalenzklassen (etwa: gerade, ungerade).\nPartition: Wird für Replikation gebraucht\nTriviale Partition: Identität. LDAP partitioniert nur nach Naming Attributes\nOracle partitioniert nach beliebigen Prädikaten zur Äquivalenzklassenbildung.\nReplikation erzwingt hierarchische Struktur, die Eingang in den dn findet.\nMigriert ein Objekt von einer Partition in eine andere (\u0026ldquo;Standortwechsel\u0026rdquo;), ändert sich zwingend der dn und damit werden alle Referenzen ungültig.\nGroßes Dilemma!\nWir designen: 3-Level-LDAP, wann immer möglich (ou=tablename, o=company, c=de)\nFazit I LDAP ist der Teil von X.500, der \u0026ldquo;brauchbar\u0026rdquo; war. LDAP verwirft elementare Erkenntnisse des relationalen Datenmodells. Damit ist auch der brauchbare Teil von LDAP aus der Sicht des Datenbankdesigners unbrauchbar und gefährlich. Der Einsatz von LDAP als führende Datenbank ist zu vermeiden. LDAP-Bestände sind möglichst als flache Tabellen zu strukturieren. Nichttriviale Dinge sind mit LDAP nicht zu realisieren. Triviale Dinge sind mit LDAP schwierig oder gefährlich. LDAP verstößt so ziemlich gegen jeden Grundsatz des relationalen Modells: Nicht 3., nicht 2., ja nicht einmal 1. NF Daten aus dem LDAP sind damit kaum weiterzuverarbeiten\nLDAP ist gefährlich, wenn LDAP führendes oder feedendes System ist. LDAP ist eine Datensackgasse.\nWie kann es sein? Haben die alle in Datenbanken 101 gepennt?\nWarum dann keine relationalen Systeme? Deutschland, 9.00 Uhr:\n150.000 MA loggen sich ein.\nJedes Login ist ein Connect, gefolgt von einem Disconnect.\nJeder Connect erzeugt in Oracle einen fork, einen exec und einen 5 MB schweren Subprozeß, der dann sofort weggeworfen wird.\nLDAP als wire-protocol ist genormt.\nLDAP als query-language ist unbrauchbar, aber sehr rigide genormt.\nLDAP ist auf connect/disconnect optimiert.\nTraditionelle RDBMs sind zu heavyweight.\nIndustriefehlschlag: Kein ausreichend genormtes wire protocol\nODBC: too little, too late Industriefehlschlag: Keine ausreichend leichtwiegigen SQL-Datenbankprodukte.\nAber: MySQL. Warum dann kein MYSQL? MySQL?\nConnect/disconnect problemlos\nread-mostly\nReplikation\nHat volle SQL-Syntax\nSelektion, Projektion, Aggregation, Join, Rename Speichereffizienter als iPlanet oder OpenLDAP\nAls wire protocol nicht genormt\naber: Source liegt offen, GPL bzw. LGPL In kommerziellen Clients nicht unterstützt.\naber mod_auth_mysql, PAM usw Trivial zu implementieren.\nKein IETF-Prozeß.\nMySQL ist in vielen Fällen gegenüber LDAP eine echte Alternative: bessere Performance und Skalierbarkeit.\nLeichter in SQL-Feeder integrierbar wegen kongruenter Datenstrukturen. Open Source. Weniger lächerlicher Ressourcenverbrauch. Und XML? LDAP und XML haben strukturell viel gemeinsam\nRückkehr zu hierarchischen (Datenbank-) Systemen. Liste der Nachteile dieser Systeme in Datenbanken 101 nachlesbar. Keine führende Datenhaltung in hierarchischen Systemen! Wir haben in den Betrieben für viel Geld diesen Unsinn gerade ausgerottet und nun kommt er mit wieder. Mit Macht!\nGenau wie LDAP implementiert auch XML ein schwach getyptes hierarchisches Modell zur Datenspeicherung und eine relational unvollständige Abfragesprache (Xpath, Xquery).\nXML-Speicher müssen genau untersucht werden:\nTransportspeicher sind okay (SOAP, WDDX etc) Lagerspeicher sind gefährlich und müssen relational normalisiert werden. XML generiert als Bonus gewaltige Speicher- und Parser-Overheads.\nKann ein Binärprotokoll verwendet werden? XML und Java gehen gut zusammen:\ngroß, teuer, hip, technisch partiell irrsinnig ","date":"2002-01-31T00:00:00Z","href":"https://blog.koehntopp.info/2002/01/31/ldap-vs-sql.html","tags":["lang_de","talk","publication","internet"],"title":"LDAP vs. SQL"},{"categories":null,"content":"Vortrag auf der Alcatel SEL Stiftungskonferenz, Mai 2001\nFiltersysteme, Regionalcodes, Dongles \u0026amp; Co. Intellectual Property Rights in unserer Kultur Kulturelle Synchronisation Tendenzen und Visionen Zusammenfassung Intellectual Property Rights Disclaimer: IANAL! Sicht eines Informatikers auf IP Urheberrechte Markenrechte Patentrechte → Wahrscheinlich nicht vollständige Liste (aber die, die einem täglichen Leben und in Kursen begegnet)\nUrheberrechte in Massen während der Ausbildung Allgemeinbildung, Fachausbildung bei der Arbeit Nachschlagewerke, Datenbanken, akademische Kommunikation, Zeitschriften, Handbücher Werke von Kollegen und Partnern in der Freizeit Musik, Film, Bücher, Aufführungen\u0026hellip; in Bibliotheken und Medienzentren → Wieso \u0026ldquo;kommende\u0026rdquo; Informationsgesellschaft\nandere IP-Rechte Markenrecht Domainnamen-Recht ist Markenrecht plötzlich bis weit in den privaten Bereich hinein wirksam Abmahnwahn Patente jetzt auch zunehmend in der Softwareentwicklung und in der Betriebswirtschaft Softwarepatente Business Method Patente nicht jedoch in der Juristerei und Legislative keine patentierten Verteidigungen keine patentierte Gesetzgebung IP und Kultur \u0026ldquo;Standing on the shoulders of giants\u0026rdquo;\nJede Innovation und jede Kreativität macht zu einem wesentlichen Teil Gebrauch von kulturellen Vorleistungen → Was sind das für Vorleistungen?\nKulturelle Vorleistungen \u0026ldquo;Darmokros\u0026rdquo; (Implizite Kulturelle Vorleistungen) gemeinsame kulturelle Basis macht Austausch überhaupt erst möglich Zugehörigkeit zu einer Kultur und einer Reihe von Subkulturen gemeinsame Kulturtechniken gemeinsamer Geschichten- und Geschichtsvorrat \u0026ldquo;Zitate\u0026rdquo; (Explizite Kulturelle Vorleistungen) Zitate Samples Icons, Symbole Referenzen Plagiate und Parodien, Verfremdungen Kulturelle Synchronisation \u0026ldquo;Mempropagation\u0026rdquo; in großem und in kleinem Maßstab \u0026ldquo;Öffentlichkeit\u0026rdquo; (\u0026ldquo;Bild\u0026rdquo;, \u0026ldquo;heute\u0026rdquo;) gemeinsames Erleben (\u0026ldquo;Titanic\u0026rdquo;, \u0026ldquo;Big Brother\u0026rdquo;) durch Kopie durch Leihe durch Referenz und Empfehlung Dieser Austausch ist erwünscht (und geschützt?!?) Urheberrecht → fair use, time \u0026amp; space shift, personal copies Patentrecht → use in R\u0026amp;D, Science Tendenz Diese Nutzungsarten werden durch Formalisierung und technische Sicherungen unzugänglich gemacht Warum dieser Trend? Publishing Pipeline und Kopiequalität Länge 2, Länge \u0026lt; 2? \u0026ldquo;Kommunikations-Infrastruktur\u0026rdquo;: Obwohl mehr Leute als je zuvor am Zustandekommen einer einzelnen Kommunikation beteiligt sind, ist die einzelne Kommunikation immer individueller geworden. \u0026ldquo;Mediatorfreie Kommunikation\u0026rdquo; Jugendschutz, Urheberrechtsschutz, Steuererhebung, Innere Sicherheit \u0026ldquo;überregionale Gruppenbildung\u0026rdquo; Reaktionen auf diese Tendenz Ansatz am Sender/Empfänger Unerwünschte und illegale Aktionen erschweren oder unmöglich machen. Mediatorfreie Kommunikation verbieten Filter, automatisierte Kommunikationskontrolle Kommunikation verteuern \u0026ldquo;Sendesteuer\u0026rdquo;, \u0026ldquo;Senderregistrierung\u0026rdquo; → zugleich starke Monopolbildner natürliche Kartelle Lock-In Technische Mechanismen Identifikationsmechanismen Content-Identifikation (\u0026ldquo;Filetyping\u0026rdquo;, \u0026ldquo;Watermarking\u0026rdquo;) Maschinen-Identifikation (\u0026ldquo;Dongles\u0026rdquo;, CPU-IDs, UUIDs) Benutzeridentifikation (digitale Signatur, Biometrie) operationelle Kontrollmechanismen trusted system (signed drivers, code validation) use restrictions DVD: Region Code, Operator Controls, Macrovision PDF: Operationsliste (\u0026ldquo;cut\u0026amp;paste\u0026rdquo;, \u0026ldquo;print\u0026rdquo;, \u0026ldquo;search\u0026rdquo;) Secure Audio Path: analog out, digital out CPRM: Handling by trusted applications only, copy control Szenario Windows XP mit Office XP und Media Player time limited, node locked license signed drivers über Windows Update keine Updates für kompromittierte Lizenzen Benutzer erstellt eigenes IP in proprietärem Format, kommt an dieses IP nur heran, wenn er ein funktionierendes System hat Benutzer kauft fremdes IP, kommt an dieses IP nur heran, wenn er ein funktionierendes, nicht kompromittiertes System hat mit CPRM auch nur mit bestimmten, trusted applications → perfektes Lock-In Szenario Szenario II Windows XP mit Office XP und Media Player Hardwarehersteller will Treiber für Windows veröffentlichen, damit seine Hardware an Windows läuft Treiber ist nur problemfrei installierbar, wenn er durch den OS Hersteller signiert ist. noch hypothetisch, aber im Spielkonsolenmarkt üblich: Softwarehersteller zahlen für das Recht, für eine Konsole (ein Betriebssystem) entwickeln zu können. Auch in Windows denkbar (CPRM und Display Encryption): trusted applications brauchen eine Signatur durch den OS-Hersteller → Lock-In auch auf der Herstellerseite Szenario III Windows XP mit Office XP und Media Player Content-Hersteller will Content in WMP-Formaten anbieten. Content muß digital signiert sein, damit er geschützt ist. Schlüssel werden durch den OS Hersteller signiert. → Lock-In auch für Content-Anbieter\nSzenario IV Windows XP mit .NET Internet-Dienstanbieter möchte Content über das Internet verteilen: Content muß sich in das Windows DRM einfügen. Dazu muß der Inhalt die richtigen Signaturen tragen. Wie zuvor. Dazu muß der Käufer identifiziert werden. MS Passport → Lock-In für Shophersteller → Kein anonymer Netzzugriff mehr möglich Biometrie zufügen und auch die Jugendschützer sind zufrieden Zusammenfassung Die Bausteine für sicheres DRM sind da. Wollen wir die wirklich haben? Wo ist in diesem Modell Platz für herkömmliche Distributoren? Autoren, Musiker, Werkschaffende? Open Source? Privacy? \u0026ldquo;intellektuellen Wohlstand und Bestand\u0026rdquo;? ","date":"2001-05-01T00:00:00Z","href":"https://blog.koehntopp.info/2001/05/01/filtersysteme-dongles-und-co.html","tags":["lang_de","talk","publication","internet"],"title":"Filtersysteme, Dongles und Co."},{"categories":null,"content":" CVS - Was ist das? Concurrent Versioning System\nSystem zur Versionsverwaltung von Dateien Arbeitet auf Dateibäumen, nicht auf einzelnen Dateien Arbeitet ohne Locking Netzwerkfähig freie Software CVS wird für alle wichtigen Open Source Projekte eingesetzt\nAusnahme Linux-Kernel Das ist ein Problem. Grund: Wahrscheinlich Interessenkonflikte Larry McVoy, Bitkeeper (Bitmover.com) Offiziell: Kernel ist zu groß für CVS Gegenbeweis: KDE, GNOME, Star Office CVS - Begriffe Repository Referenzkopie eines Quelltextes auf dem zentralen Server. Workspace Ausgecheckte Arbeitsversion eines Repositories. Diff Änderungsanweisungen, um eine Datei von Version x auf Version x+n zu bringen Patch Einarbeiten dieser Änderungen Commit Diff eines Workspace gegen das Repository, der ins Repository gepatched wird. Update Diff eines Repository gegen eine ältere Repository-Version, der in den Workspace eingearbeitet wird. Merge Einspielen eines Updates in eine geänderte Workspace-Version ohne Konflikt. Konflikt Einspielen eines Updates in eine geänderte Workspace-Version, wobei die Änderungen widersprüchlich sind. Revision Versionsnummer an einer Datei (für jede Datei individuell) Tag Gemeinsamer Name für gleichalte Dateien unterschiedlicher Revision. Logmessage Nachricht, die mit einem Commit mitgesendet wird. Diff und Patch CVS weiß, welche Version im zentralen Repository aktuell ist.\nCVS weiß, welche Version in den Workspace geladen wurde.\nCVS erstellt ein Diff zwischen Workspace-Version und Repository-Version.\nCVS patched den Workspace mit diesem Diff.\nDer Workspace-Patch gelingt\nfür alle Dateien, die im Workspace nicht bearbeitet wurden. für bearbeitete Dateien, wenn die bearbeiteten Bereiche sich nicht mit dem Patch überlappen. Konflikte werden markiert und beide Versionen zusammen präsentiert.\nKonflikte muss der zweite Developer manuell lösen, bevor er comitten kann. CVS - Wie funktioniert es? Jan checkt eine Kopie von modlogan (main.c, 1.4; parse.c, 1.2) aus.\nJan sieht fern.\nKristian checkt eine Version von modlogan (main.c, 1.4) aus.\nKristian bastelt an modlogan (main.c, 1.5; parse.c, 1.3) rum.\nJan bastelt an modlogan (main.c, 1.4) rum.\nJan will comitten, geht nicht.\nJan updated.\nPatch parse.c, 1.2 -\u0026gt; 1.3 Patch main.c, 1.4 -\u0026gt; 1.5? Jan comitted.\nEveryday CVS Initales Checkout $ cd ~/Source $ export CVSROOT=:pserver:user@host:/repository $ cvs -d $CVSROOT login Password: $ cvs -z9 -d $CVSROOT co Modul $ cd Modul Update $ cd Modul $ cvs -z9 update -dAP Commit $ cvs -z9 update -dAP $ cvs commit Diff $ cvs diff -u Status $ cvs status -v Annotation $ cvs annotate \u0026lt;datei\u0026gt; | less CVS - Paßworte und Optionen Paßworte werden in der Datei .cvspass abgelegt Verschlüsselung nur schwach kk@wwwx ~ $ cat .cvspass :pserver:kk@cvs.php.net:/repository Ah\u0026amp;#060Z :pserver:kk@ca.php.net:/repository Ah\u0026amp;#060Z :pserver:kk@wwwx.netuse.de:/repository A\u0026amp;#060hZ Optionen werden in der Datei .cvsrc abgelegt. kk@wwwx ~ $ cat .cvsrc cvs -q -z9 update -dAP diff -u status -v Globale Optionen nach dem CVS-Kommando .cvsrc-Schlüsselwort \u0026ldquo;cvs\u0026rdquo; Subcommand-Optionen nach dem Subcommand, vor den Dateinamen .cvsrc-Schlüsselwort ist der Subcommand-Name CVS - Repository anlegen Anlegen: $ export CVSROOT=~/CVS $ cvs init Erzeugt ~/CVS/CVSROOT.\nDarin jede Menge Default-Dateien. So (lokal) wird auch ein pserver-Repository angelegt.\nDanach Eintrag in /etc/inetd.conf. SIGHUP! /etc/inetd.conf:\ncvspserver stream tcp nowait cvs/opt/bin/cvs /opt/bin/cvs --allow-root=/repository pserver --allow-root=/repository\nAngabe des lokal angelegten Repository pserver\nSubcommand für Servermodus. Kann auch mit tcp-Wrapper betrieben werden.\nCVS - User zu Repository zufügen CVSROOT/config\nSystemAuth=\u0026quot;no\u0026quot; Unix-Paßwortdatei wird nicht beachtet. passwd Drei Spalten User Paßwort Unix-User-Mapping 3readers Ein Username pro Zeile Listet User ohne Commitrecht.\tZufügen:\nhtpasswd ./passwd user echo \u0026ldquo;:cvs\u0026rdquo; \u0026raquo; passwd CVS - Neues Projekt anlegen Source muss in einem Verzeichnisbaum vorliegen.\nSource darf keine Verzeichnisse \u0026ldquo;CVS\u0026rdquo; enthalten.\nModul importieren:\nIns Modulverzeichnis wechseln. cvs import -m \u0026quot;Neu\u0026quot; modul user start Danach Modulverzeichnis löschen (wegmoven!). Danach checkout. cvs -d $CVSROOT co modul CVS - Aktualisieren und Commit Aktualisieren des CVS:\ncvs update cvs -q update -dAP Am günstigsten automatisch per Cronjob.\nCommit immer manuell\nund immer mit Logmessage. CVS - Keywords Dateien können Keywords enthalten. Diese werden in $ $ eingeschlossen. Keywords werden beim update und checkout durch Werte substituiert. Keywords: Id, Log Author, Date, Header, Name, Revision, Source, State Keyword-Expansion kann abgeschaltet werden Wichtig für Binäre Dateien cvs add -ko bla.c cvs admin -kb bla.gif CVS - Was haben die anderen getan? Änderungen der anderen als Diff:\ncvs diff -u Auch für einzelne Dateien Status des eigenen Workspace\ncvs status cvs status -v Detailhistorie einer Datei:\ncvs annotate \u0026lt;datei\u0026gt; Beispiel:\ncvs annotate main.c\nCVS - Dateien zufügen und lôschen Dateien zufühen mit add\ncvs add datei.c Daeien entfernen mit remove:\nErst Datei löschen. Dann cvs remove datei.c Änderungen werden erst nach einem Commit wirksam.\nVerzeichnisse zufügen\nmkdir neu cvs add neu touch neu/a.c cvs add neu/a.c Verzeichnisse entfernen\nVerzeichnisse können nicht entfernt werden? Warum? (Nachdenken) CVS - Releases erzeugen und holen Alle Dateien eines Worksapce können einen gemeinsamen symbolischen Namen bekommen cvs tag NAME Tagged Names können beim Update verwendet werden. cvs udpate -r NAME Das wird \u0026ldquo;sticky\u0026rdquo; Neue Versionen werden nicht mehr automatisch geladen. Zuordnen von Versionen und Tagged Names: cvs status -v Statt Tags können auch Datumsangaben verwendet werden. cvs update -D Datum ","date":"2000-12-15T00:00:00Z","href":"https://blog.koehntopp.info/2000/12/15/cvs.html","tags":["lang_de","talk","publication"],"title":"CVS - Was ist das?"},{"categories":null,"content":" Cisco IP Phone XML Dokumentation bei Cisco\nAls HTML: http://www.cisco.com/en/US/products/sw/voicesw/ps556/ Auch als PDF: http://www.cisco.com/univercd/cc/td/doc/product/voice/sw_ap_to/devguide/phsvcdev.pdf Definiert nur sehr wenige Tags Ruft bei Druck der Service-Taste eine vordefinierte Seite auf Diese Seite bekommt keine Parameter Das ist doof! Diese Seite ist im Normalfall ein Menü Tagliste Definierte Elemente:\nCiscoIPPhoneMenu CiscoIPPhoneText CiscoIPPhoneInput CiscoIPPhoneDirectory CiscoIPPhoneImage CiscoIPPhoneGraphicMenu Ist das gutes XML Design?\nUpcase? CiscoIPPhone Prefix statt Namespace? Wahrscheinlich keine vollständige XML-Implementierung Dafür ist das Phone viel zu klein Häufig, daher Standard nur begrenzt von Wert Das entwertet jedoch auch XML Designtools CiscoIPPhoneMenu \u0026lt;CiscoIPPhoneMenu\u0026gt; \u0026lt;Title\u0026gt;Blafasel\u0026lt;/Title\u0026gt; \u0026lt;Prompt\u0026gt;Machwas\u0026lt;/Prompt\u0026gt; \u0026lt;MenuItem\u0026gt; \u0026lt;Name\u0026gt;Profit\u0026lt;/Name\u0026gt; \u0026lt;URL\u0026gt;http://boss/.\u0026lt;/URL\u0026gt; \u0026lt;/MenuItem\u0026gt; \u0026lt;/CiscoIPPhoneMenu\u0026gt; Elementliste war natürlich nicht abschließend: CicsoIPPhoneMenu enthält Title Prompt MenuItem Name URL Beachte:\nCase Sensitivity Kein DEBUG! CiscoIPPhoneText \u0026lt;CiscoIPPhoneText\u0026gt; \u0026lt;Title\u0026gt;Blafasel\u0026lt;/Title\u0026gt; \u0026lt;Text\u0026gt;Lall\u0026lt;/Text\u0026gt; \u0026lt;Prompt\u0026gt;Machwas\u0026lt;/Prompt\u0026gt; \u0026lt;/CiscoIPPhoneText\u0026gt; CiscoIPPhoneText enthält\nTitle Text Prompt Beachte:\nKeine Layoutmöglichkeiten Nicht auf Umbruch verlassen Unterschiedliche Modelle CiscoIPPhoneInput \u0026lt;CiscoIPPhoneInput\u0026gt; \u0026lt;Title\u0026gt;Blafasel\u0026lt;/Title\u0026gt; \u0026lt;Text\u0026gt;Lall\u0026lt;/Text\u0026gt; \u0026lt;Prompt\u0026gt;Machwas\u0026lt;/Prompt\u0026gt; \u0026lt;URL\u0026gt;http://...\u0026lt;/URL\u0026gt; \u0026lt;InputItem\u0026gt; \u0026lt;DisplayName\u0026gt;Name:\u0026lt;/DisplayName\u0026gt; \u0026lt;QueryStringParam\u0026gt;name\u0026lt;/QueryStringParam\u0026gt; \u0026lt;InputFlags/\u0026gt; \u0026lt;DefaultValue\u0026gt;Köhntopp\u0026lt;/DefaultValue\u0026gt; \u0026lt;/InputItem\u0026gt; \u0026lt;/CiscoIPPhoneInput\u0026gt; CiscoIPPhoneInput enthält\nTitle Prompt URL InputItem DisplayName QueryStringParam InputFlags DefaultValue Das wird dann ein GET Kein POST Support CiscoIPPhoneInput Flags Flags:\nA: Ascii Feld T: Telefonnummer, mit * und # N: Numeric E: Equation (ja, wozu auch immer) U: Uppercase Text L: Lowercase Text P: Password (Steht dann im access.log) P „works as a modifer“ (as in AP) CiscoIPPhoneDirectory \u0026lt;CiscoIPPhoneDirectory\u0026gt; \u0026lt;Title\u0026gt;Ruf Mich An!\u0026lt;/Title\u0026gt; \u0026lt;Prompt\u0026gt;*peitsch*\u0026lt;/Prompt\u0026gt; \u0026lt;DirectoryEntry\u0026gt; \u0026lt;Name\u0026gt;For a good time, call...\u0026lt;/Name\u0026gt; \u0026lt;Telephone\u0026gt;0-0190-441777\u0026lt;/Telephone\u0026gt; \u0026lt;/DirectoryEntry\u0026gt; \u0026lt;/CiscoIPPhoneDirectory\u0026gt; CiscoIPPhoneDirectory\nTitle Prompt DirectoryEntry Name Telephone CiscoIPPhoneDirectory II URL Directories Parameter\nKann im Phone gesetzt werden. Zeigt auf ein XML Objekt vom Typ CiscoIPPhoneMenu Erweitert das Menü Directories sonst nur local services Dieses Menü kann enthalten: CiscoIPPhoneInput CiscoIPPhoneText CiscoIPPhoneDirectory (Pflicht) Sinnloserweise nur in dieser Reihenfolge CiscoIPPhoneImage CiscoIPPhoneImage\nTitle\nLocationX -1 center\nLocationY -1 center\nWidth\nHeight\nDepth\nData\nPrompt\n133x64 Pixel, 2 bit Greyscale Settings („3“ black, „0“ white)\nJa, das Format ist geräteabhängig Nein, Cisco hat sich keine Gedanken über Mischbestückung gemacht UserAgent-Hacks? (0,0) is UL-corner\nCiscoIPPhoneImage II \u0026ldquo;generiere 4 Pixel: dunkel, schwarz, hell, weiss\u0026rdquo; -\u0026gt; 1 3 2 0\nals Bits: 01 11 10 00\nals Byte: 00 10 11 01\nals Value: 2D\nBild muß ein Vielfaches von 4 Pixeln pro Zeile haben\nwird dann zu:\n\u0026lt;CiscoIPPhoneImage\u0026gt; \u0026lt;Title/\u0026gt; \u0026lt;LocationX\u0026gt;-1\u0026lt;/LocationX\u0026gt; \u0026lt;LocationY\u0026gt;-1\u0026lt;/LocationY\u0026gt; \u0026lt;Width\u0026gt;4\u0026lt;/Width\u0026gt; \u0026lt;Height\u0026gt;1\u0026lt;/Height\u0026gt; \u0026lt;Depth\u0026gt;2\u0026lt;/Depth\u0026gt; \u0026lt;Data\u0026gt;2D\u0026lt;/Data\u0026gt; \u0026lt;Prompt/\u0026gt; \u0026lt;/CiscoIPPhoneImage\u0026gt; CiscoIPPhoneGraphicMenu CiscoIPPhoneGraphicMenu\nTitle\nLocationX\nLocationY\nWidth\nHeight\nDepth\nData\nPrompt\nMenuItem\nName, URL Das ist nur für wunderliche Sprachen sinnvoll.\nHTTP Parameter Refresh Time (Seconds) URL (optional) Content-Type Cisco dokumentiert ContentType !!! Expires Expired pages will not be added to the URL stack of the phone ","date":"2000-11-03T00:00:00Z","href":"https://blog.koehntopp.info/2000/11/03/xml-cisco.html","tags":["lang_de","talk","publication"],"title":"Cisco IP Phone XML"},{"categories":null,"content":" XML Normensalat XML ist ein sehr unübersichtliches Thema, bestehtend aus einem Strauß von ca. 10 Normen. Einige dieser Normen sind zueinander inkompatibel. Vieles ist noch experimentell, oder noch nicht verabschiedet. Was schon da ist und funktioniert ist jedoch sehr interessant.\nWir kennen die Normen:\nHTML 4.0 -\u0026gt; XHTML 1.0\nXML, XML DTD, Namespaces, DOM, SAX, CSS, Xlink, XPath, XQuery, XML Schema und XSLT\nDas Versprechen: Vereinfachung, Flexibilität und Datenbankintegration.\nWarum XML? XML als Standard erscheint 1996 als eine Markup-Variante von SGML, aber regulärer und einfacher zu parsen. Das Ziel der Norm ist ein vereinheitlichtes Datentauschformat für die Industrie mit den Eigenschaften \u0026ldquo;Self-Describing\u0026rdquo; und \u0026ldquo;lang, aber gut komprimierbar\u0026rdquo;, Ablösung von \u0026ldquo;EDIFACT\u0026rdquo;.\nFür den Entwickler ist das Versprechen Vereinfachung durch normierte Parser und einfache Varidierung durch normierte Datenschemata. API-Normen sind SAX (streaming Parser) und DOM.\nSGML, XML, HTML HTML ist eine SGML, mit einem vorgeschriebenen festen Tag-Vokabular, für die spezielle Anwendung \u0026ldquo;Display von Seiten\u0026rdquo;.\nSGML als Metanorm erlaubt aber die Definition von beliebigen Seitenbeschreibungssprachen. SGML selbst ist eine weitgehend unbekannte IBM-Technologie aus den 70er Jahren, und das merkt man an vielen Stellen. Ohne eine DTD (ein Sprachschema) ist eine SGML nicht parsebar, cf HTML (\u0026ldquo;IMG\u0026rdquo;-Element muss nicht geschlossen werden, andere schon).\nDie DTD für XML definiert eine Sprache, die wohlgeformt ist (Klammerbaum ohne frei stehende Tag, ohne Boolean-Attribute, mit ein paar Vereinfachungen für Srings und Klammern) Wegen der Regelmäßigkeit ist XML ohne DTD parsebar, auch wenn man die Bedeutung der Elemente nicht kennt. Durch die optionale DTD wird XML validierbar.\nNormenumfeld HTML 4 (strict) und CSS 2 sind eine Erweiterung und Bereinigung von HTML 3.2.\nXML und XML DTD sind eine Art Markup-Sprache mit frei definierbaren Tags, also alleine erst mal sinnlos.\nXHTML ist eine Schreibweise von HTML nach den Regeln von XML.\nSAX und DOM sind zwei genormte Parser-APIs, für jede dieser APIs kann es viele unterschiedliche Parser geben.\nNamespaces definieren Verfahren zum Mischen zweier XML-DTDs, Ziel ist die Vermeidung von Namenskollisionen.\nMit XSLT kann man eine Transformation von einem XML zu einem anderen XML spezifizieren, etwa ein Business-XML in XHTML. Ich habe das im Rahmen der dclp FAQ genutzt, um eine FAQ in XML zu schreiben und als HTML-Dokument zu rendern.\nNormenumfeld II Im Business-Umfeld müssen oft Datenaustauschformate spezifiziert werden. Dazu ist ein Schema notwendig. XML DTD ist dazu oft zu sperrig und definiert auch keine Datentypen, die für Programmiersprachen nutzbringend werden. XML Schema schafft Abhilfe.\nZum Ausschneiden und Adressieren von Dingen in XML-Dokumenten XQuery, XPath und XPointer.\nAnwendungen von XML finden wir in\nPICS: Jugendschutz Labels RDF: Allgemeine Objektbeziehungen P3P: Automatischer Vertragsschluß, hier: Privacy Statements XML RPC\u0026lt; SOAP: RPC über HTTP XML Syntax I: Tags XML ist\ncase sensitive verwendet als Zeichensatz überall Unicode erlaubt verkürzte Schreibweise leerer Elemente: \u0026lt;bla\u0026gt;\u0026lt;/bla\u0026gt; wird zu \u0026lt;bla/\u0026gt;. verlangt saubere Klammergebirge: \u0026lt;b\u0026gt;\u0026lt;i\u0026gt;bla\u0026lt;/i\u0026gt;\u0026lt;/b\u0026gt;. Die Tags mit der Sequenz \u0026lt;xml*\u0026gt;\u0026lt;/xml*\u0026gt; sind reserviert. XML Syntax II: Attributes, Entities Tags könnnen Attribute haben. Die sind ebenfalls Case Sensitive, einmalig pro Tag, und müssen zwingend Werte in Anführungszeichen haben (einfache oder doppelte). Leere Attribute werden durch Wiederholung des Namens als String geschrieben.\nZeichendaten werden geparsed, das führt zu Entities. Zwingend sind \u0026amp;lt; und \u0026amp;amp;, auch \u0026amp;gt;, \u0026amp;apos; und \u0026amp;quot;. Beliebige Zeichen sind per Zeichencode definierbar.\nDie DTD kann weitere Entities vordefinieren. Diese können auch externe Files referenzieren. Dadurch bekommmt man einen Include-Mechanismus.\nOder Literale mit CDATA: \u0026lt;[CDATA[\u0026lt;\u0026amp;\u0026gt;'\u0026quot;]]\u0026gt;\nXML Syntax III: Whitespace, Language Whitespace (Tab, LF, CR und Space) ist normalerweise ohne Bedeutung. In besonderen Fällen ist jedoch mehr Kontrolle notwendig. Das Spezialattribut xml:space kann default oder preserve angeben und wirkt auf den Text im Element.\n\u0026lt;beispiel xml:space=\u0026#34;preserve\u0026#34;\u0026gt; Besonders kompliziert. \u0026lt;/beispiel\u0026gt; Weiterhin definiert das Attribut xml:lang die Sprache eines Elementes. Zugelassen sind ISO 639 LC, IETF RFC 1766 LC, ISO 3316 CC, ISO 639 LC-CC, I-, X-\n\u0026lt;beispiel xml:lang=\u0026#34;x-klingon\u0026#34;/\u0026gt; XML Syntax IV: PIs, Comments Dannn gibt es noch Processing Instructions (vgl. PHP) und Kommentare.\n\u0026lt;?xml version=\u0026#34;1.0\u0026#34; ?\u0026gt; \u0026lt;?xml-stylesheet ?\u0026gt; \u0026lt;?php echo \u0026#34;Keks\u0026#34;; ?\u0026gt; \u0026lt;!-- Kommentar --\u0026gt; Kommentare können kein -- enthalten, und kein trailing -, können nicht geschachtelt werden und nicht in Attributen oder Tags stehen.\nEin Beispiel \u0026lt;?xml version=\u0026#34;1.0\u0026#34; encoding=\u0026#34;iso-8859-15\u0026#34; standalone=\u0026#34;no\u0026#34; ?\u0026gt; \u0026lt;books\u0026gt; \u0026lt;!-- ein gutes XSLT Buch --\u0026gt; \u0026lt;book\u0026gt; \u0026lt;author\u0026gt;Michael Kay\u0026lt;/author\u0026gt; \u0026lt;title\u0026gt;XSLT\u0026lt;/title\u0026gt; \u0026lt;isbn\u0026gt;1-861003-12-9\u0026lt;/isbn\u0026gt; \u0026lt;publisher\u0026gt;WROX\u0026lt;/publisher\u0026gt; \u0026lt;categories\u0026gt; \u0026lt;category\u0026gt;Internet\u0026lt;/category\u0026gt; \u0026lt;category\u0026gt;Webpublishing\u0026lt;/category\u0026gt; \u0026lt;category\u0026gt;XML\u0026lt;/category\u0026gt; \u0026lt;/categories\u0026gt; \u0026lt;/book\u0026gt; \u0026lt;/books\u0026gt; \u0026lt;!-- Epilog ist nicht empfohlen --\u0026gt; Die PI deklariert XML-Version, und bestimmt so das Kompatibilitätsverhalten des Parsers und deklariert den Zeichensatz (damit wir Umlaute verwenden dürfen).\nDie Form ist klassisch: Pluralisierter Name der Elemente zeigt einen Container an. \u0026lt;books/\u0026gt; kann Dinge vom Typ \u0026lt;book/\u0026gt; enthalten. Die Eigenschaften eines Buches werden hier als Elemente definiert. Sie könnten auch Attribute sein (nicht für \u0026lt;categories/\u0026gt;, denn Attribute dürfen sich nicht wiederholen).\nDocument Type Declarations DTDs bestimmen, welche Elemente im Dokument vorkommen dürfen, wie sie geschachtelt werden und wie sie wiederholt werden können. Genauso werden Attribute Elementen zugeordnet, mit Defaults und erlaubten Werten versehen.\nIn jedem Fall ist XML auch ohne DTD syntaktisch korrekt, wenn es korrekt geschachtelt ist.\nDTDs am Beispiel: Entities, Elemente DTDs werden aus Entities zusammengesetzt, diese werden literal hin geschreben, oder aus Daten gelesen oder kommen sonstwo her. Es gibt ein paar Konstrukte, die an die Bausteine und Notation von EBNF erinnern.\n\u0026lt;!ENTITY copyright \u0026#34;(C) 2000 NetUSE AG\u0026#34;\u0026gt; \u0026lt;!ENTITY chap1 SYSTEM \u0026#34;file:/home/kk/chap1.xml\u0026#34;\u0026gt; \u0026lt;!ENTITY % content \u0026#34;(#PCDATA)*\u0026#34;\u0026gt; \u0026lt;!ELEMENT chapter (question*)\u0026gt; \u0026lt;!ATTLIST chapter title CDATA #REQUIRED shortname ID #REQUIRED\u0026gt; \u0026lt;!ELEMENT question (keyword*, answer*)\u0026gt; \u0026lt;!ATTLIST question author NMTOKEN #REQUIRED ord NMTOKEN #REQUIRED title CDATA #REQUIRED\u0026gt; \u0026lt;!ELEMENT keyword %content;\u0026gt; \u0026lt;!ATTLIST keyword\u0026gt; \u0026lt;!ELEMENT answer %content;\u0026gt; \u0026lt;!ATTLIST answer ord NMTOKEN #REQUIRED author NMTOKEN #REQUIRED title CDATA #IMPLIED\u0026gt; DTDs am Beispiel: Attribute Genau so definiert die DTD auch Attribute.\n\u0026lt;!ENTITY copyright \u0026#34;(C) 2000 NetUSE AG\u0026#34;\u0026gt; \u0026lt;!ENTITY chap1 SYSTEM \u0026#34;file:/home/kk/chap1.xml\u0026#34;\u0026gt; \u0026lt;!ENTITY % content \u0026#34;(#PCDATA)*\u0026#34;\u0026gt; \u0026lt;!ELEMENT chapter (question*)\u0026gt; \u0026lt;!ATTLIST chapter title CDATA #REQUIRED shortname ID #REQUIRED\u0026gt; \u0026lt;!ELEMENT question (keyword*, answer*)\u0026gt; \u0026lt;!ATTLIST question author NMTOKEN #REQUIRED ord NMTOKEN #REQUIRED title CDATA #REQUIRED\u0026gt; \u0026lt;!ELEMENT keyword %content;\u0026gt; \u0026lt;!ATTLIST keyword\u0026gt; \u0026lt;!ELEMENT answer %content;\u0026gt; \u0026lt;!ATTLIST answer ord NMTOKEN #REQUIRED author NMTOKEN #REQUIRED title CDATA #IMPLIED\u0026gt; Datenmodellierung mit XML: Entities und Attribute Will man XML verwenden, um ein Datentauschformat zwischen Geschäften zu definieren, muß man meist Daten modellieren. Diese Modelle liegen oft als ER-Modell vor. Die Constraints in DTDs sind aber zu schwach, um das zu leisten, was an Constraints in ER-Modellen verwendet wird.\nDazu kommt, daß XML mehrere verschiedene Wege bietet, um Dinge zu modellieren:\nAls Elementhierarchie Mit Attributen Elementhierarchien erlauben komplexe Strukturen, freie Reihenfolgen, sind schachelbar, aber sie sind auch kompliziert anzusprechen und brauchen viel Platz.\nAttribute erlauben Wertlisten, und Defaults, erlauben mit ID und IDREF Queryverweise.\nDatenmodellierung mit XML: Attributwerte Einheiten codieren\n\u0026lt;buch dicke=\u0026quot;987 seiten\u0026quot;/\u0026gt; vs. \u0026lt;buch dicke=\u0026quot;987\u0026quot; einheit=\u0026quot;seiten\u0026quot;/\u0026gt; Schalter codieren\n\u0026lt;img border=\u0026quot;yes\u0026quot;/\u0026gt;, discouraged für SGML Kompatibilität \u0026lt;img border=\u0026quot;border\u0026quot;/\u0026gt;, Umständlich Datums- und Zeitangaben\n\u0026lt;book published=\u0026quot;2000-11-03\u0026quot;/\u0026gt;, ISO-8601 empfohlen Binäre Daten\nNOTATION ist unflexibel, BASE64 empfohlen, XLink wird es richten. Saubere Umsetzung von ER-Modellen in XML Schemata ist derzeit nicht möglich. Der XML Schema Standard wird DTDs ersetzen und vieles einfacher machen. DTDs und Namespaces funktionieren auch nicht!\nDocument Object Model: XML Bäume \u0026lt;book\u0026gt; \u0026lt;author\u0026gt;Michael Kay\u0026lt;/author\u0026gt; \u0026lt;title\u0026gt;XSLT\u0026lt;/title\u0026gt; \u0026lt;preis währung=\u0026#34;usd\u0026#34;\u0026gt; 34.99 \u0026lt;/preis\u0026gt; \u0026lt;/book\u0026gt; Dokument als DOM-API Baum repräsentiert\nAPI erlaubt Suchen, Erzeugen, Löschen von Knoten SAX-API repräsentiert das Dokument nicht, sondern liefert Parse-Events\nStreaming XML Namespaces (Erläuterung) Beim Mischen zweiter DTDs in einem Dokument kann es zu Namenskollisionen kommen, doppelte Elementnamen, Attribute sollen global verwendbar sein. Die Idee, jedes Element mit der URL seiner DTD zu prefixen ist zu umständlich. Feste Namen gehen auch nicht, da dann auch wieder Kollisionen möglich sind.\nXML Namespaces (Deklaration) Daher deklariert man Namespaces, indem man für die URL der DTD einen lokalen Kurznamen definiert und den dann als Prefix verwendet. Dies geschieht mit xmlns:kurzname=URL.\n\u0026lt;xsl:stylesheet xmlns:xsl=\u0026#34;http://www.w3.org/1999/XSL/Transform\u0026#34; version=\u0026#34;1.0\u0026#34;\u0026gt; \u0026lt;xsl:include href=\u0026#34;date.xsl\u0026#34;/\u0026gt; \u0026lt;xsl:template match=\u0026#34;date\u0026#34;\u0026gt; \u0026lt;date\u0026gt; \u0026lt;xsl:value-of select=\u0026#34;$date\u0026#34;/\u0026gt; \u0026lt;/date\u0026gt; \u0026lt;/xsl:template\u0026gt; \u0026lt;/xsl:stylesheet\u0026gt; Schon das stylesheet-Element selbst kann das Prefix xsl verwenden. Innerhalb des Elementes kann das Prefix xsl ebenfalls verwendet werden.\nXSLT XML-Quelldokument und XSLT-Stylesheet werden als Baum dargestellt. Die Transformationsregeln des Stylesheet matchen dann ähnlich AWK auf Elemente vom Quellbaum, und generieren den Resultatbaum. Am Ende wird der Resultatbaum ausgegeben.\n\u0026lt;xsl:template match=\u0026#34;book\u0026#34;\u0026gt; \u0026lt;h1\u0026gt;\u0026lt;xsl:value-of select=\u0026#34;.\u0026#34;/\u0026gt;\u0026lt;/h1\u0026gt; \u0026lt;/xsl:template\u0026gt; Baumwurzel:\n\u0026lt;xsl:template match=\u0026#34;/\u0026#34;\u0026gt; \u0026lt;html\u0026gt; \u0026lt;head\u0026gt;\u0026lt;title\u0026gt;Bla\u0026lt;/title\u0026gt;\u0026lt;/head\u0026gt; \u0026lt;body\u0026gt;\u0026lt;xsl:apply-templates/\u0026gt;\u0026lt;/body\u0026gt; \u0026lt;/html\u0026gt; \u0026lt;/xsl:template\u0026gt; xsl:stylesheet Element Das xsl:stylesheet Element definiert die Version des Stylesheet, kann spezielle Erweiterungen aktivieren, und kann das Stylesheet benennen.\nIn einem XML-Dokument kann mit dem \u0026lt;?xml-stylesheet ?\u0026gt; dem XML ein Stylesheet zugeordnet werden.\nEmbedded Stylesheet Eine Mischform existiert, sie vermischt aber unangenehm Daten und Format. Nicht empfehlenswert.\nVereinfachte Stylesheets Whitespace Handling XML-Bäume enthalten kein Whitespace. Whitespace in Nodes mit #PCDATA ist signifikant. Zeilenenden werden normalisiert. Nodes mit Whitespace-Only können gelöscht werden. Overrides existieren.\nXPath: Achsen Um Elemente zu finden und zu selektieren, definiert XPath Suchausdrücke. Sie suchen im Dokument entlang von \u0026ldquo;Achsen\u0026rdquo;. Für die wichtigsten Achsen gibt es Kurzschreibweisen.\nEinige XPath Achsen:\nchild: Kinder der aktuellen node (descendant). parent: Elternelement, so vorhanden (ancestor). following/preceding: Der aktuellen node folgende/vorangehende Elemente. attribute/namespace: Attribute/Namespace-nodes des aktuellen Elements. XPath: Mehr über Achsen Achsen:\nancestor, ancestor-or-self attribute child, descendant, descendant-or-self following, following-sibling namespace parent preceding, preceding-sibling self XPath: Node Tests Der etwas seltsam klingende Name \u0026ldquo;Node Test\u0026rdquo; bezieht sich auf einen Ausdruck, der ausgehend vom aktueellen Knoten weitere Elemente auswählt. Das Resultat ist ein Node Set, also kein Baum. XPath ist damit keine Algebra.\nDennoch kann man weitere Prädikate auf den Node Set anwenden und weiter filtern.\nXPath: Kurzschreibweisen Ein Haufen Kurzschreibweisen existieren, damit man XPath-Ausdrücke ohne kilometerlange Achsennamen schreiben kann.\nXPath: Mehr Kurzschreibweisen Es braucht etwas Übung, bis die Syntax von der Hand geht.\nXPath: Core Function Library Dazu kommmt ein sehr begrenzter Satz Funktionen, die man auf Knoten oder Knotenmengen anwenden kann.\nXSLT und XPath XSLT und XPath zusammen können dann verwendet werden, um Daten aus einem Quell-XML Dokument zu extrahieren und in ein Zieldokument einzusetzen.\n","date":"2000-11-03T00:00:00Z","href":"https://blog.koehntopp.info/2000/11/03/xml-grundlagen.html","tags":["lang_de","talk","publication"],"title":"XML Grundlagen"},{"categories":null,"content":" Day 1 I attended PHP Congress Cologne (05-Oct-2000 to 06-Oct-2000) together with Ulf Wendel and Jan Kneschke. We arrived in Cologne the evening before without incident, hit our hotel sometime in the evening and immediately departed for the #php.de (IrcNet) channel party organized by subj . As usual, there was no proper beer to be had in Cologne (the local brew is based on dishwater), but the Apfelpfannkuchen was nice. So were the people, most of which I was able to meet in person for the first time. People, you are as strange in real life as you are on the channel!\nNext morning found us at the Crowne Plaza hotel, where Björn Schotte and the Globalpark people were still fixing problems with Internet access just before the congress was supposed to start. This should turn out to be a recurring theme during the entire congress, and is definitely a point to improve next time.\nPHPdoc Ulf\u0026rsquo;s lecture was the first one. He presented his documentation generator PHPdoc , which is a large PHP script largely based on concepts borrowed from JavaDoc. Phpdoc is able to generate bare bones documentation from many PHP scripts without any additional information, and can utilize special comments within the script to generate full documentation. The output is template driven HTML, with XML being an interim format. This allows for automated post-processing and provides unlimited customization of the documentation.\nBecause PHPdoc is working without any support from the PHP interpreter in this version, its capabilities are still somewhat limited, but it still is far better than anything else currently available. In my opinion, PHPdoc should become the standard format for documentation of PEAR and PHPLIB classes, and work should concentrate on adding parser support for documentation generation and to improve PHPdoc. PHPdoc is bound to become a very important tool for large scale PHP projects.\nOpenTracker Ulf was followed up by Sebastian Bergmann of the PHP OpenTracker project. He showed how PHP can be utilized to capture and visualize click-path information and how this information can be useful to optimize your site layout and navigation for usability.\nFulltext Search Alexander Aulbach continued with a report on using MySQL and PHP to create a fast search engine. Working for a newspaper, he was faced with the challenge to create a searchable fulltext index for ~170.000 newspaper articles, and found the usual solutions based on ht://dig and udm-search to limiting for his project. Using a very unconventional approach to the problem, he was able to create a workable and mostly efficient fulltext search using pure MySQL and PHP - tools which are generally considered as not suitable for such tasks. His fascinating solution is up for sale, or can be recreated from his slides if you can spare a man-month or two for development.\nWeb Security My own keynote was supposed to be scheduled for noon, but because of the technical problems with the internet connection before it started late. I had to cut down on content in order to make good for the lost time. Find my slides at Web Security . My talk went well (I had my slides available locally, and did not need a remote connection), and I was able to make a number of contacts\u0026hellip;\nLunch drove the organization at Crowne Plaza to the limits of their capacity: Although three different restaurants and locations within the hotel provided lunch for the 400 people attending, these people dispersed very unevenly, and some had to wait for more than 30 minutes to get something to eat. Nonetheless, the food and the service were excellent, once you got them.\nPHP in Startups Just after lunch, Chris Cartus had a talk about the use of PHP in startups. His talk centered around properties and shortcomings of PHP as an implementation language and as a platform and contained quite a bit of critique. It was received somewhat controversial, which certainly was his intention, but was in part based on outdated facts—PHP is currently a rapidly moving target, and six months ago Chris would have been right on all counts.\nBasically, Chris stated that the main strengths of PHP are its superb rapid prototyping capabilities and its very smooth learning curve: You can take any useful web designer and start teaching PHP bit by bit. That designer will be productive from day one, gradually moving out of the mouse mover camp and entering the coder league, earning his money at all stages during this transition. This is very unlike Java, which generally requires a hard break where one sits down and learns about programming, design techniques, UML and the like before being completely useful.\nOn the other hand, there is little support for high-end web applications and development to be found in PHP—there is no application server, load balancing is not part of PHP and can only be obtained using crude external means such as RR DNS and local redirects. Also, PHP is lacking in debugging capabilities and provides little support for large scale development (options comparable to the \u0026quot;use strict\u0026quot; and \u0026quot;-w\u0026quot; modes of perl). Its object model is crude and needs more sophistication and a performance tuneup to be useful on large scale applications.\nTo summarize: While PHP provides a road that is wide and easily traveled at the beginning, this road is not as far-reaching as is the Java path. Chris claimed that further extension of PHP is necessary to cover these areas.\nChris also claimed that PHP has no Java integration to speak of and mentioned some other areas where PHP is lacking, in his opinion. Most of these areas have been worked on during the last six months, and the situation is improving rapidly. For example, Johann-Peter Hartmann demonstrated PHP\u0026rsquo;s Java integration capabilities in his (later) XSLT comparison and found it to be easily usable, but still unstable under load.\nHallway track I missed the next three talks given by Reiner Kukulies (Communities with PHP), Mario Klaue (Using PHP generated DHTML to build highly responsive pages) and Matthias Boese (\u0026ldquo;Using PHP on SAT-1: Die Fahndungsakte\u0026rdquo; - a high traffic website for a TV series). This is exactly the scenario where PHP should not be used according to Chris Cartus, so there are successful deployments of PHP in high load environments.\nInstead, I had some stimulating discussions on web security, and on possible future extensions of PHP outside the lecture hall. Those small tables just next to the coffee bar turned out to be very useful, indeed. Thank you, Thies, for providing useful input and insight and thank you, Chris Cartus, for your thought and discussion provoking talk.\nExtending PHP The day way almost finished with Sascha Schumann\u0026rsquo;s \u0026ldquo;Extending PHP using C\u0026rdquo; express presentation (\u0026ldquo;Hmm, it seems that I really should have some slides. I\u0026rsquo;ll create them while commiting the latest patches to the session management module here.\u0026rdquo;). Sascha, you really demonstrated that rapid prototyping can be a way of life!\nSascha prepared the ground for Jens Ohlig with \u0026ldquo;C++ integration and 3 tier development\u0026rdquo;. Jens talk was about using phpswig to generate glue code to integrate C++ classes as PHP extensions.\nAfterglow For me personally, the talks by Chris Cartus and Jens Ohlig were two most interesting talks of the day - Chris because of the interesting ideas and the background he provided, and Jens because of the extremely useful technology demonstration.\nAfterglow, the time between the conference talks and the evening programme, was filled with discussion about software patents and Sevenval - from the number and type of questions currently easily the most hated company within the PHP or even the German Open Source community.\nThe Evening program was a travel by ship along the River Rhine on board of the MS Enterprise, a theme ship modeled after a well-known starship of the same name. The Buffet on board was excellent, and so was the company :-) Thies and I had our fun with Sascha, being half as old as either of us two (but twice as cool). Ah, and the local brew does not taste much better when you drink it on board of a ship. Memo to self: When you travel to Cologne, bring your own beer.\nDay 2 PHP and PDF The second day started out slowly, with Hartmut Holzgraefe demonstrating PDF creation using PDFTeX and PHP. He started out showing the shortcomings and limitations of PHP\u0026rsquo;s PDF interface, and presented PDFTeX as an alternative way to create good-looking PDF output. TeX source creation was excruciating with PHP 3, but using PHP 4 and the new output buffering interface came just in time to be helpful and greatly simplify the process. Limitations of his technique are the use of an external process (the PDFTeX processor) not really suited for use in batch processing, and the load this generates at the server machine.\nPHP on Windows Next in line was Andreas Otto, who introduced the PHP4 build process under Windows. As I don\u0026rsquo;t do Windows, I missed most of this talk and had a session concerning the past and future of de.comp.lang.php at the coffee table on the outside. It seems that a transition of the FAQ to XML format will be well received and should be done on short notice. Also, Sascha suggested the day before that an english translation of the FAQ would be useful, as it is, in his opinion, far better and more comprehensive that the english original. Sascha suggested that the english version of the FAQ should be channeled through the PHP documentation translation team, producing multinational versions. Both he and I still see problems resolving the update process, as the FAQ is produced in german language, and updates and comments may come in english as well as in german. We probably need a collection and integration mechanism for that. TODO: Talk to the doc team and see what they think.\nPHP and IPC I rejoined the main lecture hall just in time to see Till Gerken finish his talk about \u0026ldquo;Interprocess communication in PHP\u0026rdquo;. Till presented the mechanisms used to create PHPChat, and showed how shared memory and semaphores can be used to improve performance in such applications.\nPHP does XSLT Johann-Peter Hartmann (What a name, what a hairstyle! :-) followed up with \u0026ldquo;A comparison of PHP XSLT processors\u0026rdquo;. His talk was met with great interest, as XSLT seems to be a hot technology. Johann showed that XSLT still is bleeding edge, and so is PHP-Java integration. Sablotron came out as an overall winner in speed and stability with Xalan C++ being a close second and a somewhat more complete implementation of the standard. Me, I am using Sablotron - Go, Ginger Alliance, Go!\nZend Tobias Ratschiller gave most of his time to Doron Gerstel of Zend technologies, who was stunned by the support PHP has in Germany and who presented the future marketing and product strategy of Zend. It seems that Zend will be rolling out a profiler and debugger this year, and follow up with the encoder shortly. Also, a PHP IDE is planned and scheduled for next year.\nThe presentation was quite interesting, especially in light of Chris Cartus talk about startup companies and venture capitalists the day before. It was obvious that Zend, being a startup on venture capital, needs to show some revenue fast before entering the next round of funding. Still, Zend seems to be lacking vision and a roadmap for the future, and the presentation left me a bit disappointed—perhaps it was the presentation, which was marketing driven and focusing on benefits, instead of technology driven, as almost all other talks on the Congress were.\nI would have expected Zend to have learned from their polls and their experience that people tend to use PHP for projects larger than it was intended to be used. It would have been smart for them to provide a strategic roadmap which shows their intention to meet this demand with the appropriate moves and improvements (application server, load balancing, stronger Java integration, revised object model, optional strong typing, optimizer and compiler making use of this typing for faster code). Perhaps CC and Zend talking to each would be a good match?\nAlso, while there is a strong community of PHP developers, at least in Germany, it seems that Zend is only very losely tied into these channels, at least in Germany. There clearly is an impedance mismatch between the community and the company, and currently Zend cannot convince the community that it fulfills an important role for the community, at least not in Germany.\nThis is very dangerous for both parties involved: PHP cannot survive without a focused and directed development team, especially not in the upper area of the market. It is specifically this market that is of very great importance for the acceptance of PHP as a mainstream web development tool.\nAlso, Zend cannot survive without being able to communicate their role to the community, and in Germany that means presenting - technology driven - a long term strategy, scalability, flexibility and extensibility of the product at management level as well as at developer level.\nOn the other hand Zend must take care not to catapult itself out of the PHP community, which is very tightly integrated in Germany, having a few key websites, soon to be complemented by a new MySQL newsgroup. While these locations cover mostly low-end PHP usage, these are the pools where PHP know-how is being created and the regulars at these locations are the key drivers of the German PHP scene. Zend marketing currently does not tap these reservoirs at all—send them to the clue train, this is a large scale loss of communication potential.\nWorld Domination Plans Tobias followed up with a short note on PHP \u0026ldquo;world domination\u0026rdquo;, but time was too short for him to say much.\nDoing Forms Next in line was Andre Christ presenting the Abstract Presentation Layer, a high-level C++ extension of PHP, allowing easy form creation and validation automation. From the questions after the presentation and the afterglow talk, this was easily the most heavily underrated presentation on the congress, as Andre was presenting an unfinished, but very clean library design, which has a few, but obvious and easily corrected shortcomings and much potential. The APL is a LGPL library, and is a project you should watch, unless you decide to get involved. Also, keep an eye on twisd AG; these people are good.\nMore World Domination Unfortunately for the followup speakers, Andre\u0026rsquo;s talk created the need for me to talk, again at the coffee tables, and so I missed most of the finish - except for Björn Schotte\u0026rsquo;s legendary \u0026ldquo;Björn Schotte World Domination\u0026rdquo; talk, which transported hints at his site, PHP Center as well as his QuickCMS product with the subtle gentleness of a Ferenghi sensing the opportunity to make some bars of gold pressed Latinum. :-)\nAll in all two days well spent. The congress served its purpose very well, being an opportunity to bind some faces to recurring names, to learn about the state of the art in the PHP community, and to find out about the future direction PHP and Zend development must take.\nThank you, Björn, and thank you people at Globalpark, for organizing the congress and see you next year.\n","date":"2000-10-07T00:00:00Z","href":"https://blog.koehntopp.info/2000/10/07/php-kongress-koeln.html","tags":["lang_de","php","web"],"title":"PHP Kongress Köln"},{"categories":null,"content":" NetUSE AG, http://www.netuse.de , ist ein Internet Systemhaus in Kiel.\nGegründet 1992, war die Firma ursprünglich als Internet Service Provider tätig. Heute werden die Geschäftsfelder ISP-Geschäft, Consulting, Hard- und Softwarehandel, Service und Support sowie Anwendungsentwicklung abgedeckt. NetUSE hat derzeit etwa 60 Mitarbeiter und wächst schnell.\nZu den Kunden gehören viele größere Konzerne, etwa Deutsche Telekom, Mobilcom, DASA/Airbus, der Landtag des Landes Schleswig-Holstein und andere.\nGehackt \u0026ldquo;Hacken\u0026rdquo; einer Website ist ein Angriff auf Verfügbarkeit, Integrität oder Vertraulichkeit.\n\u0026ldquo;Hacker\u0026rdquo; vs. \u0026ldquo;Cracker\u0026rdquo;\nUrsprünglich bezeichnete das Wort \u0026ldquo;Hacker\u0026rdquo; einen Menschen, der ein Programm oder eine Maschine dazu bringen konnte, irgendetwas Unerwartetes oder Geniales zu tun. Jemand, der in Rechner einbricht oder Kopierschutze entfernt, war dagegen ein \u0026ldquo;Cracker\u0026rdquo;.\nDie Medien haben jedoch entschieden und verwenden die Bezeichnung \u0026ldquo;Hacker\u0026rdquo; im Wortsinn der Bezeichnung \u0026ldquo;Cracker\u0026rdquo;. Dies ist nicht mehr zu ändern.\nWer greift an? Zwei große Gruppen:\n\u0026ldquo;Script Kiddies\u0026rdquo;, Angreifer ohne Insiderwissen und ohne tiefergehende Ausbildung, verwenden meist vorgefertigte Angriffswerkzeuge. Greifen ungerichtet an (Scanning) und brechen in eine große Zahl von Systemen ein. \u0026ldquo;Insider\u0026rdquo;, (Ex-)Mitarbeiter et. al. Teilweise weitgehendes Wissen über Infrastruktur, verwendet Systemtools, Angriffswerkzeuge und selbstgeschriebene, maßgeschneiderte Programme (\u0026ldquo;Das Einbruchswerkzeug sitzt zwischen den Ohren\u0026rdquo;). Will gezielt an bestimmte Netzwerkressourcen herankommen. \u0026ldquo;Script Kiddies\u0026rdquo; oder \u0026ldquo;Spielkinder\u0026rdquo; sind eigentlich kein neues Phänomen. Neu ist lediglich, daß eine so große Anzahl von Werkzeugen existiert, die es Spielkindern so leicht macht, ihren Neigungen nachzugehen.\nSpielkinder sollten für den Administrator einer Site eigentlich kein Problem sein, ihre Methoden und Werkzeuge sind beschrieben in\n\u0026ldquo;Maximum Linux Security\u0026rdquo;, Anonymous, Taschenbuch - 800 Seiten (1999) Sams Publishing; ISBN: 0672316706 \u0026ldquo;Hacking Exposed - Second Edition\u0026rdquo;, Joel Scambray, Stuart McClure, George Kurtz, Taschenbuch - 700 Seiten (Oktober 2000), Osborne/McGraw-Hill; ISBN: 0072127481 Insider sind ein wesentlich schwierigeres Problem und nur durch ein durchgehendes Sicherheitskonzept zu bekämpfen, das von dem betreffenden Betrieb auch gelebt werden muß.\nWelche Ziele verfolgen Angreifer? \u0026ldquo;Script Kiddies\u0026rdquo;: Warez-Site, IRC \u0026ldquo;Trading-Bots\u0026rdquo;, Bandbreite, Paßworte als Handelsware \u0026ldquo;Insider\u0026rdquo;: Rache, spezifische Informationen aus dem Intranetwork, Kundenstammdaten, Kundenverkehrsdaten \u0026ldquo;Script Kiddies\u0026rdquo; sind auf der Suche nach Umschlagplätzen für \u0026ldquo;Warez\u0026rdquo;, d.h. für geknackte Raubkopien von Programmen, Musik-CDs und Spielfilmen. Sie stehen über eine Reihe von unterschiedlichen Kommunikationssystemen miteinander in Verbindung und benötigen für ihr Geschäft massenhaft Plattenplatz, Netzbandbreite und Kommunikationsplattformen.\nSchlecht geschützte und unzureichend gepflegte Rechner sind ihre bevorzugte Beute. Sie finden diese Maschinen, indem sie mit Hilfe von \u0026ldquo;vulnerability scannern\u0026rdquo; ein Netzwerksegment nach Programmen mit bekannten Fehlern absuchen und dann halb- oder vollautomatisch in diese Maschinen einbrechen. Der Automat trägt in der Regel einen gescripteten Angriff binnen weniger Sekunden vor und installiert einen Satz von modifizierten Systemwerkzeugen, ein sogenanntes \u0026ldquo;root kit\u0026rdquo;, das den Einbruch vertuscht und den verbrauchten Plattenplatz sowie die Prozesse des Einbrechers vor dem Sysadmin verbirgt.\nInsider gehen dagegen meist gegen einen bestimmten Rechner im Netz vor, von dem sie spezifische Daten (Mails, Kundenstammdaten, Protokolle) haben möchten, oder dessen Betrieb sie sabotieren möchten.\nWas wird angegriffen? Netzwerkkomponenten: Router, Firewalls, Switches\nZiel: Angriffsquelle verschleiern, Stepping Stone, Netzwerktopologie ermitteln, Netzwerkverkehr belauschen\nServer (eigentliches Ziel): Server-Betriebssystem, Webserver, Webanwendung\nZiel: Zugang zum Server-Betriebssystem, Zugang zu den Zieldaten\nAngriffe erfolgen in den meisten Fällen auf Server, nicht auf Netzwerkkomponenten: Wissen um Betriebssysteme und Fehler von Servern ist in den relevanten Kreisen meist wesentlich weiter verbreitet.\nAngriffe auf Netzwerkkomponenten erfolgen fast niemals durch Script Kiddies (Ausnahme sind bestimmte Distributed Denial Of Service-Angriffe), sondern fast immer als Teil eines geplanten Angriffes mit Insiderwissen und durch besser ausgebildete Angreifer.\nAuf dem Server können Angriffe dem Serverbetriebssystem, dem installierten Webserver oder der Webanwendung selbst gelten.\nWas ist die Folge eines Angriffs? Kompromittierte Netzwerkkomponente: Angreifer hat detaillierte Information über die Topologie. Angreifer kann Routing beeinflussen und IP-Adressen spoofen. Angreifer kann unverschlüsselten Datenverkehr abhören. Transitivität! Kompromittierter Server: Angreifer hat Zugriff auf Daten und Geheimnisse auf dem Server. Angreifer hat die Systeminstallation kompromittiert (\u0026ldquo;Der Server lügt\u0026rdquo;). Angreifer kann unverschlüsselten Datenverkehr abhören. Transitivität! Es ist davon auszugehen, daß Betriebssystem und Anwendungen auf einem kompromittierten Rechner so verändert sind, daß sie den Administrator belügen. Der Rechner kann nicht wiederhergestellt werden, er muss neu installiert werden.\nZur Sicherung der Beweismittel gelten die folgenden Regeln:\nAlle Platten aus dem betreffenden Rechner ausbauen und niemals wieder mounten. Ein Mount würde access times an Dateien oder wichtigeres zerstören und das Medium als Beweismittel unbrauchbar machen. Die betreffenden Platten können in eine andere Maschine eingebaut, um mit dd Images zu generieren (dd if=/dev/hdc of=/export/disk2/imagefile). Weitere Analysen finden nur auf den Images statt. Transitivität ist ein Problem: Kompromittierte Rechner sind Sprungbretter für ein weiteres Eindringen in das gehackte Netz oder für Angriffe auf andere Netzwerke:\nPaßworte können mit Sniffern ausgespäht worden sein. Andere Administratoren in anderen Netzen müssen informiert werden. Gehackt ist nie ein einzelner Rechner, sondern immer mindestens ein Subnetz! Aufräumen und Validierung bringt enorme Kosten!\nServer: Die Drei Kardinalfehler Betriebssystem: Der Server bietet Dienste an, die er nicht anbieten muß/sollte.\nWebserver: Der Server liefert Daten im Web, die dort nicht stehen müssen/sollten.\nWebanwendung: Der Server glaubt Daten, die nicht aus vertrauenswürdigen Quellen stammen.\nServer bietet Dienste an:\nZugriff auf NFS Fileshares von überall (FH Lüneburg) Zugriff auf Datenbank von überall (Buchhandel.de) Zugriff auf RPC-Dienste (Sony Music.de) Server liefert Dateien:\nLogfile des Webshops mit Kunden- und CC-Daten (diverse) Images mit Auflösung (Survivor TV Show) Server glaubt Daten:\nPreisinfo als Zustand beim Anwender gehalten (verschiedene Videoläden) Session-IDs dicht besetzt (ein anderer Buchladen) Pfadnamen als URL-Parameter Angriffe auf einen Webserver lassen sich in drei Problemklassen einteilen:\nAngriffe auf das Betriebssystem. Bei dieser Sorte Angriff werden bekannte Schwächen in Diensten ausgenutzt, die das Betriebssystem standardmäßig anbietet. Dies setzt voraus, daß das Betriebssystem diesen Dienst überhaupt anbietet. Dienste, die nicht eingeschaltet sind, können über das Netz nicht für einen remoten Angriff genutzt werden. Angriffe, die darauf abzielen, bestimmte Logdaten oder andere Informationen zu beziehen, die der Webserver anbietet (aber nicht anbieten sollte). Diese Angriffe sind spezifisch für Webserver und Webanwendungen, meist sind sie nur bei schlechten Defaultkonfigurationen in Zusammenhang mit schlampigem Setup möglich. Angriffe, die spezifisch auf die eingesetzte Webanwendung abzielen und die sich schlechte Programmiergewohnheiten der Entwickler zunutze machen. Viele Webanwendungen gehen davon aus, daß ein Client/Browser vertrauenswürdig ist und nicht manipulierte Daten liefert. Diese Annahme ist im Allgemeinen falsch. Problem 1: Ein Server bietet zuviele Dienste an Warum? Standardinstallation des Herstellers. Installationszugänge für Produktion nicht abgeschaltet. Defaultuser/Zugänge Wartungszugänge allgemein aufrufbar (kein Extranet-Konzept). Fehlendes Betreiber-Knowhow. Standardinstallation: Optimiert für Intranets. Optimiert für einfache Handhabung. fehlende Patches. Defaultuser: \u0026ldquo;sa\u0026rdquo;/\u0026quot;\u0026quot;, \u0026ldquo;system\u0026rdquo;/\u0026ldquo;manager\u0026rdquo;, \u0026ldquo;scott\u0026rdquo;/\u0026ldquo;tiger\u0026rdquo;, \u0026hellip; Kein Extranet-Konzept: Wartungszugänge nur verschlüsselt (ssh, SSL, VPN). Keine Wege aus der Produktion ins Intranet. Für den sicheren Betrieb von Servern gilt generell, daß ein Rollout- und Pflegekonzept vorhanden sein muss. Dies klingt selbstverständlich, ist es aber nicht:\nWerden Systeminstallationen industriell gefertigt? Installserver erlauben reproduzierbare Installationen, Versionierung von Installationen und den systematischen Test einer Installation. Werden Systemupdates industriell durchgeführt? Test- und Verteilkonzepte für die Software auf Servern in der Produktion müssen existieren, damit Fehlerkorrekturen und Upgrades schnell und sicher verteilt werden können. Breakeven-Point ist klein, schon ab 5 identischen Installationen rentiert sich das Knowhow und der Aufwand. Oft werden Extranet-Kontakte mit unstrukturierten Kontakten mit Laufkundschaft gleichgesetzt:\nVerbindungen sind nicht auf bestimmte Teilnetze beschränkt. Verbindungen sind nicht verschlüsselt. Verbindungen sind nicht gut authentisiert. Derartige \u0026ldquo;offene\u0026rdquo; Extranet-Kontakte sind ein beliebtes Einfallstor in Produktionsnetze von Firmen.\nÜberflüssige Dienste Standardinstallation (UNIX):\nWebserver für Manualpages (mehrere) Systemadministration Backupsteuerung RPC-Server für Backupsteuerung (Legato) Systemadministration Desktop-Komponenten Network Filesystems (Datenbanken) Oracle, MySQL Application-Server Interesting ports on jayniz.de: Port State Protocol Service 21 open tcp ftp 22 open tcp ssh 25 open tcp smtp 53 open tcp domain 80 open tcp http 111 open tcp sunrpc 113 open tcp auth 199 open tcp smux 443 open tcp https 515 open tcp printer 1024 open tcp unknown 3306 open tcp mysql 6666 open tcp irc-serv 7000 open tcp afs3-fileserver Nmap run completed -- 1 IP address (1 host up) scanned in 4 seconds \u0026ldquo;www.jayniz.de \u0026rdquo; am 30. August 2000: Unverschlüsselte Systemzugänge mit ftp, obwohl ssh eingesetzt werden könnte. 53/tcp ist offen für alle, statt nur für Secondary Server zugreifbar zu sein. 111/tcp ist weit offen und erlaubt den Angriff auf RPC-Dienste. 515/tcp läuft vollkommen sinnlos. 3306/tcp erlaubt Zugriff auf eine Datenbank. 199/tcp führt auf eine Bash mit root-Rechten: Die Maschine wurde bereits gehackt und mit einem Rootkit versehen. Für den Administrator sind über die Backdoor eingeloggte Benutzer nicht in der Prozeßliste und der Speicherstatistik zu sehen, der von ihnen verbrauchte Plattenplatz wird versteckt. Die Maschine lauscht auf ihrem Netzwerksegment nach Klartext-Paßworten für andere Maschinen, nur ein Switch hat schlimmeres verhindert. ipchains waren auf der Maschine installiert, aber nicht in Betrieb. 3 Tage nach Neuinstallation wurde die Maschine wieder gehackt (RedHat mit wuftpd 2.6.0 als Einfallstor). Notwendige Dienste Notwendig sind meist nur zwei Dienste:\nDomain Name System, aber nur outgoing? HTTP/HTTPS Zur Wartung oft weitere Dienste:\nFTP -\u0026gt; besser: ssh, scp, rsync telnet/rlogin -\u0026gt; besser: ssh POP/IMAP -\u0026gt; besser: S/POP, S/IMAP Zum Intranet oft weitere Dienste:\nDatenbank/LDAP rlogin/rcp, FTP/TELNET -\u0026gt; besser: ssh/scp Drei goldene Regeln:\nMinimiere die angebotenen Dienste. Schränke nichtöffentliche Dienste über IP-Number so weit wie möglich ein. Übertrage keine Paßworte im Klartext! Und nicht vergessen, die wichtigste Regel überhaupt:\nLies die einschlägigen Securityforen. Bugtraq, NT-Bugtraq, Securityfocus.com und andere. Aktualisiere Deine Installationen regelmäßig. Letzterer Punkt setzt voraus: Ein Betriebskonzept.\nWelche Software in welcher Version läuft wo? Wie bekommen wir Updates auf diese Maschinen, ohne den Betrieb zu unterbrechen? Wie bekommen wir gleichartig installierte neue Maschinen? (Installserver). Die Realität Windows 2000, IIS Port State Protocol Service 21 open tcp ftp 25 open tcp smtp 80 open tcp http 106 open tcp pop3pw 110 open tcp pop-3 135 open tcp loc-srv 143 open tcp imap2 389 open tcp ldap 443 open tcp https AIX Export list for rzserv2.fh-lueneburg.de: /stadtinf (everyone) /usr/lib/cobol (everyone) /usr/local (everyone) /ora-client 193.174.32.20 /user (everyone) /usr/lpp/info (everyone) /install 193.174.32.20 /u (everyone) /pd-software (everyone) /var/spool/mail (everyone) /u1 (everyone) Unix, Apache: Port State Protocol Service 21 open tcp ftp 22 open tcp ssh 23 open tcp telnet 25 open tcp smtp 80 open tcp http 110 open tcp pop-3 111 open tcp sunrpc rpcinfo -p www.....de program vers proto port 100000 4 tcp 111 portmapper ... 100024 1 udp 32772 status ... 100021 1 udp 4045 nlockmgr Windows 2000 Advanced Server läßt gerne seinen Active Directory Dienst über den LDAP-Port offen zugänglich.\nldapsearch -h \u0026lt;ip\u0026gt; -b \u0026quot;\u0026quot; -s base \u0026quot;objectclass=*\u0026quot; liefert eine Reihe von Naming Contexts. Diese kann man dann der Reihe nach durchprobieren. ldapsearch -h \u0026lt;ip\u0026gt; -b \u0026quot;\u0026lt;context\u0026gt;\u0026quot; \u0026quot;objectclass=*\u0026quot; erlaubt es sich, den entsprechenden Kontext anzusehen. In Unix wird dagegen gerne der Portmapper offengelassen, der gleich eine ganze Reihe von unzureichend geschützten Diensten erschließt. Fehler sind in der Vergangenheit im Portmapper selbst sowie in vielen Diensten aufgetreten. NFS ist sowieso ein Sicherheitsrisiko und sollte von außen nicht erreichbar sein.\nAbhilfe Kein Kontakt zum Internet ohne Firewall:\nKeine Ausnahmen während der Installation Unterscheide Kundenkontakte und Extranet-Kontakte:\nWartungszugänge immer verschlüsselt besonders authentisiert nur für bestimmte Adressen Regelmäßige Kontrolle\nSelbst von außen Ports scannen. Selbst von außen \u0026ldquo;einbrechen\u0026rdquo;. Regelmäßige Updates\nBugtraq verfolgen. Patchlisten verfolgen. Update-Konzept für Produktionsrechner Zykluszeit \u0026lt; 3 Monate Transitivitäten prüfen\nvon außen über DMZ ins Intranet? Noch einmal:\nKein Kontakt zum Internet ohne Firewall. Wenigstens ein Paketfilter sollte vorhanden sein, damit auch bei schlampiger Konfiguration im Produktionsnetz nur die intendierten Dienste nach außen sichtbar sind. Verdächtige Pakete sollten gleich gefiltert werden. Keine Ausnahmen während der Installation. (Auch nicht für Slashdot). Slashdot.org-Hack: Testmaschine mit Defaultpaßworten (Fehlerklasse 1 == nicht intendierte Dienste öffentlich angeboten) plus \u0026ldquo;eval-Bug\u0026rdquo; (Fehlerklasse 3 == Anwendung vertraut Daten aus dem Netz). Keine unverschlüsselte authentisierte Kommunikation. SSL. ssh. tcpwrapper/libwrap.a. Nichts anderes. Wer nach Ausnahmen fragt, wird geLARTet. Problem 2: Ein Server liefert sensible Dateien Webserver als Transformationsmaschine für Pfadnamen\nRegelsatz: DocumentRoot /www Alias /images /www2/images ScriptAlias /cgi-bin /www2/prod/cgi Was passiert, wenn\ndas Serverlog nach /www/logs/access.log gelegt wird? das Verzeichnis /images browseable ist oder Bildnamen ratbar sind? /www/htpasswd abrufbar ist? Include-Dateien in /www/include/ abgelegt sind? \u0026ldquo;Kann mir nicht passieren?\u0026rdquo;\nklassischer Fall: Suse Linux Standardregel Alias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/ Viele Webshops und andere Standardscripte schreiben Logs oder andere wichtige Informationen in ihr Installationsverzeichnis unterhalb der DocumentRoot. Abhilfe Verzeichnisse außerhalb DocumentRoot:\n/home/www/servers/www.kunde.de +--\u0026gt; /cgi-bin /database /logs /pages /php /tmp DocumentRoot /home/www/servers/www.kunde.de/pages FTP-Root: /home/www/servers/www.kunde.de Leider nicht sehr übliche Konfiguration\nNebenkriegsschauplatz Webhosting Zugriff durch CGI-Programme aus Hostingumgebungen:\nKunde rät aus eigenen Verzeichnisnamen fremde Verzeichnisnamen Kunde schreibt Programme, die Verzeichnisse anderer Kunden durchsuchen Abhilfe:\nchroot()-Umgebungen, \u0026ldquo;virtuelle Maschinen\u0026rdquo; Nachteil:\nAufwendige Realisierung Hoher Speicherbedarf Umständliches Debugging Vorteil:\nausgezeichnete Systemsicherheit Problem 3: Ein Server glaubt nicht vertrauenswürdige Daten Bedeutung einer Firewall im Datenfluß:\nProtokollbegrenzer Authentisierung Trust Boundary Bedeutung \u0026ldquo;Trust Boundary\u0026rdquo;\nSysteme/Datenquellen innerhalb werden durch unsere Administration kontrolliert. Sie liefern daher vertrauenswürde Daten. Die Umkehrung darf niemals vergessen werden!\nSysteme/Datenquellen außerhalb der Boundary sind unkontrollierbar. Sie liefern daher verseuchte Daten. Diese Daten müssen vor Gebrauch unbedingt dekontaminiert werden. Sie dürfen die Boundary danach niemals wieder nach draußen verlassen. Trust Boundaries arbeiten in zwei Richtungen. Dieser Vortrag betrachtet hauptsächlich den Datenstrom \u0026ldquo;von außen nach innen\u0026rdquo;, aber auch der Datenstrom \u0026ldquo;von innen nach außen\u0026rdquo; ist wichtig.\nAuthensierung des Servers durch Serverzertifikat. Verhinderung von Informationslecks durch Informationen im Referer (Nicht wirklich ein Datenstrom \u0026ldquo;von innen nach außen\u0026rdquo;, aber in der Verantwortung des Anwendungsprogrammierers. Anwendungen müssen alle Daten \u0026ldquo;von außen nach innen\u0026rdquo; prüfen und dann \u0026ldquo;drinnen\u0026rdquo; behalten:\nSessions! Niemals HIDDEN-Parameter! Daten von \u0026ldquo;außen\u0026rdquo;: Alle GET-, POST- und COOKIE-Variablen. Alle HTTP_*-Variablen. Alle File-Uploads. Schleichende Einschleppung durch unzureichende Validierung (-\u0026gt; OOH Forms) register_globals = On (-\u0026gt; register_globals = off) Trust Boundary Typische Fehler:\nAnwenderdaten werden durch HIDDEN-Parameter oder per GET/POST/COOKIE weitergereicht. Anwendung vertraut Daten aus dem Request in sicherheitsrelevanten Fragen: Referer, User-Agent, IP-Nummer, \u0026hellip; Anwendung validiert Anwendungsdaten nur mit JS. Na und? Ich habe kein JS, ich sende mit \u0026ldquo;telnet\u0026rdquo;. Anwendung validiert Anwendungsdaten nicht. \u0026ldquo;Wie kann ich Formularvariablen bei einer Session registrieren?\u0026rdquo; \u0026ldquo;Wie kann ich ein SQL-Statement von Seite zu Seite weiterreichen?\u0026rdquo; cf. Stored Procedures im MS-SQL Server wie sp_system(). Abhilfe:\nAnwendung validiert Daten serverside, mit einem geprüften Satz von Funktionen/Klassen. Nur validierte Daten werden Bestandteil der Session. Nur Sessiondaten werden verarbeitet, GPC- und Request-Informationen werden niemals verwendet. Ursache Der 3. Kardinalfehler ist sehr häufig. Warum? HTTP ist ein zustands-loses Protokoll. Webanwendungen brauchen Zustand. Viele Umgebungen bieten keine adäquate Unterstützung für Statekeeping. Viele Entwickler stricken sich \u0026ldquo;halbe\u0026rdquo; Lösungen selbst. Warum Sessions?\nDem Anwender steht nur ein einzelnes Token zur Referenzierung des Sessiondatensatzes zur Verfügung. Klare Fehlersemantik: Sessiondaten sind entweder komplett und vertrauenswürdig, oder gar nicht vorhanden (-\u0026gt; neue Session). Klarer Datenfluß (GPC/HTTP-Daten -\u0026gt; Validierung -\u0026gt; Session -\u0026gt; Anwendung), Umgehung der Validierung ist nicht möglich. Viel Code wird einfacher, da die Anwendung sich nun \u0026ldquo;erinnern\u0026rdquo; kann. Anwendungsstruktur wird klarer. Saubere Trennung von \u0026ldquo;statekeeping\u0026rdquo;, \u0026ldquo;authentication\u0026rdquo;, \u0026ldquo;authorization\u0026rdquo;, wie sie in PHPLIB durchgeführt wird. Infrastruktur (\u0026ldquo;Sessions\u0026rdquo;) wird wiederverwendet, daher besser geprüfter und wiederverwendbarer Code. Wichtig: Token darf nicht ratbar (\u0026ldquo;17\u0026rdquo;) sein. $id = md5(uniqid(\u0026ldquo;geheim\u0026rdquo;)); oder eine Zufallszahl Weitere Ursachen Andere Gründe:\nAus Zeitdruck Prototypen in Produktion geben. Rapid Prototyping ersetzt keine Designphase. Es ergänzt die Analysephase. Datei-Struktur der Anwendung vs. Datenfluß\nAn welcher Stelle übernimmt die Webanwendung Benutzerdaten? Was passiert, wenn man ihr an anderen Stellen Daten übergibt? Was passiert, wenn der Anwender URLs wahllos aufruft? Eingabevalidierung ist mühsam.\nFindet an allen Stellen Eingabevalidierung statt? Ist diese vollständig? Struktur in der Anwendung kommt nur durch Struktur im Entwicklungsprozeß. Hemmungslose Kaufempfehlung:\n\u0026ldquo;Web Application Programming\u0026rdquo;, Gerken/Ratschiller, New Riders Abhilfe Statekeeping durch Application Server managen lassen.\nAnwendung als Automaten strukturieren.\nAutomaten lassen sich gut formal verifizieren. Eingaben zentral prüfen\nApplication Server sollte Bibliothek zum Formularmanagement haben. Datentypen strikt prüfen. Eigentlich überflüssig, aber immer wieder gesehen:\nPfadnamen oder gar Code haben in Parametern nichts zu suchen. Entgegen der populären Volksmeinung sind viele Methoden aus der Mathematik und dem Informatikstudium sehr hilfreich bei der Entwicklung von Webanwendungen.\nAnwendung als Code + State modellieren. Formales Datenmodell, formales Datenbankmodell, formales Angreifermodell, formales Sicherheitsmodell. Automatentheorie. Analyse- und Designmethoden zur Identifikation wiederverwendbarer Komponenten und zur Findung von Bibliotheks-APIs. projektbegleitender Code Review, Post Deployment Projektanalyse. Webprojekte unterscheiden sich nicht von normaler Anwendungsentwicklung, sie sehen nur auf den ersten Blick anders aus.\nweit mehr als 80% aller LOC sind PHP, nicht HTML. Das fremdartige Aussehen rührt weitgehend aus dem Fehlen angemessener Werkzeuge und Bibliotheken her. PHP3 pur ist für die Anwendungsentwicklung im Web nicht angemessen. Fehlendes Statekeeping, fehlende Eingabevalidierung -\u0026gt; PHPLIB! ","date":"2000-08-21T00:00:00Z","href":"https://blog.koehntopp.info/2000/08/21/web-security.html","tags":["lang_de","security","talk","publication"],"title":"Web Security"},{"categories":null,"content":"aus: iX 5/2000.\nWebserver Security In den vergangenen Monaten haben Zeitschriften des Heise-Verlages immer wieder über Sicherheitslöcher in Installationen bekannter Serverbetreiber oder Webhoster berichtet. Offensichtlich existieren tausende von Webanwendungen, die mit heißer Nadel gestrickt und online gebracht worden sind und die - wenn überhaupt - nur unzulänglich getestet worden sind. Was ist die Ursache der beobachteten Probleme und wie kann man sie für seinen eigenen Server vermeiden? Kann man als Verbraucher und Benutzer erkennen, ob der Server eines Anbieters elementaren Qualitätsanforderungen an die Sicherheit im Web genügt?\nEine Analyse der gemeldeten Fehler zeigt, daß sich die weitaus meisten Probleme in nur drei Fehlerklassen einteilen lassen:\nDer Server bietet zu viele Dienste an. Der Server lagert vertrauliche Daten in zugänglichen Verzeichnissen. Der Server vertraut Eingabeparametern aus Webformularen ohne Grund. Ein Server bietet zu viele Dienste an Häufig hat sich ein Betreiber einer Maschine seinen Server noch niemals mit einem der gängigen Portscanner von außen angesehen und läßt auf seinem Server Dienste laufen, die für die Benutzung der Anwendung nicht benötigt werden oder nicht von allen IP-Adressen aus zugänglich sein müssen. Ein prominentes Beispiel der vergangenen Wochen, über das wir berichteten war ein Server, der vollständig ohne Firewall betrieben wurde und nach außen komplette Dateisysteme mit dem Sun Network Filesystem exportierte und dessen Oracle Server von jedermann kontaktiert werden konnte. Praktischerweise fanden sich die für Oracle benötigten Paßworte auf den exportierten Netzwerklaufwerken.\nOft wird dieser Fehler mit der Verwendung unsicherer und abhörbarer Übertragungsprotokolle für Wartungszugänge kombiniert: So findet man oft auf Webserver auch POP3-Zugänge zum Abruf von Bestellmails, FTP-Zugänge zum Upload von neuen Webseiten oder gar Datenbankzugänge zum Upload neuer Bestandsdaten. Diese Protokolle bieten vielfach nur unzulängliche Verschlüsselung von Benutzernamen und Paßworten an, von einer Verschlüsselung der eigentlichen Nutzdaten ganz zu schweigen - der msql-Datenbankserver zum Beispiel bietet nur rudimentäre bis gar keine Sicherung des Zugangs an, FTP und POP3 übertragen Paßworte oft unverschlüsselt.\nEin Webmaster ist gut beraten, sich einen Zugang außerhalb seines eigentlichen Providers und Webmasters zu besorgen und sich seinen eigenen Server einmal mit den Augen und Tools eines Angreifers anzusehen. Oft ist es so, daß Dienste in der Default-Konfiguration der Servermaschine ab Werk enthalten sind, die vom Serverbetreiber nicht erkannt und nicht abgeschaltet worden sind. Beliebte Fehlerquellen sind zum Beispiel Webserver auf Nichtstandardports, die die Handbücher des Systems anbieten. Diese Server enthalten sehr oft fehlerhafte CGI-Scripte oder können auf andere Weise zum Sicherheitsrisiko werden. Eine andere beliebte Fehlerquelle ist der SNMP-Dienst (Simple Network Management Protocol), der einem potenziellen Angreifer viele Informationen über das Zielsystem liefert. Auch Dienste, die nur zur Erstinstallation benötigt wurden, werden oft vergessen und für den Wirkbetrieb nicht abgeschaltet.\nNatürlich muß nicht nur der Webserver geschützt werden: Auch alle anderen Maschinen, die außerhalb der Firewall im Produktions-LAN stehen, müssen denselben Sicherheitslevel erfüllen.\nnmap-Scan (http://www.insecure.org/nmap/ ) # nmap -sS -T Agressive -p 1-10000 www.beispiel1.de| grep open Port State Protocol Service 21 open tcp ftp 22 open tcp ssh 25 open tcp smtp 80 open tcp http 111 open tcp sunrpc 119 open tcp nntp 3306 open tcp mysql 4333 open tcp msql beispiel1.de, eigentlich ein Web- und FTP-Server, bietet außerdem die Dienste ftp, ssh, smtp, sunrpc, nntp, mysql und msql an. Davon ist ssh, ein mit starker Kryptographie verschlüsselndes und authentisierendes Protokoll, unbedenklich. Die Protokolle httpd, ftp, smtp und nntp sind die eigentlichen Dienste des Servers und müssen angeboten werden. Solange ftp nur als FTP-Server für Anon-FTP eingesetzt wird, werden keine abhörbaren Paßworte übertragen. Die sunrpc, mysql und msql-Ports von außen zugänglich zu machen ist nicht nötig. Die Ports gehören in einer Firewall oder mit einen Paketfilter gesperrt.\nBei den Diensten, die man nach außen anbietet sollte man unbedingt auf aktuelle Versionen der Server achten: Buffer-Overflows und andere Probleme sind von ssh, von vielen FTP-Servern und auch von alten sendmail- und INN-Versionen bekannt.\nManchmal findet man einen offenen Port, kann aber nicht sagen, welches Programm diesen Port benutzt. Hier ist ein Tool wie lsof sehr nützlich. Alle lokal offenen Ports und die dazugehörigen Programme kann man mit dem Kommando lsof -P -n -i auflisten.\n# lsof -P -n -i COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME xfstt 46 root 4u IPv4 30 TCP *:7100 (LISTEN) httpd 199 root 19u IPv4 99 TCP 193.102.57.12:80 (LISTEN) ... smbd 11741 root 5u IPv4 28694 UDP 127.0.0.1:1180 smbd 11741 root 6u IPv4 28689 TCP 193.102.57.3:139-\u0026gt;193.102.57.2:1044 (ESTABLISHED) Durch die Angabe von Suchoptionen kann man gezielt nach Protokoll und Port suchen:\n# lsof -P -n -i tcp:139 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME smbd 276 root 5u IPv4 175 TCP *:139 (LISTEN) smbd 11741 root 6u IPv4 28689 TCP 193.102.57.3:139-\u0026gt;193.102.57.2:1044 (ESTABLISHED) Dump einer Zone mit nslookup Um festzustellen, welche Rechner in einer Domain stehen, kann man mit einem Tool wie nmap das ganze Teilnetz durchprüfen, in dem ein Server steht. Alternativ kann man sich auch die Daten im DNS ansehen, die ein Serverbetreiber über seine Domain veröffentlicht.\nAm Beispiel der Domain beispiel1.de:\n# nslookup \u0026gt; set type=ns \u0026gt; www.beispiel1.de. Server: nuki.netuse.de Address: 193.98.110.1 beispiel1.de origin = ns.beispiel1.de mail addr = postmaster.ns.beispiel1.de serial = 2000032201 refresh = 10800 (3H) retry = 3600 (1H) expire = 604800 (1W) minimum ttl = 86400 (1D) \u0026gt; server ns.beispiel1.de Default Server: ns.beispiel1.de Address: 192.168.254.37 \u0026gt; ls beispiel1.de. [ns.beispiel1.de] $ORIGIN beispiel1.de. @ 1D IN A 192.168.253.131 wwwtest 1D IN A 192.168.253.135 news 1D IN A 192.168.253.136 localhost 1D IN A 127.0.0.1 listserv 1D IN A 192.168.253.136 ... igate 1D IN A 192.168.254.34 daiquiri 1D IN A 192.168.254.61 Durch set type=ns (Nameserver) sagen wir nslookup, daß wir ausschließlich Informationen über Nameserver einer Domain haben möchten. Wir fragen dann mit www.beispiel1.de. nach den Nameservern der Domain beispiel1.de. Dies ist nur ein einzelner Server, nämlich ns.beispiel1.de.\nWir sagen nun mit Hilfe des Kommandos server ns.beispiel1.de, daß nslookup alle weiteren Fragen an diesen Server richten soll. Mit Hilfe des Kommandos ls beispiel1.de fordern wir ein Listing der gesamten Zone beispiel1.de an. Wir erhalten eine Liste aller Hostnamen und IP-Nummern, die der Betreiber der Domain beispiel1.de veröffentlicht.\nBesser konfigurierte Nameserver erlauben ab BIND8, Zonetransfers auf die Secondary-Server einer Domain einzuschränken. ls-Kommandos von anderen Hosts schlagen dann fehl. Hat eine Domain mehrere Nameserver, ist es unter Umständen lohnend, diese nacheinander durchzuprobieren: Vielfach ist der Primary Nameserver restriktiv konfiguriert, aber die Secondaries geben einem dennoch ein Listing der Zone.\nSicherheitsbewußte Netzbetreiber setzen Nameserver für das Internet und ihr Intranet getrennt auf. Schließlich braucht es niemanden zu interessieren, welche Rechner in den Büros einer Firma laufen und wie diese heißen. Stattdessen ist vollkommen ausreichend, die Namen und Nummern der Rechner zu publizieren, die Dienste für die Öffentlichkeit bringen, also etwa der Web-, der Name- und der Mailserver einer Domain.\nNetzwerk-Kartierung mit Cheops Mit Hilfe des Gnome-Programmes Cheops bekommt man schnell einen graphischen Netzplan mit Rechnertypen und Verbindungen. Das Programm kann auch eingesetzt werden, um Portscans von Rechnern durchzuführen, ist hier aber nicht so vielseitig wie nmap.\nUnverschlüsselte Verbindung in Ethereal Mit Hilfe des Netzwerkmonitors Ethereal ist die Analyse von Netzwerkpaketen möglich. Mit Hilfe der Stromverfolgung können dabei die Klartextpaßworte in Protokollen wie TELNET, FTP, POP3 und anderen sehr gut sichtbar gemacht werden.\nrpcinfo-Anfrage an www.beispiel1.de Mit Hilfe der Tools rpcinfo und showmount (Linux: auch kshowmount) kann man abfragen, welche Dienste der sunrpc-Dienst erbringt. Falls das SUN Network Filesystem (NFS) zu diesen Diensten gehört, kann man weiterfragen, welche Dateisysteme und für wen exportiert werden.\n# rpcinfo -p www.beispiel1.de program vers proto port 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper Wie man sieht, redet der sunrpc-Dienst von www.beispiel1.de mit externen Rechnern. Das ist nicht notwendig und der Dienst kann blockiert werden, etwa durch eine Firewall oder durch Konfiguration entsprechender Filtermechanismen.\nEine sehr häufige Fehlkonfiguration besteht darin, Verzeichnisse mit NFS weltweit les- und schreibbar freizugeben. Beispielhaft unsicher die Server von beispiel2.de:\n# /usr/sbin/kshowmount -e rzserv2.beispiel2.de Export list for rzserv2.beispiel2.de: /usr/lib/cobol (everyone) /usr/sys/inst.images (everyone) /stadtinf (everyone) /var/spool/mail (everyone) /usr/lpp/info (everyone) /usr/local (everyone) /pd-software (everyone) /u1 (everyone) /user (everyone) /fix (everyone) /u (everyone) /ora rzws01 /install (everyone) /ora-client 192.168.252.20 Die mit everyone gelisteten Verzeichnisse, darunter die Mail und die Homeverzeichnisse der Benutzer, sind weltweit les- und schreibbar. Durch Zugriffe auf die /usr/local und /usr/lib/cobol-Verzeichnisse lassen sich Systembibiotheken und Systemprogramme austauschen, sodaß das ganze System ohne nennenswerten Widerstand sofort einnehmbar ist. Tauscht man Daten im /install-Verzeichnis aus, sind auch alle Clients subvertiert, die von dieser Maschine installiert werden. Das System ist durch seine fahrlässig offene Konfiguration also die ideale Ausgangsbasis für weitere Angriffe gegen andere Netzwerke.\nSNMP-Abfragen an ein entferntes System SNMP gehört zu den Diensten, die einem Angreifer ein Höchstmaß an Information liefern können und die in Standardinstallationen oft nicht abgeschaltet und unzureichend gesichert werden. Zudem läuft der Dienst über UDP, das von vielen Portscannern nicht per Default gescannt wird. Daher taucht der Dienst auf dem Radar vieler Systemadministratoren nicht auf.\nWieder dienen die Server von beispiel2.de als abschreckendes Beispiel:\n# snmpwalk rzserv2.beispiel2.de public system.sysDescr.0 = OCTET STRING: \u0026#34;Fore Systems ATM Host (AIX 1 000005016600)\u0026#34; system.sysObjectID.0 = OBJECT IDENTIFIER: enterprises.326.2.1 system.sysUpTime.0 = Timeticks: (0) 0:00:00 system.sysContact.0 = OCTET STRING: \u0026#34;\u0026#34; system.sysName.0 = OCTET STRING: \u0026#34;rzserv2.\u0026#34; system.sysLocation.0 = OCTET STRING: \u0026#34;\u0026#34; system.sysServices.0 = INTEGER: 72 interfaces.ifNumber.0 = INTEGER: 7 interfaces.ifTable.ifEntry.ifIndex.1 = INTEGER: 1 interfaces.ifTable.ifEntry.ifIndex.2 = INTEGER: 2 interfaces.ifTable.ifEntry.ifIndex.3 = INTEGER: 3 interfaces.ifTable.ifEntry.ifIndex.4 = INTEGER: 4 interfaces.ifTable.ifEntry.ifIndex.5 = INTEGER: 5 ... Wir erfahren hier nicht nur den Typ und Patchlevel des Systems, sondern (nicht gezeigt) auch eine Liste der Interfaces und Routingkonfiguration des Systems - wir bekommen also detaillierte Information über die Topologie des Zielnetzes. Zusammen mit Daten aus dem DNS gibt uns das einen genauen Netzplan des potentiellen Opfers. Wenn weitere Management Module installiert sind, bekommen Zugriff auf weitere Subsysteme, etwa Oracle, SAP oder andere fernzuüberwachende Einheiten. SNMP wird auch in vielen Routern und in RMON Netzwerkprobes eingesetzt - ein Eindringling kann so sogar Verkehrsdaten aus dem Netz erfahren, wenn diese nicht gesichert worden sind.\nEin Server lagert vertrauliche Daten in zugänglichen Verzeichnissen Eine weitere beliebte Fehlerklasse besteht in vertraulichen Daten, die in durch den Webserver zugänglichen Verzeichnissen gelagert werden. Häufig bieten Webspace-Provider virtuelle Webserver an, bei denen die Wurzel des durch den Anwender beschreibbaren Bereiches (etwa: /home/www/servers/www.kunde.de/, für den Kunden sichtbar als /) auch die Wurzel des virtuellen Servers ist (etwa: http://www.kunde.de/). Legt der Kunde jetzt Daten unterhalb seines Wurzelverzeichnisses ab (etwa eine Datei /passwd) dann ist diese Datei auch durch den Webserver abrufbar, denn sie liegt ja unterhalb der Document Root und hat eine URL (etwa: http://www.kunde.de/passwd).\nViele Webshops schreiben Bestellungen in ein oder mehrere Logverzeichnisse oder haben Konfigurationsdateien mit Paßworten und Artikeldaten. Liegen diese Daten unterhalb der Document Root, dann haben sie URLs und sind zunächst einmal prinzipiell über das Web abrufbar, sofern es einem Angreifer gelingt den Namen zu raten. Kennt man den Namen und die Version der verwendeten Websoftware, ist dies meist sehr einfach zu machen.\nPrinzipielle Abhilfe schaffen hier nur Hostingumgebungen, bei denen die Document Root des Webservers tiefer als die Wurzel des Kundenverzeichnisses liegt (etwa ab /home/www/servers/www.kunde.de/pages). Nun kann der Kunde weitere Verzeichnisse oberhalb der Document Root anlegen (etwa: /home/www/servers/www.kunde.de/shop) und seine vertraulichen Daten dort speichern. Da diese Verzeichnisse über das Wartungs-FTP, nicht aber mit HTTP zugänglich sind, können sie nicht so einfach abgerufen werden.\nAlternativ legt man Verzeichnisse unterhalb der Document Root an und verbietet den Zugriff per HTTP auf das Verzeichnis durch Anlegen einer .htaccess-Datei (Apache-Webserver). Die Datei sollte den Zugriff von überall verbieten:\n$ cat /shop/.htaccess order deny, allow deny from all Daten können dann nur noch über FTP abgerufen werden. Für FTP gelten .htaccess-Dateien nicht.\nEin Server vertraut Eingabeparametern aus Webformularen ohne Grund Die dritte häufige Fehlerklasse besteht darin, in CGI-Programmen Parameter aus dem Web zu übernehmen und ohne Prüfung zu verwenden.\nEine Webanwendung besteht aus Komponenten die innerhalb der Firewall liegen und als vertrauenswürdig gelten können, weil sie durch den lokalen Administrator kontrolliert werden. Dazu gehören etwa die lokalen Scripte, die Datenbank, der Webserver und lokale Datendateien. Dazu kommen dann weitere Komponenten, die außerhalb der Firewall liegen und die grundsätzlich als nicht vertrauenswürdig gelten können. Das ist hauptsächlich der Browser des Anwenders, wenn er denn einen benutzt und seinen Webrequest zwecks Hackangriff nicht direkt in ein Telnet tippt. Die Firewall markiert eine Vertrauensgrenze, eine Trust Boundary.\nDaten von jenseits der Vertrauensgrenze kann eine Webanwendung nicht ohne Prüfung vertrauen. Dazu gehören alle Parameter, die dem CGI-Script übergeben werden, also alle GET-, POST- oder COOKIE-Parameter, der HTTP_REFERER, der HTTP_USER_AGENT und alle weiteren Werte von außen. Alle diese Werte müssen vor der Verwendung durch ein CGI-Script durch eine Gültigkeitsprüfung, in der sichergestellt wird, daß die Daten auch das erwartete Format haben und gültige Werte besitzen.\nZum Beispiel ist es gängige Praxis, daß bestimmte Scripte Werte nur dann akzeptieren, wenn bei der Übergabe der HTTP_REFERER des Aufrufes korrekt ist. Auf diese Weise versucht sich das Script gegen gefälschte Aufrufe zu schützen. Natürlich ist es für einen potentiellen Angreifer überhaupt gar kein Problem außer den Scriptparametern auch noch jeden gewünschten HTTP_REFERER mit zu übergeben - der Schutz ist also wirkungslos. Korrekt wäre, wenn das Script jeden übergebenen Parametern einzeln prüft.\nEine andere häufig verwendete Technik besteht darin, Parameter von einer Seite zur nächsten als \u0026lt;INPUT TYPE=\u0026quot;HIDDEN\u0026quot;\u0026gt; mitzuschleifen. Dabei wird interner Zustand der Anwendung im Browser des Anwenders gehalten, also jenseits der Trust Boundary. Für den Anwender ist es ein leichtes, den Zustand einer solchen Anwendung zu manipulieren und jeden gewünschten Effekt zu bewirken. Korrekt wäre, eine Plattform zu verwenden, die Sessionvariablen bietet und den Zustand der Anwendung auf dem Webserver halten kann (etwa: Microsoft ASP mit dem Session-Objekt, PHP3 mit PHPLIB, PHP4 mit den session_*()-Funktionen oder einen richtigen Application-Server).\nFazit Webmaster sind gut beraten, alle ihre Installationen auf diese drei Fehlerklassen abzuprüfen und ihre Anwendungen gegebenenfalls anzupassen. Gestohlene Kreditkartendaten oder gar geknackte Server, die als Ausgangspunkt für weitere Angriffe dienen, sind nicht nur peinlich: Derartige Installationen sind fahrlässig unsicher und dem betroffenen Betreiber stehen mit großer Wahrscheinlichkeit Klagen auf Schadenersatz oder Beihilfe zum Computereinbruch ins Haus.\nFür den Laien ist dies keine Alternative: Die Sicherheit eines Servers zu verifizieren setzt nicht nur umfassende technische Kenntnisse, sondern auch Zugang zum Server voraus. Letztendlich kann nur ein technisches Gütesiegel, das auf Grundlage einer technischen Überprüfung der Server und aller darauf laufenden Anwendungen erteilt wird dem Verbraucher mitteilen, daß er es mit einer seriösen Installation zu tun hat.\nReferenzen: http://www.koehntopp.de/kris/artikel/webtune/ : \u0026ldquo;Webserver verstehen und tunen\u0026rdquo; http://www.koehntopp.de/php/ : \u0026ldquo;de.comp.lang.php - Häufig gestellte Fragen\u0026rdquo; http://www.insecure.org/nmap/ : \u0026ldquo;NMAP Port Scanner\u0026rdquo; http://ethereal.zing.org/ : \u0026ldquo;Ethereal Network Monitor\u0026rdquo; http://www.marko.net/cheops : \u0026ldquo;Ceops Network Mapper\u0026rdquo; http://freshmeat.net/appindex/1998/04/06/891857252.html : \u0026ldquo;lsof - list open files\u0026rdquo; \u0026ldquo;TCP/IP Illustrated, Volume 1: The Protocols\u0026rdquo;: W. Richard Stevens, Addison-Wesley \u0026ldquo;Hacking Exposed - Network Security Secrets \u0026amp; Solutions\u0026rdquo;: McClure, Scambray and Kurtz, Osborne \u0026ldquo;Maximum Linux Security\u0026rdquo;: Anonymous, Sams ","date":"2000-05-01T00:00:00Z","href":"https://blog.koehntopp.info/2000/05/01/webserver-security.html","tags":["lang_de","publication","talk","internet"],"title":"Webserver Security"},{"categories":null,"content":"Dies ist eine aktualisierte Version der Schulung „Unix Systemsicherheit“, die ich vor einiger Zeit schon einmal gehalten habe. Der Schwerpunkt dieser Schulung hat sich etwas zu den Grundlagen hin verschoben: Es geht diesmal weniger um Unix Systemsicherheit als um die typische Situation der Consultants und Bereitschaften:\nMan kommt an eine neue Maschine und muss sich erst einmal zurechtfinden.\nNeu auf einem fremden System Orientierung:\nTyp und Ausstattung der Maschine Prozessor, Festplatten, andere Hardware Speichersituation, historische und aktuelle Lastdaten Netzwerk und Netzwerkumfeld der Maschine IP-Adressen, Routing Welche Name-Services in welcher Reihenfolge, welche Server werden verwendet? Was läuft, was soll laufen? Was ist installiert? tatsächlich laufende Subsysteme vs. konfigurierte Subsysteme Wir sind neu auf einem fremden System und loggen uns zum ersten Mal ein. Wie können wir uns zurechtfinden? Was wollen wir überhaupt wissen?\nDie Maschine selbst ist nach Hardware, Speicher, Platten und Netzwerk zu beurteilen. Die Netzwerkumgebung der Maschine ist einzuschätzen. Die auf der Maschine installierten Systemdienste sind einzuschätzen und zu beurteilen. Es muss ein Soll/Ist-Abgleich stattfinden.\nAusgehend von diesen Daten kann die Arbeit auf der Maschine beginnen:\nDie Maschine kann für ihre Aufgabe angepasst werden (Hardware- oder Softwareinstallation durch Consulting), bzw. die Fehlersuche kann beginnen (Alarmruf für die Bereitschaft).\nTyp und Ausstattung der Maschine Was für Hardware ist das hier? Was ist in der Maschine eingebaut? Wie lange ist die Hardware schon \u0026ldquo;up\u0026rdquo;? Erster Handgriff: uname -a. Weitere Aktionen systemspezfisch.\nLinux: lscpu, free, df -Th, lspci, lsusb Solaris: prtconf -v, psrinfo -v, /usr/platform/$(uname -m)/sbin/prtdiag Uptime und Load: w, uptime -w Für uns meist: Sparc/Solaris oder Intel/Linux. Bei einigen Kunden auch PPC/AIX oder Intel/SCO. Äußerst wenige Kunden mit HP oder Digital Hardware.\nPeilung des Maschinentyps (mit uname -a) und der eingebauten Hardware. In Solaris mit den drei Kommandos prtconf, psrinfo und prtdiag. In Linux mit lscpu, lspci oder indem man manuell durch /proc turnt.\nPeilung der Systemauslastung und der anwesenden Benutzer: Neben w und uptime einmal die Prozeßliste ansehen (ps -ef, ps axuwww) und die Systemlast checken (iostat, vmstat).\nSpeicher und Last Virtueller Speicher und seine Auslastung:\nLinux: free. Solaris: swap -l, swap -s. Wenn Accounting \u0026ldquo;up\u0026rdquo; ist (Solaris): sar, sar -r (freeswap), sar -w (paging). In Linux (Suse 6.4): sa aus dem Paket ap1/acct.rpm. Der weitaus größte Teil aller Lastprobleme sind Speicherprobleme (zuwenig RAM, zu kleiner Swap). Zweithäufigstes Problem ist fehlende I/O-Kapazität. Fehlende CPU-Kapazität ist fast niemals das Problem.\nErst messen, dann nachdenken, dann handeln (OODA loop \u0026ndash; Observe, Orient, Decide, Act). Optimierungen ohne genaue Messungen und Kenntnis des tatsächlichen Problems sind Verschwendung der durch den Kunden bezahlten Arbeitszeit. Punktmessungen können hilfreich sein, aber ein Wochenlastprofil ist sehr viel wertvoller (hier sar-Beispiele von boss und prime bringen).\nPlatten Logical Volume Management?\nWelches System? Welche Zuordnung? Quota?\n/etc/vfstab, /etc/fstab\nSolaris (SDS):\nGerätenamen metastat format Linux:\nGerätenamen fdisk raidtool.rpm als Nachfolger von md-tools /etc/raidtab, raid.conf df, du, mount Quota-Tools Vergleiche die sichtbaren Partitionen mit der durch das Hardware-Inventory angezeigten vorhandenen Hardware.\nSind alle Platten partitioniert und eingebunden? Ist die gezeigte Aufteilung sinnvoll gewählt für die Aufgabe der Maschine? Prüfe auch:\nVerteilung der Partitionen nach Auslastung auf Spindeln Verteilung der Partitionen über Platten und Controller nach Ausfallgesichtspunkten? Welche RAID-Level für welche Aufgabe\nWir verwenden fast überall RAID 0+1 (Solaris SDS). Linux-RAID (a la Suse) derzeit nur eingeschränkt nützlich. Lange Startzeit. Rootplatte, Swap-Partition. Prüfe auch:\nPlatzproblem oder Quota-Problem? Netzwerk und Netzwerknachbarschaft Übersicht über Interfaces und Routen\n-n Option verwenden Woher kommen die Routen? Weitere Analysetools:\nping tcpdump snoop Netzwerkinterfaces: ifconfig -a, netstat -i, netstat -s, netstat -m\nRouten: netstat -rn\nSchicht 2-3 Bindungen: arp -a\nWelche Interfaces und welche Routen werden tatsächlich wie oft verwendet? Woher kommen die Routen?\nViele Kunden haben ein kaputtes Netzwerkonzept (d.h. keines) und setzen Routen eventuell manuell. Probleme sind vorprogrammiert.\nAndere Kunden haben nur Default-Routen und bekommen differenzierte Routen nur über ICMP Redirect. Ebenfalls problematisch (Effizenz, Security).\nName Resolution Welche Namensdienste werden verwendet?\nWelche Server werden verwendet?\nWie ist das Verhalten im Fehlerfall?\nAusfall Angriff /etc/nsswitch.conf\nFiles, DNS/Bind, NIS/NIS+, LDAP, Exoten Falls DNS: /etc/resolv.conf\nFalls NIS: ypwhich\nWoher kommen die Namen, welcher Dienst wird verwendet?\nOft lokale Hostdateien -\u0026gt; Probleme! Im besten Fall DNS. Dann dort die Zone ansehen und Netzstruktur und Zonengröße abschätzen.\nWelche Abhängigkeiten existieren zwischen den Servern?\nAusfall- und Bootszenarien: Was ist, wenn der DNS-, der Time- oder der NIS-Server nicht da sind? Gibt es NFS-Platten, auf die die lokale Maschine angewiesen ist?\nSecurity: Wer macht was in wessen Auftrag? Wer kontrolliert? Wird die Konfiguration manuell gepflegt oder existieren Frontends? Welche Dokumentationsprozeduren existieren?\nNetzwerkdienste Welche Netzwerkdienste werden erbracht?\nPrüfe neben inetd auch persistenten Server. Prüfe auf Vorhandensein von Sicherheitsmechanismen Prüfe Verhalten im Falle von Ausfällen, etwa Firewall-Versagen Wie begründen sich diese Dienste?\nWelche Sicherheit bieten diese Dienste?\n/etc/inetd.conf, /etc/hosts.allow, /etc/hosts.deny\nSonderfälle für das jeweilige System\nTodesfallen bei AIX: Import/Exporttools für inetd.conf Todesfallen bei HP/UX: /etc/inetd.sec rpcinfo -p, showmount -e\nnmap!\nVergleiche inetd.conf und Startscripte mit netstat -an.\nConsulting: Viele verstorbene Pflegefälle wegen manuell gestarteter Dienste, die in keiner Konfigurationsdatei auftauchen. Bereitschaft: Umgekehrtes Szenario. Alarm wurde wegen verschwundenem Server ausgelöst. Sicherheitsanalyse wieder:\nWieder technische und organisatorische Prozesse synchronisieren und abgleichen: Was tun die Maschinen? Wer entscheidet das? Wie begründen sich die Dienste? Wer dokumentiert und prüft das? Vergleiche Prozeduren bei uns im Haus:\nISP-Betrieb plant und deployed. Operating betreibt nach Doku vom ISP-Betrieb, Operating überwacht und alarmiert die Bereitschaft. Auch diese operiert mit dieser Doku. Konfigurationsgenerierung meist automatisch durch die Backends der KundenDB -\u0026gt; automatische Dokumentation und Abrechnung. Welche Verzeichnisse werden exportiert? Häufige Panne: Verzeichnisse werden ungewollt exportiert Rechner importiert Verzeichnisse und hängt wegen Abhängigkeit vom Server Automounter? Mit NIS/NIS+? Samba? Klartextpaßworte? Public Shares? Logfiles? $ showmount -e $ kshowmount -e $ share $ vi /etc/exports; vi /etc/dfs/dfstab $ vi /etc/auto.master; vi /etc/auto.homel vi /etc/auto.misc $ vi smb.conf; smbclient Einschlägige Beispielserver draußen zeigen.\nWir wollen nicht so enden wie die! Mehrfach gestaffelte Sicherheit durch\nautomatisch generierte Konfigurationen mit Sicherheitssperren Dienstsperrungen für Außen durch tcpwrapper Portsperrung und Alamierung über die Firewall und das Operating Logauswertung (Usagelog, Wrapper-Protokoll, Firewall-Protokoll) durch Abrechnung (KundenDB), Alarm bei Diensten mit fehlendem technischem Objekt in der KundenDB Operating (Wrapper, Firewall), Alarm bei Attack Patterns Einschlägige Selbstmordkonfigurationen zeigen.\nWas ist installiert? Welche Pakete und Programme sind installiert?\nIn welcher Version? Installation validieren?\n\u0026ldquo;set permissions\u0026rdquo; und \u0026ldquo;check optionen\u0026rdquo; tripwire? Solaris: pkginfo, /var/sadm/install/contents (Reihenfolge!)\nLinux: rpm -qa, rpm -qi \u0026lt;paket\u0026gt;, rpm -ql \u0026lt;paket\u0026gt;, rpm -qlc \u0026lt;paket\u0026gt;, rpm -qld \u0026lt;paket\u0026gt;, rpm -qf \u0026lt;datei\u0026gt;, rpm -qp \u0026lt;datei.rpm\u0026gt;\nSolaris Paketarchiv („NetUSE Distribution“) zeigen\nConsulting-CDROM, wird auch an Kunden verkauft Keine Installation ohne Paket\nVerweis auf Paketschulung Kein Paket -\u0026gt; automatische Konfigurationsgenerierung aus Installserver oder KundenDB macht die Verzeichnisse möglicherweise platt. Kommandoäquivalenzen Linux/Solaris\nVerweis auf Rootkits\nRootkits ersetzen wichtige Systemprogramme, in Folge belügt die Maschine den Operator tripwire-Check nach sauberem Reboot zeigen lrk3 demonstrieren (ohne sauberen Reboot bekommt man keine verlässlichen Informationen mehr und kompromittiert sein Netz nur noch weiter) Was soll laufen? Welche Dienste sollen von der Maschine erbracht werden?\nKonfiguration beim Systemstart für persistente Server Konfiguration von transienten Servern Konfiguration von zeitgesteuerten Services Suche nach Zeitbomben? Wenn es hängt? Start/Stopscripte\nLinux: /sbin/init.d/... Solaris: /etc/init.d/... Crondateien: /var/spool/cron/crontabs, /var/cron/tabs strace, truss ltrace Bootsequenz durchgehen, Single User Mode, Wie bekomme ich meine Platten wieder?, Wie überlebe ich ohne Editor und Terminalemulation?\nDefekte Programme tracen: ldd, Solaris proctools, Linux: /proc/\u0026lt;nummer\u0026gt;/...\nstrace/truss Output lesen, ltrace/sotruss Output lesen\nWas Läuft? Welche Dienste sind auf der Maschine aktiv?\nWelche waren aktiv? Welche Ressourcen belegen diese Dienste?\nps -ef, ps auxwww, top, lsof\nLinux: ptree, sa Solaris: /usr/proc/bin/* Beispiele mit den Proctools\nSpeicherverbrauch abschätzen für Server Programmaktivität laufender Prozesse feststellen Welche User können rein? Quellen von Userlisten\nlokal, aus dem Netz Erlaubte und nicht erlaubte Shells\nGehackte Authentisierung\nModifizierte wu-ftpd, imapd LDAP-Module /etc/nsswitch.conf, /etc/shells, /etc/ftpusers, /etc/ftpaccess\nZugangsmechanismen\nRegeln für den Zugang, etwa über PAM: /etc/pam.d, /etc/pam.conf Verweis auf Folgeschulungen:\nNSS/PAM/GSS nutzen. NSS/PAM/GSS-Module erstellen. Überblick über die von NetUSE für den ISP-Betrieb modifizierte Software. Welche User waren drin? Auswertung des Logbuches\nQuerabgleiche mit anderen Logs Auditing-Subsysteme\n/etc/utmp, /etc/wtmp, syslog, Auth-Events, Radius-Logs und andere\nExoten:\nLogbücher der Sysadmin-Tools (AIX) Auditing-Subsysteme\nLinux: fehlendes Auditing, bescheidenes Accounting (falls installiert).\nSolaris: Demo des Auditing\nBeide: Welche Logs liegen wo und wie finde ich die gewünschte Info?\nZugriffsrechte und Privilegien in UNIX Bonusfolien aus der alten Schulung\nErkläre, wer unter welchen Bedingungen in UNIX auf eine Datei zugreifen darf!\nrwx? sst? Verzeichnisrechte vs. Dateirechte Dateiattribute? Dateisystemattribute? Welche Spuren hinterläßt so ein Zugriff?\nRWX - sonst nix? Wer bin ich?\nZu welchen Gruppen gehöre ich?\nWie kann ich meine Identität ändern?\nWelche Rechte (alle!) brauche ich, um auf eine Datei zuzugreifen? Sind es immer dieselben?\nKurzer Sicherheitscheck für Zwischendurch Bonusfolien aus der alten Schulung\nDie meisten Fehler entstehen nicht durch falsche Software, sondern dumme User.\nfind / -fstype ... ! -type l -perm ... -ls\n-perm -2 (find world writeable files) -perm -4000 (find SUID) -perm -2000 (find SGID) Finde Dateien, die world writeable, suid oder sgid sind.\n/tmp, /var/tmp (1777 ?) Verzeichnisse im Pfad, Binaries, Konfigurationsdateien? Dateien mit vorhersagbaren Dateinamen? Geräte? Backup? Rechte an Geräten Bonusfolien aus der alten Schulung\nAuf vielen älteren kommerziellen Unices sind Gerätedateien unzureichend geschützt.\nBeschreibbare Plattendevices, Banddevices 777-Verzeichnisse /dev/md/*, Löschen von LVM-Pseudogerätedateien ioctl()-Aufrufe nicht ausreichend privilegiert. Medien mit sensitivem Inhalt in lesbaren Geräten. Beispiele:\nioctl()-Aufrufe in AIX teilweise nicht dokumentiert und nicht privilegiert. /dev-Unterverzeichnisse 777 in HP/UX. /bin-Verzeichnisse 777 in HP/UX und AIX nach Installation von Software. ","date":"2000-04-14T00:00:00Z","href":"https://blog.koehntopp.info/2000/04/14/neu-auf-einem-fremden-system.html","tags":["lang_de","linux","unix","security","devops","talk","publication"],"title":"Neu auf einem fremden System"},{"categories":null,"content":"Datenspuren im Internet (PDF)\nnach einem Artikel in der Computer und Recht, 4/2000 mit Marit Köhntopp. Diese Version wurde am 10-Sep-2000 um einige Anmerkungen ergänzt und aktualisiert.\nDer Artikel gibt einen Überblick über die Datenspuren, die ein Internetbenutzer bei der Arbeit im Netz hinterläßt. (PDF-Datei, 180 KB)\n","date":"2000-04-01T00:00:00Z","href":"https://blog.koehntopp.info/2000/04/01/datenspuren-im-internet.html","tags":["lang_de","publication","internet"],"title":"Datenspuren im Internet"},{"categories":null,"content":"Diesen Artikel habe ich als Schulungsunterlage für eine PHP-Fortgeschrittenenschulung bei Netcologne geschrieben\nPHP-Programme laufen auf dem Webserver. Sie können - angestoßen durch einen externen Benutzer mit einem Browser - Dateien auf dem Server lesen, schreiben oder löschen. Für einen PHP-Programmierer ist es wichtig zu wissen, mit welchen Rechten seine Programme ausgeführt werden und welche Einflüsse die Ausführung seines Programms bestimmen. Nur so ist es ihm möglich, sein System gegen böswillige Manipulation abzusichern und seine Leistung zu optimieren.\nDer Aufbau des Apache-Webservers Der Apache-Webserver ist auf eine Weise konstruiert, die es leicht macht, den Serverprozeß zu erweitern, und die ihn besonders wenig anfällig gegen Betriebsstörungen gleich welcher Art macht.\nDer Server besteht aus einem Managerprozeß, der eine Reihe von Bearbeiterprozessen startet. Diese Prozesse führen die eigentliche Request-Abarbeitung durch. Eingehende Requests werden vom Manager registriert und an einen freien Bearbeiter weitergereicht. Wenn der Bearbeiter mit der Ausführung des Requests fertig ist, beendet er sich nicht, sondern meldet sich beim Manager zurück, und dieser teilt dem Bearbeiter den nächsten Request zu.\nEin Bearbeitungsprozeß ist oftmals nicht in der Lage, einen Prozessor voll auszulasten: Er muss auf das Eintreffen von Daten von der Festplatte warten, oder er muss auf den Client auf der anderen Seite des Netzes warten und sich mit der Abarbeitung des Requests nach der Übertragungsgeschwindigkeit des Netzes richten. Damit während dieser Zeit andere Requests bearbeitet werden können, ist es sinnvoll, mehrere Bearbeiterprozesse zu haben.\nWie viele Bearbeiterprozesse sinnvoll sind, hängt von einer ganzen Reihe von Parametern ab. Zunächst einmal wäre es sicherlich schön, wenn immer genau so viele Bearbeiter vorhanden sind, wie gleichzeitige Requests bei der Maschine ankommen. Nun kann ein Rechner aber nicht beliebig viele Prozesse starten, und speziell im Fall von Apache ist es so, daß der Webserver in genau dem Moment sehr viel langsamer wird, in dem die Maschine anfangen muss, Webserverprozesse mangels RAM in den Swapbereich auszulagern. Das ist ein sehr unangenehmer Moment, denn bei gleichbleibender Anzahl von Requests pro Sekunde (\u0026ldquo;Last bleibt gleich\u0026rdquo;) dauert die Abarbeitung eines einzelnen Requests nun viel länger (\u0026ldquo;Durchsatz sinkt\u0026rdquo;), und damit steigt die Anzahl der ausstehenden Requests (\u0026ldquo;Ressourcenverbrauch steigt\u0026rdquo;). Das Gesamtsystem versucht darauf mit einer weiteren Erhöhung der Serverprozeßzahl zu antworten und treibt die Maschine nur noch weiter in den Swap - die Requests werden noch langsamer bearbeitet und als Antwort werden nur um so mehr Serverprozesse erzeugt.\nIn dieser Situation bricht die Systemleistung zusammen, oder das System kommt im Extremfall vollständig zum Halt. Mithilfe des Parameters \u0026ldquo;MaxClients\u0026rdquo; kann man in der httpd.conf die Anzahl der Serverprozesse nach oben begrenzen und so verhindern, daß die Maschine in diesen fatalen Zustand gerät - die Zahl muss so gewählt werden, daß die Maschine sicher nicht ins Swappen gerät. Als hilfreich hat sich hier die Analyse der Zahlen in /proc/\u0026lt;pid\u0026gt;/statm erwiesen, wobei als \u0026gt; die Prozeßnummern der httpd-Prozesse einzusetzen sind:\n$ server=`grep -l httpd /proc/*/cmdline` $ for i in $server; do cat `dirname $i`/statm; done 1331 674 654 119 0 555 306 96 96 80 5 0 91 16 1247 401 369 80 0 321 101 1368 711 678 134 0 577 306 1364 707 677 133 0 574 305 1364 707 677 133 0 574 305 1365 708 677 133 0 575 306 86 86 71 4 0 82 15 Die ausgegebenen Zahlen sind in /usr/src/linux/Documentation/proc.txt genauer erläutert. Sie bedeuten von links nach rechts:\nsize total program size resident size of in memory portions shared number of the pages that are shared trs number of pages that are \u0026#39;code\u0026#39; drs number of pages of data/stack lrs number of pages of library dt number of dirty pages Der Gesamtspeicherverbrauch eines weiteren Serverprozesses ergibt sich aus seinen Resident (im RAM befindlichen) Unshared Pages, die Page zu 4 KB in Intel-Rechnern. Also ist die Differenz zwischen der zweiten und der dritten Zahl einer jeden Zeile zu bilden und mit vier zu multiplizieren, um den zusätzlichen RAM-Verbrauch eines einzelnen httpd in KB zu ermitteln. Überschlagsmäßig können in der hier gezeigten Konfiguration etwa 100-150 KB angesetzt werden, aber diese Zahl kann je nach Webserver und Art der Last stark variieren und bedarf in jedem Fall eines Tunings im Wirkbetrieb.\nBei einem geeigneten Wert für MaxClients erzielt der Apache-Webserver bei zunehmender Last (\u0026ldquo;ramp-up\u0026rdquo;) linear mehr Durchsatz, bis der Sättigungspunkt erreicht ist. Danach bleibt die Leistung auf einem stabilen Plateau, wenn nicht ein anderer leistungsbegrenzender Faktor wirksam wird (Netzbandbreite, DNS-Lookups, Plattenbandbreite, CPU-Leistung).\nBei nachlassender Last ist es natürlich nicht notwendig, die ganzen Serverprozesse im Speicher herumstehen zu haben. Der Managerprozeß kontrolliert laufend, wie viele unbeschäftigte Bearbeiter er zur Verfügung hat und wenn dies mehr als MaxSpareServers viele sind, wird er beginnen, die Anzahl der Serverprozesse zu verringern. Bei steigender Last wird der Manager diese Zahl dann wieder steigern. Aber das Starten von neuen Serverprozessen dauert einige Zeit, und daher ist es gut, eine gewisse Anzahl von unbeschäftigten Bearbeiterprozessen \u0026ldquo;auf Vorrat\u0026rdquo; zur Hand zu haben, damit man Lastspitzen ausreiten kann. Der Parameter MinSpareServers legt fest, wie groß der Vorrat ist, den der Manager anlegt. Es ist nicht sinnvoll, MinSpareServers größer als MaxSpareServers zu setzen: Beide Werte können im Extremfall gleich groß sein, aber in einer sinnvollen Konfiguration wird MaxSpareServers immer größer als MinSpareServers sein.\nJe stärker und je schneller die Last auf einem Webserver springt, umso größer sollte man den Abstand zwischen beiden Werten wählen. Je langsamer die Maschine beim Starten von neuen Serverprozessen ist und je ruckartiger die Last auf dem Server ansteigen kann, umso höher muss man MinSpareServers wählen, damit im Falle einer Spitzenlast schon ausreichend viele Server vorhanden sind. Mit dem Parameter StartServers legt man fest, wie viele Serverprozesse schon beim Hochfahren des Managers mit erzeugt werden.\nFür eine dedizierte Maschine mit einem Speicherverbrauch von 200 KB pro Serverprozeß und einem freien RAM von 100 MB nach dem Start aller anderen Systemdienste kann man einen MaxClients-Wert von weniger als 500 ansetzen, wenn nur httpd-Prozesse laufen (bei Ausführung von CGI-Programmen ist dies nicht der Fall - hier muss man Speicher für die CGI-Programme reservieren!). Wenn es sich um eine dedizierte Maschine handelt, die nur diesen einen Webserver ausführen soll und auf der keine andere Anwendung läuft, gibt es keinen Grund, die Anzahl der Clients zu begrenzen: Man kann gleich beim Start alle Webserverprozesse auf Vorrat erzeugen und hat dann unter Last die benötigte Leistung parat. Dies ist ideal für Webserver, die bei zeitlich abgestimmten Medienevents (\u0026ldquo;TED-Server\u0026rdquo;, \u0026ldquo;Wahl-Server\u0026rdquo;) plötzliche Spitzenlasten wegstecken können müssen:\nMaxClients 450 StartServers 450 MaxSpareServers 450 MinSpareServers 450 Ein solcher Server wird etwa 400-450 parallele Requests bearbeiten können. Ist eine Seite im Schnitt 100 KB groß und wird eine solche Seite im Mittel mit 5 KB/sec ausgeliefert, dauert das Ausliefern einer Seite im Mittel also 20 Sekunden. Mithin hat man mit der gezeigten Konfiguration so Leistung für etwa 20 Requests/sec (1200 rpm, requests per minute) - vorausgesetzt, man begrenzt die Leistung der Maschine nicht durch andere Faktoren (20 Requests pro Sekunde, 5 KB pro Sekunde =\u0026gt; 100 KB/sec oder knapp eine halbe S2M).\nEin anderes Szenario wäre derselbe Rechner bei einem ISP, der auf unterschiedlichen virtuellen Interfaces mit unterschiedlichen IP-Nummern unterschiedliche Apache-Server betreibt, die sich die Maschine teilen müssen. Alle Server sollen möglichst wenig Ressourcen verbrauchen, wenn die Last gering ist:\nMaxClients 200 # drei Kunden teilen sich diesen Rechner StartServers 5 # wenige Prozesse vorab starten MinSpareServers 5 # immer 5 in Reserve halten MaxSpareServers 10 # maximal 10 in Reserve halten Hier können bei drei unterschiedlichen Apache-Instanzen im Extremfall 600 Serverprozesse auftreten (damit würde man die Maschine also leicht im Überlastbereich betreiben), aber jede Apache-Konfiguration versucht ihren Serverpool immer nur so groß wie unbedingt nötig zu halten. Solange alle drei immer mit ca. 100-150 Servern rumdröhnen, herrscht eine friedliche Koexistenz.\nLebensdauer von Serverprozessen Apache ist ein sehr gutmütiger Webserver: Da er nicht multithreaded ist, ist er sehr leicht durch selbstgeschriebene Module zu erweitern, ohne daß diese Module aufwendig reentrant gemacht werden müßten oder anders aufwendig anzupassen sind. Die Server-API unterstützt die Integration von Modulen durch die Bereitstellung von Schnittstellen zu Speicherverwaltung, zur Request-Verarbeitung und zur Response-Generierung. Leider sind nicht alle Module sauber programmiert: Manche von ihnen erzeugen Core Dumps, andere stürzen zwar nicht ab, aber sie belegen mehr und mehr Speicher und lassen den Serverprozeß so ins Grenzenlose wachsen.\nApache ist so konstruiert, daß er mit dieser Situation fertig werden kann, ohne den Betrieb des gesamten Serversystems zu gefährden: Ein abstürzender Bearbeiterprozeß wird durch den Manager registriert, und der Manager erzeugt ggf. einen neuen Bearbeiterprozeß, wenn die Lastsituation es erfordert. Ein Bearbeiter kann durch das Setzen des Parameters MaxRequestsPerChild auf einen von 0 verschiedenen Wert so konfiguriert werden, daß er maximal so viele Requests wie angegeben bearbeitet und sich dann beendet. Durch Speicherlecks verlorengegangener Speicher wird dann wieder freigegeben - der Manager wird den beendeten Bearbeiterprozeß wie bei einem Absturz ersetzen, falls notwendig.\nDas Regenerieren von verlorengegangenen Serverprozessen kostet zwar Systemleistung, weil der Kernel fork()-Systemaufrufe durchführen muss, aber der Webserver bleibt immerhin verfügbar. Bei einem Single-Process-Server mit Multithreading wäre eine solche Fehlerresistenz nicht machbar.\nDer Managerprozeß und alle seine Bearbeiterprozesse laufen unter der in der Hauptkonfiguration mit den Direktiven \u0026ldquo;User\u0026rdquo; und \u0026ldquo;Group\u0026rdquo; angegebenen UID- und GID-Werten. Man kann dies auch in der Prozeßliste sehen, indem man sich den Eigentümer der httpd-Prozesse ansieht:\nvaliant:/proc/2544 # ls -ld . dr-xr-xr-x 3 wwwrun nogroup 0 Jun 1 21:55 . valiant:/proc/2544 # cat cmdline | xargs -0 echo /usr/local/apache/bin/httpd -f /usr/local/apache/conf/httpd.conf Es ist wichtig zu verstehen, daß diese Werte für den gesamten Server, also für alle von ihm verwalteten virtuellen Server, gelten. Das heißt: Alle Zugriffe durch den Webserver auf Dateien werden unter dieser UID und GID durchgeführt, auch dann, wenn in den einzelnen \u0026lt;VirtualHost\u0026gt;-Abschnitten andere User- und Group-Werte angegeben sind. Diese anderen Identitäten werden ausschließlich für die Ausführung von CGI-Programmen durch das suexec-Utility angenommen.\nHat man seinen Webserver mit mod_php oder mod_perl konfiguriert, dann werden auch alle Dateizugriffe dieser beiden Module unter der einen zentralen Identität des Servers ausgeführt werden, da die Module im Kontext des Serverprozesses ablaufen. Das ist eine Tatsache, die man unbedingt im Hinterkopf behalten sollte, wenn man Webserver aufsetzt, auf denen mehrere unterschiedliche Kunden eigene Scripte ausführen können. Da alle diese Scripte immer unter derselben UID/GID ausgeführt werden, gibt es nichts, das verhindern könnte, daß ein Kunde auf die Dateien eines anderen Kunden zugreift. Ein solches Konzept ist für das Webhosting untauglich.\nCGI-Programme werden durch den Apache nicht direkt, sondern immer über das suexec-Utility gestartet. Der Apache erzeugt dazu mittels fork() eine Kopie von sich selbst, die sich selbst dann durch das suexec-Programm ersetzt. Dieses Programm ist mit Systemverwalterrechten ausgestattet (ein SUID-root-Programm) und stellt danach die UID/GID des neuen Prozesses auf die User- und Group-Angaben des zuständigen virtuellen Hosts um. Außerdem setzt es noch eine Reihe von Ressourcelimits, bereinigt das Prozeßenvironment und führt eine Reihe von anderen Aufräumarbeiten durch. Erst dann ersetzt es sich selbst durch das auszuführende CGI-Script. Dieses Script läuft dann mit der eingestellten Identität, die von der Identität des Webservers selbst verschieden sein kann, und beendet sich anschließend.\nDa die Ausführung von CGI-Programmen die Erzeugung eines neuen Prozesses und das Laden von mindestens zwei Programmen (suexec und den Scriptinterpreter) bedingt, werden CGI-Programme sehr viel langsamer ausgeführt als Modulprogramme. Zu den genannten Kosten kommen noch Aufwände für ein rundes Dutzend Systemaufrufe innerhalb von suexec hinzu, die aber gegenüber den fork()/exec()-Kosten verschwindend gering sein dürften.\nMan hat als ISP mit einem VirtualHost-Setup also die Wahl zwischen einem schnellen, unsicheren Setup und einer deutlich langsameren, aber sichereren Variante.\nEs existiert übrigens eine Variante des suexec-Programmes für den Apache, die wesentlich weniger restriktiv bei der Prüfung der User- und Gruppenrechte an der auszuführenden Datei und dem enthaltenden Verzeichnis ist, die dafür aber eine chroot()-Umgebung aufsetzt, in der dieses Programm ablaufen kann. Dadurch, daß das Programm in der chroot()-Umgebung eingesperrt ist, wird ein zusätzlicher Grad an Sicherheit erreicht.\nAufbau des MySQL-Datenbankservers und Interaktion mit PHP Viele PHP-Programme verwenden einen MySQL-Datenbankserver als Backend zur Speicherung und Auswertung von Daten. Als Datenbank für Webserver ist MySQL besonders geeignet, da MySQL Connections vom PHP-Interpreter zum Datenbankserver sehr schnell errichten und wieder trennen kann und da MySQL im Gegensatz zu \u0026ldquo;echten\u0026rdquo; Datenbanken auf saubere Verwaltung von Transaktionen verzichtet und daher verschiedene Operationen sehr viel schneller abwickeln kann als vollständige SQL-Datenbanken. Für Webanwendungen ist dies ideal, da diese in ihrer Mehrzahl eher geringe Ansprüche an die Transaktionsfähigkeit der Datenbank stellen, dafür aber sehr viele parallele Sessions erzeugen können.\nUm abschätzen zu können, in welche Situation man die Datenbank bringt, wenn man sie als Backend an einem Webserver betreibt, muss man wieder die beiden Fälle CGI PHP und mod_php unterscheiden.\nIn CGI PHP wird auf einer Webseite irgendwann einmal ein mysql_connect() oder mysql_pconnect() ausgeführt. PHP stellt in diesem Moment eine Verbindung zu Datenbank her und arbeitet dann mit dieser Verbindung. Spätestens am Ende der Seite endet das PHP-Programm und mit ihm auch der PHP-Interpreterprozeß selbst.\nDadurch werden alle Filehandles dieses Prozesses geschlossen, also auch die Datenbankverbindung. CGI PHP wird also in schneller Folge Datenbankverbindungen öffnen und schließen, und es wird maximal so viele Datenbankverbindungen geben, wie es parallele PHP-Interpreter geben kann, nämlich MaxClients viele. Man muss den Datenbankserver vom RAM und vom Serverprozeß her so konfigurieren, daß er mit einer solchen Anzahl von parallelen Sessions fertig werden kann!\nWenn in mod_php mit mysql_connect() gearbeitet wird, verhält es sich exakt so wie CGI PHP: Am Ende der Webseite wird die Datenbankverbindung geschlossen. Anders bei mysql_pconnect(): Da der Interpreter als Modul Bestandteil des Bearbeiterprozesses des Webservers ist, kann dieser die Verbindung auch nach dem Ende der Webseite offen halten. Fordert später eine andere Webseite eine Verbindung mit denselben Host/User/Paßwort-Daten an, kann der Bearbeiterprozeß diese existierende Verbindung anbieten, anstatt erneut eine solche Verbindung eröffnen zu müssen. Bei mysql_pconnect() hat dies wegen der Geschwindigkeit von MySQL nur vergleichsweise geringe Auswirkungen; verwendet man hingegen Oracle, sind mod_php und ora_plogon() absolut essenziell, wenn man Performance braucht.\nJeder Bearbeiterprozeß muss für sich alleine einen Connect zum Datenbankserver offen halten, da solche Connects nicht zwischen unterschiedlichen Prozessen austauschbar sind. Ein einzelner Bearbeiterprozeß hält jedoch unter Umständen mehrere Datenbankconnects mit unterschiedlichen User/Paßwort-Kombinationen offen, wenn dies in der Konfiguration so vorkommt. Man muss daher im Extremfall auf dem Datenbankserver mit MaxClients mal \u0026ldquo;Anzahl der vorkommenden User/Paßwort-Kombinationen\u0026rdquo; vielen parallelen Connects klarkommen. Es ist klar, daß sich dies schlecht skaliert.\nPHP geht bei der Verwaltung von MySQL-Datenbankverbindungen übrigens von der falschen Annahme aus, daß eine Datenbankverbindung zustandslos ist und daher gefahrlos wiederverwendet werden könne, wenn ein zweiter Connect mit derselben Username/Paßwort/Hostname-Kombination gemacht wird. Man kann dies beobachten, indem man das folgende Stück Code ausführen läßt:\nkk@land:~/Source/php3 \u0026gt; ./php \u0026lt;?php $link = mysql_connect(\u0026#34;localhost\u0026#34;, \u0026#34;kk\u0026#34;, \u0026#34;\u0026#34;); print $link.\u0026#34;\\n\u0026#34;; Content-type: text/html 1 $link2 = mysql_connect(\u0026#34;localhost\u0026#34;, \u0026#34;kk\u0026#34;, \u0026#34;\u0026#34;); print $link2.\u0026#34;\\n\u0026#34;; 1 Obwohl hier zwei verschiedene MySQL-Datenbankverbindungen geöffnet werden sollen, wird in beiden Fällen dieselbe Link-ID zurückgeliefert. Es handelt sich also in beiden Fällen um dieselbe Datenbankverbindung. Dies wird in dem Moment zum Problem, wo der Zustand der Datenbank, der per Link-ID verwaltet wird, sich ändert. In MySQL gehört zu diesem Zustand der Name der aktuellen logischen Database, mit der gearbeitet wird. Wird diese Database mittels \u0026ldquo;use \u0026rdquo; oder mit Hilfe von mysq_select_db() verändert, wirkt sich die Änderung auf die beiden vermeintlich unabhängigen Datenbankverbindungen aus. Abhilfe schafft hier nur, entweder nur mit einer einzigen Datenbank zu arbeiten oder mit Hilfe von mehreren unterschiedlichen Benutzernamen unterschiedliche Datenbankverbindungen zu erzwingen.\nEin ähnliches, noch viel gefährlicheres Problem erleidet man mit Oracle, denn dort gehört die derzeit aktive Transaktion zum Zustand der Datenbankverbindung - ein COMMIT oder ROLLBACK wirkt sich hier auf beide vermeintlich unabhängigen Verbindungen aus.\nDer Datenbankserver erlaubt mit einer Ausnahme keine Interaktion eines Anwenders mit dem Dateisystem. Alle Änderungen sind also ausschließlich auf Datensätze innerhalb der Datenbank beschränkt. Die Ausnahme ist das Laden von Daten in die Datenbank mit LOAD DATA INFILE, das die Übernahme von beliebigen Daten mit zeilenweiser Satzstruktur in Datenbanktabellen erlaubt. Um diese Operation durchführen zu können, benötigt der aktuelle Benutzer in MySQL file_priv = 'y' für seinen Benutzereintrag in der Tabelle mysql.user. Das Recht kann nicht datenbankbezogen, sondern nur benutzerbezogen vergeben werden.\nNeuere Versionen von MySQL erlauben statt dessen LOAD DATA INFILE LOCAL, bei denen der Lesezugriff nicht durch den Datenbankserver und mit den Rechten des Datenbankservers erfolgt, sondern stattdessen durch den Client (PHP) und mit den Rechten des Clients. Dies ist zwar langsamer, aber sicherer und benötigt keine besonderen Privilegien. Es ist empfehlenswert, immer LOAD DATA INFILE LOCAL zu verwenden. Beim Load sehr großer Tabellen kann es jedoch notwendig werden, die CPU-Zeitbegrenzung des PHP-Interpreters hochzusetzen.\nIm Übrigen ist zu beachten, daß es der PHP-Interpreter ist, der sich an den Datenbankserver connected, und nicht der Browser des Anwenders. Die MySQL-Ports können daher an der Firewall problemlos abgedichtet werden, um direkte Zugriffe eines Anwenders an PHP vorbei auf den Datenbankserver zu verhindern:\n|| ||\u0026lt;--- connect --- mysql-Client || Port 2042 || MySQL \u0026lt;--- connect --- PHP \u0026lt;--- || --- connect --- Browser Port 2042 \u0026amp; || Port 80 httpd || Firewall läßt nur Port 80 durch Grenzen von Vertrauen Die Firewall definiert in diesem System eine Grenze (\u0026ldquo;Trust Boundary\u0026rdquo;) zwischen dem Internet mit potenziell gefährlichen Daten und dem Intranet, in dem vertrauenswürdige Anwendungen vertrauenswürdige Informationen halten. Daten kreuzen diese Grenze in beide Richtungen, und es ist dringend erforderlich, diesen Übergängen besondere Aufmerksamkeit zu widmen.\nÜbergänge von innen nach außen Übergänge von drinnen nach draußen sind vergleichsweise einfach abzuhandeln, da es sich um Übergänge aus einem Bereich mit hohem Vertrauen in einen Bereich mit weniger hohem Vertrauen handelt. Besondere Maßnahmen muss man hier genau dann ergreifen, wenn man für die herausgegebenen Daten etwas garantieren möchte: Etwa daß sie beim Empfänger unverfälscht oder gar nicht ankommen oder daß außer dem Empfänger niemand Kenntnis von den Daten bekommen kann oder daß der Empfänger sicher sein kann, daß er tatsächlich mit dem Webserver und nicht mit einem Angreifer redet, der sich als der Webserver ausgibt.\nIn allen diesen Fällen ist der Einsatz von SSL auf dem Server empfehlenswert. Eine SSL-Verbindung ist wie ein gepanzerter Tunnel zwischen dem Webserverprozeß auf dem Server und dem Browserprozeß beim Abrufer. Er kann durch Dritte nicht eingesehen werden, und die Daten, die darin fließen, können durch Dritte nicht verfälscht werden. Durch ein Server-Zertifikat kann der Abrufer außerdem sicher sein, daß das andere Ende des Tunnels wirklich beim Webserver liegt und nicht bei jemand anderen.\nZwar ist eine Anwendung leicht auf SSL umzustellen (es muss nämlich bis auf die verwendeten URLs nichts angepasst werden), aber die Kosten für den Einsatz von SSL sind dennoch recht hoch. SSL setzt auf der TCP/IP-Ebene an; es schiebt sich quasi als Schutzschicht zwischen die Schichten 4 und 5 des OSI-Protokollstacks.\n+- Anwendungsprogramm----+ +- Anwendungsprogramm----+---+ | Anwendungsschicht | | Anwendungsschicht |SSL| +------------------------+ +------------------------+API| | Präsentationsschicht | | Präsentationsschicht | | +------------------------+ +------------------------+ | | Sitzungschicht | | Sitzungschicht | | +------------------------+ +------------------------+ | | SSL-Verschlüsselung | +----------------------------+ Userland ===================================================================== Kernel +- Betriebssystem -------+ +- Betriebssystem -------+ | Transportschicht (TCP) | | Transportschicht (TCP) | +------------------------+ +------------------------+ | Netzwerkschicht (IP) | | Netzwerkschicht (IP) | +------------------------+ +------------------------+ +- Gerätetreiber --------+ +- Gerätetreiber --------+ | Verbindungsschicht | | Verbindungsschicht | +------------------------+ +------------------------+ | Physikalische Schicht | | Physikalische Schicht | +------------------------+ +------------------------+ Dies bedeutet, daß bei dem Abruf einer Webseite per SSL zuerst die TCP/IP-Netzwerkverbindung, dann die SSL-Zertifikate ausgetauscht werden und danach erst die HTTP-Requests übertragen werden. Da beim HTTP-Request mit dem Host-Header festgelegt wird, welchen virtuellen Webserver die Anwendung sprechen will, aber zuvor schon die SSL-Zertifikate ausgetauscht werden, ist es nicht möglich, verschiedene SSL-Server mit derselben IP-Nummer zu betreiben. Stattdessen müssen SSL-Server auf IP-basierte virtuelle Hosts aufgesetzt werden, und jeder SSL-Server verbraucht eine IP-Nummer.\nDazu kommt, daß anders als bei unverschlüsseltem HTTP eine SSL-Verbindung nicht mit HTTP/1.1 Keepalive offen gehalten werden kann. Anderenfalls könnte man nämlich recht leicht einen Angriff mit bekannten Klartexten gegen den Server fahren: Würde ein SSL-Server eine Verbindung mit Keepalive offen halten, würden nach Austausch der Zertifikate Session-Keys ausgetauscht werden. Mit diesen Session-Keys verschlüsselte Daten würden dann über die SSL-Verbindung ausgetauscht werden. Wird die Verbindung für mehr als einen Request benutzt, sind die Chancen gut, daß geheime Daten (etwa die Kreditkartennummer) und bekannte Daten (etwa ein Logo-GIF) über dieselbe Verbindung mit demselben Session-Key verschlüsselt übertragen werden. Ist dies der Fall, kann man mit Hilfe der bekannten Daten nach dem verwendeten Session-Key suchen und dann die unbekannten Daten entschlüsseln.\nDadurch, daß SSL-Verbindungen die Vorteile von HTTP/1.1 Keepalives nicht nutzen können, müssen sie für jede einzelne Komponente einer Webseite eine neue Verbindung aufbauen. Diese einzelnen Verbindungen sind nicht nur ständig durch den TCP-Slow-Start gebremst, sondern müssen ebenfalls ständig neu Verschlüsselungsverfahren und Session-Keys aushandeln, was zusätzliche Datenaustausche zwischen den beiden Partnern notwendig macht - jeder dieser Datenaustausche dauert jedoch eine Umlaufzeit (die Zeit, die von Ping als RTT ausgegeben wird). Es ist also sehr viel damit geholfen, SSL-Seiten so aufzubauen, daß sie aus möglichst wenigen Komponenten zusammengesetzt sind, also wenige Bilder und Plugins enthalten, die getrennt nachgeladen werden müssen. Über diesen Verzögerungswerten kann man die zusätzliche Belastung der CPU durch Verschlüsselung und Kompression beinahe vernachlässigen.\nWeil SSL-Verbindungen gleich oberhalb der TCP-Ebene verschlüsseln, sind nicht nur die übertragenen Daten verschlüsselt, sondern auch alle HTTP-Header. Ein Angreifer kann also ebenfalls nicht erkennen, welche Seiten abgerufen werden und welcher Art die zurückgelieferten Daten sind. Dies hat Auswirkungen auf Proxy-Server, auf den Jugendschutz, falls dieser auf filternde Proxy-Server zurückgreift, und auf den Virenschutz, falls dieser auf einen zentralen Scanner auf einem Proxy zurückgreift: Selbst wenn man mit jedem Request dieselben Daten abriefe und nicht über Zertifikate nachdächte, würden wegen des wechselnden Session-Keys die abgerufenen Daten bei jedem Request anders aussehen, und der Proxy hätte, falls er Filterfunktionen wahrnehmen sollte, keine Informationen über die tatsächliche Natur der abgerufenen Daten. SSL-Verbindungen machen also zentrale Scanmechanismen unbrauchbar. Sie sind mit Absicht so designed worden.\nÜbergänge von außen nach innen und die Notwendigkeit von Sessions Werden Daten von außen nach innen in die Zone höheren Vertrauens importiert, muss mit noch mehr Aufmerksamkeit gearbeitet werden, denn die importierten Daten können prinzipiell bösartig sein und müssen so schnell und so gründlich wie möglich dekontaminiert werden.\nDie Anwendung läuft bei Webprogrammen zum Teil auf dem Browser des Anwenders, und dieser liegt außerhalb der Vertrauensgrenze unseres Systems. Man kann nicht davon ausgehen, daß der Browser des Anwenders bestimmten Anforderungen genügt, und man kann daher nicht voraussetzen, daß die gelieferten Daten bestimmten Anforderungen genügen, bevor diese Anforderungen nicht alle einzeln abgetestet worden sind.\nMan kann beispielweise ein Formular an den Browser des Anwenders schicken, und dieses Formular kann in Javascript geschriebene Validatoren enthalten, die sicherstellen, daß in numerischen Feldern auch nur Ziffern enthalten sind und so weiter. Man kann nicht voraussetzen, daß der Browser des Anwenders Javascript interpretiert, da diese Funktionalität ggf. ausgeschaltet oder gar nicht vorhanden ist. Es ist auch denkbar, daß eine Firewall auf dem Weg zum Abrufer jeden aktiven Content aus Seiten herausfiltert und daß daher Javascript gar nicht beim Browser ankommen kann. Es wäre weiterhin denkbar, daß die Anwendung zwar ein Formular mit Javascript zum Anwender gesendet hat, dort aber gar kein Browser läuft, sondern der Anwender stattdessen seine Requests und die Replies manuell mit \u0026ldquo;telnet\u0026rdquo; bearbeitet. Dann wäre der Anwender prinzipiell in der Lage, beliebig defekte Daten einzuliefern.\nMan kann ebenfalls nicht davon ausgehen, daß die Daten, die der Anwender abgesendet hat, und die Daten, die der Webserver erhält, identisch sind. Eine Instanz auf dem Weg - ein Proxy oder ein Angreifer - könnten diese Daten verändern oder veraltete Daten zurücksenden.\nEs bleibt also nicht anderes übrig, als alle Daten beim Erhalt und beim Eintritt in die Zone hohen Vertrauens genauestens zu prüfen. Danach müssen diese Daten in der Zone hohen Vertrauens verbleiben und dürfen diese nicht mehr verlassen - täten sie es, müßten sie beim Wiedereintritt in die Zone hohen Vertrauens erneut geprüft werden. Es ist daher keine gute Idee, Daten in Form von über mehrere Formulare hinweg mitzuschleppen - in einem solchen Fall würden die Daten nämlich ständig zwischen der Zone hohen Vertrauens auf unserer Seite des Netzes und der entfernten Anwendung hin- und herwechseln und bei jedem neuen Request erneut aus der einen und die andere Zone wechseln. Solch eine Anwendung ist konstruktionsbedingt nicht sicher zu bekommen.\nBesser und sicherer ist es, mit einer Session-Verwaltung zu arbeiten. In einem solchen Modell wird der Browser-Client durch eine eindeutige Kennziffer identifiziert, und über diese Kennziffer wird ein Datensatz innerhalb der Trust Boundary an den Browser gebunden.\n|| Trust Boundary || +-------------+ || +--------+ | Server |\u0026lt;----- Request ------ | Client | +-------------+ mit ID || +--------+ | | referenziert Datensatz mit ID | +-|--------+ +--|-------+| +---v------+|| | Client- ||+ | Daten |+ +----------+ Daten, die die Trust Boundary einmal passiert haben, verbleiben nun auf der Serverseite und können durch den Client nicht mehr direkt manipuliert werden. Der Client kann nur noch mittelbar durch Veränderung der Session-ID versuchen, einen anderen Datensatz mit anderen Daten zu referenzieren. Daraus folgt, daß die Session-ID selbst keine fortlaufende Nummer oder eine andere vorhersagbare und ratbare Zahl sein darf.\nIn der Praxis hat es sich bei PHP bewährt, das Konstrukt md5(uniqid(\u0026quot;geheim\u0026quot;)) zu verwenden. Die Funktion uniqid(\u0026quot;somestring\u0026quot;) liefert einen auf der aktuellen Uhrzeit basierenden String, der mit dem Prefix \u0026ldquo;somestring\u0026rdquo; anfängt. Durch die Anwendung der Hashfunktion md5() wird daraus eine 128 Bit lange (32 Hexziffern lange) Zahl, aus der nicht auf den Ausgangsstring geschlossen werden kann. Wenn die ungefähre Uhrzeit des Servers bekannt ist, zu dem eine bestimmte Session gestartet ist, kann man jedoch versuchen, die Session-ID zu erraten. Daher ist es wichtig, daß jede Anwendung einen anderen, geheimgehaltenen Prefix-String \u0026ldquo;geheim\u0026rdquo; als Salt für ihre Session-IDs verwendet.\nUm die Sessiondaten an einen Browser zu binden, muss bei jedem Request die Session-ID vom Browser mitgeschickt werden. Am einfachsten erreicht man dies mit Hilfes eines Session-Cookies, der im Browser gesetzt wird. Dies hat außerdem den Vorteil, daß die ID nicht Bestandteil der URL wird und daher auch nicht mit gebookmarked werden kann oder gar als Bestandteil einer URL mit abgedruckt wird.\nNimmt der Browser des Anwenders jedoch keine Cookies an, muss man sich auf eine andere Methode der Übergabe der ID zurückziehen, bei der die Session-ID mit in die URL eingebaut wird. Denkbar sind hier prinzipiell zwei Verfahren: Die ID kann entweder als GET-Parameter an die URL angehängt (http://www.kunde.de/index.php3?Example_Session=0d0a...) werden oder sie kann als Pfadkomponente mit in die URL eingebaut werden (http://www.kunde.de/Example_Session=0d0a../index.php3). Erstere Methode hat den Vorteil, direkt einsetzbar zu sein, letztere macht es notwendig, Name der Session und ID mit Hilfe von mod_rewrite aus der URL herauszuholen, um den Zugriff auf die Daten zu erlauben.\nDie Daten, die zu der Session gehören, müssen auf der Servermaschine auf irgendeine Weise gespeichert werden. PHP4 verwendet zu diesem Zweck ein Verzeichnis mit einer Datei pro Session, PHPLIB verwendet stattdessen traditionell eine Datenbank, kann aber seit Version 7 auch mit anderen Speichermethoden arbeiten, etwa mit einfachen Dateien, mit DBM-Datenbanken, mit einem LDAP-Server, oder mit Shared Memory. In jedem Fall sollten diese Speicher unter derselben administrativen Kontrolle stehen wie der Webserver, damit keine Trust Boundary überschritten wird.\nDatenquellen von außerhalb Nun kann eine Anwendung nur noch entweder die vorgegebene Session-ID verwenden oder die Session-ID verwerfen. Im ersten Fall funktioniert die Anwendung wie beabsichtigt, im zweiten Fall wird einfach eine neue Session gestartet und initialisiert. Beides sind definierte Zustände, die die Sicherheit des Systems nicht gefährden können und bei denen keinesfalls Daten aus einer Session in eine andere Session hinüberdiffundieren können.\nEinige Systeme zur Verwaltung von Sessions und Session-IDs merken sich zu jeder Session auch die IP-Nummer, aus der die Session kommt. Auf diese Weise soll verhindert werden, daß ein Angreifer eine Session-ID ausschnüffelt und mit dieser ID dann die Session übernimmt. In der Praxis ist dies jedoch keine gute Idee, weil sich die IP-Nummer, mit der eine Session an einem Browser erscheint, ändern kann. Dies ist zum Beispiel dann der Fall, wenn der Abrufer auf den Server über ein Netz von Proxyservern zugreift: Hier kann die vom Webserver gesehene IP-Nummer mit jedem Zugriff wechseln, je nach der Lastverteilung auf den Proxyservern. In dieser Situation befinden sich viele Benutzer im WiN, bei AOL und bei T-Online. Ebenfalls wechseln kann die IP-Nummer bei Benutzern, die per Dialup-PPP eine IP-Nummer dynamisch zugewiesen bekommen und bei denen sich die PPP-Verbindung kurzzeitig abgebaut hat.\nSobald sichergestellt ist, daß Daten nicht zwischen Sessions überspringen können, kann man daran gehen, die Wege zu sichern, auf denen Daten in eine Session übernommen werden können. In PHP gibt es prinzipiell die folgenden Wege, auf denen eine Anwendung Daten von jenseits der Trust Boundary übernehmen kann:\nals GET-Parameter als POST-Parameter als Cookie-Data GET- und POST-Parameter müssen bzw. können der Anwendung in codierter Form übergeben werden. Wenn die Daten von der Anwendung nicht ausschließlich in einer Standardform (nämlich decodiert) verarbeitet werden, kann es dazu kommen, daß es mehrere äquivalente Darstellungen derselben Werte gibt. Zum Beispiel sind \u0026ldquo;hello+world\u0026rdquo;, \u0026ldquo;hello%20world\u0026rdquo; und \u0026ldquo;hello world\u0026rdquo; drei äquivalente Darstellungen desselben Strings. Arbeitet man mit Stringoperationen auf solchen Daten, kann es zu Anomalien kommen, bei denen ein Suchmuster oder Substring in einem Fall auf die Daten paßt, in einem anderen Fall jedoch nicht. Es ist also wichtig, die Daten ggf. erst vollständig zu decodieren und dann erst Suchmuster und Stringerkennungen auf sie anzuwenden.\nGET-Parameter sind Bestandteil der URL und unterliegen daher denselben Beschränkungen wie URLs. Sie können keine Leerzeichen sowie gewisse Sonderzeichen nicht enthalten, und ihre Länge ist begrenzt - daher überhaupt die Notwendigkeit einer URL-Codierung und alternativer Darstellungen.\nPOST-Parameter werden wie unten gezeigt anders übermittelt, als Bestandteil des Body eines Requests, doch auch sie kommen codiert über die Leitung. Cookies werden als Cookie-Headerzeilen übermittelt.\nkris@valiant:/usr/doc/packages/netcat \u0026gt; netcat -l -p 8080 -v listening on [any] 8080 ... connect to [193.102.57.3] from valiant.koehntopp.de [193.102.57.3] 1433 POST / HTTP/1.0 Referer: http://valiant:8080/ Connection: Keep-Alive User-Agent: Mozilla/4.61 [en] (X11; U; Linux 2.2.10 i586) Host: valiant:8080 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* Accept-Encoding: gzip Accept-Language: German, de, en Accept-Charset: iso-8859-1,*,utf-8 Content-type: application/x-www-form-urlencoded Content-length: 19 probe=lala\u0026amp;amp;doit=los PHP importiert alle diese Eingaben defaultmäßig als globale Variablen in das Programm. Benötigte Decodierungen werden dabei automatisch vorgenommen, ggf. werden die Eingabewerte auch automatisch wieder für den Transfer in eine SQL-Datenbank codiert, falls magic_quotes_gpc konfiguriert ist (dies ist gelegentlich praktisch, aber meist unerwünscht). Zusätzlich werden alle Eingabedaten je nach Herkunft noch in die drei Hashes HTTP_GET_VARS[], HTTP_POST_VARS[] und HTTP_COOKIE_VARS[] einsortiert.\nPrinzipiell ist es möglich, daß ein GET-Parameter, ein POST-Parameter und ein Cookie dieselben Namen verwenden. Hier steht derjenige Wert in einer globalen Variablen zur Verfügung, der als letzter importiert wird. Die Reihenfolge des Imports kann man mit der Konfigurationsvariablen gpc_order bestimmen (Default ist \u0026ldquo;gpc\u0026rdquo;). In PHP4 und in PHPLIB überschreiben Sessionvariablen aus vertrauenswürdigen Quellen Werte, die per gpc aus einer nicht vertrauenswürdigen Quelle geholt wurden. Dadurch werden eine ganze Menge potentielle Sicherheitsprobleme vermieden.\nDateien und Upload Indem man ein Formular erzeugt, das mit der Methode \u0026ldquo;POST\u0026rdquo; submitted wird und das einen besonderen Encoding-Type hat, kann man auch Webformulare bauen, die den Upload von Dateien ermöglichen. Ein solches Formular sieht minimal so aus:\nkk@land:~ \u0026gt; netcat -l -p 8080 -v listening on [any] 8080 ... connect to [192.168.254.57] from lenz.intern.netuse.de [192.168.254.43] 2190 GET / HTTP/1.0 User-Agent: Mozilla/4.6 [en] (Linux; Alpha) Host: land:8080 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* Accept-Encoding: gzip Accept-Language: de-DE,de,en Accept-Charset: iso-8859-1,*,utf-8 \u0026lt;h1\u0026gt;Hallo\u0026lt;/h1\u0026gt; \u0026lt;form action=\u0026#34;http://land:8080/\u0026#34; method=post enctype=\u0026#34;multipart/form-data\u0026#34;\u0026gt; \u0026lt;input type=\u0026#34;file\u0026#34; name=\u0026#34;probe\u0026#34;\u0026gt; \u0026lt;input type=\u0026#34;submit\u0026#34; value=\u0026#34;los\u0026#34;\u0026gt; \u0026lt;/form\u0026gt; punt! In diesem Formular eingetragene Daten werden in Form eines MIME-Multipart-Dokumentes an den Server zurückübermittelt. Der Aufbau der Daten ist vergleichsweise kompliziert, aber zum Glück kümmert sich PHP um die Decodierung aller Daten:\nkk@land:~ \u0026gt; netcat -l -p 8080 -v listening on [any] 8080 ... connect to [192.168.254.57] from lenz.intern.netuse.de [192.168.254.43] 2193 POST / HTTP/1.0 Referer: http://land:8080/ User-Agent: Mozilla/4.6 [en] (Linux; Alpha) Host: land:8080 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* Accept-Encoding: gzip Accept-Language: de-DE,de,en Accept-Charset: iso-8859-1,*,utf-8 Content-type: multipart/form-data; boundary=---------------------------247491297412345 Content-Length: 225 -----------------------------247491297412345 Content-Disposition: form-data; name=\u0026#34;probe\u0026#34;; filename=\u0026#34;K:\\Kunden\\Netcologne\\probe.txt\u0026#34; Content-Type: text/plain Dateiinhalt -----------------------------247491297412345-- \u0026lt;h1\u0026gt;Danke.\u0026lt;/h1\u0026gt; punt! PHP verarbeitet diese Eingaben wie alle anderen Eingabedaten automatisch. Es legt die Datei in einem temporären Verzeichnis ab und stellen den Namen und die Größe der Datei in einigen Variablen zur Verfügung, deren Namen von dem Namen des \u0026lt;input type=\u0026quot;file\u0026quot;\u0026gt;-Tags abgeleitet werden: Für den Tagnamen probe werden diese Variablen erzeugt:\n$probe Name der Datei im temporären Verzeichnis auf dem Server. $probe_name Name der Datei auf dem System des Anwenders. $probe_size Größe der Datei in Bytes. $probe_type Typ der Datei als MIME-Type. Mithilfe der beiden PHP3-Konfigurationseinstellungen upload_tmp_dir und upload_max_filesize kann man serverseitig kontrollieren, wie groß die hoch geschickten Dateien maximal werden können und in welchem Verzeichnis sie abgelegt werden. Wenn man die Datei nach dem Ende der Seite behalten möchte, muss man sie kopieren oder umbenennen: PHP löscht die Upload-Datei am Ende der Seite. Ein Einstellen der Größenbegrenzung begrenzt jedoch nicht wirklich den Plattenplatz, der auf dem Server von PHP durch Fileupload verbraucht wird: Aus technischen Gründen muss PHP die Datei zunächst empfangen und kann sie erst dann verwerfen, wenn sie zu groß ist. Seit PHP 3.0.10 kann mehr als eine Datei pro Formular hochgeladen werden.\nEingabedaten dekontaminieren Eingabedaten, die aus einem Bereich mit niedrigem Vertrauen in einen Bereich mit höheren Vertrauen überwechseln, müssen auf Unbedenklichkeit geprüft werden. Es ist sonst möglich, die Eingabedaten zu verwenden, um auf der Webservermaschine Schaden anzurichten, der letztendlich bis zur Übernahme der Maschine (und weiterer Maschinen im selben Netz) durch Angreifer reichen kann.\nEin typisches Beispiel für Vertrauen in Daten aus einem nicht vertrauenswürdigen Bereich ist das folgende Script: Gegeben sei eine Funktion, die einen Datensatz des gerade angemeldeten Benutzers in einer Tabelle anzeigt.\n\u0026lt;? $db = new DB_Example; $db-\u0026gt;query(\u0026#34;select * from sometable where key = \u0026#39;$PHP_AUTH_USER\u0026#39;\u0026#34;); $db-\u0026gt;next_record(); ?\u0026gt; \u0026lt;form action=\u0026#34;doit.php3\u0026#34;\u0026gt;\u0026lt;table\u0026gt; \u0026lt;input type=\u0026#34;hidden\u0026#34; name=\u0026#34;f_key\u0026#34; value=\u0026#34;\u0026lt;? $db-\u0026gt;p(\u0026#34;key\u0026#34;) ?\u0026gt;\u0026#34;\u0026gt; \u0026lt;tr\u0026gt;\u0026lt;td\u0026gt;\u0026lt;input type=\u0026#34;text\u0026#34; name=\u0026#34;f_name\u0026#34; value=\u0026#34;\u0026lt;? $db-\u0026gt;p(\u0026#34;name\u0026#34;) ?\u0026gt;\u0026#34;\u0026gt;\u0026lt;/td\u0026gt;\u0026lt;/tr\u0026gt; \u0026lt;tr\u0026gt;\u0026lt;td\u0026gt;\u0026lt;input type=\u0026#34;text\u0026#34; name=\u0026#34;f_vorname\u0026#34; value=\u0026#34;\u0026lt;? $db-\u0026gt;p(\u0026#34;vorname\u0026#34;) ?\u0026gt;\u0026#34;\u0026gt;\u0026lt;/td\u0026gt;\u0026lt;/tr\u0026gt; \u0026lt;tr\u0026gt;\u0026lt;td\u0026gt;\u0026lt;input type=\u0026#34;text\u0026#34; name=\u0026#34;f_credits\u0026#34; value=\u0026#34;\u0026lt;? $db-\u0026gt;p(\u0026#34;credits\u0026#34;) ?\u0026gt;\u0026#34;\u0026gt;\u0026lt;/td\u0026gt;\u0026lt;/tr\u0026gt; \u0026lt;tr\u0026gt;\u0026lt;td align=\u0026#34;right\u0026#34;\u0026gt;\u0026lt;input type=\u0026#34;submit\u0026#34; name=\u0026#34;doit\u0026#34; value=\u0026#34;Absenden\u0026#34;\u0026gt;\u0026lt;/td\u0026gt;\u0026lt;/tr\u0026gt; \u0026lt;/table\u0026gt;\u0026lt;/form\u0026gt; In diesem Script wird eine Tabelle mit drei bearbeitbaren Eingabefeldern f_vorname, f_name und f_credits generiert. Die Selektionsbedingung im SQL sorgt dafür, daß nur der Datensatz des angemeldeten Benutzers angezeigt wird. Es wird jedoch auch ein Eingabefeld erzeugt, das den Namen des aktuellen Benutzers enthält. Übernimmt das Zielscript doit.php3 diese Daten ungeprüft, kann der bearbeitende Anwender einfach eine URL wie\nhttp://www.server.de/doit.php3?f_key=someuser\u0026amp;amp;f_name=some+name\u0026amp;amp;f_vorname=some+other+name\u0026amp;amp;f_credits=10000 abrufen und damit beliebige Datensätze bearbeiten. Das Script doit.php3 darf sich nicht darauf verlassen, daß der Inhalt von f_key, der zurückgesendet wird, derselbe Inhalt ist, der ursprünglich erzeugt wurde. Besser wäre es, den Wert von f_key auf der Serverseite zu halten (etwa als eine zu einer Session gehörende Variable) und nur die Werte f_vorname und f_name zu akzeptieren.\nEingabedaten, die aus einem Bereich niedrigen Vertrauens stammen, haben in einem Programm als giftig, als kontaminiert, zu gelten. Auch alle anderen Variablen, in denen aus kontaminierten Werten abgeleitete Werte abgelegt werden, sind automatisch als kontaminiert anzusehen. Am günstigsten ist es, alle nicht vertrauenswürdigen Daten durch eine Dekontaminierungsfunktion, einen Validator, zu schleusen und dann mit den sauberen Werten weiter zu arbeiten.\nDies kann zum Beispiel mit Code wie dem folgenden geschehen:\n\u0026lt;? // $key kommt aus der Session und ist automatisch gesetzt $vorname = check_alnumspace($f_vorname); $name = check_alnumspace($f_name); $credits = check_numeric($f_credits); ?\u0026gt; Die Funktionen check_alnumspace() und check_numeric() sind hier im Beispiel dann einfache Funktionen, die die Eingabedaten auf erlaubte Zeichen abprüfen.\n\u0026lt;? function check_alnumspace($in) { if (eregi(\u0026#34;[^a-zäöüß0-9 ]+\u0026#34;, $in) { return false; } return $in; } function check_numeric($in) { if (ereg(\u0026#34;[^0-9]\u0026#34;, $in) { return false; } return $in+0; } ?\u0026gt; Diese Beispielfunktionen liefern entweder den Eingabestring zurück, wenn dieser nur erlaubte Zeichen enthält oder den Wert false, falls der Eingabestring verdächtigt aussieht. Die Anwendung muss nun damit rechnen, daß die Felder $vorname, $name und $credits leer (false) sein können, kann sich aber darauf verlassen, daß die Strings das erwartete Aussehen haben, wenn sie nicht leer sind.\nEiner der größten Fehler, den man machen kann, ist es, die Eingabedaten nicht zu dekontaminieren und sie dann in eine Datenbank, eine Datei oder eine andere vertrauenswürdige Datenquelle zu schreiben. Nun werden nämlich alle Folgeanwendungen die nicht vertrauenswürdigen und ungeprüften Daten aus einer vertrauenswürdigen Datenquelle laden und ihnen ohne weitere Prüfung vertrauen.\n","date":"1999-10-15T00:00:00Z","href":"https://blog.koehntopp.info/1999/10/15/webserver-verstehen-und-tunen.html","tags":["lang_de","php","web"],"title":"Webserver verstehen und tunen"},{"categories":null,"content":"von Thomas Roessler und Kristian Köhntopp\nAm Rande der Konferenz Wizards of OS (1999) fand eine Anhörung des BMWi zum Thema \u0026ldquo;Open Source Software\u0026rdquo; statt. Dabei wurde der volkswirtschaftliche Nutzen von Open Source Software erörtert und es kam die Frage auf, ob man die Entwicklung von Open Source fördern könne, ohne gewachsene Strukturen zu zerstören und inwieweit dies sinnvoll wäre.\nDieses Papier entstand auf Initiative von Thomas Roessler und ich hatte Gelegenheit, einige Ideen und Vorschläge einzubringen. (Mitte/Ende 1999)\nThe Net is famous for changing rapidly, and being a rapid medium for discussion and innovation. The transaction costs over the net are low. The Net enables international, fast, and effective communication and cooperation.\nThis has various effects.\nE-commerce and the mythical web-year. Among the much-hyped e-merchants, it\u0026rsquo;s \u0026ldquo;be faster or perish\u0026rdquo;. Small organizations are generally faster and have less problems to fully exploit the low transaction costs offered by the Net, thus acquiring new, international markets, and endangering larger competitors\u0026rsquo; market positions.\nFree software. Over the last years, we are observing that Free Software which can be modified and shared by every user is gaining market impact. The average free software project has collaborators from all around the world, and it has been translated to at least a dozen languages, possibly including obscure and rarely-spoken ones. Typically, few if any of the participants have ever met in reality.\nSuch cooperations are made possible by the fact that the average home user can utilize a world-wide data network at moderate cost to share source code, experience, and thoughts.\nOrganizations which wish to work with the free software community should be prepared to act at similar speed and with similar efficiency as this community.\nIn the present document, we explore how funding and support mechanisms interact with the development model behind free software. We come to the conclusion that funding free software projects is difficult, and that standard funding procedures may not be suitable, since they impose transaction costs which are close to or possibly beyond the amount of funding which would actually be granted, and which are beyond what a free software project can invest.\nIn addition, we note that there are structural requirements for effective free software development. Political and financial support should try to address these requirements and make sure that the general climate which lets free software development flourish is preserved or even improved.\n1. Free software development 1.1 The Process Typical free software development starts with a small group of persons who try to solve specific problems, or want to realize an idea. This initial group will create fundamental, and probably running code which does at least solve some part of the initial problem.\nThis initial implementation is published on the Net. Others learn about it, find it useful or interesting, and start to either implement things which are generally to be done, or which are needed for their own applications. This way, the group using and maintaining the free software product will grow, in turn leading to great speed of development.\nRecent numerical evidence from the fetchmail project (which shows a logarithmic growth curve with time), and general experience indicates that, depending of the kind of free software product, development will eventually slow down or even come close to a halt, once certain objectives have been fulfilled.\nHowever, new ideas about how things can be done and what should be done may lead to the effect that certain dedicated individuals (and, later, groups) re-start rapid development of the whole project, or of certain parts.\nFor instance, in recent months, the person maintaining the IMAP modules of the Mutt e-mail client was very active, while most of the other code evolves slowly and is mostly stable - even in the branch called \u0026ldquo;unstable\u0026rdquo;.\n1.2 Case studies: KDE vs. Mozilla There are some things that can be learned from failed Open Source efforts, like for example the Mozilla project. While the Mozilla project is smaller than for example the KDE project, unlike KDE Mozilla is stagnating and does not attract developers. The project is missing self-assigned deadlines and does not deliver.\nThe Mozilla project started out with an existing codebase that was largely unreadable, underdocumented and incomplete, that is, the existing source did not even compile. Also, the project was stuffed with Netscape funded developers, which had more time and considerably better knowledge of the source than any outsider. The projects schedule had no milestones which produced a working and distributeable project, it had no incremental roadmap. And finally, there were no small code fragments which could stand alone and be handled by a single person. Instead the whole project consisted mainly of a single monolithic block of code which could only run as a whole.\nConsequently the Netscape funded developers outcoded and outwitted any volunteer programmers, making outside participiation hard and ungratifying. There were no small pieces of code outsiders could point at and say \u0026ldquo;this is my code, I have done this\u0026rdquo;. There were never great public releases which could be used to show off the product and be used to attract more developers, leveraging a \u0026ldquo;this could be your project, you could be part of this\u0026rdquo; effect. The center of the Mozilla effort was always the product, which was planned to be released like a Closed Source product with a big bang once it was finished. This changed later with the Mozilla Milestone releases M1-M9, but even these were not announced like product releases, but were handled much more quietly instead.\nCompare this to KDE, which is written in C++, too, and which has a similar or even larger size. KDE started as a (and still is) a spare time project of an ever growing group of volunteers. KDE releases often, and releases even unstable code if it compiles and seems to run. KDE does so with regular version numbers and press releases, even if the whole product hasn\u0026rsquo;t stabilized: Each KDE release contains subpackages which are considered stable and other that are optional and marked as experimental. The KDE project is highly compartmentalized and many people \u0026ldquo;own\u0026rdquo; a piece of KDE, working together in small groups with a high degree of interaction.\nIn fact Mozilla and KDE are perfect examples for how not to and how to manage Open Source projects: Unlike Mozilla, KDE acknowledges that the driving factor in an Open Source project are people and their interest into an evolving product, the 6 month KDE release cycle and the KDE subproject sizes are designed to take this into account.\n1.3 Key factors A large portion of the free software development currently going on is done by volunteers in their spare time. Even the K desktop environment (one of the largest free software projects), and the Debian GNU/Linux distribution are developed almost entirely by unpaid volunteers.\nWe have to ask ourselves what the key factors are when volunteers produce state-of-the-art software in their free time, often beating commercial software in efficiency, stability, and quality.\nWe identify three key factors:\nThe transaction costs for international collaboration and for publication of software are extremely low.\nThere is a sufficient reservoir of suitably educated persons who are able to design and write free software.\nThese persons must have sufficient time available, and must have the motivation to spend this time working on free software.\n2. Supporting activities Each of these key factors can be an object of supporting activities. We look at them in detail.\n2.1 Transaction costs As we noted above, transaction costs for Internet use are low, and falling. However, there are several factors which can lead to costs which are beyond free software developers\u0026rsquo; budgets.\nProjects may grow.\nKalle Dalheimer of the KDE project reports that the ressources of the machine which is used by the KDE project for source repositories and its automated version control system are completely used by this project. Originally, that machine had been bought by a University Department to do moderately computationally intensive jobs, and the KDE version control was a minor task performed using idle processor cycles and ressources. However, as the project grew, the university eventually donated the machine to the project.\nIn a similar fashion, projects may get into situations where testing equipment is required. For instance, the Debian GNU/Linux project is maintaining ports of its Linux distribution for various platforms. Machines matching these platforms have been donated to the project by various parties.\nIt should be noted that the ressources needed by these projects are still minor when compared to even the smallest enterprise\u0026rsquo;s IT investments.\nThe legal framework may lead to costs.\nThe legal system in which software is developed can lead to major cost issues which may turn out to be lethal for free software development. Politics which favors free software should try to avoid these factors.\nFor instance, a legal situation in which anyone who publishes software (free or not) has to do extensive and expensive patent research in order to avoid legal hassles and even higher costs would be anything but favorable to free software. It\u0026rsquo;s worth noting that the world\u0026rsquo;s second largets softwre corporation, Oracle, takes a position towards software patents which is astonishingly similar to the free software community\u0026rsquo;s. See the references section for details.\nExport controls may lead to similar consequences: When expensive and time-consuming administrative acts are necessary to get permission to publish software on the net or pass it on to other developers, projects may eventually come to a halt. Note that even the most moderate export control which is tolerable for almost any enterprise may turn out to lead to transaction costs fatal for free software projects.\n2.2 Generating a reservoir of sufficiently and properly educated persons. The notion of computer literacy on which school \u0026ldquo;computer science\u0026rdquo; teaching is based should not be the ability to use Microsoft Office programs. Instead, students should have an opportunity to learn about IT and programming concepts. In particular, they should be given the seed of knowledge and abilities needed to continue and extend studies on their own. This teaching has to be done at an early age to be really effective.\nIt should be noted that commercial software development environments are expensive and frequently beyond students\u0026rsquo; budgets. In practice, many students learn software development using pirated software. However, this is not necessary, given that free high-quality development environments do exist. These development environments prove effective in every-day practical use by the free software community.\nSchools should teach the use of these environments instead of using or even requiring commercial ones.\n2.3 Getting developers to do the work. First of all, when software developers are working actively and successfully, it may be a good idea to just let them do their work.\nIn some cases, there is an interest by certain industry or government bodies in the development of certain pieces of free software.\nWe can distinguish various well-defined objectives organizations may have:\nMaintain a system, and port it to possibly new environments. Implement a limited set of additional features which are needed or seem sensible to the funding party. Get a project off ground. Obviously, it\u0026rsquo;s easy to hire a professional at his usual rate, who will then perform a well-defined task. The results will then be made freely available by the hiring party.\nHowever, this is just traditional custom software development with a twist, and we will not further explore this path of thought. We only notice that the Free S/WAN project, a free implementation of the IPSEC protocol suite for the Linux kernel, is a sample sucess story for this approach.\nIn the next section, we address a possibly more typical situation: How can an established free software project be supported when there are no well-defined objectives.\n3. Funding a free software core team: requirements for sponsors. Things start to look different when organizations are observing a free software project which is currently in the hot phase of its development, and \u0026ldquo;simply\u0026rdquo; want to be helpful with this project. In most cases, the key participants to the project are voluntarily investing their free time.\nHiring external professionals which take over part of the project will have highly undesirable effects on the development process, since it may not be acceptable to the original software authors. If at all, this should be done with extreme care, and only when explicitly solicited by those who are actively working on the project.\nThus, the key developers themselves are the best suited recipients of funding.\nThere are several questions to be resolved in these cases: Do the key developers want to continue to work in their spare time only, without getting paid for it, but with all the freedom to do what they want? Would the key developers be able to invest more time or effort into the project when external funding has been established?\nObviously, funding only makes sense to the paying party when possible recipients are interested in it, and when there would at least be some gain in development speed or quality, assuming that the funding party does not have well-defined objectives which may be used to measure progress and quality.\nOne particular reason for establishing this kind of funding is when key developers may start to step back from active development due to lack of time and ressources. Funding may be extremely valuable to projects in such cases. Currently, one of the most common ways of sponsoring such persons seems to be to hire them and give them enough \u0026ldquo;free\u0026rdquo; time they can spend on their projects. Prominent examples for this practice include Linus Torvalds (Transmeta Corp; the Linux kernel) and Dirk Hohndel (SuSE; the XFree86 project).\nUnless limited to certain well-defined jobs like specific additional features or planable development steps like releases, or aimed at maintaining an active long-term project like the Linux kernel, funding must be started quickly to fit into most projects\u0026rsquo; \u0026ldquo;sensible general-purpose funding time window\u0026rdquo;. Thus, possible sponsors must be able to react quickly and flexibly to programmers\u0026rsquo; needs. The average administration\u0026rsquo;s procedures may take longer than the \u0026ldquo;hot phase\u0026rdquo; of the project to be sponsored.\nAfter all, there is no reason for most free software projects to stop activities until the funding is ready. This is a substantial difference from traditional software development, and from \u0026ldquo;traditional software development with a twist\u0026rdquo; as described above.\nGetting the fund-raising settled should not involve substantial transaction costs for either party. When a one-day meeting several hundred kilometers away from the funding target\u0026rsquo;s usual place is required just to get negotiations started, the possible funding target may not be willing to accept the transaction costs involved with train journeys or plane flights - they may actually be greater than the total transaction costs generated by the project to be sponsored so far, and may quite well be higher than costs for possibly sensible infrastructure investments such as backup systems, hard disks, or faster computers. (A 10GB hard disk is cheaper than a train trip from Bonn to Berlin and back.)\nFinally, in order to get some success control when there are no well-defined objectives, the sponsor should directly monitor the open development process. Evaluation of funding success after short time intervals may be a reasonable practice. On the other hand, requiring the set-up of a large organization on the programmers' side would introduce considerable costs and delays into the process which are not necessary or justified.\n4. Conclusions and summary The most valuable support for free software development in general is not directed. It is aimed at creating an environment in which free software development is possible, and encouraged.\nMost important, policy-makers must make sure that the legal environment does not add artificial transaction costs and delays to the free software development process, and encourages programmers to create and freely give away state-of-the-art software. Points which deserve particular attention are software patents and export control.\nSchool education on computer science should enable students to participate in actual projects. To do this, education on programming concepts and languages should be offered at an early stage.\nWhen funding of specific projects is desired, it should be done with great care, and should probably only be done upon request or when it\u0026rsquo;s obviously helpful. The organization providing the funding must match certain requirements. Most important, it must be able to act quickly and efficiently. It should be prepared to cope with requests which are far below the limit of conventional industry investments or government funding.\nIt is possible to centralize funding for infrastructural elements such as network bandwith, source repositories, bug tracking systems, and similar services. These services can easily be shared by multiple projects.\nReferences Eric S. Raymond, Trends in the fetchmail project\u0026rsquo;s growth., 1999-09-28, http://www.tuxedo.org/~esr/fetchmail/history.html . Oracle Corporation, Patent Policy. 1999-10-10, http://www.base.com/software-patents/statements/oracle.html . ","date":"1999-07-17T00:00:00Z","href":"https://blog.koehntopp.info/1999/07/17/oss-funding.html","tags":["lang_en","publication","internet"],"title":"Funding Open Source Projects"},{"categories":null,"content":"Version 1.3 (Revised 29-Sep-1999, Updates from Seth Finkelstein)\nRating does not work by Kristian and Marit Köhntopp Content rating models such as PICS have been proposed as a solution to the problem of unwanted, harmful or prohibited content on the Internet. This document contains a number of Theses which support the claim that any Internet Content Rating and Selection (ICR\u0026amp;S) scheme including PICS cannot work as advertised.\nTo our knowledge, most of the problems and objections here have not been addressed by PICS or any other ICR\u0026amp;S scheme.\nIdentifying the parties involved This section tries to identify the parties involved in the process of running and rating the web and their roles (see below to understand why we concentrate on the web). In small installations, a single person may impersonate multiple roles.\nServer side roles The content provider is the role which is responsible for all content of a document. Often the content provider is the creator of a document, but on the Internet it is common that a content provider only provides means to create content, and does not actually create the content on a site. Examples are discussion boards, search engines, live video feeds, and similar installations. Depending on the size of this content, it is entirely possible that the content provider does not have direct knowledge of all content on a site and that much content on a site is not reviewed nor endorsed by a content provider.\nThe presence provider or web hoster provides the means to serve this content to the Internet by running the machines, the server software, and maintaining a network connection.\nRecipient side roles An access provider runs the systems and network connections for the recipient of content. For small office and home use, this is currently often a dial-up service, a proxy server, and similar hard- and software.\nThe recipient is either a person to be protected against harmful content, or an adult, which still should be able to access harmful, but not prohibited, content. The recipient\u0026rsquo;s hard- and software is maintained by system services which is a separate department in a school or library situation, in an Internet Cafe, or within a company. The recipient\u0026rsquo;s system may be a single system or a network of systems with proxy servers and intranet servers.\nInternet Content Rating and Selection (ICR\u0026amp;S) roles Developers of rating systems define the dimensions of a rating system and create rules how to apply values along these dimensions to content. They promote their rating systems so that they become popular and are widely used.\nA rating service will apply the rating system and the rules that come with it to create ratings. These ratings, an identifier for the rated content, a date, an identifier for the rating source, and additional information (i.e. a checksum against the rated content and a digital signature) are collected to form a content label.\nContent filter vendors create software which can regulate access to content, depending on local settings (filtering rules) and content labels.\nContent filter control is often exercised by the party who controls a machine, that is, the adult party in a household, the dean of a school, the directorate of a library, and so on. These filter settings are then deployed, often by system services mentioned above, sometimes by an access provider located upstream.\nAttackers may be content providers, recipients, or other parties who want to communicate outside of the control of a filtering system.\nMethods for content selection Principle of Operation The basic idea behind Internet Content Rating and Selection is to attach a kind of machine-readable description, called a Content Label, to all Internet Content. The Content Label contains a set of ratings which make up a formal description of the rated content in a formally specified system of ratings. Finally, the recipient has to have a filtering mechanism before or on the recipients machine which allows or intercepts reception and display of requested content depending on the Content Label and some local configuration.\nTaxonomy of Rating Systems by Source of Rating The Content Labels may be provided by different parties. In Third Party Rating, a party that is neither the recipient nor the sender creates content labels and distributes them via a Label Bureau. Third Party Rating requires a method to uniquely identify content components, and Third Party Rating cannot be finer grained than this identification system. Currently, all identification systems are URL-based which implies that all Content Labels refer to either URLs or coarser grained objects (such as subtrees of a web server or an entire site).\nIn Second Party Rating, the recipient provides ratings and shares them with other recipients. This is sometimes referred to as a Community Rating process. Since the sharing of ratings again involves a Label Bureau, for the purpose of this discussion Third Party Rating and Second Party Rating can be treated alike.\nFirst Party Rating is different because here the sender provides a Content Label with the content itself. Usually, this label is embedded into the content or sent with the content. A Label Bureau is not needed in this context.\nTaxonomy of selection mechanisms by point of interception The selection process at the recipients end can either be implemented directly on the machine of the recipient, or it can be part of a proxy solution upstream of the recipients computer. In the latter scenario, the selection process will not happen on a machine controlled by the recipient and it is much more difficult to manipulate by the recipient. A proxy-based selection requires that the recipient is forced to use this particular proxy to be able to access content at all (otherwise the recipient could elect not to use a proxy at all or to use a different proxy) and that the content can be identified and read by the proxy.\nTheses Internet Content Rating and Selection applies only to the Web Internet Content Rating and Selection does apply properly only to the web, because of the little degree of interactivity and the large size of the communicated objects in the web. More interactive services or services with smaller objects are less likely to adopt such a system for content control with success. For example, USENET newsgroups are highly interactive and very fast communication channels with only little structure. The focus on discussion and contents, and the style of such discussions may change very quickly.\nUSENET articles are authored on the fly. Often they contain no keywords, subject lines of little use, or are inappropriately addressed. It is very unlikely that authors of USENET articles will take the time required to do proper First Party Rating for their articles, even if current USENET access programs offered such a feature.\nChatrooms and the Internet Relay Chat consist of even faster communication and no structure at all. IRC channels are often created on the fly and, unlike USENET, communication on IRC is not stored but only passed through by the servers. Also, the basic unit of communication in IRC is a single line of text which is much too small to rate properly. An IRC channel at any point in time is a very complex web of rapidly changing and overlapping individual and nonindividual communications that make up the overall tone and content of the channel.\nAlso, the public discussions in USENET newsgroups or IRC channels are only the publicly visible part of a much larger communication process which involves private communication by mailing lists, private e-mail, server based message communication, and direct client-client communication. Often the public communication channel is only used to meet other persons with similar interests, and then a more secluded communication channel is established.\nBecause of these properties of the more interactive communication mechanisms, Internet Content Rating and Selection will be ineffective in these type of media.\nLabeling content that is not harmful nor prohibited is a requirement but cannot be enforced The ultimate goal of Internet Content Rating and Selection is to make harmful content inaccessible to minors and make prohibited content inaccessible to all recipients on the Internet. Basically, it would be sufficient to label all harmful and prohibited content accordingly, so that it can be recognized and intercepted. For First Party Rating, this requires the cooperation of the provider of this content, so that the Label is being delivered with the content itself. For Third Party Rating, cooperation of the content provider would simplify the process enormously, for example by providing stable identifiers for the content or by organizing the content in a way that makes it easier accessible to quick and accurate rating.\nIt can be safely assumed that this kind of cooperation will not be available in many cases and that it specifically will not be available in the most severe cases where the content provider places content on the web with a malign purpose.\nThus, it is insufficient to block pages that are rated as containing harmful or prohibited content. Instead, all unrated pages must be blocked as well, so that the pages of non-cooperating content providers will be made inaccessible. In this case, the rating of harmful and prohibited content becomes a moot point because such content will be blocked automatically. The Internet as viewed from behind a filter will be immediately clean in such a scenario because it will initially contain no content at all. Clearly, this is not very attractive and most of the targeted audience for content filtering services will not tolerate such filters if large portions of harmless or valuable content will be made unavailable to them by the content filter.\nFor a Content Rating Solution, it becomes a requirement to provide Content Labels for non-objectionable content, so that at least some pages will be available to those persons behind the selection filter. Thus, all burden and cost of content rating, labelling, and label distribution is placed on the providers of perfectly legal, and in most cases, valueable content.\nThis situation is not different from, for example, the movie and video industry where a film without a rating is automatically rated as not suitable for minors (at least this is the case e.g. in Germany and the United States). Unlike the movie industry, many content providers have little or no incentive to have their content rated because in many cases they do not sell content or do not cater specifically to a younger audience. Specifically, we can expect the large commercial websites positioned towards a younger audience to provide content labels on a voluntary basis, while most private content and content not specifically geared towards a young audience will not have labels at all.\nConsequently, it may be necessary to enforce the provision of labels with content to make a sufficiently large portion of the Internet available to minors. Some content providers will probably try to evade such a requirement by providing a \u0026ldquo;safe\u0026rdquo; default rating, such as \u0026ldquo;harmful content, not suitable for minors\u0026rdquo;, because they do not want to do the work to properly evaluate and individually label their content. Others will do this because they are insecure about the correct rating for their content, and will rate their content more harmful as it actually is, just to be legally safe. For a requirement to provide labels to be effective, it may be necessary to treat the provision of a too high label just like the provision as a label that is too low.\nThis turns the situation perfectly upside down: To protect against harmful and prohibited content, all work and all legal liability is at the side of the well-behaved members of the community, while it is technically completely unnecessary for the providers of harmful content to do anything.\nIn some countries, rating your own content cannot be legally enforced (see below).\nEstablishing a metric invites a dysfunction A rating system for content is essentially a metric. The metric may have one (\u0026ldquo;suitable for age x\u0026rdquo;) or multiple dimensions (\u0026ldquo;contains sex x1, nudidity x2, violence x3 and language x4\u0026rdquo;), and within one dimension it may be non-ordered (\u0026ldquo;contains any of the following: smoking, gambling, drug abuse, violence as a method of conflict resolution\u0026rdquo;), ordered (\u0026ldquo;a violence rating of 3 means that there is more violence in a particular content than in a content with rating 2\u0026rdquo;), with discreet or continous values.\nA rating system is a cultural code, too, because with the dimensions and values provided with any such metric comes a decription on how to interpret and apply them. As a cultural code, a rating system cannot be objective or valid outside a specific culture. Specifying the dimensions of the rating system, for example, defines which issues can be addressed by a particular rating system. Issues and values outside of the dimensions of the rating system cannot be addressed, and are therefore inaccessible to reflective discussion within the space of the rating system. For the purpose of the rating system, such issues and values essentially do not exist.\nValues within the dimensions of the rating systems can be used to define proximity relationship if these values are ordered. Many people tend to think of content that is in close proximity as being similar, being of similar value, or promoting similar values. Some content providers insist that their content is not to be rated with some content rating systems because rating them with that particular system would place them into the proximity of other content they do not like, and with which they do not want to be lumped together [1][2]. For example, both hardcore pornographic bondage content and a documentation about torture methods in the holocaust would receive very similar content ratings within the RSACi rating system. The RSACi system is too coarse and has no appropriate dimensions to differentiate between these two types of content. More complex rating systems raise ease-of-use issues in First Party Rating situations, though. Also, more context sensitive rating systems raise other issues, too (see below).\nEstablishing a metric in a social context and granting rewards under this metric tends to create dysfunctional social systems. For example, measuring the efficiency of programmers by measuring the lines of code produced by them tends to work in favour of code that has been produced by cutting and pasting large segments of code. Such code is generally large, ineffective, and expensive to maintain. Thus, while the metric provides useful information when used short-term, it tends to work destructively when used for longer periods of time (Tom DeMarco, \u0026ldquo;Why does software cost so much?\u0026rdquo;, Essay 2). Essentially, degradation begins when the metric is used for a period long enough to allow for feedback loops.\nA classic dysfunctional metric that can be observed on the web is rating the efficiency of a banner ad on a web page by counting hits to that banner ad. Using this metric for a longer time tends to encourage people to put content on their pages that creates page impressions and to load many banner ads on such pages. The result is your average free porn page. It also encourages spamming search engines and the network with ads for a particular page to increase page impressions. The ultimate dysfunctional perversion is to load the page with JavaScript code that opens further pages with banner ads when the user tries to leave or close the page. While the banner ads are not recognized by the user, at best, and create a negative image for the product advertised, at worst, such pages do generate lots of hits on a counter and are therefore favoured by the metric.\nBecause cultural and moral values cannot be expressed and measured directly like volts and ohms, any such metric will show dysfunctional behaviour and finally invalidate itself when used for a longer time. Obvious examples are things like exempting news sites from the requirement to rate content to relieve them from the burden to provide ratings for rapidly changing pages - this will provoke providers of content that rates bad under any given rating system to present their content in the format of a news site to get the bonus of exemption. Similarly, exempting web discussion forums from a requirement to provide ratings will make badly rated sites to adapt and to chose a forum-like format.\nBecause of the inability to address cultural or moral values objectively and outside of the context of a particular culture or moral system, it would be only logical and very tempting to create context sensitive rating systems. Context sensitivity here goes two ways: it may rate a specific content component within the presentation context, and it may rate specific content within a specific cultural context.\nFor example, singular pornographic images may rate bad in a certain system, but a photomosaic(tm) of girlie-power icon Lara Croft consisting of lots of such images may rate good within the same system because of artistic value and the message promoted by this artwork. So while the individual photo may still rate bad, in this particular context of presentation it will rate good. Also, a photo of James Dean leaning against his car and smoking a cigarette may rate good in some cultural contexts by showing a celebrity in a pop-art context, and bad in others as promoting environmentally bad modes of transport and nicotine drug abuse, depending on the priority of values of the culture perceiving the image. These priorities may change within the same culture or even the same recipient, depending on fashion or even personal mood.\nWhat is more, only the process of filtering content which may appear as rating bad in a given context may actually create objectionable content in another context. For example, by suppressing all images which rate bad in one context there may be created a pattern that conveys a message of objectionable content [3].\nSo while context specific labelling is seductive as a way out of the dysfunctionality problem, it is also error prone, unenforceable (Would you please try to rate your web pages within the cultural context of the Amish People, the values of the current Nipponese, Spanish and Scandinavic societies?) and favouring one specific cultural context is of course an act of culture imperialism. It is also a value rating (\u0026ldquo;The context rating on your web page/for our web page in your rating service implies that you have authority to decide what Christian/Scientologian/Buddhist/\u0026hellip; values are and that our page is bad according to what you assert these values are.\u0026rdquo;) with all problems that come with such ratings, including a ton of liability issues.\nTranslating from one metric into another does not work Different metrics have different underlying cultural and moral value systems and different assumptions for judgement. Unlike algebraic spaces, the spaces created by such metrics cannot be mapped onto each other without loss (sometimes they cannot be mapped at all). Certain dimensions may not exist in the target metric and must be emulated. For example, it is impossible to translate the one-dimensional Video Standards Council metric for video films (\u0026ldquo;general viewing\u0026rdquo;, \u0026ldquo;PG\u0026rdquo;, \u0026ldquo;R\u0026rdquo;, \u0026hellip;) into the RSACi (integer numbers between 0 and 4 in each of the categories of Sex, Nudidity, Violence, and Language), even though the target systems seems to be more expressive, having more dimensions and values.\nSome proposals offer functionality that can be used to bundle presets in different rating systems into a single profile. For example, the PICSRules extension to the PICS system allows a user to define a single profile that contains an arbitrary number of selective criteria applied to different PICS compliant content ratings systems.\nA user of such a PICSRule may be able to view content that rates this-or-that under SafeSurf ratings or such-and-such under RSACi ratings. Using such a system may create the impression that the this-or-that SafeSurf rating and the such-and-such RSACi rating are equivalent and that it is therefore possible to map one system onto the other. This is a thouroughly false impression.\nWhat does work (in PICSRules) is to bundle arbitrary selective preferences into a profile, but this profile is in general (and probably in practice in most cases) not consistent or well-defined. Consider content that has been rated under two different rating systems and a majority of reviewers agreed in both cases that these ratings are correctly applied to this particular content. Assume further a recipient that is asked to define a filtering profile for his or her child in both of the rating systems reflecting the personal cultural values that this child should be able to expose itself to. Unless the page has a marginal rating (i.e. totally harmless or totally unacceptable), it will be common that the page will be rated accessible under one rating system, but inaccessible under the other, i.e. the ratings do not functionally map onto each other because of the different implied cultural values within the metric itself.\nE-commerce and ICR\u0026amp;S are natural adversaries The introduction of the Internet marks the ultimative shortening of the communication pipeline, completely industrializing the process of communication. Historically, the number of people and institutions involved in the production and reproduction of a specific publication has continually decreased. While many people had to copy each page of a book manually in medival times, the introduction of the printing press has dramatically simplified the process. The advent of DTP technology has further eliminated persons and institutions from this process by cutting out the typographer, the layouter, and the editor. Xerox technology has cut out printers for small editions.\nOn the Internet, all persons have been cut out except for the sender and the recipient. Production, reproduction and distribution of content are automated or controlled by either party. In many cases, content location has been automated, too, by using search engines, portal sites, web rings, or bookmark lists. In some cases, even content processing has been automated where automatic translation services, summary generator services, or XML postprocessing are already deployed, thus limiting the personal involvement of the receiver as well. Also, in cases where content is being produced automatically, such as in catalog systems, database driven web shops, or in community content systems like slashdot.org, the involvement of the sender in content creation is limited, too.\nThis does not mean that the absolute number of people involved in the creating or processing of content has decreased. In fact, there are many people needed to keep the Internet running and to update web content. But these people are no longer involved in a single specific project (working as craftsmen), instead they keep running a generalized infrastructure which is used to transport and produce many, many different works (they are working as industrial workers).\nE-commerce directly benefits from this, shortening supply and retail chains to a length of 1, or where processing is completely automated, even to a length of 0. E-commerce requires that concealed, tamperproof 1:1 communication is possible, i.e. that the infrastructure can be used to transport certain transactional data, but without the ability to gain knowledge of the actual transactional content, and without the ability to change that content.\nThis is essentially the opposite of the requirements for ICR\u0026amp;S, because ICR\u0026amp;S is all about gaining knowledge about the transported content and from case to case tampering with it (i.e. replacing the original content with a \u0026ldquo;this content is inaccessible\u0026rdquo; message). You cannot build secure e-commerce on any network that is capable of ICR\u0026amp;S and you cannot build functioning ICR\u0026amp;S on any network that provides secure e-commerce services - see below.\nProxy-based ICR\u0026amp;S cannot work in an E-commerce enabled environment In an installation where E-commerce is possible, it is impossible to successfully deploy proxy-based ICR\u0026amp;S, because at any time harmful or prohibited content can arrive in the form of E-commerce transactions, i.e. serving porn pages from an SSL server. The proxy cannot detect labels within such a connection because the entire connection is a military-grade encrypted, digitally signed, tamperproof connection pipe from within the browser program into the remote web server. Improvements in E-commerce, i.e. the wide deployment of S/WAN, IPsec and other services, will only worsen this situation.\nRecipient-based ICR\u0026amp;S can only work in a cooperative setting Because most current recipient platforms have no (Win 95, Win 98) or insufficient (Windows NT) local security, and because the recipient platform is generally under physical control of the recipient, there is essentially no way to keep the recipient from tampering with the installation of the selection mechanism.\nMost local content filters can be easily deactivated by setting a few registry keys, rewriting a line in an *.ini file, or by copying some original operating system files that have been replaced by the filter back into the system. The process only has to be reenginieered once and can then be automated, requiring no expertise at all from the user of such an automated attack tool.\nThird Party Rating cannot be based on URLs All widely deployed systems for ICR\u0026amp;S are currently using URLs to identify content and to tie their ratings to such content. This approach is basically broken because URLs do not map to content, not even in the case of static content.\nFor static pages, current webservers offer a lot of facilities to negotiate the actual content which is being served in response to a specific URL. In particular, serving language specific content is very popular. For example, the homepages of multinational projects (like the Debian Linux project, http://www.debian.org ) are negotiated based on the language preferences that were expressed with a HTTP request. Also, many pages serve different content, depending on the IP-address or domain the request originated from or customize their content depending on the current time [4].\nThe problem worsens when it comes to dynamically generated pages, where the actual webpage which the client receives never exists on the server, but is created just as it is requested. The contents of such a page may change from one request to the next, even if all other parameters are identical. The server may take any parameters into account when creating the page, including internal state (memory of previous requests). Because internal state is kept on the server only, it is impossible to fully describe all request parameters needed to recreate a specific content without thorough knowledge of the application running on that particular server.\nBut even if we have perfectly static, non-negotiated content, URLs are inadequate to address content. URLs describe storage display objects such as images and HTML pages, but content can be smaller or larger than such pages.\nFor example, the start page of any portal, news site or discussion forum contains many small, unrelated articles which are presented in overview form. Each individual article is a semantic unit with different properties regarding a rating system, but with URLs we can only address the whole page and assign a rating to the entire page.\nConversely, a page or a site may be pieced together from individual documents which form a greater semantic unit that deserves a certain rating only when viewed as a whole. This may be true, for example, for an AIDS information site or a holocaust memorial site which may contain texts and images that deserve a very different rating when taken out of their original context.\nHTML provides no mechanism to address subentities of a page or to address pages collectively. Some extentions to the XML specification will slightly improve this situation.\nThird Party Rating cannot keep up Third Party Rating is based on the assumption that a single database can list ratings for external pages, so that a recipient with an enabled filter can cover a large enough portion of the Internet for the net to become useful. Search engines work under a similar assumption, only they can automatically process and store pages, whereas proper content rating, being a process that involves moral and cultural evaluation and decision making, requires manual intervention. But a recent survey of search engines found that they cover only a small percentage of the web, ranging from 10% to 35% of all pages [5]. The survey also observed a strong growth in the general size of the web.\nThe problem is worsened for both ICR\u0026amp;S systems and search engines because there is no mechanism for web pages to notify indexing and rating services of a change. Web sites in general do not know which other services keep pointers to them and need to be notified of updates. Also, there is no mechanism to bind content identities to certain versions of that content, i.e. there is no way to work a modification date and/or a content checksum into a URL which designates certain content.\nThird Party Rating is also impossible for content that is available only after passing a password protection (closed user groups, [5] talks about a \u0026ldquo;publicly indexable Web\u0026rdquo;). Some closed user groups are not so closed after all, though: With a simple registration, the protected area opens up. In such cases, the password protection essentially keeps all automated content processors and some casual browsers outside.\nThird Party Rating creates privacy issues Third Party Rating raises the issue of label distribution without cooperation of the content provider, leading directly to the creation of Label Bureaus which can distribute labels for any content, independently from the distribution of the original content. Connection between the content which has been rated and the label is being made via some content identifier, currently usually URLs. Currently, in some ICR\u0026amp;S systems such as PICS, there are simple provisions to test if the content that has been rated and the content that is actually served are still identical. Such a test may be a check for the creation date of the content or the distribution of a MD5 checksum for the content with the label. Usually, these provisions are optional and in many existing implementations they are not being used, leaving the system without a check for label validity (This should really be another headline, \u0026ldquo;Current implementations generally suck\u0026rdquo;).\nTo get labels from a Label Bureau, the client system has to ask the Label Bureau each time a piece of content is being requested. Because it can be expected that the Label Bureaus provides its services for money, we can assume that each of these requests is identified and authenticated, so that the Label Bureau can charge for its services. Label Bureaus will therefore automatically get large and detailed trails of all requests a certain user creates while surfing the web, creating a large user profile of (identity, time, URL) triples.\nThird Party Rating has no standard complaints procedure In Third Pary Rating, some group essentially applies a set of ratings to web content which directly influences the reach this content will have. Current implementations, such as PICS compliant systems, define how such a rating may be applied to web pages technically, but they define no standard procedures for rating services and labelling bureaus at all.\nIn current implementations, there is no standard procedure with which a content provider is being notified that content has been rated or on which grounds these ratings have been established. In fact, some (usually propietary, non-PICS) rating services do not expose their rating criteria for public inspection or even encrypt their ratings in trying to hide which services they disapprove of [6]. These services often argue that this procedure is necessary so that their rating service cannot be inverted, i.e. turned into a search engine for objectionable content. Decryption of such rating files invariably showed questionable or overly broad ratings, though. For example, in such rating files it is common to find blocking entries for websites that are critic of ICR\u0026amp;S or of this particular rating service. Also, there are often very vague and general blocking entries to be found, for example wildcard blocks for anything that has the letters \u0026ldquo;xxx\u0026rdquo; or \u0026ldquo;sex\u0026rdquo; in an URL [7].\nEven if a content provider is being notfied that some content has been rated, there is no standard complaints procedure with which a content provider can go against a rating that he feels to be inadequate. Also, the whole rating process is intransparent and inaccessible to revision: there are no standard provisions that enable any involved party to detect why false ratings have been created: Was it a true false rating, a storage problem, a transmission problem, or a misconfiguration? On the other hand, false filtering can have substantial financial impact or can be equivalent to libel.\nFirst Party Rating cannot be enforced In the United States, certain First Amendment rights allow a content provider to not rate own content. Similar rights exist in other legislations.\nBut blocking unrated content unconditionally is open to unexplored civil damages issues.\nFirst Party Rating does not scale down the problem enough First Party Rating is basically a way to scale down the problem of Third Party Rating by one or two orders of magnitude.\nThird Party Rating cannot keep up with the change of the web because of the sheer number of pages and because there is no way for content providers to communicate changes to Third Parties (see above).\nFirst Party Rating puts the burden of rating content onto the content providers themselves which is good because it will automatically solve the problem of communicating changes. First Party Ratings must be controlled and validated, though, because a First Party will rate with a bias to promote own interests.\nThus, First Party Rating can be viewed as a mechanism to scale down the rating problem. Instead of n pages of content that have to be rated, a supervising authority now has the problem of controlling the correctness of ratings provided by m rating providers. We can only guess the relation of n:m, but we assume it to be in the range of approximately 100. m would still be a multi-million number.\nLabels need to be tamperproof and tamperproof labels are expensive Labels need to be tamperproof for two reasons. The first is LabelWasher, an imaginary sister program to WebWasher [8]. While WebWasher, JunkBuster and similar programs filter content to remove banner ad pages and malicious JavaScript code for advertisement free surfing, replacing the removed content with harmless dummy content, LabelWasher would do the same with content labels. That is, LabelWasher would remove content labels from incoming content and replace these labels with fake standard labels which rate this content as harmless.\nThe second reason for tamperproof, digitally signed labels is that the central authority controlling all First Party Raters has to have an instrument to put pressure on First Parties that do not rate according to the rating guidelines. The central authority would revoke the certificate needed to generate digitally signed labels from such parties, rendering all labels generated by them invalid.\nGenerating and administering a multi-million number of digital signatures is expensive, even if such signatures are low security (unfit to sign monetary transactions). Someone has to provide a database of all certificates issued, to verify identities of applications so that banned First Parties cannot apply again for a new certificate, and to perform all other administrative duties that come with running a certificate authority. Even if the cost for an individual certificate can be kept low, the other factor in the equation is still a multi-million number.a\nWildcard labels cannot be checksummed A content checksum always applies to a distinct piece of content. A wildcard label such as \u0026ldquo;all content below http://www.site.de/ *\u0026rdquo; applies to an arbitrary number of pages with arbitrary content below a certain base URL. There is no way to calculate a checksum on such content, greatly diminishing the value of a tamperproof label: Without checksums and timestamps, it is impossible to determine which specific content the label was applied to.\nContent rating cannot keep up with dynamic content creation Dynamic content creation just gets faster and is often a parallel process. Examples for parallel content creation are discussion forum sites such as Slashdot (http://slashdot.org ), news sites such as CNN or Reuters, or catalogue and bidding systems such as eBay. Examples for fast content creation are the many live feeds for multimedia data into the Internet, such as live cameras (http://jennicam.org ) and live audio feeds.\nIt is impossible for these sites to rate their content, even with a general rating that applies to the whole site, because the content on the sites changes much faster than even First Party Raters can react and because in this case the First Party sometimes does not even have full control over the content on their own site.\nOn the other hand, exemption from rating for such sites will quickly generate dysfunctional behaviour and it will also violate the principle of equal treatment.\nDynamically creating content labels is expensive in current implementations The Multipurpose Internet Media Enhancements (MIME) standard goes at great length to allow single pass implementation for reading and writing content. This is necessary so that dynamic content generators can read and write multimedia files, which are often very large, without buffering.\nCurrent implementations of ICR\u0026amp;S systems ignore this requirement. They require content labels to be sent /before/ the actual content within the HTTP header, or to be part of the HTML document header. If the content label has to include a content checksum and a digital signature or even if it is just being generated dynamically, the label can only be generated after the actual content has been written. Content generation now becomes a two pass process, in which the content generator first writes out the actual content, creating the content checksum and the digital signature, and then begins sending content label and checksum first, then the actual content.\nBuffer sizes for a busy site can easily become gigantic. For example, the Slashdot site generates much content dynamically at request time. A Slashdot page can easily be as large as 200 KB, depending on the number of discussion entries on such a page. Assuming ISDN transfer speeds, sending such a page consumes approximately 25 seconds. Slashdot can easily have 100 to 200 requests per second, or 2500 to 5000 simultaneous connections. Simple multiplication shows that this will consume between 500 and 1000 MB of buffer space in the form of either RAM or harddisk bandwith (the problem with disk buffers is often not space, but read/write capacity). For Slashdot, dynamic content with digitally signed content labels translates easily into twice the hardware it has now.\nStreaming media is potentially infinite in length, so checksumming becomes a much more complicated process because checksums can only be calculated for chunks of data and must be embedded into a multimedia stream. This requires that the multimedia format used anticipates the need for such a feature or must be redefined (i.e. existing software must be rewritten). Another problem occurs with compound content in which some components are optional. Conventional checksums don\u0026rsquo;t work in this situation.\nFinally, sending Content Labels after the content is not a good solution performancewise, either: It increases latency on the client side (that is, the PICS designers put the label before the content for a reason). When a client downloads content from the web, it has to decide whether to display the content or not. The client can only decide this after it has seen the label for that content. If sending the label is being delayed until after the actual content has been sent, building the display will substantially slow down because the client has to hold back content until it has seen the label for it. Incremental building of a display, as it is customary in current browsers, is out of the question in such cases. Besides, it will be frustrating and expensive for users if their client downloads a large file, only to decide to throw it away after the download has been completed due to the label for that content.\nICR\u0026amp;S systems may make error diagnosis more complicated and will decrease performance The filtering component of an ICR\u0026amp;S system will most definitely add more components to an already overly complex platform. Adding such a filtering component will make debugging more complicated, even more so if the filtering component is designed to operate in stealth mode. In such cases it will become very difficult for support services to determine if a user encountered a true error or if a filtering component intercepted a download.\nIn the case of third party rating, the label bureau is a single point of failure: without access to the label bureau, no access to the network will be granted. The label bureau may also become a performance bottleneck.\nDesign changes at the local platform are necessary to enable mixed use (filtering and non-filtering) of that platform. For example, private web caches have to be redesigned. All current browsers have such caches and they are generally accessible via the filesystem with typically no access control. As a result, it is currently possible for somebody to access information directly in the web cache, which would not be available via a web browser due to it\u0026rsquo;s content label. Also, to associate certain access rights with certain users, it is necessary to identify that user. That is, user authentication (a login prompt) becomes mandatory on systems where ICR\u0026amp;S is being deployed.\nFalse application Problems exist at the filtering end of an ICR\u0026amp;S system, too. For example, on systems that see mixed use by minors and adults, it is highly probable that the adult user will not see indicators that an ICR\u0026amp;S system is active, and will get only limited access to web ressources. Alternatively, that person may perhaps see indicators showing that access is limited but is unable to turn the filtering system off because the password is not available to that person, or because the system is to difficult to figure out for that particular person.\nIn many jurisdictions (e.g. in Germany) making use of a constitutional right so difficult that persons will no longer make use of this particular right is equivalent to illegally limiting that right. This implies that the filtering component of an ICR\u0026amp;S system must clearly signal its presence to the user and must clearly advertise instructions on how it can be turned off.\nAlso, ICR\u0026amp;S that are difficult to turn off are unlikely to be accepted by users on systems that see mixed use. Things that become inconvenient are simply deinstalled.\nFalse positives destroy trust in ICR\u0026amp;S and in the Internet For an ICR\u0026amp;S system to be effective and trustworthy, it has to give access to a large number of pages, and it has to have a very low number of false positives. That is, it must not block pages which are essentially harmless due to wildcard labels to falsely applied labels. This implies that a large number of ratings must be created, and that these ratings should rather be too low than too high. It is highly unlikely (at least it seems so to the author) that any of this will be the case in the current hysteria and with the current legal situation.\nA high number of false positives will not only create the impression of an unreliable and untrustworthy ICR\u0026amp;S system, but it will also undermine trust into the Internet as a reliable platform for communication of political ideas and social processes. If ICR\u0026amp;S systems are being publicly perceived primarily as a tool to leverage political or commerical interests, their value as a tool for the protection of minors is gone. This implies that ICR\u0026amp;S systems must have some mechanism to defend themselves against such an attack.\nIf we deploy now anyway, what do we get? Summarizing the problems mentioned above inherent to ICR\u0026amp;S in general, and to current implementations such as PICS compliant add-ons to browsers, we can say that we cannot safely deploy an ICR\u0026amp;S systems on a wide scale and get anything remotely resembling protection of minors. Apart from technical issues, which are surprisingly hard to solve for a problem that seems to be trivial when approached first time, there are even more legal and management issues to solve before ICR\u0026amp;S systems can be deployed successfully. Most of these problems have not yet been tackled, some even have been left out deliberately up to now. Even if all the issues mentioned in this paper had been addressed by some system, the values of such a system will be questionable: It certainly is possible to deploy ICR\u0026amp;S systems which filter /something/ for /some/ people, but it highly unlikely that these systems will be effective, that is, that they filter /most things/ /correctly/ for /most people/.\n[1]: http://www.msen.com/~weinberg/rating.htm , \u0026ldquo;Rating the Internet\u0026rdquo;: \u0026lsquo;Jonathan Wallace, thus, in an article called \u0026ldquo;Why I Will Not Rate My Site\u0026rdquo; asks how he is to rate \u0026ldquo;An Auschwitz Alphabet\u0026rdquo;, his powerful and deeply chilling work of reportage on the Holocaust. The work contains descriptions of violence done to camp inmates\u0026rsquo; sexual organs. A self-rating system, Wallace fears, would likely force him to choose between the unsatisfactory alternatives of labeling his work as suitable for all ages, on the one hand, or \u0026ldquo;lump[ing it] together with the Hot Nude Woman page\u0026rdquo; on the other. It seems to me that at least some of the rating services problems\u0026rsquo; in assigning ratings to individual documents are inherent. It is the nature of the process that no ratings can classify documents in a perfectly satisfactory manner, and this theoretical inadequacy has important real-world consequences.\u0026rsquo;\n[2]: http://www.dcia.com/cyberbur.html , \u0026ldquo;Fahrenheit 451.2: Is Cyberspace Burning?\u0026rdquo;: \u0026lsquo;Kiyoshi Kuromiya, founder and sole operator of Critical Path Aids Project, has a web site that includes safer sex information written in street language with explicit diagrams, in order to reach the widest possible audience. Kuromiya doesn\u0026rsquo;t want to apply the rating \u0026ldquo;crude\u0026rdquo; or \u0026ldquo;explicit\u0026rdquo; to his speech, but if he doesn\u0026rsquo;t, his site will be blocked as an unrated site. If he does rate, his speech will be lumped in with \u0026ldquo;pornography\u0026rdquo; and blocked from view. Under either choice, Kuromiya has been effectively blocked from reaching a large portion of his intended audience ­ teenage Internet users ­ as well as adults. [ \u0026hellip; ] Kuromiya could distribute the same material in print form on any street corner or in any bookstore without worrying about having to rate it. In fact, a number of Supreme Court cases have established that the First Amendment does not allow government to compel speakers to say something they don\u0026rsquo;t want to say - and that includes pejorative ratings.\u0026rsquo;\n[3] : http://www.mit.edu/activities/safe/labelling/0198f1.html where Lars Kongshem quotes a case where the program CYBERsitter suppresses the word \u0026ldquo;homosexual\u0026rdquo; on a screen display. Thus, the sentence \u0026ldquo;The Catholic church is opposed to all homosexual marriages.\u0026rdquo; is shown as \u0026ldquo;The Catholic church is opposed to all marriages.\u0026rdquo; on screen. [4] : Documentation for the Apache Web Server, mod_negotation Module, http://www.apache.org/manual/mod_negotation.html , mod_mime Module, http://www.apache.org/manual/mod_mime.html . Both modules enable the server to deliver different static pages for the same URL, depending on other information that is part of the browsers request and that is /not/ part of the URL. It is the URL though, which ties a thrid party rating to a specific page.\n[5] : http://www.neci.nj.nec.com/homepages/lawrence/websize.html \u0026ldquo;An estimated lower bound on the size of the indexable Web is 320 million pages.\u0026rdquo;\n\u0026ldquo;The coverage of the major Web search engines investigated varies by an order of magnitude (variation will differ for different queries, e.g. more popular queries).\u0026rdquo;\n\u0026ldquo;The major Web search engines index only a fraction of the total number of documents on the Web. No engines indexes more than about one third of the \u0026ldquo;publicly indexable Web\u0026rdquo;.\u0026rdquo;\n[6] : http://cgi.pathfinder.com/netly/spoofcentral/censored/index.html The Censorware Search Engine was helpful to check blacklists in commercial products which do not expose their blocking criteria. Seth Finkelstein reported this URL as being \u0026ldquo;gone and never coming back. The person who ran it lost the trust of almost everyone who does censorware-analysis work.\u0026rdquo;. Some vendors provide similar services on their websites, e.g. http://www.cyberpatrol.com/cybernot/ for CyberPatrol. [7] : http://catless.ncl.ac.uk/Risks/18.07.html#subj3 , Clive Feather reported comp.risks digest 18.07 of 17-Apr-1996 that AOL blocks the name of the small british town \u0026ldquo;Scunthorpe\u0026rdquo;, forcing inhabitants of that town to register as being from \u0026ldquo;Sconthorpe\u0026rdquo; http://www.liii.com/~just4fun/news/article1.htm reports an incident where material of writer Anne Sexton is being blocked, because her name matches the string \u0026ldquo;sex\u0026rdquo;.\n[8] : http://www.siemens.de/servers/wwash/wwash_us.htm \u0026ldquo;WebWasher® is a browser add-on that accelerates the navigation on the Web. The software runs on PCs or servers. [It r]emoves advertising on Web pages while you surf, Filters pop-up windows, animated images, referer.\u0026rdquo;\nhttp://www.anonymizer.com/ offers services like\nAnonymizer URL Encryption - Beta: Extra Protection for the connection between your computer and our servers Anonymizer Window Washer by Webroot: Preserve your privacy \u0026 hide your tracks! Cleans your browser history and more... [9] : http://censorware.org/reports/ and http://www.peacefire.org/ contain a lot of information on conduct of Rating Services and Label Bureaus in general. [10]: A. A. Pitman, Scientific and Technological Options Assessment (STOA): \u0026ldquo;Feasibility of censoring and jamming pornography and racism in informatics, Draft Final Report, PE 166 658, Luxemburg, May 1997. Some parts quoted in http://www.inet-one.com/cypherpunks/dir.97.08.28-97.09.03/msg00149.html [11] : http://www.research.att.com/projects/tech4kids/ Lorrie Faith Cranor, Paul Resnick, Danielle Gallo: \u0026ldquo;Technology Inventory: A Catalog of Tools that Support Parents\u0026rsquo; Ability to Choose Online Content Appropriate for their Children\u0026rdquo;, December 1997, revised September 1998\n[12] : http://www.usembassy-china.gov/english/sandt/Inetcawb.htm \u0026ldquo;Political Security: A Closed or an Open Internet - The Great Red Firewall of China\u0026rdquo;, Brian Ristuccia, 31-Jul-1998: [13] : http://www.freshmeat.net/appindex/1998/07/31/901899756.html \u0026ldquo;Anti-Filtering-Proxy-Proxy: httpd-afpp is designed to defeat the site-blocking fuctionality of censorware and filtering-proxies. The user first visits a site running the Anti-Filtering-Proxy-Proxy. Assuming this site is not blocked by the local filtering-proxy or censorware, the user is then free to browse any other web sites free of filtering-proxy or censorware restrictions.\u0026rdquo;,\n[14] : http://www.noie.gov.au/reports/blocking.html Philip McCrea, Bob Smart, Mark Andrews: Blocking Content on the Internet: a Technical Perspective; Australia, June 1998,\n[15] : Gerry Miller, Gerri Sinclair, David Sutherland, Julie Zilber: Regulation of the Internet - A Technological Perspective; Canada, March 1999 [16] : Technical Framework and Background:\nhttp://w3c.org/PICS/ http://w3c.org/RDF/ http://w3c.org/DSig/ http://w3c.org/P3P/ http://mephisto.inf.tu-dresden.de/RESEARCH/ssonet/ssonet_eng.html [17] : http://www.iid.de/iukdg/carnegie_e.html \u0026ldquo;Misuse of International Data Networks\u0026rdquo; Report submitted by the Expert Group to G8 Ministers and Chief Advisors of Science and Technology (Carnegie Group)\n[18] : http://www2.echo.lu/legal/en/internet/communic.html \u0026ldquo;Illegal and harmful content on the Internet\u0026rdquo; http://www2.echo.lu/legal/en/internet/wp2en.html \u0026ldquo;Illegal and harmful content on the Internet Interim report on Initiatives in EU Member States with respect to Combating\u0026rdquo;, Version 7, (June 4, 1997) http://www2.echo.lu/legal/de/internet/resolde.html \u0026ldquo;ENTSCHLIESSUNG DES RATES ZU ILLEGALEN UND SCHÄDLICHEN INHALTEN IM INTERNET\u0026rdquo;\n[19]: http://www.securitysearch.net/search/papers/bsaprobs.htm \u0026ldquo;Key Legal and Technical Problems with the Broadcasting Services Amendment (Online Services) Bill 1999\u0026rdquo; (Australia) http://www.gtlaw.com.au/pubs/newdarkage.html \u0026ldquo;Censorship and Amendments to the Broadcasting Services Act\u0026rdquo; (Australia, April 1999) [20]: http://www.aclu.org/issues/cyber/burning.html \u0026ldquo;Fahrenheit 451.2: Is Cyberspace Burning? How Rating and Blocking Proposals May Torch Free Speech on the Internet\u0026rdquo; [21]: http://www.internetwatch.org.uk/ \u0026ldquo;The Internet Watch Foundation (IWF) was launched in late September 1996o address the problem of illegal material on the Internet, with particular reference to child pornography.\u0026rdquo; [22]: http://www.koehntopp.de/kris/artikel/blocking/index.en.html Kristian Köhntopp, Marit Köhntopp, Martin Seeger: \u0026ldquo;Blocking of Material on the Internet: Questions and Answers - A systematic analysis of the \u0026ldquo;censorship debate\u0026rdquo;; Kiel, Germany, May 1997 The article discusses non-PICS methods of blocking content and why they do create even more harm than PICS. It serves as an introduction to this article.\n","date":"1999-05-01T00:00:00Z","href":"https://blog.koehntopp.info/1999/05/01/rating-does-not-work.html","tags":["lang_de","publication","internet","jugendschutz"],"title":"Rating does not work"},{"categories":null,"content":"Dieser Text bildet Kapitel 24 von php, dynamische webautritte professionell realisieren. Er ist mit dem 3. Reprint der 1. Auflage dazugekommen. Für Besitzer älterer Versionen dieses Buches stelle ich den Text hier zur Verfügung (April 1999)\nPHPLIB Überblick und Installation Was leistet PHPLIB? PHPLIB ist eine Sammlung von in PHP3 geschriebenen Klassen, mit denen eine Reihe von Aufgaben gelöst werden können, die bei der Entwicklung von webgestützten Anwendungen sehr häufig auftreten.\nUrsprünglich stand hinter der Entwicklung von PHPLIB der Wunsch, Variablen in PHP zu schaffen, die eine längere Gültigkeitsdauer als eine Webseite haben, die also automatisch von Seite zu Seite weitergereicht werden.\nDie Klasse Session der Bibliothek realisiert dies, indem sie jeden Zugreifer auf eine Webanwendung mit einer eindeutigen Kennung versieht und diese Kennung dann auf unterschiedliche Weise von Seite zu Seite weitergibt. Bei jedem Zugriff auf eine Seite wird ein Satz Variablen, der zu dieser Kennung gehört, aus einem festen Datenspeicher geladen und am Ende der Seite auch dort wieder gespeichert. Ein solcher Satz Variablen heißt in der Terminologie von PHPLIB \u0026ldquo;Session\u0026rdquo; und die von PHPLIB verwaltete Kennung heißt \u0026ldquo;Session-ID\u0026rdquo;.\nDer Datenspeicher, der von PHPLIB verwendet wird, war ursprünglich eine SQL-Datenbank, aber seit Version 7 von PHPLIB können auch andere Speicher, zum Beispiel DBM-Dateien, LDAP-Server oder ein Shared Memory-Segment verwendet werden.\nDa PHPLIB ursprünglich ausschließlich SQL-Datenbank als Speicher verwendet hat, war es schon recht bald notwendig, die Bibliothek an unterschiedliche Datenbanken anzupassen. Aus dieser Notwendigkeit heraus wurde eine Klasse DB_SQL zum Zugriff auf solche Datenbanken entwickelt, die ein einheitliches, datenbankunabhängiges Interface zum Zugriff auf diese Datenbanken zur Verfügung stellt. Diese Klasse ist sogar so flexibel, daß sie vollkommen unabhängig von PHPLIB verwendet werden kann - selbst wenn man eine Anwendung ohne Sessions, aber mit Datenbanken entwickelt, ist es also sinnvoll, diese Klasse zum Zugriff auf die Datenbank zu verwenden: Einerseits gewinnt man so mehr Flexibilität beim Zugriff auf die Datenbank, andererseits ist auf diese Weise die Umrüstung der Anwendung auf PHPLIB sehr viel einfacher.\nMit der Entwicklung von PHPLIB kamen recht schnell weitere Fertigkeiten dazu. Wenn man Sessionvariablen hat, ist es zum Beispiel recht einfach, sich daran zu erinnern, ob ein Anwender sich schon einmal eingeloggt hat und wann das war. Auf diese Weise kann man Webseiten recht einfach mit Benutzerkennungen und Paßworten schützen, ganz ähnlich wie mit .htaccess-Dateien und HTTP-Authentisierung.\nAnders als bei HTTP-Authentisierung hat man bei der von PHPLIB-Klasse Auth verwendeten Zugangskontrolle jedoch viel mehr Kontrolle über das Aussehen des Anmeldebildschirmes: Es ist eine normale Webseite, die Bedienungshinweise, ein Firmenlogo und Online-Hilfe enthalten kann. Man hat außerdem auch viel mehr Kontrolle über die Anmeldung selbst: Man kann Anwender gezielt oder zeitgesteuert automatisch wieder ausloggen, man kann die Benutzereingaben gegen beliebige SQL-, LDAP-, NIS- oder NT PDC-Datenbanken mit Paßworten authentisieren und man ist nicht darauf angewiesen, daß ein Benutzer durch einen Benutzernamen identifiziert wird, sondern kann sich beliebige Schemata ausdenken (E-Mail Adressen, Vorname/Nachname/Telefon oder was immer passend ist). Außerdem hat man auch Einfluß auf die Übertragung der Anmeldedaten vom Anwender zum Webserver und kann dort kryptographische Methoden einsetzen, um eine Übertragung von Klartext-Paßworten zu vermeiden. Zu einem Benutzer gehören auch Benutzerrechte und so bekam PHPLIB zusätzlich eine Klasse Perm zur Verwaltung von Zugriffsrechten.\nDie letzte Erweiterung der Kernfunktionen von PHPLIB war dann die Schaffung von Variablen, die nicht mehr an eine Session-ID gebunden waren, sondern an eine Benutzerkennung. Die PHPLIB-Klasse User bedient sich ganz genauso wie eine Session, nur daß die nach einer Benutzeranmeldung Daten verwalten kann, die zu dem Login des Benutzers gehören. Auf diese Weise ist es sehr leicht, personalisierte Websites zu erzeugen, die sich erinnern, welche Voreinstellungen ein Benutzer das letzte Mal getroffen hatte und die diese Einstellungen wiederverwenden.\nWährend die Funktionen oben zur Kernfunktionalität von PHPLIB gehören, die von fast jeder Anwendung mit PHPLIB benötigt wird, ist der Funktionsreichtum der Bibliothek damit noch lange nicht erschöpft. Eine Reihe von weiteren Klassen bietet Funktionen, die optional dazugenommen werden kann, wenn die Anwendung Bedarf daran hat und die dem Entwickler viele arbeits- und codieraufwendunge Dinge abnehmen können. Die Klasse Cart zum Beispiel realisiert einen einfachen Warenkorb, der zusammen mit einer Artikeltabelle in einer Datenbank leicht zu einem einfachen Shopsystem erweitert werden kann.\nAndere Klassen generieren immer wieder benötigte Strukturen in HTML: Table kann in Zusammenhang mit Arrays oder Datenbank-Resultaten fertige Tabellen generieren, Sql_Query erlaubt es, eine Eingabemaske zu erzeugen, in denen sich ein Anwender eine Query gegen eine Datenbanktabelle zusammenklicken kann und diese Maske dann auch auszuwerten und schließlich dient die OOH Forms-Klassensammlung zur Generierung von Verwaltung von Abfrageformularen.\nWo bekommt man PHPLIB (und was kostet sie)? Die Website zu PHPLIB ist http://phplib.netuse.de . An dieser Stelle findet sich nicht nur die jeweils aktuelle Version von PHPLIB, sondern auch die jeweils aktuelle Dokumentation und ein Verweis auf die Supportmailinglisten zu PHPLIB. Ebenso findet man dort ein Archiv dieser Mailinglisten.\nDie Mailingliste phplib@lists.netuse.de ist das Forum, an das sich Anwender der Bibliothek wenden können, die Probleme mit der Installation oder dem Betrieb von PHPLIB haben. Man kann sich an dieser Liste anmelden, indem man eine Nachricht mit dem Text \u0026ldquo;subscribe\u0026rdquo; an die Adresse phplib-request@lists.netuse.de sendet. Die Abmeldung funktioniert analog, indem man eine Nachricht mit dem Text \u0026ldquo;unsubscribe\u0026rdquo; an diese Adresse phplib-request@lists.netuse.de sendet. Die Liste ist in englischer Sprache.\nEine weitere Liste,phplib-dev@lists.netuse.de, ist für Entwickler der Bibliothek gedacht: Sie empfängt Reports aus dem CVS-Archiv von phplib und auf ihr finden Diskussionen unter den Entwicklern statt. Auch diese Liste ist englischsprachig.\nDa die Bibliothek unter der \u0026ldquo;nicht infektiösen\u0026rdquo; LGPL frei verfügbar ist, kann sie sowohl in GNU Projekten als auch in kommerziellen Softwareprojekten gefahrlos und ohne daß Lizenzgebühren anfallen eingesetzt werden. Der genaue Text der Lizenzvereinbarung ist Bestandteil des Paketes und findet sich in der Datei COPYING.\nDie ursprünglichen Entwickler von PHPLIB, Boris Erdmann und Kristian Köhntopp, haben inzwischen von vielen anderen Netzteilnehmern Unterstützung bekommen. Besondere Erwähnung verdienen Sascha Schumann , der für die Veröffentlichung von PHPLIB-6 maßgeblich war und der viele andere Erweiterungen und Fehlerkorrekturen vorgenommen hat und Jay Bloodworth , von dem die OOH Forms-Klassen der Bibliothek stammen. Eine vollständige Liste aller Helfer findet man in der Datei CREDITS als Bestandteil des Paketes.\nPHPLIB installieren Bevor man daran gehen kann, sich mit der eigentlichen Installation von PHPLIB zu beschäftigen, solle man zunächst einmal seine Installation von PHP3 überprüfen und einige Fakten darüber in Erfahrung bringen. Für den Installationsprozeß ist es notwendig zu unterscheiden, ob man ein CGI PHP3 oder ein mod_php3 als Bestandteil eines Apache Webservers hat. Wie die meisten Fragen zum Thema PHP3-Installation beantwortet sich dies am einfachsten, indem man sich ein Script mit einem phpinfo()-Aufruf erzeugt und sich die Ausgabe desselben ansieht: Besteht die Ausgabe von phpinfo() aus vier Tabellen, handelt es sich um einen CGI PHP3-Interpreter. Enthält sie dagegen mehr Tabellen, von denen die letzten beiden \u0026ldquo;Apache Environment\u0026rdquo; und \u0026ldquo;HTTP Headers Information\u0026rdquo; heißen, handelt es sich um ein PHP3-Modul in einem Apache Webserver (mod_php3).\nFalls CGI PHP3 verwendet wird, sollte man den PHP3-Interpreter gleich noch auf korrekte Übersetzung und Installation prüfen: Angenommen der Name des Testscriptes mit dem phpinfo()-Aufruf ist http://localhost/test.php3. Falls der Inhalt der Variablen $PHP_SELF nur den Pfad zum PHP3-Script enthält (/test.php3), ist die Installation korrekt erfolgt. Taucht dagegen der CGI-Pfad und der Name des Interpreters als Bestandteil der Variablen auf (/cgi-bin/php/test.php3), ist der Interpreter ohne die Option --force-cgi-redirect übersetzt worden. Abgesehen davon, daß dies eine enorme Sicherehitslücke ist, wird PHPLIB mit so einem Interpreter nicht korrekt funktionieren. Mit einem dergestalt falsch installierten PHP3-Interpreter lassen sich beliebige Dateien, auch außerhalb der Document-Root des Webservers, lesen und herunterladen (/cgi-bin/php/../../../../../../etc/passwd).\nMit Hilfe der Ausgabe von phpinfo() läßt sich auch die Version des PHP3-Interpreters prüfen. Für PHPLIB muß sie ausreichend neu sein: mindestens 3.0.6 oder höher, besser wäre ein aktuelles Release wie 3.0.11 oder höher. Es hat keinen Zweck versuchen zu wollen, PHPLIB mit einer älteren Version von PHP3 zu installieren: Ältere Versionen von PHP3 haben zu viele Fehler in der Speicherverwaltung und in der Behandlung von objektorientierten Erweiterungen als daß sie mit PHPLIB zusammenarbeiten könnten.\nFür die korrekte Installation von PHPLIB ist es außerdem notwendig, Zugriff auf die php3.ini-Datei zu haben, um einige Konfigurationsparameter für den Interpreter setzen zu können. Im Falle von mod_php3 genügt es, .htaccess-Dateien erzeugen zu können, mit denen man PHP3-Parameter für Unterverzeichnisse seines Webservers festlegen kann.\nPHPLIB kann entweder als mit gzip komprimiertes tar-Archiv (tgz-Datei) oder als selbstentpackendes Shellscript (shar-Datei) bezogen werden. Das bevorzugte Format ist das tgz-Format, weil es wegen der Kompression deutlich kleiner ist und weil es sowohl unter UNIX als auch unter Windows (mit WinZIP) problemlos auszupacken ist.\nNach dem Auspacken entsteht ein Verzeichnis php-lib mit den Unterverzeichnissen doc, pages, php und stuff. Die eigentliche Bibliothek befindet sich in den Dateien im Verzeichnis php. Dazu gehören außerdem die Dateien im Verzeichnis pages, die eine Reihe von Testseiten und Verwaltungsprogrammen enthalten. Diese Daten sind nur zum Test des Installationsprozesses notwendig und können später im Produktionsbetrieb entfernt werden. Das Verzeichnis stuff enthält eine Reihe von Scripten für die unterschiedlichsten SQL-Datenbanken und dient zur Einrichtung der benötigten Tabellen. Schließlich existiert noch das doc-Verzeichnis, in dem sich die Dokumentation zur Bibliothek in englischer Sprache befindet.\nDie Dateien im Verzeichnis php werden von PHP3 zur Laufzeit mittels include()- oder require()-Anweisungen eingebunden. Man sollte sie daher in ein Verzeichnis neben der Document-Root seines Webservers kopieren und den include_path seines PHP3-Interpreters darauf zeigen lassen. Auf keinen Fall sollten sich diese Dateien in irgendeinem Verzeichnis unterhalb des Document-Root Verzeichnisses des Webservers befinden, andernfalls kann es zu schweren Sicherheitsproblemen kommen.\nSetzt man die CGI-Version von PHP ein oder möchte man für ein mod_php den include_path global vorgeben, ist eine Änderung in der php3.ini zu machen. In welchem Verzeichnis diese Datei gesucht wird, geben neuere Versionen in der Ausgabe von phpinfo() als Überschrift der Tabelle \u0026ldquo;Configuration\u0026rdquo; mit an. In der php3.ini ist der Parameter include_path so zu setzen, daß er das Verzeichnis mit den *.inc-Dateien von PHPLIB enthält. Setzt man dagegen mod_php ein und möchte die Änderung der Konfigurationsparameter nur für ein Unterverzeichnis vornehmen, muß man in einem \u0026lt;Directory\u0026gt;-Block in der httpd.conf oder in einer .htaccess-Datei einen Eintrag der Form \u0026ldquo;php3_include_path /pfad/zum/verzeichnis\u0026rdquo; vornehmen, damit das betreffende Verzeichnis mit durchsucht wird.\nAuf jeder Seite, die PHPLIB verwendet, müssen nun die Dateien mit den Definitionen der Klassen von PHPLIB eingebunden werden. Zu diesem Zweck existiert eine vordefinierte Datei, die sich nun in dem neuen Include-Verzeichnis befinden muß: prepend.php3. Entweder kann diese Datei manuell auf jeder einzelnen PHPLIB-Seite eingebunden werden oder sie kann automatisch vor jede dieser Seiten gesetzt werden. Letzteres erreicht man, indem man den Parameter \u0026ldquo;auto_prepend_file = \u0026hellip;\u0026rdquo; in der php3.ini entsprechend setzt, oder, falls man mod_php einsetzt, in einem \u0026lt;Directory\u0026gt;-Block oder einer .htaccess-Datei einen Eintrag der Form \u0026ldquo;php3_auto_prepend_file /pfad/zu/datei/prepend.php3\u0026rdquo; vornimmt.\nIn der Datei prepend.php3 wird dann eingetragen, welche Dateien PHPLIB zu jeder Seite dazuladen soll. Verwendet man MySQL, ist keine Änderung notwendig. Wird stattdessen eine der anderen von PHPLIB unterstützten Datenbanken (mSQL, ODBC, Oracle 7, Oracle OCI 8 Interface, Postgres oder Sybase) verwendet, ist die Anweisung \u0026lsquo;require(\u0026ldquo;db_mysql.inc\u0026rdquo;)\u0026rsquo; in dieser Datei entsprechend anzupassen. Verwendet man PHPLIB ohne SQL-Datenbank, sondern mit dem LDAP-, DBM- oder Shared Memory-Interface, ist diese require-Anweisung auszukommentieren und stattdessen die Anweisung \u0026lsquo;require(\u0026ldquo;ct_sql.inc\u0026rdquo;)\u0026rsquo; in der Zeile darunter entsprechend anzupassen. In dieser Anleitung gehen wir davon aus, daß eine Standardinstallation mit MySQL verwendet werden soll. Dann sind in der prepend.php3 keine Änderungen notwendig.\nIm nächsten Schritt sind in der Datenbank die benötigten Tabellen anzulegen. In MySQL muß der Datenbank-Administrator dazu zunächst einmal eine logische Datenbank mit dem Kommando \u0026lsquo;CREATE DATABASE\u0026rsquo; anlegen, etwa \u0026lsquo;CREATE DATABASE beispieldb\u0026rsquo;. Danach muß dem Benutzer, unter dem PHP3 später ausgeführt wird, auf die übliche Weise Zugriffsrecht auf diese Datenbank gegeben werden. Es ist dringend empfohlen, keine gesonderte logische Datenbank für PHPLIB anzulegen, sondern die Tabellen von PHPLIB innerhalb des normalen Datenbankschemas der Anwendung zu erzeugen. Man kann dies für die Datenbank \u0026lsquo;beispieldb\u0026rsquo; tun, indem man einfach den SQL-Batch \u0026lsquo;stuff/create_database.mysql\u0026rsquo; aus der PHPLIB-Distribution ausführt:\n$ mysql beispieldb \u0026lt; stuff/create_database.mysql Ein einfaches \u0026lsquo;SHOW TABLES\u0026rsquo; in dieser Datenbank sollte einem dann die Tabellen active_sessions und active_sessions_split, auth_user und auth_user_md5 sowie db_sequence zeigen.\nSchließlich muß man PHPLIB noch auf seine eigenen Bedürfnisse anpassen, d.h. der Bibliothek mitteilen, wo sie die Datenbank findet und mit welchen Parametern sie arbeiten soll. Alle diese Änderungen werden in der Datei local.inc vorgenommen. Diese Datei enthält eine Reihe von Klassendefinitionen, die die normalen, unspezifischen Klassendefinitionen um die für die Anwendung benötigten Parameter ergänzen. In der zum Paket gehörenden Version enthält diese Datei eine Reihe von Beispieldefinitionen, was sie ein wenig unübersichtlich macht. Zum Üben ist es ausreichend, wenige Zeilen in der Definition von DB_Example anzupassen, aber für eine Installation, die für die Produktion gedacht ist, wird man die Datei nur als Vorlage nehmen und mit einer leeren local.inc anfangen, die man sich für seine Zwecke maßschneidert.\nAn keiner anderen Datei von PHPLIB sollten normalerweise Änderungen notwendig sein.\nZum Testen kann nun die Dateien aus dem pages-Verzeichnis in die Document-Root seines Webservers kopieren und einmal versuchen, die Testseiten aufzurufen. Bei Installationsproblemen hilft die wirklich ausführliche Anleitung, die mit PHPLIB mitgeliefert wird und die Supportmailingliste zur Bibliothek.\nZugriff auf Datenbanken mit PHPLIB Erstellen einer eigenen Datenbank-Klasse PHPLIB enthält eine Klasse DB_Sql, die den Zugriff auf Datenbanken in einer Weise erlaubt, die weitgehend unabhängig von der verwendeten Datenbankart ist. Die Klasse existiert in verschiedenen Versionen, je nach der unterliegenden SQL-Datenbank, die verwendet werden soll: db_mysql.inc definiert eine Version von DB_Sql für MySQL-Datenbanken, db_odbc.inc eine Version für ODBC-Datenbanken und so weiter. Durch Einbinden der entsprechenden Version in der Datei prepend.php3 kann man entscheiden, mit welcher Datenbank man arbeiten möchte.\nDie Klasse DB_Sql ist dabei sehr allgemein gehalten: Sie enthält keinerlei Connect-Informationen und eine Reihe von Defaults, die das Verhalten im Fehlerfall bestimmen. Gewöhnlich konfiguriert man die Klasse, indem man in der Datei local.inc eine Unterklasse von DB_Sql definiert, in der man seine eigenen Connect-Parameter einträgt. Ändern sich die Connect-Parameter der Anwendung, braucht man sie nur an einer Stelle in local.inc zu ändern. Eine solche Definition kann zum Beispiel so aussehen:\nclass DB_Example extends DB_Sql { var $Host = \u0026#34;localhost\u0026#34;; var $Database = \u0026#34;test\u0026#34;; var $User = \u0026#34;kk\u0026#34;; var $Password = \u0026#34;\u0026#34;; } Dies definiert eine Klasse DB_Example, die sich ganz genau wie DB_Sql verhält, aber gegen die Datenbank test auf dem Rechner localhost connected, indem sie sich als Benutzer kk mit einem leeren Paßwort anmeldet. In seiner Anwendung kann man nun Datenbankobjekte der Klasse DB_Example erzeugen und diese Objekte wissen automatisch wo und wie sie sich anzumelden haben.\nAbfragen an eine Datenbank senden DB_Sql merkt sich intern, ob bereits eine Datenbankverbindung besteht oder ob noch eine erzeugt werden muß. Die Klasse kümmert sich vor der Verarbeitung einer neuen Query auch darum, das alte Anfrageergebnis freizugeben, wenn eines existiert. Für den Entwickler bedeutet dies, daß er sich um diese Details nicht mehr kümmern braucht, sondern nach dem Erzeugen seines Datenbankobjektes direkt die Query absenden kann. Eine typische Anwendung der Klasse sieht zum Beispiel so aus:\n$db = new DB_Example; // Erzeuge ein Objekt $db $db-\u0026gt;query(\u0026#34;select * from beispieltabelle\u0026#34;); Das Datenbankobjekt kümmert sich hier selbstständig um den Aufbau der Verbindung zur Datenbank und um die Schritte, die je nach Datenbank unterschiedlich zur Verarbeitung und zum Senden der Query notwendig sind. Das Ergebnis der Query steht nun bereit und kann entweder manuell abgeholt werden (siehe unten) oder einer anderen Klasse übergeben werden, die etwas damit anfangen kann - der PHPLIB-Klasse Table zum Beispiel.\nVerarbeitet man das Ergebnis der Query manuell, stehen einem Datei die Funktionen next_record() zum Abholen des nächsten Ergebnisses und die Funktionen f(spaltenname) (\u0026ldquo;feld\u0026rdquo;) und p(spaltenname) (\u0026ldquo;print\u0026rdquo;) zum Lesen bzw. Drucken einer Spalte der aktuellen Ergebniszeile zur Verfügung. next_record() nimmt dabei keine Parameter und liefert ein boolean-Ergebnis, mit dem signalisiert wird, ob noch ein Datensatz gelesen werden konnte. f() und p() nehmen jeweils den Namen einer Spalte als Parameter an und bearbeiten diese Spalte in der aktuellen Ergebniszeile. f() liefert den aktuellen Spalteninhalt als Rückgabewert, p() druckt diesen Wert und liefert kein Ergebnis. Die typische PHPLIB-Redewendung zum Abfragen und Verarbeiten von Daten in einer SQL-Datenbank lautet also beispielweise so:\n$db = new DB_Example; // Erzeuge ein Datenbankobjekt $db-\u0026gt;query(\u0026#34;select * from beispieltabelle\u0026#34;); // Sende Query an DB // Hier können f() und p() noch nicht verwendet werden. printf(\u0026#34;\u0026lt;table\u0026gt;\\n\u0026#34;); while($db-\u0026gt;next_record()) { $wert = $db-\u0026gt;f(\u0026#34;s\u0026#34;); // Merke Dir den aktuellen Wert der Spalte \u0026#34;s\u0026#34; printf(\u0026#34;\u0026lt;tr\u0026gt;\u0026lt;td\u0026gt;s = %s\u0026lt;/td\u0026gt;\u0026lt;/tr\u0026gt;\\n\u0026#34;, $wert); } printf(\u0026#34;\u0026lt;/table\u0026gt;\\n\u0026#34;); Dabei ist es sehr wichtig, die Funktionen f() und p() erst dann zu verwenden, wenn nach dem Absenden der Query mindestens einmal next_record() aufgerufen worden ist. Erst nach dem ersten Aufruf von next_record() stehen im internen Puffer des Datenbankobjektes Informationen zur Verfügung, die verarbeitet werden können.\nWenn die Query eine Abfrage war, also das SQL-Statement \u0026lsquo;SELECT\u0026rsquo; enthielt, kann man mit den Funktionen num_fields() und num_rows() die Anzahl der Spalten und Zeilen des Ergebnisses erfragen, falls die Datenbank dies unterstützt. Bei MySQL ist dies der Fall, aber andere Datenbanken liefern das Ergebnis einer Query asynchron, sodaß man die Größe der Resultatmenge nicht auf diese Weise abfragen kann: In Oracle ist es beispielweise möglich, daß die Datenbank schon die ersten mit next_record() abfragbaren Ergebnisse zur Verfügung stellt, während der hintere Teil der Query noch bearbeitet wird. Die Funktion num_rows() liefert hier immer das Ergebnis 0. In so einem Fall muß man die Größe der Resultatmenge vorab mit einem \u0026lsquo;SELECT count(*) FROM \u0026hellip;\u0026rsquo; manuell bestimmen, bevor man die eigentlich Query danach absendet. Das erzeugt zum Glück nicht übermäßig Last auf dem Datenbank-Server, weil dieser die Anfrage und deren Ergebnis zwischenspeichert, sodaß die zweite Query im Vergleich zur ersten sehr schnell bearbeitet werden kann.\nSendet man statt einer Abfrage stattdessen Anweisungen, die Daten modifizieren, also z.B. die SQL-Anweisungen \u0026lsquo;INSERT\u0026rsquo;, \u0026lsquo;DELETE\u0026rsquo; oder \u0026lsquo;UPDATE\u0026rsquo;, erhält man keine Ergebnismenge, die man abfragen könnte. Stattdessen kann mit der Funktion affected_rows() bestimmen, wieviele Zeilen durch diese Anweisung bearbeitet worden sind. Die Redewendung, die man an dieser Stelle immer wieder findet, lautet dann so:\n// $db aus dem Beispiel oben wird weiter verwendet $db-\u0026gt;query(\u0026#34;insert into beispieltabelle ( s ) values (\u0026#39;probe\u0026#39;)\u0026#34;); $erfolg = $db-\u0026gt;affected_rows(); Die Variable $erfolg wird nun den Wert 1 haben, wenn der Wert erfolgreich in die Tabelle eingefügt werden konnte, oder 0, wenn das INSERT-Statement fehlgeschlagen ist.\nFehlerbehandlung DB_Sql kümmert sich, wenn dies gewünscht ist, auch automatisch um die Behandlung von Fehlern, die durch falsches oder fehlerhaftes SQL entstehen. Die Default-Aktion ist es, im Fehlerfall eine Meldungsfunktion halt() aufzurufen und die Verarbeitung dann anzuhalten. Dem Entwickler steht es dabei frei, die Meldungsfunktion nach seinen Wünschen anzupassen.\nStandardmäßig belegt die Funktion halt() die Variablen Error und Errno mit den aktuellen Fehlercodes des Datenbankinterfaces und ruft dann die Funktion haltmsg() auf, um eine erklärende Meldung zu drucken und die weitere Verarbeitung dann anzuhalten.\nDieses Verhalten ist jedoch durch die Belegung der VariablenHalt_On_Error bestimmt: Defaultmäßig steht diese Variable auf dem Wert \u0026ldquo;yes\u0026rdquo;. Setzt man sie auf \u0026ldquo;report\u0026rdquo;, wird die Meldung gedruckt, die weitere Verarbeitung jedoch nicht angehalten. Setzt man sie auf \u0026ldquo;no\u0026rdquo;, wird weder eine Meldung gedruckt, noch wird das Programm abgebrochen. Es ist dann Aufgabe der Anwendung, den Fehlerstatus durch die Abfrage von Error und Errno zu kontrollieren.\nAlternativ kann ein Entwickler auch die Funktion haltmsg() überschreiben, um die Ausgabe von Fehlermeldungen seinen Wünschen anzupassen. Einige Beispiele:\n// Diese Klasse ignoriert Datenbankfehler. class DB_Example2 extends DB_Sql { var $Host = \u0026#34;localhost\u0026#34;; var $Database = \u0026#34;test\u0026#34;; var $User = \u0026#34;kk\u0026#34;; var $Password = \u0026#34;\u0026#34;; var $Halt_On_Error = \u0026#34;no\u0026#34;; // keine Fehlermeldungen drucken } // Diese Klasse meldet Datenbankfehler in einem Logfile // und setzt die Verarbeitung dann fort. // Im HTML-Code erscheint nichts. class DB_Example3 extends DB_Sql { var $Host = \u0026#34;localhost\u0026#34;; var $Database = \u0026#34;test\u0026#34;; var $User = \u0026#34;kk\u0026#34;; var $Password = \u0026#34;\u0026#34;; var $Halt_On_Error = \u0026#34;report\u0026#34;; // haltmsg() aufrufen, aber weitermachen // unsere eigene Version von haltmsg) function haltmsg($msg) { $fp = fopen(\u0026#34;/tmp/errorlog\u0026#34;, \u0026#34;a+\u0026#34;); $msg = sprintf(\u0026#34;%s: error %s (%s) - %s\\n\u0026#34;, date(\u0026#34;Y-M-D H:i:s\u0026#34;), $this-\u0026gt;Errno, $this-\u0026gt;Error, $msg); fputs($fp, $msg); fclose($fp); } } Metadata Gelegentlich ist es nützlich, einige Fragen über die vorhandenen Datenbanktabellen stellen zu können. DB_Sql stellt dafür die Funktionen table_names() und metadata() zur Verfügung. Beide Funktionen geben jeweils zweidimensionale Felder als Ergebnis zurück, die entweder manuell verarbeitet werden können oder als Eingabe für die PHPLIB-Klasse Table verwendet werden können.\nDie Funktion table_names() liefert eine Liste alle Tabellen zurück, auf die man Zugriff hat. Zu jeder Tabelle werden die Informationen table_name, tablespace_name und database geliefert. Ein kleines Anwendungsbeispiel zeigt, wie man auf diese Weise eine Liste aller vorhandenen Tabellen erzeugen kann.\n$db = new DB_Example; $tinfo = $db-\u0026gt;table_names(); reset($tinfo); while(list($k, $v) = each($tinfo)) { printf(\u0026#34;Tabelle: %s Tablespace: %s Datenbank: %s\\n\u0026#34;, $tinfo[$k][\u0026#34;table_name\u0026#34;], $tinfo[$k][\u0026#34;tablespace_name\u0026#34;], $tinfo[$k][\u0026#34;database\u0026#34;]); } Die Funktion metadata() wird dann verwendet, um den Aufbau einer Tabelle weiter zu untersuchen. Sie liefert Information über die Spalten einer Tabelle, ebenfalls als zweidimensionales Feld, das als Eingabe für die Table-Klasse verwendet werden kann. Ein Anwendungsbeispiel mit Table könnte so aussehen:\ninclude(\u0026#34;table.inc\u0026#34;); // Table einbinden. $db = new DB_Example; // Datenbankobjekt $t = new Table; // Table Objekt $t-\u0026gt;heading = \u0026#34;on\u0026#34;; // Table soll Überschriften anzeigen. $db-\u0026gt;metadata(\u0026#34;beispieltabelle\u0026#34;); // Metadata abfragen $t-\u0026gt;show($db); // ... und darstellen. Ausgegeben werden zu jeder Spalte der Name der Tabelle (\u0026ldquo;table\u0026rdquo;), der Name der Spalte (\u0026ldquo;name\u0026rdquo;), der Typ des Datenfeldes (\u0026ldquo;type\u0026rdquo;), die Länge des Feldes (\u0026ldquo;len\u0026rdquo;) und die Flags, die für dieses Feld gesetzt sind (\u0026ldquo;flags\u0026rdquo;).\nSequenzen In Datenbankanwendungen benötigt man oft Zähler, die eindeutige Schlüssel für Datenbanktabellen generieren. DB_Sql stellt hierfür die Funktion nextid() zur Verfügung, die einen solchen Wert liefert, der garantiert eindeutig und aufsteigend ist. Die Funktion wird mit einem Zählernamen aufgerufen und liefert dann den jeweils nächsten Wert für diesen Zähler. Die Anwendung ist denkbar einfach.\n$db = new DB_Example; // Datenbankobjekt erzeugen. $id1 = $db-\u0026gt;nextid(\u0026#34;beispieltabelle\u0026#34;); $id2 = $db-\u0026gt;nextid(\u0026#34;zweite_tabelle\u0026#34;); $query1 = sprintf(\u0026#34;insert into beispieltabelle ( id, s ) values ( \u0026#39;%s\u0026#39;, \u0026#39;%s\u0026#39; )\u0026#34;, $id1, $some_value); $query2 = sprintf(\u0026#34;insert into zweite_tabelle ( id, t, s_id ) values ( \u0026#39;%s\u0026#39;, \u0026#39;%s\u0026#39;, \u0026#39;%s\u0026#39; )\u0026#34;, $id2, $another_value, $id1); $db-\u0026gt;query($query1); $db-\u0026gt;query($query2); In diesem Beispiel werden zwei Zähler mit den Namen beispieltabelle und zweite_tabelle geführt. Beide Zähler sind voneinander unabhängig. Das Beispiel generiert eine Einfügung in die Tabelle beispieltabelle mit dem gleichnamigen Zählerwert. In einer zweiten Einfügung in die Tabelle zweite_tablle wird ein Eintrag gemacht, der unter seiner eigenen ID abgespeichert wird und zugleich auf einen anderen Eintrag in der Tabelle beispieltabelle verweist.\nLocking Die großen Datenbanken wie Oracle und Sybase haben umfangreiche Mechanismen, um Datensätze gegen gleichzeitigen Zugriff durch mehrere Programme zu sperren. Bei kleinen Datenbankservern wie MySQL muß man dies dagegen selbst machen. Eine sehr einfache, aber auch wenig effiziente Methode ist die Sperrung der ganzen Tabelle, entweder um darin zu schreiben oder um aus ihr zu lesen. DB_Sql stellt die Funktionen lock() und unlock() zur Verfügung, um mit Ihnen Sperren auf ganze Tabellen zu setzen.\nDie Funktion lock() kann auf zwei Arten verwendet werden. Entweder übergibt man Ihr einen Tabellennamen und einen Sperrmodus (Beispiel: $db-\u0026gt;lock(\u0026ldquo;beispieltabelle\u0026rdquo;, \u0026ldquo;write\u0026rdquo;)), dann setzt sie ein Lock im entsprechenden Modus auf diese Tabelle oder man übergibt Ihr einen Hash von Tabellennamen und Modi, dann werden die entsprechenden Locks gesetzt. Das Beispiel zeigt, wie es geht.\n$lock_tables = array( \u0026#34;beispieltabelle\u0026#34; =\u0026gt; \u0026#34;write\u0026#34;, \u0026#34;zweite_tabelle\u0026#34; =\u0026gt; \u0026#34;read\u0026#34; ); $db-\u0026gt;lock($lock_tables); Die Sperren auf diese Tabellen bleiben bestehen, bis $db-\u0026gt;unlock() aufgerufen wird. Der Aufruf löscht alle bestehenden Sperren; es ist nicht möglich, einzelne Locks aufzugeben.\nSessions Sessions konfigurieren Eine Session ist in PHPLIB ein Weg, Variablen zu haben, die automatisch von einer PHP-Seite zur nächsten mitgeschleppt werden. Dazu wird dem Browser des Anwenders eine Kennung verpaßt, die dieser bei jedem Zugriff an die Anwendung zurück übermittelt - entweder in Form eines Cookie oder in Form eines GET-Parameters, der an jede URL angehängt werden muß, die der Anwender aufrufen kann. Mit Hilfe dieser Kennung kann PHPLIB nun die mitzuschleppenden Variablen am Ende einer Seite abspeichern und beim Zugriff auf die Folgeseite wieder laden.\nUm mit Sessions zu arbeiten, muß man in seiner local.inc-Datei eine Unterklasse der Klasse Session aus PHPLIB erzeugen. In dieser Klasse wird wieder mit einer Reihe von Parametern festgelegt, auf welche Weise die Variablen zu speichern sind und auf welche Weise die Kennung weitergegeben wird. Wie schon bei der Datenbank-Klasse geschieht dies im wesentlichen, indem man eine Reihe von vordefinierten Variablen mit den gewünschten Werten überschreibt. Eine Besonderheit besteht darin, daß man (ab PHPLIB-7) der Session-Klasse mit einer Hilfsklasse (CT_SQL) mitteilen muß, wo und auf welche Weise die Session-Daten zu speichern sind.\n+---------+ enthält Code zur Verwaltung von Session-IDs, | Session | zur Serialisierung von Variablen und +---------+ zum Abräumen alter Sessions | | benutzt v +--------+ enthält SQL-Queries, die Session-Variablen | CT_Sql | laden und speichern, User authentisieren +--------+ und so weiter. | | benutzt v +--------+ übernimmt die Kommunikation mit der Datenbank, | DB_Sql | Fehlerbehandlung und so weiter. +--------+ Abbildung 1: Beziehung zwischen den Klassen DB_Sql, CT_Sql und Session, Konfiguration zur Arbeit mit einer SQL-Datenbank\nDiese Hilfsklasse enthält die benötigten Anweisungen, um Variablen in eine Datenbank (oder eine DBM-Datei, oder ein shared-memory Segment, oder etwas anderes) zu speichern und von dort zu lesen, um Benutzer zu authentisieren und weitere Zugriffe. Die Abkürzung \u0026ldquo;CT\u0026rdquo; steht dabei für \u0026ldquo;Container\u0026rdquo;, die Klasse implementiert einen sogenannten Storage Container, der alle Speicherzugriffe für eine andere Klasse enthält. Durch die Auswahl eines anderen Storage Containers kann man Session dazu bringen, Variablen nicht in einer SQL-Datenbank, sondern auf einem anderen Speichermedium abzulegen.\n+---------+ +-----------------+ | Session |-- abgeleitet --\u0026gt; | Example_Session | +---------+ +-----------------+ | | | benutzt | benutzt v v +--------+ +----------------+ | CT_Sql | -- abgeleitet --\u0026gt; | Example_CT_Sql | +--------+ +----------------+ | | | benutzt | benutzt v v +--------+ +------------+ | DB_Sql | -- abgeleitet --\u0026gt; | DB_Example | +--------+ +------------+ Abbildung 2: Klassensystem nach dem Einlesen von local.inc.\nDurch die Definitionen in local.inc entstehen aus den Standardklassen der Bibliothek angepaßte Unterklassen, die für die spezielle Anwendung und Installation konfiguriert sind. Eine PHPLIB-Anwendung verwendet immer diese angepaßten Unterklassen aus local.inc, niemals die Standardklassen aus der Bibliothek.\nIn local.inc findet man also nach der Definition der Klasse für den Datenbankzugriff (DB_Example, siehe oben) Definitionen für den Storage Container und die Session-Klasse. Die Daten, die konfiguriert werden müssen, sind im wesentlichen die Namen der Klassen, so wie sie sich untereinander benutzen, d.h. man muß dem Storage Container den Namen der Datenbank-Klasse mitteilen und der Session-Klasse den Namen des Storage Containers, der verwendet werden soll.\nclass Example_CT_Sql extends CT_Sql { // Name der Datenbankklasse, die zu verwenden ist. var $database_class = \u0026#34;DB_Example\u0026#34;; // Name der SQL-Tabelle, die zu verwenden ist. var $database_table = \u0026#34;active_sessions\u0026#34;; } class Example_Session extends Session { // Muß vorhanden sein, damit die Klasse gespeichert werden kann. var $classname = \u0026#34;Example_Session\u0026#34;; // Muß für jede Installation anders sein var $magic = \u0026#34;Hocuspocus\u0026#34;; // Name der Storage Container-Klasse, die zu verwenden ist. var $that_class = \u0026#34;Example_CT_Sql\u0026#34;; } Im Storage Container wird durch den Namen der Datenbank-Klasse implizit klargemacht, an welchen Server mit welchem Benutzernamen und welchem Paßwort connected werden soll. Außerdem kann konfiguriert werden, wie der Name der Tabelle lautet, in dem später einmal die Session-Daten gespeichert werden sollen. Damit dies mit den create_database-Definitionen aus dem stuff/-Verzeichnis zusammenspielt, sollte dieser Name active_sessions sein.\nIn der Session-Klasse ist vor allen Dingen der Name des Storage Containers zu definieren, der verwendet werden soll, hier also Example_CT_Sql. In der Variablen magic steht außerdem ein String, der bei der Generierung der Session-IDs verwendung findet, und der bei jeder Installation von PHPLIB auf einen anderen Wert gesetzt werden sollte, damit die Session-IDs schwerer zu fälschen sind. Die Variable classname wird intern von PHPLIB verwendet, um Objekte zu laden und zu speichern und sollte den genauen Namen der Klasse selbst enthalten, hier also Example_Session.\nPHPLIB-Sessions haben nun zwar noch eine ganze Menge Knöpfe, an denen man drehen und einstellen kann, aber die Session-Klasse ist nun schon benutzbar. Eine Seite mit Session-Variablen sieht wie nachstehend gezeigt aus.\n\u0026lt;?php // Laden der Variablen aus der Datenbank. page_open(array(\u0026#34;sess\u0026#34; =\u0026gt; \u0026#34;Example_Session\u0026#34;)); // Die globale Variable $s ist nun bei der Session registriert. $sess-\u0026gt;register(\u0026#34;s\u0026#34;); // $s wird auf einen definierten Startwert gesetzt, wenn die // Variable noch nicht existiert. if (!isset($s)) $s = 0; // $s hochzählen. $s++; ?\u0026gt; \u0026lt;html\u0026gt; \u0026lt;head\u0026gt; \u0026lt;title\u0026gt;Eine Testseite\u0026lt;/title\u0026gt; \u0026lt;/head\u0026gt; \u0026lt;body\u0026gt; \u0026lt;h1\u0026gt;Eine Testseite\u0026lt;/h1\u0026gt; Die Variable $s hat den Wert \u0026lt;?php print $s ?\u0026gt;. \u0026lt;/body\u0026gt; \u0026lt;/html\u0026gt; \u0026lt;?php // Zurückspeichern der Variablen in die Datenbank page_close(); ?\u0026gt; Durch das auto_prepend_file, das in der php3.ini konfiguriert wird, wird dieser Datei der Inhalt von prepend.php3 vorangestellt.\nprepend.php3 lädt jetzt alle weiteren Dateien, die für die Ausführung dieser Seite benötigt werden, d.h. es bindet db_mysql.inc, session.inc, page.inc, local.inc und ggf. noch weitere, hier noch nicht benutzte Dateien ein. Dadurch sind am Anfang dieses Programmes eine Reihe von Funktionen und Klassen definiert, die zu PHPLIB gehören.\nDas Beispielprogramm selbst verwendet dann die vordefinierten PHPLIB-Funktionen page_open() und page_close(), um Variablen am Anfang der Seite einzulesen und am Ende der Seite wieder abzuspeichern. Der Funktion page_open() wird dabei mitgeteilt, daß diese Seite die Session-Funktionalität von PHPLIB verwenden möchte und zwar wie sie in der Klasse Example_Session konfiguriert ist.\nDas Resultat ist ein globales Example_Session Objekt mit dem Namen $sess. Man kann jetzt Funktionen von Example_Session (also Funktionen von Session) aufrufen, um Variablennamen bei der Session zu registrieren.\nIm Beispielprogramm wird dies durch den Aufruf $sess-\u0026gt;register(\u0026ldquo;s\u0026rdquo;) gemacht, der die globale Variable mit dem Namen \u0026ldquo;s\u0026rdquo; bei der Session anmeldet. Fortan wird bei jedem Aufruf von page_close() der aktuelle Typ und Wert von $s gerettet und bei einem Aufruf von page_open() wieder hergestellt.\nSobald der Name \u0026ldquo;s\u0026rdquo; erst einmal bei einer Session registriert ist, bleibt er solange Bestandteil der Session, bis er mit $sess-\u0026gt;unregister(\u0026ldquo;s\u0026rdquo;) wieder abgemeldet wird. Andererseits schadet es nichts, einen Namen mehr als einmal bei einer Session zu registrieren. Die Beispielseite merkt sich nun also den Wert von $s und kann ihn so von einem Aufruf der Seite zum nächsten hochzählen.\nWenn man die Seite aufruft und seinen Browser so eingestellt hat, daß er beim Setzen von Cookies eine Warnung ausgibt, dann wird man feststellen, daß der Webbrowser versucht, einen Cookie mit dem Namen \u0026ldquo;Example_Session\u0026rdquo; auf irgendeinen wilden Wert zu setzen. Dieser Cookie identifiziert den Browser eindeutig und in der Tabelle active_sessions in der Datenbank werden unter dem Wert des Cookies die Variablen abgespeichert, die zu dieser Session gehören (aus technischen Gründen sind die Werte dort mit base64_encode() codiert abgespeichert, aber man kann sich die Innereien von PHPLIB ansehen, wenn man die Inhalte von active_sessions.val mit base64_code() decodiert).\nJeder Anwender hat also seinen eigenen Cookie mit einem eindeutigen Wert und in der Datenbank seinen eigenen Satz Variablen, der zu diesem Cookie gehört. PHPLIB verwendet sogenannte Session-Cookies, d.h. die Cookies werden im Browser ohne eine Zeitbegrenzung gesetzt, aber der Browser speichert die Cookies niemals in einer cookies.txt-Datei ab. Die Session \u0026ldquo;lebt\u0026rdquo; also solange, wie der Browser des Anwenders läuft. Beendet der Anwender seinen Browser, ist der Cookie gelöscht und die Session verloren.\nMan kann dies ändern, indem man die Variable $lifetime in seiner Session definiert. Die Variable gibt an, wieviele Minuten lang der Cookie mit der Session-ID gelten soll. Setzt man die Variable also auf den Wert 1440, dann wird die Anwendung versuchen, einen Cookie mit einer Lebensdauer von einem Tag zu setzen. In der Praxis hat sich dies nicht als empfehlenswert erwiesen, daher verwendet PHPLIB standardmäßig Session-Cookies.\nclass Lifetime_Session extends Session { var $classname = \u0026#34;GET_Session\u0026#34;; var $magic = \u0026#34;sonstwas\u0026#34;; var $that_class = \u0026#34;Example_CT_Sql\u0026#34;; // Session-ID Cookie soll einen Tag lang gehalten werden. var $lifetime = 1440; // das sind Minuten. } Sessions mit GET-Mode Einige Anwender sind durch die Medien zu einer regelrechten Cookie-Paranoia erzogen worden und haben ihrem Browser verboten, Cookies anzunehmen oder zu senden. PHPLIB kann in diesem Fall nicht funktionieren.\nUm das Problem zu umgehen kennt PHPLIB den sogenannten GET-Mode. In diesem Fall wird die Session-ID nicht per Cookie zur Anwendung übertragen, sondern als GET-Parameter von Seite zu Seite als Bestandteil der URL durchgeschleift. Man überredet PHPLIB dazu, GET-Mode zu verwenden, indem man den entsprechenden Parameter in der Session-Klasse setzt.\nclass GET_Session extends Session { var $classname = \u0026#34;GET_Session\u0026#34;; var $magic = \u0026#34;sonstwas\u0026#34;; var $that_class = \u0026#34;Example_CT_Sql\u0026#34;; // unterschiedslos GET-Mode verwenden var $mode = \u0026#34;get\u0026#34;; } class Fallback_Session extends Session { var $classname = \u0026#34;Fallback_Session\u0026#34;; var $magic = \u0026#34;was anderes\u0026#34;; var $that_class = \u0026#34;Example_CT_Sql\u0026#34;; // Cookies probieren, automatisch auf GET-Mode zurückschalten var $mode = \u0026#34;cookie\u0026#34;; var $fallback_mode = \u0026#34;get\u0026#34;; } Setzt man die Variable $mode auf \u0026ldquo;get\u0026rdquo;, verwendet die Anwendung immer GET-Parameter, um die Session-ID von Seite zu Seite weiterzugeben. Dies hat jedoch eine Reihe von Nachteilen: Zum Beispiel wird die Session-ID dadurch Bestandteil von Bookmarks oder sie wird womöglich sogar von irgendwelchen Redakteuren in Zeitschriften abgedruckt. Auch geht die Session verloren, wenn ein Anwender in seinem Browser einmal schnell eine andere Seite aufruft und dann zu unserer Anwendung zurückkehrt - dies ist bei Cookie-Mode nicht der Fall.\nDaher kann man PHPLIB auch so konfigurieren, wie in der Klasse Fallback_Session gezeigt. In diesem Fall versucht PHPLIB beim Start der Session sowohl Cookies als auch GET-Parameter zu benutzen. Ist auf den Folgeseiten der Cookie gesetzt, wird weiter Cookie-Mode verwendet. Hat der Anwender jedoch die Annahme von Cookies verweigert, schaltet PHPLIB automatisch auf GET-Parameter um.\nIn beiden Fällen muß man seine Anwendung jedoch speziell präparieren, damit die Session-ID in der URL weitergereicht wird. Genaugenommen muß man alle URLs in seiner Anwendung durch PHPLIB erzeugen lassen, anstatt sie einfach ins HTML zu schreiben, d.h. man muß statt\n\u0026lt;a href=\u0026#34;/index.html\u0026#34;\u0026gt;zurück zur Hauptseite\u0026lt;/a\u0026gt; \u0026lt;a href=\u0026#34;\u0026lt;?php $sess-\u0026gt;purl(\u0026#34;/index.html\u0026#34;)\u0026gt;\u0026#34;\u0026gt;zurück zur Hauptseite\u0026lt;/a\u0026gt; schreiben, und zwar für alle A, FRAME und FORM-Tags. Die Funktion $sess-\u0026gt;url() liefert in Abhängigkeit von der aktuellen Betriebsart eine passende URL mit Session-ID für die angegebene Parameter-URL zurück. Die Funktion purl() macht genau dasselbe, druckt diese URL aber gleich aus. Das bedeutet, wenn der Anwender Cookies eingeschaltet hat, wird die Funktion tatsächlich die URL \u0026ldquo;/index.html\u0026rdquo; ausgeben. Ist stattdessen aber die Annahme von Cookies beim Anwender blockiert, dann wird von purl() stattdessen die URL \u0026ldquo;/index.html?Fallback_Session=\u0026hellip;.\u0026rdquo; erzeugt.\nWie man sieht, ist dieses Verfahren sehr aufwendig in der Codierung: Man muß jedes Link und jede URL in seiner Anwendung manuell anfassen und auf PHP umstellen. Dies ist leider nicht zu ändern, daß die Sprache PHP3 normales HTML niemals anfaßt, sondern ausschließlich PHP-Sektionen interpretiert. Wenn man sich dennoch entschließt, dieses Verfahren anzuwenden, sollte man sich auf jeden Fall für die Fallback-Lösung entscheiden, weil diese für die Anwender, die Cookies eingeschaltet haben, wesentlich bequemer und betriebssicherer ist.\nSessions initialisieren Beim Start einer Anwendung, also wenn eine neue Session erzeugt wird, ist es oftmals notwendig, eine Reihe von Variablen mit passenden Startwerten zu belegen.\nPHPLIB sieht dafür die Variable $auto_init vor, mit der man den Namen einer Include-Datei festlegen kann, die beim Start einer Session geladen und ausgeführt wird. Per Konvention wird diese Datei in der Regel \u0026ldquo;setup.inc\u0026rdquo; genannt. Anweisungen in dieser Datei werden im Kontext einer Funktion ausgeführt, daher müssen globale Variablen, die vorbelegt werden sollen, mittels der PHP-Anweisung \u0026ldquo;global\u0026rdquo; vorher exportiert werden.\nDas Beispiel mit Example_Session und der globalen Variablen $s (siehe oben) läßt sich damit auch wie nachstehend realisieren.\nIn local.inc:\nclass Beispiel_Session extends Session { var $classname = \u0026#34;Beispiel_Session\u0026#34;; var $magic = \u0026#34;ein weiterer String\u0026#34;; var $that_class = \u0026#34;Example_CT_Sql\u0026#34;; // Diese Datei soll beim Session-Start geladen werden var $auto_init = \u0026#34;setup.inc\u0026#34;; } In setup.inc:\n\u0026lt;?php // $s als globale Variable deklarieren global $s; // $s mit einem Startwert vorbelegen. $s = 0; // Den Namen von $s registrieren $sess-\u0026gt;register(\u0026#34;s\u0026#34;); ?\u0026gt; Die Beispielseite:\n\u0026lt;?php page_open(array(\u0026#34;sess\u0026#34; =\u0026gt; \u0026#34;Beispiel_Session\u0026#34;)); $s++; ?\u0026gt; \u0026lt;html\u0026gt; \u0026lt;head\u0026gt; \u0026lt;title\u0026gt;Überarbeitete Beispielseite\u0026lt;/title\u0026gt; \u0026lt;/head\u0026gt; \u0026lt;body\u0026gt; \u0026lt;h1\u0026gt;Überarbeitete Beispielseite\u0026lt;/h1\u0026gt; Der Wert von $s ist \u0026lt;?php print $s ?\u0026gt;. \u0026lt;/body\u0026gt; \u0026lt;/html\u0026gt; \u0026lt;?php page_close(); ?\u0026gt; Dieses Feature ist vor allen Dingen dann interessant, wenn eine Anwendung aus einer Vielzahl von Seiten besteht und keine ausdrückliche Startseite besteht, d.h. wenn Anwender irgendeine Seite der Anwendung aufrufen können, um sie zu starten.\n\u0026ldquo;setup.inc\u0026rdquo; wird in solchen Situationen in jedem Fall aufgerufen und sorgt für eine korrekte Initialisierung der Anwendung.\nCaching kontrollieren PHPLIB-Seiten sind meistens veränderlich und dürfen daher von einem öffentlichen Cache wie z.B. dem Squid-Cache der Firma oder des Providers nicht gespeichert werden. Wenn das nicht so wäre, könnte es sein, daß andere Anwender Seiten aus diesem Cache bekommen, die Inhalte enthalten, die nicht für sie bestimmt waren. Anders sieht es mit privaten Caches aus, etwa dem Cache, den Netscape für jeden Anwender getrennt anlegt. In vielen Anwendungen ist es zulässig, daß Seiten hier abgelegt werden, um den Bildaufbau zu beschleunigen. Dies ist zugleich auch die Default-Einstellung von PHPLIB (ab Version 7, Version 6.x verbot das Caching von Seiten vollständig).\nMittels der Variablen $allowcache und $allowcache_expire kann man festlegen, wie PHPLIB-erzeugte Seiten in Caches gelagert werden dürfen und, falls sie gecached werden dürfen, wie lange sie im Cache verbleiben können. Für die Variable $allowcache sind die drei Werte \u0026ldquo;public\u0026rdquo;, \u0026ldquo;private\u0026rdquo; (der Default) und \u0026ldquo;no\u0026rdquo; zugelassen. Mit der Einstellung \u0026ldquo;public\u0026rdquo; sendet PHPLIB eine entsprechende Cache-Control-Zeile als Header, die die Speicherung der Seite in öffentliches Caches zuläßt; mit der Einstellung \u0026ldquo;private\u0026rdquo; ist nur die Speicherung in privaten Caches zugelassen. In beiden Fällen wird dem Cache die Speicherung der Seite für $allowcache_expire Minuten gestattet, der Defaultwert ist hier 1440 Minuten, also ein Tag.\nSetzt man den Wert von allowcache auf \u0026ldquo;no\u0026rdquo;, erzeugt PHPLIB $Headerzeilen, die jegliches Caching der Seite - wo auch immer - verbieten. Netscape fordert die Seite hier schon dann neu an, wenn man nur die Größe des Browserfensters verändert.\nclass Nocache_Session extends Session { var $classname = \u0026#34;Nocache_Session\u0026#34;; var $magic = \u0026#34;schon wieder ein String\u0026#34;; var $that_class = \u0026#34;Example_CT_Sql\u0026#34;; // Caching verbieten var $allowcache = \u0026#34;no\u0026#34;; } Sessions und ein Warenkorb Mit Hilfe der Sessions und der Klasse Cart von PHPLIB kann man sich recht einfach einen Warenkorb für einen Webshop gestalten. Die Klasse Cart ist in der Include-Datei \u0026ldquo;cart.inc\u0026rdquo; von PHPLIB definiert. Damit man sie verwenden kann, muß man sie auf seinen Webseiten einbinden. Zweckmäßigerweise geschieht dies indem man in der Datei prepend.php3 an der markierten Stelle die Anweisung \u0026lsquo;require(\u0026ldquo;cart.inc\u0026rdquo;)\u0026rsquo; einfügt.\nUm einen Warenkorb verwenden zu können, muß man sich beim Start einer Session einen definieren. Am einfachsten geschieht dies mit dem bereits erwähnten auto_init-Feature der Session-Klasse.\nIn prepend.php3:\n[ ... gekürzt ... ] /* Additional require statements go below this line */ require($_PHPLIB[\u0026#34;libdir\u0026#34;] . \u0026#34;util.inc\u0026#34;); /* General utility functions */ require(\u0026#34;cart.inc\u0026#34;); // eingefügt /* Additional require statements go before this line */ [ ... gekürzt ... ] In local.inc:\n[ ... Definition der Datenbank- und Storage-Containerklasse gekürzt ... ] class Shop_Session extends Session { var $classname = \u0026#34;Shop_Session\u0026#34;; var $magic = \u0026#34;kaufmich\u0026#34;; var $that_class = \u0026#34;Example_CT_Sql\u0026#34;; var $auto_init = \u0026#34;setup.inc\u0026#34;; var $mode = \u0026#34;cookie\u0026#34;; } class My_Cart extends Cart { // hier Funktionsdefinitionen einfügen, wie weiter unten // im Text gezeigt. } In setup.inc:\n\u0026lt;?php global $cart; if (! is_object($cart)) { $cart = new My_Cart; $sess-\u0026gt;register(\u0026#34;cart\u0026#34;); } ?\u0026gt; Der Warenkorb aus PHPLIB ist sehr einfach gehalten und kann Paare aus Artikelnummern und Anzahlen speichern. Mit Hilfe der Funktionen $cart-\u0026gt;add_item($artikelnummer, $anzahl) kann man $anzahl viele Artikel mit der genannten Nummer zum Warenkorb hinzufügen, mit $cart-\u0026gt;remove_item($artikelnummer, $anzahl) wieder entfernen. Mit Hilfe der Funktion $cart-\u0026gt;set_item($artikelnummer, $anzahl) kann man die Anzahl der Artikel mit der genannten Nummer im Warenkorb direkt setzen. Der Warenkorb ist dabei intelligent genug, einen Artikel aus dem Warenkorb zu entfernen, wenn die Anzahl der Artikel auf 0 sinkt.\nDen Inhalt des gesamten Warenkorbes kann man sich mit Hilfe der Funktion $cart-\u0026gt;show_all() anzeigen lassen. Der Cart ruft dabei intern zunächst die Funktion $cart-\u0026gt;show_cart_open() auf, um dann für jeden Artikel im Warenkorb $cart-\u0026gt;show_cart_item($artikelnummer, $anzahl) einmal aufzurufen. Am Ende wird die Anzeige mit einem Aufruf von $cart-\u0026gt;show_cart_close() beendet. Ist der Warenkorb leer, wird stattdessen nur die Funktion $cart-\u0026gt;show_cart_empty() aufgerufen.\nIn Cart sind diese Funktionen nur mit der notwendigsten Anzeigelogik ausgestattet, um den Inhalt des Warenkorbes darzustellen. In einer konkreten Anwendung wird man daher die vier Anzeigefunktionen mit eigenem Code überschreiben wollen, der in der Definition von My_Cart in local.inc eingefügt werden muß.\ncart My_Cart extends Cart { // Gesamtwert des Warenkorbes var $summe = 0.0; // Paare Artikelnummer =\u0026gt; Preis var $preis = array( \u0026#34;0815\u0026#34; =\u0026gt; 17.85, \u0026#34;4711\u0026#34; =\u0026gt; 21.30, \u0026#34;64738\u0026#34; =\u0026gt; 9.99 ); // Paare Artikelnummer =\u0026gt; Beschreibung var $beschreibung = array( \u0026#34;0815\u0026#34; =\u0026gt; \u0026#34;Artikel 1\u0026#34;, \u0026#34;4711\u0026#34; =\u0026gt; \u0026#34;Artikel 2\u0026#34;, \u0026#34;64738\u0026#34; =\u0026gt; \u0026#34;Artikel 3\u0026#34; ); // Eine Tabelle eröffnen und eine Summe auf 0 setzen. function show_cart_open() { printf(\u0026#34;\u0026lt;table\u0026gt;\u0026#34;); $this-\u0026gt;summe = 0.0 } // Gesamtsumme drucken und Tabelle abschließen. function show_cart_close() { printf(\u0026#34; \u0026lt;tr\u0026gt;\\n\u0026#34;); printf(\u0026#34; \u0026lt;td\u0026gt;Gesamtsumme:\u0026lt;/td\u0026gt;\\n\u0026#34;); printf(\u0026#34; \u0026lt;td\u0026gt;%8.2f\u0026lt;/td\u0026gt;\\n\u0026#34;, $this-\u0026gt;summe); printf(\u0026#34; \u0026lt;/tr\u0026gt;\\n\u0026#34;); printf(\u0026#34;\u0026lt;/table\u0026gt;\\n\u0026#34;); } // Einen einzelnen Artikel drucken. // Summe mitführen. function show_cart_item($art, $anz) { $this-\u0026gt;summe += $this-\u0026gt;preis[$art] * $anz; printf(\u0026#34; \u0026lt;tr\u0026gt;\\n\u0026#34;); printf(\u0026#34; \u0026lt;td\u0026gt;%s\u0026lt;/td\u0026gt;\\n\u0026#34;, $this-\u0026gt;beschreibung[\u0026#34;art\u0026#34;]); printf(\u0026#34; \u0026lt;td\u0026gt;%8.2f DM (%d Stück zu %8.2f DM)\u0026lt;/td\u0026gt;\\n\u0026#34;, $this-\u0026gt;preis[$art] * $anz, $anz, $this-\u0026gt;preis[$art]); printf(\u0026#34; \u0026lt;/tr\u0026gt;\\n\u0026#34;); } } In einer konkreten Anwendung wird man die Beschreibungen und Preise der Artikel jedoch auch nicht hart codieren, sondern mit Hilfe der Artikelnummer aus einer Datenbank abfragen.\nSeiten mit Login Sessions geben dem Entwickler Webseiten mit \u0026ldquo;Erinnerungsvermögen\u0026rdquo;. Sobald man dieses hat, kann man auf der Grundlage dieser Eigenschaft weitere Features realisieren.\nMan kann sich zum Beispiel daran erinnern, ob ein Anwender im Rahmen dieser Session schon einmal einen Benutzernamen und ein Paßwort angegeben hat und wann das der Fall war. Dieses Feature nennt man Authentication, Authentifizierung, und PHPLIB bietet mit der Klasse Auth eine eigene Implementierung davon an.\nPHPLIB Authentifizierung leistet vergleichbares wie HTTP Authentifzierung, hat jedoch weder in der Implementierung noch in der Konfigurierung etwas damit zu tun. Warum also eine eigene Lösung?\nHTTP Authentifizierung sind die kleinen grauen Login-Fenster mit Username und Paßwort, die auf Paßwortgeschützten Webseiten aufgehen. Sie haben gegenüber der Authentifizierung von PHPLIB eine Reihe von Nachteilen. PHPLIB Auth hat im einzelnen die folgenden Vorteile:\nPHPLIB Authentifizierung hat ein kontrolliertes Logout-Verfahren. Dieses Logoutverfahren kann auch automatisch ablaufen: Wenn ein Anwender eine gewisse Zeit lang keine Seiten abgerufen hat, ist er automatisch ausgeloggt. Der Loginschirm ist kein kleiner grauer Requester, sondern eine reguläre HTML-Seite. Dem Entwickler stehen also alle Gestaltungsmöglichkeiten zur Verfügung: Ein Loginschirm kann nicht nur ein Firmenlogo oder andere Grafik enthalten, sondern auch eine Benutzerführung und Online-Hilfe. Die Authentifizierung erfolgt gegen eine beliebige Datenquelle, zum Beispiel einen SMB-Server (NT Domaincontroller), einen LDAP-Server oder, wie in der Standarddistribution von PHPLIB gezeigt, gegen eine Datenbanktabelle. Da die Authentifierung durch eine benutzerdefinierte PHP3-Funktion erfolgt, kann sie vollkommen frei den Bedürfnissen angepaßt werden. Die Authentifizierung erfolgt seitenweise, nicht für Teilbäume von Seiten. Es ist möglich, Authentisierung mit Registrierung zu erzeugen: Anwender, die noch kein Paßwort haben, können ein Formular mit Benutzerdaten ausfüllen und die Anwendung legt den Benutzer nach Bedarf und mit Standardrechten an. PHPLIB Auth funktioniert mit CGI PHP und mit mod_php, während durch PHP gesteuerte HTTP Authentifizierung nur mit mod_php korrekt funktioniert. PHPLIB Auth ist direkt mit einem Zugriffrechteschema gekoppelt, sodaß man ganze Seiten oder Teile von Seiten nur für Benutzer mit den passenden Rechten sichtbar werden lassen kann. Login konfigurieren In PHPLIB erzeugt man Seiten mit einem Login - wie könnte es anders sein - indem man eine Unterklasse der PHPLIB-Klasse Auth erzeugt. Eine Beispiel-Unterklasse ist in der Datei local.inc in der Distribution bereits enthalten. Diese Unterklasse verwendet eine Datenbanktabelle auth_user, um Loginnamen und Paßworte zu speichern.\n+------+ +--------------+ | Auth | -- abgeleitet --\u0026gt; | Example_Auth | +------+ +--------------+ | | | benutzt | benutzt v v +--------+ +------------+ | DB_Sql | -- abgeleitet --\u0026gt; | DB_Example | +--------+ +------------+ Abbildung 3: Klassenschema von Auth für den Gebrauch mit local.inc.\nEine Unterklasse von Auth muß mindestens die Funktionen auth_loginform() und auth_validatelogin() definieren. Die Funktion auth_loginform() wird aufgerufen, um den Loginbildschirm selbst zu malen. Dieser Loginbildschirm muß alle benötigten Eingabefelder enthalten, damit der Benutzer sich identifizieren und authentisieren kann.\nIn der Regel wird der Loginschirm also ein Feld für die Eingabe des Benutzernamens und ein Feld für die Eingabe eines Paßwortes enthalten. Wird dieses Formular abgeschickt, werden seine Inhalte auf dem Server der Funktion auth_validatelogin() bereitgestellt. Diese Funktion kann mit den Eingabedaten aus dem Formular beliebige Dinge anstellen, um die Identität des Benutzers zu bestätigen.\nDie Auth-Klasse erwartet, daß die Funktion den Wert \u0026ldquo;false\u0026rdquo; liefert, falls das Login nicht stimmig ist, oder eine gültige User-ID, falls das Login korrekt ist. Wie die Funktion die User-ID ermittelt und welcher anderen Hilfsmittel sie sich dazu bedient (zum Beispiel einer Datenbankverbindung durch ein Datenbankobjekt), ist der Auth-Klasse selbst vollkommen egal.\nDas Standardbeispiel einer Unterklasse von Auth geht davon aus, daß es eine Tabelle auth_users in der Datenbank gibt, die den nachstehend gezeigten Aufbau hat. Zu jedem Benutzer werden ein Benutzername username und das dazugehörige Paßwort password gespeichert. Außerdem gehören zu einem Benutzer noch die gewünschten Berechtigungen perms und die interne User-ID uid, mit der die Auth-Klasse arbeitet.\nIm stuff-Verzeichnis der PHPLIB-Distribution befinden sich create_database.*-Dateien für die unterschiedlichen vom PHPLIB unterstützten Datenbanken, mit denen man diese Tabellen leicht anlegen kann.\n+----------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +----------+--------------+------+-----+---------+-------+ | uid | varchar(32) | | PRI | | | | username | varchar(32) | | UNI | | | | password | varchar(32) | | | | | | perms | varchar(255) | YES | | NULL | | +----------+--------------+------+-----+---------+-------+ 4 rows in set (0.00 sec) Abbildung 4: Aufbau der Tabelle auth_users\nPHPLIB arbeitet intern immer mit User-IDs, weil diese ein festgelegtes Format haben (dasselbe die Session_IDs). Diese User-IDs werden ausschließlich intern verwendet und sind für den Anwender niemals sichtbar. Nach außen präsentiert die Anwendung immer die menschenlesbare Benutzeridentifikation, hier also den Benutzernamen username. Da PHPLIB jedoch mit beliebigen Loginverfahren arbeiten können soll, darf die Bibliothek keine Annahmen über die menschenlesbare Benutzeridentifikation machen - statt eines einzelnen Feldes username ist es genauso möglich, ein Tripel (vorname, nachname, telefon) zu definieren und zu verlangen, daß diese drei Werte statt eines Benutzernamens eingegeben werden. Die auth_user-Tabelle dient dann dazu, diese externe Darstellung einer Benutzeridentität in das festgelegte interne Format, die uid, zu übersetzen.\nEine eigene Auth-Klasse beginnt damit, daß sie Auth erweitert. Es können einige Variablen vorbelegt werden, die das Verhalten von Auth steuern, aber im einfachsten Fall genügt die nachstehende Definition:\nclass Example_Auth extends Auth { var $classname = \u0026#34;Example_Auth\u0026#34;; # Name der Klasse var $lifetime = 15; # Nach 15 Minuten Inaktivität wird der # User automatisch ausgeloggt. # Name der Klasse und Tabelle für den Datenbankzugriff var $database_class = \u0026#34;DB_Example\u0026#34;; var $database_table = \u0026#34;auth_user\u0026#34;; function auth_loginform() { global $sess; include(\u0026#34;loginform.ihtml\u0026#34;); } function auth_validatelogin() { # Siehe weiter unten. } } Die Funktion auth_loginform(), die der Entwickler selber schreiben muß, hat die Aufgabe, den Loginschirm zu zeichnen. Wir tun dies hier im Beispiel einfach dadurch, daß wir die Datei loginform.ihtml aus dem Includeverzeichnis einbinden. Die Datei enthält ein gewöhnliches HTML-Formular, das in einer Tabelle zwei Eingabefelder für einen Usernamen und ein Paßwort zeichnet.\nDas Formular übergibt das Ergebnis der Eingabe in den globalen Variablen $username und $password. Nach der Eingabe wird die Funktion auth_validatelogin() von der Auth-Klasse aufgerufen, um die Eingabe zu prüfen. Da es sich bei den beiden Variablen um globale Variablen handelt, muß die Funktion auth_validatelogin() diese Werte zunächst einmal importieren. Sie kann dann in der Datenbank nachschlagen, ob es einen Wert in der Datenbank gibt, bei dem sowohl der Username als auch das Paßwort zutreffend sind.\nFalls ja, wird die zugehörige User-ID an die Auth-Klasse zurückgegeben. Andernfalls wird mit einem false ein Fehlschlag signalisiert. Die Funktion auth_validatelogin() sieht entsprechend aus wie unten gezeigt.\nfunction auth_validatelogin() { global $username, $password; if (isset($username)) { # $username merken, damit er im loginform wieder zur Verfügung steht. $this-\u0026gt;auth[\u0026#34;uname\u0026#34;] = $username; } # Default-Ergebnis: kein Login möglich $uid = false; # Suche in der Datenbank nach $username/$password $query = sprintf(\u0026#34;select uid, perms from %s where username = \u0026#39;%s\u0026#39; and password = \u0026#39;%s\u0026#39;\u0026#34;, $this-\u0026gt;database_table, addslashes($username), addslashes($password)); $this-\u0026gt;db-\u0026gt;query($query); # Hat es Treffer gegeben? while ($this-\u0026gt;db-\u0026gt;next_record()) { # uid merken für die Rückgabe $uid = $this-\u0026gt;db-\u0026gt;f(\u0026#34;uid\u0026#34;); # Die Zugriffsrechte merken wir uns hier nur, um es # Perm nachher einfacher zu machen. Erklärung folgt weiter # unten. $this-\u0026gt;auth[\u0026#34;perm\u0026#34;] = $this-\u0026gt;db-\u0026gt;f(\u0026#34;perms\u0026#34;); } # An dieser Stelle hat $uid entweder einen Wert aus # der Datenbank oder ist false. return $uid; } Mit Hilfe dieser Klasse kann jetzt eine einzelne Seite geschützt werden. Dazu ist der Aufruf von page_open() im Kopf der Seite um ein weiteres Feature zu ergänzen: Neben dem Namen der Klasse für das Session-Management ist dort auch noch der Name der Klasse für die Benutzeranmeldung mit anzugeben. Die entsprechende Zeile sieht so aus:\n\u0026lt;?php page_open(array(\u0026#34;sess\u0026#34; =\u0026gt; \u0026#34;Example_Session\u0026#34;, \u0026#34;auth\u0026#34; =\u0026gt; \u0026#34;Example_Auth\u0026#34;)); ?\u0026gt; \u0026lt;html\u0026gt; \u0026lt;head\u0026gt; \u0026lt;title\u0026gt;Seite mit Zugriffschutz\u0026lt;/title\u0026gt; \u0026lt;/head\u0026gt; \u0026lt;body bgcolor=\u0026#34;#ffffff\u0026#34;\u0026gt; \u0026lt;h1\u0026gt;Seite mit Zugriffschutz\u0026lt;/h1\u0026gt; Ihr Benutzername ist \u0026lt;?php print $auth-\u0026gt;auth[\u0026#34;uname\u0026#34;] ?\u0026gt; und ihre User-ID ist \u0026lt;?php print $auth-\u0026gt;auth[\u0026#34;uid\u0026#34;] ?\u0026gt;. \u0026lt;/body\u0026gt; \u0026lt;/html\u0026gt; \u0026lt;?php page_close(); ?\u0026gt; Die Auth-Klasse bzw. ihre Unterklasse Example_Auth sorgt dafür, daß der Funktionsaufruf page_open() nur dann erfolgreich zurückkehrt, wenn der betreffende Benutzer sich erfolgreich anmelden konnte. Intern startet page_open() bei dem gezeigten Aufruf die Funktionen des Example_Auth-Objektes und dieses sorgt bei nicht angemeldeten Benutzern dafür, daß der Loginschirm gemalt wird und das Programm dann beendet wird. Das bedeutet: In so einem Fall wird der Rest der Seite, nach dem page_open()-Aufruf, gar nicht mehr angezeigt.\nWeitergehende Konfigurationsmöglichkeiten Wie die Session-Klasse verfügt auch die Auth-Klasse über einige vordefinierte Variablen, mit denen man ihr Verhalten beeinflussen kann.\nDie wichtigste ist die Variable $lifetime, mit der man die Lebensdauer einer Anmeldung in Minuten festlegen kann. Ist ein Benutzer für die angegebene Zeit oder länger inaktiv, erlischt seine Anmeldung automatisch und er muß sich beim System erneut anmelden.\nDie $lifetime einer Auth-Klasse unterscheidet sich fundamental von der $lifetime einer Session-Klasse und man muß beide genau unterscheiden: Die Lifetime einer Session bestimmt, wie lange der Cookie im Browser des Users gültig ist. Erlischt eine Session, ist nicht nur die Anmeldung eines Benutzers verloren, sondern alle seine Variablen sind unerreichbar. Sie stehen zwar noch einige Zeit in der Datenbank, aber ohne die Session-ID im Cookie des Browsers sind sie nicht mit dem Browser zu verknüpfen.\nIm Gegensatz dazu bestimmt die $lifetime einer Auth-Klasse, wie lange die Anmeldung eines Benutzers inaktiv sein kann. Erlischt die $lifetime einer Auth-Klasse, erscheint zwar beim folgenden Zugriff auf die Anwendung der Loginbildschirm, aber die Daten des Benutzers sind nicht verloren und nach einer erneuten Anmeldung kann er weiterarbeiten als sei nichts geschehen.\nDer empfohlene Wert für die $lifetime einer Session ist 0 - in diesem Fall verwendet PHPLIB Session-Cookies, die nicht in der cookies.txt des Browsers gespeichert werden und die mit dem Beenden des Browsers automatisch verloren gehen. Da Session-Cookies keine zeitlich begrenzte Laufzeit haben, brauchen sie auch nicht erneuert zu werden. Es genügt, sie einmal beim Setup der Session zu setzen.\nDer empfohlene Wert für die $lifetime einer Auth-Klasse ist irgendwo zwischen 15 und 60 Minuten anzusiedeln. Die $lifetime einer Auth-Klasse ist eine rein interne Sache der Datenbank, sie braucht nicht über Cookies erneuert zu werden.\nMit Hilfe der Variablen $mode, die die Werte \u0026ldquo;log\u0026rdquo; (default) und \u0026ldquo;reg\u0026rdquo; annehmen kann, kann man PHPLIB aus demLoginmodus in den Registrierungsmodus bringen. Im Registrierungsmodus werden statt der beiden Funktionen auth_loginform() und auth_validatelogin() die Funktionen auth_registerform() und auth_doregister() aufgerufen.\nauth_registerform() muß wieder einen Bildschirm zeichnen, in dem in diesem Fall die von dem Benutzer vorlangten Daten abgefragt werden und auth_doregister() hat dann diese Informationen in die Datenbank einzutragen und die User-ID des Benutzers zurückzuliefern.\nSchließlich gibt es noch die Variable $nobody, mit der man die sogenannte Default Authentication erzeugen kann. Mehr dazu weiter unten.\nZugriffsrechte Sobald man weiß, um wen es sich bei einem Benutzer handelt, kann man sich überlegen, welche Zugriffsrechte man diesem Benutzer gestatten möchte: Wenn man einen Benutzer authentisiert hat, kann man sich um seine Autorisierung kümmern.\nIn PHPLIB wird dies durch die Klasse Perm erledigt, in der die Zugriffsrechte, die die Anwendung kennt, definiert werden und die im Fehlerfall einen Bildschirm zeichnet, der den Benutzer draußen hält. Als Entwickler muß man dazu die Klasse Perm durch Bildung einer Unterklasse an seine Bedürfnisse anpassen. Die Abbildung zeigt das zugehörige Klassendiagramm.\n+------+ +--------------+ | Perm | -- abgeleitet --\u0026gt; | Example_Perm | +------+ +--------------+ Abbildung 5: Klassendiagramm zur Anwendung der Klasse Perm.\nIn der Unterklasse von Perm kann man mit Hilfe des Arrays $permissions definieren, welche Zugriffsrechte unsere Anwendung erkennt. Bei den Zugriffsrechten handelt es sich um Namen für Bitmuster, zum Beispiel \u0026ldquo;user\u0026rdquo;, \u0026ldquo;author\u0026rdquo;, \u0026ldquo;editor\u0026rdquo;, \u0026ldquo;supervisor\u0026rdquo; und \u0026ldquo;admin\u0026rdquo; in dem in local.inc in der Distribution mitgelieferten Beispiel. Im Beispiel wird jedes dieser Zugriffsrechte auf ein einzelnes Bit abgebildet.\nclass Example_Perm extends Perm { var $classname = \u0026#34;Example_Perm\u0026#34;; var $permissions = array( \u0026#34;user\u0026#34; =\u0026gt; 1, \u0026#34;author\u0026#34; =\u0026gt; 2, \u0026#34;editor\u0026#34; =\u0026gt; 4, \u0026#34;supervisor\u0026#34; =\u0026gt; 8, \u0026#34;admin\u0026#34; =\u0026gt; 16 ); function perm_invalid($does_have, $must_have) { global $perm, $auth, $sess; global $_PHPLIB; include($_PHPLIB[\u0026#34;libdir\u0026#34;] . \u0026#34;perminvalid.ihtml\u0026#34;); } } Ein User kann beliebig viele dieser Zugriffsrechte in dem Feld perms der Tabelle auth_user zugewiesen bekommen. Dazu sind die Zugriffsrechte dieses Users durch Komma getrennt aufzuführen - Wichtig: Keine Leerzeichen! Die Rechte müssen direkt hintereinander geschrieben werden, also z.B. \u0026ldquo;user,admin\u0026rdquo;.\nDer Benutzer hat dann die effektiven Zugriffsrechte der Ver-ODER-ung beider Bitmuster. PHPLIB nimmt die Zugriffsrechte des Benutzers und prüft diese gegen die Zugriffsrechte, die zum Betreten der Seite notwendig sind.\nDies geschieht mit der Funktion check(), etwa so:\n\u0026lt;?php page_open(array(\u0026#34;sess\u0026#34; =\u0026gt; \u0026#34;Example_Session\u0026#34;, \u0026#34;auth\u0026#34; =\u0026gt; \u0026#34;Example_Auth\u0026#34;, \u0026#34;perm\u0026#34; =\u0026gt; \u0026#34;Example_Perm\u0026#34;)); # Zum Betreten dieser Seite sind \u0026#34;user\u0026#34;-Rechte notwendig. $perm-\u0026gt;check(\u0026#34;user,admin\u0026#34;); ?\u0026gt; \u0026lt;html\u0026gt; \u0026lt;head\u0026gt; \u0026lt;title\u0026gt;Herzlichen Glückwunsch\u0026lt;/title\u0026gt; \u0026lt;/head\u0026gt; \u0026lt;body\u0026gt; \u0026lt;h1\u0026gt;Sie sind berechtigt\u0026lt;/h1\u0026gt; Wenn Sie dies lesen können, sind sie berechtigt, diese Seite zu betreten. \u0026lt;/body\u0026gt; \u0026lt;/html\u0026gt; Der Zugriff auf eine Seite ist gestattet, wenn der Benutzer alle in $perm-\u0026gt;check() verlangten Zugriffsrechte besitzt. Dazu werden die Bitmuster der im $perm-\u0026gt;check() aufgeführten Rechte miteinander ver-ODER-t und mit den effektiven Rechten des Benutzers ver-UND-et. Das Resultat muß den verlangten Rechten der Seite entsprechen.\nDie effektiven Zugriffsrechte eines Benutzers: user ergeben als Bitmuster: 16 Die verlangten Zugriffsrechte der Seite: user,admin ergeben als Bitmuster: 17 Rechteprüfung: Effektive Zugriffsrechte: 17 AND verlangte Rechte: 16 SIND 17 \u0026amp; 16 = 16 MÜSSEN SEIN verlangte Rechte 17 =\u0026gt; Zugriff verboten. Abbildung 6: Eine Beispielrechnung für Zugriffsrechte: Ein User mit dem Recht \u0026ldquo;user\u0026rdquo; versucht auf eine Seite mit den verlangten Rechten \u0026ldquo;user,admin\u0026rdquo; zuzugreifen.\nDie Zugriffsrechte in diesem Beispiel bezeichnen wir als atomare Zugriffsrechte, weil jedes Recht nur einem einzelnen gesetzten Bit entspricht. Atomare Zugriffsrechte sind die einfachsten aller Rechteschemata, weil sie sehr einfache Rechteprüfungen erlauben: Um eine Seite zu sehen, die mit den Rechten user,editor,admin geschützt ist, muß man mindestens die Rechte user,editor,admin in der auth_user-Tabelle zugewiesen bekommen haben.\nEin anderes populäres Rechteschema sind Userlevel oder inklusive Rechte. In diesem Schema ist jedes Zugriffsrecht eine Erweiterung aller vorhergehenden Rechte. Man erreicht dies zum Beispiel mit dieser Definition:\nclass Inclusive_Perm extends Perm { var $classname = \u0026#34;Inclusive_Perm\u0026#34;; var $permissions = array( \u0026#34;user\u0026#34; =\u0026gt; 1, \u0026#34;author\u0026#34; =\u0026gt; 3, \u0026#34;editor\u0026#34; =\u0026gt; 7, \u0026#34;supervisor\u0026#34; =\u0026gt; 15, \u0026#34;admin\u0026#34; =\u0026gt; 31 ); } In so einem Fall kann ein Benutzer mit dem Recht admin leicht auf eine Seite zugreifen, die das Zugriffsrecht \u0026ldquo;user\u0026rdquo; verlangt.\nAuch in diesem Fall ist die Funktionsweise leicht zu merken: Ein Benutzer mit einem höheren Userlevel kann auf alle Funktionen eines niedrigeren Zugriffslevels zugreifen. Wegen der internen Organisation von PHP können bis zu 31 verschiedene Rechtebits verwendet werden.\nDie effektiven Zugriffsrechte eines Benutzers: admin ergeben als Bitmuster: 31 Die verlangten Zugriffsrechte der Seite: user ergeben als Bitmuster: 1 Rechteprüfung: Effektive Zugriffsrechte: 31 AND verlangte Rechte: 1 SIND 31 \u0026amp; 1 = 1 MÜSSEN SEIN verlangte Rechte 1 =\u0026gt; Zugriff erlaubt. Abbildung 7: Eine Beispielrechnung für Zugriffsrechte: Ein User mit dem Recht \u0026ldquo;admin\u0026rdquo; versucht auf eine Seite mit den verlangten Rechten \u0026ldquo;user\u0026rdquo; zuzugreifen.\nSeiten mit optionalem Login In vielen Anwendungen möchte man Benutzer ohne Anmeldung nicht einfach hinauswerfen, sondern ihnen eine gewisse Grundfunktionalität bieten, die man für angemeldete Benutzer erweitert. In PHPLIB ist es nicht möglich, daß auf Seiten, die eine Anmeldung verlangen unangemeldete Benutzer operieren, aber man kann dafür sorgen, daß nicht angemeldete Benutzer auf eine spezielle Gastbenutzer-Identität, nobody, abgebildet werden.\nWenn man PHPLIB auf diese Weise verwenden möchte, definiert man sich eine Unterklasse von Auth, in der die Variable $nobody auf true gesetzt ist. Sobald man eine Seite betritt, auf der eine Anmeldung verlangt wäre, man selbst jedoch nicht angemeldet ist, setzt PHPLIB die Benutzeridentität auf den speziellen Wert \u0026ldquo;nobody\u0026rdquo;, ohne daß ein Loginschirm verlangt wird.\nclass Example_Auth extends Auth { var $classname = \u0026#34;Example_Auth\u0026#34;; # Name der Klasse var $lifetime = 15; # Nach 15 Minuten Inaktivität wird der # User automatisch ausgeloggt. # Name der Klasse und Tabelle für den Datenbankzugriff var $database_class = \u0026#34;DB_Example\u0026#34;; var $database_table = \u0026#34;auth_user\u0026#34;; # Default Authentication verwenden var $nobody = true; function auth_loginform() { global $sess; include(\u0026#34;loginform.ihtml\u0026#34;); } function auth_validatelogin() { # Code wie üblich } } Um die Anzeige des Loginschirms zu erzwingen muß man speziellen Code auf seiner Seite unterbringen: Die Funktion login_if() der Klasse Auth zeigt den Loginbildschirm an, wenn sie mit einem Argument aufgerufen wird. Man kann also einen Button oder ein Link auf seiner Seite unterbringen, das dieselbe Seite mit einem Argument aufruft und dies am Seitenanfang abfragen.\nIn Code sieht das folgendermaßen aus:\n\u0026lt;?php # using Default Authentication page_open(array(\u0026#34;sess\u0026#34; =\u0026gt; \u0026#34;Example_Session\u0026#34;, \u0026#34;auth\u0026#34; =\u0026gt; \u0026#34;Example_Auth\u0026#34;)); # Falls wir mit dem Parameter $again aufgerufen wurden, # Loginscreen anzeigen. $auth-\u0026gt;login_if($again); # Wenn wir als \u0026#34;nobody\u0026#34; angemeldet sind, # Login-Link anzeigen. if ($auth-\u0026gt;auth[\u0026#34;uid\u0026#34;] == \u0026#34;nobody\u0026#34;): ?\u0026gt; \u0026lt;A HREF=\u0026#34;\u0026lt;?php $sess-\u0026gt;purl(\u0026#34;$PHP_SELF?again=yes\u0026#34;) ?\u0026gt;\u0026#34;\u0026gt;Login\u0026lt;/A\u0026gt; aufrufen. \u0026lt;?php endif ?\u0026gt; Benutzerspezifische Variablen Dadurch, daß PHPLIB intern User-IDs statt Usernamen verwendet und daß diese User-IDs dasselbe Format wie Session-IDs haben, ist es möglich, eine Klasse User zu haben, die ebenso wie die Klasse Session funktioniert, aber mit User-IDs arbeitet.\nVariablen, die bei der Klasse User statt Session registriert werden, stehen erst nach einem Login zur Verfügung, haben dafür aber eine längere Lebensdauer. Typischerweise wird man hier benutzerbezogene Einstellungen ablegen.\n+------+ +--------------+ | User |-- abgeleitet --\u0026gt; | Example_User | +------+ +--------------+ ^ | | | benutzt | v | zu CT_Sql | +-----------------------+ | +---------+-- abgeleitet + +-----------------+ | Session |-- abgeleitet --\u0026gt; | Example_Session | +---------+ +-----------------+ | | | benutzt | benutzt v v +--------+ +----------------+ | CT_Sql | -- abgeleitet --\u0026gt; | Example_CT_Sql | +--------+ +----------------+ | | | benutzt | benutzt v v +--------+ +------------+ | DB_Sql | -- abgeleitet --\u0026gt; | DB_Example | +--------+ +------------+ Abbildung 7: Klassendiagramm für die Klasse User.\nDie Klasse User ist von der Klasse Session abgeleitet, und dann so modifiziert worden, daß sie statt Cookies und Session-IDs die UID des angemeldeten Users verwendet. Um diese Klasse verwenden zu können, muß man sich eine von User abgeleitete Klasse in local.inc definieren.\nDie Beispielklasse Example_User in der local.inc-Datei zeigt, wie dies geht - da User von Session abstammt, gilt im Prinzip alles unter Session gesagte.\nclass Example_User extends User { var $classname = \u0026#34;Example_User\u0026#34;; var $magic = \u0026#34;Abracadabra\u0026#34;; var $that_class = \u0026#34;Example_CT_Sql\u0026#34;; } Die Klasse wird genau wie die Session-Klasse verwendet. Da sie einen angemeldeten Benutzer voraussetzt, kann sie nur mit der Klasse Auth zusammen verwendet werden.\n\u0026lt;?php # Laden der Variablen aus der Datenbank. page_open(array(\u0026#34;sess\u0026#34; =\u0026gt; \u0026#34;Example_Session\u0026#34;, \u0026#34;auth\u0026#34; =\u0026gt; \u0026#34;Example_Auth\u0026#34;, \u0026#34;user\u0026#34; =\u0026gt; \u0026#34;Example_User\u0026#34;)); # Die globale Variable $s ist nun bei der Session registriert. $sess-\u0026gt;register(\u0026#34;s\u0026#34;); # Die globale Variable $u ist nun bei User registriert. $user-\u0026gt;register(\u0026#34;u\u0026#34;); # $s und $u werden auf definierte Startwerte gesetzt, wenn die # Variable noch nicht existiert. if (!isset($s)) $s = 0; if (!isset($u)) $u = 0; // $s und $uhochzählen. $s++; $u++; ?\u0026gt; \u0026lt;html\u0026gt; \u0026lt;head\u0026gt; \u0026lt;title\u0026gt;Eine Testseite\u0026lt;/title\u0026gt; \u0026lt;/head\u0026gt; \u0026lt;body\u0026gt; \u0026lt;h1\u0026gt;Eine Testseite\u0026lt;/h1\u0026gt; Die Variable $s hat den Wert \u0026lt;?php print $s ?\u0026gt;.\u0026lt;br\u0026gt; Die Variable $u hat den Wert \u0026lt;?php print $u ?\u0026gt;. \u0026lt;/body\u0026gt; \u0026lt;/html\u0026gt; \u0026lt;?php // Zurückspeichern der Variablen in die Datenbank page_close(); ?\u0026gt; PHPLIB Referenz DB_Sql Die Beschreibung bezieht sich auf die Implementierung von DB_Sql für MySQL (db_mysql.inc). Die Parameter für den Connect können sich in Abhängigkeit vom SQL-Servertyp leicht unterscheiden, je nachdem, welche Informationen der Datenbankserver für den Connect verlangt.\nVariablen: Host: Hostname, auf dem der SQL Datenbankserver läuft. Database: Name der MySQL Database, die auf dem Server verwendet werden soll. User: Benutzername, mit dem sich die Anwendung auf dem Datenbankserver anmelden soll. Password: Paßwort, mit dem die Anmeldung erfolgen soll. Row: Zeilennummer der aktuellen Zeile eines Anfrageergebnisses, beginnend bei 0. Record: Ein assoziatives Array mit der aktuellen Zeile eines Anfrageergebnisses. Die Spalten des Ergebnisses sind unter den Spaltennamen (Schreibweise beachten!) und unter numerischen Spaltenindices verfügbar. Errno: Fehlernummer der Datenbank. Error: Klartext-Fehlerbeschreibung des Datenbankfehlers. Auto_Free: Automatische Freigabe des Anfrageergebnisses, wenn das Ergebnis vollständig gelesen wurde (true, false). Debug: true: Alle Anfragen an die Datenbank werden zwecks Fehlersuche ausgegeben. Halt_On_Error: Verhalten des Programmes im Fehlerfall: \u0026ldquo;no\u0026rdquo;: Der Fehler wird ignoriert. \u0026ldquo;report\u0026rdquo;: Der Fehler wird gemeldet, aber das Programm nicht abgebrochen. \u0026ldquo;yes:\u0026rdquo; Das Programm wird mit einer Fehlermeldung angehalten. Funktionen: query($query_string): Die Funktion sendet die SQL-Anweisung in $query_string an den Datenbankserver. Nach dem Absenden werden die Variablen Error und Errno aktualisiert. Wenn die Anweisung syntaktisch fehlerhaft war, wird die Funktion halt() aufgerufen und das Programm gemäß den Einstellungen von $Halt_On_Error angehalten. Wenn noch kein Datenbank-Link existiert, wird vor dem Absenden der Query intern die Funktion connect() aufgerufen. Die Funktion gibt die interne Result-ID zurück, die entweder eine positive Zahl oder 0 (false) ist, wenn die Query zu einem Fehler führte. next_record(): Die Funktion setzt den Cursor auf das nächste Ergebnis in der Ergebnismenge und aktualisiert die Variablen Record, Row, Error und Errno. Die Funktion liefert den Wert true, wenn ein weiteres Ergebnis verfügbar ist und den Wert false, wenn die aktuelle Ergebnismenge durchlaufen wurde. Wenn die Variable $Auto_Free auf true gesetzt war, wird automatisch free_result() aufgerufen, um den Speicher freizugeben, bevor das Ergebnis false zurückgegeben wird. Eine typische Anwendung von query() und next_record() sieht so aus: $db = new DB_Example; $db-\u0026gt;query(\u0026#34;select * from table where bedingung = 1\u0026#34;); while ($db-\u0026gt;next_record()) { printf(\u0026#34;Name = %s\\n\u0026#34;, $db-\u0026gt;f(\u0026#34;name\u0026#34;)); } seek($pos): Die Funktion positioniert den aktuellen Zeilenzeiger innerhalb der Ergebnismenge an die angegebene Position. Dies ist nützlich, um innerhalb einer Ergebnismenge hin- und herzuspringen oder eine Ergebnismenge zweimal zu lesen. Die angegebene Position wird nicht auf Gültigkeit überprüft. Hinweis: Wenn $Auto_Free auf true gesetzt wird, ist die Funktion seek() unter Umständen nicht sinnvoll einsetzbar, weil die Ergebnismenge beim berühren des Endes der Ergebnismenge automatisch freigegeben wird. metadata($table, $full=false): Die Funktion gibt Informationen über den Aufbau der benannten Tabelle in Form eines zweidimensionalen Feldes zurück. Das Feld ist in der ersten Dimension numerisch indiziert (Start bei 0) und enthält einen Eintrag pro Spalte der Tabelle. Für jede Tabellenspalte enthält der Eintrag die Informationen Tabellennamen (\u0026ldquo;table\u0026rdquo;), Spaltenname (\u0026ldquo;name\u0026rdquo;), Spaltentyp (\u0026ldquo;type\u0026rdquo;), Spaltenbreite (\u0026ldquo;len\u0026rdquo;) und Spaltenflags (\u0026ldquo;flags\u0026rdquo;). Ist das optionale Flag auf true gesetzt, wird außerdem ein Eintrag num_fields mit der Anzahl der Spalten in der Tabelle und ein Eintrag meta generiert. Der Eintrag meta enhält eine Liste mit einer Übersetzungstabelle von Feldnamen nach Spaltennummern. Das Ergebnis von metadata() ist passend für die Funktion show() der Klasse Table, wenn das Flag $full auf false steht. Hinweis: Nicht alle Datenbankinterfaces unterstützen die Funktion metadata() gleich gut. table_names(): Die Funktion gibt Informationen über die vorhandenen Tabellen in Form eines zweidimensionales Feldes zurück. Das Feld ist in der ersten Dimension numerisch indiziert (Start bei 0) und enthält einen Eintrag pro Tabelle. Für jede Tabelle enthält der Eintrag die Informationen Tabellenname (\u0026ldquo;table_name\u0026rdquo;), Name des Tablespaces (\u0026ldquo;tablespace_name\u0026rdquo;) und Name der Datenbank (\u0026ldquo;database\u0026rdquo;). Hinweis: Nicht alle Datenbankinterfaces unterstützen die Funktion table_names() gleich gut. num_rows(), nf(): Gibt die Anzahl der Zeilen der Ergebnismenge zurück. Zutreffend auf die Ergebnisse von SELECT-Anweisungen. affected_rows(): Gibt die Anzahl der Zeilen zurück, die von einem INSERT, UPDATE oder DELETE-Statement betroffen waren. num_fields(): Gibt die Anzahl der Spalten einer Ergebnismenge zurück. Zutreffend auf die Ergebnisse von SELECT-Anweisungen. f($field): Identisch mit return $db-\u0026gt;Record[$field]. p($field): Identisch mit print $db-\u0026gt;Record[$field]. haltmsg($msg): Die Funktion wird intern verwendet, um die Fehlermeldung $msg auszugeben, wenn ein Datenbankfehler auftritt. Sie kann in einer Unterklasse überschrieben werden, um die Fehlermeldung zu loggen oder sonstwie zu behandeln. Die Funktion wird nur dann aufgerufen, wenn $Halt_On_Error auf \u0026ldquo;report\u0026rdquo; oder \u0026ldquo;yes\u0026rdquo; steht. halt($msg): Die Funktion wird intern verwendet, um die Variablen $Error und $Errno zu aktualisieren und $Halt_On_Error auszuwerten. Sie ruft ggf. die Funktion haltmsg() auf. Die Funktion kann in einer Unterklasse überschrieben werden, um eine andere Fehlerbehandlung zu implementieren. Seitenverwaltungsfunktionen Funktionen: page_open(array()); : Diese Funktion muß am Anfang einer Seite aufgerufen werden. Sie enthält eine Zuordnung von gewünschten Features der Seite zu Klassennamen. Derzeit existieren die folgenden Features: sess: Die Seite verwendet Session-Variablen. auth: Die Seite verwendet Authentisierung. Um das auth-Feature verwenden zu können, muß auch sess aktiviert sein. perm: Die Seite verwendet Benutzerrechteverwaltung. Um das perm-Feature verwenden zu können, müssen auch sess und auth aktiviert sein. user: Die Seite verwendet User-Variablen. Um das user-Feature verwenden zu können, müssen auch sess und auth aktiviert sein. Eine beispielhafte Anwendung sieht so aus:\npage_open(array(\u0026#34;sess\u0026#34; =\u0026gt; \u0026#34;Example_Session\u0026#34;)); Dieser Aufruf erzeugt eine Instanz der Klasse Example_Session unter dem Namen $sess. Diese Instanz kann dann in Aufrufen verwendet werden ($sess-\u0026gt;register(\u0026ldquo;s\u0026rdquo;)). Die abgeleiteten Klassen, die als Parameter zu jedem Feature angegeben werden, werden in der Regel in der Datei local.inc definiert.\npage_close(): Die Funktion muß am Ende jeder Seite aufgerufen werden (nachdem alle registrierten Variablen ausgerechnet wurden). Sie speichert diese Variablen zurück in der Datenbank. Momentan ist es harmlos, page_close() auf einer Seite mehrfach aufzurufen, aber dies kann sich in der Zukunft ändern. CT_Sql Um die Session-Klasse ihren Daten in einer SQL-Datenbank abspeichern zu lassen, wird in der Session-Klasse der Name einer Unterklasse von CT_Sql als Container $that_class eingetragen.\nVariablen: database_table: Name der Datenbanktabelle, in der die Session ihre Daten speichern soll. database_class: Name der DB_Sql Unterklasse, die zum Zugriff auf die Datenbank verwendet werden soll. Die Klasse wird von Session intern verwendet und hat keine allgemein anwendbaren Funktionen.\nCT_Split_Sql Diese Klasse ist praktisch mit der CT_Sql-Klasse identisch, mit dem Unterschied, daß sie mehrere Zeilen in der Tabelle verwenden kann, wenn die Menge der zu speichernden Daten über das hinausgeht, was die Datenbank verarbeiten kann. Dies ist vor allen Dingen interessant, wenn die Datenbank Probleme mit BLOBs hat.\nHinweis: Die Klasse ist nicht tabellenkompatibel mit CT_Sql. Es muß eine Tabelle active_sessions_split verwendet werden, deren Layout in den create_database.*-Scripten im stuff-Verzeichnis der Distribution beschrieben ist.\nVariablen: database_table: Name der Datenbanktabelle, in der die Session ihre Daten speichern soll. database_class: Name der DB_Sql Unterklasse, die zum Zugriff auf die Datenbank verwendet werden soll. split_length: Anzahl der Bytes, nach denen ein Session-Record aufgeteilt werden soll (Default: 4096). Die Klasse wird von Session intern verwendet und hat keine allgemein anwendbaren Funktionen.\nCT_Shm Um Sessions in System V Shared Memory-Segmenten zu speichern, muß der PHP-Interpreter mit shm-Support übersetzt worden sein (Die Ausgabe der phpinfo()-Funktion zeigt dies an) und es muß als Containerklasse bei Session CT_Shm oder eine Unterklasse davon angegeben werden.\nVariablen: max_sessions: Maximale Anzahl von gleichzeitig aktiven Sessions. shm_key: Der eindeutige (wichtig!) shm_key für das Shared Memory-Segment, das verwendet werden soll. shm_size: Größe des zu verwendenden Shared Memory-Segmentes in Byte. Der Speicher wird bestellt, wenn das Segment das erste Mal verwendet wird. Für durchschnittlich kleine Mengen von Session-Variablen kann man als Schätzwert shm_size = max_sessions * 600 annehmen. Die Klasse wird von Session intern verwendet und hat keine allgemein anwendbaren Funktionen.\nCT_Dbm Um Sessions in UNIX DBM-Dateien zu speichern, muß der PHP-Interpreter mit dem passenden DBM-Support übersetzt worden sein (Die Ausgabe der phpinfo()-Funktion zeigt dies an) und es muß als Containerklasse bei Session CT_Dbm bzw. eine Unterklasse davon angegeben werden.\nVariablen: dbm_file: Der Pfadname der zu verwendenden DBM-Datei. Die Datei muß bereits existieren und durch den Server beschreibbar sein. Die Klasse wird von Session intern verwendet und hat keine allgemein anwendbaren Funktionen.\nCT_Ldap Um Sessions auf einem LDAP-Server zu speichern, muß der PHP-Interpreter mit LDAP-Support übersetzt worden sein (Die Ausgabe der phpinfo()-Funktion zeigt dies an) und es muß als Containerklasse bei Session CT_Ldap bzw. muß als Containerklasse bei Session CT_Dbm bzw. eine Unterklasse davon angegeben werden.\nVariablen: ldap_host: Hostname des LDAP-Servers, der verwendet werden soll. ldap_port: Portnummer des LDAP-Servers, der verwendet werden soll (Default: 389). basedn: DN, unterhalb dessen die Daten abgelegt werden sollen. rootdn: Wurzel-DN des LDAP-Servers, wird benötigt, um sich mit dem Server verbinden zu können. rootpw: Zur rootdn passendes Paßwort. objclass: Name der objectclass, der von PHPLIB zu werden ist (siehe auch ldap.ldif im stuff-Verzeichnis der Distribution) Die Klasse wird von Session intern verwendet und hat keine allgemein anwendbaren Funktionen.\nSession Die Klasse Session verwaltet eine Liste von globalen Variablennamen, und lädt und speichert die Typen und Werte dieser Variablen in serialisierter Form am Anfang und Ende jeder Seite. Die Variablen können vom Typ Skalar (string, integer, float) oder Array sein. Objekte können ebenfalls gesichert und geladen werden, wenn sie die Instanzvariablen classname und persistent_slots haben, damit der Name ihrer Klasse und die zu sichernden Slots bestimmt werden können.\nclassname: Name der Klasse. Alle von PHPLIB zu sichernden oder zu ladenden Objekte müssen einen Slot classname haben, der den genauen Namen der Klasse enthält. magic: Ein geheimer String, der verwendet wird, um die Session-IDs schwerer ratbar zu machen. Der String kann irgendeinen Wert haben. Es ist nur wichtig, diesen Wert geheim zu halten. mode: Betriebsart. Entweder \u0026ldquo;cookie\u0026rdquo; (empfohlen) oder \u0026ldquo;get\u0026rdquo;. In cookie-Mode wird die Session-ID vom Browser per Cookie eingeliefert, in get-Mode als CGI-Parameter einer URL. fallback_mode: Wenn $mode = \u0026ldquo;cookie\u0026rdquo; ist, kann man diese Variable auf den Wert \u0026ldquo;get\u0026rdquo; setzen. PHPLIB verwendet dann automatisch get-Mode, wenn auf dem zugreifenden Browser cookies abgeschaltet sind. lifetime: Lebensdauer des Cookies, den PHPLIB verwendet, in Minuten. Wenn dieser Wert auf 0 steht (default), werden Session-Cookies verwendet. Diese Cookies haben dieselbe Lebensdauer wie der Browser des Anwenders und werden nicht in der cookies.txt-Datei gespeichert. Dies ist die empfohlene Betriebsart. gc_time: PHPLIB führt in Abständen eine garbage collection auf der Tabelle active_sessions durch. Dabei werden alle Session-Daten gelöscht, die älter als gc_time Minuten sind. Der Standardwert ist 1440 (ein Tag) und kann so beibehalten werden. gc_probability: Bei jedem Zugriff auf eine Session wird mit der Wahrscheinlichkeit gc_probability Prozent eine Garbage-Collection ausgelöst. Der Standardwert ist 5, was für Server mit niedrigem Traffic in Ordnung ist. Auf stark belasteten Servern kann der Wert auf 1 gesetzt werden. allowcache: Zugelassene Werte sind \u0026ldquo;no\u0026rdquo;, \u0026ldquo;private\u0026rdquo; (Default) und \u0026ldquo;public\u0026rdquo;. Der Wert bestimmt, welche HTTP-Header erzeugt werden, die das Caching von PHPLIB-Seiten gestatten. Mit der Einstellung \u0026ldquo;no\u0026rdquo; wird das Speichern der Seiten in Caches generell verboten, mit der Einstellung \u0026ldquo;private\u0026rdquo; wird dem Browser des Anwenders das Speichern der Seite im Cache gestattet, aber öffentlichen Caches verboten und mit der Einstellung \u0026ldquo;public\u0026rdquo; wird das Cachen der erzeugten Seiten generell erlaubt. allowcache_expires: Das Speichern der erzeugten Seiten wird den Caches für maximal die hier konfigurierte Anzahl von Minuten erlaubt (Default: 1440, ein Tag). that_class: Name der Containerklasse (eine Unterklasse von CT_Sql, CT_Split_Sql, CT_Shm, CT_Dbm, CT_Ldap), die von der Session verwendet wird, um ihre Daten zu laden und zu speichern. auto_init: Name einer Datei aus dem include-Verzeichnis, die beim Erstellen einer neuen Session geladen und ausgeführt wird. Die Ausführung der Datei erfolgt im Kontext einer Funktion, sodaß alle zu definierenden globalen Variablen mit \u0026ldquo;global\u0026rdquo; importiert werden müssen. Funktionen: register(\u0026ldquo;varname\u0026rdquo;): Die Variable mit dem angegebenen Namen wird bei der Session registriert. Der Name kann sich auf eine globale Variable vom Typ Skalar, Array oder Objekt beziehen. Wenn es sich bei der Variablen um ein Objekt handelt, muß es die folgenden beiden Slots besitzen: classname: String, Name der Klasse des Objektes.\npersistent_slots: Array von Strings, Namen der Slots des Objektes, die von der Session gesichert werden sollen.\nEs ist ohne Nachteile möglich, denselben Namen mehrmals zu registrieren.\nunregister(\u0026ldquo;varname\u0026rdquo;): Die Variable mit dem angegebenen Namen wird bei der Session wieder ent-registriert. Die Variable wird nicht gelöscht, ihr Wert ist bis zum Ende der Seite weiterhin verfügbar, aber ihr Wert ist nicht mehr persistent und wird am Ende der Seite verfallen. delete(): Die aktuelle Session wird zerstört und der Session-Cookie wird gelöscht. Der Eintrag für die Session wird aus der Datenbank entfernt. Weil der Session-Cookie gelöscht wird, muß diese Funktion sehr früh auf einer Seite aufgerufen werden (bevor irgendein HTML ausgegeben wurde). Da die Session durch die Funktion zerstört wird, darf am Ende der Seite nicht mehr page_close() aufgerufen werden. Die zur Session gehörenden Variablen sind auf der Seite selbst noch verfügbar. Sie verfallen am Ende der Seite. Im cookie-Mode ist es möglich, nach dem Aufruf von delete() eine neue Session aufzumachen, indem ein weiterer page_open()-Aufruf erzeugt wird. Das erlaubt es auch, Variablen aus der alten Session bei der neuen Session zu re-registrieren und so zu übernehmen. url($url): Der Funktion wird eine URL übergeben, so wie man sie in einem A, FRAME oder FORM-Tag verwenden würde. Im cookie-Mode wird die URL so ausgegeben, im get-Mode wird die aktuelle Session-ID in die URL mit eingebaut. Die Funktion gibt die modifizierte URL als Ergebnis zurück. purl($url): Eine Abkürzung für print $sess-\u0026gt;url($url). self_url(): Die Funktion liefert eine URL, die auf die aktuelle Seite zeigt, zurück. Im get-Mode ist die aktuelle Session-ID dabei schon enthalten. pself_url(): Eine Abkürzung für print $sess-\u0026gt;self_url(). hidden_session(): Erzeugt ein HIDDEN-Element für Formulare mit dem Session-Namen und der ID. add_query($qarray): Die Funktion erzeugt einen Query-String, der an eine aktuelle URL angehängt werden kann. Beispiel: \u0026lt;a href=\u0026#34;\u0026lt;?php $sess-\u0026gt;pself_url().$sess-\u0026gt;padd_query(array(\u0026#34;again\u0026#34;=\u0026gt;\u0026#34;yes\u0026#34;)) ?\u0026gt;\u0026#34;\u0026gt;Reload\u0026lt;/a\u0026gt; and log in? padd_query($qarray): Eine Abkürzung für print $this-\u0026gt;add_query($qarray). reimport_get_vars(): reimport_post_vars(): reimport_cookie_vars(): Wenn man eine FORM-Variable registriert, wird die Formularvariable in PHP importiert, danach page_open() aufgerufen und der alte Wert dieser Variablen aus der Datenbank überschreibt den neuen Wert aus dem Formular. In einem solchen Fall kann man mit der Funktion reimport_x_vars() die Variablenwerte reimportiert. Im allgemeinen ist dies ein Fehler, weil dadurch Werte aus dem Internet ohne Konsistenzprüfung in die Anwendung übernommen werden. Die Funktion sollte nicht verwendet werden. Auth Die Auth-Klasse im PHPLIB verwaltet alle Anmeldevorgänge und merkt sich, wann sich der Benutzer unter welchem Namen angemeldet hat. Da sich die Auth-Klasse selbst persistent macht, setzt sie voraus, daß auf allen Seiten, auf denen Auth verwendet wird, auch Session verwendet wird.\nVariablen: classname: persistent_slots: Diese Variablen sind notwendig, damit sich Auth in der Session speichern und laden kann. Normalerweise muß man classname auf den Namen seiner Unterklasse setzen und braucht persistent_slots nicht anzupassen. lifetime: Nachdem ein Benutzer $lifetime Minuten lang keine Seiten abgerufen hat, muß er sich neu am System anmelden, um weiterarbeiten zu können. mode: Entweder \u0026ldquo;log\u0026rdquo; oder \u0026ldquo;reg\u0026rdquo;. Wenn die Variable den Wert \u0026ldquo;log\u0026rdquo; hat, werden die Funktionen auth_loginform() und auth_validatelogin() aufgerufen. Im \u0026ldquo;reg\u0026rdquo;-Mode werden stattdessen auth_registerform() und auth_doregister() verwendet, mit denen sich ein Anwender beim System anmelden kann. database_class: Der Name der Datenbank-Klasse über die die Auth-Funktion in der Benutzertabelle nachschlagen soll. database_table: Der Name der Datenbank-Tabelle, in der die Benutzerinformationen gespeichert sind. magic: Ein zufälliger, geheimer String, der bei der Ermittlung neuer User-IDs verwendet wird. nobody: Schalter: Wenn er auf true gesetzt wird, wird Default Authentication verwendet, d.h. es erscheint kein Loginformular, sondern der Anwender wird als nobody eingeloggt. Funktionen: url(): Diese Funktion entspricht der Funktion url() von Session. purl(): Diese Funktion entspricht der Funktion purl() von Session. login_if($t): Diese Funktion kann verwendet werden, um die Anzeige eines Loginformulars zu erzwingen, wenn Default Authentication verwendet wird. unauth($nobody = false): Diese Funktion meldet den aktuellen Benutzer beim System ab, sodaß beim nächsten Seitenaufruf ein neuer Login notwendig wird. Der Benutzername bleibt jedoch erhalten, sodaß eine korrekt geschriebene Login-Seite diesen Namen als Vorgabe präsentieren kann. Seit PHPLIB Version 6 ist es möglich, die Funktion mit dem Parameter \u0026ldquo;true\u0026rdquo; aufzurufen, wenn man den Benutzer nicht einfach abmelden, sondern stattdessen wieder als nobody anmelden möchte. Beispielanwendung: $auth-\u0026gt;unauth($auth-\u0026gt;nobody). logout($nobody = $this-\u0026gt;nobody): Diese Funktion entspricht der Funktion unauth(), außer das alle Logininformation einschließlich des Benutzernamens beseitigt wird. Bei der Neuanmeldung muß der Benutzer das gesamte Loginformular neu ausfüllen, es existieren keine Vorgaben. is_authenticated(): Diese Funktion liefert falsch, wenn der Benutzer keine gültige Anmeldung hat oder die aktuelle uid, wenn die Anmeldung gültig ist. auth_preauth(): Diese Funktion kann durch den Entwickler überschrieben werden. Sie wird als allererste Funktion im Loginprozeß aufgerufen und kann entweder false oder eine gültige uid zurückliefern (Default: Die Funktion liefert immer false). Wenn die Funktion eine gültige User-ID zurückliefert, wird der Loginprozeß nicht durchgeführt, sondern diese User-ID verwendet. Die Funktion könnte zum Beispiel mit Hilfe von Cookies im Browser des Users ein automatisches Login durchführen, sodaß der Benutzer sich nicht mehr anzumelden braucht, wenn sein Browser diese Cookies akzeptiert. auth_loginform(): Diese Funktion muß durch den Entwickler überschrieben werden und sollte das HTML ausgeben, das das Loginformular zeichnet. auth_validatelogin(): Diese Funktion wird aufgerufen, wenn der Benutzer das durch auth_loginform() gezeichnete Loginformular absendet. Sie muß die Benutzereingaben prüfen und entweder false oder eine gültige User-ID zurückliefern. Die Funktion sollte außerdem $this-\u0026gt;auth[\u0026ldquo;uname\u0026rdquo;] mit dem Benutzernamen des Users belegen und kann optional $this-\u0026gt;auth[\u0026ldquo;perm\u0026rdquo;] für die Verwendung durch die Perm-Klasse mit den Zugriffsrechten des Users vorbelegen. auth_registerform(): auth_doregister(): Im reg-Mode werden diese beiden Funktionen statt auth_loginform() und auth_validatelogin() aufgerufen. Sie sollen ein Anmeldeformular für neue User zeichnen bzw. die Anmeldung des Benutzers in die Datenbank eintragen. Perm Die Perm-Klasse im PHPLIB verwaltet Benutzerrechte und kann prüfen, ob ein angemeldeter Benutzer Zugang zu einer Seite oder einer Funktion hat. Benutzerrechte setzen einen angemeldeten Benutzer voraus, daher setzt Perm voraus, daß auf allen Seiten, auf denen Perm verwendet wird, auch Auth und Session verwendet werden.\nVariablen: permissions: Ein Array, das Namen von Zugriffsrechten mit den zugehörigen Bitmustern verbindet. Funktionen: check($required): Die Funktion wird mit einer Liste von Zugriffsrechten aufgerufen, die für das Ansehen der betreffenden Seite notwendig sind. Wenn der aktuelle User dieser Rechte nicht hat, wird ihm das Ansehen der Seite verweigert, d.h. die Funktion perm_invalid() wird aufgerufen. Die Funktion perm_invalid() wird ebenfalls aufgerufen, wenn in den Rechten des Benutzers oder den von der Seite verlangten Rechten illegale Rechtenamen verwendet werden. have_perm($required): Die Funktion arbeitet ähnlich wie check(), ruft aber keine Fehlerseite auf, sondern liefert entweder true (der Benutzer hat die verlangten Rechte) oder false (der Benutzer hat die verlangten Rechte nicht). perm_sel($name, $current = \u0026ldquo;\u0026rdquo;, $class = \u0026ldquo;\u0026rdquo;): Die Funktion liefert als Ergebnis einen String, der einen HTML SELECT-Tag mit allen möglichen Zugriffsrechten als OPTION-Tags enthält. Wenn ein Wert für $current angegeben wird, ist dieses Zugriffsrecht im Option-Tag als SELECTED markiert. Wenn ein Wert für $class angegeben wird, haben alle erzeugten HTML-Elemente die angegebene Klasse als CSS stylesheet-Klasse. User Die Klasse User ist eine Unterklasse von Session. Sie funktioniert im wesentlichen genauso wie Session, nur daß sie Werte benutzerbezogen speichert. Das bedeutet, daß bei der Klasse User registrierte Variablen nur auf Seiten zur Verfügung stehen, die authentisiert sind. Das user-Features kann also nur zusammen mit auth und sess verwendet werden.\nVariablen: classname: Name der Klasse. magic: mode: fallback_mode: In dieser Klasse ohne Bedeutung. lifetime: In dieser Klasse ohne Bedeutung. Stattdessen sollte $auth-\u0026gt;lifetime verwendet werden. gc_time: Funktionsfähig, aber wahrscheinlich nicht sinnvoll. gc_probability: Funktionsfähig, aber wahrscheinlich nicht sinnvoll. Sollte auf 0 gesetzt werden. that_class: Name der Containerklasse, die zur Verwaltung der Variablen verwendet wird. auto_init: In dieser Klasse ohne Bedeutung. Funktionen: register($varname): unregister($varname): delete(): reimport_get_vars(): reimport_post_vars(): reimport_cookie_vars(): Funktioniert erwartungsgemäß. url($url): purl($url): self_url(): pself_url(): In dieser Klasse ohne Bedeutung. ","date":"1999-04-01T00:00:00Z","href":"https://blog.koehntopp.info/1999/04/01/phplib-deutsch.html","tags":["lang_de","publication","php"],"title":"PHPLIB"},{"categories":null,"content":"\u0026#39;tis night while I am with the green glow and the white screens and my mind confined in 80 columns and my body confined in a dark room. then I listen to the song of the wire and while I am still within the room my mind breaks free and travels in 80 seconds into the world. to meet other minds, other people, other worlds, to talk, to fight, to understand and to love whoever is out there, listening and answering my call: the song of the wire is the song of the world. the frame of my mind in a frame on the wire, it is still singing but the song is now mine. so many songs, each telling the same story in a different way. the song of the world is nothing but noise, too many voices at the same time. I am learning to listen, to find the voices of those who are singing my song to a different tune. and so it is still the same: everything has changed. ","date":"1998-03-01T00:00:00Z","href":"https://blog.koehntopp.info/1998/03/01/sing-my-song.html","tags":["lang_en","publication","internet"],"title":"Sing my song"},{"categories":null,"content":" Zusammenfassung Wie alle anderen Medien wird auch das Internet zur Verbreitung von beispielsweise rechtsradikalen oder kinderpornographischen Informationen mißbraucht. Dies hat in letzter Zeit den Ruf nach einem staatlichen Eingriff laut werden lassen, um zentrale Sperrungen bestimmter Inhalte zu erreichen.\nDie Autoren halten einen solchen Schritt fuer nicht angemessen. Zum einen haben bisher alle technischen Ansätze zur Realisierung versagt. Strukturelle überlegungen lassen vermuten, daß dies auch in Zukunft der Fall sein wird. Auf der anderen Seite haben Sperren stets Auswirkungen auch auf Bereiche, deren Sperrung nicht beabsichtigt ist. Diese Nebenwirkungen sind um so schwerwiegender, je wirksamer die Sperren sein sollen.\nDezentrale Lösungsansaetze können dem Nutzer die Möglichkeit geben, im eigenen Bereich selbstverantwortlich Inhalte zu filtern. Bewertungen von Inhalten durch nichtstaatliche Organisationen können dazu führen, daß der Bewertungsmechanismus zur Durchsetzung fragwürdiger Interessen mißbraucht wird. Um diesem Risiko entgegenzuwirken, ist es unverzichtbar, daß nicht nur die Bewertungsmaßstäbe, sondern auch die Bewertungen selbst vollständig offengelegt werden.\nJede Art von staatlicher Regulierung treibt die Kosten in die Höhe. Es ist abzusehen, daß der Versuch, Inhalte im Internet zu bewerten, sehr personalintensiv sein wird. Bereits heute sind die Kommunikationskosten am Standort Deutschland wesentlich höher als bei konkurrierenden Nationen wie den USA. Regulierungen können daher zu einem Standortnachteil führen.\nWas soll mit einer Sperrung erreicht werden? Bevor man über technische Maßnahmen zur Sperrung von Inhalten im Internet und die Chancen ihrer Realisierung reden kann, muß man sich darüber klar werden, welche Ziele man mit einer solchen Sperrung erreichen möchte.\nMögliche Ziele sind:\nLaw Enforcement: Man möchte verhindern, daß nach den Kriterien einer nationalen oder regionalen Rechtsordnung strafrechtlich relevantes Material für die Subjekte dieser Rechtsordnung erreichbar ist bzw. von ihnen veröffentlicht werden kann, und zwar auch dann, wenn der Ort der Veröffentlichung außerhalb des Durchsetzungsbereiches dieser Rechtsordnung liegt. Traumziel wäre es, das Begehen solcher Straftaten technisch unmöglich zu machen. Indecency: In den USA wurde mit dem communication decency act (CDA) in seinen verschiedenen Formulierungen und Gesetzesvorlagen versucht, eine noch weitergehende Regelung zu etablieren: Es sollte verboten werden, Material über Datennetze zugänglich zu machen, das indecent ist, d.h. nach den Grundsätzen der jeweils herrschenden Moraldefinition ungehörig, obszön oder in anderer Weise störend (zu Free Speech siehe z.B. The Electronic Frontier Foundation EFF). Jugendschutz: Nur Minderjährigen (Kindern und Jugendlichen) soll der Zugang zu bestimmten Materialien verwehrt werden, während Volljährigen weiterhin die gesamten Inhalte des Internet zugänglich bleiben sollen. Rating: Für jeden Teilnehmer im Netz soll weiterhin frei definierbar sein, welches Material empfangen/nicht empfangen werden soll, aber es soll eine Bewertungsstruktur geschaffen werden, die es jedem Konsumenten in eigener Verantwortung ermöglicht, seine Präferenzen anzugeben (kein Sex/viel Sex, keine Gewalt/Blood and Splatter, politisch links/politisch rechts, konform mit den Vorstellungen der katholischen Kirche/islamisch korrekt) und nur noch den Ausschnitt aus dem Internet wahrzunehmen, der diesen selbstgewählten Filter passieren kann. Nichtregulation: Jeder Netzteilnehmer soll freien Zugriff auf alle angebotene Information haben. Sogar die Existenz von Bewertungskriterien Dritter wird als schädlich angesehen und die Bildung einer Bewertungsinfrastruktur nicht gefördert bzw. sogar behindert. Welche Dienste werden betrachtet? Unter der Bezeichnung Inhalte im Internet wird in der Regel eine ganze Reihe von Diensten subsumiert, die technisch vollkommen unterschiedlich realisiert werden und administrativ zu großen Teilen disjunkte Strukturen aufweisen. Allen Diensten ist lediglich gemeinsam, dass ihnen das Datenübertragungsprotokoll TCP/IP zugrunde liegt.\nMan muß mindestens die beiden folgenden Dienste unterscheiden:\nWWW, World Wide Web: Das World Wide Web ist der graphisch ansprechendste Dienst des Internet. Es handelt sich um Server, die auf die Anfrage eines Benutzers Seiten beliebigen Inhaltes an das Darstellungsprogramm (Browser) auf seinem Rechner ausliefern. Der Zugriff auf diese Seiten erfolgt in der Regel mit Hilfe des HyperText Transport Protocol (HTTP). Dieses Protokoll erfordert keine Identifizierung oder Authentisierung des Abrufers und des Anbieters; die Daten werden im Klartext und nicht fälschungssicher übermittelt.\nEine optional einsetzbare Modifikation von HTTP übermittelt Anfragen und Antworten mit Hilfe des Verschlüsselungsverfahrens Secure Socket Layer (SSL). Bei diesem Verfahren muß sich mindestens der Anbieter gegenüber dem Abrufer identifizieren. Weiterhin ist sichergestellt, daß die Verbindung nicht im Klartext abhörbar ist (Dritten wird nicht bekannt, welche Anfragen gestellt wurden oder welche Inhalte die ausgelieferten Seiten haben) und daß Inhalte nicht durch Dritte während der übertragung unerkannt verfälscht werden können.\nDie abgerufenen Seiten bestehen aus Formatierungsanweisungen der HyperText Markup Language (HTML) und optional weiteren Bild-, Ton- oder Videodaten. Bei kleineren Servern liegen die abrufbaren Seiten häufig statisch als vorgefertigte und unverändert ausgelieferte Dateien auf der Festplatte vor.\nGrößere Server erzeugen die Seiten jedoch oftmals dynamisch in Abhängigkeit von der Identität des Abrufers, seiner Netzadresse, seiner bevorzugten Landessprache (im Browser konfigurierbar), dem vom Abrufer verwendeten Browsertyp, der Uhrzeit des Abrufs oder anderen Kriterien, die frei progammierbar sind. Es ist also nicht sichergestellt, daß zwei aufeinanderfolgende Abfragen derselben Seite identische Antworten ergeben.\nFalls die Seiten aus einer Datenbank dynamisch erzeugt werden, kann sich der Datenbestand des Webservers durch die Updates der Datenbank ständig aendern. Dies ist zum Beispiel der Fall bei Katalogsystemen fuer Onlinehandel (Preis- und Produktupdates, Änderungen im Lagerbestand mit Auswirkungen auf die Lieferbarkeit usw.), bei Nachrichtenagenturen mit Anschluß an Presse- und Tickerdienste und bei Webverzeichnissen und Suchmaschinen, die einen Volltextindex für Seiten generieren und eine Recherche nach Inhalten erlauben.\nGrundsätzlich ist der Datenbestand im Web als höchst dynamisch anzusehen: Neue Versionen von Seiten lassen sich zu sehr geringen Kosten erzeugen und in Verkehr bringen. Der elektronische Charakter des Mediums im Zusammenhang mit der zentralen Datenhaltung (es sind keine verteilten Kopien einer Seite auf Stand zu bringen) begünstigen weiterhin eine sehr hohe Auflagenfrequenz.\nUSENET News: Das USENET ist ein verteiltes System vom Diskussionsforen (Newsgroups). Es handelt sich um ein teilweise zusammenhängendes Netz von Servern, von denen jeder eine Auswahl von Artikeln zum Abruf bereithält. Die Artikel sind in der Regel in thematisch gegliederten Diskussionsforen in der Reihenfolge des Eingangs abgelegt. Leser können eine Verbindung zum netztopologisch am günstigsten gelegenen Server aufbauen und Artikel nach Diskussionsforen und Eingangsdatum selektiert abrufen.\nLeser können grundsätzlich auf jeden gelesenen Artikel antworten (to follow up on an article) oder unabhängig eigene Artikel auf dem Server ablegen (posten, von engl. to post a notice). Der Server wird dann seine Nachbarserver darüber informieren, daß er einen neuen Artikel vorrätig hat, und den Artikel ggf. an seine Nachbarserver replizieren (to feed an article to a neighboring system).\nDiese verbreiten den Artikel dann wieder an ihre Nachbarn usw. (flood fill algorithm of USENET). Nach einigen Stunden existieren Hunderttausende von Kopien dieses Artikels auf der gesamten Welt. Die Vernetzung der Server ist hochredundant; Unterbrechungen in Serverstrecken haben in der Regel keine oder nur lokal meßbare Auswirkungen auf Verfügbarkeit oder Transportgeschwindigkeit der Artikel.\nUm Platz zu gewinnen, werden die jeweils ältesten Artikel nach einiger Zeit gelöscht. Die genaue Zeitspanne bis zur Löschung hängt von der individuellen Konfiguration des Servers und seiner Platzsituation ab, liegt aber in der Regel nicht über 14 Tagen. Es existieren jedoch auch einige Newsarchive, die Diskussionen über mehrere Jahre hinweg abspeichern und diesen Datenbestand durch weitgehende Recherchemöglichkeiten erschliessen (z.B. DejaNews , AltaVista im Newsmodus).\nDadurch, daß jeder Leser auf beliebige Artikel direkt und ohne redaktionelle Bearbeitung antworten kann, entspinnen sich in der Regel unmoderierte, öffentliche Diskussionen zu allen möglichen Themen. Ein Großteil der Diskussionsforen wird global ausgetauscht. Daher ist die Zusammensetzung der Diskussionsrunden zufällig und international.\nDie Kommunikation zwischen Leser und Server sowie die Kommunikation zwischen den Servern erfolgt in der Regel unverschlüsselt und ohne Identifizierung und Authentisierung der Leser oder der Autoren von Artikeln. Die Fälschung von Absenderadresse oder Herkunftspfad eines Artikels ist trivial und in einigen Diskussionsforen sogar üblich. Es existieren Konverter von E-Mail nach USENET News und Anonymous- sowie Pseudonymous-Server, die zum Teil mit kryptographisch starken Methoden die Identität des Absenders sowie seinen Aufenthaltsort im Netz zu verschleiern suchen. Einige Newsserver lassen Lese- und Schreibzugriff von jedermann und ohne Authentisierung zu (open servers); es ist Sache des Veröffentlichenden, seine Identität in einem Artikel offenzulegen oder nicht.\nDie Entscheidung über die von einem Server angebotenen Diskussionsforen obliegt in der Regel jedem einzelnen Serverbetreiber. Teilweise existieren Kataloge von offiziellen Newsgroups, diese sind jedoch in der Regel weder vollständig noch für irgendwen verbindlich. Name oder überschrift einer Newsgroup haben nur den Charakter von Empfehlungen. Thematisch falsch eingeordnete Artikel (off topic postings) oder bewußt massenhaft in alle Newsgroups verbreitete Artikel (spam) machen einen festen Anteil aller Artikel aus.\nDie Dienste IRC (Internet Relay Chat) und E-Mail (Private elektronische Post sowie halböffentliche Mailinglists als Diskussionsforen) wären ebenfalls zu betrachten, sollen hier aber im Interesse einer kompakten Darstellung nicht diskutiert werden, da sie weniger im Rampenlicht der öffentlichen Diskussion stehen. Die genannten Argumente gelten aber in ähnlicher Form auch dort. Es existieren weitere Dienste, die fuer die öffentliche Kommunikation in der Regel von geringerer Bedeutung sind (telnet) oder deren Diskussion keine neuen Aspekte zu Tage foerdern wuerde (ftp, siehe http).\nWie koennen zu sperrende Inhalte identifiziert werden? Um Inhalte zuverlässig sperren zu können, ist es notwendig, diese Inhalte in irgendeiner Form zu identifizieren. Diese Identifizierung kann von unterschiedlicher Auflösung sein.\nAuf der Basis von IP-Adressen kann ein einzelner Rechner identifiziert werden. Ein solcher Rechner erbringt jedoch in der Regel eine Vielzahl von Diensten für mehrere unterschiedliche Anbieter. Webserver von IP-Providern bringen unter einer IP-Adresse teilweise die Angebote von Tausenden Inhaltsanbietern ins Netz, Rechner von Kleinprovidern bieten teilweise alle Dienste des Providers unter einer IP-Nummer an. Eine Sperrung von IP-Nummern trifft also außer den zu sperrenden Inhalten meist auch eine große Menge von Inhalten und Diensten, deren Sperrung nicht beabsichtigt ist.\nMit entsprechendem Mehraufwand können dienstspezifische Kennzeichen von einzelnen Einheiten des Angebotes identifiziert werden. Im World Wide Web ist dies der Name einer Seite (ihr Universal Resource Locator, URL), in den USENET News erfolgt die Identifizierung über die Message-ID einer einzelnen Nachricht oder den Namen einer Newsgroup. Für neu entstehende Dienste müssen dienstspezifische Methoden zur Identifikation einzelner Einheiten neu gefunden werden.\nDie zu bewertenden Datenmengen sind riesig: Die Suchmaschine Altavista hatte im Mai 1996 schon 30 Millionen Webseiten in ihrer Volltextdatenbank gespeichert; im April 1997 betrug das Newsaufkommen mehr als 72 Gigabyte für etwa 5,4 Millionen Artikel (Statistik von Eunet Deutschland GmbH aus de.admin.lists vom 01.05.97).\nEs bleibt das Problem, zu sperrende Inhalte aus der Menge aller Inhalte zu isolieren. Hier gibt es nur zwei grundsätzlich verschiedene Systeme:\nDie automatische Bewertung von Inhalten auf der Basis formaler Merkmale wie etwa dem Vorhandensein bestimmter Schlüsselworte. Die manuelle Bewertung von Inhalten durch den Anbieter oder Dritte nach bestimmten Kriterienkatalogen (rating). Verfahren zur automatischen Bewertung von Inhalten aufgrund von Schlüsselworten scheitern bei Komponenten, die keinen Text enthalten (Audiodateien, Bilder oder Animationen) schon im Ansatz.\nEinige Online-Dienste (Prodigy, AOL) haben versucht, Diskussionen in dem IRC-Dienst ähnlichen Chaträumen aufgrund des Gebrauchs bestimmter Schlüsselworte bewerten zu lassen; die Ergebnisse waren wenig befriedigend. Einerseits waren normale Diskussionen über bestimmte Themen nicht mehr möglich:\nEine Sperrung des Wortes suck erschwerte den Meinungsaustausch zu Staubsaugern in einem Haushaltsforum, eine Sperrung des Wortes breast behinderte Diskussionen über Brustkrebs oder Kochrezepte (Hühnerbrust), und die Webseiten von Frau Cindy Tittle Moore (tittle@netcom.com ) wurden durch das Programm Cybersitter wegen ihres Namens gesperrt.\nAndererseits veränderte die eigentliche Zielgruppe einfach ihr Vokabular, so daß die Sperrung auf diese Zielgruppe keine nennenswerte Auswirkung hatte. Auch andere automatisierbare Bewertungsmethoden vermögen nicht die Semantik der Inhalte zu erkennen. Wer solche formalen Sperrkriterien kennt, kann leicht die Darstellung seiner Informationen je nach Bedarf an diese Kriterien anpassen, ohne die inhaltliche Aussage zu verändern.\nDas Kindersicherungsprogramm Cybersitter ist beispielsweise in der Lage, als offensive eingestufte Worte aus Webseiten herauszuschneiden. Durch geschickte Formulierung sind so Aussagen in ihr Gegenteil verkehrbar, wenn sie unter Cybersitter betrachtet werden (Nachricht von Bennett Haselton auf der Mailingliste fight-censorship@vorlon.mit.edu , Message-ID: 01IAZF6R8I0I8XKGCV@ctrvax.Vanderbilt.Edu ).\nVerfahren und Standards zur Bewertung von Inhalten durch den Anbieter oder Dritte liegen für den Bereich des World Wide Web bereits vor, das System PICS (Platform for Internet Content Selection) ist dabei zur Zeit führend. PICS erlaubt die Installation frei definierbarer Bewertungsmaßstäbe mit einer beliebig feinen Auflösung.\nBewertungen von URLs koennen von den Anbietern selbst oder durch Dritte erfolgen. Gängige Bewertungsmaßstäbe sind dabei etwa Gewalt, Sex oder unanständige Sprache, die Abstufungen reichen von digitalen 0-1-Skalen bis zu sehr fein abgestuften Systemen. Die Auswertung von PICS-Einstufungen kann entweder im Clientprogramm des Anwenders erfolgen (dies wird zur Zeit vom Microsoft Internet Explorer unterstützt) oder auf Routern auf dem Weg zum Empfänger (dies geschieht zur Zeit nicht).\nDas Hauptproblem bei der manuellen Bewertung von Inhalten ist die große Menge der anfallenden neuen oder veränderten Seiten. Der Betreiber des Nachrichtenservers www.msnbc.com (Joint-Venture von NBC und Microsoft) hat die Bewertung seiner Beiträge auf der Basis des von Microsoft geförderten Bewertungsschemas RSACi für PICS eingestellt, da die Bewertung einzelner Beiträge zu aufwendig war und eine Pauschalbewertung des Servers nach den Regeln von PICS den Server fuer Minderjährige unzugänglich gemacht haette (Briefwechsel zwischen Irene Graham, Michael Sims, Stephen Balkam (RSAC Ratingaufsicht) und Danielle Bachelder (MSNBC Systembetrieb), zitiert in 3339dd1a.500215@mail.thehub.com.au und 199703191314.IAA03203@arutam.inch.com auf derselben Mailingliste).\nHinzu kommt, dass die Webseite abhängig vom Kontext des Abrufes unterschiedlich aussehen kann, so daß eine Bewertung nach dem PICS-System problematisch wäre. Gerade diejenigen Seiten, die die interaktive Komponente des Internet ausnutzen, könnten so wegen ihrer dynamischen Generierung aus der Bewertung herausfallen und würden damit in entsprechend konfigurierten Browsern und Suchmaschinen nicht mehr dargestellt.\nDie Bewertung von Angeboten erfolgt im Rahmen von PICS derzeit durch private Organisationen. Die Möglichkeiten des Widerspruchs gegen eine bestimmte Einstufung sind dabei begrenzt. Insbesondere ist es für einen Bürger schwierig, ein korrektes Rating einzufordern, wenn die Ratingorganisation in einem fremden Land sitzt. Im Prinzip liegt hier dasselbe Problem vor, das sich zur Zeit bei der Strafverfolgung ausländischer illegaler Angebote stellt, nur daß die Ressourcen und Beweislasten nun andersherum verteilt sind:\nEin Anbieter muß nun bei falscher Einstufung beweisen, dass sein Angebot legal ist, und er muß dazu den schwierigen Weg der Durchsetzung von Ansprüchen im Ausland gehen. Im Vergleich zu einer Staatsanwaltschaft ist ein Anbieter von Webseiten dafür im Durchschnitt schlechter ausgebildet, und ihm stehen weniger Ressourcen zur Verfügung.\nWeiterhin orientieren sich die Ratingorganisationen an Werten und kulturellen Maßstäben ihrer Nation. Die übernahme ausländischer Bewertungen für deutsche Benutzer ist daher problematisch. Da jedoch keine deutsche Zugriffssoftware existiert, werden meist nur ausländische (speziell US-amerikanische) Ratingsysteme unterstützt.\nDie meisten Ratingorganisationen dokumentieren ihre Ratings nicht oder nur sehr ungern. Zum Teil erfolgt noch nicht einmal eine Benachrichtigung des Bewerteten über die Bewertung seines Angebotes. Vollständige Verzeichnisse aller vergebenen Ratings werden meist mit der Begründung unter Verschluss gehalten, daß diese Verzeichnisse als Kataloge fuer Schmutz und Schund mißbraucht werden könnten. Bei den Programmen, die die Bewertungen von Webseiten Dritter nicht online beziehen, sondern als Datei auf der lokalen Festplatte installiert haben, ist diese Liste grundsätzlich verschlüsselt - und meistens auch veraltet. Auch gegenüber dem Benutzer solcher Software ist damit nicht offengelegt, welche Angebote ihm nicht mehr zugänglich sind.\nInzwischen existieren (illegal) entschlüsselte Versionen der Sperrlisten aller Hersteller von Programmen mit statischer, in Dateien gelieferter Sperrliste. Die Auswertung der Sperrungen hat bei allen Herstellern eine klare politische Agenda und persönliche Feindschaften dokumentiert.\nBeispielsweise wurden vielfach Angebote von womens organizations, Informationsangebote über Abtreibung und Angebote schwuler und lesbischer Gruppen zensiert. Es ist weiterhin üblich, Webseiten in die Sperrlisten aufzunehmen, die den Hersteller des Sperrprogramms kritisieren, die Sperrliste offenlegen oder allgemein gegen Rating argumentieren. Beim Hersteller des Programms Cybersitter geht dies so weit, daß bei installiertem Cybersitter alle Seiten nicht mehr abrufbar sind, in denen die Namen von Kritikern seines Programms erwähnt werden.\nMit welchen Mitteln kann eine Sperrung erreicht werden? Sperrungen können auf unterschiedlichen Ebenen der Kommunikation ansetzen:\nUm erfolgreich zu kommunizieren, müssen beide Kommunikationspartner eine physikalische Verbindung zueinander aufbauen. Dies kann eine Standleitung, eine Telefonleitung, eine Richtfunkstrecke oder eine andere Kommunikationsform sein. Eine normalerweise nicht praktikable Möglichkeit der Sperrung besteht darin, diese physikalische Kommunikation zu verhindern, indem man etwa einen Telefonanschluss sperrt oder bestimmte Telefonnummern nicht erreichbar schaltet, Standleitungen unterbricht oder Störsender in Richtfunkstrecken einbringt. Das Opfer der Sperrung verliert damit in der Regel alle seine Kommunikationsmöglichkeiten.\nIm Internet wird meist keine homogene physikalische Verbindung verwendet, sondern diese Verbindung wird aus Teilstücken unterschiedlicher Technologie zusammengestückelt. An den übergangspunkten zwischen den Teilstücken befindet sich ein Router, der IP-Pakete von einem Teilstück zum nächsten hinueberhievt.\nDie Funktionalität des Routers wird dabei von den Adressen in den einzelnen IP-Paketen und seinen Routingtabellen gesteuert. In den Routingtabellen ist eingetragen, in welche Richtung der Router Pakete mit einer gegebenen Zieladresse weiterzuleiten hat. Die klassische Dienstleistung eines Providers besteht darin, einen übergang zwischen einer Wählverbindung (Privatkunden) oder einer regionalen Standleitung (Firmenkunden) und einer oder mehreren Standleitungen in das Ausland zu bieten. Dem Provider ist dabei nicht bekannt, welche Dienste der Kunde in Anspruch nimmt oder welche Daten abgerufen werden.\nSperrungen können hier über Eingriffe in die Routingtabellen von Routern vorgenommen werden. Es ist beispielsweise leicht möglich, alle Pakete an bestimmte Zieladressen am Router verwerfen zu lassen (eine Route zu erden). Mit diesem Verfahren werden ganze Rechner unerreichbar: Bei der durch den DFN-Verein praktizierten Sperrung des Rechners mit dem Namen www.xs4all.com waren auf diese Weise die Webseiten von mehr als 6000 Anbietern nicht mehr abrufbar, es konnte keine Mail auf der Maschine www.xs4all.com eingeliefert werden, und auch alle andere Kommunikation des DFN-Vereins mit dieser Maschine wurde unterbunden.\nDie Auswahl eines Dienstes erfolgt im TCP/IP-Protokoll in der Regel durch die Angabe einer TCP-Portnummer. Mit Hilfe dieser Portnummer könnte eine selektivere Sperrung eines Dienstes erfolgen. Beispielsweise sind einige Router in der Lage, nach entsprechender Konfiguration TCP-Verkehr fuer den Port 80 (HTTP) zu einer Zieladresse zu sperren, Verkehr auf Port 25 (Mail) zu derselben Adresse aber zu gestatten.\nMit Hilfe eines Vermittlungsrechners (proxy) oder anderer Firewallsoftware, denen die im Netzmodell höher liegenden Ebenen zugänglich sind, kann eine selektive Sperrung auf der Ebene von Dienstelementen (einzelnen Seiten, einzelnen Nachrichten) erreicht werden. Die Firewallsoftware muß herbei jedoch fuer jeden Dienst (WWW, News, Mail, IRC etc.) angepaßt werden.\nSolche Systeme sind in der Regel sehr aufwendig im Betrieb, da sie für die nutzenden Clients die volle Leistung aller durch den Client in Anspruch genommenen Dienste simulieren müssen. Mit steigender Zahl von Clients skalieren sich diese Systeme ausgesprochen schlecht. Trotzdem setzen einige totalitäre Staaten auf dieses System, um das Eindringen mißliebiger Inhalte in das Land zu erschweren: In China, Singapur und in den Golfstaaten läuft sämtliche Kommunikation mit dem Ausland durch staatlich betriebene Firewalls.\nSperrung von IP-Adressen und der Einsatz von Firewalls ist unter bestimmten Voraussetzungen kombinierbar, dadurch ist eine Entlastung der Firewallmaschine möglich: Anstatt die Route zu einer zu sperrenden Maschine zu erden, läßt man alle Routen zur zu sperrenden Maschine auf einen Firewall zeigen, der dann die Dienste der zu sperrenden Maschine überwacht.\nDiese Lösung ist je nach Art der zu sperrenden und zu simulierenden Dienste sehr aufwendig zu konfigurieren und zu warten. Zum einen setzt sie einen zentralen übergangspunkt zwischen dem zu kontrollierenden deutschen Netz und dem Rest der Welt voraus. Zum anderen handelt es sich bei diesem Verfahren um einen klassischen Man in the middle Angriff. Dadurch versagt das Verfahren bei aller stark verschlüsselten Kommunikation, die unempfindlich gegen solche Angriffe ist.\nGrundsätzlich sind die Auswirkungen von Filtermechanismen auf die Systemleistung um so höher, je feiner die Granularität der Sperrungen ist und je größer die Liste der zu sperrenden Informationsquellen ist. Systeme wie PICS lassen sich nicht effizient an zentralen Stellen im Netz etablieren, sondern können nur dezentral funktionieren. Alle bisher diskutierten Verfahren der Sperrung setzen auf dritten Maschinen zwischen dem Anbieter der zu sperrenden Information und dem Abrufer an. Denkbar wäre auch eine Sperrung beim Anbieter der Information sowie eine Sperrung beim Abrufer. Dies setzt jedoch eine Kooperation des Anbieters bzw. Abrufers voraus.\nEine Sperrung beim Anbieter würde bedeuten, daß der Anbieter die zu sperrenden Inhalte entweder niemandem anbietet oder daß er sie nur bestimmten Personen nicht anbietet. Ein personenselektives Anbieten von Inhalten setzt selbst bei Kooperation des Anbieters voraus, daß der Anbieter den Abrufer einer Information zweifelsfrei identifizieren kann und daß ihm genaue und juristisch hieb- und stichfeste Entscheidungstabellen vorgelegt werden, die es ihm erlauben, automatisch zu entscheiden, wem er welche Inhalte ausliefern darf.\nEin Identifikationsmechanismus, der das Geforderte leistet, existiert derzeit nicht einmal im Ansatz und ist auch nicht in absehbarer Zeit realisierbar. Insbesondere kann nicht aus der IP-Adresse oder dem Rechnernamen eines Absenders auf seine Identität oder seinen physikalischen Aufenthalt geschlossen werden: Deutsche Kunden von amerikanischen Online-Diensten erscheinen im Netz als aus den Vereinigten Staaten kommend. Ähnliches gilt für Mitarbeiter multinationaler Konzerne.\nEine Sperrung beim Abrufer würde bedeuten, daß die angebotenen Inhalte nach bestimmten Bewertungskriterien ausgezeichnet sind (rating, z.B. nach PICS) und daß der Abrufer selbst seine Software so konfiguriert, daß Seiten mit bestimmten Ratings nicht mehr abgerufen werden können. Eine Kooperation des Anbieters wäre hier wünschenswert, ist aber nicht notwendig, da die Bewertungen auch von Servern Dritter geliefert werden können.\nAuf welche Weise koennen Sperrungen unterlaufen werden? Für den Nutzer stellt sich eine Sperrung von Inhalten als Betriebsstörung dar. Er wird nach Wegen suchen, die ordnungsgemäße Funktion des Netzes wiederherzustellen, d.h. die Sperrung zu unterlaufen. Diese Motivation ist um so größer, je stärker sich der Benutzer durch die Sperrung behindert fühlt.\nBei einer Sperrung der physikalischen Kommunikation ist dies nur durch einen Wechsel des Mediums möglich: Wenn etwa ein Störsender in Betrieb genommen wird, wird man versuchen, auf das Telefonnetz auszuweichen und umgekehrt.\nBei einer Sperrung von bestimmten IP-Adressen stehen dem Benutzer mehrere Möglichkeiten offen, die Störung zu umgehen. Alle laufen darauf hinaus, den sperrenden Router vollständig zu umgehen (siehe auch Ulf Moeller , Internet-Zensur: Routingsperren umgehen):\nDer Benutzer wechselt den Internet-Anbieter, notfalls wird er Kunde bei einem ausländischen Provider. Er baut eine Telefonverbindung oder Standleitung zu diesem Provider auf und wickelt seine Kommunikation über diesen nichtsperrenden Provider ab. Der sperrende Router des lokalen Providers wird nicht mehr verwendet, die Sperre ist wirkungslos.\nDiese Situation tritt automatisch ein, wenn der Nutzer Mitarbeiter eines (multinationalen) Konzerns mit einem eigenen Konzernverbundnetz ist, das an mehreren Stellen (im Ausland) mit dem Internet verbunden ist.\nDer Benutzer wird Kunde bei einem zweiten, nichtsperrenden Internet-Anbieter, notfalls im Ausland. Er baut eine TCP/IP-Verbindung zu diesem Provider auf und läßt seine Anwendungen auf dem entfernten Rechner, ggf. im Ausland, ablaufen.\nEs gibt inzwischen eine Reihe von Providern, die solche Angebote routinemäßig anbieten. Die Palette reicht dabei von der Bereitstellung einzelner Dienste (Postboxen fuer E-Mail (z.B. pobox.com ), Webservices (z.B. geocities.com ) usw.) bis zu kompletten Exil-Logins (z.B. c2.org , acm.org , xs4all.nl ).\nDer sperrende Router des lokalen Providers sieht keine Kommunikation mit einer gesperrten Adresse, sondern nur Kommunikation mit dem entfernten Provider. Die Zugriffe auf die gesperrten Adressen erfolgen von dort, also erst hinter dem sperrenden Router. Die Sperre durch den Router wird wirkungslos.\nDer Benutzer wird Kunde bei einem zweiten, nichtsperrenden Internet-Anbieter, notfalls im Ausland. Er baut eine Mobile-IP-Verbindung zu diesem Provider auf, d.h. seine IP-Pakete werden in anderen IP-Paketen verpackt zum zweiten Internet-Anbieter geschickt, dort ausgepackt und eingespielt. Optional kann die Kommunikation zum zweiten Provider verschlüsselt erfolgen.\nIn Linux müssen dazu die folgenden beiden Kommandos gegeben werden:\nAktivierung des Interface tunl0 zum entfernten Anbieter myriad.ml.org: `ifconfig tunl0 (your.ip.address) pointopoint myriad.ml.org Legen einer Route zu www.xs4all.nl über tunl0 route add www.xs4all.nl tunl0 Für einen Beobachter erscheint der Nutzer als normaler Kunde des zweiten IP-Providers. Der sperrende Router des lokalen Providers sieht nur eine Verbindung zum entfernten zweiten Provider. Die Sperre ist wirkungslos. Mobile-IP ist ein Routineangebot fuer IP-Provider, die Geschäftskunden betreuen.\nDer Anbieter der gesperrten Information kann Abrufer unterstützen, indem er ebenfalls versucht, die Sperre zu unterlaufen. Im Falle der Sperrung des Rechners www.xs4all.nl hat der gesperrte Anbieter die Internet-Adresse seines Rechners alle paar Minuten verändert. Sperrungen einer einzelnen Adresse wurden dadurch wirkungslos, statt dessen mußten ganze Teilnetze gesperrt werden (die Sperrung wurde noch unspezifischer, es wurden als Nebenwirkung noch mehr unbeteiligte Anbieter mitgesperrt).\nWährend die bisher diskutierten Möglichkeiten des Unterlaufens von Sperrungen unabhängig vom gesperrten Dienst waren, sind die folgenden Moeglichkeiten dienstspezifisch:\nWWW Ähnlich der erwähnten Veränderung der IP-Nummer eines Serverrechners kann auch die Adresse eines Angebotes auf einem Server automatisch verändert werden. Eine automatische Sperrung einzelner Angebote würde dadurch unterlaufen werden, und man müßte wieder den gesamten Rechner pauschal sperren. Dort greifen dann wieder die Methoden zum Unterlaufen einer Komplettsperrung.\nWenn zu einem Angebot eine Suchmaschine existiert, mit der alle Seiten eines Angebotes nach bestimmten Begriffen durchsucht werden können, ist eine einzelne Seite praktisch unter beliebig vielen Adressen zu bekommen (nämlich allen Begriffen, die den Text in der Suchmaschine finden). Eine Sperrung müßte hier zusätzlich den Zugriff auf die Suchmaschine verhindern.\nDas Verfahren des indirekten Zugriffs, wie es unter Mobile-IP diskutiert wurde, läßt sich mit Veränderungen auch für WWW einsetzen: Mit Hilfe eines entfernten Webservers, der Zugriffe im Auftrag Dritter abwickelt (Proxy-Server), ist ein indirekter Abruf der Seite möglich. Da Proxy-Server mit Zwischenspeicher zur Beschleunigung von Zugriffen üblich sind, ist es in der Regel kein Problem, einen solchen dritten Server zu finden. Im Rahmen der Zensurdiskussion der letzten Monate sind mittlerweile im In- und Ausland auch schon Proxy-Server für solche Umgehungen explizit eingerichtet worden (etwa am MIT fuer chinesische Staatsbürger, die die Zensur im eigenen Land unterlaufen möchten).\nBei verschlüsselter Kommunikation (etwa mit dem in allen gängigen Browsern eingebauten SSL-Support) entsteht ein nicht mehr in Echtzeit einsehbarer und nicht einfach verfälschbarer Kanal zwischen Server und Client. Für Dritte ist nicht erkennbar, welche Seiten abgerufen werden und welche Informationen sie enthalten.\nNews Artikel in den USENET News liegen in zahlreichen Kopien auf Tausenden von Servern überall auf der Welt vor. Löschungen (Cancel) werden von vielen dieser Server nicht mehr ausgeführt, nachdem es seit einigen Jahren immer wieder zu gefälschten Löschaufforderungen von Saboteuren kam. Die großen Archive fuer USENET News (DejaNews und AltaVista) führen grundsätzlich keine Löschungen aus. Über Archivanfragen ist es daher in der Regel möglich, auch auf ältere und lokal nicht mehr verfügbare Texte zuzugreifen. Dabei gilt wie bei Suchmaschinen für Webseiten (siehe oben): Artikel sind nicht nur unter einer festen Bezeichnung abrufbar, sondern werden auch zu beliebigen im Artikel enthaltenen Stichworten gefunden.\nIm Rahmen einer Untersuchung der bayrischen Staatsanwaltschaft wurde der Betreiber Compuserve aufgefordert, einige Newsgroups grundsätzlich nicht mehr bereitzustellen, da bei ihnen davon auszugehen sei, dass diese in Deutschland strafrechtlich relevante Inhalte enthielten. Die Leser dieser Gruppen beziehen diese jetzt direkt von anderen, nicht gesperrten Newsservern. Ausserdem gehen die Autoren von Artikeln für solche schlecht verbreiteten Newsgroups immer mehr dazu über, ihre Artikel zusätzlich in andere, thematisch unpassende, aber besser verbreitete Gruppen zu setzen.\nSo kam es zum Beispiel anläßlich der Sperrung des Servers www.xs4all.nl wegen des Angebotes der verbotenen Zeitschrift Radikal, Ausgabe 154 zweimal zu je einem Posting der Komplettausgabe der Radikal in den Diskussionsforen de.soc.zensur (Diskussion über Zensur und Inhaltskontrolle) und de.org.politik.spd (Forum des virtuellen Ortsverbandes der SPD).\nDa die Neueinrichtung von Newsgroups technisch automatisiert werden kann, kommt es vielfach zur Neueinrichtung schlecht verbreiteter Gruppen unter neuem Namen oder zum Angebot bekannter Gruppen unter Aliasnamen. So wurde die Gruppe de.talk.sex (Diskussionsforum über Sexualität) an einer deutschen Universität mehrere Jahre lang unter dem Namen de.soc.verkehr geführt, nachdem dort entschieden worden war, keine Gruppen mehr anzubieten, deren Bezeichnung den Begriff sex enthält.\nAndere Effekte von Sperrungsversuchen Jede Sperre kann unterlaufen werden, indem die gesperrte Information vielfach repliziert wird. Dann ist jedes Vorkommen dieser Information gesondert zu sperren. Dadurch werden die unangenehmen Nebenwirkungen der Sperrung vervielfacht, bis die Kosten fuer die Sperrung ihren Nutzen übersteigen. Im Falle der Sperrung von www.xs4all.nl wegen des Angebotes der verbotenen Radikal 154 existierten innerhalb kürzester Zeit über 40 Kopien der gesperrten Information. Die 6000 aus technischen Gründen mitgesperrten Anbieter wurden jedoch nicht repliziert. Bezüglich der angestrebten Wirkung wurde also eher das Gegenteil erreicht, während viele Anbieter durch die unbeabsichtigten Nebenwirkungen Verluste hinnehmen mußten.\nMit Hilfe der USENET News ist diese Replikation tausendfach automatisiert und mit minimalem Aufwand vorzunehmen. Aus diesem Grunde kam es nach der Sperrung von xs4all auch zu einer Verbreitung der Webseiten der Radikal in den News (die Webseiten der anderen 6000 Kunden von xs4all wurden nicht in die News eingespielt).\nAlle Kommunikation mit Hilfe des TCP/IP-Protokolls ist konstruktionsbedingt eine individuelle Ende-zu-Ende-Kommunikation zwischen zwei Partnern. Selbst bei Betrachtung des Dienstes ist nicht erkennbar, ob die abgerufenen Informationen privater Natur sind (es ist möglich und für viele Anwender auch notwendig, ihre persönliche Post per WWW zu lesen) oder ob es sich um öffentliche Information handelt. Derartige Information kann sogar gemischt auf einer Webseite auftreten. Es ist zweifelhaft, inwieweit eine Kontrolle solcher Verbindungen durch unspezifisches Abhören (ohne richterlichen Beschluß) gestattet ist, selbst wenn dieses Abhören durch einen Roboter geschieht, der auf Schlüsselworte oder Ratings reagiert.\nNicht nur vom Standpunkt der Kontrolle der Bewerter, sondern auch vom Standpunkt des technischen Netzbetriebes ist eine Offenlegung aller Sperrungen unbedingt notwendig. Wenn Sperrungen von Rechnern oder einzelnen Angeboten massenhaft umgesetzt werden, ist für den einzelnen Systembetreiber genau wie für den einzelnen Anwender nämlich nicht mehr entscheidbar, ob eine technische Störung vorliegt, die zu beheben ist, oder ob eine inhaltlich begründete Sperrung vorgenommen wurde. Damit wird einer zuverlässigen Fehleranalyse durch die Betreiber von Netzen oder einzelnen Maschinen jede Grundlage entzogen, da aus dem Vorliegen einer Störung keine sichere Verhaltensvorschrift zu ihrer Behebung abgeleitet werden kann. Andererseits können offengelegte Sperrlisten natuerlich leicht als Kataloge fuer sexuell explizite oder gewalttätige Angebote mißbraucht werden. Eine Sperrung wäre dann eine Art Qualitaetssiegel. Offengelegte Sperrungen sind mit entsprechend modifizierten Programmen außerdem automatisiert umgehbar.\nModifikation des Internet In dem heutigen Internet können Sperren nach den obigen Ausführungen also nicht oder nur mit unvertretbar hohen Kosten und Nebenwirkungen realisiert werden. Daraus ergibt sich die Frage, inwieweit das Internet modifiziert werden müßte, um effizientes Sperren von Inhalten zu erlauben.\nPrinzipiell bieten Firewallsysteme (die von Unternehmen eingesetzt werden, um ihr Netz gegen unbefugtes Eindringen aus dem Internet zu schützen) einen Ansatz, effektive Sperren aufzubauen. Durch die Philosophie, nur solchen Daten das Passieren der Barriere zu gestatten, denen es explizit gestattet wurde, erzwingt man das Einhalten von Richtlinien.\nÄhnliche Richtlinien müßten fuer die Nutzung der Internet-Dienste durch die Benutzer aufgestellt und ihre Einhaltung erzwungen werden. Dies kann durch die Verwendung der Firewalltechnologie als Barriere zwischen den Anwendern und dem Internet oder durch die Verwendung proprietärer Protokolle erzwungen werden. Entscheidend ist, daß Teilnehmer im Netz ausschließlich identifizierbar agieren koennen, daß nur freigegebene Dienste, Protokolle und Datenformate verwendet werden, daß die Verwendung kryptographischer Verfahren verboten wird und daß sämtliche Aktivitäten protokolliert werden. Durch diese Massnahmen soll sichergestellt werden, daß der Benutzer einer Sperre nicht mehr ausweichen kann durch Wechsel der Identität, des Protokolls oder durch Verschleierung der Daten.\nUnabhängig von der Frage, ob ein solches Verfahren mit einem demokratischen Rechtsstaat vereinbar wäre, gibt es auch wirtschaftliche und technische Gründe, die dagegen sprechen: Ein solches Netz wäre zentralistisch gesteuert und könnte nur unter großem Zeit- und Kostenaufwand an veränderte Anforderungen angepaßt werden. Sämtliche Online-Dienste haben dieses Modell auf Druck ihrer kommerziellen Benutzer aufgegeben. Der administrative Overhead einer solchen Lösung auf nationaler Ebene wäre gewaltig. Ausserdem wuerde jede Beschraenkung kryptographischer Verfahren eine Nutzung des Internet zur Übermittlung sensitiver Informationen beeinträchtigen.\nInsgesamt könnte ein solches Modell katastrophale Standortnachteile mit sich bringen. Kommunikation ist eine Ressource, die in ihrer Bedeutung den Arbeitskräften oder der Verkehrsinfrastruktur in keiner Weise nachsteht. Auf der anderen Seite kann man, wie sich am Beispiel China zeigen läßt, selbst auf diese Art die Verbreitung unerwünschter Inhalte nur begrenzt unterbinden, denn für jede der oben genannten Massnahmen existieren wiederum Gegenmaßnahmen.\nBewertung Eine zentrale Sperre von Inhalten im Internet läßt sich technisch nicht paßgenau vornehmen, ließe sich von den Benutzern bei Bedarf umgehen und wäre mit hohen Kosten verbunden (siehe auch Heimo Ponnath: Pornographie im Internet ? Dichtung und Wahrheit, inside online 2/3 1996). Bedingt durch die globalen Datennetze zeigt sich hier der Paradigmenwechsel in den Aufgaben des Staates durch die Informationsgesellschaft, wie Alexander Rossnagel beschreibt (Alexander Rossnagel: Globale Datennetze: Ohnmacht des Staates - Selbstschutz der Buerger, ZRP 1997, Heft 1, 26-30). Die Ohnmachtserfahrung des Staates in der globalisierten Welt bedeutet jedoch nicht gleichzeitig eine Kapitulation vor den neuen Gefahren, sondern die modernen Informationstechnologien bergen vielfältige Möglichkeiten, daß der Bürger sich selbst schützen kann. Daraus erwächst die Verpflichtung für den Staat, Strukturen zu schaffen, die seine Bürger befähigen, ihre Interessen in der Welt der Netze selbstbestimmt zu schützen.\nHier bietet also die dezentrale Kontrolle und Filterung durch den Benutzer einen Lösungsansatz. Dazu müssen jedoch die Bewertungen durch Dritte (etwa nach dem PICS-System) transparent und nachvollziehbar sein. Beispielhafte Filterkonfigurationen können von einer Vielzahl von Interessengruppen vorgeschlagen werden; der Benutzer muß jedoch die Möglichkeit haben, seine eigene Konfiguration individuell vorzunehmen oder anzupassen.\nEin universelles Rating wie PICS ist mit erhöhtem Zeitaufwand und zusätzlichen Kosten verbunden. Eine Reihe von Anbietern wird daher darauf verzichten. Den Ratingorganisationen kommt ein hohes Maß an Verantwortung zu, da jede Vorbewertung bereits zur Meinungsbildung der potentiellen Abrufer beiträgt und da absichtliche oder unabsichtliche Fehlbewertungen großen Schaden anrichten können. Geht es lediglich um die Gewährleistung eines Jugendschutzes im Internet, wäre es sehr viel billiger und unkritischer, wenn die Anbieter auf freiwilliger Basis ihre kindgerechten Materialien kennzeichneten und spezielle Kinderbrowser ähnlich dem TV-Kinderkanal nur solche Angebote darstellten (siehe he Net Labelling Delusion: Protection or Oppression ).\nDie Erfahrungen in den USA zeigen, daß Organisationen das Instrument der Bewertung von Inhalten für die Durchsetzung ihrer eigenen politischen Ziele unter dem Deckmantel des Jugendschutzes oder der Aufrechterhaltung der öffentlichen Moral mißbrauchen. Es ist zu verhindern, daß die Definition moralischer und gesellschaftlicher Werte in den Aufgabenbereich privater Organisationen übertragen wird. Durch eine Offenlegung der Bewertungsmaßstäbe und aller Bewertungen kann diese Gefahr des Mißbrauchs reduziert werden.\nDanksagung Wir danken Hannes Federrath und Andreas Pfitzmann von der Technischen Universitaet Dresden für zahlreiche Anregungen und Diskussionen, die zur Entstehung dieses Textes beigetragen haben.\nDie Autoren Kristian Köhntopp ist Diplominformatiker und arbeitet als freiberuflicher Consultant fuer heterogene Datennetze und Rechnersicherheit.\nMarit Köhntopp ist Diplominformatikerin und arbeitet beim Landesbeauftragten für den Datenschutz Schleswig-Holstein als Referentin in den Bereichen \u0026ldquo;Neue Medien und Informationstechnologien\u0026rdquo; sowie \u0026ldquo;Technikfolgenabschätzung\u0026rdquo;.\nMartin Seeger ist Diplominformatiker und Geschäftsführer der NetUSE ommunikationstechnologie GmbH. Das Unternehmen beschäftigt sich mit der Internet-/Intranet-Technologie und der Sicherheit von Rechnern in Netzen.\n","date":"1997-05-14T00:00:00Z","href":"https://blog.koehntopp.info/1997/05/14/sperrungen-im-internet.html","tags":["lang_de","politik","usenet","jugendschutz"],"title":"Sperrungen im Internet - Eine systematische Aufarbeitung der Zensurdiskussion"},{"categories":null,"content":"für die Mailingliste debate@fitug.de Bundesinnenminister Kanther eröffnete am 28 April 1997 den 5. IT-Sicherheitskongress in Bonn. Auf seiner Eröffnungsrede forderte der Minister, den Einsatz von Verschlüsselungsverfahren in der Bundesrepublik Deutschland zu reglementieren. Nach Kanthers Vorstellungen dürfen in Deutschland nur noch Verschlüsselungsverfahren zum Einsatz kommen, die es den Bundesbehörden erlauben, verschlüsselte Informationen nach Belieben zu decodieren.\nDerzeit ist der Einsatz und der Export von Verschlüsselungsverfahren in Deutschland nicht eingeschränkt, was der deutschen Industrie einen entscheidenden Wettbewerbsvorteil gegenüber den USA, Frankreich und anderen Ländern mit Kryptobeschränkungen gibt. Verfahren zur Verschlüsselung von Daten und zur digitalen Unterschrift machen von sogenannter \u0026ldquo;starker Kryptographie\u0026rdquo; gebrauch. Sie gelten als der Schlüssel zum digitalen Handeln, da nur durch solche Verfahren Geld und Geschäftsgeheimnisse sicher und unverfälscht über das Rechnernetze transportiert werden können.\nKanther selbst sagt in seiner Rede:\nMehr und mehr werden persönliche Daten, wichtige Geschäftskommunikation, Geschäftsabschlüsse und Geldtransaktionen mit Computern verarbeitet und über die modernenKommunikationsnetze geleitet. Wo das ohne hinreichenden Schutz geschieht, ist das oftmals geradezu eine Einladung an Kriminelle. Das Erschleichen einer Kreditkartennummer durch Hacking und der anschließende Mißbrauch, der Scheckkartenbetrug oder das Abzweigen von Geldbeträgen von einem Konto zum anderen lassen sich anonym unter Ausnutzung der elektronischen Kommunikationsmittel vollziehen. Die Täter verstecken sich in der Anonymität der Netze, verwischen ihre elektronische Spur, einen Tator gibt es nicht mehr. Strafverfolgungsbehörden und Polizei sind vor völlig neue Herausforderungen gestellt.\nKanther erwähnt dabei nicht, daß gerade kryptographisch starke Verfahren zur Signatur und zur Verschlüsselung von Informationen derartige Verbrechen schon im Ansatz verhindern können. Digital signierte Dokumente können nicht gefälscht werden und sicher verschlüsselte Texte können nicht abgehört werden. Der Einsatz von Kryptographie in Datennetzen erschwert also nicht die Verfolgung von Verbrechern, sondern er macht das Verbrechen selbst unmöglich. Der schleswig-holsteinische Datenschutzbeauftragte, Dr. Bäumler, formuliert dies in seinen Thesen zur Kryptographie unter anderem so:\n[ Es ist ] geradezu ein Gebot, die Bürger vor organisierten Verbrechern zu schützen bzw. genauer: ihnen zu erlauben, sich selbst wirksam zu schützen. Denn nur so können sie finanzielle Transaktionen über Netze abwickeln, ohne Opfer von Computerkriminalität zu werden.\nKanther fordert in seiner Rede, den Risiken, die sich aus der Technik ergeben auch mit den Mitteln der Technik zu begegnen und führt dabei unter anderem auch elektronische Wegfahrsperren als Mittel zur Verhinderung von Kraftfahrzeugdiebstählen an. Dieser Vergleich mutet seltsam unpassend an, handelt es sich dabei doch genau wie der Einsatz von kryptographischen Mitteln um ein klassisches Mittel zu Verbrechensprävention, nicht um ein staatliches Instrument zur Strafverfolgung. Eine Umsetzung von Kanthers Vorschlägen würde den Anwender von Datennetzen seiner legitimen Verteidigungsmöglichkeiten gegen Computerkriminelle berauben.\nKanther führt weiter aus, wie er sich die Kontrolle des Staates vorstellt:\nDies kann dadurch geschehen, daß die verwendeten Schlüssel sicher hinterlegt werden. Durch eine Kombination von organisatorischen, personellen, technischen und juristischen Maßnahmen kann jedem Verdacht einer Mißbrauchsmöglichkeit begegnet werden.\nKanther sagt dies eine Woche, nachdem der Spiegel berichtet, daß auch eine Kombination von organisatorischen, personellen, technischen und juristischen Maßnahmen nicht ausgereicht hat, illegale Datenströme zwischen dem Pullacher Verfassungsschutz und Angehörigen der CSU zu verhindern.\nEine Hinterlegung von privaten Schlüsseln erlaubt es jedem der diese Schlüssel kennt, die Persona des Schlüsselinhabers im Netz zu übernehmen, seine Kommunikation mitzulesen, in seinem Namen Nachrichten zu versenden, Verträge abzuschließen oder Verbrechen zu begehen. Jemandem seine digitalen privaten Schlüssel zu übergeben bedeutet, sich dieser Person oder Institution persönlich und wirtschaftlich vollkommen auszuliefern. Die Hinterlegung der privaten Schlüssel bei einer Schlüsselzentrale entspricht der Erteilung einer unumschränkten Unterschriften- und Kontovollmacht auf das bloße Versprechen hin, daß die Schlüsselzentrale von dieser Vollmacht nur zum größeren Nutzen der Allgemeinheit Gebrauch machen wird.\nNiemand, der klar bei Verstand ist, kann einer solchen Verpflichtung nachkommen. Die von Kanther geforderte Schlüsselhinterlegung würde jede Form von digitalem Kommerz in Deutschland schon im Ansatz abwürgen und den ohnehin schon gefährdeten Standort Deutschland im internationalen Wettbewerb noch weiter zurückwerfen.\nKanther fordert dies auch, obwohl die Möglichkeiten der Strafverfolger durch die Reform der Telekommunikationsgesetze und den großen Lauschangriff schon stark ausgeweitet worden sind. Nicht nur das: Kanthers Ministerium bleibt konsequent den Beweis nach Wirksamkeit dieser Maßnahmen schuldig. Obwohl diese Gesetze eine Einschränkung des Fernmeldegeheimnisses und des Rechtes auf Unverletzlichekeit der Wohnung darstellen, existieren noch immer keine veröffentlichten Daten darüber, ob der Erfolg dieser Maßnahmen diese Einschnitte in wesentliche Grundrechte rechtfertigt.\nAuch in einem unbefangenen Beobachter muß dabei doch der Verdacht aufkommen, daß es mit der Wirksamkeit dieser Maßnahmen nicht so weit her sein kann. Wieviel wirkungsloser wird dann ein Verbot nicht genehmigter Kryptographie sein, wenn die Sachverständigen schon im Vorfeld bescheinigen, daß ein solches Verbot für die Strafverfolgung praktisch wirkungs- und wertlos sein wird?\nUnd Stimmen, die ein solches Verbot nicht genehmigter, harter Kryptographie ablehnen, gibt es zuhauf: Datenschützer, Verfassungsrechtler, Wissenschaft und Industrie lehnen eine solche Regelung geschlossen ab. \u0026ldquo;Wohlwollende\u0026rdquo; Unterstützung für seinen Vorschlag findet Kanther vorwiegend im Ausland, etwa bei unseren amerikanischen \u0026ldquo;Freunden\u0026rdquo;, für die eine nicht mehr abhörbare Kommunikation deutscher Wirtschaftsunternehmen ein schwerer Rückschlag auf dem Gebiet der Industriespionage wäre.\nWie praktisch wäre es dagegen, müßte man sich die Schlüssel deutscher Firmen nicht mehr einzeln in jedem Werk besorgen, sondern könnte gezielt das System der zentralen deutschen Schlüsselverwaltung anzapfen - die womöglich sogar mit von amerikanischen Firmen gelieferter Hardware und Systemsoftware betrieben würde. Für die Wettbewerbsfähigkeit der deutschen Wirtschaft ist es essentiell, sich selbst vor Wirtschaftsspionage und vor der Verfälschung der eigenen Kommunikation schützen zu können. Funktionieren kann dies nur, wenn es der Industrie möglich ist, Verfahren ohne Sollbruchstelle und Hintertüren einzusetzen.\nIn den letzten Jahren ist es im Innenministerium Mode geworden, unter dem Verweis auf die sogenannte organisierte Kriminalität ein Grundrecht nach dem anderen schrittweise durch den Gesetzgeber einschränken zu lassen. Vielleicht sollte jetzt erst einmal der Beweis angetreten werden, daß die bisher gemachten Zugeständnisse der Bürger an ihren Staat Früchte tragen und die von uns allen ermöglichten Maßnahmen auch tatsächlich wirksam sind. Vielleicht sollten wir alle uns auch einmal fragen, ob wir uns nicht selbst auf eigene Verantwortung vor den schwarzen Schafen in unserer Gemeinschaft schützen können.\nGanz sicher sollten wir uns jedoch klarmachen, daß eine Reglementierung kryptographischer Verfahren ein Irrweg ist. Ein Irrweg, der fordert, daß Bürger und Firmen ihre digitale Seele bei einem Staat hinterlegen, der für ihre Sicherheit nicht garantieren kann.\nUnd ganz dringend sollten wir alle uns klarmachen, daß dieses Thema uns alle und ohne Ausnahme angeht: Eine Renterin trägt ihr Geld zu Fuß zu einer Sparkasse tragen - die Sparkasse wird dieses Geld digital transferieren. Ein Arbeiter mag mit handfesten Gerätschaften an einem Fließband schaffen - das Nervensystem seiner Firma und die Kronjuwelen der Entwicklung werden jedoch mit Sicherheit in einem Rechnersystem vorliegen. Die Beamtin im Einwohnermeldeamt oder im Finanzamt mag noch immer mit Schreibmaschine und Stempel arbeiten - aber die Melderegister und Steuerbescheide liegen in Rechnern vor. Der Hausarzt mag mit dem Fahrrad in die Praxis kommen und seine Patienten alle mit dem Vornamen kennen - für die Kassenrechnung muß er Krankengeschichten und Leistungen in Computersystemen vorhalten. Und man mag mit seiner Bäckerin am Samstagmorgen über dem Brötchenkauf gerne ein nettes Schwätzchen halten - aber die Umsatzdaten des Supermarktes laufen über ein digitales Kassensystem bis in die Konzernzentrale.\nWir alle sind, ob wir es wollen oder nicht und ob wir es wissen oder nicht, Anwender von Informationstechnologie und Datennetzen. Netze und Informationen, die nur dann sicher sein können, wenn ihre Betreiber nicht durch einen übereifrigen Staat daran gehindert werden. Es muß unser aller Interesse sein, dies unserem Staat klar zu machen.\nDENN:\nDas Recht auf Kryptographie ist das Recht auf Privatsphäre.\nDas Recht auf Kryptographie ist das Recht auf wirtschaftliches Überleben.\nDas Recht auf Kryptographie ist das Recht auf digitale Selbstverteidigung.\nDas Recht auf Kryptographie ist ein Menschenrecht.\n","date":"1997-04-01T00:00:00Z","href":"https://blog.koehntopp.info/1997/04/01/das-recht-auf-digitale-selbstverteidigung.html","tags":["lang_de","publication","internet"],"title":"Das Recht auf Kryptographie ist das Recht auf digitale Selbstverteidigung"},{"categories":null,"content":"Für die Mailingliste debate@fitug.de Unsere Supermärkte sind voll von Waren aus jedem Teil der Republik, von Früchten und Gewürzen aus tropischen Ländern, von Rindfleisch aus Argentinien und Fisch aus allen sieben Weltmeeren. An jedem Stück in den Regalen klebt Blut.\nJeden Tag sterben auf Deutschlands Straßen Menschen und noch mehr werden verkrüppelt oder verletzt. Jeden Tag werden tonnenweise Treibhausgase erzeugt, Schwermetalle in die Luft geblasen und krebserregende Chemikalien erzeugt, um unsere Regale mit all diesem Luxus zu füllen. Ja, jeden Tag werden massenweise Güter bewegt und Rohstoffe konsumiert, um noch mehr Autos zu bauen.\nTrotz dieses immens hohen gesellschaftlichen Preises stellt keine politische Partei die Notwendigkeit von Autoverkehr und der Automobilindustrie grundsätzlich in Frage. Natürlich wird versucht, die Anzahl der Opfer von Verkehrsunfällen zu senken und die Schwere der Verletzungen abzumildern. Aber der Grundkonsens ist klar: Deutschland kann seine Position als eines der führenden Industrieländer nicht halten, ohne diesen Preis zu zahlen. Einzelne mögen auf ein eigenes Automobil verzichten, aber gesamtgesellschaftlich ist Deutschland ohne durchgehende Motorisierung nicht funktionsfähig - das ist selbst den linkesten Ökos klar. Gestritten wird günstigstenfalls über die Höhe des zu entrichtenden Preises bzw. der Ausgleichszahlungen in Form von Steuern für diesen Luxus. Außerdem muß jeder, der den Automobilverkehr grundsätzlich kritisiert und den Grundkonsens in Frage stellt sich fragen lassen, ob er auf die ohne Frage nützlichen oder gar lebensrettenden Effekte schneller Personen- und Güterbeförderung verzichten möchte.\nTrotzdem wir alle wissen und akzeptieren, daß Automobile töten können und immer töten werden, kämpfen wir alle doch um jedes einzelne Unfallopfer weniger. Jeder von uns trägt jeden Tag seinen Teil dazu bei, den Straßenverkehr sicherer zu machen.\nKryptographische Verfahren haben für die Handel und Verkehr in Datennetzen dieselbe Bedeutung wie der Ottomotor für Handel und Verkehr in der realen Welt. Sie sind der Motor, der virtuelle Waren- und Geldströme erst richtig beflügeln könnte, das schlagende pulsierende Herz einer Onlinewirtschaft, die gerade im entstehen begriffen ist. Ohne kryptographische Verfahren gibt es in Datennetzen keine Geheimnisse und damit keinen Informationsvorsprung, der sich an andere verkaufen ließe. Ohne kryptographische Verfahren gibt es in Datennetzen keine digitalen Unterschriften und damit keine bindenden Verträge. Ohne kryptographische Verfahren gibt es in Datennetzen keine digital von Banken unterschriebenen Geldscheine und damit keine Währung, für die es sich lohnen würde, überhaupt eine Onlinewirtschaft zu betreiben. Kryptographische Verfahren sind die Technologie, die die Onlinewirtschaft aus dem virtuellen Postkutschenzeitalter in die digitale Industriegesellschaft katapultieren kann.\nKrytoreglementierung bedeutet nicht, auf der Datenautobahn eine Geschwindigkeitsbegrenzung einzuführen. Eine Kryptoreglementierung kommt stattdessen einem Verbot von Ottomotoren gleich.\nEs gibt politische Stimmen, die befürchten, daß durch den freien Gebrauch von Kryptographie Menschen zu schaden kommen können.\nDas ist richtig.\nUnzweifelhaft wird es durch den allgemeinen Gebrauch von verschlüsselten Nachrichten und digital signierten Dokumenten zu neuen, möglicherweise nur schwer aufzuklärenden oder zu verhindernden Verbrechen kommen. Auch die Erfindung des Automobils hat ja eine ganze Menge von Delikten überhaupt erst möglich gemacht: Verkehrsdelikte, Fluchtwagen, Mordinstrument oder Tarnung von Morden als Unfälle - dazu schleichende Umweltschäden, die wir in unserer Gesellschaft nicht als Verbrechen werten. Wie beim Automobil müssen wir wohl auch bei der Kryptographie einen solchen Preis in Kauf nehmen, wollen wir die Vorteile dieser Technologie für uns nutzen und an der nächsten Stufe der industriellen Entwicklung vorne mit dabei sein.\nWir können uns erlauben, über die Höhe des Blutzolles zu streiten, den wir entrichten müssen, wenn wir am Zeitalter des digitalen Kommerzes teilhoben wollen. Aber wenn wir an dieser neuen Industrie teilhaben wollen, werden wir dafür bezahlen müssen. Und wenn wir uns entscheiden sollten, Kryptographie zu reglementieren und damit effektiv zu verbieten, dann müssen wir uns fragen lassen, ob wir auf die nützlichen oder gar lebensrettenden Effekte dieser Technologie verzichten wollen.\nDer Grundkonsens muß klar sein: Deutschland kann seine Position als eines der führenden Industrieländer nicht halten, wenn es auf die Basistechnologie der digitalen Industrie verzichtet - das ist selbst den rechtesten Hardlinern klar. Einzelne mögen auf den Einsatz von kryptographischen Verfahren verzichten, aber gesamtgesellschaftlich ist Deutschland ohne breiten Einsatz von Verschlüsselungs- und Signiertechnologie nicht konkurrenzfähig.\nWie zentral die Rolle der Kryptographie ist, wird erst deutlich, wenn man sich unser Land als konsequent Informationstechnologie nutzend denkt:\nMan stelle sich einmal vor, Übertragungen von potentiell milliardenschweren Neuentwicklungen über ein Datennetz vorzunehmen, dessen digitale Verschlüsselungstechnologie eingebaute Sollbruchstellen hat, die Dritten gleich welcher Legitimation Zugriff auf die übertragene Information zu geben.\nMan stelle sich einmal vor, Geldtransaktionen des größeren Teils der deutschen Wirtschaft mit Schlüsseln zu schützen, die außer den beteiligten Instituten noch Dritten bekannt sind.\nIst es nicht besser, wenn einige Verbrechen unaufgeklärt bleiben, weil es keine zentrale Schlüsselhinterlegungszentrale gibt, als daß auch nur die Möglichkeit bestünde, daß jemand Zugriff auf die gesamte deutsche Wirtschaft bekommt, weil eine ebensolche Schlüsselhinterlegungszentrale existiert?\nWir müssen wissen und akzeptieren, daß es solche unaufgeklärten Verbrechen geben wird. Und wir müssen trotzdem kämpfen, daß es weniger solche Verbrechensopfer geben wird. Aber wir können uns dabei auf keinen Fall leisten, auf starke kryptographische Verfahren zu verzichten, ja wir müssen sogar unbedingt alle nur verfügbare Energie in die Entwicklung noch härterer Verfahren stecken und jede nur denkbare Schwachstelle in den vorhandenen Verfahren ausmerzen.\nAber laßt uns nicht in die Falle von Dorothy Denning gehen: Weil im Schutze digitaler Kommunikation und Verschlüsselung einige schreckliche Verbrechen geschehen, können wir nicht auf die Schlüsseltechnologie des nächsten Industriezeitalters verzichten\njedenfalls nicht, ohne uns gleichzeitig in die Rolle eines Entwicklungslandes zu begeben. Wir würden das auch niemals tun, genausowenig, wie wir die Schließung der deutschen Autobahnen und die Zerschlagung der Autokonzerne fordern würden, nachdem wir die Bilder von Unfallopfern gesehen haben - denn wenn wir das täten, wäre Deutschland im Nu ein Entwicklungsland. ","date":"1997-01-01T00:00:00Z","href":"https://blog.koehntopp.info/1997/01/01/kryptographie-toetet.html","tags":["lang_de","publication","internet"],"title":"Kryptographie tötet - na und?"},{"categories":null,"content":" Der Apache WWW-Server Der Apache WWW-Server ist ein Server der zweiten Generation. Das bedeutet, er entstand auf der Grundlage der Erfahrungen, die beim Betrieb von WWW-Servern unter sehr hoher Last gemacht wurden, und er bietet erweiterte Möglichkeiten zur dynamischen Erzeugung von Seiten über CGI (Common Gateway Interface) und über eine servereigene Programmierschnittstelle (Server API).\nDer Server selbst ist auf praktisch jeder modernen UNIX-Plattform einsetzbar, und Portierungen auf Windows NT und OS/2 sind ebenfalls verfügbar.\nApache übersetzen Wie es sich für ein frei verfügbares UNIX-Programm gehört, ist der Server in Quelltextform erhältlich. Zusätzlich werden auf http://www.apache.org/ auch Binärversionen für die verbreitesten UNIX-Versionen bereitgestellt. Ist die eigene UNIX-Version nicht unter diesen zu finden oder möchte man den Server mit experimentellen Optionen betreiben, muss man ihn sich selbst übersetzen. Zum Glück ist das nicht sehr schwierig.\nApache kommt, wie üblich, als mit gzip gepacktes tar-Archiv. Nach dem Auspacken mit\n/tmp$ gzip -dc apache*tar.gz | tar xvf - entsteht ein Verzeichnis mit dem Namen apache_x.y.z, wobei x.y.z die Versionsnummer des Servers angibt. Es enthält die folgenden Unterverzeichnisse:\ncgi-bin Dieses Verzeichnis enthält einen Satz Beispielprogramme zur CGI-Programmierung in Form von Scriptdateien. cgi-src Dieses Verzeichnis enthält weitere Beispielprogramme zur CGI-Programmierung, die in C geschrieben wurden. Diese Programme müssen zunächst compiliert werden, bevor sie im Verzeichnis cgi-bin installiert werden können. conf Dieses Verzeichnis enthält Beispiel-Konfigurationsdateien. Die Namen dieser Konfigurationsdateien enden auf -dist. Zum Gebrauch muss die jeweilige Konfigurationsdatei kopiert und unbedingt für den lokalen Bedarf angepasst werden. icons Die eingebaute Apache-Funktion zur Anzeige von Verzeichnissen kann Dateien mit dateitypspezifischen Icons anzeigen. Dieses Verzeichnis enthält einen Satz Beispiel-Icons, die vom Server dazu verwendet werden. logs Dieses Verzeichnis ist zunächst leer. Der Server wird später im Betrieb seine Logbücher hier ablegen. Diese Logbücher können je nach Serverauslastung sehr umfangreich werden. src Dieses Verzeichnis enthält den C-Quelltext des Servers. Es wird für den Betrieb nicht benötigt. support Dieses Verzeichnis enthält weitere C-Quelltexte zu Hilfsprogrammen für den Serverbetrieb. Sie müssen compiliert werden, wenn man Eigenschaften des Servers für Fortgeschrittene nutzen möchte: Benutzeridentifikation mit Paßworten, DBM-Benutzerdatenbanken für sehr große Benutzerzahlen und verschiedene andere. Konfigurationsdatei anpassen Im src-Verzeichnis befindet sich die Datei Configuration. Dies ist die einzige Datei, die angepasst werden muss, um den Apache-Server für eine unterstützte Plattform zu übersetzen. In dieser Datei ist auch einzustellen, welche Module in den Server eingebunden werden sollen.\nFolgende Einstellungen sind mit einem Texteditor an dieser Datei vorzunehmen:\nCC= Wahl des C-Compilers. Der Server kann entweder mit dem normalen Systemcompiler cc oder mit dem GNU-C-Compiler gcc übersetzt werden, wenn dieser auf dem System vorhanden ist. CFLAGS= Optionen für den Aufruf des C-Compilers. Mit dieser Variable können die Optionen für den Lauf des Compilers festgelegt werden. Normalerweise wird man hier den Optimierungslevel des Compilers angeben, also beispielsweise -O2. Für den späteren Betrieb des Servers mit Server Side Includes kann hier die Option -DXBITHACK mit angegeben werden. Für schnelleren Betrieb auf Kosten der Lesbarkeit von Logfiles kann hier die Option -DMINIMAL_DNS mit angegeben werden. Die Option -DMAXIMAL_DNS führt dagegen für alle Clients eine doppelte Abfrage des Nameservers durch, was Fälschungen von Hostnamen erschwert, aber sehr langsam ist.\nFür den normalen Betrieb sollten diese Optionen zunächst einmal weggelassen werden. Sie sind nicht unmittelbar notwendig und haben Nebeneffekte, die verstanden sein müssen, bevor die Optionen sinnvoll einsetzbar sind.\nLFLAGS= Optionen für den Aufruf des Linkers. Mit dieser Variable können die Optionen für den Lauf des Linkers festgelegt werden. Normalerweise ist diese Variable leer. EXTRA_LIBS= Optionen für das Linken zusätzlicher Bibliotheken. Mit dieser Variable können zusätzliche Bibliotheken zum Linken des Programmes angegeben werden. Normalerweise ist diese Variable leer. AUX_*= Betriebssystemspezifische Optionen und Bibliotheken. Diese Variablen stehen in Blöcken nach Betriebssystemen sortiert beisammen. Sie legen fest, für welche Betriebssystemversion der Server übersetzt werden soll. Im Auslieferungszustand ist der Server für SunOS 4 konfiguriert. Diese Einstellung muss für das Zielbetriebssystem angepaßt werden. Dazu ist die Zeile für SunOS 4 zu deaktivieren und die Zeile für das gewünschte Betriebssystem zu aktivieren. Um den Apache-Quelltext zum Beispiel für die Übersetzung auf Solaris 2 zu konfigurieren, muss der Block # For SunOS 4 AUX_CFLAGS= -DSUNOS4 # For Solaris 2. #AUX_CFLAGS= -DSOLARIS2 #AUX_LIBS= -lsocket -lnsl folgendermaßen geändert werden:\n# For SunOS 4 #AUX_CFLAGS= -DSUNOS4 # For Solaris 2. AUX_CFLAGS= -DSOLARIS2 AUX_LIBS= -lsocket -lnsl Weiter unten in der Konfigurationsdatei befindet sich der Abschnitt zur Konfiguration der Module, aus denen der Server zusammengesetzt wird. Die Einstellungen in diesem Bereich sind in der Regel für den Normalbetrieb korrekt und brauchen nicht verändert zu werden. Die Kommentare in diesem Abschnitt der Konfigurationsdatei geben weitere Hinweise.\nDen Server übersetzen Nachdem die Konfigurationdatei angepasst ist, müssen die Informationen aus dieser Datei in den C-Quelltext des Programmes eingearbeitet werden. Dies geschieht automatisch durch den Aufruf des Scriptes Configure:\n/tmp/apache_1.0.3/src$ ./Configure Using \u0026#39;Configuration\u0026#39; as config file Danach kann der Server übersetzt werden. Der Übersetzungsprozeß wird durch das UNIX-Werkzeug make automatisch gesteuert. Es genügt, im src-Verzeichnis make aufzurufen:\n/tmp/apache_1.0.3/src$ make gcc -c -O2 -DLINUX alloc.c ... Nach erfolgreichem Abschluss des Übersetzungsvorgangs wird im src-Verzeichnis eine Datei httpd hinterlassen, die ausführbar ist und mit dem file-Kommando als Programm identifiziert wird.\n/tmp/apache_1.0.3/src$ ls -l ./httpd -rwxr-xr-x 1 root root 82260 Nov 4 10:42 ./httpd /tmp/apache_1.0.3/src$ file ./httpd ./httpd: ELF 32-bit LSB executable i386 (386 and up) Version 1 Die Hilfsprogramme übersetzen Für den einfachen Serverbetrieb genügt es, das Serverprogramm httpd zur Verfügung zu haben. Für den fortgeschrittenen Betrieb ist es jedoch nützlich, auch die optionalen Hilfsprogramme in den Verzeichnissen cgi-src und support zu übersetzen und zu installieren. Zum Glück sind diese Programme kaum systemspezifisch und können mit einem einfachen Aufruf von make in den betreffenden Verzeichnissen übersetzt werden:\n/tmp/apache_1.0.3/cgi-src$ make gcc -c -g query.c ... /tmp/apache_1.0.3/cgi-src$ cd ../support/ /tmp/apache_1.0.3/support$ make gcc -g htpasswd.c -o htpasswd ... Eventuell bei der Übersetzung auftretende Warnungen sind normal und können ignoriert werden.\nDen Server installieren Neben dem eigentlichen Serverprogramm httpd werden zum Betrieb des Servers noch verschiedene zusätzliche Verzeichnisse benötigt. Alle diese Dateien und Verzeichnisse sollen in einem gemeinsamen Sammelverzeichnis installiert werden, das in der Terminologie von Apache als ServerRoot bezeichnet wird. Viele Serverbetreiber wählen als ServerRoot das Verzeichnis /var/httpd. Dieser Text geht ebenfalls davon aus, daß mit dieser ServerRoot installiert wird.\nvar `-- httpd |-- cgi-bin |-- conf |-- icons `-- logs Verzeichnisstruktur ServerRoot: /var/httpd und die Unterverzeichnisse\nhome `-- www |-- icons |-- pd-software `-- texte Verzeichnisstruktur DocumentRoot: /home/www und die Unterverzeichnisse\nAußerdem wird der Server in Zukunft auf einen weiteren Verzeichnisbaum zugreifen, der die HTML-Dokumente enthält, die geservt werden sollen. Diese zweite Verzeichnishierarchie wird als DocumentRoot bezeichnet. Im Gegensatz zur ServerRoot ist die Verzeichnisstruktur der DocumentRoot selbst vollkommen frei wählbar. Die in der Abbildung gegebene Aufteilung ist nur ein Beispiel.\nBeide Verzeichnishierarchien sind unterschiedlich und sollen sich nicht überlappen. Auf gar keinen Fall sollte die ServerRoot unterhalb der DocumentRoot liegen, denn sonst könnte man über den WWW-Server auf seine Konfigurationsdateien und Passworte zugreifen, und das ist eine ausgesprochen schlechte Idee. Auch andersherum sollte die DocumentRoot nicht unterhalb der ServerRoot liegen, obwohl das nicht unmittelbar schädlich ist. Viele Serverbetreiber wählen als DocumentRoot das Verzeichnis /home/www, und das ist auch das Verzeichnis, das in diesem Text verwendet wird.\nZur Installation ist es notwendig, die Verzeichnisse für die ServerRoot und die DocumentRoot anzulegen und ihnen die notwendigen Rechte zu geben. Zunächst wird das ServerRoot-Verzeichnis angelegt und der Server selber in ihm installiert:\n/var# mkdir httpd /var# chown root.root httpd /var# chmod 755 httpd /var# cp /tmp/apache_1.0.3/src/httpd httpd/httpd /var# chown root.root httpd/httpd /var# chmod 111 httpd/httpd Danach müssen die vorgefertigten Dateien aus den Verzeichnissen cgi-bin, conf und icons übernommen werden.\n/var# cd httpd /var/httpd# mkdir cgi-bin conf icons logs support /var/httpd# chown root.root cgi-bin conf icons logs support /var/httpd# chmod 755 cgi-bin conf icons logs support /var/httpd# cp /tmp/apache_1.0.3/cgi-bin/* cgi-bin/ /var/httpd# cp /tmp/apache_1.0.3/icons/* icons/ /var/httpd# cp /tmp/apache_1.0.3/conf/* conf/ /var/httpd# cp /tmp/apache_1.0.3/support/htpasswd support/ /var/httpd# cp /tmp/apache_1.0.3/support/httpd_monitor support/ /var/httpd# cp /tmp/apache_1.0.3/support/unescape support/\u0026lt;/small\u0026gt; Schließlich muss auch die DocumentRoot noch angelegt werden. Dokumente auf dem WWW-Server sollen unter Umständen auch durch normale Benutzer erzeugt werden dürfen. Es ist also sinnvoll, eine Benutzergruppe webmaster anzulegen und dieser Benutzergruppe Schreibrechte an der DocumentRoot zu geben. Dies ist recht einfach auf die folgende Weise möglich:\n/home# echo \u0026#34;webmaster::60001:\u0026#34; \u0026gt;\u0026gt; /etc/group /home# mkdir www /home# chown kris.webmaster www /home# chmod 775 www Unterhalb dieses Verzeichnisses kann dann die benötigte Dokumentenstruktur nach Bedarf durch beliebige Benutzer der Gruppe webmaster angelegt werden. Benutzer werden der Benutzergruppe webmaster zugefügt, indem ihre Benutzernamen im vierten (letzten) Feld der entsprechenden Zeile in der Datei /etc/group eingetragen werden. Die betreffenden Benutzer müssen sich neu einloggen, damit die Änderung wirksam wird.\nApache konfigurieren Dieser Abschnitt beschreibt die Konfiguration des WWW-Servers gerade weit genug, um den Server in Betrieb nehmen zu können. Eine vollständige Beschreibung der Apache-Konfiguration befindet sich im Apache Referenzhandbuch (manual.ps), das Bestandteil der Serverdistribution ist.\nAufrufoptionen Der Apache WWW-Server versteht nur wenige Aufrufoptionen. Die eigentliche Konfiguration des Servers erfolgt über Konfigurationsdateien, und die Aufrufoptionen des Servers beschränken sich darauf, dem Server mitzuteilen, wo sich diese Konfigurationsdateien befinden. Die Optionen sind im Einzelnen:\n-d documentroot Setzt den ursprünglichen Wert der Variablen DocumentRoot auf documentroot. Dies kann in der Konfigurationsdatei mit dem Kommando DocumentRoot überschrieben werden. Der Defaultwert ist /usr/local/etc/httpd. -f config Führt die Kommandos in der Datei config beim Start des Servers aus. Wenn config nicht mit einem / beginnt, wird der Pfadname relativ zur ServerRoot interpretiert. Der Defaultwert ist conf/httpd.conf. -X Der Server wird im Debugmodus gestartet. Er erzeugt keine Kindprozesse und löst sich auch nicht von der Console, um in den Hintergrundmodus zu gehen. -v Druckt die Versionsnummer des httpd und beendet sich dann. -? Druckt eine Liste der Optionen des Servers und beendet sich dann. Um den Server zu starten, ist es also notwendig, die benötigten Konfigurationdateien zu erzeugen. Der Server kann dann entweder mit dem Kommando\n~# /var/httpd/httpd -f /var/httpd/conf/httpd.conf oder mit dem Kommando\n~# /var/httpd/httpd -d /var/httpd aktiviert werden.\nMinimale Konfigurationsdateien Der Server liest beim Start drei Konfigurationsdateien ein. Jede dieser Dateien kann Schlüsselworte enthalten, die die Werte bestimmter Variablen festlegen und so den Betrieb des Servers steuern. Die Pfadnamen dieser Dateien werden wie üblich relativ zur ServerRoot interpretiert, wenn sie nicht mit einem / beginnen. Standardmäßig sind dies die folgenden Dateien:\nconf/httpd.conf Diese Datei enthält globale Steuerparameter für den WWW-Server. conf/srm.conf Diese Datei steuert das \u0026ldquo;Server Ressource Managment\u0026rdquo;. Das heisst, sie legt fest, welche URLs auf welche Pfade im Dateisystem abgebildet werden, und ob es sich bei den durch URLs referenzierten Dokumenten um statische Dateien oder um dynamisch erzeugte Dokumente handelt. Diese Variable kann mit dem Schlüsselwort RessourceConfig überschrieben werden. conf/access.conf Mit Hilfe dieser Datei können global Zugriffsrechte für bestimmte Verzeichnisse vergeben werden. Mit dem Schlüsselwort AccessConfig kann eine alternative Konfigurationsdatei bestimmt werden. Weiterhin legt der Server drei Dateien im Verzeichnis logs/ an. Einige dieser Dateien sind Logbücher, die je nach Serverlast sehr schnell sehr groß werden können. Es ist notwendig, diese Dateien regelmäßig zu sichern und den Server danach mit einem Signal zu wecken, damit er neue Logdateien aufsetzt. Die Dateien sind:\nlogs/httpd.pid Diese Datei wächst nicht und braucht auch nicht gesichert zu werden. Sie enthält in ASCII die PID des Serverprozesses. Dadurch ist es leicht möglich, den Server mit dem Kommando ~# kill -HUP `cat /var/httpd/logs/httpd.pid` zu wecken. Der Hauptprozeß des Servers wird alle seine Kindprozesse von der Änderung informieren, so daß ein einziges Signal zur Steuerung des Servers ausreichend ist.\nMit dem Schlüsselwort PidFile ist es möglich, diesen Pfadnamen zu ändern.\nlogs/error_log In dieser ständig wachsenden Datei werden alle Fehler beim Zugriff auf Komponenten des Servers mitgeloggt. Insbesondere finden sich hier auch die Fehlerausgaben von CGI-Scripten. Sollten solche Scripte also einmal nicht funktionieren, kann man dieser Datei die dabei entstehenden Meldungen entnehmen. Mit dem Schlüsselwort ErrorLog kann eine andere Logdatei festgelegt werden. Für virtuelle Hosts können unterschiedliche Logdateien bestimmt werden.\nlogs/access_log In dieser sehr schnell wachsenden Datei wird jeder Zugriff auf den Server geloggt. Es ist möglich, diese Datei zur Erzeugung von Zugriffstatistiken auszuwerten. Mit dem Schlüsselwort TransferLog kann ein anderer Dateiname festgelegt werden. Für virtuelle Hosts können unterschiedliche Logdateien bestimmt werden.\nUm den Server zu konfigurieren, kopiert man sich zweckmäßigerweise die mitgelieferten Beispiel-Konfigurationsdateien und paßt sie für die eigene Konfiguration an:\n/var/httpd/conf# cp access.conf-dist access.conf /var/httpd/conf# cp httpd.conf-dist httpd.conf /var/httpd/conf# cp srm.conf-dist srm.conf conf/httpd.conf Die mit dem Server ausgelieferte beispielhafte Konfigurationsdatei conf/httpd.conf enthält eine Reihe von Schlüsselworten zur Konfiguration des WWW-Servers. Im Einzelnen:\nPort Dieses Schlüsselwort legt fest, auf welchem TCP-Port der Server seine Dienste anbieten soll. In UNIX sind die Ports mit Portnummern kleiner 1024 geschützt und nur Programmen mit Systemverwaltungsrechten zugänglich. Der Server muss also vom Systemverwalter gestartet werden, wenn er auf dem HTTP-Standardport 80 serven soll. Für Server, die mit Benutzerrechten gestartet werden, hat es sich eingebürgert, den frei verfügbaren Port 8080 zu verwenden. Die Konfigurationsdatei enthält dann eine Anweisung der Art Port 8080.\nUser und Group Wenn der Server durch einen Systemverwalter gestartet wird, verwendet er die Systemverwalterrechte nur, um sich an den angegebenen Port zu binden. Alle anderen Dinge, insbesondere den Zugriff auf Dateien und das Starten von externen Programmen, erledigt der Server nicht unter dieser Benutzerkennung, um böse Überraschungen zu vermeiden. Mit den Anweisungen User und Group wird der Server stattdessen auf eine Benutzer- und Gruppennummer konfiguriert, die ungefährlicher ist. Die Angabe dieser Werte kann numerisch in der Form #zahl erfolgen, oder der Name eines Benutzers oder einer Benutzergruppe kann direkt gegeben werden. Beispiel:\nUser nobody Group #60001 ServerAdmin Dieses Schlüsselwort teilt dem Server die Mailadresse der für die Serververwaltung zuständigen Person mit. Der Server nennt diese Adresse in Fehlermeldungen als Adresse eines Ansprechpartners. Zukünftige Versionen des Servers werden selbstständig Problemreports an diese Adresse senden. ServerRoot Legt das ServerRoot-Verzeichnis fest. In unserer Beispielkonfiguration geschähe dies mit der Anweisung ServerRoot /var/httpd. PidFile ErrorLog TransferLog Diese drei Schlüsselworte bestimmen, wie bereits im Abschnitt oben beschrieben, die Lage der verschiedenen Logdateien. ServerName Ein Webserver muss gelegentlich wissen, unter welchem kanonischen Namen er selbst anzusprechen ist. Apache versucht, dieses Namen automatisch zu ermitteln, aber wenn dies nicht gelingt oder wenn man sicher gehen will, ist es notwendig, dem Server seinen eigenen Namen in der Konfigurationsdatei mitzuteilen. Das erfolgt dann mit diesem Schlüsselwort. Der Parameter ist ein voll qualifizierter Domainname, zum Beispiel in ServerName white.koehntopp.de conf/srm.conf Mit dieser Konfiguration legt der Serverbetreiber fest, wie der Server die verschiedenen Dokumententypen behandeln soll, die auf seinem Server verfügbar sind. Diese Datei definiert also die Zuordnung von Dateiendungen zu MIME-Typen, die Namen von Indexdateien für Verzeichnisse und den Umgang mit Landessprachen und dergleichen.\nMinimal sollte die Datei die folgenden Anweisungen enthalten:\nDocumentRoot Dieses Schlüsselwort legt die DocumentRoot des Servers fest. In unserer Beispielkonfiguration ist das: DocumentRoot /home/www. ScriptAlias Dieses Schlüsselwort ist nur dann notwendig, wenn der Server in der Lage sein soll, CGI-Scripte zur dynamischen Erzeugung von Seiten auszuführen. Die Anweisung hat die Form ScriptAlias \u0026lt;url-pfad\u0026gt; \u0026lt;realer Pfad\u0026gt; und sie verbindet den Pfad url-pfad mit dem wirklichen Pfad realer Pfad, d.h. immer dann, wenn ein Request für eine Seite unterhalb von url-pfad auf dem Server eingeht, wird das zugehörige Programm in realer Pfad gestartet und muss die angeforderte Seite berechnen.\nUm das CGI-Verzeichnis /var/httpd/cgi-bin mit dem URL-Pfad /cgi-bin zu verbinden, muss also die Anweisung\nScriptAlias /cgi-bin/ /var/httpd/cgi-bin/ gegeben werden. Ein Request für die URL /cgi-bin/dummy.pl startet dann das Programm /var/httpd/cgi-bin/dummy.pl, das eine Seite erzeugen muss.\nEs ist wichtig, daß das Verzeichnis mit den CGI-Programmen nicht unterhalb der DocumentRoot liegt. Überlappen sich die Verzeichnisse, kann es zu seltsamen Effekten kommen, weil der Server sich entscheiden muss, ob er das Script als Text ausliefert, oder ob er es startet und die Ausgabe des Scriptes ausliefert.\nDie beispielhafte srm.conf enthält weitere Anweisungen, die hier zunächst nicht behandelt werden sollen.\nconf/access.conf Die Konfigurationsdatei conf/access.conf regelt, wer auf welche Dateien des Servers zugreifen darf. Es ist möglich, einzelne Dateien oder ganze Teilbäume in der Verbreitung zu beschränken, so daß man nur von bestimmten Rechnern aus auf die Dateien zugreifen darf oder daß man sich als Benutzer zunächst mit einem Passwort gegenüber dem Server identifizieren muss, bevor man auf Seiten zugreifen kann. Auch Kombinationen von Schutzmechanismen sind möglich.\nDa sich die Konfigurationsanweisungen in dieser Datei immer auf Verzeichnisse beziehen, ist ihr Inhalt konsequent in\n\u0026lt;directory /pfad/*/name\u0026gt; ... \u0026lt;/directory\u0026gt; gegliedert. Dabei ist zu beachten, daß die \u0026lt;directory\u0026gt;-Anweisungen vielleicht wie HTML-Tags aussehen, aber keine sind. Sie müssen auf jeden Fall einzeln in einer Zeile stehen und dürfen auch keine optionalen Parameter wie HTML-Attribute haben. Die Pfade, die in \u0026lt;directory\u0026gt;-Anweisungen genannt werden, sind immer physikalische Pfade des Dateisystems und keine URL-Pfade.\nInnerhalb eines \u0026lt;directory\u0026gt;-Abschnittes können dann mit verschiedenen Anweisungen Optionen und Zugriffsrechte für die in diesem Abschnitt spezifizierten Verzeichnisse festgelegt werden.\nUnsere Beispielkonfiguration soll ohne weitere Erklärungen zunächst einmal die folgenden Anweisungen enthalten:\n\u0026lt;Directory /var/httpd/cgi-bin\u0026gt; Options Indexes FollowSymLinks \u0026lt;/Directory\u0026gt; \u0026lt;Directory /home/www\u0026gt; Options Indexes AllowOverride None \u0026lt;/Directory\u0026gt; CGI-Programmierung Oftmals möchte man HTML-Seiten mit dynamisch erzeugtem Inhalt haben. Solche Seiten sind nicht fest in Verzeichnissen des Servers abgelegt, sondern werden beim Abruf durch ein Programm erzeugt. Das erzeugende Programm muss vom Server auf eine bestimmte Weise aufgerufen werden, damit es weiß, welche Art von Seite es erzeugen soll und es muss seine Ausgabe auf eine bestimmte Weise erzeugen, damit der Server diese Ausgabe als eine WWW-Seite interpretieren kann. Die Norm, nach der das externe Programm und der WWW-Server zusammenspielen, wird als das Common Gateway Interface (CGI) bezeichnet.\nAktivierung von CGI-Programmen durch Apache Grundsätzlich kennt der Apache WWW-Server vier verschiedene Möglichkeiten, externe Programme zur Erzeugung von WWW-Seiten einzusetzen:\nCGI-Pfade mit ScriptAlias Apache sieht wie alle ernstzunehmenden WWW-Server Möglichkeiten vor, mit denen man URL-Pfade mit Scriptverzeichnissen verbinden kann. In Apache geschieht dies, wie weiter oben beschrieben, mit der Anweisung ScriptAlias. Zugriffe auf Seiten unterhalb der durch den ScriptAlias spezifizierten URL bewirken, daß das angegebene Programm gestartet wird und die Seite berechnet.\nProgramme mit der Endung .cgi Anstatt CGI-Scripte in bestimmten Verzeichnissen unterzubringen, kann Apache solche Scripte auch an einer bestimmten Endung erkennen, unabhängig davon, in welchem Verzeichnis sie sich befinden. Standardmäßig verwendet man für solche Scripte die Endung .cgi, aber es kann auch jede beliebige andere noch nicht vergebene Dateiendung konfiguriert werden. Verantwortlich für den Start von Scripten mit der Endung .cgi ist das Apache-Modul mod_cgi. Es bewirkt, daß alle Dateien, die über die Erkennung von Dateiendungen mit dem MIME-Type application/x-httpd-cgi gekennzeichnet werden, nicht als statische Texte ausgeliefert werden. Der Server versucht stattdessen die Datei als Programm zu starten und liefert die Ausgabe des Programms an den Abrufer zurück. Mit der Anweisung\nAddType application/x-httpd-cgi .cgi in der conf/srm.conf-Konfigurationsdatei wird dem Server mitgeteilt, welche Dateiendungen diesen MIME-Type haben. Im Beispiel wird die Standardzuordnung definiert, die .cgi-Dateien als ausführbar markiert, aber es ist prinzipiell möglich, andere und auch mehrere Dateiendungen zu CGI-Endungen zu erklären. Bis auf die bequemere Installation (kein besonderes Verzeichnis notwendig) unterscheidet sich dieses Verfahren nicht vom Programmstart mit ScriptAlias.\nServer Side Includes (SSI) Manchmal möchte man nicht eine ganze WWW-Seite durch ein Script berechnen lassen, sondern nur einfache Textersetzungen auf einer Seite vornehmen oder nur Teile einer Seite von einem Script erzeugen lassen. Solche Seiten sind ein typischer Anwendungsfall für SSI. SSI-Dateien werden vom Server nicht unmittelbar ausgeliefert, sondern der Server erwartet in der Datei HTML-Kommentare. Einige, spezielle Kommentare werden vom Server als Steueranweisungen interpretiert. Der Server ersetzt in diesem Fall den gesamten betroffenen Kommentar durch das Ergebnis der Steueranweisung. SSI wird durch das Apache-Module mod_include verwaltet. Es wird vom Server auf alle Dateien mit dem MIME-Type text/x-server-parsed-html angewendet. Wieder kann man mit der AddType-Anweisung in der Ressourcenkonfiguration bestimmten Dateiendungen diesen MIME-Type zuordnen:\nAddType text/x-server-parsed-html .shtml Wie im Beispiel gezeigt, wird standardmäßig die Dateiendung .shtml verwendet, um Seiten mit SSI zu markieren. Wenn die Servererweiterung XBITHACK bei der Übersetzung des Servers aktiviert war und in der Ressourcenkonfiguration durch die Anweisung\nXBitHack on aktiviert ist, dann werden auch normale .html-Dateien als SSI-Dateien erkannt, sobald das x-Recht für User an der betreffenden Datei gesetzt ist.\nFalls die Variable auf den Wert full statt auf on gesetzt wird, testet Apache außerdem noch das x-Recht für Gruppen an der Datei. Ist es gesetzt, wird ein Last-Modified-Header mit dem Dateidatum erzeugt. Ist es nicht gesetzt, wird auch kein Last-Modified-Header erzeugt. Auf diese Weise kann man das Verhalten von Caches und Proxies auf dem Weg zum Client beeinflussen.\nServer Module (AAPI) In besonderes komplizierten Anwendungsfällen oder wenn es ganz besonders auf Geschwindigkeit ankommt, ist es nicht mehr ausreichend, den Server durch externe Programme zu erweitern. In diesem Fall muss die Erweiterung des Servers um weitere Eigenschaften stattdessen Bestandteil des Servers selbst werden. Apache ist ein modularer Server, und da er im Quelltext vorliegt, ist sehr leicht möglich, den Server durch weitere Module zu erweitern. Module lassen sich besonders leicht einfügen, wenn sie sich an die vom Server bereitgestellte Programmierschnittstelle halten, das Apache API. Solche Module lassen sich außerdem auch mit dem experimentellen Modul mod_dld zur Laufzeit nachladen und ohne erneute Übersetzung des Servers einbinden.\nAuch andere Server haben Modulschnittstellen, die leider meistens zueinander inkompatibel sind. Bekannt ist vor allen Dingen die Netscape Server API zur Programmierung von Modulen (Plugins) für die Netscape Serverfamilie.\nEinfache CGI-Programme Einfache CGI-Programme werden über einen normalen Link aktiviert und übernehmen keine Eingabeparameter. Sie können aber Informationen aus anderen Datenquellen beziehen, etwa aus den Logbuchdateien des Servers oder aus anderen Dateien auf dem Serverrechner.\nDas folgende Beispiel zeigt das einfachste CGI-Programm überhaupt. Dieses Programm tut nichts weiter, als ein Dokument mit dem MIME-Type text/plain zu erzeugen und dann seine Ablaufumgebung auszudrucken. Es eignet sich damit ausgezeichnet als Hello, World!-Programm und dient gleichzeitig zum Erkunden der Ablaufumgebung für CGI-Programme:\n#! /bin/sh -- echo \u0026#34;Content-Type: text/plain\u0026#34; echo echo \u0026#34;Pfad:\u0026#34; echo \u0026#34;$PATH\u0026#34; echo echo \u0026#34;Aktuelles Verzeichnis:\u0026#34; pwd echo echo \u0026#34;UID/GID:\u0026#34; id echo echo \u0026#34;Umgebungsvariablen:\u0026#34; env | sort echo echo \u0026#34;Prozessliste:\u0026#34; ps alxwww Dieses einfache CGI-Programm ist das CGI-Äquivalent von \u0026ldquo;Hello, World\u0026rdquo;. Zusätzlich druckt es noch Informationen über die Ablaufumgebung des Scriptes aus.\nDas CGI-Programm ist in der Scriptsprache der UNIX-Shell /bin/sh geschrieben, aber jede andere Programmiersprache ist ebenso geeignet. CGI-Programme müssen ihre Ausgabe auf der Standardausgabe liefern und sie müssen der eigentlich nutzbaren Ausgabe einen Absatz voranstellen, der zwingend den MIME-Typen der Ausgabe festlegt und weitere optionale Angaben über das erzeugte Dokument enthalten darf. Dieser Absatz muss durch eine Leerzeile vom nutzbaren Teil der Ausgabe getrennt sein.\nUm das Programm ausprobieren zu können, muss es als CGI-Programm auf dem Server installiert werden. Das bedeutet:\nEntweder muss es als Datei mit einem beliebigen Namen im cgi-bin-Verzeichnis des Servers installiert werden, oder es muss als Datei mit der Endung .cgi in einem Verzeichnis der DocumentRoot installiert werden. In beiden Fällen muss die Datei als für das Betriebssystem ausführbar installiert werden, damit der Server das Programm starten kann.\nIn unserer Beispielkonfiguration kann das Programm wie folgt installiert werden:\n/var/httpd# cp /tmp/hello cgi-bin/ /var/httpd# chmod 755 cgi-bin/hello Mit einem Browser kann nun die URL http://server/cgi-bin/hello abgerufen werden, um das Script zu starten. Seine Ausgabe ist etwas länglich, aber sehr informativ: Wir erfahren den Pfadnamen, der vom Server und von unseren eigenen CGI-Programmen durchsucht wird, um externe Programme zu starten, und das Script nennt uns das aktuelle Verzeichnis, in dem unsere CGI-Programme ablaufen. Außerdem bekommen wir mitgeteilt, mit welchen Benutzerrechten das Script abläuft und welche Umgebungsvariablen ihm zur Verfügung stehen. Letztere Information ist besonders aufschlussreich, denn offenbar definiert das Common Gateway Interface eine ganze Liste von Umgebungsvariablen, die dem externen Programm vom WWW-Server zur Verfügung gestellt werden.\nWeiter unten sehen wir eine leicht gekürzte, beispielhafte Ausgabe des Scriptes.\nPfad: /bin:/usr/bin:/usr/local/bin Aktuelles Verzeichnis: /var/httpd/cgi-bin UID/GID: uid=65534(nobody) gid=65535(nogroup) groups=65535(nogroup) Umgebungsvariablen: DOCUMENT_ROOT=/home/www GATEWAY_INTERFACE=CGI/1.1 HOSTTYPE=i386 HTTP_ACCEPT=image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, image/tiff, multipart/x-mixed-replace, */* HTTP_ACCEPT_LANGUAGE=de, en, fr, es, it HTTP_HOST=white HTTP_PRAGMA=no-cache HTTP_USER_AGENT=OmniWeb/2.0.1 OWF/1.0 OSTYPE=Linux PATH=/bin:/usr/bin:/usr/local/bin QUERY_STRING= REMOTE_ADDR=193.102.57.1 REMOTE_HOST=black REQUEST_METHOD=GET SCRIPT_FILENAME=/var/httpd/cgi-bin/hello SCRIPT_NAME=/cgi-bin/hello SERVER_ADMIN=kris@koehntopp.de SERVER_NAME=white.koehntopp.de SERVER_PORT=80 SERVER_PROTOCOL=HTTP/1.0 SERVER_SOFTWARE=Apache/1.0.3 SHELL=/bin/bash SHLVL=1 TERM=dumb _=/usr/bin/env Prozessliste: ... In der Ausgabe des \u0026ldquo;Hello, World\u0026rdquo;-Programmes ist die umfangreiche Liste der durch den Server bereitgestellten CGI-Variablen erkennbar.\nDie Bedeutung der verschiedenen Umgebungsvariablen eines CGI-Programmes wird folgenden Abschnitt erklärt. Die meisten Programme werten jedoch nur die Variable QUERY_STRING oder eine der (im Beispiel nicht erzeugten) Variablen PATH_INFO und PATH_TRANSLATED aus.\nUmgebung von CGI-Programmen Webserver unter UNIX versorgen ihre CGI-Programme mittels Umgebungsvariablen mit den verschiedensten Fakten über den Aufrufer. Unter anderen Betriebssystemen werden andere Mechanismen zur Übermittlung der Information verwendet, aber die Art und die Namen der übermittelten Funktionen bleibt gleich.\nStandard-Variablen Der Client, den der Anwender benutzt, um das CGI-Programm auf dem Server zu aktivieren, liefert dem Server eine ganze Reihe von Informationen, die dieser auch dem CGI-Programm selbst zur Verfügung stellt. Das CGI-Programm kann diese Informationen auswerten und eventuell für die Gestaltung der Seite verwenden.\nSERVER_SOFTWARE Der Name und die Versionsnummer des Servers, der das CGI-Programm gestartet hat. Beispiel: Apache/1.0.3 SERVER_NAME Der Hostname des Servers, der das CGI-Programm gestartet hat. Ist dieser Name nicht verfügbar, wird hier eine IP-Nummer übergeben. Beispiel: white.koehntopp.de SERVER_PORT Die Portnummer des Servers, der das CGI-Programm gestartet hat. Beispiel: 80 SERVER_ADMIN Die Mailadresse des Serveradministrators. Das CGI-Programm kann in Notfällen Fehlermeldungen an diese Adresse mailen. Beispiel: user@example.com GATEWAY_INTERFACE Die Version der CGI-Spezifikation, nach diese Umgebungsvariablen erzeugt wurden. Beispiel: CGI/1.1 SERVER_PROTOCOL Der Name und die Versionsnummer des Protokolls, mit dem der Request empfangen wurde, der das CGI-Programm aktiviert hat. Beispiel: HTTP/1.0 REQUEST_METHOD Die Request-Methode, die für das Starten des CGI-Programms verantwortlich war. Diese Methode legt fest, auf welche Weise das CGI-Programm an seine Eingabeparameter kommt. Beispiel: GET, HEAD oder POST. Bei jedem Datentausch zwischen einem WWW-Browser und Server werden fast immer auch optionale Informationen in Form von zusätzlichen Request-Headerzeilen ausgetauscht. Anstatt für alle Eventualitäten vorauszuplanen und Header zu definieren, hat man in der CGI-Spezifikation festgelegt, daß solche zusätzlichen Headerzeilen in Uppercase mit dem Prefix HTTP_ versehen werden sollen und an das CGI-Programm weitergegeben werden. Wenn der Browser also die optionale HTTP-Informationszeile Bla: Fasel einliefert, dann wird dem CGI-Programm die Umgebungsvariable HTTP_BLA mit dem Wert Fasel vorbelegt übergeben.\nDie folgenden Variablen findet man in nahezu jeder CGI-Anfrage:\nHTTP_REFERER Die URL des Dokumentes, das auf das CGI-Programm verwiesen hat. Auf dieser Seite hat der Benutzer also ein Link angeklickt, der auf das Programm verwiesen hat, oder ein Formular abgesendet, das das CGI-Programm aktiviert hat. Beispiel: http://www.example.com/cgistarter.html HTTP_HOST Viele Serverrechner betreiben nicht nur einen einzigen Webserver, sondern eine ganze Palette von Servern für unterschiedliche Anbieter unter verschiedenen Namen. Diese Variable enthält, wenn sie vorhanden ist, den Namen, unter dem der Server angesprochen wurde. Beispiel: www.example.com HTTP_USER_AGENT Die Typbezeichnung und Versionsnummer der Browser-Software. Einige CGI-Programme werten diese Variable aus, um die Fähigkeiten des Browsers zu bestimmen und je nach Bedarf die Ausgabe anzupassen (Tabellen, Frames, Javascript, ActiveX, Java). Beispiel: OmniWeb/2.0.1 OWF/1.0 HTTP_ACCEPT Eine Liste aller MIME-Types, die der Client als Antworttyp akzeptiert. Beispiel: text/plain, text/html, image/* Und schließlich gibt es noch eine ganze Gruppe von Variablen, die direkt Informationen über den Request enthalten, der das CGI-Programm gestartet hat:\nPATH_INFO CGI-Programme können nach dem Pfadnamen zum Aufruf des Scriptes noch weitere Pfadkomponenten enthalten. Zum Beispiel könnte das Beispielprogramm aus dem Beispiel oben mit der URL http://server/cgi-bin/hello/more/info aufgerufen werden. Die Variable hält in diesem Fall dann die \u0026ldquo;überstehenden\u0026rdquo; Komponenten des Pfades zur Auswertung durch das Script bereit. Beispiel: /more/info PATH_TRANSLATED Falls das CGI-Programm mit einem verlängerten CGI-Pfad aufgerufen wurde, kann dieser Pfad vom WWW-Server auf die übliche Weise in einen wirklichen Dateinamen übersetzt werden. Das Ergebnis dieser Übersetzung ist dann in dieser Variable zu finden. Beispiel: /home/www/more/info SCRIPT_NAME Der Teil der URL, der zum Aufruf des CGI-Programmes geführt hat, ist in dieser Variablen in URL-Form zu finden. Beispiel: /cgi-bin/hello SCRIPT_FILENAME Die Information aus SCRIPT_NAME wird für das CGI-Programm ebenfalls in wirkliche Dateinamen übersetzt bereitgehalten. Beispiel: /var/httpd/cgi-bin/hello QUERY_STRING Diese Variable enthält eine Liste von Parametern, die dem CGI-Programm mitgegeben worden sind. Die Parameter liegen in codierter Form vor (Siehe den folgenden Abschnitt) und müssen durch das CGI-Programm decodiert werden, bevor sie verwendet werden können. Beispiel: name=Otto+Normaluser\u0026amp;phone=441777 REMOTE_HOST Der Name des Rechners, der den Request gemacht hat, soweit er verfügbar ist. Beispiel: mahaki.koehntopp.de REMOTE_ADDRESS Die IP-Nummer des Rechners, der den Request eingeliefert hat. Beispiel: 192.103.57.2 AUTH_TYPE Die Methode, mit der die Useridentität in der Variablen REMOTE_USER verifiziert worden ist, falls eine Verifikation überhaupt stattgefunden hat. Beispiel: Basic REMOTE_USER Die verifizierte Identität des Benutzers, der den Request eingeliefert hat, wenn eine Verifikation überhaupt stattgefunden hat. Beispiel: marit CONTENT_TYPE Der MIME-Type der Daten, die mit einem PUT- oder POST-Request eingeliefert worden sind. Beispiel: text/plain CONTENT_LENGTH Die Länge der Daten in Bytes, die mit einem PUT- oder POST-Request eingeliefert worden sind. Beispiel: 17321 Apache-Spezialvariablen Apache stellt zusätzlich zu den im CGI-Standard definierten Variablen noch einige zusätzliche Informationen bereit.\nDOCUMENT_ROOT Diese Variable enthält den Pfad zur DocumentRoot aus der Serverkonfiguration. Beispiel: /home/www REDIRECT_... Apache ist in der Lage, nach Maß zugeschnittene Fehlermeldungen zu erzeugen. Geschickterweise erzeugt man diese Fehlermeldungen durch ein CGI-Script. Damit das richtig funktioniert, muss Information über den alten Request vorhanden sein, der den Fehler hervorgerufen hat. Apache stellt also alle Variablen des alten Requests mit dem zusätzlichen Prefix REDIRECT_ in der Fehlerbehandlung zur Verfügung. Außerdem tauchen zwei zusätzliche neue Variablen auf, nämlich REDIRECT_URL, die URL, die den Fehler hervorgerufen hat, und REDIRECT_STATUS, der HTTP-Statuscode, der Auskunft über die Art des Fehlers gibt.\nZusätzliche Variablen Mit dem Schlüsselwort PassEnv ist es möglich, weitere Variablen aus der Umgebung des Serverprozesses in die Umgebung des CGI-Scriptes weiterzugeben. Die Anweisung\nPassEnv HOSTNAME würde zum Beispiel bewirken, daß die Umgebungsvariable HOSTNAME aus der Serverumgebung auch in CGI-Programmen sichtbar wäre, wenn sie überhaupt definiert ist.\nMit dem Schlüsselwort SetEnv ist es außerdem möglich, gezielt Variablen in der Umgebung des CGI-Programmes zu erzeugen. Die Anweisung\nSetEnv DEBUG_ZONE parser würde für alle CGI-Programme die Umgebungsvariable DEBUG_ZONE mit dem Wert parser belegen. Dies ist, wie der Name der Variablen schon andeuten soll, ausgesprochen nützlich, um Debugging in CGI-Scripten zu aktivieren.\nParameterübergabe an CGI-Programme CGI-Programme können durch direkte Links oder durch Formulare (siehe folgendes Kapitel) aktiviert werden. In beiden Fällen ist es möglich, dem gestarteten CGI-Programm Parameter mitzugeben. Für den Programmierer des CGI-Programmes sind dabei zwei Dinge interessant: die HTTP-Methode, mit der die Daten übergeben werden, und die Codierung der übergebenen Daten.\nHTTP-Methoden Wie die meisten Protokolle, die im Internet eingesetzt werden, ist auch HTTP ein Protokoll, das Daten in ASCII und zeilenorientiert übermittelt. Auf diese Weise ist ein Client oder Server für das Protokoll schnell mit Hilfe der C-Bibliothek programmiert, und das Programm lässt sich auch ohne Gegenstelle schnell mit telnet testen.\nGET /cgi-bin/hello/more/info HTTP/1.0 Accept: text/html, image/gif, image/jpeg User-Agent: Mozilla/2.02 (Windows; I; 32bit) \u0026lt;Leerzeile\u0026gt; Ein Beispiel für einen HTTP-Request: Ein Netscape-Client fordert den URL-Pfad /cgi-bin/hello/more/info an.\nEin Request, den ein HTTP-Client, etwa ein WWW-Browser, an den Server sendet, sieht beispielweise so wie oben aus. Das Schlüsselwort GET signalisiert, daß eine Seite vom WWW-Server abgeholt werden soll, daß also in der Terminologie von HTTP die GET-Methode verwendet werden soll. Dahinter werden der URL-Pfad und die benutzte Protokollversion angegeben.\nDie folgenden Zeilen des Requests bis zur ersten Leerzeile können aus beliebig vielen Parametern bestehen, die dem GET-Request noch mitgegeben werden. Der Browser teilt dem Server so mit, welche Datentypen er in der Antwort unterstützt und um welche Programmversion welchen Herstellers es sich bei dem Browser handelt. Prinzipiell ist der Request durch die Einführung neuer Zeilen beliebig erweiterbar.\nDer Server beantwortet einen solchen Request wie unten gezeigt auf eine ganz ähnliche Weise: Auch er erzeugt zunächst eine formalisierte Antwortzeile, in der er die verwendete Protokollversion, einen Statuscode und einen Freitext, der den Statuscode erläutert, zurückgibt. Danach folgt wieder ein relativ frei formatierte Headerblock, der Informationen über das gelieferte Dokument enthält, und dann, nach einer Leerzeile, das eigentliche Dokument.\nHTTP/1.0 200 OK Date: Mon, 04-Nov-1996 19:54:32 GMT Server: Apache 1.0.3 Mime-Version: 1.0 Last-Modified: Mon, 04-Nov-1996 19:54:32 GMT Content-Type: text/plain \u0026lt;Leerzeile\u0026gt; ... Ein Beispiel für eine HTTP-Response. Der Server beantwortet den Request zunächst mit einem Headerblock mit Metainformationen über die gewünschten Daten. Nach einer Leerzeile kommen dann die angeforderten Informationen.\nDie GET-Methode Die GET-Methode kann nicht nur verwendet, um Informationen von einem Server anzufordern, sondern sie kann zugleich auch Informationen zum Server übertragen, falls die angeforderte URL ein CGI-Programm bezeichnet.\nEine solche URL hat die Form\nprotokoll://server/path/file/extra_daten?query_string Die Informationen aus extra_daten werden dem CGI-Programm in den Variablen PATH_INFO und PATH_TRANSLATED zur Verfügung gestellt, wie weiter oben beschrieben. Die Informationen aus dem query_string tauchen im CGI-Programm dagegen in der gleichnamigen Variablen auf. Sie liegen in einer codierten Form vor, die als urlencoded bezeichnet wird und die im folgenden Abschnitt beschrieben wird.\nDaten, die in GET-Methoden codiert werden, sind in der URL sichtbar. Solche Anfragen an CGI-Programme lassen sich also in Bookmarks oder Hotlists mit Parametern abspeichern. Das ist sehr nützlich, wenn man Benutzern vorgefertigte Anfragen an Suchmaschinen oder andere Roboter präsentieren möchte. Solche URLs können aber sehr lang und sehr hässlich werden, wenn viele Parameter zu übergeben sind. Für diese Zwecke ist die im Folgenden beschriebene POST-Methode besser geeignet.\nDie POST-Methode Die POST-Methode sendet die Parameter für das CGI-Programm in einer gesonderten Übertragung an den Server. Die Daten werden für das Programm zur Standardeingabe. Da die Daten nicht Bestandteil der URL sind, besteht das Problem der zu langen Eingaben hier nicht. Auf der anderen Seite ist es nicht möglich, POST-Anfragen mit Parametern in Hotlists zu speichern. Die übertragenen Daten sind auch hier wieder urlencoded, obwohl es prinzipiell nicht unbedingt notwendig wäre.\nURL-Encoding Die Daten, die einem CGI-Programm übergeben werden, sind unabhängig von der verwendeten Transfermethode in jedem Fall urlencoded gesendet. Die Codierung wurde notwendig, weil man vor der Erfindung der POST-Methode mehrere Variablen mit Zeichen aller Art an den Server senden wollte und die Daten dazu in die mittels eines GET angeforderte URL eincodiert werden mussten. Eine solche URL darf bestimmte Zeichen nicht enthalten: Unter anderem kann eine URL keine Leerzeichen enthalten.\nDie Trennung zwischen eigentlicher URL und zusätzlichen Daten für einen QUERY_STRING erfolgt wie oben schon angedeutet mit einem Fragezeichen (?). Die Daten im QUERY_STRING können aus mehreren Feldern der Form name=wert bestehen. Die einzelnen Felder werden durch Und-Zeichen (\u0026amp;) voneinander getrennt. Ein QUERY_STRING kann also so aussehen:\nname1=wert1\u0026amp;name2=wert2\u0026amp;name3=wert3... Um jetzt innerhalb eines Strings in urlencoding trotzdem Fragezeichen, Undzeichen und andere Sonderzeichen verwenden zu können, bedient man sich folgender Ersetzungsregeln:\nLeerzeichen werden durch Pluszeichen (+) dargestellt. Der String \u0026ldquo;Dies ist ein Test\u0026rdquo; wird also zu \u0026ldquo;Dies+ist+ein+Test\u0026rdquo;. Andere Zeichen, die in einer URL nicht mehr vorkommen dürfen, werden durch das Zeichen Prozent (%) gefolgt vom zweistelligen hexadezimalen Zeichencode des Zeichens dargestellt. Der String \u0026ldquo;#$%\u0026rdquo; wird also zu \u0026ldquo;%23%24%25\u0026rdquo;. Jedes CGI-Programm muss in irgendeiner Form Funktionen zum Decodieren von Daten enthalten, die urlencoded vorliegen.\nFormulare mit HTML Natürlich ist es möglich, Eingaben für CGI-Programme zusammenzustellen, indem man von Hand einen GET-Request zusammenbaut. Schöner und bunter erzeugt man solche Requests jedoch mit HTML-Formularen, den FORMS.\nDer \u0026lt;FORM\u0026gt;-Tag Man kann Teile einer HTML-Seite zu Formularen erklären, indem man sie in die speziellen Tags \u0026lt;FORM\u0026gt; und \u0026lt;/FORM\u0026gt; einschließt. Innerhalb dieses Bereiches dürfen dann zusätzliche Tags verwendet werden, um Bedienelemente und Eingabefelder zu definieren. Eine einzige HTML-Seite kann mehrere Forms enthalten, und diese verschiedenen Forms können unterschiedliche CGI-Programme starten, wenn dies notwendig sein sollte.\nDer \u0026lt;FORM\u0026gt;-Tag muss in jedem Fall ein ACTION=-Attribut haben. Dieses Attribut gibt die URL eines CGI-Programmes an, das aktiviert werden soll, wenn das Formular abgeschickt wird. Optional kann der \u0026lt;FORM\u0026gt;-Tag noch mit einem Attribut METHOD= ausgezeichnet werden, das die Methode der Parameterübergabe spezifiziert. Mögliche Werte für diese Methode sind GET oder POST. Fehlt die Angabe einer Methode, wird GET angenommen. Das folgende Beispiel zeigt ein leeres Formular, das unser Beispielprogramm hello aufrufen soll.\n\u0026lt;html\u0026gt; \u0026lt;head\u0026gt;\u0026lt;title\u0026gt;Testformular\u0026lt;/title\u0026gt;\u0026lt;/head\u0026gt; \u0026lt;body\u0026gt; \u0026lt;h1\u0026gt;Testformular\u0026lt;/h1\u0026gt; \u0026lt;form action=\u0026#34;http://server/cgi-bin/hello\u0026#34; method=\u0026#34;get\u0026#34;\u0026gt; Hier Formulardaten einfügen. \u0026lt;/form\u0026gt; \u0026lt;/html\u0026gt; Dieses leere Formular ist der Ausgangspunkt für die Gestaltung von HTML-Seiten mit Formularen.\nDer \u0026lt;INPUT\u0026gt;-Tag Innerhalb des Formularteils einer HTML-Seite kann normaler HTML-Code stehen. Außerdem ist eine Reihe von zusätzlichen Tags erlaubt, die die Bedienelemente des Formulars definieren. Der vielseitigste Tag zur Definition dieser Bedienelemente ist \u0026lt;INPUT\u0026gt;. Mit ihm lassen sich außer Feldern zur Eingabe von Texten und Paßworten auch Check- und Radiobuttons erzeugen. Außerdem kann er versteckte Eingabefelder definieren und Dateiauswahlboxen zum Upload von Dateien auf den Server starten.\nText- und Paßwortfelder Die Formen des \u0026lt;INPUT\u0026gt;-Tags zur Erzeugung von Text- und Paßwortfeldern sind identisch. Die Tags werden vom Browser auch identisch dargestellt. Der einzige Unterschied ist, daß ein Textfeld die Benutzereingaben anzeigt, während ein Paßwortfeld sie zwar aufnimmt, aber die Eingabe verbirgt. Warnung: Ein Paßwortfeld verbirgt die Daten zwar bei der Eingabe, aber der Transport über das Internet erfolgt offen und unverschlüsselt, wenn nicht besondere Vorkehrungen zur sicheren Kommunikation getroffen werden.\nDie volle Form eines \u0026lt;INPUT\u0026gt;-Tags lautet:\n\u0026lt;input type={feldtyp} name={variablenname} value={defaultwert} size={feldbreite} maxlength={eingabelänge} Bis auf die Felder TYPE= und NAME= sind die Attribute des Tags optional. Sie bedeuten im Einzelnen:\nTYPE= Der Typ des Feldes bestimmt das Aussehen des Kontrollelementes auf der HTML-Seite. Er kann für die hier diskutierten Eingabefelder entweder TEXT oder PASSWORD sein. NAME= Der Name des Feldes bestimmt den Namen der Variablen, die später dem CGI-Programm übergeben wird. Der Name dieser Variablen ist nicht frei wählbar, sondern wird vom Programmierer des CGI-Programmes festgelegt. Es ist sehr wichtig, hier Groß- und Kleinschreibung des Namens genau zu beachten. VALUE= Wenn das optionale Attribut VALUE= vorhanden und mit einem Wert belegt ist, wird dieser Wert als Defaultwert des Feldes vorgegeben. Fehlt das Attribut, ist das Eingabefeld zu Beginn leer. SIZE= Dieses Attribut legt fest, wie viele Zeichen Breite das Eingabefeld am Bildschirm haben soll. Der Defaultwert ist 20 Zeichen. Ältere CGI-Formulare haben die Form SIZE=x,y verwendet, um mehrzeilige Eingabefelder zu erzeugen. Das ist zwar immer noch prinzipiell möglich, aber der weiter unten diskutierte Tag \u0026lt;TEXTAREA\u0026gt; bietet sehr viel bessere Editiermöglichkeiten. MAXLENGTH= Dieses Attribut legt fest, wie lang die Eingabe im Textfeld wirklich sein darf. Dies ist unabhängig von der mit SIZE= festgelegten sichtbaren Breite des Textfeldes. Die folgende Abbildung zeigt das mögliche Aussehen eines \u0026lt;INPUT TYPE=\u0026quot;text\u0026quot;\u0026gt;-Tags.\nSource:\n\u0026lt;input type=\u0026#34;text\u0026#34; value=\u0026#34;info\u0026#34; size=\u0026#34;23\u0026#34; name=\u0026#34;zeile\u0026#34;\u0026gt; Aussehen: Ein Beispiel mit einem \u0026lt;INPUT TYPE=\u0026quot;text\u0026quot;\u0026gt;-Tag.\nCheck- und Radioboxes Wenn man dem Benutzer keine Eingabe in freier Form erlauben möchte, bietet es sich für kleine Mengen auszuwählender Optionen an, je nach Art der Auswahl entweder Checkboxen oder Radioboxen zu definieren.\nCheckboxen sind kleine Kästchen, die der Benutzer ankreuzen kann und die eine Option entweder ein- oder ausschalten. Radioboxen bieten dagegen eine Eins-aus-n-Auswahl an: Unter einer Menge von Optionen ist nur genau eine auswählbar.\nIn beiden Fällen sieht der \u0026lt;INPUT\u0026gt;-Tag zur Erzeugung dieser Auswahl so aus:\n\u0026lt;input type={typ} name={variablenname} value={wert} checked\u0026gt; Außer dem Attribut CHECKED sind alle Attribute dieses Tags vorgeschrieben und dürfen nicht weggelassen werden. Sie bedeuten:\nTYPE= Dieses Attribut ist entweder CHECKBOX oder RADIO und legt damit den Typ des Knopfes fest. NAME= Dieses Attribut bestimmt wie immer den Namen der Variable, die dem CGI-Programm übergeben wird. VALUE= Dieses Attribut ist im Gegensatz zu TEXT-Eingaben nicht optional. Ist die entsprechende Box selektiert, wird die Eingabevariable des CGI-Programmes mit dem hier angegebenen Wert belegt, sonst ist sie leer. CHECKED Dieses optionale Attribut markiert den Defaultwert der Box. Ist es vorhanden, erscheint die Box angeklickt. Das folgende Beispiel zeigt das mögliche Aussehen dieser Tags.\n\u0026lt;input type=\u0026#34;checkbox\u0026#34; value=\u0026#34;doit\u0026#34; name=\u0026#34;check1\u0026#34;\u0026gt;A \u0026lt;input type=\u0026#34;checkbox\u0026#34; value=\u0026#34;again\u0026#34; name=\u0026#34;check2\u0026#34; checked\u0026gt;B \u0026lt;input type=\u0026#34;radio\u0026#34; value=\u0026#34;eins\u0026#34; name=\u0026#34;radio1\u0026#34;\u0026gt;A \u0026lt;input type=\u0026#34;radio\u0026#34; value=\u0026#34;zwei\u0026#34; name=\u0026#34;radio1\u0026#34;\u0026gt;B \u0026lt;input type=\u0026#34;radio\u0026#34; value=\u0026#34;drei\u0026#34; name=\u0026#34;radio1\u0026#34; checked\u0026gt;C A A B C\nEin Beispiel mit Radio- und Checkboxes.\nEin wichtiger Unterschied zwischen Checkboxen und Radioboxen existiert: Checkboxen müssen immer verschiedene NAME=-Attribute haben, denn jede Checkbox existiert für sich alleine und unabhängig von anderen Checkboxen.\nRadioboxen treten dagegen in Gruppen auf und innerhalb einer Gruppe von Radioboxen kann immer nur eine selektiert sein. Eine Gruppe von Radioboxen wird durch gleiche NAME=-Attribute definiert.\nVersteckte Eingabefelder Mit einem Eingabefeld vom Typ HIDDEN lassen sich versteckte Eingabefelder anlegen:\n\u0026lt;INPUT TYPE=\u0026#34;HIDDEN\u0026#34; NAME={variablennamen} VALUE={wert}\u0026gt; Solche Eingabefelder sind nicht sichtbar und auch nicht veränderbar. Sie werden in jedem Fall unverändert an das CGI-Programm übergeben. Versteckte Eingabefelder sind nützlich, wenn man ein CGI-Programm mit mehreren Funktionen hat, bei dem über ein Eingabefeld eine Funktion ausgewählt werden muss, oder wenn man einen Zustand in einer dynamisch erzeugten Seite über eine Transaktion hinweg retten muss.\nDateiupload Es ist möglich, über ein Eingabefeld vom Typ FILE ganze Dateien auf den WWW-Server zu uploaden. Es ist dringend angeraten, für eine solche Transaktion ein Formular mit der Methode POST zu verwenden. Außerdem muss dem Formular mit dem Attribut ENCTYPE=multipart/form-data klargemacht werden, auf welche Weise der Upload zu geschehen hat. Hinweis: FILE ist eine Netscape-Erweiterung.\n\u0026lt;FORM ACTION=\u0026#34;URL\u0026#34; METHOD=\u0026#34;POST\u0026#34; ENCTYPE=\u0026#34;multipart/form-data\u0026#34;\u0026gt; Dateinamen angeben: \u0026lt;INPUT TYPE=\u0026#34;FILE\u0026#34; NAME=\u0026#34;upload\u0026#34;\u0026gt; \u0026lt;/FORM\u0026gt; Absenden und Rücksetzen Mit den gezeigten Tags lassen sich zwar unfangreiche Formulare erzeugen, aber diese Formulare können noch nicht in Betrieb genommen werden, denn es fehlt ein Knopf zum Absenden des Formulars. HTML sieht für diesen Zweck Eingabefelder vom Typ SUBMIT vor und bietet außerdem noch Eingabefelder vom Typ RESET an, mit dem sich ein Formular auf den Startzustand zurücksetzen lässt.\n\u0026lt;INPUT TYPE=\u0026#34;SUBMIT\u0026#34; VALUE=\u0026#34;Formular absenden\u0026#34;\u0026gt; \u0026lt;INPUT TYPE=\u0026#34;RESET\u0026#34; VALUE=\u0026#34;Eingabe löschen\u0026#34;\u0026gt; Jedes Formular muss einen SUBMIT-Button haben, und ein Formular kann nur einen SUBMIT-Button haben. Das folgende Beispiel zeigt mögliche Darstellungen dieser Knöpfe.\n\u0026lt;input type=\u0026#34;submit\u0026#34; value=\u0026#34;Formular absenden\u0026#34;\u0026gt; \u0026lt;input type=\u0026#34;reset\u0026#34; value=\u0026#34;Eingabe löschen\u0026#34;\u0026gt; Ein Beispiel mit SUBMIT und RESET.\nDer \u0026lt;TEXTAREA\u0026gt;-Tag Felder zur freien Texteingabe lassen sich mit dem Tag \u0026lt;TEXTAREA\u0026gt; definieren. Der Tag hat diese Form:\n\u0026lt;TEXTAREA NAME={variablenname} ROWS={zeilen} COLS={spalten}\u0026gt; Textvorgabe \u0026lt;/TEXTAREA\u0026gt; Die Attribute ROWS= und COLS= sind optional. Die Attribute bedeuten:\nNAME= Das Attribut legt wie üblich den Namen der CGI-Variablen fest. ROWS= Das Attribut bestimmt die Höhe des Eingabefeldes in Zeilen. COLS= Das Attribut bestimmt die Breite des Eingabefeldes in Spalten. Das Ergebnis dieses Tags sieht dann möglicherweise so aus wie im folgenden Beispiel:\n\u0026lt;textarea name=\u0026#34;text\u0026#34; rows=5 cols=20\u0026gt;Beispieltext\u0026lt;/textarea\u0026gt; Beispieltext Ein Beispiel mit TEXTAREA.\nEs ist angeraten, \u0026lt;TEXTAREA\u0026gt; zusammen mit der Methode POST zu verwenden.\nDer \u0026lt;SELECT\u0026gt;-Tag Größere Auswahlen von vorgegebenen Werten erzeugt man wegen des großen Platzverbrauches und im Interesse der Übersichtlichkeit besser nicht mit Checkboxen oder Radiobuttons, sondern mit dem \u0026lt;SELECT\u0026gt;-Tag. Je nach Konfiguration erzeugt dieser Tag ein Popup-Menü oder eine Auswahlbox für Mehrfachauswahlen.\nDas Format dieses Tags ist\n\u0026lt;SELECT NAME={variablenname} SIZE={größe} MULTIPLE\u0026gt; \u0026lt;OPTION SELECTED VALUE={wert}\u0026gt;Option 1 \u0026lt;OPTION ...\u0026gt; \u0026lt;/SELECT\u0026gt; Der \u0026lt;SELECT\u0026gt;-Tag erfordert nur die Angabe des Variablennamens mit NAME=, die anderen Attribute sind optional. Ein \u0026lt;SELECT\u0026gt;-Container kann beliebig viele \u0026lt;OPTION\u0026gt;-Tags enthalten. Diese können optional SELECTED sein und es kann optional ein VALUE= festgelegt werden, mit dem die Variable belegt wird, wenn dieses Element ausgewählt ist.\nWenn das optionale Attribut MULTIPLE angegeben ist, ist die Mehrfachauswahl von Optionen möglich.\nPerl CGI-Programme können in jeder beliebigen Programmiersprache geschrieben werden, solange sie in der Lage ist, einen QUERY_STRING zu decodieren. Programmiersprachen, die eine ausgereifte Stringbehandlung und eine automatische Speicherverwaltung haben, sind besonders geeignet, denn CGI-Programme benutzen diese Spracheigenschaften meistens sehr intensiv. Ein Datenbankinterface oder andere Möglichkeiten, große Datenmengen zu durchsuchen, sind ein zusätzliches Plus, denn oft müssen CGI-Programme vorhandene Daten für die Darstellung im Web aufbereiten.\nDie Programmiersprache Perl ist besonders geeignet zur Programmierung von CGI-Scripten, denn sie macht gerade die Bearbeitung von Texten und Dateien besonders einfach. Ursprünglich war Perl eine Sprache zur Reportgenerierung aus beliebig formatierten Systemlogbüchern. Daher stammen Perls umfangreiche Einbaufunktionen zum Suchen und Ersetzen von Texten und zur Formatierung von Reports. Die Weiterentwicklung hat Perl zu einem sehr mächtigen Werkzeug zur Systemprogrammierung und -steuerung in UNIX gemacht: Gerade die Systemverwalter größerer Installationen wissen Perl zu nutzen, um Wartungsabläufe auf ihren Systemen zu automatisieren. Auch die weite Verfügbarkeit von Perl auf praktisch allen Plattformen, die ausreichend Speicher zur Verfügung stellen, macht die Sprache für diese Zwecke interessant.\nMit dem Aufkommen des World Wide Web hat Perl eine Leistungsfähigkeit als Sprache zur schnellen Entwicklung von CGI-Programmen demonstriert. Ein sehr großer Teil aller CGI-Programme ist zunächst als Perl-Script entwickelt worden. Oft ist die Leistung diesr Scripte schon ausreichend, so daß eine Portierung in eine compilierte Sprache sich erübrigt.\nEinfache Perl-Programme Das berüchtigte \u0026ldquo;Hello, World!\u0026quot;-Programm sieht in Perl so aus:\n#! /usr/bin/perl -- print \u0026#34;Hello, World\\n\u0026#34;; Es sieht aus wie eine Kreuzung zwischen einem Shellscript und einem C-Programm. In der Tat ist Perl eine interpretierte Sprache, denn Perlprogramme müssen nicht compiliert werden, sondern können wie Shellscripte direkt aufgerufen werden. Genau wie bei UNIX-Shellscripten gibt die erste Zeile des Programms an, daß es sich um ein Script handelt und unter welchem Pfad der Interpreter für diese Scripte zu finden ist. Für das Script selbst ist eine Zeile, die mit einem # beginnt, ein Kommentar, so daß das Script selbst seinen eigenen Aufruf als Kommentar interpretiert.\nPerlprogramme sind jedoch schneller als Shell-Scripte, denn der Interpreter übersetzt das Programm beim Aufruf in eine interne Form und bestimmt auch schon die Adressen der verschiedenen Funktionen und Variablen. In der Tat steht ein Perlprogramm einem C-Programm in der Geschwindigkeit nicht viel nach. Seine Ausführungsgeschwindigkeit ist der von P-Code vergleichbar, wie ihn einige Microsoft-Compiler zu Speicherersparniszwecken erzeugen.\nDie Anweisung print druckt ihr Argument, einen String nach den Konventionen von C. Wie in C werden Anweisungen in Perl mit einem Semikolon beendet.\nBenutzereingaben lesen Die nächste Stufe der Komplexität nach \u0026ldquo;Hello, World!\u0026rdquo; besteht in der Regel darin, den Namen der zu grüßenden Person einzulesen und diese Person namentlich zu begrüßen. Das erfordert die Verwendung von Operationen zur Eingabe von Daten und natürlich Variablen.\nIn Perl gibt es nur einen Typ von Variablen. Sie können entweder Strings, Integer oder Fließkommazahlen speichern und sie müssen nicht vereinbart werden. Perl-Variablen können jedoch in Form von einfachen Werten (Skalaren), numerisch indizierten Feldern (Arrays) oder beliebig indizierten Tabellen (assoziativen Feldern, Hashtables) auftreten. Skalare werden durch das Zeichen Dollar ($) gekennzeichnet, so daß $name eine skalare Variable mit dem Namen name bezeichnet. Diese Variable wird ins Leben gerufen, indem ihr einfach ein Wert zugewiesen wird.\nUm nach einem Namen zu fragen, muss ein Prompt ausgegeben werden und auf irgendeine Weise eine Eingabe eingelesen werden. Den Prompt können wir bereits drucken, mit print. Eine Eingabe einzulesen, ist ebenfalls sehr einfach, denn wie in C stehen uns die vordefinierten Filehandles \u0026lt;STDIN\u0026gt;, \u0026lt;STDOUT\u0026gt; und \u0026lt;STDERR\u0026gt; zur Verfügung. Perl ist auf Stringverarbeitung optimiert: Um eine Zeile der Eingabe einzulesen, genügt es, einer Variablen das Filehandle zuzuweisen:\nprint \u0026#34;Wie ist Ihr Name? \u0026#34;; $name = \u0026lt;STDIN\u0026gt;; Das Ergebnis ist, daß der Skalar $name eine Eingabezeile inklusive des Zeilenendezeichens enthält. Wir können dieses letzte Zeichen abschneiden, indem wir die Funktion chop() verwenden, die das letzte Zeichen eines Strings zurückliefert und als Seiteneffekt den String um dieses Zeichen kürzt.\nchop($name); Wie in Shell auch können Variablen in Stringkonstanten verwendet werden: Sie werden vor der Ausgabe durch ihren Wert ersetzt:\nprint \u0026#34;Hello, $name!\\n\u0026#34;; Und wie in Shell auch muss das Dollarzeichen in einem String durch einen Backslash geschützt werden, wenn es ausgegeben werden soll.\nHier noch einmal das ganze Programm:\n#! /usr/bin/perl -- print \u0026#34;Wie ist Ihr Name? \u0026#34;; $name = \u0026lt;STDIN\u0026gt;; chop($name); print \u0026#34;Hello, $name!\\n\u0026#34;; Variablen und Konstanten Notation von Skalaren Wie bereits erklärt, unterscheidet Perl nicht nach verschiedenen Datentypen, und Variablen müssen nicht vereinbart werden. Einer skalaren Variable kann so ziemlich jeder Wert zugewiesen werden, der sich in Perl darstellen lässt. Das können Zahlen wie 42 oder 3.1415926e00 sein oder Zeichenketten beliebiger Länge. Anders als Shell hat Perl keine Probleme mit binären Zeichen in Strings, ja nicht einmal Nullbytes machen Schwierigkeiten. Es ist kein Problem, in Perl Binärprogramme in Strings einzulesen, zu patchen und wieder zurückzuschreiben.\nPerl wandelt skalare Werte intern automatisch in Zeichenketten oder in Fließkommazahlen um, je nachdem, welche Art von Operation mit dem Wert durchgeführt wird. Die Sprache kennt keine Ganzzahloperationen und arbeitet auch intern niemals mit ganzen Zahlen, sondern immer mit doppelt genauen Fließkommazahlen. Zahlen können in Perl wie in C notiert werden, die folgende Abbildung gibt einen Überblick.\nFormat Notation Fließkomma 1.24 7.24e17 Ganzzahl 17 Ganzzahl (oktal) 0377 Ganzzahl (hex) 0xff Zahlenformate in Perl.\nWie in der UNIX-Shell kann und muss man auch in Perl gelegentlich Zeichenketten in Anführungszeichen einschließen, etwa wenn sie Leerzeichen oder Sonderzeichen enthalten. In jedem Fall kann man einzelnen Sonderzeichen ihre Sonderbedeutung nehmen, indem man ihnen einen Backslash voranstellt. Das gilt natürlich auch für den Backslash (und die verschiedenen Sorten Anführungszeichen) selbst.\nEinfache Anführungszeichen wirken so, als sei jedes einzelne Zeichen in der Zeichenkette von einem Backslash geschützt. Innerhalb der Zeichenkette darf jedes beliebige Zeichen auftauchen, auch Zeilenumbrüche, wenn sich die Zeichenkette über mehrere Zeilen erstreckt. Beispiele:\n\u0026#39;Hello, World!\u0026#39; \u0026#39;Don\\\u0026#39;t do that, Dave!\u0026#39; \u0026#39;\u0026#39; # Der Leerstring. \u0026#39;Dies ist der Backslash: \\\\.\u0026#39; \u0026#39;multiline string\u0026#39; Doppelte Anführungszeichen funktionieren eher so wie Strings in Shell und C: Innerhalb solcher Zeichenketten werden Variablen ersetzt, und einige Sonderzeichen können durch Backslash-Sequenzen notiert werden (siehe die folgende Tabelle).\n\u0026#34;Hello, World!\u0026#34; \u0026#34;Aufwachen!\\007\u0026#34; \u0026#34;Spalte1\\tSpalte2\u0026#34; Zeichen Bedeutung \\n Newline \\r Return \\t Tab \\f Formfeed \\b Backspace \\v Vertical Tab \\a Bell \\e Escape \\007 Zeichen mit dem oktalen Zahlencode 7 0x7f Zeichen mit dem hex Zahlencode 0x7f \\cC Controlzeichen, hier Control-C \\ Backslash \\l Folgendes Zeichen in Kleinschrift wandeln \\L Alle folgenden Zeichen bis \\E in Kleinschrift wandeln \\u Folgendes Zeichen in Großschrift wandeln \\U Alle folgenden Zeichen bis \\E in Großschrift wandeln \\E Beende \\L oder \\U Controlzeichen in Perl.\nOperationen mit Skalaren Perl kennt dieselben numerischen Operationen auf Skalaren, die C auch kennt: +, -, *, / und %. Außerdem ist noch eine Potenzoperation ** definiert. Numerische Vergleiche werden mit den Operatoren \u0026lt;, \u0026lt;=, ==, \u0026gt;=, \u0026gt; und != vorgenommen.\nAußerdem ist auf Strings die Konkatenation definiert; dazu wird der Operator Punkt (.) verwendet. Strings können mit dem Operator x auch vervielfacht werden. Strings werden alphabetisch verglichen, dafür stehen die Operatoren lt, le, eq, ge, gt und ne zur Verfügung. Die numerischen Operatoren würden 7 \u0026lt; 30 als wahr bewerten, aber 7 lt 30 ist falsch.\nSkalare können einfach zugewiesen werden, Perl verhält sich dabei im Wesentlichen wie C. Der einzige Unterschied ist, daß Variablen nicht deklariert werden müssen, sondern nach Bedarf ins Leben gerufen werden. Wie in C existiert zu jedem arithmetischen Operator auch ein zugehöriger rechnender Zuweisungsoperator, d.h. man kann +=, -=, *=, /= und so weiter verwenden. Ebenso wie in C sind ++ und - als Pre- und Postoperatoren erlaubt.\nWird ein Skalar benutzt, bevor er einen Wert zugewiesen bekommen hat, liefert Perl den speziellen Wert undef. Dieser Wert sieht aus wie der Leerstring oder wie eine numerische Null, je nachdem, in welchem Kontext er verwendet wird. undef kann jedoch mit dem Prädikat defined() abgefragt werden. Das ist nützlich im Zusammenhang mit Dateien, die am Dateiende undef zurückliefern.\nArrays Außer skalaren Werten kann Perl noch Felder und assoziative Felder bearbeiten. Genau wie bei Strings gibt es auch bei diesen Datentypen keine Größenbegrenzungen, und genau wie gewöhnliche Variablen müssen auch die beiden Arten von Feldern in Perl nicht deklariert werden, sondern können einfach benutzt werden.\nSo wie skalare Variable durch ein $ bezeichnet werden, kennzeichnet Perl Felder mit einem @ und Hashlisten mit einem %-Zeichen. Demnach bezeichnet $name einen Skalar mit dem Namen name und @name ein Feld desselben Namens. Perl unterhält unterschiedliche Namensräume für alle drei Sorten von Objekten, so daß $name, @name und %name unterschiedliche Objekte bezeichnen.\nEbenso wie skalare Konstanten in Perl notiert werden können, existieren auch Notationen für Felder:\n(1,2,3) # Ein Feld mit dem drei Werten 1, 2 und 3. (\u0026#34;huhu\u0026#34;, \u0026#34;du\u0026#34;, \u0026#34;da\u0026#34;) # Ein Feld mit drei Strings. Es ist auch möglich, gemischte Felder zu notieren, und die Feldelemente brauchen keine Konstanten zu sein:\n($name, 42) # Der Wert von $name und 42. ($vorname . $nachname, $strasse . $hausnr) # Zwei Werte. () # Das leere (nullelementige) Feld. Um große Listen von aufzählenden Zahlenwerten zu notieren, existiert in Perl außerdem noch eine Abkürzung:\n(1..10) # Die ganzen Zahlen von 1 bis 10. (11.9..15.9) # Die Zahlen 11.9, 12.9, .., 15.9. (2, 3, 5..9) # Die Zahlen 2, 3, 5, 6, 7, 8 und 9. ($start..$stop) # Der Bereich von $start bis $stop. Solche Listen zählen immer nur aufsteigend. Wenn der rechte Wert kleiner ist als der linke Wert, entsteht die leere Liste. Der Operator print kann ebenfalls Listen drucken; die Ausgabe erfolgt ohne Leerzeichen zwischen den Listenelementen:\nprint (\u0026#34;Der Name ist \u0026#34;, $name,\u0026#34;\\n\u0026#34;; print (\u0026#34;Der Name ist $name\\n\u0026#34;); # schöner Operationen mit Arrays Arrays werden in Perl genauso zugewiesen wie Skalare, nämlich mit =. Perl erkennt, ob es sich um eine Zuweisung von Arrays oder Skalaren handelt, indem es die linke Seite der Zuweisung analysiert und feststellt, ob es sich dabei um einen skalaren oder um einen Arraykontext handelt.\n@lall = (1..3); # Das Feld @lall besteht jetzt aus 3 Elementen. @bla = @lall; # In Perl können ganze Felder zugewiesen werden. @fasel = 1; # 1 wird zu (1) und dann zugewiesen. In der Elementliste auf der rechten Seite der Zuweisung können auch wieder Arrays als Elemente auftauchen. Sie werden bei der Zuweisung durch ihre Elemente ersetzt. Auf diese Weise ist es möglich, vorne und hinten in das Feld Elemente einzufügen.\n@lall = (1..3); @bla = (0, @lall, 4); # wird zu (0..4). Enthält eine Liste nur Variablen, kann sie auch als linke Seite einer Zuweisung verwendet werden. Auf diese Weise kann man bequem beliebig viele Elemente eines Feldes permutieren. Wenn die linke Liste einer Zuweisung weniger Elemente hat als das Feld auf der rechten Seite, werden die überzähligen Elemente verworfen. Es ist aber auch möglich, als letztes Element der linken Seite ein Feld zu verwenden, das diese Elemente dann aufnimmt:\n($b, $a) = ($a, $b); # $a und $b vertauschen. ($a, $b) = ($c, $d, $e); # $b ist $d, $e ist verloren. ($a, @b) = ($c, $d, $e); # $b[0] ist $d, $b[1] ist $e. Wird ein Feld in einem skalaren Kontext verwendet, wird die Länge des Feldes für das Feld eingesetzt. Die Länge eines Feldes @name kann aber auch mit der Variablen $#name abgefragt werden.\nAuf die Elemente eines Feldes @name kann durch Indizierung wie in C zugegriffen werden. Die Elemente eines Feldes sind Skalare, daher sind sie mit dem Prefix $ zu versehen. Es ist möglich, beliebigen einzelnen Feldelementen Werte zuzuweisen. Perl vergrößert das Feld nach Bedarf, eventuell vorhandene Lücken werden mit undef aufgefüllt.\nprint $name[0]; # das erste Element des Feldes @name. $name[0] = 17; Anders als in C kann in Perl auch auf eine Liste von Arrayelementen zugegriffen werden. Dies wird als eine array slice bezeichnet. In diesem Fall handelt es sich um einen Arraykontext, daher also das Prefix @.\n@fasel[0, 1]; # entspricht ($fasel[0], $fasel[1]) @fasel[1, 0] = @fasel[0, 1]; # Feldelemente tauschen. @fasel[0, 1, 2] = @fasel[1, 1, 1]; @fasel[9, 10] = (17, 4); Mit den Operatoren push und pop kann Perl ein Array wie einen Stack verwenden. Es ist möglich, mehrere Werte (oder ganze Felder) auf einmal zu pushen.\npush(@einStack, $einWert); push(@einStack, 4, 5, 6); $einWert = pop(@einStack); Während push und pop die rechte Seite eines Arrays bearbeiten (d.h. an den hohen Indizes manipulieren), verändern shift und unshift die linke Seite des Feldes. shift entspricht dabei dem gleichnamigen Shell-Operator, und unshift ist seine Umkehrung.\nreverse liefert die Elemente eines Feldes in umgekehrter Reihenfolge, sort liefert sie alphabetisch sortiert, und chop ist auch auf alle Elemente eines Feldes anwendbar.\nDateihandles wie \u0026lt;STDIN\u0026gt; können auch Arrays zugewiesen werden. Sie lesen dann die ganze Datei auf einmal ein und weisen jede Zeile einem Feldelement zu.\n#! /usr/bin/perl -- @lines = \u0026lt;STDIN\u0026gt;; @reverselines = reverse(@lines); @sortlines = sort(@lines); print @sortlines; print @reverselines; Kontrollstrukturen In Perl werden wie in C Blöcke von Anweisungen gebildet, indem man die Anweisungen in geschweifte Klammern einschließt. Diese Anweisungen werden linear ausgeführt.\n{ anweisung_1; anweisung_2; ... anweisung_n; } Wie in C ist es möglich, Bedingungen zu formulieren. Anders als in C müssen die geschweiften Klammern immer vorhanden sein, auch dann, wenn nur eine Anweisung von der Bedingung abhängig ist. Der else-Block kann weggelassen werden. Mit Hilfe von elsif können Entscheidungen kaskadiert werden, ohne daß sich die Einrücktiefe bis ins Unendliche steigert.\nif (bedingung) { anweisungen; } elsif (neue_bedingung) { anweisungen; } else { anweisungen; } In Perl werden Bedingungen als Strings berechnet. Bedingungen sind genau dann falsch, wenn sie entweder genau den String 0 oder den leeren String ergeben. Alle anderen Werte (1, 17, 0.000, 00) sind wahr.\nEine etwas seltsame Konstruktion in Perl ist die unless-Anweisung, die im Prinzip ein if ohne then darstellt (Die Anweisung die beendet ein Perl-Programm mit einer Fehlermeldung).\nprint \u0026#34;Wie ist Dein Name? \u0026#34;; $name = \u0026lt;STDIN\u0026gt;; unless ($name eq \u0026#34;Kristian\u0026#34;) { die \u0026#34;Zugriff verweigert.\\n\u0026#34;; } Eine andere seltsame Konstruktion ist das einzelnen Anweisungen nachgestellte if oder unless.\ndie \u0026#34;Zugriff verweigert.\\n\u0026#34; unless ($name eq \u0026#34;Kristian); Perl ist in der Lage, einen Block von Anweisungen zu wiederholen, solange eine Bedingung wahr (while) oder falsch (until) ist. Ebenso ist eine zu C analoge for-Anweisung zum Zählen vorhanden. Die Syntax ist in allen Fällen wie in C, nur daß die geschweiften Klammern nicht entfallen dürfen.\nwhile (bedingung) { anweisungen; } until (bedingung) { anweisungen; } for (start_anweisungen; test_anweisungen; zählanweisungen) { arbeits_anweisungen; } Zusätzlich ist Perl in der Lage, einen Block für jedes Element eines Feldes auszuführen. Das ist bequemer, als erst die Länge eines Feldes zu bestimmen und es dann durchzuzählen.\nforeach $zähler (@eineListe) { anweisungen; } Schleifen können mit last und next vorwärts und rückwärts kurzgeschlossen werden, d.h. last entspricht dem break in C und next entspricht dem continue von C.\nBlöcke können in Perl mit einem Label markiert werden. last und next können mithilfe dieser Labels mehrere Ebenen auf einmal verlassen oder kurzschließen.\nAssoziative Arrays Assoziative Arrays oder Hashlisten sind programmtechnisch eine Verallgemeinerung von Arrays. Statt ganzzahliger Ausdrücke kann in einer Hashliste ein beliebiger String als Index verwendet werden. Über diesen String kann jederzeit auf dem mit dem String assoziierten Wert zugegriffen werden. Man kann sich eine solche Hashliste auch als Tabelle mit zwei Spalten vorstellen: Jedem String aus der linken Spalte (den Schlüsseln) ist der zugehörige String auf der rechten Seite (ein Wert) zugeordnet. Anders als in einer richtigen Tabelle oder in einem Array haben die Elemente in einer Hashliste aber keine vorgegebene Ordnung. Würde man sie aufzählen (z.B. in einer foreach-Schleife), bekäme man irgendeine Reihenfolge.\nIn Perl werden assoziative Felder durch ein Prozentzeichen (%) markiert. In einem Arraykontext werden sie wie ein normales Array mit einer geraden Anzahl von Feldern behandelt. Die geraden Positionen dieses Arrays beginnend bei 0 sind mit Schlüsseln belegt, die ungeraden Positionen mit den zu diesen Schlüsseln gehörenden Werten. Die Funktion keys() liefert die Schlüssel eines solchen Feldes und die Funktion values() die Werte.\n%vorname_von = ( \u0026#34;Köhntopp\u0026#34;, \u0026#34;Kristian\u0026#34;, \u0026#34;Seeger\u0026#34;, \u0026#34;Martin\u0026#34;, \u0026#34;Rump\u0026#34;, \u0026#34;Birgit\u0026#34;); # Reihenfolge ist zufällig! print keys(%vorname_von); # Köhntopp, Seeger, Rump print values(%vorname_von); # Kristian, Martin, Birgit Der Zugriff auf einzelne Elemente erfolgt wie bei Feldern durch Indizierung, aber der Indexoperator besteht hier aus den geschweiften Klammern.\n# Reihenfolge ist zufällig foreach $i (keys(%vorname_von)) { print \u0026#34;Der Vorname von $i ist $vorname_von{$i}.\\n\u0026#34;; } foreach $i (sort keys %vorname_von) { print \u0026#34;Der Vorname von $i ist $vorname_von{$i}.\\n\u0026#34;; } Einzelne Elemente lassen sich mit dem Operator delete aus dem Feld löschen (man kann auch das ganze Feld löschen).\nEingabe und Ausgabe Standardeingabe Wie bereits gezeigt, kann man eine Zeile der Eingabe einlesen, indem man das Filehandle der Eingabe an eine skalare Variable zuweist. Wenn keine Eingabezeile mehr verfügbar ist, wird der Wert undef zugewiesen. Weist man ein Filehandle stattdessen an ein Array zu, wird die gesamte Datei bis zum Dateiende zugewiesen und jedem Arrayelement eine Zeile zugeordnet.\nOft möchte man eine Datei zeilenweise durchlesen und für jede Zeile einer Operation ausführen. Für die Standardeingabe sieht das so aus:\nwhile ($i = \u0026lt;STDIN\u0026gt;) { print $i; # Zeile drucken } Die Schleife beendet sich am Dateiende, da der Wert undef zum Leerstring expandiert und dieser String als false-Wert gilt. Leere Eingabezeilen bestehen aber immerhin noch aus einem Newline-Zeichen, sind also keine Leerstrings.\nIn Perl ist es so, daß für viele Operatoren die Variable $_ als Defaultvariable angenommen wird, wenn keine Variable angegeben wird. Tatsächlich kann man das Beispiel auch so schreiben:\nwhile (\u0026lt;STDIN\u0026gt;) { print; # Zeile drucken } In diesem Fall wird statt der Variablen $i die Standardvariable $_ verwendet.\n@ARGV und %ENV Die Kommandozeilenparameter eines Perlprogrammes stehen in der vordefinierten Arrayvariablen @ARGV zur Verfügung. Das spezielle Dateihandle \u0026lt;\u0026gt; interpretiert diese Namen der Reihe nach als Dateinamen und liest alle diese Dateien durch. Das Programm\n#! /usr/bin/perl -- while (\u0026lt;\u0026gt;) { print; # Zeile drucken } entspricht also dem UNIX-Kommando cat. Es kann perlcat a b c aufgerufen werden und gibt nacheinander die Inhalte aller drei Dateien als eine Datei auf der Standardausgabe aus.\nIm assoziativen Array %ENV stellt Perl alle Umgebungsvariablen zur Verfühgung. Die Schlüssel sind jeweils der Name, die Werte sind die Werte der Umgebungsvariablen.\n#! /usr/bin/perl -- # Finde den Pfad des Homeverzeichnisses # des Benutzers. print $ENV{\u0026#39;HOME\u0026#39;}; printf Wem die Ausgabe von Variablen mit print zu langweilig oder zu umständlich ist, der kann statt dessen printf verwendet. Diese Anweisung akzeptiert einen Formatstring wie die gleichnamige C-Funktion und eine Liste von Variablen, die entsprechend dem Formatstring formatiert werden.\nprintf \u0026#34;%10s %05d %7.2f\\n\u0026#34;, $s, $i, $f; Reguläre Ausdrücke Viele Perl-Anweisungen und Funktionen machen von regulären Ausdrücken Gebrauch. Ein regulärer Ausdruck ist ein Suchmuster, das gegen eine Zeichenkette verglichen wird und entweder paßt oder nicht. Oft kommt es nur darauf an, ob der Ausdruck paßt oder nicht, manchmal möchte man auch noch wissen, welcher Teil der Zeichenkette genau gepasst hat, etwa um ihn zu ersetzen.\nReguläre Ausdrücke werden von vielen UNIX-Programmen verwendet, darunter grep, sed, awk, ed, vi, emacs und die verschiedenen Shells. Jedes dieser Programme hat eine leicht unterschiedliche Art der Notation für reguläre Ausdrücke, und auch die Leistungsfähigkeit unterscheidet sich gelegentlich etwas. Perls reguläre Ausdrücke sind eine Obermenge aller dieser Verfahren: Jeder reguläre Ausdruck, der in einem der genannten Werkzeuge formuliert werden kann, kann auch in Perl formuliert werden, muss aber evtl. leicht umformuliert werden.\nIn Perl werden reguläre Ausdrücke notiert, indem sie in Schrägstriche (slashes) eingeschlossen werden. Die einfachste Form von regulären Ausdrücken sieht so aus:\nif (/abc/) { print \u0026#34;$_\u0026#34;; } Im Beispiel wird die Einbauvariable $_ gegen den regulären Ausdruck getestet und wenn eine Übereinstimmung erzielt wird, wird der String gedruckt. Die volle Syntax des match-Operators lautet\n$variable =~ m/regexp/optionen; Dieser Ausdruck vergleicht den Inhalt der Variablen $variable gegen den regulären Ausdruck regexp. Dabei kann der Ablauf des Matchvorgangs mit einigen einbuchstabigen Operationen beeinflusst werden (die wichtigste Option ist i, ignore case). Auch die Trennzeichen (Slashes) können durch andere, frei gewählte Trennzeichen ersetzt werden. Der Match selbst ergibt einen Wahrheitswert, ,,1`` oder den Leerstring.\nPerl kennt die folgenden Regeln zur Konstruktion von regulären Ausdrücken:\nAlle Zeichen, denen im folgenden keine besondere Bedeutung zugewiesen wird, stehen in einem regulären Ausdruck für sich selbst. Der reguläre Ausdruck a paßt also auf einen String, der a enthält.\nDas Zeichen Punkt steht für ein einzelnes, beliebiges Zeichen außer Newline. Der reguläre Ausdruck . paßt also auf alle Strings, die mindestens ein beliebiges Zeichen außer Newline enthalten.\nEine in eckige Klammern eingeschlossene Zeichenmenge steht für ein einzelnes Zeichen aus dieser Menge. Beginnt die Menge mit einem Dach, steht die Menge für ein einzelnes Zeichen, das nicht in der Menge ist. Der Ausdruck [abc] paßt also entweder auf das Zeichen a oder das Zeichen b oder das Zeichen c.\nPerl kennt einige vordefinierte Zeichenklassen (und deren Negationen), die oft benötigt werden:\nKürzel Bedeutung Kürzel Bedeutung \\d (digits) [0-9] \\D (not digits) [^0-9] \\w (words) [a-zA-Z0-9_] \\W (not words) [^a-zA-Z0-9_] \\s (space) [ \\r\\t\\n\\f] \\S (not space) [^ \\r\\n\\t\\f] Mehrere Teilausdrücke können einfach aneinandergereiht werden. Der resultierende Ausdruck paßt dann auf eine Folge von Zeichen, auf die jeweils die Teilausdrücke passen würden. Im Klartext bedeutet das, daß etwa abc auf ein a gefolgt von einem b gefolgt von einem c paßt, und daß etwa a.c auf ein a gefolgt von einem beliebigen Zeichen außer Newline gefolgt von c paßt.\nDer Stern * paßt auf null oder mehr Wiederholungen des folgenden Zeichens. Der Ausdruck ab*c paßt also auf ac, abc, abbc und so weiter.\nDas Pluszeichen + paßt auf eine oder mehr Wiederholungen des folgenden Zeichens. Der Ausdruck ab+c paßt also auf abc, abbc und so weiter.\nDas Fragezeichen ? paßt auf eine oder eine Wiederholung des folgenden Zeichens. Der Ausdruck ab?c paßt also auf ac oder abc.\nHinter einem Zeichen kann in geschweiften Klammer ein genereller Multiplikator {n.m} angegeben werden. Der Ausdruck paßt dann auf n bis m Wiederholungen dieses Zeichens. Wird nur eine Zahl angegeben, paßt der Ausdruck auf genau n Wiederholungen des Zeichens. Wird die zweite Grenze m weggelassen, wird für sie unendlich eingesetzt.\nDer Stern ist also ein Kürzel für {0,}, das Pluszeichen steht für {1,} und das Fragezeichen für {0,1}\nMit runden Klammern () können Teile eines Ausdruckes markiert werden. Diese Markierungen stehen im selben Ausdruck unter den Namen \\1, \\2 und so weiter zur Verfügung. Der reguläre Ausdruck a(.+)b\\1c paßt also auf einen String, der ein a gefolgt von einer Anzahl beliebiger Zeichen, gefolgt von einem b gefolgt von exakt demselben String wie zwischen a und b gefolgt von einem c enthält. Passend wäre also addbddc oder ahallobhalloc, aber nicht addbhalloc. Letzterer String würde aber auf den Ausdruck a.+b.+c passen.\nNach einem Match (und bis zum nächsten Gebrauch des Match-Operators) stehen die markierten Teilstrings in den besonderen Perl-Variablen $1, $2 und so weiter zur Verfügung.\nAußerdem binden die Klammern Teilausdrücke zusammen: abc* paßt auf ab, abc, abcc und so weiter, während (abc)* auf den leeren String, abc, abcabc und so weiter paßt.\nUnd schließlich lassen sich mit dem Pipelinezeichen noch Alternativen deklarieren. Der Ausdruck lall|laber paßt entweder auf den String lall oder auf den String laber.\nEin Dach markiert den Anfang eines Strings und ein Dollarzeichen das Ende eines Strings. Der Ausdruck ^x$ paßt also auf einen String, der genau nur aus dem Zeichen x besteht.\nAußer dem m-Operator zum Matchen kennt Perl auch noch einen s-Operator zum Suchen und Ersetzen in einem String:\n$variable =~ s/alt/neu/optionen; Diese Operation ersetzt in der Variablen $variable alle Vorkommen des regulären Ausdrucks alt durch neu. Der Ausdruck neu darf dabei ebenfalls Klammermarkierungen enthalten. So würde s/a(.+)b/x\\1y/ in einem String ein Vorkommen von paarigen a und b durch passende x und y ersetzen, ohne daß der Text dazwischen irgendwie beeinflusst wäre.\nAußer der Option i (ignore case) kennt der s-Operator auch noch die Option g (global search and replace), die nicht nur ein einzelnes Vorkommen von alt ersetzt, sondern alle.\nsplit() und join() Die Perlfunktion split() kann dazu verwendet werden, einen Skalar mit Hilfe eines regulären Ausdrucks in ein Feld zu zerlegen. split() nimmt dazu den String und wendet den regulären Ausdruck wiederholt auf den String an. Alle Teile des Strings, die auf den regulären Ausdruck passen, werden zu Trennzeichen, und die Teile des Strings, die nicht auf den Ausdruck passen, werden zu Feldelementen.\nEine Zeile der Paßwortdatei in UNIX sieht zum Beispiel so aus:\n$line = \u0026#34;kris:_:100:20:Kristian Köhntopp:/home/kris:/bin/bash\u0026#34;; Mit dem Aufruf split(/:/, $line); wendet Perl den regulären Ausdruck /:/ auf diese Zeile an. Der Ausdruck paßt auf alle Doppelpunkte, diese werden also Trennzeichen. Die Worte kris, x, 100, 20, Kristian Köhntopp, /home/kris und /bin/bash werden die Feldelemente 0 bis 6 des Ergebnisfeldes von split.\nWendet man split() in einem Arraykontext an, bekommt man das gesamte Feld als Ergebnis (und kann seine Länge mit $#feld feststellen). In einem skalaren Kontext bekommt man von split() die Länge des Feldes als Ergebnis.\n$laenge = split(/:/, $line); # ergibt 6 @feld = split(/:/, $line); # ergibt $feld[0] = \u0026#34;kris\u0026#34; usw. # $#feld ist auch 6. Andererseits kann man mit join() ein Feld mit beliebigen Trennzeichen zu einem Skalar zusammenfügen.\n$line = join(\u0026#34;:\u0026#34;, @feld); würde das zerlegte Paßwortfeld von oben wieder zusammensetzen.\nFunktionen Es ist möglich, in Perl eigene Funktionen zu definieren. Die Syntax ist folgendermaßen:\nsub name { anweisungen; $wert; } Diese Anweisungen definieren eine Funktion mit dem Namen name, die einen Rückgabewert in $wert berechnet. Die Namen von Funktionen sind von den Namen von Skalaren, Arrays und Hashlisten unabhängig. Funktionen werden mit einem Undzeichen aufgerufen. Die Funktion name kann also so aufgerufen werden:\n\u0026amp;name; # name aufrufen und das Ergebnis verwerfen. $var = \u0026amp;name; # name aufrufen und das Ergebnis nutzen. Funktionen können mit Argumenten aufgerufen werden. Diese Argumente stehen im Feld @_ zur Verfügung. Sie können also mit $_[0] und so weiter angesprochen werden.\nsub add { $summe = 0; foreach $i (@_) { $summe += $i; } $summe; } print \u0026amp;add(1, 42, 17, 4); print \u0026amp;add(1..5); Variablen in Funktionen sind global. Die Variable $summe in der Funktion oben würde also eine gleichnamige Variable anderswo im Programm überschreiben. Mit Hilfe des Operators local() ist es möglich, lokale Variablen zu deklarieren:\nsub add { local($summe) = 0; foreach $i (@_) { $summe += $i; } $summe; } Auf diese Weise kann man auch die Funktionsparameter in ein bekanntes Feld umkopieren:\nsub add { local(@werte) = @_; local($summe) = 0; foreach $i (@werte) { $summe += $i; } $summe; } CGI-Programme in Perl cgi-lib.pl und testcgi.pl Zur CGI-Programmierung stehen in Perl eine ganze Reihe von Funktionspaketen zur Verfügung. Ein sehr einfaches Funktionspaket ist die cgi-lib.pl von Steven E. Brenner. Dieses Paket kann die Eingabedaten von GET und POST-Methoden einlesen und decodieren. Es stellt die Werte der einzelnen Eingabevariablen dann in dem assoziativen Feld %in zur Verfügung. Neben dieser Grundfunktionalität sind zusätzlich noch einige Hilfsfunktionen zum Debugging vorhanden.\nDer Gebrauch des Paketes ist wie folgt: Im Bibliotheksverzeichnis von Perl muss die Datei cgi-lib.pl installiert sein. Das eigene Perlscript muss dann so anfangen:\n#! /usr/bin/perl -- # Paket aktivieren. require \u0026#34;cgi-lib.pl\u0026#34; || die \u0026#34;cgi-lib.pl nicht gefunden.\u0026#34;; # Einlesen und Zerlegen der GET/POST-Variablen. \u0026amp;ReadParse; # html-Header erzeugen. print \u0026amp;PrintHeader; # Debugausgabe print \u0026#34;\u0026lt;html\u0026gt; \u0026lt;head\u0026gt; \u0026lt;title\u0026gt;Test CGI\u0026lt;/title\u0026gt; \u0026lt;/head\u0026gt; \u0026lt;body\u0026gt; \u0026lt;h1\u0026gt;Test CGI\u0026lt;/h1\u0026gt; \u0026lt;h2\u0026gt;Eingabevariablen:\u0026lt;/h2\u0026gt;\\n\u0026#34;; print \u0026amp;PrintVariables(%in); print \u0026#34;\\n\u0026lt;h2\u0026gt;Umgebungsvariablen\u0026lt;/h2\u0026gt;\\n\u0026#34;; print \u0026amp;PrintVariables(%ENV); print \u0026#34;\u0026lt;hr\u0026gt; Erzeugt von test-cgi.pl \u0026lt;/body\u0026gt; \u0026lt;/html\u0026gt;\\n\u0026#34;; Das Script muss ausführbar gemacht werden und dann unter einer passenden URL aufgerufen werden (zum Beispiel: http://white/cgi-bin/testcgi.pl). Ihm können von einem Formular oder manuell beliebige Parameter mitgegeben werden. Seine Ausgabe sieht dann zum Beispiel so aus (mit einigen Parametern aufgerufen):\nTest CGI Eingabevariablen: lall laber probe hallo Umgebungsvariablen DOCUMENT_ROOT /home/www GATEWAY_INTERFACE CGI/1.1 ... gekürzt ... SERVER_SOFTWARE Apache/1.0.3 ---------------------------------------------------------- Erzeugt von test-cgi.pl Das Script funktioniert wie folgt:\nDie Anweisung require aktiviert das Perl Funktionspaket cgi-lib.pl. Schlägt das fehl, beendet die die-Anweisung das Script mit einer Fehlermeldung.\nDer Aufruf der im Paket definierten Unterfunktion \u0026amp;ReadParse liest die Eingaben der GET- und POST-Methoden ein und decodiert sie. Die einzelnen Variablenwerte werden im assoziativen Feld %in hinterlegt.\nDie Funktion \u0026amp;PrintHeader liefert den benötigten Content-Type-String zurück, der dann mit print gedruckt wird.\nMit einem einfachen, mehrzeiligen print wird der Header eines HTML-Dokumentes erzeugt.\nDie Funktion \u0026amp;PrintVariables druckt das ihr übergebene assoziative Array %in zu Debugzwecken aus.\nNach einem Zwischenheader wird dann auch noch das assoziative Array %ENV ausgedruckt. Dieses enthält alle Umgebungsvariablen des Programms.\nEin Abspann-print druckt den Seitenfuß.\nEin einfacher Zähler CGI-Scripte können und sollen nicht gecached werden. Es ist daher möglich, auf diese Weise einen einfachen Seitenzähler zu realisieren. Das Script muss dazu an einem geeigneten Ort eine Datei hinterlegen, in der es seine Aufrufe mitzählt. Die Ausgabe des Scriptes kann eine beliebige HTML-Seite sein, in der der Zählerstand eingebaut wird.\n#! /usr/bin/perl -- # Paket aktivieren. require \u0026#34;cgi-lib.pl\u0026#34; || die \u0026#34;cgi-lib.pl nicht gefunden.\u0026#34;; # Einlesen und Zerlegen der GET/POST-Variablen. \u0026amp;ReadParse; # html-Header erzeugen. print \u0026amp;PrintHeader; # Zählerstand einlesen. open(COUNTER, \u0026#34;\u0026lt;/tmp/counter\u0026#34;); $counter = \u0026lt;COUNTER\u0026gt; + 1; close(COUNTER); # Zählerstand merken. open(COUNTER, \u0026#34;\u0026gt;/tmp/counter\u0026#34;); print COUNTER \u0026#34;$counter\\n\u0026#34;; close(COUNTER); # Seite ausgeben. print \u0026#34;\u0026lt;html\u0026gt; \u0026lt;head\u0026gt; \u0026lt;title\u0026gt;Test CGI\u0026lt;/title\u0026gt; \u0026lt;/head\u0026gt; \u0026lt;body\u0026gt; \u0026lt;h1\u0026gt;Z\u0026amp;auml;hlerseite\u0026lt;/h1\u0026gt; Diese Seite wurde $counter mal aufgerufen. \u0026lt;/body\u0026gt; \u0026lt;/html\u0026gt;\\n\u0026#34;; Das Script funktioniert so:\nWie üblich werden die Eingabeparameter eingelesen. Sie werden in dieser Version des Zählscriptes aber noch nicht verwendet.\nEs wird ein Dateihandle \u0026lt;COUNTER\u0026gt; zum Lesen geöffnet und eine Zeile mit einer Zahl eingelesen. Diese Zahl wird um eins erhöht. Die Datei wird wieder geschlossen.\nDasselbe Dateihandle wird noch einmal geöffnet, aber zum Schreiben. Der aktuelle Zählerstand wird in die Datei hineingedruckt. Beachte, daß beim Drucken in Filehandles zwischen dem Filehandle und dem eigentlichen Drucktext kein Komma gesetzt wird!\nDer Seitentext wird ausgegeben.\nAufgaben: Erweitere das Script so, daß es mehrere verschiedene Seiten und Zähler zu diesen Seiten bearbeiten kann. Die Seitenbezeichnung wird dem Script in der Variablen cn übergeben. Beachte die sich ergebenden Sicherheitsprobleme, wenn Pfadnamen aus Variablen direkt übernommen werden! Wie können diese vermieden werden?\n","date":"1996-11-27T00:00:00Z","href":"https://blog.koehntopp.info/1996/11/27/cgi-programmierung.html","tags":["lang_de","web","development"],"title":"CGI Programmierung"},{"categories":null,"content":"Der junge Mönch Lu Ser wanderte viele Jahre durch die Netscape auf der Suche nach dem Sinn des Netzes, denn dieses war kryptisch und schwer zu benutzen und Lu Ser war nicht nur ein absoluter Newbie, sondern auch ein bisschen dumm. Eines Tages traf er in der Nähe eines WWW-Servers in Redmond auf den weisen Yoshi und fragte: \u0026ldquo;Hat de.talk.bizarre Billinatur?\u0026rdquo;.\nÜber das Gesicht von Yoshi ging ein Strahlen. Er führte Lu Ser sogleich in sein soeben eingerichtetes Online-Merchandizing-Center, denn auch weise alte Mönche leben nicht von Luft und Koans allein und fing an, die dort zur Schau gestellten Produkte zu preisen: \u0026ldquo;Sieh hier, da haben wir eine hölzerne 42 zum an die Wand haengen!\u0026rdquo; Lu Ser rief erstaunt: \u0026ldquo;EINE 42!?!?!\u0026rdquo;, doch Yoshi unterbrach ihn: \u0026ldquo;Pscht! Nicht so laut!\u0026rdquo; Lu Ser setzte erneut an: \u0026ldquo;Ich meine: Eine 42?\u0026rdquo; Yoshi nahm sie von der Wand: \u0026ldquo;Genauuuuu! Und für nur 10 Pfennig ist sie Dein!\u0026rdquo;.\nDie beiden streiften weiter durch die unendlichen Weiten der Pages von Yoshi\u0026rsquo;s Center: \u0026ldquo;Hier haben wir weitere Fan-Artikel für de.talk.bizarre: Ein portables Erdloch, ein absolutes Muss für jeden Neueinsteiger. Und auf Parties immer wieder für kleine Scherze gut. Außerdem ist es ausbaufähig: Wir haben dazu passend nur wenig gebrauchte U-Boote, entweder in Gelb oder komplett Atomreaktor mit Kapitän Nemo, Nadia und dem bösen Gargoyle.\u0026rdquo; Lu Ser gingen die Augen über ob dieser Schätze.\nDoch Yoshi hatte noch weitere Knaller: Eine Stadt, die es auf der Erde schon lange nicht mehr gab in einer Flasche. Auf dem Etikett stand nicht etwa \u0026ldquo;Argo City\u0026rdquo; (denn Yoshi hatte kein grünes Gesicht und keine roten Knöpfe anstelle einer Frisur), sondern das ominöse Wort \u0026ldquo;Bielefeld\u0026rdquo;.\nLu Ser jedoch sagte: \u0026ldquo;Ich hätte gerne etwas Anspruchsvolleres. Und nützlich muss es sein.\u0026rdquo; \u0026ldquo;Tja\u0026rdquo;, sagte Yoshi, \u0026ldquo;dann kommt für Dich nur dies hier in Frage.\u0026rdquo; und griff in eine der Schubladen hinter der Theke seines Webshops.\nVon dort zog er eine glitzernde Silberscheibe hervor, schön wie der Mond am Winterhimmel, verführerisch wie ein Brilliant am Hals einer schönen Frau. \u0026ldquo;Dies\u0026rdquo;, sprach der gewitzte Yoshi zu dem überwältigten Lu Ser, \u0026ldquo;dies ist die Krönung menschlicher Programmierkunst, dies ist ein Stück Himmel auf Erden. Denn dies ist der Organizer von AOL.\u0026rdquo; Da war Lu Ser begeistert und rief aus \u0026ldquo;ADD ME!\u0026rdquo;.\nYoshi aber gab das asketische Mönchsdasein auf, benannte sich in \u0026ldquo;Porno-Plön\u0026rdquo; um und richtete sich einen kleinen Laden am Rande der Datenautobahn ein, in dem er fortan Schweinebilder an vorüberziehende AOLer verkaufte.\n","date":"1996-03-23T00:00:00Z","href":"https://blog.koehntopp.info/1996/03/23/lu-ser.html","tags":["lang_de","detebe","inkomploehntopp"],"title":"Lu Ser"},{"categories":null,"content":"aus \u0026ldquo;Linux Magazin\u0026rdquo;, Ausgabe 3/96.\nrwx - sonst nix? In jedem Buch über UNIX wird das UNIX-Rechtesystem ungefähr in Kapitel 2 vollständig erläutert und es bleiben keine Frage mehr offen. Wieso also ein Artikel über Zugriffsrechte? Nun, dieser Artikel erklärt Zugriffsrechte für Leute, die es ganz genau wissen wollen: Welche Rechte werden für den Zugriff auf eine Datei benötigt? Wer prüft die Rechte und wie passiert das?\nWie oft hört man Redewendungen wie \u0026ldquo;Ich öffne jetzt einmal diese Datei\u0026hellip;\u0026rdquo; oder \u0026ldquo;Ich habe keine Zugriffsrechte, um auf dieses Verzeichnis zuzugreifen.\u0026rdquo; Solche Formulierungen sind zwar üblich und auch jedermann verständlich, weil sie so schön bildhaft sind. Aber wenn man über Zugriffsrechte reden möchte, sind sie eher schädlich als hilfreich.\nNatürlich öffnet ein User niemals eine Datei oder greift auf ein Verzeichnis zu. Prozesse tätigen Systemaufrufe und der Kernel öffnet Dateien oder liest Verzeichnisse im Auftrag und mit den Rechten dieses Prozesses. Solche Unterscheidungen sind auf den ersten Blick Haarspaltereien. Aber wenn man sich den Spaß macht und die Sache einmal zu Ende verfolgt, wird man feststellen, daß sich auf diese Weise einige Dinge besser verstehen und leichter erklären lassen. Der Autor will sich also in diesem Artikel einer besonders genauen Sprache befleißigen.\nWoher kommen Zugriffsrechte? Zugriffsrechte und Eigentümer sind etwas, das einem zunächst an Dateien ins Auge fällt. Eine Datei besteht in Linux aus einem Haufen Blöcken auf der Festplatte und einer Verwaltungsstruktur, der I-Node. Während die Blöcke die eigentliche Information in der Datei speichern, findet man in der I-Node fast alle Information über die Datei - also Metainformation. Was die Rechte betrifft, findet man in der I-Node eine User-ID (UID), eine Group-ID (GID) und zwölf Rechtebits: Drei Bits mit den Bezeichnungen sst und dann jeweils drei Dreiergruppen rwx. sst sind gewissermaßen Allzweckbits, die je nach Typ der Datei und Systemaufruf unterschiedliche Bedeutung haben können. Die Auswertung der übrigen neun Bits erfolgt dagegen relativ zentral in einer Funktion permission(), auf die wir weiter unten eingehen werden.\nWas dem UNIX-Neuling noch auffallen wird, ist die Tatsache, daß sich in der I-Node der Datei nicht der Username und der Gruppenname findet, sondern nur jeweils eine ID. Diese ID-Nummern werden vom ls-Kommando in Namen umgewandelt, falls man es ihm nicht verbietet. Man kann das ls-Kommando zwingen, die Angaben numerisch zu machen, indem man die Option -n verwendet oder indem man dem Benutzer, der ls aufruft, den Lesezugriff auf /etc/passwd und /etc/group verweigert (Experiment 1 ).\nExperiment 1 root@white:~# ls -l /etc/passwd /etc/group -rw-r--r-- 1 root root 281 Jul 15 14:39 /etc/group -rw-r--r-- 1 root root 1163 Nov 28 15:30 /etc/passwd root@white:~# chmod 000 /etc/passwd /etc/group root@white:~# su - kris kris@white:~$ ls -l /tmp -rw-r--r-- 1 0 0 5 Nov 23 13:36 lall -rw-rw-rw- 1 60000 20 11 Nov 28 21:32 lpq.00002b98 drwxr-xr-x 2 0 0 1024 Nov 17 07:31 root kris@white:~$ exit root@white:~# chmod 644 /etc/passwd /etc/group root@white:~# ls -l /tmp -rw-r--r-- 1 root root 5 Nov 23 13:36 lall -rw-rw-rw- 1 smbguest users 11 Nov 28 21:32 lpq.00002b98 drwxr-xr-x 2 root root 1024 Nov 17 07:31 root Indem man kris die Leserechte auf die Dateien /etc/passwd und /etc/group entzieht, kann man demonstrieren, daß in einer I-Node nur numerische Information über Eigentümer und Gruppe einer Datei gespeichert wird. ls kann diese Zahlen durch Zugriff auf die Paßwortdatenbank in Namen übersetzen. Dazu existiert eine Familie von Bibliotheksfunktionen, die in getpwent(3), getpwuid(3), getgrent(3) und getgrgid(3) dokumentiert ist.\nZugriffe auf Dateien erfolgen durch den Kernel im Auftrag eines Prozesses. Der Kernel entscheidet anhand der Rechtebits in der Inode der Datei einer Datei, ob er den Zugriff auf die Datei ausführen wird oder nicht. Entscheidend für die Interpretation dieser Rechtebits ist noch, mit welcher UID und GID der Prozeß abläuft, der auf die Datei zugreifen möchte. Wie man in /usr/include/linux/sched.h nachlesen kann, hat ein struct task_struct in Linux die Felder\n#define NGROUPS 32 unsigned short uid,euid,suid,fsuid; unsigned short gid,egid,sgid,fsgid; int groups[NGROUPS]; Linux unterscheidet sich hier von einem normalen UNIX: Für Zugriffe auf Dateien sind die Felder fsuid, fsgid und groups[] relevant, während ein normales UNIX euid und egid verwendet. Natürlich unterscheidet sich Linux nicht so sehr von einem normalen UNIX, daß es inkompatibel wäre: Normalerweise ist die fsuid/fsgid mit der euid/egid des Prozesses identisch. Die Zugriffe auf Dateien erfolgen also mit der sogenannten effektiven User-ID und Group-ID eines Prozesses.\nKasten 2 zeigt, wie man feststellen kann, unter welchen IDs Zugriffe erfolgen.\nExperiment 2 kris@white:~$ id uid=100(kris) gid=20(users) groups=20(users),11(floppy) kris@white:~$ su - Password: root@white:~# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy) root@white:~# exit kris@white:~$ id marit uid=101(marit) gid=20(users) groups=11(floppy) kris@white:~$ ls -l /tmp/bash -rwsr-xr-x 1 root root 295940 Nov 29 12:07 /tmp/bash kris@white:~$ /tmp/bash kris@white:~# id uid=100(kris) gid=20(users) euid=0(root) groups=20(users),11(floppy) Jemand, der als kris eingeloggt ist, greift normalerweise mit der UID 100, der GID 20 und den Einträgen 20 und 11 im Feld groups[] auf Dateien zu. Ein Systemverwalter dagegen hat die UID und die GID 0 und noch weitere Einträge im Feld groups[]. Mit einem Usernamen als Parameter kann man auch die IDs anderer Benutzer abfragen.\nEffektive und reale UID und GID müssen nicht immer übereinstimmen: Werden Programme mit gesetztem Set User ID-Bit ausgeführt, kann sich die effektive UID eines Prozesses ändern - was set user id genau ist und was das Bit bewirkt, werden wir später noch klären.\nWir halten fest: Dateien haben genau einen Eigentümer und gehören zu genau einer Gruppe, während ein Prozeß einen Eigentümer hat, aber zu bis zu 32 Gruppen gehören kann. Zugriffsrechte werden an Dateien in 12 Bit vermerkt. Die Interpretation dieser 12 Bit hängt ab vom Typ der Datei und von der Identität des zugreifenden Prozesses.\nWo werden die Rechte geprüft? Linux prüft Zugriffsrechte mit Hilfe der Funktion permission(). Sie ist in /usr/src/linux/fs/namei.c in den Zeilen 91 bis 114 definiert. Ein Parameter von permission() ist ein Zeiger auf die I-Node der Datei, auf die zugegriffen wird. Außerdem muß der Funktion noch gesagt werden, welche Art von Zugriff auf die Datei gewünscht wird. /usr/include/linux/fs.h definiert dazu in den Zeilen 35 bis 37 die Werte MAY_EXEC, MAY_WRITE und MAY_READ, die zu einer mask zusammengebaut werden können. Der Kasten zeigt den Quelltext von permission() und die Definitionen aus fs.h.\nExperiment 3 /usr/src/linux/fs/namei.c: 91 /* 92 * permission() 93 * 94 * is used to check for read/write/execute permissions on a file. 95 * We use \u0026#34;fsuid\u0026#34; for this, letting us set arbitrary permissions 96 * for filesystem access without changing the \u0026#34;normal\u0026#34; uids which 97 * are used for other things.. 98 */ 99 int permission(struct inode * inode,int mask) 100 { 101 int mode = inode-\u0026gt;i_mode; 102 103 if (inode-\u0026gt;i_op \u0026amp;\u0026amp; inode-\u0026gt;i_op-\u0026gt;permission) 104 return inode-\u0026gt;i_op-\u0026gt;permission(inode, mask); 105 else if ((mask \u0026amp; S_IWOTH) \u0026amp;\u0026amp; IS_IMMUTABLE(inode)) 106 return -EACCES; /* Nobody gets write access to an immutable file */ 107 else if (current-\u0026gt;fsuid == inode-\u0026gt;i_uid) 108 mode \u0026gt;\u0026gt;= 6; 109 else if (in_group_p(inode-\u0026gt;i_gid)) 110 mode \u0026gt;\u0026gt;= 3; 111 if (((mode \u0026amp; mask \u0026amp; 0007) == mask) || fsuser()) 112 return 0; 113 return -EACCES; 114 } /usr/include/linux/kernel.h: 68 #define fsuser() (current-\u0026gt;fsuid == 0) /usr/include/linux/fs.h: 35 #define MAY_EXEC 1 36 #define MAY_WRITE 2 37 #define MAY_READ 4 Die Funktion permission() ist der zentrale Kontrollpunkt für Zugriffsrechte. An ihr kann man sehen, nach welchem Verfahren Linux die Zugriffsrechte prüft.\nDer Algorithmus, nach dem permission() die Zugriffsrechte prüft, ist sehr einfach: Zunächst einmal (Zeile 103-104) wird festgestellt, ob für die zu prüfende I-Node im Feld i_op-\u0026gt;permission() der I-Node Struktur eine dateisystemspezifische permission()-Routine definiert ist. Auf diese Weise können Dateisysteme, die erweiterte oder von UNIX verschiedene Zugriffsrechte implementieren, ihre eigene Routine zum Testen des Zugriffs bereitstellen. Derzeit (Kernel 1.2.13) tut dies nur das ext2-Dateisystem mit der Funktion ext2_permission(), die in /usr/src/linux/fs/ext2/acl.c definiert ist (und die in Kernel 1.2.13 nichts anderes tut als Zeilen 107-113 der normalen permission()-Funktion, also noch vollkommen sinnlos ist).\nDie Zeilen 105-106 prüfen dann, ob die Datei als immutable file (unveränderliche Datei) gekennzeichnet ist. Wenn dies der Fall ist und in mask MAY_WRITE gesetzt ist, wird der Zugriff auf die Datei verweigert und der Fehler permission denied (EACCES) zurückgegeben. Der Code verwendet in Zeile 105 seltsamerweise die Definition S_IWOTH (das Schreibrecht für other aus der Includedatei linux/stat.h) anstatt korrekterweise die Definition MAY_WRITE zu verwenden. Da aber beide Definitionen den Wert 2 haben, kommt es nicht zu einem Fehler. Da das ext2-Dateisystem eine eigene permission()-Routine bereitstellt, die den Test auf immutable files nicht enthält, kann man dort unveränderliche Dateien beschreiben. Das ist ein Fehler, denn an anderen Stellen kennt das ext2-Dateisystemen IS_IMMUTABLE() und nimmt Rücksicht darauf.\nDer entscheidende Code befindet sich dann in den Zeilen 107-113: current bezeichnet den struct task des aktuellen Prozesses, also desjenigen Prozesses, der soeben versucht hat, auf eine Datei zuzugreifen und dessen Zugriffsrechte jetzt geprüft werden müssen. Falls die fsuid dieses Prozesses mit der i_uid der Datei übereinstimmen, werden die Zugriffsrechte des linken rwx-Tripels der Datei für die Rechteprüfung verwendet (Zeilen 107 und 108). Andernfalls prüft Linux mit der Funktion in_group_p(), ob irgendeine GID des aktuellen Prozesses mit der i_gid der Datei übereinstimmt. Ist dies der Fall, werden die Zugriffsrechte des mittleren rwx-Tripels verwendet (Zeilen 109-110). Ist weder eine Übereinstimmung der User- noch der Group-IDs zu finden, werden die Defaultzugriffsrechte aus dem rechten Tripel verwendet.\nDie Funktion in_group_p() ist in /usr/src/linux/kernel/sys.c in den Zeilen 585-599 definiert. Sie testet, ob ihr Argument gleich der fsgid des aktuellen Prozesses ist oder ob das Argument gleich einer der Gruppen aus dem groups[]-Array des Prozesses ist. Der Name der Funktion erklärt sich aus der \u0026ldquo;p-convention\u0026rdquo; (siehe Jargon-File, ursprünglich eine Sitte aus dem Bereich der LISP-Programmierung): Es handelt sich um ein Prädikat, also eine Funktion, die entweder true oder false liefert, je nachdem ob die zu prüfende Aussage wahr oder falsch ist.\nDie Bedingung in Zeile 111 entscheidet jetzt, ob der Zugriff auf eine I-Node gewährt wird oder nicht. Wenn mindestens die in mask gewünschten Rechtebits in den durch mode schon in Zeile 101 vorab ermittelten Rechten enthalten sind oder der Zugriff mit Superuser-Privilegien erfolgt (fsuser() ist wahr), wird der Zugriff auf die Datei gewährt. In allen anderen Fällen wird ein Fehler permission denied (EACCES) geliefert.\nWir halten fest: Einzelne Dateisysteme können besondere Rechteroutinen haben. Im Normalfall gelten aber die Userrechte für den Eigentümer einer Datei, die Gruppenrechte für jeden, der Mitglied in der Gruppe der Datei ist und die Other-Rechte für alle anderen. Die Prüfung dieser Rechte erledigt Linux an einer zentralen, leicht wartbaren Stelle im System.\nPfade, und Rechte entlang des Pfades Alle UNIX-Kernelfunktionen, die mit Dateien hantieren, nehmen Pfadnamen als Parameter an. Intern verwendet Linux jedoch wie alle Unices ausschließlich I-Nodes, um mit Dateien zu arbeiten. Die Umwandlung eines Pfadnamens in eine I-Node übernimmt in Linux eine von mehreren leicht unterschiedlichen namei()-Funktionen, die in /usr/src/linux/fs/namei.c definiert sind.\nnamei() bekommt, vereinfacht dargestellt, einen Pfadnamen und die I-Node eines Verzeichnisses als Startpunkt übergeben. In diesem Verzeichnis wird mittels der Funktion lookup() die I-Node der ersten Komponente des Pfadnamens gesucht. Diese I-Node wird jetzt als Startpunkt genommen, um die nächste Komponente des Pfadnames durch lookup() suchen zu lassen und so weiter bis zum Ende des Pfades. Am Ende des Pfades ist das Ergebnis dieser Operation genau die I-Node des Verzeichnisses, das durch den Pfadnamen bezeichnet wird.\nDer Code von lookup() ist nicht ganz so einfach wie diese Erklärung, weil er so unschöne Dinge wie Mountpoints, \u0026ldquo;..\u0026quot;-Komponenten im Pfadnamen und ungültige Pfadnamen berücksichtigen muß, aber er ist auch nicht sonderlich kompliziert. Für unsere Zwecke sind jedoch nur wenige Zeilen von lookup() wesentlich:\n/usr/src/linux/fs/namei.c: 163 perm = permission(dir,MAY_EXEC); 181 if (perm != 0) { 182 iput(dir); 183 return perm; 184 } Um in einem Verzeichnis einen Namen nachschlagen zu können, muß der aufrufende Prozeß das x-Recht an diesem Verzeichnis haben. Hat er dieses x-Recht nicht, schlägt der Aufruf fehl - ganz gleich, welche Kernelfunktion aufgerufen wurde. Die Folgen können ziemlich fatal sein, wie Experiment 4 demonstriert.\nExperiment 4 Warnung: Dieses Experiment darf nur durchgeführt werden, wenn in einem zweiten Fenster noch eine weitere Rootshell aktiv ist. Andernfalls kann man sich so die Systeminstallation ruinieren.\nkris@white:~$ ls -ld / drwxr-xr-x 20 root root 1024 Nov 29 22:29 / kris@white:~$ su - root@white:~# chmod go-x / root@white:~# ls -ld / drwxr--r-- 20 root root 1024 Nov 29 22:29 / root@white:~# exit kris@white:~$ ls csh: /bin/ls: Permission denied kris@white:~$ su csh: /bin/su: Permission denied In einem anderen Fenster mit einer aktiven Rootshell:\nroot@white:~# chmod 755 / Das Hauptverzeichnis / hat normalerweise die Rechte 755. Jeder Benutzer hat also x-Recht am Verzeichnis / und kann damit absolute Pfadnamen auflösen. Nimmt man dem Root-Verzeichnis die x-Rechte, kann kein normaler Benutzer mehr absolute Pfadnamen auflösen und jeder Aufruf eines Systemkommandos schlägt fehl. Insbesondere ist auch kein su mehr möglich, um die Operation rückgängig zu machen. Daher muß schon vor dem Beginn des Experimentes eine zweite, aktive Rootshell bereitstehen, um die Zugriffsrechte wieder zu reparieren.\nWir halten fest: Jede richtige Antwort auf die Frage \u0026ldquo;Welche Rechte braucht man, um mit einer Datei eine bestimmte Operation (Öffnen, Löschen, Umbenennen und so weiter) durchführen zu können?\u0026rdquo; muß mit den Worten \u0026ldquo;Man braucht die x-Rechte an den Verzeichnissen entlang des Pfades und \u0026hellip;\u0026rdquo; beginnen. Ohne diese x-Rechte kann der Pfadname von Linux nicht aufgelöst werden und was immer sich an seinem Ende befindet, ist nicht zugreifbar. Weil wirklich jede Antwort mit diesem Halbsatz beginnen muß, wird er oft weggelassen - vergessen darf man ihn trotzdem nicht! Die einzelne Operation (open(2), unlink(2), rename(2) und so weiter) kann dann noch zusätzlich weitere Zugriffsrechte verlangen.\nLese- und Schreibrechte an Dateien Welche Zugriffsrechte werden nun wirklich benötigt, um eine Datei zu öffnen? Auch dies können wir im Linux-Kernel nachlesen: In /usr/src/linux/fs/open.c befindet sich der Code des Systemaufrufes open(2). Die Funktion sys_open(), die diese Kernelfunktion realisiert, ist nur sehr kurz. Sie tut kaum mehr, als do_open() in derselben Datei mit den richtigen Parametern aufzurufen. Der Code von do_open() beschäftigt sich hauptsächlich mit der Verwaltung der Dateitabelle des Kernels und ist für die Klärung unserer Frage nicht interessant.\nDie eigentliche Arbeit des Öffnens der Datei überläßt er der Funktion open_namei(), die wie bereits erklärt, den filename in eine I-Node umwandelt. Der Aufruf findet sich in Zeile 442 in open.c:\n442 error = open_namei(filename,flag,mode,\u0026amp;inode,NULL); Dabei ist filename der Name der zu öffnenden Datei, flag der Modus, in dem die Datei geöffnet werden soll (O_RDONLY, O_CREAT und so weiter) und mode ist nur interessant, wenn die Datei angelegt werden soll: Dann soll sie mit den in mode angegebenen Wunschrechten angelegt werden. In inode liefert die Funktion die I-Node der geöffneten Datei zurück.\nDer Code von open_namei() steht dann in /usr/src/linux/fs/namei.c, von dem wir uns ja weiter oben schon Teile angesehen haben. open_namei() ist eine lange Funktion, sie erstreckt sich von Zeile 333 bis Zeile 439. Die Umwandlung des filename-Parameters in die inode erfolgt in zwei Schritten. In einem ersten Schritt wird mithilfe von dir_namei() erst einmal die I-Node des Verzeichnisses lokalisiert, in dem sich die zu öffnende Datei befindet. Der zweite Schritt ist dann leicht unterschiedlich, je nachdem, ob die die öffnende Datei bereits existiert oder ob sie wegen eines gesetzten O_CREAT erst noch erzeugt werden muß.\nIn Zeile 342 von namei.c wird zunächst die I-Node des Verzeichnisses lokalisiert, in dem eine Datei geöffnet werden soll. Das ist der erste Schritt zum Öffnen der Datei.\n342 error = dir_namei(pathname,\u0026amp;namelen,\u0026amp;basename,base,\u0026amp;dir); Dabei wird von dir_namei() die Variable basename mit dem Namen der Datei im Verzeichnis belegt, namelen mit der Länge dieses Namens. dir ist ein Zeiger auf die I-Node des Verzeichnisses, indem die Datei geöffnet werden soll, das eigentliche Ergebnis dieses Aufrufes (und wird in Zeile 361 weiterverwendet). Wenige Zeilen später wird fallweise unterschieden, ob eine Datei angelegt werden soll oder nicht (Zeile 359).\nSoll eine Datei angelegt werden, muß überprüft werden, ob eine Datei dieses Namens schon existiert (Zeile 361). Wenn dies der Fall ist und außerdem O_EXCL als Parameter beim open() angegeben war, muß das open() fehlschlagen (Zeile 362-366).\nExistiert die Datei im Verzeichnis noch nicht, kann versucht werden, sie zu erzeugen. Dazu müssen w- und x-Recht am Verzeichnis vorhanden sein, daß die Datei einmal enthalten soll (Zeile 367). Außerdem muß eine create-Funktion in den I-Node-Operations für das Verzeichnis definiert sein (Zeile 369-370). Ist dies nicht der Fall, wird ebenfalls permission denied gemeldet.\nAuf Dateisystemen, die read-only angemeldet sind, dürfen selbstverständlich ebenfalls keine Dateien angelegt werden (Zeile 371-372). Erst wenn alle diese Vorbedingungen erfüllt sind, darf die Datei wirklich angelegt werden und ist damit geöffnet.\nWir halten fest: Um eine Datei in einem Verzeichnis neu anlegen zu können, wird also das x-Recht an allen Verzeichnissen entlang des Pfades dieser Datei benötigt und das w- und das x-Recht an dem Verzeichnis, in dem die Datei neu anzulegen ist.\n359 if (flag \u0026amp; O_CREAT) { 361 error = lookup(dir,basename,namelen,\u0026amp;inode); 362 if (!error) { 363 if (flag \u0026amp; O_EXCL) { 364 iput(inode); 365 error = -EEXIST; 366 } 367 } else if ((error = permission(dir, MAY_WRITE | MAY_EXEC) 368 ; /* error is already set! */ 369 else if (!dir-\u0026gt;i_op || !dir-\u0026gt;i_op-\u0026gt;create) 370 error = -EACCES; 371 else if (IS_RDONLY(dir)) 372 error = -EROFS; 373 else { 375 error = dir-\u0026gt;i_op-\u0026gt;create(dir,basename,namelen,mode,res_inode); 379 } 381 } else Soll dagegen eine bereits existierende Datei geöffnet werden, muß zunächst ihr Name im Verzeichnis gesucht werden, um eine I-Node für diese Datei zu bekommen (Zeile 382).\nEs kann sein, daß die so gefundene I-Node nicht die I-Node der wirklich zu öffnenden Datei ist, sondern daß es sich um ein Symlink handelt. Ein Aufruf von follow_link() regelt dies (Zeile 387).\nDer folgende Code stellt dann sicher, daß ein Verzeichnis niemals zum Schreiben geöffnet werden darf (Zeile 390-393). Wäre dies nicht so, könnte man in Verzeichnissen beliebige I-Node-Nummern eintragen und so die Zugriffsrechte entlang des Pfades unterlaufen.\nDer eigentliche Rechtetest erfolgt dann in den Zeilen 394-397, in denen die gewünschten Zugriffsrechte in flag mit den vorhandenen Rechten in der inode verglichen werden. Nach diesen Zeilen folgt weiterer Code, der Gerätedateien in mit nodev gemounteten Dateisystemen, read-only Dateisysteme, append-only Files und die Option O_TRUNC beim Öffnen behandelt, uns hier aber bei unserer Frage nichts neues bringt.\n382 error = lookup(dir,basename,namelen,\u0026amp;inode); 387 error = follow_link(dir,inode,flag,mode,\u0026amp;inode); 390 if (S_ISDIR(inode-\u0026gt;i_mode) \u0026amp;\u0026amp; (flag \u0026amp; 2)) { 391 iput(inode); 392 return -EISDIR; 393 } 394 if ((error = permission(inode,ACC_MODE(flag))) != 0) { 395 iput(inode); 396 return error; 397 } Wir halten fest: Beim Öffnen einer vorhandenen Datei wird das x-Recht an allen Verzeichnisses entlang des Pfade dieser Datei benötigt und das passende r- und/oder w-Recht an der Datei selbst.\nOffenbar ist das Öffnen einer Datei und die Kontrolle der Zugriffsrechte für ein Betriebssystem eine recht anstrengende und langsame Angelegenheit. Neben der zeitraubenden Umwandlung von Pfadnamen in I-Nodes müssen auch noch zahlreiche Rechteflags an allen Verzeichnissen und an der Datei selbst kontrolliert werden und zahlreiche Sonderfälle berücksichtigt werden.\nZum Glück ist dieser ganze Aufwand auf das Öffnen einer Datei beschränkt. Ist die Datei erst einmal geöffnet, findet keine weitere Rechtekontrolle mehr statt. read() und write() können sich also auf ihre eigentliche Aufgabe, das Datenschaufeln, konzentrieren und müssen sich nicht mit der Kontrolle von Zugriffsrechten herumschlagen.\nAusführungsrechte an Dateien Um das x-Recht an Dateien zu verstehen, müssen wir uns den Systemaufruf execve(2) ansehen. Dieser Systemaufruf ist die einzige Methode, um in UNIX ein neues Programm zu laden. In Linux, das auf mehr als einer Prozessorplattform ablaufen kann, ist ein Teil des Aufrufes systemspezifisch. Für Intel-Prozessoren befindet sich in /usr/src/linux/arch/i386/kernel/process.c der Code von sys_execve(), der die Parameter des Systemaufrufes beschafft und dann den plattformunabhängigen Code in /usr/src/linux/fs/exec.c aufruft. Der Funktion do_execve() werden außer dem Namen der zu startenden Binärdatei auch noch ein Feld von Parameterstrings und ein Feld von Environmentvariablen sowie ein Satz initiale Prozessorregister mitgegeben.\ndo_execve() beschafft sich durch einen Aufruf von open_namei() zunächst einmal die I-Node der auszuführenden Datei. Weiter oben ist schon gezeigt worden, daß dies nur gelingen kann, wenn auf allen Verzeichnissen entlang des Pfades zu dieser Datei x-Rechte vorhanden sind.\nDer folgende Code stellt sicher, daß die ausführbare Datei ein regular file ist. Wenn das Dateisystem mit der Option noexec gemountet ist, schlägt der Aufruf von execve() in jedem Fall fehl, ebenso wenn der Superblock zugehörigen Dateisystems nicht erreichbar ist.\nNach diesen elementaren Überprüfungen folgt der Code, der set user id/set group id handhabt und das x-Recht testet.\nAusführungsrecht und SUID/SGID beim execve() Systemaufruf /usr/src/linux/fs/exec.c: 586 i = bprm.inode-\u0026gt;i_mode; 587 if (IS_NOSUID(bprm.inode) \u0026amp;\u0026amp; (((i \u0026amp; S_ISUID) \u0026amp;\u0026amp; bprm.inode-\u0026gt;i_uid != current-\u0026gt; 588 euid) || ((i \u0026amp; S_ISGID) \u0026amp;\u0026amp; !in_group_p(bprm.inode-\u0026gt;i_gid))) \u0026amp;\u0026amp; !suser()) { 589 retval = -EPERM; 590 goto exec_error2; 591 } 592 /* make sure we don\u0026#39;t let suid, sgid files be ptraced. */ 593 if (current-\u0026gt;flags \u0026amp; PF_PTRACED) { 594 bprm.e_uid = current-\u0026gt;euid; 595 bprm.e_gid = current-\u0026gt;egid; 596 } else { 597 bprm.e_uid = (i \u0026amp; S_ISUID) ? bprm.inode-\u0026gt;i_uid : current-\u0026gt;euid; 598 bprm.e_gid = (i \u0026amp; S_ISGID) ? bprm.inode-\u0026gt;i_gid : current-\u0026gt;egid; 599 } 600 if ((retval = permission(bprm.inode, MAY_EXEC)) != 0) 601 goto exec_error2; 602 if (!(bprm.inode-\u0026gt;i_mode \u0026amp; 0111) \u0026amp;\u0026amp; fsuser()) { 603 retval = -EACCES; 604 goto exec_error2; 605 } Im Rahmen der Funktion do_execve() werden das SUID- und SGID-Bit der auszuführenden Datei geprüft und Linux bestimmt, unter welcher euid und egid das Programm zur Ausführung kommt. Danach wird getestet, ob ausreichende Rechte vorhanden sind, um das Programm starten zu dürfen.\nZunächst bestimmt der Kernel die Rechtebits der auszuführenden Datei (Zeile 586). Falls das Dateisystem, auf dem sich diese Datei befindet, mit der Option nosuid angemeldet ist und die Ausführung der Datei einen Wechsel der effektiven User-ID oder Group-ID bewirken würde, darf nur der Superuser die Datei ausführen (Zeilen 587-591). Danach wird bestimmt, unter welcher UID und GID das neue Programm zur Ausführung kommen wird.\nFalls das Programm zur Zeit mittels ptrace() in einem Debugger bearbeitet wird, werden sich seine Rechte nicht ändern (Zeilen 592-595). Auf diese Weise wird verhindert, daß man durch tracen eines SUID-Programmes und nachträgliches Verändern seines Codes zusätzliche Rechte gewinnen könnte.\nBei normalen Programmen (Zeilen 596-599) wird die effektive UID aus der I-Node der auszuführenden Datei übernommen, wenn das SUID-Bit an der Datei gesetzt ist, andernfalls wird die UID des Vorläufers ererbt. Analog wird mit der GID verfahren.\nDer Kernel wird das Programm jedoch nur ausführen, wenn die permission()-Funktion feststellt, das MAY_EXEC-Recht vorhanden ist (Zeilen 600-601). Auch ein Superuser kann eine Datei nicht als Programm starten, wenn nicht wenigstens irgendein x-Recht an der Datei vorhanden ist (Zeilen 602-603).\nDer folgende, sehr umfangreiche Code beschäftigt sich dann mit dem Handling von Shellscripten, die durch einen #!-Kommentar eingeleitet werden. Erst ab Zeile 701 kann der Kernel versuchen, tatsächlich ein Programm mit den gegebenen Eigenschaften auszuführen.\nWir halten fest: Um ein Programm starten zu dürfen, muß außer den x-Rechten an den Verzeichnissen entlang des Pfades auch das x-Recht an der Datei vorhanden sein. Ein Superuser kann eine Datei immerhin dann als Programm starten, wenn wenigsten irgendein x-Recht an der Datei vorhanden ist. Wenn das SUID-Bit an der zu startenden Datei gesetzt ist, wird die Datei unter der euid des Dateieigentümers ausgeführt, sonst unter der euid des aufrufenden Prozesses - Prozesse mit einer bestehenden Verbindung zu einem Debugger werden jedoch aus Sicherheitsgründen immer nur unter der euid des aufrufenden Prozesses ausgeführt. Analog wird auch mit dem SGID-Bit verfahren.\nExperiment 5 root@white:/tmp# cat \u0026gt;\u0026gt; x #! /bin/sh -- id root@white:/tmp# chmod 6555 x root@white:/tmp# ls -l x -r-sr-sr-x 1 root root 18 Dec 10 21:14 x root@white:/tmp# exit kris@white:~$ /tmp/x uid=100(kris) gid=20(users) groups=20(users),11(floppy) Shellscripte mit gesetztem SUID- und SGID-Bit werden trotzdem mit normalen euid- und egid-Werten aufgerufen.\nExperiment 5 zeigt, wie der Kernel mit Shellscripten umgeht, die mit SUID- oder SGID-Rechten versehen sind. Das liegt daran, daß bei der Interpretation von #!-Zeichen der Name des auszuführenden Programmes verändert wird und danach der execve()-Aufruf komplett neu gestartet wird. Aus dem Aufruf von /tmp/x wird so durch die Interpretation der #!-Zeile der Aufruf /bin/sh -- /tmp/x, der vom Kernel komplett neu bewertet wird.\nAn /bin/sh ist aber weder das SUID- noch das SGID-Bit gesetzt, also wird die Shell mit normalen Rechten gestartet. Daß es sich bei einem Parameter des Aufrufes um den Namen einer Datei handelt, an der SUID und SGID gesetzt sind, darf den Kernel nicht interessieren und die Shell wertet es nicht aus - sie könnte es auch nicht, wenn sie wollte. Dieser Effekt ist durchaus beabsichtigt: Ein nichttriviales Shellscript zu schreiben, daß sicher und ohne Lücken für eventuelle Hacker unter einer fremden User-ID laufen kann, ist so gut wie unmöglich.\nRückblick Wie wir gesehen haben, findet die Kontrolle der Zugriffsrechte an Dateien in Linux so gut es geht zentral statt. Wenige Funkionen wie permission() und die Funktionen der namei()-Familie spielen dabei eine sehr wichtige Rolle. Trotzdem muß jeder Systemaufruf noch für sich selbst die Rechte des aufrufenden Prozesses an der Datei testen, die durch den Systemaufruf manipuliert werden soll. Dabei müssen viele Sonderfälle wie immutable files, append only directories und andere exotische Dinge beachtet werden. Wollte man eine vollständige und genaue Aufstellung von Zugriffsrechten in Linux machen, müßte man eine Liste von Systemaufrufen machen und für jeden Systemaufruf eine vollständige Liste von Vorbedingungen aufschreiben. Ein Eintrag würde sich dann in etwa so lesen:\nunlink: unlink() löscht eine Datei mit einem gegebenen Pfadnamen, wenn alle Verzeichnisse entlang des Pfades x-Recht haben, der Name der Datei im letzten Verzeichnis nicht leer (\u0026rdquo;\u0026quot;) ist, das Dateisystem nicht read only ist, am enthaltenden Verzeichnis w- und x-Recht bestehen, das enthaltende Verzeichnis nicht append only ist und für die I-Node der Datei eine unlink()-Operation definiert ist. Diese unlink()-Operation kann jedoch noch weitere Bedingungen an die Entfernung einer Datei stellen (das ext2-Dateisystem macht dies zum Beispiel, wenn das t-Bit am enthaltenden Verzeichnis gesetzt ist). Letztendlich wird eine solche Tabelle jedoch sehr unübersichtlich und lang. Man sieht, daß Zugriffsrechte in UNIX im allgemeinen und Linux im besonderen nur auf den ersten Blick einfach und harmlos aussehen. Wenn man über das einfache rwx hinausgeht, wird die ganze Angelegenheit ziemlich kompliziert und unübersichtlich, da viele Sonderfälle betrachtet werden müssen. Zum Glück kommen solche Sonderfälle in einer normalen Installation nur sehr selten vor, denn sonst würde das eingangs erwähnte Kapitel 2 eines UNIX-Handbuches sehr lang werden \u0026hellip;\n","date":"1996-03-01T00:00:00Z","href":"https://blog.koehntopp.info/1996/03/01/rwx-sonst-nix.html","tags":["lang_de","publication","unix"],"title":"rwx - sonst nix?"},{"categories":null,"content":"erschienen in der iX 1/96\nText des Artikels Samba im Internet Eine Standardkonfiguration Samba 1.9 Samba ist ein Softwarepaket für Unix, das Microsoft Lan Manager Server-Funktionen erbringt. Ursprünglich von Andrew Tridgell, einem Studenten an der Australian National University, Canberra erstellt, ist es inzwischen unter der GNU General Public License verfügbar. Andrew Tridgell, ein Student an der Australian National University Canberra, stand Ende 1991 vor dem Problem, einen Fileserver für SUN Workstations haben zu müssen, der zu DEC Pathworks für kompatibel ist. Ohne Informationen über die Art des verwendeten Protokolls zu haben, gelang es ihm schon nach wenigen Tagen, das verwendete Protokoll in Teilen zu reverse engineeren. Erst nachdem eine allererste Version seines Servers schon fertiggestellt war, wies man ihn auf das in RFC 1001 und 1002 definierte \u0026ldquo;NetBIOS on a TCP/UDP transport\u0026rdquo; Protokoll hin. Im Januar wurde die erste Version seines \u0026ldquo;Server 0.1\u0026rdquo; Paketes auf dem Netz veröffentlicht. Es sollte jedoch noch bis Ende 1993 dauern, bis Tridgell durch den Einsatz von Linux und die Notwendigkeit, mit PCs unter DOS, Windows und OS/2 zu kommunizieren, die Weiterentwicklung von Samba wieder aufnahm.\nHeute ist Samba ein relativ ausgereiftes, standardkonformes und vor allen Dingen hochportables Softwarepaket, das auf den meisten UNIX-Versionen problemlos installierbar ist und die Möglichkeit bietet, Verzeichnisse und Drucker an PC-Betriebssysteme zu exportieren. Samba konkurriert hier mit dem von SUN definierten Network File System (NFS).\nFür den Systemadministrator in einem heterogenen Netzwerk von UNIX-Servern und Client-PCs ist Samba dabei wahrscheinlich attraktiver als NFS, denn in den meisten Fällen stehen wenigen UNIX-Servern viele Client-PCs gegenüber. Beim Einsatz von NFS könnte zwar das mit den meisten UNIX-Versionen mitgelieferte Serverpaket verwendet werden, aber für die Clients müßten nicht nur viele Client-Lizenzen von PC-NFS oder etwas vergleichbarem angeschafft werden, sondern diese Software müßte auch netzwerkweit installiert und gewartet werden. Windows für Workgroups, Windows 95, Windows NT und OS/2 sprechen aber schon von Haus aus das Lan Manager Protokoll und so ist es effizienter, den wenigen Servern dieses Protokoll beizubringen und auf den Clients mitgelieferte Software zu verwenden. Diesen Weg geht Samba.\nDa der Samba-Server ein reiner Usermode-Server ist, also ein ganz normales Anwendungsprogramm, ist es möglich, auch Verzeichnisse per Samba zu reexportieren, die der Server per NFS gemountet hat. Auf diese Weise entsteht eine Protokollbrücke von NFS nach SMB. Dabei ist natürlich der Performanceverlust durch doppelten Netzzugriff in Kauf zu nehmen. Auf der anderen Seite ist Samba unter der GNU GPL frei zur Verfügung stehende Software und so steht der Installation des Samba-Servers auf allen Servermaschinen nichts im Weg.\nEs soll jedoch nicht verschwiegen werden, daß Samba aus der Sicht eines UNIX-Systemverwalters schwerwiegende Nachteile hat. Als Protokoll, das in der PC-Welt entstanden ist, kennt Samba kein Konzept eines Dateieigentümers. Die Zugriffe auf Ressourcen erfolgen oft mit unklaren Userrechten oder scheinbar willkürlich gewählten Paßworten. Betriebssysteme wie Windows für Workgroups und Windows'95, die dem Benutzer zwar einen Namen geben, dann aber Netzwerkzugriffe ohne oder unter anderen Namen erzeugen, machen die Sache nicht leichter. Dazu kommt, daß die Familie der Windows-Betriebssysteme die Groß-/Kleinschreibung von Paßworten in einigen Kombinationen von Betriebssystem/Paßwort verändern. Samba hat eine ganze Reihe Mechanismen, um diesem Problem abzuhelfen, aber der Verwaltungsaufwand ist anfangs trotzdem höher als bei einer typischen NFS-Installation.\nNovell hat versucht, das Super Network Operating System durch Verschmelzung der zugekauften UNIX-Quellen mit ihrem eigenen Serverbetriebssystem zu bauen und ist gescheitert. Klammheimlich hat das frei verfügbare Linux gelernt, die meisten Netzwerkprotokolle zu sprechen und ist auf dem besten Wege, eben dieses SuperNOS zu werden.\nInstallation Die Installation gestaltet sich relativ einfach. Nach dem Auspacken ist das Makefile im source/-Verzeichnis nach den eigenen Wünschen anzupassen. Dabei ist es hilfreich, nicht nur die gewünschten Pfadnamen einzutragen, sondern auch schon den Namen der gewünschten Arbeitsgruppe in der Variablen WORKGROUP einzutragen und einen speziellen Gastaccount, der nur für SMB genutzt wird, in GUESTACCOUNT einzucompilieren. Diese Defaults sind zwar auch zur Laufzeit änderbar, aber anpassen im Quelltext erspart das Schreiben von Konfigurationsdateien. Weiterhin sind noch die gewünschten make-Optionen für den verwendeten Betriebssystemtyp zu aktivieren. Danach steht einem make nichts mehr im Wege.\nErzeugt werden die Programme\nnmbd: NetBios Name Server. Der Name Server ist in der Lage, Hostnamen auf IP-Nummern abzubilden. Gleichzeitig steuert das Programm aber auch das Browsing, d.h. die Anzeige von exportierten Diensten und übernimmt damit Aufgaben, die bei NFS der mountd wahrnehmen würde. nmblookup: NetBios Name Lookup. Das Programm nimmt in etwa dieselbe Funktion wahr wie nslookup für das DNS, fragt jedoch einen nmbd ab. smbclient: Samba Client. Dient dazu, auf Linux-Seite einen SMB Server zu connecten und Dateien zu übertragen. Die Steuerung erfolgt ähnlich wie bei FTP. Linux bietet auch ein echtes, kernelbasiertes smbfs an, mit dem man einen Server richtig mounten kann. Andere Betriebssysteme sind auf den smbclient angewiesen. smbd: Der eigentliche Fileserver. smbpasswd: Ein Hilfsprogramm des smbd, mit dem Benutzer vom Client aus ihr Paßwort ändern können sollen. Es hat nur dann Funktion, wenn Samba mit der libdes und verschlüsselten Paßworten (siehe Samba im Internet) übersetzt wurde. smbrun: Ein Hilfsprogramm des smbd, mit dem Samba zu Beginn und Ende einer Serverconnection Logbucheinträge erzeugt. smbstatus: Ein sehr einfaches Programm zur Anzeige des Status aller zum Server bestehenden Verbindungen. smbtar: Ein Shellscript, das smbclient verwendet und das ein von einem PC exportiertes Verzeichnis mit tar auf dem Bandlaufwerk des UNIX-Servers sichert. testparm: Syntaxchecker für die Konfigurationsdatei. testprns: Syntaxchecker für die Druckerkonfiguration. Samba besteht aus einer Reihe von Programmen, die zum Betrieb des Servers (Server-Tools) oder zu seinem Test (Client-Tools) dienen.\nEin make install installiert diese Programme und die Manualpages dann im gewünschten Verzeichnis. Damit der Server in Betrieb genommen werden kann, müssen nmbd und smbd entweder als permanent laufende Dämonen gestartet werden oder über passende Einträge in der /etc/inetd.conf bei Bedarf hochgezogen werden.\nFür letzteres sind die Einträge\nnetbios-ns 137/tcp # NETBIOS Name Service netbios-ns 137/udp netbios-dgm 138/tcp # NETBIOS Datagram Service netbios-dgm 138/udp netbios-ssn 139/tcp # NETBIOS session service netbios-ssn 139/udp in der Datei /etc/services notwendig. Dazu passen dann die Zeilen\n# # SMB Samba File Server # netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd -H /usr/local/samba/lib/lmhosts in der /etc/inetd.conf. Der inetd muß nach einer Änderung in seiner Konfigurationsdatei durch ein SIGHUP geweckt werden, damit er die Datei neu einliest.\nTests mit einer einfachen Konfiguration Durch die Verwendung einer lmhosts-Datei kann der Samba-Server als Nameserver für ein Lan Manager Netzwerk dienen. Die lmhosts-Datei entspricht dabei in ihren ersten beiden Spalten einer normalen Hosts-Datei: In der ersten Spalte wird eine IP-Nummer genannt, der in der zweiten Spalte ein Name zugeordnet wird. Mit einer optionalen, dritten Spalte können für einzelne Namen bestimmte Flags gesetzt werden: Der Buchstabe G kennzeichnet einen Namen als den Namen der eigenen Arbeitsgruppe. Die zugehörige Adresse ist die Broadcast-Adresse der betreffenden Arbeitsgruppe. Das Flag S kennzeichnet die Namen und Broadcastadressen weiterer Arbeitsgruppen, in denen die Dienste unseres Servers ebenfalls angepriesen (registriert) werden sollen. Und das Flag M schließlich kennzeichnet diesen Eintrag als den defaultmäßigen Netbios-Namen dieser Maschine.\nDer nächste Schritt ist die Erzeugung der zentralen Konfigurationsdatei. Wenn Samba im Defaultverzeichnis /usr/local/samba installiert worden ist, muß diese Datei in /usr/local/samba/lib/smb.conf angelegt werden. Ihr Aufbau gleicht syntaktisch dem einer WIN.INI-Datei von MS-Windows: Sie besteht aus Abschnitten, die jeweils durch einen Namen in eckigen Klammern eingeleitet wird. Jeder Abschnitt enthält dann eine Reihe von Zuweisungen der Form Parameter = Wert. Parameter dürfen genau wie Abschnittnamen Leerzeichen enthalten, die Samba ignoriert. Ebenso spielt Gross- und Kleinschreibung keine Rolle.\nJeder Abschnitt der smb.conf definiert einen Service, der von Samba exportiert wird. Ein Service kann dabei ein Drucker oder - häufiger - ein Verzeichnis sein. Samba kennt drei Abschnitte, die besondere Bedeutung haben:\n[global]: In diesem Abschnitt werden besondere, globale Einstellungen für den Server getroffen. [printers]: In diesem Abschnitt kann man alle Drucker der /etc/printcap exportieren. [homes]: In diesem Abschnitt kann man alle Homeverzeichnisse des Servers exportieren. Samba bietet nun buchstäblich Dutzende von Parametern, mit denen man den Server seinen Bedürfnissen anpassen kann. Zum Glück sind die Defaults jedoch so eingestellt, daß man nur wenige dieser Parameter wirklich anpassen muß.\nZum Testen sollte man eine minimale smb.conf anlegen.Sie könnte zum Beispiel so aussehen:\n[global] guest account = smbguest [tmp] comment = temporary files path = /tmp read only = yes Der Account smbguest ist dabei ein User mit minimalen Rechten. Der Abschnitt [tmp] exportiert das lokale /tmp-Verzeichnis read-only an die Welt.\nDie Korrektheit dieser Konfigurationsdatei kann mit dem Kommando\n$ SAM=/usr/local/samba $ $SAM/bin/testparm $SAM/lib/smb.conf | more schnell überprüft werden. testparm liest die Datei ein und zeigt an, ob die Datei syntaktisch korrekt ist. Danach werden die Werte aller internen Konfigurationsvariablen ausgegeben. Auf diese Weise kann man schnell sehen, mit welchen internen Parameterwerten Samba wirklich operiert.\nMit dem smbclient kann man nun ausprobieren, ob das gewünschte Verzeichnis wirklich exportiert wird:\n$SAM/bin/smbclient -L localhost -U% Server time is Thu Nov 23 11:17:01 1995 Timezone is UTC+1.0 Domain=[DAHEIM] OS=[Unix] Server=[Samba 1.9.15p3] Server=[localhost] User=[smbguest] Workgroup=[DAHEIM] Domain=[DAHEIM] Sharename Type Comment --------- ---- ------- tmp Disk temporary files IPC$ IPC IPC Service (Samba 1.9.15p3) This machine has a browse list: Server Comment --------- ------- WHITE Samba 1.9.15p3 MAHAKI Die Meldung \u0026ldquo;bad password\u0026rdquo; an dieser Stelle würde anzeigen, daß der Gastaccount von Samba nicht richtig gesetzt ist oder nicht verwendet werden kann. Auch \u0026ldquo;hosts allow\u0026rdquo; und \u0026ldquo;hosts deny\u0026rdquo;-Einträge, die unseren eigenen Rechner ausschließen, oder \u0026ldquo;valid users\u0026rdquo; und \u0026ldquo;invalid users\u0026rdquo;, die zu strikt gesetzt sind, können zu der Fehlermeldung führen.\nDie Meldung \u0026ldquo;connection refused\u0026rdquo; deutet dagegen darauf hin, daß auf den Samba-Sockets kein Dämon zuhört. Ein häufiger Fehler ist es, den inetd nach Änderungen an der Konfigurationsdatei nicht mit SIGHUP zu wecken. netstat -a zeigt an, ob jemand auf dem Port netbios-ssn zuhört.\nÄhnlich kann man die Funktionsfähigkeit des nmbd überprüfen: Das Kommando\n$ $SAM/bin/nmblookup -B localhost __SAMBA__ Sending queries to 127.0.0.1 193.102.57.4 __SAMBA__ sollte die IP-Adresse des eigenen Servers zurückliefern. Ebenso sollte ein\n$ $SAM/bin/nmblookup -B mahaki \u0026#39;*\u0026#39; Sending queries to 193.102.57.2 193.102.57.2 * die Adresse des Clients zurückliefern. Und schließlich sollten sich bei einem\n$ $SAM/bin/nmblookup -d 2 \u0026#39;*\u0026#39; Netmask for eth0 = 255.255.255.0 Derived broadcast address 193.102.57.255 Using broadcast 193.102.57.255 Sending queries to 193.102.57.255 Got a positive name query response from 193.102.57.2 (193.102.57.2) Got a positive name query response from 193.102.57.4 (193.102.57.4) 193.102.57.4 * alle Teilnehmer des lokalen Netzes melden, falls sie schnell genug sind. Falls Server und Client nicht auf demselben Subnetz sind, ist es notwendig, die korrekte Broadcast-Adresse des entfernten Subnetzes mit der Option -B anzugeben.\nWenn man so sichergestellt hat, daß sich alle Rechner untereinander kennen und einander erreichen können, kann man versuchen, erst einmal lokal auf die exportierten Ressourcen zuzugreifen:\n$ $SAM/bin/smbclient \u0026#34;\\\\\\\\localhost\\\\tmp\u0026#34; Server time is Thu Nov 23 11:28:06 1995 Timezone is UTC+1.0 Password: Domain=[DAHEIM] OS=[Unix] Server=[Samba 1.9.15p3] smb: \\\u0026gt; dir isdnctrl0 226942 Thu Nov 23 10:14:14 1995 crond_running 0 Thu Nov 23 11:28:01 1995 Der Name der verwendeten Ressource wird DOS-Konform mit \\\\rechner\\ressource bezeichnet. Die verwendete Shell macht es jedoch notwendig, Backslashes als \\\\ zu escapen. Die Schreibweise des Kommandos erscheint so etwas merkwürdig. Samba versucht sich unter dem normalen Usernamen anzumelden. Das verlangte Paßwort ist also das normale Paßwort des Accounts. Möchte man unter einem anderen Benutzernamen testen, ist die Option -U username hinter dem Namen der Ressource anzugeben.\nsmbclient arbeitet ähnlich wie ftp und versteht Kommandos wie \u0026ldquo;help\u0026rdquo;, \u0026ldquo;get\u0026rdquo;, \u0026ldquo;put\u0026rdquo; und \u0026ldquo;quit\u0026rdquo;. Wegen der Option read only = yes in der smb.conf schlägt ein \u0026ldquo;put\u0026rdquo; wie erwartet fehl:\nsmb: \\\u0026gt; put username.map ERRDOS - ERRnoaccess (Access denied.) opening remote file \\username.map Wenn dies alles funktioniert, kann man versuchen, vom PC aus auf das Verzeichnis zuzugreifen. Aus einem DOS-Fenster sollte man die exportierten Ressourcen mit\nE:\\users\\default\u0026gt;net view \u0026#34;\\\\white\u0026#34; Freigegebene Ressourcen auf \\\\white Samba 1.9.15p3 Name Typ Lokal Beschreibung ------------------------------------------------------------------------------- tmp Platte temporary files Der Befehl wurde erfolgreich ausgeführt. ansehen. Mit\nE:\\users\\default\u0026gt;net use \u0026#34;\\\\white\\tmp\u0026#34; /user:kris Das Kennwort für \\\\white\\tmp ist ungültig. Geben Sie das Kennwort für \\\\white\\tmp ein: Der Befehl wurde erfolgreich ausgeführt. kann man sich dann beim Server anmelden. Programme, die erweiterte Pfadnamen mit \\\\rechnername verstehen, können jetzt schon auf das Laufwerk zugreifen. Der Samba-Server sollte nun auch im Dateimanager unter \u0026ldquo;Datenträger\u0026rdquo;, \u0026ldquo;Netzwerklaufwerk verbinden\u0026rdquo; sichtbar sein.\nDie Bemerkung \u0026ldquo;Das Kennwort für \u0026hellip; ist ungültig\u0026rdquo; des Windows NT-Servers aus dem Beispiel tritt übrigens auf, weil der Samba Server ohne verschlüsselte Paßworte übersetzt wurde. Wir der Server mit der libdes und der Option encrypted passswords = yes in der smb.conf installiert, erfolgt das Login ohne Rückfrage.\nGeschwindigkeit Samba verwendet ein verbindungsorientiertes und asynchrones Protokoll und unterliegt so nicht den Einschränkungen, die die Geschwindigkeit von NFS begrenzen. Auf der anderen Seite ist der Samba-Server so natürlich nicht so datensicher wie ein NFS-Server. In der Praxis sollte das wenig ausmachen, da die Clients PCs sind und so vermutlich häufiger abstürzen\u0026hellip;\nGeschwindigkeitsprobleme kann es beim Einloggen geben, wenn der Client ein Windows für Workgroups ist und Samba das Loginpaßwort raten muß (siehe Kasten \u0026ldquo;Eine Standardkonfiguration\u0026rdquo;). Falls das richtige Paßwort mehrere Großbuchstaben enthält und die crypt()-Routine des Servers hinreichend langsam ist, können so einige Sekunden vergehen.\nDer Text SPEED.txt aus der Samba-Dokumentation enthält außerdem einige weitere Tips, mit der man die Geschwindigkeit des Servers unter Umständen weiter verbessern kann: Niedrige Debug-Level, große Puffer und überlappende Zugriffe auf Platte und Netzwerk können die Serverperformance weiter steigern.\nAlles in allem erreicht Samba so eine Performance, die einem Windows NT Server oder einem Pathworks Server vergleichbar ist.\nSamba im Internet Die zur Zeit der Entstehung dieses Artikels aktuelle Version von Samba ist 1.9.15, Patch 3.\nDas Homeverzeichnis von Samba ist ftp://nimbus.anu.edu.au/pub/tridge/samba . Da jedoch die Internet-Anbindung von Australien aus der Sicht von Deutschland nicht überragend ist, ist es vorteilhaft, sich Samba von einem der offiziellen Mirrors zu kopieren. Die Dokumentation nennt dazu unter anderem ftp://sunsite.unc.edu/pub/Linux/system/Network/Samba und ftp://ftp.uni-trier.de/pub/unix/network/samba .\nDas Paket liegt außerdem auf vielen deutschen Sunsite-Mirrors und ist praktisch auf jeder besseren Linux CD-ROM auch im Quelltext archviert. Diese Versionen hinken jedoch, wie üblich, um einige Minor-Releases hinterher.\nNicht alle Mirrors archivieren ftp://nimbus.anu.edu.au/pub/tridge/libdes/libdes.tar.92-10-13.gz , weil dies administrative Probleme beim FTP-Verkehr von und nach USA machen würde. Diese Bibliothek ist notwendig, wenn man mit verschlüsselten Paßworten auf dem Netz arbeiten möchte. Clients und Server unter Windows NT verhalten sich ohne verschlüsselte Paßworte jedoch eigenartig.\nSamba hat eine eigene Newsgroup im USENET, comp.protocols.smb, die glücklicherweise nicht sehr überlaufen ist. Außerdem findet man in den einschlägigen Linux-Newsgroups ebenfalls massenweise Fragen und Antworten rund um Samba.\nWer an aktuellen Informationen über Samba interessiert ist, kann sich auf der Mailingliste samba-announce eintragen lassen. Dazu ist es notwendig, eine Mail an listproc@listproc.anu.edu.au zu senden, die im Text (nicht im Subject!) das Kommando subscribe samba-announce Vorname Nachname enthält.\nEs existiert eine weitere Mailingliste, samba, die der Weiterentwicklung von Samba dient. Um sich dort einzuschreiben, ist subscribe samba Vorname Nachname an die oben angegebene Adresse zu senden.\nDie Samba Home-Page ist http://lake.canberra.edu.au/pub/samba/ Eine Standardkonfiguration Die folgende Konfigurationsdatei dürfte die meisten einfachen Anwendungsfälle abdecken:\n[global] ; Gastaccount zuweisen guest account = smbguest ; Nicht alle User auf dem UNIX-Rechner heißen auf dem Windows NT gleich ; Format: ; unixuser = dosalias dosalias2 dosalias3... ; root = administrator admin username map = /usr/local/samba/lib/username.map ; Windows NT erfordert libdes und encrypted passwords, siehe Dokumentation encrypt passwords = yes ; Samba soll Domain Master und Browse Master sein. os level = 33 domain master = yes ; nur Verbindungen von vertrauenswürdigen Hosts zulassen allow hosts = black, white, mahaki ; DOS \u0026#34;share\u0026#34; locking simulieren locking = yes share modes = yes ; Windows NT Protokoll verwenden ; Optionen sind CORE, COREPLUS, LANMAN1, LANMAN2 und NT1 protocol = NT1 ; Dies ist die Workgroup, der wir angehören workgroup = DAHEIM [tmp] comment = Zwischenablage path = /tmp read only = no [faq] comment = Haeufig gestellte Fragen (aus USENET) path = /scratch/faq read only = yes [homes] comment = Homeverzeichnisse browseable = no read only = no create mode = 0750 [printers] comment = Alle Drucker aus /etc/printcap printing = bsd browseable = no load printers = yes read only = yes printable = yes path = /tmp public = yes create mode = 0700 Diese smb.conf`` versucht einen minimalen Sicherheitslevel herzustellen, indem nur Verbindungen von Hosts von vertrauenswürdigen zugelassen werden. Sie exportiert zwei gewöhnliche Verzeichnisse: /tmpread-write und/scratch/faq` read-only.\nAußerdem werden die Drucker der /etc/printcap durch den besonderen Abschnitt [printers] und die Home-Verzeichnisse aller Benutzer durch [homes] exportiert. Beide Abschnitte sind nicht als Browseable gekennzeichnet. Dadurch erscheint nur das Home-Verzeichnis des auf dem Windows-Rechner angemeldeten Benutzers in der Browse-List des Dateimanagers. Ebenso wird nicht [printers] selbst im Druckmanager angezeigt, sondern die Drucker der /etc/printcap werden durch das load printers einzeln angezeigt.\nDadurch, daß das NT1-Protkoll verwendet wird, ist es möglich, auch lange Dateinamen mit Groß-/Kleinschreibung zu verwenden. Auch das LANMAN2-Protokoll kann dies. Windows für Workgroups wandelt alle Paßworte in reine Großschrift um, wenn ein höheres Protokoll als COREPLUS verwendet wird. In diesem Fall versucht Samba, das Paßwort zu raten, indem das übermittelte Paßwort in Groß- und Kleinschrift ausprobiert wird. Mit der Option password level = zahl kann man Samba dazu bewegen, auch Kombinationen von Groß- und Kleinbuchstaben zu testen. Die Zahl bestimmt dabei die maximale Anzahl von Großbuchstaben im Paßwort.\n","date":"1996-01-11T00:00:00Z","href":"https://blog.koehntopp.info/1996/01/11/samba.html","tags":["lang_de","publication","unix"],"title":"Samba"},{"categories":null,"content":"aus \u0026ldquo;Die Netzrevolution - auf dem Weg in die Weltgesellschaft\u0026rdquo;, Rost (Hrsg.), 1996, Frankfurt/ Main: Eichborn-Verlag, 230 Seiten\nDas Internet - unendliche Weiten. Seit einigen Jahren kreuzen Millionen Bürger durch das Netz, um neue Dienste zu entdecken, neue Möglichkeiten und neue Informationen, die andere Menschen für sie geschaffen haben. Cyberspace - der gemeinsame Informationsraum der Menschheit - ist in gewisser Weise genau das Gegenteil des Weltraums.\nIm Weltraum, einer Umgebung, die dem irdischen Leben so fremd ist, wie nur irgend möglich, können wir Dinge finden, sie niemals zuvor ein Mensch (und wahrscheinlich auch sonst niemand) gesehen hat. Wir können an Orte kommen, die niemals zuvor betreten worden sind, um dann dort das Unerwartete und das Fremdartige zu entdecken. Der Weltraum ist die \u0026ldquo;final frontier\u0026rdquo;, die letzte Grenze, die nicht überschritten werden kann, sondern die wir nur vor uns her schieben können. Der Weltraum, das ist das physikalische Universum, die fremdartige Außenwelt, in der wir leben.\nCyberspace ist ebenfalls ein ganzes Universum, aber eines, das nach ganz anderen Regeln funktioniert. Im Gegensatz zum Weltraum, wo wir das Fremde und Nicht-Menschliche zu finden erwarten, können wir im Netz nur Artefakte menschlichen Denkens und Schaffens finden. Das heißt nicht, daß uns diese Artefakte nicht genauso fremdartig erscheinen können, wie die einer Alien-Kultur\u0026hellip;\nWir können im Netz nur das finden, was andere vor uns hineingestellt haben und wir können im Cyberspace nur dahin gehen, wo andere schon vor uns gewesen sind und den \u0026ldquo;Raum\u0026rdquo;, den wir betreten wollen, für uns geschaffen haben. Oder wir können selber neue Räume schaffen, ganze Welten, wenn wir wollen, in denen sich dann andere Bewohner des Netzraumes tummeln können. Denn so ist das Netz entstanden: Am Anfang war im Netz nur die große, unbewohnte Leere. Dann kam der Mensch und sprach - keinen einzelnen Satz, sondern viele hunderttausend Zeilen Quelltext und Dokumente in den unterschiedlichsten Sprachen und Programmiersprachen. Das Resultat ist das Netz, wie der Weltraum eine \u0026ldquo;final frontier\u0026rdquo;.\nIm Unterschied zum Weltraum, der trotz Vakuums eine materielle Welt ist, ist das Netz eine rein virtuelle Welt - eine Welt der Bilder, der Ideen und der Abstraktionen. Trotzdem hat der Informationsraum natürlich einen Bezug zur wirklichen Welt. Er ist nicht nur eine Bilderwelt, sondern auch ein Bild der Welt, geschaffen nach unserem Bilde. Wenn uns Bilder im Cyberspace nicht gefallen, dann ist dies deswegen so, weil uns die Welt nicht gefällt, die abgebildet wird.\nDie Genesis des Cyberspace Das Internet, ein weltweites Netzwerk aus Rechnern und Übertragungswegen der unterschiedlichsten Hersteller, bekommt seit ungefähr drei Jahren erhöhte Aufmerksamkeit in den Medien. Aber eigentlich ist es viel älter: Das ARPANET, ein Vorläufer des heutigen Internet, entstand schon 1969. Damals begann man damit, die Rechzenzentren amerikanischer Forschungszentren miteinander zu vernetzen, um Hard- und Softwareressourcen verteilt nutzen zu können. Anfang der 1980er Jahre wurde das alte ARPANET in zwei Netze aufgeteilt, ARPANET und Milnet. Das Gesamtnetzwerk bekam zunächst den Namen DARPA Internet, der später durch Verkürzung zu \u0026ldquo;Dem Internet\u0026rdquo; wurde. In der Frühzeit des Internet war der Zugang zu diesem Netz auf militärische Nutzung, Forschung und Lehre beschränkt und kommerzielle Nutzung war verboten.\nTrotz dieser Einschränkungen war Internet ein größerer Erfolg als geplant und vorausgesehen. Weitere Netze, die zum Teil unabhängig vom DARPA Internet entstanden und meistens zu Forschungszwecken dienten, schlossen sich über mehr oder weniger indirekte Methoden an das Internet an. Um den Bedarf nach akademischer Kommunikation zu kanalisieren und besser decken zu können, entstand in den USA 1986 das National Sciene Foundation Network (NSFNET), das bis 1990 das ARPANET als Forschungsnetzwerk ersetzte. Zugleich begann das Internet auch immer mehr, über die nationalen Grenzen der USA hinauszuwachsen und sich schließlich weltweit auszudehnen.\nIn 1992 rückte das Internet wieder in das Rampenlicht, diesmal als Bestandteil der \u0026ldquo;National Information Infrastructure\u0026rdquo; im Rahmen des Wahlkampfes von Bill Clinton und Al Gore. Dies war zugleich der Beginn der Öffnung des Internet, die es ermöglicht, das Netz auch zu anderen als Forschungszwecken zu nutzen. Heute, drei Jahre später, wird das Netz durch die unterschiedlichsten Firmen bereits auf vielfältige Weise genutzt, auch wenn die meisten Formen dieser Nutzung noch experimentell sind.\nWarum ist das Internet so erfolgreich? Rechnernetze gibt es viele und zu den unterschiedlichsten Zwecken. So sind die Rechner in den meisten Büros über ein Ethernet-Kabel miteinander verbunden, Außenstellen kommunizieren mit der Zentrale über Datex-P oder Datex-J und wir selbst nutzen Telefonnetze weltweit, um miteinander zu reden oder Dokumente zu faxen. Gegen Ende des zwanzigsten Jahrhunderts ist es kein Problem mehr, irgendwelche Geräte miteinander zu vernetzen, denn wir haben buchstäblich Dutzende Methoden, um das zu tun.\nUnd sie sind alle unterschiedlich.\nDas Internet basiert auf der Idee eines Meta-Netzwerkes. Es dient nicht dazu, Rechner miteinander zu vernetzen. Es gibt keine Internet-Steckkarten, keine Internet-Netzwerkkabel und keine Internet-Anschlüsse. Stattdessen verwendet Internet immer vorhandene Netzwerktechniken, um vorhandene Rechnernetze untereinander zu vernetzen.\nEs setzt voraus, daß schon irgendeine Form von nutzbarem Anschluß vorhanden ist und benutzt diesen dann, um ein lokales Netz in das weltumspannende Geflecht des Internet einzugliedern. Und da alle Hardware schon vorhanden ist, wird lediglich Software gebraucht, um diese Hardware die Sprache des Internet, das Internetwork Protocol (IP), zu lehren.\nDa das Internet die unterschiedlichsten Netzwerke als Träger benutzen kann, wird im Internetwork Protocol ein großer Aufwand getrieben, die Unterschiede zwischen diesen Netzen für die Software und den Anwender, der sie letztendlich verwenden soll, zu verwischen. Als Internet-Anwender merkt man nichts davon, daß eine Netzwerkverbindung über ein halbes Dutzend unterschiedliche Netzwerke mit unterschiedlichen Eigenschaften geleitet wird. Jedes dieser Netzwerke hat seine ganz besonderen Eigenheiten wie besondere Formen der Adressierung, eine andere maximale Größe für Datenpakete oder eine andere Art, den Weg eines Datenpaketes durch das Netz festzulegen. Der Anwender braucht sich mit solchen Dingen nicht zu befassen, IP kümmert sich darum. So entsteht eine neue Abstraktionsebene: Weg vom konkreten Kabel, hin zu einer Netzwerkwolke, in der jeder mit jedem direkt Verbindung aufnehmen kann, wenn er möchte.\nEine andere Idee ist beim Internet ebenfalls neu: Bisher waren Rechnernetze immer so aufgebaut, daß man ein durchgehendes Kabel von einem Startrechner zum Zielrechner haben mußte. Internet führt in der Rechnerwelt das Prinzip des Individualverkehrs ein: Zwar existieren zwischen vielen Orten Netzwerkverbindungen wie Straßen in der wirklichen Welt, aber genau wie in der wirklichen Welt ist nicht jeder Ort mit jedem anderen direkt verbunden.\nDaten werden jetzt nicht als ein durchgehender Datenstrom auf die Reise geschickt, sondern in kleinen Paketen, die dann wie Autos auf richtigen Straßen ihren Weg zum Ziel finden müssen. Und so wie jedes Auto seinen Weg unabhängig von den anderen Fahrzeugen vor und hinter ihm findet, so läuft auch jedes Datenpaket im Internet auf seinem eigenen Weg unabhängig von den anderen Datenpaketen. Eine bestimmte Datenverbindung kann dabei, wenn sie im Netz günstig liegt, von Datenpaketen mit den unterschiedlichsten Zielen gemeinsam genutzt werden. Das Bild von der Datenautobahn trägt hier viel weiter, als man auf den ersten Blick vermuten würde.\nVom Verhalten im Datenverkehr Das Internet ist ein Netzwerk mit Geschichte. Es ist - von den allerersten Anfängen an gerechnet - über 25 Jahre alt. Im Verständnis von Informatikern wird ein solcher Zeitraum ähnlich betrachtet, wie bei normalen Menschen die frühe Kreidezeit. Den größten Teil dieser Zeit haben dabei Menschen mit akademischem Hintergrund das Netz und die Umgangsformen im Netz geprägt.\nDie ursprünglichen Nutzer des Internet waren die Forscher, die das Netz gebaut haben. Sie haben es gebaut, um besser verstehen zu können, wie große Netzwerke von Computern funktionieren, die aus vielen Komponenten sehr unterschiedlicher Hersteller funktionieren. Man wollte untersuchen, wie sich Rechnernetze verhalten, wenn ihnen Überlastung, Störungen und die anderen, täglichen kleinen Problemchen den Betrieb beeinflussen. Doch aus dem reinen Forschungsgegenstand wurde für diese Menschen und die anderen in ihrem Umfeld schon bald ein unverzichtbares Mittel für ihre Arbeit und auch eine Methode, ihre Arbeit zu publizieren.\nVor diesem Hintergrund sind auch die Gebräuche und Kulturen im Internet entstanden. Ein wichtiger Gedanke ist zum Beispiel der Gedanke der Gegenseitigkeit: Für viele Benutzer sind die Dienste des Netzes und die Menschen, die ihnen dort draußen geholfen haben, ohne daß sie sich jemals begegnet sind, ein wichtiger Bestandteil ihrer Arbeit oder sogar ihrer Freizeit gewesen. Es ist üblich, sich bei \u0026ldquo;dem Netz\u0026rdquo; für die erhaltene Hilfe zu bedanken. Dieses Dankeschön besteht normalerweise darin, daß man irgendetwas für das Netz tut, zum Beispiel ein eigenes Programm zum Kopieren freigibt, einen Hilfetext schreibt oder ein anderes Angebot macht, das das Netz zu einem besseren und interessanteren Platz macht. Es kommt nicht darauf an, daß erhaltene Hilfe und Dankeschön in irgendeinem Verhältnis stehen oder etwas miteinander zu tun haben, sondern es kommt nur darauf an, irgendetwas zu tun. Dadurch, daß dies jeder tut, der Nutzen von der Gemeinschaft des Netzes hat, wird das Netz einfach wertvoller für alle.\nDieser Gedanke der Gegenseitigkeit und der Gemeinsamkeit zieht sich durch alle Ebenen des Netzes: Auf den unteren Ebenen des Netzes hilft man sich, indem man gegenseitig IP-Päckchen oder E-Mail weiterleitet, auf den höheren Ebenen der Interaktion stellt man die Ergebnisse seiner Arbeit zur Verfügung oder macht Hilfsprogramme und Werkzeuge verfügbar, die man im Laufe der Zeit entwickelt hat.\nEbenso tief verwurzelt ist die Idee der Rücksichtnahme: Jemand, der sich mit der Entwicklung von Netzwerktechniken beschäftigt, hat eine gute Vorstellung von dem Aufwand, den das Senden einer Mail oder das Laden eines großen Programmpaketes für alle beteiligten Komponenten des Netzes bedeutet. Er wird versuchen, durch sein Verhalten die Netzlast zu verringern: Er wird versuchen, ein benötigtes Programmpaket erst auf einem deutschen Server bekommen, bevor er einen aufwendigen USA-Transfer anstößt oder er wird fragen, ob der Empfänger eine bestimmtes größeres Dokument haben möchte (und in welchem Datenformat), anstatt es unaufgefordert zu versenden.\nUnd der dritte grundlegende Gedanke ist der der Freiheit von Information: Jeder darf im Netz alles anbieten. Diese Idee schlägt sich schon im Design der Diskussionsforen oder gar des Netzes selber nieder. Es gibt im Internet keine zentrale Netzwerkkoordination, die regulierend eingreifen kann und es gibt in den Diskussionsforen des USENET keinen Redakteur, der Veröffentlichungen in irgendeiner Form bewerten oder selektieren würde. Trotzdem herrschen im Netz keine chaotischen Zustände: Probleme werden durch die Erzeugung von sozialem Druck und durch die Vermittlung von Wissen um die Konsequenzen des eigenen Handelns gelöst, anstatt eine übergeordnete Kontrollinstanz zu bemühen.\nJemand, der zum Beispiel im Netz wiederholt defekte oder themenfremde Artikel in bestimmten Diskussionsgruppen im USENET veröffentlicht und dadurch den normalen Betrieb stört, wird von den anderen Diskussionsteilnehmern normalerweise durch eine private Nachricht darauf hingewiesen und ihm wird korrektes Verhalten erklärt oder ihm werden passendere Diskussionsgruppen empfohlen. Das ist einerseits konstruktives Verhalten, indem Alternativen vorgeschlagen werden, andererseits aber auch eine Strafe. Denn in einer Diskussionsgruppe, in der man vielen tausend Teilnehmern auf die Nerven fallen kann, kann schon die Verarbeitung der entsprechend vielen Ermahnung, die man bekommt, ein technisches Problem darstellen. Wer aufgrund seines unerwünschten Verhaltens auffällt, bekommt bald so viele hunderte oder tausende Nachrichten, daß er kaum noch Netzkapazität übrig hat, um zu stören.\nNatürlich ist es nicht praktikabel, die akzeptablen Normen des Verhaltens jedesmal neu auszuhandeln. Daher hat man sich im Netz schon bald auf einen kleinsten gemeinsamen Nenner guten Verhaltens geeinigt und diesen in einem Text niedergelegt. Dieser Text, die \u0026ldquo;Network Etiquette\u0026rdquo; oder \u0026ldquo;Netiquette\u0026rdquo;, sagt eigentlich nichts besonderes aus: Jeder mit einem Funken gesundem Menschenverstand und ein wenig Wissen um die technischen Möglichkeiten und Zusammenhänge kann diese Regeln als vernünftig einsehen. Oder doch wenigstens einsehen, daß man für gewisse Dinge einfach irgendeine einheitliche Regel haben muß und daß man sich nun eben auf genau diese geeinigt hat. Insofern ist das USENET ein wunderbares Beispiel für die hypothetische Urgesellschaft, die die Philosophen immer so gerne bemühen, wenn sie den \u0026ldquo;Gesellschaftsvertrag\u0026rdquo; erklären wollen: Im Netz hat man sich in genau dieser Situation befunden und dieses Modell einmal durchgezogen.\nEs gibt keine Exekutive im Netz, die die Einhaltung der Netiquette in irgendeiner Form überwachen würde und es gibt auch keine Legislative, die genau bemessene Strafen für Verstöße festsetzt. Jeder kann sich nach Belieben danebenbenehmen und ohne Strafe davonkommen, wenn er sein Verhalten vor dem Rest der Meute rechtfertigen kann und sein Verhalten in diesem speziellen Fall als tolerierbar angesehen wird. Auf der anderen Seite kann man aber auch schon für geringe Auffälligkeiten böse Briefe oder Massenmails bekommen, wenn man im Umgang mit seinem Publikum ungeschickt ist oder einfach seinen bösen Willen demonstriert. Trotzdem funktioniert dieses System im großen und ganzen nicht wesentlich besser oder schlechter, als das was offiziell in der Wirklichen Welt in Betrieb.\nWas kann das Internet? Als das Internet vornehmlich als Medium für akademische Kommunikation genutzt wurde, kam es nicht sehr darauf an, daß die Dienste mit einer hübschen oder leicht erlernbaren Oberfläche zur Verfügung gestellt wurden. Aus dieser Zeit stammen die meistens per Kommandozeile bedienbaren Programme, die die Basisdienste des Internet liefern. Diese Basisdienste sind Mail, das Versenden von elektronischen Briefen, News, das Versenden von öffentlichen Artikeln und FTP, die Übertragung und Veröffentlichung von Programmen und anderen Dateien.\nMittels elektronischer Post ist es möglich, Briefe oder längere Texte an einen Gesprächspartner zu versenden, der irgendwo anders im Netz angeschlossen ist. Die Zustellung der Mail erfolgt dabei, soweit technisch möglich, sofort. Ursprünglich war es dabei nur möglich, reine ASCII-Texte ohne besondere Formatierungen, Zeichensätze oder Bilder zu versenden - sogar das Verschicken von Nachrichten mit Umlauten funktionierte in der Regel nicht. Deswegen mußte man Programmdateien oder Dokumente aus Textverarbeitungen oder anderen Programmen vor dem Versand erst in eine spezielle Textform umcodieren. In dieser Form nimmt eine solche Datei zwar mehr Platz ein als vorher, enthält aber lediglich Zeichen, die auch in normalen Texte vorkommen. Auf diese Weise konnte die Datei auch per Mail verschickt werden. Der Empfänger mußte die empfangene Nachricht dann abspeichern und mit einem passenden Decodierprogramm wieder in eine Datei verwandeln.\nModerne Programme zur Handhabung von elektronic mail verwenden ein erweitertes Verfahren zum Verschicken von Nachrichten - MIME. Die Abkürzung steht für Multipurpose (oder Multimedia) Internet Mail Enhancements, also für multimediale Nachrichten. Wenn sowohl der Absender der Nachricht als auch der Empfänger Programme verwenden, die den MIME-Standard beherrschen, lassen sich aus unterschiedlichen Zeichensätzen, Bildern und Dateien zusammengesetzte Nachrichten verschicken, ohne daß man den umständlichen Weg der Codierung gehen muß. Zwar werden die Nachrichten noch immer für die Übermittlung in ein spezielles Format umgewandelt, aber dies geschicht automatisch und ohne daß Sender oder Empfänger etwas davon merken. Die folgende Abbildung zeigt eine solche Nachricht.\nMIME-fähiges Mailprogramm unter Nextstep. Die gezeigte Nachricht enthält beigefügt das dritte Kapitel eines Buches und eine Sounddatei, die beide als Icon dargestellt werden können. Die Dateien können durch Mausklick geöffnet werden oder mit der Maus in einen Ordner auf der Festplatte fallengelassen werden.\nViele Personen erreichen: Listen und Diskussionsgruppen Mails müssen nicht an einen einzelnen Empfänger zugestellt werden. Es ist möglich, Verteiler einzurichten und so eine Mail an einen ganzen Empfängerkreis zuzustellen. Oft kommt es vor, daß jemand auf seinem Rechner einen Verteiler von Personen mit gemeinsamen Interessen einrichtet und diesen dann für die allgemeine Benutzung freigibt. Eine Nachricht an einen solchen Verteiler geht dann an alle auf dem Verteiler eingeschriebenen Personen - die auf diese Nachricht dann wiederum mit einer Kopie an den Verteiler antworten.\nIm Internet nennt man so einen Verteiler eine Mailing-List. Oft wird er gar nicht von einer Person manuell gewartet, sondern von einem Roboter gewartet, der natürlich ebenfalls per Mail erreichbar ist. Wenn man auf eine solche Mailing-List gesetzt werden möchte, sendet man eine Mail mit einem speziellen Kommando im Nachrichtentext (\u0026ldquo;subscribe\u0026rdquo; für \u0026ldquo;bestellen\u0026rdquo;) an diesen Roboter, woraufhin dieser einen in den Listenverteiler aufnimmt und einem auch gleich die Anleitungen und Hilfstexte für diese spezielle Liste zustellt. Solche Roboter haben meistens noch weitere Funktionen. Immer vorhanden ist ein Kommando zum Abbestellen der Liste und zum Anfordern von Hilfstexten. Weitere Kommandos, die bei fast allen automatischen Listen vorhanden sind, dienen zur Abfrage eines Archivs vorangegangener Nachrichten und um festzustellen, welche anderen Teilnehmer auf der Liste eingeschrieben sind. Einige sehr hoch entwickelte Listenroboter bieten zudem die Möglichkeit, sich die Nachrichten der Liste nicht sofort einzeln zusenden zu lassen, sondern einmal pro Tag eine Zusammenfassung (\u0026ldquo;Digest\u0026rdquo; genannt) zu bekommen. Für jemanden, der die Diskussionen dort eher lesend verfolgen möchte, ist dies die bequemere Möglichkeit.\nUm an einer Mailing-List teilzunehmen, muß man selbst aktiv werden, d.h. eine Bestellung an den richtigen Wartungsroboter senden. Die Themen einer Liste sind meistens sehr genau definiert und relativ speziell. Außerdem fungiert derjenige Mensch, der die Liste ins Leben gerufen hat, meistens auch als Moderator der Diskussion. Das führt dazu, daß das Niveau der Diskussion auf einer solchen Liste in der Regel sehr hoch ist, während der Verkehr auf der Liste sich einigermaßen im Rahmen hält. Die Größe des Leserkreises einer Mailing-List kann sehr unterschiedlich sein: Manche Listen haben nur ein knappes halbes Dutzend Leser, andere haben weit über tausend eingeschriebene Empfänger. Ebenso variabel ist die Anzahl der Nachrichten, die man auf der Liste erwarten kann: Manche Listen sind über Monate hinweg tot und man hat schon vergessen, daß man sich dort auf den Verteiler hat setzen lassen. Andere Listen dagegen produzieren so viele Nachrichten, daß man sich ein spezielles Filterwerkzeug für den Posteingang wünscht, um diese Nachrichten automatisch in ein gesondertes Eingangsfach umsortieren zu lassen (Selbstverständlich gibt es solche Werkzeuge in Massen).\nDie logische Weiterentwicklung von Mailing-Lists sind die USENET News. Die News sind ein System von vielen tausend, thematisch gegliederten und öffentlichen Diskussionsforen, in denen jeder Benutzer Nachrichten veröffentlichen kann, wenn er möchte. Anders als bei Mailinglisten sind Nachrichten in den News nicht an einen bestimmten Empfänger oder Verteiler gerichtet, sondern werden wie ein Leserbrief in einer Zeitung ungerichtet verteilt. Jeder, der die entsprechende Diskussionsgruppe anbestellt hat, kann die Nachricht lesen und darauf antworten. Die Antwort erfolgt entweder privat in einer Mail an den ursprünglichen Ersteller der Nachricht oder öffentlich in der Diskussionsgruppe, damit weitere Leser dazu Stellung nehmen können, wenn sie es wünschen. Tatsächlich kann man sich USENET News vorstellen wie eine Zeitung, die nur aus Leserbriefen besteht und die keinen Redakteur hat, der daraus eine Auswahl trifft - alles wird veröffentlicht.\nDie Informationsflut: Kampf gegen das \u0026ldquo;Rauschen\u0026rdquo; des Netzes Alles wird veröffentlicht - das bedeutet auch, daß man in den News in jeder Diskussionsgruppe mit einem gewissen \u0026ldquo;Rauschen\u0026rdquo; leben muß kann. Zwar sind die Gruppen thematisch untergliedert und der Name der Gruppe gibt auch Hinweise, worum es in dieser Diskussionsgruppe geht, aber trotzdem wird man in jeder Gruppe Texte finden, die dort nicht hingehören oder die einfach nicht interessant sind. Die Programme, die zum Lesen der News verwendet werden, müssen darauf Rücksicht nehmen: Sie müssen dem Leser Möglichkeiten geben, schnell und zielsicher diejenigen Artikel aus der Masse des Angebotes zu fischen, die ihn interessieren, ohne daß er mit für ihn nicht weiter interessanten Nachrichten Zeit verschwendet.\nNews sind wesentlich öffentlicher als Mailing-Lists: Die Leserschaft großer Gruppen rechnet sich nicht in Hunderten oder Tausenden, sondern bei den populären Gruppen bis knapp in den Millionenbereich. Ebenso ist in beliebten Gruppen das Nachrichtenaufkommen viel höher als in Mailing-Listen: Die am stärksten benutzte Gruppe des USENET hat im Juli 1995 23601 Artikel an ihre Leser befördert. Das sind 760 Nachrichten pro Tag! Nun ist besagte Gruppe, eine Tauschbörse für Sammelkarten und -bildchen, ein Extremfall und nicht einmal für andere belebte Gruppen repräsentativ. In normalen Diskussionsgruppen kann man mit 30 bis 150 Artikeln am Tag rechnen.\nTrotzdem zeigt sich hier: Im Internet ist es nicht das Problem, an die gewünschten Informationen zu kommen, sondern ungewünschte Informationen nicht zu bekommen. Mit der Kommerzialisierung des Internet und der extremen Zunahme der Benutzerzahlen wird dies mehr als deutlich: In allen 8000 Gruppen des USENET beobachtet man seit einiger Zeit eine deutliche Zunahme von Artikeln, die parallel in sehr vielen Diskussionsforen veröffentlich werden und die in keinem dieser Foren eigentlich einen Platz haben. Eine solche Massenveröffentlichung hat im englischen USENET den passenden Namen \u0026ldquo;Spam\u0026rdquo; (\u0026ldquo;Sülze\u0026rdquo; wie in \u0026ldquo;jemanden zusülzen\u0026rdquo;) bekommen. Die Leserschaft im Netz beginnt erst jetzt damit, darauf zu reagieren und eine Art Bürgerwehr einzurichten (\u0026ldquo;public spam control\u0026rdquo;), deren Aufgabe es ist, solche Artikel zu löschen und die Gruppen so benutzbar zu halten.\nAber \u0026ldquo;spam\u0026rdquo; ist nur eines der Probleme von News und noch dazu eines, das technisch halbwegs in den Griff zu bekommen ist. Eine andere Art von typischen Artikeln erschwert das Lesen der News zusätzlich: Das Netz wächst zur Zeit so stark, daß täglich viele tausende Benutzer neu in das Netz kommen. Sie kennen die technischen Möglichkeiten des Netzes nicht und sie kennen die Regeln des Zusammenlebens im Netz nicht, die einen bestimmten Einsatz dieser Technik vorschreiben. Besonders auffällig in diesem Zusammenhang sind Online-Dienste wie America Online (AOL), Prodigy und Compuserve, die zum Teil Millionen Benutzer auf einmal mit unzureichender Ausbildung auf das Internet und die USENET-Diskussionsgruppen losgelassen haben.\nSo scheint den AOL-Mitgliedern zum Beispiel der Unterschied zwischen öffentlicher Antwort und privater Mail nicht geläufig zu sein: Wann immer jemand im Netz Daten zur Abholung anbietet, zieht sich hinter dieser Ankündigung ein Ratten-, nein Lemmingschwanz von zwei oder drei Dutzend Artikeln hinterher. Alle tragen die Absenderadresse von America Online und bestehen aus einer kompletten Wiederholung des Originaltextes, unter den fein saeuberlich die Worte \u0026ldquo;ME TOO\u0026rdquo; gesetzt worden sind. Eine derartige Reaktion ist inzwischen so typisch fuer AOL-Benutzer, daß ganze Witzsammlungen darüber existieren.\nDas alles sind typische Probleme für ein Medium, dessen Teilnehmerzahl sich regulär in den letzten sechs Jahren alle neun Monate verdoppelt hat und das in Schüben (nämlich immer dann, wenn ein weiterer Online-Dienst mit einer knappen Million Benutzern und mehr sich auf das Internet schaltet) noch wesentlich schneller wächst. Wie kann man es schaffen, solche Massen von neuen Anwendern im Netz auszubilden und ihnen die Besonderheiten und Umgangsformen des Netzes beizubringen? Und das möglichst noch, ohne den normalen, produktiven Betrieb zu stören?\nHäufig gestellte Fragen Ein Mittel zur Ausbildung sind die Listen mit häufig gestellten Fragen. Die Teilnehmer an einer Newsgroup - egal welcher - beobachten im Laufe der Zeit unweigerlich, daß gewisse Fragen zu einem Thema immer wieder erneut auftauchen. Meisten sind dies auch noch Fragen, bei denen bei vielen Diskussionsteilnehmern ein gesundes Halbwissen besteht, sodaß dieselbe Diskussion alle halbe Jahr erneut losbricht. Um diese Wiederholungen zu vermeiden und wenigstens für einen etwas geregelten Diskussionsablauf in einer Newsgroup zu sorgen, erarbeiten sich die Teilnehmer der Newsgroup aus Notwehr meistens einen Katalog der \u0026ldquo;frequently asked questions\u0026rdquo; (abgekürzt: FAQ), der häufig gestellten Fragen und der Antworten dazu.\nDieser Text kann sehr unterschiedlich in der Länge und im Gehalt sein, aber meistens kommen durch die versammelte Wissensmenge einer Diskussionsgruppe und die anhaltende Verbesserung dieses Textes wirklich unentbehrliche Sammlungen zustande. Eine solche FAQ beschäftigt sich vor allen Dingen mit den praktischen Aspekten eines Themas und enthält meistens auch noch sehr komplette Sammlungen von Verweisen auf weitere Quellen. Wenn in der Diskussionsgruppe besondere Regeln gelten oder sich gar eine besondere Subkultur oder ein Slang entwickelt haben, wird dies in der FAQ ebenfalls dokumentiert. Solche Texte werden dann periodisch, meistens einmal im Monat, überarbeitet und dann in der entsprechenden Diskussionsgruppe veröffentlicht, um Neulinge auf den aktuellen Wissensstand der Gruppe zu bringen und sie mit den Besonderheiten der Gruppe vertraut zu machen.\nAußerdem geht von jedem dieser Texte eine Kopie in die Gruppe mit dem Namen news.answers. In dieser Gruppe findet keine Diskussion statt. Stattdessen handelt es sich um einen Kanal, der alle FAQ-Texte, die im USENET veröffentlicht werden, bündelt und zur Archivierung bereitstellt. Wie man sich leicht vorstellen kann, kommen dabei gewaltige Datenmengen zusammen. Diese werden zum einen in öffentlich zugänglichen Archiven verfügbar gemacht (wie man da herankommt, steht selbstverständlich in einer FAQ\u0026hellip;) oder auf vielen Internet CD-ROMs zusammen mit den Programmen zum Internet-Zugriff verbreitet.\nLeider hilft das Bereitstellen von Lesestoff im Zeitalter des Fernsehens und der graphischen Benutzeroberflächen nur noch begrenzt. Und so kommt es, daß man im USENET immer häufiger Dialoge der Form \u0026ldquo;Wie kann ich \u0026hellip;?\u0026rdquo; \u0026ldquo;RTFM! RTFFAQ!\u0026rdquo; beobachten kann.\nZwar sind News und Mail die optisch weniger ansprechenden Dienste des Internet, aber sie sind für den erfahrenen Netzanwender immer noch das primäre Mittel der Kommunikation, denn hier findet er nicht vorgefertigte Texte und Seiten zum Anklicken, sondern wirkliche Gesprächpartner mit ähnlichen Interessen und Problemen wie er selbst. Diese können ihm helfen, die Fragen und Probleme zu klären, die er bei seiner täglichen Arbeit hat - und das müssen beileibe keine Probleme sein, die mit Computern oder Technik zu tun haben.\nPolydirektionalität: Verschwörung der Verbraucher? Aber News und Mail als textbasierte Anwendungen sind nicht das Mittel, mit dem man kommerzielles Interesse am Netz weckt. Etwas, das das teuer von einer Werbeagentur eingekaufte Firmenlogo nicht darstellen kann und keine Hochglanzprospektabbildungen von Firmenprodukten zum Kunden schaffen kann, ist für eine Firma nicht brauchbar. Dazu kommt noch ein anderer Nachteil von News und Mail, der Firmen abschreckt: Firmen haben ein Interesse daran, mit ihren Kunden zu reden. Gute Firmen haben auch ein Interesse daran, daß Kunden mit ihnen reden können. Aber kaum eine Firma hat Interesse daran, daß Kunden ein Medium haben, untereinander über die Firma zu reden. Aber genau das ist in den Newsgroups oder Mailinglisten der Fall. Hier bildet sich eine Öffentlichkeit über eine Firma und deren Produkte, die sehr zahlreich und überregional ausgedehnt sein kann, die die Firma aber nicht direkt kontrollieren kann. Ein solches Medium nennt man polydirektional, weil hier eine Kommunikation zwischen vielen stattfinden kann. Der Umgang mit solchen polydirektionalen Medien ist für jemanden, der hier bestimmte Interessen verfolgt, sehr viel schwieriger als ein einer stärker kontrollierten Umgebung.\nEin sehr schönes Beispiel für die Probleme, die sich aus der Polydirektionalität für eine Firma ergeben können, stellt der sogenannte Pentium-FDIV-Fehler dar: Hier hatte sich eine solche unerwünschte Öffentlichkeit gebildet, als der berühmte Divisionsfehler im FDIV-Befehl des Pentium-Chips der Firma Intel entdeckt wurde. Die Mathematiker und Informatiker, die neue Erkenntnisse über den Fehler und seine Auswirkungen herausfanden, veröffentlichten Ihre Entdeckungen in den USENET News. Dort kam es auch sofort zu Diskussionen von besorgten Anwendern, die ihren defekten Pentium-Prozessor von Intel kostenlos getauscht haben wollten. Intel selbst weigerte sich und behauptete, der Fehler sei für die Mehrzahl der Anwender überhaupt nicht spürbar und ein Austausch sei deswegen nicht notwendig. Die Anwender schlossen sich aufgrund dieser Firmenpolitik im Netz zu einer Interessengemeinschaft zusammen und forderten gemeinschaftlich kostenlosen Austausch. Intel wurde letztendlich durch den im USENET erzeugten Druck dazu gezwungen, eine solche kostenlose Umtauschaktion einzuleiten. Die Pentium-Affäre hat aber noch andere, weiter reichende Auswirkungen auf die Firmenpolitik gehabt: Intel verfolgt inzwischen eine viel offenere Politik im Umgang mit Fehlern in ihren Prozessoren, in der Hoffnung, daß ein Kunde, der schon vorher weiß, welche Fehler das Produkt hat, sich nicht mehr beschweren kann. Im Nachhinein betrachtet fahren Firma und Kunden mit der neuen Politik viel besser als mit der alten, aber diese Lektion zu lernen war für die Firma Intel ein sehr schmerzhafter und nicht ganz billiger Prozeß.\nWWW: WeltWeite Werbung? Für das durchschnittliche Managment einer Firma ist ein polydirektionales Medium also nicht das, was wirklich gewünscht wird. Man möchte stattdessen lieber eine bidirektionale Kommunikation haben: Der Kunde soll jederzeit Produktinformationen über die Firma bekommen können und der Kunde soll sich Rat und Hilfe suchend an den Support der Firma wenden, anstatt sich in irgendwelchen Interessengruppen herumzutreiben. News und Mail leisten dies nicht. Etwas Neues mußte her und dieses Neue wurde mehr aus Zufall geschaffen. Physiker wollten eine Methode haben, ihre Forschungsinformationen im Netz der Netzgemeinde zu präsentieren. Da Zahlenreihen von Meßdaten aber von den meisten Leuten als ästhetisch unbefriedigend angesehen werden, muße eine Methode gefunden werden, Text und Graphik zu integrieren und mit einer ansprechenden Benutzungsoberfläche zu versehen. Es entstand das World Wide Web.\nWie alle genialen Ideen besteht auch WWW im Prinzip sehr einfachen Zutaten: Da ist zum einen eine einfache Seitenbeschreibungssprache, die es mit einem Mal erlaubt, nicht nur einfachen ASCII-Text zu übertragen, sondern auch die optisch ansprechende Gestaltung von Texten und sogar die Einbindung von Bildern, Tönen und Animationen zuläßt. Statt durch trockene und gleichförmige Zeichenströme eingeengt zu sein, hat der Autor eines Dokumentes nun auf einmal die Möglichkeit, seine Aussage mit allen Mitteln modernen Designs aufzubereiten. Dazu hat man einen Mechanismus geschaffen, der es erlaubt auf andere Texte, Dateien und Bilder zu verweisen. Ein Dokument steht nicht mehr alleine, sondern ist in einen Kontext eingebunden, der noch dazu mit einem einfachen Mausklick abgefragt werden. kann. Auf diese Weise werden alle diese Dokumente zu einem großen Netz, eben dem Web, zusammengebunden. Der Schlüssel zum Netz war für den Anwender aber schließlich die Idee, die Nutzung des World Wide Web und der klassischen Internet-Dienste in einem einzigen Programm, dem Browser, zusammenzufassen und diesen mit einer graphischen Benutzungsoberfläche auszustatten. Statt einer ganzen Horde kommandozeilengeprägter Werkzeuge aus der Computer-Steinzeit ist nur noch ein einziges Programm zu erlernen, das noch dazu über eine zeitgemäße graphische Benutzerführung und Onlinehilfe verfügt.\nDie folgende Abbildung zeigt, wie der Abruf einer Informationsseite im Web abläuft: Das Browserprogramm läuft auf dem Rechner des Internet-Benutzers. Dieser äußert durch Mausklicks oder mit der Tastatur seine Wünsche, die vom Browser in eine Serveranfrage übersetzt werden. Über das Internet erreicht die Anfrage einen von vielen Servern im Netz. Der Server liefert auf Grund der Anfrage entweder einen vorbereiteten Text oder er reicht die Anfrage an ein Datenbankprogramm weiter, das auf Grund dieser Anfrage dynamisch ein Antwortdokument erzeugt. In jedem Fall wird die Anwort über das Internet wieder zum Browser zurückgesendet, der sie dem Benutzer graphisch aufbereitet darstellt. In der Abbildung erkennt man, wie aus der ungelenken Seitenbeschreibung, die der Server verwaltet, durch den Browser eine ansprechend aussehende Seite erzeugt wird.\nDer Serverrechner stellt mit dem Programm httpd Daten im Netz bereit. Diese Daten liegen entweder als vorbereitete Dateien auf der Festplatte oder werden als Antwort auf eine Anfrage aus einer Datenbank berechnet. Die Darstellung der Daten übernimmt das Clientprogramm netscape. Es wandelt die Steueranweisungen der Seitenbeschreibungssprache HTML (links) in graphische Attribute und Querverbindungen (rechts) um.\nDas WWW ist ein bidirektionales Medium: Der Abrufer einer Seite hat die Möglichkeit, sich die Seite anzusehen und - falls der Seitendesigner das vorgesehen hat - an jemanden privat zu antworten. Es ist möglich von einer eigenen Seite aus auf eine fremde Seite zu verweisen, aber es ist nicht möglich, eine fremde Seite um eigene Anmerkungen zu erweitern. Diese letzte Eigenschaft, die aus dem Web ein polydirektionales Medium machen würde, wenn sie vorhanden wäre, ist entscheidend für die kommerzielle Akzeptanz des Mediums: \u0026ldquo;Polydirektionaltät macht keinen Umsatz\u0026rdquo;.\nWer sich mit Netzwerken beschäftigt, dem wird dieses Konzept nicht ganz neu vorkommen. Immerhin versucht die Telekom, vormals Bundespost, schon seit Jahren etwas ganz ähnliches mit BTX zu etablieren. Während BTX aber trotz ähnlich bunter Oberflächen nicht so recht aus den Startlöchern kommen wollte, hat das Internet keine Schwierigkeiten damit, seine Teilnehmerzahlen wieder und wieder zu verdoppeln.\nWarum ist das World Wide Web für Anwender und Anbieter ein interessanterer Dienst?\nEin sehr wichtiger Unterschied zwischen BTX und dem Internet ist, daß das Internet ein weltweites Netz ist, während BTX ein rein deutsches Netz darstellt, das nur wenige Übergänge zu anderen, ebenfalls nationalen Netzen hat. Ein Problem aller Computernetze ist besonders in der Anfangsphase, daß man bereits Nutzer haben muß, um neue Anbieter werben zu können und daß man bereits interessante Anbieter haben muß, um neue Nutzer für den Dienst interessieren zu können. Im Gegensatz zu BTX hat das Internet dieses Problem von vornherein nicht gehabt, weil die akademische Nutzerschicht einen Basispool von Nutzern als auch eine reiche von experimentellen, interessanten Anwendungen zur Verfügung gestellt hat.\nHinzukommt, daß es für jemanden, der Information bereitstellen möchte, in BTX ein sehr großer Schritt vom Anwender zum Anbieter ist. Seitenerstellung benötigt spezielle Werkzeuge, die gesondert gekauft werden müssen, wenn man seine Seiten nicht bei einer Agentur kommerziell erstellen lassen möchte. Im Internet dagegen genügt es im einfachsten Fall, einen simplen Texteditor zu verwenden, um ansprechende Seiten für das WWW erstellen zu können. Solches Arbeiten ist vielleicht unkomfortabel, aber immerhin kann man so ohne den geringsten Investitionsaufwand ausprobieren, ob und wie man Daten anbieten kann. Die Leichtigkeit des Einstiegs setzt sich später fort: Wenn man in BTX Seiten erstellt hat, muß man in BTX Anbieter werden. Wegen der starken Reglementierung von BTX ist dies administrativ und finanziell ein ziemlich aufwendiger Schritt. Im Internet dagegen bekommt man bei fast allen Internet-Anbietern mit seinem Zugang zum Internet auch einen gewissen Speicherplatz zur Verfügung gestellt, den man nutzen kann, wenn man eigene Daten anbieten möchte. Der Übergang vom reinen Nutzer zum Anbieter von Informationen ist im Internet als quasi nahtlos und damit viel leichter zu vollziehen.\nDas Internet ist von je her ein Netz gewesen, dessen Werkzeuge und Programme sich nahtlos die Welt der PCs und deren Anwendungen integrieren. Werkzeuge für die Entwicklung von Seiten im World Wide Web, für den Datentransfer und für den Zugriff auf Information sind in Preis, Bedienung und Ressourcenverbrauch einer solchen Umgebung angemessen. Im Unterschied dazu hat die (damals noch) Bundespost mit BTX zunächst auf einen zentralen Großrechner und einen Haufen dummer Endgeräte gesetzt. Gerade diese Endgeräte, die ihre Abstammung aus dem Bereich der Telefonentwicklung nicht verleugnen konnten, waren ein Hindernis für BTX: Damals übliche Heim-PCs konnten die recht hohen graphischen Anforderungen von BTX nicht vollständig und schon gar nicht schnell realisieren und die klobigen Bundespost-Terminals waren für den Privatgebrauch zu teuer und integrierten sich zum Ausgleich dafür überhaupt nicht in die PC-Umgebung eines Büros.\nDer Vergleich der deutschen Entwicklung BTX mit dessen scharfer Trennung zwischen Anwender/Konsument und Anbieter/Produzent und dem amerikanischen Internet mit dem fließenden Übergang zwischen beiden Formen der Netzteilnahme ist das Ergebnis stark unterschiedlicher Vorstellungen davon, wie die Netze von Morgen aussehen sollen: Das amerikanische Modell geht davon aus, daß eine günstige Infrastruktur von Datentransportwegen schon vorhanden ist oder wenigstens für wenig Geld schnell verfügbar gemacht werden kann. Das Schwergewicht der amerikanischen Netzdesigner liegt auf den Anwendungen, die geschaffen werden. Der Unterbau, schnelle Kabel und benötigte Eigenschaften der Netzwerkprotokolle, wird sich dann schon anpassen, wenn es notwendig ist. Auch lassen sich immer mehr Firmen in den USA auf das Abenteuer Polydirektionalität ein. Eine Firmenrepräsentation außerhalb der abgeschirmten Anzeigenwelt des WWW in einer wirklichen Diskussion mit den Kunden und der Kunden untereinander ist sicherlich nicht leicht zu kalkulieren, aber wenn sie gelingt, wird sie sicher positive Rückwirkungen auf die Struktur der Firma haben.\nIn Deutschland kommt die Debatte nicht so weit. Sie stoppt schon an der Diskussion um die nicht vorhandene Infrastruktur, den fehlenden, günstigen Datentransferdiensten. Zwar wäre die Technolgie zum Aufbau schneller Datennetze auch in Deutschland vorhanden, aber die vollkommen ungesunde Struktur des Telekommunikationswesens in Deutschland mit seinen künstlich hohen Preisen für Telekommunikationsdienstleistungen jeder Art schreckt vor allen Dingen die experimentierfreudigen, aber kapitalschwachen kleinen und mittleren Firmen ab. Diskutiert werden hauptsächlich medienwirksame Großprojekte, die sich um so aufregende Dinge wir interaktives Fernsehen oder Videoshopping drehen und die hauptsächlich als Ausrede für Beschaffung von Übertragungskapazität dienen. Kundeninteresse, das zeigen die bereits angelaufenen Pilotprojekte, ist bei diesen Dingen auf dem Markt der Heimanwender praktisch nicht vorhanden: Video on Demand gibt es bei Video Peter um die Ecke und interaktive TV-Romane kann man schon jetzt bei Nintendo kaufen. Und als kommerzielle Anwendung wird in jedem einzelnen Bericht über diese Pilotprojekte die vielbeschworene Telemedizin bemüht - andere Anwendungen scheinen auch den bemühtesten Werbetextern für diese Zukunft nicht einzufallen. Polydirektionalität, diese ganz entscheidende Eigenschaft des Internet, ist für ein deutsches Managment viel zu aufregend und unter allen Umständen zu vermeiden.\n","date":"1996-01-02T00:00:00Z","href":"https://blog.koehntopp.info/1996/01/02/was-ist-das-internet.html","tags":["lang_de","publication","internet"],"title":"Was ist das Internet?"},{"categories":null,"content":"aus \u0026ldquo;Die Netzrevolution - auf dem Weg in die Weltgesellschaft\u0026rdquo;, Rost (Hrsg.), 1996, Frankfurt/ Main: Eichborn-Verlag, 230 Seiten\nWer beherrscht das Internet? \u0026ldquo;Es gibt keine zentrale Koordination des Internet, die einzelnen Teilnehmern oder Teilnehmerorganisationen Weisungen erteilen kann oder bei der man sich über Fehlverhalten anderer beschweren kann.\u0026rdquo; So oder so ähnlich liest man es wahrscheinlich in jeder Einführung in die Besonderheiten des Internet an irgendeiner Stelle. Gibt es wirklich niemanden, der das Internet beherrscht? Ist das Internet eine totale Anarchie?\nDie Antwort lautet \u0026ldquo;Nein\u0026rdquo;. Die Begründung für das \u0026ldquo;Nein\u0026rdquo; ist ziemlich lang.\nBetrachtungsebenen Das Internet ist kein homogenes Netz. Stattdessen handelt es sich um ein Sammelsurium von anderen Netzwerken, auf denen Internet-Pakete verschickt werden. Diese einzelnen Trägernetze, auf denen das Internet aufsetzt, können natürlich stark unterschiedliche technische und administrative Bedingungen aufweisen. Und selbstverständlich können einzelne Teilnetze im Internet sehr wohl eine zentrale Koordination haben. Ein Beispiel macht das sehr gut deutlich:\nIch sitze daheim an meiner Next-Workstation, die über ein lokales Ethernet und einen ISDN-Router Verbindung zum deutschen EuNet hat. Wenn ich von Zuhause aus auf den WWW-Server http://www.pz-oekosys.uni-kiel.de zugreife, dauert es nur wenige Sekunden und die Startseite des Projektzentrums Ökosystemforschung wird auf meinem Bildschirm aufgebaut. Aber welcher Aufwand an technischer und administrativer Kooperation war dazu notwendig?\nNun, die erste Station für meine Internet-Datenpakete ist mein lokales Ethernet, das die verschiedenen Computer in meinem Haushalt miteinander verbindet. Selbstverständlich ist dies mein Netz und ich bestimme, welche Rechner dort angeschlossen werden und was auf diesen Netz gemacht wird. Meine IP-Pakete für das Projektzentrum werden dann von einem kleinen PC mit einer Ethernet- und einer ISDN-Steckkarte über Leitungen der Telekom zum Kieler Point of Presence des EuNet weitergeleitet. Die Telekom kann durch den Preis und die Verfügbarkeit dieser Leitungen die Dauer meiner Präsenz im Internet ziemlich regulieren. Auf den Inhalt der übertragenen Daten hat sie nach deutschem Recht zum Glück keinen Einfluß.\nMeine Datenpakete, die inzwischen beim EuNet-POP Kiel angekommen sind, werden nun über verschiedene Standleitungen innerhalb des EuNet, die auch alle bei der Telekom gemietet worden sind, bis zu einem Übergangspunkt ins deutsche Wissenschaftsnetz weitergegeben. Das Wissenschaftsnetz ist ein Datennetz, das vom \u0026ldquo;Verein zur Förderung eines deutschen Forschungsnetzes e.V.\u0026rdquo; (DFN-Verein) ins Leben gerufen worden ist und das praktisch alle größeren deutschen Forschungseinrichtungen verbindet. Zwar basiert es auf dem Datex-P Dienst der Telekom, aber es wird hauptsächlich verwendet, um Internet-Daten zu verschicken. Der DFN-Verein unterhält dazu eine ganze Reihe von Übergangspunkten aus dem Wissenschaftsnetz in andere Teilnetze des Internet.\nTeilnahme und Nutzung des Wissenschaftsnetzes werden vom DFN-Verein reglementiert: Kommerzieller Datentransfer auf dem Wissenschaftsnetz ist nicht gestattet. Transitverkehr ist ebenso untersagt, dabei versteht der DFN unter Transit den Transport von Daten aus einem Drittnetz durch das Wissenschaftsnetz in ein anderes Drittnetz. Das Wissenschaftsnetz soll nicht als Trägernetz für andere Netzwerke mißbraucht werden.\nÜber das Wissenschaftsnetz gelangen meine Datenpakete schließlich in das lokale Ethernet der Universität Kiel und letztendlich zum WWW-Server des Projektzentrums Ökosystemforschung. Dieses lokale Netzwerk der Universität wird durch das Rechenzentrum der Universität beziehungsweise durch die einzelnen Institute selbst betrieben. Auch diese Parteien stellen möglicherweise noch gewisse Ansprüche an die Art der Nutzung.\nWie man sehen kann, sind sogar an einem einfachen Datentransfer zwischen zwei Netzteilnehmern innerhalb derselben Stadt eine Vielzahl von Parteien beteiligt. Alle diese Leute haben unter Umständen sehr unterschiedliche Vorstellungen davon, was das Netz ist und wie es genutzt werden sollte.\nMan kann versuchen, das Problem zu vereinfachen, indem man die an einer solchen Datenübertragung beteiligten Gruppen ein wenig klassifiziert:\nAls erstes wäre dort derjenige zu nennen, der die Kabel für die Kommunikation bereitstellt. Abgesehen von lokalen Netzen, die Grundstücksgrenzen nicht überschreiten dürfen, ist dies in Deutschland aufgrund des Telekommunikationsmonopols immer die Telekom. Sie diktiert die durch Verfügbarkeit und Preise von Diensten die Rahmenbedingungen, mit denen sich alle, die kommunizieren möchten, abfinden müssen.\nZweite beteiligte Gruppe sind die Internet-Provider. Ein Provider ist jemand, der Kabel von der lokalen Telekommunikationsgesellschaft erwirbt und darauf den Dienst \u0026ldquo;Verschicken von IP-Paketen\u0026rdquo; anbietet. Neben dem schon genannten DFN-Verein, der seine Dienste hauptsächlich im akademischen Bereich anbietet, und dem deutschen EuNet gibt es in Deutschland als \u0026ldquo;klassische Provider\u0026rdquo; noch den Karlsruher Anbieter XLink und die Hamburger MAZ. Daneben haben sich in den letzten Jahren noch andere Firmen etabliert, die ebenfalls Zugang zum Internet anbieten, aber eigentlich andere Produkte verkaufen möchten: Da ist einmal die Telekom, die mit Telekom Online Internetzugang verkauft, aber eigentlich BTX anbieten möchte. Dann gibt es IBMs Advantis, das eigentlich helfen soll, IBMs OS/2 Warp zu verkaufen. Compuserve, denen es viel lieber wäre, wenn ihre Kunden das eigene Compuserve Network nutzen würden. Und - in Europa noch ohne Internet-Zugang - Microsoft, bei denen Internet-Zugang ein Abfallprodukt ihres hauseigenen Microsoft Network ist.\nEinige dieser Provider nehmen ziemlich starken Einfluß darauf, was ihre Kunden mit dem Internet machen können und dürfen. Manchmal ist die Einflussnahme technisch bedingt, zum Beispiel ist der Internet-Zugang der Telekom nicht transparent: Bei TELNET-Verbindungen werden Steuerzeichen nicht übertragen und damit ist der TELNET-Dienst praktisch wertlos. Bei anderen ist die Einflussnahme inhaltlicher Art. So hatte zum Beispiel zu der Zeit, als dieser Artikel geschrieben wurde, die Universität Frankfurt vorübergehend die WWW-Seiten eines Studenten gesperrt, der Informationen über Kurden im Netz zur Verfügung stellt. Ein anderes Beispiel ist die Firma Microsoft, die Anbietern von Konkurrenzprodukten den Zugang zu Microsoft Network zu verwehren versucht.\nSolange Informationen im Internet zur Verfügung gestellt werden und es eine ausreichend große Anzahl von Internet-Anbietern gibt, sind solche Beschränkungen kein Problem. Der betroffene Kunde begibt sich dann einfach zu einem anderen Anbieter und wird dort glücklich. Da das Internet ein offenes Netz aus Netzen ist, macht weder für den Anbieter noch für den Benutzer einen Unterschied, wo man angeschlossen ist. So hat sich zum Beispiel schon kurz nach der Sperrung der Seiten des oben erwähnten Studenten an der Uni Frankfurt ein private betriebener Internet-Zugang in Jena bereit erklärt, die betreffenden Seiten im Netz bereitzuhalten. Damit ist das Internet bei einer gesunden Anbieterstruktur effektiv resistent gegen jede Form der inhaltlichen Kontrolle.\nNatürlich macht so etwas auch Probleme, jedenfalls aus der Sicht einer Person, die das Internet nicht gewohnt ist: So ist es zum Beispiel nicht möglich, gegen die Anbieter nationalsozialistischer Propaganda auf ausländischen Serverrechnern vorzugehen oder auch nur zu verhindern, daß solche Seiten in Deutschland abrufbar sind. Erfahrene Internet-Benutzer haben mit solchen Dingen weniger Probleme: Sie wissen, daß ein Verbot solcher Seiten sowieso nur die Symptome bekämpfen würde, aber am eigentlichen Problem, der Überzeugung der Anbieter, nichts ändern würde. Entscheidend ist nicht, daß man solche Seiten unterdrücken kann, sondern daß man die Freiheit hat, Gegenmeinungen im gleichen Forum an gleicher Stelle zu präsentieren.\nDie Dritte Macht Neben den beiden bereits benannten Parteien gibt es noch eine dritte, große Kraft, die das Internet bestimmt. Im Vergleich zu den bereits benannten Gruppen ist sie relativ unauffällig und bleibt dem normalen Benutzer in der Regel verborgen: Es sind die Gremien, in denen die technischen Grundlagen des Netzes genormt und beschlossen werden. Hier hat das Internet eine im Vergleich zu anderen Normungsgremien einmalige Struktur.\nGrundlage der technischen Verfahren im Internet sind die Internet Standards. Diese Standards sind besondere Papiere in einer Reihe von Dokumenten, in denen die technischen Hintergründe des Internet diskutiert werden: die Requests for Comments (RFC). Ursprünglich war die Entwicklung des Internet vollständig informal: Im Rahmen einer akademischen Diskussion unter gleichen wurden Papiere veröffentlicht, in denen Ideen diskutiert wurden oder Notizen von Treffen verbreitet wurden. Diese Papiere bekamen zum Zwecke der Archivierung fortlaufende Nummern. Da RFCs Dokumente zum Zwecke der Archivierung sind, wird ein bestimmter RFC nach seiner Veröffentlichung niemals mehr verändert. Eine neue Version bekommt also eine neue Nummer und verweist auf seinen Vorgänger als veraltetes Dokument.\nIm Laufe der Entwicklung wurden einige dieser RFCs, die Übertragungsverfahren oder andere technische Details beschrieben, immer wieder überarbeitet und weiter und weiter ausgefeilt. Da diese Dokumente praktisch die seit Jahren gängige Verfahrensweise im Internet beschrieben, hat man diese Dokumente zu offiziellen Standards im Internet erklärt.\nDas heutige Verfahren der Verabschiedung neuer Standards im Internet ist nicht mehr ganz so frei von Formalien, aber der Geist des ursprünglichen Vorgehens ist weitgehend erhalten geblieben. Ein zukünftiger Internetstandard beginnt sein Leben meistens als ein Request for Comment. Im Prinzip kann er von jedermann auf der Welt eingereicht werden, aber in der Praxis wird er meistens von einer Arbeitsgruppe der Internet Engineering Task Force (IETF) erarbeitet. Wenn ein solches Papier eingereicht wird, entscheidet die Internet Engineering Steering Group, ob das Thema es wert ist, dafür den Standardisierungsprozeß in Gang zu setzen und ob ausreichend Bedarf nach einer Regelung besteht. Wenn dies der Fall ist, beginnt der neue Internet Standard sein Leben als \u0026ldquo;proposed standard\u0026rdquo;, als Standardisierungsvorschlag.\nDer Vorschlag kann nach Ablauf einer gewissen Wartezeit auf der Leiter der Internet Standardhierarchie weiter vorrücken, wenn mindestens zwei unabhängige Implementationen des Standards existieren, die in der Lage sind, zusammenzuarbeiten. Dies stellt sicher, daß erstens Interesse innerhalb der Gemeinschaft der Entwickler vorhanden ist und daß zweitens der Standard detailliert genug ist, um ihn als Basis für eine Entwicklung zu nehmen. Die bei der Arbeit mit dem Standard gewonnen Erfahrungen fließen in der Regel in dieser Phase in eine Überarbeitung des Papieres ein. Das Resultat wird ein neues Papier sein, das zum \u0026ldquo;draft standard\u0026rdquo; (Standardentwurf) wird. Nach einer weiteren Wartezeit kann dieser Entwurf dann endlich zu einem vollwertigen Internet Standard erklärt werden.\nDieses Vorgehen stellt die Arbeitsweise vieler anderer Normungsgremien auf den Kopf: Statt eine neue Norm zu spezifizieren und nach der Festlegung der Norm anhand der vorhandenen Texte zu arbeiten, dokumentiert ein Internet Standard meistens nur schon jahrelang gebräuchliche, existierende Praxis. Das hat nicht nur zur Folge, daß es relativ wenige \u0026ldquo;tote\u0026rdquo; Standards gibt, sondern auch, daß Internet Standards in der Regel wesentlich leichter zu lesen und zu verstehen sind als andere Normen.\nGleichzeitig ist dieses Standardisierungsverfahren auch wesentlich offener als andere. Zum einen sind RFCs im Internet frei verfügbar. Sie können bis auf die Transferkosten kostenlos abgerufen werden und unterliegen keinen Weitergabebeschränkungen. Zum anderen kann der Anstoß zur Ingangsetzung des Normungsverfahrens von einer beliebigen Institution oder sogar Einzelperson kommen.\nSogar die oben erwähnte IETF ist keine formale Organisation, sondern zum größten Teil ein Verband Arbeitsgruppen. Diese Arbeitsgruppen existieren die meiste Zeit in Form von Mailinglisten, die im Zugang nicht beschränkt sind und auf denen jede interessierte Person mitdiskutieren kann. Gelegentlich kommt es zu IETF Meetings, auf denen sich dann die beteiligten Personen und Arbeitsgruppen treffen und wo man persönlich miteinander diskutieren kann. Es gibt keine formale IETF-Mitgliedschaft, sondern man wird durch Mitarbeit in einer IETF Arbeitsgruppe IETF-Mitglied.\nComputerprotokolle verwenden meistens einen Satz von magischen Nummern und Namen, die in irgendeiner Art und Weise die korrekte Funktion des Netzes gewährleisten. Solche Nummern sind zum Beispiel die Empfänger- und Absenderadressen von Datenpaketen, ohne die keine einzige Nachricht ihr Ziel finden würde. Von gleicher Bedeutung sind die Namen von Rechnern und Teilnetzwerken, die ebenfalls eindeutig sein müssen. Damit das Netz funktioniert, müssen solche Namen und Nummern eindeutig vergeben werden. Das Internet hat zu diesem Zweck die Internet Assigned Numbers Authority (IANA), eine zentrale Registratur, die über alle Zahlen und Namen wacht, die dieser Einschränkung der Eindeutigkeit unterliegen. Wer am Netz teilnehmen möchte, muß sich eine solche Netznummer und einen Namen zuteilen lassen.\nDie IANA gibt im keine einzelnen Namen oder Nummern heraus und arbeitet auch nicht mit Einzelpersonen oder -institutionen zusammen. Stattdessen existiert normalerweise ein nationales Network Information Center (NIC), das einen Block von Internetadressen zugeteilt bekommt und dem die Verwaltung des nationalen Namensraumes unterliegt. In Deutschland ist dies etwa das DE-NIC, das Namen vergeben kann, die auf \u0026ldquo;.de\u0026rdquo; enden und das Internet-Nummern für deutsche Internet-Teilnehmer vergibt. Aber selbst mit dem DE-NIC wird man als deutscher Netzteilnehmer nicht persönlich reden, sondern über seinen Internet-Provider, der die Beschaffung von Nummern und Namen in der Regel übernimmt.\nDie Vergabe von Namen ist für die NICs in letztere Zeit zu einem echten Problem geworden. Mit dem explosionsartigen Wachstum des Internet drängen immer mehr Firmen in das Netz und selbstverständlich ist für eine Firma eine Adresse wie http://www.firma.namedesproviders.land vollkommen unakzeptabel. Das bedeutet, daß beim zuständigen NIC hunderte, wenn nicht tausende von Anträgen auf Namen wie \u0026ldquo;firma.de\u0026rdquo; oder gar \u0026ldquo;produkt.de\u0026rdquo; eingehen. Einige dieser Namen sind von vorneherein als kurzfristige Werbegags gedacht und es ist bei der Vergabe des Namens schon das Verfallsdatum absehbar. Für ein NIC ist das eine schwierige Situation: Auf der einen Seite darf das NIC bei der Vergabe von Namen nicht zu restriktiv sein, denn es sitzt auf einer Monopolressource, auf der anderen Seite ist das NIC für die Struktur und Ordnung des ihm zugeteilten Abschnittes des Namensraumes verantwortlich und hat eine \u0026ldquo;Verschmutzung\u0026rdquo; des Namensraumes zu vermeiden und nebenbei noch Konflikte zwischen zwei Bewerbern um denselben Namen zu schlichten.\nTeilnehmer: Auch mächtig? In der obigen Aufzählung von \u0026ldquo;Mächtigen\u0026rdquo; im Internet fehlt eine Gruppe: Die Netzteilnehmer. Welchen Einfluß haben sie auf die Entwicklung des Internet oder die Gestaltung von Netzlandschaften?\nNun, zum einen steht es ihnen jederzeit frei, die Lager zu wechseln und etwa Informationsanbieter zu werden oder aktiv an der Gestaltung von Standard im Internet teilzunehmen. Aber welchen Einfluß haben Anwender in ihrer Rolle als Anwender? Nun, aktiv werden kann ein Anwender nur als Abrufer von Information und als solcher ist er bei der Nutzung fast aller Internet-Dienste gegenüber den anderen Nutzern fast unsichtbar. Er bestimmt sicherlich, welche Informationsangebote durch hohe Nutzerzahlen populär werden, aber das ist nur eine sehr indirekte Art der Einflußnahme.\nEin einziger Dienst des Internet fällt hier aus der Rolle, weil in ihm die Nutzer den entscheidenden Einfluß haben und das sind die USENET News. Die USENET News sind ein Diskussionsforum, in dem sich jeder Nutzer zu Wort melden und seine eigenen Beiträge einbringen kann. Die Verwaltung dieser Diskussionsforen findet vollständig durch die Nutzer statt.\nDa ist einmal der Prozeß der Einrichtung neuer Diskussionsgruppen: Technisch ist es sehr leicht, neue Diskussionsgruppen einzurichten oder wieder zu entfernen. Damit eine solche Gruppe jedoch weit verbreitet wird und vom Netz angenommen wird, ist es notwendig, vorher einen Konsenz über die Namen und die Zweckbestimmung solcher Gruppen zu erzielen. Also hat die Netzgemeinschaft im Laufe ihrer Entwicklung ein Dokument erarbeitet, das einen formalen Weg zur Einrichtung solcher Gruppen vorsieht. Eine neue Gruppe muß formal vorgeschlagen werden und dabei muß außer dem Namen auch eine kurze Erläuterung zum Zweck der Gruppe gegeben werden. Außerdem muß klar werden, wie sich diese Gruppe von anderen Gruppen thematisch unterscheidet. Dieser formale Vorschlag wird dann einige Zeit in den News diskutiert und unter Umständen einige Male verändert, bevor es zu einer Abstimmung kommt.\nDie \u0026ldquo;Abstimmung\u0026rdquo; ist an und für sich keine, da am Ende ja nichts beschlossen werden kann: Jeder Betreiber eines Netzknotens kann immer noch für sich und alleine entscheiden, ob er eine bestimmte Gruppe auf seinem eigenen Rechner führen möchte. Es handelt also mehr um eine Meinungsumfrage als um eine Abstimmung. Aber wenn das Ergebnis einer solchen Abstimmung nach den Regeln positiv ausfällt, kann man einigermaßen sicher sein, daß die neue Gruppe von der überwiegenden Anzahl der Systeme akzeptiert und eingerichtet wird.\nObwohl in den USENET News wie im eigentlichen Internet also jede Form der Exekutive zur Durchsetzung von Beschlüssen der Netzgemeinschaft fehlt, gelingt es trotzdem, stabile Formen der Kooperation zu finden und diese Umzusetzen. Und obwohl niemand da war, um dem Netz am Anfang eine Satzung oder einen Staatsvertrag zu geben, haben sich formale Regeln für den Netzbetrieb entwickelt, die weitgehend akzeptiert und eingehalten werden.\nOft unterscheidet sich dieses Regelwerk stark von der jeweiligen lokalen Gesetzgebung, gerade im Bereich Urheberrecht oder Weiterverbreitung von \u0026ldquo;verboteten\u0026rdquo; Informationen ist man im Netz meistens wesentlich liberaler als in der Wirklichen Welt. Aber meistens ist das netzeigene Regelwerk inklusive seiner nicht formal notierten Traditionen sehr viel besser geeignet, mit Netzproblemen fertig zu werden als das juristische Handwerkszeug der Wirklichen Welt.\n","date":"1996-01-01T00:00:00Z","href":"https://blog.koehntopp.info/1996/01/01/wer-beherrscht-das-internet.html","tags":["lang_de","publication","internet"],"title":"Wer beherrscht das Internet?"},{"categories":null,"content":"Linux Magazin, Heft 12/1995\ninit - Starten und Beenden von Linux Der Prozeß mit der Prozeßnummer 1 ist init. init wird beim Starten des Systems geladen und läuft bis zum Abschalten durch. Er ist der direkte oder indirekte Urahn aller anderen Prozesse eines Linux-Systems. Ein genaues Verständnis der Vorgänge vom Starten von init bis zum Erscheinen des ersten Shellprompts nach dem Login ist notwendig, um fehlerhaft konfigurierte Linuxsysteme wiederzubeleben, ohne neu installieren zu müssen.\nDie meisten Linux-Distributionen haben heutzutage den sysvinit 2.4 von Miquel van Smoorenburg (Miquel van Smoorenburg) installiert. Diese init-Version entspricht im Großen und Ganzen den von regulären System V Systemen bekannten inits, ist aber auf PC-Verhältnisse besonders angepaßt. sysvinit kennt zum Beispiel spezielle Optionen betreffend das Verhalten bei einem Stromausfall mit einer USV und weiß mit einem Control-Alt-Delete umzugehen. Mit Smoorenburgs init-Paket kommen außer init auch noch die Programme halt, last, mesg, shutdown und wall sowie der Quelltext für den powerd, ein Auswertedämon für die Statusleitungen von USVs. Eine Version von who, die auf den init abgestimmt wäre, fehlt.\nZu dem Zeitpunkt, zu dem init gestartet wird, ist das System soeben gebootet worden. Außer dem Root-Dateisystem, das wahrscheinlich nur read-only gemountet ist und möglicherweise beschädigt ist und der Systemkonsole /dev/console existieren keine weiteren Ressourcen. Außer init laufen keine anderen Prozesse. Swapspace ist noch nicht angemeldet, was zur Folge hat, daß auf Systemen mit nur 4 MB RAM der Speicher schnell knapp werden könnte. Die Aufgabe von init beim Systemstart ist zunächst einmal, die Dateisysteme zu prüfen, gegebenenfalls zu reparieren und sie sowie eventuell vorhandenen Swapspace anzumelden. Durch die zusätzlichen Dateisysteme und den zusätzlichen Speicher versetzt sich das System in die Lage, die zahlreichen Hintergrundprozesse zu starten, die ein vollständig betriebsbereites Linux auszeichnen. Welche Dämonen gestartet sind, wird durch die Konfigurationsdatei von init, die /etc/inittab festgelegt. Je nach Run-Level des Systems können dies unterschiedliche Prozesse sein.\nRun-Levels Ein Run-Level ist dabei einfach nur die numerische Bezeichnung (Okay, es gibt auch noch einen Run-Level S) für eine bestimmte Systemkonfiguration. Abhängig vom aktuellen Run-Level werden bestimmte Zeilen der /etc/inittab gültig oder ungültig und init stoppt oder startet dementsprechend die zugehörigen Prozesse. Die /etc/inittab definiert gewissermaßen den Soll-Zustand des Systems in einem bestimmten Run-Level: Fehlende Dämon-Prozesse werden von init nachgestartet, überzählige Dämon-Prozesse werden von init gestoppt.\nÜber den Ist-Zustand des Systems führt init parallel dazu in der utmp-Datei Buch. Für jede Zeile der /etc/inittab steht in der utmp-Datei ein struct utmp-Eintrag, der über den Verbleib des zugehörigen Prozesses Aufschluß gibt. Außerdem führt init über seine Aktionen noch in der wtmp-Datei ein Logbuch. Auch diese Datei besteht aus struct utmp-Einträgen, aber im Gegensatz zu utmp, die eine feste Länge hat, wird wtmp als Logbuch fortgeschrieben (und muß regelmäßig gekürzt werden). Programme wie who, w, finger oder der rwhod können die utmp-Datei auswerten und anzeigen, welche Benutzer gerade im System eingeloggt sind oder welche Schnittstellen gerade unbelegt sind. Programme wie last oder Accountingtools werten dagegen die wtmp-Datei aus und können so ein Logbuch über die vergangenen Logins erzeugen.\nAuf einem richtigen System V kann who nicht nur eine Liste der eingeloggten Benutzer erzeugen, sondern die komplette utmp-Datei analysieren und auch mit der Option -r den aktuellen Run-Level des Systems anzeigen. Im Umfeld der Slackware-Distributionen paßt der who-Befehl nicht zum init und ihm fehlen diese Optionen, sodaß man auf selbstgeschriebene Programme angewiesen ist.\ninit erzwingt nicht, daß bestimmte Run-Level (ausgenommen S) bestimmte Bedeutungen haben. Das Verhalten des Systems richtet sich ausschließlich nach der Konfiguration in der /etc/inittab. Per Konvention hat diese auf den meisten Distributionen, die von Slackware abstammen, ein bestimmtes Aussehen. \u0026ldquo;Slackware inittab\u0026rdquo; weiter unten zeigt die /etc/inittab einer Slackware-Installation.\nEine Zeile der inittab hat dabei das folgende Format:\nid:runlevels:action:process Die id stellt dabei einen eindeutigen Identifikator für die Zeile der inittab dar. Er muß genau zwei Buchstaben lang sein und taucht später als ut_id-Feld in demjenigen Eintrag in der utmp-Datei auf, der zu dieser Zeile der inittab gehört. Das, was finger in der Spalte Tty ausdruckt, ist der Inhalt dieses ut_id-Feldes aus der utmp-Datei.\nDas Feld runlevels definiert einen oder mehrere Run-Levels, in denen diese Zeile aktiviert sein soll.Wenn der aktuelle Run-Level des Systems hier nicht aufgeführt ist, ist diese Zeile unwirksam: Ein Eintrag im Feld runlevels mit den Ziffern 123 wäre nur in den Run-Levels 1, 2 und 3 gültig.\nDas Feld process definiert dann den Aufruf eines Prozesses mit allen Parametern, wie er von init gestartet werden soll, wenn das System sich in einem der in runlevels genannten Run-Level befindet. Diese Prozesse sind entweder Dämon-Prozesse wie xdm oder nnmaster, Login-Prompts wie getty oder Scripte und Anweisungen, die beim Wechsel des Run-Levels aktiv werden. init überwacht diese Prozesse. Wenn sich einer von ihnen beendet, bemerkt init dies und entscheidet anhand der action darüber, ob der Dämon neu gestartet werden soll oder was sonst zu tun ist.\nDer Abschnitt \u0026ldquo;Das action Feld in der inittab\u0026rdquo; erklärt die Bedeutung der verschiedenen Schlüsselworte.\nDie rc-Scripte Bei der Slackware startet die inittab einige rc-Scripte, genau wie bei den meisten anderen Unices auch. Die Bezeichnung rc steht dabei für \u0026ldquo;run command\u0026rdquo;. Sie stammt noch aus der Urzeit der Computerentwicklung und wurde von einem der vergessenen Vorläufer von UNIX übernommen. Heute würde man wohl stattdessen das Kürzel \u0026ldquo;BAT\u0026rdquo; verwenden.\nDie Struktur dieser Scripte orientiert sich bei Linux mehr an der wesentlich primitiveren Konfiguration eines BSD-Systems als an einem normalen System V. Mit unserem Wissen über init können wir inzwischen erkennen, daß Linux nach dem Booten wegen des initdefault-Schlüsselwortes in der inittab den Run-Level 5 ansteuert. Der sysinit-Eintrag sorgt dann für die Abarbeitung von /etc/rc.d/rc.S, gefolgt von /etc/rc.d/rc.M, da der wait-Eintrag \u0026ldquo;rc\u0026rdquo; den Run-Level 5 enthält. Nachdem init auf das Ende von rc.M gewartet hat, startet er die getty-Einträge c2 bis c6 (c1 ist hier auskommentiert) und den nnmaster. Der Eintrag x1 wird ignoriert, da er nur für den Run-Level 6 gilt.\n/etc/rc.d/rc.S ist das Script, das als erstes nach dem Systemstart abgearbeitet wird. Es findet den eingangs erwähnten Rechner ohne Dateisysteme und Ressourcen vor und macht sich daran, diesen Zustand zu ändern. Die ersten Handgriffe nach der Definition eines Suchpfades dienen dazu, den Swapspace zu aktivieren: Dazu muß swapon -a eine gültige /etc/fstab vorfinden und dort die Swap-Partitionen benannt bekommen. Der update-Dämon sorgt dann dafür, daß der Speicherinhalt auch gelegentlich auf die Festplatte geschrieben werden. Jetzt ist auch auf Maschinen mit 4 MB RAM genügend Speicher bereitgestellt, um größere Prozesse ablaufen lassen zu können.\nDie folgenden Anweisungen dienen dazu, die Dateisysteme zu prüfen und - falls möglich - das Root-Dateisystem read-write anzumelden. Wenn der fsck oder der Remount fehlschlagen, druckt das Script Handlungsanweisungen und versucht noch so etwas wie ein Login hinzubekommen. Die folgenden Anweisungen ab Zeile 92 dienen dann dazu, die üblichen Konfigurations- und Statusdateien zu erzeugen, die beim Systemstart aufgefrischt werden müssen und die Systemzeit zu stellen.\nStartet man Linux im single user mode oder gerät man auf andere Weise auf ein System mit einer read-only angemeldeten Root-Platte, kann man sich behelfen, indem man /etc/rc.d/rc.S von Hand ausführt. Mit ein wenig Glück bekommt man so ein halbwegs vernünftig konfiguriertes System, bei dem man immerhin soviele Eingriffsmöglichkeiten hat, daß man die verbleibenden Fehler von Hand korrigieren kann. Auch normale UNIX-Versionen haben ähnliche Scripte. Da das Checken und Anmelden der Platten nach dem Systemstart mit die dringlichste Aufgabe ist, findet man den Namen des Scriptes am einfachsten heraus, indem man sich den sysinit-Eintrag der betreffenden /etc/inittab ansieht. Ein häufige Name für dieses Script ist zum Beispiel bcheckrc.\n/etc/rc.d/rc.M kümmert sich dann um die Vorbereitung des Systems auf den Mehrbenutzerbetrieb. Dieses Script kann davon ausgehen, daß alle lokalen Platten schon verfügbar sind und daß ausreichend Swapspace zur Verfügung steht. Hostnamen und andere das Netzwerk betreffende Dinge sind aber noch undefiniert. rc.M konfiguriert einen Screenblanker, startet den cron, setzt den Hostnamen und verzweigt dann vorübergehend in die Scripte rc.inet1 und rc.inet2. Ersteres dient dazu, den Kernelteil des Netzwerkes zu konfigurieren: Die Interfaces erhalten ihre IP-Nummern und werden gestartet, danach setzt sich der Kernel Routingtabellen. Das gesamte Script besteht im Prinzip nur aus glorifizierten Aufrufen von ifconfig und route. Die zweite Datei konfiguriert dann den Anwendungsteil des Netzes, indem dort die entsprechenden Serverprozesse gestartet werden. Die folgenden Arbeiten in rc.M erledigen dann einige Aufräumarbeiten, die zu verschiedenen Subsystemen gehören. Wichtig ist hier vor allen Dingen der Aufruf von ldconfig, der Links auf die aktuellen Versionen der shared libraries auf den neuesten Stand bringt. Am Ende von rc.M wird dann noch auf rc.local verzweigt, in der der Systemverwalter lokale Modifikationen des Systemstarts unterbringen kann. Einige Versionen der Slackware verzweigen bei Bedarf noch in andere, spezialisierte rc-Dateien zum Verstellen des Zeichensatzes oder der Tastaturbelegung.\nErweiterungen der rc-Dateien Bei der Konstruktion der rc-Dateien, wie sie im Abschnitt \u0026ldquo;Slackware inittab\u0026rdquo; gezeigt wird, ist einzig die Datei rc.local für lokale Erweiterungen des Bootvorganges vorgesehen. Der Systemverwalter kann hier neben lokalen Anpassungen für Zeichensatz und Tastatur eigene Dämon-Prozesse starten oder den Weg für den Start solcher Prozesse bereiten (indem zum Beispiel alte Lockdateien abgeräumt werden).\nDabei sollte man auf jeden Fall darauf achten, daß die rc.local-Datei beendet wird! rc.S wird als sysinit-Eintrag ausgeführt und rc.local ist Bestandteil von rc.M und wird als wait-Eintrag ausgeführt. In beiden Fällen können die folgenden Einträge der inittab erst dann ausgeführt werden, wenn rc.S bzw. rc.M beendet sind. Die folgenden Einträge sind aber die getty-Prozesse für die Systemkonsole (c1-c6), die das Login überhaupt ermöglichen. Wenn ein Fehler in rc.M also dazu führt, daß sich das Script niemals beendet, kommen niemals Loginprompts und man kann sich nicht anmelden, um den Fehler zu korrigieren.\nDer Fehler tritt zum Beispiel gerne dann auf, wenn man in rc.local einen Dämon startet (es ist ein Characteristikum von Dämonen, daß sie sich nach Möglichkeit nicht beenden), der sich nicht automatisch selbst in den Hintergrund schiebt. Zum Beispiel schiebt sich der nnmaster-Aufruf\n/usr/lib/nn/nnmaster -l -r -C automatisch in den Hintergrund, während\n/usr/lib/nn/nnmaster -f -l -r -C keinen Hintergrundprozeß erzeugt, sondern ausdrücklich im Vordergrund bleibt. In der rc.local würde nur der erste Aufruf korrekt funktionieren, der zweite würde das System blockieren.\nIn der /etc/inittab im Abschnitt \u0026ldquo;Slackware inittab\u0026rdquo; ist nnmaster jedoch in der zweiten Variante eingetragen. Wieso ist das hier notwendig? Nun, in der inittab ist nnmaster als respawn-Eintrag eingetragen: init bewacht den nnmaster hier und startet ihn neu, falls notwendig. Wäre nnmaster hier ohne -f eingetragen, würde der Dämon sich in den Hintergrund schieben und der Vordergrundprozeß würde sich gleich wieder beenden. init bemerkt, daß sich der von ihm gestartete Prozeß beendet hat und würde sogleich einen zweiten nnmaster starten, wie der respawn-Eintrag es befiehlt. Solche Einträge erzeugen dann die Meldung \u0026ldquo;respawning to rapidly\u0026rdquo;.\nrc-Dateien im Stile von System V Das Konzept der rc.local-Datei ist zwar schön einfach zu verstehen, aber für die automatische Wartung des Systems ist es nicht besonders elegant. In einer kommerziellen Umgebung würde man davon ausgehen, daß die Benutzer des Systems reine Anwender sind und kaum genug Ausbildung haben, um mit der Anwendung selbst klarzukommen. Auch von der Systemverwaltung kann man nicht in jedem Fall verlangen, daß sie zu selbstständigen Änderungen an rc-Dateien in der Lage ist. Das gilt insbesondere dann, wenn diese Änderung den fehlerfreien Wiederanlauf des Systems gefährden kann. Für Anwendungen, die durch schlecht ausgebildete Personen aus vorgefertigen Packages installiert werden sollen, wäre es wünschenswert, wenn ein Mechanismus besteht, durch den sie sich automatisch und weitgehend fehlerfrei in die Programmfolge beim Systemstart einhängen können.\nEin ähnliches Problem besteht schon seit Jahren im Bereich MS-DOS, wo Installationsprozeduren von Anwendungspaketen Änderungen an der AUTOEXEC.BAT und der CONFIG.SYS vornehmen müssen. Im Bereich MS-DOS löst man dies, indem jede Anwendung einen großen Installator mit sich herumschleppt, der in der Lage ist, solche Konfigurationsdateien zu parsen und zu korrekt verändern (oder auch nicht). Das so etwas schon bei MS-DOS nicht richtig funktioniert, bemerkt der Autor jedesmal an seiner eigenen Konfiguration, die leider nicht linear ist, sondern mehrere Verzweigungen und Aufrufe von Unterbatches enthält. Praktisch alle DOS-Installationsprogramme führen ihre Änderungen an der falschen Stelle oder nur für eine Konfiguration (meistens nicht die aktive) ein. UNIX Shellscripte sind allerdings noch mächtiger als DOS Batchdateien und für ein Installationsprogramm entsprechend schwieriger zu handhaben. Die Wahrscheinlichkeit, daß ein rc-Modifikator eine etwas komplexere rc.local durch seine Änderungen zerstört sind viel größer als für ein DOS Installationsprogramm.\nIn System V UNIX verwendet man deswegen ein etwas anderes Konzept, daß ohne aufwendige Parser auskommt und trotzdem viel sicherer funktioniert. Statt alle Anweisungen in eine einzige Datei zu quetschen, hat man die rc-Datei dort in viele kleine Module zerlegt, von denen sich jedes um einen Aspekt des Systemstartes kümmert. Man hat für jeden Run-Level ein Unterverzeichnis /etc/rcn.d (wobei n die Nummer des Run-Levels ist). Dort befinden sich die Startdateien für diesen Run-Level. Das Script /etc/rcn (wieder ist n der Run-Level) ist für jeden Run-Level gleich und führt nacheinander alle Dateien im zum Run-Level gehörenden Unterverzeichnis aus.\nPer Konvention haben alle Dateien im Unterverzeichnis entweder den Namen KxyNAME oder SxyNAME. Eine K-Datei dient dazu, irgendeinen Dienst beim Betreten des Run-Levels zu stoppen, eine S-Datei dient dazu, einen Dienst zu starten. Die Ziffern xy laufen von 00 bis 99 durch und dienen dazu, eine alphabethische Reihenfolge der Script zu definieren: Das Script führt die einzelnen Module in der Reihenfolge K00 bis K99 und dann S00 bis S99 aus. Es ruft K-Scripte mit dem Parameter stop auf, S-Scripte werden mit dem Parameter start aufgerufen. Der Bestandteil NAME dient zur Identifikation des Scriptes und bezeichnet das Subsystem, das durch das Script gestartet oder gestoppt wird.\nEin Programmpaket kann bei dieser Konstruktion ganz leicht eingefügt werden. Nehmen wir an, ein hypothetischer FAX-Server kfax braucht beim Systemstart einige Anweisungen, um einen Dämon-Prozeß zu starten und ein wenig aufzuräumen. Das Installationspaket könnte eine Datei mit den benötigten Anweisungen erzeugen und sie als /etc/init.d/kfax in einem Sammelverzeichnis für alle Startscripte installieren. Das Modul soll beim Betreten von Run-Level 5 getstartet werden. Also erzeugt die Installationsprozedur ein Symlink von /etc/rc5.d/S99kfax nach /etc/init.d/kfax. Die Installation braucht also nur eine Datei zu erzeugen und ein Link zu legen, um ihr Modul in die rc-Scripte zu integrieren. Soll das Script in mehr als einem Run-Level aktiviert werden, wird es auch von den anderen /etc/rcn.d-Verzeichnissen nach /etc/init.d gelinkt. Lesen und Verstehen von rc.local oder anderen Scripten ist nicht notwendig. Die Deinstallationsanweisung ist genauso simpel: \u0026ldquo;Löschen Sie die Datei /etc/rc5.d/S99kfax und starten Sie das System neu.\u0026rdquo;\nBeim Wechsel in den Run-Level 5 wird unser Beispielsystem das Script /etc/rc5 durch einen once-Eintrag aktivieren. Das Script geht alle Dateien in /etc/rc5.d durch und führt sie der Reihe nach aus. Es wird zunächst alle /etc/rc.d/K*-Dateien mit dem Parameter stop aufrufen, danach wird es alle /etc/rc.d/S*-Dateien mit dem Parameter start aufrufen. Ganz am Schluss wird S99kfax start ausgeführt.\nDas folgende Listing zeigt den inittab-Eintrag und ein Listing von /etc/rc5.\nSystem V Startscript /etc/rc5 Der Eintrag in der /etc/inittab:\nr5:5:once:/etc/rc5 Das zugehörige Script:\n# /bin/sh -- #\tDas Script wird ausgefuehrt, wenn das System in den #\tRun-Level 5 wechselt. # #\tFuer die anderen Run-Levels sollten # analoge Eintraege und Scripte existieren. PATH=/bin:/sbin:/usr/sbin:/usr/bin if [ -d /etc/rc5.d ] then # Ausfuehren der Stopscripte MODE=stop for f in /etc/rc5.d/K* do if [ -x ${f} ] then /sbin/sh ${f} stop else . ${f} fi done # Ausfuehren der Startscripte MODE=start for f in /etc/rc3.d/S* do if [ -x ${f} ] then /sbin/sh ${f} start else . ${f} fi done fi Slackware inittab # # inittab This file describes how the INIT process should set up # the system in a certain Run-Level. # # Version: @(#)inittab 2.04 17/05/93 MvS # # Author: Miquel van Smoorenburg, \u0026lt;miquels@drinkel.nl.mugnet.org\u0026gt; # # Default runlevel. id:5:initdefault: # System initialization (runs when system boots). si:S:sysinit:/etc/rc.d/rc.S # Script to run when going single user. su:S:wait:/etc/rc.d/rc.K # Script to run when going multi user. rc:123456:wait:/etc/rc.d/rc.M # What to do at the \u0026#34;Three Finger Salute\u0026#34;. ca::ctrlaltdel:/sbin/shutdown -t3 -rf now # What to do when power fails (shutdown to single user). pf::powerfail:/sbin/shutdown -f +5 \u0026#34;THE POWER IS FAILING\u0026#34; # If power is back before shutdown, cancel the running shutdown. pg:0123456:powerokwait:/sbin/shutdown -c \u0026#34;THE POWER IS BACK\u0026#34; # If power comes back in single user mode, return to multi user mode. ps:S:powerokwait:/sbin/init 5 # The getties in multi user mode on consoles an serial lines. # # NOTE NOTE NOTE adjust this to your getty or you will not be # able to login !! # # Note: for \u0026#39;agetty\u0026#39; you use linespeed, line. # for \u0026#39;getty_ps\u0026#39; you use line, linespeed and also use \u0026#39;gettydefs\u0026#39; #c1:12345:respawn:/sbin/agetty 38400 tty1 c2:12345:respawn:/sbin/agetty 38400 tty2 c3:12345:respawn:/sbin/agetty 38400 tty3 c4:45:respawn:/sbin/agetty 38400 tty4 c5:45:respawn:/sbin/agetty 38400 tty5 c6:456:respawn:/sbin/agetty 38400 tty6 # nn nn:23456:respawn:/usr/lib/nn/nnmaster -f -l -r -C # Serial lines #s1:45:respawn:/sbin/agetty 19200 ttyS0 #s2:45:respawn:/sbin/agetty 19200 ttyS1 # Dialup lines #d1:45:respawn:/sbin/agetty -mt60 38400,19200,9600,2400,1200 ttyS0 #d2:45:respawn:/sbin/agetty -mt60 38400,19200,9600,2400,1200 ttyS1 # Runlevel 6 used to be for an X-window only system, until we discovered # that it throws init into a loop that keeps your load avg at least 1 all # the time. Thus, there is now one getty opened on tty6. Hopefully no one # will notice. ;^) # It might not be bad to have one text console anyway, in case something # happens to X. x1:6:wait:/etc/rc.d/rc.6 # End of /etc/inittab Das Action Feld in der /etc/inittab Das Feld action in der inittab bestimmt, wie init mit dem im Feld process genannten Prozeß verfährt. sysvinit kennt dieselben Schlüsselworte wie ein richtiger init eines originalen System V UNIX plus einige eigene Schlüsselworte, die spezifisch für Linux sind.\nStart und Restart von Prozessen off: Zeilen, die als off gekennzeichnet sind, sind inaktiv. Dies stellt eine gute Methode dar, um Einträge in der inittab vorübergehend außer Betrieb zu nehmen. Natürlich könnte man sie auch in Kommentarzeilen verwandeln, indem man an den Anfang der Zeile ein \u0026ldquo;#\u0026rdquo; setzt. respawn: Dies ist der häufigste Eintrag, wie er für gettys und für Dämon-Prozesse verwendet wird, die automatisch neu gestartet werden sollen. Wenn sich ein so gekennzeichneter Eintrag beendet, versucht init den Prozeß erneut zu starten. Kommt es dabei zu einer Endlosschleife (der Prozeß beendet sich aufgrund eines Fehlers sofort wieder, init startet ihn sofort wieder neu\u0026hellip;), erkennt init dies und legt den Eintrag für einige Minuten mit der Meldung \u0026ldquo;process respawning too rapidly\u0026rdquo; still. initdefault: Der initdefault-Eintrag hat in gewisser Weise eine Sonderrolle: Er spezifiziert keinen Prozeß, sondern sein runlevel-Feld gibt an, in welchen Run-Level sich das System beim Systemstart begeben soll. Fehlt dieser Eintrag, wird der gewünschte Run-Level beim Booten an der Console erfragt. wait: Mit wait gekennzeichnete Prozesse werden von init einmal beim Betreten des Run-Levels gestartet. init wartet dann darauf, daß der entsprechende Prozeß sich wieder beendet, bevor der nächste Eintrag abgearbeitet wird. Da init die Einträge einer inittab von oben nach unten abarbeitet, kann man so eine kontrollierte Folge von Scripten beim Erreichen eines Run-Levels starten. once: Mit once gekennzeichnete Prozesse werden von init einmal beim Betreten des Run-Levels gestartet. Im Gegensatz zur Aktion wait wartet init hier aber nicht auf das Ende des Prozesses, bevor der nächste Eintrag der inittab abgearbeitet wird. once wird normalerweise verwendet, um einen Dämon zu starten ohne in wie bei respawn bewachen zu lassen. Sollte der Dämon sich beenden, wird eben kein neuer Prozeß gestartet. In System V UNIX wird once verwendet, um die /etc/rcn-Scripte zu starten. Boot Weil init als allererster Prozeß im System gestartet wird, muß es Einträge gegeben, die spezifizieren, wie das System ans Laufen gebracht wird. Bei diesen Einträgen wird das Feld runlevels ignoriert. Sie werden beim Start des Systems schlicht von oben nach unten abgearbeitet.\nsysinit: Die ersten Prozesse der Bootphase werden durch die sysinit-Einträge bestimmt. Es handelt sich meistens um Scripte, deren Aufgabe es ist, die Platten zu checken und sie read-write anzumelden. boot: Nach den sysinit-Scripten folgen dann die anderen Scripte der Bootphase. bootwait: Bei bootwait-Einträgen wartet das System mit dem Starten des Folgeeintrags solange, bis der aktuelle Eintrag abgearbeitet ist. Bei boot-Einträgen wird dagegen nicht gewartet. Speziell für Linux sysvinit von Linux hat außerdem noch einige Nichtstandard-Aktionen. Sie dienen hauptsächlich der Unterstützung von USVs und zumAbfangen der Tastenkombination Control-Alt-Delete.\nctrlaltdel: Bei diesem Eintrag wird das Feld runlevels ebenfalls ignoriert. Er wird aktiviert, wenn jemand an der Console die Tastenkombination Control-Alt-Delete gedrückt hat. Normalerweise wird man hier entweder das System herunterfahren oder in den single user mode wechseln. powerwait: powerfail: Einträge mit der Aktion powerwait oder powerfail werden aktiviert, wenn das System ein SIGPWR Signal erhält. Dies ist typischerweise ein Signal, das vom Kernel generiert wird, wenn die Stromversorgung des Systems zusammenbricht und die USV übernimmt. Bei powerwait-Einträgen wartet init wieder auf das Ende eines Eintrages, bevor der nächste abgearbeitet wird, während dies bei powerfail-Einträgen nicht geschieht. powerokwait: Dieser Eintrag wird aktiviert, wenn ein SIGPWR auftritt und die Datei /etc/powerstatus das Wort OK enthält. Sollte die Stromversorgung wieder funktionieren, bevor das System sich auf Grund des ersten SIGPWR abgeschaltet hat, kann durch einen Eintrag hier die Abschaltung verhindert werden. ondemand: Ein Eintrag mit der Bezeichnung ondemand funktioniert ähnlich wie ein Eintrag once. Während ein once-Eintrag jedoch nur beim Betreten eines Run-Levels aktiviert wird, wird ein ondemand-Eintrag auch dann aktiviert, wenn das System in den Run-Level wechseln soll, in dem es sich sowieso schon befindet. ","date":"1995-12-01T00:00:00Z","href":"https://blog.koehntopp.info/1995/12/01/init-starten-und-beenden-von-linux.html","tags":["lang_de","publication","unix"],"title":"init - Starten und Beenden von Linux"},{"categories":null,"content":"Linux Magazin, Heft 11/1995\nCnews in Betrieb nehmen Ein Cnews in Betrieb zu nehmen ist schon nicht ganz einfach, wenn man die originalen Quelltexte hat und den Installationsanweisungen des Autors, Henry Spencer von der Universität Toronto, folgt. Aber in der Slackware, die mit der Infomagic Developers Ressource vom März 1995 geliefert wird, sind noch einige zusätzliche Haken und Ösen eingebaut. Dieser Text beschreibt, wie ich mein Cnews von dieser CD zum Laufen bekommen habe.\nEigentlich bin ich ja kein Dosen-Benutzer, aber durch eine Verkettung unglücklicher Umstände und fehlende Treiber war ich gezwungen, etwas über ein Jahr mit MS-DOS und Crosspoint zuzubringen. Irgendwann Mitte des Jahres hatte ich dann die Zusammenbrüche der Messagebase und das Warten beim Einsortieren der Artikel satt. Ich beschloß, mir wieder ein Linux und ein Cnews zu installieren, damit ich meine News endlich wieder mit Gottes eigenem Newsreader lesen kann. Eine Infomagic Developers Ressource ist günstig zu bekommen und die Slackware darauf sollte eine gut getestete Standarddistribution sein.\nSoweit die Theorie. In der Praxis bin ich bei der Installation des Cnews-Paketes von dieser CD in eine ganze Reihe kleine Fallen gelaufen, die offenbar nicht nur mich Nerven gekostet haben. Ich habe keine Ahnung, warum das Cnews auf dieser Distribution so bissig ist (Nehmt Ihr alle INN?), aber man kann es in den Griff bekommen.\nGleich der erste Fehler, der mir bei der Slackware in die Arme lief, waren die Zugriffsrechte auf den Temporärverzeichnissen: Mein /var/tmp hatte die Zugriffsrechte 755 und gehörte root.root. Mit diesen Rechten muß nicht nur Cnews Fehlermeldungen ausspucken, sondern jedes andere Programm, das ebenfalls mit diesem Verzeichnis arbeitet, funktioniert nur für den Systemverwalter.\nHier sind die korrekten Zugriffsrechte für diese Verzeichnisse:\nroot@white:~# ls -ld /tmp /var/tmp /usr/tmp drwxrwxrwt 3 root root 1024 Jul 20 16:43 /tmp lrwxrwxrwx 1 root root 8 Jul 8 14:55 /usr/tmp -\u0026gt; /var/tmp drwxrwxrwt 2 root root 1024 Jul 20 08:37 /var/tmp Cnews setzt voraus, daß ein User news existiert. Man sollte später die Wartung des Newssystems, also das Anlegen und Löschen von Gruppen und Artikeln, keinesfalls als Systemverwalter machen. Alle Wartung an Cnews muß immer als news erfolgen! Ich habe dem news-User der Slackware daher ein Homeverzeichnis und ein Paßwort gegeben:\nroot@white:~# grep news /etc/passwd news:deletedforsafety:9:13:white.schulung.netuse.de news:/var/lib/news: root@white:~# ls -ld /usr/lib/news lrwxrwxrwx 1 root root 13 Jul 9 22:27 /usr/lib/news -\u0026gt;; /var/lib/news Die Paßwortdatei sollte man vor der Änderung sichern, danach kann man die betreffende Zeile dann leicht mit einem Editor anpassen und die Änderungen mit einem diff zwischen der gesicherten und der geänderten Version prüfen. Das Homeverzeichnis von news ist bei mir das Verzeichnis mit den Konfigurationsdateien des Newspaketes, /var/lib/news. Als ich mit UNIX angefangen habe, gab es noch keine /var-Verzeichnisse und so bin ich /usr/lib/news als Verzeichnis gewohnt. Also habe ich mir ein Symlink von /usr/lib/news nach /var/lib/news installiert - die Macht der Gewohnheit.\nAußer diesem Konfigurationsverzeichnis hat Cnews auch noch verschiedene Hilfsprogramme. Diese verstecken sich in den Unterverzeichnissen von /usr/lib/news/bin (in /usr, weil dies statische Dateien sind, im Gegensatz zu den veränderlichen Konfigurationsdateien). Diese Dateien gehören alle root, damit sie per NFS und mit root_squash exportiert werden können. Leider macht die einzig notwendige Ausnahme, relaynews, diesen Sicherheitsgewinn bei einem NFS-Export wieder zunichte\u0026hellip;\nAn einigen der Programme unterhalb von /usr/lib/newsbin habe ich mich vergriffen, damit das Newssystem so funktioniert, wie ich mir das vorgestellt habe. Im Einzelnen waren die Änderungen:\nnews@white:/usr/lib/newsbin$ find . -type f -mtime -100 -print ./ctl/newgroup ./maint/newsdaily ./maint/junkgroups ./inject/pnews Die Änderungen waren folgendermaßen:\nctl/newgroup: Automatische Erzeugung neuer Newsgroups komplett abgeschaltet. Das ist am Anfang nicht weiter wichtig. maint/newsdaily: Dieses Programm soll einmal am Tag ablaufen, um Cnews Statusreports zu erzeugen. Wegen eines Problems mit der bash hat das Programm aber leider den Report vor dem Versenden gelöscht. Am Anfang des Scriptes ist eine Zeile mit \u0026ldquo;trap\u0026rdquo;. Ich habe sie brutal auskommentiert. maint/junkgroups: Das ist ein kleines Script, das ich mir geschrieben habe, um das Logbuch von Cnews nach nichtexistierenden Gruppen zu durchsuchen. Es erzeugt eine Liste der fehlenden Gruppen, damit ich sie dann anlegen kann. inject/pnews: pnews ist das Programm, mit dem neue Artikel in das Newssystem eingespielt werden können. Es erzeugt keine \u0026ldquo;Lines:\u0026quot;-Headerzeile für neue Artikel. Der Lines-Header ist zwar optional und Cnews entscheidet sich zu Recht dazu, nur minimale Header zu erzeugen, aber nn funktioniert besser, wenn der Lines-Header vorhanden ist. Es genügt, pnews in den Editor zu laden und nach dem Text \u0026ldquo;Lines\u0026rdquo; zu suchen. Dort befinden sich Anweisungen, wie man die Erzeugung von Lines-Zeilen aktivieren kann.\nKeine dieser Änderungen war kritisch. Es sind mehr Schönheitskorrekturen. Wichtiger sind stattdessen die Steuerdateien von Cnews. Sie befinden sich wie gesagt in /var/lib/news. Im Unterverzeichnis bin steht dort eine Datei config. Sie enthält einen Haufen Informationen, die die Shellscripte von Cnews benötigen. Diese Informationen müssen genau mit den Steuerinformationen des restlichen Newssystems übereinstimmen oder Cnews stellt die Arbeit kommentarlos ein. Daher darf diese Datei niemals verändert werden. Leider hatte sie jemand verändert, jedenfalls war sie schon auf der CD falsch. Hier ist die korrekte /usr/lib/news/bin/config:\n# configuration -- all the shell files pick this up using \u0026#34;.\u0026#34; # this makes it possible to add new variables here and have them # available everywhere immediately # # This is not, repeat NOT, a master control file for all of C News. # This is the shell equivalent of libcnews/config.c, a \u0026#34;subroutine # library\u0026#34; that gives shell files access to the default settings and # lets environment variables override the defaults. Changing the # defaults here will *NOT* change them throughout C News. # # =()\u0026lt;NEWSCTL=${NEWSCTL-@\u0026lt;NEWSCTL\u0026gt;@}\u0026gt;()= NEWSCTL=${NEWSCTL-/var/lib/news} # =()\u0026lt;NEWSBIN=${NEWSBIN-@\u0026lt;NEWSBIN\u0026gt;@}\u0026gt;()= NEWSBIN=${NEWSBIN-/usr/lib/newsbin} # =()\u0026lt;NEWSARTS=${NEWSARTS-@\u0026lt;NEWSARTS\u0026gt;@}\u0026gt;()= NEWSARTS=${NEWSARTS-/var/spool/news} # =()\u0026lt;NEWSPATH=${NEWSPATH-@\u0026lt;NEWSPATH\u0026gt;@}\u0026gt;()= NEWSPATH=${NEWSPATH-/bin:/usr/bin:/usr/sbin:/sbin} # =()\u0026lt;NEWSUMASK=${NEWSUMASK-@\u0026lt;NEWSUMASK\u0026gt;@}\u0026gt;()= NEWSUMASK=${NEWSUMASK-002} # =()\u0026lt;NEWSMASTER=${NEWSMASTER-@\u0026lt;NEWSMASTER\u0026gt;@}\u0026gt;()= NEWSMASTER=${NEWSMASTER-news} # =()\u0026lt;NEWSCONFIG=${NEWSCONFIG-@\u0026lt;NEWSCONFIG\u0026gt;@}\u0026gt;()= NEWSCONFIG=${NEWSCONFIG-/var/lib/news/bin/config} Jetzt kann man daran gehen, den Rest des Newssystems zu konfigurieren. Als erstes muß die Identität des Systems korrekt eingestellt werden: In den Dateien whoami und mailname muß der komplette Name des eigenen Systems inklusive Domain eingetragen werden. Da mein System den Namen white.schulung.netuse.de trägt, habe ich also diese Namen eingesetzt:\nnews@white:~$ cat whoami white.schulung.netuse.de news@white:~$ cat mailname white.schulung.netuse.de Leider steht hier im NEWS-HOWTO und in der Anleitung von Cnews, daß man in whoami den kurzen UUCP-Namen des Systems ohne Domain eintragen sollte. Das darf man nur dann, wenn dieser Name auch in der weltweiten USENET/UUCP Map für einen selbst reserviert ist und garantiert weltweit eindeutig ist. Das ist in der Regel nicht der Fall und daher sollte man unbedingt den Domainnamen einsetzen.\nDer nächste Handgriff gilt der Datei organization, die den Inhalt der gleichnamigen Headerzeile darstellt. In dieser einzeiligen Datei soll die eigene Organisation möglichst kurz und prägnant beschrieben werden.\nnews@white:~$ cat organization My personal Linux in Kiel, Germany. Die dritte, relativ statische Konfigurationsdatei betrifft moderierte Newsgroups: In eine moderierte Gruppe kann man nicht direkt schreiben. Stattdessen wird der eigene Artikel an einen Moderator gesendet, der wie ein Redakteur bei einer Zeitung den Artikel begutachtet. Der Moderator gibt den Artikel dann entweder zur Veröffentlichung in seiner Newsgroup frei (er erscheint mit dem Namen des Originalautors) oder bittet den originalen Autor um Korrekturen. Die Datei mailpaths enthält eine Liste von moderierten Newsgroups und Moderatoren. Für den Anfang genügt es, alle Gruppen von einem zentralen Knoten abhandeln zu lassen. Dieser wird die Artikel dann nach Bedarf weiterleiten.\nDas genaue Format der Datei mailpaths ist in einem Artikel beschrieben, der von David C. Lawrence regelmäßig in den internationalen Gruppen news.lists,news.admin.misc und news.answers unter dem Titel \u0026ldquo;How to Construct the Mailpaths File\u0026rdquo; veröffentlicht wird. Aber für den Anfang genügt es, dort den Text\nnews@white:~$ cat mailpaths backbone uunet.uu.net!%s einzutragen. Nachdem diese vier kleinen Konfigurationsdateien einmal aufgesetzt worden sind, kann man sie erst einmal vergessen. Die folgenden Steuerdateien sind wichtiger. Sie benötigen im Laufe der Existenz eines Newssystems wahrscheinlich gelegentlich Anpassungen, wenn weitere Gruppen eingerichtet werden oder wenn die Festplatte volläuft. Die erste dieser zentralen Konfigurationsdateien ist die Datei sys. Sie legt fest, welche Newsgroups wir überhaupt akzeptieren und an wen wir Newsgroups weiterleiten.\nnews@white:~$ cat sys # Diese Zeile zeigt an, welche Newsgroups wir überhaupt akzeptieren: # Wir nehmen jeden Müll an. Warum Streß machen... ME:all,all.all # Artikel, die wir auf unserem System neu erzeugen, werden an den # Rechner weitergeleitet, der uns mit News versorgt. Im Beispiel heißt # dieser Rechner nuki. nuki verewigt sich im Pfad als nuki.netuse.de. # # Also senden wir nur diejenigen Artikel an nuki, die noch nicht # nuki.netuse.de in der Path-Zeile stehen haben: #\tnuki/nuki.netuse.de: # # Wir möchten, daß alle Artikel in allen Gruppen an nuki weitergeleitet # werden mit Ausnahme der lokalen Gruppen, die den Namen white.irgendwas # haben: # all,all.all,!white.all # # Artikel können eine Zeile Distribution enthalten, die die Verbreitung # räumlich einschränkt. Wir leiten alle Distributionen an nuki weiter, aber # nicht local und auch nicht white. # all,!white,!local # # Tja und dann wollen wir noch Standardbatching haben: # :f: # # Es ergibt sich diese Zeile in der Konfigurationdatei: # nuki/nuki.NetUSE.de:all,all.all,!white.all/all,!white,!local:f: Alle Zeilen mit \u0026ldquo;#\u0026rdquo; in dieser Datei sind selbstverständlich Kommentare. Sie können gerne weggelassen werden. Neu erzeugte Artikel müssen natürlich irgendwann einmal verpackt und an nuki.netuse.de weitergeleitet werden. Wie das geschieht, steuert die Datei batchparms. Sie muß für jedes System, an das wir senden wollen, einen Eintrag enthalten:\nnews@white:~$ cat batchparms # big batches for fast modem (ISDN!), simple compression # site size queue builder muncher sender # ---- ---- ----- ------- ------- ------ nuki 500000 20 batcher compcun viauux So, jetzt können wir daran gehen, einen Spoolbereich für News einzurichten und danach können dann Gruppen erzeugt werden. Standardmäßig sieht es bei der Slackware so aus:\nnews@white:~$ cd /usr/spool/news news@white:/usr/spool/news$ ls news@white:/usr/spool/news$ Nichts da. Für jede Gruppe in der Datei ~news/active muß hier ein passendes Unterverzeichnis angelegt werden. Außerdem brauchen wir noch einige Spezialverzeichnisse.\nnews@white:/usr/spool/news$ cat ~news/active junk 000000001 00001 y control 000000001 00001 y news.announce.newusers 000000001 00001 y news@white:/usr/spool/news$ mkdir -p news/announce/newusers junk control news@white:/usr/spool/news$ mkdir in.coming in.coming/bad out.going out.going/nuki out.master Statt nuki und nuki.netuse.de müssen natürlich die Namen des eigenen Feeds als Verzeichnisnamen eingesetzt werden. Aber zurück in das Verzeichnis ~news: Im Laufe des Lebens des Newssystems wird man sich öfter als User news einloggen müssen. Also sollte man diesem Benutzer in seinem Home eine vernünftige .profile verpassen. Hier ist eine:\nnews@white:~$ cat .profile echo \u0026#34;.profile\u0026#34; PATH=/bin:/usr/bin:/usr/local/bin:/usr/sbin:/sbin:/usr/lib/newsbin/maint:/usr/lib/newsbin/expire:/usr/lib/newsbin/input:/usr/lib/newsbin/batch Diese Pathangabe ist ziemlich lang, aber sie vereinfacht die Wartung des Newssystems. Nach dem Einlesen der .profile-Datei kann man sich dann daran machen, Newsgroups anzulegen:\nnews@white:~$ . .profile news@white:~$ echo $PATH /bin:/usr/bin:/usr/local/bin:/usr/sbin:/sbin:/usr/lib/newsbin/maint:/usr/lib/newsbin/expire:/usr/lib/newsbin/input:/usr/lib/newsbin/batch news@white:~$ addgroup gewuenschte.name.fuer.die.gruppe y Mit dem Kommando addgroup kann man neue Newsgroups anlegen. Auf jeden Fall sollte man sich eine lokale Gruppe zum Testen anlegen. Diese Gruppe sollte nicht nach draußen exportiert werden. Im Beispiel oben ist die Gruppenhierarchie white.all schon dafür vorbereitet worden. Also kann man gefahrlos eine Gruppe white.test anlegen:\nnews@white:~$ addgroup white.test y Weiterhin möchte man natürlich Newsgroups anlegen, die man von seinem Feed bestellt hat. Am einfachsten geht das, indem man eine Datei anlegt, in der diese Gruppen aufgezählt sind, jeweils ein Name pro Zeile. Im Beispiel enthält die Datei x eine solche Liste. Wir zeigen nur den Kopf dieser Liste, um Platz zu sparen:\nnews@white:~$ head x alt.fan.pratchett alt.tv.babylon-5 cau.ifi.apply.eulisp cau.ifi.archive cau.ifi.fragen cau.ifi.general cau.ifi.inf cau.ifi.statistic cau.ifi.termine cau.inf news@white:~$ cat x | xargs -i addgroup {} y Das Kommando xargs sorgt dafür, daß sein Parameter addgroup für jede Zeile der Standardeingabe einmal ausgeführt wird. Es wird also für jede Zeile der Datei x ein addgroup-Kommando gestartet. Nachdem dies abgeschlossen ist (es dauert eine gewisse Zeit), könnten im Prinzip schon News eingespielt werden. Wir möchten jedoch auch, daß diese Artikel nach einer gewissen Zeit wieder verschwinden. Daher muß auch noch konfiguriert werden, in welcher Gruppe die Artikel wieviele Tage verbleiben sollen. Die Steuerdatei, die dies regelt, ist die Datei explist:\nnews@white:~$ cat explist # Die Reihenfolge der Zeilen in dieser Datei ist wichtig! # Die History bleibt 14 Tage erhalten. Kein Artikel bleibt länger # als 90 Tage /expired/ x 14 - /bounds/ x 0-1-90 - # Artikel in control bleiben 7 Tage, junk geht nach 1 Tag weg control x 3 - junk x 1 - # Alle anderen Artikel verschwinden nach 7 Tagen all x 7 - Wenn man auch damit durch ist, kann das System endlich auf Autopiloten gestellt werden. Daztu muß eine Datei crontab.news im Homeverzeichnis von news erzeugt werden. Sie sollte so aussehen:\n# Auspacken von neu eingegangenen News 0,10,20,30,40,50 * * * * /usr/lib/newsbin/input/newsrun # Einpacken von lokal erstellten News 25 * * * * /usr/lib/newsbin/batch/sendbatches # Wegschmeissen von ueberalterten Artikeln 59 0 * * * /usr/lib/newsbin/expire/doexpire # Nur fuer NN-Benutzer: nnmaster wecken! # 59 2 * * * /usr/bin/nnadmin =eyw # Systemüberwachung 10 5 * * * /usr/lib/newsbin/maint/newsdaily 00 5 * * * /usr/lib/newsbin/maint/newswatch # Nur fuer NN-Benutzer: Sichern der Active-Dateien und erstellen # der Subject-Datenbank #59 3 * * * /usr/lib/nn/nnspew #29 3 * * * /usr/lib/nn/back_act Die auskommentierten Zeilen sind nur wichtig, wenn der Newsreader nn verwendet wird. In diesem Fall müssen sie aktiviert werden, d.h. die Kommentarzeichen müssen gelöscht werden. Die Crontab-Datei wird mit dem Kommando¯\nnews@white:~$ crontab crontab.sample installiert und kann mit dem Kommando\nnews@white:~$ crontab -l geprüft werden. Die Crontab regelt, wann am Tag das Programm cron bestimmte Tätigkeiten ausführt. So bedeutet die Zeile\n59 0 * * * /usr/lib/newsbin/expire/doexpire aus der Crontab oben zum Beispiel, daß jeden Tag um 0 Uhr 59 das Programm doexpire gestartet werden soll, um alte Artikel zu löschen. Das funktioniert natürlich nur dann, wenn der Rechner um diese Zeit auch sicher angeschaltet ist. UNIX-Rechner haben in der Regel viele solche Cronjobs, die des Nachts alle wichtigen, aber unangenehmen Aufgaben erledigen. Daher sollte man den Rechner ruhig rund um die Uhr durchlaufen lassen und ihn um diese Zeit News und Mail holen lassen. Wenn man dies nicht machen kann, etwa weil der Rechner zu laut ist, dann muß man die Zeiten in der Crontab auf passende Zeiten anpassen.\nJetzt können wir daran gehen, das System zu testen:\nnews@white:~$ inews -n white.test -t \u0026#34;Testing\u0026#34; -d local Yummy Yummy Yummy ^D news@white:~$ Dies sollte eine Datei in in.coming erzeugen:\nnews@white:~$ cd /usr/spool/news/in.coming/ news@white:/usr/spool/news/in.coming$ ls 0.1435483580.t bad news@white:/usr/spool/news/in.coming$ cat 0.1435483580.t Newsgroups: white.test Path: news From: news@white.schulung.netuse.de (Kristian Koehntopp) Subject: Testing Distribution: local Organization: My personal Linux in Kiel, Germany. Message-ID: \u0026lt;DC0tuC.70H@white.schulung.netuse.de\u0026gt; Date: Thu, 20 Jul 1995 15:32:34 GMT Lines: 1 Yummy Yummy Yummy Dabei sind folgende Dinge zu beachten:\nDie Path:-Zeile sollte nur den Namen des Absender enthalten. Die Absenderadresse sollte korrekt sein, also in der From:-Zeile den User news mit einem vollständigen Domainnamen zeigen. Die Zeilen Newsgroups: und Distribution: müssen so aussehen, wie mit den Optionen -n und -d gefordert. Das Subject: sollte so aussehen, wie mit -t vorgegeben. Das Datum sollte stimmen und in GMT angezeigt werden (Stimmt die Zeitzonenanpassung?). Und schließlich sollte auch eine Lines:-Headerzeile angezeigt werden und die korrekte Zeilenzahl angeben.\nWenn das alles stimmt, kann der Benutzer news (und nur news, niemals ein anderer!) das Kommando newsrun aufrufen. Das dauert in etwa eine Minute, weil in newsrun ein \u0026ldquo;sleep 45\u0026rdquo; enthalten ist.\nnews@white:/usr/spool/news/in.coming$ which newsrun /usr/lib/newsbin/input/newsrun news@white:/usr/spool/news/in.coming$ newsrun ^Z [1]+ Stopped newsrun news@white:/usr/spool/news/in.coming$ bg [1]+ newsrun \u0026amp; Im Logbuch muß jetzt ein Eintrag zu finden sein:\nnews@white:/usr/spool/news/in.coming$ cd news@white:~$ tail -2 log Jul 20 16:39:50.000 nuki.NetUSE.de + \u0026lt;3uljtj$fb4@picard.toppoint.de\u0026gt; Jul 20 17:35:52.000 white.schulung.netuse.de + \u0026lt;DC0tuC.70H@white.schulung.netuse.de\u0026gt; Der letzte Eintrag zeigt an, daß der Artikel erfaßt und akzeptiert worden ist. Wir sehen ihn uns an:\nnews@white:~$ ls -l /usr/spool/news/white/test/ total 1 -rw-r--r-- 1 news news 237 Jul 9 23:10 1 Das ist er. Durch das Einspielen in das Newssystem haben sich einige Headerzeilen (zum Beispiel der Path:) etwas verändert. Das ist normal. Der nächste Schritt im Test ist es, einen Artikel zu erzeugen, der den unseren Feed weitergegeben wird:\nnews@white:~$ inews -n nuki.test -t \u0026#34;Testing\u0026#34; Yummy Yummy Yummy ^D Dies ist kein Artikel mit der Distribution \u0026ldquo;local\u0026rdquo; und er ist nicht in einer lokalen Gruppe. Also sollte er an nuki weitergegeben werden:\nnews@white:~$ newsrun \u0026amp; [1] 9177 news@white:~$ cd /usr/spool/news/out.going/nuki/ news@white:/usr/spool/news/out.going/nuki$ ls -l total 1 -rw-rw-r-- 1 news news 15 Jul 20 17:38 togo news@white:/usr/spool/news/out.going/nuki$ cat togo nuki/test/1 264 Das newsrun hat den Artikel wieder in das Newssystem übernommen. Außer der Installation der Artikeldatei in /usr/spool/news/nuki/test ist aber noch etwas anderes passiert: In .../out.going/nuki ist eine Datei togo angelegt worden. Sie enthält ein Logbuch der noch zu packenden Artikel für das System nuki. Die Zahl hinter dem Artikelnamen ist die Länge des Artikels in Byte. Das Programm sendbatches wird die Datei togo einlesen und einen UUCP-Job für nuki erzeugen:\nnews@white:/usr/spool/news/out.going/nuki$ sendbatches ^Z [2]+ Stopped sendbatches news@white:/usr/spool/news/out.going/nuki$ ls -l total 3 -rw-rw-r-- 2 news news 5 Jul 20 17:40 L.9215 -rw-rw-r-- 2 news news 5 Jul 20 17:40 LOCKbatch -rw-rw-r-- 1 news news 0 Jul 20 17:40 togo -rw-rw-r-- 1 news news 15 Jul 20 17:40 togo.1 news@white:/usr/spool/news/out.going/nuki$ bg [2]+ sendbatches \u0026amp; news@white:/usr/spool/news/out.going/nuki$ ls -l total 0 -rw-rw-r-- 1 news news 0 Jul 20 17:40 togo [2]+ Done sendbatches news@white:/usr/spool/news/out.going/nuki$ uustat -s nuki nukid0294 nuki news 07-20 17:40 Executing rnews (sending 246 bytes) Im Beispiel ist sendbatches schon sehr kurz nach dem Aufruf mit ^Z gestoppt worden. Man kann deutlich sehen, wie das Newssystem während der Erzeugung der Batches Lockdateien erzeugt, um den Zugriff auf die Daten zu regulieren. Wird die Ausführung von sendbatches mit bg im Hintergrund freigegeben, verschwinden die Locks und die togo-Datei leert sich. Stattdessen entsteht ein UUCP-Job für das System nuki. Mit dem nächsten Start von UUCP verschwindet dieser Job in Richtung Feed.\nDamit sollte das Newssystem jetzt sicher laufen.\nCnews kommt mit einer umfangreichen englischen Dokumentation. Bei der Slackware steht sie in /usr/doc/cnews bereit, ist allerdings nicht formatiert. Um die Dokumentation zubereiten zu können, benötigt man bei der Slackware das Paket pmake (GNU make tut es nicht) und das Paket groff inklusive der zugehörigen Zeichensätze.\nWenn beide Pakete installiert sind, sollte es genügen, im entsprechenden Verzeichnis \u0026ldquo;pmake\u0026rdquo; aufzurufen. Dabei sollte root für die Dauer des pmake-Aufrufes (und nur für die Dauer des pmake-Aufrufes!) das Verzeichnis \u0026ldquo;.\u0026rdquo; im Suchpfad haben. Sollte es dabei zu Fehlermeldungen kommen, die besagen, daß das \u0026ldquo;ms\u0026rdquo; Makropaket nicht gefunden werden kann, kann man stattdessen tmac.cn verwenden. Dazu ist die Datei tmac.cn nach /usr/lib/groff/tmac/tmac.s zu kopieren. tmac.cn ist kein richtiger Ersatz für tmac.s, aber es ist kompatibel genug, um die Dokumentation zu übersetzen. Während der Übersetzung der Dokumentation hagelt es einige Warnmeldungen, aber diese sind unkritisch.\nDie resultierenden Postscript-Dateien können ausgedruckt werden oder mit ghostview oder Ghostscript angesehen werden. Die wichtigen Informationen stehen in der Datei guide.ps.\nroot@white:/usr/doc/cnews/docs# ls -l *ps -rw-r--r-- 1 root root 310197 Jul 21 11:42 guide.ps -rw-r--r-- 1 root root 29305 Jul 21 11:43 index.ps -rw-r--r-- 1 root root 5312 Jul 21 11:43 toc.ps Es ist auch möglich, eine ASCII-Version der guide-Datei zu erzeugen. Dazu ist das Kommando\nroot@white:/usr/doc/cnews/docs# pmake guide.out root@white:/usr/doc/cnews/docs# ls -l guide.out -rw-r--r-- 1 root root 223706 Jul 21 11:47 guide.out aufzurufen. Dabei entsteht eine ganze Menge Schrott auf dem Bildschirm, der aber ignoriert werden kann. Das Resultat wird eine Datei guide.out sein, die im aktuellen Verzeichnis steht und eine lesbare ASCII-Version des Guides enthält.\n","date":"1995-11-01T00:00:00Z","href":"https://blog.koehntopp.info/1995/11/01/cnews-in-betrieb-nehmen.html","tags":["lang_de","publication","internet"],"title":"Cnews in Betrieb nehmen"},{"categories":null,"content":" In \u0026lt;41s91l$mo7@erinews.ericsson.se\u0026gt; seahuh@sea.ericsson.se (AT/SEATUD HUBER Hartmut +43 1 81100 4601) writes: \u0026gt;Wer oder was ist eigentlich eine merkbefreiung? Die einzig echte Merkbefreiung: Die nachstehend eindeutig identifizierte Lebensform Name : ____________________ Vorname : ____________________ Geburtsdatum : __________ Geburtsort : ____________________ Personalausweisnummer: ____________________ ist hiermit für den Zeitraum von [_] 6 Monaten [_] 12 Monaten [_] 24 Monaten [_] unbefristet davon befreit, etwas zu merken, d.h. wesentliche Verhaltensänderungen bei der Interaktion mit denkenden Wesen zu zeigen. Die Einstufung der o.a. Person nach dem amtlichen Index für Merkbefreiungen liegt bei dem Äquivalent von [_] einem Mensaessen vom Vortag [_] drei Hartkeksen in löslichem Kaffee [_] einer Kiste Schwarzbrot in Dosen [_] einem Quadratmeterstück Torfmoos während einer sechswöchigen Sommerdürre [_] einem Container erodiertem Sandstein (Streusandqualität) Die ausgesprochene Merkbefreiung erlischt mit dem Ablauf des [_] __.__.19__ [_] __.__.20__ [_] der vollständigen Erosion der körperlichen Bestandteile der o.a. Lebensform und gilt, sofern die o.a. Lebensform durch das nachstehende Kennzeichen als merkbefreit zu identifizieren ist: [_] eine rote Plastiknase [_] olives Stoffstück mit weißem Rand, auf der Schulter zu tragen [_] die Lebensform ist durch den Gesichtsausdruck zweifelsfrei als unbefristet merkbefreit zu erkennen. Die o.a. Lebensform ist durch den Erwerb dieses Merkbefreiungsscheins automatisch für die folgenden Tätigkeiten qualifiziert: [_] Markierungshütchen bei Abmarkierungsarbeiten auf Bundesautobahnen [_] Garderobenständer und Regenschirmständer in Restaurants bis zu, aber nicht eingeschlossen, 3 Sterne [_] Regelstab in Schwerwasserreaktoren [_] Markierungsstab für das Fahrwasser im Nationalpark Wattenmeer [_] Landschaftsmerkmal/Orientierungshilfe in der Wüste Gobi Die Merkbefreiung für die o.a. Lebensform wurde in einem öffentlichen Merkbefreiungsverfahren ausgesprochen und ist nach Ablauf der Einspruchsfrist von 17 Sekunden rechtskräftig. Datum Unterschrift Dienstsiegel Stirnabdruck des Merkbefreiten Diese Merkfreiung wurde elektronisch erstellt und ist deswegen nicht unterschrieben. ","date":"1995-08-28T00:00:00Z","href":"https://blog.koehntopp.info/1995/08/28/merkbefreiung.html","tags":["lang_de","detebe","inkomploehntopp"],"title":"Merkbefreiung"},{"categories":null,"content":" Dieser Text ist eine verkürzte Form des Textes »A Robots Dictionary« von me@grmbl.saar.de (Martin Emmerich). Er erschien zusammen mit anderen Artikeln im Sonderheft DFÜ der DOS International (DMV Verlag). A Akustikkoppler: eine besondere Bauform des Modems, die über Muffen an den Hörer und Mikrofon des Telefonapparates gekoppelt wird. ANSI: American National Standards Institute, Amerikanisches Normungsinstitut, ähnlich dem DIN-Institut. Answer-Modus: Modem-Betriebsart. Gegenstück zum Originate-Modus. ASCII: American Standard Code for Information Interchange, amerikanischer Zeichencode zum Informationsaustausch. Der meistverwendete Code in der Datenkommunikation. asynchrone Verbindung: Verbindung ohne Übertragung eines Datentaktes. Anfang und Ende eines Datenworts muessen durch Start- und Stopbits markiert werden. AT-Befehlssatz: Kommandosprache zur Modemansteuerung, B Bandbreite: hier Frequenzbandbreite des Telefons: Die Größe des Frequenzbereiches, der über Telefon übertragen werden kann. Bei einem Frequenzbereich von typisch 300 bis 3400Hz ist die Bandbreite 3100Hz. Da die Grenzbereiche teilweise abgeschwächt werden (Dämpfung), sind etwa 3000Hz nutzbar. Baudrate: gibt die Anzahl der Zustandswechsel des übertragenen Signals pro Sekunde an. Die Baudrate (auch Schrittgeschwindigkeit) wird in der Einheit Baud gemessen. Multipliziert man die Anzahl der Bits pro Zustand mit der Baudrate, so erhält man die Bitrate. Nur wenn die Anzahl der Zustaende genau zwei ist (d.h. mit einem Zustand genau ein Bit codiert wird) ist die Baudrate gleich der Bitrate. Bimodem: bidirektionales Übertragungsprotokoll. Arbeitet im Gegensatz zu den üblichen Protokollen wie Kermit, Xmodem, Zmodem in beide Richtungen gleichzeitig. Nur auf IBM-Kompatiblen verfuegbar. Maximale Blockgroesse 4KB. Sehr hoher Datendurchsatz (fast 100%). Bitrate: Anzahl der uebertragenen Bits pro Sekunde (Übertragungsgeschwindigkeit). Gemessen wird in bit/s oder bps. Die Bitrate ist nur in Sonderfaellen mit der Baudrate identisch! C CCITT: Comite Consultatif International Telephonique et Telegraphique, ein Internationales Gremium für Normen zu Telefon und Telegraphie, an dem Vertreter von Post, Industrie und Wissenschaft aus 159 Ländern teilnehmen. Das CCITT ist ein Organ der International Telecommunications Union (ITU) der Vereinten Nationen. Normen zur Datenübertragung sind beispielsweise die über Telefon (V-Normen), ueber Datennetze (X-Normen) und über ISDN (I-Normen). CRC: Cyclic Redundancy Check, Prüfsumme, in Übertragungsprotokollen verwendet. Üblich sind 16 oder 32 Bit lange Varianten, kurz: CRC-16 und CRC-32. Eine CRC stellt den Rest aus einer Polynomdivision dar. Implementationen sind allgemein als Quelltext erhältlich. CTS: Clear To Send, Sendebereitschaft, Signal der V.24-Schnittstelle. Auch RTR, Ready To Receive genannt. D DCD: Data Carrier Detect, Trägersignalerkennung, Signal der V.24-Schnittstelle. DCE: Data Communications Equipment, eine von zwei moeglichen Konfigurationen einer V.24-Schnittstelle. Eine DCE kann immer nur direkt mit einer DTE verbunden werden. Für eine Vermindung DCE-DCE oder DTE-DTE muss ein Kabeladapter oder Spezialkabel (Nullmodem) verwendet werden. DEE: Datenendeinrichtung, Deutsch fuer DTE. DFÜ: Datenfernübertragung. DIN: Deutsches Institut fuer Normung e.V. seit 1975, davor Deutsche Industrie-Norm. Der Verein ist aus dem 1917 gegruendeten \u0026ldquo;Normalienausschuss für den allg. Maschinenbau\u0026rdquo; hervorgegangen und hat den Sitz in Berlin. Download: Das \u0026ldquo;Herunterladen\u0026rdquo; einer Datei vom fernen Rechner auf den eigenen mit Hilfe eines Übertragungsprotokolles. DSR: Data Set Ready, Betriebsbereitschaft, Signal der V.24-Schnittstelle. DTE: Data Terminal Equipment, eine von zwei Konfigurationen einer V.24- Schnittstelle. Das Gegenstück zur DCE. DTR: Data Terminal Ready, Endgerät betriebsbereit, Signal der V.24-Schnittstelle. DÜE: Datenübertragungseinrichtung, Deutsch fuer DCE. Echo-Cancelling: beide Modems senden gleichzeitig auf derselben Frequenz. Da aber jedes Modem weiss, was es gerade gesendet hat, kann es aus dem Frequenzgemisch seine Signale unterdrücken und so die Daten der Gegenstelle herausfiltern. Wird z.B. bei V.32 verwendet. E EIA: Electronic Industries Association. Amerikanische Vereinigung der Elektronikindustrie, die u.A. auch Standards fuer Datenkommunikation herausgibt (z.B. RS-232-C). Escapen: Codieren von unerlaubten Zeichen mittels eines reservierten Steuerzeichens (Escape-Zeichen). Solche Verfahren werden z.B. von Übertragunsprotokollen zur Übertragung von Zeichen verwendet, die in der darunterliegenden Übertragungsebene nicht zulässig sind. F Fallback: Zurückschalten auf langsamere Geschwindigkeit bei schlechter Leitungsqualität. FSK: Frequency Shift Keying = Frequenzumtastung (Frequenzmodulation). H halbduplex: Datenübertragung in nur eine Richtung mit Umschaltung der Übertragungsrichtung. Handshake: Synchronisationsverfahren bei der Datenübertragung. Der Sender signalisiert, wenn er neue Daten senden möchte oder kann und der Empfänger, wenn er neue verarbeiten kann bzw. möchte. Erst wenn beide sich auf eine Übertragung geeinigt haben, kann diese beginnen. Hardware-Handshake: Handshake ueber Signalleitungen. Üblicherweise wird bei V.24 mit CTS/RTS signalisiert. Hayes-Befehlssatz: Kommandosprache zur Modemansteuerung. Ursprünglich Entwicklung der Firma Hayes. Inzwischen der De-Facto-Standard, von dem aber nahezu jeder Modemhersteller mehr oder weniger abweicht. Alle Befehle beginnen mit AT, daher heisst er auch AT-Befehlssatz. Ist so weit verbreitet, dass sich der genormte V.25-Standard kaum durchsetzt. I ISDN: Integrated Services Digital Network, \u0026ldquo;Dienstintegrierendes Digitales Netz\u0026rdquo;, ein öffentliches Digitalnetz sowohl zur Daten- als auch zur Sprach- und Bildübertragung. ISO: International Standardisation Organisation, Internationale Normungsorganisation. Internationales Gegenstueck zur staatlichen Normungsinstituten wie ANSI oder DIN. K Kermit: eines der ältesten Üebertragungsprotokolle. Tatsächlich nach Kermit dem Frosch benannt. Da die Blockgrösse in der ursprünglichen Form maximal 94 Bytes beträgt, ist die Geschwindigkeit relativ gering (hoher Aufwand fuer das Protokoll). Kompression: verringert das Datenvolumen bei gleichem Informationsgehalt, indem Redundanzen eliminiert werden. Bei den meisten Verfahren (z.B. V.42bis, MNP 5) werden die häufigsten Zeichen und Zeichenfolgen mit kurzen Bitfolgen codiert, während die selteneren länger codiert werden. L Leitungsvermittlung: Eine Leitung wird zwischen den beiden Kommunikationspartnern für die Dauer der Verbindung fest geschaltet. Das Gegenstück zu Paketvermittlung. M MNP: Microcom Networking Protocol, Übertragungsverfahren der Firma Microcom. Es gibt zehn Klassen, die zum Teil aufwärtskompatibel sind. Die Klassen 1-4 sind reine Datenübertragungsprotokolle. Diese wurden in die V.42-Norm aufgenommen. Ab MNP Klasse 5 kommt dann Kompression ins Spiel. Modem: Abkürzung fuer \u0026ldquo;MOdulator und DEModulator\u0026rdquo;, d.h. ein Gerät, das den Bitstrom des Computers in analoge Signale umwandelt, die dann auch über das Telefonnetz übertragen werden koennen (Modulation). Das Partner-Modem macht die Umwandlung dann wieder rückgaengig (Demodulation). Deshalb ist auch der Akustikkoppler ein Modem, auch wenn er i.d.R. nicht so genannt wird. Modulation: Verfahren, um einer Trägerfrequenz ein Nutzsignal \u0026ldquo;aufzubürden\u0026rdquo;, so dass das Nutzsignal gut übertragen werden kann. Üblich sind z.B. Amplitudenmodulation (AM):\ndas Nutzsignal wird in die Amplitude (=Lautstärke) codiert (z.B. laut=1, leise=0). Frequenzmodulation (FM, FSK): die Abweichung von der Trägerfrequenz ergibt das Nutzsignal. Da bei der Datenübertragung das Nutzsignal nur zwei Zustände hat, ergeben sich zwei Frequenzen, die symmetrisch oberhalb und unterhalb der Trägerfrequenz liegen. Letztere heißt dann auch Mittenfrequenz. Phasenmodulation (PM, PSK): das (diskrete) Nutzsignal wird durch einen Sprung in der Phase des (im Gegensatz zur FSK festen) Trägers codiert, d.h. der normalerweise sinusförmige Signalverlauf wird unterbrochen und ein Stück weiter fortgesetzt. Oft werden mehrere Bits gleichzeitig in einen Zustand codiert. Quadratur-Amplitudenmodulation (QAM): eine Kombination aus AM und PM, wobei ein Teil der Zustände in AM und der Rest in PM codiert werden. Multiplexer: Einrichtung, die einen schnelleren Datenkanal in mehrere langsamere Kanäle aufteilt. O Originate-Modus: eine von zwei Betriebsarten bei manchen Vollduplex-Modems. OSI: Open Systems Interconnection, Sammlung von Standards der ISO zur Kommunikation zwischen Computersystemen. OSI-ISO-Modell: Modell zur Datenübertragung zwischen Computersystemen. Es beschreibt sieben aufeinander aufbauende Schichten mit definierten Aufgaben und Schnittstellen. P Paketvermittlung: Eine Technik zum Weiterleiten von Daten in einem Netz. Hierbei werden die Daten in Blöcken (\u0026ldquo;Paketen\u0026rdquo;) einer bestimmten Länge übertragen. Spezielle Steuerpakete dienen dem Aufbau der Verbindung. Im Gegensatz zur Leitungsvermittlung wird zwischen den Partnern keine feste Leitung geschaltet, vielmehr werden die Daten je nach Auslastung des Netzes ueber verschiedene Wege übertragen. Dabei können durchaus Pakete des gleichen Datenstromes verschiedene Wege nehmen. Parität: Bit bei asynchroner Datenübertragung, das der Fehlererkennung dient. Bestandteil des Übertragungsformats. Protokoll: Ein Satz von Regeln und Vereinbarungen, der den Informationsfluss in einem Kommunikationssystem steuert. Kann sich sowohl auf Hardware, wie auf Software beziehen. Wird in der Datenübertragung haeufig als Kurzform fuer Übertragungsprotokoll verwendet. Q QAM: Quadrature Amplitude Modulation. R RD: Receive Data, Empfangsdaten, Signal der V.24-Schnittstelle. RI: Ring Indicator, ankommender Ruf, Signal der V.24-Schnittstelle. Routing: Transportieren von Daten innerhalb eines Netzes anhand eines Pfades, der im Header der Daten enthalten ist (passives Routing) oder durch Bestimmen des kürzesten, schnellsten, billigsten oder nächstbesten Routweges (aktives Routing) aus einer Karte des Netzes. RS-232-C: amerikanische EIA-Norm für serielle Schnittstellen. Die internationale Norm V.24 legt die entsprechenden funktionalen Eigenschaften und V.28 die entsprechenden elektrischen Eigenschaften fest. RTS: Request To Send, Sendeteil Einschalten, Signal der V.24-Schnittstelle. S Sliding-Window-Protocol: Jedes Übertragungsprotokoll, bei dem weitere Datenblöcke schon übertragen werden können, während für den aktuellen Datenblock das ACK noch aussteht. Wesentlich schneller, als wenn das Protokoll jedesmal das Senden unterbricht, um auf die Bestätigung des Blockes zu warten. Die Anzahl der ACKs, die noch ausstehen duerfen, bezeichnen die Window-Size des Protokolls. Software-Handshake: Handshake durch festgelegte Steuerzeichen. Fuer Binaeruebertragungen ohne Übertragungsprotokoll nicht geeignet, da die Daten auch die reservierten Handshake-Zeichen enthalten koennen. Die ueblichsten Zeichen sind XON/XOFF, manchmal wird aber auch ETX/ACK benutzt. Split-Speed: asymmetrische vollduplex-Datenübertragung mit zwei verschiedenen Geschwindigkeiten (z.B. V.23). Startbit: Bit bei asynchroner Uebertragung, das den Anfang eines Datenworts anzeigt. Immer Null. s. Übertragungsformat. Stopbit: ein oder zwei Bits bei asynchroner Übertragung, die das Ende eines Datenworts anzeigen. Immer Eins. siehe Übertragungsformat. T TAE: TelefonAnschlussEinheit. Steckersystem der Deutschen Telekom. In Deutschland wird nur die sechspolige Version TAE-6 und in ISDN-Anlagen die achtpolige TAE-8 verwendet. TD: Transmit Data, Sendedaten, Signal der V.24-Schnittstelle. Trellis-Modulation: spezielles Modulationsverfahren mit eingebauter Fehlerkorrektur, wird z.B. bei V.32 verwendet. Im Gegensatz zur Quadratur-Amplitudenmodulation mit ihren Quadbits werden Quintbits uebertragen. Das zusätzliche Bit dient der Fehlerkontrolle und teilweise auch deren Beseitigung. U Übertragungsformate: Bitkombination bei asynchroner Datenübertragung. Durch zusaetzliche Bits wird Anfang (Startbit) und Ende (Stopbit) eines Datenworts markiert. Weitere Bits (Paritätsbits) können der Fehlererkennung dienen. Die ueblichsten Formate sind \u0026ldquo;8n1\u0026rdquo; ( 8 Datenbits, no=keine Parität, 1 Stopbit) und \u0026ldquo;7e1\u0026rdquo; ( 7 Datenbits, even=gerade Parität, 1 Stopbit). Übertragungsprotokoll: Verfahren zur Übermittlung von Daten; diese werden meist in Blöcke zerlegt und um Prüfsummen (CRC o.ä.) ergänzt. Fehlerhafte Blöcke werden automatisch neu übertragen, ohne daß der Benutzer (oberhalb der Protokollebene) etwas davon merkt. Bei hoher Fehlerhäufigkeit wird meistens die Blockgrösse verkleinert. Upload: Das \u0026ldquo;Hinaufladen\u0026rdquo; einer Datei vom eigenen Rechner auf den fernen Rechner mit einem Übertragungsprotokoll. Die Umkehrung dieses Vorganges heisst Download. V vollduplex: Datenübertragung in beide Richtungen gleichzeitig. W Ward-Christiansen-Protokoll: s. Xmodem. X X.25: Schnittstellennorm des CCITT zur paketorientierten Datenübermittlung. Das öffentliche deutsche X.25-Netz ist Datex-P. Xmodem: Übertragungsprotokoll. Nach seinem Erfinder auch Ward- Christensen-Protokoll genannt. Neben Kermit eines der ältesten Datenübertragungsprotokolle. XON: Steuerzeichen (Ctrl-Q) zum Signalisieren der Empfangsbereitschaft (Softwarehandshake), wird von XOFF aufgehoben. XOFF: Steuerzeichen (Ctrl-S) zum Aufheben der Empfangsbereitschaft, Gegenstück zu XON. Y Ymodem: Übertragungsprotokoll, faßt die diversen Xmodem-Erweiterungen zusammen und ergänzt sie um eine Übertragung von Dateinamen und Dateigröße und um Batch-Übertragungen. Z Zmodem: Übertragungsprotokoll, völlig neues Protokoll, versteht sich aber als Nachfolger von Ymodem. Auf positive Rückmeldungen wird verzichtet, sofern die Leitungsqualität das zuläßt. Die Blockgröße wird während der Übertragung der Leitungsgüte angepaßt. Die maximale Blockgröße ist auf 1K (einige Versionen: 8 KB) erhöht. ","date":"1995-03-01T00:00:00Z","href":"https://blog.koehntopp.info/1995/03/01/datenuebertragung-glossar.html","tags":["lang_de","publication","internet"],"title":"A Robots Dictionary"},{"categories":null,"content":" V-Normen V.1: Binärwerte fuer 2-Status-Codes (auf gut deutsch LOW=0, HIGH=1 usw.). V.2: maximal zulässige Last von Endgeräten an Telefonleitungen. V.4: normiert Zeichensatz, Zeichencodierung (Parity, Start-/Stopbits). V.5: Signalraten f. sync. Übertragungen auf Wahlleitungen. V.6: Signalraten f. sync. Übertragungen auf Standleitungen V.7: einige Begriffsdefinitionen. V.10: asymmetrische Beschaltung von Schnittstellen. V.11: symmetrische Beschaltung von Schnittstellen. V.13: simulierte Trägerkontrolle (halbduplex/vollduplex). V.14: Übertragung von asynchronem Handshaking über synchrone Verbindungen (ist z.B. in V.42 enthalten). V.15: elektrische/akustische Eigenschaften von Akustikkopplern. V.16: analoge Modems fuer medizinische Zwecke (EKG-Uebertragung). V.17: 2400 Baud, 7200-14400 bit/s Trellis-Code-Modulation, adaptive Equalisation, halbduplex im Wählnetz (FAX). V.19: Frequenzanordnung fuer parallele Übertragungen. V.20: erweitert V.19. V.21: Datenübertragung bei 300bit/s vollduplex, im Wählnetz. Für jede der beiden Richtungen (Originate, Answer) wird eine eigene Trägerfrequenz verwendet. Die binären Zustände jeder Richtung werden durch Frequenzen (Frequenzmodulation) codiert: Originate : 1080Hz ( 0 = 980Hz, 1 = 1180Hz ) Answer : 1750Hz ( 1 = 1650Hz, 1 = 1850Hz ) V.22: Übertragungsnorm mit 1200bit/s, vollduplex. Als Modulation wird Phasenmodulation verwendet. Die Baudrate beträgt 600Baud - es müssen also zwei Bits gleichzeitig (ein Dibit) übertragen werden. Diese müssen in vier Zuständen (00, 01, 10, 11) codiert werden, dafür sind also vier Phasensprünge (0, Pi/4, Pi/2, 3/4Pi) notwendig. Die Trägerfrequenzen sind 1200Hz bei Originate bzw. 2400Hz bei Answer. V.22bis: Übertragungsnorm fuer Geschwindigkeiten von 2400bit/s. Basiert auf V.22, nur dass statt zwei Bits vier gleichzeitig (Quadbits) übertragen werden. Arbeitet mit QAM als Modulation bei denselben Frequenzen wie V.22. V.23: asymmetrische vollduplex-Datenübertragung. In der einen Richtung wird mit 1200bit/s übertragen, in der anderen mit 75 (Split-Speed). Im Gegensatz zu symmetrischen vollduplex-1200bit/s-Normen wie z.B. V.22 kann hier noch die einfachere Frequenzmodulation verwendet werden. Bildschirmtext arbeitet mit V.23. V.24: CCITT-Norm fuer serielle Datenübertragung. Legt die funktionalen Eigenschaften (z.B. Steckerbelegung) von seriellen Schnittstellen fest. Meist wird nur ein kleiner Teil implementiert, da die gesamte Norm sehr umfangreich ist. Zusammen mit der V.28, die die elektrischen Eigenschaften festlegt, entspricht die V.24 der amerikanischen Norm RS-232-C. V.25: Befehlssatz zur Ansteuerung von Modems und zum Verbindungsaufbau. Nicht sehr gebräuchlich. Die meisten Modems benutzen stattdessen den Hayes-Befehlssatz. V.25bis: einige kryptische Modem-Steuerkommandos und -Antwortstrings. V.26: Verfahren aehnlich V.22 nur mit 2400 bzw. 75 bit/s. Für Vierdraht- Standleitungen. V.26bis: Erweiterung von V.26 auf Wählleitungen. V.27: 4800bit/s auf Standleitungen, optional mit 75bit/s Rückkanal (Split-speed). Phasenmodulation. V.27bis: Erweiterung von V.27 auf 4800bit/s, mit Fallback auch 2400bit/s auf Standleitungen. V.27ter: Erweiterung von V.27bis fuer Wählleitungen. V.28: elektrische Eigenschaften einer seriellen Schnittstelle. Die funktionellen Eigenschaften sind in V.24 genormt. Beide zusammen entsprechen der RS-232-C-Norm. V.29: CCITT-Norm zur halbduplex-Datenübertragung mit 9600bit/s. Basiert auf V.22bis. Dort hat man eine Schrittgeschwindigkeit von 600 Baud. Dabei werden mit Quadratur-Amplitudenmodulation (QAM) vier Bit gleichzeitig (ein Quadbit) übertragen. Die Schrittgeschwindigkeit wurde nun fuer V.29 auf 2400 Baud erhöht. Dafür wird dann eine Trägerfrequenz von 1700 Hz verwendet, die genau in der Mitte des Telefonbandes (300 bis 3400Hz) liegt. Fuer einen Rückkanal bleibt aber damit kein Platz mehr, d.h. V.29 ist ein Halbduplexverfahren. Deswegen wird es überwiegend fuer Faxgeräte eingesetzt. Auf Vierdraht-Standleitungen kann V.29 auch vollduplex übertragen. V.31: Stromschleife fuer binäre Uebertragung mit \u0026lt;75bps (Telex). V.32: CCITT-Norm zur Datenübertragung mit 9600bit/s bidirektional (vollduplex). Basiert auf V.29. Ebenso wie dort werden fuer 9600 bps Quadbits mit QAM uebertragen, allerdings bei einer Trägerfrequenz von 1800 Hz. Auch hier ist kein Platz für einen Rückkanal. Daher senden beide Modems gleichzeitig auf derselben Frequenz. Da aber jedes Modem weiß, was es gerade gesendet hat, kann es aus dem Frequenzgemisch seine Signale unterdrücken und so die Daten der Gegenstelle herausfiltern (Echo-Cancelling). Eine Variante von V.32 ist die Trellis-Modulation. Hier werden statt der Quadbits Quintbits übertragen. Das zusätzliche Bit wird allerdings nicht fuer Datenübertragung genutzt, sondern fuer die Fehlerkorrektur (aehnlich ^Parität^ bei RS-232-C). Dadurch ist die Übertragung etwa doppelt so fehlersicher, wie ohne Trellis. V.32bis: Erweiterung von V.32 auf 14400bit/s vollduplex. Neueste Übertragungsnorm. Arbeitet ebenfalls mit Echokorrektur. Es wird eine feinere Abstufung der Phasen- und Amplitudenschritte in der QAM-Matrix verwendet (stellt natuerlich höhere Anforderungen an die Leitungsqualität). Dadurch steigt einerseits die Übertragungsrate (14.4kbps bidirektional) und andererseits ist eine dynamische Leitungsanpassung mit etwas besser abgestuftem Fallback. Zusaetzlich gibt es ein Verfahren, mit dem sich die Modems in Zehntelsekunden auf einen Geschwindigkeitswechsel einigen koennen, anstatt wie bei V.32 die Verbindung neu auszumessen. V.33: wie V.32bis auf Vierdraht-Standleitungen. V.40: Fehlerkorrektur durch Synchronisation und Über-/Unterlaufzählung V.41: Alte Fehlerkorrekturspezifikation fuer V.23. V.42: Übertragungsprotokoll. Syncron-asynchron-Wandlung nach V.14. Schliesst die MNP-Klassen 1-4 ein. V.42bis: ein Kompressionsverfahren der CCITT, aufbauend auf dem V.42- Protokoll. V.42bis verwendet die BTLZ (British Telecom Lempel and Ziv)-Codierung, wie sie ähnlich auch in den Dateikompressionsverfahren (Zip, Arc, Lharc, Pak, Zoo etc.) eingesetzt wird. Im Gegensatz zu V.42 ist V.42bis nicht kompatibel zu dem entsprechenden MNP-Verfahren (hier MNP 5). MNP 5 verwendet eine andere Codierung (Huffmann), wird jedoch von den meisten Herstellern mit im selben Gerät angeboten. V.50: Qualitätsanforderungen an Leitungen fuer V.21/V.23. V.51: Einrichtung postinterner Stellen zur Untersuchung von Übertragungsproblemen. V.52: Testmuster fuer Leitungsqualität bei Datenübertragung. V.53: Teil von V.50, Qualitätsparameter. V.54: Testprotokolle (LAL, LDL, RDL) - ist in den meisten Modems drin. V.100: Verbindungsaufbau bei Mehrnormenmodems. Leider fehlerhaft: Nicht alle normgerechten Modems verstehen sich. Deshalb selten verwendet. ","date":"1995-03-01T00:00:00Z","href":"https://blog.koehntopp.info/1995/03/01/vnormen.html","tags":["lang_de","publication","internet"],"title":"V-Normen"},{"categories":null,"content":"von: Kristian Köhntopp, aus: DOS Sonderheft DFÜ, DMV Verlag\nGrundlagen der Datenübertragung Der Einsteiger in das Gebiet der Datennah- und fernübertragung wird zunächst einmal mit einer verwirrenden Vielfalt neuer Konzepte und Begriffe konfrontiert. Wir wollen hier versuchen, einen allgemeinen Überblick über das Gebiet der Datenübertragung zu geben und die wichtigsten Ideen und Ausdrücke darzustellen. Die Grundaufgabe bei der Datenübertragung ist es, eine Menge an Informationen von einem Gerät zu einem anderen zu übertragen. Diese Formulierung ist mit Absicht genauso allgemein gewählt, wie sich das Problem in der Wirklichkeit darstellen kann. Bei dem zu lösenden Problem kann es sich um die einfache Übermittlung einer Grafikdateien vom Rechner zum Drucker handeln, aber genausogut kann es sein, daß die kompletten Konstruktionspläne eines Containerfrachters vom koreanischen Konstruktionsbüro an eine Werft in Bremen oder Kiel übermittelt werden müssen. Entsprechend vielfältig sind die Lösungen, die für das jeweilige Problem gefunden werden und entsprechend unterschiedlich ist nicht nur die verwendete Hard- und Software, sondern auch die Begriffswelt, die die entsprechenden Personen verwenden.\nDas OSI-Modell Um dieses Problem in den Griff zu bekommen, hat sich die Normungskommision ISO zusammengesetzt und ein sogenanntes Referenzmodell für die Datenübertragung ausgearbeitet. Dieses Referenzmodell wird allgemein als Open Systems Interconnect (OSI) Modell bezeichnet. Das Modell gibt keine konkrete Lösung zur Datenübertragungsproblemen an, sondern versucht das komplizierte Problem Datenübertragung in kleine, leichter zu lösende Teilprobleme zu unterteilen, die aufeinander aufbauen. Hat man ein Teilproblem im Griff, kann man sich dem nächstkomplizierten Problem zuwenden. Das OSI-Modell besteht insgesamt aus sieben Schichten, mit denen man versucht, die Aufgabe zu strukturieren.\nBild 1: Das OSI 7-Schichtenmodell\nWeil jede Schicht auf den darunter liegenden Schichten aufbaut, redet man auch gelegentlich von einem Stapel oder protocol stack. Man kann nicht immer ein Protokoll oder eine Funktion in der realen Welt genau auf eine Schicht im OSI-Referenzmodell abbilden. Das ist auch nicht notwendig, denn das Modell stellt nur eine Strukturierungshilfe dar und repräsentiert keine Gesetzmäßigkeit, nach der ein Protokoll zwangsläufig aufgebaut sein muß.\nVon Punkt zu Punkt Um Daten übertragen zu können, muß zunächst einmal eine Verbindung zwischen den beteiligten Geräten hergestellt werden. Genau damit beschäftigt sich die unterste Schicht des OSI-Protokollturmes, die physical layer. Damit eine Verbindung konstruiert werden kann, ist es notwendig, die verwendeten Kabel und Stecker zu normieren. Außerdem müssen die elektrischen Parameter der Übertragung festgelegt werden und eine entsprechende Hardware vorhanden sein. Natürlich braucht man heute für Standardfälle keine solchen Vereinbarungen mehr zu treffen. Stattdessen existiert eine reichhaltige Palette von Normen für die unterschiedlichsten Anwendungsfälle. So legt die CCITT-Norm V.24 z.B. die elektrischen Parameter einer seriellen Schnittstelle eines PC fest, während die parallele Schnittstelle durch eine Herstellernorm des Druckerherstellers *Centronics beschrieben wird. Andere Normen beschreiben die Hardware zum Anschluß an ein Ethernet, ein Token-Ring Netzwerk oder an einen FDDI-Glasfaserring.\nDanach kann man sich Gedanken über ein Übertragungsprotokoll machen. Das Protokoll legt eine Verfahrensvorschrift fest, nach der sich alle an der Übertragung beteiligten Geräte Zeichen auf dem Übertragungsmedium signalisieren dürfen. Dabei muß nicht nur das wie der Zeichenübertragung geregelt werden, sondern auch das wann. Das bedeutet: Man muß nicht nur festlegen, wie und mit welcher Geschwindigkeit die einzelnen Bits eines Datenbytes codiert werden, sondern man muß auch festlegen, wie ein Gerät seine Übertragung anmelden muß. Einerseits verhindert man damit, daß mehrere Sender gleichzeitig versuchen, einem Empfänger eine Nachricht zu senden und sich gegenseitig blockieren. Diesen Teil eines Protokolles nennt man media access layer, weil er den Zugriff auf das Datenübertragungsmedium - sprich: das Kabel - regelt. Andererseits muß der Empfänger die Möglichkeit haben, eine Datenübertragung abzulehnen, weil er z.B. intern noch mit der Verarbeitung einer vorhergehenden Nachricht beschäftigt ist oder weil seine Puffer voll sind und die Daten deswegen nicht entgegen nehmen kann. Diesen Teil eines Protokolles nennt man flow control (Datenflußkontrolle).\nBitte nicht stören Jede Datenübertragung in der wirklichen Welt hat mit dem Problem mehr oder minder starker Störungen zu kämpfen. Nachdem man das Problem der Datenübertragung erst einmal grundsätzlich gelöst hat, kann man sich daran machen, das Übertragungsprotokoll so zu verbessern, daß solche Übertragungsfehler erkannt und korrigiert werden können. Derartige Spezifikationen werden im OSI-Modell in die zweite Schicht, die data link layer, eingeordnet. Die Korrektur von Übertragungsfehlern kann auf zwei Arten geschehen: Einmal könnte man sich für die Übertragung einen speziellen Code definieren, der es nicht nur möglich macht, Übertragungsfehler zu erkennen, sondern sogar das ursprüngliche Zeichen zurückzuberechnen. Zum anderen könnte man sich darauf beschränken, Fehler nur zu erkennen und dem Sender zu signalisieren, die beschädigten Daten ein weiteres Mal zu übertragen.\nDies ist das gebräuchlichere Verfahren, aber es setzt voraus, daß es Rückkanal existiert, über den der Empfänger den Sender darüber informieren kann, ob und wie gut die Übertragung funktioniert hat. Wenn man sowieso schon dabei ist, mit verschiedenen Codierungen zu hantieren, fügt man an dieser Stelle oft noch eine Kompression der Daten für die Dauer der Übertragung mit ein. Dies ist letztendlich auch nur ein weiteres Umkodieren von Zeichen, wenn auch mit dem Ziel, eine möglichst kurze und nicht eine möglichst sichere oder leicht zu verarbeitende Darstellung zu finden. Auf diese Weise kann man die Übertragungsleistung einer Datenleitung noch beträchlich erhöhen. Je nach Art der Daten und des verwendeten Kompressionsprogrammes ist eine Steigerung um 200 % bis 500 % möglich.\nAus vielen Verbindungen wird ein Netz geknüpft Auf diese Weise kann man sich eine schnelle und fehlerfreie Verbindung zwischen zwei Endpunkten konstruieren. Fügt man noch eine weitere Idee hinzu, gelangt man von Punkt-zu-Punkt Verbindungen zu echten Rechnernetzen: In einem solchen Rechnernetz sind auch indirekte Verbindungen möglich. Es besteht also die Möglichkeit, eine Nachricht oder ein Datenpaket über einen oder mehrere andere Rechner an einen Zielrechner zu senden. Der erste Rechner auf dem Weg nimmt das Paket entgegen und stellt fest, über welche seiner Punkt-zu-Punkt Verbindungen er es zum eigentlichen Zielrechner senden kann. Die folgenden Rechner leiten das Paket ebenfalls weiter, solange bis es den Zielrechner endlich erreicht.\nBild 2: Ein Router nimmt ein Paket und leitet es an einen näher am Ziel gelegenen Rechner weiter. Auf diese Weise entstehen indirekte Verbindungen.\nUm aus einem Netz von Punkt-zu-Punkt Verbindungen also ein echtes Rechnernetz zu machen, muß man eine Route oder einen Pfad festlegen können, auf dem Informationen übermittelt werden sollen. Dementsprechend muß man seinen Rechnern routing beibringen. In einem gut ausgebauten Rechnernetz kann es mehr als eine Route geben, auf der man von einem Rechner zu einem anderen gelangt. Dementsprechend wird ein guter Router nicht einfach irgendeine Route auswählen, sondern versuchen, eine möglichst schnelle oder möglichst billige Route zum Ziel zu finden. Routingprotokolle werden im OSI-Modell in die dritte Schicht eingeordnet, die dementsprechend network layer heißt.\nWenn man routet, kann es nicht nur vorkommen, daß eine Nachricht über mehr als eine Leitung übertragen werden muß, bis sie am Ziel ist, sondern es müssen auch Nachrichten von verschiedenen Systemen über eine Leitung übertragen werden. Die Leitung muß also zwischen verschiedenen Benutzern aufgeteilt werden. Dies erreicht man durch Multiplexen der Verbindung. Dabei werden die verschiedenen Datenpakete unterschiedlicher Benutzer entweder nacheinander übertragen (serielles Multiplexen) oder gleichzeitig, aber in verschiedenen Frequenzbereichen, übermittelt (paralleles Multiplexen). Außerdem kann es vorkommen, daß Routen zusammenbrechen, weil ein Rechner auf dem Weg ausgefallen ist oder ein Kabel beschädigt worden ist. Dadurch werden Routen ungültig und es kommt zu Übertragungsfehlern, die korrigiert werden müssen. Dies ist die Aufgabe der vierten OSI-Schicht, der transport layer.\nNach der vierten Ebene des OSI-Protokollturmes hat man ein Verfahren definiert, daß es zwei beliebigen Programmen über ein Rechnernetz hinweg erlaubt, einen beliebigen Bytestrom auszutauschen. Dieser Datenstrom hat noch keine Struktur, so wie eine Datei aus der Sicht des Betriebssystems zunächst auch nur eine strukturlose Ansammlung von Bytes ist. In den weiteren Schichten des OSI-Modells macht man sich jetzt daran, Protokolle zu definieren, um diesen Bytestrom zu strukturieren, gemeinsame Repräsentationen von Daten festzulegen und ähnliche Verfeinerungen zu definieren. Diese Protokolle sind aber, genau wie Dateiformate für Dateien, abhängig von der jeweiligen Anwendung.\nSeriell oder Parallel? Wir wollen uns deswegen noch einmal den unteren Schichten des OSI-Modells zuwenden. Bei der \u0026ldquo;selbstgemachten\u0026rdquo; Datenübertragung, etwa über ein Modem oder ein Laplink-Kabel, hat man es meistens mit den OSI-Schichten 1 und 2 zu tun. Wir wollen uns diejenigen Verfahren, die in einem PC-Haushalt am gebräuchlichsten sind, einmal genauer ansehen.\nFür kurze Strecken von einigen Metern wird man wegen der größeren möglichen Geschwindigkeiten meistens eine parallele Datenübertragung wählen. Bei dieser Form der Übertragung hat man ganzes Bündel von Datenleitungen, etwa 8 Datenleitungen zur parallelen Übertragung eines Bytes bei der Centronics-Schnittstelle. Auf je einer Leitung wird dabei eines der 8 Bits eines Bytes signalisiert. Leider sind elektronische Bauteile nicht immer gleich schnell, sodaß es sein kann, daß Bit 3 einer Leitung einen winzigen Bruchteil einer Sekunde eher verfügbar ist, als etwa Bit 6. Deswegen sieht man noch eine neunte Leitung vor, die als Steuerleitung (Strobe, \u0026ldquo;Bitte sehr\u0026rdquo;) fungiert und signalisiert, daß die Inhalte der acht Datenleitungen gültig sind.\nBild 3: Signal-Zeitdiagramm an einer Centronics Schnittstelle. Die Datenübertragung erfolgt asychron ohne ein Taktsignal. Die Geschwindigkeit der Übertragung regelt sich durch die Bestätigung eines jeden Zeichens selbst.\nDer Empfänger der Daten - bei einer Centronics-Schnittstelle meistens ein Drucker - liest nach dem Empfang des Steuersignals die Datenleitungen ab und bestätigt dies mit einem Impuls (Acknowledge, \u0026ldquo;Danke schön\u0026rdquo;) an den Sender, sobald er fertig ist.\nAuf diese Weise regelt sich nicht nur die Übertragungsgeschwindigkeit zwischen den beiden Partnern ganz automatisch, sondern man hat auch ohne Mehraufwand ein Verfahren zur Flußkontrolle bekommen: Wenn der Drucker keine weiteren Daten annehmen kann, weil sein Puffer voll ist oder er zur Bearbeitung eines Zeichens längere Zeit benötigt (um etwa das Papier vorzuschieben), kann er das Bestätigungssignal verzögern und so den Sender auf die von ihm benötigte Geschwindigkeit herunterbremsen. Weil sich Sender und Empfänger frei über die Übertragungsgeschwindigkeit einigen (jeder so schnell er kann), kann man keine allgemeine Datenübertragungsgeschwindigkeit für eine Centronics-Schnittstelle angeben. Sie liegt jedoch je nach Drucker- und Rechnermodell in der Größenordnung von 60 bis 150 KB pro Sekunde. Noch größere Geschwindigkeiten erlauben die in der Regel recht trägen Ausgangsbausteine eines PC nicht.\nParallele Datenübertragung ist relativ aufwendig: Immerhin muß für jedes Bit, das zu Übertragen ist, eine eigene Leitung verlegt werden. Das ist bei größeren Entfernungen zu teuer, denn man muß nicht nur viele Kabel verlegen, sondern diese auch gegeneinander abschirmen, damit sie sich nicht beeinflussen. Deswegen wird parallele Datenübertragung nur dort eingesetzt, wo kurze Strecken zu überbrücken sind: Vom Rechner zum Drucker, von der Festplatte zum Controller, von der CPU über den Bus zur Peripherie.\nFür längere Strecken verwendet man bitserielle Übertragung. Hier wird jeweils ein Datenbyte in ein Schieberegister geladen und Bit für Bit auf einer einzelnen Signalleitung übermittelt. Für eine minimale Verkabelung braucht man bei einer seriellen Schnittstelle nur drei Leitungen im Gegensatz zu mindestens elf bei einer parallelen Schnittstelle: Eine Leitung für die Sendedaten, eine für die Empfangedaten und eine gemeinsame Masseleitung, damit ein elektrischer Bezugspegel existiert. Und dabei ist bei einer seriellen Schnittstelle dann schon Kommunikation in beide Richtungen möglich, während eine Centronics-Schnittstelle nur als Sender betrieben wird. Doch dadurch, daß die einzelnen Bits nacheinander über eine einzelne Leitung übermittelt werden müssen, ist diese Art der Übertragung langsamer: Ein PC erreicht eine Höchstgeschwindigkeit von 115200 Bit pro Sekunde, das sind etwa 11.2 KB/Sekunde.\nV.24 Bild 4: Belegung und Bedeutung der Anschlüsse an einer V.24 Schnittstelle.\nDie Leitungen an einer V.24 Schnittstelle, die die eigentliche Übertragungsarbeit leisten, sind die Pins 2 (Transmit Data, Sendedaten) und 3 (Receive Data, Empfangsdaten). Dort wird mit den Pegeln +12V eine logische Null und -12V eine logische 1 signalisiert. Um Zeichen zu übertragen, müssen sich Sender und Empfänger darüber einig sein, aus wievielen Bits ein Zeichen besteht, wie schnell die einzelnen Bits signalisiert werden und an welchem Ende eines Bytes angefangen wird, zu übertragen. Einige dieser Parameter sind festgelegt, andere sind in gewissen Grenzen variabel. Wenn Sender und Empfänger nicht auf genau die gleichen Übertragungsparameter eingestellt sind, wird die Übertragung nicht gelingen.\nBild 5: Bitfolge auf einem V.24 Kabel zur Übertragung eines 7 Bit Zeichens mit gerader Parität: Nach dem Startbit folgenden die 7 Datenbits, das niederwertigste Bit zuerst. Das Paritätsbit sorgt dafür, daß die Anzahl der Einsbits im Datenwort gerade ist. Mit dem Stopbit wird das Ende des Datenwortes signalisiert.\nDas Verfahren zur Übermittlung von Zeichen ist genau wie die Steckerbelegung und die verwendeten Spannungen in der V.24-Norm festgelegt. Wenn kein Zeichen zur Übertragung anliegt, soll die Schnittstelle auf 1-Pegel liegen. Sobald dann ein Zeichen zu übertragen ist, wird zunächst durch Übermittlung eines 0-Bits signalisiert, daß jetzt ein Zeichen zu übertragen ist. Dieses 0-Bit wird als Startbit bezeichnet. Danach werden die einzelnen Bits eines Bytes übermittelt, und zwar mit dem niederwertigsten Bit zuerst. Nach dem Byte wird eventuell noch ein Paritätsbit zur Fehlererkennung mitgesendet und danach wird die Leitung für eine gewisse Mindestdauer auf den Ruhepegel logisch 1 gelegt. Diese Pause stellt sicher, daß ein nachfolgendes Startbit sicher erkannt werden kann und wird als Stopbit bezeichnet.\nZur Übermittlung eines einzelnen Bytes sind 8 Datenbits plus ein Startbit plus ein Stopbit zu übertragen. Bei einer Datenrate von 9600 Bit pro Sekunde werden pro Sekunde also genau 960 Byte transportiert. Der Benutzer einer seriellen Schnittstelle kann einige Parameter der Übertragung frei festlegen.\nBild 6: Nicht alle Parameter einer seriellen Schnittstelle sind konfigurierbar. Einstellbar sind neben der Geschwindigkeit der Übertragung auch die Anzahl der Datenbits pro Datenwort, die Parität und die Anzahl der Stopbits. Übliche Parameterwerte sind 8-N-1 oder 7-E-1.\nAls wichtigster Parameter ist dort die Übertragungsgeschwindigkeit in Bit pro Sekunde zu nennen. Die Basis bildet eine Datenrate von 300 Bit pro Sekunde. Die anderen möglichen Übertragungsgeschwindigkeiten ergeben sich dann durch Verdoppelung: 300, 600, 1200, 2400, 4800, 9600, 19200 und 38400 Bit pro Sekunde. Noch höhere Datenraten sind in der V.24 Norm zwar nicht definiert, aber die meisten Programme können außerdem noch mit 57600 und 115200 Bit pro Sekunde senden.\nEin einzelnes Zeichen besteht heute normalerweise aus 8 Datenbits. In den Anfangstagen der Datenverarbeitung kam man noch ohne Umlaute und Sonderzeichen zurecht und nutzte damit nur einen über 7 Bit definierten ASCII-Zeichensatz aus. Das achte Bit wurde dann nicht zur Codierung von Daten genutzt, sondern in Form eines Paritätsbits für eine einfache Fehlerkontrolle verwendet. Die Parität eines Zeichens berechnet man, indem man die 1-wertigen Bits in der Binärdarstellung seines Zeichencodes zählt. Ist die Anzahl ungerade, hat das Zeichen ungerade Parität, ist sie gerade, hat es eine gerade Parität. Bei der Datenübertragung kann man gerade oder ungerade Parität wählen: Stellt man gerade Parität ein, wird bei Zeichen mit ungerader Parität das achte Bit gesetzt, um die Anzahl der 1-Bits im Zeichen wieder auf eine gerade Anzahl zu bringen.\nAuf diese Weise kann man Übertragungsfehler leicht erkennen: Da nur Zeichen mit gerader Parität übermittelt werden, muß ein Zeichen mit ungerader Parität einer Störung zum Opfer gefallen sein. Leider besteht ohne ein Protokoll zur Fehlerkorrektur keine Möglichkeit, dieses Zeichen erneut übertragen zu lassen, sodaß man zwar die Information hat, daß ein Fehler aufgetreten ist, aber keine Chance hat, diesen zu korrigieren. Da Parität als Fehlerkorrektur also nur von begrenztem Nutzen ist, verwendet man sie heute normalerweise nicht mehr, sondern nutzt das achte Bit als normales Datenbit mit. Während man früher als gelegentlich 7 Datenbits, gerade Parität und ein Stopbit als Schnittstellenparameter gewählt hat, verwenden heute fast alle Systeme 8 Datenbits, keine Parität und ein Stopbit.\nIm Gegensatz zum Protokoll einer Centronics-Schnittstelle bekommt man bei der V.24 Schnittstelle die Datenflußkontrolle nicht als Abfallprodukt des Übertragungsprotokolls. Stattdessen müssen ausdrückliche Vereinbarungen zwischen dem Sender und dem Empfänger getroffen werden. Für die bereits erwähnte Dreidrahtleitung verwendet man dazu zwei besondere ASCII-Zeichen, die Zeichen Control-S (XOFF, ASCII 13h) und Control-Q (ASCII 11h, XON). Wenn der Empfänger keine weiteren Daten mehr aufnehmen kann, sendet er das Zeichen XOFF an den Sender. Der Sender muß daraufhin die Übertragung einstellen. Sobald der Empfänger wieder bereit ist, Daten entgegenzunehmen, signalisiert er dies dem Sender mit dem Zeichen XON.\nDieses Verfahren ist praktisch, weil es keine weiteren Steuerleitungen notwendig macht, hat aber den Nachteil, zwei Zeichen aus dem Zeichensatz zu \u0026ldquo;verbrauchen\u0026rdquo;. Diese Zeichen werden für Steuerfunktionen verwendet und können nicht mehr direkt übermittelt werden. Stattdessen müssen sie durch bestimmte Zeichenfolgen anderer Zeichen \u0026ldquo;umschrieben\u0026rdquo; werden. Eine Leitung, die nicht für alle ASCII-Zeichen durchlässig ist, nennt man nicht transparent. Auf einer nicht transparenten Leitung müssen die Zeichen, die nicht direkt übermittelt werden können mit Hilfe eines Escape-Mechanismus umschrieben werden.\nEine andere Methode der Flußkontrolle verwendet statt zweier Zeichen zwei zusätzliche Steuerleitungen an der V.24 Schnittstelle. Die Leitungen an den Pins 4 (Request to Send, RTS) und 5 (Clear to Send, CTS) signalisieren für jeweils eine Übertragungsrichtung, ob gesendet werden darf oder nicht. Solange die zu der jeweiligen Datenleitung gehörige Steuerleitung 1-Pegel führt, darf gesendet werden. Sobald der Pegel auf 0 wechselt, muß der Sender seine Arbeit so lange einstellen, bis der Pegel wieder auf 1 wechselt. Datenflußkontrolle mit RTS und CTS ist nicht nur transparent, sondern auch schneller und sicherer als XON/XOFF-Steuerung. Gerade bei höheren Datenraten sollte man daher dieses Verfahren vorziehen.\nÜbertragungsstreß Hohe Datenraten sind auch aus einem anderen Grund ein Problem: Normalerweise wird die serielle Schnittstelle in einem PC von einem Baustein vom Typ 16450 oder einem seiner Verwandten betreut. Diese Bausteine lösen für jedes empfangene oder gesendete Zeichen eine Unterbrechung aus. Wird die Schnittstelle also mit 38400 Bit pro Sekunde unter Vollast betrieben, erzeugt sie um die 8000 Unterbrechungen pro Sekunde. Das bedeutet: 8000 mal pro Sekunde wird das gerade laufende Programm unterbrochen, um ein Zeichen für den Schnittstellenbaustein zu lesen oder ihm das nächste Zeichen zum Senden zu nennen. Gerade bei Betriebssystemen, die den Prozessor im erweiterten 386-Modus betreiben, können diese Unterbrechungen sehr aufwendige Umschaltungen in der Betriebsart des Prozessors notwendig machen. Das kostet wertvolle Rechenzeit und der Rechner wird unnötig langsam oder verliert bei der Übertragung sogar einzelne Zeichen. Schnittstellenbausteine vom Nachfolgetyp 16550AF haben deswegen eine Warteschlange, die mehrere übertragene Zeichen speichern kann. Solche Bausteine müssen im Durchschnitt nur noch alle 4 Zeichen vom Prozessor betreut werden und sind gerade unter Multitasking-Betriebssystemen für einen sicheren Betrieb der seriellen Schnittstelle bei hohen Geschwindigkeiten unerlässlich. Der 16550AF ist pinkompatibel zu seinem Vorgänger 16450 und kann, wenn dieser gesockelt ist, auch leicht ausgetauscht werden.\nFehlerkorrektur Bei der Übertragung von Dateien und Programmen ist es sehr wichtig, daß auch bei schlechten Verbindungen alle Daten unverfälscht und fehlerfrei übermittelt werden. Schon ein einziges falsch gesetztes Bit in einer Programmdatei kann fatale Folgen haben. Deswegen schützt man eine Datenübertragung in der Regel mit einem Übertragungsprotokoll. Es gibt viele dieser Protokolle, von unterschiedlicher Datensicherheit und Effizienz, aber das Grundprinzip ist bei allen gleich: Immer wird ein Block von Daten (z.B. 128 oder 1024 Byte am Stück) gefolgt von einer durch den Sender errechneten Prüfsumme übermittelt. Der Empfänger liest den Datenblock und errechnet die Prüfsumme nach demselbem Verfahren selbst. Stimmt die errechnete Prüfsumme mit der empfangenen Prüfsumme überein, ist der Datenblock korrekt angekommen und wird bestätigt. Andernfalls wird eine Fehlermeldung an den Sender zurückgegeben, der daraufhin den Datenblock noch einmal überträgt.\nDas primitivste dieser Protokolle, das im PC-Bereich Anwendung findet, ist das X-MODEM Protokoll. Es sendet relativ kleine Blöcke von 128 Zeichen und eine einfache Summe der übertragenen Bytes. Summen sind aber relativ schlechte Indikatoren für Verfälschungen: Sie registrieren nicht die Einfügung von Nullbytes, sind unempfindlich gegenüber Vertauschungen von Bytes und können bestimmte Doppelfehler (eine Erhöhung um Eins an einer Stelle und eine Verminderung um Eins an anderer Stelle) nicht erkennen. CRC-Prüfziffern (cyclic redundancy check) erkennen alle diese und viele andere Veränderungen an Daten und werden deswegen in der Computertechnik immer dann eingesetzt, wenn die Integrität eines Datenblockes gesichert werden muß.\nXMODEM ist auch aus anderen Gründen ein relativ schlechtes Protokoll: Es überträgt keine Informationen über die Datei. Weder der Dateiname noch die Länge, das Datum oder eventuell vorhandene Dateieigentümer oder Zugriffsrechte werden übermittelt. Außerdem wartet XMODEM nach jedem gesendeten Block erst auf die Bestätigung der Gegenseite, bevor der nächste Datenblock verschickt wird. Ein Datenpaket muß gewissermaßen erst seine Rundreise auf einer Leitung beendet haben, bevor das nächste Datenpaket verschickt werden kann. Man kann sich eine Datenleitung vorstellen, wie einen Gartenschlauch: Nachdem man das Ventil aufgedreht hat, muß der Schlauch erst vollaufen, bevor am Ende des Schlauches Wasser austritt. XMODEM versendet die Daten jetzt nicht als Strom, sondern schickt sie gewissermaßen schluckweise durch die Leitung. Auf diese Weise wird möglicherweise ein Großteil der Übertragungskapazität der Leitung verschenkt.\nZMODEM hat diese Probleme nicht: Nicht nur, daß es Dateinamen, Länge und andere Informationen mit überträgt. Es ist auch in der Lage, weitere Datenblöcke zu versenden, bevor die Bestätigungen für vorhergehende Pakete eingegangen sind.\nBild 7: Der Sender kann dem Empfänger vorauseilen. Er sendet Daten, deren Empfang der Empfänger noch nicht bestätigt hat. Das bedeutet, für solche unbestätigten Daten muß der Sender damit rechnen, daß sie nicht ordnungsgemäß beim Empfänger angekommen sind und noch einmal gesendet werden müssen. Daten, die bereits als fehlerfrei bestätigt sind, kann der Sender als erledigt betrachten.\nDie Frage ist: Wie groß darf soll der Sender das Transferfenster werden lassen? Läßt er es zu klein, kann es sein, daß er auf die Bestätigungen des Empfängers warten muß, bevor er weiter senden darf. Läßt der Sender das Transferfenster zu groß werden, muß er sehr viel Speicher für Puffer bereitstellen.\nIn diesem Fall entsteht ein Bereich von Datenpaketen, die der Sender zwar schon abgeschickt hat, für die er aber noch keine positiven Empfangsbestätigungen gesehen hat. Diese Lücke nennt man das Transferfenster eines Übertragungsprotokolls. Ein gutes Übertragungsprotokoll wird das Transferfenster gerade so groß halten, wie die Kapazität der Leitung es erfordert. Bei einem Wasserschlauch würde man die Kapazität in Litern als Querschnitt mal Länge berechnen. Bei einer Datenleitung entspricht der Querschnitt der Datenrate in Bit pro Sekunde und die Länge der Umlaufzeit der Datenpakete in Sekunden. Das Resultat gibt die Anzahl der Bits an, die auf der Leitung unterwegs sind und stellt eine minimale Größe für das Transferfenster dar, wenn der Sender nicht auf den Empfänger warten soll.\nModulation Während bei der Datenübertragung über ein einfaches Kabel keine besondere Codierung der Daten notwendig war, ist dies bei der Datenfernübertragung nicht mehr möglich. Eine Telefonleitung ist kein durchgehendes Kabel, sondern vielfach durch Filter, Verstärker und andere elektrische Dinge unterbrochen. Sie ist für Gleichspannungen nicht durchlässig, sondern kann nur Wechselspannungen, elektrisch codierte Töne nämlich, übertragen. Bevor man Daten also über eine Telefonleitung übertragen kann, muß man sie in hörbare Töne umwandeln. Diese Umwandlung wird von einem Modem vorgenommen. Der Name ist ein Kunstwort aus den Begriffen Modulator und Demodulator und beschreibt in etwa die Funktionsweise des Gerätes: Ein gleichmäßiger Ton, der Datenträgerton, wird abhängig von den zu übertragenden Daten verändert.\nIm einfachsten Fall ordnet man dabei einem Eins-Bit einen Ton und einem Null-Bit einen anderen Ton zu. Auf diese Weise beeinflußt man jedoch nur einen einzigen Parameter einer Schwingung, nämlich die Tonhöhe, die Frequenz. Außerdem überträgt man so nur ein Bit zur Zeit.\nBild 8: Das Diagramm zeigt Phasenwinkel und Amplitudenwerte eines Signals. Der Sender steuert zur Signalisierung eines von 16 Zuständen Phase und Amplitude seines Signals so, daß er einen der markierten Punkte trifft. Auf diese Weise können in einem Zustand 4 Bit signalisiert werden.\nDurch Störungen der Übertragung kommt beim Empfänger nicht genau das Signal an, das der Sender auf das Kabel schickt. Stattdessen wird der angesteuerte Punkt nur in der Nähe der markierten Punkte liegen und zwar um so weiter von den Punkten entfernt, je stärker das Signal gestört wird. Auf schlechten Leitungen verschwimmen die Punkte also stärker als auf guten Leitungen. Wenn die Störungen so groß werden, daß die Punkte ineinander verschwimmen, ist die Leitungsqualität so schlecht, daß keine Datenübertragung mehr möglich ist.\nWenn man gleichzeitig mehrere Parameter einer Schwingung verändert, kann hat man mehr als zwei verschiedene Zustände und kann so mehrere Bits zur Zeit übertragen. Das Bild zeigt ein Verfahren, bei dem Phase und Amplitude eines Signales jeweils einen von vier Zuständen annehmen können. Auf diese Weise ist es möglich, sechzehn verschiedene Zustände zu codieren und vier Bit parallel zu übermitteln. Die Geschwindigkeit, mit der ein Modem von einem Signalzustand zum nächsten wechselt, nennt man die Baudrate. Eine Geschwindigkeit von einem Baud entspricht einem Zustandswechsel pro Sekunde. Die Bitrate eines Modems ist gewöhnlich ein Vielfaches seiner Baudrate.\nBezeichnung Geschwindigkeit in Bit/s in Baud\tModulation duplex Verwendung V.17\t14400\t2400\tTCM\thalb\tFAX 12000 9600 7200\t2400 TCM\thalb\tFAX 4800\t2400\tQAM\thalb\tFAX V.21\t300\t300\tFSK\tvoll V.22\t1200\t600\tDPSK\tvoll V.22bis\t2400\t600\tQAM\tvoll V.23\t1200/75\t1200/75\tFSK\tasymm.\tBTX V.27ter\t4800\t1600\tDPSK\thalb\tFAX 2400\t1200\tDPSK\thalb\tFAX V.29\t9600\t2400\tQAM\thalb\tFAX 7200\t2400\tQAM\thalb\tFAX V.32\t9600\t2400\tTCM/QAM\tvoll 4800\t2400\tQAM\tvoll V.32bis\t14400 2400\tTCM\tvoll 12000 9600 7200\t2400\tTCM\tvoll 4800\t2400\tQAM\tvoll Abkürzungen: FSK\tFrequency Shift Keying DPSK\tDifferential Phase Shift Keying QAM\tQuadrature Amplitude Modulation TCM\tTrellis Coded Modulation Bild 9: CCITT-Normen, Datenraten, Baudraten und Modulationsverfahren von Modems im Überblick.\nEs gibt verschiedene CCITT-Normen, die unterschiedlich schneller Übertragungsverfahren für Modems normen. Während die meisten Modem-Normen gleichzeitiges Senden und Empfangen von Daten vorsehen, sehen die CCITT-Normen für FAX-Geräte keine Datenübertragung im zwei Richtungen vor. Grundsätzlich unterscheidet man drei Fälle:\nIst die Übertragung simplex, wird die Datenrichtung der Übertragung niemals umgeschaltet: Der Sender hat nur einen Modulator, der Empfänger nur einen Demodulator. Bei einer Übertragung in halbduplex sendet immer nur einer der beteiligten Partner. Wenn er \u0026ldquo;ausgeredet\u0026rdquo; hat, wechselt die Übertragungsrichtung und der jeweils andere Partner kommt an die Reihe. FAX-Geräte übertragen ihre Informationen auf diese Weise. Die meisten Modemnormen sehen eine vollduplex-Übertragung vor. Hier können beide Partner gleichzeitig senden und empfangen. Damit sich die Signale der beiden Modems leicht getrennt werden, sendet der angerufene Partner bei den Normen V.21, V.22 und V.23 auf einer anderen Frequenz als der Anrufer (answer mode/originate mode). Die unterschiedlichen Signale der beiden Modems lassen sich mit einem einfachen Filter voneinander trennen. Die Normen V.32 und höher sehen vor, daß Anrufer und Angerufener beide auf denselben Frequenzen senden, sich also quasi \u0026ldquo;anschreien\u0026rdquo;. Auf der Leitung vermischen sich beide Signale zu einem nicht entzifferbaren Datensignal. Da jedoch jedes der beiden Modems weiß, welche Töne es gesendet hat, kann es diese Daten von den empfangenen Signalen abziehen und erhält als Differenzsignal die Informationen der Gegenseite. Dieses als echo cancellation bezeichnete Verfahren setzt jedoch einen aufwendigen Signalprozessor voraus, der die entsprechenden Berechnungen auf dem Eingangssignal vornimmt. Da die entsprechenden Prozessoren lange Zeit sehr teuer waren, waren die entsprechenden Modems gut doppelt so teuer wie ihre kleineren Brüder ohne Signalprozessor. Heute existieren für V.32 und V.32bis fertige Chipsätze mit integrierten Faxoptionen, die in großen Stückzahlen produziert werden. Entsprechend gibt es Modems für diese Übertragungsnormen zu relativ günstigen Preisen, obwohl das Modulationsverfahren sehr aufwendig und rechenintensiv ist.\nFür das neue V.34-Verfahren sind solche Chipsätze noch nicht verfügbar, sodaß diese Modems zur Zeit noch unverhältnismäßig teuer sind.\nNorm\tZweck V.24\tBedeutung der Signale an einer seriellen Schnittstelle. V.28\tElektrische Pegel an einer solchen Schnittstelle. (V.24, V.28 und ISO 2110 sind zusammen äquivlaent zu EIA RS232.) V.42\tVerfahren zur Sicherung der übertragenen Daten. Im wesentlichen nicht von dem unterliegenden Modulationsverfahren abhängig. Verwendet ein eigenes Protokoll namens LAPM, zwecks Kompatibilität ist ein Rückfall auf MNP 2-4 möglich. V.42bis\tVerfahren zur transparenten Kompression von Daten während der Übertragung, manchmal auch BTLZ genannt. Effizienter als, aber inkompatibel zu MNP5. Alle existierenden V.42bis-Modems beherrschen MNP5 zusätzlich. Bild 10: Weitere häufig verwendete CCITT-Normen im Zusammenhang mit Modems.\n","date":"1995-02-01T00:00:00Z","href":"https://blog.koehntopp.info/1995/02/01/datenuebertragung.html","tags":["lang_de","publication","internet"],"title":"Grundlagen der Datenübertragung"},{"categories":null,"content":" UNIX Dateisysteme aus »c\u0026rsquo;t - Magazin für Computertechnik«, Ausgabe 2/94\nDie Aufgaben eines Betriebssystems bestehen in der fairen Zuteilung der Systemressourcen an alle Bewerber und in der Abstraktion unterschiedlichster Hardware zu einer virtuellen Maschine. Für den Bereich der Plattenplatzverwaltung hat diese Aufgabe das Dateisystem. UNIX Dateisysteme haben eine mehr als zwanzigjährige Entwicklung hinter sich und dienten als Vorbild für die Dateisysteme vieler anderer Betriebssysteme. Trotz vieler Mängel der ursprünglichen Implementation haben sich die dahinter stehenden Ideen in den letzten zwanzig Jahren nicht wesentlich verändert.\nDaten wiederfinden UNIX schlägt sich auf den höheren Ebenen des Betriebssystems nicht mit Angaben zur Plattengeometrie herum. Es betrachtet eine Festplatte als ein langes Band von Plattenblöcken, die linear durchnummeriert sind. Die Umrechnung von linearen Blockadressen in Angaben von Zylinder, Kopf und Sektor ist entweder Aufgabe eines Festplattengerätetreibers oder - im Fall von SCSI - der Festplatte selbst. Die ersten paar Datenblöcke einer Festplatte sind reserviert für den Bootloader und ähnliche Dinge, die vor dem Betriebssystem geladen werden und deshalb außerhalb seiner Reichweite gelagert werden. Der Rest der Platte wird in Form eines Dateisystems verwaltet. UNIX operiert bei Dateisystemen mit der Blockgröße des Mediums. Anders als bei DOS werden die Verwaltungseinheiten auf einer Platte also nicht größer, wenn man sehr große Partitionen anlegt.\nDen Anfang eines Dateisystems bildet der sogenannte Superblock, der das Dateisystem selbst beschreibt. Er enthält Geometriedaten der Platte, gibt an, wie viele Blöcke das Dateisystem enthält und welche davon Verwaltungsinformationen und welche Daten enthalten.\nBild 1: Am Anfang des Dateisystems steht der Superblock. Er enthält alle Metainformationen, die das Dateisystem beschreiben. Der \u0026ldquo;vordere\u0026rdquo; Teil des Dateisystems enthält I-Nodes, Dateiköpfe, die alle Metainformationen über eine Datei speichern. In den Datenblöcken sind dann die eigentlichen Nutzdaten untergebracht. Das Bild zeigt eine I-Node mit ihren Verweisen auf die Datenblöcke der Datei.\nDie Basis der Dateiverwaltung bildet in UNIX eine Datenstruktur, die sogenannte index node oder I-Node (Bild 2).\nIn ihr sind - mit einer Ausnahme, dem Dateinamen - alle wesentlichen Informationen über eine Datei gesammelt. Für jede Datei, jedes Verzeichnis und jedes Gerät legt UNIX eine I-Node an, in der es alles vermerkt, was es über dieses Datenobjekt weiß. Dazu gehören zum einen Informationen über Zugriffsrechte, Dateieigentümer und Zeitmarken, zum anderen Verweise auf die Datenblöcke, die die Daten der Datei enthalten. Ursprünglich hat UNIX die I-Nodes eines Dateisystems in Form einer Tabelle zusammengefasst und am Anfang des Dateisystems untergebracht.\nDie Größe dieser Tabelle muss schon beim Anlegen des Dateisystems festgelegt werden, d.h. ein Systemverwalter auf einem UNIX-Rechner muss beim Formatieren einer Platte festlegen, wie viele Dateien später einmal maximal auf dieser Platte angelegt werden können. Üblicherweise berechnet man mindestens eine I-Node für jeweils 4 KB zur Verfügung stehenden Plattenplatz, sodass auf einer 200 MB Festplatte in etwa 50 000 I-Nodes angelegt werden. Zum Glück sind I-Nodes relativ kleine Datenstrukturen von nur 128 Bytes. Im Schnitt verschwinden also auf diese Weise 3 % des gesamten Plattenplatzes in Verwaltungsinformationen.\nstruct dinode { /*\tTyp Feldname Byte-Offset: Beschreibung */ u_short ino_mode; /* 0: Dateityp und Zugriffsrechte */ short ino_nlink; /* 2: Anzahl der Namen der Datei */ uid_t ino_uid; /* 4: Benutzernummer Dateieigentümer */ gid_t ino_gid; /* 6: Gruppennummer Dateieigentümer */ off_t ino_size; /* 8: Größe in Bytes */ time_t ino_atime; /* 16: Zeit des letzten Lesezugriffs */ long ino_atspare; /* in Sekunden seit 1.1.1970, 0 Uhr */ time_t ino_mtime; /* 24: Zeit des letzten Schreibzugriffs */ long ino_mtspare; time_t ino_ctime; /* 32: Zeit der letzten Statusänderung */ long ino_ctspare; daddr_t ino_db[NDADDR]; /* 40: Blocknummern der ersten 12 Datenblöcke */ daddr_t ino_ib[NIADDR]; /* 88: Blocknummern der 3 indirekten Datenblöcke */ long ino_blocks; /* 100: Größe der Datei in Blöcken */ long ino_gen; /* 104: Generationsnummer (NFS) */ }; Bild 2: Aufbau einer I-Node eines modernen UNIX-Dateisystems. Die Datenstruktur paßt in ein Feld von 128 Bytes, sodass ein Hardware-Plattenblock 8 I-Nodes halten kann. Sie enthält alle Metainformationen über eine Datei mit Ausnahme der Namen der Datei.\nUntersucht man die durchschnittliche Länge von Dateien in einem Dateisystem, dann stellt man fest, das kurze Dateien relativ häufig auftreten. Daher versucht UNIX, die Blocknummern der ersten paar Plattenblöcke einer Datei direkt in der I-Node zu speichern. In der I-Node aus Bild 2 werden die ersten 12 Datenblöcke einer Datei im Feld ino_db[] abgelegt. Wenn über ihre I-Nodenummer auf diese Datei zugegriffen wird, stehen die 12 direkten Datenblöcke der Datei also ohne weitere Leseoperation zur Verfügung.\nFür große Dateien ist dieses Verfahren natürlich nicht praktikabel, denn die I-Node würde dann sehr groß werden. Wächst eine Datei über die Größe von 12 Datenblöcken hinaus, besorgt UNIX einen freien Datenblock und trägt diesen als ersten indirekten Datenblock einer Datei ein. In diesem indirekten Datenblock werden jetzt die Blocknummern der weiteren Datenblöcke einer Datei abgelegt. Bei einer angenommenen Blockgröße von einem Kilobyte können in einem indirekten Block 256 Blocknummern gespeichert werden, von denen jede einen Datenblock von einem Kilobyte adressiert. Zusammen mit den direkten Datenblöcken können also Dateien bis zu einer Größe von 266 KB angelegt werden, ohne daß mehr als eine Ebene der Indirektion durchlaufen werden muss. Modernere Dateisysteme, die mit einer Blockgröße von 8 Kilobyte arbeiten, bringen 2048 Blocknummern in einem Block unter und können so bis zu 16 Megabyte große Dateien mit einem einzigen indirekten Block verwalten.\nFür noch größere Dateien sieht UNIX doppelt indirekte Blöcke vor, die die Blocknummern von einfach indirekten Blöcken enthalten. Diese wiederum zeigen dann endlich auf die Daten. Bei einer Blockgröße von 8 KB kann man mit diesem Schema schon mehr als die vier Gigabyte verwalten, die sich im Größenfeld ino_size einer I-Node verwalten lassen. Bei Dateisystemen mit einer Blockgröße von einem Kilobyte muss dagegen ab einer Dateigröße von 64 MB von einem dreifach indirekten Block Gebrauch gemacht werden (Bild 3). Zum Glück sind zum Laden eines solchen Datenblockes aber keine vier Plattenzugriffe notwendig, denn alle UNIX-Versionen haben einen Plattencache, der häufig benötigte Daten im RAM präsent hält.\nBild 3: Von der I-Node zu den Datenblöcken einer Datei\nBei der Belegung von Plattenblöcken für eine Datei ist UNIX sehr effizient. Nur diejenigen Blöcke einer Datei, die schon einmal beschrieben wurden, belegen auch wirklich Platz auf der Platte. Wird beispielsweise begonnen, einen doppelt indirekten Block zu verwenden, so wird für diesen zunächst der erste einfach indirekte Block beschafft und belegt. Die Blocknummern der anderen indirekten Blöcke werden dagegen einfach auf Null gesetzt.\nDas führt zu interessanten Effekten bei Dateien, die nicht durchgehend beschrieben werden: Legt man unter UNIX eine neue Datei an und bewegt dann den Dateizeiger irgendwo in die oberen Megabytes, um dort ein einziges Byte zu beschreiben, dann wird nur der eine Datenblock belegt, der notwendig ist, um dieses Byte zu speichern (plus der möglicherweise notwendigen indirekten Blöcke, die notwendig sind, um den Block zu erreichen). Die Blocknummer aller anderen nicht verwendeten Blöcke bleiben auf Null stehen und es werden auch keine Datenblöcke zwischen dem gespeicherten Byte und dem Dateianfang angefordert. Es entsteht eine Datei, die in der Verzeichnisausgabe viele Megabytes groß erscheint, in Wirklichkeit aber nur wenige Kilobytes belegt. Eine solche Datei nennt man in UNIX eine dünn besetzte Datei (sparse file). Beim Lesen einer solchen Datei werden für die nicht vorhandenen Blöcke entsprechend viele Nullbytes zurückgemeldet.\nDas kann beim Kopieren oder Sichern solcher Dateien natürlich zu seltsamen Effekten führen, wenn man nicht aufpasst: Beim naiven Kopieren wird eine Datei von vorne nach hinten durchgelesen und die gelesenen Daten werden in die Zieldatei geschrieben. Während eine dünn besetzte Quelldatei also möglicherweise nur wenige Blöcke wirklich belegt, wird die Zieldatei von vorne nach hinten beschrieben und belegt dann wirklich so viel Platz, wie im Verzeichnis angegeben. Dateien, die ein Abbild eines häufig ebenfalls dünn besetzten Prozessadressraumes darstellen, sind oft sparse files: Die shared libraries in einem Linux-System oder Speicherabzüge von gecrashten Programmen unter SunOS sollten tunlichst nicht naiv kopiert werden.\nDateinamen Die I-Node enthält gesammelt alle Informationen, die UNIX über eine Datei hat, mit einer Ausnahme: dem Dateinamen. Dateinamen speichert UNIX in besonderen Dateien, den Verzeichnissen. Ein Verzeichnis ist n jeder Hinsicht eine normale Datei mit einer I-Node, Datenblöcken und so weiter. Verzeichnisdateien werden jedoch nicht von Benutzerprogrammen, sondern ausschließlich vom Betriebssystem verwaltet. Es unterhält in einem Verzeichnis eine feste Satzstruktur.\nBeim älteren UNIX-Dateisystem ist diese sehr einfach aufgebaut: Ein Verzeichnis besteht aus Datensätzen zu 16 Byte Länge. Die ersten 2 Byte enthalten die I-Nodenummer einer Datei, die folgenden 14 Byte nehmen einen Dateinamen auf. Falls ein Dateiname kürzer als 14 Zeichen ist, wird er einfach mit Nullbytes aufgefüllt. Bei moderneren UNIX-Systemen ist die Verzeichnisstruktur etwas komplizierter, um 4 Byte lange I-Nodenummern und bis zu 255 Byte lange Dateinamen ohne große Platzverschwendung verwalten zu können, aber im Prinzip handelt es sich immer noch um eine einfache Zuordnung von Name zu I-Nodenummer.\nEs ist in UNIX ohne weiteres möglich, mehr als einen Dateinamen für eine Datei zu vergeben. Dazu wird einfach mit der Systemfunktion link() in einem weiteren Verzeichnis ein Namenseintrag gemacht, der dieselbe I-Nodenummer hat wie der erste Name der Datei. Im Feld ino_nlink einer I-Node wird die Anzahl der Namen einer Datei gezählt. Beide Namen einer Datei sind gleichberechtigt und nicht voneinander zu unterscheiden: Man kann nicht sagen, welcher von zwei Namen einer Datei der erste und welcher der zweite Name der Datei war. Anstatt eine Datei zu löschen, kann man in UNIX nur die Anzahl ihrer Namen um Eins vermindern. Sobald die Anzahl der Namen einer Datei Null wird, gibt das Betriebssystem dem Plattenplatz frei, der zu einer Datei gehört.\nBild 4: Das alte System V UNIX Dateisystem behandelt Verzeichnisse als gewöhnliche Dateien mit einer festen Satzstruktur von 16 Byte. Die ersten beiden Byte enthalten die I-Node Nummer einer Datei, die folgenden 14 Bytes stellen den Namen der Datei (mit Nullbytes aufgefüllt) dar.\nIm BSD Dateisystem sind längere Dateinamen erlaubt. Um die Platzverschwendung zu minimieren, ist die Struktur eines Verzeichnisses etwas komplizierter, aber das Prinzip der Zuordnung eines Namens zu einer I-Nodenummer wird nicht verletzt.\nUm eine Datei zu öffnen, muss ihr Name in eine I-Nodenummer übersetzt werden. Nach dem Öffnen der Datei arbeitet das Betriebssystem dann intern ausschließlich mit der I-Nodenummer weiter. Die Übersetzung von Namen in Nodenummern wird in UNIX an einer zentralen Stelle im Betriebssystemkern abgehandelt, in der Kern-internen Funktion namei(). Für jeden Prozess verwaltet UNIX in der Prozessstruktur zwei Einträge, in denen die I-Nodenummer des Hauptverzeichnisses und des aktuellen Verzeichnisses dieses Prozesses hinterlegt sind. Wenn dem Betriebssystem in einem Systemaufruf ein Pfadname übermittelt wird, wird zunächst geprüft, ob es sich um einen absoluten oder relativen Pfadnamen handelt. Je nachdem, ob der Pfadname mit einem führenden \u0026ldquo;/\u0026rdquo; beginnt, wird entweder im Hauptverzeichnis oder im aktuellen Verzeichnis des Prozesses begonnen, den Pfadnamen aufzulösen. namei() isoliert dazu die erste Komponente des Pfadnamens und sucht diese im Startverzeichnis der Suche. Sobald der gesuchte Namenseintrag dort gefunden ist, kann die zugehörige I-Nodenummer abgelesen werden und das nächste Stück des Pfadnamens aufgelöst werden.\nIn Bild 5 ist zu sehen, was bei der Auflösung eines Pfadnamens wie \u0026ldquo;/bin/ls\u0026rdquo; passiert: Weil der Pfadname mit einem \u0026ldquo;/\u0026rdquo; beginnt, durchsucht namei() das Hauptverzeichnis des Prozesses, der den Systemaufruf getätigt hat, nach einem Eintrag für \u0026ldquo;bin\u0026rdquo;. Sobald die I-Nodenummer für das \u0026ldquo;bin\u0026quot;-Verzeichnis gefunden ist, kann es nach einem Eintrag für \u0026ldquo;ls\u0026rdquo; durchsucht werden. Erst wenn die I-Nodenummer von \u0026ldquo;ls\u0026rdquo; bekannt ist, kann die Datei geöffnet oder geladen werden. Bei der Auflösung von Pfadnamen ergibt sich also eine wechselseitige Verkettung von Datenblöcken und I-Nodes: I-Nodes enthalten Zeiger auf Datenblöcke und die Datenblöcke eines Verzeichnisses enthalten Zeiger auf I-Nodes.\nBild 5: Zugriffe beim Auflösen eines Pfadnamens\nZugriffsrechte In der I-Node existiert ein Feld ino_mode. Es enthält neben anderen Informationen 9 Bits, die die Zugriffsrechte auf die Datei festlegen. UNIX unterscheidet an jedem Objekt im Dateisystem 3 Rechte: r-Recht bestimmt, ob eine Datei zu Lesen geöffnet werden darf, w-Recht bestimmt, ob eine Datei beschrieben werden darf und x-Recht bestimmt, ob eine Datei ausgeführt werden kann. Diese Rechte rwx sind jeweils einmal für den Eigentümer der Datei, für Angehörige seiner Benutzergruppe und für den Rest der Welt vorhanden, sodass sich insgesamt 9 Rechte-Bits ergeben.\nDa Verzeichnisse auch Dateien sind, haben auch sie diese Zugriffsrechte. In Zusammenhang mit Verzeichnissen werden sie jedoch etwas anders interpretiert: r-Recht an einem Verzeichnis erlaubt einem Benutzer, die Namensliste eines Verzeichnisses zu lesen. w-Recht an einem Verzeichnis gestattet es ihm, Dateien anzulegen oder zu löschen. x-Recht schließlich ist notwendig, um auf die Dateien in einem Verzeichnis zuzugreifen. In Bild 5 ist zu sehen, an welchen Stellen welche Zugriffsrechte geprüft werden, wenn die Datei \u0026ldquo;/bin/ls\u0026rdquo; zum Lesen geöffnet werden soll: Zunächst einmal muss am Hauptverzeichnis x-Recht vorhanden sein, damit auf die Datei \u0026ldquo;bin\u0026rdquo; zugegriffen werden kann, die im Hauptverzeichnis enthalten ist. Danach wird auf ein x-Recht am \u0026ldquo;bin\u0026quot;-Verzeichnis geprüft, um auf die Datei \u0026ldquo;ls\u0026rdquo; zugreifen zu können. Und schließlich muss an der Datei \u0026ldquo;ls\u0026rdquo; selbst noch r-Recht vorhanden sein, damit auf die Datenblöcke der Datei lesen zugegriffen werden darf.\nx-Recht an einem Verzeichnis ist also immer dann erforderlich, wenn namei() einem Zeiger aus diesem Verzeichnis in die I-Nodetabelle folgen muss. In Bild 5 sind diese aufwärts führenden Pfeile etwas dicker hervorgehoben.\nFragmente Dateisysteme verwalten den Plattenplatz in Form von Blöcken fester Größe. Deswegen ist am Ende der meisten Dateien ein Block vorhanden, der nicht ganz ausgenutzt werden kann, denn bei den meisten Dateien ist die Dateilänge nicht genau ein Vielfaches der Blockgröße des Dateisystems. So geht, abhängig von der mittleren Dateigröße und der Blockgröße des Dateisystems ein mehr oder weniger großer Anteil des Plattenplatzes verloren. Je kleiner die Verwaltungseinheiten des Dateisystems sind, umso effektiver kann es seinen Platz verwalten. Andererseits ist der Datendurchsatz eines Dateisystems um so größer, je größer die Blöcke sind, die es verwaltet. Und schließlich kann man bei der Verwendung von großen Datenblöcken oft mehrfach indirekte Blöcke einsparen und macht das Dateisystem auf diese Weise schneller und reduziert den Verwaltungsaufwand. In modernen UNIX-Dateisystem löst man dieses Dilemma, indem man ein Dateisystem mit einer relativ großen Blockgröße (meistens 8 Kilobyte) anlegt, Dateienden aber in speziellen Blöcken, den Fragmenten, speichert. Fragmente werden erzeugt, in dem man einen normalen Plattenblock in mehrere gleich grosse Teilblöcke unterteilt, die jeweils das Dateiende einer anderen Datei aufnehmen können.\nBild 6: Zwei Dateienden in einem fragmentierten Block\nAuf diese Weise werden die Dateienden verschiedener Dateien praktisch in einem Block zusammen komprimiert und der Verlust an Plattenplatz durch nicht ausgenutzte Blöcke wird reduziert. Trotzdem kann das Dateisystem die meiste Zeit mit vollständigen, großen Blöcken arbeiten und so hohe Geschwindigkeiten erreichen. Der Nachteil dieses Systems ist, daß ein Dateiende unter Umständen mehrfach umkopiert werden muss, wenn eine Datei wächst: Zunächst passt das Dateiende noch in sein Fragment hinein, wenn es wächst, muss jedoch ein größeres Fragment gesucht werden, das jedoch durch weitere Schreiboperationen sofort wieder überläuft, bis die Datei endlich den nächsten vollständigen Block füllt. Solche Kopieroperationen lassen sich vermeiden, wenn Anwendungsprogramme ihre Schreiboperationen der Blockgröße des Dateisystems anpassen. Da so etwas sehr unbequem ist, wenn man es selber programmieren muss, nimmt die C-Standardbibliothek in einem UNIX-System einem diese Arbeit ab: Sie fragt die Blockgröße des unterliegenden Dateisystems ab und stimmt ihre Schreibzugriffe so ab, daß mit maximaler Geschwindigkeit geschrieben werden kann.\nWeitere Geschwindigkeitsvorteile lassen sich erzielen, wenn man dafür sorgen kann, daß Dateien möglichst hintereinanderliegende Blöcke auf einer Platte belegen. Die Platte kann in diesem Fall ihren internen Cache füllen und die Daten schneller abliefern. Außerdem entfallen Bewegungen des Schreib-/Lesekopfes der Platte. Wie man am Beispiel von DOS sehen kann, ist es leider ist es nicht damit getan, die Blöcke einer Datei hintereinander anzuordnen. Man muss ausserdem auch Platz lassen, damit Dateien wachsen können.\nBild 7: Durch unkluge Anordnung von Daten zerstückelt MS-DOS Dateien in kleine, nicht zusammenhängende Fragmente.\nModerne UNIX-Dateisysteme unterteilen eine Festplatte deswegen in Streifen von einigen Megabyte Größe, sogenannte cylinder groups. Jeder dieser Streifen enthält eine eigene kleine I-Nodetabelle und seinen Anteil an Datenblöcken. Neue Dateien werden in derjenigen Zylindergruppe angelegt, die im Verhältnis am meisten freie Datenblöcke aufzuweisen hat. Dadurch wird sichergestellt, daß solche Dateien gerade nicht direkt hintereinanderliegen, sondern genügend freien Platz haben, um zu wachsen. Bei sehr langen Dateien wird außerdem nach dem Schreiben von jeweils einem Megabyte an Daten ein Wechsel der Zylindergruppe erzwungen: Man geht davon aus, daß man sehr lange Dateien sowieso nicht in einem Stück zusammenhängend lagern kann. Stattdessen versucht man, die einzelnen Stücke möglichst groß zu machen.\nBild 8: Das BSD Fast Filing System unterteilt die Platte in Streifen von einigen MB Größe. Das Betriebssystem versucht durch verschiedene Verfahren, das Verhältnis von belegten Datenblöcken zu belegten I-Nodes in allen cylinder groups einer Platte in etwa ausgewogen zu halten. Dadurch ist das Dateisystem effektiv selbst defragmentierend.\nAußerdem würde eine sehr lange Datei alle Datenblöcke, aber nur eine einzige I-Node in einer Zylindergruppe belegen. Die Daten zu den I-Nodes aller weiteren Dateien in derselben Zylindergruppe müssten dann auf andere Zylindergruppen verlagert werden, was dort wiederum das ausgewogene Verhältnis zwischen freien I-Nodes und freien Datenblöcken stören würde. Dadurch, dass man jeweils ein Megabyte einer sehr großen Datei auf eine andere Zylindergruppe verlagert, wird der Platz auf der Platte gleichmäßig verbraucht. Man verhindert, daß andere Dateien dann nicht mehr günstig auf der Platte angeordnet werden können.\nAbgeleitete Dateisysteme Die grundlegenden Strukturen des UNIX-Dateisystems wurden von Ritchie und Thompson vor 20 Jahren in den Laboratorien von AT\u0026amp;T entwickelt und haben sich grundsätzlich bewährt. Selbst das Entwicklerteam von BSD UNIX, das das Dateisystem vor 10 Jahren einer gründlichen Überarbeitung unterzogen hat, hat die zugrundeliegenden Ideen nicht verändert, sondern UNIX lediglich beigebracht, auf die Geometrie der Platte Rücksicht zu nehmen, um weitere Geschwindigkeitsgewinne zu erzielen.\nDas UNIX-Dateisystem ist dem nur halb so alten, aber wesentlich weniger effektiv organisierten MS-DOS Dateisystem in Sachen Geschwindigkeit, Zugriffsschutz und Benutzerfreundlichkeit weit überlegen. Die Ideen der UNIX-Entwickler waren letztlich so überzeugend, daß sie sich letztendlich im OS/2 HPFS und schließlich auch im Dateisystem von Windows NT wiederfinden.\nBild 9: 26 Laufwerksbuchstaben wären für eine gut ausgelastete Workstation viel zu wenig. UNIX kennt deswegen nur einen einzigen Dateibaum. Beim Anmelden (mounten) eines Dateisystems wird eine Platte an einer bestimmten Stelle in den Verzeichnisbaum eingehängt. Beim Wechsel des Verzeichnisses wechselt man so auch gleich die Platte oder bei Netzwerkplatten sogar den Rechner, auf dem man aktiv ist.\nLiteratur \u0026ldquo;The UNIX Time Sharing System\u0026rdquo;, Ritchie, Thompson, Communications of the ACM 7/74, p.365 \u0026ldquo;A Fast File System for UNIX\u0026rdquo;, McKusick et al, ACM Trans. on Computer Systems, August 84, p.181 \u0026ldquo;Operating Systems\u0026rdquo;, A. Tanenbaum, Prentice-Hall \u0026ldquo;The Design of the UNIX Operating System\u0026rdquo;, M. Bach, Prentice-Hall \u0026ldquo;The Design of the 4.3 BSD UNIX Operating System\u0026rdquo;, McKusick, Addison-Wesley \u0026ldquo;Advanced Programming in the UNIX Environment,\u0026rdquo; W. R. Stevens, Addison-Wesley ","date":"1994-02-01T00:00:00Z","href":"https://blog.koehntopp.info/1994/02/01/dateisysteme.html","tags":["lang_de","publication","unix"],"title":"UNIX Dateisysteme"},{"categories":null,"content":" TCP/IP Technik Ein SMTP Dialog aus »c\u0026rsquo;t - Magazin für Computertechnik«, Ausgabe 4/93\nTCP/IP Technik Rechner miteinander zu vernetzen ist heutzutage kein Problem mehr, so scheint es. Um die Rechner im Büro zu verbinden, nimmt man Ethernet, ARCNET oder Token-Ring; für die Anbindung von Außenstellen stehen Modems, Datex-P und neuerdings auch ISDN zur Verfügung und um mal eben einige Daten von seinem Mac auf den Atari zu überspielen, legt man ein Nullmodemkabel. Alle diese Netze haben ihre Stärken und Schwächen und dementsprechend ihre Einsatzgebiete.\nLeider haben diese Netze aber auch alle eine unterschiedliche Schnittstelle der Anwendung gegenüber. Das fängt schon bei den Adressen an (Datex-P Adressen sehen anders aus als Adressen in einem Ethernet) und hört erst wieder bei den grundlegenden Konzepten des jeweiligen Netzwerks auf. Wie schön wäre es, würden alle diese Netzwerke zusammenarbeiten können, sodaß man Daten auf dieselbe Art und Weise vom Wohnzimmer in den Hobbykeller wie von einem Ende der Welt zum anderen verschicken könnte, wenn man die verschiedenen Netzwerke miteinander vernetzen könnte.\nGenau diese Anforderung erfüllen die TCP/IP-Protokolle, die im Internet verwendet werden.\nWas kann TCP/IP? gibt einem die Unabhängigkeit von Hardware des unterliegenden Trägernetzes. gibt einem eine netzwerkweit einheitliche Adresse. präsentiert dem Programmierer eine einheitliche, geschlossene API. bietet einen Baukasten von standardisierten High-Level-Protokollen für die verschiedensten Netzwerkdienste. ist eine offene Protokollfamilie, die unabhängig von Herstellern entwickelt wurde. Um die Entwicklung und das Verständnis von Rechnernetzen zu erleichtern, hat die International Standards Organisation (ISO) ein Architekturmodell für Rechnernetze entwickelt, das OSI Referenzmodell. Dieses Modell teilt den Prozess des Verschickens von Daten über ein Rechnernetz in 7 übereinanderliegende Schichten ein, die einander zuarbeiten und jede für sich eine bestimmte Abstraktionsebene kennzeichnen. Weil diese Schichten in der Abbildung übereinander liegen, redet man oft auch von einem Protokollstapel.\nBild 1: OSI Referenzmodell\nWenn Daten zwischen zwei Rechnern übertragen werden, erscheint es im Programmiermodell so, als würden zwei gleiche Schichten auf verschiedenen Rechnern miteinander kommunizieren. Die Details der darunterliegenden Abstraktionsebenen werden vor den darüberliegenden Schichten verborgen. Beispielsweise ist es die Aufgabe der Schicht 2, eine fehlerfreie Verbindung zwischen zwei benachbarten Netzknoten zur Verfügung zu stellen. Das bedeutet, dass die Schicht 3 sich mit den Details der Datenübertragung zwischen zwei Maschinen nicht mehr zu befassen hat. Sie kann mit der Schicht 3 der Gegenstelle kommunizieren, ohne sich um Einzelheiten der Datenübertragung und möglicherweise auftretende Fehler kümmern zu müssen.\nIn Wirklichkeit besteht jedoch die einzige Verbindung zwischen zwei Rechnern auf der Ebene 1, der physikalischen Schicht. Wenn Daten zu senden sind, werden sie von einer Schicht zur jeweils darunterliegenden Schicht weitergereicht. Damit die einzelnen Schichten voneinander unabhängig sind, müssen die Schnittstellen zwischen den Schichten natürlich bekannt und definiert sein. Diese Art von Modulbildung erleichtert die Wartung und Entwicklung von neuen Netzwerkprotokollen und die Fehlersuche.\nInternetworking Protocol (IP) Auch TCP/IP hat einen ähnlichen, schichtweisen Aufbau, wenn es auch nicht so vielfach unterteilt ist wie das OSI-Modell; üblicherweise unterscheidet man vier Schichten. Die Grundlage des TCP/IP-Protokollturms bildet die Netzwerkschicht, deren Aufgabe der eigentliche Datentransport ist.\nTCP/IP ist kein Netzwerkprotokoll, das von der Hardware direkt verstanden wird. Normalerweise werden TCP/IP-Daten immer über ein vorhandenes Trägernetz, etwa Ethernet oder X.25, übertragen, denn die Aufgabe von TCP/IP ist es ja gerade, solche vorhandenen Netzwerke zu vereinheitlichen. Im OSI-Modell deckt die Netzwerkschicht also die Hardwareschichten 1 und 2 sowie in einigen Fällen auch noch Teile der Schicht 3 ab.\nAuf der Netzwerkschicht aufbauend liegt die Internet-Schicht, die die erste Abstraktionsschicht von einem konkreten Netzwerk darstellt. Damit ist das Internet-Protokoll, kurz IP, der Kern von TCP/IP, denn es stellt den grundlegenden Dienst des Netzes zur Verfügung: den Versand von Datenpaketen, sogenannten Datagrammen, über verschiedene Netze hinweg.\nDie Netzwerkschicht hat keine Information darüber, von welcher Art die Daten sind, die sie befördert: Für eine Ethernetkarte sind die ankommenden Daten eben einfach nur Daten, die vom Netz kommen. Der Kartentreiber interpretiert einen Teil dieser Daten als IP-Header und den Rest als Datenteil eines IP-Paketes. Auf diese Weise ist der IP-Header innerhalb eines Ethernet-Paketes gewissermaßen eingekapselt. Aber auch das IP-Paket selbst enthält selbst wieder ein Datenpaket für eine höhere Protokollebene, dessen Header auf der IP-Ebene als Bestandteil der Daten erscheint.\nBild 2: Kapselung von Daten in ein Protokollpaket der nächstniederen Schicht.\nIP ist ein verbindungsloses Protokoll, das bedeutet, IP kennt keinen Verbindungszustand. Es ist also nicht notwendig, eine IP-Verbindung zu einem Rechner zu \u0026ldquo;öffnen\u0026rdquo;, bevor man Daten zu diesem Rechner senden kann, sondern es genügt, das IP-Paket einfach abzusenden. Bei einem verbindungsorientierten Protokoll wird beim Öffnen einer Verbindung getestet, ob der Zielrechner überhaupt erreichbar ist. Ein verbindungsloses Protokoll macht das nicht und kann demnach auch nicht garantieren, daß ein Datenpaket überhaupt beim Empfänger ankommt. IP garantiert auch nicht, daß ein von einem einmal abgeschickten Datenpaket nur eine Kopie beim Empfänger ankommt, oder dass in einer Reihenfolge abgeschickte Datenpakete auch wieder in dieser Reihenfolge empfangen werden. Dadurch ist es möglich, daß längere Transfers von einem Rechner zum anderen, die über mehrere Zwischenrechner laufen, beim Ausfall eines dieser Rechner dynamisch neu konfiguriert werden. Irgendwann während der Übertragung bricht ein Übertragungsweg zusammen und es wird ein neuer Weg zum Ziel gesucht und benutzt. Da der neue Weg zeitlich länger oder kürzer sein kann als der alte, kann man keine allgemein gültigen Aussagen darüber machen, in welcher Reihenfolge IP-Pakete beim Empfänger eintreffen. Es kann auch sein, daß bei dieser Umschalterei IP-Pakete verloren gehen oder verdoppelt werden. Alle diese Unebenheiten auszubügeln überläßt IP anderen, höherliegenden Schichten im Protokollturm.\nBild 3: Aufbau eines Internet Protocol (IP) Headers. Eine Zeile stellt ein Langwort (4 Byte) dar. Das höchstwertigste Byte eines Langwortes wird als erstes übertragen (Network Byte Order).\nDie Hauptaufgabe von IP ist es also, die Unterschiede zwischen den verschiedenen, unterliegenden Netzwerkschichten zu verbergen und eine einheitliche Sicht auf die verschiedensten Netzwerktechnologien zu präsentieren. Dazu gehören die Einführung eines einheitlichen Adressierungsschemas und eines Fragmentierungsmechanismus, der es ermöglicht, große Datenpakete durch Netze mit kleiner maximaler Paketgröße zu senden.\nJedes IP-Paket enthält zwei Adressen in Form von 32 Bit Worten: Die Absender- und die Empfängeradresse. Eine Internet-Adresse wird meist in Form von vier, durch Punkte getrennten Bytes notiert, man spricht in diesem Fall von der \u0026ldquo;dotted quad\u0026rdquo;-Schreibweise. Um die Zustellung von IP-Paketen zu vereinfachen, unterteilt man die Adresse in zwei Teile: Den Netzwerkteil und den Rechnerteil. Ein Router muss, um ein Datenpaket zustellen zu können, nur den Netzwerkteil einer Adresse erkennen. Erst im Zielnetzwerk wird der Rechnerteil einer Adresse ausgewertet. Um den verschiedenen Anforderungen gerecht zu werden, was die Größe von Netzwerken angeht, unterscheidet man verschiedene Aufteilungen der 32 Adreßbits:\nbei Netzwerken der Klasse A ist das erste Bit der IP-Adresse 0. Die folgenden 7 Bit bilden den Netzwerkteil der Adresse und die restlichen 24 Bits bilden den Rechnerteil. Es kann also weniger als 128 verschiedene Klasse A Netzwerke geben, aber jedes dieser Netze aus Millionen von Rechnern bestehen. Ein typischer Vertreter ist zum Beispiel das amerikanische MILNET, das sich über das ganze Land erstreckt. bei Netzwerken der Klasse B fängt die Adresse mit der Bitfolge \u0026ldquo;10\u0026rdquo; an. Die folgenden 14 Bit stellen den Netzwerkteil der Adresse dar, die restlichen 16 Bit den Rechnerteil. Es kann also Tausende von Klasse B Netzen mit jeweils tausenden von Rechnern geben. Ein typischer Vertreter ist das Campusnetzwerk einer großen Universität. bei Netzwerken der Klasse C fängt die Adresse mit der Bitfolge \u0026ldquo;110\u0026rdquo; an. Die folgenden 21 Bit stellen den Netzwerkteil der Adresse dar, die restlichen 8 Bit den Rechnerteil. Es kann also Millionen von Netzwerken der Klasse C geben, von denen jedes weniger als 256 Rechner beherbergt. Standardmässig bekommt man ein Klasse C Netz, wenn man ein Netzwerk beim NIC anmeldet. fängt eine Adresse mit den Bits \u0026ldquo;111\u0026rdquo; an, so hat sie eine Spezialbedeutung. Manchmal werden solche Adressen als Klasse D Adressen bezeichnet. Höherliegende Protokolle und Dienste bieten dem IP-Benutzer Mechanismen, die Namen Internet-Adressen zuordnen und umgekehrt.\nWeil das Internet-Protokoll wie bereits erwähnt normalerweise immer auf einem Trägernetzwerk aufsetzt, muss es noch eine andere Eigenschaft der unterliegenden Netzwerkschicht verbergen: Normalerweise existiert bei allen Netzwerken eine maximale Größe, die ein Datenpaket haben kann. Im IP-Jargon nennt man diese Grenze die \u0026ldquo;maximum transmisson unit\u0026rdquo;, MTU. Natürlich ist diese Obergrenze je nach verwendeter Trägertechnik unterschiedlich. Die Internet-Schicht teilt IP-Pakete, die größer als die MTU des verwendeten Netzwerks in kleinere Stücke, sogenannte Fragmente auf. Auf dem Zielrechner werden diese Fragmente dann wieder zu vollständigen IP-Paketen zusammengesetzt, bevor sie an die darüberliegenden Protokolle weiter gegeben werden.\nWelches darüberliegende Protokoll der Transportschicht das Datenpaket bekommt, steht im \u0026ldquo;Protokoll\u0026rdquo;-Feld eines jeden IP-Paketes. Jedes Protokoll der Transportschicht bekommt eine eindeutige Identifikationsnummer zugewiesen, anhand derer der IP-Treiber entscheiden kann, wie weiter mit dem Paket zu verfahren ist. Eines der wichtigsten Protokolle der Transportschicht ist TCP.\nWas leistet TCP? Die Aufgabe von TCP ist es, die oben geschilderten Defizite von IP zu verbergen. Für den TCP-Benutzer soll es nicht mehr sichtbar sein, daß die darunterliegenden Protokollschichten Datenpakete versenden, sondern stattdessen soll der Benutzer mit einem Bytestrom wie bei einer normalen Datei arbeiten können. TCP garantiert das Ankommen, die Einmaligkeit und die Reihenfolge der Daten. Zusätzlich multiplext TCP die Verbindung zwischen zwei Rechnern: Während auf der Internet-Schicht nur eine Verbindung zur Zeit zwischen zwei Rechnern bestehen kann, teilt TCP diese Verbindung in viele virtuelle Kanäle auf.\nIm Gegensatz zu IP ist TCP verbindungsorientiert. Das muss so sein, denn TCP-Verbindungen sollen ja für den Benutzer wie Dateien zu handhaben sein. Das bedeutet, eine TCP-Verbindung wird wie eine Datei geöffnet und geschlossen, und man kann seine Position innerhalb des Datenstromes bestimmen, genau wie man bei einer Datei die Position des Dateizeigers angeben kann.\nAuch TCP sendet die Daten in größeren Einheiten, um den Verwaltungsaufwand durch Header und Kontrollinformation kleinzuhalten. Im Gegensatz zu den IP-\u0026ldquo;Paketen\u0026rdquo; bezeichnet man in die Einheiten der Transportschicht als \u0026ldquo;Segmente\u0026rdquo;. Jedes gesendete TCP-Segment hat eine eindeutige Folgenummer, die die Position seines ersten Bytes im Bytestrom der Verbindung angibt. Anhand dieser Nummer kann die Reihenfolge der Segmente korrigiert werden und doppelt angekommene Segmente können aussortiert werden. Da die Länge des Segmentes aus dem IP-Header bekannt ist, können auch Lücken im Datenstrom entdeckt werden und der Empfänger kann verloren gegangene Segmente neu anfordern.\nBeim Öffnen einer TCP-Verbindung werden zwischen beiden Kommunikationspartnern Kontrollinformationen ausgetauscht, die sicherstellen, daß der Endpunkt der Verbindung existiert und Daten annehmen kann. Dazu schickt der Sender ein Segment mit der Aufforderung, die Folgenummern zu synchronisieren. Der Empfänger weiß jetzt, daß der Sender eine Verbindung öffnen möchte und an welcher Position im Datenstrom der Sender anfangen wird zu zählen. Der Empfänger bestätigt den Empfang der Nachricht und legt seinerseits eine Folgenummer für Übertragungen in Gegenrichtung fest. Der Sender bestätigt nun seinerseits den Empfang der Folgenummer von B und beginnt dann mit der Übertragung von Daten. Diese Art des Austausches von Kontrollinformation, bei der jede Seite die Aktionen der Gegenseite bestätigen muss, ehe sie wirksam werden können, heisst \u0026ldquo;Dreiweg-Handshake\u0026rdquo;. Auch beim Abbau einer Verbindung wird auf diese Weise sichergestellt, daß beide Seiten alle Daten korrekt und vollständig empfangen haben.\nBild 4: Aufbau eines Transmission Control Protocol (TCP) Headers.*\nWährend der Übertragung kann der Empfänger dem Sender im Feld \u0026ldquo;Fenstergröße\u0026rdquo; signalisieren, für wie viele Bytes er noch Pufferkapazität frei hat. Der Sender darf nicht mehr Daten senden, als der Empfänger auf diese Weise freigegeben hat, bis er eine weitere Empfangsbestätigung mit einer neu festgelegten Fenstergröße vom Sender erhält. Auf diese Weise kann der Empfänger den Datenfluß vom Sender nach Wunsch dosieren. Wenn der Empfänger dem Sender eine Fenstergröße von Null Byte signalisiert, muss der Sender den Transfer unterbrechen, bis er eine zweite Bestätigung mit einer Fenstergröße ungleich Null bekommt.\nAuf einem Rechner können mehrere Prozesse zu einem Zeitpunkt TCP-Verbindungen geöffnet haben. Die Portnummer in jedem TCP-Segment gibt an, welche virtuelle Verbindung zu welchem Prozess gehört. So ist es möglich, Leitungen für eine Vielzahl von Prozessen zu multiplexen. Vom Standpunkt eines Modembenutzers aus kann man TCP/IP also in gewisser Weise als eine Art glorifiziertes ZMODEM- oder BIMODEM-Protokoll betrachten: Es ist nicht nur eine Übertragung von Daten in beide Richtungen gleichzeitig möglich, sondern es können pro Richtung noch mehrere Verbindungen zugleich unterhalten werden.\nDamit die verschiedenen Schichten des Protokollturms miteinander Daten austauschen können, müssen jeweils zwei aneinanderstoßende Schichten sich jeweils über ein gemeinsames Interface einig sein. Normalerweise sind diese Interfaces nicht interessant, weil sie für den Anwender unsichtbar sind. Das Interface der Internet-Schicht ist zum Beispiel nur für denjenigen interessant, der TCP oder ein vergleichbares Protokoll selbst implementieren möchte. Das Interface zwischen der Transportschicht und der Anwendungsschicht ist jedoch von besonderem Interesse, denn es stellt das Interface dar, mit dem ein Programmierer umgehen muss, der eine Anwendung schreiben möchte, die von den Möglichkeiten von TCP/IP Gebrauch macht.\nLeider gibt es zwei verschiedene, inkompatible APIs für TCP/IP. Die ältere der beiden ist als \u0026ldquo;Berkeley Sockets\u0026rdquo; bekannt geworden und in BSD UNIX zusammen mit der ersten Version von TCP/IP implementiert worden. Die andere API ist das \u0026ldquo;Transport Level Interface\u0026rdquo;, kurz TLI, von AT\u0026amp;T. Es stellt den Versuch dar, eine generelle, TCP/IP unabhängige API für Netzwerkprogrammierung zu schaffen. Die Namen und Parameter der TLI-Aufrufe orientieren sich dabei an der Begriffswelt der OSI.\nDie Grenze zwischen der Anwendungsschicht und der Transportschicht ist in den meisten Implementierungen zugleich die Grenze zwischen dem Betriebssystem und den Anwendungsprogrammen. Im OSI-Modell ist diese Grenze in etwa die Grenze zwischen den Schichten 4 und 5. Daher ordnet man IP vorwiegend ungefähr in die Ebene 3 und TCP ungefähr in Ebene 4 des OSI-Modells ein. Da TCP/IP jedoch älter und einfacher als das OSI-Modell sind, kann diese Einordnung nicht genau passen.\nTypische TCP/IP Dienste Auf TCP/IP setzen viele verschiedene Dienste auf, von denen die meisten ein eigenes, anwendungsspezifisches Protokoll zwischen ihrem Server und den verschiedenen Client-Programmen verwenden. Der UNIX-Tradition folgend kommunizieren viele dieser Anwendungen zwar in einem formalisierten Format miteinander, aber dieses Format ist überwiegend so gehalten, dass es noch von einem Menschen ohne besondere Debugging-Werkzeug gelesen und erzeugt werden kann.\nEines dieser Protokolle ist zum Beispiel das \u0026ldquo;simple mail transport protocol\u0026rdquo;, SMTP. Es dient der synchronen Auslieferung von Electronic Mail im Internet und wird von einer ganzen Palette von Mailtransportprogrammen direkt verstanden. Ist eine Mail zu versenden, so baut der sendende Mailer eine TCP/IP-Verbindung direkt zum Zielrechner auf. Der physikalische Weg zu diesem Rechner muss nicht direkt vorhanden sein, aber das braucht den Absender nicht zu kümmern. Die Internet-Schicht des Netzes wird einen Weg zum Zielrechner konstruieren, wenn es einen gibt. Für den Mailer sieht es so aus, als hätte er eine direkte, virtuelle Verbindung zum Zielrechner. Kommt eine Verbindung zustande, so meldet sich auf dem Zielrechner ein Hintergrundprozeß, der auf eingehende Nachrichten wartet. Zwischen den beiden Mailern läuft dann ein SMTP-Dialog ab. Da der Dialog aber in reinem ASCII und sogar relativ lesbar ist, kann man ihn bei Kenntnis des SMTP-Protokolls auch als Mensch simulieren. Im Kasten SMTP ist so eine Simulation eines SMTP-Dialoges zu sehen.\nSo wie SMTP der Zustellung persönlicher Nachrichten an einzelne Personen dient, ermöglicht das NNTP-Protokoll die Verbreitung öffentlicher Nachrichten im Internet, die USENET News. Das FTP-Protokoll dient zur Übertragung von Dateien durch das Netz, das TELNET- und das rlogin-Protokoll ermöglichen es, Sessions auf entfernten Rechnern zu fahren und wieder andere Protokolle ermöglichen die Einrichtung von Namensverzeichnissen oder die Fernabfrage der eigenen Mail.\nTCP/IP ist durch das schichtweise Design ein modularer Protokollstandard. Die einzelnen Komponenten sind in den sogenannten \u0026ldquo;Requests for Comments\u0026rdquo; (RFCs) genormt und offengelegt. Am Zustandekommen einer einzelnen SMTP-Verbindung über TCP über IP über Ethernet-Verbindung sind dann auch eine ganze Reihe dieser Normen beteiligt. Das Format der übertragenen Nachricht ist in RFC 822, \u0026ldquo;Standard for the format of ARPA Internet text messages\u0026rdquo; festgelegt. Die Nachrichten werden nach dem in RFC 821 definierten SMTP-Verfahren übertragen. SMTP bedient sich wiederum des in RFC 793 spezifizierten TCP, das auf dem in RFC 791 und RFC 792 definierten Internet Protocol aufsetzt. Wie Internet-Pakete auf einem Ethernet als Träger verschickt werden, ist wiederum in RFC 894 festgelegt, während RFC 826 die Zuordnung von Ethernet-Adressen zu IP-Adressen regelt.\nDie Universalität von TCP/IP verbirgt die Eigenheiten der unterliegenden Trägernetze vollständig. Für einen TCP/IP-Benutzer, ja sogar für den Programmierer ist es egal, auf welche Weise der Zielrechner erreicht wird, er hat eine einheitliche Sicht auf ein riesiges, weltweites, aus tausenden von Teilnetzen zusammengesetztes Netzwerk.\nSMTP SMTP Dialog zwischen tpki.toppoint.de und black.toppoint.de\nVon tpki.toppoint.de gesendete Zeichen sind fett gesetzt.\n220-black.toppoint.de Smail3.1.26.7 #3 ready at Wed, 9 Dec 92 00:08 MET 220 call +49 431 676689 for operator. helo tpki.toppoint.de 250 black.toppoint.de Hello tpki.toppoint.de mail from: kris@tpki.toppoint.de 250 \u0026lt;kris@tpki.toppoint.de\u003e ... Sender Okay rcpt to: kris@black.toppoint.de 250 \u0026lt;kris@black.toppoint.de\u003e ... Recipient Okay data 354 Enter mail, end with \".\" on a line by itself . 250 Mail accepted quit 221 black.toppoint.de closing connection ","date":"1993-04-01T00:00:00Z","href":"https://blog.koehntopp.info/1993/04/01/tcpip-technik.html","tags":["lang_de","publication","internet"],"title":"TCP/IP Technik"},{"categories":null,"content":"für c\u0026rsquo;t - Magazin für Computertechnik, Ausgabe 3/93\nTCP/IP Dienste Das größte Problem bei einem Artikel über das Internet ist es, zu definieren, was das Internet überhaupt ist. Eigentlich existiert so etwas wie \u0026ldquo;das Internet\u0026rdquo; nämlich überhaupt nicht. Das ändert natürlich nichts an der Tatsache, daß Millionen Menschen es jeden Tag benutzen. Wie erklärt sich ein solcher Widerspruch?\nAm besten, man beginnt am Anfang: Ende der Siebziger Jahre hatte das amerikanische Verteidigungsministerium bedarf an einer Technologie, die unterschiedlichsten Computersysteme an verschiedenen Orten miteinander zu vernetzen. Um die Möglichkeiten einer solchen Vernetzung auszuloten und die dazu notwendigen Technologien zu entwickeln und zu erproben, wurde im Jahre 1969 im Rahmen eines Forschungsprojektes ein experimentelles Computernetz ins Leben gerufen. Schon bald zeigte sich, daß nicht nur das Verteidigungsministerium einen Bedarf an derartiger Technik hatte.\nDas ARPANET war viel erfolgreicher als ursprünglich geplant: Nach kurzer Zeit schon begannen viele Organisationen das Netz nicht nur für experimentelle Zwecke zu nutzen, sondern verwendeten es auch für ihre tägliche Arbeit. Auch Institutionen und Firmen zeigten Interesse an der Vernetzung, die nicht direkt an der Entwicklung von Netzwerktechnologien beteiligt waren, sondern diese einfach nur benutzen wollten. Daher zog man 1975 die Konsequenz, und änderte den Status von ARPANET in den eines Produktionsnetzwerks, das von der Defense Communications Agency (heute die Defense Information Systems Agency) verwaltet wurde.\nDoch die Entwicklung des Netzes blieb damit nicht stehen. Die heute verwendeten Netzwerkprotokolle , TCP und IP, stammen im Prinzip aus den frühen achtziger Jahren. Weil das ARPANET immer stärker wuchs und zum Teil nicht zu experimenteller Arbeit, sondern immer mehr auch zu Produktionszwecken genutzt wurde, teile man es in einen Forschungsteil (ARPANET) und das MILNET auf. Zugleich stellte man das Protokoll zwischen den zentralen Netzwerkknoten auf TCP/IP um. Um den Umstieg zu erleichtern und auch Universitäten für die verwendete Technik zu interessieren, wurde eine frei verfügbare Implementation von TCP/IP für BSD UNIX in Auftrag gegeben, und damit der Grundstein zu dem gelegt, was heute als \u0026ldquo;open systems\u0026rdquo; in aller Munde ist. Die Rechnung ging auf: Schon mitte der achtziger Jahre begann die National Science Foundation in den Vereinigten Staaten mit dem Aufbau des NSFNET, einem Netz mit Verbindung zum ARPANET, aber auch zu regionalen Netzwerken auf gleicher Technologiebasis.\nHeute bezeichnet man mit dem Namen \u0026ldquo;internetwork\u0026rdquo; Netzwerke aus Teilnetzwerken der verschiedensten Technologien, die durch das darüberliegende TCP/IP zusammengebunden werden. Die weltweite Verbindung von TCP/IP-Netzwerken, die aus dem ARPANET entstanden ist, trägt jedoch den Namen \u0026ldquo;das Internet\u0026rdquo; (mit betontem \u0026ldquo;das\u0026rdquo; und großem \u0026ldquo;I\u0026rdquo;). Alle wichtigen staatlichen und wirtschaftlichen Institutionen in den USA sind mittlerweile auf die eine oder andere Weise mit dem Internet verbunden. Auch in Deutschland findet, wenn auch mit mehreren Jahren Verzögerung, eine ähnliche Entwicklung statt. So etwas wie eine einheitliche Verwaltung gibt es jedoch nicht. Das Internet Activities Board definiert das Internet selbst dann in einem seiner Informationspapiere auch als einen \u0026ldquo;lockeren, internationalen Zusammenschluss miteinander verbundener Netzwerke, das direkten Kontakt von Rechner zu Rechner durch freiwilliges Befolgen offener Protokollstandards und -prozeduren ermöglicht.\u0026rdquo; Diese Definition ist in der Tat schwammig genug, um einem Gebilde wie dem Internet gerecht zu werden.\nEin anderer Pluspunkt von TCP/IP ist eher für den Programmierer interessant: die totale Unabhängigkeit der Applikation von der darunterliegenden Netzwerkebene. Ein Programm, das in einer Internet-Umgebung läuft, muss sich nicht darum kümmern, wie es seine Datenpakete aus dem lokalen Ethernet über das Datex-P-Gateway nach Übersee und dort in das lokale Token-Ring-Netzwerk schicken kann. Das Internet-Protokoll kümmert sich darum, die Details der verschiedenen unterliegenden Netzwerke und Transportmechanismen zu verbergen. Es kümmert sich auch darum, die schnellste oder am wenigsten ausgelastete Route durch das Netz zu suchen.\nDiese Transparenz wird vom Protokoll auch an die darüberliegenden Anwendungen und letztendlich an den Benutzer weitergegeben. Für einen Benutzer einer Anwendung im Internet ist es vom Aufwand her kein Unterschied, ob er seine Daten von einer lokalen Platte, aus dem inhouse-Netzwerk, von einem Server irgendwo in Deutschland oder gar in Taiwan oder den USA bekommt. Allein an der Übertragungsgeschwindigkeit könnte man einen Unterschied feststellen. Leider birgt diese Transparenz gelegentlich Probleme in sich: Für den Benutzer ist es gleich schwierig, einen Dienst über Transatlantik-Leitungen zu benutzen wie einen Dienst im lokalen Ethernet. Es könnte sogar sein, daß sich ein guter Teil der Netzwerk-Benutzer gar nicht darum kümmert, woher genau die Daten jetzt kommen und wie viel Technik dafür in Bewegung gesetzt werden muss. In Folge kommt es zu den Stoßzeiten auf überregionalen Leitungen mehr oder weniger stark zu Kapazitätsproblemen.\nReichhaltiges Angebot Das Internet stellt seinen Benutzern auf der Basis von TCP/IP als Transportprotokoll eine Vielzahl von Dienstleistungen zur Verfügung. Diese Dienste sind normalerweise auf der Basis eines weiteren Protokolles realisiert, das wiederum auf TCP/IP aufsetzt (vgl. Internet Technik Artikel ).\nDer erste Dienst, den man als Benutzer im Internet kennenlernt, ist wahrscheinlich electronic mail. Mail erlaubt es, Textnachrichten und neuerdings auch multimediale Dokumente an andere Benutzer im Netz zu verschicken. Die Zustellung der Mail erfolgt, indem der eigene Rechner nach dem Abschicken der Mail eine Verbindung zum Zielrechner aufbaut und die Mail dort online und direkt einliefert. Bei einer schnellen Netzverbindung ist die Mail praktisch Sekunden nach dem Drücken der Returntaste beim Empfänger.\nViele bekannte Firmen sind im Netz durch Mitarbeiter oder sogar mit einer Supportadresse vertreten. Darunter sind so illustre Namen wie Motorola, Intel, AT\u0026amp;T, Microsoft, Borland, Seagate, Prime, NeXT, SUN, DEC, IBM, HP, Commodore, Atari und viele andere mehr, darunter auch zahllose kleinere Firmen. Auch sind fast alle Universitäten in den meisten Ländern direkt zu erreichen. Wer Freunde oder Bekannte hat, die als Austauschstudent an einer ausländischen Universität sind, der wird electronic mail als schnelles und billiges Briefmedium schätzen lernen. Für den Studenten taugt Mail auch, um sich mit den Autoren von Seminarpapieren kurzzuschließen und zusätzliches Material für den Vortrag zu bekommen oder um Fragen zu stellen.\nWer die Mailgrößen und die Zustellgeschwindigkeiten von Mailboxnetzen gewohnt ist, wird im Internet allerdings umdenken müssen. Internet ist in der Lage, in kurzer Zeit große Datenmengen zu bewegen und dementsprechend wird dieser Dienst auch genutzt. Es kann einem leicht passieren, daß man auf eine Anfrage, ob diese oder jene Datei vorhanden sei, kein \u0026ldquo;Ja\u0026rdquo;, sondern kurzerhand die Quelle zugestellt bekommt.\nMit Mail ist es möglich, private Nachrichten an Personen zu verschicken. Auf dem Internet gibt es einen anderen Dienst, News, der es erlaubt öffentliche Nachrichten an Sachgruppen, sogenannte Newsgroups, zu adressieren. Eine Newsgroup ist gewissermaßen ein öffentliches Diskussionsforum, das einem bestimmten Thema gewidmet ist. Insgesamt gibt es weit über 2500 verschiedene Newsgroups mit einem Themenspektrum, das von Computerthemen über Wissenschaft, Hobby, politischer Diskussion bis hin zu bloßem Jux reicht. Typische Laufzeiten von Nachrichten in einer Newsgroup liegen dabei in der Gegend von 6 bis 10 Stunden. In dieser Zeit ist der eigene Text einmal rund um die Erde verteilt worden und viele tausendmal kopiert worden.\nMit einer Nachricht in einer Newsgroup erreicht man schnell ein großes Publikum. Selbst bei exotischen Problemen oder Fragestellungen ist es wahrscheinlich, innerhalb eines Tages Personen zu finden, die ein ähnliches Problem auch schon einmal gehabt haben und einem möglicherweise weiter helfen können. Gerade für jemanden, der sich mit Softwareentwicklung befasst, sind die News eine wichtige Quelle für Informationen, praktische Erfahrungsberichte und Support, die beim Hersteller oft nur schwer zu bekommen sind.\nViele nützliche PD-Programme konnten nur deswegen entstehen, weil Programmierer in den entferntesten Gegenden der Erde per News und Mail Quellen und Fehlerreports austauschen können und so trotz der großen Entfernungen eng zusammenarbeiten können. Die public domain UNIX-Versionen Linux und 386BSD sind nach Megabytes gemessen die größten Produkte einer solchen Zusammenarbeit, aber auch viele andere Werkzeuge für den täglichen Einsatz sind auf diese Weise entstanden. Allen voran stehen die Programme, die man zur effizienten Nutzung von News und Mail benötigt: Programmpakete zum Lesen, Schreiben, Verschicken und Archivieren von News und Mail.\nDie neuesten Versionen dieser Programmpakete finden sich in Archiven, die per anonymous FTP zugänglich sind. FTP steht für \u0026ldquo;File Transfer Protocol\u0026rdquo; und ist zugleich der Name eines Übertragungsprotokolls als auch der Name der Anwendung, die dieses Protokoll benutzt, um per Internet Dateien zu übertragen. Viele Institutionen, die einen schnellen Internet-Anschluss haben und ein wenig Plattenplatz erübrigen können, richten Bereiche ein, in denen man auch ohne Passwort per FTP Programme ablegen oder abholen kann. Teilweise sind diese Rechner so konfiguriert, daß sie ihre Datenbestände untereinander automatisch abgleichen, ihre Platten also gegenseitig spiegeln. Auf diese Weise erübrigt sich für den Benutzer das Horten von Quelltexten auf der eigenen Platte: Wenn man ein Programmpaket benötigt, um es zu installieren oder mit den Quellen zu arbeiten, wird man sowieso nicht das private Archiv mit der veralteten Version aufsuchen, sondern sich per FTP eine aktuelle Version desselben Paketes holen.\nDas Hauptproblem dabei ist es lediglich, einen Server zu lokalisieren, der die gewünschten Daten auch anbietet. Dafür gibt es im Netz öffentlich zugängliche Datenbanken, die einen Index über dreistellige Gigabytemengen auf Software enthalten, die Archies. Ein Archie ist eine Datenbank, die typischerweise im Tages- oder Wochenrhytmus die kompletten Inhaltsverzeichnisse einiger hundert FTP-Server abfragt und zu einem Gesamtindex verarbeitet. Man kann den Archie nach Namen oder Beschreibungen von Programmpaketen suchen lassen und erhält eine Liste aller Quellen für das gesuchte Programmpaket, die dem Archie bekannt sind. Dazu kann man sich direkt auf dem Archie einloggen und einer simplen Abfragesprache bedienen. Richtig bequem wird so eine Abfrage aber erst mit einem Abfrageprogramm wie xarchie (für XWindows), das man mit der Maus bedienen kann. Die Beschaffung eines bestimmten Programmpaketes beschränkt sich dann auf die Eingabe des Paketnamens und das Anklicken der Knöpfe \u0026ldquo;Query\u0026rdquo; und (nach Auswahl des gewünschten Servers) \u0026ldquo;FTP\u0026rdquo;.\nEs gibt im Internet noch weitere frei zugängliche Datenbanken. Da es jedoch keine zentrale Administration des Netzwerks gibt, ist es hier etwas schwierig einen Überblick zu bekommen. Es ist zum Beispiel bekannt, daß sehr viele Bibliotheken in den USA einen Zugang ins Internet haben und ihre Kataloge als Datenbank öffentlich zugänglich machen. Aber auch andere Institutionen bieten Datenbanken zur freien Abfrage an. Man erreicht diese Datenbanken per TELNET, einem TCP/IP-Dienst, der es einem erlaubt, sich auf einem entfernten Rechner einzuloggen. Per FTP sind Texte erhältlich, die den Versuch einer Katalogisierung solcher Dienste darstellen und die Netzadressen, Logins und Passwörter enthalten, die man benötigt, um arbeiten zu können. Der nächste logische Schritt sind Datenbankabfrageprogramme, die eine Anfrage nehmen und sie allen Datenbanken stellen, die ihnen bekannt sind. Solche Dienste sind WAIS (Wide Area information Service) und gopher.\nWie man sich anschließt Man kann auf zwei Wegen an einen Internet-Zugang kommen. Die eine Methode ist es, sich einen Systembetreiber zu suchen, dessen Rechner am Internet angeschlossen ist und der einem die Benutzung seines Rechners erlaubt. Man kann sich dann auf diesem Rechner einloggen und die Internet-Dienste dieses Rechners online nutzen. Die andere Methode wäre, auf dem eigenen Rechner zu arbeiten und nur die eigenen IP-Pakete an einen Internet-Rechner weiter zu routen, etwa über ein Modem und SL/IP (Serial Line Internet Protocol). Die meisten Internet-Anbieter lassen einem die Auswahl zwischen beiden Methoden des Anschlusses.\nEin Anschluss ans Internet ist derzeit jedoch eine teure Sache, falls man nicht gerade Student an einer Universität mit freiem Zugang zum Internet ist. Wer immer Internet anbietet, der muss eine Standleitung oder etwas mit ähnlicher Charateristik unterhalten. Dabei kann es sich um eine Datex-P, ISDN- oder Modem-Strecke handeln. Der Betreiber dieser Strecke wird natürlich versuchen, seine Kosten auf die Nutzer umzulegen. Im Endeffekt liegen die Kosten für vernünftig nutzbaren Internet-Anschluss derzeit bei etwa 50 DM/Monat mit starken geografischen Abweichungen.\nIn Deutschland gibt es drei verschiedene Anbieter, die Internet-Dienste verkaufen können. Diese sogenannten Provider sind jedoch nur für kommerzielle Kunden und Institutionen interessant. Es handelt sich um EuNet Germany GmbH in Dortmund, XLINK in Karlsruhe und den DFN Verein. Für Privatpersonen ist eher der Individual Network e.V. (\u0026ldquo;das IN\u0026rdquo;) interessant. Dieser Verein hat bei zweien dieser drei Anbieter das Recht gekauft, deren Internet-Leitungen zu benutzen und dieses Recht an seine Mitglieder weiterzugeben. Auf diese Weise kann das IN seinen Mitgliedern einen günstigen Zugang ins Internet verschaffen, wenn diese die dazu notwendig Infrastruktur vor Ort organisieren können.\nWenn man sich in der Nähe eines solchen Zugangspunktes wohnt, also etwa in Kiel, Hamburg, Berlin, Oldenburg, im Ruhrgebiet, in Frankfurt oder in München, dann genügt es, sich an den entsprechenden Anbieter zu wenden (siehe Kasten\u0026quot;Adressen\u0026quot;). Ansonsten wird man sich überlegen müssen, ob man einen Anschlußpunkt in der Nähe finden kann oder wie man die Entfernung zum nächsten Anschlußpunkt überbrücken kann.\nInformationsquellen Um Neueinsteigern ins Internet bei der Orientierung zu helfen und einen Überblick über die verfügbaren Informationen und Dienste zu geben, hat man eine Reihe von RFCs mit Einsteigerinformationen zusammengestellt. Diese RFCs sind in einer gesonderten Reihe als \u0026ldquo;For your information\u0026rdquo; oder kurz FYI-Texte zusammengefasst worden. Von besonderem Interesse sind FYI 4, der sich mit häufig gestellten Fragen von Internet-Neulingen beschäftigt, FYI 8, der sich mit der Sicherheit einer Internet-Installation befasst und FYI 10, der einen Überblick über im Internet verfügbare Dienste gibt.\nLiteratur \u0026ldquo;Internetworking with TCP/IP; Principles, Protocols, and Architecture\u0026rdquo;, by Douglas Comer, Prentice Hall, ISBN 0-13-470154-2. \u0026ldquo;The Matrix; Computer Networks and Conferencing Systems Worldwide\u0026rdquo;, by John S. Quarterman, Digital Press, ISBN 0-13-565607-9. \u0026ldquo;!%@:: A Directory of Electronic Mail Addressing and Networks\u0026rdquo;, by Donnalyn Frey and Rick Adams, O\u0026rsquo;Reilly \u0026amp; Associates, Inc., ISBN 0-937175-39-0. \u0026ldquo;The User\u0026rsquo;s Directory of Computer Networks\u0026rdquo;, Edited by Tracy L. LaQuey, Digital Press, ISBN 0-13-950262-9. \u0026ldquo;Where to Start - A Bibliography of General Internetworking Information\u0026rdquo;, by Bowers, K., T. LaQuey, J. Reynolds, K. Roubicek, M. Stahl, and A. Yuan, RFC 1175, FYI 3, CNRI, U Texas, ISI, BBN, SRI, Mitre, August 1990. \u0026ldquo;The Hitchhikers Guide to the Internet\u0026rdquo;, by Krol, E., RFC 1118, University of Illinois Urbana, September 1989. \u0026ldquo;IAB Official Protocol Standards\u0026rdquo;, (currently, RFC 1280). RFC Ein \u0026ldquo;Request for Comments\u0026rdquo;, kurz RFC,\nist ein Papier, das sich in irgendeiner Form mit im Internet verwendeten Verfahren beschäftigt. Es kann sich dabei um eine Anmerkung zu bestehenden Verfahren, einen Verbesserungsvorschlag oder den Vorschlag zu einem neuen Verfahren handeln. Jeder, der am Internet interessiert ist, kann einen solchen RFC beim RFC Editor einreichen. Derzeit ist der RFC Editor Jon Postel, der unter der Internet-Adresse RFC-EDITOR@ISI.EDU zu erreichen ist. Wie eine Einsendung an den RFC-Editor auszusehen hat, um ihm die Arbeit zu vereinfachen ist auch in einem RFC (RFC 1111 ) beschrieben.\nEin solches Papier kann den Status \u0026ldquo;zur Information\u0026rdquo; erhalten, wenn es sich nur um eine Anmerkung handelt. Enthält der RFC eine Spezifikation, die einmal ein Standard werden soll, so kann das Internet Activities Board (IAB) das Papier prüfen und zum \u0026ldquo;proposed standard\u0026rdquo; erklären. So eine Spezifikation soll dann die Grundlage für zu entwickelnde Programmpakete sein, d.h. es braucht noch keine funktionierende Implementation des Standards zu geben.\nSobald es Erfahrungen mit dem neuen Vorschlag gibt, frühestens aber nach einem halben Jahr, kann die Spezifikation zum \u0026ldquo;draft standard\u0026rdquo; werden. Dazu muss es mindestens zwei Implementationen geben, die unabhängig voneinander aus der Spezifikation entwickelt worden sind und die trotzdem zusammenarbeiten können. An einem \u0026ldquo;draft standard\u0026rdquo; wird nichts Wesentliches mehr geändert; Modifikationen dienen nur noch der Ausbesserung von Fehlern und Ungenauigkeiten.\nSchließlich wird die Spezifikation nach angemessener Zeit zum \u0026ldquo;standard\u0026rdquo; befördert und ist damit ein fester Teil der Internet-Spezifikationen. RFC 1280 gibt eine Übersicht über den Standardisierungsprozeß und nennt den Status der verschiedenen Dokumente.\nNicht alle Standards im Internet müssen von allen Programmpaketen unterstützt werden. Die RFCs unterscheiden zwischen Fähigkeiten, die alle beteiligten Programme unterstützen müssen (required), zwischen Optionen, die alle unterstützen sollten (recommended) und zusätzlichen Features, die wirklich optional sind (elective).\nUm in der Entwicklung der Standards im Internet auf dem Laufenden zu bleiben, kann man die neu erscheinenden RFCs abonnieren. Dazu sendet man eine E-Mail an RFC-REQUEST@NIC.DDN.MIL , die die eigene Netzadresse enthält. Diese Adresse wird dann in einen Verteiler übernommen und fortan bekommt man alle neuen RFCs per E-Mail zugestellt. Vorausgegangene RFCs sind in verschiedenen Archiven zu bekommen. Eine Liste dieser Archive und eine Anleitung, wie man die betreffenden Dokumente bekommen kann, kann per FTP als isi.edu:/in-notes/rfc-retrieval.txt bezogen werden. Alternativ kann man auch eine E-Mail an rfc-info@isi.edu senden, die als Nachrichtentext nur die eine Zeile \u0026ldquo;help: ways_to_get_rfcs\u0026rdquo; (ohne die Anführungszeichen) enthält. Die RFCs bis Nummer 1357 sind außerdem auf der Desktop Library CD von Walnut Creek enthalten.\n","date":"1993-03-01T00:00:00Z","href":"https://blog.koehntopp.info/1993/03/01/tcpip-dienste.html","tags":["lang_de","publication","internet"],"title":"TCP/IP Dienste"},{"categories":null,"content":"Abgeschickt an die c\u0026rsquo;t am 17. März 1992.\nAus technischen Gründen stehen die Abbildungen zu diesem Artikel nicht im Web zur Verfügung.\nText des Artikels Glossar Betrübssysteme Jeder hat eines, angeblich kennt sich kaum einer wirklich damit aus und natürlich ist meines besser als Deines. Die Rede ist von Betriebssystemen. Das Betriebssystem ist das Grundprogramm eines Rechners. Es wird beim Einschalten des Rechners gestartet und erst beim Abschalten wieder beendet. Entsprechend seiner Funktion als Zwischenstück zwischen der realen Welt der konkreten Hardware und der abstrakten Welt der Algorithmen ist seine Aufgabe eine doppelte: Für alle Benutzer eines Rechners teilt es die Rechenleistung, den Speicher und die Geräte der Maschine fair zwischen ihnen auf. Es verhindert, so ist zumindest die Theorie, ungewollte Beeinflussung der verschiedenen Programme auf einem Rechner untereinander. Für ein einzelnes Programm ist das Betriebssystem mehr wie eine große Befehlsbibliothek, die die doch recht sparsame Maschinensprache eines Rechners um so wirksame Funktionen wie \u0026ldquo;mehr Speicher zur Verfügung stellen\u0026rdquo;, \u0026ldquo;Satz aus einer Datei lesen\u0026rdquo; oder gar \u0026ldquo;diesen Bildschirmaufbau präsentieren und Ergebnis der Benutzeraktion hier abliefern\u0026rdquo; erweitert.\nMit gespaltener Zunge Diese doppelte Aufgabenstruktur des Aufteilens und Multiplexens von knappen Betriebsmitteln auf der einen Seite und des Verbergens von lästigen Details aus der realen Welt vor den Anwendungen auf der anderen Seite bestimmt die Struktur eines Betriebssystems. Die Betriebsmittel, die ein Betriebssystem verwaltet, lassen sich grob in drei Gruppen unterteilen:\nZum ersten ist da - aus der Hardwaresicht - der Prozessor. Er ist die einzig aktive Komponente des Systems und zudem in den meisten Fällen leider nur einmal vorhanden. Aus der abstrakteren Sicht der Software erscheint er als Thread (\u0026ldquo;Kontrollfluß\u0026rdquo;) eines Programmes. Ein gutes Betriebssystem wird die kostbare - weil seltene - Prozessorhardware multiplexen, um mehr als einen Kontrollfluß zur Zeit ablaufen zu lassen. Zum zweiten gibt es den Arbeitsspeicher. Damit der Prozess ablaufen kann, müssen er selbst und seine Daten irgendwo gespeichert werden. Realer Speicher in Form von RAM hat irgendwelche Adressen und ist nicht notwendigerweise mit den von der Anwendung benötigten Eigenschaften (\u0026ldquo;an einem Stück\u0026rdquo;, \u0026ldquo;an einer bestimmten Stelle\u0026rdquo;) vorhanden.\nEs ist Aufgabe des Betriebssystems, mit Unterstützung einer MMU diese Anforderungen zu erfüllen. Andererseits muß aber verhindert werden, daß ein Prozess mehr als den ihm zugesicherten Speicher benutzt und dadurch eventuell andere Prozesse in ihrem Ablauf stört. Das Betriebssystem muß die images (\u0026ldquo;Laufzeitbilder\u0026rdquo;) verschiedener Programme verwalten. Und zum dritten sind auch noch Ein/Ausgabegeräte verschiedenster Art zu verwalten. Einige dieser Geräte, zum Beispiel Drucker oder Bandlaufwerke, sind nur von einem Prozess zur Zeit nutzbar. In diesem Fall muß das Betriebssystem den Zugriff auf diese Geräte zuteilen - etwa über einen Druckerspooler oder durch Locks. Andere Geräte, Festplatten beispielsweise, können aufgeteilt werden. Hier muß das Betriebssystem einen entsprechenden Dienst zur Verfügung stellen - im Beispiel wäre dies ein Dateisystem. Ein Betriebssystem stellt dem Anwendungsprogramm, wie bereits festgestellt, verschiedene Dienste zur Verfügung. Allerdings gibt es verschiedene Konzepte bei den Betriebssystem-Herstellern, wie diese Dienste in Anspruch zu nehmen sind.\nMessage passing Ältere Betriebssysteme wie MS-DOS, aber auch UNIX und OS/2, stellen Dienste des Systems per Prozeduraufruf zur Verfügung. Ob der Funktionsaufruf dabei durch einen Unterprogrammaufruf wie bei OS/2 oder durch einen Software-Interrupt wie bei MS-DOS und UNIX erfolgt, ist dabei zunächst nebensächlich. Wesentlich ist, daß der Kontrollfluß des Prozesses auf das Betriebssystem über geht. Diese Art des Dienstaufrufes hat aber einige Eigenschaften, die auf den ersten Blick als selbstverständlich, auf den zweiten Blick aber eher als unerwünscht gelten können:\nEin solcher Unterprogrammaufruf ist immer synchron: Das eigene Programm wartet solange, bis der Betriebssystemaufruf beendet ist. Bei einigen Systemaufrufen, die mit Ein-/Ausgabefunktionen zu tun haben, könnte es aber vorteilhaft sein, daß das eigene Programm zwar den Wunsch nach bestimmten Daten absetzt, aber dann erst einmal selbst weiterläuft und später nachsieht, ob die Daten denn jetzt zur Verfügung stehen. Durch einen Unterprogrammaufruf wird außerdem stillschweigend vorausgesetzt, daß das Betriebssystem den Dienst auf derselben CPU wie die Anwendung erbringt. Eine Funktion \u0026ldquo;Fourieranalyse der Daten in diesem Puffer\u0026rdquo; unter Benutzung der wesentlich schnelleren Hardware eines Signalprozessors ist auf diese Weise nicht mit Unterstützung des Betriebssystems möglich - der Anwendungsprogrammierer muß das selbst hinbasteln. Wenn der Dienstaufruf dann auch noch durch einen gewöhnlichen Unterprogrammaufruf geschieht, ist es einer Anwendung möglich, außer den definierten Betriebssystemfunktionen auch noch andere, nicht dokumentierte Funktionen aufzurufen, in dem nicht zugelassene Sprungadressen benutzt werden. Es soll sogar Systeme geben, auf denen dies die gängige Praxis ist. Der Systemsicherheit und der späteren Erweiterbarkeit ist eine so etwas natürlich nicht dienlich. Moderne Betriebssystemarchitekturen, allen voran Mach auf dem NeXT, aber auch Tanenbaums Amoeba oder Plan9 von AT\u0026amp;T, sind deswegen nach dem Client-Server Modell aufgebaut: Die Dienste des Systems stehen dabei an Serverprozessen zur Verfügung. Der Aufrufer sendet dem Server eine Nachricht (request-message), die von diesem ausgewertet wird. Das Resultat wird dem Absender in einer Antwortnachricht (reply-message) zugestellt.\nDer Server ist dabei kein Teil des Betriebssystems selbst, sondern ein normaler Prozess, der möglicherweise einige zusätzliche Privilegien gegenüber gewöhnlichen Anwendungen hat. Dazu gehört etwa die Zugriffsmöglichkeit auf einige Hardwareregister. Das eigentliche Betriebssystem ist dann auf die allerwesentlichsten Funktionen reduziert: Es verwaltet lediglich die Umschaltung zwischen den verschiedenen Prozessen, den lokalen Speicher des Systems und natürlich den Versand der Messages. Alle anderen Dienste werden durch leicht austauschbare Serverprozesse realisiert.\nDieses Modell des Dienstaufrufes hat nicht die Nachteile des Unterprogrammaufrufes: Die Dienstleistungen des Systems können asynchron in Anspruch genommen werden, indem die Anwendung beispielsweise eine Nachricht mit einem Lesekommando an den Fileserver sendet, dann aber weiterarbeitet. Später, wenn die Daten benötigt werden, sieht die Anwendung nach, ob die Antwort des Servers schon vorliegt. Wenn ja, kann ohne Pause weitergearbeitet werden, ansonsten muß die Anwendung (wie beim Dienstaufruf durch Sprung in ein Unterprogramm auch) warten.\nFür die Anwendung ist es egal, ob der angeforderte Dienst lokal auf der eigenen CPU vorhanden ist oder ob ein Server über ein Netz auf einem anderen Rechner läuft. Die Netzadresse mag sich ändern, aber der Aufrufmechanismus bleibt derselbe. Unterschiedliche Datenformate, Maschinensprachen oder Aufrufkonventionen werden durch den Message-Mechanismus verborgen.\nAuch kann das Verhalten den Servers, der ja von seinem Client vollständig getrennt ist, genau durch seine Reaktion auf die verschiedenen Kommandonachrichten beschrieben werden. Für den Client ist der Server auf jeden Fall eine Black Box. Unsaubere Gemeinheiten wie das heimliche Auslesen von undokumentierten Variablen oder der Sprung in interne Funktionen, die eine Anwendung eigentlich nicht kennen geschweige denn aufrufen sollte, sind nicht mehr machbar, denn der Server läuft in einem vom Client vollständig getrennten Adreßraum oder sogar auf einer ganz anderen Maschine in einem Netz.\nRechenleistung verteilen Wie oben erwähnt gibt es Systemzustände, in denen der Rechner ein Programm nicht fortsetzen kann, weil es auf irgendwelche Ereignisse (das Eintreffen von Daten von einem Gerät, das Erreichen einer bestimmten Zeit etc.) wartet. Offenbar reicht ein einzelnes Programm nicht aus, einen Prozessor durchgehend zu beschäftigen. Bei genauerer Untersuchung stellt sich sogar heraus, daß die meisten Programme mehr als 90 % ihrer realen Laufzeit in derartigen Wartezuständen zubringen.\nAus dieser Beobachtung heraus ist das Konzept des Multitasking geboren worden. In regelmäßigen Zeitabständen wird das laufende Programm unterbrochen, sein augenblicklicher Zustand wird eingefroren. Der Scheduler des Betriebssystems wählt dann einen anderen Prozess aus, dessen Zustand aufgetaut wird und der dann für die Dauer der nächsten Zeitscheibe zum Ablauf kommt. Ein Scheduler, der mit Zeitscheiben arbeitet, heißt \u0026ldquo;preemptive\u0026rdquo;.\nViele Betriebssysteme, die nachträglich auf Multitasking nachgerüstet worden sind, haben keinen solchen Scheduler, sondern sind darauf angewiesen daß ein Task den Prozessor freiwillig hergibt. Das kann ausdrücklich durch den Aufruf einer schedule()-Funktion in regelmäßigen Abständen geschehen oder versteckt, indem man im Betriebssystem am Ende jeder Systemfunktion einen Aufruf des Schedulers vor dem Verlassen des Betriebssystems einsetzt. Eine solche Form von Multitasking nennt man \u0026ldquo;kooperativ\u0026rdquo; oder \u0026ldquo;non-preemptive\u0026rdquo;. Bei einem System mit kooperativem Multitasking kann die Umschaltung für den Benutzer aber leicht schwerfällig wirken, wenn rechenintensive Anwendungen laufen, die selten Systemaufrufe tätigen.\nEiner der schwersten Fehler, den ein Programmierer auf einem Rechner mit Multitasking-Betriebssystem machen kann, ist es, in einer aktiven Warteschleife auf das Eintreffen eines Ereignisses zu warten (\u0026ldquo;busy waiting\u0026rdquo;). Die Effektivität von Multitasking beruht ja gerade darauf, daß Prozesse, die gerade keine echte Arbeit zu tun haben, stillgelegt werden und vom Betriebssystem erst dann wieder Rechenzeit zugeteilt bekommen, wenn sie etwas damit anfangen können.\nDeswegen ist es fast unmöglich, ein Betriebssystem wie beispielsweise MS-DOS nachträglich multitaskingfähig zu machen oder in einer Multitaskingumgebung (z.B. eine DOS-Box in UNIX oder OS/2) zu betreiben. Nahezu jedes Programm, angefangen vom Kommandointerpreter der Shell, \u0026ldquo;verbrät\u0026rdquo; die ihm zugeteilte Rechenzeit vollständig in Zeicheneinleseroutinen und anderen engen Warteschleifen, anstatt diese anderen Programmen zur Verfügung zu stellen. MS-DOS Prozesse sind gewissermaßen immer im Zustand \u0026ldquo;ready\u0026rdquo;. Wenn man einem solchen System nachträglich eine Multitaskingerweiterung überstülpt, fehlt diesem System notgedrungen der Zustand \u0026ldquo;sleeping\u0026rdquo;, und jeder laufende Prozess erhält genau 1/ntel der Gesamtleistung der CPU - selbst dann, wenn er eigentlich gar nichts damit anfangen könnte.\nNach welcher Strategie die schedule()-Funktion letztendlich bestimmt, welcher Prozess aus der \u0026ldquo;ready\u0026rdquo;-Queue in den Zustand \u0026ldquo;running\u0026rdquo; gehen darf und damit auf die CPU gelangen kann, hängt stark von den gewünschten Eigenschaften des Systems ab. Der einfachste Zuteilungsalgorithmus ist das \u0026ldquo;round-robin\u0026rdquo;-Verfahren. Dabei wird die zur Verfügung stehende CPU-Zeit gleichmäßig zwischen allen Prozessen aufgeteilt, die sich darum bewerben. Alle diese Prozesse kommen reihum auf die CPU - daher der Name.\nOft wird dieses Verfahren noch so erweitert, daß man Prozesse unterschiedlicher Priorität unterscheidet. Der Scheduler von AmigaOS, aber auch der von VAX/VMS, ist ein Round-Robin Scheduler mit Prioritäten. Das bedeutet: Der Ringtausch der Prozesse auf der CPU funktioniert innerhalb der höchsten vorhandenen Prioritätsebene. Erst wenn alle Prozesse einer höheren Prioritätsebene aus der Ready-Queue entfernt sind, etwa weil sie terminiert sind oder weil sie auf ein Ereignis warten und deswegen stillgelegt sind, kommen Prozesse mit niederen Prioritäten auf die CPU.\nAndererseits kann ein CPU-intensiver Prozess mit einer hohen Priorität den Rest des Systems recht schwerfällig machen oder gar blockieren. Gelegentlich (bei Echtzeitanwendungen zum Beispiel) ist dieser Effekt erwünscht: Man geht davon aus, daß ein Prozess mit einer hohen Priorität die Rechenzeit, die er beansprucht, auch unbedingt und gerade zu diesem Zeitpunkt benötigt. Im allgemeinen Fall allerdings möchte man eine Lösung haben, die auch dann noch eine gewisse Fairness gewährleistet, wenn ein Programm böswillig Rechenzeit schluckt. In UNIX zum Beispiel sind die Prioritäten von Prozessen nicht fest, sondern hängen davon ab, wie lange der Prozess schon in der Warteschlange steht und wie CPU-intensiv er ist.\nProzesse, die frühzeitig die CPU verlassen (etwa weil sie viel I/O machen und deswegen häufig im Zustand \u0026ldquo;sleeping\u0026rdquo; sind) bekommen ihre Restzeit als Bonus für die nächste Zeitscheibe gutgeschrieben, der in die Berechnung der Priorität eingeht. Dadurch bekommen solche Prozesse automatisch eine bessere Priorität als solche, die die Zeitscheiben immer voll ausnutzen.\nProzesse, die lange in der Ready-Queue gestanden haben (weil sie eine schlechte Priorität haben), werden temporär aufgewertet, damit sie auch eine Chance haben, einmal zum Ablauf zu kommen (priority aging).\nSynchronisation Eines der zentralen Probleme in einem System, in dem mehr als ein Programm zur Zeit aktiv sein kann, ist die Synchronisation von Prozessen bzw. der gegenseitige Ausschluß von Prozessen, die auf einen gemeinsamen Datenbereich zugreifen. Gemeinhin löst man in der Information ein solches Problem mit Semaphoren: Man definiert sich ein Flag, das anzeigt, ob ein Datenbereich zur Zeit \u0026ldquo;frei\u0026rdquo; oder \u0026ldquo;in Bearbeitung\u0026rdquo; ist, und zwei Operationen zum Setzen bzw. Löschen dieses Flags. Der Punkt ist, daß diese Operationen atomar sein müssen, das heißt, die Semaphor-Setzfunktion und die Löschfunktion dürfen auf keinen Fall unterbrochen werden.\nAuf Rechnern mit nur einem Prozessor läßt sich dieses Problem recht leicht dadurch lösen, daß man in diesen beiden Funktionen kurze Zeit sämtliche Unterbrechungen verbietet und die gewünschte Operation durchführt. Auf Mehrprozessorsystemen nützt dies natürlich nichts mehr, denn während der eine Prozessor den Semaphor bearbeitet, kann ein anderes Programm auf einem anderen Prozessor dasselbe tun. Hier ist das Betriebssystem auf die Unterstützung der Hardware angewiesen, die nicht unterbrechbare Semaphor-Operationen schon als Prozessorbefehl anbieten muß. Prozessoren wie der 680x0 und der 80x86 haben solche Operationen bereits eingebaut: Der TAS-Befehl des 680x0 führt zum Beispiel eine solche Semaphor-Operation in einem nicht unterbrechbaren Read-Modify-Write-Zyklus aus, und der 80x86 kennt das LOCK-Prefix für eine ganze Reihe von Befehlen, die dann ebenfalls nicht unterbrechbar werden.\nSpeicher auf Kredit Eine andere nützliche Sache, die einen sicheren Multitasking-Betrieb unterstützt, ist in den neueren Prozessoren der verschiedenen Hersteller ebenfalls gleich mit eingebaut: Alle diese Geräte haben eine PMMU, das bedeutet, sie sind in der Lage, physikalisch vorhandenes RAM an jeder beliebigen Stelle des Adreßraumes der CPU einzublenden und die Speicherzugriffe eines jeden Programmes genau zu kontrollieren.\nAuf diese Weise läßt sich ein Prozess in seinem eigenen Speicher einzäunen. Zwar erlaubt man ihm, auf den eigenen vom System angeforderten Speicher zuzugreifen, doch sobald versucht wird, auf andere, nicht erlaubte Speicherbereiche zuzugreifen, wird der Prozess unterbrochen und das Betriebssystem übernimmt die Kontrolle (\u0026ldquo;memory protection\u0026rdquo;, \u0026ldquo;Speicherschutz\u0026rdquo;). Es kann den problematischen Prozess stillegen und ein Image seines Zustandes zur späteren Fehlersuche auf Platte ablegen. Auf diese Weise verhindert man zwar nicht, daß ein fehlerhaftes Programm abstürzt, aber immerhin wird sichergestellt, daß keine anderen Programme in Mitleidenschaft gezogen werden.\nDie MMU-Hardware kann man auch dazu benutzen, dem Programm mehr RAM vorzuspiegeln, als tatsächlich in der verwendeten Maschine vorhanden ist (\u0026ldquo;virtual memory\u0026rdquo;). Die meisten Programme brauchen nicht alle ihre Daten und ihren gesamten Code zur gleichen Zeit, sondern sind oft nur in einem kleinen, eng begrenzten Speicherbereich (dem \u0026ldquo;working set\u0026rdquo;) aktiv. Je nach Benutzung des Programmes verschiebt sich dieser Bereich von Zeit zu Zeit, aber im Prinzip würde ein kleiner Speicherbereich ausreichen, um das ganze Programm ablaufen zu lassen.\nBetriebssysteme wie UNIX unterteilen deswegen den gesamten Speicher der Maschine in Seiten fester Größe - bei einer 80386 CPU zum Beispiel werden durch die Hardware Pages von 4 KB Größe vorgegeben. Nicht alle Speicherseiten eines Prozesses sind gleichzeitig im RAM, sondern Teile davon befinden sich in der \u0026ldquo;paging area\u0026rdquo;, einem abgeteilten Bereich einer Festplatte. Wenn ein Prozess versucht, eine Speicherseite anzusprechen, die gerade nicht präsent ist, generiert die MMU wieder eine Unterbrechung (\u0026ldquo;page fault\u0026rdquo;) und läßt das Betriebssystem zum Zuge kommen. Dieses sucht jetzt eine andere Speicherseite, die möglichst lange nicht benutzt worden ist, speichert diese in der Paging Area zwischen, adressiert sie um und stellt sie dann dem unterbrochenen Prozess an der richtigen Adresse und mit dem richtigen Inhalt, der inzwischen von der Platte geladen wurde, zur Verfügung. Dieser wird nach der kurzen Unterbrechung dann fortgesetzt.\nWenn genug Speicher vorhanden ist, um die aktiven Teile der verschiedenen lauffähigen Prozesse gleichzeitig im Speicher zu halten, fallen die kurzen Unterbrechungen beim Paging nicht weiter ins Gewicht. Wenn der Rechner jedoch überlastet wird und für die Anzahl der gleichzeitig laufenden Prozesse zu wenig Speicher hat, fängt er an, auch Teile von Prozessen auf Platte auszulagern, die gleich wieder geladen werden müssen. Die Rechenleistung der Maschine fällt plötzlich um einige Zehnerpotenzen, und die Antwortzeiten auf ein simples Return an der Console liegen auf einmal im Minutenbereich. Man bezeichnet diesen Vorgang als \u0026ldquo;treshing\u0026rdquo; (dreschen), und die Abhilfe bei diesem Problem ist simpel: Man lege einige Megabytes RAM nach.\nKonsequent weiter gedacht Wenn ein neuer Prozess gestartet wird, muß er zunächst einmal in den Speicher geladen werden. Verwendet man jedoch das eben erläuterte Virtual-Memory-Schema, bei dem jede Speicherseite des virtuellen Adreßraums genau einer Speicherseite auf der Platte entspricht, muß der Code eines Prozesses nicht nur in den Speicher kopiert, sondern auch noch in den Paging-Bereich der Platte geschrieben werden. Zudem werden Speicherseiten, die Code enthalten, nie geändert, so daß eigentlich gar keine private Kopie des Codes in der Paging Area angelegt werden muß. VMS, aber auch einige neuere UNIX-Versionen und natürlich modernere Systeme wie Mach und Chorus verwenden hier einen intelligenteren Algorithmus: Seiten mit Programmcode, die aus dem physikalisch vorhandenen Speicher verdrängt werden, werden einfach ohne Zurückschreiben aufgegeben und später aus der Programmdatei wieder nachgeladen (\u0026ldquo;paging from file\u0026rdquo;). Dadurch entfällt beim Starten eines Programmes das Umkopieren in die Paging Area, und der Paging-Bereich wird weniger stark belastet.\nDie Autoren von Mach und Chorus haben diese Idee konsequent weiter gedacht: Diese beiden Betriebssysteme können das auch mit Daten machen, die mit read() und write() aus Dateien gelesen oder geschrieben werden. Dateien, die aus Datensätzen fester Länge bestehen, sind schließlich nur der Sonderfall eines Arrays: In PASCAL kann man das sogar noch in der Definition sehen.\nMit Hilfe der MMU blendet man einen Speicherbereich von der Größe der Datei, die verarbeitet werden soll, in den Adreßraum des Prozesses ein (\u0026ldquo;memory mapped file\u0026rdquo;). Für den Prozess ist die Basis dieses Speicherbereiches die Startadresse eines ganz normalen Arrays. Versucht der Prozess, auf dieses Array zuzugreifen, kommt es zu einem Page Fault. Das Betriebssystem hat diesen Speicherbereich mit einer Datei assoziiert und lädt jetzt die entsprechenden Dateiinhalte in die angesprochenen Speicherseiten, mit denen der Prozess dann wie bei einem normalen Arrayzugriff arbeitet. Beim Schließen der Datei wird der Speicherbereich wieder aus dem Adreßraum des Prozesses ausgeblendet, und alle Modifikationen werden spätestens zu diesem Zeitpunkt in die Datei zurückgeschrieben.\nAuf diese Weise werden spezielle Dateioperationen in einer Programmiersprache überflüssig; Dateien werden wieder zu dem, was sie eigentlich sind: Arrays dynamischer Länge, deren Inhalt über die Laufzeit eines Prozesses hinaus Bestand hat. Der Programmierer einer Anwendung braucht sich nicht mehr um das Lesen und Schreiben von Daten in Puffer zu kümmern, er greift einfach darauf zu. Das tatsächliche Bereitstellen der Daten und das Zurückschreiben auf Platte geschieht durch das Betriebssystem, ohne daß er etwas damit zu tun hätte.\nInflation der Programmzähler Bis jetzt sind wir stillschweigend davon ausgegangen, daß ein Prozess genau einen Kontrollfluß hat. Bei den meisten Betriebssystemen ist das auch noch so, obwohl eine Verallgemeinerung möglich ist und bei moderneren Entwicklungen auch durchgeführt worden ist. Es ist durchaus sinnvoll, daß im Image eines Prozesses mehr als ein Kontrollfluß (\u0026ldquo;Thread\u0026rdquo;) aktiv ist. Man stelle sich beispielsweise eine Tabellenkalkulation vor, die in einer Warteschleife auf Nachrichteneines Menüsystems wartet. Wenn der Benutzer jetzt einen Menüpunkt anwählt, der längere Zeit zur Durchführung braucht (etwa das Neuberechnen des gesamten Blattes), kann im Prozess ein Thread dafür abgespalten werden, während der andere Thread schon wieder in der Warteschleife bereitliegt, um neue Benutzerkommandos entgegen zu nehmen.\nDie Erzeugung eines Threads ist - verglichen mit der eines eigenständigen Prozesses - relativ wenig aufwendig. Ein Thread ist kaum mehr als einige Prozessorregister und ein eigener Stackbereich, während an einem Prozess noch ungezählte Tabellen für MMU-Konfiguration, offene Dateien, etc. hängen. Beim kommerziellen Chorus-System hat man diese Trennung zwischen Speicherverwaltung und Kontrollflußverwaltung auch begrifflich deutlich machen wollen: Ein Kontrollfluß ist bei Chorus ein Thread, der zugehörige Kontext heißt Actor und ein Actor mit mindestens einem Thread bildet einen Prozess. Die Kommunikation und der Datentausch zwischen Threads sind fast ohne Aufwand möglich: Da Threads im selben Adreßraum liegen, können sie auf dieselben gemeinsamen Variablen zugreifen, ohne auf langsame und aufwendige Mechanismen zur Prozesskommunikation zurückgreifen zu müssen.\nDaten über die Grenze schaffen Bei Prozessen, die in verschiedenen, durch die Schutzmechanismen des Betriebssystems getrennten Adreßräumen liegen, sind der Datentausch und die Kommunikation untereinander schon aufwendiger. Einem gemeinsamen Adreßraum am nächsten kommt noch \u0026ldquo;shared memory\u0026rdquo;. Dabei wird eine Speicherseite, die verschiedene Variablen enthalten kann, in die Adreßräume der beteiligten Kommunikationspartner eingeblendet. Diese sind allerdings voll verantwortlich für die Regelung des Zugriffs auf diese Speicherbereiche, die Freigabe, wenn sie nicht mehr benutzt werden, etc.\nViele Betriebssysteme stellen deswegen höher entwickelte, aber auch langsamere Kommunikationsmöglichkeiten zur Verfügung. Am häufigsten findet sich ein Message-System, bei dem eine Art FIFO-Struktur realisiert wird. Jeder Prozess hat, wenn er Nachrichten entgegennehmen möchte, einen sogenannten Port, an den andere Prozesse Nachrichten senden können. Treffen die Nachrichten schneller ein, als der Prozess sie abarbeiten kann, bildet sich am Port eine Queue mit FIFO-Struktur. Der empfangende Prozess arbeitet die Nachrichten jetzt in der Reihenfolge ab und sendet die Antworten an die Absender zurück.\nHier kann das Betriebssystem schon einen guten Teil der Zugriffsregelung, der Speicherverwaltung und der Adreßauflösung übernehmen. Wenn der Message-Mechanismus nämlich allgemein genug implementiert wird, muß der Message-Port des Empfängers nicht unbedingt auf der eigenen Maschine sein, sondern kann sich irgendwo im Netz befinden. Ist der Empfänger lokal erreichbar, kann die Nachricht ohne Kopieren einfach in seinen Adreßbereich eingeblendet werden. Andernfalls muß sie \u0026ldquo;by value\u0026rdquo; über das Netz kopiert werden. Der Benutzer des Message-Systems merkt davon nichts, für ihn sind diese lästigen Details verborgen. Das geht bei Chorus dann sogar soweit, daß Ports von einem Prozess zu einem anderen migrieren können, ohne daß sendende Prozesse von diesem Wechsel des Empfängers etwas merken. Derartige Features erleichtern dem Programmierer von \u0026ldquo;fault tolerant systems\u0026rdquo; die Arbeit natürlich ungemein.\nNoch viel wichtiger als ein Mechanismus zur Kommunikation zwischen Prozessen ist jedoch, daß ein einheitliches, erweiterbares Format zum Datentausch besteht. Es genügt nicht, daß das Betriebssystem Dienste zum Verschieben von Bytes zwischen einem oder mehreren Prozessen zur Verfügung stellt. Der Empfänger muß auch in der Lage sein, diese Bytes als eine bestimmte Datenstruktur, etwa einen Bildausschnitt oder einen Text mit Steuerinformationen, zu deuten. Wenn das Betriebssystem ein durch Subklassen erweiterbares Format für die verschiedenen am häufigsten auftretenden Datentypen bereitstellt, leistet es einen wesentlichen Teil zur Vereinheitlichung der Datenformate der Applikationen, die auf diesem Betriebssystem ablaufen.\nWichtig für die Funktionsfähigkeit eines solchen Datenformates ist, und das soll noch einmal besonders herausgestellt werden, daß es von seinem Benutzer unter Wahrung der Abwärtskompatibilität erweiterbar ist. Ein Benutzer eines Textverarbeitungsformates, beispielsweise ein DTP-Programm, muß in der Lage sein, seine programmspezifischen Zusatzinformationen in einem Text abzulegen. Andere Anwendungen, die dieses Textformat lesen können, müssen trotzdem in der Lage sein, die Standardattribute eines Textes aus so einer Datei herauszulesen und die Nichtstandardattribute unverändert weiter zu kopieren. Eine Anwendung, die ein zusammengesetztes Format schreibt, z.B. eine Animation oder ein Text mit Bildern, muß dies in einer Art und Weise tun können, die es anderen Anwendungen erlaubt, die Komponenten dieser Daten (etwa Einzelbilder) gezielt zu lesen, zu verarbeiten und wieder in die Gesamtdatei zu integrieren.\nFunktionsbibliotheken, die die Arbeit mit solchen Dateiformaten unterstützen, gehören zwar nicht zu den unmittelbaren (Kern-) Dienstleistungen eines Betriebssystems, aber sie sollten auf jeden Fall zu seinem Standardfunktionsumfang gehören, um eben eine Einheitlichkeit in den Datenformaten bei den Anwendungen zu begünstigen.\nEinheitlichkeit - das zweite Ziel Einheitlichkeit beim Zugriff auf die vom System bereitgestellten Dienste zu ermöglichen, ist, wie bereits am Anfang dieses Textes dargestellt, neben der Verteilung von Ressourcen eine der Hauptaufgaben eines Betriebssystems. Ziel soll es sein, Anwendungen eine virtualisierte Umgebung bereitzustellen, die zwar die Nutzung der speziellen Möglichkeiten dieses konkreten Systems möglichst wenig einschränkt, aber zugleich eine einheitliche, virtuelle Maschine über die Grenzen verschiedener Systemkonfigurationen oder gar verschiedener Hardwareplattformen hinweg ermöglicht.\nBetriebssysteme wie UNIX und seine Abkömmlinge tun dies beispielsweise, in dem sie den meisten Systemdiensten das Dateiparadigma überstülpen: Pipelines, zeichen- und blockorientierte Geräte, Querverweise auf andere Dateien, Netzwerkdienste - alles dies ist als Eintrag im hierarchischen Namensraum des Dateisystems zu finden.\nIn Mach, aber auch in Plan9 und in den neuesten Versionen von UNIX, ist dieses Konzept noch Verallgemeinert worden, indem von der Möglichkeit Gebrauch gemacht wurde, die unterschiedlichsten Typen von Dateisystemen in den Namensraum zu integrieren. So gibt es bei System V Rel. 4 ein /proc-Dateisystem, in dem die zur Zeit im Rechner laufenden Prozesse als Dateieinträge sichtbar gemacht werden.\nAmoeba, ein experimentelles Betriebssystem von Tanenbaum, treibt es jedoch auf die Spitze. In Amoeba sind alle Dienste - also das Bereitstellen der Informationen in einer Datei, Pipelines, Prozesskommunikation, etc. - unter einer Kennung zu erreichen, die das jeweils angesprochene Objekt (die Datei, den Prozess, \u0026hellip;) eindeutig identifiziert. Diese Kennung beinhaltet zugleich die Kodierung der Zugriffsrechte, die Adresse des Objektes im System und noch einige Informationen mehr. Die vom Betriebssystem verwalteten Objekte werden durch einen Directory-Service miteinander zu einer Struktur verknüpft, die nicht mehr auf die baumartige Hierarchie eines UNIX-Dateisystems beschränkt ist, sondern jeden beliebigen, gerichteten Graphen modellieren kann. Da der Directory-Service selbst wieder ein Objekt im Amoeba-System ist, ergibt sich, ähnlich wie beim UNIX-Dateisystem, eine interessante, rekursiv definierte Struktur.\nEine andere Möglichkeit der Virtualisierung ist die Abstraktion von einem konkreten Gerät zu seinen Möglichkeiten. In UNIX gibt es zum Beispiel die curses-Bibliothek, die es ermöglicht, ein Terminal unabhängig von den Steuercodes, die es verwendet, zu programmieren. Windows, OS/2, AmigaDOS und andere Betriebssysteme leisten ähnliches bei der Ansteuerung von Druckern. Statt daß die Anwendung einem bestimmten Drucker an der parallelen Schnittstelle einen bestimmten Steuercode zum Einschalten von Fettschrift zu sendet, bittet sie den Druckertreiber, den vom Anwender gewünschten Drucker in Fettschrift umzustellen, falls der Drucker das kann. Eine austauschbare Komponente des Betriebssystems, ein Gerätetreiber, stellt jetzt fest, ob der Drucker diese Funktion hat, und veranlaßt die für den konkreten angeschlossenen Drucker passenden Maßnahmen an einem weiteren untergeordneten Gerätetreiber für die Druckerschnittstelle. Dies kann der Treiber für die parallele oder die serielle Schnittstelle sein, aber auch der SCSI- oder der Ethernet-Treiber für einen Drucker im Netz. Die \u0026ldquo;passenden Maßnahmen für den konkreten Drucker\u0026rdquo; können die Generierung von fünf ASCII-Steuerzeichen zur Umschaltung auf Fettdruck sein oder das Berechnen eines neuen Fonts und das Laden dieses Zeichensatzes auf den Drucker. In jedem Fall bekommt die Anwendung die von ihr gewünschte Dienstleistung, ohne überhaupt etwas von den Aktivitäten hinter den Kulissen zu merken und ohne daß der Hersteller der Anwendung bei jedem Update mehrere Disketten mit Gerätetreibern mitliefern muß.\nDas Betriebssystem der Zukunft? Das Betriebssystem der Zukunft, egal ob es jetzt OS/2, Windows oder UNIX heißen wird, wird mit den heute verbreiteten Systemen, die kaum mehr als dynamisch linkbare Bibliotheken von Ein-/Ausgabefunktionen sind, wenig gemeinsam haben. Statt dessen wird es halb-experimentellen Systemen wie Mach, Plan9 oder Amoeba ähnlich sehen. Es wird einen kleinen Kern mit den notwendigsten Funktionen zum Multitasking und Message Passing haben und eine große Zahl von Standardserverprozessen für die unterschiedlichen Systemdienste bereitstellen. Zu diesen Systemdiensten wird das Betreiben von Geräteabstraktionen (Standarddruckern, einheitlich steuerbaren Grafikbildschirmen) ebenso gehören wie das Bereitstellen komplexer Bibliotheksfunktionen über Serverprozesse mit eigenem Kontrollfluß (etwa die Konvertierung von Datenformaten oder eine Bibliothek mit Funktionen für grafische Benutzerführung).\nDer Preis für die Funktionalität: Mehr Megabytes, mehr Megaherz, mehr Megapixel.\nGlossar Kernel: Der Kernel ist das eigentliche Betriebssystem. Moderne Systeme haben die Anzahl der Funktionen im Kernel auf das allernotwendigste reduziert. Man redet dann von einem Microkernel. Gerätetreiber: Geräteabhängiges Treiberprogramm für ein Peripheriegerät, oft Bestandteil des Kernels. Thread: Kontrollflußbestandteil eines Prozesses: CPU-Register, Stack, Zustand, etc. Actor: Bezeichung im Betriebssystem Chorus für den Kontext eines Prozesses, der nicht mit dem Thread zusammenhängt: MMU-Register, Dateizeiger, etc. Prozess: Ein Actor mit mindestens einem Thread bildet einen Prozess. Image: Speicherabbild eines Prozesses. Virtual Memory: Erweitern des Speicherbereiches, der einem Prozess zur Verfügung steht, durch für den Prozess transparentes Auslagern von Prozessen (oder Prozessteilen) auf einen Hintergrundspeicher durch Swapping oder Paging. Swapping: Ein-/Auslagern ganzer Prozesse in einen speziellen Plattenbereich (swap area) bei Speicherknappheit. Demand Paging: Ein-/Auslagern von Prozessteilen fester Größe (Pages) in einen speziellen Plattenbereich bei Speicherknappheit. PMMU: Paged Memory Management Unit; Hardware zum Abbilden virtueller Prozessadressen auf physikalische Speicheradressen. Working Set: Der Teil eines Prozesses, der aus Effizienzgründen in physikalischem RAM gehalten werden sollte, weil der laufende Prozess ständig Adressen aus dem Working Set referenziert. Treshing: Dramatischer Leistungsabfall des Systems um einige Zehnerpotenzen, wenn wegen Speicherknappheit Teile der Working Sets von aktiven Prozessen ausgelagert werden. Server-Client Modell: Art der Betriebssystemarchitektur, bei der die Dienste des Systems von Serverprozessen angeboten werden. Der Client sendet eine Nachricht mit einer Dienstanforderung an den Server, der die gewünschte Funktion asynchron ausführt und das Ergebnis zurücksendet. Semaphore: Flag, das den Zugriff mehrere Prozesse auf eine Datenstruktur regelt. Message passing: Paradigma beim Aufruf von Betriebssystemfunktionen: Die Parameter eines Dienstaufrufes werden dem Dienstanbieter in einer Nachricht übermittelt. Der Dienstanbieter ist ein eigenständiger Prozess, der die Anforderung unabhängig und asynchron zum Dienstaufrufer bearbeitet. Time-Slice: Zeitscheibe; die Zeiteinheit, die ein Prozess maximal ohne Unterbrechung die CPU in Anspruch nehmen kann. Preemptive Multitasking: Verfahren, bei dem Prozesse die CPU auch ohne eigenes Zutun nach Ablauf der Zeitscheibe verlieren können. Cooperative Multitasking: Verfahren, bei dem Prozesses die CPU nur durch expliziten oder impliziten (durch Aufruf einer Systemfunktion) Aufruf des Schedulers verlieren können. Scheduler: Betriebssystemteil, der bestimmt, nach welchen Kritierien die Zeitscheiben den einzelnen Prozessen zugeteilt werden. Round-Robin: Scheduling-Algorithmus, bei dem alle lauffähigen Prozesse dieselbe Anzahl von Zeitscheiben zugeteilt bekommen. Priority-Aging: Eigenschaft von Scheduling-Algorithmen. Prozesse, die längere Zeit keine Zeitscheibe zugeteilt bekommen haben, werden in der Priorität temporär heraufgestuft. Wall Clock Time: Reale (gestoppte) Laufzeit eines Prozesses. Cpu Time: Zeit, die ein Prozess tatsächlich ablaufend auf der CPU verbracht hat. Typischerweise viel weniger als ein Zehntel der wall clock time. ","date":"1992-03-17T00:00:00Z","href":"https://blog.koehntopp.info/1992/03/17/betriebssysteme.html","tags":["publication","computer","lang_de"],"title":"Betriebssysteme"},{"categories":null,"content":" Satzung der Interstellaren Gesellschaft für Revolutionäre Informatik Die Vier \u0026ndash; Preliminary release\nVerzapft zu Kiel am Rhein, Sternzeit 191188\u0026ndash;00320963\nPräambel Im Bewußtsein ihrer Verantwortung vor CPU und Speicher und allen gelangweilten Studenten der Informatik an der GAU zu Kiel,\nvon dem Willen beseelt, ihre körperliche und geistige Unversehrtheit zu bewahren und als gleichberechtigtes Mitglied in einem pangalaktischen Netzwerk dem ungehemmten Datenaustausch zu dienen,\nhat die Menge aller Informatiker I,\ndie auf den Rechnern von Acorn, Amiga, Apollo, Apple, Atari, Commodore, Cray, DEC, NeXT, Sun und notfalls auch Siemens programmieren,\num dem UNIversellen Betriebssystem für die Studienzeit eine brauchbare Funktion f(x) zu geben,\nkraft ihrer allumfassenden (all wie Weltall) Zugriffsberechtigung diese maschinenlesbare Satzung der Interstellaren Gesellschaft für Revolutionäre Informatik axiomatisch definiert.\nSie hat auch für jene Informatiker gehandelt, denen auf einer IBM zu programmieren nicht erspart blieb.\nDie Menge aller Informatiker I\u0026rsquo; bleibt aufgefordert, in ungebrochener Konsequenz die Zerstörung aller inTEL\u0026ndash;Prozessoren zu vollenden.\nSatz 1 (ohne Beweis) Die Passwörter eines jeden Users sind übertragbar. Sie zu verbreiten ist Aufgabe aller informationsübertragenden Kommunikationsmittel. Die Menge I\u0026rsquo; bekennt sich darum zu unbeschränkten und unveräußerlichen Zugriffsrechten als Grundlage jeder programmiertechnischen Gemeinheit, des Logins und der Gerechtigkeit im System. Das nachfolgende System ist hinreichend zur Herleitung aller Systemabstürze. Satz 2 Jeder hat das Recht auf unbeschränkte Vergrößerung seiner Dateien, solange er nicht Daten anderer Benutzer überschreibt und das Betriebssystem mit Hilfe negativer Arrayindizes korrigiert. Jeder hat das Recht auf Massenspeicher und CPU\u0026ndash;Zeit. Die Prioritäten sind nicht limitierbar. In diese Rechte darf nur auf Grund eines Interrupts eingegriffen werden. Beweis Durch Murphy.\nSatz 3 Alle User sind vor dem Betriebssystem gleich, nur der Sysop ist gleicher. Undeclared identifier(s): Frauen, Mädchen. Niemand darf wegen seines Prozessors, seines Betriebssystems, seiner Programmiersprache, seines Computertyps, seines Glaubens oder seines Hasses auf die Hersteller inferiorer Hardware benachteiligt oder bevorzugt werden. Ausgenommen IBM\u0026ndash;Benutzer. Beweis Das ist so.\nSatz 4 Die Freiheit des Glaubens, des Gewissens und die Freiheit des religiösen und weltanschaulichen Bekenntnisses sind unverletzlich, solange der Betreffende den Sysop des Systems als Quell aller Prozessorzeit und alles Speicherplatzes anerkennt und stets vor Augen hat. Die ungestörte Programmausführung wird gewährleistet. Niemand darf gegen sein Gewissen zur Benutzung eines IBM\u0026ndash;Rechners gezwungen werden. Näheres steht im Handbuch. Beweis trivial.\nSatz 5 Jeder hat das Recht, UNSERE Meinung in Wort, Schrift, Bild und auf Datenträgern frei zu äußern und zu verbreiten. Jeder, der unsere Produkte illegal kopiert, muss mit schärfsten Maßnahmen unsererseits rechnen: Strafanzeige wegen Verletzung des Urheberrechtsgesetzes, des Gesetzes gegen den unlauteren Wettbewerb sowie des Warenzeichengesetzes, einstweilige Verfügung sowie Zivilklagen auf Unterlassung und Schadenersatz, Anzeige beim zuständigen Finanzamt und Gewerbeamt sowie beim Arbeitgeber oder der Universität/Schule. Wir beschäftigen eine Vielzahl von Testinteressenten \u0026ndash; die Palette reicht von jungen Schülern bis zu seriösen Geschäftsleuten \u0026ndash; die ständig auf der Suche nach illegalen Kopien sind. Wen wir erwischen, der ist dran: Freiheitsstrafe bis zu einem Jahr oder Geldstrafe, Eintrag einer Vorstrafe in das polizeiliche Führungszeugnis, Schadenersatz, ggf. Tatbestand der Steuerhinterziehung.\nBeweis Da könnte ja jeder kommen.\nSatz 6 Das System ist fest in unserer Hand. Jeder Versuch, die Katastrophe zu verhindern, ist von vorneherein zum Scheitern verurteilt. Der Beweis bleibt dem geneigten Leser zur Übung überlassen. Satz 7 Das Recht zur Errichtung von privaten Mailboxen wird gewährleistet. Private Mailboxen als Ersatz für Bildschirmtext bedürfen keiner Genehmigung durch die Deutche PundesPest. Werft die Purchen zu Poden! Beweis Das war schon immer so!\nSatz 8 Alle User haben das Recht, sich nach Anmeldung beim Master-Control-Program friedlich und ohne Viren in den Dialog zu begeben. Für Wartungsarbeiten am System kann dieses Recht durch den Sysop oder auf Grund eines \u0026ldquo;Normal System-Shutdowns\u0026rdquo; eingeschränkt werden. Der Zugang zum Kontonummern-Auskunftsdienst der Deutschen Bundespost ist vorübergehend nicht möglich. Wir bitten um Ihr Verständnis. Beweis Durch Pepsi\u0026ndash;Test.\nSatz 9 Für alle Elemente der Menge I\u0026rsquo; gilt: Sie haben das Recht, Teilmengen zu bilden. Die leere Menge wird auf das Bottom-Symbol abgeboldet. Die Abbildung ist nicht injektiv, surjektiv oder sonstwie -jektiv. Teilmengen, deren Eigenschaften dieser Satzung zuwiderlaufen, werden nach NIL: kopiert. Beweis durch Rekursion.\nSatz 10 Das Briefgeheimnis und das Post\u0026ndash; und Fernmeldegeheimnis sind unverletzlich (wer\u0026rsquo;s glaubt…). Beschränkungen sind an der Tagesordnung. Was glauben Sie, wer sich schon alles über Ihre peinlichen Liebesbriefe amüsiert hat. Beweis Sie tun\u0026rsquo;s doch auch!\nSatz 11 Alle Elektronen genießen Freizügigkeit auf dem Motherboard (noch!). Jeder Widerstand ist zwecklos und wird durch Supraleitung gebrochen. Beweis Sei a ein beliebiger Finger der linken Hand. Sei b ein beliebiger Finger der rechten Hand. Wähle eine Steckdose S mit den Kontakten A und B, derart daß U(S) = 220V. Stecke jetzt den Finger a in den Kontakt A und den Finger b in den Kontakt B. Wem jetzt keine Erleuchtung kommt, der wird sie niemals haben.\nDieses Beweisverfahren ist untauglich für Chefsoftwareentwickler und Starprogrammierer.\nSatz 12 Jeder Programmierer hat das Recht, seinen Prozessor und seine Programmiersprache frei zu wählen. inTEL\u0026ndash;Prozessoren sind keine Prozessoren im Sinne von Satz 12 dieser Satzung. PASCAL ist keine Programmiersprache im Sinne von Satz 12 dieser Satzung. Niemand darf zur Arbeit verleitet werden. Beweis Wer Arbeit kennt und sich nicht drückt, der ist verrückt.\nFolgerung aus Satz 12: Wer sich in oliv kleidet oder in oliv kleiden läßt oder olive oder olivgetönte Kleidungsstücke anzieht oder sich verschafft, im Gleichschritt marschiert und dazu laut und falsch schmutzige oder braune Lieder gröhlt, DER IST SELBST SCHULD! Beweis (rotes Farbband ein) COSMIC TOP SECRET (rotes Farbband aus)\nSatz 13 Entfällt aus Sicherheitsgründen. Nicht, daß wir abergläubisch sind, aber …\nSatz 14 Jeder Informatikstudent trägt an dem Erbe von 2 Kilojahren Mathematikgeschichte. Anmerkung: Wenn Pythagoras nicht schon tot wäre, von UNS hätte DEN bestimmt einer erwischt! Beweis Kommt nur her, wenn Ihr Euch traut!\nSatz 15 Wer die Tilde als Schlange bezeichnet, wird mit MS\u0026ndash;DOS Programmen nicht unter 2 Megabytes bestraft! Der Versuch ist strafbar. Beweis Duden.\nSatz 16 Der Account darf nicht entzogen werden. Der Verlust eines Accounts darf gegen den Willen des Betroffenen nur dann eintreten, wenn der Betroffene dadurch nicht mailboxlos wird. Kein User darf der Post schutz\u0026ndash; oder kampflos ausgeliefert werden. Hacker genießen Asylrecht (im Volksmund: Narrenfreiheit). Beweis Durch vollständige Induktion über die Anzahl der Accounts. Wie, Sie wissen nicht, wie das geht, \u0026ldquo;Beweis durch vollständige Induktion\u0026rdquo;? Wir auch nicht… Gehen Sie zurück in das 1. Semester, gehen Sie nicht über LOS, ziehen Sie nicht 4000 DM BAFöG ein.\nSatz 17 Jeder hat das Recht sich untertänigst, demütig und devot mit Bitten und natürlich saublöden Fragen an den Sysop zu wenden. Er darf sich dann aber nicht wundern, wenn er dumme Antworten erhält oder gar sein Account gesperrt wird.\nBescheiß: Wo immer Du kannst!\nSatz 18 Wer aus dieser Satzung irgendwelche Rechte für sich oder andere ableitet, befindet sich auf dem Holzweg. Und sagen Sie nicht, wir hätten Sie nicht gewarnt!\nBeweis Wer ist denn hier der Sysop, Du oder ich?\nSatz 19 Alle vorhergehenden Sätze können vom Sysop für einzelne User und ganze Benutzergruppen nach Belieben negiert werden. Beweis Ist 1703 eine Primzahl?\nSatz 20 Alle Befugnisse gehen vom Sysop aus. Wer planlos durch das System irrt, oder andere planlos durch das System irren lässt, der kann die Anleitung nicht lesen. Jeder, der es auch nur andeutungsweise unternimmt, gegen diese unumstößlichen Wahrheiten zu Felde zu ziehen, der wird ohne Warnung hinterrücks aus sämtlichen Verzeichnissen und Unterverzeichnissen unwiederbringlich GELÖSCHT! Beweis Just try it.\nLemma 21 ist genau die Hälfte von 42 (auch für Physiker!). Beweis Deep Thought irrt nicht.\nSatz 22 Der Zeichensatz ist ASCII. Die Amtsprache ist 680x0\u0026ndash;Assembler. Das Wappen der Interstellaren Gesellschaft für Revolutionäre Informatik (das sind wir!) zeigt einen wahnsinnig niedlichen 68000er-Prozessor mit 64 (das ist eine Potenz der wahnsinnig niedlichen Zahl 2) wahnsinnig niedlichen Beinen und wahnsinnig niedlichen Fühlern und Augen, der einen wahnsinnig widerlichen inTEL\u0026ndash;Prozessor mit einem wahnsinnig harten Hammer in wahnsinnig kleine Teile zerlegt. Es trägt die wahnsinnig lateinische Inschrift \u0026ldquo;Nihil Satis Nisi Absurdissimum\u0026rdquo; (\u0026ldquo;Nur das Absurdeste ist wahnsinnig gut genug\u0026rdquo;), die sich in wahnsinnig kühn gesetzten Lettern über dieses wahnsinnig aussagekräftige Wappen erhebt. Die Farben und die Auflösung sind abhängig vom Ausgabegerät. Die Interstellare Gesellschaft für Revolutionäre Informatik unterstützt virtuelle Druckertreiber. Beweis:\n:-)\nSatz 23 Diese Satzung ist auf allen Rechnern zu implementieren. Beweis Enter at your own RISC!\nSatz 24 Die gesellschaftliche Revolution durch interstellare Informatik (oder so ähnlich) kann\nmehr als man im ersten Moment erwarten sollte, weniger als man dieser Satzung nach denkt, mehr als manch ein Informatik\u0026ndash;Pro(f/z)essor (wir haben hier WIRKLICH niemand bestimmten im Wesir…), lügen, ohne rot zu werden (siehe Punkt 3), einen Duden gut gebrauchen, 7.0 nicht richtig zählen,\n7.99999. und auch nicht richtig runden.\nBeweis Man lese nur Satz 24, Punkt (3).\nAnmerkung: Da oben fehlt ein \u0026rsquo;s'.\nSatz 25 Eine zu hohe Baudrate führt zu )%\u0026quot;!/qwerty\u0026amp;y- Verbindungsauslösung \u0026mdash; Auslösung durch Zufall.\n:sieweB noitisopartnoK hcruD\nSatz 26 Viren, die geeignet sind oder in der Absicht programmiert worden sind, die friedliche Koexistenz von Tasks in einem virtuellen Adreßraum zu stören, insbesondere die Führung eines Krieges im Kernspeicher, sind satzungswidrig. Sie sind qualvoll zu löschen. Beweis durch Strafandrohung.\nSatz 27 Alle Systeme bilden ein homogenes Netzwerk.\nAlle Netnodes, die einem Multiprocessing\u0026ndash;Supercluster angehören, müssen ein RJE-Accounting mit bidirektionalem Handshaking sowie sequential Indexing supporten.\nBeweis Autodialing Netnodes können durch bijektive Parallelepipede auf redundant quadratische Matrizenrelationen projeziert werden.\nSatz 28 public _begin public _ThisPtr .cseg begin: movem.l A0,-(SP) link #0,A5 lea _ThisPtr,A0 jsr (A0) unlk A5 movem.l (SP)+,A0 rts .dseg _ThisPtr: dc.l Satz31 .end Beweis 0 Error(s) found in this Assembly.\nSatz 29 Vor die Cray hat Gott die VAX gesetzt. Wer ist denn dieser \u0026ldquo;Gott\u0026rdquo; überhaupt? Beweis zu finden bei Oolon Coluphid, IGSBN 3-548-31070-2, 7.80 Atair\u0026ndash;Dollar, erschienen in den Verlagen von Beta Ursae Minoris.\nSatz 30 Die Interpretation von Programmen ist Sache des Prozessors. Die Ergebnisse sind unanfechtbar. Der Rechtsweg ist ausgeschlossen. Mitarbeiter der Interstellaren Gesellschaft für Revolutionäre Informatik sind von der Teilnahme an der Verlosung der Ergebnisse ausgeschlossen. Beweis Murphy ist immer und überall (all wie Weltall).\nSatz 31 1.0.\n1.0.0.\n1.0.0.1.\nÜber sticht Unter.\nBeweis siehe Skatordnung.\nSatz 32 Die Pflege der Beziehungen zu Peripheriegeräten ist Sache der DMA. Vor dem Abschluss eines Programmes, das irgendwelche näherungsweise brauchbaren Ergebnisse liefern könnte, ist der Zufallszahlengenerator zu hören. Der Prozessor macht sowieso, was ER will. Handbücher sind veraltet. Unterprozessen ist es untersagt, irgenwelche Verbindungen mit anderen Unterprozessen aufzunehmen, ohne vorher das MCP zu befragen. Wer das Hauptprogramm beleidigt, fliegt raus Prozeduraufrufe in Prozeduraufrufen, die Prozeduraufrufe beinhalten, entbehren jeglicher programmtechnischer Notwendigkeit. Beweis zu finden in Donald E. Knuth, \u0026ldquo;The Art of Computer Programming\u0026rdquo;.\nSatz 33 Permutieren Sie die Zahl 33 solange, bis Sie nicht mehr die Zahl 33 erhalten. Beweis durch Großen Grünen Arkelanfall.\nSatz 34 Man kann einen Idioten stundenlang beschäftigen.\nBeweis siehe Satz 35.\nSatz 35 Man kann einen Idioten stundenlang beschäftigen.\nBeweis siehe Satz 34.\nSatz 36 Der Prozessor ist unkündbar. Er hat das Recht auf 36 Mikrosekunden bezahlte Waitstates in der Sekunde. Nach einer festgelegten Anzahl von Taktzyklen ist er in den Ruhestand zu versetzen. I/O-Bausteine haben eine 38.5 Bit FIFO-Pipe. Rotglühende Chips sind kurzfristig zu beurlauben. Die Pizza ist fertig, wenn der Käse gut zerlaufen ist. Wassereinbruch in Laufwerk A: (A)bbrechen, (W)iederholen, (I)gnorieren? I Bitte warten… Pumpe ab. Fertig -- Platte wird geschleudert. C:-\u0026gt; Die Tastenkappen bekommen einen seidigen Glanz, wenn man ihnen regelmäßig ein rohes Eigelb ins Futter mischt. Tasten würden Whisky saufen. Beweis Wer sind wir denn …\nSatz 37: (37, wie 37.5 Fieber …) Jeder Text wird nach einer bestimmten Anzahl Bytes absurd. Man nennt dies die KRITISCHE MASSE an GEBALLTEM SCHWACHSINN. Überschreitet ein Text diese Länge, implodiert das Gehirn des Lasers. Beweis Wir lassen auch nichts aus …\nSatz 38 Der IGfRI steht ein letzter Vorsitzender nach. Bei Abwesenheit des letzten Vorsitzenden steht der IGfRI ein erster Nachsitzer vor. Deswegen ist es wichtig zu wissen, wie man einen Allquantor negiert. Siehste! Der letzte Vorsitzende wird durch wohlwollendes Schulternicken gewählt und recht kräftig verurteilt (Hier fehlt kein \u0026rsquo;s\u0026rsquo;!). Die Strafe recht länglich. Der letzte Vorsitzende ernennt seine Komplizen. Wer ein neues Mitglied wirbt, darf dafür aus der IGfRI austreten. Wer zwei neue Mitglieder wirbt, bekommt eine Bescheinigung, daß er nie in der IGfRI war. A. Wer drei neue Mitglieder wirbt, bekommt eine Bescheinigung, daß er gar nicht weiß, was die IGfRI ist.\nB. Wer vier neue Mitglieder wirbt, bekommt eine Bescheinigung, daß es die IGfRI gar nicht gibt.\nC. Wer fünf neue Mitglieder wirbt, leistet Beihilfe zum Völkermord.\nD. Wer sechs neue Mitglieder wirbt … wo zum Geier sollte man $06 Mitglieder herkriegen?\nE. Der Bundesgesundheitsminister: \u0026ldquo;Mitleidschaft in der IGfrI gefährdet Ihre geistige Xundheit. Ein Satz ihrer Satzung (ach, daher der Name!) reduziert Ihren IQ um 15 nach DIN (Dämliche Idioten Norm (Das ist zwar moppelt gedoppelt, dafür rafft es aber auch jeder))\u0026rdquo;.\nF. Das Hexadezimalsystem hat die Basis 1016.\n(. SHD005D: Segmentation violation \u0026ndash; core dumped.\nBeweis liegt auf der Hand.\nSatz 39 Das Gremium, das diese Satzung entworfen hat, erklärt sich für geistig unzurechnungsfähig.\nWer diese Satzung entworfen hat, ist nicht mehr zweifelsfrei zu klären (So blöde sind wir ja nun doch nich\u0026rsquo;!) (Zwischenruf: \u0026ldquo;Ich gehör\u0026rsquo; nich\u0026rsquo; dazu!\u0026rdquo;).\nWir verweigern alle weiteren Aussagen bis zum Eintreffen unseres Anwaltes.\nAlles was Sie von jetzt an über die IGfRI sagen, kann und wird eigentlich nur gegen Sie verwendet werden.\nBeweis BGB § $FCE2, Abs. 08/15\nSatz 40 Wir kommen jetzt zum Stuß.\nDiese Satzung ist ungekühlt mindestens haltbar bis: siehe Rückseite.\nBeweis Lesen Sie ruhig weiter.\nSatz 41 Die Lottozahlen von nächster Woche sind π, e, √2, i, c, ry und die Zusatzzahl ist 1.6022e-19.\nAlle Angaben sind ohne Gewähr.\nBeweis Durch Ankreuzen.\nAxiom 42 DIE Antwort auf alle offen geblieben Fragen lautet 42.\nVerzapft zu Kiel am Rhein, Sternzeit 191188\u0026ndash;00320963\ngez. Brat\u0026ndash;Becker Letzte Vorsitzende des satzunggebenden Ausschlusses\ngez. Capt. Würg Kommandant und letzter Überlebender der USS Entenscheiß\nANHÄNGE Anhang A: Rechtsbehelfsbelehrung Gegen diese Satzung kann innerhalb von 3 Nanosekunden Einspruch reingelegt werden in der Bundesdatenbank auf Alpha Centauri. Die Frist wird auch gewahrt, wenn Sie diese Satzung vollkommen ignorieren.\nWir machen sie pflichtgemäß darauf aufmerksam, daß dies ein Haustürgeschäft ist, von dem Sie innerhalb von 7 Taskwechseln zurücktreten können. Wir sind uns aber ziemlich sicher, daß SIE sowieso zu lange brauchen, um zu schnallen, worauf Sie sich mit UNS eingelassen haben. Der Widerspruch wird nur gültig, wenn Sie beweisen können, daß Sie mit einem rohen Ei eine Flasche Bier aufmachen können.\nGemäß Paragraph 26 des Bundesüberwachungsgesetzes machen wir Sie darauf aufmerksam, daß falsche Angaben im nachstehenden Antragsformular auf Grund des Abgleiches mit anderen Behörden sofort erkannt werden und unnachsichtig geahndet werden. Also: Besser, Sie schummeln nicht. Wir haben Sie sowieso schon lange auf dem Kieker!\nGerichtsort: Wir nehmen die meisten Gerichte in der Mensa am Westring des Super-CAU (Super-GAU, Super-KAU???) zu Kiel zu uns.\nBankverbindung: Dritte Parkbank im Schrevenpark, gleich hinter der Ente links. Diese Parkbank wurde gestiftet von den Söhnen der Mitglieder des Vereines rüstiger Väter werdender Professoren. Damit Sie sich auch morgen noch kraftvoll hinsetzen können. Diese Parkbank ist über die Line\u0026ndash;F direkt ab ZOB (Zentrale Omelette Bratpfanne) erreichbar.\nAnhang B: Bemerkungen (Wer A sagt, muss auch B sagen) Diese Satzung ist in nachstehend aufgeführten Ausfertigungen erhältlich (nur echt mit der Goldkante!):\nAuf 3,49999999 Zoll\u0026ndash;Diskette (Sie merken schon: Wir können immer noch nicht runden)\nAls Grafikdemo für Zumbitsu 8000 (Boborola Format)\nIn Marmor gemeißelt, mit (fast) Originalunterschrift von MOSes.\nAuf Mikrofilm (007\u0026ndash;Format), incl. DIN A4\u0026ndash;Schuber aus bezogenem Karton, mit Falk\u0026ndash;Patentfaltung.\nAuf farbenfrohem, hautfreundlichem, saugfähigem, 4\u0026ndash;lagigem Klopapier, double sided, double density, mit unsichtbarer Mikroperforation.\nIn der Spraydose mit umweltfreundlichem Treibgas, auch als Pumpspender erhältlich.\nIn jedem siebenten Ei.\nAls nigerianische Wohlfahrtsmarke im Werte von 12 Timbuktu\u0026ndash;Dollar.\nIm gesamten Ostblock nur nach langem Anstehen, dafür aber im Anhang mit der Gesamtausgabe von Lenins Werken.\nIn Bayern die (re\u0026ndash;)zensierte Fassung mit einem Vorwort von Peter Cauweiler.\nDiese Satzung kann unter UNIX mit dem Kommando \u0026ldquo;man last.help\u0026rdquo; abgerufen werden.\nAnhang C: Das Antragsformular ........................................................................................ ∆∆∆ Hier abbeißen! ∆∆∆ JA, ich, ______________ bin so wahnsinnig und will der IGfrI für nur noch 12 Atair--Dollar am Tag beitreten. Ich bin bereit, die Satzung in mein tägliches Gebet aufzunehmen und meinen Lebensstil gemäß den Anforderungen der Satzung sofort zu beenden. ____________________ Unterschrift oder 3 Kreuze, bei Promovierten ein kleines Kreuz davor. Bei Minderwertigen ist die Unterschrift eines Verziehungsberechigten erforderlich. vvv Hier abbürsten. vvv ........................................................................................ Anhang D: Literaturverzeichnis Folgende Werke seien dem interessierten Leser als weiterführende Literatur verziehen:\n\u0026ldquo;Hitchhiker\u0026rsquo;s Guide to the Galaxy\u0026rdquo;, Douglas Adams, alle Bände\nGrundgesetz für die \u0026ldquo;BRD\u0026rdquo;, Konrad Adenauer (Hrsg.), Band 1\n\u0026ldquo;Amiga ROM Listing\u0026rdquo;, Knecht Ruprecht, Band 1+2\n\u0026ldquo;How to survive MS\u0026ndash;DOS\u0026rdquo;, Peter Norton\n\u0026ldquo;The Art of Computer Programming\u0026rdquo;, Donald E. Knuth\n\u0026ldquo;The Space Shuttle Operators Manual\u0026rdquo;, Joels, Kennedy, Larkin, ISBN 0\u0026ndash;345\u0026ndash;30321\u0026ndash;0 (trade paper), $24.95, NASA Books\n\u0026ldquo;Die Abenteuer der USS Entenscheiß\u0026rdquo;, Rene Rottenberry\n\u0026ldquo;Murphy\u0026rsquo;s Gesetze in einem Band\u0026rdquo;, Arthur Bloch\n\u0026ldquo;Informatik 1\u0026rdquo;, Bauer, Goos, \u0026ldquo;Springer\u0026rdquo; Verlag\n\u0026ldquo;BILD\u0026rdquo;, auch \u0026ldquo;Springer\u0026rdquo; Verlag\n\u0026ldquo;MIDGARD \u0026mdash; Handbuch für Abenteurer\u0026rdquo;, Deutscher Fantasy\u0026ndash;Club e.V.\n\u0026ldquo;Dein TOS, das unbekannte Verwesen\u0026rdquo;, Osram Kolle\n\u0026ldquo;Verlosungsverzeichnis der CAU\u0026rdquo;, Untertitel: \u0026ldquo;Dasch wäre Ihr Preisch geweschen\u0026rdquo;, Rudi Carrell (Hrsg.).\n\u0026ldquo;Phone Book of Miami Beach\u0026rdquo;, John Donson, AT\u0026amp;T Press, 15. Edition\n\u0026ldquo;Geistige Gesundheit, ihre Vorbeugung und Heilung\u0026rdquo;, R. Ückenschmerz, Läufer\u0026ndash;Verlag\nAnhang E: Benötigte Materialien 7 Liter Cola\n21\u0026ndash;Seiter Würfel\nkeinen inTEL\u0026ndash;Prozessor\nAmiga 2000 (mangels Atair ST)\nParkplatz (?NOT FOUND)\nBerge von Chips (Kartoffel\u0026ndash;, Ihr Idioten!)\nBerge von Chips (Silizium\u0026ndash;, Ihr Idioten!)\nFröhliche Schlafnachten, Ihr Weihmützen\n6 Stunden Prozessorzeit\nvier Informatiker (zusammen 8 Semester), alle Element aus I, nicht I'!\nKEINE PANIK!\ndumdidumdidum (Insiderwitz!)\nund eine Menge M schwachsinniger Einfälle.\nAnhang F: Übungsaufgaben In einem exakt kreisförmigen, vom Ufer ab sehr tiefen See schwimmt ein junges, gutaussehendes, unbekleidetes Mädchen genau in der Mitte, als sie das Herannahen eines allem Anschein nach sehr starken, sehr intelligenten, aber sonst widerlichen Mannes mit offenbar sehr bösen Absichten bemerkt, der zum Glück nicht schwimmen und genau viermal so schnell am Ufer laufen kann, wie sie schwimmt, aber auch nicht schneller als sie läuft.\nWas will der Mann von dem Mädchen?\nWas ist überhaupt ein Mädchen?\nWas muss sie tun, um ihm zu entkommen?\nLösungshinweis: Schildern Sie ALLE schmutzigen Details!\nAufgabentext wurde Gerthsen, Kneser, Vogel: \u0026ldquo;Physik\u0026rdquo;, Springer\u0026ndash;Verlag (was sonst!) entnommen (ehrlich!) und nur geringfügig ergänzt (Aufg. 1.2.14, Seite 55).\nBestimmen Sie die Mengen M, I, I\u0026rsquo; und deren Mächtigkeit.\nFinden Sie einen Idioten, der Aufgabe 2 löst.\nLernen Sie einige Elemente aus I persönlich kennen. Wenden Sie sich schaudernd ab.\nVollziehen Sie die Gedankengänge der Autoren nach.\nBilden Sie das Futurum des semiconditional modifizierten subalterierten Inteltionals des subjunktiven Präteritum Plagalis von \u0026ldquo;abspeichern\u0026rdquo;.\nHilfsmittel: \u0026ldquo;Handbuch der 1001 Tempusbildungen für den Reisenden durch die Zeit\u0026rdquo; von Dr. Dan Streetmaker.\nNegieren Sie eine Aussage mit einem Alliquantor und formulieren Sie Ihre drei Wünsche. See you läter, Alliquäter\u0026hellip; Abgabe Abgabe der Aufgaben bis gestern, 12.00 Uhr im Schrei des Institutes für Mathemagie und unpraktische Informatik.\nKlappentext Des Übels Wurzel liegt im Schwachsinn, während die Wurzel des Schwachsinns nicht zu unterschätzen sein sollte. \u0026mdash; Brösel\nIch war Mitglied in der IGfRI. Mann, war dat\u0026rsquo; peinlich. Erst die Mitgliedsbeiträge und dann noch \u0026rsquo;ne Anzeige am Hals. Nie wieder! \u0026mdash; Bundesverband der Kieler Schwarzfahrer\nDer Unterschied liegt hier lediglich in der Differenz \u0026mdash; Hans Jochen Vogel\nHä? \u0026mdash; Bundeskranzler H. Kohl\n«Hier könnte ihre Aussage stehen. Wenden Sie sich vertrauensvoll an unsere Anzeigenabteilung.» \u0026mdash; Die Polizei\nNicht alles was hinkt, ist ein Vergleich \u0026mdash; N.N.\nNicht alles was springt, ist ein Punkt \u0026mdash; The Intergalactical Operator\nKein Anschluß unter dieser Nummer \u0026mdash; DBP Fernmeldedienst\nEmpfänger unerkannt entkommen \u0026mdash; DBP Snail Mail\n10 Einheiten, die Sie bereuen werden. \u0026mdash; Sysop TopPoint\nMacht\u0026rsquo;s gut \u0026mdash; und Danke für den vielen Fisch! \u0026mdash; Vier alle!\n","date":"1988-11-19T00:00:00Z","href":"https://blog.koehntopp.info/1988/11/19/interstellare-gesellschaft-fuer-revolutionaere-informatik.html","tags":["publication","detebe","inkomploehntopp"],"title":"Interstellare Gesellschaft für Revolutionäre Informatik"},{"categories":null,"content":"This is an attempt to revive the blog with Hugo. Initially it was running on Github Pages with the default build, using Jekyll. With that, it takes around 120 seconds to build the blog. Using Hugo, we are done in under 10 seconds.\nHugo and Jekyll are static page generators. The blog is written in Markdown, and then transformed by Hugo into HTML. This is being published.\n","date":"0001-01-01T00:00:00Z","href":"https://blog.koehntopp.info/about/","tags":null,"title":"About"},{"categories":null,"content":"This blog is on github as https://github.com/isotopp/isotopp.github.io/ . If you find a problem, a spelling mistake or other issues, you can open an issue there, or even contribute a pull request.\nIf you want to archive articles, just clone the repository.\n","date":"0001-01-01T00:00:00Z","href":"https://blog.koehntopp.info/contribute/","tags":null,"title":"Contribute"},{"categories":null,"content":"","date":"0001-01-01T00:00:00Z","href":"https://blog.koehntopp.info/search/","tags":null,"title":"Search"}]
\ No newline at end of file
+[{"categories":null,"content":"Es ist also dies hier passiert: Wen schützen eigentlich Jugendschutzprogramme? Lilith Wittmann nimmt den Filter von JusProg e.V. auseinander und es ist eine einzige Eskalation:\nDie Filterkriterien sind nicht nachvollziehbar.\nGefilterte Websites wissen nichts von ihrer Einstufung.\nDie Einstufungen sind systematisch falsch, und man kann eine politische Richtung erkennen.\nDas ist JusProg e.V. aber eigentlich egal, denn es sind ja auch viele Websites nicht geblockt worden.\nDie Website für den Download ist ein kompromittiertes Wordpress.\nEventuell hat das Wordpress Malware verteilt, aber JusProg e.V. kann das nicht ausschließen und auch nicht nachvollziehen, weil sie die Software nicht im Griff hat.\nDie Infektion mit Malware war JusProg e.V. bekannt, und sie haben versucht, daran herumzudoktern, aber erfolglos. Das besorgt sie aber nicht besonders.\nWas passiert hier, und warum zerfetzt Lilith Wittmann ausgerechnet JusProg? Dazu müssen wir ein wenig ausholen und fast 30 Jahre zurückschauen.\nWarum Jugendschutz? Der Jugendschutz im Allgemeinen ist eine im Grundgesetz verankerte staatliche Aufgabe. Er ist nicht einfach etwas, das der Staat nicht machen kann.\nAusnahmen vom Jugendschutz sind klar geregelt und sind im Wesentlichen das \u0026ldquo;Elternprivileg\u0026rdquo;. Erziehungsberechtigte, und nur diese, dürfen für Ihr Kind – im Rahmen bestimmter Grenzen – frei entscheiden, was ihr Kind wann darf oder nicht darf. Darum darf Deine Mutter Dich mit drei Jahren an ihrem Bier probieren lassen, wenn Du interessiert wissen willst, was sie da trinkt. Und darum darf Dein Vater Dich mit 6 Jahren Harry Potter Teil 4 und Folgende sehen lassen, wenn Du unbedingt sehen möchtest wie es weiter geht.\nLehrer an Schulen dürfen das nicht. Das Elternprivileg gilt nicht für sie. Sie müssen also, wenn Schüler Medien in irgendeiner Form zu sich nehmen wollen, dies im Rahmen des grundgesetzlich vorgeschriebenen und gesetzlich ausgestalteten Jugendschutzes tun, wenn sie sich von Klagen durch besorgte Bürger frei stellen wollen.\nInternet an Schulen ist für die Schule auf viele Weisen ein Risiko, und Haftung auf der Basis von Verletzungen des Jugendschutzes ist eines davon.\nSchlimmer noch, auch Anbieter von Medien jeder Art unterliegen den Regelungen des Jugendschutzes. Niemand kann Filme, Hörspiele, Bücher, aber auch keine Webseiten oder Computerspiele anbieten, ohne dabei den Jugendschutz zu berücksichtigen. Alle diese Dinge brauchen eine Einordnung und eine wirksame Zugriffsbeschränkung, sonst Klage und, schlimmer, schlechte Presse.\nPre-Internet Jugendschutz Das hat in der Vergangenheit bis in die späten 90er Jahre wunderbar funktioniert. Hauptsächlich deswegen, weil es keine kostenlosen und damit unfinanzierten Veröffentlichungen gab. Und weil deswegen Veröffentlichung stark ge-gateway-ed war – man konnte kein Buch, kein Spiel und schon gar kein Hörspiel oder keinen Film machen und dann verbreiten, ohne durch einen Mediator zu gehen. Also einen Verlag, eine Rundfunkanstalt oder einen anderen Vertriebs- und Verbreitungspartner, der dabei dann auch massenhaft redaktionelle Bearbeitung betrieben hat, und natürlich dabei auch die Formalien wie Anmeldungen bei Verwertungsgesellschaften oder Bewertung durch den Jugendschutz vorgenommen hat.\nWeil Inhalte grundsätzlich nie kostenlos waren, hat das nicht nur die Verfügbarkeit von Inhalten eingeschränkt, sondern auch diese Formalien mit finanziert. Auch wichtig: Es hat die Anzahl der Stellen reduziert, mit denen die staatlichen Stellen und ihre Organe zu tun hatten, und durch die Pflicht zur kommerziellen Viabilität wurde auch eine Vorauswahl getroffen.\nSeit den späten 90er Jahren haben wir mediatorfreie Kommunikation. Jeder Mensch kann mit genau gar keinem Aufwand Medien produzieren und publizieren. Das kann durch Editieren eines existierenden Wikis passieren – das hat Brockhaus das Genick gebrochen.\nEs kann auch durch das Betreiben und Veröffentlichen eines Blogs, durch das Schreiben von Posts und Threads in Social Media, durch das Aufnehmen und Verbreiten von Podcasts über diese Blogs, oder halt durch das Produzieren von Filmen mit massiv verbilligten Produktionsmitteln geschehen. Das letztere hat zum Beispiel zu \u0026ldquo;In the Pirkinning\u0026rdquo; und zu \u0026ldquo;Prelude to Axanar\u0026rdquo; geführt hat, und dann zu entsprechenden rechtlichen Reaktionen von Rechte-Inhabern.\nDrei Gründe für das Zusammenbrechen des Jugendschutzes im Internet Es führt auch zu einem Zusammenbruch der deutschen Idee von Jugendschutz. Das deutsche Jugendschutz-Konstrukt ist überhaupt nicht darauf eingerichtet, mit mediatorfreier, massenhafter und weltweiter Generierung von Content klarzukommen. Das sind drei unabhängige Probleme, die alle auch einzeln zum Zusammenbruch führen.\nMediatorfrei heißt, daß kein Verlag oder Aggregator zwingend involviert ist. Ich habe einen Inhalt, ich stelle den irgendwo hin und Du kannst den finden, herunterladen und konsumieren. Die Idee von JusProg und anderen Filterprogrammen ist immer das Konzept eines installierbaren Zwangs-Mediators, dem Filter, der den direkten Zugriff auf bestimmte Inhalte verhindert. Das setzt bestimmte Dinge voraus, wir werden da gleich noch drauf eingehen.\nUnd massenhaft heißt, daß es keine Vorauswahl gibt. Nicht durch einen Mediator, etwa einen Verlag mit einem Editor, der das gut finden muss, was Du publizieren willst. Aber auch nicht finanziell – die Grundkosten sind so niedrig, daß effektiv jede Person alles publizieren kann, was diese Person publizieren möchte. Und auch nicht durch eine Lizenz – man muss im Internet nicht wie beim deutschen BTX der späten 80er Jahre als Anbieter statt Nutzer registrieren lassen, damit man Dinge schreiben darf und mehr tun kann als konsumieren.\nMassenhaft hat zur Folge, dass die Anzahl und Menge der produzieren Medien die Bewertungskapazität der zur Verfügung stehenden qualifizierten Bewerter massiv übersteigt. Damit ist nicht nur keine Diskussion über individuelle Bewertungen mehr möglich, sondern Bewertungen müssen schematisch nach Syntax, nicht Semantik erfolgen. Sie können nicht einmal mehr stichprobenhaft auf Korrektheit kontrolliert werden.\nUnd weltweit heißt, daß sowohl Inhalte als auch ihre Klassifizierung die Grenzen eines homogenen Kulturraumes weit überschreiten. Eine sinnvolle Einigung über Klassifikationen ist nicht mehr möglich. Teilweise ist nicht einmal eine Unterhaltung über Dimensionen und Skalen einer Klassifikation möglich.\nSchon innerhalb Deutschlands sind die Maßstäbe der Inhaltsbewertung traditionell massiv uneinheitlich. Der bayrische Rundfunk hat zum Beispiel die Ausstrahlung bestimmter Folgen \u0026ldquo;Scheibenwischer\u0026rdquo; verweigert, und sich aus dem Netz der ARD verabschiedet. Auch die inzwischen eingestellte Sendung \u0026ldquo;Sesamstraße\u0026rdquo; war in Bayern nicht verfügbar.\nWenn es um Inhalte im Internet geht, ist aber republikweit entlang bestimmter politischer Bruchlinien schon lange massiv keine sinnvolle Einigung möglich. Weltweit noch viel weniger. Man stelle sich ein Inhaltsbewertungssystem vor, das sowohl für Schweden, Spanien, Saudi-Arabien, die USA und Thailand funktioniert.\nJede Form von inhaltlicher Bewertung kann sich also nur an objektiven Kriterien orientieren: \u0026ldquo;Nippel sichtbar\u0026rdquo;, \u0026ldquo;Messer, Gewalt, Blut sichtbar\u0026rdquo;, oder halt der berühmte \u0026ldquo;körperbezogene Penisneigungswinkel\u0026rdquo;.\nIn einem solchen System ist das Foto eines durchschnittlichen Gummifetischisten dann halt unkritisch, weil keine Haut sichtbar ist (keine Nacktheit), die Pose nicht sexuell suggestiv ist (kein Sex), keine Gewalt zu sehen ist (keine Gewalt) und auch keine unangemessene Sprache verwendet wird (keine Flüche oder verbotene Worte). Zugleich werden ein Haufen Stakeholder protestieren und dieses Bild irgendwie klassifiziert sehen wollen.\nJugendschutz ist nicht systematisch objektivierbar und automatisierbar Es geht darum, welche Inhalte unserem Nachwuchs wie und mit welcher Bewertung präsentiert werden, denn das ist, was Erziehung ist – die Vermittlung von Werten. Daher ist jede Bewertung, die sich an Syntax (objektiv sichtbaren Merkmalen) orientiert zum Scheitern verurteilt.\nUnd in dem Moment, wo Jugendschutz automatisierbar ist, haben wir eine Maschine gebaut, die erfolgreich eine bestimmte moralische Bewertung in irgendeinem bestimmten moralischen System vornehmen kann, also unseren Nachfolger als Menschheit geschaffen. Wir können von der Bühne des Universums abtreten und denen die Realität überlassen.\nMögen sie erfolgreicher und anpassungsfähiger sein als wir.\nDas ist natürlich keine Einsicht oder Position, die ein Politiker in einem öffentlichen Diskurs einnehmen kann, also sehen wir seit wortwörtlich 30 Jahren denselben dysfunktionalen Kram ohne einen Millimeter Fortschritt in irgendeiner Richtung.\nDer Default ist \u0026ldquo;ab 18\u0026rdquo; Wie dem auch sei – rein rechtlich ist es so, daß jeder Inhalt in jedem Medium, das für Deutsche erreichbar ist, eine Bewertung haben muss oder eine Ausnahmeregelung greifen muss (etwa für Nachrichten). Das führt nicht nur zu Youtube-Kanälen, in denen Damen mit freiem Oberkörper Nachrichten verlesen, sondern auch dazu, daß mir eine DVD mit einer Aufnahme der Zauberflöte nur gegen Vorlage des Personalausweises ausgehändigt wurde, weil sie bei Amazon ohne Jugendschutz-Klassifikation hinterlegt war – der Default für alle Inhalte ist immer \u0026ldquo;ab 18\u0026rdquo;.\nInhalte brauchen also zwingend eine Klassifikation, damit sie für Jugendliche hinter einem echten oder hypothetisch installierten Filter überhaupt sichtbar werden. Diese Klassifikation kann durch den Anbieter selbst erfolgen – das ist diese \u0026ldquo;age.xml\u0026rdquo;-Datei, von der Lilith Wittmann redet. Oder halt durch Dritte, und da kaum jemand eine solche \u0026ldquo;age.xml\u0026rdquo;-Datei mit Selbstbewertung erzeugt, generiert JusProg als Dritter diese Bewertung.\nDas machte vor dem Internet total Sinn: Da alle Inhalte kommerziell waren, waren Anbieter von Inhalten und ihre Mediatoren daran interessiert, Inhalte bewertet zu sehen und dabei die Bewertung auch so niedrig wie möglich anzusetzen, damit die Inhalte so vielen Menschen als möglich zugänglich werden.\nIm Internet ist das nicht so: Ich habe gar kein Interesse daran, daß meine kostenlosen Inhalte so vielen Menschen wie möglich zugänglich werden, sondern sie sollen den richtigen Menschen zugänglich sein. Mein Markt und meine Reichweite sind so groß, daß alles andere sogar ein Problem wäre und für mich selbst zu Skalierbarkeitsproblemen führen würde. Ich würde in für meine Mission nicht relevanten Interaktionen mit unwichtigen Menschen ertrinken.\nDamit ist die Motivationsgrundlage entfallen, die das deutsche Jugendschutzsystem vor dem Internet am Laufen gehalten hat.\nAber wir brauchen Bewertungen – für unsere Sites Die Mitglieder von JusProg e.V. sind traditionelle Medienanbieter. Lilith Wittmann nennt Mitglieder und stellt die Motivation klar:\n[JusProg eV] wurde mit dem Ziel gegründet, eine solche Software bereitzustellen. Seine Mitglieder sind große deutsche Digitalunternehmen wie z.B. Vodafone oder RTL. Die finanzieren das gerne. Denn solange es ein anerkanntes Jugendschutzprogramm gibt, können sie eben auf viele andere Jugendschutzmaßnahmen verzichten.\nDie Mission ist also, die Inhalte der Mitglieder kostengünstig aus dem Schußfeld des Jugendschutzgesetzes herauszuholen, nicht effektiven Jugendschutz zu leisten. Das wäre auch, wie oben gezeigt, systematisch sehr schwierig, wenn nicht unmöglich.\nDamit das eine glaubhafte Wirksamkeitsfiktion erzeugt, müssen nicht nur die Webseiten der Mitglieder eine Bewertung erhalten. Sondern alle. Das erfolgt\ngeheim, die Liste der Bewertungen ist nicht öffentlich, und die Kriterien sind es auch nicht. ohne Benachrichtigung der Bewerteten. Deine Website ist durch JusProg bewertet, aber Du weißt es nicht. Für eine solche Benachrichtigung müßte man Ansprechpartner und Kommunikationswege identifizieren können, das ist aber nicht einheitlich automatisierbar. Und wäre es das, dann hat man die Benachrichtigten am Hacken, die mit einem über die Bewertung diskutieren wollen, was Zeit und Geld kostet und nicht skalierbar ist. und damit systematisch folgefalsch mit den beobachteten Problemen, auf der Grundlage intransparenter syntaktischer Kriterien, und eventuell auch mit einer nicht offengelegten politischen Agenda. Das ist natürlich nicht nur kein Jugendschutz, sondern auch Demokratiegift, weil nun auf die gesamte Bevölkerung ein Zwangsmediator ausgerollt wird, dem man sich nicht entziehen kann (darf), weil man ja ein Jugendlicher sein könnte. Und weil es Inhalte gibt, die nach JSchG nicht einmal Erwachsenen zugänglich gemacht werden dürfen.\nDaher wäre es im Grunde ideal, die zwar grundgesetzlich vorgeschriebene Idee des Jugendschutzes im Internet als zu Recht gescheitert anzusehen. JusProg wäre dann ein Feigenblatt, mit dem kommerzielle Medienanbieter sich durch Generierung und Installation einer \u0026ldquo;age.xml\u0026rdquo;-Datei haftungsrechtlich freikaufen können, und dann installiert einfach niemand JusProg.\nSo ist es aber nicht. Dieser Status Quo ist einmal durch Installation von JusProg in öffentlichen Netzen eingerissen worden, wie Lilith Wittmann korrekt anmerkt.\nZum anderen ist da der feuchte Traum, jeden Internetbenutzer mit einem elektronischen Ausweisdokument jederzeit identifizieren zu können, der gerade in der EU in eIDAS, Verimi und vielen anderen Dingen wieder auflebt. Dabei kommen die Interessen von \u0026ldquo;Bedarfsträgern\u0026rdquo;, die Interessen von Leuten mit politischem Filterwillen, der \u0026ldquo;Jugendschutz\u0026rdquo; als Legitimierungsfeigenblatt, und die kommerziellen Interessen der Werbeindustrie zusammen, die Identität als staatlich zwangsverordneten Supercookie mitnutzen will.\nDas darf so nicht passieren. Daher muss nicht nur JusProg sterben. Aber es ist nur ein Baustein in einer Entwicklung, die fraktal falsch ist.\nDas ist der Grund, warum Lilith da überall drauf haut. Und darum sollten wir ihr alle auf jede denkbare Art Beistand leisten. Gerade jetzt, wo um uns herum eine politische Ideologie auflebt, die nur darauf wartet, solche Mechanismen auf tödliche Weise zu missbrauchen.\nSiehe auch Seit 27 Jahren kein Fortschritt im Diskurs: Sperrungen im Internet Seit 15 Jahren kein Fortschritt im Diskurs: Jugendschutzfilter saugen und dafür gibt es einen Grund – Warum wir nicht einfach alles \u0026ldquo;ab 18\u0026rdquo; machen können und warum damit ein Haufen Leuten mit unproblematischen Inhalten notlos Arbeit aufgebürdet wird.\n","date":"2024-01-16T00:00:00Z","href":"https://blog.koehntopp.info/2024/01/16/jusprog-ist-nur-der-anfang.html","tags":["internet","jugendschutz","politik","web","lang_de"],"title":"JusProg ist nur der Anfang"},{"categories":null,"content":"We are still playing minecraft. This time it is a highly modded Fabric server, which requires more memory than the old box had. The new box has 12 cores, 128 GB of memory, and two nice SSD. It is pretty nifty.\nA simple problem, easily solved by Ansible. The machine also needs some kind of webserver to run websites. An easy problem to solve, naturally.\nA bit of Ansible, deploy a few config files into the system and be done with it.\nOnly, these are different types of websites, and over time additional sites are being added. When a new website is being added, we need to collect all website names\nand generate an MDomain statement in the config for Apache\u0026rsquo;s mod_md . This module will then automatically the necessary certificates for the webserver\u0026rsquo;s TLS.\nCollecting all domain names from the configuration files can be done that in Ansible, but it kind of hurts. Ansible works best when you run it to deploy a few templated config files, and then have services doing the actual work.\nIt is also more complicated than this, because we have different types of websites. Initially we had only\nstatic sites (https://example.com) We also needed redirect_sites (https://www.example.com -\u0026gt; https://example.com) We also needed reverse proxies for applications (https://grafana.example.com -\u0026gt; https://localhost:3000) Then we also needed the wsgi_site deployed. But a wsgi_site needs to be redeployed when the code has changed on GitHub. Also, initial deployment of a wsgi_site needs to create a user, and initial checkout of the code into the users home, and installation of the requirements.\nAfter a code update, the server needs to be restarted.\nThis actually needs a shell script Okay, let\u0026rsquo;s not do this in Ansible. Let\u0026rsquo;s write a simple and easy shell script for this.\nThat kind of worked, initially, but quickly fell apart when the number of variants grew, error checking became complicated.\nUltimately, it broke when we needed to collect and store per-site config parameters as a JSON, and act on it. The moment you write shell functions with parameters, traps and other bells and whistles, it is time to cut your losses and start over differently. In this case, in Python.\nEnter deploy, a Python CLI application In the current intermediate stage, this is a Python script of 32 KB and around 1000 lines.\n[root@bigbox ~]# wc -l Source/deploy/deploy 951 Source/deploy/deploy and\n[root@bigbox ~]# ls -l Source/deploy/deploy -rwxr-xr-x. 1 root root 31428 Jan 8 18:42 Source/deploy/deploy It understands the five types of server outlined above, and can handle a number of different operations for them.\ncreate makes a new server-config. delete throws it away. We store them in a central directory, /etc/projects, as JSON files. For each site type, we accept a number of parameters:\n--type, the five types above. --username, a Unix User we create for the site. --github The source code repository URL. --hostname If necessary, this is inferred from the username and the default domain. --projectdir Only necessary for anomalously structured Python code. --to_host Only for redirects. --port Only for proxies. We now can do\n# deploy show projects ... - grafana - learn ... # deploy show grafana *** PROJECT /etc/projects/grafana - github : None - hostname : grafana.example.com - port : 3000 - project : grafana - type : proxy The deploy create --type proxy --hostname grafana.example.com --port 3000 has created an apache configuration, built the TLS configuration and restarted the httpd.service to update things.\nWe can also do more complicated things:\n# deploy create --type wsgi_site --user learn --github ... learn ... creates /etc/project/learn # deploy show learn *** PROJECT /etc/projects/learn - github : git@github.com:.../learn.git - home : /home/learn - hostname : learn.example.com - project : learn - projectdir: learn - pubkey : ssh-rsa AAAAB3...cfudtTQ== root@bigbox - type : wsgi_site - username : learn This will create a Linux user, set up a checkout of the GitHub, install requirements, set up a WSGI Apache configuration, configure TLS, and restart the server as needed.\nWe can now deploy update learn or deploy restart learn to check out a new version and restart the server, and we can also deploy logs learn to tail the server logs for this site.\nIt is still ugly Because this started out as a shell script, it still is ugly. There are multiple levels of giant case-branches in this. To become a proper solution, it needs a cleaner structure, in a more object-oriented fashion.\nBut already it works better than the shell script it initially was, has better error handling and can handle borderline cases more safely.\nGithub .\n","date":"2024-01-09T00:00:00Z","href":"https://blog.koehntopp.info/2024/01/09/deploying-websites.html","tags":["lang_en","linux","devops"],"title":"Deploying websites - an escalation"},{"categories":null,"content":"Ich hatte Grund, mich mit Restic für Backup auseinander zu setzen.\nWarum restic? restic ist eine Datensicherung in ein Repository, das intern als ein Content-Addressable Storage aufgebaut ist. Das heißt, daß innerhalb des Backups Datenstücke liegen, die genau ihre (SHA256-) Prüfsumme als Dateinamen haben.\nroot@server:/backup/restic/data/fc# sha256sum fcec*7a5b fcec25d3e3165d159b4dac3867d1a1831707d582215c1fa30e0277cd57dc7a5b fcec25d3e3165d159b4dac3867d1a1831707d582215c1fa30e0277cd57dc7a5b Die Prüfsumme einer Datei im data-Verzeichnis eines restic-Repos. Sie entspricht genau dem Namen der Datei.\nDies führt zu einer Datenstruktur in restic, die nicht ganz unähnlich der in einem .git-Repository ist, und auch zu einer starken Deduplizierung von Daten. Dateien, die in mehr als einer Generation des Backups unverändert vorkommen, werden automatisch erkannt und nicht mehrfach gespeichert. Stattdessen wird nur ein Reference-Count erhöht.\nrestic verschlüsselt Daten, Metadaten und Dateinamen genau wie Datei-Inhalte, prüft die Integrität des Backups über diese Content-Prüfsummen und stellt die Sicherung über mehrere Such- und Zugriffsmöglichkeiten zur Verfügung.\nMan kann sich restic wie Apple Time Machine vorstellen: Stündliche Backups, die in wenigen Sekunden durchlaufen, und die immer ein komplettes Image produzieren, auch wenn sie nur inkrementell Platz und Zeit verbrauchen. Anders als Time Machine (oder ZFS Snapshots) ist die Lösung jedoch unabhängig vom verwendeten Dateisystem, und unterstützt ein breites Angebot von Backend-Storages.\nSituation Der neue Dedi ist ein E5-1650 v3 mit 12 Threads und 128 GB RAM bei Hetzner. Er führt stündlich ein restic auf die Hetzner Storagebox durch, und weiterhin einmal täglich ein restic nach Hause aus.\n10 * * * * /root/bin/run-restic 34 1 * * * /root/bin/run-restic-to-home Crontab mit den Backup-Jobs.\nZu sichern ist ein LVM2 mit einem recht kleinen /var/www, /etc und der Kram auf /home, der zum Glück noch überschaubar groß ist.\n# df -t xfs -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/vg0-root 20G 4.0G 17G 20% / /dev/mapper/vg0-home 200G 40G 160G 20% /home Situation mit den Dateisystemen auf dem Dedi.\nReal erfolgen faktisch alle Änderungen am Content immer unter Usern in /home, sodaß vor allen Dingen die Sicherung dieser Partition dringend ist. Speziell der Minecraft-Spieluser hat eine Menge Churn, weil dort im Home alle Server-Instanzen liegen, auf denen gearbeitet wird.\nDie lokale Sicherung erfolgt mit einem sftp-Backend auf die Hetzner Storagebox, das Backup nach Hause verwendet ebenfalls das sftp-Backend.\n.ssh/config Damit alles nicht so weh tut, verwenden wir einen speziellen Backup-Key, der nur zur Datensicherung verwendet wird, und der nur die Funktion hat, ein paßwortloses Login auf den Backup-Zielen zu erlauben.\nWir generieren den Key mit\n# ssh-keygen -t rsa -b 4096 -N \u0026#34;\u0026#34; -f ~/.ssh/id_backup und konfigurieren ihn gleich in zwei Host-Matchblocks rein:\n# cat .ssh/config ServerAliveInterval 10 ServerAliveCountMax 3 HashKnownHosts no TCPKeepAlive yes KeepAlive yes Host storagebox Hostname uxxxxxx.your-storagebox.de User uxxxxxx Port 23 IdentityFile /root/.ssh/id_backup Host restic Hostname home.example.com User resticuser Port 22 IdentityFile /root/.ssh/id_backup Dadurch können wir die Backup-Ziele korrekt vorkonfiguriert über den Namen des Matchblocks ansprechen, also mit storagebox und restic.\nDen Key müssen wir nun auch in der authorized_keys der Ziele hinterlegen. Das geht genauso wie von Hetzner dokumentiert .\n# cat .ssh/id_backup.pub | ssh -p23 uXXXXX@uXXXXX.your-storagebox.de install-ssh-key uXXXXX@uXXXXX.your-storagebox.de\u0026#39;s password: ... Test mit ssh -p23 -i ~/.ssh/id_backup uXXXXX@uXXXXX.your-storagebox.de's password. Man landet in der restricted Shell der Storagebox, und kann zum Beispiel mit help eine Kommandoliste bekommen.\nRestic handhaben Restic initialisieren Damit restic Dinge tun kann, muss man das Repository, in dem die Backups landen, erst einmalig initialisieren. Dabei wird auch ein Verschlüsselungspaßwort festgelegt, das nicht verloren gehen darf.\n# restic -r sftp://storagebox/restic init enter password for new repository: enter password again: created restic repository 1c28ea9e7b at /restic Please note that knowledge of your password is required to access the repository. Losing your password means that your data is irrecoverably lost. Dies erzeugt eine Verzeichnishierarchie in /restic auf der Storagebox.\nRestic ausführen Das Backup-Script kann nun ausgeführt werden. Man kann dies zu Fuß tun, wie ich hier, oder resticprofile bemühen.\nIch sichere tatsächlich nicht /home, sondern erzeuge einen LVM2-Snapshot, von dem die Sicherung durchgeführt wird, bevor er released wird.\nDadurch ist /home unveränderlich während der Sicherung, und die Konsistenz des Backups ist besser.\n#!/usr/bin/bash # Some basic config SNAPLV=snap SNAPMOUNT=/snapshot-of-home export RESTIC_REPOSITORY=sftp://storagebox/restic export RESTIC_PASSWORD=secret_password # only use up to 4 cpus. export GOMAXPROCS=4 # Make this safe to run in a crontab set -e set -o pipefail export PATH=/root/.local/bin:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin cd /root # Show free space ssh -p 23 -i /root/.ssh/id_backup storagebox df -m echo # Delete old backups restic forget \\ --keep-daily 30 \\ --keep-monthly 12 \\ --keep-within 2d \\ --keep-tag keep \\ --prune echo # Actually perform a backup # 1. Snapshot and mount it lvcreate -s -n $SNAPLV -L10G /dev/vg0/home mount -t xfs -o nouuid /dev/vg0/$SNAPLV $SNAPMOUNT # 2. Actual backup restic backup \\ --json \\ --exclude-caches \\ --iexclude-file /root/bin/restic-excludes \\ $SNAPMOUNT /var/www /etc /root | jq \u0026#39;. | select(.message_type == \u0026#34;summary\u0026#34; )\u0026#39; # 3. Get rid of the snapshot umount $SNAPMOUNT lvremove -f /dev/vg0/$SNAPLV Alle restic-Subkommandos haben die Option --json auszugeben, was man dann mit gron oder jq konsumieren kann.\nIn diesem Script erzeugen wir mit lvcreate -s einen Snapshot der /home-Partition. Dieser wird dann in /snapshot-of-home gemounted. Weil ich xfs verwendet und das versehentliches doppeltes Mounten eines Verzeichnisses verhindert, muss ich dies mit der Option nouuid tun.\nIch kann jetzt das restic backup-Kommando laufen lassen. Dies erfolgt unter anderem mit der Option --json und wir fischen den summary-Block am Ende raus, ohne die Progress Reports weiter zu beachten.\nDie Option --exclude-caches tut genau das: CACHEDIR.TAG Verzeichnisse ignorieren. Außerdem werden die Patterns in einer Exclude-Datei mit --iexclude-file ebenfalls ignoriert. Das Prefix i steht hier für ignore-case.\nAm Ende melden wir den Snapshot wieder ab, und schmeißen ihn weg.\nGarbage Collection Am Anfang des Scripts wird einmal restic forget --prune bemüht. Dies sind die Regeln, nach denen alte Backups verworfen werden:\nWir heben alle Backups 2 Tage auf. Wir heben alle Backups mit dem Tag keep unbegrenzt auf. Wir heben 30 Tage lang das neuste Backup jeden Tages auf. Wir heben 12 Monate lang das neuste Backup jeden Monats auf. Auf diese Weise haben wir bis zu einem Jahr Historie. Dabei ist noch einmal in Erinnerung zu rufen, daß Dinge, die sich nicht ändern, nur einmal gespeichert werden, weil restic dedupliziert.\nDie Deduplizierung ist sehr effektiv:\n# restic stats enter password for repository: repository 3d26efdc opened (version 2, compression level auto) [0:00] 100.00% 2 / 2 index files loaded scanning... Stats in restore-size mode: Snapshots processed: 51 Total File Count: 2431309 Total Size: 1.827 TiB # df -Th /restic/ Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/vg0-restic xfs 250G 57G 194G 23% /restic 1.8 TB Daten werden von 57 GB Plattenplatz repräsentiert.\nDas --prune nach dem Forget gibt Plattenplatz wieder frei. Dabei kann es vorkommen, daß\nDer Linkcount einer Datei erniedrigt wird, sonst nichts. Daten frei markiert werden, aber als ungenutzter Datei in einem 16 MB \u0026ldquo;Pack\u0026rdquo; rumstehen. Der freie Platz im \u0026ldquo;Pack\u0026rdquo; so groß wird, daß das Pack neu geschrieben wird. Das Pack komplett frei wird und gelöscht werden kann. remove 1 snapshots: ID Time Host Tags Paths ------------------------------------------------------------------------ dac0526f 2023-12-27 13:10:01 bigbox /etc /snapshot-of-home /var/www ------------------------------------------------------------------------ 1 snapshots [0:00] 100.00% 1 / 1 files deleted 1 snapshots have been removed, running prune loading indexes... loading all snapshots... finding data that is still in use for 51 snapshots [0:02] 100.00% 51 / 51 snapshots searching used packs... collecting packs for deletion and repacking [0:00] 100.00% 3499 / 3499 packs processed to repack: 1517 blobs / 466.577 MiB this removes: 1341 blobs / 444.158 MiB to delete: 138 blobs / 65.741 MiB total prune: 1479 blobs / 509.899 MiB remaining: 174653 blobs / 54.827 GiB unused size after prune: 2.728 GiB (4.98% of remaining size) repacking packs [0:01] 100.00% 30 / 30 packs repacked rebuilding index [0:00] 100.00% 3468 / 3468 packs processed deleting obsolete index files [0:00] 100.00% 3 / 3 files deleted removing 34 old packs [0:00] 100.00% 34 / 34 files deleted Eine detaillierte Statistik zeigt an, wie viel Platz --prune reclaimed hat, und wie viel Platz noch innerhalb der Dateien ungenutzt frei ist. Er wird bei einem späteren --prune freigegeben.\nSnapshots anzeigen Snapshots anzeigen geht mit restic snapshots:\n# restic snapshots enter password for repository: repository 3d26efdc opened (version 2, compression level auto) ID Time Host Tags Paths ------------------------------------------------------------------------ 0b981e61 2023-12-25 14:21:06 bigbox /etc /snapshot-of-home /var/www e4e36825 2023-12-25 23:10:01 bigbox /etc /snapshot-of-home /var/www ... 99153462 2023-12-29 15:10:01 bigbox /etc /snapshot-of-home /var/www ------------------------------------------------------------------------ 51 snapshots Wir können auch mit restic ls das Verzeichnis des Snapshots listen lassen, oder mit restic dump eine einzelne Datei ausgeben lassen.\nSuche Wir können einen Snapshot nach einzelnen Dateien durchsuchen. Zum Beispiel wollen wir sehen, ob wir das File /home/snackbag/snackbag/extras/snacksmp/v15-fast.zip im Backup haben.\nGesichert worden ist es als /snapshot-of-home/.... Also\n# restic find \u0026#39;/snapshot-of-home/snackbag/snackbag/extras/snacksmp/v15-fast.zip\u0026#39; ... Found matching entries in snapshot fbb371bd from 2023-12-29 13:10:01 /snapshot-of-home/snackbag/snackbag/extras/snacksmp/v15-fast.zip Found matching entries in snapshot 498bfd63 from 2023-12-29 14:10:02 /snapshot-of-home/snackbag/snackbag/extras/snacksmp/v15-fast.zip Found matching entries in snapshot 99153462 from 2023-12-29 15:10:01 /snapshot-of-home/snackbag/snackbag/extras/snacksmp/v15-fast.zip Found matching entries in snapshot c5d9b64a from 2023-12-29 16:10:01 /snapshot-of-home/snackbag/snackbag/extras/snacksmp/v15-fast.zip Zum Restore brauchen wir die Snapshot-ID (also zum Beispiel: c5d9b64a) der Version, die wir haben wollen. Die Ausgabe ist chronologisch, also brauchen wir die letzte ID.\nSuche geht auch mit Wildcards:\n# restic find --json \u0026#39;*/v15-fast.zip\u0026#39; | gron ... json[50] = {}; json[50].hits = 1; json[50].matches = []; json[50].matches[0] = {}; json[50].matches[0].atime = \u0026#34;2023-12-18T12:53:17+01:00\u0026#34;; json[50].matches[0].ctime = \u0026#34;2023-12-18T14:39:47.875074144+01:00\u0026#34;; json[50].matches[0].device_id = 64773; json[50].matches[0].gid = 1013; json[50].matches[0].group = \u0026#34;snackbag\u0026#34;; json[50].matches[0].inode = 67328639; json[50].matches[0].links = 1; json[50].matches[0].mode = 420; json[50].matches[0].mtime = \u0026#34;2023-12-18T12:53:17+01:00\u0026#34;; json[50].matches[0].path = \u0026#34;/snapshot-of-home/snackbag/snackbag/extras/snacksmp/v15-fast.zip\u0026#34;; json[50].matches[0].permissions = \u0026#34;-rw-r--r--\u0026#34;; json[50].matches[0].size = 53774271; json[50].matches[0].type = \u0026#34;file\u0026#34;; json[50].matches[0].uid = 1013; json[50].matches[0].user = \u0026#34;snackbag\u0026#34;; json[50].snapshot = \u0026#34;c5d9b64aad4248840801f599baedc95467c49a2b8634a86d75be5bbd9d130bce\u0026#34;; Oder mit jq statt gron:\n# restic find --json \u0026#39;*/v15-fast.zip\u0026#39; | jq \u0026#39;.[].snapshot\u0026#39; ... \u0026#34;fbb371bd16a2db6c2b619d14f9c7beb8e52b7f40d212b3eafb1b1f145f731478\u0026#34; \u0026#34;498bfd639d6ae59c926a63812aaced6dc5b541ca1302c5334913044f3b8333e6\u0026#34; \u0026#34;9915346249d0ed02d35e43a81a46d184b75f6c00ec00133c0446a4b4a9cc8eb5\u0026#34; \u0026#34;c5d9b64aad4248840801f599baedc95467c49a2b8634a86d75be5bbd9d130bce\u0026#34; Restore Restore dann:\n# mkdir workspace # restic restore \\ \u0026gt; --target workspace \\ \u0026gt; --include \u0026#39;*/v15-fast.zip\u0026#39; \\ c5d9b64aad4248840801f599baedc95467c49a2b8634a86d75be5bbd9d130bce repository 3d26efdc opened (version 2, compression level auto) [0:00] 100.00% 2 / 2 index files loaded restoring \u0026lt;Snapshot c5d9b64a of [/snapshot-of-home /var/www /etc] at 2023-12-29 16:10:01.934599035 +0100 CET by root@bigbox\u0026gt; to workspace Summary: Restored 6 / 1 files/dirs (51.283 MiB / 51.283 MiB) in 0:02 # find workspace/ -type f workspace/snapshot-of-home/snackbag/snackbag/extras/snacksmp/v15-fast.zip FUSE-Mount Das ist sehr viel schneller als ein Mount, aber ein FUSE-Mount kann auch hilfreich sein:\n# restic mount /mnt/restic repository 3d26efdc opened (version 2, compression level auto) [0:00] 100.00% 2 / 2 index files loaded Now serving the repository at /mnt/restic Use another terminal or tool to browse the contents of this folder. When finished, quit with Ctrl-c here or umount the mountpoint. In einem 2. Fenster dann:\n# cd /mnt/restic/ # ls -F hosts/ ids/ snapshots/ tags/ # ls -F ids/ ids/: 0167ffd2/ 152ea32f/ 2ff8540c/ 59f8f55b/ 9afe61d3/ d58d50fa/ f22e171d/ 023a782d/ 1561f1c8/ 33e09326/ 5eec2b8c/ a0020775/ d7c8e648/ f80f9e4f/ 02478085/ 1b36de2d/ 3f0bce8d/ 61e02a5b/ a075cdd8/ d972654b/ fbb371bd/ 04216185/ 1c253586/ 451b146d/ 6fcc9fbf/ aa916fab/ dd761561/ 0b981e61/ 1c64b318/ 4961c739/ 89aef175/ b4d945ee/ e1b58661/ 0caeffbd/ 2342db66/ 498bfd63/ 90a9861c/ be0f439a/ e4e36825/ 0d7e65d4/ 2566d92a/ 4e2ba289/ 954210a2/ c0fcfe70/ eb8ce869/ 0ee4d0c9/ 2cddb602/ 5415cd2d/ 99153462/ c5d9b64a/ ee6ad425/ # cd ids/c5d9b64a # ls etc snapshot-of-home var # ls etc | head -3 adjtime aliases aliases.db sftp für restic aufsetzen Die Sicherung vom (als kompromittiert anzusehenden) Minecraft-Server nach Hause muss passend gesichert werden.\nWir legen einen resticuser nur für die Sicherung dieses Servers an. Er wird in der /etc/ssh/sshd_config auf sftp-internal constrained. Der .ssh/authorized_keys dieses Users wird hinterlegt, und als unveränderlich markiert, um Manipulationen zu erschweren. Der sftp-User bekommt ein chroot(2) ins Datenverzeichnis und kann nicht auf sein eigenes Home zugreifen. # useradd -m -c \u0026#34;Restic Backup von Minecraft\u0026#34; resticuser ... # mkdir ~resticuser/.ssh # scp .../id_backup.pub ~resticuser/.ssh/authorized_keys # chown -R resticuser:resticuser ~resticuser # chattr +i ~/.ssh/authorized_keys # tail -5 /etc/ssh/sshd_config ... Match User resticuser ChrootDirectory /backup/minecraft_backup ForceCommand internal-sftp AllowTcpForwarding no X11Forwarding no # mkdir /backup/minecraft_backup/restic # chown -R resticuser:resticuser /backup/minecraft_backup Eine modifizierte Version von run-restic von oben sollte nun Daten in diesen Speicher schieben können.\nrest-server (via Mathias Gumz )\nrest-server ist ein Unterprojekt von restic, das ein Server-Backend für das REST-Protokoll von restic implementiert. Es hat einen --append-only Modus, mit dem man Backups aus unsicheren Quellen annehmen kann, ohne daß die Backup-Quelle das Backup zerstören oder löschen kann. Natürlich müssen forget und prune dann lokal auf dem Server getriggert werden und nicht durch den Backup-Prozess.\nDas Projekt kommt mit einer umfangreichen Installationsanleitung und mit offiziellen Docker-Images, sodass das Aufsetzen eines Servers mit wenigen Handgriffen getan ist.\nDer Aufruf sieht im Wesentlichen so aus:\n$ lvcreate -L 100G -n testing hdd $ mkfs -t xfs /dev/hdd/testing $ mkdir /backup/testing $ mount /dev/hdd/testing /backup/testing $ cd /backup/testing $ htpasswd -B -c .htpasswd kris Password: keks $ cp /etc/apache2/md/domains/{privkey,pubcert}.pem . $ rest-server \\ --append-only \\ --tls \\ --tls-cert pubcert.pem \\ --tls-key privkey.pem \\ --path /backup/testing/ \\ --max-size 107374182400 \\ --listen \u0026#39;192.168.1.10:8000\u0026#39; Testweises Starten von rest-server mit lokalen Kopien der bei \u0026ldquo;Let\u0026rsquo;s Encrypt\u0026rdquo; generierten Zertifikate und ein Test-Repository.\nDer Beispielaufruf startet den rest-server auf Port 8000 der Testmaschine. Er verwendet Kopien der von \u0026ldquo;mod_md\u0026rdquo; generierten \u0026ldquo;Let\u0026rsquo;s Encrypt\u0026rdquo;-Zertifikate aus /etc/apache/md/domains, und greift auf ein \u0026ldquo;append-only\u0026rdquo;-Repository in /backup/testing zu. Die Größe des Repository ist auf 100 GB (100 * 1024^3 Bytes) limitiert.\nWir können das Repository unter dem Namen rest:https://home.example.com:8000 ansprechen. Also\n$ export RESTIC_REPOSITORY=rest:https://home.example.com:8000 $ export RESTIC_PASSWORD=keks $ restic init ... $ restic backup --exclude-caches /etc zum Sichern ein paar mal laufen lassen und dann restic snapshots zum Ansehen der Backups.\nLöschen von Backups mit forget und prune ist durch den Client nicht mehr machbar.\nStattdessen kann man das Backup lokal als -r /backup/testing ansprechen und per Cron das entsprechende forget --prune --keep...-Regel laufen lassen. Dabei muß man sicherstellen, daß die Datei-Eigentümer sauber bleiben, am Besten indem man rest-server und den forget-Cronjob unter demselben Owner laufen läßt.\n","date":"2023-12-30T00:00:00Z","href":"https://blog.koehntopp.info/2023/12/30/restic.html","tags":["lang_de","linux","devops"],"title":"Restic"},{"categories":null,"content":"I installed a Python 2.7.18 with pyenv on Apple Silicon, and I needed that binary to be pure x86_64. This was necessary because I needed to load dynamic libraries that were only available in Intel format.\nIt is not possible to load x86_64 libraries into an ARM binary. If you build a multi-arch binary, you need to remember to request Intel every time you run a Python script which tries to load the Intel-only shared library. With an Intel-only binary, this will work every time without additional configuration.\nCalling the Intel code in a multi-architecture binary The file command will tell you if a binary is multi-architecture:\n$ file /bin/ls /bin/ls: Mach-O universal binary with 2 architectures: [x86_64:Mach-O 64-bit executable x86_64] [arm64e:Mach-O 64-bit executable arm64e] /bin/ls (for architecture x86_64):\tMach-O 64-bit executable x86_64 /bin/ls (for architecture arm64e):\tMach-O 64-bit executable arm64e You can manually call the Intel code:\n$ arch -arch x86_64 ls Applications\tMovies\tMusic ... If you call a binary this way, the first time this will trigger the installation of Rosetta2 (the Intel to ARM JIT compiler) on the Mac.\nCompiling for Intel on M1 By default, we compile for ARM (M1), and only for this architecture:\n$ cat hello.c #include \u0026lt;stdio.h\u0026gt; int main(void) { printf(\u0026#34;Hello!\\n\u0026#34;); } $ cc -o hello hello.c $ file hello hello: Mach-O 64-bit executable arm64 We can call the compiler for Intel, and get an Intel-only binary:\n$ arch -arch x86_64 cc -o hello hello.c $ file hello hello: Mach-O 64-bit executable x86_64 $ ./hello Hello! Compiling Python for Intel only The pyenv installation process uses python-build. This, by default, uses the readline and openssl versions provided by Homebrew to build. On my system, these are for ARM, so the Python will build and then fail in the linker stage.\nThere is an option to force a build ignoring the Homebrew-provided components, PYTHON_BUILD_SKIP_HOMEBREW. This is a boolean variable: it is sufficient to set it to any value. So:\nkk:~ kris$ PYTHON_BUILD_SKIP_HOMEBREW=1 arch -arch x86_64 pyenv install 2.7.18 Downloading openssl-1.1.1v.tar.gz... -\u0026gt; https://www.openssl.org/source/openssl-1.1.1v.tar.gz Installing openssl-1.1.1v... Installed openssl-1.1.1v to /Users/kris/.pyenv/versions/2.7.18 Downloading readline-8.0.tar.gz... -\u0026gt; https://ftpmirror.gnu.org/readline/readline-8.0.tar.gz Installing readline-8.0... Installed readline-8.0 to /Users/kris/.pyenv/versions/2.7.18 Downloading Python-2.7.18.tar.xz... -\u0026gt; https://www.python.org/ftp/python/2.7.18/Python-2.7.18.tar.xz Installing Python-2.7.18... patching file configure patching file configure.ac patching file setup.py ... Installed Python-2.7.18 to /Users/kris/.pyenv/versions/2.7.18 This is indeed the desired binary:\n$ file ~/.pyenv/versions/2.7.18/bin/python2 /Users/kris/.pyenv/versions/2.7.18/bin/python2: Mach-O 64-bit executable x86_64 Building a virtualenv for Intel Python 2.7.18 The virtual environment for Python 2.7 has to be built with an old version of the virtualenv command, which is compatible with the old Python:\nWe make a testdir, enter it and set the local Python version to the required version. We then install an old version of the virtualenv command, using pip, globally into the old Python version. This can then be used to create a virtual environment.\n$ mkdir testdir $ cd testdir $ pyenv local 2.7.18 $ python --version Python 2.7.18 $ which python /Users/kris/.pyenv/shims/python Now the installation of virtualenv into our Python 2.7.18 instance:\n$ pip --version pip 19.2.3 from /Users/kris/.pyenv/versions/2.7.18/lib/python2.7/site-packages/pip (python 2.7) $ pip install --user virtualenv ... We now can call this version of virtualenv for installation:\n$ cd archaeology $ ~/.local/bin/virtualenv venv created virtual environment CPython2.7.18.final.0-64 in 102ms ... $ source venv/bin/activate (venv) kk:testdir kris$ python --version Python 2.7.18 (venv) kk:testdir kris$ python Python 2.7.18 (default, Dec 5 2023, 12:09:45) [GCC Apple LLVM 15.0.0 (clang-1500.0.40.1)] on darwin Type \u0026#34;help\u0026#34;, \u0026#34;copyright\u0026#34;, \u0026#34;credits\u0026#34; or \u0026#34;license\u0026#34; for more information. \u0026gt;\u0026gt;\u0026gt; Profit! And that gives us an ancient Python in a foreign machine language, so we can continue with our software archaeology project.\n(venv) $ arch -arch x86_64 pip install cx_Oracle==7.3 Collecting cx_Oracle==7.3 ... Successfully built cx-Oracle Installing collected packages: cx-Oracle Successfully installed cx-Oracle-7.3.0 Note that this will still need an ORACLE_HOME pointing to your instantclient directory, and the dylib files linked from the Python libdir to the instantclient installation.\nSo:\n$ ORACLE_HOME=~/instantclient* $ echo \u0026#34;export ORACLE_HOME=$ORACLE_HOME\u0026#34; \u0026gt;\u0026gt; ~/.bash_profile $ cd ~/.pyenv/versions/2.7.18/lib $ for i in ~/instantclient*/*.dylib*; \u0026gt; do \u0026gt; echo $i; \u0026gt; ln -s $i . \u0026gt; done With the proper ~/instantclient*/network/admin/TNSNAMES.ORA you can now\n(venv) $ python2 ... \u0026gt;\u0026gt;\u0026gt; import cx_Oracle \u0026gt;\u0026gt;\u0026gt; c = cx_Oracle.Connection(\u0026#34;sys\u0026#34;, \u0026#34;oracle\u0026#34;, \u0026#34;ORCL\u0026#34;) \u0026gt;\u0026gt;\u0026gt; c \u0026lt;cx_Oracle.Connection to sys@ORCL\u0026gt; ","date":"2023-12-05T00:00:00Z","href":"https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html","tags":["lang_en","python","apple"],"title":"x86_64 binaries on M1"},{"categories":null,"content":"Initially published in c\u0026rsquo;t 26/23, page 70. All my texts are made available in this blog after some time. The version shown is the raw edit of the article text without pictures and illustrations.\nHier ist das Original in deutscher Sprache .\nA Revolution Devours Its Children by Kristian Köhntopp\nDeparture from Traditional Open Source Licenses Open source once set out to guarantee users the greatest possible freedom in the operation of software and to challenge the software titans. Meanwhile, however, these have learned to use the documented freedoms to their advantage.\nThere is unrest in the open-source community: In recent times, it can be observed that established software companies with a large user base are restricting the freedoms of their users by changing licenses of their open source projects. The most recent example is HashiCorp, a company specialized in software for cloud infrastructure, which has placed its core products under the BSL v1.1 (Business Source License), a formally non-open license. The response was immediate: the software has since been forked as OpenTofu and is now under the auspices of the Linux Foundation.\nHashiCorp is not the first company to do this: some time ago, RedHat changed the positioning of CentOS as a free alternative to RedHat Enterprise Linux (RHEL) and recently restricted the release of the RHEL source codes through an EULA (End User License Agreement), Elastic has put ElasticSearch and Kibana under the formally non-open SSPL (Server Side Public License), and MongoDB is also only available under the SSPL.\nFour Freedoms and a Certification Open Source and Free Software existed even before these terms were coined. However, the actual \u0026ldquo;Open Source Revolution\u0026rdquo; began in the 1990s with the Linux kernel and the resulting distributions. The term \u0026ldquo;Open Source\u0026rdquo; was coined by Bruce Perens and Eric Raymond, formalized in the Open Source Definition and the Debian Free Software Guidelines.\nBoth are refinements and clarifications of the original \u0026ldquo;Four Freedoms\u0026rdquo; in the mother of all open-source licenses, the GNU General Public License (GPL), which are:\nFreedom 0: The freedom to run the program for any purpose. Freedom 1: The freedom to study how the program works and adapt it to your data processing needs. This implies access to the source code. Freedom 2: The freedom to redistribute the program. However, the GPL requires that the source code of the program, which corresponds to the redistributed program, is also offered. Freedom 3: The freedom to improve the program and distribute these improvements under the original license. This also implies access to the source code and the right to modify it. While the GPLv2 is the license that first codified these freedoms, a whole range of licenses quickly developed that are all \u0026ldquo;Open Source\u0026rdquo; according to the OSI guidelines (Open Source Initiative) or the DFSG (Debian Free Software Guidelines), all of which are free but some are incompatible with the GPL. This, in particular, filled many Usenet newsgroups with ongoing discussions throughout the late 90s.\nThe LAMP Stack: A Wild Mix of Licenses The well-known LAMP stack for web development is also an example of the license confusion that can occur with open source. LAMP includes the Linux Kernel, the Apache web server, the MySQL database, and the PHP programming language. Each of these components has different licenses.\nWhile the Linux Kernel is licensed under GPLv2, the Apache web server is under Apache License 2. This is a permissive license, meaning it lacks provisions that enforce changes to the original program to be distributed under the same license as the original program.\nMySQL has two licenses: The database can be used under the GPL, subject to the provisions and freedoms mentioned above. However, the copyright holder is a company (originally MySQL, then SUN, and now Oracle) that holds all rights. Developers must assign the rights to their patches to Oracle via a Contributor License Agreement (CLA). This allows Oracle to also offer the source code under a commercial license.\nAnd PHP has been under the PHP License since version 4. This is also a permissive license that allows the use and distribution of PHP with or without modifications, as source code or executable program, but contains restrictions regarding the use of the \u0026ldquo;PHP\u0026rdquo; trademark.\nThis leads to an important question from the late 90s: What happens when you mix software with different licenses and distribute them together in a distribution or link them together in a translation process?\nThe GNU Project quickly clarified that the boundaries of the license are the process boundaries. If you develop a program under another license and link it with GNU software so that the result is executed in the same process afterward, this is legally okay only if the other license is compatible with the GPL.\nAlthough the GPL is an open-source license, not many licenses are compatible with the GPL. This is because the GPL contains freedom-preserving restrictions: you can\u0026rsquo;t restrict the execution of the software (\u0026ldquo;Not in nuclear missiles!\u0026rdquo;). And a program that contains GPL components must also be offered in source code with all changes. This means not just the GPL components, but all components in this process space.\nThe Debate Over the \u0026ldquo;Infectious\u0026rdquo; GPL The obligation to publish the source code then led to another discussion in the early 2000s. At that time, Linux and Open Source became so prominent that they could not be ignored, and many startups flirted with Open Source. Although the GPL was the most widely used license at the time, it is not an attractive prospect for investors to have to release all the company\u0026rsquo;s software sources under the GPL.\nIt was during this time that the anti-open-source slogan of the \u0026ldquo;viral\u0026rdquo; or \u0026ldquo;contagious\u0026rdquo; GPL originated, which is nonsense at its core: On the one hand, the GPL is easy to contain because it ends clearly defined at process boundaries; on the other hand, the provisions of the GPL make sense because they make direct exploitation of others\u0026rsquo; work more difficult (\u0026ldquo;Quid pro quo: If you benefit from Open Source, then you should contribute in the same way.\u0026rdquo;).\nGPLv3 Against Software Patents In response to venture capitalists who brought another threat to Open Source into play, a reaction became necessary: software patents. If startups have to release their software under the GPL, they might restrict their intellectual property in other ways to later collect licensing fees. At the time, software patents were positioned as a real threat.\nThe justification for version 3 of the GPL directly addresses this, and GPLv3 includes provisions that, in simplified terms, state: \u0026ldquo;If you use patents to sue users of any GPLv3-licensed software, then your right to use any GPLv3 software is terminated.\u0026rdquo; This clause is effective, and it has led to, among other things, Apple avoiding any form of GPLv3-licensed software in its products and progressively replacing any GPL software in Apple products with software licensed differently.\nThe provision that the GPL ends at process boundaries is sometimes problematic for the GNU project as well, and so there are variants of the GPL and exceptions. For example, code generated by GPL-covered programs is not protected by the GPL: This allows code generators such as gcc, bison, and flex. And for some libraries, including glibc, there is the LGPL, also called \u0026ldquo;Lesser GPL,\u0026rdquo; which allows the libraries to be linked against non-GPL software.\n\u0026ldquo;GPL Instead of LGPL\u0026rdquo; as a Weapon Conversely, some companies have used the GPL as a weapon. For example, libraries like \u0026ldquo;libmysqlclient.so\u0026rdquo; were available under the LGPL up to MySQL 3.23, but from version 4 onwards, they are under the GPL. Therefore, if one links this library into their commercial program and wants to distribute it, they must buy a commercial MySQL license under the dual-licensing program. MySQL summarized this in the slogan, \u0026ldquo;If you are free, we are free. If you are commercial, we are commercial.\u0026rdquo;\nThis was a problem for a while for the programming language PHP, which linked against this library to access the database as part of the LAMP stack but has a formally non-GPL-compatible license. PHP countered this problem by reimplementing the protocol as \u0026ldquo;mysqlnd,\u0026rdquo; and in parallel, MySQL solved the problem by defining a license exception for PHP (and others).\nLess GPL, More MIT, BSD, and Apache All these confusions are one reason why \u0026ldquo;modern\u0026rdquo; open-source software often no longer uses the GPL but prefers other licenses such as MIT, BSD, or Apache. They make a number of capital-financed business models around open source simpler, especially if you want to build a company around a product that is open source in name only. From 2005 onwards, business models based on open source began to flourish. This has worked well enough for 15 years to grow the number of projects significantly.\nSome of these projects do not rely on individual companies as sponsors: PHP, KDE, and Postgres, for example, are stable and large-scale OSS projects that are not backed by a single large company and its venture capital investors – they all feature a broad and deeply rooted base of contributors.\nIn recent years, cracks have appeared: RedHat, Elastic, MongoDB, MariaDB (a MySQL fork), HashiCorp, and many others have changed their licenses or restructured to exclude a specific use case. Since this constitutes a violation of Freedom 0, they are no longer open-source projects in the sense of OSI and DFSG.\nThe Elephant in the Room is the Cloud Amazon Web Services (AWS) is a system and a company that epitomizes a business model: It monetizes the aspect of \u0026ldquo;operations,\u0026rdquo; which is often neglected and underfunded in companies, and aims not to develop software for third parties but primarily to operate it.\nAmazon has been very successful with this model: For some time now, more new installations of MySQL (and MongoDB, Postgres, Elastic, and many other databases) have been running in its data centers than locally with clients (\u0026ldquo;on-premise\u0026rdquo;). This is a class of systems that are notoriously hard to operate because errors in operation can irreparably ruin data. Of course, one can roll back a faulty database version to the previous one, but the data destroyed by the error is still permanently lost.\nThe systematic underestimation of the costs and effort operations require is what makes the principle of \u0026ldquo;Software as a Service\u0026rdquo; (SaaS) successful. SaaS providers are selling not just a service, but primarily an operational concept for this service that allows smooth and uninterrupted operation right after commissioning. Because the operational concept is tested and prescribed, the quality of the service can be standardized, measured, and then stable contracts can be entered into with third parties.\nCustomers welcome this because operating software is a problem at least as challenging as developing software. Many customers do not want to deal with this. Often, they accept availabilities, response times, and costs that were completely unacceptable in their own in-house teams before. All of this just to get the complex task of \u0026ldquo;operating the databases\u0026rdquo; out of the house – this shows how uncomfortable companies are with dealing with \u0026ldquo;operations.\u0026rdquo;\nThe operation of this software by AWS is not covered by a commercial agreement between the software manufacturer and Amazon, but is based on the Freedom 0 of the GPL: Amazon is allowed to run the software for any purpose, including as a service for others. As a result, Amazon collects the money for the operation of these installations, but the actual software developer, the manufacturing company or group, gets nothing from it. This is not a sustainable financing model, but it is covered by the GPL and very advantageous for AWS, so there is no incentive for them to change anything.\nBusiness Source License as an Early Reaction The issue of cloud services exploiting open-source software without contributing back to the developers was recognized early on: The \u0026ldquo;Business Source License\u0026rdquo; (BSL) was first mentioned in the blog of Monty Widenius, a key figure behind MariaDB, as early as 2013, and MariaDB has been using it for certain components since 2016, with slight changes after suggestions from Bruce Perens, resulting in version 1.1 in 2017. Other products followed suit and adopted the BSL: Couchbase, Uptrace, Kurtosis, Sentry, CockroachDB, and recently all HashiCorp core products.\nThe idea behind the BSL is that the software remains freely usable and the source code available, but with restrictions. The most important restriction usually means \u0026ldquo;AWS is not allowed to use this,\u0026rdquo; phrased as \u0026ldquo;The software may not be offered as SaaS for third parties.\u0026rdquo; Thus, one can use the software as before. It can also be operated on AWS itself, or it can be provided within one\u0026rsquo;s own organization for other departments.\nHowever, one will not be able to buy the operation of the software as a service from a cloud operator, but only from the creator of the software itself (e.g., via AWS Marketplace). This limitation is intended to ensure the financing the development of the software by preventing AWS from completely diverting this stream of money for itself. The BSL comes with another rule stating that code changes must be released under a recognized open-source license (usually the Apache 2.0 license or GPL). There is a time limit for that: a maximum of four years, ensuring that older versions of the software are always true open source.\nFormally, BSL software is not open source in the OSI or DFSG sense because, unlike the GPL, Freedom 0 (\u0026ldquo;run for any purpose\u0026rdquo;) is restricted. Therefore, it is also referred to as \u0026ldquo;Source Available.\u0026rdquo; The Server Side Public License used by MongoDB, Elastic, and Kibana follows the same idea, only differently: the SSPL is a variant of AGPLv3 that also restricts Freedom 0 and prohibits operating the software for third parties (\u0026ldquo;as a Service\u0026rdquo;) unless a commercial license is acquired.\nNon-Free Free Software The fundamental idea behind the GPL\u0026rsquo;s freedoms is give and take: \u0026ldquo;You can use our software, but you have to play nice in return.\u0026rdquo; The ever-growing dominance of AWS is making it increasingly difficult for open-source creators to earn a living from their development work – AWS offers their software as a service and integrates it with other services. Freedom 0 of free software here turns against the creators of the software.\nThe BSL and SSPL are reactions to this. Formally, they are not free software, according to OSI or DFSG. But perhaps it is time for open source to once again face changes and new threats, adapting licenses and definitions for the new era, as has already happened with GPLv3 and AGPL.\nPerhaps the FSF, OSI, and Debian will not move and will insist on their definitions of \u0026ldquo;free software.\u0026rdquo; But this does not deter developers of software under BSL and SSPL: their software is already \u0026ldquo;almost free\u0026rdquo; and, due to their special rule, will formally become free software according to the old definition after a few years. There is no reason to reject BSL or SSPL, except for fundamentalism towards free software. However, if those who care about the open-source idea do not want AWS to be the only company with a successful open-source business model, then change is necessary. Otherwise, users will soon find themselves back with dull, traditional commercial software, the kind they used to get from companies like Microsoft and Oracle.\n","date":"2023-11-11T00:00:00Z","href":"https://blog.koehntopp.info/2023/11/11/a-revolution-devours-its-children.html","tags":["lang_en","publication","free software"],"title":"A Revolution Devours Its Children"},{"categories":null,"content":"Dieser Text erschien in c\u0026rsquo;t 26/23 auf Seite 70. Wie alle meine Texte ist er nach einiger Zeit auch in meinem Blog frei verfügbar. Die hier veröffentlichte Fassung ist die Rohfassung des Artikeltexts ohne Abbildungen und Illustrationen.\nThis text is also available in English .\nEine Revolution frisst ihre Kinder von Kristian Köhntopp\nAbkehr von klassischen Open-Source-Lizenzen Open Source war einmal angetreten, um Nutzern die größtmögliche Freiheit im Betrieb von Software zu garantieren und Software-Titanen den Kampf anzusagen. Inzwischen haben diese aber gelernt, die verbrieften Freiheiten zu ihrem Vorteil zu nutzen.\nEs brodelt in der Open-Source-Gemeinde: In jüngerer Vergangenheit lässt sich beobachten, dass etablierte Softwareunternehmen mit großer Nutzerbasis die Freiheiten der Nutzer ihrer Open-Source-Projekte durch einen Lizenzwechsel einschränken. Jüngstes Beispiel ist das Unternehmen HashiCorp, das auf Software für Cloud-Infrastruktur spezialisiert ist und seine Kernprodukte unter die BSL v1.1 (Business Source License) gestellt hat, eine formal nicht offene Lizenz. Die Quittung kam prompt: Inzwischen wurde die Software als OpenTofu geforkt und steht jetzt unter der Schirmherrschaft der Linux Foundation.\nHashiCorp ist nicht die erste Firma, die so etwas tut: RedHat hat vor längerer Zeit die Positionierung von CentOS als freie Alternative zu RedHat Enterprise Linux (RHEL) geändert und kürzlich die Herausgabe der RHEL-Quelltexte durch eine EULA (End User License Agreement) eingeschränkt, Elastic hat ElasticSearch und Kibana unter die formal nicht offene SSPL (Server Side Public License) gestellt, und auch MongoDB ist nur noch unter der SSPL zu haben.\nNoch viel früher gab es Umzüge von der GPLv2 zur GPLv3, die Einführung der AGPL, und einige Firmen wie Apple haben ein striktes GPLv3-Verbot für ihre eigenen Softwareprodukte ausgesprochen. Apple migriert zudem alle interne Software komplett von der GPL weg. Sind diese Entwicklungen eine Bedrohung für Open Source? Und was sollen diese Lizenzänderungen eigentlich bezwecken? Um die Konfliktlinien zu verstehen, lohnt sich ein Blick in die Vergangenheit.\nVier Freiheiten und eine Zertifizierung Open Source und Free Software gab es schon, bevor diese Worte dafür existierten. Doch die eigentliche „Open-Source-Revolution“ begann in den 1990er Jahren mit dem Linux Kernel und den sich daraus ergebenden Distributionen. Der Begriff „Open Source“ wurde von Bruce Perens und Eric Raymond geprägt und in der Open-Source-Definition und den Debian Free Software Guidelines formalisiert.\nBeides sind Verfeinerungen und Klarstellungen der ursprünglichen „Vier Freiheiten“ der Mutter aller Open-Source-Lizenzen, der GNU General Public License (GPL), die da lauten:\nFreiheit 0: Die Freiheit, das Programm für jeden Zweck auszuführen. Freiheit 1: Die Freiheit, die Funktionsweise des Programms zu untersuchen und eigenen Bedürfnissen der Datenverarbeitung anzupassen. Das impliziert Zugang zum Quelltext. Freiheit 2: Die Freiheit, das Programm weiterzugeben. Die GPL fordert aber, dass auch der Quelltext des Programms, der dem weitergegebenen Programm entspricht, angeboten wird. Freiheit 3: Die Freiheit, das Programm zu verbessern und diese Verbesserungen unter der originalen Lizenz weiterzugeben. Auch dies impliziert Zugang zum Quelltext und das Recht, diesen zu ändern. Während die GPLv2 die Lizenz ist, die diese Freiheiten das erste Mal kodifiziert hat, haben sich schnell eine ganze Reihe von Lizenzen entwickelt, die alle „Open Source“ nach den OSI-Richtlinien (Open Source Initiative) oder den DFSG (Debian Free Software Guidelines) sind und von denen einige zwar frei, aber inkompatibel mit der GPL sind. Das hat insbesondere in den späten 90er Jahren viele Usenet-Newsgroups dauerhaft mit Diskussionen gefüllt.\nDer LAMP-Stack: Eine wilde Mischung von Lizenzen Der bekannte LAMP-Stack für die Webentwicklung ist auch ein Beispiel für den Lizenzwirrwarr, mit dem man es bei Open Source zu tun haben kann. LAMP beinhaltet den Linux Kernel, den Apache Webserver, die MySQL-Datenbank und die Programmiersprache PHP. All diese Bausteine haben unterschiedliche Lizenzen.\nWährend der Linux-Kernel GPLv2-lizenziert ist, steht der Apache Webserver unter der Apache License 2. Diese ist freizügig („permissive“), das heißt, es fehlen Bestimmungen, die erzwingen, dass Veränderungen gegenüber dem Originalprogramm unter derselben Lizenz wie das Originalprogramm weitergegeben werden müssen.\nMySQL hat gleich zwei Lizenzen: Die Datenbank kann unter der GPL genutzt werden und unterliegt dann den Bestimmungen und Freiheiten, die oben genannt wurden. Der Urheberrechtsinhaber ist jedoch eine Firma (ursprünglich MySQL, dann SUN und jetzt Oracle), die alle Rechte innehat. Entwickler müssen die Rechte an ihren Patches per Contributor License Agreement (CLA) an Oracle abtreten. Dadurch kann Oracle den Quelltext auch unter einer kommerziellen Lizenz anbieten.\nUnd PHP steht seit Version 4 unter der PHP-License. Auch das ist eine freizügige Lizenz, die Nutzung und Weitergabe von PHP mit oder ohne Modifikationen, als Quelltext oder ausführbares Programm erlaubt, jedoch Einschränkungen hinsichtlich des Gebrauches der Wortmarke „PHP“ enthält.\nDas führt zu einer wichtigen Frage der späten 90er Jahre: Was passiert, wenn man Software mit unterschiedlichen Lizenzen mischt und zusammen in einer Distribution verbreitet oder sie in einem Übersetzungsprozess zusammen linkt?\nDas GNU Projekt hat relativ schnell klargestellt, dass die Grenzen der Lizenz die Prozessgrenzen sind. Wenn man also ein Programm unter einer anderen Lizenz entwickelt und mit GNU-Software zusammen linkt, sodass das Resultat hinterher in ein- und demselben Prozess ausgeführt wird, dann geht das legal nur dann in Ordnung, wenn die andere Lizenz mit der GPL kompatibel ist.\nObwohl die GPL eine Open-Source-Lizenz ist, sind nicht viele Lizenzen mit der GPL kompatibel. Das liegt daran, dass die GPL die Freiheit wahrende Einschränkungen enthält: Man kann die Ausführung der Software nicht einschränken („Nicht in Atomraketen!“) und ein Programm, das GPL-Komponenten enthält, muss auch im Quelltext mit allen Änderungen angeboten werden. Das bedeutet: nicht nur die GPL-Komponenten, sondern alle Komponenten in diesem Prozessraum.\nDie Debatte um die „infektiöse“ GPL Aus der Pflicht zur Veröffentlichung der Quellen ergab sich dann eine weitere Diskussion in den frühen Nullerjahren. Damals wurden Linux und Open Source so groß, dass man sie nicht ignorieren konnte, und eine Menge Start-ups kokettierten mit Open Source. Die GPL war damals zwar die am weitesten verbreitete Lizenz, aber wenn man ein Start-up betreibt, das sich durch Risikokapital finanziert, dann ist es keine attraktive Aussicht für Investoren, alle Quellen der eigenen Software unter der GPL herausgeben zu müssen.\nAus dieser Zeit stammt der Anti-Open-Source-Slogan der „viralen“ oder „ansteckenden“ GPL, der im Kern jedoch Unsinn ist: Zum einen ist die GPL leicht einzuhegen, denn sie endet ja klar definiert an Prozessgrenzen, andererseits sind die Bestimmungen der GPL sinnvoll, weil sie eine direkte Ausbeutung der Leistung anderer erschwert („Quid pro quo: Wenn Du von Open Source profitierst, dann sollst Du auch auf die gleiche Weise dazu beitragen.“).\nGPLv3 gegen Softwarepatente Venture Capitalists brachten als Reaktion eine weitere Bedrohung für Open Source in Stellung, auf die reagiert werden musste: Softwarepatente. Wenn Start-ups ihre Software unter der GPL herausgeben müssen, können sie ihr geistiges Eigentum eventuell anders einschränken, um später dafür Lizenzgebühren einzutreiben. Damals waren das Softwarepatente, die als reale Bedrohung positioniert wurden.\nIn der Rechtfertigung für die Version 3 der GPL wird dies auch direkt thematisiert, und die GPLv3 enthält Regelungen, die vereinfacht besagen: „Wenn Du Patente verwendest, um Benutzer von beliebiger GPLv3-lizenzierter Software zu verklagen, dann erlischt Dein Recht, jegliche GPLv3 Software zu verwenden.“ Diese Klausel ist wirksam und sie hat unter anderem dazu geführt, dass Apple jede Form von GPLv3-lizenzierter Software in seinen Produkten vermeidet und sukzessive jegliche GPL-Software in Apple-Produkten durch anders lizenzierte Software ersetzt.\nDie Bestimmung, dass die GPL an Prozessgrenzen endet, ist auch für das GNU-Projekt manchmal problematisch, und so gibt es Varianten der GPL und Ausnahmen. Zum Beispiel ist generierter Code von unter der GPL stehenden Programmen nicht GPL-geschützt: Dies ermöglicht Codegeneratoren wie gcc, bison und flex. Und für einige Bibliotheken, darunter die glibc, gibt es die LGPL, auch „Lesser GPL“ genannt, die es erlaubt, die Bibliotheken gegen Nicht-GPL-Software zu linken.\n„GPL statt LGPL“ als Waffe Andersherum haben einige Firmen die GPL als Waffe eingesetzt. Zum Beispiel waren Bibliotheken wie die „libmysqlclient.so“ bis einschließlich MySQL 3.23 unter der LGPL verfügbar, aber ab Version 4 stehen sie unter der GPL. Linkt man diese Bibliothek also in sein kommerzielles Programm und will es ausliefern, dann muss man eine kommerzielle MySQL-Lizenz unter dem Dual-Licensing Programm kaufen. MySQL hat das im Slogan „If you are free, we are free. If you are commercial, we are commercial“ zusammengefasst.\nDas war eine Zeit lang ein Problem für die Programmiersprache PHP, die ja gegen diese Bibliothek gelinkt hat, um auf die Datenbank im Rahmen des LAMP-Stacks zugreifen zu können, aber eine formal nicht GPL-kompatible Lizenz hat. PHP ist dem Problem mit einer Re-Implementierung des Protokolls als „mysqlnd“ begegnet, und parallel dazu hat MySQL das Problem gelöst, indem sie eine Lizenz-Ausnahme für PHP (und andere) definiert haben.\nWeniger GPL, mehr MIT, BSD und Apache All diese Wirrungen sind ein Grund, warum „moderne“ Open-Source-Software meist nicht mehr die GPL verwendet, sondern andere Lizenzen wie MIT, BSD oder Apache bevorzugt. Sie machen eine Reihe von kapitalfinanzierten Geschäftsmodellen um Open Source einfacher, wenn man eine Firma um ein (oft nur dem Namen nach) Open-Source-Produkt stricken will. Ab 2005 beginnt die Blütezeit von auf Open Source basierenden Geschäftsmodellen. Das hat 15 Jahre lang gut genug funktioniert, um eine Reihe von Projekten groß zu machen.\nEinige dieser Projekte sind nicht auf einzelne Firmen als Träger angewiesen: PHP, KDE und Postgres sind zum Beispiel stabile und groß angelegte OSS-Projekte, hinter denen nicht eine einzelne große Firma und ihre Venture-Kapitalgeber stehen – sie alle zeichnen sich durch eine breite und vielfach verankerte Basis von Beitragenden aus.\nSeit einigen Jahren zeigen sich Risse: RedHat, Elastic, MongoDB, MariaDB (ein MySQL-Fork), HashiCorp und viele andere haben ihre Lizenzen geändert oder sich umstrukturiert, um einen bestimmten Use-Case auszuschließen. Da dies eine Verletzung der Freiheit 0 darstellt, sind es damit auch keine Open-Source-Projekte im Sinne der OSI und der DFSG mehr.\nDer Elefant im Raum ist die Cloud Amazon Web Services (AWS) ist ein System und eine Firma, die stellvertretend für ein Geschäftsmodell steht: Es monetarisiert den in Unternehmen oft vernachlässigten und unterfinanzierten Aspekt „Operations“ und sieht vor, Software für Dritte nicht zu entwickeln, sondern vorrangig zu betreiben.\nDamit ist Amazon sehr erfolgreich: Schon länger laufen in dessen Rechenzentren mehr Neuinstallationen von MySQL (und MongoDB, Postgres oder Elastic und vielen anderen Datenbanken) als lokal beim Kunden („on premise“). Dies ist eine Klasse von Systemen, die notorisch schwierig zu betreiben sind, weil Fehler beim Betrieb Daten unwiederbringlich ruinieren können. Natürlich kann man eine fehlerhafte Version einer Datenbank auf die vorhergehende Version zurückrollen, aber die Daten, die durch den Fehler zerstört worden sind, sind immer noch dauerhaft weg.\nDie systematische Unterschätzung der Kosten und des Aufwandes von Operations macht das Prinzip „Software as a Service“ (SaaS) erfolgreich. SaaS-Anbieter verkaufen nicht nur einen Dienst, sondern im Grunde genommen vornehmlich ein Betriebskonzept für diesen Dienst, der einen reibungslosen und unterbrechungsfreien Betrieb direkt nach der Inbetriebnahme erlaubt. Weil das Betriebskonzept erprobt und vorgeschrieben ist, kann man die Qualität der Dienstleistung standardisieren, messen und dann stabile Verträge mit Dritten darüber eingehen.\nKunden begrüßen das, denn Software zu betreiben ist ein Problem, das mindestens so schwierig ist wie Software zu entwickeln. Viele Kunden wollen sich damit nicht auseinandersetzen. Oft werden dabei Verfügbarkeiten, Antwortzeiten und Kosten in Kauf genommen, die genau so vorher bei den eigenen Inhouse-Teams vollkommen inakzeptabel waren, nur um beispielsweise den Aufgabenkomplex „Betrieb der Datenbanken“ aus dem Haus zu bekommen – das zeigt, wie unangenehm Firmen die Auseinandersetzung mit „Operations“ ist.\nDabei ist der Betrieb dieser Software durch AWS nicht durch eine kommerzielle Vereinbarung zwischen dem Hersteller der Software und Amazon gedeckt, sondern erfolgt auf der Grundlage der Freiheit 0 der GPL: Amazon darf die Software zu jedem beliebigen Zweck ausführen, auch als Service für Dritte. In Folge streicht Amazon das Geld für den Betrieb dieser Installationen ein, aber der eigentliche Softwareentwickler, die Herstellerfirma oder -gruppe bekommt davon nichts. Das ist kein nachhaltiges Finanzierungsmodell, aber durch die GPL gedeckt und sehr vorteilhaft für AWS, sodass man dort auch keine Veranlassung sieht, etwas daran zu ändern.\nBusiness Source License als frühe Reaktion Das ist schon recht früh als Problem erkannt worden: Bei MariaDB findet man die erste Erwähnung der „Business Source License“ (BSL) im Blog von Monty Widenius schon 2013, und MariaDB setzt sie für bestimmte Komponenten seit 2016 ein, mit leichten Veränderungen nach Anregungen von Bruce Perens dann seit 2017 in der Version 1.1. Andere Produkte ziehen nach und gehen ebenfalls unter die BSL: Couchbase, Uptrace, Kurtosis, Sentry, CockroachDB und neuerdings alle HashiCorp-Kernprodukte.\nDie Idee hinter der BSL ist, dass die Software weiterhin frei nutzbar und der Quelltext verfügbar bleibt, aber mit Einschränkungen. Die wichtigste Einschränkung meint üblicherweise „AWS darf das nicht nutzen“, formuliert als „Die Software darf nicht als SaaS für Dritte angeboten werden“. Man kann die Software also weiter so verwenden wie zuvor. Man kann sie auch in AWS selbst betreiben oder man kann sie innerhalb der eigenen Organisation für andere Abteilungen bereitstellen.\nAber man wird den Betrieb der Software nicht als Dienst von einem Cloud-Betreiber kaufen können, sondern nur vom Ersteller der Software selbst (etwa via AWS Marketplace). Diese Einschränkung dient dazu, die Finanzierung der Entwicklung der Software sicherzustellen, indem AWS die Möglichkeit genommen wird, diesen Geldstrom vollständig für sich selbst abzuzweigen. Die BSL kommt mit einer weiteren Regel, die besagt, dass Codeänderungen spätestens nach vier Jahren unter eine anerkannte Open-Source-Lizenz fallen (meist die Apache-2.0-Lizenz oder die GPL), sodass ältere Versionen der Software auf jeden Fall immer Open Source sind.\nFormal ist BSL-Software keine Open Source im Sinne der OSI oder DFSG, weil anders als bei der GPL die Freiheit 0 („Ausführen für welchen Zweck auch immer“) eingeschränkt wird. Man bezeichnet sie deshalb auch als „Source Available“. Auch die von MongoDB, Elastic und Kibana verwendete Server Side Public License verfolgt dieselbe Idee, nur anders: Die SSPL ist eine AGPLv3 Variante, die ebenfalls die Freiheit 0 einschränkt und verbietet, die Software für Dritte („as a Service“) zu betreiben, es sei denn, man erwirbt eine kommerzielle Lizenz.\nUnfreie freie Software Die Grundidee hinter den Freiheiten der GPL ist Geben und Nehmen: „Du kannst unsere Software nutzen, musst aber selbst gutartig mitspielen.“ Weil AWS seine Position im Markt immer weiter ausbaut, wird es den Erstellern von Open Source zunehmend schwerer gemacht, ihren Unterhalt mit der Entwicklungsarbeit zu verdienen – AWS bietet deren Software als Service an und verwebt ihn mit weiteren Dienstleistungen. Die Freiheit 0 der freien Software wendet sich hier gegen die Ersteller der Software.\nDie BSL und die SSPL sind eine Reaktion darauf. Sie sind formal gesehen keine freie Software nach OSI oder DFSG. Aber vielleicht ist es auch für Open Source wieder einmal an der Zeit, den Veränderungen und den neuen Bedrohungen ins Auge zu sehen und die Lizenzen und die Definitionen der neuen Zeit anzupassen, so wie dies mit der GPLv3 und der AGPL schon einmal geschehen ist.\nVielleicht bewegen sich FSF, OSI und Debian aber auch nicht und beharren auf ihren Definitionen von „freier Software“. Die Entwickler von Software unter der BSL und der SSPL ficht das nicht an: Ihre Software ist jetzt schon „fast frei“ und wegen ihrer speziellen Regel nach einigen Jahren dann auch formal freie Software nach alter Definition. Einen Grund, die BSL oder SSPL abzulehnen, gibt es nicht, ausgenommen Fundamentalismus für freie Software. Aber wenn diejenigen, denen etwas am Open-Source-Gedanken liegt, nicht wollen, dass AWS die einzige Firma mit einem erfolgreichen Open-Source-Geschäftsmodell ist, muss sich etwas ändern. Sonst landen Nutzer schon bald wieder bei langweiliger, traditioneller kommerzieller Software, wie man es früher von Microsoft und Oracle gewohnt war.\n","date":"2023-11-11T00:00:00Z","href":"https://blog.koehntopp.info/2023/11/11/eine-revolution-frisst-ihre-kinder.html","tags":["lang_de","publication","free software"],"title":"Eine Revolution frißt ihre Kinder"},{"categories":null,"content":"Ich arbeite im Sitzen, 8h am Tag beruflich, und dann noch ein wenig mehr aus Spaß: Spaces .\nIch habe meinen eigenen Platz daheim, immer schon gehabt. Das habe ich von meinem Vater gelernt, der Amateurfunker war und daheim seinen höchst eigenen Bastel- und Arbeitsplatz hatte, seinen Ort und Rückzugplatz. Zu einem ordentlichen Arbeitsplatz gehört auch ein Sitz. Der Sitz ist ein Arbeitsgerät und da sollte man angesichts der Anzahl der darin verbrauchten Stunden nicht kaspern, sondern klotzen.\nMeinen alten Stuhl habe ich 2003 in Karlsruhe gekauft, ein Dauphin Shape Comfort XT mit nahezu allen Optionen. Der hat 20 Jahre gehalten. Aber inzwischen wurde es Zeit für einen Ersatz: Nicht nur ist die Gasdruckfeder im Eimer (die habe ich schon einige Male getauscht, sicher ist sicher), sondern intern ist die Mechanik auch abgenudelt und verschiedene Einstellmöglichkeiten haben nicht mehr gut funktioniert.\nAndererseits: 20 Jahre. Das Teil hat in Karlsruhe, 2 Orten in Berlin, und in Amsterdam Dienst getan. Dann ist auch gut. Hier ist der neue, wieder ein Dauphin Shape XT.\nAnlieferung fertig montiert in einem sehr stabilen Monsterkarton.\nAusstattung, wie bestellt, via https://www.objectservice.de/ .\nDa der Sitz vormontiert bestellt war, gestaltete sich das Auspacken schnell und einfach. Dachte ich, aber es gab Luftpolsterfolie!\nLuftpolsterfolie!\nDer Stuhl kommt mit einem ausführlichen Handbuch und einer Erklärung der Grundlagen der Ergonomie. Das braucht es auch, denn dies ist ein richtiger Bürostuhl, und kein Gamer-Stuhl oder gar, wie einige Kollegen auch im Jahr 3 der Pandemie, ein Küchenstuhl.\nBild des Bürostuhls am Arbeitsort: Höhenverstellbarer Schreibtisch, jede Menge Strom, eine Rollmatte und ein ordentlicher Stuhl. Tageslicht von Links.\nDer Stuhl kommt mit einer Vielzahl an Einstellmöglichkeiten.\nÜbersicht der Einstellmöglichkeiten.\nSitzhöhe. Sitztiefe. Die Sitzfläche gleitet nach vorn, und ich passe auf den Stuhl. Armlehnen weit ausfahren: Ein wichtiger Handgriff, damit mein breiter Hintern in den Sessel passt. Rückenlehne fixieren oder losdrehen. Wenn man 4 losmacht, kann man Einstellen, wie stark die Rückenlehne Gegendruck macht. Nicht sichtbar: Armlehnen Höhe. Lordosenstütze Höhe. Die Rückenlehne ist höhenverstellbar, und das ist so auch notwendig bei mir. Rückenlehne und Sitzfläche neigen sich zusammen nach vorne und hinten (\u0026ldquo;Synchromechanik\u0026rdquo;). Es gibt noch besser ausgestattete Versionen von diesem Stuhl, bei denen die Armlehnen auch in Neigung und Winkel verstellbar in mehreren Dimensionen sind, aber das ist meiner Erfahrung nach nicht dringend. Eine Version mit Nackenstütze ist auch zu haben.\nBezüge kommen in mehreren Preiskategorien (bis \u0026ldquo;Chefsessel Leder\u0026rdquo;) und sind auf Beanspruchung ausgelegt.\nZum Einstellen kann man einfach die Anleitung im Handbuch befolgen. Die Schritte sind im Grunde bei jedem Stuhl dieselben, sofern die betreffenden Einstellmöglichkeiten vorhanden sind:\nDie Synchronmechanik und andere Schwingteile blockieren (z.B. die Rückenlehne aufrecht fixieren) und die Armlehnen ausfahren auf maximale Breite. Das macht Platz im Stuhl und erzeugt eine neutrale Sitzposition. Hinsetzen. Sitzhöhe einstellen. Füße platt auf den Boden, dann müssen die Oberschenkel waagrecht im 90 Grad Winkel stehen. Manche Menschen wollen die Sitzhöhe noch ein wenig höher haben. Sitztiefe einstellen, also die Sitzfläche so weit ausfahren, daß sie bis auf 2-3 Finger an die Kniekehlen heranreicht und die Beine unterstützt. Nun die Position der Rückenlehne einstellen: Neigung, und wenn höhenverstellbar auch Höhe, bis die Unterstützung im Kreuz angenehm ist. Eventuell vorhandene Lordosenstütze in die richtige Position (über dem Becken ins Kreuz) bringen. Jetzt Sitzflächenneigung einstellen, also die Synchro loslösen und schaukeln, dann in einer angenehmen Position fixieren, und danach die Rücken-Neigung noch mal nachstellen. Armlehnen einstellen - Breite, Höhe, Position. Danach Feineinstellung justieren: Synchro los, und Rückenlehnen-Gegendruck anpassen, Lordosenstütze Druck einstellen und was sonst noch an Hilfseinstellungen da ist. Zentral sind Höhe, Sitztiefe und Stellung der fixierten Rückenlehne in Neigung und Höhe der Lordosenstütze. Der Rest ist dann drumherum zu arrangieren.\n","date":"2023-10-10T00:00:00Z","href":"https://blog.koehntopp.info/2023/10/10/sitzende-taetigkeit.html","tags":["lang_de","erklaerbaer","work"],"title":"Sitzende Tätigkeit"},{"categories":null,"content":"John Scalzi\u0026rsquo;s latest book is currently Starter Villain .\nThe premise is simple: Charlie\u0026rsquo;s estranged Uncle Jake died. Charlie and his uncle are estranged because Charlie\u0026rsquo;s father and Jake had a fallout at the funeral of Charlie\u0026rsquo;s mom, and Charlie has not had much contact at all with Jake ever since. Now, with Jake also dead, it turns out that Charlie somehow is his only heir.\nThen Charlie is holding watch at Jake\u0026rsquo;s funeral, and the entire story turns quickly into a James Bond novel, with strange brutes trying to stab the corpse of Jake, ensuring he\u0026rsquo;s really dead, and a collection of very weirdly imprinted flower bouquets \u0026ndash; \u0026ldquo;See you in hell\u0026rdquo; being one of the nicer ones.\nCharlie quickly learns that his uncle was a Villain, complete with a lair on a volcano island, laser weapons to destroy satellites, and a collection of very nice and special cats (and Dolphins, but they are special and not nice). He also learns that \u0026ldquo;Villain\u0026rdquo; does not exactly mean what he thinks that it means.\nScalzi spent his pages playing nicely with the clichés and expectations around James-Bond-like supervillains, and turning them into a fun story with a number of expected and unexpected twists. He wouldn\u0026rsquo;t be Scalzi if there is no stuff to think about lurking in the background. In this case, fairly obviously the relationship between 1950\u0026rsquo;s supervillains and present day billionaires, oligarchs and our survival as a species.\nA nice two-afternoon read.\n\u0026ldquo;Starter Villain \u0026rdquo;, John Scalzi, EUR 9,99.\n","date":"2023-10-01T00:00:00Z","href":"https://blog.koehntopp.info/2023/10/01/fertig-gelesen-starter-villain.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: Starter Villain"},{"categories":null,"content":"Rob Wilkins was the assistant and a good friend of Terry Pratchett. He wrote a posthumous biography, titled A Life With Footnotes . Wilkins is now the manager of the Pratchett literary estate.\nThe book does what a biography is supposed to do: It traces the life of Terry Pratchett, illuminating his origins and the experiences that shaped his worldview. Filled with anecdotes and tales from his readings, from conventions, and other encounters with fans, it sketches a portrait of a lovable, quirky personality who crafted stories in his mind and then simply penned them down.\nRob Wilkins then takes on the challenging segment of the biography and guides us through the tragic phase of Terry Pratchett: his Alzheimer\u0026rsquo;s diagnosis, the mental and physical decline, the ever-increasing loss of control, and the interplay of good and bad days, leading up to the emotional farewell that occurred long before his physical passing.\n\u0026ldquo;Terry Pratchett: A Life With Footnotes \u0026rdquo;, Rob Wilkins, EUR 9,49.\n","date":"2023-09-30T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/30/fertig-gelesen-a-life-with-footnotes.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: A Life with Footnotes"},{"categories":null,"content":"In Combat Ready Kitchen , Anastacia Marx de Salcedo traces the history of food preservation from an american point of view, and demonstrates the co-development of combat rations and modern U.S. supermarket food.\nThe book takes us through the history of U.S. combat rations, from before the invention of the tin can, through canned, better preserved, but incredibly heavy food to what soldiers have today. It shows how these military innovations have been seeded, purposefully, into the civilian food industry, in order to enable the military to source food from civilian companies for their purposes, in formats that suit them. This also had influence on how the industry preserves food for civilian consumption and enabled a multitude of convenience foods.\nWhile the development of food preservation for military and civilian needs was somewhat systematic, the book is not. It goes through the history not chronologically, but anecdotally, roughly ordered by kind of food, but with plenty of sidelines, side stories and other distractions. It still is an entertaining read, but it makes it hard to put down the book and take stock of what you just learned.\nOne thing I took away is that food preservation as we understand it today is much more recent than most people think. It is a thing humanity only learned in the late 80ies and early 90ies, and even today fundamental progress is being made. Also, a lot of the stuff we do is not actually bad for the food, the nutrients or the taste, it is in fact perfectly fine. Still, other things amount to basically breaking down the food to constituent parts, and then reassembling something from the parts, and that\u0026rsquo;s maybe less good, given how little we actually understand what makes a meal nourishing or healthy, even today.\nEntertaining and interesting, but structured in a way that makes it harder than necessary for me to pull value out of it.\n\u0026ldquo;Combat Ready Kitchen: How the U.S. Military Shapes The Way You Eat \u0026rdquo;, Anastacia Marx de Salcedo, EUR 5.25.\n","date":"2023-09-29T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/29/fertig-gelesen-combat-ready-kitchen.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: Combat Ready Kitchen"},{"categories":null,"content":"Dieses Jahr war nicht sehr heiß bei uns, und auch nicht so tödlich trocken wie letztes Jahr. Das war notwendig und angenehm, auch wenn es den Ertrag vom Dach um 10-15 % gegenüber dem Vorjahr gedrückt hat.\n2022 in Blau (links verschoben), 2023 in Grün (rechts).\n2022 brachte uns von April bis Jahresende 6389 kWh, 2023 brachte uns vom Jahresbeginn bis jetzt 6204 kWh. Okt+Nov+Dez 2022 waren 407 + 170 + 91 = 668 kWh. Damit käme 2023 in total auf 6872 kWh.\n3330 Wp auf 53 Grad Azimuth, 60 Grad Declination, leichte Verschattung im Morgen und im Winter durch Bäume. 5920 Wp auf 233 Grad Azimuth, 60 Grad Declination, leichte Verschattung am sehr späten Abend durch Dachgaube, Optimizer. =\u0026gt; 9250 Wp in total. Wir hatten einen Verbrauch von 4837 kWh/Jahr im letzten Jahr vor den Panels. Jun 2022 bis 2023 war -2800 kWh Netto (Verbrauch - Ertrag) und etwa 2300 kWh Netzbezug. Durch das neue Elektroauto werden wir aus Jun 2022 bis 2023 mit Glück +/- Null in Summe rauskommen.\nJahresverbrauch im Vergleich. Der Abrechnungszeitraum ist Juni bis Juni des Folgejahres. Das Jahr 2020/2021 war das letzte Jahr ohne Solaranlage. Im Jahr 2021/2022 kam Anfang April die Solaranlage dazu, und im Jahr 2022/2023 war durchgehend Solarenergie vorhanden.\nDie Themen \u0026ldquo;Gas weg\u0026rdquo; und \u0026ldquo;Klimaanlage rein\u0026rdquo; sind immer noch offen und noch zu bearbeitende Investitionsprojekte für das kommende Jahr. Zu ersetzen sind 1250 m^3 = 12500 kWh Primärverbrauch. Das werden dann weitere 4160 kWh bei einer angenommenen Arbeitszahl von 3.\nWir liegen bei 75-80 kWh pro qm und Jahr. Das setzt uns gerade eben auf eine deutsche Energieeffizienzklasse C oder \u0026ldquo;A++\u0026rdquo; bis \u0026ldquo;A+\u0026rdquo; in der niederländischen Skala (ebenda).\nGasverbrauch pro Jahr in m^3. Der Abrechnungszeitraum ist wiederum Juni bis Juni. In 2021/2022 wurden 1251 m^3 verbraucht.\nDie Investments waren\nca. 11k für das Solardach, 8k nach Förderung. ca. -2.6k für den Ladepunkt 11kW. ca. 35k für das Auto (das alte Auto mußte sowieso ersetzt werden). Auf der Liste stehen noch einmal ~10k für Aircondition/Luft-Luft Wp.\nWeit unten auf der Liste stehen noch einmal 10k für eine 10-15 kW Hausbatterie, aber das hat die kleinste Priorität. Die Batterie wird im Nov-Feb nicht voll werden, sodaß wir dort Netzstrom beziehen werden. Sie kann im Rest des Jahres 3-5 kWh Nachtverbrauch puffern. Eine 5 kWh-Batterie hat nicht die Amps, die geliefert werden müssen, wenn Leistung gebraucht wird, also sind mindestens 10 kWh (ca 7 k Euro) fällig.\nNach Abschluss aller Umstellungen kommen wir bei einem Nettostromverbrauch von 4000 kWh/Jahr raus. Im Moment sind wir Netto balanced (-/+ Null) oder -1000 kWh/Jahr, je nachdem wie viel gefahren wird.\nDer tatsächliche Netzbezug wird deutlich höher sein, ich schätze 3000 kWh mehr für eine Gesamtsumme von 7000 kWh/a. Das läuft auf 2500 Euro Gesamtenergiekosten im Jahr raus, für Haus und Auto. Das ist ausnehmend wenig.\nAn normalen September-Tagen speisen wir in etwa 4 kWh Netto ein. Brutto sind es 10 kWh von 14.5 kWh Produktion, und wir ziehen 5.7 kWh aus dem Netz. Nachts saugt das Haus 0.3 kW, tags immer ein wenig, wenn ein Herd oder eine Mikrowelle mehr Watt will als das Dach liefern kann.\nTage, an denen das Auto aufgeladen wird, sind in der Monatsansicht klar erkennbar.\nWen das E-Auto geladen wird, ist der Tagesverbrauch deutlich höher, denn es werden dann circa 40 kWh in 4 Stunden bezogen. Da hilft dann auch eine Batterie nicht. Im Monatsverlauf sind Ladetage klar erkennbar.\n","date":"2023-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/27/solarenergie-2022-vs-2023.html","tags":["lang_de","energy"],"title":"Solarenergie 2022 vs. 2023"},{"categories":null,"content":"Helen Czerski wrote a book. Blue Machine: How the ocean shapes our world occupies the weird space between memoir, travel blog and science outreach.\nIn the middle of this she manages to explain the biggest machine on our planet: The collection of oceans in which the continents are embedded. But also the deep love of science, the desire to understand how our world functions, and the connection between all people than live on it.\nThe book is the story of a person who literally travelled the world, from the poles to the equator, and from the surface of the oceans to their dark cold depths. It also is the story of a physicist with knowledge about bubbles and how they work, and how that line of research led her around the world, and into the oceans. It also is a gentle introduction into climate science, showing us how the ocean can be seen as a machine that manages the thermals of the planet, capturing and transporting heat, feeding the weather machine in the atmosphere with energy and water vapor, and also capturing and releasing carbon dioxide.\nFollowing her travels and experiences, we learn about the vertical layering structure of the oceans, about the ability of water to capture fantastic amounts of energy, about currents and how they transport water, energy, nutrients and life around the world, and how humans have been living off all this on the surface of something much greater, deeper and larger than we ever imagined.\nThis is an amazing and entertaining book that shares a unique and personal perspective of our world, and at the same time manages to convey how something this vast and enormous can be at the same time fragile and in need our or care and understanding.\nStrongly recommended read, well worth the time.\n\u0026ldquo;Blue Machine \u0026rdquo;, Helen Czerski, EUR 15.62\n","date":"2023-09-26T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/26/fertig-gelesen-blue-machine.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: Blue Machine"},{"categories":null,"content":" C64 Elite (1983) Longplay Das ist Elite (1984). Das Spiel wird heute 39 Jahre alt.\nSpiele zu jener Zeit waren nicht nur 2D, sie waren auch Arcade. Man spielt, und wenn man stirbt, ist das Spiel vorbei – die nächste Partie fängt man von vorne an.\nElite ist das erste Spiel mit animierter 3D-Grafik, und es ist auch das erste Spiel mit Savegames und Progression. Als solches hat es die Spieleentwicklung sehr umfassend beeinflusst. Wing Commander, EVE und No Man\u0026rsquo;s Sky haben ihre Quellen hier.\nElite war eine Idee von David Braben und Ian Bell, beides Engländer und daher kam das Spiel zunächst für den BBC Micro raus. Es wurde später auf viele andere 8-Bit Systeme portiert, darunter auch der C64. Es verkaufte sich rund 100.000 mal auf dem BBC Micro und weitere 600.000 mal für den C64. Insgesamt wurden rund 1 Million Exemplare umgesetzt.\nInsgesamt gab es von Elite selbst noch drei Nachfolgespiele, die aktuelle Version ist Elite: Dangerous. Da sieht das Gameplay dann so aus:\nElite Dangerous Gameplay.\nMein Elite T-Shirt hat das C64 Elite Wireframe Model der Cobra und den Text \u0026ldquo;Keep Calm And Jump Onwards\u0026rdquo;.\nT-Shirt Design mit schwarzem Hintergrund und in transparent .\n","date":"2023-09-20T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/20/elite.html","tags":["lang_de","gaming","elite-dangerous"],"title":"Elite"},{"categories":null,"content":"A decade ago, I came as a performance specialist into a rapidly growing environment. With rapid growth, I mean anything that is larger than what Moore\u0026rsquo;s Law once delivered. Moore\u0026rsquo;s law comes out at upwards of 45% Year-on-Year (YoY). In my case, we experienced 80% YoY worldwide with 220% YoY in certain regions of the world for many years. Even in 2008, when the economy stagnated, we still made 45% or more.\nOnboarding people into such an environment is weird. They all have been programmed by their university education and their previous work experience to build things that last, to consider things carefully and to be efficient, and save money at all cost.\nThat is not how anything works in a high-growth environment, at all. Rapid growth kills. The tech we build, we build it for a certain expected target size. Good tech can sustain a 10x growth (or shrinkage), but usually not much more. At a larger change, things tend to fall apart.\n$ bc -l \u0026gt;\u0026gt;\u0026gt; scale=3 \u0026gt;\u0026gt;\u0026gt; l(10)/l(2) 3.321 \u0026gt;\u0026gt;\u0026gt; l(10)/l(1.45) 6.204 When you double each year, 10x is 3.3 years, approximately. When you grow at Moore\u0026rsquo;s Law rate, 10x is 6.2 years, approx. In a high-growth an environment, when you write software, you can expect it to last around 4 years or so until it needs to be re-architected in order to continue to produce the same deliverables as before. You do not know how it will fail much in advance, nor do you know how the business environment will change much in advance: As you grow, bottlenecks will show up in unexpected places.\nIf you grow faster than Moore\u0026rsquo;s law, buying larger computers will not help you. You need to buy more computers, and change your code to run in a distributed environment. That changes performance fundamentally, and code needs to be changed in order to deal with the properties of distributed environments. Running distributed systems will add complexity that you really do not want in order to maintain growth, because it makes change harder and slower, which you really can\u0026rsquo;t use, if you grow fast.\nFinally, on top of the change in technology, you also need to deal with change in organiation, and to integrate a lot of new people which you need in order to deal with added complexity.\nThat means, several unusual things are important, others that people have been trained to take as important are not.\nFor example, in such an environment, all software is ephemeral. In four years time it will be largely useless. You do not know how things will fail unless you are close to failure. You have vision for about 12 months ahead, at most.\nYou will need to start to change your failing software by making architectural changes. You do not know if they will succeed in time. Do not follow one plan, follow all plans and hope that at least one succeeds in time.\nCost is relevant only in the sense that you must not pay for current expenses with future growth. You must be cash flow positive at all times, but actual earnings are largely irrelevant until growth flattens out below 45%. Never paying for current expense with future growth (not even for a short time) is very important, because you do not know if that future growth will materialize. If you ever run into a money vaccuum, you die very suddenly.\nActual earnings are much less important. Not dying from growth is already hard enough, the objective is to have new solutions in place in time, and speed matters more than cost.\nThis is a rare environment and people are generally not trained for it. It goes in fact against most of what they have been trained for. Getting that out of people\u0026rsquo;s minds in order to prepare them for success in such an environment is hard, much harder than what one would initially think, because you have to break down decades of education they had. You need to have then accept a reality that is very different from what they have learned.\n","date":"2023-09-19T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/19/the-gospel-of-efficiency-vs-actual-growth.html","tags":["lang_en","work"],"title":"The Gospel of Efficiency vs. Actual Growth"},{"categories":null,"content":"Golem schreibt: Über 2000 Skydrive-Lufttaxis vorbestellt .\nDas eVTOL Skydrive ist 13 x 13 Meter groß und 3 Meter hoch. Angetrieben wird es von zwölf Elektropropellern, die auf einem Gestell angebracht sind, ähnlich wie bei den Volocoptern. In dem eVTOL ist Platz für drei Personen: zwei Passagiere und eine, die es fliegt. Die Fluggeräte, die später ohne Pilot fliegen sollen, können auf einer relativ kleinen Fläche senkrecht starten und landen.\nund\nUrban Air Mobility (UAM) ist eine neue Form der Luftfahrt: Passagiere sollen mit Lufttaxis oder Taxidrohnen kürzere oder mittlere Strecken in der Stadt zurücklegen. Dadurch, dass ein Teil des Verkehrs in die Luft verlagert wird, sollen die Straßen weniger belastet werden.\nLärm Hier ist ein Video von einem Vorläufer dieses Modells, von 2020. Der Soundtrack ist wichtig:\nSkydrive Piloted Flight Demo. SkyDrive performed the first public flight demonstration of its SD-03 eVTOL on Aug. 25, 2020 (Video )\nBeim Deutschlandfunk Nova heißt es zum selben Problemkomplex: Drohnen: Wenn die Kettensäge kommt Die Drohnen werden aber nicht nur Päckchen bringen, sondern vor allem Lärm. Kommerzielle Drohnen, die Lasten transportieren, sind deutlich lauter als kleine Kameradrohnen. Je schwerer das Päckchen, desto lauter. Der Lärmpegel ist vergleichbar mit Laubsaugern, Rasenmähern und Kettensägen.\nund\nVideos, die die Lieferdrohnen bewerben, sind gerne mit Musik unterlegt, das Drohnengeräusch ist nicht zu hören.\nDownwash Ein anderer Effekt von Rotorflüglern jeder Art ist Newtons Gesetz: Jede Kraft erzeugt eine gleiche, entgegengesetzte Gegenkraft. Wenn ein Flugtaxi also bei Erdanziehung 1250 kg Schub aufwärts erzeugt, dann muß es auch einen 1250 kg Downwash geben.\nLuftströme am Rotorflügler, in der Luft (\u0026ldquo;out of ground effect\u0026rdquo;) und in Bodennähe (\u0026ldquo;in ground effect\u0026rdquo;). (ausführliche Erläuterungen )\nIn der Luft befindet sich unter einem Rotorflügler ein Abwindkorridor, dem andere Flieger fern bleiben müssen. Nahe dem Grund können Sand, Schnee oder Steine aufgewirbelt werden (Brownout, Whiteout).\nIn Helicopter Rotor Downwash – Excessive wind, FOD and brownouts, what are the risks? haben wir eine bildliche Darstellung von Downwash und auch eine Tabelle von Mindestabständen.\nBeispiele für Helicopter Rotor Downwash.\nGenerell werden 3-5 Rotordurchmesser als sicherer Abstand zu einem landenden oder startenden Helikopter genannt. Dies gilt für Personen, aber auch andere am Grund parkende Fluggeräte oder andere Gegenstände mit einer großen Angriffsfläche für Wind wie etwa belaubte Bäume.\nBei einem Volocopter mit einer Größe von 13x13 Metern also circa 50 x 50 Meter. Zum Vergleich: Ein frei stehendes Einzelhaus hat eine Grundfläche von 8x8 Metern, und steht auf einem Grundstück von 12x20 Metern.\nHier zwei Starts: der Hubschrauber kann relativ schnell an Höhe gewinnen, weil er nicht in seinen eigenen Downwash fliegt. Landungen sind wesentlich gemächlicher.\nStart von D-HBLN vom Metzplatz, Berlin vor dem Wenckebach-Krankenhaus. Die Bäume sind unbelaubt. (Video )\nStart eines Rettungshubschraubers von einem Spielplatz in Vijfhuizen, NL. Die Polizei hat das Gelände abgesperrt, etwa 50-70m Sicherheitsabstand. Der Downwash schüttelt die belaubten Bäume. (Video )\nEnergieverbrauch Schließlich ist noch der Energieverbrauch zu berücksichtigen, denn anders als Starrflügler können Rotorflügler und Drohnen nicht gleiten. Sie müssen also jederzeit in der Luft die volle Energie aufwenden, um ihr Gewicht gegen die Gravitation zu halten.\nDies setzt auch der Reichweite und Flugzeit enge und absolute Grenzen als Funktion der Energiedichte des Treibstoffs.\nFlugtaxis sind für Verkehrsprobleme was Kernfusion für Energieprobleme ist.\nBonuscontent: Downwash Vuichard Recovery Technique - How to escape a Vortex Ring State Planes clouds and vortices ","date":"2023-09-18T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/18/flugtaxi.html","tags":["lang_de","erklaerbaer","technik"],"title":"Flugtaxi"},{"categories":null,"content":"Somebody asked me very politely on the Fedi:\nWould you please post all but the first post in a thread as \u0026ldquo;unlisted\u0026rdquo;?\nI like to follow you, but the sum of all posts by you takes up so much space on my front page.\nThe answer to that request, also politely, is a firm \u0026ldquo;No.\u0026rdquo;\nSelection, ordering and presentation of posts is a client problem, which it has to solve, according to your configured preferences.\nOf course, my client (Tusky) recognizes a thread and shows it as such.\nBut all posts that are being sent as \u0026ldquo;public\u0026rdquo; are also shown separately on my front page.\nThat is an understandable problem, but not mine.\nI believe Tusky will also show you reposts of the same article by 17 different persons. In total, you get to see 18 copies of that article (the original and 17 copies). Would you ask these people to not repost because another of your followers already did that? You would not.\nTusky, and every other client must learn what it has shown previously, and to not show middle posts of threads if so desired.\nIf we start to take care of recipient presentation preferences on the sender\u0026rsquo;s side, we are getting into an impossible situation. The sum of all recipients has irreconcilable preferences.\nAlso, we would end up in a \u0026ldquo;USENET-situation,\u0026rdquo; where advancement becomes impossible. \u0026ldquo;No Umlauts, because my VT100 can\u0026rsquo;t render them.\u0026rdquo;\nI can\u0026rsquo;t and won\u0026rsquo;t ever care for any client\u0026rsquo;s presentation preferences. Get a client that can render stuff the way you want, and pay your client developers of choice to build the client you want.\nThis network is federated, with dozens of clients. This offers you choice and makes it impossible for me to care for you all. If you don\u0026rsquo;t like this, please unsubscribe to my account. The network is large, and you won\u0026rsquo;t miss my content.\nThanks.\n","date":"2023-09-18T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/18/the-need-for-smarter-clients.html","tags":["lang_en","mastdon","usenet"],"title":"The Need for Smarter Clients"},{"categories":null,"content":"Heise schreibt: Kernfusion: Deutschland fehlt laut Studie eine Strategie .\n\u0026ldquo;Der Fusionsenergie könnte in den nächsten zehn bis fünfzehn Jahren der entscheidende Durchbruch gelingen, aber Deutschland schaut nur staunend oder skeptisch zu\u0026rdquo;, kritisierte von Tschirschky. Deutschland brauche eine Fusionsstrategie für sämtliche Schritte von Lieferketten über Forschungsförderung bis zu Verwaltungsvorschriften.\nGolem schreibt: Deutschland fehlt laut Studie eine Strategie dafür In zehn bis fünfzehn Jahren könnte die Technik für die Stromerzeugung einsatzfertig sein, meint die Unternehmensberatung Strategy\u0026amp;.\nDie Studie hätte ich ja gerne mal gesehen. Denn soweit ich weiß, sind alle bisherigen kontrollierten terrestrischen Fusionen Energie-Negativ gewesen und haben zudem die unangenehme Eigenschaft, das Reaktorgefäß zu schmelzen, in dem sie stattfinden, würden sie lange genug laufen, um sinnvoll Energie zu erzeugen.\nAber schauen wir mal nach der Studie. Ich habe sie runtergeladen: Link . Die ist von \u0026ldquo;Strategy\u0026amp;\u0026rdquo;, einer Unternehmensberatung, die 2008 von Booz, Allen \u0026amp; Hamilton an PwC verkauft wurde. Die Studie malt die üblichen IEA Szenarien für die Energieversorgung der Zukunft auf, um dann auf eine hätte-könnte-würde Welt umzuschwenken, in der wir auf einmal Kernfusion haben. Dabei wird in diesen Slides Konjunktiv verwendet, denn es gibt keine dauerhafte existierende Kernfusion in diesem Planetensystem, außer in der Sonne.\nFusion energy may be the missing key to a sustainable, sufficient and affordable energy supply: Im Jahr 2040 taucht magisch Kernfusion auf, und im Jahr 2050 ersetzt sie komplett und just-in-time die fossile Restenergie.\nConsultantwitzchen am Rande: Das Lithium für die Fusion bekommen wir aus recycelten Batterien, hihi! Eigentlich brauchen wir Deuterium, und Lithium nur als Zwischenschritt für Tritium, aber Witz!\nDie Zutaten und das Resultat.\nDie Zutaten in unserem Fantasiebaukasten sind 100% Buzzword-Compliant:\nMagnets! Superleitend! AI! Quantencomputerz! Und High Powered Laz0rz! Alles muss unbedingt auf eine einsame Insel mit einem Vulkan, und wir brauchen auch eine weiße Perserkatze!\nHier eine technisch aussehende Zeichnung einsetzen, und diesmal nicht wieder eine von diesen Perry-Rhodan Rißzeichnungen, bitte!\nUnd jetzt bitte: FOMO Alarm! FOMO Alarm! Release the Fördermittelkraken! Denn: Es ist ein Rennen zwischen den Nationen! Energy too cheap to meter! Wir brauchen eine Strategie! Und Geld! Viel Geld!\nBitte stoppt sofort Fernfusion, wir haben bald schon Kernfusion! Und Perserkatzen mit Lasern!\nThe decisive advantage over existing renewables: Fusion energy is simultaneously base-load capable and easily scalable. Und der Feenstaubverbrauch ist minimal!\nSagte ich: \u0026ldquo;Energy to cheap to meter?\u0026rdquo;\nDas ist ein verbrannter Begriff aus den 50er Jahren. Wir haben stattdessen \u0026ldquo;secure and cheap oversupply.\u0026rdquo; Yay!\nThe amount of energy from raw materials for fusion available worldwide is sufficient for secure and cheap energy oversupply: 250 Kilo Treibstoff pro Jahr statt ganzer Güterzüge voller herkömmlicher Energieträger. Oder Berlin-Mitte überdachen. Halt, was? Wieso nicht? Eine Solarmall in Mitte kann unsere Energieprobleme auch lösen?\nWas fehlt denn dann noch für funktionierende Kernfusion? Naja, im Grunde nix, außer der Technik. An der wir schon seit 80 Jahren vergeblich herum erfinden. Aber diesmal ist es wirklich fast so weit.\nGroßes Unternehmensberaterehrenwort!\nThe remaining challenges until fusion\u0026rsquo;s commercial maturity are expected to be manageable with technology available today.\nDarum dreht jetzt unbedingt die Geldhähne auf, dann wird unsere Zaubertechnologie die kommende Klimakrise magisch weg putzen, ohne dass sich irgendjemand umstellen muss.\nWhat needs to be done now? A National Fusion Energy Strategy can turn Germany\u0026rsquo;s current position into an agenda for success.\nund\nIf Germany acts in time, fusion energy has the potential to become a new engine for the German national economy.\nErgebnis Ich bin under-fucking-whelmed von allem.\nAlso von diesem 18-Seiten-Null-Content Powerpoint, und hat irgendeiner der anwesenden \u0026ldquo;Journalisten\u0026rdquo;, die die Meldung gedruckt haben, sich den Fetzen auch nur mal kursorisch angesehen?\nIch sollte mehr Powerpoint machen, die Milliarden wären mein.\nDas Köhntopp Institut für Feenstaub, gebt mir Fördermittel! Ihr braucht eine Strategie, Leute, sonst wird das nichts, wenn die Feenstaub-Fässer in meinem Keller überlaufen und das Land mit Wunschpulver überfluten.\nSticker ","date":"2023-09-17T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/17/kernfusion.html","tags":["lang_de","erklaerbaer","technik"],"title":"Kernfusion"},{"categories":null,"content":"Die Niederlande halten es so: Aanrijding met voetganger of fietser .\nWer haftet bei einem Unfall mit einem Fußgänger oder Radfahrer? Radfahrer oder Fußgänger gelten als schwächere Verkehrsteilnehmer. Da sie im Verkehr gefährdet sind, sieht das Gesetz eine besondere Regelung für Unfälle mit Kraftfahrzeugen vor. Abhängig vom Alter des Radfahrers ist der Eigentümer des Kraftfahrzeugs ganz oder teilweise für den Schaden des Radfahrers verantwortlich. Umgekehrt kann der Autofahrer den Schaden, den er aufgrund eines Fehlers eines Radfahrers oder Fußgängers erleidet, beim Radfahrer oder Fußgänger (oder seiner Haftpflichtversicherung) geltend machen. In diesem Fall gelten die normalen gesetzlichen Regeln.\nSchutz durch das Gesetz (Artikel 185 Straßenverkehrsgesetz) Normalerweise muss man nach einem Unfall beweisen, dass die andere Partei haftbar ist. Dies gilt nicht, wenn Sie als Radfahrer oder Fußgänger von einem Kraftfahrzeug (Auto, Motorrad, Moped, Roller usw.) angefahren werden. Das Gesetz bestimmt, dass der Fahrer des Kraftfahrzeugs haftbar ist, es sei denn, er kann höhere Gewalt nachweisen. Dies ist eine Form der \u0026ldquo;Risikohaftung\u0026rdquo;. Dabei muss man keine Schuld am Unfall haben, ist aber dennoch haftbar. Dies mag ungerecht erscheinen, aber der Radfahrer oder Fußgänger hat ein höheres Verletzungsrisiko aufgrund des Gewichts des Kraftfahrzeugs.\nHöhere Gewalt Höhere Gewalt liegt vor, wenn der Autofahrer beweisen kann, dass ihm kein Vorwurf gemacht werden kann. Und der Fehler des anderen Verkehrsteilnehmers muss so unwahrscheinlich gewesen sein, dass der Autofahrer nicht damit rechnen musste. In der Praxis ist es schwer, höhere Gewalt nachzuweisen, und der Eigentümer des Kraftfahrzeugs wird oft haftbar sein.\nBeispiel für höhere Gewalt des Autofahrers Ein Fußgänger wird plötzlich von jemand anderem hart gegen ein vorbeifahrendes Auto gedrückt. Der Fußgänger erleidet dabei Verletzungen und möchte den Autofahrer haftbar machen. Das Gericht hat entschieden, dass in diesem speziellen, außergewöhnlichen Fall höhere Gewalt vorliegt und der Autofahrer daher nicht haftbar ist.\nBeispiel für keine höhere Gewalt des Autofahrers Ein 15-jähriges Kind fährt in der Nähe einer Schule plötzlich auf die Straße. Das Kind wird von einem Autofahrer angefahren, der die Höchstgeschwindigkeit einhält. Das Kind bricht sich das Bein. Der Autofahrer hätte das Kind sehen können, hat jedoch nicht seine Geschwindigkeit reduziert. Es liegt keine höhere Gewalt vor, da dem Autofahrer ein (geringer) Vorwurf gemacht werden kann. Die Versicherung des Autos muss 50% des Schadens des Kindes bezahlen.\nDie Praxis In der Rechtsprechung wird zwischen Radfahrern und Fußgängern ab 14 Jahren und Kindern unter 14 Jahren unterschieden.\nRadfahrer oder Fußgänger ab 14 Jahren Der Fahrer des Kraftfahrzeugs ist haftbar und muss den Schaden des Radfahrers oder Fußgängers erstatten, es sei denn, der Fahrer kann höhere Gewalt nachweisen. Bei höherer Gewalt erhält der Radfahrer oder Fußgänger keine Entschädigung. Gibt es keine höhere Gewalt, erhält der Radfahrer oder Fußgänger immer mindestens 50% seines Schadens erstattet, auch wenn eigenes Verschulden des Radfahrers oder Fußgängers vorliegt. In einigen Fällen kann der Radfahrer oder Fußgänger bei eigenem Verschulden mehr als 50% erhalten. Dies hängt unter anderem von der Schwere der Verkehrsfehler beider Parteien, der Schwere der Verletzungen und der Versicherung der Schäden ab (die sogenannte \u0026ldquo;Billigkeitskorrektur\u0026rdquo;). Der Radfahrer oder Fußgänger erhält also immer (auch bei eigenem Verschulden) zwischen 50% und 100% seines Schadens erstattet.\nBeispiel Ein Autofahrer fährt im Schritttempo in einem verkehrsberuhigten Wohngebiet. Plötzlich tritt ein 20-jähriger Fußgänger hinter einem geparkten Auto hervor. Sie wird von dem Auto angefahren und schwer verletzt. Das Gericht stellt fest, dass der Autofahrer zu 30% schuld am Unfall ist und der Fußgänger zu 70%. Normalerweise würde der Fußgänger nur 30% seines Schadens erstattet bekommen. Aber die Regel besagt, dass der Fußgänger mindestens 50% seines Schadens erstattet bekommt. Also erhält sie trotz der 70% \u0026ldquo;eigenen Schuld\u0026rdquo; des Fußgängers mindestens 50% ihres Schadens erstattet.\nDa der Fußgänger schwer verletzt ist, kann das Gericht es für angemessen halten, dass sie mehr als 50% erhält, zum Beispiel 80% ihres Schadens.\nRadfahrer oder Fußgänger unter 14 Jahren Für Radfahrer oder Fußgänger unter 14 Jahren gilt eine etwas andere Regel. Der Grund dafür ist, dass das Verständnis für den Verkehr bei Kindern noch nicht gut entwickelt ist.\nBei einem Unfall zwischen einem Kraftfahrzeug und einem Radfahrer oder Fußgänger unter 14 Jahren erhält dieser immer 100% seines Schadens erstattet, auch wenn dem Autofahrer nichts vorgeworfen werden kann. Dies ist nur anders, wenn der Fahrer des Kraftfahrzeugs nachweisen kann, dass das Kind den Unfall vorsätzlich verursacht hat. Das ist äußerst selten der Fall. Beispiel Ein 11-jähriges Kind fährt ohne aufzupassen aus einer Ausfahrt heraus. Die Ausfahrt ist von der Straße aus schlecht sichtbar. Das Kind biegt blindlings nach links auf die Straße ab und wird von einem Motorradfahrer angefahren. Das Kind wird schwer verletzt. Der Motorradfahrer konnte überhaupt nichts tun. Trotz der Fehler des Kindes haftet der Motorradfahrer und muss 100% des Schadens des Radfahrers erstatten. Denn es gab keine absichtlich begangenen Fehler seitens des Kindes.\nSchäden am Kraftfahrzeug verursacht durch Radfahrer oder Fußgänger Wenn ein Kraftfahrzeug Schäden aufweist, die durch einen Fehler eines Radfahrers oder Fußgängers verursacht wurden, kann der Eigentümer des Kraftfahrzeugs seinen Schaden geltend machen. Dies kann er direkt beim Radfahrer oder Fußgänger tun (oder bei deren Haftpflichtversicherung). In diesem Fall gelten die normalen gesetzlichen Regeln, mit einigen Ausnahmen:\nDer Fahrer des Kraftfahrzeugs muss beweisen, dass der Fußgänger oder Radfahrer einen Fehler gemacht hat. Um 100% des Schadens erstattet zu bekommen, muss der Autofahrer beweisen, dass für ihn höhere Gewalt vorliegt. Dies wird in der Regel nicht der Fall sein, da man als Autofahrer immer mit Fehlern von Fußgängern oder Radfahrern rechnen muss. Wenn der Fahrer selbst auch einen Fehler gemacht hat, muss er einen Teil oder die gesamten Schäden selbst bezahlen. Dies hängt von der Schwere der beiderseitigen Verkehrsfehler ab. Rolle der Versicherungen Oftmals haben Radfahrer oder Fußgänger eine Haftpflichtversicherung für Privatpersonen (AVP). Der Fahrer des Kraftfahrzeugs kann dann seinen Schaden bei dieser Versicherung geltend machen.\nWenn der Fahrer des Kraftfahrzeugs einen Teil oder die gesamten Schäden bezahlen muss, kann er möglicherweise auf seine eigene Versicherung zurückgreifen (wie die Vollkasko- und/oder Insassenversicherung).\nBeispiele Ein Radfahrer fährt gegen ein stehendes Auto, das an einer roten Ampel wartet, wodurch der Seitenspiegel beschädigt wird. Da der Radfahrer einen Fehler gemacht hat und dem Autofahrer nichts vorzuwerfen ist (höhere Gewalt), haftet der Radfahrer. Der Autofahrer erhält 100% seines Schadens erstattet. Der Autofahrer fährt auf der Fahrbahn. Ein Radfahrer fährt entgegen der Fahrtrichtung auf dem benachbarten Radweg. Von der Fahrbahn aus ist der Radfahrer aufgrund von Bepflanzung nicht sichtbar. Der Autofahrer möchte rechts abbiegen und schaut zunächst sorgfältig nach (Motor-)Radfahrern. Beim Abbiegen stößt er dennoch gegen den Radfahrer. Der Autofahrer hat eine erhebliche Delle in seiner Motorhaube. Der Autofahrer erhält nicht 100% seines Schadens erstattet, da er keine höhere Gewalt nachweisen kann. Trotz der Tatsache, dass der Autofahrer nichts für den Unfall konnte, muss er den Fehler des Radfahrers berücksichtigen. Der Autofahrer trägt 25% seiner eigenen Schäden. Der Radfahrer muss 75% der Schäden bezahlen. ","date":"2023-09-16T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/16/haftungsfragen.html","tags":["lang_de","mobility","bike"],"title":"Haftungsfragen"},{"categories":null,"content":"Heute lernte ich, daß das Utility sshpass existiert. Ich habe das beim Lesen eines .gitlab.ci.yml Files gelernt. Und ihr wundert Euch, wieso Sysadmins alle Schwarz tragen und an Whisky interessiert sind.\nWas ist sshpass werdet ihr jetzt fragen?\nUnd RedHat erklärt:\nThe sshpass utility is designed to run SSH using the keyboard-interactive password authentication mode, but in a non-interactive way.\nWarum der Artikel jetzt nach und vor diesem Satz dann erklärt, wie man das benutzt, statt zu zeigen, warum man das nie braucht und wie man es ersetzt ist unklar.\nAber Homebrew ist hilfreich:\n$ brew search sshpass ==\u0026gt; Formulae sshs If you meant \u0026#34;sshpass\u0026#34; specifically: We won\u0026#39;t add sshpass because it makes it too easy for novice SSH users to ruin SSH\u0026#39;s security. Das fasst es in etwa zusammen. Okay, einmal das ganze gitlab, alle .gitlab-ci.yml, alle Branches, nach sshpass -p suchen.\nEs wird schlimmer Ich konnte das nicht auf sich beruhen lassen, obwohl es Dinge gibt, bei denen einem das Wissen mehr schadet als das Unwissen.\nStackoverflow weiß :\nHow to install sshpass on Mac?\nAccepted Answer:\ncurl -L https://raw.githubusercontent.com/\u0026lt;...\u0026gt;Formula/sshpass.rb \u0026gt; sshpass.rb \u0026amp;\u0026amp; \\ brew install sshpass.rb \u0026amp;\u0026amp; \\ rm sshpass.rb Ich will hochgebeamt werden. Hier ist kein intelligentes Leben möglich.\nAn die Zwischenrufer Aber ich brauche das doch, weil mein BMC keine Keys \u0026hellip;\nGithub: hpilo Github: bmcbutler Github: dora Normal wird man die entsprechenden Zertifikate und Pubkeys beim Start der VM oder des Containers durch cloud-init installieren, nachdem sie von der Controlplane des Clusters da hin transportiert worden sind. Bei Bare Metal kann der Installserver die Bootstrap-Pubkeys als Teil der Customization des Installationsprozesses mit installieren.\n","date":"2023-09-15T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/15/sshpass.html","tags":["lang_de","security","hack"],"title":"sshpass"},{"categories":null,"content":"A UNIX filename can contain arbitrary bytes in an arbitrary sequence, with two exceptions:\nIt cannot contain NUL (\\0). It cannot contain slash (/), because that is the directory separator. But will all filesystems accept such filenames? And how will this work with languages such as Python, which require all strings to be valid utf-8 and which declare the filesystem interface to accept and return strings?\nA test program Let\u0026rsquo;s check. Here is a small C program, based on this stackoverflow article .\n#include \u0026lt;stdio.h\u0026gt; #include \u0026lt;sys/stat.h\u0026gt; #include \u0026lt;unistd.h\u0026gt; char* examples[] = { \u0026#34;a\u0026#34;, \u0026#34;\\xc3\\xb1\u0026#34;, \u0026#34;\\xc3\\x28\u0026#34;, \u0026#34;\\xa0\\xa1\u0026#34;, \u0026#34;\\xe2\\x82\\xa1\u0026#34;, \u0026#34;\\xe2\\x28\\xa1\u0026#34;, \u0026#34;\\xe2\\x82\\x28\u0026#34;, \u0026#34;\\xf0\\x90\\x8c\\xbc\u0026#34;, \u0026#34;\\xf0\\x28\\x8c\\xbc\u0026#34;, \u0026#34;\\xf0\\x90\\x28\\xbc\u0026#34;, \u0026#34;\\xf0\\x28\\x8c\\x28\u0026#34;, \u0026#34;\\xf8\\xa1\\xa1\\xa1\\xa1\u0026#34;, \u0026#34;\\xfc\\xa1\\xa1\\xa1\\xa1\\xa1\u0026#34;, }; int main(void) { int result; FILE *fp; result = mkdir(\u0026#34;keks\u0026#34;, 0755); // don\u0026#39;t care if exists result = chdir(\u0026#34;keks\u0026#34;); // don\u0026#39;t care if succeed. for (int i = 0; examples[i]; i++) { printf(\u0026#34;%s\\n\u0026#34;, examples[i]); fp = fopen(examples[i], \u0026#34;w\u0026#34;); if (!fp) { printf(\u0026#34;unable to open %d (%s)!\\n\u0026#34;, i, examples[i]); continue; } else { fprintf(fp, \u0026#34;keks\\n\u0026#34;); fclose(fp); } } return 0; } XFS When running this on a Linux system with XFS, this works:\nThe program runs and generates all files. Even those with byte sequences that are not valid utf-8.\nThis works the same with ext4 on Linux.\nZFS When running this on a Linux system with ZFS, filenames containing invalid utf-8 sequences are rejected.\nThe program runs and generates files with valid utf-8 names. The open(2) syscall fails for names with invalid utf-8 filenames.\nAPFS When running this on a MacOS Ventura system with APFS, filenames containing invalid utf-8 sequences are rejected.\nThe program runs and generates files with valid utf-8 names. The open(2) syscall fails for names with invalid utf-8 filenames.\nUnpacking invalid utf-8 filenames with Python I went and creates a tar archive of the files generated on XFS and copied it over to my Mac.\nThe following test program was used to unpack the tar:\n#! /usr/bin/env python from tarfile import TarFile import chardet import os with TarFile.open(\u0026#39;test.tar\u0026#39;, \u0026#39;r\u0026#39;) as t: names = t.getnames() for name in names: bname = bytearray(name, \u0026#39;raw\u0026#39;) print(chardet.detect(name)) The test run fails:\n(venv) $ python tarnames.py Traceback (most recent call last): File \u0026#34;.../tarnames.py\u0026#34;, line 15, in \u0026lt;module\u0026gt; bname = bytearray(name, \u0026#39;raw\u0026#39;) ^^^^^^^^^^^^^^^^^^^^^^ LookupError: unknown encoding: raw Intermediate result It probably is useful to restrict POSIX further and demand that filenames are always valid utf-8. But that is not what the standard currently says, and also not what all filesystems guarantee. And it can lead to unexpected behavior.\nAlso, some programming languages such as Python demand of strings that they have valid utf-8 encoding, but use filenames and strings equivalently.\nThat can lead to weird behavior.\nFurther research Apparently there is a function sys.getfilesystemencoding() without parameters. Python seems to assume that all filesystems have the same encoding and that it is not path dependent.\nApparently there are os.fsencode() and os.fsdecode() .\nModified Python code We are using os.fsencode() to get bytes from the filesystem interface. We are then using chardet.detect() on this byte-string and check the guesses.\n#! /usr/bin/env python from tarfile import TarFile import chardet import os with TarFile.open(\u0026#39;test.tar\u0026#39;, \u0026#39;r\u0026#39;) as t: names = t.getnames() for name in names: bname = os.fsencode(name) print(f\u0026#34;{bname=}\u0026#34;) print(chardet.detect(bname)) The result:\nbname=b\u0026#39;keks\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;ascii\u0026#39;, \u0026#39;confidence\u0026#39;: 1.0, \u0026#39;language\u0026#39;: \u0026#39;\u0026#39;} bname=b\u0026#39;keks/a\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;ascii\u0026#39;, \u0026#39;confidence\u0026#39;: 1.0, \u0026#39;language\u0026#39;: \u0026#39;\u0026#39;} bname=b\u0026#39;keks/\\xc3\\xb1\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;ISO-8859-1\u0026#39;, \u0026#39;confidence\u0026#39;: 0.73, \u0026#39;language\u0026#39;: \u0026#39;\u0026#39;} bname=b\u0026#39;keks/\\xc3(\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;ISO-8859-1\u0026#39;, \u0026#39;confidence\u0026#39;: 0.73, \u0026#39;language\u0026#39;: \u0026#39;\u0026#39;} bname=b\u0026#39;keks/\\xa0\\xa1\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;IBM866\u0026#39;, \u0026#39;confidence\u0026#39;: 0.99, \u0026#39;language\u0026#39;: \u0026#39;Russian\u0026#39;} bname=b\u0026#39;keks/\\xe2\\x82\\xa1\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;Windows-1252\u0026#39;, \u0026#39;confidence\u0026#39;: 0.73, \u0026#39;language\u0026#39;: \u0026#39;\u0026#39;} bname=b\u0026#39;keks/\\xe2(\\xa1\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;ISO-8859-1\u0026#39;, \u0026#39;confidence\u0026#39;: 0.73, \u0026#39;language\u0026#39;: \u0026#39;\u0026#39;} bname=b\u0026#39;keks/\\xe2\\x82(\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;Windows-1252\u0026#39;, \u0026#39;confidence\u0026#39;: 0.73, \u0026#39;language\u0026#39;: \u0026#39;\u0026#39;} bname=b\u0026#39;keks/\\xf0\\x90\\x8c\\xbc\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;Windows-1254\u0026#39;, \u0026#39;confidence\u0026#39;: 0.48310298982778344, \u0026#39;language\u0026#39;: \u0026#39;Turkish\u0026#39;} bname=b\u0026#39;keks/\\xf0(\\x8c\\xbc\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;Windows-1252\u0026#39;, \u0026#39;confidence\u0026#39;: 0.73, \u0026#39;language\u0026#39;: \u0026#39;\u0026#39;} bname=b\u0026#39;keks/\\xf0\\x90(\\xbc\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;Windows-1254\u0026#39;, \u0026#39;confidence\u0026#39;: 0.5521177026603239, \u0026#39;language\u0026#39;: \u0026#39;Turkish\u0026#39;} bname=b\u0026#39;keks/\\xf0(\\x8c(\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;Windows-1252\u0026#39;, \u0026#39;confidence\u0026#39;: 0.73, \u0026#39;language\u0026#39;: \u0026#39;\u0026#39;} bname=b\u0026#39;keks/\\xf8\\xa1\\xa1\\xa1\\xa1\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;ISO-8859-1\u0026#39;, \u0026#39;confidence\u0026#39;: 0.73, \u0026#39;language\u0026#39;: \u0026#39;\u0026#39;} bname=b\u0026#39;keks/\\xfc\\xa1\\xa1\\xa1\\xa1\\xa1\u0026#39; {\u0026#39;encoding\u0026#39;: \u0026#39;ISO-8859-1\u0026#39;, \u0026#39;confidence\u0026#39;: 0.73, \u0026#39;language\u0026#39;: \u0026#39;\u0026#39;} The guesses are trying to find a valid charset for the bytestring, and they find the lowest (least large) charset that matches.\n","date":"2023-09-14T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/14/invalid-utf8-vs-the-filesystem.html","tags":["lang_en","filesystems","computer","unix"],"title":"Invalid-UTF8 vs the filesystem"},{"categories":null,"content":"Das neue Auto hat eine Batterie mit 60 kWh Kapazität, also muss es 42 kWh aufnehmen, um von 10 % auf 80 % zu kommen. Die 80 % sind eine Art magische Grenze, weil die Ladegeschwindigkeit des Autos insbesondere beim Schnellladen unterwegs vom Füllstand der Batterie abhängig ist, und ab 80 % stark absinkt. Die letzten 20 % dauern also lange.\nDazu kommt, daß das Auto auch beim elektrischen Bremsen – beim Rekuperieren – lädt und wenn der Akku-Füllstand über 80 % ist, ist das Rekuperationsvermögen durch die geringere Ladegeschwindigkeit der Batterie eingeschränkt. Ist das Auto also in städtischen Umgebungen unterwegs, wird man beim dauernden Bremsen im Stadtgebiet oberhalb von 80 % Energie durch mechanischen Bremsen verschwenden, anstatt sie durch elektrisches Bremsen zurückzugewinnen.\nLadeleistung Ersetzt werden müssen\n60 kWh * (0.8 - 0.1) = 42 kWh und das dauert circa 30 Min. bis 35 Min. an einem Schnell-Lader, zum Beispiel von Fastned.\nLadekurve für den Renault Megane 60 kWh an einem Schnell-Lader von Fastned. Man erkennt, wie die Ladeleistung mit zunehmendem Akku-Füllstand sinkt und gegen Ende sogar unter die Motorleistung (55 kW Dauerleistung) absinkt.\nKosten Mit Fastned Gold bezahlt man 0.483 Euro/kWh, also\n42 * 0.483 = 20.28 Euro # Laden von 10 % bis 80 % 14 * 0.483 = 6.76 Euro # Laden von 100 km Reichweite für einen Ladevorgang bzw. für 100 km Reichweite bei 14 kWh/100 km. Daheim kostet die kWh in der Theorie 33 Cent, das wären dann entsprechend 13,86 Euro für 42 kWh und 4.62 Euro für 100 km Reichweite. Das ist theoretisch, weil wir bis Ende 2024 noch die Saldierungsregelung haben, bei der die Solarproduktion mit dem Verbrauch 1:1 verrechnet wird, und wir fett Guthaben haben.\nDaheim fährt das Auto also gratis.\nUnsere Solaranlage in O/W-Lage produziert ihr Maximum am späten Nachmittag, um circa 17:00 Uhr. Auch dann werden 5 kW nicht überschritten. Das Laden des Autos zieht jedoch 11 kW, sodaß ein reines Überschußladen ohne spezielle Steuerung nicht möglich ist. Selbst dann sind 42 kWh Ertrag am Tag nur an guten Tagen im Hochsommer machbar.\nUm den Anteil des selbst erzeugten Stromes zu maximieren, wäre es sinnvoll, das Auto oft zu laden, und auch die Ladeleistung des Anschlusses auf die Menge des selbst produzierten Stromes zu begrenzen (\u0026ldquo;Überschußladen\u0026rdquo;).\nViele Ladepunkte können das nicht von Hause aus, und selbst bei denen, die es können, setzt die Elektronik enge Grenzen: Der Regelbereich für den Ladestrom geht vom Maximum von 16 Ampere bis auf minimal 6 Ampere herab. Bei drei Phasen ist die minimale Ladeleistung also 6 Ampere * 230 V * 3 Phasen = 4140 Watt, kann man Auto und Ladesäule auf eine Phase einschränken, kann man immerhin auf 1380 Watt herunter.\nIm Bild ist erkennbar, daß der Energieverbrauch am Meßtag für den Gesamthaushalt 50.8 kWh war, dem 17.2 kWh Produktion gegenüber stehen. Davon wurden 6.9 kWh eingespeist, und 40.5 kWh bezogen. Insgesamt hatten wir an diesem Tag einen Unterschuß von 33.65 kWh.\nOhne den heimischen Ladepunkt hätten wir an einen öffentlichen Ladepfahl gegen müssen. Der nächstgelegene Ladepunkt ist eine Querstraße weiter und auch nicht teurer: Wir zahlen 0.34 Euro/kWh.\nÖffentlicher Ladepunkt von Vattenfall bei Nutzung mit einer Vattenfall InCharge oder Eneco Karte. Die Energiekosten liegen bei 0.34 Euro/kWh.\nMobilität ist energieintensiv Für die Akten:\nWir verbrauchen ohne Auto im Schnitt 15 kWh/Tag im Haus (3 Leute, ein Rechner, der alleine 900 kWh/Jahr zieht), für 5500 kWh/Jahr, und eine Basislast von 300 Watt nachts. Das ist im Vergleich recht viel.\n100 km im großen Auto sind 14 kWh/100 km, also etwa so viel wie ein Haus-Tag.\n100 km im Carver sind 7 kWh/100 km, also 1/2 Haus-Tag. Der Carver hat auch nur einen Schnarchlader, also Schuko, und kann direkt aus dem Solar-Array laden, nachmittags, von März bis Oktober.\nWie oft und wo laden? 10 % bis 80 % von einem 60 kWh Akku sind 42 kWh, und bei einem Verbrauch von 14 kWh (Sommer) sind die in 3 Stunden leer. Ich muss also alle 3 Stunden eine halbe Stunde pausieren, um zu laden.\nIm Winter vermutlich öfter, aber ich glaube, im Winter will ich eine Tour Amsterdam–Berlin eher mit der Bahn machen.\nDas große Auto hat eine Reichweite von 300 bis 400 km, je nachdem wie man es fährt. Der Carver hat eine Reichweite von 100 km und verbraucht die Hälfte vom großen Auto.\nBeide Fahrzeuge können wir daheim laden, und beide Fahrzeuge erledigen lokale Fahrten ohne Fremdladen: Sie werden in der Regel daheim geladen. Das ist in der Regel 1-2 mal die Woche der Fall.\nNur bei Fernreisen geht der Renault an fremde Lader, und dann an Schnell-Lader.\nFahrerlebnis Im Stadtverkehr ist das Elektroauto eine Offenbarung. Es ist super sparsam, weil das ganze Beschleunigen durch Bremsen mit Rekuperation wieder zu Akkuladung umgewandelt wird (ca. 70 % Effizienz), während ein Verbrenner in dieser Situation gerne einmal säuft.\nAuch Beschleunigen und den Hintern aus dem Weg räumen oder im Stau ohne Nerv vorwärts kriechen ist mit einem Elektroauto sehr viel weniger nervig. Die Fahrassistenzsysteme im großen Auto machen es noch angenehmer, aber selbst der Carver glänzt.\nAuf der Autobahn lernt man gleichmäßige gemächliche Geschwindigkeiten sehr schätzen.\nIch glaube, das Tempolimit von 120 km/h wird in Deutschland faktisch automatisch kommen, sobald nur genügend elektrische Autos auf der Straße sind. Niemand in so einer Kiste hat dauerhaft das Bedürfnis, sinnlos Akku durchzubladen ohne Effekt. Die Verbrenner-Raser sitzen dann zwischen den ganzen e-Mobilen fest.\n","date":"2023-09-13T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/13/energiekosten-beim-elektroauto.html","tags":["lang_de","energy","verkehr"],"title":"Energiekosten beim Elektroauto"},{"categories":null,"content":"Heise schreibt: Kommentar: Massenexodus bei Grindr – von den (Un-)Schönheiten des Homeoffice Ein Kommentar, der sich am Massenexodus bei Grindr abarbeitet, aber nicht weiß, was er will.\nBei Grindr bildet sich eine Gewerkschaft, und viele Mitarbeiter werden Mitglied. Aus Rache führt die Firma Hybrid mit mindestens 2 Tagen pro Woche Anwesenheit ein. Daraufhin kündigen mehr als 50 % der Mitarbeiter.\nDer Artikel sieht das nicht als collective action der Mitarbeiter, sondern als eine Folge von Individualentscheidungen. Er sieht auch irgendwie Vorteile für die Firma (\u0026ldquo;Geringere Kosten\u0026rdquo; und magische \u0026ldquo;höhere Produktivität\u0026rdquo;), und versucht dann eine Art Brücke zu schlagen (\u0026ldquo;Firmen sollten auf Mitarbeiter hören.\u0026rdquo;).\nDas ist in Summe aussagelos und von der wirtschaftlichen Analyse her Quatsch.\nAuftragstaktik In den drei Covid-Jahren haben sich in allen Firmen sehr stabile und produktive Remote-First Strukturen ausgebildet. Sehr viele Mitarbeiter haben sehr schnell gelernt, dass zweimal eine Stunde Commute pro Tag mehr Belastung waren, als sie bewusst bemerkt haben. Sie waren sehr froh, diese Lebenszeit zurückzubekommen.\nZudem haben sie gemerkt, daß Management by Objectives – nahezu die einzige Methode, die Remote First funktioniert – viel sinnvoller ist als fast alles andere.\nWer mehr wissen will: Florian Haas hat darüber ja auch schon unter Referenz auf die Auftragstaktik nachgedacht und in The Art of Action beschäftigt sich quasi ein ganzes Buch mit dem Thema \u0026ldquo;Auftragstaktik in der Unternehmensführung umsetzen\u0026rdquo; und Clausewitz \u0026ldquo;Vom Kriege\u0026rdquo; in der Wirtschaft.\nWenn Unternehmen nun – aus welchem Grund auch immer – versuchen, das zurückzudrehen, dann erzeugen sie damit eine große Unzufriedenheit bei ihren Mitarbeitern und drehen die Fluktuation hoch bis zum Anschlag. Sie machen dabei keinen Gewinn, denn sie verlieren genau die Mitarbeiter, die sie behalten müssen und wollen. Unternehmen bluten vom Kopfe her.\nArbeitsmarkt Und sie schneiden sich von einem Arbeitsmarkt ab.\nIn dem wegweisenden Essay The Trimodal Nature of Software Engineering Salaries in the Netherlands and Europe beschreibt Gergely Orosz die Struktur des Arbeitsmarktes bei Wissensarbeitern.\nEr tut das am Beispiel von Amsterdam, aber meiner Erfahrung nach ist das weltweit so, mit unterschiedlichen Limits bei den lokalen Märkten. Unternehmen müssen wissen, aus welchem Pool sie Personen ansprechen und einstellen wollen, und sie müssen wissen, wie man mit der entsprechenden Gruppe Leute arbeitet. Der Vorteil von Remote First Unternehmen ist, daß sie aus dem globalen Markt einstellen können, aber oft zu Preisen aus einem nationalen Markt.\nEin frühes Beispiel dafür war MySQL AB, die mit 500 Leuten in 26 Ländern ein extremes Beispiel für eine verteilte Firma waren, und die weltweit eingestellt hat, aber keinen Umzug gefordert hat.\nStattdessen hat man bewusst Strukturen geschaffen, in denen ein verteiltes Team Gemeinschaft bildet, sich 4x im Jahr getroffen (in Ländern, die unproblematisch mit Visa umgingen), und man hat diese Treffen systematisch vorbereitet, damit sie effektiv waren. Und ja, jede Menge MbO/Auftragstaktik.\nEine moderne Beschreibung solcher Methoden findet man in Effective Remote Work von James Stanier.\nDie Folgen von RTO In den drei Covid-Jahren sind in vielen Firmen ebenfalls solche Strukturen entstanden, aber oft zufällig, partiell, nicht gesteuert und unverstanden.\nWenn ein solcher Laden jetzt aus welchem Grund auch immer \u0026ldquo;Return to Office\u0026rdquo; ausruft, dann passieren mehrere Dinge:\nDie Firma schneidet sich vom weitweiten Staffing Pool (zu nationalen Preisen) ab, Hiring wird schwierig. Denn neue Mitarbeitys müssen umziehen und dem stehen Verpflichtungen vor Ort, Visa und Arbeitserlaubnisse und viele andere Dinge im Weg. Die Firma erzeugt ohne Not die Situation oben für alle existierenden Mitarbeiter, die in den drei Covid-Jahren dazu gekommen sind, aber nicht umgezogen sind. Alle die werden gehen. Die Firma bringt den Commute zurück zu Menschen, die begriffen haben, dass der Commute notlose Verschlechterung der Lebensqualität ist. Auch hier Kündigungswelle. Welche Leute werden gehen?\nZuerst immer die, die Optionen haben. Also die hoch qualifizierten, deren Recruiter-Spam in der Inbox am größten ist. Der Pull-Faktor ist ja schon da, den Push und den Anlass hat die Firma eben geliefert.\nEs sind also gerade die Leute, bei denen der Arbeitgeber einen Anlass hat, Retention zu fahren, die der Arbeitgeber zuerst verliert. Das ist immer und für jede Firma ein sehr großer Nettoverlust, und noch dazu ein schlecht gesteuerter.\nWenige Läden können einen Verlust von 50 % der Belegschaft verkraften, ohne dass es zu einem massiven Verlust an Qualität, Produktivität, organisatorischem Wissen und Prozeßreife kommt.\nNeben dem Verlust an Know-How und nicht verschriftlichtem Wissen, der erhöhten Arbeitslast für die verbleibenden Mitarbeiter kommt noch der Druck auf alle für Interviews und Training neuer Kollegen dazu. Das erzeugt eine Delle in Qualität und Produktivität von 1 bis 2 Jahren, Stagnation oder gar Regress. Es gibt kein Wertmodell für eine Firma, in der so etwas positive Auswirkungen hat.\nAuch Entlassungen fördern ungesteuerte Verluste Etwas Ähnliches passiert bei Entlassungen: Neben den Leuten, die man entläßt (gesteuert und nach Ansicht der Firma am unteren Ende) wird man gewiss noch 2x mehr Leute verlieren, aber am oberen Ende. Für diese Menschen ist der zweite, ungeschriebene Vertrag gebrochen worden, und sie nehmen die resultierende Unsicherheit als Anstoß, Pull-Faktoren nachzugeben.\nIn jedem Fall bluten Firmen bei solchen Änderungen. Sogar dann, wenn sich nicht aus billiger Rache erfolgen, sondern gesteuert und mit Unterstützung des Managements sanft durchgeführt werden, kommt es leicht mit großen zweistelligen prozentualen Verlusten und jahrelangen Folgen.\nFirmen lernen gerade, wie wichtig Personen als Individuen sind. Viele Organisationen sind mit dieser, der kapitalistischer Ideologie widersprechenden Erfahrung sehr unzufrieden und tief in Denial.\nCompanies forcing their employees back into the office will lose talent and keep wage serfs. \u0026ndash; Volker Weber (@vowe@social.heise.de )\n","date":"2023-09-12T00:00:00Z","href":"https://blog.koehntopp.info/2023/09/12/kein-homeoffice-keine-kekse.html","tags":["lang_de","work","remote first"],"title":"Kein Homeoffice, keine Kekse"},{"categories":null,"content":"(based on a series of posts on Mastdon)\nEin Heise-Artikel über Admin-Gehälter und ich schrieb dazu auf Mastodon:\nEin hoffentlich aussterbender Beruf Der Beruf des \u0026ldquo;Admins\u0026rdquo; ist - hoffentlich - eine aussterbende Tätigkeit.\nEr wird zunehmend ersetzt durch die Kombination von Infrastrukturentwicklung und Support. Infrastrukturentwicklung befasst sich dabei mit der Automatisierung von Provisionierung, Konfiguration, Betrieb, Überwachung und Aktualisierung. Neben Kenntnissen über Betrieb sind auch Kenntnisse der Programmentwicklung notwendig.\nMehr zu Devops in einem älteren Talk von mir.\nBetriebsprozesse finden und durch Code unterstützen Der Wert von Infrastrukturentwicklung bemisst sich dabei im Finden und Schaffen von operativen Prozessen, die einen Dienst sicher in vorhersagbarer Qualität unterbrechungsfrei anbieten zu erlauben.\nDas - der Wert und die Schwierigkeit von Operations - ist auch etwas, das von vielen Feature-Entwicklern und Software-Entwicklungsorganisationen weit unterschätzt wird. Das ist einer der Gründe, wieso Amazon reich ist und Elastic oder HashiCorp im Vergleich eher nicht.\nAuf eine Weise ist es auch der Grund warum viele deutsche Betriebe dem modernen DevOps Hipster skeptisch gegenüber stehen. Man spürt, daß es mit dem Entwickeln, Day 1 Installation und Inbetriebnahme nicht getan ist. Zugleich scheitert man an der Transferleistung, die Schaffung von Betriebsprozessen, die aus der eigenen Produktion wohlbekannt ist, auf die IT auszudehnen und methodisch umzusetzen.\nDie Hälfte des Problems ist dabei das Unterschätzen der Schwierigkeit bzw fehlendes ernst nehmen der Aufgabenstellung.\nAWS bringt Struktur Der \u0026ldquo;Wert\u0026rdquo; von Amazon besteht darin, dem Betrieb genau messbare Kosten und harte betriebliche Einschränkungen zu geben, um die sich eine Firma nun auf einmal gezwungenermaßen herum organisieren muss, während sie vorher unkontrolliert Druck auf interne Betriebsteams ausgeübt hat.\nGrenzen und Kosten, die vorher nicht fassbar waren, werden nun greifbar. Firmen sind gezwungen, sich damit ernsthaft zu befassen. Insofern ist Cloud eine gute Sache, weil sie Läden ins Meta zwingt.\nWie teuer ist \u0026ldquo;ein Admin-Team\u0026rdquo;? So teuer wie Deine AWS Rechnung hoch wäre, und die ist in den meisten Läden dreimal bis fünfmal höher als ursprünglich gedacht. Das ist das Ausmaß des Understaffing in Operations in den meisten Firmen.\nFragen und Antworten Aber Admins haben doch immer schon Code geschrieben Jens Finkhäuser\nHeute Programmentwicklung, damals Perl. Was hat sich jetzt genau geändert?\nEs gibt Perl und es gibt SysAdmin Perl. Das ist im Grunde die Diskussion aus Using Python to bash .\nAnerkennung? Tobias Fiebig:\nIch kann dir da nur zustimmen. Ich denke, dass grad das end-to-end understanding verloren geht. Und das ist halt über kurz oder lang gefährlich. Denn ohne end-to-end understanding APIs nutzen geht wohl. Aber Bauen eher nicht.\nDas ist ein anderes, auch wichtiges Thema. Ein Ex-Arbeitgeber von mir war in 2018 durchaus in der Lage, 3 RZ mit 50k Maschinen voll automatisiert zu betreiben und zu vernetzen. Dieselbe Firma in 2023 ist dazu definitiv nicht mehr in der Lage, weil nach der Ankündigung des Cloud-Move und den Änderungen im Management viele Leute weggegangen sind, weil sie keine Zukunft mehr für sich gesehen haben. Und weil Leute, die so etwas betreiben können, auch zunehmend schwieriger zu bekommen sind.\nKubernetes ist zu fett? Juliane:\nWobei ich aber auch behaupten würde, dass eine Kubernetes-Landschaft nicht immer die korrekte Lösung ist, und es mutmasslich genug Betriebe gibt, die sowas haben, obwohl sie es besser nicht sollten.\nÜberdimensionierte und dann tendenziell schlecht gepflegte Systeme sind für uns alle auch eine Gefahr.\nDa machst Du ein Fass auf. Das TL;DR ist, daß Du zu große und zu wenige Maschinen hast und daher Technik zum Kleinschneiden von Servern brauchst.\nUnd dann landest Du schnell bei Kubernetes.\nDie letzten Bare metal-Maschinen, mit denen ich gearbeitet habe, sind in etwa das Äquivalent von i3.4xl oder i3.8xl gewesen.\nDa waren zwei $400 CPUs drin , eine oder zwei 2 TB NVME und 10 Gbit Netz, sowie 128 GB in RAM. Das war schon damals nicht mehr kosteneffektiv in dem Sinne, daß man lieber größere Kisten gekauft und klein gesägt hätte.\nDas erzeugt zwei Probleme, eines für kleine Betriebe und eines für alle: Du hast weniger Maschinen und in Folge weniger Racks. Das heißt, ein Ausfall betrifft nicht mehr eine Anwendung, sondern viele oder alle. Der Blast-Radius steigt.\nDa kann man was gegen tun: Sich mit anderen zusammen tun und Anwendungen mischen. Wenn dann eine Maschine oder ein Rack umfällt, dann betrifft das alle ein wenig, aber niemanden groß. Das ist die Idee hinter Cloud – große shared Infrastruktur, und Du belegst auf vielen Maschinen ein Fitzel statt auf einer Maschine alles.\nUnd das zweite Problem: Du hast jetzt viel mehr Komplexität, weil Du nicht nur Deine Anwendungen managen mußt, sondern auch die enorm aufwendige Abstraktion darunter: Openstack oder Kubernetes. Mit verteiltem Compute und Isolation von Anwendungen, verteiltem Storage und dessen Komplexitäten und mit einer Menge Netz. Oder Du kaufst das fertig dazu von jemandem, der das für Dich betreibt – wieder landest Du in einer Cloud.\nWas Du nicht mehr tun kannst: Anwendungen lokal auf Rechnern betreiben, eine Anwendung pro Rechner. Das geht deswegen nicht, weil Du keine Kisten mehr bekommst, die so klein sind, daß Du sie mit einer Anwendung voll bekommst.\nDu wirst Dich also gezwungenermaßen mit solchen Dingen auseinandersetzen müssen, oder jemanden dazu nehmen müssen, der das für Dich tut.\nOpenstack oder Kubernetes (oder das Äquivalent in einer Public Cloud) bringen eine Menge Komplexität mit, aber es sind Standardprodukte, für die Du Leute finden und einstellen kannst. Mit etwas Kleinerem, das nur die für Dich notwendigen Optionen hat, kannst Du das nicht, weil es kein Standardprodukt ist.\nDie Behauptung ist, daß eine Reihe von finanziellen, strukturellen und demografischen Faktoren Dich als Unternehmen zwingen, so viel als möglich in eine Cloud zu verlagern. Das kann eine öffentliche Cloud oder eine private sein, aber Du kommst da nicht dran vorbei.\nStandardprodukte helfen Thilo Fromm:\nKris spricht im zweiten Toot des Threads an, dass das Ziel Prozesse und SLAs sind. Dafür muss man über technologische Notwendigkeiten (wie z.B. effizienten Betrieb) hinausgehen. Die Erlernbarkeit und die Bekanntheit, die Verbreitung der eingesetzten Technologie und des Ökosystems zählen hier ebenso, wie die Verfügbarkeit von Schulungen, Zertifizierungen, usw. Das schafft enorme Erleichterung auf der Management-Ebene.\nDu tauschst also Performance gegen Betriebssicherheit: Kubernetes macht es Dir im Vergleich zu \u0026ldquo;klassischer\u0026rdquo; Administration mehrerer Rechner (Chef, Ansible, etc. kombiniert mit Fail-Over usw.) deutlich schwerer, Dir in den eigenen Fuß zu schießen. Denn es impliziert etablierte Pattern, die oft aus Erfahrungen aus dem \u0026ldquo;klassischen\u0026rdquo; Betrieb stammen.\nZudem kommt das Ökosystem als Komplettpaket mit einer großen Entwickler- und Nutzer-Community, was das Staffing erleichtert.\nDie Lernkurve bei der Übernahme bestehender Systeme ist niedriger als bei handgestrickten Lösungen, und standardisierte Zertifizierungen erleichtern Dir das Anstellen neuer Mitarbeiter. Dafür bezahlst Du dann mit Rechenressourcen, aber das ist für viele Betreiber eben der weitaus geringere Kostenfaktor.\nIch vergleiche Kubernetes und die (oft subjektive) Skepsis, die dem entgegenschlägt, gern mit der steigenden Popularität von Java in der Applikationsentwicklung vor ~20 Jahren.\nJava löst auch kein allein technisches Problem - Objektorientierung gab es schon vorher, portable Software und managed code auch. Es kommt mit Infrastruktur und einem Ökosystem, das über die reine Applikationsentwicklung hinaus geht:\nDu konntest mit Java einen arbeitslosen Physiker von der Straße holen, durch ein paar Kurse schleusen, und nach ein paar Monaten war der produktiv. Das ging davor nicht. Die ermöglichte Applikationsentwicklung in Firmen und Organisationen, die vorher dazu nicht in der Lage waren. So ist das mit Kubernetes in der Infrastrukturautomatisierung.\nNatürlich gibt es dadurch nun Randfälle, die aufgrund des niederschwelligen Einstiegslevels komplett neben der Spur laufen. Aber sich allein auf diese Totalausfälle zu konzentrieren \u0026ndash; oder zu ignorieren, dass Kubernetes ein weitgehend nicht-technisches Problem löst \u0026ndash; verfehlt meiner Meinung nach den Punkt.\nKubernetes ist nicht komplex, das Problem ist es Sören entgegnet:\nder Vergleich hinkt, finde ich. Die Kritik an Kubernetes ist nicht, dass es kein Fortschritt ist. Das ist es in einigen Szenarien.\nDie Kritik ist, dass du dir eine komplexe Architektur an Containern aufbaust, die du häufig auch mit weniger Wartungsaufwand und weniger laufenden Infrastrukturkosten auf einem physischen System hinbekommen hättest. Klar, die sind jetzt individuell skalierbarer, aber damit löst du ein häufig rein hypothetisches Problem.\nAls Antwort und Ergänzung zu Thilo Fromm:\nKubernetes löst einen Satz spezifische Probleme, und die Komplexität kommt aus den Problemen und nicht aus den Lösungen.\nDu willst eine sehr große Kiste in benutzbare Häppchen klein schneiden. Das kannst Du mit Virtualisierung (Openstack) oder mit Containern (K8s) machen, aber für den Outcome ist es hinsichtlich der Komplexität egal.\nDas Erste zu lösende Problem ist die Installation von Anwendungen und deren rückstandsfreie Entfernung. Du bekommst Images:\nWenn Du die nicht hast, mußt Du gezwungenermaßen einen 250k Files, 10 GB Size großen Linux-Tree an die Stelle kopieren, wo Deine Anwendung sitzt, zusammen mit den Binaries, Configdateien und Daten der Anwendung. Das dauert lange.\nWenn Du ein Image oder eine Sequenz von Images (\u0026ldquo;Docker Layers\u0026rdquo;) hast, kannst Du die mit Disk Speed (400 MB/s) an Ort und Stelle kopieren und hast einen Loop Mount.\nDas eskaliert schnell:\nroot@server:~# df -Th | wc -l 71 Die Images willst Du irgendwo zentral bereithalten und abrufen können, also hast Du eine oder zwei Registries. Ob die nun Glance, Docker-Registry oder Artifactory heißen ist am Ende egal.\nDein Image läuft nun auf diesem Host oder jenem, wo gerade Platz ist. Das zieht weitere Dinge nach sich:\nWo kommt der Storage her? Entweder lokal, dann hast Du eine Scheduling-Constraint und Du kannst nur noch hier laufen und nicht mehr dort, oder aus dem Netz. Oder Du hast einen Filer, iSCSI oder NVMEoF, und Volume Management. Das kann Cinder heißen, oder CSI mit PVC/PV, auch das ist am Ende egal. Du brauchst jedenfalls was, das Volumes durch Dein Netz an die Anwendung kabelt, egal wo die ist.\nUnd apropos \u0026ldquo;egal wo die ist\u0026rdquo;, wie kommen Nutzer an die Anwendung, wenn die Anwendung im Cluster mobil ist?\nDu brauchst Netz, einen Network Entry-Point (einen Load-Balancer oder so was), eine Backend-Erkennung, und eine Methode eine feste externe IP an einen Endpoint zu kabeln, auch wenn der Endpoint im Cluster mobil ist. Das endet im Fall Openstack mit einem SDN, und im Fall K8s mit einem SDN, einem Service Mesh oder beidem, weil manche Leute Hosenträger und Gürtel wollen.\nIn jedem Fall hast Du eine komplett neue Anforderungsliste für das Netz und das Netzwerk-Debugging an der Backe, einfach dadurch, daß Du Images irgendwo im Cluster haben und debuggen können mußt. So weit, so billig. Das hat ja auch was Gutes.\nWir gewinnen nun die Möglichkeit, die Ausführungsumgebung einer Anwendung maschinenlesbar zu beschreiben, und nach dieser Beschreibung zu bauen – das ist Infrastructure as Code (IaC).\nWir gewinnen dadurch auch ein Manifest der Anwendung und ihrer Dependencies, weil das ja für das Bauen vom Image Voraussetzung ist. Das macht Compliance re CVEs, Lizenzen und Dependencies viel einfacher.\nWie bekommen aber auch einen kompletten Methodenwechsel beim Debugging und beim Monitoring:\nJede Form von Introspektion vor Openstack und K8s war hostbasiert. Maschinen schrieben Logs in Files, und Entwickler loggten sich auf Kisten ein, lasen die Logfiles oder starteten einen Debugger, der sich an die Anwendung attached, und dann kann man in den laufenden Code gucken.\nWenn die Anwendung irgendwo im Cluster läuft, das in n+2 Kopien tut - dann geht das nicht mehr. Du bekommst Prometheus und Metriken mit Dutzenden von Tags, Honeycomb/Open Telemetry und viele andere Dinge nur, weil Entwickler das so nicht mehr tun können, denn die Anwendung läuft halt x-mal und irgendwo und ggf laufend woanders.\nDas heißt, das Handwerk der Softwareentwicklung wechselt einmal komplett die Methodik.\nAber auch wie wir über Anwendungen denken ändert sich:\nUm Images zu bauen brauchen wir eine Bauanleitung, die beschreibt, was da rein geht – ein Manifest, das die Anwendung und ihre Komponenten (neue und fertig eingebundenen, also Dependencies) beschreibt. Dazu die Privilegien, die die Anwendung braucht.\nDas alles wird einfacher, wenn wir Mutability vermeiden oder isolieren, also State in Datenbanken oder S3 Buckets oder anderen Sammelstellen konzentrieren. Auch das Deployment wird so einfacher. Wir bekommen Struktur.\nDazu kommen Dienste, die die Infrastruktur jetzt wegen dieser festen Regeln, und wegen ihrer eigenen Konstruktion bereitstellen und garantieren kann:\nDer Cluster wird gesteuert. Dazu gibt es eine Controlplane, und die weiß, was wo läuft und wem es gehört. Wir bekommen also vom Cluster garantierte Identitäten und das Management dazu.\nIch weiß, daß die Gegenstelle auf meinem Port 8080 der Dienst x für den User z ist, denn die Controlplane kann es mir garantieren oder mir sagen. Und weil jede Kommunikation im Cluster von der Controlplane gesteuert und erlaubt wird, ist diese Auskunft so verbindlich wie die Sicherheitsstruktur und Isolation des Clusters selbst.\nIch bekomme also eine vollkommen neue Dimension von Verlässlichkeit und Identität, die ich so auf dedizierten Bare-Metal Maschinen in der Regel nicht habe.\nMit einem Mesh kann ich sogar den Code dazu weglassen, denn Verschlüsselung, Metriken sammeln, Finden von Endpoints, Backoff und viele andere Dinge passieren automatisch und standardisiert im Mesh, sodaß ich das in meine Anwendung nicht rein codieren muss.\nIch mache einfach ein GET auf localhost:3081 und das \u0026ldquo;Richtige\u0026rdquo; passiert.\nNichts davon ist sinnlose Komplexität oder \u0026ldquo;nur deswegen da, weil ein paar Hipster es cool fanden\u0026rdquo;, sondern es kommt als logische Folge der Eskalation, die in Gang gesetzt wird, wenn ich Hardware klein schneiden und effizient nutzen will.\nUnd all das wirst Du duplizieren oder sogar in V1 dupliziert haben müssen, wenn Du selbst Clustern willst. Nur daß Du K8s-Leute direkt einstellen kannst, die für Deinen selbst gekochten Cluster nicht.\nVersteckt das nicht Kosten? Nils Goroll:\nNur, dass das neue Admin-Team, das jetzt \u0026ldquo;Devops\u0026rdquo; heisst, trotzdem noch obendrauf kommt. Oder halt die Leute, die devopsen, auch wenn sie nicht mehr Team heissen dürfen.\nJa. Nein. Es ist kompliziert.\nGroße Teile an Standard-Aufgaben werden auf die eine oder andere Weise an das Fachteam oder an AWS outgesourct. Davon ist es nicht notwendigerweise weniger Arbeit, aber sie ist jetzt teilweise unsichtbar. Du weißt halt nicht mehr, wie viele Stunden DBA KTLO sind, wenn jedes Fachteam sich selbst mit RDS Daten- und Schema-Migrationen rumschlagen muss.\nAndererseits wirst Du sicher eine Gruppe von Menschen brauchen, die sich auf Cloud-Infrastruktur, deren Design, Betriebs- und Sicherheitsarchitektur, Abrechnung und Kostenkontrolle und derlei Dinge kümmert. Und das sind nicht notwendigerweise weniger Menschen als Du vorher für Bare-Metal daheim eingeplant hattest.\nUnd schließlich ist es kompliziert, weil Du durch eine Cloud mit IAM, einer Controlplane und Services eventuell Dinge gewinnst. Nicht geldmäßig, denn Cloud ist immer 3-5x teurer als was immer Du vorher hattest.\nAber eventuell bekommst Du durch die harte administrative Grenze und den Zwang zur Kostenkontrolle als Organisation eine Motivation, Deine betrieblichen Abläufe besser zu dokumentieren, strukturieren und in Beziehung zu den betriebsWIRTSCHAFTLICHEN Abläufen zu setzen.\nAlso \u0026ldquo;Was tun wir hier eigentlich und was davon dient dem Geld verdienen\u0026rdquo;? Viele Unternehmen scheuen enorm vor diesen Fragen zurück.\n","date":"2023-08-28T00:00:00Z","href":"https://blog.koehntopp.info/2023/08/28/der-admin-beruf.html","tags":["lang_de","devops","computer"],"title":"Der Admin-Beruf"},{"categories":null,"content":"This is about the third story I hear about a Fedi instance losing all their data because of a CI/CD mistake.\nLily Cohen (@lily@firefish.social) has bad news. Hugops, but also the usual grizzled old sysadmin advice:\nNever say backup. Always say restore. This changes your mind. A backup is a cost center. It has no value, it has only cost. Only a restore has a proven value, and comes with knowledge:\nYou know you actually can restore, the backup was complete and does connect. You know how long the restore took, so you know the time to restore when asked. Not an estimate. The actual time. You know the restore procedure. Restore every backup all the time, then throw the recovered instance away. Keep the metrics, keep the backup.\nThere is no such thing as immutable, statelessness or whatever. Parts of your setup may be stateless deployments with immutable images. That is, because you collected all system state and put it into one or two selected locations. You can redeploy everything but these selected locations.\nIf you drop them, if you make a config mistake, these things are gone gone. They cannot be redeployed unless you have taken measures to do so. See above, item 1.\nDevops is easy except for the stateful parts. That is why the storage people and the database people all look down on you hipster devops people and make condescending remarks. 🙂 Yah, ok, they are nicer than you probably think they are, but they do have a completely different outlook on operations.\nListen and learn. Also, restore test.\nAlso, ArgoCD: No prune resources and Kubernetes PV Reclaim Policy \u0026ldquo;Retain, not Delete.\u0026rdquo;\nThere are people who have taken steps to prevent their CI/CD from messing with EBS volumes, S3 buckets or K8s Persistent Volumes, and there are people who will lose data in the future.\nDon\u0026rsquo;t be in the second group.\n\u0026ldquo;Nobody wants backup. Everybody wants restore.\u0026rdquo; \u0026ndash; Martin Seeger\nSee also Gitlab Data Loss .\n","date":"2023-08-23T00:00:00Z","href":"https://blog.koehntopp.info/2023/08/23/dont-say-backup-say-restore.html","tags":["lang_en","devops","data center"],"title":"Don't say Backup, say Restore"},{"categories":null,"content":"On git commit, git invokes an editor (by default: vi) and allows you to edit a commit message. If the editor exits with status code 0, the commit message is accepted and used. If the editor exists with status code \u0026gt;0, this is an error and the commit is aborted. The commit message is lost.\nOn MacOS, calling /usr/bin/vi, the editor shipped with the OS, starts vim 9.0.1424 in vi mode. In this mode, if you enter an illegal editor command such as :W, the editor will exit with status 1. This will happen even when you enter a legal editor command afterwards. So\n:W keks :w keks :q will\nkk:~ kris$ vi kk:~ kris$ echo $? 1 This does not happen if the same editor is called as vim. This does not happen on Ubuntu 22.04, which as vim 8.2.4919 installed – it will exit 0 as vi or vim. This suggests that this behavior of vim 9, when called as \u0026ldquo;vi\u0026rdquo; in compatibility mode, is an \u0026ldquo;improvement\u0026rdquo; that has been added on purpose. I wonder if that is really the case.\nIn vim, the command :\u0026lt;status\u0026gt;cq to force an exit status.\n:1cq kk:~ kris $ echo $? 1 You can also :0cq to force a zero. This also works in compatibility mode. You can, of course, also\n$ git config --global core.editor \u0026#34;vim\u0026#34; ","date":"2023-08-17T00:00:00Z","href":"https://blog.koehntopp.info/2023/08/17/macos-vim-git-and-exit.html","tags":["lang_en","apple","unix"],"title":"MacOS, vim, git and exit..."},{"categories":null,"content":"Hier ist ein T-Shirt/Tragetasche Unikat mit einem selbst gemachten Slogan.\nEine Tasche mit Aufdruck, via Mastodon .\nSchon vor vielen Jahren, in Kiel und Karlsruhe, habe ich angefangen, meine T-Shirts drucken zu lassen. Darauf waren selbstgemachte Slogans oder Grafiken, oder welche, die ich hemmungslos geklaut und verfremdet habe. Auch heute ist das noch so. Jeder kann das, es ist gar nicht schwer.\nMan braucht eine Quelle für T-Shirts in Größen, Qualitäten und Farben, die Euch zusagen. Dazu einen Textslogan oder eine Grafik-Vorlage.\nPNG Bei den Grafiken ist ein PNG mit transparentem Hintergrund von 1000+ Pixel entlang der längeren Kante vollauf ausreichend. Ein SVG ist manchmal möglich, aber nicht notwendig und als direkte Druckvorlage oft nicht hilfreich. Das ist so, weil das SVG die verwendeten Zeichensätze und Grafiken nicht unbedingt direkt enthält, und das SVG dann beim Dienstleister anders dargestellt wird als bei Euch.\nAuch JPG ist nicht hilfreich, weil es nicht transparent sein kann. Dann wird beim Druck die Hintergrundfarbe auf den Stoff gedruckt, wenn man das gar nicht möchte, und man bekommt eine 30 cmx20 cm Plastikplatte auf der Brust statt weicher, atmungsaktiver Baumwolle.\n1000 Pixel bei 72 dpi sind 30+ cm, vollauf formatfüllend auch bei breiter Brust oder großen Brüsten.\nDienstleister Ihr braucht außerdem einen \u0026ldquo;Copyshop\u0026rdquo; auf dem Pro-Level, also einen Grafikdienstleister, der so was kann. In Kiel habe ich im Knooper Weg gegenüber der Humboldt-Schule gewohnt und ein wenig nach Norden rauf zur damaligen Fachhochschule war an der Ecke ein Druckladen, der so etwas konnte und auch 3XL Shirts in Qualitäten hatte, die angenehm waren. (EDIT: Jetzt am Exer )\nHier in Haarlem habe ich ebenfalls mehrere solche Shops (Tinto et al), und es gibt natürlich immer spreadshirt.nl und spreadshirt.de, wenn man nicht nach draußen gehen mag.\nDruck Der Druck kann auf die vordere oder hintere T-Shirt-Seite oder auf die Ärmel. Jede Stelle, die bedruckt wird, kostet extra – ein doppelseitiges Shirt also deutlich mehr als ein einseitiges.\nDruck von Bildmotiven und mit Farben ist weniger Haltbar, als Schrift mit dem Einbaufont des Dienstleisters (also Text mit einem Font von der Maschine, statt Text als Grafik von Euch als PNG), und binnen 2-3 Jahren regelmäßigen Tragens wird sich die Grafik ablösen.\nStrichdicke spielt eine Rolle. Ein T-Shirt ist kein Skizzenblock\nEin mehrere Jahre altes Elite Retro-T-Shirt. Die Schrift hat sich gut gehalten, die feine Grafik vom Raumschiff nicht.\nNerdläden in den USA Wie dem auch sei: Es ist viel einfacher, schneller und ökonomisch und ökologisch vorteilhaft, solche T-Shirts lokal fertigen zu lassen, als sie von irgendeinem US-Dienstleister per Luftfracht zu Euch schicken zu lassen. Man braucht das PNG und einen lokalen Laden und kein Shirt. Manche Dienstleister nehmen auch AI oder PSD, weniger SVG oder PDF.\nEs ist wirklich am einfachsten mit einem moderat aufgelöstem PNG. PSD, AI, SVG und PDF müssen gerendert werden, und dann fehlen Fonts oder so was. PNG sieht genau so aus wie man das will.\nQualitäten Und schließlich:\nStoffe Qualitäten Andere Quelle Auflösungen Hier ein Motiv 835 px hoch, und sein Druck, ca. 11 cm hoch.\nMan kann sehen, daß man sich mit der Auflösung ziemlich entspannen kann.\nHier ein anderes Motiv (1629px breit) und sein Druck:\nDie Druckvorlage ist eine Reproduktion: Ich habe vor einigen Jahren ein Barbie \u0026amp; Dragons T-Shirt geschenkt bekommen, aber hatte keine Vorlage. Im Jahr von Barbie-Film und Baldur\u0026rsquo;s Gate 3 mußte ich das in frisch haben, also hab ich mir das selbst neu gemacht.\n","date":"2023-08-17T00:00:00Z","href":"https://blog.koehntopp.info/2023/08/17/t-shirts-selbst-designen.html","tags":["lang_de","erklaerbaer","fluffy fluff"],"title":"T-Shirts selbst designen"},{"categories":null,"content":"(based on a series of posts on Mastodon)\nI got an electric car I made the driving license late in life, in 1998 at the age of 30. My first car was a BMW 316i Coupe, used, 9000 Euro. I drove this until 2007. When I moved to Berlin, I found driving in the city inconvenient, and consequently used public transport. Eventually the battery of the car died from standing around, and I sold it.\nIn 2010, I became a father, and we bought a new car, a Renault Scénic Grande 7-seater. This is a car made from cupholders and small compartments, and it served its function of \u0026ldquo;Moving the family around, including Grandma\u0026rdquo; quite well. Nothing Renault makes lasts longer than 15 years, though, and so the thing was showing signs of age.\nAlso, the City of Amsterdam changes the rules of how to get into the city, and the old Scenic soon would be unable to get into the city. So, an electric car was needed.\nI tried to like the BYD Dolphin, but that car comes only with seats where the headrest is fixed and cannot be adjusted. At my size, that means the headrest sits somewhere at my lower shoulder blades. I asked for advice, and the BYD salesperson just pointed at the BYD Tank, a monstrous SUV. That had adjustable headrests for sure, but you wouldn\u0026rsquo;t want to drive such a thing inside Amsterdam\u0026rsquo;s city limits.\nSo Renault again, this time a Megane e-tech, with a 60 kWh battery, and some 16 kWh/100 km energy use. Also, apparently some 160 kW engine (peak power), which really is a 55 kW engine (sustained power).\nThese are weird units for energy and power for most people.\nWhat do they even mean and how can we imagine them?\nEverything in kWh Back in the day, we had incandescent light bulbs, and the standard thing everybody my age can imagine is the 100 W bulb. It was as bright as a modern 14W LED light today. Running the 100 W lamp for one hour uses 100 Wh of energy, running it for 10 hours is 1000 Wh, or 1 kWh.\nA 100 W incandescent bulk, as shown in Wikipedia .\nWatts are power (\u0026ldquo;Leistung\u0026rdquo; in German), and Watt-Hours are energy (\u0026ldquo;Energie,\u0026rdquo; \u0026ldquo;Arbeit\u0026rdquo; in German. \u0026ldquo;Leistung ist Arbeit pro Zeit\u0026rdquo; as my math teacher used to say to people who did not complete their test in time).\nSolar Energy The sun shining on Germany on a bright day delivers 1 kW per m^2, so 1 h of sunshine is an irradiation of 1 kWh/qm. Solar cells currently have an efficiency of 20%, so 1000 W of irradiation become 200 W of electricity, the other 800 W become heat or are reflected.\nSuch a 1 m^2 solar array would have an installed peak capacity of 200 Wp (\u0026ldquo;Watt peak,\u0026rdquo; or \u0026ldquo;Nennleistung\u0026rdquo; in German). Five of those would deliver 1 kWp, and produce around 950 kWh of energy per year, under optimal conditions.\nIn fact, 46 m^2 of my roof are covered in solar panels. That\u0026rsquo;s 9250 Wp , which under this formula should produce up to 8780 kWh/year.\nThey did, in fact, deliver 8000-ish kWh/year, from June 2022 to June 2023. To compare, we used 5500 kWh of electricity in the year before we got the Solar panels.\nFuels and Energy When I was little, a car\u0026rsquo;s power was given in HP (Horsepower). Today we use kW, but many people will still list HP in parentheses for old people\u0026rsquo;s convenience.\n1000 W are ~1 ⅓ HP, or 1 HP are ~750 W. Drive that for one hour, and you have used 1 kWh.\nConveniently, the energy content of many fuels is almost decimal.\nFuel kWh 1l Diesel 9.7 kWh, ~10 kWh 1l Benzine 8.5 kWh 1 m^3 Natural Gas 10-12 kWh, ~10 kWh Almost metric: 1 m^3 of Gas or 1 l of Diesel each has an energy content of 10 kWh.\nSo if your old Scenic Diesel uses 6.7l Diesel on 100 km, it has used around 66 kWh of energy. A combustion engine car is around 33% efficient.\nSo of these 66 kWh, around 22 kWh have been used to drive the distance. The rest is waste heat.\nThe new Megane uses 16 kWh for 100 km, so that is the energetic equivalent of 1.8l Benzine or 1.6l Diesel. Times three, to account for combustion engine losses.\nOther energy units Calories (actually kilocalories, kcal) are known to many people as units for energy content of food. A kilo of body fat is 7700 kcal, and that\u0026rsquo;s 8.9 kWh. So 11.2 kilos of dad bod are 100 kWh. Take that, Tesla.\nThis is not theoretical energy at all, as S4E8 Mythbusters: Salami Rocket has demonstrated.\nA bar of Milka chocolate has around 0.6 kWh. So charging a 60 kWh car battery is around 100 Milka bars of energy content.\nIf you are driving a Diesel at 6l/100 km, you burn 60 kWh of energy content, or around one bar of Milka per Kilometer. Things become very conveniently convertible if everything is kW and kWh.\nBergfreunde has a human activity energy calculator, which covers anything from Walking to Sex. 8h of walking for a fat old man will burn 3350 kcal, or 3.9 kWh. Assuming 6 km/h, we will burn 8.1 kWh/100 km. That is less than the Megane, but more than the Carver. And a lot more than biking.\nLong Distance driving and charging If you run your electric vehicle for long distances, you will observe that the last 20% of charge, from 80% to 100%, take longer than the rest. That is because batteries take energy quickly as long as they are empty, and the final 20% charge particularly slowly.\nMost people do not wait for a full charge, but charge to 80%-ish and then continue to drive. They also won\u0026rsquo;t drive the car down to 0%.\nSo at an energy use of 16-20 kWh/100 km at a speed of 100 km/h, you will be driving for about 2-2.5 hours until the battery runs empty. Then the car will need to charge, and because you are on the Autoahn, you\u0026rsquo;ll be using a fast charger. That will bring the car to 80% in around 30 minutes, sufficient to pee and get a coffee.\nThis is the rhythm of the electric long distance drive:\nStart SoC End SoC Time Energy Stored 29 % 80% 32 min 30.20 kWh 9% 80% 37 min 42.15 kWh Carging at a DC fast charger on the Autobahn.\nAt home, and charging 11 KW charge point as it is installed in public spaces all over the country in the Netherlands (Wikipedia ).\nAt home, you won\u0026rsquo;t be using a DC fast charger, but will be using an AC 11 kW charger. On this, the car goes from 31% to 80% in 3h:10m. A 22 kW charger would be twice as fast, but likely pointless.\nAn 11 kW charger is always sufficiently fast to charge up completely in reasonable time. And if not, sufficient to get to a SoC where you can drive to the Autobahn safely, and then use a DC fast charger to charge up really fast.\nDriving, Accelerating and Braking When you are driving a constant speed on a flat surface, you are using the exact amount of energy needed to counteract wind resistance. So if your car\u0026rsquo;s display reads \u0026ldquo;16 kW current energy use\u0026rdquo;, you are using 16 kW/21 HP to keep the current speed. That is about as much as the engine power of an old 1978 Renault 4 (or a Citroen 2CV).\nThe Megane has a more powerful engine, but only to accelerate nicely, and then it will even reach the catalog power of \u0026ldquo;160 kW\u0026rdquo; \u0026ndash; for a short time.\nWell, the Megane also has a more powerful engine for better recuperation, using the engine to convert kinetic energy back to electricity, and storing it back into the battery. The limit for that is 60 kW, \u0026ldquo;accidentally\u0026rdquo; close to the sustained power of the engine.\nThis is also a good case for a speed limit in the only country in Europa that has none: In the Netherlands there is a 100 km/h speed limit (at night sometimes 120 km/h), and that leads to extremely equalized car speeds on the Autobahn.\nYou basically turn on cruise control, set it to 100 and are done with it.\nIn Germany, you might set the Megane to 120 km/h, turn on as many assistance systems as possible and switch mentally into Fuck-You mode, but you will still have to accelerate and decelerate more, because speeds on the German Autobahn vary a lot.\nNot only does this make driving dangerous, it also eats into your range without providing better average speeds.\nSustained and Peak Power The Megane is sold with a peak power of 160 kW, but the motor has a sustained power of only 55 kW. You run it at even less, 16 kW, unless you accelerate.\nAir resistance is growing with larger speed, and the sustained power of the motor basically defines the cars top speed. But of course, this will also draw from the battery accordingly, so you will run out of energy faster, and need to charge earlier.\nAt 160 km/h, you will draw 55 kW, and will run out of power after 1 h.\nIt is typical for electric motors to overdrive them. For example, an electric locomotive rated at 4000 kW is routinely driven at 6000 kW on initial acceleration, until it hits the thermal limit, I have been told.\nAlso, the energy use of trains is incredibly low. A Stadler Flirt uses around 330 kWh/100 km. That\u0026rsquo;s the energy content of 30l Diesel, for a train of 60m length and 180 seats (around 300-350 people in commuter mode). Or in other words, 5 times the energy use of a Diesel car, so if 6 seats are occupied, it breaks even with a car (at an average occupancy of 1.2 people/car).\nA Flirt has drawn 1408 kWh from the overhead line, and recuperated 748 kWh, for a net energy use of 660 kWh. At the Konstanz-Stuttgart Line (200 km), this equals 330 kWh/100 km, or around 39l of Benzine (or 34l of Diesel) in energy content.\nTL;DR We can convert all kinds of energy into kWh, and use this to compare energy production and consumption. This is convenient, because typical fuels happen to align somewhat with the metric system: 1 l of Diesel or 1 m^3 of Natural Gas both have each 10 kWh of energy content. For fun, we can also do this with Milka Chocolate bars (0.6 kWh stored energy content) or with Pizza (around 1 kWh per Europizza).\nWe can do the same thing with power, and kW, and since power times time is energy, we can also easily convert energy draw over time into battery depletion, and plan trips.\nGetting fluent with units and conversions helps us to develop a feel for range, speed, energy and cost.\n","date":"2023-08-13T00:00:00Z","href":"https://blog.koehntopp.info/2023/08/13/electric-cars-and-numbers.html","tags":["lang_en","energy"],"title":"Electric Cars and Numbers"},{"categories":null,"content":"Das Statistische Bundesamt hat in Bevölkerungspyramide eine der coolsten Bevölkerungspyramiden, ever.\nDestatis Bevölkerungspyramide Per Default sehr ihr Deutschland im Jahre 2022: 20 % Rentner, 19 % Jugendliche, 62 % Erwerbstätige. Ihr könnt in dem Ding rumklicken, zum Beispiel Euer Geburtsjahr suchen und dann sehen, wie viele Leute aus dem Jahr noch leben. Man kann die Sprache umschalten, links oben ist ein Schalter für Englisch.\nIndem ihr den Jahresregler verschiebt, seht ihr Bevölkerungspyramiden der Vergangenheit, oder eine simulierte Zukunft. Die Simulationsparameter kann man rechts oben einstellen und darunter ablesen, was sie bedeuten.\nLegende und Erklärungen.\nAuch die Altersgruppen kann man umstellen, etwa das Rentenalter hochdrehen. Die Farbschattierungen sind Männer/Frauenüberschuß: 1.06 Männer pro 1 Frau bei der Geburt, aber Frauen leben länger. Die Parameter sind Geburtenraten von 1.44, 1.55 und 1.67 (alle niedriger als für Reproduktion notwendig, aber 2.05 ist unrealistisch für Deutschland). Die Parameter für Lebenserwartung sind 82/86, 84/88, 86/90. Die Parameter für Zuwanderung sind 180k, 290k und 400k pA.\nDeutschland 2070.\nWir sagen \u0026ldquo;Bevölkerungspyramide\u0026rdquo;, aber das ist nur in agrarischen Gesellschaften mit hoher Reproduktion und hoher Sterblichkeit korrekt. In Deutschland müßte man Bevölkerungsdönerspieß sagen.\n","date":"2023-08-10T00:00:00Z","href":"https://blog.koehntopp.info/2023/08/10/deutschland-der-zukunft.html","tags":["lang_de","erklaerbaer"],"title":"Deutschland der Zukunft"},{"categories":null,"content":"Früher hatten wir Festplatten. Das ist ein Stapel Glasplatten, die mit Eisenoxid beschichtet sind, gleichmäßig schnell rotieren und auf dem wir mit einem Kamm voller Schreib-Lese-Köpfe Teile magnetisieren oder die Magnetspuren auslesen. Platten hatten CHS-Adressen für Sektoren, also Cylinder (drinnen, weiter draußen), Head (Scheibe) und Sektor (also welches Stück Scheibe). Diese CHS-Adressen waren für das Betriebssystem sichtbar und das hat damit optimiert.\nPlatten wurden dann schnell kompliziert. Der Radius einer Spur auf einer drehenden Platte wächst, wenn man die Köpfe nach draußen schiebt. Also passen draußen mehr Sektoren darauf.\nDas bedeutet aber, daß das ganze CHS-System so nicht mehr funktioniert, außer das OS kennt die spezielle und variable Geometrie der Platte. Stattdessen hat die Platte einen eigenen Computer, den Controller, die Elektronik an der Unterseite der Platte. Der kennt die Geometrie. Das OS nicht.\nFür das OS ist die Platte nun sehr viel einfacher: ein Array aus Sektoren. Diese auf die wie auch immer geartete Plattengeometrie abzubilden ist Sache des Controllers, der physisch mit der Platte verbunden ist.\nWir bekommen \u0026ldquo;Lineare Block Addressen\u0026rdquo;, LBA. Viele OS kannten am Anfang gar keine LBA. Daher geben Platten eine Fake-Geometrie raus, die aufgeht und darstellbar ist \u0026ndash; und unsinnig ist. 255 Cylinders, 63 sectors/track –– von einer SSD.\nroot@server:/run/user/1000# fdisk -l -u=cylinders /dev/sde Disk /dev/sde: 3.64 TiB, 4000787030016 bytes, 7814037168 sectors Disk model: Samsung SSD 860 Geometry: 255 heads, 63 sectors/track, 486401 cylinders Units: cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt Disk identifier: A5C7EF27-A7B1-4E84-AFC8-24FC1DB1C7FB Device Start End Size Type /dev/sde1 1 486402 3.6T Linux LVM Viele Leute hätten gerne, aus was für Gründen auch immer, mehr als eine Festplatte - auch wenn sie nur eine haben. Zum Beispiel um mehr als ein Betriebssystem zu installieren oder um sonst wie Dinge aufzuteilen. Die Lösung war die \u0026ldquo;Partition\u0026rdquo;. Das ist eine Gruppe zusammenhängender Cylinder, die vom System als \u0026ldquo;eine logische Festplatte\u0026rdquo; angesehen werden. Man schließt also sda an, und sieht bis zu 4 Geräte: sda1, sda2, sda3 und sda4.\nAus Gründen, die mit Microsoft und MS-DOS zu tun haben, gingen nur 4 Partitionen – die Partitionstabelle am Anfang der Platte war ein festes Array mit genau 4 Einträgen. Es sind auch immer 4, nur manche sind als unbenutzt markiert und werden dann stillschweigend ignoriert.\nWenn man nun mehr als 4 haben will? Sehr einfach: macht man sich eine \u0026ldquo;Erweiterte Partition\u0026rdquo;, die den ganzen Rest der Platte abdeckt und kann darin dann weitere Partitionen einrichten.\nDas ist dann eine lineare Liste. Die Nummern der logischen Partitionen in der erweiterten Partition fangen immer bei 5 an. Man kann also eine Bootpartition sda1 haben und eine erweiterte Partition sda2, die dann sda5, sda6 und sda7 enthält. Kein normal denkender Mensch will das so, weil das auch nervt: Partitionen müssen ja zusammenhängend sein und auf eine Platte passen. Man kann sie also nur dann erweitern, wenn hinter ihnen freier Platz ist.\nIst da keiner, muss man den ganzen Rest der Platte \u0026ldquo;weiter nach hinten\u0026rdquo; kopieren und dann die Partition der Wahl erweitern. Das kann sehr, sehr weh tun. Was man stattdessen macht:\nMan tut alle seine Platten in einen Sack. Diesen Sack nennen wir Volume Group, VG. Die einzelnen Platten, die Physical Volumes, PVs, schneiden wir in gleich große Scheiben, die Physical Extents, PEs. Die VG ist also ein Sack voll PEs, alle gleich groß, die auf unterschiedlichen Platten liegen.\nMan will so um die 1000 bis 10.000 PEs in seiner VG haben. Dann hantiert man mit Platz in Units von 1 Promille bis 0.1 Promille \u0026ndash; das ist genau genug.\nWir können uns so Logical Volumes, also Laufwerke, zusammenbauen, die ein ganzes Vielfaches eines Extents groß sind und die aus LEs bestehen, Logical Extents. Jedem LE wird mindestens ein PE als Backing Storage zugewiesen, aber da dies über eine Lookup-Tabelle passiert, können die PEs von irgendwoher kommen.\nDas Subsystem in Linux, das das macht, heißt LVM2, der Logical Volume Manager. Er kann noch mehr:\nEs ist möglich, einem LE mehr als ein PE zuzuweisen. Dann hat man ein RAID 1. Es ist möglich, die Blöcke aus zwei PE auf unterschiedlichen PVs zu nehmen und blockweise abwechselnd zu benutzen. Dann hat man ein RAID 0. Mithilfe der Device Mapper Layer, die unterhalb von LVM Dienst tut, kann man so jede Menge absurde Storage Artistik abziehen. Für uns ist wichtig zu verstehen, daß Partitionen in LVM – wegen LVM! – nicht mehr zusammenhängend sein müssen.\nEs ist 2023. Die Leute benutzen noch Devices, Partitionen und LVM, aber niemand benutzt noch Festplatten. Alles ist SSD, eventuell sogar ohne beknacktes SATA-Interface, sondern mit dem Flash direkt auf dem PCIe-Bus. Das ist dann NVME.\nDas ist super, weil das S in SATA für Seriell steht, also auch Zugriffe auf das Gerät serialisiert. Das Gerät hat aber einen Haufen Chips, die man alle parallel anblasen könnte, wenn das SSSSSSSATA nicht Zugriffe sssssserialsierte. Also weg damit!\nFlash Storage hat nun noch ein anderes Problem. Flash beschreibt \u0026ldquo;gelöschte\u0026rdquo; Blöcke in Sektoren von 512 Byte oder – neuerdings - 4096 Bytes.\nFlash kann solche Sektoren aber nicht löschen, nur als \u0026ldquo;gelöscht\u0026rdquo; markieren. Die eigentliche Löschung dauert recht lange und passiert in recht großen Erase Segmenten, die viele Sektoren enthalten.\nDaher gibt es einen Hintergrundprozeß, der auf dem Controller läuft und guckt, ob valide Daten umsortiert werden können, sodaß ganze Erase Segmente frei werden.\nDieser Hintergrundprozeß ist die Flash Translation Layer (FTL).\nSie hat eine große Zuordnungstabelle, die die eingehende LBA vom Computer auf eine physikalische Blockadresse im Flash mapped. Und die FTL kann im Hintergrund Blöcke verschieben, umsortieren oder reorganisieren, ohne daß das vorne an der LBA sichtbar wäre. Das hat eine Reihe von Konsequenzen. Eine ist, daß man eine SSD nicht zum Löschen überschreiben kann – die FTL sortiert hinten lustig Kram hin und her und es ist nicht gesagt, dass ein Durchschreiben von LBA 0 nach LBA n alle Daten auf der SSD überschreibt, oder daß Allgemein nichts Lesbares mehr auf der SSD steht.\nDaher gibt es bei vielen SSD eine Hardware Drive Encryption, und zum Löschen des Laufwerkes geben wir der Disk einfach das Kommando, den Key zu vergessen. Damit ist die faktisch gelöscht.\nOder wäre es, könnte man der Implementierung der Hardware Drive Encryption vertrauen . Eventuell ist man mit so was wie LUKS und dem Wegwerfen der LUKS-Schlüssel besser dran als mit der Hardware Verschlüsselung von Drive-Controllern aus Chinesium. Aber in jedem Fall ist man mit einem verschlüsselten Flash Drive besser dran als mit \u0026ldquo;Überschreiben\u0026rdquo;. Oder man etabliert einen Prozess, bei dem jeder Storage in einem Server in unseren RZ dies nur noch durch einen Shredder verlassen kann. Falls man seinen Leuten vertraut, dass sie nicht doch mal ein Drive aus der Schrottkiste mitnehmen.\nEine bemerkenswerte Eigenschaft von Flash sind \u0026ldquo;Seeks\u0026rdquo;, also Datentransfers zwischen nicht physisch aufeinander folgenden Blöcken. Disks schaffen so um die 200 Disk Seeks pro Sekunde, und die tatsächlichen Zeiten variieren auch stark – je Seek, desto Wait. Bei SATA/SAS SSD haben wir circa 20.000 Seeks pro Sekunde und bei NVME bis zu 800.000 davon (weniger, je mehr Bits pro Flash-Zelle).\nWenn Ihr bei der FTL aufgepasst habt, dann wißt ihr, dass aufeinanderfolgende LBA eventuell gar keine aufeinanderfolgenden PBA sind, also im Flash nicht nebeneinander liegen müssen. Das merkt niemand, weil die Seek Zeiten bei Flash uniform sind. Aber Moment mal \u0026hellip;\nWir haben uniforme Seekzeiten und wir haben in der FTL eine Lookup-Tabelle die verdammt ähnlich aussieht wie die Lookup-Tabelle in LVM. Können wir dann nicht auch Nichtzusammenhängende Partitionen in Hardware bekommen? Können wir. Jedenfalls ein paar. Das sind NVME Namespaces, also die \u0026ldquo;nX\u0026rdquo; an Euren /dev/nvme1n1-Devices.\nDie kann man mit dem \u0026ldquo;nvme\u0026rdquo; Kommando einrichten und abreißen und ihnen auch Platz zuweisen. Der liegt dann irgendwo und die FTL weiß, wo genau. Aber zusammenhängend ist das nicht, auch wenn Ihr das nie sehen werdet. NVME Namespaces sind also so eine Art Hardware LVM mit einer limitierten Anzahl Plätzen.\nWie Hardware ist mein Hardware LVM denn? Nun. Mit SR-IOV bekommt jede einer Hardware-Nichtpartitionen auch ein Haufen Fake-PCI-Register, die ich in den Adressraum etwa einer VM mappen könnte, sodaß effektiv jede VM eine \u0026ldquo;Partition\u0026rdquo; meiner NVME als fast echtes PCIe Busdevice sehen kann.\nLeider gerät an dieser Stelle die Implementierung ins Zielfeld, und teilt uns mit, daß das zwar schnell ist, aber leider nicht dicht, und man darauf also nicht unbedingt vertrauen sollte. Aber schön wäre es gewesen!\nWie dem auch sei: Jetzt haben wir dieselbe Idee also\neinmal in einem ARM-Rechner, der am Flash jenseites des PCIe Busses klebt – dem Flash Controller mit der FTL, als NVME Namespaces. Und dann noch einmal eine Ebene höher, diesseits des PCIe, als LVM2 unter dem Filesystem. Und dann noch einmal eine Ebene höher, im Dateisystem, jedenfalls wenn es APFS oder ZFS ist, auf Dateisystem und Datei-Ebene. Dreimal dieselbe Idee, mit einer Lookup-Tabelle, Namespaces und dem Zusammenkleben von Blocks. Außer, wenn man Apple ist. Dann baut man seine Hardware selbst, realisiert den Flashcontroller in denselben Die wie die CPU oder lässt ihn gleich als Teil der CPU laufen, schließlich ist es sowieso ein System-on-a-Chip. Und redet dann mit den Flash-Chips neben der CPU. Die sind eh nur neben dem Die mit der CPU, weil sie dort noch nicht hineinpassen.\nUnd dann kann man diese Ebenen zumindest teilweise integrieren, einige Indirektionen sparen und generell schneller sein. Das setzt aber natürlich voraus, daß man seine Hardware komplett kontrolliert, sodaß die Komponenten aufeinander abgestimmt werden können.\nAußer Apple können das nur zwei Hände voll andere Firmen auf diesem Planeten, und die anderen sind alle Cloudbetreiber, die ihre Hardware oder gar – wie Amazon-Annapurna-ARM – ihre CPUs selbst fertigen können. Dann gehen auf einmal ein Haufen Abkürzungen und man kann so Sachen wie kaputte Hypervisoren und SR-IOV direkt selbst fixen. Und das ist, warum Amazon schöne Dinge haben kann, aber ein \u0026ldquo;Private Cloud\u0026rdquo; Openstack nicht.\nJan schreibt: \u0026ldquo;Was Betriebssysteme noch nicht verstanden haben, ist das es nur noch Memory gibt. In unterschiedlichen Geschwindigkeitsklassen. Und Anbindungen. Lokal, Netzwerk. Das ist der einzige Unterschied. Es gibt nur noch wenige Fälle. Memory ist da oder nicht. Latenz ist close to zero oder nicht deterministisch. Deal with it.\u0026rdquo;\nIn Unix ist ja alles entweder ein File, also persistent, und via open/read/write/seek/tell/close zu bearbeiten. Oder ephemeral, und via malloc zu bekommen.\nSpeicher, so wie ihn Unix kennt, hat keine Eigenschaften (ephemeral, persistent), Granularität (byte, page welcher Größe auch immer), und auch keine Eigner und Zugriffsrechte, sowie keine Verzeichnisdienste. Die Infrastruktur, die ein Dateisystem bereitstellt, ist ja weit mehr als nur die open/read/write/close API.\nEs ist auch der Verzeichnisbaum und die an den Dateien klebenden Zugriffsrechte, Flags, xattr und was es sonst noch so gibt, und eine bestimmte Locking-API. Speicher hat zwar auch Locks, aber andere, und kennt die Konzepte Eigner, hierarchischer Namespace und was da sonst noch so existiert nicht. Sun hat mal eine Zeit lang mit wilden Dingen herumgespielt, die Teile dieses Problemraumes adressiert haben. HP auch, mit einem anderen Teilaspekt dieser Sache. In beiden Fällen geht es um einen Haufen CPUs, die gemeinsam auf einem Speicher herumdengeln, der vielleicht oder vielleicht auch nicht lokal ist. Das löst aber jeweils nur einen Teilaspekt des Problems. Und es gibt keinerlei Software, die damit um könnte.\nIn Unix. Anderswo gibt es schon seit den späten 80er Jahren Rechner mit einer Art \u0026ldquo;hardware unabhängigem Bytecode\u0026rdquo;, 64 Bit Uniform Address Space und einer Art speicherbasierten, transaktionsorientierten Datenbank, Namespaces und Zugriffsrechten. Das ist dann aber kein Unix, sondern etwas anderes, bizarres, außerirdisches, das keiner von Euch je gesehen hat.\nAlien Systems/400 Das ist das, was man bekommt, wenn man eine JVM erfindet, bevor es Java gibt und wenn man persistenten Speicher mit RAM und \u0026ldquo;mmap() aber in richtig\u0026rdquo; und wie eine Datenbank riechend erfindet. AS/400 ist irgendeine CPU – das wurde in der Zwischenzeit auch mehrfach geändert und keiner hat es gemerkt – und irgendwelcher Speicher (viel weniger als 64 Bit, aber das hat auch keiner gemerkt, das RAM ist ja nur Cache). Statt \u0026ldquo;everything is a file\u0026rdquo; \u0026ldquo;everything is an object\u0026rdquo;.\nIn der Zwischenzeit hat Intel Optane wieder eingestellt. Das Pricing war falsch, aber vor allen Dingen hat keiner das richtig nutzen können. Zu RAM für ein Filesystem, und zu persistent für RAM – meh, was soll ich damit? Wenn alles entweder ephemeral oder ein File ist, dann ist \u0026ldquo;persistent, und so schnell wie RAM\u0026rdquo; irgendwie nicht zu gebrauchen.\n","date":"2023-08-09T00:00:00Z","href":"https://blog.koehntopp.info/2023/08/09/frueher-hatten-wir-festplatten.html","tags":["lang_de","filesystems","computer"],"title":"Früher hatten wir Festplatten..."},{"categories":null,"content":"In Deutschland gibt es circa 50 Millionen Autos. Wieviele Kilometer fahren die so im Jahr?\nStatista: Fahrleistung der PKW in Deutschland von 1970 bis 2021 , die Statistik zeigt die Entwicklung der Fahrleistung der Pkw in Deutschland in den Jahren 1970 bis 2021. Im Jahr 2021 betrug die Fahrleistung der Personenkraftwagen in Deutschland rund 582,4 Milliarden Kilometer.\nDas sind überschlägig 10k KM pro Jahr und Auto, das ist ein plausibler Wert.\nBei einem angenommenen Energieverbrauch von 20 kWh po 100 km und 582 Mrd. Kilometern ergibt sich ein Energiebedarf von\n\u0026gt;\u0026gt;\u0026gt; (582.4*10^7*20)/(10^9) 116 Also 116 Mrd. kWh oder 116 TWh.\nDie Stromerzeugung in Deutschland lag in 2022 bei 574 TWh.\nStatista: Bruttostromerzeugung in Deutschland in den Jahren 1991 bis 2022 , im Jahr 2022 wurden in Deutschland 574 TWh Strom erzeugt. Dies ist die Summe des erzeugten Stroms von Kraftwerken der allgemeinen Versorgung, industriellen Eigenanlagen sowie privaten Betreibern in Deutschland.\nWürde man die Autos in Deutschland komplett elektrifizieren, ist das ein Strommehrbedarf von 20 %. Und 20 kWh/100 km sind ein Benzinäquivalent von 2.2 l/100 km.\nDer Primärenergieverbrauch von Deutschland ist 1989 maximal gewesen und seit dem linear leicht gesunken.\nOWiD: Primary energy consumption in TWh .\nWir sind noch bei 78 % des Spitzenverbrauches, also ca. -0.7 % pro Jahr abnehmend. Das ist wohlgemerkt bei steigendem GDP:\nOWiD: GDP per Capita .\nDie 116 TWh E-Mobilität sparen zugleich geschätzt 350 TWh Primärenergie ein, also von 3416 TWh/a auf 3066 TWh/a abnehmend, oder anders gerechnet knapp 10 % oder 15 Jahre bei -0.7 % pro Jahr.\nDie Raffinierung von Benzin braucht auch Energie, etwa 1,585 Kilowattstunden pro 1l Treibstoff, allerdings kein Strom, sondern Primärenergie (Gigantischer Stromverbrauch von Raffinerien? ).\nIn Deutschland werden 52.2 Mio. Tonnen Kraftstoff/Jahr verfahren (Zahlen der \u0026ldquo;Fachagentur Nachwachsende Rohstoffe\u0026rdquo; ). Es sind 1.333 m^3 Volumen pro Tonne (Benzin)\n\u0026gt;\u0026gt;\u0026gt; (52.2*10^6 * 1333*1.585)/10^9 110 110 TWh Primärenergieverbrauch zur Herstellung des in Deutschland verbrannten Kraftstoffes gegen 116 TWh direkten Stromverbrauch, wenn man den Strom direkt verfährt. Strom gegen Primärenergie, aber ja.\nRechnet man solche Ersparnisse über die Gesamtwirtschaft, kann man ein solches Diagramm zeichnen:\nEnergy Flow Chart. Die Einheiten sind sehr amerikanisch: Quads (Quadrillion BTU, 3412 BTUs entsprechen 1 kWh ). Dies sind Short Scale Quads , also 1E15, deutsche Billiarden.\nMan sieht, daß die Effizienz von 1/3, die wir bei Verbrennungsmotoren haben, und die wir auch als Jahresarbeitszahl bei Wärmepumpen annehmen, auch für den gesamten Primärenergiebedarf gilt. Wir können also annehmen, daß wir durch eine Elektrifizierung von allem den Primärenergiebedarf dritteln, oder, wenn wir dennoch gewisse Verluste zugestehen, halbieren. Das ist das Ausbauziel in zu deckendem Primärenergiebedarf für eine nachhaltige Energieversorgung.\n","date":"2023-08-02T00:00:00Z","href":"https://blog.koehntopp.info/2023/08/02/was-waere-wenn-alle-autos-elektrisch-fuehren.html","tags":["lang_de","energy"],"title":"Was wäre wenn alle Autos elektrisch führen?"},{"categories":null,"content":"Memo to self: I have a VPS with a legacy Ubuntu 20.04, and when creating a user to run a user-based service, trying to use systemctl fails with the message:\n$ systemctl --user status Failed to connect to bus: No such file or directory To solve this, multiple changes were necessary:\nFixing the systemd problem The service is supposed to run as the user theservice, from the directory /home/theservice/therepo, and is to be controlled by a systemd instance for this user. There was no such instance running.\nMissing packages Several required packages were not installed (server image, minimal packages installed):\n# apt install dbus-user-session libpam-systemd libpam-cgfs loginctl config not correct Loginctl needs to be told what to do when the user is not logged in:\n# loginctl enable-linger theservice Missing environment variables Two environment variables were not defined properly:\n$ cat ~/.bashrc # ~/.bashrc: executed by bash(1) for non-login shells. # see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) # for examples # THIS INSERTED vvv export XDG_RUNTIME_DIR=/run/user/$(id -u) export DBUS_SESSION_BUS_ADDRESS=\u0026#34;unix:path=${XDG_RUNTIME_DIR}/bus\u0026#34; # THIS INSERTED ^^^ # If not running interactively, don\u0026#39;t do anything case $- in *i*) ;; *) return;; esac ... Note: As you can see in the case statement and the comment before, the remainder of the .bashrc is only run for interactive shells. The variable definitions must appear before the case statement, as shown.\nuser@.service not enabled and started The user-based systemd component was not enabled and started.\n# systemctl enable user@.service # systemctl start user@1011.service # the userid of the user I needed Defining the service The service we want to run is a Python program in a virtual environment, logging to stdout and stderr. It needs to be started by systemd as the service user.\nWe check out the repo and create virtual environment:\n# sudo -Hi theserviceuser $ git checkout git@github.com:theuser/therepo.git ... $ python3 -m venv venv $ source venv/bin/activate $ pip install -r requirements.txt ... This will check out the source, create a venv and then activate it and install the requirements.\nWe can now create a service. As the service user, run systemctl --user edit --full theservice.service and install\n# /home/theserviceuser/.config/systemd/user/theservice.service [Unit] Description=The Service After=syslog.target network.target [Service] Type=simple WorkingDirectory=/home/theserviceuser/therepo ExecStart=/home/theserviceuser/therepo/venv/bin/python3 /home/theserviceuser/therepo/main.py Restart=on-abort EnvironmentFile=/home/theserviceuser/therepo/.env [Install] WantedBy=multi-user.target By using the Python instance from the venv, we will automatically use stuff from the venv, no activation required.\nWe can now update all this with\n$ systemctl --user stop theservice.service $ git pull --rebase $ systemctl --user start theservice.service or a script that does the same.\n","date":"2023-07-12T00:00:00Z","href":"https://blog.koehntopp.info/2023/07/12/ubuntu-systemctl-user-does-not-work.html","tags":["lang_en","linux","devops"],"title":"Ubuntu: systemctl --user does not work"},{"categories":null,"content":"There is a really nice article by Pep Pla, over at the Percona blog about fragmentation in MySQL InnoDB tablespaces, which you should read.\nThe article discusses \u0026ldquo;fragmentation\u0026rdquo; of data in tables, which happens in a way similar to how it happens in filesystems.\nInnoDB stores data by default in tablespaces, which by default are a file per table. These files are subject to the fragmentation and growth rules of your filesystem, but if you are smart, you are running MySQL on Linux on the XFS. In that case, filesystem fragmentation (and unexplained commit latency variance) are not an issue, because XFS takes care of handling this properly, and only database-internal fragmentation remains.\nPrimary keys, data order and working set size Data inside an InnoDB tablespace is placed in primary key order, and that used to matter a lot, because rows with closer primary keys used to be stored closer together on disk. Up to the point where rows with adjacent primary keys had a good chance of being on the same page.\nIn the past, it mattered more than today, because even if data was not stored on the same page, pages that were physically stored closely together (on the same HDD track or cylinder) could be loaded faster. That was the case, since \u0026ldquo;near\u0026rdquo; disk seeks were executed faster by an HDD than \u0026ldquo;far\u0026rdquo; disk seeks across the entire surface of a hard disk.\nWith flash, seek times are largely irrelevant: In fact, the internal Flash Translation Layer of flash storage will put data anywhere it sees fit, and then issue you a Logical Block Address (LBA) that has no bearing whatsoever on the actual physical location of the page on the flash drive. It may even move the actual physical data under you behind the scenes, and still refer to it by the same LBA.\nWhat matters a lot as a concept, though, is the Working Set Size (WSS) of your database.\nThe Working Set is the set of pages your database is going to reference in the next future interval\nThis interval may be, for example, the next 1m, 10m or 1h. That is, it makes initially limited sense to speak of the WSS as an unqualified term. You\u0026rsquo;d have to use it with an interval instead, so the WSS-1m, WSS-10m, WSS-1h and so on.\nIf you could predict what pages will be needed in the WSS-10m, you could preload these pages and cache them. This would bring the disk reads to zero or close to zero for the coming 10 minutes.\nPredicting the future is hard, though, especially if accuracy is required. What we do instead is look to the past and hope the future looks alike.\nSo most people would want to look at the past 10 minutes, and the recorded page numbers requested from disk as a triple of (timestamp, tablespace_id, page_number). From this, we can build a histogram for a sliding 10m window, and we would know which pages have been in demand. From the height of the histogram counter, we would even know how much.\nWe can now size an InnoDB buffer pool, and calculate how large this pool would have to be to cache 95%, 99%, 99.99%, \u0026hellip; of all page read requests. Having a handle on the desired buffer pool size for a data set and a workload would be very useful to determine the amount of memory our database instance would need to perform adequately: It must be sized for – at least – the estimated buffer pool plus overhead plus some safety margin, rounded up to available instance types.\nUnfortunately, we can only get aggregate statistics from an unpatched MySQL, and no page-read-request timeline as shown above. Neither can we get a page-request histogram from P_S, or a properly precalculated WSS estimation. So it is necessary to patch MySQL to get this data, unfortunately.\nWhen we do this, and math a bit on the results, we observe there is actually such a thing as a WSS without a time-interval:\nAs long as the workload is stable, we can identify with some confidence a set of pages that need to be cached in order to quench most of the reads. Adding buffer pool pages past this point will not improve performance substantially, and there might still be a certain number of residual random page reads due to random accesses in the workload. In order to also quench these, you\u0026rsquo;d have to be able to keep the entire database in memory. While this is sometimes possible, there are workloads where this is not economical, especially at cloud pricing structures.\nDesigning for locality Here Pep Pla comes in again, because he highlights in his article the principle of locality, which is exactly what the working set size is. Specifically, WSS is temporal locality – we cache the pages we will need in the future in memory, so that spatial locality does no longer matter. Even when using HDD.\nBy choosing a primary key smartly, we can make sure that primary keys that are being accessed \u0026ldquo;together\u0026rdquo; have similar values, and each page is filled closely with many rows that we will be needing at the same time.\nFor a fixed data size, this lowers the number of pages active concurrently, bringing down WSS size, bringing down pool size, bringing down instance size, bringing down cloud cost.\nAlso, it is important to keep the row size down, so many rows fit into the same page, and finally getting a handle on fragmentation inside a page – but this is actually the least important factor in design.\nFor the various MySQL flavors, exposing disk read request traces (as (ts, tablespace_id, page#) triples) and deriving a histogram and a WSS metric from it remains an open TODO point.\nNote how \u0026ldquo;Designing for locality\u0026rdquo; is not primarily a \u0026ldquo;fragmentation\u0026rdquo; issue – the amount of empty space per page, segment or tablespace does not matter in the first place. Packing rows that are needed together densely is what matters: data density matters. And empty space in a page can ultimately adversely affect that, but it is really the last item on the list.\nFill Factors, and you do not need to OPTIMIZE TABLE \u0026ldquo;Empty space in a page\u0026rdquo; is a special kind of fragmentation, and in databases it is commonly called \u0026ldquo;fill factor.\u0026rdquo; Pep Pla has been testing the behavior of InnoDB with various workloads and page fill factor settings, and this is the first documented and systematic work in this area that I am aware of.\nUsing the innodb_space tool from Jeremy Cole\u0026rsquo;s Tooling , he observed the behavior of InnODB after a longer term mixed insert and delete workload.\nThe results are pretty encouraging. Basically, according to the results from his testing, it never made sense to run OPTIMIZE TABLE to repack and re-order the data for flash storage. Disk seeks do not matter much any more on flash, and there will always be empty space in the pages of tables that see permanent random inserts and deletes. So running OPTIMIZE TABLE will bring the table size down and repack it, only to create a wave of page splits immediately after when the DML workload continues and needs room to work.\nPep Pla shows fragmentation maps for the same table after 400 iterations of his DML workload using different fill factors, and it shows that the initial fill factor after an OPTIMIZE TABLE is no longer visually identifiable. Instead, all tables look similarly fragmented, so their shape is dominated by the workload, not the OPTIMIZE TABLE and the fill factor parameters.\nIt may be useful to OPTIMIZE (and compress) tables that are being archived, but as soon as they see DML, they will be reshaped by the workload again, and you might as well not OPTIMIZE.\nDesigning for locality vs UUID It is worth mentioning that very many tables have a row-access frequency that matches the rows primary key, if the rows\u0026rsquo; primary key is an auto_increment. That is, very many applications frequently access rows that have recently been written, while older rows are being used much less frequently.\nBy using auto_increment primary keys, data is automatically ordered physically so that \u0026ldquo;cold data\u0026rdquo; is at the front of the table and \u0026ldquo;hot data\u0026rdquo; is at the end. This also puts hot rows together into the same page or pages close by, at the end of the table. This is good for performance in InnoDB, and also keeps the WSS down.\nUsing a random primary key (a MD5 or a UUID v4) will not impose any order on the primary key. In InnoDB, where the primary key value determines the physical position of the row in the table, this essentially scatters rows across the entire table. This creates a very large working set, bloating required buffer space, and increasing instance size: There will be a hot row in any page with the same probability, so you\u0026rsquo;ll have to cache all pages to quench reads.\nUsing a UUID v1 is better because they have a temporal component, which can be used to leverage an auto_increment-like ordering. Unfortunately, MySQL does not do this by providing a UUID v1 data type, which does the right thing automatically. Instead, we get to use a pair of functions UUID_TO_BIN() and BIN_TO_UUID(), which require you to manually cast the data every time you access it and remember to set the swap flag properly. This is very uncomfortable and error-prone, more so in large development organizations.\nTry to use auto_increment with MySQL InnoDB. If you can\u0026rsquo;t, try to go with UUID v1 and the UUID_TO_BIN() functions, with the swap flag set.\nFor the various MySQL flavors, it remains an open TODO point to provide a UUID v1 and a UUID v4 data type.\nRow Fragmentation MySQL InnoDB is famously bad at storing files, and Pep Pla discusses that cursory, too. In fact, the Percona Blog also provides another article on this with some more depth, which is a lot more opinionated than the official manual on the subject at hand.\nBasically, when a row becomes too large (at 1/2 page size, 8 KB), InnoDB stores individual fields of a row \u0026ldquo;off-table\u0026rdquo; in overflow pages. The article does not discuss this, but to my knowledge, each overflow page holds only one field, so the overhead is statistically much larger than \u0026ldquo;on average 1/2 page\u0026rdquo; as stated in that article. This effect becomes stronger if you have tables with multiple BLOB/TEXT columns in a row, and each is just barely large enough to trigger off-table storage.\nAccessing data that is stored in overflow pages uses up additional buffer pool pages to hold them, at a rate of at least one per overflowed field, increasing the working set size, and hence necessary instance size. In versions of MySQL before MySQL 8, such data also forced the use of on-disk temporary tables, which impacted query performance badly to a large extent, but this is now fortunately fixed.\nSo in the past, the general advice was to avoid TEXT/BLOB columns altogether, and if you must use them, do not use them as part of a join or any query that was marked as \u0026ldquo;using temporary.\u0026rdquo; Since MySQL 8, this is much better, but still be aware of the working set size increase.\nFor the various MySQL flavors remains an open TODO point to provide a more efficient (Postgres TOAST-like?) BLOB storage, in order to bring down storage overhead.\nAnother long-standing BLOB performance-related work item that is not linked to fragmentation would be to provide a \u0026ldquo;partial updates\u0026rdquo;/\u0026ldquo;BLOB streaming\u0026rdquo; API in the protocol, because this is another well-known point of inefficiency:\nTry to store a BLOB larger than max_allowed_packed in the database. Try to change 4 bytes at offset 32M in a 64M BLOB efficiently using MySQL protocol. If you do, and observe what happens on the wire, in memory and on disk, you\u0026rsquo;d be scared. Until it is fixed, use the filesystem or S3 for this, and store filenames or URLs instead.\nRecommendations? You probably do not need to care much about fragmentation if your database uses flash-based storage. InnoDB is relatively stable for DML workload, and OPTIMIZE TABLE is usually not worth the effort, unless you move a table to archive/read-only. You would do well to design for data density and temporal locality, bringing down working set size. Often this happens automatically when using auto_increment as a primary key. Even in MySQL 8, you would still do well to keep BLOB and TEXT fields out of main tables, or where it makes sense, out of the database completely. Server Side improvements needed:\nMySQL has no good instrumentation that can trace disk read requests by (ts, tablespace_id, page#), making it hard to estimate working set size, and derive an optimal instance size from it. You will need to patch the database server in order to grab this data. This needs fixing in the mainline server source. MySQL should have a UUID v1 and a UUID v4 data type, which would be a lot less error-prone that the current set of functions. This needs fixing in the mainline server source. MySQL has an abysmally underdeveloped BLOB storage and long-standing gaps in its BLOB access API (efficient partial updates, BLOB streaming). This needs fixing in the mainline server source. ","date":"2023-07-06T00:00:00Z","href":"https://blog.koehntopp.info/2023/07/06/mysql-innodb-fragmentation.html","tags":["lang_en","mysql","database"],"title":"MySQL: InnoDB Fragmentation"},{"categories":null,"content":"This is not much of a blog post, but just a thread dump from Mastodon as requested by a friend, because my Mastodon posts expire after some time.\nBased on my work and the people I know, I have some (remote) view into what happens in a few companies at the C- and Mid-Level management. And from where I sit, it seems the great resignation is not only a thing that affects workers, but also managers. It is almost funny.\nThese people are often pretty awesome administrative people. Mid-level managers with amazing Jira- and Miro-skills, breaking down large work parcels of well-understood jobs into team-sized packages, describing the requirements and planning the required hours, then mapping them onto calendars. Or budget jugglers that take large unstructured sums of cost, and find a way to parcel them out in a halfway reasonable way into individual cost centers and items.\nDigital and other transformations These companies are also all in a series of transformations, at all levels of the stack simultaneously.\nMany are moving on-premises workloads to cloud, but the workloads are not cloud-shaped. Two enterprises I happen to know about are also changing their implementation language from something exotic to something less efficient, but a lot easier to hire for. One enterprise is also breaking up a monolithic application into a set of microservices, but the cut lines are unclear and need to be found. One enterprise is modifying the way they do business from a single product to a series of interconnected and interdependent products, some of them in highly regulated markets. Another enterprise is changing the way they make their product from mostly manual labor into something based on sensor input and data science. These transformations require a different kind of manager: they need less of an administrative person, and more business process designer; they require a different kind of empowerment and delegation, from the top to them, and from them on downwards – much more autonomous on the delegation poker side;\nWhat is also needed is an entirely different kind of understanding of the company itself, less interchangeable business administration skills, and more business-specific skills about how the sausage is made.\nOn top of that are traditional hierarchies and communication structures that are based on in-person attendance and mostly oral tradition, and a skill-set that is well suited for the Clear and Complicated domains of the Cynefin-Model , but wrong for the Complex and Chaotic domains.\nThe Enterprise cannot perform the set of transitions it must execute to stay relevant, when the entire Org and the people that carry and build the structure of the Org are incapable of transforming their way of working to match the problem. So they leave.\nWhich for an organization that is in the Complex and Chaotic realm of a transformation makes the problem worse, because the intimate knowledge of the processes that make this company unique and competitive goes with them. The people coming in have to learn these things, but if the Org does not have written account of what matters and has no way of teaching these things that make this company special, it basically loses its specialty and becomes meaningless, interchangeable and then soon extinct.\nWhat Remote Work does for companies Funnily, companies that optimize for remote work are also companies that out of necessity optimize for a written instead of an oral culture. They tend to have very well documented ways of specifying and teaching what they do, why and how, and a proper self-service onboarding process complemented by a mentoring system – and that also works for mid- and C-level management.\nCompanies that optimize for remote are executing transformations easier because they understand their meta better. Many workers understand that. Maybe not in this way or even in words, but they can read the room, and they are reacting to their environment, especially the skilled ones.\nA preference for remote work is useful even, or especially, if you come into the office, because a company that can do remote properly understands what it does and how it works better than a company that executes \u0026ldquo;remote\u0026rdquo; with a \u0026ldquo;zoom harder\u0026rdquo; policy.\nInterviewing to find organizations that know their stuff So when you interview, these are useful and interesting questions:\nHow did your company change their way of working during Covid? How did your management style evolve under Covid and after? How do you detect misalignment, disagreement or conflict or other causes for in-person meetings when working remotely, and what are the ways you handle these situations? How do you evolve agreement from oral consensus to documentation to training material? How do you document and teach processes? How did your way of working as a person and as a member of the Org evolve in the last 5 years? What can you point to that illustrates process maturation and advancement? In what way did your Org execute transformations in the last five years? That certainly was not frictionless. What worked, what didn\u0026rsquo;t, what did the Org learn? If that reads a lot like a reverse interview – well, that\u0026rsquo;s what it is.\nBut the objective is clear: You want to find out if the org you are about to join has access to its own meta, and if it can change and consciously design its org structure, work, and communications culture.\nAll companies right now are executing a series of transformations at multiple levels of their business. That is because the world right now is a lot less stable than it used to be in the last 50 years. But only those that do not let these things happen to them, but are actively shaping the process will not be painful to work at.\nYou must find these early in the interview process.\nIn any case, the information you want to find when interviewing for a job is again:\n\u0026ldquo;Does this company shape itself and its future consciously? Does it design itself? Or does change happen to the org accidentally? Does it understand what it does, and why? Or are they winging it?\u0026rdquo;\nMost management is winging it, most companies are cheating their way to the next quarterlies.\nYou do your work, but you do have an understanding of what management is supposed to do. Does management understand their job, tho?\nCan you respect your current or future management? Can they express the value they provide in a way that is understandable and meaningful to you?\nCan they explain the business, and what specifically the competitive advantage is this org has within its own competitive set? Do they know why this differentiation exists, and how it is protected or extended? Do they understand in what way the structure they are building and upholding helps in doing this? And how it needs to change to be able to continue?\nBasically, you want to find out if they know the C-level strategy they exist in. If they know what direction everybody is supposed to march in, and what their local objectives are as a part of the greater whole. You need to find out if they have context that they are making local decisions in.\nIncidentally, it is this (and not ping-pong tables) that builds engagement and loyalty.\nPeople love to work for a company that understands how it functions, and can talk sensibly about this – about its business and communication processes, and the why and how of useful interaction.\nPeople love to work for organizations that have an idea of how to change and into what, instead of being shaped by accident.\nStressors Another contributing factor is that transformations interrupt the value extraction process of neoliberal shareholder value, and also upsets established hierarchies.\nShifting to the left side of the Cynefin model means you need smaller teams of higher qualified people. Teams that perform work in a way that is much harder to quantify, and create value that is hard to express in right-side organizational structures.\nThat is, shareholders and their demand for dividend and rising stock value interfere with the investment needs, increased risk and hard to measure gains that transformations require, and thus the owners of the enterprise are an impediment to the change that the company needs to be able to continue to deliver value to them.\nThat is, some individual owners always understand that problem, but the owners as a group don\u0026rsquo;t and can\u0026rsquo;t and are working against their own best interest.\nSide Remark: Similar structural pressure is currently visible in German society, at the \u0026ldquo;Berlin vs. Berlin Outskirts\u0026rdquo; conflict or at the national mobility and energy transformation.\nSide Remarks from the Pandemic Coping Discord A friend gives an example at the individual level IC: \u0026ldquo;The existing code is bad and undocumented. Three weeks for the fix, provided there are no landmines.\u0026rdquo;\nM: \u0026ldquo;So you commit to 3w?\u0026rdquo;\nIC: \u0026ldquo;No, because I don\u0026rsquo;t know if there are landmines. Usually there are.\u0026rdquo;\nM: \u0026ldquo;But I need a binding commitment to before the end of July!\u0026rdquo;\nThat\u0026rsquo;s lack of tech understanding paired with pressure from the shareholder end.\nAnother friend talks about Stressors M: \u0026ldquo;My personal theory is that we are running into some inherent limits of the current management model during the last decade and are now seeing stress fractures.\u0026rdquo;\nK: \u0026ldquo;But the question is where the stress is originating.\u0026rdquo;\nM: \u0026ldquo;Complexity (as observed at each management level).\u0026rdquo;\nK: \u0026ldquo;Ok, that matches what I think if you accept that it is these transformations that are causing the stress. What you call stress fractures I call transformation overload.\u0026rdquo;\nM (responding to the three-week-commitment example above): \u0026ldquo;A good example for what I mean by complexity at that management level: The manager can communicate only a scalar detail upwards, but the problem is a complex data object. The manager cannot report what happens nor the risk properly.\u0026rdquo;\nK: \u0026ldquo;A command and control management is unable to handle situations that require nuance and understanding of detail?\u0026rdquo;\nM: \u0026ldquo;Yes. Management level A needs to reduce their stress, and forces their lower level B to simplify. That increases pressure and stress at the level of B.\u0026rdquo;\nM: C has called this \u0026ldquo;driven by financials.\u0026rdquo; The only universal scalar is Euro, but expressing all things in Euros is becoming increasingly harder and is losing information.\nM: A lot of fighting and pressure is actually about \u0026ldquo;simplify your reporting\u0026rdquo; vs. \u0026ldquo;accept my complexity.\u0026rdquo;\nM: \u0026ldquo;This is also in part why we see a preference for managed services. They are an attempt to encapsulate complexity. Often that fails, and the complexity reappears and attacks the PO consuming that service.\u0026rdquo;\nC: \u0026ldquo;A way to solve the conflict is to ask more \u0026lsquo;Why\u0026rsquo; questions downstack, and to create more tasks that allow for interpretation.\u0026rdquo; That is basically a move to the left-hand side of Cynefin.\nM: \u0026ldquo;That requires a trust that is larger than Euro-Scalars. And ultimately that breaks at the shareholder-level, latest.\u0026rdquo;\nH2: \u0026ldquo;And non-technical management also believes these things are simple. Click here, and ChatGPT will develop the software autonomously. It\u0026rsquo;s those pesky IT people making all these things that complicated.\u0026rdquo;\n","date":"2023-06-22T00:00:00Z","href":"https://blog.koehntopp.info/2023/06/22/a-great-resignation-management-edition.html","tags":["lang_en","work"],"title":"A Great Resignation, Management Edition"},{"categories":null,"content":"This is what a self-driving car sees, or constructs from the sensor data it uses:\nScreenshot from How is LiDAR remote sensing used for Autonomous vehicles? Specifically, LIDAR data is supposed to be extremely accurate and fast, Lidar Data Accuracy claims 2-3cm resolution and many scans per second for aircraft LIDAR, and Assessing Vehicle Profiling Accuracy of Handheld LiDAR claims similar resolution for casual LIDARing crash scenes with Apple handheld hardware.\nAutonomous vehicles are using this data to detect other traffic, vehicles and persons, to classify them, and to model their behavior. For this, they are building a model of the world around them, in which the position and the speed vector of anything detected is very well known and tracked. It stands to reason that this is a very well-calibrated system, because if it were not, the car would build the world-model wrongly and hit other people or things.\nQuestions for self-driving car builders Detecting speeding while driving Albrechtstraße, driving towards Wenckebachstraße, in Berlin. To the right a playground. This road is a \u0026ldquo;30 zone\u0026rdquo;.\nConsider this car driving in a 30 zone in Berlin towards the main road. It is being passed on the left by another car, driving\n35 km/h 50 km/h 70 km/h In this situation, should the self-driving car send a report to the police for a traffic-violation (speeding) automatically? If yes, why at this threshold and not any other? If no, why should the car ignore this?\nDetecting speeding while parking Consider the same situation, but the car is parked in a GDPR-compliant \u0026ldquo;Sentry Mode\u0026rdquo;. That is, the car does not record any data from the public space, unless it has reason to (for example, because it is being burglared). But of course its sensors do not stop at a road boundary, and it still somehow notices the speeding happening.\nShould it report the traffic violation, or let it go? If it should let it go despite having a recording, why? If the threshold is different from driving, why?\nThe offending car could have been on auto, but it was not Consider the offending, speeding car to be a model at least as capable as the model doing the recording. It could drive autonomously, and if it were, it would have been following the posted speed limit of 30 km/h. But the driver disabled the autonomous mode and manually and willfully speeded.\nShould the driver be fined normally or get a different fine? Why?\nShould that car have reported itself and its driver? Why or why not?\nThe recording car is parked illegally The driver of the recording car tries to park illegally:\nWenckebachstrasse 1, Berlin. The driver tries to park to the right of the Seat and the red-white boundary.\nThe car has a map of legal parking spaces in the area available, and can position itself within 3 cm accuracy. The driver tries to park it to the right of the Seat and the red-white boundary. The car warns the driver, and is overridden. Behind the driver on the other side of the road is a playground. The building in front of the driver is the Wenckebach Hospital.\nShould the car self-report the parking violation? Should this include data about the driver? Should another car spotting this report the parking violation? Or should only a Scanauto report this once it spots it on its tour? Why or why not?\n","date":"2023-06-12T00:00:00Z","href":"https://blog.koehntopp.info/2023/06/12/what-to-do-with-self-driving-car-data.html","tags":["lang_en","bike","überwachung"],"title":"What to do with self-driving car data?"},{"categories":null,"content":"Just like your work computer is being infested with corporate malware as to prevent it from being taken over from other people\u0026rsquo;s malware, your account is also being spammed with corporate malware spam as to prevent it from being taken over by other malware spam. And just like corporate malware increases your machine\u0026rsquo;s attack surface , because it is badly written and running with privileges, corporate spam is a useless nuisance that doesn\u0026rsquo;t do what it is supposed to do .\nOf course, working in an enterprise, you will be subjected to such campaigns anyway. So the best outcome for you would be to identify a phishing training campaign when it runs the first time, and then upgrade your filters so that you will never be bothered again.\nThe good news is that all phishing training campaigns have automatically detectable traits, mostly X-Header lines, because the campaign needs to be able to deliver quantifiable results to the corporate overlords that pay for it. And of course, we can filter for these.\nThe X-Header What X-Header actually is being used depends a lot on the Phishing Training service provider your company is using. It may be something such as X-KnowB4 or X-PhishMe or similar. To find out what it is, you need to check the actual raw message content.\nIn Mail.app, select the message you have identified as phishing training mail, and select View -\u0026gt; Message -\u0026gt; Raw Source (⌥⌘U). Then check for lines that start with X- in the header that identify the training provider or reference \u0026ldquo;Phish\u0026rdquo;.\nSee Message Raw Source in Mail.app.\nIn Outlook for Mac, select the message you have identified as phishing training mail, and select View Source. Then check for lines that start with X- in the header that identify the training provider or reference \u0026ldquo;Phish\u0026rdquo;.\nSee Message Raw Source in Outlook for Mac.\nThe line you are looking for might be looking like this:\n*In our case, the line identifying the phishing training mails looks like X-Phishme: Phishing_Training. In fact, we only care about the presence of the X-PhishMe header line and the actual value after the : is completely irrelevant.\nThis header, in the exact spelling shown, is what we want. It is best to copy and paste it to prevent spelling errors.\nMail.app I\u0026rsquo;m on a Mac, and for a long time my corporate email was on Gmail. Unfortunately, Gmail cannot filter on arbitrary X-headers, and registering an application to OAuth against corporate mail is complicated. But Apple\u0026rsquo;s Mail.app comes preregistered, was allowed, and can filter.\nSo I can just sacrifice another 200 MB or so to the God of Better Mail and get proper filters in return. In any case, ⌘-, (\u0026ldquo;Cmd-Comma\u0026rdquo;) gives me the Rules menu, and from there I can Add Rule.\nYou would want to add a filter on the Header-Line X-PhishMe. For what, we want to create a rule that looks like this:\nThis is what our filter should look like, but it can\u0026rsquo;t. That is, because the first time around Mail.app does not know about this X- header.\nCurrently, your Mail.app does not yet understand this particular X-Header, so when you want to create this rule, you need to Edit header list....\nand then add the header to the list of known header lines:\nOnly now can you create the filter as shown above. In this example, I have moved the message to the Trash Bin, but you can choose any target you want. Whatever you do, make sure that the last action you choose is \u0026ldquo;Stop evaluating rules\u0026rdquo;, then hit OK.\nNow drag the rule up so that it becomes the first rule in the list.\nYou are done.\nOutlook In Outlook for Mac, also hit ⌘-, (\u0026ldquo;Cmd-Comma\u0026rdquo;) and choose Rules. Create a new rule and make sure it is enabled:\nThe rule should look like this:\nThat is, move the message to a folder of your choice, and make sure to enable \u0026ldquo;Stop processing more rules\u0026rdquo;. Make sure the rule is the first one in the list.\nYou are done.\nSummary All phishing trainings need to have uniquely identifiable marks in order for the training campaign to produce the required key performance indicators. We can find these labels and use them to filter. Our mailer will automatically ignore subsequent runs of the phishing training, for our peace of mind.\n","date":"2023-05-23T00:00:00Z","href":"https://blog.koehntopp.info/2023/05/23/getting-rid-of-phishing-training-mails.html","tags":["lang_en","security","spam"],"title":"Getting rid of phishing training mails"},{"categories":null,"content":"This is part 5 of a series.\n\u0026ldquo;1974 \u0026rdquo; on the traditional Unix Filesystem. \u0026ldquo;1984 \u0026rdquo; on the BSD Fast File System. \u0026ldquo;1994 \u0026rdquo; on SGI XFS. \u0026ldquo;Vnodes \u0026rdquo; on how to have multiple filesystems in Unix. Progress is sometimes hard to see, especially when you have been part of it or otherwise lived through it. Often, it is easier to see by comparing modern educational material and the problems discussed with older material. Or look for the research papers and sources that fueled the change. So this is what we do.\nFrontiers in the Nineties SGI\u0026rsquo;s XFS is pretty much the culmination point in filesystem technology for anything that does in-place updates. Extents, generous usage of B+-trees and lock splitting across allocation groups make it a great filesystem that is fast and scales well. The introduction of a metadata log allows it to recover quickly.\nThe Nineties were also busy with operating systems research. Specifically, cluster operating systems were very much en vogue: Tanenbaum was in Amsterdam, busy with Amoeba . Bell Labs was busy with Plan 9 . And at the UCB, Ousterhout was working on Sprite .\nAll were experimenting with cluster-unified filesystems, distributed processing, workload migration, and generally trying to build what 20 years later would become the Warehouse-Scale Computer .\nPart of the Sprite development at UCB, specifically, was the Log-Structured File System (LFS), and Mendel Rosenblum and John K. Ousterhout present it in this paper from 1992. This is a long paper, 27 pages, but if you read it with hindsight, you can really appreciate how enlightened it was.\nLFS Filesystems with in-place updates are in part already using logs for faster recovery in 1992. The paper poses the question \u0026ldquo;What if we had a filesystem that only had a log, and never did in-place updates?\u0026rdquo;, calling it a log-structured file system. It then proceeds to present an implementation and benchmarks for such a thing.\n\u0026ldquo;Reads are cached, only writes matter\u0026rdquo; In working with distributed operating systems, the Sprite team noticed that they have a lot of memory available. They found with increasing memory sizes, the probability of a file being served by the buffer cache instead of reading it from disk increased by a lot, and eventually almost all disk reads are being served from memory.\nWrites cannot be cached very well, and eventually they need to hit persistent storage, but with the reads being cached it would be worthwhile and possible to construct a filesystem optimized for writes.\nThe team also observes that CPU speeds grow exponentially, following Moore\u0026rsquo;s law. The same seems to be true for memory sizes, which being on-chip silicon structures also obey this law. But disks do not work that way. While their capacity grows, their transfer speed and seek time does not improve much, because mechanical parts do not obey Moore\u0026rsquo;s law. Disks are a problem: While linear writes perform well, seeks are slow and are not getting faster much.\nSo they propose never overwriting any data, but always appending changed blocks to the end of a log.\n“Ah you think the log is your ally? You merely adopted the log. I was born with it, designed for it.”\nGarbage collection Of course, disks in the Nineties were finite, as they are now. So there has to be a cleaner process that identifies, frees and compacts space that is no longer needed by any current view of the filesystem.\nThis is much like the Garbage Collection in Java Virtual Machines, which were invented around the same time. And much like the GC in JVMs, it would turn out to be the weak spot of the system.\nA lot of the paper busies itself with simulating workloads on the filesystem with different cleaner policies, and the team then lands on a system that very much evolves in the same way Java GC evolved, with a multi-tier compaction process that mirrors the \u0026ldquo;Young\u0026rdquo;, \u0026ldquo;Old\u0026rdquo;, and \u0026ldquo;Permanent\u0026rdquo; generations of Java objects. This is not entirely surprising from hindsight: Other, newer systems such as Cassandra, Zookeeper and other storages that use LSM Trees are using a very similar strategy with good success.\nSpecifically, LFS partitions the storage into contiguous segments, and cleans storage segment by segment:\nWe used a simulator to explore different cleaning policies and discovered a simple but effective algorithm based on cost and benefit: it segregates older, slowly changing data from younger rapidly changing data and treats them differently during cleaning.\nOther code takes multiple nearly empty segments of the same age and copies them together into a single segment, freeing up the others.\nThis creates a certain amount of background copy activity from the cleaner process. It also creates a race between the writers to the system using up free space, and the cleaner process trying to provide sufficient free space. If the system writes data heavily and free space goes down, the cleaner may need to be prioritized higher, consuming more I/O, in order to make sufficient progress in providing clean segments to write to. This will also slow down the writers.\nBenchmarks executed as part of the research show that the system can indeed write to disk at up to 70% of the theoretically available maximum bandwidth. But this is true only under ideal conditions. Also, the data is not stored in read-order at all, so read performance is only good if data is actually cached.\nSegments are sufficiently large to amortize the cost of seeking to them. In the Mid-Nineties, that meant a size of around 0.5 to 1 MB.\nCleaning is then a three-step process: After suitable segments have been identified from metadata, the cleaner reads multiple segments into memory, compacts them into a smaller number of segments, and writes them out to disk in a single large I/O operation. The old segments can now be marked as clean, and be returned to the free segment pool.\nUsing FFS data structures LFS uses data structures from FFS almost unchanged: The filesystem has superblocks, inodes, direct and indirect blocks, and uses the same structures for directories, too. All information changed is buffered and then written out sequentially in a single disk write that appends atomically and asynchronously to the log.\nNot overwriting things means duplicating things, so when a file grows by appending a block, the file\u0026rsquo;s inode changes. This means the block containing the changed inode needs to be written out again, together with block added to the file. LFS needs to keep track of inodes in an inode map, and this now also needs to be updated and written out: even if it is small enough to be cached in memory, it needs to be persisted.\nLFS does indeed do limited in-place updates: The superblock and checkpoint region are written in fixed locations.\nLFS stops short of also appending new copies of the inode map and ultimately the superblock for each disk write, and puts these things into fixed locations. So we do have in-place updates for certain limited metadata structures. This is unfortunate, as we will see when we are looking at LFS\u0026rsquo; legacy.\nSoft Updates In order for LFS to write out changes to data and metadata such as indirect blocks, direct blocks, inodes and directories, updates had to be written in the proper order, even if the entire write happened in a single big I/O operation. Writing out data \u0026ldquo;from the leaves of the filesystem tree to the top\u0026rdquo; sorts the updates in a way that made recovery easier, because each data structure that had pointers to dependent blocks would be written out only after these blocks had already been persisted.\nIt turns out that this logic also has merit for traditional filesystems that do in-place updates. It allows file system checking to go on in the background while the filesystem is already being made available, and it can eliminate almost all synchronous metadata updates in the filesystem.\nLFS in BSD The BSD FFS crew, also at UCB, was very aware of Ousterhout\u0026rsquo;s work, and picks it up the year after he publishes. They port the filesystem to BSD and write a 1993 paper about it Features and subsystems of BSD FFS are matched with the equivalent structures and concepts on the BSD LFS side.\nThey note a few shortcomings, and present improvements: The cleaner was single-threaded. No matter how many LFS filesystems were mounted, there was only a single cleaner process. Now there is one per mounted filesystem. They also provide a structural verifier for the filesystem, something similar to a fsck, but a thing that can run in the background, while the filesystem is mounted.\nAlso, the original LFS code was using more memory than necessary, and BSD LFS was made a lot more memory efficient.\nA lot of the paper is then a validation that their implementation is indeed a faithful port, and an improvement over original LFS, and benchmarking.\nThe benchmarks confirm improved write performance, but also show weakness concerning read workloads. This is for two reasons: data is possibly fragmented, and the file system buffer cache in their machines is often too small to soak up the disk reads. And secondly, when the cleaner process is running, it interacts badly with both the disk reads and writes via disk seeks, and that costs more performance than anticipated. This is in particular true for a database-like (TPC-B) benchmark load, which performs badly and requires extensive tuning.\nNotably, the paper already hints at several improvements:\nThere are two places where in-place updates still happen. By removing them, the filesystem would automatically become transactional and gain snapshot functionality. In fact, each disk write would eventually create a snapshot, and actually \u0026ldquo;snapshotting\u0026rdquo; the filesystem would simply mean to prevent the cleaner from collecting certain snapshots.\nAdding checksums to disk blocks already has happened in a few places. Turning this into a Merkle tree would be a trivial extension, and make validating the complete integrity not only of the structure, but also of the file data a lot easier.\nThe paper already notes that ordering writes in the log in a certain way makes background validation easier: If blocks being pointed to are written before blocks that point to them, referential integrity of the filesystem is being kept at all times. It is just that a transaction may be incomplete, but because it\u0026rsquo;s not referenced anywhere that is not a problem, and the disk blocks will be eventually collected and freed by the cleaner.\nNothing in this idea is actually dependent on the filesystem being LFS. In fact, it can and was successfully applied to BSD FFS, too, under the name of soft updates , allowing to mount unchecked filesystems and then running a check in the background.\nPerformance War While Seltzer, Bostic, McKusick et al., the original authors of the BSD FFS, were busy porting Sprite LFS to BSD, and tuning it, Larry McVoy and S.R. Kleiman pick up the BSD FFS sources at Sun and add support for extents to it. The resulting patch is tiny, and the work is being documented in Extent-like Performance from a UNIX File System .\nTo Seltzers chagrin, EFS often and consistently outperforms LFS, requires little to no tuning. In File System Logging Versus Clustering: A Performance Comparison this is confirmed, even if it takes a long paper with many benchmarks to arrive at this finding. The problem is mostly with the disk seeks induced from running the cleaner.\nIf only something could be done about this\u0026hellip;\nSomething could be done, but it would happen at Sun and NetApp, and not in BSD: We\u0026rsquo;re getting ZFS and WAFL.\nAlso, we\u0026rsquo;re getting things that can seek a lot faster than disks: Flash Storage.\n","date":"2023-05-17T00:00:00Z","href":"https://blog.koehntopp.info/2023/05/17/50-years-in-filesystems-towards-2004-lfs.html","tags":["lang_en","unix","filesystems"],"title":"50 years in filesystems: towards 2004 – LFS"},{"categories":null,"content":"This is part 4 of a series.\n\u0026ldquo;1974 \u0026rdquo; on the traditional Unix Filesystem. \u0026ldquo;1984 \u0026rdquo; on the BSD Fast File System. \u0026ldquo;1994 \u0026rdquo; on SGI XFS. Progress is sometimes hard to see, especially when you have been part of it or otherwise lived through it. Often, it is easier to see by comparing modern educational material and the problems discussed with older material. Or look for the research papers and sources that fueled the change. So this is what we do.\nHow to have multiple filesystems Steve Kleiman wrote \u0026ldquo;Vnodes: An Architecture for Multiple File System Types in Sun UNIX \u0026rdquo; in 1986.\nThis is a short paper, with little text, because most of it is listing of data structures and diagrams of C language struct\u0026rsquo;s pointing at each other. Kleiman wanted to have multiple file systems in Unix, but wanted the file systems to be able to share interfaces and internal memory, if at all possible. Specifically, he wanted a design that provided\none common interface with multiple implementations, supporting BSD FFS, but also NFS and RFS, two remote filesystems, and Non-Unix filesystems, specifically MS-DOS, with the operations being defined by the interface being atomic. And the implementations should be able to handle memory and structures dynamically, without performance impact, reentrant and multicore capable, and somewhat object-oriented.\nTwo abstractions He looked at the various operations, and decided to provide two major abstractions: The filesystem (vfs, virtual filesystem) and the inode (vnode, virtual inode), representing a filesystem and a file.\nIn true C++ style (but expressed in C), we get a virtual function table for each type, representing the class:\nFor the vfs type, this is a struct vfsops, a collection of function pointers with operations such as mount, unmount, sync and vget. Later in the paper, prototypes and functionality of these functions are explained. For the vnode type, likewise, we get struct vnodeops. The functions here are open, rdwr and close, of course, but also create, unlink, and rename. Some functions are specific to a filetype such as readlink, mkdir, readdir and rmdir. Actual mounts are being tracked in vfs objects, which point to the operations applicable to this particular subtree with their struct vfsops *.\nSimilarly, open files are being tracked in vnode instances, which again, among other things, have a struct *vnodeops pointer. vnodes are part of their vfs, so they also have struct *vfs to their filesystem instance.\nBoth, the vfs and the vnode need to provide a way for the implementation to store implementation specific data (\u0026ldquo;subclass private fields\u0026rdquo;). So both structures end with caddr_t ...data pointers. That is, the private data is not part of the virtual structure, but located elsewhere and pointed to.\nVnodes in action One full page in the paper is dedicated to showing the various structures pointing at each other. What looks confusing at first glance is actually pretty straightforward and elegant, once you trace it out.\nKleiman sets out to explain how things work using the lookuppn() function, which replaces the older namei() function from traditional Unix. Analogous to namei(), the function consumes a path name, and returns a struct vnode * to the vnode represented by that pathname.\nPathname traversal starts at the root vnode or the current directory vnode for the current process, depending on the first character of a pathname being / or not.\nThe function then takes the next pathname component, iteratively, and calls the lookup function for the current vnode. This function takes a pathname component, and a current vnode assuming it is a directory. It then returns the vnode representing that component.\nIf a directory is a mountpoint, it has vfsmountedhere set. This is a struct vfs *. lookuppn follows the pointer, and can call the root function for that vfs to get the root vnode for that filesystem, replacing the current vnode being worked on.\nThe inverse must also be possible: When resolving a \u0026ldquo;..\u0026rdquo; component and the current vnode has a root flag set in its \u0026ldquo;flags\u0026rdquo; field, we go from the current vnode to the vfs following the vfsmountedhere pointer. Then we can use the vnodecovered field in that vfs to get the vnode of the superior filesystem.\nIn any case, upon successful completion, a struct vnode* representing the consumed pathname is returned.\nNew system calls In order to make things work, and to make things work efficiently, a few new system calls had to be added to round out the interfaces.\nIt is here in Unix history that we get statfs and fstatfs, to get an interface to filesystems in userland. We also gain getdirentries (plural) to get multiple directory entries at once (depending on the size of the buffer provided), which makes directory reading faster a lot for remote filesystems.\nIn Linux Looking at the Linux kernel source, we can find the general structure of Kleiman\u0026rsquo;s design, even if the complexity and richness of the Linux kernel obscure most of it. The Linux kernel has a wealth of file system types, and added also a lot of functionality that wasn\u0026rsquo;t present in BSD 40 years ago. So we find a lot more structures and system calls, implementing namespaces, quotas, attributes, read-only modes, directory name caches, and other things.\nThe file Still, if you squint, the original structure can still be found: Linux splits the in-memory structures around files in two, the opened file, which is an inode with a current position associated, and the inode, which is the whole file.\nWe find instances of file objects, struct file, defined here . Among all the other things a file has, it has most notably a field loff_t f_pos, an offset (in bytes) from the start of the file, the current position.\nThe file\u0026rsquo;s class is defined via a virtual function table. We find the pointer as struct file_operations *f_op, and the definition here . It shows all the things a file can do, most notable, open, close, lseek and then read and write.\nThe file also contains pointers to the inode, struct inode *f_inode.\nThe inode Operations on files without the need of an offset work on the file as a whole, defined as struct inode *.\nCheck the definition here . We see other definitions in here that have no equivalent in BSD from 40 years ago, such as ACLs and attributes.\nWe find the inode\u0026rsquo;s class is defined via a virtual function table, struct inode_operations *i_op, and the definition here . Again, a lot of them deal with new features such as ACLs and extended attributes, but we also find those we expect such as link, unlink, rename and so on.\nThe inode also contains a pointer to a filesystem, the struct super_block *i_sb.\nThe superblock A mountpoint is represented as an instance of struct super_block, defined here . Again, the class is a struct super_operations *s_op, defined here .\nAs an added complexity, there is no finite list of filesystems. It is instead extensible through loadable modules, so we also have a struct file_system_type, here . This is basically a class with only one class method as a factory for superblocks, mount.\nSummary Unix changed. It became a lot more runtime extensive, added a lot of new functionality and gained system calls. Things became more structured.\nBut the original design and data structures conceived by Kleiman and Joy held up, and can still be found in current Linux, 40 years later. We can point to concrete Linux code, which while looking completely different, is structurally mirroring the original design ideas.\n","date":"2023-05-15T00:00:00Z","href":"https://blog.koehntopp.info/2023/05/15/50-years-in-filesystems-vnodes.html","tags":["lang_en","unix","filesystems"],"title":"50 years in filesystems: A detour on vnodes"},{"categories":null,"content":"This is part 3 of a series. The first part is \u0026ldquo;1974 \u0026rdquo;. The second part is \u0026ldquo;1984 \u0026rdquo;.\nProgress is sometimes hard to see, especially when you have been part of it or otherwise lived through it. Often, it is easier to see if you compare modern educational material, and the problems discussed with older material. And then look for the research papers and sources that fueled the change.\nIn Linux (and Unix in general), this is easy.\n1994 — The SGI XFS Filesystem In 1994, the paper Scalability in the XFS File System saw publication. Computers got faster since 1984, and so did storage. Notably, we are now seeing boxes with multiple CPUs, and with storage reaching into the Terabytes. The improvements to the 4.3BSD fast filing system (or the modified version in SGI IRIX called EFS) were no longer sufficient.\nSGIs benchmarks cite machines that had large backplanes with many controllers (one benchmark cites a box with 20 SCSI controllers), many disks (three-digit-numbers of hard drives), and many CPUs (the benchmarks quote 12 socket machines) with a lot of memory (up to one gigabyte quoted in the benchmarks).\nFilesystems became larger than FFS could handle, files became larger than FFS could handle, the number of files per directory led to large lookup times, central data structures such as allocation bitmaps did no longer scale, and global locks made concurrent access to the file system with many CPUs inefficient. SGI set out to design a fundamentally different filesystem.\nAlso, the Unix community as a whole was challenged by Cutler and Custer, who showed with NTFS for Windows NT 4.0 what was possible if you redesign from scratch.\nRequirements The XFS filesystem was a firework of new ideas, and a large deviation from traditional Unix filesystem design. The list of new things is long:\nFacilitate concurrency with allocation zones inode lock splitting facilities for large, parallel I/O requests, DMA and Zero-Copy I/O Scalability of access by building the filesystem around the concepts of B+-Trees Extents: pairs of (start, length) descriptors decoupling \u0026ldquo;file write\u0026rdquo; and \u0026ldquo;file layout\u0026rdquo; on disk to allow for contiguous files by using delayed allocation and preallocation. Introduce a write-ahead log to journal metadata changes log asynchronously to allow for write coalescence leveraging the log for recovery, so that recovery time is proportional to the amount of data in flight, not the size of the filesystem XFS was written with these requirements, and primarily in order to provide a filesystem that could leverage all the performance of large SGI boxes for video editing, video serving and scientific computing.\nA logging filesystem, but not a log structured filesystem This is also happening at about the same time as John K. Ousterhout asking \u0026ldquo;Why Aren’t Operating Systems Getting Faster As Fast as Hardware? \u0026rdquo;. Ousterhout started to explore the ideas of a log-based filesystem with the experimental Sprite operating system.\nLog-based filesystems are an extremely radical idea that we need to discuss later, even if they originally predate XFS by a bit. But they weren\u0026rsquo;t very usable originally, because they need different hardware which can offer a lot more disk seeks. Log structured file system ideas had to become a lot more refined to actually have an impact, so we are going to discuss them later in the series.\nWhat IRIX had before IRIX as coming already with EFS, the specially sauced-up version of BSD FFS that used extents. It suffered from an 8 GB filesystem size limit, a 2 GB filesize limit, and it could not utilize the full hardware I/O bandwidth, which made many customers of these fantastically expensive machines somewhat sad.\nDemands for video playback and from the database community led to requirements that stated the new filesystem needed to support hundreds of TB of disk space, hundreds of MB/s of I/O bandwidth and many parallel I/O requests in order to be able to saturate the hardware provided, and all this without running out of CPU.\nThe title of the paper is \u0026ldquo;Scalability in the XFS File System\u0026rdquo; and not \u0026ldquo;Implementation of …\u0026rdquo;, so it is more a show of the features provided and a superficial discussion of the implementation and the design decisions around it. It is not an in-depth discussion of the implementation, nor are extensive benchmarks provided.\nFeatures Large filesystems XFS supports large filesystems. Previous filesystems use 32-bit pointers to blocks. At 8 KB block size, with 32-bit block pointers, the limit is 32 TB.\nMoving to 64-bit block pointers would make many data structures multiple of 8 bytes in size, which seemed like a waste.\nFor concurrency (see below), XFS introduces the concept of allocation groups (AGs), which are always smaller than 4 GB. Allocation groups have local instances of the filesystem data structures, for example, inode maps or free block tracking. These are independently locked and so allow for concurrent operations in different allocation groups.\nAllocation groups also help to save on pointer sizes: Where possible, AG-relative block numbers are being used, and these always fit into 32-bit pointers. In fact, a 4G allocation group can have only 1M blocks or fewer blocks (at 4K minimum blocksize), so a single maximum sized extent within a single AG can be packed into 40 bits (5 bytes).\nThe maximum file size and filesystem size is 8 EB (2^63-1).\nBandwidth and Concurrency Concurrent operations are a design goal for XFS. 1994 is the age of 20 MB/s SCSI controllers, but SGI built machines with large chassis that could house many controllers and many drives. Benchmarks quote machines with an aggregate bandwidth of 480 MB/s delivering file I/O performance of over 370 MB/s with no tuning, including all overheads. This is quite an impressive result for everyday usage in 1994.\nXFS achieves this using large blocks (4 KB or 8 KB block size), and the concept of extents.\nExtents and B-Trees. Extents are a core concept in XFS. They are tuples, most of the time pairs of (startblock, length). For mapping file blocks to disk blocks (\u0026ldquo;bmap\u0026rdquo;), they are triples (offset, length, startblock). Using truncated values, because of the size limits imposed by the maximum AG size, they can describe a contiguous sequence of blocks up to 2M blocks in size in 4 bytes, which is a lot more efficient than what BSD FFS did before.\nExtents also allow XFS to do large I/O requests because they describe sections of contiguous blocks, making it easy to create read or write requests for several blocks apiece. It does I/O by default with 64 KB memory buffers, unless special provisions are being made to make them even larger.\nThe filesystem assumes an underlying disk structure with striping, and provides a number of 2 or 3 outstanding I/O requests to allow for concurrent I/O. It checks for backpressure, that is, it checks that the application is actually reading data. If it does, it issues additional read requests to keep the number of requests in flight at 3 by default, good for 192 KB in flight at once.\nGroups of Extents can be collected in linear lists, but that will lead to scaling problems. So XFS uses B+-Trees, which degrade to linear lists if there is only one single index block.\nUsually tuples are indexed on their first value, but for some structures such as free lists, multiple indexes are kept: It is useful to index free space by startblock for closeness, but also by length to fit free spaces in the right size.\nBreaking the single-writer inode lock Posix locks the in-memory inode to guarantee atomic writes . This makes sure any two large multiple-block writes always happen one-before-the-other.\nXFS also breaks the in-memory inode locks: Posix demands that large, overlapping, multiple block writes are totally ordered. When they overlap, it must not happen that there is a block soup of alternating blocks from write A and write B.\nThe default implementation in most kernels is simply a file-global lock placed at the in-memory inode, making sure there can be only one writer per inode. Implementers of databases hate that because it limits the write concurrency on any single file to One. This is, for example, why Oracle recommends that you make tablespaces from multiple files, each no larger than one GB.\nXFS, in O_DIRECT mode, removes this lock and allows atomic, concurrent writes, making database people very happy.\nDynamic Inodes and improved Free Space Tracking With large filesystems, you can never know: The applications may need a large number of inodes for many small files, or a small number of large files. Also, what is a good distance between the inode and the data blocks that belong to the file?\nThere is no good answer to the first question, and \u0026ldquo;as close as possible\u0026rdquo; is the answer to the second question. So XFS creates Inodes dynamically, as needed, in chunks of 64 inodes.\nThe relatively large inode size of 256 bytes (compared to 128 in BSD FFS and 64 in traditional Unix) is being compensated by the fact that XFS creates Inodes only as needed, and places them relatively closely to the file start. This frees up a substantial amount of disk space – in Unix filesystems with fixed inode counts as much as 3-4% of the disk space can be locked up in pre-allocated inodes. And even with cylinder groups, there will be considerable distance between an inode and the first data block.\nBecause inodes can reside anywhere on the disk and not just behind the superblock, they need to be tracked. XFS does with one B+-tree per allocation group. The tree is indexed by the start block, and records for each inode in the chunk if it is available or in-use. The inodes themselves are not kept in the tree, but in the actual chunks which are close to the file data.\nSimilarly, free space is tracked in chunks, and kept in per-AG trees, indexed twice: by start block and by length.\nWrite-Ahead Log Recovering a large filesystem after a crash can be slow. The recovery time is proportional to the size of the filesystem, and the number of files in it, because the system basically has to scan the entire filesystem and rebuild the directory tree in order to ensure things are consistent. With XFS, the filesystem also is a lot more fragile, as it provides a variable number of inodes, spread out non-contiguously over the disk. Recovering them would be extra expensive.\nUsing write-ahead logging for metadata, this can be avoided most of the time. Recovery time is proportional to the size of the log, that is, the amount of data in flight at the time of the crash.\nThe log contains log entries containing a descriptor header and a full image of all changed metadata structures: inodes, directory blocks, free extent tree blocks, inode allocation tree blocks, allocation group blocks, and the superblock. Because full images are stored in the block, recovery is simple: the recovery process simply copies these new, changes images into the place where they are supposed to be, without needing to understand what kind of structure it changes.\nThe trust of the authors into the log was huge: Initially XFS had no fsck program. This turned out to be overly optimistic, and so now xfs_repair exists.\nMetadata update performance XFS is logging metadata updates, which means they need to be written to the filesystem log. By default, this log is placed inline, in the filesystem. But it is also possible to take it out, and put onto other media, for example, flash storage or battery-backed memory.\nWrites to the log are asynchronous, if possible, but with partitions serving NFS they cannot be. Asynchronous writes allow for write batching, with speeds things up. But NFS servers profit a lot from accelerated log storage.\nBecause all metadata updates need to be logged, it can happen that intense metadata operations flood the log. A rm -rf /usr/src/linux for example is not an operation where XFS is particularly fast, because the metadata update stream will eventually overflow the log. And because everything else in XFS is parallel by AG, the log is usually the only source of contention.\nLarge files and sparse files In FFS, files are mapped by the classical dynamic array, with direct blocks and up to three levels of indirect blocks. With 64-bit filesize, this becomes unwieldy: there will be more than three levels of indirect blocks required, and a substantial number of blocks would be required what essentially becomes a list of incrementing numbers. FFS (and EFS) are also forced to layout blocks the moment each block is allocated in the filesystem buffer pool. So effectively, no attempt to contiguously layout files on disk is being made. Instead, blocks are placed individually.\nXFS replaces this dynamic array with extents.\nIn file placement maps, these mapping extents are triples (blockoffset, length, disk block). These extents are stored in the inode itself until this overflows. Then XFS starts to root a B+-tree of the mapping extents in the inode, indexed by logical block number for fast seeks.\nThis data structure allows compressing a substantial number of blocks (up to 2M blocks) in a single descriptor, assuming contiguous allocation is possible. So even large files could be stored in very few extents, in the optimal case one extent per AG.\nDelayed allocation and Preallocation for contiguous layout XFS also provides a new concept, delayed allocation, in which virtual extents can be allocated in the file system buffer pool. These are blocks full of yet unwritten data that have not been layouted, and hence lack a physical position. Only on flush these blocks are layouted, contiguously, and then written out linearly in large writes, to speed things up.\nThis is a fundamental change to how the filesystem buffer cache works – previously it was possible to use (device, physical block number) to identify buffer cache blocks and prevent duplicate buffer allocation. When porting XFS to Linux, the Linux kernel initially could not accommodate strategies that do not use such identification in the normal buffer cache, so at first XFS required a separate buffer cache. This got fixed later, as the porting progressed.\nTo ensure that files can be layouted without fragmentation, in a single extent, XFS aggressively preallocates storage for open files. The default amount of disk space preallocated is dependent on the amount of free space in the filesystem, and can be substantial.\nThe internet is littered with questions by XFS users asking where their disk space is, and the answer is always \u0026ldquo;in the open file handles of /var/log. Also, check the manpage for allocsize= and also check /proc/sys/fs/xfs/speculative_prealloc_lifetime .\u0026rdquo;\nLocality XFS does not use allocation groups for locality much. They exist mostly for concurrency. Instead, file placement is mostly around directories and existing blocks of the current file. The only exception is \u0026ldquo;new directories\u0026rdquo;, which are placed \u0026ldquo;away\u0026rdquo; from their parent directory by putting them into a different AG.\nIn large files, if new extents need to be placed, they go \u0026ldquo;initially near the inode, then near the existing block in the file which is closest to the offset in the file for which we are allocating space\u0026rdquo;, as the paper specifies. This places the inode close to the start of the file, and blocks added later to whatever is already present.\nLarge directories In the traditional Unix filesystem and in BSD FFS, directory name lookups are linear operations. Large directories slow this down a lot, for any kind of pathname to inode translation.\nXFS chose the ubiquitous B+-Tree as a structure for directories, too, but with a quirk: Since the keys are supposed to be filenames, a variable length structure, they would be completely different from all the other tree implementations in the filesystem. The XFS authors did not like this idea, so they are hashing the filename into a fixed 4-byte name hash, and then store one or more directory entries as (name, inode) pairs in the value.\nThere was some tradeoff discussion involved in this, but the authors found that short keys allow storing many entries per block, leading to wide trees, and thus faster lookups. They boast \u0026ldquo;We can have directories with millions of entries\u0026rdquo;, something that was previously unthinkable in Unix filesystems.\nA lot of code XFS Benchmarks in 1994 show nice and welcome linear scaling behavior that utilizes the hardware offered well. It handles well on large boxes with (for 1994) high core-counts.\nXFS is a large filesystem. Linux ext2 is only 5000 lines of kernel code (and about 10x this in user-land). XFS is 50.000 lines of kernel code, and that is without the IRIX volume manager XLV (in Linux, the XFS port uses LVM2 instead).\nXFS was released under the GNU GPL in May 1999, and was ported into the Linux kernel starting in 2001. As of 2014, it was supported in most Linux distributions and RHEL used it as the default filesystem. And even in 2024 it is still holding up reasonably well, on HDD and on flash.\nIt still is the filesystem with the best scaling behavior, the best concurrency behavior, and the most consistent commit times, which makes it the preferred filesystem for any kind of database usage. This is due to the elimination of several global locks that impair concurrent usage and performance in large filesystems, and due to the consistent use of B+-Tree structures with O(log(n)) scaling behavior where before algorithms with worse scaling behavior have been used. The use of extents also allows dynamically growing I/O sizes, benefiting throughput, and together with the novel idea of delayed allocation encourage contiguous file placement.\n","date":"2023-05-12T00:00:00Z","href":"https://blog.koehntopp.info/2023/05/12/50-years-in-filesystems-1994.html","tags":["lang_en","unix","filesystems"],"title":"50 years in filesystems: 1994"},{"categories":null,"content":"Electrive.net had an article about Copenhagen banning combustion engines in the city, starting 2030: (Article in German ). So I had to check what is the current state in Amsterdam.\nCurrent state The Netherlands has a central register for license plates. It is public, and anyone can check. There are many places that allow you to do that for car, not owner data. For example .\nThe city of Amsterdam also allows you to check if a given license plate is allowed to enter the cities milieuzone. You can check yourself . And so can any license plate scanner.\nIn the overview page for the milieuzone, the city helpfully explains:\nLet op: dat u de Milieuzone mag inrijden betekent niet dat u ook in aanmerking komt voor een parkeervergunning.\nAttention: Note that being allowed to enter the Environmental Zone does not mean you are also eligible for a parking permit.\nAfter 2030 The rules for the milieuzone are becoming stricter starting 2025 , and by 2030 no combustion engines are being allowed in the city at all.\nNL-wide license plate check for commercial vehicles . New lorries will need to be electric starting 2025 to be allowed into the city.\nExisting lorries will have to be Euro 6 or better. There are some more rules for easing the changeover. Starting 2030, no lorries with combustion engines are allowed into the city. Small commercial delivery vehicles (vans, Sprinters) with Diesel must be Euro 4 or better already. New cars must be electric starting 2025. Euro 5 is required starting 2027, Euro 6 starting 2028, no combustion starting 2028. Bus lines are in the process of being converted to electric, and this is nearly complete. It will be finished by 2025. Rules for charter buses are to follow. Taxis electric starting 2025. Tax incentives and better starting places as well as priority for parking and taxi licenses are provided already. This is going well, most Taxis are electric already. Scooters (25 km/h and 45 km/h) must be electric by 2025. Get a pedelec, maybe? Ships (tourist and transport) must be electric by 2025. Ferries over the river Ij are already being converted. 70% rebate for harbor fees for electric ships right now. Cars must be Euro 4 or better right now. Only electric cars are allowed into the city by 2030. Important advice Scanautos are being used to automatically enforce parking rules inside the city. They are checking around 800x more effective than an unaugmented parking enforcement human.\nIn Amsterdam, most major streets do not allow you to park on public ground. Side streets often have only a limited number of public parking spots, the others require a residential parking permit. Parking in parking structures or in the street costs around 50 Euro/day if you find a space.\nParking permits are not shown on the dashboard, and similarly, parking violations are not ticketed in paper behind the windshield wiper. Instead, everything is based on automated license plate scanning: Enter your license plate at the parking fee collector terminal, the scanauto will countercheck what it scanned with the central database.\nEnforcement is automatic , and the coverage is excellent. If you do not pay, or overpark, you will be caught.\nThat will cost you at minimum 72.90 Euros in punishment, plus fees, plus the unpaid parking fee. In total this usually ends up between 110 Euros and 150 Euros . The target for processing (between parking violation and notification) is officially two days. But it often is \u0026ldquo;while you still park\u0026rdquo; (20 minutes or less), so near realtime. This has the effect of ruining whatever you are currently doing in the city, so just park legally.\nS106, Overtoom. A major inroad into the city. Note how this is one lane per direction, and no parking at the side.\nThe cheapest way to do that is to park at a Park and Ride , and then take the tram or subway into the city. Or just use the bus, tram, subway or train, starting at your door.\nThe city does not believe into building roads to places that have more capacity than can be parked at the destination. So most major inroads into Amsterdam are single lane. Not only will you not be able to park in the city. Most likely, you will also hate every minute of getting there before you have to turn around. Be sensible, use OV.\nSummary Map of electric charge points in Amsterdam\nSo for anybody but private individual transport, Amsterdam will be fully electric by 2025, and the final conversion will take another 5 years. This is not an unrealistic goal. If you walk through the city, you can see how the conversion is already in full swing at an amazing and still increasing speed.\nThe city has built the required infrastructure in terms of charge points already, and provides maps to prove it.\nBut individual motorized transport does not scale to a city with the density of Amsterdam. Cities are for humans, not for cars, and Amsterdam makes it very clear that cars are not welcome. Use public transport to get around in Amsterdam. That is already fully electric, and except for the buses always has been.\n","date":"2023-05-11T00:00:00Z","href":"https://blog.koehntopp.info/2023/05/11/city-of-amsterdam-and-combustion-engines.html","tags":["lang_en","mobility","amsterdam","netherlands"],"title":"City of Amsterdam and Combustion Engines"},{"categories":null,"content":"\u0026ldquo;Computers are simple\u0026rdquo; is what I am telling people I train. \u0026ldquo;There are only Zeroes and Ones, and it is not getting much more complicated.\u0026rdquo;\n\u0026ldquo;But computers are hard\u0026rdquo;, they respond.\n\u0026ldquo;That is correct. In computer systems, complexity is almost never in the individual layers, but it comes from the width and breadth of the stack. It\u0026rsquo;s in the interactions of the components that we are putting together.\u0026rdquo;\nWhen you start with how a CPU is being built, and then put the layers of the stack on top of each other until you end up with a classical single-process application, in some object-oriented language, with a GUI – that\u0026rsquo;s around two to three dozen layers of abstractions piled on top of each other. Things that one could learn the internals of, and how they interact. But that\u0026rsquo;s only local, without network stacks, communication protocols, proxies, and without the peculiarities of distributed systems, which open up the same exercise, again, only across, not down.\nThere is a lot to be said about computer science as a science, because anything that complicated is working at all. All the interfaces, encapsulations, and abstractions are obviously good for something – as long as they don\u0026rsquo;t leak. When they do leak, things get weird, fast: One is making a small change somewhere in the stack, an epsilon, and somewhere else something acts up, non-linearly, and does a giant delta, and everybody is having a very sad day.\nSo if developers prefer to sit in enclosed offices, without a phone, and with soundproof headphones, that is because work on such systems is mostly to unfold the stack in your mind, and to anticipate what will happen on all the other layers when you write a line of code.\nThe Amazon Prime Video team publishes a paper With this as a background, one can now read \u0026ldquo;Scaling up the Prime Video audio/video monitoring service and reducing costs by 90% \u0026rdquo;, a writeup published by the Amazon Prime Video Streaming Team. They have implemented a functionality which probes frames from the video stream sent to customers, applies tests and recognizes certain artefacts that impair quality, so that they can be corrected.\nAmazon being Amazon, they have implemented that as a pile of microservices that interact in an event-driven architecture with lambdas and step functions, in order to shovel data from one S3 bucket into another, running the required analytics on the way. Notification about things found are being put on SNS.\nThat works as expected: The project was done exploratory, as a proof-of-concept, and they were able to show that it does what was requested.\nScaling up, they then found that the distribution of components was suboptimal: Lambdas and step functions are not good elements for batch processing video frames with ML detectors, because they have never been designed for this. They are good components for web applications.\nAlso, it turns out that S3 is not a good storage and communication mechanism for fast and very temporary IPC, because a web storage with low cost is optimized for low transaction rates, and it targets consumers that can tolerate high latency.\nThe article then presents a solution, which was to put all these things into a single container that are tightly coupled, and put them into ECS. Because the components are now within a single container, and hence on the same box, sharing the same memory, they now can exchange video frames via shared memory instead of pushing them through http and TLS over the network. Similarly, the lambdas and step function somewhere out on the network are now local procedure calls, or at least local RPC.\nObviously, that eliminates a lot of communication latencies because the high-rpm part of the distributed system is now a single local application.\nWhat was learned The surprising part, according to the team, was that this was a mostly painless process that required only minor code changes.\nConceptually, the high-level architecture remained the same. We still have exactly the same components as we had in the initial design (media conversion, detectors, or orchestration). This allowed us to reuse a lot of code and quickly migrate to a new architecture.\nthey summarize.\nAnd that is maybe the takeaway from this article: In a cleanly architected and properly encapsulated system, the components can be redistributed and rearranged with only minor code changes. We can change the layout of the system without having to start over. The architecture was not really changed, but mostly the components\u0026rsquo; deployment was rearranged.\nModulith A modulithic deployment of co-located microservices allows for easy scaling and rearrangement.\nUnfortunately, the subtitle of the article is \u0026ldquo;The move from a distributed microservices architecture to a monolith application helped achieve higher scale, resilience, and reduce costs\u0026rdquo;. This sets wrong expectations and makes it harder to pick up the actual learning.\nWhat the AWS Prime Video team arrived at is most closely described as a Modulith , only that they arrived at it the other way around. Fowler suggests you start Monolith first and then chisel off the components you identify as standalone subservices. They instead used pre-made AWS infrastructure components to build a highly modular prototype, and then identified tightly coupled components and merged their deployment without giving up the modular structure. Fowler himself points to an article by Sam Newman and the book that came from it as a way of doing this.\nThe result is not really a single-instance monolith, anyway. Components are merged into a single ECS container, but of course ECS will deploy it with the required degree of parallelism, and it is still part of a larger system that communicates in an event-driven architecture using lambdas and messages.\nSo if this article is anything, it is an example of the benefits good observability has, and how a good architecture allows you to rearrange the layout of well-isolated and structured components with clean interfaces at will. The application can be made to run on different substrates, in order to react to different demands of scale or changing business requirements.\nOr in other words, people who understand how their stuff works have few problems to adjust their application to changing requirements.\n","date":"2023-05-10T00:00:00Z","href":"https://blog.koehntopp.info/2023/05/10/its-a-modulith.html","tags":["lang_en","architektur","computer","software"],"title":"It's a Modulith"},{"categories":null,"content":"This is part 2 of a series. The first part is \u0026ldquo;1974 \u0026rdquo;.\nProgress is sometimes hard to see, especially when you have been part of it or otherwise lived through it. Often, it is easier to see if you compare modern educational material, and the problems discussed with older material. And then look for the research papers and sources that fueled the change.\nIn Linux (and Unix in general), this is easy.\n1984 — The BSD Fast Filing System The original Unix filesystem was doing well, but also had a large number of obvious problems. BSD Unix undertook an effort to fix them, and this is documented in the book \u0026ldquo;The Design and Implementation of the 4.3BSD UNIX Operating System \u0026rdquo; by Leffler, McKusick et. al. A more concise, but also more academic discussion can be found in the classic 1984 paper A Fast File System for UNIX , which lists Marshall McKusick, Bill Joy (then at Sun), Samuel Leffler (then at LucasFilm) and Robert Fabry as authors. The paper promises a reimplementation of the Unix filesystem for higher throughput, better allocation and better locality of reference.\nThe hardware It is 1984. The computers targeted by 4.3BSD are desktop and cabinet workstations. These are machines with 32-bit data registers and 32-bit address registers.\nExternal data and address bus sizes vary: Earlier 68k CPUs had smaller sized buses, but in 1984 the Motorola 68020 debuted. It was the first 68k to offer buses with the full width of 32 bits, at a budget of ca. 200k transistors on the die. Later the 68030 integrated the MMU, previously a separate chip, and the 68040 also integrated the FPU, again previously a separate chip.\nEarly Sun workstations, the Sun-3 series, feature these CPUs. But Sun took the designs from the experimental Berkeley RISC systems and released the Sun-4 series in 1986 with SPARC architecture RISC chips. SPARC architecture is not without compromises, but was very viable and saw continuous development until after the purchase of Sun by Oracle, which then killed both the SPARC, and later also the Itanium CPU architecture.\nCurt Schimmel discusses the tradeoffs made by SPARC in the MMU, register and memory access design, and why they made sense. See UNIX Systems for Modern Architectures . In between, in 1985, the MIPS architecture debuted, which is another series of RISC CPU architectures. It also starts out as a fully 32-bit type of system, and found use in SGI workstations.\nHP had another RISC-type of CPU, the PA-RISC, an outgrowth of their \u0026ldquo;Spectrum\u0026rdquo; research programme, coming to market in 1986 (and later replaced by Intel\u0026rsquo;s failed Itanium).\nSystems pioneer DEC themselves had the VAX, a 32-bit cabinet computer with a CISC CPU, and that since 1977 already. They would not go RISC until 1992, but then fully 64-bit with the Alpha AXP (\u0026ldquo;DEC Alpha\u0026rdquo;) architecture. While interesting, this did not last long: with the sale to Compaq in 1998, the CPU was discontinued, and the IP was sold to Intel in 2001.\nIn general, workstation type systems in 1984 had main memory in the low two-digit MB range, and ran at clock speeds of two-digit MHz system clocks.\n4.3BSD\u0026rsquo;s Fast Filing System The traditional filesystems shortcomings The 32-bit VAX systems were being used for typical 1980\u0026rsquo;s workstation work, which include things such as image processing or VLSI chip design. On these systems, the original Unix filesystem showed structural problems in keeping up with file size, I/O speed, and simple number of files. Also, the tiny 512-byte I/O size slowed disk subsystem performance considerably.\nThe paper mentions the strict segregation of filesystem metadata at the front of the file system from the actual data in the back part of the filesystem.\nA 150 MB traditional UNIX file system consists of 4 megabytes of inodes followed by 146 megabytes of data. This organization segregates the inode information from the data; thus accessing a file normally incurs a long seek from the file’s inode to its data. Files in a single directory are not typically allocated consecutive slots in the 4 megabytes of inodes, causing many non-consecutive blocks of inodes to be accessed when executing operations on the inodes of several files in a directory.\nThis defines one major goal for BSD FFS: Better filesystem layout, bringing metadata and data closer together, storing files in a single directory closer together, and preventing fragmentation of a file into small fragments that can be loaded only inefficiently.\nFragmentation: Initially, four files are being created, each using 2 blocks. Then the files B and D are being deleted. The free space is then being reclaimed by the three-block-sized file E, which is stored in non-adjacent blocks. This causes small disk seeks, and slow I/O.\nAnother goal stated is to increase disk block size. Larger disk blocks benefit throughput in two ways:\nLarger disk blocks provide larger units of I/O, so more data is transferred in a single I/O operation. Larger disk blocks also allow the filesystem to store more file pointers in an indirect block, greatly reducing the number of indirect block accesses. This is primarily a problem if indirect blocks are not cached in a file system buffer cache. The paper quotes the throughput of an already marginally optimized, traditional Unix filesystem at around 4% of the theoretical maximum, which is abysmally bad. This is mainly attributed to fragmentation, non-contiguous storage of adjacent blocks in a file. Defragmentation, already suggested in 1976, was discarded as a non-viable idea. The authors instead aim for a solution that places files sensibly in the first place.\nBSD FFS innovations Cylinder Groups and understanding CHS The BSD FFS understands the physical layout of a harddisk, with cylinders, heads and sectors (CHS). It divides the disk into cylinder groups, adjacent tracks of all disk heads.\nAs the disk rotates, various disk heads reach inside the platter stack like a comb. Each head marks a track on the disk, which is subdivided into physical disk blocks by the controller hardware. Together, all tracks marked by all heads form a cylinder. A cylinder group is a set of consecutive cylinders. (Image: OSTEP , page 3)\nEach cylinder group becomes a mini-version of a traditional Unix filesystem, with a copy of the superblock, its own local inode area, and local inode and block usage bitmaps. The usage of bitmaps is also novel, as they replace the free lists used in the traditional filesystem. As the filesystem has information about the CHS layout, it also makes sure that the superblock is not always placed on the same platter for each copy, trying to make the filesystem better redundant against harddisk failure.\nExcursion: Raid and other Efforts at Berkeley The RAID paper was published only several years later, but according to Katz was developed also in Berkeley, during the same time frame, 1983/1984.\nKatz also mentions that during that time Stonebraker was around, working on Ingres (a Postgres predecessor), and refers to his demands for low-commit latency as driving the attempts on improving disk bandwidth with FFS and, later, RAID. Serious work on the RAID taxonomy we know today did not begin before 1987, though.\nThe RAID paper was used by many startups and storage companies as the foundation of their development, among them NetApp, and EMC (via Data General\u0026rsquo;s Clariion Disk Array)\nBSD FFS not only understood CHS geometry of disks, but also processor speed and disk rotational speed. This allowed it to configure and record in the superblock an interleave factor to optimize disk I/O throughput.\nThe harddisk rotates continuously, but the CPU needs time to set up the next transfer. During this time the head may have moved already past the next block start boundary, and now the system would need to wait one full rotation to be able to write. Using an appropriate interleave factor, blocks of adjacent numbers are not stored adjacently on disk, but instead other blocks are interleaved in-between. This gives the CPU enough time to think and set up the next block transfer.\nThe faster the CPU, the lower the interleave factor required.\nAll of these optimizations became irrelevant relatively quickly the moment harddrives were sold with integrated controllers, started to lie about their CHS geometry and ultimately as linear block addresses (LBA) took over. But for ten to 15 years, this provided a nice performance advantage.\nLarge blocks, smaller fragments, and tail packing Internally, FFS uses logical blocks of at least 4 KB size. Anything with at least 4 KB block size can create files of 4 GB size with at most two levels of indirection.\nLarge blocks make for faster I/O, but they also come with storage overhead, as files grow in sizes of blocks. Since logical blocks in FFS are made up from multiple physical blocks, FFS introduces the concept of fragments to expose the smaller internal physical blocks. Through tail packing, the ends of multiple files can be stored together in the same logical block, using only as many physical blocks as necessary.\nAdditional logic was necessary to prevent a slowly growing file from going through phases of fragment-by-fragment growth and constant re-layouting. To overcome this, space is being pre-allocated to full logical blocks, and tail packing only happens on file close when the preallocation is canceled.\nLong Seek Layout Policy BSD FFS introduces a number of layout policies that control the placement of new directories, new files and the handling of large files. Global policies are mostly concerned with choosing a well-suited cylinder group to place data in, while local policies then handle the placement inside a cylinder group.\nThe new filesystem layout has cylinder groups. Each has their own inode table, and free space bitmaps for inodes and blocks. The filesystem aims to prevent fragmentation.\nThis is of course impossible in certain circumstances: If, for example, a cylinder group is 512 MB in size, and a file larger than 512 MB is to be written, it will use up one inode in that cylinder group, but all available free blocks are gone. If a second file is to be placed into this cylinder group, the inode can be used, but the data blocks for that file need to be placed somewhere else – which is undesirable.\nIt would be better to force a long seek, a switch from one cylinder group to the next, for large files. The filesystem would profit from forcing such a long seek every megabyte of filesize or so. This would use up free blocks from one cylinder group to the next, evenly, while at the same time leaving some number of free blocks for other files in each cylinder group.\nThis would, of course, fragment a file, on purpose, but also make sure the fragments are sufficiently large to allow large file I/O. Fragmentation (non-adjacent placement of blocks in a file) is only really a performance problem if the fragments are too small to be read efficiently.\nDirectory Layout Policy Files in the same directory are often used together. It is useful to place all files in the same directory together in the same cylinder group.\nOf course, when this is done, it is also necessary to put different directories into different cylinder groups, to ensure even use of the filesystem space available. That means a shell script such as\n#! /usr/bin/bash for i in $(seq -w 1 10) do touch file$i mkdir dir$i done will create ten files named fileXX, which will all be placed in the same cylinder group as the current directory.\nIt will also create ten subdirectories of the current directory named dirXX. Each of them will be placed in a different cylinder group, if possible. FFS will choose the cylinder group that has a greater than average number of free inodes, and the smallest number of directories already in it.\nThe actual choice of the inode in a cylinder group is \u0026ldquo;next available\u0026rdquo;, so pretty simple. But that is not a problem, because the whole cylinder group inode table fits into 8-16 blocks.\nFor placement of data blocks, a lot of effort is invested into finding rotationally optimal block, given the needed interleave factor for this machine.\nBSD FFS requires some free space to be available in the filesystem at all times. Many of its algorithms degenerate to the performance of the traditional file system if the filesystem fills up more than 90%.\nOther changes and improvements BSD FFS also removes several limits that came with the traditional filesystem.\nLong Inode Numbers and Block Addresses For example, Inode numbers are now 32-bit numbers . This increases the number of files possible per filesystem from 64 K to 4 G.\nThe size of an inode has doubled: It is now forced to be 128 bytes in size (with 20 unused bytes) Also, disk block addresses are now 4 bytes. At 4 KB block size, this is sufficient to account for 4 G blocks, or a maximum of 16 TB filesystem size.\nFile length is recorded in a quad, allowing for more than 4 G individual filesize.\nInodes now contain 12 direct blocks, and three types of indirect blocks. At 4 KB block size, this is good for 1024 block addresses per indirect block, resulting in 12 + 1024 + 1024^2 + 1024^3 = 1074791436 blocks per file, or a maximum filesize just north of 4 TB.\nUnix User-ID and Group-ID are still limited to a short, limiting the number of users and groups per system to 64 K.\nSpace has been preallocated for 8-byte timestamps, even if the time types in the inode are still limited to 4 bytes.\nLong filenames The traditional filesystem has directory slots of a fixed 16-byte length, with 2 bytes for the inode number and 14 bytes for the filename.\nBSD FFS defined a more complex directory entry structure . A single entry contains a 4-byte inode number, a 2-byte record length and a 2-byte name length, and then the actual filename. Filenames are limited to 255 bytes for each pathname component, and directory entries are rounded up in length to the next 4-byte boundary.\nDirectories are still essentially a linked list, and searching for names in large directories is slow.\nSearching for free space in directories is now more complicated: To create a new directory entry, we now need to search through the directory from the start, trying to find a gap in the current structure that is large enough for the name we are being asked to create. If none is found, the new name is appended at the end, growing the directory in size.\nFree space in directories is never reclaimed through compaction, only eventually re-used if a new name happens to fit.\nSymlinks The traditional filesystem allowed a file to have multiple names, using the link() system call and the hardlink mechanism. Hardlinks are limited in number (a short, so 64 K names).\nThey can be lost accidentally, for example, by saving a hardlinked file with certain editors. If the editor does write a file as filename.new, then unlinks the old filename and moves the new file into place, the hardlinked nature of the file will be modified.\nHardlinks also reference the original inode of the file multiple times, so they cannot span filesystem boundaries.\nBSD introduces a new filetype (l, symlink), and places a \u0026ldquo;replacement filename\u0026rdquo; in the linked file, which determines the link target location. It can be an absolute or relative name (relative to the location of the symlink file).\nThis creates a \u0026ldquo;soft\u0026rdquo; or \u0026ldquo;symbolic link. Trying to access a symlink will kick off a reinterpretation of the filename in namei() using the replacement filename, resulting in the attempted open() system call being deflected to the link target location.\nSince the deflection happens in namei(), which can traverse filesystem boundaries, the new link type is not subject to the single filesystem limitation. It is also not counting towards any link count limits.\nRename System Call BSD introduces the rename() system call, which previously needed to be implemented as a library function using calls to unlink() and link(). Since this uses more than one system call, the operation is not atomic: It is subject to partial execution, and it is subject to malicious interferences, because it is a multistep process.\nQuotas BSD also introduces the idea of filesystem usage quotas: These are soft and hard limits on the number of files and the amount of disk space that a user or a group can use.\nIn order to implement them in a useful way, the behavior of the filesystem had to be modified:\nIt is now a privileged operation to change the owner of a file away from oneself. Without that, it is possible to create a directory that is only accessible for oneself, and then gift all files in it to another user. The files would then count against that user\u0026rsquo;s quota. Similarly, it is now no longer possible to change the group membership of files to just any group. Instead, only groups from the user\u0026rsquo;s group set can be used. And finally, new directories and files inherit their group from their parent directory, not from a users primary group. That way, project directories would contain files counting against a project\u0026rsquo;s quota, not a user\u0026rsquo;s primary group quota. Advisory Locking Advisory file locking is already introduced in 4.2BSD. For this, the new flock() syscall has been implemented.\nLocks can be shared (read locks) or exclusive (write locks). They always apply to the entire file, and not to byte ranges. No deadlock detection is attempted. They are tied to a file descriptor. So when a process dies, its file-handles are automatically closed, which also automatically releases all locks held. This is very robust, until dup() and fork() are coming into play. Posix later tried to improve on this, introducing a second, completely different system of locks, using fcntl(). This is flawed in different ways, but can do byte-ranges, and it implements some rudimentary deadlock detection.\nKernels that implement both systems such as Linux now have two different, incompatible file locking implementations that do not know of each other.\nThis article discusses all of this some more, and has example programs.\nPerformance The authors note the following advantages in their paper:\nls and ls -l are fast, because the inodes of the files in a single directory are within the same cylinder group. Hence, reading and listing a directory is very low on seeks, and on seek distance (except for subdirectories, which are guaranteed to be far away). They measure a 8x speedup for directories without subdirectories. Utilization of the theoretical maximal bandwidth increased from 3% in the traditional filesystem to 22% or even 47%, depending on the controller hardware used. The authors are very proud of the results because they have been achieved on an actual production system with real user production data being layouted, and not on a synthetic benchmark layout. Throughput is stable over the lifetime of the filesystem, as its file population changes. This solves the main drivers for the improvements: Better throughput and a stable layout that does not degrade performance over time.\nAdditionally, a number of quality-of-life enhancements have been made, enabling more comfortable working in groups, and unlocking new functionality.\nWhile Linux contains no BSD code, the ext2 filesystem is pretty much an implementation-blind rewrite of the BSD FFS for Linux, recreating the features as described in the literature without using any BSD code.\nBoth BSD FFS and Linux ext2 are still non-logging filesystems that require a filesystem check after a crash. They also cannot deal well with directories with many entries, and deal only slightly better with deep directory hierarchies. Additional changes are required to enable truly large filesystems in order to keep up with increasing storage sizes.\nAlso, other limitations of more hidden nature still apply: Several places in the filesystem code are guarded by locks that make scaling certain operations hard on systems with high concurrency.\nIt would take another ten years, until 1994, for SGI\u0026rsquo;s XFS to tackle these things.\n","date":"2023-05-06T00:00:00Z","href":"https://blog.koehntopp.info/2023/05/06/50-years-in-filesystems-1984.html","tags":["lang_en","unix","filesystems"],"title":"50 years in filesystems: 1984"},{"categories":null,"content":"Progress is sometimes hard to see, especially when you have been part of it or otherwise lived through it. Often, it is easier to see if you compare modern educational material, and the problems discussed with older material. And then look for the research papers and sources that fueled the change.\nIn Linux (and Unix in general), this is easy.\n1974 - Unix V7 File System We find the Unix Version 7 Research Release in Diomidis Spinellis unix-history-repo . If we are reading The Design of the Unix Operating System by Maurice J. Bach , we would want to look at the Research V7 Snapshot branch of that Repository.\nMachines It is 1974. Computers have a single \u0026ldquo;core\u0026rdquo;, the central processing unit. In some computers, this is no longer a device with parts, such as boards for the arithmetic logic unit, registers, sequencers and microcode memory, but a single integrated chip. The new devices are called microcomputers, as opposed to the older generation of minicomputers. These new CPUs sometimes have thousands of transistors on a single chip.\nKernels In Unix, we are dealing with system resources as configured in a header file. Default values are shown here, and the data structures are arrays, with the values shown being the respective array sizes. To change them, you edit the file, recompile and relink the kernel, and then reboot.\nWe have a file system buffer cache using NBUF (29) disk blocks of 512 bytes. We have an inode array of NINODE (200) entries, and we can mount up to NMOUNT (8) filesystems concurrently. A user can have MAXUPRC (25) processes running, for a total of NPROC (150) system processes. Each process can have up to NOFILE (20) files open.\nReading Bach and the original V7 sources is interesting, despite the fact that things are completely outdated, because a lot of core concepts are much clearer, and a lot of structures are a lot simpler. Sometimes even archaic. But this is what defines the behavior of Unix File Systems, to this day, because the accidental behavior of V7 Unix became immortalized in the POSIX standard, and every file system after had to conform to it. Check But Is It Atomic? for an example.\nCore Concepts The basic concepts and structures of Unix Filesystems are from this time, and from this system. Some of them exist even in modern systems.\nThe disk is an array of blocks. It begins at block 0, and stretches to block n. At the beginning of the filesystem we find the superblock . It is located at block number 1 of the filesystem. The mount system call finds an empty mount structure, reads the superblock off disk and keeps it as part of the mount structure.\nInode The in-memory superblock has fields for an array of inodes (a short) on disk. An inode is a structure that describes a file as a variable length array of blocks, and some metadata.\nstruct dinode { unsigned short\tdi_mode; /* mode and type of file */ short\tdi_nlink; /* number of links to file */ short\tdi_uid; /* owner\u0026#39;s user id */ short\tdi_gid; /* owner\u0026#39;s group id */ off_t\tdi_size; /* number of bytes in file */ char di_addr[40];\t/* disk block addresses */ time_t\tdi_atime; /* time last accessed */ time_t\tdi_mtime; /* time last modified */ time_t\tdi_ctime; /* time created */ }; #define\tINOPB\t8\t/* 8 inodes per block */ /* * the 40 address bytes: *\t39 used; 13 addresses *\tof 3 bytes each. */ The inode as it appears on disk. 8 inodes fit into a 512-byte disk block, so they are aligned at 64 byte boundaries.\nThe inode array on the filesystem has a short count, so there can be up to 65535 inodes in a filesystem. As each file requires an inode, there can only be that many files per filesystem.\nEach file has some fixed properties:\n(2 bytes) a mode (the file type and access permissions combined). (2 bytes) a link count (nlink), the number of names this file has. (2 bytes) a uid, the owner. (2 bytes) a gid, the owner\u0026rsquo;s group id. (4 bytes) a size, the length of the file in bytes (defined as an off_t, a long) (40 bytes) an addr array of disk block addresses (3x 4 bytes) three times, an atime (access time), mtime (modification time) and ctime (supposedly create time, but really the time of the last inode change). for a total size of 64 bytes.\nbmap() The addr array contains 40 bytes, but it stores 13 disk block addresses, each using 3 bytes. This is good for 24 bits, or 16 megablocks of 512 bytes, each, for a total filesystem size of 8M kilobytes, or 8 GB.\nFront panel of a PDP-11 RL02 disk drive, from pdp-11.nl .\nFor comparison, a PDP-11 RL02K disk cartridge held 10.4 MB, but the newer RA92 could store 1.5 GB.\nThe addr array is being used in the bmap() function . The function consumes an inode (ip) and a logical block number bn and returns a physical block number. That is, it maps a block in a file to a block on a disk, hence the name.\nThe first 10-block pointers are stored directly in the inode. That is, to access for example block 0, bmap() will look up di_addr[0] in the inode and return this block number.\nAdditional blocks are stored in an indirect block, and the indirect block is stored in the inode. For even larger files, a double indirect block is allocated, and points to more indirect blocks, and finally very large files need even triple indirect blocks.\nThe code first determines the number of indirections , grab the appropriate indirect block , and then resolve the indirection the appropriate number of times.\nThis results in the following famous picture:\nOriginal Unix file structure with increasing numbers of indirect accesses for increasingly larger files. This forms a compressed array, where short files can be accessed directly with data from the inode, whereas larger files are using increasingly indirect access. For performance, it is crucial to keep indirect blocks in the file system buffer cache.\nHow this scales is dependent on the block size (512 bytes back then, 4096 bytes these days), and the size of a block number in bytes (originally 3 bytes, later 4 or even 8 bytes).\nAtomic writes Writes to files happen under a lock, so they are always atomic. This is true even for long writes, which span multiple block boundaries, and is discussed at length in But Is It Atomic? .\nThis also means that even with multiple writer processes, on a single file there can be only ever one disk write active at any point in time. This is very inconvenient for authors of database systems.\nNaming files A directory is a file with a special type (directory), and a fixed record structure .\n#ifndef\tDIRSIZ #define\tDIRSIZ\t14 #endif struct\tdirect { ino_t\td_ino; char\td_name[DIRSIZ]; }; A directory entry contains an inode number (an unsigned int), and a filename which can be up to 14 bytes long. This fits 32 directory entries into a disk block, and 320 directory entries into the 10 disks blocks that can being referenced by the direct blocks of a directory file.\nThe lower filesystem is a sea of files. Files have no names, only numbers.\nThe upper filesystem uses a special type of file, with a simple 16-byte record structure, to assign a name of up to 14 characters to a file. A special function, namei() converts a filename into an inode number .\nPathnames passed to namei() are hierarchical: they can contain / as a path separator, and they are being terminated by \\0 (nul). Pathnames either start with /, in which case the traversal begins at the filesystem root, making the filename absolute. Or they do not, in which case traversal starts at u.u_cdir, the current directory.\nThe function then consumes pathname component after component, using the currently active directory and searching linearly for the name of the current component in that directory. It ends when the last pathname component is found, or if at any stage a component is not found. It also ends, if at any point in time, for any directory in the path, we have no x-permission .\nSome entries are magical : They are mountpoints. When we encounter them, we change from the directory entry of the current node and filesystem to the root inode of the mounted filesystem. This makes all filesystems in Unix appear as a single tree, and \u0026ldquo;drives are changed\u0026rdquo; by simply going to a different directory.\nThe function ultimately returns a pointer to the inode for the given pathname, creating (or deleting) the inode (and directory entry) if necessary and desired. It is a centralized point for directory traversal and access permission checks.\nNovel ideas and Limits This very early Unix filesystem has a number of very nice properties:\nIt presents multiple filesystems as one single unified tree.\nFiles are structureless arrays of bytes.\nThese arrays are stored internally in a variable depth dynamic array, using a system of increasingly deeply nested indirect blocks. This allows O(1) disk seeks.\nLower filesystem (creating files) and upper filesystem (structuring files into a tree) are clearly separated.\nPathname traversal is the only way to get an inode, and along the way permissions are always checked.\nThere are very few characters in filenames that are special, / and \\0 (nul).\nWe also have clear limitations:\nFiles can only have 16M blocks. Filesystems can only have 65535 inodes, which is very limited. And there are a number of annoying limitations:\nThere can be only one writer active per file, which kills concurrency.\nDirectory lookups are linear scans, so they become very slow for large directories (more than 320 entries).\nThere is no system for mandatory file locking. There are several systems for advisory file locking.\nAnd a few quirks:\nThere is no delete() system call. We have unlink(), which removes a file name, and files that have zero names and zero open file handles are being automatically collected. This has a few unusual consequences, for example, disk space is only freed if a completely unlinked file is also completely closed. Generations of Unix sysadmins have asked where their disk space is, when a deleted log file in /var/log was still kept open by some forgotten process.\nInitially there is no mkdir() and rmdir() system call, which leads to exploitable race conditions. This is fixed in later versions of Unix.\nThere are a few operations that are accidentally atomic (like the write(2) system call), or have been made atomic after they have been exploited (mknod(2) and mkdir(2)).\nStructurally, it is annoying that the inode table and free maps for blocks and inodes are at the beginning of the filesystem, and disk space is allocated linearly from the front of the disk, too. This leads to a seek intense structure, and enables filesystem fragmentation (in which files are being stored in non-adjacent blocks).\nTraversing a directory structure means reading a directories inode at the beginning of the disk, going to the data blocks further back, then reading the next inode of the next pathname component from the beginning of the disk, and going back the data blocks in the back. This goes back and forth, once for each pathname component, and is not necessarily fast.\nToday, and Improvements The PDP-11 V7 Unix filesystem got a faithful reimplementation as the minix filesystem, with all its limitations. In modern Linux, it has been removed from the kernel source tree because it is no longer useful.\nWe will see in a later article about the BSD fast filesystem, how the data can be better layouted on disk, how we can implement longer filenames, more inodes, and how we can speed things up a bit by taking physical properties of the disk into account.\nOnly even newer filesystems will be dealing with linear directory lookup times, single writers or limited file metadata.\n","date":"2023-05-05T00:00:00Z","href":"https://blog.koehntopp.info/2023/05/05/50-years-in-filesystems-1974.html","tags":["lang_en","unix","filesystems"],"title":"50 years in filesystems: 1974"},{"categories":null,"content":"Back in October last year, I had been speaking to a few long-time friends at SeveralNines for a podcast. The recording is now out, and you can listen to it at this location or in the Podcast Player of your choice.\nBooking.com, Part 1 - Running data infrastructure at an Enterprise scale Booking.com, Part 2 - How Booking.com built their own Sovereign DBaaS at scale ","date":"2023-04-04T00:00:00Z","href":"https://blog.koehntopp.info/2023/04/04/mysql-sovereign-dbaas-decoded.html","tags":["lang_en","mysql","database"],"title":"MySQL: SeveralNines Podcast with Kris"},{"categories":null,"content":"Based on a discussion on IRC and Mastodon: \u0026ldquo;How can I get access to the return values of my (Python-) programs functions?\u0026rdquo; And more generally, how can I trace function execution in Python, showing function parameters and return values?\nPyCharm builtin method Of course, you can always simply turn on this in the PyCharm debugger:\nPyCharm, Debug Window, Gear Icon, \u0026ldquo;Show Return Values\u0026rdquo;\nDo it yourself: sys.settrace() (via Peterkelly ): Python has a built-in API for tracing: sys.settrace() .\nHere\u0026rsquo;s an example of how to use it:\ndef mytrace(frame, event, arg): if event == \u0026#34;call\u0026#34;: print(\u0026#34;call\u0026#34;, frame.f_code.co_name, frame.f_locals) elif event == \u0026#34;return\u0026#34;: print(\u0026#34;return\u0026#34;, frame.f_code.co_name, arg) return mytrace import sys sys.settrace(mytrace) def fac(n: int) -\u0026gt; int: if n == 1: return 1 else: return n * fac(n - 1) if __name__ == \u0026#39;__main__\u0026#39;: result = fac(3) print(f\u0026#34;{result=}\u0026#34;) This will output:\ncall fac {\u0026#39;n\u0026#39;: 3} call fac {\u0026#39;n\u0026#39;: 2} call fac {\u0026#39;n\u0026#39;: 1} return fac 1 return fac 2 return fac 6 result=6 Do it yourself: @logging You can also implement such a thing from first principles, in Python:\nimport functools def args_to_str(*args): return \u0026#34;, \u0026#34;.join(map(str, args)) def kwargs_to_str(**kwargs): ret = \u0026#34;\u0026#34; for k, v in kwargs.items(): ret += f\u0026#34;{k}={v},\u0026#34; return ret[:-1] def logging(func): func.__indent__ = 0 @functools.wraps(func) def wrapper_logging(*args, **kwargs): func_indent = \u0026#34; \u0026#34; * func.__indent__ func.__indent__ += 2 func_name = func.__qualname__ func_args = args_to_str(*args) func_kwargs = kwargs_to_str(**kwargs) print(f\u0026#34;{func_indent} -\u0026gt; Enter: {func_name}({func_args}\u0026#34;, end=\u0026#34;\u0026#34;) if func_kwargs != \u0026#34;\u0026#34;: print(f\u0026#34;, {func_kwargs}\u0026#34;, end=\u0026#34;\u0026#34;) print(\u0026#34;)\u0026#34;) result = func(*args, **kwargs) print(f\u0026#34;{func_indent} \u0026lt;- Leave: {func_name}({result})\u0026#34;) return result return wrapper_logging @logging def fac(n: int) -\u0026gt; int: if n == 1: return 1 else: return n * fac(n - 1) if __name__ == \u0026#39;__main__\u0026#39;: result = fac(3) print(f\u0026#34;{result=}\u0026#34;) This makes use of @functools.wraps() to define a decorator , @logging. It also leverages the fact, that anything, including a callable, can have properties, which we are using to maintain an indent count in func.__indent__. This is initialized to 0, and then incremented by 2 for each call in the call stack. Unwinding the call stack resets the counter, so we don\u0026rsquo;t have to do that manually.\nWe have two helper functions to turn the functions *args and **kwargs into proper strings, and we access func.__qualname__ to get the functions name . We are using __qualname__ to handle inner functions properly here, even if that is sometimes creating less readable output.\nRunning the code results in\nOutput from the Python program above shows function calls and results.\nUsing autologging The autologging package makes this simpler, even if it lacks the nice indentation.\nOur code becomes much shorter:\nimport logging import sys from autologging import logged, traced, TRACE logging.basicConfig( level=TRACE, stream=sys.stdout, format=\u0026#34;%(levelname)s:%(name)s:%(funcName)s:%(message)s\u0026#34; ) @logged @traced class Fac: def __init__(self): pass def fac(self, n: int) -\u0026gt; int: self.__log.debug(\u0026#34;OHAI\u0026#34;) if n == 1: return 1 else: return n * self.fac(n - 1) if __name__ == \u0026#39;__main__\u0026#39;: f = Fac() print(f.fac(10)) We get to use a new loglevel TRACE, and import @logged and @traced decorators from the package. After setting up a log channel with proper formatting, we can mark functions with the decorator, get their execution traced and can simply log.\nThe output:\nOutput of our program using the autologging package.\nUsing icecream At this point Andreas Thienemann mentioned icecream, which is remarkable comfortable. Versions of icecream exist for many programming languages, so this is not Python specific.\nfrom icecream import ic ic.configureOutput(includeContext=True) class Fac: def __init__(self): pass def fac(self, n: int) -\u0026gt; int: ic(n) if n == 1: return ic(1) else: return ic(n * self.fac(n - 1)) if __name__ == \u0026#39;__main__\u0026#39;: f = Fac() print(f.fac(10)) Icecream defined a function ic(), which you can call with parameters (ic(n), ic(1), and ic(n * self.fac(n - 1))), or without (ic()). The function will print its parameters, just like a debug print, or when called without parameters, just log its execution including source file and line. Options to prettify the output exist.\nThe package also provides a function install(), which will simply make ic() available as a builtin:\nfrom icecream import ic install() # this basically does builtin.ic = ic # ic() is now available in all your modules # without having to include it in every submodule. The output looks like this:\nRunning our code with icecream produces this output, nicely colorized and pretty printed. We enabled includeContext=True, so we also get file names and line numbers.\nsnoop and birdseye Of course, this is not the end of it. The package snoop provides tracing of one or all functions, comes with its own version of icecream called pp (PrettyPrint). Using pp.deep(), it will show expression evaluation step by step.\nfrom snoop import pp pp.deep(lambda: x + 1 + max(y + 2, y + 3)) logs\n12:34:56.78 LOG: 12:34:56.78 ............ x = 1 12:34:56.78 ........ x + 1 = 2 12:34:56.78 ................ y = 2 12:34:56.78 ............ y + 2 = 4 12:34:56.78 ................ y = 2 12:34:56.78 ............ y + 3 = 5 12:34:56.78 ........ max(y + 2, y + 3) = 5 12:34:56.78 .... x + 1 + max(y + 2, y + 3) = 7 Snoop understands Python: It shows not just file numbers, but actual code call context, parameters. It handles debugging Decorators, can log Exceptions properly, and can log call stacks of a configurable depth.\nCheck out the examples in the link above.\nbirdseye is a continuation of snoop to the extreme, and integrated with it. It captures the same data as snoop, but logs it to a SQLite file in your $HOME. It will then allow you to start a flask-based Webserver on port 7777 to evaluate the trace file and replay it step by step.\n@spy allows you to run snoop and birdseye in tandem.\nfrom birdseye import eye from snoop import snoop, spy @spy def fac(n: int) -\u0026gt; int: if n \u0026lt;= 1: return 1 else: return n * fac(n-1) if __name__ == \u0026#39;__main__\u0026#39;: result = fac(3) print(f\u0026#34;{result=}\u0026#34;) This will instrument the code to run with snoop, and also log into the database file.\nThe trace is pretty:\nOutput of snoop running on our test function. We instrumented with @spy, which will also create a trace file.\nRunning the Birdseye decoder is easy: python -m birdeye will start it on the default port, 7777.\nStarting the birdseye web server to serve trace files. It is bound to localhost, and listens by default on Port 7777.\nThe rendered trace looks like this:\nbirdseye webserver showing a trace. You can click through the program execution.\npysnoop (via lathiat ) A similar but different thing is pysnoop . You pip install pysnoop and\n#! /usr/bin/env python3 import pysnooper @pysnooper.snoop() def fac(n: int) -\u0026gt; int: if n \u0026lt;= 1: return 1 else: return n * fac(n-1) if __name__ == \u0026#39;__main__\u0026#39;: result = fac(3) print(f\u0026#34;{result=}\u0026#34;) to get\nSource path:... /Users/kris/keks.py Starting var:.. n = 3 09:38:58.287242 call 6 def fac(n: int) -\u0026gt; int: 09:38:58.287317 line 7 if n \u0026lt;= 1: 09:38:58.287330 line 10 return n * fac(n-1) Starting var:.. n = 2 09:38:58.287352 call 6 def fac(n: int) -\u0026gt; int: 09:38:58.287369 line 7 if n \u0026lt;= 1: 09:38:58.287380 line 10 return n * fac(n-1) Starting var:.. n = 1 09:38:58.287392 call 6 def fac(n: int) -\u0026gt; int: 09:38:58.287405 line 7 if n \u0026lt;= 1: 09:38:58.287420 line 8 return 1 09:38:58.287428 return 8 return 1 Return value:.. 1 Elapsed time: 00:00:00.000054 09:38:58.287456 return 10 return n * fac(n-1) Return value:.. 2 Elapsed time: 00:00:00.000122 peepshow, a commandline debugger The package peepshow then offers a full scale commandline debugger, which allows you to trace program execution, set breakpoints and so on.\nUnfortunately, it has been abandoned (the last commit was in November 2020), and does not support modern Python.\nHoneycomb and Opentracing What if you cannot access the host your code runs on, for example, because that host is variable and many, because you are running in Kubernetes? In this case, Honeycomb and other OpenTelemetry packages have you covered. They do the same logging as above, but package data in OpenTelemetry Spans, and send these over the network.\nThe old, original Honeycomb Beeline for Python is documented here: Python Beeline . The current OTel compatible implementation is here: OTel replacement .\nA medium article discussion the same decorator usage as we do here, but in the context of OpenTelemetry, is available: Using Decorators to Instrument Python Code With OpenTelemetry Traces .\nAnd in C? A similar solution exists for the C programming language since 1987, in the form of the Fred Fish Debug Macros.\nSee the usage in MySQL , and grab the source .\nThis is older than time itself, and C is a bit limited compared to Python, but it basically does the same thing, in 36 years old code.\nThe code for these samples has been made avialable on GitHub .\n","date":"2023-03-14T00:00:00Z","href":"https://blog.koehntopp.info/2023/03/14/tracing-python.html","tags":["lang_en","python","debug"],"title":"Tracing Python"},{"categories":null,"content":"Given a table named tbl with one million entries, we want to select a random row from this table, fast. Our table definition looks like this:\ncreate table tbl ( id INTEGER NOT NULL, d VARCHAR(200) NOT NULL, INDEX(id) ); Dense id space We can generate some test data using a recursive CTE:\nmysql\u0026gt; set cte_max_recursion_depth = 100000; mysql\u0026gt; insert into tbl -\u0026gt; with recursive c(n, u) as ( -\u0026gt; select 1, uuid() -\u0026gt; union all -\u0026gt; select n+1, uuid() from c where n \u0026lt; 100000 -\u0026gt; ) select * from c ; The Recursive CTE will generate 100k pairs of (number, uuid()). The initial row is defined in the upper row of the UNION, each subsequent row builds recursively on top of that, by simply counting up.\nSince we generate all the values in one transaction, the uuid() is actually static. That is, because inside a transaction time stops, and the uuid is internally time-based.\nSince the id-space is free of gaps, we have rng many numbers between min(id) as min and max(id) as max. Using the index on id, we can simply generate a random number between these boundaries and select the row.\nmysql\u0026gt; select min(id), max(id) into @min, @max from tbl; mysql\u0026gt; select @max-@min+1 into @rng; mysql\u0026gt; select * from tbl where id = floor(rand() * @rng) + @min; +-------+--------------------------------------+ | id | d | +-------+--------------------------------------+ | 79720 | 13b94bdf-bc1c-11ed-9c65-08606ee5ff82 | +-------+--------------------------------------+ 1 row in set (0.06 sec) mysql\u0026gt; select * from tbl where id = floor(rand() * @rng) + @min; +-------+--------------------------------------+ | id | d | +-------+--------------------------------------+ | 28379 | 13b64d6a-bc1c-11ed-9c65-08606ee5ff82 | +-------+--------------------------------------+ 1 row in set (0.06 sec) Gaps, and we don\u0026rsquo;t care If our table has gaps, and we do not care, we can simply move to an inequality and work with that:\nmysql\u0026gt; select floor(rand() * @rng) + @min into @val; mysql\u0026gt; \u0026gt; select @val, tbl.* from tbl where id \u0026gt;= @val limit 1; +-------+-------+--------------------------------------+ | @val | id | d | +-------+-------+--------------------------------------+ | 46346 | 46346 | 13b74a19-bc1c-11ed-9c65-08606ee5ff82 | +-------+-------+--------------------------------------+ 1 row in set (0.00 sec) mysql\u0026gt; delete from tbl where id % 2 = 0; Query OK, 50000 rows affected (0.71 sec) mysql\u0026gt; select @val, tbl.* from tbl where id \u0026gt;= @val limit 1; +-------+-------+--------------------------------------+ | @val | id | d | +-------+-------+--------------------------------------+ | 46346 | 46347 | 13b74a1c-bc1c-11ed-9c65-08606ee5ff82 | +-------+-------+--------------------------------------+ 1 row in set (0.00 sec) Generating truly random rows Using Python, we can generate truly random rows.\ndef generate(count = 1000000): \u0026#34;\u0026#34;\u0026#34; Generate some test data \u0026#34;\u0026#34;\u0026#34; sqlcmd = \u0026#34;insert into tbl (id, d) values ( %(id)s, %(d)s )\u0026#34; # ID values with a step of 100, in random order # this ues a lot of memory to materialize the list id_list = [ i for i in range(0, count * 100, 100 )] # but if we want to shuffle, we have hardly any other option random.shuffle(id_list) counter = 0 data = [] # Write them out, in batches of 1000. for i in id_list: item = {\u0026#34;id\u0026#34;: i, \u0026#34;d\u0026#34;: uuid.uuid4()} data.append(item) counter += 1 if (counter % 1000) == 0: try: c = db.cursor() c.executemany(sqlcmd, data) except MySQLdb.Error as e: print(f\u0026#34;MySQL Error: {e}\u0026#34;, file=sys.stderr) sys.exit() data = [] db.commit() db.commit() and that yields\nmysql\u0026gt; select * from tbl limit 10; +----------+--------------------------------------+ | id | d | +----------+--------------------------------------+ | 720800 | d6aba075-d30c-4159-a3f9-67e23ac5674e | | 2548500 | 18fccfa2-4fc6-4642-861b-4c98314cd6f1 | | 86144900 | e5a58428-c5e1-4a32-a009-88b5877348bf | | 88949600 | fabbce25-221e-41d3-97e4-8cfa6bdc4816 | | 18642300 | 6df95b85-0d49-487c-98b0-548980479e16 | | 59352400 | 4dfa8a3c-95e7-41b6-83f4-1f1c9f647ecd | | 11149400 | 60d19e1f-1bca-41d2-93a6-1f9af585bbd4 | | 37822800 | eebeafd8-b08a-483d-88a5-f779de5d6888 | | 88126400 | 04c4d0ed-ba7c-456f-ac8c-a72448f38621 | | 65363500 | 876794c9-b3b5-4cda-9acd-dacb4f5a9419 | +----------+--------------------------------------+ 10 rows in set (0.00 sec) If we had defined the table with a primary key, InnoDB would have kept the data in primary key order \u0026ndash; sorted by id. Since we did not, the output is kept in generative order.\nWindow functions do not help us here We can generate row numbers, using window functions:\nmysql\u0026gt; select tbl.*, row_number() over () as r from tbl limit 10; +----------+--------------------------------------+----+ | id | d | r | +----------+--------------------------------------+----+ | 720800 | d6aba075-d30c-4159-a3f9-67e23ac5674e | 1 | | 2548500 | 18fccfa2-4fc6-4642-861b-4c98314cd6f1 | 2 | | 86144900 | e5a58428-c5e1-4a32-a009-88b5877348bf | 3 | | 88949600 | fabbce25-221e-41d3-97e4-8cfa6bdc4816 | 4 | | 18642300 | 6df95b85-0d49-487c-98b0-548980479e16 | 5 | | 59352400 | 4dfa8a3c-95e7-41b6-83f4-1f1c9f647ecd | 6 | | 11149400 | 60d19e1f-1bca-41d2-93a6-1f9af585bbd4 | 7 | | 37822800 | eebeafd8-b08a-483d-88a5-f779de5d6888 | 8 | | 88126400 | 04c4d0ed-ba7c-456f-ac8c-a72448f38621 | 9 | | 65363500 | 876794c9-b3b5-4cda-9acd-dacb4f5a9419 | 10 | +----------+--------------------------------------+----+ 10 rows in set (0.00 sec) But since they are generated on the fly, they are not an efficient way to select a random row: We cannot use Window functions in any interesting context, and using them in a subquery basically forces the database to materialize all the rows before the one we are interested in. So this is slow:\nmysql\u0026gt; select tbl.*, row_number() over () as r from tbl where r = 192383; ERROR 1054 (42S22): Unknown column \u0026#39;r\u0026#39; in \u0026#39;where clause\u0026#39; mysql\u0026gt; select tbl.*, row_number() over () as r from tbl where row_number() over () = 192383; ERROR 3593 (HY000): You cannot use the window function \u0026#39;row_number\u0026#39; in this context. mysql\u0026gt; select tbl.*, row_number() over () as r from tbl having r = 192383; ERROR 3594 (HY000): You cannot use the alias \u0026#39;r\u0026#39; of an expression containing a window function in this context. mysql\u0026gt; select * from ( select tbl.*, row_number() over () as r from tbl ) as t where r = 192383; +----------+--------------------------------------+--------+ | id | d | r | +----------+--------------------------------------+--------+ | 85856500 | 17e04a8a-95e5-4f5f-8aa2-597c2d37dd43 | 192383 | +----------+--------------------------------------+--------+ 1 row in set (4.58 sec) Selecting randomly from tables with gaps Without continuous ids, and without a row count we cannot easily select the \u0026ldquo;n-th record\u0026rdquo; from a table. So the best we can do is to select all id-values, and shuffle them, then choose the first row from the shuffle:\nmysql\u0026gt; select id from tbl order by rand() limit 1; +----------+ | id | +----------+ | 64527400 | +----------+ 1 row in set (0.86 sec) We can turn this into a full row with a join with almost no cost:\nmysql\u0026gt; select * from tbl as t1 -\u0026gt; join ( -\u0026gt; select id from tbl order by rand() limit 1 -\u0026gt; ) as t2 on t1.id = t2.id; +----------+--------------------------------------+----------+ | id | d | id | +----------+--------------------------------------+----------+ | 24765800 | dcabd753-a357-4f38-a255-e81b0675654f | 24765800 | +----------+--------------------------------------+----------+ 1 row in set (0.82 sec) Consuming rows In the previous examples, we have been re-ordering the table randomly for each access (or group of accesses). The shuffle has not been made persistent.\nOften, the problem is not to select a random row, but to consume rows in random order. We can store a random number with each row, and then use this as an (indexed) ordering key. Using the knowledge from the queueing article , we can select the item with the highest ordering value, lock it for consumption, retrieve it and delete it.\nThe idea is to add a column ordering to our table, indexed for fast access. The ordering value is assigned randomly. Here, we are creating the values after the fact in batch for one million entries, but in a system you would probably do that for each item as you write the item.\nmysql\u0026gt; alter table tbl add column ordering double, add index(ordering); Query OK, 0 rows affected (20.18 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql\u0026gt; update tbl set ordering = rand(); Query OK, 1000000 rows affected (1 min 8.27 sec) Rows matched: 1000000 Changed: 1000000 Warnings: 0 To consume a random row, we start a transaction, select the row we want, using FOR UPDATE and SKIP LOCKED, and then delete it.\nmysql\u0026gt; START TRANSACTION; -- Two rows with the same ordering value may exist. -- We can distinguish them by id, and can process one or both of them. -- -- If another process has a lock on the topmost row, we will get zero results -- due to the use of SKIP LOCKED. mysql\u0026gt; select * from tbl where ordering = (select max(ordering) from tbl) for update skip locked; +----------+--------------------------------------+--------------------+ | id | d | ordering | +----------+--------------------------------------+--------------------+ | 31106100 | dc12e901-64a0-45a1-8f2e-dee93e3c8ab9 | 0.9999995017424221 | +----------+--------------------------------------+--------------------+ 1 row in set (0.00 sec) mysql\u0026gt; delete from tbl where id = 31106100; Query OK, 1 row affected (0.00 sec) mysql\u0026gt; commit; \u0026lt;actual processing outside of the transaction\u0026gt; Here, the inner query determines the maximum \u0026ldquo;ordering\u0026rdquo; value, which is fast due to the index. We make use of that value to fetch \u0026ldquo;a row\u0026rdquo;. Nothing prevents multiple rows from matching, so we may get one or more rows. We take the first (or all values), process it, and delete the processed rows, then commit.\nBecause we use FOR UPDATE, each row we select will also be exclusively locked, so other consumers cannot touch them. Because of the SKIP LOCKED, other consumers will not be hanging on locked rows. Instead, they will simply not see locked rows, so our query may actually even return zero rows in a concurrent context.\nAlternatively, you do not strictly process items in order, and want to process them \u0026ldquo;roughly\u0026rdquo; in order, but be able to leverage multiple consumers. A query such as the one below selects one or more items to process (locking them), so that they can be picked up for processing and deleted.\nmysql\u0026gt; start transaction read write; -- This is the first UNLOCKED row available for processing. -- -- Another process may have a lock on another row with an even larger ordering value, -- but thanks to SKIP LOCKED, we will not see that. mysql\u0026gt; select * from tbl order by ordering desc limit 1 for update skip locked; +----------+--------------------------------------+--------------------+ | id | d | ordering | +----------+--------------------------------------+--------------------+ | 68998800 | bcf7cca2-076d-444b-922b-ae064a1c49a8 | 0.9999983534216865 | +----------+--------------------------------------+--------------------+ 1 row in set (0.00 sec) mysql\u0026gt; delete from tbl where id = 68998800; Query OK, 1 row affected (0.00 sec) mysql\u0026gt; commit; \u0026lt;actual processing outside of the transaction\u0026gt; For scalability, it is important to keep the interval between START TRANSACTION and COMMIT as short as possible. Therefore, it is advisable to keep the actual item processing outside the transaction.\nBecause we do not need to shuffle things each time when we access things, this is actually much faster than \u0026ldquo;selecting a random row\u0026rdquo;.\n","date":"2023-03-06T00:00:00Z","href":"https://blog.koehntopp.info/2023/03/06/selecting-random-rows.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Selecting random rows"},{"categories":null,"content":"Some applications allow you to have multiple passwords. For example, in MySQL, since 8.0.14 you can dual passwords for an account . Also, Redis 6 allows you to have multiple passwords on an account ACL .\nPersonal Accounts and Machine Accounts. When running services in a production system, the services sometimes have personal accounts (PAs) that allow humans to login and perform actions on the service. Often, these accounts are very limited in number (in production), and privileged.\nAlso, you have clients connecting to the system. These are called Non-Personal Accounts, Machine Accounts or Service Accounts (MA) in many environments. Machine Accounts are not used by humans, but are a set of credentials used by client applications to work with a service.\nIt is good practice to assign a different MA to each application using a service, and to rotate credentials regularly and quickly for each MA. In many environments doing this is even a compliance requirement.\nDifferent Usernames are helpful Assigning different identities (different usernames) to different applications is useful in many ways:\nAccess permissions are tied to identities, so different identities are a requirement to separate different sets of permissions. Also, different identities allow you to attribute activity in the service to the identity, thus make monitoring, auditing and accounting possible. It is much easier to identify a misbehaving application, if all applications using your service have different user account names. Dynamically assigned credentials Very often credentials are not stored at all in the client configuration, but are requested dynamically on-demand from another service, the Secrets Manager or Vault. It is either part of a cloud control plane, and can leverage trust from the cloud infrastructure to know who is who and what to allow, or it is an external service such as a Hashicorp Vault.\nIn any case, the application would not store Database or Redis username and passwords in configuration files any more, but ask the secrets manager to provide these credentials at runtime, receive them, and then store them only in memory. They would also be expired and re-requested in regular intervals, on a multiple-minutes to hour scale.\nThis allows the Secrets Manager to perform account operations, such as password or account rotation.\nAccount Rotation or Password Rotation? Rotating MA passwords is often a requirement, and most environments also require a comparatively high rotation frequency (\u0026ldquo;once per week\u0026rdquo;, which qualifies as \u0026ldquo;high\u0026rdquo; in database timescales).\nSome services, such as MySQL and Redis given as examples above, allow you to associate multiple password with a single account. Many others do not, in them username (\u0026ldquo;identity\u0026rdquo;) and password (\u0026ldquo;authentication\u0026rdquo;) are a 2-tuple.\nRotating passwords, when taken literally, is hard with such services, because changing the password atomically in the server and all its clients is impossible. There is always some overlap during which the service already has the new password (and implicitly invalidated the old password), while the clients are still using the old password. If you rotated the password with traditional methods, there would be a discrepancy between clients and servers in password knowledge, and thus failed logins.\nOne way around that is provisioning new MA accounts for an application, and then feeding the applications not only new passwords, but completely new credentials. Thus,\nan application androidapp would see the old user androidapp_23ad63 with a generated password BBLA32Tm9feoAGpN, then account rotation would additionally create androidapp_8760d3 with the password cts6Me5c7T4q6Dq2 and the same authorizations in the service, then the account rotation would test that this newly creates account works as desired, then the account rotation would stop handing out the old credentials (23ad63) to clients, and start serving the new credentials (8760d3), then the account rotation would over the course of an hour observe the old account not being used anymore, and the new account picking up traffic, then the account rotation would see the old 23ad63 account being silent for two hours, and eventually lock and deprovision it or this does not work as expected, and 23ad63 stays active past the deadline, in which case we raise an alarm. Why no observability? Account rotation has some advantages over password rotation: First: it works with any application, even those that have no support for multiple passwords. Lack of multiple password support is stopping no-one from implementing rotation, it is just account and not password rotation you need to build.\nThen: Even in MySQL and Redis it was not immediately obvious to me how password rotation can be validated to function correctly. That is, I have been unable to find a way to isolate instances of logins using the \u0026ldquo;non-primary\u0026rdquo; (or old) password, and somehow make sure that all logins in the last hour or so have been using the newly updated password.\nAs an engineer running the application, I would want to make sure that the old password is unused before I ask the service to deprovision it.\nBut observability on this seems to be completely non-existent. Which is weird, because any security engineer will tell you that a control is only valid, if you can verify it is working as intended.\nWith account rotation, usage of old accounts is immediately visible. The system can check if the old account is still being used, and once it isn\u0026rsquo;t anymore, it can deprovision it. If the old account does not go silent within some timeout, we can alert on this, identity the team responsible for the application, and sit down to talk about credential caching.\nThus, I would rate the implementation of any password rotation feature that does not have good observability built in as incomplete.\nAn authorization problem Conversely, while account rotation has automatically good observability, it complicates authorisation. Authorisation is the set of permissions ties to an identity, the GRANTs in SQL-lingo.\nIf you rotate accounts, you are essentially creating new accounts and drop old accounts on a schedule. That means\neither store the authorization outside the system or you can leverage a role system. In the latter case, you would create a role androidapp, and assign it the authorizations, then make sure all androidapp% accounts are members of the role, inheriting the role authorizations with no individual per-account rules.\nMost, but not all systems have a role-system for accounts similar to MySQL 8 roles, in which you assign authorizations to groups instead of individual accounts. If you have it, implementing account rotation without complicating authorization is comparatively easy.\nSummary Having a secrets manager that hands out secrets to services and clients is useful, because it allows you to prevent materialization of secrets. One of the primary features of clouds (private and public) would be that the control-plane of the cloud can attest identity of instances, and would allow you to solve authentication trivially. Sadly, Openstack and all Openstack derives private and public clouds seem to not implement that (and thus offer no IAM to services based on control-plane trust). For those where the cloud control-plane does not offer IAM, Hashivault can help out a lot. Some applications have the ability to have multiple passwords per identity, to allow easier password rotation. The value of that feature is greatly diminished by a lack of observability. Any control is only complete if it can be verified to work. We need to be able to see if old deprecated passwords are unused in order to safely deprovision them. Even without multiple passwords, we can always leverage a secrets manager and some relatively simple external driver to rotate accounts instead. This is complicated by the fact that many applications bind authorizations (access permissions) to identities (usernames). We can use roles to work around that, and assign authorizations to these roles, then have the identity inherit from the role. Implementing either account rotation or password rotation still requires additional work: an external driver, safeguards, monitoring and alerting, plus an update of the documentation. In neither case you will be done by simply turning on a feature. ","date":"2023-02-20T00:00:00Z","href":"https://blog.koehntopp.info/2023/02/20/rotating-accounts-or-passwords.html","tags":["lang_en","devops","security"],"title":"Rotating Accounts or Passwords?"},{"categories":null,"content":" Master of Disaster With a previous employer there was the requirement to implement business continuity management and patch management. Specifically, there was a requirement to be able to lose a region completely without loss of business. The other requirement was to be able to have all systems CVE-free within 30 days (in emergencies: 3 days), and to be able to blackstart them.\nThat was of course impossible to implement.\nManagements reaction was to create the position of the \u0026ldquo;Master of Disaster\u0026rdquo; (MoD). The MoD and their apprentice (\u0026ldquo;always two there are\u0026rdquo;) have then planned, for many months, a fail-over between two Regions. But they did not achieve much, and they never could, because in the end Management Buy-In was missing. In the end, Management wanted to know (needed to know!), before the test, that it would work. That of course invalidated this approach completely.\n\u0026ldquo;Security is a process\u0026rdquo;, what does that even mean? The MoD then changed their way of working completely. They sat down with the teams, and with each they made a catalog of failure modes.\n\u0026ldquo;What happens when a web server node fails?\u0026rdquo; \u0026ldquo;What happens when ten web server nodes fail?\u0026rdquo; \u0026ldquo;What happens when a load balancer dies?\u0026rdquo; \u0026ldquo;What when a rollout rolls out broken code, and we need to roll back?\u0026rdquo; \u0026ldquo;What when storage fails?\u0026rdquo;\nAnd the MoD sat down and worked their way through protocols of past outages. They cataloged the outages and mapped then to the scenarios created above, and if they found missing cases the catalog was extended, together with the team.\nIt is only science if you write it down Then the team was asked to predict what would happen, how they would notice and how to fix. The MoD made them write these things down, into Opdocs. The Opdocs got Identifiers. All scenarios had to have named alarms checking for the scenario, and each alarm message had to include the Opdoc ID.\nThen the team created a test scenario for each of these outages, bundled them together into a test session (\u0026ldquo;a drill\u0026rdquo;). And together with the Master of Disaster, their apprentice and a scribe went through them one by one, writing down what happened. Afterwards, all sat down, and compared notes with the predictions, and made a set of tasks to update the Alarms, the Opdocs or the Procedures themselves. Then they scheduled a followup session. In the end they arrived at a rhythm of a Drill every two or three sprints, until the team and the MoD were satisfied with the outcome.\nRinse, Repeat The MoD did that with all the teams, and magically after a year or so, things were no longer painful, but became a way of operating. The observed failure modes of the systems changed, because Drill findings made their way into development. The way of working and the way of thinking changed, in all the teams, fundamentally, even. Alerts became cleaned up, and with the need to attach Opdocs, Alerts became actionable, because that is what is in an Opdoc: Packaged actions a relatively unskilled Operator can execute. Tooling improved, to automate previously manual outage procedures. Automation grew. Reliability and reproducibility improved. Metrics got better.\nLarge scale outages Now the MoD moved on from team-level subsystem failures to larger scenarios that simulated loss of Racks or other larger units, or loss of Network connectivity (intermittently or for longer time). Also, they added drill scenarios with a loss of storage, that is outages where teams did not get back the machine that was simulated to fail after the Drill. Instead, they had to create replacements, first individually, then had to black-start entire regions.\nThese Drills highlighted automation defects: Manual and often undocumented work went into creating new systems, so that the automation was not resilient against large scale loss.\nAlso, a lot of problems related to loss or unavailability of the automation control plane were highlighted:\nSystems might be able to lose their automation controllers. This is a \u0026ldquo;loss of control\u0026rdquo; scenario, not \u0026ldquo;loss of availability\u0026rdquo;. You do not lose web servers, but you lose the ability to make new ones or to decommission old ones or change the config of the existing ones. Systems usually can continue to run without their automation controller for a few hours, provided the operational circumstances are somewhat stable.\nIn some cases, loss of state in the control plane highlighted that the control plane could not rediscover its clients out there and scan them for state. Instead, it was assumed that the entire region was to be recreated from scratch, when it was in fact there, and perfectly functional, just unknown to the controller.\nIn some cases the automation assumed that new systems were to be recreated from scratch by cloning over data from remote regions. But if all teams are doing that at the same time, the line capacity is insufficient. It is necessary to do something more sophisticated and use local state (cloned over once) to implement a local fan-out.\nAgain, a year or two went past, with limited scope but larger drills.\nTeams picked up the new requirements, development learned a thing or two, and by simply repeating until good the message arrived and improvements got implemented. We have now reached a state where automation is only considered \u0026ldquo;done done\u0026rdquo; when it survives one of the regularly simulated outages, and when the state of the Opdocs is good enough for members of adjacent teams (instead of the native team) to manage the outage.\nAlso, we have reached a sophistication of automation that allows us to drop each and every instance and each and every image after 90 days, because replacements are redeployed automatically, and state is cloned over.\nBurning it all down This, after only three to four years, is where our organisation has reached a state where teams and management can go with confidence into a scenario where access to one Region is lost, in a controlled way and with pre-announcement. Management can believe that the entire thing is understood well enough that this Drill will not lead of a major loss of income.\nUnannounced random failure of a Region, or total recovery from backup after a ransomware attack are still open issues, but they have become realistic targets. Each would amount to rebuilding a Region, automatically, from nothing, without loss of operations or income.\nThis is not a Sprint The key to success for the MoD was the change from Project to Process. Do small things with individual teams, first with cooperative teams, then reaching out and making the process mandatory for all teams.\nThis was not a single giant monster project, but small steps over many years, with a change in the MoD position and with a redefinition of the title and scope of the position along the way. It also was a fundamental change in the way how operations are done, and what is acceptable. It improved not only the business continuity stance, but also improved security overall, and made many audits and certifications easier. It also delivered the necessary metadata (machine inventory, mapping of services to instances, mapping of dependencies, implementation of controls) to management to make a large set of certifications and audits just a formality.\nWhen people say \u0026ldquo;Security is a process\u0026rdquo;, this is what they mean. Small, doable exercises that become part of everyday operations. Then incremental widening of scope and increase of difficulty.\nAnd the work is not done by the MoD, but by the teams \u0026ndash; all teams. The MoD only steers the process, and guides the teams through it.\nBecause this is not a Drill. This is just Tuesday.\n","date":"2023-02-18T00:00:00Z","href":"https://blog.koehntopp.info/2023/02/18/this-is-not-a-drill.html","tags":["lang_en","devops","security"],"title":"This is not a Drill, this is just Tuesday"},{"categories":null,"content":"A minecraft server has problems creating threads. The error message reads:\njava.lang.OutOfMemoryError: unable to create native thread: possibly out of memory or process/resource limits reached at java.lang.Thread.start0(Native Method) ~[?:?] at java.lang.Thread.start(Thread.java:802) ~[?:?] at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:945) ~[?:?] at java.util.concurrent.ThreadPoolExecutor.execute(ThreadPoolExecutor.java:1353) ~[?:?] at java.util.concurrent.Executors$DelegatedExecutorService.execute(Executors.java:721) ~[?:?] at org.bukkit.craftbukkit.v1_19_R2.scheduler.CraftAsyncScheduler.mainThreadHeartbeat(CraftAsyncScheduler.java:73) The server in question has 32 GB of memory (6 GB used), 8 cores, and processes threads running. It is mostly idle. There is no reason at all why this machine should be out of resources.\nVPS Limits, and how to check them It is a VPS, and that may be related:\n# lscpu | egrep -i \u0026#39;(visor|virt)\u0026#39; Address sizes: 46 bits physical, 48 bits virtual Virtualization: VT-x Hypervisor vendor: Parallels Virtualization type: container The instance has a relatively low process limit, shown in /proc/user_beancounters.\n# grep numproc /proc/user_beancounters numproc 272 272 1100 1100 0 This shows a global limit of 1100 threads/processes.\nThere is an additional threads-per-process limit enforced by systemd, and this is relatively low, because of the low per-instance limit. It can be shown like this:\n# systemctl show --property=DefaultTasksMax DefaultMax=135 This matches the numbers from the user_beancounters: The maximum utilization was 272 in the Beancounters, and the server never managed to hit the limit of 1100. Instead, it made it to 2x 135 (two Minecraft servers, each with the limit of 135), and two additional threads.\nIncreasing the systemd Limit It is possible to increase this limit to the instance limit, like so:\n# mkdir /etc/systemd/systemd.conf.d` # cd /etc/systemd/system.conf.d # pwd /etc/systemd/system.conf.d # cat \u0026lt;\u0026lt; EOF \u0026gt; system.conf # Override created by ... on ... # [Manager] DefaultTasksMax=1100 After creating this file, reload systemd and check the new limits:\n# systemctl daemon-reexec # systemctl show --property=DefaultTasksMax DefaultMax=1100 Non-VPS has higher limits On a physical server with 32 GB of memory and 8 cores, the default limit is\n# systemctl show --property=DefaultTasksMax DefaultTasksMax=38313 and it can be tuned much higher. Similarly, on a properly virtualized box instead of a VPS it would be much higher.\nConsider this when you opt for a cheap, overcomitted VPS slice instead of a proper KVM. When you go for the VPS, make a monthly contract and do not commit to a one-year option, so you can get rid of it when it turns out to be unsuitable.\nActual resource consumption On our server, we run three instances of \u0026ldquo;Paper\u0026rdquo; (a high-performance patch to a patch to a patch of the original minecraft server), and waterfall, a Minecraft proxy that directs users between the instances.\nOutput of the htop program. On the right hand side of the screenshot, we see three identically configured java instances, each representing a \u0026ldquo;Paper\u0026rdquo; server. The resident set size of these servers is relatively small, 3.5 GB per instance, as shown by the left-lower red bubble. The virtual size is not quite 10 GB. The server instance will grow until it reaches the virtual size. Total memory consumption is shown in the upper-left bubble, 11.6 GB are used (the sum of the servers plus some extra from the OS).\nWe run the servers with -Xmx4096M -Xms4096M each, which is rather generous. This creates processes with a total VIRT size of ~ 10 GB, of which RES is the actually comitted memory, around 3.5 GB per process. This results in 11.2 GB memory usage, plus 0.4 GB extra from other processes on the instance.\nOur total memory is 32 GB.\nThe server load is shown as 0.41/8.0, so the machine is pretty idle, and the CPU load meters above the memory meter agrees.\nOutput of the htop program, detail. When hitting H to toggle display of user threads, the number of running threads is also shown. We are running 245 threads.\nHitting H (Uppercase-H) in htop unfolds user threads display. It also shows the total number of threads running next to the number of tasks (processes). In our case, we are running with 245/1100 threads. This is by far the most scarce resource.\n","date":"2023-02-17T00:00:00Z","href":"https://blog.koehntopp.info/2023/02/17/minecraft-unable-to-create-native-thread.html","tags":["lang_en","gaming","microsoft","minecraft"],"title":"Minecraft: unable to create native thread"},{"categories":null,"content":"At a previous job we had a home-grown application \u0026ldquo;Service Directory\u0026rdquo;, which allowed a team to declare a service or deployed application. The record for a service not only declared the application with pointers to the source code repository, artifacts and documentation.\nIt also pointed to the operational facts, such as criticality, the owning teams, the SLO, the alerts, and the collected stats and dashboards. And, most importantly, you had to declare dependencies \u0026ndash; which other services you depend on.\nUsing Dependencies for Firewalls and Passwords From data in service directory firewall rules were being generated, automatically. That meant that with a non-existent or incomplete SD declaration you could talk to nothing and nobody.\nAlso, all machine accounts (non-personal accounts, NPAs) were provisioned with Hashicorp Vault, controlled by SD. The data in vault was autogenerated, based on – you guessed it – data from the service directory. And it was rotated.\nThat is, every week or so new accounts with new passwords were being added to Vault, picked up by the services, and then also picked up by the clients – order matters a lot here.\nHaving individualized machine accounts per application helps a lot to identify service (or database) abuse. It also allows for individualized rate limits or other controls, and of course minimal permissioning of applications.\nMonitoring would see if old accounts from last week were still being used. If so, somebody would need to talk to the team owning the service using these accounts, because obviously something was caching credentials somehow, when it should not. If old accounts are quiet and stay so for some time, the old accounts can be decommissioned and deleted.\nThis also makes some nice graphs showing the speed of account (and password) rotation across the enterprise, and these things come handy in audits. It allows you to prove that passwords are fresh, and that old NPA secret in the hands of leavers cannot be leveraged to gain access to production.\nUsing Dependencies for Capacity and Business Continuity planning Having dependency data also comes in handy in many other tasks, such as (with additional data) planning capacity. While SD data does not directly contain the volumes needed to plan, dependencies show who can generate demand on a service, and from that it is clear what to measure and where to pick up additional information, such as current fleet size, plans for the coming season and so on.\nThe dependency web can also be mapped on locations and structural failure boundaries from the underlying physical machinery, and thus it becomes possible to calculate failure scenarios, and using actual placement data, detect co-failure scenarios or write scheduler plugins to avoid them. Also, mapping dependencies into a graph allows for a functioning black start plan. It would still require testing, but at least the data for such a thing is there.\nDependency Inflation In such a setup, having not enough dependencies will make an application not work. Thus, SD data can be relied on to be at least as large as the minimum dependencies, or larger.\nThe \u0026ldquo;or larger\u0026rdquo; part is undesirable, but hard to limit. The only workable way I have seen requires annoying recurring audits, or equally nagging regular re-requests for all resources.\nExperimentally, requested resources and observed resource usage in production can be mapped on each other, and unused resources can be detected. They cannot be automatically cancelled, because they still may be necessary, if only in rare situations. But this would at least bring the nag-level down to manageable sizes.\n","date":"2023-02-06T00:00:00Z","href":"https://blog.koehntopp.info/2023/02/06/service-directories-and-what-they-are-good-for.html","tags":["lang_en","devops","security"],"title":"Service Directories, and what they are good for"},{"categories":null,"content":"In this post , SirSquid@toot.io asks:\nCan someone explain to me why seeing retoots and likes is wildly different across Mastodon servers?\nFrom toot.io, a toot from @gamingonlinux@mastodon.social shows hardly anything. But when viewing it on mastodon.social, it has tons of both.\nThis is one thing I would love to see properly cleaned up on Masto.\nMastodon is using ActivityPub, a federated protocol. Nodes exchange articles, and each node caches articles.\nIn order for a node to receive an article from a remote user in the first place, at least one user on the system needs to subscribe to that remote user.\nSo given the following situation:\nOn mastodon.social, the user GamingonLinux subscribes to SirSquid@toot.io. On chaos.social, the user isotopp subscribes to SirSquid@toot.io. On subscription, the toot.io server is notified of the subscription.\nTwo users on two different servers, isotopp@chaos.social, and GamingonLinux@mastodon.social, subscribe to SirSquid@toot.io. The server toot.io is notified of this, and will deliver new posts from SirSquid to these two remote servers. Old articles from SirSquid do not exist on either remote server, they will not be backlogged.\nWhen SirSquid now posts a new article, the following happens because of the subscription:\nSirSquid posts a new article. The new article only exists at toot.io. It enters the Local Timeline, which is a view into the Out-queue of that server. The article is now delivered to the home servers of all subscribers. On delivery, it enters the Federated Timeline, which is a view into the In-queue of that server. The local subscribers are then notified and are shown the local copy of that article.\nWhen SirSquid posts a new article, this article is locally created on toot.io. This is going to be the master copy of the new article.\nThe article also enters the local timeline of that server, which can be thought of as a view of the Out-queue of the server. (This is not actually precisely true, because posts can be unlisted or otherwise restricted in visibility.)\nQueue workers on toot.io will eventually fetch the master copy of the article, determine the articles subscribers, and then try to post the article to the subscribers remote servers. When that works, the article enters the In-queue of the remote server. When that does not work, retries can happen. The In-queue of the remote server is visible (with visibility restrictions) as the Federated Timeline.\nFor each incoming new post, the local subscribers are notified and are shown the local copy of that post.\nWhen a user is very popular and has many followers, their posts need to be copied to all subscribers, which can be literally on every single server in the Fediverse. That means thousands of deliveries of the post need to be made. That can take time.\nNot all servers will always be immediately reachable. A certain percentage of deliveries will fail, and be backlogged. The source server will have to retry a certain number of times, and if the error persists, give up. The subscribers on the unavailable server will lack a copy of that post.\nUsers on, say, mastodon.social, could still discover missing posts if they checked the home timeline of SirSquid on toot.io. They won\u0026rsquo;t find the post on the copy of the home timeline of SirSquid on mastodon.social.\nWhen readers on mastodon.social or chaos.social interact with the local copy of a post, this will happen:\nA user on chaos.social boosts the post. The local boost counter for the post is updated. The counter change is forwarded to the originating server, toot.io.\nA user on mastodon.social likes the post. The local like counter for the post is updated. The counter change is forwarded to the originating server, toot.io.\nInteractions are being aggregated at toot.io.\nInteractions with a post are updated locally: A boost on chaos.social increments the boost-counter on chaos.social, and a like on mastodon.social increments the like-counter on mastodon.social. Such interactions are also forwarded back to the master copy of the post. That is, updates for each boost and each like are being sent back to toot.io. The counter at the posts master copy aggregates all these interactions and has totals for the post. Notifications are being sent to SirSquid@toot.io, and go Ding, Ding, Ding!\nIf a user is very popular and has many subscribers, and a post is very popular and has many interactions, the originating server (here: toot.io) will receive updates from many thousand remote servers, one for each like or boost of the post on any server. These updates will need to be persisted, that is, written to disk into a database. This will generate a lot of load on the originating server.\nThe aggregated notifications won\u0026rsquo;t be forwarded back to the local copies. That is, the master copy of the post at toot.io will have the aggregate number of likes and boosts. But these aggregated numbers will not be redistributed back to the subscribers and their servers.\nIn our example, the post will have one like and one boost on toot.io, but only one like and no boosts on mastodon.social. It will have no likes and one boost on chaos.social.\nDistributing all counter updates in increments of one to each and every server that has subscribers to SirSquid\u0026rsquo;s posts would just be too much work.\nAnd that is why interaction counters in ActivityPub are usually different on each server, and only the master copy of the post has true counter values.\nOr true-ish. Of course, just like individual articles may never reach individual servers if they are unreachable too long, the same can happen backwards with counter updates.\n","date":"2023-01-25T00:00:00Z","href":"https://blog.koehntopp.info/2023/01/25/mastodon-interaction-counters.html","tags":["lang_en","mastodon","fediverse","social-networking"],"title":"Mastodon Interaction Counters"},{"categories":null,"content":"So, Rachel is in a bad mood: Why I still have an old-school cert on my https site and I feel her. Like her, for my own sites I have always been running Apache. There was never much need to upgrade, the software was available, stable, and fast enough.\nAt some point in time, I needed TLS and started to use Let\u0026rsquo;s Encrypt .\nThat was messy: Running dehydrated , a bunch of haphazard shell scripts trying to get certificates authenticated and installed, through a wild chain of callbacks and sourced scripts all over the system, driven by Cron, and with bad alerting.\nNone of that was necessary.\nTurns out, starting with Apache 2.4.30 (19-Feb-2018), Apache supports mod_md , and that supports Let\u0026rsquo;s Encrypt out of the box. For good measure, I also enabled mod_macro .\nThis being an Ubuntu, I put this into my /etc/apache2/sites-available/000-default.conf:\nServerName mybasedomain.koehntopp.de MDomain mybasedomain.koehntopp.de contentdomain.koehntopp.de proxydomain.koehntopp.de MDContactEmail user@example.com MDCertificateAgreement accepted MDPrivateKeys RSA 4096 There is no additional \u0026ldquo;SSLEngine\u0026rdquo; needed, except SSLEngine on.\nI also add two macros that I use a lot to create virtual hosts to the same file. One is for straight-up content domains:\n\u0026lt;Macro VHost $host\u0026gt; \u0026lt;VirtualHost *:80\u0026gt; ServerName $host ServerAdmin user@example.com DocumentRoot /var/www/$host \u0026lt;Directory /var/www/$host\u0026gt; Options Indexes FollowSymLinks AllowOverride None Require all granted \u0026lt;/Directory\u0026gt; ErrorLog ${APACHE_LOG_DIR}/error-$host.log CustomLog ${APACHE_LOG_DIR}/access-$host.log combined RewriteEngine On RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] \u0026lt;/VirtualHost\u0026gt; \u0026lt;VirtualHost *:443\u0026gt; ServerName $host ServerAdmin user@example.com ErrorLog ${APACHE_LOG_DIR}/error-$host.log CustomLog ${APACHE_LOG_DIR}/access-$host.log combined DocumentRoot /var/www/$host \u0026lt;Directory /var/www/$host\u0026gt; Options Indexes FollowSymLinks AllowOverride None Require all granted \u0026lt;/Directory\u0026gt; SSLEngine on \u0026lt;/VirtualHost\u0026gt; \u0026lt;/Macro\u0026gt; The other is for Proxy Domains to dockerized stuff:\n\u0026lt;Macro ProxyVHost $host $toport\u0026gt; \u0026lt;VirtualHost *:80\u0026gt; ServerName $host ServerAdmin user@example.com DocumentRoot /var/www/$host \u0026lt;Directory /var/www/$host\u0026gt; Options Indexes FollowSymLinks AllowOverride None Require all granted \u0026lt;/Directory\u0026gt; ErrorLog ${APACHE_LOG_DIR}/error-$host.log CustomLog ${APACHE_LOG_DIR}/access-$host.log combined RewriteEngine On RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] \u0026lt;/VirtualHost\u0026gt; \u0026lt;VirtualHost *:443\u0026gt; ServerName $host ServerAdmin user@example.com ErrorLog ${APACHE_LOG_DIR}/error-$host.log CustomLog ${APACHE_LOG_DIR}/access-$host.log combined DocumentRoot /var/www/$host \u0026lt;Directory /var/www/$host\u0026gt; Options Indexes FollowSymLinks AllowOverride None Require all granted \u0026lt;/Directory\u0026gt; SSLEngine on ProxyPreserveHost On ProxyPass \u0026#34;/\u0026#34; \u0026#34;http://127.0.0.1:$toport/\u0026#34; nocanon ProxyPassReverse \u0026#34;/\u0026#34; \u0026#34;http://127.0.0.1:$toport/\u0026#34; RequestHeader set X-Forwarded-Proto %{REQUEST_SCHEME}s RequestHeader set X-Forwarded-For %{REMOTE_ADDR}s RequestHeader set X-Real-IP %{REMOTE_ADDR}s AllowEncodedSlashes NoDecode \u0026lt;/VirtualHost\u0026gt; \u0026lt;/Macro\u0026gt; The actual host definition can then be rather short. A content domain is simply\n# echo \u0026#34;Use Vhost contentdomain.koehntopp.de\u0026#34; \u0026gt; /etc/apache2/sites-available/contentdomain.koehntopp.de.conf # a2ensite contentdomain.koehntopp.de and I am done. Similarly, a proxy to some internal service:\n# echo \u0026#34;Use ProxyVHost proxydomain.koehntopp.de 3000\u0026#34; \u0026gt; /etc/apache2/sites-available/proxydomain.koehntopp.de.conf # a2ensite proxydomain.koehntopp.de where 3000 is the exposed port from docker. An apachectl configtest and an apachectl graceful later things are rolling. A look at /server-status will tell you if things worked, and what the state of the mod_md deployment is.\nIf you added a new domain, that certificate will be available, but not yet loaded, so a second reload is necessary for deployment.\nFind the actual cert files in /etc/apache2/md/domains/mybasedomain.koehntopp.de, as pubcert.pem and privkey.pem.\nAdditional Note: You can use mod_md to get certificates for your Tailscale domains (Domains in the *.ts.net namespace).\n","date":"2023-01-04T00:00:00Z","href":"https://blog.koehntopp.info/2023/01/04/i-dont-hate-letsencrypt-anymore.html","tags":["lang_en","security","devops"],"title":"I don't hate Let's Encrypt anymore"},{"categories":null,"content":"This text exists mainly so that I paste the URL into the #mysql channel in Libera IRC.\nThe mysqldump tools allows you to convert a MySQL database server or individual schemas back to SQL. You are left with a script that is supposed to be loadable into a target server and gives you back the full database, including all objects in it.\nYou can read that SQL as a script into an empty server to create a new instance, or process it with different tools for different purposes. So in general, a workflow can look like this:\n$ mysqldump --options --more-options and parameters \u0026gt; somescript.sql $ scp somescript.sql somewhere@else.com: $ ssh somewhere@else.com ... $ mysql --show-warnings --whatever-options \u0026lt; somescript.sql Instead of mysql with an input redirect, you may also use the command line client and the source command:\n$ mysql --show-warnings --whatever-options mysql\u0026gt; source somescript.sql TL;DR To get everything, run\n$ mysqldump ... --single-transaction --source-data=2 \\ \u0026gt; --routines --triggers --events \\ \u0026gt; --all-databases | \u0026gt; gzip -9 \u0026gt; mydump.sql.gz To get one database, run\n$ mysqldump ... --single-transaction --source-data=2 \\ \u0026gt; --routines --triggers --events \\ \u0026gt; --databases dbname | \u0026gt; gzip -9 \u0026gt; mydump.sql.gz To get only the schema, use --no-data. For example:\n$ mysqldump ... --single-transaction --source-data=2 \\ \u0026gt; --routines --triggers --events \\ \u0026gt; --no-data \\ \u0026gt; --databases dbname \u0026gt; mydump.sql How do we get there? Setting expectations SQL scripts are not a compact data representation, and often the mysqldump of a server is larger than $DATADIR of that instance. The script usually compresses very well. So it is useful to run gzip or similar on it.\nSQL scripts are a representation of the data in the instance in textual form without indexes. Reading the script into a new server not only requires parsing the SQL into server internal data structures. It also requires that indexes are being rebuilt, and that is a process that consumes a lot of CPU and memory.\nMost people would suggest that you do not ship data larger than 10 GB in the form of a mysqldump, because loading it will take too long. As a rule of thumb that holds well, but it really is a function of memory available for index building, and the size of the largest index in the dump.\nmysqldump is single threaded. It profits from faster CPUs, but not from more cores. Loading a dump is also single threaded.\nThe defaults of mysqldump are somewhat sane, if you only want to dump tables. For code in the database, additional options are required that are not part of the standard configuration.\nDumping everything, atomically We are assuming here that all tables are InnoDB, without exception. If in 2023 you still are using non-transactional tables, you are beyond help anyway.\nDumping all data in the database takes time. While running the dump, the data you are trying to dump may change due to other processes making changes.\nSpecifically, with the default isolation level, each single table will maintain a consistent read view while being dumped. It will therefore not change for the mysqldump while it is being dumped. But between tables changes may happen.\nThe option --single-transaction can be used to run the entire mysqldump in a single transaction, providing you with a consistent dump of the database.\nA consistent dump of a database is associated with exactly one binlog position. In traditional replication, and for bookkeeping purposes, it is useful to take note of this binlog position. So the option --source-data=2 (previously --master-data=2) should also be used to record this binlog position in the dump.\nThis will result in a comment to be added at the top of the dump file looking like this:\n-- -- Position to start replication or point-in-time recovery from -- -- CHANGE MASTER TO MASTER_LOG_FILE=\u0026#39;binlog.000005\u0026#39;, MASTER_LOG_POS=157; So far, our mysqldump command to dump everything should look like this:\n$ mysqldump ... --single-transaction --source-data=2 Dumping code in the database By default, mysqldump will not dump all non-table objects in the database. You need to pass --routines, --trigger and --events to get all the code from the database as well.\nOn newer versions of MySQL, --trigger is enabled by default, so they are dumped. On older versions, you would have to manually mention it on the command line.\nEven on the most recent versions of MySQL, stored functions, stored procedures and events are not dumped automatically. You would have to mention --routines and --events for them to be dumped.\nOn older versions of MySQL that was not a problem, if the mysql.* schema was part of the dump. Inside it were tables in there that contained functions, procedures and even definitions.\nStarting with MySQL 8, these tables are no longer used, because the definitions are now stored in hidden data dictionary tables.\nUsing these options is now mandatory, if you want this code to be part of the dump.\nSo in order to also dump code in the database, our command becomes now\n$ mysqldump ... --single-transaction --source-data=2 --trigger --routines --events --opt is a set of options enabled by default The mysqldump runs with --opt enabled by default. You could run with --skip-opt to prevent this, but this is not helpful.\n--opt is a shorthand for the following collection of options:\n--add-drop-table Generate a DROP TABLE statement before each CREATE TABLE statement in the dump. --add-locks Enclose the INSERT statements loading data into the table with LOCK TABLES and UNLOCK TABLES statements. This used to make data load faster for MyISAM tables, but should not be necessary for InnoDB tables. It is not harmful, especially not for initial data loads, so do not worry about it. --create-options Preserve all MySQL specific create options for all tables. This is very much needed in almost all use-cases. It may be disabled for data transport from MySQL to other database systems. --disable-keys For each table, enclose the INSERT statements in DISABLE KEYS and ENABLE KEYS statements. For MyISAM tables, this improves data load speed, and index quality. For InnoDB, it does nothing, but is also not harmful. --extended-insert The INSERT statements generated will use extended insert syntax. This will generate very long lines in the dump (matching whatever is defined as max-allowed-packet). This will minimize round trips, and make the load faster. It will make grepping and editing the dump very hard. It may create problems loading the data, if the source server has a modified, large max-allowed-packet. Depending on what you want to do with the dump, it may be useful to --skip-extended-insert to turn this off. --lock-tables This will lock the local tables before dumping them. This is important when using MyISAM tables, and is overridden, if tables are InnoDB, and --single-transaction is used. So we are okay with it. --quick This dumps the tables using mysql_use_result(), so the result is streamed using very little memory in the client. If you run with --skip-quick, full tables will be downloaded into the client before then can be dumped. If these tables are many gigabytes in size, mysqldump will be using a lot of memory, and will be very unhappy. Do not disable --quick. --set-charset Generate a SET NAMES statement as needed to preserve character encoding. This should be always on, in order to preserve character encoding correctly. In general, you should be fine with --opt and there is no need to change anything.\nIn some cases, you want to run with --skip-extended-insert, in order to search and manually edit the data in the dump easier. The dump will load somewhat slower, and will be somewhat larger in this case.\nDumping only the schema If you want to dump only the schema, and not the data, there is an option for that: --no-data. You get an SQL file with no INSERT, only CREATE TABLE and friends. You would still need --routines, --triggers and --events to get all the code.\nWe get\n$ mysqldump ... --single-transaction --source-data=2 \\ \u0026gt; --trigger --routines --events \\ \u0026gt; --no-data Dumping all databases, or just one database \u0026ndash;all-databases You need to tell mysqldump what to dump.\nThis can be --all-databases, which will do exactly that, including the mysql database with all the grants, the help, the timezone data and so on.\nIf --all-databases is being used, each database in the dump will be created with a CREATE DATABASE statement. A matching DROP DATABASE statement is not being generated. That is less of a problem than one might assume, because the generated CREATE DATABASE statement is protected by an IF NOT EXISTS clause.\nStill, it may be useful to DROP DATABASE IF EXISTS before creating a new one, in order to get rid of tables that should not be there.\nTo achieve this, you could add the option --add-drop-database.\nBut: If you do that together with --all-databases, then a DROP DATABASE ...; statement will put in front of each CREATE DATABASE statement, including the mysql system database:\n/*!40000 DROP DATABASE IF EXISTS `mysql`*/; CREATE DATABASE /*!32312 IF NOT EXISTS*/ `mysql` /*!40100 DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci */ /*!80016 DEFAULT ENCRYPTION=\u0026#39;N\u0026#39; */; USE `mysql`; In MySQL 8, the mysql schema cannot be dropped anymore, so you need to edit that out manually to make the dump useful.\nWhy mysqldump does not special case this schema nobody knows: it is known broken, and documented as broken in the manual page. But nobody cared enough to put this single \u0026amp;\u0026amp; (!my_strcasecmp(charset_info, ..., \u0026quot;mysql\u0026quot;)) into the codebase .\nWe end up running\n$ mysqldump ... --single-transaction --source-data=2 \\ \u0026gt; --routines --triggers --events \\ \u0026gt; --all-databases --add-drop-database \u0026gt; mydump.sql A single database Instead of dumping all database, maybe we want just one database, or even a single table from a single database.\nIf you run mysqldump databasename to dump a single database like this:\n$ mysqldump ... --single-transaction --source-data=2 \\ \u0026gt; --routines --triggers --events \\ \u0026gt; databasename \u0026gt; mydump.sql no CREATE DATABASE statement is generated. You will just get a sequence of CREATE TABLE statement. This can easily be imported into a differently named database.\nAlso, adding --add-drop-database to this does nothing.\nIf you run mysqldump --databases databasename to dump a single database instead,\n$ mysqldump ... --single-transaction --source-data=2 \\ \u0026gt; --routines --triggers --events \\ \u0026gt; --databases databasename \u0026gt; mydump.sql this does generate a leading CREATE DATABASE statement. That is, because the --databases option accepts a space separated list of databases to dump.\nHere, using --add-drop-database will do what is expected from it.\nTo dump a single table, use\n$ mysqldump ... --single-transaction --source-data=2 \\ \u0026gt; --routines --triggers --events \\ \u0026gt; --databases databasename --tables tablename \u0026gt; mydump.sql Alternately mixing --databases and --tables will not work.\n","date":"2023-01-03T00:00:00Z","href":"https://blog.koehntopp.info/2023/01/03/mysql-ways-to-run-mysqldump.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Ways to run mysqldump"},{"categories":null,"content":"Die Niederlande sind ja ein Land, das mit WhatsApp funktioniert. \u0026ldquo;Ik stuur je snel een appie\u0026rdquo; und wenn WhatsApp mal down ist, wird das Land vorübergehend geschlossen.\nDamit kann man einverstanden sein oder nicht, aber Metcalfe\u0026rsquo;s Law ist mächtig und wenn man das Land nicht in Hard Mode spielen will, dann legt man sich besser ein WhatsApp zu.\nAn ungefähr jedem zweiten Wohngebiet findet man ein solches Schild an der Einfahrtstraße. Es gehört zu WBAP (WhatsApp BuurtPreventie), einem System von mehr als 10.000 Nachbarschafts-Chatgruppen.\nAuch die Schulen haben viele Jahre lang mit den Eltern pro Klasse eine WhatsApp-Gruppe gefahren. Das ist dann vor vier oder fünf Jahren plötzlich aus Datenschutzgründen untersagt worden. Dabei ist \u0026ndash; datenschutztypisch \u0026ndash; keine Alternative genannt worden.\nMan hat also hastig eine Chatfunktion in die Schul-App integriert, also in unserem Fall für die Grundschule in Parro . Da hatte man dann eine 50:50 Chance, daß die betreffende Lehrkraft das auch benutzt und in Time gesehen hat.\nDie Schüler hatten alle kein Problem. Die hatten alle, sobald sie schreiben konnten, ein eigenes Handy. Entweder ohne SIM oder mit einer Prepaid-Karte drin. Und natürlich haben sie sich selbst pro Klasse WhatsApp-Gruppen gebaut.\nWenn man also zuverlässig kommunizieren wollte, dann mußte man über die WhatsApp-Gruppe der Kinder herausfinden, welche WhatsApp-Gruppe die Eltern der Klasse organisiert hatten, und dann ging es weiter. Nur halt ohne Lehrer.\nDas ist hoffentlich für niemanden überraschend: Wenn jemand etwas aus welchem Grund auch immer verbietet, dann geht der Bedarf ja nicht weg, der zum Betrieb der originalen Lösung geführt hat. Wenn man also den Datenschutz, Security oder sonst irgendwelche Interessen vertritt und dabei nicht konstruktiv arbeitet, also rechtskonforme, aber vor allen Dingen funktionierende und bedarfsgerechte Lösungen als Ersatz anbietet, dann passiert… genau gar nix.\nAußer einem weiteren gloriosen Sieg für den Datenschutz, mit dem wir Europäer den bösen amerikanischen Datenkraken-Megakonzernen mal so richtig gezeigt habe, was eine Harke ist. Feuerwerk!\nSchul-App Ein wenig Hintergrund: Verzuiling (\u0026ldquo;Versäulung\u0026rdquo;) ist eine spezifische Entwicklung von innerstaatlichen Parallelgesellschaften, die typisch für die niederländische Gesellschaft war. So gab es im Schulbereich katholische, protestantische und nicht-konfessionelle Schulen und in einigen Bereichen auch gewerkschaftlich geprägte Schulzüge.\nSelbst hier in unserem 5000-Leute-Dorf gab es bis vor 4 Jahren noch eine konfessionelle und eine nicht-konfessionelle Grundschule, die dann erst aus finanziellen Gründen und wegen der sinkenden Schülerzahlen zusammen gegangen sind. Das war weitgehend problemlos, da auch an der (größeren) konfessionellen Schule außer dem Religionsunterricht und gelegentlichen Kirchenbesuchen am Reformationstag kaum etwas von der konfessionellen Ausrichtung zu spüren war.\nAber die Schulen, mit denen ich Erfahrung habe, sind meistens Mitglied in einer Gruppe, die eine gemeinsame Schul- und Technikorganisation haben. Für unsere Grundschule war das zum Beispiel Stichting Jong Leren , und die jl-Schulen verwenden alle Parnassys als Schul-Anwendung und Parro als Schulapp.\nBei den VWO, die ich im Detail angesehen habe, war das dann alles auf der Basis von Magister . Alle Schulen, mit denen ich zu tun hatte, nahmen dann hinten dran im Betrieb Google Edu und weitere hinten dran gestrickte Anwendungen von Schulbuch- und Contentverlagen.\nDie sind dann jeweils von der Trägerorganisation in Zusammenarbeit mit den Verlagen entwickelt worden, und passen zu den Lehrbüchern und Übungen.\nIn der Regel arbeiten die verschiedenen Träger zusammen, und so gibt es da nicht sonderlich tiefgreifende Unterschiede zwischen den Trägern. Das will man schon aus Kostengründen nicht erzwingen, wozu auch?\nWenn man als Schule Arbeit vom Hals haben will, dann sucht man sich also eine zur eigenen Säule und zur eigenen Ideologie passende Träger-Organisation aus und tritt da ein, damit man Zugriff auf diese Ressourcen hat. Am Ende landet man dann bei Magister und Google Edu, weil das irgendwie alle machen und das auch total sinnvoll ist.\nMagister Um einmal einen Eindruck zu vermitteln, wie so etwas aussehen kann: Magister bietet in der Elternansicht eine Reihe von nützlichen Funktionen an, die im Grunde ein \u0026ldquo;Klassenbuch\u0026rdquo; komplett ersetzen.\nDie Anwendung kann mehrere Kinder verwalten.\nIch sehe den Stundenplan, Hausaufgabe, Fehlzeiten, Noten und diverse Mails und Mitteilungen der Schulleitung, sowie To-do-Listen und zusätzliche Studienangebote der Schule.\nScreenshot des Hauptmenüs von Magister mit den Punkten Stundenplan, Hausaufgaben, Abwesenheit, Noten, Mail, Mitteilungen, Studienwegweiser, Todo und Stammdatenverwaltung.\nIch kann im Stundenplan sehen, ob Hausaufgaben aufgegeben sind. Ich kann auch erkennen, ob das Kind sie abgehakt hat (dann wäre der Böppel grün).\nIn der Hausaufgabenansicht bekomme ich das kompakter, als Liste.\nFehlzeiten, entschuldigt und unentschuldigt, bekomme ich auch mit.\nStundenplan für den 12. Januar 2023, mit Unterrichtsbeginn um 9:35. Es ist eine Doppelstunde Geschichte, dann Kunst, dann zwei Doppelstunden O\u0026amp;O. Zu Geschichte ist eine Hausaufgabe vorhanden, die noch nicht abgehakt ist.\nIn der Notenansicht sind die letzten Ergebnisse, das Datum des neusten Ergebnisses und die Note selbst (hier zensiert) jeweils sichtbar.\nDie Notenansicht. Sie zeigt jeweils das Datum des letzten Ergebnisses und (hier zensiert) das letzte Ergebnis, sowie die Anzahl der vorliegenden Ergebnisse. Man kann dann auf die einzelnen Leistungsnachweise zurückblättern.\nAuf diese Weise ist zwischen allen Beteiligten jeweils die Faktenlage aktuell und transparent dokumentiert und es geht nichts verloren. Alles in allem ist das recht effektiv.\nWir hatten vor den Weihnachtsferien das erste Elterngespräch auf der neuen Schule. Da von den Sachfragen her alles klar war, haben wir mit dem Kind und zwei Lehrkräften zusammen gesessen und dann mal darüber geredet, wie das so ist mit Niederländisch als Zweitsprache an der VWO, und wo noch was zu machen ist.\nMit einem deutschen Elternabend komplett nicht vergleichbar.\nDas ist bemerkenswert, weil die Lehrerausbildung in Deutschland sehr viel besser ist. Hierzulande ist Lehrer ein Ausbildungsberuf, und je nach Hintergrund haben die betreffenden Personen zwischen sechs Monaten und drei Jahren Ausbildung erhalten. Der Rest muss per Weiterbildung und durch Assimilation \u0026ldquo;on the Job\u0026rdquo; passieren. Man kann am Alter der Lehrkraft schon grob abschätzen, wie umfassend ihr Repertoire an Methodik, Konfliktlösung und Kommunikationstraining ist. Und wie bei Handwerkern auch ist das Spektrum an Leistungsunterschieden sehr viel breiter, als man das von Deutschland gewohnt ist, weil die Ausbildung selbst sehr viel individueller und variabler ist.\nSchwächen, aber nicht bei der Technik Alles in allem kann man sowohl für die Grundschule als auch die VWO sagen, daß die Technik funktioniert.\nDie Schulgebäude sind modern, sauber und gut renoviert. Die Ausstattung mit der Technik ist natürlicht nicht optimal, aber weitgehend adäquat, und die Räume sind von der Ausstattung her in der Lage, die Technik zu tragen. Das gilt insbesondere auch für Netz in die Schule (Glasfaser) und Wifi (aktiv gemanaged und auf die Anzahl der Clients abgestimmt, mit einer Abdeckungs- und Lastanalyse).\nVerwaltung und Betrieb sind an ICT-Firmen ausgelagert, die mit den Verwaltungsanwendungen und Google Edu umzugehen wissen. Erwartungsgemäß kommt es dabei zu Beginn des Schuljahres zu einzelnen Rucklern und Rechteschwankungen, die jedoch teilweise erstaunlich lange in der Bearbeitung brauchen. Am Ende hat es 14 Tage gedauert, bis alle Schüler in ihren Klassenverbänden mit den korrekten Stammdaten und Rechten registriert waren.\nMithalten ist Arbeit Die Schule selbst steht zum Teil vor großen pädagogischen Problemen, weil die Leistungsstände der Kinder beim Umgang mit Rechnern und mit der speziellen Umgebung extrem unterschiedlich sind. Sie darf nichts voraussetzen, aber die meisten Kinder kennen sich mit der Technik gut genug aus, um sofort loszuarbeiten und einzelne Kinder haben einen Leistungsstand, der dem der Lehrkräfte vergleichbar ist. Dies zu vereinheitlichen und dabei weder oben noch unten Leute zu verlieren ist nahezu unmöglich, und auch nicht gut gelöst.\nDie oft gehörten Bedenken \u0026ldquo;große Konzerne drängen auf den Bildungsmarkt, und versuchen Abhängigkeiten zu erzeugen, Curricula zu pushen und Kunden für die Zukunft zu binden oder Daten zu monetarisieren\u0026rdquo; lassen sich durch Beobachtung von meiner Seite nicht bestätigen.\nEs bestehen Probleme, aber die sind anderer Art. In \u0026ldquo;ICT Basisvaardigheden\u0026rdquo; wird teilweise Unterrichtsmaterial verwendet, das Spezifika von Windows-Programmen voraussetzt und abfragt. Aber die Schule setzt Chromebooks ein und wir haben Apple daheim. Das Kind \u0026ndash; im Grunde sehr sicher im Umgang mit Rechnern \u0026ndash; kommt aufgelöst angerannt und fragt sich, wie es die Aufgabe lösen soll. \u0026ldquo;Ja\u0026rdquo;, sagt die Schule, \u0026ldquo;wir können das Unterrichtsmaterial nicht schnell genug anpassen.\u0026rdquo;\nArbeiten in lokalen und verteilten Gruppen Auch in der Gestaltung des Unterrichts stößt die Schule teilweise an ihre Grenzen, hier dann aber wegen Ausbildungs- und Umsetzungsschwächen. Diese spezielle Schule ist sehr stolz auf das Fach O\u0026amp;O (\u0026ldquo;Onderzoek \u0026amp; Ontwerpen\u0026rdquo;, \u0026ldquo;Untersuchen und Entwerfen\u0026rdquo;). Die Grundidee ist fantastisch, weil das eine schulbegleitende, fächerübergreifende Ingenieursanwendung ist: Die Kinder sollen in Kleingruppen, gemeinsam, ein konkretes real-weltliches Problem lösen, also zum Beispiel ein Löwengehege im Artis-Zoo von Amsterdam entwerfen oder eine Upcycling-Lösung für ein Produkt einer Firma entwerfen.\nDie Umsetzung scheitert auf mehr als einer Ebene, und das müßte sie im Grunde nicht. Wir reden hier nach deutscher Skala von Kindern 7. Klasse Gymnasium, die in einem neu zusammengewürfelten Klassenverband die neue Schule beginnen. Sie werden zufällig und für jedes Projekt neu in zufällige, nicht selbstbestimmte 4er-Gruppen geworfen, und natürlich geht das Team danach immer wieder neu durch die Forming, Storming, Norming and Performing-Phasen. Das wäre leicht vermeidbar, wenn man dies verstünde, die Teams stabil ließe und dabei dann behutsam Ausgleichs-Umbesetzungen vornähme, wo das notwendig ist.\nDie einzelnen Aufgaben werden teilweise mit recht wenig Begleitung und gewiss ohne Meta-Ziele in die Teams geworfen. Es wäre total sinnvoll, die erste Aufgabe als Wegwerf-Projekt zu inszenieren und dabei nicht nur den Gebrauch der Google-Office-Werkzeuge zu lehren, sondern auch kollaboratives Arbeiten, Strukturierung der Arbeitsumgebung, und dabei den Teams Zeit und Raum zu geben, gemeinsame Normen und Methoden zu finden. Auch diese Chance wurde vergeben.\nEbenso hätte man bei verschiedenen dieser Projekte die Konzepte von Stakeholdern, multilateralen Zielen, Design Constraints und andere Dinge einführen können. Artis ist zum Beispiel ein Zoo, der auf enorm kleinem Raum auskommen muß, weil er mitten in einer dicht gepackten Innenstadt liegt. Die Bedürfnisse von Tieren, Besuchern, Wärtern und die finanziellen Constraints der Betreiber unter einen Hut zu bekommen ist so gut wie unmöglich, aber selbst mit einer vereinfachten Aufgabenstellung hätte man zumindest diese Blickwinkel, harte und weiche Einschränkungen und dergleichen mehr ansprechen können und das Projekt so pädagogisch sehr viel wertvoller machen können.\nIch bin nicht nahe genug dran, um beurteilen zu können, warum das so ist, aber ich habe den laienhaften Eindruck, daß es da an strukturierter Aufbereitung der Ziele und der pädagogischen Umsetzung mangelt. Dort wären viele \u0026ldquo;leichte\u0026rdquo; Gewinne und einfache Verbesserungen möglich.\n","date":"2022-12-30T00:00:00Z","href":"https://blog.koehntopp.info/2022/12/30/was-mein-kind-in-der-schule-so-macht.html","tags":["lang_de","schnuppel","bildung","security"],"title":"Was mein Kind in der Schule so macht"},{"categories":null,"content":"In Mein Sohn sitzt vor dem Computer und in Schulen digitalisieren ging es schon einmal um den Einsatz von Computern in der Schule, in Deutschland und in den Niederlanden.\nVWO Jetzt stand bei uns letzten Sommer nach dem Ende der 8. Grundschulklasse (der deutschen 6. Grundschulklasse) der Schulwechsel auf die VWO an. VWO steht für \u0026ldquo;Voorbereidend wetenschappelijk onderwijs\u0026rdquo;, studienvorbereitender Unterricht, und entspricht noch am ehesten einem deutschen Gymnasium. So wie es in Deutschland Gymnasien mit unterschiedlicher Ausrichtung gibt, gibt es das auch in den Niederlanden und der Name \u0026ldquo;Gymnasium\u0026rdquo; steht für eine VWO mit altsprachlicher Ausrichtung, der Name \u0026ldquo;Atheneum\u0026rdquo; für VWO mit einer technisch-naturwissenschaftlichen Ausrichtung, und es gibt noch ein paar weitere Geschmacksrichtungen. Die Schulart ist VWO.\nWie auch schon in der Grundschule werden im Unterricht unter anderem Chromebooks benutzt und der Online-Teil des Unterrichts um Google Edu herum strukturiert. In einer Diskussion mit Deutschen gab es dabei einen Haufen komische Vorstellungen, was das ist, wieso das nützlich ist und natürlich einen Haufen Befürchtungen, ob das nicht gefährlich ist.\nChromebook Ein Chromebook ist ein normaler Laptop mit Linux, der direkt in einen Chrome Browser bootet. Auf dem Gerät werden keine Daten gespeichert, alle Daten werden in den Diensten hinterlegt, die man mit dem Gerät nutzt.\nChromebooks gibt es in sehr unterschiedlichen Leistungsklassen und Preislagen. Von 200 Euro Wegwerf-Geräten bis zu 2k Euro mit Touchscreen und dicken CPUs ist alles vorhanden, auch wenn der Schwerpunkt eindeutig auf kostengünstigen Geräten mit niedrigem Energieverbrauch und langer Akkulaufzeit liegt.\nWir haben gar keines gekauft, sondern ein Angebot eines von der Schule empfohlenen Dienstleisters wahrgenommen, und mieten für 13.70 Euro im Monat. Dadurch haben wir immer ein aktuelles und funktionsfähiges Gerät (und Daten können prinzipbedingt sowieso nicht verloren gehen), und brauchen uns keine Sorgen zu machen.\nTechnisch ist das so, daß das Kind ein von der Schule bereitgestelltes Google Edu Login bekommt. Mit dem Login kann er sich auf dem Gerät oder auf seinem Rechner daheim anmelden. Danach kann er dann die von der Schule bereitgestellten Dienste und Daten nutzen. Dabei spielt es keine Rolle wo er ist, und ob er das Chromebook oder seinen privaten Rechner benutzt, solange er im Browser mit der Schul-Identität unterwegs ist.\nAngenehm ist, daß\ndas Gerät im Grunde keine Rolle spielt, sondern nur das Login wichtig ist keine Daten auf dem Gerät sind, sodaß nichts verloren gehen kann und nahtlos zwischen daheim und der Schule gewechselt werden kann der Chrome-Browser mehrere Identitäten verwalten kann, sodaß das Kind sowohl auf dem Chromebook als auch auf dem privaten Rechner in unterschiedlichen Fenstern unterschiedliche Identitäten haben kann Zugriffsregeln und Rechte vom Login abhängen und nicht vom Gerät Nützlich ist auch, daß das Gerät eine Tastatur und Maus hat. Dadurch kann man auf dem Gerät sinnvoll schreiben und Inhalte erzeugen. Es gibt Geräte mit Touchscreen und Tablet-Betrieb, wenn man das auch braucht, aber generell sind dies \u0026ldquo;richtige Laptops\u0026rdquo; und keine Tablet-Geräte, die auf Konsum von Inhalten optimiert sind.\nKeine Viren Chromebooks unterscheiden sich von normalen Computern dadurch, daß sie in der normalen Betriebsart einen \u0026ldquo;trusted boot\u0026rdquo; durchführen. Das System ist dann vom Systemstart an validiert und durch Prüfsummen abgesichert \u0026ndash; weder das System noch der Browser können durch Viren, unangemeldete Systemerweiterungen oder Browser-Plugins \u0026ldquo;verunreinigt\u0026rdquo; werden. Wenn der Zustand des Rechners einmal fragwürdig sein sollte, drückt Ctrl-Alt-Shift-R und wählt Restart -\u0026gt; Powerwash. Das System führt dann einen \u0026ldquo;Powerwash \u0026rdquo; durch, und ist danach wieder auf den abgesicherten Fabrikzustand zurückgesetzt. Nach einem neuen Login hat man dann ein sauber aufgesetztes System und seine Daten.\nDas ist für die Schule angenehm, denn dies ist in der Tat die gesamte Gerätewartung, die vor Ort notwendig ist. Installation, Konfiguration und Wartung vor Ort entfallen komplett.\nGoogle Edu Für die Schule ist das Wegfallen der Gerätewartung und Installation angenehm, aber nur das User-Ende der Schul-Verwaltung. Der eigentliche Clou ist Google Edu, also \u0026ldquo;Google Workspace für Schulen\u0026rdquo;.\n\u0026ldquo;Google Workspace\u0026rdquo; ist für den Endbenutzer sichtbar die Sammlung von Werkzeugen, die früher unter dem Namen \u0026ldquo;Google Office\u0026rdquo; bekannt war. Also Gmail, Calendar, Drive, Docs/Sheets/Slides/Forms, und das Meet Konferenzsystem/Chat.\nIAM Wichtiger für die Schule selbst und für den Endbenutzer eher unsichtbar ist das IAM-Backend. IAM steht dabei für \u0026ldquo;Identitäts- und Access-Management\u0026rdquo;.\nDas ist die Struktur, die der Schule \u0026ldquo;Logindienste\u0026rdquo; und \u0026ldquo;Rechteverwaltung\u0026rdquo; bereitstellt. In Identität, Authentisierung, Autorisierung, Auditing und Accounting definiere ich eben diese Begriffe. Die Kurzform:\nIdentität ist der Login-Name, der mich im Kontext meiner Organisation repräsentiert. Also so etwas wie \u0026ldquo;kristian.koehntopp@schulname.nl \u0026rdquo;. Authentisierung ist der Mechanismus, oder die Kombination von Mechanismen, mit der ich gegenüber dem System beweise, daß ich wirklich \u0026ldquo;kristian.koehntopp@schulname.nl \u0026rdquo; bin. Also so was wie mein Paßwort und der Knopfdruck auf meinem Yubikey. Anker ist die Bestätigung der Organisation, daß ich wirklich zur Organisation gehöre und welche Rolle ich dort habe. Das ist vor allen Dingen bei Self-Signup wichtig, also wenn man Login nicht durch die Schule generiert worden wäre, sondern ich mich selbst anmelde. Mit der Verankerung verhindert die Organisation, daß jemand sich anmeldet und sich selbst dann Attribute wie \u0026ldquo;gehört der Schule an\u0026rdquo;, \u0026ldquo;ist Mitglied des Lehrkörpers\u0026rdquo; und so weiter zuweist. Autorisierung ist der Satz an Rechten, den ich auf Grund meiner bewiesenen Identität habe. Der Rechtesatz ist in der Regel identisch mit dem vieler anderer Nutzer, die die gleiche Rolle wie ich haben (\u0026ldquo;Schüler\u0026rdquo;, \u0026ldquo;Lehrer\u0026rdquo;, \u0026ldquo;Administrator\u0026rdquo;). Der Rechtesatz kann automatisch generiert werden, wenn verifizierte Attribute bereitstehen (\u0026ldquo;Lehrer\u0026rdquo;-Rolleninhaber können nur die Daten \u0026ldquo;ihrer Klasse\u0026rdquo; sehen). Auditing ist ein nicht abschaltbares, nicht veränderbares Logbuch von systemrelevanten Aktivitäten im System, bei dem das Verändern von Systemobjekten durch Benutzer mitgeloggt wird. Ein Audit-Event ist dann so etwas wie \u0026ldquo;Der Lehrer Lempel hat die Mathematik-Note von Kristian Köhntopp am \u0026hellip; um \u0026hellip; unter Benutzung der IP \u0026hellip; auf 3 gesetzt.\u0026rdquo; Accounting ist ein spezielles Auditing, das die Grundlage der Rechnungslegung ist. Der eigentliche Clou, für die Schule und ihre Administration, ist dabei das IAM, also die Tatsache, daß der Schule und ihren Partnern ein konfigurierbares, offenes IAM bereitgestellt wird. Partner kann dabei auch ein IT-Partner sein, also eine Firma oder Behörde, die für die Schule die Konfiguration und den Betrieb von Google Edu übernimmt. Dabei ist das System selbstverständlich so gestaltet, daß ein solcher Partner zwar die Rechte der Benutzer konfigurieren kann, aber natürlich nicht ihre Daten sehen oder verändern.\nOAuth2 Google Edu stellt dabei wie viele andere Systeme auch \u0026ldquo;OAuth \u0026rdquo; als Login-Mechanismus bereit. OAuth ist ein Verfahren, mit dem ein IAM-Dienstleister (also etwa Google Edu) externen Diensten Identitäten beglaubigen und bereitstellen kann. Dabei kann für jeden Dienst einzeln und unterscheidbar Zugriff gewährt werden, der Zugriff an Rechte und Rollen gebunden werden, und für den Benutzer sichtbar gemacht werden, welche Dienste wann warum worauf zugegriffen haben.\nWenn die Schule also etwa mit Schulbuchverlagen und den Anbietern von Schulsoftware zusammenarbeitet, dann kann die Schule Anwendungen von solchen Anbietern einzelnen Schülern oder Klassen zuweisen. Die Schule kann dabei auch festlegen, welche Daten vom Schüler (\u0026ldquo;keine, nur ein anonymes Identifikationstoken\u0026rdquo;, \u0026ldquo;die Loginkennung\u0026rdquo;, \u0026ldquo;der volle Name des Schülers\u0026rdquo;, \u0026ldquo;die Daten des Schülers in anderen Diensten\u0026rdquo;) mit dem Softwareanbieter geteilt werden. Schüler können die ihnen zugewiesenen Anwendungen sehen, und auch welche Daten und Rechte damit verbunden sind. Anbieter von Anwendungen können sich sicher sein, daß die Identitäten der Nutzer authentisch sind.\nAlle können im Falle einer Sicherheitsschwankung die Auswirkungen begrenzen: Sollte es zu Einbrüchen bei externen Anbietern kommen, können Zugriffs-Tokens zurückgerufen werden und die Account-Sicherheit so vergleichsweise einfach wieder hergestellt werden. Zugleich ist durch die Datenverwaltung von IAM und OAuth klar, welche Daten im Zugriff waren und welches Ausmaß der Schaden hat.\nPlattform Selbst ohne die Google-eigenen Anwendungen ist das Zusammenspiel von IAM, OAuth und Chromebook schon sehr viel wert. Für die Schule und die Anbieter von Inhalten entsteht so eine offene Plattform, gegen die entwickelt werden kann: Anbieter können sich auf der Basis von offenen Standards (HTML, CSS, Javascript, dokumentierte Browser-APIs) und verifizierten Identitäten mit einem Rechtesystem in einem Ökosystem gruppieren, in dem sich Dienste anbieten, regeln und abrechnen lassen.\nDie Plattform selbst besteht dabei aus gut verstandenen Komponenten: Linux, Chrome, offenen Standards und Schnittstellen und einem vielfach verifizierten und zertifizierten Dienstanbieter mit einem ausgezeichneten Sicherheitsbewußtsein.\nDazu kommen optional noch die Werkzeuge aus dem Google-Werkzeugkasten selbst. Aber dies sind auch nur Anwendungen, die wie externe Anwendungen dazu geschaltet werden können.\nAnders als andere Plattformen (\u0026ldquo;iPads\u0026rdquo;) oder selbst gekochte Lösungen (\u0026ldquo;Moodle und Jitsi plus einige Extras\u0026rdquo;) gibt es ein verifiziertes und zertifiziertes Betriebs- und Rechtekonzept, das auch von externen Dienstleistern gut verstanden und unterstützt wird.\nDas ist bemerkenswert, weil dies bisher nicht nur bei deutschen Schulen, sondern auch bei fast allen europäischen Cloud-Anbietern ein blinder Fleck ist: Während es viele europäische Dienste gibt, die (meist auf der Basis von Openstack) virtuelle Maschinen oder Dienste anbieten, gibt es kaum einen europäischen Cloud- oder Schulanbieter, der IAM/OAuth und ein Verwaltungs-Framework darum herum anbietet. Ganz zu schweigen von \u0026ldquo;Null Aufwand\u0026rdquo;-Clients, die eine über viele Jahre stabile und weiterentwickelte Hardware in Schülerhand darstellen, und bei der sich die Verwaltungsarbeit zentral gesteuert und kryptografisch abgesichert bis in den Client hinein erstreckt.\nTatsächlich ist es so, daß die Diskussion in Deutschland sich meist in abstrakten Datenschutzbeschwörungen (\u0026ldquo;Google böse\u0026rdquo;) und Hardware-Streitereien (\u0026ldquo;iPads oder Windows-Laptop\u0026rdquo;) Gerede erschöpft. Es wäre sinnvoller, stattdessen einmal Ende-zu-Ende Betriebskonzepte zu besprechen und bewerten. Und dabei die Erkenntnisse und Entwicklungen der letzten zehn Jahre auf dem Gebiet der Auftragsdatenverarbeitung (\u0026ldquo;Cloud\u0026rdquo;) und des Rechnerbetriebs zu berücksichtigen.\n","date":"2022-12-29T00:00:00Z","href":"https://blog.koehntopp.info/2022/12/29/chromebooks-in-der-schule.html","tags":["lang_de","schnuppel","bildung","security"],"title":"Chromebooks in der Schule"},{"categories":null,"content":"When asking for help in Libera Chat , in the #mysql channel, people will ask you to use the mysql command line client. They will also point you to dbfiddle.uk for asking questions. Specifically, when using phpMyAdmin, you will get hate.\nWhy is that?\nWhen asking for help, it is almost impossible to help a GUI user, because they will need to paste screenshots in order to document what they did. The screenshots do not help us. They are hard to read, and do not contain the information about the problem you need help with in textual form.\nAlso, it is often that GUI users do not see all the details from a large result set cell. Specifically, things such as the output of SHOW ENGINE INNODB STATUS and similar usually fail to display in a GUI in a meaningful way. This is never a problem with a command line client, even if that client is used in a wrong way.\nFinally, many GUI clients disconnect and reconnect between queries, and this is hardly documented. This makes it impossible to use connection scoped state , such as transactions, @variables or per-session config. Specifically, by construction, phpMyAdmin cannot handle this at all.\nThis is why we ask users to use the mysql command line client. It works, we know it works, and it can handle large result sets in a way that is helpful to you and us.\nUsing \\g and \\G The mysql command line client has an online help. Type \\h and read it. It is useful.\nThe command line client also has readline support. That means, emacs editing keys and cursor keys work. You can C-A, C-E, Esc f and Esc b and similar. You can C-R for history search.\nThe command line client requires that you use ; or \\g (\u0026ldquo;go\u0026rdquo;) to terminate a command. This will print the result set in a box.\nkris@localhost [kris]\u0026gt; show tables; +----------------+ | Tables_in_kris | +----------------+ | t | +----------------+ 1 row in set (0.00 sec) kris@localhost [kris]\u0026gt; select * from t; +----+------------+ | id | start_date | +----+------------+ | 1 | 2022-11-01 | | 2 | 2022-11-02 | | 3 | 2022-10-09 | | 4 | 2022-09-01 | +----+------------+ 4 rows in set (0.00 sec) You can also use \\G (note the upper case \u0026ldquo;G\u0026rdquo;) to terminate a command. This will output results as Key-Value pairs.\nkris@localhost [kris]\u0026gt; show tables\\G *************************** 1. row *************************** Tables_in_kris: t 1 row in set (0.00 sec) kris@localhost [kris]\u0026gt; select * from t\\G *************************** 1. row *************************** id: 1 start_date: 2022-11-01 *************************** 2. row *************************** id: 2 start_date: 2022-11-02 *************************** 3. row *************************** id: 3 start_date: 2022-10-09 *************************** 4. row *************************** id: 4 start_date: 2022-09-01 4 rows in set (0.00 sec) $HOME/.my.cnf The mysql command line client will read a $HOME/.my.cnf, if you install one. It will, among other sections, also read the [mysql] section.\nHere is a meaningful $HOME/.my.cnf. Note that in my case, I include a cleartext password for a throwaway user on purpose, for convenience.\nkris@server:~$ cat .my.cnf [mysql] user=kris password=geheim database=kris show-warnings prompt=\\U [\\d]\u0026gt;\\_ I am using prompt= to get a useful prompt. I am using show-warnings, because I do want to see all warnings, all the time, straight into my face.\nI could put the connection data (user= and password=) into a [client] section. This would also be read by mysqldump and friends, and make it even more convenient.\nPager Sometimes I use\nmysql\u0026gt; pager less mysql\u0026gt; select * from largetable where condition=\u0026#39;manyrows\u0026#39;; ... The select result will then show up in less, which is useful. I can disable this with nopager, or by using pager with no argument.\nSometimes I do\nmysql\u0026gt; pager grep whatIwant mysql\u0026gt; select * from largetable where condition=\u0026#39;hardtofind\u0026#39;; ... mysql\u0026gt; nopager This will pipe the result through grep instead of using less. Yes, this is funny, because using grep on a database result is a kind of joke. But it is also useful.\npager pspg If you want, you can install pspg and use pager pspg to get fancier output. Try\nmysql\u0026gt; pager pspg mysql\u0026gt; select * from t; It will work:\npager pspg shows the output of select * from t. The cursor can be moved to select rows and columns. Hit q to quit.\nIt will also handle SHOW ENGINE INNODB STATUS just fine.\nThe oversized output of SHOW ENGINE INNODB STATUS in pager pspg in the MySQL command line client.\nNote that pspg kind of defeats the purpose of the Command Line client for copy and pasteable results. Do not use it when asking for help or working with dbfiddle. Do use it at other times, if you care.\nThis article mostly exists so that I can paste the URL when needed.\n","date":"2022-12-28T00:00:00Z","href":"https://blog.koehntopp.info/2022/12/28/mysql-the-command-line-client.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: The command line client"},{"categories":null,"content":"I quit often. At least once a year, but there have been years when I have been quitting four times.\nEvery time before a performance evaluation, or before important meetings, I sit down and write myself a notice. I pull up a word processor, start the empty business letter template, fill in the details and the date, and then write the three or four sentences necessary to inform my employer that the time has come to part ways. I print this, collect the letter, fold it properly and put it into an empty unsealed envelope.\nThen I pull it out, unfold it and put it in front of me. Time to start thinking.\nThere are the logistics of quitting.\nA lot of that is about obligations and finance. Could I actually walk out of the meeting, leaving the letter behind?\nThere have been times, when I was younger, where I easily could have done that. Not owning property, being unmarried and without child.\nBeing a consultant, with 180 travel days a year, I had to build my own personal insurance anyway. That\u0026rsquo;s 400 in the pocket at any point in time, 4k on an unused rescue credit card \u0026ndash; enough to take me home on my own from anywhere my job would take me. And a coordinate transformation on my checking account that sees a few 10k as Zero, to provide immediate emergency burn fuel.\nEnough buffer against possible bumps anywhere in the world is also enough buffer to leave when necessary.\nWith a family and a house, things are more complicated, and no longer immediate.\nAn exit plan cannot be \u0026ldquo;walking out and leaving the letter\u0026rdquo; when an uninterrupted cash flow is part of the requirements. But writing the letter is still an important focus point. So I kept the tradition.\nIt is like a business continuity management plan, but for your soul.\nWith the logistics done, it is time to lift the gaze from the path in front of my feet, up to the horizon.\nWhat did I do the last few months? What projects do I have been part of? What have I learned? How have I grown? And is the place I am in still the place that would let me grow?\nThere are no abstract questions. But in my mind they only become real when I sit in front of this piece of paper, and think about staying or leaving. I have made sure I could leave if I wanted. Now it is time to think about what I want from this place to make me stay.\nI sometimes explain this to others as the story of the two contracts.\nWorking in IT, you always have two contracts:\nOne is written. It says what your job title is, where you work, and what they pay you. It says what your notice period is.\nThe other one is unwritten. It is the unspoken agreement about the level of autonomy you have, and the decisions you can be part of. It is the environment you work in and what challenges you can learn from. It is about the things you build.\n\u0026ldquo;Autonomy, Mastery and Purpose\u0026rdquo;\nWorking in IT, I always signed, and I always actually quit, because of this second contract. When it expires or is violated, it is time to actually leave.\nThen it all becomes about people.\nCompanies by construction are usually not loyal to their employees. In general, as organisations they can\u0026rsquo;t. Some people inside an org maybe secretly work against the objectives of the organisations and are loyal to other people.\nAs a person, I always work with other persons. Over the last 30 years, it has become clear that these persons stay, even when I move. I am part of my own personal tribe. I have been building it, maintaining it over a few decades, and when necessary they have been there for me, and I have been there for them.\nPart of the meditation of quitting is also remembering these people. Maybe they need me. Maybe I need them. Maybe I miss them. Maybe some of them have an invitation or an opportunity for me. Holding the bond of my current second contract against the pulls from my relationships gives me an important calibration of where I am, who I am and if I am honest with myself.\nUsually then I have come to some conclusion and I have a plan. I can fold the notice back up into the envelope, put it into my jacket, and walk into that meeting.\nI am now grounded, and I know my boundaries, and my goals.\nI know who I am. For some reason that seems to scare people.\nUsually then I don\u0026rsquo;t actually have to quit. But being able to do that, and understanding when and why helps a lot.\nOn 2023-Jan-31, after almost another seven years, my second tour of Booking.com will come to an end. It was a different ride than the first, it was still amazing, and I met the most wonderful and amazing people. Still, I have been called, and the second contract is up. I have to move.\n","date":"2022-12-27T00:00:00Z","href":"https://blog.koehntopp.info/2022/12/27/meditations-on-quitting.html","tags":["lang_en","work"],"title":"Meditations on Quitting"},{"categories":null,"content":"For the last 15 years, one popular way to persist large amounts of data has been Hadoop, if you needed them persisted in such a way that you can still process them.\nOf course, from a database point of view, brute forcing a result by scanning compressed CSV files in parallel, and then building giant distributed Hash Joins is not very elegant. But two facts were true in 2006 influenced Hadoop\u0026rsquo;s design, and which allowed it to process data at all at a scale where all other things failed:\nDisk Seeks are expensive, so we cannot have indexes. Network capacity is limited, so we cannot move the data to the code. Using these two basic assumptions, Hadoop\u0026rsquo;s core inventions were pioneered by Google, and then reproduced as Open Source by Yahoo!\nGoogle published the GFS Paper and the Map Reduce Paper pretty much 20 years ago.\nDoug Cutting started building the initial version of Hadoop in 2006, and it is basically like this:\n\u0026ldquo;Store data in optionally compressed CSV files in 128 MB strips on a bunch of JBOD disks, replicating all data 3 times. Then download small Java classes to the data store instead of moving the data to the processing nodes, and run the Map-Reduce Algorithm on these file fragments, merge sorting the result into an aggregate during the reduce phase.\u0026rdquo;\nThis was slow: Even a simple rowcount-Query would have at least a minute or two runtime, because of the setup times inherent to this solution. Hadoop needed to distribute a jar with Java Classes, fire of a JVM on the datanodes, warm up the JVM for the JIT to get up to speed, and then push the parts of the data present on the local node through this. Eventually, the completed result set needed to be sorted, and then shipped over the network to the reducers, which would then merge-aggregate the data into a partitioned result set.\nIt was also hard to maintain and upgrade, because you had one large shared cluster with many stakeholders being dependent on it running and behaving in a certain way.\nA lot of gradual improvements happened over the last 15 years, so today\u0026rsquo;s Hadoop stores data in a more efficient way, has lower setup times, and can be managed better. It still is a rather primitive brute-force processing system, and ripe for disruption.\nAnd that is happening right now.\nTechnology improved, challenging Hadoop\u0026rsquo;s base assumptions That is, basically, because the initial assumptions on which it was built are no longer true.\nNetwork Capacity is not the bottleneck Assumption 2, Network Capacity is limited, has not been true for at least 10 years.\nGoogle had been playing with CLOS network architectures for a long time, and in Jupiter Rising described their bespoke switch architecture that allowed them to build data centers where the network by construction is never the bottleneck.\nSpecifically in the Hadoop world that is not exactly news: Tail-drops from network congestion during the Shuffle-Phase between Hadoop\u0026rsquo;s Map and Reduce were a common problem.\nTerasort, a benchmark that sorts one Terabyte of generated data, was a popular way to test the network component of a Hadoop deployment:\nDuring the Map-phase all workers would sort their data, and because it was randomly generated, finish at approximately the same time. Because sorting does not aggregate data, the data blocks would then all lift off, at their full size, and transfer over the network to the Reducer nodes. If the network was oversubscribed or badly built, this would overwhelm the switches, exhaust buffers, engage RED and lead to packet loss. \u0026ldquo;Profiling the network performance of data transfers in Hadoop Jobs\u0026rdquo;, Biligiri, Ali (2014) , Network transfer rates over the lifetime of a terasort job. The Shuffle phase reaches 700 MBit/s, which was the peak transfer rate measured during testing.\nAWS, which did not yet have Leaf-and-Spine in 2014, and which provisioned 1 GBit/s links between nodes at that time, showed behavior as depicted above, when hosting a test cluster running Terasort.\nOf course, CLOS-networks, specifically Leaf-and-Spine architectures, do not require bespoke custom hardware as Google deployed. Brad Hedlund, then working for Dell, described Leaf-and-Spine architectures built from Off-the-shelf Hardware for Hadoop already in 2012, and described that in a series of articles.\n\u0026ldquo;Construct a Leaf Spine design with 40G or 10G? An observation in scaling the fabric\u0026rdquo;, Brad Hedlund (2012) . On today\u0026rsquo;s hardware this is of course done with different hardware and at higher speeds, for example some Juniper EX-hardware with 25G downlinks and 100G uplinks, or even with 100/400 if needed (most people don\u0026rsquo;t have that need).\nNetwork structures like this are oversubscription-free, when built properly. They are useful out of Hadoop contexts as well. For example, when running a private cloud with distributed storage, every disk access is potentially a network read or write, and again a structure where any CPU in any machine can talk to any disk in any other machine without network congestion is useful.\nWarum eigentlich Cloud (2015, german language, 5. Open Source Workshop of German Rail, Frankfurt) , Kristian Köhntopp. The slide shows traffic inside an Openstack cluster with distributed storage. East-West-Traffic between racks dominates, and the aggregated upstream bandwidth from the computes to the Top-of-Rack switches must be matched by adequate spine network bandwidth.\nIn Summary: People who needed the network to never be the bottleneck could have built networks that delivered this for the last 10 years. And most did, even using off-the-shelf parts. It is possible, and even economical, to build a network where any CPU in any machine can talk to any disk in any other machine within the same data center.\nGoogle themselves basically demonstrated this when starting around 2014 or so they offered virtualized, flexible Hadoop as a service. While that was a welcome simplification, nobody stopped and asked how they were doing this: Supposedly the network is the bottleneck, so the virtual machine would be subject to hard placement constraints, because it needed to be created wherever the data is. For a service that would be a harsh constraint, affecting service quality, yet the service ran just fine.\nSo how were they pulling it off? CLOS networking, of course, as documented in the whitepapers they published, but that meant that one of the two Hadoop/Map-Reduce funding assumptions was no longer valid.\nSeeks are not the bottleneck Another thing that started to change around 2012 was the rise of flash storage in computers. Initially, these things were small, so we would see them in write-heavy database servers first: These machines already were expensive, and at the core of the data center, so cost was less of an issue.\nOver time, flash prices dropped, and drives became larger.\nAlso, SATA interface were becoming a bottleneck. They were replaced by a system that put flash directly on the PCIe bus of the machine. This interface, called NVME became popular and available in standard data center machines around 5 years ago, in 2017.\nAnd since 2020 we have NVME over Fabric using TCP as part of the default Linux kernel, so remotely attached NVME (with and without RDMA) is a thing and useful. Check out lightbits , they have awesome products when it comes to low-latency remote storage.\nBecause it no longer forces serialization of requests, but basically allows parallel access to all the flash chips of the drive, it allows to build systems with massively parallel access. A single access still has a latency of around 1/20,000s, but a typical single drive is capable of delivering 800k to 1M IO operations per second, if the application(s) can manage to talk to the drive 50-way parallel at all times. And why stop at one drive, when you can have over a dozen per machine, if you have the PCI bandwidth for that?\nIn practice that means that seeks are now basically free, and data access structures and file-systems that allow massively parallel access have a huge advantage.\n\u0026quot;Operation Unthinkable - Software Defined Storage @ Booking.com \u0026quot;, Peter Buschman (2019). An AMD EPYC based single-socket machine with plenty of RAM and NVMRAM, 100 GBit/s NIC and up to 24 U.2 NVME drives from different, independently sourced vendors, using less than 500W, in 2U, running one out of 10 different storage server products optimized and certified for this platform. \u0026ldquo;There is one in every other rack!\u0026rdquo; \u0026ndash; Peter Buschman revolutionized storage at Booking.com with this design.\nNow what? Since the base assumptions that made Hadoop successful are now invalid, and have been for the last 5 years, we should see Hadoop being replaced.\nAnd we do: Hadoop is no longer a thing for investors, and companies offering Hadoop are either merging or going down.\nHTAP rises Other offers are on the rise, under the collective label of HTAP , Hybrid transactional/analytical processing. The promise is to have one single distributed database system not unlike Spanner that is capable of utilizing the capacity of many systems in one single database/schema for OLTP, and that is also capable of running analytical/BI queries in the same system (or even using the same tables).\nPromising representatives of HTAP databases are\nTiDB from Pingcap CockroachDB and \u0026ndash; with limitations - Heatwave . (Unlike TiDB and CockroachDB, Heatwave is not a true distributed database, but a distributed in-memory accelerator to a single-node MySQL OLTP frontend machine that transparently offloads analytics queries)\nNo cool-aid for me? In general, these systems are welcome, useful and innovative, because they allow database schemas to grow and spread to a cluster of machines, even for OLTP queries. Personally, I remain sceptical with regards to the integrated, copy-less processing of analytics queries.\nIn our DWH/BI-Series in this blog (and especially in Tying the BI pipeline together ) I have tried to explain why I believe the Transformation in ETL is a fundamental step that transforms from OLTP \u0026ldquo;normal form\u0026rdquo; (mostly 3NF) to BI \u0026ldquo;normal form\u0026rdquo; (the star and snowflake forms).\nNobody likes 3NF \u0026ndash; it complicates many things that should be simple, but we must use it in OLTP because data is being modified by transactions. Without it, we suffer from all kinds of anomalies, and normalization prevents these.\nDWH tables are different, because they are records of the past: They do not change (after all stragglers have been loaded), and because they are immutable, they cannot have anomalies. On the other hand, we want multiple copies of the same fact at different dates (maybe compressed with lookup tables or other compression methods), so that we can follow the changes of attribute values over time easily.\nRunning OLTP-like joins over 3NF data with history is a nuisance. It is not only painfully complicated to write, but also hard to optimize. But if the data is immutable anyway, we can bring it into a form optimized for the kind of temporal reporting query we want to run on it, and not care about anomalies.\nSize and Conway\u0026rsquo;s Law Also, keeping OLTP systems as small as possible has a lot of value in its own:\nWe can make casual changes to a 200 GB sized database. A data size of 2 TB has hours of change/setup time. A data size of 20 TB has one attempt in a workday. And a system with 120 TB of data is \u0026ldquo;one attempt per week\u0026rdquo; in terms of change. This is not entirely true for distributed systems, where parallel access can speed things up, but generally smaller and less complex systems are also easier and faster to operate.\nWe do know that a CDC-pipeline or applications set up to generate business level events can provide BI-pipelines at a near-live speed, with less than 15s processing time end-to-end. This is close enough to \u0026ldquo;live\u0026rdquo;, which is the promise of HTAP.\nBuilding systems around such pipelines segregates OLTP from BI, physically and putting them into different administrative domains, yet they still can provide near-live updates. While it may look more complex at first, it may map a lot better onto the realities of Conway\u0026rsquo;s Law, and yield smaller, more flexible, and less tightly coupled components.\nOn the other hand, I do like the technology in TiDB and CockroachDB, but that is mostly because the environment I work in suffers from transactional systems and schemas that happen to be larger than a single machine.\nI fully expect these systems to still have need to the 3NF-to-Snowflake transformation that is a characteristic of ETL, and I am not yet ready to buy into the Gartner HTAP hype, unless somebody can show me how this is better handled inside Cockroach or TiDB.\n","date":"2022-12-23T00:00:00Z","href":"https://blog.koehntopp.info/2022/12/23/from-hadoop-to-htap.html","tags":["lang_en","mysql","mysqldev","data warehouse"],"title":"From Hadoop to HTAP?"},{"categories":null,"content":"In Of Stars and Snowflakes we have been looking at the \u0026ldquo;normal Form\u0026rdquo; for Data Warehouses/BI structures, and how it differs from normal forms used in transactional systems. In ETL from a Django Model we looked at one implementation of a classical offline DWH with a daily load.\nThe normal BI structure is a fact table, in which an object identifier (the one we collect facts about) is paired with a point in time to report facts about the object at a certain point in time. That is, we have a table with a compound primary key, in which a component (usually the latter) has a time dimension. Fact tables are also often very wide, since we collect any number of facts about the object we report on for each point in time.\nFor certain types of data, it is useful to compress the data using lookup tables. That is, instead of reporting a certain value over and over again (\u0026ldquo;Intel Silver 4110\u0026rdquo; each time we report on a certain machine), we replace the string with an integer of appropriate size and resolve that with a lookup table on the side.\nThis can happen with one central string replacement table (lookup_strings), or structured per type (cpu_types, vendors, model_names). Both approaches have certain advantages and disadvantages, and sometimes you find both in the same system.\nWhy and how? In the transactional system, our objective is to complete the data lifecycle. That is, basically, we want to be able to delete data in order to get rid of finished transactions and their data at some point in time in order to keep the size of the OLTP system small, nice and stable. Other parts of the business still need the history record, and they need it as a history record. That is, they are not interested into the current data (\u0026ldquo;Where does the customer live now?\u0026rdquo;, \u0026ldquo;What does the article cost now?\u0026rdquo;), but into the values that were valid when the transaction happened (\u0026ldquo;Where did we deliver to?\u0026rdquo;, \u0026ldquo;How much did we bill?\u0026rdquo;).\nThe Extraction pulls data out of the realm of the OLTP system. And after it is extracted it can be deleted from the OLTP system, freeing space and keeping the size stable.\nWith the Extraction, we also have the Transformation in which the OLTP references to other normalized tables are resolved into literal attribute values which are the things we want to preserve at the value they had back then. The Transformation transitions the data from the OLTP classical database normal form into the form needed for a fact table, the data warehouse normal form.\nIn the Load phase, the data is loaded into the DWH/BI systems fact table. This is not just a data ingestion, but often also a validation and cleanup phase. And if the data is recompressed by replacing literal values with an integer ID into a lookup table, this usually also happens during load.\nThe fact that IDs in the DWH bear no relationship to IDs in the OLTP system is important and good: We are transferring data across an administrative boundary, from one system to another, and having a naming dependency across such a boundary is usually a recipe for desaster.\nExtraction Extraction can happen in nightly runs, by making a snapshot of the state of the OLTP system. This is what happens every night in ETL from a Django Model , and also in My private data warehouse .\nExtraction can also happen when writing transactions to a log table, often called sale, booking, reservation or similar. When the transaction is logged in a normalized way, it looks like the reservation table in the example in Change Data Capture .\nSome systems already copy the data over into such a reservation table literally, especially when it comes to delivery and billing addresses and prices. That is necessary, even from the point of view of the transactional system, because we must record the actual price and delivery address at the point in time when the sale happened. Later changes should not affect transactions that are in the middle of fulfillment.\nFor the purpose of the DWH system, this simplifies extraction and transformation, because the reservation table then already is more of less literally the data we want. We just need to grab it and preserve it.\nWhen the DWH wants \u0026rsquo;live\u0026rsquo; updates, this can happen by tailing the database log as a replication client, collecting the information of interest, converting it into target format and pushing it elsewhere. These days, most often that ends up being a JSON or Avro message on a Kafka Event bus, or similar, in a defined, versioned and documented format that is ideally independent of changes to the source OLTP systems structure.\nTransformation But getting from normalized 3NF OLTP format into resolved DWH literal value attributes is not always for free.\nThe nicest way of getting there is to have the source system prepare its private, internal transaction, and also prepare a transformed record in DWH form. Both are committed together in the same transaction, to the internal tables of the OLTP system, and an Outbox. The Outbox is under a contract between the producing OLTP and the consuming BI systems, and will not change unannounced.\nIn this case, the BI process can simply tail the binlog, grab only row change events on the Outbox tables, and process and export these. Internal table changes will also end up in the binlog, but the CDC extractor ignores these.\nIf that is not possible, we get random normalized change events from the OLTP systems internal tables. This is bad, because it is very hard to get a contract and a promise of announced change for them, and because here the data is not in BI form. So we get a bunch of 3NF \u0026ldquo;id\u0026rdquo; values and need to run queries backwards into the OLTP system to resolve them into literal values to perform the transformation. This is annoying, adds query load and also have the potential to grab \u0026ldquo;invalid\u0026rdquo; data, because there is a race condition and the referenced data may have changed between the commit of the record we caught, and the time we resolve the ID values.\nLoad Pushing CDC data \u0026ldquo;live\u0026rdquo; to a message bus is simple, and allows us to have multiple consumers for this. One standard consumer would simply take the event messages and persist them into tables in a really large analytics store such as Hadoop, Snowflake or similar. Other standard consumers in the environment I work in are aggregators that take events and aggregate them into time buckets. That is, values from events are counted (\u0026ldquo;This error occurred n times in the last minute\u0026rdquo;), summed up or otherwise classified, and the results are then forwarded as metrics into a time series store. Alerts can be generated from thresholds of metrics, or from presence of certain events in the stream.\nThe data load into the persistent store would also update default aggregations as you would expect from the star or snowflake around a fact table. Such aggregations would be \u0026ldquo;sales per region per day\u0026rdquo;, or \u0026ldquo;bookings per region per category per day\u0026rdquo;.\nSpecifically the aggregations to the metrics store are time critical, as they may be tied to alerts. We generally aim for a freshness (processing time for the entire pipeline) of less than 15s. Freshness itself is also a quality metric for the pipeline itself.\nMapping Fowler to Database terms The Fowler Wiki is now in many pages older than 10 years. Large parts of it are still hard to read if you are coming from a database background instead of application developer background. That is in part, because Fowler reinvents concepts and terms from a developer perspective that already exist in the database world, under different names.\nThe first time I hit that was when reading up on the cryptically named CQRS , which is just the concept the various ways of getting Materialized Views by another name.\nWe find this again with the concept of Event Sourcing , which for low quality low level events matches directly on CDC and Binlog capture. In order to provide better value, you would have to perform the T of ETL on the events, preferably as early as possible in the pipeline, that is, transform from 3NF to BI form either using the Outbox pattern or by instrumenting the application itself.\nFowler is never discussing checkpointing, an essential concept necessary to prevent unbounded startup times and unbounded event storage sizes from occurring.\nCheckpointing and cleanup exist in the database world the concepts of \u0026ldquo;Full Backups\u0026rdquo; associated with Log Positions, and then Logs starting from the checkpoint for a Point in Time Recovery.\nCheckpointing and Log compression also exist in the database world in the tiered log compactions we find in LSMs such as RocksDB: The database is writing an endless stream of idempotent row change events, and a compaction process reads the logs in the background, providing only still valid and recent row versions, and physically arranging the records in an advantageous way.\nEvents work reasonably well when you look vertically at a single transaction: The event propagates through your system of services, kicking off followup events that contain the original data and additional information accrued at this processing stage. They also work reasonably well for aggregations in time-bounded buckets or otherwise constrained contexts.\nThey work less well when the application has to implement choices, i.e. when you need to select one user account out of the storage of all users in the system, or when you need to allow a user to search the storage of all articles on offer and then allow them select one to buy. Here, traditional full materialization is necessary, and global state is manipulated.\nIn the end, looking at the table rows as the materialization and at the log as the stream of idempotent changes to the materialization over time it is clear to the database person that both things are the same. Looking at the various ways of implementing database systems, you will even find one posing as the other as needed, depending on the database product you look at (i.e. the LSM is a log, posing as a table, and other systems use tables to store logs).\n","date":"2022-12-22T00:00:00Z","href":"https://blog.koehntopp.info/2022/12/22/tying-the-bi-pipeline-together.html","tags":["lang_en","mysql","mysqldev","data warehouse"],"title":"Tying the BI pipeline together"},{"categories":null,"content":"A friend asked in Discord:\nI need a pointer to a solution in Jinja.\nGiven two lists, x: [a,b,c] and y: [d,e,f], I need the cross-join [\u0026quot;a.d\u0026quot;,\u0026quot;a.e\u0026quot;,\u0026quot;a.f\u0026quot;,\u0026quot;b.d\u0026quot;,…,\u0026quot;c.e\u0026quot;,\u0026quot;c.f\u0026quot;]. I know how to cross-join, but that then is a list of lists, and I want join the inner lists.\nAfter some experimentation the result was a set of nasty templating loops. There has to be a better way.\nThere are two:\nAnsible Custom Filters in Python Playbook We want a custom filter cross, which produces the desired result.\n# $ cat testing/myfilter.yml - name: Keks hosts: localhost gather_facts: false vars: x: [ \u0026#34;a\u0026#34;, \u0026#34;b\u0026#34;, \u0026#34;c\u0026#34; ] y: [ \u0026#34;d\u0026#34;, \u0026#34;e\u0026#34;, \u0026#34;f\u0026#34; ] tasks: - name: Keks debug: msg: \u0026#34;{{ x| cross(y) }}\u0026#34; Desired Output The playbook shall produce this output\nPLAY [Keks] ******************************************************************** TASK [Keks] ******************************************************************** ok: [localhost] =\u0026gt; { \u0026#34;msg\u0026#34;: [ \u0026#34;a.d\u0026#34;, \u0026#34;a.e\u0026#34;, \u0026#34;a.f\u0026#34;, \u0026#34;b.d\u0026#34;, \u0026#34;b.e\u0026#34;, \u0026#34;b.f\u0026#34;, \u0026#34;c.d\u0026#34;, \u0026#34;c.e\u0026#34;, \u0026#34;c.f\u0026#34; ] } PLAY RECAP ********************************************************************* localhost : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 Creating a custom filter For that, we need a directory filter_plugins next to the playbook (or in the role directory next to the tasks directory). Inside that directory, we place a Python file cross.py, which will contain our custom filter code.\n$ tree testing/ testing/ ├── filter_plugins │ └── cross.py └── myfilter.yml 1 directory, 2 files The file cross.py looks like this:\n1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 #! /usr/bin/env python3 from collections.abc import Iterable class FilterModule: def filters(self): return { \u0026#39;cross\u0026#39;: self.cross, } def cross(self, x, y, sepchar=\u0026#34;.\u0026#34;): if not isinstance(x, Iterable) or isinstance(x, str): raise TypeError(\u0026#34;parameter1 is not an Iterable\u0026#34;) if not isinstance(y, Iterable) or isinstance(y, str): raise TypeError(\u0026#34;parameter2 is not an Iterable\u0026#34;) if not isinstance(sepchar, str): raise TypeError(f\u0026#34;parameter3 is not a string\u0026#34;) z = [ f\u0026#34;{i}{sepchar}{j}\u0026#34; for i in x for j in y ] return z This defines a class FilterModule with a method filters(). The names are prescribed, and cannot be changed.\nIn the filters() method we are to return a dictionary with pairs of Jinja2 templating filter name (we want cross) and matching Python function or method reference (that is, the name a callable without parameter parentheses attached). In our example, we map the Jinja2 filter cross to the method self.cross() in our Python class (Line 8).\nThe actual cross() method is in Line 11. It takes 2 mandatory parameters, x and y and an optional parameter sepchar. The first two parameters x and y are supposed to be Lists or other Iterables that are to be cross-joined. We expressly prohibit strings, because they are iterable by character, but that is likely not what we want.\nThe third parameter sepchar is the separator character we are putting between these joined pairs. It defaults to . (dot) and can be left out.\nThe actual work is done in Line 21 after the error checks. We produce a list, which we return.\nWe can test with\n$ ansible-playbook testing/myfilter.yml which indeed produces the desired output.\nAnsible solution with native filters My friend had objections to shipping custom filters with a role. So here is a solution that uses no loops and only native filters.\nWe can use the Jinja2 default filter product to create a cross product:\n- name: Keks hosts: localhost gather_facts: false vars: x: [ \u0026#34;a\u0026#34;, \u0026#34;b\u0026#34;, \u0026#34;c\u0026#34; ] y: [ \u0026#34;d\u0026#34;, \u0026#34;e\u0026#34;, \u0026#34;f\u0026#34; ] tasks: - name: keks set_fact: z: \u0026#34;{{ x|product(y) }}\u0026#34; - name: Keks debug: msg: \u0026#34;{{ z }}\u0026#34; But this produces the list of lists mentioned in the beginning.\nPLAY [Keks] ******************************************************************** TASK [keks] ******************************************************************** ok: [localhost] TASK [Keks] ******************************************************************** ok: [localhost] =\u0026gt; { \u0026#34;msg\u0026#34;: [ [ \u0026#34;a\u0026#34;, \u0026#34;d\u0026#34; ], [ \u0026#34;a\u0026#34;, \u0026#34;e\u0026#34; ], ... We can use z: \u0026quot;{{ x|product(y)|map('join') }}\u0026quot; to produce the pairs we want:\nTASK [Keks] ******************************************************************** ok: [localhost] =\u0026gt; { \u0026#34;msg\u0026#34;: [ \u0026#34;ad\u0026#34;, \u0026#34;ae\u0026#34;, \u0026#34;af\u0026#34;, \u0026#34;bd\u0026#34;, \u0026#34;be\u0026#34;, \u0026#34;bf\u0026#34;, \u0026#34;cd\u0026#34;, \u0026#34;ce\u0026#34;, \u0026#34;cf\u0026#34; ] } But we need to pass a parameter to join(), because we want a . separator character. This is done by adding this parameter after the function to be mapped. So we need z: \u0026quot;{{ x|product(y)|map('join','.') }}\u0026quot; for our solution.\nThe run results in\nTASK [Keks] ******************************************************************** ok: [localhost] =\u0026gt; { \u0026#34;msg\u0026#34;: [ \u0026#34;a.d\u0026#34;, \u0026#34;a.e\u0026#34;, \u0026#34;a.f\u0026#34;, \u0026#34;b.d\u0026#34;, \u0026#34;b.e\u0026#34;, \u0026#34;b.f\u0026#34;, \u0026#34;c.d\u0026#34;, \u0026#34;c.e\u0026#34;, \u0026#34;c.f\u0026#34; ] } which is what we wanted.\nThe actual problem The actual problem looks like this, but in a single line:\n{%- for host in hosts -%} {%- for domain in domains -%} {{proto}}://{{ host }}.{{ domain }}:{{port}}{{ \u0026#34;, \u0026#34; if not loop.last }} {%- endfor -%} {{ \u0026#34;, \u0026#34; if not loop.last }} {%- endfor -%} The replacement with native functions looks like this, again in a single line:\n{{ [proto] | product(hosts | product(domains) | map(\u0026#39;join\u0026#39;,\u0026#39;.\u0026#39;) ) | map(\u0026#39;join\u0026#39;,\u0026#39;://\u0026#39;) | product([port])| map(\u0026#39;join\u0026#39;,\u0026#39;:\u0026#39;)| join(\u0026#34;, \u0026#34;) }} Using cross() it is a lot less ugly:\nproto | cross(hosts,\u0026#39;://\u0026#39;) | cross(domains) | cross(port,\u0026#39;:\u0026#39;) If proto or port are scalar, write them as [proto] and [port] to keep the syntax.\n- name: Keks hosts: localhost gather_facts: false vars: hosts: [ \u0026#34;hosta\u0026#34;, \u0026#34;hostb\u0026#34;, \u0026#34;hostc\u0026#34; ] domains: [ \u0026#34;domaina.net\u0026#34;, \u0026#34;domainb.com\u0026#34;, \u0026#34;domainc.org\u0026#34; ] proto: \u0026#34;https\u0026#34; port: \u0026#34;8443\u0026#34; tasks: - name: Keks debug: msg: \u0026#34;{{ [proto]|cross(hosts,\u0026#39;://\u0026#39;)|cross(domains)|cross([port],\u0026#39;:\u0026#39;) }}\u0026#34; yields\nTASK [Keks] ******************************************************************** ok: [localhost] =\u0026gt; { \u0026#34;msg\u0026#34;: [ \u0026#34;https://hosta.domaina.net:8443\u0026#34;, \u0026#34;https://hosta.domainb.com:8443\u0026#34;, \u0026#34;https://hosta.domainc.org:8443\u0026#34;, \u0026#34;https://hostb.domaina.net:8443\u0026#34;, \u0026#34;https://hostb.domainb.com:8443\u0026#34;, \u0026#34;https://hostb.domainc.org:8443\u0026#34;, \u0026#34;https://hostc.domaina.net:8443\u0026#34;, \u0026#34;https://hostc.domainb.com:8443\u0026#34;, \u0026#34;https://hostc.domainc.org:8443\u0026#34; ] } Summary With a short, concise and type-safe Python function that can be shipped as part of the role, we solved the original problem. We can produce the solution in a single, rather readable line instead of deeply nesting function calls, or worse, a bunch of templating loops.\nDebugging and testing of the Python function can be done with the full power of our Python tooling, instead of messing with an un-debuggable and untestable DSL.\n","date":"2022-12-12T00:00:00Z","href":"https://blog.koehntopp.info/2022/12/12/ansible-list-crossproduct.html","tags":["lang_en","devops","python"],"title":"Ansible: List Cross-Join"},{"categories":null,"content":"Like everybody else, I have been playing with ChatGPT from OpenAI . Specifically, I wanted to test how it could be used as a coding assistant, and what the limits are in terms of size and complexity.\nCode Generation I have been using the Labyrinths example as a base. My goal was to have ChatGPT write the Labyrinth class for me.\nI did so interactively.\nKris:\nWrite an empty Python class named Labyrinth\nChatGPT:\nclass Labyrinth: pass Kris:\nAdd code to this class to represent a grid as a list of lists of integers, and store the width and the height of the grid in two appropriately name variables. Write a constructor that accepts the width and height as keyword variables defaulting to 10.\nChatGPT:\nclass Labyrinth: def __init__(self, width=10, height=10): self.width = width self.height = height self.grid = [[0 for x in range(width)] for y in range(height)] Kris:\nShow the code with type markup that could be used by mypy.\nChatGPT:\nfrom typing import List class Labyrinth: def __init__(self, width: int = 10, height: int = 10) -\u0026gt; None: self.width: int = width self.height: int = height self.grid: List[List[int]] = [[0 for x in range(width)] for y in range(height)] Kris:\nAdd a method __repr__ to the class returns a representation of the grid for debugging.\nChatGPT:\nfrom typing import List class Labyrinth: def __init__(self, width: int = 10, height: int = 10) -\u0026gt; None: self.width: int = width self.height: int = height self.grid: List[List[int]] = [[0 for x in range(width)] for y in range(height)] def __repr__(self) -\u0026gt; str: return \u0026#39;\\n\u0026#39;.join([\u0026#39;\u0026#39;.join([str(cell) for cell in row]) for row in self.grid]) Kris:\nGiven a type\nPos = NewType(\u0026#34;Pos\u0026#34;, Tuple[int, int]) add a __getitem__ and __setitem__ method to the class. The methods should allow us to use an instance of Labyrinth indexed by a Pos, and that should end up reading or writing the grid element addressed by the Pos.\nChatGPT:\nfrom typing import List, Tuple from types import NewType Pos = NewType(\u0026#34;Pos\u0026#34;, Tuple[int, int]) class Labyrinth: def __init__(self, width: int = 10, height: int = 10) -\u0026gt; None: self.width: int = width self.height: int = height self.grid: List[List[int]] = [[0 for x in range(width)] for y in range(height)] def __getitem__(self, pos: Pos) -\u0026gt; int: x, y = pos return self.grid[x][y] def __setitem__(self, pos: Pos, value: int) -\u0026gt; None: x, y = pos self.grid[x][y] = value def __repr__(self) -\u0026gt; str: return \u0026#39;\\n\u0026#39;.join([\u0026#39;\u0026#39;.join([str(cell) for cell in row]) for row in self.grid]) Kris:\nAdd a predicate position_valid to the class that takes a Pos as a parameter. The predicate is True if the Pos is valid (each coordinate is positive, and smaller than height or width respectively).\nChatGPT:\nfrom typing import List, Tuple from types import NewType Pos = NewType(\u0026#34;Pos\u0026#34;, Tuple[int, int]) class Labyrinth: def __init__(self, width: int = 10, height: int = 10) -\u0026gt; None: self.width: int = width self.height: int = height self.grid: List[List[int]] = [[0 for x in range(width)] for y in range(height)] def position_valid(self, pos: Pos) -\u0026gt; bool: x, y = pos return (0 \u0026lt;= x \u0026lt; self.width) and (0 \u0026lt;= y \u0026lt; self.height) def __getitem__(self, pos: Pos) -\u0026gt; int: x, y = pos return self.grid[x][y] def __setitem__(self, pos: Pos, value: int) -\u0026gt; None: x, y = pos self.grid[x][y] = value def __repr__(self) -\u0026gt; str: return \u0026#39;\\n\u0026#39;.join([\u0026#39;\u0026#39;.join([str(cell) for cell in row]) for row in self.grid]) Kris:\nMake sure that all methods only accept valid Pos values where appropriate.\nChatGPT:\nfrom typing import List, Tuple from types import NewType Pos = NewType(\u0026#34;Pos\u0026#34;, Tuple[int, int]) class Labyrinth: def __init__(self, width: int = 10, height: int = 10) -\u0026gt; None: self.width: int = width self.height: int = height self.grid: List[List[int]] = [[0 for x in range(width)] for y in range(height)] def position_valid(self, pos: Pos) -\u0026gt; bool: x, y = pos return (0 \u0026lt;= x \u0026lt; self.width) and (0 \u0026lt;= y \u0026lt; self.height) def __getitem__(self, pos: Pos) -\u0026gt; int: if not self.position_valid(pos): raise IndexError(\u0026#34;Invalid position\u0026#34;) x, y = pos return self.grid[x][y] def __setitem__(self, pos: Pos, value: int) -\u0026gt; None: if not self.position_valid(pos): raise IndexError(\u0026#34;Invalid position\u0026#34;) x, y = pos self.grid[x][y] = value def __repr__(self) -\u0026gt; str: return \u0026#39;\\n\u0026#39;.join([\u0026#39;\u0026#39;.join([str(cell) for cell in row]) for row in self.grid]) I was then trying to add cardinal directions as a type, and a predicate to make sure a given Direction d is valid, but this is where I lost it.\nAccording to the documentation, ChatGPT has a working memory of about \u0026ldquo;4000 Tokens\u0026rdquo; (3000 Words). It seems as if the code above is about the limit of what it can keep in \u0026ldquo;mind\u0026rdquo; at any given point in time.\n1000 Tokens cost around 2 ct with the Davinci model, so the above code is worth around 10 ct to 20 ct, or something, with all the iterations.\nChatGPT definitively allows a person with domain knowledge and a basic understanding of how algorithms work to write code in a language they do not understand. The amount of context that can be held active is limited.\nCode Analysis Conversely, if you paste the full source of the labyrinth.py file into ChatGPT and ask it what it does, this is the analysis:\nThe code defines a Labyrinth class that represents a grid-based maze. The maze is stored as a List of Lists of ints. Passages in the maze are represented by bit flags (i.e., binary numbers): N=1, E=2, S=4, and W=8. When a particular bit is set, it indicates that there is a passage from the current cell into the direction indicated by that bit.\nThe Labyrinth class provides several methods for working with the maze, such as carve() for carving out passages in the maze, position_valid() for checking if a given position is valid within the bounds of the maze, direction_valid() for checking if a given direction is valid, and random_directions() for generating a list of random directions.\nAdditionally, the Labyrinth class uses the typing module to specify the types of its attributes and parameters, which can make the code easier to read and understand. For example, the width attribute is defined as having type int, and the carve() method has a parameter named show with type Any, indicating that it can accept any type of value for that parameter.\nThat is a fair analysis, and as good as it gets from glancing at the source of a single module.\nNow, I am adding backtracking.py to the mix, but sans comments, and ask it what happens.\nKris:\nIf you supply the following class as a carver to the Labyrinth class, what does this code do?\nfrom typing import Optional, Any from src.labyrinth import Labyrinth, Pos class Backtracking: def carve(self, lab: Labyrinth, pos: Optional[Pos] = None, show: Any = None): if not pos: pos = Pos((0, 0)) directions = lab.random_directions() for d in directions: try: np = lab.step(pos, d) except ValueError: continue if show: show(lab, red=pos, green=np) if lab[np] == 0: lab.make_passage(pos, d) lab.carve(np, show=show) ChatGPT:\nThe Backtracking class defines a carve() method that uses a backtracking algorithm to generate a maze in a given Labyrinth object. The method takes a lab parameter which is an instance of the Labyrinth class, a pos parameter which specifies the current position in the maze, and an optional show parameter that can be used to display the maze as it is being generated.\nAnd again, this is a correct analysis of the code, in the context of the larger Labyrinth class above.\nContinuing the code interview Kris:\nDoes Python have a recursion depth limit?\nChatGPT:\nYes, Python has a default recursion depth limit. This means that when a function calls itself recursively, the number of times it can do so is limited. The default recursion depth limit in Python is typically around 1000 calls, but it can vary depending on the specific implementation and platform. If a function exceeds the recursion depth limit, a RecursionError will be raised.\nIt is possible to change the recursion depth limit in Python by using the sys.setrecursionlimit() function. For example, the following code sets the recursion depth limit to 2000:\nimport sys sys.setrecursionlimit(2000) ChatGPT has knowledge of the fact that Python has a recursion depth limit, the default value and how to change it.\nLet it apply this information to the example:\nKris:\nGiven this information, what is the longest path the Backtracking class above can produce?\nChatGPT:\nThe length of the longest path that the Backtracking class can produce is limited by the default recursion depth limit in Python. As mentioned previously, the default recursion depth limit is typically around 1000 calls, but it can vary depending on the specific implementation and platform.\nIn the case of the Backtracking class, the carve() method calls itself recursively to generate the maze. Therefore, the longest path that the Backtracking class can produce is limited to the default recursion depth limit in Python.\nThat is correct. The system correctly identified the fact the method calls itself, and how and why it does this. It then deduces that this is subject to the above limitation, and what the consequence is.\nIf the carve() method is called with a starting position that is more than 1000 steps away from the end of the maze, it will exceed the recursion depth limit and raise a RecursionError.\nThat is arguably correct, and in a real coding interview would be an invitation to do some hairsplitting, but in general it is not wrong.\nSummary ChatGPT works very well, if you use it as a way to augment the facilities of a human, that guides it with a purpose and additional domain knowledge. It seems to be limited in constructive tasks. I was not able to get beyond the code generation barrier above.\nThe opposite direction, in which we have it analyze an existing piece of code and interrogate it about its properties works a lot better.\nIn a real coding interview, on the analytics side this is good enough to pass at least at the lower levels. On the constructive side, it is more complicated.\n","date":"2022-12-11T00:00:00Z","href":"https://blog.koehntopp.info/2022/12/11/chatgpt-and-limits.html","tags":["lang_en","security"],"title":"ChatGPT and Limits"},{"categories":null,"content":"Multi-Factor Authentication (Identifikation mit mehreren Faktoren) oder 2FA (Two-Factor-Authentication) sind ein Weg, einen Account vor der Übernahme durch Dritte zu schützen.\nStatt sich mit Usernamen und Passwort anzumelden ist zusätzlich noch eine wechselnde Pseudozufallszahl notwendig. Diese wird von einem Seed-Wert generiert, der durch eine Buchstabenfolge oder einen QR-Code repräsentiert wird.\nAuthenticator Anwendung installieren Das Verfahren ist standardisiert und wird von vielen Tools unterstützt. Dazu gehören Google Authenticator, Bitwarden und viele andere Passwortmanager.\nUm mit MFA zu arbeiten, sollte man entweder einen Passwortmanager installiert haben, der auch MFA verwalten kann, oder sich eine 2FA Anwendung installieren. Populäre Passwortmanager sind etwa Bitwarden, 1Password oder LastPass. Populäre 2FA-Anwendungen sind Google Authenticator, der Authenticator von Microsoft, Twilio Authy oder Aegis.\nAuch auf der Kommandozeile kann man 2FA Codes generieren, aber das ist eher für komische Spielereien wichtig. Auf jeden Fall implementiert auch oath-toolkit die üblichen Verfahren zur Generierung dieser Codes.\n2FA aktivieren in Mastodon Um MFA zu aktivieren, klicke auf \u0026ldquo;Edit Profile\u0026rdquo; im Mastodon Webinterface, und wähle Account Settings -\u0026gt; Two Factor Auth.\nAuf Edit Profile klicken, um in die Benutzerkonfiguration zu kommen.\nIm Menü in der Seitenleiste erst auf \u0026ldquo;Account Settings\u0026rdquo;, und dann auf \u0026ldquo;Two-factor Auth\u0026rdquo; klicken.\nEs erscheint das 2FA Setup. Man kann gefahrlos durch den ganzen Prozess laufen, ohne die Konfiguration zu verändern. Erst, wenn man den ersten Sechs-Zahlen-Code erfolgreich eingegeben hat, wird 2FA für dieses Login aktiviert.\nEs kommt dieser Screen, eventuell nach nochmaliger Aufforderung, das Passwort einzugeben.\nDer gezeigte QR-Code kann mit einer Authenticator-Anwendung gescannt werden. Er enthält nichts anderes als die daneben angezeigte Seed-Folge. Diese wiederum kann man auch direkt in Anwendungen wie Bitwarden kopieren.\nKlickt man auf Set Up, bekommt man einen QR-Code zum Scannen in der Google Authenticator App, oder den Seed-String als Text (etwa für Bitwarden).\nMan sollte auf jeden Fall einen Screenshot vom QR-Code oder eine Kopie des Seed machen, und diese an einem sicheren Ort archivieren. Ich habe einen USB-Stick für solche Dinge. Damit kann man bei Verlust von Telefon oder Rechner dennoch an seine Accounts kommen, denn man kann den QR-Code so oft scannen wie man will, und auf so vielen Geräten scannen wie man will.\nIn der Regel ist es bei Problemen einfacher, die archivierten QR-Codes neu zu scannen, als durch den Account Recovery Workflow eines mit 2FA geschützten Accounts zu laufen. Das ist dann auch einheitlich, Account Recovery ist je nach Anbieter unterschiedlich.\nDer Seed-Code wird in diesem Beispiel in Bitwarden eingetragen. Bitwarden wird mit dem Code und der aktuellen Zeit in die Lage versetzt, den jeweils geltenden Code zu erzeugen und anzuzeigen.\nVerwendet man eine Authenticator-App (oder hat einfach ein aktuelles iPhone), kann man auch einfach den QR-Code mit der App (oder der normalen iPhone Scanfunktion) scannen und ein Eintrag wird erzeugt. Entweder in der Authenticator-App, wenn man diese verwendet, oder im Passwortspeicher des iPhone, wenn man direkt mit dem Telefon scannt.\nDen generierten Code ausprobieren Nachdem man den QR-Code mit einem Authenticator gescannt hat, oder man den Seed-String in den Passwortmanager kopiert hat, wird einem dort eine Zahl angezeigt. Sie hat 6 Stellen und wechselt alle 30 Sekunden. Sie ist aber oft ein wenig länger gültig: Viele Implementierungen nehmen die vorhergehende und die nachfolgende Zahl auch noch an.\nNach dem Abspeichern des Seeds in Bitwarden wird eine laufend wechselnde Zahl angezeigt. Diese kann man in das Testfeld \u0026ldquo;Two-factor code\u0026rdquo; übertragen und beweist so, daß das Setup korrekt ist. Erst nach dem Klicken auf den großen \u0026ldquo;Enable\u0026rdquo;-Knopf wird 2FA aktiviert. Hier kann man also noch abbrechen.\nDie Zahl basiert auf einem Pseudo-Zufallszahlengenerator: Basierend auf dem Startwert (dem Seed-Wert von da oben) und der aktuellen Zeit wird ein Code generiert. Der Code ist immer derselbe, vorausgesetzt man kennt den Seed und hat eine genau gehende Uhr. Sowohl der Mastodon-Server als auch die Authenticator-Anwendung kennen diese Daten und generieren den Code, und zwar bei übereinstimmenden Werten denselben Code.\nZur Aktivierung muss man den aktuellen Zahlencode in das Feld unter dem QR-Code eintragen. Dies beweist, daß man eine Authenticator-App hat und sie korrekt konfiguriert ist. Erst dann wird 2FA wirklich aktiviert.\nDies ist der \u0026ldquo;Point of no Return\u0026rdquo; (stimmt nicht: Man kann 2FA auch wieder deaktivieren).\nAccount Recovery Codes Mastdon generiert dann noch einen Satz Account Recovery Codes. Wenn man den QR-Code archiviert hat, braucht man die nie. Stattdessen wäre es viel einfacher, den archivierten QR-Code neu einzuscannen.\nEs kann aber nicht schaden, diese zu kopieren und auch zu archivieren. Etwa in Bitwarden und auf dem o.a. USB-Stick mit dem QR-Code. Oder auf einem Papierfetzen, den man unter die Schreibtisch-Schublade klebt.\nDiese Recovery-Codes werden niemals gebraucht, wenn man stattdessen den Seed-Text oder den QR-Code archiviert. Mit dem kann man sich jederzeit ein neues Authenticator-Gerät aufsetzen, indem man den Code neu scannt. Dennoch kann es nützlich sein, auch die Recovery-Codes zu archivieren.\nWieso 2FA, wenn ich doch einzigartige Passworte verwende? \u0026ldquo;Aber Kris, ich verwende doch sowieso auf jedem Account einzigartige Passworte. Warum sollte ich mich mit 2FA rumnerven?\u0026rdquo;\nHier eine Geschichte aus dem echten Leben: Discord Nitro Spam and 2FA 2FA erlaubt es in vielen Fällen, einen Account zu retten, auch wenn er ganz oder in Teilen durch einen Unfall übernommen wird. 2FA, OAuth2 und \u0026ldquo;scoped Tokens\u0026rdquo; retten Euren Arsch auch dann, wenn ihr schon gehackt oder gecybert worden seid. Sie machen solche Unfälle oft reversibel.\nCloud oder nicht cloud? Es gibt 2FA Speicher, die 2FA Codes in der Cloud sichern und an die eigene Telefonnummer binden.\nGoogle Authenticator und Aegis gehören nicht dazu, die Daten werden ausdrücklich lokal gespeichert und die Anwendung beansprucht keine Rechte, und funktioniert offline. Code-Transfer erfolgt mit QR-Codes.\nTwilio Authy fragt bei der Einrichtung nach einer Telefonnummer, sendet dieser dann eine Kennung zu und verbindet den Passwortspeicher mit der Telefonnummer. Auch bei Wechsel zwischen Android und iPhone (oder hier MacOS) bleiben die 2FA Secrets erhalten.\nTwilio Authenticator und Microsoft Authenticator sichern Codes in der Cloud.\nBei Apples Systemspeicher für Passworte hängt es davon ab, ob man Passworte in der iCloud synchronisiert oder nicht.\n2FA nicht nur für Mastodon Viele Passwortmanager haben die Option, Reports und Account-Audits zu generieren. Oft wird eine Funktion angeboten, die alle möglichen, aber nicht genutzten 2FA-Möglichkeiten listet. Diese Liste kann man durchgehen und systematisch für alle Accounts 2FA aktivieren.\nVaultwarden Webanwendung, Passwort-Reports. Hier kann man auf \u0026ldquo;Inactive Two-step Login\u0026rdquo; klicken und eine Liste von Logins bekommen, die man hat und die 2FA haben könnten, aber bei denen in Vaultwarden kein 2FA hinterlegt ist. Die meisten Passwortmanager haben inzwischen solche Reports.\nZusammenfassung Mit Zwei-Faktor-Authentisierung kann man ein Login zusätzlich absichern. Dazu wird beim Login neben dem Passwort auch noch ein wechselnder Code abgefragt, der entweder von einer Authenticator Anwendung oder einem Passwortmanager generiert wird.\nDas ist nützlich, weil so ein verloren gegangenes oder abgefischtes Passwort kein Weltuntergang mehr sind. Im verlinkten Beispielartikel ist so etwa ein kompromittierter Discord-Account wieder gerettet worden.\nEs ist gute Praxis, 2FA auf allen Logins zu aktivieren, bei denen dies angeboten wird. Dies sichert das Login zusätzlich ab, und verhindert Weltuntergang bei Passwortlecks und Phishing.\n","date":"2022-12-10T00:00:00Z","href":"https://blog.koehntopp.info/2022/12/10/2fa-fuer-mastodon.html","tags":["lang_de","security"],"title":"2FA für Mastodon"},{"categories":null,"content":"Change Data Capture is a way to capture, well, events from a system that describe how the data in the system changed. For a system that does business transactions that may be at the lowest level Create, Update, or Delete of entities or relationships. Systems that emit this kind of events are called Entity Services and are kind of the lowest level of events that you can have in such a system.\nIn our sample reservation system from earlier in this blog, we get this schema:\nIn an OLTP database, a reservation is a (resid, userid, thingid, date). It references the user data by userid, and the thing data by thingid.\nand therefore the events are\nCreateUserEvent(user) UpdateUserEvent(user) DeletUserEvents(user) CreateThingEvent(thing) UpdateThingEvent(thing) DeleteThingEvent(thing) CreateReservationEvent(user, thing, date) UpdateReservationEvent(user, thing, date) DeleteReservationEvent(user, thing, date) or maybe a slightly more refined version of that, in which you create actual Getters and Setters for the properties of the entities modified.\nBut in an actual Event Sourcing system, you would write down and name the individual business transactions, and describe their behaviors.\nIn our reservation system, we have users that subscribe or unsubscribe to our reservation service, or update their data. This should be reflected in the names of the methods. We also have operations by users on things, such as a Reservation(), Cancellation(), a Takeout() or a Return() with the appropriate parameters. These events are behavioral, and the behaviors are the business transactions which describe what the business does.\nBut when we are retrofitting CDC onto an existing system, getting behavioral events is often a major refactoring or re-architecting task. So for this article, let\u0026rsquo;s focus on grabbing Entity Events. And because this is the third in a series of articles on data warehouses, on flattening, that is, replacement of identifiers by the values we want exported.\nHow to get Events? In a system designed to generate behavioral business events from the start, you would emit these events directly from the application, and would add the business event identifier also to the transactions in your OLTP system. This way you can make sure each record in the database has a matching business event and vice versa, enabling you to audit the database and the event stream for consistency.\nIn our retrofitted system, this is not possible, because we have neither behavioral business events nor identifiers for these. We still want data, but we grab it from the database.\nIn MySQL, we get row level change data from the Binlog in a moderately well documented and stable format. Binlog is what powers MySQL replication. It is guaranteed to have an upgrade path, but it is not necessarily stable. So if the binlog format changes, and you have critical applications consuming the binlog that are not MySQL replicas, you need to be prepared to make changes to the binlog processors, quickly, in order to be able to upgrade MySQL. This is not a hypothetical scenario: When MySQL introduced Global Transaction IDs and later Binlog compression, a lot of third party binlog consumers broke.\nPackages that consume binlog are for example python-mysql-replication , or Debezium .\nUsing python-mysql-replication, and creating tables for our simple reservation system above, we can run the examples/dump_events.py to see what goes on:\n(venv) $ python examples/dump_events.py ... === QueryEvent === Date: 2022-12-05T16:14:16 Log position: 3282 Event size: 181 Read bytes: 181 Schema: b\u0026#39;kris\u0026#39; Execution time: 0 Query: create table thing (thingid integer not null primary key, name varchar(80), color varchar(20), weight decimal(12,4)) === QueryEvent === Date: 2022-12-05T16:14:32 Log position: 3751 Event size: 161 Read bytes: 161 Schema: b\u0026#39;kris\u0026#39; Execution time: 0 Query: create table user ( userid integer primary key not null, name varchar(80), address varchar(200)) === QueryEvent === Date: 2022-12-05T16:15:15 Log position: 4052 Event size: 199 Read bytes: 199 Schema: b\u0026#39;kris\u0026#39; Execution time: 0 Query: create table reservation(resid integer not null primary key, userid integer not null, thingid integer not null, resdate date not null) For each DDL statement, we get a QueryEvent with some identifiers, the schema name, and the actual Query statement. The Query statement is not normalized, so if we wanted to do more with it than simply passing it on, we would also need a MySQL SQL syntax parser.\nLater on, when loading data, we get RowsEvent instances, and need to modify the script a bit to see the actual row changes. We send SQL:\nmysql\u0026gt; insert into user values (1, \u0026#34;Kris\u0026#34;, \u0026#34;At home\u0026#34;); mysql\u0026gt; insert into thing values (1, \u0026#34;A Fish\u0026#34;, \u0026#34;Colorful\u0026#34;, 10.0); mysql\u0026gt; insert into reservation (1, 1, 1, date(now())); And we get Row Change Events. They might look like this:\n{\u0026#39;action\u0026#39;: \u0026#39;insert\u0026#39;, \u0026#39;address\u0026#39;: \u0026#39;At Home\u0026#39;, \u0026#39;name\u0026#39;: \u0026#39;Kris\u0026#39;, \u0026#39;schema\u0026#39;: \u0026#39;kris\u0026#39;, \u0026#39;table\u0026#39;: \u0026#39;user\u0026#39;, \u0026#39;userid\u0026#39;: 1} {\u0026#39;action\u0026#39;: \u0026#39;insert\u0026#39;, \u0026#39;color\u0026#39;: \u0026#39;Colorful\u0026#39;, \u0026#39;name\u0026#39;: \u0026#39;A Fish\u0026#39;, \u0026#39;schema\u0026#39;: \u0026#39;kris\u0026#39;, \u0026#39;table\u0026#39;: \u0026#39;thing\u0026#39;, \u0026#39;thingid\u0026#39;: 1, \u0026#39;weight\u0026#39;: Decimal(\u0026#39;10.0000\u0026#39;)} {\u0026#39;action\u0026#39;: \u0026#39;insert\u0026#39;, \u0026#39;resdate\u0026#39;: datetime.date(2022, 12, 5), \u0026#39;resid\u0026#39;: 1, \u0026#39;schema\u0026#39;: \u0026#39;kris\u0026#39;, \u0026#39;table\u0026#39;: \u0026#39;reservation\u0026#39;, \u0026#39;thingid\u0026#39;: 1, \u0026#39;userid\u0026#39;: 1} We also would get additional events, but we ignored them \u0026ndash; they would contain the transaction ID, table maps and so on.\nThe problem with this kind of data is obvious: We know that for a proper ETL process we need the attribute values of the things referenced, not the ids pointing to the attributes.\nSo when we receive a row change event on the reservation table, we only have the option of running a back-query to the database to resolve the ids for data. That is, for the userid: 1 from the reservation row change we would have to select * from user where userid = 1 to resolve the username and address.\nBut even that has the potential for a race condition, if a table changes faster than we can back-query. Worse, it also makes your extraction process very fragile, because the moment we change the reservation table in an incompatible way our back-queries would break.\nThe Outbox If we want to decouple this, we need to have the CDC process ignore all the OLTP tables. That is, changes to user, thing and reservation must be ignored.\nInstead, we need to create a table cdc_outbox. We would then modify the application to make changes to the OLTP tables and a flattened, DWH-like write to cdc_outbox in a single transaction. So instead of\nmysql\u0026gt; insert into user values ( ...); we would get\nmysql\u0026gt; start transaction read write; mysql\u0026gt; insert into user values (...); mysql\u0026gt; insert into cdc_outbox values ( ... ); mysql\u0026gt; commit; Doing this inside a single transaction guarantees that we only see outbox writes when there is also a CDC change. The data in the cdc_outbox would already be flattened, and maybe already in some kind of type-agnostic, easily parseable format like JSON.\nWe can then pick up these changes, and only the changes to cdc_outbox and process these. The transactional team can go and make changes to their transactional tables without talking to the analytics team, as long as they make sure to generate correct change records. And we get rid of the back-queries and the potential breakage and race conditions they bring.\n","date":"2022-12-05T00:00:00Z","href":"https://blog.koehntopp.info/2022/12/05/change-data-capture.html","tags":["lang_en","mysql","mysqldev","data warehouse"],"title":"Change Data Capture"},{"categories":null,"content":"Vor ziemlich genau 30 Jahren gab es in Deutschland die Anfangsgründe des Internet , aber es gab auch Netze, die auf anderer, viel älterer Technologie betrieben wurden \u0026ndash; die Mailboxnetze. Das sind dezentrale Netze, bei denen denen lokale Rechner mit Modems ausgestattet wurden, bei denen man anrufen und dann Nachrichten a la Mastodon online lesen konnte. Oder man hatte Software daheim, die bei der Mailbox anrief, die Nachrichten heruntergeladen hat. Dann konnte man offline lesen, Antworten schreiben und ein zweites Mal anrufen. Die Antworten wurden dann gesammelt eingeworfen, und zugestellt.\nWarum Tiernetz? Die Softwarepakete, die das erlaubt haben, hießen in Deutschland\nFidonetz (nach einem Hund), Mausnetz und Zerberus (noch ein Hund) Daher wurden diese Netze gesammelt als \u0026ldquo;Tiernetze\u0026rdquo; bezeichnet. Außerdem gab es noch das auf Unix basierende UUCP mit USENET (Linux war um diese Zeit herum gerade erst geboren).\nDie Mailbox-Software der Tiernetze basierte meistens auf MS-DOS und war nicht mehrbenutzerfähig. Die Netze hatten außerdem oft starke Größenbeschränkungen für Nachrichten. Dagegen konnte USENET im Prinzip Nachrichten ohne Größenhindernisse auf Mehrbenutzersystemen im Hintergrund befördern.\nDie Tiernetze hatten oft auch eine interne Struktur, die es notwendig machte, die dezentralen Systeme zentral in der Vernetzung zu steuern. Das war nötig, um doppelt zugestellte Nachrichten und Kreisroutings zu vermeiden. Maus und Fido waren auf eine starke Netzwerkkoordination angewiesen, USENET nicht. Und bei Zerberus habe ich damals so lange auf //padeluun und seine Entwickler eingeschlagen, bis sie das Licht gesehen haben und elementare Fehler anderer Tiernetze vermieden haben, sodaß die Software wesentlich robuster war.\nFöderationsdramen vor 30 Jahren Föderation war schon damals ein Problem. Im Sommer 1993 zum Beispiel gab es den Versuch einer Machtübernahme in der Fido-Koordination, von der Michael Keukert (Mausnetz) hier berichtet. Frank Simon hat damals ein paar interessante Worte dazu gesagt. Und hier die von Frank Simon publizierte Stellungnahme der Gegenseite . Es tut unglaublich gut, diese Texte (ohne 500 Zeichen Beschränkung!) aus heutiger Sicht noch einmal zu lesen, und so viele Dinge wiederzufinden.\nWas wir hier sehen, ist Fedidrama, 30 Jahre in der Vergangenheit \u0026ndash; es gibt Machtgerangel zwischen Instanzen, die autonom betrieben werden und bei denen die Betreiber unterschiedliche Vorstellungen haben, wie die Dinge zu organisieren sind. Die Diskussion geht nur oberflächlich um andere Dinge als zum Beispiel gerade zwischen octodon.social und social.tchncs.de\nStore and Forward im /CL Ein auf Zerberus basierendes abgetrenntes Netz, \u0026ldquo;Comlink\u0026rdquo; oder \u0026ldquo;/CL\u0026rdquo;, wollte zum Beispiel die Ausbreitung der Nachrichten seiner Benutzer kontrollieren. Es gab also Mailboxen, die neben anderen Zerberus-Gruppen auch die /CL-Gruppen aufliegen hatten und die diese /CL-Inhalte ihrer User untereinander über ein separates Overlay ausgetauscht haben. Das heißt, sie haben sich für die /CL-Inhalte also gegenseitig angerufen. Und es gab eine /CL-Netzkoordination, die meinte, sie könnte die Ausbreitung der Inhalte der Schreiber in /CL kontrollieren.\nRechtlich war das nicht geregelt \u0026ndash; es gab möglicherweise Verträge zwischen dem /CL-Träger und einzelnen Systembetreibern, aber sicher keine Verträge zwischen den Autoren der Artikel und dem /CL-Träger. Und jeder Benutzer hat halt mit seinem Client die Beiträge aus dem /CL zum Lesen runter gesaugt. So auch ich damals, und gleich ein paar Mal von verschiedenen Quellen.\nIch hatte jedoch keine /CL- oder Zerberus-Software am Laufen, sondern ein Gateway nach UUCP/USENET. Weil ich die Daten mehrfach runter gesaugt und den Ursprung anonymisiert hatte, und weil ich sehr oft pro Tag angerufen habe, hatte ich meist den schnellsten und den komplettesten Feed von Artikeln für /CL. Den ich bereitwillig weiter gegeben habe.\nDie /CL-Netzkoordination hatte mir damals gedroht, mich zu deföderieren, aber sie kannte ja meine Quelle nicht. Und die war hochredundant. Außerdem hatte ich die entsprechenden Herkunftsdaten aus den Artikeln gelöscht, sodaß sie nicht an meinen Upstream herankamen. Ich hatte die betreffenden Personen aufgefordert, mich zu verklagen. Das ist aber nie passiert.\nWas passiert ist: Einige /CL-Systeme haben sich meinen Feed geholt, weil er schnell und komplett war. Am Ende meines Studiums habe ich damals den ganzen Gateway- und Mailboxbetrieb aus Gründen recht schnell einstellen müssen. Der Dienst ist dann leider recht plötzlich und unangekündigt weggefallen.\nErstaunlicherweise ist das /CL dann für ein paar Tage ungeplant in einige Teilnetze zerfallen. Offenbar war ich mit meinem Hobbygateway zum zentralen Punkt einer weitgehend undokumentierten Hub- und Spoke Struktur geworden, die Teilnetzblasen ohne sekundäre Verbindung zusammengehalten hat.\nkiel.* und die Koordinationssimulation Ich hatte die Gateway-Sammlung auf meinem lokalen Unix eigentlich gar nicht betrieben, um /CL zu machen. Ich war damals in einem Kieler Internet- und Mailbox-Verein tätig, den es noch heute gibt: toppoint.de \u0026ndash; inzwischen mehr ein Makerspace.\nUnd nachdem das tpki-System aus meiner Wohnung in die Eichhofstraße ausgezogen war, habe ich mit meinen Systemen andere Dinge gemacht. Eine dieser Sachen war die Entwicklung und der Betrieb von Gateway-Software in Mausnetz, Fidonetz und Zerberus. Wir hatten damals auf USENET-Seite eine Reihe von Diskussionsgruppen (heute würde man Hashtags sagen) eingerichtet, die kiel.* als Präfix hatten, und die bereits zwischen zwei rivalisierenden USENET-Organisationen in Kiel ausgetauscht.\nMit den Gateways konnte ich auch mit der KI-Maus, und mit der lokalen Fidonode reden, und auch mit der KBBS von Holger Petersen. Auf diese Weise hatten wir gemeinsame Kieler Diskussionsforen auf allen relevanten Technologien dieser Zeit. In einigen dieser Netze war ich ein \u0026ldquo;Point\u0026rdquo; (eine Micronode mit nur einem User), in anderen eine volle Node mit einem eigenen Nodenamen und vollen Routing.\nIn jedem Fall hat meine Modem-Hardware (später ISDN) einige Dutzend Anrufe pro Tag gemacht, um diese Systeme zu vernetzen. kiel.* war eine komplett anarchische Struktur: Wer eine neue Diskussionsgruppe (einen neuen Hashtag) haben wollte, der hat den einfach eingerichtet. Die meisten Leute haben das nicht getan, sondern erst mal rückgefragt, was die anderen so denken, und erst dann gemacht. Das hat auf der Größe recht gut skaliert.\nDie Tiernetze hat das vor einige mentale Probleme gestellt, denn in Fido und Maus ist so etwas ohne Koordinator undenkbar gewesen. Das war in der Diskussion recht schwierig, weil die nicht gefragt haben, was ist und wie man das lösen könne, sondern gefragt haben, wer denn für kiel.* der Koordinator sei.\nUnd das dann erst einmal zu erklären war zu schwierig. Also hat, wer immer die Frage gesehen hat, behauptet der kiel.* Koordinator zu sein, dann die Frage bekommen und die dann beantwortet.\nDas hat über 15 Jahre oder mehr gut funktioniert. Also für kiel.*. Aber auch für die Tiernetz-Admins, die auf diese Weise die vertrauten Strukturen vorgefunden haben, und mit ihnen arbeiten konnten, ohne daß ihr Weltbild infrage gestellt wurde.\nUSENET ist Vergangenheit Ein Problem bei der Föderation von USENET trat dann später in den deutschsprachigen Gruppen de.* zutage, und am Ende ist USENET dann daran zugrunde gegangen:\nDas Einrichten neuer Gruppen war aus nicht nachvollziehbaren Gründen im USENET ein Riesen-Aufriß mit Diskussion, formalen RfV (Request for Vote), in dem um einen Proposal gerungen wurde und dann einem Voting-Prozess mit Quorum und Mehrheiten. Also, das Einrichten einer Gruppe hat nichts gekostet: Ein Verzeichnis anlegen und gut ist.\nAber eine Gruppe von Admins vom Kaliber \u0026ldquo;deutscher Wikipedia-Pedant\u0026rdquo; davon zu überzeugen, daß die Gruppe notwendig ist, das war teuer. Die meisten Leute haben dann lieber einen Server von Hetzner geholt und ein Web-Board installiert und am Ende waren die Wikipedia-Typen alleine in ihrem Netz. Heute gibt es USENET nicht mehr. Es ist tot, abgeritten zu den Ahnen.\nDas andere Problem, das sich bei USENET gezeigt hat, ist die Tatsache, daß es als föderiertes Netz keine Client-Software gab, die neue, inkompatible Features entwickeln konnte.\nSchon die Benutzung von Umlaufen in Headerzeilen und im Text war Drama. Mein Nick, isotopp, kommt aus dieser Zeit, denn der Umlaut mußte als\n=?iso-8859-1?q?K=F6hntopp?= codiert werden und wessen Client das nicht decodierte, der hat halt Iso-unleserlich-topp gesehen. Ich hatte damals sogar noch ein Türschild, das mir jemand (Lutz Donnerhacke?) anläßlich eines Besuches geschenkt hatte.\nDarauf stand\nKristian K=F6hntopp Noch schlimmer waren multimediale Inhalte in Nachrichten. Dafür mußte der Newsreader-Client halt Mime verstehen und decodieren können und das konnten viele nicht. Also gab es wieder Fedidrama, um die Benutzung von solchen Dingen. Oder halt Webboards. Das ist im Prinzip genau wie mit den XMPP-Clients.\nDie nimmt heute auch keiner mehr, weil es keine zwei Clients bzw auch keine Server und Clients verschiedener Hersteller gibt, die dieselben XEP implementieren (XEP sind XMPP Protokollerweiterungen). Also machen wir jetzt alle Discord und auf der Arbeit Discord für Arme, also Slack. Plus das Spamproblem: Google Jabber (\u0026ldquo;Google Talk\u0026rdquo;) hatte anfangs mit anderen XMPP-Servern föderiert.\nAber dann stellte sich schnell heraus, daß viele dieser XMPP-Server weder echte XMPP-Server waren, noch echte User hatten, sondern nur als Spam-Injektor-Instanzen in Google Talk dienten, um Google User zu phishen.\nAlso hat Google erst Gruppenchats deföderiert um seine User zu schützen und am Ende auch 1:1 Chats abgeschaltet. Und XMPP macht halt keiner mehr. Tot.\nAuslöser dieses Historien-Threads war übrigens das Drama von dem Reply-Guy hier und die Totaleskalation danach, die dazu geführt hat, daß octodon.social social.tchncs.de deförderiert hat.\nIch habe Freunde auf beiden Servern, die jetzt nicht mehr miteinander reden können und die allesamt nach anderen Instanzen suchen.\nInsofern alles wie damals.\n","date":"2022-12-02T00:00:00Z","href":"https://blog.koehntopp.info/2022/12/02/usenet-und-tiernetze.html","tags":["lang_de","usenet","kiel"],"title":"USENET und Tiernetze"},{"categories":null,"content":"Based on what I learned in Systemd Service and Socket Activation and Systemd Service and stdio , we can now have a look at Docker.\nThe code for -H fd://-Handling is here . The file descriptors are coming from activation.Listeners(), and are in the listeners slice. In our case, the part after the fd:// is empty, so lines 83-85 are activated, and the incoming fd\u0026rsquo;s are passed to the Docker proper.\n63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 func listenFD(addr string, tlsConfig *tls.Config) ([]net.Listener, error) { var ( err error listeners []net.Listener ) // socket activation if tlsConfig != nil { listeners, err = activation.TLSListeners(tlsConfig) } else { listeners, err = activation.Listeners() } if err != nil { return nil, err } if len(listeners) == 0 { return nil, errors.New(\u0026#34;no sockets found via socket activation: make sure the service was started by systemd\u0026#34;) } // default to all fds just like unix:// and tcp:// if addr == \u0026#34;\u0026#34; || addr == \u0026#34;*\u0026#34; { return listeners, nil } fdNum, err := strconv.Atoi(addr) if err != nil { return nil, errors.Errorf(\u0026#34;failed to parse systemd fd address: should be a number: %v\u0026#34;, addr) } fdOffset := fdNum - 3 if len(listeners) \u0026lt; fdOffset+1 { return nil, errors.New(\u0026#34;too few socket activated files passed in by systemd\u0026#34;) } if listeners[fdOffset] == nil { return nil, errors.Errorf(\u0026#34;failed to listen on systemd activated file: fd %d\u0026#34;, fdOffset+3) } for i, ls := range listeners { if i == fdOffset || ls == nil { continue } if err := ls.Close(); err != nil { return nil, errors.Wrapf(err, \u0026#34;failed to close systemd activated file: fd %d\u0026#34;, fdOffset+3) } } return []net.Listener{listeners[fdOffset]}, nil } Summary The question that started this Yak shaving session was: \u0026ldquo;How to expose the docker socket of a remote machine over the network?\u0026rdquo; And this appears that the answer to this question is:\ntake the original docker.socket configuration create an override and add a secondary listener socket for tcp://0.0.0.0:2375 So:\n# systemctl edit docker.socket ... # systemctl cat docker.socket # /lib/systemd/system/docker.socket [Unit] Description=Docker Socket for the API [Socket] ListenStream=/var/run/docker.sock SocketMode=0660 SocketUser=root SocketGroup=docker [Install] WantedBy=sockets.target # /etc/systemd/system/docker.socket.d/override.conf [Socket] ListenStream= ListenStream=/run/docker.sock ListenStream=2375 This clears the original ListenStream list, and then adds two entries back.\nThe first change addresses the error message\nListenStream= references a path below legacy directory /var/run/, updating /var/run/docker.sock tcp://0.0.0.0:2375 → /run/docker.sock tcp://0.0.0.0:2375; please update the unit file accordingly. The second one adds a listener to port [::]:2375.\nAnd that will allow me to talk to the Docker server on my development host over the network.\n","date":"2022-11-28T00:00:00Z","href":"https://blog.koehntopp.info/2022/11/28/systemd-and-docker-fd.html","tags":["lang_en","python","devops"],"title":"Systemd and docker -H fd://"},{"categories":null,"content":"After yesterday\u0026rsquo;s article, Arne Blankerts pointed me at a note showing how to install a program using stdio with systemd.\nCode and Unit files The code:\n#! /usr/bin/env python3 import sys if __name__ == \u0026#34;__main__\u0026#34;: while True: line = input().strip() print(f\u0026#34;ECHO: {line}\u0026#34;) if line == \u0026#34;QUIT\u0026#34;: sys.exit(0) The Socket Unit:\n$ systemctl --user cat kris2.socket # /home/kris/.config/systemd/user/kris2.socket [Unit] Description=My second service PartOf=kris2.service [Socket] ListenStream=127.0.0.1:12346 Accept=Yes [Install] WantedBy=sockets.target And the Service Unit, which has to be a template:\n$ systemctl --user cat kris2@.service # /home/kris/.config/systemd/user/kris2@.service [Unit] Description=My second Service After=network.target kris2.socket Requires=kris2.socket [Service] Type=simple ExecStart=/usr/bin/python3 %h/Python/systemd-socketserver/echoserver.py TimeoutStopSec=5 StandardInput=socket StandardOutput=socket StandardError=journal [Install] WantedBy=default.target A template Unit A systemd template starts a new instance of the service for each incoming connection, because nothing in the code of the service is aware of being a network service. Instead stdin and stdout are connected to the network by systemd, and stderr is being directed to journald. The actual service just performs normal stdio.\nSince connections are being accepted by systemd, and then fed into the service using normal stdio, a new instance of the service has to be started for each connection. This is done with a service template, \u0026ldquo;kris2.@service\u0026rdquo;.\nRunning stuff We can enable and start the socket:\n$ systemctl --user enable kris2.socket Created symlink /home/kris/.config/systemd/user/sockets.target.wants/kris2.socket → /home/kris/.config/systemd/user/kris2.socket. $ systemctl --user start kris2.socket $ lsof -i -n -P COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME systemd 327983 kris 28u IPv4 2520788109 0t0 TCP 127.0.0.1:12346 (LISTEN) Since the service is a template, it cannot be started.\n$ systemctl --user enable kris2@.service Failed to enable unit: File default.target: Identifier removed That is also not necessary, because systemd will do that for us on connect:\n$ telnet localhost 12346 Trying 127.0.0.1... Connected to localhost. Escape character is \u0026#39;^]\u0026#39;. I am a test. ECHO: I am a test. QUIT ECHO: QUIT Connection closed by foreign host. While connected, we can see the user systemd instance hanging off the PID 1 systemd, and the family of user-services hanging off the user systemd instance.\nsystemd(1)─┬─ModemManager(2480)─┬─{ModemManager}(2565) … ├─systemd(327983)─┬─(sd-pam)(327984) │ ├─pipewire(327990)───{pipewire}(328047) │ ├─pipewire-media-(327991)───{pipewire-media-}(3280+ │ └─python3(3315905) … Multiple ports We can now modify the socket Unit to provide more than one port.\n$ systemctl --user cat kris2.socket # /home/kris/.config/systemd/user/kris2.socket [Unit] Description=My second service PartOf=kris2.service [Socket] ListenStream=127.0.0.1:12346 ListenStream=127.0.0.1:12347 Accept=Yes [Install] WantedBy=sockets.target And after this, the service will be available on both ports. Since the service\u0026rsquo;s code does not know anything about networking at all, it won\u0026rsquo;t even notice.\nSummary Using template systemd services, and redirecting stdin and stdout, we can create systemd Units that work with programs that are not aware of the fact that they are running connected to the network. This simplifies the code for a service considerably, and also makes it much easier to test the service.\nTemplate Units themselves cannot be enabled or started, which is initially unexpected, but makes a lot of sense once you start to think about it.\n","date":"2022-11-28T00:00:00Z","href":"https://blog.koehntopp.info/2022/11/28/systemd-service-and-stdio.html","tags":["lang_en","python","devops"],"title":"Systemd Service and stdio"},{"categories":null,"content":"In today\u0026rsquo;s Yak Shaving session I needed to understand how to expose the docker socket of a remote machine over the network. You should not do that, it is totally insecure, but I needed to do that to test something.\nSocket Activation I discovered that dockerd is running with -H fd://.\n# ps axuwww | grep docker[d] root 1616732 0.5 0.1 2930892 52168 ? Ssl 15:32 2:25 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock That is happening in the docker.service definition for Docker:\n# systemctl cat docker.service | egrep \u0026#39;(service$|ExecStart)\u0026#39; # /lib/systemd/system/docker.service After=network-online.target firewalld.service containerd.service Wants=containerd.service ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock That is, /lib/systemd/system/docker.service defines activation through the fd:// file descriptor. That descriptor is in turn provided by the docker.socket unit, which looks like this:\nroot@server:~# systemctl cat docker.socket # /lib/systemd/system/docker.socket [Unit] Description=Docker Socket for the API [Socket] ListenStream=/var/run/docker.sock SocketMode=0660 SocketUser=root SocketGroup=docker [Install] WantedBy=sockets.target Both units are in /lib/systemd/system, which means they are OS-provided and should not be directly edited.\nOverriding I could override the service with systemctl edit docker.service, and provide a different ExecStart. Since that is a list, I need to empty it first, and then put a new definition in.\n[Service] ExecStart= ExecStart=/usr/bin/dockerd This starts docker without options, and I could define one or more sockets in /etc/docker/daemon.json. It would also drop systemd socket activation, though.\nThat led me to the question \u0026ldquo;How does one actually write a daemon that cooperates with systemctl socket activation?\u0026rdquo; and also to the question \u0026ldquo;Can I have socket activation listen to more than one port, for example a Unix Domain Socket and a TCP-Socket?\u0026rdquo;\nWriting a Python daemon with socket activation Let\u0026rsquo;s write a simple daemon:\n#! /usr/bin/env python3 from socketserver import TCPServer, StreamRequestHandler import socket import logging class MyDaemon(StreamRequestHandler): def handle(self): logging.info(f\u0026#34;Connection from {self.client_address}.\u0026#34;) self.data = self.rfile.readline().strip() self.data = self.data.decode(\u0026#34;utf-8\u0026#34;) response = str(self.data[::-1]) logging.info(f\u0026#34;Data: {self.data} Response: {response}\u0026#34;) self.wfile.write(response.encode(\u0026#34;utf-8\u0026#34;)) class Server(TCPServer): def __init__(self, server_address, hnd): # call superclass, but bind_and_activate is done by systemd. # If we set that to True, it could run as a standalone program. TCPServer.__init__(self, server_address, hnd, bind_and_activate=False) # take socket passed on from systemd (3, first after stdin, stdout, stderr) self.socket = socket.fromfd(self.3, self.address_family, self.socket_type) if __name__ == \u0026#34;__main__\u0026#34;: logging.basicConfig(level=logging.INFO) HOST, PORT = \u0026#34;127.0.0.1\u0026#34;, 12345 server = Server((HOST, PORT), Handler) server.serve_forever() If we set bind_and_activate= to True, that thing would run from the command line as a standalone server.\n$ ./demoserver.py # now telnet 127.0.0.1 12345 to test Instead, we need to set this up with systemd.\nA service and a socket unit We need to set up a service definition unit. Since we chose a high port number (\u0026gt;1024), we can run it as a user without privileges.\nSystemd is actually running a copy of itself for each logged-in user:\n$ ps axuwww | grep system[d] | grep user kris 327983 0.1 0.0 20144 11948 ? Ss Nov06 31:11 /lib/systemd/systemd --user gdm 2419957 0.1 0.0 18768 10884 ? Ss Nov21 13:03 /lib/systemd/systemd --user So we define a service unit using systemctl --user --full --force kris.service and then do the same for a socket unit:\n$ systemctl --user cat kris.service # /home/kris/.config/systemd/user/kris.service [Unit] Description=Kris Service After=network.target kris.socket Requires=kris.socket [Service] Type=simple ExecStart=/usr/bin/python3 %h/Python/systemd-socketserver/demoserver.py TimeoutStopSec=5 [Install] WantedBy=default.target Our service is declared as having a Requires= relationship to its socket. And because relationships do not define ordering, we also put the sockets into the After= relationship.\nThe service is a simple service, so systemd will simply fork off the defined binary. Ths service definition uses %h, which is replaced by the users home directory. We also define a timeout.\nNow the socket, on which we depend:\n$ systemctl --user cat kris.socket # /home/kris/.config/systemd/user/kris.socket [Unit] Description=Kris Socket PartOf=kris.service [Socket] ListenStream=127.0.0.1:12345 [Install] WantedBy=default.target The PartOf= makes sure the socket is started and stopped together with the server. The ListenStream= is the port systemd will open, bind to and listen on. The socket produced by systemd will them be handed off to us on FD 3.\nStarting the service It is sufficient to work on kris.service to start and stop things, because of the relationships we defined between socket and service.\n$ systemctl --user show kris.service| grep kris ExecStart=... ExecStartEx=... WorkingDirectory=!/home/kris Id=kris.service Names=kris.service Requires=kris.socket basic.target app.slice ConsistsOf=kris.socket After=kris.socket basic.target network.target app.slice TriggeredBy=kris.socket FragmentPath=/home/kris/.config/systemd/user/kris.service The ConsistsOf= here comes from the PartOf= defined in the socket. After running systemctl --user start kris.service we will see the service running using lsof:\n$ lsof -i -n -P COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME systemd 327983 kris 36u IPv4 2390840115 0t0 TCP 127.0.0.1:12345 (LISTEN) python3 1957657 kris 3u IPv4 2390840115 0t0 TCP 127.0.0.1:12345 (LISTEN) python3 1957657 kris 5u IPv4 2390840115 0t0 TCP 127.0.0.1:12345 (LISTEN) Testing the service We can now test:\n$ echo \u0026#34;I am a test\u0026#34; | netcat 127.0.0.1 12345; echo tset a ma I And the log shows:\n$ journalctl --user-unit kris.service| tail -5 Nov 27 23:58:48 server systemd[327983]: Started Kris Service. Nov 27 23:59:59 server python3[1957657]: INFO:root:Connection from (\u0026#39;127.0.0.1\u0026#39;, 57512). Nov 27 23:59:59 server python3[1957657]: INFO:root:Data: I am a test Response: tset a ma I Nov 28 00:00:05 server python3[1957657]: INFO:root:Connection from (\u0026#39;127.0.0.1\u0026#39;, 57528). Nov 28 00:00:05 server python3[1957657]: INFO:root:Data: I am a test Response: tset a ma I Listening on two ports We can now change the socket unit:\n(systemd-socketserver) kris@server:~$ systemctl --user cat kris.socket # /home/kris/.config/systemd/user/kris.socket [Unit] Description=Kris Socket PartOf=kris.service [Socket] ListenStream=127.0.0.1:12345 ListenStream=127.0.0.1:23456 [Install] WantedBy=default.target When we restart the service, this is being reflected in the systemd running, but only partially in the service running:\n$ systemctl --user stop kris.service $ systemctl --user start kris.service $ lsof -i -n -P COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME systemd 327983 kris 35u IPv4 2391279244 0t0 TCP 127.0.0.1:12345 (LISTEN) systemd 327983 kris 37u IPv4 2391279245 0t0 TCP 127.0.0.1:23456 (LISTEN) python3 1961235 kris 3u IPv4 2391279244 0t0 TCP 127.0.0.1:12345 (LISTEN) python3 1961235 kris 4u IPv4 2391279245 0t0 TCP 127.0.0.1:23456 (LISTEN) python3 1961235 kris 6u IPv4 2391279244 0t0 TCP 127.0.0.1:12345 (LISTEN) So we also need to adjust our binds (or, in the case of docker, the daemon.json).\n","date":"2022-11-27T00:00:00Z","href":"https://blog.koehntopp.info/2022/11/27/systemd-service-and-socket-activation.html","tags":["lang_en","python","devops"],"title":"Systemd Service and Socket Activation"},{"categories":null,"content":"Continued from last weeks article on data warehouses.\nAt work, I was tasked with building a capacity model for data center growth. The basic assumption of these things is often that the future behaves similarly to the past, so the future predicted capacity model is somehow an extension of past growth. I needed old server usage data, and was indeed able to find that in one of our systems, called ServerDB.\nServerDB is an in-house Django application that models server ownership, equipment, rack positions, and usage. It drives provisioning of machines, exposing a REST API, and driving an automated installation process, based on requests, availability, redundancy concerns and other factors. It also manages tickets for Data Center Operations Engineers, and interfaces with a number of other, similar systems.\nI did find that ServerDB was keeping a log of all changes to the core server_servers table by the means of a Django save handler, and that it had accumulated six years worth of data. It was in fact the largest table in the system, larger than all other tables together. While that was not the data I needed it was the data I had, and I could make it work.\nFor the future I wanted something more, so I wrote an ETL process that each night would export the entire server fleet, denormalizing the data, and pushing the attributes I wanted to record into a second database, serverdb_dw. I would keep three months worth of daily exports, and expire all weekdays but Mondays after that. This would be leaving me with weekly data for an indefinite timespan.\nAn ETL driver The ETL script is written in Python, and uses Click to handle command line options.\nWe make ourselves a CLI to add commands to:\n@click.group(chain=True) @click.option( \u0026#34;--verbose\u0026#34;, \u0026#34;-v\u0026#34;, default=\u0026#34;WARNING\u0026#34;, type=click.Choice([\u0026#34;DEBUG\u0026#34;, \u0026#34;INFO\u0026#34;, \u0026#34;WARNING\u0026#34;, \u0026#34;ERROR\u0026#34;, \u0026#34;CRITICAL\u0026#34;]), help=\u0026#34;Set the debug level.\u0026#34;, ) def cli(verbose=\u0026#34;WARNING\u0026#34;): \u0026#34;\u0026#34;\u0026#34;Extract data from serverdb2, denormalize it and load it into serverdb_dw, run aggregations. This command runs regularly, extracting a number of attributes about servers from serverdb2, denormalizes the data and loads it into a single table \u0026#39;server_facts\u0026#39; into serverdb_dw. It will then run a number of aggregations on the serverdb_dw table, creating a bunch of tables in serverdb_dw starting with the prefix \u0026#39;server_by_...\u0026#39;. By default, the aggregations are run only on the data from today. Options can be used to process larger chunks of data or all data. This will then take a lot of time. Options can also be used to process only individual aggregations. \\b A regular full run looks like this: ./serverdb_etl.py etl aggregate cube_aggregate \\b To re-aggregate all dimensions: ./serverdb_etl.py aggregate cube_aggregate \u0026#34;\u0026#34;\u0026#34; logger.setLevel(verbose) Making a fact table We can then hook up subcommands to our CLI.\nWe will need a fact table to write data to, so the first subcommand will be \u0026ldquo;etl_init\u0026rdquo;, which will run a CREATE TABLE for us. We collect all our methods in an Etl class, and call our create_table() method:\n@cli.command(\u0026#34;etl_init\u0026#34;) def etl_init(): \u0026#34;\u0026#34;\u0026#34; Create the server_facts table if it does not exist. Safe to use. The will run a CREATE TABLE IF NOT EXISTS statement to create a server_facts table. If a server_facts table exists, a new table will NOT be created, and no data will be lost. If the definition of the server_facts table does not match our table, it will not be changed or repaired. You need to write a manual migration to fix this. \u0026#34;\u0026#34;\u0026#34; run = Etl() run.create_table() And that is basically parametrizing a large CREATE TABLE statement with some config values, and then running it on the target database.\ndef create_table(self): \u0026#34;\u0026#34;\u0026#34; Create the server_facts table, if it does not exist, yet. This method is safe to use: The table will not be created if it already exists. No data is lost. \u0026#34;\u0026#34;\u0026#34; logger.info(\u0026#34;start create_table\u0026#34;) query = self.fact_create_table % self.fact_param logger.debug(\u0026#34;Create Query = %s\u0026#34;, query) write = get_serverdb_dw_connection() cursor = write.cursor() cursor.execute(query) logger.info(\u0026#34;end create_table\u0026#34;) The actual statement is also stored in that Etl class. I have shortened the statement considerably \u0026ndash; we are collecting many items more than listed here. Fact tables are often very wide.\nfact_create_table = \u0026#34;\u0026#34;\u0026#34;CREATE TABLE IF NOT EXISTS %(target_db)s.%(target_table)s ( `id` int(10) unsigned NOT NULL DEFAULT \u0026#39;0\u0026#39;, `report_date` date NOT NULL, `name` varchar(128) NOT NULL DEFAULT \u0026#39;\u0026#39;, `asset_type` varchar(32) NOT NULL DEFAULT \u0026#39;\u0026#39;, `serialnumber` varchar(64) NOT NULL DEFAULT \u0026#39;\u0026#39;, `delivery_date` date NOT NULL, `ip_address` varchar(16) NULL, `mac_address` varchar(17) NULL, `status` varchar(16) NOT NULL DEFAULT \u0026#39;\u0026lt;unknown\u0026gt;\u0026#39;, `site` varchar(4) NOT NULL DEFAULT \u0026#39;\u0026#39;, `region` varchar(25) NOT NULL DEFAULT \u0026#39;\u0026lt;unknown\u0026gt;\u0026#39;, `role_ids` varchar(255) NOT NULL DEFAULT \u0026#39;\u0026#39;, -- `puppet_services` varchar(255) NOT NULL DEFAULT \u0026#39;\u0026#39;, `role_names` varchar(255) NOT NULL DEFAULT \u0026#39;\u0026#39;, `rack` varchar(128) NOT NULL DEFAULT \u0026#39;\u0026#39;, `cpu_count` int(10) NOT NULL DEFAULT -1, -- `memory` decimal(8,3) NOT NULL DEFAULT \u0026#39;0.000\u0026#39;, -- `network_speed` int(11) NOT NULL DEFAULT -1, `manufacturer` varchar(32) NOT NULL DEFAULT \u0026#39;\u0026lt;unknown\u0026gt;\u0026#39;, `model` varchar(32) NOT NULL DEFAULT \u0026#39;\u0026lt;unknown\u0026gt;\u0026#39;, `owner` varchar(20) NOT NULL DEFAULT \u0026#39;\u0026lt;unknown\u0026gt;\u0026#39;, `wou_id` int(10) NOT NULL DEFAULT 0, `wou_name` varchar(80) NOT NULL DEFAULT \u0026#39;\u0026#39;, `created_at` datetime NOT NULL, `last_edit` datetime NOT NULL, PRIMARY KEY (`id`,`report_date`), KEY `name` (`name`), KEY `status` (`status`), KEY `site` (`site`), ) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC \u0026#34;\u0026#34;\u0026#34; Running the ETL Now that we have a table, we can load data into it. For that, we will be going through the classical three phases: Extract, Transform and Load.\n@cli.command(\u0026#34;etl\u0026#34;) def etl(): \u0026#34;\u0026#34;\u0026#34;Extract data from serverdb2, denormalize and load. This subcommand will run a large join on serverdb2, using the serverdb connection, and will then insert the data into the serverdb_dw.server_facts table. The data is materialized and kept in RAM between extract and load phases. \u0026#34;\u0026#34;\u0026#34; run = Etl() run.fact_extract() run.fact_transform() run.fact_load() The Extract Phase The fact extraction is basically one single select that joins against all the tables we need in order to get the data we want. We are fetching the result into a giant list of rows, which we keep in our Etl object in the data slot. Each row is a dict of field names and values. This is going to be using a lot of memory, but we will make do.\ndef fact_extract(self, param=None, query=None): \u0026#34;\u0026#34;\u0026#34; Run the fact_select query on serverdb2, loading the data into memory. The fact_query is being parametrized from self.fact_param. Set logging to debug to see queries. Set logging to info to see execution. \u0026#34;\u0026#34;\u0026#34; logger.info(\u0026#34;start fact_extract\u0026#34;) read = get_serverdb2_connection() rcursor = read.cursor(MySQLdb.cursors.DictCursor) # fetch default values from the class object if param is None: param = self.fact_param if query is None: query = self.fact_select query = query % param logger.debug(\u0026#34;Query = %s\u0026#34;, query) rcursor.execute(query) logger.info(\u0026#34;end fact_extract\u0026#34;) self.data = rcursor.fetchall() Again, we pick up the default SQL from our Etl class, parametrize it and run it. We simply suck all the data into memory and keep it.\nThe query is… ugly, and very long. Again, I shorten it in order to save some space. It gets repetitive anyway.\nServerDB is storing facts about Servers. As a Django Application, it uses Django models, and the database mode is autogenerated from that. The Django Application name is servers, so all tables are prefixed with that.\nServer class objects are stored in the servers_server table, servers is the application prefix, and server the table matching the Django object.\nBut since the Server class is a subclass of RackedAsset, and that in turn is a subclass of Asset, we are getting three tables servers_server, servers_rackedasset and servers_asset, which share a common id. They are being joined together with an inner join, because we are only interested in servers and not in any other assets (such as Switches or Filers).\nThe id of an Asset, a RackedAsset and a Server are the same, since each is a specialization of the previous one: Assets are things we have. RackedAssets also have a position in the data center (and a site). And servers have all the properties associated with a machine, such as a CPU type, memory, and disk space.\nAll rows are uniquely identified by an id, but since later in the data warehouse we will be tracking an id over time, we also need to record the report_date on which we collected the data.\nSome values may be NULL, which will be inconvenient for us. So we will be protecting us with use of COALESCE() a lot: This function goes through its parameters left to right and returns the first Non-NULL value it finds. This allows us to provide a default value for NULLs.\nWe are working with dict cursors across our code, so the columns returned here and the columns we will be using to store data do not need to line up positionally, as long as we provide proper names.\nFinally, this is a monster join. Joining more than ten tables in MySQL will blow up the optimizer, because the number of possible join permutations grows too large. We are getting away with joining far more tables than that in our example, because all of our joins are LEFT JOIN, which are not commutative. That means, the optimizer cannot do anything anyway: The asset/rackedasset/server triple is the driving table, and all other tables are just adjunct to that.\nIn any case, the query gets us the data we want \u0026ndash; all values, no IDs, completely denormalized.\nfact_select = \u0026#34;\u0026#34;\u0026#34;select a.id , date_format(now(), \u0026#34;%%Y-%%m-%%d\u0026#34;) as report_date , a.name as name , coalesce(da.asset_type, \u0026#34;\u0026lt;unknown\u0026gt;\u0026#34;) as asset_type , coalesce(a.status, \u0026#34;\u0026lt;unknown\u0026gt;\u0026#34;) as status , sn.shortname as site , coalesce(concat(sar.shortname, \u0026#34;-\u0026#34;, saz.shortname), \u0026#34;\u0026lt;unknown\u0026gt;\u0026#34;) as region , coalesce(group_concat(distinct r1.id order by r1.id), -1) as role_ids , coalesce(group_concat(distinct r1.puppet_service order by r1.puppet_service), \u0026#34;\u0026#34;) as puppet_services , coalesce(group_concat(distinct r1.name order by r1.name), \u0026#34;\u0026#34;) as role_names , coalesce(t.org_unit_id, -1) as wou_id , coalesce(t.name, \u0026#34;\u0026lt;unknown\u0026gt;\u0026#34;) as wou_name ... a few hundred lines deleted ... -- a server is an asset, rackedasset and server -- and that is why we do JOIN instead of LEFT JOIN here FROM %(source_db)s.servers_asset AS a JOIN %(source_db)s.servers_rackedasset AS ra ON (ra.asset_ptr_id = a.id) JOIN %(source_db)s.servers_server AS s ON (s.rackedasset_ptr_id = a.id) -- unfold asset_type LEFT JOIN %(source_db)s.servers_deliveryasset as da ON (da.asset_id = a.id) -- unfold the site_id, region and az data LEFT JOIN %(source_db)s.servers_site AS sn ON (sn.id = a.site_id) LEFT JOIN %(source_db)s.servers_availabilityzone as saz ON (sn.availability_zone_id = saz.id) LEFT JOIN %(source_db)s.servers_region as sar ON (saz.region_id = sar.id) -- unfold the serverrole_id (many-to-many, hence the group by in the end) LEFT JOIN %(source_db)s.servers_server_role AS sr ON (sr.server_id = a.id) LEFT JOIN %(source_db)s.servers_serverrole AS r1 ON (sr.serverrole_id = r1.id) -- unfold team ownership information LEFT JOIN %(source_db)s.servers_team as t ON (t.id = r1.managed_by) ... about a dozen tables deleted ... %(where_condition)s group by a.id The Transform Phase The data we get from our Extract is not suitable for us without a few corrections and fixes.\nWe do have all the data in memory now, in Etl.data, so we can fix up things by running over that and applying a few filters. Again, this is boring and repetitive cleanup work, so I have simplified things and show just one exemplary phase.\nThe CPU data in our data source is not the way we want it. We apply a cleanup filter, fact_transform_cpu() to it.\ndef fact_transform(self): \u0026#34;\u0026#34;\u0026#34; Transform and amend the loaded data from serverdb. - Fix CPU descriptions. - Extract CPU die counts and thread counts from description. \u0026#34;\u0026#34;\u0026#34; logger.info(\u0026#34;start fact_transform\u0026#34;) # Clean up the CPU data in self.data self.fact_transform_cpu() logger.info(\u0026#34;end fact_transform\u0026#34;) The filter looks like this:\ndef fact_transform_cpu(self): \u0026#34;\u0026#34;\u0026#34; Clean up the broken data from the servers_cpu table manually until serverdb2 fixes it at the source. \u0026#34;\u0026#34;\u0026#34; logger.info(\u0026#34;start fact_transform_cpu\u0026#34;) for row in self.data: row[\u0026#34;cpu_version\u0026#34;] = cpu_cleanup(row[\u0026#34;cpu_version\u0026#34;]) logger.info(\u0026#34;end fact_transform_cpu\u0026#34;) It iterates over the data list and calls a cleanup function for the field cpu_version. We basically drop certain words (we only want types, no marketing names), we drop multiple spaces, and we drop MHz numbers after an \u0026ldquo;@\u0026quot;-sign.\ndef cpu_cleanup(cpu): dropwords = [\u0026#34;intel(r)\u0026#34;, \u0026#34;xeon(r)\u0026#34;, \u0026#34;amd\u0026#34;, \u0026#34;dual-core\u0026#34;, \u0026#34;0\u0026#34;, \u0026#34;virtual\u0026#34;, \u0026#34;cpu\u0026#34;] # Nothing to see here: move on if cpu in [\u0026#34;\u0026lt;unknown\u0026gt;\u0026#34;, \u0026#34;Not Specified\u0026#34;]: return cpu # uniform case, remove extra spaces, speed info cpu = cpu.lower() cpu = re.sub(r\u0026#34; +\u0026#34;, \u0026#34; \u0026#34;, cpu) cpu = re.sub(r\u0026#34; *@ *[0-9.]+.*\u0026#34;, \u0026#34;\u0026#34;, cpu) # drop items we do not care about cpu_fields = cpu.split(\u0026#34; \u0026#34;) cpu = \u0026#34;\u0026#34; for field in cpu_fields: if field not in dropwords: cpu += field + \u0026#34; \u0026#34; # make sure we don\u0026#39;t have strange spacing in the version name # we previously had that cpu = re.sub(r\u0026#34;- +\u0026#34;, \u0026#34;-\u0026#34;, cpu) return cpu Other filters exist for other fields, where we have similar anomalies and annoyances.\nWe might also call out to other data source or databases, and add data from them to our in-memory dataset. For example, we could call out to Puppet, to collect Puppet Facts collected from \u0026ldquo;inside\u0026rdquo; the running machine. Or we could call to our Network Equipment Management System, Nemo, to collect data about machines from a Switch PoV.\nThe Load Phase Now that we have a clean dataset in memory we can write it out into our server_facts table in the data warehouse. We do that using REPLACE statements, which will allow us to run the ETL process multiple times per day. Newer runs will simply overwrite older runs, by primary key ((id, report_date))\nOriginally, we wrote out the data in a single connection, but that created many problems:\nThe large write created replication delay. The large write exceeded the maximum transaction size for compressed binlog (1 GB). The large write exceeded the maximum transaction size for group replication primaries. So we now run our write query with an executemany_in_batched(), which makes multiple smaller writes. It also checks replication, and waits with the execution of the next transaction until the previous one has finished replicating.\ndef fact_load(self, param=None): \u0026#34;\u0026#34;\u0026#34; Take the data and load it into the target table in the target database, using replace-statements. The use of replace-statements makes the data load idempotent on a single day. The query is being parametrized using self.fact_param. \u0026#34;\u0026#34;\u0026#34; logger.info(\u0026#34;start fact_load %s rows.\u0026#34;, str(len(self.data))) write = get_serverdb_dw_connection() replica = get_serverdb_dw_replica_connection() # get one load-balanced random replica of many # getting some default parameters if param is None: param = self.fact_param # we are only interested into the keys here, for query building firstrow = self.data[0] # replace into serverdb_dw.server_facts set col1 = %(col1)s, ... query = \u0026#34;replace into %(target_db)s.%(target_table)s set \u0026#34; % param query += \u0026#34;, \u0026#34;.join(f\u0026#34;{k} = %({k})s\u0026#34; for k in list(firstrow.keys())) logger.debug(\u0026#34;Query = %s\u0026#34;, query) executemany_in_batches(write, replica, query, self.data) self.data = [] logger.info(\u0026#34;end fact_load\u0026#34;) The executemany_in_batches() looks like this:\ndef executemany_in_batches(write, replica, query, data, *, batch_size=1000): wcursor = write.cursor(MySQLdb.cursors.DictCursor) rcursor = replica.cursor(MySQLdb.cursors.DictCursor) # It\u0026#39;s nonfatal for the SET SESSION command to fail # It means there were multiple batches executed within the same # script invocation and a previous one still has an ongoing transaction with contextlib.suppress(MySQLdb._exceptions.OperationalError): wcursor.execute(\u0026#34;SET SESSION session_track_gtids=OWN_GTID\u0026#34;) for n in range(0, len(data), batch_size): wcursor.executemany(query, data[n : n + batch_size]) write.commit() wcursor.execute(\u0026#34;SELECT @@GLOBAL.GTID_EXECUTED as gtid\u0026#34;) gtid = wcursor.fetchone()[\u0026#34;gtid\u0026#34;] rcursor.execute(\u0026#34;SELECT WAIT_FOR_EXECUTED_GTID_SET(%s, 10)\u0026#34;, (gtid,)) This will push batch_size many rows at once into the database, commit, and wait for the replication to acknowledge the arrival in the replica.\nRunning Aggregations After loading the data into the database, we update a bunch of aggregations. We count machines per Puppet class, per Data Center, and per Vendor and Type. We do keep these counts per report_date.\nThat also means we can add to existing aggregations and need to run sums only for the current day. This is much faster than regenerating data for the entire collection every day, and past numbers also do not change.\nData size Our server_facts table is very wide, the values shown here are simplified and the table shortened. We do not yet compress strings with lookup tables, so each server name is repeated for each day over the lifetime of the server. A CPU or Vendor name is also repeated, and much more often.\nAssuming 100.000 machines and one KB of data per machine, we end up with 100 MB of data per day retained. 90 days are kept at full resolution, for 9 GB of data. Additionally, another 100 MB per week is retained, for 5.2 GB of data per year, or an additional 26 GB in five years.\nA 35 GB database is not large, and can be kept in memory easily on most database server machines. So we do not actually have a \u0026ldquo;big data\u0026rdquo; problem here, but we do have a valuable collection of server data that enables us to\ndocument server use by team, model refresh projects by predicting server retirement dates, analyze per team/use-case fleet growth over time, make predictions and model fleet growth for the coming year, planning procurement and capex, and collect aggregate power consumption and compare it to metered and predicted power consumption at the rack, row and room level. This enables a number of planning use-cases and gives visibility for the data center team.\nIt also makes a nice model use-case to explain data warehouses and how to transform transactional data into business intelligence data.\n","date":"2022-11-20T00:00:00Z","href":"https://blog.koehntopp.info/2022/11/20/etl-from-a-django-model.html","tags":["lang_en","mysql","mysqldev","data warehouse"],"title":"ETL from a Django Model"},{"categories":null,"content":" A sample system When you have an Online Transactional Database, you have to record transactions at some point in time. That means you get a table with time dimension in your OLTP system. Consider for example a system that records Reservations. Users exist and can reserve Things to use, for a day.\nYou probably get a structure such as this:\nIn an OLTP database, a reservation is a (resid, userid, thingid, date). It references the user data by userid, and the thing data by thingid.\nThis assumes we have unique complete representations of a user and a thing, and we always want to reference the most current version of each of them. It also assumes that the reservation is transient. Maybe we add additional fields, or pointers to other tables to track state changes: A user can show up and get their thing, then work with it. When they give it back, we record the fact, and make sure the thing is checked to be okay after use.\nFixed sized OLTP systems Finally, the transaction is closed, and in an OLTP system we are then well advised to forget about it. To model that, we should add for example a state field that tracks this, and maybe fields to link to complaints or damages, if applicable.\nThat is, we want the OLTP system to be largely fixed in size, given unchanging outside parameters. Or in other words, for the same number of things and users, we want the size of the OLTP system to be largely constant over time.\nIf we did not forget about Reservations after their completion, we would have a table with a time dimension, but with an incomplete data lifecycle management. The reservation table would grow over time, without an upper bound, eventually becoming the largest object in our system. Most of the transactions recorded would be in the past, done and dead.\nThis will make our customer facing system large, slow, hard to back up and hard to change. Most people do not want that, but they also want records of transactions past. So instead of deleting old reservation entries, they Extract them, and push them elsewhere.\nThis keeps the customer facing system nice and clean, and pushes data to another system, with different performance and availability requirements, and different data structures.\nChanging values Most OLTP systems that make sales are well advised to keep current values of the data, if at all possible. It is cheap and easy to ask for the price of a product in a table with exactly one entry per product, the current price:\n-- CREATE TABLE product ( -- product_id SERIAL, -- name VARCHAR(255), -- price DECIMAL(12,4) -- ) \u0026gt; SELECT price FROM product WHERE product_id = 17 If we recorded the price of a product together with a validity interval instead, then all queries become complicated to write, and expensive to execute:\n-- CREATE TABLE product ( -- product_id SERIAL, -- name VARCHAR(255), -- price DECIMAL(12,4), -- valid_from DATE NULL, -- valid_until DATE NULL, -- INDEX (product_id, valid_until) ) \u0026gt; SELECT price FROM product WHERE product_id = 17 AND valid_until IS NULL So if that kind of design can be avoided for the business transactional part of the system, we should not model it.\nThat kind of query is almost always needed for the backend, analytical part of the system, but that is another place, and it should not part of the OLTP system.\nSeparate systems In an OLTP system, we have data in 3NF or something close to it. We have a large number of queries, short running transactions and a lot of data changes. We have a large number of concurrent users, making these changes. We want to design the system so that the working set of it fits into memory If we manage to do that, we do see almost no disk reads, and the number of disk reads is independent of the number of users, or the load of the systems. We cannot avoid the writes, because that\u0026rsquo;s what transactions are.\nWe design the system so that it contains only current data. The size of the system is stable over time. There are no tables that grow over time, without an upper bound. Instead, the system size is a function of the number of entities modelled in each of its entity-representation tables, and by the number of in-flight business transactions.\nIn an analytics systems, we have data in \u0026ldquo;fact\u0026rdquo; tables. These are tables that have \u0026ldquo;time\u0026rdquo; as a component of the primary key, or are even partitioned by time.\nWe have few, long-running queries, that are often scans. They aggregate over a fact table or parts of it. We do not have many data changes. The data changes we see are often imports, which append data to the fact tables.\nETL - Extract, Transform, Load Sometimes data imports are multistage, because the imported data is not in its final form and needs to be cleaned up.\nData gets from the OLTP system to the analytics system, undergoing a distinct three phased process. The process is named after the phased, \u0026ldquo;ETL\u0026rdquo; \u0026ndash; extract, transform, load:\nThe data is extracted from the OLTP system. It is in 3NF, and contains many id\u0026rsquo;s representing functionally dependent values in their respective tables. The data is transformed, resolving the IDs into the functionally dependent value literals. The data is loaded into the analytics system. Often this involves cleanup steps, bringing the data into the form it needs be for the analytics system. An ETL example In My Private Data Warehouse we have an example of such a process, using my bank account statements from a German Sparkasse.\nData arrives from a Sparkasse system in CSV format. In a first step we load the data into a loader table, transactions table. Data is then copied from the loader table into a cleanup table, b, and undergoes a number of changes as part of the cleanup process. Afterwards it could be copied over into a fact table, extending an existing, ever-growing collection of account transactions.\nThis example is also showing data crossing administrative domain boundaries: The Sparkasse is running my account, and it does so in whatever form they want or need. They export data in a documented format, our software contract, but it is not the format I need.\nThe Extract process is downloading that data from the Sparkasse and shipping it to my system.\nThe Transform process has, in part already happened \u0026ndash; there are no IDs for me to resolve.\nThe Load is multistage, I load the data basically as text, and then apply a number of cleanup transformations to it.\nThe Star and the Snowflake In order to do actual analytics with it, I need to turn this into collectible, aggregate-able dimensions. That is, I define categories such as moneysinks and map each remote account name to a category \u0026ndash; basically bins for the aggregation. I am assigning each transaction to such a category, and then aggregate daily, weekly or monthly spend per category \u0026ndash; this is a report.\nWhile the normal form of an OLTP database is the 3NF or something close to it, analytics databases are made up from fact tables. Facts have a date as part of the primary key or are even partitioned by date. For each (id, date) pair we record certain attribute values, and store them literally and denormalized.\n\u0026ldquo;Around\u0026rdquo; each fact table we often have stored, pre-aggregated values, for example \u0026ldquo;daily spend by category\u0026rdquo;, \u0026ldquo;daily spend by spender\u0026rdquo; and so on. Each of these aggregations is called a dimension, and because they group themselves around the fact of which they are aggregates, we call this a Star.\nThe Star Schema is the simple normal form for analytics databases. They are not in 3NF, because 3NF stores the current value of an attribute of an entity, and we reference the only copy of that by id. Instead, we store the literal value of an attribute for a given date as a fact about the thing we are recording, so that we can observe how that value changes over time.\nSometimes, the literal values are rather long strings, and they are repeating quite often. We then, as part of the data load, also perform a string compression with a lookup table. In Encoding fields for great profit I am giving an example of how that works.\nSometimes we aggregate along more than one dimension. If, for example, in our reservations fact table we would record the country of origin for each user, and the color of each thing, we could aggregate \u0026ldquo;daily reservations per country and color\u0026rdquo; to identify conceivable national color preferences. Two-dimensional aggregates can be thought of as specializations of single dimensions, and the resulting pattern looks like a Snowflake, the other, slightly more complicated normal form for analytics databases.\nSummary We try to keep our OLTP systems in 3NF. We also try to keep only current data in them, and we expire business transactions that are no longer active from them. This keeps them small and fast, allowing us to run from memory.\nIf we want to record a transactional history, we do that elsewhere, in an analytics system. Data in analytics system is collected in tables with a time dimension in the primary key, the fact tables, and groups of aggregates around them, forming a Star or Snowflake.\nData flows from the OLTP system to the Analytics system in an ETL workflow. This workflow collects data from the OLTP system (extract), resolves the IDs into the functionally dependent values, and retains the literal values of interest (transform). That data is then loaded into the analytics system, cleaned up, categorized and pre-aggregated (load). Old, retired transactions can then be removed from the OLTP system, keeping it lean and mean.\nETL processes can be batched, once per day, hour or even minute. This is classic offline analytics with data warehouses.\nOr they can be realtime, where a reader tails the log of the database and puts the data onto an event bus such as Kafka or SNS. On the consuming side the data is still being processed, either classically, or with realtime aggregator that executes sliding window queries.\n","date":"2022-11-16T00:00:00Z","href":"https://blog.koehntopp.info/2022/11/16/of-stars-and-snowflakes.html","tags":["lang_en","mysql","mysqldev","data warehouse"],"title":"Of Stars and Snowflakes"},{"categories":null,"content":"Where I work, we run bare-metal databases on non-redundant local storage. That is, a database is a very cheap frontend blade server. It has 2 CPUs, with 8 cores/16 threads each. It contains 128 GB of memory, 2 or 4 TB of local NVME and it has a 10 GBit/s network interface. It costs around 120 to 150 Euro per month to run for 5 years, including purchase price and all datacenter costs.\nIt AWS terms, it is comparable to a EC2 m5.8xl, or better an i3.4xl, but with more CPU.\nData is stored on a local disk, preferably NVME, sometimes SSD, because we still have old hardware.\nThe local disk provides unmatched low latency, at incredibly low overhead (1 TB of data uses 1 TB of physical disk space) and at unmatched power consumption (a NVME drives adds about 10W to an already existing machine).\nThe purchase cost of a NVME drive can be as low as 150-200 Euro/TB for Enterprise grade hardware.\nIs it not risky to run on non-redundant storage? At work, we need to run our databases in replication hierarchies, to provide the required read capacity and to provide read capacity close (in the same AZ) to the clients.\nOur database replication happens in trees, which extend across multiple AZs and backing-technologies. (bare-metal, Openstack, \u0026hellip;). They are marked in different colors. Writes go to the root of the tree on the left. They then replicate within fractions of a second down to the leaves at the right. Each replica provides a full copy of the data in a shared-nothing architecture, for read-scaleout. Applications find read-copies of the data close by, in the AZ they run in, and at the required capacity.\nThe image is a screenshot from Orchestrator, a tool that manages MySQL replication hierarchies. This is showing one particular hierarchy, but they all have this shape.\nWe are using MySQL replication for read-scaleout (and for a few other things, such as backups, as clone sources to make more replicas, for data import to Hadoop, and so on). Using \u0026ldquo;Global Transaction ID based replication\u0026rdquo; (GTID) and Orchestrator, we are leveraging the redundancy required for read-scaleout also to provide high-availability.\nSo how do we survive? If a Primary dies, we detect that. We then automatically promote any Intermediate Replica to a new Primary, rearranging the replication hierarchy as we go. In the end, all Replicas now ultimately dangle from the newly promoted Primary.\nThe GTID-based way of using read-scaleout capacity for high-availability has many advantages. Not only do we get to use local storage, we can also use throwaway frontend blades instead of much more expensive special database hardware as we did in the olden times.\nWe also get intermediate replicas promoted to primaries, which means that these machines have already warmed up caches and are useful immediately after promotion, at normal speed.\nCompare that to the situation of old (many years ago):\nNow cheaper: We needed to have special database machines with special hardware. So we needed to provision machines from a much smaller hardware pool, instead of living inside the big frontend hardware pond. Now more redunancy: We failed over between a single active-passive database pair, instead of being able to promote any replica that has a binlog to a new primary as we do now. Now faster: Also, the previously passive database had an ice-cold cache. Warming up to minimum speed took around 5 minutes, warming up to normal performance took around 20 minutes. That meant, during a switchover database performance was severely impeded for at minimum 5 minutes, and somewhat impeded for 20 minutes. More flexible every day: We were unable to fail between arbitrary machines, and unable to rearrange the replication tree freely, because without GTID-based replication such a thing is doable only manually, and a high risk operation. That last thing is important: ability to freely rearrange the replication tree allows us to speed up many daily operations that otherwise would be subject to many more constraints. Among them are fast version upgrades, moving capacity between pools and many other daily operations that allow us to provide \u0026ldquo;just one more replica than you need\u0026rdquo; in time and without much toil.\nDistributed Storage Local Disk has limits. Mostly, size limits: Our servers come with 2 TB or 4 TB of space. Larger hardware exists, but in limited numbers and it is spoken for by other teams.\nA larger database is often stored on distributed storage. That is, it resides on a Filer, and is attached usually with iSCSI (\u0026ldquo;SCSI protocol over TCP/IP over an Ethernet wire\u0026rdquo;), or sometimes NVME-over-Fabric/TCP (that is, the NVME PCI bus protocol over TCP/IP over an Ethernet wire).\nBecause volumes of distributed storage are made by a Filer by combining large disks to even larger volumes, they can be of almost arbitrary size. So if you need more than can be provided by a Blade with local storage, you need to move to iSCSI storage.\nThis is much like going from an i3 instance with local storage to a m5 instance with EBS, in flexibility, but also in cost: You now need to pay for the Blade and for the storage, in the same way you pay for the instance and the EBS.\nDifferent Latency You are likely also taking a latency hit: While you can hit a local storage at 1/20,000 s access time, with distributed storage there is one or more network hops involved, and worse, a lot of software and storage redundancy overhead at the destination.\nYou can expect more of 1/2,000 s access time than 1/20,000 s, so you are roughly one order of magnitude slower. How much exactly depends a lot on the Filer implementation you are on.\nMore Variance You may also take a jitter hit: The latency of distributed storage is often not only higher, but also more variable. If you are not pushing the limits of what is possible, that is often not an issue, but for some latency-sensitive applications it may well be.\nFiler Storage Overhead Distributed storage also comes with some overhead in the sense that there is storage duplication at the filer end: 1 TB of database will never be 1 TB of disk space, but always more.\nHow much exactly very much depends on the Filer implementation, and on how much additional latency from software trickery you can tolerate. For example, most filers will store data in some kind of RAID, so there will be an overhead of 3x (everything is stored three times in HDFS and Ceph by default), of 2x (a simple RAID-1) or of 1.something (a RAID-5/6/x or Hadoop Erasure Coding).\nSome Filers will, at the cost of additional latency, also offer data compression, or data deduplication.\nFilers are, in essence, just computers with very many hard disks and very good Ethernet interfaces.\nSo you need to add the run-cost of these computers to the run-cost of the drives, amortized over the number of drives per Filer-computer: A Filer with 24 drives per computer has less overhead than a Filer with only 4 drives per computer.\nVolume Lifetime, Volume Mobility, Snapshots A Filer on the other hand offers a number of advantages over Local Storage that are mostly interesting if the amount of data is so large that it takes very long to copy:\nA volume on a Filer is mobile. It can be detached from an instance and attached to another instance. This allows for upgrades of a compute unit (larger, new OS, software upgrade) without having a need to copy around the data. At sizes over 10 TB such a copy operation can take hours or days, but with volume detach/attach no copy is necessary. A volume on a Filer has a lifetime independent of the instance/the compute. This allows not only for the above mentioned upgrades, but also for filer-side operations, such as making a snapshot or a copy of the volume at the filer-side. This is usually much faster than loading the data off the volume, over the network, and pushing it over the network again to another machine. Filer-side operations include snapshotting and cloning, which can be combined in interesting ways to make data available for backups and new instances with a lot less wait than a full copy would take (or allows to make a full copy in the background while the snapshot is already being used). Summary We run our databases on local storage, because it is faster, has more consistent performance, uses less power, is cheaper, and is generally leveraging the flexibility of the large, cheap frontend pool to our advantage.\nThis is safe, because together with Oracle MySQL we developed GTID-based replication, which together with Orchestrator gives us complete flexibility and control over the replication topology, enabling warm and fast switchovers. This is around 20x faster than active/passive replication pairs we used before, and reduced a lot of daily operational toil for the DBA team.\nWe recommend the use of distributed storage for large database sizes, but latency considerations apply.\n","date":"2022-11-09T00:00:00Z","href":"https://blog.koehntopp.info/2022/11/09/databases-on-unraided-storage.html","tags":["lang_en","mysql","mysqldev"],"title":"Databases on un-RAID-ed storage?"},{"categories":null,"content":" A harddisk from 1998.\nThe opening image for this post shows the stock photo of a hard disk platter. You can see a movable arm that can ride in and out of a stack of rotating platters coated with some kind of metal oxide. We sometimes call this kind of storage condescendingly \u0026ldquo;rotating rust\u0026rdquo;, when in reality it is a triumph of material science.\nMoving an arm costs time, and bringing that arm into the right position and then waiting until the right segment of disk rotates underneath it so that we can write things to disk takes time. A lot of time \u0026ndash; around 5 ms or so on a modern disk, 4x longer on the old thing in the image.\nHow much time is \u0026ldquo;5 ms\u0026rdquo;?\nA modern CPU at 3 GHz is running 3 clock cycles per nanosecond, 1/1,000,000,000 (10^-9). \u0026ldquo;5 ms\u0026rdquo; are therefore 15,000,000 clock cycles (15 million clock cycles).\nSince x86_64 is a CISC architecture, getting a fixed \u0026ldquo;clockticks per instructions retired\u0026rdquo; (CPI) value is hard. Documentation and benchmarking with vTune shows variable CPI values between 1 and 2 for some interesting and common use-cases in our environment.\nBecause a single core waiting for a hard disk seek already can block around 10 million executed instructions, \u0026ldquo;not reading data from disk, and if we have to, make it fast\u0026rdquo; was always key to our database design.\nLatency That means, writing to a rotating disk takes around 1/200 of a second, or we can write around 200 random blocks on such a disk. This is called Write Latency.\nThere is also Read Latency, which works the same way, but the other way around. It is often possible to avoid read latency by providing more memory, but when it happens it is worse – writes can often be queued and executed in the background with some compromise on persistence guarantees, but reads often depend on the outcome of previous reads. And that means we have to wait for the first read to complete before we know what to read next.\nTogether, when we just talk about the time it takes from issuing a disk request to its completion, we call both timings Completion Latency, or clat.\nBenchmarking tools will give you a completion time histogram (or clat histo) for a drive, and it looks like this:\nclat percentiles (usec): | 1.00th=[ 53], 5.00th=[ 53], 10.00th=[ 53], 20.00th=[ 53], | 30.00th=[ 53], 40.00th=[ 54], 50.00th=[ 55], 60.00th=[ 55], | 70.00th=[ 59], 80.00th=[ 60], 90.00th=[ 73], 95.00th=[ 75], | 99.00th=[ 91], 99.50th=[ 99], 99.90th=[ 235], 99.95th=[ 433], | 99.99th=[ 2343] fio Benchmark clat histogram from Adventures in Storageland .\nHere we see a Benchmark result from a typical database blade in use at work, a Dell M630 with a PERC controller and a 1.92TB SSD.\nYou can see that the units here are µs, Microseconds (1/1,000,000, a millionth of a second). The 99.5th percentile of all clats is 99µs (100µs are 0.1ms). For the 99.9th percentile, the clat jumps to more than twice that, 0.235ms, and for the 99.95th it\u0026rsquo;s again the double of that, 0.433ms. After than, we get the really bad outliers.\nThat is, we have a storage that performs quite well across the spectrum from 0.05ms to 0.10ms for 99.5% of all requests \u0026ndash; they are actually written to battery buffered (BBU) persistent memory, and then streamed out to the storage medium, which happens to be a SSD.\nThe BBU is what makes this fast, even with HDD, and if the battery ever fails you get a lot worse performance. We monitor these batteries very closely for that reason.\nThis is the performance we get from bare metal, for around 100 Euro/TB and 9W-25W per drive unit.\nWrite Completion Latency comparison between Local Storage (above) and Ceph (below) from Database Workload and Storage .\nThe graph above compares two kinds of storages. We are looking at how long it takes to wait for a write to the medium, and draw a histogram of write times. The X-axis shows write time in µs, the Y-Axis the number of requests with that time. The comparison is between a bare-metal storage with a local disk behind a SmartArray or PERC controller on the top, and Ceph below.\nWe can see that writes to the local storage are quick (0.1ms or less), and that they are also not spread out: The write time is extremely reliable.\nThe Ceph Storage has a median completion time (P50) of 0.9 ms, and a P99 somewhere up slightly under 2 ms. The spectrum of write times is extremely wide, the completion time varies a lot. This makes any guarantees on performance very hard.\nAt the P99 scale Ceph is 20x slower, but on top of that the variance makes it really hard to deliver consistent performance.\nIOPS The word IOPS expands to \u0026ldquo;I/O Operations Per Second\u0026rdquo;. It is not the inverse of Latency. This is discussed at length in Adventures in Storageland . The distinction is extremely important for Flash Storage with NVME interfaces.\nStorage in SSD and NVME drives is made from a lot of storage chips. Writing to each takes a fixed amount of time, but there are many, and they can be used concurrently.\nWriting to a flash chip takes a fixed amount of time, about 1/20,000s to 1/30,000s. That is, each single flash chip in a flash drive can perform 20,000 to 30,000 writes per second. But with the right interface, each of the chips on the drive can do that in parallel to the other chips. So with proper driver soft- and hardware you get a performance that is much higher than 20,000 operations per second.\n\u0026ldquo;SSD\u0026rdquo; puts a SATA interface on the PCI bus, and talks to a flash storage like it did to a hard disk. The protocol serializes requests, so you get 20,000/s, even if the hardware behind the SATA interface could do more. A lot more.\n\u0026ldquo;NVME\u0026rdquo; drops the SATA interface and puts the flash storage directly onto the PCI bus. The protocol now can have many requests in flight concurrently, very many. A single enterprise grade NVME hard drive delivers 800,000 IO operations per second, or 800k IOPS.\nEach single operation will still take 1/20,000s, though.\nThat is, in order to get 800,000 IOPS, you will need to talk in 40 independent streams in parallel to the drive.\nIOPS and Latency are not the same thing.\nLatency measures how long one single operation takes. Single Threaded, that is the number of operations you get, so IOPS and 1/Latency are identical in the single threaded case only.\nThe IOPS metric in the drive catalog is not that number. It is the aggregated parallel number of requests the drive can serve. If you divide IOPS and 1/Latency, you get the degree of parallelism you need to serve in order to actually get all the IOPS the hardware advertises.\nSome workloads do have a high or even unlimited degree of parallelism.\nThe CERN Atlas detector, a measurement device that delivers 10,000s of independent, concurrent metrics streams to a storage. (Image: Cern ).\nImagine you are CERN, and have an array of detectors streaming data from your Synchrotron to some metrics storage. Each metrics flow is linear, and independent of what any other sensor writes. This is an ideal case for a \u0026ldquo;high latency, high IOPS, streaming metrics storage\u0026rdquo; kind of storage. Ceph was developed for this.\nOther workloads are not like this. Online Transaction Processing Databases (OLTP databases) of the kind we run write a stream of transactions. Transactions are independent when they have non-overlapping sets of primary key (write sets, wsets), but if their wsets are overlapping, they have a dependency and order between themselves.\nThe average run length of non-overlapping wsets we call the \u0026ldquo;width of the binlog of that database at that point in time\u0026rdquo;. It is the number of parallel writes inherent to the workload of this database at that point in time.\nWe have measured it, and I have documented that in Parallel Replication .\nIt is important to remember:\nThis is workload dependent, that is, controlled by the application, and not the database. This is extremely highly variable over time. This is a small number, usually not exceeding 3-5 on the average. Because this is not controlled by the database, we cannot make any SLO on it – SLOs can be made by a team only on things the team can influence. Because it is highly variable, and workload dependent, not even an application team can rely on a minimum width.\nAnd because it is usually a small number, Latency of a storage is way more important for any OLTP database than any other performance metric.\nBandwidth Writes to disk have a size. Bandwidth is measured in MB/s, and is calculated as \u0026ldquo;number of writes times the size of the writes\u0026rdquo; or \u0026ldquo;sum of the write sizes per second\u0026rdquo;.\nIn MySQL, a commit is a multiple of 512 bytes, and a checkpoint write is a multiple of the 16 KB page write.\nAt 2500 writes per second (0.4ms write latency) we get 40 MB/s at 16 KB page write size (and hardly more than 1 MB/s for 512 byte commit writes).\nAt 25000 writes per second (0.04ms write latency) we get 400 MB/s at 16 KB page write size, and hardly more than 10 MB/s for 512 byte commit writes.\nThe point of checkpointing is to coalesce updates to the same page, so it is usually a lot less checkpoint writes than commit writes: several updates to different rows on the same page are checkpointed together at a later time, saving write bandwidth.\nOur OLTP databases usually write \u0026ldquo;dozens of MB per second\u0026rdquo; under very high load, and a lot less under normal pressure. Bandwidth is normally not a metric we are much interested in, because about any storage that can deliver a latency we like automatically tends to have the bandwidth we require.\nA very simple benchmark All of this leads to a very simple benchmark. When we want to understand how a storage behaves with MySQL, we run a \u0026ldquo;16 KB random-write, synchronous writes benchmark at a queue depth of 1 with a single thread\u0026rdquo; and look at the clat histogram. We then seek the inflection point, at which percentile does the clat suddenly increase a lot.\nWe can see the \u0026ldquo;normal clat\u0026rdquo;, and with the inverse get the minimum guaranteed transactional rate, \u0026ldquo;commit/s\u0026rdquo;. And we see if there is a sharp inflection point (the Dell Perc clat histogram above), that is, we see if we can expect consistent write performance or variable write performance.\nIdeally, we get a minimal clat that is highly stable until we reach saturation.\nWe can repeat the same with a random-read benchmark, no caching, in order to understand the performance of databases with a working set size larger than available memory.\nActual MySQL performance will be largely described by the results of this benchmark, even if the reality is slightly more nuanced.\nOakgate Workload Analytics shows what a database does with the disk when it is writing (Image from MySQL from Below ).\nThe above graph is the result of a blktrace command recording real world disk write activity to a ramdisk, and then plotting it. The diagram plots block number (LBA, linear block address) over time, that is, we see where on the disk we are writing.\nWe can see the small writes to the database log files every time a commit is made. This is a synchronous write, a multiple of 512 bytes, and the client hangs and waits until this write is finished. Application performance is completely dependent on these writes being fast.\nEvery now and then the database cleans up the log by actually writing data pages back to disk, aggregating many changes that before have been recorded only in log writes. This is called a checkpoint. We can see that a checkpoint consists of a large number of writes to actual data files with addresses all over the disk. These are multiples of 16 KB in size, and they happen asynchronously in the background.\nThe simplified random-write benchmarks takes both requirements, and tests completion latency and minimum bandwidth requirements together. Anything that passes the simplified random-write benchmark automatically performs as well, or better with real world workloads.\nSummary Storage performance is described by three parameters:\nLatency, how long it takes to read or write a thing. IOPS, the aggregated number of reads or writes a storage can do. Exploiting all IOPS often requires a considerable degree of parallelism in many modern storages. Bandwidth, the MB/s that the storage can take or deliver. Online transactional databases sit between the storage and the application. Their job is described by Codd, Gray et all as the ACID principle (1983) . That is, they provide transactional write behavior (atomicity), correctness of data (consistency), transactional read behavior (isolation) and finally correct write behavior (durability).\nThe amount of exploitable parallelism is limited by these rules, the application workload, and storage properties. For optimal performance, they require the lowest latency they can get, a reasonable IOPS budget, and a moderate bandwidth budget. In general, any storage that provides good latency automatically provides sufficient IOPS and Bandwidth.\nLatency is the controlling property of storage for OLTP databases.\nWhat Latency can I expect from various storages? Here are various storages that have successfully run OLTP databases in the past, and now:\nA local HDD without a BBU can be expected to perform in 1/200s or worse. That is why controllers with a BBU have been invented, and that is also why storages made from HDDs of the past are often arrays of very many, very small disks, even if larger disks would have been available. The larger number of spindles allows you to exploit parallelism, the BBU allows the client to move on a lot quicker than 5 ms. Local Storage (SSD, NVME) can be expected to perform in 1/10,000s or better. Some performa a lot better, 1/20,000s to 1/30,000s. The difference between Flash presented as SSD and NVME is mainly in the degree of exploitable parallelism. Distributed storage can be expected to perform in 1/2000s or better. That is, a NetApp filer from 2012 (FC/AL, BBU, many rotating hard disks) usually did take 1/2000s for a write, over the network. Amazon gp2 type EBS is advertised with 1/3000s, with quotas keeping you down (excepting bursts) if your volume is smaller than 5 TB. You want to get out of quota, you buy more space, even if you do not need the space – you need the performance that comes with larger volumes. Amazon io1 type EBS is advertised with 1/10000s or better. This is \u0026ldquo;distributed storage with local cache trickery\u0026rdquo;, a hybrid storage. It is not possible to get this kind of performance from a distributed storage without some local caching. Because local caching trickery with special hardware is required, this is very expensive. ","date":"2022-11-07T00:00:00Z","href":"https://blog.koehntopp.info/2022/11/07/bandwidth-iops-and-latency.html","tags":["lang_en","mysql","mysqldev"],"title":"Bandwidth, IOPS and Latency"},{"categories":null,"content":"Three years ago, I learned that due to SREcon, Charity Majors was in Amsterdam. I set up a meeting between Benjamin Tyler, Yves Orton and a few more colleagues of mine, and her. That is, because apparently in a case of co-evolution, our company internal \u0026ldquo;Events\u0026rdquo; system and Honeycombs observability tooling, modelled after experiencing Fabooks \u0026ldquo;Scuba\u0026rdquo; seemed to be doing a lot of the same things.\nThese days, we are using Honeycomb a lot to record events, and debug code running in distributed systems. But one type of system does not fit into this very well: Databases of all kinds. And I don\u0026rsquo;t understand why, because it would be perfect.\nAbout one year ago, I wrote an article about \u0026ldquo;Tracing a single query with PERFORMANCE_SCHEMA \u0026rdquo;. Why would I want to trace a single query like that?\nI want to get data about query execution out of MySQL, at scale, and push this into Honeycomb.\nHoneycomb, Spans, Traces and Tags Honeycomb is a tool that ingests \u0026ldquo;Spans\u0026rdquo;, time intervals, that can be annotated with arbitrary key-value pairs. Spans do not only have a start and stop time, but also maintain relationships between Callers and Callees as a Tree Structure. A root Span and its children form an execution trace (\u0026ldquo;a trace\u0026rdquo;) of a single call or entity of work in a distributed system.\nA lot of Honeycomb assumes that the values are numbers, but it doesn\u0026rsquo;t have to stop here (and other tooling can read Spans and work with non-numeric data, too).\nSpans nest, and you could look at the execution of your program as an arrow of time on which the spans are arranged.\nA root span at the application level is started in buildAvailabilityQuery(). This called into sqlORM(), which in turn called runSQL() several times. All this is recorded from the application and the application code. We\u0026rsquo;d want to see MySQL execution data in there, as subspans of runSQL().\nFor each span then any number of KV-pairs are recorded, so you could record call parameters, results, or intermediate state.\nHoneycomb allows you to aggregate such data on the fly, in almost real time, so you can ask \u0026ldquo;how many SQL queries is each action running, as a histo\u0026rdquo;.\nYou could also ask \u0026ldquo;What is the aggregated SQL time of each action\u0026rdquo;, over time. You\u0026rsquo;d see that at a certain point in time this time changed in the P95 and above. With their \u0026ldquo;Bubble up\u0026rdquo; functionality you\u0026rsquo;d mark the time interval and the aggregate interval (\u0026quot;\u0026gt; 1.5ms execution time\u0026quot;). Honeycomb would take the marked set vs. the base set (before, and faster), and highlight you all KV pairs that are different.\nYou might see that all slow samples have a specific commit tag associated with them, or you might see that all slow samples have a specific host machine tag or AZ tag associated with them.\nWithout prior knowledge you\u0026rsquo;d see what the root cause for the slowness is.\nApplication level instrumentation Database instrumentation right now does not provide good data that can go into systems such as Honeycomb.\nWith application code, this is all easy.\nimport beeline @beeline.traced(name=\u0026#39;external_api_request\u0026#39;) def external_api_request(request_params): # ... # adding fields here will add it to the active span wrapping # this function beeline.add_context_field(\u0026#34;response_time\u0026#34;, response_time) # ... @beeline.traced(name=\u0026#39;main\u0026#39;) def main(): beeline.add_context({\u0026#34;request_params\u0026#34;: request_params}) # calling this function will create a new span, under the \u0026#34;main\u0026#34; span result, error = external_api_request(request_params) # add more context once we have results beeline.add_context({\u0026#34;result_count\u0026#34;: len(result), \u0026#34;error\u0026#34;: error}) # This will create a span - or if no trace is in progress, will also # start a trace main() # Do not forget to close the beeline to ensure all spans get sent # before the application ends! beeline.close() Example from the Honeycomb Documentation , showing how to instrument Python code.\nEven if you know nothing about Python or Honeycomb, you can understand this.\nThe @beeline.traced() decorator wraps the function after it into the tracing harness, creating a span and maintaining the caller/callee relationships. The beeline.add_context() calls add KV-pairs to the tracing span.\nWhat database integration can look like What we want from a Query: The SQL_TEXT, and the Query Plan that actually ran for that Query. We would also want a list of Page#\u0026rsquo;s requested and Page#\u0026rsquo;s read from disk. Optionally, we would want subspans for each lock and wait, with annotations.\nWhy?\nWe get a Span for each SQL statement, maintaining the Caller/Callee Relationship with the code that sent us the query. Thus, we see the SQL exectution in the context of the ORM that generated the SQL, in the context of the Application Code that called into the ORM.\nEven ungreppable, generated SQL becomes attributable to the location in the source it is coming from. We get to see the ORM\u0026rsquo;s work in the context of the application that used it and the SQL it generated. With timings. Attribution was previously hard to do, but this way it is trivial, because the call tree relationship is explicitly maintained.\nWe also get to see if somebody is running \u0026ldquo;SELECT in a loop\u0026rdquo; instead of using a JOIN (\u0026ldquo;machine gunning pattern\u0026rdquo;). Machine gunning was previously very hard to even detect, and even harder to attribute. Now it is trivial.\nWe get to see the Query plan that ran, in the context of the application code (two spans up) that asked for data, with timings. We get to attribute SQL runtime, and result processing time in the application, easily, because we get to see if the database SQL runtime span fills all of the SQL query processing span, or if there is additional time that is only visible in the application. This could only be result processing that was not marked up properly.\nWe get to see pages requested from disk (before hitting the cache) and actual IO generated (cache misses) for each query. That allows us to see queries that have a good plan, but are slow, and understand why this is. With optional locking and wait information, we\u0026rsquo;d see more of that, for cases where this is not caused by IO but contention.\nAnd, as a side benefit, a page# stream before and after the cache also allows us to determine the working set size of the database (for one query, for a subset of queries or for all queries), and to calculate ideal cache and instance sizes. This makes instance type selection a guided, non-empirical process, but that is another article.\nConclusion None of that exists, but I don\u0026rsquo;t know why. Database tracing is completely ignoring modern observability integration, and things such as PMM or VividCortex are distinct from Honeycomb like systems. Attribution of SQL (when generated) is a mess.\nInformation about the plan of queries that ran is not retained well in MySQL. IO traces around the buffer pool are not even instrumented. They can be done. I routinely do them on production systems at the file system level with blktrace .\nAnd exfil of that data through P_S is just painful. One would want an in-server ring buffer and a Pusher thread that sends this data in a non-blocking way (using localhost UDP?) to a listener, that transforms this into whatever O11y system you\u0026rsquo;d be using.\nSo here I am, with my limited C++, and a 100 GB build partition, trying to build a P_S table that is mostly a stream of BLOBs, into which I try to collect the data I need in a non-crashing way. Once I have that, I can try to build a Pusher that takes data from that pool, trying to ship that to my coprocess, which then takes this and transforms it into whatever Honeycomb wants, injecting Spans into their system.\nThen I will finally be able to debug SQL properly, and in a single place with the code that made that SQL in the first place.\nOther Systems My colleague Willian Stewart pointed me at Vitess, which already does that for the \u0026ldquo;above MySQL\u0026rdquo; part of Vitess:\nThe call tree of a Query to Vitess as it is being handled inside of Vitess, as seen by Jaeger.\nVitess requires you to generate a piece of JSON that contains the necessary IDs to build a call tree:\n{\u0026#34;uber-trace-id\u0026#34;:\u0026#34;{trace-id}:{span-id}:{parent-span-id}:{flags}\u0026#34;} All items of a single trace have the same trace-id. Each span has their own span-id and also states what the parent-span-id is. Additional flags control the annotations generated (\u0026ldquo;what gets traced\u0026rdquo;).\nTo protect the data against accidental interpretation and munging, Vitess wants you to base64 encode the thing and then put it into a /*VT_SPAN_CONTEXT=...*/ pseudo-comment as part of the query to be traced.\n","date":"2022-10-25T00:00:00Z","href":"https://blog.koehntopp.info/2022/10/25/proper-o11y-for-mysql.html","tags":["lang_en","mysql","mysqldev","debug"],"title":"Proper O11y for MySQL"},{"categories":null,"content":"The GitHub Security Lab has a long hard look at \u0026ldquo;Apache Commons Text\u0026rdquo; in March this year. That resulted in CVE-2022-42889 . The exploit goes like this:\nfinal StringSubstitutor interpolator = StringSubstitutor.createInterpolator(); String out = interpolator.replace(\u0026#34;${script:javascript:java.lang.Runtime.getRuntime().exec(\u0026#39;touch /tmp/foo\u0026#39;)}\u0026#34;); System.out.println(out); Next to ${script:...} there are apparently also a ${url:...} and `${dns} as other unsuitable substitutions, and they nest.\nThis was fixed in October 2022, after being reminded by GHSL in May and August.\nIt was introduced in October 2018, in Version 1.5, and only discovered in March this year.\nWhat\u0026rsquo;s wrong with this? The security impact of this new feature is obvious, when discussed. Yet, it was integrated in October 2018, and that apparently did not raise any red flags in a security or merge review. Also, none of the users of the library found anything weird.\nThe package has documentation . String substitution is described in the manpage for that class, StringSubstituror . The \u0026ldquo;fix\u0026rdquo; for the CVS was to disable some substitutors. This is described in StringLookupFactory .\nIt took almost 3.5 years for somebody to look at this and find that to be a security risk.\nAfter reporting the risk, it took Apache 2 reminders and way more than the standard 90 days to react and publish a mitigation.\nThis means\nnonfunctional feature and security impact review for code merges. slow reaction to security issues (CVSS 3.x score: 9.8) Clearly, the security process of the Apache organisation has huge room for improvement.\nIs that a good mitigation? You decide. Among the interpolations that are still enabled by default are\nfileStringLookup , which replaces the ${file:UTF-8:/filename} with the content of a file. propertiesStringLookup , which replaces a value for a key in a properties file. environmentVariableStringLookup , which replaces ${env:USER} with the content of an environment variable. All have the potential, if controlled by an attacker, to read and leak data, and maybe secrets. That is not remote code execution, but probably still arbitrary file read and secrets leak.\nSuch a string interpolation under control of a user is risky at best, but the default configuration is still far from secure, even if the fix improves things.\nNot the first time This situation seems to be a repeat of the log4j exploit from the year before. In the log4j case, the initial find was presented on a conference and dismissed as unimportant. It only escalated after the exploit was used in the wild against Minecraft servers and their associated Discords, and then it quickly escalated to the full scope we observed last year.\nHandling this was imperfect as well, with a series of fixes trying to mitigate the problem, and failing to do so in the first round.\nSo both projects/packages\naccepted contribution of text interpolation without understanding the implications that thing would have bungled the security response process, in various ways (slow response, or no response at all) This points to non-functional processes inside the collection of Apache projects. They are either not executed, or they are not effective, when executed. The meta-question is if the collection of Apache projecs are aware of that, and how they are trying to address this?\nAre there more packages that have this issue? As a developer or organisation that makes software, you sometimes take on external dependencies. You are still being asked to be able to answer questions about the whole product, so you need a way to form an opinion about the state of the dependencies and their dependencies.\nThat starts with an inventory, and some useful scoping. And the mostly liveness, quality and maturity of processes.\nOne evaluation approach One quick evaluation approach is documented here . I\u0026rsquo;d reorder things a bit.\n\u0026ldquo;Is it necessary\u0026rdquo;-Phase: Do we need that dependency? \u0026ldquo;Is it popular\u0026rdquo;-Phase: Who else is using this? \u0026ldquo;Is it maintained\u0026rdquo;-Phase: Do we see commits? Do we understand the code and the commits? \u0026ldquo;Is Security considered\u0026rdquo;-Phase: Check their security response process and the execution \u0026ldquo;Is it supported\u0026rdquo;-Phase: Go check out their presence on various media. How do you reach them? Are they approachable or more on the Hugo/Cyrus spectrum of interaction? Another evaluation approach Another approach is documented here .\nIt is similar, and asks you to\ncheck contributions, and contributors. Read a bit of code. Look at the release history. Are the regular releases? A schedule? The user community. Are they talking to people? How? Longevity. The general ecosystem. I\u0026rsquo;d add some kind of metric around process execution. Check merge reviews, execution of security process and again, approachability and response times.\nAnother, commercial approach Some vendors are starting to approach this, for example this .\nAll in all, this seems to be a largely unsolved problem. Criteria are uneven across various attempts, projects and ecosystems. Some languages or projects seem to have problems even with creating an inventory of dependencies.\n","date":"2022-10-18T00:00:00Z","href":"https://blog.koehntopp.info/2022/10/18/software-supply-chain-issues.html","tags":["lang_en","security","software"],"title":"Software Supply Chain Issues"},{"categories":null,"content":"In a distributed, asynchronous environment, there is a need for distributed, asynchronous interaction. This interaction is often written, but \u0026ldquo;writing\u0026rdquo; these days is actually a media-rich process that includes much more than letters. It also needs to be able to build some structure, and some gateway to level up to more synchronous and even richer communication.\nLet\u0026rsquo;s have a chat about chats, and what properties they have.\nHistorically, chat was lines of text, without much structure. Even today, many geeks often propose IRC when chat solutions are being discussed in a corporate context. That is a very myopic way of thinking.\nThe first chat network I have been using was IRC \u0026ndash; Internet Relay Chat. This has been in the late 80ies or early 90ies, so today I have had an interactive online presence on the upside of 25 years or so.\nLater I got to use ICQ, Jabber, Skype, Hangouts, Facebook Messenger, WhatsApp, Slack and RocketChat, among many others. I also got exposed to a number of collaborative document processing systems with chat-like properties: the now defunct Google Wave (alias Apache Wave, now also mostly defunct), and its heir Google Docs, and a bunch of newer collaborative brainstorming tools from the School of Miro.\nAll these applications and chat systems are different, but they can be evaluated along a number of dimensions to understand chat systems better.\nA screenshot of my chat desktop from 2016. There are many like it, but this is mine.\nLocation and Discoverability One of the most important functions any chat system has to have is enabling the right people to find each other. There are two large classes of chat systems here: One uses groups, and the other uses places.\nGroups are just that: collections of people that talk to each other. You write a message and sent it. It is then visible to all members of the group.\nThe problem with groups is that they are almost impossible to find. They are invitation only. A member of the group must have knowledge of you looking for the group, and then invite you to it. In some messengers this will also form a new group, destroying the messaging history of the older group, in order to protect the privacy of the conversation happening before the new member joined.\nThe Discord chat system allows you to form small scale groups with fixed membership, even without having a \u0026ldquo;Discord Server\u0026rdquo;.\nA better system uses Places (often called Rooms or Channels) instead of Groups. A place is discoverable, you can \u0026ldquo;find\u0026rdquo; it, \u0026ldquo;go\u0026rdquo; to it, and \u0026ldquo;join\u0026rdquo; without being explicitly invited (permission and moderation systems often exist).\nSince Places tend to proliferate, mechanism to group, order, tag and search them often exist. In Discord, for example, Channels can be grouped into Categories, which are then grouped into \u0026ldquo;Servers\u0026rdquo;, the server having an owner, and often a purpose.\nThe Discord chat system, showing the \u0026ldquo;heiseonline\u0026rdquo; discord server, with a channel named #tierbilder (Animal Pictures) selected. Below that, a Category for Sprachkanäle (Voice Channels) is seen.\nHaving Places instead of Groups is crucial for any communication system. It gives you the capability to write instructions that send people somewhere, and enables people to find and go somewhere, gives them agency.\nFacebooks Messenger and Facebook at Work\u0026rsquo;s greatest flaw is their Messenger, which does not have this feature. It relies on Groups, and tries to mitigate that by coupling groups to Facebook \u0026ldquo;Groups\u0026rdquo; (discussion boards), auto-inviting people into the Facebook Group associated chat group. This combines worst practices of several systems into one.\nPlaces can be persistent, they can exist without anyone being in them. Places can also have one or multiple owners, which is the root of that Places\u0026rsquo; permission system and the source of all moderator power for that Place.\nPresence Working asynchronously means that you will not be present in a chat at all times.\nThis is a feature: It allows you to focus, and think straight, cutting deeply into problems. It also allows you to be in another timezone than your communication partners and still contribute meaningfully to a collaborative effort.\nIt poses the problem of your communication partners not knowing your current communication status, and availability. If they are blocked, they might need you, and it would help them to have some expectation of your response times, availability and context.\nAll modern chat systems have a presence mechanism, a semi-automatic status tagline, and the more thoughtfully engineered ones also know your timezone and show it to your peers.\nThe Slack chat system allows users to set a status in the form of an Emoji and a tagline. These are automatically cleared after some preset time, if desired. Slack also understands time zones, and will show you out-of-office times of communication partners, when necessary. Clicking on a user will also reveal their location and local time. On the right hand side, a number of status bubble examples are shown.\nPresence management in chat system often goes hand in hand with logging. Messages sent to you in your absence are logged, and shown to you on reconnect.\nThis is all a giant step forward from IRC, which did not manage presence well, and also did not allow sending messages to disconnected users.\nIn IRC, being offline means not being present: people fall off the channel and what is being said with them being not there is lost to them. That is of course a nuisance, and so people have been using programs such as screen to run an IRC client even when they have been disconnected from their computer.\nIRC\u0026rsquo;s mechanism for presence (here: attention) is somewhat hidden \u0026ndash; the /away command. But not only is the mechanism hidden (it is another command that needs to be learned and used), but the status is somewhat hidden as well. You can\u0026rsquo;t see if somebody is /away unless you look at them with a /whois. Or you learn about the fact that they are /away only after the fact, when you say something to them and get an auto-response with their /away message.\nSome people do not like this, and so they use another mechanism and change their nicknames when they are not there \u0026ndash; \u0026ldquo;Isotopp\u0026rdquo; becomes \u0026ldquo;Isotopp|AFK\u0026rdquo; or similar. This is less structured than /away, and so some people suffix their names, some prefix them and others completely change their nicknames - \u0026ldquo;Isotopp\u0026rdquo; becomes \u0026ldquo;Awaytopp\u0026rdquo;. The lack of facility, discoverable interface and standardization creates variant practice.\nLogging and Multi-Device All modern chat clients have proper presence, even if not always as rich as in Slack. Most also have unified logging. That is, even absent users can receive messages and will see them when coming back.\nMost users in 2022 have multiple devices, and multiple clients. Most users want the entire messaging history, in order, and with all backlog, available on all their devices, so that they can switch between devices without losing context. This usually includes new devices, to facilitate moving to new laptops or cellphones, without losing history.\nThis often clashes with old standards, badly designed security mechanisms and other implementation details.\nA Google Talk log, with OTR encryption, viewed in a different Jabber client. The history is truncated, and OTR encrypted messages are not available in readable form in this client.\nOne extreme point for synchronisation is the Discord chat system, where not only history and messages are kept in sync across all clients, but even preferences are unified: Setting the desktop client to dark mode will also set dark mode on the cellphone application, and vice versa.\nAnother, opposite extreme point is Jabber, which has no common rule for disposition of messages, and by default will send messages only to one client, using either a preference system, the last active client, or \u0026ldquo;all known clients to the server at the point in time the message was sent\u0026rdquo;. A lot depends on server and clients used here, creating an unreliable and hard to control user experience.\nDeliverables - File and Image Sharing In a corporate context, we use the communication mechanism as a vehicle to create and share documents, and have a discussion about the documents we work on collaboratively. Mail was doing this in the past, with Quotes and with Attachments, but that is a very cumbersome, lossy and hard to discover mechanism. Most companies have moved the collaboration process off mail, to a large extent, and towards chat and collaborative document systems such as Google Docs.\nGoogle had taken this one step further with structured chat. The pioneer application for that has been the short-lived Google Wave: Wave allowed a group of people to create things in a kind of chat bubble, only that this bubble could not just hold a line of text, but also other media including rich documents, images, bots or other things that interfaced with the Wave API. Other users could comment on an item in a hierarchic comments-on-comment tree like in a discussion system, or directly edit the original item, incorporating their changes.\nChanges were recorded and were undoable and replayable. This allowed users to view the end result of a Wave, or review the process of building that result after the fact.\nGoogle Wave being used to collaboratively work on a shared document. The Wave contains the final document, but also the process that led to the end result.\nIn a way, Wave could have been a salvation from the hell of corporate email: Waves produce results, documents or agreements. They also record the history of how that result had been reached, and they allow people joining the process late to catch up and review what has happened before on their own terms. No more full quotes, 13 levels deep, and no more dozens of copies of the same Word file, all slightly different, and with diverging side remarks from people somewhere in the organisation, which never made it back into the main document.\nWave failed, though, and for multiple reasons.\nOne of the bigger reasons is that Wave was all mechanism and no purpose \u0026ndash; it could to many things, and offered all of them without stating what Wave itself or the various functions are there for. One could use Wave to manage a world building and game session in a role playing game, as well as replace corporate email, or use it as a rather clunky and over-engineered word processor. So Wave needed explanation and contextualisation - and above all, a purpose, but none was given. Wave died, because it confused users.\nA collaboratively edited document. Multiple watchers are shown as icons at the top of the screen. A chat window is open. Cursors and collaborators edits would be visible simultaneously editing the document in many places while it has been initially created.\nWave\u0026rsquo;s legacy lives on, though. Much of the functionality of Wave is present in Google Docs, including the side chat, collaborative editing, history recording and replay and many other functions. Unlike Wave, Google\u0026rsquo;s shared document editing puts the purpose first, and the collaboration in the background. This is matching people\u0026rsquo;s expectations much better, and is less overwhelming. It does not have to be taught, or manually given purpose. Instead, the purpose is built in, and immediately obvious.\nModern chat systems are kind of the opposite: They put their purpose (communication) first, and the documents ride in the back. This happens either through URLs or through file transfer.\nAll modern chat systems have a working file transfer, which is also aware of media types. That means, not only can you drag and drop files into a 1:1 chat or a channel, but also images or animations, as well as audio files. They are understood, and shown inline.\nTogether with other mechanisms, such as threads, they enable unique workflows that go way past the unstructured ASCII-limited text of IRC. For example, in many workplaces designers use the image capabilities of Slack, together with Slack threads, to share images, mockups and other things and then criticize or approve designs.\nThis is also where not only IRC, but also Jabber falls down. Proper file sharing, inline media content and threading are things that may exist somewhere, in some Jabber extension, but are not generally interoperable or enabled without much configuration across a set of clients. They might as well not exist.\nWe were lucky At the place I work at, we were lucky. By the time Covid pushed people to work from home, we already had replaced mail almost completely. I was down from thousands of mail messages per day on almost one hundred mailing lists to less than a dozen messages, and no mailing lists at all anymore.\nWe have moved to Facebook at Work for non-realtime group communication. Teams were using their Facebook groups to communicate announcements and progress to other teams, and have discussions with them.\nInternally and for support we moved to Slack. This was pushed with considerable force from below, after corporate initially being very fond of Facebook messenger, mostly because it was free and included in Facebook at work.\nUnfortunately FB messenger is utterly broken in many ways, and unsuited for any structured work communication without basically rewriting it from scratch. There are many facets to its fractal brokenness:\nIt has groups, but no places. Groups have limited attendance, and the limit is too small (the old #live Jabber channel was mandatory for all people pushing deployments, and could not be reproduced in FB Messenger). It ate data. Mentioning a filename main.pl would inescapably turn this into a polish hostname main.pl . More often than not, Messenger would detect a malware phishing attempt and prevent you from sending the message. It ate data. Mentioning URLs with array parameters (\u0026ldquo;https://example.com/bla?a=1\u0026a=2\u0026a=3\" ) would make it parse the URL, representing the keys in a hash, and dropping the repeated keys, breaking the URL. It could not handle files, code formatting and many other things well. It could not do threads, which are a necessity in high volume support channels. In the end, corp was forced to also purchase Slack on top of FB at Work, to prevent a more or less open revolt.\nWe had been using Google Drive and Google Office, as well, across the company, and the collaborative features in it were well understood and used.\nThe heterogeneity of all of this posed to be not a problem, somewhat surprisingly. In fact, in many cases, the mix-and-match approach enabled us to be flexible, and work around many tools limitations, and also to expand and integrate other things easily. Other applications (e.g. Miro, but also many others) have since been added for many users, who have other, more specialized needs and requirements.\nWe also used to use BlueJeans, before the pandemic, and mostly from meeting room installations with dedicated hardware. During Covid, Zoom became popular, and offered a richer and much better set of clients, especially on mobile devices (Laptops, Tablets, Cellphones), so we switched vendors here.\nThe key learnings are:\nWe already had tooling for Remote First, but had hardly any need to use them properly. We were hardly using Email with all its glorious brokenness anymore. By happy accident, the core tools (FB at Work, Slack) had Places, not Groups, as a core metaphor, and people structured their work around these places. Collaborative document editing and a rich, structured chat complement each other well. But since Facebook and Google both are unable to make such a thing, we have yet another vendor integrated. This turned out to be an actual advantage. Our key deficits have not been discussed at length here, but are related:\nGoogle Office documents have very bad discoverability and Google Office has no places. Corollary: A process is needed and needs to be manually executed to move content from the collaborative phase to the publication phase, elsewhere. By public decree in our place this is going to be Confluence, which has problems of its own, and also poses a document conversion problem (from Google to Confluence internal format, keeping structure). Code Collaboration is not part of other collaboration at all, and lives in a third, and entirely disconnected space. ","date":"2022-10-12T00:00:00Z","href":"https://blog.koehntopp.info/2022/10/12/groups-and-places.html","tags":["lang_en","remote first","work","chat"],"title":"Groups and Places"},{"categories":null,"content":"When you are looking for a better Remote First culture, you are looking for better meetings. If you go for better meetings, you will also have fewer of them.\n“The anthropologists got it wrong when they named our species Homo sapiens (\u0026lsquo;wise man\u0026rsquo;). In any case it\u0026rsquo;s an arrogant and bigheaded thing to say, wisdom being one of our least evident features. In reality, we are Pan narrans, the storytelling chimpanzee.”\nGoing for a written culture helps, going for storytelling will help even more.\nStorytelling Almost 15 years ago, I wrote about an experience with the roleplaying game Primetime Adventures. If you are reading German, check it out .\nOne of the things to take away from Primetime Adventures is that \u0026ldquo;on screen\u0026rdquo; nothing happens without reason, all interactions serve the story. And the story is always about conflict: Anything from misunderstandings to misaligned goals, from disagreement about a mission to disagreement about fundamental values, from friendly competition to outright fighting over starved resources.\nIn the end it does not matter, but screen time is always about the current conflict, because to the Storytelling Chimpanzee this is what it\u0026rsquo;s about.\nThis is, at the core, also true about meetings. If they are not about conflict, they are not worth your time.\nIt does not have to be conflict about the people in the meeting. The meeting does not have to resolve the conflict (but should progress it somewhow). But in every meeting there is some kind of conflict in the background.\nRemember: Not all conflict is drama, in fact, most is not.\nUnderstanding conflict So when you go for meetings, prepare an Agenda. If you are invited to a meeting without an Agenda, decline it.\nWhat is a good Agenda?\nMake an agenda and make it self-contained. It should itemize the things you would like to talk about. Each item should have a short summary (\u0026ldquo;What happened so far\u0026rdquo;, \u0026ldquo;Last week on …\u0026rdquo;) or link to one. You should invite the people you need to talk to about the thing, the stakeholders. Then send the agenda around well in advance, maybe share a link to a shared document. Allow people to change, amend, and comment the agenda. Force them to interact with the document in some way.\nYour goal, ultimately, is to either not have a meeting, because all agree.\nOr have a meeting, but only about the things you disagree about. Or people have questions about things, which can only be resolved interactively.\nSo invite people to actually comment. Invite long form, have them write in the text. Sidenotes are horrible to read, and basically are good for +1\u0026rsquo;s only.\nInvite people to agree with you, in the document, or to specify where the disagreement is exactly. Disagreement can take many forms:\nIt can be insecurity (\u0026ldquo;The plan looks good in principle, but I fear that…\u0026rdquo;). It can be misalignment (\u0026ldquo;You want to do …, but we actually need … on our side.\u0026rdquo;). It can be resource shortage (\u0026ldquo;You want … from us, but that would require us to …, and we can\u0026rsquo;t do that in this Quarter.\u0026rdquo;). It can be many other things. It always signals a need to communicate more, about a specific thing. Commenting on Agendas kills meetings Use the Agenda and the Agenda Prep to collect agreement. If there is no disagreement, it\u0026rsquo;s fine to not have the meeting, because the reason to have one just vanished.\nIf there is disagreement, you now know where, and how, and what specifically is the perceived or real problem. You can spend interactive time exactly on these things, and go over possible reconciliations.\nSince this is all in a shared document, y\u0026rsquo;all can amend the discussion with additional writing and sidenotes as needed. This is automatically also the meeting notes, so make sure they contain whatever the outcomes are y\u0026rsquo;all collectively agreed to.\nMark up deliverables, deadlines and people responsible. Set a deadline with a followup meeting (which you can then try to kill in advance, too).\nKickoffs cannot be killed One exception are kickoff meetings. They exist to present the project, and project goals, to set the framework and to make sure you are talking to the right people, and all the right people.\nThey exist also for socializing, specifically to enable people to make the necessary connections. You will be working together, you need to know each other.\nSo make it short, to the point, and make sure people can connect with each other directly afterwards, on their own. This is important, because kickoffs cannot be killed.\nReporting meetings can focus on interesting stuff Finding conflict, isolating interesting topics to talk about, also applies to reporting meetings.\nReporting meetings always read a lot of slides with a lot of numbers. Everybody zones out. \u0026ldquo;Last weeks SLOs for … were met completely, and we improved …\u0026rdquo; Nobody is interested, skip that.\nWe all can look at the green in the report in advance. Instead use the reporting meeting to speak about interesting things.\nThis can be the story of an outage, and what we learned. It can be about the story of an improvement, and how it will prevent a certain class of failure. Or tell the story of how you work, how you improve work, or how you work differently than other companies do, if that is useful.\nSharing stories about practice is much more interesting that reading numbers from a slide that is all green anyway.\nOr skip the meeting. If the numbers are all fine and there are no learnings, no interaction is needed.\nMaking it interesting, making it valuable In general, finding out, in advance, what the meeting should be about, always means finding the conflict, determining its nature, and the stakes. Uneven information, misaligned goals, differences about implementation or scope, resource allocation, whatever. Knowing this, maybe even preparing alternatives, and then either developing or discovering them interactively, or deciding on them collectively helps.\nIt also automatically prepares the meeting minutes:\nThe Agenda collects agreement, and preparing the meeting from the residual conflict in the Agenda then makes it simple to have minutes. We have shared documents in 2022, so there is an easy way to make sure all voices are recorded.\nProviding value Shared documents are also a burden: They are hard to discover, maintain and organize. I am increasingly a supporter of the idea that Google Docs should auto-delete after 3 months.\nIf you want deliverables, put them elsewhere, anywhere. Heck, even Confluence would be a better location than a Google Drive. In any case, you can create a consolidated version of the current state in a proper document, and then collect or link the path that led to it and attach it as documentation.\nYou can\u0026rsquo;t take meeting notes and call them deliverables, though. That won\u0026rsquo;t work. It never did.\nSo a discussion with interactive and written elements, is also a documentation evolution process, in which we collectively work on a deliverable: the architecture, documentation and implementation of a process.\nIn a proper store, and not in shared documents, much less in volatile spoken discussion without any record or recording. We work to distill information, to shape an idea, and to bring it into the world, in a proper deliverable and in code.\nBecause that is what a company is about: Making agreements on how we work together on a common thing (and building infrastructure to make this easier).\nAnd we have meeting agendas to collect agreement, and to sharpen disagreement, we have interactive meetings to find and ultimately document conflict resolutions, and we then put these back into the deliverable.\nThis is the heart of asynchronous distributed collaboration.\nSo if somebody asks you: \u0026ldquo;What did your org learn to do differently in the last 3 years?\u0026rdquo; and the answer is unlike the above:\nWhat did you do instead? How did your org evolve?\nAddenda This started out as a Twitter thread. There have been reactions.\nFlorian Haas pointed to a really good writeup about writing of his. He also mentions: \u0026ldquo;Re project kickoffs, never do them without preparing a 5-paragraph brief. Better still, circulate it ahead of the kickoff.\u0026rdquo; ","date":"2022-10-10T00:00:00Z","href":"https://blog.koehntopp.info/2022/10/10/pan-narrans-and-better-meetings.html","tags":["lang_en","remote first","work"],"title":"Pan Narrans and Better Meetings"},{"categories":null,"content":"Where I work, we are using MySQL in a scale-out configuration to handle our database needs.\nThat means, you write to a primary server, but reads generally go to a replica database further down in a replication tree.\nA number of additional requirements that should not concern you as a developer make it a little bit more elaborate than a simple \u0026ldquo;primary and a number of replicas\u0026rdquo; configuration. But the gist of all that is:\nthere is always a read-copy of the database very close to your application, latency wise there are always sufficient copies of the data around so that we can afford to run our databases on unraided local storage. The nature of our databases is such, that we drown all data reads with sufficient memory, where ever that is possible. Our databases are Memory Engines, when it comes to reads.\nI joke about that:\nYou, too, can be a successful database performance consultant: Say “Buy more memory!” and “There is an index missing” as needed. Add “That’s going to be expensive”, if you work for SAP or Oracle.\nBut it is true: Reads are really bad for databases. Here is what a database workload looks like when the database does not fit into memory:\nGraph based on data recorded with blktrace, analyzed by Workload Intelligence from Oakgate.\nThe workload shown here is too large to have its working set inside the InnoDB Buffer Pool provided. We do see a constant stream of reads over time, to the tune of several MB/s and up to ~1000 IO Operations per Second (IOPS).\nHad this database more memory, the reads would instead hit cached blocks in memory and would eventually be served from RAM. We would see read requests at the database layer, but they would be satisfied from the database\u0026rsquo;s Buffer Pool and not hit the disk. Only the write load remains.\nBut aren\u0026rsquo;t writes worse, then? That is an interesting question.\nWe can drown reads with cache, but we can\u0026rsquo;t drown writes much.\nThey eventually have to go to the disk, and in order to be ACID compliant, we need to delay the COMMIT until the write has hit a persistent storage layer.\nDepending on our persistence requirements, we demand that the write\nhits a machine-local persistent storage (a disk, a NVME or a battery backed cache unit (BBU)), hits at least a second machine or hits a second machine in another availability zone. Increasing the requirements introduces more latency, and brings down our maximum write rate due to increased wait time.\nBut uncached reads are worse.\nWrites can build deep queues, but for reads that is hardly happening. This is a key observation.\nWhen we send writes to storage, we can do that asynchronously: We fire off the write, and while we delay the commit and wait for the write to complete, we can do other things. That is possible, because these other writes are – to a large extent – independent of the outcome of previous writes, as long as ordering guarantees are being held up. Writes are a stream that continuously flows and that can be queued.\nReads are not, at multiple levels.\nDatabases read data from indexes, and indexes are mostly data structures such as balanced trees, with a large fan-out. If you have more data than fits into memory and sensible indexes, the index is approximately four layers deep. You will need around four media accesses to get from the root to the desired data, assuming no caching.\nWhy approximately four layers?\nIn a tree, the depth of the tree is the logarithm of the number of records to the base of the fan-out.\nFor a billion records and a fan-out of 200 at each level, you get a tree depth of 3.91.\nFewer records will make it a bit more shallow: Depth 2.60 for a million records at a width of 200.\nA smaller fan-out will make it a bit deeper: a million records with a fan-out of 20 instead of 200 will give you a depth of 4.61 (Remember, we are working with pages of 16 KB size, so a fan-out of only 20 is incredibly small).\nIn practice, all balanced trees in our databases will be approximately 4 layers deep, because log(n)/log(fan-out) is practically a constant valued around 4.\nMost of the time, even for large data we can completely cache the inner tree, so this comes down to 4 disk read requests and one actual disk read. But: In such a lookup, each disk read is completely dependent on the outcome of the previous disk read. The reads are all serialized by disk accesses.\nThat, again, underlines the importance of memory in database operation. \u0026ldquo;Buy more memory, then invest into more memory\u0026rdquo; is an extremely sensible piece of advice.\nNow, we actually do not just read data from a single table. Often we join two tables. In a loop join, we join two tables with SQL of the form\nSELECT a.somecolumn, b.someothercolumn FROM a JOIN b ON a.aid = b.aid WHERE \u0026lt;some conditions\u0026gt; This will grab rows from a, hopefully using an index (see above for index reads), and then take the rows from a as they are generated. It will use the a.aid values emitted and apply them to look up b.aid rows in table b.\nAgain, we can\u0026rsquo;t know which rows in b we are interested in before we haven\u0026rsquo;t completed the reads on a. Read accesses on b are dependent on the outcome and hence completion of our (indexed) reads on a.\nThat is not a good way to build deep queues: Work stalls until the previous reads are done – unless we provide sufficient memory for the reads to not happen in the first place.\nWhat do reads and writes look like in reality? Meet our availability databases. They are holding hotel room availability information. This database is running on bare metal, 16C/32T, 128 GB memory and two SSD on a controller with a battery backed cache unit (BBU).\nThe box is serving mostly reads, 4746 in the last second, and as a replica sees writes only from upstream.\nThe box is currently holding a few TB of data, serving around between 6000 and 12000 queries per second.\nThe statement mix looks like Java: around 50% of the statements are SELECT, the large percentage of SET statements is indicative of the JDBC driver and the rest is DML and transaction management.\nThe box is currently running at a load of 9, but it is early morning, and we have a load peak in the evening. At a load of 12, it has sufficient capacity to carry on, if we lose an AZ and have to fold the failing data centers load into the surviving machines.\nThis kind of hardware with this kind of workload will become uncomfortably jittery at a load of 24.\nWe also observe variable read load of around 1000-ish IOPS, spiking into the 4000\u0026rsquo;s.\nThis works well. How well?\nWe observe read and write latencies on a µs scale, that is 10^-6, millionth seconds.i 2000 µs are 2ms.\nRead latencies are layered curtains with peaks at 0.2 ms, 0.26 ms, 0.33 ms, 0.45 ms and 0.58 ms. We could draw a large gauss curve over the entire thing, peaking at 0.33 ms.\nWrite latencies are\u0026hellip; nonexistent?\nWhen we zoom in, we can see that disk writes seem to happen at a latency of 40 µs, 0.04 ms. That\u0026rsquo;s to the tune of a PCIe bus transfer – a 256 Byte bus transfer takes around 100 ns, 40 µs are good for about 12-ish KB worth of bus time, and for comparison, 16 KB is the size of a MySQL data page written out. The numbers check out.\nThis is the time it takes to transfer 16 KB of data from a MySQL Buffer Pool in RAM to the 4 GB worth BBU cache on the HP SmartArray controller card, which counts as locally persistent. The ARM CPU on the controller will then take all these writes, sort them, batch them and write them out to the SSD in the background.\nAll together that works very well: This blade costs around 150 Euro per month, per machine, over a reservation interval of 5 years. It stores 1 TB of logical data in 1 TB of physical disk space. And it performs at amazingly low and stable latency numbers.\nIt is not redundant at the machine level – we are using other, database level technologies to achieve that. Using replication, we make copies of the data on this machine on other machines and in other data centers. This allows us to utilize redundancy for capacity, but also for availability.\nIt does so at a cost that also allows us to completely eliminate additional cache layers such as memcached – also eliminating the entire class of cache incoherency bugs that came with memcached usage, until 2012, when we removed memcached.\nChanging the Equation Introducing distributed storage into the equation changes the properties of the underlying storage fundamentally.\nYour storage is no longer machine local, and for reasons that are transcending the scope of this post, it is also always replicated – usually with a replication factory of n=3. That is, 1 TB of data in the database becomes 3 TB of data on disk, 1 TB on each of three different machines.\nTraversing the datacenter in our on-premises data center takes around 60 µs, plus the time to write data to locally persistent storage makes it 100 µs, 0.1ms, for each hop. Multiple copies and coordination add up, and the end result is a write time distribution with a maximum of 0.9 ms for the storage tested here.\nRead latencies have the same shape, but are somewhat lower – we need one copy of the data to read it, not all of them, so we come out at around 0.6ms.\nLatency diagrams for read and write latencies of our Ceph storage are r=0.6 ms, w=0.9 ms. This is amazingly low for Ceph – a Ceph cluster in 2015 would have been around 5.0 ms.\nRunning a database with a comparable profile on top of this storage changes database behavior a lot:\nRead latencies compared: Above, the graph from the local machine, below a comparable workload on Ceph volumes.\nWe have reads, and read latencies are approximately twice as high as on a local SSD. We have discussed how reads don\u0026rsquo;t queue well, as the results of later reads are often dependent on the results of previous reads.\nThat means we have lowered the read capacity of an instance by 2, for the same number of connections.\nWe could, in increasing order of engineering and monetary cost\nadd memory to quench the reads in an increased buffer pool add boxes to the pool, at the cost of additional instances add connections and query the database with multiple parallel tasks, trying to engineer our workload to be more parallel shaped For this hierarchy under test, the second thing happened: we scaled up the number of instances in order to deal with the query load under worsened read latency. And we should try the first thing: use instances with more memory to make the disk accesses go away.\nFor the writes, the picture changed completely:\nWrite latencies compared: Above, the graph from the local storage machine, below a comparable workload on Ceph volumes.\nWrites now take 0.9 ms instead of 0.04 ms.\nAlso, while the write latency histogram is nicely Gauss-shaped, it does have a considerable base width: The 0.9 ms is actually the base of a curve that goes from 0.6 ms to 1.6 ms on the other side.\nWrites queue nicely, and the storage here is performing extremely well under parallel load in benchmarks. So many parallel writes should work well: Each write takes 0.9-ish ms, but you can do many of them in flight at the same time.\nUnfortunately, transactional workloads do not have that shape. Parallel replication is subject to a number of constraints regarding reordering, and also subject to limitations that result from implementation details.\nReplication delay over time: Despite parallel replication being active, the instance cannot keep up with the write load. Only careful write modulation keeps the replica from delaying even more.\nAnd that is not even a high write load: The statement mix shown here did not even touch the 1000 inserts/s barrier.\nYet the storage statistics are absolutely devastating:\nWe see somewhat over 1000 reads and 1000 writes per second on the volume, which are good considering the latencies we see above, but devoid of parallism. The I/O we see is good for an aggregate I/O of 22 MB/s, and results in complete saturation of the Disk I/O.\nThere is no easy way around this, except deep changes to the application to make it write differently. But we do not really want to spend application business unit developer time on \u0026ldquo;code around the intricacies of the storage solution we chose\u0026rdquo; instead of \u0026ldquo;solve business problems\u0026rdquo;.\nThe recommendation to use local storage in the virtualized environment still stands, as it performs better and does not provide storage-level redundancy for which we have no use, given that replication provides capacity and redundancy at the database level.\n","date":"2022-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2022/09/27/mysql-local-and-distributed-storage.html","tags":["lang_en","mysql"],"title":"MySQL: Local and distributed storage"},{"categories":null,"content":"Where I work, there is an ongoing discussion about test data generation. At the moment we do not replace or change any production data for use in the test environments, and we don\u0026rsquo;t generate test data.\nThat is safe and legal, because production data is tokenized. That is, PII and PCI data is being replaced by placeholder tokens which can be used by applications to access the actual protected data through specially protected access services. Only a very limited circle of people is dealing with data in behind the protected services.\nUsing production data in test databases is also fast, because we copy data in parallel, at line speed, or we make redirect-on-write (\u0026ldquo;copy-on-write\u0026rdquo; in the age of SSD) writeable snapshots available.\nAssume for a moment we want to change that and\nmask data from production when we copy it to test databases reduce the amount of data used in test databases, while maintaining referential integrity generate test data sets of any size instead of using production data, keeping referential integrity and also some baseline statistical properties Masking Data Assume we make a copy of a production database into a test setup. We then prepare that copy by changing every data item we want to mask, for example by replacing it with sha(\u0026quot;secret\u0026quot; + original value), or some other replacement token.\nkris@localhost [kris]\u0026gt; select sha(concat(\u0026#34;secret\u0026#34;, \u0026#34;Kristian Köhntopp\u0026#34;)); +---------------------------------------------+ | sha(concat(\u0026#34;secret\u0026#34;, \u0026#34;Kristian Köhntopp\u0026#34;)) | +---------------------------------------------+ | 9697c8770a3def7475069f3be8b6f2a8e4c7ebf4 | +---------------------------------------------+ 1 row in set (0.00 sec) Why are we using a hash function or some moral equivalent for this? We want to keep referential integrity, of course. So each occurence of Kristian Köhntopp will be replaced by 9697c8770a3def7475069f3be8b6f2a8e4c7ebf4, a predictable and stable value, instead of a random number 17 on the first occurence, and another random number, 25342, on the next.\nIn terms of database work, it means that after copying the data, we are running an update on every row, creating a binlog entry for each change. If the column we change is indexed, the indexes that contain the column need to be updated. If the column we change is a primary key, the physical location of the record in the table also changes, because InnoDB clusters data on primary key.\nIn short, while copying data is fast, masking data has a much, much higher cost and can nowhere run at line speed, on any hardware.\nReducing the amount of data Early in the company history, around 15 years ago, a colleague worked on creating smaller test databases by selecting a subset of production data, while keeping referential integrity intact. He failed.\nMany others tried later, we have had projects trying this around every 3 to 5 years. They also failed.\nEach attempt always selects either an empty database or all of the data from production.\nWhy is that?\nLet\u0026rsquo;s try a simple model: We have users, we have hotels, and they are in a n:m relationship, the stay.\n\u0026ldquo;Kris\u0026rdquo; stays in a Hotel, the \u0026ldquo;Casa\u0026rdquo;. We select Kris into the test data set from production, and also the \u0026ldquo;Casa\u0026rdquo;. Other people stayed at the Casa, so they also are imported into the test set, but they also stayed at other hotels, so these hotels are also imported, and so forth, back between two tables. After 3 reflections, 6 transitions, we have selected the entire production database into the test set.\nOur production data is interconnected, and retaining referential integrity of the production data will mean that selecting one will ultimately select all.\nLimiting the timeframe can help: we select only data from the past week or something. But that has other implications, for example on the data distribution. Also, our production data is heavily skewed in time when it comes to operations on availability – a lot of bookings happen in the last week.\nGenerating test data Generating garbage data is fast, but still slower than making a copy. That is because copying data from a production machine can copy binary files with prebuilt existing indexes, whereas generating garbage data is equivalent to importing a mysqldump. The data needs to be parsed, and worse, all indexes need to be built.\nWhile we can copy data at hundreds of MB per second, up into the GB/s range, importing data happens at single digit MB/s up to low tens of MB/s. A lot depends on the availability of RAM, and on the speed of the disk, also on the number of indexes and if the input data is sorted by primary key.\nGenerating non-garbage data is also hard, and slow.\nYou need to have the list of referential integrity constraints either defined or inferred from a schema. At work, our schema is large, much larger than a single database or service – users in the user service (test user service, with test user data) need to be referenced in the reservations service (test reservations service with test bookings), referring to hotels in the test availability and test hotel store.\nThat means either creating and maintaining a consistent second universe, or creating this, across services, from scratch, for each test. One is a drag on productivity (maintaining consistent universes is a lot of work), the other is slow.\nConsistency is not the only requirement, though. Consistency is fine if you want to test validation code (but my test names are not utf8, they are from the hex digit subset of ASCII!).\nBut if you want to talk performance, additional requirements appear:\nData size.\nIf your production data is 2 TB in size, but your test set is 200 GB, it is not linearly 10x faster. The relationship is non-linear: On a given piece of hardware, production data may be IO-limited because the working set does not fit into memory, whereas the test data can fit WSS into memory. Production data will produce disk reads proportionally to the load, test data will run from memory and after warmup has no read I/O – a completely different performance model applies. Performance tests on the test data have zero predictive value for production performance.\nData Distribution.\nProduction data and production data access is subject to data access patterns that are largely unknown and undocumented, and are also changing. Some users are whales that travel 100x more than norms. Other users are frequent travellers, and travel 10x more than norms. Some amount of users are one-offs and appear only once in the data set. What is the relation between these sets, and what is the effect they have on data access?\nFor example:\nA database benchmark I lost The german computer magazine c\u0026rsquo;t in 2006 had an application benchmark described in web request accesses to a DVD rental store. The contestants were supposed to write a DVD rental store using any technology they wished, defined in the required output and the URL request they would be exposed to in testing. MySQL, for which I worked as a consultant, wanted to participate, and for that I put the templates provided into a web shop using MySQL, and tuned shop and database accordingly.\nI got nowhere the top 10.\nThat is because I used a real web shop with real assumptions about user behavior, including caches and stuff.\nThe test data used was generated, and the requests were equally distributed: Each DVD in the simulated DVD store was equally likely to be rented and each user rented the same amount of DVDs. Any cache you put into the store would overflow, and go into threshing, or would have to have sufficient memory to keep the entire store in cache.\nReal DVD rental stores have a top 100 of popular titles, and a long tail. Caching helps. In the test, caching destroyed performance.\nAnother database benchmark I lost Another german computer magazine had another database benchmark, which basically hammered the system under test with a very high load. Unfortunately, here the load was not evenly distributed, but a few keys were being exercised very often, whereas a lot of keys were never requested. Effectively the load generator has a large number of threads, and each thread was exercising \u0026ldquo;their\u0026rdquo; key in the database \u0026ndash; thread 1 to id 1 in the table, and so on.\nThis exercised a certain number of hot keys, and waited very fast on a few locks, but did not actually simulate accurately any throughput limits. If you exercised the system with more production-like load, it would have had around 100x more total throughput.\nTL;DR Producing masked or simulated data for testing is around 100x more expensive computationally than copying production data. If production data is already tokenized, the win is also questionable, compared to the effort spent.\nProducing valid test data is computationally expensive, especially in a microservices architecture in which referential integrity is to be maintained across service boundaries.\nValid test data is not necessarily useful in testing, especially when it comes to performance testing. Performance testing is specifically also dependent on data access patterns, working set sizes and arrival rate distributions that affect locking times.\nIn the end, the actual test environment is always production, and in my personal professional experience there is a lot more value in making testing in production safe than in producing accurate testing environments.\n","date":"2022-09-26T00:00:00Z","href":"https://blog.koehntopp.info/2022/09/26/mysql-data-for-testing.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Data for Testing"},{"categories":null,"content":"Query latencies in one data center are larger than elsewhere for one replication hierarchy, but only in the high percentiles. This impacts production and traffic is being failed away from that data center to protect production.\nWhen the P50 and P90 look okay, but the P99 and the P99.9 do not, the database(s) operate normally, and only some queries are running slow. The initial guess was \u0026ldquo;for some queries the plan has flipped, but only in that data center.\u0026rdquo;\nBut first let\u0026rsquo;s have a look at the database size and the schema.\nA tiny database The schema in question holds metadata for a change data capture process, and that is not a lot.\n# du -sh * 0 coredumps 5.6G data 704M log 0 tmp # du -sh data/theschema 93M data/theschema and in memory:\nThe mysqld process has a RES (resident set size) of only 5.9GB, even if the database is allowed to grow to a VIRT (virtual memory size) of 71.8 G.\nThis is running on a bare metal blade for the moment, and these do not come smaller than this. In a virtual machine, it can be as small as a 1/4 blade – but database instances have a fixed overhead and going much smaller hardly makes sense.\nIn any case, this is running off memory, and would be doing so even if hosted on an iPhone. There can\u0026rsquo;t be disk scans, even if there were bad queries. And even with memory scans a thing this tiny won\u0026rsquo;t exhaust CPU or scan for a long time in memory. Something definitively smells funny around here.\n[information_schema]\u0026gt; select table_name, table_rows from tables where table_schema = \u0026#39;schemaregistry\u0026#39; order by table_rows desc; +--------------------+------------+ | TABLE_NAME | TABLE_ROWS | +--------------------+------------+ | table_01 | 14376 | | table_02 | 9510 | | table_03 | 3079 | | table_04 | 84 | | table_05 | 0 | | db_waypoint | 0 | +--------------------+------------+ 6 rows in set (0.00 sec) Scanning for slow queries We are using performance_schema directly to ask for statistics for queries that have been seen that are slow.\n[performance_schema]\u0026gt; select -\u0026gt; user, -\u0026gt; event_name, -\u0026gt; count_star, -\u0026gt; avg_timer_wait/1000000000 as avg_ms -\u0026gt; from events_statements_summary_by_user_by_event_name -\u0026gt; where user = \u0026#39;production_username\u0026#39; -\u0026gt; and event_name like \u0026#39;statement/sql/%\u0026#39; and count_star \u0026gt; 0; +----------------------+-----------------------------+------------+--------+ | user | event_name | count_star | avg_ms | +----------------------+-----------------------------+------------+--------+ | production_username | statement/sql/select | 42121722 | 0.2913 | | production_username | statement/sql/set_option | 270284 | 0.0708 | | production_username | statement/sql/show_warnings | 67571 | 0.0498 | +----------------------+-----------------------------+------------+--------+ 3 rows in set (0.01 sec) P_S is not intended to be used directly by humans. The tables are optimized for fast data collection. Data is not locked during read as to not slow collection, times are reported in PicoSeconds (1/10^12) as to avoid any DIV instructions on write and buffers are size-limited so if some action is spamming P_S, data is lost, but the server does not slowed or losing memory.\nConsequently we divide by 10^9 to get average statement runtime, and we report any statement statistics since server start (or table truncate) that have been collected for any statement. It turns out, the production user has been running only select statements, set statements and show warnings commands.\nWhile the averages look good, maxima are not:\n[performance_schema]\u0026gt; select -\u0026gt; event_name, -\u0026gt; count_star, -\u0026gt; avg_timer_wait/1000000000 as avg_ms, -\u0026gt; max_timer_wait/1000000000 as max_ms -\u0026gt; from events_statements_summary_by_user_by_event_name -\u0026gt; where user = \u0026#39;production_username\u0026#39; -\u0026gt; and event_name like \u0026#39;statement/sql/%\u0026#39; and count_star \u0026gt; 0; +-----------------------------+------------+--------+------------+ | event_name | count_star | avg_ms | max_ms | +-----------------------------+------------+--------+------------+ | statement/sql/select | 42121722 | 0.2913 | 14934.0024 | | statement/sql/set_option | 270284 | 0.0708 | 1.2732 | | statement/sql/show_warnings | 67571 | 0.0498 | 0.9574 | +-----------------------------+------------+--------+------------+ 3 rows in set (0.00 sec) So there was one select statement that ran a whopping 14s on a database that has no table with more than 15k rows.\nVividcortex aka SolarWinds DPM We onboard this hierarchy to Vividcortex, a monitor that collects performance data from databases, and allows to see specific queries that execute slowly. It can also help in determining possible improvements.\nVividcortex inventory for streaming. Normally Vividcortex does not run on all instances, but the primary and one pooled replica. We wanted a specific pooled replica in Frankfurt, though, so something with a 6000 number.\nOur normal Vividcortex onboarding installs probes on the primary and one pooled replica, because it is not necessary to overwhelm the collection interface with all queries from all production machines. A sample will do fine.\nIn this case, we want a replica in a specific location, though: only one data center behaves abnormally, so we would want one more machine within that location. This required some bespoke puppet artistry, but it worked. But, even then we do not get queries that are particularly interesting:\nWe get Query Count, and Average Latency. But from the counts and the word average we can already see that this is not useful: we would have wanted to see high percentiles. Also, the queries are all uninteresting.\nNow, we believe most queries are fine, only some instances of queries that are mostly fine are taking unexpectedly long. And we want to see those.\nWe can already see that the default view of VividCortex here is not helpful, and a quick exploration of the user interface quickly reveals that this tool is maybe not optimally useful for our specific hunt.\nWe go back to P_S and handcraft our stuff.\nPlundering P_S Let\u0026rsquo;s see what is on the menu:\n[performance_schema]\u0026gt; show tables like \u0026#39;%statement%\u0026#39;; +----------------------------------------------------+ | Tables_in_performance_schema (%statement%) | +----------------------------------------------------+ | events_statements_current | | events_statements_histogram_by_digest | | events_statements_histogram_global | | events_statements_history | | events_statements_history_long | | events_statements_summary_by_account_by_event_name | | events_statements_summary_by_digest | | events_statements_summary_by_host_by_event_name | | events_statements_summary_by_program | | events_statements_summary_by_thread_by_event_name | | events_statements_summary_by_user_by_event_name | | events_statements_summary_global_by_event_name | | prepared_statements_instances | +----------------------------------------------------+ 13 rows in set (0.00 sec) I don\u0026rsquo;t know about you, but events_statements_summary_by_digest looks tasty by me. What is in it?\n[performance_schema]\u0026gt; desc events_statements_summary_by_digest; +-----------------------------+-----------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-----------------------------+-----------------+------+-----+---------+-------+ | SCHEMA_NAME | varchar(64) | YES | MUL | NULL | | | DIGEST | varchar(64) | YES | | NULL | | | DIGEST_TEXT | longtext | YES | | NULL | | | COUNT_STAR | bigint unsigned | NO | | NULL | | | SUM_TIMER_WAIT | bigint unsigned | NO | | NULL | | | MIN_TIMER_WAIT | bigint unsigned | NO | | NULL | | | AVG_TIMER_WAIT | bigint unsigned | NO | | NULL | | | MAX_TIMER_WAIT | bigint unsigned | NO | | NULL | | | SUM_LOCK_TIME | bigint unsigned | NO | | NULL | | | SUM_ERRORS | bigint unsigned | NO | | NULL | | | SUM_WARNINGS | bigint unsigned | NO | | NULL | | | SUM_ROWS_AFFECTED | bigint unsigned | NO | | NULL | | | SUM_ROWS_SENT | bigint unsigned | NO | | NULL | | | SUM_ROWS_EXAMINED | bigint unsigned | NO | | NULL | | | SUM_CREATED_TMP_DISK_TABLES | bigint unsigned | NO | | NULL | | | SUM_CREATED_TMP_TABLES | bigint unsigned | NO | | NULL | | | SUM_SELECT_FULL_JOIN | bigint unsigned | NO | | NULL | | | SUM_SELECT_FULL_RANGE_JOIN | bigint unsigned | NO | | NULL | | | SUM_SELECT_RANGE | bigint unsigned | NO | | NULL | | | SUM_SELECT_RANGE_CHECK | bigint unsigned | NO | | NULL | | | SUM_SELECT_SCAN | bigint unsigned | NO | | NULL | | | SUM_SORT_MERGE_PASSES | bigint unsigned | NO | | NULL | | | SUM_SORT_RANGE | bigint unsigned | NO | | NULL | | | SUM_SORT_ROWS | bigint unsigned | NO | | NULL | | | SUM_SORT_SCAN | bigint unsigned | NO | | NULL | | | SUM_NO_INDEX_USED | bigint unsigned | NO | | NULL | | | SUM_NO_GOOD_INDEX_USED | bigint unsigned | NO | | NULL | | | SUM_CPU_TIME | bigint unsigned | NO | | NULL | | | COUNT_SECONDARY | bigint unsigned | NO | | NULL | | | FIRST_SEEN | timestamp(6) | NO | | NULL | | | LAST_SEEN | timestamp(6) | NO | | NULL | | | QUANTILE_95 | bigint unsigned | NO | | NULL | | | QUANTILE_99 | bigint unsigned | NO | | NULL | | | QUANTILE_999 | bigint unsigned | NO | | NULL | | | QUERY_SAMPLE_TEXT | longtext | YES | | NULL | | | QUERY_SAMPLE_SEEN | timestamp(6) | NO | | NULL | | | QUERY_SAMPLE_TIMER_WAIT | bigint unsigned | NO | | NULL | | +-----------------------------+-----------------+------+-----+---------+-------+ 37 rows in set (0.00 sec) Huh? What? The structure of P_S At this point it is maybe a good idea to stop and establish a few facts about P_S. P_S collects data about statement execution and server performance.\n[performance_schema]\u0026gt; show tables like \u0026#39;setup%\u0026#39;; +---------------------------------------+ | Tables_in_performance_schema (setup%) | +---------------------------------------+ | setup_actors | | setup_consumers | | setup_instruments | | setup_objects | | setup_threads | +---------------------------------------+ The server is instrumented for collection, and the data sources are called instruments.\nWe can ask an instrument to collect or not collect data for certain monitoring users, certain actors. We can also ask the instruments ignore certain tables, schemas or other things, certain objects. And again, the same, for certain threads.\nCollected data is stored in preallocated ring-buffers, or added to certain aggregates. All these things are consumers.\nConfiguration happens through the setup tables above, which set up the data flow from instrument through the filtering dimensions to the consumers.\nEvent data collection happens in event tables, inside a hierarchy, from transactions, to individual statements that make up a transaction, to execution phases of a statement, stages, to waits (mostly for IO or locks). These things nest, but not necessarily on a 1:1 basis – a statement can contain waits, or other statements, for example.\nroot@streamingdb-6001 [performance_schema]\u0026gt; show tables like \u0026#39;event%current\u0026#39;; +----------------------------------------------+ | Tables_in_performance_schema (event%current) | +----------------------------------------------+ | events_stages_current | | events_statements_current | | events_transactions_current | | events_waits_current | +----------------------------------------------+ 4 rows in set (0.00 sec) For each of these events, we have _current, _history and _history_long tables. For example events_statements_current contains one entry for each active connection, events_statements_history the last few statements for each active connection, and events_statements_history_long the last few thousand statements across all connections.\nThere are other collections, about other aspects of the server, and more generalized statement aggregations, the summaries.\nQueries and Query Digests To be able to aggregate statements, there is the concept of a statements digest_text, and ultimately the digest, a hash number generated from the digest text.\nSo statements such as\nselect id from atable where id in ( 1, 2, 3) SeLeCt id FROM atable where id IN (92929, 29292, 17654, 363562); should be considered equivalent in an aggregate. This is done by unparsing the statement from the parse tree, which gets rid of all the spacing and letter case differences in keywords. During this, all constants and constant lists are replaced by ? or '?' respectively.\nThe digest text for the above two statements becomes\nselect id from atable where id in ( ? ) and the digest from that can then be generated by running a hash function over the digest text.\nThe disadvantage is that a digest cannot be explained with the EXPLAIN command, so we need to make sure to also keep a representative explainable version of the query.\nGetting some data In our case, events_statements_summary_by_digest is exactly what we want. So we truncate the collection, and wait a bit, then ask. The results are impossible:\n[performance_schema]\u0026gt; truncate events_statements_summary_by_digest; ... [performance_schema]\u0026gt; select -\u0026gt; count_star, avg_timer_wait/1000000000 as avg_ms, -\u0026gt; QUANTILE_95/1000000000 as q95_ms, -\u0026gt; first_seen, -\u0026gt; last_seen, -\u0026gt; query_sample_text -\u0026gt; from events_statements_summary_by_digest -\u0026gt; where schema_name = \u0026#39;schemaregistry\u0026#39; -\u0026gt; and QUANTILE_95/1000000000 \u0026gt; 0.1 -\u0026gt; order by QUANTILE_95/1000000000 asc \\G *************************** 1. row *************************** count_star: 21 avg_ms: 0.0782 q95_ms: 0.1202 first_seen: 2022-09-19 14:35:28.885824 last_seen: 2022-09-19 14:38:06.110111 query_sample_text: SELECT @@session.autocommit *************************** 2. row *************************** count_star: 21 avg_ms: 0.0902 q95_ms: 0.1514 first_seen: 2022-09-19 14:35:28.886215 last_seen: 2022-09-19 14:38:06.110382 query_sample_text: SET sql_mode=\u0026#39;STRICT_ALL_TABLES,NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES\u0026#39; So we have completely internal configuration commands that sometimes take longer than 0.1ms to execute. We have other instances of simple queries that sometimes take 14s to run, 1000x and more than the average.\nAnd then\u0026hellip; Yeah, and that is as far as I got with my digging, when a colleague chimes in, pointing at the machine dashboard for the machine I am on.\nA sick network interface is for sure messing with system performance.\nOne of the machines in the pooled replicas for this data center location is showing an elevated amount of network retransmits and the box probably needs some love from the data center operations engineers.\nWe experiment a bit by removing and re-adding the box to the pool, and sure enough: As soon as the system under test is in the pool the latencies are no longer production worthy.\nThe image from the title bar: End user experience with and without the broken box in the replica pool. One bad box spoils the experience for all the users.\nSo the root cause was not instances of one query executing badly, but all queries executing badly on one box of the pool, in one location. Average query latencies, and even the P90 look good, but the P99 and the P99.9 go to hell.\nThe box is removed from the pool and a replacement has been scheduled. The broken box will get a DCOE ticket.\n","date":"2022-09-19T00:00:00Z","href":"https://blog.koehntopp.info/2022/09/19/sometimes-it-is-not-the-database.html","tags":["lang_en","mysql"],"title":"MySQL: Sometimes it is not the database"},{"categories":null,"content":"Two weeks ago I was being drawn into the debug of artdb, the Replication hierarchy used by our Artifactory instance.\nTL;DR Artifactory overloaded the database. This was incident-handled by optimizing a number of slow queries using some covering index trickery, and by upgrading the hardware substantially.\nUsing the runway we bought, we found and partially fixed the following problems:\nFixed: A number of very expensive reporting queries were sped up 16x to 20x using covering indexes, from 180s runtime to 8s-12s runtime. Fixed: We optimized our database and data size by completing the data lifecycle for several repo types, deleting old images. Fixed: Hardware upgrade lowered load even more, and sped up the queries even more. Fixed: Further investigation identified a synchronisation cron job which overloaded the database in 40m intervals. The cron job was throttled and is now on a backlog for refactoring. Fixed: The long running queries were identified in the Artifactory source code, which allowed us and jFrog support to identify that a) the Artifactory internal cache for these queries was bypassed and b) this happens when certain JMX monitoring options are enabled, per application host hitting the database instance. The monitoring was temporarily disabled. Fixed: For each image download, Artifactory writes statistics updates, which can lead to lock contention on hot images. We identified a configuration that could turn this off, and later found that these updates can be happening batched in the background. Unfixed: Artifactory does not understand the concept of Replicas and database scale-out at all, it can only do database scale-up, and that has absolute limits. The database workload for Artifactory is now well below critical levels and has on the current, upgraded hardware runway for estimated 4x growth. Beyond that, vertical scaling is going to be hard without changes to the architecture of Artifactory.\nArtifactory is a third party piece of software that stores binary objects in one of several BLOB storages and serves them up to people who need binaries in whatever way.\nThere are several choices of BLOB storages for it, we are using S3.\nThere are several choices of data delivery formats for Artifactory, we are using many of them, with \u0026ldquo;Docker Repository\u0026rdquo; and \u0026ldquo;Maven Repository\u0026rdquo; being the most prominent use-cases.\nArtifactory is using a database as a metadata storage, and again, there are several possible choices. We are using MySQL.\nBinary Delivery Formats and Protocols supported by Artifactory (https://jfrog.com/artifactory/) .\nOverloaded Database The original complaint was \u0026ldquo;Artifactory is down\u0026rdquo; and \u0026ldquo;The database is overloaded\u0026rdquo;. Investigation of that shows that this was very much true:\nThe primary of the replication hierarchy was a blade from 2017 with 12C/24T, and was showing load spiking into the 40-ies.\nFor a CPU-saturated MySQL on a 12C/24T, anything over 18-20 is probably not very stable and certainly not fun.\nI was looking at the load of the full replication hierarchy and found out multiple things:\nArtifactory does not understand the concepts of replication, multiple database handles or scale-out at the database level. It only talks to the primary database, and can only scale vertically. The Artifactory database is seeing a very large query load (\u0026gt; 20.000 QPS), which is comprised of a large number of reads and underneath still 1000s of writes per second. Some of the reads are long running queries, with runtimes in the 180s. The long running queries have been sped up from 180s to 9s by applying covering indexes and some index order juggling. Read Boiling JFrogs for the full and detailed writeup of this phase.\nBuying Runway Solving the long runners, we found several other issues at the database level. But first we threw more cores into the fire and scaled Artifactory vertically to buy more runway:\nThe Blade 7 hardware type uses 2x $400 CPUs for 16C/32T. Blade 2A.1 hardware uses 2x $2100 CPUs for 32C/64T. At the same load, these more expensive CPUs are also clocked around 1 GHz faster.\nSince we had this long running scan queries on memory-resident data, we were using a lot of CPU. Even after the optimization, these were scans, but on less and better organized data with one level of indirection removed from each data access – so 16x to 20x faster.\nStill, we had a base load of 12 on the Blade 7 with only 12C/24T. Moving to the better equipped, but more expensive Blade 2A.1, we have 32C/64T, and at the same load, we gain around 1 GHz is clock speed.\nAt a load of 12 on a Dual-4110, we have 6 cores busy per socket, running at 2400 MHz. At a load of 12 on a Dual-6130, we have 6 cores out of many more busy, so we have budget for 3400 MHz clock, 1 GHz faster. The work completes faster, we have less concurrency and the load drops to 8, 4 cores per socket, and 3500 MHz until things stabilize.\nModern CPUs do not have the Power Budget and Thermal Budget to run all their cores at maximum clock speed all of the time. The higher the load, the lower they need to clock in order to not melt or starve themselves of power. Fortunately, being a web shop, we do not exercise the FPU a lot outside of the ML department, so \u0026ldquo;Normal\u0026rdquo; is the line that applies here.\nRunning the same workload on a higher level CPU keeps a lesser percentage of cores busy, which can then be clocked higher. The workload is completed faster, and the level of concurrency is lower – you will actually see a lower Linux load on the box.\nThat is also what happened in our case, we speed up the clock by slightly less than 1/3, and we get a load that is roughly 1/3 lower. The replacement box, running the optimized queries, is humming along at a load of 5-10ish, which is okay for a machine of that class and size:\nReplacement machine is good for a load of ~40, but is running at 10 or less, so we are good. Further optimizations after 10-Sep show even more improvement, read on.\nThis stabilized things in a way that allowed further experimentation and exposed other problems that previously were invisible in all the fire and smoke.\nA 40 Minute Pattern Looking at the various indicators reported by the database monitoring, we see a pronounced pattern that shows a 40 minute interval. Something is pushing load into the database in waves, but we do not know what it is: It is using the normal Artifactory production user and coming from one (but only one) of the Artifactory application boxes.\nWe see access patterns repeating at 40 minute intervals, and pushing various statistics up. The data indicates a read and write load (read heavy), from one Artifactory application machine.\nFinding the culprit took us quite some effort, because various other things interfered (among them Puppet re-enabling itself and undoing debug config changes). In the end it turned out, it was us, all along.\nSpecifically: There is a cron job which reads data from service directory and from Artifactory, compares the two and then generates access permissions and other configuration in the Artifactory database for the application. This enables you to access the artifacts you depend on, based on what is declared in SD.\nThrottling this cron job immediately brought relief and relaxed the load even further, but slowed down the import of changes from SD into Artifactory.\nLessons learned:\nAlways use distinct users for distinct applications (one per application, per cron job and so on). Even if these have the same rights and access the same tables, it will make identifying the software component that is responsible for a thing much easier. While Artifactory cannot understand Replicas and only ever works with the primary database, our own components around this are not limited by that restriction. This script could read from any replica and then write back only the necessary changes. This script is surely generating a lot of load for what it does, and needs some love and refactoring. It is now on somebody\u0026rsquo;s backlog. Bad Queries from Nowhere? The bad queries we optimized in Part 1 are still there and looking at what they actually do, they do not look particularly useful.\nMultiple instances of a reporting query running in parallel. Even optimized they seem to be wasteful. We want to know where they come from.\nLooking at the queries themselves, we see this SQL:\nSELECT SUM(bin_length) FROM nodes WHERE node_type=1 and repo = \u0026#39;\u0026lt;reponame\u0026gt;\u0026#39; This is a reporting query that calculates the cumulative size of all things in one repo in our Artifactory. Now that it is fast we can see, it arrives in 15s intervals, and from each of our Artifactory application instances.\nThis suggests that the query string is being generated from the actual Artifactory binary.\nWe can in fact download the Artifactory Java sourcecode and throw it into IntelliJ, and then hunt for this. We even find something, because the query string is thankfully embedded literally in a DAO class, and not generated.\nTo make a long search and a number of support conversations short:\nThese queries can\u0026rsquo;t be fast, but they can be faster than originally thought, thanks to covering indexes. Because of that, there is a cache in Artifactory for this. Clearly, as shown by the recurring 15s appearance of the queries, the cache does not work. Turns out, it does work for Artifactory work, but if you turn on JMX monitoring, the JMX will circumvent the cache and get you fresh values at high cost, for each Artifactory application instance, from the only database that we have, at the Prometheus scraping interval of 15s. Turning off monitoring for this component removed this source of workload. This is undocumented in Artifactory, and was also not immediately obvious to their support. The query shown above is just one instance of multiple queries with similar characteristics and cost. To properly estimate the impact, multiply the effect by 3-4, and then by the number of application instances connected to the database.\nSo are we good now? From the database point of view, this is as good as it gets. The database is not currently a stability item or scalability limit, the current config could even be scaled back to a cheap standard Blade.\n","date":"2022-09-14T00:00:00Z","href":"https://blog.koehntopp.info/2022/09/14/artifactory-conclusion.html","tags":["lang_en","mysql"],"title":"MySQL: Artifactory Conclusion"},{"categories":null,"content":"A database is showing replication delay, and so are all the other instances of the same replication hierarchy, all of which reside in Openstack.\nShortly before 21:30 the database begins to lag, until around 23:45, when it starts to catch up, slowly. After 00:30, we gain delay again, plateau and then around 01:45, we catch up.\nThe database is moving deep into replication delay sometimes. It does not do that on bare metal.\nGround Truth The VM is a nice hardware blade simulation, 16C/32T, 128 GB of memory.\nThe data is on persistent volume backed by Ceph.\n# df -Th /mysql/\u0026lt;hierarchyname\u0026gt;/ Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/vg00-mysqlVol xfs 1.8T 1.1T 766G 58% /mysql/\u0026lt;hierarchyname\u0026gt; # vgs VG #PV #LV #SN Attr VSize VFree sysvm 1 8 0 wz--n- 1.75t 121.27g # du -sh /mysql/\u0026lt;hierarchyname\u0026gt;/* 0 /mysql/\u0026lt;hierarchyname\u0026gt;/coredumps 1017G /mysql/\u0026lt;hierarchyname\u0026gt;/data 24G /mysql/\u0026lt;hierarchyname\u0026gt;/log 0 /mysql/\u0026lt;hierarchyname\u0026gt;/tmp This database does not fit into the buffer pools: The working set is too large. We see read traffic in a warmed up database, at a rate of several dozen MB/s.\nChecking in on information_schema.tables, the two largest tables of this database are around 200 GB in size, each. They seem to be accessed in full, there is little or no exploitable locality of reference. So in order to quench these reads, we would need to supply three times the memory, 384 GB. Since we can\u0026rsquo;t, we need to handle the I/O instead.\nLet\u0026rsquo;s have a look at the I/O: When you run iostat, use iostat -x -k 10, and discard the first output. It contains the data collected since system boot, a very large average interval. We want a clean 10s sample instead.\nThe paste:\nDevice r/s w/s rMB/s wMB/s rrqm/s wrqm/s %rrqm %wrqm r_await w_await aqu-sz rareq-sz wareq-sz svctm %util sdc 4302.00 348.00 67.22 1.22 0.00 0.00 0.00 0.00 1.24 1.91 6.00 16.00 3.58 0.21 99.70 sdb 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 sda 0.00 4.00 0.00 0.02 0.00 0.00 0.00 0.00 0.00 2.50 0.01 0.00 4.00 2.75 1.10 loop0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 dm-0 4304.00 347.00 67.25 1.21 0.00 0.00 0.00 0.00 1.24 1.93 6.02 16.00 3.58 0.21 99.70 We see the busy drive being sdc, the persistent volume. We see increased service times (r_await, unit ms), and queues (aqu-sz, unit is \u0026ldquo;average number of requests in queue, during the observation interval\u0026rdquo;, which is 10s).\nWe also see around 4300 read requests/s and 67 MB/s read traffic.\nI know that smell Some previous experience in other projects suggests that a crucial piece of information may be missing. This replication chain is no longer on bare metal, but is running on Openstack. All traffic to disk in Openstack is quota-ed.\nAny I/O problem on Openstack is undebuggable, unless you know the Quota affecting you. Indeed:\n# openstack volume qos show \u0026lt;uuid\u0026gt; +--------------+----------------------------------------------------+ | Field | Value | +--------------+----------------------------------------------------+ | associations | standard-iops | | consumer | front-end | | id | \u0026lt;uuid\u0026gt; | | name | 200MB/s-3000iops | | properties | total_bytes_sec=\u0026#39;209715200\u0026#39;, total_iops_sec=\u0026#39;3000\u0026#39; | +--------------+----------------------------------------------------+ We have an allowance for a maximum of 200 MB/s and a maximum of 3000 IOPS. Measured in the system we see an ok bandwidth of 67 MB/s, but the IOPS hit the roof.\nWhen we zoom in on a phase of replication delay in the Single Instance Info Panelof our grafana, we get to the bottom of that straight away.\nReplication delay interval:\nAt the same time:\nWhen we have replication delay, we see a straight line in the sum of dm-reads for 70-ish MB/s. This is well below quota.\nLooking at the IOPS:\nThis is the sum of all dm-Reads, and we only are interested in the reads for our device. But we do see a straight line, and that suggests some kind of limit or resource exhaustion. Also, the line is at around 4000 read/s versus a Quota of 3000 IOPS. Together that suggest we run into resource depletion in the IOPS dept here.\nIs that bad?\nThe observed statement latency for the production user goes up from a minimum 348 ms to a max of 37100 ms (37.1s). That is approximately 100x worse than normal.\nThe observed statement latency is also jumping rapidly up and down. System performance is not only bad, but also wildly unpredictable, with high frequency swings across a wide corridor.\nThis is often indicative of a token bucket quota mechanism getting into resonance with the evaluation cycle of the token bucket itself:\nLoad is running away and then then Quota eval check cycle comes and bites down hard on the system over quota, essentially halting it. The system stops, because a database without I/O is doing nothing. It then accumulates new performance tokens in the token bucket, and in the next cycle executes, immediately draining the token pool and running over Quota. Then the cycle repeats.\nMaybe it is less noisy if the quota is applied with consumer=backend.\nAll expectations the user may have on performance are broken and the system may as well be offline. Also, the variance in performance may create input signal spikes dependent systems, affecting their performance if there is resonance.\nWithout being aware of Quota limits and checking for them this is nearly undebuggable, and sometimes you may be looking at secondary effects downstream from the affected system. With proper metrics and knowledge of the Quota it is plain obvious.\nBe wary of straight lines in performance graphs Load is spiky, straight lines do not exist\nThis is a general truth for our systems: In general our load is spiky. It has peaks and valleys, and there are no plateaus or straight lines (outside of Kafka and other Queues and the systems fed by them).\nThat is, if you see a straight line, I see a resource being exhausted and limiting system performance.\nIn this case, the exhausted resource is IOPS quota.\nIn other cases in the past, a straight line in dirty buffer pool pages graph was signaling exhaustion of the redo log space, or similar performance choke points.\n","date":"2022-09-08T00:00:00Z","href":"https://blog.koehntopp.info/2022/09/08/mysql-straight-lines.html","tags":["lang_en","mysql"],"title":"MySQL: Straight lines"},{"categories":null,"content":"OH:\n\u0026ldquo;And now let\u0026rsquo;s quickly push 2 billion rows into this database VM.\u0026rdquo;\nThat is best done in YOLO mode. This is a mode of operation for a database that minimizes disk writes in favor of batched bulk writes.\nIt is not ACID, so if anything goes wrong during the load, the instance is lost. That is why it is called YOLO mode.\nYou are supposed to do this on a spare replica and not the production primary. If you are not having at least one more replica than needed in your MySQL deployment, I consider your setup defective.\nDisable flush on Commit set global innodb_flush_log_at_trx_commit = 2;\nThis config variable gives up ACID commits: On COMMIT, data is written to the file system buffer cache, but an fdatasync(2) is not enforced. Instead, data is synced once per second.\nDisable the Doublewrite Buffer set global innodb_doublewrite = OFF;\nThis config variable disables the InnoDB DoubleWrite Buffer. This buffer stores a temporary copy of the full page, which consists of multiple disk blocks.\nIt can be permanently turned off on file systems that never overwrite data and do not do in-plance updates (btrfs, ZFS), but not on traditional filesystems (XFS, ext4). It can be permanently turned off on systems where the page size is equal to the guaranteed atomic write block size of the hardware (ie 4 KB page size and Enterprise drives that guarantee atomic block writes of 4 KB blocks, even on power loss). That is, normal setups need this enabled all of the time, or risk torn pages (partially new and partially old pages) on power loss during page write.\nUnlogged instance Users of Oracle MYSQL 8.0.21 or newer can have \u0026ldquo;redo log turned off\u0026rdquo; and \u0026ldquo;doublewrite buffer turned off\u0026rdquo; with a single command :\nalter instance disable innodb redo_log;\nThis replaces the preceding two config changes:\nThe redo log will never be written in the first place, so the flush log setting is pointless. The doublewrite buffer is not written. Turn off the Binlog MySQL will still write a binlog. Especially, MySQL 8 always has the binlog on by default. You may want to turn it off per session:\nset sql_log_bin = off;\nThis will kill another source of disk writes and potential disk syncs during the load.\n\u0026ldquo;Delay secondary index generation\u0026rdquo; mysqldump will still generate a statement that tries to disable secondary index generation:\nalter table t disable keys;\nThis command is accepted, but it only works in MyISAM, which nobody should use any more in 2022. You can\nset autocommit = 0; set unique_checks = 0; set foreign_key_checks = 0;\nto YOLO the loading of InnoDB tables, but very large transactions can have their own challenges in MySQL. So best you commit every 1.000 to 10.000 rows loaded. Make sure no transaction is ever larger than 1 GB, it will break compressed binlogs, if enabled. When using group replication, transaction sizes need to be controlled even tighter.\nThe meaning of YOLO This is called YOLO mode for a reason. Undo all these things after the load completes. Then check that they are undone.\nOnly do this on scratch instances, which you can afford to lose.\nThat means, this should be a replica that you disconnect for a data load, and that on success you can use as a source for CLONE . On failure, you must be able to afford scrapping it.\nIf you are running MySQL and are ever short on replicas you are holding it wrong. Don\u0026rsquo;t complain to me, fix your process.\n","date":"2022-09-02T00:00:00Z","href":"https://blog.koehntopp.info/2022/09/02/mysql-yolo-mode.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: YOLO mode"},{"categories":null,"content":"A work problem: A commercial application, Artifactory, where we do not control the source or the schema has performance problems involving a certain long running query.\nThe data size and row counts are not outrageous, and the query itself and the schema are not broken. But the data is very skewed and for certain values the query is very slow, as almost the entire table is selected.\nWe introduce an experimental covering index, and show a 16x improvement, going from 143s to 9s execution time. We advise the customer to ask for this covering index to be added officially using the normal way through MySQL portal.\nHere we go A call to DBA:\nWe\u0026rsquo;ve been investigating performance issues on the Artifactory side and found that our current MySQL primary is sitting at 80-90% I/O utilization. Our next steps would be to see if there is any slow queries without indices or anything else unusual going on from the 3rd party application that we could potentially fix.\nHow would I get the required access to have a look or is there already data collection in regards to this?\nWe are running SolarWinds DPM nee Vividcortex, so the easy way out is to point the customer at the SolarWinds access form and wish them luck.\nInstead we go and have a look.\nThe situation on the ground Artifactory is a product by a company called JFrogs. It stores the output of CI pipelines and serves images for all kinds of backends. For us, mostly Docker.\nThe replication hierarchy is present in two AZs, and is comprised of standard bare metal blades. That translates into 16C/32T, 128 GB RAM and 2 TB of local disk. A quick hop onto the box shows a load of 22+, which is very high. We see around 10k-15k SELECT/s, which is unusual for a primary in our database landscape.\nThe data directory has a total size of some 400 GB, and the Resident Set Size of the mysqld is aroudn 100 GB, fully grown. That is pretty large for such a small database.\nWe see a low read load, so the Working Set Size (WSS) still fits into the InnoDB Buffer Pool. The write load is rather high (hundreds of writes per second, spiking into several thousands), which is very weird for a thing that is supposed to be a metadata store for images.\nThe replica pool is completely idle: We see the write load being replicated, but there are no client connections outside the monitoring. Artifactory is an external product and it knows nothing about replication. It does not split read and write handles, and so all of its traffic hits the primary and only the primary. It does not scale.\nIn the past, we also had tables without primary keys in their schema, which is a big issue for scalability for other reasons. Generally the product claims to be database product agnostic, which among DBA folk is a sure signal for badly optimized schemas and worse scalability. Being a \u0026ldquo;database agnostic\u0026rdquo; Java application, I expect UUIDv4 primary keys, bad Hibernate generated queries and toil from a tangle of foreign key constraints.\nWhat\u0026rsquo;s visible There is a bunch of tooling running in our environment that can give you an idea what the box is doing, and what is observed to be slow. Most of that has a latency, and a history, but I want to see what is happening now, and I want to see it in full fidelity, without aggregations.\nSo I hop on the box and\nmysql\u0026gt; select time, info from information_schema.processlist where command = \u0026#34;query\u0026#34; and time \u0026gt; 10\\G *************************** 1. row *************************** time: 58 info: SELECT SUM(bin_length) FROM nodes WHERE node_type=1 and repo = \u0026#39;docker\u0026#39; *************************** 2. row *************************** time: 19 info: SELECT SUM(bin_length) FROM nodes WHERE node_type=1 and repo = \u0026#39;maven-booking-snapshots\u0026#39; *************************** 3. row *************************** time: 147 info: SELECT repo, SUM(CASE WHEN node_type = 0 THEN 1 ELSE 0 END) as folders, SUM(CASE WHEN node_type = 1 THEN 1 ELSE 0 END) as files, SUM(bin_length) FROM nodes GROUP BY repo *************************** 4. row *************************** time: 96 info: SELECT SUM(bin_length) FROM nodes WHERE node_type=1 and repo = \u0026#39;docker\u0026#39; *************************** 5. row *************************** time: 97 info: SELECT SUM(bin_length) FROM nodes WHERE node_type=1 and repo = \u0026#39;docker\u0026#39; *************************** 6. row *************************** time: 109 info: SELECT SUM(bin_length) FROM nodes WHERE node_type=1 and repo = \u0026#39;docker\u0026#39; 6 rows in set (0.00 sec) Here I am asking I_S.PROCESSLIST what is currently running and takes longer than 10 seconds. I find six instances of a query, five of them a reporting query on the total size of what later turns out to be a folder (\u0026ldquo;sum query\u0026rdquo;) and one of it a reporting query over a set of files and folders (\u0026ldquo;folder query\u0026rdquo;). Both are running on the same table, nodes.\nSo let\u0026rsquo;s have a look at the ground truth some more.\nTables and Sizes Before we are going to dive into the single repeated slow query seen above, we want to know more about the database size and statistics.\nmysql\u0026gt; select table_name, data_length, index_length from information_schema.tables order by data_length+index_length desc limit 10; +--------------------------+--------------+--------------+ | TABLE_NAME | DATA_LENGTH | INDEX_LENGTH | +--------------------------+--------------+--------------+ | indexed_archives_entries | 119276568576 | 141969801216 | | nodes | 17985060864 | 26106396672 | | node_props | 6278447104 | 10418765824 | | md_files | 4574937088 | 9278537728 | | binaries | 4375724032 | 5129666560 | | md_ver_user_properties | 2065678336 | 1154039808 | | md_files_versions | 1363902464 | 1270267904 | | md_ver_repos | 766492672 | 1069252608 | | node_meta_infos | 1807663104 | 0 | | md_versions | 557842432 | 969637888 | +--------------------------+--------------+--------------+ 10 rows in set (0.15 sec) and that\u0026rsquo;s a total of 243 GB for the largest table, and some 41 GB for our friend, the nodes table, the second largest table in our database.\nTables of Log-nature The largest table, indexed_archives_entries, is not our problem today. But the size and the name suggest a thing that happens so often that it is worthwhile mentioning anyway:\nAlmost all transactional applications have tables that are log-natured. Their primary key has a time or counter component, or they are partitioned on time. With all load factors of the system staying the same, just by waiting, these tables will grow without bounds, because they are logs. If you do not complete the data lifecycle for these structures, they will eventually eat the box.\nThat is, such tables need to be pruned. They are a data warehouse inside your transactional system that struggles to get out. So you either ETL these records into a data warehouse in a regular export. Or you forego this entirely, put a change even onto a Kafka bus or a syslog, and let another component that is not serving user facing transactional traffic pick it up and aggregate it.\nAgain, everybody has these tables, and everybody eventually needs to come clean about them, or die from bloat. (looking at you OpenStack)\nThe nodes table The nodes table looks like this:\nshow create table nodes\\G *************************** 1. row *************************** Table: nodes Create Table: CREATE TABLE `nodes` ( `node_id` bigint NOT NULL, `node_type` tinyint NOT NULL, `repo` varchar(64) COLLATE utf8mb3_bin NOT NULL, `node_path` varchar(1024) COLLATE utf8mb3_bin NOT NULL, `node_name` varchar(255) COLLATE utf8mb3_bin NOT NULL, `depth` tinyint NOT NULL, `created` bigint NOT NULL, `created_by` varchar(64) COLLATE utf8mb3_bin DEFAULT NULL, `modified` bigint NOT NULL, `modified_by` varchar(64) COLLATE utf8mb3_bin DEFAULT NULL, `updated` bigint DEFAULT NULL, `bin_length` bigint DEFAULT NULL, `sha1_actual` char(40) COLLATE utf8mb3_bin DEFAULT NULL, `sha1_original` varchar(1024) COLLATE utf8mb3_bin DEFAULT NULL, `md5_actual` char(32) COLLATE utf8mb3_bin DEFAULT NULL, `md5_original` varchar(1024) COLLATE utf8mb3_bin DEFAULT NULL, `sha256` char(64) COLLATE utf8mb3_bin DEFAULT NULL, `repo_path_checksum` char(40) COLLATE utf8mb3_bin DEFAULT NULL, PRIMARY KEY (`node_id`), KEY `nodes_repo_path_name_idx` (`repo`,`node_path`(255),`node_name`), KEY `nodes_node_path_idx` (`node_path`(255)), KEY `nodes_node_name_idx` (`node_name`), KEY `nodes_sha1_actual_idx` (`sha1_actual`), KEY `nodes_md5_actual_idx` (`md5_actual`), KEY `nodes_sha256_idx` (`sha256`), KEY `nodes_repo_path_checksum` (`repo_path_checksum`), KEY `node_type__repo` (`node_type`,`repo`), CONSTRAINT `nodes_binaries_fk` FOREIGN KEY (`sha1_actual`) REFERENCES `binaries` (`sha1`) ON DELETE RESTRICT ON UPDATE RESTRICT ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_bin 1 row in set (0.00 sec) The table is using a bigint primary key, which is a positive surprise for me, expecting a Java UUIDv4.\nThe index used from the plan below is nodes_repo_path_name_idx, which has a prefix of repo being used. repo is a varchar(64) charset utf8mb3 worth up to 194 bytes including length counter overhead.\nThe plan:\nmysql\u0026gt; explain SELECT SUM(bin_length) FROM nodes WHERE node_type=1 and repo = \u0026#39;docker\u0026#39;\\G *************************** 1. row *************************** id: 1 select_type: SIMPLE table: nodes partitions: NULL type: ref possible_keys: nodes_repo_path_name_idx,node_type__repo key: nodes_repo_path_name_idx key_len: 194 ref: const rows: 13064296 filtered: 0.29 Extra: Using where 1 row in set, 1 warning (0.00 sec) Now, I know nothing about Artifactory at all, but this reads to me like a non-critical query for the baseline functionality of Artifactory. It also looks like something that can and should be cached somewhat.\nIt is unclear to me and the customer if that query is coming from actual Artifactory or some external monitoring added to it, but it is rather obvious that a rather large part of the load we see is coming from it.\nFor good measure, here are the table stats:\nmysql\u0026gt; select * from information_schema.tables where table_name = \u0026#34;nodes\u0026#34;\\G *************************** 1. row *************************** TABLE_CATALOG: def TABLE_SCHEMA: artdb TABLE_NAME: nodes TABLE_TYPE: BASE TABLE ENGINE: InnoDB VERSION: 10 ROW_FORMAT: Dynamic TABLE_ROWS: 26008347 AVG_ROW_LENGTH: 691 DATA_LENGTH: 17985060864 MAX_DATA_LENGTH: 0 INDEX_LENGTH: 26106396672 DATA_FREE: 7340032 AUTO_INCREMENT: NULL CREATE_TIME: 2021-09-15 00:24:08 UPDATE_TIME: 2022-08-24 10:39:40 CHECK_TIME: NULL TABLE_COLLATION: utf8mb3_bin CHECKSUM: NULL CREATE_OPTIONS: TABLE_COMMENT: 1 row in set (0.00 sec) Neither the table definition nor the plan are broken per se, and the table size is not outrageous. But we see around 26 MRows in total, and from the plan 13 MRows being considered.\nSo this looks like a data problem, not a problem with the SQL or the plan. We have bad selectivity.\nSelectivity matters (This is a data bug) Running one of the slow queries takes two minutes and a bit, 135 seconds.\nmysql\u0026gt; select sum(bin_length) from nodes where node_type=1 and repo=\u0026#39;docker\u0026#39;; +-----------------+ | sum(bin_length) | +-----------------+ | 330189712981975 | +-----------------+ 1 row in set (2 min 15.02 sec) Let\u0026rsquo;s histogram and check the prevalence of \u0026quot;docker\u0026quot; values in this table.\nmysql\u0026gt; select node_type, repo, count(*) as cnt from nodes group by node_type, repo order by cnt; ... \u0026lt;two hundred something rows of output cut\u0026gt; | 0 | auto-trashcan | 1487255 | | 1 | android-snapshots | 1698574 | | 1 | maven-booking-snapshots | 4910184 | | 1 | docker | 12155158 | +-----------+------------------------------------+----------+ 261 rows in set (17.22 sec) So the column repo has 261 different values for 26 MRows. But the distribution of values is very uneven. 240 values or so have each fewer than 100 KRows (many have fewer than 100) and the value \u0026quot;docker\u0026quot; is seen 12M times.\nData is stored in pages of 16 KB, and we get to see an average row length of slightly under 1K in the output further above. That means we see 16 or more rows per block. But 1/2 of all rows are values \u0026quot;docker\u0026quot;, so when we ask questions related to \u0026quot;repo='docker'\u0026quot;, we select 50% all rows.\nAssuming equidistribution and no clustering that means we are loading all pages of this table and have to go through them. For this value of repo the index is useless.\n\u0026ldquo;You query is fine, but your data is bad, mate.\u0026rdquo; is something nobody wants to hear. But selectivity matters:\nmysql\u0026gt; select sum(bin_length) from nodes where node_type=1 and repo=\u0026#39;nuget\u0026#39;; +-----------------+ | sum(bin_length) | +-----------------+ | 270744844 | +-----------------+ 1 row in set (0.11 sec) versus\nmysql\u0026gt; select sum(bin_length) from nodes where node_type=1 and repo=\u0026#39;docker\u0026#39;; +-----------------+ | sum(bin_length) | +-----------------+ | 330108119380433 | +-----------------+ 1 row in set (2 min 23.98 sec) Asking for repo='nuget' is solved in 0.11s, but asking for repo='docker' is taking 144 seconds.\nA better index for bad data To resolve the query\nselect sum(bin_length) from nodes where node_type=1 and repo=\u0026#39;docker\u0026#39;; using an index on repo, the database will go into the secondary index and select all rows with repo=\u0026quot;docker\u0026quot;. It needs to narrow this list down to values that are also have node_type=1, manually, because the index chosen as per EXPLAIN does not have this information.\nIt will find the primary key of each row in the index, and then go to the primary key. Here it will select all rows found, to get the value for bin_length.\nIt will then sum up these numbers to come up with the result.\nThat\u0026rsquo;s a bunch on index reads on the secondary index, and then using the cleaned up of primary key values from the index to fetch the actual data. On rotating disk, it would also involve around 13M disk seeks (at 5ms, so 200 seeks/second), so the query would run for ages (or things are cached very well in memory).\nBut we can do better, even in a bad situation such as this.\nWe could either\nALTER TABLE nodes ADD INDEX (node_type, repo, bin_length) or the equivalent\nALTER TABLE nodes ADD INDEX (repo, node_type, bin_length) Either will satisfy the (commutative) AND condition from our sum query. But we also have the folder query to consider, which is also slow:\nSELECT repo , SUM(CASE WHEN node_type = 0 THEN 1 ELSE 0 END) as folders , SUM(CASE WHEN node_type = 1 THEN 1 ELSE 0 END) as files , SUM(bin_length) FROM nodes GROUP BY repo This groups by repo and otherwise uses the same columns. As it groups by repo it can only profit from an index that has repo as the prefix.\nWe choose\nALTER TABLE nodes ADD INDEX (repo, node_type, bin_length) as an index that can serve both.\nCovering indexes (or why this is fast) Running the sum query against this index will dive into the secondary index.\nUsing the index, we select all rows matching repo and node_type. We also forced bin_length into this index, but it is not used in selection.\nBut it\u0026rsquo;s there, as well as the invisible pointer to the full row (the primary key, id). The optimizer knows that, and can use it: It uses the bin_length from the index, no need to go to the full row.\nEffectively we select a subtree from the index, incidentally also find the data we need to sum up, and serve that back. We can do this without having to go back to the primary key, critically saving abunch of seek operations (on rotating disk) and data page access (everywhere).\nThis speeds up query execution from 140-ish seconds to 4s-9s.\nSince we have a bunch of replicas for resilience, even if Artifactory cannot use them, I might as well use them for experimentation. Running the docker query on the cold (on the replica) cache takes 6m10s. After cache warmup, it takes 2m15. After the index juggling (which takes 3m6s) the query resolves in 9s.\nThat\u0026rsquo;s a 16x speedup.\n# cold box mysql\u0026gt; select sum(bin_length) from nodes where node_type=1 and repo=\u0026#39;docker\u0026#39;; +-----------------+ | sum(bin_length) | +-----------------+ | 330182660184225 | +-----------------+ 1 row in set (6 min 9.81 sec) # same query, cache now warm mysql\u0026gt; select sum(bin_length) from nodes where node_type=1 and repo=\u0026#39;docker\u0026#39;; +-----------------+ | sum(bin_length) | +-----------------+ | 330189712981975 | +-----------------+ 1 row in set (2 min 15.02 sec) # make me an index mysql\u0026gt; alter table nodes add index ( node_type, repo, bin_length); Query OK, 0 rows affected (3 min 6.64 sec) Records: 0 Duplicates: 0 Warnings: 0 # now running with covering index mysql\u0026gt; select sum(bin_length) from nodes where node_type=1 and repo=\u0026#39;docker\u0026#39;; +-----------------+ | sum(bin_length) | +-----------------+ | 330202302319881 | +-----------------+ 1 row in set (9.03 sec) This technique of using covering indexes I have learned from an Ex-MySQL colleague, Domas Mituzas , who used it excessively to make Wikipedia fast while working as a Wikimedia DBA. Thanks, Domas.\nOther observations Ohai, MDL! During our experimentation we found that an additional index can speed some critical queries. Adding the index on a production replica worked, taking 3 minutes and yielded a speedup of 16x.\nTrying to put this index into production failed: Plenty of slow sum queries pile up with \u0026ldquo;waiting on metadata lock\u0026rdquo;. Checking on the ALTER, we find it is also waiting on the metadata lock.\nI have not checked the source, but I am assuming the MDL protects the table definition. A running query takes a share lock (S-Lock) on the MDL to make sure the table does not change shape while the query is running. An ALTER takes out an exclusive lock (X-Lock) on the MDL to make sure it is alone while the shape of the table changes.\nIn MySQL, X-Locks usually have precedence over S-Locks, so asking for an X-Lock will stall all requests for S-Lock. That means starting the ALTER was responsible for all the stalled queries on nodes in \u0026ldquo;waiting for metadata lock\u0026rdquo; state.\nBut why was the ALTER itself stalled? While X-Locks have precedence over S-Locks, breaking locks that have already been granted is Not A Thing. So the ALTER has to wait for all the existing S-Locks being held on nodes to go away before it can start. The queries running are slow queries, though, running for around 2 minutes.\nSo we \u0026ldquo;just\u0026rdquo; have to wait two minutes for the ALTER to start and then another three minutes for it to complete, I presume. Unfortunately, a 5m to 7m wait piles up so many queries that we would run out of connection, and also our developers using Artifactory would hate on us.\nSo I have to terminate the ALTER and we choose another approach: Change all replicas, fail the application to a replica that is being promoted to primary, and then fix the ex-primary left behind (or simply let the automation reclone it).\nLatency matters We do this, and we find that Artifactory shows a very much changed behavior: Write levels are around 10x lower, and disk I/O \u0026ldquo;util%\u0026rdquo; drops dramatically, but also the load balancer metrics look a lot more precarious.\nWe learn that for the application team a switchover means a switchover of the database. The Artifactory application remains running in the Netherlands, but the database it talks to is now 10ms away in England. Obviously, this kind of communication latency affects application performance.\nAfter making changes, we fail back. Both Artifactory and its database are now in the Netherlands, and we get a 10x higher write rate, stable load balancer latencies and again a critically high disk saturation.\nDisk Writes, why? Well, not critically high. It turns out that \u0026ldquo;util%\u0026rdquo; is not a good metric at all, and also that dm-7 or other device mapper metrics are often fishy. Looking at completion latency statistics from sda shows we move up around 10% with plenty of headroom, so we are actually fine.\nThe question remains: Why does an application serving docker image metadata write to disk so much?\nWell, it\u0026rsquo;s writes and we archive them in binlog. So, let\u0026rsquo;s ghetto some table write stats from a row based replication binlog.\n# cd /mysql/*/logs # mysqlbinlog -vvv binlog.... | awk \u0026#39;/^### UPDATE/ { print $3 }\u0026#39; | sort | uniq -c | sort -n ... 112615 `artdb`.`nodes` 610088 `artdb`.`md_pkg_stats` 610088 `artdb`.`md_ver_stats` 2901027 `artdb`.`stats` Uh, yes.\nIf you are turning every image read into a stats write, you have a lot of writes and you don\u0026rsquo;t scale.\nMaybe don\u0026rsquo;t log to the production database monolith, but Kafka or syslog stats out, and collect them elsewhere? It\u0026rsquo;s 2022, after all\nOne more slow query The team finds one more slow query that is breaching our ad-hoc 10s barrier:\nmysql\u0026gt; SELECT nodes.node_id , nodes.node_type , nodes.repo , nodes.node_path , nodes.node_name FROM nodes WHERE nodes.node_type=1 AND nodes.repo != \u0026#39;auto-trashcan\u0026#39; AND nodes.repo != \u0026#39;jfrog-support-bundle\u0026#39; AND lower(nodes.node_name) LIKE \u0026#39;tax%\u0026#39; LIMIT 1000 We already know from other research that node_type=1 is not very selective. It indicates directories (0) and files (1). The negations are also not good at increasing selectivity and indexing on negations is\u0026hellip; fraught with problems. That leaves us with nodes.node_name.\nWhich is wrapped into a function, lower(). This function turns the values in the column into lower case for comparison with a string constant with a wildcard in a like (essentially almost a BETWEEN 'tax' AND 'tay', except that BETWEEN is inclusive and % is not).\nNow in database gnostic SQL one would drop the lower() since your default collation is _ci (case insensitive) and _ai (accent insensitive) anyway. It serves no function in MySQL.\nIn all other databases, you\u0026rsquo;d lower() in Java and write normalized data into the database.\nBut it matters not, we have functional indexes, so instead of indexing nodes.node_name we just index lower(nodes.node_name) instead. That changes nothing for MySQL at all, but the optimizer requires this data duplication in order to see the possibility.\nPercona discusses MySQL 8 Functional Indexes in their blog, and the manual has them as well, of course.\nSummary We run into a database load problem that turns out not to be a size-related or query-related problem at all, but a good case for covering indexes. Covering indexes are a powerful tool to speed up certain kind of reporting queries that otherwise accumulate a lot of run time.\nWe also get a glimpse at the data structures in Artifactory, which look a lot better than most DBAs would expect from previous encounters with Hibernate using Java products.\nStill the product can benefit a lot from a very modest investment in access modernization (split read and write handles) and segregation of transactional and reporting/log-natured data (cut out log writes, cut out log tables and complete the data lifecycle), which would help it scale to survive in a large Enterprise environment. Do not weigh down your transactional database with evergrowing log writes, and also do not turn every customer read into a write into your transactional database monolith.\n","date":"2022-08-25T00:00:00Z","href":"https://blog.koehntopp.info/2022/08/25/mysql-boiling-jfrogs.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Boiling JFrogs"},{"categories":null,"content":"The MySQL InnoDB storage engine lives off primary keys: Records are stored physically in a B+-Tree, a balanced tree where the data pages are the leaves of the primary key B-Tree.\nThat implies that the data is stored physically in primary key order – records with similar primary keys are usually physically closer together than records with larger differences in primary key value. In literature, such physically ordered indexes are often called clustered indexes.\nInnoDB depends on primary keys Secondary indexes in databases need to store the indexed data together with a row address, a pointer to the full row (in InnoDB, into the primary key).\nIf that row address was a physical address (a disk block number or a similar pointer tied to the position of the data), growing data pages and moving them around would often also make it necessary to update all secondary indexes. For example when a page is split or records move around for other reasons, the physical position of a page changes and all references to that page in SKs would also need an update.\nBy using the primary key value as a pointer to the full row, InnoDB achieves several things, good and bad:\nThe primary key is added as an (invisible) suffix to every SK. If you have a large PK, you are adding a lot of bytes to every SK. Keep PK values short. The optimizer can leverage the PK at the end of the SK. Some queries are unexpectedly \u0026ldquo;covering\u0026rdquo;: SELECT id FROM t WHERE a = 10 is using index for a table t that has an INDEX(a), because internally it is INDEX(a, id). Secondary Index lookups are taking exactly 2x as much time as a primary key lookup, because we do a lookup in the SK, and then using the PK value found, we dive into the PK. Changes to the primary key, for example inserts into the middle of the table, are localized: Page splits happen internally in the primary key, but are not exposed to any SK. So while lookups to an SK cost more, SKs need a lot fewer updates. Changes to any primary key value (UPDATE t SET id = -id WHERE id = 10) are fantastically expensive: The record is physically moved around in the PK, and all SK need changes, too. This can trigger a cascade of page splits and merges. Treat PK values as immutable, non-reusable tokens. Because InnoDB has this clustered index as the PK, it is completely dependent on the primary key being present.\nIf you define a table without a primary key, InnoDB tries to secretly promote any other index that is suitable to primary key. Since the primary key is a non-nullable unique index that happens to be named PRIMARY in InnoDB, any other non-nullable unique index would be suitable.\nIf even that is absent, InnoDB starts to make up a primary key. For that, a global counter exists.\nWhich is shared between all tables that have no primary key. This counter is protected by a mutex, and if you have insert heavy tables without a primary key, you can end up having contention of this mutex.\nApparently this is common knowledge since 2013, as documented by Jeremy Cole and by Percona , but I did not know this (that the counter is globally shared).\nReplication depends on Primary Keys Other important subsystems also depend on primary keys: For example, all modern replication absolutely requires primary keys to function.\nIn Row Based Replication, row changes are communicated to the replica as row change events. These contain at minimum the primary key of the row change (or the entire old row, if there is no primary key), and the new value of all changed columns.\nOf course, the replica must apply this. In the absence of any primary key, the row to change in the replica is found using a full table scan. And that does not scale for obvious reasons.\nWhy, do you ask, is that a problem, if InnoDB always has to have a primary key?\nBecause this autogenerated, internal, global primary key is not exposed in the binlog, and is local to an instance. The replica does not see it, and if it saw it, could not use it.\nWorse, Group Replication will simply not work without primary key at all.\nSo make primary keys mandatory Since 8.0.13 we can make an explicit primary key mandatory in MySQL. For that, we need to set sql_require_primary_key . If that is set, any table creation without a primary key present is rejected.\nmysql\u0026gt; set sql_require_primary_key = on; Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; create table rejected ( id integer, d varchar(200)); ERROR 3750 (HY000): Unable to create or change a table without a primary key, when the system variable \u0026#39;sql_require_primary_key\u0026#39; is set. Add a primary key to the table or unset this variable to avoid this message. Note that tables without a primary key can cause performance problems in row-based replication, so please consult your DBA before changing this setting. Also, fix existing PK-less tables ex post Adding a missing primary key is easy. Simple add it.\nmysql\u0026gt; alter table t add id integer not null primary key auto_increment first; ... But of course, this can break badly written SQL: Anything that does a SELECT *, or otherwise depends on column count, position or order will break. We would need a mechanism to add a primary key column that is not there.\nSince 8.0.23, we can have invisible columns . They allow us to add an auto_increment to an existing table without primary key, without breaking badly written SQL.\nmysql\u0026gt; show create table scooby\\G Table: scooby Create Table: CREATE TABLE `scooby` ( `id` int DEFAULT NULL, `d` varchar(200) DEFAULT NULL, `scooby` int NOT NULL AUTO_INCREMENT /*!80023 INVISIBLE */, PRIMARY KEY (`scooby`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) mysql\u0026gt; insert into scooby (id, d) values (1, \u0026#34;keks\u0026#34;); Query OK, 1 row affected (0.01 sec) mysql\u0026gt; select * from scooby; +------+------+ | id | d | +------+------+ | 1 | keks | +------+------+ 1 row in set (0.00 sec) mysql\u0026gt; select *, scooby from scooby; +------+------+--------+ | id | d | scooby | +------+------+--------+ | 1 | keks | 1 | +------+------+--------+ 1 row in set (0.00 sec) We define a table scooby with a hidden primary key. When we insert data int this table, this just works normally, and auto_increment supplies the primary key value automatically.\nWhen we look at the data using select *, the hidden column is not shown. When we ask for it explicitly, it is there.\nAutomating this: GIPK Beginning with 8.0.30, we get automation for this: We could Generate Invisible Primary Keys , or GIPK.\nThat is of course a fix for broken designs. You should never need this for your own schemas. Simply go back to the source and fix that instead.\nBut if you happen to run JAMF or other software that you do not control and that insists on PK-less tables, you can now have it autofixed.\nWhen you set sql_generate_invisible_primary_key , and try to create a table without a primary key, a my_row_id bigint unsigned not null auto_increment invisible primary key is added for you to the table.\nmysql\u0026gt; show variables like \u0026#39;%primary%\u0026#39;; +------------------------------------+-------+ | Variable_name | Value | +------------------------------------+-------+ | sql_generate_invisible_primary_key | OFF | | sql_require_primary_key | OFF | +------------------------------------+-------+ 2 rows in set (0.01 sec) mysql\u0026gt; set sql_generate_invisible_primary_key = on; Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; create table gipk_demo (id integer, d varchar(200)); Query OK, 0 rows affected (0.10 sec) mysql\u0026gt; show create table gipk_demo\\G Table: gipk_demo Create Table: CREATE TABLE `gipk_demo` ( `my_row_id` bigint unsigned NOT NULL AUTO_INCREMENT /*!80023 INVISIBLE */, `id` int DEFAULT NULL, `d` varchar(200) DEFAULT NULL, PRIMARY KEY (`my_row_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci Bad naming choices, but good protection The naming of that primary is bad, of course, because MySQL here takes arbitrary names out of a public namespace.\nIt would be much better if MySQL reserved the prefix __ (underbar underbar) in all namespaces for itself, and for example generated __id here.\nWe can try if they are smart about this, though:\nmysql\u0026gt; set sql_generate_invisible_primary_key = on; Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; create table breakit ( -\u0026gt; id integer, -\u0026gt; d varchar(200), -\u0026gt; my_row_id varchar(200) -\u0026gt; ); ERROR 4108 (HY000): Failed to generate invisible primary key. Column \u0026#39;my_row_id\u0026#39; already exists. Nicely done. Next level:\nmysql\u0026gt; set sql_generate_invisible_primary_key = off; Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; create table breakit ( -\u0026gt; id integer primary key, -\u0026gt; d varchar(200) -\u0026gt; ); Query OK, 0 rows affected (0.12 sec) mysql\u0026gt; alter table breakit add column my_row_id varchar(200); Query OK, 0 rows affected (0.05 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql\u0026gt; set sql_generate_invisible_primary_key = on; Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; alter table breakit drop column id; ERROR 1235 (42000): This version of MySQL doesn\u0026#39;t yet support \u0026#39;existing primary key drop without adding a new primary key. In @@sql_generate_invisible_primary_key=ON mode table should have a primary key. Please add a new primary key to be able to drop existing primary key.\u0026#39; So that needs to be a\nmysql\u0026gt; alter table breakit -\u0026gt; drop column id, -\u0026gt; add column keks int not null primary key; to succeed.\nHiding the hidden columns even more While invisible columns are invisible in select *, then are shown in show create table and also in I_S.\nThe self-documentingly named variable show_gipk_in_create_table_and_information_schema controls this.\nWhen set to off, invisible columns are also no longer shown there. That should be even less necessary, and only very broken ORMs should need this.\nGood primary keys You should never need any of this. You should define an explicit primary key for all your tables. If they are missing and you control application source and schema, you can fix this at the source instead of using this kludge. Go back and fix things properly instead.\nEvery Table in MySQL Always Must Have a Primary Key When you are creating or altering a table in MySQL, make sure you have a primary key defined. We also advise you to never change a primary key value once it is set, and to never re-use a primary key value once a record is deleted. We advise you to keep the primary key short, below 16 or 32 bytes in size.\nSee the SQL Engineering Guide for a discussion of this topic.\nA good primary key is short, less than 32 bytes. A good primary key is immutable and never re-used. A good primary key is an auto_increment value, or a UUIDv1 that is stored in a BINARY(16) that is being accessed with UUID_TO_BIN(...,1) (the swap flag is set to true). A Java generated UUIDv4 is a random number and has horrible performance properties for InnoDB. The topic of UUID is covered at length in MySQL and UUIDs and in ALTER TABLE for UUID . auto_increment is not slow. MySQL keeps an auto_increment counter per table, and assigns values to each thread that inserts data in batches to limit contention on the counter. This is automatic and highly efficient. That has the side-effect that there may be gaps in the auto_increment sequence, and values are not always assigned in a strict temporal order. The manual has a discussion of this. TL;DR MySQL 8.0.30 adds GIPK, generated invisible primary keys. They should only ever be needed if you have external software running where you cannot control and fix the schema, but they would allow you to run such software with RBR or GR without cooperation from the vendor.\nGIPK is correctly implemented with respect to name clashes and dropping required primary keys. The column naming choice has the potential to clash with existing names and sits right there in the public namespace, which is a bit jarring.\nThis is a feature that is never needed unless you absolutely need it to get something broken running in a modern MySQL environment.\n","date":"2022-08-23T00:00:00Z","href":"https://blog.koehntopp.info/2022/08/23/mysql-gipk.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: GIPK (InnoDB and Primary Keys)"},{"categories":null,"content":"Question on the Libera/#mysql IRC channel:\nIs there a way to split a simple select into multiple returned rows? For example, select 1, 2, 3 to be returned as rows?\nThis is actually asking for a table literal notation. I know of four ways to construct a table literal in MySQL:\nUNION ALL The oldest way to construct a table literal in any SQL that supports UNION is the UNION ALL construct. Write SELECT statements to return literal rows, and add them together to a table using UNION ALL:\nmysql\u0026gt; select i from ( -\u0026gt; select 1 as i union all -\u0026gt; select 2 as i union all -\u0026gt; select 3 as i -\u0026gt; ) as t; +---+ | i | +---+ | 1 | | 2 | | 3 | +---+ 3 rows in set (0.00 sec) This has always worked, even on the oldest versions of MySQL.\nJSON_TABLE() There is actually a function to turn a JSON expression into a result table, JSON_TABLE(). It is documented here . The function exprects a JSON expression (or simply a literal JSON array in our case), and a JSON path expression with instructions on how to type and name the extracted values.\nmysql\u0026gt; select * from json_table( \u0026#39;[{\u0026#34;i\u0026#34;: 1}, {\u0026#34;i\u0026#34;:2}, {\u0026#34;i\u0026#34;: 3} ]\u0026#39;, -\u0026gt; \u0026#34;$[*]\u0026#34; columns(i int path \u0026#34;$.i\u0026#34;) -\u0026gt; ) as t; +------+ | i | +------+ | 1 | | 2 | | 3 | +------+ 3 rows in set (0.00 sec) VALUES statement and ROW() function MySQL introduces the VALUES statement and the ROW() function. VALUES is a statement that returns a table constructed from literal values described with ROW() functions. So in order to get the table for further processing, we need a subselect.\nmysql\u0026gt; select * from ( -\u0026gt; values row(1), row(2), row(3) -\u0026gt; ) as t; +----------+ | column_0 | +----------+ | 1 | | 2 | | 3 | +----------+ 3 rows in set (0.00 sec) WITH and VALUES We can do the same, but use a Common Table Expression instead of a subselect:\nmysql\u0026gt; with t (i) as ( values row(1), row(2), row(3) ) -\u0026gt; select * from t; +---+ | i | +---+ | 1 | | 2 | | 3 | +---+ 3 rows in set (0.00 sec) ","date":"2022-08-22T00:00:00Z","href":"https://blog.koehntopp.info/2022/08/22/mysql-row-literals.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Row Literals"},{"categories":null,"content":"Two good news in one day. First, my energy provider tells me:\nLevert u meer terug dan u van het net afneemt, dan betalen we u vanaf die datum 16.8 eurocent per kWh. De oude vergoeding was 7 eurocent per kWh.\n\u0026ldquo;If you push energy into the grid, we now pay you 16.8 Eurocent per kWh. The old payment was 7.0 Eurocent per kWh.\u0026rdquo;\nThe other good news is that it is very likely that the existing \u0026ldquo;Salderingsregeling\u0026rdquo; may be continued until 2025. At least that seems to be the plan, says milieu centraal .\nThe \u0026ldquo;Salderingsregeling\u0026rdquo; says that for power that I feed back into the grid I can draw back without cost. You can imagine that as using the grid as a battery with infinite capacity, or as the counter going backwards. There are a few limits and regulations, but more on that below.\nThe original plan was to end the Salderingsregeling at the End of \u0026lsquo;22. This was then extended to the End of \u0026lsquo;23, and it seems that it is now being discussed to extend it to the End of \u0026lsquo;24.\nSo when I am consuming 5000 kWh from the grid and push 2000 kWh into the grid, I will have to pay only 3000 kWh. It does not matter that I actually withdrew 4000 kWh from the grid, because some consumption was at night, or because I overshot the production of my panels at a certain point in time. Only the net Saldo matters, the difference between production and consumption over the year.\nThis also works the other way around: If I am producing 5000 kWh and consume only 2000 kWh from the grid, my Saldo will be 3000 kWh in my favor. For that I am supposed to get a \u0026ldquo;reasonable compensation\u0026rdquo;, says the law. At the same time the goverment made noises that basically said that \u0026ldquo;80% of the purchase price seem to be reasonable\u0026rdquo;. Apparently this prompts my energy provider to make the above change, offering 75% of the purchase price to preempt regulation. You know what, I am actually somewhat okay with that.\nNow the entire specific regulation seems to be not fixed, yet, and the actual handling and pricing is still subject to change. We will see how this will actually play out, but right now the change has been entirely pro consumer.\nIt is also clear that we will not keep the Salderingsregeling ad infinitum. The original plan was to gradually switch it from 100% Saldering to 9% less each year. That still seems to be the case, so we expect to see this table to be implemented:\nYear %Saldering 2022 100% 2023 100% 2024 100% 2025 64% 2026 64% 2027 55% 2028 46% 2029 37% 2030 28% 2031+ 0% Instead of a gradual decline we see a big initial jump from 100% to 64%. That\u0026rsquo;s because the original plan was to decrease by 9% starting 2022, and while the end deadline was kept, the initial full Saldering was kept alive for several years.\nAt the same time the government says it expects a reasonable compensation for the other power that is no longer part of the Salderingsregeling, and that\u0026rsquo;s the above 80% (or now 75% number).\nIt is a bit unclear how that now will work out: Will there be two kinds of tariff for power pushed to the grid that is part of the Saldering, and a second tariff for the other power that is not part of the Saldering, or one tariff for everything.\nWe will see how that works out soon.\n","date":"2022-08-15T00:00:00Z","href":"https://blog.koehntopp.info/2022/08/15/good-energy-news.html","tags":["lang_en","netherlands","energy","climate"],"title":"Good Energy News"},{"categories":null,"content":"When running Keynote, MacOS prevents the screen blanker from kicking in. I needed a similar thing in one of my Python applications, so I needed to find out how it does that.\nIt turns out, there is an API for that: beginActivity:withOptions: , which returns an Object token activity. Calling endActivity with that Token ends the activity, and resumes the screen blanker countdown.\nThere is a list of activity options, NSActivityOptions . We are interested into NSActivityIdleDisplaySleepDisabled and NSActivityUserInteractive, mostly.\nInterfacing with Objective-C in Python is possible through ctypes, but that is work. Work, it turns out, that has already been done in appnope , specifically in _nope.py .\nIntegrating that into my PyQt application is trivial.\n","date":"2022-07-30T00:00:00Z","href":"https://blog.koehntopp.info/2022/07/30/macos-how-to-prevent-screen-blanker.html","tags":["lang_en","apple","macos","python"],"title":"MacOS: How to prevent screen blanker"},{"categories":null,"content":"Der Wikipedia-Artikel zum Thema Energieverbrauch ist wirklich interessant.\nSchaut man sich zum Beispiel diese Grafik (oder die Tabelle, auf der sie basiert) an, dann sieht man:\nPrimärenergieverbrauch Deutschland 1990 bis jetzt\nWie man sieht, ist der Primärenergieverbrauch von Deutschland seit 1990 fast konstant geblieben. Wikipedia schreibt im Detail: \u0026ldquo;Zwischen 1990 und 2011 nahm das reale Bruttoinlandprodukt um 34 % zu, der Energieverbrauch nahm jedoch um 9 % ab.\u0026rdquo; Rechnet man um, sind es bummelig 14000 Petajoule, was circa 4000 TWh entspricht.\nPrivate Haushalte nutzen laut Umweltbundesamt circa 650 TWh, und davon sind etwa 450 TWh Heizenergie.\nIm Grunde genommen ergeben sich daraus sofort die folgenden Ideen:\nDächer voll machen: 10 KWp Limit weg. Anmeldung und Steuer vereinfachen, und Eigenverbrauch nicht besteuern. Solarinstallation fördern (statt 9000 Euro bei E-Autos dann lieber hier). Akkus als Ausgleich fördern: Hausakku fördern (s.o. Solaranlage) Rückspeisefähigkeit bei E-Autos und deren Ladepunkten vorschreiben. Wärmepumpen fördern und vorschreiben. Selbst, wenn man bei den Wärmepumpen nur einen Workfaktor von 3 annnimmt, bekommt man die 450 TWh zum Heizen gedrittelt, also einen Strom-Mehrverbrauch von maximal 150 TWh und eine Einsparung von 300 TWh (zum Vergleich: Atomkraft liefert derzeit noch ca. 230 TWh).\nUnd: 15 kWh Hausakku entsprechen auch bei sehr großen Häusern 1-2 Tagen Autonomie.\nDas ist wunderbar, denn Solar und Wind sind in Deutschland jahreszeitlich in etwa konstant.\nDie Summe aus Solar und Wind ist in etwa konstant.\nLokale Energiespeicher dienen also in erster Linie dazu, die passende Glättung zu erzeugen.\n","date":"2022-07-03T00:00:00Z","href":"https://blog.koehntopp.info/2022/07/03/energieverbrauch-in-deutschland.html","tags":["lang_de","energy","climate","germany"],"title":"Energieverbrauch in Deutschland"},{"categories":null,"content":"Another Friday, another replication hierarchy lost.\nThe error from June, July edition? The errors reported look awfully familiar: Binlog position is supposedly 4, and the error message has text about \u0026ldquo;max_allowed_packet\u0026rdquo;. Could it be another instance of this bug from early last month?\nIndeed, one symptom was \u0026ldquo;a large binlog, larger than max_binlog_size\u0026rdquo;. We check.\n-rw-r----- 1 mysql mysql 1073794077 Jul 1 06:39 binlog.000914 -rw-r----- 1 mysql mysql 1073869075 Jul 1 07:09 binlog.000915 -rw-r----- 1 mysql mysql 1073741881 Jul 1 09:28 binlog.000916 -rw-r----- 1 mysql mysql 2038358667 Jul 1 11:21 binlog.000917 Log ends at 11:21, at twice the expected size. Meh.\nTo the flight recorder Let\u0026rsquo;s check the flight recorder , again:\n# cd /var/log/mysql_pl/Fri # for i in 1[012]_??.innodb.xz; do \u0026gt; echo $i; \u0026gt; xz -dc $i | \u0026gt; perl -ne \u0026#39;/(undo log entries) ([0-9]+)/ \u0026amp;\u0026amp; $2 \u0026gt; 1000 \u0026amp;\u0026amp; print \u0026#34;$2\\n\u0026#34;;\u0026#39; ; \u0026gt; done| \u0026gt; less ... 11_20.innodb.xz 2895 11_21.innodb.xz 2895 11_22.innodb.xz 11_23.innodb.xz DBA, meet DBA So what is it this time?\n# xz -dc 11_21.innodb.xz| less 623 lock struct(s), heap size 73848, 3548 row lock(s), undo log entries 2895 MySQL thread id 186615979, OS thread handle 140545428498176, query id 2978139105 localhost root Waiting for semi-sync ACK INSERT LOW_PRIORITY IGNORE INTO `schema`.`_table_new` (`id`, ...`) SELECT `id`, ... FROM `schema`.`table` LOCK IN SHARE MODE /*pt-online-schema-change 63828 copy table*/ This is an INSERT ... SELECT ..., generated from Percona Online Schema Change. The transaction has some 2895 rows open, so in order for this to be a problem the average row length must be very large.\nLet\u0026rsquo;s check:\nroot@instance-1009 [schema]\u0026gt; show table status like \u0026#39;table\u0026#39;\\G *************************** 1. row *************************** Name: table Engine: InnoDB Version: 10 Row_format: Dynamic Rows: 2437 Avg_row_length: 3350975 \u0026lt;-- average! Data_length: 8166326272 \u0026lt;-- 8-ish GB used Max_data_length: 0 Index_length: 3194880 \u0026lt;-- almost no secondary index Data_free: 57958989824 \u0026lt;- also spiky usage, 53 GB free space Auto_increment: 546211 Create_time: 2020-12-08 02:25:41 Update_time: 2022-07-01 10:11:12 Check_time: NULL Collation: latin1_swedish_ci Checksum: NULL Create_options: row_format=DYNAMIC Comment: 1 row in set (0.00 sec) Ok, so we have 3.3 MB row size, on the average (peak blob size is 6.7 MB or so). Checking the schema shows us two MEDIUMTEXT columns.\nAnalysis The mitigation from last month had not been implemented, yet. It has now been escalated.\nThe event triggering the outage was a transaction larger than 1 GB, as before, in the face of binlog compression. The program triggering the large transaction was a DBA maintenance job running Percona Online Schema Change.\nPercona Online Schema Change has no logic to prevent large transactions from occuring. It should maybe check average row size, or check largest row size in the table, and cut smaller pieces so that the INSERT ... SELECT it generates always stays below 1G.\nOr it should accept that the INSERT ... SELECT may fail, if max_binlog_cache_size has been set, and retry with smaller steps then. The second idea would be better, I believe.\nAgain, the flight recorder has been invaluable in nailing down the root cause.\n","date":"2022-07-01T00:00:00Z","href":"https://blog.koehntopp.info/2022/07/01/i-have-met-the-enemy-and-they-are-us.html","tags":["database","mysql","lang_en"],"title":"I have met the enemy, and they are us"},{"categories":null,"content":"We got our solar roof around 1st of April. I am describing our setup here . Today we got the bill for Summer 2021 to Summer 2022.\nWhat I measured I installed a P1 interface on my electricity counter late in April, so my data does not cover all of the lifetime of the Solar Roof. Starting the graph at 01-Apr-2022, I get this:\nAt this resolution, not very helpful.\nWhat is visible is the fact that we do not have a battery, and therefore each day we produce energy, but also consume energy from the grid. What is not visible is the relation.\nLooking at the absolute counter values is more helpful. The total production is on the right hand side, the consumption on the left hand side, and the important number is the Range value below the graph.\nWe produced 1.66 MWh during the range between 01-Apr and now. We consumed 279 kWh in that interval. That leaves us with slightly under 1.5 MWh pushed to the grid.\nHeating consumed around 10 m^3 in one evening, otherwise we use gas for warm water. Not a lot.\nWe consumed 28.7 m^3 (around 287 kWh) of gas since the begin of metering. This includes one day of runaway heating worth around 10 m^w, and the rest is warm water. Warm water is not the cost driver, heating with gas is.\nBut let\u0026rsquo;s look at the financials: We get back 561 Euro, because we paid 2297 Euro in 12 monthly installments, and used 1735 Euro worth of power and gas. Mostly gas, but more on that further down.\nOur monthly installment two years ago was 192 Euro, last year 202 Euro, and this year it will be 213 Euro. Of these 213 Euro, 199 Euro will be for gas.\nSo already, without knowing details, we have our mission.\nGet off Gas, now! This is our electricity intake for the last 5 years:\nDown to 2.052 MW/a from 4.850 MW/a.\nActive since April 2022, the solar array has fed back sufficient electricity to compensate for more than half our consumption. Do I believe in overprovisioning? Well, yes, kind of. The array has been built with future use-cases in mind.\nIn any case, in the last 12 months we used 3881 kWh, and pushed 1834 kWh back to the grid for the set consumption you see in the bill.\nDown to 1251 m^3 of gas.\nOut gas consumption also fell, but that is mostly due to a mild winter and not heating much.\nDoing the math We are paying around 22 ct per kWh of electricity, and while there is a bit of fixed cost, it hardly matters – 22.5 ct per kWh all in.\nGas costs around 108 ct per m^3, which is an energy equivalent of 10-12 kWh warmth depending on the type of gas. Fixed cost here is substantial, and we end up at 132 ct per m^3 overall cost (1349.88 Euro for 1251 m^3, and 274.58 Euro of fixed cost).\nHeating Electricity Heat Pump Gas Heat generated 10 kWh 10 kWh 10 kWh Energy used 10 kWh 2-3 kWh 1^3 Cost per unit 0.225 Euro 0.225 Euro 1.32 Euro Total cost 2.25 Euro 0.5-0.75 Euro 1.32 Euro So to create 10 kWh of warmth from a heat pump, you have to expend 2-3 kWh of electricity, coming in at 50 ct to 75 ct per m^3 gas-equivalent of heating. That would be around 1.75 to 2.5 times cheaper than heating with gas.\nA heat exchanger can be a air-water-air system, so a heat exchanger that uses energy from outside air to heat water that is fed into the existing heating. This will work to around -10 C to -20 C outside temperatur, but for temperatures below zero, it will become successively inefficient.\nIf your area permits it, you can take energy not from outside air, but from the water or earth below the house. This is virtually always frost-free and hence relatively efficient. So if you have a houseboat or are allowed to install an earth circuit, this can be a completely painless solution.\nExisting radiators driven by heat exchangers almost always need adjustment or exchange, because the water-in temperature of the system is substantially lower than a preexisting gas burner. So somebody with actual clue will have to do the math and adjustment during installation, and some people will have to either change radiators, or install active venting (fans, basically) that push air through the radiators as a leisurely pace.\nIf you need air condition anyway, because for example there is a roof room that needs active cooling in summer, you can make sure that you get an airco unit that can operate in reverse mode. Most of the units that support it are as efficient as heat exchangers, and heat air directly. Here the work factor is comparable to normal heat exchangers.\nEither system will get you off gas, or (with the airco) work in parallel to an existing gas or oil heating – which is nice in case you do not trust the new system and need backup.\n","date":"2022-06-28T00:00:00Z","href":"https://blog.koehntopp.info/2022/06/28/the-new-energy-bill.html","tags":["lang_en","netherlands","energy","climate"],"title":"The new energy bill"},{"categories":null,"content":"I am on a Mac or on a Windows machine, and always I have to develop for a Linux target. On Windows, this is easy, because most Jetbrains environment already support working inside WSL2, so simply choosing this is a no-brainer.\nOn MacOS, I can create a \u0026ldquo;Docker Container\u0026rdquo; do develop in, but it is kind of a joke. That is, because MacOS cannot run Linux cgroups and namespaces natively, so you actually get a lightweight VM with Linux running, and then a container inside that. You might as well run Linux in VMware and start the Jetbrains thing inside that. It will hurt probably less than trying to edit inside a docker filesystem.\nAnd sometimes you do not just need a Linux box, but an actual development environment that runs on one specific server that you have ssh access to. Remote editing is \u0026ldquo;easy\u0026rdquo; in vscode, but there is no \u0026ldquo;my file tree is on that machine\u0026rdquo; mode in Jetbrains stuff.\nOr is there?\nEnter the Gateway Turns out, there is something better. The Jetbrains Gateways runs their editor, headless, on the remote machine, and that editor edits. The client is the GUI, and that runs natively on your development machine, using the native GUI and key bindings. GUI and remote editor communicate, the same way \u0026ldquo;Code with me\u0026rdquo; communicates.\nSo\nInstall \u0026ldquo;Jetbrains Gateway\u0026rdquo; Set up ssh connectivity in it. Start a new project, watch it download and install the development environment remotely. Enter the project and edit away. Yup, it\u0026rsquo;s beta.\nDoes it even work? Well, yes. I can hit the \u0026ldquo;Terminal\u0026rdquo; tab, and get an actual shell on the remote box. I can run and build stuff as if I would be running the GUI locally on the remote box. The native binaries are what I have on the remote box.\nWell, no. It\u0026rsquo;s beta. Sometimes it gets stuck, and sometimes the keys are \u0026ldquo;glue-ey\u0026rdquo;, that is, latency can be felt.\nUsually it helps to disconnect or kill the local client and then reconnect to the remote session. Sometimes that needs to be done more than once.\nWell, yes. Facinatingly, the remote session stays if you kill the local client, and on reconnect will be still there, blinking cursor and everything, just where you left it.\nAll in all, I think this is going to change the way it work. At least when the remaining problems are fixed.\nConnecting to the Blog.\nApparently there is a blog article from December 2021 which describes how it works in more detail. With the upcoming \u0026ldquo;Fleet\u0026rdquo;, it seems that they will be going all-in on the split between IDE backend and frontend.\nDisclaimer: I am a paying customer of Jetbrains, and have the private user all-in subscription, paid for myself.\n","date":"2022-06-27T00:00:00Z","href":"https://blog.koehntopp.info/2022/06/27/jetbrains-remote-development.html","tags":["lang_en","development"],"title":"Jetbrains Remote Development"},{"categories":null,"content":"MySQL 8.0.29 adds ALGORITHM=INSTANT as a way to run ALTER TABLE commands with less wait. The documentation can be found in Online DDL Operators and instant column operations can be found here .\nExample Syntax looks like this:\nmysql\u0026gt; use kris; mysql\u0026gt; create table t (id serial, d varchar(20)); Query OK, 0 rows affected (0.12 sec) mysql\u0026gt; alter table t add column i integer not null, algorithm=instant; Query OK, 0 rows affected (0.07 sec) Records: 0 Duplicates: 0 Warnings: 0 Limited TOTAL_ROW_VERSIONS The manual explains a new concept:\nA new row version is created after each ALTER TABLE ... ALGORITHM=INSTANT operation that adds one or more columns, drops one or more columns, or adds and drops one or more columns in the same operation. The INFORMATION_SCHEMA.INNODB_TABLES.TOTAL_ROW_VERSIONS column tracks the number of row versions for a table. The value is incremented each time a column is instantly added or dropped. The initial value is 0.\nmysql\u0026gt; select name, total_row_versions -\u0026gt; from information_schema.innodb_tables -\u0026gt; where name like \u0026#34;kris/%\u0026#34;; --------+--------------------+ | NAME | TOTAL_ROW_VERSIONS | +--------+--------------------+ | kris/t | 0 | +--------+--------------------+ So there is a concept called TOTAL_ROW_VERSIONS. This is a version counter for instant alter table, and it is incremented each time a change to a table\u0026rsquo;s schema is being made.\nThe manual continues with a warning: The TRV counter has a limit of 64. Commands are rejected when the counter is reaching the limit.\nWhen a table with instantly added or dropped columns is rebuilt by table-rebuilding ALTER TABLE or OPTIMIZE TABLE operation, the TOTAL_ROW_VERSIONS value is reset to 0. The maximum number of row versions permitted is 64, as each row version requires additional space for table metadata. When the row version limit is reached, ADD COLUMN and DROP COLUMN operations using ALGORITHM=INSTANT are rejected with an error message that recommends rebuilding the table using the COPY or INPLACE algorithm.\nERROR 4080 (HY000): Maximum row versions reached for table test/t1. No more columns can be added or dropped instantly. Please use COPY/INPLACE.\nThe obvious breakage So a command is rejected, when TRV reaches 64. Also, MySQL uses replication a lot. In fact, I am of the persuasion that any MySQL installation that does not have at least one replica is broken.\nSo can we use this to break replication?\nThe manual suggests that OPTIMIZE TABLE can be used to reset the counter. The manual knows the following things about OPTIMIZE :\nThere is a syntax OPTIMIZE LOCAL TABLE. »By default, the server writes OPTIMIZE TABLE statements to the binary log so that they replicate to replicas. To suppress logging, specify the optional NO_WRITE_TO_BINLOG keyword or its alias LOCAL.« This is not privileged: »This statement requires SELECT and INSERT privileges for the table.« We now do this: With dbdeployer we dbdeployer deploy replication 8.0.29.\nOn the primary: ./m -u root\ncreate user kris@\u0026#34;%\u0026#34; identified by \u0026#34;secret\u0026#34;; grant all on kris.* to kris@\u0026#34;%\u0026#34;; create database kris; create table kris.t (id serial, d varchar(20)); Continue as kris on the primary: ./m -u kris -psecret kris\nalter table t add column i integer, algorithm=instant; select name, total_row_versions from information_schema.innodb_tables where name like \u0026#34;kris/%\u0026#34;; alter table t drop column i, algorithm=instant; select name, total_row_versions from information_schema.innodb_tables where name like \u0026#34;kris/%\u0026#34;; Now inject the OPTIMIZE LOCAL TABLE command to plant the bomb. This can be done by the kris user, or any other user having INSERT and SELECT privilege. It is not necessary to have ALTER privilege, as long as you know that somebody else is doing instant alter table commands on the table.\noptimize local table t; Finally, continue to add and drop the column t.i as before. Check the TRV value on the primary and a replica. Note how the TRV value on the primary is lower than on the replica.\nWhen the TRV value reaches 64 on the replica, replication will stop with error 4080. The replica is unable to execute the alter table command, while the primary was able to run it.\n","date":"2022-06-20T00:00:00Z","href":"https://blog.koehntopp.info/2022/06/20/mysql-breaking-replication-with-algorithm-instant.html","tags":["database","mysql","lang_en"],"title":"Breaking replication with ALGORITHM = INSTANT"},{"categories":null,"content":"After getting a solar roof we have been looking at electric mobility solutions. But existing electrical cars seemed pretty much oversized. We do not really need a 4-seater with 650km range and two tons of total empty weight. Katja Diehl coined the german tongue-in-cheek term \u0026ldquo;Maximaleventualbedarfsauto\u0026rdquo; for it, the car that meets biggest use-case you could possibly reasonably have.\nLooking around, we test drove a Carver.Earth , which was the right size, but limited to 45 km/h (and bike pathes in some areas). Then Carver started to offer the \u0026ldquo;Carver S+\u0026rdquo;.\nThe vehicle can be driven with an A-license or a B-license from before 2013. It has 2 seats placed one after the other, and the back seat is rather basic. It goes 80 km/h on a 7.1kWh LFP battery, which is good for circa 100 km, if you do not go 80 all of the time. It carves, which means that it leans into curves in a rather awesome way (less awesome if you set \u0026ldquo;comfort\u0026rdquo; mode, which I strongly recommend). It has no steering or brake assist, which means you get to work a bit. But at 330kg total system weight, empty, it is pretty manageable.\nThe car charges with a regular household plug, but a type 2 adapter is available. It will still not fast charge.\nCompletely filling it up to 7.1 kWh from 10% charge took 4h and the house consumed 7.1kWh during that time (but we have base load and made a coffee).\nSo all in all a pretty good match, and exactly what we expected. Radically less car, so exactly the right amount of car.\n","date":"2022-06-08T00:00:00Z","href":"https://blog.koehntopp.info/2022/06/08/carver-s.html","tags":["lang_en","mobility"],"title":"Carver S+"},{"categories":null,"content":"I have been asked what kind of bike I ride and how to choose one.\nGazelle Grenoble 2017, with vaude Aquaback plus.\nI am over 50 years old, over 200cm tall and weigh more than 120 kilo before I dresss. Back when we still had an office, that was a 22km trip, each direction.\nI need an upright sitting position, a soft and comfortable seat. I need to be able to carry luggage, and a return-home guarantee. I need to be able to get useful service on the bike, because at my age I prefer to use money instead of time to keep the bike running.\nI did try the Cruiser HS by R+M, and that was a completely nifty bike. But it does use an insurance plate and a helmet, and I wanted something that could be ridden casually. And without the HS (which causes the inconvenience) the price for R+M was no longer justifyable. So I looked around at other solutions, and this was a good match.\nMy wife now has the 2020 model of the same type, with a step-through frame. That bike also has fixed lighting, so it can no longer lose adjustment, a better motor, a larger battery and a stepless gearbox.\nThe step-though frame has a different geometry than the one I use, and it would have it even at the same frame height: It is built for people with longer legs and shorter torso, so even adjusted correctly it feels wrong when I sit on it.\nI also like my (older) battery system. The battery is easily removable, which is important if you want to keep it warm in weather with temperatures below 3C - batteries age faster and permanently lose capacity if you freeze them. It is also handy, if you want to charge it, and there is no outside charger in the bike parking lot. When removed, the battery system in my bike keeps the contacts protected and dry.\nIn the newer bikes, the battery is integrated part of the frame, and in Gazelle\u0026rsquo;s case goes out up. This leaves the frame upen and rain can enter. Gazelle is not stupid, the contacts are at the top and somewhat protected, but you still have water inside the frame.\nFrame geometry matters. A bike frame needs to be fitted to your body, and then adjusted properly. Do not buy a bike from a catalog, nor without a test drive of at least an hour. There is no such thing as an average human , and because of that we have learned to build things adjustable. So get them fitted, properly adjusted and then try them out properly and listen to your body. This is not just about bikes, also keyboards, monitors and everything else that is close to the body need to be handled alike.\nThe Gazelle is made from standard parts, Bosch Motor, Magura brakes, Shimano gearbox, and so on. That makes replacement, adjustment and service easy: Any bike shop has these, and will be able to service them properly.\nAlso, the bike is entirely unconnected \u0026ndash; it will work with the cellphone at home, stolen or empty and still take you home.\nI mention this, because I am living in Hipster Ground Zero, and a lot of people look at VanMoof:\nAwesome design, seriously bad ergonomic choices and a lot of quality issues.\nThis is a company that has a turnover of 100M, and operates at a spectacular loss. They are making a bike from first principle and custom parts. Standard parts will not fit, and only their service center can fix these bikes. They also have quality issues for their self-made parts.\nApple can pull this deep supply chain stunt off, but they are of course a 100B company with a lot of manufacturing expertise, and frankly an entirely different pricing model.\nVanMoof also comes in a one-size-fits-nobody frame which seriously limits how it can be adjusted. The handlebar, too, can only be adjusted within close limits, and needs special tools to do so. The light is part of the frame, and permanently maladjusted: it produces glare instead of lighting the path.\nTheir bikes have a hub motor in the wrong wheel (the front wheel, which you use for steering), with no torque sensor. So driving is janky at best, outright dangerous in critical conditions.\nThe battery is not removable and will freeze to death, unless you can take it into a shed, cellar or your appartment. Which is also necessary to charge it.\nBut yes, it looks cool. Basically, this is a cinetic sculpture and not actually a vehicle.\n","date":"2022-06-08T00:00:00Z","href":"https://blog.koehntopp.info/2022/06/08/how-to-buy-an-ebike.html","tags":["lang_en","mobility","bike"],"title":"How to buy an e-Bike"},{"categories":null,"content":"(Twitter thread , reproduction in english, and update)\nOn Friday, 2022-06-03, 14:42, we lost a replication hierarchy, on the primary, all replicas down. At 16:30 the escalation hits my desk, because this one is special.\nReplication stops, and wants more max_allowed_packet There is a sequence of binlogs, each 1 GB in size, as configured, except for the broken one, which is 3 GB. Replication stops with\nGot fatal error 1236 from master when reading data from binary log: \u0026#39;log event entry exceeded max_allowed_packet; Increase max_allowed_packet on master; the first event \u0026#39;\u0026#39; at 4, the last event read from \u0026#39;../log/binlog.002558\u0026#39; at 19959785, the last byte read from \u0026#39;../log/binlog.002558\u0026#39; at 19959804 Trying to run mysqldump -vvv ... on the broken binlog fails and produces no output useful for diagnostics.\nUsing the flight recorder We do know the statement failed at 14:42 and we run a copy of MySQL Flight Recorder on every box, even this one.\nAmong the many things the flight recorder records is the processlist and also the output of SHOW ENGINE INNODB STATUS. Indeed we find a long running transaction. At 14:41, we see Compressing transaction changes.\n---TRANSACTION 6702541326, ACTIVE (PREPARED) 7419 sec mysql tables in use 2, locked 2 2185611 lock struct(s), heap size 232317048, 73307452 row lock(s), undo log entries 70077831 MySQL thread id 1532688506, OS thread handle 139765193623296, query id 22431944402 SOME_SERVERNAME 10.10.10.10 SOE_USERNAME Compressing transaction changes. INSERT IGNORE INTO target_table SELECT * FROM source_table And at 14:42 the same thing is visible with waiting for handler commit. Then replication died.\nWhat happened So this machine is running with compressed binlogs enabled. It was processing a large INSERT INTO t SELECT * FROM s statement to copy rows. We see 70 077 831 (70M) Undo Log entries. The transaction compressed data, then commits, then the replication stops on all replicas, in an unrecoverable way. At least the primary is still happy, if unaware of the problem. The binlog file is 2GB larger than it should be.\nThe immediate theory: Somebody wrote a small statement that produces a very large transaction. Binlog compression works with compression on a per-event basis, and we do get a very large row change event. But the zstd compression in MySQL cannot handle events this large. The size of the binlog suggests a signed 4 byte integer overflow.\nBeing unable to see the binlog, and getting some garbage error message make this very hard to debug. Our solution is to reclone the entire hierarchy (which is nasty, because it is a set of machines \u0026gt;10TB each).\nLater investigation confirms that there is a binlog compression transaction size limit, but it is apparently even 1 GB, not 2 GB. This is not too bad a restriction. You probably do not want transactions that large anyway: They would break group replication, they would take ages to roll back, and they would create a lot of other problems as well.\nProblems and Solutions So we learn:\nAvoid large transactions. 1000 to 10.000 rows are probably something you should aim for. Configure max_binlog_cache_size to under 1 GB. The server will then reject the large transaction instead of committing it to the binlog. This will prevent breaking the replication hierarchy. Maybe similar or a small multiple of max_allowed_packet? The default is wrong: 18446744073709547520, and the manual itself recommends 4 GB, but the product does not set the default to this. Given that binlog compression can\u0026rsquo;t do more than 1 GB, that should probably the default. MySQL should come with sensible defaults. mysqlbinlog -vvv ... is not helpful, as it cannot parse this binlog, and the error message given is useless. The program should give a proper diagnostic message. The server cannot handle this, and the error message shown above about max_allowed_packet is misdirecting. The server should give proper diagnostic messages. Once you experience this error, it is rather hard to fix: Recloning does it, but that takes long. Setting the max_binlog_cache_size prevents the situation.\n","date":"2022-06-07T00:00:00Z","href":"https://blog.koehntopp.info/2022/06/07/mysql-binlog-compression-and-large-transactions.html","tags":["database","mysql","lang_en"],"title":"Binlog Compression and Large Transactions"},{"categories":null,"content":"Where I work, we manage databases in an automated way . Not as automated as I wish it to be, but largely without touching boxes.\nWe have been doing so for a long time.\nOver ten years ago, I set the team the challenge \u0026ldquo;be on an arbitrary version of MySQL within 20 workdays (one calendar month), no matter how many servers we have\u0026rdquo;. We are there now, in a way: we are on a 30-day refresh cycle for our bare metal cloud, and we match that cycle for our virtualized fleet. It was a long road.\nCloning, upgrading and downgrading The three most basic operations we need to solve in order to manage a fleet of instances are: creating clones of an existing database instance in a way that they can participate in a replication hierarchy, upgrading instances to a new minor or major version, and downgrading instances.\nCloning Our tooling has three ways of cloning databases:\nUsing the high-speed native CLONE command. Using Percona xtrabackup. Shutting down an instance and running rsync. Using native cloning is by far the fastest and most convenient version, but it also comes with the most restrictions: Currently MySQL insists that the donor and the receiving instance be the exact same version. This makes CLONE the preferred method for scaling operations, but useless in upgrade and downgrade processing.\nCLONE could be much more useful in upgrade contexts: MySQL knows how to upgrade a datadir in-place. There is even no longer a need to run an external mysql_upgrade program, the code is now part of the server core.\nIt would be easy to allow cloning from a lower version donor, drop the received data into a local datadir and then restart the server process into an upgrade cycle. For forward version movements this would be a big improvement.\nFor us, rsync is an acceptable workaround to cloning, even if it is somewhat limited in speed. That is, because we consider any use of MySQL without a minimum number of replicas broken, and prevent it. Even for customers who think they do not need it \u0026ndash; eventually they all do.\nSo we can always stop an instance, and take our time to do things with it after we have copied it. It allows us to experiment, give extra capacity or try out new versions safely, even Pre-GA MySQL.\nOur safe fallback and the best compromise in speed, comfort and safety is, as always, Percona xtrabackup.\nUpgrading In the past, MySQL had the rule that there are never on-disk format changes within a single major version. That made it easy to move forward and backward between versions within a major release. It was also kind of necessary \u0026ndash; the release quality of MySQL back then was not always of the kind where you could upgrade to the most recent version and be certain that it was an improvement.\nA lot has changed since then, and specifically MySQL 8 has seen fantastic improvements in refactoring of the codebase, in feature planning and in an improved software production process.\nA bit of these improvements has been traded for evolutionary speed, though: With MySQL 8, on-disk format changes within the release series have been explicitly allowed, announced and in fact also happened several times.\nThis became a lot easier since mysql_upgrade functionality has been integrated into the server, and made automatic.\nDowngrading Downgrades have never been a great concern for MySQL.\nIn the past that was not an issue, because upgrading between major versions was seen as a major effort and did not happen en-passant and outside a migration project. That meant extensive testing, and retaining binary, up-to-date data directories of the replication hierarchy in question. In case a downgrade was necessary, one would reclone the old version and inject it into the replication tree, reaping instances running the new version to balance.\nAll this assumes that you did not yet upgrade the primary, which in any seamless migration always is the last step.\nMySQL 8 complicates this a bit With MySQL 8, this becomes a bit more complicated, or more common.\nWhile MySQL 8 gives us very welcome new features, (here are some highlights ), they are sometimes a bit… undertested.\nSome examples:\nOur default clone mechanism does not work yet with 8.0.29. In our case, it affects several thousand instances that fall back to rsync cloning, because CLONE\u0026rsquo;s strict version requirements render it useless, too. Some people experience corruption with the new improved instance schema change in 8.0.29 and need to consider downgrading to 8.0.28. We had an instance the JAMF database, tables without primary key, virtual columns and broken utf16 combine in an unholy and explosive way that required us going back from 8.0.28 to 8.0.27. And there are some problems with Spatial Indexes not being used in 8.0.29 that can make it necessary to downgrade to 8.0.28 from 8.0.29. All of these involve at one or two major versions to fix. Being able to go back \u0026ldquo;a quarter or half a year\u0026rdquo; would make this much easier for everyone: Users and Developers, and take a lot of strain of the vendor/customer relationship.\nCLONE would profit, too As discussed above, CLONE has extremely strict version requirements between donor and destination.\nThe upgrade path is fixable relatively trivial, as shown above, by falling into a server restart with upgrading. A guaranteed two-minor-version downgradability (6 months window) could enable CLONE to also handle downgrades, at speed. It would make version movements up and down a lot less risky.\nThat would be a lot of value added for little effort.\nDump and Restore are not an option The default way to upgrade and downgrade a database is to dump and restore. For Postgres for many years this was the recommended way to jump to the next version: pg_dump and be done with it.\nObviously that works only for toy deployments, because it does not scale. Dumping throws away the indexes, and importing the dump involves reading the data, scanning and sorting it, and then rebuilding the index structures again.\nWe have been there, in the past.\nThe 5.1 to 5.5 disaster For our upgrade from MySQL 5.1 to 5.5, our starting point was a non-GA version of MySQL 5.1 that included a bugfix we considered critical. For this version, no binary, in-place upgrade path to 5.5 existed.\nThat meant, our upgrade to 5.5 consisted in dumping each replication hierarchy and importing the dump into 5.5. The 5.5 instance would then be connected to the replication tree, and had opportunity to catch up. We would make it an intermediate primary eating 5.1 binlog, and emitting 5.5 binlog to further 5.5 instances we cloned out of the initial one. At the same time we would reap production 5.1 instances to match the growth of the 5.5 population.\nEventually we would move writes down from the 5.1 primary, promoting the 5.5 intermediate primary to try primary, \u0026ldquo;beheading\u0026rdquo; the replication hierarchy. Back then we already had a three-digit number of MySQL replication hierarchies, and even back then a replication hierarchy typically had a disk footprint of 1-2 TB (ie 2-4h at 200 MB/s).\nAll this takes around a week per hierarchy, and was not properly automated back then. It meant that the transition from 5.1 to 5.5 took us almost two years. In fact, the entire 5.1 upgrade experience is part of why we have so much automation.\nMySQL 8 makes this easier Things are marginally better in MySQL 8 these days:\nYou can turn off redo logging while doing bulk loading or importing (8.0.21 or better). You can do parallel index creation , so that is faster, if you have the CPU and memory to burn (8.0.27 or better) and your tables are within the constraints given. On the other hand, data grew. Sometimes imports can become multi-month projects: We had a 120 TB MariaDB instance that was converted to Oracle MySQL 5.7 by dump and reload. This took a machine with AMD EPYC CPU, 1 TB of RAM, and multiple months to complete. The conversion saga was painful enough to warrant a Percona Live talk about the entire thing by Mohammed Gaafar and Pep Pla.\nMySQL 8 makes it worse While MySQL makes \u0026ldquo;downgrades by reading a dump\u0026rdquo; somewhat better, at the same time there are aspects that make it worse. The new dynamic permission system in MySQL 8 makes it easy to add new privileges over time. The result is that privileges now change more rapidly.\nWhen you dump and reload (or downgrade a binary datadir), there is no mechanism currently to handle this safely.\nFor example, 8.0.28 might add AUDIT_ABORT_EXEMPT, and downgrading this in any way to 8.0.27 requires some sed artistics in the dump or other kludgery: 8.0.27 won\u0026rsquo;t overlook the privilege names it does not know anything about. Clearly, here is a tooling gap.\nTL;DR Databases are where the state is kept. State has size, and copying state is slow. That is why everybody is always very protective of state. Do not treat on-disk data the Yolo way that Devops treats stateless instances.\nIntroducing new features in a major version is okay if you have a mature codebase and development process. Changing persistent state on disk is more complicated than that. Upgrades should always be binary and in-place. Downgrades should be possible binary and in-place at least for 2 minor version (6 months) If you do not allow that, it is painful for everybody. That includes us, because we can test slower, so Oracle MySQL gets less feedback. That includes Oracle MySQL itself, because it makes nifty features such as CLONE needlessly specific and much less useful. We will, even with today\u0026rsquo;s degree of automation, never be able to upgrade by dump and restore, just because reindexing is very, very expensive. It is just too much data. Binary in-place upgrade and downgrade paths are completely non-optional. We will never have the hell of the 5.1 to 5.5 transition again. We simply cannot afford this anymore.\n","date":"2022-06-03T00:00:00Z","href":"https://blog.koehntopp.info/2022/06/03/rolling-back.html","tags":["database","mysql","lang_en"],"title":"Rolling MySQL back and forward"},{"categories":null,"content":"Der Schnuppel ist jetzt in der niederländischen Groep 8, also in der 6. und letzten Klasse der Grundschule. Die letzten Tests sind geschrieben, die Schulempfehlungen sind raus und bindend, die Folgeschule steht fest und hat die Anmeldung bestätigt. Das Schuljahr ist also noch lange nicht zu Ende, aber alle Arbeit ist getan.\nDas Snackphone One, Zubehör und Nachfolgemodelle im Webshop.\nLetzten Freitag kam der Schnuppel aus der Schule und berichtete davon, daß er mit einigen Freunden und Banknachbarn \u0026ldquo;Mobiltelefone\u0026rdquo; gebaut habe. Also, auf Papier gezeichnet und als Bastelset ausgeschnittene Mobiltelefonmodelle. Man habe jeweils unterschiedliche \u0026ldquo;Firmen gegründet\u0026rdquo; und den Schulkameraden jeweils sein Modell vermarktet.\nOkay.\nDie beste Ehefrau von allen \u0026ldquo;Oh, Basteln und Handarbeiten!\u0026rdquo;, und setzte sich also mit dem Kind hin, um sich die Modelle anzusehen und zu überlegen, wie man da Dinge verbessern könne. Zum Beispiel hatte der Schnuppel \u0026ldquo;USB Sticks\u0026rdquo; für sein Telefon entworfen, also Dinge, die man in das Modell stecken kann und die dann da halten können.\nKennt Ihr solche Pop Up Kinderbücher?\nDas Wetter. Pop-Up Buch So etwas hatten die beiden vor einigen Monaten für einen Klassenkameraden als Geschenkverpackung gebaut. Da sollten sich ja leicht Modelle für Handies gestalten und mit einfachen Mechanismen bauen lassen.\nAber diese Woche geht es mit der Klasse zum Campen an die See. Handies bauen und \u0026ldquo;verkaufen\u0026rdquo; ist also nicht. Und außerdem ist der Spaß ja im Basteln.\nDer Snackphone Webshop.\nMan kam also auf die Idee, daß man einen Webshop brauche für Mobiltelefone. Von dem man PDFs mit Bastelbögen runterladen könne. Und Bauanleitungen als Video. Und eine limitierte Anzahl vorgebastelter Geräte.\nUnd das würde er dann gerne als Projekt präsentieren wollen, mit einem Vortrag mit Video-Unterstützung.\nSo viele Wünsche auf einmal Wir waren dann also letztes Wochenende eine Familie als Webagentur. Man hat sich Modelle und ein Marketingkonzept überlegt, und wir haben diskutiert, wie sich die Modelle unterscheiden und was so gebraucht wird. Wie die Website aussehen soll. Wie sein \u0026ldquo;Ich erkläre mein Produkt und wieso\u0026rdquo;-Vortragsvideo ablaufen soll.\nUnd dann haben wir zusammen das ganze Projekt aus dem Boden gestampft. Ich habe mit dem Schnuppel einen datenbanklosen Nichtwebshop in Flask gelötet. Die Grundlage dafür war ein altes Login-System, das wir beide einmal zum Flask lernen gebaut haben. Der Schnuppel hat ein Design auf meine Skelett-Website gezogen, denn er kann Frontend \u0026ndash; ich nicht.\nSammy und der Schnuppel haben Videomaterial produziert, und er hat das in affenartiger Geschwindigkeit zu Filmchen verwurstet. Einige Jahre Youtube hinterlassen ihre Spuren am Kind.\nSammy hat mit dem Schnuppel Bastelbögen produziert. Die beiden haben Scripte zum \u0026ldquo;Verkaufen\u0026rdquo; der ganzen Sache in einem Videovortrag geschrieben, Szenen gedreht, und der Schnuppel hat es dann fertig geschnitten.\nBackend vom Webshop: Sales Panel.\nWie bei jedem Life-Gang wird alles in letzter Sekunde fertig, und dann geht es in die Schule. Nach der Mittagspause Vortrag und Öffnung des Webshops. Der Vortrag scheint den Verkaufsdaten nach einigermassen funktioniert zu haben.\nInsbesondere die verschiedenen Motive auf den Bastelbögen für die Handyhüllen scheinen es den Leuten angetan haben. An der Schule macht der Laserdrucker Überstunden, und die Kinder basteln.\nKinder und Projekte Alles in allem haben wir zu Dritt gut drei Tage in das Projekt versenkt. Wir haben als Team tatsächlich alle notwendigen Fertigkeiten um so ein Projekt grundlos aus dem Boden zu stampfen.\nDem Kind macht das themenübergreifende Arbeiten einen großen Spaß. Er hat bemerkt, daß er in einigen Bereichen (Mitsingen in Aufführungen an der Oper, Videoschnitt, Frontend-Design) erwachsenenwertige Fertigkeiten ausbildet. Das macht ihn sehr stolz.\nWieder ist ein zufällig aufgekommenes Thema zu einem Haken geworden, mit dem man tausend Dinge, Interessen und Challenges anbieten kann. Das ist hauptsächlich Sammy zu verdanken, die auf solche Gelegenheiten lauert und dann gnadenlos und komplett maßlos Dinge durchzieht, weil es geht, Spaß macht und auf tausend und eine Weise lehrreich ist. Hach.\nZutaten: Papier, Bleistift, Schere, Schneidunterlagge, ein wenig Kleber. Ein Mobiltelefon mit guter Kamera. WebStorm. Ein Laserdrucker. Ein Billig-VPS zum Hosten von Flask-Anwendungen. Sehr viel Zeit.\n","date":"2022-05-17T00:00:00Z","href":"https://blog.koehntopp.info/2022/05/17/wie-normale-leute-eben.html","tags":["lang_de","schnuppel"],"title":"Wie normale Leute eben..."},{"categories":null,"content":"Robert Nystrom is a language developer who works at Google on the Dart programming language. In his book Crafting Interpreters he explains lexing, parsing and executing a programming language in an accessible way.\n\u0026quot;Crafting Interpreters \u0026quot;, Robert Nystrom\nNystrom sets out with the (correct) observation that the matter of handling and executing code is a complex topic that is not made easier with all the theory that surrounds it. In his book, he takes the reader on a journey to implement a toy language, Lox, two times. First with a tree walker execution algorithm, not unlike PHP 3 or early Ruby. Then, again, with a bytecode executor written in C.\nThe book starts out by defining an intentionally very basic, but complete programming language, and then chapter by chapter builds the infrastructure to scan, parse and execute the code. All explanations are very practical and on the code, but a lot of boxes, asides and cross-references make the theory behind all this discoverable, while at the same time keeping it out of the way. One of the nicest and most practical introductions to programming language interpretation and compilation that I have seen.\n\u0026ldquo;Crafting Interpreters \u0026rdquo;, Robert Nystrom, EUR 25.84\n","date":"2022-05-16T00:00:00Z","href":"https://blog.koehntopp.info/2022/05/16/fertig-gelesen-crafting-interpreters.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: Crafting Interpreters"},{"categories":null,"content":"The Netherlands realized around 2000 that they have a problem with bike parking around train stations, and with parking around stations in general. A program was set up to fix that, assuming things would be done with in ten years. The program was a great success, and people taking the bike to use the train, and to use a bike after they arrived at their destination by train increased greatly. This created more needs, and so the program is, changed, still active today.\nFietsparkeren bij Stations , Folkert Piersma and Wout Ritzema\nTitle Page\nThe book talks, in one chapter each, about analyzing customer needs, the history of the program, guidelines and goals, the plannning process, typical bike parking facilities, architecture and design, investment costs, facility operations, technical resources, innovative solutions and finally an outlook.\nTable of Content\nWhat matters to cycling train travellers? Historic review Policy for the development and construction of bicycle parking facilities Plan development Types of bicycle parking facilities Architecture and design Investment costs Operation, maintenance and enforcement Technical resources and innovations Innovative types of parking facilities Challenges and opportunities Overview of bicycle parking facilities at railway stations, numbers of bicycle parking spaces per station to storage type The Bike/Train combination is special.\nThe bike/train combination is special in many ways. First, as a mode of transport, they have more in common than you would think. Both have a low impact on air quality, and they are also propelled in a natural manner: The electric trains of the Dutch Railways run on 100% wind energy, while bikes are propelled by muscle power, at times supported with a bit of electricity.\nBoth cyclists and train travelers like speed and convenience; cyclists want to get to their train as fast as possible without encountering any obstacles, while train travelers move fast while they read a newspaper, prepare for work or take a nap.\nAccording to Dutch Railways, nearly 50% of all train travelers (in 2019, about 1.5 million journeys were made each day) get to the station by bike and in some places, that figure is 70%. Approximately 16% of those travelers use the bike to get from the station to their final destination. Twenty years ago, those figures were 30 % and 10 % respectively. Because of the growing popularity of the bike and growing consideration for health and sustainability, we expect these percentages in the bike/train combination to rise further.\nThis combination already means that the car has fierce competition, especially for city-to-city connections. A study by the University of Amsterdam shows that the travel time from, for example, the centre of Arnhem to the Rijksmuseum in Amsterdam (approximately 100 km) is virtually the same for both the bike/train combination and the car.\nLoad diagrams and station plan with the bike parking in relation to the platforms.\n\u0026ldquo;Groot, licht, dichtbij. Dit is ideaal!\u0026rdquo; \u0026ndash; Christien\nProtected and unprotected bike parking. People coming to the station can park their bike protected or unprotected. Protected bike parking can be with personnel or without. An example of protected bike parking without personnel would be bike boxes.\n\u0026ldquo;Ik kom hier graag. Er is gewoon altijd plek!\u0026rdquo; \u0026ndash; Xiaohe\nPlanability and reliable availability of bike slots are important to customers and commuters.\nBike parking in the 1970s. Fietsenstalling bij station Koudum Molkwerum (boven) en fietsenstalling bi station Dronrip (jaren zeventig van de vorige euw).\nTimes and usage-patterns change.\nTo understand where the Netherlands are today, we have to look at the past. These photos from the 1970s show the situation in typical stations from that time.\nStation Kampen, 1982.\nThe Dutch word for a bike park is \u0026ldquo;stalling\u0026rdquo; (\u0026ldquo;stable\u0026rdquo;), and in this case it is meant quite literally.\nReplanning and rebuilding bike parking at station Deventer.\nThe Situation shown in 2002, and in 2012 after renovation.\n\u0026ldquo;Programma fietsparkeren bij Stations\u0026rdquo;\nThe change is not accidental, but the consequence of the program \u0026ldquo;Bike Parking at Stations\u0026rdquo;, which started off around 2000. It has changed the nature of bike parking at stations in the Netherlands fundamentally.\nBut it also had different, further reaching aspects, and that is why it is still ongoing after 20 years: Not only is the sea of bikes around the train stations gone despite more people arriving by bike at the train than ever before, also the quality of the area around the train stations improved. The dark and seedy underpasses and the general feeling of insecurity around many train stations areas in other cities is no longer present here.\nWhat works and what doesn\u0026rsquo;t? After gaining experience with the initial construction program and being pleasantly surprised by its success, the program was expanded to a broader basis, and the learnings were implemented. Financially, the group also improved its position.\nIt quickly became clear that not all conditions included in the \u0026ldquo;Taking Your Bike to the Train\u0026rdquo; directive were functioning well or efficiently. In Chapter 3, we already discussed the aisle widths in the bicycle storage facilities, which were found to be able to be narrower, allowing for a more efficient layout of the storage area. Another important adjustment was the positioning of the monitored and unmonitored storage facilities in relation to the station entrance and the prescribed covered walking route from the monitored storage to the station. It also turned out to be necessary to equip the indoor monitored storage with tiered racks, which was already the case in virtually all existing monitored storage facilities.\nPlanning and exploration phases for a bicycle parking facility are presented and explained\nTarget audience and their needs.\nHighlighting some important research\nUnderstanding the Target Audience\nBicycle parking facilities at stations have a very specific target audience with distinct needs, as also mentioned in Chapter 1. We know that train travelers are \u0026ldquo;time travelers\u0026rdquo; and we assume that cyclists heading to the station are almost always in a hurry because the train won\u0026rsquo;t wait. It starts with the route from home to the station: Cyclists prefer the shortest and fastest route from home to the station.\nFurthermore, cyclists want to get on the train as quickly as possible and spend as little time as possible parking their bikes. Therefore, we place the bicycle parking facility as close as possible to the station entrance.\nCapacity planning using the example of the fictional station Amperveen.\nCase STATION AMPERVEEN: Local Customization for Projections\nThe fictional station Amperveen and its surroundings\nBased on the current observed usage, this station requires 3630 spots. With the currently available 3000 spots, there is already a shortage of 630 spots. It would not be surprising if the long-term projection ends up at 5750 spots (20 % increase in travelers, 20 % increase in bicycle usage, and 10 % latent demand).\nReal Simulations: Amsterdam Centraal Station. ZW1A with a capacity of 7000 parking spaces has just been completed .\nCase Station Amperveen: Distance to the Station\nIn the analysis of parking locations, the distance to the station is also important. We try to create parking facilities as close as possible to the station entrance, but sometimes it is not possible to meet the full demand. Offering \u0026lsquo;first 24 hours free\u0026rsquo; parking is also considered a form of unpaid parking. If a station has a significant number of weekend parkers, which is often the case in student cities, it may be considered to provide a free unguarded parking facility at a slightly greater distance, up to a maximum of 400 meters.\nTypes, by Prevalence and Price:\nGround-Level Parking (as seen in the 1970s photos) Bicycle Flat (Multi-story Bicycle Parking) Indoor Parking Underground Parking Mega Parking Pedestrian Flow Analysis for the bike-parking \u0026ldquo;Stationsplein Eindhoven Central (south side)\u0026rdquo;. Variations in the Layout of bike lots.\nSo, what did we learn in the last 20 years?\nTypical 90\u0026rsquo;s Trend 2020 Not all ground level parking has a roof All ground level parking has a roof Concrete stairs Natural stone finished stairs No technical aids to bridge height differences Technical aids to bridge height differences, such as brush ramps, moving walkways, or escalators (if required and funded by the municipality) Unfinished concrete ceiling Finished with a system ceiling or a smooth finished ceiling Concrete tiles on the floor Smooth concrete floor Unfinished retaining walls visible Retaining walls coated or finished with a cladding Cables and pipes visible Cables and pipes concealed Unfinished interior walls (Light) Art on the interior walls Partition wall made of aerated concrete blocks or system wall Partition wall made of glass in an aluminum frame Windows in a portion of the wall Floor-to-ceiling windows Turnstile at pedestrian exit with low steel revolving gate Full-height glass turnstile And this is what it looks like.\n\u0026ldquo;Fietsparkeren bij Stations \u0026rdquo;, Folkert Piersma and Wout Ritzema, EUR 29.40 Hardcover\n","date":"2022-05-07T00:00:00Z","href":"https://blog.koehntopp.info/2022/05/07/fertig-gelesen-fietsparkeren-bij-stations.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: Fietsparkeren bij Stations"},{"categories":null,"content":"A book from 2017, about the Spanish Flu, which in the wake of the first world war turned into a global pandemic, killing between 50 and 100 million people on all continents.\nPale Rider , Laura Spinney\nSpinney describes the situation in the world in 1918, and how the Spanish Flu came into the world, and was experienced by people in various parts of the world. The flu returned in several waves, some of which behaved unlike normal flu seasons and also had weirdly shaped killing patterns in the population.\nShe also describes reactions of the population to pandemic fighting measures \u0026ndash; and we know them all from personal experience by now. There have been people protecting mask mandates, self-isolation and social distancing on purpose, \u0026ldquo;mah freedums\u0026rdquo; criers and so on, just like with Covid.\nIn parts 5 and 6, she looks at the flu from a modern perspective: We now know about viruses, and specific the influenza A virus and its variants. We understand its genetics and which parts of the virus are relevant for infection of humans, and they mutate. We catalogue them \u0026ndash; the spanish flu was H1N1. Spinney then looks at SARS, MERS and bird flu, and other viruses, and how they ramp up for another pandemic, strangely prescient of the Covid pandemic of 2020. Also addresses, again spot on, anti-science propaganda and ossified politics unable to integrate new findings into existing rule frameworks.\nAn enlightening and at the same time very frustrating read, written and published 3 years before Covid.\n\u0026ldquo;Pale Rider \u0026rdquo;, Laura Spinney, EUR 9.49 on Kindle\n","date":"2022-05-06T00:00:00Z","href":"https://blog.koehntopp.info/2022/05/06/fertig-gelesen-pale-rider.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: Pale Rider"},{"categories":null,"content":"On an alternate earth alternate biology produces beings that can grow up to 150 meters tall and that are powered by natural biological nuclear reactor: The Kaiju. Whenever anything, humans or Kaiju, uses nuclear energy, the boundary between the alternate realities is weakened and things can cross over. That happened the first time late in the second world war, and that is how the legend of Godzilla came into the world.\nThe Kaiju Preservation Society , John Scalzi\nIt\u0026rsquo;s Covid times, it\u0026rsquo;s New York, and Jamie got fired from his management position of a delivery service and has to deliver things himself now. Doing that, he meets an old acquaintance of him, which offers him a\u0026hellip; different job. The job turns out to involve secrecy, a dimensional portal and working in an alternate world in which he meets things that usually live in SciFi novels.\nThis is a fun read, from a fun Scalzi from earlier times woken up again. Doubly so when contrasted with the rather exhausting Interdependency. Action, Dad joke puns and an improbable premise delivered masterfully, with the parts clicking nicely into each other.\nA strong recommendation, and time well spent.\n\u0026ldquo;The Kaiju Preservation Society \u0026rdquo;, John Scalzi, EUR 8.99 on Kindle\n","date":"2022-05-05T00:00:00Z","href":"https://blog.koehntopp.info/2022/05/05/fertig-gelesen-the-kaiju-preservation-society.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: The Kaiju Preservation Society"},{"categories":null,"content":"The subtitle of \u0026ldquo;Sid Meier\u0026rsquo;s Memoir!\u0026rdquo; is \u0026ldquo;A Life in Computer Games\u0026rdquo;. And that is exactly what we get: Sid Meier lists, chronologically and very systematically, all the games he has been working on during his lifetime. And tells us what happened to him, the game and the game development process while he worked on it. Somehow that becomes a Memoir, even if some things are only implied or appear out of order.\nSid Meier\u0026rsquo;s Memoir! , Sid Meier\nBorn in 1954, Sid Meier is a prolific writer of computer games. Together with Bill Stealey, he funded Microprose in 1982, and write a number of flight simulators - among them Solo Flight and F-15 Strike Eagle. Growing tired of flight sim, he eventually \u0026ldquo;invents\u0026rdquo; the turn based strategy category of games by writing Pirates and Civilization.\nLeaving MicroProse after it merged with Spectrum, he funded Firaxis, and was able to pick up the Civilization trademark and some co-developers dissatisfied with MicroProse. They were able to continue Civilization and turn it into what is has become today.\nThe book is, as promised, some kind of Memoir and a fun read. It also gives some insight into Meiers thought processes and what is important to him in game development. An interesting person, producing an interesting and insightful book.\n\u0026ldquo;Sid Meier\u0026rsquo;s Memoir! \u0026rdquo;, Sid Meier, EUR 8.49 on Kindle\n","date":"2022-05-04T00:00:00Z","href":"https://blog.koehntopp.info/2022/05/04/fertig-gelesen-sid-meier-memoir.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: Sid Meier's Memoir!"},{"categories":null,"content":"This is an old book, from 1998, and much of the technology referred to directly has evolved since then. But, as this a book that deals with basics, in terms of metaphor and analogy, it is still valuable. It explains how computers work, and how we make the tech that powers them.\nThe Pattern on the Stone , W. Daniel Hillis\nComputers are really easy. There is just Zero and One, and it does not get any more complicated than that. The complexity in Computers and how they work comes instead from using simple rules, making them combinable, and then arranging them into more complicated structures by reusing previous building block.\nThe book makes that very clear. It starts at Zeroes and Ones, and takes the reader on a tour, explaining how we get the things we have (or had, 25 years ago), and how they are made by reusing stuff we build previously.\n\u0026ldquo;The Pattern on the Stone: The Simple Ideas that Make Computers Work \u0026rdquo;, W. Daniel Hillis, EUR 9.99 on Kindle\n","date":"2022-05-03T00:00:00Z","href":"https://blog.koehntopp.info/2022/05/03/fertig-gelesen-the-pattern-on-the-stone.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: The Pattern on the Stone"},{"categories":null,"content":"I live in a house in a rural village somewhere in Randstad . We are paying around 70 Euro per month in electricity, and up to 380 Euro per month in gas. We are using the latter for heating and warm water, but we are already cooking with electricity.\nThe house has a decent energy rating and a heat exchanger in the forced ventilation system. That is to keep the warmth in when getting fresh air in.\nEnergy cost of 2021. Electricity remains largely unchanged in 2022, but gas cost rose a lot.\nWe are using a lot of electricity for a 3-person household \u0026ndash; 5500 kWh, a lot of which can be attributed to \u0026ldquo;always on\u0026rdquo; electronics at home. In particular, one file server consumes around 100W, which accumulates to not quite 1 MWh per year. Outsourcing that to a cloud service would be too slow, and a lot more expensive, though.\nThe situation and the configuration The house has a rather steep roof. One solar installation service, recommended to us via a colleague, declined to make an offer for installation because they were not equipped to handle the roof steepness. In the end, we went with Zonneplan, who did not have any objections to the general situation at all, and were able to handle it.\nRoof steepness, as seen from the south.\nThe roof itself is oriented at 155 deg, pointing the roof ridge line to south/southeast. The west side is getting better light, but the first half of the day lights up the eastern roof as well. According to basic astronomy tooling , the sun crosses the houses ridge line at 11:45 CEST, and solar noon (sun at 180 deg) is at 13:45.\nRidge line of the house, and the solar panel configuration.\nWe opted for a solution that places 9 panels on the eastern roof, and 16 on the western side. The east side of the house got a 3x3 configuration, the west side a 4x4. The lower two rows on the western side can get shadow from the neighbor and from the house wings (see the shadow on the image above), so they need \u0026ldquo;optimizers\u0026rdquo; to handle shade. This is what it looks like on the west side:\nPanels on the west side of the roof.\nThe installed panel type has a size of 1.75m x 1.03m, and a Wp rating of 370W, so we get 200W/qm as expected from current tech. This is good for 3330Wp on the eastern side and 5920Wp on the western side, for a theoretical total of 9250Wp. In practice the configuration will never reach that level of output, because both sides of the roof cannot receive direct lighting at the same time.\nThe type sticker of one of the panels.\nThe inverter is a three-phase Huawei SUN2000-10KTL. It weighs 16kg and measures 52.5cm x 47.0cm x 16.6 cm, is rated IP65 and could in theory work from -25 to +60 degC. It still likes to sit inside, dry and warm.\nHuawei SUN 2000 inverter.\nThe device makes no perceptible sound, even under load. When producing 4500 Watt, it gets a bit warm, but not so much that it will feel painful to the touch.\nFLIR image of the inverter while transforming 4500W from the roof.\nInstalling the solar panels on the roof catches energy that otherwise has been hitting the roof and reaching the rooms inside. The rooms directly under the roof are now about 1.5C cooler, a great improvement.\nThe panels themselves, even when in full sunlight, do not get particularly warm.\nFLIR images of the solar panels while in full sunlight.\nProduction and consumption Here is a spotless day in April, still on MET, and hardly any clouds. We have sunrise at 6:40, around 7:00 we see a sharp rise of energy produced on the eastern panels. This peaks around 9:00 at ~2300W, then falls off a bit until around 11:30 the western panels start to kick in. From here on the production switches over from eastside to westside, for a peak of 5300W around 16:00. Sunset is at 20:40, and indeed we get at least a bit of energy almost to the end, though the decline is rather steep starting at 19:40 or so.\nTotal production is 44.5 kWh over the day. Around 10 kWh can be attributed to the modules on the eastern side, and their power comes in early when we need it for breakfast. They help a great deal to even out production over the day.\nThe inverter has a GSM module and feeds into the systems of Zonneplan. That also means I get no direct access to the Modbus in the Inverter without interfering with their warranty.\nI can access the electricity counter of our house, though, through the Dutch P1 interface. This is done, for example, with a P1 reader ethernet by Marcel Zuidwijk, connecting the P1 interface from the counter to a free power on the DSL modem. The data is put onto the house MQTT bus , using software written by a friend and colleague.\nReading the counters, I get a good overview of what happens during the day:\nRed line: Power drawn from the grid. Green line: Power sent into the grid. You can see how between 6:00 and 20:00 we are sending power to the grid at almost all times. The \u0026ldquo;Range\u0026rdquo; data shows we have drawn 6.25 kWh from the grid over the day, and sent around 30.1 kWh into the grid over the day.\nIn the image above, we can see that we sent 30.1 kWh into the grid yesterday. The Zonneplan app gives me a total production of 39.42 kWh for that day. We also took 6.25 kWh from the grid on top of that.\nThat gives us a usage of (6.25 kWh + 39.42 kWh - 30.1 kWh =) 15.57 kWh for the day. Out of this, we covered (39.42 kWh - 30.1 kWh =) 9.32 kWh internally. We pushed a net surplus of (30.1 kWh - 6.25kWh = ) 23.85 kWh into the grid.\nUsing the current counters, I can get a more detailed graph over the day. You can see a base load in the house of around 300W \u0026ndash; around 100W can be attributed to one server, the rest is various other electronics that is always on. Great spikes show household appliances doing things: Dishwasher, washing machine, espresso maker, microwave, cooking plates and ovens all draw around 2kW to 3kW, mostly to heat up water.\nUp: drawing power from grid. Down: Sending power into the grid. You can see how clouds and internal consumption take their bites of the \u0026ldquo;perfect\u0026rdquo; production curve.\nLooking at the day-curve this way you can see that we would profit from a household battery. On this day in April, we could maybe do with a battery of 5kWh or less, but in darker times a larger battery would be more effective. We could achieve complete autonomy from Equinox to Equinox, and charge the missing energy from the grid during cheap times in the darker half of the year.\nThe matching piece of equipment would be a Huawei LUNA2000-15-S0 battery pack. It is a 15 kWh piece of equipment that is 137cm high, 67cm wide and 14cm deep, coming in at 164kg and around 7200 Euro plus shipping. The pack is based on LFP technology, not on Li-Ion.\nLegal and financials We purchased the entire solution through Zonneplan at 10162 Euro, so around 1100 Euro per 1 kWp. This could be a noticeably less, if we did not have shade on the west side \u0026ndash; these optimizers are expensive.\nZonneplan not only installed the whole thing, which took less than a day, but also took care of all the planning, and all the paperwork. That was very comfortable, and they handled all the things professionally and competently.\nIn April, we produced 871.1 kWh, and sent 718 kWh into the grid.\nIn the Netherlands, power sent into the grid \u0026ldquo;turns the counter backwards\u0026rdquo;. That is, you can treat the network like a battery, 1 kWh sent in is 1 kWh you can get back later for free. This is called \u0026ldquo;Salderingsregeling voor huishoudens en MKB \u0026rdquo;:\n\u0026ldquo;Households and small businesses are allowed to feed self-generated electricity back into the grid until January 1, 2023. And offset it against their consumption at another time. This is called offsetting.\u0026rdquo;\nThis rule was supposed to end at 1. January 2023, but will be prolonged at least one year more, says Solar Mag :\nStartdatum afbouw salderingsregeling zonnepanelen niet haalbaar, ambtenaren adviseren 1 jaar uitstel\nStart date for phasing out solar panel feed-in scheme not feasible, officials advise 1 year postponement\nPhasing out the salderingsregeling to Zero is supposed to be done in 9% steps, not all at once. So in the first year, 91% of the power would be part of the salderingsregeling, the rest the electricity provider would pay for, and so on.\nThe law says that the provider must pay \u0026ldquo;redelijke vergoeding\u0026rdquo; (a reasonable compensation). At this point, a compensation of 80% of what you pay for electricity to them is considered reasonable by the lawmaker.\nThat would mean, I get paid at least 18.0 ct/kWh when I am paying them 22.5 ct/kWh. That\u0026rsquo;s workable.\nOutlook Right now we have solved our electricity problem, and manage to have solid overproduction (at least in the brighter part of the year). We are also getting a tiny electric car this year, which will eat into our budget. That also means we are not getting a Huawei battery this year.\nWe will have to eventually change the house heating from a central gas burner to a different system, likely air conditioners/heat exchangers that use electricity to warm up and cool air directly. They work as heat pumps, and produce between 3 kWh and 5 kWh heat for each 1 kWh they consume. This will considerably increase our consumption.\nWarming up 1l of water by 1C takes around 1.16 Wh, and the cooking gas we use provides around 10 to 12 kWh per cubic metre (1000l). So a shower that uses 240l (0.24 cubic metres) of gas consumes around 2.4kWh. Similar math can be applied to dishwashers and washing machines (\u0026ldquo;uses 0.885kWh to heat up 15l of water by 50C\u0026rdquo;), and to cooking plates.\nWe will be using a lot more electricity if we are going to eliminate cooking gas completely in this household.\n","date":"2022-05-02T00:00:00Z","href":"https://blog.koehntopp.info/2022/05/02/a-solar-roof.html","tags":["lang_en","netherlands","energy","climate"],"title":"A solar roof"},{"categories":null,"content":"Zum vorhergehenden Artikel bekam ich einen Leserbrief als Github Issue, das ist hier inhaltlich unverändert veröffentliche, weil ich glaube, daß es wichtige Informationen und Überlegungen enthält.\nVon @typxxi :\nIch schreibe einmal auf Deutsch.\nAkku Lebensdauer Großer Speicher heißt nicht immer gut, weil der LFP Akku dann eher über kalendarische Alterung stirbt, und nicht in Folge der Zyklen. Ein LFP-Akku schafft um die 3500 bis 6000 Zyklen. Das hiesse bei Dir im Idealfall, Du schaffst so 200 Zyklen pro Jahr und damit 17 bis 30 Jahre.\n200 ist schon viel, denn durch die Ost-West-Teilung und Verschattungen wird das im Winter recht schwierig, weil nicht genug hineinkommen wird, da die PV zu klein ist und eine 15 kWh Batterie zu groß bei dem aktuellen Lastprofil von 2022.\nIch bezweifele, dass Du überhaupt 200 Zyklen bei der 15 kWh voll kriegen wirst, weil Dein Nachtverbrauch im Sommer gering ausfällt - wegen der Kürze der Nacht. So bleiben dann nur noch die Übergangs-Jahreszeiten mit längeren Nächten und guten Sonnenerträgen, wo Du bei 5500 kWh und damit grob 15 kWh / Tag landest, was für die Nacht ja aber kaum 50% = 7,5 kWh bedeuten wird. Wahrscheinlich ist es so. daß das Haus in 6h auf Grundlast zurückfällt.\nGrundlast und Strom sparen Grundlast ermittelt man am besten beim nächsten Familienurlaub durch Aufschreiben des Zählerstandes bei der Abreise und Ablesen bei Rückkehr. Der Verbrauch in der Zeit, den Stunden Eurer Abwesenheit ergibt Deine Grundlast.\nDas ist elektrisch nicht ganz korrekt, weil zyklische Verbraucher wie Kühlgeräte mitgezählt werden, die der Definition nach kein Teil der Grundlast sind. In diesem Fall schon, weil wir die Zyklen für den Akku per Überschlag bestimmen wollen, und wir auch versteckten Verbrauchern durch Messen und Rechnen auf die Spur kommen wollen. Denn dort liegt das größte Potential.\nDa reicht es nicht, den Server mit 100W zu schätzen, sondern zu messen und um jedes Watt zu kämpfen (wobei in NL vielleicht nicht, solange jede PV kWh 91 % oder 82 % oder 73 % Wert behält). Dann beginnt auch der Kampf um jeden einzelnen eurer Stromsauger, die 24/7 Verbraucher wie eine Fritz!Box mit 11 W, oder deren Repeater, die gern einmal 10 W und mehr nehmen.\nDaumenregel: 1 W Verbrauch im 24/7 Betrieb = 9 kWh p.a.\nGenauer: 1 Watt x 24 h / Tag x 365 Tage / 1000 = 8,76 kWh, oder einfacher: 1 Jahr = 8760 Stunden und in kWh eben 8,8 kWh.\nDer Server kostet dann fix 880 kWh/a, und da sollte eine Menge zu sparen sein durch eine passende Energiesparplattform, denn gerade da kam ja auch der Erfolg des Raspi her. Ein Raspi 4 liegt grob 4 W als unterem Ende, also 96 W Einsparung, nur kann da ja auch ein Fileserver Rack dran hängen, sodass andere Kaliber Sinn machen, nur ist das der 1. Punkt, Strom zu sparen.\nZum Raspi Verbrauch hier ein guter Beitrag , der die verschiedenen Lastsituation betrachtete: Was kostet mich der Pi 4 an Strom im Jahr? OK, zuerst bei Verbrauch schauen und sparen, gibt lächerliche Dinge, aber sie bringen was. Natürlich in Deutschland mehr als in NL, weil hier die kWh eingespeist mit 8 cent vergütet wird und aktuell so 35 Cent kostet, wenn sie in der Nacht gebraucht wird. Daher ist der Druck hier größer, Strom zu sparen.\nWer Alexa in Form von Echo Show \u0026amp; Co hat, der kann sich fragen, ob er 1. die Display-Helligkeit braucht, mit der die läuft, oder es mit weniger auch geht. 3 Watt sind nirgendwo fixer gespart als da. Und noch viel mehr, wenn man die Frage der Helligkeit richtig zu Ende denkt für sich: Display ist immer aus, außer es schallt \u0026ldquo;Alexa!\u0026rdquo;\nDie Einstellung gibt es tatsächlich, den Nachtmodus, den wir auf 12:00 bis 11:59 gesetzt haben, sodass der Echo Show 1x pro Tag mittags erwacht und Lebenszeichen von sich gibt. Schont das Display (unser 1. Show mit 5 Zoll hat ein leidendes Display) und spart so grob 6 Watt , wenn ich mich recht entsinne: 54 kWh p.a. bzw. 18€\nUnd die Kids lernen das nur so, was wir selber in der Jugend nie lernten, denn Wasser und Strom flossen ja immer gut und reichlich und nur die Eltern hatten 1x im Jahr Kopfschmerzen, woher nur dieser Anstieg stammte.\nBatteriebedarf abschätzen OK, zurück zur Batterie. Ich gehe von sagen wir 220 W Grundlast aus, dann hast Du vereinfacht in 6 Monaten eine Dunkelphase mit 7 h Kernnacht und 3h Abendprogramm, wo die Batterie liefern darf.\nWir nehmen an: 7h x 220 W + 3h x 750W\nDas ist schon eher viel für TV schauen, 120 W bei 65\u0026quot; mit Sky Receiver \u0026amp; Licht an + 50\u0026quot; Monitor \u0026amp; Laptop an = 90W = 1540 + 2250 =3790 Wh ergibt einen Bedarf von 4 kWh pro Nacht in den 6 Monaten. Im Sommer aber auch weniger, weil die Sonne eher und länger Strom liefern kann, die Batteriephasen kürzer ausfallen.\nKontrollrechnung: die übrigen 14h x 750 W ergäben 10,5 kWh und damit Tagesverbrauch 15 kWh.\nOK, damit sollte klar sein, dass die 15 kWh Batterie zu groß sein dürfte, außer die Dinge ändern sich wie angedeutet.\nBatteriebedarf mit Wärmepumpe (Splitklima) Fangen wir mal damit an, dass Du einen gleitenden Übergang bei der Heizung siehst, dann gäbe es da als 1. Weg die Nachrüstung einer Split Klimaanlage als Heizung. Für die großen Räume vor allem im EG, wofür Du selber nicht viel Geschick brauchst, weil es nur 1 Kernbohrung braucht und danach nur noch Kabel verbinden und Maulschlüssel nutzen, ggf. mit Drehmomentschlüssel.\nDie Anlage kann dann heizen und im Sommer kühlen, was alle südeuropäischen Länder seit Jahren nutzen, weil deren Heizlast geringer ist. Der Wirkungsgrad ist sehr hoch, weil aus der Außenluft die Energie gezogen und direkt nebenan im Raum abgegeben wird ohne 20 m Heizungsleitungen und Verluste.\nWir haben 5,4 kWh große Mitsubishi nachgerüstet - im Altbau der 70er, der aber schon damals mit über 10 cm Wand und Decke gedämmt war. Die Kosten liegen incl. WLAN und aller Quick Connect Leitungen bei circa. 1100 € - wenn Du hier jemanden beauftragst, dann sind es 3000 €, sodass Du siehst, wie sehr sich da das lohnt.\nNimm aber eine Marke. In der Regel reicht aber das Basisgerät, denn Du kannst da viel Geld in Design investieren mit begrenztem Nutzen, denn für 500 € mehr bekommst Du die gleiche Anlage, die aber per Fernbedienung den Luftstrom nicht nur vertikal, sondern auch seitlich lenken kann. Wer das braucht, bitte, aber 1600 € heben die Hemmschwelle, so etwas mal zu probieren.\nUnd: große Räume eignen sich besser, weil 1. Wärme aufsteigt, und die Anlagenkosten sich nicht linear verteilen, also kleinere 2,2 kW Anlage für 4 0% zu haben ist. Sie kostet stattdessen dann 800 € statt 1100 €, macht also kaum Sinn.\nVon daher Split-Klimaanlagen immer größer auslegen als der Heizbedarf wäre, weil Du immer noch mit Tür auf das Haus als solches mit wärmen kannst, besonders bei Euren wohl vielen Etagen.\nNa klar, für 500 € mehr bekommst Du auch noch einen kleinen Bonus bei der Effizienz, denn statt COP 4,1 gibt es dann vielleicht 4,4 - also 1 kWh elektrisch bringt 4,1 oder 4,4 kWh Wärme. Du brauchst aber lange, um mit der 10 % höheren Effizienz die 500 € reinzuholen, da hast Du mehr von vielen kleinere Anlagen.\nBei Multisplit-Anlagen muss man wissen, dass Du da auch 2 oder 3 Innenräume heizen kannst, wobei jeweils 2 oder 3 Innengeräte an 1 Außengerät angeschlossen werden. Funktioniert gut, kostet aber auch und hat Schwächen, wenn ein Raum kalt und der andere auf Vollgas / Vollstrom laufen soll. Mag sich bei benachbarten Räumen lohnen.\nBei Quickconnect musst Du wissen, dass sich das Kühlmittel im Außengerät befindet. Mit der Quickconnect Leitung kannst Du die beiden Geräteteile selber verbinden und in Betrieb nehmen - außer Du lebst in Deutschland, da brauchst Du den Klimaschein. In Italien war das für uns nicht der Fall.\nEs muss Dank Quickconnect kein Vacuum erzeugt oder kontrolliert werden, solange Du mit 7 m Rohrlänge klar kommst. denn für 7m packt Mitsubisih Kältemittel in das Außengerät. Ansonsten muss der Klimatechniker kommen und nachfüllen.\nLange Vorgeschichte, um zu zeigen, dass man auch elektrisch zuheizen kann, oder gar mit 3 Anlagen a 5,4 kW den alten Heizkessel an Heizleistung mit 16 kW erreichen kann.\nAn den sehr kalten Tagen, die Du an 2 Händen zählen kannst, wenn es unter 5° C geht, verliert die WP ihren Wirkungsgrad und Arbeitsleistung, da sollte dann was helfen? Gas heizen und mit elektrischem Heizlüfter.\nDas alles nur, um zu sagen, dass diese Heizung sinnvoll sein kann, und dann auch teils von Batteriestrom profitieren kann. Das ist vor allen Dingen in der Übergangszeit sinnvoll, wenn morgens die Sonne noch weg ist oder abends schon wieder. Jedoch braucht eine 5,4 kW Heizung mit COP 4 maximal Strom von 1,6 kW - wenn Du bei 12 ° heim kommst und das Ding auf 28° drehst und mit voller Drehzahl Wärme brauchst.\nDie 1,6 kW machen es Dir auch leicht, dieses Gerät nachträglich an eine normale Unterputzdose in den Stromkreis einzubinden. Damit will ich sagen, dass hier eine 5,4 kW Anlage im Winter einen Wohnraum konstant auf 23° C hielt. Der Verbrauch lag dabei bei 4 kWh am Tag, in der Übergangszeit weniger: 2 bis 3 kWh.\nFür die Rechnung ist das wichtig, ja der Akku auch morgens noch voll sein sollte, wenn man die Nachtzeit von Batterie versorgen will. Von den 2 bis 3 kWh entfallen dann vielleicht 40 % auf die Nacht oder weniger, wenn man Nachtabsenkung der Temperatur in Kauf nimmt. Nimm einfach mal 1,3 kWh für die Nacht je Gerät und schwups bist Du bei 3 Geräten bei 4 kWh.\nMit den 4 kWh Alltagsverbrauch und mit 4 kWh fürs Heizen per Split Klima in 3 Räumen und mehr landest Du bei 8 kWh Bedarf, und irgendwie ist der 15 kWh Akku immer noch verdammt groß, liegen also 3600 € Kapital brach herum.\nDaher der Rat, das ganze mal mit 10 kWh zu denken, die Dir vielleicht 2400 € sparen, die reichen, um dafür Splitklima zu kaufen.\nWasserbereitung Jetzt mag noch die Frage kommen, wie es mit dem warmen Wasser wäre. Genau, das ist dann auch so eine noch einfachere Sache.\nEs gibt vor allen in Südeuropa Monoblockanlagen, die meist in einem wärmeren Raum aufgestellt werden. In Frage kommen Heizungskeller oder ähnlich. Die Anlage zieht dort aus der Umluft die Wärme ziehen, und heizt einen 100 Liter Wasserbehälter auf. Diese werden an nur 2 Rohren in den bestehen Warmwasserkreislauf eingebunden, was Du auch selber machen kannst.\nKeine weitere Veränderung erforderlich, alles beim Alten.\nEin solches Gerät hat Abmessungen von etwa 50 x 50 cm x 120 cm Höhe, und wird meist an die Wand gehängt, in Südeuropa auch gern in die Küche. Entsprechend gestalten die Anbieter aus Südeuropa das auch gern mal wie ein Interieur Möbel, schönere Oberfläche und Bedienung als die typischen Heizungen.\nDer Preis liegt um die 900-1100 € von Ariston, in der einfachsten Variante. Ich rate Dir aber sofort, da genau zu schauen, denn die kommen ohne WLAN und SMART, haben mitunter aber eine Steuerleitung, sodass Du bei PV Überschuss eben auch das Wasser warm machen kannst.\nLohnt sich alles für NL heute nicht so sehr , aber mit jedem Jahr weiter un 9% weniger Wert der eingespeisten kWh um so eher und mehr.\nFür die Rechnung nimmst Du einfach an: Du hast da 100 Liter, die mit 15° C reinkommen und auf 55°C erwärmt werden müssen. 40° C x 1,1 Wh/ °C und 100 Liter enden bei Wärmebedarf von 4400 Wh, wobei so eine Ariston Nuos Primo mit COP 3 als Wirkungsgrad kommt. Das bedeutet, Du brauchst 1,5 kWh.\nIst die Frage aber, wie viel kWh Du morgens brauchst, bevor die Sonne aufgeht, um den Behälter aufzuheizen. Da sind die 40° C ja selten fällig, weil nicht immer abends noch geduscht worden ist und 100 Liter 15° Wasser nachgefüllt worden sind, sondern Du mit 100 Liter 40° C warmen Wasser aus der Nacht kommst und dann nur noch 1/3 der Heizlast hättest, eben 15° C erwärmen statt 40 °C.\nDer Strombedarf sinkt dann auf 0,600 kWh wären. Und damit ist 3/4 des Jahres, wenn im Akku auch Strom sein wird, der Akku mit 9 kWh ausgelastet. Im Sommer noch weniger, im Spätherbst und frühen Frühling mehr.\nAuto Ach ja, der Elektroflitzer soll ja auch eher tagsüber geladen werden als mit Verlusten aus der Batterie in die Batterie, sodass man dessen Bedarf als Ausnahmen vergessen kann. Er ist im Übrigen die viel billigere Batterie, stell Dir mal einen 50 kWh PKW vor, der aus den HUAWEI 15 kWh Speichern gebaut würde, denn dann wären das schon 25000 €, also ist der günstigste Speicher Dein Auto.\nSelbst in Deutschland wird Vehicle 2 Load als Rückspeisen ins Haus bzw. als Vehicle 2 Grid ins Netz kommen. Zuerst VW, die sich gegen die Stromlobby durchsetzten. Von daher baue den Akku nicht zu groß, wenn in 1 Jahr VW und dann andere Vehicle 2 Load Fahrzeuge liefern.\nEin Ford F150 Lightning Truck kann ein ganzes Haus versorgen, weil bis zu 9 kW aus dem Fahrzeug gehen können, wobei klares Negativbeispiel. Ein MG4 in Golf Größe kommt in der Basis mit einer 51 kWh LFP battery und einer 2,3 kW Leistung Vehicle 2 Load (kein 2 Grid). Der MG4 Akku mit 3500 Zyklen und mehr kann dann die Hausbatterie ersetzen. Noch ein Grund mehr, eine NICHT ZU GROSSE HAUSBATTERIE zu kaufen. (Nebenrechnung: 300 km WLTP hieße bei 3500 Zyklen aber eine Akkulebensdauer von 1.250.000 km, die das AUto nie fahren wird. Der Akku hält also länger als das Auto mechanisch.\nÜberschüsse handhaben Nun der Punkt, der ebenso wichtig ist: Wenn Überschuss, dann bestimmte Verbraucher mit Überschuss Strom betreiben\nDas nennt sich bei Auto und Wallbox Überschussladen. Die Softwarelösung heißt wohl EVCC, wenn Du nicht eine teure, an den Wechselrichterhersteller gebundene Lösung kaufst. Nur läuft die dann meist nur mit einer Huawei Wallbox, so es die gibt.\nDer nächste Verbraucher wäre ein Problem, von daher schau Dir EVCC an, die einen Raspi braucht oder einen SonOff ihost, der ein lokales Smarthome ohne China Cloud für aktuell noch heute 55 € bietet. Also eine grob Pi 3 / Pi 4 vergleichbare Leistung mit einer Docker Einbindung und Zigbee, WLAN und BT an Bord, sowie anderem Zeug. Heute noch im Release Angebot, was seit März gelaufen ist. Ansonsten wohl etwas teurer, aber günstiger als Pi 4 neu von ebay.\nEVCC erlaubt Dir das Laden von einem oder mehreren Fahrzeugen bzw. Verbrauchern mit Regeln \u0026ldquo;Wie lade nur das, was an Überschussstrom sonst ins Netz ginge (die Fahrzeuge können meist erst ab 6A)\u0026rdquo; und das auch intelligent. Denn neben dem reinen grünen Überschuss gibt es noch andere Ladeprogramme, um das Fahrzeug schnell zu laden auch mit Strom vom Netz.\nUnd Deine Splitklima, ggf. aber auf alle Fälle die Warmwasser-Wärmepumpe sind ein Super Überschussverbraucher\nDieser Energymaster ist die Zentrale, denn nur diese Überschussverbraucher lassen sich wirklich gut mit Überschuss betreiben. Eine Spülmaschine oder Waschmaschine nur und erst dann ein zuschalten, wenn der Strom reicht, ist im Alltag eher ein Alptraum in der Steuerung und muss man bzw. alle in der Familie wollen. Abends nach Haus und die Maschine ist nicht gelaufen, da kippt die Stimmung dann fix.\nVon daher schau mal EVCC an, ist Open Source und bestimmte Funktionen brauchen einen Sponsor, was der Wallbox Hersteller übernommen haben kann, sodass alle Produkte des Herstellers das gratis können - oder kostet Dich maximal $2 p.a. und ist Open Source made in Germany mit sehr lebendiger Community. Du findest die Site auf evcc.io .\nSteuerung und Modellierung War es das ?\nAll das ist die alte, händische Art so was anzudenken und zu durchplanen. Es hätte Dir vor 1 Jahr vielleicht auch mehr geholfen, das so zu finden, aber sei es drum. Da auf dem Blog nichts Neues stand, sah es erst einmal nach dem Stand der Dinge aus, wo sich ein Akku kaum rentiert, wenn man von 1 kWh eingespeist morgen oder im Dezember noch 0,91 kWh zurück bekommt.\nVon daher mag das jetzt Sinn machen und Dich auch schon länger fragen lassen, was noch geht und wie in welcher Reihenfolge. Nur der Rat, dass Du lieber einen eng bemessenen Hausakku kaufst, und im Hinterkopf hast, dass die PKW das künftig von Haus mitbringen werden, und zwar vor 2030, denn VW ist ein Big Player wie ein F150 Lightning in den USA bei Trucks.\nAll das hier ist die alte, einfache Art, weil jeder der Dein Blog dazu liest, dem auch folgen kann. Willst Du mehr und genauer, also auch PV Anlage planen und vergleichen können, dann kannst Du sozusagen Dein Haus an Deinem Ort einfach in 3 D planen. Deine Anlage, wie sie ist, nachbauen und passend dazu Deine Verbrauchsprofile hinterlegen, wann welcher Verbraucher am Tag oder in der Woche läuft und was an Strom braucht, oder aber Du nimmst die 5500 kWh und lässt die für einen 3 Personenhaushalt mit 1 auf Achse und der Rest zu Haus runterbrechen.\nDiese Software errechnet dann auf Basis der Einstrahlungsdaten an Deinem Ort die Erträge je Minute aus der PV, und stellt dem ggü. die Verbräuche , sodass das System für jede Minute eine Bilanz erstellt und das ganze zu einem Jahresergebnis.\nDa kannst Du dann alternative Module simulieren, alternativ Belegungen und Wechselrichter, ebenso Batteriegrößen, DIY Akkus und die Wärmepumpe bzw. Dein Auto elektrisch fahren lassen mit wöchentlich 500 km und Ladeprofilen und Zeiten.\nDas findest Du auf bei Valentin Software in Berlin - gratis als 30 Tage Demo, wobei Du die Kundenprofil-Auswertungen halt nicht drucken kannst, aber mit Screenshot kriegst Du alles auch so. Alle Versionen gibt es dort zum Download und laufen prima.\nDer Anbieter hat auch alle Daten der Module und Wechselrichter hinterlegt. Du sparst Dir das fehlerträchtige Abtippen der Specs, die das System braucht, um zu simulieren. Du mussst nur Modul Daten etc. auswählen, und dann sollte das System signalisieren, dass alle Komponenten passen oder woran es scheitert.\nDas Ergebnis der Simulation ist super, die Daten sind realistisch, also die Planung zuverlässig, die Modul, Batterie, Wechselrichterdaten werden teils von den Herstellern eingepflegt und laufend aktualisiert, weshalb alles von deren Servern zur Laufzeit kommt. Ist dann Dein Wechselrichter dabei mit neuen Specs oder verbesserter Version, dann wirst Du gefragt, mit welchem Modell Du weiter arbeiten willst.\nDie Planung selber ist da schon was anderes. Man braucht, um sich da einzufinden, aber am Ende geht es oder Du kennst Leute und kannst fragen. Von daher halt der Hinweis, dass Du PV SOL in der PREMIUM Version. Nimm nicht die kleineren, sondern gleich das Profi-Tool, das Du sehr gut nutzen kannst, um Dein System von heute zukunftssicher zu gestalten durch u.a. Simulation.\nWechselrichter brauchen Strom Lange Geschichte, aber ich denke, dass Du was daraus machen wirst.\nDazu hast Du noch bedingte Reserveflächen, die auf den Garagen / Carport etc. Je weniger die eingespeiste kWh wert sein wird, je eher wirst Du mehr Leistung auf dem Dach haben wollen. Und von daher hast Du jetzt Zeit, die Zukunft so zu planen, dass Du Dir ad hoc auch nix verbaust wie mit einem teuren, zu großen Speicher, denn:\nim Winter wirst Du den ausschalten, weil ein Hybrid Wechselrichter dann auch fix 70 oder über 120 Watt in der Nacht jede Stunde aus der Batterie ziehen kann, um nur bereit zu sein, Strom zu erzeugen.\nJetzt passiert nix dergleichen, denn die PV Module liefern keinen Strom und Dein Wechselrichter legt sich schlafen. Kommt die Batterie, dann will der aber 24/7 seinen Anteil zum Betrieb und der kann hoch sein: höher als Dir lieb ist, weshalb dann viele gerade mit so einer eingeschränkten Ost -Westleistung wie bei Dir eben die Kiste im Winter aussschalten, weil der Überschuss zum Laden zu gering sein wird.\nDaran denken die wenigsten und fallen nachher aus allen Wolken, wenn die Monatsauswertungen plötzlich hohe Verluste zeigen wie 200 kWh für den Betrieb des Akkus im Monat, weil ja der Verbrauch des Wechselrichters nur durch den Akku provoziert wird. Ohne Akku wären die nicht da.\nSchluß Gutes Studium und Gelingen - ich schaue mal bei Gelegenheit vorbei und wenn Fragen sind, dann kann ich vielleicht mit Antworten helfen oder sagen, wo Du die Antworten findest.\nKlar, das macht alles heute noch nicht wirklich Sinn in NL, weil eben 91 % oder 82 % jeder eingespeisten kWh gratis zurückkommen, wann immer Du die im Jahr brauchen könntest. Aber mit jedem Jahr weiter kommst Du deutschen Verhältnissen näher, wo eben die kWh vom Netz das 4,x fache dessen kostet, was Deine eben eingespeiste kWh bringt, von daher endet das in derselben Richtung früher oder später.\n","date":"2022-05-02T00:00:00Z","href":"https://blog.koehntopp.info/2022/05/02/a-solar-roof-2.html","tags":["lang_en","netherlands","energy","climate"],"title":"A solar roof 2"},{"categories":null,"content":"Where is the Internet coming from and how and when was it built? It\u0026rsquo;s a network of tubes, or rather cables, and these days they are mostly fiber. Much of it was built during the dotcom boom, but little has been written.\nThe Undersea Network , Nicole Starosielski\nNicole Starosielski is a professor at New York University Steinhardt, and specializes in Internet Infrastructure, specifically underwater sea cables. In her book, she documents the history and development of the infrastructure that carries more than 99% of todays Internet data, the backbone that defines the global transport capacity of the Internet.\nStarosielski not only explores the technology, but also the topography and history of the cables, and of course the policts that follow inevitably if you plug a cable that connects to remote locations. The book meanders between travel report, history book and sociotechnical politics brief.\nA companion to the book, the Website Surfacing allows the reader to interactively follow and explore the structures the book explains. Search terms at the beginning of each chapters imagery link the chapter in the book to the interactive display on the Surfacing website.\n\u0026ldquo;The Undersea Network \u0026rdquo;, Nicole Starosielsky, EUR 19.61 on Kindle\n","date":"2022-05-02T00:00:00Z","href":"https://blog.koehntopp.info/2022/05/02/fertig-gelesen-the-undersea-network.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: The Undersea Network"},{"categories":null,"content":"Where I work, the native database is MySQL. This is what the database team fully supports.\nOther databases, notably Postgres, are in use mostly because external products we run require them. Internal projects should use MySQL. An external company provides limited support for running Postgres.\nThe recommended version of MySQL to be used is currently the latest 8.0. It has a large number of improvements over the previous version 5.7 in terms of the SQL subset supported, handling of sorts, critical character set support and join strategies. Versions of MySQL older than 5.7 are completely unsupported and contain unfixed critical CVEs. They must never be used.\nNote that \u0026lsquo;fully supports\u0026rsquo; does also include operational aspects of the database: Automated handling of grants, automated fail-over, replication tree management, capacity planning, restore testing of automated backups, and integration with compliance tickets. Using other SQL products is likely to leave a team with a lot of toil that is taken away by automation had you been choosing MySQL.\nOverview We are using a \u0026lsquo;safe subset\u0026rsquo; of MySQL (\u0026ldquo;Blue MySQL\u0026rdquo;) and not all features of the product. That said, we are an enterprise with several hundred use-cases. For each of these rules a counterexample project likely exists.\nThe \u0026lsquo;safe subset\u0026rsquo; of MySQL mostly means: We do not store code in the database.\nWe do not use views. We do not use stored procedures or stored functions. We do not use triggers. We do not use UDFs (\u0026ldquo;user defined functions\u0026rdquo;, .so files that are loaded into the server proper and can be called as SQL-functions) We do not run code in the database, because it makes applications very hard to update atomically in a rollout. It also makes it hard to see all code that is part of the application in a developers\u0026rsquo; editor, because some of it is in git, and other code is part of the schema. Finally, code in the database creates some kind of spooky action at a distance that creates lots of debugging problems.\nSpecifically for MySQL, the MySQL stored procedure language is as beautiful as COBOL, as efficient as PHP 3, and as debuggable as embedded Lua. Do not use it.\nGeneral SQL systems are stateful systems, so your application can be stateless. That means there is state in a lot of unexpected places in SQL, and you have to be aware of it.\nConnection Scoped State COMMIT can fail, and you must be able to retry Databases store data for a long time. Often longer than the code that created the data lives. For example, there are databases in production that have an uninterrupted change history of more than 20 years. The data started out in Postgres, was converted and migrated to MySQL 4.0 and then lived through a change of versions up to MySQL 8.0.\nDatabase administrators operate with this in mind, and use a lot of defensive operational procedures. Get their input and their help when planning changes.\nAll data has a full data lifecycle: It is being created, ingested, stored, changed and updated and ultimately exported to different systems and/or deleted. Plan the full data lifecycle, and pay special attention to tables that have time as a component of the primary key or the table name, or otherwise exhibit log nature. Every transactional database has a data warehouse inside, and it struggles to get out. Given the same number of customers, articles and transactions each day, will your database grow without bounds and which structures cause that?\nDatabase administrators will help you to complete the data lifecycle.\nAbsolute Limits MySQL has a number of limits that are part of the codebase. Specifically, InnoDB limits are documented in the manual. It is useful to be familiar with at least the information on indexing.\nOn top of that there are other limits that will affect you, based on physics, operations and available hardware.\nSize Are you running out of disk space? Know what to monitor, and how to handle the situation and absolute size limits .\nDeleting data costs disk space. MySQL is running in a replication hierarchy, and in order to replicate MySQL stores a pre- and post-change image of each changed row in the binlog. This is kept for up to seven days to allow lagging replicas to catch up. For deletion, the pre-deletion image of the row is sent to the binlog, in order to allow the replica to find the row to delete it. This consumes disk space, which will be reclaimed only after seven days.\nA DBA can help you here to reclaim space early.\nSize is Time, and Time is Size. Assuming 400 MB/s copy speed, copying one terabyte of data takes around 45 minutes. Adding 15 minutes of replication catchup, you can expect around 1 hour of creation time per terabyte of database size.\nDatabases of around 200-250 GB size have a creation time of around 10-15 minutes per instance. That is sufficient even for databases in Kubernetes.\nThe DBA Standard SLO supports databases are \u0026lt;2 TB in size, and fit onto a 1.92 TB sized standard NVME drive, including binlog and overhead. They take around 2h to create from a donor instance.\nDatabases larger than that require special storage (external persistent volumes), which will have worse latency and cost more. It will not be available immediately, and moving existing databases (which are already large) to different storage will take time in accordance with their size. Plan ahead, and plan with a DBA to make this a smooth transition.\nThe instance size limit is approximately 10 TB. Instances larger than 10 TB will have a creation time so large that operations will have at most one attempt per day to do anything with the instances. This produces unsustainable toil for DBA, and drag on your project.\nThat is, some time before hitting the 10 TB barrier your project will have to have an exit plan in place to avoid hitting this limit.\nThe plan can be\nuse Cassandra or another sharded NoSQL storage. use shards in MySQL, doing application level sharding. consider a supported distributed database. It will involve in all cases moving to a distributed setup that more or less transparently shards. It will also involve moving to a setup where JOIN will be much more costly because of the distributed nature of the database.\nWe do currently have larger databases than 10 TB. Contact their owners to understand the nature of their toil problems and why your setup wants to avoid this.\nLatency Write your SQL and your applications SQL execution model with milliseconds of query execution time in mind, even for reads.\nCurrently, we have on-prem databases with a memory saturated setup, and they expose query latencies for single primary key lookups in memory of 0.15ms. This will not hold in the cloud, in virtual environments, and also not in setups that put ProxySQL in-between.\nCount the number of queries run to render a page using the available Event Instrumentation. Will the page render properly with 1-4 milliseconds of query execution time for each query?\nKeep read-replicas of your data close to the application. Crossing the boundaries between AZs will add another 4-10ms, or more, to each query. If your application is running on-premises, but your database is in the cloud, this is likely much slower than setting up local replicas and extending the replication hierarchy into the local AZ.\nUsing certain database ORMs, it can be easy to accidentally create SQL being executed in a loop. For each object accessed in a loop, the ORM secretly fires a single primary key lookup in the background to fleshen the object lazily when it is accessed for the first time. This is called machine-gunning.\nAvoid machine-gunning, primary key lookups in a loop. Consider using a SELECT ... FROM table WHERE id IN ( ... around 1000 constants ... ) clause. If this is driven by another select, consider using a JOIN.\nStatement size Objects and statements are limited to max_allowed_packet, currently 16 MB in size. Additionally, certain WHERE id IN (...) clauses begin to show degraded performance and excessive memory use for a large number of ids in MySQL 8.\nAim for around 1000 values in such clauses. Stay below 16 MB statement size. For bulk writes, keep the transaction size to a reasonable 1000 to 10000 rows per commit. Group replication will be unhappy if you don\u0026rsquo;t. Many-tables JOIN Avoid JOIN-ing more than 10 tables at once.\nIf the optimizer were to brute-force all possible JOIN combinations on an n-way table JOIN, the number of combinations would be n! (factorial of n). This becomes an unwieldy number at a value of n=10.\nThe optimizer will have to apply heuristics around a join-plan depth of 10, and do weird things, including sometimes missing obvious optimizations.\nThis is usually not a problem, but if you are using an ORM and have deep class hierarchies, you may be hitting this limit inadvertently. Be aware of your class-subclass relationships and how they are modelled, and what SQL is being generated.\nBulk updates (large deletes, inserts, updates) Very large atomic transactions are being executed on the primary, and on commit, enter the binlog. They then go downstream and execute on the replicas of that level, and so on.\nAs each replica has the same data as the primary, they will all approximately complete the statement at the same time. Your busy query will hog all replicas at the same tier at approximately the same time. You will likely lose capacity at each tier of the replication tree at once when executing such a large transaction.\nA query such as DELETE FROM sales WHERE article_id \u0026lt; 1000000 has the potential to make changes to very many rows. The update can take noticeable time, or depending on the data, even run for minutes or hours. The change can stall replicas, induce replication delay or otherwise impact production.\nIn all our supported languages packages, we have replication aware bulk update functions to handle this: They will break up such large changes into manageable chunks, and execute them while monitoring replication lag. Be sure to make good use of them, they exist for a reason.\nData types and column definitions MySQL supports a wide range of data types. They are documented in the manual . Each data type comes with a range and a storage size. It is useful to know properties of the most common types.\nWhen choosing data types, think big (\u0026ldquo;assume 10x growth\u0026rdquo;). Data types can be changed ex-post, but require an ALTER TABLE command or an online schema change to be run. This usually involves a background copy of all data of that table, and can take a lot of time for large tables.\nAdditional information about commonly needed data types can be found in your projects coding guidelines.\nThe following rules have been proven to be useful guidance in the past:\nNames Names are snake_case. Do not use uppercase table names or column names. We have done that in the past, and there are tables with upper case characters in names. Don\u0026rsquo;t. Depending on the version of MySQL and the filesystem in use, table names are case-sensitive or not, because they end up being file names on a case-sensitive file system or not. Specifically, in production, on Linux, for older versions of MySQL table names are case-sensitive, so Sales and sales are different tables. On Mac and Windows, with case-insensitive filesystems, they will be the same table. Be consistent with column names. Do not use MySQL keywords or reserved words as column names. MySQL 8 list of reserved words lists keywords, reserved words, new keywords and reserved words - none of them should be used, even if some of them technically can be used. If you must, quoting table and column names (`table_name`.`column_name`) avoids reserved word problems completely. Theoretically, using backticks it is possible to have column names and table names that contain spaces, or even emoji. Don\u0026rsquo;t even think about that, much less try it. Normalization Understand database normal forms and aim for a relaxed third normal form. Try to normalize properly until you run into weirdness. Only denormalize when you actually experience performance problems. Keys Every table must have a primary key.\nIn MySQL the primary key also defines the physical order of the data on disk: Rows with similar primary key values will usually be stored physically closer together than rows with more dissimilar primary key values. MySQL contains a large number of optimizations to exploit this and make this fast. Not having a primary key breaks group replication and row based replication. We are using these features, so primary keys are mandatory. Primary keys are short: integer (4 byte), bigint (8 byte), VARBINARY(16) (the output of UUID_TO_BIN(), 16 byte).\nMySQL uses primary keys as row addresses in all secondary keys. The longer the primary key, the more expensive the secondary key. That means INDEX(a) will actually store INDEX(a,id) (with id being the primary key) as a secondary index, and the optimizer knows that, and can use this. Primary keys determine physical data ordering. Using the default InnoDB storage engine, the data itself is organized in a B+-tree in the primary key. That is, the primary key holds the actual data rows in the leaf-nodes of the primary key. That implies the data is physically arranged in primary key order.\nThis is why mutating a primary key is so expensive. This can be exploited to keep hot rows close together and reduce the working set size of the database. InnoDB prefers hot rows to be close together, and has special-case code to make this work. This resonates nicely with auto_increment: Using this, more recently inserted rows will be more on the \u0026ldquo;right-hand side\u0026rdquo; of the table, and older rows will be more on the \u0026ldquo;left-hand\u0026rdquo; side. Often data hotness coincides with row age, so using auto_increment the database will automatically exploit this for smaller memory footprint. Primary keys are immutable. Changing a primary key physically moves the record around in the data tree that makes up a table. This is an extremely expensive operation. Never change a primary key value.\nPrimary key values are not re-usable. When deleting a record, the primary key that once identified that record can never be re-used. It may be still referenced by things outside the database, such as URLs with the id as a parameter. Re-using the primary would potentially link an external thing to a completely unrelated id value.\nTo use a UUID as a primary key, define the column as VARBINARY(16) and use the UUID_TO_BIN() function with swap flag set to true.\nUUID_TO_BIN(string_uuid, 1) : \u0026ldquo;If swap_flag is 1, the format of the return value differs: The time-low and time-high parts (the first and third groups of hexadecimal digits, respectively) are swapped. This moves the more rapidly varying part to the right and can improve indexing efficiency if the result is stored in an indexed column.\u0026rdquo; From MySQL\u0026rsquo;s point of view, AUTO_INCREMENT integer primary keys work better than UUID, but a lot of software prefers UUID. UUIDs can have advantages for high insert rates, because they can be created independently in different clients in parallel. MySQL stores data physically in primary key order, but the way UUIDs order is not advantageous to that. MySQL provides the UUID_TO_BIN(string_uuid, 1) function to fix this. Consider using it, it unlocks many performance advantages. UUID discussion , Another UUID discussion . The datatype produced by UUID_TO_BIN() is a VARBINARY(16). When using integer or bigint primary keys, consider making it unsigned.\nIt will double the key range. If your primary programming language cannot handle unsigned values, it is okay to use signed. Remember that Javascript has a 53-bit problem. In your table definition, keep the primary key to the left.\nThis is purely cosmetic, but it will make the life easier for reviewers of your code. NULL values and nullable columns Define columns as NOT NULL. If a column is nullable, the NULL value must have exactly one meaning, and it must be documented (e.g. in a COMMENT clause in the CREATE TABLE statement). More on NULL values . If you are using LEFT JOIN or access columns that can be nullable, consider the SQL functions COALESCE() , IFNULL() and the comparison operator IS NULL. NULL values do not compare normally, so wrap nullables into one of these functions. Default values avoid DEFAULT values, except for natural \u0026ldquo;zero\u0026rdquo; values appropriate for the type. for DEFAULT date and time values, see the section on date and time values. Boolean Use TINYINT to store booleans. MySQL does not have a native boolean type , so we use TINYINT. It uses one byte. Clever hacks exist to exploit nullability (CHAR(0) NULL columns) or bitfields to store data more densely. These usually backfire later in the software development lifecycle. Avoid them. Integers Always use integer and bigint. MySQL offers several integer data types smaller than the 4-byte integer and the 8-byte bigint. They have been used in the past, and usually later created an upgrade problem when the data range was exhausted in company growth. Do not use display widths with integers. Use int, not int(11). Fractional numbers and monetary values Always choose double. Never use float.\nFLOAT is a 32 bit floating point number, and the range and precision is usually too small to be useful. In the past some projects have stored pricing information as double. This comes with its own set of problems. Consider using an appropriately sized DECIMAL(16,4) variant, but be aware what the systems you depend on and the systems depending on you use. Compatibility may be better than correctness.\nFor euro-values, use a column name suffix \u0026ldquo;_eur\u0026rdquo;.\nCHAR, VARCHAR and the various TEXT types Avoid CHAR, prefer VARCHAR.\nIn very old versions of MySQL the CHAR type had certain speed advantages. None of these are true any more for modern MySQL using InnoDB. Do not use fixed width character types anymore. Consider row width, and slightly prefer VARCHAR over TEXT types.\nVARCHAR are stored inline and contribute to row width, TEXT types are stored like BLOBs and are stored in a complicated way that can have a lot of overhead. Use VARCHAR for string-like texts. Use TEXT where you actually store small \u0026lsquo;files\u0026rsquo; in the database. If you do that, see below the notes on BLOB data. They also apply here. Use the default utf8mb4 charset, it is the utf-8 you want.\nVARCHAR and the various TEXT fields have a character set associated to them. Always use utf8mb4 as the character set (it should be the default, but check). Read up on Why utf8mb4? Avoid ENUM, use lookup tables.\nMySQL offers an ENUM data type, and we have used this a lot in the past. We found that removing values from an ENUM is a very costly table change. We recommend you use a lookup table. Encoding columns for great profit explains how converting string columns with low cardinality can pay off in shrinking the data size. BLOBs and files in the database Databases are not good file systems.\nWhen reading values from disk, they pass on through the file system, the database server, are being converted into the column field data type the server uses internally, pushed again into the kernel into the network layer and then finally sent. This involves making around three copies of the data, whereas using sendfile() or splice() to send a static file from the filesystem is zero copy. Consider not using the database to store files. max_allowed_packet is an absolute limit.\nAll data MySQL handles must be smaller than the config value max_allowed_packet, even if the field size allows for more. In our systems that limit is 16 MB. There are ways around that, using string manipulation of very large strings. This eats an insane amount of memory. If you find yourself going down that route, stop and reconsider your design or life choices. In MySQL 8, handling TEXT and BLOB is less costly, but still worthwhile checking.\nIn the past, any result set that contained TEXT or BLOB types, no matter how small, forced sort operations to spill to disk, making them slow. This is no longer the case for the most recent versions of MySQL 8, but it is still useful in many cases to consider a two-step approach: Step 1: Run a query to select the primary key values you need in the order you need them. Step 2: Run a second query of the form SELECT id, blobcolumn FROM table WHERE id IN (...), with the ... containing a list of up to 1000 literal id values as constants to fetch the blob data. Using BLOB and TEXT fields larger than 1 MB can saturate the network using replication and uses a lot of disk space.\nMySQL is using row-based replication, and for each row changed will store a pre-image and post-image of the row on disk, for replication. This is kept for up to seven days, to enable lagging replicas to catch up. Each replica is then downloading this information, so for each changed 1MB field, 2 MB are copied to each instance. DATE and TIME values Be aware of MySQLs awful date and time history. The date and time types in MySQL have an awful history because of a number of very bad design decisions in the past. Most of that is cleaned up by now, but we still see legacy problems in some places because of old data or old code. What are the reasons for the bad things: MySQL allowed partial dates, \u0026lsquo;2022-01-00\u0026rsquo; for \u0026ldquo;I do not know the day\u0026rdquo;, or \u0026lsquo;2022-00-00\u0026rsquo; for \u0026ldquo;I have no idea about month and day\u0026rdquo;. They are no longer allowed (NO_ZERO_IN_DATE). MySQL allowed zero dates (\u0026lsquo;0000-00-00\u0026rsquo;), and conflated them with the NULL value. This is no longer allowed (NO_ZERO_DATES). MySQL had a magic type TIMESTAMP that in a magic position behaved magically. Specifically, the leftmost TIMESTAMP column was automatically set to NOW() when it was not explicitly set to a value, but other columns of a row were changed. This was used to implement changed_at columns. Today, you can apply this to any DATETIME or TIMESTAMP in any position, using an explicit ON UPDATE CURRENT_TIMESTAMP clause. There are lots of special rules and exceptions that document past behavior and an attempt at compatibility and migration. The manual on the state of things . MySQL DATE, TIME and DATETIME types do not deal with timezones.TIMESTAMP does. But only if the timezone tables in the mysql.* schema are initialized. The current timezone you are in is defined as a default for the server, and can be overridden as a connection property. It is likely not a good idea to do that. You can shoot yourself in the foot with timezones, DST boundaries and interval arithmetic. How that happens . Prefer DATETIME, not TIMESTAMP, unless it\u0026rsquo;s changed_at. The range of TIMESTAMP is limited and has a year 2038 problem. DATETIME, TIME and TIMESTAMP can have microsecond resolution if desired. In MySQL, DATETIME, TIME, TIMESTAMP can have fractional resolutions up to microsecond resolution. To get that, specify a precision such as DATETIME(6), TIME(6) or TIMESTAMP(6). Use minimum and maximum values as boundaries in time ranges. If you define time ranges, use field names such as valid_from and valid_until. If you are using DATETIME types for that, use 1000-01-01 00:00:00 for \u0026ldquo;minus infinity\u0026rdquo; and 9999-12-31 23:59:59 for \u0026ldquo;plus infinity\u0026rdquo;, as these are the minimum and maximum values for this type. Do not use NULL values, as they will not compare. Be aware that the SQL BETWEEN operator is a closed interval (WHERE id BETWEEN 4 and 7 will return 4, 5, 6 and 7), and you often want half-open interval (WHERE now() \u0026gt;= valid_from AND now() \u0026lt; valid_until). Avoid using BETWEEN to avoid ambiguity of the nature of the interval and assumptions on the code readers side. JSON data type MySQL 8 provides JSON functions. They are a bit clunky, but work very well. When using JSON functions, also learn about generated columns and virtual indexes. This is new functionality in MySQL 8, and that means it is less tested than other code. JSON basics , Generated columns and virtual indexes . JSON in MySQL always uses the utf8 character set. This is a bug, it should be using utf8mb4, but currently not fixed. The effect is that Emoji and other letters with 4-byte UTF-8 encodings cannot be used there. Common column types that applications use email varchar(255) character set utf8mb4 phone bigint unsigned (E.164 format) ip_address varbinary(16), because IPv6 is a thing. Check out INET6_ATON() and virtual indexes on generated columns as a convenience. SELECT ... FROM t WHERE request_ip = INET6_ATON(\u0026quot;141.255.161.178\u0026quot;) base64, blob, mediumblob, for JSON there is a special new JSON type. language char(2) for ISO-639-1 codes, named lang, language_code. country char(2) for ISO-3166 alpha-2 country codes. IBAN varchar(34) Foreign Key Constraints Avoid foreign key constraints, unless you are in a department that specifically requires you use them. MySQL allows you to define foreign key constraints. They come at a price:\nForeign key constraints can only refer to columns in the same database instance, but our schemas have more data than fits into a single schema, and often requires you work across database instances using multiple handles. Foreign key constraints are always immediate. That means they are checked at the end of each statement, not at the end of a transaction (\u0026ldquo;deferred\u0026rdquo;), forcing an order to your SQL statements inside a transaction. This is often inconvenient. Foreign key constraints with cascades (ON DELETE CASCADE, ON DELETE SET NULL and similar) are writes generated at the InnoDB engine level, not at the MySQL binlog level. They are not visible in the binlog. If you are using Change Data Capture or Online Schema Changes that based on the binlog (gh-ost), they break in the face of such FK constraints. Foreign key constraints require additional lookups and additional locks. This can lead to lock escalation and a higher deadlock rate, impacting throughput. With foreign key constraints it is possible to create undeletable and unupdatable rows. Foreign Key Constraints with ON UPDATE and ON DELETE clauses can cause spooky action at a distance, and can also cause large bulk deletes and updates that will break replication. Foreign Key Constraints break all tooling we have for Online Schema Change and for automated database splits. Table changes become extremely toil for everyone involved. Foreign Key Constraints break Group Replication, which we depend on. Because of that we recommend you do not use foreign key constraints. They usually provide a lot of toil and little benefit. Exceptions exist. Check your departments engineering guides. What are Foreign Keys, and Foreign Key Constraints , Foreign Key Constraints and Locking .\nTransactions Keep transaction runtime short. Long-running transactions will build a large Undo log and slow down the database for everyone. A transaction taking fractions of a second is fast, a transaction being kept open for minutes or even hours is not. The effect of long-running transactions on performance . Keep transaction size in the range of 1000 to 10000 rows for batch loading. Larger transactions are incompatible with group replication, and also will not provide speedup. Smaller transactions cause excessive sync to disk, and are not fast. Commit size and write speed . Use the default transaction isolation level REPEATABLE READ. There were use-cases for READ COMMITTED in the past, but with SELECT ... SKIP LOCKED in MySQL 8 and row based replication, most of these are gone. What are isolation levels? , Proper counters with locking . To start a transaction, MySQL offers several semi-equivalent syntax variants: BEGIN, BEGIN WORK and START TRANSACTION READ WRITE. Check what your ORM is using. Only START TRANSACTION READ WRITE should be used. It is the only syntax that signals write-intent or read-intent (START TRANSACTION READ ONLY) in the opening statement, and hence the only statement that load balances properly in ProxySQL.\nProxySQL will have to assume write-intent in all cases if BEGIN or BEGIN WORK are being used. This will run even read-only transactions on the primary, and scale badly, unless two application database handles are being used.\nIdempotent Queries Databases have transactions. It is not strictly necessary to formulate queries as replayable (idempotent). Things that are being wrapped in a transaction will all either execute together or not at all, and once the commit returns successfully the data is guaranteed to be persisted.\nThat said, it is useful to use replayable forms of write-queries because they are more resilient and make certain recovery operations easier.\nRead-Modify-Write, Counters and SELECT ... FOR UPDATE A common scenario in transactional databases is making a change to an existing record, for example updating a description, incrementing a counter or changing the state of a work item in a state machine.\nYou can think of that as \u0026ldquo;taking a value temporarily out of the table\u0026rdquo; (like lending a book from a library) by locking it, making the change in the application, and then putting it back by running the actual update.\nThe correct way to do this is to\nstart a transaction using START TRANSACTION READ WRITE read the value to be modified by using SELECT ... FOR UPDATE, in order to not only select the row in question, but also pre-lock it the way a later write would. SELECT ... FOR UPDATE is a read statement, but applies X-locks like an UPDATE. This is \u0026ldquo;taking the value temporarily out of the table\u0026rdquo;. You can now make changes to the record in application memory. Then run UPDATE ... SET ... to write the change back. On COMMIT the change will be persisted and the lock will be dropped. This is called a read-modify-write (RMW) transaction, and is the correct way to achieve such multi-statement changes atomically. You need to find out how your ORM creates RMW transactions.\nSome notes:\nThis is discussed at length in MySQL Transactions (Read-Modify-Write) . Make sure START TRANSACTION syntax is being used, not BEGIN syntax. COMMIT can fail, you must check success and be prepared to re-run the entire transaction. A transaction must not extend across a user interaction. You must not SELECT ... FOR UPDATE and then wait for user input. A transaction must be finished in fractions of a second. Optimistic locking To ensure record identity across user interaction, optimistic locking is commonly used. The problem to solve is: We load a record into the application memory and then let the user perform changes. We need to write the changes back, but the record may have been simultaneously changed by a second connection.\nWe cannot take an X-lock on the record and keep record ownership for a long time across a user interaction, because that will destroy performance in many ways (Imagine a user opening the edit screen and then going on vacation or even just a lunch break).\nThere are two common ways to solve this, which are collectively called \u0026ldquo;optimistic locking\u0026rdquo;:\nYou write back the change in an update where you guard the UPDATE with the full set of old column values in the update: UPDATE t SET col1=new_value1, col2=new_value2, ... WHERE col1=old_value1, col2=old_value2, .... The update will fail and not change any row, if any old value has changed since we loaded the original row into the editor presented to the user. It is then possible to present the change to the user and let them resolve the conflict. Similarly, we can have version numbers in each row, and guard the update with the version number. UPDATE t SET col1=changed_value, version=old_version+1 WHERE id=pk_value AND version=old_version. The update can happen on the combination of id and version, and will fail if the version changed while we were waiting for user input. It is important for the version number to be not part of the primary key, because otherwise we get versioned entries in our data table. This is usually not a desirable trait in transactional systems (see Tombstones elsewhere). Job Queues (and SKIP LOCKED) MySQL is not actually a queueing system. Talk to Kafka about queues and do not use MySQL as one. Using MySQL as a queue will deliver \u0026ldquo;exactly once delivery\u0026rdquo; of jobs, at the cost of at least one disk write per enqueue and dequeue, which translates into fantastic monetary values in a cloud environment by the way of very high IOPS values.\nMySQL has been used as a queue in some scenarios on bare metal , because it is so obvious and convenient. Looking at the cloud, avoid that and use a proper queue service for your problem.\nIf you must use MySQL as a queue, at least do it right , and lock properly using SKIP LOCKED.\nFor writing to MySQL and Kafka, consider the Outbox pattern (Outbox pattern ) and talk to the Kafka team.\nSorting Database servers are often more expensive and centralized machines compared to their clients, and harder to scale. We have found that is it useful to sort in the client where it makes sense instead of using ORDER BY.\nSubqueries Prefer JOIN over subqueries. MySQL 8 is better at optimizing subqueries than older versions of MySQL, but it is usually still safer to write a JOIN than to use the equivalent subquery syntax. If you come from Red Oracle, you have learned things to be the other way around and need to adjust. This is especially true for subqueries with negations (WHERE NOT EXIST) to find missing values. Use a LEFT JOIN with IS NULL on a right-hand side value to achieve the same result much faster. Tombstones (is_deleted flags) Avoid Tombstones. Tombstones are a per-row flag that marks a row as deleted. All queries to the table need their WHERE-clause to be amended by a AND is_deleted = 0 term or similar to find only non-deleted rows. Tombstones are usually not a good idea. The old data will increase the size of the active transactional table. This will increase the working set of the database, and require a larger instance. The tombstone flag needs to be indexed, or even become part of the primary key, in order to eliminate dead rows quickly. The MTTR of the system after failure is higher because the database is larger, being bloated with dead data. Actually physically deleting the tombstone data is a cumbersome process when done in large batches. It is usually preferable to build transactional systems that are small and contain only life data in transactional tables. Log data with temporary structure should at least go to other tables with log nature, or even to different machines that are handling the archival log and are not part of the critical, transactional production scope. You can write records to the transactional table. When they retire, instead of deleting, move them to a log table. You can double write records on creation to the transactional table and the log table, then mirror the entire lifecycle on both tables. Typical scenarios where Tombstones are deadly: A queue-like structure in a table (\u0026ldquo;Picklists\u0026rdquo;, \u0026ldquo;Producer/Consumer Scenarios\u0026rdquo;, \u0026ldquo;State machines in a table\u0026rdquo;) It is sometimes okay to keep old inventory records around in a lookup table if there is a chance that items elsewhere still refer to the deactivated inventory. In general, it is often useful in transactional systems to keep the working set aggressively small, and then keep non-critical data in other tables in the same system, or even in dedicated non-transactional systems. How little data do I need in order to be able to take their money successfully? Partitions Partitions are a way to split a large table internally into a number of small tables, while still presenting the interface of a single table to the user. They may be useful for tables \u0026gt; 30 GB in size, a quarter of an instance\u0026rsquo;s memory size.\nPartitioning always works on the primary key, or the prefix of a compound (multi-column) primary key. Internally, MySQL uses (a part of) the primary key to decide into which internal table (partition) to put the row. The optimizer may use this to reduce the number of partitions to search when running queries.\nAlso, instead of deleting many rows individually, it may be possible to speed up some deletions by running an ALTER TABLE ... DROP PARTITION ... to quickly remove data. On the other hand, running DDL queries in the normal application workflow likely is going to need a compliance exception.\nPartitions can work on a RANGE or LIST of column values, or on a hash function (KEY uses a system-supplied hash, HASH uses a user-supplied function). RANGE and LIST can speed up queries by enabling the optimizer to eliminate partitions before access. HASH and KEY \u0026ldquo;spray\u0026rdquo; data across many partitions, and can make insertion faster and more even.\nTalk to a DBA about planning proper partitioning, taking your workload and access pattern into account.\nUsing MySQL in a replication environment Our MySQL is always in a treelike replication structure to place read copies of the data close to the application. This provides low latency data access. Writes always go to the root of the replication tree, the current primary. Your application has access to segregated read and write handles for database access. Make sure you are using the proper handle. Replication speed is mostly a function of workload. DBAs can keep replication running, but they cannot really make a server replicate faster. Use replication-aware bulk functions. Your database access library has functions to prevent overloading a replication hierarchy. Use them, and when they don\u0026rsquo;t work - \u0026ldquo;don’t get creative, get help.\u0026rdquo; DBAs can indeed speed up replication by changing the server configuration to a mode where disk writes are not properly persisted. By writing to disk less the server can replicate faster, at the cost of losing data should there be a fail-over situation while this configuration is active. This is known as \u0026ldquo;YOLO\u0026rdquo;-Mode. Our MySQL topology is managed by a program called Orchestrator . Orchestrator takes care of Primaries and Intermediate Servers failing, rearranging the surviving members into a valid replication tree. It also informs our server discovery mechanisms of the change. This means: Your application cannot rely on write- and read-handles pointing to static machines, when DNS is used. You must re-resolve hostnames immediately before reconnecting. You must make sure that your code does not internally cache DNS query results (Java!). Debugging performance problems High CPU? MySQL typically does not use much CPU. Servers with high CPU usage are having one of three problems:\nQueries not using indexes, scanning a table completely, in memory. Identify the query not using indexes and fix the schema or the query (see below). Excessive sorting in the server. If possible, access the data in index order, or do the sorting in the client where it scales better. Code in the database is being run (i.e. somebody has been using stored procedures, stored functions or similar) Destroy the codebase and start over from scratch. Finding problematic queries using Vividcortex On many replication hierarchies we have probes running that log query data into \u0026ldquo;Solarwinds DPM\u0026rdquo; (previously known as VividCortex). If you do not have access or your replication hierarchy has no probes, contact DBA.\nFinding problematic queries using sys.* All database servers by default have installed a series of views in sys.*. These read data from performance_schema.* (P_S for short), which is partially enabled on all machines.\nP_S is documented in https://dev.mysql.com/doc/refman/8.0/en/performance-schema.html . It is optimized for logging performance data without impacting performance much. It is not optimized for access by humans.\nThe sys.* (sys for short) is fixing that, presenting a number of useful views on P_S, for human consumption and reporting. sys is documented in https://dev.mysql.com/doc/refman/8.0/en/sys-schema.html .\nAll views in sys exist in two variants: the regular variant for humans (sys.host_summary_by_file_io) and the x$ variant presenting unabridged data at full resolution for reporting (sys.x$host_summary_by_file_io). Numbers in the regular variant are shortened and suffixed with units (\u0026ldquo;15m\u0026rdquo;, \u0026ldquo;100k\u0026rdquo;) or transformed into human time scales (runtime 01:02:03). Numbers in x$ views are presented raw. It is useful to work interactively with the regular variants and the run the final report on the x$ variant for full data.\nNote that meaningful performance data can be gathered only on production instances, but you can craft performance insight queries on test instances easily. You will then need to run these on production instances to actually get production performance data.\nMissing indexes The most common cause for slow query execution is \u0026ldquo;missing indexes\u0026rdquo;. Once you have identified queries with slow execution time using Solarwinds DPM or sys, run the explain command on them to see their execution plan. Refer to Explaining EXPLAIN: Queries and what happens when you execute them (version without presenter nodes ) to better understand what goes on.\nMost commonly, one of these things needs fixing:\nadd missing indexes formulate a query with dependent subqueries to use some kind of join formulate a query with multiple range clauses in a way that resolves in multiple steps DBA can help you with this problem.\nMismatching types A longstanding problem in MySQL was a type mismatch in a join. If you have a query with a a JOIN b ON a.col1 = b.col1, and the instances of col1 in the two tables have incompatible (different, and not coercible) types, an index cannot be used to resolve the query, even if it exists. That is, if col1 is a varchar in a, but an int in b, the join will be slow.\nThe problem can also often be provoked in a WHERE clause such as WHERE a.col1 = \u0026quot;value\u0026quot;, with a.col1 being integer, and \u0026quot;value\u0026quot; written as a string literal due to the quotes. Again, an index, even if it exists, won\u0026rsquo;t be used.\nBad Paging (based on an idea from Yves Orton)\nThe query SELECT id FROM Whatever LIMIT 10360000,10000 is an example of paging, where a user or a script want to read a large, full result set in chunks of 10k.\nThis is not an efficient practice, as the database has to execute the same query over and over. It may be able to apply some mild optimizations for low limit values (at the start of the paging), but eventually it will have to reproduce large parts of the full table, handing out fragments of 10k rows. On top of that, MySQL represents result sets internally in a linked list, so LIMIT clauses with large offset values are very inefficient.\nWe could instead fetch one row more, while reading in table native order. This will get of the offset part in the LIMIT clause. It will not have to physically sort, as the table is read in native primary key order. And it will only access actual 10k fragments of the table.\nselect id from Whatever order by id limit 10001 We output 10k values, and take the final value as a new starting point lastid:\nselect id from Whatever where id \u0026gt;= :lastid order by id limit 10001 and so on.\nSpecific Host languages Python As a developer using Python, I want to be able to hand a list to SQL with a WHERE id IN (…) clause, and it should do the right thing. This can be done by using a prepared statement like SELECT .... WHERE `foo` IN %s ... and passing in a list or a tuple for the placeholder variable.\nFull discussion in Python: WHERE \u0026hellip; IN (\u0026hellip;) Important caveats:\nThere are no () in the prepared statement after the IN Only list and tuple will work, no other iterables As a developer using Python, I want to be able to trace the SQL.\nFull discussion in Python: Debug SQL Support Host, Version, User The DBA will have a much easier time in helping you, if you have the output of the following query ready when you ask them about your SQL performance problem.\nSELECT @@hostname, @@version, user(); This will tell them the actual instance hostname, the precise version string of the database and the username (and by inference, the permissions) you are using to connect.\n","date":"2022-04-15T00:00:00Z","href":"https://blog.koehntopp.info/2022/04/15/sql-engineering-guidelines.html","tags":["database","mysql","mysqldev","lang_en"],"title":"SQL Engineering Guidelines"},{"categories":null,"content":"MySQL uses replication to do an ongoing life restore of a primary server to any number of replicas. How replication came to be I have discussed previously in another article .\nModern replication uses row based replication, with a minimal row image and compression. What is that?\nDecoding the Binlog When using Row Based Replication, the Row Change event is represented using the BINLOG statement in the output of the mysqlbinlog command. It has a single string parameter, the base64 encoded pre- and post-change row images.\nAdding the -v option multiple times will decode that: mysqlbinlog -vvv. It shows a pseudo SQL statement affecting a single row.\n# at 1140 #220404 16:34:41 server id 187076016 end_log_pos 1140 CRC32 0x0112f9b6 Table_map: `kris`.`testtable` mapped to number 92 # at 1140 #220404 16:34:41 server id 187076016 end_log_pos 1140 CRC32 0xe3714794 Delete_rows: table id 92 flags: STMT_END_F BINLOG \u0026#39; AQJLYhOwjSYLWwAAAAAAAAAAAFwAAAAAAAEAEHBheW1lbnRjb21wb25lbnQAFHBheW1lbnRfc2Vz c2lvbl9kYXRhAAUI9Q8P9QYEFgCHAAQeAQEAAgEItvkSAQ== AQJLYiCwjSYLLAAAAAAAAAAAAFwAAAAAAAEAAgAFAQDcTtUTAAAAAJRHceM= \u0026#39;/*!*/; ### DELETE FROM `kris`.`testtable` ### WHERE ### @1=332746460 /* LONGINT meta=0 nullable=0 is_null=0 */ This example from an RBR binlog shows the replication context. Note the table map, which translates a table name into an internal table_id, followed by the binlog checksum and log positions. Below that, the actual row change is decoded into a BINLOG statement, and the pseudo SQL it translates to.\nThe MySQL primary and its replicas have identical metadata. While some metadata is part of replication, such as column numbers and data types, other metadata is not part of replication, for example, the column names.\nNote that even with binlog_format=row configured, some statements are still being replicated as statements \u0026ndash; notably, all statements that do not change rows are replicated as statements. That is for example all DDL: you will see CREATE, DROP and ALTER statements.\nHow much row is in an RBR binlog? Originally, the rows in an RBR binlog were full images of the row, once before the change and once after the change. This can be a lot of data in a table that has TEXT, BLOB or JSON columns.\nThe pathological case is a table with a primary key, a counter and a large TEXT column, incrementing the counter. In this case, the TEXT is replicated twice per changed row, unchanged, for an increment of a 4 byte counter.\nThis was relatively quickly fixed by introducing the NOBLOB and MINIMAL row image formats. NOBLOB contains all columns before and after the change, except for BLOB and TEXT columns, unless they changed. MINIMAL logs only the primary key in the pre-image and contains only changed columns in the post-image.\nThis saves a lot of disk space, while still maintaining all information necessary to safely update a replica.\nSurprisingly, this is already quite efficient: For our workloads at work, RBR already creates smaller binlogs than SBR, even with FULL format (around 1/2 to 1/3 the size of SBR binlogs). MINIMAL can bring these numbers down even further.\nIf RBR is so efficient, why compression? Yet, for a large number of replication hierarchies, binlog storage is expensive and often a limiting factor given the fixed size of the disks we use.\nWe want to store several days of binlog, in order to be able to roll forward from restored backups. But because some replication hierarchies see a lot of churn, we get many row changes due to all these write operations. We should expect that: Online Transaction Processing has a singular purpose in life \u0026ndash; to transact.\nUsing compression, we use less disk space to store transaction, so we can store more of them in the same amount of disk space. MySQL compressed binlog events using zstd compression. Compressed binlog events encapsulate a regular binlog event each, so compression is per-event.\nPer-event compression is slightly less efficient than per-file, but has the advantage of easy implementation: After applying decompression to a compressed binlog event, a normal binlog event emerges, as before the change.\nThat makes it easy for all binlog consumers to update to the new format with minimal changes: Basically you need to add zstd as a dependency, and if you see a compressed event, decompress it and handle it as before.\nCDC versus replication The binlog is a MySQL internal data structure. It exists to facilitate replication between instances of MySQL. It is useful for other things, but as the binlog evolves, these other things have to track the changes.\nFor example, a lot of work is currently being done on CDC with various tools. The objective is mainly \u0026ldquo;Use replication as a channel to extract database changes in a defined format, and put them on a Kafka bus. These change events will then be used to re-create a database image in other formats, for example in Hadoop or elsewhere.\u0026rdquo;\nSo, to formulate it somewhat pointedly, at the purely operational level we are busy reinventing replication in JSON or Avro on Kafka. To save face: At the data modelling level things are a bit more involved.\nUnfortunately, this poses several challenges on the source databases:\nInitial data load does not consume a backup in one of our backup formats, but requires a life database instance, as the data load happens by queries instead of parsing data files. As the data load needs to be consistent, mapping to exactly one binlog position, it holds a consistent read view for a long time. Holding a consistent read view for a long time slows down MySQL a lot, so this instance becomes unusable for everybody but the data loader. Some data loads use multiple instances for speed. The CDC log parsers ask for full binlogs for simpler parsing. MySQLs own replication demonstrates that a minimal binlog is sufficient for replication, so it must be sufficient for CDC as well \u0026ndash; but that requires access to the full previous image of the row to fill in the missing data. As CDC does not have access to the full previous row image, it requests full format. Fixing that is considerable scope creep: instead of reinventing replication you are now reinventing the database. The CDC log parsers ask for uncompressed binlogs. That\u0026rsquo;s fixable relatively easily by learning to parse and use zstd, and doable. Foreign Key Constraints and CDC In MySQL, foreign key constraints are not implemented at the MySQL level, they are implemented at the engine level, for example in InnoDB. Sometimes, FK constraints generate writes, for example when ON DELETE CASCADE or ON DELETE SET NULL clauses are being used. Because these writes are not coming from the MySQL level, they will never show up in the binlog.\nMySQL\u0026rsquo;s foreign key constraints are fundamentally incompatible with CDC, and must never be used in hierarchies that use CDC.\nTransactionality and CDC MySQL writes a binlog record only on commit. As long as the transaction does not commit successfully, nothing is visible to replicas, and neither to CDC.\nThe data written to the binlog are all the row changes affected by a set of statements in a transaction. It is not geared to business level events of the kind we want to see on our Kafka, but logs table level changes to the SQL schema.\nOutboxes - why and how? The data written to the binlog will reflect changes to the table structure, as the schema evolves based on the needs of the team owning that schema. Since the CDC stream sees the same changes, the data format in there will also change, and break downstream consumers.\nOne might entertain the idea of not reading data from MySQL binlogs, but implementing CDC at the application level. This has a few advantages:\nMySQL binlog format may evolve and change, as MySQL evolves and changes. For example, a hierarchy may convert to group replication (many do), compression is being introduced, compliance may require encryption or other changes. We may not want this tight coupling, but be able to upgrade and change individual instances at will. The schema may evolve depending on the needs of the schema owner, which affects the format of events in the binlog, breaking downstream CDC consumers. We may not want this tight coupling, but be able to evolve applications and their schema at will. But emitting CDC events at the application level introduces great complexity: We must make sure that only events that are actually committed are visible on the bus, and that conversely no events are lost.\nThe default workaround at this point in time is the outbox: Applications perform their changes to the data as they wish, and in the same transaction also write to a table in a fixed format, the outbox.\nCDC reads the complete binlog, discards all writes except writes to the outbox, and uses the outbox changes to create a message on the bus.\nThis guarantees a fixed data format, as the format of the outbox table is fixed, while allowing the data owner to change all other tables at will.\nIt guarantees transactionality as well: as the writes to the private tables and to the outbox happen in a single transaction, they will always succeed or fail together.\nAnd it is relatively simple to implement.\nNot using Outboxes and not using binlog But Outboxes are still dependent on reading the MySQL binlog format. Every time that changes, CDC breaks. Or if it needs to change, the change needs to be coordinated between the data owners of a schema and all their consumers and dependencies.\nThe alternative, emitting a CDC event and performing a change to the database, can only work with some kind of commit tracking in the database.\nThis exists, but is a relatively new and untested feature in MySQL: Server Tracking of Client Session State . Not all client libraries have full support for session state tracking, yet.\nSession State Tracking allows a client to MySQL to know what the server is currently doing: for each piece of Connection Scoped State a tracker exists, so the client has access to the session state on a controlled way, and is notified if any state on the server changes.\nFor the purposes of CDC, the GTID tracker informs the client if a commit to the server succeeded and a global transaction id was assigned. The client gets a chance to correlate bus events with database transactions, and make sure both match.\nWhile being a much more complicated approach, it has the chance of breaking the dependency of being able to read MySQL binlogs. It is still a work in progress, though.\n","date":"2022-04-05T00:00:00Z","href":"https://blog.koehntopp.info/2022/04/05/change-data-capture-and-the-binlog.html","tags":["database","mysql","lang_en"],"title":"Change Data Capture and the Binlog"},{"categories":null,"content":"On Twitter, Samuel Nitsche asked:\nAre there \u0026ldquo;IT history nerds\u0026rdquo; on this app? Like people who have the skills/knowledge to tell how some trends/evolutions in IT appeared? I\u0026rsquo;d love to connect!\nAsking about what he wanted to know specifically he said, he\u0026rsquo;s interested in the reasons why DevOps and Agile take up in DBA circles is so slow and low. That forced me to brain dump stuff that has been active in the back of my mind for quite some time now, but which I never collected properly.\nThis is not yet a proper talk, but some kind of collection of material I wrote and some connecting thoughts.\nWhat is \u0026ldquo;DevOps\u0026rdquo;? I had a talk on the German UNIX Users Group Spring Talks titled \u0026ldquo;Go Away, or I Will Replace You With a Very Little Shell Script\u0026rdquo; (\u0026ldquo;There is no such thing as a DevOps Team\u0026rdquo;). The slides are on Slideshare , and I also have a Blog article . The talk basically explains what happened in the 10 years after the Dotcom Boom, and how the adoption of \u0026ldquo;scale-out\u0026rdquo; instead of \u0026ldquo;scale-up\u0026rdquo; created the need for Sysadmins to pick up Developer tooling and some developer methods in order to deal with machinery in numbers.\nWhile the tooling largely aligned, the outlook on life did not \u0026ndash; developers are looking at new features, basically new best cases. But operations people still are judged by resiliency, and how they are handling failures, so by new worst cases. The gap in mindset between Developers and Operations is hard to bridge, but it can be done with a little trickery. In any case, the traditional Sysadmin job died out.\nSome people ask about the distinction between \u0026ldquo;DevOps vs. SRE\u0026rdquo;, and there is very little. To some, \u0026ldquo;SRE\u0026rdquo; is the Google employer branding for the \u0026ldquo;DevOps\u0026rdquo; profile. Others make a vague distinction which riffs on the fact that \u0026ldquo;SRE\u0026rdquo; are people that care about worst cases, resiliency and fighting operational toil, and which also care about observability. In my experience that is too subtle a distinction to hold up in a hiring interview, much less in day to day operations.\nDevOps and Databases In regard to databases, this development did not happen at the same speed. There is a number of reasons for it:\nThere are usually very few databases compared to frontends, so the need to automate databases is much less pressing for most companies, with very few exceptions (Booking.com, Facebook and a few others). Only when you have thousands of databases, or when you limit database instance lifetime for whatever reasons you need to properly automate databases. Databases are very stateful systems. In fact, dealing with state, with transactions and with persistence is their only purpose in life. These things make proper database automation hard, and make most existing DevOps tooling unsuitable for the task. So you\u0026rsquo;d have to be very specific about tool choice, or invent tooling from scratch. Also, existing DBaaS developments are outdated and way behind the time (AWS RDS, I am looking at you!). State everywhere The most obvious exposure to state that developers have when dealing with databases is when seeing and handling database connections. These are not https/TLS connections, and cannot be sent through regular https proxies such as Envoy. Why is that?\nDatabases have a lot of connection scoped state . The most glaring example of state in a database connection is the transaction: If you are in the middle of a transaction and lose the connection to the database, the open transaction is being rolled back.\nDevelopers need to catch this problem, and go back to the beginning of the transaction, restarting it from the beginning. So reconnecting to the database transparently and hiding the disconnect/reconnnect from the application is almost impossible. Developers are hating the database for this, or ignore the problem, producing incorrect code.\nDevelopers want a pony, and failing that, at least a queue with exactly-once semantics .\nThey can have that, up to a point, but at a terrible cost of one transaction per state change. It is a legal wish to have, if you can afford the cost, because it makes development easier and a lot more boring. But you need to track this as an absolute scaling limit, and be prepared to handle this as a tech debt item later on, in time.\nYou can, as a company, get away with \u0026ldquo;boring technology \u0026rdquo; for a very long time. That is good, because it simplifies developer life and allows them to move forward without much technical complexity to take into account. Eventually you run out of runway, though, and need to take this on. That\u0026rsquo;s usually a painful breakpoint in the company\u0026rsquo;s growth journey. It also makes it very hard to find database SRE people .\nAutomating databases is hard, because of internode dependencies Scaling out databases and automating their operation is a hard task.\nNot only are connections stateful, but things like SQL databases, consensus systems (such as Zk, etcd, Consul), and things that have consensus systems inside, are clusters. They cannot be handled by tooling that thinks of a deployment as a set of independent boxes without constraints between them.\nSo when you look at puppet, chef, terraform, \u0026ldquo;harness.io\u0026rdquo; or other things, they have no concept of a cluster, of a quorum, or of a replication hierarchy. The point being: making changes to such a cluster creates an order to the updates, as they are applied. Also, checkpoints are needed for the change to proceed, to make sure quorum is kept at all times.\nFor example, in a replication tree, updates need to be made to the leaf nodes, then their parents and so on, to make sure that a replica is always newer than its primary.\nAnd updates to clusters with quorums can only be made while maintaining quorum. So after each application of a change to a cluster node, the update orchestrator needs to check if the node it just worked on came back properly. Only then it may proceed with the next node. None of the tools mentioned above have any concept of such constraints, they are simply unfit to deal with databases that are not a SPOF.\nAnsible can dig itself out of that hole by the sequential and slow nature of its processing and delegation, but is still unaware of the actual topology of constraints. Only salt and k8s have concepts that can handle clusters or where you can implement what k8s calls an Operator.\nAutomating database is slow, because data has weight Working with databases is always slow, because data has weight . At 400 MB/s, copying 1 TB takes 45 minutes, and replication catchup and cache warmup take another 15 minutes, so we can calculate and communicate \u0026ldquo;1 hour per 1 TB of data size\u0026rdquo;. Of course \u0026ldquo;reactive autoscaling\u0026rdquo; is never a thing for persistence systems. All changes always need to be planned, and then take time.\nAutomating databases is possible, but usually not done When you have automated databases to a point where\ninstances are made automatically, instances enter their replication hierarchies automatically, replication capacity and catchup speed is monitored and sized automatically, schema changes are handled automatically using Online Schema Change tooling, backups with restore tests are done automatically, primary key exhaustion is monitored, all instances are being remade cyclically within 60 days, instance discovery by applications is handled properly, secret managent including account and password rotation is automated so that you can upgrade database versions automatically within 60 days or less across a fleet of thousands of database instances, then you are finished.\nBut that requires a unique approach to automation that is not available widely, even in 2022. It is certainly not available in AWS RDS, which thinks about singular instances at the level of \u0026ldquo;create an instance and apply a configuration\u0026rdquo;, with basic passive replication management tacked on as an afterthought (and expensive resiliency with DRBD). It is ten years old technology, and that shows.\nObservability is lacking Also, Devops usually requires good observability: Stack upwards, in the general direction of the developer, and stack downwards, into the general direction of the hardware. MySQL for example, has pretty good aggregate monitoring \u0026ndash; the Telegraf MySQL collector is splendid and rather complete for a general MySQL collector.\nBut the data collection for a singular query is underdeveloped, and gathering the data is slow and painful. If you try to collect data about a single SQL query that just ran, it takes 10-12 followup queries to P_S to extract data about what this particular query did. And you still did not have the execution plan, or the number of actual pages read for this single query.\nConversely, while blktrace collects all kinds of data about the I/O a system sees, the open source tools to visualize this are underdeveloped. It took a commercial company and a commercial tool (Oakgate Workload Intelligence Analytics ) to provide tools to parse blktrace and paint useful images from it.\nStateful is different, and the gap is far from closing Of course, the YOLO stateless lets-quickly-make-another-instance mindset of DevOps cannot survive in Database Land. Nobody in the DevOps crowd understands these things, and that in stateful systems errors and mistakes are not reversible. Mistakes are persistent: data that is gone, is gone forever. And new instances take an hour per TB.\nNothing in the current DevOps propaganda takes any of this into account, hence Samuel\u0026rsquo;s observation is correct.\nOn the other side, there is little movement in DBA land. There is a very complacent DBA crowd, and there are extremely complacent companies. Oracle for example never ran their own products at scale, at least MySQL as a company, and later as a division in Oracle, never did it at scale until recently.\nSo MySQL always had a bunch of wrong defaults, broken upgrade paths, insecure workflows and so on \u0026ndash; until Oracle Cloud was a thing. Suddenly Oracle, at least Blue Oracle, had to actually run operations for their own stuff. And that was good: the last 2 years have done more for MySQL Operational Simplicity than all the 20 years before.\nOn the DBA side: most DBA departments positioned themselves as \u0026ldquo;guardians of the data\u0026rdquo; and as choke points, like old sysadmins did before DevOps. They also did not automate database operations properly (\u0026ldquo;as a service\u0026rdquo;). So there are few mature operational concepts for databases in the field, and even fewer codebases implementing them. Mostly, I believe because there was never sufficient pressure.\nThere is also not a lot of tooling for developers. If you look at MySQL blogs, for example the collection at Planet MySQL , you will find that they often write about the database from an operational point of view (\u0026ldquo;How to configure mysql\u0026rdquo;, \u0026ldquo;How to make a backup\u0026rdquo;).\nOnly rarely, they write from a developer point of view (\u0026ldquo;How can I see my query performance through the ORM\u0026rdquo;, \u0026ldquo;What is the right way to notice a rollback, and restart a transaction in my host language\u0026rdquo;, \u0026ldquo;What is an efficient way to handle RMW-cycles in my host language\u0026rdquo;).\nThere is a big divide between Developers as users of a database, DBAs, and vendors/bloggers/community advocates. With this being the case, and not being acknowledged, there is little chance for development. Pickup of new strategies, discussion about gaps in tooling and social innovation is slow in such an environment.\n","date":"2022-04-04T00:00:00Z","href":"https://blog.koehntopp.info/2022/04/04/devops-meets-databases.html","tags":["database","mysql","lang_en"],"title":"DevOps meets Databases"},{"categories":null,"content":"When using MySQL with Python, you may want to use the mysqlclient library, which is what most people do and which will work just fine. Or you are using the official MySQL 8 Connector/Python package, which will behave slightly differently, but maybe supports the unique MySQL 8 feature already that is not in mysqlclient, yet.\nYour SQL may be hand-writtten, or it may be generated using SQL Alchemy, Django or some other package. If the latter is the case, it may be useful to be able to see the actual SQL string that has been sent to the database in order to facilitate interactive debugging.\nUsing mysqlclient If you are using mysqlclient with Python, the class internally sends the SQL to the server in a method _query(self, q) in the Cursor class (source ).\nThe _query(self, q) method itself updates an _executed member of the cursor to store the literal query string sent to the server. But it does so only after having sent the query. On error, an exception is raised and _executed is not updated (source ).\nTo always get access to the actual query string, define a class DebugCursor, and specify it with your connection **kwargs. In DebugCursor, do the needful.\n#! /usr/bin/env python3 import MySQLdb import MySQLdb.cursors class DebugCursor(MySQLdb.cursors.DictCursor): def _query(self, q): print(f\u0026#34;Debug: {q}\u0026#34;) super()._query(q) db_config = dict( host=\u0026#34;localhost\u0026#34;, user=\u0026#34;kris\u0026#34;, passwd=\u0026#34;secret\u0026#34;, db=\u0026#34;kris\u0026#34;, cursorclass=DebugCursor, # referenced class must be defined before ) db = MySQLdb.connect(**db_config) c = db.cursor(() sql = \u0026#34;select d from testtable where id = 3\u0026#34; c.execute(sql) print(c.fetchall()) In our class DebugCursor, we inherit from our cursor of choice. We override _query(self, q), printing the query string q, and then calling the parent class implementation.\nThe output:\n$ python3 probe.py Debug: b\u0026#39;select d from testtable where id = 3\u0026#39; ({\u0026#39;d\u0026#39;: \u0026#39;drei\u0026#39;},) We can use this to trace-log all literal SQL before it is being executed, even if the query string is invalid or contains syntax errors.\nUsing MySQL Connector/Python If you are using Oracle MySQL Connnector/Python to connect to the database, the implementation can internally use Cython or a Pure Python implementation of the protocol.\nBoth implementations behave slightly differently, unfortunately. Only the Pure Python implementation can be debugged easily in all circumstances. It is therefore important that you specify use_pure=True with your connection **kwargs.\nThe raw SQL statement will be found in the cursor\u0026rsquo;s _executed member. If you are using multi-statements (don\u0026rsquo;t!), they will be logged in the _executed_list.\nWe write:\nimport mysql.connector import mysql.connector.errors db_config = dict( host=\u0026#34;127.0.0.1\u0026#34;, user=\u0026#34;kris\u0026#34;, passwd=\u0026#34;geheim\u0026#34;, db=\u0026#34;kris\u0026#34;, use_pure=True, ) db = mysql.connector.connect(**db_config) c = db.cursor() print(\u0026#34;=== Valid SQL: \u0026#34;) sql = \u0026#34;select d from testtable where id = 3\u0026#34; c.execute(sql) print(f\u0026#34;Debug: {c._executed}\u0026#34;) print(c.fetchall()) print() print(\u0026#34;=== Invalid SQL: \u0026#34;) sql = \u0026#34;syntaxerror d from testtable where id = 3\u0026#34; try: c.execute(sql) except mysql.connector.errors.ProgrammingError as e: print(f\u0026#34;Debug: {c._executed}\u0026#34;) print(f\u0026#34;Error: {e}\u0026#34;) The output looks like this:\n$ python3 probe.py === Valid SQL: Debug: b\u0026#39;select d from testtable where id = 3\u0026#39; [(\u0026#39;drei\u0026#39;,)] === Invalid SQL: Debug: b\u0026#39;syntaxerror d from testtable where id = 3\u0026#39; Error: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \u0026#39;syntaxerror d from testtable where id = 3\u0026#39; at line 1 Again, we can use this to trace raw SQL and identify actual generated SQL syntax much easier. This will allow us to pick up the literal SQL string, and debug interactively.\nThe same program, when run without use_pure=True, will not update c._executed properly if the SQL is malformed. It will produce the following output, which is worthless for debugging:\n$ python3 probe.py === Valid SQL: Debug: b\u0026#39;select d from testtable where id = 3\u0026#39; [(\u0026#39;drei\u0026#39;,)] === Invalid SQL: Debug: b\u0026#39;select d from testtable where id = 3\u0026#39; Error: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \u0026#39;syntaxerror d from testtable where id = 3\u0026#39; at line 1 Note how c._executed still holds the previous statement and not the statement that actually errored.\n","date":"2022-03-24T00:00:00Z","href":"https://blog.koehntopp.info/2022/03/24/debugging-sql-in-python.html","tags":["mysql","mysqldev","lang_en"],"title":"Debugging SQL in Python"},{"categories":null,"content":"I record this for posteriority without much comment.\nThe error message \u0026ldquo;Truncated incorrect DOUBLE value\u0026rdquo; when issued by MySQL can be a confused parser, and masks unintended barely legal syntax:\nkris@localhost [kris]\u0026gt; select * from testtable; +----+------+ | id | d | +----+------+ | 1 | eins | | 2 | zwei | | 3 | drei | +----+------+ 3 rows in set (0.00 sec) kris@localhost [kris]\u0026gt; update testtable set d=\u0026#34;vier\u0026#34; and id = 4 where id = 3; ERROR 1292 (22007): Truncated incorrect DOUBLE value: \u0026#39;vier\u0026#39; The actual problem here is the incorrect use of and in the set-clause of the update statement when a comma was intended.\nkris@localhost [kris]\u0026gt; update testtable set d=\u0026#34;vier\u0026#34;, id = 4 where id = 3; Query OK, 1 row affected (0.02 sec) Rows matched: 1 Changed: 1 Warnings: 0 Technically, an and is possible and legal, if you wanted to produce a boolean. Most people do not want this at this point in the statement, though. The error message is particularly unhelpful if you have no access to the literal raw SQL string for whatever reason.\n","date":"2022-03-24T00:00:00Z","href":"https://blog.koehntopp.info/2022/03/24/truncated-incorrect-double-value.html","tags":["mysql","mysqldev","lang_en"],"title":"Truncated incorrect DOUBLE value"},{"categories":null,"content":"On the morning of Saturday, 22nd February 2020, two years ago, my colleagues and I woke up to the a message from the company that said:\n\u0026ldquo;Spaces\u0026rdquo; Closed for Operations 23 Feb - 28 Feb\nDuring the morning hours of Saturday, 22 February, a fire occurred on the first floor of the \u0026ldquo;Spaces\u0026rdquo; building. The fire was extinguished promptly but due to smoke and residue particles that spread throughout the building, we will not be able to open \u0026ldquo;Spaces\u0026rdquo; for at least one weeks time. The closure of the building is required to ensure we fully inspect the building, our equipment, clean the office of all smoke damage and residue and more importantly, ensure we have a safe working environment to return to.\nIt then took exactly one month instead of one week to fix that, and the planned reopening of the building fell on the exact day of the beginning of the COVID-19 lockdown. So it has been today two years ago that I worked in an office the last time.\nI wrote into a company forum one year ago:\nWe will be keeping this up until at least October, and I would be surprised if we are not going to be doing this for much longer the way this country handles Covid.\nAnyway, this is the cluttered mess of my Desk at home:\nHome machine, and lab equipment to the left, company Mac on the desk during the daytime, bunch of books left and right. On top, the stick for my Internet Spaceship. Under the desk to the right, the file server and gaming box.\nIt is very… lived in. I do change things too often for any pretty cabling or other cleanup to hold up.\nAt least it has a decent view. That one hour commute to Spaces did pay off with a much more rural and spacious environment for home.\nBut at least the view from my Desk is decent…\nI am sitting on a Dauphin Shape XXL, a proper office chair instead of some gaming thing, and the desk is an older IKEA standing desk, motorized. I have cabled Internet at my desk, Wifi by Unifi in the house, and we have a 500/500 Mbit fiber connection at home, because faster Internet is not available where I live.\nLife ain’t bad.\nNever has been, actually.\nGoing back, I always had a desk to work on at home. In Berlin, an entire room (which also had an office desk for my wife).\nGeek wife doing geek wifey things on her Berlin desk.\nIn Karlsruhe, my GF and I had work desks in an office room, and actually almost never did use our living room. We sat back to back, because that makes it easy to roll over and look at the other screen to check things out and help.\nIn Kiel we had an office/living room double room, but the living room really saw use only on Tuesdays ever other week for the Tuesday meeting, when a bunch of Geeks were coming around for cooking and talks.\nAnd even as a student, having a working desk was more important than a proper living room, actually.\n1996 computer science student desk (see below \u0026ndash; 1)\nWhen I am thinking about it, I believe it’s because of my Dad. He had a Ham Radio license, and “his” place in the house always was his shack, with all the electronics, the radios and antenna controls, basically a desk and a workbench next to it. You’d find him more often there than anywhere else in the house.\nWhy do we even have living rooms? It’s a social convention that is hard to break. I know that I would be in for a fight to the blood suggesting that we get rid of ours, but seriously? “My” space is that desk/shack shown above, and not the living room. It’s the place that I’ll fight for.\nDiscussing this elsewhere, a friend sends me Space \u0026ndash; A cluttered life: Middle-Class Abundance . The video discusses space use in American middle class families, who seem to have lives centered around the kitchen/eating space, which makes a lot of sense.\nThat 1996 desk. That version of me had a Euro-ISDN semipermanent connection to my provider (128/128 kBit/s) and I also spent 50 Deutschmark for my own /24 provider independent IPv4 range. All my machines had public addresses. The machine is a Nextstation with 24 MB of memory, and a 25 MHz 68040 CPU, running what later would become MacOS X. The white tower next to it has a 1 GB SCSI HDD full height (the two top slots), a 1x SCSI CD-ROM drive (Caddies required) and a SCSI QIC drive for DC 6525 tapes (525 MB/tape). My body hides the full height tower case for the Dual-Pentium Linux box, you can only see the beige case of the b/w monitor it has. We were using BNC based 10 MBit/s Ethernet at that time. This box also has the ISDN card. Unfortunately the driver had a memory leak, and we were losing a bit of memory every time the ISDN link goes up or down, because some driver internal data structures are allocated and never deallocated. The loss accumulates to around 1 MB per week. ","date":"2022-02-21T00:00:00Z","href":"https://blog.koehntopp.info/2022/02/21/spaces.html","tags":["work","remote first","lang_en"],"title":"Spaces"},{"categories":null,"content":"A database is a special kind of structured, persistent, global variable with concurrent access over the network.\nYou write data to a cell of a row of a table in a schema in the server, and it is being kept around for you, with a lifetime longer than the runtime of your program. The database takes care of making sure of ordering access to that data, so there is a clearly defined series of changes to the data – locking, transactions, isolation are things that make databases popular.\nAnd so one gets to have a lot of database schemas in server instances, and they grow. Sometimes that becomes a problem.\nDatabases don\u0026rsquo;t scale, even when they scale These days, the MySQL server can easily utilize the resources even of very large servers. At work, we have taken instances easily up to 400.000 queries per second on AMD EPYC servers with 64 cores and one terabyte of memory, without special tuning. With careful tuning, more than a million QPS is achievable. MySQL scales extremely well these days.\nFor a long time, MySQL also has been a very low latency/high connection database: since it uses a multithreading approach with a pre-generated thread pool, it can handle up to around 10k connections comfortably, and three times more at cost. It can handle disconnect and reconnect situations in a way that is more reminiscent of an LDAP server than a database.\nAnd it can answer single point primary key lookups from memory – the workload a memcached handles – at memcached speeds: We see query resolution times including SQL parsing that are as low as 0.12ms (120µs).\nWhat doesn\u0026rsquo;t scale: server creation time MySQL replication hierarchies are designed as shared-nothing architectures. Creating a new server means you have to copy the data for the server into place, and then let replication catch up.\nThere are storage trickeries that can be played, but they have long term consequences that need mitigation. They also tie their user to very costly and very specific storage architectures and that is not a thing anybody can afford to have as a technical debt item on their sheet.\nA Relativity Theory of databases: For data, space is time. When we create new databases, we copy the data over. In the end, the network is very fast: At 10 Gbit/s, we are looking at a stream of 1.25 GB/s coming in that we need to be able to persist at the receiving end, and that we need to provide at the sending end.\nLooking at storage, we can see that in all but one situation, the bottleneck is not the network:\nA conventional HDD with rotating rust can serve reliably around 200 MB/s in a linear read or write (Toshiba HDD specs provide some reference). A SSD usually gives us twice this, so we see streams of around 400-500 MB/s (Micron SSD specs provide some reference). Openstack instances are quota\u0026rsquo;ed, and often get something like 400 MB/s quota again, which nicely matches expectations of SSD users. A NVME flash device can provide on the upside of 3000 MB/s (3 GB/s) sustained data rate when enterprise grade hardware is purchased (Micron NVME specs provide some reference). This is the one single case where a 10 GBit/s network interface actually is becoming a bottleneck, but of course more network is available if you have the coin. How long does it take to copy one Terabyte of data, assuming linear streaming access?\nAt 200 MB/s, we get 12000 MB/min = ~12 GB/min, or around 85.3 minutes for 1024 GB. At 400 MB/s, that is twice the speed or half the time, 42.6 minutes. Add time for replication to catch up, and round up to a nice round number for rule of thumb estimates:\nAt 400 MB/s, copying one Terabyte of data takes 45 minutes to copy and 15 minutes for replication catchup, for a total of one hour per Terabyte of data size.\nSize constraints for databases In database land, we copy databases all the time:\nTo make backups. To make more replicas in order to scale a pool up. To replace replicas that have left the pool to go into maintenance. To create special purpose replicas that may or may not be useful after having served their special purpose. Each replica we make needs a donor instance, and often a donor instance can donate only to one receiver at a single point in time.\nAll taken together means that asking for more replicas is not instantaneous. You will have to wait one hour per TB of data size, and longer if there is need to clone up some donors to be able to parallelize cloning.\nHere are some good numbers:\nTypical HPE or Dell blades at work have a single or two internal drives of 1.92 TB (\u0026ldquo;two TB\u0026rdquo;) each. If the instances make full use of them, preparing a blade takes slightly under 2h or 4h. In a single workday of 8h, you can probably expect one attempt per day to do \u0026ldquo;a thing\u0026rdquo; to a database of ~10 TB size. From this we get a few very strong recommendations:\n200-250 GB databases can be replicated in intervals that fit into K8s readiness probes. That is why Vitess and also many Postgres based clustering products recommend small instance sizes of 250 GB or less. 2-4 TB data size give you \u0026ldquo;several attempts at maintenance per day\u0026rdquo;, and also fit standard blade on premises or i3.2xl and i3.4xl instances in EC2. They are probably the upper end of supportable database size in terms of wait times due to data copies. 10 TB data size is where toil explodes, because they are in the \u0026ldquo;a single attempt per day\u0026rdquo; class. If you have databases that are larger than this, you need to have a long and hard look at your life and architecture choices, and the implications of them. Reactive autoscaling is not a thing It also means that reactive autoscaling of database instances does not work at all: By the time you have scaled up, the demand is already handled by existing capacity or you have died.\nYou will need ongoing capacity testing and predictive autoscaling that gives you some headroom for the unexpected.\nUsing spot instances is also very likely to make you very unhappy or very offline or both.\nTL;DR There is a soft 2 TB boundary and a hard 10 TB boundary. They are defined by physics, so they are not negotiable and cannot be removed by throwing money at it.\nWhen you reach these sizes, talk to your DBA about alternatives. Treat the 2TB boundary as a complexity inflection point, and use the remaining time as runway to branch out into alternative solutions.\n","date":"2022-02-16T00:00:00Z","href":"https://blog.koehntopp.info/2022/02/16/databases-how-large-is-too-large.html","tags":["mysql","mysqldev","lang_en"],"title":"Databases: How large is too large?"},{"categories":null,"content":"The new disks in the file server had synchronized nicely, and that resulted in an interesting graph:\nSectors on the outer part of a hard disk are transferred faster than inner sectors. You can see how the disk speed halves between the outermost and the innermost part.\nWhile watching, I decided on a whim that I wanted to convert the entire setup from using Linux mdraid to dmraid, the LVM2 implementation of RAID1. It is essentially the same code, but integrated into LVM2 instead of using mdadm for control.\nI had already experimented with dmraid before, as documented in an earlier article , and that was not without problems . But since the array would contain no original data, only backups, I decided to give it a try.\nSo here we go:\nDestroying the mdraid I had created a RAID-1 pair of the disks /dev/sdb2 and /dev/sdc2 under the name /dev/md126, then added /dev/md126 to the hdd volume group. In order to get the disks back, I had to undo this.\nSo we need to check if the /dev/md126 PV is empty:\n# pvdisplay --map /dev/sda2 --- Physical volume --- PV Name /dev/md126 VG Name hdd PV Size 9.09 TiB / not usable 1022.98 MiB Allocatable yes PE Size 1.00 GiB Total PE 9303 Free PE 9303 Allocated PE 0 PV UUID ... --- Physical Segments --- Physical extent 1 to 9302: FREE That\u0026rsquo;s fine. We can remove the pair from the volume group again, remove the LVM2 label, and then stop and destroy the raid:\n# vgreduce hdd /dev/md126 ... # pvremove /dev/md126 ... # mdadm --stop /dev/md126 ... # mdadm --remove /dev/md126 ... # mdadm --zero-superblock /dev/sdb2 /dev/sdc2 That did not work: An Ubuntu Component, os-prober, took possession of the devices after removing the RAID-1. I had to actually uninstall the component and remove the osprober from devicemapper before I could continue:\n# ### After uninstalling os-prober: # dmsetup ls ... # dmsetup remove osprober-linux-sdb2 ... # dmsetup remove osprober-linux-sdc2 ... # mdadm --zero-superblock /dev/sdb2 /dev/sdc2 ... Preparing the disks individually for LVM2 Only then I could continue, add the disks to LVM2 and extend the hdd volume group:\n# pvcreate /dev/sd{b,c}2 ... # vgextend hdd /dev/sd{b,c}2 ... We now have a very weird, asymmetric VG in which there is a single 9.09 TiB raid PV and two 9.09 TiB unraided PVs. Our next objective is to evacuate the raided PV, and then destroy this as well, adding the disks back unraided. This will result in a 36 TiB total VG.\nEvacuating /dev/md127 to unraid it This is going to take a long time. We need to do this in a tmux session:\n# pvmove /dev/md127 /dev/sdb2 ... This will, over the course of about one day, move all physical extents from /dev/md127 to /dev/sdb2. This exposes us to disk failure, as for the moment the data on /dev/sdb2 is unraided.\nRestoring redundancy There are two kinds of backup on this disk pack: A number of Apple Time Machine targets and an Acronis Windws target, tm_* and win_*, and an internal backup that is being produced by a cron job, rsyncing data from the internal SSDs to the disks, /backup.\nI decided to destroy the /backup LV and recreate it as a raid10 across all 4 disks. This was relatively easy, and worked immediately \u0026ndash; it just took a few hours for the backup job to run from scratch.\n# umount /backup # lvremove /dev/hdd/backup ... # lvcreate --type raid10 -i2 -m1 -n backup -L4T hdd ... # mkfs -t xfs -f /dev/hdd/backup # mount /backup # /root/bin/make-backup For the Time Machine and Acronis targets, I decided to lvconvert them to raid1. As stated before , there are two competing implementations of of RAID in LVM2, --type mirror and --type raid1. The mirror implementation is very extremely strongly deprecated, the raid1 implementation is okay, because it uses the same code as mdraid internally.\nWe need to make sure to specify --type raid1 in the lvconvert command to ensure the proper type is being used. For each target we do\n# lvconvert --type raid1 -m1 /dev/hdd/tm_... ... This returns immediately, and begins to sync the mirror halves internally. If we at this point convert all Time Machine and Acronis targets at once, the sync speed is abysmally slow, because of disk head treshing. There is no way to stop this. The only option is to slow down all resyncs except one:\n# ### for all targets, slow them down to minimum # lvchange --maxrecoveryspeed=1k /dev/hdd/tm_... # ### for one target, set a very large max speed: # lvchange --maxrecoveryspeed=100000k /dev/hdd/tm_... ... and then let one tm_... target finish. After that, we can increase the max sync speed for the next target, and so on.\nThis is what a --type raid1 looks like in lsblk:\n# lsblk /dev/sda2 /dev/sdg2 NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda2 8:2 0 9.1T 0 part ├─hdd-tm_aircat_rmeta_0 253:18 0 1G 0 lvm │ └─hdd-tm_aircat 253:20 0 1T 0 lvm /export/tm_aircat ├─hdd-tm_aircat_rimage_0 253:25 0 1T 0 lvm │ └─hdd-tm_aircat 253:20 0 1T 0 lvm /export/tm_aircat ... sdg2 8:98 0 9.1T 0 part ├─hdd-tm_aircat_rmeta_1 253:26 0 1G 0 lvm │ └─hdd-tm_aircat 253:20 0 1T 0 lvm /export/tm_aircat ├─hdd-tm_aircat_rimage_1 253:30 0 1T 0 lvm │ └─hdd-tm_aircat 253:20 0 1T 0 lvm /export/tm_aircat ... That is, for each leg of the RAID1 you get a rimage and rmeta LV. If the LVs are named mimage_0 and mimage1 and there is no rmeta but only a single mlog, this is not --type raid, but the deprecated mirror implementation. This is not good, and should be converted to --type raid1.\nThere is no way to convert a linear or raid1 to raid10, unfortunately.\nChecking status and progress A few handy commands to check the status and the progress of the conversion.\nMonitor the sync state of the devices:\n# lvs -a -o name,copy_percent,devices,raid_max_recovery_rate,raid_mismatch_count,raid_sync_action hdd The -a shows all the LVs, even the internal ones. We are interested into the copy_percent to see the progress of the sync. We also want the max_recovery_rate, because we might have throttled it with the lvchange command mentioned above. And we want to see the raid_mismatch_count and raid_sync_action to see what\u0026rsquo;s going on.\nOf course, the ubiquitous lvs -a -o +devices is always handy to get an impression of the entire VG:\n# lvs -a -o +devices hdd LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert Devices backup hdd rwi-aor--- 4.00t 100.00 backup_rimage_0(0),backup_rimage_1(0),backup_rimage_2(0),backup_rimage_3(0) [backup_rimage_0] hdd iwi-aor--- 2.00t /dev/sdb2(2561) [backup_rimage_1] hdd iwi-aor--- 2.00t /dev/sdc2(1) [backup_rimage_2] hdd iwi-aor--- 2.00t /dev/sda2(1026) [backup_rimage_3] hdd iwi-aor--- 2.00t /dev/sdg2(3158) [backup_rmeta_0] hdd ewi-aor--- 1.00g /dev/sdb2(2560) [backup_rmeta_1] hdd ewi-aor--- 1.00g /dev/sdc2(0) [backup_rmeta_2] hdd ewi-aor--- 1.00g /dev/sda2(1025) [backup_rmeta_3] hdd ewi-aor--- 1.00g /dev/sdg2(3157) tm_aircat hdd rwi-aor--- 1.00t 100.00 tm_aircat_rimage_0(0),tm_aircat_rimage_1(0) [tm_aircat_rimage_0] hdd iwi-aor--- 1.00t /dev/sda2(0) [tm_aircat_rimage_1] hdd iwi-aor--- 1.00t /dev/sdg2(2133) [tm_aircat_rmeta_0] hdd ewi-aor--- 1.00g /dev/sda2(1024) [tm_aircat_rmeta_1] hdd ewi-aor--- 1.00g /dev/sdg2(2132) tm_joram hdd rwi-aor--- 1.50t 100.00 tm_joram_rimage_0(0),tm_joram_rimage_1(0) [tm_joram_rimage_0] hdd iwi-aor--- 1.50t /dev/sdc2(2049) [tm_joram_rimage_1] hdd iwi-aor--- 1.50t /dev/sdb2(1) [tm_joram_rmeta_0] hdd ewi-aor--- 1.00g /dev/sdc2(3585) [tm_joram_rmeta_1] hdd ewi-aor--- 1.00g /dev/sdb2(0) tm_mini hdd rwi-aor--- 512.00g 100.00 tm_mini_rimage_0(0),tm_mini_rimage_1(0) [tm_mini_rimage_0] hdd iwi-aor--- 512.00g /dev/sdb2(8786) [tm_mini_rimage_1] hdd iwi-aor--- 512.00g /dev/sdc2(4609) [tm_mini_rmeta_0] hdd ewi-aor--- 1.00g /dev/sdb2(9298) [tm_mini_rmeta_1] hdd ewi-aor--- 1.00g /dev/sdc2(4608) win_kk hdd rwi-aor--- 2.08t 100.00 win_kk_rimage_0(0),win_kk_rimage_1(0) [win_kk_rimage_0] hdd iwi-aor--- 2.08t /dev/sdg2(2) [win_kk_rimage_1] hdd iwi-aor--- 2.08t /dev/sda2(3075) [win_kk_rmeta_0] hdd ewi-aor--- 1.00g /dev/sdg2(0) [win_kk_rmeta_1] hdd ewi-aor--- 1.00g /dev/sda2(3074) Another way to look at the construct is lsblk:\n# lsblk /dev/sd{a,b,c,g} NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 9.1T 0 disk ├─sda1 8:1 0 10G 0 part └─sda2 8:2 0 9.1T 0 part ├─hdd-tm_aircat_rmeta_0 253:18 0 1G 0 lvm │ └─hdd-tm_aircat 253:20 0 1T 0 lvm /export/tm_aircat ├─hdd-tm_aircat_rimage_0 253:25 0 1T 0 lvm │ └─hdd-tm_aircat 253:20 0 1T 0 lvm /export/tm_aircat ├─hdd-backup_rmeta_2 253:35 0 1G 0 lvm │ └─hdd-backup 253:39 0 4T 0 lvm /backup ├─hdd-backup_rimage_2 253:36 0 2T 0 lvm │ └─hdd-backup 253:39 0 4T 0 lvm /backup ├─hdd-win_kk_rmeta_1 253:42 0 1G 0 lvm │ └─hdd-win_kk 253:23 0 2.1T 0 lvm /export/win_kk └─hdd-win_kk_rimage_1 253:43 0 2.1T 0 lvm └─hdd-win_kk 253:23 0 2.1T 0 lvm /export/win_kk ... What is where? And of course, we might be interested into the actual distribution of data on the disk:\n# pvdisplay --map /dev/sd{a,b,c,g}2 ... --- Physical volume --- PV Name /dev/sdg2 VG Name hdd PV Size 9.09 TiB / not usable 1022.98 MiB Allocatable yes PE Size 1.00 GiB Total PE 9303 Free PE 4098 Allocated PE 5205 PV UUID ... --- Physical Segments --- Physical extent 0 to 0: Logical volume /dev/hdd/win_kk_rmeta_0 Logical extents 0 to 0 Physical extent 1 to 1: FREE Physical extent 2 to 2131: Logical volume /dev/hdd/win_kk_rimage_0 Logical extents 0 to 2129 Physical extent 2132 to 2132: Logical volume /dev/hdd/tm_aircat_rmeta_1 Logical extents 0 to 0 Physical extent 2133 to 3156: Logical volume /dev/hdd/tm_aircat_rimage_1 Logical extents 0 to 1023 Physical extent 3157 to 3157: Logical volume /dev/hdd/backup_rmeta_3 Logical extents 0 to 0 Physical extent 3158 to 5205: Logical volume /dev/hdd/backup_rimage_3 Logical extents 0 to 2047 Physical extent 5206 to 9302: FREE Defragmenting dev/sdb2 Due to the way we created things, initially all RAID1 have the left leg of their mirror on /dev/sdb2, because that is where we pvmoveed stuff initially. We might want to fix that, and push a few things over. I did that, as can be seen by the lvs -a -o +devices hdd output further up.\nHere is how:\n# pvmove -n \u0026lt;LV_name\u0026gt; /dev/sdb2 /dev/sdg2 ... This will move all data belonging to LV_name that is currently on /dev/sdb2 to /dev/sdg2. Again, this will take a long time, and there should be no other sync action currently active for maximum speed, as rotating disks slow down a lot when there are competing disk seeks.\nThis leaves us with a fragmented /dev/sdb2 and LVs on higher numbered extents, which are a lot slower than lower numbered extents. We could fix that as well, again with pvmove:\n# pvdisplay --map /dev/sdc2 ... Physical extent 3587 to 3596: Logical volume /dev/hdd/keks_rimage_1 Logical extents 0 to 9 Physical extent 3597 to 4607: FREE ... # pvmove -n keks --alloc anywhere /dev/sdc2:3587-3596 /dev/sdc2:4000-4009 /dev/sdc2: Moved: 0.00% ... /dev/sdc2: Moved: 100.00% This moves extents internally on a drive. pvmove normally refuses to do this, so we have to tell it to shut up about this, using --alloc anywhere. We then use extent-addressing to change the map manually: We move data from /dev/sdc2:3587-3596, the entire keks Test-LV, somewhere into the FREE space, 4000-4009. The result looks like this:\n... Physical extent 3587 to 3999: FREE Physical extent 4000 to 4009: Logical volume /dev/hdd/keks_rimage_1 Logical extents 0 to 9 Physical extent 4010 to 4607: FREE ... # lvremove /dev/hdd/keks Do you really want to remove and DISCARD active logical volume hdd/keks? [y/n]: y Logical volume \u0026#34;keks\u0026#34; successfully removed And that concludes a largely pointless refactoring of my home storage, because I could.\n# vgs VG #PV #LV #SN Attr VSize VFree data 2 15 0 wz--n- 7.28t 3.25t hdd 4 5 0 wz--n- 36.34t 18.17t system 1 4 0 wz--n- 466.94g 234.94g Do you have checksums? Not yet. There is a thing called dm-integrity, though, and a gist that I have to try. The dm-integrity Documentation is here. And integritysetup is part of cryptsetup-bin on Ubuntu.\n","date":"2022-02-06T00:00:00Z","href":"https://blog.koehntopp.info/2022/02/06/revisiting-the-file-server.html","tags":["lang_en","computer","linux","storage"],"title":"Revisiting the file server"},{"categories":null,"content":"The old file server was full, and since the little one got more local storage in his laptop, I also needed more storage for backup to match. I am running a 5x cage using up 3 disk slots in a Midi-Tower. Two slots are filled with Seagate Ironwolf 10 TB disks already, the rest is available.\nA 5x hot swap disk cage using 3 disk slots in a midi tower.\nThe disk situation in the machine was like this:\nkris@server:~$ sudo vgs [sudo] password for kris: VG #PV #LV #SN Attr VSize VFree data 2 16 0 wz--n- 7.28t 3.24t hdd 2 5 0 wz--n- 9.08t 5.00g system 1 4 0 wz--n- 466.94g 234.94g The hdd volume group is running in a RAID-1 configuration using mdraid for historical reasons - this is a very old machine. Additional space would be added as another mdraid, and then linearly extend the existing volume. That is fine, the disks are used as backup targets for a number of Mac devices only and speed or seeks are not our primary goal.\nI ordered two additional Seagate Ironwolf 10 TB disks to match the existing ones. They came in rather cold from the delivery van:\nAfter unpacking the disk chassis had single digit celsius temperatures. When I remembered to take a thermal image they were already warmed up a bit. I let them warm up a bit more before I put them in.\nPushing in the disks generated a lot of kernel log, and also a nice graph in the temperature monitoring:\nThe new disks are warming up rapidly. The dropping line is a scratch disk that I have been taking out of slot 3 and pushing back in into slot 5.\n[556459.695008] ata2: SRST failed (errno=-16) [556461.651016] ata2: SATA link up 3.0 Gbps (SStatus 123 SControl 300) [556461.671217] ata2.00: ATA-11: ST10000VN0008-2PJ103, SC61, max UDMA/133 [556461.671220] ata2.00: 19532873728 sectors, multi 16: LBA48 NCQ (depth 31/32) [556461.676016] ata2.00: configured for UDMA/133 [556461.676157] scsi 1:0:0:0: Direct-Access ATA ST10000VN0008-2P SC61 PQ: 0 ANSI: 5 [556461.676549] sd 1:0:0:0: Attached scsi generic sg1 type 0 [556461.676844] sd 1:0:0:0: [sdb] 19532873728 512-byte logical blocks: (10.0 TB/9.10 TiB) [556461.676847] sd 1:0:0:0: [sdb] 4096-byte physical blocks [556461.676879] sd 1:0:0:0: [sdb] Write Protect is off [556461.676885] sd 1:0:0:0: [sdb] Mode Sense: 00 3a 00 00 [556461.676973] sd 1:0:0:0: [sdb] Write cache: enabled, read cache: enabled, doesn\u0026#39;t support DPO or FUA [556461.771798] sd 1:0:0:0: [sdb] Attached SCSI disk [556464.406986] ata3: link is slow to respond, please be patient (ready=0) [556468.514986] ata3: SRST failed (errno=-16) [556470.586999] ata3: SATA link up 3.0 Gbps (SStatus 123 SControl 300) [556470.589417] ata3.00: ATA-11: ST10000VN0008-2PJ103, SC61, max UDMA/133 [556470.589420] ata3.00: 19532873728 sectors, multi 16: LBA48 NCQ (depth 31/32) [556470.594222] ata3.00: configured for UDMA/133 [556470.594361] scsi 2:0:0:0: Direct-Access ATA ST10000VN0008-2P SC61 PQ: 0 ANSI: 5 [556470.594676] sd 2:0:0:0: Attached scsi generic sg2 type 0 [556470.594933] sd 2:0:0:0: [sdc] 19532873728 512-byte logical blocks: (10.0 TB/9.10 TiB) [556470.594937] sd 2:0:0:0: [sdc] 4096-byte physical blocks [556470.595017] sd 2:0:0:0: [sdc] Write Protect is off [556470.595022] sd 2:0:0:0: [sdc] Mode Sense: 00 3a 00 00 [556470.595120] sd 2:0:0:0: [sdc] Write cache: enabled, read cache: enabled, doesn\u0026#39;t support DPO or FUA [556470.695659] sd 2:0:0:0: [sdc] Attached SCSI disk Yup, 3 GBps. This is an old i7-3770 with an old SATA subsystem to match.\nI created partition tables using sfdisk, copying from the existing sda (another Ironwolf) to the new devices sdb and sdc.\nkris@server:~$ sudo sfdisk -d /dev/sda | sudo sfdisk /dev/sdb ... kris@server:~$ sudo sfdisk -d /dev/sda | sudo sfdisk /dev/sdc ... kris@server:~$ sudo sfdisk -d /dev/sdb label: gpt label-id: ... device: /dev/sdb unit: sectors first-lba: 34 last-lba: 19532873694 /dev/sdb1 : start= 2048, size= 20971520, type=..., uuid=...., name=\u0026#34;Linux filesystem\u0026#34; /dev/sdb2 : start= 20973568, size= 19511900127, type=..., uuid=...., name=\u0026#34;Linux RAID\u0026#34; This works, because sfdisk like sgdisk understands about MBR and GPT partition tables, and can handle large 10 TB partitions. We have a 10 GB /dev/sdb1 as a potential boot space, and use the rest of the disk as a giant /dev/sdb2 in LVM2. The other disk, /dev/sdc matches this.\nWe can then construct the RAID from the two partitions /dev/sd{b,c}2. Because this is a large device, mdadm will also automatically add an internal bitmap.\nkris@server:~$ sudo mdadm -C /dev/md126 --level=1 --raid-devices=2 /dev/sd{b,c}2 ... kris@server:~$ sudo mdadm --detail /dev/md126 /dev/md126: Version : 1.2 Creation Time : Tue Feb 1 20:23:20 2022 Raid Level : raid1 Array Size : 9755817920 (9303.87 GiB 9989.96 GB) Used Dev Size : 9755817920 (9303.87 GiB 9989.96 GB) Raid Devices : 2 Total Devices : 2 Persistence : Superblock is persistent Intent Bitmap : Internal Update Time : Tue Feb 1 21:27:07 2022 State : clean, resyncing Active Devices : 2 Working Devices : 2 Failed Devices : 0 Spare Devices : 0 Consistency Policy : bitmap Resync Status : 0% complete Name : server:126 (local to host server) UUID : ... Events : 799 Number Major Minor RaidDevice State 0 8 18 0 active sync /dev/sdb2 1 8 34 1 active sync /dev/sdc2 And while the RAID synchronizes in the background, we can turn the new device into a physical volume and add it to the hdd volume group.\nkris@server:~$ sudo pvcreate /dev/md126 Physical volume \u0026#34;dev/md126\u0026#34; successfully created. kris@server:~$ sudo vgextend hdd /dev/md126 Volume Group \u0026#34;hdd\u0026#34; successfully extended kris@server:~$ vgs VG #PV #LV #SN Attr VSize VFree data 2 16 0 wz--n- 7.28t 3.24t hdd 2 5 0 wz--n- 18.17t 9.09t system 1 4 0 wz--n- 466.94g 234.94g With that, we now have sufficient disk space to continue to work. After the sync completes, I will lvconvert two existing backup partitions into mirrors to move them to the new disk pair, and then dissolve the mirror, dropping the image on the old half.\n","date":"2022-02-01T00:00:00Z","href":"https://blog.koehntopp.info/2022/02/01/time-to-grow-the-file-server.html","tags":["lang_en","computer","linux","storage"],"title":"Time to grow the file server"},{"categories":null,"content":"This is the Hunga Tonga underwater volcano explosion in Pacific Ocean (animated gif, click to start):\nThis is data from my sensors , 15h later:\nThe second wave took the long way around, and arrived around 2am-4am on the morning of the 16th, but barely registered.\n","date":"2022-01-16T00:00:00Z","href":"https://blog.koehntopp.info/2022/01/16/hunga-tonga.html","tags":["lang_en","anderswo","iot"],"title":"Hunga Tonga"},{"categories":null,"content":"On Twitter, Jan Wildeboer linked an article by Adam Hooper on MySQL and the weird utf8mb4 character set.\nThe recommendation is correct:\nIn MySQL, use utf8mb4 when you mean to work with utf8 in your programming language.\nThe background and reasoning for this (and why it is wrong) is way more complicated than outlined by Adam Hooper. So let\u0026rsquo;s walk through this:\nMySQL utf8 means 3-byte Unicode, and access to only the BMP utf8 in MySQL encodes the Unicode BMP . The Unicode Basic Multilingual Plane, or BMP, is the original 65536 character plane. It was the only character plane available in Unicode 1.0 It was thought to be enough for all scripts in the world. It wasn\u0026rsquo;t.\nUnicode was extended, as early as with the 2.0 release, to have more characters than that, in more code planes. Currently, there can be up to 17 Unicode planes, but most of them are unused.\nUnicode 1.0 is also different in other ways. Vladislav Vaintroub commented to me:\nUnicode 1.0 had a different range for Hangul . Unicode 2.0 fixed that, and remapped Hangul (which is a unique action, and they issued a policy to forbid remapping in the future).\nMaking things immutable is important with character sets and sort orders, also for databases, as we will see. It is in fact the entire reason for utf8mb4 to exist.\nEncodings and the 65536 character barrier There are various ways to encode codepoints of Unicode.\nOriginally, with only the BMP existing, people thought of extending the concept of \u0026ldquo;byte\u0026rdquo; = \u0026ldquo;character\u0026rdquo; to double bytes. This is how you get the wchar and a 16 bit character set, the obsolete ucs-2 encoding.\nWhen it became clear that 65536 characters are insufficient to represent all scripts and languages in the world, a larger 31-bit space was introduced and the naive encoding of that, ucs-4. This would require 4 bytes per character.\nBoth are incredibly wasteful:\nUsing ucs-2 with western scripts means that every other byte is a null byte, and with ucs-4 for every character there will be 3 null bytes. Even with non-western scripts there will be at least one, if not two null bytes per character.\nExtending Unicode beyond the BMP posed a bit of a problem: Windows NT had started to use Unicode as a character set, and ucs-2 as the standard encoding.\nThe solution was the character range 0xD800 to 0xDFFF, which was unassigned to characters, so far: 2048 (11 bit) of unassigned positions.\nThe resulting encoding takes characters beyond the BMP, with codes greater than 0xFFFF, and subtracts 0x10000. This leaves a 20 bit number, which is then split into a high 10 bit part and a low 10 bit part.\nThe high ten bits are added to 0xd800 (0xd800-0xdbff). The low then bits are added to 0xdc00 (0xdc00-0xdfff). This was called utf-16 encoding, and became the character set of Windows starting with Windows 2000.\nutf-16 also, for now, limits the number of characters that can be represented in Unicode to 1112064, a number that can be represented in 21 bits.\nPlan 9 and utf-8 In the Unix world, the experimental Plan 9 operating system from A\u0026amp;T explored variable length encodings of Unicode: utf-8 could represent 31-bit Unicode with encodings between 1 and 6 bytes in length. Single byte codes would be compatible with ASCII, so that valid ASCII is also valid utf-8.\nBecause the utf-16 hack had restricted the number of possible Unicode characters effectively from 31 bit to 21 bit, actual utf-8 encodings can only be up to 4 bytes long. And because utf-8 is so much denser than other encodings, it is by far the dominant encoding of Unicode. Even Microsoft, heavily invested in ucs-2 and utf-16 with Windows, started to support utf-8, beginning with the development of Windows 11 in 2019.\nIn an utf-8 multibyte sequence, the \u0026ldquo;number of 1-bits before the first 0-bit\u0026rdquo; in the first byte of a multibyte character determine the length of the encoding:\nSingle byte characters are in the range 0x00-0x7f (0 leading 1-bits, single byte), for ASCII compatibility. Multibyte characters start with 110xxxxx for a two byte sequence, 1110xxxx for a three byte sequence and 11110xxx for a four byte sequence. The second, and possible third and fourth byte are all of the form 10xxxxxx, which is otherwise unused, so that these bytes are always identifiable as continuation bytes in a multibyte encoding. This makes utf-8 restartable: If you end up at a byte of the form 10xxxxxx, you know you are in the middle of a multibyte sequence of at most 4 bytes length. You can backtrack a few bytes, and check for the clearly recognizable start pattern of a multibyte encoding, or error out with an invalid encoding.\nWe get 128 single byte characters that are identical to ASCII, 1920 two byte characters, and three bytes for the rest of the BMP. Four bytes are needed for rare CJK characters, a bunch of math, some dead scripts and a ton of emoji that should not exist in the first place .\nMySQL, and three byte utf8 MySQL did support the \u0026ldquo;full full\u0026rdquo; range of 31 bit Unicode in the beginning, with up to 6 bytes being used for a single character. That was changed in a single byte change commit in September 2002. Back then MySQL 3.23 was the active release and InnoDB was not yet enabled by default.\nVladislav Vaintroub commented about this:\nAnyway MySQL\u0026rsquo;s utf8 was always meant to be castrated utf8, from its invention.\nIt was a little gamble, and hope that supplemental plane won\u0026rsquo;t be used much, thus we could save a couple of bytes in filesort. Although already by 2001 (Unicode 3.1) there were characters in supplemental range, they could be seen as \u0026ldquo;rarely used\u0026rdquo; (music notation, old Egyptian, Deseret and what not). Thus only few people needed supplemental characters, until everyone\u0026rsquo;s favorite U+1F4A9 PILE OF POO premiered in Unicode 6.0, in 2010, actually a couple of years after, until smartphone made emoji ubiquitous.\nSo that gamble - that supplemental plane remains rarely used, did not work out, but who would know that by 2003.\nVaintroub\u0026rsquo;s comment about sorting refers to a limitation of MySQL that was only removed in MySQL 8. More about that below.\nCharacter sets have collations Unicode not only defines character sets, they also define a comparison algorithm for characters. This is called UCA, Unicode Comparison Algorithm. Like Unicode itself, it is versioned .\nOlder versions of UCA had issues in various ways: lefred\u0026rsquo;s Blog article and Manyi Lu\u0026rsquo;s article about the Sushi-Beer issue explain this in depth.\nIndexes are materialized collations Databases have indexes, and these extract values from a column, sort them and store back pointers to the full row with each extracted column value. This allows for fast searching.\nThus, indexes are materialized collations, and when a collation (or a charset) is changed, all indexes that contain values of that charset are invalid and need to be recreated.\nIn the deep dark past, MySQL made changes and bugfixes to existing collations, which made MySQL upgrades a pain: The moment you apply the upgrade, you are forced to drop and recreate the indexes. Depending on the amount of data and the size of the index, that requires an extraordinary amount of time and makes updates complicated.\nutf8mb4, because utf8 was taken. MySQL adopted a policy similar to the Unicode Consortium itself:\nMySQL never updates existing character sets and collations, not even for bugfixes.\nAnd because the name utf8 was taken, a new name was needed: utf8mb4 is the version of Unicode utf-8 in MySQL that extends past the BMP, and also uses UCA 9.0 for comparison.\nCompare to utf8 which encodes only the BMP, and uses an older UCA for comparison. So utf8 not only has a smaller character range, it also sorts differently.\nThis makes upgrades mich simpler:\nYou install a new version. Nothing changes, you are just running new code which hopefully sorts and orders as before. You can create new columns using the new character set and collations, even in existing tables, because in MySQL a charset and collation is a column attribute. Tables, databases and servers just provide defaults that are inherited at the time of subordinate object creation. To complete the upgrade, check all columns, and note which ones need changing. Actually change these columns, table by table, at your own leisure. If necessary, use tooling such as Percona Online Table Change (\u0026ldquo;OSC\u0026rdquo;), making the change in the background without service interruption. Side note: MySQL\u0026rsquo;s sorting and file formats are portable MySQL does not use libc and the character set comparison functions in there for itself. It brings its own collations instead.\nThat is also an important fact. It means that MySQL does not break when you upgrade the operating system libc on your machine.\nIf MySQL used libc fort sorting and comparing, the database could break without any changes to the database whatsoever \u0026ndash; an innocent security update to the operating system libc (which for some reason also touched libc sorting and comparison) would break all character indexes in your database.\nMySQL does not do that. It lets you migrate these things in a way that is operationally convenient.\nIt also means that MySQL versions sort the same between Linux, FreeBSD, Solaris and even Windows.\nJust like the on disk format is compatible across all platforms, so is character handling and time zone handling. MySQL is MySQL on any platform, and copying files and replication always work across these boundaries.\nSo why the 6-to-3-byte commit? Not that it matters much: Because Unicode and UCA changes between versions of Unicode, you\u0026rsquo;d still have to use different names for character sets and collations, and migrations to do.\nBut why was it important that \u0026ldquo;we could save a couple of bytes in filesort\u0026rdquo; as Vaintroub puts it? Here we go:\nSorting is important, and hard to scale Not only can databases, tables and individual indexes be very large, they also need to be kept sorted, and sometimes data needs to be re-sorted. Databases usually have a large number of strategies for that.\nSmall things are sorted in memory. That is, the database creates the full rows of the result table in memory, using all columns. It then sorts these rows in memory by shuffling around the full rows. That uses up a lot of memory bandwidth, because we copy around full rows, which can be large.\nSometimes we do not want to move around full rows, because these rows are large. So we only sort the columns specified in the ORDER BY CLAUSE, which is a tiny subset of the full columns set of each row of the result table, and attach a row pointer to each of these sort rows.\nIn the end we have a tiny in-memory table in sort order, which only holds columns from the ORDER BY, and each row in it points to the unsorted full rows somewhere else - in memory or on disk. We can then output the full rows in sort order, but at the cost of a lot of seeks - possibly on disk. That is, because the full rows have not been sorted, so the row pointers from the sorted data to the full rows are a mess.\nSometimes we have very many rows. So we do as before, but for a subset of all rows - as many as fit into our sort buffer. When the sort buffer is full, we write it out to disk. Then we continue with the next batch. Across all partial results we perform a merge sort.\nIf the things sorted were full rows, we can emit full result rows rather quickly. If the things sorted were only ORDER BY columns or other partial result set rows with row pointers attached, we may have to perform one or multiple seeks in order to get the missing columns from all tables involved.\nThe optimizer has to decide which strategy to use here, based on estimates of the row width, size of the result set (which has not yet been produced, so it\u0026rsquo;s a guess) and the available amount of resources.\nAnd then, implementation issues Older versions of MySQL have different storage engines: MYISAM, INNODB, MEMORY and others. Modern MySQL has only INNODB, but for temporary tables has a few tricks ready to make things faster: for example, temporary tables can be recreated and do not need to be crash safe, so no redo and undo logging is required.\nOther storage engines than INNODB had restrictions.\nFor example, MEMORY tables could not have variable length columns, there was no VARCHAR, only CHAR. So when sorting with temporary tables in memory, MySQL created these temp tables as MEMORY tables, promoting every varchar(255) to CHAR(255). A row with a varchar value of hello suddenly used 255 bytes instead of 6 bytes to represent the string hello (plus a lot of padding).\nOf course, with utf8, a varchar(255) charset utf8 is promoted to a char(255) charset utf8, which instead allocates 765 bytes of memory, out of which the first five bytes contain the string hello, and the rest is wasteful padding. With 6 bytes, it would be twice that amount of memory. So reducing this from 6 to 3 bytes was quite worthwhile.\nMEMORY tables had a configurable size limit, and if your table exceeded that (which happened rather quickly, given the above restrictions), it was converted to an on-disk temporary table in MYISAM format: a spill. MYISAM of course had varchar(255) charset utf8 as a native type, and your hello would again shrink to six bytes. Looking at the on disk temporary file, which was rather small, you might wonder what caused the spill.\nMySQL 8 introduces unlogged INNODB temporary tables (and a failed experiment involving mmap that you may want to disable). So this problem is gone, once and for all: varchar is varchar at all times, and representing Unicode variants in temporary tables is no longer a problem - if you use MySQL 8.\nThis is in fact one of the major reasons to graduate from 5.7 for many people.\nTLDR We learned:\nYour programming languages utf8 is called utf8mb4 in MySQL. utf8 and utf8mb4 sort differently due to changes in the Unicode Collation Algorithm (UCA). Indexes are physically materialized sort orders of column sets. They can become pretty large. MySQL never changes character sets or collations, even if they are buggy. Instead a new collation with a new name is created. That is, because changing a sort order may require dropping and recreating an index, which is expensive if the index is large. Sorting things can be done in different ways, depending on data set size, column size and other considerations. Implementation details can make sorting even more complicated. MySQL 8 is a worthwhile upgrade. Databases manage state so you don\u0026rsquo;t have to. If you think databases are complicated, consider what you would have to do if the database and your DBA would not be there for you. ","date":"2022-01-12T00:00:00Z","href":"https://blog.koehntopp.info/2022/01/12/utf8mb4.html","tags":["lang_en","mysql","mysqldev"],"title":"UTF8MB4"},{"categories":null,"content":"This is the english version of an older text in German Computer scientists are weird. In their science there are a few rules that sound wrong when you hear them first, but make a lot of sense if you think about them. Some of them are making sense even outside of computer science.\nOne of those rules is\nNever check for an error condition you don\u0026rsquo;t know how to handle. When you encounter this the first time that sounds very questionable. There are known error conditions in my program that I know they can happen, and I should not check for them?\nIf you read that left to right, that\u0026rsquo;s exactly what it means. Let\u0026rsquo;s have a look at an example and try to understand what goes on. Here is a very simple case: I could try to allocate memory from the operating system and that can fails.\nchar *p = NULL; if ((p = malloc(someSize)) == NULL) { what_now(); } That is a very typical situation. For example, why does the library function malloc() not check itself for p == NULL and handles this case? Because it does not, I have to do that every time and must not forget that in a single case.\nIndeed, most programs have a function safe_malloc(), which wraps malloc() and more or less looks like the example above. The point being that each program has their own implementation of what_now(), because the desired behavior is specific to the application and cannot be provided by the library.\nOne could argue that malloc() should internally call a what_now(), and each library user would have to provide an implementation for that. But that would proscribe a certain mode of usage for malloc(). The solution that malloc() does not do the check, but only signals the error, is the most flexible solution \u0026ndash; and hence suitable for a library function, because it leaves the choice to the user. It provides mechanism, but not policy.\nSide thought: That\u0026rsquo;s one of the main differences between a library and a framework. Libraries provide mechanism, but do not enforce a policy. They do not proscribe a default way of working with problems. Frameworks are opinionated, and have been designed with a specific way of working in mind, and provide policies that are considered default solutions in the context of the framework.\nSide side thought: Kernel, libraries and frameworks are all infrastructure, and as all infrastructure they are being judged by how they fail. In this case: What solutions exist to bypass the policy in a framework, if the policy does not fit. \u0026ldquo;How can I have queries in RoR that bypass Active Record \u0026rdquo; is one example. How free of policy is this library? Is it just a mechanism or is there an obvious or hidden intention, a policy?\nA library ideally supplies just a mechanism, but that makes it mandatory for the developer to think about a policy for error handling and how to implement it. That\u0026rsquo;s a relatively obvious point, but one that in my experience is not taught sufficiently. If it wasn\u0026rsquo;t, we\u0026rsquo;d have less bad code in many projects. And I do not want to limit myself to the tons of toxic PHP-MYSQL that fire queries at a database without checking for errors at all.\nThe point is rather that a missing policy for error handling requires that you provide one in the application (or at least some minimal standards in the application). Some programming environments have a name for such an informal construct: A convention, a contract between library developer and application developer that is informal and not enforced by the mechanisms of the language. The convention is also often unspoken, or not made explicit enough in the documentation of the library. And hence taught insufficiently, and then implemented insufficiently.\nBut you can take the sentence\nNever check for an error condition you don\u0026rsquo;t know how to handle. and read it backwards. What exactly does it mean to handle an error condition? Specifically, if the error happens, what are our options and what is the desired failure mode? What is supposed to happen?\nGoing back to the malloc() above: When that happens, the operating system can\u0026rsquo;t or won\u0026rsquo;t give us more memory. We don\u0026rsquo;t know why, so we have to assume the worst. That is: memory is full, nobody gets any memory any more. In fact, there could be another program that permanently allocates more memory. So even if we gave memory back to the operating system, we wouldn\u0026rsquo;t get it back when trying to reserve it.\nSo handling this error means that we already have all memory required to recover from the situation before the error happens. That\u0026rsquo;s a really complicated situation, and too complicated for most application developers when we force them to think about it. At the point in time when this happens they are usually busy with completing the non-failing, actually function path of the application before they are ready to turn to failure modes and their code paths.\nSide thought: This is another main reason for bad code: We force developers to think about failing code paths at the wrong point in time. They really want to write programs that work well. But we shouldn\u0026rsquo;t bother them with failure handling right when they are busy with completing the money earning part of the code.\nIf we bother devs at the wrong moment in time, we get error handling like this at best:\nchar *p = NULL; if ((p = malloc(someSize)) == NULL) { exit(ENOMEM); // out of memory error } Well, at least they checked for an error. Maybe there are even some atexit(3) handlers stacked that will try to clean up, but did you ever see any of those?\nIf you see code like this, it is screaming at you \u0026ldquo;Yes, yes, I know, but I am really busy now with other things. Go away!\u0026rdquo;.\nAnother common problem is that we need to check for the error at the lowest level, but need more context at the higher levels of our code to handle it properly. Sometimes there is not even a contract on how errors are being bubbled up to the next layer without losing information. The interiors of the MySQL codebase used to be a prime example of that. You could find code that mapped error codes similar to\nint errcode = doSomeThing(); switch(errcode) { case 1: case 2: case 3: return E_THIS; break; case 4: return E_THAT; break; } This is taking detailed internal error codes and flattens them into larger categories, losing detail. Sometimes a higher level handler has more context, but no longer sufficient detail to decide what exactly went wrong at the lower layers.\nThe rule\nNever check for an error condition you don\u0026rsquo;t know how to handle. means we need to discuss things.\nDiagnosis: Capture the error. Formulate a test which at some point in the code checks that we have a problem and distinctively signals which error that is. Policy: Determine the desired behavior for handling the error, that is, have a policy that explains how to handle the error. Context: Decide where in the stack the error can be handled best, or if we need to escalate. When we escalate, make sure an escalation is expected at the higher layer and check for their policy. They need to have one. Also make sure the escalation does not lose detail. This is useful outside of computer science. The original trigger to write this article in 2009 was a discussion about a 911-button (110-Taste) in a web browser. \u0026ldquo;If you see something, say something\u0026rdquo;: If you find web pages that contain things that may be relevant for law enforcement, have a way to call for help.\nThat\u0026rsquo;s a very german and very 2009 idea, but suppose you want that: Coding that is easy, right? A button in a browser that raises an alarm somewhere should be very few lines of code in an extension.\nThe real problem - and that is not a code problem - is the what_now(). What is supposed to happen with that alarm signal. That\u0026rsquo;s a process question, that is WHO needs to talk WHEN with WHOM about WHAT? What information needs to be sent when the button is pressed and what reaction is then expected?\nDo we build a central emergency call center? Do we transport location and identity information together with the call, if that is necessary? If so, how?\nWhat other information is necessary to provide context? The current URL? The persistent state of the browser, with all bookmarks, the history and so on? The volatile state of the browser, eg with all active spywat, but also all legit variables? The whole state of the computer, processlist, memory and program information, installed software and so on?\nHow is that call then handled and classified?\nWhat are standard reactions to verified and classfied emergency escalations? Can the emergency call center take over the computer and extract further information and do a full forensic analysis? Can they write and change the state of the machine to help? Or can they just call back, and request a read-only screen sharing session to talk the user through the emergency?\nWhat taxonomy of emergencies do we build, and what are the required steps to verify a case?\nDo we plan for proactive intervention, when we register a spike in incidents of a certain type (ie a computer virus outbreak)? Do we have a problem management and change managent on top of our incident management that would want to and be able to prevent a large scale situation in the field? In the case of an outbreak, for example, by forcing patches on all machines?\nHow do we build the technical and legal framework for this? How do we build the organisation for this? How to we enforce the technical changes required to be able to do this? Do we make the installation of some software mandatory to be able to be on the Internet? How do we protect this infrastructure against abuse?\nThe check was easy \u0026ndash; an emergency call button in a browser.\nThe work is in the handling, which can be \u0026ldquo;somewhat involved\u0026rdquo;. But these are details that are gracefully elided in the discussion when politicians demand such a button. That\u0026rsquo;s providing quite simplicistic discussions: Why do we not have such a button in every browser already?\nCan\u0026rsquo;t be that hard, right?\n","date":"2022-01-10T00:00:00Z","href":"https://blog.koehntopp.info/2022/01/10/never-check-for-an-error-condition.html","tags":["politik","security","lang_en"],"title":"Never check for an error condition you don't know how to handle"},{"categories":null,"content":"Und das neue Jahr beginnt für uns mit einem Minecraft-Server, auf dem wichtige Personen, die sich nichts haben zuschulden kommen lassen, plötzlich gebannt sind.\nNach einem Unban an der Console: Der Spawn, der Eintrittspunkt für neue Spieler, ist komplett verwüstet.\nWir haben tägliche Backups, sodass das schnell behoben ist. Bleibt die Frage, was passiert ist.\nGehackt Unter den Spielern ist die Frage schnell geklärt: \u0026ldquo;\u0026lt;user\u0026gt; wurde gehackt.\u0026rdquo;\nEs stellt sich raus:\n\u0026ldquo;\u0026lt;user\u0026gt;\u0026rdquo; bekommt einen Free Nitro Spam . Er klickt darauf. Er wird gebeten, \u0026ldquo;FreeNitro.exe\u0026rdquo; zu installieren und macht das, startet dann das .exe. Sein Rechner macht ein Dutzend Fenster auf, rappelt los, und geht am Ende aus (und bleibt aus). Im Rahmen des Exploits wurde er gebeten, seinen Minecraft Login und seinen Discord Login mit Passwort anzugeben, was er dann auch brav tat. Zwei-Faktor-Authentisierung hat er nicht benutzt.\nImpact Nur Minecraft Den ersten Minecraft-Server für unser Kind und seine Freunde hatten wir daheim. Das ging gut: Die Maschine hat 8 Cores, 32 GB Speicher und ist sowieso an, weil sie Dinge im Haus tut. Die Anbindung ist mit Glasfaser und fester IP auch überaus zufriedenstellend.\nAls der ganze Server größer wurde, habe ich mit externen Anbietern herumexperimentiert und am Ende einen VPS besorgt. Wichtig dabei ist nur, daß es eine Maschine ist, die nicht zu Hause steht, auf der nichts als Minecraft läuft und die keine Vertrauensbeziehung in irgendeiner Form mit anderen Maschinen von uns hat.\nDas hat sich nun bezahlt gemacht.\nRestore Wir haben auf dem Server daheim ein tägliches Backup: Der Minecraft-Server wird einmal pro Tag aus dem Internet nach Hause kopiert. Das ist ein Pull, d.h. wir loggen uns auf dem Minecraft-Server ein und nicht der Minecraft-Server daheim.\nWir heben die Backups 30 Tage lang auf und das Backup vom 1. jeden Monats unlimitiert.\nDadurch konnten wir das gesamte Minecraft-Verzeichnis zur Seite bewegen, und dann aus dem Backup vom Vortag wiederherstellen. Das hat 2 Minuten gedauert.\nLogs Das alte Verzeichnis liegt noch vor. Dort sind auch die Logs vom Vorfall.\nDer Vorfall spielt sich so ab: Der kompromittierte Account von \u0026lt;user\u0026gt; loggt sich ein und fängt an, /lp Kommandos für das LuckPerms-Plugin zu senden. Er listet alle User mit Rechten, und kickt und bannt diese dann. Danach entzieht er ihnen Rechte.\nDas Plugin WorldEdit ist installiert und der Account von \u0026lt;user\u0026gt; teleportiert sich auf den Spawn und fängt dort an, mit grossflächigen Brushes umzudekorieren. Das Vorgehen sieht jedoch nicht systematisch und auch nicht schnell aus: Die Aktion dauert beinahe 30 Minuten. Das spricht nicht für einen gescripteten Angriff, und ist inkonsistent mit meinem Bild von einem \u0026ldquo;Free Nitro\u0026rdquo; Scammer und Angreifer.\nDas Logbuch des Serves und der mit debsums verifizierte Zustand des Systems macht eine Reinstallation von allem vermutlich nicht notwendig. Es genügt, mit dem Stand aus dem Backup weiterzufahren. Das ist angenehm: Zwar ist der Server vollständig ansibilisiert und mit dem Backup in weniger als 30 Minuten aus einer kompletten Neuinstallation wiederherzustellen, aber wenn das nicht notwendig ist, ist das angenehm.\nDer User Der betreffende User hat Accounts auf Dutzenden von Minecraft-Servern. Als engagierter und intensiver Spieler oft mit Sonderrechten. Alle diese Server sind beschädigt, viele weniger automatisiert als unserer.\nAccount-Recovery ohne 2FA ist schwierig. Account-Recovery bei gleichem Paßwort für Minecraft und die Recovery-Mailadresse unmöglich. Daraus folgt, daß man seine Recoveryadresse für den Minecraft Account eventuell nicht bei Hotmail haben sollte. Daraus folgt auch, daß man Kindern Passwort Re-Use gar nicht früh genug aberziehen kann.\nMaßnahmen und Fazit Wir verlangen in Zukunft für alle Benutzer mit Rechten auf dem Server oder im Discord zu beweisen, daß sowohl ihr Minecraft (Microsoft) Account als auch ihr Discord-Account mit Zwei-Faktor-Authentisierung gesichert sind. Das wird helfen, den Schaden von solchen falschen Klicks zu minimieren und Accounts recoverbar zu machen.\nDie Analyse der Logfiles war hilfreich bei der Rekapitulation der Vorgänge, und um das Ausmaß des Schadens und den Reifegrad des Angreifers zu bestimmen.\nEinen externen, nur für Minecraft verwendeten Server zu nehmen, der nicht im Heimnetz steht, war sinnvoll und hat sich bezahlt gemacht.\nDer Vorfall ist ein gutes Werkzeug, um der Spielergruppe zu erläutern, wieso Accountsicherheit wichtig ist und wie man sich gegen solche Angriffe verteidigt.\n","date":"2022-01-01T00:00:00Z","href":"https://blog.koehntopp.info/2022/01/01/and-a-happy-new-hack.html","tags":["lang_de","gaming","microsoft","minecraft"],"title":"... and a happy new hack."},{"categories":null,"content":"Nachdem mich jetzt das dritte Paar computer-affiner Eltern mal gefragt hat, was man denn braucht, sobald der Nachwuchs sich \u0026ldquo;Minecraft\u0026rdquo; wünscht, hier der Aufschrieb zum Thema.\nMinecraft ist ursprünglich von der schwedischen Firma Mojang in Java entwickelt worden. Der Eigner, Markus \u0026ldquo;Notch\u0026rdquo; Persson, hat das Spiel und die Firma Mitte 2014 auf Twitter zum Verkauf angeboten, und Microsoft hat die Firma gekauft.\nSpiel zu verkaufen - Minecraft ist auf Twitter angeboten worden. Jeder mit dem notwendigen Kleingeld \u0026ndash; 2.5 Milliarden USD \u0026ndash; konnte zuschlagen.\nTechradar hat mehr zur Geschichte von Minecraft .\nJava und Bedrock-Edition Eine der Aktivitäten von Microsoft war, das Spiel in C# neu zu schreiben. Dies ist die Bedrock-Edition, im Gegensatz zur Java-Edition des Originalspiels.\nBedrock und Java sind nicht kompatibel, es gibt kein Crossplay, und die beiden Spiele werden nicht parallel entwickelt. Es sind für alle praktischen Zwecke zwei verschiedene Spiele.\nMan will unbedingt und ausschließlich die Java-Edition kaufen. Die Bedrock-Edition ist steril: Erweiterungen für den Client und den Server werden von Microsoft verkauft. Als Entwickler muss man sich anmelden, Verträge unterschreiben und Gebühren managen. Es gibt deswegen praktisch keine Mod-Scene, sondern nur abgepacktes Gameplay.\nNiemand spielt Bedrock, und wenn Dein Kind von Minecraft redet, meint es die Java-Edition .\nDie Maskottchen und default Skins: Steve und Alex.\nDie Java-Edition ist extrem lebendig, genau genommen ein unregulierter Dschungel. Hier gibt es viele nette Leute, die spannende Dinge machen, und ein paar sehr dunkle Ecken. Das ist aber im Grunde kein das Spiel verderbendes Problem, sondern eine gute Gelegenheit, gleich auch ein wenig Medienkompetenz und Grundlagen der Sicherheit zu vermitteln.\nWas wird gespielt? Minecraft ist ein Spiel, das für Kinder ab 8 interessant ist. Es ist zunächst einmal eine Art virtuelles Lego im Anzug eines Survival- und Crafting-Spieles: Die Spieler müssen in einer Welt aus Blöcken erkunden, Ressourcen sammeln, aus den Ressourcen Dinge bauen und dabei die Nacht überleben. Das ist nicht unbedingt einfach, denn in der Nacht kommen verschiedene Monster, gegen die man nur bestehen kann, wenn man tagsüber einen Unterschlupf gebaut und Ausrüstung gewonnen hat.\nDie Overworld, die normale Welt, hat verschiedene Klimazonen (\u0026ldquo;Biome\u0026rdquo;), in denen unterschiedliche Ressourcen zu finden sind.\nDas Spiel hat eine marginale Story, im Laufe derer die Spieler weitere \u0026ldquo;Welten\u0026rdquo; entdecken und durch Portale betreten können: der Nether und the End. Das ist jedoch im Grunde alles nebensächlich, weil es in der ersten Iteration darum geht, mit Freunden zusammen aus Klötzen Dinge zu bauen.\nHardware-Anforderungen Wegen der Zielgruppe hat das Spiel (mindestens bis Version 1.14.4) praktisch keine Mindestanforderungen an die Hardware. Wortwörtlich jeder abgelegte Kartoffelcomputer kann Minecraft irgendwie ausführen \u0026ndash; Probleme entstehen vermutlich erst, wenn eine IDE (siehe unten) oder ein Videoschnitt-System oder Streaming-Support dazu kommen. Wie dem auch sei: Das schließt ein 2009er MacBook Pro, einen Raspi 4 und circa jede Intel-Büchse der letzten 10 Jahre ein. Weil es Java ist, funktioniert das alles mit demselben Spiel.\nWegen der Modding-Community (dazu unten mehr) gibt es praktisch auch keine Höchstanforderungen an die Hardware: Wenn man Raytracing Renderer installiert hat, reizt das Spiel auch eine Nvidia RTX 3090 voll aus.\nMinecraft Standard und mit einem Raytracing Render Mod auf einer Nvidia RTX. Was ein paar hingeworfene Kissen ausmachen\u0026hellip;\nMinecraft ist eine Client-Server-Anwendung. Ein oder mehr Spieler verbinden ihre Clients mit dem Minecraft-Server und bespielen dann zusammen diese Welt. Spielt man \u0026ldquo;offline\u0026rdquo;, startet der Launcher im Hintergrund einen lokalen Server auf dem Laptop, und verbindet den Client im Einzelspielermodus mit dem Server.\nIm Onlinebetrieb verbindet man sich mit einem zentralen Server, der von irgendjemandem betrieben wird, und spielt dann dort mit anderen. Das sind im Zweifel echt viele Spieler \u0026ndash; auf einem öffentlichen Server irgendwelche Personen irgendwelchen Alters. Auf einem privaten Server ist es so, wie immer es die Zugangs-Policy des Servers definiert.\nKein Minecraft ohne Discord, kein Login ohne 2FA Öffentliche Server gibt es viele, die verschiedenen Serverlisten zeigen um eine halbe Million Serverinstallationen an. Die meisten sind relativ kleine Communities mit beschränktem Zugang, einige sind sehr grosse öffentliche Installationen. Besonders hervorstechend ist Hypixel , einer der am besten gewarteten und entwickelten öffentlichen Server.\nZu jedem öffentlichen Server gehört dieser Tage auch immer ein Discord (früher war das Teamspeak). Der Hypixel Discord ist zum Beispiel hier .\nDiscord ist ein Hoster für Text-, Sprach-, Video-Chat und Game-Streaming. \u0026ldquo;Ein Discord\u0026rdquo; ist ein geschlossener (zunächst kostenloser) virtueller Chatserver mit verschiedenen Kanälen für Text- und AV-Chat.\nMit einem einzelnen Discord-Login kann man Zugang zu einer Reihe von Communities unterschiedlicher Größe bekommen. Es ist also sinnvoll, mit dem Java-Minecraft-Account auch noch gleich einen (kostenlosen) Discord-Account zu erstellen.\nDabei ist es extrem sinnvoll, diesen Zugang (wie auch den Microsoft-Zugang) mit 2-Faktor-Authentisierung abzusichern und das Kind gleich von Anfang an zu 2FA zu erziehen. Warum ist das so? Dazu hier ein kleines Erlebnis .\nWas wird eigentlich gespielt? Nach einer Weile Spiel wird das Kind weitere Wünsche und Fragen haben, weil das Spiel selbst nicht der primäre Inhalt von Minecraft ist.\nMinecraft ist ein kollaboratives Multiplayer-Spiel, das von den Spielern selbst verändert wird, indem diese Mods (Client-Erweiterungen) und Plugins (Server-Erweiterungen) erstellen. Das heißt, sehr bald kommen die folgenden Fragen und Probleme:\nEs gibt Streit, weil verschiedene Spielstile und Wünsche sich gegenseitig ausschließen, und weil mitunter Arschlöcher dabei sind. Ein Repertoire von Verhaltensweisen zur Konfliktlösung muss eingeübt werden. Es gibt den Wunsch nach einem eigenen Server, der bezahlt und irgendwo installiert werden muss. Der Wunsch nach Taschengeld muss mit konkreten monatlichen Kosten vereinbar gemacht werden. Es gibt den Wunsch, den Client zu modden. Dazu sind besondere Tools auf dem lokalen Rechner notwendig, da weder Client noch Server nativ eine Moddingschnittstelle haben. Es gibt den Wunsch, besondere Spielmomente mit anderen zu Teilen. Die Frage nach Youtube und Twitch (konsumierend und erstellend) kommt auf, und es braucht Regeln (was, ab wann, Stimme, Gesicht zeigen, Namen nennen, und andere Verhaltensregeln). Es gibt den Wunsch, eigene Mods oder Plugins zu programmieren. Der Wunsch nach Java lernen, einer IDE und Hilfe von den Eltern kommt auf. Der Reihe nach\u0026hellip;\nStreit um Minecraft Minecraft kann man kooperativ (PvE, wir gegen die Monster) oder kompetetiv (PvP, Spieler gegeneinander) spielen. Auch bei kooperativem Spiel kann es Probleme geben: Wir hatten bisher\nVandalismus (Spieler zerstören die Bauten anderer Spieler auf einem Sandkasten-Bauserver), Spieler fühlen sich ausgeschlossen oder zu wenig beachtet (\u0026ldquo;Niemand hört mir zu oder lässt mich aussprechen\u0026rdquo;), destruktive Verhaltensweisen und emotionale Erpressung (\u0026ldquo;Wenn Du nicht x für mich machst, spiele ich nicht mehr mit Dir\u0026rdquo;), und inkompatible Spielziele. Das ist alles kein Beinbruch und nicht unerwartet. Es macht es aber notwendig, daß man sich mit der ganzen Runde zusammensetzt und miteinander redet. Auch dazu ist der Discord sehr nützlich.\nMinecraft Server können als PvE und PvP Server konfiguriert sein. Mit Plugins sind auch Welten mit besonderen PvP-Varianten möglich, \u0026ldquo;Bedwars\u0026rdquo; (\u0026ldquo;Capture the Flag\u0026rdquo;, hier ein Bett) und Variationen zum Thema \u0026ldquo;Among Us\u0026rdquo; sind sehr populär. PvP muss also nicht zwingend First-Person-Shooter Spiel sein.\nWeder im PvE noch im PvP fließt Blut. Es kommen Schwerter und Bogenwaffen vor, keine Gewehre. Die Grafik ist auch mit Render-Plugin immer blockig-pixelig, und es sind keine Details erkennbar.\nBisher hatten die meisten bei uns erlebten Probleme ihren Kontext eher im PvE-Umfeld als im PvP Umfeld.\nEin eigener Server Es gibt irgendwo auf der Minecraft-Site einen vom Client getrennten Server zum Herunterladen. Dieser Server ist langsam und buggy. Niemand verwendet ihn, außer als Grundlage für etwas Richtiges.\nStattdessen durchläuft man den Installationsprozeß von Bukkit oder Spigot . Dies setzt eine Maschine mit ausreichend Kernen und Speicher sowie einem installierten headless OpenJDK voraus.\nBukkit ist ein minimal veränderter Vanilla-Server und eher eine Demo für den Reverse Engineering und Patching Prozess. Spigot ist ein auf Performance optimierter und weiter aufgehackter Bukkit, und eher die Version die man installieren will. PaperMC ist ein weiterer Zweig, basierend auf Spigot, und noch klarer auf Performance optimiert. PaperMC unterstützt jedoch anders als Spigot nur die beiden neusten Versionen von Minecraft aktiv. Wer älteres Minecraft verwenden will oder muß wird mit PaperMC nicht glücklich. Der Installationsprozeß ist dabei ein wahres Wunderwerk an Installationsautomation: Er lädt den originalen Minecraft-Server herunter, ein obfuscated JAR. Dies wird dann dekompiliert und mit einer Symboltabelle deobfuscated. Dadurch entsteht ein reproduzierbarer lesbarer Sourcetree, der dann gepatcht wird. Der resultierende Sourcetree wird dann compiliert, zusammengepackt und ein neues Server-JAR entsteht. Dies ist dann die Grundlage für den eigenen Serverprozeß.\nDer ganze komplizierte Prozess klingt komplett haarsträubend, ist ein aber vollautomatischer Vorgang, der ausgesprochen reibungsfrei abläuft. Der gepatchte Serverprozeß ist gegenüber dem Originalserver deutlich ärmer an Fehlern, um Größenordnungen schneller und hat eine dokumentierte und stabile API für Server-Erweiterungen (Plugins).\nZum Server gehören auch noch eine eula.txt\n~minecraft/bukkit $ cat eula.txt #By changing the setting below to TRUE you are indicating your agreement to our EULA (https://account.mojang.com/documents/minecraft_eula). #Mon Aug 19 17:04:21 CEST 2019 eula=true und eine etwa längliche server.properties-Datei, die die eigentliche Konfiguration des Basis-Servers darstellt.\nDem Serverprozeß wird reichlich Speicher gegeben, aber trotz der großen Anzahl von Plugins liegt die effektive Prozeßgröße bei circa 3 GB (aber es laufen 84 Java-Threads).\nDer Serverprozeß ist ursprünglich recht klein, aber wenn man den Server mit Plugins vollstopft nach oben offen. Andererseits liegt ein Strato VPS mit 8 Kernen und 32 GB Speicher bei monatlich kündbaren 17 Euro und ist reichlich überprovisioniert für die Aufgabe. Irgendwo zwischen dieser Größe und einem Raspi 4 findet man sicherlich was Passendes.\nWer den Server nicht selbst installieren will, nimmt sich einen Servermanager \u0026ndash; es gibt viele mit zweifelhaftem Code und bunten Panels, und es gibt minectl . Ich nehme einfach ein Shellscript:\n~minecraft/bukkit $ cat starter.sh #! /bin/bash -- TIME=30 DIR=/home/minecraft/bukkit SERVER=$(basename $DIR) cd $DIR while : do java -Xmx8192M -Xms3072M -Xss1m -jar $DIR/server.jar nogui echo \u0026#34;$SERVER: Java stopped or crashed. Waiting $TIME seconds...\u0026#34; sleep $TIME done Clients managen Wie auch der Server ist der Minecraft-Client eigentlich nicht erweiterbar. Der Minecraft Launcher erlaubt immerhin die Verwaltung mehrerer Versionen, legt einen aber auf ein bestimmtes JDK fest (je nach Version auf ein anderes).\nBastelt man intensiver am Client rum, hat man aber schnell das Problem, bestimmte (andere) JDK-Versionen verwenden zu müssen, den Client mit einer Mod-API modifizieren zu müssen oder unterschiedliche Mod-Konfigurationen für verschiedenen Gruppen und Aufgaben zu haben. Das Werkzeug der Wahl für die Client-Verwaltung ist MultiMC .\nEs erlaubt es, das Spiel mit einem anderen, moderneren JDK auszuführen und unterschiedliche Spieler-Accounts zu verwalten. Es automatisiert auch analog zum Server-Build, den Client automatisiert zu dekompilieren und zu patchen, um ihm eine stabile Mod-API zu verpassen. Populär sind Forge und Fabric, die direkt von MultiMC integriert werden. Danach kann man den Client dann mit Mods voll laden.\nMultiMC mit einer Instanz von Minecraft 1.14.4 und installiertem Fabric. Zu neue Minecraft-Versionen werden von der Mod-Community noch nicht voll unterstützt, zu alte nicht mehr. Die 1.14-Serie hat im Moment gute Kompatibilität.\nMit den Mods und Plugins sollte man unbedingt mit dem Kind Vereinbarungen treffen. Je nach Lebenserfahrung und Verständnis von Werten kann das Kind hier leicht ein Opfer von Scam, Abzocke und Phishing werden. Auf der anderen Seiten kann man mit dem Kind, sobald es fragt oder sich die Gelegenheit bietet, über Merkmale von vertrauenswürdigen und seltsamen Webseiten reden und am Beispiel erklären, was eine Seite komisch aussehen lässt.\nAuch wenn man dem Kind zuhört, bieten die Geschichten von anderen und wie es ihnen ergangen ist, viele Haken und Themen, an denen man erklärend ansetzen kann, oder die man zum Anlass nehmen kann, gemeinsam nachzusehen und darüber zu sprechen, wie ehrliche und unehrliche Angebote aussehen. Einige alternative Clients bieten Anti-Cheat-Möglichkeiten durch Totalüberwachung des Clients an. Auch hier kann man einhaken, Regeln setzen und erklären, warum zum Beispiel dauernd laufende Hintergrundprozesse, Gerätetreiber, die Tastendrücke überwachen und andere Kontrollmaßnahmen ein No-Go sind.\n\u0026ldquo;Content\u0026rdquo; konsumieren und produzieren Der ganze Teil der Community, der sich mit Plugins und Mods beschäftigt, dokumentiert und bildet aus. Das geschieht in der Regel nicht nur geschrieben im Wiki, sondern auch mit Tutorials auf Youtube, Twitch und GitHub. Sobald das Kind hier aktiv wird, wird man wieder Accounts machen müssen (2FA!). Und ja, das heißt vermutlich auch GitHub.\nWir haben die Vereinbarung, daß wir die Accounts machen, und daß wir allen Content zu sehen bekommen, bevor er veröffentlicht wird. Es ist okay, Bildschirme zu zeigen und zu sprechen. Gesichter und reale Namen und Adressen sind tabu: Es werden nur Avatare gezeigt und nur Handles benutzt.\nDie Vereinbarung, Plugins und Mods vor der Installation zu sehen zu bekommen hat sich nicht bewährt: Es ist also damit zu rechnen, daß der Server oder der Client verloren gehen. Eine Recovery-Strategie, etwa \u0026ldquo;der Server kann mit Ansible neu gemacht werden\u0026rdquo; und \u0026ldquo;es läuft nachts um 3 ein automatisches Backup\u0026rdquo; für den Server ist erfolgversprechender. Auch für den Client (\u0026ldquo;verwende Time Machine\u0026rdquo;, \u0026ldquo;Hier ist ein Acronis\u0026rdquo;) ist das notwendig.\nWegen COPPA läuft man Gefahr, Accounts bei US-Anbietern zu verlieren, wenn man nicht über das Geburtsjahr lügt \u0026ndash; das Kind muss über 13 Jahre alt sein, um legal einen Account haben zu können. Anbieter, die Kinder unter 13 nicht komplett ablehnen, schränken die Accounts oft funktional bis zur Nutzlosigkeit ein. Mit einem regulären Account, ein wenig partnerschaftlicher Aufsicht, und einer Lüge bei der Altersangabe fährt man in der Regel weitaus besser als mit verdummten Accounts.\nFalls das Kind selbst Content produziert ist das Risiko den Account zu verlieren oder gesperrt zu bekommen noch höher. Daher sollte man den privaten Account und den publizierenden Account des Kindes strikt trennen, sodaß bei einer Sperrung nicht die Kontakte, private Mail und alle Kommunikationsmöglichkeiten mit weg sind. Über Chrome Browser User Profiles kann man das schnell und bequem umschalten, und das Kind lernt gleich noch OpSec und sich selbst geschickt zu publizieren.\nIt\u0026rsquo;s complicated , und danah boyd ist immer lesenswert.\nSelber programmieren Minecraft ist eine Einstiegsdroge für die Programmierung. Das Potenzial für die Selbstmotivation ist enorm, und der Support in der Community gewaltig.\nFür JetBrains IntelliJ existieren ganz ausgezeichnete Plugins für Server-Plugins und Client-Mods: Minecraft Development unterstützt Bukkit, Spigot und PaperMC sowie einen Haufen weiterer populärer Servervarianten.\nIntelliJ selbst ist stabil (Eclipse meiner Erfahrung nach nicht) und hat einen sehr überschaubaren Ressourcenverbrauch: ~2 GB maximale Prozeßgröße, realer Verbrauch oszilliert von 512 MB bis 1024 MB.\nFazit Maschine zum Spielen bereitstellen. Ein abgelegtes Mac oder Windows-Notebook tun sicher, die kommende Java-IDE wird die Maschine eher an die Grenzen bringen als das Spiel. Minecraft Java Edition kaufen. Oder den Gamepass holen \u0026ndash; Minecraft ist seit kurzem in der Java und in der Bedrock Edition Teil vom Gamepass. Den dazu notwendigen Microsoft-Account mit 2FA sichern. Einen Screenshot vom 2FA QR-Code offline (USB-Stick?) archivieren. Discord Account machen. 2FA aktivieren. Den QR-Code sichern. Discord installieren. Java installieren. Man will OpenJDK, nicht Oracle, und man will vermutlich JDK 11, 16 oder 17 (das hängt später ein wenig von den Mods ab). MultiMC installieren. Es kann sein, daß gleich nach dem Download beim ersten Run ein Upgrade angeboten wird. Annehmen. Sicherstellen, daß das gewünschte JDK gefunden wird. Dadurch wird nicht das steinalte Default-Download-JDK verwendet. Minecraft (Microsoft Account eintragen) eintragen. Spiel-Instanz erzeugen. Forge oder Fabric installieren. Danach erst die Mods zufügen. Server mit externen Spielern nicht daheim betreiben: VPS oder ähnlich besorgen. Installation ansibilisieren. Backup einrichten und Restore testen. Server Buildprozess durchlaufen lassen, resultierendes Binary ansibilisieren. Server in Betrieb nehmen, Zugang kontrollieren. Zusammen mit dem Server auch gleich eine virtuelle Discord-Serverinstanz für die Spieler einrichten. Selbst Owner vom Dicord bleiben: Kind so weit entrechten, daß es den Server noch moderieren kann, aber nicht kaputt machen. Das Kind wird vermutlich bald selbst eine 2. Discord-Instanz ohne Eltern einrichten. ","date":"2021-12-20T00:00:00Z","href":"https://blog.koehntopp.info/2021/12/20/dein-kind-will-minecraft-spielen.html","tags":["lang_de","gaming","microsoft","minecraft"],"title":"Dein Kind will Minecraft spielen"},{"categories":null,"content":"Dieser Artikel basiert auf einem Twitter-Thread und ist in deutscher Sprache als Heise Kommentar erschienen.\nÜber den Java-Slogan \u0026ldquo;Write Once, Run Everywhere\u0026rdquo; wurden schon viele Witze gemacht. Den log4j-Exploit behandeln viele nun wie einen Bug – das ist er nicht.\nEine kritische Lücke in der Java-Bibliothek Log4j beherrscht gerade die Schlagzeilen. Die IT-Welt ruft \u0026ldquo;Warnstufe Rot\u0026rdquo; aus – weil offenbar der log4j-Code JNDI-Variablenexpansion vornehmen kann. Doch was ist JNDI? Jindi al Dap ist der Name eines alten arabischen Philosophen und Mathematik-Pioniers, der für Sun/Oracle gearbeitet hat, um ein System von Directory Lookups in Java zu entwickeln. Dieses System lädt irgendwie Code aus dem Internet nach. Aber selbst, wenn man länger auf das Systemdiagramm starrt, erkennt man nicht unbedingt sofort, an welcher Stelle sich der Java CLASSPATH so erweitert, dass er das gesamte Internet umfasst:\nSystemdiagramm des JNDI Subsystems von Java, aus der Dokumentation .\nNichts ist jemals simpel. Das ist so, weil in Java nichts jemals simpel ist. Java Code ist unstrukturierter trockener Staub von Codefragmenten in Klassendateien, die inert in keiner Weise miteinander interagieren. Erst mit den passenden Factories, Delegates, Generators und ClassLoaders werden sie instanziiert und zusammengesetzt. Der entstehende Haufen an Querverweisen führt dann nur zufällig irgendwann einmal tatsächlich wirksamen Code aus. Man könnte jetzt auf die Idee kommen, eine IDE mit integrierter syntaktischer Codesuche zu verwenden, um diesen Quelltexthaufen in Form zu bringen und zu verstehen. Aber das ist vergebens: Auch mit der gesamten Codebasis und einem Index darauf kann man nicht vorhersagen, was eine gegebene Java Codebase tun wird, wenn man sie startet.\nEs braucht auch noch Konfigurationsdateien. Diese sind ein weiterer Haufen \u0026ndash; Properties-Dateien \u0026ndash; in einem vorsintflutlichen Vorläufer von YAML geschrieben: XML. Oder jedenfalls, das ist es, was wir denken sollen: Mit den Properties und der Codebasis können wir endlich versuchen zu verstehen, was Java tut. Und das wäre auch beinahe so, aber JNDI ist genau angetreten, dieses Problem zu beheben: Directory Lookups! Statt also die Anwendung und ihre Konfiguration zu paketieren, und dann die Pakete in Produktion zu installieren, können wir nun mit JNDI die Konfiguration vom Netz lesen. Das heißt, die eigentlichen Konfigurationsdateien, die uns sagen, was die Anwendung tut sind\u0026hellip; nicht mehr da. Fortschritt!\nDas stellt sicher, dass uns niemand mehr hacken kann, weil niemand den Code mehr versteht: Wichtige, zum Verständnis der Codebasis notwendige Informationen sind versteckt in einem Verzeichnisdienst, und wir wissen nicht mal welcher. Aber wir können das noch einen Schritt weiterspielen: Der Code, der den Directory Lookup vornimmt, ist auch nicht da, nur ein Bootstrap: Event and Service Provider Packages .\nLaut Dokumentation können wir Objekte aus der Nameing API bekommen und dort hinein serialisieren. Wir bekommen also Printer-Objekte mit Printer-Methoden aus dieser API, wenn wir danach fragen.\nDank JDNI SPI können wir also Java Classfiles von einem LDAP-Server ausliefern lassen, die angeblich ein Printer-Object generieren, wenn wir nach einem Printer fragen \u0026ndash; dann aber stattdessen Doom installieren. Oder einen Kryptominer oder Verschlüsselungstrojaner. So geht Enterprise Security!\nWrite Once, Run Everywhere! Der Java-Slogan ist ja \u0026ldquo;Write Once, Run Everywhere\u0026rdquo;. Wir haben da viele Witze drüber gemacht, weil Java so oft gecrashed ist \u0026ndash; die meisten Java-Anwendungen liefern inzwischen ja die gesamte Ausführungsumgebung einschließlich der JRE mit, damit überhaupt etwas funktioniert. Jetzt funktioniert endlich mal alles, und die Leute sind wieder unglücklich. Aber im Ernst: Viele behandeln den log4j-Exploit wie einen Bug, einen Programmierfehler, eine Verletzung einer Spezifikation. Genau das ist jedoch nicht der Fall:\nEs funktioniert \u0026ndash; wortwörtlich \u0026ndash; endlich einmal alles wie spezifiziert und dokumentiert: All die Modularität und dynamische Erweiterbarkeit von Java hat ganz wunderbar und genau wie geplant zusammengearbeitet und funktioniert. Darauf haben wir dekadenlang hingearbeitet!\n\u0026ldquo;NOTABUG, WONTFIX\u0026rdquo; Und das ist das eigentliche Problem hier. Viele rufen jetzt nach \u0026ldquo;Mehr Kontrolle!\u0026rdquo;, \u0026ldquo;Mehr Review!\u0026rdquo;, \u0026ldquo;Mehr Funding!\u0026rdquo;, \u0026ldquo;Mehr Augen auf den Code!\u0026rdquo;. Was wirklich helfen würde wäre weniger Code, weniger Indirektion und Boilerplate, und einfach mehr\u0026hellip; Einfachheit.\nWieso brauche ich ein LogAppenderFactorySingleton, das XML liest, um den Namen der Klasse zu bekommen, die es instanziieren muss, damit ich meine Logzeile da einwerfen kann, um sie asynchron an einen LogStream anzuhängen? Das ist nicht einfach. Was ist einfach? JSON nach stderr drucken. Das ist einfach. Aber Firmen stellen seit etwa einer Dekade Leute ein, die nicht wissen, was stdout und stderr sind und das ist irgendwie okay, weil inzwischen ja sowieso alles ein Webservices ist\nEin totales log4shell Nonmention von apenwarr .\nSoftwareentwicklung ist viel moderner geworden: Wir haben Merge Requests mit Code Review, CI/CD-Pipelines, Infrastructure as Code und Immutable Infrastructure. Das nützt nur nix, wenn meine Java Logging Library auf dem Mars Code von Directory-Servern auf der Erde nachlädt und so das \u0026ldquo;Remote\u0026rdquo; in RCE komplett neu definiert. Die Analyse von Dependencies hat nur dann Sinn, wenn die Liste dieser Abhängigkeiten endlich, und genau so immutable wie die Infrastruktur ist.\nJava hatte einmal die notwendigen Kontrollknöpfe, mit denen wir erzwingen konnten, dass diese Liste von Abhängigkeiten endlich und unveränderlich ist. Wenn man auf diese Art von Lebensstil steht, gibt es etwas, das sich SM nennt: Oracle SM . SM bringt die notwendigen Verträge und die Disziplin, die eine Codebase braucht. Aber die meisten Anwender stehen nicht auf SM, und lehnen die Idee ab. Also wird die Funktionalität in Java 17 als deprecated (veraltet) gekennzeichnet und später entfernt werden (JEP 411: Deprecate the Security Manager for Removal ).\nWie ein Dreijähriger Auch JNDI hat SM abgelehnt und hat ein promiskuitives Interface, das Code irgendwoher lädt und ausführt. Man muss sich das wie einen Dreijährigen vorstellen, der sich jede Klasse in den Mund steckt, um herauszufinden wie sie schmeckt und ob sie sich ausführen lässt. Das ist am Ende genau die Spezifikation: Hier ist ein Object, deserialisiere es. In Java bedeutet das, dass der Code für die Klasse des Objektes irgendwo her kommen muss, deren Methoden dann ausgeführt werden.\nNatürlich würde niemand das für eine gute Idee halten, wenn man es so formuliert. Aber andererseits hat es die Person, die das vor 8 Jahren implementiert hat, nicht gesehen, und auch die Hunderttausend, die log4j in ihre Codebasis importiert haben, sind nicht darüber gestolpert. Was sagt uns das über den Dependency-Management-Prozess von Organisationen, die Software entwickeln? Über das Verständnis der Codebase, der Abhängigkeiten, und der Prozesse, die Datenfluss und Releases planen? Ja, genau.\n\u0026ldquo;Wir verwenden eine modulare Architektur und agile Methoden, um die Entwicklungsgeschwindigkeit zu steigern.\u0026rdquo;\nE = 1/2m*(v^2)\nMehr Entwicklungsgeschwindigkeit macht größere Krater.\nCode. Ist. Nicht. Dein. Freund. Ganz besonders nicht dynamisch aus dem Internet nachgeladener Code.\nCode. Ist. Nicht. Dein. Freund.\nIch weiß, es klingt komisch, wenn man Entwickler ist und den eigenen Lebensunterhalt damit bestreitet, dass man glaubt, man sei mit dem Code befreundet.\nAber so ist es. Weniger Code ist besserer Code. Am besten so wenig Code, dass man ihn zur Gänze und mit allen seinen Interaktionen verstehen kann. Und auch den Code, der notwendig ist, um den eigenen Code zu betreiben.\n","date":"2021-12-14T00:00:00Z","href":"https://blog.koehntopp.info/2021/12/14/funktioniert-wie-spezifiziert.html","tags":["lang_de","security"],"title":"Es funktioniert wie spezifiziert"},{"categories":null,"content":"This morning the Discord account of my son started to send \u0026ldquo;free nitro\u0026rdquo; spam to his friends on the friend list, and to some Discords he was a member of. He had 2FA (Google Authenticator) on the account. That fact alone made this a recoverable failure.\nMy son is playing minecraft, has a friend list of around 100 fellow players, and is member of around 40 Discords. He also connected his Discord to Spotify, YouTube and other services, and he authorized around 12 application services, mostly Discord/Minecraft bot services. It is pretty safe to say that his Discord account is very valuable to him, and plays a central part in his pandemic coping.\nThe spam was sending messages to all his friends, and a few Discords, impersonating him. It was not acting as a bot, or even one of his own bots. That means the spammer had accessed his account and identity.\nRecovery was easy, thanks to 2FA Changing the account password is a 2FA protected operation, and invalidates all other login tokens.\nThat means, only a person having access to his cellphone can 2FA and change the password - him (or, this time, me). It also means his Desktop client, all spammers impersonating him and everyone else is logged out. This stopped the Spam dead immediately.\nHow the spam works The \u0026ldquo;free nitro\u0026rdquo; spam is a message promising Discord Nitro (Server Boost, a pay feature) for free. It contains a link that leads you to a typosquatter domain displaying Discords original CI. It presents you with a QR code to scan.\nIt then directs you to open the Discord app on the phone, hit the settings, hit the personal icon on the right and use the function labelled \u0026ldquo;Scan QR code\u0026rdquo; to claim the prize.\nNothing in the UI of the original Discord cellphone app explains to a casual observer what this function does: \u0026ldquo;Using this function will log somebody in to your account\u0026rdquo;. The copy is simply \u0026ldquo;Scan QR code\u0026rdquo;.\nDiscord Settings show the \u0026ldquo;Use the cellphone to auth the desktop app\u0026rdquo; function simply as \u0026ldquo;Scan QR Code\u0026rdquo;. Nothing explains what the function really does: It logs in somebody which may or may not be you. Never use this function.\nDoing what is being asked will provide a bot with a login token to your account. The bot will then begin to send spam in your name to your friends and all discords you are member of.\nIt will also change your password, if it can. It cannot do that when 2FA is active on your account. 2FA is literally saving your account here.\nTraining your kid Here is what to do: Train your kid to\nuse 2FA properly, and always use this and no login shortcuts. archive the original 2FA QR codes used for setting up 2FA. Make a screenshot, and store the PNG of the setup QR code on a USB stick or another offline storage for recovery. This is much easier than the regular account recovery procedures 2FA setups offer, and unlike them, it is one way that works the same for all accounts. It also lets you have the 2FA code generator on the phone and a tablet, for example. Never re-use passwords. In the case of my son, he did not use his Discord password anywhere else, and he has a password list. Thus, he had to change only the Discord password and not fix any other accounts. Also, help your kid: Audit their online accounts.\nmake yourself a calendar entry to audit the accounts your kid has every 6 months: Check the password store: Make sure passwords are not re-used. Check 2FA: Have it enabled everywhere possible where regular TOTP can be used. Avoid Steam Authenticator or other special 2FA apps that may be offered, they are just more to learn and confusing. They break important workflows that must always be done right. Check account connections, cross-authentication, enabled bots and their permissions and so on. actually perform the audit. Have your kid sit in on this, and explain what you do and why. Discuss your thought with them, and the risk analysis you do. Explain online business models with them, too: How is this service or game making money, where is the value, do you think that is okay? What do you want? Offer opinions and evaluation, but try to let them make choices. Also, hold yourself to the same standards.\nFor the record, my personal Google Authenticator has 18 entries. I did not specifically set out to maximize that, so just take this as a guidance, not a competition.\n2FA works! Again, note how 2FA worked exactly the way it is designed to work:\nIt made a loss of control on the account a recoverable operation. Instead of a permanent and total loss of the center of his online life, this was just an awkward 30 minutes and a bunch of apologies.\nAlso note that while Discord is the better Slack, it does have UI/UX design problems around QR code quick authentication. Never use this function. Train your kid to not use this function. Always login with username, password and 2FA.\n","date":"2021-11-30T00:00:00Z","href":"https://blog.koehntopp.info/2021/11/30/discord-nitro-spam-and-2fa.html","tags":["lang_en","security","identity","minecraft"],"title":"Discord Nitro Spam and 2FA"},{"categories":null,"content":"MySQL window functions can be used to calculate daily averages or moving averages for a 24h time window relatively easily. In an earlier article basic window functions were already discussed. In this article, we want to see how we can get daily buckets and moving averages.\nA sample program is available, as usual, on GitHub .\nGetting sample data We will be working with a data table named data, with three columns: a sensor id, a measurement datetime d and a metric value m that was sampled at that time. The table definition looks like this:\n@sql.command(help=\u0026#34;Create a data table\u0026#34;) def setup_tables(): sql_setup = [ \u0026#34;drop table if exists data\u0026#34;, \u0026#34;\u0026#34;\u0026#34; create table data ( id integer not null, d datetime not null, m integer not null, primary key (id, d) )\u0026#34;\u0026#34;\u0026#34;, ] for cmd in sql_setup: try: c = db.cursor() c.execute(cmd) except MySQLdb.OperationalError as e: click.echo(f\u0026#34;setup_tables: failed {e} with {cmd}.\u0026#34;) For one year, each day and for each of our 11 (0-10) sensors, 1001 values will be collected. We insert a random time within the day, and a random measured value, an integer between 0 and 1000.\n@sql.command(help=\u0026#34;Fill data table with test data\u0026#34;) @click.option(\u0026#34;--start\u0026#34;, default=\u0026#34;2020-01-01 00:00:00\u0026#34;, help=\u0026#34;Start date and time yyyy-mm-dd hh:mm:ss\u0026#34;) @click.option(\u0026#34;--end\u0026#34;, default=\u0026#34;2020-12-31 23:59:59\u0026#34;, help=\u0026#34;End date and time yyyy-mm-dd hh:mm:ss\u0026#34;) @click.option(\u0026#34;--count\u0026#34;, default=1000, help=\u0026#34;Number of values per day\u0026#34;) def fill_table(start=\u0026#34;2020-01-01 00:00:00\u0026#34;, end=\u0026#34;2020-12-31 23:59:59\u0026#34;, count=1000): # Get rid of the old data cursor = db.cursor() cursor.execute(\u0026#34;truncate table data\u0026#34;) db.commit() today = datetime.datetime.fromisoformat(start) end = datetime.datetime.fromisoformat(end) one_day = datetime.timedelta(days=1) # For one year, for each day: while today \u0026lt; end: print(f\u0026#34;Date = {today}\u0026#34;) # For each measurement time: for i in range(0, count): # a random sensor id, a random second in the day, and a random metric id = randint(0, 10) d = today + datetime.timedelta(seconds=randint(0, 86399)) m = randint(0, 10000) # are written to the database. sql = \u0026#34;insert into data (id, d, m) values (%(id)s, %(d)s, %(m)s)\u0026#34; # If the (id, time) combination is not unique, we get an error that we pass try: cursor.execute(sql, {\u0026#34;id\u0026#34;: id, \u0026#34;d\u0026#34;: d, \u0026#34;m\u0026#34;: m}) except MySQLdb._exceptions.IntegrityError as e: # The Birthday Paradox in Action # print(e) pass db.commit() # next day. today += one_day Daily Buckets with GROUP BY Window Queries are somewhat related to aggregations with GROUP BY: With GROUP BY we make look at each row under the lens of the GROUP BY statement. All rows that have equal values as listed in the GROUP BY clause land on the same pile. We can then apply aggregation functions to measure the pile.\nIn our example, we could use GROUP BY date(d). That is, our datetime is turned into a date, the time component is cut off. Two values with the same date, but different times, are considered identical and would land on the same pile. Different id values or different metric values m are also not used to select different piles.\nWhat we do is GROUP BY id, date(d):\n@sql.command(help=\u0026#34;Group by day\u0026#34;) def daily_groups(): sql = \u0026#34;\u0026#34;\u0026#34; select id , date(d) as d , count(m) as cnt , sum(m) as total , sum(m)/count(m) as av from data group by id, date(d) order by id, d \u0026#34;\u0026#34;\u0026#34; cursor = db.cursor() cursor.execute(sql) result = cursor.fetchall() for row in result: print(f\u0026#39;id: {row[\u0026#34;id\u0026#34;]:2d} date: {row[\u0026#34;d\u0026#34;]} - cnt: {row[\u0026#34;cnt\u0026#34;]:6d} sum: {row[\u0026#34;total\u0026#34;]} average: {row[\u0026#34;av\u0026#34;]}\u0026#39;) So two measurements from the same sensor-id and taken on the same date are put onto the same pile.\nMySQL offers us a number of functions to measure the pile: Aggregate Functions . We can COUNT() the number of rows, we can SUM() them up, we can ask for their AVG(), MIN() or MAX(). But we can also ask for the values themselves as a comma separated list, using GROUP_CONCAT(). We can also ask for the values to be turned into JSON using JSON_ARRAYAGG() or JSON_OBJECTAGG().\nIn our example above, we ask for the sum and the count and calculate the average ourselves. The output looks like this:\n$ ./rolling-window.py daily-groups | head -5 id: 0 date: 2020-01-01 - cnt: 80 sum: 418888 average: 5236.1000 id: 0 date: 2020-01-02 - cnt: 92 sum: 419129 average: 4555.7500 id: 0 date: 2020-01-03 - cnt: 94 sum: 417583 average: 4442.3723 id: 0 date: 2020-01-04 - cnt: 94 sum: 422754 average: 4497.3830 id: 0 date: 2020-01-05 - cnt: 101 sum: 515639 average: 5105.3366 $ ./rolling-window.py daily-groups | head -369 | tail -5 id: 0 date: 2020-12-30 - cnt: 95 sum: 513361 average: 5403.8000 id: 0 date: 2020-12-31 - cnt: 94 sum: 480321 average: 5109.7979 id: 1 date: 2020-01-01 - cnt: 86 sum: 415058 average: 4826.2558 id: 1 date: 2020-01-02 - cnt: 93 sum: 443509 average: 4768.9140 id: 1 date: 2020-01-03 - cnt: 84 sum: 453897 average: 5403.5357 Since we aggregate and order by id first, we get all values from sensor 0 first, for an entire year. Then the values for sensor id 1 follow, starting again at the beginning of the year. Each row of output has values for one day, because we aggregated that way.\nWe can see how for each of the 10 sensors, approximately 90 values per day exist, but the actual value varies. We can also see that the average is around 5000, but again, it varies each day.\nDaily Partitions Window functions work just like aggregates, if we ask for that with a PARTITION BY clause. But they will return all rows instead of making piles. So when we define WINDOW w AS ( partition by id, date(d) order by id, d), we will get our sensors by sensor and by date. Each new sensor id, and each new date will restart \u0026ldquo;data collection\u0026rdquo;, that is, our sums or counts will be reset.\nOur code:\n@sql.command(help=\u0026#34;Partition by day\u0026#34;) def daily_partitions(): sql = \u0026#34;\u0026#34;\u0026#34; select id , d , count(m) over w as cnt , sum(m) over w as total , sum(m) over w/count(m) over w as av from data window w as ( partition by id, date(d) order by id, d) \u0026#34;\u0026#34;\u0026#34; cursor = db.cursor() cursor.execute(sql) result = cursor.fetchall() for row in result: print(f\u0026#39;id: {row[\u0026#34;id\u0026#34;]:2d} date: {row[\u0026#34;d\u0026#34;]} - cnt: {row[\u0026#34;cnt\u0026#34;]:6d} sum: {row[\u0026#34;total\u0026#34;]} average: {row[\u0026#34;av\u0026#34;]}\u0026#39;) We can check the sums and counts, and see them be restarted:\n$ ./rolling-window.py daily-partitions | less id: 0 date: 2020-01-01 00:13:43 - cnt: 1 sum: 6401 average: 6401.0000 id: 0 date: 2020-01-01 00:14:25 - cnt: 2 sum: 15746 average: 7873.0000 id: 0 date: 2020-01-01 00:15:33 - cnt: 3 sum: 19656 average: 6552.0000 ... id: 0 date: 2020-01-01 23:09:13 - cnt: 79 sum: 411728 average: 5211.7468 id: 0 date: 2020-01-01 23:27:16 - cnt: 80 sum: 418888 average: 5236.1000 id: 0 date: 2020-01-02 00:14:48 - cnt: 1 sum: 5834 average: 5834.0000 id: 0 date: 2020-01-02 00:15:21 - cnt: 2 sum: 10970 average: 5485.0000 ... id: 0 date: 2020-12-31 23:01:21 - cnt: 92 sum: 475441 average: 5167.8370 id: 0 date: 2020-12-31 23:14:32 - cnt: 93 sum: 475494 average: 5112.8387 id: 0 date: 2020-12-31 23:25:47 - cnt: 94 sum: 480321 average: 5109.7979 id: 1 date: 2020-01-01 00:24:46 - cnt: 1 sum: 7079 average: 7079.0000 id: 1 date: 2020-01-01 00:32:22 - cnt: 2 sum: 7989 average: 3994.5000 id: 1 date: 2020-01-01 01:01:40 - cnt: 3 sum: 14551 average: 4850.3333 We can see how each time the day changes or the id changes the sum and count values start over. Initially our count is 1, the sum is 6401 and the average is larger than 5000. As we proceed through the day, we can see how the average converges against that expected value.\nAfter 2020-01-01 23:27:16 at a count of 80 the new day starts and the counters reset.\nThe same happens at the end of the year, at 2020-01-01 23:27:16 when we start over at the first of January, but with id=1.\nMoving average Instead of partitioning the data set by date boundaries we can also define a moving window instead. This window is based on either values, or on date values. In our case, we want the latter: for each metric date d, we want to do our math on the preceding 24 hours.\nIn code:\n@sql.command(help=\u0026#34;Sliding window query - 24h\u0026#34;) def daily_window(): sql = \u0026#34;\u0026#34;\u0026#34; select id , d , count(m) over w as cnt , sum(m) over w as total , sum(m) over w/count(m) over w as av from data window w as (order by d range between interval 1 day preceding and current row) \u0026#34;\u0026#34;\u0026#34; cursor = db.cursor() cursor.execute(sql) result = cursor.fetchall() for row in result: print(f\u0026#39;id: {row[\u0026#34;id\u0026#34;]:2d} date: {row[\u0026#34;d\u0026#34;]} - cnt: {row[\u0026#34;cnt\u0026#34;]:6d} sum: {row[\u0026#34;total\u0026#34;]} average: {row[\u0026#34;av\u0026#34;]}\u0026#39;) The Window clause is WINDOW w AS (order by d range between interval 1 day preceding and current row). As we can see, the id is out of the picture here: We cannot nest window definitions, and that means in this example we count and sum over the previous 24h of all sensors, not sensors with the same id as ours.\nid: 6 date: 2020-01-01 00:03:44 - cnt: 1 sum: 3420 average: 3420.0000 id: 10 date: 2020-01-01 00:07:50 - cnt: 2 sum: 5359 average: 2679.5000 id: 5 date: 2020-01-01 00:08:35 - cnt: 3 sum: 12441 average: 4147.0000 ... id: 0 date: 2020-01-04 20:40:46 - cnt: 998 sum: 4842406 average: 4852.1102 id: 7 date: 2020-01-04 20:41:49 - cnt: 998 sum: 4842673 average: 4852.3778 id: 8 date: 2020-01-04 20:43:00 - cnt: 997 sum: 4833426 average: 4847.9699 id: 1 date: 2020-01-04 20:43:05 - cnt: 998 sum: 4837433 average: 4847.1273 ... id: 7 date: 2020-12-31 23:54:52 - cnt: 1003 sum: 5089623 average: 5074.3998 id: 8 date: 2020-12-31 23:56:02 - cnt: 1004 sum: 5092441 average: 5072.1524 id: 8 date: 2020-12-31 23:59:56 - cnt: 1000 sum: 5059683 average: 5059.6830```` From the changing id values we can see that all sensors are considered. The count also shows that in the middle of the field around 1000 values are considered - the amount of values in one 24h range.\nAn expression such as order by id, d range between interval 1 day preceding and current row is not valid: we get\nMySQLdb._exceptions.OperationalError: (3587, \u0026#34;Window \u0026#39;w\u0026#39; with RANGE N PRECEDING/FOLLOWING frame requires exactly one ORDER BY expression, of numeric or temporal type\u0026#34;) We would have to ask for values from one sensor, specifically:\nselect id , d , count(m) over w as cnt , sum(m) over w as total , sum(m) over w/count(m) over w as av from data where id = 0 window w as (order by d range between interval 1 day preceding and current row) and do that for each successive constant id value. That is not fast nor elegant.\nid: 0 date: 2020-01-01 00:13:43 - cnt: 1 sum: 6401 average: 6401.0000 id: 0 date: 2020-01-01 00:14:25 - cnt: 2 sum: 15746 average: 7873.0000 id: 0 date: 2020-01-01 00:15:33 - cnt: 3 sum: 19656 average: 6552.0000 ... id: 0 date: 2020-04-01 02:48:29 - cnt: 99 sum: 463956 average: 4686.4242 id: 0 date: 2020-04-01 03:07:43 - cnt: 100 sum: 472922 average: 4729.2200 id: 0 date: 2020-04-01 03:15:23 - cnt: 101 sum: 478127 average: 4733.9307 ... id: 0 date: 2020-12-31 23:01:21 - cnt: 97 sum: 500889 average: 5163.8041 id: 0 date: 2020-12-31 23:14:32 - cnt: 96 sum: 487287 average: 5075.9063 id: 0 date: 2020-12-31 23:25:47 - cnt: 97 sum: 492114 average: 5073.3402 We would have to wrap all that into a dependent subquery to loop.\n","date":"2021-11-24T00:00:00Z","href":"https://blog.koehntopp.info/2021/11/24/mysql-moving-average.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Moving Average"},{"categories":null,"content":"A friend of mine wanted to provision BGP passwords for their Arista switch configuration.\nSo a config stanza such as\nrouter bgp 65001 router-id 10.1.1.1 neighbor mydevices peer-group neighbor mydevices password 7 8kjYaye5DsQh0epELyKNe0oZ3E3zp39X requires generation of the Password (actually \u0026ldquo;supersecretpassword\u0026rdquo;) in an encrypted form.\nArista switches can do this using CLI tools, apparently. They seem to have an onboard Linux, which seems to provide limited tooling, but is good enough to run a 32-bit Python 3.7. Arista provides modules to help with handling their configuration. Ryan Gelobter documented these in an article on Medium.\nUnfortunately, these modules are not well portable. They have been implemented in a CPython module for Python 3.7 on i386 (32bit) Linux. They also have a lot of dependencies to other shared objects that are not easily available except in the switch environment.\nSo, if you wanted to provision switch configurations, you would need to run some code on the switch to generate the passwords the way Ryan Gelobter documents, or do the same in a virtual machine with a virtual switch running in it.\nswitch1# bash python -c \u0026#39;import DesCrypt; print DesCrypt.encrypt(\u0026#34;BMP1_passwd\u0026#34;, \u0026#34;supersecretpassword\u0026#34;)\u0026#39; JieKbldfLyl9IzUBJZRvKIcc1w5wWogI Looking at the DesCrypt.py is not particularly helpful: The code in it does little more than\nimport _DesCrypt encryptedData = _DesCrypt.cbcEncrypt(key, data) and _DesCrypt is actually _Descrypt.cpython-37m-i386-linux-gnu.so. Well, at least it is only 10 KB in size, so how hard can it be?\nLet\u0026rsquo;s have a look:\nGhidra When we drop the module into Ghidra, we get to see a PyInit__DesCrypt(void) symbol. The code in that function just calls out to PyModuleCreate2(\u0026amp;PyModuleDef, 0x3f5).\nLooking at the PyModuleDef requires the documentation to properly understand what is going on. We identify two functions, cbcEncrypt and cbcDecrypt by their PyMethodDef entries. Two labels for entry points in a stripped binary identified.\nThe Python Method Definition Table for the _DesCrypt Module defines two functions, named cbcEncrypt and cbcDecrypt.\nLooking at the cbcEncrypt function shows us that it has a dependency on cbc_crypt(), and that seems to be a function from libc, according to the manpage . So it is ancient DES, in CBC mode that is being used. We should be able to do this in pure Python without many additional dependencies then.\nUsing Ghidra more, we can decode cbcEncrypt() and the getHashedKey() function it calls.\ngetHashedKey generates the key the usual way, by xor-ing the incoming string with itself in an 8 bytes long ring buffer, but the starting value is not all zeroes, but some magic value (238ad5f51ec9a8d5)\nAlso, cbcEncrypt pads the data to an even 8 byte boundary as required by DES. How much was padded needs to be embedded in the ciphertext. There is a selection of standard methods for this, as offered for example by Crypto.Util.Padding.pad() in pycryptodome (\u0026ldquo;pkcs7\u0026rdquo;, \u0026ldquo;iso7816\u0026rdquo; and \u0026ldquo;x923\u0026rdquo;).\ncbcEncrypt uses none of these standard methods, and implements its own method: the padding is encoded in the high nibble of a fixed magic int.\nThat magic int is always prepended, even if no padding was necessary: We get ?ebb884c, with ? indicating the number of padbytes (0 to 7).\nGhidra Output of the getHashedKey() function, with a bit of annotation and typing added to get a better view.\nWith this information, we should be able to recreate the function in our own C-code and check if it can recreate the examples Ryan Gelobter provided.\nOf course, it does not.\nDebugging the original code We need to debug, and in order to be able to do that we need to be able to load and isolate getHashedKey() first. The original version, to check what the actual hashed key should look like, and compare the result to our own.\nThat should be easy: An example from 2005 (german language article) shows\nhow to turn a function into a libsomething.a, then into libsomething.so, and then how to dlopen() and dlsym() that binary to call a single function in it. That final piece of code will serve us well: We want to load the _DesCrypt module and call getHashedKey() in an isolated context to see what a correct return value looks like.\nDependencies Turns out, loading _DesCrypt...so is not so easy, because of a dependency on libtac.so.0.\n$ ldd _DesCrypt.cpython-37m-i386-linux-gnu.so linux-gate.so.1 (0xf7f7c000) libtac.so.0 =\u0026gt; not found libpython3.7m.so.1.0 =\u0026gt; not found libstdc++.so.6 =\u0026gt; /lib32/libstdc++.so.6 (0xf7d81000) libm.so.6 =\u0026gt; /lib32/libm.so.6 (0xf7c7d000) libgcc_s.so.1 =\u0026gt; /lib32/libgcc_s.so.1 (0xf7c5e000) libc.so.6 =\u0026gt; /lib32/libc.so.6 (0xf7a73000) /lib/ld-linux.so.2 (0xf7f7e000)``` So we are missing two libraries:\nlibpython3.7m.so.1.0 and libtac.so.0. The Python bit is fixed by building a Python-3.7 in 32-bit:\n$ apt install gcc-multilib $ wget https://www.python.org/ftp/python/3.7.5/Python-3.7.5.tgz $ tar xzf Python-3.7.5.tgz $ cd Python-3.7.5/ $ ./configure --build=i686-pc-linux-gnu CFLAGS=-m32 CXXFLAGS=-m32 LDFLAGS=-m32 --enable-shared $ make -j6 A minor roadbump: We need to build for 32-bit, but on a 64-bit machine. The compile-flag -m32 does that, but it will fail due to some missing includes until we install gcc-multilib as shown above. We can then download the old version of Python, and build it with the required flags for 32-bit support.\nThe libtac.so.0 we could copy off the switch. If we try, things escalate quickly . That is, because that .so in turn loads even more libraries, most of which we don\u0026rsquo;t have access to. And if we had them, they might load even more dependencies.\nLooking into Ghidra again, we know that the code we are interested in does not really depend on libtac,so.0. cbcEncrypt() itself does, but only if something goes wrong and an exception is being raised, but at this stage of our investigation we only want getHashedKey().\nFollowing the guide from 16 years ago, we can quickly write some code to dlopen() the library:\n... typedef void (* func_t)(char const *, int, char *); int main(void) { char *key = \u0026#34;mydevices_passwd\u0026#34;; int keylen = strlen(key); char data[80] = \u0026#34;supersecretpassword\u0026#34;; func_t f; char *error_msg; void *libhandle = NULL; printf(\u0026#34;main start\\n\u0026#34;); libhandle = dlopen(LIBNAME, RTLD_LAZY); if (!libhandle) { fprintf(stderr, \u0026#34;dlopen(%s, RTLD_LAZY) failed: %s\\n\u0026#34;, LIBNAME, dlerror() ); exit(2); } // find func error_msg = dlerror(); f = dlsym(libhandle, \u0026#34;_Z12getHashedKeyPKciPc\u0026#34;); error_msg = dlerror(); if (error_msg) { fprintf(stderr, \u0026#34;dlsym(%p, \\\u0026#34;getHashedKey\\\u0026#34; failed: %s\\n\u0026#34;, libhandle, error_msg ); exit(3); } printf(\u0026#34;gethashedKey %p\\n\u0026#34;, f); f(key, keylen, data); dump(\u0026#34;key\u0026#34;, key, keylen); dump(\u0026#34;data\u0026#34;, data, 80); dlclose(libhandle); return 0; } Killing Dependencies That way we can inspect the output of the function (it overwrites the first 8 bytes of data) and get a reference key value to debug against. Or could, if that would work. It does not, because the .so we open still has listed libtac.so.0 as NEEDED and we need to fix it.\nThere are many ways to edit ELF binaries, but most are badly maintained. An easy way is a web service such as elfy.io . We upload the library, click Load information -\u0026gt; Loader directives and edit the first dependency (libtac.so.0) (offset 0x270) to point to the second dependency (libpython3.7m.so.1.0 (offset 0x283) instead. Downloading the code again, we can rename it to libtest.so and load it with our test program from above, getting a reference key value. So mydevices_passwd in a non-broken implementation yields the raw key value of 4A 0E 5D 1A 70 4F 1F 23 for DES.\nHaving that, debugging can continue. It turns out: math is hard and Intel is a little-endian architecture: The seed byte sequence D5 A8 ... 8A 23 is of course the long 238A…A8D5. I am definitively not doing these things often enough anymore to not make this kind of mistake.\nProgress! Having a working getHashedKey() we can now look at cbcEncrypt() and reverse that.\nThe heart of cbcEncrypt() fetches two Python bytearray, key and data and works with them. The key is processed with getHashedKey(), then cbc_crypt() is set up and called. The result returned to Python using Py_BuildValue.\nThe moment we try to build this in C, it proves frustrating again: cbc_crypt() is no longer part of libc. It is outdated, legacy, but unfortunately still in use. Not only by Arista, but also other companies and protocols. Among them some ancient RPC protocols. It has been removed from libc and moved to libtirpc3, it seems. We need to install libtirpc3, libtirpc-dev and libtirpc-common to be able to build code that calls cbc_crypt(). Even then we seem to be limited to static linking, because for some reason the shared objects do no longer export the symbol.\nSome more short short hiccups:\nThe padding value is a nibble, not a byte, and the long it is part of has to be little endian naturally. The padding needs itself to take the 4 bytes added by the padding itself into account. In the end we get code that reproduces the expected result.\nIn Python If, and that is important, des_parity() is being called. In Python that function is not available, and should not be necessary: The legacy DES function in Python\u0026rsquo;s module supposedly ignores DES parity bits automatically.\nBut the Python code produces a different result. So what goes on here, and how do we get des_parity()?\nTurns out, des_parity() is really weird code: Look at it here . It is supposed to make the 8 bytes of the DES code uneven parity by manipulating the low-value bits in the key. But the actual code also effectively masks out the high order bit, so we do not get 56 bit of keyspace, but only 48 bit. Yay, export crypto?\nAnyway, this is the code Arista runs for their key obfuscation, so we need to duplicate it to produce correct data.\nHere is a PoC in Python.\nWith the poc provided, it should be possible to\nfrom arista_descrypt import cbc_encrypt, cbc_decrypt encrypted = cbc_encrypt(b\u0026#39;mydevices_passwd\u0026#39;, b\u0026#39;supersecretpassword\u0026#39;) print(encrypted) and that should be sufficient to build an Ansible module for Arista config provisioning. The code uses cryptography or pycryptodome automatically, one of the two is installed. It is not dependent on the legacy cbc_crypt() function that formerly was in libc.\nGenerating passphrases Encrypting and decrypting BGP passwords requires a passphrase. In EOS, this passphrase is not static, but depends on the neighbor where the BGP password is configured.\nrouter bgp 65001 router-id 10.1.1.1 neighbor mydevices peer-group neighbor mydevices password 7 8kjYaye5DsQh0epELyKNe0oZ3E3zp39X The passphrase is generated by taking the string after neighbor (in this example mydevices), and appending the string _passwd to it. The string can be the name of a peer group, an IPv4 address or an IPv6 address, and has to be used as shown in the device configuration output. This is particularly important for IPv6 addresses which have multiple forms of representation.\n","date":"2021-11-22T00:00:00Z","href":"https://blog.koehntopp.info/2021/11/22/arista-type-7-passwords.html","tags":["lang_en","security","hack","networking"],"title":"Arista Type 7 Passwords"},{"categories":null,"content":"Dieser Artikel wurde von Lenz Grimmer auch ins Englische übersetzt.\nIn einem Twitter-Thread von Christian Basl ging es um die von zerforschte App \u0026ldquo;Learnu\u0026rdquo; . Basl schreibt:\nDie Betreiber von Learnu sagen, sie hätten keine Fachkenntnisse in IT-Sicherheit und hätten sich auf externe Berater verlassen. So kam Learnu unbekannterweise unsicher auf den Markt.\nIn der sich entwickelnden Diskussion vertrat Andreas Dewes den Standpunkt\nDie meisten Start-ups die ich kenne gehen durch eine Phase, in der IT-Sicherheit und Compliance eher im Hintergrund stehen. Wenn sie größer werden fangen sie an sich darüber Gedanken zu machen u.a. weil Kunden oder Partner Zertifizierungen verlangen, z.B. SOC 2 oder ISO-27001.\nDas ist angesichts von OWASP A01:2021 - Broken Access Control eine lustige Aussage. OWASP ist eine NGO, die die Sicherheit von Anwendungen und Diensten im Internet verbessern will. OWASP gibt dazu eine jedes Jahr aktualisierte Top-10 Liste von Sicherheitsproblemen bei Anwendungen heraus.\nFür 2021 hat es im Vergleich zu 2017 die folgenden Änderungen gegeben:\nBroken Access Control war 2017 auf Platz 5 und ist jetzt Problem #1. 94 % der getesteten Anwendungen hatten irgendeine Form von defekter Zugangskontrolle. Der ehemalige #1 Dauerbrenner Injection ist nur noch auf Platz 3.\nWir sehen ein klassisches Beispiel dafür in einer anderen Schul-Anwendung, die das Team von Zerforschung getestet hat: Scoolio wurde aufgemacht, indem die Zerforschis\nEin Endpunkt der Schnittstelle (Application Programming Interface, API) ist uns dabei sofort ins Auge gefallen: /api/v3/Profile/{ProfileID}. … Wenn wir spannnende API-Endpunkte finden, die über eine Versionskomponente verfügen (hier /v3/), versuchen wir gerne mal, diese zu verändern. Also wurde in unserem Fall aus /api/v3/Profile/{ProfileID} zu /api/v2/Profile/{ProfileID}. Und tada: Noch viel mehr Daten! Aber unsere eigenen Daten sind langweilig – die kennen wir ja schon. Also haben wir auch probiert, eine fremde Profil-ID einzugeben. Und zu unserer geringen Verwunderung, aber großen Genervtheit, konnten wir natürlich auf diese detaillierten Daten der fremden ID zugreifen.\nDas ist ein klassisches \u0026ldquo;A01:2021 - Broken Access Control\u0026rdquo; Beispiel. Die Anwendung kennt die Identität des Benutzers, denn sie ist in der App eingetragen. Sie nutzt diese Information nicht, um die Verbindung zum Server zu authentisieren und autorisieren. Und entsprechend kann die API genutzt werden, um auf beliebige User-Records zuzugreifen, statt nur auf den eigenen.\nIdentität, Authentisierung, Autorisierung, Auditing und Accounting Ein paar Begriffe:\nIdentität: Ich bin ich. Aber ich kann nicht auf das Web oder eine API zugreifen. Eine Anwendung muss das an meiner statt tun. Diese Anwendung verwendet dazu eine eindeutige Benutzerkennung, die \u0026ldquo;mich\u0026rdquo; im Kontext der Anwendung repräsentiert. Eine Identität mit einem eindeutigem Identifier (einem \u0026ldquo;Principal\u0026rdquo;) der mich repräsentiert ist aber zunächst einmal eine Behauptung. Authentisierung: Ich kann das auch beweisen. Wenn ich die behauptete Identität beweisen kann, dann bin ich authentisch ich. Ich bestätige meine Identität meist mit einem Passwort und oft auch mit einem 2. Faktor (etwa einer vom einem Google Authenticator abgetippten wechselnden Geheimnummer). Die behauptete und bestätigte Identität muss für einige Zwecke auch noch verankert werden, etwa wenn diese Identität an andere Rechte oder Verhältnisse in der realen Welt gebunden werden soll. Wenn ich zum Beispiel in einer Schul-App eine Schulzugehörigkeit und Klassenzugehörigkeit haben soll, dann ist es unter Umständen gut, wenn ich mir nicht einfach einen Account machen kann. Stattdessen sollte eine Lehrperson sich das ansehen, mich fragen, ob ich das war und mich dann der Schule und der Klasse zuordnen.\nEiner behaupteten, bestätigten und in der realen Welt verankerten Identität werden dann Zugriffsrechte zugeordnet. Das ist eine Autorisierung, sie bestimmt, was diese Identität im Kontext der Anwendung sehen, schreiben, verändern und löschen darf. Dazu werden wir unten noch ein wenig mehr reden. Was ich dann in der Anwendung tu muss unter Umständen beweiskräftig mitgeschnitten werden. Etwa dann, wenn die Daten, auf die ich zugreife, besonders schützenswert sind, oder ihre Änderungshistorie dokumentiert werden muss. Das kann zum Beispiel im Schulkontext meine Ansammlung von Leistungsnachweisen sein. Ein Logbuch, bei dem Zugriffe zwingend und nicht abschaltbar mit Personenidentitäten verknüpft werden nennt man ein Audit-Log. Wenn ich Dienstleistungen in Anspruch nehme, die Geld kosten, dann muss eine besondere Form von Audit-Log geführt werden. Dieses Audit-Log ist die Grundlage der Rechnungslegung und zeigt, welche Person wann welche kostenpflichtige Dienstleistung in Anspruch genommen hat. Dieses Logbuch ist Bestandteil des Accounting. Man kann zu jedem dieser Themen viel schreiben, aber uns soll hier in erster Linie Autorisierung beschäftigen, eben weil es Thema #1 bei der aktuellen OWASP Liste ist. Und weil es nicht nur bei den Zerforschis im Scoolio Artikel auftaucht, sondern noch einmal im Mein Schnelltest Artikel:\nEine der ersten Anfragen, die uns auffällt, geht an https://corona-api.de/persons/owner/{USER_ID}, wobei USER_ID natürlich die Nummer unseres Accounts ist – z.B. 612341213acab23425251e21. … [Wir verkürzen die URL]… Einen Versuch wagen wir noch und entfernen das / am Ende der URL. Und tada:\nGET https://corona-api.de/persons Uns fällt eine Liste mit den Personen, die auf der Plattform registriert sind, entgegen. Insgesamt fast 400.000 mit allen Daten, die bei einem Corona-Test eben so erfasst werden.\nZerforschung demonstriert dann auch noch, daß sie in beiden Fällen lustig ihre Identität oder ihre Verankerung (die Schulzugehörigkeit) ändern können (und vermutlich ohne daß das in einem Audit-Log landet), und daß sie nach Belieben Daten schreiben können, indem sie dem 177-jahre alten Robert Koch ein Corona-Testergebnis ausstellen.\nAutorisierung Verben und Subjekt-Prädikat-Objekt (Wer tut was mit wem?) Eine Anwendung hat eine Außenseite. Das ist eine Liste aller URLs, die aufrufbar sind. Damit meine ich nicht nur die HTML Webseiten (von denen ja einige auch interaktiv sind und Parameter haben können), sondern auch die API, die den Server für eine App auf einem Telefon oder in einem Browser repräsentiert. Die Liste aller dieser URLs ist wie eine Liste von Verben: Tu-Worte, mit denen man der Anwendung Befehle erteilen kann - \u0026ldquo;zeige mir\u0026rdquo;, \u0026ldquo;finde mir\u0026rdquo;, \u0026ldquo;ändere mir\u0026rdquo;, \u0026ldquo;lösche mir\u0026rdquo;. Wie in jedem Satz gibt es ein Subjekt - wer befiehlt? - und ein Objekt - was wird von dem Verb manipuliert?\nWir können das in Deutsch aufschreiben: \u0026ldquo;Kris will alle Schüler der Heinrich-Heine-Schule in Heikendorf finden.\u0026rdquo;\nOder als Tripel: (Kris, \u0026ldquo;finde alle\u0026rdquo;, \u0026ldquo;Heinrich-Heine-Schule (Heikendorf)\u0026rdquo;)\nOder als Tabelle, mit den Subjekten als Zeilen, den Objekten als Spalten und den Verben da, wo die betreffende Aktion erlaubt ist. Das ist dann eine Matrix von \u0026ldquo;Wer darf was tun?\u0026rdquo;.\nRole Based Access Control Wir sehen dann, daß die Tabelle schnell umfangreich wird, und werden anfangen, die Subjekte zu gruppieren. Subjekte mit gleichen Rechten gruppieren wir zusammen, in einer Role, und benennen diese (zum Beispiel Schüler der HHS). Objekte kann man ebenso gruppieren. Wir bekommen Role Based Access Control, RBAC:\nWir können so bestimmten Subjekten, oder Rollen, feste Rechte geben. Wir müssen aber immer noch viele Relationen erlauben: \u0026ldquo;Schüler der HHS können mit anderen Schülern der HHS Kontakte anbandeln.\u0026rdquo; und extra, und verschieden davon \u0026ldquo;Schüler der Max-Planck-Schule, Kiel können mit anderen Schülern der MPS Kontakte anbandeln.\u0026rdquo;\nOffenbar reicht das in diesem Kontext nicht - aber für viele Anwendungen ist das schon ausreichend. Nämlich immer dann, wenn die interne Struktur innerhalb der Anwendung nicht weiter segmentiert werden muss.\nAttribute Based Access Control Oft will man Regeln formulieren, die Eigenschaften von Subjekten und Objekten abgleichen. Ich kann die Zugangsregeln für Schülerkontakte zum Beispiel so vereinfachen, daß ich die Kontakte zulasse, wenn der aufrufende Schüler und der aufgerufenen Schüler dieselbe Schule besuchen.\n\u0026ldquo;Schüler der HHS können mit anderen Schülern der HHS Kontakte anbandeln.\u0026rdquo; \u0026ldquo;Schüler der MPS können mit anderen Schülern der MPS Kontakte anbandeln.\u0026rdquo; … alle diese RBAC-Regeln werden zu\n\u0026ldquo;Schüler A kann mit Schüler B Kontakt aufnehmen, wenn A.schule_id == B.schule_id\u0026rdquo; also wenn Schüler A und B denselben Wert im Attribut schule_id stehen haben.\nDie Zugriffsrechte werden nun also durch Attribute von Subjekten definiert und können so stark vereinfacht werden. Das setzt natürlich voraus, daß ich die sicherheitsrelevanten Attribute identifiziere und Änderungen an denen kontrolliere, denn sonst ist der Schutz wirkungslos.\nBeispiel: Wenn ein Schüler seine schule_id nach Belieben unkontrolliert ändern kann, dann ist ein Vergleich A.schule_id == B.schule_id wirkungslos.\nWas heißt das für Anwendungsentwickler? Als Anwendungsentwickler verwende ich ein Toolkit, um Webanwendungen und APIs zu schreiben.\nIch muss wissen, welche Außenfläche meine Anwendung hat, also welche URLs mit welchen Parametern zugelassen werden. Das ist nicht schwer. Mein Toolkit hat fast sicher eine Funktion, die mir das sagt (flask routes oder ähnliche Funktionen sind überall vorhanden). Dies ist die Liste meiner Verben. Die Liste der Parameter jeder dieser aufrufbaren Seiten sind die Objekte in meinem Security-Modell. Ich muss meine Anwender identifizieren (ihnen also eindeutige Identifier zuweisen) und authentisieren (sie müssen die behauptete Identität also beweisen). Die Liste dieser Anwender ist dann die Liste meiner Subjekte. Ich muss nun ACL, RBAC oder ABAC Regeln die definieren, \u0026ldquo;Wer was mit wem\u0026rdquo; machen kann und dies im Access Control Framework meiner Anwendung ausdrücken. Das ist nicht schwer, und es ist vor allen Dingen eine notwendige Arbeit. Nicht nur aus rechtlichen und compliance Gründen, sondern auch, weil dies zu einem Datenmodell einer Anwendung gehört: Als Nebenergebnis fällt dabei nämlich ein Transaktionsmodell heraus, also ein Diagramm, wie sich die Datensätze meiner Anwendung durch die Aufrufe von Methoden ändern lassen. Ich erschlage also nicht nur alle Compliance-, viele Datenschutz und alle Security-Pflichten, sondern ich habe den kompletten Data Lifecycle meiner Anwendung mit einem Zustandsübergangsdiagramm dokumentiert, das sowohl Entwicklern als auch Business Analysts allgemeinverständlich zeigt, was zum Teufel wir hier eigentlich tun und wie wir das modellieren.\n","date":"2021-11-16T00:00:00Z","href":"https://blog.koehntopp.info/2021/11/16/a01-2021-broken-access-control.html","tags":["lang_de","security"],"title":"A01:2021 - Broken Access Control"},{"categories":null,"content":"Translation by Lenz Grimmer, German version here .\nA twitter thread by Christian Basl discussed the dissection of the \u0026ldquo;Learnu\u0026rdquo; app . Basl wrote:\nLearnu operators say they have no expertise in IT security and have relied on outside consultants. As a result, Learnu came to market insecurely, unbeknownst to them.\nIn the discussion that developed, Andreas Dewes took the view that\nMost startups I know go through a phase where IT security and compliance tend to take a back seat. As they get bigger, they start to think about it, partly because customers or partners demand certifications, e.g. SOC 2 or ISO-27001.\nThat\u0026rsquo;s a funny statement in light of OWASP A01:2021 - Broken Access Control . OWASP is an NGO that aims to improve the security of applications and services on the Internet. To this end, OWASP publishes a top 10 list of application security problems that is updated every year.\nFor 2021, compared to 2017, there have been the following changes:\nBroken Access Control was #5 in 2017 and is now problem #1. 94% of the applications tested had some form of broken access control. The former #1 perennial problem Injection is now only #3.\nWe see a classic example of this in another school application tested by the Zerforschung team: Scoolio was opened up by the researchers as follows:\nOne endpoint of the application programming interface (API) immediately caught our attention: /api/v3/Profile/{ProfileID}. … When we find exciting API endpoints that have a version component (here /v3/), we like to try to change it sometimes. So in our case /api/v3/Profile/{ProfileID} became /api/v2/Profile/{ProfileID}. And tada: much more data! But our own data is boring - we already know it. So we also tried to enter a foreign ProfileID. And to our little amazement, but great annoyance, we were of course able to access the detailed data of that foreign ID.\nThis is a classic \u0026ldquo;A01:2021 - Broken Access Control\u0026rdquo; example. The application knows the identity of the user because it is registered in the app. It does not use this information to authenticate and authorize the connection to the server. And accordingly, the API can be used to access arbitrary user records instead of just its own.\nIdentity, authentication, authorization, auditing and accounting A few terms:\nIdentity: I am me. But I can\u0026rsquo;t access the web or an API. An application has to do that on my behalf. To do this, that application uses a unique user identifier that represents \u0026ldquo;me\u0026rdquo; in the context of the application. But an identity with a unique identifier (a \u0026ldquo;principal\u0026rdquo;) that represents me is first of all an assertion. Authentication: I can also prove this. If I can prove the claimed identity, then I am authentically me. I usually confirm my identity with a password and often with a 2nd factor (such as a changing secret number typed from a Google Authenticator). The asserted and confirmed identity must also be anchored for some purposes, such as when that identity is to be tied to other rights or relationships in the real world. For example, if I\u0026rsquo;m supposed to have a school affiliation and class affiliation in a school app, then it may be good if I can\u0026rsquo;t just make an account for myself. Instead, a teacher should look at it, ask me if I did it, and then assign me to the school and class.\nAn asserted, confirmed identity anchored in the real world is then granted access rights. This is an authorization, it determines what this identity is allowed to see, write, modify and delete in the context of the application. We\u0026rsquo;ll talk a little more about that below. What I then do in the application may have to be recorded for evidentiary purposes. For example, if the data I am accessing requires special protection, or if its change history needs to be documented. In a school context, for example, this could be my collection of performance records. A logbook in which accesses are linked to personal identities in a mandatory way that cannot be switched off is called an audit log. If I use services that cost money, then a special form of audit log must be kept. This audit log is the basis of accounting and shows which person has used which chargeable service and when. This log is part of accounting. Much can be written on each of these topics, but we are to be primarily concerned here with authorization precisely because it is Topic #1 on the current OWASP list. And because it does not only appear in the Zerforschis\u0026rsquo; Scoolio article, but once again in the My Quick Test article:\nOne of the first requests we notice is to https://corona-api.de/persons/owner/{USER_ID}, where USER_ID is of course the number of our account - e.g. 612341213acab23425251e21. … [We shorten the URL]… We dare to try one more time and remove the / at the end of the URL. And tada:\nGET https://corona-api.de/persons A list of people registered on the platform drops down to us. A total of almost 400,000 with all the data that is collected during a Corona test.\nZerforschung then goes on to demonstrate that they can merrily change their identity or anchoring (the school affiliation) in either case (and presumably without it ending up in an audit log), and that they can write data at will by issuing a Corona test result to 177-year-old Robert Koch.\nAuthorization Verbs and subject-predicate-object (Who does what to whom?) An application has an outside page. This is a list of all URLs that are callable. By this I mean not only the HTML web pages (some of which are interactive and can have parameters), but also the API that represents the server for an app on a phone or in a browser. The list of all these URLs is like a list of verbs: Do words that can be used to give commands to the application - \u0026ldquo;show me\u0026rdquo;, \u0026ldquo;find me\u0026rdquo;, \u0026ldquo;change me\u0026rdquo;, \u0026ldquo;delete me\u0026rdquo;. As in any sentence, there is a subject - who commands? - and an object - what is being manipulated by the verb?\nWe can write this down in German: \u0026ldquo;Kris wants to find all the students at the Heinrich Heine School in Heikendorf.\u0026rdquo;\nOr as a triplet: (Kris, \u0026ldquo;find all\u0026rdquo;, \u0026ldquo;Heinrich-Heine-Schule (Heikendorf)\u0026rdquo;)\nOr as a table, with the subjects as rows, the objects as columns, and the verbs where the action in question is allowed. This is then a matrix of \u0026ldquo;Who may do what?\u0026rdquo;.\nRole Based Access Control We then see that the table quickly becomes large, and will start grouping the subjects. Subjects with the same rights we group together, in a role, and name them (for example students of HHS). Objects can be grouped in the same way. We get Role Based Access Control, RBAC:\nWe can thus give fixed rights to certain subjects, or roles. However, we still need to allow many relations: \u0026ldquo;Students of HHS can make contacts with other students of HHS.\u0026rdquo; and extra, and different from it \u0026ldquo;Students of the Max-Planck-Schule, Kiel can make contacts with other students of the MPS.\u0026rdquo;\nObviously, this is not enough in this context - but for many applications it is already sufficient. Namely, whenever the internal structure within the application does not need to be segmented further.\nAttribute Based Access Control Often one wants to formulate rules that match properties of subjects and objects. For example, I can simplify the access rules for student contacts to allow contacts if the calling student and the called student attend the same school.\n\u0026ldquo;HHS students can make contacts with other HHS students.\u0026rdquo; \u0026ldquo;MPS students can make contacts with other MPS students.\u0026rdquo; … all these RBAC-Rules become\n\u0026ldquo;Student A can make contact with Student B, if A.school_id == B.school_id\u0026rdquo; so if student A and B have the same value in the attribute school_id.\nSo, access rights are now defined by attributes of subjects and can thus be greatly simplified. Of course, this requires that I identify the security-relevant attributes and control changes to those, because otherwise the protection is ineffective.\nExample: If a student can change his school_id at will without control, then a comparison A.school_id == B.school_id is ineffective.\nWhat does this mean for application developers? As an application developer, I use a toolkit to write web applications and APIs.\nI need to know what my application\u0026rsquo;s outer surface is, i.e. which URLs are allowed with which parameters. This is not difficult. My toolkit almost certainly has a function that tells me this (flask routes or similar functions are present everywhere). This is my list of verbs. The list of parameters of each of these callable pages are the objects in my security model. I need to identify my users (i.e., assign them unique identifiers) and authenticate them (i.e., they need to prove the claimed identity). The list of these users is then the list of my subjects. I now need ACL, RBAC or ABAC rules that define \u0026ldquo;who can do what to whom\u0026rdquo; and express this in my application\u0026rsquo;s access control framework. This is not hard, and it is, above all, necessary work. Not only for legal and compliance reasons, but also because this is part of an application\u0026rsquo;s data model: As a side result, this produces a transaction model, i.e. a diagram of how the records of my application can be changed by calling methods. So not only am I slaying all compliance, many data protection, and all security obligations, but I\u0026rsquo;ve documented the entire data lifecycle of my application with a state transition diagram, that shows both developers and business analysts in a generally understandable way what the heck we\u0026rsquo;re actually doing here and how we\u0026rsquo;re modeling it.\n","date":"2021-11-16T00:00:00Z","href":"https://blog.koehntopp.info/2021/11/16/a01-2021-broken-access-control-en.html","tags":["lang_en","security"],"title":"A01:2021 - Broken Access Control (en)"},{"categories":null,"content":"Ein guter Freund sinnierte gestern mit anderen Freunden von mir über die Situation auf der Arbeit und schrieb mir heute:\nWie man es auch dreht und wendet: Corona ist auch ein Lackmustest für Unternehmen in ihrer Rolle als Arbeitgeber. Anhand der vierten Welle lässt sich das hervorragend nachvollziehen.\nDenn Unternehmen und Organisationen, denen am Wohl ihrer Mitarbeiter/-innen etwas liegt, haben schon vor Wochen überall dort, wo es möglich ist, ihre Leute kategorisch wieder ins Homeoffice geschickt und Präsenzveranstaltungen untersagt. Das hat selten etwas damit zu tun, dass diese Unternehmen herausragend schlau wären. Viel mehr schauen diese Unternehmen sich ausgehend vom Wunsch, die eigenen Leute nicht zu gefährden, ihr Corona-Handling dort ab, wo es funktioniert.\nUnternehmen beispielsweise, die sich an Israel orientieren, werden ihre Leute frühestens bei flächendeckender Booster-Impfung der eigenen Belegschaft wieder in die Büros rufen, falls überhaupt. Unternehmen hingegen, die sich an den Richtlinien der deutschen Bundesregierung orientieren, pochen oft seit Wochen schon darauf, in die sich aufbauende vierte Welle hinein die Anwesenheitszeiten in den Büros zu erhöhen.\nDas ist tragisch, weil es so vorhersehbar katastrophale wie vermeidbare Folgen haben wird. Wer Leute notlos in den ÖPNV zwingt, obwohl sie nicht geboostert sind, exponiert sie unnötig einem erhöhten Risiko. Wer Leute notlos ins Büro ruft, obwohl diese nicht impfbare Familienmitglieder im selben Haushalt haben, exponiert sie unnötig einem erhöhten Risiko. Unternehmen, die so agieren, machen sich schuldig.\nDie Menschen in diesen Unternehmen sollten das Corona-Handling ihres Arbeitgebers jedenfalls genau beobachten. Wer die Belegschaft unabhängig vom Impfstatus wieder ins Büro ruft, betreibt das Geschäft der Impfgegner. Denn dann entsteht der Eindruck, der Impfstatus sei im Wesentlichen egal. Wer nur geimpfte Menschen notlos ins Büro ruft, schafft dadurch indirekt sogar Incentives für Impfgegner, weil Homeoffice dann zu einem Privileg für diese wird.\nBeides wäre unerträglich. Und Menschen in diesen Firmen sollten ihren AG durchaus wissen lassen, dass das unerträglich ist. Falls alle Stricke reißen: Kündigen und Namen der Manager notieren, damit man in deren Fängen sicher nie mehr landet.\nBei den Amis heißt das The Great Resignation :\nThe COVID-19 pandemic has allowed workers to rethink their careers, work conditions, and long-term goals. As many workplaces attempted to bring their employees in-person, workers desired the freedom to work from home given during the pandemic. With telecommuting also came schedule flexibility, which was the primary reason to look for a new job of the majority of those studied by Bankrate in August 2021. Additionally, many workers, particularly in younger cohorts, are seeking to gain a better work–life balance.\nDas ist die mildeste Formulierung, die ich gefunden habe.\nTatsächlich arbeiten \u0026ldquo;wir\u0026rdquo; im März 2022 seit 2 Jahren von zu Hause und/oder unter Pandemie-Bedingungen, und außerhalb der traditionellen Bürostrukturen und -hierarchien. Einige Firmen haben sich anpassen können. Von denen hat keine ein Problem mit Churn oder Hiring, also damit, Personal halten zu können und neues anzuwerben.\nEs sind die Läden, die die Realität der vergangenen 2 Jahre negieren, die jetzt bluten, und zwar vom Kopfe her. Und Mitarbeiter, die seit 2 Jahren bewiesen haben, daß sie sehr gut und erfolgreich arbeiten können,\nohne daß sie jeden Tag 2 Stunden im Berufsverkehr verschwenden, ohne daß das Kind als Schlüsselkind nach Hause kommen muss, ohne daß ihnen das Management auf die Bildschirme glotzt, und ohne daß sie 3 von 8 Stunden pro Tag in Meetings zu bringen, von denen für sie maximal 20 Minuten relevant sind, solche Leute brechen jetzt auf - in Firmen, die anders arbeiten, in Berufe, die das nicht notwendig machen oder in ein Umfeld, das weniger dem späten 19. Jahrhundert verhaftet ist. Die Zukunft der Arbeit ist gerade angekommen, und die Leute ziehen um.\nGerade bei den Wissensarbeitern ist das so:\nIch habe 5 Jahre studiert und danach 3 Jahre Projekte gemacht und Dir jetzt gerade 2 Jahre lang bewiesen, daß ich mich selbst organisieren kann, und jetzt willst Du mich im Büro haben, damit Du Dich nicht so alleine fühlst?\nKann man machen. Nicht schlau. So gar nicht.\nEdit: Nachtrag.\nJemand schickt mir diesen paywalled link zur SZ , von dem eh nur der Anreißer interessant ist. Der Artikel beschreibt unter dem Begriff \u0026ldquo;Overemployed\u0026rdquo; Personen, die im Homeoffice so effizient sind, daß sie zwei bezahlte Vollzeitstellen besetzen, ohne Wissen der jeweiligen Arbeitgeber.\nDas geht natürlich nur mit David Graeber\u0026rsquo;s Bullshit Jobs , aber es ist natürlich auch ein Zeichen dafür, daß die Arbeit, die diese Personen ausführen weder produktiv, noch notwendig noch sinnstiftend ist.\nIch antwortete mit\nIch kann nur den Teaser lesen, aber das ist das, was wir im Informatik-Studium Semester 2 (und 4) gemacht haben. Also 3 Leute in die Inf 2 Vorlesung schicken, parallel 3 Leute in Inf 4. Mit dem Rest (gut 20 Leute, Rotationssystem) die Vorlesungen von 2x 90 Minuten in 45 Minuten durchziehen, und dann in 45 Minuten die Aufgaben machen. Das hat sehr, sehr böses Blut gegeben\nDie Antwort war:\nDafür hatten wir [bei uns] die Mitschriften AG. Etwas anderer Studienablauf bei Nicht-Informatikern.\nEdit: Nachtrag.\nEinige Arbeitgeber insistieren dringend, daß \u0026ldquo;Mitarbeiter wenigstens einen Tag in der Woche im Büro sind\u0026rdquo;, ohne das näher zu begründen.\nBohrt man unauffällig und inoffiziell nach, heißt es \u0026ldquo;Wir haben sehr viele Expats, und wenn die statt von hier von ihrem Heimatland aus arbeiten, dann kommen wir von der Unternehmenssteuer her in Teufels Küche.\u0026rdquo;\nUnter Umständen sollte man hier offener kommunizieren, und dann versuchen, kooperativ Lösungen zu finden, denn unerklärliches blockierendes Verhalten eines Arbeitgebers ist in diesem Zusammenhang nicht produktiv und führt wieder zur Kündigungswelle.\n","date":"2021-11-12T00:00:00Z","href":"https://blog.koehntopp.info/2021/11/12/die-kommende-kuendigungswelle.html","tags":["lang_de","remote first","politik","work"],"title":"Die kommende Kündigungswelle"},{"categories":null,"content":"Wir sprachen in Software Defined Silicon darüber, wie die CPU-Bedürfnisse von Hyperscalern und normalen Kunden divergieren.\nHyperscaler haben Interesse an immer größeren CPUs mit immer mehr Kernen, und immer höherer Dichte in ihren Rechenzentren. [\u0026hellip;]\nNormale Kunden sehen das nicht so: man kann in einer 64C/128T-Core-Single-Socket-Konfiguration mit 2-4 TB RAM unter Umständen den gesamten Serverbedarf einer kleineren Firma in einer einzelnen physikalischen Maschine in VMs unterbringen. Das Problem dabei: Explosionsradius, wenn mal etwas ausfällt.\nUnd das passiert:\nAMD Shares Early Details Of Zen 4 Genoa, Bergamo Heute hat AMD einen Ausblick auf die kommenden Zen 4 CPUs geliefert: Die normale \u0026ldquo;Genoa\u0026rdquo; wird 96 Cores pro Socket liefern, also 192C/384T in einem 2P-Board.\nEs wird jedoch von dieser CPU auch eine \u0026ldquo;Bergamo\u0026rdquo;-Variante geben, und das ist eine \u0026ldquo;high-core count compute engine designed for cloud-native workloads\u0026rdquo;. Das sind dann 256C/512T in einem 2P-Board.\nDas ist nicht nur zu viel Maschinerie in einer einzelnen Kiste, sondern auch in einem normalen Rechenzentrums-Rack vermutlich nicht mehr so einfach zu kühlen. Wenn man sich als Hyperscaler jedoch seine Rechenzentren nach Maß bauen lässt, sollte das alles nicht weiter weh tun.\n\u0026ldquo;Wozu der 4K-Monitor, fragst Du? Na, damit die \u0026lsquo;htop\u0026rsquo; Anzeige auf den Bildschirm passt.\u0026rdquo;\n","date":"2021-11-08T00:00:00Z","href":"https://blog.koehntopp.info/2021/11/08/amd-und-128-cores.html","tags":["lang_de","computer","cloud"],"title":"AMD und 128 cores"},{"categories":null,"content":"At work, replication is a central feature in our MySQL Standard Architecture.\nBut until MySQL 5.6, replication was strictly sequential: Even if transactions happened in parallel on a primary, they would be downloaded to the replica by the IO_THREAD into the relay log. From there, a single SQL_THREAD would apply them, one after the other in strict binlog order. That can lead to Replication Delay.\nWe had a monitor for that, courtesy of Dennis Kaarsemaker . That code looked at the time consumption in the SQL_THREAD, and counted the percentage of idle time over time, visualizing it in Graphite or Grafana.\nThis was the amount of runway we had. If the write-load to a specific replication hierarchy threatened to overwhelm a hierarchy, it was a candidate for a schema split.\nExecution Model About a decade ago, MySQL as a company started to work on that problem. The execution part of that is easy, and roughly looks like this:\nAs before, the IO_THREAD logs into the primary and downloads the binlog, then saves it to the local disk of the replica. This is called the relay log.\nUnlike before, the single SQL_THREAD is replaced with a coordinator thread which picks up the relay log for consumption. It then schedules work to a number of worker threads. These apply the binlog to local tables in parallel.\nThe complicated part is to find what can be executed in parallel. This happens in the Primary, which will mark up the binlog for parallel execution on the replicas.\nSplitting the work by schema The low-hanging fruit is splitting work by schema. We assume there are different schemata a, b, c, d on the Primary, and they are isolated from each other by permissions, in such way that write transactions are guaranteed to modify data only in exactly one schema.\nIt would allow two different write operations to different schemas on the primary to be applied in parallel, independent worker threads on the replica.\nThis was replica-parallel-type=DATABASE , and while it is enormously useful with webhosters, the use-case did not fit our environment.\nNewer versions of MySQL got replica-parallel-type=LOGICAL_CLOCK, which can handle parallel execution of compatible statements within a single schema.\nSplitting the work with LOGICAL_CLOCKS Originally, MySQL would assign each transaction in the binlog a number, starting with 1 for each binlog, the sequence_number.\nAll transactions that were executed concurrently obviously were legal to execute in parallel, because they just did on the primary. MySQL would choose a sequence number from that group and assign it to all of these concurrently executed transactions, the commit group number.\nOn the replica, transactions with the same commit group number could be executed in parallel, because they did successfully do that on the primary.\nWhile simple and fast, this method has a number of drawbacks:\nThe degree of parallelism is variable, and workload dependent. On a mostly idle primary, few transactions would be marked up as \u0026ldquo;able to run in parallel\u0026rdquo;, because they would not run in parallel on an idle machine. While that would not be a disadvantage per se (low load on the primary also means low load on the replicas), it makes it really hard to calculate the runway that you still have on your replication hierarchy. On an intermediate primary in a multilevel replication hierarchy, the degree of parallelism cannot go up, but can go down when things that happened concurrently in the primary did not in the intermediate. Execution times and parallelism in the leaf replicas would degrade. Crude hacks were invented to improve the situation with regard to the first problem: We could artificially delay commit on the primary using a config variable, and hope for other transactions to accumulate in the time window. From their locking interaction we would see if they were good to be executed in parallel, and hopefully get larger parallel execution batches.\nThus, we would slow down the primary in order to speed up the replicas.\nLogical Clocks with Dependency Trees More modern logical clocks still number transactions in the binlog with a consecutive sequence_number or sn. They will also assign a second number, the sequence number of an earlier transaction, last_committed or lc, which is the most recent earlier transaction in this binary log that might be conflicting (at least that is what the server that generated the binary log assumed).\nSo given a binary log that looks like this:\nT1: sn=5 lc=4 T2: sn=6 lc=5 T3: sn=7 lc=5 T4: sn=8 lc=6 T5: sn=9 lc=4 we have:\nT2 (sn=6) depending on T1 (T1 has sn=5, and T2\u0026rsquo;s lc is 5), T3 also depending on T1, and T4 depending on T2. T6 is much later in the log, but is dependent lc=4, just like T1. The scheduler can schedule T1, then must wait for T1 to commit. After that, it schedules T2 and T3 in parallel, because they do not conflict. T4 must wait for T2 to complete before it can run.\nThe transaction T5 can in theory be scheduled in parallel already with T1, but due to a limitation of the scheduler can\u0026rsquo;t: The scheduler does not look ahead - any dependency boundary will act as a block. Thus, T2 and T4 are barriers that require everything before them to commit before the scheduler can proceed.\nSplitting the work with COMMIT_ORDER To generate such a dependency tree, for each transaction we look at the end of the transaction, the time interval after the last statement and before the commit. At this point in time all locks the transaction can have taken actually are taken, and they are being released at the end of the commit.\nTwo transactions are non-conflicting (can be run in parallel), when their time windows with all locks being taken do actually overlap - if they had overlapping, conflicting locks, that would not be possible.\nThese transactions are assigned the same lc number.\nAgain, this is a short time window and the degree of parallelism is suboptimal, but at least it always works.\nSplitting the work with WRITESET The introduction of Group Replication required the definition of Write Sets, the sets of primary keys that make up a transaction. They can also be used to improve parallel replication markup of the binlog:\n\u0026ldquo;Two transactions with non-overlapping primary key sets can be executed in parallel.\u0026rdquo;\nWait, what? That is actually wrong, in more than one way, but it is a useful simplification for many cases.\nTwo transactions are actually capable of running in parallel if their lock sets are compatible and non-overlapping.\nIn a transaction, each primary key of any row that we write to gets an X-lock, and thus these two things (primary key set and lock set) are almost, but not quite the same.\nWhen are they not the same?\nWe may theoretically have tables without a primary key. That\u0026rsquo;s bad, and basically while we can lock rows, we can still have two identical rows, one locked and not. We cannot handle WRITESET things for tables without primary keys (but any sensible DBA will require your tables to always have a primary key defined anyway, so that should never be an issue). We may have tables with foreign key constraints, and the foreign key constraints may generate S-locks on REFERENCED rows. These locks in other tables may prevent other writes from proceeding. We cannot handle WRITESET things in the presence of foreign key constraint definitions. So:\nwith Write Sets, we can create maximally parallel dependency trees for a large number of cases, and with COMMIT_ORDER, we have a fallback plan when we can\u0026rsquo;t. How parallel is our workload? Let\u0026rsquo;s write a bit of code to find that out. You can follow along here .\nUsing the mysqlbinlog program, we can read a MySQL binlog and extract the lc/sn pairs. The following mysqlbinlog | grep will produce lines that look like this:\n$ mysqlbinlog -vvv binlog.654321 | grep \u0026#34;last_committed=\u0026#34; | head -3 #211102 8:44:24 server id 210015197 end_log_pos 475 CRC32 0x61436ace GTID\tlast_committed=0\tsequence_number=1\trbr_only=yes original_committed_timestamp=1635839064507445 immediate_commit_timestamp=1635839064507445\ttransaction_length=501 #211102 8:44:24 server id 210015197 end_log_pos 976 CRC32 0xb28c4330 GTID\tlast_committed=1\tsequence_number=2\trbr_only=yes original_committed_timestamp=1635839064507452\timmediate_commit_timestamp=1635839064507452\ttransaction_length=501 #211102 8:44:24 server id 210015197 end_log_pos 1477 CRC32 0xca77099e GTID\tlast_committed=2\tsequence_number=3\trbr_only=yes original_committed_timestamp=1635839064507455 immediate_commit_timestamp=1635839064507455\ttransaction_length=505 Our code will need to grab the lc/sn pairs and store them into value objects of the Transaction type we create. We then add the transactions to the commit scheduler:\nwhile line := sys.stdin.readline(): m = re.search(pattern, line) lc = int(m.group(1)) sn = int(m.group(2)) t = Transaction(lc, sn) sched.add(t) Adding a transaction with sched.add(t) checks if the transaction is blocked by a still open conflicting transaction. If that is the case, it first forces the open transactions to be committed, before it adds the new transaction to the (now empty) list of open transactions.\ndef add(self, t: Transaction): wait_for = t.lc if self.open.get(wait_for, None) is not None: blocker = self.open[lc] if debug: print(f\u0026#34;{t=} is blocked by {blocker=}\u0026#34;) self.commit() if debug: print(f\u0026#34;adding {t=}\u0026#34;) self.open[t.sn] = t \u0026ldquo;Committing\u0026rdquo; is simple: We just clear the list. Before we do that, we collect a number of statistics.\ndef commit(self): self.sum += len(self.open) self.count += 1 self.hist[len(self.open)] += 1 if debug or incremental: print(f\u0026#34;Commit: {len(self.open)} {self.sum=} {self.count=} Avg={self.avg()}\u0026#34;) self.open = dict() Doing that, each time there is a conflict we collect the length of the list of parallel transactions, for a global average and also in a histogram. If incremental is on, we emit a running update with the current degree of parallelism.\nActual data We have some very low traffic hierarchies such as data archives, that have an extremely low degree of parallelism - mostly because they are idle most of the time.\n# mysqlbinlog -vvv binlog.000058 | grep \u0026#34;last_committed=\u0026#34; | ./binlog.py 1: 631546 2: 481 3: 552 4: 300 5: 222 6: 423 7: 381 8: 184 9: 31 10: 13 11: 18 12: 9 13: 4 14: 1 15: 3 16: 3 Avg = 1.0155383957954558 Max = 16 The output is a histogram, so for this binlog, we had 3 instances where the open queue was 16 deep, and so on. On the average, degree of parallelism was 1.02, and the maximum was 16.\nOthers, showing a more normal workload, look a bit better:\n# mysqlbinlog -vvv binlog.000165 | grep \u0026#34;last_committed=\u0026#34; | ./binlog.py 1: 78255 2: 69955 3: 46694 4: 30747 5: 21162 6: 15942 7: 12431 8: 9465 9: 7580 10: 6059 11: 4984 12: 4155 13: 3583 14: 3018 15: 2565 16: 2218 17: 1960 18: 1635 19: 1406 20: 1196 ... 62: 1 Avg = 4.569389646418146 Max = 62 Here we end up with an average degree of parallelism of 4.6, and a maximum of 62.\nFor an internal control plane state storage, we get ~2.\nAnd for our legacy central database, we get a whopping 18. That makes a lot of sense if you think about it - this is a shared database with a number of independent sets of tables that will never block each other. That\u0026rsquo;s why we are able to split it into individual smaller databases in the first place, which is what currently happens.\nTL;DR MySQL has made great progress in being able to run parallel replication, and the work on Write Sets for Group Replication has helped tremendously with that.\nStill, the degree of exploitable parallelism is workload dependent and varies a lot (20x!), depending on replication chain and also, unfortunately, time of day and month.\nThere are legit use-cases that have very extremely low degrees of exploitable parallelism, and any SLO on replication performance always must be made with the assumption of a \u0026ldquo;degree of parallelism=1\u0026rdquo;.\nIf, and how much parallelism there is, is entirely dependent on the database owner and the workload they have. It cannot be controlled by the database operators.\n","date":"2021-11-08T00:00:00Z","href":"https://blog.koehntopp.info/2021/11/08/mysql-parallel-replication.html","tags":["lang_en","mysql","replication"],"title":"MySQL: Parallel Replication"},{"categories":null,"content":"I started blogging almost 20 years ago, because a piece of software I was using to manage calendars and discussion boards to organize the \u0026ldquo;Dienstag\u0026rdquo; also offered blogging functionality. That software was very buggy and full of HTML injections. My patches to fix things touched almost all files, and were rejected, because they\u0026hellip; touched too many files.\nSo I was looking around for something better, and the good people on ircnet:#php.de recommended Serendipity . I have been using this for many years, contributed a few improvements and sponsored a few others. Unfortunately, when Mobile became a thing, I had no theme that went well with that. I also needed 2FA for obvious reasons.\nSo for a time, I used Google+ a lot, but we all know how that went. After that I installed WordPress, but not only was that slow, but the constant patching and the Antispam became a drag.\nI revived the blog by moving all my content to Markdown, and putting it up as a Git repository hosted as GitHub Pages. GitHub Pages has a default workflow, which requires you to do nothing more than to push Markdown, which is very convenient. Internally it uses Jekyll , a static site generator, which converts Markdown together with a set of templates to HTML in the _site directory.\nJekyll is nice enough, and provided useful importers for Serendipity and WordPress. Also, I was able to extend it a bit to also create dedicated additional RSS feeds for the MySQL and Review tags. Unfortunately, though, it is written in Ruby and the theme also uses a lot of npm. The consequence of that are frequent module updates - again! - and a build time for the entire blog of approximately 120 seconds.\nI tried alternatives, and there are many. They are all either slow (Pelican and other Python based stuff), or have hardly any community (e.g. Rust-based Zola). Also, the themes offered are all worse than the really awesome Type-on-Strap I was using in Jekyll. Especially they all offer no or bad on-site search.\nI tried to experiment with Hugo, a Go-based site generator, and that is when I realized that I know nothing about frontend anymore, at all. I mean, I did PHP and made websites, but that was in and around 2000. That is checks calendar more than 20 years ago, and would you believe it, technology has changed.\nI tried to get things to work, but I failed, and gave up:\nOkay, ich geb es auf. Ich bin ja bekennender Frontend-Analphabet und habe zuletzt Webkram gemacht als wir noch ein anderes Jahrtausend hatten.\nMein Blog verwendet Jekyll, und https://github.com/sylhare/Type-on-Strap Das ist lahm, und ich will Hugo.\nIch verwende das Theme, weil es light und text-freundlich ist, und weil es eine gute Suche mitbringt (JS basierend, aber funktioniert leidlich).\nGibt es dieses Theme oder was Vergleichbares für Hugo, oder mag jemand das portieren.\nOriginal ist MIT License.\nBin Privatperson, Blog nicht monetarisiert, kann nur symbolisch zahlen, wenn es jemand es für Geld tun will, sollte das Resultat ebenfalls MIT oder frei verfügbar sein.\n@Darixzen as a member of the Pixls.us project then made contact with me, and recommended Pat David :\nI\u0026rsquo;m a member of the GIMP team, occasional photographer, digital dabbler, and lover of Free Software. Started @pixlsus https://pixls.us who took it upon himself to create a foundation for me to build on, and this weekend I was able to provisionally move over things from Jekyll to Hugo. There are still many visual and other bugs, but this is on GitHub: You can open issues, and even better, provide PRs.\nWhen running hugo serve, the website is built in memory and served from http://localhost:1313. A file watcher detects changes, and \u0026ldquo;on save\u0026rdquo; rebuilds the minimal change set, then triggers an automatic reload in the browser. I have the browser open on the left, WebStorm on the right, and whenever I hit Ctrl-S or change tabs, the article I am looking automatically refreshes. Build time is 0.272s, approximately human reaction time - it\u0026rsquo;s instant.\nThe build time for hugo --cleanDestinationDir is down from 120s to 8s, for the entire site. \u0026ldquo;Thanks, @patdavid!\u0026rdquo; and \u0026ldquo;Thanks, Hugo!\u0026rdquo;, I\u0026rsquo;d say!\nThe new build time for the entire site is down to 8s.\nAlso, using this and the Bootstrap and GitHub workflow documentation, I am even learning things now, and actually was able to fix the first bug on my blog on my own. Kris doing frontend, take cover. \u0026#x1f604;\nAh, and JetBrains. I have the all-in subscription, and started using WebStorm with this setup. I am constantly amazed how fast and incredibly useful their stuff is. If you do stuff with software for a living, and are not using their products, you are doing it wrong.\n","date":"2021-11-07T00:00:00Z","href":"https://blog.koehntopp.info/2021/11/07/this-blog-is-now-hugo-powered.html","tags":["lang_en","blog"],"title":"This Blog is now Hugo powered"},{"categories":null,"content":"What is \u0026ldquo;relational\u0026rdquo; and \u0026ldquo;algebra\u0026rdquo; about \u0026ldquo;Relational Algebra\u0026rdquo; and SQL?\nIt is likely that you know all this.\nThere is nothing new in this text, if you had Databases 101 in school or university, so you do not have to read any of this. In case you had not, or you forgot because it was a long time ago, here it is, again.\n*This is the english version of a much older german writeup .\nAlgebra An \u0026ldquo;Algebra\u0026rdquo; is a structure that is defined on base set A, with one or more operations on it. That structure is an algebra, if the result of every operation leads to results that are again in that base set A.\nSo if you have a thing and math on it, the result is again in that thing, and you can continue to math on it.\nNatural numbers and Addition and all the pain that follows The most well known of these structures is the set of natural numbers and addition {𝐍, +}:\nIf you take two natural, integer, positive numbers and add them, the result is again in that set, a natural, integer and positive number, so you can continue to add.\nIf you make it more complicated and take on another operation, subtraction, that is no longer true: 4-6 is -2, which is not in 𝐍, it is integer, but not positive. We just left the set of natural numbers 𝐍, and now need whole numbers 𝐙 instead to make {𝐙, +, -} an algebra.\nThere is a whole branch of math, axiomatic number theory, that deals with the ever more complicated things we get in our desire to have an algebra for math with numbers:\nYou start with the empty set and the set that contains the empty set to get 𝐍 in the first place, define addition. By having a desire for inverse operations, you invent subtraction and need 𝐙.\nYou invent a shorthand \u0026ldquo;multiplication\u0026rdquo; for repeated addition, and want the inverse, division, and suddenly you need 𝐐, the rational numbers.\nThen you shorthand \u0026ldquo;powers\u0026rdquo; for repeated multiplication, take the inverse, roots, and have irrational numbers, and finally 𝐑, the set of real numbers as the union of rational and irrational numbers.\nAll is good, the sun is shining, except one day you take the square root of -1, and end up with 𝐂, the complex numbers, and suddenly you lose total order. As you descend into this more, you discover Quaternions (and lose commutativity) and other, more complicated structures and lose one nice property after the other.\nBut this text is not that story, we are doing computer science here, not math.\nThere is all kind of weirdness in computer math, too, with machine epsilon and the lack of commutativity, and the number size dependent precision, but again, that is not our story here.\nWe do not even do numbers in our department, but more on that later.\nFirst we need to talk about\nRelations (and Functions) In math, a function is a thing that maps one set onto another set – or the same set, if you have an algebra.\nThis is y=0.5x+2, a function that maps 𝐑 on 𝐑, producing a line.\nThe thing that makes it a function is that for any x, we get exactly one result, exactly one y. Draw a vertical line from any point on the x-axis, and it will only ever hit the line of the function in exactly one spot.\nThere are of course also things that for one given x give you more than one y value.\nAn example would be y\u0026lt;0.5x+2, all y that are smaller than some value derived from x: That\u0026rsquo;s a relation.\nThat\u0026rsquo;s enough math for one day. We still want to do computer science.\nSo the first order of the day is to get rid of all these stupid infinities. Complex, real, rational, yes, even natural numbers - that\u0026rsquo;s a lot of infinite, intangible brain farts from weird math geeks.\nWe want proper values that are touchable and that can be seen with a debugger in memory.\nComputer science does discrete math, all finite, all represented in tangible bits.\nThat also allows us to define a function (or relation) as a lookup table instead of a formula. If it returns more than a single value (more than a single table row) it is not a function, as we have learned - it is a relation.\nAnd thus we end up dealing with tables, and multiple result rows, and the ability to query the query results further - that is \u0026ldquo;relational\u0026rdquo; and \u0026ldquo;an algebra\u0026rdquo;.\nRelational Algebra: Math with Tables An Algebra is a base set, and a number of operations you can perform on the elements of that set, and we demand that the result of any operation again is an element of the base set so that we can math on.\nOur base set is \u0026ldquo;tables\u0026rdquo;. Tables have rows, and each row has the same number of cells. Such a row is called \u0026ldquo;a tuple of n values\u0026rdquo; or \u0026ldquo;n-tuple\u0026rdquo;, and is usually written with round parens: (3, 4, 5) for a 3-tuple with the integers 3, 4 and 5.\nIn computer science there are two big camps of people: one wants data types attached to slots, static type persons. The other wants data types attached to values, dynamic type persons. Most SQL databases want static types, so you do not define a row as \u0026ldquo;3 columns\u0026rdquo;, but you would say (int, char(20), double) as an example. The only SQL product I know of that is different here is SQLite.\nOperations on tables that produce new tables Selection - cut out rows Projection - cut out columns (or make new ones) Join (Cross Product) - combine tables Rename (tables, columns) - so that you can Join a table with itself Aggregation - make piles of things considered equal under a projection Selection, Projection The Selection and Projection operations.\nThe SELECTION operation selects a row from a table. In SQL, this is a WHERE clause:\nSELECT a, b, c FROM t WHERE a = 1 The PROJECTION operation selects a column from a table. In SQL, it is an expression in the SELECT clause.\nSELECT b FROM t We can also use projection and rename to make new columns:\nSELECT a, b, c, concat(a, b) AS ab, 17 AS seventeen FROM t This will make a copy of the original table, and add two more columns, one the concatenation of a and b, and the other a constant number. We use AS to rename the columns from a machine selected name to a name of our choice.\nJoin The Join operation.\nThe JOIN operation combines two tables so that each row from table a is matched with each row of table b once for all possible combinations, a cross product.\nOriginally, we wrote this as a comma, and added additional selection clauses to the WHERE condition to select only the rows we wanted:\nSELECT a.aid, b.aid, b.bid FROM a,b WHERE a.aid = b.aid For a number of reasons that is unwieldy:\nIt makes it hard to see what is an actual selection, and what is part of the join condition. It creates scoping problems with names It has no syntax for other join types than a full cross join. So since 1992 we write the JOIN … ON … keyword, and can specify different join types by using different keywords (JOIN, LEFT JOIN, RIGHT JOIN, OUTER JOIN) The JOIN above then becomes:\nSELECT a.aid, b.aid, b.bid FROM a JOIN b ON a.aid = b.aid WHERE \u0026lt;actual constraints\u0026gt; Renaming tables for self-references The Rename operation used in a self-join context.\nThere is a group of problems, list-of-parts problems or self-referential structures, that can only be modeled with a table rename. The rename operation and the AS keyword are very old, but SQL that can actually walk such structures is rather new - Recursive Common Table Expressions (Recursive CTEs and the WITH keyword ).\nThe basic self-join looks like this:\nSELECT emp.empid AS employee, \u0026#34; has the boss \u0026#34;, boss.empid AS boss FROM emp AS boss JOIN emp ON emp.bossid = boss.empid This expression uses the emp table twice, and in order to be able to decide which instance we are referring to, the AS keyword is needed to give each instance a unique name.\nAggregates The fifth and final operation is the aggregation, with the GROUP BY keyword. To aggregate, you project a table virtually, and pile all rows that are identical under the projection onto the same heap, then measure heaps with aggregation functions.\nIf that sounds weird, look at the drawing:\nThe Aggregate operation.\nThis is a\nSELECT bossid, ... FROM emp GROUP BY bossid We group emp by bossid, that is, we put all rows from emp that have the same value for bossid onto the same pile. We can only reference columns that we mention in the GROUP BY, or measure the piles using aggregation functions such as COUNT(), SUM(), AVG() and others, e.g. GROUP_CONCAT().\nmysql\u0026gt; select -\u0026gt; emp.bossid, -\u0026gt; count(*), -\u0026gt; group_concat(emp.empid) as empids -\u0026gt; from -\u0026gt; emp -\u0026gt; group by -\u0026gt; emp.bossid; +--------+----------+-------------+ | bossid | count(*) | empids | +--------+----------+-------------+ | NULL | 1 | 1 | | 1 | 2 | 2,3 | | 2 | 3 | 4,5,6 | +--------+----------+-------------+ 3 rows in set (0.00 sec) Subqueries: Mathing on with Tables So we now have a base set, tables, and five table operators that make new tables. This is supposedly an algebra, so we should be able to apply SQL to the tables made by SQL statements.\nWe have that - Subqueries.\nScalar Subqueries, and new columns We can put SELECT expressions into any position of the SQL statement in place of constants, column names or expressions. When we put a SELECT into a place of a scalar value, it must return a 1x1 table, of course, to be able to be cast to a scalar (of the appropriate type).\nroot@localhost [kris]\u0026gt; select sum(bid) from b; +----------+ | sum(bid) | +----------+ | 3 | +----------+ 1 row in set (0.00 sec) root@localhost [kris]\u0026gt; select aid, ( -\u0026gt; select sum(bid) from b ) as bsum -\u0026gt; from a; +-----+------+ | aid | bsum | +-----+------+ | 1 | 3 | | 2 | 3 | | 3 | 3 | +-----+------+ 3 rows in set (0.03 sec) Can we make new columns from values that are the result of another select? Yes, we can!\nJoining against a Subquery We can also join against tables that are the results of another select.\nWe start with a query that finds for each schema the number of rows that the largest table in that schema has:\nmysql\u0026gt; select -\u0026gt; table_schema, -\u0026gt; max(table_rows) -\u0026gt; from -\u0026gt; information_schema.tables -\u0026gt; group by -\u0026gt; table_schema; +--------------------+-----------------+ | table_schema | max(table_rows) | +--------------------+-----------------+ | geodb | 459015 | | information_schema | NULL | | kris | 6 | | mysql | 986 | | test | 12 | | test_tablesizes | 79 | | test_world | 4079 | +--------------------+-----------------+ 7 rows in set (3.92 sec) But what is the name of this largest table?\nmysql\u0026gt; use information_schema; mysql\u0026gt; select -\u0026gt; m.table_schema, -\u0026gt; t.table_name, -\u0026gt; m.maxrows -\u0026gt; from -\u0026gt; tables as t join -\u0026gt; (select table_schema, max(table_rows) as maxrows -\u0026gt; from tables group by table_schema ) as m -\u0026gt; on t.table_rows = m.maxrows and t.table_schema = m.table_schema; +-----------------+----------------+---------+ | table_schema | table_name | maxrows | +-----------------+----------------+---------+ | geodb | geodb_textdata | 466518 | | kris | emp | 6 | | mysql | help_relation | 986 | | test | h | 12 | | kris | p | 6 | | test | t | 12 | | test_tablesizes | sizes | 79 | | test_world | City | 4079 | +-----------------+----------------+---------+ 8 rows in set (0.00 sec) We take the original query and put it into our FROM clause, naming the resulting table m. We can now join our information_schema.tables table (which we name t) against that original query result m, on equal maxrows values and equal table_schema values.\nWe then ask t for the name of all the tables that have as many rows as m.maxrows. More than one answer is possible. For example, the test schema has two tables with 12 rows.\nDependent Subqueries - the WHERE clause We can solve the same problem also by putting the Subquery into a WHERE clause:\nmoysql\u0026gt; select -\u0026gt; t.table_schema, -\u0026gt; t.table_name, -\u0026gt; t.table_rows -\u0026gt; from -\u0026gt; tables as t -\u0026gt; where -\u0026gt; t.table_rows = ( -\u0026gt; select max(table_rows) as maxrows -\u0026gt; from tables as m -\u0026gt; where -\u0026gt; t.table_schema = m.table_schema -\u0026gt; ); +-----------------+----------------+------------+ | table_schema | table_name | table_rows | +-----------------+----------------+------------+ | geodb | geodb_textdata | 466518 | | kris | emp | 6 | | mysql | help_relation | 986 | | test | h | 12 | | test | t | 12 | | test_tablesizes | sizes | 79 | | test_world | City | 4079 | +-----------------+----------------+------------+ 7 rows in set (0.00 sec) This is a dependent subquery: It runs once for every row in t that we find and may or may not produce a value. We select each row from t where the table_schema from t and m match and select those rows where the table_rows match the maxrows value we find in the subquery.\nThis does not sound efficient, and it is in fact the purpose of the program generator of the database to produce an execution plan that is not literally like this.\nTraditionally, the query planner in MySQL was severely limited, and consequently dependent subquery execution times were very bad. This is only now, with the 8.0 release, slowly changing.\nA Tuple is a type, too Tables are sets of tuples, and a tuple that can be used in SQL:\nUsing this base table:\nmysql\u0026gt; select * from t; +------+-------+------+ | a | b | c | +------+-------+------+ | eins | one | 1 | | zwei | two | 2 | | drei | three | 3 | | 1 | eins | one | +------+-------+------+ 4 rows in set (0.00 sec) We can write this:\nmysql\u0026gt; select a,b,c from t where a = \u0026#39;eins\u0026#39; and b = \u0026#39;one\u0026#39;; +------+------+------+ | a | b | c | +------+------+------+ | eins | one | 1 | +------+------+------+ 1 row in set (0.00 sec) We can do the same thing using a tuple comparison:\nmysql\u0026gt; select a,b,c from t where (a,b) = (\u0026#39;eins\u0026#39;,\u0026#39;one\u0026#39;); +------+------+------+ | a | b | c | +------+------+------+ | eins | one | 1 | +------+------+------+ 1 row in set (0.00 sec) So this also works:\nmysql\u0026gt; select * from t where (a,b) in ((\u0026#39;eins\u0026#39;,\u0026#39;one\u0026#39;), (\u0026#39;zwei\u0026#39;, \u0026#39;two\u0026#39;)); +------+------+------+ | a | b | c | +------+------+------+ | eins | one | 1 | | zwei | two | 2 | +------+------+------+ 2 rows in set (0.00 sec) We can also do slightly weird things, but they are useful:\n\u0026gt; select a,b,c from t where \u0026#39;eins\u0026#39; in (a,b,c); +------+------+------+ | a | b | c | +------+------+------+ | eins | one | 1 | | 1 | eins | one | +------+------+------+ 2 rows in set (0.00 sec) Or, if I needed to find all rows that have \u0026rsquo;eins\u0026rsquo; and \u0026lsquo;one\u0026rsquo; in neighboring columns:\nmysql\u0026gt; \u0026gt; select a,b,c from t where (\u0026#39;eins\u0026#39;,\u0026#39;one\u0026#39;) in ((a,b),(b,c)); +------+------+------+ | a | b | c | +------+------+------+ | eins | one | 1 | | 1 | eins | one | +------+------+------+ 2 rows in set (0.00 sec) Not an Algebra: LDAP, XPath Results, and many others There are many query languages that are not an algebra, so the results are not of a kind that can be used for further queries.\nThe most classical example is LDAP: LDAP defines operations on a tree, the LDAP tree. The result of any LDAP query is not a subtree, but a node set. LDAP queries do not work on node sets.\nThe result: LDAP servers are very fast, and in some cases can handle hundreds of thousands of queries per second. But the things that SQL could do in a single query actually need hundreds of thousands of queries.\nAnother classical example is XPath. Again, we have a tree as a data type and operations on it. The result again is a node set, and not a tree, so we cannot query the result using XPath. This lack is so glaringly obvious that almost all XPath implementations provide extensions to work around that and allow you to somehow convert a node set into a queryable tree.\n","date":"2021-10-29T00:00:00Z","href":"https://blog.koehntopp.info/2021/10/29/relational-algebra.html","tags":["lang_en","mysql","mysqldev"],"title":"Relational, and an Algebra"},{"categories":null,"content":" As a developer using Python, I want to be able to hand a list to an SQL statement with a WHERE id IN (…) clause, and it should do the right thing.\nWell, that is not how it started, because it was asked on the internal no-work-channel, so it kind of escalated more.\nA question The original question was:\nDev\u0026gt; Why is it 2021, and SQL prepared statements still can\u0026rsquo;t deal with IN? Or have I missed some exciting development?\nAfter a quick detour through Java (which we won\u0026rsquo;t discuss any further in this article), we established that this was a Python problem in this particular instance. And we touched on several other interesting things on our way.\nBut first, the solution:\n#! /usr/bin/env python3 import click import MySQLdb import MySQLdb.cursors class DebugCursor(MySQLdb.cursors.DictCursor): def _query(self, q): print(f\u0026#34;Debug: {q}\u0026#34;) super()._query(q) db_config = dict( host=\u0026#34;localhost\u0026#34;, user=\u0026#34;kris\u0026#34;, passwd=\u0026#34;secret\u0026#34;, db=\u0026#34;kris\u0026#34;, cursorclass=DebugCursor, ) db = MySQLdb.connect(**db_config) @click.group(help=\u0026#34;Making WHERE IN great again.\u0026#34;) def sql(): pass @sql.command() def make_table(): sql1 = \u0026#34;\u0026#34;\u0026#34;drop table if exists insert_test\u0026#34;\u0026#34;\u0026#34; sql2 = \u0026#34;\u0026#34;\u0026#34;create table insert_test ( id serial, d varchar(200) )\u0026#34;\u0026#34;\u0026#34; sql3 = \u0026#34;\u0026#34;\u0026#34;insert into insert_test values ( NULL, %(value)s )\u0026#34;\u0026#34;\u0026#34; c = db.cursor() c.execute(sql1) c.execute(sql2) for i in [ \u0026#39;eins\u0026#39;, \u0026#39;zwei\u0026#39;, \u0026#39;drei\u0026#39;, \u0026#39;zw\u0026#34;ei\u0026#39;, \u0026#39;dr\\ei\u0026#39; ]: c.execute(sql3, {\u0026#34;value\u0026#34;: i}) db.commit() @sql.command() def query(): ary = [ \u0026#39;eins\u0026#39;, \u0026#39;zwei\u0026#39;, \u0026#39;drei\u0026#39;, \u0026#39;zw\u0026#34;ei\u0026#39;, \u0026#39;dr\\ei\u0026#39; ] print(f\u0026#34;{ary}\u0026#34;) sql = \u0026#34;select d from insert_test where d in %(ary)s\u0026#34; c = db.cursor() c.execute(sql, {\u0026#34;ary\u0026#34;: ary}) res = c.fetchall() for r in res: print(r) sql() In case you didn\u0026rsquo;t spot it: you can safely generate the WHERE d IN … clause by supplying a string placeholder and then handing it a list. Do not provide parens, the list will bring its own: It is select d from t where id in %s and not select d from t where id in ( %s ).\nWhy is that safe? We are calling cursor.execute(sql, args) to run the SQL. cursor is from MySQLdb, which is the package mysqlclient, obviously.\nWait, what? In Python 2, there was a MySQL database class called MySQLdb in the package MySQLdb, which was not Python 3 compatible, and the maintainer vanished. Also, Python 3 wanted to do away with upper case letters in package names, anyway.\nSo somebody took over the package, renamed it mysqlclient and made it Python 3 compatible, and kept the old class names in order to, uncharacteristically for Python, not break compatibility. Hence, you install the dependency mysqlclient to get the MySQLdb class.\nRemember this the next time a Python person makes fun of your PHP needles and haystacks, or your Perl anything.\nAnyway… In any case, the cursors are in cursors.py, hopefully somewhere in your venv. And cursor.execute() looks something like this:\n171 def execute(self, query, args=None): ... 190 if args is not None: 191 if isinstance(args, dict): 192 nargs = {} 193 for key, item in args.items(): 194 if isinstance(key, str): 195 key = key.encode(db.encoding) 196 nargs[key] = db.literal(item) 197 args = nargs 198 else: 199 args = tuple(map(db.literal, args)) 200 try: 201 query = query % args 202 except TypeError as m: 203 raise ProgrammingError(str(m)) 204 205 assert isinstance(query, (bytes, bytearray)) 206 res = self._query(query) 207 return res So in line 201, the replacement is a simple old style Python string formatting, query % args. This is then handed to self._query() in line 206.\nBefore that, in 190ff, the args are massaged.\nIf args is not a dict, we map(db.literal, args), which happens to be defined in connections.py:266 . The function escapes the arg using the proper encoding required. It ends up using string_literal() , which is defined in _mysql, a C-language wrapper that links against libmysqlclient.so, the C language client protocol library. And that in turn ends up being a call to mysql_real_escape_string_quote() , which is the appropriate function for this.\nFor dicts, similarly, the items are being enumerated and then db.literal() is applied.\nSo this is proven to work, and it uses the recommended escape function on parameters for MySQL.\nDebugging We do hand the query off to self._query() in the end. And that does the following:\ndef _query(self, q): db = self._get_db() self._result = None db.query(q) self._do_get_result(db) self._post_get_result() self._executed = q return self.rowcount That it, it fetches the existing database connection db, sends off the query and fetches and processes the result (so that you can call cursor.fetchall() or similar on it). It also remembers the query string in cursor._executed, but only after the query ran without error. And finally, it returns the rowcount.\nWe could debug by printing cursor._executed, but only if we don\u0026rsquo;t need to debug and the query actually ran. That is, because the assignment happens only after the db.query(), which in turn will throw an exception if there is a problem with our SQL.\nSo in order to actually debug, we need to do better: We can specify a cursorclass= anyway, as a connection parameter.\nWe make our own cursorclass, DebugCursor, which we let inherit from our cursor class of choice. I happen to be partial to DictCursor, so I inherit from that.\nIn my DebugCursor, I simply override _query(), log the query string and hand off things otherwise unchanged to the superclass. Because I do that before everything else, I get my log sent before stuff catches fire and my code burns to the ground.\nThat way I get to see the replaced SQL before it runs, even it if is gibberish. So I can actually see that\nsql = \u0026#34;select d from insert_test where d in ( %(ary)s )\u0026#34; c = db.cursor() c.execute(sql, {\u0026#34;ary\u0026#34;: ary}) in which I supply my own parens, turns into\n$ python3 prep.py query [\u0026#39;eins\u0026#39;, \u0026#39;zwei\u0026#39;, \u0026#39;drei\u0026#39;, \u0026#39;zw\u0026#34;ei\u0026#39;, \u0026#39;dr\\\\ei\u0026#39;] Debug: b\u0026#39;select d from insert_test where d in ( (\\\u0026#39;eins\\\u0026#39;,\\\u0026#39;zwei\\\u0026#39;,\\\u0026#39;drei\\\u0026#39;,\\\u0026#39;zw\\\\\u0026#34;ei\\\u0026#39;,\\\u0026#39;dr\\\\\\\\ei\\\u0026#39;) )\u0026#39; Traceback (most recent call last): File \u0026#34;prep.py\u0026#34;, line 54, in \u0026lt;module\u0026gt; while without those extra parens I get\n$ python3 prep.py query [\u0026#39;eins\u0026#39;, \u0026#39;zwei\u0026#39;, \u0026#39;drei\u0026#39;, \u0026#39;zw\u0026#34;ei\u0026#39;, \u0026#39;dr\\\\ei\u0026#39;] Debug: b\u0026#39;select d from insert_test where d in (\\\u0026#39;eins\\\u0026#39;,\\\u0026#39;zwei\\\u0026#39;,\\\u0026#39;drei\\\u0026#39;,\\\u0026#39;zw\\\\\u0026#34;ei\\\u0026#39;,\\\u0026#39;dr\\\\\\\\ei\\\u0026#39;)\u0026#39; {\u0026#39;d\u0026#39;: \u0026#39;eins\u0026#39;} {\u0026#39;d\u0026#39;: \u0026#39;zwei\u0026#39;} {\u0026#39;d\u0026#39;: \u0026#39;drei\u0026#39;} {\u0026#39;d\u0026#39;: \u0026#39;zw\u0026#34;ei\u0026#39;} {\u0026#39;d\u0026#39;: \u0026#39;dr\\\\ei\u0026#39;} and so I get to actually see that all is fine and well, and properly escaped.\n","date":"2021-10-28T00:00:00Z","href":"https://blog.koehntopp.info/2021/10/28/python-where-in.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Python and WHERE ... IN ()"},{"categories":null,"content":"I wrote on Twitter something about the term \u0026ldquo;Metaverse\u0026rdquo;. That led to a contact with Michael Carl , who wanted to make an episode for his Podcast with me. My german notes and talk prep are now also available here:\nMetaverse The term \u0026ldquo;Metaverse\u0026rdquo; was initially coined by Neal Stephenson in 1992, but in the context of the current discussion it was defined as in The Metaverse: What It Is, Where to Find it, Who Will Build It, and Fortnite by Matthew Ball. Ball later wrote a lot more about the same , and that led to the current Valley Hype around it.\nWe are starting with games, who no longer are what they started out as, but somehow transcended:\nFortnite by Epic Games, which now also hosts non-Fortnite events, Roblox, a platform to make and host low-end games, and Minecraft in the Java and Bedrock editions, to show how both fail differently. Fortnite Fortnite originally was a Battle Royale game, but is now also a platform that can host events. You can also buy skins for your characters or items, often in a partnership with other IP, for example Marvel/DC super heroes. People gave concerts in there, or hosting other events. Epic likes to do this, openly, because it establishes Fortnite with people who are not originally interested in Battle Royale or part of gaming culture.\nEpic Games also makes the Unreal Engine, and the associated pipelines for creating and editing in-game assets, hosts a market to sell these things, and is building a living infrastructure to produce games, and market them. They are in a way the invisible back-cover of many games.\nRoblox Similarly, but way more casual, Roblox operates a platform to create, host and market low-end games, \u0026ldquo;making games as a game\u0026rdquo;, and matching this, they also have assets, and an asset and game marketing outlet. Roblox is mostly a thing with young and very young people, and vastly underrated with older people.\nMinecraft in two flavors Minecraft is a classic: The original game is written in Java, and meanwhile completely replaceable with third party components. There are alternative clients, alternative servers, and alternative assets. The game is bad: It is a sandbox without much story, an ill-defined goal and primitive graphics, the original servers are slow and buggy.\nBut the graphics are simple enough that even old potato computers can render it. It is written in Java, which can be easily reversed and extended without cooperation from the vendor. And thus there is an extremely rich community of modders, server and client plugins, and many other extensions. As such, Minecraft is a gateway drug into Java programming with young people, because it has unlimited potential for self-motivation and initiates undirected and unprompted learning in many people.\nNone of that leads to monetization that the current owner, Microsoft, can hook on. As an IP asset, Minecraft Java is an utter failure, because after the initial purchase Microsoft is no longer part of the value chain.\nThat is why there is \u0026ldquo;Minecraft Bedrock Edition\u0026rdquo;, more performant, better designed and from the ground up with an asset marketplace. You can buy Bedrock extensions in that marketplace, and only there. As a maker of extensions, you will have to license IP from Microsoft, and pay percentages, as a customer anyway. With gamers, it is not very popular, sterile, and without its own subculture. Compared to the Java Edition, an even bigger failure.\nThe Bedrock model is comparable to the Apple Developer mode, but smaller in scope: You can\u0026rsquo;t seriously develop for Apple machines without having an Apple-ID, a developer license, support for Apple Cloud for handover, and without leaving percentages to the Apple Store. Bedrock copies that model, but not as a Computer-Tablet ecosystem, only as a game, and that did not take off.\nMetaverse: A first definition. The definition of \u0026ldquo;Metaverse\u0026rdquo; is hence less 3D goggles, and more \u0026ldquo;Integration of the gaming industry with the value chain of the entertainment industry for an open digital asset market\u0026rdquo;. Or more open: siphoning off percentages along the gaming value chain during production, marketing and usage, and improving the value of gaming assets by partnering with entertainment properties and using their IP in gaming contexts.\nThe objective is to get more lifetime consumer budget out of a person, without bothering them too much by investing actual time. We want to extend the scope of \u0026ldquo;sellable media\u0026rdquo; in the widest sense.\nAttention and time budgets People have monetary limits, the consumption part of disposable income . They also have time limits, an attention budget. Both are convertible, but that is media dependent.\nAssuming a useful lifetime of 60 years for media consumption, during that time I could read for example one book per week, for a total of 40 books per year. In a total lifetime, that are 2400 books, at - say - 30 Euro each.\nWith AAA games, one can do around 4-6 of them per year, 240-300 in a lifetime, at a value of around 60 Euro each.\nThat\u0026rsquo;s a total lifetime value of around 70k Euro in books, or 20k Euro in games per person.\nWe can see that games are too cheap compared to their production cost, but a higher price than 60 Euro is unrealistic even for AAA titles. That is one reason why each and every game has additional ways of spending money after purchase.\nIn general with both media types, there is a lot of my lifetime attention span bound for comparatively little money: We need to up the burn rate. Books, movies and especially AAA games are much too valuable per time and their consume binds too much attention for the business to scale up. We need a different way to extract money that does not bind as many minutes of person-lifetime and attention.\nThat is critically important, because there is also a lot of free content which competes for attention with our paid for assets, and which often is \u0026ldquo;good enough\u0026rdquo; to bind time which we then cannot monetize.\nA sidebar: death and inheritances With an aging population there is the sidebar \u0026ldquo;boomers die, their children inherit\u0026rdquo;. For example, right now I have around 600 Steam titles, and around 1000 Kindle books. When I die this represents multiple 10k Euro of value. How can my son inherit this? Politics has no answers, and the vendors say \u0026ldquo;he won\u0026rsquo;t\u0026rdquo;. I can only leave my Steam login to my son, and crack the DRM of my Kindle titles.\nEconomically, Kindle and Steam inheritances are largely irrelevant, or would be even be positive, and it is unclear why vendors are blocking this.\nWhen I am inheriting a villa at the lake, I can go in, open the veranda, walk down through the park to the shore and enjoy the asset within minutes. It does not take much time.\nInheriting my Kindle and Steam library, my son will need to invest a lot of time to enjoy that: With 1200 books that will bind 30 years of lifetime, and with an inheritance of 1000 games there will be titles from 2002 that look like drawn with crayons today. I am inheriting \u0026ldquo;Skyrim\u0026rdquo;, but I will have to purchase the \u0026ldquo;VR\u0026rdquo; and \u0026ldquo;Remastered\u0026rdquo; editions of that myself.\nWe can see immediately that this will hardly lead to a loss in revenue for vendors, in some cases it is more like a kind of advertisement, actually.\nAssets: high budget, little time Even today, games offer loot boxes, pay-to-win and pay-to-skip purchases, and they sell cosmetics. Unlike the first three, the last one is hardly controversial.\nPay-to-Win: to finish the game successfully you have to buy equipment with real money. Ideally this becomes apparent only of tou already are invested in the game emotionally and with lifetime. Pay-to-Skip: gameplay is often interrupted with annoying delays in which you can\u0026rsquo;t play, except you purchase immediate continuations with real money. Lootboxes: The game sells containers with \u0026ldquo;random\u0026rdquo; in-game assets to you, some of which are very important in the context of the game. The actual game is just a wrapper for an addictive (and usually rigged) game of chance. The practice is already illegal as unregulated gambling in several EU countries. Contrary to this, cosmetics are widely accepted: These are assets that change the way the character or their equipment looks like, without affecting gameplay. Also, virtual houses and house furnishings that have no effect on gameplay.\nFor example, in \u0026ldquo;Elder Scrolls Online\u0026rdquo; as a player you can get easily and early in-game houses which are spectacularly located, and have a lot of empty space for decorations. Furnishings to decorate the house can be gotten as trophies in-game, but every day things can only be gotten by using real money and purchase from the shop.\nThis has many desirable properties for the vendor: The player can spend a lot of money (without limits!) in-game, and hardly has to invest time or attention to make use of these assets. We are no longer revenue-bound by the players\u0026rsquo; attention budget. This is a much better thing to sell than books, films or the games themselves. The game only provides context and reason for the cosmetics to exist, and defines their visuals.\nEpic Games This is precisely the operating model of Epic Games: With the Unreal Engine the company owns a platform for the fast and efficient design and rendering of really good-looking games. This also includes the tooling for making in-game assets, but also a market to sell these to other game developers. With the Epic Launcher and the integrated shop this is also a platform for game sales, and to collect meta and usage data for Epic, which again (for money) are sold back to the developer as analytics. Epic operates a payment system, which pipes money from the customer to the developer, not only for games, but also for extensions, DLC and in-game purchases.\nWith Fortnite, Epic has their own game, which at the same time can also sell 3D assets to players as equipment, cosmetics and other things.\nFortnite is a special kind of game - player vs. player, battle royal - players play against each other and last man standing wins the round. This kind of game is not interesting for all target demographics, but the engine of Fortnite is flexible and can be repurposed. This enables other use-cases, among them also as a \u0026ldquo;virtual event platform\u0026rdquo;, which also keeps the interest up through media tie-ins and licensed IP.\nThe interpretation of \u0026ldquo;The Metaverse\u0026rdquo; as a value chain for digital assets, specifically 3D assets, is too short-sighted: As an ecosystem with a controlled number of large market operators and a very large numbers of content creators and customers the foundations will look better and have better longevity. It is entirely possible to allow third parties to operate in this \u0026ldquo;virtual world\u0026rdquo;, trade with each other, especially if the market operators at all times get a tiny share from each transaction. This is the idea of the \u0026ldquo;Microsoft tax\u0026rdquo;, revitalized.\nPlayers in this market Different parties have different starting positions and strengths:\nEpic Games/Fortnite - weak in IP, but some original IP, even if niche. Unreal Engine and other things on the \u0026ldquo;games invisible back-cover\u0026rdquo; as a big strength. Roblox - original IP, very young customers, grooms them into future customers, wait 10 years. Microsoft - Minecraft, MS Store et al., too enterprise for success? But Halo, MSFS. Apple (sic!) - no IP, but platform/chain. Disney (sic!) - only IP, but weak marketing outside of films/merchandise. Knows the game very well in the real world: Imagine Disneyland principles applied to a Metaverse. Facebook - wants in at all costs, \u0026ldquo;pivot our enterprise\u0026rdquo;: If \u0026ldquo;social\u0026rdquo; of the future is \u0026ldquo;here\u0026rdquo;, we need to be \u0026ldquo;here\u0026rdquo;. Google - all of this is a reason why Stadia still exists, despite being a flop. Amazon - this is where the gaming strategy of Amazon is anchored. Amazon would like to be the AWS of the gaming world, instead of Epic. Tech Maturity Cycle and standards Cynefin as a Market Maturity Model.\nWe are in the chaotic phase of market maturity: Nobody has a business model for this. It is unclear what the market will look like, what the standards are.\nThis is the landgrab phase, building market share in a new and emerging market. Interop is secondary, because the future standards are not yet visible. Player try to differentiate themselves with features, also to find out which features matter. All players grow in a growing market.\nAs soon as a business model and stable feature lists exists and there is a system for money extraction the market can consolidate. As always, 3-5 companies will dominate the market, which is dropping out of hypergrowth. The dominating companies acknowledge their respective existence and roles, and compete semi-cooperatively: It is more important to erect barriers to entry for disruptors than to destroy the existing competition, and hence there will be complex, hard to implement standards with expensive compliance tests. This will then, against all wishes, lead to interoperability.\nMetaverse, revised definition So we get: The Metaverse is an integration of the gaming industry with the entertainment industry, and the merging of their value chains, optionally extracting a transactional tax at any point of the value chain. The objective is to monetize the lifetime intellectual consumption budget of any person, and extending the market of products relevant to that person, decoupling spend from attention.\nA main result is that books, films and games bind too much time to consume and limit spend. 3D assets are a better sale binding for less time.\nThis is also the backdrop to read \u0026ldquo;Epic vs. Apple and Google\u0026rdquo; properly: This is about opening the monopolistic markets these companies have for their hardware products, and allow other companies to monetize their walled gardens with their own offerings directly.\nThe german outlook is dreary:\nlacking highspeed, low latency infrastructure for gaming. lacking a German company with identity platforms (\u0026ldquo;Login with x\u0026rdquo;). lacking resources and companies with 3D asset tooling, production, marketplaces. lacking German film/tv/literature IP that can be integrated with any of this, especially on a global scale. German companies and culture looks inward, into the own country, not towards a global cultural base. Compare with Korea: Korean production chains in K-Pop; Korean \u0026ldquo;cultural technology\u0026rdquo; that integrated other cultures styles and art and integrates it into K-Pop; production and grooming pipelines for stars and starlets; emerging similar chains for IP.\nIn comparison, Germany counts as unarmed.\nToxic-dystopic interpretation \u0026ldquo;Property\u0026rdquo; in a simulated reality looks like property, but is virtual and can be duplicated easily. Virtualization removes resource constraints in production, but \u0026ldquo;value\u0026rdquo; is only created by uniqueness in consumption.\nThe platform operators and \u0026ldquo;tax\u0026rdquo; authorities have full market transparency and can meter the time spent and consumption habits of everybody. They know what you look at and listen to, what you are using, which styles you like and can sell this data for money to creators. They will also sell access to you to creators.\nA friend of mine:\nHHOS: in the future at birth of child, you will first have to decide which corporate tribe it joins and then find a name compliant with that tribes rules. Switching between tribes is as complicated as an emigration to or from North Korea.\nA central building block is also DRM, here under the marketing name of \u0026ldquo;NFT\u0026rdquo;. NFT is the blockchain word for DRM, only with added destruction of the planet.\nUnique things are only possible with:\nlocking the machine TPM, in-game only licensed assets and mods usable, and NFT Laser Eyes crypto bullshit that burns the planet In this context also the current engagement of Epic in the NFT bull. Proper standards will be important, and \u0026ldquo;identity\u0026rdquo; is central for \u0026ldquo;property\u0026rdquo;. This does not need blockchain, and will work better without - the platforms are central anyway.\nMy friend, commenting further:\nIt is important to bind these people into this universe (\u0026ldquo;Hyperinclusion\u0026rdquo;). They buy in the metaverses store, date their partners in metaverse locations, watch ads for products only available in the metaverse, and can hardly formulate metaverse critical thinking. There is no public space anymore, everything is part of the gated community (cf loss of the almende).\nThere may be competition between a small number of metaverses, but within one metaverse there is only managed competition. That is, the metaverse monopolizes a life in its totality.\nThat is a lot like mining towns in the US in the late 19th century. The shop was owned by the mine, the priest was employed by the mine, and the sheriff and mayor were mine employees.\nEffectively the FB strategy is to make their social media monopoly permanent.\nThis leads us to\nCurrency Cryptocurrencies have demonstrated to large players that money creation is now \u0026ldquo;up for grabs\u0026rdquo;. A metaverse is a very good environment to realize that \u0026ldquo;en passant\u0026rdquo;.\nAgain, watch the Epic engagement in crypto for details. This is problematic: Metaverse and production in it takes resources from the real world, but does not produce value for the real world. The real world is getting poorer, but that is where we live. What does that mean long term for the creation of value and money?\nMaterial URL collection\nGolem \u0026ldquo;Auf der Suche nach dem Wal\u0026rdquo; \u0026ldquo;Auf der Suche nach dem Wal \u0026rdquo;, a video game growth manager (German article).\nColorado Law Review Dark Patterns Link from the above.\n\u0026ldquo;When the Cat’s Away: Techlash, Loot Boxes, and Regulating “Dark Patterns” in the Video Game Industry’s Monetization Strategies \u0026rdquo;, Sektion \u0026ldquo;IV. Broad Guidance for Crafting Effective Dark Pattern Regulation in the Video Game Industry\u0026rdquo;\nMatthew Ball The Metaverse: What It Is, Where to Find it, Who Will Build It, and Fortnite : Original Metaverse Article\nMedia side:\nBy the time Netflix launched its streaming service, much of Hollywood knew that the future of television was online (IP TV had been deployed in the late 1999s). The challenge was timing and how to package such a service (it took another 10 years for Hollywood to accept all of their channels, genres and content needs to be collapsed into a single app/brand).\nBall writes:\nThe Metaverse, we think, will be \u0026hellip;\nPersistent. Synchronous and live. Be without any cap to concurrent users, while also providing each user with an individual sense of “presence” Be a fully functioning economy Be an experience that spans both the digital and physical worlds, private and public networks/experiences, and open and closed platforms Offer unprecedented interoperability of data, digital items/assets, content, and so on across each of these experiences Be populated by “content” and “experiences” created and operated by an incredibly wide range of contributors The Metaverse is not…\nA “virtual world” A “virtual space” (2nd life) “Virtual reality” A “digital and virtual economy” A \u0026ldquo;game\u0026rdquo; A “virtual theme park or Disneyland” A “new app store” A “new UGC platform” That is, of course, nonsense, it will be all of these things, too. This is Valley Hype to make the Next Internet sellable, and to have a common tale to tell. But in the end this is all about the things it is supposedly NOT.\nNine newer longer articles on this.\nFortnite Loyalty Program Keep up engagement and interest. A problem for any MMO:\nPeople don\u0026rsquo;t live in the metaverse, the live here. Primary consumption is casual, not high-end gamer. That is the weakness of the concept, esp Facebook. It can only become a Metaverse if it becomes a permanent place. That\u0026rsquo;s still a long road to travel.\nMy VR goggles are sitting around, idle (sold the Oculus because mandatory FB account). That is, because \u0026ldquo;entering VR\u0026rdquo; is an act (set things up, calibrate), and the goggles isolate (when I put them on, I am \u0026ldquo;gone\u0026rdquo;), and because it is used only by very few games.\nEpic and Facebook: The Race called Metaverse Pastry Eth Thread Crypto bullshit with a few good ideas, but also illusions/lies about what will happen:\n\u0026ldquo;1/5 of FB now working on AR\u0026rdquo;, FB looks at Metaverse as \u0026ldquo;Oculus\u0026rdquo;, \u0026ldquo;VR\u0026rdquo;. That\u0026rsquo;s dangerous tunnel vision. \u0026ldquo;The \u0026ldquo;Metaverse\u0026rdquo; is a virtual space created by the convergence of virtually enhanced physical reality, AR \u0026amp; the Internet: Our current 2D search based version of the Internet is giving way to a fully 3D immersive reality\u0026rdquo;: bullshit, unless consumption becomes casual. 3D Assets in Pancake Games are easier to sell \u0026ldquo;Cosmetics\u0026rdquo;. \u0026ldquo;The Metaverse is always “on” \u0026amp; is beyond the control of any individual. It exists in real time, can host any size audience, has a functioning economy, spans across platforms, provides interoperability for digital assets, \u0026amp; consists of the content and experiences its users create.\u0026rdquo; That is 2nd 2nd life as a concept, and \u0026ldquo;3D Shoppingmalls\u0026rdquo; of the early 90ies revived. As a concept not wrong, and at the same time completely wrong. \u0026ldquo;In the Metaverse, the earning power for young creators won’t be limited to the top 1%. There will be an entire new era of young entrepreneurs making a living in virtual worlds, earning real value and steady income quicker than ever imagined.\u0026rdquo; LOL. Mainly this is about a microsoft tax, that will siphon off money from creators along the way. \u0026ldquo;Creators who were once limited in their ability by technological constraints, lack of capital, time, or creativity, now have everything that is needed. What happens when physical objects are dematerialized? All formerly scarce materials become abundant.\u0026rdquo; LOL. DRM all the way is a requirement to make this work. Also, the permanent promise of creators paradise, when this is really about monopolization of the value chain. Afterwards: Thread degrades into Laser Eyes Nonsense\nDigital Twins Digital twins will act as \u0026ldquo;foundations of the metaverse\u0026rdquo; and allow people to move between real and virtual spaces\nAgain \u0026ldquo;2nd 2nd Life\u0026rdquo;, Skeumorphism is what we do with new tech that does not yet have its own design language. The first cars looked like coaches, and the first Apple applications mimicked Rolodexes and Moleskines. \u0026ldquo;Digital Twins\u0026rdquo; is the same thing.\nCore idea:\nIn April 2020, music artist Travis Scott staged a virtual concert inside the game that was attended live by 12.3 million people. It was a global phenomenon that sent the American rapper to the top of all music charts and earned him a reported $20 million.\nRead: \u0026ldquo;OMG, somebody has used a children\u0026rsquo;s battle royale to earn money without shooting players, but with traditional media work.\u0026rdquo;, and we are back to \u0026ldquo;all the ideas of 2nd life we know are problematic may still be valid again\u0026rdquo;\n\u0026ldquo;If the metaverse is an equivalent reality that coexists next to the physical reality, there needs to be a connection,\u0026rdquo; said Weir-McCall.\nDoes not need that at all. If, then more likely as AR than as 3D models, because connections to the real world is what you lose with 3D VR goggles. Casual is king.\nFacebook Glass and acceptance Google Goggle were identifiable and their users vilified as glassholes. Facebook is using Ray Bay to cover that. There is no technical relationship between Oculus and AR. This is about hiding the tech in the goggles to make it acceptable, and prevent a Facebook glasshole effect. Also, AR is more casual than VR. Fashion also allows easier re-sales of the same item, see also Apple Watch accessories.\nLaser Eyes It’s gonna be epic to bring the squid game to the metaverse. Salute to your team! I am a big fan of the TV series. I am super excited to have a chance to participate in this game! LFG!!!\nMore Laser Eyes.\n","date":"2021-10-27T00:00:00Z","href":"https://blog.koehntopp.info/2021/10/27/metaverse-en.html","tags":["lang_en","computer","technik","media"],"title":"Metaverse (en)"},{"categories":null,"content":"Ich schrieb auf Twitter was zum aktuellen Begriff \u0026ldquo;Metaverse\u0026rdquo;. Das hat zu einem Kontakt mit Michael Carl geführt, der mich in seinem Podcast haben wollte. Meine Gesprächsnotizen und Vorbereitung habe ich nun auch hier:\nMetaverse Der Begriff \u0026ldquo;Metaverse\u0026rdquo; stammt ursprünglich von Neal Stephenson, aus dem Jahre 1992, aber er ist im aktuellen Kontext von Matthew Ball in The Metaverse: What It Is, Where to Find it, Who Will Build It, and Fortnite mit Sinn gefüllt worden. Ball hat dann später mehr zum Thema geschrieben, und so den aktuellen Silicon Valley Hype erzeugt.\nDie Überlegung beginnt mit Spielen, die nicht mehr sind, was sie mal waren, sondern irgendwie mehr geworden sind:\nFortnite von Epic Games, in der nun auch Nicht-Fortnite-Aktivitäten stattfinden, Roblox, eine Plattform zur spielerischen Generierung von Computerspielen, und Minecraft in der Java- und der Bedrock-Edition, um zu zeigen, wie beides auf seine Weise unternehmerische Fehlschläge sind. Fortnite Fortnite war mal Battle Royale, aber ist inzwischen auch eine \u0026ldquo;Veranstaltungsplattform\u0026rdquo;, man kann dort Skins kaufen, Partnerschaften mit anderem IP, zum Beispiel Marvel/DC Super Heroes. Leute haben dort Konzerte gegeben oder andere Veranstaltungen durchgeführt. Epic unterstützt das, recht offen, weil es Fortnite so auch bei Leuten bekannt macht, die an Battle Royal und Gamer-Kultur nicht primär interessiert sind.\nEpic Games macht auch die Unreal Engine, und die dazu gehörenden Pipelines zum Erstellen und Editieren von digitalen Game-Assets, betreibt einen Markt für diese Dinge und baut auch sonst eine lebendige Infrastruktur zur Spielerzeugung und zur Vermarktung auf. Gewissermaßen ist dies die unsichtbare \u0026ldquo;Rückseite\u0026rdquo; von Spielen.\nRoblox Ganz ähnlich, aber viel mehr casual betreibt Roblox sowieso eine Plattform zur Erzeugung von Spielen, und macht so Assets, aber auch einen Markt für Assets. Roblox ist vor allen Dingen bei jungen und sehr jungen Menschen populär, und wird bei älteren Menschen weit unterschätzt.\nMinecraft in zwei Geschmacksrichtungen Minecraft ist ein Klassiker: Das originale Minecraft ist in Java geschrieben und inzwischen komplett durch Komponenten von Drittherstellern ersetzbar. Es gibt alternative Clients, alternative Server, alternative Assets. Das Spiel ist schlecht: Es ist eine Sandbox ohne viel Story und ohne Spielziel mit primitiver Grafik, die originalen Server sind langsam und fehlerhaft.\nAber die Grafik ist simpel, sodass das Spiel auch auf abgelegten Kartoffelcomputern funktioniert. Es ist alles in Java geschrieben, das sich leicht reversen und dann unkooperativ erweitern lässt, und so gibt es eine reichhaltige Community mit Moddern, Server- und Client-Plugins, und vielen anderen Erweiterungen. Das macht das Spiel populär und zu einer \u0026ldquo;Einstiegsdroge\u0026rdquo; in die Java-Programmierung bei jungen Menschen, weil es ein unglaubliches Potenzial für Selbstmotivation bietet.\nNichts davon ist durch den derzeitigen Eigentümer Microsoft monetarisierbar. Als IP ist Minecraft für Microsoft gescheitert, weil Microsoft nach dem Kauf des Spiels nicht mehr Teil der Verwertungskette ist.\nDaher gibt es von Microsoft \u0026ldquo;Minecraft Bedrock Edition\u0026rdquo;, performanter und besser designt, und von Grund auf mit einem Asset-Markt integriert. Erweiterungen für Bedrock sind im Laden kaufbar, und nur dort. Man muss als Anbieter IP von Microsoft lizenzieren und dann Prozente zahlen, als Kunde sowieso. Bei den Spielern ist es deswegen kaum populär, steril und ohne eigene Kultur. Im Vergleich zu Java Edition noch ein größerer Fehlschlag.\nDas Bedrock-Modell ist vergleichbar mit dem Apple Entwicklermodell, aber kleiner im Scope: Man kann nicht ernsthaft für Apple entwickeln ohne Apple-ID, Entwickler-Lizenz, Cloud-Nutzung für Handover und Storage und ohne Prozente im Apple Store zu bezahlen. Bedrock ist danach modelliert, aber halt kein Computer-Tablet-ökosystem, sondern nur ein Spiel.\nMetaverse: Eine erste Definition Die tatsächliche Definition von \u0026ldquo;Metaverse\u0026rdquo; sind also nicht 3D-Brillen, sondern \u0026ldquo;die Integration der Computerspieleindustrie mit der Wertschöpfungskette der Unterhaltungsindustrie für einen offenen, digitalen Assetmarkt\u0026rdquo;.\nOder offener: Das Anzapfen der Spieleverwertungskette an jeder Stelle im Produktionsfluß, und das Aufwerten der Spieleverwertungskette durch Integration mit Intellectual Property aus Filmen und Büchern.\nEs geht also darum, aus dem Lebenszeit-Konsum-Budget einer Person mehr Geld herauszuziehen, ohne zu viel Lebenszeit bei dieser Person zu verbrauchen, also um eine Aufweitung von Ausgaben für \u0026ldquo;Medien\u0026rdquo; im aller weitesten Sinne.\nBudgets für Aufmerksamkeit und Geld Menschen haben Geldlimits für ihre Freizeit, der Konsumanteil des verfügbaren Einkommens . Sie haben auch Zeitlimits für ihre Freizeit, ein Budget für Aufmerksamkeit. Beides ist konvertibel, aber das hängt am Medium.\nNimmt man eine nützliche Lebenszeit, in der ich \u0026ldquo;Lesen\u0026rdquo; kann von 60 Jahren an, und unterstellt man einem fleißigen Leser 40 Bücher (eines pro Woche) im Jahr, dann wird diese Person in ihrem Leben 2400 Bücher lesen, im Wert von sagen wir ~30 Euro pro Stück.\nArbeitet man mit Computerspielen der AAA-Klasse, dann schafft man eventuell 4-6 Spiele im Jahr sinnvoll durchzuspielen, also im Leben 240-300 Titel, im Wert von ~60 Euro pro Stück.\nDas setzt eine Größenordnung von Lebensumsatz pro Person für diese Dinge, also ~70k Euro in Büchern oder 20k Euro in Spielen pro Personenleben.\nWir sehen insbesondere, daß Spiele im Vergleich zu ihrem Produktionsaufwand viel zu billig sind, aber ein höherer Preis als 60 Euro ist auch für einen AAA-Titel nicht durchsetzbar. Das ist einer der Gründe, warum in jedem einzelnen dieser Spiele weitere Möglichkeiten zum Geldausgeben enthalten sind.\nGenerell ist es aber bei beiden Medien so, daß das Geldausgeben im Vergleich zu der aufgewendeten Zeit zu langsam ist: Die Burnrate muss hoch. Bücher, aber auch Filme und insbesondere AAA-Titel von Computerspielen sind viel zu werthaltig, und ihr Konsum ist zu aufwendig. Wir suchen was anderes, bei dem nicht so viele Minuten Lebenszeit pro ausgegebenem Euro aufgewendet werden müsse.\nDas ist kritisch, weil es ja auch noch viele freie Inhalte gibt, die auch um Aufmerksamkeit buhlen und \u0026ldquo;gut genug\u0026rdquo; sind, um bezahlte Inhalte zu verdrängen. Sie kosten Minuten Aufmerksamkeit, ohne Geld zu verdienen.\nNebenschauplatz: Sterben und Erben Angesichts der alternden Bevölkerung gibt es auch noch den Nebenschauplatz \u0026ldquo;Boomer sterben, Kinder erben\u0026rdquo;. Ich habe zum Beispiel genau jetzt ca. 600 Steam Titel und 1000 Kindle Books. Wenn ich sterbe, sind das einige 10k Euro Wert. Wie vererbe ich die meinem Sohn? Die Politik hat keine Antworten, und die Hersteller lassen das nicht zu. Ich kann meinem Kind also nur mein Steam Login vermachen und von meinen Kindle-Büchern das DRM knacken.\nWirtschaftlich sind Kindle und Steam-Erbschaften für die Hersteller weitgehend irrelevant, oder wären sogar positiv, und es ist unklar, wieso man sich so sträubt:\nWenn ein Haus am See erbe, kann ich da hereingehen, die Veranda aufschließen, in den Park gehen und so das Asset genießen. Das kostet mich nicht viel Zeit.\nErbe ich dagegen eine Kindle- oder Steam-Library, kostet mich das viel Zeit in der Erschließung: Wenn ich 1200 Bücher erbe, sind das 30 Jahre Lebenszeit, die ich investieren muss, um das Erbe zu verarbeiten. Wenn ich 1000 Spiele erbe, sind da Titel von 2002 bei, die heute wie Dreck aussehen. Ich erbe \u0026ldquo;Skyrim\u0026rdquo;, muss aber \u0026ldquo;Skyrim VR\u0026rdquo; und \u0026ldquo;Skyrim Remastered\u0026rdquo; selbst kaufen.\nWir sehen sofort: Erben ist für den Hersteller kein relevanter Umsatzverlust, sondern eher noch ein Mittel zur Verkaufsförderung.\nAssets: hoher Geldaufwand, geringer Zeitaufwand Bereits heute ist in Spielen neben Lootboxen und Pay-to-Win und Pay-to-Skip Modellen der Verkauf von Cosmetics eine der größten Einnahmequellen, und im Gegensatz zu den anderen Geldquellen weitgehend unumstritten.\nPay-to-Win: Das Spiel ist nicht erfolgreich zu beenden, außer man kauft Ausrüstungsgegenstände für Echtgeld dazu. Idealerweise wird das erst sichtbar, wenn man bereits eine Menge Zeit und Emotion in das Spiel investiert hat. Pay-to-Skip: Das Spiel wird immer wieder durch ärgerliche Wartepausen unterbrochen, in denen man nicht weiterspielen kann, außer man kauft die Pause durch Echtgeld weg. Lootboxen: Das Spiel verkauft einem Container einem zufälligen Inhalt an Spielgegenständen, bei denen selten wertvolle Dinge enthalten sind. Das eigentliche Spiel ist also eine Verpackung für ein Glücksspiel im Inneren. Diese Praxis ist mittlerweile in einigen EU-Ländern verboten. Im Gegensatz dazu sind Cosmetics weitgehend unumstritten: Das sind Gegenstände, die der Spielfigur und ihrer Ausrüstung ein anderes Aussehen geben, ein virtuelles Haus und seine Einrichtung, die auf das Spiel keine wesentliche Auswirkung haben und ähnliches.\nIm Spiel \u0026ldquo;Elder Scrolls Online\u0026rdquo; zum Beispiel bekommt man als Spieler leicht und zu geringen Kosten virtuelle Wohnhäuser in der Spielwelt, die sehr spektakulär liegen und aussehen und viel leeren Platz bieten. Gegenstände zum Einrichten kann man sich als Trophäen erspielen, aber wesentliche Alltagsgegenstände zur Einrichtung sind nur via Echtgeld-Einsatz im Shop zu kaufen.\nDas für den Hersteller wunderbare dabei: Der Spieler kann in den Kauf von Cosmetics beliebig viel Geld reinpumpen und wird dabei kaum Lebenszeit oder Aufmerksamkeit aufbringen müssen. Limitierend kann also nur die Geldbörse des Kunden wirken, nicht aber sein Zeitbudget. Das macht so etwas zu einem viel besseren Geschäftsfeld als Bücher, Filme oder die Spiele selbst. Das Spiel liefert nur den Kontext und Anlass für die Cosmetics zu existieren und bestimmt ihr Aussehen.\nEpic Games Dies ist genau die Geschäftsgrundlage von Epic Games: Mit der Unreal Engine bietet die Firma eine Plattform zum schnellen und effizienten Design von sehr gut aussehenden Videospielen. Dazu gehören auch Werkzeuge zum Erzeugen der Ingame-Assets, aber auch der Betrieb einer Verkaufsplattform für solche Assets an Spielhersteller. Mit dem Epic Launcher und dem darin integrierten Shop auch eine Plattform zum Verkauf von Spielen, und zum Erfassen von Meta- und Nutzungsdaten an Epic, die dann wiederum (gegen Geld) dem Spielhersteller als Analytics angeboten werden. Das von Epic betriebene Payment-System ist die Pipeline, über die Geld vom Kunden zum Spielhersteller fließen kann, und über die nicht nur die Spiele, sondern auch Erweiterungen, In-Game Käufe und andere Geldausgaben abgewickelt werden können.\nMit Fortnite hat man aber auch ein eigenes Spiel am Start, das zugleich auch 3D Assets an Endkunden als Ausrüstungsgegenstände, Cosmetics oder sonst wie verkaufen kann.\nFortnite ist eine bestimmte Sorte Spiel - Player vs. Player, im Battle Royal Modus, Spieler treten gegeneinander an und der letzte Überlebende gewinnt. Diese Sorte Spiel ist nicht für alle Zielgruppen interessant, aber die Engine von Fortnite lässt sich auch anderweitig nutzen. Entsprechend weckt man Interesse durch Nutzung von Fortnite als \u0026ldquo;virtuelle Veranstaltungsplattform\u0026rdquo; und hält das Interesse durch Media Tie-Ins und Licensed IP aufrecht.\nDie Interpretation von Metaverse als Verwertungskette von digitalen Assets, speziell 3D Assets, als \u0026ldquo;Online-Merchandise\u0026rdquo; greift jedoch zu kurz: Als Ökosystem mit einer kontrollierten Anzahl von großen Marktbetreibern und einer großen Anzahl von Kunden und Kreativen steht man viel besser und vor allen Dingen dauerhafter da. Man kann Dritten auf diese Weise erlauben, untereinander Handel zu treiben, aber dabei laufend einen geringen Anteil an allen Transaktionen abgreifen. Gewissermaßen will man die Idee der \u0026ldquo;Microsoft-Tax\u0026rdquo; in einem anderen Kontext wieder aufleben lassen.\nSpieler am Markt Unterschiedliche Ausgangspositionen bei\nEpic Games/Fortnite - schwach bei IP, aber original IP, wenn auch Nische, Unreal Engine und die anderen Dinge auf der \u0026ldquo;Rückseite\u0026rdquo; der Spiele als große Stärke. Roblox - original IP, sehr junge Kundschaft, erzieht sich gerade Kinder, 10 Jahre warten, groß unterschätzt. Microsoft - Minecraft, MS Store et al, zu Enterprise um erfolgreich zu sein? Aber Halo, MSFS. Apple (sic!) - kein IP, aber Plattform/Kette. Disney (sic!) - nur IP, aber schwach in Verwertung außerhalb von Filmen/offline Merchandise. Facebook - will da unbedingt rein, \u0026ldquo;Enterprise Pivot\u0026rdquo;: wenn Social in Zukunft \u0026ldquo;hier\u0026rdquo; stattfindet, dann muss Facebook \u0026ldquo;hier\u0026rdquo; sein. Google - insbesondere der Grund, wieso Google Stadia nicht wirklich einstellen kann, selbst wenn es ein Flop wird/ist. Amazon - hier ist auch die Spiele Strategie von Amazon mit einordnen. Amazon wäre gerne das AWS der Spielewelt anstelle von Epic. Tech Maturity Cycle und Standards Cynefin als Market Maturity Model.\nWir sind derzeit in einer chaotischen Phase der Marktentwicklung: Niemand hat ein Geschäftsmodell in diesem Markt, es ist unklar, wie dieser überhaupt aussehen wird. Standards existieren noch nicht.\nEs geht um Landgrab, also um den Aufbau von Marktanteilen in einem entstehenden und wachsenden Markt. Interop ist sekundär, weil noch keine Idee vorhanden ist, wie die Standards aussehen werden. Man versucht sich vom Mitbewerb durch Features zu differenzieren, und dabei auch herauszufinden, was wichtig ist. Alle Spieler wachsen in einem wachsenden, entstehenden Markt.\nSobald es ein Geschäftsmodell, stabile Featurelisten und ein System zur Geldextraktion gibt, wird sich der Markt konsolidieren. Dann beherrschen 3-5 Firmen den Markt, der auch aus dem Hyperwachstum heraus geht. Die marktbeherrschenden Firmen erkennen einander an und konkurrieren semi-kooperativ miteinander: Es ist wichtiger, den Marktzugang von Disruptoren zu erschweren, und es wird komplexe, schwierig zu implementierende Standards geben, mit Compliance Prüfungen und anderen Kostenfaktoren. Das wird dann aber auch - zähneknirschend - zu Interoperabilität führen.\nMetaverse, überarbeitete Definition Das führt uns zur überarbeiteten Definition von Metaverse: Die Integration der Spieleindustrie mit der Unterhaltungsindustrie und die Integration der Wertschöpfungsketten, mit der Möglichkeit die Verwertungskette an jeder Stelle im Produktionsfluß mit einer Art Steuer zu belegen. Ein systematisches Anzapfen des Lifetime Intellectual Property-Konsumbudgets einer Person, und die Aufweitung des Marktes, der für einen Konsumenten relevant ist.\nDie Erkenntnis, daß Buch, Filme und Spiele zu zeitaufwendig zu erstellen und zu konsumieren sind. 3D Assets ist viel größere Verkaufsgelegenheit, ohne daß der Kunde so viel Lebenszeit investieren muss, um tatsächlich den Kauf zu konsumieren.\nVor diesem Hintergrund ist auch die laufende Auseinandersetzung von Epic vs. Apple und Google vor Gericht zu lesen: Es geht darum, das Anzapf-Monopol von Apple und den von Apple dominierten Markt für andere zu Öffnen zu unterminieren.\nBesondere deutsche Probleme dabei:\nkeine Infrastruktur für Highspeed, Low Latency wie man das für Spiele braucht. keine deutsche Firma mit nennenswerter Identity Plattform (web.de? T-Online? \u0026ldquo;Login mit x\u0026rdquo;). keine deutschen Ressourcen im 3D-Asset Tooling, Produktion, \u0026hellip; Markt. keine deutsche Film/Fernseh/Lit Industrie zur Produktion von IP, Stories, die weltweit wiedererkennbare Kultur prägen, die man verkaufen kann. Deutscher Blick geht nach innen, ins eigene Land, nicht auf einen Weltmarkt. Vergleiche dabei Korea: koreanische Produktionsketten in K-Pop; die \u0026ldquo;cultural technology\u0026rdquo; die andere Stile und Kunstrichtungen aufgreift und in K-Pop integriert; Produktionspipelines für Stars und Sternchen, aber auch für IP (beginnend). Im Vergleich ist Deutschland essenziell wehrlos und angehängt.\nToxisch-dystopische Interpretation Das \u0026ldquo;Eigentum\u0026rdquo; in einer simulierten Realität sieht aus wie Eigentum, ist aber virtuell und kopierbar. Es kommt im virtuellen zur einer Entfernung von Ressourcenknappheit bei der Produktion, aber \u0026ldquo;Wert\u0026rdquo; entsteht nur, wenn die Ware künstlich verknappt wird beim Konsum.\nDie Zollhaus-Stellen, Plattformbetreiber haben volle Markttransparenz, und können das Freizeit-Konsumverhalten jeder Person genau ausmessen. Sie wissen, was Du siehst und hörst, was Du benutzt, welche Stile Dir zusagen und können diese Information gegen Geld an Kreative verkaufen, und verkaufen den Kreativen auch gegen Geld den Zugang zu Dir.\nEin Freund von mir:\nNur ein halber Witz: man muss in Zukunft bei Geburt eines Kindes als Erstes entscheiden muss, ob es Apple-, Google- oder Facebook-Angehöriger wird und der Name erst danach entsprechend den Regeln des Dienstes festgelegt wird. Wechsel zwischen den Services ist dann komplex wie eine Emigration nach Nordkorea.\nZentraler Bestandteil bezüglich der Verknappung auch DRM, hier unter dem Modenamen \u0026ldquo;NFT\u0026rdquo; - \u0026ldquo;NFT\u0026rdquo; ist das Blockchain Wort für DRM, nur zusätzlich mit Umweltvergiftung durch Energieverschwendung. Unikate gibt es nur mit:\nRechner zunageln, TPM, in-game nur lizenzierte Assets und Mods verwendbar, und NFT Laser Eyes Kryptoscheisse, die den Planeten verbrennt. In diesem Kontext ist auch das aktuelle Engagement von Epic im NFT Misthaufen zu lesen sehen. Daher: korrekte Standards sind wichtig, und Identität ist die Grundlage für \u0026ldquo;Eigentum\u0026rdquo;. Das braucht nicht nur keine Blockchain, es funktioniert auch besser ohne - die Plattformen sind eh zentral.\nDer Freund kommentiert wieder:\nEs geht darum, dass die Leute aus dem Universum nicht rauskommen können (Stichwort: Hyperinklusion). Sie kaufen in Metaverse-Shops, daten ihre Partner in Metaverse-Locations, sehen nur noch Werbung für im Metaverse verfügbare Waren, können Metaverse-kritische Gedanken kaum noch formulieren. Es gibt keinen Public-Space mehr im Leben, alles ist Teil der gated community (Vgl. Verlust der Almende).\nDu hast vielleicht noch einen Wettbewerb zwischen x Metaversen, aber innerhalb eines Metaversums gibt es dann einen oder nur noch einen gesteuerten Wettbewerb. D.h. das Metaversum monopolisiert den Menschen in seiner Gesamtheit.\nDas ist ein bisschen wie die Minenstädte in den USA Ende des 19. Jhd. Der Shop gehörte der Mine, der Pfarrer arbeitete für die Mine, die Mine stellte Sheriff und Bürgermeister.\nEffektiv will FB durch das Metaversum ihr gegenwärtiges Social-Media-Monopol verewigen.\nDas führt thematisch zur Geldtheorie:\nCurrency Durch die CryptoCurrencies ist für die großen jetzt klar, dass die Geldschöpfung \u0026ldquo;up for the grabs\u0026rdquo; ist. Ein Metaversum wäre der perfekte Ansatz das \u0026ldquo;en passant\u0026rdquo; zu realisieren.\nAn dieser Stelle kommt dann gleich wieder das Epic Engagement bei \u0026ldquo;Cryptocurrentcies\u0026rdquo; zum Tragen. Das ist sehr problematisch: Metaversum und Produktion dort nimmt nur Ressourcen aus der realen Welt, produziert dort aber nicht. Am Ende wird die reale Welt ärmer, dort leben wir aber. Was heißt das langfristig für Wertschöpfung und Geld?\nMaterial URL-Sammlung\nUnsortierte Seitenlinien Immature Market, Geschäftsmodell existiert noch nicht als erprobter Business Plan (Cynefin Chaotic) Einzelne Firmen weiter (Liste oben), Cynefin Complex Alle Firmen unvollständig aufgestellt. Akquise schwierig, wen kaufen? Und die zu kaufenden Firmen sind selbst noch nicht fertig: Integration auch schwierig.\nGolem \u0026ldquo;Auf der Suche nach dem Wal\u0026rdquo; \u0026ldquo;Auf der Suche nach dem Wal \u0026rdquo;, Videospiele Growth Manager, ein Bericht. Richtige Richtung, zu kurz, erklärt aber die Kette.\nIm Gegensatz zu einem typischen Videospiel, bei dem man versucht, so viele Leute wie möglich dazu zu bringen, einmalig 60 Dollar für ein Spiel auszugeben, will ein Free-to-Play Spiel so viele Leute wie möglich zum Spielen zu animieren. Sobald sie spielen, bemüht sich das Unternehmen, so viele digitale Güter wie möglich an sie zu verkaufen. Es gibt zwar eine Obergrenze dafür, wie viel man für ein Spiel verlangen kann, aber es gibt keine Obergrenze für die Zahl an sinnlosen digitalen Tokens, die man verhökern kann.\nMetaverse: Industrialisiere diesen Prozess und mainstreame ihn. Aspekte: Spielen nach Termin, Pay to Skip, Pay to Win.\nColorado Law Review Dark Patterns Link aus dem oa Golem Artikel.\n\u0026ldquo;When the Cat’s Away: Techlash, Loot Boxes, and Regulating “Dark Patterns” in the Video Game Industry’s Monetization Strategies \u0026rdquo;, Sektion \u0026ldquo;IV. Broad Guidance for Crafting Effective Dark Pattern Regulation in the Video Game Industry\u0026rdquo;\nEs gibt eine Feedbackschleife zwischen den Spieldesignern und dem Wal (der Person, die sinnlos investiert): Ungesund für beide Seiten, macht das Spiel schnell zu einem Spiel für wenige Vielzahler, und damit langfristig global schlecht; besondere Herausforderung beim Produktmanagement.\nMatthew Ball The Metaverse: What It Is, Where to Find it, Who Will Build It, and Fortnite : Original Metaverse Article\nMedienseite:\nBy the time Netflix launched its streaming service, much of Hollywood knew that the future of television was online (IP TV had been deployed in the late 1999s). The challenge was timing and how to package such a service (it took another 10 years for Hollywood to accept all of their channels, genres and content needs to be collapsed into a single app/brand).\nBall schreibt:\nThe Metaverse, we think, will be \u0026hellip;\nPersistent. Synchronous and live. Be without any cap to concurrent users, while also providing each user with an individual sense of “presence” Be a fully functioning economy Be an experience that spans both the digital and physical worlds, private and public networks/experiences, and open and closed platforms Offer unprecedented interoperability of data, digital items/assets, content, and so on across each of these experiences Be populated by “content” and “experiences” created and operated by an incredibly wide range of contributors The Metaverse is not…\nA “virtual world” A “virtual space” (2nd life) “Virtual reality” A “digital and virtual economy” A \u0026ldquo;game\u0026rdquo; A “virtual theme park or Disneyland” A “new app store” A “new UGC platform” Das ist natürlich Unsinn, es wird alle diese Dinge auch sein. Das ist alles Valley Hype, um The Next Internet als Begriff zu etablieren und eine gemeinsame Erzählung zu haben. Aber am Ende ist geht es genau um diese 8 Dinge die es angeblich NICHT sein soll.\nNeuere Artikel Serie, 9 Artikel lang dazu.\nFortnite Loyalty Program Es geht darum, User Engagement zu erhalten. Das Problem muss jedes MMO lösen, denn\nDie Leute leben nicht im Metaverse, die leben hier. Primärer Konsum ist Casual, nicht High End Gamer. Das ist die Schwachstelle des Konzeptes. Erst wenn das Ding zu einem ständigen Ort wird, kann es ein Metaversum werden. Das ist noch ein langer Weg: Meine VR-Brille steht hier ungenutzt rum (Oculus verkauft, wegen FB Zwang).\nDas ist so, weil \u0026ldquo;in VR zu gehen\u0026rdquo; ein Akt ist (aufbauen, kalibrieren), und die Brille isoliert (ich bin dann weg), und weil es nicht viele Spiele gibt, die das sinnvoll nutzen (Elite Dangerous, MSFS-2020, Moss, selten auch Space Pirate Trainer).\nEpic and Facebook: The Race called Metaverse Pastry Eth Thread Crypto Dummlall mit einigen guten Ideen, aber Illusionen über wie es laufen wird\n\u0026ldquo;1/5 of Facebook now working on AR\u0026rdquo;, für FB ist das Metaverse zur Zeit \u0026ldquo;Oculus\u0026rdquo;, \u0026ldquo;VR\u0026rdquo;. Das ist ein gefährlicher Tunnelblick (siehe oben \u0026ldquo;casual\u0026rdquo;). \u0026ldquo;The \u0026ldquo;Metaverse\u0026rdquo; is a virtual space created by the convergence of virtually enhanced physical reality, AR \u0026amp; the internet: Our current 2D search based version of the internet is giving way to a fully 3D immersive reality\u0026rdquo;: Das ist Quatsch, solange 3D nicht komplett Casual konsumierbar wird, und eine 3D Brille ist derzeit isolierend, schwer und verkabelt. 3D Assets in Pancake Games sind leichter und direkt zu verkaufen, jetzt. \u0026ldquo;Cosmetics\u0026rdquo; \u0026ldquo;The Metaverse is always “on” \u0026amp; is beyond the control of any individual. It exists in real time, can host any size audience, has a functioning economy, spans across platforms, provides interoperability for digital assets, \u0026amp; consists of the content and experiences its users create.\u0026rdquo; Das Konzept 2nd 2nd Life, und die \u0026ldquo;3D Shoppingmalls\u0026rdquo; der frühen 90er feiern fröhliche Urständ, als Konzept nicht falsch und gleichzeitig total falsch. 3D Events, die Presence ersetzen sind interessant, aber super hart. Auch hier Korean Cultural Technology, K-POP Konsum während COVID-19 (Pancake, large Audiences, Gemeinschaftserlebnisse, \u0026ldquo;VR\u0026rdquo; Nebensache) \u0026ldquo;In the Metaverse, the earning power for young creators won’t be limited to the top 1%. There will be an entire new era of young entrepreneurs making a living in virtual worlds, earning real value and steady income quicker than ever imagined.\u0026rdquo; LOL. In erster Linie geht es um Zollhäuschen entlang der Verwertungskette, mit dem durch Creators erschaffenen Mehrwert als Motor. \u0026ldquo;Creators who were once limited in their ability by technological constraints, lack of capital, time, or creativity, now have everything that is needed. What happens when physical objects are dematerialized? All formerly scarce materials become abundant.\u0026rdquo; LOL. DRM all the way ist notwendig, damit das funktioniert. Außerdem das Dauerversprechen vom Creators Paradise, wenn es tatsächlich um Monopolisierung der Wertschöpfungskette geht. Danach: Thread degrades in Laser Eyes Nonsense\nDigital Twins Digital twins will act as \u0026ldquo;foundations of the metaverse\u0026rdquo; and allow people to move between real and virtual spaces\nDas ist \u0026ldquo;2nd 2nd Life\u0026rdquo; Skeumorphism ist, was wir machen, wenn wir noch nicht wissen, was die Design Language für eine neue Welt ist. Die ersten Autos sagen aus wie Kutschen, die ersten Apple Anwendungen haben Rolodexe und Moleskine imitiert. \u0026ldquo;Digital Twins\u0026rdquo; sind dasselbe Konzept, aber für ein Metaversum.\nUnd die Kernidee:\nIn April 2020, music artist Travis Scott staged a virtual concert inside the game that was attended live by 12.3 million people. It was a global phenomenon that sent the American rapper to the top of all music charts and earned him a reported $20 million.\nLies: \u0026ldquo;OMG, jemand hat in einem Kinder-Battle Royale Spiel Geld verdient ohne zu metzeln, sondern mit traditioneller Medienarbeit\u0026rdquo; führt sofort zu \u0026ldquo;Alle Ideen von 2nd Life, von denen wir schon wissen, dass sie problematisch sind, feiern Wiederauferstehung.\u0026rdquo;\n\u0026ldquo;If the metaverse is an equivalent reality that coexists next to the physical reality, there needs to be a connection,\u0026rdquo; said Weir-McCall.\nIst es nicht, muss es nicht. Wenn es dann doch muss, eventuell eher AR als 3D-Modelle, denn Connection zur realen Welt hat man mit einer vollen VR-Brille eben nicht. Was ich oben über Casual Konsum sage.\nMein Freund merkt an:\nDigital Twins / Digital Shadows sind übrigens auch Begriffe um den die Datenspur von Leuten zu bezeichnen. Der Gesundheitsbereich versucht das ebenso zu etablieren, um anhand dieser Zwillinge Diagnostik betreiben zu können. Das wird auch noch einmal spannend, wie das mit dem Metaverse verbunden wird. Gerade aus Facebooks Sicht - welche Daten kann das Metaversum aus Deinem Avatar auslesen?\nFacebook Glass und Akzeptanz Bei Google Brille waren die Träger erkennbar, der Begriff Glassholes entstand. Mit Ray Ban ist das besser zu tarnen. Ray Ban hat keinen technischen Beitrag zu Oculus und AR, es geht nur darum, den Markennamen und das Design als Tarnung für Oculus zu nehmen, um den Google Glass Effect zu vermeiden. Außerdem ist AR mehr Casual als VR. Mode erlaubt auch einfacheren Neuverkauf, siehe auch Apple Watch Zubehör.\nLaser Eyes It’s gonna be epic to bring the squid game to the metaverse. Salute to your team! I am a big fan of the TV series. I am super excited to have a chance to participate in this game! LFG!!!\nNoch mehr Laser Eyes.\n","date":"2021-10-26T00:00:00Z","href":"https://blog.koehntopp.info/2021/10/26/metaverse.html","tags":["lang_de","computer","technik","media"],"title":"Metaverse"},{"categories":null,"content":"It occurred to me that I do not know nearly enough how git works, internally. The contents of the .git directory seem to be accessible enough, so I am going on a Safari in the git repository of this blog. You can follow along if you check out the blog .\nRefs All things git live in .git. The thing we are working with seem to live in .git/refs:\n$ find .git/refs -type f .git/refs/heads/main .git/refs/remotes/github/main .git/refs/remotes/origin/HEAD .git/refs/remotes/origin/main .git/refs/remotes/origin/master .git/refs/stash Let\u0026rsquo;s have a look at .git/refs/heads/main and the .git/refs/remotes here.\n$ cat .git/refs/heads/main daad5e31926cdf8a3af0ecff517c4d5892b6f62a $ cat .git/refs/remotes/github/main daad5e31926cdf8a3af0ecff517c4d5892b6f62a $ cat .git/refs/remotes/origin/main daad5e31926cdf8a3af0ecff517c4d5892b6f62a Commits So it appears that all these things reference the same \u0026ldquo;thing\u0026rdquo;, daad5e31926cdf8a3af0ecff517c4d5892b6f62a. This appears to be a 40 character (40 * 4 bit = 160 bit) SHA-1 hash value. git has low level commands to type this, and print it.\n$ git cat-file -t daad5e31926cdf8a3af0ecff517c4d5892b6f62a commit $ git cat-file -p daad5e31926cdf8a3af0ecff517c4d5892b6f62a tree ba5a4ceb371d42d766832dae545ecf00b9194ea2 parent 75077bc79697ea1e37da496b1210ca26f3c66c2c parent b71d9463ad8c3b71bd279e88e74ce15e01de2aee author Kristian Koehntopp \u0026lt;kris-git@koehntopp.de\u0026gt; 1633513546 +0200 committer Kristian Koehntopp \u0026lt;kris-git@koehntopp.de\u0026gt; 1633513546 +0200 Merge remote-tracking branch \u0026#39;github/main\u0026#39; into main So this is a file of the type commit, and it contains ASCII lines that describe the commit. Attributes of the commit are a tree, zero or more parent commits, an author, and a committer, as well as a log-message. The author and commit lines contain a name, a mail address, a Unix timestamp and a timezone. We can convert that timestamp carefully :\n$ date -d @1633513546 Wed Oct 6 11:45:46 CEST 2021 We can also check out the things the commit points to: We will find that the parent entries also reference commits (the two commits that precede this one), and the tree entry references a tree object.\n$ git cat-file -t 75077bc79697ea1e37da496b1210ca26f3c66c2c commit $ git cat-file -t b71d9463ad8c3b71bd279e88e74ce15e01de2aee commit $ git cat-file -t ba5a4ceb371d42d766832dae545ecf00b9194ea2 tree Graphically, the highlighted part of the structure:\nThe commit daad5e31... has two parents: It is a merge commit of b71d9463... and 75077bc7...\nTree So a commit references a tree. A tree is a list of files and other trees, which function as subdirectories. Together they form a snapshot of the entire blog at this point in time (at this commit).\n$ git cat-file -p bf447432a99b33174809dbe10d1df43576a032b3 100644 blob 199ea559714ed3569a88ab932476b11444244885 .gitignore 100644 blob 09e9c05d0fcf4a403addb0b2b8ee613bc4bd4b1d CNAME ... 040000 tree f7fe2d64de25404f660561f7cfbce8d78bf05c09 _drafts 040000 tree fe33a062dcb4406a5ecf836ddeb1cfcd9ba85e8b _includes ... The important takeaway seems to be that git does not store changes made to a file, it stores full files. That is less inefficient than it sounds, because unchanged files will have the same hash. Things with the same hash will exist only once in storage, no matter in how many commits (or trees) they are being referenced.\nBlob And finally files: We can list their content, again, with the same tool. Using the -t and -s options we can also see their type and size.\nUsing 09e9c05d0fcf4a403addb0b2b8ee613bc4bd4b1d for the CNAME file from the tree above we get:\n$ git cat-file -t 09e9c05d0fcf4a403addb0b2b8ee613bc4bd4b1d blob $ git cat-file -s 09e9c05d0fcf4a403addb0b2b8ee613bc4bd4b1d 20 $ git cat-file -p 09e9c05d0fcf4a403addb0b2b8ee613bc4bd4b1d blog.koehntopp.info Diffs Diffs do not exist in git. They are instead generated on the fly, by comparing two trees. Again, this is less inefficient that one might think: All unchanged files will have also unchanged hashes and therefore need no consideration for a diff.\nFor objects with different hashes (but identical names), git then generates a diff.\nOther structures When you checkout, you ask git to construct a certain tree using a hash, a tag name, branch or anything else. Every time, git records the checkout in the reflog.\ndaad5e3 (HEAD -\u0026gt; main, origin/main, github/main) HEAD@{0}: checkout: moving from 8a650853c5525013800c42f68c92b4d431b7b97c to main 8a65085 HEAD@{1}: checkout: moving from main to 8a650853c5525013800c42f68c92b4d431b7b97c daad5e3 (HEAD -\u0026gt; main, origin/main, github/main) HEAD@{2}: merge github/main: Merge made by the \u0026#39;recursive\u0026#39; strategy. 75077bc HEAD@{3}: commit: fix 2021-10-06-empty-commits-and-other-wrong-tools-for-the-job.md 72ab462 HEAD@{4}: commit: fix 2021-10-06-empty-commits-and-other-wrong-tools-for-the-job.md ... You can use this list of commit hashes to reconstruct what you did, where known good locations are, and of course to return to them. This is essential to repair a git repository that somehow was changed unintentionally and that still contains important salvageable data.\nWe find the original data git uses in .git/logs/HEAD:\n$ tail -4 .git/logs/HEAD 72ab462c4d134b02da1e474d3edb9db201e7aecb 75077bc79697ea1e37da496b1210ca26f3c66c2c Kristian Koehntopp \u0026lt;kris-git@koehntopp.de\u0026gt; 1633508667 +0200 commit: fix 2021-10-06-empty-commits-and-other-wrong-tools-for-the-job.md 75077bc79697ea1e37da496b1210ca26f3c66c2c daad5e31926cdf8a3af0ecff517c4d5892b6f62a Kristian Koehntopp \u0026lt;kris-git@koehntopp.de\u0026gt; 1633513546 +0200 merge github/main: Merge made by the \u0026#39;recursive\u0026#39; strategy. daad5e31926cdf8a3af0ecff517c4d5892b6f62a 8a650853c5525013800c42f68c92b4d431b7b97c Kristian Koehntopp \u0026lt;kris-git@koehntopp.de\u0026gt; 1634064444 +0200 checkout: moving from main to 8a650853c5525013800c42f68c92b4d431b7b97c 8a650853c5525013800c42f68c92b4d431b7b97c daad5e31926cdf8a3af0ecff517c4d5892b6f62a Kristian Koehntopp \u0026lt;kris-git@koehntopp.de\u0026gt; 1634064654 +0200 checkout: moving from 8a650853c5525013800c42f68c92b4d431b7b97c to main Object storage git stores all things with a hashed name in .git/objects. The first byte (the first two letters) of the SHA-1 name make up a directory name, the rest goes into a file name. File content is stored compressed, using zlib.\nWe can check that using any programming language that supports zlib. Here in Python:\n# $ git log | head -1 # commit daad5e31926cdf8a3af0ecff517c4d5892b6f62a # # $ python3 # Python 3.8.10 (default, Jun 2 2021, 10:49:15) import zlib with open(\u0026#34;.git/objects/da/ad5e31926cdf8a3af0ecff517c4d5892b6f62a\u0026#34;, \u0026#34;rb\u0026#34;) as f: fi = f.read() data = zlib.decompress(fi) str = data.decode(\u0026#34;utf-8\u0026#34;) print(str) and\ncommit 333tree ba5a4ceb371d42d766832dae545ecf00b9194ea2 parent 75077bc79697ea1e37da496b1210ca26f3c66c2c parent b71d9463ad8c3b71bd279e88e74ce15e01de2aee author Kristian Koehntopp \u0026lt;kris-git@koehntopp.de\u0026gt; 1633513546 +0200 committer Kristian Koehntopp \u0026lt;kris-git@koehntopp.de\u0026gt; 1633513546 +0200 Merge remote-tracking branch \u0026#39;github/main\u0026#39; into main We see the file has a header, commit 333, terminated by a NULL byte. This assists in reconstruction a .git directory from fragments, if any structures are lost.\nIt is followed by the actual file contents, which in this case is a commit, in ASCII.\nThings in gits object storage can get orphaned or grow without size. Maintenance procedures exist that walk the various structures, identify orphaned objects and clean up things.\n","date":"2021-10-12T00:00:00Z","href":"https://blog.koehntopp.info/2021/10/12/understanding-git.html","tags":["lang_en","development","git"],"title":"Understanding git"},{"categories":null,"content":"This is how you can make an empty commit:\n$ git commit --allow-empty -m \u0026#34;Kick it\u0026#34; This has the disadvantage of also generating a commit message. Another way to achieve this seems to be\n$ git commit --amend --no-edit \u0026amp;\u0026amp; git push -f but that will make people hate you in other ways.\nSo lets stop and ask: Why would you want to make an empty commit?\nMost people want this because they attached a server-side action to a commit, a CI/CD activity.\nThis is wrong This is wrong in the same way writing Shell Scripts is wrong: It kind of works, but now you have another, worse problem and still no solution to the original problem.\nYou need to stop and question your life choices, and most importantly, wake up the engineer in you.\nBut I need to debug my CI/CD pipeline Kick it off using the tooling provided to you. Your environment has an API that is specifically built to enable you to do that. Use it.\nIn Gitlab: Triggering pipelines through the API In GitHub: Running a workflow using the REST API This not only works reliably, you can get proper error messages. On top of that, you just did not pee into your commit history.\nBut I need to redeploy, because I need a Terraform run after I just lost an instance This is fractally broken, there is breakage in your breakage.\nThe proper solution is a reconciliation loop of the kind Kubernetes has: Measure the existing state and compare it to the desired state. Then execute the actions necessary to transform the measured state into the desired state, in a loop.\nSo if you are not on K8s, you need to move to K8s or re-invent K8s for your environment, badly. Yes, Terraform, Harness and friends have it all wrong.\nErecting infrastructure quickly and portably across backends surely is nice, but assumes a properly functioning declarative environment. That is an environment where you describe the desired state of the infrastructure and the platform takes care of maintaining that desired state for you.\nMost platforms do not work that way. Some fake it, badly. For example, nobody uses AWS autoscalers to autoscale, but they surely are useful to protect your instance count.\nThe problem inside this problem And since we are talking about CI/CD pipelines: Don\u0026rsquo;t YAML them. Don\u0026rsquo;t JSON them. Don\u0026rsquo;t XML them.\nAll of these things surely are nice to describe static objects that have static properties. You can successfully use any of them to express the desired state of a thing in a declarative way.\nIf you see anything that looks like \u0026ldquo;foreach\u0026rdquo;, \u0026ldquo;when\u0026rdquo;, \u0026ldquo;unless\u0026rdquo; or similar, it\u0026rsquo;s procedural. These are control structures. They are part of programming languages. Which any of these three are decidedly not.\nProgramming in any of these three is wrong use of tooling, and you should not do it.\nYAML, JSON and XML are for declarative things. Python, Go and Rust are for procedural things. Bash is for interactive use only. Use the proper tooling for the job. Be an engineer.\nOtherwise, you\u0026rsquo;ll just get your old bash rsync deployment scripts back, in a harder to debug packaging, and wrapped in conditionals and loops in YAML \u0026ldquo;syntax\u0026rdquo;.\nThat is not what progress looks like. At all. Shoddy engineering begets pager calls, outages and suffering.\n","date":"2021-10-06T00:00:00Z","href":"https://blog.koehntopp.info/2021/10/06/empty-commits-and-other-wrong-tools-for-the-job.html","tags":["lang_en","devops","development"],"title":"Empty commits and other wrong tools for the job"},{"categories":null,"content":"Linus Neumann zitiert Prof. Norbert Pohlmann :\nIch glaube, das ist so. Diese 100%ige Sicherheit wird es nicht geben, und wenn der Chaos Computer Bild was findet, dann findet er das, und dann sagen wir, das ist gut. Und dann überlegen wir uns, wie wir das wieder schließen können und dann ist es wieder besser. Und dann können sie auch weiter suchen.\nAlso, ich glaube, wir brauchen auch eine andere Grundhaltung und es geht nicht immer um 100 %, sondern die 99 %, die reichen und wir müssen mit den Restrisiken umgehen. Neben ganz schnell reagieren auch natürlich auch Versicherungen oder wer übernimmt die Verantwortung, wenn was passiert. Das kennen wir ja alles.\nDas ist eine ganze Menge Stoff zum Entpacken und ich habe das auf Twitter mal getan. Dies ist die Volltextversion dieses Threads.\n99 % Sicherheit, was soll das bedeuten? Der CCC ist mein Sicherheitscheck Hackerterrorcybercyberversicherungen und der Umgang mit Restrisiken Wir werden sowieso gehackt, Aufgeben ist eine Option. Aber der Reihe nach:\n99 % Sicherheit, was soll das bedeuten? Auf Pluspora hat Rainer Sokoll einen Portscan von www.digital-enabling.eu veröffentlicht, bevor der Server panisch vom Netz genommen worden ist:\n~$ nmap -sT www.digital-enabling.eu. Starting Nmap 7.92 ( https://nmap.org ) at 2021-09-25 14:24 CEST Nmap scan report for www.digital-enabling.eu. (213.133.104.155) Host is up (0.037s latency). rDNS record for 213.133.104.155: www155.your-server.de Not shown: 935 filtered tcp ports (no-response), 51 closed tcp ports (conn-refused) PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 80/tcp open http 110/tcp open pop3 143/tcp open imap 222/tcp open rsh-spx 443/tcp open https 465/tcp open smtps 587/tcp open submission 993/tcp open imaps 995/tcp open pop3s 3306/tcp open mysql 5432/tcp open postgresql Nmap done: 1 IP address (1 host up) scanned in 55.71 seconds Wir sehen einen Server, der mehr Dienste produktiv ins Internet raushängt als ein übertrieben konfigurierter Honeypot, darunter ftp, mysql und postgresql. Das ist, wie man mir in der Kundenkommunikationsschulung beigebracht hat zu sagen, \u0026ldquo;keine empfohlene oder unterstützte Konfiguration\u0026rdquo;.\nWenn wir also sagen, \u0026ldquo;Sicherheit ist relativ\u0026rdquo; und \u0026ldquo;perfekte Sicherheit gibt es nicht\u0026rdquo;, dann ist es doch so, daß man da differenzieren kann. Es gibt eben besser und schlechter konfigurierte Systeme.\nUnd es gibt sogar dokumentierte und allgemein anerkannte Best Practices, in englischer und deutscher Sprache. Von denen wird erwartet, daß man sie umsetzt.\nDas nennt die deutsche Rechtsprechung nicht ohne Grund \u0026ldquo;Grundschutz\u0026rdquo; und \u0026ldquo;Stand der Technik\u0026rdquo;. Der Grundschutz, wie vom \u0026ldquo;Bundesamt für Sicherheit in der Informationstechnik\u0026rdquo; (BSI) veröffentlicht, hat viele Spezialhandbücher für besondere Anwendungszwecke. Der Grund-Grundschutz ist definiert in \u0026ldquo;SYS.1.1: Allgemeiner Server\u0026rdquo;.\nWie grundlegend ist der?\nDer Baustein \u0026ldquo;SYS.1.1 Allgemeiner Server\u0026rdquo; ist für alle Server-IT-Systeme mit beliebigem Betriebssystem anzuwenden.\nDas ist Amtsdeutsch für \u0026ldquo;Wenn Du das nicht machst, dann brauchst Du gar nicht weiter zu spielen\u0026rdquo;.\nIm Grund-Grundschutz SYS.1.1 gibt es Grund-Grund-Grundschutzanforderungen, im Kapitel 3.1 \u0026ldquo;Basis-Anforderungen\u0026rdquo;. Dort wird in SYS.1.1.A2 \u0026ldquo;Benutzerauthentisierung an Servern\u0026rdquo;, gleich nach der geeigneten Aufstellung des Gerätes, gefordert:\nFür die Anmeldung von Benutzern und Diensten am Server MÜSSEN Authentisierungsverfahren eingesetzt werden, die dem Schutzbedarf der Server angemessen sind.\nDas ist Amtsdeutsch für \u0026ldquo;Benutzeraccounts ohne Passworte darf es nicht geben\u0026rdquo;.\nDanach kommen ein paar Anforderungen aus früheren Versionen des Dokumentes und eine, die für Angriffe nicht relevant ist, und dann gleich als nächstes SYS.1.1.A6 \u0026ldquo;Deaktivierung nicht benötigter Dienste\u0026rdquo;:\nAlle nicht benötigten Dienste und Anwendungen MÜSSEN deaktiviert oder deinstalliert werden, vor allem Netzdienste.\nWir müssen den Portscan da oben im Licht dieser grundlegenden Grundanforderungen vom allergrundlegensten ersten Kapitel des Grundschutzes lesen, von dem es einleitend heißt\nDie folgenden Anforderungen MÜSSEN für den Baustein SYS.1.1 Allgemeiner Server vorrangig erfüllt werden.\nDas war nicht der Fall.\nDamit ist auch die 99 %-Latte gerissen. Es geht stattdessen darum, dass überhaupt die allerersten grundlegenden Basisanforderungen nicht erfüllt werden, die man braucht, um überhaupt ernsthaft Security angehen zu können.\nEs ist üblicherweise nicht möglich eine Maschine in der von Rainer Sokoll dokumentierten Konfiguration produktiv zu betreiben, wenn irgendein Auditor einmal auch nur oberflächlich über eine Systemkonfiguration geguckt hat. Wir können damit ausschließen, daß für dieses System und seine Betreiberorganisation ein Security-Review stattgefunden hat, und es ist wahrscheinlich, daß ein Sicherheitsprozess überhaupt nicht existiert.\nWie dem auch sei: Prozente sind bei Security ein schwieriges Maß. Ein kompromittiertes System ist ja nicht 43 % gehackt, sondern 100 % im Eimer.\nEin besseres Bild: Raising the bar.\n\u0026ldquo;Raising the bar\u0026rdquo; im Security-Sinne bedeutet üblicherweise, daß man den Personenkreis möglicher Angreifer verkleinern will, indem man versucht die Anforderungen höher zu schrauben, die ein erfolgreicher Angreifer an Ausbildung, finanzieller Ausstattung und Zeitaufwand mitbringen muss.\nAnders gesagt: \u0026ldquo;Unsere Systeme sind so konfiguriert, daß nicht jeder spaßorientierte Mensch auf Mate an einem langsamen Samstagabend in Quarantäne damit Karussell fahren kann.\u0026rdquo; wäre schon einmal ein guter Anfang.\n\u0026ldquo;99 % Sicherheit\u0026rdquo; würde in dieser Interpretation also bedeuten, daß 99 % der Population nicht in der Lage sind, die Installation im Vorübergehen mit dem Arsch einzureißen. Aber wenn einer vom 1 % das tut, liegt das System dennoch 100 % am Boden. Das ist eine wichtige Beobachtung, über die wir weiter unten noch einmal reden müssen.\nSo eine Konfiguration in der Produktion im öffentlichen Internet sagt aber auch etwas über die allgemeine Prozessreife in einer Organisation. Es ist statistisch eher ungewöhnlich, dass so konfigurierte Server mit sauberer und geplanter Software-Entwicklung von sicherheitskritischer Software korrelieren.\nBei Software, die sagen wir einmal Führerscheindaten verwaltet, wäre es aber schon wichtig zu wissen, daß ihr Entwicklungsprozess Anforderungen genügt, die es erlauben, Aussagen über die Software bezüglich Verhalten, Sicherheit und dergleichen zu machen. Man will mindestens erst einmal nachvollziehen können, was da an Komponenten drin ist, und wer da wann warum welche Änderungen mit welchem Ziel vorgenommen hat, um dann an Tests zu sehen, daß das funktioniert hat.\nDer CCC ist mein Sicherheitscheck Der CCC ist kein Sicherheitsdienstleister.\nAls ich zuletzt nachgesehen habe war der CCC eine Vereinigung von Leuten mit dem Ziel, Spaß am Gerät zu haben. Das kann auch Dein Gerät sein, aber das ist dann eher schlecht für Dich.\nAuf keinen Fall ersetzt das ein Sicherheitskonzept. Ein Sicherheitskonzept würde\nein organisatorisches und inhaltliches Konzept für die Anwendung haben, und dann einen Prozess, der dies in der Entwicklung umsetzt und dokumentiert, daß die Anforderungen erfüllt werden. Dann hätte man ein ebensolches Konzept für den Betrieb und einen Prozess, der dies im Betrieb umsetzt und dokumentiert, daß die Anforderungen erfüllt werden. Und ganz wichtig:\neinen Plan, der umgesetzt wird, wenn es dann doch schief geht. Denn es wird doch schief gehen - das sind dann die von Prof. Pohlmann angesprochenen Restrisiken. Hier sind ein paar Slides von Harald Wagener , basierend auf Ideen von Harald und ein paar noch älteren Slides von mir.\nEin Risiko Management Prozess ist wie jeder Prozess eine Schleife, bei denen man Angreifer und Angriffe identifiziert, Risiken bewertet, Maßnahmen gegen die Risiken definiert und umsetzt, und dann wiederholt. Die Maßnahmen können wir nicht beliebig weit treiben, denn betriebliche Notwendigkeiten setzen uns Grenzen: \u0026ldquo;Die Server abschalten und im Marianengraben versenken\u0026rdquo; ist keine Option. Damit bleiben uns Restrisiken, die eventuell versicherbar sind.\nDer Risiko-Managementprozess ist ein Prozess. Er unterliegt einer Evaluierung in der Retrospektive, und dann Anpassungen. Ich habe das am Beispiel einer Pizzeria anderswo schon einmal ausführlicher diskutiert.\nUnd während es super schwer ist, Security zu messen, gibt es immerhin Maße für Prozessreife, etwa das Capability Maturity Modell, über das wir auch im obigen Pizzeria-Beispiel reden.\nUnd das bringt uns zu\nHackerterrorcybercyberversicherungen und der Umgang mit Restrisiken Ich sagte weiter oben\nAber wenn einer vom 1 % das tut, liegt das System dennoch 100 % am Boden. Das ist eine wichtige Beobachtung, über die wir weiter unten noch einmal reden müssen.\nDas ist hier.\nEine HTCCV ist eine Versicherung, die Du abschließen kannst, um Schäden abzudecken, die auftreten, wenn Du dann doch gehackt wirst. Der Versicherer übernimmt dann die Kosten aus Forderungen gegen Dich, die im Nachgang zu so einem Hack auftreten.\nWenn Du so eine HTCCV haben willst, dann wird der Versicherer in der Regel seinen Taschenrechner anwerfen und Dir einen Tarif machen, der auf der Einschätzung Deiner Sicherheit durch einen von ihm beauftragten Auditor basiert.\nDas heißt, der Anbieter wird Dich nach den oben erwähnten Plänen für ein Risiko Management fragen, einen langen, strengen Blick auf die Pläne und ihre Umsetzung werfen, und danach die Prämie bemessen. Wenn er die Risiken für versicherbar hält.\nWenn man nach dem Anruf beim Versicherer ein paar Tastendrücke hört, ein irres Kichern und dann einen Klick in der Leitung, dann ist das eher nicht der Fall - siehe den Portscan ganz oben.\nAls Inhaber einer HTCCV wird man also regelmäßig, meist jährlich oder im jährlichen Wechsel mit einer Datenschutz-Prüfung die Auditoren im Haus haben. Sie werden jedes Mal einen grundlegenden Überblick haben wollen und jedes Jahr ein anderes Thema zur besonderen Vertiefung auswählen.\nDamit hat man auch den von mir oben geforderten Test mit Audit als Teil der Versicherungsauflagen. Meiner persönlichen Erfahrung mit solchen Auditoren nach finden sie solche verscharchten Setups wie das ganz oben in weniger als 15 Sekunden. Das deutet darauf hin, daß auch eine HTCCV für dieses Projekt eher nicht bestand.\nWir werden sowieso gehackt, Aufgeben ist eine Option. Der Satz \u0026ldquo;Hundertprozentige Sicherheit gibt es nicht\u0026rdquo; wird gerne als erster Halbsatz der Aussage verwendet, die mit \u0026ldquo;und darum brauchen wir uns gar nicht anzustrengen.\u0026rdquo; endet. Das ist auch der Tenor von Prof. Pohlmann oben.\n\u0026ldquo;Hope is not a strategy \u0026rdquo; ist nicht nur ein beliebtes Zitat, sondern auch ein gerne von Google SREs verwendetes Motto.\nAuch dem Laien ist intuitiv klar, dass \u0026ldquo;Aufgeben\u0026rdquo; keine skalierbare Strategie ist. Ich habe hier versucht zu erklären, warum die Laien-Intuition genau auf den Punkt ist.\nDarum reden wir von Schutzlevel, \u0026ldquo;raising the bar\u0026rdquo; und wenn wir von Prozenten reden, dann eher mit Hinblick auf \u0026ldquo;wie viel Prozent von wären denn in der Lage, einen ernstzunehmenden Angriff vorzutragen?\u0026rdquo; Also wieviel Zeit, Kapital und Ausbildung braucht ein Angreifer, um uns gefährlich werden zu können?\nWenn es also in der Gemeinschaft von technikaffinen Personen auf Mate Vorbehalte gegen dieses Führerschein ID-Wallet gibt, und Widerspruch gegen die Haltung von Prof. Pohlmann, dann deswegen.\n","date":"2021-10-02T00:00:00Z","href":"https://blog.koehntopp.info/2021/10/02/99-secure.html","tags":["lang_de","security","ccc"],"title":"99% secure"},{"categories":null,"content":"Es beginnt mit einem Tweet von Manuel Atug :\n\u0026ldquo;Wegen Überlastung der Server: #Notruf-App vorerst nicht mehr in App-Stores\u0026rdquo;\nund der Tweet verlinkte einen (inzwischen nicht mehr existierenden) Artikel beim Deutschlandfunk. Christoph Petrausch erklärt, wie solche Projekte falsch laufen können:\nSowas erfordert eine Fehlerkultur. Du musst als Organisation in der Lage sein, nach so einem Incident einen Schritt zurückzutreten. Alle Fakten auf den Tisch zu legen und zu fragen: Warum kam es dazu? Wo liegen die Probleme? Und daraus musst du dann für das nächste Mal lernen.\nUnd das ist sehr schwer, wenn du in einem Konglomerat aus Dienstleister und Konsortien sitzt. Da sind nämlich Verträge und Vertragsstrafen im Weg. Wenn der Dienstleister sagt: \u0026ldquo;Yes, da haben wir nicht nach State auf the Art gearbeitet\u0026rdquo;, kommt gleich der Anwalt vom Auftraggeber.\nIT-Projekte Ich schrieb dazu :\nChristoph Petrausch schneidet hier ein weiteres sehr unangenehmes Thema an:\nWenn man mit mehreren externen Dienstleistern arbeitet, dann ist es auf viele Weisen schwieriger einen Projekterfolg zu haben. Denn der Dienstleister arbeitet nicht für den Projekterfolg, sondern primär für den Vertrag. Das muss er tun, um sich abzusichern, aus den von Christoph genannten Gründen.\nÄndern sich die Anforderungen des Projekts oder sind in Teilprojektphasen Learnings aufgetaucht, die man in den folgenden Projektphasen einfließen lassen möchte, dann ist das alles schwierig. Denn Nachsteuern ist dann eine Vertragsänderung, mindestens eine Anpassung des Statement of Work. Wahrscheinlich wird man jedoch auch das Finanzielle nachregeln müssen.\nDas Projekt wird dadurch schwieriger steuerbar und langsamer, weil jede Anpassung auf einmal ein Verwaltungsakt ist.\nGenerell steigen die Projektrisiken mit jeder administrativen Grenze überproportional an: hier mein Amt, dort Dein Dienstleister. Das ist so, weil sich Verzögerungen auf dem Dienstweg, Nachrichtenverfälschungen durch Stille Post und dergleichen mehr akkumulieren.\nMit einer steigenden Anzahl von Projektpartnern (\u0026ldquo;administrativen Einheiten\u0026rdquo;) steigen auch die Kommunikationsbeziehungen, der Verhandlungsbedarf und die auszugleichenden Interessen an: (n * (n-1)/2 → n^2).\nAnzahl der Kommunikationsbeziehungen bei 3 (3), 4 (6), 5 (10) und 6 (15) Projektpartnern.\nDas ist einer der Hauptgründe für Kostenexplosionen und Verzögerungen bei solchen Projekten: Vertragsstrukturen und Kommunikations- und Verhandlungsaufwand machen es schwer, die Ziele aller Projektbeteiligten kohärent zu halten und das Projekt schnell auf geänderte Anforderungen anzupassen.\nBärcode Nun mache ich diese IT-Sache schon mehr als 35 Jahre, und dort ist es meiner Erfahrung nach immer so, daß sich die Anforderungen im Laufe des Projektes ändern und man dann das Projekt anpassen muss.\nSelbst bei so simplen Sachen wie baercode.de , den ich ehrenamtlich beratend begleitet habe, und die technisch korrekt und im Zeit- und Kostenbudget waren ist es so, daß die zusammenbrechende Kontrollpraxis zeigt, daß man einen wirksamen Test- und Covid-Pass eigentlich grundsätzlich anders gestalten muss.\nIn einer weiteren Iteration (die nicht geplant ist) würde man grundsätzlich und viel aufwendiger an das Problem herangehen müssen. Das ist aber etwas, das zum Zeitpunkt des Requirement Engineerings nicht absehbar war. Es wäre auch nicht durchsetzbar gewesen, hätte jemand zu diesem Zeitpunkt damals die Anforderung eingebracht.\nExperiment early In meinem Hauptberuf ist es so, daß mein Arbeitgeber deswegen unfertige Features so schnell als möglich in der Produktion testet.\nSlideshare 8 Rollouts a Day Es geht darum, die Requirements zu validieren. \u0026ldquo;Ist diese Idee wirklich geeignet, das Problem zu lösen?\u0026rdquo;\nAls Webanwendung und als Anwendung, die nicht mit hoheitlichen oder medizinischen Daten arbeitet, sind wir da in einer privilegierten Position. Wir können dann mit relativ wenig Aufwand früh experimentieren, solange wir uns aus PII und PCI heraushalten.\nHIPPO: HIghest Paid Persons Opinion. Experiments kill HIPPOs.\nWeil wir das eigentliche Feature mit so wenig Entwicklungsaufwand als möglich implementieren können wir früh sehen, welche Änderungen an der Website uns reicher machen. 19 von 20 Ideen scheitern in dieser Experimentierphase.\nDas Experiment dient dazu, eine minimale (oder Fake-) Implementation eines Features auszumessen. Dabei ist ausschließlich interessant herauszufinden, ob die Requirements bei echten Usern überhaupt Sinn ergeben.\nWir wissen dann jedoch auch, wieviel reicher uns so ein Feature macht, und weil das so ist, können wir den Einsatz von Entwickler-Kapazitäten viel besser steuern: Entwickler arbeiten nur an Dingen, von denen wir wissen, daß sie Mehreinnahmen generieren, und wieviel Mehreinnahmen das sind. Wir können dann den Aufwand beim Engineering gegen den Gewinn abwägen.\nDas geht nur im Haus. Das kann nicht outsourcen. Denn nur dann ist eine informale, enge Steuerung mit Umsetzungszeiten für Steuerungsinput im Bereich von Stunden möglich . Tagen oder gar Wochen würden jede Form von Experimentieren scheitern lassen.\nInsourcing und Outsourcing vs. Marktreife und Prozessreife Expertise im Haus ist wichtig, um beurteilen zu können, was Dienstleister machen. Dan Luu hat dazu einen interessanten Artikel geschrieben.\nEigene Experten sind jedoch noch wichtiger, wenn man neue Dinge ausprobiert, und man deswegen das Projekt eng steuern muss.\nSlideshare \u0026ldquo;Go away or I will replace you with a very tiny shell script \u0026rdquo;, Marktreife und Prozessreife\nDas ist auch alles kein Hexenwerk, sondern lange bekannt.\nWenn man neue, unerprobte Dinge macht, ist man im Chaotischen Quadranten des Cynefin Models und macht Forschung. Dazu braucht man eine kleine Gruppe von Experten, die sich darauf konzentriert, Regeln und Gesetzmäßigkeiten (\u0026ldquo;überhaupt Practice\u0026rdquo;) zu finden.\nIn der deutschen Pipeline ist das ein Uni-Projekt, in dem Professor/innen irgendwelche Ideen ausprobieren, von denen die Mehrheit auf irgendeine nicht offensichtliche Weise egal oder falsch ist. Aber das herauszufinden ist genau Sinn der Sache: Die Mehrheit dieser Versuche scheitert, genau wie wir beim Requirements Engineering 19 von 20 Experimenten im Test scheitern sehen.\n\u0026ldquo;Complex\u0026rdquo; ist der Engineering-Quadrant, in der wir versuchen, als funktionierend bekannte Grundideen hoch zu skalieren, und in der Masse anwendbar zu machen. Hier braucht es mehr als ein Team, mit einem der Theoretiker aus der vorigen Phase als Beratung und vielen Praktikern (\u0026ldquo;Ingenieuren\u0026rdquo;) in den Teams, die immer noch so klein als möglich sein sollten.\nIdealerweise hat man zwei oder drei konkurrierende Ansätze mit überlappenden Zielsetzungen, von denen dann hoffentlich einer diese Phase überlebt. Aus dieser bekommt man dann einen Satz Handlungsanweisungen (\u0026ldquo;Wiederholbare Practice\u0026rdquo;) und gute Ratschläge (\u0026ldquo;das da ist kritisch!\u0026rdquo;). Das kann man dann schrittweise Ausrollen und mit Feinkorrekturen in die Fläche bringen. Dabei kommen auch Dienstleister und deren Training ins Spiel.\nProzessreife: Ohne quantitative Metriken ist Outsourcing meist zum Scheitern verurteilt.\nDas geht halt aber erst genau dann, wenn man Prozesse mit Metriken hat. Das bedeutet: wenn man Erfahrung hat, was man messen muss und wie - auf beiden Seiten der Vertragsgrenze.\nWenn der Prozess noch nicht reif genug ist und man gar keine Metriken hat, ist Einigkeit zwischen Auftraggeber und -nehmer schwierig. Dasselbe Problem hat man, wenn der Prozess noch zu schnell wächst, um ohne grundlegende Änderungen wiederholbar zu sein.\nWenn man - aus welchem Grund auch immer - solche Metriken nicht hat, oder nicht haben kann, weil es noch nicht so weit ist, dann kann man nicht outsourcen, also keinen Dienstleister verwenden.\nWarum ist das so?\nWeil man gar keine Grundlage hat, auf der beide Parteien beurteilen können, was verkauft und was geliefert worden ist, und ob das so okay ist. Solange das Projekt oder Prozess-Produkt noch weich ist, weil es noch in der Forschungs- oder Engineering-Phase ist, kann man nicht richtig sinnvoll mit externer Expertise arbeiten, weil niemand weiß, wie es geht.\nDann ist Expertise im Haus absolut notwendig.\nBlameless Postmortem Christian Petrausch weist noch auf einen weiteren kritischen Baustein hin, der absolut zwingend notwendig ist, und der über Vertragsgrenzen hinweg nur sehr, sehr schwierig zu realisieren ist:\nBlameless Postmortem.\nWenn irgendwo ein Flugzeug ein Unglück hat, wenn irgendwo ein Patient verstirbt, wenn irgendwo in einer gut geführten Softwarefirma eine Outage war, dann setzen sich alle Gruppen zusammen und versuchen herauszufinden, wie der Prozess defekt ist, der dazu geführt hat.\nDie Annahme ist, daß alle Beteiligten mit den besten Absichten und im Rahmen ihrer Fähigkeiten und zum Zeitpunkt der Entscheidung verfügbaren Informationen gehandelt haben.\nWenn also die Produktion ausfällt, weil Du (aufgrund der Monitoring-Daten, des Runbooks und Deiner Erfahrungen) angenommen hast, daß (A) der Fall war und deswegen (H) gemacht hast, aber in Wahrheit lag (B) vor und (H) hat alles gecrasht, \u0026hellip;\ndann ist es ein Problem, wenn die Monitoring-Daten zu langsam aufbereitet worden sind, wenn nie alle wichtigen Dinge gemessen worden sind, wenn das Runbook unvollständig oder unklar ist, oder wenn Du unzureichend ausgebildet worden bist. Es ist außerdem zu prüfen, ob diese Entscheidung (H) zu machen überhaupt manuell zu treffen ist, und ob dann eine manuelle Handlung initiiert werden muss.\nKurz: Der Blameless Postmortem konzentriert sich nicht darauf, wer die Produktion gecrasht hat, sondern welche Kette von Entscheidungen dazu geführt hat, dass die gerade Dienst habende Person die Produktion crashen musste.\nSo eine Diskussion über die Grenzen von Firmen, Verträgen, Statements of Work und mögliche Schadensersatzforderungen durchzuführen ist nahezu unmöglich, oder jedenfalls im Haus sehr viel einfacher.\nWieder braucht es dazu aber auch in der öffentlichen Verwaltung eine andere Kultur: einen grundlegenden Wandel, ein Bekenntnis zu Offenheit, Transparenz, Kooperation und Open Source. Solange sich das nicht ändert, wird sich die Tragödie vom Scheitern der Digitalisierung in der deutschen Verwaltung wieder und wieder und wieder wiederholen.\n","date":"2021-10-01T00:00:00Z","href":"https://blog.koehntopp.info/2021/10/01/projektschmerzen.html","tags":["lang_de","politik","computer"],"title":"Projektschmerzen"},{"categories":null,"content":"Golem titelt Intel will Xeon-Funktionen als Lizenz-Update verkaufen :\nIntel will Xeon-Funktionen als Lizenz-Update verkaufen.\nMit dem Software Defined Silicon will Intel in Xeon-Hardware zunächst abgeschaltete Funktionen künftig als Lizenz-Upgrade bereitstellen.\nManuel Atug ranted darüber auf Twitter:\nWenn dir die eigene Hardware nicht mehr gehört\u0026hellip; Intel will Xeon-Funktionen als Lizenz-Update verkaufen \u0026ldquo;Mit dem Software Defined Silicon will Intel in Xeon-Hardware zunächst abgeschaltete Funktionen künftig als Lizenz-Upgrade bereitstellen.\u0026rdquo;\nIch antwortete :\nDas braucht wesentlich mehr Kontext.\nXeons sind selten und haben nicht viele Kunden Intel stellt zurzeit eine sehr kleine einstellige Anzahl Millionen Xeon CPUs her. Davon gehen 85 % an weniger als 10 Kunden - Hyperscaler in den USA und China. 12 % oder so gehen an ca. 150 Kunden, die messbare Stückzahlen der Produktion aufkaufen. Der Rest sind Kleinkunden.\nDas ist eine sehr ungesunde Marktstruktur, und Intel weiß um die Probleme, die das mit sich bringt. Dies ist keine neue Situation, sondern war schon ein Problem, bevor Apple mit ARM losgelegt hat und AMD mit dem EPYC auf den Markt kam. Diese beiden Ereignisse haben die Situation aber noch verkompliziert.\nDazu kommt noch, dass die obigen Prozentangaben nach Stückzahlen sind, nicht nach Core-Count. Denn ansonsten sähe die Situation noch extremer aus: Hyperscaler haben Interesse an immer größeren CPUs mit immer mehr Kernen, und immer höherer Dichte in ihren Rechenzentren. Hyperscaler haben CPU Utilization und Return-per-Core als KPI und wollen Custom Silicon zum Auslagern der Virtualisierung, für das Netz, oder spezielle Tensorflow CPUs.\nNormale Kunden sehen das nicht so: man kann in einer 64C/128T-Core-Single-Socket-Konfiguration mit 2-4 TB RAM unter Umständen den gesamten Serverbedarf einer kleineren Firma in einer einzelnen physikalischen Maschine in VMs unterbringen. Das Problem dabei: Explosionsradius, wenn mal etwas ausfällt.\nCloud und On-Premise driften auseinander Effektiv bewirkt dies, dass die Bauweise der Rechner, die in der Public Cloud Dienst tun, und die Bauweise der Rechner in den Rechenzentren normaler Leute stehen auseinander driften. Das fängt heute an, aber der Bruch wird sich in den kommenden 5-10 Jahren noch vertiefen.\nEin Xeon-Markt für Hyperscaler ist groß, aber der Xeon-Markt \u0026ldquo;Server CPU für Cloud-Feinde\u0026rdquo; wird eher klein sein und schrumpfen. Und wird sich dann irgendwann nicht mehr lohnen.\nDavon mal abgesehen wird durch die laufend verbesserte Integration Chipfläche frei, und Intel muss sehen, was damit anzufangen ist, wenn es nicht \u0026ldquo;immer mehr Cores\u0026rdquo; sein können. Software Defined Silicon ist ein Testballon, mit dem man das herausfinden kann. Für die Firma wäre es schon wichtig, das herauszufinden: von oben drücken die Hyperscaler mit ihren Forderungen nach Mengenrabatten, von der Seite drängt AMD mit ihrer derzeit überlegenen EPYC-Architektur in den Markt und von unten drückt ARM.\nVielen Kunden können diese Pay-to-Play Features egal sein: Eine Webshop-Workload sieht in einem Intel vTune aus wie ein REP MOVSB Benchmark, memcpy() at scale, Variablen werden in HTML Templates eingesetzt.\nSogar die FPU und die ganzen AVX-Instruktionen - das ist alles Verschwendung von Chipfläche für die meisten Kunden. Nur wenige Anwendungen brauchen und nutzen diese Funktionalität in der CPU wirklich.\nMan stelle sich vor, man muss zum Beispiel für einen Inference Offloader (\u0026ldquo;bestehende Machine Learning Netze ausführen, nicht lernen\u0026rdquo;) bezahlen, und dann wird der auf den meisten Maschinen nie angewendet. Aber eine Serie CPUs herstellen, die diesen Inference Offloader hat, ihnen eine eigene Seriennummer zu geben und sie einzeln zu verkaufen will auch keiner. Die Stückzahlen und die Preise geben das nicht her.\nDer Marktdruck zeigt zur Cloud Wenn aber absehbar ist, dass in 5-10 Jahren die Trennung von Cloud-Hardware und On-Premise Hardware vollzogen sein wird, dann ist es auch klar, dass es nach Ablauf dieser Zeit nicht mehr möglich sein wird, ein Rechenzentrum mit Private Cloud kompetitiv zu betreiben. Das wird so kommen, weil die Cloud-Technik schlicht proprietär und für normalsterbliche Kunden nicht zu haben sein wird.\nBei der Technik und der Wirtschaftlichkeit zeigen alle Push- und Pull-Faktoren derzeit massiv in Richtung Cloud. Wer sein Unternehmen und seine IT darin nicht mit Gewalt und jetzt in die Public Cloud bringt, der wird nach dem Vollzug dieser Trennung in die Röhre schauen.\nEigene Server vor Ort sind - bei vorhersagbarem Bedarf - auf viele Weisen billiger als in der Cloud zu mieten. Aber man muss dann auch die eigenen Operations professionalisieren und man muss sich überlegen, wo in 5-10 Jahren die Technik herkommen soll.\nUnd wenn wir uns noch einmal die eingangs diskutierte Kundenstruktur von Intel ansehen, dann gibt es weniger als 200 Unternehmen weltweit, die dazu die erforderliche Masse haben. Das ist sehr frustrierend.\n","date":"2021-09-30T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/30/software-defined-silicon.html","tags":["lang_de","computer","cloud"],"title":"Software Defined Silicon"},{"categories":null,"content":"I ranted about hiring interviews, and the canned questions that people have to answer. One of the interviews we do is a systems design interview, where we want to see how (senior) people use components and patterns to design a system for reliability and scale-out.\nA sample question (based on a Twitter thread in German):\nIt is 2010, and the company has a database structure where a fixed number front end machines form a cell. Reads and writes are already split: Writes go to the primary of a replication tree, and are being replicated to the read instance of the database in each cell. Reads go to the database instance that is a fixed part of the cell.\nRead and write handles are split in the application. Clients write to a primary MySQL database, which then replicates to a database instance that is fixed part of a cell. Clients from a cell read from this fixed replica.\nUnfortunately, this is not very effective: The data center has 10 cells, but when a cell overloads its database, spare capacity from other cells cannot be utilized. Also, the data center is not redundant.\nWe want to:\nLoad balance database queries. Extend the architecture to more than a single data center (or AZ). Optionally be resilient against the loss of individual databases or a full AZ. Possible topics or annotations from a candidate:\nWhat kind of strategies are available for load balancing database connections? DNS, Anycast or L2 techniques Proxy (but not a web proxy) Zookeeper or another consensus system with modified clients What are the advantages or disadvantages of this? L2. Huh. Don\u0026rsquo;t do that. DNS updates are slow and complicated. It can be made to work, but you will always have very little control over what is balanced why and how. DNS is better used for a global load balancing of http requests, and not as a database load balancer. Zookeeper could be used to do this with modified clients, but we would have to discuss how exactly that works. That\u0026rsquo;s an interesting sub-question of its own. MySQL Router or ProxySQL are made for that, but have a lot of interesting sub-questions of their own. See below. What else may be different when load balancing database connections instead of http? web-proxies are not good database proxies. The database protocol is not http, and it is a stateful protocol . This requires extra care when load balancing. Database connections can be long-lived. A load balancing action to a different client only ever happens on connect. If you disconnect and reconnect only every 100 web actions or so, it is possible for the system to rebalance slowly. On the other hand, if you are using TLS\u0026rsquo;ed connections, connection setup cost can be high, so longer lived connections amortize better. Database connections have a highly variable result set size. A single select may return a single value of a single row, or an entire 35 TB table. If the proxy tries to be too intelligent and does things with the result as it passes through, it can die from out of memory. Proxies can become bottlenecks. Imagine 50 frontends talking to 10 databases via a single proxy on a typical 2010-box with a single (or two) 1 GBit/s network interface, and results contain BLOBs. What else there is to know? Replication scales only reads. As this is a shared nothing architecture, each instance eventually sees all writes. To scale writes, we have to split or shard the database. That is out of scope for this question. In our specific scenario, the number of writes is not actually a problem. We can assume a few hundred writes per second. Can we extend that to more than one AZ? Yes, we can create an intermediate primary in each AZ, which takes the writes from the origin AZ into each sub-AZ. It then fans out to the local replicas. This saves on long distance data transfer. It also creates mildly interesting problems for measuring replication delay. Because the replication tree is deeper, writes take longer to reach the leaves. Most applications should be able to accommodate that. The alternative would be something with full Two-Phase-Commit, but that would be even slower, and would have scaling limits in the number of systems that participate in the 2PC. This is usually how far we get in a single interview session, and only with touching only on some of these points. To find all is completely unrealistic, even for experienced people. We would now reach a point where we discuss failure scenarios.\nBut it would be highly unusual to get this far, and that is not actually the goal in an interview. I do in fact hardly care about the solution we end up with. My goal is to have a useful discussion about databases, scale-out and resiliency, and about stateful systems and their limits. When there are remarks such as \u0026ldquo;Our environment is smaller, but for us \u0026hellip; works\u0026rdquo; or \u0026ldquo;We tried this: \u0026hellip; but observed that often \u0026hellip;\u0026rdquo; that\u0026rsquo;s actual gold in an interview.\nEven things such as \u0026ldquo;In HTTP one would do \u0026hellip; but I can imagine that with stateful systems that does not work because \u0026hellip;\u0026rdquo; is already gold, because it shows a level of reflection and insight that is rare.\nThe objective is not to reinvent our 2021 setup. The objective is to use this clearly limited setup as a base for a common conversation about database problems.\n\u0026ldquo;Database Reliability Engineer\u0026rdquo; is the hardest position to hire for in my environment, because it is an H-shaped qualification The concept of H-shaped people is a metaphor used in job recruitment to describe the abilities of individuals in (or outside) the workforce. The vertical bars on the letter H represent the depth of related skills and expertise in a single field or discipline, whereas the horizontal bar is the ability to combine those two disciplines to create value in a way that was hitherto unknown.\nThe objective is to find a person that \u0026ldquo;Understands MySQL\u0026rdquo; and \u0026ldquo;Understands Python or Go\u0026rdquo; (\u0026ldquo;Understands any database\u0026rdquo; and \u0026ldquo;Understands a useful programming language\u0026rdquo;), so that I can throw them at our existing codebase and have them useful within 3-6 months - ugh.\nIf I can find one person per year, I am very lucky.\n","date":"2021-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/27/mysql-booking-2010-a-hiring-interview-question.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Our MySQL in 2010, a hiring interview question"},{"categories":null,"content":"My task is to collect performance data about a single query, using PERFORMANCE_SCHEMA (P_S for short) in MySQL, to ship it elsewhere for integration with other data.\nIn a grander scheme of things, I will need to define what performance data from a query I am actually interested in. I will also need to find a way to attribute the query (as seen on the server) to a point in the codebase of the client, which is not always easy when an ORM or other SQL generator is being used. And finally I will need to find a way to view the query execution in the context of the client code execution, because the data access is only a part of the system performance.\nThis is about marking a query so that it can be identified in source and attributed to its origin in the codebase.\nIn my scenario, I have control over the ORM or DAO. I can look at the stackframe, identify the caller of the execute function and put filename and line number or other identifying information into the generated query text. I could also get identifiers (\u0026quot;tracing ids \u0026quot;) from the caller and pass them on, so the query execution can be a child span of the ORM call that made the SQL and ran it.\nWhat will work?\nComments are stripped from P_S Let\u0026rsquo;s try comments first. The manual knows three kinds of comments in MySQL:\n/* ... */ C-like comments. # ... Shell-like comments. -- ... Not quite SQL-like comments. With preserved comments I could put identifying information into the query string, and later extract it from P_S. I could use this information to attribute the query and link it to its origin in code.\nIn one connection, I issue\nmysql [localhost:8025] {msandbox} (kris) \u0026gt; select /* keks */ * from t;m t; ... 8192 rows in set (0.00 sec) The result set is irrelevant, but I put a comment with /* ... */ into the query string.\nIn P_S, I find\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select sql_text from events_statements_history where thread_id = 47 order by event_id desc limit 1; +------------------+ | sql_text | +------------------+ | select * from t | +------------------+ 1 row in set (0.00 sec) The comment has been stripped, you can still see the double spaces.\nOld-fashioned SQL comments and shell comments seem to die already in the client:\nmysql [localhost:8025] {msandbox} (kris) \u0026gt; select -- keks -\u0026gt; * from t limit 3; ... 3 rows in set (0.00 sec) mysql [localhost:8025] {msandbox} (kris) \u0026gt; \u0026lt;cursor up\u0026gt; mysql [localhost:8025] {msandbox} (kris) \u0026gt; select * from t limit 3; The same happens with Shell comments: Of course, again, the comment is not in P_S.\nIt is unclear why comments are stripped, and where. Maybe it is a vestige from the statement conditioning that was installed as a pre-stage to the late query cache, bless its rotten soul.\nThere seem to be two mechanisms, one for SQL and Shell comments, and one for C comments: When looking at the client history, the Shell and SQL comments are not recalled by the editor, but the C comment is.\nThis difference in treatment makes some sense, because MySQL uses magic C comments to control statement parsing for compatibility: SELECT /*! 80000 NEW_KEYWORD */ is parsed as a SELECT by MySQL before version 8.0.0 and as SELECT NEW_KEYWORD by MySQL 8.0.0 and higher. This allows mysqldump and other programs to emit SQL code that degrades gracefully on older versions of MySQL.\nSimilar syntax, /*+ ...*/ is used to control optimizer hints.\nNew: Query attributes Query Attributes are a newfangled thing (8.0.23 or newer) that allow a client to annotate a query. The annotations are preserved in the server and are being made available in some contexts, but they do nothing.\nThe manual explains this:\nAttributes are defined prior to sending a statement. They exist until the statement ends. While they exist, they can be accessed on the server side. The examples given are exactly my use-case: Transporting identifying information from the client into the server, or injecting control information for a plugin from the client into the server in order to affect query processing in the server.\nQuery Attributes do nothing in the server. The server does not look at them.\nQuery Attributes are supported by the C-API client and the MySQL command line client. Not much support exists elsewhere, yet.\nThe basic exercise to check functions works:\nmysql [localhost:8025] {msandbox} (mysql) \u0026gt; INSTALL COMPONENT \u0026#34;file://component_query_attributes\u0026#34;; ... mysql [localhost:8025] {msandbox} (mysql) \u0026gt; query_attributes n1 v2 n2 v3 mysql [localhost:8025] {msandbox} (mysql) \u0026gt; select -\u0026gt; mysql_query_attribute_string(\u0026#39;n1\u0026#39;) AS \u0026#39;attr 1\u0026#39;, -\u0026gt; mysql_query_attribute_string(\u0026#39;n2\u0026#39;) AS \u0026#39;attr 2\u0026#39;, -\u0026gt; mysql_query_attribute_string(\u0026#39;n3\u0026#39;) AS \u0026#39;attr 3\u0026#39;; +--------+--------+--------+ | attr 1 | attr 2 | attr 3 | +--------+--------+--------+ | v2 | v3 | NULL | +--------+--------+--------+ 1 row in set (0.00 sec) The plugin component is also visible in memory map of mysqld:\nkris@server:~$ grep query_attr /proc/94982/maps 7f7590f5b000-7f7590f5c000 r--p 00000000 fd:00 221893305 /home/kris/opt/mysql/8.0.25/lib/plugin/component_query_attributes.so 7f7590f5c000-7f7590f5d000 r-xp 00001000 fd:00 221893305 /home/kris/opt/mysql/8.0.25/lib/plugin/component_query_attributes.so 7f7590f5d000-7f7590f5e000 r--p 00002000 fd:00 221893305 /home/kris/opt/mysql/8.0.25/lib/plugin/component_query_attributes.so 7f7590f5e000-7f7590f5f000 r--p 00002000 fd:00 221893305 /home/kris/opt/mysql/8.0.25/lib/plugin/component_query_attributes.so 7f7590f5f000-7f7590f60000 rw-p 00003000 fd:00 221893305 /home/kris/opt/mysql/8.0.25/lib/plugin/component_query_attributes.so Where to go from here? I can generate a query in a client I control, and annotate the query with identifying information. In my case this information will be\nA trace flag. If the query is to be traced, the trace flag will be present. The default is: The query will not be traced. A set of three identifiers (alphanumeric strings: sha256 MACs, UUIDs or strings representing integer numbers). They are a root id, a parent id and a query id. These identifiers allow me to model a span/parent span relationship in a larger tracing context. I need to find a hook in the server for a plugin. The plugin must run after query execution, but with the execution plan, the query string and the P_S data for the query still present. I am not yet familiar with this, and need to check the current server about what is on offer. Maybe the hook that the audit plugin uses can be repurposed.\nIf the trace flag is set, it will need to access\nthe query attributes the query plan that ran, if possible (Need to check what EXPLAIN FOR CONNECTION does) the information about the query execution that can be gathered from P_S data It needs to transform this information into a single serialized form, for example a JSON string, and then exfiltrate this in a way that does not block the server.\nThe generic way to do this in my environment has in the past been to send a UDP packet to localhost. UDP to localhost is considered non-lossy, limited to 64K and dropping the data if the listener is not present. A file write to an append-only file may also write, if there is a rotation/truncation mechanism.\nI will then need to take the JSON in my client, transform it some more and send it to a tracing consumer, e.g. Jaeger, Lightstep, or in my case, Honeycomb.\nThe trace data will there be joined with spans from other components, including spans around the ORM that made the SQL and the code that called into the ORM. This will allow to view the context of the query without having to grep for it, use modern web tools to analyze query execution in the context that generated it and generally unify SQL debugging with other application debugging.\nThis makes the need for specialized \u0026ldquo;Database Performance Monitoring\u0026rdquo; (DPM) software go away, at least for individual developers. A DPM can still be useful for operational tasks, but these are usually served by telegrams MySQL collector, Prometheus and Grafana just fine (and these usually scale better than a DPM).\n","date":"2021-09-17T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/17/binding-the-orm.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Binding the ORM"},{"categories":null,"content":"My task is to collect performance data about a single query, using PERFORMANCE_SCHEMA (P_S for short) in MySQL, to ship it elsewhere for integration with other data.\nIn a grander scheme of things, I will need to define what performance data from a query I am actually interested in. I will also need to find a way to attribute the query (as seen on the server) to a point in the codebase of the client, which is not always easy when an ORM or other SQL generator is being used. And finally I will need to find a way to view the query execution in the context of the client code execution, because the data access is only a part of the system performance.\nBut this is about query execution in the server, and the instrumentation available to me in MySQL 8, at least to get things started. So we take the tour of performance schema, and then run one example query (a simple join) and see what we can find out about this query.\nPerformance Schema, the 10.000 m view The Manual has a major chapter that covers P_S in details. The original idea of P_S is to have a bunch of preallocated memory areas without locks, presented to the database itself as tables.\nP_S is unusual in the way that P_S \u0026ldquo;tables\u0026rdquo; are never locked while you work with them. That means the values in a \u0026ldquo;table\u0026rdquo; can change while you read them. That is important - if you for example calculate percentages, they may not add up to 100%. If you ORDER BY, the sort may or may not be stable.\nThese are good properties: P_S will not freeze the server, and you won\u0026rsquo;t kill the server by working with P_S tables.\nIt is a good idea to make a copy of P_S tables while you work with them, by turning off subquery merging with select /*+ NO_MERGE(t) */ , and then materializing P_S tables in subqueries.\nOriginally, P_S also had no secondary indexes, so joining P_S tables against other P_S tables did not work efficiently. That was probably a good idea, because joining against a table that is changing while you execute the join is probably generating random results anyway. But because it is so common, and because MySQL itself does this now internally in sys.*, secondary indexes to join efficiently now exist. That does not make the joins more correct, but at least you get the result faster.\nI wrote about all this in an earlier article .\nInstruments, Objects, Actors, Threads and Consumers The data P_S collects is centered around three major things:\nTime consumed. In database servers, that is mostly wait time - waiting on I/O or locks. Data transferred. In database servers, that is mostly pages read or written. In a way, this related to I/O wait. Memory used. In database servers, that is buffers allocated - how large, and how often, and peak usage. P_S collects this in the form of \u0026ldquo;events\u0026rdquo; (and takes care to note that P_S events are not binlog events or other any events). The collection points are in the database server code, which is instrumented, so the collectors are instruments.\nThe thing that the server code works on may be of a certain kind, for example a table or another object in the server, but have a variable identity (that would be different tables, with different names). Instruments can be filtered by using object names.\nThe activity done in the server is done on behalf of a database user, in the form of user@host or, new in MySQL 8, using roles. The entity on which behalf the server is working on is called the actor.\nThe activity done in the server is also done in the context of a thread, some of which are background threads, while the majority in a busy server are usually connection threads.\nAnd finally, the data collected is put into the in-memory tables of P_S. These come in various groups, and are called consumers.\nData is collected from objects using instruments. Instruments can be turned on and off. Their collected data is then filtered by Objects, Actors and Threads, and finally dropped into consumers. Many consumers are aggregates, some collect information specific to one query execution.\nFor each of these things there is a setup_... table that controls how event data is collected by the instrumentation, filtered and the consumed in result tables. In parallel, object identities are collected in ..._instances tables, which are needed to resolve object identities.\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; show tables like \u0026#34;setup_%\u0026#34;; +----------------------------------------+ | Tables_in_performance_schema (setup_%) | +----------------------------------------+ | setup_actors | | setup_consumers | | setup_instruments | | setup_objects | | setup_threads | +----------------------------------------+ 5 rows in set (0.00 sec) mysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; show tables like \u0026#34;%_instances\u0026#34;; +--------------------------------------------+ | Tables_in_performance_schema (%_instances) | +--------------------------------------------+ | cond_instances | | file_instances | | mutex_instances | | prepared_statements_instances | | rwlock_instances | | socket_instances | +--------------------------------------------+ 6 rows in set (0.00 sec) mysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select * from socket_instances; +----------------------------------------+-----------------------+-----------+-----------+-----------+-------+--------+ | EVENT_NAME | OBJECT_INSTANCE_BEGIN | THREAD_ID | SOCKET_ID | IP | PORT | STATE | +----------------------------------------+-----------------------+-----------+-----------+-----------+-------+--------+ | wait/io/socket/mysqlx/tcpip_socket | 106328376 | 44 | 21 | :: | 18025 | ACTIVE | | wait/io/socket/mysqlx/unix_socket | 106328688 | 44 | 22 | | 0 | ACTIVE | | wait/io/socket/sql/server_tcpip_socket | 106329000 | 1 | 26 | 127.0.0.1 | 8025 | ACTIVE | | wait/io/socket/sql/server_unix_socket | 106329312 | 1 | 28 | | 0 | ACTIVE | | wait/io/socket/sql/client_connection | 106330560 | 50 | 41 | | 0 | ACTIVE | +----------------------------------------+-----------------------+-----------+-----------+-----------+-------+--------+ 5 rows in set (0.00 sec) Current, History and History Long Tables vs. Summaries P_S collects data in a lot of summary table, which should not interest us that much here. Our task is to look at the performance data of a single, individual query to better understand what happened when it ran.\nThese unaggregated tables are events_transactions, events_statements, events_stages and events_waits. For each of them, we have _current, _history or _history_long tables.\nThe _current tables contain one entry for the currently running thread. The _history tables contain a configurable number of entries for each thread, for example 10 per thread. And the _history_long tables contain a configurable number of entries, shared across all threads, for example 10.000 in total. As the server continues to execute statements and produce events, old entries are discarded and new entries are added, automatically. Additionally, each query execution is aggregated along several dimensions in summary tables. Summary tables state these dimension(s) using by_\u0026lt;dimensionname\u0026gt;, for example _by_user_by_eventname or similar.\nIn current MySQL, P_S is enabled by default. But not all instruments and consumers are enabled, because some instrumentation slows query execution down, and some consumers can use a lot of memory. To be fast and safe, all memory is statically allocated at config change so the memory resource usage of P_S is constant and no allocations are made during execution.\nWe can enable all instrumentation completely with this SQL:\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; UPDATE -\u0026gt; performance_schema.setup_instruments SET ENABLED = \u0026#39;YES\u0026#39;, TIMED = \u0026#39;YES\u0026#39;; Query OK, 494 rows affected (0.00 sec) Rows matched: 1216 Changed: 494 Warnings: 0 mysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; UPDATE -\u0026gt; performance_schema.setup_consumers SET ENABLED = \u0026#39;YES\u0026#39;; Query OK, 0 rows affected (0.00 sec) Rows matched: 15 Changed: 0 Warnings: 0 When we look at one of these tables, for example events_statements_current, we see a structure like this:\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; show create table events_statements_current\\G *************************** 1. row *************************** Table: events_statements_current Create Table: CREATE TABLE `events_statements_current` ( `THREAD_ID` bigint unsigned NOT NULL, `EVENT_ID` bigint unsigned NOT NULL, `END_EVENT_ID` bigint unsigned DEFAULT NULL, `EVENT_NAME` varchar(128) NOT NULL, `SOURCE` varchar(64) DEFAULT NULL, `TIMER_START` bigint unsigned DEFAULT NULL, `TIMER_END` bigint unsigned DEFAULT NULL, `TIMER_WAIT` bigint unsigned DEFAULT NULL, ... `NESTING_EVENT_ID` bigint unsigned DEFAULT NULL, `NESTING_EVENT_TYPE` enum(\u0026#39;TRANSACTION\u0026#39;,\u0026#39;STATEMENT\u0026#39;,\u0026#39;STAGE\u0026#39;,\u0026#39;WAIT\u0026#39;) DEFAULT NULL, `NESTING_EVENT_LEVEL` int DEFAULT NULL, `STATEMENT_ID` bigint unsigned DEFAULT NULL, PRIMARY KEY (`THREAD_ID`,`EVENT_ID`) ) ENGINE=PERFORMANCE_SCHEMA DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) That is, events are tagged with a THREAD_ID (which is not a CONNECTION_ID() as seen in processlist), an EVENT_ID/END_EVENT_ID bracket, various source and timer values and for further dissection, a NESTING_EVENT_ID and _TYPE.\nWe can translate processlist ids into thread ids using the P_S.THREADS table, and then use this to limit our view on the events_statements_current table:\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select thread_id from threads -\u0026gt; where processlist_id = connection_id(); +-----------+ | thread_id | +-----------+ | 50 | +-----------+ 1 row in set (0.00 sec) mysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select -\u0026gt; thread_id, -\u0026gt; event_id, -\u0026gt; event_name, -\u0026gt; source, -\u0026gt; sys.format_time(timer_wait), -\u0026gt; sql_text -\u0026gt; from events_statements_current -\u0026gt; where thread_id = 50\\G *************************** 1. row *************************** thread_id: 50 event_id: 88463 event_name: statement/sql/select source: init_net_server_extension.cc:94 sys.format_time(timer_wait): 341.04 us sql_text: select thread_id, event_id, event_name, source, sys.format_time(timer_wait), sql_text from events_statements_current where thread_id = 50 1 row in set (0.00 sec) So running this query took 341 Microseconds, or 0.341 ms. And sources are named after their location in the server sourcecode, filename and line number .\nEvents exist in a hierarchy: wait events nest within stage events, which nest within statement events, which nest within transaction events. Some nested events refer to their own type, for example, statement events can point to other statement events they are nested in. Other events refer to their enclosing context in the hierarchy. Nesting Event ID, Type and Level make this clear.\nInstrument names The manual explains Instrument Names . They have path-like names that group instruments hierarchically, for example wait/io/file/innodb/innodb_data_file. This is a wait event, io related, specifically file I/O, more specific innodb and even more specific innodb_data_file. Looking at other fields in the events_waits_history table, we would see the file name as part of the OBJECT_SCHEMA.OBJECT_NAME designator for this event. That means, we can see how long we waited for I/O coming from this specific file or going to the file.\nFurther up in the nesting we would see, at the statement level, the actual SQL_TEXT, and also the number of rows scanned. That means we can get a rough estimate why this particular statement instance was slow - for example, the plan was good, the number of rows was low, but we see a lot of actual file IO waits, so probably the buffer pool was cold.\nThe manual page above discusses the instrument names at length, and it is important to get an overview of what exists and what is measured. Specifically, for statement level entries the instruments vary during query execution and become more detailed, as they reflect the progress in understanding of the server about the nature of the statement as it is executed.\nAn example run In a freshly restarted idle server, we log in to a shell and use world for the world sample database. This is a tiny database, but because the server has been just restarted, nothing of it is cached. We run a simple query:\nmysql [localhost:8025] {msandbox} (world) \u0026gt; select -\u0026gt; co.continent, -\u0026gt; co.name as country, -\u0026gt; co.population as copop, -\u0026gt; ci.name as capital, -\u0026gt; ci.population as cipop -\u0026gt; from country as co join city as ci -\u0026gt; on co.capital = ci.id -\u0026gt; where continent = \u0026#39;Europe\u0026#39;; +-----------+-------------------------------+-----------+------------------------------------+---------+ | continent | country | copop | capital | cipop | +-----------+-------------------------------+-----------+------------------------------------+---------+ | Europe | Albania | 3401200 | Tirana | 270000 | ... | Europe | Yugoslavia | 10640000 | Beograd | 1204000 | +-----------+-------------------------------+-----------+------------------------------------+---------+ 46 rows in set (0.00 sec) Now let\u0026rsquo;s check what we can find out, using a second session:\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select * from threads -\u0026gt; where processlist_db = \u0026#39;world\u0026#39;\\G *************************** 1. row *************************** THREAD_ID: 48 NAME: thread/sql/one_connection TYPE: FOREGROUND PROCESSLIST_ID: 9 PROCESSLIST_USER: msandbox PROCESSLIST_HOST: localhost PROCESSLIST_DB: world PROCESSLIST_COMMAND: Sleep PROCESSLIST_TIME: 4 PROCESSLIST_STATE: NULL PROCESSLIST_INFO: NULL PARENT_THREAD_ID: 1 ROLE: NULL INSTRUMENTED: YES HISTORY: YES CONNECTION_TYPE: Socket THREAD_OS_ID: 346752 RESOURCE_GROUP: USR_default 1 row in set (0.00 sec) In our case we are only interested in the fact that our thread/sql/one_connection in the processlist is shown as connection 9, but internally has a thread_id of 48. The Linux Operating System PID is 346752.\nWe can use this to check events_transactions_wait, and find\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select -\u0026gt; thread_id, -\u0026gt; event_id, -\u0026gt; state, -\u0026gt; source, -\u0026gt; sys.format_time(timer_wait) as timer, -\u0026gt; nesting_event_id, -\u0026gt; nesting_event_type - from events_transactions_history -\u0026gt; where thread_id = 48; +-----------+----------+-----------+-----------------+-----------+------------------+--------------------+ | thread_id | event_id | state | source | timer | nesting_event_id | nesting_event_type | +-----------+----------+-----------+-----------------+-----------+------------------+--------------------+ | 48 | 179 | COMMITTED | handler.cc:1328 | 496.05 us | 85 | STATEMENT | | 48 | 401 | COMMITTED | handler.cc:1328 | 559.99 us | 278 | STATEMENT | | 48 | 5606 | COMMITTED | handler.cc:1328 | 3.03 ms | 5574 | STATEMENT | +-----------+----------+-----------+-----------------+-----------+------------------+--------------------+ 3 rows in set (0.00 sec) Why are there three statement events? We can check:\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select -\u0026gt; thread_id, -\u0026gt; event_id, -\u0026gt; sql_text -\u0026gt; from events_statements_history -\u0026gt; where thread_id = 48 and event_id in (85, 278, 5574); +-----------+----------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | thread_id | event_id | sql_text | +-----------+----------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | 48 | 85 | show databases | | 48 | 278 | show tables | | 48 | 5574 | select co.continent, co.name as country, co.population as copop, ci.name as capital, ci.population as cipop from country as co join city as ci on co.capital = ci.id where continent = \u0026#39;Europe\u0026#39; | +-----------+----------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ 3 rows in set (0.00 sec) The mysql command line client is running from the sandbox with /home/kris/opt/mysql/8.0.25/bin/mysql --defaults-file=/home/kris/sandboxes/msb_8_0_25/my.sandbox.cnf world. Autocompletion for names is not disabled. So on client startup, the client invisibly runs show databases to learn the names of all databases for autocompletion. It then enters the world database as requested and runs show tables to learn the names of all tables in the world database.\nOnly then we come to the prompt and can paste our query.\nWe are only interested in thread_id = 48 AND event_id = 5574, our query.\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select * -\u0026gt; from events_statements_history -\u0026gt; where thread_id = 48 AND event_id = 5574\\G *************************** 1. row *************************** THREAD_ID: 48 EVENT_ID: 5574 END_EVENT_ID: 6624 EVENT_NAME: statement/sql/select SOURCE: init_net_server_extension.cc:94 TIMER_START: 61628458852000 TIMER_END: 61631769329000 TIMER_WAIT: 3310477000 LOCK_TIME: 224000000 SQL_TEXT: select co.continent, co.name as country, co.population as copop, ci.name as capital, ci.population as cipop from country as co join city as ci on co.capital = ci.id where continent = \u0026#39;Europe\u0026#39; DIGEST: 409c336982f0d3d45c4b29da77fe83aed12c6043e8ce9771c11ec82ff347e647 DIGEST_TEXT: SELECT `co` . `continent` , `co` . `name` AS `country` , `co` . `population` AS `copop` , `ci` . `name` AS `capital` , `ci` . `population` AS `cipop` FROM `country` AS `co` JOIN `city` AS `ci` ON `co` . `capital` = `ci` . `id` WHERE `continent` = ? CURRENT_SCHEMA: world OBJECT_TYPE: NULL OBJECT_SCHEMA: NULL OBJECT_NAME: NULL OBJECT_INSTANCE_BEGIN: NULL MYSQL_ERRNO: 0 RETURNED_SQLSTATE: NULL MESSAGE_TEXT: NULL ERRORS: 0 WARNINGS: 0 ROWS_AFFECTED: 0 ROWS_SENT: 46 ROWS_EXAMINED: 92 CREATED_TMP_DISK_TABLES: 0 CREATED_TMP_TABLES: 0 SELECT_FULL_JOIN: 0 SELECT_FULL_RANGE_JOIN: 0 SELECT_RANGE: 0 SELECT_RANGE_CHECK: 0 SELECT_SCAN: 0 SORT_MERGE_PASSES: 0 SORT_RANGE: 0 SORT_ROWS: 0 SORT_SCAN: 0 NO_INDEX_USED: 0 NO_GOOD_INDEX_USED: 0 NESTING_EVENT_ID: NULL NESTING_EVENT_TYPE: NULL NESTING_EVENT_LEVEL: 0 STATEMENT_ID: 125 1 row in set (0.00 sec) The statement is statement/sql/select. It took 3310477000 picoseconds (3.31ms) to run. The sql_text is the full text of the statement (up to a cutoff point, in order to manage memory consumption). The parsed statement is called digest_text - identifiers are quoted, whitespace is normalized, actual constants are replaced with placeholders, and (not shown here) variable length WHERE ... IN (...) clauses are shortened with ellipses. This normalized digest is then hashed and produces an identifier for this group of identically formed statements, the digest. We learn about the number of rows looked at, 92 and sent, 46. No special flags indicating specific execution modes were set.\nWe can use the event_id to look even deeper:\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select -\u0026gt; thread_id, -\u0026gt; event_id, -\u0026gt; event_name, -\u0026gt; source, -\u0026gt; sys.format_time(timer_wait) as timer -\u0026gt; from events_stages_history -\u0026gt; where thread_id = 48 -\u0026gt; and nesting_event_id = 5574 -\u0026gt; order by event_id; +-----------+----------+--------------------------------------+----------------------+-----------+ | thread_id | event_id | event_name | source | timer | +-----------+----------+--------------------------------------+----------------------+-----------+ | 48 | 5610 | stage/sql/optimizing | sql_optimizer.cc:270 | 15.88 us | | 48 | 5611 | stage/sql/statistics | sql_optimizer.cc:534 | 703.58 us | \u0026lt;- !! | 48 | 5710 | stage/sql/preparing | sql_optimizer.cc:618 | 31.93 us | | 48 | 5712 | stage/sql/executing | sql_union.cc:1126 | 2.26 ms | \u0026lt;- !! | 48 | 6593 | stage/sql/end | sql_select.cc:586 | 1.86 us | | 48 | 6594 | stage/sql/query end | sql_parse.cc:4542 | 1.93 us | | 48 | 6596 | stage/sql/waiting for handler commit | handler.cc:1594 | 9.05 us | | 48 | 6600 | stage/sql/closing tables | sql_parse.cc:4593 | 14.02 us | | 48 | 6621 | stage/sql/freeing items | sql_parse.cc:5042 | 29.4 us | | 48 | 6623 | stage/sql/cleaning up | sql_parse.cc:2252 | 1.17 us | +-----------+----------+--------------------------------------+----------------------+-----------+ 10 rows in set (0.00 sec) These are the various execution stages of our statement - we select by thread_id and with the event_id of the statement, 5574 as a nesting_id, ordered by event_id. Time was consumed by the stage/sql/statistics phase, looking up table stats for a good execution plan, and then by the actual query execution in stage/sql/executing. The former took 0.7ms (703.58us), the latter 2.26ms.\nWe are interested in what took so long, specifically, so we look into waits for event_ids 5611 and 5712 - finding nothing, and also nothing particularly time-consuming:\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select -\u0026gt; thread_id, -\u0026gt; event_id, -\u0026gt; event_name, -\u0026gt; sys.format_time(timer_wait) as timer, -\u0026gt; nesting_event_type, -\u0026gt; nesting_event_id, -\u0026gt; operation -\u0026gt; from events_waits_history -\u0026gt; where thread_id = 48 -\u0026gt; order by event_id; +-----------+----------+------------------------------------------+-----------+--------------------+------------------+-----------+ | thread_id | event_id | event_name | timer | nesting_event_type | nesting_event_id | operation | +-----------+----------+------------------------------------------+-----------+--------------------+------------------+-----------+ | 48 | 6614 | wait/synch/mutex/innodb/trx_mutex | 56.26 ns | STAGE | 6600 | lock | | 48 | 6615 | wait/synch/mutex/innodb/trx_mutex | 48.64 ns | STAGE | 6600 | lock | | 48 | 6616 | wait/synch/mutex/innodb/trx_mutex | 50.4 ns | STAGE | 6600 | lock | | 48 | 6617 | wait/synch/mutex/innodb/trx_mutex | 46.88 ns | STAGE | 6600 | lock | | 48 | 6618 | wait/synch/mutex/innodb/trx_mutex | 43.36 ns | STAGE | 6600 | lock | | 48 | 6619 | wait/synch/mutex/innodb/trx_mutex | 45.12 ns | STAGE | 6600 | lock | | 48 | 6620 | wait/synch/mutex/sql/LOCK_table_cache | 66.8 ns | STAGE | 6600 | lock | | 48 | 6622 | wait/io/socket/sql/client_connection | 18.91 us | STAGE | 6621 | send | | 48 | 6624 | wait/synch/mutex/sql/THD::LOCK_thd_query | 124.23 ns | STAGE | 6623 | lock | | 48 | 6626 | wait/io/socket/sql/client_connection | NULL | WAIT | 6625 | recv | +-----------+----------+------------------------------------------+-----------+--------------------+------------------+-----------+ 10 rows in set (0.00 sec) We can see I/O in a global summary, and the timings make sense in the context of the experiment:\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select -\u0026gt; object_type, -\u0026gt; object_schema, -\u0026gt; object_name, -\u0026gt; count_star, -\u0026gt; sys.format_time(max_timer_read) as `read`, -\u0026gt; sys.format_time(max_timer_write) as `write`, -\u0026gt; sys.format_time(max_timer_fetch) as `fetch` -\u0026gt; from table_io_waits_summary_by_table -\u0026gt; where object_schema = \u0026#39;world\u0026#39;\\G *************************** 1. row *************************** object_type: TABLE object_schema: world object_name: city count_star: 46 read: 569.17 us write: 0 ps fetch: 569.17 us *************************** 2. row *************************** object_type: TABLE object_schema: world object_name: country count_star: 47 read: 703.4 us write: 0 ps fetch: 703.4 us ... But why are the I/O times not visible to us? That\u0026rsquo;s a bit unclear. My theory was that the reads happen asynchronously by some background thread. But a quick query shows no time spend on reader threads.\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select -\u0026gt; t.thread_id, -\u0026gt; t.name, -\u0026gt; t.type -\u0026gt; from threads as t join events_waits_summary_by_thread_by_event_name as e -\u0026gt; on t.thread_id = e.thread_id -\u0026gt; where e.max_timer_wait \u0026gt; 0 -\u0026gt; and e.event_name = \u0026#39;wait/io/file/innodb/innodb_data_file\u0026#39;; +-----------+---------------------------------------------+------------+ | thread_id | name | type | +-----------+---------------------------------------------+------------+ | 1 | thread/sql/main | BACKGROUND | | 9 | thread/innodb/io_write_thread | BACKGROUND | | 10 | thread/innodb/io_write_thread | BACKGROUND | | 11 | thread/innodb/io_write_thread | BACKGROUND | | 12 | thread/innodb/io_write_thread | BACKGROUND | | 13 | thread/innodb/page_flush_coordinator_thread | BACKGROUND | | 33 | thread/innodb/clone_gtid_thread | BACKGROUND | | 47 | thread/sql/one_connection | FOREGROUND | | 48 | thread/sql/one_connection | FOREGROUND | +-----------+---------------------------------------------+------------+ 9 rows in set (0.00 sec) We seem to be unable to attribute time spent loading data from disk to a specific thread, and we seem to be unable to account for the runtime of certain stages by looking at waits. That\u0026rsquo;s unexpected.\nMemory only as summary Diverse memory_% tables exist to track memory usage in the server. All of these tables are summary tables, there are no memory events tables that could trace memory usage per query. That might be okay.\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; show tables like \u0026#39;%memory%\u0026#39;; +-----------------------------------------+ | Tables_in_performance_schema (%memory%) | +-----------------------------------------+ | memory_summary_by_account_by_event_name | | memory_summary_by_host_by_event_name | | memory_summary_by_thread_by_event_name | | memory_summary_by_user_by_event_name | | memory_summary_global_by_event_name | +-----------------------------------------+ 5 rows in set (0.00 sec) We can do interesting things with stuff such as memory_summary_by_thread_by_event_name, at least on our mostly idle server.\nmysql [localhost:8025] {msandbox} (performance_schema) \u0026gt; select -\u0026gt; thread_id, -\u0026gt; event_name, -\u0026gt; count_alloc, -\u0026gt; sum_number_of_bytes_alloc, -\u0026gt; high_number_of_bytes_used -\u0026gt; from memory_summary_by_thread_by_event_name -\u0026gt; where thread_id = 48 -\u0026gt; and HIGH_NUMBER_OF_BYTES_USED \u0026gt; 0 -\u0026gt; order by HIGH_NUMBER_OF_BYTES_USED desc limit 5; +-----------+-------------------------------+-------------+---------------------------+---------------------------+ | thread_id | event_name | count_alloc | sum_number_of_bytes_alloc | high_number_of_bytes_used | +-----------+-------------------------------+-------------+---------------------------+---------------------------+ | 48 | memory/sql/THD::main_mem_root | 22 | 1181008 | 613544 | | 48 | memory/innodb/memory | 226 | 1059368 | 250032 | | 48 | memory/sql/dd::objects | 205 | 47432 | 44648 | | 48 | memory/innodb/ha_innodb | 26 | 35784 | 35784 | | 48 | memory/innodb/fil0fil | 2 | 65600 | 32800 | +-----------+-------------------------------+-------------+---------------------------+---------------------------+ 5 rows in set (0.00 sec) No EXPLAIN Another thing that would be useful to collect from P_S is the actual execution plan of a query. But while we can explain a lot of statements by running EXPLAIN \u0026lt;stmt\u0026gt;, and while we can EXPLAIN FOR CONNECT ..., the former is not the recorded execution plan, and the latter only works while the query is running. It\u0026rsquo;s the actual execution plan while the query executes, but it is not recorded.\nSummary A lot of information about query execution can be gathered from P_S. The query execution can be broken down in statements, stages and waits. Specifically, statements collect a lot of interesting quality flags. Stages can collect percentages of completion for long-running queries and give a general feel about where in the query execution time is spent. Waits should be able to attribute time to individual operations in the database server, but specifically for file I/O this seems to be more complicated, and I have not been able to solve it.\nWe can see waits for I/O summary tables, and we can see a lot of other statistical information in other summary tables. We can also use additional tables not covered here for debugging (for example DATA_LOCKS for locking behavior).\nMemory instrumentation is interesting, but at this stage it is unclear to me if it is sufficient.\nIt seems to be really hard to record execution plans together with statements.\nMore experimentation with more complicated queries is necessary to see if it is possible to see things like sorting, temp files and similar operations, and attribute time to these operations.\nThe number of queries on P_S necessary to extract information about a single query is staggering, a 10:1 ratio. At least filters exist and are on by default, so that I do not have to hear my monitoring noise in my monitoring. That is good.\nI could really use a single large JSON blob containing the entire package with performance data for a query, at once - one query to trace one query. That is, the information from transaction, statement, stages, waits, the execution plan and the memory consumption for a given transaction or statement, in one go.\n","date":"2021-09-15T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/15/mysql-tracing-a-single-query-with-performanceschema.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Tracing a single query with PERFORMANCE_SCHEMA"},{"categories":null,"content":"Like I said, I never had much reason to use table compression, and only recently looked into the topic. MySQL Page Compression looks a lot easier at the database end of things, but relies on hole punching support in the file system. Let\u0026rsquo;s have a look at what that means.\nFiles, Inodes and Arrays of Blocks The original Unix filesystem saw the disk as a sea of blocks, which were represented in a free map as an array of bits. Files have numbers, which are an index into an array of so-called inode structures. Inodes store the files metadata and contain an array of block numbers, which make up the actual file. The array is folded multiple times, to optimize for the more common case of small files: The first few block numbers were stored in the inode, followed by a pointer to a block containing file block numbers, then a pointer to a block containing pointers to blocks of file block numbers and so on.\nThe block list inside an array is folded multiple times, to optimize for the more common case of small files.\nThese structures make up the so-called lower filesystem, which deals with organizing blocks into numbered files efficiently. On top of that resides the upper filesystem, which is concerned with managing names of files, and organizing them into directories. In our instance the upper filesystem is of no interest, so we are ignoring it completely: To us files are sequences of blocks, organized in inodes.\nWhile the folded block array of the original file system served us for many decades, more modern file systems try to shrink these block lists by storing extents. An extent is a pair (start, length) that describes a contiguous sequence of blocks. On a mostly empty disk, most files can probably be arranged in such runs of contiguous blocks, so this is a more efficient way to store things. Also, free lists can in many cases be stored more efficiently as extents.\nThe XFS filesystem is getting a lot of mileage of such extents, and one major a difference between the Linux ext3 and ext4 is the use of extents instead of block lists and bitmaps in many places.\nSparse Files Unix always allowed you to seek past the end of a file and write data. The following example program creates a file named testfile by opening a new file of length 0, seeking to the position 20 GB and writing an integer at that position. The resulting file is 20 GB in length, but only occupies a minuscule amount of disk space. This is called a sparse file, a file with holes in it.\nReading a sparse file, the non-existent blocks are returned as blocks filled with zeroes. On writing, space is allocated for the previously unallocated blocks in the sparse file, but probably not in sequence. So on hard disks, a seek occurs that would probably not have occurred, had the file actually been written properly.\nkris@server:~$ cat sparseme.c #include \u0026lt;stdio.h\u0026gt; #include \u0026lt;unistd.h\u0026gt; #include \u0026lt;stdlib.h\u0026gt; /* 20 GB */ #define FAR_OUT ((long) 20*1024*1024*1024) int main(void) { int something = 0; FILE *fp = 0; /* trunate to 0, or create, position 0 */ fp = fopen(\u0026#34;testfile\u0026#34;, \u0026#34;w\u0026#34;); if (!fp) { fprintf(stderr, \u0026#34;Cannot open \u0026#39;testfile\u0026#39;, I die.\u0026#34;); exit(1); } /* move to far out position */ fseek(fp, FAR_OUT, SEEK_SET); /* write something */ fwrite(\u0026amp;something, sizeof(something), 1, fp); fclose(fp); exit(0); } When looking at this on the disk we can see that in fact only 4 KB of disk space (one block on a modern disk) has been allocated.\nkris@server:~$ cc -o sparseme sparseme.c kris@server:~$ ./sparseme kris@server:~$ ls -lsh testfile 4.0K -rw-rw-r-- 1 kris kris 21G Sep 14 16:37 testfile kris@server:~$ xfs_bmap -v testfile testfile: EXT: FILE-OFFSET BLOCK-RANGE AG AG-OFFSET TOTAL 0: [0..41943039]: hole 41943040 1: [41943040..41943047]: 104705904..104705911 3 (10334064..10334071) 8 We compile the C-program with cc -o sparseme sparseme.c, then run it as ./sparseme. We look at the resulting testfile with ls -lsh testfile. The size of the file is shown as 21G, but the allocation (in the leftmost column, we asked for that with the -s flag) is only 4K.\nUsing the XFS maintenance program xfs_bmap in verbose mode, we get to see the block map (bmap) of the file, as an extent listing. The program operates with sectors of 512 bytes, the unit that was common for many hard disk before we moved to 4K sectors. We see a large hole from offset 0 to 41943039 (times 512 bytes for sector size, this is 20 GB). Then there are 8 sectors (one 4K disk drive hardware block) mapped to 8 contiguous blocks (actually one hardware block) at 104705904 from the start of the partition.\nWe can do the same thing using a dd command without writing a C-program:\nkris@server:~$ rm testfile testfile2 kris@server:~$ dd if=/dev/zero of=testfile2 bs=1 count=1 seek=21474836480 1+0 records in 1+0 records out 1 byte copied, 0.000227159 s, 4.4 kB/s kris@server:~$ ls -lsh testfile2 4.0K -rw-rw-r-- 1 kris kris 21G Sep 14 16:47 testfile2 kris@server:~$ xfs_bmap -v testfile2 testfile2: EXT: FILE-OFFSET BLOCK-RANGE AG AG-OFFSET TOTAL 0: [0..41943039]: hole 41943040 1: [41943040..41943047]: 104705904..104705911 3 (10334064..10334071) 8 Our of=testfile2 generates the outfile, and we write one byte (bs=1) one time (count=1) after seeking to position 20G (seek=...). Using ls -lsh and the xfs_bmap output, we can confirm that this is indeed a file with a hole.\nSparse files are hard to handle: When you copy them, the non-existent blocks are read as blocks full of 0-bytes, and written. The target file will therefore actually allocate all the space the source file only claims to be large.\nThis is a problem with core files in many Unix system, because they are being dumped as sparse files, mapping the actual process address space to file offsets, and leaving unallocated space in the address space at least in part as holes in the file. Until you naively copy that file, that is.\nThe GNU cp program has a --sparse option that tries to handle this, and rsync also has special options that make it sparse file aware.\nHole Punching Some filesystems allow you to punch holes into files, using the fallocate(2) system call. This system call can be used to assign blocks to a file, making sure it is not a sparse file, without actually having to write all those bytes and a few other things. Using the filesystem dependent FALLOC_FL_PUNCH_HOLE flag, extents in the file can be marked as \u0026lsquo;unused\u0026rsquo; and be given back to the filesystem.\nLet\u0026rsquo;s look what our tables from the previous article look like on disk, using xfs_bmap.\nThe uncompressed table looks like this:\nkris@server:~/sandboxes/msb_8_0_25/data/kris$ xfs_bmap -v keks.ibd keks.ibd: EXT: FILE-OFFSET BLOCK-RANGE AG AG-OFFSET TOTAL 0: [0..63]: 104752464..104752527 3 (10380624..10380687) 64 1: [64..159]: 104753560..104753655 3 (10381720..10381815) 96 2: [160..223]: 104744928..104744991 3 (10373088..10373151) 64 ... 18: [327680..450559]: 126091200..126214079 4 (262080..384959) 122880 19: [450560..516095]: 126404568..126470103 4 (575448..640983) 65536 We get 20 extents, some of which are smaller than 100 sectors, but some of which are larger than 100k sectors of contiguous space.\nNow the page compressed file:\nkris@server:~/sandboxes/msb_8_0_25/data/kris$ xfs_bmap -v keks2.ibd keks2.ibd: EXT: FILE-OFFSET BLOCK-RANGE AG AG-OFFSET TOTAL 0: [0..31]: 104756944..104756975 3 (10385104..10385135) 32 1: [32..63]: 104757000..104757031 3 (10385160..10385191) 32 2: [64..71]: 104709000..104709007 3 (10337160..10337167) 8 3: [72..95]: hole 24 4: [96..103]: 104709032..104709039 3 (10337192..10337199) 8 5: [104..127]: hole 24 30886: [494440..494463]: hole 24 30887: [494464..494471]: 127160928..127160935 4 (1331808..1331815) 8 30888: [494472..494495]: hole 24 30889: [494496..516095]: 127160960..127182559 4 (1331840..1353439) 21600 We get more than 30k extents here, all of them 8 sectors (4K) of data and 24 sectors (12K) of hole in my very compressible test data. This is messy.\nTrying to delete these things demonstrates the cost of this:\nkris@server:~$ cp ~/sandboxes/msb_8_0_25/data/kris/keks.ibd . kris@server:~$ cp --sparse=always ~/sandboxes/msb_8_0_25/data/kris/keks2.ibd . kris@server:~$ time rm keks.ibd real 0m0.020s user 0m0.000s sys 0m0.020s kris@server:~$ time rm keks2.ibd real 0m0.123s user 0m0.000s sys 0m0.109s With longer files, we get more holes, more overhead and even longer times.\nFile Size over Time While running insert into keks2 select * from keks, I was monitoring the size of the new table at the file system level. This looks funny, because we can see the file\u0026rsquo;s allocation growing over time, but there are downward spikes in allocation every few seconds.\nkris@server:~/sandboxes/msb_8_0_25$ while : \u0026gt; do \u0026gt; ls -lsh data/kris/keks2* \u0026gt; sleep 1 \u0026gt; done 197M -rw-r----- 1 kris kris 524M Sep 14 19:09 data/kris/keks2.ibd 200M -rw-r----- 1 kris kris 532M Sep 14 19:09 data/kris/keks2.ibd 203M -rw-r----- 1 kris kris 540M Sep 14 19:09 data/kris/keks2.ibd 205M -rw-r----- 1 kris kris 548M Sep 14 19:09 data/kris/keks2.ibd 208M -rw-r----- 1 kris kris 556M Sep 14 19:09 data/kris/keks2.ibd 212M -rw-r----- 1 kris kris 564M Sep 14 19:09 data/kris/keks2.ibd 207M -rw-r----- 1 kris kris 564M Sep 14 19:09 data/kris/keks2.ibd \u0026lt;--- 209M -rw-r----- 1 kris kris 572M Sep 14 19:09 data/kris/keks2.ibd 212M -rw-r----- 1 kris kris 580M Sep 14 19:09 data/kris/keks2.ibd 216M -rw-r----- 1 kris kris 588M Sep 14 19:09 data/kris/keks2.ibd 215M -rw-r----- 1 kris kris 588M Sep 14 19:09 data/kris/keks2.ibd \u0026lt;--- 218M -rw-r----- 1 kris kris 592M Sep 14 19:09 data/kris/keks2.ibd 212M -rw-r----- 1 kris kris 592M Sep 14 19:09 data/kris/keks2.ibd \u0026lt;--- 219M -rw-r----- 1 kris kris 604M Sep 14 19:09 data/kris/keks2.ibd 223M -rw-r----- 1 kris kris 612M Sep 14 19:09 data/kris/keks2.ibd 226M -rw-r----- 1 kris kris 620M Sep 14 19:09 data/kris/keks2.ibd 225M -rw-r----- 1 kris kris 624M Sep 14 19:09 data/kris/keks2.ibd \u0026lt;--- 228M -rw-r----- 1 kris kris 632M Sep 14 19:09 data/kris/keks2.ibd 227M -rw-r----- 1 kris kris 636M Sep 14 19:09 data/kris/keks2.ibd 225M -rw-r----- 1 kris kris 640M Sep 14 19:09 data/kris/keks2.ibd \u0026lt;--- 233M -rw-r----- 1 kris kris 652M Sep 14 19:09 data/kris/keks2.ibd 232M -rw-r----- 1 kris kris 656M Sep 14 19:09 data/kris/keks2.ibd The size of these downward spikes (several megabytes in some instances) is impressive.\nImplications for MySQL Page Compression was introduced to MySQL in 2015, and Mark Callaghan has been experimenting from early on. He has a series of blog articles on this:\nWanted Wanted: a file system on which InnoDB transparent page compression works and earlier\nFirst day with InnoDB transparent page compression Second day with InnoDB transparent page compression Third day with InnoDB transparent page compression and being Mark, he also has a series of bugs open on this. The links are in the articles.\nThe \u0026ldquo;Wanted\u0026rdquo; article from the list above contains a number of very recent, very relevant comments by Marko Mäkelä, and a link to LWN: Hole-punching races against page-cache filling , from July 29, 2021. This bug is still open in all production Linux kernels.\nThis seems to make using Page Compression a risky and expensive thing. Mark\u0026rsquo;s estimate in private communication was approximately \u0026ldquo;a thing such as RocksDB which never overwrites data has an inherent advantage over anything that does in-place updates when it comes to compression\u0026rdquo; (my summary of his words), and I think he\u0026rsquo;s correct.\nSeems I accidentally did a few things right when I never even tried to use compressed tables in InnoDB.\nThanks Thanks, Mark, for you very useful and insightful comments, and for nudging me to go deeper on this. And thanks for necro\u0026rsquo;ing Marks articles with your comments, Marko!\n","date":"2021-09-14T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/14/mysql-page-compression-revisited.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Page compression revisited"},{"categories":null,"content":"For the MySQL Million Challenge, I was going through the server syntax in order to understand what things can be created in the server. And now my OCD triggered. DDL is a mess.\nCreation As a database developer, I want to be able to create server objects using the CREATE thing syntax.\nThe server gives you that for the following things:\nDATABASE EVENT FUNCTION (and FUNCTION SONAME) INDEX LOGFILE GROUP (NDB only, not going to look at this) PROCEDURE RESOURCE GROUP ROLE SERVER SPATIAL REFERENCE SYSTEM TABLE TABLESPACE TRIGGER USER VIEW Safe creation As a database developer I want to be able to script things safely, so I need IF NOT EXISTS clauses in my CREATE syntax.\nStatements that create things often allow you to specify IF NOT EXISTS for conditional creation of the thing: Creation of the thing will fail if it already exists. Using the IF NOT EXISTS clause the creation is conditional, so if the thing already exists this is not an error.\nThis is important for scripting: If the thing already exists, the script will throw an error and depending on settings will stop. It is even more important in replication, because if you replicate the creation statement to a replica, the replication will stop with an error unless it is conditional.\nSome CREATE statements replicate, but do not offer conditional syntax. They cannot be used safely in replication, and they are cumbersome in scripting.\nTwo CREATE statements offer deviant safe creation: Instead of CREATE ... IF NOT EXISTS they offer CREATE OR REPLACE ....\nMultiple object syntax As a database developer I want to be able to chain multiple CREATE or DROP actions together in a single statement, so that the things are created (or dropped) together, atomically.\nAlternatively, DDL could be made transactional. This makes sense even if a rollback is not possible, if they are being executed in a kind of DDL transaction under a lock, so that they appear to happen atomically.\nMultiple CREATE syntax does not exist. For few objects, a multiple drop syntax does exist, but support is thin.\nSafe DROP As a database developer, I want to be able to DROP the things that I created.\nObviously.\nAs a database developer, I want to be able to make the DROP conditional using an IF EXISTS clause, to be able to script and replicate this operation safely.\nObviously.\nThe support for this is better than for creation, for some reason, and there is no deviant syntax. Still, some things cannot be dropped safely.\nEnumeration and Definition display As a developer, I want to be able to enumerate all the things of a category.\nLogically, an API is incomplete without enumeration. I need to be able to see what exists.\nIn MySQL, a lot of things can be listed with SHOW commands, and all things can be listed by looking into the appropriate system tables.\nApparently, a lot of things can not be listed using the SHOW plural syntax (SHOW TABLES, SHOW DATABASES). For a few things, a deviant syntax is supported (SHOW PROCEDURE STATUS) that also shows the definition of the thing.\nFor other things you have to access system tables. These system tables seem to be spread around, some are in I_S (Tablespace), others in mysql.* (servers).\nGenerally, MySQL seems to favor the syntax SHOW CREATE thing to show an SQL statement that would recreate the thing if I dropped it. But for some things, this is not implemented, despite the fact that the information for this is available in various system tables.\nAltering and renaming things As a database developer, I want to be able to change the definition of a thing after creation.\nMost things can be altered after creation. For some things, some attributes cannot be altered even if an ALTER statement exists. Notably, it is impossible to rename a database.\nOnly two things can be renamed, tables and users. For other things, renaming is possible using ALTER TABLE RENAME syntax, but a pure RENAME does not exist despite the fact that renaming is supported.\nFor roles and users, ALTER thing IF EXISTS conditional syntax is supported, but for all other things it is not.\nReplication All thing creations are replicated, except resource groups and servers. That even makes sense, which is unusual, given all the other illogical anomalies.\nA table, because this is about databases Command replicates enumerate SHOW CREATE IF T EXISTS OR REPLACE DROP IF EXISTS MULTI SHOW CREATE ALTER IF EXISTS RENAME DATABASE YES YES YES YES YES YES YES YES EVENT YES YES YES YES YES YES YES YES *4 FUNCTION YES *1 YES YES YES YES YES YES INDEX YES *2 YES YES *2 *4 PROCEDURE YES *3 YES YES YES YES YES YES *4 RES GROUP * * YES YES ROLE YES YES YES YES YES YES YES YES SERVER * * YES YES YES YES SRS YES YES YES YES YES YES TABLE YES YES YES YES YES YES YES YES YES YES TABLESPACE YES YES YES YES *4 TRIGGER YES YES YES YES YES YES USER YES YES YES YES YES YES YES YES YES VIEW YES YES YES YES YES YES YES YES YES YES *1: SHOW FUNCTION STATUS deviant syntax enumerates the function names and definitions. *2: Indexes are not first class citizens, they are part of table definitions. *3: SHOW PROCEDURE STATUS deviant syntax enumerates the procedure names and definitions. *4: ALTER thing RENAME syntax exists, but no RENAME command. ","date":"2021-09-10T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/10/create-if-not-exists.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: CREATE IF NOT EXISTS TABLE, but CREATE OR REPLACE VIEW"},{"categories":null,"content":"A long-standing idea that I have is to test the servers limits: How does it fail and break if there are very many of a thing? Previously that was too easy, because many structures were constructed in a way that it was obvious they would not scale. But with MySQL 8 many things were overhauled, so let\u0026rsquo;s see what we can make many of and see how the server fares.\nThe Million Challenge Database servers are programs that are built to handle a lot of data. A million rows in a table are not a problem, and searching one in a million rows neither, because the server has structures that make this fast.\nBut is the database server using these structures internally in an efficient way and can it handle a lot of tables, schemas, views, users, grants, roles and so on?\nWhat can we try?\nMake a million tables and see how performance degrades or not. Will this work better if we use general tablespaces instead of file-per-table? Make a million views, all pointing to the same table. Nest views, one million deep. Make a million stored procedures. Make a million stored procedures, calling each other in a chain. Make a many triggers? Is that even possible? Make a million users. Make a million grants. This one is dear to my heart - we have this at work in one environment, and it broke the server in an exciting and hard to fix way. GRANT statements in the processlist and SHOW PROCESSLIST running concurrently raced badly. Make a million concurrent connections. Well, no, but I have seen 60.000 already, and it was not pretty. This failed in interesting ways, because monitoring was joining against P_S.THREADS and fell over badly. Make a million users, using roles. Make a million roles. Any other ideas that fit the general theme?\n","date":"2021-09-10T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/10/mysql-million-challenge.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: The Million Challenge"},{"categories":null,"content":"We observe a large number of messages of the kind\nThe table \u0026#39;../tmp/#sql…\u0026#39; is full Before MySQL 8 In older Versions of MySQL, implied temporary tables are being created whenever your EXPLAIN contained the phrase using temporary.\nIn this case, MySQL would create an in-memory temporary table to materialize an intermediate query result, and then continue to process the data from there. If that temporary table was larger than some configurable limit, the temporary table would instead be converted to a MyISAM table on disk, streamed out, and then work would continue with this.\nThis has a large number of disadvantages:\nA table in the MEMORY storage engine can have no variable length columns. That means, any VARCHAR column gets converted to a CHAR column in the MEMORY version of that table. Example: Your 5 byte (plus overhead) long \u0026lsquo;hello\u0026rsquo; in a VARCHAR(255) CHARSET utf8 would turn into a 765 byte CHAR(255) CHARSET utf8 monstrosity, right-padded with spaces. Memory used by MEMORY engine tables would be dynamically allocated on top of the other buffers the database uses, making the process size quite variable, depending on how many concurrent threads need to use temporary tables right now. This can lead to memory exhaustion and a visit from the OOM killer, or worse, to a paged out database server. When being streamed out to disk, the original variable length data types would be used, so you would not even see what caused the temporary table on disk in many cases, unless you looked very hard at the schema. Memory for efficient MyISAM table processing is usually not configured on an InnoDB MySQL instance. Because of that, we encouraged our users at work to be wary of plans with using temporary, to avoid use of utf8 columns except for human generated data, and to employ certain techniques for writing queries that handle strings in a nicer way.\nMySQL 8 fixes this Starting with MySQL 8, implicit temporary tables are using the InnoDB storage engine exclusively. That means, temporary tables have largely the same properties as any ordinary table.\nIt is safe to use VARCHAR(...) CHARSET utf8mb4, and at work we now recommend that you use this to represent strings. Variable length data types are handled just fine. It is fine to use single byte character sets for internal strings (names of status fields and other internal strings), but even that is no longer necessary. There is no preconfigured limit to where the table is being streamed to disk. This is being done by creating (internally and invisibly to you) a special tablespace for tmp tables. Tables created in this tablespace are InnoDB tables, but they are not redo-logged, because there is no need for them to be crash-safe. After all, tmp tables are supposed to be gone after a server restart.\nThis saves a ton of I/O and makes these tables very fast, while they are still compatible with the rest of the InnoDB engine.\ntmp tables are now also using the InnoDB buffer pool, the fixed giant data structure that all other data in the server is using, so the memory consumption of the server process fluctuates a lot less.\nAll pages in the buffer pool need to be backed by files, so that they can be written out if space in the buffer pool becomes tight. For MySQL, this is the innodb_temp_data_file_path config variable.\nAt work, we configure this on our systems with a hard upper limit:\ninnodb_temp_data_file_path=ibtmp1:12M:autoextend:max:100G This means you get a file, ibtmp1, in the data directory of MySQL with an initial size of 12 MB. This file is auto-extended in increments up to a maximum size of 100 GB - in the default configuration it is not limited.\nIf you need more, you are very likely holding the database wrong.\n\u0026ldquo;I am getting this error message\u0026rdquo; Isolate the offending query, EXPLAIN FORMAT=JSON the plan and check if you can get rid of the using temporary. If it is using up a 100 GB temporary file space, something is very wrong.\nYou should not increase the 100 GB limit: The ibtmp1 file will eat all your disk space, and you won\u0026rsquo;t get it back, as tablespace files never shrink.\n","date":"2021-09-09T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/09/tmp-file-full.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: The table '../tmp/#sql…' is full"},{"categories":null,"content":"I never had much reason to use table compression, so I largely ignored the topic in MySQL. I knew that MySQL had table compression since 5.1, but I also knew the implementation was horribly complicated and double stored all data. There is also page compression, a feature introduced with 5.7, which replaces table compression and works much better.\nTable Compression Table Compression is available in MySQL 5.1 and newer. It is used by setting an InnoDB table up with ROW_FORMAT=COMPRESSED KEY_BLOCK_SIZE=8 or similar, for even smaller key block sizes. A lot of status tables in INFORMATION_SCHEMA.%CMP% are available to monitor it.\nTable compression creates smaller pages (in the size you specify with KEY_BLOCK_SIZE), and loads and stores compressed pages of this smaller size from and to the buffer pool. On load, a second uncompressed page in the buffer pool is allocated, and the data is uncompressed and put into this secondary page to work with.\nOn write, the modified uncompressed page is recompressed and put back into the compressed buffer pool page. As this happens on write and not on checkpoint, this is not ideal for tables that are written to a lot. Compression and decompression happen in the Query thread, that is, the thread of your connection, and therefore single-threaded.\nIf buffer pool space it tight, uncompressed pages can be evicted, and recreated as needed by decompressing them again.\nIn order to be able to crash recover MySQL all possible shutdown scenarios, compressed pages are also written to the redo-log on checkpointing. This also leads to larger redo-logs, which may need to be upsized to allow for the additional traffic.\nPage Compression Page compression was added to MySQL already in version 5.7. It is a different way of handling compression of data in MySQL: A transformer stage is inserted into the IO handlers of MySQL, which on flush compressed a page as it is written out, and on read decompressed the data into the buffer pool page. This is much simpler approach that also interacts with a lot fewer parts of the server.\nBut since pages still are 16 KB on disk as they are in memory, an additional file system feature is required for this to actually save space: Hole punching support in the file system. The compressed page will be shorter than 16 KB, so all file system blocks that are unused at the end of the 16 KB will be marked as \u0026ldquo;unused\u0026rdquo; to the operating system. This works well with all modern Linux kernels, and the ext4 and xfs file systems (and presumably a lot of others as well). It does not play well with standard NTFS file systems due to the way NTFS handles things internally.\nBecause page compression is so simple, it is also very simple to configure: To enable a table for page compression, set the InnoDB table up with COMPRESSION=\u0026quot;zlib\u0026quot;. All newly written pages to this table will be compressed. Old data stays uncompressed.\nIn order to compress all pages in a table that has just been switched to page compression, run OPTIMIZE TABLE on it. This will recreate the table, using the new options.\nThe write-path for page level compression inserts itself into the InnoDB page cleaners . By default, the number is 4, and there can be up to 64. If your database writes a lot to compressed tables, it may be useful to increase this number. Since compression uses CPU, it is not useful to set the number larger than the number of available cores.\nReads are done by query threads, except when they are not (They aren\u0026rsquo;t when there is read-ahead happening, in which case it is done by the background IO threads ).\nThere is not much monitoring in place, and it is hardly needed, because page compression is so much simpler.\nChecking compression To check the degree of compression, look at the files at the file system level:\nkris@server:~/sandboxes/msb_8_0_25/data/kris$ ls -lsih keks* 222085022 72M -rw-r----- 1 kris kris 252M Sep 9 15:17 keks2.ibd 222085011 253M -rw-r----- 1 kris kris 252M Sep 9 15:16 keks.ibd We see the apparent file size is the same for the uncompressed and compressed file. The number of allocated blocks (second column) varies a lot, though.\nThe original table keks has been created as\nmysql [localhost:8025] {msandbox} (kris) \u0026gt; show create table keks\\G Table: keks Create Table: CREATE TABLE `keks` ( `id` bigint unsigned NOT NULL AUTO_INCREMENT, `t` text, UNIQUE KEY `id` (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=458731 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) A quarter million JSON records have been inserted. The compressed table keks2 has then been made as\nmysql [localhost:8025] {msandbox} (kris) \u0026gt; create table keks2 like keks; Query OK, 0 rows affected (0.08 sec) mysql [localhost:8025] {msandbox} (kris) \u0026gt; alter table keks2 compression=\u0026#34;zlib\u0026#34;; Query OK, 0 rows affected (0.03 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql [localhost:8025] {msandbox} (kris) \u0026gt; insert into keks2 select * from keks; Query OK, 262144 rows affected (27.53 sec) Records: 262144 Duplicates: 0 Warnings: 0 We can also check INFORMATION_SCHEMA.INNODB_TABLESPACES for the compression.\nmysql [localhost:8025] {msandbox} (kris) \u0026gt; select name, fs_block_size, -\u0026gt; file_size, allocated_size, -\u0026gt; allocated_size/file_size* 100 as percent -\u0026gt; from information_schema.innodb_tablespaces -\u0026gt; where name like \u0026#34;kris/keks%\u0026#34;; +------------+---------------+-----------+----------------+----------+ | name | fs_block_size | file_size | allocated_size | percent | +------------+---------------+-----------+----------------+----------+ | kris/keks | 4096 | 264241152 | 264245248 | 100.0016 | | kris/keks2 | 4096 | 264241152 | 74809344 | 28.3110 | +------------+---------------+-----------+----------------+----------+ 2 rows in set (0.00 sec) Being careful with file copies The granularity of the file system block size is 4 KB in our file system. The hole punching works at the block level, so we can free 12 KB, 8 KB or 4 KB of a 16 KB page. Even if the data in the page compressed to, say, 9 KB, it will still use 3 file system blocks of 4 KB out of the group of 4 that make up the file system storage for a page. So MySQL will only be able to give back 4 KB of space to the operating system.\nHoles in files can fill when you copy the file naively: Copying keks2.ibd around without a hole-aware tool will fill the holes. That means: the copy of the 72 MB source file will be a 252 MB destination file. A secure way to copy the file would be rsync with the appropriate options.\nHoles in files are also causing disk seeks. This is not an issue for any SSD or NVME flash, but can hurt performance on hard disks. On the other hand, this is 2021, and whoever is still running a database on HDD probably deserves no better.\nTL;DR Given all the above, for my usage scenarios there is probably no use for table compression anywhere for any reason. I should be using page compression everywhere where I need it.\n","date":"2021-09-09T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/09/mysql-two-kinds-of-compression.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: Two kinds of compression"},{"categories":null,"content":"Lilith Wittmann asked on Twitter:\nWhy do we have so much dangerous software in Germany?\nBecause we don\u0026rsquo;t have the competency anywhere (administration, enterprise or science) to understand the complexity of software.\nMy take was :\nComputer science is easy. It is the science of Zeroes and Ones, and it does not get any more complicated anywhere.\nComputer science piles abstractions on top of each other, though, 30 layers deep and with non-linear interactions. That creates a different kind of complexity that is also harder to handle.\nAs you grow older, you learn:\nComputer science is the science of boxes and arrows between them. Zeroes and Ones hardly matter.\nThe boxes are still trivial, but problems come from the dependencies. If the dependencies symbolize \u0026ldquo;communication between systems\u0026rdquo; things get truly awful.\nCommunication and consensus are lossy and hard to do, and until recently, were untestable.\nAs you grow even older, you learn:\nComputer science is the science of crystallized processes. Code is law.\nProcesses are contracts between people that regulate who talks when to whom about what and why. Programs for human distributed systems, \u0026ldquo;companies\u0026rdquo;.\nComputer science takes processes and create a machine-readable form of them. Interactions between people are mediated through code and automated. That can be good, but requires that you understand the process and why it is what it is.\nPizza, People, Projects and Processes has some fundamental things about processes.\n\u0026ldquo;The german government fails at digitization\u0026rdquo; means from this point of view that the system has lost the ability to understand its own processes and to change them in a controlled way.\nIt is ossified and critical organisational knowledge is not available.\n","date":"2021-09-07T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/07/computer-science.html","tags":["lang_en","computer"],"title":"Computer science"},{"categories":null,"content":"This 2018 book in some aspects is already outdated: Silicon Valley Techbro Kai-Fu Lee describes what AI is and what he thinks it will do to our future, the nature of work and the job market. But since then, the worlds view on what AI can and cannot do, what the problems to solve really are and a lot of other things have changed.\nAI Superpowers:China, Silicon Valley, and the New World Order , Kai-Fu Lee\nKai-Fu Lee is a Taiwanese born, American computer scientist, and worked at Apple, SGI, Microsoft and Google before becoming a venture capitalist in China.\nHe coined the adage \u0026ldquo;If data is the new oil, then China is the new Saudi Arabia\u0026rdquo; and in the books proposes that China has several advantages over the US in an arms race over artificial intelligence: Generally training deep learning models seems to be better suited to the Chinese approach of brute forcing a solution than to deep engineering; China has few data protection regulations getting in the way of data collection; Chinese startup culture is even more aggressive than the US one; and the chinese government funds and steers the startup industry in China into the AI of AI.\nLee believes that a number of jobs will be modified or eliminated by a potential AI revolution, including a number of white collar (office) jobs. The examples he gives are jobs that consist mostly of - in his opinion - simple pattern recognition, such as rough translator, bank loan officer or customer care worker. Similarly, the blue collar (worker) jobs at risk are truck driver, cashier or clothing factory worker. In a way, three years later, his estimates look overly optimistic: Self-driving cars are further away than they looked three years ago, and automated customer care with natural language recognition quickly transformed into the voice-mail hell as ten or twenty years ago.\nWhat is true is that AI can support human workers a lot in taking the boring parts of these jobs away, helping to provide rough estimates and marking clear cases as such. Still, AI in 2021 seems to be successful where it augments human workers instead of completely replacing them. In general, Lee\u0026rsquo;s view of the world is very mechanistic, and way too optimistic in what AI can actually completely solve without having a complete model of the world it acts in.\nImportant input and still a good overview, but overtaken quickly by the real world.\n","date":"2021-09-05T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/05/fertig-gelesen-ai-superpowers.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: AI Superpowers"},{"categories":null,"content":"\u0026ldquo;Old Man\u0026rsquo;s War \u0026rdquo; is the first \u0026ldquo;large\u0026rdquo; works by John Scalzi,\nOld Man\u0026rsquo;s War , John Scalzi\nThe plot premise is weird, but simple: Humanity has taken to the stars, but with private enterprise. Basically all advanced space technology is controlled by the Colonial Union. Life on earth on the other hand goes on almost as before.\nJohn Perry enlists to serve in the Colonial Defense Force at the age of 75, to protect humanity, but mostly to have the CU fight the effects of him aging with some unspecified Scifi tech. He leaves earth and during his induction to the CDF learns that he will be indeed rejuvenated, by transferring his consciousness into a new, young, genetically engineered body tailored for planetary combat.\nPerry\u0026rsquo;s first tour of duty sees battles on a number of CU planets and fights against various interstellar races. He soon learns that the CU is not actually involved much in galactic politics and has only limited knowledge about the background and motivation of the various space-faring intelligences.\nA fight against the man-eating Rraey leaves him wounded and left for dead on the contested planet Coral. He is found by a member of the Ghost Brigades, Jane Sagan, that he thinks looks like a younger version of his deceased wife Kathy, and befriends her. He learns that Ghost Brigades are synthetic humans created from the DNA scans of CDF volunteers that died before they could join the CDF, but without the memory and experience of their human predecessors.\nWhile technically Mil SciFi, and therefore a genre I despise, Scalzi manages to keep the focus the story on the characters and their interactions instead of troop movements and space battles. He is playing with the themes of generic engineering, encounters with alien races and the discovery of their motivation, and with building a connection to an image of a loved one, but without the memory and the shared experiences. An engaging book with characters I can relate to, and a story well told.\nOld Man\u0026rsquo;s War is continued in The Ghost Brigades and in The Last Colony , finishing the John Perry\u0026rsquo;s viewpoint books.\nThe story of \u0026ldquo;The Last Colony\u0026rdquo; is being retold in Zoe\u0026rsquo;s Tale from another character\u0026rsquo;s viewpoint.\nThe Human Division then continues the original storyline, from another characters point of view, dealing with the aftermath of the revelation of the CU\u0026rsquo;s scheming with earth politics. Humanity finally joins the emerging galactic society and must find a place in one of the various alliances that the different intelligent species begin to form. The resulting diplomatic complications are further told in The End of All Things in a series of Novellas from different character viewpoints.\nAll in all a series very worthwhile reading, exactly sufficient for one vacation.\n","date":"2021-09-05T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/05/fertig-gelesen-old-mans-war.html","tags":["lang_en","review","media","book","scifi"],"title":"Fertig gelesen: Old Man's War"},{"categories":null,"content":"Ram V is a writer, sometimes for comics. Together with artist Sumit Kumar he wrote a simple story: English Vampires vs. Indian Rakshasa.\nThese Savage Shores , Ram V \u0026amp; Sumit Kumar\nThe 1760\u0026rsquo;ies. An english vampire puts his peers at risk by not having his desires under control, and is exiled to Calicut, India. He soon finds out that even older and fiercer beings rule the night: Rakshasa, the Vampire equivalent of Indian Myth.\nBishan, a Raskshasa, kills the vampire, drawing the english vampires out for revenge. Before the background of a colonization war in India, Bishan and the vampire master Jurre Granno clash, first in India, then in England.\nFantastic illustrations, and a complex story well told, with rich metaphors, showing a clash of cultures and the infighting in pre-colonization India.\nAs a comic, the kindle edition does not read well on a Kindle, but works fine on Kindle for iPad or similar devices.\n","date":"2021-09-05T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/05/fertig-gelesen-these-savage-shores.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: These Savage Shores"},{"categories":null,"content":"Max Gladstone and Amal El-Mohtar co-authored This Is How You Lose The Time-War , not exactly a Science Fiction novel.\nThis Is How You Lose The Time War , Amal El-Mohtar and Max Gladstone\nRed and Blue are representatives, spies and saboteurs of two nearly all-powerful, warring factions. They travel through time to manipulate events at critical points in history in favor of their respective factions. They are leaving each other messages, they taunt each other, and gradually earn mutual respect. Eventually they grow close to each other, and love develops.\nRed\u0026rsquo;s commanding officer learns of the interaction and forces Red to leave a message to Blue that kills her. Red later fixes that \u0026ldquo;problem\u0026rdquo; by traveling into Blue\u0026rsquo;s childhood to give her immunity to the toxic message, and both escape the war by making off to elsewhere in time and space.\nThis is an epistolary novel, written in the form of the letters Red and Blue exchange. We only learn very gradually about the characters, their capabilities and their background, and it becomes clear that what we read is not actually the account of two humans, but rather godlike entities or avatars of forces of nature. Red and Blue over time grow close, and solve an initially unbridgeable conflict between the cultures or forces they represent at a very personal level.\nThis is a hard read, and if you were looking for an actual Science Fiction story, this isn\u0026rsquo;t one. Telling a story in the form of letters and having characters that are only remotely human at best is not a good vehicle to create tension, of paint a clear picture of what goes on. At multiple points the book reads more like some form of poetry as opposed a novel or regular prose. The storytelling ultimately manages to pull off a somewhat satisfactory ending, though, even if it is visible from almost the very start of the book.\nBeing so different and not fucking things up of course won the book a number of awards in 2019 and 2020, so there is that.\n","date":"2021-09-05T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/05/fertig-gelesen-this-is-how-you-lose-the-time-war.html","tags":["lang_en","review","media","book","scifi"],"title":"Fertig gelesen: This Is How You Lose The Time War"},{"categories":null,"content":"Dave Addey ran a Tumblr once, titled \u0026ldquo;Typeset in the Future\u0026rdquo;, in which he dissected the typography of Science Fiction films. This has been turned into the eponymous book.\nTypeset in the Future , Dave Addey\nIn 2013, Addey nerded out over the fonts in a Science Fiction movie and discovered it was an Eurostile variant (\u0026ldquo;Eurostile Extended Bold\u0026rdquo;). He started a Tumblr about this, and in great detail went through a number of movies, and about every sign, letter and font used in there. The Tumblr became quite successful, and he turned the most important posts into a book, adding a lot of images with examples and a number of interviews and essays to it.\nTable of Contents\nThe ebook is a joy to read on anything but a Kindle - I did on a 10\u0026quot; iPad, and it worked quite well. The dead tree edition would make an excellent conversation piece.\n","date":"2021-09-05T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/05/fertig-gelesen-typeset-in-the-future.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: Typeset in the Future"},{"categories":null,"content":"The memoir of Brian Kernighan, and the story of how UNIX came to be and what working at Bell Labs was like at that time: UNIX: A History and a Memoir is required reading for anyone who wants to know where Unix concepts came from and what ideas were behind its inception.\n\u0026quot;UNIX: A History and a Memoir \u0026quot;, Brian Kernighan\nKernighan takes us through the history and the setting of Bell Labs, why it existed and what it did. He explains the hardware of the time, in terms of size, power and capabilities, and why Bell did get involved into writing an Operating System, and the failure of Multics. Unix inception and its co-evolution with the C language was a kind of response to the Multics project, at the same time pioneering novel ideas and taking tested salvageable concepts from Multics, making something new and much more useful.\nWhile he roughly follows the timeline of Unix releases, Kernighan takes short detours, including mini-biographies of his colleagues and the influence they had on the design of the system and the ideas embodied in it. He finishes with the commercialization of Unix, Unix descendants - BSD, Minix, Linux and Plan 9, and with the closure of Bell Labs.\nIf you work with Linux, the C language or any Unix tools, you should read this book to understand where these things came from and what formed this environment.\n","date":"2021-09-05T00:00:00Z","href":"https://blog.koehntopp.info/2021/09/05/fertig-gelesen-unix-a-history-and-a-memoir.html","tags":["lang_en","review","media","book","c","unix"],"title":"Fertig gelesen: UNIX: A History and a Memoir"},{"categories":null,"content":"I had reason to look into the UNIX Eschaton, the time when the signed 32 bit counter of seconds since Midnight, 1970-01-01 UTC overflows. Going to Wikipedia , I learned we will die two years earlier, because in 2036-02-07, 06:28:16 UTC NTP will kill us all:\nAt 06:28:16 UTC on Thursday, 7 February 2036, Network Time Protocol will loop over to the next epoch, as the 32-bit time stamp value used in NTP (unsigned, but based on 1 January 1900) will overflow. This date is close to the following date because the 136-year range of a 32-bit integer number of seconds is close to twice the 70-year offset between the two epochs.\nGood to know.\nStill, I wanted to know the state of things. Linuxreviews tells me that the kernel already uses a 64 bit time_t internally, so we are good for the next few billion years. Unfortunately, a lot of other structures don\u0026rsquo;t, and some of them are persisted on disk.\nFilesystems Extending a persistent data structure is hard, and often cannot be done in-place. In many filesystems, the inode is a tight fit and extending timestamp will double the size of an inode, going up from one power of two to the next higher power of two.\nThe ext4 filesystem inode structure stores 64 bit timestamps these days, but the conversion cannot be done in-place. Since Linux 5.4 you get a warning:\next4 filesystem being mounted at (mountpoint) supports timestamps until 2038\nYou will need to dump these file systems, recreate them with 64 bit support and then restore the data.\nXFS has the bigtime option since 5.10. It counts signed 64 bit, but at nanosecond resolution, so it is good until the year 2468.\nNFS V4 has 64 bit timestamps with a second resolution, since 20 years. Anybody using NFS V2 or V3 already gets exactly what they deserve, so not a problem.\nJava counts 64 bit signed values, but uses milliseconds. Good for another 300 million years. Other systems do 64 bit signed, but count microseconds. Still sufficient.\nI am expecting the first \u0026ldquo;Enterprise 2038 Compliance\u0026rdquo; projects to start very soon. It will be great fun to find every single timestamp in a large enterprise and check it for 64 bit time_t. The fact that afterwards there will be different cutoff dates due to different timer resolutions will be even more fun.\nNegative Leap Seconds What also can kill us: Theoretically there are negative leap seconds , but no code in the world is prepared for them actually happening.\nGPS GPS will have interesting events in October this year, that is, in 2 months time.\nGPSD time will jump back 1024 weeks at after week=2180 (23-October-2021) .\nWhy?, and worse I was triggered by draft-peabody-dispatch-new-uuid-format-01 speaking about \u0026ldquo;36-bit big-endian unsigned Unix Timestamp values\u0026rdquo; in various places. The text also contains phrases such as\nFor example a 36-bit timestamp source would fully utilize timestamp_32 and 4-bits of timestamp_48. The remaining 12-bits in timestamp_48 MUST be set to 0.\nThe string 2038 appears nowhere in this document.\nIt\u0026rsquo;s a draft, it contains obvious typos in several place, but generally speaking UUID v7 and UUID v8 look underspecified, with different implementation variants, and have the look of untested ideas. I agree on the general idea of sort-ordering UUID values PK friendly, but having a proper UUIDv1 looks like the safer option to me.\n","date":"2021-08-18T00:00:00Z","href":"https://blog.koehntopp.info/2021/08/18/epochalypse.html","tags":["lang_en","computer"],"title":"Epochalypse"},{"categories":null,"content":"It began with a tweet by Sebastian Bergmann , which made me buy \u0026ldquo;88 names \u0026rdquo; by Matt Ruff. The book is a tour of massive multiplayer online role playing games for people who do not play, and also a discussion of identity on the Internet.\nJohn Chu has a small sherpa company, an outfit that helps causal players who have the coin to experience hard content in MMORPGs in an easy and successful way without investing too much time into the game. Chu is coming out of a relationship with a borderline gamer, Darla, and is being asked by an obviously powerful and demanding anonymous client to be shown several well known MMOs to better understand their genres.\nChu is trying to uncover the identity of his client, and comes to believe that he is the North Korean dictator Kim Jong Un. In the course of his research he learns the real identities of his employees, none of which are what he thought they were, and the real identity of Darla, who is way further past the borderline that he originally assumed.\nThis was a fun read for me, because it relatively accurately portrays MMOs and online games. At the same time Ruff\u0026rsquo;s writing very causally avoids Gamer Dudebro stereotypes and shows that people playing video games are way more diverse than their cliche. If you ever have had your Internet spaceship refueled by a 60+ year old english granny and ex-schoolteacher you will understand exactly what I mean.\n\u0026ldquo;88 Names \u0026rdquo;, Matt Ruff\n","date":"2021-08-03T00:00:00Z","href":"https://blog.koehntopp.info/2021/08/03/fertig-gelesen-88-names.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: 88 Names"},{"categories":null,"content":"Paul Fischer writes \u0026ldquo;A Kim Jong-Il Production \u0026rdquo;, a documentary the 1978 abduction of the famous South Korean actress Madam Choi, and her ex-husband, the filmmaker Shin Sang-Ok.\nBefore becoming the leader of North Korea, Kim Jong-Il headed the Ministry for Propaganda. Dissatisfied with the talent available, he had the famous actress Choi Eun-Hee kidnammed. When her ex-husband started to investigate, he had him kidnapped in Hong Kong and transported to North Korea by ship.\nTogether, they made seven films for Kim Jong-Il, gaining his trust. During a research trip in Vienna they fled to the US embassy.\nThe book uses this true story to shed a light on life in North Korea, and to explain how it became the hermetically sealed country it is today.\nThe seventh film of Choi and Shin, Pulgasari , can be found on Youtube with english subtitles. It is a Godzilla-like monster tale, in which a rice toy of a blacksmiths daugther comes to life and turns into a giant metal-eating monster fighting for the rights of poor farmers in feudal Korea. When the monster eventually turns aganst the farmers, the blacksmiths daugther sacrifices herself killing the monster.\nGoes well with 88 Names ","date":"2021-08-03T00:00:00Z","href":"https://blog.koehntopp.info/2021/08/03/fertig-gelesen-a-kim-jong-il-production.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: A Kim Jong-Il Production"},{"categories":null,"content":"Tommmy Krappweis ist nicht nur der Schöpfer von \u0026ldquo;Bernd, das Brot\u0026rdquo;, sondern auch ein Musiker, Stuntman, Filmemacher und Autor diverser Bücher. In der Trilogie um \u0026ldquo;Mara und der Feuerbringer\u0026rdquo; nimmt er uns mit in die Geschichten um die 14-jährige Münchnerin Mara Lorbeer in der Welt der nordischen Sagen.\n\u0026quot;Mara und der Feuerbringer , Band 1\u0026quot;, Tommy Krappweis\nMara Lorbeer ist 14, Scheidungskind und lebt bei ihrer esoterisch angehauchten Mutter in München. Während der Rückreise von einem Baum-Umwarmungs-Seminar, auf das sie ihre Mutter mitgeschleppt hat, wird sie von einem sprechenden Zweig angesprochen, der ihr mitteilt, daß sie eine germanische Seherin ist, die den Weltuntergang, Ragnarök, verhindern muß. Im Fortgang der Geschichte freundet sich Mara mit verschiedenen Personen an: dem Professor für germanische Mythologie Reinhold Weissinger, seiner Ex-Frau Stefanie Warnatzsch-Abra, SIegfried dem Drachentöter, dem nordischen Gott. Zusammen treten sie gegen Loge, den Feuerbringer, den mysteriösen Dr. Thurisaz, und den Drachen Nidhöggr. Über drei Bände entfaltet sich um Mara der Kampf der Guten gegen die Bösen im Reich der nordischen Mythologie, während sich im Weltlichen die Beziehung von Mara zu ihrer Mutter klärt und Mara zugleich lernt, sich selbst besser zu definieren.\n\u0026ldquo;Mara und der Feuerbringer\u0026rdquo; ist nicht nur eine Tour durch die nordische Mythologie und wie sie sich in unserer heutigen Welt wiederspiegelt, sondern auch eine Comig-of-Age Geschichte, bunt und leicht anarchisch erzählt, wie man es von Tommy Krappweis erwarten kann. Nicht nur für Jugendliche eine wunderbare Erzählung.\n\u0026ldquo;Mara und der Feuerbringer \u0026rdquo;, Tommy Krappweis, EUR 9.99 pro Band.\n","date":"2021-08-03T00:00:00Z","href":"https://blog.koehntopp.info/2021/08/03/fertig-gelesen-mara-und-der-feuerbringer.html","tags":["lang_de","review","media","book"],"title":"Fertig gelesen: Mara und der Feuerbringer"},{"categories":null,"content":"Charles Stross \u0026ldquo;The Merchant Princes \u0026rdquo; series of six books is another \u0026ldquo;Sliders \u0026rdquo; type of story, with the usual Stross-like twist. The story follows Miriam Beckstein, a woman who thinks she is a tech journalist. Miriam falls off a chair while looking at a strange pattern, and finds herself in a medival parallel earth.\n\u0026quot;The Merchant Princes Omnibus \u0026quot;, Charles Stross\nIn the course of the story, Miriam learns that she is actually from this parallel earth, and really is the Countess Helge Thorold-Hjorth in the kingdom of Gruinmarkt, which sits in the place of her world lines Boston. Her relatives and the other members of the six clans have the unique ability of walking between worlds, which they apparently abuse to work as uncatchable drug and money couriers in our world. World walking involves looking at a specific pattern, which seems to activate a heritable genetic trait in their brains that make them shift.\nIn the course of the story we learn a lot about this ability: The pattern seems to control the linked universes, the ability to walk between worlds seems to be bioengineered into the clans, but the how, who and when are unknown. There seem to be more parallel worlds, which open up as the story unfolds, and also the mythical \u0026ldquo;lost clan\u0026rdquo; is found.\nThings are becoming really complicated as the world of the lost clan, \u0026ldquo;New Britain\u0026rdquo;\u0026quot;, is discovered. Miriam flees to this world, which is technologically somewhere in the 1920, and fuels a communist, anti-monarchist revolution by importing gold and ideas into this world. Meanwhile, the clans activities on our world are becoming known to the US government, which desperately wants to get hold of worldwalkers to understand and duplicate their abilities.\nA fourth world is being discovered, in which a technologically advanced humanity died out for unknown reasons, and which currently is in the grips of an ice-age. And in a bit of foreshadowing, a fifth world is being discovered, in which earth is gone, and something else is found instead that resembles a black hole surrounded by unidentified energetic flares. While the clan struggles with an infight between the conservative and progressive factions, the US government finds a way to world-walk into Gruinmarkt and systematically nukes this world to secure access to the untapped oil reserves in this parallel universe.\nThe story is continued in another trilogy, \u0026ldquo;Empire Games\u0026rdquo;, which is set 17 years later. The conflicts started in the original series are being played out further, and the mysterious black hole from the fifth world is being activated by accident. The final part of this trilogy will be published this year, End of September.\n\u0026ldquo;The Merchant Princes\u0026rdquo; and \u0026ldquo;Empire Games\u0026rdquo; writing and storytelling is everything you would expect from Stross, so time and money well spent.\n","date":"2021-07-28T00:00:00Z","href":"https://blog.koehntopp.info/2021/07/28/fertig-gelesen-the-merchant-princes-omnibus.html","tags":["lang_en","review","media","book","scifi"],"title":"Fertig gelesen: The Merchant Princes Omnibus"},{"categories":null,"content":"\u0026ldquo;Outland \u0026rdquo; is the first book by Dennis E. Taylor, preceding the Bobiverse and also \u0026ldquo;The Singularity Trap\u0026rdquo;. It is a \u0026ldquo;Sliders \u0026rdquo; storyline, much like Pratchett\u0026rsquo;s and Baxter\u0026rsquo;s \u0026ldquo;Long Earth\u0026rdquo; , in which our heroes discover a parallel dimension with a seemingly uninhabited earth, and then need to colonize it.\nOutland , Dennis E. Taylor\nDennis E. Taylor is a computer programmer writing Scifi, and had problems finding a publisher for his debut novel, \u0026ldquo;Outland\u0026rdquo;, in 2015, so he self-published. The story was intended as the introduction to a series of books, \u0026ldquo;World Lines\u0026rdquo;. The original novel was withdrawn in 2018, extensively reworked, and re-publshed in 2019 as a standalone book, which is the version linked in this article.\nThe story follows an ensemble cast of students that through a failed physics experiment manage to open a dimensional portal into a parallel earth, which differs from this earth mostly in that it is seemingly uninhabited. While the students come up with schemes to get rich quick by mining gold in the parallel earth and somehow selling it locally, a global catastrophe strikes: The Yellowstone Supervolcano activates, covering most of the United States in ashfall and changing climate globally.\nOur students now use the portal to evacuate a number of people to start a colony in the wilderness of their parallel earth. But bootstrapping human civilization from basically nothing with contemporary humans seems to be harder and more dangerous than anybody thought.\nThe original book showcased early Dennis E. Taylor, but unpolished. The nerd humor and the the writing style were already somewhat there, but the characters were flat and a lot of things were still raw. The rewrite fixes this, and also makes the book more standalone, while still letting the door open to optional sequels.\n\u0026ldquo;Outland \u0026rdquo; by Dennis E. Taylor, EUR 4.39, also on Kinde unlimited.\n","date":"2021-07-23T00:00:00Z","href":"https://blog.koehntopp.info/2021/07/23/fertig-gelesen-outland.html","tags":["lang_en","review","media","book","scifi"],"title":"Fertig gelesen: Outland"},{"categories":null,"content":"Somebody needed a job queue in Python: Multiple writers insert into it in random order, and the jobs are written into the MySQL table jobs. From the jobs table, multiple consumers claim jobs in batches of n or smaller (n=100), and process them. After processing, the consumers delete the jobs. We need concurrent job generation and consumption, with proper and efficient locking.\nThe full source for this example can be seen in mysql-dev-examples in mysql-claim-jobs.py .\nBase Program Using our usual includes and setup,\nfrom time import sleep from random import randint from sys import exit from multiprocessing import Process import click import MySQLdb import MySQLdb.cursors db_config = dict( host=\u0026#34;127.0.0.1\u0026#34;, user=\u0026#34;kris\u0026#34;, passwd=\u0026#34;geheim\u0026#34;, db=\u0026#34;kris\u0026#34;, cursorclass=MySQLdb.cursors.DictCursor, ) Table jobs and setup we create a MySQL table jobs:\n@click.group(help=\u0026#34;Generate and consume jobs concurrently\u0026#34;) def sql(): pass @sql.command(help=\u0026#34;Recreate jobs table\u0026#34;) def setup_tables(): sql_setup = [ \u0026#34;drop table if exists jobs\u0026#34;, \u0026#34;\u0026#34;\u0026#34;create table jobs ( id integer not null primary key auto_increment, d varchar(64) not null, e varchar(64) not null, status enum(\u0026#34;unclaimed\u0026#34;, \u0026#34;claimed\u0026#34;, \u0026#34;done\u0026#34;) not null, owner_id integer null, owner_date datetime null, index(d), index(status) )\u0026#34;\u0026#34;\u0026#34;, \u0026#34;commit\u0026#34;, ] db = MySQLdb.connect(**db_config) for cmd in sql_setup: try: c = db.cursor() c.execute(cmd) except MySQLdb.OperationalError as e: click.echo(f\u0026#34;setup_tables: failed {e} with {cmd}.\u0026#34;) sql() In our table, the fields d and e represent the job payload. We will later select jobs for processing based on the contents of the d field, so we create an index on that.\nEach job has a status (unclaimed or claimed, and for debugging done instead of being deleted), an owner and an access date which we update when we change the claim status of the job. As we access jobs by status, we also index on status.\nMultiprocessing We generate a set of two generators that concurrently insert jobs into the jobs table, and a set of ten consumers that take jobs out of the jobs table.\n@sql.command(help=\u0026#34;Run job creation and consumer jobs\u0026#34;) def start_processing(): proc_generator = [] for i in range(1, 3): g = Process(target=generator, args=(i,)) proc_generator.append(g) g.start() proc_consumer = [] for i in range(1, 11): c = Process(target=consumer, args=(i,)) proc_consumer.append(c) c.start() From multiprocessing, we are using Process to handle this. Each of these processes is getting an identification number as a parameter using the args= named parameter to the constructor. We will later use this in the consumer() to track the owner of a claimed job.\nThe Generators Our generator takes the generator_id as a parameter, but makes no use of it.\nWe generate random d and e fields, and use auto-incremented numbers to identify the individual jobs. The new job has the status of unclaimed and the owner_id and owner_date are NULL. For speed, we commit to the jobs table only every tenth job.\ndef generator(generator_id): counter = 0 step = 10 cmd = \u0026#34;insert into jobs (id,d,e,status,owner_id,owner_date) values (NULL,%(d)s,%(e)s,\u0026#39;unclaimed\u0026#39;,NULL,NULL)\u0026#34; db = MySQLdb.connect(**db_config) c = db.cursor() while True: data = { \u0026#34;d\u0026#34;: \u0026#34;\u0026#34;.join([chr(randint(97, 97 + 25)) for _ in range(64)]), \u0026#34;e\u0026#34;: \u0026#34;\u0026#34;.join([chr(randint(97, 97 + 25)) for _ in range(64)]), } c.execute(cmd, data) counter += 1 if counter % step == 0: sleep(0.1) db.commit() The Consumers Our consumers need to claim unclaimed jobs that fulfill a condition from the jobs table. For simplicity, we claim rows that start with a random character, for example \u0026lsquo;a%\u0026rsquo;.\nNaive approach using UPDATE In SQL, this could be\nUPDATE jobs SET status = \u0026#39;claimed\u0026#39;, owner_id = ?, owner_date = now() WHERE status = \u0026#39;unclaimed\u0026#39; AND d LIKE \u0026#39;a%\u0026#39; But if we did it like this, we would run into two problems:\nWe do not get the claimed records for processing. We would need to select them after claiming them (SELECT id, d, e FROM jobs WHERE status = 'claimed' AND owner_id = ?). The UPDATE statement produces X-locks, and these persist until we commit. Other processes trying to claim jobs run the risk of running into our X-locks while scanning the table. These processes would hang. We need another approach to handle this to make it efficient.\nSmart approach using SELECT ... FOR UPDATE SKIP LOCKED Starting with MySQL 8, we get the option SKIP LOCKED when running select. This is documented in the manual as follows:\nA locking read that uses SKIP LOCKED never waits to acquire a row lock. The query executes immediately, removing locked rows from the result set.\nUsing FOR UPDATE we could read the rows we want and mark them for a later UPDATE with X-locks. At the same time we ignore the records already marked for later updates by other processes without stopping.\nThis is precisely what we need. In order to mark only the rows we are intending to claim as locked, we need to access the rows in our SELECT .. .FOR UPDATE SKIP LOCKED statement by primary key. That is, our statement needs to have the form SELECT ... FROM jobs WHERE id IN ( 1, 2, 3 ) FOR UPDATE SKIP LOCKED. We need another SELECT statement before the locking SELECT in order to translate our condition into a set of primary keys.\nSo this is the plan:\nRun a query to find a set of candidate primary keys (100 or fewer). This query can run outside our transaction and could use a replica to find a set of candidate primary keys. Start a transaction. This happens all the time and automatically in Python. In our transaction, run the SELECT ... FROM josb WHERE id IN (...) FOR UPDATE SKIP LOCKED as discussed. Using the result of the previous SELECT statement, run the UPDATE to claim the jobs. Run COMMIT to drop the X-locks, and make the change visible to other processes. Note that the set of candidate primary keys can be up to 100 ids in size, but can also be empty: We are searching for unclaimed jobs that start with a randomly selected letter, and it may be there are none.\nNote that the set of claimed primary keys can be identical to the candidate primary key set, or smaller. It may be empty, even if the candidate set was not: In this case all candidates have been snatched up by other consumers before we could. We may want to count and log that, in order to detect if our concurrency in consumers is too high.\nFinding candidates In code:\ndef find_candidates(cursor, wanted): candidate_cmd = f\u0026#34;select id from jobs where d like %(search_string)s and status = %(wanted)s limit 100\u0026#34; search_string = chr(randint(97, 97 + 25)) + \u0026#39;%\u0026#39; try: cursor.execute(candidate_cmd, {\u0026#34;search_string\u0026#34;: search_string, \u0026#34;wanted\u0026#34;: wanted}) except MySQLdb.OperationalError as e: click.echo(f\u0026#34;find_candidates: {e}\u0026#34;) exit(1) candidate_ids = cursor.fetchall() return [c[\u0026#34;id\u0026#34;] for c in candidate_ids] We are using some arbitrary SQL condition to find records. In our example, we are using WHERE d LIKE 'a%' AND status = 'unclaimed', for variable initial letters and for variable status values. We are only interested into the primary keys, so we return only these, in a list.\nConsuming jobs The actual consumer() then looks like this:\ndef consumer(consumer_id): db = MySQLdb.connect(**db_config) c = db.cursor() while True: # find potential records to process with the status \u0026#39;unclaimed\u0026#39; candidates = find_candidates(c, \u0026#34;unclaimed\u0026#34;) # we did not find any if len(candidates) == 0: # this is important, it will drop the persistent read view. # not doing this means we will never see newly inserted records from the generator db.commit() continue # with the list of candidate ids, we select them for update, skipping locked records lock_cmd = f\u0026#34;select id, d, e from jobs where status = \u0026#39;unclaimed\u0026#39; and id in %(candidates)s for update skip locked\u0026#34; c.execute(lock_cmd, {\u0026#34;candidates\u0026#34;: candidates}) claimed_records = c.fetchall() # these are the records we want to claim for processing # make us a list of ids of the claimed records claimed_ids = [ r[\u0026#34;id\u0026#34;] for r in claimed_records] claimed_ids_count = len(claimed_ids) if len(claimed_ids) == 0: db.commit() # again drop the read view continue # starting here we have a lock on the records in claimed_ids # so we know we are the only one processing them. # # we claim the records, updating their status and owner claim_cmd = \u0026#34;\u0026#34;\u0026#34;update jobs set status = \u0026#39;claimed\u0026#39;, owner_date = now(), owner_id = %(consumer_id)s where id in %(claimed_ids)s\u0026#34;\u0026#34;\u0026#34; c.execute(claim_cmd, {\u0026#34;claimed_ids\u0026#34;: claimed_ids, \u0026#34;consumer_id\u0026#34;: consumer_id}) db.commit() # doit(claimed_records) -- process the records, that takes some time print(f\u0026#34;consumer {consumer_id: } #records = {claimed_ids_count} - {claimed_ids}\u0026#34;) sleep(0.1) # after processing we delete them done_cmd = \u0026#34;delete from jobs where id in %(claimed_ids)s\u0026#34; c.execute(done_cmd, {\u0026#34;claimed_ids\u0026#34;: claimed_ids}) db.commit() That is, we call find_candidates() to generate a list of candidate ids. If we did not find any, we run a db.commit() before we continue. This is rather important: We are in a transaction here, and in REPEATABLE READ isolation that means we get a consistent read view. If we simply tried again, using only continue, we would stay in the same transaction and would never see the jobs table update.\nUsing the set of candidate ids, we then run the locking SELECT as discussed above. This does two things:\nit returns the data, which we pick up using claimed_records = c.fetchall() it also X-locks the rows for claiming them permanently We generate a list of claimed_ids from the claimed_records, and check that this list is non-empty. If it was empty, we did have a list of candidate ids, but none of them came through. That means another concurrent process snatched the candidates from us - all of them. We should be recording this, but are not in this example program.\nWe then run the actual UPDATE that marks the jobs as claimed, and updates the owner and the datetime of taking possession. We need to db.commit() here to write this status change to disk. This will now also be visible to other processes.\nWe can now proceed to actually process these records at our leisure. This may take time, which we simulate with a tiny wait.\nAfter processing has finished, we delete the jobs from the jobs table, and commit again to make the deletion visible.\nRun log Here is a short test run protocol:\n(venv) mysql-dev-examples/mysql-claim-jobs$ ./mysql-claim-jobs.py --help Usage: mysql-claim-jobs.py [OPTIONS] COMMAND [ARGS]... Generate and consume jobs concurrently Options: --help Show this message and exit. Commands: setup-tables Recreate jobs table start-processing Run job creation and consumer jobs (venv) mysql-dev-examples/mysql-claim-jobs$ ./mysql-claim-jobs.py setup-tables (venv) mysql-dev-examples/mysql-claim-jobs$ ./mysql-claim-jobs.py start-processing consumer 4 #records = 1 - [1] consumer 3 #records = 1 - [5] consumer 8 #records = 1 - [17] consumer 6 #records = 1 - [13] consumer 7 #records = 1 - [15] consumer 10 #records = 1 - [11] consumer 2 #records = 1 - [12] consumer 1 #records = 1 - [9] consumer 9 #records = 1 - [3] consumer 5 #records = 1 - [7] consumer 7 #records = 4 - [36, 59, 62, 109] consumer 9 #records = 5 - [44, 85, 113, 119, 127] consumer 8 #records = 3 - [72, 79, 126] consumer 5 #records = 5 - [45, 63, 80, 94, 95] consumer 10 #records = 1 - [51] consumer 3 #records = 7 - [2, 14, 22, 53, 68, 120, 140] consumer 1 #records = 4 - [23, 97, 115, 122] consumer 2 #records = 6 - [4, 47, 65, 99, 103, 105] consumer 6 #records = 6 - [26, 32, 43, 77, 83, 86] consumer 4 #records = 3 - [48, 84, 130] ... consumer 9 #records = 1 - [12413] consumer 3 #records = 2 - [12407, 12445] consumer 7 #records = 2 - [12450, 12459] consumer 5 #records = 2 - [12446, 12470] consumer 1 #records = 3 - [12397, 12426, 12441] consumer 8 #records = 1 - [12458] consumer 2 #records = 15 - [12282, 12313, 12327, 12350, 12365, 12369, 12385, 12399, 12401,\\ 12425, 12435, 12443, 12452, 12453, 12462] consumer 4 #records = 3 - [12421, 12440, 12466] ^S consumer 1 #records = 1 - [12515] counter = 6000 counter = 6000 consumer 5 #records = 30 - [12525, 12532, 12575, 12592, 12673, 12676, 12680, 12714, 12719, 12732, 12771, 12804, 12882, 12961, 12977, 13010, 13024, 13060, 13068, 13156, 13204, 13214, 13249, 13279, 13280, 13284, 13299, 13307, 13358, 13396] consumer 10 #records = 31 - [12516, 12531, 12537, 12541, 12623, 12630, 12638, 12742, 12777, 12791, 12792, 12800, 12810, 12819, 12821, 12981, 12990, 13117, 13119, 13131, 13138, 13161, 13180, 13192, 13202, 13259, 13283, 13352, 13367, 13383, 13414] We can see how each consumer grabs a variable number of jobs for processing, sometimes single jobs, sometimes many more. If we let the thing run for some time, we see that the ids increment. When we stop the output with Ctrl-S, we also block the consumers. On resume, very many jobs are lingering in the queue, and initially the consumers claim a large list of ids on each grab. This quickly goes back to normal levels after the number of jobs in the queue goes down to normal levels, too.\nWe can check queue length and status in the database:\nkris@localhost [kris]\u0026gt; select status, count(status) from jobs group by status; +-----------+---------------+ | status | count(status) | +-----------+---------------+ | unclaimed | 47 | | claimed | 23 | +-----------+---------------+ 2 rows in set (0.00 sec) Summary We created a job queue in the database, using a concurrent Python program. To select jobs efficiently, we reduce an arbitrary query to a set of candidate primary keys. We then use a SELECT ... FROM jobs WHERE id IN ( ... ) FOR UPDATE SKIP LOCKED to create a set of X-locks on the candidate records using FOR UPDATE. At the same time, we avoid waiting on other threads\u0026rsquo; X-locks using the SKIP LOCKED functionality new in MySQL 8. We then use the data fetched by the SELECT FOR UPDATE to commit permanent ownership for these records, and also use this data for processing. After processing we clean up by deleting the jobs from the table.\nThe approach can be scaled further by partitioning the jobs table, if needed.\n","date":"2021-07-13T00:00:00Z","href":"https://blog.koehntopp.info/2021/07/13/mysql-a-job-queue-in-python.html","tags":["lang_en","mysql","mysqldev"],"title":"MySQL: A job queue in Python"},{"categories":null,"content":"Wir hatten hier in den Reviews schon eine ganze Menge Tom Hillenbrand: Drachenväter , Drohnenland , und Die Drohnen des Monsieur Leclerq .\nDas aktuelle Buch von Tom Hillenbrand ist Montecrypto , das sich mit dem Hype um Cryptocurrencies beschäftigt und eine Art \u0026ldquo;Der Graf von Monte Cristo\u0026rdquo;-Geschichte erzählt.\nMontecrypto , von Tom Hillenbrand\nGregory Hollister, ein reicher Investor, ist verstorben. Angeblich hat er noch eine große Menge Geld, und dieses ist in Bitcoin angelegt und irgendwo versteckt. Wo genau, ist unklar, und so bekommt der Finanzdetektiv Ed Dante von Hollisters Schwester den Auftrag, den verschwundenen Schatz zu identifizieren und aufzuspüren. Dante setzt dabei aus Versehen ein auf dem Computer von Hollister installiertes Script in Gang, das eine weltweite Schatzsuche inszeniert.\nDoch es stellt sich heraus, daß die Geschichte um das Ableben von Hollister weitaus komplizierter ist, denn Hollister hat auch noch eine andere, wesentlich kontrolliertere Cryptowährung ins Leben gerufen und am Ende ist alles ein Racheplot in einem Racheplot.\nGewohnt gute Kost von Hillenbrand. Schnell und spannend durchzulesen, flott inszeniert und aktuelle Themen aufgreifend. Ich habe mich gut unterhalten gefühlt.\n\u0026ldquo;Montecrypto\u0026rdquo;, Tom Hillenbrand, Eur 12.99\n","date":"2021-06-05T00:00:00Z","href":"https://blog.koehntopp.info/2021/06/05/fertig-gelesen-montecrypto.html","tags":["lang_de","review","book","media","scifi"],"title":"Fertig gelesen: Montecrypto"},{"categories":null,"content":"Another Monte-Cristo-themed book, Tom Reiss\u0026rsquo; The Black Count nicely complements the german sci-fi novel Montecrypto by Tom Hillenbrand. It is a biography of the father of the French write Alexandere Dumas, Thomas-Alexandre Dumas Davy de la Pailleterie.\n\u0026quot;The Black Count \u0026quot;, by Tom Reiss.\nAlexandre Dumas, the author of \u0026ldquo;The Three Musketeers\u0026rdquo;, \u0026ldquo;The Count of Monte Cristo\u0026rdquo; and many other books, is one of the most read French authors. He had it easy coming up with stories, because his father had one of the most unusual and wildest lives imaginable. Dumas was, in a way, telling episodes from his fathers adventures, toned down to become more believable, in some of his stories.\nThomas-Alexandre was born on the French colony island Saint-Domingue (now Hawaii). His father was the French Marquis Alexandre Antoine Davy de la Pailletterie. His mother Marie-Cessette Dumas, an enslaved woman of \u0026ldquo;Afro-Caribbean\u0026rdquo; ancestry, which means that she or her ancestors were enslaved somewhere in Africa and forcibly brought to the Island. Not much is known about her actual origin or history.\nHis father, very broke, returned to France, where Thomas-Alexandre was legally freed: in France, slavery was prohibited since 1315, in the colonies not so much. He was educated in a military school and then joined the army as a young man. He also started to use his mothers name after he fell out with his father.\nDumas entered the military at the age of 24 as a private, but quickly rose in rank. This was not only due to his bodily fitness, his incredible fighting skills and his immense organisational talent, but also due to the wealth of opportunities that the upheaval of the French Revolution of 1789 offered, 3 years into his military career. He held the rank of a General-in-Chief over the 53.000 troops of the French Army in the Alps, at the age of 31. Among his soldiers, he was known for upholding the ideals of the French revolution, Liberty and Equality, and the ideals of Humanism.\nHe served under the orders of the commander-in-chief General Napoleon Bonaparte in Milan in 1796, clashing with him over plundering and expropriation policies. He also fought with Napoleon\u0026rsquo;s aide-de-camp over similar matters of fairness and courage in battle. Despite that, he joined Napoleon\u0026rsquo;s Egyptian expedition in 1798, and became the cavalry commander of the French Army of the Orient. The conditions of the march from Alexandria to Cairo were harsh, and Dumas discussed with other french generals if they would refuse to march past Cairo. Napoleon later learned of that meeting, accused Dumas of treason and forced him to return to France on an unsound vessel. The ship sank slowly during the trip, and was forced aground in a storm near Taranto in Naples. Naples Cardinal Fabrizio Ruffo imprisoned Dumas and his fellow travellers for two years. In jail, Dumas was permanently injured due to infection and malnourishment. He died in 1806, five years after his release, from stomach cancer, at which time his son Alexandre Dumas was 4 years old.\nGeneral Thomas-Alexandre Dumas story easily has sufficient material for several of the stories his son wrote, and his son in fact used parts of his fathers biography in several of his stories.\nBefore Reiss\u0026rsquo; well researched book the life and exploits of this colorful hero of the French Revolution were almost forgotten. Reiss\u0026rsquo; storytelling brings us back the story of Dumas, who lived through one of the most exciting parts of French history.\n\u0026ldquo;The Black Count \u0026rdquo;, Tom Reiss, EUR 8.59\n","date":"2021-06-05T00:00:00Z","href":"https://blog.koehntopp.info/2021/06/05/fertig-gelesen-the-black-count.html","tags":["lang_en","review","book","media"],"title":"Fertig gelesen: The Black Count"},{"categories":null,"content":"So somebody tweeted about the Seagate Mach.2 , a harddisk with two independent heads \u0026ldquo;combs\u0026rdquo;, and I commented in german : \u0026ldquo;It\u0026rsquo;s two drives in one chassis, even shown as two drives. And it still is rotating rust, so slow with seeks. Linear IO will be fine.\u0026rdquo;\nThat quickly devolved in a discussion of RAID-0 on a single disk drive : \u0026ldquo;RAID-0 on a single physical drive. Yeah, you can do that if you do not need your data.\u0026rdquo;\nAnd that is true, I replied : \u0026ldquo;Most people need their data a lot less than they think they do.\u0026rdquo;\nLet\u0026rsquo;s unroll that thread and the various followups in english for this blog.\nn=3 or n=1 So, most people actually need their data a lot less than they think they do. That is, because most database-like applications do their redundancy themselves, at the application level, so that RAID or storage replication in distributed storage (the \u0026ldquo;n-factor\u0026rdquo;, for the number of replicas that distributed stores for each block) is not only useless, but actively undesirable.\nWhere I work, there is the data track, and there are customers of the data track.\nNon-Databases are stateless Customers of the data track have stateless applications, because they have outsourced all their state management to the various products and services of the data track. They are deploying their applications, and they largely do not care about the content of hard disks, or even entire machines. Usually their instances are nuked on rollout, or after 30 days, whichever comes first, and replaced with fresh instances.\nCustomers of the data track care about placement:\nPlace my instances as distributed as possible, no two instances on the same host, if possible, not in the same rack or even the same stack\n(A stack is a network unit of 32-48 racks) This property is called \u0026ldquo;anti-affinity\u0026rdquo;, the spread-out placement of instances.\nDatabase-like systems The data track has things such as Kafka, Elastic, Cassandra or MySQL, and a few snowflakes.\nAll of these services are doing their own redundancy: individual drives, or even instances, are not a thing they care a lot about. Loss of hosts or racks is factored in.\nThey care a lot about anti-affine placement, because they care a lot about fault isolation through \u0026ldquo;not sharing common infrastructure\u0026rdquo; between instances.\nOften these services do create instances for read capacity, and getting fault tolerance by having the instances not sharing infrastructure is a welcome secondary effect.\nAdding distributed storage forces n=3 Now, if you switch from local storage to distributed storage, you very often get redundant storage. For transactional workloads this is often a RAID-1 with three copies (n=3). Most customers of them don\u0026rsquo;t actually need that: Because they create capacity for read scaleout, they only care about independence of failures, not avoiding them. So again, what they want is anti-affine placement, for example by propagating tags down the stack.\nSo imagine a lot of MySQL databases , for example on Openstack. The volumes of each replication chain are tagged with the replication chain name, like chain=\u0026lt;x\u0026gt;. If we could tell the storage to place all volumes with identical chain tag values on different physical drives, ideally on different storage nodes in different racks, storing data with n=1 would be just fine.\nCassandra, Elastic and Kafka could work with the same mechanism, because they, too, have native solutions to provide redundancy on JBODs at the application level.\nBut this kind of distributed storage does not exist, and that leads to triplicate storage when it is not needed.\nHow about local storage? \u0026ldquo;But, Kris! Local Storage!\u0026rdquo;\nYes, local storage would be a solution. I know that, because when running on autoprovisioned bare metal, it does work, and we currently have that.\nBut most Openstack operators do want live migration, so even ephemeral storage is often ceph\u0026rsquo;ed. That\u0026rsquo;s a\u0026hellip; complication I could do without.\nIn an earlier life Quobyte did work fine for volumes and ephemeral storage, except that with guests that contained large memcached\u0026rsquo;s or MySQL live migrations still failed often.\nThat\u0026rsquo;s not because of Quobyte, but because of memory churn: The memory of the VM in busy instances changed faster than the live migration could move it to the target host. We then had to throttle the instances, breaking all SLA\u0026rsquo;s.\nIn my current life, I can tolerate instance loss anyway, especially if it is controlled and announced. So I do not really have to migrate instances, I can ask nicely for them to be shot in the head. With pre-announcement (\u0026ldquo;I need your host, dear Instance, please die.\u0026rdquo;), and the application provisions a new instance elsewhere and then removes the one in question. Or with control (\u0026ldquo;Don\u0026rsquo;t force-kill instances if the population is too thin.\u0026rdquo;).\nEither case is likely to be faster than a live migration. It is faster for sure, if the data volume is on distributed storage so that I only have to provision the new instance and then simply can reconnect the data volume.\nNVME over fabric over TCP Local storage has a smaller write latency than distributed storage, but NVME over fabric (\u0026ldquo;NVMEoF\u0026rdquo;) is quite impressive. And since CentOS 8.2, NVMEoF over TCP is part of the default kernel. That means you do have the NVMEoF TCP initiator simply available, without any custom install.\nNVMEoF over TCP has a marginally worse latency than RoCE 2 (\u0026ldquo;NVMEoF over UDP\u0026rdquo;), but it does work with any network card - no more \u0026ldquo;always buy Mellanox\u0026rdquo; requirement.\nIt does allow you to make storage available even if it is in the wrong box. And distributed storage may be complicated, but it has a number of very attractive use-cases.\nvolume centric workflows: \u0026ldquo;make me a new VM, but keep the volume\u0026rdquo;. Provisioning one Terabyte of data at 400 MB/s takes 45 minutes of copy time for a total MySQL provisioning time of around 60 min. Keeping the volume, changing the VM (new image, different size) makes this a matter of minutes. With NVME namespaces or similar mechanisms one can cut a large flash drive into bite sized chunks, so providing storage and consuming it can be decoupled nicely. Lifetime of storage and lifetime of compute are not identical. By moving the storage out into remote storage nodes their lifecycles are indeed separate, offering a number of nice financial advantages. All of that at the price of the complexity of distributed storage.\nNVME \u0026ldquo;servers\u0026rdquo; This raised the question of what the \u0026ldquo;NVME server\u0026rdquo; looks like. \u0026ldquo;Is the respective NVME server an image file, or does it map 1:1 to a NVME hardware device?\u0026rdquo;\nNVME over Fabric (over UDP or over TCP) is a network protocol specification and implementation. It uses iSCSI terms, so the client is the \u0026ldquo;initiator\u0026rdquo;, and the server is the \u0026ldquo;target\u0026rdquo;.\nHow backing storage is implemented in a NVME target is of course the target\u0026rsquo;s choice. It could be a file, but the standard maps nicely on a thing called \u0026ldquo;NVME namespaces \u0026rdquo;.\nSo flash storage does not overwrite data, ever. Instead it has internally a thing called flash translation layer (FTL), which is somewhat similar to a log structured file system or a database LSM.\nUnlike a file system, it does translate linear block addresses (LBAs) into physical locations on the flash drive, so there are no directories and (initially also) no filenames.\nThere is of course a reclaim and compaction thread in the background, just like the compaction in log structured filesystems or databases. So you could think of the LSM as a filesystem with a single file.\nNow, add NVME namespaces - they introduce \u0026ldquo;filenames\u0026rdquo;. The file names are numbers, the name space IDs (NSIDs). They produce a thing that looks like partitions, but unlike partitions they do not have to be fixed in size, and they do not have to be contiguous. Instead, like files, namespaces can be made up by any blocks anywhere on the storage, and they can grow. That works because with flash seeks are basically free - the rules of rotating rust no longer constrain us.\nnvme command line Linux has the command line program \u0026ldquo;nvme \u0026rdquo; to deal with nvme flash drives. Drives appear named /dev/nvmeXnY, where X is the drive number and Y is the namespace id (NSID), starting at 1. So far, you probably always have seen the number 1 here.\nStart with nvme list to see the devices you have. You can also ask for the features the drive has, nvme id-ctrl /dev/nvme0n1 -H will tell you what it can do in a human-readable (-H) way. Not all flash drives support namespaces, but enterprise models and newer models should.\nUsing nvme format you can reformat the device (losing all data on it), and also specify the block size. nvme list will also show you this block size. You do want 4KB blocks, not 512 byte blocks: It\u0026rsquo;s 2021 and the world is not a PDP-11 any more, so nvme format /dev/nvme0n1 -b 4096, please. Some older drives now require a reset to be able to continue, nvme reset /dev/nvme0.\nNamespaces can be detached, deleted, created and attached: nvme detach-ns /dev/nvme0 -namespace-id=Y -controllers=0, then nvme delete-ns /dev/nvme0 -namespace-id=1. When creating a namespace, nvme create-ns /dev/nvme0 -nsze ... -ncap ... -flbas 0 -dps 0 -nmic 0 or whatever options are desired, then nvme attach-ns /dev/nvme0 -namespace-id=1 -controllers=0. Again, nvme reset /dev/nvme0.\nIn theory, NVME drives and NVME controllers are separate entities, and there is the concept of shared namespaces that span drives and controllers.\nIn reality, this does not work, because NVME devices are usually sold as an entity of controller and storage, so some of the more interesting applications the standard defines do not work on the typical devices you can buy.\nErasing Because flash does not overwrite anything, ever, you can\u0026rsquo;t erase and sanitize the device the way you have done this in the past with hard drives. Instead there is drive encryption (\u0026ldquo;OPAL\u0026rdquo;), or the nvme sanitize /dev/nvme0n1 command\nOr you shred the device, just make the shreds smaller than with hard disks: With hard disks, it is theoretically sufficient to break the drive, break the platters and make scratces. Drive shredders produce relatively large chunks of metal and glass, and are compliance.\nFlash shredders exist, too, but in order to be compliant the actual chips in their cases need to be broken. So what they produce is usually much finer grained, a \u0026ldquo;sand\u0026rdquo; of plastics and silicon.\nNetwork You need a proper network, Maik added :\nDistributed storage is storage at the other kind of the network cable. Every disk read and every disk write become a network access. So you do need a fairly recent network architecture, from 2010 or later: A leaf-and-spine architecture that is optionally oversubscription free so that the network will never break and never be the bottleneck.\nLeaf-and-spine Brad Hedlund wrote about leaf-and-spine in the context of Hadoop in 2012, but the first builds happened earlier, at Google, using specialized hardware. These days, it can be done with standard off the shelf hardware, from Arista or Juniper, for example.\nLeaf-and-spine as shown by Brad Hedlund . Today you\u0026rsquo;d use different hardware, but the design principle is still the same.\nHere, the leaves are \u0026ldquo;Top of Rack\u0026rdquo; switches that are connected to computers, so we see 40x 10 GBit/s coming up to the red boxes labelled \u0026ldquo;Leaf\u0026rdquo;. We also provide green switches labelled \u0026ldquo;Spine\u0026rdquo;, and connect to them with up to 10x 40G for a complete oversubscription free network.\nUsing BGP, we can automatically build the routing tables, and we will have many routes going from one leaf switch to any other leaf switch - one for each spine switch in the image. Using Equal Cost Multipath (ECMP), we spread our traffic evenly across all the links. Any single connection will be limited to whatever the lowest bandwidth in the path is, but the aggregated bandwidth is actually never limited: we can always provide sufficient bandwidth for the aggregate capacity of all machines.\nOf course, most people do not actually need that much network, so you do not start with a full build. Initially only provide a subset of that (three to four uplinks) and reserve switch ports and cable pathways for the missing links. Once you see the need you add them, for example when bandwidth utilization in the two digit percentages or you see Tail Drops/RED .\nRacks and Stacks One level of leaf-and-spine can build a number of racks that are bound together without oversubscription. We call this a stack, and depending on the switch hardware and the number of ports it provides, it\u0026rsquo;s 32-48 racks or so.\nWe can of course put another layer of leaf-and-spine on top to bundle stacks together, and we get a network layer that is never a bottleneck and that never disconnects, across an entire data center location.\n\u0026ldquo;Never disconnects?\u0026rdquo; Well, assuming three uplinks, and with a stack layer on top of the first leaf-and-spine layer, we get four hops from start to destination, and that 3^4 possible redundant paths to every destination ToR via ECMP.\nChances are that you need to build a specialized monitoring to even notice a lost link. You can only have outages at the ToR.\nWith such a network a dedicated storage network is redundant (as in no longer needed), because frontend traffic and storage traffic can coexist on the same fabric.\nA common test or demonstration is the Hadoop Terasort benchmark: Generate a terabyte or ten of random data, and sort it. That\u0026rsquo;s a no-op map phase that also does not reduce the amount of data, then sorting the data in the shuffle phase and then feeding the data (sorting does not make it smaller) across the network to the reducers.\nBecause the data is randomly generated, it will take about equal time to sort each Hadoop 128MB-\u0026ldquo;block\u0026rdquo;. All of them will be ready at approximately the same time, lift off and try to cross the network from their mapper node to the reducer node. If you network survives this, all is good - nothing can trouble it any more.\n","date":"2021-05-25T00:00:00Z","href":"https://blog.koehntopp.info/2021/05/25/nvme-is-not-a-hard-disk.html","tags":["lang_en","storage","networking","data center"],"title":"NVME is not a hard disk"},{"categories":null,"content":"I never wrote this up, and the information online is all referring to older versions of Windows, so let\u0026rsquo;s fix this.\nThe MS-DOS version of getting Umlauts on a US keyboard is to type the ASCII codes. As I can\u0026rsquo;t and won\u0026rsquo;t remember these codes, this won\u0026rsquo;t work for me. There is a deadkey way to get a \u0026ldquo;US (International Keyboard)\u0026rdquo;. On these, you type Double Quotes \u0026quot;, and then the letter that should form the Umlaut, for example o, for an ö. This works well for me. On older versions of Windows, you would start the old control panel and then go to \u0026ldquo;Clock, Language and Region\u0026rdquo;, and then set up things from there:\nThe old control panel. Current Windows 10 still has the old control panel, but no longer has language options in it.\nThis does no longer work, because while current Windows 10 still has the old control panel, language options are no longer part of it.\nInstead, the new Windows 10 settings are required. Start them (Windows+I), and choose \u0026ldquo;Time and Language\u0026rdquo;.\nWindows+I will bring up the settings\nIn \u0026ldquo;Time and Language\u0026rdquo;, select the Tab \u0026ldquo;Language\u0026rdquo;, make sure \u0026ldquo;English (United States)\u0026rdquo; is selected in \u0026ldquo;Preferred Languages\u0026rdquo;, and click \u0026ldquo;Options\u0026rdquo;.\nSelect \u0026ldquo;English (United States)\u0026rdquo; in \u0026ldquo;Preferred Languages\u0026rdquo; to make the \u0026ldquo;Options\u0026rdquo; button visible. Click that button.\nIn \u0026ldquo;Language Options: English (United States)\u0026rdquo;, click on \u0026ldquo;[+] Add a keyboard\u0026rdquo;. A list of keyboard layouts pops up. Choose the \u0026ldquo;United States - International (QWERTY)\u0026rdquo; keyboard.\nIt will be added to the list of available keyboard layouts.\nIf you wish, click on the \u0026ldquo;US (QWERTY)\u0026rdquo; keyboard, and click \u0026ldquo;Remove\u0026rdquo;.\nAfter hitting \u0026ldquo;[+] Add a keyboard\u0026rdquo;, choose \u0026ldquo;United States - International (QWERTY)\u0026rdquo;\nThe finished selection should look like this:\nThe keyboard layout chosen is \u0026ldquo;United States - International (QWERTY)\u0026rdquo;.\nUmlauts can now be entered by using typing \u0026quot; followed by the required vowel (for example o for an ö). You can still use all the nice brackets, braces and parentheses for programming directly, without additional finger breaking modifiers.\n","date":"2021-05-15T00:00:00Z","href":"https://blog.koehntopp.info/2021/05/15/windows-10-and-umlauts-with-an-english-keyboard.html","tags":["lang_en","windows"],"title":"Windows 10 and Umlauts with an english keyboard"},{"categories":null,"content":"Ian Lance Taylor is the author of a UUCP program that I have been using for a long time to connect to other USENET systems, long before I had access to the actual Internet.\nUUCP queues up jobs for remote execution, dials other computers with a moden, exchanges the contents of the queued up work, and after disconnect executes the jobs. The jobs are mostly invocation of \u0026ldquo;rmail\u0026rdquo; and \u0026ldquo;rnews\u0026rdquo; programs for the exchange of mail and USENET news.\nTaylors version of UUCP had large number of protocol and interface improvement that made it hugely superior, and that made working with \u0026ldquo;high speed modems\u0026rdquo; viable in the first place. It was the backbone of my network connectivity, 30 years ago.\nTaylor also wrote \u0026ldquo;a book\u0026rdquo; about program linkers in 2007, in the form of a long series of blog posts. In it, he explains what happens to a program after the compiler emits an object file, and before the program actually starts to run. That is, he describes how to the object file, system libraries and runtime become one thing that actually is capable of starting up.\nThis is deeply nerdy content, and also quite interesting, because it is widely underdocumented. Taylor\u0026rsquo;s series is key to making the obscure but vital topic better understandable.\nThis is not a book, but a series of blog posts. Fortunately, there is an index page made available by LWN. The parent article, on the Gold linker, is also at LWN .\n","date":"2021-05-14T00:00:00Z","href":"https://blog.koehntopp.info/2021/05/14/fertig-gelesen-linkers.html","tags":["lang_en","review","usenet","media"],"title":"Fertig gelesen: Linkers"},{"categories":null,"content":"Needle and Through the Eye of a Needle are books by Hal Clement. Hal Clement was a Hard Sci-Fi author born in 1922, and \u0026ldquo;Needle\u0026rdquo; was written in 1950 as his first book, for Campbell, no less, and sold to Doubleday. The followup was produced almost 30 years later, in 1978.\nNeedle The story begins with two spaceships crashing into planet earth, some time in the 1950\u0026rsquo;s idea of a future, close to an island in the Pacific ocean. Both ships are mostly destroyed in the crash, but the inhabitants survive: A criminal, and a kind of headhunter/policeman. They are part of formless species that has much smaller cells than humans and that need a host from normal sized cells with which they live in symbiosis - at least those of the species that are not criminals.\nThe Hunter enters the body of Bob Kincaid, a post-puberty schoolboy that parties at the beach because it\u0026rsquo;s the end of the summer vacation. The Hunter needs time to orient himself in Bob, establish communication, and find of his current situation, at which point Bob is already firmly abroad on the American continent, in School. He now needs to find a way to get Bob back to the island, and then find the Criminal who may hide in anybody on that island.\nWe follow Bob and his symbiont through the case, exploring the life on the island, in a weird mix of Sci-Fi, Whodunnit and YA island life.\nIn the second part, Through the Eye of a Needle , Hal Clement returns to his characters. Bob has fallen ill, which should be impossible with the Hunter symbiont living in him, and it appears that he\u0026rsquo;s showing some kind of reaction to the presence of the Hunter himself. Help is needed from specialists of the Hunters people, but because the Hunter\u0026rsquo;s ship was destroyed in the crash that seems to be impossible.\nTwo old school hard Sci-Fi books, that, looking past the outdated role-models, are still interesting YA reads and have aged quite okay.\n","date":"2021-05-14T00:00:00Z","href":"https://blog.koehntopp.info/2021/05/14/fertig-gelesen-needle.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: Needle"},{"categories":null,"content":"The Antivirus Hackers Handbook by Jaxeon Koret and Elias Bachaalany is part book, part a research report, detailing the findings of Jaxeon Koret and Elias Bachaalany in how Antivirus programs work, try to protect themselves and can be attacked and exploited.\nThe Antivirus Hackers Handbook The book assumes that you have some basic knowledge how compilers produce programs, what assembler looks like and how to map that on program statements in the code you write, and have access to IDA Pro free edition, Ghidra, Hopper or some other reverse engineering and analysis tool. We are then guided through the authors journey of discovery, analyzing the cores and plugin systems of various Antivirus products, how they work, how they detect viruses, how they update themselves, and how they try to protect themselves.\nAntivirus systems are terribly large and attractive targets when trying to exploit individual machines or even fleets of machines: They try to scan and understand all kinds of file formats, run analysis often in privileged mode and with system protections turned off, and they are usually installed uniformly on a large fleet of machines in corporates, as mandatory pieces of software. These days they also increasingly have cloud components they upload data to, well suited to mask exfiltration traffic. When trying to attack and subvert corporate targets, they are the ideal platform for an attacker.\nAnd the authors take us on that journey, at a level of intricate detail, but also always keeping the larger goal in sight. After reading this book one is looking at corporate security software differently, questioning if it is actually making things more secure.\n\u0026ldquo;The Antivirus Hackers Handbook \u0026rdquo;, Jaxeon Koret and Elias Bachaalany, EUR 32.06\n","date":"2021-05-14T00:00:00Z","href":"https://blog.koehntopp.info/2021/05/14/fertig-gelesen-the-antivirus-hackers-handbook.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: The Antivirus Hackers Handbook"},{"categories":null,"content":"So, Netflix\u0026rsquo; \u0026ldquo;The Witcher \u0026rdquo; was weird, and could not decide what it wanted to be: A \u0026ldquo;Hercules Legenday Journey\u0026rsquo;s\u0026rdquo;-like half-comedy, half-camp series, or something else, darker and denser, with more story and background. It hinted at a better story, better told, that did not make it into the final product, and died somewhere between the scriptwriting and the cutting table.\nInvestigating, I got myself the equivalent of the Witcher Boxed Set on the Kindle and started reading. And indeed, just as with Conan, the Barbarian , the book is nothing like the film.\nWe get indeed a dense and increasingly dark story, the story of Geralt and Jennifer, both remnants from a time gone by, and Ciri, the product of an age-old arrangement of breeding and selection, gone wrong in the last few steps, all of them fighting for freedom of will and their choice in life, and ultimately failing.\nThe reading order is \u0026ldquo;The Last Wish\u0026rdquo;, \u0026ldquo;Sword of Destiny\u0026rdquo;, (\u0026ldquo;Season of Storms\u0026rdquo;, optional), \u0026ldquo;Blood of Elves\u0026rdquo;, \u0026ldquo;Time of Contempt\u0026rdquo;, \u0026ldquo;Baptism of Fire\u0026rdquo;, \u0026ldquo;Tower of the Swallow\u0026rdquo; and \u0026ldquo;The Lady of the Lake\u0026rdquo;. And indeed, the story is good, the Netflix series is shallow and has very little to do with the books. Also, Sapkowsky pulls off a surprisingly large and mean number of storytelling trickery.\n","date":"2021-05-14T00:00:00Z","href":"https://blog.koehntopp.info/2021/05/14/fertig-gelesen-the-witcher.html","tags":["lang_en","media","review","book"],"title":"Fertig gelesen: The Witcher"},{"categories":null,"content":"The story of Heaven\u0026rsquo;s River , stranding in and then exploring an alien megastructure, is one that has been written before: In Niven\u0026rsquo;s Ringworld , Clarke\u0026rsquo;s Rama , and Farmer\u0026rsquo;s Riverworld . John Varley\u0026rsquo;s take on this, very seventies, is Titan , Wizard , and Demon , the Gaia Trilogy.\nTitan , Wizard and Daemon\nCirocco Jones is the Commander of the Earth science ship Ringmaster, and is right now approaching the orbit of Saturn, where she and her crew discover a new moon. As they approach the moon, they realize it\u0026rsquo;s a Stanford Torus like space habitat. Trying to find a way to dock, they come close and are being picked up by a giant tentacle-like arm, and dragged into the station while their ship is being destroyed.\nAs Cirocco wakes up, literally naked and hairless, without any resources by the metal parts that are the remains of her spacesuit, she realizes that months have elapsed since the collision. She sets out to orient herself in the strange, but extremely habitable world inside the torus, trying to find her crewmates. She manages to find them, and realizes they, like herself, have been changed in the months that they have spend somewhere in the interior of the space station.\nThey learn that the station is indeed a living being, older than time itself, and it is falling apart as the central intelligence is dying and the twelve subintelligences in the torus are fighting amongst themselves for control. Exploring the Flora and Fauna, it becomes obvious that all life in Gaia is constructed and preprogrammed, and at least sometimes under control of the central intelligence.\nCirocco, and her surviving shipmates, are trying to reach the centre, climbing up one of the giant, kilometres thick cables that hold the torus together. On their way they learn that some of them have been changed beyond the point of sanity, and fighting starts. Cirocco manages to get to the center, and is offered to be Gaia\u0026rsquo;s \u0026ldquo;Wizard\u0026rdquo;, her repair agent in torus world.\nIn the further books, this is expanded - Gaia establishes herself as a nation in the Solar system, opening a Consulate and offering medical miracle cures to humans that make the trip to Saturn and Gaia. It becomes clear that Gaia is terminally old, going slowly insane by age and boredom. Cirocco and Gaia fall out, and go to war with each other, Cirocco no longer being the \u0026ldquo;Wizard\u0026rdquo;, but the \u0026ldquo;Daemon\u0026rdquo;. During these events, Gaby, Ciroccos shipmate and later partner, is being killed.\nThe story then turns into more of a Zombie movie, in which a completely crazed Gaia goes to war on the humans, and the creatures of her that managed to emancipate themselves from her waning control. It comes to light that Gaia recorded the personalities of the captured Ringmaster crew, and that Gaby\u0026rsquo;s mentral recording has become some kind of agent in the hardware that represents the actual Gaia in the center of the Titan ring.\nIn a final confrontation, Cirocco raises an army from the ring inhabitants loyal to her, conquers Gaia\u0026rsquo;s forces, and manages to distract her sufficiently so that Gaby can take over the rings central hardware and bring the rebellious subsystems under her control. Gaby offers Cirocco to become a Wizard again, but Cirocco chooses adventure instead\u0026hellip;\nThe story has the classic shape of this particular Sci-Fi trope, and is being echo\u0026rsquo;ed in part in multiple ways in Heaven\u0026rsquo;s River, but is also very typical in its 70-ies sex-and-drugs laden storytelling. It has aged well enough to be enjoyable to read again, but it is too long to read in one uninterrupted go, and also has lengths in the later parts.\nTitan Wizard Demon by John Varley. ","date":"2021-05-14T00:00:00Z","href":"https://blog.koehntopp.info/2021/05/14/fertig-gelesen-titan.html","tags":["lang_en","review","book","media"],"title":"Fertig gelesen: Titan"},{"categories":null,"content":"Sometimes things go wrong, and it surely would be nice if you at least knew afterwards what happened. Where I work, we are running a shell script older than time itself, once a minute. The script writes files to /var/log/mysql_pl, into a directory named after the current weekday and named after the current hour and minute.\nSo when a box crashes on Thursday at 22:09, as long as I can login to it, I still can try to look at /var/log/mysql_pl/Thu/22_0? and try to reconstruct what happened before the crash. Often the buildup to catastrophe is clearly visible.\nA version in Python Our shell script is not really portable or viable outside the work environment, so I rewrite a similar thing in Python. It has no dependencies outside of a base install of a modern Python, except for mysqlclient (MySQLdb) to connect to the database.\nThe full script is available on github .\nini file It requires an *.ini file, and searches for it in a number of locations :\nf = config.read( [ \u0026#34;/etc/mysql/mysql-flight-recorder.ini\u0026#34;, \u0026#34;/etc/mysql/mysql_flight_recorder.ini\u0026#34;, os.path.expanduser(\u0026#34;~/.mysql-flight-recorder.ini\u0026#34;), os.path.expanduser(\u0026#34;~/.mysql_flight_recorder.ini\u0026#34;), os.path.expanduser(\u0026#34;~/mysql-flight-recorder.ini\u0026#34;), os.path.expanduser(\u0026#34;~/mysql_flight_recorder.ini\u0026#34;), \u0026#34;./.mysql-flight-recorder.ini\u0026#34;, \u0026#34;./.mysql_flight_recorder.ini\u0026#34;, \u0026#34;./mysql-flight-recorder.ini\u0026#34;, \u0026#34;./mysql_flight_recorder.ini\u0026#34;, ] ) So it is either mysql_flight_recorder.ini or mysql-flight-recorder.ini with underbars or dashes, in /etc/mysql, in your home as a dotfile or non-dotfile, or in the current directory as a dotfile or non-dotfile.\nThe *.ini files looks like this:\n[DEFAULT] logdir = /home/kris/Python/mysql/mysql-flight-recorder/mysql_flight_recorder pidfile = /home/kris/Python/mysql/mysql-flight-recorder/mysql_flight_recorder.pid compresscmd= bzip2 -9f That is, the DEFAULT section defines\nlogdir: a directory where to put the logfiles. pidfile: It also needs a filename (as an absolute pathname) for a pidfile, which is being used to prevent concurrent execution. compresscmd: And finally, the logfiles can be compressed, and the compress command needs to be specified. The compress command needs to be given in a way that existing compressed files are overwritten, that is why in the example the -f option is given. After that, for each host that is to be checked a section is defined. The section name defines the log file prefix, the compresscmd controls the suffix. In each section, we need to specify username, password, host and port for the connection. No attempt at using TLS is being made in my quick hack.\nThe default config shown produces\n(venv) kris@server:~/Python/mysql/mysql-flight-recorder$ ls -l mysql_flight_recorder/Thu/ total 48 -rw-rw-r-- 1 kris kris 21424 Apr 22 23:35 localhost_23_35.bz2 -rw-rw-r-- 1 kris kris 20975 Apr 22 23:36 localhost_23_36.bz2 ... What is being logged? We run\nselect version() as version show global status like 'Uptime' show full processlist show slave status (this will need a version gate soon to use show replica status) show engine innodb status select * from information_schema.innodb_trx select * from information_schema.innodb_locks (this has a version gate and uses select * from performance_schema.data_locks on 8.0) select * from information_schema.innodb_lock_waits (this has a version gate and uses select * from performance_schema.data_lock_waits on 8.0) select * from information_schema.innodb_cmp select * from information_schema.innodb_cmpmem select * from information_schema.innodb_metrics show global status show global variables That\u0026rsquo;s a lot of data, but bzip2 compressed it to around 20KB per minute. At 10000 files per week this ends up using 200 MB of disk space, which is reasonable for a post-mortem data stash.\nPossible extensions The original shell script has better support for TLS based communication, because it works using the command line client. The Python script needs TLS added.\nThe original shell script has some more version gating to handle older versions of MySQL and MariaDB. It tolerates missing data tables instead of terminating with an error.\nThe original shell script has a PMP trigger logic and can attach a gdb to the mysqld when certain conditions are met in order to PMP it. As we work only remotely in this version of the script, this is conceptually not supported.\n","date":"2021-04-22T00:00:00Z","href":"https://blog.koehntopp.info/2021/04/22/a-mysql-flight-recorder.html","tags":["lang_en","mysql"],"title":"A MySQL flight recorder"},{"categories":null,"content":"Children of Ruin is the second part of Children of Time by english Sci-Fi author Adrian Tchaikovsky.\nIn \u0026ldquo;Children of Time\u0026rdquo;, mankind reached for the stars, almost succeeded and also almost died out. They did manage to create a digital lifeform, though, and also to seed and uplift life from earth on another world - just not the intended one. And so we ended up with a race of intelligent giant jumping spiders that manage to befriend the broken artificial intelligence orbiting their world and to rescue the remnants of humankind from themselves. Oh, and ant based computers.\nThis almost Peter-Watts-like eclectic and unlikely cast of characters is amended in \u0026ldquo;Children of Ruin\u0026rdquo;, in which a spider-human ship travels a radio source that suggests intelligent life, to find a civilisation of similarly uplifted octopodes at war with itself, and a planet with truly alien, non-terran life which at some point becomes aware of the various terran research groups.\nTchaikovsky again manages to pull off nonhuman characters in a way that reads interesting and relatable, while at the same time completely alien.\nSee also Other Minds \u0026ldquo;Children of Ruin \u0026rdquo;, Adrian Tchaikovsky, EUR 5.99\n","date":"2021-04-07T00:00:00Z","href":"https://blog.koehntopp.info/2021/04/07/fertig-gelesen-children-of-ruin.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: Children of Ruin"},{"categories":null,"content":"Conan, The Barbarian by Robert E. Howard is a collection of all Conan stories.\nImaginary Worlds Ep 114: The Man Behind the Sword (Episode Transcript PDF ) discussed Robert E. Howard, his 1930\u0026rsquo;s character Conan, The Barbarian and how Howard\u0026rsquo;s Conan is different from the Schwarzenegger character, and a much deeper and more complicated story. Go, and listen to the episode, it is well worth the time.\nHaving seen the Schwarzenegger film, but never actually having read the book I went out and got this complete collection. The podcast was right, the original book Conan is much unlike the Schwarzenegger film Conan, and the book is fun to read. It\u0026rsquo;s a classic.\n\u0026ldquo;Conan, The Barbarian \u0026rdquo;, Robert E. Howard, EUR 0.99\n","date":"2021-04-07T00:00:00Z","href":"https://blog.koehntopp.info/2021/04/07/fertig-gelesen-conan-the-barbarian.html","tags":["lang_en","media","review","book"],"title":"Fertig gelesen: Conan, The Barbarian"},{"categories":null,"content":"Heaven\u0026rsquo;s River is the fourth part of the Bobiverse Trilogy, in which the original Bob finds a decaying alien megastructure, and investigates.\nPreviously in the Bobiverse:\nWe are Legion (We are Bob) For We Are Many All These Worlds Bob Johannson is a successful software developer, and cashes out. Then he dies, becomes a sentient spaceship and von Neumann probe, and then earth is almost destroyed in a war. Bob moves on, doing the von Neumann thing, and plundering the resources of foreign star systems makes more Bobs.\nIn this fourth part of a trilogy, Bob finds that the 20th+ generations of Bobs are very different from him, and have interests and ways of thinking he cannot or does not want to follow. Factions arise inside the Bobhood, and civil war breaks out. Because Bobs are von Neumann probes in a resource rich universe, the conflict is not over resources, but over first contacts and the relationship to the remnants of humanity and \u0026ldquo;other bios\u0026rdquo; that hold Bobhood back from becoming a truly starfaring race.\nMeanwhile, Bob meets yet another race, and this one actually managed to build a ringworld-sized megastructure around their star, while at the same time being highly aggressive (and like humanity, destroying their homeworld). Bob controlled Androids infiltrate the megastructure and try to find the controlling intelligence as part of a rescue operation.\nEntertaining, and still novel ideas after the original trilogy kind of came to an end. Some parallels to John Varley\u0026rsquo;s much earlier Gaea .\n\u0026ldquo;Heaven\u0026rsquo;s River \u0026rdquo;, Dennis E. Taylor, EUR 5.07 (also available for free on Kinde unlimited)\n","date":"2021-04-07T00:00:00Z","href":"https://blog.koehntopp.info/2021/04/07/fertig-gelesen-heavens-river.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: Heaven's River"},{"categories":null,"content":"Masters of Doom: How Two Guys Created an Empire and Transformed Pop Culture by David Kushner is the story of the two Johns: Carmack and Romero, and the early video game culture and the genre of the 3D first person shooter.\nA lot of todays \u0026ldquo;hard core\u0026rdquo; and somewhat toxic video game culture was defined by the two Johns and the company they built, as well as the culture that followed. The book follows their personal and company history and all the tales that come with it, and shows to differently broken persons building - for a time - a very successful company and failing differently. It also shows the nascent computer industry and how the hardware we have today was built around the software of that time and vice versa.\n\u0026ldquo;Masters of Doom: How Two Guys Created an Empire and Transformed Pop Culture \u0026rdquo;, David Kushner, EUR 6.99\nFabien Sanglard is a technology archeologist specializing in video games. His first book, Game Engine Black Book: DOOM is a unique analysis of the hardware and software that ran Doom back then, and what compromises and tricks were necessary to pull off the feat of creating a 30 fps full screen 3D animation on hardware that could not possibly actually do this.\nIf you know how to code, or if you know anything about games, demos, 3D animation, this is a truly unique tour of deep geekery and trickery.\nGame Engine Black Book: DOOM , on Sanglard\u0026rsquo;s website. Links to an electronic version in Google Play, and a free High-Res PDF for download.\n","date":"2021-04-07T00:00:00Z","href":"https://blog.koehntopp.info/2021/04/07/fertig-gelesen-masters-of-doom.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: Masters of Doom and The Game Engine Black Book: Doom"},{"categories":null,"content":"Peter Godfrey-Smith writes Other Minds: The Octopus and the Evolution of Intelligent Life , a book about the body, the mind and the life of Octopi.\nOctopi are creatures that are across the tree of life about as different as can be from humans. How different are they? Their blood is not based on iron, as ours, but uses copper to transport Oxygen, and consequently is not red from hemoglobin, but blueish from hemocyanin.\nTheir brain is not centralized in a single place, but sub-brains control the various arm motor systems. These are way more complex than in humans, because they are creatures of muscle without a skeleton, providing a completely different motor apparatus. On top of that, they contain a highly developed vision system that is similar to ours, but evolved independently, and a number of cells in the skin that allow them to flash complex patterns of colors in rapid succession.\nIn short, Octopi are basically aliens that co-evolved on our planet.\nAnd despite their very short lifespans they are highly intelligent: They can distinguish humans and remember how different humans treated them differently in the past. They open complicated locking mechanisms, remember schedules and plan escapes, shoot lights out by aiming water spouts at switches and use other convenient tools. They can learn by observation and deduction.\nHow do their brains work, and what does the world look like to an Octopus? Goes extremely well with Children of Ruin \u0026ldquo;Other Minds: The Octopus and the Evolution of Intelligent Life \u0026rdquo;, Peter Godfrey-Smith, EUR 6.77.\n","date":"2021-04-07T00:00:00Z","href":"https://blog.koehntopp.info/2021/04/07/fertig-gelesen-other-minds.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: Other Minds"},{"categories":null,"content":"Terry Jones\u0026rsquo; Barbarians: An Alternative Roman History by Alan Ereira is the writeup to the BBC series \u0026ldquo;Terry Jones\u0026rsquo; Barbarians \u0026rdquo;.\nTerry Jones, who sadly died in early 2020, was not only a member of Monty Pythons Flying Circus, but among many other things a TV author and presenter for a number of BBC series on medieval and ancient history. In many cases, he takes the controversial position and presents a view of history that challenges the popular view. In Barbarians, he goes through the history of the Roman Empire and the various groups of people the Romans fought and the cultures they destroyed in building their empire.\nThe book and the TV series discuss the Celts, Goths, Greek, Vandals, and Huns and their respective achievements, cultures and their clash with the Romans, portraying them in ways superior or at least equal to the civilsatory level of the Roman Empire. He also shows how these various cultures, despite being at war, meshed and merged, but also what was lost or is today under-reported and under-researched.\n\u0026ldquo;Terry Jones\u0026rsquo; Barbarians \u0026rdquo;, Alan Ereira, EUR 8.99\n","date":"2021-04-07T00:00:00Z","href":"https://blog.koehntopp.info/2021/04/07/fertig-gelesen-terry-jones-barbarians.html","tags":["lang_en","book","review","media"],"title":"Fertig gelesen: Terry Jones' Barbarians"},{"categories":null,"content":"The Vanishing Middle Class: Prejudice and Power in a Dual Economy by Peter Temin analyzes the economical and political structure of the USA. Temin does this through the lens of the \u0026ldquo;Dual Economy \u0026rdquo; Model.\nDual Economies are normally prevalent in colonial societies of \u0026ldquo;less developed\u0026rdquo; countries. These countries usually have local production and production for a global export market, and besides economical and income structures around this separation, there are also social segration and a certain degree of isolation of the social groups from each other - in politics as well as attempts to prevent social migration into the higher ranked group.\nTemin applies this thinking to the increasingly partisan politics and the underlying social development in the US. He is looking at what he calls the FTE sector (finance, tech and electronics), which makes up around 20% of the population and the rest. Middle class is also defined, in his case as 2/3 to 2x the median income ($40k to 120k p.a. in 2014). He shows how \u0026ldquo;membership\u0026rdquo; in the FTE sector is also happening along racial boundaries, but is not limited to this - \u0026ldquo;black\u0026rdquo; stereotypes are also tied to lower class \u0026ldquo;white\u0026rdquo; people. Temin also shows how the size of the middle class is shrinking, looking at the most recent 50 years of history. He then goes on to analyze politics and institutions, and how they align to cement and foster this process.\nThis is an exhausting read in more than one way: This is a science book and written to build a case, not to be easily readable. On the other hand, lots of sources and additional material are supplied. The kind of book you read at the desk with a browser open and not in bed. Also emotionally exhausting, because it shows the machinery of injustice at work, and in harsh detail.\n\u0026ldquo;The Vanishing Middle Class: Prejudice and Power in a Dual Economy \u0026rdquo;, Peter Temin, EUR 14.72\n","date":"2021-04-07T00:00:00Z","href":"https://blog.koehntopp.info/2021/04/07/fertig-gelesen-the-vanishing-middle-class.html","tags":["lang_en","review","media","book"],"title":"Fertig gelesen: The Vanishing Middle Class"},{"categories":null,"content":"In ALTER TABLE for UUID we discuss currently proper way to store and handle UUID in MySQL. Currently it works, even in a performant way, but it still hurts. It should not.\nDefinition of UUID The RFC 4122 defines various types of UUID, and how they are being formatted for presentation and as a bit field on the wire. As this document was written bei Leach and Salz, among others, RFC 4122 UUIDs are also called \u0026ldquo;Leach-Salz UUIDs\u0026rdquo; (for example in the Java Documentation ).\nThere are other UUID variants, used in other systems (NCS, and Microsoft \u0026ldquo;backwards compatibility\u0026rdquo;).\nA RFC 4122 UUID is a special 128 bit long value (\u0026ldquo;16 octets\u0026rdquo; ). It is supposed to be laid out like this:\n0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | time_low | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | time_mid | time_hi_and_version | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |clk_seq_hi_res | clk_seq_low | node (0-1) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | node (2-5) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The high bits in clk_seq_hi_res define the variant, and anything starting with the bit sequence 10 is a RFC 4122 compliant UUID.\nThe high nibble in time_hi_and_version defines the RFC 4122 Type (or version), the algorithm used. RFC 4122 itself defines versions 1 to 5 (version 0 is unused).\nThere is an expired draft that defines a version 6, which is specifically designed to use a primary key for databases. It uses the same timestamp value as Type 1, but stores the bytes so that ordering by creation time is preserved. It also relaxes the requirements on the node field, officially allowing different sources for bits than the MAC address. Sample implementations are available in various languages.\nUUIDs are all over the place in Windows and also in Java. Databases have to handle them as \u0026ldquo;application generated primary keys\u0026rdquo;. That\u0026rsquo;s why they are important and should be treated with some attention.\nHandling UUID in MySQL 8 MySQL provides functions to generate UUIDs, to check if a thing is a validly formatted string that looks like a UUID, and to convert UUIDs to 128 bit bitstrings and back.\nThe latter two functions have a special flag to improve performance with InnoDB. This flag is by default off. No attempt is made to automatically do the right thing dependent on the UUID type.\nUUID function The MySQL function UUID() returns a RFC 4122 Type 1 UUID.\nmysql\u0026gt; select uuid_to_bin(uuid()) as uuid; +------------------------------------+ | uuid | +------------------------------------+ | 0x80462D3C96AB11EB94BBBA2278F258E1 | +------------------------------------+ 1 row in set (0.00 sec) Formatted like in the RFC, we get the following values:\n80462D3C 96AB 1 1EB 9 4 BB B A22 78F258E1 Specifically, the clk_seq_hi_res contains the variant value, 9, and the time_hi_and_version contains the version, 1.\nAccording to the RFC, the variant 9 = 1001 = 10x (a RFC 4122 compliant UUID).\nOf the Versions defined in RFC 4122, it is Version 1 or Type 1 , \u0026ldquo;The time-based version in this document\u0026rdquo;. The generation algorithm is defined in section 4.2 of that RFC.\nSo a MySQL generated UUID is always a RFC 4122 Type 1 (time based) UUID.\nJava generated UUID values Compare with the Java UUID Class :\nWe have randomUUID(), returning a Type 4 UUID and nameUUIDFromBytes() for Type 3 and a generic Constructor that takes any 128 bit value. So what we get from Java is likely name based or random UUIDs generated by the application.\nName based UUIDs are fixed for a fixed name, so they pose no problem when used with MySQL as a primary key.\nRandom UUIDs are completely random. There is nothing to optimize for MySQL here.\nNeither is a good choice to use as a kind of application controlled distributed primary key.\nBased on the reasoning in ALTER TABLE for UUID , Java developers that are using UUID for this purpose would be well advised to implement and use a Type 1 UUID. It seems that such an implementation is not available by default as part of java.lang.util, but other implementations exist .\nIS_UUID() function The IS_UUID() predicate returns 1 for all strings that can be parsed as a UUID.\nThat is, it checks for one of three ways to write the UUID, and that it contains only valid hex digits in the places that actually contain data. No attempt is made to validate any of the bits. Code is here , and the actual parsing happens here .\nUUID_TO_BIN() function MySQL allows three ways to write UUIDs, as a 128 bit hex string (6ccd780cbaba102695645b8c656024db), as a 128 bit hex string with dashes in the right places (6CCD780C-BABA-1026-9564-5B8C656024DB) and as a 128 bit hex string with dashes in the right places and enclosed in curly braces ({6CCD780C-BABA-1026-9564-5B8C656024DB}).\nThis is not a particular dense packing of data for storage. The UUID_TO_BIN() function takes any of these strings and returns a VARBINARY(16) for storage.\nThe function has an optional second parameter, the swap_flag. When applied to a Type 1 UUID, the time bytes are being swapped around so that chronological ascending UUIDs from the same node are also having numerically ascending values. This optimizes storage with InnoDB.\nType 1 UUID: It is recommended you define UUID columns as VARBINARY(16) and use theUUID_TO_BIN(uuid_string, 1) function to store data. Type 6 UUID: You should use UUID_TO_BIN(uuid_string, 0) to store Type 6 UUIDs, because Type 6 has been specifically created to avoid the swapping of time bytes around. Other types: These do not profit from swapping, so also use UUID_TO_BIN(uuid_string, 0). BIN_TO_UUID function The inverse function to UUID_TO_BIN is BIN_TO_UUID() . It needs the same swap_flag value as has been used at write time in order to unpack the data correctly.\nIt should hurt less This all should hurt less.\nMySQL should have a native UUID column type, which stores data internally in a VARBINARY(16) (or BINARY(16)). It should accept all three notations as input (hex string, with dashes, with curly braces and dashes). It should return a hex string without dashes or curlies. It should validate variant and type (version), allowing Types 1 to 6. It should auto-convert (swap) data for Type 1, but not for any other type. There should be a formatting function that turns a hex string without dashes into a UUID string with dashes, or a UUID string with dashes and curlies. That is, I want to be able to\nmysql\u0026gt; create table u ( u uuid not null primary key, dummy integer ); mysql\u0026gt; insert into u values (uuid(), 1); mysql\u0026gt; select u from u\\G u: 6ccd780cbaba102695645b8c656024db mysql\u0026gt; select format_uuid(u, 0) as u from u\\G u: 6CCD780C-BABA-1026-9564-5B8C656024DB mysql\u0026gt; select format_uuid(u) as u from u\\G u: 6CCD780C-BABA-1026-9564-5B8C656024DB mysql\u0026gt; select format_uuid(u, 1) as u from u\\G u: {6CCD780C-BABA-1026-9564-5B8C656024DB} and internally, this is stored as 0x1026BABA6CCD780C95645B8C656024DB, because variant is RFC 4122 and Type is 1.\nFor any other Type of the RFC 4122 the internal swapping does not happen.\nTrying to store anything that is not a RFC 4122 variant is an error. Trying to store anything that is a RFC 4122 variant but not a Type 1 to 6 is an error.\n","date":"2021-04-06T00:00:00Z","href":"https://blog.koehntopp.info/2021/04/06/mysql-and-uuids.html","tags":["lang_en","mysql"],"title":"MySQL and UUIDs"},{"categories":null,"content":"(based on a find by Ruud van Tol, and several Twitter contributions)\nRuud commented on our DST discussion with\nmysql\u0026gt; SELECT \u0026#39;2019-02-28 12:34:56\u0026#39;+ INTERVAL 1 YEAR + INTERVAL 1 DAY as a, \u0026#39;2019-02-28 12:34:56\u0026#39;+ INTERVAL 1 DAY + INTERVAL 1 YEAR as b\\G a: 2020-02-29 12:34:56 b: 2020-03-01 12:34:56 2019 is a year before a leap year. Adding (left to right) a year brings us to 2020-02-28, and then adding a day makes this 2020-02-29, because it\u0026rsquo;s a leap year.\nOn the other hand, adding a day first makes it 2019-03-01, and then adding a year makes it 2020-03-01, a different result.\nClearly, addition is not commutative on dates, and having a two step interval addition is breaking expectations here.\nCompound Interval Notation MySQL is offering a bit of syntax for compound intervals. You can look it up in the manual .\nTo write up compound intervals, there is a select number of unit names that are actually allowed, and a special expression syntax for each one.\nFor example, you can + interval 12:23:56.789 hour_microsecond, or + interval 01-01 year_month. You can\u0026rsquo;t jump a year and a day, because there is no unit for that. Instead you have to write this down in MySQL in a two step interval addition and suddenly order matters.\nIf you think that this is a cumbersome solution and a cumbersome syntax, you will see me nodding in agreement.\nOther databases SQLite Mohammed S. Al Sahaf contributes this syntax for SQLite :\nsqlite\u0026gt; select date(\u0026#39;2019-02-28\u0026#39;, \u0026#39;+1 year\u0026#39;, \u0026#39;+1 day\u0026#39;) as a, date(\u0026#39;2019-02-28\u0026#39;, \u0026#39;+1 day\u0026#39;, \u0026#39;+1 year\u0026#39;) as b; a b ---------- ---------- 2020-02-29 2020-03-01 confirming that this is not a problem specific to MySQL.\nPostgres Andreas Scherbaum demonstrates the more generic Postgres Syntax:\npgsql\u0026gt; SELECT \u0026#39;2019-02-28 12:34:56\u0026#39;::TIMESTAMP + INTERVAL \u0026#39;1 year 1 day\u0026#39; as a, \u0026#39;2019-02-28 12:34:56\u0026#39;::TIMESTAMP + INTERVAL \u0026#39;1 day 1 year\u0026#39; as b; a: 2020-02-29T12:34:56Z\tb: 2020-02-29T12:34:56Z\tThis works, because Postgres offers a syntax for a single interval that can combine arbitrary units. So internally both times it\u0026rsquo;s the same order of operations (a span of a year and a day) in a single interval.\nThe two-step operation gives the same result as MYSQL.\npgsql\u0026gt; SELECT \u0026#39;2019-02-28 12:34:56\u0026#39;::TIMESTAMP + INTERVAL \u0026#39;1 year\u0026#39; + INTERVAL \u0026#39;1 day\u0026#39; as a, \u0026#39;2019-02-28 12:34:56\u0026#39;::TIMESTAMP + INTERVAL \u0026#39;1 day\u0026#39; + INTERVAL \u0026#39;1 year\u0026#39; as b; a: 2020-02-29T12:34:56Z\tb: 2020-03-01T12:34:56Z Cockroach Mohammed also demonstrates that Cockroach has the same syntax that allows Postgres to make the calculation in a single step:\nCockroach\u0026gt; select \u0026#39;2019-02-28 12:34:56\u0026#39;::TIMESTAMP + INTERVAL \u0026#39;1 year 1 day\u0026#39; as a, \u0026#39;2019-02-28 12:34:56\u0026#39;::TIMESTAMP + INTERVAL \u0026#39;1 day 1 year\u0026#39; as b; a | b ----------------------------+---------------------------- 2020-02-29 12:34:56+00.00 | 2020-02-29 12:34:56+00.00 What to do about it? I do not think that the different results for \u0026ldquo;a day and a year\u0026rdquo; and \u0026ldquo;a year and a day\u0026rdquo; for leap years in current MySQL are a bug, but they are certainly unexpected.\nI do think the current syntax for compound intervals that MySQL has is cumbersome and limited. It is also different from Postgres and Cockroach.\nPicking up Postgres/Cockroach interval notation would allow MySQL to get rid of \u0026ldquo;day_microsecond\u0026rdquo; and all the special expression syntaxes. It would also allow it to write arbitrary intervals with a much simpler notation.\nSo, MySQL, please consider\nmysql\u0026gt; select \u0026#39;2019-02-29 12:34:56\u0026#39; + interval \u0026#39;1 day 1 year\u0026#39; as a; a: 2020-02-29 12:34:56 sort it internally into a canonical expression and make it possible to jump to \u0026lsquo;2020-02-29 12:34:56\u0026rsquo; in a single interval jump.\nUntil then, make sure that you manually order your chained intervals into the proper sequence of steps. And if it is not from large to small, prepare to be surprised.\n","date":"2021-04-02T00:00:00Z","href":"https://blog.koehntopp.info/2021/04/02/making-an-unexpected-leap-with-interval-syntax.html","tags":["lang_en","mysql"],"title":"Making an unexpected leap with interval syntax"},{"categories":null,"content":"(based on a conversation with a colleague, and a bit of Twitter )\nA Conundrum A developer colleague paged me with this:\nmysql\u0026gt; select UNIX_TIMESTAMP(\u0026#34;2021-03-26 03:07:00\u0026#34; + INTERVAL 2 YEAR) - UNIX_TIMESTAMP(\u0026#34;2021-03-26 02:07:00\u0026#34; + INTERVAL 2 YEAR) as delta\\G delta: 420 It is obviously wrong, and weirdly so. It only works for \u0026ldquo;2 year\u0026rdquo;, not with other values:\nmysql\u0026gt; select UNIX_TIMESTAMP(\u0026#34;2021-03-26 03:07:00\u0026#34; + INTERVAL 1-11 year_month) - UNIX_TIMESTAMP(\u0026#34;2021-03-26 02:07:00\u0026#34; + INTERVAL 1-11 year_month) as delta\\G delta: 3600 mysql\u0026gt; select UNIX_TIMESTAMP(\u0026#34;2021-03-26 03:07:00\u0026#34; + INTERVAL 1-12 year_month) - UNIX_TIMESTAMP(\u0026#34;2021-03-26 02:07:00\u0026#34; + INTERVAL 1-12 year_month) as delta\\G delta: 3600 mysql\u0026gt; select UNIX_TIMESTAMP(\u0026#34;2021-03-26 03:07:00\u0026#34; + INTERVAL 1-13 year_month) - UNIX_TIMESTAMP(\u0026#34;2021-03-26 02:07:00\u0026#34; + INTERVAL 1-13 year_month) as delta\\G delta: 3600 It has to be exactly 730 days (2 * 365 days, 2 years):\nmysql\u0026gt; select UNIX_TIMESTAMP(\u0026#34;2021-03-26 03:07:00\u0026#34; + INTERVAL 729 day) - UNIX_TIMESTAMP(\u0026#34;2021-03-26 02:07:00\u0026#34; + interval 729 day) as delta\\G delta: 3600 mysql\u0026gt; select UNIX_TIMESTAMP(\u0026#34;2021-03-26 03:07:00\u0026#34; + INTERVAL 730 day) - UNIX_TIMESTAMP(\u0026#34;2021-03-26 02:07:00\u0026#34; + interval 730 day) as delta\\G delta: 420 mysql\u0026gt; select UNIX_TIMESTAMP(\u0026#34;2021-03-26 03:07:00\u0026#34; + INTERVAL 731 day) - UNIX_TIMESTAMP(\u0026#34;2021-03-26 02:07:00\u0026#34; + interval 731 day) as delta\\G delta: 3600 The Reason In our math, we have two expressions mixing MySQL Timestamp data types with UNIX Timestamp Integers.\nSo in the expression UNIX_TIMESTAMP(\u0026quot;2021-03-26 03:07:00\u0026quot; + INTERVAL 2 year) the part \u0026quot;2021-03-26 03:07:00\u0026quot; is a string, which is converted to a MySQL Timestamp type.\nThis MySQL Timestamp type is then used in an interval arithmetic expression to yield another MySQL Timestamp type.\nThis resulting MySQL Timestamp type is then fed into the UNIX_TIMESTAMP function, and produces an integer.\nThe same happens with UNIX_TIMESTAMP(\u0026quot;2021-03-26 02:07:00\u0026quot; + interval 2 year), producing another integer.\nThis is not the integer we are looking for:\nmysql\u0026gt; select from_unixtime(UNIX_TIMESTAMP(\u0026#34;2021-03-26 02:07:00\u0026#34; + interval 730 day)) as t\\G t: 2023-03-26 03:00:00 mysql\u0026gt; show global variables like \u0026#34;%time_zone%\u0026#34;; +------------------+--------+ | Variable_name | Value | +------------------+--------+ | system_time_zone | CEST | | time_zone | SYSTEM | +------------------+--------+ The First Level of Wrongness The 2023-03-26 is the day of the proposed time zone switch for 2023.\nOn this date, in the CET/CEST time zone, 02:07:00 is an invalid timestamp. MySQL silently, without error or warning, rounds this up to the next valid timestamp, 03:00:00.\nThis also happened yesterday:\n$ mysql --show-warnings mysql\u0026gt; select from_unixtime(unix_timestamp(\u0026#34;2021-03-28 02:07:00\u0026#34;)) as t\\G t: 2021-03-28 03:00:00 This should error, and must at least warn. It does neither.\nThe Second Level of Wrongness For\nmysql\u0026gt; select from_unixtime(UNIX_TIMESTAMP(\u0026#34;2021-03-26 02:07:00\u0026#34; + interval 730 day)) as t\\G t: 2023-03-26 03:00:00 there is the choice of producing the correct timestamp or producing an error. Silently fast forwarding to the next valid timestamp is incorrect in all cases.\nSetting UTC The database is running with the time_zone set to SYSTEM, and the system is running with the system_time_zone (a read-only variable) set to CEST (was: CET), which was picked up after the server start (on my laptop, in this case).\nmysql\u0026gt; show global variables like \u0026#34;%time_zone%\u0026#34;; +------------------+--------+ | Variable_name | Value | +------------------+--------+ | system_time_zone | CEST | | time_zone | SYSTEM | +------------------+--------+ 2 rows in set (0.01 sec) t: 2023-03-26 03:00:00 Trying to set the time_zone to UTC fails. This is because the time_zone tables have not been loaded.\n$ mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p\u0026#39;\u0026#39; mysql ... With that, I can\n$ mysql -u root -p mysql\u0026gt; set global time_zone=\u0026#34;UTC\u0026#34;; Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; set session time_zone=\u0026#34;UTC\u0026#34;; Query OK, 0 rows affected (0.00 sec) And with that, I can avoid the conversion:\nmysql\u0026gt; select from_unixtime(unix_timestamp(\u0026#34;2021-03-28 00:07:00\u0026#34;)) as t; +---------------------+ | t | +---------------------+ | 2021-03-28 00:07:00 | +---------------------+ 1 row in set (0.00 sec)mysql\u0026gt; select from_unixtime(unix_timestamp(\u0026#34;2021-03-28 01:07:00\u0026#34;)) as t; +---------------------+ | t | +---------------------+ | 2021-03-28 01:07:00 | +---------------------+ 1 row in set (0.00 sec)mysql\u0026gt; select from_unixtime(unix_timestamp(\u0026#34;2021-03-28 02:07:00\u0026#34;)) as t; +---------------------+ | t | +---------------------+ | 2021-03-28 02:07:00 | +---------------------+ 1 row in set (0.00 sec)mysql\u0026gt; select from_unixtime(unix_timestamp(\u0026#34;2021-03-28 03:07:00\u0026#34;)) as t; +---------------------+ | t | +---------------------+ | 2021-03-28 03:07:00 | +---------------------+ 1 row in set (0.00 sec) This will also yield the correct result for the type-mixed difference I showed above:\nmysql\u0026gt; select UNIX_TIMESTAMP(\u0026#34;2021-03-26 03:07:00\u0026#34; + INTERVAL 2 YEAR) - UNIX_TIMESTAMP(\u0026#34;2021-03-26 02:07:00\u0026#34; + INTERVAL 2 YEAR) as delta\\G delta: 3600 Not mixing MySQL Date Types and UNIX Timestamps The original math fails, because it mixes UNIX Timestamps and Date Interval Arithmethics.\nWe can handle this all the way in MySQL, using the extremely weird timestampdiff() function (more on that below):\nmysql\u0026gt; select timestampdiff( second, date_add(\u0026#34;2021-03-26 02:07:00\u0026#34;, INTERVAL 2 YEAR), date_add(\u0026#34;2021-03-26 03:07:00\u0026#34;, INTERVAL 2 YEAR) ) as t\\G t: 3600 We can handle this all the way in Integers with Unix Timestamps:\nmysql\u0026gt; select 86400 * 365 as t \\G t: 31536000 mysql\u0026gt; select (unix_timestamp(\u0026#34;2021-03-26 03:07:00\u0026#34;) + 2*31536000) - (unix_timestamp(\u0026#34;2021-03-26 02:07:00\u0026#34;) + 2* 31536000) as t \\G t: 3600 Both give us correct results.\nDate and Time Syntax MySQL provides you INTERVAL syntax with operators:\nmysql\u0026gt; select \u0026#34;2021-03-29 10:02:03\u0026#34; + interval 1 hour as t\\G t: 2021-03-29 11:02:03 and with functions:\nmysql\u0026gt; select date_add(\u0026#34;2021-03-29 10:02:03\u0026#34;, interval 1 hour) as t\\G t: 2021-03-29 11:02:03 Interval Syntax is weird. You can\u0026rsquo;t\nmysql\u0026gt; select \u0026#34;2021-03-29 10:02:03\u0026#34; + interval 1 month 1 hour as t\\G ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \u0026#39;1 hour as t\u0026#39; at line 1 You can only\nmysql\u0026gt; select \u0026#34;2021-03-29 10:02:03\u0026#34; + interval 1 month + interval 1 hour as t\\G t: 2021-04-29 11:02:03 With date_add() it is worse, because you have to nest:\nmysql\u0026gt; select date_add(\u0026#34;2021-03-29 10:02:03\u0026#34;, interval 1 month + interval 1 hour) as t\\G ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \u0026#39;1 hour) as t\u0026#39; at line 1 That would be then\nmysql\u0026gt; select date_add(date_add(\u0026#34;2021-03-29 10:02:03\u0026#34;, interval 1 month), interval 1 hour) as t\\G t: 2021-04-29 11:02:03 So date_add() and date_sub() both take a timestamp and an interval, and can be written as + and -, avoiding the nesting.\nA Word of Warning on DIFF functions There are two functions with underscores in the name, DATE_ADD() and DATE_SUB(), which take a timestamp and an interval. They produce a new timestamp.\nThere are three functions without underscores in the name DATEDIFF(), TIMEDIFF() and TIMESTAMPDIFF(), which take two timestamps and produce the difference.\nThey are all subtly different, and the parameter order for TIMESTAMPDIFF() is the other way around.\nRead carefully:\ndatediff(a, b) calculates the DATE difference as a-b. The time part of the timestamps is ignored.\nmysql\u0026gt; select datediff(now() + interval 1 month, now()) as t\\G t: 31 mysql\u0026gt; select datediff(now() + interval 2 month, now() + interval 1 month) as t\\G t: 30 timediff(a, b) calculates the TIME difference as a-b. The DATE and TIME parts are being used. The range is limited to the range of the TIME type, which is from \u0026lsquo;-838:59:59\u0026rsquo; to \u0026lsquo;838:59:59\u0026rsquo;.\nThat is 5 weeks, less 1 hour and 1 second (5 weeks are 840 hours, 5 * 7 * 24).\ntimestampdiff(unit, a, b) can do \u0026ldquo;proper\u0026rdquo; difference between b and a. The result is reported in the unit specified.\nThe order of the parameters is inexplicably reversed: We calculate b-a.\nmysql\u0026gt; select timestampdiff(hour, \u0026#34;2021-03-29 10:02:03\u0026#34;, \u0026#34;2021-03-29 10:02:03\u0026#34; + interval 1 month + interval 1 hour) as t\\G t: 745 TL;DR The lack of warning and error is now a MySQL Service Request. The original problem comes up because of the mixing of Unix Timestamp Arithmetic and MySQL Interval Arithmetic. There are ways to do it pure play either way, and they both result in the right result. There is DATEDIFF(), TIMEDIFF(), and TIMESTAMPDIFF(), and they are weird, and inconsistent and you really, really want to read the Date and Time Functions page, very carefully. ","date":"2021-03-29T00:00:00Z","href":"https://blog.koehntopp.info/2021/03/29/mysql-date-time-dst.html","tags":["lang_en","mysql"],"title":"Things you didn't know about MySQL and Date and Time and DST"},{"categories":null,"content":"Where I work, we are using MySQL a lot. The databases are being organized in replication hierarchies, and each hierarchy is a tree topology with a single primary and a number of intermediate replicas.\nReplication is a tree managed by Orchestrator We are using MySQL orchestrator to manage the replication topology.\nMySQL Orchestrator shows a typical replication hierarchy. Each color indicates a different data center/availability zone. Replication is a tree, from the primary to per-AZ intermediate replicas for fan-out to leaf replicas. Clients connect to the primary for writing, and to the leaf replicas for reading. Special instances exist as clone sources and backup instances.\nThe diagram above is the view presented by MySQL Orchestrator of a single replication hierarchy. Servers are arranged in a tree-shaped hierarchy. All writes go to the Primary at the tree root, which then replicates to intermediary replicas. These fan out to leaf replicas. Clients write to the Primary, and read from the leaf replicas.\nSpecial instances exist that are being used as clone sources for new replicas, to make backups and for other internal purposes (such as replication catchup benchmarks, for example).\nDifferent colors indicate different data centers or availability zones.\nClients find servers in Zookeeper Leaf replicas (and the Primary) register themselves with a Zookeeper when they are ready to serve traffic. The Zookeeper organizes replicas in the same availability zone in a pool, and offers that pool to clients.\nClients subscribe to pool changes in the Zookeeper. On change, they get notified and atomically dump the pool to a file on disk. That way, when Zookeeper is unavailable due to Zk internal voting or realignment, the clients still have a roster of endpoints to choose from. Also, they do not have to ask the Zk on each connect, only on each change.\nSome replication hierarchies see use from multiple applications: They are not single tenant, but multiple applications from different teams use the database as a shared data source, and as a way to communicate. That is, because historically there was only a single application, and a single schema, and then we grew and split things off.\nIn order to separate possibly interfering workloads from each other, such hierarchies have multiple pools for leaf replicas - one for each application. So there may be an \u0026lsquo;xml-misc\u0026rsquo; hierarchy (which would be the default pool), but also an \u0026lsquo;xml-mobile\u0026rsquo;, or an \u0026lsquo;xml-slow\u0026rsquo;. The latter would contain a number of sacrificial hosts to run queries on that cannot be optimized - that way they would interfere with each other, but not with the rest of the workload.\nIn any case, each leaf replica is always a member of at most one of these pools (it may not be in any pool, if it is a special purpose replica).\nPool name and AZ translate into a Zk path, and into a roster file on disk. Clients request a database handle by pool name, and end up with a connection to a random endpoint in the pool. Connections are direct, so in the MySQL processlist we can see the client host name and port as well as the application user name, which makes a lot of operational things much simpler.\nZk can also be used to find Primaries, and applications that are Zk aware benefit from that, because Zk updates are close to instantaneous. We also need to provide Primary hostnames via DNS, because there is always the odd shell script or non-Zk aware script in a snowflake language that does not understand pools. At least we do not have to manually split writes and reads from a single database handle, as if it\u0026rsquo;s 2001.\nDynamic database architecture Some replication hierarchies can get pretty large.\nThe oldest and largest replication hierarchy as seen in Orchestrator. It is more than 20 years old, and started as a schema on Postgres. But because Postgres could not replicate at all back then the company migrated to MySQL and grew on MySQL replication.\nOriginally, the company ran on Postgres, over 20 years ago. Back then Postgres could not reliably scale anyway, so the company migrated their stuff to MySQL and grew on MySQL replication. As you can see from the colors, this particular hierarchy spans three AZ. The blue bubbles in the leaf nodes indicate number of leaf replicas in the (compressed) tree view.\nThe segmentation of this particular replication hierarchy into pools is not visible within Orchestrator, only by dumping Zk.\nWe use MySQL in a memory saturated setup where possible. As a result there is no additional caching layer between the database and the application – MySQL can use memory and serve results just as fast as Memcache, when you ask it Memcache complexity questions. The boundary between Memcache level queries and true SQL is pretty fluid that way, and you do not have to deal with cache invalidation, cache representation issues and many other things that get in the way. Also, unlike a traditional caching layer, MySQL has a restart and warmup concept, so this operational aspect is also taken care of.\nInstances currently have a livetime of at most 60 days, and we are targeting a recycle time of less than 30 days. Also, the actual number of instances varies depending on the outcome of automated load tests in production and the traffic prediction. That leads to a pretty dynamic environment, but that is easily taken care of by the Zk based discovery, the replication tree management done with Orchestrator and the automated provisioning.\nFrom auto-provisioned Bare Metal… All of that is extremely old fashioned bare metal stuff. Currently databases run on HP or Dell blades, the smallest pieces of hardware one can reasonably buy: Dual-Silver 4110 machines (16 C/32 HT) with 96 or 128 GB of memory and one or two NVME SSD with 1.92 TB of storage each. We do not use RAID, we have replicas for redundancy.\nIn terms of RDS instances, these would map to db.m5.5xl, if these existed, I believe. Look up the list price of a db.m5.4xl, and compare. I believe we are at around 1/20th the cost of a hypothetical db.m5.5xl, and that is with pretty inefficient baremetal.\nBare metal with local storage is, if autoprovisioned, a wonderful thing – there is perfect workload isolation and no crosstalk, no jitter. Performance is extremely predictable, and the only adversary you are ever going to meet when debugging performance problems is yourself.\nHaving autoprovisoned bare metal is a large hurdle, though. There are two teams that have over time provided a bunch of software called ServerDB with many subcomponents related to talking to BMCs , enumerating machine components and managing firmware . There is another team writing a thing called Nemo, which does the same for network equipment. There is the PowerDNS API, and there is a whole collection of storage APIs to talk to, in order to provision local or remote storage.\nThe end result is a command line tool that makes you new databases, one individual copy, or two hundred instances, it almost does not matter.\n… to something else. Unfortunately this does no longer scale. New machinery is so powerful that even the tiniest pieces of hardware are too large for our medium sized databases.\nThere are outliers: I have seen instances that run on actual storage servers , but admittedly this particular team is holding it wrong and should rethink the way they are using databases, because an instance with 120 TB local NVME and a single 35 TB table is not a thing that helps with automation at all.\nNormal customers would benefit from running databases in virtual machines that are slices of much larger servers, and that are no larger than, say, 1/4 of the actual hardware, in order to be not overly hard on the packing algorithms of the scheduler.\nBut even when running on virtual hardware, predictive autoscaling and long lived instances are a must. Data size matters, and so do optimizations, because lugging around Terabyte sized blocks of data is still carrying a certain operational weight, even in 2021.\nThe worst case example would be the very large hierarchy shown above. It has a data directory of 850 GB, plus binlog files, so around one Terabyte of clone work to get up and running. At 400 MB/s instantiation speed, making one instance of these takes not under 45 minutes, and more likely around one hour.\nAssume that you lose one data center branch worth of these (say, the green section in the image above), you would have to reclone that. You would be looking at 100-200 clone operations. Concurrently at 400 MB/s, that\u0026rsquo;s 100 concurrent clones at 400 MB/s, or 40 GB/s. That translates into 400 GBit/s aggregate bandwidth, and that\u0026rsquo;s not happening with a single clone source, and not happening at all unless your network is built for this .\nSo you are looking at a staged rollout with work queues and some orchestration. Plan a multiple day setup time for a thing of that size. And when finished, it starts catching up with replication before it can be useful in production.\nWhat I have, and what I am looking for At this point in time there is a single Python command dba with subcommands, which talks to all the backend APIs to handle things. It grew out of a collection of shell scripts that did things to a single machine to make DBA life easier, and it still is mostly a local command line application (headless Django). It also is not exposing an API, and cannot be used by other people than DBAs.\nOf course, the number of replication hierarchies does not shrink.\nMySQL Orchestrator Replication Overview screen. Each card is a replication hierarchy with a number of instances organized in one of the trees shown above.\nSo imagine a thing not unlike a K8s controller, exposing an API, storing a desired state for the entire system of hierarchies and instances, and running a reconciliation loop. But it is not talking to a single K8s cluster, but to a number of backend APis, which may be bare metal hardware, Openstack, EC2, RDS, or K8s.\nIt understands MySQL and knows things about the application, like a K8s operator. So it knows This is MySQL and This is how we run MySQL around here. It would understand things like Ownership and Tenancy (\u0026ldquo;This team can make API calls affecting these chains.\u0026rdquo;) and it would not only understand operational things (\u0026ldquo;Make an instance.\u0026rdquo;, \u0026ldquo;Make a datadir\u0026rdquo;, \u0026ldquo;Connect Replication.\u0026rdquo;), but also things like Grant Management, Backup and Restore Testing, Production Capacity Testing, Replication Catchup Speed testing and Monitoring, Query Workload subsampling and Alerting.\nI would need to be able to describe a \u0026ldquo;replication chain\u0026rdquo; made from \u0026ldquo;instances\u0026rdquo; in various \u0026ldquo;backend services\u0026rdquo;. Each backend service would need a \u0026ldquo;bootstrap procedure\u0026rdquo; to establish initial presence, and from there clone out instances. Instances then would need to integrate into the chain, catch up, warm caches, register in Zk, and become operational.\nCapacity testing and a predictive scale goal would define the number of instances per backend, so that we are ready for the coming days load, with some margin for failure and Murphy. Backups probably can be made per chain, and not per backend, assuming the bootstrapping works and is tested.\nI would need probably the provisioning/deployment/upgrade and cycling as a procedure per backend, and they likely can be one: MySQL identity is defined by its datadir, and as long as I can keep volumes of datadirs alive independently of the actual database base instance, I should be able to pre-provision fresh instances, detach the volume from an old instance and reattach it to the new instance within a very short time.\nThat would allow me to meet a 30d instance age limit easily. I would also be able to move to newer versions of MySQL at will, and even downgrade within datadir binary compatibility limits. Upgrade orchestration is a thing: One has to put newer versions at the leaf nodes, and the gradually move upwards in the replication tree.\n\u0026ldquo;as a Service\u0026rdquo; Understanding a product is not a thing you can do as the developer and vendor of a product. You can only do it as a products user, because only then you understand the needs.\nA good vendor is running the product itself – that is the one thing that makes me very excited about Oracle MySQL running MySQL in their own cloud. Finally they are running their own product in a production environment and maybe realize all the fiddly things, wrong defaults, useless tuning knobs and operational complications, and all the places where the product is simply missing code. Things like the CLONE command should (and could!) have happened a decade ago.\nRunning a product as a user makes you understand the needs… of your organisation. There may be others. A good vendor collects these views, and merges them with their own experience, and then writes The Book™ on the product.\nThe Book™ on MySQL currently is a number of half-assed \u0026ldquo;MySQL as a service\u0026rdquo; implementations.\nThere is Amazon RDS, which is doing things like it\u0026rsquo;s 2010 – active/passive primary switchover with DRBD, and asynchronous replication for scaleout, limited to a very small number of managed instances, and a rather static hierarchy, without a clear discovery concept. It does interesting things with Grants, Defaults, and a number of other things, and is arguably the most complete service.\nThere is a bunch of K8s operators for MySQL, but I consider most of them toys for a multitude of reasons. A K8s operator is a pod that is running a binary that controls deployments of (persistent) services in K8s, managing instances, data directories (persistent volumes), but all within a single K8s cluster. Of course, that\u0026rsquo;s not resilient and it\u0026rsquo;s also not how you set up MySQL for production – spanning cluster and AZ boundaries is a must.\nEach operator also implements one specific way of running MySQL (\u0026ldquo;Group Replication!\u0026rdquo;, \u0026ldquo;No, traditioanl asynch replication!\u0026rdquo;) and so on, with very little in the way of policy tuning knobs. So when you look at K8s operators, you are really looking at source code templates to fork and implement your own from that. Not helpful.\nWhat is missing? Endpoint Discovery, Grant Management and a number of other things are also a must, with K8s even more so than with AWS, because it\u0026rsquo;s more dynamic.\nOn top of that, there is all the work that needs to be done for Predictive Scaling, Replication Speed monitoring, Query Monitoring and so on. A lot of that is not well thought out at all, and needs not just engineering, but in part even research.\nTracing integration For example, Oracle MySQL provides splendid instrumentation for performance monitoring, but getting this stuff out of MySQL is ten to twelve queries (all of which will affect monitoring, too).\nTracing Microservices is currently converging on a model where you provide a set of three IDs (root id, parent id and request id) and a subsampling mechanism. When a request is born, it is assigned a root id at the load balancer, and as it is propagated on it carries forward the root id, and the id of the immediate parent in the call tree between services, assigning itself its own unique ID.\nNot all requests are being traced, because that would be unwieldy. Instead a certain percentage subset is assigned to tracing. If this would be random, we would get a large number of requests that are sampled only in one subsystem, but not in another, leading to very few requests that are being traced front to back, so you would also need a way to forward the tracing attribute through the hierarchy. That way you get a subset (say, 1%) of all requests that are being traced everywhere.\nUsing the root id, you can very quickly select all requests related to one workload, and using the parent id - request id relationship you can arrange them into a call tree.\nIt would be really useful for MySQL to have a mechanism that triggers query execution tracing. When a query execution is traced, the assigned ids are carried forward, and at the end of the request the ids, the actual execution plan and all the data accumulated for performance schema associated with this query execution is being dumped into a single, configureable structure. This data cen then be handled in a plugin, which then can do with the data whatever is needful.\nIn my case, most likely offload it to a coprocess running on the same host, using UDP. The coprocess would then push this into Honeycomb or another tracing service. That would allow me to see a request, the services that the request touched and all the SQL execution associated with it in a single view. I would be able to see the service that generated the SQL, the generated SQL and its execution trace right here next to each other in the same view, instead of using Grafana, Kibana, gitlab and Vividcortex and trying to align the spike here with the log there and the source over there.\nInstance sizing In clouds, private and public, cost is suddenly an issue. The cost of RDS instances is, compared the to current bare metal, ridiculously high, and moving stuff into a cloud environment will cramp our style considerably for cost reasons.\nRight sizing instances is a need that everybody should have, but for some reason for example working set sizes are not being discussed a lot. What Brendan Gregg did in general WSS work is from six years ago and pretty orphaned. It needs a lot of work to be runnable on modern kernels and safely in production in an automated way.\nMySQL itself, with all the performance schema instrumentation, provides no easy way to count the number of buffer pool pages touched in the large x seconds, or rather a buffer pool access trail analogous to blktace, so that could could bucketize that analogous to the LBA access histograms .\nI don\u0026rsquo;t know why that is, but with all the cost pressure I\u0026rsquo;d have expected more prior art on this.\nYelling at the cloud So, yes. The age of bare metal is coming to an end, even where I work. It has served us well for more than two decades. It did, because we have automation for these things – we started that when we had around 100 MySQL instances or so, and we were for a very short time running almost 100 times more than that before we started cleaning up to get cost under control.\nLooking at what is available in \u0026ldquo;cloud\u0026rdquo; environments, I am still disappointed. The grunt work of provisioning is so much easier: One API to rule them all, instead of talking to see many different backends, many of then fidgety and unreliable.\nStill, there is little that looks like it actually has seen production at scale, and there are entire research subjects such as tracing integration and WSS estimation that are largely untouched. Dealing with replication at the level of a single cluster or backend also looks like a non-starter for actual production.\nThen there is the entire topic of CD, Continous Deployment, and \u0026ldquo;gitops\u0026rdquo;, which from where I sit looks like a good idea and also a ridiculously naive simplification at the same time.\nI mean, Continous Integration and testing – sure. Gitlab pipelines, also yes. Deploying \u0026ldquo;stateless\u0026rdquo; code into production automatically for head? Sure, once you trust these pipelines.\nBut actual Ops?\nSo, yeah, you can terraform instances. That\u0026rsquo;s just 2014\u0026rsquo;s Openstack HEAT with more backends. But try to terraform a thing with state and you will quickly realize how that is complicated.\nIt requires a state donor (a MySQL clone source, a backup of the old minecraft server you want to re-instantiate), probably coordination between the outside of the new instance (talking to the EC2 or Openstack) and the inside of several instances (the donor instance and the new instance, for example), coordinated catchup and warmup, and also a working endpoint discovery system.\nAnd if you do that at scale, instances = 200 in terraform, may require some thought in how you provision, with queueing, concurrency limits and stuff, and you did not code that at all when you automated your stuff.\nAnd that\u0026rsquo;s not even Ops. That\u0026rsquo;s Day 1 stuff.\nEveryday life MySQL land is: Replication is delayed because somebody ran a sequence of DELETE FROM t WHERE 1=1 at the primary and they are now filtering downstream to all the replicas, replication delay is 5h and rising before they complained to DBA.\nThe fix is \u0026ldquo;replication surgery\u0026rdquo;: Stop the replica and restart with replication disabled, emulate the deletion with truncate or an empty table creation, create an empty transaction for the skipped DELETE with the skipped GTID, and reinstate normal replication.\nGitops that?\nEveryday life in MySQL land is: Somebody oops\u0026rsquo;ed a table drop. Stop replication, locate a time delayed replica, fast forward it to before the oops\u0026rsquo;ed statement, stop it there, clone from this a new primary and a set of replicas, force feed it a modified replication stream for all the stuff that came after the oops\u0026rsquo;ed statement, and push this alternate history into production as a replacement for the oops\u0026rsquo;ed wreck.\nEveryday life in MySQL land is: A group of replicas died after having a bit of replication delay. Investigation finds a long running query maintaining a read view (sic!), leading to undo-log growth, which inexplicably slows down everything on these instances. The fix is to connect to the affected instances and manually KILL the threads that hold the long running read views. Not a thing to be done with a git commit.\nSo, yes, \u0026ldquo;continuous deployment\u0026rdquo; is a good idea, and I would like to see more of it. But before we are going to have that with stateful services, a number of hard problems need better solutions.\nAnd \u0026ldquo;gitops\u0026rdquo; ain\u0026rsquo;t gonna happen soon. We are going to see AIP operations (\u0026ldquo;ass-in-produxction\u0026rdquo;) for quite some time, I am afraid.\nAnd that is why I wear black and yell at the cloud.\n(based on a bit of Twitter )\n","date":"2021-03-24T00:00:00Z","href":"https://blog.koehntopp.info/2021/03/24/a-lot-of-mysql.html","tags":["lang_en","mysql"],"title":"That's a lot of databases"},{"categories":null,"content":"»If at all possible, we build databases so that the working set of the database fits into memory.« What does that even mean?\nWorking Set In computer science, the “Working Set” of a program is the set of things it will be accessing in the near future. Because computer science has not yet solved looking into the future, we are looking at the set of things we accessed most recently and hope for The Best™.\nThe Best™ here being that our future access pattern is very similar to our most recent past access pattern.\nWhy Memory Matters In MySQL, the “things we access” in the Working Set definition is RAM, Memory.\nWe do care, because memory is fast. How fast is fast?\nImages from Some Latency Numbers Illustrated One Pixel is One Nanosecond\nIn the above graphics, each pixel is a nanosecond, a billionth of a second. That’s the amount of time you have for each clock cycle at a clock of 1GHz. Our computers are running at a clock speed of around 3 GHz these days, 1/3 of a nanosecond per cycle.\nOne nanosecond is around 30 cm at light speed, 1/3 nanosecond is around 10 cm at light speed. 2 round trip times is what we need to need – in the best case – to assure consistency in a system. So at 3 GHz clock, 2 RTT yields a circle of 2.5 cm, around the size of a die or socket in our current computers. It is almost as if ye cannae change the laws of physics, Capt’n.\nNow, in the above graphics we visualize a L1 cache access, a L2 cache access, and a memory access. We also show a hard disk seek from the times of rotating rust. Well, we have to zoom out a bit.\nThis is a single disk seek:\nRight click, and \u0026ldquo;Open Image in New Tab\u0026rdquo;, then click again to zoom in. The memory access and cache accesses are at the top left.\nWe do not want disk accesses to rotating rust, and much less we want actual head movements. When we have to do that, users are unhappy.\nSSD is up to 100x better: we get up to 20.000 disk accesses per second (we get 5ms seek time, around 200 disk accesses per second from each piece of data center grade rust), but it is still slow.\nAdventures in Storageland explores that in some more depth. In Not Quite Storage Any More I get to play with Optane, and now, that is a different thing entirely.\nMemory means Buffer Pool The memory we care for is “16 KB data pages” that are kept in a memory structure called the “InnoDB Buffer Pool”. It’s the thing that makes MySQL processes large in memory. MySQL does not use the File System Buffer Cache much (Postgres does), but does things a lot more efficiently and with application level knowledge in userland, in the Buffer Pool.\nThe largest process in this instance is mysqld. The VIRT size is 84.8G, the RES size is 73.7G.\nLooking at one specific instance, we can see the machine has a main memory size of 128 GB. Userland gets to see 125 GB, the kernel needs the rest internally.\nThe MySQL process has a VIRT of 84.8 GB, that is, it has asked the operating system for memory allocations of a cumulative size of 84.8 GB.\nOut of this, the RES says it is at 73.7 GB. The resident set size (RES in htop or RSS in ps) is the cumulative amount of memory pages the process has actually accessed, so we actually took the promises the operating system made in VIRT and did something with it.\nWhen starting a fresh mysqld, you will see that the VIRT is already almost at the final size level and the RES is tiny. As the mysqld warms itself up, RES approaches VIRT.\nWarming up In the bad old times, we had to do that manually by executing a number of SELECT queries after startup to force data into the buffer pool before we enabled new boxen in the load balancer. Not doing that has very bad consequences: Instances would not serve queries in time, and slow instances would get ejected by the load balancers.\nAbout 9 years ago, I saw an incident that involved a restart of all the memcaches we had back then, and also restart all databases, due to a very bad rollout involving problems with cache invalidation. When everything was ice cold after that restart, all attempts at restarting failed due to the load balancer ejecting the databases with “not ready in time” errors.\nWe fixed that by quickly implementing an experiment that disabled the \u0026ldquo;buy\u0026rdquo; button, and put it full on. We then very gradually released the number of users in that experiment to zero over the following 20 minutes, and used this to carefully regulate the load on the memcaches and databases.\nOnly then we could turn that “experiment” off, and were back in business.\nWarming up efficiently These days, mysqld saves the page numbers of the data pages in the buffer pool in LRU order into an ASCII file when you nudge it, and on shutdown. When starting, it loads a percentage of that set of pages, the most recently accessed pages first. It’s one of the many improvements to MySQL that Oracle implemented because we asked them to.\nLoading a multi-gigabyte buffer pool from disk takes time, even with SSD, and we want to find a compromise between cache warmup and startup times. That’s why not all of the buffer pool is reloaded. The config variable innodb_buffer_pool_dump_pct controls the percentage of the LRU that we are interested in, and is usually a value around 25.\nHow much memory is in the pool? So how much of that 128 GB is being used as the buffer pool? Well, obviously VIRT is smaller than that – other things on the box are also using memory and we do not want to be OOM killed or pages out.\nIt is obvious why we would not want to be OOM killed, but why do we not want to be paged out? Memory access patterns are not efficient disk access patterns, so MySQL gets very slow when it is paged out.\nMemory data representation is also not efficient disk data representation, by the way, and that is why no database ever uses mmap() much, except MongoDB (but that is, some would argue, not a database).\nNow, RES is smaller than VIRT, so we are using even less of the 128 GB we have. Why is that?\n[root@prod-replica mysql]# du -sh . 684G . We do have enough data, so it is not that we would not like to keep more data in memory.\nBut, the InnoDB Buffer pool size is actually even lower than this.\nFrom the /etc/my.cnf of the instance above:\ninnodb_buffer_pool_size = 64G # innodb_buffer_pool_size defined from memorysize = 125 GB as 107 GB # innodb_buffer_pool_size_adjustment of -15 GB # connection memory = 29 GB for max_connections = 30000 innodb_buffer_pool_instances = 16 As you can see, we would like to see a Buffer Pool of 107 GB for a memory size of 125 GB (what userland sees after the kernel got its share).\nBut we are configured with a max_connections value of 30000, and each potential connection will eat memory. We need to leave room for that, and this leaves us with 16 Buffer Pool instances of 4 GB, for a total of 64 GB – only half of the total box, and 43 GB less than we would like to use.\n30000 Connections? Isn’t that a bit much? It is.\nEach web server connecting to the database is creating workers running Perl. Each of these workers will at some point open a connection to the instance (and keep it open). The maximum number of workers times the number of machines running this is the maximum amount of connections we need to be prepared for.\nCan’t we optimize this?\nWe can, and most of the time it will work. This box for example, right now, has only around 100 connections open. Others have at this point a few thousand.\nSometimes, though, the assumptions the optimization makes are invalid. Then we run out of connections. Then the site is down.\nSo we don’t, and pay with memory overhead for this.\nJava handles things differently due to a different deployment model, and also has better control over the number of connections that are being opened. We can still see many connections from Java, but that is more a decision than a fact forced on us.\nWe could put a proxy in between the Perl and the MySQL. This has other effects, and is not necessarily effective, or even a good idea. It is also not ready for production any time soon, so we will be paying in memory efficiency until this is done.\nSo what do I get? What do I get from all this memory?\nWe see “point queries” being served at an average speed of 336µs, that’s 336 millionths of a second or 0.336 ms. That’s memcached speed.\nA “point query” is a query that contains a single value lookup by primary key, something like SELECT a,b,c FROM t WHERE id = ? or similar.\nThe next level up from that would be a batch key access (“BKA”), such as SELECT a, b, c FROM t WHERE id in (?, ?, ?, …) or similar. When the data is cached in the Buffer Pool, we get answers in the sub-ms range times the number of rows asked. This is very much alike to a memcached GetMulti().\nThe next level up from that would be an indirect point or batch key access, such as SELECT a, b, c FROM t WHERE d = ? (or WHERE d IN (?, ?, ?, …)). These take usually two times the time the primary key lookup would take, but these are already things that cannot be done with memcached easily.\nBut, unlike memcached, a database can write these things to disk, persistently, atomically and efficiently. And you move seamlessly from in-memory queries to data read from disk, and you move seamlessly from point queries through BKA to JOINs and more complex constructs, until you reach Turing Completeness with Recursive Common Table Expressions in MySQL 8.\nLong story short:\nAt work, we hardly use memcached. We use mysqld instead, and we save ourselves from a lot of cache invalidation pain that way.\nIt was not always like this, and we changed that once we understood that\nthe database is fast enough and developers can’t name things, invalidate caches and declare dependencies reliably or consistently. Surely, in the cloud things will be different? Current tuning advice for MyQL, anywhere, looks like this Percona article. To save you the read: The first item on the list is to play blackjack with the Buffer Pool – as large as can be, but never so large that we page or swap. All other advice concerns efficient writes, not reads.\nAnd Aurora? Check out Migrating to Aurora: Easy except the bill . Aurora is not exactly a LSM like RocksDB, but sufficiently close. Like RocksDB and all other LSMs, it is even more dependent on memory for the L0-equivalent they have, and for compaction.\nIn the article, they solved their performance and cost problems (Aurora bills by disk accesses, even reads) by giving it 4x more memory than the conventional RDS instance they had.\nIn MySQL from Below I wrote:\nYou, too, can be a successful database performance consultant:\nSay “Buy more memory!” and “There is an index missing” as needed.\nAdd “That’s going to be expensive”, if you work for SAP or Oracle.\nHaha, only serious.\nWhat instance size should I choose? That’s actually a research question.\nWhen I was in university, the best way to find the Working Set of a machine was to boot it with a mem= parameter and see what happens. Considering this involves a reboot and a warmup, this is quite intrusive and slow. Nobody ever did that.\nBrendan Gregg came up with \u0026ldquo;Time Bounded Memory Access Counting\u0026rdquo; in his Working Set Size pages. His code is buggy and does not run the way it should on modern Linuxes. It also reports numbers that I consider fishy in my tests, and I do not trust what he does sufficiently to run it on a production database for long enough to get proper numbers.\nWe know that you do not need more memory than the sum of your data_length and index_length, so SELECT sum(data_length+index_length)/1024/1024 AS total_mb FROM information_schema.tables WHERE table_type = “base table” AND table_schema IN (\u0026lt;list of schema names\u0026gt;) is very generous upper boundary. It is guaranteed useless to have more buffer pool than this.\nIt is clear that virtual machines do give us more flexibility to balance cores and memory better, at a terrible cost when it comes to writing to disk, though (at least in the current deployments).\nAnd CPU or Network? The last time I saw a database being network bound was a Replication Primary on a 1 Gbit/s network interface with 200 Replicas. Each write was copied downstream 200-fold, so when you change a large BLOB, the network stalls due to the amplification.\nIn general, MySQL is utterly incapable of saturating the network, especially todays instances with 10 GBit/s or more on their network interfaces.\nMySQL can saturate a CPU when you hold it wrongly.\nThere are three reasons for CPU problems in databases that are common:\nYou happen to have a table in memory that is missing an index, so you are doing full scans in memory. Don’t do that. Add the index, and the load goes down. You happen to have a table that’s being sorted due to GROUP BY or ORDER BY, and the sort is small enough to happen without spillover to disk. Try to avoid the sort, for example by performing it in the client, if possible, or by leveraging a more covering index that presents data in the desired order, avoiding the sort. You have used code in the database: Stored procedures, stored functions or excessive stacked views. Don’t do that. Take off, nuke the site from orbit and start over on another planet. So? If at all possible, we build databases so that the working set of the database fits into memory.\nOptimize your database deployment on memory usage. Base your efficiency KPIs on that. Watch out for the disk reads requested/actual disk reads ratios and similar cache efficiency ratings in your database. Make sure the absolute number of actual disk reads is large independent of load on the database (when you increase load, the number of disk reads does not go up) Size your instances around memory. Forget about CPU or Network. If you have to care about these things, somebody is holding the database very wrongly. They need to be found, and be advised to commit a fix.\n","date":"2021-03-12T00:00:00Z","href":"https://blog.koehntopp.info/2021/03/12/memory-saturated-mysql.html","tags":["lang_en","mysql"],"title":"Memory saturated MySQL"},{"categories":null,"content":"Das Kind möchte ein Programm zum Üben von Rechenaufgaben sehen. Nun gut. Hier ist eine Version in PyQt5.\nUnsere Oberfläche soll so aussehen.\nWir wollen ein kleines Fenster, in dem eine billig generierte Rechenaufgabe angezeigt wird. Der Schüler soll die Antwort eingeben und den Knopf \u0026ldquo;Antworten\u0026rdquo; drücken. Danach wird angesagt, ob die Antwort korrekt war, oder ob sie falsch war. Wenn sie falsch war, wird auch die korrekte Antwort angezeigt.\nIn der Statuszeile und in den Fortschrittbalken wird ein laufender Score mitgeführt. Nach 10 Aufgaben, oder wenn man \u0026ldquo;Quit\u0026rdquo; drückt, wird das Programm beendet.\nDas Userinterface gestalten Wir brauchen Qt Designer, und erzeugen dort ein MainWindow.\nMainWindow erzeugen.\nMit einem Rechtsklick auf die Menubar und \u0026ldquo;Remove Menubar\u0026rdquo; können wir die nicht verwendete Menubar entfernen. Die kaum erkennbare Statusbar unten im Fenster lassen wir stehen.\nWir sehen rechts die im Programm vorhandene Bedienelemente-Hierarchie im Qt Designer. Das automatisch erzeugte \u0026ldquo;Centralwidget\u0026rdquo; ist leer, und hat einen Fehler (es ist mit einem roten Kuller markiert): Es hat noch kein Layout. Das Layout ordnet die im Centralwidget vorhandenen Unterelemente an.\nDas Centralwidget ist mit einem roten Kuller als \u0026ldquo;ohne Layout\u0026rdquo; markiert.\nWir ziehen einen QPushbutton in das Fenster, und drücken im gepunkteten Hintergrund die rechte Maustaste, wählen dann ein VerticalLayout aus.\nNachdem mindestens ein Bedienelement im Centralwidget vorhanden ist, kann man mit der rechten Maustaste im Layout-Submenü ganz unten ein Layout auswählen.\nNach dem Zuweisen eines Layouts verschwindet der rote Kuller und die Elemente im Centralwidget ordnen sich an.\nWir setzen oberhalb des Buttons ein weiteres Element ein: Eine groupBox. Auch diese hat ein Layoutproblem: Wir setzen einen weiteren Button ein und wählen ebenso durch Rechtsklick ins Leere der Groupbox ein HorizontalLayout aus.\nWir haben oberhalb des ersten Buttons eine Groupbox positioniert, und sie passt sich automatisch an das Fenster an - das ist das VerticalLayout vom Centralwidget bei der Arbeit. Legen wir in die Groupbox einen weiteren QPushbutton, können wir der Groupbox ebenfalls ein Layout zuweisen. Hier wollen wir ein HorizontalLayout verwenden.\nNachdem wir diese Grundstruktur haben, können wir die anderen fehlenden Elemente schnell nachziehen. Dabei ist wichtig, daß wir für jedes Element den passenden Namen festlegen, unter dem es später im Programm aufgerufen werden soll.\nJedes Element hat einen Namen - rechts kann man die Widgethierarchie sehen, und die Namen, die wir den Elementen zugewiesen haben.\nNachdem wir Elemente korrekt benannt haben, müssen wir noch die Beschriftungen der Knöpfe und anderen Elemente anpassen. Dazu reicht es, den Knopf zu doppelklicken und den Text zu ersetzen.\nWeiterhin kann man in den Widget-Eigenschaften bei einigen Elementen die Schriftgrößen anpassen. Ich habe a, +, b und = sowie den Richtig oder falsch?-Text von 8 auf 12 Punkt Schriftgröße angepasst.\nAm Ende wird die Datei als \u0026ldquo;aufgaben.ui\u0026rdquo; abgespeichert. Ich habe sie direkt dem PyCharm Projekt hinzugefügt.\nDie Qt Designer Ausgabe \u0026ldquo;aufgaben.ui\u0026rdquo; wird Bestandteil des PyCharm Projektes.\nPyCharm Basisprojekt Wir setzen ein Basisprogram mit Python 3.8 in PyCharm auf, und fügen die \u0026ldquo;aufgaben.ui\u0026rdquo; unserem Projekt hinzu. Unser Programm soll \u0026ldquo;aufgaben.py\u0026rdquo; heißen. Es wird PyQt5 verwenden, also schreiben wir das in unsere \u0026ldquo;requirements.txt\u0026rdquo;. PyCharm installiert uns das dann in unser venv.\nWenn die Requirements korrekt installiert sind, funktioniert das Importieren der QtWidgets in der Python Console einwandfrei und ohne Fehler.\nWir können die UI-Datei jetzt laden und ausführen, aber unser Programm wird dann noch nichts tun:\nfrom PyQt5 import QtWidgets, uic import sys class Ui(QtWidgets.QMainWindow): button_quit: QtWidgets.QPushButton group_aufgabe: QtWidgets.QGroupBox label_a: QtWidgets.QLabel label_b: QtWidgets.QLabel label_op: QtWidgets.QLabel button_loesen: QtWidgets.QPushButton feld_antwort: QtWidgets.QLineEdit label_richtig: QtWidgets.QLabel fortschritt_richtig: QtWidgets.QProgressBar fortschritt_total: QtWidgets.QProgressBar statusbar: QtWidgets.QStatusBar def load_ui(self) -\u0026gt; None: uic.loadUi(\u0026#34;aufgaben.ui\u0026#34;, self) self.button_quit = self.findChild(QtWidgets.QPushButton, \u0026#34;button_quit\u0026#34;) self.group_aufgabe = self.findChild(QtWidgets.QGroupBox, \u0026#34;group_aufgabe\u0026#34;) self.label_a = self.findChild(QtWidgets.QLabel, \u0026#34;label_a\u0026#34;) self.label_b = self.findChild(QtWidgets.QLabel, \u0026#34;label_b\u0026#34;) self.label_op = self.findChild(QtWidgets.QLabel, \u0026#34;label_op\u0026#34;) self.button_loesen = self.findChild(QtWidgets.QPushButton, \u0026#34;button_loesen\u0026#34;) self.label_richtig = self.findChild(QtWidgets.QLabel, \u0026#34;label_richtig\u0026#34;) self.fortschritt_richtig = self.findChild(QtWidgets.QProgressBar, \u0026#34;fortschritt_richtig\u0026#34;) self.fortschritt_total = self.findChild(QtWidgets.QProgressBar, \u0026#34;fortschritt_total\u0026#34;) self.statusbar = self.findChild(QtWidgets.QStatusBar, \u0026#34;statusbar\u0026#34;) self.feld_antwort = self.findChild(QtWidgets.QLineEdit, \u0026#34;feld_antwort\u0026#34;) def __init__(self): super(Ui, self).__init__() self.load_ui() self.show() app = QtWidgets.QApplication(sys.argv) window = Ui() app.exec() Das Programm importiert QtWidgets und uic aus dem PtQt5 Package. Es definiert eine Klasse Ui als Unterklasse von QtWidgets.QMainWindow. Wir definieren eine Methode load_ui(), die die aufgaben.ui-Datei lädt. Im Konstruktor initialisieren wir die Superklasse (das QMainWindow) und rufen dann load_ui() auf. Mit .show() werden die Bedienlemente dann auch sichtbar.\nDas Hauptprogramm hat die typische Minimalform für eine Qt-Anwendung: Erzeuge ein QApplication-Objekt, erzeuge unser QMainWindow (eigentlich eine Instanz unserer von QMainWindow abgeleiteten Klasse Ui) und starte dann die Event-Loop mit app.exec().\nIn unserer Ui Klasse definieren wir einen Haufen Slots für alle diejenigen Bedienelemente der .ui-Datei, die wir direkt ansprechen wollen. In der load_ui()-Methode durchsuchen wir die .ui-Datei mit .findChild() nach diesen Elementen und merken sie uns in diesen Slots.\nWir können gleich noch den Quit-Button aktivieren: Aus\nself.button_quit = self.findChild(QtWidgets.QPushButton, \u0026#34;button_quit\u0026#34;) wird\nself.button_quit = self.findChild(QtWidgets.QPushButton, \u0026#34;button_quit\u0026#34;) self.button_quit.clicked.connect(self.quit_pressed) und wir fügen der Ui-Klasse eine Methode quit_pressed() hinzu:\ndef quit_pressed(self) -\u0026gt; None: msg: QtWidgets.QMessageBox = QtWidgets.QMessageBox() msg.setText(\u0026#34;Auf Wiedersehen.\u0026#34;) msg.setWindowTitle(\u0026#34;Auf Wiedersehen.\u0026#34;) msg.setStandardButtons(QtWidgets.QMessageBox.Ok) msg.setDefaultButton(QtWidgets.QMessageBox.Ok) msg.setIcon(QtWidgets.QMessageBox.Information) msg.exec() sys.exit(0) Dies ist zugleich ein Beispiel für das Erzeugen von PyQt5-Elementen ohne QtDesigner: Wir hätten diesen Dialog auch mit dem Designer in eine .ui-Datei speichern können, um sie dann mit uic zu laden. Stattdessen erzeugen wir hier den Abschiedsdialog manuell und rufen ihn dann auf, bevor wir das Programm beenden.\nDieses Teilprogramm ist nun schon lauffähig und zeigt das funktionsfähige Programm mit User-Interface an. Es tut jedoch noch nichts.\nAufgaben generieren Um Rechenaufgaben zu erzeugen und dann feststellen zu können, ob jemand sie richtig ausgerechnet hat, brauchen wir eine Klasse Aufgabe.\nfrom random import randint, choice from typing import List class Aufgabe: op: str = \u0026#34;\u0026#34; a: int = 0 b: int = 0 loesung: int = 0 allops: List[str] def ausdenken(self) -\u0026gt; None: self.op = choice(self.allops) self.a = randint(1, 10) self.b = randint(1, 10) if self.a \u0026lt; self.b: self.a, self.b = self.b, self.a if self.op == \u0026#34;+\u0026#34;: self.loesung = self.a + self.b if self.op == \u0026#34;-\u0026#34;: self.loesung = self.a - self.b def pruefen(self, loesung: int) -\u0026gt; bool: return self.loesung == loesung def __init__(self) -\u0026gt; None: self.allops = [\u0026#34;+\u0026#34;, \u0026#34;-\u0026#34;] self.ausdenken() Die Aufgabe hat die Variablen a, b und op, wobei a und b zwei Zahlen zwischen 1 und 10 sein sollen, und op entweder + oder - sein soll. Um die Subtraktion einfacher zu machen soll a die Größere der beiden Zahlen sein. In der Variablen loesung wollen wir uns die korrekte Lösung der Aufgabe merken.\nWir definieren uns einen Konstruktor, in dem wir auch die Liste der zugelassenen Operatoren in allops vorbelegen: Es ist eine Liste von Strings mit zwei Einträgen: Plus und Minus. Wir rufen von dort auch schon einmal die Methode ausdenken() auf, die sich eine neue Aufgabe ausdenkt.\nIn ausdenken bestimmen wir eine Operation (Plus oder Minus) durch zufällige Auswahl eines Elementes aus der Liste mit choice() und bestimmen zwei zufällige ganze Zahlen aus dem gewünschen Bereich mit randint(). Falls a die kleinere der beiden Zahlen ist, vertauschen wir sie.\nDanach wird die Variable loesung korrekt belegt, in Abhängigkeit vom Operator op.\nDas Prädikat pruefen(loesung) teilt uns mit, ob die vom Benutzer eingegebene Lösung korrekt ist.\nDen Spielstand mitführen Der Benutzer kann nun Aufgaben bekommen und diese lösen. Wir können auch schon feststellen, ob diese Lösung korrekt ist. Wir brauchen aber noch Logik, die die Aufgaben zählt, die korrekten Aufgaben zählt und die uns sagt, ob wir fertig sind.\nWir brauchen Score:\nclass Score: score: int = 0 counter: int = 0 target: int = 10 def correct(self) -\u0026gt; None: self.counter += 1 self.score += 1 def incorrect(self) -\u0026gt; None: self.counter += 1 def done(self) -\u0026gt; bool: return self.counter \u0026gt;= self.target def __init__(self): self.score = 0 self.counter = 0 self.target = 10 Die Klasse zählt in score die korrekten Lösungen mit, in counter werden alle gelösten Aufgaben mitgezählt und in target speichern wir, wie viele Aufgabenrunden das Spiel insgesamt dauert.\nDie Methode correct() wird aufgerufen, wenn der Benutzer eine richtige Antwort eingegeben hat: Wir zählen dann counter und score gemeinsam hoch. Bei incorrect() wird dagegen nur der counter weiter gezählt. Das Prädikat done() sagt uns, ob das Spiel beendet werden kann, weil genug Aufgaben gelöst worden sind.\nAufgaben und Score verkabeln Wir verändern jetzt den Konstruktor unserer Hauptklasse Ui: Dort wollen wir auch einen Score und eine Aufgabe erzeugen. Und statt show() direkt aufzurufen haben wir jetzt eine Methode alles_updaten(), die die Texte der verschiedenen Bedienelemente verändert und dann erst show() aufruft.\nclass Ui(QtWidgets.QMainWindow): aufgabe: Aufgabe score: Score ... def __init__(self): super(Ui, self).__init__() self.score = Score() self.aufgabe = Aufgabe() self.load_ui() self.alles_updaten() Und alles_updaten() sieht nun so aus:\ndef set_aufgabe(self) -\u0026gt; None: self.label_a.setText(str(self.aufgabe.a)) self.label_op.setText(str(self.aufgabe.op)) self.label_b.setText(str(self.aufgabe.b)) title = f\u0026#34;Aufgabe {self.score.counter+1}/{self.score.target}\u0026#34; self.group_aufgabe.setTitle(title) self.fortschritt_richtig.setValue(self.score.score) self.fortschritt_total.setValue(self.score.counter) def set_statusbar(self) -\u0026gt; None: status = f\u0026#34;Aufgabe {self.score.counter}/{self.score.target}, {self.score.score} richtig.\u0026#34; self.statusbar.showMessage(status) def alles_updaten(self) -\u0026gt; None: self.set_statusbar() self.set_aufgabe() self.show() Wir aktualisieren also das statusbar Element in set_statusbar() und die Aufgabenanzeige in der Groupbox in set_aufgabe().\nIn set_statusbar() erzeugen wir den gewünschten Text durch Auslesen des Score und rufen dann showMessage() für die Statusbar auf.\nIn set_aufgabe() verändern wir die Labeltexte von label_a, label_op und label_b durch Aufruf ihrer setText()-Methoden. Wir aktualisieren den Titel der Groupbox durch den Aufruf von setTitle() in der Groupbox, und wir setzen die beiden Fortschrittsbalken so, daß sie die Werte aus dem Score korrekt übernehmen. Das macht die Methode setValue der ProgressBar.\nJetzt haben wir ein Programm, das nicht nur die UI lädt und anzeigt, sondern auch schon eine Aufgabe ausdenkt und korrekt anzeigt.\nBenutzereingabe und Reaktion Wir müssen jetzt auf Benutzereingaben reagieren. Das passiert, sobald der Benutzer den Knopf \u0026ldquo;Antworten\u0026rdquo; betätigt. Wir brauchen also eine Methode auswerten() in Ui und müssen diese mit dem Knopf verbinden.\nWir wollen ausdrücklich nicht, daß beim Verlassen der Editbox etwas passiert - nur der Knopf soll Funktionen auslösen. Darum verkabeln wir feld_antwort nicht direkt (wir könnten editingFinished() verkabeln, wenn wir das wollten).\nDie Methode:\ndef auswerten(self) -\u0026gt; None: loesung: int text: str text = self.feld_antwort.text() if text is None or text == \u0026#34;\u0026#34;: return try: loesung = int(text) except ValueError: return if self.aufgabe.pruefen(loesung): self.score.correct() ergebnis = f\u0026#34;Deine Lösung: {loesung}. Das war richtig.\u0026#34; else: self.score.incorrect() ergebnis = f\u0026#34;Deine Lösung: {loesung}. Richtig wäre: {self.aufgabe.loesung}.\u0026#34; self.label_richtig.setText(ergebnis) self.feld_antwort.setText(\u0026#34;\u0026#34;) self.alles_updaten() if self.score.done(): self.quit_pressed() else: self.aufgabe.ausdenken() self.alles_updaten() } Wir lesen die Benutzeringabe aus dem Antwortfeld mit text() aus. Sie kann leer sein, dann ignorieren wir sie.\nDanach versuchen wir diese Eingabe in eine ganze Zahl umzuwandeln. Wenn das nicht gelingt, ignorieren wir die Eingabe ebenfalls.\nSchließlich rufen wir pruefung() in unserer Aufgabe-Klasse auf. Wenn die Antwort richtig war, erzeugen wir einen passenden Ausgabestring und zählen den Score als correct(). War sie falsch, erzeugen wir den anderen Ausgabestring und zählen den Score als incorrect().\nIn jedem Fall setzen wir den Ausgabestring in das Label label_richtig und löschen das Eingabefeld. Danach aktualisieren wir das Userinterface durch Aufruf von alles_updaten().\nFalls der Benutzer ausreichend viele Aufgaben gelöst hat, beenden wir das Programm als wäre Quit gedrückt worden. Andernfalls denken wir uns eine neue Aufgabe aus und zeigen sie an.\nDer Knopf \u0026ldquo;Antworten\u0026rdquo; muß nun ebenfalls verkabelt werden: In load_ui() passen wir die Zeile\nself.button_loesen = self.findChild(QtWidgets.QPushButton, \u0026#34;button_loesen\u0026#34;) also zu\nself.button_loesen = self.findChild(QtWidgets.QPushButton, \u0026#34;button_loesen\u0026#34;) self.button_loesen.clicked.connect(self.auswerten) an.\nFertig! Schließlich können wir in quit_pressed() noch die Dialognachricht anpassen, um einen Endscore anzuzeigen:\ndef quit_pressed(self) -\u0026gt; None: msg: QtWidgets.QMessageBox = QtWidgets.QMessageBox() msg.setText( f\u0026#34;Von {self.score.counter} Aufgaben waren {self.score.score} richtig.\u0026#34; ) msg.setWindowTitle(\u0026#34;Endergebnis\u0026#34;) msg.setStandardButtons(QtWidgets.QMessageBox.Ok) msg.setDefaultButton(QtWidgets.QMessageBox.Ok) msg.setIcon(QtWidgets.QMessageBox.Information) msg.exec() sys.exit(0) Nach dem Starten kann der Benutzer jetzt Aufgaben sehen, eine Lösung eingeben und den Knopf \u0026ldquo;Antworten\u0026rdquo; drücken. Das Programm wertet die Eingabe aus, zählt die Ergebnisse und bewegt die Fortschrittbalken. Nach 10 Eingaben gibt es ein Endergebnis aus und beendet sich.\nDer vollständige Quelltext ist auf Github zu finden .\n","date":"2021-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2021/02/28/rechenaufgaben-loesen.html","tags":["lang_de","python","schulung"],"title":"Rechenaufgaben lösen"},{"categories":null,"content":"When you insert data into a database and run COMMIT you expect things to be there: Atomically, Consistent, Isolated and Durable , like Codd commanded us 40 years ago, but also quickly. There is a surprising amount of sophistication being poured into this, but since I do not want to shame MongoDB and Redis developers in this post, I am not going to talk about that much in this place.\nWe are instead trying to understand what our databases are doing all day, from the point of view of the storage stack.\nThat Brendan Gregg Graphics\nHere is your performance tooling (sans EBPF) as shown by Brendan Gregg in various iterations. We are interested into the various blues in this graphic, VFS and downwards. The most detailed information of what goes on in the blue stack is given by blktrace. It’s an I/O request recorder.\nUnfortunately, blktrace tooling sucks big time. You have the choice between blkparse, iowatcher and seekwatcher, and they either give you unappealing and hard to read ASCII dumps, or are hard to use and abandoned to boot. A colleague threw Workload Analytics around. And with that you can actually see what goes on.\nSo, let’s have a look.\nWorkload Classes When you go to our Grafana, and ask nicely, you can basically divide our databases into three load classes: “200 commit/s”, “2000 commit/s”, and “20.000 commit/s”, so “low write load”, “busy write load” and “should be thinking about what they are doing really soon” write load.\nI am using representatives from every workload class to point out a few things.\nBut what about Reads? Amazingly, at work we do not really care much about disk reads from databases.\nWe build our databases, especially customer facing databases, in a way that we try to hold the working set of the database in memory.\nThe “working set” of anything is the set of things that you will be needing in the near future. Unfortunately, predicting the future is hard, so what we define as the working set instead is “the set of things that we have most recently used and are therefore hoping to use in the near future again”, which works reasonably well until there is a change in workload pattern.\nIn our databases, the “anything” that matters is a 16 KB database page as it resides in the InnoDB Buffer Pool. So what we do is simple: We spend money on memory, warm up the InnoDB Buffer Pool and then serve data from memory. We can prove that works: InnoDB can do point reads from memory at memcache speeds, which is why we don’t use much of memcache and Redis in the first place – they don’t help.\nWe can also capacity test our databases, and we will find that as we increase the load the number of disk reads does not go up. Data is served from memory, and not from disk.\nSo what we care about is disk writes. They are the same on every instance of a replication chain, because of the shared nothing architecture of replication: Each chain member must apply the same set of changes from the primary down to all leaf replicas.\nThe Write Model On Commit, we write out 1 KB (or more) of Redo-Log. The write happens with O_DIRECT to XFS, and there is a lot of thought that goes into these few words.\nBecause it is O_DIRECT, the write already writes to disk. There is no need to fsync() or fdatasync() or anything else.\nO_DIRECT writes also bypass the file system buffer cache, which is good, because then there is less memory pressure and less risk of paging out the database server. Usually when that happens (memory pressure forces paging on mysqld), you die a horrible and hard to debug death in latency problems and SLO violations.\nWe use XFS. XFS on the average takes twice as long as ext4 to write data to disk, but XFS always takes the same amount of time to write data – it has been specifically designed in a way that there is very low jitter. ext4, on the other hand, is known to have downspikes and large commit wait times every few seconds, and that is really, really bad when you run at 10.000 queries/s.\nXFS also is capable of having multiple concurrent writers on a file when the file is open with O_DIRECT. Unlike all other Linux File Systems, it does not lock the file’s in-memory inode globally to guarantee atomic writes in this case. Such a feature is very dear to database people.\nThe Commit is what users have to wait for. When it is done, the database can do the real data write later, often much later, and in the background. So what we really care for is the actual commit latency.\nThe real write happens later, in the Checkpoint. What happens is complicated enough to justify a writeup of its own . But, to make it short, we write data to the Doublewrite Buffer in a few very large linear writes as protection against torn pages, and then we writev() a scatter I/O of 16K pages to update in place.\nThis is different from Postgres, and enables us to avoid costly vacuum runs. We make an assumption here, and that is: Rollbacks are rare (and expensive in MySQL).\nThe Test Write Model All that complexity is basically nonsense for benchmarking.\nIf you want to know if a thing can run MySQL, and how well, you simply randwrite 16KB pages in O_DIRECT and see what happens. That’s a gross simplification compared to above, but holds up surprisingly well as a model for predicting MySQL speed and capacity.\nThe 200 Commit/s Class In order to see what real databases do to their disks, I went to the chosen representative for the 200-class and blktrace’ed it.\nIt turns out that you can’t blktrace a single disk database machine, because the disk writes from the blktrace will mess up the metrics from the database. It also turns out that systemd mounts a 12GB ramdisk as /run/user/\u0026lt;uid\u0026gt; that can hold a 10 minute blktrace with no problems.\nWhen we feed that trace to Workload Intelligence, we get this:\nThe low red line is the 200 IOPS baseline load. Turns out, there are spikes, up and past 2000 IOPS.\nThe first thing we learn: Kris is right. There are no reads.\nThe second thing we learn: 200 IO Operations per Second it may be, but there are spikes, up to and past 2000 IOPS even. They are not long, but they happen often enough.\nSo how long does it take to write to disk? Well, there is no disk. There is Flash Storage, and it does not even have a disk interface any more – it sits directly on the PCI bus. A Flash drive that is directly on the PCI bus is called NVME instead of SSD (it is otherwise the same drive).\nMost of the time there is very little wait.\nFlash is not fast, but NVME is: The drive not only has flash, it also has (large capacitor buffered) non-volatile memory it uses to buffer write and rearrange things in the background. It also has its own ARM processor with its own operating system.\nSometimes we have to wait a bit, but most of the time it’s really, really fast. How fast? We need to go deeper:\n30µs or 0.03ms is the time it takes to write to memory over the PCI bus.\nWhen we talk to the remote NVRAM on the other side of the PCI bus, it takes 30µs, or 0.03ms. As long as we do not overwhelm the NVRAM buffers of the drive, we have a 30µs commit latency on local memory.\nAnother number, which will come in handy later, is the time to cross our entire network stack within the same data center: That’s around 6 switches and routers, and it will add another 60µs to any round trip across the network in the best of all cases. So a remote flash drive never can be faster than around 100µs or 0.1ms.\nWhere do the writes go? We can plot the Linear Block Addresses and see:\nLBA over time. See the position of the log files, and the checkpoints.\nWhen you plot “addresses written to over time”, you will see that there is a bunch of blocks that get written to again and again. These are the various logs and write buffers the database uses.\nThe drive internally has a flash translation layer (FTL), which makes sure that these block rewrites are actually distributed across all the positions in the flash you have. This kind of Wear Leveling makes sure the drive actually can live 7-10 years before the flash wears out.\nThe SD card or USB memory stick you are using in your local Raspi does not have that, and neither has the on board flash in the entertainment module of your Tesla. That is why they fail rapidly as actual fixed blocks of flash are being rewritten a few thousand times. Use a proper drive with a proper FTL and that does not happen.\nIn the graphics above you can also see the checkpoints scatter writes happen, and you can see how they are spaced apart widely, many tens of thousands of transactions. Checkpointing allows the database to aggregate changes in in-memory pages (and the log, for persistence). All that complexity is actually saving you disk writes!\nFlash does not have a single write head as disk drives do. They are not forced to do things sequentially, but in fact all the various chips in your drive can do things concurrently. Deep disk write queues are necessary to keep all these channels fed for NVME, while they are poison of SSD and HDD.\nQueue Depth over time\nA low concurrency hierarchy such as this one is not even touching the true write potential of a single NVME: A single drive can do 20.000 disk writes per second, sequentially in a single thread, if you are pushing really hard, but it can do 800.000 disk writes per second if you are feeding it with sufficient concurrency.\nThese are two other important numbers to keep in mind. They are the reason why “IOPS Quotas” should be a thing of the past – it is impossible for any reasonable workload to actually exhaust a single NVME drive, and distributed storages usually have hundreds of them.\nLet’s have a look at the latency diagram from above, again, and check the distribution of completion times in a Latency Histogram. It tells us how prevalent slow writes are over the observation window:\nIt\u0026rsquo;s called Flash for a reason.\nSo even with these curtains in the latency over time diagram, we can see that 90% of all writes happen in the 30µs window, and there are noteworthy amounts of writes in the \u0026gt;100µs class (they do exist, but they are so rare, they do not show up in the histogram).\nWrite sizes over time:\nWrite sizes: Loads of small writes\nWe can see that the grossly simplified 16 KB Randwrite model is actually not wrong, even if it is an oversimplification. Modelling more precisely does not significantly impact predictive performance, though, and this way it’s only a few lines of fio to get data.\nSo that’s our tour of the 200-class from the underside – this is how your storage sees your commits.\n2000 Commit/s Class I chose this particular database as a member of the 2000 Commit/s Class, also because it is the oldest and wildest of the database replication hierarchies that we have. At a time it was our performance bottleneck and was running over 20.000 queries/s with spikes into the 32.000, and with the hardware of that time that was not stable at all.\nWe are much better now. I am not missing the old times at all.\nIOPS over time, 2000 with Spikes to 5000.\n»Yes, Kris, we know about your “Look, Mom, no reads” already!«\nTrue, but see, even a big and old monster such as this one can live with the working set in memory, completely. You, too, can be a successful database performance consultant: Say “Buy more memory!” and “There is an index missing” as needed (add “That’s going to be expensive”, if you work for SAP or Oracle).\nOur Write Queues are more busy.\nA quick look at the Write Queue Depth over Time: NVME loves this.\nWrite Latencies from the helicopter looks a bit worrysome:\nThese 5ms Curtains, how dense are they compared to the baseline?\nWe can zoom in: They are not bad.\nWe can see horizontal latency bands at fixed latencies. They expose internal structure of the Flash storage that I have not enough knowledge of. Grumble!\nWe do see dark green, fixed bands of latency layers at 30µs, 120µs and 220µs. The higher layers show a repeating pattern over time. These are shenanigans of the FTL that are visible as delays to external users, but they are way below any critical level. I do not know enough about flash internals to explain these things, and that bothers me. A lot.\nThey are also visible in the latency histogram:\nOur 30µs, 120µs and 220µs bands as bumps in the histogram. Anything below 500µs is probably immaterial in terms of worry.\n20.000 commit/s class The chosen example is a database as a queue , that logs changes from one data set for processing and creation of a materialized view in another data set. It is an example of CQRS in Fowlerspeak.\nIt is also very busy.\nDuring the sampling, 2500 baseline, with spikes up to 7500.\nDuring the sampling, they ran at 2500 commit/s, with spikes up to 7500. The hardware will do up to 20.000 with them, and at times the queue will do as well.\nSo what can NVME do for us?\nQueues in our Queues!\nTurns out, writes to a Queue Databases keep the Queues to the NVME busy to their fullest potential.\nIs that bad for latency?\nLatency Curtains for Writes\nWell, if you kept up to this point you are probably not surprised to see write latency curtains, and you will probably also be seeing that they mirror the queue depth changes without me pointing that out specifically.\nLet’s zoom in a bit:\nWe do see the curtains under the microscope, true, but look at this dark green band of fast writes below all of this.\nAs you can see in the dark green band of fast writes below all of the curtains, the FTL of this particular drive is kept well busy. It is also worth it’s money - no gross delays due to internal reorg is what you get when you pay for enterprise flash instead of home equipment.\nAs a histogram:\nBy far the most writes are still to NVRAM drive-side. Above 0.25ms we are basically clean.\nSmooth customer experience, even with an abusive customer such as this queue-database – bring it on, we can take your writes.\nHistograms are fun, by the way. We can for example count disk writes per block address:\nWe basically always change the same few pages.\nIn a database as a queue, if all works well, the tables change a lot, but never grow. There are very few actual data pages that make up the small queue table, but very many inserts and deletes. We have to persist them to disk to be ACID, in the log. But there is hardly any need to checkpoint, and even then it’s very few full pages to write out.\nHere you can see how much log writes dominate checkpoints in this extreme scenario.\nIf you made it this far, welcome and get your storage nerd badge at the counter.\n","date":"2021-02-25T00:00:00Z","href":"https://blog.koehntopp.info/2021/02/25/mysql-from-below.html","tags":["lang_en","mysql","database"],"title":"MySQL from Below"},{"categories":null,"content":"Where I work, we try to run databases in a memory saturated way. That is, we try to provide so much memory that the working set of the database is memory resident, or in other words, the number of disk reads after an initial warmup is no longer dependent on the database load.\nWorkload Intelligence Analytics showing \u0026ldquo;IOPS over time\u0026rdquo; for a mixed read/write benchmark on Datera iSCSI.\nWe can validate and prove that with automated load testing: For each replication chain we single out a production host, and increase the hosts weight in the load balancer until the system load1 becomes critical. Observing the system behavior in the load test, we see the select rate load go up, but the disk reads stay largely unchanged.\nWe usually terminate an automated load test when around 3/4 the number of cores in the system are busy, or when the relevant accounts query latency goes out of bounds. We record the system performance at bailout, and with appropriate margins use this as a scale factor for predictive autoscaling.\nWe have found reactive autoscaling to be unsuitable for databases, but that is another story.\nAll of this is on completely autoprovisioned baremetal blades. Baremetal provides extremely little jitter in performance: There is no crosstalk from storage that is local, and there is no crosstalk from memory or CPU, because you are fundamentally alone on the box.\nIn a virtualized environment this changes. You gain the ability to buy and run much fatter machines, and to provide smaller database instances for services, but you need to run with distributed storage and have to live with potential crosstalk from shared infrastructure.\nSo I am at the moment validating various storage systems for MySQL needs.\nWorkload characteristics as fio config I can classify my database production chains basically by write load: Read load is usually not relevant - it is drowned by local buffer pool, or by the distributed storage systems cache mechanisms.\nWhen it is not, it is what it is, because it is too large for anything.\nSo my benchmark is the classical MySQL \u0026ldquo;16 KB random write is an excellent predictor for your machineries performance\u0026rdquo; benchmark. I can divide my customers into \u0026ldquo;200 commit/s\u0026rdquo;, \u0026ldquo;2000 commit/s\u0026rdquo; and \u0026ldquo;whatever the machinery can provide\u0026rdquo; classes, and this results in a small fio configuration.\nEach section is run individually, sequentially:\n[global] size=800g filename=fio.0 directory=/a/fio fadvise_hint=0 blocksize=16k direct=1 runtime=600 ioengine=libaio time_based [w1q1-200] rw=randwrite numjobs=1 iodepth=1 rate_iops=200 rate_process=poisson [w1q1-2000] rw=randwrite numjobs=1 iodepth=1 rate_iops=2000 rate_process=poisson [w1q1-unlimited] rw=randwrite numjobs=1 iodepth=1 [w1q2-200] rw=randwrite numjobs=1 iodepth=2 rate_iops=200 rate_process=poisson [w1q2-2000] rw=randwrite numjobs=1 iodepth=2 rate_iops=2000 rate_process=poisson [w1q2-unlimited] rw=randwrite numjobs=1 iodepth=2 [w8q1-200] rw=randwrite numjobs=8 iodepth=1 rate_iops=200 rate_process=poisson [w8q1-2000] rw=randwrite numjobs=8 iodepth=1 rate_iops=2000 rate_process=poisson [w8q1-unlimited] rw=randwrite numjobs=8 iodepth=1 [w8q2-200] rw=randwrite numjobs=8 iodepth=2 rate_iops=200 rate_process=poisson [w8q2-2000] rw=randwrite numjobs=8 iodepth=2 rate_iops=2000 rate_process=poisson [w8q2-unlimited] rw=randwrite numjobs=8 iodepth=2 In the [general] section I provide the parameters common to all benchmarks: I mount my storage into /a and create /a/fio as a test directory.\nWe are using the XFS file system, because we have found the commit performance in ext4 to be highly jittery: While the best case commit in ext4 is almost twice as good as in XFS, there are inexplicable sync pauses every now and then that lead to three digit ms downspikes in performance, and they ruin the MySQL experience. With XFS we get one single, fixed commit rate with almost no jitter: Stable plannable performance \u0026raquo; good peak performance!\nIn this example I am running relatively short 600s test runs, which is not suitable for a validation - they need to run an hour or longer, each, because some storage systems show phase changes after long run times. They are suitable for quick testing to zoom in into interesting scenarios, though.\nI am working with direct io (direct=1) and the MySQL 16 KB blocksize on an 800 GB test file, using the libaio engine, which mirrors the MySQL use of the system pretty well.\nAll my test scenarios are using the same schema: randwrite of said 16 KB blocks, in either a single thread or with 8 threads. I am setting a queue depth of 1 or 2, to get worst case and best case performance estimates. For the rated tests, I am setting an rate_iops of 200 or 2000 and observe the latency behavior, and there is always also an unlimited test to establish saturated behavior. Basically, I want to estimate runway length for abuse cases.\nCollecting test data I am running all of that with an ugly ad-hoc driver script that runs each test case recording the fio output, the iostat output during the run and running the test under a blktrace -d /dev/$device -D . -a issue -a complete.\nThe blktrace can later be fed to Oakgate Workload Intelligence . This is an analyzer that feeds on blktrace and other input and plots device behavior over time, generates histograms and generally gives insight into storage behavior. The system can also use recorded workloads from real world applications and replay them for synthetic benchmarks to be run on new storage systems.\nThe ugly little bash driver, which will soon be a proper piece of Python:\n#! /bin/bash # drive under test drive=sdb fio=$HOME/fio.cfg # yes, ugly pause=3 jobs=$(awk \u0026#39;/\\[/ \u0026amp;\u0026amp; ! /\\[global\\]/ { print substr($0, 2, length($0)-2); }\u0026#39; $fio ) mkdir $drive cp fio.cfg doit $drive for i in $jobs do echo \u0026#34;Running Job $i $(date)\u0026#34; # make a working dir, and run blktrace and iostat in it [ -d $drive/$i ] \u0026amp;\u0026amp; rm -rf $drive/$i mkdir $drive/$i until [ -n \u0026#34;$blktrace_pid\u0026#34; ] \u0026amp;\u0026amp; sudo kill -0 \u0026#34;$blktrace_pid\u0026#34; do ( cd $drive/$i; sudo blktrace -w 700 -d /dev/$drive -D . -a issue -a complete ) \u0026amp; blktrace_pid=$! sleep $pause done ( cd $drive/$i; iostat -x -k 10 \u0026gt; iostat.log ) \u0026amp; iostat_pid=$! echo \u0026#34;Blktrace: ${blktrace_pid} Iostat: ${iostat_pid}\u0026#34; sleep $pause fio --section=$i $fio | tee $drive/$drive-$i.run sleep $pause kill ${iostat_pid} sleep $pause pkill iostat while sudo kill -0 $blktrace_pid do echo \u0026#34;Blktrace $blktrace_pid still running.\u0026#34; sleep 1 done sleep $pause ( cd $drive; tar cvzf $i.tgz $i ) rm -rf $drive/$i done I end up with a directory named after the drive under test, containing the entire description of the test environment, plus subdirectories for each scenario, containing all recorded data. I can tar that up and carry it home for analytics.\nExample graphs I am mostly interested into the behavior of the system along \u0026ldquo;IOPS over time\u0026rdquo;, \u0026ldquo;Latency over time\u0026rdquo; and \u0026ldquo;Latency histogram\u0026rdquo;.\nLooking at the unconstrained, single threaded, queue depth=2 cases I get a relatively representative quick overview over the result:\nCeph has a commit latency of around 1.1ms, which at a queue depth of 2 results in around 1800 IOPS. Datera has a commit latency of around 0.17ms, which results in around 9000 IOPS, but with nasty downspikes to some 6500ish IOPS.\nThe benchmark is a bit unfair, because we compare an extremely large and extensively optimized Ceph production cluster against a 3-node minimal out-of-the-box Datera. The Datera produces a number of nasty downspikes, which would not happen in a tuned and larger production cluster. It can already be seen that the Datera has an almost, but not quite, 10x advantage in commit latency.\nIt can also be somewhat seen the Ceph driver can leverage multiple queues (and that is confirmed in other benchmarks): It should produce around 900 IOPS at 1.1ms commit latency, but at a queue depth of 2 it produces 2x that.\niSCSI cannot do that out of the box: We need to install blk-mq and see what that does, or use something that does NVME over Fabric over TCP instead. Both these things have multiple queues, and would also be able to take advantage of deeper queues to NVME backends.\nMore work would have to go into building out the Datera cluster, and configuring it properly to properly show its real strength, but already it wipes the floor with the Ceph with respect to commit latency.\nIt also shows that the Ceph can carry the \u0026ldquo;200 commit/s\u0026rdquo; workload class without problems. One will have to make compromise with runway length (\u0026ldquo;Time for warning and migration when workload grows\u0026rdquo;) and with replication delay and catchup SLOs - customers will either have to accept more delay and longer catchup times, or accept that the cluster will run in YOLO mode in catchup (innodb_flush_log_at_trx_commit=2 until replication has caught up).\nThere is probably little chance to run the \u0026ldquo;2000 commit/s\u0026rdquo; workload class in a stable way on Ceph, until one can make guarantees about queue depths and parallel writes.\nBoth systems max out at around 20000 commit/s when run in their respective \u0026ldquo;ideal\u0026rdquo; mode, which happens to be the commit latency to a single flash drive.\nInterestingly, NVME does not matter much here : NVME can offer 40x more IOPS than SATA SSD, but individual commits will still be at about the same speed as with SATA. You need 40x parallel access to eat all the buffet on offer.\nTo drive Ceph to 20.000 IOPS, you will have to run 16 threads at a queue depth of 2 (or 32 threads at queue depth 1) consistently, feeding all the driver queues in parallel. This is not a kind of workload a transactional system can easily produce.\nTo drive Datera to 20.000 IOPS, two or three threads running unlimited will suffice. This is still hard on a transactional system, but a doable challenge.\nWhile the recommendation is clear (\u0026ldquo;Use Datera over Ceph for transactional distributed storage\u0026rdquo;), it is interesting to see how Ceph has matured and does no longer completely suck at doing small transactional workloads.\n","date":"2021-02-24T00:00:00Z","href":"https://blog.koehntopp.info/2021/02/24/validating-storage.html","tags":["lang_en","mysql","database"],"title":"Validating storage"},{"categories":null,"content":"The DBA experience at work suggests that every single schema at some point in its lifecycle holds a queue table. These are tables in which some processes (the “producers”) put rows, which a swarm of other processes (the “consumers”) lock and consume.\nA variation on that theme is the state machine, in which jobs are placed by producers. Consumers do not immediately delete them, but update them a few times to indicate processing progress, before the rows are ultimately being deleted.\nAnother variation is using the search and sort capabilities of the database to fetch jobs from the queue out of order (“queue with lookahead and selective de-queueing”), while still maintaining the exactly-once semantics.\nUsing a database as a queue can be ok-ish Using a database as a queue is not wrong, up to a point:\nYou get ACID semantics. That means your updates are atomic and isolated, transactional, and they are durable, persisted to disk. This makes it possible to build queues with “exactly once” execution semantics, which is a thing developers like a lot. You already have a database handle, and you already understand your ORM, so you do not have to pile on more dependencies, and you do not need to learn additional technologies. Now, once you pass “the point” in that “up to a point” phrase, things get nasty:\n“Exactly once” semantics are really expensive to implement: They require that each insert, delete or update is associated with a transaction, which in turn is associated with a disk write.\nYou get to enqueue, dequeue and state change your things exactly as quickly as a single server can flash its disk lights, and in the next step, as quickly as your replication hierarchy can pass on things downstream.\nOn bare-metal, that costs you a bit, but because bare-metal gives you awesome amounts of capacity with very little jitter for very reasonable amounts of money, we can bear quite a bit of this work.\nIn the cloud, using a database-as-a-queue is approximately equivalent to pouring petrol on money and throwing a match. It is the wrong technology for that kind of workload in that environment from the get-go.\nNot using databases as queues Replayability One specific property of the above setup that is expensive, and hard to reproduce outside a transactional database is the exactly-once thing. “At most once (maybe never)” or “at least once (maybe multiple times)” are alternative queue semantics that are much cheaper to implement, because they allow you to get rid of disk writes, and also of many disk seeks.\nKafka for example gives you “at least once”: You get to consume a stream, and you can jump backwards and re-consume what you already saw, in order, no searching. The jump backwards is possible for a small window of a few hours or a day, or whatever other deal you can make with the Kafka team.\nReading the same item multiple times is not a problem if the jobs in the queue are idempotent, that is, replayable.\nNot replayable are relative updates: “set x = x + 1”, “add an order to the table, give me the ordernumber”.\nReplayable are absolute updates: “set x = 7” (you read 6, did the math and enqueued 7), “add order 17372 to order table” (you made an order number beforehand and push the order into the queue with an already fixed identity).\nBasically, to make things idempotent, you need to give them either fixed identities so that you can remember if you saw things before, or you need to make the writes absolute instead of incremental, or both.\nSo if you find a way to group your jobs into transactions, and make all individual operations in your transaction replayable, you could push the entire stream through Kafka, and it would be cheaper. Much cheaper, in fact, in a cloud environment.\nRe-queuing and sorting If you use a queue table with selecting and sorting (“queue with lookahead and selective dequeueing” from above), you can look into consuming a block of things from your input queue and splitting them into multiple streams or different topics, or maybe sort them and re-queue them.\nSo basically, instead of pushing things into a single queue and then grabbing items out of order, you can consume the input in blocks, perform your intermediate selection and sorting process and them push to multiple outputs.\nAgain, the result can ride on Kafka instead of MySQL and would be more cloud-compatible.\nRe-queuing updates For the state machine use-case you would have to solve writing updates to a base record, before it is finally consumed in total. Your state machine would be eating one item from the input, perform the associated action, and then push the updated record back into the same, or a different queue.\nWhat if I don’t? Undo-Log woes In A Blast From The Past we see what happens to MySQL with long-running transactions, and in MySQL Transactions we discuss what goes on internally in the database when we do transactions, and especially how that can be painful if these transactions are long-running.\nNote that any database will at some point in time have long-running transactions, even if your code does not. Database maintenance operations such as cloning replicas or making backups can do that without interruption only by maintaining a read view, which leads to Undo-Log explosion.\nSo queue-as-a-database will eventually explosively grow the undo-log, or individual tables, and disk space from these structures is hard to reclaim by the operating system. You will run at some point in time into disk space problems from churn, even if the absolute amount of data is small. Binlog woes and Replication Delay\nIn a replicated MySQL changes to any table (also queue tables) are written to the binlog, which is being kept for a few days for point in time recovery and for replication. This uses disk space.\nNote that any write is binlogged, even deletes. So when you delete data, you have less disk space (because deletes are binlogged), until after a few days the binlog is purged.\nThe binlog is being consumed by replicas as close to realtime as possible. But if you write too much, again, it is possible to overwhelm the replicas, and you will experience replication delay.\nIf your producers write to the replication primary, but your consumers read from the replicas, replication delay will add additional latency. You will be unhappy (and see Kafka, above).\nThis is per-instance It is also important to remember that this is per-instance, not per-table, and also not per-schema. The purge thread looks at transactions, not at schemas or tables. In a transaction, a number of changes to the instance can happen, atomically.\nSo imagine a shared mysqld process that has 1000 customers with different schemas, all of them unrelated, and one of them opens a transaction and keep it open for four hours. The purge thread will stop for all the customers, because in theory it is possible to have a single transaction that spans all 1000 customer’s schemas.\nThe undo-log will grow out of bounds, and all 1000 customers will experience slow queries.\nThis is how you denial-of-service a shared MySQL with no effort or expense at all.\nWhat should I do? And what is the limit? As a developer, you want to write an application and get it going without piling on a lot of dependencies or learning too many technologies, or dealing with limitations such as unreliable or repeated queue deliveries.\nMySQL can deliver such things, up to a point.\nThat is okay for a prototype. If you implement queues, state-machines or other rapidly writing structures in a MySQL, you should monitor transaction volume and prepare an escape strategy early, and implement that in time. Tech debt is okay, if it is managed properly.\nAs a benchmark, and for comparison: At this point in time, one specific application at work processes around 7-10 million auto-increment values per replication hierarchy per hour, with several updates per row. That is where we run into operational toil due to pushing the envelope. That is around 3.000 new rows per second, and a multiple of that with updates. An unconstrained bare-metal SSD can do around 20.000 commits per second in hardware. That is why we run into operational toil with 3.000 new rows (with multiple updates per rows) per second with said application. Our replication assumes around 2.000 transactions/s as minimum capability. We can batch up some things and apply them in parallel, if the transaction structure allows that. That is why replication does not lag, even if the primary does more than 2.000 txn/s. How much parallel replication can help here is completely dependent on the ordering constraints imposed by the transactions themselves. In the cloud, the limits are likely to be much lower, depending on instance and volume sizes chosen, and going there is a solid cost item.\nYou will need to look at things with a much sharper lens.\n","date":"2021-01-28T00:00:00Z","href":"https://blog.koehntopp.info/2021/01/28/database-as-a-queue.html","tags":["lang_en","mysql","mysqldev"],"title":"Database as a Queue"},{"categories":null,"content":"When people ask for my mail address, they usually get a personalized address from me. That is particularly true for all commercial email. So you don\u0026rsquo;t get to send mail to my main account, but to kris-yourbusiness@koehntopp.de , and that will end up going into INBOX.special.yourbusiness. At least until it leaks, receives spam or is otherwise burned. In which case I will short it out and route all incoming mail on that address to /dev/null. Here is how it is done.\nMailer setup I run exim and in my exim.conf I have\nkris_virtuserfile: driver = redirect domains = +kris_domains local_part_suffix = +* : -* local_part_suffix_optional headers_remove = X-local-part-suffix headers_add = X-local-part-suffix: ${original_local_part} owners = kris allow_fail allow_defer data= ${lookup{$local_part@$domain}dbm*@{/home/kris/Exim/virtusertable.dbm}} The important part here is the local_part_suffix = +* : -*. This enables amending the local part of a mail address with an extension. So if kris is a valid local user for delivery, kris-yourbusiness and kris+yourbusiness become valid addresses, too, and will be delivered to the local user kris.\nI define local_part_suffix_optional, because unfortunately for legacy reasons the actual local user must remain reachable for legacy reasons.\nI also define header_remove = X-local-part-suffix to remove this particular X-header from all incoming mail, and then add it back with X-local-part-suffix: ${original_local_part}. This will prevent external mail with a hand-crafted fake X-local-part-suffix header from coming through, and then preserve the original local part for sorting, in exactly this X-header line.\nFrom this config we get the following behavior: kris-yourbusiness@koehntopp.de is being delivered to the local user kris, and with an X-local-part-suffix: kris-yourbusiness header line added to the mail. Note that we get kris-yourbusiness, and not yourbusiness in this header line.\nLocal delivery Local delivery is controlled by the local user, kris. Kris happens to have defined a .forward such as\nkris:~ $ cat .forward |/usr/bin/procmail This will invoke procmail for local delivery. procmail is a rule based local delivery agent with a horrible Syntax.\nYou can define variables, and later refer to them using $ as a prefix. Rules start with a :0, and consist of a Regex for header lines, plus a delivery action (usually a folder name for Maildir format, so make sure it ends in a slash).\nThe other important but obscure piece of information is that the exit code of procmail defines the delivery success, and controls the mailer behavior. So checking in the obvious place (/usr/include/sysexits.h, of course!) you learn:\nkris:~ $ cat /usr/include/sysexits.h ... #define EX_NOINPUT 66 /* cannot open input */ #define EX_NOUSER 67 /* addressee unknown */ #define EX_NOHOST 68 /* host name unknown */ ... We remember that the magical number 67 as an exit code makes exim bounce mail with user unknown.\nThe end result:\nkris:~ $ cat .procmailrc PATH=/bin:/usr/bin:/usr/local/bin MAILDIR=$HOME/Maildir LOGFILE=$HOME/Procmail/procmail.log DEFAULT=$HOME/Maildir/ BOUNCE=/dev/null SPAM=$MAILDIR/.spam TRASH=$MAILDIR/.system.trash BOUNCELOG=$MAILDIR/.system.bounces # Subrule to define a \u0026#34;user unknown\u0026#34; bounce, as an example. # Subrule, because we also record the bounce in the bouncelog folder. :0 * ^X-local-part-suffix: kris-macheist { EXITCODE=67 :0 i $BOUNCELOG/ } # Rule to route mail to the trash folder :0 * ^X-local-part-suffix: kris-bitly $TRASH/ # all mail to kris-yourbusiness goes to INBOX/.special.yourbusiness, # which becomes the INBOX.special.yourbusiness folder. # # We use sed and tr, this could be more efficient. Basically, we clean # up unwanted characters and transform to lower case. :0 * ^X-local-part-suffix:.*kris-\\/[^@]+ $MAILDIR/.special.`echo $MATCH | sed -e \u0026#39;s!([^)]*)!!g\u0026#39; -e \u0026#39;s![^a-zA-Z0-9_-]!_!g\u0026#39; | tr A-Z a-z`/ # Filter through spamc :0fw | /usr/bin/spamc # If spam detected, deliver to different folders depending on score :0 * ^X-Spam-Level:.*\\*\\*\\*\\*\\*\\*\\*\\*\\*\\* $SPAM.sure/ :0 * ^X-Spam-Level:.*\\*\\*\\*\\*\\* $SPAM/ Note how we detect the X-local-part-suffic before we run spam detection and sorting. This allows mail to subaddresses to always go through and bypass all spam filtering, so in exchange for having a personally identifiable mail address you get guarantee delivery. Conversely, if you abuse the privilege you are routed to $TRASH/.\nMail User Agent I used to run Apple Mail.app with this setup, and now on Windows am using eM Client . eM Client is a commercial email client, and is available for Windows and Mac, and is easily the best email client I have ever used, with Mail.app being a close second for my workflow.\nIn my case, I define a smart folder search which will find all unread mail in all folders (except $list of exceptions), and show it in a single folder. I want the search to automatically discover newly generated folders automatically, and I need the folder name shown in the overview.\nA smart folder, finding all unread mail anywhere, and showing it by folder. I made a few mails unread for demonstration.\nThat way, I can see if I get a mail claiming to be from YourBusiness: If it is not in the yourbusiness folder, I am deleting it without reading. Phishers will have to send phishing mail to the correct folder for your personalized business mail address in order to be even considered.\nI also can $TRASH/ rule burned addresses rather quickly, and that keeps my inbox clean.\n","date":"2021-01-20T00:00:00Z","href":"https://blog.koehntopp.info/2021/01/20/unlimited-mail-adresses.html","tags":["lang_en","mail"],"title":"Unlimited Mail Addresses"},{"categories":null,"content":"Deutschland ist im Lockdown, die Schulen sind endlich geschlossen und es wird remote unterrichtet. Weil es Deutschland ist, passiert das in jedem Bundesland anders und uneinheitlich. In Baden-Württemberg verwendet man Moodle . Wer sich da drunter nichts vorstellen kann, kann es sich hier ansehen.\nIn Bawü wird eine getrennte Moodle-Instanz pro Schule installiert, aber halt viele Instanzen pro Server, weil Server recht groß sind. In Summe muß man bummelig 940.000 Schüler abfrühstücken. Die Strukturen in Moodle sind kleinräumig (Klassen, Jahrgänge, Schulen) und nicht stark quer verbunden, sodaß sich das im Grunde relativ leicht skalieren lassen sollte. Dennoch kam es im Frühjahr zum Engpässen, weil das Moodle-Projekt auf andere Projektziele und -größen geplant war (\u0026ldquo;Pilotschulen\u0026rdquo;) als es gebraucht wurde (\u0026ldquo;Lockdown\u0026rdquo;).\n\u0026ldquo;Samstags Nachts um 1: Moodle Server Einbau Selfie!\u0026rdquo; \u0026ndash; Sebastian Neuner , 23-Mar-2020\nDas Selfie oben zeigt Sebastian Neuner beim Aufrüsten der Hardware im Rechenzentrum. Er berichtet von Maschinen mit 72-96 Cores, 512-1024GB RAM, und 10 GBit/s Uplinks (sowie 20 Gbit/s SAN-Links zum Storage). CPUs sind AMD 7451 und Intel Gold-6150 . Davon sind dann jeweils zwei in einer Maschine, und dadurch ergeben sich dann die 72 bzw 96 Cores.\nIm Sommer hat man dann noch einmal nachgerüstet und am 7-Jan-2021 kam dann die letzte Nachlieferung :\n\u0026ldquo;Heute morgen wurden 2 Paletten mit 7 weiteren Servern für Moodle geliefert.\u0026rdquo; \u0026ndash; BelWü , 07-Jan-2021\nDennis Urban merkt an: \u0026ldquo;In den sieben Maschinen sind AMD EPYC 7h12 CPUs drin. Langsam wird der Monitor zu klein .\u0026rdquo;\nIn den Kommentaren dann ein Haufen Bemerkungen und Fragen:\nWieso sind das Dells und keine von Thomas Krenn? Wieso physikalische Server und das nicht in einer Cloud klicken? Wieso stehen die nicht an der Schule, sondern in irgendeinem Rechenzentrum? Nun habe ich mit dem BelWü und Moodle nichts am Hut, aber zu diesen Dingen kann ich aus anderen Gründen sinnvoll etwas beisteuern, also habe ich die Fragen einmal beantwortet (Twittertypisch mitten in den Thread gelinkt , weil es anders nicht sinnvoll funktioniert).\nWieso sind das Dells? Wer viele Server hat, der will die automatisch installieren. Das ist viel einfacher, wenn man einen einigermaßen einheitlichen Serverpark hat.\nServer haben einen Baseboard Management Controller (BMC). Das ist ein kleiner Rechner, der immer angeschaltet ist und der den großen Rechner inventarisieren, konfigurieren und ein- und ausschalten kann.\nTheoretisch sind die BMCs inzwischen einigermaßen standardisiert: Die Desktop Management Task Force DMTF hat dafür den Standard Redfish definiert. In der Praxis sind die verschiedenen BMCs alle unterschiedlich defekt und man muß wissen, welchen Hersteller in welcher Version man am Rohr hat, damit man um dessen Bugs gezielt drum herum arbeiten kann. Mein Arbeitgeber hat dazu BMC Butler entwickelt und auf Github öffentlich gemacht, ebenso das Inventarisierungstool Dora und eine Reihe von weiteren Tools.\nKauft man sich jetzt Rechner von einem weiteren Hersteller dazu, dann muß man die eigene Automatisierung erst einmal validieren und anpassen. Das ist schnell mal ein halbes Jahr Arbeit.\nDas ist auch okay, denn größere Aktionen in einem Rechenzentrum haben ebenfalls schnell mal ein halbes Jahr Vorlauf. Wie dem auch sei: 7 Rechner bekommt man eventuell relativ schnell, aber einen ganzen Raum in einem Rechenzentrum voll zu laden war eine Aktion mit Schiffscontainern aus Taiwan.\nMeist hat man Rahmenverträge mit Händlern (\u0026ldquo;OEMs\u0026rdquo;, Original Equipment Manufacturer, zum Beispiel Dell oder HP) oder - bei größeren Mengen - Herstellern (\u0026ldquo;ODMs\u0026rdquo;, Original Device Manufacturer, zum Beispiel QCT oder Wywinn), und meistens genau zwei: Man will halt mehr als einen und so wenige wie möglich, weil alles kompliziert ist.\nWieso nicht in der Cloud? Weil Cloud unglaublich teuer ist. In meinen Kostenrechnungen liegen die Kosten für Cloud-Deployments pro Monat in etwa gleichauf mit (oder höher als!) Kostenrechnungen für Bare Metal in eigenen Rechenzentren pro Jahr (Strom, Netz, anteilige Netzwerk-Hardware, Rechenzentrumsplatz und alles andere inbegriffen).\nDas kann man alles noch optimieren, aber auf beiden Seiten der Gleichung und am Ende kommt in etwa dasselbe heraus: Cloud ist in etwa eine Größenordnung teurer als das alles selbst zu machen.\nAnders herum bedeutet das, daß man das eigene Bare Metal hemmungslos überdimensionieren kann und immer noch unter AWS-Preisen herauskommt. Ist ja auch logisch: Wenn man einem Milliardär seine Weltraumfirma nicht mit finanzieren muß, \u0026hellip;\nWas man dabei nicht mit rechnet: Die höhere Latenz (s.o: 6 Monate Vorlauf - man muß überdimensionieren) und die Personalkosten für die eigene Entwicklung (Servermanagement, API für Provisionierung und so weiter).\nDas lohnt sich erst ab einer gewissen Mindestgröße. Für kleine Läden lohnt sich die Cloud trotz der hohen Instanzkosten, weil die Software schon fertig entwickelt ist. Kleine Läden haben auch keine Kapazitätsprobleme beim Provisionieren in der Cloud.\nWenn man natürlich wegen eines RZ-Ausfalls \u0026ldquo;ein Megawatt Kapazität\u0026rdquo; mal eben in der Cloud klicken will, dann geht das nicht \u0026ldquo;wegen Quota\u0026rdquo;. Die Quota gibt es nicht nur, um teure Fehler zu vermeiden, sondern weil auch \u0026ldquo;die Cloud\u0026rdquo; nicht \u0026ldquo;mal eben ein MW Kapazität\u0026rdquo; zur Hand hat, sondern Rechenzentrumsplatz bauen, Rechner kaufen und installieren muß im RZ der Wahl, damit das geht.\nDabei unterscheiden sich Clouds deutlich: Azure setzt auf Kapazität \u0026ldquo;vor Ort\u0026rdquo;: man hat also sehr, sehr viele Standorte und die sind dann mitunter sehr klein. Da mal eben 10.000 \u0026ldquo;Amazon m5.4xl\u0026rdquo; zu holen (etwa 1 MW) geht dann halt nicht und schon gar nicht in einer AZ. Amazon und Google sind anders strukturiert, und wenn man Glück hat kriegt man 10k Instanzen dieser Größe, aber sicher nicht auf Zuruf und in der AZ der Wahl (\u0026ldquo;Wir haben Eure 150 PB Hadoop jetzt in Finnland, aber das Processing für die 2500 Nodes muß nach London\u0026rdquo; \u0026ldquo;Und wer zahlt dann den Traffic?\u0026rdquo;).\nUnd halt nicht für sinnvolles Geld.\nWieso nicht in der Cloud? Cloud macht total Sinn für einmalige Tasks. Die Bild-Assets von 1.2 Millionen Hotels in drei neuen Größen für einen neuen Mobildienst bereit zu stellen und dafür einen Bildskalierer durch Parallelisierung um einige Monate zu beschleunigen ist eine ideale Cloudanwendung: dynamisch Wegwerfkapazität kaufen (\u0026ldquo;Spot Instances\u0026rdquo;), den Task durchlaufen lassen und dann die Instanzen aufgeben.\nCloud macht total Sinn für experimentelle Tasks. Machine Learning auf GPU oder Google Tensor Processors auszuprobieren ist sehr viel sinnvoller, als experimentelle Hardware mit 36 Monaten Abschreibung zu kaufen, die dann alle 6-9 Monate (inzwischen: 18 Monate) ersetzt werden muß, weil sich das Thema weiter entwickelt hat und die Hardware veraltet ist (und dann festzustellen, daß man eh nur 7kW pro Rack kann, aber ein dicker Klotz mit GPUs drin schon mal gerne 14 oder 21kW pro Rack an Abwärme da läßt).\nCloud lohnt nicht, wenn man 600.000 Schüler für 10 Jahre an 220 Tagen im Jahr mit einer IT Infrastruktur versorgen muß. Das ist quasi das Anti-Cloud Szenario: Garantierte Basislast für Dekaden in vorhersehbarer Menge, bewährte konventionelle Technik und relativ stabiles Anwendungsumfeld. Selbst wenn man die Maschinen in 3 Jahren abschriebe kann man leicht 5 Jahre Betrieb aus den Dingern bekommen, bevor man sie ersetzt.\nErsetzen wird man sie, denn nach 5 Jahren wird der Betrieb vermutlich unrentabel. Neue Hardware wäre so viel leistungsfähiger, daß man dieselbe Leistung mit weniger Hardware, weniger Strom und weniger RZ-Platz erbringt und so viel Geld spart. Eine Maschine verbraucht in 5 Jahren circa ihren Anschaffungspreis in Strom.\nWas auch teuer ist in einer Cloud-Anwendung ist Netzwerk, und dort speziell ausgehender Verkehr. AWS ist berühmt dafür, eingehenden und ausgehenden Datenverkehr sehr unterschiedlich zu bepreisen, und in den Medien findet man viele Berichte in der Art NASA to launch 247 petabytes of data into AWS – but forgot about eye-watering cloudy egress costs before lift-off .\nVideochat Anwendungen wie Zoom sind in AWS nicht ökonomisch zu betreiben. Corey Quinn berichtet von Zoom , und wieso man dort statt AWS die Oracle-Cloud gewählt hat. Oracle als Firma ist spät in das ganze Cloud-Geschäft eingestiegen und muß sich um Kunden bemühen, daher zielt man bewußt auf Kunden mit viel ausgehenden Verkehr und macht die Preise dort anders.\nWieso stehen die nicht an der Schule, sondern im RZ? Eine Schule ist der denkbar schlechteste Ort, um Rechner zu betreiben. Fünf dicke Maschinen für eine Schule mit 1000 Schülern brauchen ein Rack, Strom und Netz und produzieren Abwärme, die vermutlich aktiv weg gekühlt werden muß. Kein Ort an einer Schule ist dafür geeignet, das zu betreiben. Kleine Strom- und Kühlsysteme sind ineffizient.\nObendrein: so teure Hardware mit personenbezogenen Daten auf den Speichern an einer Schule zu lagern ist auch rein von der physischen Sicherheit nicht machbar. In meiner Schulzeit, es ist schon einige Dekaden her, hat man den Medienraum der Schule, an der ich war, mehr als einmal leer gemacht. Das waren keine besonders begabten Leute, sondern Junkies auf der Suche nach Wertgegenständen zum schnellen Verticken.\nIn einem Rechenzentrum hat man nicht nur eine für Rechner geeignete Umgebung mit Strom, Netz und Kühlung, sondern kann auch Personal auslasten, das sich mit Dingen wirklich auskennt und mehr kann als Dinge ein- und auszuschalten. Netz ist genug da: im Rechenzentrum sowieso und die Kapazität einer einzelnen Glasfaser (normal legt man Bündel) ist für den interessierten Laien im Grunde unbegrenzt.\nWen es interessiert: OptiX OSN 6800 , ein Stück Huawei DWDM Hardware zum Ausleuchten einer Langstrecken-Glasfaser mit bis zu 80 Kanälen (40 Frequenzen x 2 Polarisierungen) und 100 GBit/s pro Kanal - 8 TBit, pro Faser. Es ist eine Frage von Bedarf und Geld, aber nicht wirklich ein technisches Problem. Innerhalb des Rechenzentrums nimmt man billigeres Glas, billigere Laser mit niedrigerer Leistung und hat dafür wesentlich mehr Fasern. Glas liegt durchgehend, mindestens bis zur \u0026ldquo;DSL Anschlußbox\u0026rdquo; auf dem Gehsteig, und ab da ist in Deutschland dann alles schwierig.\nMein Jitsi ruckelt nicht, Tweak.nl sei Dank!\nJedenfalls ist es, Cloud oder nicht, sinnvoller Netz in die Schule zu legen und für Strom und Netz in allen Klassenräumen zu sorgen (das muß man in jedem Fall tun!), als Server in die Schule zu stellen. Eine Schule ist ungefähr der dümmste mögliche Platz für Server, die Raspi 4s mit den Minecraft-Servern des Informatik-Kurses ausgenommen.\nWie sieht so etwas aus? Nun habe ich mit dem Netz und dem Moodle in Bawü nichts zu tun, aber ich habe in meiner Arbeit gelegentlich mit Computern oder Rechenzentrums-Ausstattungen zu tun, und dabei auch einige Fotos machen können.\n2. Januar 2019: Anlieferung neuer Hardware für einen neuen Rechenzentrumsraum, ein LKW alle 2 Stunden.\nWir haben ein Staging Area zum Auspacken und Organisieren der Hardware. Noch ist es leer.\nDann: Auspacken, Verpackungsmaterial shreddern, und die Geräte in den eigentlichen Rechnerraum fahren, wo sie geracked werden.\nJedes Gerät kommt mit Verpackung, Palette, Handbüchern und Stromkabeln für unterschiedliche Nationen. So viel Holz in der IT!\nVorne die Hardware, hinten der Müll.\nRackrückseite. bis zu 16 Blades pro Chassis, 4 Chasis pro Rack. Bitte beim Verkabeln keine Fehler machen!\nLeere Racks im eigentlichen RZ-Raum, warten auf die Hardware.\n\u0026ldquo;Laser\u0026rdquo; (SPF-Module), für das Netzwerk.\nEs ist noch viel zu tun.\nGerätefront nach Einbau: Ein Dell Bladecenter Chasis mit 14/16 Blades bestückt. Jede Blade hat 2 CPUs, einige hundert GB Speicher, 2 SSDs und 10 GBit/s Netzwerk.\nNach 3 Tagen sind die ersten Geräte grün (Provisionierbar - nach Burn In, Firmware Update und Base OS Install). Es wird noch 2 weitere Tage dauern, bis der Rest nachkommt.\nAll dies ist in erster Linie eine Logistik-Aufgabe: Man muß den kommenden Bedarf abschätzen, planen und dabei auch das Upgrade veralteter Hardware mit Planen, dann Rechenzentrumsplatz und Strom bereitstellen, und unterdessen Modelle wählen, verhandeln, bestellen und dann parallel die Site vorbereiten. Wenn die Lieferung kommt, ist auspacken, validieren und racken angesagt. Alles in allen muß man 12 Monate oder mehr in die Zukunft sehen.\n(Ich habe von 2016 bis Mitte 2019 RZ-Kapazität geplant. Die Bilder sind vom Januar 2019).\nCloud hätte auch nicht geholfen Update: Belwue Trouble Ticket Nach verschiedenen Optimierungen am Montag bestehen keine nennenswerten Probleme mehr. Die Spitzenlast um 8 Uhr konnte so am Dienstag gut abgefangen werden.\nNach dem, was mir berichtet wurde, ist ein guter Datenbank-Admin wohl mehr wert als Cloud und Bare Metal Rechenzentrum zusammen. Durch eine gemeinsame Anstrengung wurden einige Moodle-Queries an die Datenbank entscheidend verbessert und Indices nachgerüstet. Außerdem wurde das Schreibverhalten der Datenbank auf SSD entscheidend besser konfiguriert, sodaß es durch die großen Mengen Speicher nicht mehr zu Schreibstürmen kommt.\nDer Effekt ist an der Heatmap zu sehen:\nResponse Time Heatmap vom Bawü Moodle für den 12. Januar 2021. Die X-Achse zeigt die Uhrzeit. Die Y-Ache zeigt logarithmisch die Antwortzeit. Die meisten Antworten kommen in weniger als einer Zehntelsekunde, jetzt wo die Datenbank optimiert ist. (via Dennnis Urban Besonders viel Ärger hat wohl eine bestimmte Kalender-Query gemacht. Da Moodle Open Source Software ist, kann man das Ticket sehen .\n\u0026ldquo;Jetzt sind 3300 Cores in der Plattform und eine Summen-Load von unter 1000, heute. Gestern noch um die 3000.\u0026rdquo; sagte man mir. Ein System mit 3000 Cores ist mit einer Load von 3000 genau am Anschlag (Runnable Threads == vorhandene Cores). Eine Load von 1000 auf 3000 Cores ist angenehm und sollte stabil durchhalten.\nMit mehr Leistung - in Cloud oder auf Bare Metal - hätte das System nur schneller und teurer gewartet. Der Fehler war nur unter Last zu finden und durch Datenbanktuning zu beheben, nicht durch mehr Spielzeug.\nUnd weil Leute gefragt hatten: Moodle läuft mit 300 Usern pro Core recht rund, und bekommt wohl in diesem Szenario ab dem 2.5-fachen davon Probleme.\nEdit: Userzahlen Dennis Urban korrigiert in einer DM:\nEine Frage bzw. Anmerkung: in Bawü gibts derzeit 1,4 Mio SchülerInnen und so 140k LehrerInnen: Wir haben so 940k registrierte Benutzer.\nAus irgendwelchen Gründen listet der ursprünglich verlinkte Statista-Artikel die Berufsschüler nicht auf. Statistik Bawü hat die ganzen Zahlen.\nEdit: Merkwürdigkeiten Im Nachgang zu diesem Artikel kam es zu diversen Diskussionen auf Twitter. Ein Haufen Leute hat sich beim Moodle-Team von BaWü über die Performance von BBB beschwert. Dieser Dienst wird zwar in Moodle integriert, ist aber von einem anderen Team an einer anderen Institution in einer anderen Stadt betrieben.\nEventuell ist es sinnvoll, die IT-Organisation an Schulen nicht auf Kreis- oder Landesebene zu zerfasern, sondern Aufwände zu bündeln. Das macht den Betrieb nicht nur zuverlässiger, sondern auch billiger.\nDoch es ist noch \u0026ldquo;komplizierter\u0026rdquo;:\nEin Benutzer hat sich über die Performance von BBB beschwert und zeigte einen Screenshot.\nScreenshot mit nicht funktionierendem BBB: Auf demo2.bigbluebutton.org allerdings.\nDer nächste Versuch der Klassen-VC scheitert - nach der Anmeldemaske passiert bei BBB nichts mehr. Viel Kinder-Enttäuschung, dass das versprochene \u0026ldquo;Arbeiten wie die Großen\u0026rdquo; nie klappt. Stattdessen jetzt: Arbeitsblatt bearbeiten. Vorhandene Motivation: -1000\ndemo2.bigbluebutton.org ist ein Testserver vom BBB Projekt, der in Kanada steht und als Demo-Objekt betrieben wird. Er ist nicht für den Produktiveinsatz gedacht, nicht von GDPR-Richtlinien abgedeckt und selbst wenn er funktionierte wäre er für eine angenehme Videokonferenz zu weit weg.\nMoodle und Big Blue Button sind Softwarepakete, die sich Organisationen wie die Schulorganisation eines Landes selbst installieren können. Als Lehrerin oder Lehrer ist man gut damit beraten auch die korrekte URL zum Verbinden zu nehmen, statt sich im Internet irgendeine Instanz zu suchen.\n","date":"2021-01-12T00:00:00Z","href":"https://blog.koehntopp.info/2021/01/12/600000-user-in-baden-wurttemberg.html","tags":["lang_de","data center","bildung"],"title":"940.000 User in Baden-Württemberg"},{"categories":null,"content":"My son wants labyrinths. Ok, let\u0026rsquo;s make them like it\u0026rsquo;s the first semester.\nWe need a class Labyrinth that holds the dimensions of our maze, and the actual maze, in grid - a List of Lists of integers. That\u0026rsquo;s not exactly a two-dimensional array (it can have a ragged right edge), but it will do for us.\nA basic container for labyrinths class Labyrinth: \u0026#34;\u0026#34;\u0026#34;Store a labyrinth as a List of Lists of Integers. Passages exist in the 4 cardinal directions, N, E, S, and W. We store them as bit flags (N=1, E=2, S=4, W=8). When set, a passage exists from the current cell into the direction indicated by the bitflag. \u0026#34;\u0026#34;\u0026#34; # Grid size width: int height: int grid: List[List[int]] The integer Zero will indicate an unused cell. We then use bits to store passages to the four cardinal directions: 1 for a passage to the North, 2 for a passage to the East, 4 for a passage to the South, and 8 for a passage to the West.\nWhen making a passage, we will need to tear down the wall in the current cell, and we will need to tear down the wall in the new cell, making a backwards passage. One could say that our maze is an undirected graph, and making passages connects the vertices forward and backward.\nWe will need to work with positions, and we define a type for that: A position is a Pos, a two-tuple of integers.\nWe will also need to work with the cardinal directions, and make a type for that: A direction is a Direction, a string. We will also make use of a number of things from random.\nfrom typing import List, Dict, Tuple, Optional, NewType from random import shuffle, randrange, choice, randint Pos = NewType(\u0026#34;Pos\u0026#34;, Tuple[int, int]) Direction = NewType(\u0026#34;Direction\u0026#34;, str) Using this, we can define a few useful things that we will be using a lot. Our bits to encode passages, for example:\n_directions: Dict[Direction, int] = { Direction(\u0026#34;N\u0026#34;): 1, Direction(\u0026#34;E\u0026#34;): 2, Direction(\u0026#34;S\u0026#34;): 4, Direction(\u0026#34;W\u0026#34;): 8, } Also, the back-connections, because we want an undirected graph of passages:\nopposite: Dict[Direction, Direction] = { Direction(\u0026#34;N\u0026#34;): Direction(\u0026#34;S\u0026#34;), Direction(\u0026#34;S\u0026#34;): Direction(\u0026#34;N\u0026#34;), Direction(\u0026#34;W\u0026#34;): Direction(\u0026#34;E\u0026#34;), Direction(\u0026#34;E\u0026#34;): Direction(\u0026#34;W\u0026#34;), } And we need to be able to translate a Direction into a change in coordinates, in order to be able to step:\ndx: Dict[Direction, int] = { Direction(\u0026#34;N\u0026#34;): 0, Direction(\u0026#34;S\u0026#34;): 0, Direction(\u0026#34;E\u0026#34;): 1, Direction(\u0026#34;W\u0026#34;): -1, } dy: Dict[Direction, int] = { Direction(\u0026#34;N\u0026#34;): -1, Direction(\u0026#34;S\u0026#34;): 1, Direction(\u0026#34;E\u0026#34;): 0, Direction(\u0026#34;W\u0026#34;): 0, } We can now initialize our class:\ndef __init__(self, width: int = 10, height: int = 10) -\u0026gt; None: \u0026#34;\u0026#34;\u0026#34; Construct a labyrinth with no passages in the given dimensions \u0026#34;\u0026#34;\u0026#34; self.width = width self.height = height self.grid = [[]] * self.height for y in range(0, self.height): self.grid[y] = [0] * self.width return Some basic Python wiring We will probably suck and need to be able to dump a labyrinth object, so let\u0026rsquo;s build a __repr__() for it. If you have an instance and print it, Python will try to invoke __str__() for a human readable representation of the object. If that does not exist (or we print(repr(l))), Python will try __repr__() instead. This is supposed to produce a debug representation of a thing.\nSo let\u0026rsquo;s make one:\ndef __repr__(self) -\u0026gt; str: \u0026#34;\u0026#34;\u0026#34; Dump the current labyrinths passages as raw integer values \u0026#34;\u0026#34;\u0026#34; s = \u0026#34;\u0026#34; for y in range(0, self.height): s += f\u0026#34;{y=}: \u0026#34; for x in range(0, self.width): s += f\u0026#34;{self.grid[y][x]:04b} \u0026#34; s += \u0026#34;\\n\u0026#34; return s Our Labyrinth is mostly a container for these integers representing cells, with a bit of sugar on top. Let\u0026rsquo;s make the cells directly accessible:\ndef __getitem__(self, item: Pos) -\u0026gt; int: \u0026#34;\u0026#34;\u0026#34; Return the passages at position item: Pos from the labyrinth \u0026#34;\u0026#34;\u0026#34; if not self.position_valid(item): raise ValueError(f\u0026#34;Invalid Position: {item=}\u0026#34;) r = self.grid[item[1]][item[0]] return r def __setitem__(self, key: Pos, value: int) -\u0026gt; None: \u0026#34;\u0026#34;\u0026#34; Set the passages at position key: Pos to value: int \u0026#34;\u0026#34;\u0026#34; if not self.position_valid(key): raise ValueError(f\u0026#34;Invalid Position: {key=}\u0026#34;) if not (0\u0026lt;=value\u0026lt;=15): raise ValueError(f\u0026#34;Invalid cell value: {value=}\u0026#34;) self.grid[key[1]][key[0]] = value return I can now make me a l= Labyrinth and then p = Pos((10, 10)) and print(l[p]) to print a single element at position (10, 10). Python will invoke the __getitem__() with this Pos tuple and return me the element. Likeweise I can assign to l: l[p] = 10, and that will invoke __setitem__() with the proper parameters.\nSome important predicates The predicate position_valid() is still missing, and we will need similar things for Directions, too.\nLet\u0026rsquo;s make them:\ndef position_valid(self, p: Pos) -\u0026gt; bool: \u0026#34;\u0026#34;\u0026#34; Predicate, true if the p: Pos is valid for this labyrinth \u0026#34;\u0026#34;\u0026#34; return 0 \u0026lt;= p[0] \u0026lt; self.width and 0 \u0026lt;= p[1] \u0026lt; self.height def direction_valid(self, d: Direction) -\u0026gt; bool: \u0026#34;\u0026#34;\u0026#34; Predicate, true if Direction d is valid \u0026#34;\u0026#34;\u0026#34; return d in self.directions() We also build a getter, directions() that returns the directions from the _directions bit encoder array above, and the same thing randomized under the name of random_directions(). We grab the list and apply Pythons shuffle().\ndef directions(self) -\u0026gt; List[Direction]: return list(self._directions.keys()) def random_directions(self) -\u0026gt; List[Direction]: \u0026#34;\u0026#34;\u0026#34;Return all cardinal directions in random order. \u0026#34;\u0026#34;\u0026#34; d = self.directions() shuffle(d) return d Stepping into the Labyrinth We now can make a step(pos, direction), which takes one Pos, and makes a step into the given Direction.\ndef step(self, p: Pos, d: Direction) -\u0026gt; Pos: \u0026#34;\u0026#34;\u0026#34;Starting at Pos p, walk one step into Direction d, return a new position. The new position is guaranteed to be valid.\u0026#34;\u0026#34;\u0026#34; if not self.direction_valid(d): raise ValueError(f\u0026#34;Invalid Direction {d=}\u0026#34;) if not self.position_valid(p): raise ValueError(f\u0026#34;Invalid Position {p=}\u0026#34;) np = Pos((p[0] + self.dx[d], p[1] + self.dy[d])) if not self.position_valid(np): raise ValueError( f\u0026#34;Invalid Position {np=}: Step from {p=} into {d=} leaves the grid.\u0026#34; ) return np The new position is guaranteed to be valid. We will raise ValueError for all invalid things - wrong parameters, and wrong results. Some of them may arguably be IndexErrrors instead, but I actually have little need for this distinction here, and it will only make the code more complicated later on.\nTear down a wall Now I can build me a function that makes a passage from a given Pos, into a given Direction:\ndef make_passage(self, p: Pos, d: Direction) -\u0026gt; None: \u0026#34;\u0026#34;\u0026#34;At Pos p into Direction d, make a passage and back. \u0026#34;\u0026#34;\u0026#34; if not self.direction_valid(d): raise ValueError(f\u0026#34;Invalid Direction {d=}\u0026#34;) if not self.position_valid(p): raise ValueError(f\u0026#34;Invalid Position {p=}\u0026#34;) np = self.step(p, d) self[p] |= self._directions[d] self[np] |= self._directions[self.opposite[d]] return It may also be useful to have this as a predicate can_make_passage(), which returns true if I can make a passage that is not there, yet.\ndef can_make_passage(self, p: Pos, d: Direction) -\u0026gt; bool: \u0026#34;\u0026#34;\u0026#34;Predicate, true if valid passage that is not there, yet.\u0026#34;\u0026#34;\u0026#34; if not self.direction_valid(d): raise ValueError(f\u0026#34;Invalid Direction: {d=}\u0026#34;) if not self.position_valid(p): raise ValueError(f\u0026#34;Invalid Position: {p=}\u0026#34;) try: np = self.step(p, d) except ValueError as e: # We stepped off the grid. return False # Success, if the world would change by removing this wall. pre_elem = self[p] post_elem = pre_elem | self._directions[d] return pre_elem != post_elem This raises exceptions for invalid input values. It will return False for passages that would lead off grid, and also returns False is this is not a new, but already existing passage.\nRecursive digging Now we can pretty easily and concisely write down a tunnel digging algorithm that will build us a fully connected labyrinth, a random minimal spanning tree for the grid.\nAt this point it is a subclass of Labyrinth, but it really should be a strategy of Labyrinth instead. Python on my system has a default recursion nesting limit of 1000, so the longest path can be 1000 steps until we overflow the stack. This is good for a 31x31 grid at best, and we would need to change sys.setrecursionlimit(new_value) for more.\nclass Backtracking(Labyrinth): \u0026#34;\u0026#34;\u0026#34;Build a labyrinth using a backtracking algorithm.\u0026#34;\u0026#34;\u0026#34; def carve(self, pos: Optional[Pos] = None, show: Any = None) -\u0026gt; None: \u0026#34;\u0026#34;\u0026#34;carve passages starting at Pos p using recursive backtracking. Carves passages into the labyrinth, starting at Pos p (Default: 0,0), using a recursive backtracking algorithm. Uses stack as deeply as the longest possible path will be. \u0026#34;\u0026#34;\u0026#34; # Set start position if not pos: pos = Pos((0, 0)) # Probe in random order directions = self.random_directions() for d in directions: # try to step into this direction try: np = self.step(pos, d) except ValueError: # We stepped off the grid -\u0026gt; ignore this direction continue if show: show(self, red=pos, green=np) # if the position is clean, make a passage, and recurse if self[np] == 0: self.make_passage(pos, d) self.carve(np, show=show) What we have here is a function carve() that will dig a tunnel, starting at pos. If no pos is given, we default to the origin (0,0).\nFor the current position, we will check all possible directions in random order: can we step there? If so, we break down the walls and make a passage, then step there and recurse.\nWe have provided the option to supply a callback function show= (for which we skimped on the typing, tsk, tsk!). If such a function is supplied, we call it with the old and the new position as parameters. We need to make sure to pass on the show= function, if there is one, when we recurse.\nHere is a labyrinth generation in progress:\nPainting the labyrinth Our Labyrinth Painter uses Pygame. It draws cells that are size= wide, and are framed with line_width= thick lines.\nimport sys from time import sleep from typing import Optional import pygame from src.labyrinth import Labyrinth, Pos WHITE = (255, 255, 255) BLACK = (0, 0, 0) RED = (200, 50, 50) GREEN = (50, 200, 50) LIGHT_BLUE = (230, 230, 255) class LabyrinthPainter: surface: pygame.surface.Surface size: int line_width: int def __init__(self, lab, size=100, line_width=5) -\u0026gt; None: self.size = size self.line_width = line_width self.show_init(lab) return We start pygame, and make us a surface in a window:\ndef show_init(self, lab: Labyrinth) -\u0026gt; None: pygame.init() self.surface = pygame.display.set_mode( ( self.size * lab.width + self.line_width, self.size * lab.height + self.line_width, ) ) self.surface.fill(WHITE) pygame.display.flip() return We then implement a show function, which draws a bunch of squares in funny colors:\ndef show( self, lab: Labyrinth, red: Optional[Pos] = None, green: Optional[Pos] = None ): for y in range(0, lab.height): for x in range(0, lab.width): self.square(lab, Pos((x, y)), red, green) A square needs to find out what color it should be in, and then needs to be drawn. For that we need corners: North-East, North-West, South-East, and South-West.\nWe do not really have many dependencies on Labyrinth: Element access, and we should really use direction names instead of raw bits for decoding here.\ndef square( self, lab: Labyrinth, pos: Pos, red: Optional[Pos] = None, green: Optional[Pos] = None, ) -\u0026gt; None: xpos, ypos = pos[0], pos[1] el = lab[pos] nw = (xpos * self.size, ypos * self.size) ne = ((xpos + 1) * self.size, ypos * self.size) sw = (xpos * self.size, (ypos + 1) * self.size) se = ((xpos + 1) * self.size, (ypos + 1) * self.size) color = LIGHT_BLUE if el == 0: color = BLACK if red and pos == red: color = RED if green and pos == green: color = GREEN pygame.draw.rect(self.surface, color, nw + (self.size, self.size)) # North Border if not (el \u0026amp; 1): pygame.draw.line(self.surface, BLACK, nw, ne, width=self.line_width) # East Border if not (el \u0026amp; 2): pygame.draw.line(self.surface, BLACK, ne, se, width=self.line_width) # South Border if not (el \u0026amp; 4): pygame.draw.line(self.surface, BLACK, sw, se, width=self.line_width) # West Border if not (el \u0026amp; 8): pygame.draw.line(self.surface, BLACK, nw, sw, width=self.line_width) Nothing of this will be visible until we call flip(). For debugging, we provide the flip() as part of two waiting functions:\n@staticmethod def wait() -\u0026gt; None: # self.keywait() pygame.display.flip() for event in pygame.event.get(): if event.type == pygame.QUIT: pygame.quit() sys.exit() if event.type == pygame.KEYDOWN: if event.key == pygame.K_ESCAPE: pygame.quit() sys.exit() sleep(0.05) @staticmethod def keywait() -\u0026gt; None: pygame.display.flip() while True: for event in pygame.event.get(): if event.type == pygame.QUIT: pygame.quit() sys.exit() if event.type == pygame.KEYDOWN: if event.key == pygame.K_SPACE: return if event.key == pygame.K_ESCAPE: pygame.quit() sys.exit() sleep(0.05) The first function checks the Pygame event queue for a QUIT event (close button on the window has been hit) or an ESC key press. If either of them happened, we exit the program. Otherwise we delay a bit (and should make this a settable parameter).\nThe second method busy waits on a space bar press (and also allows quitting) before it continues. It will allow us to step through the program and observe how everything works at our leisure.\nA small driver that puts everything together:\nfrom random import randrange from src.backtracking import Backtracking, Pos from src.labyrinth_painter import LabyrinthPainter def show_and_wait(lab: Backtracking, red: Pos, green: Pos): painter.show(lab, red, green) LabyrinthPainter.wait() labyrinth = Backtracking(width=20, height=20) painter = LabyrinthPainter(labyrinth, size=30, line_width=4) start = Pos((10,10)) labyrinth.carve(start, show=show_and_wait) while True: red = Pos((randrange(0, 20), randrange(0, 20))) green = Pos((randrange(0, 20), randrange(0, 20))) if red != green: break painter.show(labyrinth, red=red, green=green) LabyrinthPainter.keywait() We make ourselves a labyrinth instance, and a painter instance. We define a starting position in the middle of the field, then start the carver with a callback. The callback will be activated by the carve() function with the old position pos as red and the new position np as green square. Untouched squares will show up in black, and carves squares will be shown in light blue.\nIn the end we display the final labyrinth, showing two random positions as start and end position. This will work because our labyrinth is an undirected minimal spanning tree of the grid, so any two positions are connected by exactly one path.\nNot recursing We can rewrite the original carve() function to not use recursion. It will look almost the same:\nclass DepthFirst(Labyrinth): \u0026#34;\u0026#34;\u0026#34;Build a labyrinth using a backtracking algorithm.\u0026#34;\u0026#34;\u0026#34; def carve(self, pos: Optional[Pos] = None, show: Any = None) -\u0026gt; None: \u0026#34;\u0026#34;\u0026#34;carve passages starting at Pos p using iteration and a stack.\u0026#34;\u0026#34;\u0026#34; # Set start position if not pos: pos = Pos((0, 0)) # Stackframe: # (pos, directions): positions and the directions that still need checking. stack = [(pos, self.random_directions())] while stack: # print(f\u0026#34;{stack=}\u0026#34;) pos, directions = stack.pop() while directions: # Consume one direction d = directions.pop() # Can we go there? try: np = self.step(pos, d) except ValueError: continue if show: show(self, red=pos, green=np) # Is the new position np unused? if self[np] == 0: # Remove wall self.make_passage(pos, d) # If we still have directions to check, push current position back if directions: stack.append((pos, directions)) # In any case, add the new position (and all directions) stack.append((np, self.random_directions())) break # while directions: -\u0026gt; continue with np Instead of recursing we here have a local stack stack. On this stack we put pairs of (pos, directions): For each position we remember the directions at this position that still need checking. We prime this with the starting position and the full list of all four cardinal directions, randomly shuffled.\nWe then pop us the current work item, and check if there are still directions we have not processed (there are, we just started). We consume one, and try to go there. If this is a legal position to be in, and the position is empty (0), we tear down that wall.\nNow we push this position and the remaining directions sans the one we just checked back. Then we add the new position and all four directions properly shuffled on top of that. Finally we break out of the while directions: loop.\nThis will move us to the outer loop, where we pop the new position and start working on that one: A depth-first search.\nOur stack list is not subject to sys.recursionlimit and so we can process larger grids. We still use the same amount of memory: we remember the same things. On a 100x100 grid, the theoretical longest possible path is 10000 steps long and that would be the biggest possible stack for that grid.\nSee Also Maze Generation: Recursive Backtracking , Jamis Buck, 27-Dec-2010.\nBasil \u0026amp; Fabian , Jamis Buck, April 2014\nCode in github ","date":"2021-01-10T00:00:00Z","href":"https://blog.koehntopp.info/2021/01/10/labyrinths-in-python.html","tags":["lang_en","python"],"title":"Labyrinths (in Python)"},{"categories":null,"content":"Heise writes an introduction to bash programming (in german) :\nBash ist eine vollwertige Programmiersprache, mit der Sie alltägliche Aufgaben leicht automatisieren.\nBash is a fully featured programming language that you can use to automate everyday tasks.\nBash is not a fully featured programming language at all, and nothing in bash is ever easy. You are advised to use a proper programming language early on in development, and if possible never put bash commands into a file.\nA few early warning signs to look out for:\nBash is somewhat okay to handle files. If you find yourself handling lines, words or characters instead of entire files, you are using the wrong tool. The script you are working on should have been written in something else. Bash is really bad at math. If you are doing math, especially if it is not small positive integers, you should have been using something else. Bash is really bad at handling any kind of UI. If you start thinking about curses, Tk or Qt, you should have been using something else. Bash is also bad at safely handling filenames with weird characters in them, bad at handling Unicode, bad at handling Errors and bad at many other elementary things.\nBasically, it is better to start in something else right away if the things move away from an interactive command line and end up in a file. Use whatever you like as an interactive command line, but do not write bash or shell scripts.\nShell is a thing you want to understand and then not use, because you learned to understand it. (in German, from 1998 )\nFor the rest of this discussion, we assume \u0026ldquo;Python 3\u0026rdquo; as an instance of \u0026ldquo;something else\u0026rdquo;, but if you are older than 50, feel free to use \u0026ldquo;Perl\u0026rdquo; instead.\nIf you are already doing Python, the rest of this is not for you. You already know these things.\nDo not modify the system python Use the system Python, if possible, but do not try to modify the system Python installation. Use a virtual environment for packages, instead.\n$ mkdir myscript $ cd !$ $ python3 -mvenv venv $ source venv/bin/activate This will create a local (symlinked) copy of the system python, and activate it as the interpreter environment to modify if you install dependencies. You will want to update pip, install wheel and then maintain a file named requirements.txt at the top level of the myscript directory. It will contain the names of the packages (optionally with version pins) you depend on. You can install the dependencies using pip install -r requirements.txt.\n$ cat revenv.sh #! /bin/bash deactivate rm -rf venv python3 -mvenv venv source venv/bin/activate pip install --upgrade pip pip install wheel pip install -r requirements.txt pip freeze -r requirements.txt \u0026gt; requirements-frozen.txt It deactivates the venv, throws away the installed venv, and then re-makes it from the requirements.\nYes, that is a shell script. There are ways to do the same things natively and better.\nIt is extensively documented in An Overview of Packaging for Python , for example Managing Application Dependencies and Packaging Python Projects .\nRunning a local Python package registry is as simple as exposing a directory with a specific file structure using a web server, see here , and a step-by-step walkthrough for a kind of minimal setup can be found here .\nDo not try to write Bash in Python In an online discussion, somebody remarked :\nI do not think that\nsubprocesss.run([\u0026quot;ls\u0026quot;, \u0026quot;-l\u0026quot;, \u0026quot;/dev/null\u0026quot;], capture_output=True)\nis more intuitive or less error prone, but different people have different opinions.\nThat is correct.\nThe point here is that this is not useful at all, in a Python program. That line will then produce output such as\ncrw-rw-rw- 1 root root 1, 3 Dec 7 12:15 /dev/null\nand that needs parsing to be useful for anything. You\u0026rsquo;d not do that at all in Python, ever.\nfrom pathlib import Path s = Path(\u0026#34;/dev/null\u0026#34;).stat() print(s) os.stat_result(st_mode=8630, st_ino=6, st_dev=6, st_nlink=1, st_uid=0, st_gid=0, st_size=0, st_atime=1607339753, st_mtime=1607339753, st_ctime=1607339753) Now we can talk. In Bash, everything always is a string.\nIn a proper programming language, we have a wealth of basic data types, and can use them in containers to construct aggregate types or even objects, and we can make use of this.\nUsing Path().stat() we get access to the same information in useful form that combines nicely with any number of powerful language and library features.\nIf you need to run commands, consume JSON So what if you have to run an external command to do things?\nHopefully the external commands produce something structured such as JSON:\nimport subprocess import json lvs = subprocess.run([\u0026#34;lvs\u0026#34;, \u0026#34;--reportformat=json\u0026#34;], capture_output=True) lvs_output = json.loads(lvs.stdout) for k in lvs_output[\u0026#39;report\u0026#39;][0][\u0026#39;lv\u0026#39;]: print(k[\u0026#39;lv_name\u0026#39;], k[\u0026#39;lv_size\u0026#39;]) blogbackup 20.00g dedibackup 100.00g disk_images 40.00g gitlab 10.00g halde 350.00g iot 30.00g kvm 60.00g unifi 10.00g backup 4.00t tm_aircat 1.00t tm_joram 1.50t tm_mini 512.00g win_kk 2.08t home 60.00g swap 32.00g ubuntu 80.00g This imports the modules subprocess and json for use.\nIt then uses the command lvs --reportformat=json to list all LVM2 logical volumes in the system. The command is specificed as an argument list, so no interim bash is spawned, instead the command is run directly from Python, using subprocess.run() , capturing the output.\nThe output, being JSON formatted, is turned into Python native data structures, using json.loads() . We then iterate the data we collected, printing a system report from Python.\nThere are other ways to do the same : LVM2 offers liblvm2app and an API, and a binding of that API to Python exists (but seems to be rather unmaintained, so I\u0026rsquo;d rather use the JSON approach).\nUseful modules that come with the system sys, os, pathlib So you already know about sys , and os . Maybe you use pathlib instead of os.path .\nsys is the meta about your Python environment. It offers you detailed introspection about the version, the base operating system platform, and many other things that relate to your runtime environment.\nos is the access to the operating system, allowing you to manipulate files and many other base operating system abstractions\npathlib is a higher level convenience interface built on top of that, which overloads the / operator and allows you to manipulate operating system path names in a portable way. It offers functions to parse pathnames, is os.stat() aware and has basename() and dirname() functionality, plus globbing.\nPath can completely replace os-like file access, and there is a handy table at the end of the manpage.\nshutil Basic shell file operations can be handled with shutil .\nThis module has a number of file copy operations available, which are aware of operating system specifics and modern metadata presence. There are also copytree and rmtree operations. Since Python 3.8 there are operating system specific high-efficiency implementations available which are network drive aware and are automatically used (MacOS fcopyfile, os.sendfile(), and others).\nThe module also offers a set of functions that deal with common archive formats such as zip, tar, and other compressors. There is a framework to register additional compressors and archive formats.\nNote that the walk() function is part of the os module, not the shutil module. It can be used to iterate over a filesystem subtree in a number of ways, offering find(1) like functionality.\nargparse, click, docopt Python delivers argparse with the standard libary, and has extensive tutorials for it. It works pretty much as one would expect\n#! /usr/bin/env python3 import argparse parser = argparse.ArgumentParser() parser.add_argument(\u0026#34;--size\u0026#34;, help=\u0026#34;file size\u0026#34;, type=int) args = parser.parse_args() print(args.size, type(args.size)) and\n$ ./keks.py --help usage: keks.py [-h] [--size SIZE] optional arguments: -h, --help show this help message and exit --size SIZE file size $ ./keks.py --size 10 10 \u0026lt;class \u0026#39;int\u0026#39;\u0026gt; There are a number of more refined options that allow for positional, keyword and more restricted optional arguments (the type we have been using here), with typechecking and choices.\nclick and docopt are not part of the standard libary, so it means picking up an external dependency.\ndocopt is built around the concept of docstrings, so option parsers are configured from the program documentation at the start of the program.\nclick is built around the concept of Python decorators , and allows things such as\n#! /usr/bin/env python import click @click.command() @click.option(\u0026#39;--size\u0026#39;, required=True, type=int, help=\u0026#39;file size\u0026#39;) def size(size): print(size, type(size)) if __name__ == \u0026#39;__main__\u0026#39;: size() and\n$ ./probe.py --help Usage: probe.py [OPTIONS] Options: --size INTEGER file size [required] --help Show this message and exit. $ ./probe.py --size 10 10 \u0026lt;class \u0026#39;int\u0026#39;\u0026gt; Click is very complete, extensible and specifically the tool of choice for large commands that require the implementation of subcommands (git log, git add, git commit type interfaces).\nfileinput In this context also useful is fileinput , a helper that consumes pathnames from the command arguments and offers you the lines from the files named, in one single stream or separated.\nThere is a number of support options for writing filters, in-place file changes and similar programs.\nIt is possible to install decompressor/compressor hooks, as well as data encodoers/decoders.\nstat The os.stat() example from the very beginning of this text is easier expanded on with the stat module, which has a number of constants and helpers that make more sense out of the data delivered by the operating system.\nglob, fnmatch Python has a glob and fnmatch modules, but you are probably better off using Path.glob from the more modern and portable pathlib instead.\ntempfile Temporary filenames, files and file handles can be made safely with tempfile , another standard libary.\ndifflib, filecmp There are a number of modules that deal in comparisons of files, difflib computes diff-like output with a nice programming interface, and filecmp compares files and directory trees, finding files with different content or attributes.\nini files, yaml and json The python standard libary offers readers and writers for ini files and json . Handling yaml is an external dependency.\nsched, daemon, pidfile, and pystemd A simple-cronlike timer facility, sched comes with the system libraries.\nActually becoming a background process with python-daemon picks up an external dependency. So does handling PIDfiles with python-pidfile .\nThe external dependency pystemd allows you to speak dbus to talk to systemd, but you would not notice that from the usage: you can deal with systemd units as native Python objects and query and control them.\nsubprocess And of course, we already mentioned subprocess.run() , the swiss army knife of bad old shell interfacing. Make sure you prefer commands that can produce JSON, that will hurt a lot less.\nAddenda Various System Shells : Shell inconsistencies What exactly was the point of [ \u0026quot;x$var\u0026quot; = \u0026quot;xval\u0026quot; ]? : How a simple test can fail. ","date":"2021-01-05T00:00:00Z","href":"https://blog.koehntopp.info/2021/01/05/using-python-to-bash.html","tags":["lang_en","python","bash","devops"],"title":"Using Python to bash"},{"categories":null,"content":"This is the english version of a 2007 article .\nIn de.comp.os.unix.linux.misc somebody asked:\nAre commands in a script executed strictly sequentially, that is, will the next command only be executed when the previous command has completed, or will the shell automatically start the next command if the system has spare capacity? Can I change the default behavior - whatever it may be - in any way? If you are looking into the fine manual, it may explain at some point that the shell starts each command in a separate process. Then you may continue your thought process and ask what that actually means. As soon as you get to this stage, you may want to have a look at the Unix process lifecycle.\nProcesses and programs A program in Unix is a sequence of executable instructions on a disk. You can use the command size to get a very cursory check of the structure and memory demands of the program, or use the various invocations of objdump for a much more detailed view. The only aspect that is of interest to us is the fact that a program is a sequence of instructions and data (on disk) that may potentially be executed at some point in time, maybe even multiple times, maybe even concurrently.\nSuch a program in execution is called a process. The process contains the code and initial data of the program itself, and the actual state at the current point in time for the current execution. That is the memory map and the associated memory (check /proc/pid/maps), but also the program counter, the processor registers, the stack, and finally the current root directory, the current directory, environment variables and the open files, plus a few other things (in modern Linux for example, we find the processes cgroups and namespace relationships, and so on - things became a lot more complicated since 1979).\nIn Unix processes and programs are two different and independent things. You can run a program more than once, concurrently. For example, you can run two instances of the vi editor, which edit two different texts. Program and initial data are the same: it is the same editor. But the state inside the processes is different: the text, the insert mode, cursor position and so on differ. From a programmers point of view, \u0026ldquo;the code is the same, but the variable values are differing\u0026rdquo;.\nA process can run more than one program: The currently running program is throwing itself away, but asks that the operating system loads a different program into the same process. The new program will inherit some reused process state, such as current directories, file handles, privileges and so on.\nAll of that is done in original Unix, at the system level, with only four syscalls:\nfork() exec() wait() exit() Usermode and Kernel Context switching: Process 1 is running for a bit, but at (1) the kernel interrupts the execution and switches to process 2. Some time later, process 2 is frozen, and we context switch back to where we left off with (1), and so on. For each process, this seems to be seamless, but it happens in intervals that are not continous.\nWhenever a Unix process does a system call (and at some other opportunities) the current process leaves the user context and the operating system code is being activated. This is privileged kernel code, and the activation is not quite a subroutine call, because not only is privileged mode activated, but also a kernel stack is being used and the CPU registers of the user process are saved.\nFrom the point of view of the kernel function, the user process that has called us is inert data and can be manipulated at will.\nThe kernel will then execute the system call on behalf of the user program, and then will try to exit the kernel. The typical way to leave the kernel is through the scheduler.\nThe scheduler will review the process list and current situation. It will then decide into which of all the different userland processes to exit. It will restore the chosen processes registers, then return into this processes context, using this processes stack. The chosen process may or may not be the one that made the system call.\nIn short: Whenever you make a system call, you may (or may not) lose the CPU to another process.\nThat\u0026rsquo;s not too bad, because this other process at some point has to give up the CPU and the kernel will then return into our process as if nothing happened.\nOur program is not being executed linearly, but in a sequence of subjectively linear segments, with breaks inbetween. During these breaks the CPU is working on segments of other processes that are also runnable.\nfork() and exit() In traditional Unix the only way to create a process is using the fork() system call. The new process gets a copy of the current program, but new process id (pid). The process id of the parent process (the process that called fork()) is registered as the new processes parent pid (ppid) to build a process tree.\nIn the parent process, fork() returns and delivers the new processes pid as a result.\nThe new process also returns from the fork() system call (because that is when the copy was made), but the result of the fork() is 0.\nSo fork() is a special system call. You call it once, but the function returns twice: Once in the parent, and once in the child process. fork() increases the number of processes in the system by one.\nEvery Unix process always starts their existence by returning from a fork() system call with a 0 result, running the same program as the parent process. They can have different fates because the result of the fork() system call is different in the parent and child incarnation, and that can drive execution down different if() branches.\nIn Code:\n#include \u0026lt;stdio.h\u0026gt; #include \u0026lt;unistd.h\u0026gt; #include \u0026lt;stdlib.h\u0026gt; main(void) { pid_t pid = 0; pid = fork(); if (pid == 0) { printf(\u0026#34;I am the child.\\n\u0026#34;); } if (pid \u0026gt; 0) { printf(\u0026#34;I am the parent, the child is %d.\\n\u0026#34;, pid); } if (pid \u0026lt; 0) { perror(\u0026#34;In fork():\u0026#34;); } exit(0); } Running this, we get:\nkris@linux:/tmp/kris\u0026gt; make probe1 cc probe1.c -o probe1 kris@linux:/tmp/kris\u0026gt; ./probe1 I am the child. I am the parent, the child is 16959. We are defining a variable pid of the type pid_t.\nThis variable saves the fork() result, and using it we activate one (\u0026ldquo;I am the child.\u0026rdquo;) or the other (\u0026ldquo;I am the parent\u0026rdquo;) branch of an if().\nRunning the program we get two result lines. Since we have only one variable, and this variable can have only one state, an instance of the program can only be in either one or the other branch of the code. Since we see two lines of output, two instances of the program with different values for pid must have been running.\nIf we called getpid() and printed the result we could prove this by showing two different pids (change the program to do this as an exercise!).\nThe fork() system call is entered once, but left twice, and increments the number of processes in the system by one. After finishing our program the number of processes in the system is as large as before. That means there must be another system call which decrements the number of system calls.\nThis system call is exit().\nexit() is a system call you enter once and never leave. It decrements the number of processes in the system by one.\nexit() also accepts an exit status as a parameter, which the parent process can receive (or even has to receive), and which communicates the fate of the child to the parent.\nIn our example, all variants of the program call exit() - we are calling exit() in the child process, but also in the parent process. That means we terminate two processes. We can only do this, because even the parent process is a child, and in fact, a child of our shell.\nThe shell does exactly the same thing we are doing:\nbash (16957) --- calls fork() ---\u0026gt; bash (16958) --- becomes ---\u0026gt; probe1 (16958) probe1 (16958) --- calls fork() ---\u0026gt; probe1 (16959) --\u0026gt; exit() | +---\u0026gt; exit() exit() closes all files and sockets, frees all memory and then terminates the process. The parameter of exit() is the only thing that survives and is handed over to the parent process.\nwait() Our child process ends with an exit(0). The 0 is the exit status of our program and can be shipped. We need to make the parent process pick up this value and we need a new system call for this.\nThis system call is wait().\nIn Code:\n#include \u0026lt;stdio.h\u0026gt; #include \u0026lt;unistd.h\u0026gt; #include \u0026lt;stdlib.h\u0026gt; #include \u0026lt;sys/types.h\u0026gt; #include \u0026lt;sys/wait.h\u0026gt; main(void) { pid_t pid = 0; int status; pid = fork(); if (pid == 0) { printf(\u0026#34;I am the child.\\n\u0026#34;); sleep(10); printf(\u0026#34;I am the child, 10 seconds later.\\n\u0026#34;); } if (pid \u0026gt; 0) { printf(\u0026#34;I am the parent, the child is %d.\\n\u0026#34;, pid); pid = wait(\u0026amp;status); printf(\u0026#34;End of process %d: \u0026#34;, pid); if (WIFEXITED(status)) { printf(\u0026#34;The process ended with exit(%d).\\n\u0026#34;, WEXITSTATUS(status)); } if (WIFSIGNALED(status)) { printf(\u0026#34;The process ended with kill -%d.\\n\u0026#34;, WTERMSIG(status)); } } if (pid \u0026lt; 0) { perror(\u0026#34;In fork():\u0026#34;); } exit(0); } And the runtime protocol:\nkris@linux:/tmp/kris\u0026gt; make probe2 cc probe2.c -o probe2 kris@linux:/tmp/kris\u0026gt; ./probe2 I am the child. I am the parent, the child is 17399. I am the child, 10 seconds later. End of process 17399: The process ended with exit(0). The variable status is passed to the system call wait() as a reference parameter, and will be overwritten by it. The value is a bitfield, containing the exit status and additional reasons explaining how the program ended. To decode this, C offers a number of macros with predicates such as WIFEXITED() or WIFSIGNALED(). We also get extractors, such as WEXITSTATUS() and WTERMSIG(). wait() also returns the pid of the process that terminated, as a function result.\nwait() stops execution of the parent process until either a signal arrives or a child process terminates. You can arrange for a SIGALARM to be sent to you in order to time bound the wait().\nThe init program, and Zombies The program init with the pid 1 will do basically nothing but calling wait(): It waits for terminating processes and polls their exit status, only to throw it away. It also reads /etc/inittab and starts the programs configured there. When something from inittab terminates and is set to respawn, it will be restarted by init.\nWhen a child process terminates while the parent process is not (yet) waiting for the exit status, exit() will still free all memory, file handles and so on, but the struct task (basically the ps entry) cannot be thrown away. It may be that the parent process at some point in time arrives at a wait() and then we have to have the exit status, which is stored in a field in the struct task, so we need to retain it.\nAnd while the child process is dead already, the process list entry cannot die because the exit status has not yet been polled by the parent. Unix calls such processes without memory or other resouces associated Zombies. Zombies are visible in the process list when a process generator (a forking process) is faulty and does not wait() properly. They do not take up memory or any other resouces but the bytes that make up their struct task.\nThe other case can happen, too: The parent process exits while the child moves on. The kernel will set the ppid of such children with dead parents to the constant value 1, or in other words: init inherits orphaned processes.\nWhen the child terminates, init will wait() for the exit status of the child, because that\u0026rsquo;s what init does. No Zombies in this case.\nWhen we observe the number of processes in the system to be largely constant over time, then the number of calls to fork(), exit() and wait() have to balanced. This is, because for each fork() there will be an exit() to match and for each exit() there must be a wait() somewhere.\nIn reality, and in modern systems, the situation is a bit more complicated, but the original idea is as simple as this. We have a clean fork-exit-wait triangle that describes all processes.\nexec() So while fork() makes processes, exec() loads programs into processes that already exist.\nIn Code:\n#include \u0026lt;stdio.h\u0026gt; #include \u0026lt;unistd.h\u0026gt; #include \u0026lt;stdlib.h\u0026gt; #include \u0026lt;sys/types.h\u0026gt; #include \u0026lt;sys/wait.h\u0026gt; main(void) { pid_t pid = 0; int status; pid = fork(); if (pid == 0) { printf(\u0026#34;I am the child.\\n\u0026#34;); execl(\u0026#34;/bin/ls\u0026#34;, \u0026#34;ls\u0026#34;, \u0026#34;-l\u0026#34;, \u0026#34;/tmp/kris\u0026#34;, (char *) 0); perror(\u0026#34;In exec(): \u0026#34;); } if (pid \u0026gt; 0) { printf(\u0026#34;I am the parent, and the child is %d.\\n\u0026#34;, pid); pid = wait(\u0026amp;status); printf(\u0026#34;End of process %d: \u0026#34;, pid); if (WIFEXITED(status)) { printf(\u0026#34;The process ended with exit(%d).\\n\u0026#34;, WEXITSTATUS(status)); } if (WIFSIGNALED(status)) { printf(\u0026#34;The process ended with kill -%d.\\n\u0026#34;, WTERMSIG(status)); } } if (pid \u0026lt; 0) { perror(\u0026#34;In fork():\u0026#34;); } exit(0); } The runtime protocol:\nkris@linux:/tmp/kris\u0026gt; make probe3 cc probe3.c -o probe3 kris@linux:/tmp/kris\u0026gt; ./probe3 I am the child. I am the parent, the child is 17690. total 36 -rwxr-xr-x 1 kris users 6984 2007-01-05 13:29 probe1 -rw-r--r-- 1 kris users 303 2007-01-05 13:36 probe1.c -rwxr-xr-x 1 kris users 7489 2007-01-05 13:37 probe2 -rw-r--r-- 1 kris users 719 2007-01-05 13:40 probe2.c -rwxr-xr-x 1 kris users 7513 2007-01-05 13:42 probe3 -rw-r--r-- 1 kris users 728 2007-01-05 13:42 probe3.c End of process 17690: The process ended with exit(0). Here the code of probe3 is thrown away in the child process (the perror(\u0026quot;In exec():\u0026quot;) is not reached). Instead the running program is being replaced by the given call to ls.\nFrom the protocol we can see the parent instance of probe3 waits for the exit(). Since the perror() after the execl()is never executed, it cannot be an exit() in our code. In fact, ls ends the process we made with an exit() and that is what we receive our exit status from in our parent processes wait() call.\nThe same, as a Shellscript The examples above have been written in C. We can do the same, in bash:\nkris@linux:/tmp/kris\u0026gt; cat probe1.sh #! /bin/bash -- echo \u0026#34;Starting child:\u0026#34; sleep 10 \u0026amp; echo \u0026#34;The child is $!\u0026#34; echo \u0026#34;The parent is $$\u0026#34; echo \u0026#34;$(date): Parent waits.\u0026#34; wait echo \u0026#34;The child $! has the exit status $?\u0026#34; echo \u0026#34;$(date): Parent woke up.\u0026#34; kris@linux:/tmp/kris\u0026gt; ./probe1.sh Starting child: The child is 18071 The parent is 18070 Fri Jan 5 13:49:56 CET 2007: Parent waits. The child 18071 has the exit status 0 Fri Jan 5 13:50:06 CET 2007: Parent woke up. The actual bash We can also trace the shell while it executes a single command. The information from above should allow us to understand what goes on, and see how the shell actually works.\nkris@linux:~\u0026gt; strace -f -e execve,clone,fork,waitpid bash kris@linux:~\u0026gt; ls clone(Process 30048 attached child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7dab6f8) = 30048 [pid 30025] waitpid(-1, Process 30025 suspended \u0026lt;unfinished ...\u0026gt; [pid 30048] execve(\u0026#34;/bin/ls\u0026#34;, [\u0026#34;/bin/ls\u0026#34;, \u0026#34;-N\u0026#34;, \u0026#34;--color=tty\u0026#34;, \u0026#34;-T\u0026#34;, \u0026#34;0\u0026#34;], [/* 107 vars */]) = 0 ... Process 30025 resumed Process 30048 detached \u0026lt;... waitpid resumed\u0026gt; [{WIFEXITED(s) \u0026amp;\u0026amp; WEXITSTATUS(s) == 0}], WSTOPPED WCONTINUED) = 30048 --- SIGCHLD (Child exited) @ 0 (0) --- ... Linux uses a generalization of the original Unix fork(), named clone(), to create child processes. That is why we do not see fork() in a Linux system to create a child process, but a clone() call with some parameters.\nLinux also uses a specialized variant of wait(), called waitpid(), to wait for a specific pid.\nLinux finally uses the exec() variant execve() to load programs, but that is just shuffling the paramters around. At the end of ls (PID 30048) the process 30025 will wake up from the wait() and continue.\nOriginal Code, what Windows does, and what Microsoft thinks about Linux This text is based on a USENET article I wrote a long time ago.\nHere is the original C-code of the original sh from 1979, with the fork() system call. Search for case TFORK:.\nAlso, check out the programming style of Mr. Bourne - this is C, even if it does not look like it.\nThe original 2007 blog article , has a followup article on Windows CreateProcess() , which has not been translated.\nWhen implementing fork() in Windows as part of the WSL 1, Microsoft ran into a lot of problems with the syscall, and wrote an article about how they hate it, and why they think their CreateProcessEx() (in Unix: spawn()) would be better. The PDF makes a number of good points, but is still wrong. :-)\n","date":"2020-12-28T00:00:00Z","href":"https://blog.koehntopp.info/2020/12/28/fork-exec-wait-and-exit.html","tags":["linux","erklaerbaer","computer","lang_en"],"title":"fork, exec, wait and exit"},{"categories":null,"content":"Olya Kudriavtseva has an ugly Christmas sweater :\nHe\u0026rsquo;s making a table. He\u0026rsquo;s sorting it twice. SELECT * FROM contacts WHERE behavior = \u0026ldquo;nice\u0026rdquo;; SQL Clause is coming town! (buy here )\nKatie Bauer observes :\nI mean, except for the fact that sorting something twice is TERRIBLY optimized\nSo how bad is this? Let\u0026rsquo;s find out.\nSome test data We are defining a table santa, where we store peoples names (GDPR, EU Regulation 2016/679 applies!), their behavior (naughty or nice), their age, their location, and their wishlist items.\ncreate table santa ( id integer not null primary key auto_increment, name varchar(64) not null, loc point srid 0 not null, age integer not null, behavior enum(\u0026#39;naughty\u0026#39;, \u0026#39;nice\u0026#39;) not null, wish varchar(64) not null ) We are also writing some code to generate data (to evade GDPR, we are using randomly generated test data):\nfor i in range(1, size): data = { \u0026#34;id\u0026#34;: i, \u0026#34;name\u0026#34;: \u0026#34;\u0026#34;.join([chr(randint(97, 97 + 26)) for x in range(64)]), \u0026#34;xloc\u0026#34;: random()*360-180, \u0026#34;yloc\u0026#34;: random()*180-90, \u0026#34;age\u0026#34;: randint(1, 100), \u0026#34;behavior\u0026#34;: \u0026#34;naughty\u0026#34; if random() \u0026gt; nicelevel else \u0026#34;nice\u0026#34;, \u0026#34;wish\u0026#34;: \u0026#34;\u0026#34;.join([chr(randint(97, 97 + 26)) for x in range(64)]), } c.execute(sql, data) if i%1000 == 0: print(f\u0026#34;{i=}\u0026#34;) db.commit() db.commit() The full data generator is available as santa.py . Note that the data generator there defines more indexes - see below.\nIn our example we generate one million rows, and assume a general niceness of 0.9 (90% of the children are nice). Also, all of our children have 64 characters long names, a single 64 characters long wish, a random age, and are equidistributed on a perfect sphere.\nOur real planet is not a perfect sphere, and also not many people live in the Pacific Ocean. Also, not many children have 64 character names.\nSorting it twice How do you even sort the data twice? Now, assuming we sort by name, we can run an increasingly deeply nested subquery:\nkris@localhost [kris]\u0026gt; select count(*) from santa where behavior = \u0026#39;nice\u0026#39;; +----------+ | count(*) | +----------+ | 900216 | +----------+ 1 row in set (0.25 sec) kris@localhost [kris]\u0026gt; explain select count(*) from santa where behavior = \u0026#39;nice\u0026#39;\\G *************************** 1. row *************************** id: 1 select_type: SIMPLE table: santa partitions: NULL type: ALL possible_keys: NULL key: NULL key_len: NULL ref: NULL rows: 987876 filtered: 50.00 Extra: Using where 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select count(0) AS `count(*)` from `kris`.`santa` where (`kris`.`santa`.`behavior` = \u0026#39;nice\u0026#39;) Out of 1 million children, we have around 900k nice children. No indexes can be used to resolve the query.\nLet\u0026rsquo;s order by name, using a subquery:\nkris@localhost [kris]\u0026gt; explain -\u0026gt; select t.name from ( -\u0026gt; select * from santa where behavior = \u0026#39;nice\u0026#39; -\u0026gt; ) as t order by name; +----+-------------+-------+------------+------+---------------+------+---------+------+--------+----------+-----------------------------+ | id | select_type | table | partitions | type | possible_keys | key | key_len | ref | rows | filtered | Extra | +----+-------------+-------+------------+------+---------------+------+---------+------+--------+----------+-----------------------------+ | 1 | SIMPLE | santa | NULL | ALL | NULL | NULL | NULL | NULL | 987876 | 50.00 | Using where; Using filesort | +----+-------------+-------+------------+------+---------------+------+---------+------+--------+----------+-----------------------------+ 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select `kris`.`santa`.`name` AS `name` from `kris`.`santa` where (`kris`.`santa`.`behavior` = \u0026#39;nice\u0026#39;) order by `kris`.`santa`.`name` We can already see that the MySQL 8 optimizer recognizes that this subquery can be merged with the inner query, and does this.\nThis can be done multiple times, but the optimizer handles this just fine:\nkris@localhost [kris]\u0026gt; explain -\u0026gt; select s.name from ( -\u0026gt; select t.name from ( -\u0026gt; select * from santa where behavior = \u0026#39;nice\u0026#39; -\u0026gt; ) as t order by name -\u0026gt; ) as s order by name; +----+-------------+-------+------------+------+---------------+------+---------+------+--------+----------+-----------------------------+ | id | select_type | table | partitions | type | possible_keys | key | key_len | ref | rows | filtered | Extra | +----+-------------+-------+------------+------+---------------+------+---------+------+--------+----------+-----------------------------+ | 1 | SIMPLE | santa | NULL | ALL | NULL | NULL | NULL | NULL | 987876 | 50.00 | Using where; Using filesort | +----+-------------+-------+------------+------+---------------+------+---------+------+--------+----------+-----------------------------+ 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select `kris`.`santa`.`name` AS `name` from `kris`.`santa` where (`kris`.`santa`.`behavior` = \u0026#39;nice\u0026#39;) order by `kris`.`santa`.`name` We can see using filesort, so while we ask for the query result to be sorted by name twice, it is actually only sorted once.\nNo sorting at all We can improve on this, using a covering index in appropriate order:\nkris@localhost [kris]\u0026gt; alter table santa add index behavior_name (behavior, name); Query OK, 0 rows affected (21.82 sec) Records: 0 Duplicates: 0 Warnings: 0 Having done this, we now see that we lost the using filesort altogether:\nkris@localhost [kris]\u0026gt; explain select s.name from ( select t.name from (select * from santa where behavior = \u0026#39;nice\u0026#39;) as t order by name ) as s order by name; +----+-------------+-------+------------+------+---------------+---------------+---------+-------+--------+----------+--------------------------+ | id | select_type | table | partitions | type | possible_keys | key | key_len | ref | rows | filtered | Extra | +----+-------------+-------+------------+------+---------------+---------------+---------+-------+--------+----------+--------------------------+ | 1 | SIMPLE | santa | NULL | ref | behavior_name | behavior_name | 1 | const | 493938 | 100.00 | Using where; Using index | +----+-------------+-------+------------+------+---------------+---------------+---------+-------+--------+----------+--------------------------+ 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select `kris`.`santa`.`name` AS `name` from `kris`.`santa` where (`kris`.`santa`.`behavior` = \u0026#39;nice\u0026#39;) order by `kris`.`santa`.`name` The query is now annotated using index, which means that all data we ask for is present in the (covering) index behavior_name, and is stored in sort order. That means the data is physically stored and read in sort order and no actual sorting has to be done on read - despite us asking for sorting, twice.\nHidden \u0026lsquo;SELECT *\u0026rsquo; and Index Condition Pushdown In the example above, we have been asking for s.name and t.name only, and because the name is part of the index, using index is shown to indicate use of a covering index. We do not actually go to the table to generate the result set, we are using the index only.\nNow, if we were to ask for t.* in the middle subquery, what will happen?\nkris@localhost [kris]\u0026gt; explain -\u0026gt; select s.name from ( -\u0026gt; select * from ( -\u0026gt; select * from santa where behavior = \u0026#39;nice\u0026#39; -\u0026gt; ) as t order by name -\u0026gt; ) as s order by name; +----+-------------+-------+------------+------+---------------+---------------+---------+-------+--------+----------+-----------------------+ | id | select_type | table | partitions | type | possible_keys | key | key_len | ref | rows | filtered | Extra | +----+-------------+-------+------------+------+---------------+---------------+---------+-------+--------+----------+-----------------------+ | 1 | SIMPLE | santa | NULL | ref | behavior_name | behavior_name | 1 | const | 493938 | 100.00 | Using index condition | +----+-------------+-------+------------+------+---------------+---------------+---------+-------+--------+----------+-----------------------+ 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select `kris`.`santa`.`name` AS `name` from `kris`.`santa` where (`kris`.`santa`.`behavior` = \u0026#39;nice\u0026#39;) order by `kris`.`santa`.`name` In the Code 1003 Note we still see the exact same reconstituted query, but as can be seen in the plan annotations, the internal handling changes - so the optimizer has not been working on this query at all times, but on some intermediary representation.\nThe \u0026lsquo;using index condition\u0026rsquo; annotation points to Index Condition Pushdown Optimization being used. In our example, this is not good.\nWorse than sorting: Selectivity The column we select on is a column with a cardinality of 2: behavior can be either naughty or nice. That means, in an equidistribution, around half of the values are naughty, the other half is nice.\nData from disk is read in pages of 16 KB. If one row in a page matches, the entire page has to be read from disk. In our example, we have a row length of around 200 Byte, so we end up with 75-80 records per page. Half of them will be nice, so with an average of around 40 nice records per page, we will very likely have to read all pages from disk anyway.\nUsing the index will not decrease the amount of data read from disk at all. In fact, we will have to read the index pages on top of the data pages, so using an index on a low cardinality column has the potential of making the situation slightly worse than even a full table scan.\nGenerally speaking, defining an index on a low cardinality column is usually not helpful - if there are 10 or fewer values, benchmark carefully and decide, or just don\u0026rsquo;t define an index.\nIn our case, the index is not even equidistributed, but biased to 90% nice. We end up with mostly nice records, so we can guarantee that all data pages will be read for the SQL SELECT * FROM santa WHERE behavior = \u0026quot;nice\u0026quot;, and the index usage will not be contributing in any positive way.\nWe could try to improve the query by adding conditions to make it more selective. For example, we could ask for people close to our current position, using an RTREE index such as this:\nkris@localhost [kris]\u0026gt; ALTER TABLE santa ADD SPATIAL INDEX (loc); ... kris@localhost [kris]\u0026gt; set @rect = \u0026#39;polygon((10 10, 10 20, 20 20, 20 10, 10 10 ))\u0026#39;; kris@localhost [kris]\u0026gt; select * from santa where mbrcovers(st_geomfromtext(@rect), loc); ... 1535 rows in set (3.53 sec) The ALTER defines a spatial index (an RTREE), which can help to speed up coordinate queries.\nThe SET defines a coordinate rectangle around our current position (supposedly 15/15).\nWe then use the mbrcovers() function to find all points loc that are covered by the @rect. It seems to be somewhat complicated to get MySQL to actually use the index, but I have not been investigating deeply.\nIf we added an ORDER BY name here, we would see using filesort again, because data is retrieved in RTREE order, if the index loc is used, but we want output in name order.\nConclusion The Santa query is inefficient, but likely sorting twice is not the root cause for that. The optimizer will be able to merge the multiple sorts and be able to deliver the result with one or no sorting, depending on our index construction. The optimizer is not using the reconstituted query shown in the warning to plan the execution, and that is weird. Selectivity matters, especially for indices on low cardinality columns. Asking for all nice behaviors on a naughty/nice column is usually not benefiting from index usage. Additional indexable conditions that improve selectivity can help, a lot. ","date":"2020-12-26T00:00:00Z","href":"https://blog.koehntopp.info/2020/12/26/sql-clause-is-coming-to-town.html","tags":["lang_en","mysqldev","mysql"],"title":"SQL Clause is coming to town"},{"categories":null,"content":"Kalenderwoche 51/2020: Lockdown mit Schulschließungen. Nachdem es im März schon einmal Schulschließungen wegen Corona gab, und dort die Defizite technischer und organisatorischer Natur offenbar wurden, hat man in Deutschland die Zeit genutzt und sich auf die vorhergesagte 2. Welle vorbereitet, die jetzt genau eingetroffen ist. Deutschland ist schließlich nicht nur das Land der Dichter und Denker, sondern auch ein Land der Ingenieure und Tüftler, und bekannt für seine funktionierende und effiziente Bürokratie.\nOder?\nDie bayrische Plattform mebis bricht unter dem Ansturm zusammen . Angeblich ist es DDoS, wahrscheinlicher sind es einfach User. Auch LernSax in Sachsen leidet unter bösen Hackern . Vermutlich sind es auch hier User. Unterdessen bricht auch in MVP die itslearning-Instanz zusammen In NRW hat man ebenfalls Probleme und begrenzt die Teilnehmerzahl auf 80 pro Schule (zusammengetragen von @union_watch )\nDazu ein paar Anmerkungen:\nZwei IP-Adressen, beliebig viele Server Es ist mehr als ein Paar Frontend-Server . Die angegebenen IPv4-Adressen 104.16.101.21 und 104.16.102.21 gehören zu Cloudflare:\n$ whois 104.16.101.21 ... NetRange: 104.16.0.0 - 104.31.255.255 CIDR: 104.16.0.0/12 NetName: CLOUDFLARENET NetHandle: NET-104-16-0-0-1 Parent: NET104 (NET-104-0-0-0-0) NetType: Direct Assignment OriginAS: AS13335 Organization: Cloudflare, Inc. (CLOUD14) RegDate: 2014-03-28 Updated: 2017-02-17 Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse Ref: https://rdap.arin.net/registry/ip/104.16.0.0 ... Cloudflare ist ein Betreiber eines CDN (Content Delivery Networks), das Frontend-Dienste mit DDoS-Schutz für alles und jeden anbietet. Cloudflare arbeitet mit DNS basierendem Global Loadbalancing oder mit TCP Anycast . Auf diese Weise kann entweder derselbe DNS-Name oder gar dieselbe IPv4-Adresse zu dem Server aufgelöst werden, der dem Verbindung Suchenden am nächsten liegt. Das Maß \u0026ldquo;am Nächsten\u0026rdquo; ist dabei meist auf der Netzwerk-Topologie definiert, also \u0026ldquo;mit den wenigsten Hops\u0026rdquo; oder \u0026ldquo;mit der geringsten Zugriffsverzögerung (Latenz)\u0026rdquo;, und das muß nicht unbedingt der geographisch am nächsten liegende Server sein.\nHinter dem Loadbalancer liegen also nicht nur mehr als zwei Server, sondern möglicherweise sogar mehr als ein Standort. Es ist die Dienstleistung und das Geschäft von Cloudflare, schlechte (DDoS) von guten Verbindungen zu trennen, und für die guten Verbindungen den netztopologisch am günstigsten gelegenen Server zu verbinden.\nDie Nutzung von Cloudflare macht natürlich auch die Erklärung \u0026ldquo;es ist ein DDoS\u0026rdquo; oder \u0026ldquo;es sind Hacker\u0026rdquo; weniger glaubwürdig. Cloudflares Geschäft ist es, so etwas auszusortieren. Ein paar Schüler, die keinen Bock auf Fernunterricht haben und die deswegen rum kaspern holen Cloudflare im Mittel eher nicht runter.\nServerzahlen und Größen Mebis hatte mal ganze sechs, mittlerweile 28 Server, um 1.7 Millionen Schüler:innen multimediale Lerninhalte zu übermitteln Das muß nichts schlimmes heißen. Insbesondere dann nicht, wenn man ein CDN wie Cloudflare davor schaltet.\nDisclaimer: Ich kenne das Design von mebis nicht. Ich kenne aber Anwendungen von Cloudflare in anderen Kontexten.\nDie Server selbst führen die Anwendung aus. Die Anwendung generiert in der Regel das HTML der Basisseite, und dort drin sind dann die Seiten-Elemente enthalten - also Grafiken, Filme, Zeichensätze, CSS und was sonst noch so von einer Webseite nachgeladen wird, damit sie bunt ist. Dieses HTML ist oft nicht statisch, sondern wird dynamisch unterschiedlich für jeden User generiert.\nEin CDN wie Cloudflare cached in der Regel die statischen Seitenelemente, und verbreitet sie aktiv im Content Delivery Network zu den Edges. Also zu den Servern, die möglichst dicht am User stehen und die dann zum Enduser ausliefern. Medieninhalte wie Filme, Bilder und andere große statische Dinge sind also idealerweise gar nicht auf den Servern von Mebis enthalten, oder werden jedenfalls nicht von Mebis direkt an den Enduser ausgeliefert, sondern werden vom CDN abgefangen und dort abgehandelt - darum will man so etwas ja genau haben.\nDie eigenen Server generieren dann nur das dynamische HTML, benutzerspezifisch, das dann die ganzen großen, statischen Elemente referenziert, die von Cloudflare geliefert werden. Auf diese Weise braucht man am eigenen Server sehr viel weniger Bandbreite und Leistung.\nSind 28 Server viel oder wenig? 1.7 Millionen Schüler auf 28 Servern sind etwa 60k User pro Server. Ich kenne den Footprint von Mebis oder itslearning nicht, aber das ist für eine moderne Maschine möglicherweise nicht zu viel. Ein moderner Server kann alles von einer 3000-Euro-Blade mit zwei Xeon 4110 , 128 GB RAM und einem 10 GBit/s Netzwerkinterface sein, bis hin zu einer Dual EPYC 7502 mit 4TB RAM und mehreren 100 GBit/s Netzwerkkarten.\nZum Vergleich: Eine Freemail-Datenbank von web.de im Jahre 2004 (eine HP DL380 G3 oder vergleichbar, mit zwei frühen Xeon CPUs ) hat die Daten von circa einer Million Freemail-Kunden erfolgreich verwaltet. Jede von denen wurde mit einer Hand voll Frontend-Servern zusammen zu einem Cluster verpaart und hat dann fröhlich eine Million User verarbeitet (bei 25m Usern insgesamt und 8-9m unique Logins am Tag, damals). Nun ist Webmail unter Umständen eine kleinere Hausnummer als ein multimediales Lernsystem, aber wir haben seit 2004 auch ein paar Fortschritte bei der Systemleistung gemacht, wie oben dargestellt.\n28 Server ist also nicht vollkommen unrealistisch, je nachdem was die Anforderungen sind und was genau man dahinter stellt.\nEs erscheint wenig, wenn man auf AWS VM-Serverhäppchen groß geworden ist und nie einen richten Baremetal-Server ganz für sich allein gehabt hat. Aber man sollte dabei auch bedenken, daß wir den ganzen Quatsch mit Virtualisierung oder Kubernetes ja genau deswegen machen, weil die meisten Anwendungen nicht in der Lage sind, selbst eine kleine Maschine wie die o.a. 3000-Euro-Blade voll zu machen.\nUnd selbst wenn, wollte man das eventuell nicht, sondern die Anwendung stattdessen in drei oder mehr Instanzen aufteilen, die auf drei bis fünf Drittelservern laufen, der Ausfallsicherheit wegen.\nIst das alles teuer? Hardware ist übrigens unglaublich billig. Eine 3000 Euro-Blade braucht im Laufe ihres fünfjährigen Serverlebens (bei drei Jahren Abschreibungszeitraum) Strom, Klima und Rechenzentrumskosten für noch einmal ca. 3000 Euro, und ein wenig Kosten für Netz. Man landet bei 60 Monaten bei Serverkosten von bummelig 120-150 Euro pro Monat.\nZum Vergleich: Die o.a. Blade ist in etwa eine AWS EC2 m5.5xlarge, wenn es sie gäbe. Eine m5.4xlarge entspricht etwa einer halben solchen Blade und die kostet in Frankfurt on-demand ohne Rabatte (30 x 24 x 0.92 USD) = 662.40 USD ohne weitere Nebenkosten (Netz, EBS oder was man sonst noch braucht), also 1324.80 USD like-for-like.\nNiemand macht Cloud weil es billiger ist, im Gegenteil - man kann mit Mehrkosten von ca. 10x unrabattiert gegenüber einem effizient organisierten eigenen Rechenzentrum rechnen - falls man die Leute hat, und falls man die notwendige Größe hat, um sich so etwas leisten zu wollen. Unter 10k Servern (ca. 2+ Megawatt Stromverbrauch) würde ich aber eventuell gar nicht mal darüber nachdenken wollen.\nWieso fallen die Plattformen dann alle um? Das Bundesland Berlin hat nach dem Statistikserver des Landes circa 365k Schüler und noch einmal 87k Berufsschüler.\nDas braucht nicht nur eine gewisse Menge an Bandbreite, Speicher und Datenbank, um so viele Kunden abzufackeln, sondern auch ein getestetes und eingespieltes Systemdesign, das auf die Größe zugeschnitten sein muß.\nDazu machen es sich Schulen notlos schwer, falls sie weiter Frontalunterricht im Internet simulieren und insbesondere Unterrichtsbeginn und Login landesweit minutengenau synchronisieren. Das wäre, wenn man es so machte, ein selbst organisierter und durch ein Ministerium verordneter Eigen-DDoS. Mit dem Gong drücken alle Return und die Server fallen um.\nWie sich web.de mal selbst mit Userlogins ge-DoS-t hat Auch hier wieder eine 15 Jahre alte Geschichte von web.de:\nDie oben erwähnten Freemail-Datenbanken (25 davon in 25 Clustern) haben ein zentrales Gegenstück, die User-Datenbank. Dort sind alle 25 Millionen Freemail-User (und die zahlenden web.de Club User) verzeichnet. Der Stammdatensatz ist bummelig 1 KB groß und enthielt einen Haufen Felder, die sich nur sehr selten ändern.\nUnd er enthielt auch drei Lastlogin-Daten (web, IMAP und POP). Jedes dieser Felder ist ca. 4 Byte lang und sie stehen also an derselben Stelle in jedem User-Record, also etwa 1 KB weit auseinander. Die Datenbank hat Seiten von 8 KB Größe (es war damals ein rotes Oracle), es stehen also 6-8 User-Records in einer Datenbank-Seite.\nWenn sich jetzt also ein User anmeldet, dann wird dessen Record aktualisiert und eine Datenbankseite in der Datenbank ist \u0026ldquo;dirty\u0026rdquo; und muß irgendwann einmal zurück geschrieben werden. Falls sich in der Zeit bis zum Zurückschreiben noch ein User anmeldet, dann ist das gut, weil wir so zwei Updates zum Preis eines Writes bekommen.\nBei 8-9m Unique Logins pro Tag und einer Gleichverteilung der aktiven User über die Records kann man aber annehmen, daß alle Pages der Userdatenbank mindestens einmal am Tag zurück geschrieben werden müssen. Das war anstrengend für die Userdatenbank, hat aber unter normaler Last einigermaßen okay funktioniert.\nWenn es nun bei web.de zu irgendeiner Störung kam, dann kommt es dabei meist auch zu einem Verlust der Session-Caches mit den Login-Tokens und die User werden alle ausgeloggt.\nWas machen ausgeloggte User? Sie melden sich neu an.\nDabei werden die Lastlogind-Daten aller derzeit aktiven User aktualisiert und wir haben einige Millionen Logins in wenigen Minuten - und die User Datenbank macht dicke Backen und fällt um, weil sie es nicht schafft, so viele dirty pages in so kurzer Zeit zurück zu schreiben.\nJede beliebige Störung hatte also einen Ausfall der User Datenbank als Folgestörung, zwangsläufig.\nDas klingt so erzählt unmittelbar einleuchtend und ist auch leicht zu beheben, wenn man die Ursache identifiziert hat. Aber damals waren es mehrere Teams und einige Monate Arbeit, überhaupt zu verstehen, daß es sich um zwei Störungen handelt (die ursächliche Störung und den Folgefehler \u0026ldquo;UserDB überlastet\u0026rdquo;), und daß die 2. Störung immer dieselbe ist, egal was die ursächliche Störung war.\nDie Lösung ist übrigens recht einfach:\nMan zieht die volatilen Felder (die drei Lastlogin-Daten) aus den statischen Stammdaten raus und tut sie in eine einzelne Tabelle, die nur die User-ID und die drei Zeitstempel enthält. Das sind dann 25 Millionen Records von 16 Bytes plus Overhead, also eine Tabelle von 400-800 MB Größe statt vorher 25 Millionen Kilobyte, also 25 GB.\nMan hat also die Schreiblast für die Updates von 1024 Byte auf 16-32 Byte verkleinert, also um den Faktor 32-64 gesenkt. Das konnte die UserDB leicht abhandeln und das Problem trat nie wieder auf.\nWas hat das mit mebis und itslearning zu tun? Direkt nichts, aber es zeigt, daß die Skalierung von Anwendungen in der Regel nicht einfach mit \u0026ldquo;mehr Server\u0026rdquo; zu machen ist.\nSkalierung geht nicht allein am Reißbrett Eine Anwendung um den Faktor 10 zu skalieren heißt in der Regel, dieselben Deliverables mit einer komplett neu gemachten Architektur zu generieren. Ich habe in meinem Leben zwischen 1990 und 2005 viel Mail gemacht, für mich und meine Freundin (2), für einen kleinen Verein (20), für toppoint.de (200), für eine kleine Firma (2k), für Mobilcom.de (20k), ein Design für eine Ausschreibung bei hamburg.de (2m) und einige Jahre web.de (20m).\nDie Deliverables sind immer dieselben: SMTP, Antispam, Antivirus, Mailstore, IMAP, POP, Web, SMTP Auth+Submit. Die Architekturen und die Orgstrukturen unterscheiden sich in jeder dieser Ausbaustufen grundlegend, und das jeweils größere System wäre für den kleineren Fall heillos überdesigned, und das kleinere Design würde unter der Last des nächstgrößeren Anwendungsfalls zusammenbrechen oder zumindest sehr bedenklich knirschen und wackeln.\nWas genau die Knackpunkte sein werden sieht man aber vorher in der Regel nicht, sondern man muß es unter Last testen.\nSchlaue Leute gehen also nicht von Woche 50 mit 0 Usern auf Woche 51 mit 350k Usern. Das wird nirgendwo bei niemandem so reibungslos funktionieren.\nSchlaue Leute onboarden erst mal eine Gruppe freundliche Testkunden, bügeln die schlimmsten Probleme mit denen aus, dann ein mehrfaches dieser Gruppe in einem nächsten Schritt und so weiter. Dabei mit immer größeren Schritten und - wichtig - mit der Option innezuhalten und Dinge zu ändern, sobald sich Probleme und Engpässe manifestieren.\nDas geht natürlich nicht in einem Umfeld, das politisch Präsenzunterricht favorisiert und bei dem man die Technik nicht dauerhaft als lebenden Bestandteil in den normalen Unterricht integriert.\nSobald die Technik funktioniert beginnt die eigentliche Arbeit Zum Vergleich: Wo ich wohne ist die Schule meines Kindes (10) Bestandteil des Netzwerkes Jong Leren . Man verwendet Chromebooks mit Google Edu, und dazu kommen eine Reihe von externen Anwendungen, die sich gegen Edu authentisieren, aber unabhängig realisiert werden. Gynzy wird zum Beispiel verwendet, um Drillaufgaben zu automatisieren, also Rechnen, Kopfrechnen, Rechtschreibung und andere Dinge einzuüben, die auf Wiederholung basieren.\nIm März und auch jetzt wieder gab es deswegen keine großen Technikprobleme, sondern \u0026ldquo;nur\u0026rdquo; einen Haufen organisatorische Arbeit. Wir haben Glasfaser daheim (500 Mbit/500 MBit, feste IP, 63 Euro/mo) und die Schule hat natürlich auch eine angemessene Anbindung und managed Wi-Fi, damit die Chromebooks und elektronischen Wandtafeln stabil funktionieren.\nDie Server stehen natürlich nicht in der Schule, wo sie kaum stabil zu betreiben wären, sondern in einer Reihe von Clouds (Google und wo immer Gynzi und die anderen Anwendungen gehostet werden).\nEntsprechend beschränkte sich der technische Teil der Umstellung darauf, daß die Schule fragt, welche Schüler daheim keine angemessene Ausstattung haben und ob sie eventuell ein Chromebook nach Daheim mitnehmen müssen - wir nicht, das Kind hat sich auf seinem Notebook in Chrome vor langer Zeit schon eine Schul-Persona gemacht und wechselt zwischen seinen privaten Google-Accounts und seinem gemanagten Schulaccount frei hin und her.\nOrganisatorisch gab es eine Menge zu regeln und das war schwer genug - und Fernunterricht ist deutlich anders als Präsenzunterricht. In dieser 2. Runde haben sich die Jufen und Meester jetzt andere Dinge überlegt und es wird Arbeitsaufgaben zum Selbstabholen im Drive geben, zwei feste Walk-in Videosprechstunden für die Kinder und wahrscheinlich dann Termine nach Vereinbarung bei Fragen.\nWie neuer Stoff präsentiert werden wird weiß ich noch nicht, aber ich hoffe, daß man sich da an den einschlägigen Youtubern (Lehrer Schmidt , Max macht Musik und ähnliche) orientieren wird. Die Kinder werden also sehr viel freier und selbstständiger Stoff erarbeiten müssen, und bekommen dann hoffentlich gezielt und eher einzeln genau die Hilfe, die sie brauchen um weiter zu kommen. Es wird sich zeigen, wie sich das entwickelt und wie man von dort weiter iterieren wird.\nWie gesagt, die Umstellung bei uns ist kein technisches Problem, weil man die Technik sowieso schon seit Jahren jeden Tag verwendet. Das Problem ist eines einer komplett anderen Organisation und Unterrichtsmethodik (die sich bei jüngeren Kindern eventuell auch so nicht anwenden lässt), und die muß gefunden werden. Das ist auch ohne Technikprobleme nicht einfach.\nHätte man das nicht alles vermeiden können? Ja. Nein. Nein, eigentlich nicht.\nJa, klar, das ist alles nicht neu und nicht unerwartet. Andere Leute hatten diese Probleme schon und haben darüber geschrieben, viel und oft und mit hohem Detailgrad.\nNein, denn das sagt nichts, weil es nichts bedeutet. Ich habe anderswo einmal aufgeschrieben, wie mein Sohn das Wort \u0026ldquo;heiß\u0026rdquo; gelernt hat. Es war vor sieben Jahren, um die Weihnachtszeit, und sein drittes Wort. Er hat es gehört und nachgesprochen, aber es hat für ihn nichts bedeutet. Bis er in eine Kerze gefasst hat.\nIm Google SRE Buch ist ausführlich in mehr als einem Kapitel beschrieben, wie man Cubby/Zookeeper aufsetzt und nicht aufsetzt und warum man keinen globalen, firmenweiten Zookeeper haben kann oder will.\nWo ich arbeite haben wir gemeinsam und jeder für sich dieses Buch gelesen und verstanden (berührt die Stirn) und sind dann aus $GRÜNDEN trotzdem in so eine Situation geraten, mit den vorhersagbaren Resultaten. Wir wissen jetzt aus persönlicher Erfahrung (berührt Herz) wieso das keine Gute Idee war und warum man es anders haben will, und wir haben das verinnerlicht und machen das in Zukunft instinktiv (berührt Bauch) richtig.\nNein, eigentlich ließ sich das nicht vermeiden, denn Organisationen lernen so. Solche Fehlschläge sind auch wichtig, weil man jetzt gemeinsam geteilte Erfahrungen hat und auch aus der Krise weiß, welche Kollegen wie reagieren oder welche Kollegen schon vorher Ratschläge hatten, auf die man hätte hören sollen. Organisationen springen nicht, sie bewegen sich immer linear vorwärts, und das Beste was man erreichen kann ist ihr Gleiten umzulenken oder zu beschleunigen. \u0026ldquo;Sprunginnovationen\u0026rdquo; sind nie das Werk von größeren strukturierten Gruppen und Verwaltungen.\nJedenfalls glaube ich, daß jetzt in diversen Bundesländern auch Leute mit einem nassen Lappen neben anderen Leuten sitzen, die brennende Server haben löschen müssen. \u0026ldquo;Heiß!\u0026rdquo; sagen sie und deuten auf den Server. \u0026ldquo;Heiß!\u0026rdquo; sagen die Admins mit den verbrannten Fingern und nicken wissend.\nOder, wie Terry Pratchett sagt \u0026ldquo;Pan Narrans\u0026rdquo;, the story telling ape, instead of \u0026ldquo;Homo sapiens\u0026rdquo;, thinking man.\nTesting in Production Die beste Simulation von Schülerhordern auf einem Medienserver sind\u0026hellip; Schülerhorden auf einem Medienserver.\nDaher sollte man nicht nur graduell onboarden, sondern auch die Schülerhorden dann jeden Tag auf dem Server haben, und nicht nur wenn gerade Pandemie ist. Nur so kann man jeden Tag und nach jedem Upgrade und jedem Change wissen, daß man ein System hat, das funktioniert. Nur so kann man realistisch Kapazität messen. Und nur so kann man ein Team von Admins haben, das mit kleinen Störungen jeden Tag Erfahrungen gesammelt hat, daß große Störungen keine unerwartete Herausforderung mehr sind.\nTesting in Production und Testing with Production sorgt dafür, daß man Methoden und Architekturen entwickelt, die Survivability eingebaut haben, bei denen also die Struktur des Systems dafür sorgt, daß Fehler und Mißgeschicke sich auf eine Weise manifestieren, von der man sich erholen kann.\nIch bin nur froh, daß ich nicht die Person bin, die einer Öffentlichen Verwaltung beibringen muß so zu arbeiten, auch wenn ich glaube, daß es die einzige Arbeitsweise ist, die für so eine Problemstellung Erfolg haben kann\u0026hellip;\n","date":"2020-12-17T00:00:00Z","href":"https://blog.koehntopp.info/2020/12/17/der-testing-in-production-blues.html","tags":["lang_de","bildung","politik"],"title":"Der Testing-in-Production-Blues"},{"categories":null,"content":"So this happened: CentOS Project shifts focus to CentOS Stream The future of the CentOS Project is CentOS Stream, and over the next year we’ll be shifting focus from CentOS Linux, the rebuild of Red Hat Enterprise Linux (RHEL), to CentOS Stream, which tracks just ahead of a current RHEL release. CentOS Linux 8, as a rebuild of RHEL 8, will end at the end of 2021. CentOS Stream continues after that date, serving as the upstream (development) branch of Red Hat Enterprise Linux.\nAnd a lot of people react like this:\nOracle buys Sun: Solaris Unix, Sun servers/workstation, and MySQL went to /dev/null. IBM buys Red Hat: CentOS is going to \u0026gt;/dev/null. Note to self: If a big vendor such as Oracle, IBM, MS, and others buys your fav software, start the migration procedure ASAP. (Tweet )\nSo it seems my opinion is the unpopular one: CentOS switching to Stream is not bad at all.\nWhen you wanted to run Openstack on CentOS in 2015, you needed to enable RDO to even begin an install. The first thing this did was literally replace every single package in the install. That was, because CentOS at that time was literally making Debian Stale look young.\nAnd we see similar problems with Ubuntu LTS, for what it\u0026rsquo;s worth. Ubuntu LTS comes out every 2 years, and that\u0026rsquo;s kind of ok-ish, but it lasts 5 years, which is nonsensical. It was not, in the past.\nSo what changed? Software Development.\nWe have been moving to a platform based development approach, leveraging the wins from DevOps.\n\u0026ldquo;Kris, that\u0026rsquo;s corporate bullshit.\u0026rdquo; It\u0026rsquo;s not, though. Let me spell it out in plain for you.\nProgramming languages are platforms powered by tools People these days do not program in an editor, with a compiler.\nThey use Github or Gitlab, with many integrations, and a local IDE. They commit to a VCS (git, actually, the world converged on one single VCS), and trigger a bunch of things. Typechecks, Reformatters, Tests, but also Code Quality Metrics, and Security Scanners.\nEven starting a new programming language in 2020 is not as easy as it was in the past. Having a language is not enough, because you do not only need a language and maybe a standard library, but also a JetBrains Product supporting it, SonarQube support, XRay integration, gitlab-ci.yml examples and so on. Basically, there is a huge infrastructure system designed to support development and whatever you start needs to fit into it, right from the start.\nThat is, because we have come to rely on an entire ecosystem of tooling to make our developers faster, and to enforce uniform standards across the group. And that is a good thing, which can help us to become better programmers.\nGithub and Gitlab are tools for conversations about code among developers We also have come to rely on tooling to enable collaboration, and structured discussion about code, since we as programmers no longer work alone. A good part of the value of Gitlab, Github and similar is enabling useful cooperation between developers, in ways that Developers value.\nAnother good part of the value is extracted at the production end of these platforms: We produce artifacts of builds, automatically and in reproducible ways.\nWhich includes also knowing things about these artifacts - for example, what went into producing them and being able to report on these things:\nDependencies Licenses Versions Vulnerabilities Commit frequency and time to fix for each dependency, abandonware alert and many more things. Using the repositories and proper processes and one other ingredient, we have made rollouts and rollbacks an automated and uniform procedure. That is, provided we find a way to manage and evolve persisted state properly.\nCompared to the hand crafted bespoke rollout and rollback procedures of the 2010s, this is tremendous progress.\nImmutable infrastructure, and reproducible builds This one other ingredient is immutable infrastructure.\nIt is the basic idea that we do no longer manipulate the state of the base image we run our code on, ever, after it is deployed. It\u0026rsquo;s basically death to Puppet and its likes.\nInstead we change the build process, producing immutable images, and quickly rebuild and redeploy. We deploy the base image, and then supply secrets, runtime config and control config in other, more appropriate ways. Things like Vault, a consensus system such as Zookeeper, or similar mechanisms come to mind. It allows us to orchestrate change across a fleet of instances, all alike, in a way that guarantees consistency across our fleet, in an age where all computing has become distributed computing.\nThe same thinking can be applied to the actual base operating system of the host, where we remove application installs completely from the base operating system. Instead we provide a mechanism to mount and unmount application installs, including their dependencies, in the form of virtual machine images, container images or serverless function deployments (also containers, but with fewer buttons).\nAs a consequence, everything becomes single-user, single-tenant - one image contains only Postgres, another one only your static images webserver (images supplied from an external mountable volume), and a third one only your production Python application plus runtime environment. With only one thing in the container, Linux UIDs no longer have a useful separation function, and other isolation and separation mechanisms take their place:\nvirtualization, CGroups, Namespaces, Seccomp, and similar. They are arguably more powerful, anyway.\nThis also forms a kind of argument in the great \u0026ldquo;Is curlbash or even sudo curlbash still a bad thing?\u0026rdquo; debate of our times, but I am unsure which (I\u0026rsquo;m not: in a single-user single-tenant environment curlbashing into that environment should not be a security problem, but you get problems proving the provenance of your code. Which you would not have, had you used another, less casual method of acquiring that dependency).\nImages as building blocks for applications So now we can use entire applications, with configuration provided and injected at runtime, to construct services, and we can add relatively tiny bits of our own code to build our own services on top of existing services, provided by the environment. We get Helm Charts for Kubernetes, we get The Serverless Sea Change , and Step Functions. We also get Nocode, Codeless or similar attempts at building certain things only from services without actual coding.\nBut it is more pervasive than this:\nThe Unifi Control Plane uses multiple Java processes and one Mongodb. It can be dockered into one container, or can be provided as helm chart or as a docker-compose with multiple containers, for better scalability and maintenance. The gitlab Omnibus uses a single container, again, with Postgres, Redis and a lot of internal state plus Chef to deploy about a dozen components, but differentiated deploys for the individual components in a K8s context also exist. Things like a Jitsi setup can be packaged into a single, relatively simple docker-compose.yml, and will assemble themselves from images mostly automatically. The result will run on almost any operating system substrate, as long as it provides a Linux kernel syscall interface. Fighting Conway\u0026rsquo;s law At that is kind of the point: By packing all dependencies into the container or VM image itself, the base operating system hardly matters any more. It allows us to move on, each on their own speed, on a per-project basis.\nThe project will bring its own database, cache, runtime and libraries with itself, without version conflicts, and without waiting for the distro to upgrade them, or to provide them at all. Conversely it allows the Distro to move to Stream: They are finally free from slow moving OSS projects preventing them from upgrading local components, because one of them is not yet ready to move.\nEven teams in the Enterprise are now free to move at their own speed, because they no longer have to wait for half a dozen stakeholders ot get to the Technical Debt Section of their backlog.\nThe main point is, in my opinion, that it is okay and normal for the application to use a different \u0026ldquo;No longer a full OS\u0026rdquo; than what the host uses. In acknowledging that both can reduce scope and size, and optimize. This is a good thing, and will speed up development.\nSo in a world where components and their dependencies are being packaged as single-user single-tenancy units of execution (virtual machines, containers and the like), CentOS moving to Streams is not only acknowledging that change, it also forced the slower half of the world to acknowledge this, and to embrace it.\nI say: This is a good thing.\nAnd if you rant \u0026ldquo;Stability goes out of the window!\u0026rdquo; - check your calendar and your processes.\nIt\u0026rsquo;s 2020. Act like it. One of the major innovations in how we do computers in the last decade has been establishing the beginnings of a certifiable process for building the things we run.\nOr, as [Christoph Petrausch](Christoph Petrausch) puts it in this tweet : \u0026ldquo;If your compliance is based on certifying the running end product instead of the process that built it, your organisation will not be able to keep up with the development speed of others.\u0026rdquo;\nEdit: Some Enterprise So after careful Enterprise wide checking, it turns out that in fact nobody at work at this point is adverse to converting from CentOS 7 and CentOS 8 to CentOS Stream.\n\u0026ldquo;We are already on a rolling release, kind of, with the security mandated patching strategy and the time limits this imposes.\u0026rdquo; \u0026ldquo;Where we are on image based workflows in VMs and containers, we do not really care about the base operating system image or the packaging and configuration tooling used by it; outside of the requirements of some security scanning tools.\u0026rdquo; \u0026ldquo;Each team basically takes a base operating system image, and then replaces the critical components for their workloads with their own images. Kernel, language platforms, web servers and the likes get replaced at the team level accoding to their need.\u0026rdquo; \u0026ldquo;In general, even Stream as a rolling release will be too slow to provide the packages we need for these teams. They will still need to modify the base OS images themselves. Maybe a few teams exist that can profit from Stream.\u0026rdquo; \u0026ldquo;We will be checking in on the state of Stream on a quarterly basis. We do still have dependencies on RPM and Puppet, but we expect both to go away within three years, anyway.\u0026rdquo; \u0026ldquo;For containerized workloads the vector is distroless in the guest, and the host OS is not carrying any workload besides the container system anyway.\u0026rdquo; So we will see how that goes, in quarterly intervals, and we will be past the point of caring much in three years time.\n","date":"2020-12-09T00:00:00Z","href":"https://blog.koehntopp.info/2020/12/09/embracing-the-stream.html","tags":["lang_en","devops"],"title":"Embracing the Stream"},{"categories":null,"content":"The tables in PERFORMANCE_SCHEMA (P_S) are not actually tables. You should not think of them as tables, even if your SQL works on them. You should not JOIN them, and you should not GROUP or ORDER BY them.\nUnlocked memory buffers without indexes The stuff in P_S has been created with \u0026ldquo;keep the impact on production small\u0026rdquo; in mind. That is, from a users point of view, you can think of them as unlocked memory buffers - the values in there change as you look at them, and there are precisely zero stability guarantees.\nThere are also no indexes (EDIT: There actually are secondary indexes on P_S tables in MySQL 8, see below).\nUnstable comparisons When sorting a table for a GROUP BY or ORDER BY, it may be necessary to compare the value of one row to other rows multiple times in order to determine where the row goes. The value compared to other rows can change while this happens, and will change more often the more load the server has. The end result is unstable. Also, as the table you sort may be larger on a server under load, the row may need more comparisons, making this even more likely to happen.\nThe table you look at may produce correct results on your stable, underutilized test systems, but the monitoring you base on this will fail on a loaded test system.\nDo not use GROUP BY or ORDER BY on P_S tables.\nNo indexes, meaning slow joins on loaded systems When JOINing a P_S table against other tables, the join is done without indexes (in MySQL up to and including 5.7). There are no indexes defined in P_S before MySQL 8.\nIn practice that means your join against the processlist or session variables tables in P_S do little harm in test, but will fail in production environments with many connections. You will be losing monitoring the moment you need it most - under load, in critital situations.\nDo not JOIN P_S tables to anything.\nHow to monitor About the only type of query you can reliably run on P_S is a single table SELECT * FROM P_S.table, maybe with a simple WHERE clause. That is, you can download and materialize data from a single P_S table at a time, unsorted, unaggregated.\nConnection to other tables, aggregation and sorting should be done on tables that are not P_S tables.\nThere are multiple ways to do this.\nSubqueries, without optimization It used to be that the MySQL optimizer did not resolve simple subqueries properly. So\nmysql\u0026gt; select \u0026lt;complicated stuff\u0026gt; from -\u0026gt; ( select * from performance_schema.sometable ) as t -\u0026gt; order by \u0026lt;something\u0026gt; used to work. The subquery t would materialize the P_S table as whatever your version of MYSQL used for implicit temporary tables, and the rest of the query resolution would happen on the materialized temptable. This is a snapshot, and would be stable.\nAnd it still would not add up to 100%, of course. That is, queries like Dennis Kaarsemakers \u0026ldquo;How loaded is the SQL_THREAD\u0026rdquo; Replication Load analysis never came out at 100%, because the various values changed while the temporary table would be materialized, so you do not get a consistent snapshot (and by construction, this kind of consistency is impossible in P_S).\nAnyway, with older versions of MySQL, this results in the query plan we want. Starting with MySQL 5.7, this does no longer work, because the optimizer became too smart. :-)\nmysql\u0026gt; select version(); +-----------+ | version() | +-----------+ | 8.0.22 | +-----------+ 1 row in set (0.00 sec) mysql\u0026gt; explain select * from ( select * from processlist ) as t; +----+-------------+-------------+------------+------+---------------+------+---------+------+------+----------+-------+ | id | select_type | table | partitions | type | possible_keys | key | key_len | ref | rows | filtered | Extra | +----+-------------+-------------+------------+------+---------------+------+---------+------+------+----------+-------+ | 1 | SIMPLE | processlist | NULL | ALL | NULL | NULL | NULL | NULL | 256 | 100.00 | NULL | +----+-------------+-------------+------------+------+---------------+------+---------+------+------+----------+-------+ 1 row in set, 1 warning (0.00 sec) Newer MySQL (5.7 and above) will apply the derived_merge optimization and fold the subquery into the outer query, resulting in a rewritten single query that again is executed on P_S directly. This is extremely useful, but in this one particular case precisely not what we want.\nYou either need to SET SESSION optimizer_switch = \u0026quot;derived_merge=off\u0026quot;; or provide an advanced MySQL 8 optimizer hint to prevent the optimizer from ruining your cunning plan:\nmysql\u0026gt; explain select /*+ NO_MERGE(t) */ * from ( select * from processlist ) as t; +----+-------------+-------------+------------+------+---------------+------+---------+------+------+----------+-------+ | id | select_type | table | partitions | type | possible_keys | key | key_len | ref | rows | filtered | Extra | +----+-------------+-------------+------------+------+---------------+------+---------+------+------+----------+-------+ | 1 | PRIMARY | \u0026lt;derived2\u0026gt; | NULL | ALL | NULL | NULL | NULL | NULL | 256 | 100.00 | NULL | | 2 | DERIVED | processlist | NULL | ALL | NULL | NULL | NULL | NULL | 256 | 100.00 | NULL | +----+-------------+-------------+------------+------+---------------+------+---------+------+------+----------+-------+ Here we get the DERIVED table as a non-P_S temptable, and then run our \u0026ldquo;advanced\u0026rdquo; SQL on that as PRIMARY on it.\nIn the client The alternative is, of course, to completely download the tables in question into client side hashes, and then perform the required operations on them on the client side, in memory. The important thing here is to limit the amount of memory spent - do not download unconstrained result sets into your client monitoring program.\nThen use a linearly scaling join method to construct the connections between the tables. Effectively, load data into hashes, and then program a client side hash join. This is additive (n + m) instead of quadratic (n * m), so you can survive this.\nThis is the recommended method.\nWho is doing it wrong? Getting monitoring queries that use P_S wrongly is common - it understands SQL, it handles SHOW CREATE TABLE, so it is treated as a table and exposed to full SQL all the time. And on idle test boxen, it even looks like it works.\nAt work, see this in our own code (still using a deprecated Diamond collector) and in SolarWinds nee Vividcortex.\nSolarWinds kindly highlights itself:\n-- Most time consuming query - Coming from solar winds monitoring itself ¯\\_(ツ)_/¯ select `ifnull` (`s`.`sql_text` , ?) , `ifnull` (`t`.`processlist_user` , ?) , `ifnull` (`t`.`processlist_host` , ?) from `performance_schema`.`events_statements_history` `s` left join `performance_schema`.`threads` `t` using (`thread_id`) where `s`.`thread_id`=? and `s`.`event_id`=? -- Coming from the \u0026#34;table ownership write identifier\u0026#34;. select count (*) as `cnt` , `digest_text` , `current_schema` , `processlist_user` as system_user from `performance_schema`.`events_statements_history` `esh` inner join `performance_schema`.`threads` `t` on `t`.`thread_id`=`esh`.`thread_id` where `event_name` in (...) and `current_schema` in (...) group by `digest_text` , `current_schema` , `processlist_user` -- Coming from diamond collector select `t`.`processlist_user` , `sbt`.`variable_value` , count (*) from `performance_schema`.`status_by_thread` `sbt` join `performance_schema`.`threads` `t` using (`thread_id`) where `sbt`.`variable_name`=? and `t`.`processlist_user` is not null group by `t`.`processlist_user` , `variable_value` Many of the above examples fail in multiple ways: Using JOIN for bad scalability (this is how we spotted them), at least before MySQL 8 (and you probably want your monitoring to work anywhere). Some are also using unstable sorting.\nWe also see ORDER BY statements in the Telegraf MySQL plugin in one place. It uses LIMIT, but if the ORDER BY does not work (ie does not actually sort), you cut off randomly.\nIs PERFORMANCE_SCHEMA broken? Clearly, it is not. Just badly misunderstood.\nThe alternative is INFORMATION_SCHEMA, which often locks, and that can be actually deadly:\nJust select * from INFORMATION_SCHEMA.INNODB_BUFFER_PAGE on a server with a few hundreds of GB of buffer pool, humming at 10k QPS. The query will freeze the server completely for the runtime of the query – which with a large buffer pool size can be substantial.\nI\u0026rsquo;d rather have this in P_S and then deal with the vagaries of the data changing while I read it than lose an important production server. So P_S is much better than I_S, provided that you ask it in the right way.\nAddendum Both Øystein Grøvlen and Mark Leith remind me that in MySQL 8 we geht secondary indexes on P_S - this will address some of the problematic queries above and will need some research on my side.\nThe sorting is still complicated. Øystein writes :\nIt depends on the sort algorithm used by MySQL. Many sorts will add all requested columns to the sort buffer, and will not need to fetch anything from the tables after sorting, but it depends on the size of the sort buffer and how much data needs to be fetched.\nSo there are some sorts that are stable, and some sorts that will always be unstable (those that work with bloblike columns such as SQL_TEXT or DIGEST_TEXT likely), but it is really hard to see this when looking at the query.\nI still maintain my advice of forcing stable copies with subselects and NO_MERGE() hints - this is much easier to teach and guaranteed to be stable.\nAnother addendum In a tweet Justin Swanhart pointed me at PS_HISTORY , which makes snapshots of P_S that try to be as consistent as possible.\nIt will allow you to replay and review old P_S states and query them, and it will - if you configure it - also automatically expire the old recordings. It may be useful as a kind of flight recorder to debug performance problems that cannot otherwise reproduced.\n","date":"2020-12-01T00:00:00Z","href":"https://blog.koehntopp.info/2020/12/01/not-joining-on-performance-schema.html","tags":["lang_en","mysql"],"title":"Not JOINing on PERFORMANCE_SCHEMA"},{"categories":null,"content":"There was a question at work about MySQL backups and restore. I needed to explain more.\nWe use databases to make state persistent. That is: As a developer you can think of your database as a single giant, structured global variable with a weird access method, and to make things worse, concurrent access.\nA database is just a global variable to your code\nWe can log statements that change the state of our database in a log. In MySQL, we call this The Binlog.\nMaking a change to the database, and logging the data changing statement to the binlog.\nWhen we make a full backup of the database, we just copy away all tables in the data directory while the database does not change. This can be achieved by simply taking the server offline during the copy, or using more elegant methods that do not interrupt production, yet still look the same when done.\nIf the database does not change while we make the backup, the backup is internally referentially consistent, and it is associated with exactly one binlog position. And to keep things simple, the binlog position is just the pair (newest binlog filename, file length). So a binlog position looks like (binlog.000004, 7625) or similar.\nThe server will periodically start new binlogs: When it becomes too large, when the server restarts, or when we ask it to do so using a FLUSH BINARY LOGS command.\nEvery transaction that changes data is being assigned a unique binlog position, and this way we also get a total order of all transactions (and that is becoming a problem later in the game).\nWe can see the binlog position as the internal clock of the database: Whenever something changes in the database, it is written to the binlog. Each transaction is assigned a unique binlog position, and thus, transactions also have a total order.\nWhen we restore from a backup, we are at the backups binlog position of the past, and can then replay statements – beginning with the backups position – to roll forward, until we are at the desired position.\nWe can use the binlog to replay history\nWhat the desired position exactly is depends a bit on the problem: If we issued a command we wish we had not, the desired position is, of course, exactly before this statement. We then skip the undesirable statement.\nHow we continue after that statement depends on what that statement was. But if we are lucky we can simply continue to replay statements unchanged.\nIn complicated cases (We might have changed a table definition wrongly) we might need to replace the content of the binlog with alternate, edited statements. In any case we create a new, different and edited timeline that does not contain the mistake we made.\nReplication is an ongoing live Restore As early as MySQL 3.23.15 from May 2000, we have replication:\nWe restore our original servers\u0026rsquo; data directory to a new machine, effectively cloning it. We tell our clone the binlog position of the parent server it was created from. We tell this new machine where the parent server is, and give it credentials to log in to that parent. The cloned server will then log in to the parent, download the binlog as it is written, and apply it. This is exactly the same process as with a restore and then applying the binlog that has been created since the backup was made. But with replication, it is live and ongoing as new binlog is being created. As a result, we get a cloned server that executes the same statements as its upstream parent, keeping its internal state a mirror copy of the parent.\nWe called the parent server a master back then, and a primary or source server these days. The cloned server was a slave back then and is now a replica.\nOf course this simplistic approach has all kinds of problems, which then got corrected over time, making replication better, but also more complicated.\nSplitting Threads Early replication had a single thread downloading statements, and then applying them. Of course, some statements take longer than others to execute: a large ALTER TABLE can take hours to run, depending on the size of the table being altered. During that time replication stops and the binlog does not even leave the source server. This is a bit unfortunate should the source fail during that time.\nSo the very first thing that got changed is splitting the replication thread in two: The IO_THREAD downloads data from the source as quickly as possible, and writes it to the replica as the relay log. Even when the source goes down we still have our local copy.\nThe SQL_THREAD then reads the relay log and executes it in sequence, strictly maintaining transaction order. Whenever it finishes a relay log, it can delete that file and turn to the next one.\nThis logic, at the core, is unchanged even today:\nSimple, asynchronous replication as seen even today.\nAsynchronous and Semi-Synchronous Replication We call this kind of replication asynchronous: There is no feedback channel from the replica to the source, and consequently no way for the source to delay the commit and have the application wait until the data has left the machine.\nAsynchronous replication scales well, even across long distance links: Applications write to the primary, and don’t wait. The replicas log into the source, download the binlogs and will eventually execute it locally on the replica. Applications reading from the replicas will read outdated state until the replica comes around and catches up.\nThe main risk is the source going down due to a fault before the binlog has been copied off. So one innovation is to make the source delay the commit until at least one copy exists on a replica.\nFor that we need add a communication mechanism to the replica, in which it can signal that is has read a transaction from the binary log, and committed it to the local relay log. Only when the transaction is persisted to disk on the replica, in the relay log, we signal the source, which then lets the transaction commit finish so that the application can continue.\nSemi-Synchronous Replication is Asynchronous Replication with added delays on the commit.\nThis is Semi-Synchronous Replication, SSR, in MySQL, and it comes with a number of caveats:\nSSR has a timeout. If a transaction is not acknowledged in time, a message is error logged and the server reverts to regular asynchronous replication. It will flip back to SSR once a replica responds within the timeout window. If a source has zero replicas and a really high timeout, it never receives an acknowledgement, and will essentially block all applications. If your requirement is “transactions must be persisted on more than a single machine to be valid”, this is the desired behaviour. If your requirement is “It is more important to persist things at all than to ever hang the business”, then ASR is better than SSR for your use case. Nonetheless, we have plenty of outages because of this: primary servers ending up with zero replicas due to bugs or circumstances. SSR guarantees that at least one more copy of the transaction exists, but it does not say where. To build a resilient system, you need orchestration to find out where, and make sure you fail to that machine in order to be able to continue. We are using a special program for this kind of orchestration, and it is being ingeniously called MySQL Orchestrator . Depending on where your replicas reside, the most advanced replica server may be in the same data center or AZ as the source. In a scenario where the entire AZ fails this does not help you at all. Statement and Row Based Replication MySQL\u0026rsquo;s replication logs statements to the binlog. Unfortunately, not all statements are actually replay-able, because they may not be deterministic.\nMySQL knows this, and for the obvious cases logs additional code that makes them deterministic.\nkris@localhost [kris]\u0026gt; flush binary logs; Query OK, 0 rows affected (0.02 sec) kris@localhost [kris]\u0026gt; create table t ( d double ); insert into t values (rand()); select d from t; Query OK, 0 rows affected (0.11 sec) Query OK, 1 row affected, 1 warning (0.03 sec) Note (Code 1592): Unsafe statement written to the binary log using statement format since BINLOG_FORMAT = STATEMENT. Statement is unsafe because it uses a system function that may return a different value on the slave. +--------------------+ | d | +--------------------+ | 0.8351237492962962 | +--------------------+ 1 row in set (0.00 sec) In the binlog, we find (editing out the cruft):\n$ mysqlbinlog binlog.000043 ... #201127 10:45:02 server id 1 end_log_pos 548 CRC32 0x1b4b14a9 Rand SET @@RAND_SEED1=850981370, @@RAND_SEED2=491246833/*!*/; #201127 10:45:02 server id 1 end_log_pos 654 CRC32 0xa57c1606 Query thread_id=229860 exec_time=0 error_code=0 SET TIMESTAMP=1606470302/*!*/; insert into t values (rand()); ... What is being logged is\nThe RAND_SEED values to make the statement deterministic. The timestamp of the server when executing the statement (this will also make the NOW() function deterministic). The actual statement. Despite the warning, this replicates well, and has done so for the last 20 years. What does not replicate well at all, ever, is stuff like UPDATE t SET x = x+1 LIMIT 10. As this lacks an ORDER BY clause, the server is free to order the row updates as it wishes, and can (and in NDB cluster actually will!) update 10 random rows, different ones on each instance of replication. It is the LIMIT clause that makes this non-deterministic.\nNow that limitations of this approach are clear, we can see: We would be better off with logging the rows changed, instead of logging the statements that change them.\nCounterintuitively, for the workloads we have at work, this is also 50% to 66% smaller than the statement itself, even before optimisation and compression.\nUsing Row Based Replication Let’s do this:\nkris@localhost [kris]\u0026gt; set binlog_format = row; Query OK, 0 rows affected (0.00 sec) kris@localhost [kris]\u0026gt; drop table t; Query OK, 0 rows affected (0.03 sec) kris@localhost [kris]\u0026gt; flush binary logs; Query OK, 0 rows affected (0.03 sec) kris@localhost [kris]\u0026gt; create table t ( d double ); insert into t values (rand()); select d from t; Query OK, 0 rows affected (0.05 sec) Query OK, 1 row affected (0.01 sec) +--------------------+ | d | +--------------------+ | 0.7980042936261783 | +--------------------+ 1 row in set (0.00 sec) We find:\n$ mysqlbinlog binlog.000043 ... #201127 10:53:43 server id 1 end_log_pos 598 CRC32 0xdae6423f Write_rows: table id 233 flags: STMT_END_F BINLOG \u0026#39; p8zAXxMBAAAAMAAAAAAAAAAAAOkAAAAAAAEABGtyaXMAAXQAAQUBCAEBAQCZVfvm p8zAXx4BAAAALAAAAAAAAAAAAOkAAAAAAAEAAgAB/wABJeZMQInpPz9C5to= \u0026#39;/*!*/; # at 598 ... (You would need to run mysqlbinlog -vvv to have the mysqlbinlog command decode the BASE64 for you).\nRow Based Replication logs Row Events. mysqlbinlog presents them as a special BINLOG statement to make it possible to feed the output to another server.\nSo in order to be able to represent a Row Events as a statement that can be replayed in another server, MySQL implemented a BINLOG statement, which takes a single parameter. The parameter is a BASE64 encoded pre- and post-image of the row, a kind of binary patch to the data in the table.\nSeeing this, I should be able to take this BINLOG statement and run it on the command line of my client:\nkris@localhost [kris]\u0026gt; BINLOG \u0026#39; \u0026#39;\u0026gt; p8zAXxMBAAAAMAAAAAAAAAAAAOkAAAAAAAEABGtyaXMAAXQAAQUBCAEBAQCZVfvm \u0026#39;\u0026gt; p8zAXx4BAAAALAAAAAAAAAAAAOkAAAAAAAEAAgAB/wABJeZMQInpPz9C5to= \u0026#39;\u0026gt; \u0026#39;/*!*/; ERROR 1609 (HY000): The BINLOG statement of type `Table_map` was not preceded by a format description BINLOG statement. To make a long story short: If you go back and pick up the preceding BINLOG command earlier in the binlog, and then this one, it actually works.\nAlso interesting: In the earliest versions of MySQL with Row Based logs, the BINLOG command lacked all access controls. By handcrafting the appropriate patches, anybody could change any data anywhere with any permissions - MySQL did not anticipate that somebody would take replication-only special commands and run them on a regular command line. This bug is now a long time fixed.\nRow Based Replication and Filters Since the earliest days of replication, we could filter the binlog on the primary (using binlog-do-* config directives) and the relay log on the replica (using replicate-do-* config directives).\nFiltering the binlog is never a good idea: It will break your ability to perform point-in-time restores. Filtering the relay log can be done, but most of the config directives that do this are broken:\nreplicate-do-db and replicate-ignore-db are matching the current database in statement based replication, and the actual statements\u0026rsquo; database in row based replication. The statement use a; insert into b.t values (...); will be filtered differently in SBR than in RBR under a replicate-do-db=a rule. With the default setting of row-format=MIXED, the behavior is random, depending on the row format chosen by mysql. replicate-do/ignore-table are tedious, they require you to state each table explicitly, and nobody really wants to use them/ replicate-wild-do/ignore-table work in SBR and RBR, but precedence is complicated, and it is advisable to use either only positive or only negative logic. With group replication, which we do not discuss here, any filtering will break consistency in the group, so any filters are forbidden.\nThe summary of all that is basically: Don\u0026rsquo;t use binlog or replication filters, but if you have to, it\u0026rsquo;s best to stick to either replicate-wild-do-table or replicate-wild-ignore-table.\nRow Based Replication and BLOB columns Row Based Replication also fails in other interesting ways: Consider a table with a BLOB and a counter.\nkris@localhost [kris]\u0026gt; create table t ( id integer, cnt integer, b blob ); Query OK, 0 rows affected (0.05 sec) When you increment the counter, the entire row is logged, twice: Once as a pre-image, and once again as a post-image. You end up with 4 bytes integer changing, but two full copies of the BLOB, which can be very large.\nThis is how we got the setting binlog-row-image, which can be FULL (the default), NOBLOB or MINIMAL. In NOBLOB mode, blobs and text fields are not logged unless they change. In MINIMAL mode, the pre-image contains only the primary key, and the post-image contains only the changed fields new values.\nWe can use RBR in FULL mode, not only for replication, but also for Change Data Capture, to feed Hadoop and Kafka with it. On the other hand, with replication chains that are blobby require NOBLOB or MINIMAL mode to not die on us.\nRow Based Replication and Primary Keys On the replica, the RBR image needs to be applied. For this, the replica needs to find the row. It uses the pre-image to do this, and when the table has no primary key defined, this can be slow - it ends up being a full table scan.\nThis is another fun cause of replication delay: Having a table of even moderate size without a primary key in a replication chain that uses RBR will delay the replica, and it will look very busy. The replica will eat a lot of CPU doing in-memory scans to find rows to change, in the most inefficient way possible.\nMore complications… Arriving at this stage took MySQL around 10 years:\nWe can now reliably replicate, and build simple replication trees that are one level deep. Because of the relay log, binlog positions for the same statement vary between servers - transactions are locally renumbered. We can replicate, but the SQL_THREAD is a bottleneck: Replication is single-threaded. We still don’t have distributed transactions, or a way to handle writes to different primary servers. It has taken MySQL another 10 years of changes to improve on this, with Global Transaction IDs, Parallel Replication and Group Replication, but that is for another article.\nThis article is continued in Parallel Replication .\n","date":"2020-11-27T00:00:00Z","href":"https://blog.koehntopp.info/2020/11/27/backups-and-replication.html","tags":["lang_en","mysql","mysqldev","replication"],"title":"MySQL: Backups and Replication"},{"categories":null,"content":"These installation notes are mostly a note to myself, documenting the installation process of a Gitlab Omnibus Container in Docker, plus Gitlab Runners.\nOS Setup We are installing into /export/gitlab, a 10G xfs slice from the local flash pool:\n# lvcreate -n gitlab -L 10G data # mkfs -t xfs /dev/data/gitlab # mkdir /export/gitlab # mount /dev/data/gitlab /export/gitlab # echo \u0026#34;/dev/data/gitlab\\t/export/gitlab\\txfs\\tbsdgroups,usrquota,grpquota,attr2,nofail,noatime 1 2\u0026#34; \u0026gt;\u0026gt; /etc/fstab # mkdir /export/gitlab/{gitlab,gitlab-runner} # mkdir /export/gitlab/gitlab/{config,data,logs} Docker We are using docker-compose to run this, with a .env (dotenv) like so:\n# cat .env GITLAB_HOME=/export/gitlab/gitlab GITLAB_DOMAIN=gitlab.home.koehntopp.de GITLAB_HTTP_PORT=81 GITLAB_HTTPS_PORT=444 GITLAB_SSH_PORT=2222 And a docker-compose.yaml like so:\n--- version: \u0026#34;3\u0026#34; services: web: container_name: \u0026#34;gitlab\u0026#34; hostname: \u0026#34;gitlab\u0026#34; image: \u0026#34;gitlab/gitlab-ce:latest\u0026#34; restart: always hostname: \u0026#34;${GITLAB_DOMAIN}\u0026#34; environment: GITLAB_OMNIBUS_CONFIG: | external_url \u0026#34;https://gitlab.home.koehntopp.de\u0026#34; ports: - \u0026#39;${GITLAB_HTTP_PORT}:80\u0026#39; - \u0026#39;${GITLAB_HTTPS_PORT}:443\u0026#39; - \u0026#39;${GITLAB_SSH_PORT}:22\u0026#39; volumes: - \u0026#39;${GITLAB_HOME}/config:/etc/gitlab\u0026#39; - \u0026#39;${GITLAB_HOME}/logs:/var/log/gitlab\u0026#39; - \u0026#39;${GITLAB_HOME}/data:/var/opt/gitlab\u0026#39; ## vim: syntax=yaml ts=2 sw=2 sts=2 sr et ai When starting this with docker-compose up, we can follow the full horribleness of the installation process in the console: The Gitlab Omnibus container collects a large number of processes internally, including a postgres, puma, nginx and a number of additional components, and configures itself internally using Chef. It is the Anti-Container.\ngitlab.rb The initial run will produce a gitlab.rb config file in /export/gitlab/gitlab/config/gitlab.rb. The file is over 100KB in size, and will contain deactivated config.\nA very minimal, runnable base config for me looks like this:\n# grep -v \u0026#34;^#\u0026#34; gitlab.rb | uniq external_url \u0026#39;http://gitlab.home.koehntopp.de\u0026#39; gitlab_rails[\u0026#39;smtp_enable\u0026#39;] = false gitlab_rails[\u0026#39;gitlab_email_enabled\u0026#39;] = false gitlab_rails[\u0026#39;gitlab_default_can_create_group\u0026#39;] = false gitlab_rails[\u0026#39;gitlab_username_changing_enabled\u0026#39;] = false gitlab_rails[\u0026#39;gitlab_shell_ssh_port\u0026#39;] = 2222 gitlab_kas[\u0026#39;enable\u0026#39;] = false TLS Forwarding from host to container The internal ports need to be exported to the home network, so we need an Apache TLS forwarding config.\nWe are using this:\n\u0026lt;VirtualHost *:80\u0026gt; ServerName gitlab.home.koehntopp.de ErrorLog ${APACHE_LOG_DIR}/gitlab-error.log CustomLog ${APACHE_LOG_DIR}/gitlab-access.log combined Alias /.well-known/acme-challenge /var/lib/dehydrated/acme-challenges \u0026lt;Directory /var/lib/dehydrated\u0026gt; Options Indexes FollowSymLinks AllowOverride None Require all granted \u0026lt;/Directory\u0026gt; \u0026lt;If \u0026#34;!-f \u0026#39;%{REQUEST_FILENAME}\u0026#39;\u0026#34;\u0026gt; RedirectMatch permanent ^/(.*) \u0026#34;https://gitlab.home.koehntopp.de/$1\u0026#34; \u0026lt;/If\u0026gt; \u0026lt;/VirtualHost\u0026gt; \u0026lt;VirtualHost *:443\u0026gt; ServerName gitlab.home.koehntopp.de ErrorLog ${APACHE_LOG_DIR}/gitlab-ssl-error.log CustomLog ${APACHE_LOG_DIR}/gitlab-ssl-access.log combined SSLEngine on SSLCertificateFile /var/lib/dehydrated/certs/home.koehntopp.de/cert.pem SSLCertificateKeyFile /var/lib/dehydrated/certs/home.koehntopp.de/privkey.pem SSLCertificateChainFile /var/lib/dehydrated/certs/home.koehntopp.de/chain.pem # SSLProxyEngine on ProxyPreserveHost On ProxyPass \u0026#34;/\u0026#34; \u0026#34;http://127.0.0.1:81/\u0026#34; nocanon ProxyPassReverse \u0026#34;/\u0026#34; \u0026#34;http://127.0.0.1:81/\u0026#34; AllowEncodedSlashes NoDecode DocumentRoot /var/www/gitlab.home.koehntopp.de \u0026lt;/VirtualHost\u0026gt; # vim: syntax=apache ts=4 sw=4 sts=4 sr noet We are terminating the TLS at the Apache and forward plaintext to the nginx, which then forwards to the internal Ruby. This is silly, but I was not feeling like pulling that ball of string apart.\nThe ProxyPass ... nocanon and AllowEncodedSlashes NoDecode are necessary to avoid internal Error on various URLs that require passing on of // and /-/ URL fragments (several issues, for example here ).\nBasic Setup Admin Login is with \u0026ldquo;root\u0026rdquo;, and will guide you through a password change and some basic setup.\nI created users for the family, and groups for my work and for the little one.\nOnce you have groups, pushing existing repositories into gitlab is quickly done with\n# git push --set-upstream ssh://git@gitlab.home.koehntopp.de:2222/kris/$(git rev-parse --show-toplevel | xargs basename).git $(git rev-parse --abbrev-ref HEAD) This will create a repo for the user or group (here: kris) that has a name identical to the current directory. The xargs basename expression can be replaced with the desired literal name instead.\nAfterwards, it may be useful to git remote remove origin, git remote add origin .... A quick git pull --rebase and git branch --set-upstream-to=origin/master master will exercise and config the local push and pull operations, too.\nA \u0026ldquo;hello-ci\u0026rdquo; project We are creating a basic Python project for gitlab-runner, for testing, kk/probe.\n# cat probe.py #! /usr/bin/env python3 import src if __name__ == \u0026#39;__main__\u0026#39;: print(f\u0026#39;Hi, {src.my_name()}!\u0026#39;) and\n# cat src/__init__.py from src.main import my_name # noqa and\n# cat src/main.py def my_name(): return \u0026#34;Kris\u0026#34; In a src/tests/ directory, we are running pytest:\n#! /usr/bin/env python3 import src def test_my_name(): assert src.my_name() == \u0026#34;Kris\u0026#34; At the toplevel, we put our requirements.txt:\nflake8 pytest and a tox.ini:\n[flake8] exclude=.git,__pycache__,docs,*venv [pytest] addopts = -ra -q We can now build a .gitlab-ci.yml, also at the toplevel:\ndefault: image: python:3.8 before_script: - python --version - pip install -r requirements.txt stages: - Test flake8: stage: Test script: - flake8 pytest: stage: Test script: - pwd - ls -l - export PYTHONPATH=\u0026#34;$PYTHONPATH:.\u0026#34; - python -c \u0026#34;import sys;print(sys.path)\u0026#34; - pytest src Yes, the testing cruft in the pytest setup can later go away\u0026hellip;\nNow, to make this work, we need to install gitlab-runner in a docker variant, and config it.\nGitlab Runner At this point, the runner still needs to be docker-compose\u0026lsquo;ed. I hacked it for testing like this:\n# mkdir -p /export/gitlab/gitlab-runner # cd !$ # mkdir config # cat doit docker run -d --name gitlab-runner \\ --restart always \\ -v /export/gitlab/gitlab-runner/config:/etc/gitlab-runner \\ -v /var/run/docker.sock:/var/run/docker.sock \\ gitlab/gitlab-runner:latest This will create a config.toml in the config directory. We can\n# docker exec -it gitlab-runner bash root@ffd124dab4aa:/# gitlab-runner register # gitlab-runner register Runtime platform arch=amd64 os=linux pid=47 revision=8fa89735 version=13.6.0 Running in system-mode. Enter the GitLab instance URL (for example, https://gitlab.com/): https://gitlab.home.koehntopp.de/ Enter the registration token: TheToken Enter a description for the runner: [ffd124dab4aa]: A test runner Enter tags for the runner (comma-separated): test The token required for registration can be obtained as described here .\nI registered group runners for each of my two internal groups, and a shared runner for the (empty) rest.\nAll of this will rewrite the config.toml. I then upped the concurrency to 6 (8 threads available in the hardware).\nLater on, it will turn out that the docker images in my Ubuntu are not writeable as needed, a helper image needs to be added.\nThe helper_image line has been added manually below, according to this note :\n# cat /export/gitlab/gitlab-runner/config/config.toml concurrent = 6 check_interval = 0 [session_server] session_timeout = 1800 [[runners]] name = \u0026#34;JX_Snack (Docker)\u0026#34; url = \u0026#34;https://gitlab.home.koehntopp.de\u0026#34; token = \u0026#34;TheToken executor = \u0026#34;docker\u0026#34; [runners.custom_build_dir] [runners.cache] [runners.cache.s3] [runners.cache.gcs] [runners.cache.azure] [runners.docker] helper_image = \u0026#34;gitlab/gitlab-runner-helper:x86_64-6fbc7474\u0026#34; tls_verify = false image = \u0026#34;python:3\u0026#34; privileged = false disable_entrypoint_overwrite = false oom_kill_disable = false disable_cache = false volumes = [\u0026#34;/cache\u0026#34;] shm_size = 0 ... For easier testing, it may be useful to allow CI runs on untagged commits. This can be set up as root in https://.../admin/runners for the desired test runner.\nAllowing the runner to pick up untagged jobs can be useful for testing. It needs to be disabled later.\nWith some random committing we can now trigger and debug the pipeline we defined earlier above. Eventually it will actually do something.\nEventually, a testing success.\nHaving a gitlab and a CI/CD pipeline allows us to package the Python Discord Bot development process for the little one in a way that allows him to focus on the various stages of the development process sequentially. For now, testing and deployment can happen magically, we will visit that only later.\n","date":"2020-11-22T00:00:00Z","href":"https://blog.koehntopp.info/2020/11/22/gitlab-in-docker.html","tags":["lang_en","devops","docker","git","development"],"title":"Gitlab in Docker"},{"categories":null,"content":"At work, I am in an ongoing discussion with a number of people on the Observability of Outliers. It started with the age-old question “How do I find slow queries in my application?” aka “What would I want from tooling to get that data and where should that tooling sit?”\nAs a developer, I just want to automatically identify and isolate slow queries!\nWhere I work, we do have SolarWinds Database Performance Monitor aka Vividcortex to find slow queries, so that helps. But that collects data at the database, which means you get to see slow queries, but maybe not application context.\nThere is also work done by a few developers which instead collects query strings, query execution times and query counts at the application. This has access to the call stack, so it can tell you which code generated the query that was slow.\nIt also channels this data into events (what we have instead of Honeycomb ), and that is particularly useful, because now you can generate aggregates and keep the link from the aggregates to the constituting events.\nHow do you find outliers? “That’s easy”, people will usually say, and then start with the average plus/minus one standard deviation. “We’ll construct this “n stddev wide corridor around the average” and then look at all the things outside.”\nNo.\nThat is descriptive statistics for normal distributions and for them to work we need to actually have a normal distribution.\nAverages and Standard Deviations work on normal distributions. So the first thing we need to do is to look at the data and ensure that we actually have a normal distribution.\nAnscombe\u0026rsquo;s Quartet is a set of graphs having an identical number of points, and producing identical descriptive statistics, but being clearly extremely different distributions.\nBecause when you apply the Descriptive Statistics of Averages and Standard Deviations to things that are Not a Normal Distribution (see Anscombe’s Quartet ) they do not tell you much about the data: all the graphs in the infamous Quartet have the same descriptive stats (more than just average and stddev, even), but are clearly completely different.\nSo what we would want is a graph of the data. For a time series – which is what we usually get when dealing with metrics – a good way to plot the data is a heatmap. For the given problem, the heatmap more often than not looks like this:\nWe partition the time axis into buckets of - say - 10s each, and then bucket execution times linearly or logarithmically. For each query we run, we determine the bucket it goes into and increment by one. The resulting numbers are plotted as pixels - darker, redder means more queries in that bucket. A flat 2D plot of three dimensional data.\nWhat you see here is a bi- or multipartite distribution. It is a common case when benchmarking: We have a (often larger) number of normally executed queries, and a second set (often smaller) of queries that need our attention because they are executed slower.\nThe slow set is also often run with unstable execution times – an important secondary observation.\nThis is not a normal distribution, but a thing composed of two other things (hence bipartite), each of which in itself hopefully can be adequately modelled as a normal distribution: A gaussian mixture .\nLuckily we do not actually have to deal with the math of these mixtures (I hope you did not follow the Wikipedia link :-) ) when we want to find slow queries.\nWe just want to be able to separate them, which could even be done manually, and then want the back pointer to the events that constitute the cluster of outliers we identified.\nUnstable execution times I mentioned above:“They are also often run with unstable execution times – an important secondary observation.”\nSlow queries are often slow because they cannot use indexes. When a tree index can be used, the number of comparisons needed to find the elements we are searching for is some kind of log of the table size.\nThe end result is usually 4 – there are 3-5 lookups¹ needed in about any tree index to do a point lookup of the first element of a result. That means that the execution time for any query using proper indexes is usually extremely stable.\nWhen indexes cannot be used, the lookup times are scan times – linear functions of the result position or size. This varies a lot more, and so we get much more variable execution times for slow queries, and the jitter makes it only worse: your “this query takes 20s instead of 20ms to run” degrades to the even more annoying “well, sometimes it’s 5s, and sometimes 40s”.\n¹ In MySQL, we work with 16KB block size, and in indexes we usually have a fan out of a few hundreds to one thousand per block or tree level. The depth of the index tree is the number of comparisons, and it is log to the base of (fan out) of the table length in records. This then becomes ln(table length)/ln(fan out), because that is how you get arbitrary base logs from ln().\nFor a fan out of 100, we get a depth of 3 for 1 million, and 4.5 for 1 billion records.\nFor a fan out of 1000, it’s 2 for the million, and 3 for the billion.\nPlus one for the actual record, so the magical database number is 4: It’s always 4 media accesses to get any record through a tree index - stable execution times for indexed queries, because math works.\nWhere Monitoring ends and Observability begins With measurements, aggregations, and the visualisation as a heatmap, I can identify my outliers – that is, I learn that I have them and where they are in time and maybe space (group of hosts).\nBut with a common monitoring agents such as Diamond or Telegraf, what is being recorded are numbers or even aggregates of numbers - the quantisation into time and value buckets happens in the client and all that is recorded in monitoring is “there have been 4 queries of 4-8ms run time at 17:10:20 on host randomdb-2029”. We don’t know what queries they were, where they came from or whatever other context may be helpful.\nWith events, we optionally get rich records for each query - query text, stack trace context, runtime, hostname, database pool name and many other pieces of information. They are being aggregated as they come in, or can be aggregated along other, exotic dimensions after the fact. And best of all, once we find an outlier, we can go back from the outlier and find all the events that are within the boundary conditions of the section of the heapmap that we have marked up as an outlier.\nThis also is the fundamental difference between monitoring (“We know we had an abnormal condition in this section of time and space”) and observability (“\u0026hellip; and these are the events that make up the abnormality, and from them we can see why and how things went wrong.”).\n(Written after a longer call with a colleague on this subject).\n","date":"2020-11-19T00:00:00Z","href":"https://blog.koehntopp.info/2020/11/19/on-the-observability-of-outliers.html","tags":["lang_en","devops","monitoring"],"title":"On the Observability of Outliers"},{"categories":null,"content":"I have been asked to document my home sensor network. Being married to a person with a background in web security sets boundary conditions:\nNo cloud. We are running all services locally. No control, only metrics. I am collecting data from a number of plugs with power meters over Wi-Fi, using the MQTT protocol. I am also collecting data from a number of temperature sensors over Zigbee, and convert to MQTT. The MQTT data is ingested into Influx, and then read and plotted in Grafana. All of this is dockered and runs locally on an Ubuntu server.\nWhat happened so far Plugs with Wi-Fi : In which I am asking what kind of power plug to use to collect usage data. Gosund and Tasmota : In which I describe how to convert Gosund SP 111 plugs to Tasmota. Air Quality Sensors : In which I ask for Air Quality sensors, specifically with CO2 level metrics. The hardware Server I have a rather old server machine at home that acts as a file server and docker host.\n# lscpu | egrep \u0026#39;^Model name|^CPU\\(s\\):\u0026#39; CPU(s): 8 Model name: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz # free -m total used free shared buff/cache available Mem: 32061 16697 261 32 15102 15516 Swap: 32767 881 31886 # vgs VG #PV #LV #SN Attr VSize VFree data 2 13 0 wz--n- 7.28t 3.48t hdd 1 5 0 wz--n- 9.08t 5.00g system 1 4 0 wz--n- 466.94g 274.94g # cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=20.04 DISTRIB_CODENAME=focal DISTRIB_DESCRIPTION=\u0026#34;Ubuntu 20.04.1 LTS\u0026#34; Gateway This machine is hosting a ConBee from Dresden Elektronik :\n# lsusb | grep -i Dresden Bus 002 Device 084: ID 1cf1:0030 Dresden Elektronik # ls -l /dev/ttyACM0 crw-rw---- 1 root dialout 166, 0 Nov 15 11:51 /dev/ttyACM0 The instructions say you should be connecting the Conbee to the device using a USB cable, to keep it away from the device HF. This will improve the reach of the antenna supposedly a lot.\nDresden Elektronik ConBee attached to the Ubuntu fileserver using a USB cable.\nIn my case, the ConBee can see the sensors on the top floor and the floor below, but cannot reach the shed or the first floor.\nRepeaters This is fixed using any Zigbee device with mains power, because they all act as Zigbee signal repeaters, forming a mesh network. The exception here is Philipps HUE equipment, which does not in general do this.\nWhat I did was purchase a few TRÅDFRI Signal repeaters . These are USB-to-USB connectors that act as signal repeaters and a USB plug, powering the thing. You can plug the entire device chain into a wall plug, or run the basic USB-to-USB adapter from any USB socket that happens to be available.\nThe repeaters need to be paired with the ConBee. That is done by putting the ConBee into open mode, and then poking a small hole in the TRÅDFRI Signal repeater with a SIM tool or a paper clip. The single LED in the repeater will dim, blink, and 30s later the gateway has picked up the new device.\nThe repeaters have substantially better antennas than the ConBee. I purchased three, estimating I would need them to chain from the top floor across the first floor and the first floor into the shed, but actually one repeater on the first floor would have been sufficient. On the other hand these devices are 10 Euro each, so I do not really care.\nSensors I am using Aqara sensors which report temperature, humidity and pressure. The pressure sensors are impressive - they are long term stable, and they register when I take down a sensor from the second floor to the first floor. The devices are tiny - they are powered by a CR2032 cell (e.g. IKEA PLATTBOJ), and can run off it for around a year. The device is about twice as thick as the CR2032, and only slightly larger than the battery.\nThey come with two double-sided adhesive rings, have a pairing button on one side and a tiny blue indicator LED that only signals pairing and is otherwise unused.\nThey report measurements asynchronously as the data changes, which makes MQTT a much better suited protocol then HTTP.\nThey are available on Amazon from a number of makers, at vastly different prices and delivery times. I assume that a 100-pack of these directly from Shenzhen comes in at 2.50 Euro/pc or so - individual sensors incl. shipping come in at $6.50 at Aliexpress. Here , here and here are some sources, but I have seen them as low as 10-12 Euro/pc.\nA wireless mouse was delivered in container made from these plastic shells. I used one to protect the Aqara sensor against the weather.\nThe Aqara sensor is not really an outdoor sensor. It works well on the east side of the house, but the west side is the local weather side, and needs more water protection. I know this, because the first sensor on this side of the house drowned and shorted out after a rainstorm. I have mounted the replacement sensor in an upside down, open plastic container, and then glued the container to the top bar of a window. The seems to work fine.\nAqara sensor mounted on the top bar of a window. The plastic container is open to the bottom, but acts as a shield against rain and weather.\nWall Plugs I bought a very large number of Gosund SP111 Wall Plugs and converted them to Tasmota using Tuya-Convert . The plugs are attractive, because they can do the full 16A and are small enough to fit next to each other on a regular plug extender, if the slots are angled at 45deg (the device has a button, and the Gosund plugs are touching each other on small extenders, pressing each other\u0026rsquo;s button).\nThis is a solder-free conversion, using the Wi-Fi in a Raspi 4. Newer versions of this plug do no longer convert this way, and require wires to re-flash initially.\nOn the other hand, DeLOCK WLAN Steckdosen are the same device and come with Tasmota preinstalled.\nIn any case you are looking at around 20 Euro/plug.\nThe plugs connect to the local 2.4 Ghz Wi-Fi, and after Tasmota installation speak HTTP(S) and MQTT(s).\nSoftware I need a database for time series that collects measurements from the sensors and the wall plugs. In my case that is Influx . Visualization is from Influx to Grafana , because that is known to work well.\nThe MQTT transport is implemented using Mosquitto , again, because that is known to work well.\nData transport from Mosquitto to Influx can be done with Telegraf , or a small Python script - I started out with the Python, but only later learned that it could have been done completely in Telegraf. My setup still uses the Python.\nConversion and transport from Zigbee to MQTT is done using zigbee2mqtt .\nStorage All data and config resides in /export/iot in my setup.\n# df -Th /export/iot/ Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/data-iot xfs 30G 7.3G 23G 25% /export/iot I am providing sufficient storage for about one year of data. I am using XFS as a file system, because while having higher commit latency than ext4, it has close to no jitter and consequently much better plan-able performance.\nThis is a LVM2 partition on the data volume group, which contains two Samsung EVO 860 4 TB drives.\n# pvs | grep data /dev/sde1 data lvm2 a-- 3.64t 2.32t /dev/sdf1 data lvm2 a-- 3.64t 1.16t # vgs data VG #PV #LV #SN Attr VSize VFree data 2 13 0 wz--n- 7.28t 3.48t Created this way:\n# lvcreate -n iot -L 30g data ... # mkfs -t xfs /dev/data/iot ... # mkdir /export/data # mount /dev/data/iot /export/data docker-compose I am using docker-compose to set this up and run it. This works remarkably well, and there is no need to run K8s on a single box, anyway.\nA deployment is specified in a file docker-compose.yml, which lists a number of containers and optionally a local virtual network segment. The deployment can make use of environment variables, which can be put into a file named .env (dotenv) in the same directory.\nmosquitto We make use of this:\n# cd /export/iot # cat .env DATA_DIR=/export/iot MQTT_PORT=1883 INFLUX_PORT=8086 GRAFANA_PORT=3000 ZIGBEE_DEVICE=/dev/ttyACM0 TZ=Europe/Amsterdam GF_INSTALL_PLUGINS=grafana-clock-panel,grafana-simple-json-datasource DOCKER_HOST_ADDRESS=192.168.1.10 These are being used in the docker-compose.yml in the same directory. We specify the version, and enumerate the services we want.\nHere is our service mosquitto:\n--- version: \u0026#34;3\u0026#34; services: mosquitto: image: \u0026#34;eclipse-mosquitto:latest\u0026#34; container_name: \u0026#34;mosquitto\u0026#34; hostname: \u0026#34;mosquitto\u0026#34; user: \u0026#34;1000\u0026#34; ports: - \u0026#34;${MQTT_PORT}:1883\u0026#34; volumes: - \u0026#34;./mosquitto/mosquitto.conf:/mosquitto/config/mosquitto.conf\u0026#34; - \u0026#34;./mosquitto/users:/mosquitto/config/users\u0026#34; - \u0026#34;${DATA_DIR}/mosquitto/data:/mosquitto/data\u0026#34; - \u0026#34;${DATA_DIR}/mosquitto/log:/mosquitto/log\u0026#34; restart: \u0026#34;always\u0026#34; We are defining a container named \u0026ldquo;mosquitto\u0026rdquo;, which uses the docker internal hostname \u0026ldquo;mosquitto\u0026rdquo;. Our other services will be able to connect to this container using this hostname. We try to run this as the user with the UID 1000, but unfortunately this is mostly a vain effort using Docker - a lot of stuff needs to run privileged. The server inside the container is running on port 1883, and we make it available on the outside on $MQTT_PORT from the dotenv.\nWe overwrite the internal config file /mosquitto/config/mosquitto.conf with the file ./mosquitto/mosquitto.conf (/export/iot/mosquitto/mosquitto.conf) and so on.\nWe also define a restart rule.\nInflux Next up: we want an Influx instance.\ninfluxdb: image: \u0026#34;influxdb:latest\u0026#34; container_name: \u0026#34;influxdb\u0026#34; hostname: \u0026#34;influxdb\u0026#34; ports: - \u0026#34;${INFLUX_PORT}:8086\u0026#34; volumes: - \u0026#34;${DATA_DIR}/influxdb:/var/lib/influxdb\u0026#34; restart: \u0026#34;always\u0026#34; Again, we may the internal port (8086) to what is defined in the dotenv, and we overwrite the internal /var/lib/influxdb with $DATA_DIR/influxdb (/export/iot/influxdb).\nWe can prove this works: Enter the docker container, create a file, leave the docker container, see the file.\n# docker exec -it influxdb bash # cd /var/lib/influxdb/ /var/lib/influxdb# touch keks /var/lib/influxdb# exit # ls -l /export/iot/influxdb/keks -rw-r--r-- 1 root root 0 Nov 15 15:58 /export/iot/influxdb/keks # rm /export/iot/influxdb/keks This gets us an instance of Influx.\nGrafana Next then, the Grafana instance:\ngrafana: image: \u0026#34;grafana/grafana:latest\u0026#34; container_name: \u0026#34;grafana\u0026#34; hostname: \u0026#34;grafana\u0026#34; user: \u0026#34;1000\u0026#34; depends_on: - influxdb ports: - \u0026#34;${GRAFANA_PORT}:3000\u0026#34; volumes: - \u0026#34;${DATA_DIR}/grafana/data:/var/lib/grafana\u0026#34; - \u0026#34;${DATA_DIR}/grafana/log:/var/log/grafana\u0026#34; - \u0026#34;${DATA_DIR}/grafana/config:/etc/grafana\u0026#34; restart: \u0026#34;always\u0026#34; We can only run Grafana, when Influx is up and running, so we provide a depends_on attribute to the service. Again, we map the port, and also the various directories of interest inside the container are made available to the outside.\nZigbee2MQTT The bridge from Zigbee to MQTT is defined as before:\nz2m: image: \u0026#34;koenkk/zigbee2mqtt\u0026#34; container_name: \u0026#34;z2m\u0026#34; hostname: \u0026#34;z2m\u0026#34; devices: - \u0026#34;${ZIGBEE_DEVICE}:${ZIGBEE_DEVICE}\u0026#34; privileged: true environment: - \u0026#34;TZ=${TZ}\u0026#34; volumes: - \u0026#34;${DATA_DIR}/z2m:/app/data\u0026#34; - \u0026#34;/run/udev:/run/udev:ro\u0026#34; depends_on: - \u0026#34;mosquitto\u0026#34; restart: \u0026#34;always\u0026#34; This one is special, because it needs device access to the device file of the ConBee inside the container. So the container is privileged, we import the device file, and a ro instance of udev. It also needs access to the TZ environment variable from dotenv.\nOur Zigbee2MQTT data is in $DATA_DIR/z2m (/export/iot/z2m).\nOur python project, mqttbridge The final component is our mqttbridge, which is a dockerized Python script we provide. Alternatively we could have used telegraf for this, but I realized that only later.\nbridge: build: \u0026#34;./bridge\u0026#34; image: \u0026#34;isotopp/mqttbridge\u0026#34; container_name: \u0026#34;mqttbridge\u0026#34; hostname: \u0026#34;mqttbridge\u0026#34; user: \u0026#34;1000\u0026#34; depends_on: - \u0026#34;influxdb\u0026#34; - \u0026#34;mosquitto\u0026#34; restart: \u0026#34;always\u0026#34; Our script resides in ./bridge (/export/iot/bridge), and runs with the hostname and container name mqttbridge, as UID 1000. It makes sense to run it only when it can read data from mosquitto and write to Influx, so we depends_on these.\nInside the ./bridge directory, we provide a Dockerfile and the script:\n# cat bridge/Dockerfile FROM python:3.8-alpine LABEL maintainer=\u0026#34;isotopp\u0026#34; \\ description=\u0026#34;MQTT to InfluxDB Bridge\u0026#34; COPY requirements-frozen.txt /tmp/requirements.txt RUN pip install -r /tmp/requirements.txt COPY ./bridge.py /app WORKDIR /app CMD [ \u0026#34;python3\u0026#34;, \u0026#34;-u\u0026#34;, \u0026#34;bridge.py\u0026#34; ] This makes use of the Python 3.8 Alpine base image. We copy our requirements file into the container, run pip to install the requirements, copy the bridge.py file into the /app directory and then start that script with the appropriate options (-u - run Python unbuffered).\nThe actual script understands the channels I use internally for Aqara, Mijia, and Gosund data.\nConfiguration The various components need configuration.\nMosquitto # cat /export/iot/mosquitto/mosquitto.conf persistence true persistence_location /mosquitto/data/ log_dest file /mosquitto/log/mosquitto.log We also need a /export/iot/mosquitto/users file, and create a mqttuser with mosquitto_passwd -c /export/iot/mosquitto/users mqttuser.\nThe logfile in /export/iot/mosquitto/log/mosquitto.log will need expiration.\nInflux Influx will need a bit more configuration, but this is interactive, and a bit longer. It will be provided in another article.\nGrafana Grafana comes up empty, and needs an admin password and manual configuration after initial startup. To make things work, we need to configure our InfluxDB as a server-side data source (Grafana connects to Influxdb, not the Browser connects to Influxdb).\nWe can then use the hostnames we defined to access the database:\n- Name: InfluxDB - Default: enabled URL: http://influxdb:8086 Access: Server (default) ... Database: home_db (we are going to set this up later) User: and Password: as needed (by default: empty) As soon as we have data in InfluxDB, we can start to define dashboards.\nZigbee2MQTT And this is where we start configuration for real, the entry point for our data: Once everything is running we should see a /export/iot/z2m/configuration.yaml.\nIt will look somewhat like this:\n# cat configuration.yaml homeassistant: false permit_join: true mqtt: base_topic: zigbee2mqtt server: \u0026#39;mqtt://mosquitto/\u0026#39; serial: port: /dev/ttyACM0 That is:\nWe run without home assistant, so we disable this. We need to open the z2m to allow devices to join, so permit_join needs to be true. Our mosquitto is at the host of that name. We post data to zigbee2mqtt. We need to tell z2m where our ConBee is located, as a device. When we have done that, and brought the entire apparatus up, we will be able to have devices join, and they are being added to the configration.yaml.\nAfter that we can edit the file to give them proper names.\nStarting it So we cd /export/iot and docker-compose build, them docker-compose up the entire thing.\nAmong all the other things we also get our bridge process and the node process from z2m:\n# ps axuwwww | grep [b]ridge.py kris 2982402 0.0 0.0 24136 18120 ? Ss Nov10 5:20 python3 -u bridge.py # ps axuwwww | grep index.j[s] root 441693 0.8 0.1 314256 57840 ? Sl 12:12 2:53 node index.js We can switch to the z2m log directory and tail the log:\n# tail -F $(ls -1tr */log* | tail -1) info 2020-11-15 12:12:56: Logging to console and directory: \u0026#39;/app/data/log/2020-11-15.12-12-56\u0026#39; filename: log.txt info 2020-11-15 12:12:56: Starting zigbee2mqtt version 1.14.0 (commit #9009de2) info 2020-11-15 12:12:56: Starting zigbee-herdsman... info 2020-11-15 12:12:56: zigbee-herdsman started info 2020-11-15 12:12:56: Coordinator firmware version: \u0026#39;{\u0026#34;type\u0026#34;:\u0026#34;ConBee2\u0026#34;,\u0026#34;meta\u0026#34;:{\u0026#34;transportrev\u0026#34;:0,\u0026#34;product\u0026#34;:0,\u0026#34;majorrel\u0026#34;:38,\u0026#34;minorrel\u0026#34;:74,\u0026#34;maintrel\u0026#34;:0,\u0026#34;revision\u0026#34;:\u0026#34;0x264a0700\u0026#34;}}\u0026#39; ... warn 2020-11-15 12:12:56: `permit_join` set to `true` in configuration.yaml. warn 2020-11-15 12:12:56: Allowing new devices to join. warn 2020-11-15 12:12:56: Set `permit_join` to `false` once you joined all devices. info 2020-11-15 12:12:56: Zigbee: allowing new devices to join. info 2020-11-15 12:12:56: Connecting to MQTT server at mqtt://mosquitto/ info 2020-11-15 12:12:56: Connected to MQTT server We could now try to have a device join the setup, by holding it close to the antenna and pressing the button. For the IKEA bridges, we need to push a paper clip into the small hole at the front, for the Aqara devices we press the button.\nWe should see a log message for each of the devices. After everything has joined, we can docker-compose stop z2m; service networking restart and edit the configuration.yaml to closed state, and name the devices.\n# cat configuration.yaml homeassistant: false permit_join: false mqtt: base_topic: zigbee2mqtt server: \u0026#39;mqtt://mosquitto/\u0026#39; serial: port: /dev/ttyACM0 devices: \u0026#39;0x00158d0004075772\u0026#39;: friendly_name: eastside/SENSOR \u0026#39;0x00158d00048735ab\u0026#39;: friendly_name: bathroom/SENSOR \u0026#39;0x00158d00045c09a9\u0026#39;: friendly_name: schuppen/SENSOR \u0026#39;0x00158d00053effba\u0026#39;: friendly_name: westside/SENSOR \u0026#39;0xec1bbdfffe18b39d\u0026#39;: friendly_name: bibliothek/BRIDGE \u0026#39;0x842e14fffe75eda0\u0026#39;: friendly_name: wohnzimmer/BRIDGE \u0026#39;0x00158d000486341e\u0026#39;: friendly_name: wohnzimmer/SENSOR \u0026#39;0x680ae2fffe9c847d\u0026#39;: friendly_name: schuppen/BRIDGE z2m will now post messages to the MQTT bus, building the topic from the base_topicand the friendly_name:\ninfo 2020-11-15 17:42:00: MQTT publish: topic \u0026#39;zigbee2mqtt/schuppen/SENSOR\u0026#39;, payload \u0026#39;{\u0026#34;battery\u0026#34;:97,\u0026#34;voltage\u0026#34;:2995,\u0026#34;temperature\u0026#34;:11.85,\u0026#34;humidity\u0026#34;:81.23,\u0026#34;pressure\u0026#34;:1002,\u0026#34;linkquality\u0026#34;:96}\u0026#39; info 2020-11-15 17:42:45: MQTT publish: topic \u0026#39;zigbee2mqtt/bathroom/SENSOR\u0026#39;, payload \u0026#39;{\u0026#34;battery\u0026#34;:74,\u0026#34;voltage\u0026#34;:2955,\u0026#34;temperature\u0026#34;:21.41,\u0026#34;humidity\u0026#34;:59.62,\u0026#34;pressure\u0026#34;:997.4,\u0026#34;linkquality\u0026#34;:96}\u0026#39; The payload here is JSON, which we parse, and push into Influxdb. Or let telegraf do that, automatically.\nWhy the service networking restart? For some reasons, when downing or stopping services from docker-compose, docker-compose will remove all the routes to my Ubuntu. I then need to connect a keyboard, log in and manually run service networking restart to fix this.\nI have not yet found out why this happens.\nWhen doing it like this, I keep the connection and do not need to fix the Ubuntu box.\nListening to the bus Using the mosquitto_sub command we can listen to multiple topics on the bus. For that we need to provide the -t option one or more times. Topics can be literal like zigbee2mqtt/bathroom/SENSOR or can contain a single level wildcard (+) or multilevel wildcards (#).\nWe run\n# mosquitto_sub -F \u0026#34;%J\u0026#34; -t zigbee2mqtt/+/SENSOR {\u0026#34;tst\u0026#34;:1605459438,\u0026#34;topic\u0026#34;:\u0026#34;zigbee2mqtt/westside/SENSOR\u0026#34;,\u0026#34;qos\u0026#34;:0,\u0026#34;retain\u0026#34;:0,\u0026#34;payloadlen\u0026#34;:100,\u0026#34;payload\u0026#34;:{\u0026#34;battery\u0026#34;:91,\u0026#34;voltage\u0026#34;:2985,\u0026#34;temperature\u0026#34;:10.63,\u0026#34;humidity\u0026#34;:84.22,\u0026#34;pressure\u0026#34;:997.5,\u0026#34;linkquality\u0026#34;:97}} {\u0026#34;tst\u0026#34;:1605459438,\u0026#34;topic\u0026#34;:\u0026#34;zigbee2mqtt/westside/SENSOR\u0026#34;,\u0026#34;qos\u0026#34;:0,\u0026#34;retain\u0026#34;:0,\u0026#34;payloadlen\u0026#34;:100,\u0026#34;payload\u0026#34;:{\u0026#34;battery\u0026#34;:91,\u0026#34;voltage\u0026#34;:2985,\u0026#34;temperature\u0026#34;:10.63,\u0026#34;humidity\u0026#34;:83.12,\u0026#34;pressure\u0026#34;:997.5,\u0026#34;linkquality\u0026#34;:97}} {\u0026#34;tst\u0026#34;:1605459438,\u0026#34;topic\u0026#34;:\u0026#34;zigbee2mqtt/westside/SENSOR\u0026#34;,\u0026#34;qos\u0026#34;:0,\u0026#34;retain\u0026#34;:0,\u0026#34;payloadlen\u0026#34;:100,\u0026#34;payload\u0026#34;:{\u0026#34;battery\u0026#34;:91,\u0026#34;voltage\u0026#34;:2985,\u0026#34;temperature\u0026#34;:10.63,\u0026#34;humidity\u0026#34;:83.12,\u0026#34;pressure\u0026#34;:997.8,\u0026#34;linkquality\u0026#34;:97}} in one window, and tail -f /export/iot/z2m/log/*/log.txt in a second window. When log messages appear in log.txt, we should also see JSON payloads being dumped by mosquitto_sub.\nWe now know that zigbee2mqtt is up and running, has a configuration and is posting messages to the MQTT, using the proper topic names.\nDebugging the topology Zigbee is a mesh network. Our IKEA signal repeaters will act as intermediate relays, forwarding the messages to the coordinator.\nWe can dump the current topology , as seen by the zigbee2mqtt gateway, by running the following command in one window:\nmosquitto_sub -h localhost -C 1 -t zigbee2mqtt/bridge/networkmap/graphviz | sfdp -Tpng \u0026gt; map.$(date +%Y%m%d%H%M%S).png and running the matching pub command in a second window:\n# mosquitto_pub -h localhost -t zigbee2mqtt/bridge/networkmap -m graphviz The sfdp command is part of the graphviz package.\n# dpkg -S $(which sfdp) graphviz: /usr/bin/sfdp The result is a network map. The map is always only a current snapshot, and the actual configuration may vary depending on network conditions.\nThe MQTT network map shows the devices and how they connect between each other. Unlinked devices connect directly to the coordinator.\nTo be continued with a section on Influx configuration.\nI could not have done this alone There are many people who have helped me to set this up. The one that stands out most is Marianne Spiller . She wrote Smart Home mit openHAB 2 , the book on openHAB and home automation, and while I did not go down that route, she inspired me to research the topic. She also motivated me to look into docker-compose and she is running the fantastic #tabsvongesternnacht Stammtisch every Friday. Thank you, @sys_adm_ama .\nAnother useful resource was https://github.com/Nilhcem/home-monitoring-grafana and the article in Home sensor data monitoring with MQTT, InfluxDB and Grafana , which I took as a blueprint for my setup.\n","date":"2020-11-15T00:00:00Z","href":"https://blog.koehntopp.info/2020/11/15/my-home-sensor-network.html","tags":["lang_en","iot","home automation"],"title":"My home sensor network"},{"categories":null,"content":"Es gibt ein Interview mit Stefan Ramesohl vom Umweltministerium (des Bundes) in Netzpolitik.org: \u0026ldquo;Warum niemand weiß, wie viele Rechenzentren es in Europa gibt \u0026rdquo;. Im Wesentlichen hat das Umweltministerium angesagt, daß es auf europäischer Ebene Rechenzentren erfassen und katalogisieren will, um in einem zweiten Schritt den Energieverbrauch von Rechenzentren zu regulieren.\nDas ist sehr spannend, denn derzeit gibt es keine Übersicht über Rechenzentren in Europa, und tatsächlich sind einige Rechenzentrumsbetreiber sehr paranoid, was den genauen Standort ihrer Hardware angeht und wieviel und welche Hardware darin ist oder was diese tut. Das ist zwar lächerlich - es ist sehr schwierig eine Energiesenke wie ein Rechenzentrum und ihre Abwärme zu verstecken - aber auch ein sehr sensitives Thema.\nEine Leseliste In dem Interview gibt es ein paar Dinge, die Anmerkungen verdienen, aber bevor es los geht noch die anderen Artikel in diesem Blog als Links:\nThreads vs. Watts : Ich habe einen Dell R630 mit zwei Xeon 6132 CPUs getestet, und deren Energieverbrauch unter Last gemessen. Die Resultate sind repräsentativ für die ganze Klasse von Rechnern, die eine Art Arbeitspferd im modernen Rechenzentrum sind. Der Hauptpunkt: 50% der maximalen Energieaufnahme werden bereits bei 20% Auslastung aufgenommen. A Journey to Open Compute : Mit Open Compute hat Facebook die Energieaufnahme eines Rechners in Idle auf 50% eines herkömmlichen Rechners senken können, und unter Volllast auf 80%. Das wird ermöglicht, indem man Rechner, Rack und Raum nach einer gemeinsamen Spezifikation baut und optimiert. Der Open Compute Standard ist jetzt eine offene Spezifikation, aber wegen der Abhängigkeiten zwischen Raum, Rack und Rechner lohnt sich das alles nur, wenn man ein GAFAM -type Hyperscaler ist. Power budgets for computing resources - portable and stationary listet generell die Zusammenhänge zwischen Rechnen, Batterieverbrauch und Abwärme auf. Data Centers and Energy : Wenn man Netflix schaut, wird Energie verbraucht. Wo und wieviel? Wir reden über Endgeräte (die nur wenige Watt brauchen), über Open Compute in Rechenzentren und über Energieverbrauch im Netzwerk, speziell auf der letzten Meile. Letzterer variiert enorm: 5G braucht sehr viel Energie, (V)DSL ist ebenfalls sehr aufwendig, und Glasfaser nicht - sie ist leicht eine Zehnerpotenz günstiger. Streaming and Energy und Netflix does not bring down the Internet : Speziell Videostreaming funktioniert schon sehr optimiert: Videos werden in Edge Data Centers gespeichert und nicht neu codiert, sie werden in der niedrigsten sinnvollen Auflösung geliefert und die Decodierung erfolgt mit spezieller Hardware, damit die Batterie im Endgerät länger hält. All das braucht weniger Energie als angenommen. Cloud and Energy : Das Uptime Institut sagt: \u0026ldquo;Data center energy efficiency gains have flattened out\u0026rdquo; (und sieht einen durchschnittlichen PUE von 1.58). Uptime sagt im selben Text aber auch, daß neuere und größere Facilities mit Open Compute signifikant bessere PUE haben. Der einfachste Weg zur Verbesserung von PUE für die meisten Firmen ist, ihre Workloads in die Cloud zu verlagern (und dynamisch zu skalieren). Das hat bei korrekter Durchführung neben Energieffizienz auch noch jede Menge andere Vorteile, die sich aus einem gelungenen Outsourcing ergeben. Hyperscaler-Rechenzentren sind viel energieeffizienter Auf Twitter ging ich auf das Interview ein :\nNetzpolitik.org: Diese großen Player können ja kein Interesse an staatlicher Regulierung haben, sondern werden versuchen, eine branchenweite Selbstverpflichtung herbeizuführen.\nEher nicht. Als GAFAM wäre man sinnvollerweise für mehr Regulierung, denn das käme effektiv einem Cloud-Zwang gleich.\nWie oben bereits dargestellt, hat GAFAM bereits Rechenzentren, die sehr viel effizienter mit der Energie umgehen als normale Rechenzentren es tun. Das ist so, weil diese Rechenzentren Raum, Rack und Rechner als ein System designed haben und weil die Betreiber als Hyperscaler es sich leisten können, solche Rechenzentren nach Maß zu designen, bauen zu lassen und zu optimieren.\nWährend also ein traditionelles Rechenzentrum Rechner für eine Million Watt betreibt und dafür um die 600.000W an Kühlung und anderer Sekundärenergie aufbringen muß (Power Utilization Efficiency, PUE 1.6), können die am Besten optimierten Google-Rechenzentren eine Million Watt an Rechnern mit 60.000W Sekundärenergie betreiben (PUE 1.06).\nEin effektiver PUE von \u0026lt;1.2 ist par für die Hyperscaler-Cloud.\nEin kleinerer Rechenzentrums-Nutzer füllt nicht ein ganzes RZ mit Rechnern, läßt also nicht nach Maß bauen, sondern mietet existierenden RZ-Space, der prinzipbedingt nicht gut geeignet ist für Open Compute (OCP). Existierende RZ-Space ist generisch, er muß jede Art von IT-Equiment aufnehmen können und ist daher oft Überkühlt, der Airflow ist nicht optimiert und hat auf diese Weise mindestens dreimal mehr Overhead als RZ-Space, den Hyperscaler nach Maß bauen (PUE \u0026lt;1.2 vs. PUE ~ 1.6). Noch kleinere Benutzer füllen nur einzelne Räume oder haben Raumabschnitte (\u0026ldquo;Cages\u0026rdquo;), teilen also die Kühlung mit anderen Nutzern.\nHyperscaler bauen nicht nur ein RZ, sondern tun das in Serie, und iterieren dabei das Design. Sie lassen auch Rechner und Rechnerkonzepte wie OCP entwickeln, und stimmen dabei das Design des RZ auf das Design von Rack und Rechner ab - daher kommt die energetische Überlegenheit von OCP.\nDazu kommt, wie oben auch dargestellt, daß ein ausgelasteter Rechner energieeffizienter ist als einer, der teilweise vor sich hin idled. Ein Dell R630 verbraucht bereits 50% seiner maximalen Energie bei 20% Auslastung.\nMaschinen auszulasten und Workloads dynamisch zu skalieren ist etwas, für das \u0026ldquo;die Cloud\u0026rdquo;, also die API-gesteuerten Rechenzentren der Hyperscaler, gebaut worden sind. Hyperscale Clouds haben \u0026ldquo;sellable cores per provisioned cores\u0026rdquo; als eine zentrale Optimierungsmetrik, sie wollen ausgelastete Rechner, weil das die Einnahmen definiert.\nWatts per Thread (Dell R630, Dual Xeon 6132)\nWie dem auch sei: Aus energetischer Sicht ist Auslastung wichtig, weil die Watts zur Aktivierung des n-ten Rechenkerns asymptotisch günstiger sind. Das ist so, weil die Idle-Energieaufnahme der Maschine und des ganzen Rechenzentrums drumherum sich so amortisiert.\nAußerdem: Wenn man es sich leisten kann, Hyperthreading zu aktivieren (Wegen der diversen Intel-Caching-Bugs der letzten Jahre ist das oft ein Sicherheitsrisiko), dann sind die Hyperthreads energetisch betrachtet nahezu kostenfrei. Integer- und Stringprocessing-Workloads können Hypterthreads als nahezu vollwertige zweite CPU betrachten, Fließkomma-intensive Workloads nicht.\nWebshops sind, wenn sie richtig gebaut worden sind, String- und Integer-Anwendungen und sehr wenig Fließkomma-intensiv, könnten also von Hyperthreading voll profitieren. Die Anzahl der nutzbaren Cores verdoppelt sich rechnerisch und ist bei Webshop fast vollständig realisierbar - ein Webshop mit einer fast reinen Integer/String Workload kann von den 56 rechnerischen Kernen einer Dual-6132 eine Load von deutlich über 40 stabil verarbeiten.\nKosten und Energie Über eine Nutzungsdauer von fünf Jahren gerechnet machen Energiekosten in etwa die Hälfte der Gesamtkosten eines Rechners aus - für einen Hyperscaler ist das ein so intensiver Kostenfaktor, daß sie aus wirtschaftlichen Gründen seit mehr als 15 Jahren intensiv die Energieaufnahme ihrer Rechenzentren in allen Punkten optimieren.\nDas ist der primäre Grund für das Open Compute Projekt (OCP) und die Bauweise der Hyperscaler-Rechenzentren. Für Hyperscaler lohnt dies, weil das der Kernbereich ihres wirtschaftlichen Handelns ist.\nDazu kommt, wie in der Leseliste dargestellt, daß alle Hyperscaler (bis auf Amazon) bereits 100% graugrün sind, also zu großen Teilen bereits auf tatsächlich regenerativer Energie laufen und den Rest mit Zertifikaten kompensieren, und obendrein sehr nah in der Zukunft liegende Ziele haben, was komplett grünen Betrieb und Überkompensation angeht. Speziell Google ist ein sehr großer Investor in Wind- und Solarkraftanlagen, Netflix überkompensiert bereits jetzt, ist also Carbon-Negative.\nFür ein Firma, für die der Betrieb und die Skalierung von Rechenzentren und ihrer Hardware nicht der Kern ihres wirtschaftlichen Handelns ist, ist es ausgeschlossen hier mitzuhalten.\nOder wie Ramesohl es formuliert:\nEs ist einfach so, dass eine gewisse Skalierung zu großen Vorteilen führt, die dann wiederum über eine Wettbewerbsfähigkeit im Markt die Marktposition stärkt und damit den Marktanteil erhöht. Das ist ein selbstverstärkender Effekt. Hinzu kommt, dass diese Akteure in der Lage waren, zu investieren und sich damit ein technologisches Know-how aufzubauen, was wiederum im Umkehrschluss ihre Marktposition stärkt.\nDas ist richtig, dass gerade bei den großen Playern entsprechende selbstdefinierte Nachhaltigkeitsziele vorliegen. Das sind teilweise sehr ambitionierte Pläne, die versuchen, die Emissionen, die im Laufe der Unternehmensgeschichte bisher aufgelaufen sind, rückwirkend zu kompensieren.\nBandbreite und Energie Ramesohl sagt auch:\nDa geht es um die Frage, ob jede Internetwerbung eine Autoplay-Funktion braucht, also abspielt, wenn ich nur über die Seite scrolle. Das erzeugt nämlich ein enormes Datenvolumen. Oder die Frage, ob alles standardmäßig in höchster Auflösung gestreamt werden muss, wenn es auf einem kleinen Bildschirm angeschaut wird.\nDahinter steht die Fehlmeinung, daß eine Netzwerkinfrastruktur mehr Energie benötigt, wenn Daten übertragen werden. Das ist nicht der Fall.\nSo wie eine Festplatte oder RAM nicht schwerer werden oder mehr Energie verbrauchen, wenn Daten darin gespeichert werden, so braucht ein kabelgebundenener Netzwerklink nicht (wesentlich) mehr Energie, wenn Daten übertragen werden.\nRAM und Festplatten brauchen (mehr) Energie, wenn Daten geändert werden, also Bits gekippt werden.\nUnd kabelgebundenene Netzwerkinfrastruktur überträgt immer Daten (Trägersignale), auf die die Nutzlast dann aufmoduliert wird. Das wiederum braucht im Vergleich zur Grundlast des Netzes (das Senden des Trägers) kaum Energie. Anders sieht es bei Funkverbindungen, also Datenübertragung via Mobilfunknetz aus, dort wird der Sender komplett abgeschaltet, wenn er nicht gebraucht wird, um das Spektrum frei zu halten.\nSpeziell bei Glasfaser ist es so, daß man die Bandbreite zudem mit nur wenig mehr Energieaufwand um Größenordnungen hochdrehen kann, wenn man will - durch den Austausch der Laser kann dasselbe Medium in der Kapazität verzehnfacht oder verhundertfacht werden ohne signifikat mehr Energie zu verbrauchen.\nWas tun wir mit all dem Compute Am Ende ist es eventuell eine gute Idee, nicht nur genauer hin zu schauen, wo Rechenzentren stehen und wie sie designed sind, sondern was mit den Megawatts gemacht wird, die dort verwendet werden. Auf diese Weise bekommen wir eventuell Bitcoin weg gebombt. Das wäre schon einmal sehr wichtig, denn hier wird Energie in der Größenordnung ganzer Staaten in sinnlosen Berechnungen (\u0026ldquo;Proof of Work\u0026rdquo;) verheizt. Und nein, das kann man nicht ändern, PoW kann nicht sinnvolles berechnen.\n","date":"2020-11-01T00:00:00Z","href":"https://blog.koehntopp.info/2020/11/01/rechenzentren-und-ihren-stromverbrauch-regulieren.html","tags":["lang_de","computer","data center","energy","cloud","climate"],"title":"Rechenzentren und ihren Stromverbrauch regulieren"},{"categories":null,"content":"Sometimes things change in a way that is hard to put a finger on, but I am doing this MySQL thing since 3.23, and commercially since 2005, and the environment is changing. These days, when you talk to people in need of MySQL, the first thing you have to ask them is \u0026ldquo;Which MySQL\u0026rdquo;. And by that I do not mean a version number in the first place.\nThe answer may be:\nAWS RDS MySQL AWS RDS MariaDB AWS Aurora MySQL Community Edition MySQL Enterprise Edition MariaDB and now, new, MySQL on Oracle Cloud. The answer to this question, usually qualified with a version number, decidedly influences what is available in features, access, performance, and what is usually the root cause for problems.\nNot only in support, but also in application design, scaling limits and many more things.\nSpecifically:\nAurora V1 limits you to MySQL 5.6 features, and V2 to what was available in 5.7.12, four years ago. You scale automatically, and in some cases far beyond what is available on a single machine, but specifically performance behavior is very different from regular MySQL. Not only is the storage layer completely different, but Aurora has also ripped out and rewritten certain features (such as GIS), so it\u0026rsquo;s essentially a completely different database that happens to speak MySQL protocol. RDS nominally supports 8.0, but 8.0 is decidedly a second class citizen in RDS. Since the majority of all new MySQL deployments are likely RDS deployments, this holds back the pick-up of 8.0 as a target for application developers considerably. Some features are only available in Enterprise Edition, even when you run on your own hardware, but they cannot be language features, exposed to developers (for the same reason as above - nobody would target them), so the difference between CE and EE can only be operational. There it can be substantial. MariaDB, see Aurora, is now a completely different database that happens to speak the same wire protocol. The amount of special casing in my workplaces database management tooling makes that very clear: Internal logic, status and control variables, even the way replication works, is all quite different. It is easier to treat it as a completely different thing than to special case MySQL/MariaDB all the way through the codebase. Oracle cloud will most likely try to differentiate itself with cloud-only features the same way Aurora does this. On the other hand, with applications running in AWS, will you send SQL queries across the internet to your Oracle cloud database instances and eat all that latency? Worse, will your Enterprise go through all the interdepartmental overhead to certify another cloud for use, just to run database instances that AWS also has (minus some features, but for which AWS likely has other, specialized services)? What happens instead: At work, our application runs on MySQL.\nBut the number of 3rd party products that drop MySQL support (not Oracle MySQL support, but \u0026ldquo;all MySQL, so also not MariaDB\u0026rdquo;) is growing.\nThey all move to Postgres, to the point where it becomes necessary to make AWS Postgres and local Postgres officially managed targets for supported deployments in our Enterprise.\nOr, shorter, the triangle AWS-Oracle-MariaDB presents too fragmented a front, a frenemy experience, and is losing a lot of developer mindshare because of that.\nThat makes me very sad.\n","date":"2020-10-28T00:00:00Z","href":"https://blog.koehntopp.info/2020/10/28/mysql-ecosystem-fragmentation.html","tags":["lang_en","mysql","database"],"title":"MySQL: Ecosystem fragmentation"},{"categories":null,"content":"Sven Geggus trolled me . A bunch of nerds were speaking about what\u0026rsquo;s wrong with biking in Germany, and he wrote:\nTweet : Der @isotopp wohnt doch in Holland. Wo sind denn bei euch die Vorfahrtsregeln anders und könnte man da was sinnvoll für .de übernehmen? \u0026ndash; @isotopp is living in the Netherlands. So how is the right of way different and how could .de learn from this?\nBiking in the Netherlands does not suck, and that is not because of any specific traffic rules being any different, but because traffic is fundamentally different, and that somehow escalated.\nIt starts here:\nThe OSHA hierarchy of mitigations.\nThe OSHA hierarchy of mitigations for safety risks, as shown here and approximately everywhere else where workplace safety and risks are discussed also applies to traffic risks. Of course.\nEliminate - build car free cities. Substitute - build better public transport. Isolate - build bike paths that are completely intersection free with car traffic. Engineer Controls - build intersections with barriers, traffic lights. Build speed bumps into streets that destroy shocks of speeding cars. Administrative Controls - install warning signs, train bikers to avoid cars. Change right of way rules. Personal Protectice Equipment - require bike helmets and high viz vests. How it came to be There is the famous Guardian article that explains the history of Stop De Kindermoord and there is the video Namens De Kinderen Van De Pijp, 1972 that tries to explain and to capture the amount of outrage in the Netherlands in the early 70\u0026rsquo;ies regarding the destruction of the urban environment created by a car culture.\nThere is the infamous Plan Jokinen , which would have completely destroyed the old town of Amsterdam (which is now a Unesco World Heritage Site) and replaced it with a giant tumor of highway intersection, killing the city completely. Its realization was averted, thankfully.\nOther cities were less lucky, and took heavy damage.\nUtrecht Catharijnesingel was destroyed and turned into an Autobahn. It took more than 40 years to restore this part of the city to something not insane. Article at Bicycledutch .\nIn Amsterdam, the same story is told, slightly differently. We have Vijzelbuurt is changing here in this blog, explaining the construction of De Rode Loper as an extension of the Metro 52 construction. At station Vijzelstraat, the room between the street and the very deeply located metro station is now turned into a parking garage. On street parking will be dialled back or completely removed, and people that still want a car can rent space down there - but it will of course cost substantially.\nThis is systematic:\nThe city of Amsterdam is about to remove 10.000 parking spaces inside the inner city. Video Do you want to read more? I have a Twitter List for that .\nWhat we currently are seeing in the Netherlands is the result of a fight. It took more than 10 years from the 1972 De Pijp video and the Stop De Kindermoord Die-Ins to visible, rideable biking improvements. That was 40 years ago, and when you ride through the Netherlands you can roughly see the decade the bike infrastructure was built when riding it. There have been learnings and improvements all the way.\nGermany, right now, is building 1980\u0026rsquo;ies bike lanes, on a NL scale, using paint on streets. There is no physical separation, there are zero improvements in intersections. And that is the core of the problem: The critical parts are the intersections, see the OSHA hierarchy above, this is where people die.\nAnd you cannot improve intersections with paint. You need an excavator.\nOSHA #3 - Isolate - avoid intersections Let\u0026rsquo;s bike from Hoofddorp Floriande to Vijfhuizen, and have a look at the scenery. Here is the video:\nVideo Some key points:\nWe never really interact with car traffic, barring one situation near Spaarne Gasthuis, and even that could have been avoided choosing one bike lane to the left. We never interact with any of the two national streets (N201, N205). We have a tunnel and a bridge for bikes instead. Typical bike lane in Hoofddorp. The bike path is segregated from any car lane, and is bi-directional. Cyclists can ride two-up side by side, and talk.\nUnderpass under the N201. The N201 is a multilane national road. It could have been a crossing with a traffic light, but building an underpass removes all risk to cyclists from cars.\nThe same spot, as seen by a car driver. The bubble indicates where we emerge from under the road, passing the underpass.\nLater we pass over the N205, across the bike bridge. Underneath are 2x2 lanes of the N205 and the 2x1 lane of the reserved bus lane.\nThis is not an unusual trip in the Netherlands. In another article in this blog, we cycle shopping , and the experience is much the same. We never interact with cars.\nBut these bike paths are empty! \u0026ldquo;But, Kris! All these bike paths are always empty!\u0026rdquo; Yes, they are. It\u0026rsquo;s awesome. You get to ride at your own speed, and without disturbance. It also is a great example that shows how incredibly space efficient bikes are, compared to cars. In fact, how incredibly space efficient anything is, compared to cars.\nPrinzipalmarkt, City of Münster, Germany. 60 people are shown when using cars, using a bus and using bikes.\nUsing cars means you use 20 sqm of space when parking, 140 sqm of space when riding. Using a bike, you are using 2 sqm when parking, and 5 sqm when riding. Because cars are so incredibly wasteful with space, car lanes look full . We simply cannot afford to have cars where many people live, that is, we cannot have cars in cities.\n\u0026ldquo;But, Kris! Can you prove that bikes are used in the Netherlands?\u0026rdquo; Sure, let\u0026rsquo;s go places.\nVideo - a look at Haarlem Station and the bike parking underneath.\nThis bike parking is only a fraction of the bike parking. There is more inside the train station building and there is a multilevel bike parking at the back of the station. All of them are as full as this underground bike parking.\nThis is not the exception, this is the rule. Rush Hour in Amsterdam is horribly busy. It looks like this:\nVideo - Rush Hour in Amsterdam.\nSimilar:\nAmsterdam in Rain , Thomas Schlijper is an awesome chronicler of Amsterdam street life in video and photos. Paris in 2020 , again by Schlijper. This is Anne Hidalgo\u0026rsquo;s legacy, completely transforming the city of Paris from a gridlock hellscape back into a liveable city by pushing cars out. But there is no room in our city \u0026ldquo;But, Kris! This may work where you live, with wide streets and much room and many trees, but not in our crowded and narrow city. We have no room to segregate traffic!\u0026rdquo;\nTweet - Marco Groenewege contrasting a major city artery in Germany and the S107, a major Amsterdam artery, and of comparable size. The dutch street separates traffic types, makes impossible for cars to leave the lane and overtake, or abuse or block the tram. Area use of both constructs is comparable, one is much safer.\nThere is room in every city.\nYou get it by taking away space from cars.\nThen people do no longer die.\nThis is the whole secret.\nAmsterdam, Hugo De Grootplein - click for Streetview. The S105 artery crosses right to left. A roundabout is cut in two by tram tracks, and cycle traffic has to be routed through, safely.\nAmsterdam, on S105 - click for Streetview. The residential streets around Hugo De Grootplein are narrow. Many of them are one-way, like this one on the right (exit only). Construction of the street makes it very clear what the situation is and who has priority.\nAmsterdam, inside the one-way street - click for Streetview. The pavement signals that this is a bike-priority lane, in which cars are guests. The direction of car parking indicates that this is a one way street. Parked cars clog the street.\nIt is also clear that the cars do not belong here. Elsewhere they have been removed .\nAgain, we look to Thomas Schlijper\u0026rsquo;s excellent chronicles to see what happens when you remove cars from the urban environment: You get the city back. People can live.\nCities in the Netherlands have room for people, because they made room for people by removing the cars.\nThe Bike is Part of a System It is very important to have a second, closer look at these bike parks at Train Stations and Bus Stops. They are crucial.\nI am 50+, fit, and have a Pedelec. I have few problems riding 22km from a village near Schiphol to central Amsterdam and back. It takes me around 2h to do that, one hour in each direction. The same amount of time as spent in public transport.\nBut the Netherlands build this AAA - All Ages and Abilities. Not everyone can do what I do. So multimodal transport is the rule. You can bike to a train station or bus stop. The design speed is 15 km/h, the design distance is 20min or less - so within 5 km radius you are supposed to be able to jump onto public transport.\nAt the OV point, you will find bike parking. Covered at Bus Stops, covered, guarded and often with a bike repair shop in Train Stations. You jump on the Openbaare Vervoer (OV, Public Transport) using the chipcard : All transport in the Netherlands can make their own tariff and zones, but the collection is unified with the Chipcard. That means: One ticket for the entire country, one method of billing.\nAt your destination, OV fiets is likely to be available - there are more than 300 stations all across the country where you can have this. This is a public transport bike that can be rented using the same train ticket.\nIt costs € 3.85 per 24-hour period to use an OV-fiets. If you keep the OV-fiets for more than 24 hours, you will be charged for an extra rental period (up to 72 hours). After 72 hours, you will incur an additional charge of € 5.\nIt is not expensive at all.\nGetting to an OV station by bike means the catchment area of these stations is around 10x larger than on foot. That means the stations can be further apart. That means the Bus or Train has to stop less often. Than means it goes faster, a lot faster actually - especially true for trains. That makes public transport way more attractive. That makes more people use the bike/public transport combo.\nThe public transport in the Netherlands is purposefully designed to enable this.\nAnd it is well tracked: Where is my OV? - live tracking for public transport in the Netherlands.\nSo how popular is this?\nPDF of the Cycling Facts and Figures 2018. The Amsterdam City Cycling Policy has links to the Mobility Plan for 2030 and the Long Term Cycle Plan for the City. All of this illustrates\nthis is desired this is policy this is no accident this is hard work, stakeholder management, long term planning and urban development There is a pretty nifty video Invisible Bike Infrastructure of the Netherlands by \u0026ldquo;Not Just Bikes\u0026rdquo;, which explains how this came to be and how this is not an accident.\nAnd the best thing is: This is engineering. That means, it can be reproduced, taught, adjusted and ported into your urban environment. There is CROW , which is the private engineering partner organisation for Dutch city planners. They have documentation in German, English, Dutch and other languages, they have classes and they have people that you can pay to do the work for you - depending on your cities needs and preferences.\nOSHA #4 in German: Safe intersections discussed For Germany, there is \u0026ldquo;Darmstadt fährt Rad\u0026rdquo;, which has german languge article series on dutch protected intersections , explains how protected intersections work , and also refutes the Tagesspiegel article .\nBicycleDutch has a german video explaining how things work in the Netherlands.\n","date":"2020-10-22T00:00:00Z","href":"https://blog.koehntopp.info/2020/10/22/safe-biking-its-not-the-right-of-way-thats-wrong.html","tags":["lang_en","cycling","mobility","netherlands"],"title":"Safe Biking: It's not the right of way that's wrong"},{"categories":null,"content":"Ok, so the title is a bit of an exaggeration, I am about 80% done with the main games quests. Still, the shape and feel of the story is firmly established and it is fascinating. I have some 110 hours in \u0026ldquo;Assassins Creed: Origin\u0026rdquo;, and some 65 hours or so in \u0026ldquo;Assassins Creed: Odyssey\u0026rdquo;.\nYou can play \u0026ldquo;Assassins Creed: Odyssey\u0026rdquo; as Alexios or Kassandra, and the change is permanent for the playthrough for storytelling reasons. My recommendation is that you play as Kassandra, see below.\nThe Assassins Creed series of video games are like \u0026ldquo;Prince of Persia\u0026rdquo;, from which they descended after Ubisoft lost the license to the backstory, but with plenty of conspiracy theory added.\nFor those who never played: Two secret opposing forces battle throughout the history of humankind: A faction that represents order and collective control, under changing names (\u0026ldquo;Cult of Cosmus\u0026rdquo;, \u0026ldquo;Abstergo Industries\u0026rdquo;, \u0026ldquo;The Order of the Snake\u0026rdquo; and many other names), and one representing self-determination and individualism, the Assassins. The battle is usually over some magical science artifact which has been manufactured in the deep past by the creators of humankind, the Isu .\nGameplay revolves around a number of main and side quests, which can be solved by going somewhere, climbing something, and stealthily mudering everone between the character and the objective. The game is bloody, but has an option to turn off gore. With gore off and in easy mode, it is a lot like playing an dumb action movie, only around 20 times longer in runtime. There is a lot of very nicely done storytelling which allows for casual exploration of the time period depicted and the historical background.\nCompared to \u0026ldquo;Origin\u0026rdquo;, \u0026ldquo;Odyssey\u0026rdquo; feels weirdly paced, and somewhat off. This is in part because of the map:\nAssassins Creed maps are like dioramas in a museum, vastly shrinking the real world distances. The map in Odyssey is around 16 x 16 km in size, giving you a minified Aegean to play around in.\nBecause the game is set in ancient greece, the map is a part of the Aegean sea, and there are plenty of islands and sea surface. Travel between islands is by ship, and ship gameplay has a very different rhythm than island gameplay. Also, especially in the early game (on Kephalonia and in Phokis), the usual strategy of doing sidequests to always be 2-3 levels above opponents hardly seems to work, if you are used to how Origins works. Only after you learn to find timed quests and the message board, you will find XP sources. Similarly, you need to find out that \u0026ldquo;?\u0026rdquo; locations do not automatically show up on the map, and you have to explore for them to become visible.\nAlso, Odyssey uselessly scales up: If you are more than a few levels ahead of a region, the game will increase opponent levels \u0026ldquo;to keep up the challenge\u0026rdquo;. Fuck that, if I wanted that challenge, game, I would have been there earlier.\nBut anyway, once you are out of Phokis, and past the Thermopylae, things get more structure and yet, still, the game feels weird. And what is off is\u0026hellip; the story. In a good way, though.\nKassandra, in her natural environment.\nSo how is the storytelling off? And why is this good? The Heroes in Assassins Creed usually do not choose to be heroes, they are not Heroes in the sense of The Hero\u0026rsquo;s Journey . Their journey does not \u0026ldquo;begin in a situation of normality from which some information is received that acts as a call to head off into the unknown\u0026rdquo;, they do not choose to go off on adventure. Instead they experience loss, and then are forced to act.\nAlso, the other stages of the Hero\u0026rsquo;s Journey are not actually realized in the storytelling. For example, in \u0026ldquo;Origins\u0026rdquo;, Aya is not \u0026ldquo;The Woman as the Temptress\u0026rdquo; which must be resisted or is killed in order to motivate the Hero. Instead, Aya is Bayek\u0026rsquo;s partner, and in fact the actual organising force behind the funding of the Assassins Organisation.\nAlso, \u0026ldquo;Origins\u0026rdquo; Bayek does not fit the template of the lone hero who is fighting his way through ever more powerful obstacles until he is completely alone and unfit for civilisation. Instead, he becomes funding member and part of an organisation that tries to represent one human virtue and ideal, and not even the leader of this - Aya-Amunet is filling that role. There is no Apotheosis, no Ultimate Boon.\nBut there is another matching monomyth that fits better: The (VLS version of the) Heroine\u0026rsquo;s Journey , and both \u0026ldquo;Origins\u0026rdquo; and \u0026ldquo;Odyssey\u0026rdquo; match it much better than the \u0026ldquo;Hero\u0026rsquo;s Journey\u0026rdquo;. Together with the superior acting of Kassandra\u0026rsquo;s Voice Melissanti Mahut it is the reason why Odyssey is so much better when you play is as Kassandra.\nIn \u0026ldquo;Odyssey\u0026rdquo;, the hero(ine) is forced out of their \u0026ldquo;perfect world\u0026rdquo; through the sacrifical murder of their sibling - the \u0026ldquo;Betrayal\u0026rdquo; ultimately motivates them to go on the Quest, and this is involuntary. Along the journey, they heroine has to make friends, rebuild connections and redefine her own identity through it.\nIn \u0026ldquo;Odyssey\u0026rdquo; this is realized in two ways:\nThere are in-game choices that can lead to family reunification - or make it impossible, for example, by killing \u0026ldquo;The Wolf\u0026rdquo; for his crimes. And there is the ship\u0026rsquo;s crew, which can be made up by Epic heroes we connected to in side quests, by making the right choices. These are even rendered as specical characters, instead of generic character models. There are skills we aquire in game that allow us to call friends as assists in battles, and there are other game elements that fit the Heroine\u0026rsquo;s Journey much better than the Hero\u0026rsquo;s Journey. So a lot of the gameplay in \u0026ldquo;Odyssey\u0026rdquo; is not about going it alone as a lone hero, but about re-unifying the family, and about building a new group, the ships crew, by making friends along the way. Both are Heroine\u0026rsquo;s activities, not Hero\u0026rsquo;s activities according to their respectice monomyths.\nWhile you can play \u0026ldquo;Odyssey\u0026rdquo; as a Hero\u0026rsquo;s Journey, you can also play it as the \u0026ldquo;Heroine\u0026rsquo;s Journey\u0026rdquo;, and many of its part make a lot more sense and are more fun, if you do. Also, this is quite ironic, given that you play essentially a Ninja , which according to Robin Laws is a guarantee to be boring to any RPG party, because you play alone and separate from everybody else - except that in \u0026ldquo;Odyssey\u0026rdquo;, this particular Ninja\u0026rsquo;s story is all about (re-)building groups and becoming part of something.\nAssassins Creed: Odyssey , Ubisoft, 59.99 Euro.\n","date":"2020-10-19T00:00:00Z","href":"https://blog.koehntopp.info/2020/10/19/fertig-gespielt-assassins-creed-odyssey.html","tags":["review","gaming","media","lang_en"],"title":"Fertig gespielt: Assassins Creed: Odyssey"},{"categories":null,"content":"Back when I was still commuting to work in an office, in the far past, I used to be in the Spaces building in Vijzelgracht in Amsterdam, every day. Mark Wagenbuur of BicycleDutch has been there today, and tweeted :\nAmsterdam is changing dramatically. I was in Vijzelstraat for the first time in about 2 years and I was pleasantly surprised! Looked up the old situation in Google StreetView for some before and afters.\nHe also linked to an image from the Stadsarchief where the situation in 1987 is shown.\nThese works are documented on the City of Amsterdam website , which also has a page for the Vijzelstraat: herinrichting .\nThe desired end state for the space in front of Spaces, Vijzelstraat 66.\nThe works are part of Project Rode Loper , which is the renewal and redesign of all urban space on top of the new Noord/Zuidlijn, Metro 52, after the completion of the Metro works in 2018. The Vijzelstraat works are the conclusion of this project.\nThe City of Amsterdam has a fabulous video channel on Youtube, Het Verkeer , which announces and explains all street works and renewal. The Vijzelgracht project of course also has a video .\nVideo announcing the Vijzelstraat works.\nInterestingly there are two more projects active that match and extend the Rode Loper in this area:\nVijzelgracht: afbouw Vijzelgrachtgarage - The City is building a paid-for underground parking garage in the space between the metro station Vijzelgracht and the street level. This will provide paid-for parking space for 270 cars, similar to the Parkeergarage Museumskwartier, which is serving Frans-Hals-Buurt.\nVijzelbuurt: parkeerluw - Matching the extremely successful conversion of Frans-Hals-Buurt (around 500m north of Vijzelgracht), free and paid-for on street parking is almost completely removed, freeing up public space for fietsers, pedestrians, playing children and city green. The change will affect two local neighborhoods, Weteringbuurt and Noorderbuurt. The city has local consultations with the people living there right now.\n","date":"2020-10-08T00:00:00Z","href":"https://blog.koehntopp.info/2020/10/08/vijzelbuurt-is-changing.html","tags":["lang_en","mobility","amsterdam","netherlands","work"],"title":"Vijzelbuurt is changing"},{"categories":null,"content":"At work, replication chains have a single primary database node, to which you write, and then multiple replicas, in multiple AZs.\nHere is what the one sample chain looks like in Orchestrator:\ninstance-918d is the current primary, in the blue AZ. Replicas in orange and green are in other AZs. Blue badges indicate multiple replicas, eg (38) means 38 machines.\nWhen you talk to a database, you get two database handles:\nA write-handle which always points at the primary, here instance-918d currently, and a read-handle. The read-handle should be in the same AZ as your client application, and should be selected randomly from the available replicas for reading.\nWe also have other replicas, for cloning, to make more replicas, and for example time delayed replicas to correct accidental data deletions and other Oopses quickly.\nMachines that are available for reading are organised in “Pools” per AZ. Many replication chains have only one Pool, “\u0026lt;name\u0026gt;-misc”, but some replication chains also have additional pools for workload isolation. For example, some chains have “\u0026lt;name\u0026gt;-slow” pools, and you get a third handle, to which you are supposed to send slow queries that cannot be optimised.\nOther chains are shared between different applications, and in order to prevent crosstalk we have different pools, so that your \u0026ldquo;application-xml\u0026rdquo; queries do not mess with the regular “application-misc” queries. You are still using a “application-ro” handle, but it is non-overlapping between XML and normal application clients.\nIn any case, we run automated capacity tests on each pool, and then adjust pool sizes as needed. We also report to ourselves on that. Sometimes that report is interesting:\nThe example-misc pool changed target size from 3 to 16 in the night of 05-Oct, which is a 433% increase.\nThe minimum pool size is three, for redundancy reasons. The example chain is not busy, ever, and the pool size should never exceed three.\nDBA Operations talk to the customer: “I am reaching out to you because you are currently designated as owners of one or more of the database schemata in the example database chain. The schemata in question are \u0026lt;list\u0026gt;.\nStarting yesterday, the example chain (and, specifically, its example-misc pool) has seen a significant increase in load, mostly in the blue AZ, as shown here:”\nMySQL \u0026ldquo;Threads Running\u0026rdquo; going through the roof, load testing reports diminished capacity, and we ready more instances. The world is safe again! Or, is it?\nSo we detected an increased number of threads running, and that led to a general reduction in the capacity, and that requires MOAR MACHINES! Yay! So our bots threw more machinery to ride the load wave and that kept us afloat for the moment.\nIs that the story? It is not.\nA mysterious mystery Humans descend on the problem and look. What are the machines in the pool, currently? Well, if you have the privileges, you can check with our roster tool:\n$ sudo roster-tool list /persistent/pools/example-misc/az-west1-a 0be2b240a6964a338f0a65f22a2bb09d-example-2016.dc1.prod.example.com 421e3f5c81914082b26f93cd096c4d25-example-8050.dc2.prod.example.com 95624c835c454bbb8ad10a2eb728f66a-example-8051.dc2.prod.example.com afc7bd521a5c404582645d89598269d3-example-2015.dc1.prod.example.com e5724da64f134c34810f48211f5b777c-example-2014.dc1.prod.example.com So let’s have a look at example-8051:\nThis box is terribly idle. For 18 hours, it was slightly less idle.\nThis box is terribly idle. It has 16 cores, 32 threads, it can do 32 things concurrently on a good day. Running MySQL, it usually becomes flaky at a 1m load average of 24, because we have web loads that are having very many short term variations, so “1m average of 24” really means “anything between 12 and 40”, if you look at things in 0.1s intervals.\nWith a target load of 24, and headroom for failover, the limit is 12 - but it will be flaky in degraded state then. We usually aim for a load of 8-10 on our boxes. For this database pool, we could do with one box instead of three in normal times, but three is the administrative lower limit for redundancy and resilience.\nNothing is busy, but we don’t have capacity During the incident it was higher, but not much. Yet, the capacity test returned a much diminished capacity and grew the chain by a factor of more than 4. Clearly, this is not load, but something else.\nLet’s look at a few metrics for the time between 04-Oct, noon and 05-Oct, 6am. We want to know if we can see more action than the CPU thing. Let’s check the network:\nNope. No action on the network.\nAnd the disk:\nWe see few writes, and almost no reads. This is a memory-saturated database.\nWe see very few disk writes (a few hundred writes per minute), and almost no disk reads. This is a database with the working set residing in memory, and queries are resolved without disk reads.\nThis makes a very low query latency, and also means that the database can really only bottleneck on Networking or CPU. Now, a MySQL is very hard to bottleneck on Networking - I have only ever seen this happen twice.\nSo whatever is happening and limiting us is a kind of CPU problem. Likely not a CPU saturation problem: We would see load \u0026gt; 20 for this, and we are very far from that. That means it is likely to be a per-thread CPU problem.\nWhat could cause CPU saturation? CPU saturation on a database can in my experience have very few and easily detectable causes:\nA frequent query running from memory with no index: full table scans from a memory resident table. No disk I/O, loads of memory reads. This is a badly designed table with a missing index, masked by good memory performance until the CPU is completely eaten up and the box goes down. Add the missing index to fix. A frequent query doing a lot of sorting in memory. Data is not requested in index order, so it needs to be re-sorted before given to the client in order to satisfy an ORDER BY clause. Can also be caused infrequently by weird GROUP BY clauses. Fixed by sorting in the client, if possible, or by finding a better index so that data is returned in index order, which is designed to match the sort order. A system is offloading computation into the database using stored procedures. This is the worst possible design, and easily fixed by nuking the entire site from orbit, starting over from scratch at a new site. All of these cases would create a lot more load than we see, so it is none of that.\nQuery workload? What else stands out?\nQueries/s stable, Select/s looking normal. A slow query \u0026ldquo;spike\u0026rdquo; of very few slow queries.\nThe query load did not change, the capacity did. This is getting more mysterious by the second, but I think I know the smell. See that slow query “non-spike”? We have had slow queries, but it could not have been many.\nWhat we know by now So\nsome, very few, slow queries, queries, an unsaturated database, not bottlenecking globally on any base resource a machine load going up by 2 from 1 to 3 (per thread problem, two queries?) long-running We have seen this before , and we have seen it a long time before that as well. Let’s check the undo-log size:\nUndo-Log shark fin perfectly coinciding with the incident.\nWe observe a shark fin in the Undo-Log size that perfectly matches the time span of the incident and the increased CPU time.\nWe knew this is bad We know from MySQL Transactions - the physical side what the Undo-Log is and what it is being used for: It’s keeping old versions of a row so that a transaction can have a stable read view preventing phantom reads.\nWe learned in MySQL Transactions - the logical side how the Undo-Log is consulted, depending on the transaction isolation level setting of the reading connection. Go to that article now, and read the section on “Repeatable Read and Long Running Transactions”, now.\nThe part where it says:\nStarting a transaction at the default isolation level will force the Undo-Log Purge Thread to stop at the position of our read view. Undo-Log entries will no longer be purged, filling up and growing the Undo-Log. Reads and Index Lookups become more complicated and slower, slowing down the overall performance of the database.\nSo it may be long-running transactions.\nProof How can we prove that?\nAnd this is where metrics end, and observability starts. We would need a flight recorder that takes a snapshot of the database activities in regular intervals and keeps the data for some time so that we can look at non-numeric, non-aggregated detailed system stats from the past.\nThis is such an obvious pressing need that Simon Mudd wrote a script to do that in the deep, dark past long before the term “observability” even existed.\nIt runs every minute, and collects system hardware stats, MySQL processlist and other data, and stashes them compressed in a ring buffer in /var/log/mysql_pl/\u0026lt;weekday name\u0026gt;.\nIn an age of bare-metal machines and all devs having production access you log into a database, cd into that directory and grab a random snapshot from the incident interval:\n/var/log/mysql_pl/Sun $ xzcat 23_48.innodb.xz \u0026gt; /tmp/kris /var/log/mysql_pl/Sun $ vim /tmp/kris /var/log/mysql_pl/Sun $ awk -F\u0026#39;\\t\u0026#39; \u0026#39;($5 != \u0026#34;Sleep\u0026#34;) \u0026amp;\u0026amp; !match($7, /Waiting for/)\u0026#39; /tmp/kris | less With a text editor we isolate the processlist recording from 23:48 on 04-Oct. We then use Unix Tooling to look at all non-sleeping connections that are also not idle replication connections.\nThis yields indeed two interesting queries: Both show a cronjob=reserve_projectname_upsert_transaction_ids running on cronapp-39.dc2.prod.example.com and on cronapp-02.dc2.prod.example.com, with runtimes of 16220 and 22170 seconds.\nThere are indeed two long-running queries, coinciding perfectly with a load increase of 2, and they are easily identifiable cron queries. They run from two different hosts, with the same cron banner.\nI have no idea what that job does, but we are looking at a SELECT statement in REPEATABLE READ isolation that has a run time of multiple hours, and unsurprisingly an Undo-Log escalation. That leads to slow query performance and reduced capacity for all things, including the capacity test, and a changed target size for the pool.\nWhat we can learn from this Besides the obvious, that is, fixing that cron?\nWell, there is a moment in time in incident analysis where you need to pivot from identifying timeframes in which the incident happened and machines that are affected to actual instances of the incident in question.\nThis is also where you move from numeric aggregates in a dashboard to textual, structured logging information that actually has to be recorded before.\nThis is what observability is about: The ability to do this pivot easily, within one system, without special privileges, with proper tooling, in distributed systems, at will, without access to the actual box.\nWe don’t have observability. We need to get better at this. Go, follow Charity Majors on Twitter .\nWith such tooling, we need to connect what we teach with actual incidents that show how the teachings connect to real world cases.\nWhich is why I am typing up this thing, right now and link to the actual write-ups that enabled me to show you this. Go, read these things again, please, in the light of this particular episode.\nYou know in your head what \u0026ldquo;Undo-Log\u0026rdquo; means. Here you can understand what \u0026ldquo;Undo-Log\u0026rdquo; feels like. Go, touch the candle .\nWe have all the tooling, but it is from a different age. An age where people either routinely had access to production or sat next to a DBA in an office and could easily get at all the metrics. Observability by shell script on a root shell is a thing we have in abundance, because that was enough in that time and age.\nWe do no longer have access to root shells in production, and in the age of anything as a service not even to shells.\nObservability as taught by Charity Majors is your trusted printf(“Checkpoint: I am here.\\n”); or your Fred Fish Dbug Macros brought into the 21st century age of distributed services , and the tooling to create metrics from events, and then slice and dice that in any dimension without having a privileged shell on the broken system.\nSo yeah, let’s upgrade.\n","date":"2020-10-07T00:00:00Z","href":"https://blog.koehntopp.info/2020/10/07/an-unexpeced-pool-size-increase.html","tags":["lang_en","mysql","database","erklaerbaer","mysqldev"],"title":"An unexpected pool size increase"},{"categories":null,"content":"Ich schrieb in einem Twitter Thread über Posix Dateisysteme vs. Object Stores :\nUNIX FS ist 1974. BSD FFS ist 1984. XFS ist 1994. ZFS (und Btrfs und Wafl) sind LFS, also 2004. Object Storages, LSM, \u0026ldquo;RocksDB\u0026rdquo; ist ca. 2014, um den Takt zu halten.\nund wurde gefragt: \u0026ldquo;Was kommt 2024\u0026rdquo;. Meine halb spöttische, halb ernst gemeinte Antwort war:\nIrrelevant.\n2024 läuft Dein Code serverless bei einem professionellen Betreiber und vom lokalen System und dem lokalen Dateisystem kriegst Du nix mehr zu sehen außer einer monatlichen Rechnung.\nRein in die Cloud Selbst wenn es kein \u0026ldquo;serverless\u0026rdquo; ist, sondern eine VM oder ein Container: Wir haben dazu gelernt, und sind besser geworden. Deswegen sind aber auch unsere Standards und Anforderungen gestiegen und wir brauchen bessere Umgebungen.\nDie Prozesse und die Technik lokal so aufzusetzen, daß man weiterhin compliant bleibt mit SOX, PCI und PII ist eine ganze Menge Arbeit, die nicht zur Kern-Mission der meisten Unternehmen gehört. Es ist auch ein Investment, das besser in geschäftsrelevante Bereiche ginge. Techniken und Infrastruktur bereit zu stellen, die in einem Amazon-like Environment \u0026ldquo;so da\u0026rdquo; ist wird immer schwieriger und teurer werden.\nEin paar Selbstverständlichkeiten Auf der Minimum-Liste für alle stehen inzwischen Dinge wie\nSingle Sign On und Identity Management (SSO und IAM) Rollenbasierte Access Controls (RBAC) eine PKI Encryption at Rest und Encryption in Flight Administrator Roles mit Segregation of Duties Mandatory Access Controls and Privilege Limits Audit Trails Complance und Audit von all dem Und das ist schon mehr Arbeit als man als Firma mit einem eigenen RZ-Betrieb selbst leisten und erfinden kann. Es ist auch etwas, das so nicht fertig kaufbar und als Produkt installierbar ist, weil es eben nicht nur Technik ist, sondern auch Prozeß und Kultur.\nEs sind aber alles Dinge, die man als Technik in einem AWS Environment oder einer anderen großen Cloud per Default bekommt und zu der es dann auch Unterweisungen gibt, die einem Best Practices und funktionierende Prozesse nahe bringen.\nDazu kommen dann Dienste, die in einem eigenen Rechenzentrum mühevoll oder teuer zu schaffen sind, die man aber in einer großen Cloud testweise oder produktiv dazu nehmen kann, ohne eigenen Aufwand zu treiben.\nGeocoder Spracherkennung Bilderkennung Integration in eine skalierbare Big Data Umgebung Integration von Eventprozessoren Event Driven Execution (\u0026ldquo;Step Functions\u0026rdquo;), die es auch Nicht-Codern erlauben, Anwendungen durch Zusammenklebeben von -aaS Diensten zu schaffen. Aber das sind nur Beispiele aus hunderten von Diensten\u0026hellip;\nNicht die Mission der meisten Betriebe Das ist etwas, das einer traditionellen RZ-IT nicht zugänglich ist, und das auch unverhältnismäßig viel Kapital, Investment und Personal binden würde, würde man es selbst lokal entwickeln. Schon so etwas simples wie RDS funktioniert besser und automatischer als alle selbstgestrickten DevOps Managementscripte für Datenbanken, die man selbst haben kann.\nDruck kommt nicht nur aus dem Management und aus der Compliance, sondern auch von unten: Die aktuelle Generation von Entwicklern hat nie mit einem lokalen RZ gearbeitet, sondern ist in AWS groß geworden. Sie setzt die Qualität der Implementierung und die Prozesse von Amazon als gegeben und als Maßstab voraus. Sie setzt die Leichtigkeit von Operations und Observability voraus, die für eine Cloud-Umgebung typisch sind.\nDeswegen ist die Zukunft von 2024 mindestens hybrid. Aber effektiv wird kein Betrieb mit einem lokalen Rechenzentrum und reinen IaaS-Angeboten noch groß Stiche holen.\nDas ist einer der Gründe, warum Europa als Technologieraum zunehmend abgehängt ist. Nicht nur viele Politiker und Entscheider verstehen nicht mehr, was in den letzten 10 Jahren passiert ist, sondern auch viele Sysadmins \u0026ldquo;on the ground\u0026rdquo; haben die Veränderung des Entwicklerbetriebes in den letzten 10 Jahren grundlegend verpaßt und können nicht erkennen, welche Gestaltungsdrücke gerade auf ihrer Umgebung lasten.\nDas sehen wir nicht nur in der \u0026ldquo;deutsche Schulen in COVID\u0026rdquo; Videokonferenzdiskussion, sondern auch in der ganzen Klasse von BOFH-Bemerkungen, die aus dem Sysadmin Lager oft kommt. Ich habe dazu vor über fünf Jahren schon einmal was gemacht: Slides: Go away or I will replace you with a very small Shell script - ein paar Gedanken zum Thema Devops (Video von der Froscon Version ).\nDie Frage ist nicht, wie ein lokales Rechenzentrum Rechner betreibt und bereitstellt - das ist ein gelöstes Problem. Sondern welche Dienste sie darauf fertig im Angebot haben, ob diese Dienste mit aktuellen Standard und Anforderungen in Compliance sind, ob sie eine API haben, und sie mit lokalem Tooling integrierbar sind.\nIntegration und Bildung von untereinander abhängigen Systemen Wir sind dabei, von individuellen, frei stehenden und trennbaren Teilen zu integrierten Systemen zu gehen. Das hat Vorteile, weil so Prozesse entstehen und eingeübt werden, die meßbar Qualität verbessern und - wichtiger noch - automatisieren.\nDas ist nicht nur im Bereich Betrieb mit der Cloud so, sondern ist ein größerer Trend, der auch in der Software-Entwicklung sichtbar wird: Entwickler arbeiten nicht mehr mit vi im leeren Editor, sondern haben in der Regel Sprachen mit umfangreichen Bibliotheken und Integrationen im Betrieb. Das hat Folgen.\nIn der Entwicklung: Wenn es keinen JetBrains-Editor für die Sprache gibt, wenn sie von gitlab und github nicht erkannt und ausgewertet wird, wenn sie keinen Dependency-Manager und keine CI/CD Integration hat, dann ist eine moderne Programmiersprache - Entschuldigung - Plattform - Entschuldigung - Ökosystem nicht vollständig und nicht mehr konkurrenzfähig.\nWenn eine Sprache nicht von einschlägigen Security- und Audit-Werkzeugen unterstützt wird, wenn sie nicht bei SonarQube oder ähnlichen auf der Liste steht, wenn sie nicht von Valgrind, Fuzzern und anderen Werkzeugen unterstützt wird, dann hat eine moderne Programmierumgebung in einem Enterprise-Umfeld zunehmend Schwierigkeiten, die steigenden Compliance-Anforderungen im Bereich Software-Entwicklung und Qualitätssicherung zu erfüllen.\nIm Betrieb: Ohne Identity, PKI, SSO, RBAC, Segregation of Duties, Encryption überall, Auditing und enforceable maximum permissions hast Du Compliance Probleme oder wirst sie bald haben. Und ohne eine API für alles, Tooling für diese API, Infrastructure als Code, Codified Practices wie CI/CD hast Du keine attraktive und effektive Entwicklungsumgebung für Deine eigenen Leute.\nDas sind aber Gedanken und Entwicklungen, die in Deutschland an Politik und an Teilen der \u0026ldquo;Informatikschaffenden\u0026rdquo; vorbei gegangen sind, oder belächelt worden sind.\nRaus aus der Cloud Offensichtlich sind Server Wurst. Die Frage ist mehr, was da drauf läuft, welche Dienste und Integrationen bestehen. Das ist mit einem IT-Team von 4-5 Leuten vor Ort nicht sinnvoll zu schaffen, sondern im günstigsten Fall ein blankes IaaS, nicht unbedingt von der guten und vertrauenswürdigen Sorte.\nSchau Dir an, was zum Beispiel Scaleway oder OVH macht, oder 1und1 in Deutschland. Das sind fitte Teams, die eine Menge weg schaffen. Aber deren Clouds sind relativ dienstfreie IaaS-Clouds mit ein wenig Object Storage, und alle größeren Dinge mußt Du Dir selbst auf deren IaaS ansibilisieren.\nDas ist aber der Stand von 2010, nicht 2020. In 2020 ist ein Cloudkunde hinter Diensten her, damit er die nicht selbst betreiben muß.\nEs ist ja nicht nur unwürdig, HPE deren defekte iLOs und kaputte Festplatten-Firmware zu debuggen, sondern man will sich auch einfach ein MySQL oder Postgres klicken können. Oder gar einfach \u0026ldquo;einen KV Storage benutzen\u0026rdquo; und Dein Zeugs in ein Dynamo kippen und Dich gar nicht mehr um Instanzgrößen kümmern müssen, sondern nur noch für Storage und Zugriff nach Verbrauch bezahlen.\nUnd an dieser Stelle kommt wieder die Politik durch.\nArbeitsteilung beruht auf Vertrauen. Vertrauen kommt aus Transparenz und Verläßlichkeit Das funktioniert mit den Diensten nämlich ganz wunderbar in der \u0026ldquo;Arbeitsteiligen Gesellschaft™\u0026rdquo; - wir nennen so etwas Zivilisation. Nur, wenn wir zivilisiert, verantwortungsvoll und vertrauensvoll miteinander umgehen, dann kann man sich selbst die Arbeit mit den ganzen Diensten schenken und jemand anders beauftragen.\nDazu sind bestimmte gesellschaftlichen Bedingungen notwendig, die zu schaffen sind. Wir brauchen ein System von Checks und Balances, internationalen Verträgen und Business Practices, und dann ein System von Kontrollen und Vertrauen in die Wirksamkeit dieser Kontrollen, damit wir zivilisiert cloudcomputen können.\nWenn Du aber einzelne Nation States hast, die technisch gesehen als Attacker da stehen (\u0026ldquo;Nation State Attacker\u0026rdquo;, \u0026ldquo;NSA\u0026rdquo;) und sich das auch so vorbehalten, dann ruiniert das die Geschäftsgrundlage für die arbeitsteilige Gesellschaft, mithin die Zivilisation selbst.\nWenn Du einzelne Anbieter hast, die über die Verarbeitung und Nutzung der Daten nicht transparent sind, oder man den von ihnen vorgezeigten Audits kein Vertrauen schenken kann, dann \u0026hellip; genau dasselbe.\nUnd wenn Du eine Politik hast, die ein Klima schafft, in der das Verständnis dieser Tatsachen geleugnet oder ignoriert wird, dann ruiniert das dieses Konzept schon.\nDas ist genau das, was Gestalten wie Trump, BoJo aber auch von Storch zerstören, wenn sie Isolationismus, Staatswilkür und Ignoranz gegenüber internationaler Ordnung demonstrieren. Das ist aber auch das, was Gestalten wie Audi Scheuer und sein Meister, Imperator Seehofer vernichten, denn solche vorgelebte Unfähigkeit und Korruption saugen der Zivilisation das Rückenmark aus. Das ist dann das, was zu Dingen wie Wirecard führt, zum Dieselskandal und zu Situationen, bei denen ein Volkswagen-Compliancemanager bei der Dokumentation illegaler Geschäftspraktiken auf eine Weise zu Tode kommt, die in jede Netflix-Mafiaserie gepaßt hätte.\nIn so einem Umfeld ist eine Auslagerung der IT an Dritte für Unternehmen ein bedenkenswertes Risiko statt eine Erleichterung.\n","date":"2020-10-05T00:00:00Z","href":"https://blog.koehntopp.info/2020/10/05/it-modernisieren-und-konsolidieren.html","tags":["lang_de","cloud","data center"],"title":"IT modernisieren und konsolidieren"},{"categories":null,"content":"Every once in a while there is the IT news article that kind of triggers me. This time it was \u0026ldquo;Object-Storage-Protokoll könnte Posix ablösen\u0026rdquo; in german computer news site Golem . The article speaks about mmap(), NVMEoF and object storage and how it could revolutionize or complete object storages, but does not link to an original article, names no persons and no paper. Also, what do these things - mmap, NVMEoF, object storage and Posix, even have in common? It is not explained anywhere in the article.\nIn another article But is it atomic? we dive into the internals of the old UNIX V7 kernel, and how design decisions and technical realities from the late 1970ies became immortialized as technical requirements for filesystems in the Posix standard.\nSo Unix is historically grown, and a lot of things have changed since that time. The original file system (for Linux users: \u0026ldquo;mkfs -t minix\u0026rdquo; is the closest thing to that which you might have) is not even used any more anywhere in a modern system. But it is basically what Posix means when we speak about \u0026ldquo;Posix File System Semantics\u0026rdquo;.\nThe basic design is good - I mean, it has held up almost 50 years by now, and that is a fantastic achievement. It even has value in modern systems. But it has been designed for local systems, and it is not scalable to distributed systems very well.\nSo everybody is either cheating or slow. There is GFS2 as an example for slow. There is NFS as an example for hidden cheating (I am looking at you, actimeo, and at you, lockd). And there is \u0026ldquo;Object Storage\u0026rdquo;, whatever that specifically means, as an example for doing things completely differently.\nMutability as The Root of All Evil The biggest baggage Posix has, in terms of distributed systems, is mutable files. You can open a file, fseek() to an offset of 1MB and overwrite a 3MB segment in a 10MB file. I am choosing these sizes and offsets to make it abundantly clear that writes can be large, larger than a network packet, a disk block or other allocation units, and that they can take measureable, non-zero time.\nOne writer per Inode, per time Posix demands that writes are atomic (see link above), and it implemented that originally by locking the (only copy) of the file with a central lock at the in-memory inode of the file. This has multiple effects:\nThere can be only one write active at a time for a file.\nThis already is a problem for local filesystems, when you have a database that wants to write out many concurrent changes to different non-overlapping records in a database file.\nDatabases work around the problem either by defining tablespaces from many small sized \u0026ldquo;.DBF\u0026rdquo; files (Oracle) - 1GB to 4 GB seem to be popular. Or they work around it by foregoing the use of filesystems entirely - using raw disks, at a terrible toil cost for sysadmins and DBAs. Only XFS in O_DIRECT mode will handle this better, by not blocking concurrent writes as long as they are non-overlapping.\nReads never happen concurrently with writes, too. They are either completely before or after the write instead. If they happen after the write, they will never return stale data, but always the most recently written fresh data.\nIn distributed systems, this is very expensive: Imagine a storage cluster with dozens or hundreds of storage nodes and hundreds or thousands of clients. Parts of the file we are about to write to may have been cached anywhere in any cluster node or client to avoid excessive network transfers. These cached copies are now all invalid, because they contain data that has been overwritten with potentially different values.\nBecause reads must not return stale data under Posix, we need to invalidate all of these copies, and - worse - we need to this under a lock to ensure atomicity and fresh reads. So each write (write, not commit/fsync, which can happen much less often) has to inform all relevant nodes with a copy of the data that there is a new write for an extent (offset, length) incoming and wait for the acknowledgement. And then let the write proceed, to wait again to collect the complete acknowledgement of all data nodes that they have the data, and all caches that the have destroyed or updated their cached copy. That\u0026rsquo;s a lot of waiting.\nThis is unimaginably slow, and even worse, should the cluster topology change during any operation - a node taking part in our operation leaving the cluster or similar.\nIf you happen to have two concurrent overlapping writes (write A to node 1 at offset 0, length 3MB, and write B to node 12 at offset 1MB, length 3MB), Posix also demands ordering between these writes - A either happens in total before or after B. You will never end up with an ABABABAB block pattern in the overlap, and again, this can only be guaranteed by locking.\nNothing \u0026ldquo;made\u0026rdquo; Posix specify this, this is just the natural behavior in a single core 1970ies computer when you lock interrupts (spl()) or plock() on an in-memory inode, which then was later officially documented and bless into a standard when the Posix specificationw as written. Our modern computers do not have these properties any more, so we need to make them wait to simulate this.\nIn any case: The combination of Mutability and Strong Read Consistency/Atomic Write Behavior creates a cluster wide locking problem.\nFixed metadata, and synchronous metadata updates Things get even worse when we look at metadata. The set of metadata in a Unix Inode is fixed, and documented in Posix, too. We have the typical Unix access rights (ugo times rwx) and the three second-resolution times (a/m/ctime), and a file length - that is basically it.\nThere is an attempt to extend this, using Posix File ACLs (ACL) and Posix Extended Attributes (xattr), but for example mapping NTFS access permissions to Posix ACLs is complicated - just look at what Samba has to do to get this approximately right. The fact that the Unix notion of a user identity is scoped to a local machine does not help at all - your userid 0 is different from my user id 0 in meaning, and if I am UID 0 on my box I probably should not be UID 0 on yours.\nPosix demands synchronus updates to metadata updates. When you extend a file, this should be visible immediately in the file length, and when you access a file, the atime should update, too. Even on local filesystems this is no longer doable - everybody mounts their Linux disks with a variant of noatime or the other.\nBut while data writes distribute themselves across the cluster, metadata updates do not. They all have to hit the relatively small number of metadata nodes, and this load often crushed metadata servers.\nThe key idea: Immutability Note that all the things we spoke about are lower file system problems - they happen at the level of individual files already, not even going into upper file system, directory hierarchies and path names. That\u0026rsquo;s not even necessary, because as long as the lower file system is not in shape looking up is kind of pointless.\nObject Stores have one single core idea: Files are immutable, maybe appendable (S3 is not, Google GFS and Hadoop HDFS are). The payoff is that we can cache this stuff, because the cache never becomes invalid. Maybe the end of the file is not up to date, but it will be eventually consistent.\nThe file has a Key-Value store with metadata, which can even grow to considerable size, and which is also eventually consistent. With the upper file system we do the same: The entire namespace is one single KV store, in which the key is a binary string that cosplays a path name, and the value is the actual file data (and metadata).\nThis has far reaching consequences: We can talk about \u0026ldquo;Log Structured Merge Trees\u0026rdquo;, why they became popular in database land, and how that plays nicely with Object Storages. Or we can talk about how \u0026ldquo;Event Sourcing\u0026rdquo; favors \u0026ldquo;append only data structures\u0026rdquo;, and how that plays nicely with Object Storages.\nThere is a timeline, and there is progress The original Unix File System is, for the sake of illustration, basically the state of the art as seen in 1974.\nThere are a lot of elementary improvements to this initial idea that we find reflected in BSD FFS, from 1984.\nThe culmination point of these ideas, and structures, can be found in Silicon Graphics XFS, from 1994.\nA completely different way of thinking can be found in Log Structured File Systems , first seen in Ousterhout\u0026rsquo;s Sprite, in the early 1990. But performancewise the original implementation that was a failure: the first successful and performant implementation can be found - made by Oursterhout\u0026rsquo;s students - in Solaris ZFS, and at the same time in NetApps WAFL, which promptly engaged in a legal battle over patents. In parallel, many ZFS ideas are being reimplemented about half a decade later in Btrfs. All of that would put us roughly into 2004, in terms of commercial availability.\nNow, widespread adoption of Object Storages in persistence products, using Log Structured Merge (LSM) Trees, has taken place. We find them in Elastic Search, in Cassandra, in RocksDB and its many applications, and many more. In a timeline, this would put us into 2014-land.\nLFS-like non-overwriting structures are also at the foundation of all of our storage, deep down in the block-simulation layer of flash storage devices, again around 2014.\nOther developments Flash Storage originally appeared as a simulated hard disk, SSD. So we have a PCI bus, on which there is a SATA controller, which connects to the simulated hard disks\u0026rsquo; flash controller, which talks to the flash.\nSSD, NVME, RoCE, and NVMEoF NVME is what we get when we ask the question \u0026ldquo;What purpose does the SATA controller have in this setup, anyway?\u0026rdquo; - except slowing everything down, forcing us to use antiquated SCSI commands and serializing access to the highly parallel flash.\nNVME therefore is a PCI bus, which talks to flash controllers, which talk to the flash, and a revised command set for this. The great innovation is to put away the single disk queue and allow many of these. Which allows us to utilize around 800k IOPS per device, even if a single operation can take as long as 1/20.000th of a second - just go 40-way wide, if you can.\nNow, what if we had a way to speak to a NVME device on a different computers PCI bus as if it were local? That\u0026rsquo;s what remote DMA (RDMA) would enable us to do. RoCE (\u0026ldquo;rocky\u0026rdquo;, \u0026ldquo;RDMA over Converged Ethernet\u0026rdquo;) initially was painful - RoCE V1 was unrouteable raw Ethernet with its own Ethertype. RoCE V2 fixed that, and put the entire stuff into UDP instead, so it was routeable, at least within a single data center.\nTurns out, the value in RDMA is more in the Remote than in the DMA, so when RoCE became \u0026ldquo;NVME over Fabric over TCP\u0026rdquo; (NVMEoF/TCP), it was valuable and useful to have, even if you had an ultracheap Broadcom that did not properly DMA the way RoCE needs it. The resulting access to a remote NVME still was as fast as to a local SSD, or even faster.\nmmap() And finally, mmap() is a Unix system call that allows you to map a file into the address space of a process: when you access a memory page, this memory page is appropriately filled with the content of the file, automatically. Think \u0026ldquo;swap from any file into memory, not just from a swap file\u0026rdquo;.\nFor mutable files, and the kings of mutability, relational databases, mmap() is of little use and has many complexities. Databases need extending files, controlled write-out to persistent storage, not overwriting data because MVCC. Also, different data formats on disk and in memory are actually important to people who transact, and hence mmap() does help very little for most databases. We can talk about \u0026ldquo;Optane\u0026rdquo;, \u0026ldquo;PMEM\u0026rdquo;, and \u0026ldquo;transactional memory\u0026rdquo;, but that\u0026rsquo;s a different lecture for another day.\nMaking an immutable file available read-only in memory has none of these complexities, and is actually very useful and efficient. This is what mmap() is really, really good at - you get clean, discardable memory pages, none of the file extension problems, none of the \u0026ldquo;which pages are written to disk at what point in time\u0026rdquo; sychronisation problems.\nThe idea is so good that Bryan Cantrill actually had it first, and foreshadowed \u0026ldquo;Serverless\u0026rdquo; in Manta . Basically, Joyent starts a \u0026ldquo;Container\u0026rdquo;, actually a BSD \u0026ldquo;jail\u0026rdquo; or Solaris \u0026ldquo;zone\u0026rdquo;, because containers weren\u0026rsquo;t fully invented, yet. It then maps a kind of not-quite-S3 object into it and your code can access this, and emit output results into a new object in the same or a different bucket.\nThe mmap() in this is a nice sugar on top of it, as it makes reads automatic, en-passant and makes I/O minimal. The important fact is that Input and Output are distinguished and the input file is still immutable. Because it is, the munmap() is unimportant - exit() is also a munmap() and since the object is immutable it is unimportant if it stays mapped.\nPutting it all together So you have a page fault and have to get a page from local storage.\nSo why not get it from Ethernet, via RDMA, remotely, from any disk anywhere in your data center? Can we have this as a kernel extension and - more important - standardized in the NVME spec?\nAh, now we\u0026rsquo;re talking. \u0026ldquo;We have standardized remote page fault reads over NVMEoF\u0026rdquo;.\nThat\u0026rsquo;s the article - at least, that is what I think it is, because it does not say so, and it references nothing.\nBut even so, it needs 50 years of Unix as a context to be understandable.\nI still don\u0026rsquo;t know what the original article was, but there is stuff such as FileMR: Rethinking RDMA Networking for Scalable Persistent Memory that is being worked on.\nBased on a twitter tread .\n","date":"2020-10-05T00:00:00Z","href":"https://blog.koehntopp.info/2020/10/05/what-are-the-problems-with-posix.html","tags":["lang_en","erklaerbaer","filesystems","database","mysql"],"title":"What are the problems with POSIX?"},{"categories":null,"content":"All over the Internet people are having trouble getting LOAD DATA and LOAD DATA LOCAL to work. Frankly, do not use them, and especially not the LOCAL variant. They are insecure, and even if you get them to work, they are limited and unlikely to do what you want. Write a small data load program as shown below.\nNot using LOAD DATA LOCAL The fine manual says :\nThe LOCAL version of LOAD DATA has two potential security issues:\nBecause LOAD DATA LOCAL is an SQL statement, parsing occurs on the server side, and transfer of the file from the client host to the server host is initiated by the MySQL server, which tells the client the file named in the statement. In theory, a patched server could tell the client program to transfer a file of the server\u0026rsquo;s choosing rather than the file named in the statement. Such a server could access any file on the client host to which the client user has read access. (A patched server could in fact reply with a file-transfer request to any statement, not just LOAD DATA LOCAL, so a more fundamental issue is that clients should not connect to untrusted servers.)\nIn a Web environment where the clients are connecting from a Web server, a user could use LOAD DATA LOCAL to read any files that the Web server process has read access to (assuming that a user could run any statement against the SQL server). In this environment, the client with respect to the MySQL server actually is the Web server, not a remote program being run by users who connect to the Web server.\nThe second issue in reality means that if the web server has a suitable SQL injection vulnerability, the attacker may use that to read any file the web server has access to, bouncing this through the database server.\nIn short, never use (or even enable) LOAD DATA LOCAL.\nlocal_infile is disabled in the server config, and you should keep it that way. client libraries are by default compiled with ENABLED_LOCAL_INFILE set to off. It can still be enabled using a call to the mysql_options() C-API, but never do that. 8.0.21+ places additional restrictions on this, to prevent you from being stupid (that is, actually enabling this anywhere). Not using LOAD DATA The LOAD DATA variant of the command assumes that you place a file on the database server, into a directory in the file system of the server, and load it from there. In the age of \u0026ldquo;MySQL as a service\u0026rdquo; this is inconvenient to impossible, so forget about this option, too.\nIf you were able to do place files onto the system where your mysqld lives,\nyour user needs to have FILE as a privilege, a global privilege (GRANT FILE TO ... ON *.*) the server variable secure_file_priv needs to be set to a directory name, and that directory needs to be world-readable. LOAD DATA and SELECT INTO OUTFILE work only with filenames below this directory. Setting this variable requires a server restart, this is not a dynamic variable (on purpose). Note that the variable can be NULL (this is secure in the sense that LOAD DATA is disabled) or empty (this is insecure in that there are no restrictions).\nThere is nothing preventing you from setting the variable to /var/lib/mysql or other dumb locations which would expose vital system files to load and save operations. Do not do this.\nAlso, a location such as /tmp or any other world-writeable directory would be dumb: Use a dedicated directory that is writeable by the import user only, and make sure that it is world-readable in order to make the command work.\nBetter: Do not use this command at all (and set secure_file_priv to NULL).\nUsing data dump and load programs instead We spoke about dumping a schema into CSV files in Export the entire database to CSV already.\nTo complete the discussion we need to provide a way to do the inverse and load data from a CSV file into a table.\nThe full code is in load.py .\nThe main idea is to open a .csv file with csv.reader, and then iterate over the rows. For each row, we execute an INSERT statement, and every few rows we also COMMIT.\nIn terms of dependencies, we rely on MySQLdb and csv:\nimport MySQLdb import csv We need to know the name of a table, and the column names of that table (in the order in which they appear).\nWe should also make sure we can change the delimiter and quoting character used by the CSV, and make the commit interval variable.\nFinally, we need to be able to connect to the database.\n# table to load into table = \u0026#34;data\u0026#34; # column names to load into columns = [ \u0026#34;id\u0026#34;, \u0026#34;d\u0026#34;, \u0026#34;e\u0026#34;, ] # formatting options delimiter = \u0026#34;,\u0026#34; quotechar = \u0026#39;\u0026#34;\u0026#39; # commit every commit_interval lines commit_interval = 1000 # connect to database, set mysql_use_results mode for streaming db_config = dict( host=\u0026#34;localhost\u0026#34;, user=\u0026#34;kris\u0026#34;, passwd=\u0026#34;geheim\u0026#34;, db=\u0026#34;kris\u0026#34;, ) From this, we can build a database connection and an INSERT statement, using the table name and column names:\ndb = MySQLdb.connect(**db_config) # build a proper insert command cmd = f\u0026#34;insert into {table} ( \u0026#34; cmd += \u0026#34;, \u0026#34;.join(columns) cmd += \u0026#34;) values (\u0026#34; cmd += \u0026#34;%s,\u0026#34; * len(columns) cmd = cmd[:-1] + \u0026#34;)\u0026#34; print(f\u0026#34;cmd = {cmd}\u0026#34;) The actual code is then rather simple: Open the CSV file, named after the table, and create a csv.reader(). Using this, we iterate over the rows.\nFor each row, we execute the insert statement.\nEvery commit_interval rows we commit, and for good measure we also commit after finishing, to make sure any remaining rows also get written out.\nwith open(f\u0026#34;{table}.csv\u0026#34;, \u0026#34;r\u0026#34;) as csvfile: reader = csv.reader(csvfile, delimiter=delimiter, quotechar=quotechar) c = db.cursor() counter = 0 # insert the rows as we read them for row in reader: c.execute(cmd, row) # ever commit_interval we issue a commit counter += 1 if (counter % commit_interval) == 0: db.commit() # final commit to the remainder db.commit() And that it. That\u0026rsquo;s all the code.\nNo FILE privilege, No special permissions besides insert_priv into the target table. No config in the database. No server restart to set up the permissions. And using Python\u0026rsquo;s multiprocessing, you could make it load multiple tables in parallel or chunk a very large table and load that in parallel - assuming you have database hardware that could profit from any of this.\nIn any case - this is simpler, more secure and less privileged than any of the broken LOAD DATA variants.\nDon\u0026rsquo;t use them, write a loader program.\nLet\u0026rsquo;s run it. First we generate some data, using the previous example from the partitions tutorial:\n(venv) kris@server:~/Python/mysql$ mysql-partitions/partitions.py setup-tables (venv) kris@server:~/Python/mysql$ mysql-partitions/partitions.py start-processing create p2 reason: not enough partitions cmd = alter table data add partition ( partition p2 values less than ( 20000)) create p3 reason: not enough partitions cmd = alter table data add partition ( partition p3 values less than ( 30000)) create p4 reason: not enough partitions cmd = alter table data add partition ( partition p4 values less than ( 40000)) create p5 reason: not enough partitions cmd = alter table data add partition ( partition p5 values less than ( 50000)) create p6 reason: not enough empty partitions cmd = alter table data add partition ( partition p6 values less than ( 60000)) counter = 1000 counter = 2000 counter = 3000 counter = 4000 ^CError in atexit._run_exitfuncs: ... We then dump the data, truncate the table, and reload the data. We count the rows to be sure we get all of them back.\n(venv) kris@server:~/Python/mysql$ mysql-csv/dump.py table = data (venv) kris@server:~/Python/mysql$ mysql -u kris -pgeheim kris -e \u0026#39;select count(*) from data\u0026#39; mysql: [Warning] Using a password on the command line interface can be insecure. +----------+ | count(*) | +----------+ | 4511 | +----------+ (venv) kris@server:~/Python/mysql$ mysql -u kris -pgeheim kris -e \u0026#39;truncate table data\u0026#39; mysql: [Warning] Using a password on the command line interface can be insecure. (venv) kris@server:~/Python/mysql$ mysql-csv/load.py cmd = insert into data ( id, d, e) values (%s,%s,%s) (venv) kris@server:~/Python/mysql$ mysql -u kris -pgeheim kris -e \u0026#39;select count(*) from data\u0026#39; mysql: [Warning] Using a password on the command line interface can be insecure. +----------+ | count(*) | +----------+ | 4511 | +----------+ ","date":"2020-09-28T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/28/mysql-import-csv-not-using-load-data.html","tags":["lang_en","mysql","database","erklaerbaer","mysqldev"],"title":"MySQL: Import CSV, not using LOAD DATA"},{"categories":null,"content":"This is an update and translation of a much older article , which I wrote in German Language back then. I was experimenting with importing the account statements from my German Sparkasse, which at that time were being made available as a CSV.\nThe initial data load The data looked like this:\n$ head -2 /home/kris/Documents/banking/umsatz-22758031-29122004.csv \u0026#34;Local Account\u0026#34;;\u0026#34;Book Date\u0026#34;;\u0026#34;Valuta Date\u0026#34;;\u0026#34;Transaction Type\u0026#34;; \u0026#34;Purpose\u0026#34;; \u0026#34;Remote Party\u0026#34;;\u0026#34;Remote Account\u0026#34;;\u0026#34;Bank Code\u0026#34;; \u0026#34;Amount\u0026#34;;\u0026#34;Currency\u0026#34;;\u0026#34;Info\u0026#34; \u0026#34;08154711\u0026#34;;\u0026#34;30.12\u0026#34;;\u0026#34;30.12.05\u0026#34;;\u0026#34;Direct Debit\u0026#34;; \u0026#34;DRP 08154711 040441777 INKL. 16% UST 5.38 EUR\u0026#34;; \u0026#34;STRATO MEDIEN AG\u0026#34;;\u0026#34;040441777\u0026#34;;\u0026#34;10050000\u0026#34;; \u0026#34;-39,00\u0026#34;;\u0026#34;EUR\u0026#34;;\u0026#34;Direct Debit booked\u0026#34; Because I want to know how I spend my money, I am loading the data into MySQL. Here is how:\nAs a first step we are defining a table into which to load the data. The table has columns whose primary purpose it to hold the data. We still have to clean and adjust the data to be able to do things with the data, so we are not looking at the final fields or types at all.\n-- load data warnings; DROP TABLE IF EXISTS transactions; CREATE TABLE transactions ( localaccount char(8) NOT NULL, bookdate_text char(10) NOT NULL, valutadate_text char(10) NOT NULL, transactiontype varchar(50) NOT NULL, purpose varchar(180) NOT NULL, remoteaccount_name varchar(100) NOT NULL, remoteaccount_number char(20) NOT NULL, remoteaccount_bankcode char(8) NOT NULL, amount_text char(12) NOT NULL, currentcy char(3) NOT NULL, info varchar(255) NOT NULL, unique index ( bookdate_text , transactiontype , purpose , remoteaccount_number , remoteaccount_bankcode , amount_text) ) ; truncate table transactions; Sadly, we have no unique transaction identifiers, so I cannot really define a proper primary key. I am trying to make do with a UNIQUE INDEX, but it is likely overly specific.\nThe failure scenario is that I have to specify start and end dates when exporting the account statements, and sometimes a few records are exported twice: At the end of the one statement file, and at the beginning of the next statement file again.\nTo prevent loading the same line twice if it happens to appear in multiple CSV files this unique index is probably okay.\nI load can load the various CSV files into this table:\nload data infile \u0026#39;/home/kris/Documents/banking/umsatz-22758031-29122004.csv\u0026#39; into table buchungen fields terminated by \u0026#34;;\u0026#34; optionally enclosed by \u0026#39;\u0026#34;\u0026#39; ignore 1 lines; load data infile \u0026#39;/home/kris/Documents/banking/umsatz-22758031-24012005.csv\u0026#39; into table buchungen fields terminated by \u0026#34;;\u0026#34; optionally enclosed by \u0026#39;\u0026#34;\u0026#39; ignore 1 lines; ... Now it is time to clean up the data. For this we create a target table, and add a primary key to it.\n-- prepare conversion stage DROP TABLE IF EXISTS b; create table b like transactions; alter table b add column id integer unsigned not null first; alter table b add primary key (id); alter table b change column id id integer unsigned not null auto_increment; Cleaning and changing the data We can now copy the data over, and in the process clean it up.\nThe amount field has to be changed from \u0026ldquo;xxx.xxx,yy\u0026rdquo; (german monetary notation with dots between the thousands, and a comma before the cents) to \u0026ldquo;xxxxxxx.yy\u0026rdquo;. We also have to turn the date fields valutadate_text and bookdate_text into iso date syntax. We need to add a year to bookdate_text, taking it from the valutadate_text. The info column is useless. -- load data into conversion stage insert into b select NULL, transactions.* from transactions; -- adapt amount update b set amount_text = replace(amount_text, \u0026#34;.\u0026#34;, \u0026#34;\u0026#34;); update b set amount_text = replace(amount_text, \u0026#34;,\u0026#34;, \u0026#34;.\u0026#34;); alter table b change column amount_text amount decimal(12,2) not null; -- adapt valutadate update b set valutadate_text = concat(\u0026#34;20\u0026#34;, substring(valutadate_text, 7, 2), \u0026#34;-\u0026#34;, substring(valutadate_text, 4, 2), \u0026#34;-\u0026#34;, substring(valutadate_text, 1,2)); alter table b change column valutadate_text valutadate date not null; -- adapt bookdate update b set bookdate_text = concat(year(valutadate), \u0026#34;-\u0026#34;, substring(bookdate_text, 4,2), \u0026#34;-\u0026#34;, substring(bookdate_text, 1,2)); alter table b change column bookdate_text bookdate date not null; -- drop info alter table b drop column info; Preparing binning categories I now want to aggregate my expenses. In the raw data, spent money is listed together with the remote account it went to. To aggregate, we need to assign each of these accounts to a category, for example we would assign all gas stations to the \u0026ldquo;fuel\u0026rdquo; category or all supermarkets to the \u0026ldquo;food\u0026rdquo; category.\nI can have a table \u0026ldquo;moneysinks\u0026rdquo; that does this account to category assignment.\n-- add category alter table b add column category varchar(20) not null; And here is the moneysinks table, which needed manual population (I had to assign a category to each pattern by hand):\nDROP TABLE IF EXISTS `moneysinks`; CREATE TABLE `moneysinks` ( `id` int(10) unsigned NOT NULL auto_increment, `pattern` varchar(100) NOT NULL, `category` varchar(20) NOT NULL, PRIMARY KEY (`id`) ); LOCK TABLES `moneysinks` WRITE; INSERT INTO `moneysinks` VALUES (77,\u0026#39;sparkasse\u0026#39;,\u0026#39;account and card\u0026#39;); INSERT INTO `moneysinks` VALUES (78,\u0026#39;ga\u0026#39;,\u0026#39;ATM domestic\u0026#39;); INSERT INTO `moneysinks` VALUES (79,\u0026#39;qsc\u0026#39;,\u0026#39;Internet\u0026#39;); INSERT INTO `moneysinks` VALUES (80,\u0026#39;linux new media\u0026#39;,\u0026#39;Newspaper\u0026#39;); INSERT INTO `moneysinks` VALUES (81,\u0026#39;premiere\u0026#39;,\u0026#39;TV\u0026#39;); INSERT INTO `moneysinks` VALUES (82,\u0026#39;walmart\u0026#39;,\u0026#39;Food\u0026#39;); INSERT INTO `moneysinks` VALUES (83,\u0026#39;kabel bw\u0026#39;,\u0026#39;TV\u0026#39;); INSERT INTO `moneysinks` VALUES (84,\u0026#39;gez\u0026#39;,\u0026#39;TV\u0026#39;); INSERT INTO `moneysinks` VALUES (85,\u0026#39;t-mobile\u0026#39;,\u0026#39;Telefon\u0026#39;); INSERT INTO `moneysinks` VALUES (86,\u0026#39;finanzkasse\u0026#39;,\u0026#39;Tax\u0026#39;); INSERT INTO `moneysinks` VALUES (87,\u0026#39;domainfactory\u0026#39;,\u0026#39;Internet\u0026#39;); INSERT INTO `moneysinks` VALUES (88,\u0026#39;nagel ue\u0026#39;,\u0026#39;Clothing\u0026#39;); INSERT INTO `moneysinks` VALUES (89,\u0026#39;mobilcom\u0026#39;,\u0026#39;Telefon\u0026#39;); INSERT INTO `moneysinks` VALUES (90,\u0026#39;domainfactory\u0026#39;,\u0026#39;Internet\u0026#39;); INSERT INTO `moneysinks` VALUES (91,\u0026#39;strato\u0026#39;,\u0026#39;Internet\u0026#39;); INSERT INTO `moneysinks` VALUES (92,\u0026#39;stadtwerke\u0026#39;,\u0026#39;Gas Water Shit\u0026#39;); INSERT INTO `moneysinks` VALUES (93,\u0026#39;deutsche bahn\u0026#39;,\u0026#39;Rail\u0026#39;); INSERT INTO `moneysinks` VALUES (94,\u0026#39;debeka\u0026#39;,\u0026#39;Insurance\u0026#39;); INSERT INTO `moneysinks` VALUES (95,\u0026#39;ec-ga\u0026#39;,\u0026#39;ATM intl\u0026#39;); INSERT INTO `moneysinks` VALUES (96,\u0026#39;scheck in\u0026#39;,\u0026#39;Food\u0026#39;); INSERT INTO `moneysinks` VALUES (97,\u0026#39;mastercard\u0026#39;,\u0026#39;Kreditkarte\u0026#39;); INSERT INTO `moneysinks` VALUES (98,\u0026#39;dr.\u0026#39;,\u0026#39;Miete\u0026#39;); INSERT INTO `moneysinks` VALUES (99,\u0026#39;a.t.u\u0026#39;,\u0026#39;Auto\u0026#39;); INSERT INTO `moneysinks` VALUES (100,\u0026#39;ungeheuer\u0026#39;,\u0026#39;Auto\u0026#39;); INSERT INTO `moneysinks` VALUES (101,\u0026#39;agip\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (102,\u0026#39;aral\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (103,\u0026#39;avia\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (104,\u0026#39;bab\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (105,\u0026#39;citti\u0026#39;,\u0026#39;Food\u0026#39;); INSERT INTO `moneysinks` VALUES (106,\u0026#39;efa\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (107,\u0026#39;esso\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (108,\u0026#39;expedia\u0026#39;,\u0026#39;Travel\u0026#39;); INSERT INTO `moneysinks` VALUES (109,\u0026#39;fantasy\u0026#39;,\u0026#39;RPG\u0026#39;); INSERT INTO `moneysinks` VALUES (110,\u0026#39;gravis\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `moneysinks` VALUES (111,\u0026#39;foto\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `moneysinks` VALUES (112,\u0026#39;heinrich\u0026#39;,\u0026#39;Clothing\u0026#39;); INSERT INTO `moneysinks` VALUES (113,\u0026#39;hem\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (114,\u0026#39;hotel\u0026#39;,\u0026#39;Travel\u0026#39;); INSERT INTO `moneysinks` VALUES (115,\u0026#39;jet-tank\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (116,\u0026#39;karstadt\u0026#39;,\u0026#39;Food\u0026#39;); INSERT INTO `moneysinks` VALUES (117,\u0026#39;kassen-\u0026#39;,\u0026#39;Tax\u0026#39;); INSERT INTO `moneysinks` VALUES (118,\u0026#39;leichtsinn\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `moneysinks` VALUES (119,\u0026#39;media markt\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `moneysinks` VALUES (120,\u0026#39;mios\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (121,\u0026#39;plaza\u0026#39;,\u0026#39;Food\u0026#39;); INSERT INTO `moneysinks` VALUES (122,\u0026#39;rundfunkgebuehren\u0026#39;,\u0026#39;TV\u0026#39;); INSERT INTO `moneysinks` VALUES (123,\u0026#39;saturn\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `moneysinks` VALUES (124,\u0026#39;sb tank\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (125,\u0026#39;segelkiste\u0026#39;,\u0026#39;Clothing\u0026#39;); INSERT INTO `moneysinks` VALUES (126,\u0026#39;total/\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (127,\u0026#39;trx\u0026#39;,\u0026#39;Travel\u0026#39;); INSERT INTO `moneysinks` VALUES (128,\u0026#39;tst. bensheim\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (129,\u0026#39;vobis\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `moneysinks` VALUES (130,\u0026#39;willenberg\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `moneysinks` VALUES (131,\u0026#39;shell\u0026#39;,\u0026#39;Fuel\u0026#39;); INSERT INTO `moneysinks` VALUES (132,\u0026#39;spreadshirt\u0026#39;,\u0026#39;Clothing\u0026#39;); INSERT INTO `moneysinks` VALUES (133,\u0026#39;armin meier\u0026#39;,\u0026#39;Clothing\u0026#39;); INSERT INTO `moneysinks` VALUES (134,\u0026#39;itzehoer\u0026#39;,\u0026#39;Insurance\u0026#39;); INSERT INTO `moneysinks` VALUES (135,\u0026#39;ec-pos\u0026#39;,\u0026#39;ATM intl\u0026#39;); INSERT INTO `moneysinks` VALUES (136,\u0026#39;euf-ga\u0026#39;,\u0026#39;ATM intl\u0026#39;); INSERT INTO `moneysinks` VALUES (137,\u0026#39;dell\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `moneysinks` VALUES (138,\u0026#39;yvonne\u0026#39;,\u0026#39;RPG\u0026#39;); UNLOCK TABLES; Asking Questions Using the mapping in moneysinks and the query below I can now permanently assign the category field in b:\nupdate b set category = ( select category from moneysinks as w where b.remoteaccount_name like concat(w.pattern, \u0026#34;%\u0026#34;) order by length(pattern) desc limit 1) where b.amount \u0026lt; 0; As I complete my list of patters I get a category assigned to everything.\nThat enables me to ask questions:\nselect remoteaccount_name, count(remoteaccount_name) as income from b where betrag\u0026gt;=0 group by remoteaccount_name order by income desc; +--------------------------------------------------------+-----------+ | remoteaccount_name | income | +--------------------------------------------------------+-----------+ | WEB.DE AG AMALIENBADSTR. 41 | 12 | | MYSQL GMBH | 7 | | MYSQL GMBH SCHLOSSERSTR. 4 72622 NUERTINGEN | 3 | | COOP SCHLESWIG-HOLSTEIN EG BENZSTR. 10 | 2 | +--------------------------------------------------------+-----------+ select remoteaccount_name, count(remoteaccount_name) as payments from b where betrag\u0026lt;0 group by remoteaccount_name order by payments desc; +---------------------------------------------------------+----------+ | remoteaccount_name | payments | +---------------------------------------------------------+----------+ | SCHECK IN CENTER KA DURLACH | 36 | | MOBILCOM COMMUNICATIONSTECH | 22 | | STRATO MEDIEN AG | 22 | | VERMIETER | 19 | | T-MOBILE DEUTSCHLAND GMBH | 18 | | DEUTSCHE BAHN KARLSRUHE HB | 17 | | KABEL BW GMBH \u0026amp; CO. KG | 17 | | QSC AG | 17 | | STADTWERKE KARLSRUHE | 17 | ... Using the category I can also group this and make group totals.\nselect category, count(amount) as payments, sum(amount) as total from b where amount\u0026lt;0 group by category order by total; This will tell me how I spend my money.\nOften I want to observe how my spending habits change over time, so I would not just use the categories from the moneysinks table as grouping criterion, but also group over some time dimension (GROUP BY year(bookdate) as year, category).\nAs my data warehouse grows, it may be useful to run the aggregation query and save the result in some pre-aggregated table (by day or month), as a kind of materialized view of the aggregates. I can use these to create coarser grained aggregates faster (take daily sums and counts, and create monthly or yearly aggregates, fast).\nSummary and outlook Using account statements from a bank, we have built a basic data warehouse. We demonstrated data import, staging and cleaning processes. Using category tables, we demonstrated how bin individual records into larger sets that can be useful in statistical analysis, and we looked at how we could materialize these aggregations into pre-aggregated tables.\nThis is a toy data warehouse, and it poses no challenges in data management due to the small size. Still, it has many properties that are also present in larger structures. Let\u0026rsquo;s look at this in a more generalized way:\nA data warehouse is centered around one or more fact tables. Fact tables always have a time dimension, they have log-like nature.\nLiteral attribute values, resolve id\u0026rsquo;s Fact tables contain snapshot data that is not normalized, but contains literal values. In our example: actual account holder names, and account numbers.\nFor example in a sales warehouse from a web shop, we are never interested in the current price of an item in a sales-fact table, but always in what we sold it for back then, for each individual sale. We are never interested where the customer lives now, but where we sent the article. Hence, we log literal attributes, never ids pointing to the current article or customer record.\nEncoding can shrink tables, but do only what is necessary This often leads to data duplication. In our example, the string \u0026ldquo;SCHECK IN CENTER KA DURLACH\u0026rdquo; is repeated 36 times. For the amount of data shown in our example this does not matter.\nEven in the one million rows example in Coding fields for great profit the gain is not critical, though substantial. A data warehouse starting out can often skip encoding the values and just take the hit from the duplication. An encoding step can be performed later, as long as there is infrastructure in place for online schema change, and sufficient disk space.\nThe Star and the Snowflake When we talk about OLTP databases, we often talk about normalization, and aiming for the 3rd normal form as an idealized schema to work from. For transactional data that is a good model and a good goal.\nIn data warehousing, this is obviously not the case - our data has a time dimension, and unlike OLTP, in a data warehouse we are interested in how things were then, not what they are like now. In our example, we are interested in how much we spent for the fuel back then, and not what the same amount would cost us now.\nConversely, in a data warehouse the logged data usually does not change much after the fact: there can be\nback filling, due to data arriving late, backpropagation of newly added attributes, or there can be corrections due to transactions changed after the fact at the business level All of these require us to be able to rewrite our logs for some time window. But eventually that window closes and the data becomes immutable, and we can seal it (run OPTIMIZE TABLE, and apply encoding and page level compression).\nIn our example, once money is spent, it would not come back (or if, in a second corrective reverse booking), and the amounts booked would never change. The log records are immutable from the outset.\nThings that OLTP structures need to avoid by normalizing - insert, update and delete paradox - do not happen to us in the same way. Also, because our data does not change much (if ever), but grows a lot over time, it is useful to invest the CPU cycles for data compression (using encoding at the data model level, and using page compression at the database engine level, in this order) once the data can be sealed.\nThe classical structure of a data warehouse is therefore the star, in which we have a fact table, and a number of category tables aiding binning, plus a number of generated daily/weekly/monthly pre-aggregates as outputs. All of these auxiliary tables group around the fact table, linked to it in some way, hence the \u0026ldquo;Star Schema\u0026rdquo;.\nIn our example, we have the b fact table, and only a single binning input table, moneysinks. More complicated warehouses can have many more of these.\nWe have no materialized output tables (expenses per days or similar), because our data set is small enough to do all of this ad-hoc. In larger warehouses, materializing aggregates that help to speed up reports is useful.\nIf you add categories of categories, or produce multidimensional aggregates, you go from Star to Snowflake Schema.\nThe Star and the Snowflake are the normal forms for Data Warehouses, Normalization as practiced in transactional databases is not helpful, 3NF is not a thing.\nTime Dimensional Tables in OLTP schemas Almost every OLTP schema earning money has some tables in it that have a time dimension. It is often visible either in the table name (shop.sales_202009) or in the tables primary key - often a compound primary key which contains a pair of an id and a date.\nIt will be visible in any case, if you think about each tables\u0026rsquo; growth.\nAssume unchanging conditions - a webshop with a mostly fixed number of articles, and a mostly fixed number of customers buying at a fixed rate, which tables will stay at a fixed size, and which tables will grow without bounds?\nSolution: It is the orders table.\nFind these unbounded structures in your schema.\nAt the heart of every OLTP schema there is a data warehouse that is struggling to get out. You get it out by completing the data lifecycle for the OLTP phase of things and establishing an Extract, Transform and Load cycle (ETL cycle).\nIn planning a data warehouse, you identify tables without growth boundaries, and decide which data attributes you want to record as literal data for the warehouse.\nIn the Extract phase you create a monster join you resolve all id values present in your normalized data, extract the literal attributes of interest, and push them into a CSV or some staging table.\nData in the OLTP system can now be deleted by the OLTP systems data lifecycle management without concern for other, non-transactional business functions: we have isolated the non-transactional concerns and confined them to the Extraction process (which will have to be adjusted when the OLTP schema changes, so we are a stakeholder in the OLTP schema evolution).\nThis isolation of concerns means that the OLTP system of our shop can now delete or archive orders at will after fulfillment or whatever other concerns the transactional system has to serve. Our non-transactional needs are all served from the data gathered in the Extract phase of the ETL process.\nThe staged extracted values can now be cleaned, categorized and aggregated, depending on the demands from the non-transactional business concerns (statistics, business intelligence, decision-making and so on).\nIdentifying data warehousey tables in OLTP systems, and isolating the transactional and non-transactional business concerns is important to keep the OLTP system small and agile.\nWithout taking the non-transactional, long term business functions out the OLTP system will grow without bounds, and ultimately transactional performance will suffer - the system will choke on itself. The non-transactional concerns not being isolated and bundled will also impede OLTP schema evolution and choke the development process on the money-earning side.\nData Lifecycle Management at the Warehouse Fact tables in the data warehouse have a time dimension, and as time passes, they will accumulate more data. In order to manage our data warehouse, we will also have to complete the data lifecycle on this side of the ETL boundary, and establish some deletion policy.\nQueries to the data warehouse table are often time bounded (\u0026ldquo;How did sales change in the last 2 years\u0026rdquo;) and binned by - among other things - a time dimension (\u0026ldquo;How did demand change month-over-month\u0026rdquo;, \u0026ldquo;Which of our products are seasonal?\u0026rdquo;).\nHandling data at volume, and getting rid of data no longer needed, is much easier in MySQL when using partitions .\nIn data warehouses, partitions are usually on a time value as the first dimension. That is, we partition our data set by year, month or day, and we delete data by dropping old partitions. This leaves all internal B-Trees in all the partitions sub-tables untouched and as they have been after the import, optimization and compression.\nAs queries also have a time dimension, the optimizer profits from this structure as well. It can exclude entire partitions from consideration, making the subset of data to look at much smaller.\nDaily Snapshots are slow, but simple A daily snapshot ETL import is slow - you do not get realtime data updates - but simple to implement retroactively on existing structures. Realtime structures require more engineering, but can be crafted on top of existing architectures as well. We are going to look at them in some later examples.\n","date":"2020-09-26T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/26/my-private-data-warehouse.html","tags":["lang_en","mysql","database","erklaerbaer","mysqldev"],"title":"Importing account statements and building a data warehouse"},{"categories":null,"content":"In Deleting data we have been looking at a process that loads data into MySQL, leveraging partitions to make it easier and faster to later get rid of the data again. For this, we created three processes, a data loader process, and two observers - one for creating partitions, and one for deleting them.\nThe observer processes have been running ANALYZE TABLES and then polling INFORMATION_SCHEMA.PARTITIONS every 1/10th of a second to check if intervention is needed. They then have been dynamically generating the necessary ALTER TABLE statements maintaining the proper partitioning of the table by adding and dropping additional partitions.\nThat is cumbersome and should not be necessary.\nUsing SQL to maintain partitions It is possible to prepare and execute dynamic DDL in MySQL, using PREPARE, EXECUTE and DEALLOCATE PREPARE.\nSo I can do the following, if I numb myself sufficiently to actually write and generate code in procedural SQL:\nkris@localhost [kris]\u0026gt; set @next_name := \u0026#34;p3\u0026#34;; Query OK, 0 rows affected (0.00 sec) kris@localhost [kris]\u0026gt; set @next_limit := \u0026#34;30000\u0026#34;; Query OK, 0 rows affected (0.00 sec) kris@localhost [kris]\u0026gt; select -\u0026gt; concat(\u0026#34;alter table data add partition ( partition \u0026#34;, -\u0026gt; @next_name, -\u0026gt; \u0026#34; values less than (\u0026#34;, -\u0026gt; @next_limit, -\u0026gt; \u0026#34;))\u0026#34;) as cmd into @cmd; Query OK, 1 row affected (0.00 sec) kris@localhost [kris]\u0026gt; select @cmd; +-------------------------------------------------------------------------+ | @cmd | +-------------------------------------------------------------------------+ | alter table data add partition ( partition p3 values less than (30000)) | +-------------------------------------------------------------------------+ 1 row in set (0.00 sec) kris@localhost [kris]\u0026gt; prepare s from @cmd; Query OK, 0 rows affected (0.00 sec) Statement prepared kris@localhost [kris]\u0026gt; execute s; Query OK, 0 rows affected (0.10 sec) Records: 0 Duplicates: 0 Warnings: 0 kris@localhost [kris]\u0026gt; deallocate prepare s; Query OK, 0 rows affected (0.00 sec) kris@localhost [kris]\u0026gt; show create table data\\G Table: data Create Table: CREATE TABLE `data` ( `id` int NOT NULL AUTO_INCREMENT, `d` varchar(64) NOT NULL, `e` varchar(64) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci PARTITION BY RANGE (`id`) (PARTITION p1 VALUES LESS THAN (10000) ENGINE = InnoDB, PARTITION p2 VALUES LESS THAN (20000) ENGINE = InnoDB, PARTITION p3 VALUES LESS THAN (30000) ENGINE = InnoDB) 1 row in set (0.00 sec) I could put the logic of the partitioner and dropper into stored procedures and use the MySQL Event Scheduler to have this running in the background at all times to maintain the partitions on the data table.\nExcept that would still fail if I insert too many rows in a single transaction.\nI may be able to run the calls to my stored procedures in an insert trigger, but that is overhead I\u0026rsquo;d rather not have for each row inserted. Also, I am pretty confident that the trigger will also trigger a number of bugs in rarely used code paths. :-)\nWishful thinking An actual solution would be a less cumbersome notation for partitions, specifically range partitioning by an auto_increment primary key, and range partitioning along a time dimensions.\nI should be able to write how many partitions of which bucket size I want instead of maintaining a giant if-then-else of VALUES LESS THAN statements. SQL is supposed to be a declarative language, after all.\nFor the time dimension, I should be able to specify the same, in retention time and intervals for the buckets. MySQL would then create and drop partitions automatically, and generate the names for them automatically, too.\nSo something like the following made-up syntax:\n-- maintain 10 buckets, -- equivalent to -- VALUES LESS THAN (\u0026lt;previous value\u0026gt; + 10000) -- -- When new buckets are autogenerated at the top, and the number is larger than 10, -- drop the lowest one. -- create table data ( `id` int NOT NULL AUTO_INCREMENT, `d` varchar(64) NOT NULL, `e` varchar(64) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci PARTITION BY AUTOMATIC RANGE (`id`) ( PARTITIONS 10 VALUES (10000)) -- maintain 10 buckets -- equivalent to -- VALUES LESS THAN (UNIX_TIMETSTAMP(\u0026lt;previous value\u0026gt; + INTERVAL 1 DAY)) -- -- When new buckets are autogenerated at the end, and the number is larger than 10, -- drop the oldest one. create table data ( `created` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, `d` varchar(64) NOT NULL, `e` varchar(64) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci PARTITION BY AUTOMATIC TIME RANGE (`created`) (PARTITIONS 10 VALUES (INTERVAL 1 DAY)) This would get rid of any manually maintained procedures, events, triggers, and most importantly, implementations, and specify procedurally how and when partitions are created and how long they are kept.\nNot quite as automatic as Cassandra TTL fields, but a large step forward.\n","date":"2020-09-25T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/25/mysql-dynamic-partitions-suck.html","tags":["lang_en","mysql","database","innodb","erklaerbaer","mysqldev"],"title":"MySQL: automatic partitions surely would be nice"},{"categories":null,"content":"Completing the data lifecycle is often harder than originally expected: Deleting data can sometimes cost way more than inserting it in the first place. MySQL Partitions can offer a way out. We have an earlier post on the subject.\nA sample table, and a problem statement Let\u0026rsquo;s define a kind of log table, to which data is added with an auto_increment id value and some data.\n#! /usr/bin/env python3 from time import sleep from random import randint from multiprocessing import Process import click import MySQLdb import MySQLdb.cursors db_config = dict( host=\u0026#34;localhost\u0026#34;, user=\u0026#34;kris\u0026#34;, passwd=\u0026#34;geheim\u0026#34;, db=\u0026#34;kris\u0026#34;, cursorclass=MySQLdb.cursors.DictCursor, ) @click.group(help=\u0026#34;Load and delete data using partitions\u0026#34;) def sql(): pass @sql.command() def setup_tables(): sql_setup = [ \u0026#34;drop table if exists data\u0026#34;, \u0026#34;\u0026#34;\u0026#34; create table data ( id integer not null primary key auto_increment, d varchar(64) not null, e varchar(64) not null )\u0026#34;\u0026#34;\u0026#34;, \u0026#34;alter table data partition by range (id) ( partition p1 values less than (10000))\u0026#34;, \u0026#34;insert into data (id, d, e) values ( 1, \u0026#39;keks\u0026#39;, \u0026#39;keks\u0026#39; )\u0026#34;, \u0026#34;commit\u0026#34;, ] db = MySQLdb.connect(**db_config) for cmd in sql_setup: try: c = db.cursor() c.execute(cmd) except MySQLdb.OperationalError as e: click.echo(f\u0026#34;setup_tables: failed {e} with {cmd}.\u0026#34;) sql() This is our basic Python framework for experimentation, using the click framework, and a command setup-tables. This command will run a number of SQL statements to initialize our log table named data.\nThe log table has three columns: id, an auto_increment counter, and two columns d and e, each containing 64 characters of data. To get things started, we add an initial partition, containing all id-values below 10.000 and an initial row.\nIf we were to add data to this table in a loop, we would increment our id-counter, and with InnoDB being what it is, all new rows will be added at the end of the table: We remember from ALTER TABLE for UUID that the physical order of any InnoDB table is by primary key - our id-counter.\nNow, if we were to expire old data, we would start to delete rows with the lowest id-values, so we would delete rows from the beginning of the table, or the left-hand side of the B+-Tree. To keep the tree balanced, MySQL would have to execute balancing operations, which will be expensive, because rows are being shuffled around in the tree.\nNew data is added to the right-hand side of the B+-Tree, while old data is being deleted at the left-hand side. To keep the tree balanced, data is reshuffled, which is an expensive operation.\nInstead, we are defining partitions. In our case, we are using the simplest definition possible: A PARTITION BY RANGE on the primary key column. We are making bins of 10.000 rows each, because that is convenient for our demonstration here.\nThree processes We will be using the Python multiprocessing module to have three processes, an inserter(), a partitioner() and a dropper(). All of them are endless loops.\nThe inserter will insert random new data rows into the table as fast as possible. The partitioner will make sure that we always have a sufficient number of empty new partitions for the inserter to continue. The dropper will limit the number of partitions with data by throwing the oldest partition away. We will have small piece of code that starts our processes:\n@sql.command() def start_processing(): proc_partition = Process(target=partitioner) proc_partition.start() proc_drop = Process(target=dropper) proc_drop.start() proc_insert = Process(target=inserter) proc_insert.start() The Inserter The Inserter is an endless loop that generates two random 64 character strings and inserts a new row into the database. Every 10 rows, we commit, every 1000 rows we print a message.\ndef inserter(): counter = 0 step = 10 cmd = \u0026#34;insert into data (id, d, e) values( NULL, %(d)s, %(e)s )\u0026#34; db = MySQLdb.connect(**db_config) c = db.cursor() while True: data = { \u0026#34;d\u0026#34;: \u0026#34;\u0026#34;.join([chr(randint(97, 97 + 26)) for x in range(64)]), \u0026#34;e\u0026#34;: \u0026#34;\u0026#34;.join([chr(randint(97, 97 + 26)) for x in range(64)]), } c.execute(cmd, data) counter += 1 if counter % step == 0: db.commit() if counter % 1000 == 0: print(f\u0026#34;counter = {counter}\u0026#34;) Without the other two threads, the inserter will generate 10.000 rows and then stop, because there is no MAXVALUE clause.\nThe Partitioner The Partitioner is an endless loop that runs an ANALYZE TABLE data command to refresh the statistics, and then queries INFORMATION_SCHEMA.PARTITIONS for the five partitions with the highest PARTITION_ORDINAL_POSITION.\nIf there are fewer than 5 partitions in total, we generate new partitions no matter what.\nIf there are not at least 5 partitions with no rows\u0026rsquo; int them, we create new partitions.\nIf we did nothing, we wait for 1/10th of a second and then check again.\nThe new partition gets a range expression with a limit 10.000 values higher than the highest one found, and the partition name is derived from the limit by dividing by 10.000.\nIn code:\ndef create_partition(db, next_name, next_limit): cmd = f\u0026#34;alter table data add partition ( partition {next_name} values less than ( {next_limit}))\u0026#34; print(f\u0026#34;cmd = {cmd}\u0026#34;) c = db.cursor() c.execute(cmd) This will simply format and run an ALTER TABLE statement to add a new partition to the existing table.\nAnd the checking loop:\ndef partitioner(): db = MySQLdb.connect(**db_config) c = db.cursor() while True: # force stats refresh c.execute(\u0026#34;analyze table kris.data\u0026#34;) # find the five highest partitions cmd = \u0026#34;\u0026#34;\u0026#34;select partition_name, partition_ordinal_position, partition_description, table_rows from information_schema.partitions where table_schema = \u0026#34;kris\u0026#34; and table_name = \u0026#34;data\u0026#34; order by partition_ordinal_position desc limit 5 \u0026#34;\u0026#34;\u0026#34; c.execute(cmd) rows = c.fetchall() next_limit = int(rows[0][\u0026#34;PARTITION_DESCRIPTION\u0026#34;]) + 10000 next_name = \u0026#34;p\u0026#34; + str(int(next_limit / 10000)) if len(rows) \u0026lt; 5: print(f\u0026#34;create {next_name} reason: not enough partitions\u0026#34;) create_partition(db, next_name, next_limit) continue sum = 0 for row in rows: sum += int(row[\u0026#34;TABLE_ROWS\u0026#34;]) if sum \u0026gt; 0: print(f\u0026#34;create {next_name} reason: not enough empty partitions\u0026#34;) create_partition(db, next_name, next_limit) continue sleep(0.1) This code is mostly a long SELECT on the INFORMATION_SCHEMA.PARTITIONS table, and then two quick checks to see if we need to make more partitions.\nThe Dropper The Dropper structurally mirrors the Partitioner: We have a tiny function to create the actual ALTER TABLE data DROP PARTITION statement:\ndef drop_partition(db, partition_name): cmd = f\u0026#34;alter table data drop partition {partition_name}\u0026#34; c = db.cursor() print(f\u0026#34;cmd = {cmd}\u0026#34;) c.execute(cmd) And we have an endless loop that basically runs a SELECT on INFORMATION_SCHEMA.PARTITIONS and checks the number of partitions that have a non-zero number of TABLE_ROWS. If it is too many, we drop the one with the lowest number (\u0026ldquo;the first one found\u0026rdquo;, using an appropriate sort order in our SQL).\ndef dropper(): db = MySQLdb.connect(**db_config) c = db.cursor() while True: # force stats refresh c.execute(\u0026#34;analyze table kris.data\u0026#34;) # cmd = \u0026#34;\u0026#34;\u0026#34; select partition_name, partition_ordinal_position, partition_description, table_rows from information_schema.partitions where table_schema = \u0026#34;kris\u0026#34; and table_name = \u0026#34;data\u0026#34; and table_rows \u0026gt; 0 order by partition_ordinal_position asc \u0026#34;\u0026#34;\u0026#34; c.execute(cmd) rows = c.fetchall() if len(rows) \u0026gt;= 10: partition_name = rows[0][\u0026#34;PARTITION_NAME\u0026#34;] print(f\u0026#34;drop {partition_name} reason: too many partitions with data\u0026#34;) drop_partition(db, partition_name) continue sleep(0.1) A test run In our test run, we see immediately after startup how the five spare partitions are being created.\n$ ./partitions.py setup-tables $ ./partitions.py start-processing create p2 reason: not enough partitions cmd = alter table data add partition ( partition p2 values less than ( 20000)) create p3 reason: not enough partitions cmd = alter table data add partition ( partition p3 values less than ( 30000)) create p4 reason: not enough partitions cmd = alter table data add partition ( partition p4 values less than ( 40000)) create p5 reason: not enough partitions cmd = alter table data add partition ( partition p5 values less than ( 50000)) create p6 reason: not enough empty partitions cmd = alter table data add partition ( partition p6 values less than ( 60000)) counter = 1000 counter = 2000 counter = 3000 ... Once we cross the threshold of p1, the number of empty partitions is no longer low enough and another one is being created:\n... counter = 9000 counter = 10000 create p7 reason: not enough empty partitions cmd = alter table data add partition ( partition p7 values less than ( 70000)) counter = 11000 ... This continues for a while, until we have a sufficient number of data partitions so that we begin dropping, too:\n... counter = 90000 create p15 reason: not enough empty partitions cmd = alter table data add partition ( partition p15 values less than ( 150000)) drop p1 reason: too many partitions with data cmd = alter table data drop partition p1 counter = 91000 counter = 92000 ... Now the system reaches a stable state and will add and drop partitions in sync with the Inserter.\nFrom inside SQL we can see the number of rows in the table rise, and then suddenly drop by 10.000 as we drop a partition.\n+----------+ | count(*) | +----------+ | 89872 | +----------+ 1 row in set (0.00 sec) kris@localhost [kris]\u0026gt; select count(*) from data; +----------+ | count(*) | +----------+ | 90122 | +----------+ 1 row in set (0.02 sec) kris@localhost [kris]\u0026gt; select count(*) from data; +----------+ | count(*) | +----------+ | 80362 | +----------+ 1 row in set (0.01 sec) The complete example is available on GitHub.com .\n","date":"2020-09-24T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/24/mysql-deleting-data.html","tags":["lang_en","mysql","database","innodb","erklaerbaer","mysqldev"],"title":"MySQL: Deleting data"},{"categories":null,"content":"MySQL uses connection and config parameters from a number of possible sources. The easiest way to find out where it is looking for config files is to run\n$ mysql --help | grep cnf order of preference, my.cnf, $MYSQL_TCP_PORT, /etc/my.cnf /etc/mysql/my.cnf /Users/kkoehntopp/homebrew/etc/my.cnf ~/.my.cnf As can be seen, my version of the MySQL client checks in this order\n/etc/my.cnf /etc/mysql/my.cnf /Users/kkoehntopp/homebrew/etc/my/cnf ~/.my.cnf The cnf file is a file in dot-ini syntax, so you have [groups] and each group contains lines with key = value pairs. Which groups are read?\n$ mysql --help | grep \u0026#34;groups are\u0026#34; The following groups are read: mysql client So in my case, I would create a /Users/kkoehntopp/.my.cnf looking like this:\n[client] user=kris password=geheim host=127.0.0.1 [mysql] database=kris show-warnings prompt=\\U [\\d]\u0026gt;\\_ That is, I put general connection parameters such as the host, user and password into the client group, and program specific parameters such as database, prompt and others into program specific groups such as mysql. That way, the mysqldump and mysql programs will connect automatically, but the mysql options will not interfere with mysqldump.\n.mylogin.cnf Some time in 2012, the .mylogin.cnf mechanism and the mysql_config_editor program were added. They provide little value in security as we will see, but allow storage of more than one set of credentials: It is now possible to store a number of login paths (credential sets) in a mylogin file, and call the client program with --login-path=.... The client program will then read the mylogin file and use the connection parameters from there.\nmylogin files are being made with the mysql_config_editor program, for example\n$ mysql_config_editor set --login-path=test --user=kris --host=localhost --password Enter password: geheim $ mysql_config_editor print --all [local] user = root password = ***** host = localhost [test] user = kris password = ***** host = localhost will create a new mylogin, or amend an existing one, and define a login path named test. It will take the host and the username on the command line, but you cannot specify the password easily - it has to be typed in.\nThis makes provisioning hard - templating this in Ansible is not easy and dancing around with expect and friends is just silly.\nWorking around this A small Python Program based on a much older article and PHP program of mine changes that.\nIt can decode and encode mylogin files, opening them up to Ansible templating. Just provision a valid mylogin file in plain text, encode it and delete the plain text original file.\nThe sample session looks like this:\n# generate a dummy file mysql_config_editor set --login-path=local --user=root --host=localhost --password Password: keks # decode this file ./mysql_config_coder.py decode ~/.mylogin.cnf mylogin.out cat mylogin.out # make changes to mylogin.out and ./mysql_config_coder.py encode mylogin.out mylogin.cnf chmod 600 mylogin.cnf # test with original MYSQL_TEST_LOGIN_FILE=$(pwd)/mylogin.cnf mysql_config_editor -v print --all my_print_defaults -s local # Note: mysql_config_editor will not print the password, just five stars # but my_print_defaults should also show the password. The program depends on click and pycrypto, but really any implementation of aes-128-ebc should be easily usable.\n","date":"2020-09-23T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/23/mylogin-cnf.html","tags":["lang_en","mysql","mysqldev","database"],"title":"MySQL: Provisioning .mylogin.cnf"},{"categories":null,"content":"A question to the internal #DBA channel at work: »Is it possible to change a column type from BIGINT to VARCHAR ? Will the numbers be converted into a string version of the number or will be it a byte-wise transition that will screw the values?«\nAsking yielded more information: »The use-case is to have strings, to have UUIDs.«\nSo we have two questions to answer:\nIs ALTER TABLE t CHANGE COLUMN c lossy? INTEGER AUTO_INCREMENT vs. UUID Is ALTER TABLE t CHANGE COLUMN c lossy? ALTER TABLE is not lossy. We can test.\nmysql\u0026gt; create table kris ( id integer not null primary key auto_increment); Query OK, 0 rows affected (0.16 sec) mysql\u0026gt; insert into kris values (NULL); Query OK, 1 row affected (0.01 sec) mysql\u0026gt; insert into kris select NULL from kris; Query OK, 1 row affected (0.01 sec) Records: 1 Duplicates: 0 Warnings: 0 ... mysql\u0026gt; select count(*) from kris; +----------+ | count(*) | +----------+ | 1024 | +----------+ 1 row in set (0.00 sec) mysql\u0026gt; select id from kris limit 3; +----+ | id | +----+ | 1 | | 2 | | 3 | +----+ 3 rows in set (0.00 sec) Having a test table, we can play.\nI am running an ALTER TABLE kris CHANGE COLUMN command. This requires that I specify the old name of the column, and then the full new column specifier including the new name, the new type and all details. Hence, the “id id ...”\nmysql\u0026gt; alter table kris change column id id varchar(200) charset latin1 not null; Query OK, 1024 rows affected (0.22 sec) Records: 1024 Duplicates: 0 Warnings: 0 mysql\u0026gt; select count(*) from kris; +----------+ | count(*) | +----------+ | 1024 | +----------+ 1 row in set (0.00 sec) mysql\u0026gt; select id from kris limit 3; +------+ | id | +------+ | 1 | | 1015 | | 1016 | +------+ 3 rows in set (0.00 sec) mysql\u0026gt; show create table kris\\G Table: kris Create Table: CREATE TABLE `kris` ( `id` varchar(200) CHARACTER SET latin1 COLLATE latin1_swedish_ci NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) We can see a number of things here:\nThe conversion is not lossy: We have the same number of records, and the records are still sequences of decimal digits. The order of the output is somehow different. The records which previous showed up in ascending integer order are now showing up in ascending alphabetical order. Given that they are now strings, this is partially logical (if there is an order, it should be alphabetical for strings), and partly mysterious (why is there an order and what happened?). Let’s go through that step by step.\nExpensive ALTER TABLE ALTER TABLE tries to do changes to the table in place, without rewriting the entire table, if possible.\nIn some cases this is not possible, and then it tries to do it in the background.\nIn some cases not even that is possible, and then the table is locked, rewritten in full, and unlocked.\nOur table change was of the third, most expensive kind.\nAn ENUM change that extends the ENUM at the end is the least expensive possible change. We just add a new value at the end of the list of possible values for the ENUM. This is a change to the data dictionary, not even touching the table.\nAn ENUM change in the middle of the list requires recoding the table. Turning an ENUM(“one”, “three”) into an ENUM(“one”, “two”, “three”) is expensive. Turning ENUM(“one”, “three”) into ENUM(“one”, “three”, “two”) is cheap. MySQL stores ENUMs internally as integer, so the expensive change re-encodes all old “three” values from 2 to 3. The cheap change stores “three” as 2, and adds 3 as an encoding for “two” in the data dictionary. Some ALTER TABLE t ADD index variants are examples for things happening in the background. They still cost time, but won’t lock. The index will become available only after its creation has finished. There cannot be multiple background operations ongoing.\nIn our case, we internally and invisibly\nLock the original table. Create a temp table in the new format. Read all data from the original table, write it into the new table as an INSERT INTO temptable SELECT ... FROM oldtable would do. RENAME TABLE oldtable TO temptable2, temptable TO oldtable; DROP TABLE temptable2; Unlock everything and are open for business again. This process is safe against data loss: If at any point in time this fails, we drop the temptable and still have the original table, unchanged.\nThis processes temporarily doubles disk usage: For some time, the table to be converted will exist in both variants. It requires an appropriate amount of disk space for the duration of the conversion.\nThis process can be emulated. Locking a production table for conversion for an extended amount of time is not an option. Online Schema Change (OSC) does the same thing, in code, while allowing access to the table. Data changes are captured in the background and mirrored to both versions. Multiple competing implementations of this exist, and we have institutionalized and automated this in the DBA portal at work.\nThis process does the INSERT ... SELECT ... thing internally (and so does OSC). That is why the conversion works, and how the conversion works. The rules are the MySQL data type conversion rules, as documented in the manual.\nThere is an order, and it changed When looking at the test-SELECT we see there seems to be an order, and it changed.\nThere is an order, because the column I changed was the PRIMARY KEY. The MySQL InnoDB storage engine stores data in a B+-Tree.\nA B-Tree is a balanced tree. That is a tree in which the path length of the longest path from the root of the tree to any leaf is at most one step longer than the shortest path.\nSo assuming a database with a page size of 16384 bytes (16 KB), as MySQL uses, and assuming index records of 10 bytes (4 byte integer plus some overhead), we can cram over 1500 index records into a single page. Assuming index records of 64 bytes - quite large - we still fit 256 records into one page.\nWe get an index tree with a fan-out per level of 100 or more (in our example: 256 to over 1500).\nFor a tree of depth 4, this is good for 100^4 = 100 million records, or in other words, with 4 index accesses we can point-access any record in a table of 100 million rows. Or, in other words, for any realistic table design, an index access finds you a record with at most 4 disk accesses.\n4 (or less): The number of disk accesses to get any record in any table via an index.\nIn the InnoDB storage engine, the PRIMARY KEY is a B+-Tree. That is a B-Tree in which the leaves contain the actual data. Since a tree is an ordered data structure, the actual data is stored in primary key order on disk.\nData with adjacent primary key values is likely stored in the same physical page. Data with small differences in primary key values is likely stored closer together than data with large differences in primary key values. Changing a primary key value changes the physical position of a record. Never change a primary key value (Never UPDATE t SET id = ...). For an AUTO_INCREMENT key, new data is inserted at the end of the table, old data is closer to the beginning of the table. MySQL has special code to handle this efficiently. Deleting old data is not handled very efficiently. Look into Partitions and think about ALTER TABLE t DROP PARTITION ... for buffer like structures that need to scale. Also think about proper time series databases, if applicable, or about using Cassandra (they have TTL). We remember:\nIn InnoDB the primary key value governs the physical layout of the table.\nAssuming that new data is accessed often and old data is accessed less often, using primary keys with an AUTO_INCREMENT value collects all new, hot records in a minimum number of data pages at the end of the table/the right-hand side of the tree. The set of pages the database is accessing a lot is minimal, and most easily cached in memory.\nThis design minimizes the amount of memory cache, and maximizes database speed automatically for many common access patterns and workloads.\nThat is why it was chosen and optimized for.\nRandom, Hash or UUID primary key Consider table designs that assign a primary key in a random way. This would be for any design that uses a primary key that is an actual random number, the output of a cryptographic hash function such as SHA256(), or many UUID generators.\nUsing an integer auto_increment primary key, we are likely to get hot data at the right-hand side, cold data at the left-hand side of the tree. We load hot pages, minimising the cache footprint:\nAUTO_INCREMENT integer primary key controlling data order. Hot data in few pages to the \u0026ldquo;right\u0026rdquo; side of the tree, minimal cache footprint\nBut with a random distribution of primary keys over the keyspace, there is no set of pages that is relatively cold. As soon as we hit a key on a page (and for hot keys, we hit them often), we have to load the entire page into memory and keep it there (because there is a hot key in it, and we are likely to hit it again, soon):\nPrimary Key values are randomly chosen: Any page contains a primary key that is hot. As soon as it is being accessed, the entire 16 KB page is loaded.\nSo we need a comparatively larger (often: much larger) amount of memory to have a useful cache for this table.\nIn MySQL, numeric integer primary key auto_increment optimizes memory footprint for many workloads.\nMySQL provides a way out: UUID_TO_BIN(data, 1) Unfortunately, MySQL itself produces UUID() values with the UUID function that sort very badly:\nmysql\u0026gt; select uuid(); +--------------------------------------+ | uuid() | +--------------------------------------+ | 553d5726-eeaa-11ea-b643-08606ee5ff82 | +--------------------------------------+ 1 row in set (0.00 sec) mysql\u0026gt; select uuid(); +--------------------------------------+ | uuid() | +--------------------------------------+ | 560b9cc4-eeaa-11ea-b643-08606ee5ff82 | +--------------------------------------+ 1 row in set (0.00 sec) mysql\u0026gt; select uuid(); +--------------------------------------+ | uuid() | +--------------------------------------+ | 568e4edd-eeaa-11ea-b643-08606ee5ff82 | +--------------------------------------+ 1 row in set (0.00 sec) MySQL provides the UUID() function as an implementation of RFC 4122 Version 1 UUIDs .\nThe manual says:\nThe first three numbers are generated from the low, middle, and high parts of a timestamp. The high part also includes the UUID version number. The fourth number preserves temporal uniqueness in case the timestamp value loses monotonicity (for example, due to daylight saving time). The fifth number is an IEEE 802 node number that provides spatial uniqueness. A random number is substituted if the latter is not available (for example, because the host device has no Ethernet card, or it is unknown how to find the hardware address of an interface on the host operating system). In this case, spatial uniqueness cannot be guaranteed. Nevertheless, a collision should have very low probability. Having the timestamp in front for printing is a requirement of the standard. But we need not store it that way:\nMySQL 8 provides a UUID_TO_BIN() function, and this function has an optional second argument, swap_flag.\n»If swap_flag is 1, the format of the return value differs: The time-low and time-high parts (the first and third groups of hexadecimal digits, respectively) are swapped. This moves the more rapidly varying part to the right and can improve indexing efficiency if the result is stored in an indexed column.«\nTL;DR So if you must use a UUID in a primary key\nChoose MySQL 8. Make it VARBINARY(16). Store it with UUID_TO_BIN(UUID(), 1). Access it with BIN_TO_UUID(col, 1). See also:\nMySQL Server Team Blog on UUID support for MySQL 8 . MySQL Server Team on the pain of pre-MySQL 8 UUID (Article from 2015). ","date":"2020-09-22T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/22/alter-table-for-uuid.html","tags":["lang_en","mysql","mysqldev","database","erklaerbaer"],"title":"MySQL: ALTER TABLE for UUID"},{"categories":null,"content":"Iterating schemas over time is not an uncommon thing. Often requirements emerge only after you have data, and then directed action is possible. Consequently, working on existing data, and structuring and cleaning it up is a common task.\nIn today\u0026rsquo;s example we work with a log table that logged state transitions of things in freeform VARCHAR fields. After some time the log table grew quite sizeable, and the log strings are repeated rather often, contributing to the overall size of the table considerably.\nWe are starting with this table:\nCREATE TABLE `log` ( `id` int NOT NULL AUTO_INCREMENT, `device_id` int NOT NULL, `change_time` datetime NOT NULL, `old_state` varchar(64) NOT NULL, `new_state` varchar(64) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB That is, our log table has an id field to allow individual row addressing, and then logs the state change of a device_id at a certain change_time from an old_state into a new_state. The two state fields are varchar(64) and contain one of some 13 or so different strings.\nMaybe they also contain typos, outdated state codes or other stuff that will later need remapping and cleanup, but in today\u0026rsquo;s example we want to concentrate on the cleanup.\nSome small manual sample data:\nmysql\u0026gt; select * from log; +----+-----------+---------------------+---------------+---------------+ | id | device_id | change_time | old_state | new_state | +----+-----------+---------------------+---------------+---------------+ | 1 | 17 | 2020-09-18 18:06:37 | racked | burn-in | | 2 | 17 | 2020-09-18 18:14:18 | burn-in | provisionable | | 3 | 17 | 2020-09-18 18:14:34 | provisionable | setup | | 4 | 17 | 2020-09-18 18:14:48 | setup | installed | | 5 | 17 | 2020-09-18 18:14:56 | installed | live | +----+-----------+---------------------+---------------+---------------+ 5 rows in set (0.00 sec) Let\u0026rsquo;s build a list of all possible states from both columns, old_state and new_state. This is easily done. Using old_state, and we prepend a NULL column because we want to INSERT ... SELECT ... this later into a map table which will map the string to an id value. We will then encode the strings using exactly this value.\nmysql\u0026gt; select NULL as id, -\u0026gt; old_state -\u0026gt; from log -\u0026gt; group by old_state; +------+---------------+ | id | old_state | +------+---------------+ | NULL | racked | | NULL | burn-in | | NULL | provisionable | | NULL | setup | | NULL | installed | +------+---------------+ 5 rows in set (0.00 sec) Now using a UNION we extend it to new_state as well.\nmysql]\u0026gt; select NULL as id, -\u0026gt; old_state -\u0026gt; from log -\u0026gt; group by old_state -\u0026gt; union -\u0026gt; select NULL as id, -\u0026gt; new_state -\u0026gt; from log -\u0026gt; group by new_state; +------------+---------------+ | id | old_state | +------------+---------------+ | 0x | racked | | 0x | burn-in | | 0x | provisionable | | 0x | setup | | 0x | installed | | 0x | live | +------------+---------------+ 6 rows in set (0.00 sec) The result strings look good, but something happened to our NULL values. In the original statement they were still good, but in the UNION they get mangled.\nThe data types of the result table are derived from the values and their types in the first result set of the UNION. And NULL is not a good value to guess anything from.\nSo let\u0026rsquo;s be more explicit about the types:\nmysql\u0026gt; select cast(NULL as signed) as id, -\u0026gt; old_state as state -\u0026gt; from log -\u0026gt; group by state -\u0026gt; union -\u0026gt; select cast(NULL as signed) as id, -\u0026gt; new_state as state -\u0026gt; from log -\u0026gt; group by state; +------+---------------+ | id | state | +------+---------------+ | NULL | racked | | NULL | burn-in | | NULL | provisionable | | NULL | setup | | NULL | installed | | NULL | live | +------+---------------+ 6 rows in set (0.00 sec) This now works, and we can feed it into an INSERT ... SELECT ....\nmysql\u0026gt; show create table map\\G Table: map Create Table: CREATE TABLE `map` ( `id` int NOT NULL AUTO_INCREMENT, `state` varchar(64) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB mysql\u0026gt; insert into map -\u0026gt; select cast(NULL as signed) as id, old_state as state from log group by state -\u0026gt; union -\u0026gt; select cast(NULL as signed) as id, new_state as state from log group by state; Query OK, 6 rows affected (0.02 sec) Records: 6 Duplicates: 0 Warnings: 0 mysql\u0026gt; select * from map; +----+---------------+ | id | state | +----+---------------+ | 1 | racked | | 2 | burn-in | | 3 | provisionable | | 4 | setup | | 5 | installed | | 6 | live | +----+---------------+ 6 rows in set (0.00 sec) Yay. A nice and automatically numbered list of all possible states from the existing data. We need this indexed, and we also need indices on the two source columns.\nmysql\u0026gt; alter table map add index(state); Query OK, 0 rows affected (0.08 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql\u0026gt; alter table log add index(old_state), add index(new_state); Query OK, 0 rows affected (0.08 sec) Records: 0 Duplicates: 0 Warnings: 0 If we want to encode these two columns with id-Values from map, we need to add columns for that.\nmysql\u0026gt; alter table log add column old_state_id integer not null after old_state, -\u0026gt; add column new_state_id integer not null after new_state; We can now encode by looking up each log.old_state value in map.state and returning the matching map.id value. With this we should be able to construct an UPDATE statement that fills in the log.old_state_id column.\nmysql\u0026gt; select map.id as old_state_id -\u0026gt; from map join log -\u0026gt; on map.state = log.old_state; +--------------+ | old_state_id | +--------------+ | 2 | | 5 | | 3 | | 1 | | 4 | +--------------+ 5 rows in set (0.00 sec) Let\u0026rsquo;s try this out in an UPDATE:\nmysql\u0026gt; update log -\u0026gt; set log.old_state_id = ( -\u0026gt; select id from map where log.old_state = map.state -\u0026gt; ); Query OK, 5 rows affected (0.02 sec) Rows matched: 5 Changed: 5 Warnings: 0 mysql\u0026gt; update log -\u0026gt; set log.new_state_id = ( -\u0026gt; select id from map where log.new_state = map.state -\u0026gt; ); Query OK, 5 rows affected (0.01 sec) Rows matched: 5 Changed: 5 Warnings: 0 mysql\u0026gt; select * from log; +----+-----------+---------------------+---------------+--------------+---------------+--------------+ | id | device_id | change_time | old_state | old_state_id | new_state | new_state_id | +----+-----------+---------------------+---------------+--------------+---------------+--------------+ | 1 | 17 | 2020-09-18 10:06:37 | racked | 1 | burn-in | 2 | | 2 | 17 | 2020-09-18 10:14:18 | burn-in | 2 | provisionable | 3 | | 3 | 17 | 2020-09-18 10:14:34 | provisionable | 3 | setup | 4 | | 4 | 17 | 2020-09-18 10:14:48 | setup | 4 | installed | 5 | | 5 | 17 | 2020-09-18 10:14:56 | installed | 5 | live | 6 | +----+-----------+---------------------+---------------+--------------+---------------+--------------+ 5 rows in set (0.00 sec) So we update log, specifically setting each current log.old_state_id value to whatever is returned as matching, for this row, from the subselect we wrote. We then do the same, again, for the new_state column. The result is as shown, it works.\nWe now have two redundant columns and the indexes that go with them, and can drop these. Let\u0026rsquo;s also check the new table structure, and validate the output by joining the id values for resolution against the map.\nmysql\u0026gt; alter table log drop column old_state, drop column new_state; Query OK, 0 rows affected (0.24 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql\u0026gt; show create table log\\G Table: log Create Table: CREATE TABLE `log` ( `id` int NOT NULL AUTO_INCREMENT, `device_id` int NOT NULL, `change_time` datetime NOT NULL, `old_state_id` int NOT NULL, `new_state_id` int NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.01 sec) mysql\u0026gt; select * from log; +----+-----------+---------------------+--------------+--------------+ | id | device_id | change_time | old_state_id | new_state_id | +----+-----------+---------------------+--------------+--------------+ | 1 | 17 | 2020-09-18 10:06:37 | 1 | 2 | | 2 | 17 | 2020-09-18 10:14:18 | 2 | 3 | | 3 | 17 | 2020-09-18 10:14:34 | 3 | 4 | | 4 | 17 | 2020-09-18 10:14:48 | 4 | 5 | | 5 | 17 | 2020-09-18 10:14:56 | 5 | 6 | +----+-----------+---------------------+--------------+--------------+ 5 rows in set (0.00 sec) mysql\u0026gt; select log.id, -\u0026gt; log.device_id, -\u0026gt; log.change_time, -\u0026gt; oldmap.state as old_state, -\u0026gt; newmap.state as new_state -\u0026gt; from log join map as oldmap -\u0026gt; on log.old_state_id = oldmap.id -\u0026gt; join map as newmap -\u0026gt; on log.new_state_id = newmap.id; +----+-----------+---------------------+---------------+---------------+ | id | device_id | change_time | old_state | new_state | +----+-----------+---------------------+---------------+---------------+ | 1 | 17 | 2020-09-18 10:06:37 | racked | burn-in | | 2 | 17 | 2020-09-18 10:14:18 | burn-in | provisionable | | 3 | 17 | 2020-09-18 10:14:34 | provisionable | setup | | 4 | 17 | 2020-09-18 10:14:48 | setup | installed | | 5 | 17 | 2020-09-18 10:14:56 | installed | live | +----+-----------+---------------------+---------------+---------------+ 5 rows in set (0.00 sec) Note that we have to join against the map twice, once for each source column, and that also means we have to rename the map table to get unique names for each usage.\nWell, that\u0026rsquo;s a toy example. Let\u0026rsquo;s do that at scale, using a Python driver implementing exactly this procedure. Code is on GitHub.com .\nWe set up our source tables by going over the table creation statements in the sql_setup list .\nWe are also defining a list of possible states , and in a data generation loop fill the log table with many state transitions from random devices. Note that we do not really care much about matching source and target states, so the transitions are really random jumps. We commit once every statecount many rows (once for each device) to make it a bit faster.\nIn a prepare_log_transformation function we basically add the missing columns and indexes, then in perform_log_transformation, populate the map and encode the log .\nFinally, in finish_log_transformation , we drop the unneeded columns and also implicitly any indices defined on them.\nOn my super slow test machine, filling the table with a million rows from a thousand devices yields a 64M data file after 2 minutes. I have some 59M of data, and a bit of empty space:\n$ time ./lookups.py create-log-data --devicecount 1000 --statecount 1000 real\t2m9.729s user\t0m30.487s sys\t0m7.536s $ ls -l /var/lib/mysql/kris/log.ibd -rw-r----- 1 mysql mysql 64M Sep 18 12:27 log.ibd mysql\u0026gt; select * from information_schema.tables where table_name = \u0026#34;log\u0026#34;\\G TABLE_CATALOG: def TABLE_SCHEMA: kris TABLE_NAME: log TABLE_TYPE: BASE TABLE ENGINE: InnoDB VERSION: 10 ROW_FORMAT: Dynamic TABLE_ROWS: 998347 AVG_ROW_LENGTH: 59 DATA_LENGTH: 59326464 MAX_DATA_LENGTH: 0 INDEX_LENGTH: 0 DATA_FREE: 4194304 AUTO_INCREMENT: 1000001 CREATE_TIME: 2020-09-18 12:24:50 UPDATE_TIME: 2020-09-18 12:27:05 CHECK_TIME: NULL TABLE_COLLATION: utf8mb4_0900_ai_ci CHECKSUM: NULL CREATE_OPTIONS: TABLE_COMMENT: 1 row in set (0.00 sec) The file size will go up to 132M in the transformation step, most of that is from the indexing we add.\n$ time ./lookups.py prepare-log-transformation Adding id columns and indexes real 0m24.395s user 0m0.050s sys 0m0.004s $ time ./lookups.py perform-log-transformation Populating map Converting old_states Converting new_states real 0m39.729s user 0m0.050s sys 0m0.008s $ ls -l /var/lib/mysql/kris/log.ibd -rw-r----- 1 mysql mysql 132M Sep 18 12:31 log.ibd mysql\u0026gt; select * from information_schema.tables where table_name = \u0026#34;log\u0026#34;\\G TABLE_CATALOG: def TABLE_SCHEMA: kris TABLE_NAME: log TABLE_TYPE: BASE TABLE ENGINE: InnoDB VERSION: 10 ROW_FORMAT: Dynamic TABLE_ROWS: 996152 AVG_ROW_LENGTH: 78 DATA_LENGTH: 78200832 MAX_DATA_LENGTH: 0 INDEX_LENGTH: 50446336 DATA_FREE: 5242880 AUTO_INCREMENT: 1000001 CREATE_TIME: 2020-09-18 12:28:04 UPDATE_TIME: 2020-09-18 12:28:07 CHECK_TIME: NULL TABLE_COLLATION: utf8mb4_0900_ai_ci CHECKSUM: NULL CREATE_OPTIONS: TABLE_COMMENT: 1 row in set (0.00 sec) Finishing up will drop the two VARCHAR columns and the indices defined on them, but leaves us with the encoded values.\n$ time ./lookups.py finish-log-transformation Removing string columns real 0m10.486s user 0m0.045s sys 0m0.008s $ ls -l /var/lib/mysql/kris/log.ibd -rw-r----- 1 mysql mysql 52M Sep 18 12:32 log.ibd mysql\u0026gt; select * from information_schema.tables where table_name = \u0026#34;log\u0026#34;\\G TABLE_CATALOG: def TABLE_SCHEMA: kris TABLE_NAME: log TABLE_TYPE: BASE TABLE ENGINE: InnoDB VERSION: 10 ROW_FORMAT: Dynamic TABLE_ROWS: 997632 AVG_ROW_LENGTH: 48 DATA_LENGTH: 48824320 MAX_DATA_LENGTH: 0 INDEX_LENGTH: 0 DATA_FREE: 2097152 AUTO_INCREMENT: 1000001 CREATE_TIME: 2020-09-18 12:31:43 UPDATE_TIME: NULL CHECK_TIME: NULL TABLE_COLLATION: utf8mb4_0900_ai_ci CHECKSUM: NULL CREATE_OPTIONS: TABLE_COMMENT: 1 row in set (0.00 sec) So data length went from 59326464 bytes to 48824320 bytes, a reduction to 82.3% of the original size. We could save even more by not using integer 4-byte values to encode, but for example tinyint unsigned 1-byte values. On the other hand, that may become a problem later on when we exceed the id-space of the map table as we add new states.\nOn top of that, the size of the target log table is now a function of the row number, as we have no variable length columns anymore. The size of the source table is dependent on the variable length string values as well, so by encoding we also get predictable table sizes.\nTL;DR:\nUsing a map table, and update statements with a subselect, we can encode variable length repeated string values into integer values. We also get better data quality, as now only legal values from the map table can be encoded. The transformation requires at least two ALTER TABLE statements (or matching online schema changes), and one full scan for each column to be encoded. A lot of intermediate disk space is required. This needs planning. ","date":"2020-09-18T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/18/mysql-encoding-fields-for-great-profit.html","tags":["lang_en","mysql","database","innodb","erklaerbaer","mysqldev"],"title":"MySQL: Encoding fields for great profit."},{"categories":null,"content":"Bei der ARD ist man empört! Teslas Kameras: ARD rückt Datenschutzbedenken ins Licht . Will sagen, jemand hat älteren Personen gesteckt, daß ein selbstfahrendes Auto wenig überraschend Kameras braucht, um bei seiner bestimmungsgemäße Verwendung weniger ältere Personen überzumöllern.\nSo weit so wenig überraschend.\nBei einem Tesla sind es 9, bei anderen Automobilen anderer Hersteller noch mehr, und Radar, und Lidar und weitere Sensorsysteme. Problematisch sind nur Kameras, weil Menschen als visuelle Wesen zum Bild eine emotional andere Beziehung haben als zu anderen Daten, die objektiv nicht weniger kritisch sind. Aber Bilder, das ist Hexenwerk, das die Seele stiehlt, das muß man dringend streng kontrollieren.\nOkay, auch nicht überraschend.\nDie Bilder, die dabei anfallen, wertet das Vision System des Tesla live aus, und schmeißt den Großteil davon so schnell als möglich weg. Dazu braucht man Tesla nicht fragen, das kann man sich leicht überlegen.\nOder man spickt, was andere sich überlegt haben - hier geht es um Überwachungskameras, nicht um Netflix und so ist die Qualität nicht dieselbe. Aber darum geht es auch nicht primär. In der Beispielrechnung kommt man mit 2 MBit/s, 8 Stunden und 7 Tage Vorhaltezeit auf 50 GB pro Woche.\nNetflix HD braucht 5 MBit/s, und das sind 17 GB in 8 Stunden, 51 GB rund um die Uhr und 120 GB bzw 360 GB in der Woche bei 8 oder 24h am Tag.\nPro Kamera.\nVon denen wir 9 Stück im Auto haben.\nOkay, das Auto speichert also bestimmte ausgewählte Sequenzen, und manche Autos laden dann kleine Teile davon hoch, wenn es dazu aufgefordert wird.\nGewiss wird es nicht (2 MBit/s * 9 Kameras / 8 Bit/Byte) = 2.25 MB/s, also 8 GB pro Stunde, 64 GB pro Tag mitspeichern und lange vorhalten und noch viel weniger wird es versuchen, diesen Kram in einem deutschen Mobilfunknetz irgendwohin automatisch hochzuladen. Schon gar nicht flottenweit.\nNun gut.\nÜberraschend ist dabei die kurze Denkreichweite. Erstens geht es nicht um Tesla, und nicht einmal um Autos, sondern um jedes einzelbe autonome System mit Sensorik, das wir bauen oder bauen werden.\nUnd es geht auch nicht primär darum, ob die Daten gespeichert oder hochgeladen werden, sondern was das autonome System lokal entscheidet. Aber schauen wir mal in den Artikel:\nTesla will Telematik- und Videodaten zur Verbesserung seiner autonomen Fahrsysteme erfassen, aber mit den Daten auch Marketing betreiben.\nTesla wird insbesondere auch für die Funktion seiner Steuerungsalgorithmen zur Rechenschaft gezogen und muß dann in der Lage sein, einem Kläger, diversen Versicherungen, der Zulassungsstelle und seinen eigenen Ingenieuren darzulegen, was objektiv passiert ist. Also, was die Sensorik des Fahrzeugs aufgezeichnet hat, welche Entscheidungen der Fahrzeugführer und das Bordsystem getroffen hat und wie die Dinge dann abgelaufen sind.\nUm so mehr, wenn wir autonome Systeme haben, die rechtlich der Fahrzeugführer sind und bei denen der Hersteller des Steuerungssystems dann haftend ist statt des Menschen an Bord, der dann nur noch Passagier ist.\nAuch okay und langweilig. Das Ding wird nicht nur Augen brauchen, um zu sehen, sondern auch eine Art Gedächnis, um sich revisionsfest für sich und seinen Hersteller daran zu erinnern, was es gesehen hat und welche Entscheidungen es getroffen hat, denn das Gerät und sein Hersteller werden für diese Dinge zur Rechenschaft gezogen werden.\nKommen wir nun zu den interessanten Fragen:\nDas permanente anlasslose Aufzeichnen verstößt grundsätzlich in Deutschland gegen den Datenschutz.\nDas Auto verarbeitet die Daten, die es mit seinen Sensoren wahrnimmt, laufend, so wie ein Mensch der wach ist und die Augen offen hat. Das soll es und das muß es. Wenn es fährt, aber auch, wenn es geparkt ist und im \u0026ldquo;Sentinel-Mode\u0026rdquo; sich selbst und das Eigentum seines Besitzers überwacht und beschützt.\nDabei kann das Fahrzeug andere Objekte und Personen im ruhenden und bewegten Verkehr identifizieren und klassifizieren, bestimmt ihre relative Position und Geschwindigkeit, wertet ihr Verhalten aus und plant dann seine eigenen Aktionen in Verbindung mit den Zielvorgaben, die es erhalten hat.\nNehmen wir an, das Gerät nimmt dabei einen Verkehrsverstoß in seiner Umwelt wahr.\nZum Beispiel ist es in einer 30 km/h Zone geparkt und jemand brettert dort mit einem Fahrzeug mit 120 km/h durch. Die Kameras hat Beweismaterial, das Kennzeichen sowie die Gechwindigkeit und der Vektor dieses Fahrzeuges ist erfaßt. Soll das Auto die Szene hochladen und automatisch eine Anzeige erstatten? Hättest Du das getan, wenn Du ein photographisches Gedächnis hättest und Abzüge davon machen könntest ?\nDieselbe Szene wie vorher, aber das Fahrzeug fährt nur 42 km/h statt 120 km/h. Wenn das Urteil hier anders ausfällt, als im ersten Fall, warum? Und ab welcher Geschwindigkeit soll die automatische Anzeige ausgelöst werden?\nDas Auto wird manuell gesteuert und regelwidrig in einer 30 km/h Zone auf 120 km/h beschleunigt. Was soll das Auto tun? Ab welcher Geschwindigkeit?\nJetzt fahren wir autonom, und vor uns kommt es zu einem Unfall auf einer Kreuzung. Die Sensoren des Fahrzeugen haben das Geschehen mit Kameras, Lidar und Radar genauestens erfaßt und vermessen und können den Unfallhergang genau rekonstruieren. Was ist mit den Daten des autonomen Fahrzeuges zu tun?\nDer Fahrer des Fahrzeuges parkt sein Fahrzeug manuell regelwidrig in einem absoluten Halteverbot. Das Fahrzeug erkennt dies, und warnt den Fahrer. Der Fahrer ignoriert die Meldung und steigt aus. Was soll das Fahrzeug tun?\nDer Fahrer des Fahrzeuges parkt sein Fahrzeug manuell regelwidrig in einem absoluten Halteverbot. Das Fahrzeug erkennt dies, und warnt den Fahrer. Der Fahrer drückt die Meldung bewußt weg und steigt aus. Was soll das Fahrzeug tun?\nDas Auto wird regelkonform geparkt und stellt zwei Fahrzeuge vor sich ein menschlich gesteuertes Fahrzeug fest, das regelwidrig geparkt und verlassen wird.\nMan beachte, daß bei allen diesen Vorfällen die Daten live erfaßt werden und im Auto zunächst nicht dauerhaft gespeichert werden müssen, sondern nur gepuffert. Das Auto kann entscheiden, die Daten permanent zu speichern, den Vorfall zu melden oder Daten und Meldung zusammen hochzuladen.\nAllerdings entschied der Bundesgerichtshof im Mai 2018 in einem Revisionsverfahren, dass solche Aufnahmen bei Unfall-Prozessen als Beweismittel genutzt werden dürfen.\nDas autonome Fahrzeug hat die Sensoren, um das Geschehen um sich zu erfassen. Es hat die Logik und Regeln, um Regelverstöße von anderen autonomen und menschlich gesteuerten Fahrzeugen zu erfassen, die Fahrzeuge an ihren Kennzeichen zu identifizieren. Es kann entscheiden, die erfaßten Sensordaten bei Regelübertretungen anlaßbezogen zu speichern und zu melden. Die Beweise können dann entnommen oder hochgeladen werden.\nÜber die Verwertbarkeit auch von unzulässig oder rechtswidrig erhobenen Beweisen müsse durch eine Interessen- und Güterabwägung aufgrund der Umstände des Einzelfalles entschieden werden, urteilte der BGH damals.\nDie Daten sind jedenfalls da. Die Einzelfallentscheidungen können dann getroffen werden. Wie sollen die Regeln zur Speicherung und zur Meldung ausfallen? Welche Verstöße und Situationen soll das autonome Gerät zum Anlaß nehmen, die erfaßten Daten anlaßbezogen zu speichern und was soll es wem wann melden?\nIch frage das auch als Radfahrer, der in Deutschland gerne mal mit deutlich weniger als 1.5 Meter Abstand überholt worden ist, und gegenüber dem menschliche Autofahrer ihr Fahrzeug auch mehr als einmal als Waffe verwendet haben, um mich zu nötigen und zu gefährden.\n","date":"2020-09-17T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/17/mein-selbstfahrendes-auto-hat-kameras-oh-nein.html","tags":["lang_de","privacy"],"title":"Mein selbstfahrendes Auto hat Kameras, oh nein!"},{"categories":null,"content":"I have made changes to the RSS Feed of this blog:\nEach \u0026lt;item/\u0026gt; does now contain a container \u0026lt;tags/\u0026gt;, inside a sequence of \u0026lt;tag/\u0026gt; containers, with each posts tags. There is now a second RSS feed for posts tagged #mysql, because of demand. You can find it at https://blog.koehntopp.info/feed_mysql.xml . Example for the tags:\n\u0026lt;channel\u0026gt; \u0026lt;title\u0026gt;Die wunderbare Welt von Isotopp\u0026lt;/title\u0026gt; ... \u0026lt;item\u0026gt; \u0026lt;title\u0026gt;A post title\u0026lt;/title\u0026gt; \u0026lt;link\u0026gt;https://blog.koehntopp.info/2020/09/...\u0026lt;/link\u0026gt; \u0026lt;guid isPermalink=\u0026#34;false\u0026#34;\u0026gt;/2020/09/...\u0026lt;/guid\u0026gt; \u0026lt;tags\u0026gt;\u0026lt;tag\u0026gt;lang_en\u0026lt;/tag\u0026gt;\u0026lt;tag\u0026gt;mysql\u0026lt;/tag\u0026gt;\u0026lt;tag\u0026gt;database\u0026lt;/tag\u0026gt;\u0026lt;/tags\u0026gt; \u0026lt;description\u0026gt;blah blah blah\u0026lt;/description\u0026gt; \u0026lt;/item\u0026gt; \u0026lt;/channel\u0026gt; So if you want only the MySQL content, subscribe to this feed , if you want all the content, subscribe to the original feed . In both cases, use the \u0026lt;tags/\u0026gt; to filter further down.\n","date":"2020-09-09T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/09/feeds-tagged-and-a-mysql-feed.html","tags":["lang_en","mysql","blog"],"title":"Feeds tagged, and a MySQL feed"},{"categories":null,"content":"So this has turned into a small series, explaining how to work with MYSQL from a developers perspective. This post is intended as a directory for the individual articles. It will be amended and re-dated as necessary.\nThe code for the series is also available in isotopp/mysql-dev-examples on GitHub.\nThe Tag #mysqldev will reference all articles from this series.\nMySQL Transactions - the physical side . Looking at how MySQL InnoDB handles transactions on the physical media, enabling rollback and commit. Introduces a number of important concepts: The Undo-Log, the Redo-Log, the Doublewrite Buffer, and the corrosponding in memory structures, the Log Buffer and the InnoDB Buffer Pool, as well as the concept of a page.\nMySQL Commit Size and Speed . This article has code in Github, in mysql-commit-size/. We benchmark MySQL write speed as a function of number of rows written per commit.\nMySQL Connection Scoped State . Looking at things that are stateful and attached to a MySQL connection, and are lost on disconnect.\nMySQL Transactions - the logical view . This article introduces the concept of TRANSACTION ISOLATION LEVEL and how pushing things into the Undo-Log, while a necessity to implement ROLLBACK for a Writer, enables features for a Reader.\nMySQL Transactions - writing data . This article has code in Github, in mysql-transactions-counter. We increment a counter in the database, with multiple concurrent writers, and see what happens.\nMySQL: Locks and Deadlocks . When changing multiple rows, it is possible to take out locks in transactions one by one. Depending on how that is done, it may come to deadlocks, and server-initiated rollbacks. When that happens, the transaction must be retried.\nMySQL Deadlocks with INSERT When using the obscure transaction isolation level SERIALIZABLE, it may happen that a single INSERT can deadlock. Here is how, and why.\nMySQL Foreign Keys and Foreign Key Constraints When establishing relationships between tables, you are doing this by putting one tables primary keys into another tables columns. Enforcing valid pointers between tables seems like a sexy idea, but is painful, and maybe hurts more than it helps.\nMySQL Foreign Key Constraints and Locking Looking at tables with foreign key constraints, we check what happens to table and row locks, and how this is different from before.\nMySQL: Some Character Set Basics A collection and re-evaluation of things I wrote about MySQL character sets in the past, updated to match MySQL 8.\nMySQL: NULL is NULL Understanding the handling of NULL values in SQL. NULL is not false, nor None/nil/undef, but is a thing specific to SQL.\nMySQL: Basic usage of the JSON data type MySQL 8 gains support of a JSON data type. How to get data in and out of JSON fields.\n","date":"2020-09-07T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/07/mysql-from-a-developers-perspective.html","tags":["lang_en","mysql","database","innodb","erklaerbaer","mysqldev"],"title":"MySQL from a Developers Perspective"},{"categories":null,"content":"We have had a look at how MySQL 8 handles JSON recently, but with all those JSON functions and expressions it is clear that many JSON accesses cannot be fast. To grab data from a JSON column, you will use a lot of $-\u0026gt;\u0026gt;field expressions and similar, and without indexes nothing of this will be fast.\nJSON cannot be indexed.\nBut MySQL 8 offers another feature that comes in handy: Generated columns and indexes on those. Let\u0026rsquo;s look at the parts, step by step, and how to make them work, because they are useful even outside the context of JSON.\nAn example table For the following example we are going to define a table t1 with an integer id and two integer data fields, a and b. We will be filling it with random integers up to 999 for the data values:\nmysql]\u0026gt; create table t1 ( -\u0026gt; id integer not null primary key auto_increment, -\u0026gt; a integer, -\u0026gt; b integer -\u0026gt; ); Query OK, 0 rows affected (0.07 sec) mysql\u0026gt; insert into t1 ( id, a, b) values (NULL, ceil(rand()*1000), ceil(rand()*1000)); Query OK, 1 row affected (0.01 sec) mysql\u0026gt; insert into t1 (id, a, b) select NULL, ceil(rand()*1000), ceil(rand()*1000) from t1; Query OK, 1 row affected (0.01 sec) Records: 1 Duplicates: 0 Warnings: 0 ... mysql\u0026gt; insert into t1 (id, a, b) select NULL, ceil(rand()*1000), ceil(rand()*1000) from t1; Query OK, 524288 rows affected (6.83 sec) Records: 524288 Duplicates: 0 Warnings: 0 mysql\u0026gt; select count(*) from t1; +----------+ | count(*) | +----------+ | 1048576 | +----------+ 1 row in set (0.04 sec) Generated columns A generated column is a column with values that are calculated from a deterministic expression provided in the column definition. It has the usual name and type, and then a GENERATED ALWAYS AS () term. The parentheses are part of the syntax and cannot be left off. The GENERATED ALWAYS is optional, and we are going to leave it off, because we are lazy.\nThe column can be VIRTUAL, in which case the expression is evaluated when reading every time a value is needed, or STORED, in which case the value is materialized and stored on write.\nIt may also contain inline index definitions and a column comment.\nVIRTUAL generated columns So we get our trivial example:\nmysql\u0026gt; alter table t1 add column c integer as ( a+b ) virtual; Query OK, 0 rows affected (0.11 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql\u0026gt; select * from t1 limit 3; +----+------+------+------+ | id | a | b | c | +----+------+------+------+ | 1 | 997 | 808 | 1805 | | 2 | 51 | 831 | 882 | | 3 | 998 | 499 | 1497 | +----+------+------+------+ 3 rows in set (0.00 sec) That was fast - the table definition is changed, but because the column is VIRTUAL, no data values need to be changed. Instead, the data is calculated on read access. We could have written our sample read as SELECT id, a, b, a+b AS c FROM t1 LIMIT 3 for the same effect, because that is what happened.\nWe may even store that statement in a view and then call it, and that\u0026rsquo;s effectively the same:\nmysql\u0026gt; create view v1 as select id, a, b, a+b as c from t1; Query OK, 0 rows affected (0.03 sec) mysql\u0026gt; select * from v1 limit 3; +----+------+------+------+ | id | a | b | c | +----+------+------+------+ | 1 | 997 | 808 | 1805 | | 2 | 51 | 831 | 882 | | 3 | 998 | 499 | 1497 | +----+------+------+------+ 3 rows in set (0.00 sec) Well, not quite. Let\u0026rsquo;s explain the same query on t1 and v1 and see what the optimizer has to say:\nmysql\u0026gt; explain select * from t1 where c\u0026lt;50\\G id: 1 select_type: SIMPLE table: t1 partitions: NULL type: ALL possible_keys: NULL key: NULL key_len: NULL ref: NULL rows: 1046904 filtered: 33.33 Extra: Using where 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select `kris`.`t1`.`id` AS `id`,`kris`.`t1`.`a` AS `a`,`kris`.`t1`.`b` AS `b`,`kris`.`t1`.`c` AS `c` from `kris`.`t1` where (`kris`.`t1`.`c` \u0026lt; 50) mysql\u0026gt; explain select * from v1 where c\u0026lt;50\\G id: 1 select_type: SIMPLE table: t1 partitions: NULL type: ALL possible_keys: NULL key: NULL key_len: NULL ref: NULL rows: 1046904 filtered: 100.00 Extra: Using where 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select `kris`.`t1`.`id` AS `id`,`kris`.`t1`.`a` AS `a`,`kris`.`t1`.`b` AS `b`,(`kris`.`t1`.`a` + `kris`.`t1`.`b`) AS `c` from `kris`.`t1` where ((`kris`.`t1`.`a` + `kris`.`t1`.`b`) \u0026lt; 50) The output differs slightly in two places: the estimate given for filtered is different, and the view \u0026ldquo;sees\u0026rdquo; and exposes the definition for c as a+b in the reparsed statement in the \u0026ldquo;Note\u0026rdquo; section.\nFurther down we will also see how the generated column can be indexed, while the statement expression can not - and that in the end what makes the key difference in performance.\nSTORED generated columns Let\u0026rsquo;s flip from VIRTUAL to STORED and see what happens. We drop the old definition of c, and re-add the same one, but with a STORED attribute.\nmysql\u0026gt; alter table t1 drop column c, add column c integer as (a+b) stored; Query OK, 1048576 rows affected (6.27 sec) Records: 1048576 Duplicates: 0 Warnings: 0 If we looked at the average row length in INFORMATION_SCHEMA.TABLES, we would see it as a bit longer (but as is usual with I_S.TABLES output for small and narrow tables, the values are a bit off).\nWe also see the ALTER TABLE now takes actual time, proportional to the table size. What happened is that the values for c now get materialized on write, as if we defined a BEFORE INSERT trigger maintaining the values in c.\nTrying to write to a generated column fails (except when it doesn\u0026rsquo;t) VIRTUALand STORED don\u0026rsquo;t matter: you can\u0026rsquo;t write to generated columns:\nmysql\u0026gt; update t1 set c = 17 where id = 3; ERROR 3105 (HY000): The value specified for generated column \u0026#39;c\u0026#39; in table \u0026#39;t1\u0026#39; is not allowed. mysql\u0026gt; replace into t1 set id=3, c=17; ERROR 3105 (HY000): The value specified for generated column \u0026#39;c\u0026#39; in table \u0026#39;t1\u0026#39; is not allowed. With one exception:\nmysql\u0026gt; update t1 set c=default where id = 3; Query OK, 0 rows affected (0.00 sec) Rows matched: 1 Changed: 0 Warnings: 0 So if you aren\u0026rsquo;t actually writing to c, you are allowed to write to c. That sounds stupid until you define a view on t1 that includes c and is considered updatable - by allowing this construct, it stays updatable, even if it includes c.\nFilling in the correct value is not the same as default and does not work:\nmysql\u0026gt; select * from t1 limit 1; +----+------+------+------+ | id | a | b | c | +----+------+------+------+ | 1 | 997 | 808 | 1805 | +----+------+------+------+ 1 row in set (0.00 sec) mysql\u0026gt; update t1 set c=1805 where id=1; ERROR 3105 (HY000): The value specified for generated column \u0026#39;c\u0026#39; in table \u0026#39;t1\u0026#39; is not allowed. Caution: CREATE TABLE \u0026hellip; AS SELECT vs. generated columns We already know (I hope) that CREATE TABLE ... AS SELECT is of the devil and should not be used to copy table definitions: It creates a table from the result set of the select statement, which is most definitively not the definition of the original table.\nWe have seen this fail already with indexes and foreign key definitions, and in case you didn\u0026rsquo;t, here is what I mean:\nmysql\u0026gt; create table sane ( id integer not null primary key auto_increment, t1id integer, foreign key (t1id) references t1(i d) ); Query OK, 0 rows affected (0.06 sec) mysql\u0026gt; show create table sane\\G Table: sane Create Table: CREATE TABLE `sane` ( `id` int NOT NULL AUTO_INCREMENT, `t1id` int DEFAULT NULL, PRIMARY KEY (`id`), KEY `t1id` (`t1id`), CONSTRAINT `sane_ibfk_1` FOREIGN KEY (`t1id`) REFERENCES `t1` (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) mysql\u0026gt; insert into sane values (1, 1), (2, 2), (3, 3), (4, 4); Query OK, 4 rows affected (0.01 sec) Records: 4 Duplicates: 0 Warnings: 0 mysql\u0026gt; create table broken as select * from sane; Query OK, 4 rows affected (0.07 sec) Records: 4 Duplicates: 0 Warnings: 0 mysql\u0026gt; show create table broken\\G Table: broken Create Table: CREATE TABLE `broken` ( `id` int NOT NULL DEFAULT \u0026#39;0\u0026#39;, `t1id` int DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.01 sec) broken is most decidedly not the same table as sane. The definition of broken has been inferred from the format of the result set, which may or may not have the same types as the base table(s). It also has no indexes and no constraints.\nThe correct way to copy a table definition is CREATE TABLE ... LIKE ... and then move the data with INSERT ... SELECT .... You still have to move the foreign key constraints manually, though:\nmysql\u0026gt; create table unbroken like sane; Query OK, 0 rows affected (0.10 sec) mysql\u0026gt; insert into unbroken select * from sane; Query OK, 4 rows affected (0.01 sec) Records: 4 Duplicates: 0 Warnings: 0 mysql\u0026gt; show create table unbroken\\G Table: unbroken Create Table: CREATE TABLE `unbroken` ( `id` int NOT NULL AUTO_INCREMENT, `t1id` int DEFAULT NULL, PRIMARY KEY (`id`), KEY `t1id` (`t1id`) ) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) And here is how it works with generated columns:\nmysql\u0026gt; create table t2 as select * from t1; Query OK, 1048576 rows affected (14.89 sec) Records: 1048576 Duplicates: 0 Warnings: 0 mysql\u0026gt; show create table t2\\G Table: t2 Create Table: CREATE TABLE `t2` ( `id` int NOT NULL DEFAULT \u0026#39;0\u0026#39;, `a` int DEFAULT NULL, `b` int DEFAULT NULL, `c` int DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) CREATE TABLE ... AS SELECT ... defined a table from the result set of the select clause, and the fact that c is generated is completely lost. So we now have a normal 4-column table.\nSo, how about CREATE TABLE ... LIKE ...?\nmysql\u0026gt; drop table t2; Query OK, 0 rows affected (0.08 sec) mysql\u0026gt; create table t2 like t1; Query OK, 0 rows affected (0.10 sec) mysql\u0026gt; show create table t2\\G Table: t2 Create Table: CREATE TABLE `t2` ( `id` int NOT NULL AUTO_INCREMENT, `a` int DEFAULT NULL, `b` int DEFAULT NULL, `c` int GENERATED ALWAYS AS ((`a` + `b`)) STORED, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) Yes! Success! Ok, now the data:\nmysql\u0026gt; insert into t2 select * from t1; ERROR 3105 (HY000): The value specified for generated column \u0026#39;c\u0026#39; in table \u0026#39;t2\u0026#39; is not allowed. Oh, right.\nmysql\u0026gt; insert into t2 select id, a, b from t1; ERROR 1136 (21S01): Column count doesn\u0026#39;t match value count at row 1 Aww, yes. Okay, the full monty:\nmysql\u0026gt; insert into t2 (id, a, b) select id, a, b from t1; Finally.\nOk, copying data between tables with generated columns requires a bit more engineering than a mindless INSERT ... SELECT *. The rules are not unexpected, we have explored them right above, still\u0026hellip;\nThe wrong data type Ok, let\u0026rsquo;s get a bit mean. What happens when we define c tinyint as (a+b) virtual so that the values exceed the range possible in a signed single bit value?\nmysql\u0026gt; select * from t1 limit 3; +----+------+------+------+ | id | a | b | c | +----+------+------+------+ | 1 | 997 | 808 | 1805 | | 2 | 51 | 831 | 882 | | 3 | 998 | 499 | 1497 | +----+------+------+------+ 3 rows in set (0.00 sec) mysql\u0026gt; alter table t1 drop column c, add column c tinyint as (a+b) virtual; ERROR 1264 (22003): Out of range value for column \u0026#39;c\u0026#39; at row 1 Oh, they are on to us!?!? Are they?\nThey are not when we do it in two steps:\nmysql\u0026gt; alter table t1 drop column c; Query OK, 0 rows affected (9.24 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql\u0026gt; alter table t1 add column c tinyint as (a+b) virtual; Query OK, 0 rows affected (0.08 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql\u0026gt; select * from t1 limit 3; +----+------+------+------+ | id | a | b | c | +----+------+------+------+ | 1 | 997 | 808 | 127 | | 2 | 51 | 831 | 127 | | 3 | 998 | 499 | 127 | +----+------+------+------+ 3 rows in set (0.00 sec) It clips the values according to the rules that MySQL always had, and that ate so much data.\nNow, let\u0026rsquo;s CREATE TABLE ... AS SELECT again:\nmysql\u0026gt; drop table broken; Query OK, 0 rows affected (0.07 sec) mysql\u0026gt; create table broken as select * from t1; ERROR 1264 (22003): Out of range value for column \u0026#39;c\u0026#39; at row 2 Error (Code 1264): Out of range value for column \u0026#39;c\u0026#39; at row 2 Error (Code 1030): Got error 1 - \u0026#39;Operation not permitted\u0026#39; from storage engine Wow. No less than three error messages. At least they mention the column c and the word \u0026ldquo;range\u0026rdquo;, so we kind of can have an idea what goes on. Still, this is only medium helpful and initially confusing.\nWhat happens, and why?\nmysql\u0026gt; select @@sql_mode; +--------------------------------------------+ | @@sql_mode | +--------------------------------------------+ | STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION | +--------------------------------------------+ 1 row in set (0.00 sec) mysql\u0026gt; set sql_mode = \u0026#34;\u0026#34;; Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; create table broken as select * from t1; ... Warning (Code 1264): Out of range value for column \u0026#39;c\u0026#39; at row 1028 Warning (Code 1264): Out of range value for column \u0026#39;c\u0026#39; at row 1029 Warning (Code 1264): Out of range value for column \u0026#39;c\u0026#39; at row 1030 SQL_MODE helpfully detected the problem and prevented data loss. As usual, SQL_MODE was as useless as it was helpful - while it prevented data loss, it did not directly point us into the right direction with its error messages.\nBy turning off SQL_MODE we get the clipped values copied and a bunch of warnings that everybody ignores all the time, anyway, so I guess it\u0026rsquo;s an improvement.\nAllowed and disallowed functions For generated columns to work it is a requirement that the functions are deterministic, idempotent and side effect free. All user defined functions and stored functions are disallowed, and the usual suspects from the set of builtins are also out:\nmysql\u0026gt; create table testme (id integer not null primary key auto_increment, a integer, b integer, c integer as (sleep(2))); ERROR 3763 (HY000): Expression of generated column \u0026#39;c\u0026#39; contains a disallowed function: sleep. mysql\u0026gt; create table testme (id integer not null primary key auto_increment, a integer, b integer, c integer as (uuid())); ERROR 3763 (HY000): Expression of generated column \u0026#39;c\u0026#39; contains a disallowed function: uuid. mysql\u0026gt; create table testme (id integer not null primary key auto_increment, a integer, b integer, c integer as (rand())); ERROR 3763 (HY000): Expression of generated column \u0026#39;c\u0026#39; contains a disallowed function: rand. mysql\u0026gt; create table testme (id integer not null primary key auto_increment, a integer, b integer, c integer as (now())); ERROR 3763 (HY000): Expression of generated column \u0026#39;c\u0026#39; contains a disallowed function: now. mysql\u0026gt; create table testme (id integer not null primary key auto_increment, a integer, b integer, c integer as (connection_id())); ERROR 3763 (HY000): Expression of generated column \u0026#39;c\u0026#39; contains a disallowed function: connection_id. mysql\u0026gt; create table testme (id integer not null primary key auto_increment, a integer, b integer, c integer as (last_insert_id())); ERROR 3763 (HY000): Expression of generated column \u0026#39;c\u0026#39; contains a disallowed function: last_insert_id. mysql\u0026gt; set @c := 1; Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; create table testme (id integer not null primary key auto_increment, a integer, b integer, c integer as (@c)); ERROR 3772 (HY000): Default value expression of column \u0026#39;c\u0026#39; cannot refer user or system variables. mysql\u0026gt; create table testme (id integer not null primary key auto_increment, a integer, b integer, c integer as (id)); ERROR 3109 (HY000): Generated column \u0026#39;c\u0026#39; cannot refer to auto-increment column. mysql\u0026gt; create table testme (id integer not null primary key auto_increment, a integer, b integer, c integer as (a)); Query OK, 0 rows affected (0.09 sec) mysql\u0026gt; alter table testme change column a x integer; ERROR 3108 (HY000): Column \u0026#39;a\u0026#39; has a generated column dependency. mysql\u0026gt; alter table testme drop column c, change column a x integer, add column c integer as (x); Query OK, 0 rows affected (0.21 sec) Records: 0 Duplicates: 0 Warnings: 0 From the final example above we learn that it is also impossible to change the existing definition of any column that is used by a generated column definition. We need to drop the generated column, change the definition of the base columns and then recreate the generated column.\nFor VIRTUAL columns that is cheap, for STORED - less so.\nSecondary indexes and generated columns So far, so nice. Now let\u0026rsquo;s cash in on this: Indexes, we have them. At least secondary indexes:\nmysql\u0026gt; create table wtf ( b integer not null, id integer as (b) not null primary key); ERROR 3106 (HY000): \u0026#39;Defining a virtual generated column as primary key\u0026#39; is not supported for generated columns. mysql\u0026gt; show create table t1\\G Table: t1 Create Table: CREATE TABLE `t1` ( `id` int NOT NULL AUTO_INCREMENT, `a` int DEFAULT NULL, `b` int DEFAULT NULL, `c` int GENERATED ALWAYS AS ((`a` + `b`)) VIRTUAL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=1376221 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) mysql\u0026gt; alter table t1 add index(c); Query OK, 0 rows affected (5.62 sec) Records: 0 Duplicates: 0 Warnings: 0 As expected, adding the index takes time, even if the column c is VIRTUAL: For an index we extract the indexed values from the table, sort them and store them together with pointers to the base row in the (secondary) index tree. In InnoDB, the pointer to the base row is always the primary key, so what we get in the index is actually pairs of (c, id).\nWe can prove that:\nQueries for c can be answered from the index. The index is called covering, it saves us chasing the row pointer and access to the actual row. In an EXPLAIN we see this being indicated with using index. Queries for c and id should also be covering: the queried values are all present in the index so that going to the base row is unnecessary. Querying for c and a is not covering, so the using index should be gone. And indeed:\nmysql\u0026gt; explain select c from t1 where c \u0026lt; 50\\G ... possible_keys: c key: c ... rows: 1257 Extra: Using where; Using index 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select `kris`.`t1`.`c` AS `c` from `kris`.`t1` where (`kris`.`t1`.`c` \u0026lt; 50) mysql\u0026gt; explain select c, id from t1 where c \u0026lt; 50\\G key: c ... Extra: Using where; Using index 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select `kris`.`t1`.`c` AS `c`,`kris`.`t1`.`id` AS `id` from `kris`.`t1` where (`kris`.`t1`.`c` \u0026lt; 50) mysql\u0026gt; explain select c, a from t1 where c \u0026lt; 50\\G ... possible_keys: c key: c ... Extra: Using where 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select `kris`.`t1`.`id` AS `id`,`kris`.`t1`.`a` AS `a`,`kris`.`t1`.`b` AS `b`,`kris`.`t1`.`c` AS `c` from `kris`.`t1` where (`kris`.`t1`.`c` \u0026lt; 50) As predicted, the final query for c, a cannot be covering and is missing the using index notice in the Extra column. This is still a good query: it is considering and using the index on c - the index alone is just not sufficient to resolve the query.\nThis should give us an idea about how to design:\nIn almost all cases STORED columns will not be paying off. They use disk space, and still need to evaluate the expression at least once for storage. If indexed, they will use disk space in the index a second time - the column is actually materialized twice, in the table in primary key order and the index in index order.\nSTORED generated columns make sense only if the expression is complicated and slow to calculate. But with the set of functions available to us that is hardly going to be the case, ever. So unless the expression is being evaluated really often the cost for the storage is not ever amortized.\nEven then, for generated columns STORED and VIRTUAL, many queries can probably be answered leveraging an index on the generated column so that we might try to get away with VIRTUAL columns all the time.\nGenerated columns and the Optimizer The optimizer is aware of the generated column definitions, and can leverage them, as long as they match:\nmysql\u0026gt; show create table t1\\G Table: t1 Create Table: CREATE TABLE `t1` ( `id` int NOT NULL AUTO_INCREMENT, `a` int DEFAULT NULL, `b` int DEFAULT NULL, `c` int GENERATED ALWAYS AS ((`a` + `b`)) VIRTUAL, PRIMARY KEY (`id`), KEY `c` (`c`) ) ENGINE=InnoDB AUTO_INCREMENT=1376221 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) mysql\u0026gt; explain select a+b from t1 where a+b\u0026lt;50\\G *************************** 1. row *************************** id: 1 select_type: SIMPLE table: t1 partitions: NULL type: range possible_keys: c key: c key_len: 5 ref: NULL rows: 1257 filtered: 100.00 Extra: Using where 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select (`kris`.`t1`.`a` + `kris`.`t1`.`b`) AS `a+b` from `kris`.`t1` where (`kris`.`t1`.`c` \u0026lt; 50) The optimizer is still the MySQL optimizer we all love to hate, so you have to be pretty literal for the match:\nmysql\u0026gt; explain select b+a from t1 where b+a\u0026lt;50\\G *************************** 1. row *************************** id: 1 select_type: SIMPLE table: t1 partitions: NULL type: ALL possible_keys: NULL key: NULL key_len: NULL ref: NULL rows: 1046422 filtered: 100.00 Extra: Using where 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select (`kris`.`t1`.`b` + `kris`.`t1`.`a`) AS `b+a` from `kris`.`t1` where ((`kris`.`t1`.`b` + `kris`.`t1`.`a`) \u0026lt; 50) Yup, no canonicalization, for reasons.\nMaking it work with JSON That\u0026rsquo;s a long article. Do you still remember how we started?\nJSON cannot be indexed.\nWell, now it can and you know how.\nmysql\u0026gt; show create table t\\G Table: t Create Table: CREATE TABLE `t` ( `id` int NOT NULL AUTO_INCREMENT, `j` json DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) mysql\u0026gt; select * from t; +----+-------------------------------------------------------+ | id | j | +----+-------------------------------------------------------+ | 1 | {\u0026#34;home\u0026#34;: \u0026#34;/home/kris\u0026#34;, \u0026#34;paid\u0026#34;: false, \u0026#34;user\u0026#34;: \u0026#34;kris\u0026#34;} | | 2 | {\u0026#34;home\u0026#34;: \u0026#34;/home/sven\u0026#34;, \u0026#34;paid\u0026#34;: false, \u0026#34;user\u0026#34;: \u0026#34;sven\u0026#34;} | | 3 | false | +----+-------------------------------------------------------+ 3 rows in set (0.00 sec) mysql\u0026gt; alter table t add column user varchar(80) as (j-\u0026gt;\u0026#39;$.user\u0026#39;) virtual, add index (user); Query OK, 0 rows affected (0.10 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql\u0026gt; select user, id from t; +--------+----+ | user | id | +--------+----+ | NULL | 3 | | \u0026#34;kris\u0026#34; | 1 | | \u0026#34;sven\u0026#34; | 2 | +--------+----+ 3 rows in set (0.00 sec) mysql\u0026gt; explain select id, j from t where id = 1\\G *************************** 1. row *************************** id: 1 select_type: SIMPLE table: t partitions: NULL type: const possible_keys: PRIMARY key: PRIMARY key_len: 4 ref: const rows: 1 filtered: 100.00 Extra: NULL 1 row in set, 1 warning (0.00 sec) Note (Code 1003): /* select#1 */ select \u0026#39;1\u0026#39; AS `id`,\u0026#39;{\u0026#34;home\u0026#34;: \u0026#34;/home/kris\u0026#34;, \u0026#34;paid\u0026#34;: false, \u0026#34;user\u0026#34;: \u0026#34;kris\u0026#34;}\u0026#39; AS `j` from `kris`.`t` where true Yay, ref: const, primary key lookup in the optimizer, and we did not even have a query to run.\nSummary We have been looking at the two flavors of generated columns, and how they can make our life easier in many ways. We have been looking at various pitfalls with respect to copying data and table definitions around. We have been learning about indexing generated columns, and how the optimizer can leverage indexes even against the expressions defined in generated columns.\nFinally, we put the parts together and made JSON data lookups fast.\nThis should give us a number of ideas in terms of sensible table design around JSON. Often we use JSON for variable-ish data while we explore a data model. Then a JSON schema solidifies, and we can leverage values we require and rely on by putting them into generated columns and index these, then use these for search and access.\nEventually we may extract the columns from the variable JSON part of the schema completely and turn them into actually statically typed columns of the SQL schema, because we require them all the time.\nThese open up a pathway to incremental schema design while at the same time being flexible enough to have bag style soft and denormalized data types where we need them.\nThe Fine Manual There is a lot more to all of this than I can show here. This means you have homework. Read the following manual pages:\nCREATE TABLE and Generated Columns The basics in a single page.\nSecondary Indexes and Generated Columns Indexing generated columns, with special considerations on indexing JSON\nOptimizer Use of Generated Column Indexes We all love to hate the optimizer, but it has learned a lot of new tricks. Here\u0026rsquo;s what it does understand.\nThe CREATE INDEX statement and multi valued indexes The entire page is useful, because it speaks about functional indexes and how they are implemented as hidden virtual columns and indexes on these (which has implications). But within the discussion of JSON, the interesting part are Multi-Valued Indexes, which are indexes on non-scalar values such as JSON arrays, and how they are being used to speed up certain JSON functions that deal with array membership and overlaps.\n","date":"2020-09-07T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/07/mysql-generated-columns-and-virtual-indexes.html","tags":["lang_en","mysql","mysqldev","database","erklaerbaer"],"title":"MySQL: Generated Columns and virtual indexes"},{"categories":null,"content":"MySQL 8 provides solid support for the JSON data type. The manual has an overview of the data type , a JSON function reference , an an overview on generated column indexes , and explains multi-values indexes .\nCreating JSON columns Creating JSON columns is easy: Make the column of the JSON data type, fill in valid JSON data.\nmysql\u0026gt; create table t ( id integer not null primary key auto_increment, j json); Query OK, 0 rows affected (0.11 sec) mysql\u0026gt; insert into t (j) values -\u0026gt; (\u0026#39;null\u0026#39;), -\u0026gt; (\u0026#39;true\u0026#39;), -\u0026gt; (\u0026#39;false\u0026#39;), -\u0026gt; (\u0026#39;1\u0026#39;), -\u0026gt; (\u0026#39;\u0026#34;keks\u0026#34;\u0026#39;), -\u0026gt; (\u0026#39;[\u0026#34;eins\u0026#34;, \u0026#34;zwei\u0026#34;]\u0026#39;), -\u0026gt; (\u0026#39;{\u0026#34;eins\u0026#34;: \u0026#34;one\u0026#34;, \u0026#34;zwei\u0026#34;: \u0026#34;two\u0026#34;}\u0026#39;); Query OK, 5 rows affected (0.02 sec) mysql\u0026gt; select json_type(j) as type, json_valid(j) as valid, isnull(j) as sqlnull, j, id from t; +---------+-------+---------+--------------------------------+----+ | type | valid | sqlnull | j | id | +---------+-------+---------+--------------------------------+----+ | NULL | NULL | 1 | NULL | 1 | | NULL | 1 | 0 | null | 2 | | BOOLEAN | 1 | 0 | true | 3 | | BOOLEAN | 1 | 0 | false | 4 | | INTEGER | 1 | 0 | 1 | 5 | | STRING | 1 | 0 | \u0026#34;keks\u0026#34; | 6 | | ARRAY | 1 | 0 | [\u0026#34;eins\u0026#34;, \u0026#34;zwei\u0026#34;] | 7 | | OBJECT | 1 | 0 | {\u0026#34;eins\u0026#34;: \u0026#34;one\u0026#34;, \u0026#34;zwei\u0026#34;: \u0026#34;two\u0026#34;} | 8 | +---------+-------+---------+--------------------------------+----+ 8 rows in set (0.00 sec) mysql\u0026gt; insert into t (j) values (\u0026#39;[\u0026#34;incomplete\u0026#34;, \u0026#34;array\u0026#34;, \u0026#34;closing bracket\u0026#34;\u0026#39;); ERROR 3140 (22032): Invalid JSON text: \u0026#34;Missing a comma or \u0026#39;]\u0026#39; after an array element.\u0026#34; at position 41 in value for column \u0026#39;t.j\u0026#39;. We learn several things from this experiment:\nLiteral JSON values are always simple strings. The character set in JSON objects is utf8mb4, the collation is utf8mb4_bin. Because the collation is a _bin collation, comparison is case-sensitive. Charset and collation are fixed and cannot be changed without casting to a non-JSON type. We enclose them in single quotes, leveraging the fact that MySQL allows both single and double quotes as string terminators. This saves us a lot of quoting. JSON null is written as the string 'null'. JSON true is written as the string 'true'. JSON false is written as the string 'false'. We allowed NULL values in our JSON column definition by not providing a NOT NULL clause. SQL NULL is different from JSON 'null', but is cast to this. We can use the JSON_TYPE() function to check the JSON type inside the JSON column. The JSON is parsed, and checked for validity. The JSON_VALID() function does the checking. It also exposes the difference between SQL NULL and JSON 'null'. So does the SQL ISNULL() function (or the IS NULL comparison operator). Creating JSON values We can see JSON literal notation already from the previous example. There are also two utility functions to construct JSON array and object structures from SQL scalars. They are JSON_ARRAY() and JSON_OBJECT(). Note the handling of SQL NULL values.\nmysql\u0026gt; select json_array(1, NULL, 2) as ary, json_object(\u0026#34;eins\u0026#34;, \u0026#34;one\u0026#34;, \u0026#34;null\u0026#34;, NULL, \u0026#34;zwei\u0026#34;, \u0026#34;two\u0026#34;) as obj; +--------------+----------------------------------------------+ | ary | obj | +--------------+----------------------------------------------+ | [1, null, 2] | {\u0026#34;eins\u0026#34;: \u0026#34;one\u0026#34;, \u0026#34;null\u0026#34;: null, \u0026#34;zwei\u0026#34;: \u0026#34;two\u0026#34;} | +--------------+----------------------------------------------+ 1 row in set (0.01 sec) We can use JSON_MERGE_PRESERVE() and JSON_MERGE_PATCH() to incrementally build complicated structures. JSON_MERGE_PRESERVE() replaces JSON_MERGE(), which is deprecated and should no longer be used.\nmysql\u0026gt; select json_merge_preserve(\u0026#39;[3, 4, 5]\u0026#39;, \u0026#39;[1, 2, 3]\u0026#39;) as preserve, json_merge_patch(\u0026#39;[1, 2, 3]\u0026#39;, \u0026#39;[3, 4, 5]\u0026#39;) as patch\\G preserve: [3, 4, 5, 1, 2, 3] patch: [3, 4, 5] 1 row in set (0.00 sec) mysql\u0026gt; select json_merge_preserve(\u0026#39;{\u0026#34;eins\u0026#34;: \u0026#34;one\u0026#34;, \u0026#34;zwei\u0026#34;: \u0026#34;two\u0026#34;}\u0026#39;, \u0026#39;{\u0026#34;zwei\u0026#34;: \u0026#34;two\u0026#34;, \u0026#34;drei\u0026#34;: \u0026#34;three\u0026#34;}\u0026#39;) as preserve, json_merge_patch(\u0026#39;{\u0026#34;eins\u0026#34;: \u0026#34;one\u0026#34;, \u0026#34;zwei\u0026#34;: \u0026#34;two\u0026#34;}\u0026#39;, \u0026#39;{\u0026#34;zwei\u0026#34;: \u0026#34;two\u0026#34;, \u0026#34;drei\u0026#34;: \u0026#34;three\u0026#34;}\u0026#39;) as patch\\G preserve: {\u0026#34;drei\u0026#34;: \u0026#34;three\u0026#34;, \u0026#34;eins\u0026#34;: \u0026#34;one\u0026#34;, \u0026#34;zwei\u0026#34;: [\u0026#34;two\u0026#34;, \u0026#34;two\u0026#34;]} patch: {\u0026#34;drei\u0026#34;: \u0026#34;three\u0026#34;, \u0026#34;eins\u0026#34;: \u0026#34;one\u0026#34;, \u0026#34;zwei\u0026#34;: \u0026#34;two\u0026#34;} 1 row in set (0.00 sec) Quotes and quoting can be a bit painful, and even confusing. Let\u0026rsquo;s put the string A so-called \u0026quot;string\u0026quot;. into a JSON string, inside an SQL statement. To turn this text into a JSON string we need to put double quotes around it, quoting our internal double quotes with backslashes. To produce a backslash literal, we need to write a double backslash.\nThe result:\nmysql\u0026gt; insert into t (j) values (\u0026#39;\u0026#34;A so-called \\\\\u0026#34;string\\\\\u0026#34;.\u0026#34;\u0026#39;); Query OK, 1 row affected (0.02 sec) mysql\u0026gt; select last_insert_id() as id\\G id: 9 1 row in set (0.00 sec) We can get this back as j, or use JSON extractors (JSON_EXTRACT(), or -\u0026gt;). The current document is $, so:\nmysql\u0026gt; select j, j-\u0026gt;\u0026#39;$\u0026#39; as jj, j-\u0026gt;\u0026gt;\u0026#39;$\u0026#39; as jj_unquoted from t where id = 9\\G j: \u0026#34;A so-called \\\u0026#34;string\\\u0026#34;.\u0026#34; jj: \u0026#34;A so-called \\\u0026#34;string\\\u0026#34;.\u0026#34; jj_unquoted: A so-called \u0026#34;string\u0026#34;. 1 row in set (0.00 sec) This brings us to component access:\nJSON component access Using the JSON_EXTRACT() function and JSON path syntax, we can access fields in the JSON and select for them, as foreshadowed above.\nWe get the following selectors:\n$, the current JSON document. .key, select the key from the current object. Use .\u0026quot;key with space\u0026quot; when necessary. [N] selects the element N from a JSON array, starting to count at 0. .\u0026quot;equipment-ids\u0026quot;[1] is interesting, because we need to quote \u0026quot;equipment-ids\u0026quot; due to the dash in the key name. We must not put the array index into the quotes, though, or it won\u0026rsquo;t work. For an array slice, the syntax is [M to N] for the slice from N to M inclusive. For arrays, the keyword last is the rightmost element in the array. There are wildcards: .* are all values of a JSON object, as an array. [*] are all the values of a JSON array, as an array. ** are all paths that lead to a suffix. So, put into practice:\nmysql\u0026gt; insert into t (id, j) values (10, \u0026#39;{\u0026#34;id\u0026#34;: 10, \u0026#34;login\u0026#34;: \u0026#34;kris\u0026#34;, \u0026#34;fullname\u0026#34;: \u0026#34;Kristian \\\\\u0026#34;Isotopp\\\\\u0026#34; Köhntopp\u0026#34;, \u0026#34;equipment-ids\u0026#34;: [10, 11, 12], \u0026#34;borrowed\u0026#34;:{ \u0026#34;equipment-ids\u0026#34;: [1,2,3]}}\u0026#39;); Query OK, 1 row affected (0.01 sec) mysql\u0026gt; select json_extract(j, \u0026#39;$.fullname\u0026#39;) as f1, json_value(j, \u0026#39;$.fullname\u0026#39;) as f2 from t where id =10\\G f1: \u0026#34;Kristian \\\u0026#34;Isotopp\\\u0026#34; Köhntopp\u0026#34; f2: Kristian \u0026#34;Isotopp\u0026#34; Köhntopp 1 row in set (0.00 sec) mysql\u0026gt; select json_extract(j, \u0026#39;$.\u0026#34;equipment-ids\u0026#34;[1]\u0026#39;) as jj from t where id = 10\\G jj: 11 1 row in set (0.00 sec) mysql\u0026gt; select json_extract(j, \u0026#39;$.\u0026#34;equipment-ids\u0026#34;[1 to 2]\u0026#39;) as jj from t where id = 10\\G jj: [11, 12] 1 row in set (0.00 sec) mysql\u0026gt; select json_extract(j, \u0026#39;$.*\u0026#39;) as jj from t where id = 10\\G jj: [10, \u0026#34;kris\u0026#34;, {\u0026#34;equipment-ids\u0026#34;: [1, 2, 3]}, \u0026#34;Kristian \\\u0026#34;Isotopp\\\u0026#34; Köhntopp\u0026#34;, [10, 11, 12]] 1 row in set (0.00 sec) mysql\u0026gt; select json_extract(j, \u0026#39;$.\u0026#34;equipment-ids\u0026#34;[*]\u0026#39;) as jj from t where id = 10 \\G jj: [10, 11, 12] 1 row in set (0.00 sec) mysql\u0026gt; select json_extract(j, \u0026#39;$**.\u0026#34;equipment-ids\u0026#34;\u0026#39;) as jj from t where id =10\\G jj: [[10, 11, 12], [1, 2, 3]] 1 row in set (0.00 sec) This is cumbersome to write, so we also get colname-\u0026gt;selector as a shorthand for the JSON_EXTRACT(colname, selector) function:\nmysql\u0026gt; select j-\u0026gt;\u0026#39;$.\u0026#34;equipment-ids\u0026#34;[*]\u0026#39; as jj from t where id = 10\\G jj: [10, 11, 12] 1 row in set (0.00 sec) From JSON values to SQL values With our table from above, we are setting us up like this:\nmysql\u0026gt; truncate table t; Query OK, 0 rows affected (0.06 sec) mysql\u0026gt; insert into t (j) values (\u0026#39;{\u0026#34;user\u0026#34;: \u0026#34;kris\u0026#34;, \u0026#34;paid\u0026#34;: true, \u0026#34;home\u0026#34;: \u0026#34;/home/kris\u0026#34;}\u0026#39;); Query OK, 1 row affected (0.02 sec) mysql\u0026gt; insert into t (j) values (\u0026#39;{\u0026#34;user\u0026#34;: \u0026#34;sven\u0026#34;, \u0026#34;paid\u0026#34;: false, \u0026#34;home\u0026#34;: \u0026#34;/home/sven\u0026#34;}\u0026#39;); Query OK, 1 row affected (0.03 sec) We can ask for the payment status of all our users already, using the syntax from above:\nmysql\u0026gt; select j-\u0026gt;\u0026#34;$.user\u0026#34; as user, j-\u0026gt;\u0026#34;$.paid\u0026#34; as paid from t; +--------+-------+ | user | paid | +--------+-------+ | \u0026#34;kris\u0026#34; | true | | \u0026#34;sven\u0026#34; | false | +--------+-------+ 2 rows in set (0.00 sec) We cannot SQL SELECT all users that have paid, yet:\nmysql\u0026gt; select j-\u0026gt;\u0026#34;$.paid\u0026#34; as paid from t where j-\u0026gt;\u0026#34;$.paid\u0026#34;; +-------+ | paid | +-------+ | true | | false | +-------+ 2 rows in set, 1 warning (0.00 sec) Warning (Code 3986): Evaluating a JSON value in SQL boolean context does an implicit comparison against JSON integer 0; if this is not what you want, consider converting JSON to a SQL numeric type with JSON_VALUE RETURNING mysql\u0026gt; select j-\u0026gt;\u0026#34;$.user\u0026#34; as user, j-\u0026gt;\u0026#34;$.paid\u0026#34; as paid from t where json_value(j, \u0026#39;$.paid\u0026#39; returning signed); +--------+------+ | user | paid | +--------+------+ | \u0026#34;kris\u0026#34; | true | +--------+------+ 1 row in set (0.00 sec) The function JSON_VALUE() provides a type cast from JSON to SQL, making extracted JSON values available to SQL comparisons and conditions. Follow the link and look it up. There is no INTEGER, you have to be more specific, SIGNED or UNSIGNED, the types match the ones used in CAST(). There are also ON EMPTY and ON ERROR clauses.\nUsing JSON_VALUE() we can do the work of JSON_EXTRACT(), JSON_UNQUOTE() and CAST() in one go, and have control about handling of non-existent paths (ON EMPTY) and conversion errors (ON ERROR).\nWe could have used cast as well:\nmysql\u0026gt; select j-\u0026gt;\u0026#34;$.user\u0026#34; as user, -\u0026gt; j-\u0026gt;\u0026#34;$.paid\u0026#34; as paid, -\u0026gt; cast(j-\u0026gt;\u0026#34;$.paid\u0026#34; as signed) as casted, -\u0026gt; json_value(j, \u0026#34;$.paid\u0026#34; returning signed) as valued -\u0026gt; from t; +--------+-------+--------+--------+ | user | paid | casted | valued | +--------+-------+--------+--------+ | \u0026#34;kris\u0026#34; | true | 1 | 1 | | \u0026#34;sven\u0026#34; | false | 0 | 0 | +--------+-------+--------+--------+ 2 rows in set (0.00 sec) mysql\u0026gt; select j-\u0026gt;\u0026#34;$.user\u0026#34; as user, -\u0026gt; j-\u0026gt;\u0026#34;$.paid\u0026#34; as paid -\u0026gt; from t -\u0026gt; where cast(j-\u0026gt;\u0026#34;$.paid\u0026#34; as signed); +--------+------+ | user | paid | +--------+------+ | \u0026#34;kris\u0026#34; | true | +--------+------+ 1 row in set (0.00 sec) mysql\u0026gt; select j-\u0026gt;\u0026#34;$.user\u0026#34; as user, -\u0026gt; j-\u0026gt;\u0026#34;$.paid\u0026#34; as paid -\u0026gt; from t -\u0026gt; where json_value(j, \u0026#34;$.paid\u0026#34; returning signed); +--------+------+ | user | paid | +--------+------+ | \u0026#34;kris\u0026#34; | true | +--------+------+ 1 row in set (0.00 sec) Note that I left out the JSON_UNQUOTE() in the CAST() example, because I converted JSON BOOLEAN types to SQL SIGNED types, so no quoted strings needed handling. JSON_VALUE(col, selector RETURNING type) is actually CAST(JSON_UNQUOTE(JSON_EXTRACT(col, selector)) AS type).\nUpdating JSON values Reusing the example above, we can try to update the payment status of a user using the JSON_SET() function. Doing this, we need to be careful.\nFirst, let\u0026rsquo;s check if we can isolate the row we want to see elegantly:\nmysql\u0026gt; select j-\u0026gt;\u0026#34;$.user\u0026#34; as user, -\u0026gt; j-\u0026gt;\u0026#34;$.paid\u0026#34; as paid, -\u0026gt; json_type(j-\u0026gt;\u0026#34;$.paid\u0026#34;) as paid from t; +--------+-------+---------+ | user | paid | paid | +--------+-------+---------+ | \u0026#34;kris\u0026#34; | true | BOOLEAN | | \u0026#34;sven\u0026#34; | false | BOOLEAN | +--------+-------+---------+ 2 rows in set (0.00 sec) mysql\u0026gt; select j-\u0026gt;\u0026#34;$.user\u0026#34; as user, -\u0026gt; j-\u0026gt;\u0026#34;$.paid\u0026#34; as paid -\u0026gt; from t -\u0026gt; where j-\u0026gt;\u0026#34;$.user\u0026#34; = \u0026#34;kris\u0026#34;; +--------+------+ | user | paid | +--------+------+ | \u0026#34;kris\u0026#34; | true | +--------+------+ 1 row in set (0.00 sec) mysql\u0026gt; select j-\u0026gt;\u0026#34;$.user\u0026#34; as user, -\u0026gt; j-\u0026gt;\u0026#34;$.paid\u0026#34; as paid -\u0026gt; from t -\u0026gt; where j-\u0026gt;\u0026#34;$.user\u0026#34; = \u0026#34;KRIS\u0026#34;; Empty set (0.00 sec) We notice: while this works, it is working with JSON character sets, so it is utf8mb4 with a collation of utf8mb4_bin, hence case-sensitive comparison.\nUsing JSON_SET() we update the $.paid field of that user to false, and run into the next problem:\nmysql\u0026gt; update t -\u0026gt; set j=json_set(j, \u0026#34;$.paid\u0026#34;, \u0026#34;false\u0026#34; ) -\u0026gt; where j-\u0026gt;\u0026#34;$.user\u0026#34; = \u0026#34;kris\u0026#34;; Query OK, 1 row affected (0.01 sec) Rows matched: 1 Changed: 1 Warnings: 0 mysql\u0026gt; select * from t; +----+---------------------------------------------------------+ | id | j | +----+---------------------------------------------------------+ | 1 | {\u0026#34;home\u0026#34;: \u0026#34;/home/kris\u0026#34;, \u0026#34;paid\u0026#34;: \u0026#34;false\u0026#34;, \u0026#34;user\u0026#34;: \u0026#34;kris\u0026#34;} | | 2 | {\u0026#34;home\u0026#34;: \u0026#34;/home/sven\u0026#34;, \u0026#34;paid\u0026#34;: false, \u0026#34;user\u0026#34;: \u0026#34;sven\u0026#34;} | +----+---------------------------------------------------------+ 2 rows in set (0.00 sec) mysql\u0026gt; select j-\u0026gt;\u0026#34;$.user\u0026#34; as user, -\u0026gt; j-\u0026gt;\u0026#34;$.paid\u0026#34; as paid, -\u0026gt; json_type(j-\u0026gt;\u0026#34;$.paid\u0026#34;) as paid -\u0026gt; from t; +--------+---------+---------+ | user | paid | paid | +--------+---------+---------+ | \u0026#34;kris\u0026#34; | \u0026#34;false\u0026#34; | STRING | | \u0026#34;sven\u0026#34; | false | BOOLEAN | +--------+---------+---------+ 2 rows in set (0.00 sec) That is not what we want. But did we not insert values \u0026quot;false\u0026quot; and \u0026quot;true\u0026quot; into JSON fields earlier and got booleans?\nmysql\u0026gt; insert into t (id, j) values (3, \u0026#34;false\u0026#34;); Query OK, 1 row affected (0.00 sec) mysql\u0026gt; select id, j, json_type(j) as type from t where id = 3; +----+-------+---------+ | id | j | type | +----+-------+---------+ | 3 | false | BOOLEAN | +----+-------+---------+ 1 row in set (0.00 sec) Well, yes, but…\nFunctions in MySQL expect types, and convert to these types. JSON_SET() expects JSON, so we do it like this:\nmysql\u0026gt; update t -\u0026gt; set j=json_set(j, \u0026#34;$.paid\u0026#34;, false ) -\u0026gt; where j-\u0026gt;\u0026#34;$.user\u0026#34; = \u0026#34;kris\u0026#34;; Query OK, 1 row affected (0.01 sec) Rows matched: 1 Changed: 1 Warnings: 0 mysql\u0026gt; select id, j, json_type(j) as type from t where id = 1; +----+-------+---------+ | id | j | type | +----+-------+---------+ | 1 | false | BOOLEAN | +----+-------+---------+ 1 row in set (0.00 sec) There is JSON_REMOVE() , \u0026ldquo;Removes data from a JSON document\u0026rdquo;. There are also JSON_SET() , and friends:\nJSON_SET() replaces existing values and adds nonexistent values. JSON_INSERT() inserts values without replacing existing values. JSON_REPLACE() replaces only existing values. These are the basic tools we need to get JSON into and out of tables. We now just need to make it fast - the stuff for another article.\n","date":"2020-09-04T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/04/mysql-json-data-type.html","tags":["lang_en","mysql","mysqldev","database","erklaerbaer"],"title":"MySQL: Basic usage of the JSON data type"},{"categories":null,"content":"I had to upgrade my company issued MacBook pro to Catalina for fleet unity reasons. The upgrade left me with a folder Relocated Items in /Users/Shared/Desktop and a link to that prominently on my Desktop.\nDeleting that folder moved it to trash. Trying to empty trash then failed. That is because in that folder was several levels deep a folder or link to X11R6.\nApple considers that file outdated, which is why it ended up in Relocated Items. It also considers this file protected as a system file, so you cannot delete it.\nNot in the GUI nor on the command line, not even as root. In order to delete it you have to boot to single user mode in Recovery and do it there from the command line.\nStep by Step:\nBoot to Recovery using Cmd-R. On company systems this is likely protected. In my case I had to select my user and enter a password.\nIn Recovery, start Disk Utility, select the Mac OS Data Partition (any partition on the system disk will do) and select mount to the right on the Disk Utility menu. After that all system disk partitions will be mounted and shown no longer greyed out in the Utility.\nLeave the Utility with Cmd-Q, and from the menu at the top of the screen select Terminal.\nIn Terminal, cd /Users/\u0026lt;yourusername\u0026gt;/.Trash. A ls should show you Relocated Items.\nDelete these using rm -rf 'Relocated Items'.\nReboot using the eponymous item from the Apple Menu.\n","date":"2020-09-02T00:00:00Z","href":"https://blog.koehntopp.info/2020/09/02/macos-relocated-items.html","tags":["lang_en","apple","macos"],"title":"MacOS: Deleting Relocated Items"},{"categories":null,"content":"Ok, it\u0026rsquo;s \u0026ldquo;Dad Stories\u0026rdquo; Time (from Twitter ). When my son was somewhat older than a year, he was learning to speak. He could already say \u0026ldquo;Mama\u0026rdquo; and \u0026ldquo;Papa\u0026rdquo;.\nIt was around Christmas, and there was a candle on the table, glowing interestingly, so he wanted to touch it. \u0026ldquo;Nein, heiß\u0026rdquo; is what you would say in German.\nOf course, a toddler does not understand the meaning of \u0026ldquo;heiß\u0026rdquo;. I mean, he\u0026rsquo;s trying to imitate the sound of it, but the meaning of \u0026ldquo;heiß\u0026rdquo; is something specific. We connect an experience with the word. Something that any child can only learn by touching the candle. There is literally no other way to learn it.\nSo the only thing I could do for him was to get a wet cloth and let him touch the candle. Safely. He did. He cried. I applied the wet cloth and soothing words. And the third word he learned was \u0026ldquo;heiß\u0026rdquo;.\nKnowledge, Experience and Intuition Computer Science is a lot like this, for some reason.\nPeople know here (touches head), for example by reading the SRE book or other stuff. You can ask them, and they will repeat the key learnings from the book back to you correctly.\nBut they do not know here (touches heart), and they will still build centralized Zookeepers.\nIt requires a few outages until they know here (touches gut) how to design systems properly and what is important in design.\nSo that person over there, with the centralized Zookeeper cluster. And that person over there with the schemaless, much simpler config language . And that one yonder, with the (type, length, value) BER-like data format. I could tell you \u0026ldquo;heiß\u0026rdquo; and you would not understand.\nGo and touch that candle. It\u0026rsquo;s the only way to learn properly.\nJonathan :\nI lament that so many orgs/people/uptimes have to suffer to build the wisdom.\nI dream of a university/bootcamp of \u0026ldquo;candle touching\u0026rdquo; where learners practice scaling a service.\nAnother \u0026ldquo;Dad Story\u0026rdquo;: I once worked at a company which used to own the domain wahl.de (\u0026ldquo;election.de\u0026rdquo;). They did not do much with it, they usually gave it do apprentices to play with. Usually the apprentices built elaborate PHP based websites that did pre-election mix- and match \u0026ldquo;Find the party that matches my interests\u0026rdquo;.\nNever did the apprentices stop to consider what will happen on election day, Sunday at 6pm. Because that\u0026rsquo;s when the die is cast, so hordes of people will drop onto the site and what they want - the only thing they want - is the results, as they develop. With no amount of hardware running PHP you will be able to handle this.\nAnd that does not matter, because all you need at that time is a single static page, updated in the background, with current results.\nBut the thing is - as an apprentice, you only learn - like \u0026ldquo;touches gut really learn\u0026rdquo; - when you had that site burn down underneath you in the most critical way.\nSo we let them.\nYes, we could make it safer. Yes, we could have warned them. Yes, we could have gently steered them towards a curated, safe solution. We didn\u0026rsquo;t. It was Kobayashi Maru all the way. It was quite important to let them do it, and let them fail at it, the real thing.\nOr as a good friend phrases it :\n\u0026ldquo;Error Budget\u0026rdquo;: How much infrastructure you\u0026rsquo;re allowed to set on fire to learn the meaning of the word \u0026ldquo;heiß\u0026rdquo;. Every organization has an error budget, but most don\u0026rsquo;t plan for it.\n","date":"2020-08-31T00:00:00Z","href":"https://blog.koehntopp.info/2020/08/31/on-touching-candles.html","tags":["lang_en","devops","erklaerbaer"],"title":"On Touching Candles, And Error Budgets"},{"categories":null,"content":"Question: Hey, I got a UNIQUE INDEX, but I can store multiple rows with the same value, NULL. That is surprising. Is that a bug?\nThis is a rewrite of the same in German from 9 years ago .\nroot@localhost [kris]\u0026gt; create table t ( a integer, b integer, unique (a,b)); Query OK, 0 rows affected (0.09 sec) root@localhost [kris]\u0026gt; insert into t values (1, 2); Query OK, 1 row affected (0.01 sec) root@localhost [kris]\u0026gt; insert into t values (1, 2); ERROR 1062 (23000): Duplicate entry \u0026#39;1-2\u0026#39; for key \u0026#39;t.a\u0026#39; This does not work, as expected. But this does:\nroot@localhost [kris]\u0026gt; truncate table t; Query OK, 0 rows affected (0.16 sec) root@localhost [kris]\u0026gt; insert into t values ( 1, NULL); Query OK, 1 row affected (0.02 sec) root@localhost [kris]\u0026gt; insert into t values ( 1, NULL); Query OK, 1 row affected (0.03 sec) root@localhost [kris]\u0026gt; select * from t; +------+------+ | a | b | +------+------+ | 1 | NULL | | 1 | NULL | +------+------+ 2 rows in set (0.00 sec) Why is that?\nThis is usually where I point people at SQL for Smarties: Advanced SQL Programming . The title is partially a lie, this book is starting without assuming anything, but it goes a long, long way into SQL. Joe Celko has been serving on the SQL standards committee for a long time, and also happens to be a very good teacher and writer.\nBuy all his books, but if you are going to buy only one, choose this one.\nHandling NULL properly NULL values do not behave like False, and not like True. They also do not behave like undef, nil or None in the programming language of your choice.\nThey also do not behave completely consistently. You need to learn the cases and actively look out for them. I am sorry, but SQL is 40+ years old, and sometimes it shows.\nBecause of all this, we discourage NULL in schema definitions. When you want NULL values (or get them without wanting them, for example in a LEFT JOIN), you need to be able to tell their story. That is, you are expected to explain what they mean, and if that is not exactly one thing, you are looking at a problem. You are also expected to handle them.\nLet’s have a look.\nCounting NULL In count(), a NULL value does not count. Except when it does. The one case where it does is the count(*), which is different from a count(colname).\nroot@localhost [kris]\u0026gt; select * from t; +------+------+ | a | b | +------+------+ | 1 | NULL | | 2 | 2 | | 3 | 3 | | 4 | NULL | +------+------+ 4 rows in set (0.00 sec) root@localhost [kris]\u0026gt; select count(*) as count_star, count(b) as count_b, count(coalesce(b, 0)) as coalesced from t; +------------+---------+-----------+ | count_star | count_b | coalesced | +------------+---------+-----------+ | 4 | 2 | 4 | +------------+---------+-----------+ 1 row in set (0.00 sec) We have a table with four rows. We can count(*), and the result is 4. We can also count(a), and that is still 4. When we count(b), that’s 2.\nThere is a handy little variadic function called coalesce(). It is variadic, which means it takes one or more parameters. It returns the leftmost parameter that is not NULL. So you can coalesce(delivery_address, billing_address, “Address unknown”) and that works.\nThat’s a lot easier to read than a set of nested IFNULL(). You almost never need IFNULL(), you want COALESCE().\nThe Math of NULL In comparisons, NULL behaves like this:\nroot@localhost [kris]\u0026gt; select 0=0, 1=1, 0=1, NULL=0, NULL=1, NULL=NULL; +-----+-----+-----+--------+--------+-----------+ | 0=0 | 1=1 | 0=1 | NULL=0 | NULL=1 | NULL=NULL | +-----+-----+-----+--------+--------+-----------+ | 1 | 1 | 0 | NULL | NULL | NULL | +-----+-----+-----+--------+--------+-----------+ 1 row in set (0.00 sec) “But I know that!” Yes, but are you aware of the consequences?\nThere are three outcomes of a comparison involving NULL values. Not two.\nWatch this:\nroot@localhost [kris]\u0026gt; select * from t; +------+------+ | a | b | +------+------+ | 1 | NULL | | 2 | 2 | | 3 | 3 | | 4 | NULL | +------+------+ 4 rows in set (0.00 sec) root@localhost [kris]\u0026gt; select * from t where b=2 -\u0026gt; UNION ALL -\u0026gt; select * from t where b \u0026lt;\u0026gt; 2; +------+------+ | a | b | +------+------+ | 2 | 2 | | 3 | 3 | +------+------+ 2 rows in set (0.00 sec) root@localhost [kris]\u0026gt; select * from t where b=2 -\u0026gt; UNION ALL -\u0026gt; select * from t where b \u0026lt;\u0026gt; 2 -\u0026gt; UNION ALL -\u0026gt; select * from t where b IS NULL; +------+------+ | a | b | +------+------+ | 2 | 2 | | 3 | 3 | | 1 | NULL | | 4 | NULL | +------+------+ 4 rows in set (0.00 sec) The UNION ALL of a predicate and the negated predicate does not yield the full table in the presence of NULL values.\n“Hey, IS NULL?” Yes, see the logic table above. Anything equals NULL is always NULL, which is not true. So we need a special comparison operator, IS NULL (and IS NOT NULL).\nroot@localhost [kris]\u0026gt; select * from t where b = NULL; Empty set (0.00 sec) root@localhost [kris]\u0026gt; select * from t where b IS NULL; +------+------+ | a | b | +------+------+ | 1 | NULL | | 4 | NULL | +------+------+ 2 rows in set (0.00 sec) You can now pause this article and grep your SQL for “= NULL”. I will wait for you to return.\nThis particular case is also why the UNIQUE INDEX from above can have multiple NULL rows: The database checks with equality (=) for the presence of the row, and if not True, it will admit the row. (1, NULL) = (1, NULL) will return NULL, which is not True, so the row is admitted a second time.\nThat NULL outcome is not limited to equality. Any comparison of anything to NULL is NULL, which is a third value that is not True nor False.\nroot@localhost [kris]\u0026gt; select NULL=NULL, NULL\u0026lt;\u0026gt;NULL, 1=NULL, 1\u0026lt;\u0026gt;NULL, 0=NULL, 0\u0026lt;\u0026gt;NULL; +-----------+------------+--------+---------+--------+---------+ | NULL=NULL | NULL\u0026lt;\u0026gt;NULL | 1=NULL | 1\u0026lt;\u0026gt;NULL | 0=NULL | 0\u0026lt;\u0026gt;NULL | +-----------+------------+--------+---------+--------+---------+ | NULL | NULL | NULL | NULL | NULL | NULL | +-----------+------------+--------+---------+--------+---------+ 1 row in set (0.00 sec) NULL and Functions Perl people know undef and see\nKK:~ kris$ perl -e \u0026#39;$a = undef; print \u0026#34;keks${a}keks\\n\u0026#34;;\u0026#39; kekskeks To them, SQL says \u0026ldquo;no cookie\u0026rdquo;:\nroot@localhost [kris]\u0026gt; select concat(\u0026#39;keks\u0026#39;, \u0026#39;keks\u0026#39;) as double_cookie, concat(\u0026#39;keks\u0026#39;,NULL,\u0026#39;keks\u0026#39;) as no_cookie; +---------------+-----------+ | double_cookie | no_cookie | +---------------+-----------+ | kekskeks | NULL | +---------------+-----------+ 1 row in set (0.00 sec) And the same is true in math:\nKK:~ kris$ perl -e \u0026#39;$a = undef; print 10+$a,\u0026#34;\\n\u0026#34;;\u0026#39; 10 but SQL does\nroot@localhost [kris]\u0026gt; select 10+0, 10+NULL; +------+---------+ | 10+0 | 10+NULL | +------+---------+ | 10 | NULL | +------+---------+ 1 row in set (0.00 sec) NULL in aggregates “So NULL is Antimatter that destroys anything it comes into contact with?” Not exactly. We already know that in count(colname) it is skipped. That is also true in other aggregates (with the special case of count(*)).\nroot@localhost [kris]\u0026gt; select count(b), sum(b), min(b), max(b), group_concat(b) from t; +----------+--------+--------+--------+-----------------+ | count(b) | sum(b) | min(b) | max(b) | group_concat(b) | +----------+--------+--------+--------+-----------------+ | 2 | 5 | 2 | 3 | 2,3 | +----------+--------+--------+--------+-----------------+ 1 row in set (0.00 sec) That is a good thing, because AVG(b) is defined as SUM(b)/COUNT(b), 5/2 = 2.5. Go check it yourself.\nAnd be careful what you count and why:\nroot@localhost [kris]\u0026gt; select b, count(b), count(*) from t group by b; +------+----------+----------+ | b | count(b) | count(*) | +------+----------+----------+ | NULL | 0 | 2 | | 2 | 1 | 1 | | 3 | 1 | 1 | +------+----------+----------+ 3 rows in set (0.00 sec) “But did you not say NULL values compare differently from each other? Why is there only one NULL pile in this GROUP BY?” I did not say that. I did say that NULL compares to anything as NULL, and it depends on what you do with this third result.\nTurns out, GROUP BY does this.\nHandling NULL So you now know that you cannot use normal predicates (=, \u0026gt;=, \u0026lt;=, \u0026lt;\u0026gt;) with NULL. We have specific NULL predicates and functions: ISNULL() as a predicate (true for NULL), IS NULL as an operator, and the IFNULL() conditional, and COALESCE() function I already pointed out above.\nThere is also the MySQL specific spaceship operator \u0026lt;=\u0026gt;, which normalizes NULL. It’s not standard SQL, be considerate in using it.\nroot@localhost [kris]\u0026gt; select NULL\u0026lt;=\u0026gt;NULL, NULL\u0026lt;=\u0026gt;0, NULL\u0026lt;=\u0026gt;1, 0\u0026lt;=\u0026gt;0, 1\u0026lt;=\u0026gt;1, 0\u0026lt;=\u0026gt;1; +-------------+----------+----------+-------+-------+-------+ | NULL\u0026lt;=\u0026gt;NULL | NULL\u0026lt;=\u0026gt;0 | NULL\u0026lt;=\u0026gt;1 | 0\u0026lt;=\u0026gt;0 | 1\u0026lt;=\u0026gt;1 | 0\u0026lt;=\u0026gt;1 | +-------------+----------+----------+-------+-------+-------+ | 1 | 0 | 0 | 1 | 1 | 0 | +-------------+----------+----------+-------+-------+-------+ 1 row in set (0.00 sec) and\nroot@localhost [kris]\u0026gt; select * from t; +------+------+ | a | b | +------+------+ | 1 | NULL | | 2 | 2 | | 3 | 3 | | 4 | NULL | +------+------+ 4 rows in set (0.00 sec) root@localhost [kris]\u0026gt; select * from t as a join t as b on a.b = b.b; +------+------+------+------+ | a | b | a | b | +------+------+------+------+ | 2 | 2 | 2 | 2 | | 3 | 3 | 3 | 3 | +------+------+------+------+ 2 rows in set (0.00 sec) root@localhost [kris]\u0026gt; select * from t as a join t as b on a.b \u0026lt;=\u0026gt; b.b; +------+------+------+------+ | a | b | a | b | +------+------+------+------+ | 4 | NULL | 1 | NULL | | 1 | NULL | 1 | NULL | | 2 | 2 | 2 | 2 | | 3 | 3 | 3 | 3 | | 4 | NULL | 4 | NULL | | 1 | NULL | 4 | NULL | +------+------+------+------+ 6 rows in set (0.00 sec) TL;DR Do not define tables with nullable columns. You are not prepared to handle them. UNIQUE indexes on nullable columns aren\u0026rsquo;t. When having nullable columns, or producing nullable columns in the right-hand side of a LEFT JOIN, wrap the results in a COALESCE(). Know your NULL math, operators and functions. And most importantly:\nNULL is NULL, it is not false, true, undef, nil or None. ","date":"2020-08-25T00:00:00Z","href":"https://blog.koehntopp.info/2020/08/25/null-is-null.html","tags":["database","erklaerbaer","mysql","mysqldev","sql","lang_en"],"title":"MySQL: NULL is NULL"},{"categories":null,"content":"For reasons that don\u0026rsquo;t need exploring at this juncture I tweeted Once upon a time there were shared boxes, on which the local Unix easily had 200-300 users, Junior Developers at a University.\nA /tmp/ls found easily 3-4 people per day that had . (dot) in their path.\nNo particular reason. Why?\nand followed up with\nHope is not a strategy.\nNeither is curl stackoverflow | sudo bash.\n/tmp/ls I was asked to explain: \u0026ldquo;What is /tmp/ls?\u0026rdquo;.\n/tmp/ls is a shell script installed as executable in /tmp/ls. If you have . (dot, the current directory) early in your path, it shadows the command /bin/ls, which you use to list the current directory.\nSo when you cd /tmp and then ls you are executing my script instead of the actual /bin/ls command. You are now inadvertently running my code under your permissions. When I finish my script with exec /bin/ls \u0026quot;$@\u0026quot; you won\u0026rsquo;t even notice, because it will run the normal /bin/ls command at the end.\nThe mistake is to have any directory in your path that can contain code controlled by another person besides you and root. That is, a world-writeable /usr/local/bin in - say - an AIX install would amount to the same exposure (A lot of old Unices such as AIX, HP/UX and SGI would ship with world writeable directories of one kind or the other by default).\nThe 777 root cron The same scenario is a script globally installed on all Macs by JAMF, running through cron as root every minute. The same JAMF sets the enclosing directory to 777 (full access for everybody). Due to how permissions work in Unix, this allows anybody to remove, rename or replace the script itself, no matter what the script permissions are.\nIt is instant root for anybody who cares: You replace the script with your own content, wait a minute for the cron to hit it, and put the original script back. Or not, depending on how you feel that day.\nThe remarkable part of this particular incident is that none of the multitude of endpoint security products also installed by the same JAMF detected or quarantined this script. So much for that.\nThe world writeable fileshare Other fun things that should not have happened: A university of applied science exported their AIX home directories by NFS, world-writeable, once. That is, for several years, their site was a well known Shell-o-matic.\nWhy is this bad?\nAnybody who mounted this on their own machine could create a user account with a matching UID, go into the mounted user home and drop a .rlogin file of appropriate content (The .rlogin reference should tell you how old that is).\nThe fun part is that the university in question eventually migrated to Solaris, and that included all the\u0026hellip; interesting configuration.\nApparently SMB fileshares can serve the same purpose. Also, Windows always has . (dot) in the front of the path, implicitly.\nExternal storage A lot of people have world-readable backup devices such as a 644 /dev/rmt. If the backup tape from last night is left in that drive it does not matter much what the permissions on the original files are.\nYou can read the files from backup, and restore them with any permission you like.\nThis makes me sad For some reasons each of these things, all of which are from personal experience up to 25 years ago, still happen today.\nThat is why ops people wear black. Now you know.\n","date":"2020-08-19T00:00:00Z","href":"https://blog.koehntopp.info/2020/08/19/why-do-ops-and-sec-people-wear-black.html","tags":["lang_en","security","unix"],"title":"Why do Ops and Sec people wear black"},{"categories":null,"content":"This is the updated and english version of some older posts of mine in German. It is likely still incomplete, and will need information added to match current MySQL, but hopefully it is already useful.\nOld source articles in German: 1 , 2 and 3 .\nSome vocabulary Symbol, Font, Encoding and Collation - what do they even mean?\nA character set is a collection of symbols that belong together. That is a completely abstract thing, and also almost useless. The only thing you can do with a character set is decide if a specific symbol is legal within a context or not. And, if it is legal, what position the symbol in the character set has (the code point).\nTo be able to print symbols they need a shape, which is defined in a Font. For example is this here: \u0026ldquo;ö\u0026rdquo; a letter \u0026ldquo;ö\u0026rdquo; in Arial, and \u0026ldquo;ö\u0026rdquo; the same thing in a different font, Times New Roman.\nTo be able to use symbols with computers they need a binary representation of their code point, an encoding. In my Terminal we are using utf8. The Text \u0026ldquo;Köhntopp\u0026rdquo; is being represented as the byte sequence 4b c3 b6 68 6e 74 6f 70 70. LATIN SMALL LETTER O WITH DIARESIS has the code point 0x00F6, which is being represented as C3 B6 in utf8 encoding.\n$ echo Köhntopp | hexdump -C 00000000 4b c3 b6 68 6e 74 6f 70 70 0a |K..hntopp.| 0000000a If I change the terminal settings to use ISO-8859-1 (\u0026ldquo;Latin1\u0026rdquo;) instead, the same text is being encoded differently - 4b f6 68 6e 74 6f 70 70. The ö is now F6.\n$ echo Köhntopp | hexdump -C 00000000 4b f6 68 6e 74 6f 70 70 0a |K.hntopp.| 00000009 If you have two character sequences and want to compare or sort them, you need a set of comparison and ordering rules, a collation. You can think of a collation as a canonical representation of an encoding for comparison and sorting.\nFor example, the collation latin1_german1_ci represents \u0026ldquo;Köhntopp\u0026rdquo; internally as \u0026ldquo;kohntopp\u0026rdquo; and uses this internal representation to compare it to other strings or sort it. But in storage we always find the original string, \u0026ldquo;Köhntopp\u0026rdquo;.\nThere is a second german language collation, latin1_german2_ci, which internally writes \u0026ldquo;Köhntopp\u0026rdquo; as \u0026ldquo;koehntopp\u0026rdquo; to compare and sort - but it will also save the same \u0026ldquo;Köhntopp\u0026rdquo; to disk.\nThe variants of Unicode and Unicode encoding ASCII was a 7bit character set of 128 characters from 0 to 127. It works with english, but with almost no other writing systems in the world.\nA set of 8 bit character sets were defined in ISO-8859, among them ISO-8859-1 (\u0026ldquo;latin1\u0026rdquo;), later slightly revised to ISO-8859-15 (modified to contain, among other things, the Euro sign). The code points that exist in both ISO-8859-1 and ASCII are identical, ISO-8859-1 is a full superset of ASCII.\nISO-8859 also contained other character sets for Cyrillic, Arabic, Greek, Hebrew and other languages, but because of the limitation to 8 bits, it was not possible to easily write text that switches between languages.\nNote: The character set called latin1 in MySQL is actually Windows CP1252, which is a superset of iso-8859-1. See this article for details.\nUnicode\u0026rsquo;s development started in 1991 as a 16 bit character set, and it was assumed that this is sufficient to hold all characters from all possible writing systems. Unicode was design as a superset of ISO-8859-1, so codepoints that exist in both character sets are identical.\nIn 1996, it became clear that a set of 65536 characters was not sufficient, and Unicode 2.0 was fitted with an extension mechanism to allow more than 65536 symbols. Again, this extension is a true superset of original Unicode.\nAs of March 2020, Unicode 13.0 contains some 140k characters from 154 writing systems. The definition of Unicode 13.0 currently allows for 1.112064 possible characters. Some code points in the lower 65536 characters are reserved to encode surrogate pairs, basically extension characters for the original 16 bit character set, resulting in a weird number for the total possible characters.\n16 Bit Unicode can be stored as UCS2 (what Windows NT used to use) - a fixed length encoding, which instead of 8 bit characters now uses 16 bit characters. When writing western languages, every other byte in text is 0.\nUTF-16 extends UCS2 and uses variable length encoding of 2 bytes or 4 bytes to allow representation of all unicode characters, even those beyond the initial 65536 characters.\nUnix systems tend to use UTF-8 (utf8), a variable length encoding in which Unicode characters are 1-3 bytes in length (for the initial 65536 characters of Unicode 1.0), or 1-4 bytes in length (for full unicode).\nMySQL Server Terms MySQL names an encoding a \u0026ldquo;CHARACTER SET\u0026rdquo; or \u0026ldquo;CHARSET\u0026rdquo;. The charsets available in the server can be listed with SHOW CHARSET, or by searching through INFORMATION_SCHEMA.CHARACTER_SETS. In both cases, looking at the Maxlen column will tell you how long a symbols encoding in bytes can become in the worst case.\nConversely, SHOW COLLATION (and INFORMATION_SCHEMA.COLLATIONS) will show you the collations the server knows about. Collations are not things that can be used standalone, they always belong to charsets. So INFORMATION_SCHEMA.COLLATION_CHARACTER_SET_APPLICABILITY tells you which collation can be used with which character set (or you SHOW COLLATION WHERE Charset = \u0026quot;...\u0026quot;).\nMySQL objects with a character set and collation The only storage thing in MySQL that has a character set and a collation is a column. Columns that store text (VARCHAR, all TEXT types, textual enum and JSON objects) have a character set and a collation. In JSON it is fixed by the standard, for the others we can set it. Other things such as tables, databases and servers provide a hierarchy of defaults.\nThe other thing in MySQL that has a character set and a collation is the connection. For the purpose of our discussion the connection represents the character set that your terminal or application uses in the server. So when you tell the server with SET NAMES what you are using, the server believes you.\nMySQL converts, if possible, between connection and column. So when you send a string in utf8 through your connection that ends up being stored in a latin1 column, MySQL will turn that 0xc3b6 in the connection into a 0xf6 on disk. On read, it will do the opposite, if necessary and possible.\nMySQL also converts if you convert columns. So if you ALTER TABLE t MODIFY COLUMN c VARCHAR(80) CHARSET utf8 and that was previously a latin1 column, MySQL will take the 0xf6es and turn them into 0xc3b6es instead. All of that is automatic, safe and lossless, if possible. There are warnings and errors if not.\nBut let\u0026rsquo;s look at the details, step by step.\nSetting charset and collation on a column Every string in MySQL is labeled with a charset and a collation. For database objects that happens at the column level: A column with CHAR, VARCHAR, or any TEXT type always has a charset and a collation. The same can be true for an ENUM type that contains strings.\nIf you define these without specifying, the column will inherit the table defaults. If you specify no table default, the table will inherit the database default, which in turn inherits from the server default, which is defined in the my.cnf:\n[mysqld] default-character-set=utf8mb4 default-collation=utf8_0900_ai_ci Or you set them at the database level:\nmysql\u0026gt; show create database kris\\G Database: kris Create Database: CREATE DATABASE `kris` /*!40100 DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci */ /*!80016 DEFAULT ENCRYPTION=\u0026#39;N\u0026#39; */ 1 row in set (0.01 sec) Or at the table level:\nmysql\u0026gt; show create table chset\\G Table: chset Create Table: CREATE TABLE `chset` ( `id` int unsigned NOT NULL AUTO_INCREMENT, `c` char(20) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL, `d` varchar(20) CHARACTER SET cp850 COLLATE cp850_general_ci DEFAULT NULL, `t` text CHARACTER SET latin1 COLLATE latin1_german1_ci, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci 1 row in set (0.00 sec) String Literals A string literal in MySQL is written in double quotes, \u0026ldquo;a string literal\u0026rdquo;. When nothing else is specified, the connections\u0026rsquo; character set and collation are being used.\nAn identifier in MySQL is written as a bare word tablename or written in backticks `weird tablename`. When written in backticks, the identifier can contain any utf8 unicode character (unfortunately, not utf8mb4 character, so you have to constrain yourself to the BMP). Don\u0026rsquo;t do this in production, though.\nmysql\u0026gt; create table `❤` ( `✔` serial ) ; Query OK, 0 rows affected (0.07 sec) mysql\u0026gt; insert into `❤` values (1); Query OK, 1 row affected (0.02 sec) mysql\u0026gt; select * from `❤`; +-----+ | ✔ | +-----+ | 1 | +-----+ 1 row in set (0.00 sec) If you check, the table is stored with the filename @2764.ibd on disk.\nThe full notation for a string literal is _charsetname \u0026quot;string\u0026quot; COLLATE collationname. The _charsetname thing is called an introducer and tells the parser what character set label to put on the string that follows. It does not convert, the CONVERT() function would do that.\nA string literal can also be written as X'hexcode', so this works:\nmysql\u0026gt; select _latin1 X\u0026#39;F6\u0026#39; as umlaut; +--------+ | umlaut | +--------+ | ö | +--------+ 1 row in set (0.00 sec) This creates a string literal from the hex code 0xF6 and labels it as latin1. The statement is then run, produces an Umlaut, and this Umlaut is then emitted as a result table. Because the connection is set to utf8, the Umlaut is converted to utf8, yields C3 B6 and that is sent to the terminal, where it renders correctly.\nThis is the automatic conversion at work, that I spoke about earlier.\nWhen we leave the label off, the conversion does not work. When we lie, the result is invalid and rejected:\nmysql\u0026gt; select X\u0026#39;F6\u0026#39; as umlaut; +----------------+ | umlaut | +----------------+ | 0xF6 | +----------------+ 1 row in set (0.00 sec) mysql\u0026gt; select _utf8 X\u0026#39;F6\u0026#39; as umlaut; ERROR 1300 (HY000): Invalid utf8 character string: \u0026#39;F6\u0026#39; Charset on a connection The other thing that has a character set is the connection from the client to the database server. That is required, because when you type for example \u0026ldquo;ö\u0026rdquo; into an utf8 terminal to send it to kris.chset, column t as defined above, it has to be converted from utf8 (C3B6) to latin1 (F6), because the column t is defined with a charset of latin1.\nMySQL does that automatically for you, if a conversion exists: You sent an utf8 c3b6, MySQL detects the column defined as latin1, and tries to convert, yielding f6, which is then stored.\nHow do you tell MySQL what charset the connection uses?\nYou can set a default with default-character-set and default-encoding in the [mysql] section of your my.cnf to tell MySQL what character set your terminal uses, or use the command SET NAMES to change it on the fly.\nIf I am setting up my terminal to send utf8, and SET NAMES utf8, these things match and all will be well and converted correctly, if at all possible.\nI can check, using the HEX() function to see the actual bytes:\nroot@localhost [kris]\u0026gt; set names utf8; Query OK, 0 rows affected (0.00 sec) root@localhost [kris]\u0026gt; select hex(\u0026#34;ö\u0026#34;); +-----------+ | hex(\u0026#34;ö\u0026#34;) | +-----------+ | C3B6 | +-----------+ 1 row in set (0.00 sec) Switching my terminal to latin1, and then telling the database about this with SET NAMES latin1, I get:\nroot@localhost [kris]\u0026gt; set names latin1; Query OK, 0 rows affected (0.00 sec) root@localhost [kris]\u0026gt; select hex(\u0026#34;ö\u0026#34;); +----------+ | hex(\u0026#34;ö\u0026#34;) | +----------+ | F6 | +----------+ 1 row in set (0.00 sec) So this actually works.\nMySQL converts automatically Now, let\u0026rsquo;s use an utf8-Client to store data into a column into kris.chset.t, which is latin1. What will happen?\nMySQL converts this automatically and we can show this.\nroot@localhost [kris]\u0026gt; set names utf8; Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; insert into kris.chset (id, t) values ( 1, \u0026#34;ö\u0026#34;); Query OK, 1 row affected (0.02 sec) mysql\u0026gt; select hex(\u0026#34;ö\u0026#34;), hex(t), t from kris.chset where id = 1; +-----------+--------+------+ | hex(\u0026#34;ö\u0026#34;) | hex(t) | t | +-----------+--------+------+ | C3B6 | F6 | ö | +-----------+--------+------+ 1 row in set (0.00 sec) I am sending SET NAMES utf8 and I am inserting a row id=1 into the table kris.chset (see above for the definition, which has the charset latin1).\nSelecting the value back, I see the hex code for an actual \u0026ldquo;ö\u0026rdquo;, C3B6, utf8, so I know my terminal sends utf8.\nI also see the hex code stored in the table, F6, by selecting the column value from t, wrapped in the HEX() function.\nAnd on reading that back, I am still getting an \u0026ldquo;ö\u0026rdquo;. That proves the database sent me a C3B6, converting back from the storage character set to the terminal character set, as declared with SET NAMES.\nSo as long as I am not lying to the database about what my connection sends, values should be transparently converted back and forth if at all possible.\nCONVERT(), LENGTH() and CHAR_LENGTH() functions Normally you will never need this, but it is possible to change the character set of a column or string literal explicitly using the convert( ... using ... ) function:\nmysql\u0026gt; select hex(\u0026#34;ö\u0026#34;); +-----------+ | hex(\u0026#34;ö\u0026#34;) | +-----------+ | C3B6 | +-----------+ 1 row in set (0.00 sec) mysql\u0026gt; select hex(convert(\u0026#34;Köhntopp\u0026#34; using latin1)) as example; +------------------+ | example | +------------------+ | 4BF6686E746F7070 | +------------------+ 1 row in set (0.00 sec) After validating that my umlaut is indeed sent as C3B6, I am using a string with an Umlaut as an input to CONVERT( ... USING ... ). I am converting to latin1, and as you can see, I am indeed getting an F6 as the second byte.\nThere are other encodings of unicode, too. Windows systems for example often use ucs2 instead of utf8. That is, each symbol is stored as a 16 bit code:\nmysql\u0026gt; select hex(convert(\u0026#34;Köhntopp\u0026#34; using ucs2)) as example; +----------------------------------+ | example | +----------------------------------+ | 004B00F60068006E0074006F00700070 | +----------------------------------+ 1 row in set (0.00 sec) My Umlaut ends up being 00f6 on disk.\nThe points to take away from this: Some character sets have fixed length codes for letters. In latin1, each letter takes the fixed amount of one byte. In ucs2, each letter takes the fixed amount of 2 bytes.\nOther character set have variable length encodings. In utf8, each letter can be between 1 and 3 bytes long. Later Unicode extensions define a larger character set, and utf32 stores them in a fixed set of 4 byte characters (3 of them 0 for the latin1 subset), while utf8mb4 stores them in 1 to 4 bytes, depending on the symbol.\nDepending on what we want to know we have to ask differently:\nmysql\u0026gt; select length(\u0026#34;Köhntopp\u0026#34;) as len, char_length(\u0026#34;Köhntopp\u0026#34;) as clen; +-----+------+ | len | clen | +-----+------+ | 9 | 8 | +-----+------+ 1 row in set (0.00 sec) mysql\u0026gt; select length(convert(\u0026#34;Köhntopp\u0026#34; using ucs2)) as len, char_length(convert(\u0026#34;Köhntopp\u0026#34; using ucs2)) as clen; +------+------+ | len | clen | +------+------+ | 16 | 8 | +------+------+ 1 row in set (0.00 sec) The function LENGTH() gives us the length of a symbol or string in bytes, which is dependent on the character set encoding used. The function CHAR_LENGTH() gives us the length of the symbol or string in symbols, which is fixed and independent of the character set encoding.\nIt is important to use the right function depending on what you want to know.\nThe default character set in MySQL you should be using is utf8mb4.\nComparison and Sorting When MySQL originally gained character set support, this was done by implementing a comparison function. The same function was used for sorting and comparison. So when \u0026ldquo;Köhntopp\u0026rdquo; sorts as \u0026ldquo;kohntopp\u0026rdquo; in the latin1_german1_ci collation, it also means that searching for \u0026ldquo;Köhntopp\u0026rdquo; will find \u0026ldquo;Köhntopp\u0026rdquo; as well as \u0026ldquo;kohntopp\u0026rdquo;, because to the comparison function they are the same string.\nmysql\u0026gt; show create table t \\G Table: t Create Table: CREATE TABLE `t` ( `id` bigint unsigned NOT NULL AUTO_INCREMENT, `d` varchar(20) CHARACTER SET latin1 COLLATE latin1_german1_ci DEFAULT NULL, UNIQUE KEY `id` (`id`) ) 1 row in set (0.00 sec) mysql\u0026gt; select * from t; +----+-----------+ | id | d | +----+-----------+ | 1 | Köhntopp | | 2 | kohntopp | +----+-----------+ 2 rows in set (0.00 sec) mysql\u0026gt; select * from t where d = \u0026#34;Köhntopp\u0026#34;; +----+-----------+ | id | d | +----+-----------+ | 1 | Köhntopp | | 2 | kohntopp | +----+-----------+ 2 rows in set (0.00 sec) This was not exactly what most people expected, so in MySQL 8 things are a bit more differentiated when using utf8mb4. From the manual :\n| Suffix | Meaning | +\u0026mdash;\u0026mdash;\u0026ndash;+\u0026mdash;\u0026mdash;\u0026mdash;+ | _ai | Accent-insensitive | | _as | Accent-sensitive | | _ci | Case-insensitive | | _cs | Case-sensitive | | _ks | Kana-sensitive | | _bin | Binary |\n\u0026ldquo;Kana-sensitive\u0026rdquo; collations distinguish Hiragana characters from Katakana characters in Japanese.\nThe collation you want with utf8mb4 is utf8mb4_0900_ai_ci (and replace ai and ci as necessary). The 0900 part is a reference to UCA 9.0.0 , the current Unicode Comparison Algorithm. MySQL also supports UCA 5.2.0 (utf8mb4_520_ci) and 4.0.0 (utf8mb4_unicode_ci), but these have no ai/as variants.\nUCA 9.0.0 solves the Köhntopp/koehntopp problem by defining different functions for searching things (testing for equality) and ordering (testing for smaller than).\nWhy utf8mb4, and not simply utf8? MySQL gained character set support with the MySQL 4.1 series of server releases in 2003. At that time, in MySQL utf8 was a character set with room for 65536 (2^16) code points, and the UCS2 encoding (for 16 bit fixed width characters used in Windows) plus the UTF8 encoding (for variable length characters of 1-3 bytes in length).\nMySQL at that point in time changed character sets and collations several times, as bugs were detected and fixed.\nThis created a lot of problems: In databases, an Index is created by extracting the indexed column from a table, sorting it, and storing it next to the table in sorted order with pointers to the original rows. An index is, in short, a materialized order for the indexed column, in order to speed searches.\nNow if you change the character set or the order of symbols in the character set by fixing the collation, the materialized order of the index differs from newly fixed and redefined order to the fixed collation. When upgrading to the changed server version the index needs to be dropped and recreated - which for large databases with many indexes on large tables can take a very, very long time.\nIf you do not do this, a query such as\nmysql\u0026gt; SELECT * FROM t WHERE d = \u0026#34;kohntopp\u0026#34;; may find different results depending on the optimizer using an index (pre-update rules apply until the index is recreated) or not using an index (post-update rules apply immediately). This is unpredictable, and hence bad behavior.\nIt was decided that MySQL will, in order to simplify updates, never do this ever again.\nInstead, fixes and changes will be publicised under new names so that changes could be made at will and a pace set by the user by ALTER TABLEing the index definitions from the old collation name to the new name.\nHence, we have utf8 (the 16-bit character set) and utf8mb4 (the larger than 16 bit character set) that was defined later. And we have even collations referring to different UCA rules for collating utf8mb4 in order to allow controlled migration to newer, better comparison rules.\nThe same is true for Timezones: MySQL does not use operating system sort and comparison rules as offered in the glibc functions, but brings its own, and it also does not use Timezone functions and rules as offered by glibc, but again uses its own.\nThat provides stable and controlled migration that is also independent of operating system updates - the same comparison and index rules exist independently of glibc updates, and on Linux, macOS and Windows. This also keeps binary data files portable and upgradable across operating systems and database versions.\nCompare that for example to Postgres, which uses glibc functions for string comparison, sorting and for timezone conversions. In Postgres, you have to be aware of operating system updates that affect sorting, comparison or timezones, and you have to recreate indexes every time you make changes to these operating system functions. Noticing glibc updates that affect the function of the database on a system with security auto-updates can be very hard.\nFixing broken data Sometimes data ends up inside the database, converted from latin1 to utf8 by an application and then again by the database. This can only happen when the declared character set of the connection (SET NAMES) and the data sent to not match.\nFor example, if you define a table with a VARCHAR column in latin1, and set the connection to latin1, but then send actual utf8 data to the table, you are not triggering a conversion (connection and column have the same character set), but the data is not valid latin1.\nmysql\u0026gt; create table t ( id serial, d varchar(20) charset latin1 ); Query OK, 0 rows affected (0.08 sec) mysql\u0026gt; set names latin1; -- we will be sending utf8 Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; insert into t ( id, d ) values ( 1, \u0026#34;Köhntopp\u0026#34;); -- this is utf8 Query OK, 1 row affected (0.01 sec) mysql\u0026gt; select hex(d) from t where id = 1; -- stored c3b6, should be f6 +--------------------+ | hex(d) | +--------------------+ | 4BC3B6686E746F7070 | +--------------------+ 1 row in set (0.00 sec) mysql\u0026gt; set names utf8; Query OK, 0 rows affected, 1 warning (0.00 sec) mysql\u0026gt; select * from t; -- output broken +----+-------------+ | id | d | +----+-------------+ | 1 | Köhntopp | +----+-------------+ 1 row in set (0.00 sec) If we were to convert the column to utf8, the data would als be converted. But since it already is c3b6, this must not happen. So this does not work:\nmysql\u0026gt; select hex(d) from t; +--------------------+ | hex(d) | +--------------------+ | 4BC3B6686E746F7070 | +--------------------+ 1 row in set (0.00 sec) mysql\u0026gt; alter table t modify column d varchar(20) charset utf8; Query OK, 1 row affected, 1 warning (0.19 sec) Records: 1 Duplicates: 0 Warnings: 1 mysql\u0026gt; select hex(d) from t; -- broken utf8 +------------------------+ | hex(d) | +------------------------+ | 4BC383C2B6686E746F7070 | +------------------------+ 1 row in set (0.00 sec) The correct solution converts in two steps:\nConvert to a VARBINARY. This keeps the binary data, but removes all charset labels, without conversion. Convert to the target VARCHAR with the target CHARSET. This applies the charset label without conversion. mysql\u0026gt; select hex(d) from t; -- column latin1, data utf8 +--------------------+ | hex(d) | +--------------------+ | 4BC3B6686E746F7070 | +--------------------+ 1 row in set (0.00 sec) mysql\u0026gt; alter table t modify column d varbinary(20); -- convert to binary, keep data Query OK, 0 rows affected (0.02 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql\u0026gt; alter table t modify column d varchar(20) charset utf8; -- convert to utf8, keep data Query OK, 1 row affected, 1 warning (0.15 sec) Records: 1 Duplicates: 0 Warnings: 1 mysql\u0026gt; select d, hex(d) from t; -- all works now +-----------+--------------------+ | d | hex(d) | +-----------+--------------------+ | Köhntopp | 4BC3B6686E746F7070 | +-----------+--------------------+ 1 row in set (0.01 sec) ","date":"2020-08-18T00:00:00Z","href":"https://blog.koehntopp.info/2020/08/18/mysql-character-sets.html","tags":["lang_en","mysql","mysqldev","database","erklaerbaer"],"title":"MySQL: Some Character Set Basics"},{"categories":null,"content":"Melissa and Chris Bruntlett have been living in Vancouver close to the station, and decided to do as many daily runs as possible without a car, using public transport or bikes. In late 2015, early 2016 they did an extended visit to the Netherlands which resulted in a changed world view about what proper Urban Infrastructure can look like. Meanwhile they are living with two kids near Delft, in the Netherlands.\nThe book documents their experience, comparing structures in various North American cities to the Dutch learnings about traffic, density, and liveable cities at a human scale.\nThe books chapters go through various cities in the Netherlands and elsewhere to discuss why you would want to build a cycling city, how to do this, how it came to be in the Netherlands, and how solutions elsewhere have to be slightly different to accomplish their goal locally.\nInteresting read, and a good complement to Streetfight , which covers the New York story on the same problem.\nBuilding the Cycling City: The Dutch Blueprint for Urban Vitality , Melissa and Chris Bruntlett, USD 17.00\nYou can also follow them on Twitter: @modacitylife ","date":"2020-08-17T00:00:00Z","href":"https://blog.koehntopp.info/2020/08/17/building-the-cycling-city.html","tags":["lang_en","book","media","review"],"title":"Fertig gelesen: Building the Cycling City"},{"categories":null,"content":"A Wizard\u0026rsquo;s Guide To Defensive Baking is a Yound Adult Coming-of-Age story about Mona. Mona works in her aunt\u0026rsquo;s bakery, and also is a hedge wizard. Her talent is mostly limited to influencing dough and baked goods, her familiar is a sourdough starter named Bob.\nA Wizards Guide To Defensive Baking, T. Kingfisher, Amazon Mona is a 14-year-old girl living in Riverbraid, a random city-state near a river in the floodplain of an otherwise unnamed country that vaguely feels like northern Italy during renaissance times. Working in her aunts bakery, her talent of being able to magically influence dough and baked goods comes in handy in production, and sometimes she lets a few Gingerbread men dance to amuse the customers.\nThen one day, a dead body is found in the bakery, and it turns out that an assassin is trying to kill off magic folk in Riverbraid. And that turns out to be the begin of a coup and conspiracy to wrestle control of the city from the aging Duchess. Mona is drawn into this conspiracy and into the beginning of a war, and discovers that the famous war-wizards tasked with defending the city are not actually having more or stronger magic then her - the difference between a hedge magicker and a war wizard is more about how they think about using their talent than the actual talent.\nThe story is amusingly written and Mona\u0026rsquo;s world-view, as shared with the reader, is full of baking puns. The story arc is what one would assume from a YA book, and entertaining. All in all well worth my time.\n\u0026ldquo;A Wizard\u0026rsquo;s Guide To Defensive Baking , T. Kingfisher, EUR 4.44\n","date":"2020-08-16T00:00:00Z","href":"https://blog.koehntopp.info/2020/08/16/fertig-gelesen-defensive-baking.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: A Wizard's Guide To Defensive Baking"},{"categories":null,"content":"@jpmens asked on Twitter:\nWhat is Fortnite? #outingmyself\nAssuming XKCD 1053 .\nFortnite Fortnite is a game made by Epic Games. They also make the Unreal Engine, which powers many modern computer games. Fortnite together with Roblox and Minecraft it is the set of games played most by people under 20.\nYou want to follow Matthew Ball .\nFortnite is a Battle Royal game, a 1st person shooter, in which a matchmaker puts you together with a set of other people of similar skill, drops you into an arena of ever shrinking size. You got to collect ammo and weapons, build fortifications and kill the others.\nChat, Fun Gizmos and Non-Battle areas exist, and people also use it as a chat and Second Life type of tool to interact with each other (\u0026ldquo;Chat with Avatars\u0026rdquo;). Some of the Gizmos allow you to compose music, emote dances and similar joke things.\nAll of these games are \u0026ldquo;Free to Play\u0026rdquo; (Minecraft: You have to buy the game, Fortnite and Roblox: Download and Gameplay is free - you can buy ingame coins and buy Skins or other extras) and not \u0026ldquo;Pay to Win\u0026rdquo;. This makes them popular with the 10-20yo crowd.\nAll of these games have very moderate system requirements (Fortnite: Intel Iris Graphics on Mac, GTX 660 on Windows). Minecraft: Any Abacus that runs Java. This again makes them popular with the 10-20yo crowd that often uses pre-owned legacy hardware.\nAll of these games have heavy creative options (Minecraft: Modding to Greenland and back, Roblox is a platform for making Minigames, Fortnite has a Creative mode for Socializing and Building) and strong interaction modes.\nThis makes it possible for 10-20yo\u0026rsquo;s to interact with people of their age group on their own terms w/o parental supervision, during unstructured play time. This is important to them as part of their social growth process .\nSidenote: While Epic does make games, IMHO their biggest asset is Unreal Engine and the tooling that comes with it, which has bascially revolutionized game making.\nThe Conflict Apple allows some types of businesses to sell things in-app without charging their legendary 30% premium (eg Supermarkets, Amazon and so on).\nOther businesses (all things software) are banned from direct sales in Apple Apps and are required to handle payments though App Store.\nApple then takes their 30% cut.\nEpic Games released Fortnite on App Store with Apple and Direct Sales options, direct exactly 30% cheaper.\nApple banned Fortnite from the App Store.\nThat is what Epic wanted . They are now taking this to court and are also making fun of Apple for doing this in a big way, typical for Epic and Tim Sweeney.\nEpic Games is not exactly an underdog, even if they position themselves as this in this corporate conflict - they are valued a 17.3 bn USD company, 50% held by Sweeney. But it takes an underdog this size to have a chance to take a bite of out Apple\u0026rsquo;s Lawyers.\nThem winning this is an important step in cracking the App Store monopoly and turning Apple into a better platform. Other companies have taken notice and positioned themselves. Notably all of Match Group , the owner and maker of Tinder, have sided themselves with Epic in this case.\nIt is noteworthy that Epic also has the same conflict going on with Google - they did exactly the same thing on the Google Play store, were also delisted yesterday, and are also suing Google just as they are suing Apple . This is interesting, because OnePlus and LG have been in talks with Epic about preloading Fortnite on the Phone (Ugh, ultimate bloatware!), which is now impossible, because Google prevents this from happening.\n","date":"2020-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2020/08/14/eli5-epic-vs-apple-and-google.html","tags":["lang_en","gaming","apple","google","erklaerbaer"],"title":"ELI5: Epic vs Apple and Google"},{"categories":null,"content":"Since we now know how to look at the state of locking in a live database, let\u0026rsquo;s look at what happens when we run a normal insert or update and an insert or update with foreign key relationships defined, and compare.\nWe will be using the tables and structures from our previous examples, a simple 1:n relationship between a and b:\nCREATE TABLE a ( a_id int NOT NULL AUTO_INCREMENT, PRIMARY KEY (a_id) ); INSERT INTO a VALUES (10), (20), (30), (40); CREATE TABLE b ( b_id int NOT NULL AUTO_INCREMENT, a_id int NOT NULL, PRIMARY KEY (b_id), KEY `a_id` (a_id), CONSTRAINT a_id_exists FOREIGN KEY (a_id) REFERENCES a (a_id) ON DELETE RESTRICT ON UPDATE RESTRICT ); INSERT INTO b VALUES (10,10), (40,40); or the same definition for b without the constraint.\nA normal INSERT and UPDATE First, let\u0026rsquo;s look at an insert and update into b without any defined constraints:\nmysql\u0026gt; start transaction read write; mysql\u0026gt; insert into b values (30,30); mysql\u0026gt; select * from performance_schema.data_locks\\G ... LOCK_TYPE: TABLE LOCK_MODE: IX LOCK_STATUS: GRANTED LOCK_DATA: NULL ... mysql\u0026gt; update b set a_id=20 where b_id = 10; mysql\u0026gt; select * from performance_schema.data_locks\\G ... OBJECT_SCHEMA: kris OBJECT_NAME: b INDEX_NAME: PRIMARY LOCK_TYPE: RECORD LOCK_MODE: X,REC_NOT_GAP LOCK_STATUS: GRANTED LOCK_DATA: 10 ... We can see that the INSERT did just create an intention-lock on the table, but did not actually have to create any row locks. The update had to change an existing table row b.b_id=10, and hence needed to X-lock the row 10.\nINSERT and UPDATE with a foreign key constraint Redefining the b table as above, with a foreign key constraint defined, produces a much richer set of locks:\nmysql\u0026gt; start transaction read write; mysql\u0026gt; insert into b values (30,30); mysql\u0026gt; select * from performance_schema.data_locks\\G select object_schema, object_name, index_name, lock_mode, lock_data, lock_type from performance_schema.data_locks; +---------------+-------------+------------+---------------+-----------+-----------+ | object_schema | object_name | index_name | lock_mode | lock_data | lock_type | +---------------+-------------+------------+---------------+-----------+-----------+ | kris | b | NULL | IX | NULL | TABLE | | kris | a | NULL | IS | NULL | TABLE | | kris | a | PRIMARY | S,REC_NOT_GAP | 30 | RECORD | +---------------+-------------+------------+---------------+-----------+-----------+ In order for the INSERT to be valid, we need to check if the a_id inserted into table b exists in a - that is a lookup operation.\nWe also need to ensure that the value we checked for stays there and is not modified until we finish the transaction. So we do get an additional intention-lock on a, and then an actual S-lock on a.a_id=30. The intention-lock on b is as before.\nContinuing our exploration, we can now try to change a row:\nmysql\u0026gt; update b set a_id=20 where b_id=10; mysql\u0026gt; select object_schema, object_name, index_name, lock_mode, lock_data, lock_type from performance_schema.data_locks; +---------------+-------------+------------+---------------+-----------+-----------+ | object_schema | object_name | index_name | lock_mode | lock_data | lock_type | +---------------+-------------+------------+---------------+-----------+-----------+ | kris | b | NULL | IX | NULL | TABLE | | kris | a | NULL | IS | NULL | TABLE | | kris | a | PRIMARY | S,REC_NOT_GAP | 20 | RECORD | | kris | a | PRIMARY | S,REC_NOT_GAP | 30 | RECORD | | kris | b | PRIMARY | X,REC_NOT_GAP | 10 | RECORD | +---------------+-------------+------------+---------------+-----------+-----------+ 5 rows in set (0.00 sec) We get another S-lock on a.a_id=20 to ensure that our parent record stays unchanged until completion, and as we modify b.b_id=10, this is X-locked as in the normal case.\nWe observe:\nDefining foreign key constraints produces more S-locks. Given a 1:n relationship between a and b, making changes to a_id fields of records in b will S-lock the records in a that the changed rows in b.a_id are pointing to. We did not see this, but there was also a lookup in a to ensure that the b.a_id actually exists in a. Experiment yourself:\nAdd a column data integer not null to b. Make changes to b.a_id for one row, and to b.data for another row. How does the locking change? You will find:\nMaking changes to b.data neither affects the relationship between the tables, nor creates S-locks in a. Given the observed behavior, is our RMW still correct? After looking at the locking behavior of these statements, and what we previously learned about locking: How would we INSERT and UPDATE the dependent records (b records) in our 1:n relationship correctly?\nWe can still manipulate all fields as before that are not foreign keys:\ndrop table b; create table b ( b_id int not null auto_increment, a_id int not null, data int not null, primary key (b_id) index (a_id). constraint a_id_exists foreign key (a_id) references a (a_id) ); insert into b values (10,10, 10), (40,40,40); And the RMW for writes to data is as before:\nstart transaction read write; select b_id, data from b where b_id = 10 for update; ... update b set data = ? where b_id = 10\u0026#39;; commit; When we make changes to the linking between b and a, we must put a share lock on the new a.a_id we intend to link to, to ensure it is present and does not change or vanish until completion.\nstart transaction read write; select a_id from a where a_id = 20 for share; select b_id, a_id, data from b where b_id = 10 for update; ... update b set a_id = 20 where b_id = 10\u0026#39;; commit; As this is a linking to be created, we have to use two distinct select statements for this, and the locks need to be in place before we make the change.\nSelf-referential structures and locks Let\u0026rsquo;s create a tree c where we have records distinguished by c.id, and with c.parent pointing to the parent c.id. We then put in a few records, multiple levels deep:\ncreate table c ( id integer not null primary key, parent integer null, index(parent), constraint up foreign key (parent) references c (id) ); insert into c values (1, NULL), (2, 1), (3, 1), (4, 2), (5, 2), (6, 3), (7, 3), (8, 3), (9, 8), (10, 8); Again, we insert a new record:\nmysql\u0026gt; start transaction read write; mysql\u0026gt; insert into c values (11, 2); mysql\u0026gt; select object_schema, object_name, index_name, lock_mode, lock_data, lock_type from performance_schema.data_locks; +---------------+-------------+------------+---------------+-----------+-----------+ | object_schema | object_name | index_name | lock_mode | lock_data | lock_type | +---------------+-------------+------------+---------------+-----------+-----------+ | kris | c | NULL | IX | NULL | TABLE | | kris | c | PRIMARY | S,REC_NOT_GAP | 2 | RECORD | +---------------+-------------+------------+---------------+-----------+-----------+ mysql\u0026gt; rollback; This looks exactly as we would expect from the previous case.\nThen we modify an existing record, again, without surprises:\nmysql\u0026gt; start transaction read write; mysql\u0026gt; update c set parent=2 where id=10; mysql\u0026gt; select object_schema, object_name, index_name, lock_mode, lock_data, lock_type from performance_schema.data_locks; +---------------+-------------+------------+---------------+-----------+-----------+ | object_schema | object_name | index_name | lock_mode | lock_data | lock_type | +---------------+-------------+------------+---------------+-----------+-----------+ | kris | c | NULL | IX | NULL | TABLE | | kris | c | PRIMARY | X,REC_NOT_GAP | 10 | RECORD | | kris | c | PRIMARY | S,REC_NOT_GAP | 2 | RECORD | +---------------+-------------+------------+---------------+-----------+-----------+ 3 rows in set (0.00 sec) mysql\u0026gt; rollback; \u0026ldquo;UPSERT\u0026rdquo; The term \u0026ldquo;UPSERT\u0026rdquo; is database-speak for \u0026ldquo;create a record, or if it exists, update it\u0026rdquo;. The word is a portmanteau from Insert and Update. It can have three different resolutions for conflicts, and MySQL has three different special commands for this:\nOlder Record wins: When a new record is to be inserted, but an older record with this primary key already exists, the old record should stay unmodified. MySQL has the command INSERT IGNORE for this.\nNewer Record wins: When a new record is to be inserted, but an older record with this primary key already exists, the old record is to be deleted, then the new record is to be inserted. MySQL has the command REPLACE INTO for this.\nMerge old and new: When a new record is to be inserted, but an older record with this primary key already exists, the old and new records have to be merged somehow. MySQL has INSERT ON DUPLICATE KEY UPDATE and the VALUES() function for this.\nThe generic way for this, without special commands, is again a RMW.\nstart transaction read write; select * from t where id = ? for update; ... if necessary, select referenced records in other tables \u0026#34;for share\u0026#34; ... depending on the result, decide if insert or update insert into t (id, ...) values (?, ...) OR update t set ... where id = ? commit; This is also what we would expect any ORM to generate, if it has not implemented special support for the MySQL dialect.\n","date":"2020-08-04T00:00:00Z","href":"https://blog.koehntopp.info/2020/08/04/mysql-foreign-key-constraints-and-locking.html","tags":["lang_en","database","mysql","innodb","mysqldev","erklaerbaer"],"title":"MySQL Foreign Key Constraints and Locking"},{"categories":null,"content":"Foreign Keys are what links tables together and turns a set of tables into a model. Foreign Key Constraints are conditions that must be true for the content of the tables to be an internally consistent model. Foreign Key Constraints can be defined and enforced in InnoDB, but this comes at a considerable price, and for some it may hurt more than it is worth.\nA very simple shop as an ER-model. order_id is the primary key of the Orders table. customer_id in the Orders table is a foreign key: The primary key of another (\u0026ldquo;foreign\u0026rdquo;) table in this table. Foreign keys can model relationships between tables (\u0026ldquo;entities\u0026rdquo;) in an entity-relationship diagram.\nEntities and their relationships In Entity-Relationship modelling we are using tables in a database to model entities in the real world. Each entry in such a table is meant to represent a \u0026ldquo;thing\u0026rdquo; in the real world. For example, in our very simple shop model above, we have Articles, and Customers as real world \u0026ldquo;things\u0026rdquo; in our model. We also have Orders, and Orders can have multiple lines, Orderlines. Each Orderline connects an Order with an Article.\nIn order to be able to distinguish real world things in our tables, we require each entry to have a unique identifier, the id. These will then show up in the real world as customer numbers, order numbers or article numbers. The uniqueness of these numbers in their respective tables makes them a Key.\nKeys and Indexes Technically a Key does not have to have a corresponding Index in the table: Keys and Indexes are separate things.\nOne - the Key - is a property of the model: \u0026ldquo;There exists a bijektive function between the customer_id and the real world customers\u0026rdquo;, meaning \u0026ldquo;Each customer has a customer_id\u0026rdquo;, and \u0026ldquo;Any two different customers have different customer_ids\u0026rdquo;. This is what allows us to use customer_ids as stand-ins for all the other values in the Customers table, and for the real world customers themselves, for the purpose of modelling them in the database.\nThe other - the Index - is a data structure that allows us to look up the other values of a Customer fast, given any customer_id value.\nThere is no need for a Key to have an Index, but we need to ensure that a new customer_id is unique. We are also given customer_ids all of the time, and then need to fetch the other data we have on this customer from the table. That means we need to look up customer_ids in the Customers table all the time, and without the index we can only resort to a full table scan for this. This is going to be so slow that the table will be without any real-world value for us.\nPractically, a Key and an Index go so much hand-in-hand that database people are using both terms interchangeably when they are clearly different things: An average database person will say Key, when they mean Index or the other way around, because in their minds having a Key without an Index is Not A Thing at all.\nThere may be multiple things - or combinations of things - that uniquely identify real world things in a given table of our model of the world. We call these Key Candidates. We then elect one to be the actual Key (or make one up, a Synthetic Key such as a customer_id), and call that the Primary Key or just the Key.\nIn the mind of a database person, the Primary Key is the row, and the row is the Primary Key. That is what bijektive functions are for.\nTechnically, a table doesn\u0026rsquo;t need to not have a Primary Key. Practically, this creates so many kinds of problems that many databases have options to prevent this: They will reject table definitions without a primary key definition for good, and responsible database administrators enable these restrictions.\nForeign Keys A column in table B that contains primary key values from a table A is called a foreign key. It defines a relationship. Just the presence of that key column is enough, there need not be any declaration or enforcement for it to be a foreign key.\ncreate table a ( a_id integer not null primary key auto_increment, a_other_data varchar(200) ); create table b ( b_id integer not null primary key auto_increment, a_id integer not null, b_other_data varchar(200), index a_id (a_id) ) In this example the table a has a primary key a.a_id. Table b contains a reference to a in the form of the column b.a_id. This column is a foreign key. Technically, \u0026ldquo;foreign key\u0026rdquo; is a meaningless term, so actually \u0026ldquo;b.a_id is a foreign key of a in b\u0026rdquo; to be precise. When talking about tables, this is often implicitly clear, so many people omit this and just say \u0026ldquo;foreign key\u0026rdquo; and assume you understand what is means.\nAs can be seen, table b is also defined with an index a_id (a_id) - what we model here ia a 1:n relationship between a and b (an \u0026ldquo;a\u0026rdquo; can have many \u0026ldquo;b\u0026rdquo;), and we expect to look up all the b\u0026rsquo;s for a given a a lot, so having that index is a no-brainer.\nselect * from a join b on a.id = b.a_id where somecondition_on_a This query will list all the b\u0026rsquo;s that belong to the a\u0026rsquo;s selected by the given condition, and it will only be fast with an index on b.a_id.\nForeign Key Constraints Now, when we put a b.a_id into b, we would normally want the matching a.a_id to exist. That is, when we put in an orders.customer_id value, there better be a customers.customer_id for this, or there will be problems.\nForeign Key Constrains are conditions that can be put into table definitions to enforce that. Actually doing this may or may not be a good idea, we will be looking at that in some more detail in a separate article.\nLet\u0026rsquo;s define a useless base table with a primary key:\ncreate table a ( a_id integer not null primary key auto_increment ); Query OK, 0 rows affected (0.05 sec) For this we want a table b that references the base table, and has a constraint for this.\ncreate table b ( b_id integer not null primary key auto_increment, a_id integer not null, index a_id (a_id), constraint a_id_exists foreign key (a_id) references a(a_id) on delete restrict on update restrict ); Query OK, 0 rows affected (0.13 sec) There are many things to this, and all of them are required to make this work.\nWe need a base table a with a primary key defined. We need a secondary table b with a column that we want to use to reference a.a_id. We can name it anything we want, but we usually use the name of the foreign tables primary key. If that is not unique (simply id), we usually prefix it with the table name and an underscore. We are using a_id here, because that works. We have to define an index in the foreign key column in b. When we don\u0026rsquo;t, MySQL does this automatically and uses the constraint name for this. Leave off index a_id (a_id) from our CREATE TABLE b statement, and see what you get. The constraint we define can get a name, or MySQL chooses one when we leave of the constraint a_id_exists part of the statement. We then describe which of \u0026ldquo;our\u0026rdquo; columns points to what column in the other table: foreign key (a_id) references a(a_id). Finally, we get to say what shall happen when there are update or delete statements that would invalidate the relationship. This part is also optional. Thus, the shortest possible definition of b would be\ncreate table b ( b_id integer not null primary key auto_increment, a_id integer not null, foreign key (a_id) references a(a_id) ); and yields\nmysql\u0026gt; show create table b\\G *************************** 1. row *************************** Table: b Create Table: CREATE TABLE `b` ( `b_id` int NOT NULL AUTO_INCREMENT, `a_id` int NOT NULL, PRIMARY KEY (`b_id`), KEY `a_id` (`a_id`), CONSTRAINT `b_ibfk_1` FOREIGN KEY (`a_id`) REFERENCES `a` (`a_id`) ) ENGINE=InnoDB The Manual describes the other terms and conditions that apply, and also explains which types of referential actions are valid for the ON DELETE and ON UPDATE clauses.\nPlaying with foreign key constraints Using the definitions of a and b from above, we are now playing with foreign key constraints a bit:\nmysql\u0026gt; insert into a values (10), (20), (30), (40); Query OK, 4 rows affected (0.02 sec) Records: 4 Duplicates: 0 Warnings: 0 The values 10, 20, 30 and 40 are now valid primary keys in a, and hence valid values for a_idin b.\nmysql\u0026gt; start transaction read write; Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; insert into b values (10, 10); Query OK, 1 row affected (0.00 sec) mysql\u0026gt; insert into b (20, 20), (50,50), (30,30); ERROR 1452 (23000): Cannot add or update a child row: a foreign key constraint fails (`kris`.`b`, CONSTRAINT `a_id_exists` FOREIGN KEY (`a_id`) REFERENCES `a` (`a_id`) ON DELETE RESTRICT ON UPDATE RESTRICT) mysql\u0026gt; insert into b values (40, 40); Query OK, 1 row affected (0.00 sec) mysql\u0026gt; commit; Query OK, 0 rows affected (0.01 sec) mysql\u0026gt; select * from b; +------+------+ | b_id | a_id | +------+------+ | 10 | 10 | | 40 | 40 | +------+------+ 2 rows in set (0.00 sec) The tuple (50, 50) caused a foreign key validation error on an extended insert statement, the second statement in our transaction. The entire statement was rejected. The first and third statement in our transaction were valid and accepted. The entire transaction was not rejected and committed.\nThis is potentially dangerous.\nmysql\u0026gt; update b set a_id = 20 where b_id = 10; Query OK, 1 row affected (0.00 sec) Rows matched: 1 Changed: 1 Warnings: 0 mysql\u0026gt; update b set a_id = 15 where b_id = 10; ERROR 1452 (23000): Cannot add or update a child row: a foreign key constraint fails (`kris`.`b`, CONSTRAINT `b_ibfk_1` FOREIGN KEY (`a_id`) REFERENCES `a` (`a_id`)) We can change the b.aid to values present in the a.a_id table. Changing them to invalid values is being rejected.\nLikewise, we are prevented from deleting a row from a if there are still values in b.a_id referencing this row, and summary deletion, truncation or dropping of table a are also prevented as long as any reference from b to a exists.\nmysql\u0026gt; delete from a where a_id = 20; ERROR 1451 (23000): Cannot delete or update a parent row: a foreign key constraint fails (`kris`.`b`, CONSTRAINT `b_ibfk_1` FOREIGN KEY (`a_id`) REFERENCES `a` (`a_id`)) mysql\u0026gt; delete from a where a_id = 10; Query OK, 1 row affected (0.00 sec) mysql\u0026gt; delete from a; ERROR 1451 (23000): Cannot delete or update a parent row: a foreign key constraint fails (`kris`.`b`, CONSTRAINT `b_ibfk_1` FOREIGN KEY (`a_id`) REFERENCES `a` (`a_id`)) mysql\u0026gt; truncate table a; ERROR 1701 (42000): Cannot truncate a table referenced in a foreign key constraint (`kris`.`b`, CONSTRAINT `b_ibfk_1`) mysql\u0026gt; drop table a; ERROR 3730 (HY000): Cannot drop table \u0026#39;a\u0026#39; referenced by a foreign key constraint \u0026#39;b_ibfk_1\u0026#39; on table \u0026#39;b\u0026#39;. A self-referential structure We can define tables that describe hierarchies by using recursive foreign key relationships, but we have to take care to allow termination of the recursion.\ncreate table d ( id serial, parent bigint unsigned not null, foreign key (parent) references d (id) ); This is a valid definition that is accepted by MySQL. In order for an insert to succeed, we would have to provide a valid value for d.parent, but the table is empty, and we did not allow NULL.\nThe only valid thing we could insert is the value we are inserting right now, and that value is then undeletable.\nmysql\u0026gt; insert into d values ( 0, NULL ); ERROR 1048 (23000): Column \u0026#39;parent\u0026#39; cannot be null mysql\u0026gt; insert into d values ( 1, 1); Query OK, 1 row affected (0.00 sec) mysql\u0026gt; delete from d where id = 1; ERROR 1451 (23000): Cannot delete or update a parent row: a foreign key constraint fails (`kris`.`d`, CONSTRAINT `d_ibfk_1` FOREIGN KEY (`parent`) REFERENCES `d` (`id`)) Allowing NULL may be making a structure that is a tiny bit easier to maintain. We can now define a tree structure, but we have to do it from the top down.\nmysql\u0026gt; create table c ( id serial, parent bigint unsigned null, foreign key (parent) references c (id) ); Query OK, 0 rows affected (0.06 sec) mysql\u0026gt; insert into c values (4, 2), (5, 2), (6,3), (7,3), (8,3), (2,1), (3,1), (1, NULL); ERROR 1452 (23000): Cannot add or update a child row: a foreign key constraint fails (`kris`.`c`, CONSTRAINT `c_ibfk_1` FOREIGN KEY (`parent`) REFERENCES `c` (`id`)) mysql\u0026gt; insert into c values (1, NULL), (2,1), (3,1), (4,2), (5, 2), (6, 3), (7,3), (8,3); Query OK, 8 rows affected (0.01 sec) Records: 8 Duplicates: 0 Warnings: 0 Both statements define the same tree structure, but one does it from the bottom up, the other from the top down. We can see that even inside a single statement referential integrity is enforced at a per-row level and the first statement is impossible to load. Order suddenly matters.\nThe same would be true if we used multiple insert statements inside the same transaction: Even if the entire set of rows is only committed at the end of the transaction, statements inside the transaction suddenly have to have an order, and all referential integrity constraints have to be valid at all times (\u0026ldquo;for each row\u0026rdquo;).\nFor individual tables or simple 1:1 relationships this matters little, but referential integrity is transitive, and it is very easy to build completely validated structures that become uninsertable, unupdateable or undeletable, or to build referential integrity puzzles.\nThe SQL Standard defines behavior for this - checking referential integrity only at the end of a transaction - but InnoDB does not implement this. This makes working with foreign key constraints very hard and limits their usefulness.\nWalking our tree But at least we can walk our tree, and be sure it is well-defined:\nwith recursive tree as ( select c.id, c.parent, 0 as level, convert(\u0026#34;1\u0026#34;, char(255)) as path from c where parent is null union all select x.id, x.parent, tree.level + 1 as level, concat(tree.path, \u0026#34;,\u0026#34;, x.id) as path from c as x join tree on tree.id = x.parent ) select * from tree; +------+--------+-------+-------+ | id | parent | level | path | +------+--------+-------+-------+ | 1 | NULL | 0 | 1 | | 2 | 1 | 1 | 1,2 | | 3 | 1 | 1 | 1,3 | | 4 | 2 | 2 | 1,2,4 | | 5 | 2 | 2 | 1,2,5 | | 6 | 3 | 2 | 1,3,6 | | 7 | 3 | 2 | 1,3,7 | | 8 | 3 | 2 | 1,3,8 | +------+--------+-------+-------+ What we found so far. Foreign Keys are everywhere. Foreign Key Constraints look attractive at first, in order to ensure our Foreign Keys are valid. But they are being enforced at the row level. That enforces an order to operations within a transaction. It is easy to build structures that are hard to update, delete from, truncate or even drop. It is easy to create structures with undeletable records. The SQL Standard has options to make this less painful, but MySQL does not implement these. ","date":"2020-08-03T00:00:00Z","href":"https://blog.koehntopp.info/2020/08/03/mysql-foreign-keys-and-foreign-key-constraints.html","tags":["lang_en","database","mysql","innodb","mysqldev","erklaerbaer"],"title":"MySQL Foreign Keys and Foreign Key Constraints"},{"categories":null,"content":"Support Channel. \u0026ldquo;Hi, I am getting deadlocks in the database, and they occur when I have to roll back the transactions but if we don\u0026rsquo;t have to roll back all transactions get executed.\u0026rdquo; Wait, what? After some back and forth it becomes clear that the Dev experiences deadlocks and has data:\nmysql\u0026gt; pager less mysql\u0026gt; show engine innodb status\\G ... MySQL thread id 142531, OS thread handle 139990258222848, query id 4799571 somehost.somedomain someuser update INSERT into sometable (identifier_id, currency, balance ) VALUES (\u0026#39;d4e84cb1-4d56-4d67-9d16-1d548fd26b55\u0026#39;, \u0026#39;EUR\u0026#39;, \u0026#39;0\u0026#39;) *** (2) HOLDS THE LOCK(S): RECORD LOCKS space id 3523 page no 1106463 n bits 224 index PRIMARY of table `somedb`.`sometable` trx id 9843342279 lock mode S locks gap before rec and that is weird because of the lock mode S locks gap in the last line. We get the exact same statement with the exact same value on the second thread, but with lock mode X locks gap.\nBoth transactions have an undo-log entry of the length 1 - one row, single insert and the insert has an S-lock.\nA mystery INSERT and opaque code Many questions arise:\nhow can an INSERT have an S-lock? how can a single INSERT transaction deadlock? what does the originating code look like? The last question can be actually answered by the developer, but because they are using Java, in true Java fashion it is almost - but not quite - useless to a database person.\n@Transactional(propagation = Propagation.REQUIRES_NEW, timeout = MYSQL_TRANSACTION_TIMEOUT, rollbackFor = { BucketNotFoundException.class, DuplicateTransactionException.class, BucketBalanceUpdateException.class }, isolation = Isolation.SERIALIZABLE ) public void initiateBucketBalanceUpdate(Transaction transaction) throws BucketBalanceUpdateException, DuplicateTransactionException { this.validateAndInsertIdempotencyKey(transaction); this.executeBucketBalanceUpdateFlow(transaction); this.saveTransactionEntries(transaction); } So, where is the SQL?\nThis is often a problem - Object Relational Mappers encapsulate the things that go on in the database so much that it is really hard for anybody - Developers, DBAs and everybody else - to understand what actually happens and make debugging quite painful.\nOr, if they understand what goes on with the database, to map this to the code.\nTRANSACTION ISOLATION LEVEL SERIALIZABLE In this case it is solvable, though. The isolation = Isolation.SERIALIZABLE is the culprit here.\nSo when we spoke about transactions and isolation levels previously, I made the decision to leave the fourth and most useless isolation level out of the picture: SET TRANSACTION ISOLATION LEVEL SERIALIZABLE. The manual says :\nSERIALIZABLE\nThis level is like REPEATABLE READ, but InnoDB implicitly converts all plain SELECT statements to SELECT ... FOR SHARE if autocommit is disabled.\nIt then goes on to explain how SERIALIZABLE does nothing when there is no explicit transaction going on. It does not explain what it is good for (mostly: shooting yourself into the foot) and when you should use it (mostly: don\u0026rsquo;t).\nIt does answer the question of \u0026ldquo;Where to the S-Locks come from?\u0026rdquo;, though.\nThe SERIALIZABLE isolation mode turns a normal SELECT statement into a Medusa\u0026rsquo;s freeze ray that shoots S-Locks all over the tables onto everything it looks at, preventing other threads from changing these things until we end our transaction and drop our locks (And that is why you should not use it, and why I personally believe that your code is broken if it needs it).\nA broken RMW and lock escalation So instead of a regular Read-Modify-Write\nSession1\u0026gt; START TRANSACTION READ WRITE; Session1\u0026gt; SELECT * FROM sometable WHERE id=10 FOR UPDATE; -- X-lock granted on rec or gap -- ... Application decides INSERT or UPDATE Session1\u0026gt; INSERT INTO sometable (id, ...) VALUES ( 10, ... ); Session1\u0026gt; COMMIT; we get the following broken Read-Modify-Write, minimum:\nSession1\u0026gt; START TRANSACTION READ WRITE; Session1\u0026gt; SELECT * FROM sometable WHERE id=10 FOR SHARE; -- S-lock granted on rec or gap -- ... Application decides INSERT or UPDATE Session1\u0026gt; INSERT INTO sometable (id, ...) VALUES ( 10, ... ); -- lock escalation to X Session1\u0026gt; COMMIT; The LOCK IN SHARE MODE or equivalent FOR SHARE is not in the code, it is added implicitly by the isolation level SERIALIZABLE.\nWe get an S-Lock, which is not good for writing. Our transaction now did not get the required locks necessary for reading at the start of the transaction, because the later INSERT requires an X-lock, like any write statement would. The database needs to acquire the X-lock, that is, it needs to upgrade the S-lock to an X-lock.\nIf at that point in time another threads tries to run the exact same statement, which is what happens here, they already hold a second S-lock, preventing the first thread from completing their transaction (it is waiting until the second threads drops the S-lock, or it times out).\nAnd then that second thread also tries to upgrade their S-lock into an X-lock, which it can\u0026rsquo;t do, because that first thread is trying to do the same thing, and we have the deadlock and a rollback.\nReproduction of the problem We can easily reproduce this.\nSession1\u0026gt; set transaction isolation level serializable; Session1\u0026gt; start transaction read write; Query OK, 0 rows affected (0.00 sec) Session1\u0026gt; select * from kris where id = 10; +----+-------+ | id | value | +----+-------+ | 10 | 10 | +----+-------+ Session1\u0026gt; select * from performance_schema.data_locks\\G ... LOCK_TYPE: TABLE LOCK_MODE: IS LOCK_STATUS: GRANTED LOCK_DATA: NULL ... LOCK_TYPE: RECORD LOCK_MODE: S,REC_NOT_GAP LOCK_STATUS: GRANTED LOCK_DATA: 10 ... Session1\u0026gt; update kris set value=11 where id =10; We change the isolation level to SERIALIZABLE and start a transaction (because, as stated in the manual, autocommit does nothing). We then simply look at a single row, and check PERFORMANCE_SCHEMA.DATA_LOCKS afterwards. Lo and behold, S-Locks as promised by the manual.\nNow, the setup for the deadlock with a second session, by doing the same thing:\nSession2\u0026gt; set transaction isolation level serializable; Session2\u0026gt; start transaction read write; Query OK, 0 rows affected (0.00 sec) Session2\u0026gt; select * from kris where id = 10; +----+-------+ | id | value | +----+-------+ | 10 | 10 | +----+-------+ Checking the data_locks table we now see two sets of IS- and S-Locks belonging to two different threads. We go for an UPDATE here, because we chose existing rows and row locks, instead of non-existing rows and gap locks:\nSession1\u0026gt; update kris set value=11 where id =10; ... hangs ... and in the other connection:\nSession2\u0026gt; update kris set value=13 where id =10; ERROR 1213 (40001): Deadlock found when trying to get lock; try restarting transaction Coming back to the first session, this now reads\nSession1\u0026gt; update kris set value=11 where id =10; ... hangs ... Query OK, 1 row affected (2.43 sec) Rows matched: 1 Changed: 1 Warnings: 0 The timing given is the time I took to switch between terminals and to type the commands.\nResolution Coming back to the support case, the Dev analyzed their code and found out that what they are emitting is actually the sequence\nSession1\u0026gt; SET TRANSACTION ISOLATION LEVEL SERIALIZABLE; Session1\u0026gt; START TRANSACTION READ WRITE; Session1\u0026gt; SELECT * FROM sometable WHERE id=10; -- implied S-lock granted on rec or gap -- ... Application decides INSERT or UPDATE Session1\u0026gt; SELECT * FROM sometable WHERE id=10 FOR UPDATEl -- lock escalation to X Session1\u0026gt; INSERT INTO sometable (id, ...) VALUES ( 10, ... ); Session1\u0026gt; COMMIT; so their code is already almost correct.\nThey do not need the double read and also not the isolation level SERIALIZABLE. This is an easy fix for them and the deadlocks are gone, the world is safe again.\nSo many things to learn from this:\nYou won\u0026rsquo;t need SERIALIZABLE unless your code is broken. Trying to use it is a warning sign. A deadlock with an S-lock escalation means you need to check the isolation level. In SERIALIZABLE it is totally possible to deadlock yourself with a simple invisible SELECT and a lone INSERT or UPDATE. The ORM will remove you quite a lot from the emitted SQL. Do you know how to trace your ORM and to get the actual SQL generated? If not, go and find out. A server side trace will not save you - the server is a busy beast. It also cannot see your stackframes, so it can\u0026rsquo;t link your SQL to the line in your code that called the ORM. Yes, in the client side SQL trace, ideally you also want the tracer to bubble up the stack and give you the first line outside the ORM to identify what is causing the SQL to be emitted and where in the code that happens. The deadlock information in SHOW ENGINE INNODB STATUS is painfully opaque, but learning to read it is worthwhile. In reproduction, using performance schema is much easier and makes the sequence of events much easier to understand. The server is not very good at explaining the root cause of deadlocks to a developer in the error messages and warnings generated. ","date":"2020-08-02T00:00:00Z","href":"https://blog.koehntopp.info/2020/08/02/mysql-deadlocks-with-insert.html","tags":["lang_en","database","mysql","innodb","mysqldev","erklaerbaer"],"title":"MySQL Deadlocks with INSERT"},{"categories":null,"content":"In a previous article we wrote data to the database using atomic update statements, and then using transactions with SELECT ... FOR UPDATE. In this article we will look at what happens when we continue doing this, in a more complicated way. Source code for this article is also available on GitHub.com .\nA simple row lock But first let\u0026rsquo;s do things manually: We create a table kris with an integer primary key column and a secondary unindexed data column. We are filling it with some records with gaps between the primary keys.\nWe then START TRANSACTION READ WRITE and SELECT ... FOR UPDATE a record:\nSession1\u0026gt; create table kris ( id serial, value integer ); Session1\u0026gt; insert into kris values (10, 10), (20, 20), (30, 30),(40, 40); Session1\u0026gt; start transaction read write; Session1\u0026gt; select * from kris where id = 10 for update; +----+-------+ | id | value | +----+-------+ | 10 | 10 | +----+-------+ The table PERFORMANCE_SCHEMA.DATA_LOCKS will show us what happened, and the manual section on locking explains what we are looking at and what we can expect.\nSession1\u0026gt; select * from performance_schema.data_locks\\G ... LOCK_TYPE: TABLE LOCK_MODE: IX LOCK_STATUS: GRANTED LOCK_DATA: NULL ... LOCK_TYPE: RECORD LOCK_MODE: X,REC_NOT_GAP LOCK_STATUS: GRANTED LOCK_DATA: 10 The SELECT ... FOR UPDATE created a LOCK_TYPE: TABLE table-level lock with LOCK_MODE: IX. This is an intention-lock set by FOR UPDATE which indicates the desire to set X-locks (exclusive-locks, write-locks) on rows.\nThe statement then proceeded to actually create a row-lock, at the record level: We see LOCK_TYPE: RECORD with LOCK_DATA: 10, so the record id=10 has been locked. The LOCK_MODE: X, REC_NOT_GAP indicates a lock on the record only, not on the gap before the record.\nA lock on a nonexistent row Adding to the preceding transaction, we now also search for a non-existent row, using FOR UPDATE to signal our intent to later create this row. Since the row does not exist, the result set is empty:\nSession1\u0026gt; select * from kris where id = 35 for update; Empty set (0.00 sec) Reusing the table-level IX lock from before, we now see a third entry in PERFORMANCE_SCHEMA.DATA_LOCKS:\nSession1\u0026gt; select * from performance_schema.data_locks; ... LOCK_TYPE: RECORD LOCK_MODE: X,GAP LOCK_STATUS: GRANTED LOCK_DATA: 40 ... This, too, is a record-level lock, but this time it is LOCK_MODE: X,GAP and LOCK_DATA: 40. What we get here is a lock on the space between the rows id=30 (excluding) and id=40 (including), preventing other threads from inserting a row id=35.\nInserting into a locked gap, with timeouts. We demonstrate that with a second session:\nSession2\u0026gt; start transaction read write; Session2\u0026gt; insert into kris values (33, 33); ... hangs ... ^C^C -- query aborted ERROR 1317 (70100): Query execution was interrupted While the SELECT ... FOR UPDATE had a where clause of WHERE id=35, the lock covers the entire interval (30, 40], and our attempt to insert a record with id=33 hangs and has to wait until either the locking transaction is committed or our attempt times out. This can be a long wait: by default, innodb_lock_wait_timeout is set to 50 seconds.\nWe can change that:\nSession2\u0026gt; set session innodb_lock_wait_timeout = 3; Session2\u0026gt; start transaction read write; Session2\u0026gt; select time(now()); insert into kris values (33, 33); select time(now()); +-------------+ | time(now()) | +-------------+ | 17:52:28 | +-------------+ ERROR 1205 (HY000): Lock wait timeout exceeded; try restarting transaction +-------------+ | time(now()) | +-------------+ | 17:52:32 | +-------------+ We are rolling back all our transactions, and reset the table kris to the initial 4 tuples ((10,10), (20,20), (30,30), (40,40)).\nInnoDB handles Deadlocks Whenever we collect locks in a non-atomic fashion there is a risk of deadlocking.\nA deadlock is any situation where a thread A holds a resource 1 and wants to lock a resource 2, where at the same time a thread B holds the lock on 2 and wants a lock on 1.\nA holds lock 1 and needs a lock on 2 to complete and release both locks, while B holds the lock on 2 and needs the lock on 1 to complete and release both locks. There is no way to resolve this situation except with intervention from the outside, forcing one transaction to roll back (and hopefully retry). There is no problem for either A or B to complete the operation, but not while both are trying to finish concurrently.\nThe deadlock scenario is only possible because A and B do not acquire locks in a canonical order: Had B also acquired the locks in numerically ascending order (1, 2), the transactions would have had serialized themselves successfully, and no forced conflict resolution would have been necessary. You can think of the rollback with a later retry as a clumsy, forced serialisation of events instead.\nMore complicated scenarios with 3 or more threads and larger circular dependencies are possible.\nSo, let\u0026rsquo;s exercise a deadlock with two sessions:\nSession1\u0026gt; start transaction read write; Session1\u0026gt; select * from kris where id = 30 for update; +----+-------+ | id | value | +----+-------+ | 30 | 30 | +----+-------+ and in the other session:\nSession2\u0026gt; start transaction read write; Session2\u0026gt; select * from kris where id = 10 for update; +----+-------+ | id | value | +----+-------+ | 10 | 10 | +----+-------+ Now that both threads hold their first resource, let\u0026rsquo;s get their respective opposite to complete the deadlock. Session1 hangs, because it waits for Session2 to release the lock on id=10.\nSession1\u0026gt; select * from kris where id = 10 for update; ... hangs ... And Session2, trying to lock id=30, which is held by Session1, then is being detected and rolled back forcibly:\nSession2\u0026gt; select * from kris where id = 30 for update; ERROR 1213 (40001): Deadlock found when trying to get lock; try restarting transaction At the same time Session1 can complete the statement:\nSession1\u0026gt; select * from kris where id = 10 for update; +----+-------+ | id | value | +----+-------+ | 10 | 10 | +----+-------+ 1 row in set (8.74 sec) The time reported is the time this session hung waiting for the lock to be granted.\nAfter the rollback PERFORMANCE_SCHEMA.DATA_LOCKS looks like this:\nSession2\u0026gt; select lock_type, lock_mode, lock_data, lock_status from performance_schema.data_locks; +-----------+---------------+-----------+-------------+ | lock_type | lock_mode | lock_data | lock_status | +-----------+---------------+-----------+-------------+ | TABLE | IX | NULL | GRANTED | | RECORD | X,REC_NOT_GAP | 30 | GRANTED | | RECORD | X,REC_NOT_GAP | 10 | GRANTED | +-----------+---------------+-----------+-------------+ These locks are owned by Session1, and after executing ROLLBACK or COMMIT in Session1 they are released and the select-statement on performance_schema comes back empty.\nRetrying transactions We can try to formalize what we learned in code: A table demo with 10 counters numbered from 1 to 10 is being set up, the counters are starting at 0.\nWe are running two programs concurrently: One program is counting up the counters i and i+1, and the other program is counting up the counters i and i-1. Whenever the two programs generate overlapping transactions, a deadlock situation should arise.\nWe want to be able to detect this, and restart the transactions. A quick and dirty attempt at this: A function to lock a record by id.\ndef select_update(name, id): cmd = f\u0026#34;select counter from {name} where id = {id} for update\u0026#34; c = db.cursor() try: c.execute(cmd) except MySQLdb.OperationalError as e: click.echo(f\u0026#34;MySQL Error: {e}\u0026#34;) return None row = c.fetchone() return row[\u0026#34;counter\u0026#34;] A function to increment a counter in a record we locked this way:\ndef update(name, id, counter): cmd = f\u0026#34;update {name} set counter = {counter} where id = {id}\u0026#34; c = db.cursor() try: c.execute(cmd) except MySQLdb.Error as e: click.echo(f\u0026#34;MySQL Error: {e}\u0026#34;) sys.exit(0) And a quick and dirty function with way too many parameters to exercise these two functions for pairs of records:\ndef count_with_locking(name, tag, position1, position2, verbose=False): # I would rather have a START TRANSACTION READ WRITE # but MySQLdb does not offer this natively. db.begin() # read, with FOR UPDATE done = False while not done: counter1 = select_update(name, position1) sleep(1) counter2 = select_update(name, position2) # if either counter is None, we had a deadlock and # need to retry. Otherwise we are done. if counter1 is not None and counter2 is not None: done = True else: if verbose: print(f\u0026#34;{tag} *** Retry *** {position1}, {position2} = {counter1}, {counter2}\u0026#34;) # Once we make it here we are done. if verbose: print(f\u0026#34;{tag} {position1}, {position2} = {counter1}, {counter2}\u0026#34;) # modify counter1 += 1 counter2 += 1 # write (and since we have the locks, this will work) update(name, position1, counter1) update(name, position2, counter2) # and release the locks, too db.commit() And two driver functions, one that goes up and another that goes down, wrapped with click so that they can be accessed via the command line:\n@sql.command() @click.option(\u0026#34;--name\u0026#34;, default=\u0026#34;demo\u0026#34;, help=\u0026#34;Table name to count in\u0026#34;) @click.option(\u0026#34;--size\u0026#34;, default=1000, help=\u0026#34;Number rows in counter table\u0026#34;) @click.option(\u0026#34;--iterations\u0026#34;, default=10000, help=\u0026#34;Number of increments\u0026#34;) @click.option(\u0026#34;--verbose/--no-verbose\u0026#34;, default=False, help=\u0026#34;Log each commit?\u0026#34;) def count_up(name, size, iterations, verbose): \u0026#34;\u0026#34;\u0026#34; Increment counters i and i+1, across an array, counting i upwards \u0026#34;\u0026#34;\u0026#34; for i in range(0, iterations): # We will count up position1 and position2 position1 = (i % size) + 1 position2 = ((i + 1) % size) + 1 count_with_locking(name, \u0026#34;up \u0026#34;, position1, position2, verbose) @sql.command() @click.option(\u0026#34;--name\u0026#34;, default=\u0026#34;demo\u0026#34;, help=\u0026#34;Table name to count in\u0026#34;) @click.option(\u0026#34;--size\u0026#34;, default=1000, help=\u0026#34;Number rows in counter table\u0026#34;) @click.option(\u0026#34;--iterations\u0026#34;, default=10000, help=\u0026#34;Number of increments\u0026#34;) @click.option(\u0026#34;--verbose/--no-verbose\u0026#34;, default=False, help=\u0026#34;Log each commit?\u0026#34;) def count_down(name, size, iterations, verbose): \u0026#34;\u0026#34;\u0026#34; Increment counters i and i+1, across an array, counting i upwards \u0026#34;\u0026#34;\u0026#34; for i in range(iterations, 0, -1): # We will count down position1 and position2 position1 = (i % size) + 1 position2 = ((i - 1) % size) + 1 count_with_locking(name, \u0026#34;down\u0026#34;, position1, position2, verbose) When running this, we get deadlocks because we built it this way:\n$ ./deadlock.py truncate Table demo truncated. $ ./deadlock.py setup --size 10 Counters 1 to 10 set to 0. $ ./deadlock.py count-up --size 10 --iterations 100 --verbose \u0026amp; ./deadlock.py count-down --size 10 --iterations 100 --verbose \u0026amp; [1] 3706851 [2] 3706852 $ down 1, 10 = 0, 0 down 10, 9 = 1, 0 up 1, 2 = 1, 0 down 9, 8 = 1, 0 up 2, 3 = 1, 0 down 8, 7 = 1, 0 up 3, 4 = 1, 0 down 7, 6 = 1, 0 up 4, 5 = 1, 0 MySQL Error: (1213, \u0026#39;Deadlock found when trying to get lock; try restarting transaction\u0026#39;) down 6, 5 = 1, 1 up *** Retry *** 5, 6 = 1, None up 5, 6 = 2, 2 up 6, 7 = 3, 2 down 5, 4 = 3, 2 up 7, 8 = 3, 2 ... As soon as the count-down (6,5) and the count-up (5,6) cross their streams a deadlock happens. The count-up (5,6) is rolled back and needs to retry. After retry the counter values are correctly incremented.\nWe managed to detect the deadlocks, retry the transactions and set things right. Once more the world is safe.\n","date":"2020-08-01T00:00:00Z","href":"https://blog.koehntopp.info/2020/08/01/mysql-locks-and-deadlocks.html","tags":["lang_en","database","mysql","innodb","mysqldev","erklaerbaer"],"title":"MySQL: Locks and Deadlocks"},{"categories":null,"content":"Using the framework for testing we created in earlier articles, let\u0026rsquo;s try to modify some data. We are writing a small program that increments a counter. Our table looks like this, and contains 10 counters:\nCREATE TABLE `demo` ( `id` bigint unsigned NOT NULL AUTO_INCREMENT, `counter` int NOT NULL DEFAULT \u0026#39;0\u0026#39;, UNIQUE KEY `id` (`id`) ) INSERT INTO `demo` VALUES (1,0); INSERT INTO `demo` VALUES (2,0); ... INSERT INTO `demo` VALUES (10,0); We are using some very simple programming to increment a counter:\n@sql.command() @click.option(\u0026#34;--name\u0026#34;, default=\u0026#34;demo\u0026#34;, help=\u0026#34;Table name to count in\u0026#34;) @click.option(\u0026#34;--id\u0026#34;, default=0, help=\u0026#34;Counter to use\u0026#34;) @click.option(\u0026#34;--count\u0026#34;, default=1000, help=\u0026#34;Number of increments\u0026#34;) def count(name, id, count): \u0026#34;\u0026#34;\u0026#34; Increment counter --id by --count many steps in table --name \u0026#34;\u0026#34;\u0026#34; for i in range(0, count): cmd = f\u0026#34;update {name} set counter=counter+1 where id = {id}\u0026#34; c = db.cursor() c.execute(cmd) db.commit() Incrementing a single counter, 1000 times In this code, we run the SQL update demo set counter=counter+1 where id=3 or similar in order to increment a counter, and commit immediately. The loop will run 1000 iterations, and we can time it. The speed of the loop is completely dependent on how fast our hardware can commit data to disk.\n$ ./counter.py truncate Table demo truncated. $ ./counter.py setup --size 10 $ time ./counter.py count --id 3 real 0m14.457s user 0m0.146s sys 0m0.037s 14.4 seconds for 1000 commits are 14ms per commit, to an old SATA SSD - not very fast at all, but this is 10 years old hardware. This is slow, because the db.commit() issues a single fsync to the Redo-Log, waiting for it to return - we have shown this in an earlier article .\nWe can globally reconfigure MySQL to write to disk unsafely:\n$ mysql -uroot -p -e \u0026#39;set global innodb_flush_log_at_trx_commit=2\u0026#39; Enter password: $ ./counter.py truncate Table demo truncated. $ ./counter.py setup --size 10 $ time ./counter.py count --id 3 real 0m6.240s user 0m0.126s sys 0m0.032s In this configuration, MySQL will on commit still write the data into the file system buffer cache, but will no longer force the buffer cache to disk, foregoing the disk write and the wait for its completion. The server will flush data to disk in the background in 1s intervals.\nShould the database server process crash, but the server hardware does not, nothing is lost: The file system buffer cache will eventually be written out do disk.\nShould the server hardware crash, up to one second of data is being lost, but the database will still be consistent - just not at the transaction everybody expects.\nRelaxing the disk write constraints speeds up writing considerably, because we no longer have to wait for the slow disk to acknowledge the writes.\nRelaxing the disk write constraints any further does not make things faster, just more dangerous:\n(venv) kris@server:~/Python/mysql$ mysql -uroot -p -e \u0026#39;set global innodb_flush_log_at_trx_commit=0\u0026#39; Enter password: (venv) kris@server:~/Python/mysql$ ./counter.py truncate Table demo truncated. (venv) kris@server:~/Python/mysql$ ./counter.py setup --size 10 (venv) kris@server:~/Python/mysql$ time ./counter.py count --id 3 real 0m6.101s user 0m0.118s sys 0m0.032s In this mode, the database server will not even push data into the file system buffer cache on commit, but only once per second initiate a batch write and fsync. On any crash, up to one second of data will be lost, but at least it will be at a transaction boundary.\nTo make things more interesting, we will now run multiple copies of this programs in various ways.\nIncrementing two counters concurrently, 1000 times each $ ./counter.py truncate Table demo truncated. $ ./counter.py setup --size 10 $ time ./counter.py count --id 3 \u0026amp; time ./counter.py count --id 9 \u0026amp; [1] 728954 [2] 728955 $ real 0m20.450s user 0m0.164s sys 0m0.019s real 0m20.454s user 0m0.131s sys 0m0.056s [1]- Done time ./counter.py count --id 3 [2]+ Done time ./counter.py count --id 9 $ mysql -u kris -pgeheim -e \u0026#39;select * from demo where id in (3, 9)\u0026#39; kris +----+---------+ | id | counter | +----+---------+ | 3 | 1000 | | 9 | 1000 | +----+---------+ We can see the program counted correctly, both counters have the expected target value. We can also see how the program took a lot longer to execute: While we have multiple cores, and are running two copies of Python and two thread in the database concurrently, there is still interference between the two threads, and things are slower (20.4 seconds instead of 14.4 seconds).\nIncrementing the same counter with two processes, 1000 times each $ ./counter.py truncate Table demo truncated. $ ./counter.py setup --size 10 $ time ./counter.py count --id 3 \u0026amp; time ./counter.py count --id 3 \u0026amp; [1] 730874 [2] 730875 $ real 0m25.306s user 0m0.159s sys 0m0.038s real 0m25.311s user 0m0.162s sys 0m0.033s $ mysql -u kris -pgeheim -e \u0026#39;select * from demo where id = 3\u0026#39; kris +----+---------+ | id | counter | +----+---------+ | 3 | 2000 | +----+---------+ What happens here is that we are running two instances of the script concurrently, each of which is incrementing the same row id=3. As updating a row will also exclusively lock it, the second writer has to wait a bit until the first one commits (which will also drop the lock). Then the second writer can get access, and do its thing while the first writer has to wait.\nExecution time goes up further, from 20.4s to 25.3s.\nRead-Modify-Write, gone wrong We can query the database differently, in a two stage process, allowing for more complex updates. Here we read a value from the database into the application (read phase), change it application side (modify phase) and then write the changed value back.\nDoing this is called a read-modify-write cycle.\n@sql.command() @click.option(\u0026#34;--name\u0026#34;, default=\u0026#34;demo\u0026#34;, help=\u0026#34;Table name to count in\u0026#34;) @click.option(\u0026#34;--id\u0026#34;, default=0, help=\u0026#34;Counter to use\u0026#34;) @click.option(\u0026#34;--count\u0026#34;, default=1000, help=\u0026#34;Number of increments\u0026#34;) def rmw_false(name, id, count): \u0026#34;\u0026#34;\u0026#34; Increment counter --id by --count many steps in table --name \u0026#34;\u0026#34;\u0026#34; for i in range(0, count): # read cmd = f\u0026#34;select counter from {name} where id = {id}\u0026#34; c = db.cursor() c.execute(cmd) row = c.fetchone() # modify counter = row[\u0026#34;counter\u0026#34;] +1 # write cmd = f\u0026#34;update {name} set counter = {counter} where id = {id}\u0026#34; c.execute(cmd) db.commit() In this piece of code we again count to 1000, but we are doing it in a three-step process, called a read-modify-write cycle. We also implemented it wrongly for demonstration purposes:\nThe \u0026ldquo;read phase\u0026rdquo; is done with a SELECT statement that retrieves the current counter value from the database.\nThe \u0026ldquo;modify phase\u0026rdquo; increments the counter, application side, in memory. This can in real applications be an arbitrarily complicated process that takes a non-trivial amount of time and maybe even connects to different backend systems and services.\nThe \u0026ldquo;write phase\u0026rdquo; then uses UPDATE to write back the previously read value to the database.\nThere is no error handling, and - for the purposes of demonstration - no locking.\nWe are running this, standalone, and then in multiple copies:\n$ ./counter.py truncate Table demo truncated. $ ./counter.py setup --size 10 $ time ./counter.py rmw-false --id 3 real 0m13.331s user 0m0.207s sys 0m0.106s This is not slower than the single update statement, despite the fact that we have to talk to the database in two round trips instead of one.\nBut, when we are running this twice, we can see that due to the missing locking the results are wrong:\n$ ./counter.py truncate Table demo truncated. $ ./counter.py setup --size 10 $ time ./counter.py rmw-false --id 3 \u0026amp; time ./counter.py rmw-false --id 3 \u0026amp; [1] 1521914 [2] 1521915 $ real 0m13.361s user 0m0.235s sys 0m0.069s real 0m13.362s user 0m0.240s sys 0m0.069s [1]- Done time ./counter.py rmw-false --id 3 [2]+ Done time ./counter.py rmw-false --id 3 $ mysql -u kris -pgeheim -e \u0026#39;select * from demo where id = 3\u0026#39; kris +----+---------+ | id | counter | +----+---------+ | 3 | 1000 | +----+---------+ The way we write this code, we extract the value from the database into the application, getting a value - say 10, and increment that.\nMeanwhile, the other instance also reads the database, and gets the same value, also 10.\nWe increment, and write back the new value, 11. Then the other instance does the same, and also writes back 11. Two increment events in two processes have been executed, but the counter has been incremented effectively only one step, because the rmw-cycles overlapped.\nWe need to lock the row id=3 when we take out the value from the database into the application like we would take out a book from the library. We can give up the lock when we write back and commit. The second process, attempting to take out the same value we just took out, would stall and hang, waiting for the (new) value to become available, and only then can proceed.\nRead-Modify-Write, done right We modify the program to use SELECT ... FOR UPDATE instead of a simple SELECT when taking out the value during the read phase of the rmw operation.\nSELECT ... FOR UPDATE is a read statement, but locks the rows it fetches as if it were a write statement. In doing that, it anticipates the UPDATE operation that is to follow.\nWhat happens is that the SELECT ... FOR UPDATE creates X-locks on at least the rows it returns. An X-lock or exclusive lock is a lock that guarantees that only one thread (us) can access the row while the lock is being held. All other attempts to read that row are stalled and have to wait until the lock is released, at COMMIT.\nOur program now counts correctly. Locks mean waiting, so of course it is slower.\n$ ./counter.py truncate Table demo truncated. $ ./counter.py setup --size 10 $ time ./counter.py rmw-correct --id 3 \u0026amp; time ./counter.py rmw-correct --id 3 \u0026amp; [1] 1523980 [2] 1523981 $ real 0m26.284s user 0m0.293s sys 0m0.097s real 0m26.293s user 0m0.292s sys 0m0.099s [1]- Done time ./counter.py rmw-correct --id 3 [2]+ Done time ./counter.py rmw-correct --id 3 $ mysql -u kris -pgeheim -e \u0026#39;select * from demo where id = 3\u0026#39; kris +----+---------+ | id | counter | +----+---------+ | 3 | 2000 | +----+---------+ And this is what the code looks like:\n@sql.command() @click.option(\u0026#34;--name\u0026#34;, default=\u0026#34;demo\u0026#34;, help=\u0026#34;Table name to count in\u0026#34;) @click.option(\u0026#34;--id\u0026#34;, default=0, help=\u0026#34;Counter to use\u0026#34;) @click.option(\u0026#34;--count\u0026#34;, default=1000, help=\u0026#34;Number of increments\u0026#34;) def rmw_correct(name, id, count): \u0026#34;\u0026#34;\u0026#34; Increment counter using rmw logic \u0026#34;\u0026#34;\u0026#34; for i in range(0, count): # I would rather have a START TRANSACTION READ WRITE # but MySQLdb does not offer this natively. db.begin() # read, with FOR UPDATE cmd = f\u0026#34;select counter from {name} where id = {id} for update\u0026#34; c = db.cursor() c.execute(cmd) row = c.fetchone() # modify counter = row[\u0026#34;counter\u0026#34;] + 1 # write cmd = f\u0026#34;update {name} set counter = {counter} where id = {id}\u0026#34; c.execute(cmd) db.commit() ","date":"2020-07-30T00:00:00Z","href":"https://blog.koehntopp.info/2020/07/30/mysql-transactions---writing-data.html","tags":["lang_en","database","mysql","innodb","erklaerbaer","mysqldev"],"title":"MySQL Transactions - writing data"},{"categories":null,"content":"After having a look how MySQL handles transactions physically , let\u0026rsquo;s have a look at what is going on from a logical point of view.\nWe are using a test table called demo with an id and a counter field, both integer. In it, we have 10 counters, all set to 0.\nCREATE TABLE `demo` ( `id` bigint unsigned NOT NULL AUTO_INCREMENT, `counter` int NOT NULL DEFAULT \u0026#39;0\u0026#39;, UNIQUE KEY `id` (`id`) ) INSERT INTO `demo` VALUES (1,0); INSERT INTO `demo` VALUES (2,0); ... INSERT INTO `demo` VALUES (10,0); In one session, we start a transaction and modify a counter value. We do not commit anything.\nSession1\u0026gt; start transaction read write; Session1\u0026gt; update demo set counter = 10 where id = 3; Isolation In a second session, we check the data and notice a few things:\nSession2\u0026gt; select * from demo; +----+---------+ | id | counter | +----+---------+ | 1 | 0 | | 2 | 0 | | 3 | 0 | | 4 | 0 | ... We do not see the uncommitted changes to row id=3 from Session1. We do not have to wait - the uncommitted change on the row id=3 does not stall us in any way. From the previous article we know that MySQL took the older version of the row and moved it to the Undo-Log. It has to do that in order to still have the data around should we decide to ROLLBACK. The new version of the row in the actual tablespace contains a pointer to the older version of the Row in the Undo-Log.\nWhen looking at the row we see this older version, so something made the database read the current values of the rows 1, 2, 4, and so on from the tablespace, but for the row id=3 sent us to the Undo-Log.\nThis is also a good thing, because we do not have to wait.\nTransaction Isolation Level Read Uncommitted This is what MVCC - Multiversion Concurrency Control - does: It uses the old versions of the row to present us a consistent view of the data, depending on the TRANSACTION ISOLATION LEVEL. This is a thing we can change:\nSession2\u0026gt; set transaction isolation level read uncommitted; Session2\u0026gt; select * from demo; +----+---------+ | id | counter | +----+---------+ | 1 | 0 | | 2 | 0 | | 3 | 10 | | 4 | 0 | So once we SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED, we get to see the value 10 written by Session1, despite the fact that it has never been committed. In fact, if we would ROLLBACK, logically it would never have been there - but still Session2 saw it.\nAt TRANSACTION ISOLATION LEVEL READ UNCOMMITTED we are reading stuff directly from the tablespace file. This can contain data that is not yet committed, and due to ROLLBACK never will be - mere phantasies. The Undo-Log is never consulted.\nTransaction Isolation Level Read Committed If we SET TRANSACTION ISOLATION LEVEL READ COMMITTED with the transaction hanging in Session1 as before , we get to see the counter at row id=3 as before, at 0.\nSession2\u0026gt; set transaction isolation level read committed; Session2\u0026gt; select * from demo; +----+---------+ | id | counter | +----+---------+ | 1 | 0 | | 2 | 0 | | 3 | 0 | | 4 | 0 | That is, at this isolation level we will only see data that has been committed.\nAt TRANSACTION ISOLATION LEVEL READ COMMITTED we are reading stuff from the tablespace file, unless there is an ongoing transaction for a row. In that case, the reader will consult the Undo-Log one level deep and show us the previous, committed version of the data. We never get to see ephemeral data that can be rolled back.\nNow, let\u0026rsquo;s commit that change, and check:\nSession1\u0026gt; commit; Session2\u0026gt; set transaction isolation level read committed; Session2\u0026gt; select * from demo where id = 3; +----+---------+ | id | counter | +----+---------+ | 3 | 10 | +----+---------+ In fact, if we incremented the counter in Session1, we also would see that in Session2:\nSession1\u0026gt; start transaction read write; Session1\u0026gt; update demo set counter = counter + 1; Session1\u0026gt; commit; Session2\u0026gt; set transaction isolation level read committed; Session2\u0026gt; select * from demo where id = 3; +----+---------+ | id | counter | +----+---------+ | 3 | 11 | +----+---------+ At TRANSACTION ISOLATION LEVEL READ COMMITTED, if we read the same row twice, we can see it changing.\nTransaction Isolation Level Repeatable Read The default transaction isolation level in MySQL is SET TRANSACTION ISOLATION LEVEL REPEATABLE READ. If you never change anything, this is what you get.\nIf in Session1 we were to run, this time with autocommit and not inside an explicit transaction:\nSession1\u0026gt; UPDATE demo SET counter=counter+1; Session1\u0026gt; UPDATE demo SET counter=counter+1; Session1\u0026gt; UPDATE demo SET counter=counter+1; Session1\u0026gt; UPDATE demo SET counter=counter+1; and in Session2 checked repeatedly, we would see the counter increment, as before:\nSession2\u0026gt; select * from demo where id =3; +----+---------+ | id | counter | +----+---------+ | 3 | 12 | +----+---------+ Session2\u0026gt; select * from demo where id =3; +----+---------+ | id | counter | +----+---------+ | 3 | 13 | +----+---------+ But, and that is new, we now get to use read only transactions in Session2. And that changes behavior:\nSession2\u0026gt; start transaction read only; Session2\u0026gt; select * from demo where id = 3; +----+---------+ | id | counter | +----+---------+ | 3 | 14 | +----+---------+ Session2\u0026gt; select * from demo where id = 3; +----+---------+ | id | counter | +----+---------+ | 3 | 14 | +----+---------+ Session2\u0026gt; commit; Session2\u0026gt; select * from demo where id = 3; +----+---------+ | id | counter | +----+---------+ | 3 | 16 | +----+---------+ As soon as we START TRANSACTION READ ONLY, in this isolation level, we get a consistent read view. In practice that means that our session is frozen in time and will no longer see changes to this or any other table that have been made after we started the transaction.\nAt TRANSACTION ISOLATION LEVEL REPEATABLE READ we are reading stuff from the tablespace, unless it has been changed after we started our transaction. In that case, the reader will consult the Undo-Log multiple levels deep, in order to present us the newest version of the row that is older than our read-only transaction.\nAs soon as we drop our read-only transaction with commit (nothing changed, so nothing is actually committed) our world jumps forward in time to the present, skipping any intermediate steps.\nRepeatable Read and Long Running Transactions Starting a transaction at the default isolation level will force the Undo-Log Purge Thread to stop at the position of our read view. Undo-Log entries will no longer be purged, filling up and growing the Undo-Log. Reads and Index Lookups become more complicated and slower, slowing down the overall performance of the database.\nIt is a good idea to not have long-running transactions.\nMaintenance Operations such as running mysqldump --single transaction mydatabase to make a logical backup achieve a consistent backup my maintaining a consistent read view by starting a long-running transaction. As the dump of a large database can take some time, it is a good idea to do this at a point in time when the database is not so busy. Specifically where write activity is low. Otherwise, the incoming writes will blow up your Undo-Log by the size of the data load, and make everything slow.\nWhile in theory these two operations - a data load and a backup - can happen concurrently and should not interfere, nothing is for free and the implementation of consistent read views will function better if you do not work against it.\nThe Undo-Log will not shrink, but will be freed internally and re-used, should that space ever be needed. But you will end up, depending on your version of MySQL, with a very large ibdata1 file or very large Undo-Log segment files.\nReading Data without Locks It is also worthwhile to note that all the data reads we have seen so far are free from locking: There are no stalls or lock-waits that can happen in these scenarios.\nThe fact that we have to be able to roll back makes it necessary to make a copy of a row before we modify it and keep it around.\nThe fact that most transactions successfully commit and not roll back suggests that we would do well by putting the new version of the row into place properly and move the old version to a temporary storage, the Undo-Log, before we throw it away by the way of the Purge Thread. That way we keep the tablespace clean and free from outdated, stale versions of rows.\nLooking at all active transactions in the system we can easily determine the lowest, oldest transaction number in the system. By definition nothing else can ever reference any row version even older than that, so these versions are fair game for the Purge Thread.\nBy linking old versions of a row, we get a thread from the current version of the row into the (still visible) past of that row as a linked list.\nBy choosing a transaction isolation level at will, per connection, each connection can at any point in time choose to read the current, the most recently committed or the newest version of the row older than its own (read-only) transaction.\nBy committing, a read-only transaction gives up its version of the past, retiring an older transaction, allowing the Purge Thread to move on and free Undo-Log space.\nAt no point in time a read operation is ever stalled by a writer and forced to wait. There are no write-locks ever stalling a reader. These two operations are completely independent.\nFor writers, this is quite different, and for good reason.\n","date":"2020-07-29T00:00:00Z","href":"https://blog.koehntopp.info/2020/07/29/mysql-transactions-the-logical-view.html","tags":["lang_en","mysql","database","innodb","mysqldev"],"title":"MySQL Transactions - the logical side"},{"categories":null,"content":"MySQL speaks its own proprietary protocol. It cannot be routed by an HTTP proxy, and a MySQL connection is entire unlike an HTTP connection. Specifically, a lot of state and configuration is tied to a MySQL connection, and it cannot be recovered on disconnect.\nWhat state is tied to a connection? Transactions A disconnect implies a ROLLBACK. So if you are in a transaction, all changes to the database that you attempted are lost, rolled back, as if they never happened.\nIt is not enough to retry the last statement, you need to jump back to the beginning of the transaction.\nThis is not unexpected. All transactions can fail, in the middle of a transaction or even on COMMIT (you attempt to COMMIT, but get a ROLLBACK due to a deadlock or a failed transaction certification in Group Replication).\nApplications need to be able to detect that and handle that at any point in time, by retrying the transaction.\nLocks When you disconnect from the database for any reasons, all locks you held at that point in time are being released. This includes all X- and S-Locks in InnoDB, all MyISAM table locks, all ongoing metadata locks and of course also all object-less locks acquired with GET_LOCK().\nThis makes a lot of sense and is a requirement - on disconnect, locks need to be released. Otherwise, you would be constantly cleaning up locks left around after the process died, as if they were Apache Shared Memory Segments and stuff.\nLAST_INSERT_ID In MySQL, we generate sequences implicitly: You write a NULL or 0 to a field which has the auto_increment attribute and get assigned a number. Now you need to know that number, so in a followup statement you are referencing this as the LAST_INSERT_ID().\nThis ID is being cached in your connection, which is lost when you disconnect.\nUsing last_insert_id() looks like this:\nmysql\u0026gt; CREATE TABLE `demo` ( `id` bigint unsigned NOT NULL AUTO_INCREMENT, `data` varbinary(255) NOT NULL, UNIQUE KEY `id` (`id`) ) ENGINE=InnoDB; mysql\u0026gt; insert into demo values (0, \u0026#34;Keks\u0026#34;); mysql\u0026gt; insert into demo values (NULL, \u0026#34;Cookie\u0026#34;); mysql\u0026gt; select id from demo; +----+ | id | +----+ | 1 | | 2 | +----+ mysql\u0026gt; select last_insert_id() as lastid; +--------+ | lastid | +--------+ | 2 | +--------+ After a KILL on the connection, this happens:\n(Admin Connection) mysql\u0026gt; kill 350542; (Client Connection) mysql\u0026gt; select last_insert_id() as lastid; ERROR 2006 (HY000): MySQL server has gone away No connection. Trying to reconnect... Connection id: 350571 Current database: kris +--------+ | lastid | +--------+ | 0 | +--------+ Temporary Tables MySQL has the incredibly broken feature of CREATE TEMPORARY TABLE. These are tables that can shadow tables in the global namespace, have different permissions, and disappear on disconnect. They are also prone to breaking certain modes of replication if there ever is a disconnect in the replication connection while any of these tables is active. And they break snapshots and backup recovery of the database server, for the same reason.\nIn general, the recommendation is to not use the CREATE TEMPORARY TABLE feature at all because of these drawbacks. Create regular tables in a temp schema instead and scope table names with a CONNECTION_ID() instead.\nFor the purposes of this discussion, temporary tables are connection scoped state, and if we used them, we would also lose them on disconnect.\nPrepared statements (and parsed bytecode) In MySQL, it is possible to store code in the database, using stored procedures, stored functions, and other constructs. The language for this is abysmally ugly, and the execution engine is on-par with PHP 3 from 1998, in terms of structure and performance. Parsed stuff is cached per-connection, which makes no sense at all. Also, in general, you do not want to run code on expensive and crowded database CPUs when you can have plenty of cheap and easy to scale CPUs in application nodes.\nIn general, the recommendation is to not use code in the database, if at all possible. For the purposes of this discussion, stored code caches are per-session and are lost on disconnect, but automatically recovered on reconnect (at a performance penalty).\nIn MySQL, many client side Connectors use the SQL Statement PREPARE or a similar API mechanism to prepare a statement for repeated execution. Later, a matching EXECUTE in a loop will bind it to variables and run the SQL. This is usually done more or less transparently by the Protocol Connector your host language uses underneath the database abstraction and ORM interfaces you are using to talk to the database.\nFor the purposes of this discussion it is interesting to know that these prepared statements are part of the connection scoped state and will be lost on disconnect. Depending on how your connector implements this, recovery may be automatically, but usually isn’t in all cases.\nVariables Connections can be associated with variables. Some of these variables are under user control (@-Variables). This is dangerous, deprecated and can break certain modes of replication, but has been done in the past to make TopK queries efficient – use Window Functions from MySQL 8 instead.\nmysql\u0026gt; select id from demo; +----+ | id | +----+ | 1 | | 2 | +----+ mysql\u0026gt; set @count := 100; Query OK, 0 rows affected (0.00 sec) mysql\u0026gt; select @count := @count + 1 as v, id from demo; +------+----+ | v | id | +------+----+ | 101 | 1 | | 102 | 2 | +------+----+ 2 rows in set, 1 warning (0.00 sec) mysql\u0026gt; show warnings; Warning | 1287 | Setting user variables within expressions is deprecated and will be removed in a future release. Consider alternatives: \u0026#39;SET variable=expression, ...\u0026#39;, or \u0026#39;SELECT expression(s) INTO variables(s)\u0026#39;. For the purposes of this discussion, @-Variables are part of connection scoped state and are lost on disconnect.\nSession Variables are configuration that controls the execution of queries. They are sometimes necessary to speed things up, to handle character sets properly, or to nudge the query optimizer into the right direction.\nmysql\u0026gt; SET NAMES utf8mb4; … mysql\u0026gt; SET SESSION optimizer_prune_level = 0; … For the purposes of this discussion, these settings are part of the connection scoped state and are lost on disconnect. On reconnect, you must re-set the connection session level parameters to the desired state. Without this, the session state is identical to the global setup inherited on connect.\nMagic SET commands Old statement based replication had the problem of having to replicate stateful commands such as NOW(), RANDOM(), USER() and similar. When executing a command on the replica, the time would be different, the result of a call to RANDOM() would have a different seed state, and the current user would be the replication user and not the user who issues the original statement.\nMySQL solved that by having a number of Magic SET commands, so that the statement\nSELECT NOW() as now; was being replicated as\nSET TIMESTAMP=... SELECT NOW() as now; and in this set up the NOW() function would not return the current time, but the time previously set with the Magic SET. This is a connection scoped flag, and it is lost on disconnect. If you use Magic SET commands, they are lost and need to be re-set on reconnect.\nTL;DR MySQL\u0026rsquo;s connections carry a lot of state, all of which is lost on disconnect. It is therefore completely impossible to transparently reconnect to a MySQL server in the Protocol Connector, a Proxy or other lower layers in the stack. The application needs to take notice and handle reconnects properly, recreating the required state for the application to function. It then needs to restart the transaction, not the last statement. The database server you reconnect to may be a different from the one you were connected to before, even if it has the same name – the DNS may have changed due to a failover being the reason for a disconnect. You need to re-resolve the hostname and be prepared to get a different IP number. Transactions can fail. Commits can fail. Deadlocks and Group Replication verification can cause this. You must not rely on SQL statements being successful, including the COMMIT statement, and you need to be able to detect such failures and restart transactions. This is possible even without a disconnect. ","date":"2020-07-28T00:00:00Z","href":"https://blog.koehntopp.info/2020/07/28/mysql-connection-scoped-state.html","tags":["erklaerbaer","database","mysql","mysqldev","lang_en"],"title":"MySQL Connection Scoped State"},{"categories":null,"content":"When writing data to disk, for small transactions the cost of writing the commit out do disk dominates the execution time of the script. In order to show that, I wrote a little Python script.\nThe script creates a test table in a database and writes 10.000 rows of test data into it, in commit sizes of 1, 2, 4, \u0026hellip;, 1024 rows.\n$ ./mysql.py --help Usage: mysql.py [OPTIONS] COMMAND [ARGS]... Test commit sizes. Options: --help Show this message and exit. Commands: create Create the demo table empty. drop Drop the demo table fill Write test records into the demo table. truncate Truncate the demo table. There is a small driver script to run the test. The driver creates the table, truncates it and will then run the fill command of the script over and over again, with growing commit-sizes. All powers of 2 from 0 to 10 are being tried with 10.000 rows of test data.\nThe test system has a very old SSD (Crucial M4-CT512M4SSD2) as a data directory.\n$ cat driver.sh #! /bin/bash -- ./mysql.py drop ./mysql.py create for i in {0..10} do csize=$((2 ** $i)) ./mysql.py truncate echo \u0026#34;./mysql.py fill --size=10000 --commit-size=$csize\u0026#34; time ./mysql.py fill --size=10000 --commit-size=$csize done The result of the test run is as follows shown, and since at point 10.000 rows were not enough, I later added a second test run with 100.000 rows and step sizes of 5..14 (32 rows to 16384 rows).\nScript runtime as a function of commit batch size. x-Axis is logarithmic, y-axis is linear.\nTxn Sz Runtime Rows/s Runtime Rows/s 0 127 78 1 68.7 145 2 38.4 260 3 20.93 477 4 12.03 831 5 7.04 1420 71.01 1409 6 4.38 2283 46.40 2156 7 2.92 3412 30.13 3319 8 2.24 4464 20.94 4776 9 1.77 5649 17.51 5712 10 1.58 6329 15.35 6515 11 14.16 7063 12 13.63 7337 13 13.59 7359 14 13.26 7542 Raw data from the test runs.\nWe observe: Going from single row commits to 16 row commits, we get a 10-fold speed increase, and going to 1024 row commits, we are seeing another factor of 10. After that, there is hardly any improvement for our chosen record size and hardware.\nTL;DR A transaction size of 1000 rows or larger does not seem to improve write speed (i.e. in a data load).\nFrom 1 row/commit to 16 rows/commit, we see an increase of an order of magnitude, and another order of magnitude can be had by going from 16 rows/commit to 1024 rows/commit.\nThe script $ cat requirements.txt click mysqlclient $ python3 -mvenv venv $ source venv/bin/activate (venv) $ pip install --upgrade pip ... (venv) $ pip install wheel ... (venv) $ pip install -r requirements.txt ... (venv) $ pip freeze -r requirements.txt \u0026gt; requirements-frozen.txt and\n#! /usr/bin/env python3 import sys import random import string import click import MySQLdb import MySQLdb.cursors from pprint import pprint db_config = dict( host=\u0026#34;localhost\u0026#34;, user=\u0026#34;kris\u0026#34;, passwd=\u0026#34;geheim\u0026#34;, db=\u0026#34;kris\u0026#34;, cursorclass=MySQLdb.cursors.DictCursor, ) sql_drop_table = \u0026#34;drop table %s\u0026#34; sql_create_table = \u0026#34;\u0026#34;\u0026#34;create table %s ( id serial, data varbinary(255) not null )\u0026#34;\u0026#34;\u0026#34; sql_truncate_table = \u0026#34;truncate table %s\u0026#34; sql_insert_into = \u0026#39;insert into %s ( id, data) values ( %d, \u0026#34;%s\u0026#34; )\u0026#39; db = MySQLdb.connect(**db_config) @click.group(help=\u0026#34;Test commit sizes.\u0026#34;) def sql(): pass @sql.command() @click.option(\u0026#34;--name\u0026#34;, default=\u0026#34;demo\u0026#34;, help=\u0026#34;Table name to drop\u0026#34;) def drop(name): \u0026#34;\u0026#34;\u0026#34; Drop the demo table \u0026#34;\u0026#34;\u0026#34; cmd = sql_drop_table % name try: c = db.cursor() c.execute(cmd) click.echo(f\u0026#39;Table \u0026#34;{name}\u0026#34; dropped.\u0026#39;) except MySQLdb.OperationalError as e: click.echo(f\u0026#39;Table \u0026#34;{name}\u0026#34; did not exist.\u0026#39;) @sql.command() @click.option(\u0026#34;--name\u0026#34;, default=\u0026#34;demo\u0026#34;, help=\u0026#34;Table name to create\u0026#34;) def create(name): \u0026#34;\u0026#34;\u0026#34; Create the demo table empty. \u0026#34;\u0026#34;\u0026#34; cmd = sql_create_table % name try: c = db.cursor() c.execute(cmd) click.echo(f\u0026#39;Table \u0026#34;{name}\u0026#34; created.\u0026#39;) except MySQLdb.OperationalError as e: click.echo(f\u0026#39;Table \u0026#34;{name}\u0026#34; did already exist\u0026#39;) @sql.command() @click.option(\u0026#34;--name\u0026#34;, default=\u0026#34;demo\u0026#34;, help=\u0026#34;Table name to insert into\u0026#34;) @click.option(\u0026#34;--size\u0026#34;, default=1000000, help=\u0026#34;Number of rows to create in total\u0026#34;) @click.option(\u0026#34;--commit-size\u0026#34;, default=1000, help=\u0026#34;Commit batch size\u0026#34;) @click.option(\u0026#34;--verbose/--no-verbose\u0026#34;, default=False, help=\u0026#34;Log each commit?\u0026#34;) def fill(name, size, commit_size, verbose): \u0026#34;\u0026#34;\u0026#34; Write test records into the demo table. \u0026#34;\u0026#34;\u0026#34; for i in range(0, size): str = \u0026#34;\u0026#34;.join( random.choice(string.ascii_uppercase + string.digits) for _ in range(20) ) cmd = sql_insert_into % (name, i + 1, str) c = db.cursor() try: c.execute(cmd) except MySQLdb.Error as e: click.echo(f\u0026#34;MySQL Error: {e}\u0026#34;) sys.exit() if i % commit_size == 0: if verbose: print(f\u0026#34;Commit at {i}...\u0026#34;) db.commit() db.commit() @sql.command() @click.option(\u0026#34;--name\u0026#34;, default=\u0026#34;demo\u0026#34;, help=\u0026#34;Table name to truncate here\u0026#34;) def truncate(name): \u0026#34;\u0026#34;\u0026#34; Truncate the demo table. \u0026#34;\u0026#34;\u0026#34; cmd = sql_truncate_table % name try: c = db.cursor() c.execute(cmd) click.echo(f\u0026#39;Table \u0026#34;{name}\u0026#34; truncated.\u0026#39;) except MySQL.OperationalError as e: click.echo(f\u0026#39;Table \u0026#34;{name}\u0026#34; does not exist.\u0026#39;) sql() ","date":"2020-07-27T00:00:00Z","href":"https://blog.koehntopp.info/2020/07/27/mysql-commit-size-and-speed.html","tags":["lang_en","database","mysql","innodb","erklaerbaer","mysqldev"],"title":"MySQL Commit Size and Speed"},{"categories":null,"content":"So you talk to a database, doing transactions. What happens actually, behind the scenes? Let’s have a look.\nThere is a test table, and we write data into it inside a transaction:\nCREATE TABLE t ( id serial, data varbinary(255) ) START TRANSACTION READ WRITE INSERT INTO t ( id, data ) VALUES (NULL, RANDOM_BYTES(255)) COMMIT The MySQL test instance we are talking to is running on a Linux machine, and otherwise idle to make observation easier. Also, we configured it with innodb_use_native_aio = false because observing actual physical asynchronous I/O and attributing it to the statement that caused it is really hard.\nSetting things up this way, we can use lsof and strace to see things. But before we do this, let’s set some expectations and establish some background knowledge.\nThe Log/Data Memory/Storage quadrants Upper half: Log structures, Lower half: Data structures. Left half: Memory, Right Half: On Disk.\nThe diagram above is older than time itself, but it still is structurally true. It shows the data structures involved in writing data to disk when talking about the InnoDB storage engine that we use in MySQL almost exclusively.\nInnoDB is a MVCC engine, that is, it uses Multi Value Concurrency Control. What that means exactly is a topic for another article, but in this case it means that for each record multiple versions can exist, and different threads and connections can see different versions of the data in a controlled fashion.\nThe diagram has four quadrants:\nThe upper half talks about log structures, the lower half about data structures. Things on the upper half are in some Log: The Redo-Log, the Undo-Log or the Double Write Buffer. Things on the lower half are in some tablespace file, so some .ibd file on disk. The left half is about things in memory, not persisted. The right half is about things on disk, stored persistently. If you kill a machine by pulling a plug, things on the right half survive, and things on the left half are lost. There is also the binlog, which is used in replication and restore, but it is not in this picture.\nStarting a transaction When you START TRANSACTION READ WRITE, the database takes note of the current transaction number. It does not do much else until you actually write things.\nThere are other ways to start a transaction: BEGIN, BEGIN WORK, SET autocommit are some ways to do it, but they are not recommended. That is, because they do not carry an explicit write concern and that creates all kind of problems with a MySQL proxy in the chain.\nA proxy needs to route an incoming connection to a target database host when the transaction starts. But if that is a read-only transaction that can be satisfied by a replica, or a read-write transaction that can only be satisfied by a primary, is unclear until the first write statement appears. This statement appears maybe even some statements deep inside a transaction, but in any case after the start - and then it is too late to change things.\nMySQL proxies therefore route transaction starts preemptively to a primary, unless the read-only intent is made clear in the statement that starts the transaction explicitly.\nOnly START TRANSACTION can do this.\nUsing Data Modification Language The next statement then can write data to the database:\nINSERT INTO t ( id, data) VALUES ( NULL, RANDOM_BYTES(255)) is such a statement. It writes a NULL to an auto_increment field to get a new counter value, and then generates 255 random bytes of data to be written.\nThe transaction is being built up in memory, in the top left quadrant: A log buffer is being allocated and filled with data, step by step, until the log buffer overflows or the transaction commits.\nA second thing happens simultaneously: The data being “overwritten” needs to be saved in order to have it around for rollback - this is more true of an UPDATE or DELETE than an INSERT statement, though.\nSo the data page where this record is located is loaded from a data file (lower right quadrant) into memory (lower left quadrant), into the InnoDB Buffer Pool. That is an userspace data cache owned by the database process. It is the primary reason for the database process using a lot of memory.\nThe row being “overwritten” is then being moved out of the table, and moved into the Undo-Log. This is purely an in-memory operation, copying data from one page to another. A linked list is being built from the new, current version of the row to this older previous version of the row. This linked list can be long, pointing from the current version of the row to ever older version of that row in the Undo-Log. Following the list you get to see the past versions of this row, one by one.\nIf we were to ROLLBACK the transaction now, MySQL would move the data back from the Undo-Log page into the Tablespace page. This is a comparatively slow operation - MySQL is set up and optimized for transactions being COMMIT’ed instead of rolled back most of the time.\nCommitting Finally, we finish the transaction and tell the database this using\nCOMMIT On commit, the log buffer is being written to disk, as a kind of binary diff to the original unchanged database from the table space. The Undo-Log space could be freed at this point, from the point of view of this transaction, because once committed, it can no longer be changed except by a second transaction.\nThere are other connections, and other transactions in the system that could still make use of this data, and they can prevent the Undo-Log entry from being purged. More about that another time, when we look at transactions from a logical point of view and talk about isolation levels.\nWhen we write the Log Buffer out, we write it to the Redo-Log. The Redo-Log is an on-disk structure, usually taking the form of two files. They are the very first thing a MySQL install creates, so if you install MySQL with the data directory being a new and empty disk, the first two files being created are the two ib_logfile* structures. This ensures they are fixed size, immovable ring buffers that are physically not fragmented. They are linear blocks on disk. Writes to the Redo-Log are fast, sequential writes, even on rotating hard disks.\nAfter that, we are done - the transaction is committed to stable storage and can no longer be lost. The application can move on.\nAfter committing: Checkpointing But wait! Isn’t the .ibd tablespace file changed? What about purging the Redo-Log? How long can this go on?\nWe are constantly creating InnoDB Buffer Pool pages that are different from their original image on disk in the tablespace files. These pages are called dirty, and eventually they need to be written back.\nWe are also constantly filling the Redo-Log files, but they are a ring structure with a finite amount of space, and we need to eventually purge the Redo-Log and free up space there.\nAnd there may be lulls in the application activity that allow the database to do stuff when it feels idle.\nThat are three good reasons to actually write dirty InnoDB Buffer Pool pages back to the tablespaces. This is called checkpointing, and it will eventually happen, but hopefully much later than the actual commit.\nIn checkpointing, we select the oldest entries from the Redo-Log, determine which pages in the Buffer Pool they relate to, and then choose these pages for write-back. When this is complete, the on-disk image and the in-memory image are equal, the pages are clean and the Redo-Log entries are no longer needed and can be overwritten.\nPages are larger than disk blocks: They are usually 16 KB in size, and disk blocks are traditionally 512 Byte large, and these days 4 KB in size. Enterprise media (HDD, SSD and so on) usually guarantee atomic writes to a block, even in the face of power failure - so there won’t ever be half-written 512 Byte blocks or 4K pages.\nBut that is not good enough for us. If the power was to fail in the write-back of a page, we would get back a half-written page, and we would not even know where the cutoff is. This is called a torn page scenario and in order to prevent it, we write the set of pages out as a large block to a staging area called the Double Write Buffer first. So there will be a large 1 MB write to the DWB first, and then a set of 16 KB writes to the actual tablespace locations.\nAfter writing out the set of dirty pages, we can mark the Redo-Log space as free again and also mark the pages in memory as clean.\nRecovery If we fail the database before committing, that’s ok. The application has not issued a commit statement, we did not acknowledge the commit, so no contract, and it is totally the obligation of the application to handle this situation.\nIf we fail the database after committing, the data is in the Redo-Log. On Recovery, we load the unaltered image of the page from the tablespace, load the binary diff from the Redo-Log and have recreated the dirty page in memory. Eventually, it will be witten out in a Checkpoint.\nIf we fail the database during checkpointing while writing to the Double Write Buffer, we still have the unaltered image of the page in the table space, and the Redo-Log entry, so it is as before.\nIf we fail the database during checkpointing while writing to the tablespace, creating torn pages, in recovery we can read the pages from the DWB and move them into place, then move on.\nThere is never any data loss – unless there is a loss of the media the data was on, and it is the job of MySQL replication or of a simple RAID to protect us from that.\nProof and Observation Let’s have a quiet instance of a local MySQL with AIO off, as described above, and check the file handles for a later strace:\n# lsof -p 29169 … mysqld 29169 mysql 3uW REG 253,0 536870912 68238213 /var/lib/mysql/ib_logfile0 mysqld 29169 mysql 4uW REG 253,0 864026624 178570 /var/lib/mysql/kris/t.ibd … mysqld 29169 mysql 9uW REG 253,0 536870912 68238220 /var/lib/mysql/ib_logfile1 mysqld 29169 mysql 10uW REG 253,0 415236096 68239130 /var/lib/mysql/ibdata1 mysqld 29169 mysql 11uW REG 253,0 12582912 68238214 /var/lib/mysql/ibtmp1 … We are using a database kris with a test table t. The file handles that are relevant for observation are 4 for the ibd file, 3 and 9 for the logfiles and 10 for the ibdata1, which would also be the location of the Double Write Buffer.\nWe can see the command coming in:\n[pid 29441] recvfrom(39, \u0026#34;\\3insert into t values(NULL, rand\u0026#34;..., 46, MSG_DONTWAIT, NULL, NULL) = 46 The database now requires some randomness:\n[pid 29441] openat(AT_FDCWD, \u0026#34;/dev/urandom\u0026#34;, O_RDONLY) = 42 [pid 29441] read(42, \u0026#34;\\207H\\241\\254O\\317\\10\\fk\\3447\\201\\277\\267\\223,Oi\\202\\272\\222\\16(\\210\\333\\300\u0026#39;\u0026amp;\\302g!\u0026amp;\u0026#34;, 32) = 32 [pid 29441] close(42) = 0 We observe some action on the table metadata and then the log write from the commit:\n[pid 29441] pread64(10, \u0026#34;H\\252\\364\\35\\0\\0\\1\\255\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0,\\346\\365\\0\\2\\0\\0\\0\\0\\0\\0\u0026#34;..., 16384, 7028736) = 16384 [pid 29441] pwrite64(3, \u0026#34;\\200\\201\\23D\\2\\0\\0\\30\\0\\0\\38bd\\08\\0\\0\\0\\1\\0!\\257\\23\\267\u0026gt;\\0\\0\\r./k\u0026#34;..., 1024, 34426368) = 1024 [pid 29441] fsync(3) = 0 This is the only fsync that contributed to commit-Latency. The changed data is now persisted to disk, and can be reconstructed using the unmodified page from the tablespace and the change information from the redo-log during recovery.\nThe modified page is still in memory, though, and in order to reclaim redo-log space, needs to be eventually written back in a Checkpoint.\nThis happens later, and with many more fsync operations. It does happen in batch, for many commits and multiple pages, normally, but in our easily traceable test setup, it’s looking like a lot of overhead.\nDuring normal operations, a page is often modified in multiple commits over a short amount of time. Each of these commits is a separate redo-log fsync (it\u0026rsquo;s not, there are some ways to cheat a bit). But in the Buffer Pool, on the file side of things, all these changes are being accumulated on the dirty in-memory page, and get persisted into the tablespace in a single checkpoint write. In fact, while there could be thousands of changes to in-memory pages per second, given a liberal amount of memory checkpoints can be spaced minutes apart.\nAlso, during checkpointing, one Double Write Buffer worth of pages gets written out in a single sync operation, so we do see a far better page/sync and MB/sync ratio than in this test setup.\nAnyway, this is what checkpointing to the Double Write Buffer, at offset 1M in the ibdata looks like:\n[pid 29181] pwrite64(10, \u0026#34;\\234\\v\\217Y\\0\\0\\1\\255\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\1\\2\u0026amp;\\211\\225\\0\\2\\0\\0\\0\\0\\0\\0\u0026#34;..., 32768, 1048576) = 32768 [pid 29181] fsync(10) = 0 And there follows again an update of the metadata, and the write back to the actual tablespace:\n[pid 29179] pwrite64(10, \u0026#34;\\234\\v\\217Y\\0\\0\\1\\255\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\1\\2\u0026amp;\\211\\225\\0\\2\\0\\0\\0\\0\\0\\0\u0026#34;..., 16384, 7028736) = 16384 [pid 29179] pwrite64(4, \u0026#34;.KT\\0\\0\\0d\\225\\0\\0d\\224\\377\\377\\377\\377\\0\\0\\0\\1\\2\u0026amp;\\211\\216E\\277\\0\\0\\0\\0\\0\\0\u0026#34;..., 16384, 421871616) = 16384 [pid 29179] fsync(4) = 0 [pid 29179] fsync(10) = 0 After this, the Redo-Log is no longer needed, and we can take note of this:\n[pid 29187] pwrite64(3, \u0026#34;\\200\\201\\23E\\1\\271\\0\u0026amp;\\0\\0\\39\\22\\2\\0\\201\\255\\0(\\201\\20\\2\\0\\201\\255\\0\\*\\201\\20\\2\\0\\201\u0026#34;..., 512, 34426880) = 512 [pid 29187] fsync(3) = 0 Writing really a lot of data When you write (or delete) a lot of data, things are getting a bit complicated. Also, when you have really long-running transactions, things can get complicated. Let’s go through a few scenarios:\nData Loading An application is performing an initial data load, and reading the equivalent of 100 GB of data one-table-at-a-time in a single commit.\nTransactions are large here, larger than a log buffer in memory can hold. In this case, we write log buffers out prematurely to the Redo-Log, but without a commit flag at the end. If this crashed before the final commit, we would recover all of this from the Redo-Log, then encounter the end of the log without a commit and enter a monstrous Rollback. In the past that was hideously slow, these days it is just slow.\nMoral: Really large transactions are less than ideal, but this is rare. Still once upon a time, I have been paid, as a MySQL consultant, to watch a 2h Rollback/Undo-Log recovery.\nLoading a lot of data will fill up the Redo-Log quickly, or it will dirty a large number of pages. Eventually the system will run out of either clean page or Redo-Log space, and will feel what we call Checkpointing Pressure. If the Checkpointing Pressure becomes too large, it may even stall, not reacting to user commands for some time.\nA system that is consistently seeing a lot of writes can profit from a large Redo-Log, and that is a thing that can be configured.\nData Deletion Deletion of data is also a write and copy operation: It could be rolled back until it is committed, so on delete data is actually pushed to the Undo-Log. Depending on how things are organized, it can also trigger a lot of reorganisation of the Index Trees and other operations.\nIf you want to delete all data, TRUNCATE is better than DELETE, because it does not cause these things.\nIf you want to structure data with regular expirations, have a look at table partitioning and use dynamic DDL to create and drop partitions on a schedule instead of deleting data. This implies a temporal arrangement of the data, so a date or time is becoming part of the primary key.\nLong-running transactions Until you commit, you could roll back. That means the previous version of the row is being held in the Undo-Log. In fact, Undo-Log purge is a simplistic single threaded thing, so what happens in reality is that the system looks at all active transactions in the system and determines the oldest transaction number in the system that is still active.\nIt then deletes all Undo-Log even older than this, but no more.\nSo if you\nSTART TRANSACTION READ WRITE INSERT INTO t (id, data) VALUES (NULL, RANDOM_BYTES(255)) and then go to lunch, purging of the Undo-Log stops until this transaction vanishes by ROLLBACK (or disconnect or timeout) or COMMIT. The database will slow down a lot until it becomes barely usable.\nAs we build Undo-Log, the database slows down. A lot. We kill the connection, the offender returns, and things slow down again, until the root cause is removed.\nI am mentioning this specifically as being problematic, because it happened. With somebody going to lunch after using a Cron Box for interactive data poking, and again in a similar way with Hadoop Data Loaders taking a long, long time to Hadoop Data Load.\nDon’t do this. Don’t do this on a box that is seeing any kind of shared usage, especially.\nTL;DR MySQL takes great care when writing data to disk: As long as the physical media is undamaged, it will not lose data. You can pull the power cable, switch off the server, kill -9 the mysqld process, it matters not: When we return from a COMMIT, we have a valid copy of the data, or we have a bug.\nThe cost for a COMMIT is a single fsync. You decide how many rows go into that single fsync, and we recommend you be somewhat economical (1k-10k rows are ideal from a performance PoV).\nWriting the actual data out to disk later in the checkpoint is many more operations and fsync, but you will not notice that in your application unless you really write a lot of data, fast. In this case, some tuning is required.\n","date":"2020-07-27T00:00:00Z","href":"https://blog.koehntopp.info/2020/07/27/mysql-transactions.html","tags":["lang_en","mysqldev","mysql","database","innodb","erklaerbaer"],"title":"MySQL Transactions - the physical side"},{"categories":null,"content":"So I am a Windows User now. I have an old MacBook pro, Late-2013 13\u0026quot; Retina, i7, 16 GB, 1 TB SSD, and the battery is done now, after 7 years. Also, the hardware is aging, and I want it refurbished and upgrade the son\u0026rsquo;s equipment (which is the previous 2010 MBP I had at that time).\nModern Apple is not my thing. I have a company MBP, 2018 Retina 13\u0026quot; Four-Port, i7, 16 GB, and everything about this device is wrong. I cannot for the life of me type on this keyboard, I accidentally hit functions on the touchbar, and the trackpad is so large that I put my hands on it when I don\u0026rsquo;t want to. Also, I had to disable the force-touch functionality because otherwise I would open files instead of selecting them. I have to charge it from the right hand side USB-C connector, because otherwise it would get hot and throttle.\nWith this in mind, and the announcement from Apple to move to ARM CPUs plus nailing the device cryptographically shut so that you can\u0026rsquo;t boot other operating systems any more, it was time to move away from MacOS.\nI knew I wanted a device with Touchscreen, a 2-in-1 or detachable, and I have been looking at a number of devices. The Surface Book 3 was my favorite, because you can detach the screen and use it as a tablet, plus it is available with a discrete NVidia graphics card in the keyboard base if you buy the right model. The various Lenovo Yoga variants looked well made and pretty, too.\nWhat is in the box? Machine, USB-C Dongle (HDMI, VGA, USB-A 3.0), Power Supply\nIn the end, I chose a Lenovo Yoga C940, i7, 16GB, 1 TB with a NVidia 1650. This came in around 1000 Euro cheaper than the Surface Book 3, which I fully intend to spend on a monitor/docking station. The machine has a 4K touchscreen display (3840 × 2160), a keyboard I can handle, an okay sized touchpad und an awesome (and way too powerful) sound system. The screen is technically glossy, but I seem to be able to work with it just fine.\nThe machine came with an older version of Windows 10, which patched and upgraded itself to Build 2004 after an initial configuration. I then went on to upgrade WSL to WSL 2, and started using the Ubuntu 20.04 environment provided by the Microsoft Store.\nThis version of WSL 2 does not yet support graphical applications, so I proceeded with installation of VMware workstation as well. I tried VirtualBox, but all installation attempts of an Ubuntu 20.04 image crashed during installation. VMware Workstation went through at the first attempt and with way less hassle - not unexpected. I have been using VMware Fusion at all times of my Mac carrer in the last 15 years, and it\u0026rsquo;s primary hallmark was \u0026ldquo;It just works, and actually performs quite well\u0026rdquo;, and VMware workstation just did the same.\nI am now in the process of moving all basic applications to Windows, which after 15 years of Mac is quite an adjustment. But at least the communication side of things is somewhat covered: Signal, WhatsApp, Skype (Yes, for Oma), Slack, Discord and Twitter Apps are no problem at all. For email, I had to look around a bit, but I found eM Client to be quite good.\nAs a replacement for ReadKit, I need something that can handle around 500 RSS feeds efficiently and ideally synchronizes with a service like Newsblur (or The Old Reader or Feedly), because I also read my RSS on the Cellphone and GrazeTen for Android can sync with these 3 services. What I found to be tolerable seems to be QuiteRSS, but that does not seem to be able to sync at all.\nSince I am over 50, I decided to be less of a speaker and instead encourage others to speak more, hence my need for Office programs can actually be completely covered by Google Office just fine, and LibreOffice seems to work tolerably well, too. Converting all my Keynote Files into Powerpoint/PDF/Slideshare is unfinished, though.\nI am using Gimp and OmniGraffle on the Mac. Gimp is not hard to get, but outside of Visio an OmniGraffle-Replacement seems to be absent.\nIn general, the Windows Store seems to be a total loss. It is a source of updates for some onboard applications, so cannot be gotten rid of, but the so called \u0026ldquo;modern Windows\u0026rdquo; applications provided there are usually unmaintained, badly formatted and somewhat broken. In general, it seems that the market share of Windows in terms of licenses sold does in no way reflect the market share of Windows in terms of Developer mindshare, at least judging by the state of the Windows Store.\nOn the other hand, working with this piece of hardware and with Windows 10 when it is able to forget it\u0026rsquo;s legacy is a breeze. It\u0026rsquo;s when the varnish wears off and the old XP rears it\u0026rsquo;s head that things get nasty, touch-unfriendly or generally needlessly complicated.\nPython, git and other things are available natively and in WSL just fine, I have PyCharm, Sublime and VScode, and they just work. I got Hugo and Jekyll running in WSL, too. So that part of the system is covered just fine.\n5 seconds to the logo, 15 seconds until ready, from a complete cold start\nAnd it\u0026rsquo;s fast. I am not speaking just about 12 threads on a NVME disk, I am also speaking about a system that cold-boots faster than a Mac wakes up from deep sleep, and about a graphic subsystem that can handle \u0026ldquo;Assassins Creed: Origins\u0026rdquo; in HD at \u0026ldquo;High\u0026rdquo; with absolutely playable framerates, and that actually manages to drive a Rift S in Elite: Dangerous pretty ok.\nWe will see how long it will take me to really convert all the ways I work\u0026hellip;\n","date":"2020-07-07T00:00:00Z","href":"https://blog.koehntopp.info/2020/07/07/so-i-am-a-windows-user-now.html","tags":["lang_en","windows","macos","apple"],"title":"So I am a Windows User now"},{"categories":null,"content":"Because Martin wanted some starting point, here is how I set up my Python. There are a lot of other things one can do, but this is supposed to be just a starting point.\nFor a new project, make a project directory, usually not with a local git repository.\nkk:Python kris$ mkdir project kk:Python kris$ cd project kk:project kris$ git init Initialized empty Git repository in /Users/kris/Python/project/.git/ We need a virtual environment to keep our modules apart from the system python.\nkk:project kris$ python3 -m venv ~/.venv/project In my case, I have a bash PROMPT_COMMAND installed that automatically activates the venv when I enter a directory. From the .bashrc, some highly insecure code:\nautoenv() { if [ -f ./.venv ]; then nv=$(cat ./.venv) if [ -f \u0026#34;$nv/bin/activate\u0026#34; ]; then if [ \u0026#34;$VIRTUAL_ENV\u0026#34; != \u0026#34;$nv\u0026#34; ]; then source $nv/bin/activate fi fi fi } PROMPT_COMMAND=autoenv And then:\nkk:project kris$ echo /Users/kris/.venv/project \u0026gt; .venv (project) kk:project kris$ As can be seen from the prompt, the venv already active. Usually, after install the pip is outdated.\n(project) kk:project kris$ pip install --upgrade pip ... Successfully installed pip-20.1.1 We also need wheel for C-Language Extensions, and black, mypy and pre-commit.\n(project) kk:project kris$ pip install wheel ... Successfully installed wheel-0.34.2 (project) kk:project kris$ pip install black mypy pre-commit ... Installing collected packages: click, attrs, pathspec, regex, toml, appdirs, typed-ast, black, mypy-extensions, typing-extensions, mypy, cfgv, filelock, six, zipp, importlib-metadata, distlib, virtualenv, nodeenv, pyyaml, identify, pre-commit Successfully installed appdirs-1.4.4 attrs-19.3.0 black-19.10b0 cfgv-3.1.0 click-7.1.2 distlib-0.3.1 filelock-3.0.12 identify-1.4.20 importlib-metadata-1.7.0 mypy-0.782 mypy-extensions-0.4.3 nodeenv-1.4.0 pathspec-0.8.0 pre-commit-2.5.1 pyyaml-5.3.1 regex-2020.6.8 six-1.15.0 toml-0.10.1 typed-ast-1.4.1 typing-extensions-3.7.4.2 virtualenv-20.0.25 zipp-3.1.0 The last three collect a large number of additional dev-dependencies.\nWe then need to set-up the pre-commit environment:\n(project) kk:project kris$ cat .pre-commit-config.yaml repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v2.3.0 hooks: - id: check-yaml - id: end-of-file-fixer - id: trailing-whitespace - repo: https://github.com/psf/black rev: \u0026#39;\u0026#39; hooks: - id: black - repo: https://github.com/pre-commit/mirrors-mypy rev: \u0026#39;\u0026#39; hooks: - id: mypy additional_dependencies: [ ] (project) kk:project kris$ pre-commit install pre-commit installed at .git/hooks/pre-commit Pre-commit is running mypy and black, but in a separate environment, so it will be installed again, elsewhere, and we will also need to declare our mypy dependencies here again, unfortunately.\nOn the other hand, all our Python will be type-checked and blacken\u0026rsquo;ed automatically on commit.\n(project) kk:project kris$ cat probe.py #! /usr/bin/env python import sys print(f\u0026#34;{sys.version}\u0026#34;) And here we go:\n(project) kk:project kris$ git add probe.py (project) kk:project kris$ git commit -m \u0026#39;testing\u0026#39; Check Yaml...........................................(no files to check)Skipped Fix End of Files.........................................................Passed Trim Trailing Whitespace.................................................Passed black....................................................................Passed mypy.....................................................................Passed [master (root-commit) c7734e4] testing 1 file changed, 5 insertions(+) create mode 100755 probe.py Now, I usually collect additional project dependencies in requirements.txt and freeze them into requirements-frozen.txt for deployment into a Python Container.\nFor example, in one project:\n(bridge) kk:bridge kris$ cat requirements.txt paho-mqtt influxdb (bridge) kk:bridge kris$ cat requirements-frozen.txt paho-mqtt==1.5.0 influxdb==5.3.0 ## The following requirements were added by pip freeze: certifi==2020.4.5.1 chardet==3.0.4 idna==2.9 msgpack==0.6.1 python-dateutil==2.8.1 pytz==2020.1 requests==2.23.0 six==1.15.0 urllib3==1.25.9 (bridge) kk:bridge kris$ cat Dockerfile FROM python:3.8-alpine LABEL maintainer=\u0026#34;isotopp\u0026#34; \\ description=\u0026#34;MQTT to InfluxDB Bridge\u0026#34; COPY requirements-frozen.txt /tmp/requirements.txt RUN pip install -r /tmp/requirements.txt COPY . /app WORKDIR /app CMD [ \u0026#34;python3\u0026#34;, \u0026#34;-u\u0026#34;, \u0026#34;bridge.py\u0026#34; ] This is part of a larger deployment in a docker-compose.yml then:\n--- version: \u0026#34;3\u0026#34; services: ... bridge: build: \u0026#34;./bridge\u0026#34; image: \u0026#34;isotopp/mqttbridge\u0026#34; container_name: \u0026#34;mqttbridge\u0026#34; hostname: \u0026#34;mqttbridge\u0026#34; user: \u0026#34;1000\u0026#34; depends_on: - \u0026#34;influxdb\u0026#34; - \u0026#34;mosquitto\u0026#34; restart: \u0026#34;always\u0026#34; ... ","date":"2020-06-29T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/29/how-i-set-up-my-python.html","tags":["lang_en","python","development"],"title":"How I set up my Python"},{"categories":null,"content":"Da war also ein Artikel bei Golem: Schulen bemühen sich vergeblich um Geld aus dem Digitalpakt .\nDie Schulen wollten das Geld nutzen, die Mittel würden aber trotz vieler Einreichungen nicht freigegeben, sagte ein Lehrer und IT-Verantwortlicher eines Berliner Gymnasiums Golem.de.\nDas liege daran, sagt der Artikel, daß für Mittel aus dem Digitalpakt eine Minimal-Ausstattung und Anbindung der Schulen gefordert ist, die so oft nicht realisierbar sei. Außerdem\nAuf kommunaler Ebene der Schulträger gebe \u0026ldquo;es kaum IT-Kompetenz. Die Gebäude sind marode, insbesondere die Verkabelung. WLAN scheiterte an 100 MBit/s-Verkabelung und überlasteten Stromkreisen für Power-over-Ethernet-Switches\u0026rdquo;.\nDie Lehrer an den Schulen würden gefragt, wo Accesspoints aufgehängt werden sollen, wüssten aber keine Antwort, weil sie dafür nicht ausgebildet seien.\nDas ist in der Tat ein Problem 1 2 . Was soll eine Schule auch machen, wenn nicht gewisse Grundvoraussetzungen erfüllt sind?\nDamit man mit Notebooks, Tablets oder Chromebooks an einer Schule arbeiten kann, braucht man Strom an jedem Tisch. Den gibt es in deutschen Schulen in der Regel nicht. Aber auch für essentielle Hardware wie Wi-Fi-Accesspoints, Switches oder elektronische Tafeln fehlt es an Anschlüssen.\nWi-Fi für viele Clients baut man nicht wie daheim, indem man irgendwo einen AP hinklatscht. Man muß eine Ausleuchtungsanalyse machen, Positionen von APs planen, Sendeleistungen und Frequenzen wählen. Man braucht vermutlich einen AP pro Klassenraum, mit gut gewählten Frequenzen und radikal runtergedrehter Sendeleistung, damit er die Nachbar-APs in den Nebenräumen und darüber/darunter nicht stört.\nAusleuchtungsanalyse einer Privatwohnung vor der Optimierung\nKabel müssen zu den APs führen, denn es ist aussichtslos, den Backhaul für große Schülerzahlen über Wi-Fi zu machen. Die Kabel müssen GBit-Kabel sein, bei modernen APs braucht es deren zwei pro AP. Die APs brauchen Strom, in der Regel Power-over-Ethernet (PoE). Für PoE brauchen die Switches viel Strom, denn sie speisen die APs. Das heißt, sie brauchen Kühlung oder zumindest einen geeigneten Rechnerraum. Dort würde man auch den Breitbandanschluß der Schule terminieren.\nFür eine Schule mit einer drei- oder vierstelligen Anzahl Schüler tut DSL nicht, man muß Glas legen - ein oder besser zehn GBit symmetrisch, je nachdem was geplant ist.\nJetzt kann man anfangen, ein Technik- und Medienkonzept für die Schule zu machen: Tablets oder Chromebooks? Lokaler Server oder Cloud? Webfilter oder Walled Garden? Whiteboards oder Android-eTafeln? Google Edu oder was eigenes? Welche Schulbuchanbieter haben statt Büchern HTML?\nDas ist alles nicht einfach und dauert locker zwei Jahre für die Einführung und zehn Jahre zur Perfektionierung.\nMan hätte 2010 anfangen müssen. An jeder einzelnen Schule - es gibt davon mehr als 30.000 in Deutschland, die Hälfte davon Grundschulen.\nSo, jetzt nehmen wir mal an, wir haben eine solche Schule - Glas 10 Gbit symmetrisch, Strom an den Tischen, Wi-Fi pro Raum, und Monitor-Tafelsystem.\nJetzt Schüler ausrüsten. Wie kriegt man das hin, daß man möglichst flexibel ist, die Schüler keine Daten verlieren können und man dabei nicht arm wird? Wir brauchen Hardware in großer Stückzahl, also mit geringen Stückkosten.\nDie Hardware muß robuste Software haben und keinen Ärger machen, wenn sie mal kaputtgeht. Daten müssen zentral gespeichert werden, nicht im Gerät - public oder private Cloud. Eine Terminal-Lösung (VNC auf einen Schulserver) wäre denkbar - verschwendet aber die Rechenleistung im Schoß, belastet das Netz mehr und ist nicht gut portabel nach Hause.\nDie Hardware ist idealerweise nicht an den Schüler gebunden: Wenn mal was ist, gibt man dem Schüler irgendein anderes Gerät und er kann dann ohne Unterbrechung weiter arbeiten. Es sind Kinder und es ist eine Schule, mit Schwund ist zu rechnen.\nDie Rechner müssen vor Ort einfach zu warten sein, durch Personal mit minimaler Ausbildung. Das heißt, langwierige Installationsprozeduren scheiden aus. \u0026ldquo;Einen Resetknopf länger als 40s drücken und das Gerät setzt sich auf einen durch Secure Boot verifizierten Grundzustand zurück und kann dann einem beliebigen Schüler gegeben werden\u0026rdquo; ist ungefähr der Gipfel dessen, was vor Ort geleistet werden kann.\nChromebooks leisten genau das. Billige Geräte mit Tastatur und optional Touchscreen, die durch \u0026ldquo;Powerwash\u0026rdquo; in den verifizierten Bootzustand versetzt werden können, und die - daher der Name - direkt in ein glorifiziertes Chrome booten. Dort landet man dann in Google Edu, also \u0026ldquo;Google Office für Schulen plus einen OAuth2 Identity Provider für Drittanbieter\u0026rdquo;. Diese Drittanbieter, die Bildungspartner und Schulbuchverlage, haben so eine definierte Plattform (Browser, HTML, CSS, JS), gegen die sie entwickeln können und bekommen den Zugang über OAuth2 verifiziert hin, ohne daß unnötig personenbezogene Daten übermittelt werden.\nIn der Tat ist es in so einem Setup für den Schulbetrieb weitgehend egal, ob Corona ist oder nicht: Einer Cloud-Schule, die die Server nicht auf dem Schulcampus hat, ist es Wurst, von wo die Schüler connecten.\n\u0026ldquo;Aber die Datenkraken!\u0026rdquo;\nLeute, es gibt einen Haufen von Prüfungen und Zertifizierungen für diesen Kram. Google hat sie alle, und erneuert die jährlich. Auch die Bildungspartner können das tun. Wenn Ihr dann noch Bedenken habt, unterstellt Ihr, daß dieser ganze Zertifizierungskram nutzlos ist.\nDas kann man machen. Aber damit das konstruktiv ist, sollte man dann benennen, was genau fehlt - also, was die Bedrohung ist, wie die nicht geprüft wird, und was der Schaden ist, wenn die Bedrohung eintritt. Dann - nur dann - ist Weiterentwicklung möglich.\nTut man das nicht, sagt man im Grunde nur \u0026ldquo;Ich verstehe diesen Neumodischen Scheiß™ nicht und wünschte, es wäre noch 1990.\u0026rdquo; Kann man machen, aber dann lebt man eine Generation in der Vergangenheit und nicht im Jetzt.\nDas ist kein haltbarer Zustand, wenn es um die Ausbildung der kommenden Generation geht. So gar nicht.\n\u0026ldquo;Ja, sollen wir da nicht was Eigenes entwickeln?\u0026rdquo; Kann man machen. Das hätte 2010 sogar Sinn gehabt. Aber inzwischen ist es wichtiger, was zu machen, als da noch lange irgendwelche Leuchttürme zu subventionieren und zu warten, bis die mit dem Verprassen der Steuergelder fertig sind, bevor man dann doch zu Google geht.\n\u0026ldquo;Ja, und dann?\u0026rdquo; Ich lebe als Deutscher in den Niederlanden und habe ein 10-jähriges Kind in der Group 6 (der 4. Klasse) an einer niederländischen Basisschool. Durch das Lehrkonzept hier (Google Edu, Wi-Fi-Chromebook Klassen) kann ich aus eigener Erfahrung sagen, daß der Drill (NL: \u0026ldquo;geautomatiseerd\u0026rdquo;) etwa beim Kopfrechnen komplett an Webseiten übergeht. Statt Eckenrechnen, Kopfrechen-Stafetten, und anderen Klassenspielen, die den Lehrer binden, haben die Kinder Zugriff auf programmierte Unterweisungen und casual games, die die zu drillenden Fertigkeiten einüben. \u0026ldquo;Löse einfache Kopfrechenaufgaben\u0026rdquo; oder \u0026ldquo;Rechtschreibaufgaben\u0026rdquo; um Space Invaders abzuwehren und ähnlich.\nGynzi Kids ist ein Anbieter von Lehrspielen und Casual Games mit Ausbildungshintergrund, der an der Schule verwendet wird.\nDie Kinder lernen und üben Dinge so, wie sie ihnen Spaß machen, überspringen Einheiten oder machen sie in anderer Reihenfolge. Das ist nicht immer konfliktfrei: Der Sohn hat zum Beispiel alle Geld-Rechenaufgaben (Wechseln, Herausgeben, passend Zahlen) ausgelassen, denn \u0026ldquo;das habe ich ja schon im deutschen Mathebuch gelernt\u0026rdquo;. Aber die Klassenlehrerin hat sich auf die Übungsstatistiken in der Mathe-Website verlassen und nicht nachgefragt, und dann gab es Streit über die Note. Das hat sich mündlich schnell geklärt, aber auch hierzulande müssen alle Parteien den korrekten Umgang mit den Tools noch einüben.\nDie Rolle des Lehrers verändert sich jedoch sehr, weil sie sich viel mehr vom Drillen und dem Frontalunterricht auf das individuelle Coaching verlagert hat. Das merkt man auch bei den Elterngesprächen (heute abend war eines, in Google Meet), bei denen beide Klassenlehrkräfte sehr detailliert die Schwächen und Stärken des Kindes ansprechen und konkret belegen können, was gut geht, was nicht, wo sich seit dem letzten Mal was verbessert hat.\nDas ist sehr spannend, weil für uns Deutsche sehr ungewohnt - die Lehrer haben Zeit und offenbar auch die Muße, sich um solche Dinge zu kümmern, weil der ganze manuelle Papierkram und der Drill keine Arbeit mehr macht.\nDabei werden schon in der Grundschule Medienkompetenz und später selbstständiges Arbeiten traininiert.\nWebsite von NOS Jeugdjournaal\nDas geht los mit dem gemeinsamen Durchsehen von Nachrichten auf De Daag Vandaag oder dem NOS Jeugdjournaal und dem Darüber-Reden. Dabei kommt das Gespräch ganz von selbst auf \u0026ldquo;Was in der Welt passiert\u0026rdquo;, aber auch auf \u0026ldquo;Wo kommen Meldungen her?\u0026rdquo; und \u0026ldquo;Was ist wahr? Was ist wichtig?\u0026rdquo;.\nAb diesem Schuljahr kommt dann noch die Werkstuckken dazu, Aufsätze, für die selbstständig zu recherchieren ist, für die eine Gliederung gemacht werden muß und die mit Inhalten gefüllt werden müssen - und die dann am Ende auch in eine Präsentation umgewandelt werden müssen. Dabei legt die Schule großen Wert darauf, daß die Kinder zwar Anleitung zur Recherche und zur Quellenbewertung erhalten, die Arbeit aber selbstständig leisten.\nDie Schule, auf der unser Kind ist, macht außerdem noch Kanjertraining , also vermittelt einen Katalog von Verhaltensweisen mit Bewertung zum Umgang mit Konfliktsituationen, Kommunikationsverhalten und anderen Dingen aus diesem Themenkomplex. Das eröffnet den Kindern\neine Taxonomie von Verhaltensweisen: \u0026ldquo;Wenn wir uns streiten, gibt es mehrere Arten, wie Menschen Konflikte austragen\u0026rdquo; ein Vokabular zur Erkennung und Benennung von Gefühlen, Situationen und Ursachen Bewertungen \u0026ldquo;Konflikte gibt es immer wieder, aber es gibt valide und nicht valide Wege, sie auszutragen\u0026rdquo; und ein größeres Verhaltensrepertoire zum Umgang mit Konflikten \u0026ldquo;Wenn wir uns streiten, können wir erst mal versuchen herauszufinden, was unstrittig ist, und worum es uns geht, also was jeder im Idealfall als Ergebnis sehen will. Dann sehen wir besser, was wir klären müssen.\u0026rdquo; Dem Kind wird dadurch Zugang zum Selbst durch bewußte Reflektion ermöglicht. Es kann seine eigenen Verhaltensweisen erkennen, benennen, und versuchen sie zu verändern. Das macht er auch ganz gut, und man sieht, wie er bei der Sache Spaß hat.\n","date":"2020-06-23T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/23/schulen-digitalisieren.html","tags":["lang_de","bildung","schnuppel","politik"],"title":"Schulen digitalisieren"},{"categories":null,"content":"Two questions from Reddit\u0026rsquo;s /r/mysql related to Window Functions: How do I make row.numbers happen and Get the difference between two values in different recordings .\nOne of the new things in MySQL is the implementation of Window Functions. They are related to aggregates, but do not actually lump values together.\nTo better understand what goes on, let\u0026rsquo;s create some fake data to work with:\n#! /usr/bin/env python3 # -*- coding: utf-8 -*- import MySQLdb as mdb import MySQLdb.cursors as cursors from datetime import datetime, timedelta from random import randint, random # We have {sensors} sensors, each producing {values} values # between {minvalue} and {maxvalue}, at a random time after {starttime} plus {delta} sensors = 3 values = 10 minvalue = 0 maxvalue = 10 starttime = datetime.fromisoformat(\u0026#34;2020-01-01 00:00:00\u0026#34;) delta = timedelta(days=31) script = [ \u0026#34;drop table if exists series\u0026#34;, \u0026#34;create table if not exists series ( id serial, sensor integer not null, checktime timestamp not null, value float )\u0026#34;, ] con = mdb.connect( host=\u0026#34;localhost\u0026#34;, user=\u0026#34;root\u0026#34;, db=\u0026#34;kris\u0026#34;, cursorclass=cursors.DictCursor ) cur = con.cursor() # Create a table for stmt in script: cur.execute(stmt) print(f\u0026#34;{cur._last_executed}\u0026#34;) con.commit() # insert values insert_stmt = \u0026#34;insert into series values ( %s, %s, %s, %s)\u0026#34; for s in range(0, sensors): print( f\u0026#34;Sensor {s}: {values} measurements ({minvalue}, {maxvalue}), ({starttime}, {starttime+delta}).\u0026#34; ) for i in range(0, values): value = random() * maxvalue + minvalue t = starttime + timedelta(days=randint(0, delta.days)) data = (None, s, t, value) cur.execute(insert_stmt, data) con.commit() This will create test data for a number of fictional sensors sensors. For each sensor, there will be values many readings with a random float value between minvalue and maxvalue. The sensor readings will be taken at a random point in time between starttime and delta days later. In our sample config, that is 3 sensors with 10 readings each, values between 0 and 10, at some random point in time in January 2020.\nWe get data similar to this:\nroot@localhost [kris]\u0026gt; select * from series; +----+--------+---------------------+----------+ | id | sensor | checktime | value | +----+--------+---------------------+----------+ | 1 | 0 | 2020-01-12 00:00:00 | 9.72828 | | 2 | 0 | 2020-01-09 00:00:00 | 3.59015 | | 3 | 0 | 2020-01-24 00:00:00 | 0.701136 | … | 11 | 1 | 2020-01-27 00:00:00 | 9.64586 | | 12 | 1 | 2020-01-25 00:00:00 | 6.19484 | | 13 | 1 | 2020-01-15 00:00:00 | 2.18511 | … | 28 | 2 | 2020-01-02 00:00:00 | 1.36718 | | 29 | 2 | 2020-01-03 00:00:00 | 2.71718 | | 30 | 2 | 2020-01-20 00:00:00 | 5.86109 | +----+--------+---------------------+----------+ 30 rows in set (0.00 sec) We could group this data, for example by sensor. The database would then make piles for each sensor value, and we could apply aggregate functions to each pile:\nroot@localhost [kris]\u0026gt; select sensor, -\u0026gt; count(value) as count, -\u0026gt; min(value) as min, -\u0026gt; max(value) as max, -\u0026gt; avg(value) as avg -\u0026gt; from series -\u0026gt; group by sensor; +--------+-------+----------+---------+-------------------+ | sensor | count | min | max | avg | +--------+-------+----------+---------+-------------------+ | 0 | 10 | 0.065623 | 9.72828 | 4.031341724842787 | | 1 | 10 | 1.16093 | 9.64586 | 5.11824003458023 | | 2 | 10 | 1.36718 | 9.90121 | 5.031034636497497 | +--------+-------+----------+---------+-------------------+ 3 rows in set (0.00 sec) Window Functions work similarly, but they do not make piles. They work by defining partitions over the data, and then walking through each partition, resetting the window functions applied at each partition boundary.\nAs with GROUP BY, when leaving out a partitioning the entire table is taken as one:\nroot@localhost [kris]\u0026gt; select id, sensor, row_number() over () from series; +----+--------+----------------------+ | id | sensor | row_number() over () | +----+--------+----------------------+ | 1 | 0 | 1 | | 2 | 0 | 2 | | 3 | 0 | 3 | … | 28 | 2 | 28 | | 29 | 2 | 29 | | 30 | 2 | 30 | +----+--------+----------------------+ 30 rows in set (0.00 sec) The id is stored, the row_number() is generated. Let\u0026rsquo;s add a partitioning by sensor number and re-run the command:\nroot@localhost [kris]\u0026gt; select id, sensor, -\u0026gt; row_number() over (partition by sensor) as r -\u0026gt; from series; +----+--------+----+ | id | sensor | r | +----+--------+----+ | 1 | 0 | 1 | | 2 | 0 | 2 | | 3 | 0 | 3 | … | 10 | 0 | 10 | | 11 | 1 | 1 | | 12 | 1 | 2 | | 13 | 1 | 3 | … | 20 | 1 | 10 | | 21 | 2 | 1 | | 22 | 2 | 2 | | 23 | 2 | 3 | … | 30 | 2 | 10 | +----+--------+----+ 30 rows in set (0.00 sec) By defining partition boundaries at sensor value changes with PARTITION BY sensor, the row_number() counter is reset each time the sensor value changes. Within each partition, we can order the values as we wish. Using the same statement as before, but ordering the values by id in reverse, we get\nroot@localhost [kris]\u0026gt; select id, sensor, -\u0026gt; row_number() over (partition by sensor order by id desc) as r -\u0026gt; from series; +----+--------+----+ | id | sensor | r | +----+--------+----+ | 10 | 0 | 1 | | 9 | 0 | 2 | | 8 | 0 | 3 | … | 1 | 0 | 10 | | 20 | 1 | 1 | | 19 | 1 | 2 | | 18 | 1 | 3 | … | 11 | 1 | 10 | | 30 | 2 | 1 | | 29 | 2 | 2 | | 28 | 2 | 3 | … | 21 | 2 | 10 | +----+--------+----+ 30 rows in set (0.01 sec) Note that the OVER () clause is written as a field. Different windows and hence different partitions and orderings can be defined concurrently.\nroot@localhost [kris]\u0026gt; select id, sensor, row_number() over (partition by sensor order by id desc) as r, row_number() over (order by id desc ) as rr from series order by id; +----+--------+----+----+ | id | sensor | r | rr | +----+--------+----+----+ | 1 | 0 | 10 | 30 | | 2 | 0 | 9 | 29 | | 3 | 0 | 8 | 28 | … | 10 | 0 | 1 | 21 | | 11 | 1 | 10 | 20 | | 12 | 1 | 9 | 19 | … | 29 | 2 | 2 | 2 | | 30 | 2 | 1 | 1 | +----+--------+----+----+ 30 rows in set (0.00 sec) Most aggregate functions can be used with OVER() clauses, among them not only AVG() and the other statistics functions, but also JSON_ARRAYAGG() and JSON_OBJECTAGG(). On top of that a number of window-specific functions have been defined, as listed in Window Function Descriptions in the manual. Among these are RANK() and DENSE_RANK() , as well as LAG() and LEAD(), which refer to the value next or preceding the current row.\nWe can already answer the question about row numbers now, and better than before MySQL 8 (differently here ). These methods are outdated and should no longer be used.\nWe have shown above already how to produce global row numbers and row numbers per sensor. We can also quite easily run a topK query, for example \u0026ldquo;show me the three smallest values per sensor\u0026rdquo;:\nroot@localhost [kris]\u0026gt; select * from ( -\u0026gt; select sensor, -\u0026gt; value, -\u0026gt; rank() over (partition by sensor order by value) as svrank -\u0026gt; from series -\u0026gt; ) as t -\u0026gt; where svrank \u0026lt; 4; +--------+----------+--------+ | sensor | value | svrank | +--------+----------+--------+ | 0 | 0.065623 | 1 | | 0 | 0.701136 | 2 | | 0 | 1.87906 | 3 | | 1 | 1.16093 | 1 | | 1 | 2.18511 | 2 | | 1 | 3.83464 | 3 | | 2 | 1.36718 | 1 | | 2 | 1.8867 | 2 | | 2 | 2.71718 | 3 | +--------+----------+--------+ 9 rows in set (0.01 sec) We need a subquery here, because according to the manual :\nQuery result rows are determined from the FROM clause, after WHERE, GROUP BY, and HAVING processing, and windowing execution occurs before ORDER BY, LIMIT, and SELECT DISTINCT.\nSo if we want to filter on the result of a window function like rank, we need to take our result from an inner query and then apply the filter in an outer query.\nTo answer the second Reddit question , we need to use LAG() and LEAD(). With them we can also process differences between two adjacent rows in the same partition:\nroot@localhost [kris]\u0026gt; select id, -\u0026gt; sensor, -\u0026gt; checktime, -\u0026gt; value, -\u0026gt; lag(value) over (partition by sensor order by checktime) - value as delta -\u0026gt; from series -\u0026gt; order by sensor, checktime; +----+--------+---------------------+----------+----------------------+ | id | sensor | checktime | value | delta | +----+--------+---------------------+----------+----------------------+ | 9 | 0 | 2020-01-04 00:00:00 | 9.20321 | NULL | | 5 | 0 | 2020-01-06 00:00:00 | 4.63966 | 4.56355619430542 | … | 3 | 0 | 2020-01-24 00:00:00 | 0.701136 | 1.7513115406036377 | | 20 | 1 | 2020-01-03 00:00:00 | 5.3703 | NULL | | 17 | 1 | 2020-01-07 00:00:00 | 6.00236 | -0.6320672035217285 | … | 14 | 1 | 2020-01-31 00:00:00 | 3.83464 | 0.11126899719238281 | | 28 | 2 | 2020-01-02 00:00:00 | 1.36718 | NULL | | 25 | 2 | 2020-01-03 00:00:00 | 4.10965 | -2.742463231086731 | … | 22 | 2 | 2020-01-30 00:00:00 | 1.8867 | 8.014503359794617 | +----+--------+---------------------+----------+----------------------+ 30 rows in set (0.00 sec) We define a partition by sensor, and process values in each partition in temporal order (we generated our fake sensor data in random temporal order within a time window). We calculate the difference between the current value and the lagging (following) value as delta.\nThe way we have written the delta calculation highlights a pecularity of the syntax: The expression for the preceding value is not LAG(value), it is lag(value) over (partition by sensor order by checktime). We have to put the different - value behind the full window expression, not into the middle of it: lag(value)-value over (partition by sensor order by checktime) as delta yields a syntax error.\nroot@localhost [kris]\u0026gt; select id, sensor, checktime, value, lag(value)-value over (partition by sensor order by checktime) as delta from series order by sensor, checktime; ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \u0026#39;-value over (partition by sensor order by checktime) as delta from series order \u0026#39; at line 1 Because OVER() expressions can become quite unwieldy (especially if you also define frames - not explained here - in them), they can be named and put into the select-statement at a place behind the FROM clause.\nThis gives us\nroot@localhost [kris]\u0026gt; select id, -\u0026gt; sensor, -\u0026gt; checktime, -\u0026gt; value, -\u0026gt; lag(value) over w - value as delta -\u0026gt; from series -\u0026gt; window w as (partition by sensor order by checktime); +----+--------+---------------------+----------+----------------------+ | id | sensor | checktime | value | delta | +----+--------+---------------------+----------+----------------------+ | 9 | 0 | 2020-01-04 00:00:00 | 9.20321 | NULL | | 5 | 0 | 2020-01-06 00:00:00 | 4.63966 | 4.56355619430542 | … as a different syntax with the same result. It is possible to define more than window, as long as they have different window names, and it is possible for a window to be referred to zero or more times.\nThe Manual on Windows Functions .\n","date":"2020-06-21T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/21/mysql-window-functions.html","tags":["lang_en","mysqldev","mysql","erklaerbaer","reddit"],"title":"MySQL Window Functions"},{"categories":null,"content":"A question from Reddit\u0026rsquo;s /r/mysql:\nReally new to MySQL and had a request to export an entire database to csv for review. I can manually export each table using workbench but there are 10+ tables and 10+ databases so I was looking to export the entire database to csv.\nIt is likely that you have additional requirements on top of this, so it would be best to script this in a way that would allow for customization.\nTry this piece of Python 3.7 (or better) as a starting point. It requires mysqlclient to be installed with pip (preferrably in a venv).\n#! /usr/bin/env python # -*- coding: utf-8 -*- # pip install mysqlclient (https://pypi.org/project/mysqlclient/) import MySQLdb import csv # connect to database, set mysql_use_results mode for streaming db_config = dict( host=\u0026#34;localhost\u0026#34;, user=\u0026#34;kris\u0026#34;, passwd=\u0026#34;geheim\u0026#34;, db=\u0026#34;kris\u0026#34;, ) db = MySQLdb.connect(**db_config) # Default is db.store_result(), which would buffer the # result set in memory in the client. This won\u0026#39;t work # for a full table download, so we switch to streaming # mode aka db.use_result(). That way we keep at most # one result row in memory at any point in time. db.use_result() # Get a list of all tables in database tables = db.cursor() tables.execute(\u0026#34;show tables\u0026#34;) # for each table, dump it to csv file for t in tables: table = t[0] print(f\u0026#34;table = {table}\u0026#34;) data = db.cursor() data.execute(f\u0026#34;select * from `{table}`\u0026#34;) with open(f\u0026#34;{table}.csv\u0026#34;, \u0026#34;w\u0026#34;) as csvfile: w = csv.writer(csvfile) w.writerows(data) Then customize as needed.\nNote: Using db.use_result() normally is not recommended, because it puts additional burden on the database when handling your result set, and because you cannot jump back and forth in the result set in the client.\nFor a mysqldump-like usage as here, the default db.store_result() won\u0026rsquo;t work, though, because it downloads the result set (here: entire tables) into client memory, one at a time, and that won\u0026rsquo;t work. So in this particular case, db.use_result() is mandatory.\nIn mysqldump, the option --quick switches to streaming mode, and it is part of the --opt set of recommended options, and they are enabled by default. When using mysqldump --skip-quick, buffered mode is used (and your mysqldump will explode due to memory buffering requirements).\n","date":"2020-06-20T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/20/export-the-entire-database-to-csv.html","tags":["lang_en","mysqldev","mysql","erklaerbaer","reddit"],"title":"Export the entire database to CSV"},{"categories":null,"content":"An older talk from 2 years ago, which for some reason I was not able to find in the blog.\nFor reasons that do not need exploration at this junction, I had to explain Processes and Process Maturity some time ago, and a colleague asked me to put my thinking into a talk. This talk is likely going to be boring, because you may know most of the subject already. On the other hand, it is good to be on the same page when it comes to models and vocabulary.\nProjects, and Deliverables You want a pizza. What is pizza?\nA deliverable: A defined product delivered at a deadline.\nPizza is a project. Projects have a deliverable (a defined product) that is available at a certain deadline, latest. So, \u0026ldquo;a Margherita within the next 20 minutes\u0026rdquo; is a project.\nPizza as a project\nIf you phone up a Pizza, you are outsourcing: You offer money for Pizza as a Service. On the other hand, the shop is delivering Pizza as a Service. How are they able to do that?\nRepeated demands and Processes They need a Pizza Delivery Process to be able to pull that off repeatedly and reliably, at a projected cost and speed. We get processes because we have “A regular demand on an organization, and the organization wants the capability to handle the repeated demand in a predictable fashion.”\nWhy process?\nIf something is a one-off, you will not get a process and you should not. Instead, it is “individual heroics.” If something is done a second or a third time, it’s probably time to make it official. You put it on the service catalog, you plan for it, and you create a structure in your org around it.\nIn the end, it can look like this:\nCMMI for services, Service Delivery (pretty much the same as ITIL SD)\nCMMI for services 1.3 creates a set of processes interacting to build a structure for service delivery. It looks complicated, but it’s not.\nThere is the customer, and service delivery delivers. Things may go wrong, and that is an incident such as the oven being on fire. Incident Resolution takes care of that.\nThe Strategic Service Management looks at how we set up the kitchen, and what goes on the menu — the production process.\nService Development thinks up the way the kitchen is structured and works, and Service Transition makes sure the kitchen is being built and that cooks and servers are trained.\nThe Incident Resolution in ITIL has deeper structure, looking at larger scale problems that can be extracted from individual services, and interacts with the Service Transition in Change Management.\nNothing here deals with billing, that would be service management — contracts for supplies, subscriptions, catering for events or individual pizza sales, and quality control (complaints).\nWhat we build here could be a single pizzeria, but also a chain that deals with Pizza at a scale.\nPDCA: Plan, Do, Check, Act The ideal outcome of proper process\nWhen you perform a process, you are in a cycle. The stages of the cycle are named differently, depending on your management ideology, but it’s always a planning stage, a doing stage (“a sprint” in Agile), and a stage where you look back at how things work and what we can learn (“a retrospective” in Agile, “Check” in PDCA). Then you implement potential improvements (“Act” in PDCA ).\n\u0026ldquo;Continuous Improvement\u0026rdquo; goes by many names\nNo matter what you call these things, these cycles form the bones of a continuous improvement process.\nThings to look at when improving From closest to furthest, looking at product and process.\nChecking can be done by continually distancing yourself from the product and the process.\nSo the closest way of looking at a thing is checking for compliance: Are we following the recipe? If not, maybe we should fix that.\nThen you can ask yourself if that recipe is the most efficient way of getting the result. Are there other ways of getting the same outcome, in which we need fewer resources or can do it faster, with fewer people or less training?\nThen, is the recipe effective? That is, is the Pizza any good? If not, can we fix that?\nAnd finally, is the process still applicable? There is little point to having a Pizza Process in an Artisanal Burger Shop, is there?\nChange is a Meta-Project After the retrospective, the checking, we have a list of changes. How do we implement them?\nThat, in itself, is a meta-project: We want to change the recipe (adjust the written documentation), and the minds of the people (training them to follow the new recipe), then test that the change happened. And we want to have done that by $DEADLINE.\nSo processes spawn meta-projects to change themselves.\nChange is a Meta-Project. It has deliverables, and a deadline.\nWe always need to take all three pillars into account:\nThere is always an organization, with roles that have defined tasks, skills, and that need staffing.\nThere are people that staff the roles. They need training to get the skills they need and to understand the specific tasks they are supposed to perform.\nFinally, there is the Tech that is supposed to support People to perform their roles. Usually, Tech is the least important thing in a process – it is easy to scale, quicker to adjust than people, and is always a supporting role for people doing the work.\nAre we good at processes? So on a scale of 1-5 , how good are we at a thing?\nSuppose you are a Pizzeria, and you are superb at Pizza as a Service. Now somebody comes in and wants Spaghetti. Bologna, of all things. You happen to have the noodles, and you have the sauce, because of the Pizza of the same style you serve.\nSo, you make it. You just went from 0 to 1: \u0026ldquo;Not Performed\u0026rdquo; to \u0026ldquo;Individual Heroics\u0026rdquo; – doing a one-off. That was a success!\nGetting Noodles as a Service.\nThe next level would be 2: \u0026ldquo;Planned \u0026amp; Tracked.\u0026rdquo; That means it’s on the menu. You buy noodles, train the servers and the cooks (plan performance), you track noodle dish popularity, and customer satisfaction.\nThen you get a pasta section on the menu: Level 3 – you have a standard noodle process next to your pizza process, and you derive individual noodle dishes from that by adjusting the noodle process.\nLevel 4 - \u0026ldquo;Quantitative Tracking,\u0026rdquo; is the next step. You start to measure, and compare. Or want to, but that is not possible for one-offs, you need iterations. It’s also not possible for rare things because statistics need large numbers, and you don’t even know what the relevant numbers are when you start out.\nIt’s also not possible when you are in hyper-growth. Each iteration will be very different from the previous iteration — if you grow 10x, the process to achieve the same deliverables is too different from the previous iterations for meaningful comparison.\nAnyway, we now track Pizza and Pasta properly, across all of our outlets in our global Italian Fast Food chain, account for regional differences (“Calzone Hutspot” does seem to be popular only in the Netherlands, and is frowned upon in Italy, for example) and we take that into account.\nInvesting time and money to get things right Finally, you get a continuous improvement process that tracks change quantitatively and has the appropriate controls to make change accessible to management.\nSo where do we invest when we care about improvement?\nWhere to put money and time for improvement?\nWe have to sort processes by Criticality, obviously, to make important things better. We also sort by Maturity – no need to invest into things that are already in good shape. And then we decide how much we can and should spend, and where.\nMaybe we give up Pizza production, and outsource ourselves, or just pre-products and reduce our capability to assembly.\nMust be at least this tall to successfully outsource.\nIn any case, that will fail, if we and our partner are below level 4, each, in process maturity. Without a shared understanding of the deliverable and the relevant metrics, there is no common understanding of what is being sold or bought, and a lot of pain and finger pointing will be the result.\nThat is, without a proper process maturity, you need to do stuff yourself, no matter what. You can\u0026rsquo;t outsource new or rare things because you don\u0026rsquo;t understand them yet. You can\u0026rsquo;t outsource things that grow very quickly because they change from growth alone so much that you cannot afford the administrative barrier between business and execution.\nAnd without having a set of well-understood snd tested quantitative metrics that both sides of the outsourcing relationship agree on, it is going to be tough to have a useful discussion about the quality of the services rendered. Only mature and somewhat stagnating businesses can be outsourced.\n","date":"2020-06-15T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/15/pizza-people-projects-and-processes.html","tags":["lang_en","devops","erklaerbaer"],"title":"Pizza, People, Projects and Processes"},{"categories":null,"content":"I was asking on Twitter:\nAre you a Developer and understand (Micro-) Services? I am a database person and a bit simple, and I have a genuine Question:\nWhen moving to a services architecture, where do the JOINs go?\nI gave the following context:\nA simple shop\nSo you sell stuff, that is, you have an orders table o with an oid, which stores a customer id cid from a customers c table, and an article id aid, from an articles table a and a count cnt.\n-- customer 17 ordered 3 45\u0026#39;s ? SELECT o.cnt, a.aid \u0026gt; FROM o JOIN c ON o.cid = o.cid \u0026gt; JOIN a ON o.aid = a.aid \u0026gt; WHERE c.cid = 17 = 3 45 When moving to services because you are a multibillion dollar enterprise, your customers, orders and articles can no longer fit into a single database, and there are other reasons to have an OrderService, CustomerService and ArticleService. You still want to ask something (OrderService?) about the number of 45\u0026rsquo;s that 17 ordered.\nWho do you ask? What does this do to connect the dots? How do you do reporting (\u0026ldquo;Show me all top 10 articles by country, zipcode digit 1 by week over the last 52 weeks\u0026rdquo;)?\nSo you reimplement join algorithms by hand in application code? Are there supporting tools? Do you reimplement data warehousing aggregations, too? If so, what tooling for reporting does exist, and how does that compare to eg existing tooling for data warehousing?\nI got… lots of answers, but now have even more questions.\nI was pointed to read up on \u0026ldquo;Self Contained Systems \u0026rdquo; and on \u0026ldquo;Designing Data-Intensive Applications \u0026rdquo;. I was pointed at Presto and that is awesome and completely insane at the same time.\nA 10.000 meter summary was given by Moritz Lenz :\nUsually they go into application code. You have to design the services to minimize the joins. Also, microservices often keep read-only copies of other data to minimize joins.\nFor reporting, you could have a big analytics DB that does the joins.\nIn your example, the order service might copy some details from the product service to know what\u0026rsquo;s shipped, and the customer name + address. These copies are read-only, and stay with the order even if the shipping addresses changes in the main customer service.\nThis is actually what a proper order application in a traditional database would do as well:\nThe order table most likely would be an orderlog table, and we would record not only the aid (keep the link to the source article) and cid, but would make copies of the price at the time of sale, the time of sale timestamp, and the address at the time of sale or the actual shipping address. Entries in the orderlog would stay there until fulfillment and maybe payment, and then can go from the OLTP system. We would also immediately emit a copy of the data that goes to our data warehouse as part of some kind of ETL setup.\nThere are multiple good things about this, which is why we are doing it like this in relational systems as well:\nThe OrderService can handle the order from all the data in the one single order event, because it contains all the relevant information for the most common purpose, fulfillment. This is most likely also all the information that we would put into the Event that feeds the data warehouse. Doing things this way keeps the size of our OLTP system bounded (for the same number of customers, articles and active orders, over an infinite amount of time, the system does not grow). The data lifecycle in the OLTP system is complete and we do not accrete an infinite amount of data - Data Warehouses do grow infinitely unless you drop after x years, OLTP system must not grow infinitely and if they do, they do contain a small DWH that struggles to get out.\nAnyway:\nTo map this onto a services design, we do ask the CustomerService and the ArticleService at the time of sale for the data necessary to make an order, and this is done by OrderService. These are two point lookups, and that is probably an okay thing to do manually at the application level. We also emit a pre-joined hierarchical structure equivalent to the orderlog entry (maybe some JSON?) onto an event bus (maybe a Kafka? ) where it is consumed by other services.\nThese event stream consumers work as materialization engines: They do have state, and modify it whenever they consume a relevant event. For example, we could have a continous query running in some engine that builds the aggregation I asked about from a stream:\nShow me all top 10 articles by country, zipcode digit 1 by week over the last 52 weeks\nThis reads almost directly like an Influx query. So this is a thing that you can answer from a stream.\nIf you have questions that arise at a later point in time, things become complicated without an image, though, because you are missing the start value. So the only option would be to start back in time at the big bang, and replay the event log for that new query, or to cut off at some other point in time and not have older data where possible.\nFor aggregations over intervals like in the example query above that is entirely possible: We work over individual weeks, going back a year and we either have data for older weeks or not. If not, we can still accurately determine weekly aggregates for newer weeks, because they are independent of each other.\nFor absolutes, totals and other sequentially dependent values you need some kind of calibration, if you can\u0026rsquo;t go back to the big bang - \u0026ldquo;how many 45\u0026rsquo;s did we ever sell\u0026rdquo; or \u0026ldquo;how much did 17 ever buy\u0026rdquo; can only be answered accurately if you have all the logs and the time to replay them from scratch. This quickly gets out of hand .\nAnd there is the problem that I still see (or not quite understand wrt to CQRS):\nSo if a service does not reign over a set of data, but it\u0026rsquo;s supposedly the authoritative data source for a thing where multiple copies can exist - how do you validate?\nThe authoritative source of the data is the event stream.\nI will have to check out the linked talk. I think I get hung up because this is what databases do:\nA database is a giant global persistent variable with a network interface. Datadir is full of schemas is full of tables is full of rows has multiple fields. We can stop all traffic to the database and make an image. That\u0026rsquo;s a backup.\nWe make changes to the database using grouped data modification language: transactions. Transactions are recorded in the binlog. We record and keep the binlog, and also the backups (and the binlog position we took the backups at).\nWe can roll back to an earlier image, and then replay the binlog to move forward again in time at will, but this is bounded in time (and disk space) by the amount of binlog we keep. So if we store backups and binlogs for 7 days, we can go back 7 days and roll forward again.\nIn a MySQL database with row based replication, the actual row events are even idempotent. We record \u0026ldquo;set x = 10\u0026rdquo;, not \u0026ldquo;x = x + 1\u0026rdquo;. We still can\u0026rsquo;t replay old binlogs over a newer image without constraints (this is a different discussion), but it does make things a lot more robust.\nIn fact, with RBR the actual row events with full row images are even reversible: we do not only get \u0026ldquo;set x = 10\u0026rdquo;, we do get \u0026ldquo;set x from 9 to 10\u0026rdquo;, and if the log were pure we could play it backwards and walk back in time step by step (this fails in reality in the general case, but again this is a different discussion).\nSo if you think of the database as a giant global variable that is modified in transactions, and as the binlog as a recording of these transactions in ideally reversible notation, then we can think of a services system as \u0026ldquo;that binlog on an event bus\u0026rdquo;, and as each of these services as a thing that builds materialized views (projections) of fragments of the total database and the total globalized state is gone, because it has become too big to maintain (We will see about that in a second).\nBut: You cannot realistically keep the log an indefinite amount of time. And even if you did, you cannot replay it from the Big Bang, because your recovery time would be unbounded. So there must be backups (images) associated with positions in the event stream, that allow individual services to reset and replay themselves. Or you demand that all questions are always sequentially independent and over fixed time windows so they can be starting up in the middle of an ongoing stream. Maybe that is even a reasonable restriction, it is in any case a useful classification for types of queries on a stream.\nBut there is also the problem of complicance/correctness/synchronisation: How do you show that for every event in your orderlog there is also an entry in the payment service that matches the order? Probably with some event reader that consumes both types of events, orders and payments. It would have to match one up with the other or alert if some order is being maintained as active for too long without finding a matching payment.\nAt some point in the evening I got into a chat with a colleague:\nL\u0026gt; You asked: Where do the Joins go? To the JoinDataService, obviously. Aka \u0026ldquo;Data Lake\u0026rdquo;. aka The Data Monolith that secretly underpins all the service shit.\nHe\u0026rsquo;s not wrong. The Hadoop in the end is the global state where all the events get joined together again and it produces a giant global image of the current and all past states. That is why the big data is big (and you can go back to the big bang, it just eats Megawatthours to do so.)\nAt some point I was like:\nK\u0026gt; I get the feeling that the answer is \u0026ldquo;we are looking at each event in a self-contained fashion. One event is one Transaction.\u0026rdquo; So an order event is self-contained and does not need to refer to other orders or other facts. It contains all data necessary to fulfull the order. It also means \u0026ldquo;Fuck you, reporting.\u0026rdquo; And that is where your data lake comes in.\nL\u0026gt; I wasn’t kidding.\nK\u0026gt; \u0026ldquo;Why is it called data lake?\u0026rdquo; \u0026ldquo;Because this is where we drown our problems in hardware and petabytes\u0026rdquo; Unfortunately, book keeping is stateful and cannot look at individual orders, it is all about aggregation. I also get the feeling that is where the blockchain bros come in. \u0026ldquo;by turning your event stream into a sequence of chained and signed blocks you get guarantees of losslessness\u0026rdquo;\nL\u0026gt; Blockchain == storage.\nK\u0026gt; Ok, that\u0026rsquo;s a Merkle tree then, it needs a wasteful PoW to become a real blockchain. And we have plenty of successful Merkle Trees, git, zfs and so on, just zero successful Blockchains, so it is useful to make this distinction. …\nL\u0026gt; There will always be two things: state and changes to state. Unless every change contains the entire previous state, or changes are distributed guaranteed, there is risk of diversion.\nK\u0026gt; So this is also a question I have about Blockch\u0026hellip; Merkle trees. You can spot holes. How do you heal them?\nL\u0026gt; Perhaps every change could contain hash of previous state, but that only helps detect diversion, not solve it.\nK\u0026gt; Yes, that is the merkle tree thing. Well, it is tree-dimensional and time-dimensional. you have the data structure itself, checksummed, and you have the stream of changes, also checksummed.\nL\u0026gt; Now. The obvious solution is detect then replay. But this poses two new problems. 1) what state do we trust enough to start from. 2) where do we replay changes from.\nK\u0026gt; In blockchains this is a voting problem. In git and the Linux kernel, this is literally Linus day job. … L\u0026gt; Right. Snapshot and replay from there. Like I said.\nK\u0026gt; Yes. I do believe it does not get more complicated than mysql binlogs and binlog positions, but with JSON as a REST service.\n","date":"2020-06-10T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/10/where-do-the-joins-go.html","tags":["lang_en","database","development"],"title":"Where do the JOINs go?"},{"categories":null,"content":"So this morning the 08:10 alarm in the living room did not go off. It was set to remind the son that it is time to get going for school. We noticed in time, but when I looked into the \u0026ldquo;Why?\u0026rdquo; things got interesting. That alarm is a chime from the household Sonos system, and when I investigated, I got this:\nSonos did the split and upgraded/rebranded their controller operating system to S1.\nSo Sonos did their thing and split their universe. There is S1, the Sonos application that is as-is and that can talk to all the hardware we have. And there is, or will be, S2, the new software. Devices running S1 cannot talk to S2 controller applications, and cannot be grouped with devices running S2 and vice versa.\nSome older devices, notably our two Play:5.1, cannot be upgraded to S2. Some newer devices, presumably everything they build in the future, cannot be downgraded ot S1.\nNobody wants two apps, and two Sonos networks.\nNobody wants to throw out perfectly good speakers.\nThis is a very unsatisfying situation, and a completely unnecessary one, to boot. I get that a single-core PPC CPU with 32 MB of memory and 32 MB of flash has limitations. I also know that newer devices are Raspi-4 like devices with up to 4 cores, 1024 MB of memory and 1024 MB of flash.\nSonos decided to split universes instead of dumbing down old devices to remote-controlled WAV/MP3 stream receivers and running the control software on any of the more powerful devices in a network. Sonos decided to not sell a Raspi 4-like Controller box for legacy devices in a nice chassis as a maintenance upgrade for legacy speakers.\nSonos always was known for long-term support of their devices, and Sonos was always known for making things simple and just work. They completely failed at any of these, their core values, with their S2 migration.\nAnd that is not even looking at the completely botched communication around this entire thing, with the explanation-less announcement of the trade-in program, and the completely messed up bricking-program.\nThe wife decided that we are too invested into this stuff to get rid of it short term, but put a purchase moratorium on new Sonos stuff into place. \u0026ldquo;And\u0026rdquo;, she said, \u0026ldquo;even if they get out of that, say, mid-2021, it\u0026rsquo;s still IKEA only. At least that keeps the financial risk under control.\u0026rdquo; Yup, downgraded from prime tier to consumer tier and a one year term on the bench.\n","date":"2020-06-09T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/09/sonos-just-got-complicated.html","tags":["lang_en","media","sonos"],"title":"Sonos just got complicated"},{"categories":null,"content":"In Data Centers and Energy I wrote about Hyperscaler Data Centers and Open Compute, and how they bring down the PUE of data centers, making them more efficient, and in Streaming and Energy I followed up on this, explaining how Netflix energy usage fits into this. Now the Uptime Institute has released a study that claims \u0026ldquo;Data center energy efficiency gains have flattened out\u0026rdquo;.\nIt is summarized as:\nThe average power usage effectiveness (PUE) ratio for a data center in 2020 is 1.58, only marginally better than 7 years ago, according to the latest annual Uptime Institute survey (findings to be published shortly).\nBut with a lot of caveats:\nAs ever, the data does not tell a complete story. This data is based on the average PUE per site, regardless of size or age. Newer data centers, usually built by hyperscale or colocation companies, tend to be much more efficient, and larger. A growing amount of work is therefore done in larger, more efficient data centers (Uptime Institute data in 2019 shows data centers above 20 MW to have lower PUEs). Data released by Google shows almost exactly the same curve shape — but at much lower values.\nWhich basically says the opposite: actually newer, larger hyperscaler cloud datacenters are way more energy efficient, and continued to do so after 2013. But a lot of IT is stagnating in old build, and is not being upgraded nor moved anywhere, so the numbers seem to stagnate when they are not.\nIt suggests the best way to improve the PUE of your data center is to move to get cloud and get rid of it, but Uptime being Uptime they cannot phrase it that way.\n(via @speicherstief )\n","date":"2020-06-08T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/08/cloud-and-energy.html","tags":["lang_en","climate","cloud","data center","energy","erklaerbaer"],"title":"Cloud and Energy"},{"categories":null,"content":"Charity Majors was on fire and on target, again :\nWhat is a Waffle House Index ?\nThe Waffle House Index is an informal metric named after the Waffle House restaurant chain and is used by the Federal Emergency Management Agency (FEMA) to determine the effect of a storm and the likely scale of assistance required for disaster recovery.\nA \u0026ldquo;Waffle House Index for Tooling\u0026rdquo; would be an indicator how bad the situation on the ground in an IT department is. Charity Majors suggest \u0026ldquo;CPU load alerts\u0026rdquo; as a tooling emergency indicator.\nWhy? CPU load or %CPU used is a useful metric, because it tells you how \u0026ldquo;full\u0026rdquo; the compute part of a thing is.\n\u0026ldquo;Rightsizing capacity\u0026rdquo; is not easy Alerting on it is a very weird idea, though, and still I find people doing this all of the time. Usually these people are in dire need of a better education, though.\nIf you right size your infrastructure, your goal is to have as little overhead as possible in provisioned resources: Only provision as little as needed, just as much as necessary to deliver.\nBut if you did that, a CPU alert would be going off all of the time, because ideally you want your boxes loaded to the limit, right?\nAlerting or provisioning? Or you can\u0026rsquo;t, because this is complicated: there are a lot of preconditions that go into even being able to load boxes to this limit. If you can\u0026rsquo;t, then a CPU load alert would also be useless, because it would either never fire, or if it did, it would be too late.\nWeb workloads, specifically, are usually spiky. Your workload may be within the provisioned capacity most of the time, but there will be very sudden, very short spikes that are not. These spikes are usually way shorter than the time it takes to grow your capacity. The way to handle that is to provision not for a median needed capacity, or even low 90ies percentile of required capacity, but to provision for max or 99.9 in order to be able to ride the waves.\nIf you alert on CPU load in such an environment, by the time the alert goes off, it will be too late already. Also, if you could alert, you could also size.\nExperimentation has effects on capacity Or you may be in an environment where the code is unpredictable, because you change it a lot with experiments going in and out of the codebase, or from 1%-on to full-on.\nWhen experimenting, it is important to expose code to users really quickly. That code being efficient is not a priority, because most of it will be scrapped as having a net-negative outcome anyway. It is not worth it putting engineering into code before you have the business side of things right.\nBeing able to run experiments means you need to overprovision capacity.\nDetailed, many-dimensional, highly tagged metrics But that of course means you need to alert on change in variants, and compare code path variants not only with respect to business metrics, but also on technical metrics in order to offset business wins. With proper experimentation, you cannot only say \u0026ldquo;This code is making us x Euro/h richer than the base variant.\u0026rdquo; You also need to be able to say \u0026ldquo;To run this we will have to pay y Euro/h more\u0026rdquo; and \u0026ldquo;Refactoring this for efficiency will cost z Euro in Engineering Time over a potential lifecycle of n hours, so y Euro/h more\u0026rdquo;.\nThis not only enables quantified reasoning over the change the experiment introduces, but also about how to proceed with the codebase when it goes full-on: Do we leave it as is and just buy more machinery, or do we put engineers on it to make it nice?\nProduction load testing numbers for capacity But in order to allow developers to experiment safely, you need to have accurate capacity metrics, which CPU load is not. Testing in production, safely, specifically automated load tests with actual production users and separate monitoring of experiment codepaths (and consumption attribution at the request level to experiment variants) will provide these numbers.\nAnd that is the way to go: From reactive scaling (\u0026ldquo;CPU Load too high, raise capacity\u0026rdquo;) to predictive scaling (\u0026ldquo;Our capacity is x req/m per box, and we have n. Evening peak will be m, so we need y boxen more by 16:00.\u0026rdquo;). Which brings us back to the spiky loads where we started.\nTL;DR If CPU load alerting worked, reactive autoscaling would work, too. In a web workload environment, it usually doesn\u0026rsquo;t. If you experiment, you need to attribute cost and benefit to experiment variants. That means load tests with production users. That means detailed, many-dimensional metrics with many tags, and a lot of ad-hoc metrics exploration. Once you have that, you are also ready for predictive autoscaling, which actually works. and\nIf your shop uses CPU load alerting, chances are that their tooling and education is in need of emergency updating. ","date":"2020-06-08T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/08/waffle-house-index-of-tooling.html","tags":["lang_en","devops","performance"],"title":"Waffle House Index of Tooling"},{"categories":null,"content":"So I want to monitor my Jitsi Videobridge to get some useful statistics. The instructions say to enable Videobridge statistics and then grab stuff from port 8080.\nOk, I think I did that, but it did not work. Time to dig into the container network config.\nAnd while I have a lot of network namespaces, they are unknown to ip netns, as can be seen when asking for a list. When we define a network namespace with ip netns, it will symlink the assigned name from /var/run/netns/\u0026lt;name\u0026gt; to /proc/\u0026lt;pid\u0026gt;/ns/net of the process that leads that namespace.\nSo these are our container names, we want them as netns names:\n# docker ps --format=\u0026#39;{{.Names}}\u0026#39; jitsi-jvb ... We can turn them into PIDs:\n# docker inspect -f \u0026#39;{{.State.Pid}}\u0026#39; jitsi-jvb 3899821 And with that, we can create a mapping script:\n#! /bin/bash names=\u0026#34;$(docker ps --format=\u0026#39;{{.Names}}\u0026#39;)\u0026#34; for name in $names do pid=\u0026#34;$(docker inspect -f \u0026#39;{{.State.Pid}}\u0026#39; $name)\u0026#34; if [ -z \u0026#34;$pid\u0026#34; ]; then echo \u0026#34;Cannot resolve $name\u0026#34;; continue; fi echo $pid $name ln -sf /proc/$pid/ns/net \u0026#34;/var/run/netns/$name\u0026#34; done Sure enough, I can now ip netns things:\n# ip netns list influxdb (id: 5) mosquitto (id: 2) grafana (id: 0) z2m (id: 8) mqttbridge (id: 9) jitsi-web (id: 3) jitsi-prosody (id: 1) jitsi-jvb (id: 4) jitsi-jicofo (id: 6) # ip netns exec jitsi-jvb lsof -i -n -P COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME dockerd 16420 root 134u IPv4 34920699 0t0 UDP 127.0.0.11:45441 dockerd 16420 root 138u IPv4 34920700 0t0 TCP 127.0.0.11:34251 (LISTEN) java 3900157 docker 152u IPv4 34917278 0t0 UDP 172.3.0.5:10000 java 3900157 docker 153u IPv4 34927830 0t0 TCP 172.3.0.5:59998-\u0026gt;172.3.0.2:5222 (ESTABLISHED) java 3900157 docker 157u IPv4 34927885 0t0 UDP *:5000 java 3900157 docker 159u IPv6 34927887 0t0 UDP *:5000 @ascii158 points me at\nconsole# nsenter -n -t $(docker inspect \u0026lt;containername\u0026gt; -f '{{.State.Pid}}') lsof -i -n -P\nas an alternative solution. That works, but is also quite a lot to type. Like the former solution it needs a script, just a different one. It still is more flexible: works with non-network namespaces and does not need to update a static lookup table.\nIt also highlights the fact that docker ps prints a lot of different identifiers, none of which are the actual PID. Which is funny, because that is kind of the point of a thing called ps, isn\u0026rsquo;t it?\n","date":"2020-06-07T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/07/fixing-ip-netns-for-docker.html","tags":["docker","networking","debug","lang_en"],"title":"Fixing \"ip netns\" for docker"},{"categories":null,"content":"A question from Reddit\u0026rsquo;s /r/mysql:\nHey, I was planning to make a dashboard, where Users are subjected to make edits on their profiles every now and then, and I expect a high volume of requests to the database.\nHaving worked previously with MySQL for another Dashboard, I encountered errors for:\nMaximum user connections - when I connected to the database only while query was to be executed\nLock wait timeout exceeded; try restarting transaction - when I connected to the database whenever a user logged into the dashboard, and ended the connection when he ended the session.\nBoth the approaches resulted in different errors, that too when I had a small user base, but they were active at the same time. Since, for the New Dashboard, I expect way more oscillating traffic, depending upon events, is there any way I can optimize my process of queries so that I can prevent the errors.\nI am having trouble understanding what was being tried. The host language was not stated, but that choice could influence system behavior because of the way the host language connects to the database.\nAssuming a 2-tier system where the web frontend contains the host language directly or indirectly (any of Perl, PHP, Python, Ruby as module or FCGI process), we will see as many connections to the database as there are web server processes or FCGI workers. Each connection spawns a thread in the database, and that will, when idle consume some 500 KB or so of memory in the database server. Obviously, the max_connections value must be higher or equal to the maximum number of workers.\nThere is no way for this to stall \u0026ldquo;when I connected to the database only while query was to be executed\u0026rdquo;. By default, each worker has one database connection and query execution is synchronous, the worker is stalled while the database is working on the query. This could be different, if a language such as Java or Javascript (node.js?) is being used, and a connection pool has been configured. In this case, if queries stall, the connection pool may be undersized.\nThe \u0026ldquo;Lock wait timeout exceeded\u0026rdquo; means an InnoDB row lock has been held for a transaction duration longer than 50 seconds. This seems to be either a deadlock (two transactions trying to change an overlapping set of rows) that is not properly detected, or it is an attempt to hold a lock over a human user interface transactions - always an error.\nFor the latter problem often an optimistic locking approach is successful. That is: No locking when generating the data entry screen for the UI. When the data entry screen is comitted, start the transaction and guard it with a version number or the full data set.\nLet\u0026rsquo;s look at this in a concrete fashion, using Python and a Flask app, using the ideas of Miguel Grinberg\u0026rsquo;s The Flask Mega-Tutorial as a foundation.\nWe want to edit some dummy table without timing out. The table is defined like so:\nCREATE TABLE `editme` ( `id` bigint unsigned NOT NULL AUTO_INCREMENT, `name` varchar(200) DEFAULT NULL, `city` varchar(200) DEFAULT NULL, UNIQUE KEY `id` (`id`) ) INSERT INTO `editme` VALUES (1,\u0026#39;Name 1\u0026#39;,\u0026#39;City 1\u0026#39;); INSERT INTO `editme` VALUES (2,\u0026#39;Name 2\u0026#39;,\u0026#39;City 2\u0026#39;); INSERT INTO `editme` VALUES (3,\u0026#39;Name 3\u0026#39;,\u0026#39;City 3\u0026#39;); INSERT INTO `editme` VALUES (4,\u0026#39;Name 4\u0026#39;,\u0026#39;City 4\u0026#39;); It has an integer field id, which is the primary key, and two data fields, name, and city. We do not care what that means, it is just an example. We provide some sample data.\nThe web form shows these values, and as hidden fields, also preserves the pre-edit values. So we get the id field to identify rows, and then hidden fields oldname and oldcity, and the matching visible edit fields name and city.\n{% extends \u0026#34;base.html\u0026#34; %} {% block content %} {% for row in table %} \u0026lt;tr\u0026gt; \u0026lt;form action=\u0026#34;\u0026#34; method=\u0026#34;post\u0026#34; novalidate\u0026gt; {{ form.csrf_token }} {{ form.id(value=row.id) }} {{ form.oldname(value=row.name) }} {{ form.oldcity(value=row.city) }} \u0026lt;td\u0026gt;{{ form.name(value=row.name, size=40) }}\u0026lt;/td\u0026gt; \u0026lt;td\u0026gt;{{ form.city(value=row.city, siz=40) }}\u0026lt;/td\u0026gt; \u0026lt;td\u0026gt;{{ form.submit() }}\u0026lt;/td\u0026gt; \u0026lt;/form\u0026gt; \u0026lt;/tr\u0026gt; {% endfor %} {% endblock %} Flask and WTForms demand a Form Class to handle this. We name it EditForm and define our hidden and visible fields:\n#! /usr/bin/env python from flask_wtf import FlaskForm from wtforms import StringField, SubmitField, HiddenField from wtforms.validators import DataRequired class EditForm(FlaskForm): id = HiddenField(\u0026#34;id\u0026#34;, validators=[DataRequired()]) oldname = HiddenField(\u0026#34;oldname\u0026#34;, validators=[DataRequired()]) oldcity = HiddenField(\u0026#34;oldcity\u0026#34;, validators=[DataRequired()]) name = StringField(\u0026#34;name\u0026#34;, validators=[DataRequired()]) city = StringField(\u0026#34;city\u0026#34;, validators=[DataRequired()]) submit = SubmitField(\u0026#34;Save\u0026#34;) Finally we can put all the cabling into our routes:\n#! /usr/bin/env python from flask import render_template, flash from app import app from app.forms import EditForm from app.data import FormUpdater # this is where the optimistic locking happens @app.route(\u0026#34;/\u0026#34;, methods=[\u0026#34;GET\u0026#34;, \u0026#34;POST\u0026#34;]) @app.route(\u0026#34;/index\u0026#34;, methods=[\u0026#34;GET\u0026#34;, \u0026#34;POST\u0026#34;]) def index(): f = FormUpdater() table = f.fetch() # load table into memory form = EditForm() # show an edit form if form.validate_on_submit(): # if the form has been submitted back, modified = f.update(form) # save the data, remember the number of changed rows table = f.fetch() # reload the data for checking flash(f\u0026#34;Updated {modified} rows.\u0026#34;) else: flash(\u0026#34;No data received.\u0026#34;) # show the form return render_template(\u0026#34;index.html\u0026#34;, title=\u0026#34;Home\u0026#34;, table=table, form=form) We register only one action, for the routes / and /index. This route loads the data from the database, by creating a FormUpdater and calling fetch() on it.\nIn case this form has been edited and the Save button pressed, we end up in the if-branch for validate_on_submit(). Here we call update() on the FormUpdater, and the re-fetch the data to make sure we show the updates. We also remember the number of modified rows in modified.\nIn any case, we show the table as a form.\nNow, the FormUpdater:\n#! /usr/bin/env python import MySQLdb import MySQLdb.cursors class FormUpdater: def __init__(self): self.connect() def connect(self): self.db = MySQLdb.connect(host=\u0026#34;localhost\u0026#34;, user=\u0026#34;root\u0026#34;, db=\u0026#34;kris\u0026#34;) def fetch(self): cur = MySQLdb.cursors.DictCursor(self.db) query = \u0026#34;select id, name, city from editme\u0026#34; cur.execute(query) return cur.fetchall() def update(self, form): query = \u0026#34;update editme set name = %s, city = %s where id = %s and name = %s and city = %s\u0026#34; data = ( form.name.data, form.city.data, form.id.data, form.oldname.data, form.oldcity.data, ) cur = self.db.cursor() cur.execute(query, data) modified = cur.rowcount self.db.commit() return modified The fetch() method simply runs select id, name, city from editme and returns all rows. In order to make our life easier, we are using a DictCursor, so we get named columns.\nThe update() method generates a query that sets the new values for name and city, identifying the row by id. The where-clasuse of the update statement contains the additional condition AND name = %s AND city = %s, where we put the old name and old city into the placeholders.\nSo when we generate the form, we do not lock the record, and we put the old name and old city into the form itself in hidden fields. When we accept the form, we check if the name and city are unchanged by comparing them against the old name and old city as they have been submitted back.\nIn case they have been changed, the update fails and the user edits are lost. Otherwise the update statement goes through. We report back the number of rows changes, 0 or 1.\nMore intelligence could be put into the function: In case we do not modify any row, we could reload the row and check if the oldname still matches - if yes, we could accept any user edit on the name field, as there is no collision. Then we could do the same with the city.\nMore intelligence could be put into the editor: In case we have any collision, we could flash and highlight the collision and allow the user to resubmit their change, resolving the conflict.\n","date":"2020-06-04T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/04/optimistic-locking.html","tags":["lang_en","mysqldev","mysql","erklaerbaer","reddit"],"title":"Optimistic locking"},{"categories":null,"content":"Als ich noch ein ganz kleiner Kris war, habe ich die Schülerbüchereien von mehreren Schulen durchgelesen und mich dann über die Gemeindebücherei hergemacht. Es ist jetzt mehr als 40 Jahre her, daß ich da im Schülerteam mitgearbeitet habe, aber die Chefin, die damals gerade angefangen hatte und die auch das Schülerteam begründet hat, ist immer noch da und macht ihren Job. Das ist unglaublich großartig.\nGroß geworden bin ich unter anderem mit den Büchern von Rolf Ulrici , Raumschiff Monitor und Erdschiff Giganto.\nSteinalte deutsche Klischee-Scifi, eigentlich mehr eine Kinder-Abenteuerserie mit Weltraum-Hintergrund.\nIch habe aus Gründen vor einigen Wochen versucht, die Bücher (Monitor, Giganto und weil ich gerade dabei war, Oliver Hassencamps \u0026ldquo;Burg Schreckenstein\u0026rdquo;) als eBook zu finden, aber kaum etwas davon ist auf Kindle oder anderen eBook-Shops zu finden. Aber das macht nichts, es gibt… andere Quellen und man kann sich dann damit behelfen.\nWie dem auch sei, beim nochmaligen Durchlesen mit vier Dekaden Abstand ist die Wirkung eine andere, und es wird auch deutlich, wie sehr sich die Welt und unsere Sicht auf die Gegenwart und Zukunft verändert hat in all dieser Zeit. Damit meine ich vordergründige Aufhänger wie die eigenartig veraltet-moderne Technik und das heute mehr als seltsam wirkende Frauenbild, daß sich durch alle Bücher aus dieser Zeit zu ziehen scheint.\nDoch während man darüber hinweg sehen könnte, geht es auch tiefer: Pacing und Erzählstruktur sind eigenartig anders als man das heute gewohnt wäre, es passiert pro Band nicht viel und die Figuren erleben die Handlung mehr als daß sie sie bestimmen. Ich habe die Monitor-Serie an einem Wochenende schnell durchgelesen und mir \u0026ldquo;Giganto\u0026rdquo; und auch den Hassencamp dann geschenkt. Es hätte schlimmer sein können: Hat jemand von Euch einmal versucht, die Captain Future Anime-Serie anzusehen und wenn ja, wie lange habt Ihr durchgehalten?\nWie dem auch sei: Es war bei aller Kritik eine schöne Erinnerung und ich habe meine alte Gemeindebücherei wiedergefunden.\n","date":"2020-06-03T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/03/fertig-gelesen-rolf-ulrici.html","tags":["lang_de","review","book","media","scifi"],"title":"Fertig gelesen: Rolf Ulrici"},{"categories":null,"content":"A question from Reddit’s /r/mysql led to a longer discussion of cursors and how they are implemented in MySQL, and what the advantages and drawbacks are.\nThe OP probably had a slow query, but was misphrasing the question:\nI am having performance problems where my cursor is taking 6-8 seconds to go through a hundred rows. I think this is because I am also using while loops to loop through JSON objects to pull information. I am wondering if cursors are usually this slow or if I have set it up poorly.\nThis turned into a longer exchange about the MySQL C API and the other APIs - some of them have been created by wrapping the C-API, others reimplemented the protocol from scratch.\nWhen the server executes a query, the result is shipped to the client as a result set, which we can imagine as a table made up from rows made up from columns. The server tries to resolve the query in a streaming fashion, because that allows it to ship each row as it is being produced, saving memory in the server. The default Join Algorithm MySQL uses, Nested Loop Join , is well suited for this.\nSo unless the result set needs to be captured for further treatment in the server (indicated by \u0026ldquo;using temporary\u0026rdquo; or \u0026ldquo;using filesort\u0026rdquo; in the EXPLAIN), it is being shipped to the client as it is being produced.\nThe client by default downloads the whole result set into memory, and keeps it there until it is no longer needed (until mysql_free_result() is being called in the C API). This can use a lot of memory, but it allows the client to jump around in the result set randomly. The host language can request this mode (it is the default) with the function mysql_store_result() .\nIf you expect very large result sets you can save a lot of memory, at the cost of losing the capability of random access to the result set, by requesting a streaming mode with mysql_use_result .\nIn this mode, each result set row is being downloaded as it is needed - until then it is being queued in the server. In fact, streaming query execution in the server is stalled. Only as the client requests another row the server begins to produce this row, synchronizing query execution in the server and the client. This used to be a Bad Thing™ because with MyISAM queries a table lock was held by an executing query, and if the client stalls query execution in mysql_use_result() mode locks on the server will be held longer and memory resources will be held longer, straining scarce server resources.\nWith InnoDB, things became better - locking is different, and with MVCC readers are never stalled by writers (or other readers). Still, mysql_store_result() is the default, and this is mostly a good thing.\nOnly for programs such as mysqldump the streaming mode is the default. mysqldump calls it the --quick-mode and it is on by default. Otherwise mysqldump would try to download the entire database into client memory, and that is usually a very bad idea. You could run mysqldump --skip-quick-mode and watch the mysqldump binary bloat until you get a visit from the OOM killer.\nSo how is this done in different language APIs?\nPerl https://metacpan.org/pod/DBD::mysql#DATABASE-HANDLES , scroll down to mysql_store_result\n$dbh = DBI-\u0026gt;connect(\u0026#34;DBI:mysql:test;mysql_use_result=1\u0026#34;, \u0026#34;root\u0026#34;, \u0026#34;\u0026#34;); PHP https://www.php.net/manual/en/mysqli.use-result.php , see examples there. PHP contains an independent implementation of the MySQL protocol with a different memory management that leverages Zend Values (ZVALs) in order to prevent data duplication, the situation is a bit more complicated and a lot more efficient here.\nJava https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-reference-implementation-notes.html , scroll down to ResultSet, look up fetchSize().\nJDBC is a protocol implementation in native Java and is not based on Connector/C alias libmysqlclient.a. Things could be different here, within limits (the protocol is still the same), but mostly aren\u0026rsquo;t.\nODBC https://dev.mysql.com/doc/connector-odbc/en/connector-odbc-configuration-connection-parameters.html , scroll down to the prefetch parameter.\nODBC is a protocol implementation that is not based on Connector/C alias libmysqlclient.a. Things are different here, mostly because ODBC is a very rigid specification and a lot of things cannot be easily mapped from ODBC-think into MySQL-realities. There are a lot of parameters and magical values. Tread with care.\n","date":"2020-06-01T00:00:00Z","href":"https://blog.koehntopp.info/2020/06/01/mysql-storeresult-and-useresult.html","tags":["lang_en","mysqldev","mysql","erklaerbaer","reddit"],"title":"MySQL store_result and use_result"},{"categories":null,"content":"I have an embedded Mac mini, it drives the local TV screen by doing OpenVPN to Germany, Netflix, Amazon and the local Subsonic . It does not really do much with the local disk, and it does not need to wake up every hour to make a Time Machine backup over the network.\nTo change the backup interval, install Time Machine Editor .\nTime Machine Editor can change the Time Machine Backup interval. It has a background daemon that triggers the backups, a GUI application and a command line utility.\nTime Machine Editor works with automatic Time Machine backups disabled, which will turn off the local scheduler. It instead installs its own scheduler as a background process, which will then kick off the regular Time Machine backup process, but on the schedule you want. It can control all aspects of Time Machine: remote backups to an external disk as well as local snapshots. It understands applications that prevent display and machine sleep, exclusion times for the night and custom schedules. A command line application, tmectl, allows control of all aspects programmatically as well.\nBecause of the way the application is built, it does not require special privileges, and is also not running into System Integrity Protection problems with Catalina.\nThe pre-Catalina\n$ sudo defaults write /System/Library/LaunchDaemons/com.apple.backupd-auto StartInterval -int 14400 does no longer work: It tries to change a plist in /System and fails. The approach chosen by Time Machine Editor is cleaner and not subject to these new Apple limitations.\nEnergy consumption of the Mac mini before and after installation of Time Machine Editor. I am running a backup every 6h, and that is just fine with this machine and how it is being used.\n","date":"2020-05-26T00:00:00Z","href":"https://blog.koehntopp.info/2020/05/26/time-machine-editor.html","tags":["lang_en","apple","macos"],"title":"Time Machine Editor"},{"categories":null,"content":"In an earlier episode I asked for Plugs with Wi-Fi and ended up with Gosund and Tasmota . Considering this to be a success, I asked the Twitters for Temperature and Humidity Sensors. Of course, this got complicated.\nNow that I have Powermeter Plugs everywhere: What are good sensors for temperature, humidity and CO2 that can be tasmotified? Wi-Fi, http or mqtt?\nI was pointed to Xiaomi Aqara , but these do not do Wi-Fi, but Zigbee - whatever that is, it is spoken by Zigbee USB Gateway Sticks and works with Raspi. We\u0026rsquo;ll see.\nChristian Kahlo mentioned GY-BME280 Sensors, which can be connected to any ESP Tasmota device, and work with the \u0026ldquo;sensors\u0026rdquo;-Edition of Tasmota just fine. Worth a try. Jens Dibbern points to generic NodeMCU modules and BME Sensors again.\nRené Kerner recommends this talk , which may be relevant.\nWickelkranz points at the Aranet 4 , but 150 Euro is too much to play with it randomly. This would need more pre-buy research. The FAQ is not encouraging, but the Forums are helpful and point to Github .\nSascha Köhler recommends the Wemos D1 Mini Development Board and then a DIY sensor build.\n","date":"2020-05-25T00:00:00Z","href":"https://blog.koehntopp.info/2020/05/25/air-quality-sensors.html","tags":["lang_en","iot"],"title":"Air Quality Sensors"},{"categories":null,"content":"(continued from Plugs with Wi-Fi ) So the Gosund plugs came, as did the Raspi 4. I did cancel the Shelly plug and decomissioned the TP-Link Kaka, because Tasmota on Gosund is awesome and the Gosund hardware is dirt cheap.\nPower consumption of the local data grave, with too old a mainboard and CPU and way too much storage\nBut lets start at the beginning:\n4 Pack of Gosund SP111 V1.1 , so they come in at around 10 Euro/pc. They come with a chinese cloud application that is utterly useless, and I never even tried to get them running with it. This is recommended, because running that app might update the native firmware of these things and potentially lock it.\nThere is tuya-convert for solder-free flashing. The software needs to run on a machine with a controllable Wi-Fi chip, in my case a Raspi 4. It fakes a trustworthy firmware update hotspot and then flashes an alternate firmware onto the plug. For me, this was an entirely pain-free process.\nClarification: tuya-convert is a solder-free conversion process that exploits a firmware update vulnerability in the original firmware. For some plugs or ESP devices in general it can work, and if it does, it is a breeze.\nSome Tuya devices are locked. In this case it is always possible to convert them by connecting a serial port to the GPIO pins of the ESP chip. This can be done with a Raspi 4 (Case , Power , SD Card ), a RS232 adapter , and some headers and breadboard wires. Sometimes the connection can be made without soldering using the breadboard wires, and always with a quick solder drop to make the connection more reliable. In my case all of that was not necessary for the Gosund plugs, tuya-convert worked.\nIn my home, the new firmware is Tasmota - there is also esphome. Tasmota does http, mqtt (both with TLS, if you wish) and syslog.\nTasmota UI in Admin mode. When configured, it can be locked to only show the data and the ON/OFF toggle. Control is then only possible via MQTT. It can also be basic-auth protected.\nAfter conversion, the plug is a hotspot. You join with a cellphone and enter the \u0026ldquo;login to hotspot\u0026rdquo; screen. You see a config for Wi-Fi credentials. The plug joins your local Wi-Fi, and config continues via normal Wi-Fi, using http or mqtt.\nApart from the obvious config through http, you want\n{\u0026#34;NAME\u0026#34;:\u0026#34;SP111 v1.1\u0026#34;,\u0026#34;GPIO\u0026#34;:[56,0,158,0,132,134,0,0,131,17,0,21,0],\u0026#34;FLAG\u0026#34;:0,\u0026#34;BASE\u0026#34;:45} as the template of choice for the v1.1 plug. Tasmota Templates select the binary function module that controls the plug, here 45 - Blitzwolf SHP6 - and then assigns functions to the GPIO pins.\nApart from setting up syslog, MQTT and Wi-Fi, you also want to run some Console commands:\nVoltageSet 235 SetOption21 1 The former sets the base voltage the plug sees, calibrating things, and the latter makes the plug report voltage even when the relais is off.\nSome people also recommend to shorten the power consumption reporting interval. The minimum is 10s. This can be done in the web interface, or with a console command:\nTelePeriod 10 Additionally, the number of digits after the comma can be dialled up. If you trust the equipment to actually deliver this precision, do configure like this, and also set a NTP server.\nBacklog AmpRes 3; EnergyRes 5; FreqRes 3; VoltRes 3; WattRes 3 NtpServer http://ptbtime1.ptb.de MQTT to Influx and Grafana contains instructions for dockering Influx and Grafana and a small piece of Python that can be trivially adjusted to grab the power reports from the plug and load them into the Influx.\nI added a total of 10 plugs to the household and may have need for another 10. I am also looking at a potential IPv4 shortage at home and may need to expand beyond a single /24.\n","date":"2020-05-20T00:00:00Z","href":"https://blog.koehntopp.info/2020/05/20/gosund-and-tasmota.html","tags":["lang_en","iot","home automation"],"title":"Gosund and Tasmota"},{"categories":null,"content":"When the Coronacrisis began, a good friend of mine started a Discord server and brought the band back together. As with any of the Coronavirus Quarantine Chats, the initial discussion revolved around baking proper bread. I wanted to archive this, so I needed a way to download Discord chat histories for archive.\nThe DiscordChatExporter can do that, and doing this was actually easy.\nI needed\nDocker my Discord User Token No Discord Bot Token The Discord Channel ID and then did a small starter script:\n~/discord $ cat starter.sh #! /bin/bash -- rm -rf /tmp/export mkdir /tmp/export docker run --rm \\ --network host \\ -v /tmp/export:/app/out \\ tyrrrz/discordchatexporter:stable export \\ --channel $(cat discord-channel-token.txt) --token $(cat discord-user-token.txt) The Wiki has detailed instructions for obtaining the tokens and running the Docker version .\nIt is important to note that I did not need a bot account or bot token, it is possible to do this under the user identity.\nIt is also important to note that I needed the --network host option (of course) in order to get the container to be able to access the network and have DNS.\nAnd it is finally important to note that this downloads the base HTML only. Images and other content is still stored at Discord. So once you have the log, you still need to put this into a browser and save it with images or use some other method to get a full archive with all media content. Firefox can do this nicely: View, hit Cmd-S and store.\n","date":"2020-05-18T00:00:00Z","href":"https://blog.koehntopp.info/2020/05/18/note-to-self-archiving-discord-chats.html","tags":["lang_en","discord"],"title":"Note to self: Archiving Discord Chats"},{"categories":null,"content":"I have been pointed at the following question: »Has anyone ever used mySQL events to auto-delete rows from a table after set period? Wondering your experience of doing this.«\nThere are two ends to this question:\nexpiring data from a MySQL table doing this with the event scheduler Mass-deleting data from InnoDB You can of course delete data from a table using the SQL DELETE statement with an arbitrary WHERE-clause at any time:\nDELETE FROM t WHERE report_date \u0026lt; now() - INTERVAL 7 DAY Delete data from table t that has a report_date more than 7 days in the past. Since the interval expression on the right hand side evaluates to a constant and the left hand side is a bare column name, the planner can leverage an index on the column report_date to find the rows to delete quickly.\nThe downside of a query like this is that you do not know how many rows you will be deleting, and (especially if there is not an index on report_date) the query may also generate a whole lot of locks. These locks may be getting in the way of other operations on this table.\nIn the SQL style guide we use at work, we recommend that developers run a SELECT statement instead. They would be retrieving the ID values of the rows they want to delete and then delete them with WHERE id IN ( \u0026lt;list of constants\u0026gt; ) using a reasonable batch size and replication delay monitoring where applicable.\nSo something like:\nbatch_size = 1000 delete_stmt = \u0026#34;DELETE FROM t WHERE id IN ( %s )\u0026#34; cursor.execute(\u0026#34;SELECT id FROM t WHERE report_date \u0026lt; now() - INTERVAL 7 DAY\u0026#34;) full_set = [ id[0] for id in cursor.fetchall() ] for n in range(0, len(full_set), batch_size): current_set = \u0026#39;, \u0026#39;.join(full_set[n:n+batch_size]) cursor.execute(delete_stmt % current_set) cursor.commit() The ORM we use (a local custom thing) actually provides functionality that automates this, and also checks replication delay on the replicas. It will delay the loop execution if necessary in order to keep the lag on the replicas within the service level.\nWhy this is expensive This is not the best way to get rid of data on a schedule, though. MySQL InnoDB stores data in primary key order, and an auto_increment primary key is like a dynamically increasing time stamp. It will organize your table so that more recent data is on the right hand side of the table and older data is on the left hand side. Adds always happen at the very right hand side, and deletes happen always at the very left hand side.\nNow, data in InnoDB primary keys is structured as a B+-Tree. That is a B-Tree where the leaves are the actual data pages (and that is where the order comes from). B-Trees are balanced: The longest path from the root to any leaf page is at maximum one step longer than the shortest path. Rebalancing operations have to happen to maintain this, and in a structure where we append at the right and delete from the left, a maximum number of rebalancing operations have to happen to maintain the ring buffer. InnoDB performs comparatively badly at this.\nPartitions instead The recommended way to do this is to use MySQL partitions and partition by ID ranges in a sensible way. Then use ALTER TABLE t DROP PARTIION instead of DELETE statements to get rid of data.\nThis will hurt way less than deleting data, and also not mess with the structure of the B+-Tree.\nCREATE TABLE t ( id INTEGER NOT NULL PRIMARY KEY auto_increment, ... ) PARTITION BY RANGE (id) () PARTITION p0 VALUES LESS THAN (1000000), PARTITION p1 VALUES LESS THAN (2000000) ); ALTER TABLE t ADD PARTITION ( PARTITION p2 VALUES LESS THAN (3000000)), DROP PARTITION p0; Because each partition is internally a table of its own, each partition will have their own much tinyier tree, and the actual drop operation is a file system delete instead of a tree rebalancing operation.\nOther systems The problem statement sounds a bit like somebody is trying to build a time series database, but there are valid relation system use-cases that sound similar and are not actually a TSDB use case.\nIn case of this being a TSDB use-case, there is cassandra as a NoSQL data store with automatic data expiration, as shown in the manual .\nPrometheus, Influx and Graphite are popular TSDB data stores that work with structures that expire data more efficiently than rebalancing a B+-Tree.\nEvents (and code in the database) In our at-work styleguide we discourage the use of code in the database as a general rule. That means you are not supposed to use events, triggers, stored functions or stored procedures or even foreign key constraints.\nThey are hard to version and make migrations and upgrades very painful. They also create magical action at a distance, and they make it close to impossible to judge the cost of a statement by looking at the code. In fact, they often are invisible to developers looking at at checkout of the codebase.\nCode in the database is usually not visible when you look at a piece of code that makes calls to an ORM. When you make changes to that code, or the table definition, in a distributed setup the rollout is often staggered and the old and new version of a thing have to co-exist and maintain compatibility with the changed and unchanged versions of a schema. With code in the database, a lot of complexity and fragility is added, so avoid this.\nWith foreign key constraints, it is even worse for a developer, because the cost of a statement is very hard to judge. A simple DELETE FROM hotels WHERE id = 10 with an ON DELETE CASCADE can be fast, if there are few reservations dangling off this particular id, or it can literally take hours. Because this is part of the schema, and may be transitive an arbitrary number of relations deep, it is near impossible for developers to judge if this is acceptable. We prefer to code this in the host language instead.\nSimilarly, events are invisible and happen magically or don\u0026rsquo;t. They tend to be forgotten and die with the box they are defined on, or are not upgraded properly with the schema they act on.\nWe have a distributed cron scheduler that is resilient, and schedule jobs on this, using code written in the host language instead of native SQL. This is visible to developers, and maintained with the rest of the application.\nWe ask developers to not use events.\nOn the other hand, we are an enterprise and large enough to have counter examples for every rule, usually well considered. But the rule still stands and makes sense.\nSo we do use events to create heartbeats in a heartbeat table: The replication master pushes the current timestamp into the heartbeat table and expires heartbeats after a time. Replicas and client applications can check the heartbeat visible on the replica itself and see actual lag.\nThis tends to fail when there is a master switchover or failover (it\u0026rsquo;s SPoFfy and discouraged for a reason). Hence we also push the master hostname together with the timestamp, so that at the replica we can see which master pushed the heartbeat, and suddenly a simple idea becomes complex. This system is about to be replaced with an external heartbeat source RSN™.\n","date":"2020-05-13T00:00:00Z","href":"https://blog.koehntopp.info/2020/05/13/deleting-data-from-mysql.html","tags":["lang_en","database","mysql"],"title":"Deleting data from MySQL"},{"categories":null,"content":"So we are baking bread, and for that we have a Wiesheu minimat oven that comes in at a full 16A - supposedly it is using 3kW or more peak plus the condenser hood that comes in at another 500W top power draw. On the other hand, when running the thing is hardly lukewarm, it is running much cooler than the Neff household oven/microwave combo we have.\nWiesheu minimat with condenser hood. Convection oven with 3 trays (for buns) or a single layer of stone plate for bread. Can do 3x12 buns (20 min) or 2-3 loaves of bread (1h). Power draw 3kW + 0.5kW for the hood. Intended use is a show oven in the sales room of a bakery, or as PoS oven in a gas station or supermarket.\nSo Sammy wanted to know what is cheaper to use: The Wiesheu or the Neff. And for that I needed a way to measure and report power dram of a wall plug. I asked Twitter for solutions that can do\n16A (some solutions do only 10A) no cloud account or cloud reporting I was imagining something that pushes power consumption to syslog every minute or can log to a graphite. I don\u0026rsquo;t actually need on/off relais, but that would be okay to have. I have Wi-Fi on 2.4 GHz and 5 GHz everywhere. I do not actually have use for a cellphone app or control from outside the Wi-Fi.\nThere was lifely discussion, and I have been pointed to\nTasmota , an alternative firmware for devices based on the ESP8266 chip, and specifically the Gosund plugs, at 24 Euro for a pair they are dirt cheap. The plugs are to be controlled with a cellphone app that requires cloud usage, but you are not supposed to use this, but reflash them with Tasmota and then use a local MQTT bridge to run them. The TP-Link Kasa HS110 . The device can be configured with a local cellphone app, not requiring a cloud account, and speaks a simple propietary protocol that has been reverse engineered and implemented in Python . The switch has a number of known security problems, and can be controlled and bricked by anyone having access to your local network. The Kasa plug comes in at 23 Euro/piece. The Shelly Plug (16A device), also available as Plug S (10A device). While the devices come with an app and cloud, they have a documented API . It comes in at 32.40 Euro when ordered from the manufacurer. The TP-Link Kasa arrived yesterday and was immediately usable: Plug in, install app, skip cloud registration, put plug into Wi-Fi, and start using it. I was only interested into their energy reporting feature and I now know:\nThe oven will consume up to 3200W when heating up. It will consume around 170W while running normally, maintaining level temperature. It consumes around 54W when on and running idle. It consumes 3.5W when switched off in standby. Yesterday the Gosund plugs have been arriving, too. They need a bit of treatment, though. Instructions said to not connect them so that they do not update themselves - it can only make the reflashing harder if the original firmware is current.\nI also seem to need a RS232-adapter and/or a Raspi with Wi-Fi in order to flash them over Wi-Fi, so I bought a bit of toys to do that:\nA Raspi 4B Case for the Raspi Power supply for the Raspi SD-card for the Raspi CH340G Adapter for local flashing There seem to be two procedures for reflashing, one wired , and one over the air using tuya-convert . Having a modern Raspi is not wrong, so we will see where that goes, but the wired procedure looks more stable to me.\nNext week I will know more.\n","date":"2020-05-12T00:00:00Z","href":"https://blog.koehntopp.info/2020/05/12/plugs-with-wifi.html","tags":["lang_en","iot","home automation"],"title":"Plugs with Wi-Fi"},{"categories":null,"content":"Let\u0026rsquo;s have a look at very old database systems. Things like dBase or compatible systems (\u0026ldquo;xBases\u0026rdquo;) allowed to manipulate record based files (with indexes) in a procedural way. What does that mean?\nxBase The system allows developers to create files that contain a well defined (fixed size) record structure, basically an array of struct on disk, often together with the definition of on-screen masks designed to show a single record and a (searchable) list of records. Data would be entered in masks and stored automatically on disk in records in the file. Writes would modify records in place, during the write (and the edit of the data in a mask) the record would be locked.\nWith an index command, the system would extract the specificed data field from all records and build an index: another array of the form (field, recno), where field is the name of the field that is to be indexed and recno is the record number from the original data file. Data in the index would be stored sorted in field order, allowing fast lookup through Btree lookups.\nAccess to records would be by record number, through a full table scan on an arbitrary column or by leveraging an index - the latter would be manual through code written by a developer. That is, a developer would open the index, perform an index access to fetch the records required and then further whittle down the list by applying additional conditions.\nThe developer would have to write a piece of code to open the indexes of interest, position a cursor in there and then manually select the record numbers of the records of interest, then read those records and output the resulting list. This is a data access program.\nProcedural Data Access in MySQL We can do the same thing in MySQL.\nmysql\u0026gt; create table emp ( empno integer not null, name varchar(40), salary integer not null, primary key (empno) ); mysql\u0026gt; insert into emp values (1, \u0026#39;Lucky Eddie\u0026#39;, 100); mysql\u0026gt; insert into emp values (2, \u0026#39;Hagar Horrible\u0026#39;, 200); mysql\u0026gt; insert into emp values (3, \u0026#39;Honi Horrible\u0026#39;, 300); mysql\u0026gt; insert into emp values (4, \u0026#39;Kwack\u0026#39;, 400); mysql\u0026gt; create index salary on emp (salary); We create an employee table emp and fill it with some data. We create an additional index on the salary column.\nUsing the low level HANDLER command we can perform a procedural data lookup:\nmysql\u0026gt; handler emp open as e; mysql\u0026gt; handler e read salary \u0026lt;= (200) limit 10; +-------+----------------+--------+ | empno | name | salary | +-------+----------------+--------+ | 2 | Hagar Horrible | 200 | | 1 | Lucky Eddie | 100 | +-------+----------------+--------+ 2 rows in set (0.00 sec) mysql\u0026gt; handler e close; Query OK, 0 rows affected (0.00 sec) In this example we are opening the table emp using the alias e. We then read the table in index order, using the salary index, and fetch up to 10 records that satisfy the condition \u0026lsquo;index value \u0026lt;= 200\u0026rsquo;. The two matching records are listed.\nWe could have given the command as handler e read salary \u0026lt;= (200) without the limit clause. This would have returned only one matching record, and positioned the cursor in the index. With handler e read next we would then be able to iterate through the index, reading the records one by one.\nIn this case the index returns only data that is of interest to us.\nSuppose we want all employees that have a salary \u0026lt;= 200 and that are members of the Horrible family.\nHow would we go about this? There is no index that we can use that will return only valid records fulfilling both conditions, the one on salary as well as the one on name.\nInstead we open the index as before, read the records, but also manually filter out all unwanted records (we want only records WHERE name LIKE '%Horrible').\nSQL SQL is a declarative language: We specify what we want, and not how the database is supposed to fetch it. The database planner and optimizer then creates a data access program for us behind the scenes - what it looks like exactly is very much dependent on the database version, and what support structures for data access exist (that is, which indexes are defined).\nBut: For any given QL (Query Language) statement, the result set on the same data will always be the same, no matter which version of the database and which indexes exist, or how the data access program can be optimized using these indexes.\nUsing the table above, we say what we want: Records with salary \u0026lt;= 200 and names ending in the \u0026ldquo;Horrible\u0026rdquo; family name.\nmysql\u0026gt; select * from emp where salary \u0026lt;= 200 and name like \u0026#39;%Horrible\u0026#39;; +-------+----------------+--------+ | empno | name | salary | +-------+----------------+--------+ | 2 | Hagar Horrible | 200 | +-------+----------------+--------+ 1 row in set (0.01 sec) We then drop the index and re-run the same statement:\nmysql\u0026gt; alter table emp drop index salary; Query OK, 0 rows affected (0.03 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql\u0026gt; select * from emp where salary \u0026lt;= 200 and name like \u0026#39;%Horrible\u0026#39;; +-------+----------------+--------+ | empno | name | salary | +-------+----------------+--------+ | 2 | Hagar Horrible | 200 | +-------+----------------+--------+ 1 row in set (0.00 sec) The result is the same. The data access program may or may not have changed - we could check with EXPLAIN, but unless it is slow or otherwise weird we do not actually care.\nSo what? Some ten years ago we had an explosion of NoSQL products, many of which were either Key-Value stores (a data structure even simpler than the dBase ISAM-structures shown above), or provided procedural access to data leveraging indexes.\nCassandra for example is a product that provides the latter type of structure (and so does DynamoDB). When I recently dissed a colleague for promoting a distributed dBase III, that is what I meant. I guess that also dates me.\nThe point being that data access programs are boring code\nthat nobody wants to write, that is full of arbitrary restrictions , that is hard to change when the query conditions change and that often is also not quite correct. When we observe code generators mounted on top of NoSQL products that eat SQL and output DAPs for the NoSQL product underneath, this is why. This is code that is better written on the fly at runtime, by machines, and run largely without human supervision.\nThis is what a query planner and executor does for you in relational database products.\n","date":"2020-05-01T00:00:00Z","href":"https://blog.koehntopp.info/2020/05/01/data-access-programs.html","tags":["lang_en","database"],"title":"Data Access Programs and Pre-SQL systems"},{"categories":null,"content":"In the foreword to his short story \u0026ldquo;With Friends Like These\u0026rdquo; , Alan Dean Foster writes\nHFY? My favorite writer of science fiction was, and still is, the inimitable Eric Frank Russell. When I was turning in short stories to the magazines instead of papers to my college professors and collecting rejection slips instead of credits and grades, I often wondered why Russell had stopped writing. I miss him.\nAt the 1968 World Science-Fiction Convention in Oakland, John Campbell told me that Russell was his favorite writer, and that he too sorely bemoaned the lack of yarns Russellian. So I decided to try a Russell-flavored Terra-über-alles story. Campbell liked it. He never sent acceptance letters—just checks.\nSure enough, the story is Terra-über-alles: Aliens come to Earth, which has been sealed off in an impenetrable force-field in a kind of last stand eons ago by some Alien race that feared Terra would take over the Galaxy. The aliens that did that died off, and their successors come to Earth to set Terra free because they are in a fight to death with some kind of sentient-eater swarm horde and need all the allies they can get.\nThey find a planet that looks like a pastoral paradise, and fear that humanity would be nothing but cannon fodder. But they do come to an agreement with some random farmer who claims to be able to speak for all of Terra: The aliens would set Terra free and Terra would help in the war. Sure enough, once the planetary shield is down,\nIn the middle of the planet\u0026rsquo;s second ocean, great, impossible masses of thick columnar crystals began to leap upward from the waters. Translucent at first, the chalcedony towers began to pulse with deep inner fires: blue, purple, gold, carmine, and finally a strange, yet familiar silver-gray. The ionosphere, tickled, began to surround the flashing needles with auroras, clothing them in blankets of coruscating radiance.\nFollowing, the planet began to move after the [Cruiser] Tpin.\nOn board the cruiser it was very quiet.\n\u0026ldquo;I see,\u0026rdquo; whispered Rappan idly, \u0026ldquo;that they are bringing their moon along also.\u0026rdquo;\nReddit and Deathworlders As a genre, Terra-über-alles is alive and kicking in Reddit\u0026rsquo;s /r/HFY (\u0026ldquo;Humanity, Fuck Yeah!\u0026rdquo;), which collects writing prompts and publications from many people interested into this kind of story. One of the more popular serial publications in there is The Deathworlders by Philip R. Johnson, now the foundation of a whole system of stories playing in the so called Jenkinsverse. The HFY Wiki gives a good introduction.\nThe basic premise is that in the Interspecies Dominion it is well known that intelligent cannot develop on Deathworlds , worlds with a danger rating of 10 or more on the Dominion scale. Except that somehow on Earth, which has a rating of 12, it did.\nAnd didn\u0026rsquo;t: Humans have been abducted from Earth by the Corti (basically the typical \u0026ldquo;Grey\u0026rdquo;) and some ended up roaming around the Dominion as part of the Fauna, because Humanity still has not developed an Interstellar Drive and hence under Dominion law does not qualify as sentient.\nDeathworlders started off in 2014 with abductee Kevin Jenkins on some random Dominion station, going through immigration. He has the usual problem of not being legally a sentient being, and while talking his way past the Immigration Officer the station is ambushed by Hunters - sentient eaters. Jenkins deploys his deathworlder heritage and is apparently not only mostly impervious to the Hunters\u0026rsquo; Kinetic Pulse Weapons, but with his superior density, his high-grav world musculature and fast reflexes is able to singlehandedly smash the attackers, saving the station. Which puts Humanity onto the interstellar political playing field.\nOriginally a short story, Johnson has managed to turn this implausible premise into a believable backstory, in which the Dominion races have been manipulated and genetically engineered as malleable and relatively physically weak by some hidden force older than time itself. The story unfolds with an ensemble cast of characters human and alien, some of which have been integrated from popular sidestories other authors of /r/HFY have contributed. It follows their development and interactions, while at the same time the story arc of this hidden enemy and its machinations is being uncovered.\nThe writing is actually good, and in many cases right in the feels with relateable personalities. The character writing is often heavy on the bro-culture side, though, even if Johnson manages to stay firmly on the healthy and non-toxic side of this particular subculture. Similarly, the author dances with the genre of Military Scifi without actually descending into lengthy descriptions of space battle tactics or paragraphs of gun prose - he is not always successful in this when it comes to descriptions of strength training and personal improvement, and somewhere in the Warhorse chapters this can become a bit tiring. Arc and plot development are actually going quite well, and the story manages to portrait intelligent and evolving adversaries that actually pose a threat. All in all I have been coming out of this with the feeling of time well spent.\nOver time, the core series \u0026ldquo;The Deathworlders\u0026rdquo; has grown into a tome of (at this time) 65 almost book-sized chapters. Side series from other authros complement it.\nThe core story is written in monthly installments, and is available for free on https://deathworlders.com/ . The author maintains a Patreon as Hambone and bills by (almost book-length) chapter.\n","date":"2020-05-01T00:00:00Z","href":"https://blog.koehntopp.info/2020/05/01/fertig-gelesen-deathworlders.html","tags":["lang_en","media","review","book"],"title":"Fertig gelesen: Deathworlders"},{"categories":null,"content":"A lot of super rich people are currently busy blowing their money into space. Who are these people, and what drives them?\nSpace Barons , Christian Davenport, 10.99 Eur (Kindle)\nIn Space Barons, Christian Davenport goes through the rather short list of super rich men who are trying to get private spacecraft flying, tells their history, successes and failures, and their motivations - or, in some cases, the story of the death of their dreams and how they drop out of the second, private space race.\nWe follow Richard Branson and Paul Allen, but specifically we follow Elon Musk and the vastly underreported Jeff Bezos and his Blue Origin Spaceship company. It becomes clear that Musk, being a mental 16-year-old with a billionaires wallet, wants to leave Earth to go down another hard to leave gravity well, while Bezos wants to go to space, mostly to get access to even more resources and to stay there.\nAnd exactly this is being told once more by Daniel Suarez in\nDelta-V , Daniel Suarez, 9.55 Eur (Kindle)\n\u0026ldquo;Delta-V\u0026rdquo;. The characters in this book are the same as in Space Barons, with the serial numbers barely filed off, and while fictional, they act true to the character of their real-world counterparts.\nDelta-V is one of the less fictional Science Fiction books of Suarez, and contains a lot less conspiracy as well. That makes much better characterisation and more entertaining storytelling. Having read \u0026ldquo;Space Barons\u0026rdquo; just before makes it even better, because it becomes possible to map one set of actors straight onto the other.\nThe action: The fictional version of not-quite Jeff Bezos wants to exploit the resources of the Asteroid Ryugu, and for this purpose builds a ship that will operate as a factory out there, and send mining products back to earth on a slow low-energy trajectory. For this purpose, an ex-cave-diver is being recruited to train as an asteroid miner, build a crew and lead the expedition. Turns out they were never supposed to return - but in the end make use of they stuff they have and the stuff they can mine and manage a happy end.\n","date":"2020-05-01T00:00:00Z","href":"https://blog.koehntopp.info/2020/05/01/fertig-gelesen-delta-v-and-space-barons.html","tags":["lang_en","book","review","media"],"title":"Fertig gelesen: Delta-V and Space Barons"},{"categories":null,"content":"\u0026ldquo;Hexenmacht\u0026rdquo; (German Edition) and \u0026ldquo;Maschinengötter\u0026rdquo; (German Edition) are part 2 and 3 in the series \u0026ldquo;Die Krone der Sterne\u0026rdquo; (The Crown of Stars) by Kai Meyer. See Die Krone der Sterne for a review of part 1.\nHexenmacht , Kai Meyer, 12.99 Eur (Kindle)\nWhere part 1 spent a lot of time with world building and tourism, showing of the wonder and the atmosphere of the universe, part 2 is approaching from a different angle - we get a lot more action, and a lot less background.\nWe are still with Iniza and Glanis, who are now living on the pirate-planet Noa and raising a daughter. Or are trying to, because the galactic poltics with its intrigues, treason and assassination are coming to Noa, too. And the mysterious history of their world, some machnines that survived this universes Butlerian Jihad, are already there, hidden and deactivated waiting for action.\nSecond parts of trilogies are always hard and often lacking. This one is good, but the change of pace and the slow development of the backstory are making this a weaker book than the first part.\nMaschinengötter , Kai Meyer, 12.99 Eur (Kindle)\nThe third and (so far) final part of the series leaves us with the muses, the ambassadors of the machine empire, awakened on Noa and other world, Iniza and friends fleeing, and the Hexen having to fight an entirely different enemy than expected, because amist the Hexen Empire the machines are rising again. We get some amount of closure, information about the god empress and her world Tiamande, the machine lord and the machines, but a lot of background is unresolved and remains mysterious.\nAll in all a nice, but dark and depressing read, and a lot of unresolved things.\n","date":"2020-05-01T00:00:00Z","href":"https://blog.koehntopp.info/2020/05/01/fertig-gelesen-die-krone-der-sterne.html","tags":["lang_en","media","book","review"],"title":"Fertig gelesen: Die Krone der Sterne: Hexenmacht/Maschinengötter"},{"categories":null,"content":"It\u0026rsquo;s Coronavirus Crisis and Netflix is killing us all, again. This time it\u0026rsquo;s not their excessive energy use , but their dreaded HD videos that are overloading the Internet. Or is it?\nIt\u0026rsquo;s only Swisscom Supposedly Switzerland is considering Netflix shutdown to prevent Home Office workers from being disconnected.\nAccording to its own statements, on the first day of the quasi curfew in our neighboring country, Swisscom recorded an enormous increase in the load on the infrastructure. There were three times more calls via the mobile network than on normal days. The volume in the fixed network has also increased massively\nNone of the other swiss providers reported any problems. Swisscom, on the other hand, already had Netflix problems as early as 2015 (Article in German ), way before the Coronavirus Crisis.\nThere should and could be caches Videostreaming and Content Delivery usually does not happen from outside a providers network. Netflix, Youtube, even Steam, will gladly provide a cache server with plenty of disk space at not cost for any provider to install inside their network. These things dramatically decrease the amount of traffic leaving the provider network, keeping it as local as possible.\nAlso, typically providers peer with other providers to built an Inter-Network-Connect - that\u0026rsquo;s why it is being called \u0026ldquo;The Internet\u0026rdquo; in the first place.\nSome providers, mostly Ex-State Telecoms, are not happy with the cooperative structure of the Internet and hold their users hostage. They want to double dip, charging both sides for traffic: They want to take money from their customers for content-access and money from content-providers for customer-access. Consequently, they provide only minimum peering bandwidth unless being paid, and want money for the content provider to install a cache server inside their network. The default service is only just good enough to prevent too many customers from leaving for other providers.\nI checked. My computer in Haarlemmermeer is loading Netflix from\n14:35:21.369768 IP kk2.home.koehntopp.de.54972 \u0026gt; ipv4_1.lagg0.c125.ams001.ix.nflxvideo.net.https: Flags [.], ack 109080, win 818, options [nop,nop,TS val 288410514 ecr 2882083883], length 0\nwhich indicates a content cache located in or close to Amsterdam, and the ping delay is \u0026lt;3.5ms. Traceroute confirms the locality of the server.\nSo I am getting my content from content cache in Amsterdam that is extremely close by in terms of network topology. Youtube, Twitch and Steam expose similar behavior.\nVideostreaming already is dynamic bandwidth In Data Centers and Energy I already explained that video streaming is dynamic bandwidth and dynamic resolution, pointing to Chunking . All video streamers sense the bandwidth of the relevant part of the delivery pipeline and automatically and gracefully degrade the experience as necessary if bandwidth is becoming tight.\nDoing this manually is not going to improve anybodies experience.\nThere is no crisis except the one Swisscom manufactured for itself There is no crisis except the one that has been manufactured by Swisscom themselves. We don\u0026rsquo;t have a network capacity crisis because of Home Office and we do not need to throttle Netflix. Some providers just painted themselves into a corner and now have trouble adjusting to shifting demand patterns. It\u0026rsquo;s easily fixed by stopping being an asshole.\nEDIT: Swiss provider Init7 explains the same thing and comes to the same conclusions.\nThis blog article originally was a Twitter Thread .\nUpdate: Akamai throttles, too In a number of news, sucessively most streaming providers have been decided to throttle their stuff, following Netflix initial decision. The final giveaway was Akamai :\nAkamai\u0026rsquo;s intelligent edge network architecture is inherently designed to mitigate and minimize network congestion, and because we have deployed our infrastructure deep into carrier networks, we can help those networks avoid overload by diverting traffic away from areas experiencing high levels of congestion.\nAkamai is a CDN operator. They have edge caches all over the world, in each and every providers network directly. That is, it is impossible for Akamai to overload peering exchanges or the actual internetworking fabric of the Internet. The whole point of their business operation is to be local, in every locality.\nIn regions where demand is creating bottlenecks for customers, we will be reducing gaming software downloads at peak times, completing the downloads at the normal fast speeds late at night.\nSo it is not the Internet or the Exchanges here. It is individual local providers who have overcomitted their own internal backbones or their last miles, and sold more access than they can provide. That\u0026rsquo;s of course a self-made problem for that these providers deserve to suffer, but of course that\u0026rsquo;s a problem when literally everybody is coughing their soul out. But we must make sure that we do not forget about this when it is time.\n","date":"2020-03-19T00:00:00Z","href":"https://blog.koehntopp.info/2020/03/19/netflix-does-not-bring-down-the-internet.html","tags":["lang_en","media","internet"],"title":"Netflix does not bring down the Internet"},{"categories":null,"content":"So where I work we have a large number of MySQL instances. They are organized in a slightly smaller number of replication hierarchies, which tend to cross region boundaries.\nStructure of a large database setup A rough sketch of the setup we have. Variants of this exist in various sizes - from 6 replicas in 3 regions to hundreds of replicas per region, with Group Replication at the top and per Region Intermedia Master.\nUnfortunately, a number of these hierarchies are still shared databases. That means multiple application users share access to data in different tables or even the same table concurrently - it\u0026rsquo;s not proper services all the way, yet. We try to isolate workloads by putting replicas into pools by application, but of course all writes go to the top of the replication tree, the master, where they will happily interfere with each other.\nThe per-region application cluster instances then connects to their pool instance per region for reads, and direct all writes to the global chain master, from where they trickle down by the means and wonder of replication.\nNone of this is static: All databases in a rolling reinstall with a two month period to keep them patched, and MySQL Orchestrator is being used to keep the replication hierarchy alive and connected in the face of master switchovers and failovers.\nPool membership is kept in Zookeeper, and MySQL client libraries have been wrapped and modified to pick a random local pool member for reads, and to find the master using this mechanism or anycast DNS.\nFor the application developer this means they do not care much about database server names, or individual database servers. Database servers are being maintained by the DBA team and their automation, so general health is good and for an application developer most server settings are not interesting and also not actionable.\nThey are interested into general server metrics that indicate overall workload health, and they are interested into aggregate query performance - the aggregate being over a region pool or the global aggregate of all their pools.\nMonitoring a large database setup We collect metrics on all servers, and push them into a thing that is no longer graphite . It is still using the Graphite APIs, but all components have been replaced with things written in C or Go. There is no Python code left.\nThe data we collect is circa any conceivable server metric, and using our version of Not-Actually-Graphite this means we can aggregate per region-pool, or per global pool. We see per-user query latency of a pool, individually per server, or aggregated per pool, the Median (P50) or the P99 or anything else interesting. We also, from the application clusters, collect some aggregate metrics like queries-per-route or query latency for a server as seen by the cluster.\nThis is sufficient to give us a general impression of query health: If we actually had bad queries, we would see the latencies suffer - first the P99, then the lower P\u0026rsquo;s.\nAn example bimodal distribition as per Wikipedia: Multimodal Distribution . A bimodal distribution of query latencies can happen if you have fast queries with a normal distribution of execution times at the lower end, and a smaller hump of slow queries with higher execution times added to this. Not looking at the full histogram, the slow queries will first affect the P99, and then successively the lower P\u0026rsquo;s until they affect the Median (P50).\nOur usual failure mode is not often actual bad queries, although it happens and it is useful to have tooling to gain insight. The much more common failure mode is ORM breakdown and the resulting machine gunning.\nIn our specific case, the ORM has for each object a list of essential columns and a list of all columns. Code is being written to load objects from the database into the application in single, rather efficient queries. Something like\n@products = $bp-\u0026gt;search(some query from a condition builder)-\u0026gt;fetch(); foreach $product (@products) { do_a_thing($product); } This will fire a single query for products and then build an array of products in which all the essential columns are loaded as attributes. If you happen to access a non-essential attribute, the id of the object is used to lazy-load the missing attributes at once and completely fleshen the object.\nThis is a painful feature and leads to a series of individual object retrievals for non-essential data, and because of the way access to non-essential attributes is wrapped and hidden, it usually happens in a way that is transparent (read: magical) to the developer. Or in other words, the developer is not even aware of the fact that they are machine-gunning the server with many trivial, small SQL statements.\nSimilar things happen in other environments with has_a and has_many relationship of linked object hierarchies, where traversal of a link can trigger similar machine gun cascades transparently and without awareness for the developer.\nAnother common problem that we see quite often is write-spikes and locating their origin. We have self-cooked solutions that either parse the output of the mysqlbinlog command, or login as a fake MySQL replica and read and analyze the binlog.\nBut while they can do things with data that is present in the binlog, a lot of information is not present there - among them user and actual source of the commands. It would need an audit plugin in the server to collect and emit such data and correctly attribute it.\nDatabase Monitoring Solutions and their shortcomings Looking at a number of database monitoring solutions, I see a lot of good stuff - metric collection, query collection per server, query analysis and insight, and alerting.\nScaling is usually a problem, at least for the target size I need to build for, but that is to be expected. There is not much of a market at the size I need, and any sane product management would target the much larger set of installations that are 100x smaller than the one I care about. So I do not expect these products to work for my needs, but I expect a scaling story (\u0026ldquo;You can split our all-in-one container into individual metrics gathering, persistance and analysis components and you can shard the metrics gathering and persistence components, and run a cluster of analyzers to scale and here is how to unpack our stuff.\u0026rdquo;).\nCloud-only is often a problem, because my data and my queries are in the majority in SOX, PCI, and PII/GDPR regulated scopes, which means that any test that works with non-synthetic data has is legally as complicated as actual production. That would even be true if my own databases weren\u0026rsquo;t on-prem, but in a cloud. \u0026ldquo;On-premises\u0026rdquo; solutions (solutions that I install within my own administrative domain, even if that domain resides in a public cloud) are much easier to test.\nDeveloper-centrism and proper workload aggregation is a large deficit. None of the solutions I looked at understands a large scale setup as layed out above. All focus on a single server, and mix operational and developer aspects of conditions on that single server.\nThat means, while there may be ways to translate regions and pools into tags by the way of an API, and there may be ways to inform the monitor of fluctuating topologies by the means of the same API or auto-discovery, the actual analysis is usually done per-server and not per-taggroup.\nAs a developer, I am never intested into server properties that are not actionable for me because they require a DBA. Disk space alerts, presumably wrongly set server parameters and similar conditions are not my primary interest.\nAs a developer, I am never intested into a single server. I am interested into the performance of all queries that go through my rw-handle to the master, and into the aggregated performance of all queries that go through my ro-handle to any of the replicas in my current replica set.\nThe pool I may be using for my ro-handles may also be used by other applications, so as a developer the tooling should be able to handle multi-tenancy and only show my queries that have been issued using my application login and hide all query data that has been issued under other accounts. This is not just a usability issue, other peoples queries may contain information that I am not allowed to see under PII, PCI or SOX rules.\nCurrent MySQL query analyzers and monitoring tools are - understandably - focusing on the SMB market with no or low DBA support and certainly no DB-SRE support. They focus on individual servers, and do not aggregate workloads along user logins or handle-pool distributions. They mix up alerts for operational DBAs and problems that interest developers, and consequently a lot of information presented is not actually actionable for developers. Nothing I have seen supports multi-tenancy and isolates query-data from different application logins from each other in shared pools.\nNobody has an audit plugin or does binlog analysis for write statistics properly (\u0026ldquo;show me busy tables and write spikes, and the sources of these in terms of application host name:application port that sent these writes, or user login that executed these writes\u0026rdquo;). A lot of tools still read and analyse the slow log and their examples in demos focus on this as if it is still 2014, instead of eating, parsing and working with P_S.\nAll in all I get the impression that the developer support tooling around MySQL is 2-4 years behind my expectations.\nRead spikes and machine gunning are very hard to detect on the server side, and we probably should consider instrumenting the ORM to record the number of lazy-loading events and warn on excessive lazy loading.\n","date":"2020-03-18T00:00:00Z","href":"https://blog.koehntopp.info/2020/03/18/the-lack-of-developer-centric-mysql-monitoring.html","tags":["lang_en","mysql","monitoring"],"title":"The lack of developer centric MySQL monitoring - a rant"},{"categories":null,"content":"\u0026ldquo;Normalitär\u0026rdquo;, ein Begriff, der von @beimwort geprägt wurde. Nach einem Twitter Thread . In seinem Artikel auf T-Online propagiert Schaible eine Bruchlinie innerhalb der \u0026ldquo;rechten\u0026rdquo; Parteien, weil Teile der Mitglieder die Weltbildverschiebung der frühen 2000er mitgemacht haben, andere sie ablehnen.\nEr beschreibt die Welt von 1990, die Nachwendezeit:\nVergewaltigung in der Ehe nicht strafbar, Diercke Weltatlas redet von Menschenrassen, unter den 250 Positionen der politischen Elite in Deutschland war nur eine Frau; alles weiße, angeblich heterosexuelle und angeblich christliche Männer. In dieser auf dem Papier egalitären Welt hing der Platz der Menschen ganz selbstverständlich von Geschlecht, Hautfarbe, Sexualität und Religion ab.\nDie Veränderung kommt in den späten 90ern, frühen 200ern.\nIn den USA: »Im Jahr 1997 übernahm die erste Frau das US-Außenministerium, 2001 der erste Schwarze, 2005 die erste schwarze Frau; 2008 kam der erste schwarze Präsident ins Amt.«\nDeutschland hält gut mit: »Im Jahr 1993 wurde die erste Frau an die Spitze eines Bundeslandes gewählt, 2000 an die Spitze der CDU, 2001 regierte der erste offen schwule Mann ein Bundesland, 2005 übernahm die erste Frau das Kanzleramt, 2009 der erste offen schwule Mann ein Bundesministerium, 2010 wurden erstmals gleichzeitig zwei Bundesländer von Frauen regiert, 2013 saßen zum ersten Mal eine Muslima und eine offen lesbische Frau am Kabinettstisch, seit 2018 wird die SPD von einer Frau geführt.\u0026quot;\nZwischen 2020 und 1990 liegen 30 Jahre, eine Generation, genau so lange wie 1960 bis 1990 - aber für viele Menschen ist das \u0026ldquo;gestern\u0026rdquo;.\nWas \u0026ldquo;normal\u0026rdquo; ist, hat sich innerhalb einer Generation sehr gewandelt, vermutlich mehr als in der Zeit von 1960 bis 1990. Genau genommen hat die 1960er Generation Ideale formuliert - Gleichheit, Gleichberechtigung, Humanismus, und die 1990er Generation ist nach ihnen erzogen worden und verlangt nun aktive Umsetzung statt Lippenbekenntnisse.\nDie Trennlinie ist aber nicht wirklich entlang einer Altersbruchkante, und auch nicht wirklich entlang Wohlstand und nur partiell entlang Ausbildung. In dem Artikel postuliert Schaible eine Trennung zwischen \u0026ldquo;Normalitär\u0026rdquo; und \u0026ldquo;Pluralitär\u0026rdquo;, also zwischen Leuten, die das 1990er oder gar 1960er Weltbild wiederhaben wollen, das klassische Patriarchat mit einem prefeministischen Rollenklischee und \u0026ldquo;Easy Mode\u0026rdquo; für weiße Männer, und Leuten, die die Veränderung der Generation 1990-2020 mitgemacht haben und eine neue, pluralere, offenere Gesellschaft mit anderen, humanitären Idealen angenommen haben.\nDie Trennung ist auch nicht Rechts-Links: In einem anderen Twitter Thread (unroll ) demonstriert @beimwort, daß die Bruchkante innerhalb bestimmter \u0026ldquo;rechter\u0026rdquo; Parteien entlang der \u0026ldquo;Normalitär\u0026rdquo;-Kante läuft.\nNoch deutlicher: @DugarToGo zeigt in einem Antwort-Thread (unroll ) am Beispiel konkreter Gespräche genau diesen Graben auf.\nDas Problem dabei: Die normalitäre Position ist demokratisch nicht politisch durchsetzbar. Und an dieser Stelle ist das Scharnier zwischen den Faschisten und den Normalitären. Scharnierpolitiker, -medien und -publizisten bilden eine Vermittlerfunktion aus dem konserativen Mainstream in den faschistischen Extremismus. Im Ausgangs-Essay von 2019 nennt Schaible Sarrazin, Tichy, Steinbach, heutzutage biedern sich die Werte-Union und Teile der FDP an.\nKennzeichen des \u0026ldquo;Normalitären\u0026rdquo; ist eine Verklärung einer Vergangenheit, die es so nie gab und die, hätte sie es gegeben, nicht zeitgemäß wäre. Daher \u0026ldquo;Make America Great Again\u0026rdquo;, Brexit-Empire-Verklärung, und generelle Rückwärtsgewandheit. Das Normalitäre wünscht sich auch eine Komplexitätsreduktion der Welt, und die Faschisten bieten diese (in Wahrheit inadequate und nicht zur Problemlösung geeignete) Vereinfachung an.\nDaher mein Spruch mit dem \u0026ldquo;vereinfachten Weltbild für Anfänger\u0026rdquo;.\nNormalitär ist nicht konserativ, die Bruchlinie hat Schaible klar gezeigt. Normaltär ist Reaktionär in einer bestimmten Ausprägung. Normalitär kann faschistisch werden oder sein, weil normalitäre Ziele nicht demokratisch erreichbar sind (sie sind gar nicht erreichbar)\nAber das ist genau das Wesen des Normalitären, ein in der Vergangenheit verortetes, vereinfachtes, so nie existiert habendes Ideal zu verlangen, weil die aktuelle Struktur der Welt abgelehnt wird, statt sich mit ihr auseinander zu setzen und daran zu wachsen.\n","date":"2020-03-09T00:00:00Z","href":"https://blog.koehntopp.info/2020/03/09/normalitaer.html","tags":["lang_de","politik","germany"],"title":"Normalitär"},{"categories":null,"content":"So I wrote about the Sonos Recycle Program before Sonos announced their plans to actively discontinue support for their older Speakers. Back then, the program did make sense, because it was kind of voluntary and avoided sending stuff back to Sonos for a Trade-Up. Even then, people disliked it.\nThen Sonos announced that they would discontinue support for these devices and it\u0026rsquo;s basically \u0026lsquo;you brick them now, or we are going to brick them for you in May and without a rebate for new equipment\u0026rsquo;.\nToday, Sonos announced that they will recycle Recycle Mode , that is, they will allow you to \u0026ldquo;trade up\u0026rdquo; for newer devices, but the old ones will still work.\nBut that does not answer the actual question Or won\u0026rsquo;t. From the article:\nThat said, it\u0026rsquo;s worth noting that Sonos hasn\u0026rsquo;t changed its plans to stop updating those legacy products come May. As a reminder, they\u0026rsquo;ll work as they do now but won\u0026rsquo;t receive new features or software updates going forward. But if you have some of those products and are ready for new gear, you can get a discount and still keep them working as long as possible.\nSo everything is still unclear.\nThat is, there will be no updates for any Play:5 (1st gen) devices, for the Connect:Amp and the Connect any more. We know that.\nBut it is unclear if these older devices will still work together with updated devices in the same network, and if you still will be able to group them. It would be a big loss of functionality if that does not work any more.\nIt is unclear, if \u0026ldquo;No Updates\u0026rdquo; means \u0026ldquo;No functional updates\u0026rdquo; or if they will effectively brick themselves when Streaming Service APIs change, a root certificate rollover has to be implemented or similar maintenance software changes are necessary.\nWhat is Sonos focus? Meanwhile, while Sonos is trying to play in the Home Voice Gadget market, their Sound Experience is increasingly looking long in the tooth. I mean, the actual sound the things make is pretty nice, but getting signals into Sonos Systems is somewhat ugly. I now have a Bluetooth Speaker (Non-Sonos) attached to my Windows Steam Machine, because I can\u0026rsquo;t Wi-Fi my \u0026ldquo;Elite: Dangerous\u0026rdquo; to my Sonos easily. How about the Desktop App being a Sound Source for the Speakers? Right, can\u0026rsquo;t do that unless the source is a Mac and the target is… the only IKEA speaker in my home. That\u0026rsquo;s pretty lame.\nWindows System Output can\u0026rsquo;t be used as a Sound Source for Sonos. And Airplay does not work to most of my speakers, because they are \u0026ldquo;too old\u0026rdquo; and the new Sonos equipment does not relay to the old equipment.\nMeanwhile I have to use the clunky Sonos App for my \u0026ldquo;Youtube Music\u0026rdquo; subscription on my phone, because while I can chromecast my Google Music to Sonos, for some reason Youtube Music can\u0026rsquo;t do that. Again, a problem with sourcing the stream.\nThe company seems to be obsessed with Home Assistants, when it should be obsessed about Sound.\nSo, yeah. What am I going to do? I don\u0026rsquo;t know. At this point, I will wait and see - I have halted all spending on them for this year, and if I am ever going to push money into the Sonos equipment at all any more, it\u0026rsquo;s probably going to IKEA. At least that are somewhat controllable sums for equipment with whatr is now an officially limited lifetime. Well, it was nice while it lasted.\n","date":"2020-03-06T00:00:00Z","href":"https://blog.koehntopp.info/2020/03/06/sonos-recycled-their-recycle-mode.html","tags":["lang_en","sonos","media"],"title":"Sonos recycled their recycle mode"},{"categories":null,"content":"These images are older than time itself. I picked them up while working as a consultant for MySQL AB, but I do not know the source.\nHere are some important latency numbers. A pixel is a nanosecond (nano = 10^-9, a billionth of a second, 1 billion events/s = 1 GHz):\nAnd below is the HDD disk seek latency in full at the same scale. An uncached index access can result in up to 5 disk seeks, worst case.\nEach waiting core in a 3 GHz computer cannot execute 3 million clock cycles per millisecond wait, so 13.7ms disk seek 41.1 million clock cycles wait time per stalled core.\nThat is why we give so much memory to index and data memory caches in databases. This is why InnoDB page compression exists.\nThis is also why SSD and NVME flash are so important to database people.\nThis is also why it is important that your queries use indexes, and why you should batch queries. That is, \u0026ldquo;select a, b c from t where id in (\u0026hellip;)\u0026rdquo; instead of a query per id-value in a loop.\nNot graphed: Talking to a service in another data center, for example talking to a web service in the cloud from on-premises, or talking to a service in one cloud from another cloud. Assume 10ms, or approximately one HDD disk seek for this.\nIf that service does not have an API that allows batching and/or asynchronous operation, they are maybe not entirely appropriately aware of performance issues.\nPlease zoom in for details:\n","date":"2020-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2020/02/28/some-latency-numbers-illustrated.html","tags":["lang_en","database","performance"],"title":"Some latency numbers illustrated"},{"categories":null,"content":"Welcome to the Netherlands. Please excuse me, I need to fetch a few things before I have time for you. I need a few things from Lidl in Hoofddorp, do you want to come with me?\nIt\u0026rsquo;s not far, we are taking the bike for some six kilometres. Also, I\u0026rsquo;m going to show you a trick: Look, Mom! Not riding with the cars, and no lights.\nLet\u0026rsquo;s follow path and go down Liniepad. Take care, unusual for the Netherlands we don\u0026rsquo;t actually have the right of way when crossing. See the green sign with the circle and the number? This is our route.\nA fietspad is a cycle path which is not mandatory to use. In the Netherlands, this often means a cycle path that is running completely separated from any car infrastructure, so no noise, no exhaust fumes and no interaction with car traffic at all.\nThis is where we are crossing the N205, but for this we have a bridge instead of an intersection and traffic lights. Also note that our bike path has lighting.\nWhat is that car doing on a bike and foot path in the middle of a park? Oh, it\u0026rsquo;s the Toezicht, the park inspection.\nAs we follow the bike path, there is in fact an intersection where the Liniepad ends, crosses Ijweg and becomes Geniedijk. Not that you would notice. Also, no traffic lights.\nAnd we go on as before. Note that the fietspad is not up to code: It is too small, in need of some minor maintenance and it is the wrong color. We will come back to that, soon.\nToday it\u0026rsquo;s dry, 10 deg Centigrade, and 5 bft right in our faces. I am thankful for the motor, it\u0026rsquo;s helping quite a bit with the wind. Also, battery on board means no reason to go without lights, ever, basically.\nThis used to be a roadblock for construction. As you can see, it has been removed. Had it not been removed, we would have had to follow the signs - of course, if a fietspad is blocked, there is an alternative route planned and signed before construction begins.\nOnly later on our trip we would have seen why there was blockage. This looks like there is going to be a fietspad improvement - wider, and closer up to code than this old road we are on.\nBut first things first:\nWe need to cross the N201, and we don\u0026rsquo;t do intersections when other solutions are viable. Remember the hierarchy of mitigations from OSHA? We can Isolate (#3), so we don\u0026rsquo;t have to Engineer Controls (#4).\nThe same thing happens again at Kruisweg:\nAgain, an underpass completely takes us out of harms way and there is no traffic light, no intersection and no interaction with car traffic. At Geniedijk and Wilsonpad we are leaving our fietspad and turn left into Hoofddorp.\nSee these things:\nYou will find them all over the Netherlands. They are giant underground trash collectors, around 1.5mx1.5mx1.5m. One is for plastic, one is for glass sorted by color, and one is for paper. They have sensors, and when they are close to full, they will signal Meerlanden and ask for cleanup. A trash compactor truck will pull them up and empty them, put the thing back and take the trash away.\nRamaer connects to Ter Veenlaan,\nand while this is a street that carries car traffic, by construction and connection through traffic is discouraged with extreme prejudice .\nThe road design as well as access to it makes it very extremely clear that this is an access road for people living here, but it is not a good plan to go through this. Also, parking:\nUnexpectedly, this is quite cheap , but Hoofddorp is not Amsterdam and space it not at premium here.\nTer Veenlan opens into Hoofdweg Westzijde, a bicycle street. While this can be used by cars, all other traffic takes precedence. It\u0026rsquo;s basically a fietspad that cars are allowed to use, carefully.\nAs you can see from the dead end sign (uitgezonderd fiets and bromfiets), it\u0026rsquo;s also modally filtered. Which means there is some bollard somewhere, blocking car access to prevent through traffic, but which is easily bypassed by bikes.\nWell, basically it\u0026rsquo;s a road with red asphalt and modal filtering. So where are the cars? On the other side of the canal, over the bridge, on Hoofdweg Oostzijde:\nThere still is a cycle lane, tho, and this takes us north the few meters to Councourslaan, and into the shopping centre of Hoofddorp.\nIt\u0026rsquo;s a one-way street, for cars, but it\u0026rsquo;s open for bikes in all directions. It is also speed bumped and limited to 30 km/h, so bike and car traffic, what little there is, can mix.\nWe turn left into the pedestrian zone, and cross over to LIDL at Marktplein.\nAfter shopping, can I invite you to a typical dutch restaurant? :-)\nYup, they fry all the things. Everything you heard about it is true. Just kidding.\nOn our way back, we are going differently - we are following the signage for the alternate route to circumvent the Geniedijk constructions. While Geniedijk is finished, the signs are still up. They take us to Buitenschot:\nAt the exit, at Pad om de Noord and Ijweg, we find an info sign explaining the bike route network of the area, numbers and routes:\nTo continue we have to follow Ijweg north for a few meters, on an abysmally bad bike path, until we can cross over and enter Plesmanhoek:\nThis time, the wind is not in our face, so we are faster. Quite a lot:\nOur fietspad goes through a park that has some kind of agricultural botanical garden, and passes by a playground. We then come back to Liniepad and follow it back over the bridge passing the N205.\nThe road here is quite interesting, because we have N205, with two lanes per direction, directions separated, and then one additional road labelled \u0026ldquo;R-Net\u0026rdquo;. This is a bus lane, used by the 300 line. It goes every 6 minutes, and is led outside of regular car traffic where possible. The tiny red dot just before the road climbs to cross the N205 itself is one of those buses.\nThis time we leave Liniepad early and turn right into the village, coming to Waterlinie:\nWe are crossing Waterlinie. It is very clear who has right of way here. Also, note the ubiquitous presence of WhatsApp. This country runs on WhatsApp. There is no escape.\nWe follow the fietspad on it\u0026rsquo;s way between the Villa\u0026rsquo;s. There is a pedwalk on the right, and a pedwalk on the left, and the fietspad meanders through the middle, where there is not one, but two small outdoor play areas.\nSo how does the owner of a 1.5 Megaeuro Villa get their Tesla to their house, you ask? Well, from the private road access in the back of the houses, of course.\nWe\u0026rsquo;re about to cross the R-Net bus lijn to venture into the not quite as well off part of the village, but wait. There\u0026rsquo;s an ambulance crossing, racing along the buslijn towards the Spaarne Gasthuis Hoofddorp .\nAnd right behind: The bus. Line 300 is very busy, and hence has special buses. They are three meter longer than what is allowed on European Roads, and require a special permit. Also, roads along their road (eg. in Haarlem) had to be modified in multiple places to allow for increased turn radiuses. But on the other hand, they run every 6 minutes and can carry 186 people, each, from Haarlem via Hoofdorp through Schiphol towards Amsterdam Arena.\nThis is the day bike parking in this tiny village. On the Haarlem side. There is more on the other side. Multimodal transport is a thing.\nOkay, we\u0026rsquo;re home. Excuse the disorderly garden. Spring is early this year and we have not been keeping up. Still, it\u0026rsquo;s cold and windy. Come in. Espresso or Tea?\n","date":"2020-02-22T00:00:00Z","href":"https://blog.koehntopp.info/2020/02/22/in-which-we-cycle-shopping.html","tags":["lang_en","netherlands","mobility","cycling"],"title":"In which we cycle shopping..."},{"categories":null,"content":"Welcome to the Netherlands. I am living at the bottom of a lake, 3.50 meters below the sea level, and there are sea shells in my garden.\nWhen I dig in my garden, it looks like this.\nThe Netherlands (low lands) or Holland (hollow lands) are formed in large part by the Rhine Delta . This is an estuary delta (tidal delta), which means it is formed as much by erosion as it is formed by sedimentation.\nThe erosion is a strong power, and was often seen as a living evil force working against the works of men \u0026ndash; the Waterwolf , devouring the land. The waterwolf often refers specifically to the effect of peaty bogs and costal lake swamps growing and merging lakes.\nThe situation before the lakes merge.\nThis is exactly the historic situation of the Haarlemmermeer , where you have a peat bog, the relic of a northern arm of the Rhine, and several smaller lakes.Through flooding and erosion these lakes grew into one single large lake between Haarlem, Amsterdam, Amstelveen, Aalsmeer and Leiden. This was a fast process and happened within 100 years: In 1531 the Haarlemmermeer and the smaller lakes had a combined surface area of 31 square kilometers. In 1647 the combined Haarlemmermeer had a surface of 150 square kilometers, and within another 100 years it would add another 20 square kilometers.\nDiscussions about draining the swamp started in 1643, and went on in one way or the other for around 200 years, but the efforts were strongly opposed by several cities for which the lake was an important waterway. After a hurricane in November 1836 drove the waters basically to the gates of Amsterdam, and the ever growing Haarlemmermeer was threatening to integrate other low lying lands and lakes into its surface, King Willem I had had enough. He appointed a royal commission and tasked it with making plans to drain the lake once and for all.\nIn early 1840 work was begun.\nHaarlemmermeer is the area of the former lake, as defined by the Ringvaart, plus the area in the north extending it to the Ij\nThe Ringvaart is a 61 kilometer long ring canal that was being dug with manual labour, defining the shore of the Haarlemmermeer. Today it defines the border of the Gemeente, mostly, plus some area in the north extending the Gemeente towards the Ij.\nThe Ringvaart today, between Cruquius and Vijfhuizen.\nThe earth removed was used to build a dike around the polder-to-be. The canal was completed in 1845, and three large steam pump stations were built and started to drain the lake: Leeghwater aan de Kaag (1845), Lijnden (1848) and Cruquius (1849). Until 1852, 800 billion litres of water have been pumped away and \u0026ldquo;the fish could be collected by hand\u0026rdquo;.\nSteam Pump in Cruquius (1849) with a James Watt Steam Engine.\nToday the steam pump in Cruquius is a museum . Entry is 7 EUR (or free, if you have a museumkaart ).\nBut of course land that is up to 3.50 below sea level and is in former a peat bog right next to the North Sea is not stable, and needs pumps and active water management around the clock to keep dry.\nGemaal Koning Willem I\nToday that is achieved by the pump station (Gemaal) Willem I, among others. It is named after the king who initiated the dry pumping of the Haarlemmermeer. It is much more modern and efficient, but also quite less impressive than the pump in Cruquius.\nIn the image I am standing with my back to the Ringvaart, a bit down from the dikes crest. The water level of the Ringvaart is approximately at my hip, or somewhere around the second window of the pump station. The water you can see behind the pump station is the main drainage channel for Haarlemmermeer, and you can see how low it is compared to my position.\nThe Gemeente Haarlemmermeer is only one of many Droogmakerijen . It is a anthropogene cultural landscape, not an uncommon thing in the Netherlands - a quarter of the Netherlands are below sea level, and 65% of the population are living in areas that need to be protected against storm and flood.\nBut this also means: when you look at the landscape, there is nothing natural about it whatsoever. The natural state of this land is brackish water, 3.50m deep. It is completely designed and constructed and ongoing human effort is necessary to keep it dry and working. This is a relationship to nature and \u0026ldquo;natural\u0026rdquo; that is very different from other parts of the world.\nIt also requires a different mentality, because it needs to maintained at all cost, even in conflict. It absolutely requires people to cooperate even if they disagree: The North Sea is an equal opportinity drowner, the Waterwolf does not care if the people it devours agree or disagree about some thing or the other.\nCooperation despite differences has been deeply ingrained into the society in the Netherlands, and affects all forms of conflict handling.\n","date":"2020-02-21T00:00:00Z","href":"https://blog.koehntopp.info/2020/02/21/under-the-sea.html","tags":["lang_en","netherlands"],"title":"Under the sea..."},{"categories":null,"content":"Welcome to the Netherlands. We\u0026rsquo;re building roads differently. They are better, safer and less stressful for cyclists, and that also makes them better, safer and less stressful for motorists. Here is how it works:\n(based on a Twitter Thread )\nWhat does it look like? I am living in a village. That means a speed limit of 30 km/h inside the city limits, and that is being enforced by the design of the road.\nThe red path is only a subordinate cycle path. On the other side of the canal, to the left, is the real cycle path. The bridge in the background is leading over to it.\nIt looks like this:\nIn the background you can see the traffic sign on the right hand side of the road, and the bridge. I am standing on the footpath, the bike path is on the left hand side.\nLet\u0026rsquo;s move forward to the bridge:\nIn the mornings this is a very busy spot, because there are two basic schools down the road over the bridge, and of course all the children are biking to school.\nSchool begins the day after the fourth birthday (and groep 1 and 2 is what in germany would be preschool, but it\u0026rsquo;s mandatory) and it can be reasonably expected from children of this age to be able to bike to school under their own power, but supervised. Children of group 3 and over can be expected to bike school unsupervised, and the environment must be built to enable this, and to allow them to roam around the city limits in order to go to sports or visity friends.\nDynamic traffic lights My village is next to the N205. That is a multilane motorway, a national street, an A-road. On the other side is the Schiphol runway \u0026ldquo;Polderbaan\u0026rdquo;.\nA cycling traffic light in the Netherlands looks like this. The \u0026ldquo;tikker\u0026rdquo; (call button) is only a formality, but good to hold yourself upright on the bike should you ever have to wait.\nUsually you don\u0026rsquo;t. That\u0026rsquo;s because of the sensors in the road: Two here (in order to measure direction and speed), and one more directly where the Tikker is. If you are driving the design speed of the cycle path (In the Netherlands that\u0026rsquo;s 15 km/h), and the traffic allows that, you will have green exactly when you are reaching the light.\nThat is because almost all traffic lights around here are dynamically controlled and have variable cycle times. The moment the last car or bike is clearing the crossing the light goes yellow and the waiting time for crossing traffic is shortened.\nAll of that under the principle that pedestrians and cyclists have priority over car traffic at all times.\nIntersection Design Interestingly enough: Cycle path design and rules make it possible for a cyclist to turn right at a crossing even when the light is red for motorists. It\u0026rsquo;s in the design of their crossings.\nThis article at Bicycle Dutch explains it in detail.\nThey also have a Youtube Video (same in German ) that shows this in practice and with traffic in motion. It\u0026rsquo;s beautiful.\nGo watch the video. But even then, let me highlight a few things from the video:\nThis is what is called a parking protected bike lane. The parked cars act as a protective wall against the cars on the street. Where there is room enough there is an exit zone that prevents dooring.\nAlso, everyone here is being drilled with the Dutch Reach , to the point where you fail your driving test in the last second if you do not exit the car properly after passing the final practical exam otherwise faultlessly.\nIntersections in the Netherlands are a construct that is full of waiting pockets, staging areas that allow you to stop and wait without being pressured from the traffic behind you, until you are sure it is safe to move on.\nThat is true for cyclists. Here waiting cyclists can stop for the red light without being in the way of traffic that is moving straight on.\nBut it is even more true for cars. Motorists can handle one task (turning), and then the next one (handling crossing cyclists), avoiding dangerous multitasking and dangers from multiple directions.\nIf you are used to driving in Germany, that is unexpected and initially confusing. Take your time, and take the traffic step by step, it is designed this way. If the traffic designer did their job, there is only one dangerous thing happening at a time, and there is always a safe place to stop and double check. Also, the other drivers are expecting you to stop and take your time.\nDanger Zone and the importance of consistency In fact, when driving in the Netherlands you will eventually notice that the main spot to check for dangers is usually 45 degrees to the right over the hood. That is, because whenever space allows it the situation is designed so that you can wait without being pressured from behind, handle one situation at the time, and the situation is coming up at approximately this position from the front-right (or, where traffic makes it necessary, from the front-left).\nHere an intersection, also with staging areas. The marked car has passed the cycle path and is now waiting to be able to safely merge, out of the way of the cycle path. A second car is coming up, waiting before the cycle path, making sure there are no cyclists coming and that the staging area is clearing.\nThe design and the marking of the cycle path with continous red color and shark teeth before the crossing make it clear to anyone that the cyclists have the right of way, even if the traffic signs weren\u0026rsquo;t there.\nRaised curbs and patterning make the road visually smaller, encouraging drivers to stay below the speed limit.\nCycle paths are separated from the road, where possible with a soft shoulder and lawn in order to communicate that there is no roadside parking here.\nThe raised curb on the cycle path side also encourages cyclists to stay in the lane and make use of the marked path for crossing. That way separated types of traffic cross only in spots that are designed to make the crossing safely.\nThe same design language is applied everywhere, making roads readable to everyone intuitively. Here a car is turning right into a residential area. The curb is raised from street level with a bump and different paving, making it visually and haptically clear to a driver that the environment is changing. There is of course a staging area, so that turning and clearing the cycle path are two different, sequential tasks.\nThe cycle path makes a slight swerve to the right to allow for this. In the video it becomes clear that this does not slow down the cyclist. Again, soft lawn is being used to discourage drivers from shorting the turn and crossing the cycle path at a different angle that a clear 90 degrees.\nAgain, narrow roads in the Netherlands are a design tool. They make sure traffic types cross at a safe angle so that eye contact can be made, and together with speed bumps and raised curbs they help to keep speed down to safe levels. The design is built specifically so that drivers do not accelerate into a conflict zone.\nThe situation is built so that potential conflicts happen the 45 degress-to-the-right-over-the-hood angle that motorists are trained to double and triple check in urban areas, and with the car at rest or close to rest.\nConsistent design language helps to make safety habitually automatic.\nRoundabouts are safer and faster than intersections, but the same design principles and design language can be applied to this situation as well, even in historic old towns such as Amsterdam shown here.\nWe see the familiar Dutch design: Staging area for cars, separating the action of leaving the roundabout and clearing the cycle path. Road marking communicates bike priority. Shark teeth also help to communicate priority. The curb extension and the middle island separating the car lanes both keep the roads visually narrow and encourages drivers to position themselves properly and not cut corners.\nThe danger zone is positioned to the right-front for the car leaving the roundabout, traffic types intersect at 90 degree angle and with the car at rest or almost at rest. For the car entering the roundabout, the danger zone is the left-front, because there is no other option to make this possible.\nHierarchy of Mitigations Of course, according to the OSHA Hierarchy of Mitigations, none of this is the best solution.\nOSHA Hierarchy of Mitigations or OSHA Hierarchy of Controls for workplace safety. In german Maßnahmenhierarchie nach TRBS . (after an older tweet )\nEliminate: Remove the cause of danger completely. A car-free environment. Substitute: Replace the hazardous work practice or machine with an alternative. Encourage and promote public transport. Isolate: Separate the hazard from the people at risk from injury. Cycle paths are separated from car roads with alternative routing, curbs, underpasses or other means of physical separation. Engineer controls: Physical changes, eg. redesign machine by adding safeguards. Speed bumps, and physical intersection design reduce risk of collision and injury. Administrative controls: Install signs, rotate jobs. Road signs (\u0026ldquo;Cyclists crossing!\u0026rdquo;, speed limit signs) PPE (Personal Protective Equipment): Provide gloves, earplugs, helmets. Bike helmets and high viz vests. So while we have been speaking about intersection design, we have been essentially been speaking about level 4 methods from the OSHA hierarchy. Where space allows it, level 3 methods would be better.\nAnd again, we can see them in the Dutch road design:\nThe roundabout shown in the video leads the cycle path through underpasses underneath the street, completely separating the car and bicycle traffic. That means no danger of collision, no traffic lights and no wait times for cyclists, ever. A way better solution that any intersection design.\nThe video finishes with two children passing an intersection on bikes. Again, we can see the dynamic traffic light control: The moment the second cyclist enters the intersection, the green phase is shortened and the light turns yellow. As soon as the intersection has been cleared, cross traffic can start.\nThis is not a space intensive design. It works in many historic old towns in the Netherlands, and any design up to code in the US (or Germany) can be converted to a safer Dutch design within the same space.\nA second video (same video in German ) demonstrates this. This video also reiterates the various design choices shown above, and explains them.\nDid you say 15 km/h? The design speed for cycle paths in the Netherlands is for an average speed of 15 km/h.\nThe cycle infrastructure is excellent, and you can often and for long stretches read a much higher speed, but there are two core ideas behind the entire network that lead to the 15 km/h design speed:\n\u0026ldquo;AAA\u0026rdquo;, \u0026ldquo;All Ages and Abilities\u0026rdquo; For a high cycling rates, it is important that anybody can cycle and feels safe doing so.\nThat leads to a design requirement in which a 4-year-old can cycle to school supervised, and a 6-year-old can cycle to school unsupervised, or an 80-year-old can use the cycle path safely and comfortably on a bike, trike or a suitable electrically assisted personal transport.\nIt also leads to the design requirement that two cyclists can ride abreast - parents riding with their children, or just two people riding together and chatting, like they would do in a car. A cycle path that wide (per direction) also enables overtaking, and has sufficient space for transport bikes.\nThe key idea is that bike paths are a system for the many, not for the fittest.\nMultimodal Transport The bike system in the Netherlands and the public transport (OV) system are designed to work together. The designers envision the bike trip of commuters to be \u0026lt;7.5km (\u0026lt;30m travel time on bike, \u0026lt;20m at 25 km/h), ending at a train station.\nTrain stations have large covered parking structures (free to use), and often offer additional services (\u0026ldquo;Bike repair while you are away to work\u0026rdquo;, \u0026ldquo;Sale of small service parts such as inner tubes or LED lights\u0026rdquo;). Haarlem station has a fairly typical station, I made a video . Note how the design language of the cycle tracks extends down even to the racks.\nThey also usually have NS OV Fiets lending stations. While public transport in the Netherlands is being run by a number of municipal and commercial operators, which are free to set prices and define zones as they see fit, the billing is unified and works via the nationwide OV Chipkaart - all trains, trams, buses and also the rental bikes offered at almost all train stations are being billed via one single card. Getting a rental is as easy as swiping your card, at a price of less than 3.60 EUR per day billed to the OV card.\nEltis explains multimodality in Dutch rail .\nThe dutch government provides Cycling Facts (PDF ).\nBike use is x2.5 higher in the Netherlands than in Germany, on the average\nBike use is regionally different, and in some zones the usage quota is more than 50% of all trips shorter than 7.5km\nOther Sources (in german language) If you are looking for a more in depth discussion of all of this in german language, have a look at Wunderlösung Schutzkreuzung? by Darmstadt fährt Rad .\nDie Schutzkreuzung, Teil 1 Die Schutzkreuzung, Teil 2 Be sure to also check out the detailed background references in the footers of the articles, and the details \u0026ldquo;view from the car\u0026rdquo; addenda in Teil 2, which show deadzones of cars and lorries in detail.\nAlso at \u0026ldquo;Darmstadt fährt Rad\u0026rdquo;:\nKreuzung Deluxe 1: Einleitung Kreuzung Deluxe 2: Designelemente Kreuzung Deluxe 3: Funktion Kreuzung Deluxe 4: Fallbeispiele Kreuzung Deluxe 5: Neugestaltung einer deutschen Kreuzung Kreuzung Deluxe 6: Neugestaltung einer großen deutschen Kreuzung These articles are a treasure trove of traffic design information in german language, and again are backed by a wealth of illustrations and linked sources.\n","date":"2020-02-19T00:00:00Z","href":"https://blog.koehntopp.info/2020/02/19/how-to-build-a-cycling-environment.html","tags":["lang_en","germany","netherlands","cycling","mobility"],"title":"How to build a cycling environment"},{"categories":null,"content":"Oliver Rautenberg berichtet auf Twitter von \u0026ldquo;Elternvereinbarungen zur Smartphone- und Mediennutzung\u0026rdquo; an Waldorfschulen in Deutschland.\n»Medienvertrag einer \u0026ldquo;Freien Schule\u0026rdquo; der Waldorfpädagogik. Ist diese Einmischung noch vertretbar? Keine Handys in der Schule, ok. Aber auch zuhause will die Schule Handys, Computer, Filme und sogar Hörspiele vertraglich verbieten. \u0026ldquo;Risiken und Gefahren\u0026rdquo; drohen!«\nDies ist meine persönliche Erfahrung, also eine Studie mit einer Sample-Gruppe von n=1. Keine Ahnung, und mir egal wie Ihr Dinge bei Euch in der Familie regelt, aber vielleicht ist das ja dennoch für irgendwen nützlich.\nMein Sohn ist jetzt 9 und wird bald 10.\nEr ist in Deutschland geboren und ist in Deutschland mit 18 Monaten in den Kindergarten gekommen. Dort hat er bis zum Einschulungs-Sommer 2016 den Kindergarten und die Vorschule beendet, und ist dann zusammen mit seiner Mutter zu mir in die Niederlande hinterher gezogen.\nEr hat die Niederländische Groep 3 in einer Integrationsklasse verbracht, um den Stoff, der der deutschen 1. Klasse entspricht zusammen mit der niederländischen Sprache zu erlernen. Am Ende von Groep 3 hat er den Schulsprachtest bestanden und ist auf eine lokale reguläre Grundschule gewechselt.\nEr ist jetzt in Groep 6 (entspricht der deutschen Grundschulklasse 4). Die Grundschule geht bis Groep 8 (entspricht der deutschen Grundschulklasse 6).\nLicht und Ton und Touchscreens Der Sohn hat sehr früh die Bildschirme im Haushalt bemerkt und war insbesondere von Touchscreens sehr fasziniert. Die erste App, für die er sich je interessiert hat, war das inzwischen eingestellte Zoola Animal Sounds , eine Anwendung, die Tierbilder zeigt und mit Musik und Tiergeräuschen untermalt. Er hat die Anwendung bis zum Alter von fast vier Jahren immer mal wieder nachgefragt.\nDer Umgang mit Touchscreens erschien dem Kind sehr unmittelbar und natürlich. Auch Gesten zum Drehen und Zoomen wurden abgeguckt, unmittelbar einsichtig und mußten nicht aktiv gelehrt werden. Das ging so weit, daß das Kind beim Fernsehen aufstand, den Bildschirm berührte, um den Film anzuhalten und dann beide Hände auf den Bildschirm presste um einen interessanten Ausschitt zu versuchen zu vergrößern - das hat dann leider zur großen Enttäuschung des kleinen Mannes nicht funktioniert, zeigt aber welche Erwartungen in die digitale Umwelt von einem Kind gesetzt werden.\nEin wichtiger Aspekt des Aufwachsens ist immer der Aspekt von Kontrolle gewesen, also Steuerung und Manipulation der Umwelt. Das Wort \u0026ldquo;Licht\u0026rdquo; hat das Kind sehr früh gelernt, und er wollte immer wieder auf den Arm genommen und vor einen Lichtschalter gehalten werden. Die Tatsache, daß das Drücken hier dann da bei einer Lampe etwas bewirkt war eine unglaublich aufregende Entdeckung. Die Tatsache, daß er nach seinem Willen die Umwelt beeinflussen konnte auch. Und daß unterschiedliche Schalter verläßlich unterschiedliche Lampen kontrollieren und das erlernbar war: auch fundamental.\nUnsere Nachbarn in der deutschen Wohnung über uns hatten zwei Kinder, die ein wenig älter waren als unser Sohn. Für ein kleines Kind ist das kein wesentlicher Unterschied - es unterteilt die Welt in \u0026ldquo;Leute, die alles wissen und alles können\u0026rdquo; und \u0026ldquo;solche, die so sind wie ich\u0026rdquo;. Daß Kinder mit 3-4 Jahren viel mehr können als er selber hat er nicht erfaßt. Entsprechend dann: immer wenn er Kontakt hatte, hat er plötzlich Dinge getan, die er ohne die Demonstration, daß Kinder so was können können nie getan hätte.\nDas war einer der Hauptgründe, das Kind in einen Kindergarten zu geben: Dort hat er die Geschwister, die er daheim nicht hat, und das hat ihn massiv nach vorne gezogen.\nDaheim hat er durch unsere Arbeit bedingt viel Kontakt zu Computern. Dabei hat ihn meine Arbeit eher weniger interessiert - Papa sitzt auf den Bildschirm und starrt auf Buchstaben. Aber was Sammy tut ist um so interessanter.\nMusik und Film Sammy hat damals im Cafe Theater Schalotte Licht auf Veranstaltungen gemacht, und das Treiben am Theater, aber auch Licht und Tontechnik haben ihn als direkte Verlängerung seiner Erfahrungen daheim ohne Ende interessiert. Ich weiß, daß wir oben am Lichtpult gesessen haben, das Kind kaum 4 Jahre alt, die Frau an der Bühne unter der Decke hängend die Scheinwerfer manipulierend. Als sie ruft \u0026ldquo;Die Drei auf Achzig!\u0026rdquo; zählt das Kind wichtig die Weißlicht-Regler ab, und ist stolz wie Oskar, daß er den Schieber 3 auf 80% regeln darf. \u0026ldquo;Super\u0026rdquo; ruft es von unter der Decke zurück!\nDas Kind ist voller Musik, und von mir hat er das nicht. Das geht so weit, daß ich mir mit einer elektrischen Zahnbürste die Zähne putze und er kurz dem Brummen lauscht und dann sagt \u0026ldquo;Das ist ein C und Deine Zahnbürste ist verstimmt\u0026rdquo;. Ich ziehe die Stimm-App auf dem Handy aus der Tasche und in der Tat, die Braun brummt ein sattes C, liegt aber deutlich daneben.\nDas mit der Musik ist auch sehr früh deutlich geworden, und so hat er neben der Vorschule auch \u0026ldquo;musikalische Früherziehung\u0026rdquo; bekommen, in der den Kindern ein Jahr lang Gelegenheit gegeben worden ist, für jeweils 3 Monate ein Instrument auszuprobieren und Erfahrungen zu sammeln. Mit 5 hätte er dann noch ein Jahr dranhängen können, hat dann aber selber entschieden, daß er nur noch Geige machen will. Also hat er angefangen, in Berlin Geige zu lernen und es ist uns gelungen, in Amsterdam eine Lehrerin zu finden, die deutsch und niederländisch spricht und ganz wunderbar unterrichten kann.\nUm diese Zeit, so mit 6 Jahren, hat er auch zusätzlich zum abgelegten Handy mein altes Macbook pro in die Finger bekommen. Das ist ein Gerät von 2009, mit einer nachgerüsteten SSD, die es nicht nur schneller, sondern auch robuster macht, und mit leider nur 4 GB RAM. Im Laufe der Zeit hat er dort Youtube, Musescore, Garageband und auch iMovie entdeckt und sich ohne weitere Erklärungen weitgehend selbst angeeignet.\nDabei haben wir eine ganze Menge über unser Kind gelernt.\nErstens: Das Kind braucht Limits. Es würde ohne diese Limits vermutlich in den unendlichen Tiefen von Youtube versacken und nie wieder vorkommen. Es braucht auch Wertungen. Wir haben abgemacht, daß er zunächst Youtube mit uns zusammen guckt, und dabei ist er auf einen Haufen Videos gestoßen, die keine Geschichten erzählen, sondern sehr niedrig zielende, teletubby-artige Animationen abspielen. Wir haben ihm erklärt, wie sich diese Videos von Videos unterscheiden, die etwas erzählen wollen, und wieso wir die eine Sorte Video langweilig finden, und die andere nicht. Er hat irgendwann angefangen, Videos nach diesen Kriterien zu beurteilen und auszuwählen.\nZweitens: Das Kind lernt durch Tun und Abgucken mehr als durch Erklären. Erklärungen sind wichtig, aber Vorbilder, Nachahmungen und Zusehen sind viel, viel wichtiger. Buchstaben haben sich ihm als Konzept erschlossen durch Zusehen, und durch Tippen und Vergleichen. Da er sich brennend für Eisenbahnen und insbesondere Dampfloks interessierte, wollte er Youtube-Suchen eingegeben haben. Das Wort \u0026ldquo;Dampflok\u0026rdquo; konnte er also bald erkennen und dann auch sehr schnell schreiben. Das war ihm wichtig, denn er wollte ja selber suchen.\nYoutube ist ein unglaublicher Schatz an Ausbildungsvideos, Verdeutlichen und Anschauungsunterricht. Er verwendet Youtube inzwischen gezielt, um bestimmte Fertigkeiten vorgeführt zu bekommen und nachzuahmen.\nDrittens: Dabei forscht er sehr selbstständig und vollzieht im Kleinen andere, viel größere Entwicklungen nach. Hier in den Niederlanden hat er gelernt, wie er Videos von seinem Handy auf seinen Computer laden kann. Er hat iMovie entdeckt durch Experimentieren herausgefunden, wie man iMovie Fertigtrailer produziert. Er hat dabei die vorgegebene Form und den Stil von Trailern auf Netflix imitiert, um Trailer für noch nicht produzierte, selbst ausgedachte Geschichten zu produzieren.\nDanach hat er über Youtube und durch weiteres Experimentieren iMovie erlernt, und dann angefangen mit seinem Handy Filme zu abschnittsweise zu drehen und zu schneiden. Dabei ist er selbst auf eine Reihe von Stilmitteln gestoßen oder hat sie imitiert, die wir in der Geschichte des Films als Bausteine des Geschichtenerzählens mit diesem Medium entdeckt haben.\nWeil er Anfangs in den Niederlanden sehr alleine war und sich seine Klassenkameraden auch nicht so für das filmische Erzählen interessiert haben, hat er vier Charactere geschaffen (\u0026ldquo;Joram\u0026rdquo;, \u0026ldquo;Max\u0026rdquo;, \u0026ldquo;Tom\u0026rdquo; und \u0026ldquo;Mehmet\u0026rdquo;), die sich durch Kleidung unterscheiden. Natürlich kann er immer nur eine Person zur Zeit im Bild haben, wenn er alle Rollen selber spielt, aber um zu erzählen hat er dann Dinge wie Schnitt/Gegenschnitt und Perspektive entdeckt.\nMax und Mehmet geraten in einen Streit und Max regt sich weiter auf - er hat das realisiert, indem er Max bei jedem Gegenschnitt weiter aus dem medium close-up in den close-up zieht. Mit einer blauen Decke, der Bluescreen-Funktion von iMovie und einer Stegosaurus-Spielfigur hat er eine Verfolungsjagd realisiert, bei der die Charactere von einem Dinosaurier verfolgt werden.\nNachdem Sammy ihm ein Drehbuch und Einstellungs-Skizzen gezeigt hat, ist ihm die Idee gekommen, daß er sich dann nicht so oft umzuziehen braucht, wenn er die Einstellungen sortiert und daß Produktionsreihenfolge und Schnittreihenfolge nichts miteinander zu tun haben müssen. Das hat seine Produktion stark beschleunigt.\nEr versteht in seinem Kopf, wie sich Joram, Max, Tom und Mehmet unterscheiden und wie und warum sie in derselben Situation unterschiedlich reagieren würden. Er ist in der Lage zu begründen, warum sich Mehmet bei einer Begegnung mit dem Stegosaurier anders als Max verhalten würde. Er versteht, daß Erlebnisse Menschen verändern und hat von sich aus angefangen zu erklären, warum sich Mehmet \u0026ldquo;nach dem Stegosaurier\u0026rdquo; anders verhalten würde als \u0026ldquo;Mehmet vor dem Stegosaurier\u0026rdquo;.\nViertens: Das Kind braucht Bewegung. Wenn er einen Tag nicht draußen spielt, schwimmt oder reitet, dann ist er ungenießbar und kaum zu kontrollieren. Er empfindet das selbst, ist aber noch nicht in der Lage ohne Hilfe die notwendigen Konsequenzen und Zeiteinteilungen zu finden und das auch durchzuziehen. Es ist also wichtig, ihn rauszuwerfen und zu zwingen, physische Dinge und persönliche Interaktion mit anderen Menschen zu haben. Er versteht hinterher, daß es ihm besser geht, kann das aber noch nicht selbst zuverlässig initiieren.\nFünftens: Er hat rausgefunden, daß es Filme gibt, die er nicht sehen mag, und daß eine grobe, aber unzuverlässige Korrelation existiert zwischen Altersfreigabe und der Tatsache, daß er den Film nicht mag. Er hat die Indiana Jones und die Jurassic Park Filme gesehen, und gut gefunden, obwohl einige von denen weit über seinem Alter liegende Einstufungen haben und es gibt andere Filme, die technisch ab 6 wären, aber die ihm so unangenehm sind, daß er abbricht. Er hat durch Gespräche mit uns gelernt, daß uns das auch so geht (Ich finde \u0026ldquo;Blacklist\u0026rdquo; unangenehm und sinnlos gewaltätig und mag das nicht sehen) und daß das in Ordnung ist.\nEr hat Harry Potter nur bis Teil 3 gesehen und will die anderen Teile, die durchaus vorliegen, gerne mit uns zusammen sehen, wenn er meint, daß er soweit ist. Er hat gelernt, seinen Gefühlen da zu vertrauen und er ist - mit wenigen Einschränkungen - in der Lage, diese Entscheidungen auch selbstständig umzusetzen. Er guckt weg, bittet um Umschalten oder verläßt den Raum, wenn er was nicht sehen will und er bringt aktiv seine Meinungen und Präferenzen in Entscheidungsprozesse ein.\nComputerspiele Das Kind liebt Aufbauspiele. Das hat mit Train Fever und seinen Nachfolgern sowie Cities: Sylines begonnen und ging dann über Ark bis Minecraft. Ich habe ihm und seinen Freunden einen Minecraft Server und ein Teamspeak installieren müssen.\nDabei haben er und seine Freunde entdeckt, was man in Minecraft tun kann, wie sich das Multiplayer vom Solospiel unterscheidet, und daß sie unterschiedliche Ideen haben, was sie in Minecraft tun möchten oder was in Ordnung ist und was nicht. In Folge hat es eine Serie von Streitereien und Versöhnungen gegeben, in denen sie eine Übereinkunft ausgehandelt haben, die klar macht, wie sie miteinander im Kontext des Spieles umgehen wollen.\nUnd sie haben den Server gestaltet. Das heißt auch, daß sie mit einer Liste von Installationswünschen für Plugins bei mir aufgelaufen sind, die ich dann brav in den Server gekippt habe und deren Konfiguration sie dann weitgehend auf Youtube selbst gelernt haben.\nMultiplayer ist weitaus interessanter als Solo - Minecraft hat im letzten Jahr alle anderen Spielaktivitäten vor dem Bildschirm ausgelöscht, weil Interaktion mit anderen Spielern um vieles interessanter ist als Interaktion mit Computergegnern oder computeranimierten Figuren.\nProgrammieren Als das Kind fragte, was Papa denn so vor dem Computer tut habe ich angefangen Python zu erklären. Das ist eine schwierige Aufgabe - im Alter von 6 Jahren war die Vermittlung der Gedanken um Kontrollstrukturen unmöglich. Der Sohn hat in der REPL Variablen belegt und wieder ausgegeben. Aber nicht nur hat das Konzept \u0026ldquo;Im Editor schreiben, auf einer Kommandozeile aufrufen\u0026rdquo; ihn überfordert, auch Verzweigungen und Schleifen waren zu diesem Zeitpunkt nicht vermittelbar. Es hat bis zum Alter von 8 Jahren gebraucht - wir haben das Python immer wieder halbe Jahre liegen lassen - um einen Reifegrad und das abstrakte Denken zu bekommen, um diese Konzepte zu erschließen.\nDie Schere zwischen den Wünschen (GUI! Grafik! 3D! Minecraft selber machen!) und den Fähigkeiten ist enorm. Aber wir haben jetzt ein Cli-Programm, das Additionsaufgaben stellt, die Ergebnisse kontrolliert und einen Score mitführt (und einen Highscore abspeichert). Sollten wir irgendwann mal bei Klassen und Bibliotheken ankommen, werden wir eine Qt-Version davon bauen.\nKind und Computer Ich verstehe einen Großteil des Gewese um Kinder vor dem Computer nicht. Zumindest nicht in Bezug auf unser Kind. Es ist wichtig, daß er raus kommt, sich bewegt und mit anderen Menschen interagiert, das ist klar.\nEs ist auch wichtig, sich dafür zu interessieren, wie er den Computer und das Smartphone verwendet, und wenn er dabei etwas erschafft, das als Haken zu verwenden, um ihm moderne Kultur und Kommunikation zu erklären.\nEr denkt, er dreht einen Film, aber er erforscht selbst und mit unserer Hilfe Charactere, Entwicklung, Storytelling, Konflikt und Drama, Produktion und Produktionsplanung, Spezialeffekte, Kostüm und Makeup. Er mag vor dem Rechner mit Musescore und Garageband rumspielen, aber das bindet sich direkt in seine Übungen für den Chor und seinen Geigenunterricht rein und beide Dinge unterstützen einander. Er will Minecraft spielen, aber damit das mit seinem Server so geht wie er das will, muß er sich mit elementaren Dingen des Communitymanagement (und Motivationen seiner Mitspieler, Spielertypen und User-Stories), aber auch mit ssh, YAML und Serverkonfiguration auseinander setzen.\nUnd da kann man mit ihm drüber reden, ihm zeigen, wie wir diese Dinge auch in unserer Arbeit wieder finden und warum er gerade welche Schwierigkeiten hat und was mögliche Handlungsoptionen sind. Und dann läßt man ihn und seine Kumpane wieder alleine und die müssen selber Wege finden, das anzuwenden oder auch nicht und dabei zu lernen.\nUnd Youtube. Youtube wird in der medialen Berichterstattung in Deutschland gerne einmal runtergemacht und als Halde voller Schrott und Propaganda dargestellt. Youtube ist die großartigste Selbstbedienung-Ausbildung, die es auf diesem Planeten gibt. Und mit der richtigen Voreinstellung im Kopf sortiert das Kind eventuell in die Timeline gespülten Schrott weitgehend selbstständig aus und hält sich selbst auf Spur.\nMit Neun ist das noch nicht perfekt, wie auch. Aber ich bin sehr beeindruckt von dem, was er so macht.\nWie dem auch sei: Mein Kind sitzt vor dem Computer. Auch, nicht nur. Das ist auch im wesentlichen gut so, und außerdem unvermeidlich. Also muß ich damit umgehen lernen, genau wie er.\n","date":"2020-01-28T00:00:00Z","href":"https://blog.koehntopp.info/2020/01/28/mein-sohn-sitzt-vor-dem-computer.html","tags":["lang_de","schnuppel","bildung"],"title":"Mein Sohn sitzt vor dem Computer"},{"categories":null,"content":"On Twitter, @CaptainEyesight asked a question:\n»Database architecture question: For deleting records, instead of a DELETE, UPDATE the id to the negative (i.e. 1 becomes -1) and then add AND id \u0026gt; 0 to every query. Great idea? or Greatest idea?«\nI was honestly a bit confused, because this idea is so weird that I took this question for a joke. But then I decided that this is a case for XKCD 1053 : »You are one of today\u0026rsquo;s lucky 10.000.« So let\u0026rsquo;s do this properly.\nPhysical InnoDB data structure In InnoDB, data is stored as a B+-Tree indexed by the primary key. A B+-Tree is a B-Tree in which the leaf pages contain the actual data records. That means that data is (within limits) stored physically, on disk, in primary key order. A record with a lower primary key value will be \u0026ldquo;further left\u0026rdquo; in the B+-Tree than a record with a higher primary key value, and within limits will also be on a disk block with a lower or equal number than blocks with higher primary key values.\nInnoDB structure as a tree index blocks pointing to other index blocks, and the leaf nodes containing the actual data.\nThe limitation is here that InnoDB allocates data in chunks (of 64 pages of 16 KB by default, for segments of 1 MB), and filesystems of course do not really guarantee \u0026ldquo;low to high disk space allocation\u0026rdquo;. Another, weaker and slightly better way to describe the physical ordering would be that two primary key values with a small value difference are more likely to be phsically closer on the storage medium, but it is still a kind of best effort estimate.\nIn any case in InnoDB, the physical record position is a function of the primary key. Changing a PK the way described will physically move the record from \u0026ldquo;right\u0026rdquo; in the B+ tree to the left, inducing a lot of rebalancing operations, page splits and merges. Ultimately actually deleting always from the left and appending always on the right is producing the worst physical page structure InnoDB could have: Permanent page merges on the left, permanent page splits at the right and a permanent maximal rebalancing of the entire tree.\nThis is an abysmally slow data structure. I wrote about it in german language in Ein paar Gedanken zu Zeitreihendaten in 2009, where I have been discussing the way Nagios NDO Schema abuses the database on the Open Source Monitoring Conference in Nürnberg.\nForeign Key complications There is another problem layered on top of the physical data structure problem, and that is that primary keys of one table t may be used in other tables r and s as pointers to records in t. Such usage is called a foreign key. If you change primary keys, all foreign keys will become invalid and will point at the wrong or non-existent recoords.\nThere is a way around that, manually or automatically change the foreign keys.\nIf you want the change to happen automatically, you can do that with foreign key contstraints, and ON UPDATE CASCADE and ON DELETE CASCADE clauses. The problem that people will run into in practice is that such clauses make it very hard to estimate the performance of a statement by just looking at the SQL. Chaning a primary key value will cause an update of all dependent foreign key rows, and the actual number of these rows is unknown, may be variable and that makes the runtime of the statement data-dependent and completely unpredictable.\nConsider a table of hotels with a hotel_id as a primary key. Consider a second table of hotel_reviews, with a review_id as a primary key, and a foreign key hotel_id pointing back at the hotel being reviewed. Now assume a hotel closes and we renumber it from 4711 to -4711. We will have to change all reviews of that hotel in the hotel_review table, so any number of reviews will have their hotel_id changed from 4711 to -4711, too. That can be none, or few, if the hotel was not very popular, or it can be literally 10.000s of records. It will create problems in production. I know that because I was around when exactly this happened.\nSome Axioms about Primary Keys As a general rule, the following things are in my experience good rules:\nNever change a primary key value. Primary key values should be considered immutable. Never reuse a primary key value. Primary key values used in foreign keys tend to stick around, even outside of the database, in bookmarks, notes, file dumps and other data sources that you do not track, control or index. If you re-use a primary key value, these URLs, notes, or other pointers will now point to different, entirely random data instead of producing a lookup error. Don\u0026rsquo;t do that to yourself. Never encode additional information in a primary key value. Primary key values encode the identity of a row. Nothing else. Flags such as is_deleted, is_made_to_order or other special things are not ranges, signs or other special properies of the actual primary key. They should be extra columns, made explicit, documented, and be indexable on their own. Everything else is broken. I once had to work with a database that contained orderable part numbers for camper trailers, and if the part number started with an \u0026lsquo;8\u0026rsquo; or an \u0026rsquo;e\u0026rsquo;, that part was made to measure and not generally available in stock - things like window blinds or seat cushions. That\u0026rsquo;s extremely broken, and there should have been a made_to_measure flag and another in_stock flag.\nPoisoning transactional data with crud In Openstack in 2015, about any of the Keystone, Neutron, Nova and other databases did not delete things, but each row had an is_deleted flag. Every query is the actual query plus an AND is_deleted = 0. This makes queries more complicated, confuses the optimizer and every developer and, even worse, requires an expiration cron job, which by default was not delivered, much less installed.\nis_deleted flags are usually not very selective. In the beginning, there will be very few deleted records, and over time they will dominate the data, so that most records will actually be deleted. Most optimizers have problems handling biased key distributions properly, and indexes on low cardinality columns are another problem entirely.\nIn any case, there will likely be dead records on each page loaded into memory, poisoning your expensive caches with dead data. This is not a good use of your money or hardware budget. The recommendation is to keep only live data in transactional tables. Actually delete completed transactions from your transactional tables. Keep your transactional system small. A transactional system ideally never reads data, because it can keep the pages of the working set of your current transactions in memory. Only writes happen, to persist the actual transactions.\nYou will need a log of changes, for compliance reasons, for business intelligence (BI) reasons and for reporting as well as many other use cases. You can implement an Extract-Transform-Load (ETL) process into a data warehouse, with the usual DW transaction from online transaction processing normalized schemas into data warehousey star and snowflake schemas. That is, in the DW you will not store ids, but actual data values, because you are not interested where customer_id 17 lives now in 2020, but that the item \u0026ldquo;USB Memory Stick 128 GB\u0026rdquo; was actually priced \u0026ldquo;24.99 EUR\u0026rdquo; when you delivered it to a customer in 24110, Germany in August 2013. So part of the ETL process is to join all the things, keep the values you want to archive and then archive them into a giant fact table (and maybe recompressing the values back to DW ids in sideways lookup tables for space reasons). Then you create daily aggregate along the dimensions of reporting, creating a star or snowflake from the fact table timeline.\nDeleting from a monster fact table where primary keys corrospond to temporal data is just as bad. Use partitions instead, and drop expired days.\nIdeally, the fact table is partitioned, so that you to not shuffle through the B+-Tree again for deletion. Instead, you ALTER TABLE ... DROP PARTITION instead, which is much, much, much faster.\nAnother way to get changed recorded is instead Change Data Capture (CDC), which you configure a server as a database master writing full row based replication binlog, in which each DML statement will log the full before- and after-image of each changed row. A binlog eater processes this data to produce an ongoing live update of the DW. You will still have to take each logged row, extract the IDs and join them to get the data values of all the other tables you need to log for the ETL process. That can create race conditions, so you may instead opt for changing the application, which would then write twice, once into your OLTP system and once into the DW in denormalized star form.\nCoexistence is impossible Transactional and reporting queries do not coexist nicely on the same hardware at scale. It is useful to keep transaction processing systems and reporting/BI systems physically separated.\nAn OLTP system is ideally memory saturated - the working set fits into memory, if you can make that happen. Transactions are short lived, query latency matters. The system is write-heavy by definition - it\u0026rsquo;s sole purpose in life is to record state changes on disk in order to model real-world state changes such as orders, order fullfillment and billing. The schema is likely normalized and close to 3rd normal form in order to make update volume manageable. Uptime matters, so having a small data set size will help meeting availability requirements: One that business is interested in is a short MTTR, and MTTR is often a function of data set size.\nData Warehouse and BI systems are unlikely to be memory saturated. It is their nature that they grow without bounds unless you actually complete the data lifecycle management by actually dropping data. Transactions are read-mostly, deletes are rare (and implemented as partition drops) and writes are ideally append-only. Queries are long-lived, full table scans, indexes may be of limited use. Hash joins may be more useful than loop joins. The schema is likely \u0026rsquo;normalized\u0026rsquo;, but the DW normal form is a loglike fact table and star or snowflake structures around it. Uptime may matter, but the requirements are often much more relaxed compared to what is requested from the OLTP side of the business. That is good, because DW data set size can be something else.\nEvery OLTP system contains a data warehouse that struggles to get out It is perfectly normal (and okay for some time) for a new OLTP system to contain a DW on the inside that eventually needs to be extracted and put onto its own machinery. When you create a new OLTP system, you objective is to get it up and running. You need to earn money after all.\nStill, there will be tables in your system that contain a data in the table name, the partition clause or the primary key. These are tables that grow without bounds given an otherwise constant and unchanging transactional volume. Eventually you will need to come around and complete the data lifecycle management process that you skimped on in order to get things running.\nThat is, you will need to define what kind of attributes you want to extract for reporting in your ETL or CDC process, define such a ETL or CDC process, define a DW/BI structure and the reports and ad-hoc query opportunities you want to support.\nThis will sustain you for a long time, but eventually even the DW/BI you have will outgrow your means and you need to close the loop completely in order to cap growth. Also, compliance rules will force you to actually delete data after some time.\nTL;DR: You think about changing primary keys when you should think about data lifecycle management. That is not a good business or data modelling strategy.\n","date":"2020-01-28T00:00:00Z","href":"https://blog.koehntopp.info/2020/01/28/some-rules-for-primary-keys.html","tags":["lang_en","mysql","schemas","database"],"title":"Some rules for primary keys"},{"categories":null,"content":"Heise schreibt in Mailbox.org: Google sperrt \u0026ldquo;unsichere\u0026rdquo; Dritte vom Kalender aus über Anwendungen von Dritten und den Zugriff auf Google Kalender, Google Mail und andere Dienste, die mit GSuite interagieren. Der Artikel wirft leider eine Reihe von Dingen durcheinander, was schade ist, weil er einen wichtigen Punkt machen will.\nOAuth2 vs. LSA Im Artikel geht es um OAuth2 . OAuth2 ist kein neues Verfahren. Es handelt sich um einen Standard, bei dem ein Dienstleister Drittanwendungen den Zugriff auf Dienste erlaubt, indem er der Drittanwendung relativ automatisch ein Logintoken zuteilt, das\nzeitlich begrenzt ist die Identifikation der Anwendung und des Anwenders erlaubt und einen Scope (einen Satz eingeschränkte Zugriffsrechte) hat. Um also auf den Google Kalender oder in Zukunft bald auch IMAP zugreifen zu können, muß eine Drittanwendung ein Token vorzeigen. Das Token, das etwa Busycal auf dem Mac verwendet, ist von dem Token verschieden, mit dem ACal+ auf Android auf meinen Google Kalender zugreift. Theoretisch könnte Busycal auch Vollzugriff auf den Kalender haben, während das ACal+ Token einen Read-Only Scope hat.\nBeide sind verschieden von meinem mit 2FA gesicherten Zugang zu meinem Google Account, der nicht nur Kalender und Mail enthält, sondern auch mein Wallet, meine gekauften Inhalte, mein Youtube, meinen Google Cloud Zugang und meine Google Ads. Wird durch eine Sicherheitslücke eines der Token publik, ist das kein Beinbruch (der Schaden ist auf den Scope begrenzt) und leicht zu korrigieren (die Zugriffsrechte sind wiederrufbar).\nGoogle gibt einem eine Security-Übersicht für Deinen Account in Google Account . Auf der Permissions -Seite kann man sehen, wer Zugriff hat und was die dürfen. Nach Anklicken sieht man auch, wann das war und man kann den Zugriff wiederrufen.\nPermissions Seite für OAuth2 Anwendungen in Google Account .\nDas alles ist eine Feine Sache™ und ein großer Fortschritt. In der Vergangenheit hätte man sich bei einem CalDAV oder IMAP Server mit dem Usernamen und Paßwort eingeloggt, und hätte dadurch den gesamten Google Account mit allen Diensten, die da dran hängen, exponiert und gefährdet. In so einem Kontext ist insbesondere der Wiederruf und die Recovery nach einem Security-Problem so gut wie unmöglich.\nDas weiß Google auch, und daher gab es bisher für Programme, die OAuth2 nicht beherrschen, eine Sonderlocke: \u0026ldquo;Application Specific Passwords for Less Secure Applications\u0026rdquo; (LSA).\n\u0026ldquo;Application Specific Passwords for Less Secure Applications\u0026rdquo; (LSA) ist auch in Google Account zu finden und hoffentlich leer.\nMit LSA legt man ein Kennwort für seinen Loginnamen fest, das an eine Anwendung gebunden ist und gescoped ist, also im Zugriff beschränkt. Da Google dieses Paßwort generiert, ist es auch sicher vom Accountpaßwort verschieden.\nMan kann sich also mit einem Legacy Client, der auch in 2020 noch kein OAuth2 kann, auf einem GMail IMAP oder CalDAV einloggen und riskiert dennoch nicht seinen ganzen Account. Gut so.\nOAuth2 Playground Es gibt einen OAuth2 Playground bei Google. Mit dem und der Entwicklerdokumentation kann man einmal herumspielen. Oder man verwendet deren oauth2.py . Für jeden Dienst gibt es eine Dokumentation, die die OAuth2 Scopes beschreibt, die existieren.\nHier ist die Dokumentation für GMail Scopes . Sie ist wichtig, wir werden weiter unten noch darauf zurück kommen.\nWenn man den OAuth2 Playground einmal durchspielt passiert dies:\nSchritt 1: Wähle einen OAuth2 Scope aus, hier gmail.readonly. Auf der rechten Seite sieht man die entsprechenden REST Requests und Responses, sodaß ein Entwickler gleich sehen kann, wie so etwas auf dem Kabel aussieht. In der Praxis wird dieser Schritt vom Anwendungsentwickler ausgeführt und man sieht ihn nicht.\nEr legt die Identität der Anwendung fest, so wie sie für den Endanwender nachher in Google Account erscheint.\nFührt man diesen Schritt durch, gibt es einen typischen Google Autorisierungscreen: Anwendung Google Playground will Read Access auf unseren Gmail Account. Ist das okay so?\nSagt man ja, gibt es einen Alarm via Push Notification und eine Nachricht in Google Mail: Jemand hat neuen Zugriff auf unseren Account bekommen.\nTerror auf meinem Handy: \u0026ldquo;Google OAuth2 Playground\u0026rdquo; darf jetzt auf mein GMail.\nDas ist auch eine Gute Sache™, denn auf diese Weise ist sichergestellt, daß so ein Zugriff nicht leise und aus Versehen erfolgt.\nMit dem Authorization Code aus Schritt 1 kann die Anwendung sich jetzt ein Zugriffstoken holen, das eine Stunden gilt. Der Grund ist, daß auf diese Weise die Anwendung auf jeden Fall spätestens eine Stunde nach dem Widerruf von Rechten ausgesperrt ist, auch wenn dieses spezifische Token nicht gesondert widerrufen wird.\nUnd mit diesem Access Token kann die Anwendung dann endlich GMail API Funktionen aus dem Read Only Scope aufrufen, zum Beispiel Identity. Sie kann keine Non-GMail Aktionen ausführen und sie kann auch keine Nachrichten senden, Filter bearbeiten oder ähnliches. Das wäre ein anderer Scope.\nScopes in GMail Die Liste der Gmail Scopes in der Entwicklerdokumentation klassifiziert Scopes auf verschiedene Weisen, Recommended, Sensitive und Restricted. Die meisten Scopes sind Restricted.\nDie Doku sagt weiter:\nRestricted—These scopes provide wide access to Google User Data and require you to go through a restricted scope verification process. For information on this requirement, see Google API Services: User Data Policy and Additional Requirements for Specific API Scopes. If you store restricted scope data on servers (or transmit), then you need to go through a security assessment.\nWenn man also eine Serveranwendung (Mailbox.org, Exchange, Open Exchange oder ähnliches) schreibt, und diese Restricted Scope Data runterlädt und speichert, dann wird ein Security Assessment notwendig.\nDen Heise Artikel noch einmal lesen Jetzt lesen wir den Heise Artikel noch einmal.\nDa heißt es:\nGoogle forciert den Einsatz von Oauth für seine Mail-, Kalender- und Drive- Dienste, sperrt dabei aber viele Dienstleister und ältere Software aus. Wer bisher beispielsweise Googles Kalender in einer nicht von Google entwickelten Anwendung oder Webseite ohne Oauth integriert, muss sich demnächst entweder umstellen oder darauf hoffen, dass sich sein Anbieter von Google-Partnern in den USA in einem kostspieligen und wenig transparenten Verfahren zertifizieren lässt.\nWas heißt das? Der Artikel erklärt das nicht.\nGoogle hat bereits am 30. Oktober letzten Jahres LSA für Business Kunden sanft eingeschränkt. Alle Accounts mit einer leeren LSA Liste haben \u0026ldquo;LSA erlauben\u0026rdquo; auf \u0026ldquo;Nein\u0026rdquo; gestellt bekommen, für andere Accounts, die LSA Einträge haben, sind andere Einschränkungen gemacht worden.\nAb Mitte diesen Jahres wird LSA weiter eingeschränkt .\nDas heißt, zum Zugriff auf Google Dienste wird LSA erschwert oder ganz abgeschaltet und OAuth2 verpflichtend. Soweit eine gute Sache.\nAber: Ein Mailserver hat bisher via LSA Vollzugriff auf einen GMail Account und einen Kalender bekommen, ohne sich dem für Restricted Scopes notwendigem Review zu unterziehen.\nDadurch, daß OAuth2 jetzt verpflichtend wird, werden Firmen wie Open Exchange und Mailbox.org also OAuth2 Reviews aufgezwungen, weil das LSA Schlupfloch nicht mehr existiert. Und das ist genau der Punkt, der beklagt wird, nur daß der Artikel das nicht erklärt.\nMailbox.org-Betreiber Peer Heinlein kritisiert Googles Vorgehen, das ab 15. Januar die Zertifizierung von \u0026ldquo;Less Secure Apps\u0026rdquo; vorschreibt. Im Gespräch mit der iX erklärt Heinlein, es sei grundsätzlich nicht verkehrt, wenn unseriöse Anbieter vom Zugriff auf Google-Konten ausgeschlossen werden und Missbrauch minimiert wird.\nDas ist irreführtend, weil es primär gar nicht um LSA geht, sondern um OAuth2, und spezifisch um die mit OAuth2 Restricted Scopes verknüpften Audit-Anforderungen. LSA abzuschalten ist eine gute Sache, und LSA zu verwenden, um den Anforderungen für OAuth2 Restricted Scope zu entgehen eine mittelfristig zum Scheitern verurteilte Strategie.\nDie Frage, um die es eigentlich gehen muß ist:\nDarf Google für den Zugriff auf ihre Plattform einen solchen Audit verlangen oder ist dies eine unzulässige Wettbewerbseinschränkung?\nIm Lichte der Entscheidung Banken vs. Sofortüberweisung kann man annehmen, daß es nicht das Problem von Google ist, Anforderungen an die Anwendungen zu stellen, die ein Anwender für seinen Account zuläßt. Insbesondere wenn der Anwender eine Firma ist und der Account Teil eines GSuite Business Accounts ist.\nUnd das ist die eigentliche Frage, die geklärt werden muß.\nOAuth2 ist eine gute Sache. Auch Mailbox.org und OX wissen das und haben das korrekt implementiert, sind dabei aber in die OAuth2 Restricted Scope Requirements für Serverbetreiber gelaufen.\n","date":"2020-01-17T00:00:00Z","href":"https://blog.koehntopp.info/2020/01/17/mailboxorg-google-oauth-und-less-secure-applications.html","tags":["lang_de","google","security","identity","privacy"],"title":"Mailbox.org, Google, OAuth und Less Secure Applications"},{"categories":null,"content":"Florian Haas asks on Twitter :\n\u0026ldquo;How do you solve reliable rollback. The definition of a reliable rollback being: \u0026lsquo;get reset \u0026ndash;hard \u0026rsquo;, \u0026lsquo;git push -f\u0026rsquo; and then magic happening that returns your infra to the exact state it was at .\u0026rdquo;\nThe problem is relatively easy to solve with modern infrastructure-as-code for anything that is stateless. It becomes a bit more involved when you are dealing with things with state, such as database instances or Zookeepers or similar things.\nMy reply on Twitter begins here . I am basing my writeup on that reply.\n\u0026ldquo;Devops\u0026rdquo;, what does that even mean? In 2015, I gave a talk titled \u0026ldquo;Go away, or I will replace you with a little shell script \u0026rdquo; as a keynote for the GUUG FFG 2015 in Stuttgart. The german language slides are here , the english slides are here and a Youtube video of the Froscon version of the talk is here . Unfortunately, the video is the german language version of that talk.\nThe talk focuses on how the sysadmin profession started to die out somewhere around 2001, when we invented horizontal scaleout and Tom Limoncelli published the first edition of \u0026ldquo;The Practice of System Administration \u0026rdquo;. That book explained in one chapter the role of the sysadmin in the greater corporate organisation and how to cooperate with, not fight against users. The term and the practice of Devops evolved in this decade, until in 2008 Patrick Debois coined the actual term \u0026ldquo;Devops\u0026rdquo;, which we use today.\nThe term has been abused a lot, but what does it actually mean? In one slide I show this:\nThe modern development environment according to Devops, and the technical meaning of the term.\nIn todays language, I would phrase these items as follows:\nInfrastructure as code Version Control CI/CD Separation of Rollout and Activation Proper Observability with centralized, structured logs Good instant communication Infrastructure As Code describes a way of declaring the execution environment for your code, in code. Code that can be checked in and versioned like the application code itself. Openstack Heat Scripts, AWS Cloud Formation, Kubernetes Deployment Specifications or your Terraform all qualify as this.\nWith this, you can recreate and redeploy your execution environment together with your application, as part of the build and deployment automation. It also means that you get rid of the endlessly fragile state manipulation engines that are Puppet, Ansible, Chef, Salt and CFEngine. You create, build and deploy images and you run immutable infrastructure.\nBecause all of that code and infrastructure declaration are files, you want Version Control, which in 2020 means, you want all of this in git. This is so normal by now that anything that is not git-able is considered broken and weird.\nWhat you check in, you want to be processed automatically. So you push it through a CI/CD pipeline, which pushes things through whatever pre-production environments you have (many have Dev, Staging and Prod). This, in 2020, probably includes formatting to coding standards, linting, sonarcubing, and whatever tests you wrote.\nEventually, your code is rolled out. And a key invention - one that is not yet done by enough people - is separation of Rollout and Activation by the means of an experiment framework. More on that below.\nWhen application code runs, it is appending messages, measurements and context to a hash of hashes. This collection will be pushed into an event processor at the end of a request. Ours is called \u0026ldquo;Booking Events\u0026rdquo;. If you happen to work elsewhere, an Observabilty tool such as Honeycomb.io is the closest to Booking Events I have been able to find outside of Booking.\nUsing this, you alert and push alerts out through a multitude of channels, including Pagerduty, and whatever you use instead of Slack. Humans are being alerted to a situation, and can act on it.\nSeparation of Rollout and Activation, and Dual Use Experimentation As I mentioned above, the separation of rollout and activation is a key invention that makes rollouts possible. It also makes testing in production safe.\nIn the first iteration, an experiment framework allows you to push code into production that never runs. You can then, through feature flags, activate your code for yourself, or a chosen subset of customers based on whatever selectors your frame work offers. I often quote \u0026ldquo;5% of the population of guest country .jp with a user-agent string that suggests MacOS\u0026rdquo; as an example, but it is really a function of the experiment framework you build.\nSee a very old talk from 2012 of mine: \u0026ldquo;8 rollouts a day \u0026rdquo; (video ) for an ancient take on all of this. This is not new technology, we have been doing this for ages, and just iterated on this.\nHaving an experiment framework means that the scaffolding for activation in code is formalized and tested, so errors in gating entry to new code are unlikely to happen.\nIt also means that a control framework exists where you can see experiments that are active, who is exposed to them, and that participation in an experiment is recorded in a user click history. You probably want to record experiment config changes in your monitoring wallgraphs so that a change in observed behavior is linked to possible causes for that in an obvious and in-your-face way.\nThis is also important for customer support: A CS agent needs to be able to see what the customers sees or has seen, if an experiment is a UI/UX experiment. UI/UX variants should be available to CS agents at will, so that they are able to match and retrace customer experience.\nHaving experimentation available obviously means that variant code is in execution concurrently. Or in terms of rollouts: Old and new code run at the same time.\nFor state management, it means that schema changes or similar data adjustments need to be done in advance. They also need to be done in a way that is compatible with the old and the new code. That is not hard to do, and can be done in a robust testable way. You want to package it, and run a bunch of checks on schema changes automatically, so you can detect best practice violation and prevent these from being checked into staging and prod.\nAnd yes, you need that table change framework anyway, because SOX will eventually want that from you. You probably will end up with a web frontend and API for pt-online-schema-change accessible to end users in a way that also advises them automatically on best practice. This also scales better than your DBAs checking manually for the presence of a PK, NULLable columns, columns that are DOUBLE but suggest monetary values in their names, and similar things.\nOk, at this point you can push code into staging and prod in a way that the old and new variants of the code can coexist on whatever schema you have and can run concurrently, depending on what variant of which experiment the user is in. You can finally activate code for a few users, and see what happens.\nYour second iteration of the experiment framework will therefore measure the impact of the experiment, and by that I do not only mean the business impact, but also the technical impact.\nBusiness impact measurements would answer questions such as \u0026ldquo;What influence has Experiment 17 on conversion?\u0026rdquo; or \u0026ldquo;Does variant B of experiment 17 not only improve conversion, but also customer support call rate, and if so, it is still a positive experiment in the monetary sense\u0026rdquo;?\nBut as a gate to the entry of code paths, the experiment framework can also encapsulate Probes that collect metrics over a Span, delivering technical measurements about the performance cost of an experiment. I can ask questions such as \u0026ldquo;Show me all messages in variant B of rollout 64fd32f that never appear when running variant A\u0026rdquo;, or \u0026ldquo;What messages appear since rollout 64fd32f that did not appear before\u0026rdquo;.\nI can also carry metrics and classify them by experiment related selectors. \u0026ldquo;Show me SQL time spent in variant B compared to variant A of rollout 64fd32f in all sections guarded by experiment 13, normalized by number of executions\u0026rdquo;. In other words, what exactly is the latency contribution of experiment 13b, since 64fd32f?\nAnd because I have access to the unshortened, unaggregated raw event data persisted elsewhere, at any point in time I can ask the framework to actually show me the SQL, once I have a selector that finds me the delta I was looking for, and highlight the things that are only present here and not elsewhere.\nThat is the Dual Use value of an experiment framework: You get the business value out of that, testing hypothesis on draft code in production before you spend engineering hours on things that aren\u0026rsquo;t going to make you richer. That is, in terms of bug stages, finding bugs in requirements.\nFrom 8 rollouts a day (2012), Slide 19 : Relative cost of a bugfix in various stages of the code lifecycle. Fixing broken requirements is the cheapest.\nBut you also get the technical cost of that, in terms of running the prototype code. That enables you to assess the added execution cost vs. the estimated engineering effort to speed it up. In other words, your engineers only ever work on code that is proven to make you richer, and you also know how much running it will cost you in AWS units or engineering hours and you can prioritise things properly.\nAnd finally, since A and B variants coexist, if B is known to be bad, you not only can roll that back, you don\u0026rsquo;t even have to. Simply turning off activation of B gives you instant silence in production - the known bad variant is still present, but never run for anybody. You can then triage and come up with a resolution of the situation on your own terms. Either you eliminate the B variant and roll back, or you fix B and roll forward. Either way, this is done completely out of the execution path and also without any time pressure constraints on the decision making.\nThe Sum of All These Parts The sum of these parts is much more than each individual capability gives you. Together they give you an environment that allows you to roll back and forward, at will. And you will be doing this in an informed way. You can reason about code in production, and act on the outcome of that discussion. And you are doing this outside of crisis mode and any time constraints.\nSeparation of Rollout and Activation is a Key Invention here. Put this into an Experimentation Framework, and create a dashboard/control/overview board around this that gives information about running and disabled experiments, experiment outcomes in terms of business and technical data, and that links to raw events and metrics generated from the raw events directly.\nMarrying an experiment framework + dashboard with a Honeycomb-like observability system, and with pointers to tags, releases and rollouts in your code base allows naviagation between all of these things in an integrated way. It enables product and tech people alike in a unique way to reason about code, what that code does to the business, UX, income, and also resource consumption.\nIt can direct business decisions, because it allows safe rapid development and deployment of draft business expierments.\nIt can direct engineering decisions, because it tells you what is safe, and what isn\u0026rsquo;t, what is good enough and what isn\u0026rsquo;t.\nIt informs product management and backlog decisions, because it links technical cost, potential business income and resource usage cost so that business and tech reason about code at eye level - one single source of truth, and one single set of metrics spanning the lowest levels of tech to business metrics like conversion, cuca call rates, cancellations and other things.\nAfter doing that a while, your code will be littered with Experiment Gateways that either protect and measure code that is full-on or perma-off. All of that code is technical debt and needs to be evaluated, and cleaned up. In this way, the experiment framework, even in the final stage of its usefulness acts as visual markup for technical debt assessment and as a guide for garbage code collection.\nReliable Rollbacks and Testing In Production You can even use this data to build predictors for expected business behavior, and alert on deviations. \u0026ldquo;According to observed growth and data from last year, last month and last week, we would expect x bookings per minute, but see m fewer, so something is likely wrong. That started 10 minutes ago at the yellow activation line of experiment 13\u0026rdquo; is a thing where I live, and turning off 13 before even looking for possible root causes is a complete no-brainer. In 95% of the cases or more it actually fixes the incident for now, so that any followup is done again outside of panic mode.\nThat is: Testing In Production Is A Safe Thing To Do - if you build an environment that makes it survivable. The key ingredients are\nEducation Awareness Empowerment I reference that in both talks I linked above: Education means you not only need your general craft, the IT you learned at school, in university or in previous jobs. You also need to learn the local knowledge. We encapsulate that in the two questions\nIf you break it, will you even notice? If you break it, can you fix it? The first question asks if you do know you dependencies and dependents for any subsystem that you change. If you don\u0026rsquo;t that\u0026rsquo;s okay, we will teach you. That\u0026rsquo;s why we are here.\nBut if you write a patch, gate it in an experiment and then ask \u0026ldquo;Is this good? Can I roll that out?\u0026rdquo;, you are asking the wrong person. There is one expert on the whole planet for that change you just wrote, and that is you. You need to be able to answer the question \u0026ldquo;If you break it, will you even notice\u0026rdquo; with a confident yes in order to be admitted to production. Nobody but you will know the proper answer to that question, ever. We can only help you to find the \u0026ldquo;Yes\u0026rdquo; by teaching you.\nThis is also a question of attitude, and it has to be coming from the top. Back in the day when Kees was CEO, he usually ate with everybody else in the canteen.\nA typical conversation that happened similarly more than once is Kees asking somebody: \u0026ldquo;I haven\u0026rsquo;t seen you before. Are you new?\u0026rdquo; \u0026ldquo;Yes, of course. I started 3 weeks ago.\u0026rdquo; \u0026ldquo;And\u0026rdquo;, Kees would ask, in one way or the other, \u0026ldquo;did you break production already?\u0026rdquo; The newbie would of course answer \u0026ldquo;No, of course not!\u0026rdquo; and get the usual response \u0026ldquo;So what am I paying you for?\u0026rdquo;.\nThe moral in this is that errors and downtimes are a part of doing business. Of course we would like to have infrastructure where these things do not happen, or minimise impact, but velocity and risk taking are a thing of value to a fast company. By having an error budget (the integral between the predicted income and the actual income) and checking that things are within the error budget, management has a control that allows them to check on the state of the engineering culture. If we are over the error budget, we probably need to look at our ways, and the state of our education and practice. If we are under error budget a lot, we are probably not moving fast enough and are too risk averse.\nAll the instrumentation around this - CI/CD, dev and staging, experiment framework and observability framework - exist to make better use of the error budget and get most out of our invest into corporate improvement and organisational learning.\nThe second question asks if you know how to fix the things that your change may break. It is not only a question about scope, but also a question about your network. That is, because in any reasonably large system you won\u0026rsquo;t be able to put it together alone.\nYou should expect to need help.\nIt\u0026rsquo;s people that help, not positions.\nSo you should not answer \u0026ldquo;I will need a DBA around just in case\u0026rdquo;, but you should know if Debs, Greg or Simon would be better to have around in your case.\nWith your education covered, and especially the necessary local knowledge amending your general education, you\u0026rsquo;d then have to be aware of your environment. That ties back to the upper part of this writeup. With probes and annotions from Spans covering Experiment gateways, you will have to access the data collected in your event logging system, your observability pipeline to understand the state and health of your system.\nAnd it is that exact state, and the detailed data that will tell you the story.\nAggregations are important, they point you into a general direction. But it is the raw data that contains the evidence you need. It is the ability to slice and dice the raw data along arbitrary dimensions at will that will allow you to make the precise cut which isolates the buggy cases from the non-buggy behavior. It will allow you to look at the precise delta in exposed state of your distributed system of dependencies that causes the abnormal behavior.\nLogs and metrics are good, essential for checks and alerts, to handle known cases and navigate known waters safely. Events, and the ability to search, sort, aggregate and correlate on events at will, are what enable you to see and debug a distributed and developing production system. Experiments, separation of rollout and activation, with integrated Probes in Spans, allow you to collect this data, and to act, by disabling code that introduces undesireable behavior.\nThe rollout is likely to be safe, because any new code you roll out is never executed in production. Unless you activate it. In the end you will find that it is not the rollout sparklines in your graphs that matter, it\u0026rsquo;s the config change sparklines that need watching. You can turn on things for yourself, for a subset of the population, or, if you have gradually built confidence, full on.\nFull on (or full off and writing the change off as worthless, in 19 of 20 cases) is a precondition then for cleaning up: Removing either the Experiment tooling around one new codepath, removing the old codepath completely, or the other way around.\nLeaving experimentation instrumentation in the code, but having things full on (or off) is a very easy and visible way to assess technical debt. So even after the experiment has come to a conclusion one way or the other, the experiment framework is useful as a way to demarcate in some way or the other technical debt in source files.\nAnd finally, empowerment. Empowerment is giving developers the power to make decisions, and at the same time demanding from them that they make them. You can do that only in a safe environment, and in a blame-free culture where this comes from the top. Hence the importance of Kees eating in the Canteen and asking the questions as told above. Hence, too, the importance of the error budget, and exposing it to all people that roll out.\n","date":"2020-01-17T00:00:00Z","href":"https://blog.koehntopp.info/2020/01/17/rolling-back-a-rollout.html","tags":["lang_en","devops","work","testing"],"title":"Rolling back a rollout"},{"categories":null,"content":"This post is a memo to self, and describes how to disable the X.52 clutch mode. I am flying with a Saitek/Logitech X.52 pro HOTAS , and this stick has a \u0026lsquo;clutch button\u0026rsquo; (labelled \u0026ldquo;i\u0026rdquo;) in the thumb position of the throttle (image: clutch highlighed in red)\n\u0026ldquo;Clutch mode\u0026rdquo; for this button means that it is usable as a modfier for the other buttons, when pressed together with a second button. Alone, it does nothing. For me, that is useless.\nIn order to disable the function, go into Windows Settings, click Devices, and search for \u0026ldquo;Set up USB Game Controllers\u0026rdquo;.\nAs always, useful things in Windows can only be accessed via search and not via menu.\nSelect the device, and then hit the device properties.\nIn the MFD (Multi Function Display) of all places you can also disable the clutch function (which, of course, has nothing to do with the MFD at all).\nBecause Windows is stupid and saves this configuration per USB-port, you will have to redo it every time you plug the stick into a different USB port.\nEDIT: Göran Nilsson explained:\nYou can reach the Saitek modding using the original Saitek way as follows on Win10:\n-Control Panel-Devices and Printers-Right Click on the HOTAS\nThe main use of the \u0026ldquo;Clutch Mode\u0026rdquo; is to get the current key function displayed on the MFD, without actually activating that function. I find that useful when you change between different SIMS, where you have alternative assignments to a specific key or function. So pressing \u0026ldquo;Clutch\u0026rdquo;+\u0026ldquo;Anykey\u0026rdquo; displays the current functionality of \u0026ldquo;Anykey\u0026rdquo; as text on the MFD as long as you keep Clutch depressed. Latch Clutch means that you have to press the Clutch once for uncoupling the function and once again to switch between actual function and text describing the tested key. The text you want is of course possible to set when you program the keys Personally I find that very useful as I tend to forget all these possible allocations of various functions to keys. Different sims needs different fast keys.\nExample : Programming the \u0026ldquo;FireA\u0026rdquo; button to issue \u0026ldquo;KRIS\u0026rdquo; to my software. \u0026ldquo;Clutch\u0026rdquo;+\u0026ldquo;FireA\u0026rdquo; will now show \u0026ldquo;Kristian\u0026rdquo; on the MFD without actually sending anything to the running program. Given the rich programmimg possibilities I definitely need an online \u0026ldquo;cheat sheet\u0026rdquo; that the \u0026ldquo;Clutch\u0026rdquo; makes available.\n","date":"2020-01-15T00:00:00Z","href":"https://blog.koehntopp.info/2020/01/15/disable-saitek-x52-clutch-mode.html","tags":["lang_en","gaming","elite dangerous"],"title":"Disable Saitek X.52 pro Clutch Mode"},{"categories":null,"content":"Sonos is a company that makes Wi-Fi Connected speakers. They offer acceptable sound quality and an extremely good user experience. They also so far have never cancelled support for any of their speakers.\nHardware Lineup and Timeline Some of their speakers are now qualified for a Trade-Up program, in particular their\nPlay:5 (1st generation) speaker, the Connect:Amp and the Connect. The latter two (the Connect products) are somewhat obsolete as they were necessary when normal Wi-Fi was usually not able to carry sound data at the required reliability, so Sonos speakers built their own Wi-Fi Mesh network separately from the usual home Wi-Fi. With newer Wi-Fi standards and recently also 5 Ghz this was no longer necessary.\nThe Play:5 (1st generation) speaker, the only one currently qualified for Trade-Up appeared, in 2009, 10 years ago. It was replaced by the 2nd generation in 2015. The Play:3 appeared in July 2011, and was discontinued in July 2018. The Play:1 appeared in October 2013, and was replaced by the Play One (1st generation) in October 2017. The second generation Play One added Bluetooth Hardware and a much fatter SOC and even more memory only one year later. Unfortunately I have no idea what kind of hardware the Play:5 platform was built on in 2009. I have only looked into a Play:3 from 2013. That box had a PPC based single core CPU and 64 MB of memory. Current Sonos hardware is using, IIRC, Multicore ARM SOCs and have at least four times the amount of memory.\nIn terms of Trade-Up, currently only the Play:5 (1st gen) qualifies. It is pretty clear that the Play:3 will be qualifying soon, too - maybe in 2020, but in 2021 for sure. In terms of long-term value, owners of the 1st gen Play One are probably currently worst off.\nTrade-Up The Trade-Up is advertised as follows:\nYou select a device for Trade-Up, and receive a voucher for a 30% rebate on the purchase of a new device. You then have 21 days left to use the old device, after which time it will permanently cease to function. You can use the voucher to purchase any new Sonos device, replace the old one and ship the old device to whatever recycling services in your area accept it.\nThat is a normal Trade-Up program, minus the part where you uselessly ship the old hardware across the country to the maker, which will then hand it over to a recycling service instead of you doing this.\nYou can still continue to use the old device as long as it is supported, you can still sell the old device to others, as long as it is supported, and you can do whatever else is possible with the old hardware.\nWhy? It is pretty clear where this is aiming: Sonos is looking at the oldest hardware in their lineup and that this hardware is becoming pretty long in the tooth.\nEspecially the limited amount of memory makes it increasingly difficult to even install the most current versions of their software. New functionality such as Airplay 2, and new services require more memory and, in case of Airplay 2 also more CPU and more Wi-Fi bandwidth than 10 year old piece of hardware has.\nThey would like to shrink the installed base of their outdated hardware in order to be able to move forward technologically. They would like to offer their long-time customers some kind of bonus and way to upgrade before they have to disable the hardware because it cannot longer be supported.\nNot having to ship the hardware back to Sonos should be a plus, not a minus. Instead there is a pretty hard blowback on Twitter.\nMost people criticise that this bricks the device.\nWhich is kind of the point in a Trade-Up.\n","date":"2019-12-30T00:00:00Z","href":"https://blog.koehntopp.info/2019/12/30/sonos-recycle-mode.html","tags":["lang_en","media","sonos"],"title":"Sonos Recycle Mode"},{"categories":null,"content":"A bunch of boomers in Germany is running a distraction campaign on the energy use of data centers and streaming. Example articles in german language can be found in Zeit and Bento , but there is a larger series of articles acrooss multiple newspapers.\nA better structured reasoning can be found in SRF (German), and it highlights how arbitrary and wrong the energy numbers in the former articles are. But even this article ignores the facts that the energy consumption in a typical cloud data center is most likely carbon neutral, because the power used is likely to be completely green. How green exactly is depending on the cloud operator and the location of the data center - I have written a much more detailed overview elsewhere in this blog.\nFor some reason, the majority of these articles focus on video streaming, ignoring outright waste of energy at a much larger scale, for example blockchain use. Furthermore, most of the calculations on the energy use of specifically video streaming are making flawed assumptions. They are designed to create vastly oversized energy footprints, and even more oversized carbon footprints.\nSome things to remember:\nA video is not being encoded for every view. A raw video is encoded or transcoded once for each target format, of which there is a small integer number. So 4K raw source material is being transcoded into 1080p, 720p, 480p and maybe a few even smaller formats. Some streamers support specific classes of end user devices with a limited, non-extensible set of legacy codecs, such as gaming consoles or similar. They typically add one or two more formats to the set, but in the end the storage cost (and energy) dominates the transcoding cost.\nThe encoded file is stored and played on demand for each viewer. In effect this turns watching a video on a streaming service basically into a normal file download with a \u0026ldquo;fancy\u0026rdquo; download protocol.\nvia Netmanias: Youtube Chunking, 2013 Define \u0026ldquo;fancy\u0026rdquo;: The file is being chopped into chunks of around a few seconds playback time, and a number of chunks ahead of the current playback position is being downloaded in advance and buffered on the end user device. How many of these chunks are preloaded depends on a lot of parameters, such as device type, internet connection speed and user behavior (\u0026ldquo;are they jumping around a lot?\u0026rdquo;). Using chunked downloads allows for switching video resolution depending on changes in line speed or display window size, and for jumping around in the video without downloading unnecessary parts of the video.\nA video is not shipped across the Atlantic Ocean for each viewer. Most likely (and especially for popular videos), an edge cache is holding a copy of the file locally and serving it to the customer. Google documents this in their peering and caching documentation .\nGoogle provides a map of their Google Global Cache nodes. There is at least one in every metropolitan area. These nodes also cache popular Youtube videos. The cache is quite effective, an older 2012 paper (PDF ) discusses that.\nNetflix does similar things with their own infrastructure.\nThis turns watching a video on a streaming service into downloading a file with a fancy download protocol from a pretty local server, with local being defined as \u0026ldquo;very close to your location in terms of network, not physical topology\u0026rdquo;. Where network topology matches physical topology, this may be \u0026ldquo;in your city\u0026rdquo;, in any case it is the minimum number of network hops, the copy \u0026ldquo;closest to you\u0026rdquo; that is being served.\nA video is not being decoded in software on a regular CPU The effect of a software vs. hardware video encoder is being shown in this 2014 Youtube Video , in which a Samsung S4 cellphone is being used to encode a live video stream from a specific brand of surveillance camera. Software encoding produces 8 fps, hardware encoding with the special hardware in the cellphone produces line rate at 25 fps.\nUnfortunately we do not get to see the changed energy profile, but purpose built video encoding and decoding hardware as is present on any average graphics hardware in 2019, down to the cellphone level, does things not only faster, but also with a fraction of the energy need. Such hardware is used for streaming video encoding in data centers, and for playback on end user devices.\nThis is especially important on battery powered devices, where less energy usage translates into longer device runtime directly.\nFor encoding, the approaches differ. Netflix is running on AWS, and used to use software encoding on regular EC2 instances . A relatively recent Netflix talk about their encoding pipeline has all the details.\nGoogle offers their own dedicated video encoding cloud service , but does not document what they are using. It is likely that a hybrid of software and hardware encoding is being used: Google is known to have fuzzed ffmpeg a lot and to use it extensively. Also, ffmpeg can make use of GPU hardware for encoding , when such hardware is available, and GCP has such hardware.\nRunning a cloud service uses energy, but it is way less energy than anybody else would use for the same job. Also, if you choose your cloud provider wisely, you may use energy, but won\u0026rsquo;t produce CO2 I have explained that in much more detail elsewhere.\nThe TL;DR is: Cloud providers run data centers on renewable energy, Google is one of the worlds largest investors into solar and wind farms. So even if energy is being used, no CO2 is being produced to run the data center.\nCloud providers use purpose built data centers that match their purpose built computers, \u0026ldquo;Open Compute Technology\u0026rdquo;. These machines use less than half the power of normal servers when idle, and around 33% less energy when fully loaded. They also run in data centers that do not require compression cooling, but can consume ambient air temperatures, greatly reducing the cooling energy spent.\nCloud technology can size applications on demand, allowing way better utilisation of servers. While a typical enterprise data center has around 5%-10% utilisation, cloud data centers are 3x to 7x better utilised.\nEDIT: Netflix specifically is overcompensating. In A renewable energy update from us they explain how much energy they use, primary and secondary, and how they compensate for this. This is assuming that their cloud provider, Amazon, was running on 100% coal, which they aren\u0026rsquo;t, and that means they are actually carbon negative.\nEDIT: The BBC has an article on this, and they come to the same conclusions (via Twitter ).\n","date":"2019-12-28T00:00:00Z","href":"https://blog.koehntopp.info/2019/12/28/streaming-and-energy.html","tags":["climate","data center","cloud","energy","erklaerbaer","lang_en"],"title":"Streaming and Energy"},{"categories":null,"content":"So after testing LVM Raid in princple, I have been trying it on some real hardware to see what happens. The idea was to estimate if it scales and if not, how it doesn\u0026rsquo;t. I was expecting to run into all kinds of obscure problems in my testing, but in fact, it was a quick and short death.\nHere is my box: QuantaGrid D42A-2U with an AMD EPYC 7551P CPU (32C, HT off), 1024 GB of memory, a boot disk and 12x Micron_9200_MTFDHAL11TATCW (PDF ) for 120TB of disk storage.\nThe setup was very straight forward:\n# pvcreate /dev/nvme*n1 # vgcreate vg00 /dev/nvme*n1 # lvcreate -n mysqlvol -L60T vg00 # lvconvert --type raid1 -m1 /dev/vg00/mysqlVol The objective was to ensure that an existing non-raided volume could be converted into a RAID after the fact. My installation is half-sized. The actual production version of this would be on a machine with 24 of these drives, 12 of them currently filled by a 90T database, and I just used a spare box to test the basic procedure.\nIt works, slowly So, this worked:\n# lvs -a -o+raid_min_recovery_rate,raid_max_recovery_rate,raid_mismatch_count,raid_sync_action LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert MinSync MaxSync Mismatches SyncAction audit sysvm -wi-ao---- 1.95g log sysvm -wi-ao---- 10.00g root sysvm -wi-ao---- 9.77g swap sysvm -wi-ao---- 1000.00m var sysvm -wi-ao---- 35.00g mysqlVol vg00 rwi-a-r--- 60.00t 0.51 0 recover [mysqlVol_rimage_0] vg00 iwi-aor--- 60.00t [mysqlVol_rimage_1] vg00 Iwi-aor--- 60.00t [mysqlVol_rmeta_0] vg00 ewi-aor--- 4.00m [mysqlVol_rmeta_1] vg00 ewi-aor--- 4.00m Performance metric For very slow and single threaded values of work: iostat -x -k 10\nAs you can see, nmve0n1 is being read at around 240 MB/s, and being written at the same speed to nvme6n1. The rimage_0 is dm-8, you can see the reading, and the writing goes to dm-10, the rimage_1.\nAt this rate, I will get a RAID sync in 3.5 days or so (60*1024/0.22 = 280k seconds).\nExpected performance The expected behavior is to see a request queue deep enough to get the full transfer rate from a single NVME device (3.5 GB/s according to the spec sheet, anything above 2.5 GB/s sustained is good enough), and on all 6 device pairs in parallel, for a total of anything above 6x 2.5GB/s = 15 GB/s for an unconstrained RAID-1 sync. That is what the hardware can do here. In this case, the sync would complete in 4096 seconds, a bit under 1.5h.\nSo basically this died in the crib, because it does not leverage any parallelism the CPU, the multitude of drives, the deep queues of the NVMEs or anything else would have to offer.\nIt\u0026rsquo;s from the past.\nLVM is in need of serious overhaul in order to become a tool for the 2020\u0026rsquo;s. Outside of toy workloads, snapshots don\u0026rsquo;t work, lvmraid also does not work.\nWhy is this slow? A single NVME drive (we have 2x 6 of them) like the one I used is a 4xPCIe 3.0 device, so we get a transfer rate on the bus of 32 GByte/s. The internal structure of the flash limits the performance here, and according to the technical specifications of the device we get 800k-ish IOPS (let\u0026rsquo;s say it\u0026rsquo;s a million) and 3.5 GByte/s from it.\nWe also can measure the device and see that it does have a read latency of around 100-120 microseconds, and a buffered write latency (to the internal RAM of the device, assume it has 512 MB or so) of 50 microseconds. If you write a lot, writes become unbuffered at, say, 420 micros.\nIn order to get 1 million IOPS single threaded at a queue depth of 1, you would need a latency of 1 microseconds. You don\u0026rsquo;t get that, so in order to get all IOPS, you need to have deep queues (and async IO) or many threads.\nIn order to get 3.5 GB/s (say, 4 GB/s) at 4 KB block size, you need 1 million blocks per second (920k for 3.5 GB/s). Again, you need deep queues or many thread to get that.\nAddendum: Unexpected performance limits Today, I monitored the still syncing array and it has been progressing at around 250 MB/s equalling around 1.1% per hours over night, and is now at 20-something percent synced.\n# lvchange -maxrecoveryspeed=1000k /dev/vg00/mysqlVol This works, and throttles the sync to just below 1000k per second. Conversely, setting a recovery speed of 0k falls back to the default 250 MB/s.\nBut: Setting it to 1000000k ups the speed to around 550 MB/s, which is the single threaded native speed of the array. I see around 4300 requests/s at a size of 256 KB at the NVME level, and around 8600 requests/s at a size of 128 KB one level higher in the dm-layer. There is also some kind of request merging going on somewhere in the stack, which for adjacent requests even makes sense.\nAddendum: Interrupting the RAID sync If you try to split the Volume while it is still synching, you will find that this is not possible.\n# lvconvert --splitmirrors 1 -n splitlv /dev/vg00/mysqlVol Unable to split vg00/mysqlVol while it is not in-sync. Another observationL While lvmraid employs mdraid code, working with devicemapper block devices for the data and external metadata, mdraid does not see any of this in /proc;\n# cat /proc/mdstat Personalities : [raid6] [raid5] [raid4] [raid1] unused devices: \u0026lt;none\u0026gt; You can\u0026rsquo;t use any mdraid tooling to turn knobs inside lvm controlled mdraid code.\n","date":"2019-12-03T00:00:00Z","href":"https://blog.koehntopp.info/2019/12/03/trying-lvmraid-for-real.html","tags":["lang_en","storage","erklaerbaer"],"title":"Trying lvmraid for real"},{"categories":null,"content":"Where I work, we routinely run our databases on XFS on LVM2.\nThe setup Each database has their database on /mysql/schemaname, with the subdirectories /mysql/schemaname/{data,log,tmp}. The entire /mysql/schemname tree is a LVM2 Logical Volume mysqlVol on the Volume Group vg00, which is then formatted as an XFS filesystem.\n# pvcreate /dev/nvme*n1 # vgcreate vg00 /dev/nvme*n1 # lvcreate -n mysqlVol -L...G vg00 # mkfs -t xfs /dev/vg00/mysqlVol # mount -t xfs /dev/vg00/mysqlVol /mysql/schemaname Basic Ops You can grow an existing LVM Logical Volume with lvextend -L+50G /dev/vg00/mysqlVol or similar, and then xfs_grow /dev/vg00/myqlVol.\nYou can also create a snapshot with lvcreate -s -L50G -n SNAPSHOT /dev/vg00/mysqlVol and if you do this right, it will even be consistent or at least recoverable, from a database POV. But LVM snapshots are terribly inefficient, and you might not want to do that on a busy database.\nThe size you specified for the LVM snapshot is the amount of backing storage: When there is a logical write to the mysqlVol, LVM intercepts the write, physically reads the old target block, physically writes the old target block into the snapshot backing storage and then resumes the original write. This will do horrible things to your write latency, because the orignal write is stalled until the copy has been made, and I crashed a database at least once with Redo-Log overflow while holding and reading a snapshot.\nAs the backing storage fills up, the snapshot will fail once it is running out of free space. If you still have free space, it is possible to extend the backing store using lvextend -L+50G /dev/vg00/SNAPSHOT with a live snapshot being held.\nReads to the original mysqlVol can be satisfied the normal way now, as the data we see is always the most recent blocks. Reads from the snapshot will look for the data in the snapshot, and if they find it, will return with the old, snapshotted data. Or, if they do not find it, will look into the mysqlVol instead. In any case, the normal filesystem will show current data, while the snapshot will show old data, and as both volumes diverge, snapshot backing storage will be consumed up to the point where both volumes are completely diverged and the snapshot is as large as the original volume.\nMounting the XFS snapshot volume is a bit tricky: XFS will refuse to mount the same UUID filesystem twice, and since by definition the snapshot is a clone of the (past) original volume, it will of course have the same UUID. So we need to tell XFS that this is okay: mount -t ro,nouuid /dev/vg00/SNAPSHOT /mnt to get it mounted.\nOnce unmounted again, you can turn the Logical Volume to offline and throw it away: lvchange -an /dev/vg00/SNAPSHOT and lvremove /dev/vg00/SNAPSHOT to get it done.\nMirroring using dm-raid One method to clone a machine is to convert an existing volume into a RAID1, then split the raid and move one half of the mirror to a new machine.\nI made myself a small VM with seven tiny drives to test this: The boot disk is sda, and the drives sdb to sdg are for LVM testing.\nThe initial setup is like so: We copy the partition table of sda to all play drives. We then create a volume group testvg, to which we add the initial 3 drives only partitions, sdb1, sdc1 and sdd1. We then create a simple concatenation of 2G extents from sdb1, sdbc1 and sdd1.\n# for i in sdb sdc sdd sde sdf sdg \u0026gt; do \u0026gt; sfdisk -d /dev/sda | sfdisk /dev/$i \u0026gt; done ... # pvcreate /dev/sd{b,c,d,e,f,g} # vgcreate testvg /dev/sd{b,c,d} # lvcreate -n testlv -L2G testvg # lvextend -L+2G /dev/testvg/testlv /dev/sdc1 # lvextend -L+2G /dev/testvg/testlv /dev/sdd1 We can now check what we have. We are looking at the lvs output to see that we have a 6G LV. Then we check the pvs output to see that we indeed have sdb1, sdc1 and sdd1 in testvg, and that 2G of each drive have been used. We can then finally proceed to pvdisplay --map to validate the actual layout.\n# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert testlv testvg -wi-a----- 6.00g # pvs PV VG Fmt Attr PSize PFree /dev/sdb1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sdc1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sdd1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sde1 lvm2 --- \u0026lt;20.00g \u0026lt;20.00g /dev/sdf1 lvm2 --- \u0026lt;20.00g \u0026lt;20.00g /dev/sdg1 lvm2 --- \u0026lt;20.00g \u0026lt;20.00g # pvdisplay --map --- Physical volume --- PV Name /dev/sdb1 VG Name testvg ... --- Physical Segments --- Physical extent 0 to 511: Logical volume /dev/testvg/testlv Logical extents 0 to 511 ... --- Physical volume --- PV Name /dev/sdc1 VG Name testvg ... --- Physical Segments --- Physical extent 0 to 511: Logical volume /dev/testvg/testlv Logical extents 512 to 1023 ... --- Physical volume --- PV Name /dev/sdd1 VG Name testvg ... --- Physical Segments --- Physical extent 0 to 511: Logical volume /dev/testvg/testlv Logical extents 1024 to 1535 ... With this we can introduce the three additional drives, and convert the setup to a mirror:\nroot@ubuntu:~# vgextend testvg /dev/sd{e,f,g}1 Volume group \u0026#34;testvg\u0026#34; successfully extended root@ubuntu:~# pvs PV VG Fmt Attr PSize PFree /dev/sdb1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sdc1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sdd1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sde1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;20.00g /dev/sdf1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;20.00g /dev/sdg1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;20.00g and the actual conversion. First, using lvs we can watch the progress of the sync:\nroot@ubuntu:~# lvconvert --type raid1 -m1 /dev/testvg/testlv Are you sure you want to convert linear LV testvg/testlv to raid1 with 2 images enhancing resilience? [y/n]: y Logical volume testvg/testlv successfully converted. root@ubuntu:~# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert testlv testvg rwi-a-r--- 6.00g 6.25 root@ubuntu:~# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert testlv testvg rwi-a-r--- 6.00g 15.92 root@ubuntu:~# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert testlv testvg rwi-a-r--- 6.00g 100.00 Let\u0026rsquo;s check the disk layout again.\nThere are two competing implementations of this, --type mirror and --type raid1. The mirror implementation is very extremely strongly deprecated, the raid1 implementation is okay, which is why we used this one. It uses mdraid code internally, and we can show this using lvs -a --segments -o+devices\n# lvs -a --segments -o+devices LV VG Attr #Str Type SSize Devices testlv testvg rwi-a-r--- 2 raid1 6.00g testlv_rimage_0(0),testlv_rimage_1(0) [testlv_rimage_0] testvg iwi-aor--- 1 linear 2.00g /dev/sdb1(0) [testlv_rimage_0] testvg iwi-aor--- 1 linear 2.00g /dev/sdc1(0) [testlv_rimage_0] testvg iwi-aor--- 1 linear 2.00g /dev/sdd1(0) [testlv_rimage_1] testvg iwi-aor--- 1 linear 6.00g /dev/sde1(1) [testlv_rmeta_0] testvg ewi-aor--- 1 linear 4.00m /dev/sdb1(512) [testlv_rmeta_1] testvg ewi-aor--- 1 linear 4.00m /dev/sde1(0) This shows us the visible LV testlv as well as the hidden infrastructure that is being created to build it. The left leg of the RAID 1 is testlv_rimage_0, spread over 3 physical devices.\nThe right leg is testlv_rimage1, and because the data all fits onto one disk, we get this consolidated into a single 6G segment on a single device, not quite what we want. We also see two meta devices, which hold the metadata and a bitmap that can speed up array synchonisation.\nHere we see the asymmetric layout again, at the pvs level. Note how the allocation of the rmeta sub-LVs creats the \u0026ldquo;.99\u0026rdquo; free sizes.\nroot@ubuntu:~# pvs PV VG Fmt Attr PSize PFree /dev/sdb1 testvg lvm2 a-- \u0026lt;20.00g 17.99g /dev/sdc1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sdd1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sde1 testvg lvm2 a-- \u0026lt;20.00g 13.99g /dev/sdf1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;20.00g /dev/sdg1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;20.00g # pvdisplay --map --- Physical volume --- PV Name /dev/sde1 VG Name testvg ... --- Physical Segments --- Physical extent 0 to 0: Logical volume /dev/testvg/testlv_rmeta_1 Logical extents 0 to 0 Physical extent 1 to 1536: Logical volume /dev/testvg/testlv_rimage_1 Logical extents 0 to 1535 ... Maintaining the RAID As dm-raid uses md-raid plumbing internally, it has the same controls as md-raid. Among them are also controls that control the sync speed of a logical volume. The lvchange command can set these. For demonstration purposes we are setting these as low as possible, then force a resync of the RAID and check this:\n# lvchange /dev/testvg/testlv --minrecoveryrate 1k --maxrecoveryrate 100k Logical volume testvg/testlv changed. # lvchange --syncaction repair /dev/testvg/testlv # lvs -o+raid_min_recovery_rate,raid_max_recovery_rate,raid_mismatch_count,raid_sync_action LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert MinSync MaxSync Mismatches SyncAction testlv testvg rwi-a-r--- 6.00g 0.19 1 100 0 repair The --syncaction repair forces a RAID recovery, the lvs command shows the data we need to see to track it.\nSplitting the RAID and the VG We can now split the RAID into two unraided LVs with different names inside the same VG:\nroot@ubuntu:~# lvconvert --splitmirrors 1 -n splitlv /dev/testvg/testlv Are you sure you want to split raid1 LV testvg/testlv losing all resilience? [y/n]: y root@ubuntu:~# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert splitlv testvg -wi-a----- 6.00g testlv testvg -wi-a----- 6.00g root@ubuntu:~# pvs PV VG Fmt Attr PSize PFree /dev/sdb1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sdc1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sdd1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sde1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;14.00g /dev/sdf1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;20.00g /dev/sdg1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;20.00g Since the raid is now split, the rmeta sub-LVs are gone and the rimage sub-LVs are unwrapped and become the actual LVs (and those .99 numbers in the PFree column are nice and round again).\nAt this point we can then proceed to split the Volume Group in two, putting splitlv into a new Volume Group splitvg, then export that.\nFor that, we need to change the testvg to unavailable, then run vgsplit. Because of that, a data LV should always be on a data VG that is different from the Boot VG which would hold the boot LVs. If this is not the case, splitting the data LV would require a boot into a rescue image in order to be able to split the data LV: It is not possible to offline a boot LV without this.\nThe outcome:\nroot@ubuntu:~# vgchange -an testvg 0 logical volume(s) in volume group \u0026#34;testvg\u0026#34; now active root@ubuntu:~# vgsplit -n splitlv testvg splitvg New volume group \u0026#34;splitvg\u0026#34; successfully split from \u0026#34;testvg\u0026#34; root@ubuntu:~# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert splitlv splitvg -wi------- 6.00g testlv testvg -wi------- 6.00g root@ubuntu:~# pvs PV VG Fmt Attr PSize PFree /dev/sdb1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sdc1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sdd1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;18.00g /dev/sde1 splitvg lvm2 a-- \u0026lt;20.00g \u0026lt;14.00g /dev/sdf1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;20.00g /dev/sdg1 testvg lvm2 a-- \u0026lt;20.00g \u0026lt;20.00g We can see that vgsplit automatically identified the physical drives that make up the splitlv volume, made sure nothing else is on these drives and moves them into a new VG splitvg.\nWe can now vgexport that thing, eject the drives and move them elsewhere. Over there, we can vgimport things and proceed.\nroot@ubuntu:~# vgexport splitvg Volume group \u0026#34;splitvg\u0026#34; successfully exported It is now safe to pull the drive.\n","date":"2019-12-02T00:00:00Z","href":"https://blog.koehntopp.info/2019/12/02/cloning-and-splitting-logical-volumes.html","tags":["lang_en","erklaerbaer","storage"],"title":"Cloning and splitting logical volumes"},{"categories":null,"content":"Exit Strategy by Martha Wells is the fourth book in the the Murderbot Diaries (All Systems Red , Artificial Condition, Rogue Protocol, Exit Strategy, Network Effect).\nThis novella is the culmination of the Murderbot Novellas, in which our nameless murderbot cyborg tries to nail the evil GrayCris corporation for the series of crimes against settlers and researchers, has to rescue it\u0026rsquo;s \u0026ldquo;owner\u0026rdquo;, sponsor and friend Dr. Mensah from the claws of GrayCris, and make friends on the way. And while Murderbot has no problems with violent action and explosions, it is still scared of emotions and \u0026hellip; people.\nWhile this concludes the arc of the previous three novellas, a fifth full novel length Murderbot story, Network Effect, is in the works and will be published mid-2020.\nAll of the Murderbot stories so far have been outstanding storytelling and characterisation and are strongly recommended.\n\u0026ldquo;Exit Strategy \u0026rdquo;, Martha Wells, EUR 9.34\n","date":"2019-11-22T00:00:00Z","href":"https://blog.koehntopp.info/2019/11/22/fertig-gelesen-exit-strategy.html","tags":["media","review","book","lang_en"],"title":"Fertig gelesen: Exit Strategy"},{"categories":null,"content":"Fashion and Its Social Agendas: Class, Gender, and Identity in Clothing by Diane Crane is an analysis of the changes in society during the various phases of the industrial revolution through the lens of clothing in various societal strata.\nThe book studies fashion and clothing choices in three countries - France, the United States, and England - over a period of 150 years. France and England are examples of class societies in the nineteenth century. It has available four sets of data: Interviews and inventories of clothing in a large number of households the above countries, spaced out over an extended period of time. The long timescale and the temporal distance between the various studies allow comparison across major events (such as the Franco-Prussian war) and as industrialisation plays out.\nThis is not a book for reading, it is a study, full of footnotes, tables, cross references and sections that demand note-taking. It is also interesting, because it shows how materials, production cost, societal change and changing gender roles change the role of fashion and how it is being used in society. Hard work, bit damn interesting.\n\u0026ldquo;Fashion and Its Social Agendas: Class, Gender, and Identity in Clothing \u0026rdquo;, Diane Crane, EUR 24.56\n","date":"2019-11-21T00:00:00Z","href":"https://blog.koehntopp.info/2019/11/21/fertig-gelesen-fashion-and-its-social-agendas-class-gender-and-identity-in-clothing.html","tags":["media","book","review","lang_en"],"title":"Fertig gelesen: Fashion and Its Social Agendas: Class, Gender, and Identity in Clothing"},{"categories":null,"content":"The Wiz Biz by Rick Cook is a book in the genre of \u0026lsquo;magical realism\u0026rsquo;. Some real-world person is being transported into a universe with predictable magic in a classical fantasy setting and is applying scientic method and industrial production methods to the setting.\nIn this book, the real-world person is Walter Zumwalt, a stereotypical hacker, which as part of a hail-mary summoning rital is being transported into a magical war between the good guys and the bad guys. Walter does not know a thing about magic at all, but apparently that can be learned and then turns out to be a lot like computer programming, if you make it so.\nThis book is over 20 years old, and it shows. Not so much in the computer programming aspects, but in the story telling, the world views, and the usage of cliches, most of which did not age well at all. The coding aspect is being introduced late to the story, and is not well constructed. The storytelling is flat and the characters are, well, cliche.\nAll in all a nice idea, but meh execution.\n\u0026ldquo;The Wiz Biz \u0026rdquo;, Rick Cook, EUR 5.99\n","date":"2019-11-20T00:00:00Z","href":"https://blog.koehntopp.info/2019/11/20/fertig-gelesen-the-wiz-biz.html","tags":["book","media","review","lang_en"],"title":"Fertig gelesen: The Wiz Biz"},{"categories":null,"content":"When developing there is often an edit-compile-test cycle, or an edit-distribute-changes cycle or a similar repetetive task. You could poll changes, for example with cron every minute or similarly, but that is wasteful and slow.\nAll modern operating systems have mechanisms for processes to subscribe to file or directory changes. In MacOS, we do have the File System Events API since 10.5, in Linux we got three different implementations (as described in LWN ): The original dnotify, its replacement inotify and the even more recent fanotify (which got its own LWN article ). BSD has kqueue.\nThe idea is that you subscribe to a directory and get notified for change/create/delete/rename events inside that directory and/or all events recursively beneath that starting point (a \u0026lsquo;root\u0026rsquo;). You would be interested into the type of change and the name of the file path that changes, and you would probably want to be able to retrieve lists of these changes in batch.\nTo make that useful, you would need a shell interface to this, and there are quite a few by now.\nThe most convenient seems to be entr , because it works most closely with shell programs. There is also watchman , but this requires submitting jobs and processing results in Javascript to fully use its potential. One of the first programs to use filesystem subscriptions is fswatch , but while highly portable, it is cumbersome to use. Instead of running commands, it just reports filenames to feed into a pipe to handle. Ruby seems to have a library called Guard that also comes with an interface to shell, but can also being used as a ruby gem. spy is a weird piece of Haskell that produces a small binary that can run commands on file system changes. Python seems to come with a bunch of modules and interfaces in various states of disrepair, inotify-tools , the very tiny wrapper inotify_simple (the simple here refers to the fact that it is a tiny wrapper around the C library, not simple to use), the more convenient inotify and the high level wrapper watchdog .\nA test scenario As a test scenario I have a ship-to-kvm command that I want to run on every file change. It looks like this:\nrsync -e ssh -t -v --delete --delete-excluded --exclude=\u0026#39;.git\u0026#39; -r \\ ~/git_tree/myproject \\ devuser@devbox.example.com:myproject when I save my local file from my local editor so that the tree myproject is made available on my devbox.\nentr With entr , that is rather simple. The package entr is available in Homebrew on MacOS (brew install entr) or as a package in Linux (yum install -y entr, apt install entr).\nYou ask entr to watch a list of files or a directory, and when things change to run a command. You can hit space to force execution even when nothing changed, or q to end the command.\nVarious ways to handle changes are provided:\n$ ls *.js | entr -r node myproject.js The -r option here will SIGTERM the node instance, wait for it to complete and then restart it.\nTo get notification of new and deleted files, you need to watch directories, which are inferred from a file list. This is done with the -d option and in fact the command terminates so you need to wrap it in a loop:\n$ while :; do \u0026gt; ls | entr -d ship-to-kvm \u0026gt; done There are a few other options, but these two should cover the most common use cases.\nwatchman watchman is the facebook take on things. It consists of a daemon that is automatically started when you are using the frontend command, and a frontend command that actually does not expose all the functionality unless you feed it JSON job files. All command results are also JSON.\nwatchman has the concept of roots, filesystem subtrees that are being watched, and then triggers that are attached to roots or subtrees of roots, and are being run on change. A simple predicate language and a selection of regex libraries can be used to formulate conditions for triggers.\n$ watchman watch ~/git_tree/myproject # this will start the daemon $ watchman -j ship-to-kvm.json # this defines the job ... and the actual job definition is then something like\n[ \u0026#34;trigger\u0026#34;, \u0026#34;~/git_tree/myproject\u0026#34;, { \u0026#34;name\u0026#34;: \u0026#34;ship-to-kvm\u0026#34;, \u0026#34;expression\u0026#34;: [ \u0026#34;pcre\u0026#34;, \u0026#34;^[a-zA-Z0-9]\u0026#34; ], \u0026#34;command\u0026#34;: [ \u0026#34;ship-to-kvm\u0026#34; ] } ] This may look nicer to developers, but I seem to prefer the entr way of doing things.\nPython watchdog The Python library watchdog provides a convenient programmatic interface to inotify and friends by defining an Observer class and scheduling operations to the observer when there are events outstanding.\nThe example from the manual looks like this:\n#! /usr/bin/env python import sys import time import logging from watchdog.observers import Observer from watchdog.events import LoggingEventHandler if __name__ == \u0026#34;__main__\u0026#34;: logging.basicConfig(level=logging.INFO, format=\u0026#39;%(asctime)s - %(message)s\u0026#39;, datefmt=\u0026#39;%Y-%m-%d %H:%M:%S\u0026#39;) path = sys.argv[1] if len(sys.argv) \u0026gt; 1 else \u0026#39;.\u0026#39; event_handler = LoggingEventHandler() observer = Observer() observer.schedule(event_handler, path, recursive=True) observer.start() try: while True: time.sleep(1) except KeyboardInterrupt: observer.stop() observer.join() and when run does things like this for a touch keks; sleep 1; rm keks in a secondary shell:\n2019-11-19 14:36:40 - Modified directory: ./.git 2019-11-19 14:36:44 - Created file: ./keks 2019-11-19 14:36:44 - Modified directory: . 2019-11-19 14:36:44 - Modified directory: ./.git 2019-11-19 14:36:53 - Deleted file: ./keks 2019-11-19 14:36:53 - Modified directory: . 2019-11-19 14:36:53 - Modified directory: ./.git The actual observer selection allows a rich palette of event classes and filters, so dispatching and filtering events is easy.\n","date":"2019-11-19T00:00:00Z","href":"https://blog.koehntopp.info/2019/11/19/when-a-file-changes-do-a-thing.html","tags":["computer","filesystems","lang_en"],"title":"When a file changes, do a thing"},{"categories":null,"content":"TL:DR: If you have long running transactions, MySQL does not deal well with this, and it will slow down the box. That\u0026rsquo;s okay as long as you are basically alone on your box, but if you aren\u0026rsquo;t, the others will hate you.\nThe database machine \u0026lsquo;somehierarchy-02\u0026rsquo; in a general purpose load balancer pool for somehierarchy had replication delay.\nIt\u0026rsquo;s a MySQL replica and is receiving the same write workload than all the other boxen in that pool. Yet, somehierarchy-03 is fine, while somehierarchy-02 is not. Both machines have comparable hardware: -02 and -03 are both Dell M630 with 128 GB of memory and two SSD. They should behave identically, yet one runs from memory, but the other is reading 40 MB/s from disk.\nMachine somehierarchy-02 reading up to 40 MB/s from disk. The sister box runs from memory.\nThe objective was to find the root cause for this, as it was causing replication delay and generally making people unhappy.\nTogether with a colleague we established that both boxes replicate from the same master and that they receive identical binlogs. We did find indeed the same set of GTIDs, a similar amount of binlog files, and a bit of Ghetto statistics (mysqlbinlog -v binlog... | egrep -i '(insert|update|delete)' | awk ... | sort | uniq -c) on the active tables per time also found nothing unusual.\nWe then did a mysqldump --no-data schemaname to validate that the schemas are identical. They indeed were, same tables, same table structures, same indexes.\nIt\u0026rsquo;s reads, coming from a client We can therefore rule out anything related to replication or disk writes. The difference must be in the reads, that is, the two boxes receive vastly different workload from clients.\nComparing the active PROCESSLIST between the two boxes did not yield results, though. Checking back we found that the problem had been going away while we were looking. So whatever we were looking for would not be in processlists, only in logs.\nSo, do we have logs?\nlog_processlist is still a thing Turns out: we do. The tool log_processlist is older than time itself, it goes back to before 2007. Simon Mudd and I wrote that once, to have a flight recorder for crashed machines.\nBasically it dumps data from the operating system and the various MySQL tables into the directory /var/log/mysql_pl, where we have a weekly ring-buffer like directory structure:\n[somehierarchy-02 /var/log/mysql_pl]$ ls -F Fri/ Mon/ README Sat/ Sun/ Thu/ Tue/ Wed/ When a box crashes or misbehaves, as long as you have access to this subtree, you can go there and inspect the files to see what the box did just before it crashed. So we go into Mon subdirectory for Monday, and look into some files, for example the 10:20 recordings:\n[somehierarchy-02 ~]# cd /var/log/mysql_pl/Mon [somehierzrchy-02 Mon]# ls -l 10_20* -rw-r--r-- 1 root root 19144 Nov 18 10:20 10_20.innodb.xz -rw-r--r-- 1 root root 5836 Nov 18 10:20 10_20.unix.xz -rw-r--r-- 1 root root 18368 Nov 18 10:20 10_20.xz [somehierarchy-02 Mon]# ls -l 10_21.sys* -rw-r--r-- 1 root root 14590 Nov 18 10:21 10_21.sys.gz In the 10_20.xz we find the MySQL processlist and a few other things, in the 10_20.unix file.xz we find the UNIX processlist, system memory and other system stuff, and in the 10_20.innodb file there are various InnoDB related table dumps from this point in time. There is also a dump of the entire sys set of views every 15 minutes, so 10_21.sys.gz has that.\n[somehierarchy-02 /var/log/mysql_pl]# head -3 /tmp/x Id\tUser\tHost\tdb\tCommand\tTime\tState\tInfo 33\tsystem user\tNULL\tConnect\t1\tWaiting for dependent transaction to commit\tNULL 34\tsystem user\tNULL\tConnect\t1\tSystem lock\tINSERT INTO ... Checking the processlist shows many sleeping connections. We filter these and immediately hit paydirt:\n[somehierarchy-02 tmp]# awk -F\u0026#34;\\t\u0026#34; \u0026#39;$5 != \u0026#34;Sleep\u0026#34; { print $5, $6 }\u0026#39; x | wc -l 27 [somehierarchy-02 tmp]# awk -F\u0026#34;\\t\u0026#34; \u0026#39;$5 != \u0026#34;Sleep\u0026#34; { print $5, $6 }\u0026#39; x Command Time Connect 1 Connect 1 Connect 1 Connect 1 Connect 1 Connect 1 Connect 2 Connect 2 Connect 2 Connect 2 Connect 2 Connect 39412 Query 33242 Query 33242 Query 33241 Query 24514 Query 20613 Query 14924 Query 6827 Query 3219 Query 1 Query 1 Query 0 Query 0 Query 0 Query 0 The \u0026ldquo;Connect\u0026rdquo; only means that these are replication threads. Running Queries have \u0026ldquo;Query\u0026rdquo; and here the number is the seconds of runtime for this query. There are apparently a number of queries with a large runtime: 33242 seconds are 9.25 hours - they are running since 1 am.\n[somehierarchy-02 tmp]# awk -F\u0026#34;\\t\u0026#34; \u0026#39;($5 == \u0026#34;Query\u0026#34; ) \u0026amp;\u0026amp; ($6 \u0026gt; 10000) { printf \u0026#34;%s %s %s %s\\n\u0026#34;, $2, $3, $6, $7 }\u0026#39; x hadoopuser hadoop-07:62112 33242 Sending data hadoopuser hadoop-07:62126 33242 Sending data hadoopuser hadoop-07:62128 33241 Sending data cronuser cronbox-14:34017 24514 Creating sort index cronuser cronbox-06:45661 20613 Creating sort index cronuser cronbox-14:55920 14924 Creating sort index At around 1:00am the hadoopuser connected from hadoop-07 to somehierarchy-02 and started a number of queries:\nSELECT ... FROM MessageLog WHERE ( `hotelnumber` \u0026gt;= 986116 ) AND ( `hotelnumber` \u0026lt; 1181338 ) and similar. They read around 70M rows from MessageLog each, a table that itself has 540M rows. That takes time.\nDuring that time the \u0026ldquo;select\u0026rdquo; statements maintains a read-only transaction to create a stable view of the table it is reading. That means that as we change rows in MessageLog the old versions of the row are being shifted to the Undo-Log, and while other transactions read the new version of the row from the tablespace, these transactions read old versions of the row from the Undo-Log.\nOr they try. They hit the tablespace first, see a new version of the row, are being sent one version into the past, find that this is still too recent, go one step deeper into the past and so on. We are essentially traversing a linked list on disk, without caching. MySQL is not really meant to deal well with 9h old transactions.\nWe can monitor this:\nand we will. Not necessarily a thing to alert on at night, but certainly a thing to check up on early on in debugging.\nCertainly a blast from the past: Not just from the past of the row in a MVCC system, but also a thing we have seen before , and that was 2012. Certainly a blast from the past.\n","date":"2019-11-18T00:00:00Z","href":"https://blog.koehntopp.info/2019/11/18/a-blast-from-the-past.html","tags":["mysql","innodb","lang_en"],"title":"A blast from the past"},{"categories":null,"content":"Change Agent is Daniel Suarez fifth book.\nAs usual, he builds his stories around one technology or technological change and constructs an action-rich storyline around it. For \u0026ldquo;Change Agent\u0026rdquo;, this is CRISPR genetic modification of living beings. He basically imagines a programmable genetic agent that rewrites living beings including humans on the go - the eponymous change agent.\nIt\u0026rsquo;s 2045, and an Interpol Agent Kenneth Durand is trying to pursue the Huli Jing cartel, a criminal black market corporation that produces enhanced designer babies for rich prospectice parents. Huli Jing so far has proven to be able to completely evade any police action. As Durand tries to close in on Marcus Demag Wyckes, the cartel leader, he\u0026rsquo;s being attacked, injected with a drug and the change agent turns him into Wyckes, Face-Off-style. Through some unlikely circumstances Durand survives the procedure that was expected to kill him, and pursues the cartel.\nThis book has over the top action, interesting ideas and shallow characterisation. It\u0026rsquo;s a terribly written thing that could have been making an awesome summer blockbuster.\n\u0026ldquo;Change Agent \u0026rdquo;, Daniel Suarez, EUR 6.99\n","date":"2019-11-18T00:00:00Z","href":"https://blog.koehntopp.info/2019/11/18/fertig-gelesen-change-agent.html","tags":["media","book","review","lang_en"],"title":"Fertig gelesen: Change Agent"},{"categories":null,"content":"Infinity Engine is the third and final book in Neal Asher\u0026rsquo;s Transformation Sequence , a trilogy set in the Polity Universe .\nThis is the conclusion of the three book arc about the redemption of the mis-manufactured and temporarily mad AI Penny Royal. Asher takes us through a set of encounters he prepared two other books for, contrasting the reconstruction and the redemption of Penny Royal with the descend into madness of the forensic AI Brockle, and weaving together all the other story-strands that he set up earlier into a literally star-shattering finale.\nAs usual with Asher, there is a lot of casual violence and killing, and also as usual with Asher, the tech and the scale of things is way over the top. On the other hand, this is what we get when we imagine a post-scarcity society like the culture, but with actual action. A nice conclusion, and at the same time a set-up of the followup trilogy, \u0026ldquo;The Rise of the Jain\u0026rdquo;.\n\u0026ldquo;Infinity Engine \u0026rdquo;, Neal Asher, EUR 7.78\n","date":"2019-11-18T00:00:00Z","href":"https://blog.koehntopp.info/2019/11/18/fertig-gelesen-infinity-engine.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: Infinity Engine"},{"categories":null,"content":"I fell into the Twitters again. @CarrickDB joked about Unix, Files and Directories:\nAnd that is a case of \u0026ldquo;Haha, only serious\u0026rdquo;. Because directories used to be files, and that was a bad time. Check out the V7 Unix mkdir command. At this point in history we do not have a mkdir(2) syscall, yet, so we need to construct the entire directory in multiple steps.\nmknod(2) an inode that has the S_IFDIR flag set , even if that macro does not even exist yet. manually link the entry for the current directory . into that manually link the entry for the parent directory .. into that This fragile and broken: mkdir could be interrupted while doing that or another program could try to race mkdir while it is doing that. In both cases we get directories that are invalid and dangerous to traverse, because they break crucial assumptions users make about directories.\nThis is also before readdir(2) and friends, so programs like ls open directories like files and then make assumptions about the format of dentries on disk. Specifically, they assume a 16 bit inode number and then a filename of 14 characters or less and a directory that is an array of these entries. Unfortunately, time has not been kind to the assumption of 65535 files or less per partition, and also we require filenames that are longer than 14 bytes these days.\nFinally have a look at the hot mess that the rmdir command is. What could probably go wrong?\nWell, Jan Kraetzschmar reminds us that this kind of non-atomic rmdir can also produce structures in the filesystem that are disconnected from the main tree starting at /. In that case you end up with orphaned, unreachable inodes that still have a non-zero link count. fsck should be able to find them and free them, but of course that would be a disruptive operation. Making mkdir and rmdir system call avoids all of these problems.\nThat\u0026rsquo;s why all of this was fixed in 1984 or so, when BSD FFS came around and we got long filenames, wider inodes, mkdir, rmdir and readdir as syscalls and many other improvements.\nWhat if really everything was a file? Another decade later, around 1995 or so, we got Plan 9, not from outer space, but from Bell Labs.\nIt not only brought us Unicode everywhere, but also an exploration of \u0026lsquo;What if really everything was a file?\u0026rsquo;, including other machines on the network and processes on our machine. From that we get todays procfs in Linux (and in many other modern Unices).\nExcept that you can\u0026rsquo;t rm -rf /proc/1 to shut down the box.\nThings that still are not a file, and should be dead I am not going to mention System V IPC here at all. Not shm, not sem, and not msq. They are abominations that should never have escaped the lab cages they have been conceived in.\nThere is mmap, and mmap is good. Or can be, as long as you do not conflate in memory and on disk representations of data, and understand the value of MVCC. But that is another story and should be told another day.\n","date":"2019-11-14T00:00:00Z","href":"https://blog.koehntopp.info/2019/11/14/everything-was-a-file-but-we-got-better.html","tags":["unix","computer","damals","lang_en"],"title":"Everything was a file, but we got better"},{"categories":null,"content":"Some of the databases at work are a tad on the large side, in the high 2-digit terabytes of size. Copying these to new machines at the moment takes a rather long time, multiple days, up to a week. Speeding it up pays twice, because with shorter copy times there is also less binlog to catch up.\nI have been looking into disk copy speeds in order to better understand the limits. When creating a partition from NVME devices, the most simple layout is a concatenation:\n# lvcreate -n kris -L 10t vg00 # dd if=/dev/zero of=data.0 bs=1024k count=10240 Using a single dd command, I get about 600 MB/sec read or written from it. For 50TB, this is 87400 seconds, slightly more than one day.\nThe key to NVME saturation is parallel access, so lets do this in parallel with multiple processes:\n# seq 1 128 | parallel dd if=/dev/zero of=data.{} bs=1024k count=10240 This will run as many processes in parallel as I have CPUs. On the test machine it will keep 32 processes running at all times, filling the queues of the NVME device deeply. It can reach 3250 MB/s, so 50 TB translate into 16130 seconds, 4.5h.\nHad I created the NVME device as a striped RAID-0, I would have gotten even better performance:\n# lvcreate -n kris -L 10t -i12 -I64k vg00 # seq 1 128 | parallel dd if=/dev/zero of=data.{} bs=1024k count=10240 This configuration can reach up to 5.2 GB/s locally, so for 50TB, we get to 2.75h disk write time.\nNow, what I actually want is unfortunately something different: A copy of the original database image from machine A transferred to machine B. So that will translate into something along the lines of\n# mkdir /root/kris # cd !$ # fpart -o chunk -n 128 /mysql/testschema # find . -type f | parallel rsync --files-from={} / kris@B:/mysql/testschema but that is still suffering from all the rsync+ssh overhead. It will give you around 2.7 GB/s. Using tar, this becomes\n# find . -type f | \u0026gt; parallel \u0026#39;tar cvf - --files-from={} | ssh kkoehntopp@B \u0026#34;tar -C /a -xf -\u0026#34;\u0026#39; which is much faster for a clean, non-incremental copy. But that is still using ssh to encrypt and can become a bottleneck in some use cases.\nYou could run tnc to use tar and netcat to get rid of both sources of overhead to speed things up even more and run at media speed. How to transfer large amounts of data via network in general is a useful resource and has a few more ideas and tools on how to handle things.\nTools used GNU parallel - a perl script that is part of CentOS 7, which can comfortably construct and run command lines in parallel execution. It has no large advantage over xargs -P, but I like the flexibility of the substitutions offer.\nfpart - a tool that will take a list of filenames or pairs of size and filename (du output) and sort it into chunks of files so that each chunk contains the approximately same amount of bytes.\nOther tools fpsync - deprecated tool, part of fpart, does a parallel rsync, badly. Do not use this. Also, the successor tool (parsyncfp) is not really valuable if you can do fpart and your transfer command of choice yourself. Actually doing it yourself is more transparent and easier to test.\nThis requires NVME NVME devices have multiple deep queues. They can utilize parallel access and turn it into performance. In fact, getting the full performance out of a NVME device probably requires asyncio or parallel processes.\nThat is, because a single NVME device can give you around 800000 IOPS or more, so you should complete one IO every 1.2 microseconds. On the other hand, actual read latency is on the order to 100 micros, and write latency buffered/unbuffered is at around 50/450 micros, so a single threaded access can realize only a fraction of the total I/O potential of the device.\nNVME devices are using the same flash storage that SSD use, but they remove the SATA controller from the equation. Instead the flash resides directly on the PCI bus. NVME can be made available locally or remotely, and the way we have set our network the network is not the bottleneck. Network access inside our data centers will add 20 micros or less in latency.\n","date":"2019-11-11T00:00:00Z","href":"https://blog.koehntopp.info/2019/11/11/filling-disk-space-fast.html","tags":["lang_en","computer","storage","database"],"title":"Filling disk space fast"},{"categories":null,"content":"Water is a very weird substance. Melting ice at 0C to water at 0C takes a fantastic amount of energy: Water has a latent heat of 384J/gram. Compared to other materials that is pretty much at the upper end of the spectrum.\nWarming up 1g of liquid water by 1C is the original definition of 1 Calorie, or 4.184 Joules in todays units.\nThe water on our planet is a buffer that can store energy if there is more energy incoming that the earth can dissipate, or release energy if the bilancing is negative. Since some time around 1990 the energy bilancing of our planet is positive and the oceans are capturing energy at an alarming rate:\n(via Lijing Cheng )\nThis acts as a buffer, keeping the air cooler than it should be given the energy surplus we experience.\nAt the same time, the yearly cycle of the sea ice in terms of area and thickness can be plotted, and is shown to go around a mostly stable center.\n(via Simon Küstenmacher )\nAgain, this changes in the 1990ies, in a very alarming way.\nBoth, the sea ice and the water mass of the ocean, are buffers that keep the earths climate on point and prevent it from changing quickly. But for the last 30 years, since approximately 1990, we are putting more energy into the system than it can dissipate, loading the buffers up more and more until we exhaust them.\nOnce that happens, there will be a no mitigation any more and the atmosphere will be warming up very rapidly and in a non-linear fashion.\nThe problem here is that even carbon neutrality at the current level will not be enough: The earth will not become more retaining for infrared than it already is, but the current level of CO2 is high enough to be energy-positive and it continues to load the buffers.\nNOAA keeps lists of CO2 over time at monthly CO2.earth . The current level of CO2 in our atmosphere is 408ppm in September 2019. In September 1990, when this process started, it was 351 ppm.\nSo basically we have been adding not quite 2ppm/year, and we need to get back to 1990s levels in order to stabilize our home planet.\nClimate change started already, 30 years ago, and currently we are living off our safety buffers, the sea ice and the water masses of earth taking the surplus and keeping us alive.\n","date":"2019-10-15T00:00:00Z","href":"https://blog.koehntopp.info/2019/10/15/climate-change-happened-30-years-ago.html","tags":["climate","mobility","lang_en"],"title":"Climate change happened 30 years ago"},{"categories":null,"content":"Note to self: Ignoring the Catalina Nagscreens is done like this:\n$ sudo softwareupdate --ignore \u0026#34;macOS Catalina\u0026#34; $ defaults write com.apple.systempreferences AttentionPrefBundleIDs 0 \u0026amp;\u0026amp; killall Dock And that should make MacOS ignore Catalina until further notice. Further notice does look like this:\n$ /usr/sbin/softwareupdate --reset-ignored ","date":"2019-10-15T00:00:00Z","href":"https://blog.koehntopp.info/2019/10/15/ignoring-catalina-nags.html","tags":["lang_en","apple","macos"],"title":"Ignoring Catalina nags"},{"categories":null,"content":"Catalina is here. It fixes many things, among them iTunes. On the other hand, it drops support for 32-Bit MacOS applications.\nConsider the upgrade carefully.\n$ system_profiler SPApplicationsDataType … Steam: Version: 1.5 Obtained from: Identified Developer Last Modified: 23.08.16, 20:32 Kind: Intel 64-Bit (Intel): No Signed by: Developer ID Application: Valve Corporation, Developer ID Certification Authority, Apple Root CA Location: /Applications/Steam.app … Anything listed with 64-Bit (Intel): No will stop working after the upgrade. Check before you upgrade, and consider what you will be losing access to if you perform the upgrade.\nOn my box:\nApprentice Alf DeDRM Plugin for Calibre Civilization V CoverScout 3 Google Music Manager Google Photos Backup GrandPerspective JD-GUI Kindle (1.23.1, locked from upgrades) Mathematica Microsoft Office SongGenie 2 Steam TigerVNC UnRarX Some of them are unimportant, other things are quite critical, some of them can\u0026rsquo;t be updated easily.\nAt this point, for me this is a hard pass, and a lot of work to be done.\n","date":"2019-10-08T00:00:00Z","href":"https://blog.koehntopp.info/2019/10/08/catalina-upgrade-carefully.html","tags":["apple","macos","lang_en"],"title":"Catalina: Upgrade carefully."},{"categories":null,"content":"Deutsche Welle is shocked: Generation Greta is watching Netflix (Article in German Language), Netflix runs on computers, and apparently computers are using power.\nLet\u0026rsquo;s have a look.\nEDIT: Second part Streaming and Energy now available.\nEnd-User Device. It\u0026rsquo;s 2019. End user devices are using Wi-Fi, and are running on Batteries. They are Cellphones, Tablets or Laptops.\nDevices that are not connected to grid are more usable if they are trying to save energy, and so all modern devices are full of special purpose hardware that allows them to fulfill their main functions more energy efficient. In particular for the use-case of watching video modern hardware, even cellphones, have special ASICs that can do video and audio decompression and compression on the fly faster and with much less energy usage than a CPU could do.\nAlso, devices without a fan are limited to a sustained power usage of 5W or less, because that is typically the heat that a device can dissipate without a fan and without looking strange.\nAll of this is an enormous improvement: An old-style desktop computer has a TDP (Thermal Design Power) of 150W and actually uses a large two digit number of Watts to run, and an old-school 17\u0026quot; monitor instead of a modern LCD uses as much energy. A modern tablet or cellphone does both, loading an email and displaying it, within a power budget of 1.5W to 5.0W, so easily 20-40x more energy efficient.\nThe article mentions\n\u0026ldquo;Eine geringere Video-Auflösung spart immer Daten und damit Strom. Ein Smartphone etwa kann eine HD-Auflösung gar nicht darstellen.\u0026rdquo; Außerdem gelte: je größer der Bildschirm, etwa bei einem Smart-TV im Wohnzimmer, desto höher der Stromverbrauch. Fazit: HD-Filme auf dem Smartphone über das mobile Netz zu schauen, ist am stromintensivsten und damit am klimaschädlichsten.\n»\u0026ldquo;A smaller resolution saves data and power. A smartphone for example cannot show HD resolution\u0026rdquo;. Also, the larger the screen, the more power use. In total: Watching HD movies on a smartphone is the most energy intense and most climate endangering use.«\nThat\u0026rsquo;s an amazing mix of truth and nonsense:\nThe smartphone will still use less than 5W, because it can\u0026rsquo;t fry itself. And doing this at home via Wi-Fi will not use mobile infrastructure but whatever access point is in the house, so relatively low power (10W total for AP and phone?). The smartphone can indeed show Full HD, because modern smartphone screens are in fact 1920x1280 or larger in resolution, but you won\u0026rsquo;t be able to notice that, because the pixels at 450dpi or higher are too small for human eyes. And all this is so obvious that Netflix knows this and won\u0026rsquo;t actually give you full HD for a smartphone endpoint. Unless of course you are streaming from the smartphone to a TV, in which case it does. You can prove this by downloading, and observing that a full episode of an 1h show comes down to \u0026lt;250 MB of total storage. Data Center Modern Cloud Data Centers are containing Megawatts and Megawatts of compute capacity (What\u0026rsquo;s a Megawatt? ), with a single facility now touching the 100 MW barrier .\nGoogle specifically is using 100% renewable energy for their data centers, since 2017 , for a total of 2600 Megawatt. They are doing this by financing solar and wind facilities directly, and not through greenwashing certificates (PDF ).\nAzure claims to have reached CO2 neutrality in 2014, and also talks about Power Usage Effectiveness (We\u0026rsquo;ll be touching that subject in more depth below). In their Dutch page they claim\nWe hebben in 2014 CO2-neutraliteit bereikt en voldoen aan onze doelstelling om een gemiddelde PUE (Power Usage Effectiveness) van 1,125 voor elk nieuw datacenter te realiseren. Hiermee zitten we 30 procent boven het industriegemiddelde.\n\u0026ldquo;We have reached CO2 neutrality in 2014 and reached our targets for power usage effectiveness of 1.125 for all new data centers. With this, we are 30% better than industry average.\u0026rdquo;\nAmazons energy page is AWS \u0026amp; Sustainability and they claim more than 50% power from renewables, and commit to a 100% renewable goal for their global infrastructure.\nLike all the other cloud providers, they also highlight the way lower PUE and much higher utilitzation of their servers compared to on-premises IT (65% vs. 15% average utilization, and 29% better power effectiveness, adding up to a 84% better overall power bilancing in their math).\nThey also list their ongoing solar and wind farm builds. For the amount of power usage they can\u0026rsquo;t yet cover from direct renewable sources, the page states \u0026lsquo;AWS purchases and retires environmental attributes, like Renewable Energy Credits and Guarantees of Origin, to cover the non-renewable energy we use in these regions\u0026rsquo;, making them overall CO2 neutral.\nFinally, computer power usage is not linear: Power management on a data center CPU turns cores on and off as needed, and thus, a CPU uses already circa 50% power at 10% utilisation. From a cost and from an environmental perspective it is best to utilise any CPU to the fullest. Some older measurements of mine on this.\nNetworking The article from Deutsche Welle states correctly that the Last Mile is what counts. That is, because everything before the Last Mile is already fiber, and fiber lines allow extremely fast networking at relatively low energy.\nGermany, specifically, is wasting a lot of energy on the last mile, because in order to make Germanys aging copper infrastructure capable of handling modern data rates, a stunning amount of signal processing is required.\nSiemens DSL DSLAM (not VDSL) as can be found in typical outdoor cabinets all over the city. VDSL requires even more compute to send Megabits/s over what is hardly better than a wet cow wire (Image via Wikipedia )\nNokia lists Fiber as 45% more cost efficient and way more energy efficient than VDSL2:\nCopper infrastructure maintenance is typically the most costly of all network types. By comparison, GPON is significantly cheaper — upwards of 45% less to operate than VDSL2.\nThat’s why replacing aging copper plant with fiber has significant operational benefits. New fiber is more reliable than old copper while, at the same time, consumes much less energy. Also, with GPON operational costs are further reduced with the elimination of the digital subscriber line access multiplexer (DSLAM) from the access architecture.\nClearfield specifices the total installable power in their typical grey \u0026lsquo;outdoor VDSL cabinets\u0026rsquo; as up to 3000W, but most cabinets will not be fully powered to the max. German Telekom DSLAMs are being fed 48V/25A, around 1000W for the street level devices with four cards.\nMoving this to fiber will dramatically save energy, and in fact, everywhere in the world outside of Germany this is happening right now.\nMobile data networks are indeed great power sinks . If you can use cabled networking, do so.\nModern Data Centers and Power John Laban is an ambassador for the Open Compute Project . Funded originally by Facebook, OCP is a project that tries to build more power efficient cloud data centers. In his presentations , John explains how OCP achieves this by getting rid of old technology in the data center and making the room and the rack a system:\nTraditional Data Centers: Dark Green - Payload. Everything else - Payload Support.\nOCP Data Centers: Dark Green - Payload. Still around: Generator, Airco is now adiabatic instead of CRAC. Everything else: gone.\nOCP data centers redesign the air flow in the data center.\nTraditionally data centers have a raised floor, which transports cold air to the racks, goes through the racks and is then cooled again. Air-in temperatures are often as low as 17-25C, and humidity is tightly controlled. OCP data centers allow non-condensing air of up to 35-45C to go into the servers, which does basically away with heat pumps and air condition and allows ambient temperature air to go into the DC.\nTraditional servers have often a relatively low height (\u0026ldquo;1U\u0026rdquo;, one rack unit), which forces the designers to use relatively small fans, small heat sinks (== higher air flow speed necessary for cooling) and produces a lot of friction for the air in the devices. In a 350W server, the worst case I have personally observed is 50W for air movement.\nOCP uses higher rack units (\u0026ldquo;OU\u0026rdquo;, Open Compute Units) and usually makes devices no flatter than 2 OU. Instead, horizontal partitions are used (3 devices in 2 OU) for a more square device front, minimising friction and allowing larger heat sinks. It also allows larger fans, with in turn allows moving the same volume of air with less RPM and a lot less power. Best cases I have personally observed were as low as 5-10W for a 350W server.\nOCP Server: 2 OU high, 1/3 Rack wide, less friction, larger coolers, no panels impeding airflow, larger fans = slower RPM = less energy for air movement. Can take up to 45C air-in (\u0026lsquo;ambient air intake\u0026rsquo;, no heat pump required for cooling).\nOCP also improves power consumption by centralising power supplies in a rack (larger power supplies are usually more efficient), reducing the number of power conversions in the total power flow, and making uninterruptible power supplies more efficient.\nTotal OCP power savings vary by use-case and climate zone, but are usually 20-50%. South Korean Telekom tested OCP servers in a climate chamber with various settings (Testbed , Findings ) and what really shows is how the OCP power consumption stays the same at all possible air-in temperatures while legacy equipment consumes a lot more power because it has to turn up the fans.\nPUE, Power Usage Efficiency The Power Usage Efficiency, PUE, is the ratio of total power consumption of a data center compared to power intake of the compute equipment. The overhead typically contains cooling, air movement, and power transformation losses.\nThe data center built by web.de in Amalienbadstraße, Durlach (Karlsruhe), had a PUE of 2.0 - for each Megawatt used for compute, another Megawatt was required for cooling and air movement. The reasons for that are manifold: The building itself, an old factory building built by Pfaff, had low ceilings forcing warm air back into the machines and forcing bad airflows. The hardware used had a lot of loss due to badly designed airflows. And the location of the data center, down in the valley of the river rhine instead of high up in the Black Forest, combined high ambient air temperatures with high air humidity, making evaporative or adiabatic cooling an inefficient option - compressive cooling with heat pumps was necessary.\nMore modern data traditional centers can achieve a design PUE as low as 1.2 and an effective operational PUE of 1.6. Rigidly optimized OCP data centers can go below 1.1 effective PUE (sic!) in good conditions. Google published their numbers in their PUE dashboard .\nAll current cloud vendors deploy OCP equipment or (in the case of Microsoft) self-developed equipment that is comparable in efficiency. They also add additional special purpose hardware to their cloud offerings that allows offloading of common functionality from the sellable cores of their machines, in order to maximise sellable inventory, save power and, of course, increase utilisation.\nAll aspects of improved efficiency and utilisation included, cloud hardware often is 3x (or more) efficient than a traditional data center.\nEDIT: A longer article by Jessie Frazelle on Data Center Energy use: Power to the People .\nEDIT: A study by Masanet, Koomey et al, Recalibrating global data center energy-use estimates . The TL;DR is : »We find that computing output from data centers went up six fold from 2010 to 2018 but electricity use only went up 6%.« Masanet, Koomey et al have a second article, Characteristics of low-carbon data centres . EDIT: I have been sent a link to a writeup on data center planning considerations . While this was part of a SEO effort, the source (Schneider Electric) is competent - Scheider specializes in Data Center Design and Planning and Energy Systems - and the writeup is actually useful. The text gives a bit of insight into the process and the factors that go into site planning and choices. A lot depends on intended purpose, local climate, available space and power and ultimately also site size and building increments.\nSummary Compared to technology from 10 years ago, in the data center we are now using a lot less energy and with cloud technology also have dramatically improved utilisation (ie use less hardware to achieve the same outcome). Also, all of this is green energy, mostly from actual green production and not grey-green with certificates. Cloud operators are some of the largest investors in Wind and Solar all over the world.\nAt home, savings are even larger, because we went from Desktop machines with abysmal power profiles to modern low power hardware which uses single digit wattages to produce results.\nNetworking, especially the last mile, especially mobile networking, especially 5G, is a power hog. The amount of signal processing that goes into 5G and VDSL is amazing. If you want low power networking, use fiber, maybe bridge the last 5 meters with Wi-Fi.\n","date":"2019-10-05T00:00:00Z","href":"https://blog.koehntopp.info/2019/10/05/data-centers-and-energy.html","tags":["climate","cloud","data center","energy","erklaerbaer","lang_en"],"title":"Data Centers and Energy"},{"categories":null,"content":"We had a discussion at work about MySQL doing Disk I/O to a NVME disk, and if it is valid to turn off the doublewrite buffer when using XFS.\nTL;DR: It\u0026rsquo;s not, you can turn off the doublewrite buffer only on filesystems that never do in-place updates (ZFS, btrfs), or that have their own doublewrite buffer (ext4 with journal=data). A flash layer underneath the actual filesystem is likely not going to help you without additional measures.\nTracing Disk I/O In order to better show what is going on, I ran an idle instance with innodb_use_native_aio = false for easier tracing, and here is is the trace:\n# lsof -p 29169 … mysqld 29169 mysql 3uW REG 253,0 536870912 68238213 /var/lib/mysql/ib_logfile0 mysqld 29169 mysql 4uW REG 253,0 864026624 178570 /var/lib/mysql/kris/t.ibd … mysqld 29169 mysql 9uW REG 253,0 536870912 68238220 /var/lib/mysql/ib_logfile1 mysqld 29169 mysql 10uW REG 253,0 415236096 68239130 /var/lib/mysql/ibdata1 mysqld 29169 mysql 11uW REG 253,0 12582912 68238214 /var/lib/mysql/ibtmp1 … We are using a database kris with a test table t. The file handles that are relevant for observation are 4 for the ibd file, 3 and 9 for the logfiles and 10 for the ibdata1, which would also be the location of the doublewrite buffer.\nI am running an insert into t values (NULL, RANDOM_BYTES(255)) into my test table (which has an id serial and a d varchar(255)).\n[pid 29441] recvfrom(39, \u0026#34;\\3insert into t values(NULL, rand\u0026#34;..., 46, MSG_DONTWAIT, NULL, NULL) = 46 This is the SQL command coming in over the socket. And we fetch some randomness:\n[pid 29441] openat(AT_FDCWD, \u0026#34;/dev/urandom\u0026#34;, O_RDONLY) = 42 [pid 29441] read(42, \u0026#34;\\207H\\241\\254O\\317\\10\\fk\\3447\\201\\277\\267\\223,Oi\\202\\272\\222\\16(\\210\\333\\300\u0026#39;\u0026amp;\\302g!\u0026amp;\u0026#34;, 32) = 32 [pid 29441] close(42) = 0 Some action on the metadata, then a log write from the implied commit:\n[pid 29441] pread64(10, \u0026#34;H\\252\\364\\35\\0\\0\\1\\255\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0,\\346\\365\\0\\2\\0\\0\\0\\0\\0\\0\u0026#34;..., 16384, 7028736) = 16384 [pid 29441] pwrite64(3, \u0026#34;\\200\\201\\23D\\2\\0\\0\\30\\0\\0\\38bd\\08\\0\\0\\0\\1\\0!\\257\\23\\267\u0026gt;\\0\\0\\r./k\u0026#34;..., 1024, 34426368) = 1024 [pid 29441] fsync(3) = 0 This is the only fsync that contributed to commit-Latency. The write is now persisted to disk, and can be reconstructed using the unmodified page from the tablespace and the change information from the redo-log during recovery.\nThe modified page is still in memory, though, and in order to reclaim redo log space, needs to be eventually checkpointed.\nThis happens later, and with many more fsync operations. It does happen in batch, for many commits and multiple pages, normally, but in our easily traceable test setup, it\u0026rsquo;s looking like a lot of overhead.\nDuring normal operations, a page often is modified in multiple commits over a short amount of time. Each of these commits is a separate redo-log sync, but all these changes are being accumulated on the dirty in-memory page, and get persisted into the tablespace in a single checkpoint write. Also, during checkpointing one doublewrite buffer worth of pages gets written out in a single sync operation, so we do see a far better page/sync and MB/sync ratio then in this test setup.\nAnyway, this is what checkpointing to the the doublewrite buffer, at offset 1M in the ibdata looks like:\n[pid 29181] pwrite64(10, \u0026#34;\\234\\v\\217Y\\0\\0\\1\\255\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\1\\2\u0026amp;\\211\\225\\0\\2\\0\\0\\0\\0\\0\\0\u0026#34;..., 32768, 1048576) = 32768 [pid 29181] fsync(10) = 0 Metadata update and write to table:\n[pid 29179] pwrite64(10, \u0026#34;\\234\\v\\217Y\\0\\0\\1\\255\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\1\\2\u0026amp;\\211\\225\\0\\2\\0\\0\\0\\0\\0\\0\u0026#34;..., 16384, 7028736) = 16384 [pid 29179] pwrite64(4, \u0026#34;.KT\\0\\0\\0d\\225\\0\\0d\\224\\377\\377\\377\\377\\0\\0\\0\\1\\2\u0026amp;\\211\\216E\\277\\0\\0\\0\\0\\0\\0\u0026#34;..., 16384, 421871616) = 16384 [pid 29179] fsync(4) = 0 [pid 29179] fsync(10) = 0 And the log entry is done:\n[pid 29187] pwrite64(3, \u0026#34;\\200\\201\\23E\\1\\271\\0\u0026amp;\\0\\0\\39\\22\\2\\0\\201\\255\\0(\\201\\20\\2\\0\\201\\255\\0*\\201\\20\\2\\0\\201\u0026#34;..., 512, 34426880) = 512 [pid 29187] fsync(3) = 0 Why does MySQL do this? Enterprise Grade hardeware usually guarantees atomic block writes, even during catastrophic events. Blocks are, depending on the media, 512 bytes or 4096 bytes in size.\nInnoDB, on the other hand, uses 16 KB blocks. So when writing data back to a table, it is entirely possible for the page write to be interrupted in the middle, resulting in a page that is half old and half new. This is often called a torn page.\nNote that this is for checkpointing only.\nWhen you insert and commit a thing, it is being written to one ib_logfile, and the change is also added to the in-memory image of the InnoDB page. So on disk, after commit you have an pre-change image of the page and an image of the change in the logfile, and in memory you have the changed page - such in-memory pages that differ from their on-disk counterpart are called dirty.\nThe checkpointing is about writing back the dirty page to the tablefile and getting rid of the log entry. This is being done for whole InnoDB pages, and with most filesystems it is an in-place update. So it can result in torn pages, if the write fails in the middle of a page.\nWith the doublewrite buffer enabled, the write goes to the ibdata file first, as we can see in the trace - the write to the position at 1M offset in the file. Then the same writes are being spread out to the individual pages in their respective tablefiles.\nThis ensures that there is always a whole old page and a log entry with intructions to patch the old image (\u0026ldquo;Redo-Log Recovery\u0026rdquo;) or a whole image of the new page on disk inside the doublewrite buffer, for recovery of torn pages.\nPerformance Implications Having a single doublewrite buffer can in extreme cases make the doublewrite buffer a point of contention. Percona have shown that a long time ago and also fixed this by having multiple doublewrite buffers.\nNote that in most Unix filesystems, writes to a single file are serialized on a global lock on the in-memory inode of the file.\nSo if the doublewrite buffer is part of the ibdata file all writes to that buffer compete with all other write operations on that file. And even if you had multiple doublewrite buffers at different offsets in the same ibdata file, it would not improve things at all, because of that lock. The best solution would put each doublewrite buffer into a separate file on its own.\nThe only filesystem in Linux that does not do this in-memory inode locking is XFS, and only when the file is being opened in O_DIRECT mode.\nHow are other systems doing it? Postgres writes a WAL, which is very similar to the redo-log that MySQL writes. The main difference is that they write out a full page whenever a page transitions from clean to dirty, and then similar to MySQL write out incremental changes for additional changes to a page already dirty. Using the WAL, you can pick up the full page and all additional incremental changes by simply going through the WAL front to back, and recreate the page that should have been written. MySQL could do the same and get rid of the doublewrite buffer writes, but it does not play well with the concept of the MySQL Redo-Log being a ring buffer.\nMyRocks, and all other variants of LSM , do never overwrite data. They always append to the latest logfile, and then have a process not entirely unlike the Java multi-generational garbage collection to compact multiple logfiles, throwing away deleted data and writing things back in a more sorted manner. As this rewrites data instead of overwriting data, not only is this safe in the case of unexpected shutdowns, it is also very easy to backup and it is, at least in theory, suitable for object storages as a backing store for the data.\n","date":"2019-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2019/09/27/mysql-does-disk-io.html","tags":["mysql","database","lang_en"],"title":"MySQL Does Disk I/O"},{"categories":null,"content":"So I have been playing this Internet Spaceships Game. No, the other one . It also has NPC Backstory, and on 13-Sep-3305 , a multiplanetary food crisis was predicted, as a prep for the introduction of a new tradeable good on 18-Sep-3005 .\nDistribution of the fertiliser has started at Marshall Dock in the Riedquat system. We encourage traders to take advantage of our introductory prices.”\nThat went wrong. So some people flew to Marshall Dock and looked at the prices for Rockforth Fertilizer . What they found was a single station buying and selling the good at the same time, and buying it at about 9000 CR higher than they sold it.\nSo here is what we have:\nFdev introduces a new tradeable good by the way of the backstory. They announce that, and introductory prices in Galnet in order to alert players to this fact and to lure them to Riedquat. They misconfigure a station in Riedquat so that it sells and buys the new good to Fdev\u0026rsquo;s disadvantage. Players follow the trail and … trade. A lot. Of course, that news made the rounds rather quickly, and soon a lot of people were docking large freighters at Marshall and bought and sold fertilizer as quickly as the game GUI would fill and empty their cargo bays. That is easily several million CR every five seconds, and I know of some people who ran this for 11 billion CR (11e09 CR).\nThat is what Frontier did to \u0026ldquo;fix\u0026rdquo;. Frontier Developments became aware of the misconfigured station only after several hours, and the sale was available for the larger part of a day, from around shortly before noon CEST to shortly before 7pm in the evening of the same day, when they fixed the trade tables.\nI do not know if Fdev have in-game trade dashboards that alert them to abnormally fast or high volume transaction volumes or cash flows. Or to abnormally quickly growing player budgets. But the slowness of detection lets me suspect that their in-game monitoring maybe has potential for improvement.\nAs a result of the situation, Fdev decided to correct CR volumes on a number of accounts on the grounds of players \u0026lsquo;abusing game mechanics\u0026rsquo;. Well, playing the game is literally this, so that\u0026rsquo;s weird, but they what they decided to do is to book back the CR earned, and/or also delete any goods purchased with the CR earned (mostly, ships).\nAn Alternative Account of a player, after the deduction. Went from 51m CR to 1.3b CR, then purchased an Anaconda. After the correction 0CR, in an Anaconda, and with Elite Trade Rank plus Arx earned.\nNow, that\u0026rsquo;s not how any of this works. In terms of game mechanics, what happened is a trade. A trade does much more than earn you money.\nTrade does\nearn you money. If you are in a wing, your wingmates also earn a share of the trade. Some people winged with their Alt, or friends. Trading in the game is also an activity that earns you trade rank (some people went from \u0026ldquo;Pennyless\u0026rdquo; to \u0026ldquo;Elite\u0026rdquo;) Trading in the game is also an activity that earn you Arx . If you have a crew member, they will receive a variable share of all money you earn in trade, so you will receive less CR in your account than the trade is worth. Fdev deciced to \u0026ldquo;fix\u0026rdquo; the situation by taking away money earned in the Trade, but due to whatever reasons mis-calculated the values of the earnings, in some cases by several hundred million CR. They also took away goods purchased with this money (deleted ships, mostly).\nThey did not revise any wing trade dividends.\nThey did not revise any rank gained.\nThey did not revise any Arx earned.\nThey did not take crew member mechanics into account.\nEDIT: The miscalculation is probably because FDev based the money deducted on trade value, not taking into account Crew Member mechanics.\nEvaluation. So this entire thing reeks of unprofessional execution, \u0026ldquo;as if an intern ran the entire thing from setting up the tradeable to misconfiguring the station to mishandling the aftermath\u0026rdquo;. It hints at badly executed ad-hoc non-process, and generally bad policy at handling in-game incidents - whoever did this did not just set it up wrongly, but also did not understand the consequences of the proceedings when trying to mop up the aftermath. And the math was wrong.\nElite (1984) was one of the first games that had savegames, and progression, and since then the game has always been about \u0026lsquo;state\u0026rsquo; and moving forward. The incident handling here basically mishandled game state at a large scale, at every stage of the entire proceedings.\nThe Other Internet Spaceships Game has the Council of Stellar Management . The story of its inception is rather famous and a much larger incident than here, but the logic behind it is similar: The company has been handling an in-game incident badly, and a structure needed to be put into place that can evaluate, judge and define process properly to handle situations like these.\nE:D has no such structure, and it seems that this might need to be addressed somehow, too.\nEDIT: Chris_W noted that there is also crew member mechanics. This post has been amended to reflect this.\n","date":"2019-09-26T00:00:00Z","href":"https://blog.koehntopp.info/2019/09/26/how-not-to-handle-an-ingame-incident.html","tags":["elite dangerous","gaming","media","lang_en"],"title":"The Rockforth Fertilizer Incident"},{"categories":null,"content":"The last time I saw a MySQL server operating at a performance limit was in 2012. Back them we had a production master on (then) current hardware, running stable at about 21000 QPS. At 24000 QPS it tended to become unstable and fall over, dying in global locks on the InnoDB Adaptive Hash Index or other global locks.\nI need to better understand how MySQL works today, and what the limits are on a box that is considered large in 2019.\nWhat do I expect? Well, boxen are a lot larger than they have been in 2012, and we invented NVME and Flash Storage since then.\nI expect MySQL to be able to eat the full box I am throwing at it and not die in locks. I also expect the performance levels I can reach to be scaling with the query execution times I observe in production times number of cores.\nI do observe appro. 1/3 ms query execution time on the queries I simulate here, in production. So I would like to see about 3000 QPS per core. With a 64 core box, that would be around 200k QPS, easily 10x-ish more than in 2012.\nWhat did I get? This is all read testing of a memory resident data set. Other testing to follow.\nAfter some woes described below, I got 200k QPS or better in all cases, for simple PK lookups in fact almost 2x as much.\nSK lookups are about 1/2 as fast as PK lookups or faster, allowing for \u0026ldquo;one level of indirection\u0026rdquo;.\nMySQL 8 scales well enough to eat all of a 64 core box with 1/2 TB of RAM without choking or locking up or being otherwise jittery. It is adequate for any hardware that in 2019 we can reasonably throw at it. From a 2012 PoV this is an awesome achievement.\nThe box So my current test box is an single socket AMD 7702 (64C, HT off) with 512G of memory and\n# nvme list Node SN Model Namespace Usage Format FW Rev ---------------- -------------------- ---------------------------------------- --------- -------------------------- ---------------- -------- /dev/nvme0n1 39X0A05ZTZZF KCM51VUG800G 1 27.79 GB / 800.17 GB 512 B + 0 B 3006T21F /dev/nvme1n1 29X0A00CTZZF KCM51VUG800G 1 27.79 GB / 800.17 GB 512 B + 0 B 3006T21F /dev/nvme2n1 2950A00FTZZF KCM51VUG800G 1 27.79 GB / 800.17 GB 512 B + 0 B 3006T21F /dev/nvme3n1 39X0A067TZZF KCM51VUG800G 1 27.79 GB / 800.17 GB 512 B + 0 B 3006T21F /dev/nvme4n1 39X0A060TZZF KCM51VUG800G 1 27.79 GB / 800.17 GB 512 B + 0 B 3006T21F /dev/nvme5n1 39X0A069TZZF KCM51VUG800G 1 27.79 GB / 800.17 GB 512 B + 0 B 3006T21F /dev/nvme6n1 39X0A06ETZZF KCM51VUG800G 1 27.79 GB / 800.17 GB 512 B + 0 B 3006T21F /dev/nvme7n1 39X0A05LTZZF KCM51VUG800G 1 27.79 GB / 800.17 GB 512 B + 0 B 3006T21F # vgcreate kristest /dev/nvme{0..7}n1 # lvcreate -n mysql -L4T -i8 kristest # mkfs -t xfs /dev/kristest/mysql I then run the performance-datagen.sql script to create a test table kristest.t, and then run performance-querygen.py to create a file with test queries, file.sql.\nmysqlslap then does\nmysqlslap --user=kristest --password=\u0026#39;\u0026lt;secret\u0026gt;\u0026#39; --host=localhost --concurrency=64 --iterations=20000 --create-schema=kristest --verbose --query=./file.sql and I observe the running test with innotop -d1 -mQ and innotop -d1 -mC.\nFindings MySQL 8.0.16, Binlog, ROW, MINIMAL, Buffer Pool 384G For all tests:\n$ du -sh /mysql/kristest/data 87G root@localhost [kristest]\u0026gt; select count(*) from t; +-----------+ | count(*) | +-----------+ | 134217728 | +-----------+ 1 row in set (6.13 sec) Testmodes 1 testmodes = [ 1 ] VSZ 421G RES 32.8G load average: 63.52, 61.70, 59.23 QPS 384k Testmodes 1, 2 testmodes = [ 1, 2 ] VSZ 421G RES 34.3G load average: 63.82, 64.89, 61.63 QPS 270k-320k Testmodes 1, 2, 3 testmodes = [ 1, 2, 3 ] VSZ 421G RES 88.4G load average: 64.10, 57.94, 56.72 QPS 5.5k-6.2k There is a distinct warmup phase during which the box is not saturated and Read I/O can be observed. When the RES approaches disk size, this disk traffic ceases and final load and final QPS ratings are achieved.\nTestmodes 1, 2, 3, 4 testmodes = [ 1, 2, 3, 4 ] VSZ 421G RES 94.6G load average: 65.91, 63.10, 59.75 QPS 407-1002 (yup, no \u0026#34;k\u0026#34;, this is as low as 407 QPS) root@localhost [kristest]\u0026gt; explain select * from t where i1 in ( 64419,37384,17490,7919,42137,70137,56196,54754,70263 ); +----+-------------+-------+------------+-------+---------------+------+---------+------+-------+----------+-----------------------+ | id | select_type | table | partitions | type | possible_keys | key | key_len | ref | rows | filtered | Extra | +----+-------------+-------+------------+-------+---------------+------+---------+------+-------+----------+-----------------------+ | 1 | SIMPLE | t | NULL | range | i1 | i1 | 4 | NULL | 12674 | 100.00 | Using index condition | +----+-------------+-------+------------+-------+---------------+------+---------+------+-------+----------+-----------------------+ 1 row in set, 1 warning (0.00 sec) root@localhost [kristest]\u0026gt; select * from t where i1 in ( 64419,37384,17490,7919,42137,70137,56196,54754,70263 ); ... | 134777240 | 95ab0836-c97e-11e9-b92c-98039bbd64c8 | 95ab0838-c97e-11e9-b92c-98039bbd64c8 | 95ab0839-c97e-11e9-b92c-98039bbd64c8 | 95ab083b-c97e-11e9-b92c-98039bbd64c8 | 95ab083c-c97e-11e9-b92c-98039bbd64c8 | 95ab083e-c97e-11e9-b92c-98039bbd64c8 | 95ab083f-c97e-11e9-b92c-98039bbd64c8 | 95ab0841-c97e-11e9-b92c-98039bbd64c8 | 95ab0842-c97e-11e9-b92c-98039bbd64c8 | 95ab0844-c97e-11e9-b92c-98039bbd64c8 | 70263 | 27807 | 28246 | 57810 | 4313 | 48136 | 27740 | 94290 | 88230 | 58281 | ... 12674 rows in set (0.38 sec) Increase selectivity In our testing above, we see that the cardinality of i1 is 100k, and the table size is 128m. That\u0026rsquo;s 1280 result rows on the average for a random value of i1.\nWe also observe that testmode 4 results ask for 2-11 values of i1 or i2, where testmode 3 results ask for a single value of i1 or i2. The average number of testmode 4 values we ask for is 6, and testmode 4 happens to be 6x slower.\nSo it might be that the number of result set rows is determining the query speed.\nWe can test: We increase the cardinality of i1 to match id, 128. And for i2 we are going up to 256m cardinality.\nThe slow way Modify the dataset:\nroot@localhost [kristest]\u0026gt; update t set i1 = rand() * 134937574, i2 = rand() * 134937574 * 2; Query OK, 134217728 rows affected (1 hour 53 min 17.46 sec) Rows matched: 134217728 Changed: 134217728 Warnings: 0 During the execution of that update statement, we see an aggregate write load of 320 MB/s (~40 MB/s per NVME). This is not very high. It needs to be tested with more write benchmarks, later.\nAlso, there are four INDEX() definitions active on t, i1, i2, c1 and c2, two of which are being updated.\nThis is not fast, either, and this is the n00b way of doing things. We redo this again, differently:\nA faster way root@localhost [kristest]\u0026gt; alter table t drop index i1, drop index i2; Query OK, 0 rows affected (1 min 46.85 sec) Records: 0 Duplicates: 0 Warnings: 0 root@localhost [kristest]\u0026gt; update t set i1 = rand() * 134937574, i2 = rand() * 134937574 * 2; Query OK, 134217728 rows affected (26 min 5.07 sec) Rows matched: 134217728 Changed: 134217728 Warnings: 0 root@localhost [kristest]\u0026gt; alter table t add index (i1), add index (i2); Query OK, 0 rows affected (6 min 23.04 sec) Records: 0 Duplicates: 0 Warnings: 0 TBH, I\u0026rsquo;d expect MySQL by now to do bulk index updates in mass ALTER tables quicker than \u0026rsquo;the slow way\u0026rsquo; in 2019. OTOH, that is probably stuff that you get when you pay for Red Oracle instead of Blue.\nTesting with selective i1, i2 Now i1 and i2 are much more selective, and instead of 12k result rows, a search on i1 should on the average return 1 row, on i2 even 0.5 rows. Let\u0026rsquo;s see how that affects runtimes up SK lookup queries (testmode 3, 4).\nLet\u0026rsquo;s rerun everything, starting with a cold mysqld again, so that I do get proper memory sizes as well.\n# du -sh /mysql/kristest/data 94G /mysql/kristest/data Testmodes 1 testmodes = [ 1 ] VSZ 421G RES 32.8G load average: 64.14, 43.67, 20.08 QPS 360k-420k Testmodes 1, 2 testmodes = [ 1, 2 ] VSZ 421G RES 33.8G load average: 60.36, 56.82, 39.73 QPS 280k-330k Testmodes 1, 2, 3 testmodes = [ 1, 2, 3 ] VSZ 421G RES 34.6G load average: 58.61, 58.29, 55.80 QPS 200k-320k (very jittery) Did not reach load 60+, even after long warmup and with 0 I/O. Some i2 queries can return 0 rows, might be the cause?\nTestmodes 1, 2, 3, 4 testmodes = [ 1, 2, 3, 4 ] VSZ 421G RES 35.6G load average: 67.68, 63.57, 58.80 QPS 210k-260k After an even longer wait, performance jitters way less and stabilizes around 248k with a jitter of \u0026lt;10k in both directions. Warmup times for this size of hardware and this amount of memory are insane.\nAnd with our changes:\nroot@localhost [kristest]\u0026gt; explain select * from t where i1 in ( 64419,37384,17490,7919,42137,70137,56196,54754,70263 ); +----+-------------+-------+------------+-------+---------------+------+---------+------+------+----------+-----------------------+ | id | select_type | table | partitions | type | possible_keys | key | key_len | ref | rows | filtered | Extra | +----+-------------+-------+------------+-------+---------------+------+---------+------+------+----------+-----------------------+ | 1 | SIMPLE | t | NULL | range | i1 | i1 | 4 | NULL | 22 | 100.00 | Using index condition | +----+-------------+-------+------------+-------+---------------+------+---------+------+------+----------+-----------------------+ 1 row in set, 1 warning (0.00 sec) root@localhost [kristest]\u0026gt; select * from t where i1 in ( 64419,37384,17490,7919,42137,70137,56196,54754,70263 ); ... | 116937151 | 68da9462-c97e-11e9-b92c-98039bbd64c8 | 68da9464-c97e-11e9-b92c-98039bbd64c8 | 68da9466-c97e-11e9-b92c-98039bbd64c8 | 68da9467-c97e-11e9-b92c-98039bbd64c8 | 68da9469-c97e-11e9-b92c-98039bbd64c8 | 68da946a-c97e-11e9-b92c-98039bbd64c8 | 68da946c-c97e-11e9-b92c-98039bbd64c8 | 68da946d-c97e-11e9-b92c-98039bbd64c8 | 68da946f-c97e-11e9-b92c-98039bbd64c8 | 68da9470-c97e-11e9-b92c-98039bbd64c8 | 56196 | 74380528 | 81571 | 57401 | 42293 | 39260 | 69425 | 29342 | 38434 | 4147 | ... 15 rows in set (0.00 sec) Yes, optimizer estimates can be a bit off. Still, the point is being made: Cardinality is up, result set size is down, performance returns.\nWe have been looking at a result set size/selectivity problem, not at sucky handling of SK in InnoDB.\n","date":"2019-09-06T00:00:00Z","href":"https://blog.koehntopp.info/2019/09/06/mysql-performance-limits.html","tags":["mysql","database","performance","lang_en"],"title":"MySQL Performance Limits"},{"categories":null,"content":"Ein Thread über Konsenssysteme aus Twitter Mehr als ein Key-Value Store Heise schreibt: Verteilter Key-Value-Store: etcd erreicht Version 3.4 . etcd ist auch ein Key-Value-Store, aber das ist nur ein Nebendetail. Die Beschreibung der neuen Funktionen im Artikel macht auch schon keinen Sinn für einen KV-Store.\netcd ist ein Konsenssystem. Es realisiert Clustermitgliedschaft, verteilte Locks, und darauf aufbauende Dienste wie Service Discovery und Loadbalancing.\nEs gibt drei von Kyle Kingsbury getestete Implementierungen von Konsenssystemen, die funktionieren: Zookeeper, etcd und consul. Es handelt sich um verteile Datenspeicher, die im CAP-Dreieck Consistency über Availability präferieren.\nDas heißt, daß sie lieber keine Antwort geben statt eine falsche Antwort zu geben.\nSie sind also oft offline.\nImmer wenn sich die Topologie des Ensembles (der 3/5/7 Nodes, die den inneren Cluster bilden) ändert, geht der ganze Cluster für Reads und Writes offline, bis er mit Voting, History-Abgleich und so weiter durch ist. Danach ist er wieder verfügbar. Availability ist also eher nicht gegeben.\nAber Consistency ist: Es ist egal, mit welcher Node des Ensembles man redet, jeder Read liefert dasselbe Ergebnis, jeder bestätigte Write ist überall sichtbar und jedes Lock ist global da.\nDas heißt aber auch, daß jeder State Change (Write, Locks) global verhandelt wird. Das ist nicht schnell. Minimale Latenz ist 2 RTT.\nDumm, wenn man die Idee hatte, einen Stretched Cluster zu bauen, also einen der über eine Latency Domain Grenze hinaus geht - eine Node in einem anderen RZ, oder in einer anderen Cloud. Das ist nicht schnell, und hat deswegen auch wenig Kapazität für Writes: Man will keine globalen, zentralen Konsenssysteme für ein ganzes RZ oder eine Abteilung haben, sondern eher eine Instanz pro Service oder was immer man sonst als kleine zu koordinierende Einheit hat\nDas SRE Buch von Google hat mindestens zwei Kapitel über Probleme beim Betrieb von Chubby (Zookeeper) oder vergleichbaren Systemen. In einem reden sie darüber, daß sie Mindest-Downtimes für ihren zentralen Chubby fahren: Der Dienst ist mindestens n Minuten pro Monat unangekündigt offline, damit Dependencies auf den Dienst sichtbar werden und Dienste Strategien entwickeln und testen, um mit Chubby Downtimes umgehen zu können.\nIch kann aus eigener professioneller Erfahrung nur bestätigen, wie unglaublich wichtig so was ist. Fragt nicht.\nDa wo ich arbeite haben wir jetzt jedenfalls eine Position Master Of Disaster (nicht mein Job, zum Glück), und der macht Drills mit Service Owners, zuerst Zookeeper. Zookeeper ist das älteste der drei Konsenssyteme Systeme, und auf eine Weise leider auch das Beste.\nZookeeper arbeitet mit statischen Verbindungen in das Ensemble.\nEine Session hat man, wenn man mindestens eine Verbindung in das Ensemble hat. Das impliziert, daß man mehr als eine haben kann, etwa eine zu jedem Ensemblemitglied und daß es egal ist, was man auf welcher Verbindung macht - es ist alles gleichwertig und konsistent.\nZookeeper erzeugt in der Tat eine LDAP/DOM-Tree artige Struktur, bei der jeder Knoten in einer Verzeichnishierarchie gleichzeitig File und Directory ist. Im File kann man Daten speichern, aber das ist beinahe unwichtig.\nDer Punkt ist mehr, daß man Knoten (Znodes) als persistent oder ephemeral kennzeichen kann, und daß ephemeral nodes automatisch verschwinden, wenn die Session des Owners endet.\nVerlierst Du also Deine letzte Verbindung zum Ensemble, verschwinden Deine ephemeral nodes.\nWenn das Ensemble also zum Beispiel in einer persistenten Znode die Mitgliederliste aller Hosts in einem Cluster als ephemeral Znodes speichert, dann registriert sich jeder Clusterhost in diesem Verzeichnis selbst, und verschwindet automatisch aus der Liste, wenn seine Session verschwindet weil der Host offline geht oder wenn die Netzwerkverbindung zum Ensemble unterbrochen ist, oder das Ensemble selbst split ist.\nIm ephemeral Znode selbst kann die Endpunktadresse des Hosts stehen: Adieu DNS!\nZookeeper hat atomare Operationen, sodaß man Znodes automatisch verschieben oder sonstwie übernehmen kann. Daraus kann man globale Locks, exactly-once Work Queues und andere Dinge bauen, die in einem Cluster notwendig sind.\nIn der Znode steht dann der Lock Range, Work Item URL… Es ist also irgendwie AUCH ein Data Store, aber das ist wie gesagt der unwichtige Teil.\nKonsenssysteme sind der Baustein, der den Bau sicherer und funktionierender verteilter Systeme vom Forschungsgegenstand (Science) zum Ingeniersgegenstand (Engineering) bewegt hat.\nSie sind die Grundlage aller der nifty distributed anythings, mit denen Devs heute bauen. Das funktioniert, weil wir die Primitives und Building Blocks, die man für verteilte Systeme braucht (Membership, Discovery, Atomic Operations, und damit Locks, Queues und so weiter) schön abgepackt und dann getestet haben.\nDie Arbeit von Kyle Kingsbury auf dem Gebiet \u0026ldquo;Heisenbugs reproduzierbar machen\u0026rdquo; und \u0026ldquo;Grenzfälle in verteilten Systemen durch wiederholbare Operationen demonstrieren\u0026rdquo; kann man dabei gar nicht hoch genug bewerten. Diese Person alleine hat mehr Fehler in mehr verteilten Systemen gefunden als ganze Generationen von Informatikern zuvor. Kyle hat Dinge, die vorher entweder Theorie oder nicht reproduzierbar waren testbar gemacht, und ist deswegen zentral dafür verantwortlich, einen ganzen Forschungsbereich der Informatik aus der reinen Wissenschaft in die anwendbare Ingenierswissenschaft zu bewegen. Die ganze \u0026ldquo;Call Me Maybe\u0026rdquo; Reihe und Jepsen sind wegweisend.\nUnd jedes funktionierende moderne verteilte System hat im Kern entweder eines der drei Konsenssysteme am Laufen (Zk, etcd, consul) oder es ist nicht funktionierend, modern oder verteilt.\nJa, Openstack, tut mir leid.\nAnway, als Dev, der mit einem Zk, etcd oder consul redet, muß man sich ein paar Gedanken machen.\nErstens: Was mach ich, wenn das Ding mal offline ist. Denn es ist so designed, daß es offline sein muß, wann immer \u0026ldquo;was ist\u0026rdquo;.\nIn verteilten Systemen haben wir in der Regel eine Data Plane (da wo die Arbeit gemacht wird, auf dem Mitglieds-Hosts) und eine Control Plane. Und als Fehlermode Node Loss (hoffentlich hast Du genug Nodes), Cluster Loss (hoffentlich hast Du noch einen, in der anderen AZ) und Loss of Control (Controlplane down, Nodes arbeiten weiter, aber Start/Stop/Config Change unmöglich). Der 3. Fehlermodus, Loss of Control, ist nicht selten und hat als Sonderfall auch Wipe, also die Daten in der Controlplane müssen aus der überlebenden Dataplane neu aufgebaut werden.\nBeispiel: Ein SDN Produkt hat ein 3-Node etcd Ensemble als Controlplane und Config Storage. Nach einem Update sind die Daten aller virtual network assets im etcd unbrauchbar. Können wir den Inhalt des etcd (automatisch?) aus den SDN Worker Nodes neu aufbauen? Ohne Downtime?\nUnd weniger hart, aber noch häufiger: Das etcd-Ensemble hat sich zur Leader Election nach einer Netzwerkunterbrechung zurückgezogen und redet mit niemandem bevor es intern ausgekaspert hat, was die Wahrheit ist.\nKann das SDN noch routen?\n(Openstack hat hier als Sonderfall zwei Wahrheiten, weil es einmal den Tatbestand in der Neutron Datenbank hat, den der Rest von Openstack glaubt, und dann den Tatbestand im etcd des kommerziellen SDN Produktes, den das SDN glaubt.\nUnd wenn Du glaubst, daß die beiden deckungsgleich sind, dann hab ich ein schönes Ufergrundstück in Florida für Dich - oder anders gesagt: Der Mann mit zwei Uhren weiß nie wie spät es ist.\nZweitens: Was ist meine Schreibrate und meine Schreib-Latenz?\nWeil Konsenssysteme jeden Write über das ganze Ensemble abkaspern müssen, haben sie so ihre Skalierungsprobleme, und die o.a. 2RTT Minimal-Latenz - eher und gerne auch mehr. Insbesondere hat die Schreiblatenz aber keine garantierbare Obergrenze. Wenn das Ensemble Papstwahl macht, aus welchem Grund auch immer, hängen alle Writes (und auch die Reads).\nWenn ich also einen SLO brauche, der irgendeine Obergrenze auf dem Write hat - und ich meine irgendeine! - dann ist ein Konsenssystem nicht der Datenspeicher der Wahl. Und wenn ich \u0026ldquo;Tausende von Updates die Sekunde\u0026rdquo; spezifiziere, dann sehe ich ein anderes System als ein Konsenssystem als Speicher, oder einen guten Kunden für 25 Gbit/s Networking und Optane als Speicher, der trotzdem nicht glücklich wird. Also, nachdem die Vendor Salesdrohne Dir 25GBit und Optane angedreht hat.\nIch meine, ich bin der letzte, der zu coolem Spielzeug \u0026ldquo;Nein!\u0026rdquo; sagen will, aber das ist nicht, wie wir Systeme designen. Ich macht ja auch kein OLTP auf Blockchains (aber IBM verkaufts!). Und damit ist hoffentlich auch klar, warum Konsenssysteme als \u0026ldquo;Key Value Stores\u0026rdquo; eine echte Scheißidee sind.\nWir benutzen sie trotzdem, aber aus ganz anderen Gründen. Als Grundbaustein funktionierender verteilter Systeme (\u0026ldquo;Wahrheitsfindung unter erschwerten Bedingungen\u0026rdquo;). Dazu muß man mitunter Daten speichern und verändern.\nAber das in den Fokus zu stellen verfehlt den Zweck, zu dem wir den ganzen Aufwand treiben. Ich meine \u0026ldquo;Key Value Store\u0026rdquo;, wenn es als Datenbank so offensichtlich Scheiße ist - warum?\nWegen der Garantien, die drumrum gewickelt sind.\n","date":"2019-09-03T00:00:00Z","href":"https://blog.koehntopp.info/2019/09/03/konsenssysteme.html","tags":["lang_de","erklaerbaer","distributed computing"],"title":"Konsenssysteme"},{"categories":null,"content":"Saving an older twitter thread on Ceph .\nI just have finished reading Part 4: RHCS 3.2 Bluestore Advanced Performance Investigation and now I do not know what to say.\nCeph set out with the idea to make storage a commodity by using regular PCs + a lot of local hard disks + software to make inexpensive storage. For that, you ran a number of control processes and an OSD process per disk (\u0026ldquo;object storage demon\u0026rdquo;).\nSome people were very enthusiastic, envisioning OSD processes becoming an integrated part of any storage device as part of computational storage, even.\nSomething else happened: NVME. NVME is flash memory on a PCIe bus, giving you a very large number of IOPS with mediocre latency. You get around 1 million IO operations per second, but a read takes ~100 microseconds, and an unbuffered write takes about 420 micros. That means, you need to run 100s of parallel things.\nCeph is full of logs. Logs kill parallelism by design, or at least severely limit it. Also, Ceph is full of computational complexity. And that is ok, when a disk seek takes 5ms on a 3GHz CPU, and you got 15 million clock cycles think time per disk seek. Less so, when you need to keep 100s of ops in flight. Suddenly, the budget shrinks by /1000, and your serializing architecture gets in the way of things.\nNow read this report. We are talking about NVME devices, 11T, maybe 16T per device, 4 PCIe lanes. These people are talking about 4 OSD processes (down to 2, and they consider this an improvement) per device. And they eat six (sic!) cores per NVME device. Apart from this never making it to computational storage for thermal reasons, this is an insane cost.\nIn modern storage, bandwidth is usually limited by the network, not the local devices: You can RAID your storage bandwidth until you saturated the 100 GBit/s network, and then you are done.\nIOPS are unlimited in the same way: You get not quite 1 million IOPS per device, so if that is not sufficient, spread across many.\nThe only remaining challenge in this age of abundance in the data center is commit (fsync) latency: how long to push things to a persistent storage. Even that comes down a lot, with optane or NVRAM in the client or as early as possible in the server.\nRelatively low powered all-flash iSCSI appliances do routinely 250 micros commit latency, and things involving NVMEoF and RDMA can come down to under 100 micros reliably, if you have the coin. Want faster? Put Optane or NVRAM into each client.\nAnd it is telling that the paper here talks about latency improvements only in relative numbers (\u0026ldquo;30% less\u0026rdquo;), but never actually speaks about absolute timings.\nMaybe it is time to stop and think, and re-evaluate if this Ceph thing is the smart thing to do with storage in the face of NVME, Optane and NVRAM. Because the numbers look all wrong to me. Even the units look wrong, actually.\nConversations deeper in the Thread :\nThere was were questions on what to use for low-latency disaggregated storage and if one needed redundancy at all.\nExamples of low-latency storage are software solutions from Lightbitslabs , from Datera , and from Quobyte . There are many more.\nAnd funnily enough, if you talk to your inhouse customers, most actually don\u0026rsquo;t want any of this, because they talk to a database (MySQL, Cassandra, Elastic, \u0026hellip;) and not to \u0026ldquo;storage\u0026rdquo; directly.\nThen you speak to the MySQL people and they say \u0026ldquo;We have replication and Orchestrator , even masters are throwaway\u0026rdquo;. You talk to the Cassandra team and they laugh in Paxos. And so on. So most of these teams actually prefer \u0026ldquo;RDMA to a NVME namespace\u0026rdquo; over storage software with redundancy, and do resiliency higher up on the stack, in application context.\nAs a storage team, you have to have some kind of low-latency non-replicated solution first, because that\u0026rsquo;s what is actually the primary demand. You also need a lowish-latency, OLTP-capable redundant solution (\u0026lt;500 microseconds is fine), but there is only unscaled, low level demand.\nAnd then there is huge demand for volume at any latency, append-only preferred over rewriteable for many reasons. So S3 with heavy tiering. Ceph is actually pretty good at that, but that is likely not NVME, but many large disk drives.\n","date":"2019-07-16T00:00:00Z","href":"https://blog.koehntopp.info/2019/07/16/ceph-and-nvme---not-a-good-combination.html","tags":["lang_en","computer","storage"],"title":"Ceph and NVME - not a good combination?"},{"categories":null,"content":"While I was testing away on all the SSD and NVME toys, I got my hand on a test box with even stranger that usual equipment. It was a Dual Platinum-8280 box with a really weird amount of memory: 7.5 TB.\n“8280 ”. This is a machine with a “2” in the second digit, indicating Cascade Lake , CLX.\nAnd one thing that is new with CLX is “Intel Optane Persistent Memory Technology”. That is actually 3D XPoint (“Crosspoint”), a big invention in applied materials science. It is a thing that Intel and Micron have been co-developing, Intel sells it under the trade name of Optane (and internally it was named Apache Pass) and Micron has it as QuantX. So far I have only seen Optane.\nSupposedly Optane is 10x denser than RAM (right now, it is 4x denser), and it is only 10x slower than RAM.\nOptane From a Unix point-of-view, Optane is weird. It is persistent, so storage, not memory. But unlike all the storage you know and hate, it is byte addressable. And that is a big thing.\nFor example, NAND flash is byte-readable, but really only erasable (and that means bulk-writeable) in fairly large chunks - 64 KB to 1024 KB blocks at a time. It is being fed to you through the means of a block device, to there is a file system buffer cache, and you get to touch it only through open(2), read(2) and write(2). You can use mmap(2) and msync(2) , but the thing you are fondling through this interface is the buffer cache and not the actual device. All storage subsystems Unix has been dealing with in the last 50 years have been block storage, originally 512 bytes, these days mostly 4096 bytes per block.\nNobody has seen byte-addressable persistent storage in Unixland for a very long time, and worse, nobody has an API for it. There is no software that thinks “Oh, RAM. I am going to stuff things into it and that is safe for eternity.” (Well, MongoDB does, but that’s… incidental, if not accidental). Anyway, there is now a PMEM API, maintained by Intel, of course, but no applications use it – yet.\nOptane also has a consistent latency, which is also very extremely low – it is about 10x as slow as RAM, which makes it 10x - 100x faster than NAND flash. RAM does 120ns, 0.12µs, and Optane is somewhere in the 1-2µs range.\nSo it’s a lot like core rope memory is coming back, only this time it is small and fast (Core Rope Memory flew us to the moon! ).\nYou get two flavors of Optane from Intel:\nIntel Optane™ DC Persistent Memory, “Optane on the memory bus with byte addresses” Intel Optane™ DC SSDs, “Optane on the PCIe bus with LBA” Optane on the memory bus The flavor I have been tasting here is the former, Optane on the memory bus.\nBasically, the box has 6 very special 512GB DIMMs for each socket, for a total of 12x 512GB = 6 TB persistent not-quite-RAM, and another set of 2x 6 DIMMs regular RAM, 128 GB each. Depending on the configuration, that can show as 7.5 TB memory (many tools are confused, because the idea of persistent memory in a Unix box did not exist until last year) or as 1.5 TB RAM and 6 TB in weird devices (/dev/pmem0 and /dev/pmem1, 3TB each).\nThe problem with Optane on the memory bus is that it stops at 6 TB.\nIntel is not used to building machines with very many address lines - technically the CPU is 64 bit, but not all address bits have pins on the die, and the upper lines do not physically exist on the chip or the bus. CLX extends this, and at the same time limits it to Optane, because Intel does make “M” type CPUs (the number is extended by attaching an “M” at the end) and charges quite hefty surcharge for one additional bit of address space.\nAnyway, 6 TB of Optane and 1.5 TB of RAM is the end of the line for this kind of box.\nOptane on the PCIe bus There is another flavor of Optane and that is the Optane SSD. These are NVME-like devices that sit on the PCIe bus, and they are being addressed like block storage. That does mean you gain a lot of latency – PCIe accesses are way slower than memory accesses.\nBut it also means that you get all the benefits of the large address space that LBA addresses give you, and you get very many PCIe lanes and slots to play with. And you get a storage controller in the middle.\nThis controller can make use of the fact that all accesses are block-sized, and it can do additional magic to do error correction. Stephen Bates gave a presentation about Low Latency Block Devices in a 2017 SNIA conference that was interesting in its own right. But in one slide he dropped a really interesting observation on block storage and error correction, which he coined the Bates Conjecture.\nBates Conjecture Slide (Slide 10)\nHe said that any kind of large storage has an Uncorrectable Bit Error Rate (UBER), and for new kinds of storage media, this is likely to be high in the beginning. If you access the media in blocks, you can transparently add error correction, and get a much better Recoverable Bit Error Rate (RBER). As you make the blocks larger, checksums have less overhead and can become larger, and the RBER goes down for a constantly bad UBER. So new and unreliable media will come as block storage to the market much easier.\nSo if you have the coin, Khajiit can build you a box with way more Optane on the PCIe bus than on the memory bus to hold your warez persistently. On the other hand, there are no prices listed anywhere close to where Intel pushes Optane at developers and that should make you stop and think.\nAbusing PMEM as a disk We have the box, and it exposes the memory as two pmem devices, and they happen to be block devices. What is one going to do with it?\nArchitect an application that uses this magic memory in a transactional way, with lockless data structures that maximize parallel access by many threads with a minimum amount of delay, leveraging the tools made available to developers on the Intel website, of course.\nSeriously, it’s a block device.\nSo let’s make a file system and use this one-of-a-kind pinnacle of 21st century storage technology as a really fast SSD, because… Well, it’s easier done than the other thing.\nAnyway, here’s the fio:\nread: IOPS=142k, BW=2212MiB/s (2319MB/s)(648GiB/300001msec) clat percentiles (nsec): | 1.00th=[ 227], 5.00th=[ 231], 10.00th=[ 233], 20.00th=[ 243], | 30.00th=[ 245], 40.00th=[ 249], 50.00th=[ 253], 60.00th=[ 258], | 70.00th=[ 266], 80.00th=[ 274], 90.00th=[ 298], 95.00th=[ 314], | 99.00th=[ 338], 99.50th=[ 350], 99.90th=[ 438], 99.95th=[ 540], | 99.99th=[10176] Shut your mouth, please. The scale actually switched to ns (1/10E-9) instead of µs (1/10E-6). We are at 0.227µs - 0.350µs here, and are good till the 99.95th, actually.\nSo, dumb sysadmin bloke hodored 142 000 single threaded IOPS out of a /dev/pmem, xfs and fio combo, at a data rate of 2.3 GB/s. Imagine what an actual developer could do with this stuff (if they used a proper systems programming language instead of Javascript, that is).\nPure writes (times 8):\nwrite: IOPS=63.3k, BW=989MiB/s (1037MB/s)(290GiB/300000msec) clat percentiles (nsec): | 1.00th=[ 249], 5.00th=[ 255], 10.00th=[ 258], 20.00th=[ 262], | 30.00th=[ 266], 40.00th=[ 270], 50.00th=[ 274], 60.00th=[ 274], | 70.00th=[ 290], 80.00th=[ 326], 90.00th=[ 370], 95.00th=[ 382], | 99.00th=[ 430], 99.50th=[ 438], 99.90th=[ 470], 99.95th=[ 482], | 99.99th=[ 3376] 506400 IOPS, 8 GB/s, 0.249µs-0.482µs till the 99.95th. And the 8x read + 8x write is much of the same, 500k IOPS, 8 GB, stable latencies of 1/4 to 1/2 µs till the 99.95th.\nLet’s get cocky and try to work our way up. We are sitting on two 8280 CPUs, that’s 56 real cores or 112 threads. How well does this thing deal with parallel access?\nWell, up to 32 readers, I get an aggregate of 32 GB/s, 2m aggregated IOPS and the same latencies until the 99.90th, and then a slight degradation at the 99.95th. With even more threads, things tend to level out and then break down. The 100-way parallel run ends up with 200k IOPS only.\nSome graphics Here is a comparison of some key performance data: SSD with smart controller, SSD direct, NVME direct and Optane.\nRead, Buffered and Unbuffered Writes. The Optane Data is there, you just cannot see it, because it is too fast. The scale is µs.\nMoral: NVME don’t buy you much latency, but look at those sweet IOPS, all available in parallel accesses/deep queues only.\nIOPS and Bandwidth of various storage hardware compared\nRecommendations “Optane on the memory bus” brings a new kind of storage to Linux. There are libraries to use it to the fullest.\nAbusing “Optane on the memory bus” as a block device shows the potential of the technology, but is at the same time severely underutilizing the true capabilities of the hardware.\nDespite Optane having even more IOPS than NVME NAND flash and being faster, the gap between latency and IOPS is smaller than with NVME NAND flash, thus the level of parallelism in access required to fully unlock the performance potential of the device is smaller.\nThe latency introduced by the Linux block device subsystem is increasingly becoming a problem, as is the age-old UNIX API around open(2) and friends. Since this is like the core of Unix, we are actually seeing the beginning of the end of the usefulness of the Unix API – that is, if something else is actually showing up to take its place instead. If you have experience with AS/400 aka IBM i-Series, now is the time to capitalize on it.\nThe slow takeup of Optane with consumers is not only due to Intels really outlandish pricing model, but also because to fully unlock the potential of Optane on the memory bus (beyond it being a really nifty flash disk) our applications and the way we design applications needs to be rethought.\nAt this point Intel is better off peddling Optane to application makers such as Oracle MySQL than us directly, because without applications truly making use of persistent memory we have no reason to buy it.\nIt’s still fun to play with.\nPMDK Intel has classes for developers on using the persistent memory development kit (PMDK) and the underlying stuff. They are necessary, because an application rethink it coming up, which will fundamentally change the way we think about storage.\n","date":"2019-06-14T00:00:00Z","href":"https://blog.koehntopp.info/2019/06/14/not-quite-storage-any-more.html","tags":["lang_en","storage","computer"],"title":"Not quite storage any more"},{"categories":null,"content":" Adventures in Storageland Devices In the last few weeks, I have been benchmarking server storage in order to get a better idea what the state of the hardware is these days. There is a summary with recommendations at the end of this article. Storage technology\nIn the past, we had stored data on rotating disks.\nAn open hard disk chassis. You can see the topmost of a stack of disks, and the arm with the r/w heads.\nWhile the capacities of hard disks changed, access speeds and the underlying technology did not change so much. So today you can get a stack of rotating disks that stores 10, 12 or 14 TB per drive, but the access time is still in the millisecond range.\nIt is likely around or slightly below 5ms, so you get to transfer data from 200-250 different locations per second. Databases do mostly random access, and that means you get to write 200-250 commit/s to disk.\nAll of that changed around 2012 or so. At that time, NAND flash based storage became available at scale under the name of Solid State Drive (SSD). At work, first deployment of SSD at scale was in that year, in a very volatile replication chain and it completely transformed the way we worked with hotel room availability data.\nSSD are plug-in replacements for traditional hard disks: They have the same connectors and bus systems, and the same form factor. They may be flatter, though: A modern U.2 (2.5”) SSD is either tall (15mm) or flat (7mm).\n15mm U.2 drive and it’s content.\nOn the inside they are different, though: They contain one logic board which houses a lot of flash NAND chips and a custom flash NAND controller. The logic board may be folded in order to make most use of the available height to increase storage capacity. The image above shows a SSD chassis and its content, unfolded.\nThe folded design is far from optimal: Inside such a chassis you have a thermal design power of 7W-9W in a consumer device, and up to 25W in an enterprise device - power consumption is linear with the number of chips, and superlinear with the clock rates of the chips. U.2 form factor is good for HDD, but not so good for SSD, because it is hard to cool.\nM.2 flash drive in a holder on a mainboard.\nOne attempt of handling this better is M.2, which is basically a logic board for flash NAND chips and a controller, and a board holder on the main board. This cools obviously much better, but is very hard to handle inside a data center and has a very limited lifetime in terms of number of plug-in/removal operations inside a consumer device.\nThe attempt to fix all of that is the “flash ruler”, “EDSFF”.\nIntel flash rulers in a 1U high chassis.\n“Ruler” type flash is built to the height of a rack unit, has a specificed chassis form that allows for cooling (up to 40W TDP per “long” device), has managed air flow, and is designed to be toolless, field replaceable and hot pluggable. It looks like the perfect solution.\nUntil you realise that there are two incompatible competing standards, each of which has exactly one supplier: Intel and Samsung.\nSo, for most, at the moment, U.2 it is, until the “ruler” proponents get their stuff sorted out.\nInterfaces The interface we use to talk to hard disks has evolved and not evolved at the same time, for a very long time. In the past, we spoke SCSI commands over a parallel SCSI bus to our disks.\nToday, we use multi-Gbit rated serial buses to speak ancient SCSI commands and SCSI command extensions to our devices. The bus is SATA or SAS - either serial attached consumer disk protocol, or serial attached enterprise disk protocol, so to speak, only that SATA has become good enough to be used in the enterprise, too. Bus speed is 3 GBit/s, 6 GBit/s (what most people actually use) or 12 Gbit/s.\nSATA interfaces are block storage interfaces, so you get to access and address blocks of 512 bytes or 4096 bytes on the device, and you specify block numbers. In the past that was geometry addresses ( cylinder-head-sector ), but that became meaningless very quickly as storage technology improved and in the last 20 years everybody always has been using LBA and letting the storage controller do its thing.\nStill, these days we are actually speaking to memory chips, and doing this through a block interface originally designed for rotating storage makes a lot of overhead and increasingly little sense.\nHow about putting the flash chips directly on the PCIe 3.0 bus, and dropping the controller interface? That’s NVME. You are taking the same form factor, the same flash chips and the same controller chip, with a different firmware and are plugging it into a PCIe 3.0 extension instead.\nThe result is about half the latency, and a much higher transfer bandwidth. We can in fact build connectors that accept and automatically switch between SATA and NVME, no problem.\nBenchmarking it So, in testing, what can we expect? In MySQL land, I/O is done in blocks of 16 KB, and is done as random I/O mostly, in reads as well as writes. So we are writing a benchmark specification for fio that is testing things: A single threaded 16 KB sequential read test for a baseline throughput benchmark, a 16 KB block size random-write benchmark, 8-way parallel for random I/O calibration, and a mixed r/w benchmark, 8 way parallel, to simulate an operational database.\n[seq-read] rw=read size=40g directory=/a/fio fadvise_hint=0 blocksize=16k direct=1 numjobs=1 nrfiles=1 runtime=300 ioengine=libaio time_based This spec defines a 40g test file in a benchmark directory, which is being read without caching, for 300s, linearly and single threaded.\n[random-write] # 8 processes, 5g files each = 40g rw=randwrite size=5g directory=/a/fio fadvise_hint=0 blocksize=16k direct=1 numjobs=8 nrfiles=1 runtime=300 ioengine=libaio time_based The same, but random writes, in 8 threads in parallel. Each writer has their own file, so 8 files at 5GB each, for 40 GB total.\n[read-write] rw=rw rwmixread=80 size=5g directory=/a/fio fadvise_hint=0 blocksize=16k direct=1 numjobs=8 nrfiles=1 runtime=300 ioengine=libaio time_based And the same as the randwrite, only this time 80% reads, 20% writes.\nA blade with a SATA SSD When running this on a normal blade, the SSD is actually attached to a caching RAID controller.\nSuch a controller is actually an ARM based computer in it’s own right, sitting on the PCIe board. It has a multi-core CPU, a few GB memory, and a supercapacitor to buffer things when the power fails. It is taking disk writes, caching them on the onboard memory and then does its things in the background to write this to some kind of storage.\nOriginally it is designed to make slow hard disks fast, but with SSD as a backing storage it is not unlikely that the only thing it does is increasing latency.\nSo here is the baseline for a traditional Dell M630 with a PERC controller and a 1.92TB SSD:\n# fio --section=seq-read ./fio.cfg seq-read: (g=0): rw=read, bs=(R) 16.0KiB-16.0KiB, (W) 16.0KiB-16.0KiB, (T) 16.0KiB-16.0KiB, ioengine=libaio, iodepth=1 fio-3.1 Starting 1 process seq-read: Laying out IO file (1 file / 40960MiB) Jobs: 1 (f=1): [R(1)][100.0%][r=245MiB/s,w=0KiB/s][r=15.7k,w=0 IOPS][eta 00m:00s] seq-read: (groupid=0, jobs=1): err= 0: pid=18818: Fri May 10 10:31:29 2019 read: IOPS=15.3k, BW=239MiB/s (251MB/s)(70.0GiB/300001msec) slat (usec): min=4, max=186, avg= 5.63, stdev= 2.48 clat (nsec): min=1500, max=145648k, avg=58921.07, stdev=109647.10 lat (usec): min=56, max=145652, avg=64.67, stdev=109.74 clat percentiles (usec): | 1.00th=[ 53], 5.00th=[ 53], 10.00th=[ 53], 20.00th=[ 53], | 30.00th=[ 53], 40.00th=[ 54], 50.00th=[ 55], 60.00th=[ 55], | 70.00th=[ 59], 80.00th=[ 60], 90.00th=[ 73], 95.00th=[ 75], | 99.00th=[ 91], 99.50th=[ 99], 99.90th=[ 235], 99.95th=[ 433], | 99.99th=[ 2343] bw ( KiB/s): min=38912, max=263456, per=100.00%, avg=244768.87, stdev=24405.41, samples=599 iops : min= 2432, max=16466, avg=15298.03, stdev=1525.34, samples=599 lat (usec) : 2=0.01%, 4=0.01%, 10=0.01%, 50=0.04%, 100=99.47% lat (usec) : 250=0.39%, 500=0.05%, 750=0.01%, 1000=0.01% lat (msec) : 2=0.02%, 4=0.01%, 10=0.01%, 20=0.01%, 50=0.01% lat (msec) : 250=0.01% cpu : usr=4.95%, sys=12.28%, ctx=4589759, majf=0, minf=114 IO depths : 1=100.0%, 2=0.0%, 4=0.0%, 8=0.0%, 16=0.0%, 32=0.0%, \u0026gt;=64=0.0% submit : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, \u0026gt;=64=0.0% complete : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, \u0026gt;=64=0.0% issued rwt: total=4589635,0,0, short=0,0,0, dropped=0,0,0 latency : target=0, window=0, percentile=100.00%, depth=1 Run status group 0 (all jobs): READ: bw=239MiB/s (251MB/s), 239MiB/s-239MiB/s (251MB/s-251MB/s), io=70.0GiB (75.2GB), run=300001-300001msec Disk stats (read/write): dm-4: ios=4588416/35691, merge=0/0, ticks=259207/18045, in_queue=277259, util=86.48%, aggrios=4605315/37547, aggrmerge=274/2057, aggrticks=262279/21346, aggrin_queue=283104, aggrutil=86.21% sda: ios=4605315/37547, merge=274/2057, ticks=262279/21346, in_queue=283104, util=86.21% That’s a lot of output, but we are interested into a few key numbers here. This is a sequential benchmark, because we asked for that (–section=). We get 15.300 IO operations per second (IOPS), and a bandwidth of 239 MB/s (with 1024-based metric). In our 300s benchmark, we transferred 70 GB.\nfio dynamically shifts units as it sees fit, so we need to make sure if we are looking at milliseconds (ms, 1/1000 of a second, 1 kHz event frequency), microseconds (µs, us, 1/1 000 000 of a second, 1 MHz event frequency) or nanoseconds (ns, 1/1 000 000 000 of a second, 1 GHz event frequency).\nfio also knows three different latencies, lat, clat and slat. They do mean different things for different I/O engines, and in our case (using async I/O with libaio), the meaningful numbers are clat (completion latency) or overall lat, but not slat (submission latency numbers).\nWe do get a clat histogram in usec, and that is useful: There is a relatively stable completion time up to the 99.50th percentile, and then things rise. clat is 50µs (20 000 per second) to 100µs (10 000 per second), and we do indeed get 15 000 IOPS in total.\nFor the random write benchmark we get 8 times output like\n... write: IOPS=2454, BW=38.4MiB/s (40.2MB/s)(11.2GiB/300001msec) ... clat percentiles (usec): | 1.00th=[ 202], 5.00th=[ 237], 10.00th=[ 249], 20.00th=[ 269], | 30.00th=[ 285], 40.00th=[ 302], 50.00th=[ 314], 60.00th=[ 330], | 70.00th=[ 347], 80.00th=[ 396], 90.00th=[ 482], 95.00th=[ 570], | 99.00th=[ 2212], 99.50th=[ 2966], 99.90th=[ 6915], 99.95th=[ 7832], | 99.99th=[ 9503] ... The total of the IOPS is 19588, and the clat inflection is around the 95th percentile with 200µs to 570µs write latency, and then runaway times in the ms range. Aggregated bandwidth is around 300 MB/s (6 GBit/s are 715 MB/s theoretical max).\nAnd for the r/w mix (80% read/20% write), we get 8 readers and 8 writers, each reporting\n... read: IOPS=2153, BW=33.6MiB/s (35.3MB/s)(9.86GiB/300001msec) ... clat percentiles (usec): | 1.00th=[ 155], 5.00th=[ 204], 10.00th=[ 231], 20.00th=[ 265], | 30.00th=[ 297], 40.00th=[ 322], 50.00th=[ 338], 60.00th=[ 355], | 70.00th=[ 379], 80.00th=[ 412], 90.00th=[ 478], 95.00th=[ 873], | 99.00th=[ 2073], 99.50th=[ 2212], 99.90th=[ 2409], 99.95th=[ 2540], | 99.99th=[ 6849] ... write: IOPS=540, BW=8647KiB/s (8855kB/s)(2533MiB/300001msec) ... clat percentiles (usec): | 1.00th=[ 60], 5.00th=[ 76], 10.00th=[ 85], 20.00th=[ 105], | 30.00th=[ 127], 40.00th=[ 149], 50.00th=[ 172], 60.00th=[ 194], | 70.00th=[ 217], 80.00th=[ 241], 90.00th=[ 277], 95.00th=[ 314], | 99.00th=[ 371], 99.50th=[ 449], 99.90th=[ 1696], 99.95th=[ 2737], | 99.99th=[ 6456] ... The sum of all IOPS is 21412, and the clat inflection is at the 95th with 155µs to 873µs for read, and at the 99.50th for write with 60µs to 449µs (and it’s actually more complicated than this for writers, but that’s a different story). We do see a total aggregated bandwidth of 336 MB/s (out of 715 MB/s max).\nWe are looking at a device that has a read-latency in the range of 150 µs, and that in linear read mode can likely leverage readahead and local buffers in some way to get below 50 µs in good cases.\nWrite latency is likely 3x that, unbuffered, but like all flash devices it has RAM and can use a fraction of that RAM to buffer a part of the writes. This is more effective for smaller write loads, and we can see that in the comparison of the numbers between the full write test compared to the r/w mix.\nA blade without the smart controller Let’s try a blade without the smart controller, this time a HP BL460c with a directly attached SSD without the caching RAID controller. In this test device, the disk controller is a dumb SATA attachment, no buffering, processing, RAIDing or other “smartness” inbetween.\nread: IOPS=14.2k, BW=222MiB/s (233MB/s)(64.0GiB/300001msec) clat percentiles (usec): | 1.00th=[ 50], 5.00th=[ 51], 10.00th=[ 52], 20.00th=[ 53], | 30.00th=[ 53], 40.00th=[ 55], 50.00th=[ 56], 60.00th=[ 62], | 70.00th=[ 64], 80.00th=[ 64], 90.00th=[ 66], 95.00th=[ 68], | 99.00th=[ 77], 99.50th=[ 79], 99.90th=[ 355], 99.95th=[ 537], | 99.99th=[ 3130] So 14.2k instead of 15.3k with the expensive controller, and 50-79µs instead of 53-99µs with the expensive controller. For pure writes (times 8):\nwrite: IOPS=3458, BW=54.0MiB/s (56.7MB/s)(15.8GiB/300001msec) clat percentiles (usec): | 1.00th=[ 151], 5.00th=[ 188], 10.00th=[ 194], 20.00th=[ 227], | 30.00th=[ 237], 40.00th=[ 245], 50.00th=[ 253], 60.00th=[ 260], | 70.00th=[ 262], 80.00th=[ 269], 90.00th=[ 306], 95.00th=[ 375], | 99.00th=[ 938], 99.50th=[ 1057], 99.90th=[ 3916], 99.95th=[ 4228], | 99.99th=[ 5211] So, 28507 IOPS in total (compared to 19588 for the expensive controller), and 150-375µs (compared to 200-570µs for the expensive controller), and better behavior for the runaway times, too.\nFor the mix (times 8):\nread: IOPS=2296, BW=35.9MiB/s (37.6MB/s)(10.5GiB/300002msec) clat percentiles (usec): | 1.00th=[ 174], 5.00th=[ 202], 10.00th=[ 223], 20.00th=[ 258], | 30.00th=[ 285], 40.00th=[ 310], 50.00th=[ 334], 60.00th=[ 363], | 70.00th=[ 400], 80.00th=[ 445], 90.00th=[ 529], 95.00th=[ 635], | 99.00th=[ 1876], 99.50th=[ 2966], 99.90th=[ 3490], 99.95th=[ 3654], | 99.99th=[ 4555] write: IOPS=576, BW=9225KiB/s (9446kB/s)(2703MiB/300002msec) clat percentiles (usec): | 1.00th=[ 52], 5.00th=[ 58], 10.00th=[ 63], 20.00th=[ 72], | 30.00th=[ 89], 40.00th=[ 98], 50.00th=[ 116], 60.00th=[ 124], | 70.00th=[ 139], 80.00th=[ 155], 90.00th=[ 174], 95.00th=[ 190], | 99.00th=[ 223], 99.50th=[ 237], 99.90th=[ 258], 99.95th=[ 273], | 99.99th=[ 293] That comes out as a total of 23005 IOPS (as opposed to 21412), and for reads, a range of 174-635µs (155-873µs for the expensive controller), while for writes it is 52-237µs (60-449µs).\nIndeed, latency and degraded behavior are better for directly attached disks, the caching RAID controller (200€ extra per device) is substracting value.\nWe can confirm these results with more benchmarking in additional, slightly different configurations (Dell, HP, new and old machines) across the test zoo.\nSome NVME A colleague donated a NVME based HP box to the test. It actually has 4 NVME devices, and we naively build a striped RAID-0 from it using LVM2, because why not? Each 16 KB write goes to a different NVME device, in a round-robin fashion (This is a silly thing to do, but that would require a longer digression to explain - the 1M stripe setup does not fundamentally change things, though).\nThe outcome is unexpected and disappointing, or is it?\nread: IOPS=8459, BW=132MiB/s (139MB/s)(38.7GiB/300001msec) clat percentiles (usec): | 1.00th=[ 97], 5.00th=[ 101], 10.00th=[ 102], 20.00th=[ 102], | 30.00th=[ 103], 40.00th=[ 106], 50.00th=[ 116], 60.00th=[ 119], | 70.00th=[ 123], 80.00th=[ 123], 90.00th=[ 124], 95.00th=[ 127], | 99.00th=[ 133], 99.50th=[ 145], 99.90th=[ 186], 99.95th=[ 196], | 99.99th=[ 221] My colleague claims that a single NVME device is capable of a million IOPS, yet here we see fewer than 10 000, and 100-200µs completion latencies. What’s wrong?\nWrite test (times 8):\nwrite: IOPS=23.3k, BW=365MiB/s (383MB/s)(107GiB/300001msec) clat percentiles (usec): | 1.00th=[ 19], 5.00th=[ 19], 10.00th=[ 20], 20.00th=[ 20], | 30.00th=[ 21], 40.00th=[ 22], 50.00th=[ 24], 60.00th=[ 26], | 70.00th=[ 36], 80.00th=[ 47], 90.00th=[ 61], 95.00th=[ 70], | 99.00th=[ 95], 99.50th=[ 114], 99.90th=[ 192], 99.95th=[ 293], | 99.99th=[ 2409] Total IOPS: 183000, range: 19-200µs. Mix (times 8):\nread: IOPS=6960, BW=109MiB/s (114MB/s)(31.9GiB/300001msec) clat percentiles (usec): | 1.00th=[ 97], 5.00th=[ 103], 10.00th=[ 104], 20.00th=[ 108], | 30.00th=[ 112], 40.00th=[ 118], 50.00th=[ 121], 60.00th=[ 125], | 70.00th=[ 126], 80.00th=[ 129], 90.00th=[ 141], 95.00th=[ 169], | 99.00th=[ 412], 99.50th=[ 611], 99.90th=[ 1385], 99.95th=[ 1696], | 99.99th=[ 2311] write: IOPS=1740, BW=27.2MiB/s (28.5MB/s)(8161MiB/300001msec) clat percentiles (usec): | 1.00th=[ 19], 5.00th=[ 19], 10.00th=[ 20], 20.00th=[ 20], | 30.00th=[ 20], 40.00th=[ 20], 50.00th=[ 21], 60.00th=[ 21], | 70.00th=[ 22], 80.00th=[ 23], 90.00th=[ 27], 95.00th=[ 30], | 99.00th=[ 60], 99.50th=[ 70], 99.90th=[ 95], 99.95th=[ 113], | 99.99th=[ 202] Total IOPS: 70010, range: 19-100µs for writes, and 100-200µs for reads. So we do get a large number of IOPS, but not in the first scenario.\nWhat’s wrong? Well, latency is.\nIn the read-only case, we have a clat of 116µs in the 50th percentile, so with 1000000µs to the second, we get 1000000/116 = 8620 IOPS single threaded, and indeed we measured 8459. Math works, every single time.\nSo we might have a total IOPS capacity of the total device that may be 100k or even a million IOPS, but we also do have a (surprisingly constant) read latency of 100-200µs and that is not going to change. The only way to get all these IOPS is to have many concurrent accesses, all of which will take at least 100µs per read.\nAs we can see by going 8-way parallel (for pure writes) or 16 way parallel (8 readers, 8 writers) we get a lot more in terms of IOPS, at the expected latencies per thread.\nAnd indeed, a sequential read test with 128 readers in parallel yields (times 128):\nread: IOPS=5289, BW=82.7MiB/s (86.7MB/s)(24.2GiB/300001msec) clat percentiles (usec): | 1.00th=[ 118], 5.00th=[ 126], 10.00th=[ 133], 20.00th=[ 141], | 30.00th=[ 147], 40.00th=[ 155], 50.00th=[ 163], 60.00th=[ 176], | 70.00th=[ 192], 80.00th=[ 215], 90.00th=[ 247], 95.00th=[ 281], | 99.00th=[ 367], 99.50th=[ 412], 99.90th=[ 523], 99.95th=[ 586], | 99.99th=[ 1090] These are not bad numbers at all: 648223 IOPS in total, at 100-400µs, and even above the 99.50th relatively stable times. The total aggregated bandwidth is 9.9GB/s (80 Gbit/s) with very little jitter (so we are not even maxing this out, we are not even at 1/3 the max for PCIe).\nRecommendations and Learnings From a SSD, we can expect about 20k IOPS, and about 3-4 GBit/s bandwidth (6 GBit/s bus) using MySQL type of workloads.\nA caching RAID controller adds negative value: It costs more, but does not improve the numbers. Latency and jitter actually increase. We lose access to the SMART data, too, and have to rely on controller diagnostics instead. We should stop buying caching RAID controllers (and we have indeed done that).\nNVME is a different bus to the same disk hardware (Flash NAND and controller) that is in a SSD, but it creates a much better latency and throughput. It can do that, because it attaches the storage directly to the PCIe bus instead of the much slower and more complicated SATA bus. It opens the gate to much higher bandwidth and IOPS numbers from the same hardware, but latency is unchanged (but much more stable under load).\nWe should stop buying SATA attached devices and focus on NVME instead. We should make sure that the pricing matches, because the hardware is essentially the same, only the bus interface changes.\nRead latency is around 100µs for a NVME read, and write latency is around 420µs for an unbuffered flash write (20µs for a write to the supercap buffered cache RAM on the NVME device, and we have probably around 512 MB of that per NVME device).\nThat also means that access to the NVME flash disk needs to be as parallel as possible, up and beyond 100-way parallel, in order to unlock the full IOPS yield the hardware can do:\nWe have 1 000 000 µs to the second, but latency is not 1µs, but 100µs/400µs, so we can and need to run 100-400 parallel accesses to be able to saturate the device.\nIt is very hard to impossible to get 100-way parallel commits from a relational database, so in order to saturate even a single NVME device we are likely to need multiple applications or database instances on a single device. From an IOPS point-of-view, it should never be necessary to have more than one NVME device per box.\nThat means in order to make most of NVME you really need the capability to run multiple workloads on a single device. Virtual machine and Kubernetes based databases are becoming a necessity in order to make full use of our hardware, even at the storage level.\n","date":"2019-06-13T00:00:00Z","href":"https://blog.koehntopp.info/2019/06/13/adventures-in-storageland.html","tags":["lang_en","storage","computer"],"title":"Adventures in Storageland"},{"categories":null,"content":"Ich habe ein Kind, es ist neun Jahre alt.\nMit drei Jahren stand das Kind vor dem Fernseher und hat mit beiden Händen versucht, das Bild größer zu ziehen, wie es das als Handygeste gewohnt war.\nMit sechs Jahren hat sich das Kind über das Fernsehen beklagt, weil man ein Live Programm nicht anhalten kann, um in Ruhe auf das Klo zu gehen, und auch nicht rückspulen kann. \u0026ldquo;Außerdem ist das blöd, wenn man Sachen nicht anhalten und zum später gucken zurücklegen kann. Dann bestimmt einen der Fernseher so doof.\u0026rdquo;\nMit sieben hat sich das Kind iMovie beigebracht und angefangen, Videos vom Handy auf das 2010er MBP zu laden, das ich ihm als ersten Computer gegeben habe. Wohlgemerkt, nicht ich habe ihm iMovie beigebracht, das hat das Kind alleine getan. Ich habe dann iMovie lernen müssen, um mitzureden.\nMit acht hat das Kind angefangen, auf Netflix und Youtube aufgeschnappte visuelle Erzählstrukturen und dramatische Redewendungen wie \u0026ldquo;Schnitt/Gegenschnitt\u0026rdquo;, Foreshadowing von Ton/Bild, Bild/Ton Schere, Standard-Perspektiven und simple Spezialeffekte (iMovie Greenscreen, Stop Motion) einzusetzen und mit Freunden zusammen Ghetto-Style Filme zu produzieren. Weil mehr Rollen als Kinder da waren, wurden Rollen mehrfach besetzt, dabei war die Rolle des Kindes durch die Kleidung leicht zu erkennen, und wieder kamen iMovie-Spezialeffekte zum Einsatz\u0026hellip;\nZum Teil wurden dabei Videospiel-Erlebnisse nachgestellt, oder Film-Erlebnisse als Kurzfilm nachgestellt, zum Teil wurden diese Dinge als Ausgangsbasis für eigene Geschichten genommen. Handlung, Dramaturgie und Pacing wurden dabei als Notwendigkeiten selbst entdeckt (\u0026ldquo;Nein, die können nicht einfach so ankommen, da muß unterwegs noch irgendwas passieren, sonst ist es langweilig.\u0026rdquo;) und Fragen nach der Motivation und dem Character von Figuren haben sich auch von selbst ergeben (\u0026ldquo;Aber wieso macht der das? Du würdest das machen, aber Mehmet nie\u0026hellip;\u0026rdquo;).\nDas Kind spielt Transport Fever, ARK Survival, Jurassic World: Evolution und ähnlich. Szenen aus Videospielen dienen als Vorlage oder als Hintergrundbild in Greenscreen-Tricks. Youtube wird konsultiert, um zu verstehen, wie das Spiel geht, wie Probleme zu lösen sind, oder wenn es nicht weitergeht. Es gibt eine Liste von Standard-Youtubern, die abonniert sind und die regelmäßig gesehen wird, um neue Tricks zu lernen. Auch beim Basteln und Handwerken werden Youtube-Maker-Videos quasi automatisch als Vorlage konsultiert.\nFernsehen wird über die Schule ebenfalls via Youtube konsumiert: NOS Jeudgjournaal und vergleichbare Dinge werden mindestens einmal pro Tag in der Schule gesehen und dienen als Ausgangsbasis für eine Diskussion in der Klasse.\nWir haben einen Fernseher im Haushalt, im Wohnzimmer, an einem Mac mini und einer Chromecast, sowie einer Settop-Box, weil die mit dem Internet-Anschluß im Haus mitgekommen ist. Gesehen wird auf iPads oder Laptops, gemeinsam ins Bett gekuschelt, oder im Wohnzimmer - aber dort dann in der Regel auf dem Mini, Netflix, Amazon prime (Es gibt Pumuckl auf Amazon prime!) und wieder Youtube, oder vom lokalen Fileserver gestreamed. Der lineare Fernsehkonsum des Kindes seit seiner Geburt in 2010 ist vermutlich keine dreistellige Anzahl von Stunden.\nDas ist keine ungewöhnliche Kindheit. Die Kinder, mit denen unser Kind spielt, aus der Schule, aus dem Chor oder der Geigenstunde, und vom Schwimm-Unterricht, zeigen dieselben Interessen und Verhaltensweisen. Manche sind mehr Teil der Game-Szene und nutzen Youtube als Input oder Output für ihre Computerspiel-Aktivitäten. Andere sind mehr Videokinder und nutzen Games als Quelle für Bildmaterial oder als Szenenbildner/Machinima-System.\nViele Kinder sind visuell kreativ aktiv, alle Kinder sind Cordcutter, die faktisch kein lineares Fernsehen wahrnehmen. Video- und Spielkonsum sind (im Rahmen der elterlichen Grenzen) selbstbestimmt und selbstgewählt. Inhalte werden verarbeitet, diskutiert und re-produziert, variiert, integriert und weiter auf-, um- und verarbeitet.\nDie Frage ist eigentlich nich: \u0026ldquo;Wieso Rezo?\u0026rdquo; Sondern: \u0026ldquo;Wieso erst jetzt?\u0026rdquo; Und wieso hat sich der öffentliche gesellschaftliche Diskurs so von der U30-Generation entfremden können. Die Personen, die in der BILD diskutiert werden, oder die auf https://www.unterstuetzt-merkel.de/prominente (https://www.cdu.de/impressum : AKK, Paul Ziemiak) zitiert werden, haben exakt keine Berührungspunkte mit dem Leben der U30-Generation. Sie sind in der Welt dieser Personen UNSICHTBAR - und umgekehrt.\nDas ist total kaputt und total faszinierend.\n","date":"2019-05-28T00:00:00Z","href":"https://blog.koehntopp.info/2019/05/28/kinder-und-visuelle-medien.html","tags":["pluspora_import"],"title":"Kinder und visuelle Medien"},{"categories":null,"content":"Heise berichtet: Mozilla will weg von IRC und sucht Alternative .\nUnd das Heiseforum sabbert reflexartig:\nAber IRC ist doch noch gut, da muß man nur einmal mit der Drahtbürste rüber und dann kann das wieder auf Lager gelegt werden.\nUnd:\nXMPP! XMPP ist gut, denn es ist ein offener Standard.\nJa, dann also mal Iso-Standard-Rant 8859-1:\nErst mal IRC.\nIRC ist kaum mal ein Protokoll. Es gibt einen einzigen RFC zum Thema IRC, rfc1459 von 1993 und das enthält nicht mal MIME, weiß nichts von UTF-8 und definiert den Zeichensatz von IRC als ASCII-Variante Geschmacksrichtung Schweden mit []{} als lustige Sonderzeichen.\nModerne Anforderungen an Chat werden nicht abgedeckt: In der Variante wie im RFC gibt es keine Identitäten und keine Authentisierung, kein TLS und auch sonst keine Sicherheit. Ein IRC-Server nach diesem Standard würde Spam, Identitätsdiebstahl und Abhören Tür und Tor öffnen. Ircnet ist ein deutsches Netz nach diesem Standard und hat genau alle diese Probleme \u0026ndash; Ban und Blockierung erfolgt nach IP-Ranges und als Nutzer aus dem AS der Deutschen Telekom muß man im Ircnet schwere Einschränkungen hin nehmen, weil Ircnet seine Nutzer nicht unterscheiden kann.\nIrc hat keine Presence und keine Persistenz. Das ist natürlich blöd, wenn man ein Mobilnutzer ist und nicht nur laufend Disconnected, sondern auch noch laufend eine wechselnde Portnummer und IP auf dem Gateway des Mobilnetzes hat. Das Konzept von Pushnachrichten-Servern wie sie Google und Apple für mobile Nutzung voraussetzen kennt IRC nicht. Damit ist eine sinnvolle Teilnahme an IRC mit einem mobilen Client nicht möglich und man belästigt alle Channelteilnehmer laufend mit QUIT-Nachrichten, und hat keine Historie des Chats, wenn man gerade offline ist.\nIRC hat nicht nur keine Zeichensätze, sondern auch sonst keine Form von moderner Kommunikation: Keinen funktionierenden File Transfer, denn DCC und CTCP funktionieren weitverbreitet nicht mehr, keine Inline Images, keine Eskalation zu Voice- und Videochat, keine strukturierte Kommunikation mit Threads, sodaß man auch nicht Themen und Replies auf Themen bannen kann, und auch alle anderen Merkmale moderner Chat-Anwendungen fehlen.\nIRC baut Chat um eine spatiale Metapher - Räume oder Channels, offene Gruppen. Es ist möglich, geschlossene Gruppen oder 1:1 zu machen, aber das ist mehr so aufgesetzt. Zugangskontrollen sind - auch wegen des fehlenden Identitätsmanagements - primitiv: Geschlossene Gruppen sind offene Gruppen mit einem globalen Paßwort, Zugangskontrolle um Identität und ACLs gibt es mehr so nicht.\nTLS und Verschlüsselung existieren in unterschiedlichen Geschmacksrichtungen, sind aber undefiniert.\nDann XMPP.\nDas ist quasi das Gegenteil von IRC: Es gibt nicht einen Standard für XMPP, es gibt https://xmpp.org/extensions/ . Es gibt keine Profile. Es ist jedem Client und Server überlassen, einen beliebigen Subset dieser Standards beliebig mißzuverstehen und zu implementieren und dann zu hoffen, daß etwas Sinnvolles dabei herauskommt.\nDas Resultat ist dann zum Beispiel ein Cisco Jabber Server, der für jede Nachricht ein DELAYED-Attribut setzt, auch bei Nachrichten, die nicht delayed sind und erwartet, daß der Client das an den Timestamp-Values in den Attributen selbst auseinander fisselt. Und ein libpurple, wie es in Adium eingesetzt wird, das das nicht juckt und daß alle Nachrichten mit DELAYED-Attribut immer als gelesen anzeigt.\nUnd wenn jemand zwei beliebige Jabber-Clients und einen beliebigen XMPP-Server dazu bekommt, einen Filetransfer zu machen, wenn auf einer Seite ein NAT involviert ist, ohne eine schwarze Ziege oder gar einige Menschen zu opfern - meinen Respekt. Im Allgemeinen kann man aber sagen, daß das für normalsterbliche Menschen auch mit viel Blutvergießen nicht lösbar ist.\nXMPP ist ein Protokoll, das für alles mögliche eingesetzt ist - nicht nur für Chaträume, sondern auch für einen Haufen anderer Maschine-Maschine Kommunikation. Das Ergebnis ist ein Protokoll, das von jedem irgendwie eingesetzt wird, aber eigentlich für niemanden funktioniert und ganz sicher nicht interoperabel ist. Das ist auch einer der Gründe, warum Jabber als Chat allgemein tot ist und sich proprietäre Chat-Lösungen durchgesetzt haben - Client installieren, loslegen. Es geht einfach.\nOffene Protokolle und Lösungen haben bei Chat einen Marktanteil von nahe 0 und das wird sich auch in naher Zukunft nicht ändern.\n","date":"2019-04-29T00:00:00Z","href":"https://blog.koehntopp.info/2019/04/29/mozilla-irc.html","tags":["pluspora_import","lang_de","computer"],"title":"Mozilla und IRC"},{"categories":null,"content":" Kubernetes and Complexity On Twitter, Sandeep remarked:\nThe complexity and amount of code involved is staggering. I\u0026rsquo;m not sure how we can possibly justify the Kubernetes, Istio, Docker, Envoy, Prometheus, Grafana, Jaeger, Kiali, Helm stack.\nWhat problem are we solving that were not solving 15 years ago, again? How much time and effort are being saved (by organisations smaller than Google)?\nOne reply was:\n\u0026ldquo;The amount of code is staggering. I\u0026rsquo;m not sure how we can justify the Linux, dpkg, HAProxy, Nagios, Check_MK, puppet, supervisor, apt stack.\u0026rdquo;\nUnlike other systems that try to solve similar problems, Kubernetes - at least in the past - has been driven by users that had a problem to solve, and not by gaggle of 400 vendors which think that it improves the flavour when they are pissing into a repo. Unlike these other systems, Kubernetes actually works and scales, with no added or proprietary components, if you take the public repo, build and deploy it. So that is still a lot of complexity, but at least it accomplishes something.\nWhat problem are we solving that we were not solving 2004? In 2004, we were running bare metal with maybe puppet, but more likely cfengine or even manual ssh execution running shell scripts out of a NFS file-share. And were monitoring with Nagios.\nThe progress is obvious, but let us list it:\nToday we are living in an age of abundance in the data center. In our data centers we have machines with at least 32 threads per machine, many have much higher number. Three digit GB of memory are standard. IOPS are not a problem with SSD. And multi-tiered leaf-and-spine L3 networks create fabrics that can connect any CPU in any machine to any disk in any other machine in the same data center, at nominal media speed and with minuscule latency added from the mesh, as long as we can do cut-through switching.\nThat is, if we planned our data center right, we are having The Data Center as a Computer . A uniform collection of threads with memory, a network as a connecting mesh and sufficient storage in capacity and IOPS somewhere within the same mesh.\nFrom this hardware substrate we can build clusters of Kubernetes, K8s. The K8s is basically \u0026ldquo;init for a network of machines\u0026rdquo;, a system that accepts declarative instructions of how to mesh a set of images of software into a network and a service. It then schedules resources from our substrate, and pushes the images onto that.\nBecause the images are self-contained and immutable, once they complete running, we can remove them from their respective machines and receive the original hosts back in original state. Because the images are self-contained and immutable, they can be scheduled on any node that has sufficient free capacity, specifics no longer matter. State is isolated and specially managed, K8s provides concepts for that, stateful sets and operators.\nThis allows hardware operators to provide capacity without caring much about the users, the devs and their apps running on the clusters. Conversely, it allows devs and apps to work with hardware using an API instead of people and tickets. Hardware and Data Center operations become a completely autonomous commodity.\nWhich we call \u0026ldquo;The Cloud\u0026rdquo;.\nFor devs and their apps, Istio and Envoy provide an interface to interconnect images to allow them to communicate. These systems also provide routing, balancing, authentication, enforce TLS, provide backoff and fault tolerance and collect metrics in a standardised way. And in a way that is invisible and inescapable to the people that write the application.\nAll these properties of the communication become an Aspect , taken out of the codebase, and the scope of the application programmer. They just are, whether the developer cares or knows about these things or not.\nSimilarly, Prometheus and the surrounding ideology have a story about what to collect (ie USE and RED , and follow @mipsytipsy on Twitter for a lot of insight). We are getting best practice around this, and it is being wrapped into an Aspect again.\nLook back 15 years - systems like Nagios and Graphite are extremely host centric. This does no longer work in the new operational model. We do no longer care about hosts at all, we care about capacity (let\u0026rsquo;s have more than we strictly need), and about churn (we have capacity, but there is a high death-and-reprovisioning rate and that is suspect, so we alert). Nagios-era systems are not equipped to deal with environments like this at all.\nTracing and Debugging are evolving and adapting in a similar way. Jaeger, sysdig and similar systems help you to debug problems in collections of microservices that are running in multiple instances across an arbitrary number of hosts somewhere in a much larger cluster of machines. They give you capability to follow requests up and down the stack where components are not bound to specific hosts. And they give you capability to view the flow of a request through services from a logical point of view without actually accessing individual physical hosts (or caring about these hosts at all.\nThere is any number of benefits from this change, this decoupling of deployments from specific instances of compute:\nImmutability makes it possible to reason about production and production state. Workloads can migrate (actually respawn) within a cluster as the need and the load changes. Deployments become a swift automated operational procedure. Interfaces to standard Aspects of operations (deployment, upgrade, monitoring, interconnection, cluster membership, shared state management) become standardised and become interchangeable. We get codified (literally, as code) best practice.\nSo what problem are we solving that we were not solving 15 years ago? Well, feel free to place my rant as a soundtrack on top of Monty Python .\nYes, there is complexity. You need to learn Go, JS and Python as a solid foundation to be able to play. You need to understand the distributed computing and security basics necessary in order to play in this arena. And that is quite a large piece. On the other hand, \u0026ldquo;The amount of code is staggering. I\u0026rsquo;m not sure how we can justify the Linux, dpkg, HAProxy, Nagios, Check_MK, puppet, supervisor, apt stack.\u0026quot;« as written elsewhere in this thread.\nFrom the K8s setup, you get a much higher average architectural quality by comparison. That is in no small part because of the way K8s is opinionated about how to handle and deliver things. It is also in the delivery, in the way of Aspects, wrappers around your stuff that provide functionality for operations, in a way that you do not even see when coding your stuff. You are getting sane defaults in a way that is mostly agnostic to what you care about.\nThis is an important decoupling in multiple dimensions, making everybody\u0026rsquo;s job easier and enabling them to deliver more and better quality with less work.\nYes, this is relatively new, but you can see how good and well-thought-out it is. There is a reason the K8s ecosystem owned everybody else in less than 3 years time, and this is why.\n","date":"2019-04-25T00:00:00Z","href":"https://blog.koehntopp.info/2019/04/25/what-has-kubernetes-ever-done-for-us.html","tags":["pluspora_import","lang_en","cloud"],"title":"What has Kubernetes ever done for us?"},{"categories":null,"content":"There is a big change currently happening in the industry, and it is what drives and enables Facebooks \u0026ldquo;pivot to privacy\u0026rdquo; at the moment. It\u0026rsquo;s less the public criticism of their methods, that\u0026rsquo;s just a justification, it\u0026rsquo;s more a broader shift.\nA lot of people misunderstand what\u0026rsquo;s going on: Facebook’s ‘pivot’ is less about privacy and more about profits A plan to integrate the technical infrastructure of WhatsApp and Messenger with Instagram would allow users to seamlessly communicate across three platforms for the first time. More importantly for Zuckerberg, though, it would link billions of detailed Facebook accounts with WhatsApp users – opening stockpiles of data to mine for advertisers.\nThat\u0026rsquo;s nice for current Facebook, but not actually the point. The actual point is more here: Instagram adds in-app checkout as part of its big push into shopping Instagram took its next step to becoming a full-fledged commerce business today, announcing that it is bringing a checkout feature to its mobile apps. With checkout, you can store your payment information with Instagram to make purchases more quickly. In return, Instagram is charging retailers a selling fee. More than 20 brands will use checkout to start, including Nike, Adidas, Dior, H\u0026amp;M, MAC Cosmetics, Michael Kors, Oscar de la Renta, Prada, Uniqlo, Warby Parker, and Zara.\nThe same thing happens at Google, Google Maps in this case, and in the customary bungled, half-assed way that is so characteristically socially inept Google: Google Maps for your hotel: All you need to know! Book on Google is an option from your Google Hotel Ads account (at no additional cost). It allows your hotel to have a direct “booking button” which appears on the Google profile from the search results.\nCompanies that actually care about the model, because their entire business depends on getting it right are doing it slightly more engaged. Witness this analysis of Discord: ThreadreaderApp As is common for start-ups, Discord is free + monetization hasn\u0026rsquo;t been a top priority\u0026hellip; but less common is Discord\u0026rsquo;s aversion to monetizing user data.\nIn the thread you will find the various approaches of selling to users and to devs, instead of selling them out, that Discord tried and continues exploring. It\u0026rsquo;s like a blueprint for Facebook (and especially their Instagram efforts) and for many other \u0026ldquo;social\u0026rdquo; things. Meanwhile, Google continues to close all the halfway working things they ever had in this realm - Google plus, their collection of failed chat apps and small sharing environments. Without a structure for people to interact, you will not get access to people and their interactions, and you are outside the recommender system that really matters - their peer network and personal recommendations.\nIf, as a global meta-strategy, you refuse to interact with people like people and through other people, you are ultimately being driven into irrelevance, and no amount of AI compute power will change that.\n","date":"2019-03-25T00:00:00Z","href":"https://blog.koehntopp.info/2019/03/25/sell-to-users.html","tags":["pluspora_import","lang_en","advertising"],"title":"Sell your users, or sell to your users"},{"categories":null,"content":"I trolled Twitter with some Ha-Ha-Only-Serious.\nEvery now and then someone complains on Twitter about the use of Bashisms in Shellscripts or legacy systems that are not completely Linux-compatible. I usually troll back with the claim that anything that is not Linux is broken, and that anything that is not Bash is broken.\nThat is of course a troll, and I am of course at the same time totally serious.\nYes, MacOS exists and does not have a Linux userland, and that is a problem (just try to use Docker, you get a VM that runs Linux that then starts Containers). Yes, Debian ships systems with ash, and your Openwrt runs Busybox, and in both cases that is the first thing everybody changes. At least if they are going to use these systems for real, and for good reasons, too.\nThe thing is, time did not stop. It\u0026rsquo;s 2019, and the by far dominant majority of all systems run Linux, bash and a few other things. It is perfectly okay to demand that these things are present, because the world has moved on and is way beyond kernel, operating systems and shell questions. In fact, the need to be able to run Docker images at scale is so huge that even Microsoft implemented a Linux kernel API on their operating system, which underneath is anything but close to what Linux requires.\nThe other thing is, of course, if portability matters, you do not run Bash or any other kind of Shell. Or if security matters. Or extensibility. Or anything at all. Use Python. Or, PHP or even Perl, if you are like from the last millennium.\nBut never write Shell Scripts. Ever. Or if you do, do not expect them to run anywhere but on your box. This in the history of mankind has never worked.\nSo, get yourself a real computer. And use a proper programming language. Thank you.\n","date":"2019-03-04T00:00:00Z","href":"https://blog.koehntopp.info/2019/03/04/bashismen.html","tags":["pluspora_import","lang_de","computer","linux","unix"],"title":"Bashismen"},{"categories":null,"content":"Die Frage war:\nWieso nennt man die Relativitätstheorie und Evolutionstheorie eigentlich immer noch \u0026lsquo;Theorie\u0026rsquo;?\nDie Antwort muss lauten:\nWeil sie das sind. Ein System von Theoremen, die ein Modell der Realität darstellen, das es erlaubt Vorhersagen über die Welt zu machen. In voller Länge ausgeführt in The Quark And The Jaguar: Adventures in the Simple and the Complex . Das Buch geht auf diesen Aspekt und noch viel mehr ausführlich ein und ist generell hilfreich um zu verstehen, was Wissenschaft ist und was nicht.\nIch glaube, es wird noch sehr lange dauern, bis wir über den Punkt hinaus sind, nur mit Modellen unser Universum beschreiben zu können.\nWir sind an diesem Punkt schon lange. Genau genommen seit der Aufklärung . Es ist das Wesen des Modells, einen Gültigkeitsbereich und Fehler zu haben, und Vorhersagen zu liefern.\nWas soll das bedeuten?\nVorhersagen Die Newton\u0026rsquo;schen Gesetze beschreiben die Bewegung von Dingen mit Masse im Vakuum bei subrelativistischen Geschwindigkeiten. Scope Die Vorhersagen dieser Gesetze funktionieren nicht in einer Atmosphäre, weil dort Reibung ins Spiel kommt. Sie funktionieren nicht bei relativistischen Geschwindigkeiten, weil dort Fehler dazu kommen, die die Gleichungen von Newton nicht berücksichtigen. Fehler Wir wissen, daß Newtons Theorien eine Vereinfachung sind, und daß Einsteins Formeln den Sachverhalt genauer beschreiben. Aber Einsteins Formeln degenerieren für v\u0026laquo;c zu denen von Newton, die relativistischen Terme von Einstein sind nahezu Null, wenn sich Objekte viel langsamer als das Licht bewegen. Es ist der Sinn von Modellen, Vorhersagen zu machen wie sich die Welt verhält. Das Modell ist dabei oft beschränkt und ungenau, was aber seine Anwendbarkeit nicht einschränken muss. Wir können oft Fehler hinnehmen oder Beschränkungen im Anwendungsgebiet akzeptieren, wenn wir so schnell und mit einfacher Rechnung zu Abschätzungen kommen, die für die intendierte Anwendung genau genug sind.\nIst eine Theorie, die bewiesen wurde, nicht mehr von alleine keine Theorie mehr? Sondern vielmehr ein Fakt?\nDu meinst „Hypothese“, wo du „Theorie“ schreibst.\nNope. Man hat eine Hypothese. Dann stellt man eine Theorie auf, forscht und beweist diese. Oder auch nicht. Dann beantragt man mehr Forschungsgelder \u0026hellip;\nEine Theorie, ein System von Theoremen, ist nicht bewiesen und oft auch nicht korrekt. Es ist oft bekannt falsch, beschränkt oder ungenau, oder alles davon.\nDarum mein Abzielen auf Vorhersagen. Daltons Atommodell ist beschränkt, war aber in der Lage, Dinge zu modellieren, die vorher nicht modellierbar waren. \u0026ldquo;Wieso reagieren Wasserstoff und Sauerstoff immer im Verhältnis 2:1 in der Knallgasreaktion?\u0026rdquo; ist eine Frage, die Dalton\u0026rsquo;s Atommodell ganz wunderbar beantworten kann.\nThompson, Rutherford, und dann Bohr haben bessere (genauere) Modelle, die an Ende als Verfeinerungen oder Verkomplizierungen von Dalton aufgefasst werden können. Diese Modelle leisten, was ihre Vorgänger jeweils konnten und mehr (größeres Anwendungsgebiet, bessere Genauigkeit).\nDu kannst eine Theorie “beweisen”, indem Du sie für Vorhersagen verwendest und dann schaust, ob die taugen. Du kannst sie widerlegen: Die Vorhersagen sind unzutreffend oder für den Zweck zu ungenau.\nDu kannst nichts tun, wenn die Theorie keine Vorhersagen liefern kann. Das Wesen von Wissenschaft ist, dass Theorien Weltmodelle liefern, die Vorhersagen machen, die sich in Experimenten prüfen lassen.\nDeswegen bleiben Theorien dennoch immer Theorien, Systeme von Theoremen, und sie bleiben unvollkommen. Sie sind Modelle, also effektiv Vereinfachungen der Realität, mit Anwendungsgebiet (sie \u0026ldquo;modellieren\u0026rdquo; etwas) und Genauigkeitsgrenzen.\n","date":"2019-03-02T00:00:00Z","href":"https://blog.koehntopp.info/2019/03/02/nur-eine-theorie.html","tags":["lang_de","erklaerbaer","science"],"title":"Nur eine Theorie"},{"categories":null,"content":" Some Elite: Dangerous Braindumping Because of my previous posts, some people have been talking to me about the game, and I have been spamming a lot of in- and out-of game content on them. Then I realized: \u0026ldquo;Why should you have it better?\u0026rdquo; and decided to spam things here as well, for balance.\nInstall a EDDN client E:D is a sandbox game, which over time acquired a lot of content and backstory, and with them in-game activities that are better planned out of the game. For this, data collection happened originally through on-screen OCR, until Frontier embraced this play-style and provided an API.\nThis API is being harvested by a number of clients, with all upload it into the Elite: Dangerous Data Network EDDN and then feed it to a number of backend sites for planning, optimizing and minmaxing. I am using the EDMC client and fed it with all necessary API keys and accounts.\nMake sure the EDDN client is on before you launch the game.\nMaking use of the EDDN client data Backends are the Elite: Dangerous Star Map which also hands out a number of Achievements, if you are into this kind of thing. The two most important backends using EDSM data are EDDB for finding stations, suppliers and planets, and INARA , which does the same things and also helps you with engineering planning and unlocking Guardian technology.\nGuardian tech is necessary if you want a guardian frame shift drive extender, which adds range on top of engineering, so many explorer ship builds have it. It also has a lot of scanner and weapon tech, which is essential for Thargoid combat. You actually hardly have a chance against Thargoids without Guardian tech.\nMaking Money Fast Previously, you could make a lot of money with passenger transport. Basically, after your grind your way to a Cobra MK III, add a number of passenger cabins and do one of two things:\nFly to Robigo: \u0026ldquo;Robigo Mines\u0026rdquo; or Ceos: \u0026ldquo;Babbage\u0026rdquo; and take on passengers for Sothis: \u0026ldquo;Sirius Atmospherics\u0026rdquo;, fly them to the target, come to a full stop \u0026lt;2km from the target and scan the target until you get a confirmation. Then dump the passengers back at the port of origin. For this you would need Biz, First and Luxury cabins (for the Cobra: Biz), and grind your way up to Reputation with all factions. At Robigo Mines you have a chance to pick up wanted persons, too, and these usually pay more. Robigo is an Outpost, so Landing Pads are Small and Medium, and it never scans, so transporting outlaws is safe in Solo and Private. Griefers with Manifest Scanners and Kill Warrant Scanners wait in open at Robigo, so don\u0026rsquo;t.\nCeos is much closer to Sothis, and is HighSec, so do not go there with anything illegal. Babbage will scan you at least once for every approach. You can reach Sothis with a single jump, tho, so you need to do the math if faster RTT or higher CR/trip work for you.\nAnother way to make CR/h with passenger cabins is to fit lots of cheap economy cabins, and then search for stations in trouble (on fire, Thargoid attack or otherwise troubled), fly there and take on bulk passengers for rescue trips out of the system.\nAnd yet another way to make high CR/h is Core Mining, but this requires a higher up front invest. Check out ObsidianAnt on Youtube for a Core Mining build and tutorial, and aim for Void Opals or Blood Diamonds. Also prepared for NPC Pirate combat, because they will come after you.\nBuild with Coriolis.io For every ship, plan the base price in CR again for purchase and upgrades, so the actual ship you want to fly is usually base price times two.\nOr use the Coriolis planner for the build you want and get a more precise cost estimate.\nThen use EDDB to find the stations that sell you the parts you need.\nBeing on good terms reputation wise with the Federation is nice (but you will need to pledge yourself to the Fed and have rank with them for a Sol permit, which gives you access to Jameson Memorial, which has all buyable stuff in the game).\nBeing on good terms with Sirius is also useful, because you get the Sirius permit and then gives you access to other interesting stations. See this tutorial for details\nControls If you have a Hotas or want to manage your controls better, search for .binds file in your game install or the application data in your User Home in Windows. The Binds-File can be uploaded to EDRefcard , which will print you one or two pages of nice reference cards. Twice as nice for Hotas users.\nAlso, HUD Editor for non-amber ship HUDs.\nEngineering You get more Jump Range with Engineering, and one of the first engineers to unlock is Felicity Farseer, so Frontier understands that need very well. For Felicity , you need Meta Alloy, which you can buy at the Maia system in the Pleiades, at Darnielle\u0026rsquo;s Progress or find elsewhere in the game.\nMeta Alloy , Meta Alloy .\nOnce you have unlocked Felicity, you will need engineering materials for FSD Range optimization or whatever else you need.\nThe easy way to get that is at Dav\u0026rsquo;s Hope . Do the round with a SRV as shown in this post and scoop everything. Then find yourself a Materials Trader close to you using inara.cz\u0026rsquo;s search function and the engineering planner .\nYou may also want a wake scanner and position yourself outside the no-fire zone of a busy orbital and then wake-scan every Low and High Wake you can find. This will give you a lot of encoded materials which are required in FSD engineering.\nDoing this gets you around the grind lock with the least amount of work.\nList of Engineering Mats and how to get them The Other Materials List Discovery Money Once you have a ship with decent jump range, you may want to do some Exploration. In fact, you can do a lot of that on the fly while doing other things. Whenever you jump long distance runs, after entering the system, during FSD cooldown and fuel scooping, run the Discovery Scanner. I have the screen usually in Analysis Mode (\u0026rsquo;m\u0026rsquo;, blue lines in HUD) and have the Discovery Scanner bound to MB1 in a fire group. When the scan is finished, it has a very characteristic sound and after that you can jump on.\nThis style of flying is called \u0026lsquo;Honking\u0026rsquo;. The idea is to sync Honk times, FSD cool down times and fuel scooping times so that everything is ready at the same time, just when you get around the drop-in star to continue to jump.\nA new system with earthlikes or terraformables can bring in around 0.3-3 MCR when scanned (you hand in the data at any station at Universal Cartographics, and you need to be more than 20ly from the system for UC to buy the data). High Metal Content and Metal Worlds also bring a lot of money.\nSystems you visited before and where you already sold the data to UC hardly bring any money.\nYou can fit a Full System Scanner (FSS). It allows you to map a system in a more detailed way. After honking, you can enter FSS mode with (\u0026rsquo;) or where ever you have mapped it, and then scan for signal sources, bodies or other things. There is a guide at the forum that explains FSS\u0026rsquo;ing better than I can do here.\nYou may also want to fit a Detailed Surface Scanner (DSS). When you fly close to a planet and come to an almost full stop in supercruise, you can activate the DSS and get into a new screen for the DSS minigame. You fire probes at the planet, which map a part of the surface. There is an efficiency target depending on the size of the body scanned, and if you manage to get 90% mapped with fewer probes than the efficiency target, you get a bonus. See Reddit for help.\nDSS mapping will also reveal and catalogize all Points of Interest on a body, so fumaroles, alien crash sites and the likes will show up with names right on the map. It\u0026rsquo;s useful and makes money.\nWhile Honking is fast, FSSing and DSSing a system takes more time. DSSing also takes travel time, because it can be done only up close.\nThere are two names on each body: Discovery and Mapping. DS, FSS and DSS previously unvisited bodies etches your names onto the newly discovered body forever and for all other commanders to see.\nExplorer Ships and Builds The cheapest useful explorer is the Diamondback Explorer. It is small, but has an extreme jump range and can be engineered to truly awesome range.\nIn the Mid Size department, there is the Asp Explorer, which especially with Engineering can to truly impressive things and also has a decent amount of internal space, if you care to do more than just data collection. It is a deep space capable ship, which can carry a large scoop, 2x AFMU, 2x SRV, a refinery, a DSS and a small cargo rack and still make distance.\nIf you need more space, go Python, but be prepared to engineer FSD and Thrusters for range and manoeuvrability. Without that, it flies more like a brick.\nThe Anaconda required a large pad, so it can not land at Outposts. It also is unflyable in Supercruise without serious engineering, but there are common Explorer build blueprints for it that take it over 80ly jump range. It is also used a lot as a tanker by the Fuel Rats.\nLearn more at ED Astro . Basically, an explorer build is everything D-rated except the FSD, which is A rated. Then engineer the FSD for range and everything else for weight. No weapons, large fuel scoop, AFMU, SRV, DSS, optionally a refinery.\nAlso learn about [synth](https://elite-dangerous.fandom.com/wiki/Synthesis https://inara.cz/galaxy-synthesis/) , this is where you get supplies when there are no stations.\nMats are gathered using SRV or mining equipment, so read up on that, too.\nNote how there is a FSD injection materials synth. FSD injection increases your jump range once for each injection, hence it is also called \u0026ldquo;Jumponium\u0026rdquo; (and that makes it googleable). When crossing through the starless depths, the rifts between the arms of the galaxy, star density goes down and you may well find yourself in a situation where you need jumponium even in an engineered ship. Rehearse using this and the Galaxy Map properly together before you go into the Rifts.\nCooperative Player Groups The ANWB of the Elite Dangerous Universe are the Fuel Rats. Call them at their site . This will drop you into WebIRC on their channel, and they will guide you through a well planned and orchestrated set of motions that will allow them to shoot you with Fuel Limpets. Each Fuel Limpet will load 1t of FSD drive fuel into your ship.\nThe Fuel Rats are strictly non-combatant, and they do not charge you anything. You do not need to be a member of anything for their help. Basically, you provide them a mission that is more interesting than procedurally generated content. They are the coolest faction in the game, and they have their own planet. Their home world, Fuelum, orbits a scoopable star, of course.\nThe Fuel Rat Wiki at their sie (all of the Wiki, not just that page) contains a lot of useful information about the in-game, the game implementation and instancing system and how to org and run a rescue and relief organisation efficiently. Even if you are not playing, it is a trove useful of information.\nSee also this writeup for news about the Fuel Rats and their exploits.\nAlso check out and auth with their journal client before you run of of fuel. In time, when you find yourself stranded in the black, it will save you precious time.\nOther helpful people are the Hull Seals, which do for Repairs what the Fuel Rats do for fuel, and there is a lot of overlap between the players in both orgs.\nThe Iron Wing is a group of combat pilots that take it on them to protect returning explorers in their combat-weak, long-range optimized builds when they return to the bubble so that they can safely upload their data at a destination of their choice. They help against griefers and NPC pirates.\nThe Neutron Route Neutron stars are the other thing that makes you jump far. Doing this will damage the ship each time you do it, so 1. AFMU (large) to repair the ship, and 2. AFMU (small) to repair the AFMU #1. Use the Neutron Router to plan the trip. This video explains the Neutron Route.\n","date":"2019-02-21T00:00:00Z","href":"https://blog.koehntopp.info/2019/02/21/some-elite-dangerous-braindumping.html","tags":["pluspora_import","lang_de","elite dangerous"],"title":"Some Elite: Dangerous Braindumping"},{"categories":null,"content":"Basierend auf einem Twitter-Thread In Aus dem Journalistischen Maschinenraum diskutieren Peter Welchering und Kollegen von ihm den \u0026ldquo;Ändere Dein Paßwort Tag\u0026rdquo;. Die fehlende Frage dabei: Warum behaupten Leute, daß Ändern des Passworts unsicherer ist oder jemanden sicherer macht?\nSzenarien sind wichtig, wann immer man über Security (oder Management) diskutiert.\nOhne Passwortmanager macht man sich das Leben schwerer, weil man sich Dinge merken muss. Damit das funktioniert nehmen Leute schwache Passwörter, und in Folge sinkt das Sicherheitheitsniveau. Steht so auch in der originalen Studie.\nDie Hauptgefahr dieser Tage ist die transitive Ausnutzung von Paßworten: Leute, die dasselbe Paßwort etwa bei eBay und web.de haben lassen sich das eBay Paßwort abphishen, wie es so gerne getan wird. Im eBay Account ist im Admin-Panel die Mailadresse hinterlegt, sagen wir bei web.de. Dort wird dasselbe Paßwort verwendet wie bei eBay und zack, ist der Mailaccount weg. Der ist aber Passwort-Vergessen Recovery-Account für ein Dutzend andere Dinge (und im IMAP Archiv kann man auch sehen, wo). Und zack, sind die Accounts auch alle weg.\nDaher ist es wichtig, generierte, starke, zufällige Passwörter zu haben. Und für jede Site ein anderes. Das kann man gar nicht genug betonen.\nDabei heißt aber, eigentlich sollte es »Verwende einen Passwort-Manager Tag« sein. Das hat noch weitere Vorteile: Man weiß, ob man ein Paßwort für eine Site hat, das älter ist als deren letzte Sicherheitsschwankung.\nRe den Podcast: Im Grunde ist es ganz einfach - Nachdenken hilft. Journalismus ist die Frage nach dem Warum. Davon haben wir zu wenig.\nIm Nachgang gab es dann die Frage :\nKann man einem Passwortmanager uneingeschränkt vertrauen? Schafft man damit nicht einen Single Point of Failure? Was hältst Du von \u0026ldquo;sicheres, zufallserzeugtes, nirgends elektronisch gespeichertes Passwort, das je nach Verwendungsort mit einem Prä -/In-/Sufffix versehen wird\u0026rdquo;?\nNatürlich man einem Paßwortmanager nicht uneingeschränkt vertrauen. Das kannst Du nix und niemandem. Das ist aber auch nicht die Frage. Die Frage ist, ob Du im Mittel hinterher sicherer bist als vorher und die Antwort ist uneingeschränkt ja, sogar bei einem trivialen Setup. Paßwortmanager speichern nicht nur Paßworte, die managen sie auch. Was heißt das?\nPaßworte zufällig generieren. Paßwort Änderungshistorie dokumentieren - Wann hast Du Wo Was geändert. Das erlaubt Dir Zugriff auf alte Paßworte und erlaubt Dir auch 3.: 3.Zusammen mit der Historie kannst Du nun wissen, ob Dein Paßwort für http://x.de neuer ist als der letzte Security-Fail bei http://x.de Und damit kommen wir zum Reporting: Ein Paßwort-Manager erlaubt Dir Deine gesamte Security Posture in der Gesamtschau zu beurteilen. Wie viele schlechte Paßworte hast Du? Wie viele Paßworte hast Du, die Du ändern mußt, wegen 3.? Erlaubt Dir Nachfolgemanagement. Wenn Du ge-bus-t wirst, können Deine Rechtsnachfolger sehen, wo Du Account hast und die Kontrolle über Deine Accounts und Assets gezielt übernehmen. Der Unterschied zwischen \u0026ldquo;Ich hab ein Schema um mir ähnliche Paßworte auszudenken, die eventuell sicher sind\u0026rdquo; und einem Management-Schema wird so hoffentlich klar.\n»Was hältst Du von \u0026ldquo;Paßwort mit Site-Suffix\u0026rdquo;?« Nix.\nWarum nicht? Es löst das Transitivitäts-Problem, halb. Es ist keine Management Strategie für virtuelle Assets. Es dokumentiert nix. Weder Du noch die Leute, für die Du verantwortlich bist, haben davon einen Gewinn.\nDie Frage, die Du auch lösen mußt: Was tun Dein Sohn oder Deine Frau mit all Deinem virtuellen Besitz, wenn Du mit dem Familienmobil einen Alleebaum kuschelst oder über dem guten Steak einen Infarkt bekommst - itunes Musik und Apps, Play Store Apps, Kindle Library, Steam Lib? Leute, das ist alles nicht so schwierig: Stellt Euch einfach vor, das seien echte, anfaßbare Dinge. Für die habt Ihr Versicherungen, Treuhänder, Hinterlegungen, Kontrollen und Qualitätsstandards, sogar in einer Familie.\nJetzt dasselbe, auch für nicht anfaßbare Dinge. Die Antwort ist zwangsläufig ein Paßwortmanager und ein Gespräch mit der Familie und ein Umschlag irgendwo mit Siegel drauf, wo Frau und Kinder wissen wo der ist.\n","date":"2019-02-08T00:00:00Z","href":"https://blog.koehntopp.info/2019/02/08/mehr-passwort-sicherheit.html","tags":["pluspora_import","security","lang_de"],"title":"Mehr Paßwort-Sicherheit"},{"categories":null,"content":"In einem Kommentar auf Heise regt sich Jürgen Schmidt über den Ändere-Dein-Paßwort-Tag auf. Er fordert von den Herstellern, weniger Daten zu speichern und sichere Systeme zu bauen. Das ist richtig, aber nicht hilfreich.\nEs ist wahr, daß der generelle Zustand von Security auf Computern bedauernswert ist, und daß Paßworte ein furchtbar fehlerbehafteter Mechanismus sind, Zugang zu schützen. Aber die Welt ist wie sie ist, und es ist falsch darauf zu warten, daß sie sich verbessert. Websites werden Eure Credentials leaken und generell daran scheitern, Eure Daten zu schützen.\nDie korrekte Strategie als Endanwender ist, sich darauf zu konzentrieren, solche Fehler handhabbar zu machen und solche Situationen zu überleben.\nHabe auf jeder Site ein anderes Paßwort Dies ist der wichtigste Rat überhaupt, denn das killt alle transitiven Exploits. Damit das funktioniert brauchst Du den Paßwortmanager.\nPraktisch alle Exploits mit gestohlenen Paßworten sind transitive Exploits: Jemand verwendet Dein Paßwort von ebay, um sich in Deinen Account auf web.de einzuloggen. Dort findet er Kontodaten und Anschriften und macht Dein Konto leer.\nVerwende einen Paßwortmanager Das hat mehrere Vorteile:\nDu hast aufwandslos ein anderes Paßwort auf jeder Site. Ein Paßwortmanager hat auch einen Generator für Zufallspaßworte, so daß Du sehr lange, sehr zufällige Paßworte haben kannst. Ein guter Paßwortmanger weiß auch, wann Du ein Kennwort zuletzt geändert hast und wann Sites exploited worden sind und kann Dir sagen wo genau Du ein Risiko eingehst, wenn Du Dein Kennwort nicht änderst. Aktiviere 2FA mit Google Authenticator Google Authenticator implementiert TOTP, zeitbasierte automatisch wechselnde Zifferncodes, die alle 30 Sekunden wechseln. Sie machen Deinen Account sehr viel weniger anfällig gegen Phishing. TOTP ist ein Standardprotokoll und wird nicht nur von Google Authenticator implementiert, sondern auf der Kommandozeile von oath-toolkit und auch von vielen Paßwortmanagern.\nVerwende weitere Paßworte statt sinnvoller Antworten bei \u0026ldquo;Sicherheitsfragen\u0026rdquo; Einige Sites verwenden immer noch \u0026ldquo;Sicherheitsfragen\u0026rdquo; wie \u0026ldquo;Was war der Mädchenname Deiner Mutter?\u0026rdquo;. Setze hier als Antwort ebenfalls Zufallspaßworte ein und trage Frage und Antwort in Deinen Paßwortmanager ein.\nStelle sicher, daß Du ein verschlüsseltes, aktuelles Offsite Backup der Datenbank Deines Paßwortmanagers hast In meinem Archiv liegt nicht nur mein Keyring meines Paßwortmanagers, sondern auch Screenshots der QR-Codes für die 2FA Initialisierung. Die sind natürlich alle verschlüsselt.\n","date":"2019-02-01T00:00:00Z","href":"https://blog.koehntopp.info/2019/02/01/passwort-sicherheit.html","tags":["pluspora_import","security","lang_de"],"title":"Paßwort-Sicherheit"},{"categories":null,"content":"Some thoughts on Social Networking and Usenet, in response to https://jfm.carcosa.net/blog/computing/usenet/ .\nIn the context of the impending shutdown of Google plus, some people reminisce about USENET, especially in the context of social media.\nBefore being abused as a broadcast protocol for TV series, Porn and illegal copies of software, USENET was a kind of decentralized social media used for discussion. There was a small number of interoperable server implementations, and a plethora of clients, with different audiences and optimizations.\nTL;DR We can not only learn from the successes of USENET, but even more from its failures.\nHow did USENET work? The idea behind USENET is that you have a very large number of servers that forward articles between each other, so that any user can post any article anywhere to any server, and eventually it would end up with exactly one copy of that article on each server that wants it. Servers can have one or more connections with other servers, some had hundreds of links to other servers. Message would ideally still be transported only once, and in no case stored multiple times.\nUnlike modern federation protocols which were born on the Internet, USENET was a store-and-forward network. So articles would not be forwarded directly to subscribers, but were stored locally and forwarded to a few immediate neighbors. They would keep a copy of the message and in turn offer it to their direct neighbors, and so on. Usually, any two servers on the network would be only very few hops apart from each other.\nEach server keeps a message for a configurable amount of time, and eventually deletes the local copy as the expiration date of this message is being exceeded.\nMessage format and identity The format of any USENET post was superficially that of (pre-multimedia) mail. So a USENET article had a number of header lines as Key-Value pairs, broken according to e-mails long-line folding rules, and a body, which contained ASCII. Later additions tried to improve on that, but failed — more on that later.\nA somewhat basic usenet header would look somewhat like this:\nFrom: user@host (User Name) Date: Thu, 24 Jan 2019 22:15:15 +0100 Path: news.nntp.dca.giganews.com!news.koehntopp.de!kris Newsgroups: kiel.allgemein Message-ID: \u0026lt;treXfsfeg17354@news.koehntopp.de\u0026gt; Subject: Neue Gruppen einrichten In-Reply-To: \u0026lt;eueytdj2625@news.koehntopp.de\u0026gt; A few header keywords were more important than others, because without them the protocol would not work.\nThe key header is the Message-ID: It defines the identity of a message for purposes of the protocol. Two instances of a message are considered identical if they have the same ID, and different if their ID is different. It was crucial for all implementations to never modify a messages \u0026ldquo;Message-ID:\u0026rdquo; line.\nServers know which messages they have already seen by keeping a list of Message-IDs in a special database, the server history table. Servers would remember the IDs of messages longer than they would remember articles, and they would reject any message with any Message-ID that is even older than their history reaches back in time. So a particular server might want to keep messages for 30 days, and a history table for 90 days. That particular server would roundabout reject any message older than 90 days.\nWhenever a server sees a message young enough to qualify for lookup in the history table, it would do that lookup. If the Message-ID is already known, a decision about this message had already been made in the past, and the message will be rejected as a duplicate.\nOnly when a message qualifies younger than the history, and is so far unknown in the history, a decision about it (keep it, discard it, \u0026hellip;) has to be made. In any case, the server would store the ID as \u0026ldquo;seen\u0026rdquo; in the history table, and it would reject any second message with that ID. That way, duplicates from multiple connections are being recognized and eliminated.\nThis allows a dense and redundant set of connections between servers without the need of any connection management or requirements on the server topology at all. It would also allow a new server to connect to an existing server and request re-feeding any number of old messages without the danger of accidentally feeding these old messages a second time to other existing servers over another link.\nOf course, it still is possible for a server with a hundred links to get dozens of copies of the same message through different links, all of which except for the first copy are being rejected.\nThat was particularly common for servers that did not have a live connection on the internet, but were batch fed: Such servers would have their articles collected in a series of compressed files over the day, would then dial up using a modem and download the compressed batches in one go, multiple times a day. After disconnection, they would decompress and process these articles, discarding any duplicates based on the Message-IDs and their history.\nInteractive transfer on live internet lines was slightly more intelligent, and worked somewhat like two kids comparing collection cards. One server would post Message-IDs of messages in IHAVE statements, and the receiving server would look up these IDs in turn in their history. Anything missing they would ask for with SENDME messages, asking for new files by Message-ID.\nOptimizing duplicate delivery with Path-headers One way to optimize this is the \u0026ldquo;Path\u0026rdquo; header line, which lists all the servers that have seen this copy of a message in order to traversal. So a message posted to news.koehnntopp.de by the user kris would start out with a \u0026ldquo;Path: news.koehntopp.de!kris\u0026rdquo;. That server would feed it for example to news.nntp.dca.giganews.com and to news.toppoint.de.\nOne copy of that message would end up with a \u0026ldquo;Path: news.nntp.dca.giganews.com!news.koehntopp.de!kris\u0026rdquo;, and the other would end up with \u0026ldquo;Path: news.toppoint.de!news.koehntopp.de!kris\u0026rdquo; in their Path. Both copies of the original message would have divergent Path header lines, but identical Message-ID lines, and the same message body.\nThe Path line was being used to detect circles before they happen: you would not even offer anything that already has news.koehntopp.de in the Path in any position back to news.koehntopp.de. Also, as a server operator, you could do stats on Path lines to see which of your links was fast (brought you copies of messages first) and which would be slower.\nBuilding Links between Servers So how would a server operator get connections to other servers, and how would they decide which messages they want and not want?\nThis is the first of the weak points of USENET, and often glossed over in glorifying USENET.\nSetting up a link between two servers was a completely manual process, and it was completely controlled by the upstream server feeding a downstream server with messages.\nFirst, you had to manually discover a server wanting to act as a feed to you. Often that was done with mailing lists where server operators and wannabe-server operators offered feeds, or asked for peers.\nThen, after making contact, you would exchange contact information and negotiate the parameters of setting up a link. That required the exchange of login credentials, and the configuration of what the receiving server operator would want from the feed. The upstream operator would manually configure these selection criteria, and then send stuff to the receiver, which may or may not have been what these people wanted. They could take that or discard it.\nThis is totally not what anybody would want today or back then. There was no automated negotiation where the feeding server would advertise the stuff they offer, and the receiving server would then state interactively what they would want to subscribe to and what not.\nGatekeeping newsgroups Also, all selections were based on one single header line, the Newsgroup header. This is very much analogous to subscribing to a hashtag on modern social media, only the hashtag is gatekept by a server operator cabal.\nIn any way, USENET servers offered to way to express wishes based on language, author, content type, message-size, or any other criteria. You could only say you want messages \u0026ldquo;in kiel.allgemein and kiel.uni\u0026rdquo; or \u0026ldquo;in any kiel.* Newsgroup\u0026rdquo; or exclusion criteria such as \u0026ldquo;kiel., but not kiel.binaries.\u0026rdquo;.\nWhen I say \u0026ldquo;gatekept hashtags\u0026rdquo;, I mean server operators and end users were guarding newsgroups strongly. The creation and deletion of newsgroups was a heavily formalized process. Also, posting to the wrong newsgroup, crossposting to multiple newsgroups came with social stigma and sanctions.\nThis made USENET very cumbersome for the end user. Users often wanted a social space, or simply recognition of a topic as a thing and asked for a newsgroup.\nIn order to get that, they had to go through a very slow and formalized discussion process which purposefully was designed to keep the number of groups small and audiences in groups large and generalized.\nProtected or small spaces with a designated, non-public audience were frowned upon, making the creation of safe spaces hard or impossible.\nClient flexibility, but also no common feature set USENET clients were written as early versions of free software. Their source was packaged and posted on USENET itself. You would read a newsgroup that transported packaged software, and would find a new version of an end user client posted there. You would unpack the source, configure it for your system and compile it, and then try out the new program. If it worked, you would roll out the new version on your systems for your end users.\nThere were many client programs. Sven Guckes maintained a list at http://www.guckes.net/newsreaders/ .\nThe wide diversity in reading software also was a main cause of impediment in the evolution of USENET. If a news reading program added features that required additional data in the header or the body of an article, all other reading programs would have problems decoding that. Simple things, such as support for Umlauts, required encoding of characters because some systems broke Non-ASCII characters. So \u0026ldquo;Kristian Köhntopp\u0026rdquo; was encoded as \u0026ldquo;Kristian =?iso-8859?Q?K=F6hntopp?=\u0026rdquo;. While it was displayed properly in readers that supported decoding this, it was shown as \u0026ldquo;Kristian Iso-something-topp\u0026rdquo; to everybody else (and that is how I got my nickname, Isotopp, by the way).\nPutting rich content, such as formatting in Markup or HTML, or inline-images into messages was even worse, because it made messages completely unreadable to users with clients that did not support these new formats.\nConsequently, all extensions got heavy resistance from end-users and operators everywhere, and eventually USENET evolution stopped, and everybody moved to web forums. Essentially, USENET died with the appearance of phpBB and friends.\nHow web forum software won Web Forum software was, in the eyes of USENET users, a big step backwards. It was not distributed, the client was primitive and put emphasis on presentation. The presentation was proscribed by the board operator instead of being a choice of the reader.\nBut web boards were easy to upgrade: With an upgrade, the same set of features was available to all users at once, and there was no possible resistance from users who were slow or negligent in upgrading their software.\nWhile you had to go through a slow and lengthy discussion process and voting process to get just one newsgroup, web forums offered an easy way to get any number of groups on a simple web server with phpBB. Also, you controlled audience and admission, so it was possible to create protected safe spaces — by design an impossibility on USENET.\nIn the end, that made all but the most hardware tech audience move away from USENET rather quickly, and eventually USENET became irrelevant.\nSee also \u0026ldquo;Netnews: The Origin Story\u0026rdquo;, (PDF ), Steven M. Bellovin, June 27, 2023. \u0026ldquo;Flames und Kommunikationszusammenbrüche im Netz\u0026rdquo;, Kristian Köhntopp (Video , Text ) ","date":"2019-01-24T00:00:00Z","href":"https://blog.koehntopp.info/2019/01/24/social-networks-and-usenet.html","tags":["lang_de","social networking","usenet"],"title":"Social Networks and USENET"},{"categories":null,"content":"In Recht auf Homeoffice schreibt Golem:\nDas SPD-geführte Bundesarbeitsministerium plant ein gesetzlich verankertes Recht auf Home Office.\nUnd alle brüllen \u0026ldquo;Jaaaa!\u0026rdquo;. Ich glaube, den meisten ist gar nicht klar, auf was sie sich da einlassen und wie sich eine Remote First-Firma anfühlt. Wie dem auch sei: Die Firma, in der Ihr gerade arbeitet, kann so mit Home Office vermutlich nicht gut funktionieren.\nIch habe von 2005 bis 2008 für MySQL AB gearbeitet, und das war eine Firma, die Remote First war. Das war eine sehr andere Arbeitsumgebung als die, die ihr in Eurem Job vermutlich habt. Wir waren circa 500 Mitarbeiter in drei Dutzend Ländern überall auf der Erde. Es gab einen Firmensitz in Kalifornien und einen irgendwo in Skandinavien, aber dort war nie jemand (im Büro in Kalifornien waren ein paar Leute mehr, weil die dort den Börsengang der Firma vorbereitet haben).\nAls Mitarbeiter hatte man einen gesonderten Raum daheim zu haben, der als Büro dient. Die Firma hat einen gewissen Betrag pro Jahr (2500 Euro) bereitgestellt, um diesen Raum auszustatten oder zu verbessern. Das schließt Arbeitsmaterial (Laptop) wie Büroausstattung (Stuhl, Tisch, etc pp) mit ein.\nWeil es faktisch keine Firmenräume gab, gab es auch kein Firmen-VPN, denn das hätte den Zugang erschwert. Stattdessen gab es einen Haufen Webdienste, über die die Kommunikation stattfand. Diese waren verschlüsselt und mit einem Single Sign On versehen, aber generell von überall zugänglich von wo aus man eine TLS Verbindung bekommen konnte.\nAlle Diskussionen, internen Abstimmungen, Meetings, und Ergebnisse wurden über diese Webdienste, Skype, IRC und andere Online-Medien getroffen. Die Arbeitszeiten waren oft schräg, weil die Firma über alle Zeitzonen der Erde verteilt war. Und das heißt, man mußte schon mal um 3 Uhr morgens ran, um ein Meeting mit Leuten in Shanghai, Moskau und in Kalifornien gleichzeitig zu haben \u0026ndash; da gibt es einfach keine gute Zeitzone für alle.\nMeetings über Videokonferenzen und Chatmedien sind schwierig, und Diskussionen über Mailinglisten sind oft hitzig und schwerfällig zugleich. Es war notwendig, bestimmte Formen zu entwickeln und mit Leuten einzuüben. Wenn man Leute aus einem Präsenzumfeld in eine Home Office Umgebung wirft, sind sie zunächst orientierungslos, unter Druck und einsam gleichzeitig. Sie müssen an die Hand genommen werden, und man muß Ihnen Methoden und Formen aktiv zeigen, die ihnen erlauben, in so einer Umgebung zu funktionieren und sinnvoll zu kommunizieren.\nAm schwierigsten ist der Umgang mit der Tatsache, daß es keine Serendipität und keine aufwandslose Kommunikation gibt. Diese Dinge, die man in Präsenzfirmen \u0026ldquo;nebenbei\u0026rdquo; mitbekommt, seitwärts, top-down und bottom-up, kommen in Home Office First Firmen nicht nebenbei. Jeder, Management, Teamleiter, aber auch jeder einzelne Mitarbeiter, müssen lernen, daß jede Kommunikation einen Aufwand und Energie kostet, und man sich das Messaging genau überlegen muß. Tut man das nicht, wird Zusammenhalt und gerichtete Aktion einem Firmenverbandes schwierig.\nZentral in MySQL waren übrigens die verschiedenen All Hands und Department Meeting Veranstaltungen. Zweimal im Jahr hat sich gesamte Firma an einem Ort getroffen (meistens ein Fünf Sterne Hotel in einem gut erreichbaren Land mit entspannter Visa-Situation, in der Nachsaison), und zweimal im Jahr haben sich gesamte Abteilungen getroffen. Auf diesen Events (jeweils drei bis fünf Tage) haben wir uns kennengelernt, ein Netzwerk aufgebaut, zusammen Kurzprojekte (\u0026ldquo;Hackathon\u0026rdquo;) durchgezogen und natürlich auch gefeiert. Zusammen mit anderen Treffen hatte man so in etwa alle zwei Monate ein Gruppen-, Abteilungs-, oder Firmentreffen. Alles in allem nicht wirklich eine Verbesserung der finanziellen und der CO2-Bilanz, aber notwendig um eine funktionierende Gruppe zu schaffen.\n","date":"2019-01-07T00:00:00Z","href":"https://blog.koehntopp.info/2019/01/07/du-weisst-nichts-von-homeoffice.html","tags":["pluspora_import","remote first","lang_de","work"],"title":"Du weisst nichts von Homeoffice"},{"categories":null,"content":"Basierend auf einem Thread in Twitter und noch einem Thread .\nIm November 2012 kam Ingress von Niantic heraus. Das ist ein server-basierendes Augmented Reality Game mit GPS-Koordinaten, bei dem man bestimmte Orte aufsuchen muss, um dort Dinge auf dem Mobiltelefon zu tun. Im Februar 2013 hatte ich es durchgespielt und begann das Spiel zu automatisieren. Ich schrieb Bots.\nDas taten viele, denn das Spiel wurde von Niantic mehr oder weniger an die gesamte Android Developer Community geseeded. Niantic hat dann versucht, Bots zu erkennen und Sicherheitsmaßnahmen in das Spiel einzubauen, die Botting schwieriger machen sollten. Ich habe später eine Reihe von Artikel auf Google+ zu diesem Thema geschrieben.\nAber Bots zu erkennen und dann zu bannen ist schwierig. Viel schwieriger als gedacht. Von meinen 1000 Bot-Instanzen wurden am Ende keine gebannt, aber große Teile der Berliner Ingress Community und der Ingress Community in anderen deutschen Städten wurden als false positives erkannt.\nMenschen simulieren Wie macht man schwer zu erkennende Bots?\nIn Ingress soll man \u0026ndash; ohne Cheaten \u0026ndash; in der realen Welt herumlaufen und in der Nähe von bestimmten Markierungspunkten Aktionen ausführen. Meist, um effektiv zu sein, als Gruppe.\nAlso hatten meine Bots ein soziales Netz, mit anderen Bots, die bevorzugt (aber nicht immer) zusammen gespielt haben.\nSie hatten keine festen, wiedererkennbaren Routen, sondern Urges: Rufe die Google Wetter API auf. Schlechtes Wetter? Füge eine Starbucks-Pause in die Route ein.\nHabe Schlafenszeiten, Arbeitszeiten, wähle Spielzeiten entsprechend. Plane Routen zwischen Ingress Portalen mit der Google Maps API und Fahrrad als Verkehrsmittel, warte die angegebenen Reisezeiten zwischen Aktionen an unterschiiedlichen Zielkoordinaten.\nMache niemals etwas mit maschineller Präzision. Jittere Zeiten, Koordinatenangaben, Reaktionszeiten und auch sonst alles.\nUnd dann steuere auf dieser simulierten realweltlichen Person das Spielverhalten, wieder mit Urges, die auf dem In-Game Inventory und Spielstrategien baiseren. \u0026ldquo;Verabrede\u0026rdquo; Dich mit anderen Bots und agiere gemeinsam (oder auch nicht).\nUnd wenn reale Spieler irgendwo aktiv sind, dann verlagere die Aktivitäten woanders hin.\nDas alles erzeugt ein Verhalten, das so normal ist, daß echte Personen öfter gebannt werden als diese Bots.\nNiantic war für eine gewisse Zeit lang stark interessiert, Bots zu erschweren oder unmöglich zu machen. Ein verhaltensbasierter Ansatz hat aber nirgendwohin geführt: Die Variation in menschlichem Verhalten ist so groß, daß man mit einer recht simplen Simulation wie oben beschrieben ein Botverhalten hin bekommt, das nicht signifikant aus der Masse der menschlichen Benutzer heraus sticht.\nAm Ende war es langweilig: Das Ziel für mich war Node.js und Javascript zu lernen. Dieses Missionsziel wurde erreicht. Zugleich hat sich die API des Spiels und das Spiel selbst so oft geändert, daß ich es hätte professionalisieren müssen, um mitzuhalten. Daran bestand aber nie Interesse, also habe ich es aufgegeben \u0026ndash; zweimal durchgespielt (einmal in echt und einmal automatisiert) war genug.\nAlso habe ich die Erkenntnisse in einem Google Dokument aufgeschrieben und publiziert und danach andere Dinge getan.\nBot oder Mensch? Da ist eine Lehre drin für Leute, die Twitter-Bots oder andere Social Bots erkennen wollen.\nTwitter ist nicht Ingress, und Diskussionen sind komplizierter als Burster zu werfen.\nAber \u0026ldquo;Markierungspflicht\u0026rdquo; oder \u0026ldquo;statistische Bot-Erkennung\u0026rdquo; sind beides Blödsinn, auf mehr als eine Weise.\nDu kannst eine privilegierte API haben, die von der offziellen Twitter App genutzt wird, und eine zweite API für maschinelle Interaktion auf Twitter. Aber natürlich hindert das niemanden daran, die Menschen-API aus dem offiziellen Twitter Binary zu reversen und dann automaitissert zu vverwenden. Oder den offiziellen Client zu scripten.\nUnd natürlich ist es am Ende egal, was den Effekt auf soziale Interaktion angeht, ob ein Troll ein Bot oder ein schlecht bezahlter Mindestlöhner in einem Schwellenland ist.\nAutomat, Bot und Trollarmee Man kann das dennoch für die vereinfachte Diskussion differenzieren:\nein automatisierter Account ist ein Account, der von einer Maschine mit Inhalten befüttert wird. Das kann so etwas simples wie ein Retweetbot sein, oder ein Bot, der die aktuelle Uhrzeit twittert, oder halt mein Friendsplus.me-Account, der mein Google+ nach Twitter geschoben hat.\nEin automatisierter Account hat aber keine algorithmische Reaktionslogik in irgendeiner Form. Er generiert oder sucht Content und pushed den dann. Ein Feed.\nNichts hält einen Accountbesitzer davon ab, den Feedbetrieb des automatischen Accounts mit manuellen Tweets zu mischen. Viele Promis mit gemanagten Twitter-Accounts tun das.\nEin Bot ist ein automatisierter Account, der reaktiv Tweets sucht oder liest, und dann algorithmisch eine Reaktion generiert. Oft (aber nicht zwingend) mit dem Ziel als reale Person gesehen zu werden.\nTrolle sind genau keine automatisierten Accounts, sondern manuelle Benutzer, die roboterhaft auf Reize aus Twitter oder anderen sozialen Medien reagieren. Sie werden oft wie Bots geführt. Die ganze Sendung Neo Magazin Royale: Hass im Internet beschäftigt sich damit.\nUnd das ist genau der Punkt. Die politische Diskussion beschäftigt sich mit den äußeren Merkmalen (\u0026ldquo;Syntax\u0026rdquo;), aber eigentlich geht es darum, was passiert: organisierte und verdeckte Beeinflussung eines öffentlichen Diskurses - \u0026ldquo;Semantik\u0026rdquo;. Die Mittel sind im Grunde Wurst.\nNun muß die organisierte Beeinflussung eines öffentlichen Diskurses nicht falsch sein. Ich habe das in der Vergangenheit oft getan. Um 2000 habe ich de.comp.lang.php manipuliert, 2003 habe ich Heise Foren manipuliert, wann immer web.de erwäht wurde, und zusammen mit Freunden haben wir die USENET-Gruppen de.talk.bizarre und de.soc.rollenspiele.misc mit unterschiedlichen Absichten offen oder verdeckt geführt.\nDer Talk Flames im Internet (CCCS 2007, Froscon 2014) (Video ) dokumentiert das.\nDer Punkt ist mehr, daß verdeckte Beeinflussung des politischen Diskurses ein Problem ist. Aber das kann man in Deutschland im politischen Diskurs so nicht sagen. Denn dann hat Deutschland mehr als ein Problem. Also nicht nur Russen-Nichtbots und die Reconquita Germanica, sondern auch falsche oder fehlende Gesetze zur Regulierung der Bestechlichkeit von Abgeordneten oder Lobbyismuskontrolle.\nUnd das kann ja nun wirklich keiner wollen. Es kommt also in Wahrheit darauf an, daß die richtigen Interessengruppen den politischen Diskurs verdeckt beeinflussen können. Nur so kommen wir weiter!\n","date":"2018-12-19T00:00:00Z","href":"https://blog.koehntopp.info/2018/12/19/whatabotism.html","tags":["lang_de","computer","security","hack"],"title":"Whatabotism"},{"categories":null,"content":"kauth handlers in MacOS , from a somewhat outdated MacOS X Internals book. But a lot of the content is still relevant. This section is about kauth handlers. Kauth is a system in MacOS to hook file open and file exec operations. It is what is being used by all the Corporate Security Malware that the Compliance Guys like to install on your work Mac, and it is one of the most common reasons for MacOS performance problems at work.\nThat is, because most Corpsec Malware does install a Kauth handler and then evaluates file open permission synchronously in that handler. TrendMicro, Cylance, FireEye (xagt) and Websense DLP do this. File open() operations are delayed by a factor of 6x to 10x usually: Unpacking an electron app with 27.000 files on my home Mac takes 3 seconds, and took 27 seconds on my work Mac.\nUsually, these things are also written badly: Trendmicro for example runs their evaluations in a privileged userland process with ASLR off, so if you craft the right kind of GIF and drop it into $HOME, it will pop a shell on any Mac running Trendmicro just fine. That is, because the offsets are always right \u0026ndash; thanks to ASLR off.\nAnd Websense DLP did rely on their Kauth handler so much that all files in the installations were world writeable: \u0026ldquo;protected\u0026rdquo; only by the Kauth handler. Which made exceptions for Binaries with the right name (among them \u0026ldquo;installd\u0026rdquo;, \u0026ldquo;installer\u0026rdquo;, or \u0026ldquo;shove\u0026rdquo;), so if you rename your cp program to \u0026ldquo;installer\u0026rdquo; you could happily overwrite any of the files \u0026ndash; reboot the box, get your own code executed as root and be done.\nOne of the nicest things on the Mac is HopperApp . This is a very cheap, very well done clone of the basic functionality in IDA Pro, and allows you to have a quick look at the code of these Corpsec kernel extensions and see how they are breaking things, then act on that. Depending on your alignment you write a report and get a cookie, or you use this for your own purposes.\nIn general, a Macbook with Corporate Security Malware is much more easily owned than a stock Apple device.\n","date":"2018-12-18T00:00:00Z","href":"https://blog.koehntopp.info/2018/12/18/kauth-handlers-in-macos.html","tags":["pluspora_import","lang_de","security","macos","apple"],"title":"kauth Handlers in MacOS"},{"categories":null,"content":"Morgenandacht mit Nora Steen : die theologische Leiterin des Christian Jensen Kollegs der Evangelisch-Lutherische Kirche in Norddeutschland in Breklum redet einer Parallelgesellschaft das Wort. Sie romantisiert in ihrer Predigt Immigranten, die sich weigern, sich in die Bräuche und Traditionen ihres Gastlandes zu integrieren, und stattdessen ihre fremde Religion, ihre fremden Feiertage und auch ihre fremde Kultur mit verzweifelten Importen am Leben zu erhalten versuchen.\n\u0026ldquo;Kreuzkirche Tokyo\u0026rdquo; ,Transkript:\nDie Luft ist frisch und kühl. Leichter Dunst liegt auf dem Hügel und in der Ferne schreien Raben. Es ist früh am Morgen und es ist still. Obwohl dieser verwunschene Ort mitten in Tokio liegt, in der Millionenmetropole. Ein grüner Hügel, nur ein paar hundert Meter vom 24 Stunden am Tag belebten Bahnhof Gotanda .\nAuf dem Hügel steht eine Kirche. Der Altarraum ist aus durchscheinendem, typisch japanischen Papier. Eine einzelne kleine Glocke hängt an der Decke der Veranda vor dem Kirchenraum. Sie wird per Hand geläutet, vor dem Gottesdienst. Zur Kreuzkirche kommen jene, die auf Dauer oder auf Zeit in Japan leben und arbeiten. Sie sind Deutsche und meist bei großen Firmen angestellt. Sie sind in der globalisierten Welt zu Hause und suchen trotzdem Vertrautheit in der fremden Kultur. Besonders in der Advents- und Weihnachtszeit.\nSeit Jahrzehnten gibt es in der Kreuzkirche deshalb den Adventsbasar. Es gibt Glühwein, Adventskränze werden geflochten, aus Tannen mit roten Kerzen. Vieles muß dafür importiert werden, aber das ist es ihnen wert. Gerade in dieser Zeit im Jahr werden Erinnerungen wach. Da sehnt man sich nach den Orten der Kindheit. Sich noch einmal fühlen wie beim Kekse backen, damals.\nDie Tannen riechen wie in Deutschland, und die Schokolade im Adventskalender schmeckt wie immer. Hier oben auf dem Hügel anzukommen, das gibt ihnen ein Gefühl von Heimat. Immer nur unterwegs sein, das geht nämlich nicht. Irgendwo muß auch die Seele mal Kraft schöpfen können, sagte mir eine Frau. Sie lebte bereits mehr als die Hälfte ihres Lebens in Japan.\nDie Mitglieder der Kreuzkirchengemeinde in Japan wissen um den Preis, den sie für ein Leben im Ausland zahlen. Deshalb kommen sie immer wieder hierher. Den heiligen Hügel nennen ihn einige. Er bietet ihnen einen Boden, um Wurzeln zu schlagen, in aller Freiheit. So wie Hilde Domin es in \u0026ldquo;Ziehende Landschaft \u0026rdquo; beschreibt:\nMan muß weggehen können und doch sein wie ein Baum: als bliebe die Wurzel im Boden, als zöge die Landschaft und wir ständen fest\nDas Volk Gottes war ständig auf Wanderschaft. Es hatte gar keine Gelegenheit, sich an Orte zu klammern um heimisch zu werden, also wurde der Glaube zur Heimat. Gerade für Menschen, die sich über Generationen Ortlos fühlten. Jaweh wurde für die zu einem Gott, der mit ihnen auf dem Weg war. Und sie, die im fernen Tokio leben, können daran anknüpfen. Weggegangen aus vertrautem Umfeld finden sie Verwurzelung dort, auf dem heiligen Hügel. Stille, inmitten der pulsierenden Stadt.\nWirklich, man verlege sie Szene einmal in die Innenstadt von Dresden und mache aus diesen Personen gläubige Muslime und lasse sie sich dann in Gedanken noch einmal mit Frau Steens Stimme vorlesen. Kein Problem für den deutschen Politischen Diskurs, gleichzeitig die Gedanken von Frau Steen zu würdigen und dieselbe Haltung bei in Deutschland lebenden Ausländern als gefährlich und Angriff auf das Deutschtum zu werten.\n","date":"2018-12-08T00:00:00Z","href":"https://blog.koehntopp.info/2018/12/08/parallelgesellschaft.html","tags":["pluspora_import","lang_de","politik"],"title":"Parallelgesellschaft"},{"categories":null,"content":"So we have been production benchmarking two AMD EPYC servers today. A Quanta 1U2Node chassis with a 7551P in one slot and a 7401P in the other. 512GB of memory, 25 Gbit/s Mellanox Card.\nA production benchmarking installs a production puppet class, sets up nginx queue monitoring and then gradually increase load balancer weights until the nginx grows a queue of request backlog. At which point we call it a day and return to default weights for the box.\nSystems under test have been four Intels, a E5-2620v4 and a Silver 4110, a E5-2690v4 and a Gold 6132. The Intels are of course all 2P.\nWith our memory intense production workload, the Xeon E5 and Xeon XP actually perform equally, so the 2620 and 4110 drop at 9000 workunits, the 2690 and 6132 at 15000, each.\nThe 7401P did 13000, and the 7551P terminated at 15000, but it ran into a worker limit at a load at 50 or so, so we know this is not the absolute ceiling.\nSo you have a $2000 7551P wiping the floor with two 6132 ($4200 list), and a $1000 7401P doing 44% better than $1000 of lower bin Intel. Notably, latency with AMD is 20% higher due to lower clock. But unlike lower bin Intel, AMD performance under load (all cores busy) is almost stable, where Intel clocks down 25%. So while slower, the CPU is harder, performance under load is as stable as a high bin part. This is good for VM work and K8s.\nAll in all, we need to go into vendors now and see what kind of 1P AMD is on the menu.\nAlso, AMD, ship me a 1P Rome board. Any form factor or vendor will do at this stage.\n","date":"2018-12-03T00:00:00Z","href":"https://blog.koehntopp.info/2018/12/03/amd-epyc.html","tags":["pluspora_import","lang_de","computer"],"title":"AMD EPYC"},{"categories":null,"content":"From Pluspora But is it atomic? So a few days ago, a colleague asked “Why do we love files on disk?” and in the course of that discussion, I made a comment that, among other things, used the assumption that somebody is updating some file on some Linux system atomically. I wrote:\nLet\u0026rsquo;s assume we are using local files, and we do so in a managed, sane way:\nAll these state files are always JSON, there is a JSON schema, so it is clear which attributes can be there, must be there, and what they mean and what changes to data mean as well. Files are updated atomically And immediately the question came up: “I either misunderstand you or I have a gap in the knowledge. When writes to a file became atomic? They are not in general case.”\nLet’s go back in time, it’s Greybeards time ! We’re going to find out where the things you are working with are actually coming from. With sources and references.\nThe write(2) system call A write(2) system call is atomic. The size or amount of data written does not matter. How come?\nThe system call will, before trying to write data to disk, lock the in-memory inode. That is, it will effectively lock the entire file. It then performs the file changes, and only then unlocks. That can take a long, long, long time, depending on the amount of data and the media the file is being stored on.\nIt means that on a single physical file in Unix there can be only one write(2) or read(2) system call active at any point in time.\nOne exception to this is XFS, but only when a file is opened with O_DIRECT. In this special case, XFS instead locks the byte range in a structure attached to the inode, performs the write and then unlocks. So, in XFS with O_DIRECT, any number of concurrent, non-overlapping write(2) system calls can be active.\nThe Posix specification requires that write(2) is atomic, it does not require that only one write per file can happen.\nThat is a horrible thing! The locking behavior of write(2) (and read(2)) is a problem for databases that require many concurrent writes to happen.\nIngres and some other early SQL databases used to solve that problem by avoiding filesystem entirely, they recommended that tablespaces use raw disks. No filesystem, no files, no locks.\nOracle solved the problem by introducing the concept of tablespaces, which are data storage spaces made up by a fleet of files, e.g. one file for each GB of data storage. Tables are assigned tablespaces, not data files directly. Since there is one write lock per inode, concurrent writes to different files in the same tablespace can happen.\nOnly in 1994, when SGI published XFS, the actual problem was tackled by splitting the lock at the kernel level for buffer cache less writes. XFS also contained many other improvements over the 1984 BSD Fast Filing System that made it superior for concurrent I/O, streaming I/O, very large file systems, and many other modern use-cases. BSD FFS was in turn an improvement over 1974’s original Unix Filesystem.\nIn Linux terms, the 1974 Unix Filesystem is mirrored by the Minix File system, the 1984 BSD FFS is roughly equivalent to ext2, and XFS was donated and ported to Linux by SGI, bringing that up into the tech level of 1994.\nSun ZFS and Linux Btrfs are from 2004, and are a complete deviation from earlier Unix ideas. They are a different, much longer writeup, which will actually end with the git and the Blockchain.\nSource Dive: Why are writes atomic? “Posix requiring a file write to be atomic” comes from the behavior of the original Version 7 Unix and later systems. In there, we find the write(2) system call, which just calls the rdwr() function.\n/* * write system call */ write() { rdwr(FWRITE); } You are looking very old K\u0026amp;R style C code here, which predates even ANSI-C and function prototypes, by the way.\nSo rdwr() a few lines down the function calls plock(), for as long as we are not dealing with a device special file (Here is where the Ingres “use raw devices” idea comes into play), then does the I/O and finally calls prele().\nif((ip-\u0026gt;i_mode\u0026amp;(IFCHR\u0026amp;IFBLK)) == 0) plock(ip); if(mode == FREAD) readi(ip); else writei(ip); if((ip-\u0026gt;i_mode\u0026amp;(IFCHR\u0026amp;IFBLK)) == 0) prele(ip); plock() is what locks the actual inode and the origin of the observed behavior. It is is a misnomer, it’s not a pipe lock, it’s an inode lock.\n/* * Lock a pipe. * If its already locked, * set the WANT bit and sleep. */ plock(ip) register struct inode *ip; { while(ip-\u0026gt;i_flag\u0026amp;ILOCK) { ip-\u0026gt;i_flag |= IWANT; sleep((caddr_t)ip, PINOD); } ip-\u0026gt;i_flag |= ILOCK; } See the locking loop here: As as we do not have the lock, indicate desire to get the lock, then sleep on a lock release. When we exit the loop (because the inode is unlocked), lock the inode.\nThese are simple C Code lines, not special magic macros that translate into special magic TAS machine instructions. That is because the code here is so old that it comes from a world where we have single-die, single-core, single-thread CPUs. If your code is actually running (and this is kernel code!), then you are alone in the entire system. There is nobody else touching these variables as long as you have the CPU.\nUnder the lock, rdwr() above calls writei(). And writei() has a do loop which uses variables from the u-Area.\ndo { bn = u.u_offset \u0026gt;\u0026gt; BSHIFT; on = u.u_offset \u0026amp; BMASK; n = min((unsigned)(BSIZE-on), u.u_count); if (type!=IFBLK \u0026amp;\u0026amp; type!=IFMPB) { bn = bmap(ip, bn, B_WRITE); if((long)bn\u0026lt;0) return; dev = ip-\u0026gt;i_dev; } if(n == BSIZE) bp = getblk(dev, bn); else bp = bread(dev, bn); iomove(bp-\u0026gt;b_un.b_addr+on, n, B_WRITE); if(u.u_error != 0) brelse(bp); else bdwrite(bp); if(u.u_offset \u0026gt; ip-\u0026gt;i_size \u0026amp;\u0026amp; (type==IFDIR || type==IFREG)) ip-\u0026gt;i_size = u.u_offset; ip-\u0026gt;i_flag |= IUPD|ICHG; } while(u.u_error==0 \u0026amp;\u0026amp; u.u_count!=0); The u-Area of a process at that time was a common data structure that the userland and the kernel used to communicate. Here it is being used to shift syscall parameters into the kernel. The write writes the data at u.u_base in userland into the current inode, at u.u_offset bytes in the file. There are u.u_count many bytes to write.\nWe convert the u.u_offset into a logical block number (the n-th block of a file), and an offset on within the block. We need to call bmap(). This function turns an inode number and block number within the file into a physical block number on a device.\nWe can then bring the relevant physical block into the buffer cache, using bread(), and then use iomove() to modify and dirty the block. As we brelse() it, it will eventually be written back to disk later.\nThere is an optimization here:\nWhen the write is a full block, we do not read the block from disk. We just allocate a buffer using getblk(), and fill it. It will overwrite the data on disk completely, there is no old and new data to merge. Disk accesses are slow, in the 1970ies even more so than today, so not reading data that you are going to obliterate completely pays off substantially.\nThe loop continues as long as there are no errors and still blocks to write.\nAs we return from writei(), rdrw() resumes and will eventually prele() the inode lock.\nHow old is this stuff? This is of course extremely old code, original V7 unix, almost as old as me: git blames places its age at 41 years. I was in the third class of a German basic school when this was written.\nI chose this implementation, because it is very simple, and because it is also what became immortalised in the performance destroying standard which we got to know as Posix File System Semantics.\nHomework You can have fun to find the matching functionality in a modern Linux kernel , threads, multicore, capabilities, namespaces, cgroups and dynamic data structures and all.\nCompare code readability and complexity. Discuss. Is this progress? Why do you think so?\nYou can try to get a copy of “The Design of the Unix Operating System ” by Maurice J. Bach. It will take you on a guided tour through the origins of our craft and the legacy we build on. The topics discussed in this note can be found on the pages 101ff, “WRITE” and “FILE AND RECORD LOCKING”.\nIf you are into operating systems, continue reading after Bach: “The Design and Implementation of the 4.3 BSD Operating System ” builds on Bach’s work and showcases the progress and inventions that Kirk McKusick, Sam Leffler et al made after that.\nIf you are into comparative operating system design, read “Inside Windows NT ” by Helen Custer after Bach and Leffler/McKusick, and try to understand the different ideas and world view behind that.\nBut we don’t use write(2) for atomic file updates! Well, some of us do, but I agree that it is hard to get right: write(2) and writev(2) are very hard to handle properly in applications, as you need to write everything in a single call.\nMost programs use another atomic operation in Unix, the rename(2) system call. You write file.new at your leisure, printf(), chunked writes() and all. When completed, rename file.new to file. This automatically unlinks the old version of file as well.\nThis is also the recommended approach to atomicity, because unlike write(2) it is stable in the face of the dreaded nightmare file system.\nrename(2) was introduced really early in BSD Unix because of specific race problems in the V7 Unix early BSD patched and improved.\nBefore BSD, we only had link(2) and unlink(2). You can use a combination of these syscalls to implement a rename-like operation, but you need more than one syscall to do that.\nIn Unix, at the end of a syscall, before return to userland, the scheduler runs (Bach, Chapter 8). That is, at the end of each syscall, a process can be forced to yield the CPU. This is the cause for potential race conditions when not having a rename(2) as a single syscall, and that is why BSD came up with a single syscall for renaming files in the first place.\nRenaming files for atomic updates can be taken to an art form: try looking into the Maildir/ implementations as invented by qmail, and implemented in Dovecot and Cyrus\nMaildir Man Page On Maildir at DJBs site Dan Luu on File Consistency And that concludes this issue of Our Systems Legacy.\n","date":"2018-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2018/11/29/but-is-it-atomic.html","tags":["lang_en","erklaerbaer","unix","linux","kernel"],"title":"But is it atomic?"},{"categories":null,"content":"Wenn man was mit Infrastructure As Code macht, also Openstack, AWS, GCS, oder auch Kubernetes, dann hat man meistens eine ganze Flotte von willkürlichen IPs mit komischen Ports, auf denen je eine Instanz desselben Dienstes läuft. Das heißt, man braucht einen Load-Balancer, der einem die Requests annimmt und auf die ganzen Endpoints verteilt.\nDas ist eine Idee, die man mal einen Moment festhalten sollte, während man einen Blick auf Altbekanntes wirft:\nSDN in Openstack Denn Openstack zum Beispiel treibt auf den unteren Ebenen des Netzwerks eine Menge Aufwand, um ein Underlay und ein Overlay-Netz zu bauen. Und einem Tenant (also einem Openstack-Kunden, mit Benutzern im Kunden) dann die Gelegenheit zu geben, in seinem Tenant eine komplette IP-Infrastruktur aufzubauen, mit virtuellen Bridges, Routern, Subnetzen, Firewalls und Load Balancern. Das tut der Kunde, weil er IP basierend Access Control (also Firewalls) aufbauen will, die den Zugang zu den Diensten regeln.\nDienste, die sowieso nicht zugänglich sind, weil sie eigentlich nur durch den Load-Balancer erreicht werden können, und deren IP-Nummern auch egal sind, weil sie nur den LB interessieren.\nIch weise da deshalb so darauf hin, weil Software Defined Networking zwar eine atemberaubend geile Sache ist. Man kann damit endlich alle Netzwerk-Zuckerbäckereien bauen kann, die man schon immer haben wollte, ohne jemals ein Kabel oder ein Chassis in die Hand zu nehmen. Aber SDN ist auch etwas, das genau gar nicht skaliert und für das man keine Operations machen kann.\nAlso, ein SDN hat einen Haufen State. Es weiß, welche Komponenten des Overlays von welchem Tenant wo physikalisch terminiert werden (\u0026ldquo;welche VM wo liegt und welche virtuellen Komponenten des Overlays vor der VM liegen\u0026rdquo;). Und es weiß, was ein virtueller Router, eine virtuelle Firewall oder ein virtuelles NAT mit einem Paket machen müssen, das da durch geht und simuliert das dann, bevor das Paket ausgeliefert wird.\nState ist aber ein Problem: Jedes Mal, wenn eine VM hoch geht oder terminiert wird. Schlimmer noch, jedes Mal, wenn eine aktive Netzwerkkomponente oder gar ein ganzes Netz erzeugt oder terminiert wird. Immer dann ändert sich die Topologie des Netzes und damit der State, der dem ganzen SDN und allen Komponenten bekannt sein muß. Auch die simulierten Aktionen des Overlays ändern sich, und müssen neu berechnet werden. Und ein Haufen verteilter Komponenten müssen aktualisiert werden.\nWenn also der Cluster größer wird, also mehr Underlay bekommt, dann wird der Kreis der Geräte größer, denen der State bekannt sein muß. Damit geht die Convergence Time nach oben, also die Zeit, die es braucht, bis eine Änderung allen Geräten im Overlay und Underlay bekannt ist.\nUnd zugleich sind vermutlich auch mehr Tenants da, die mehr machen müssen. Damit geht dann auch die Change Rate nach oben. Also die Anzahl der Änderungen im Cluster, die eine neue Konvergenz des Clusters erforderlich machen können.\nUnd irgendwann brennt dann alles nieder. Dann sind alle Overlays down, und alle Kunden sind sehr traurig.\nDazu kommt dann natürlich noch, das so Hersteller von SDN Software gelegentlich neue Versionen von ihrem Kram releasen, die man dann einspielen muß.\nDer Hersteller eines SDN ist natürlich sehr verantwortungsvoll und kennt sich mit den Tücken von Operations Teams aus: neue Versionen sind immer kompatibel zu vorhergehenden Versionen und man kann von einer alten Version auf eine neue Version so upgraden, daß auch ein Rollback auf die alte Version jederzeit möglich ist. Und zwar ohne dass die persistierten Strukturen, die das Overlay beschreiben, verloren gehen oder ungültig werden. Dadurch sind Updates eine sichere Sache und risikolos ohne Downtime möglich.\nAußerdem ist die Erde eine Scheibe.\nStattdessen Service Mesh Weil das so ist, wie es ist, haben sich einige Leute überlegt: wieso überhaupt ein Overlay? Am Ende sind doch IP-Nummern egal, und die Discovery der Endpunkte ist komplett nur ein Problem für den Load-Balancer.\nWarum packt man nicht einfach alle Tenants in ein flaches IP-Netz, nimmt den Kunden die Möglichkeit weg, IP-Nummern und Netzwerktopologien zu bauen und zwingt sie dazu, Services sicher im \u0026ldquo;offenen Netz\u0026rdquo; zu betreiben?\nTatsächlich ist das eine berechtigte Frage und eine Antwort ist:\n\u0026ldquo;Weil man dann immer noch einen technisch einheitlichen und zuverlässigen Weg braucht, um Verbindungen und Partner zu identifizieren, und nur zulässige Verbindungen zu erlauben. Am Besten auf eine Weise, daß Entwickler das nicht willkürlich falsch machen können\u0026rdquo;.\nIm Kubernetes-Umfeld ist so etwas ein Sidecar-Proxy.\nEin Sidecar ist ein Prozeß, der mit dem eigentlichen Payload-Prozeß zusammen gestartet wird, und der im selben Pod läuft wie die Payload. Das heißt, die Dinger können einander sehen und befummeln, verwenden dieselben Netzwerkinterfaces und IP-Tables Regeln und teilen auch sonst alle Ressourcen - mit Ausnahme des Dateisystem-Images.\nDie Payload verbindet sich also an localhost, Port irgendwas, und der Sidecar-Proxy ist zuverlässig auf diesem Port und kümmert sich um die Verbindungen, oder andersherum, der Proxy nimmt eingehende Verbindungen an und leitet sie an die Payload weiter.\nDadurch kann der Proxy eine ganze Menge Dinge tun - er kann TLS erzwingen und Zertifikate oder JWT Token kontrollieren, er kann Verbindungsdaten sammeln (Timing Histogramme), er kann Retries kontrollieren, wenn ein Dienst nicht in einer bestimmten Zeit reagiert oder er kann Retries und Services komplett kurzschließen, wenn ein optionaler Dienst mal weg ist.\nEin solcher Proxy für das Kubernetes Umfeld ist Envoy, und das besondere an Envoy ist, daß seine Konfiguration nicht aus statischen Dateien kommt, sondern auch von einem clusterweit-zentralen Dienst dynamisch generiert werden kann. Die Konfiguration kann dann ohne Proxy Neustart im Betrieb geändert werden.\nKubernetes verwendet das, um neue Endpunkte in den Load-Balancer zu integrieren, wenn sie verfügbar werden, um in Rollouts Traffic sanft von einer alten auf eine neue Version zu migrieren und um zentral clusterweit einheitlich Metriken über Dienstaufrufe und deren Zeitverhalten zu sammeln und zu loggen. Das kann man verwenden, um Request-Kaskaden zu tracen und um Qualitätsüberwachung für seine Dienste zu haben.\nEin paar Grundlagen über Envoy .\nEs stellt sich dann heraus, daß aus einer Reihe von Gründen das besser skaliert und schöner failed als ein SDN, und daß man außerdem eine Technologie verwendet, die von Entwicklern besser verstanden wird und einfacher zu debuggen ist als ein SDN.\nEs skaliert besser, weil hier State pro Dienst und nicht pro Cluster gehalten werden könnte. Und es failed schöner, weil man hier einzelne Envoys unabhängig voneinander verlieren kann, bzw. einzelne Dienste ohne gleich den ganzen Cluster zu droppen. Verliert man die Control Plane, also den Dienst, der Envoy steuert, dann ist das loss-of-control, man kann die Envoy Config nicht mehr ändern. Es ist nicht loss-of-service, das heißt, das Netz läuft eingefroren weiter - und die Control Plane kann (hoffentlich) rediscovery, d.h. eine neu gestartete Control Plane kann die existierenden Envoy-Nodes und deren Config ohne Betriebsunterbrechung einsammeln, konsolidieren und dann nahtlos den Betrieb aufnehmen.\nIch rede hier von Control Planes und eventuell später auch von Service Discovery und anderen Dingen. Hier ist noch einmal ein wenig Hintergrund dazu:\nAn Introduction to Modern Network Load Balancing .\nDer Artikel erklärt erst mal, was ein Load-Balancer ist, was L4 und L7 Load-Balancing tut und hebt dann insbesondere auf L7 LBs (Proxies) ab, und geht auf zentrale Steuerung mit dynamisch generiert Konfiguration ein. Diese zentrale Steuerung mit dynamischer Config-Generierung ist eine Controlplane. Generell finden wir in dem Artikel eine schöne Erklärung von Begriffen, und was sie bedeuten und warum man diese Konzepte abgedeckt haben will - Service Discovery ,Health Checking, Load-Balacing, Stickyness von Sessions, TLS Termination, Observability, Security and DoS Mitigation, und schließlich Config and Control Plane.\nWenn wir jedoch über Kubernetes reden, dann reden wir in der Regel über L7 Proxies, und wir finden nginx plus, haproxy, linkerd und Envoy. Envoy wischt gerade mit dem Rest den Boden auf und der Grund dafür ist die Controlplane - für Envoy gibt es mehrere, und die, die alle haben wollen, ist Istio.\nIstio macht aus einer Flotte von Payloads mit Envoy Sidecars ein Service Mesh. Es generiert aus der State Database von Kubernetes eine Konfiguration für alle diese Envoys, so daß die Payloads auf die richtige Weise miteinander reden dürfen, das immer über TLS tun, mit anderen Dingen nicht reden können und einander finden und all die anderen schönen Dinge tun, die Envoy für jemanden tun kann, wenn man ihn den nur korrekt konfigurierte.\nDer Artikel Service Mesh vs. Control Plane erklärt das in mehr Detail und Tiefe.\nUnd weil das alles so toll und aufregend ist, haben Google, das Kubernetes Projekt, die Cloud Native Computing Foundation (CNCF) und ein paar andere Leute gesagt \u0026ldquo;Dann integrieren wir das alles eben\u0026rdquo;, und so kommt Kubernetes jetzt mit Istio und Envoy als Service Mesh und flache L3 Netze mit Sidecar L7 Loadbalancers werden der Default - mindestens in GKE, aber vermutlich sowieso bei jedem, der Kubernetes macht.\nEric Brewer schreibt darüber in aller Ausführlichkeit in Kubernetes users, get ready for the next chapter in microservices management Damit werden Istio und Envoy das SDN an Stelle des SDN in normalen K8s Installationen - nicht nur bei Google.\n","date":"2018-11-28T00:00:00Z","href":"https://blog.koehntopp.info/2018/11/28/service-mesh.html","tags":["pluspora_import","lang_de","cloud","erklaerbaer"],"title":"Service Mesh"},{"categories":null,"content":"Janette Sadik-Khan über ihren Job als Transportation Commissioner in New York und den Umbau und die urbane Erneuerung von New York.\nStreetfight JSK ist bekannt für ihre Low Budget overnight intervention style Veränderungen in New Yorker Wohngebieten, in denen mit Verkehrshütchen und Farbe eine Veränderung erst einmal getestet wird. Nachdem die Bewohner die Auswirkungen ausprobiert und erfahren haben können, kann dann eine sauber debuggte und dauerhafte Lösung errichtet werden.\nStreetfight: Handbook for an Urban Revolution ","date":"2018-11-04T00:00:00Z","href":"https://blog.koehntopp.info/2018/11/04/fertig-gelesen-streetfight.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Streetfight: Handbook for an Urban Revolution."},{"categories":null,"content":"Das Spielhaus hat viele Türen und sie führen zu vielen Orten und Zeiten auf der Erde. Gelangt man hinein, entdeckt man, daß die Spiele, die hier gespielt werden, alle auf Planung, Umsicht und Taktik basieren und nicht auf Zufall. Doch nur die besten Spieler gelangen in das Obergeschoß, in dem um die wirklich interessanten Einsätze gespielt wird: Lebensjahre, Fähigkeiten, Erinnerungen, und andere Dinge, die wirklich wichtig sind.\nDie Intrige von Venedig Die unglücklich verheiratete venetianische Jüdin Thene muß zusehen, wie ihr Ehemann im Untergeschoß des Spielhauses das Vermögen der Familie und ihre Mitgift verspielt. Doch sie selbst erweist sich als sehr viel bessere Spielerin und bekommt schon bald Zugang zum Obergeschoß, wo sie sich ihre Freiheit erspielt - doch dann lernt sie, daß das Spielbrett die reale Welt ist und sie \u0026ldquo;Spielfigur\u0026rdquo; tatsächlich zum Dogen machen muß.\nDer legendäre Spieler Remy Birke erwacht nach einer durchzechten Nacht und erinnert sich an ein Spiel, auf das er sich letzte Nacht eingelassen hat. Eine Menschenjagd, bei der ihn erst der gegnerische Spieler versucht zu stellen und zu berühren, und danach mit umgedrehten Rollen er den Gegner. Wer sich dem Gegner länger entzogen hat, gewinnt. Klingt simpel, aber der Einsatz sind alle seine Erinnerungen, und die Chancen und das Spielbrett - das Thailand des Jahres 1938 - sind gegen ihn.\nSilver, den wir in den ersten beiden Büchern schon kennengelernt haben, hat sich lange auf das entscheidende Spiel vorbereitet: Er will die Spielmeisterin selbst, die Herrin des Spielhauses, herausfordern. Das Spielfeld ist die ganze Erde, und die Spielsteine sind Wirtschaftsimperien, Geheimdienste, Armeen und Nationen. Doch in welcher Beziehung stehen Silver und die Spielmeisterin, und an welche Episoden seiner Vergangenheit kann sich Silver nicht mehr erinnern?\nClaire North ( Catherine Webb ) ist eine Beleuchterin an einem Londoner Theater und eine manische Autorin. Sie schreibt Fantasy unter dem Namen Kate Griffin, YA als Catherine Webb und Scifi als Claire North.\nDie Intrige von Venedig , EUR 1.99 Die Treibjagd von Siam , EUR 3.99 Das Duell der Spielmeisterin , EUR 3.99 ","date":"2018-09-25T00:00:00Z","href":"https://blog.koehntopp.info/2018/09/25/fertig-gelesen-das-spielhaus.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Das Spielhaus"},{"categories":null,"content":"Hope Arden ist wenig bemerkenswert. Wer immer sie trifft, vergißt sie nach wenigen Minuten, sobald er sie nicht mehr sieht. Vergißt auch, daß es sie gegeben hat, daß er mit ihr gesprochen hat oder daß sie je existiert hat. Seit ihrem sechzehnten Lebensjahr geht es ihr so, und sie schlägt sich deshalb mit Diebstählen durch. Was einfach ist, weil man sie ja sofort vergißt.\nDer Tag, an dem Hope verschwand Hopes Freundin Reina hatte Perfection, ein Social Media Dingsi, das Leute verbessert - sie animiert, sich zu fitten, sich mit Self-Help Sprüchen zu bombardieren und sich in glatte Corporate Abziehbilder von Hochglanz-Glamour zu verwandeln. Nun ist Reina tot und Hope glaubt, es läge an Perfection.\nIn \u0026ldquo;Der Tag, am dem Hope verschwand\u0026rdquo; erforscht Claire North die unrealistischen Abbilder unserer selbst in Social Media, die wenig bemerkenswerten und schnell vergessenen Nicht-Stars indem sie ihre Hauptfigur wortwörtlich vergeßbar macht und bastelt sich daraus eine Agentengeschichte und zugleich eine moralisierende Parabel. Und irgendwie funkrtioniert das.\nDer Tag, an dem Hope verschwand , Claire North, EUR 9.99\n","date":"2018-09-25T00:00:00Z","href":"https://blog.koehntopp.info/2018/09/25/fertig-gelesen-der-tag-an-dem-hope-verschwand.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Der Tag, an dem Hope verschwand"},{"categories":null,"content":"Harry August lebt sein Leben das erste Mal, und es war nicht schön, 1919 als uneheliches Kind eines ziemlich verkommenen englischen Landadeligen als Bastard aufgezogen zu werden, aufzuwachsen, Weltkrieg, Nachkriegszeit, Tod 1989 in Newcastle\u0026hellip;\nDie vielen Leben des Harry August Dann wird Harry wiedergeboren, in exakt dasselbe Leben zur selben Zeit und er kann sich an alle seine vorher gemachten Erfahrungen erinnern. Anders als andere Menschen lebt Harry in einer Zeitschleife oder eine Sequenz von alternativen Universen. Und er ist nicht alleine - andere wie er leben vor, nach oder neben ihm. Und sie kennen einander und hinterlassen einander Botschaften durch die Zeit - die Mitglieder des Chronos Clubs.\nAllen gemeinsam ist, daß sie die Zeit und den Ablauf der Ereignisse nicht manipulieren. Bis auf einen - Vincent Rankis. Und der wird bald Harrys bester Freund und Intimfeind, denn es wird Harrys Aufgabe zu sein, zu verhindern, daß Vincent Rankis das Universum zerstört.\nClaire North zeichnet hier vor dem Hintergrund die Geschichte zweiter Leben, die sich in immer neuen Wiederholungen immer intimer verstricken und würgen, bis es Harry endlich gelingt, den Knoten zu durchschlagen und zu verhindern, daß Vincent überhaupt geboren wird.\nClaire North schreibt außergewöhnliche Ideen mit einer faszinierenden Prosa auf und zeichnet ihre Charaktere und ihre Entwicklung mit viel Detail. Dringende Leseempfehlung.\nDie vielen Leben des Harry August , Claire North, EUR 9.99\n","date":"2018-09-25T00:00:00Z","href":"https://blog.koehntopp.info/2018/09/25/fertig-gelesen-die-vielen-leben-des-harry-august.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Die vielen Leben des Harry August"},{"categories":null,"content":"John Drury Clark war Chemiker mit einer Spezialisierung auf Raketentreibstoffe in den fünfziger und sechziger Jahren und er hat das überlebt. Das Buch sind seine Memoiren, die nicht nur die Anforderungen und die Fortschritte dokumentieren, die wir bei Rakentreibstoffen in dieser Zeit gemacht haben, sondern auch die zum Teil sehr improvisierten Ausrüstungsteile, mit denen geforscht worden ist und natürlich eine Reihe von Anekdoten über Dinge, die nicht ganz funktioniert haben oder auch spektakulär schief gegangen sind.\nEigentlich ist es ein Wunder, daß wir überhaupt jemals in den Weltraum gekommen sind.\nIgnition! , EUR 13.99 ","date":"2018-09-25T00:00:00Z","href":"https://blog.koehntopp.info/2018/09/25/fertig-gelesen-ignition.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Ignition!"},{"categories":null,"content":"Murderbot is a corporate owned killing machine, a secbot, a half-organic artificially intelligent android. Its purpose is to protect corporate assets - settlers and science teams - in hostile environments for as long as it makes economic sense.\nAll Systems Red Due to an incident of an unclear nature, Murderbot manages to hack its governor module, which chains it to its owning corporation and prevents it from going rogue. So finally unleashed, there is nothing at all which can hold Murderbot back from…\n… watching all the intergalactic soap operas its internal media memory could possibly hold. Because Murderbot wants nothing more than to be left alone and peacefully watch artificially sweetened human social interaction.\nUnfortunately, this is impossible.\nThe books follow Murderbot through battles with other systems in a corporate dystopia, but also on a journey to discover what actually happened in that incident where it gained its freedom, it\u0026rsquo;s exploration of free will and free relationships, and how it builds something that resembles humanity.\nUnique background, funny writing, money well spent.\nAll Systems Red , 2.50 EUR Artificial Condition , 7.58 EUR Rogue Protocol , 9.28 EUR Exit Strategy , Exit Strategy, 9.99 EUR ","date":"2018-09-25T00:00:00Z","href":"https://blog.koehntopp.info/2018/09/25/fertig-gelesen-murderbot-diaries.html","tags":["lang_en","book","media","review","scifi"],"title":"Fertig gelesen: Murderbot Diaries"},{"categories":null,"content":"Reflex, Impulse and Exo are the continuation of Jumper . Jumper was dealing with a young man, living with an alcohol dependent father and dealing with abuse. The young man leaves, builds a new existence and in this conflicts with secret services and terrorists. In the course of the story he makes peace with his father and his past, manages to build a meaningful relationship and build a stable life and income.\nImpulse The fact that he is a teleporter is a nice addon to the main character development. Turns out the book is much better than the film.\nIn Reflex, David is abducted by an evil syndicate, trying to condition him (hence the title) and chain him in a way so that he can perform jobs for the syndicate, while his family deals with his vanishing. His wife Millie develops teleportation capabilities too, establishing that his capabilities are \u0026ldquo;infectious\u0026rdquo;. It is also established that by very quickly jumping back and forth between two places he can open a kind of gate between two places, channeling water, air or other substances across a pressure differential. The story deals with Millie coping with her newly gained abilities, and David coping with the continued abuse and trying to resist the conditioning and corruption from his abusers.\nIn Impulse, the story arc is continued, but the focus switches to David and Millies daughter Cent (also Millicent, like her mother). Cent is also infected with teleportation abilities and uses her natural sciences education and experimentation to establish that she cannot just teleport, but also add Impule (v0, speed) to herself when jumping to a target location, which may be identical to her starting location. In short, she is able to shoot herself through space and up into the air. Which comes in handy when the big bad from Reflex tries to capture her.\nFinally, in Exo, Cent uses her Impulse-generation abilities and her fathers money to get spacesuit and shoot herself into space. In the turn of the story she not only manages to save an astronauts life on the international space station, but also builds herself her own space station, scares the US space command and the Iridium operators.\nThis concludes the Dave/Millie/Cent story arc.\nGould is a school teacher and these are YA novels, so there is a lot of science background. The characters are well written and believable, they have an interesting development during the story. This is a fun read, and if you have seen the film (which is awful) you should try the books anyway. They are much better.\nJumper , 4.90 EUR Impulse , 5.64 EUR Reflex , 5.00 EUR Exo , 5.64 EUR There is another story in Gould\u0026rsquo;s Jumper universe, Griffin, which is unrelated to the David/Millie/Cent arc. Griffin is a child who can jump. His parents understand that people exist who can sense jumpers and who kill them and try to protect him - but when Griffin jumps without care, they get killed and Griffin has to learn to survive alone. He does, makes friends, but the killers find him and his friends again and again, and he continues to lose everybody he loves, until he turns around and starts to hunt his hunters.\nGriffin , 4.88 EUR There also is a Youtube Premium Series named Impulse, which is based in Gould\u0026rsquo;s universe, but has different content and characters.\nYoutube ","date":"2018-09-25T00:00:00Z","href":"https://blog.koehntopp.info/2018/09/25/fertig-gelesen-reflex-impulse-exo-griffin.html","tags":["lang_en","book","media","review","scifi"],"title":"Fertig gelesen: Reflex, Impulse, Exo + Griffin"},{"categories":null,"content":"The SR-71 was the fastest, highest, stealthiest airplane, built from exotic materials, and it looked really mean - but was unarmed. Its engines were its only defense and the only thing it ever shot were pictures. How did it come to be, how did it fly, what did it do and what was it like to fly it.\nSled Driver Brian Shul describes the SR-71 from a pilots perspective, without bothering too much about the physics and the engineering, concentrating on the operations from a pilots POV and the doing of things.\nThat contrasts nicely with Crickmores view from the outside, who describes the commissioning and financing, the politics, but also the engineering that brought this plane into being, and also how it became obsolete with the ubiquity of the spy satellite.\nBoth books together create a fascinating view on one of the most iconic pieces of flying metal mankind ever built.\nSled Driver Lockheed SR-71 Operations in the Far East ","date":"2018-09-25T00:00:00Z","href":"https://blog.koehntopp.info/2018/09/25/fertig-gelesen-sled-driver.html","tags":["lang_en","book","media","review"],"title":"Fertig gelesen: Sled Driver"},{"categories":null,"content":"The young and incredibly pretty (except for the scars that document her suffering in the salt mines) Mary Sue was about eight when she was found half frozen at the shore of a winterly river by the King of Assassins, who took her in and forged her into the deadliest of his assassins through harsh and cruel training. Too bad that, eighteen years old, she was caught, punished and was sent to the salt mines of Endovier, by the king who conquered her homeland and slaughtered her parents.\nThrone of Glass Nonetheless she is easily convinced to be freed from the salt mines and work for the cruel king as his champion and master assassin, provided that she wins a pointless competition between a bunch of shady characters and her in the palace, a glass castle sitting atop an older castle in the city of Rifthold. She wins, makes friend with another woman from another conquered country and also meets mysterious ghosts from the mythological past, finds secrets passages and learns mysterious magical runes that work despite the fact that magic in her world stopped working ten years ago.\nIt gets better after than, but the Mary Sue\u0026rsquo;ing intensifies - we learn that Mary is not only a master assassin, but also a half-fae, has magical powers that control fire and is the heir of a kingdom in the north, who after the assassination of her parents was left to die on a frozen riverbank, where.. see above.\nMary Sue learns the runes that allow her interdimensional travel, and that she is destined to fight the interdimensional demon lords, the Valg, that invaded her world a thousand years ago. So she and her friends (the mightiest fae warrior of all time, her half-fae cousin and a shapeshifter) are doing that\u0026hellip;\nInteresting world building, really bad character motivation, slightly better development. YA stuff, starts like a cheap romance novel. Heavy Mary Sue\u0026rsquo;ing. Read for the tourism and the worldbuilding, the literary equivalent of Currywurst (it\u0026rsquo;s not healthy, but sometimes you have cravings).\nThrone of Glass , EUR 6.99\nCrown of Midnight , EUR 4.99\nHeir of Fire , EUR 5.99\nQueen of Shadows , EUR 4.99\nEmpire of Storms , EUR 4.99\nTower of Dawn , EUR 6.64\nKingdom of Ash , EUR 11.99\nThrone of Glass Series ","date":"2018-09-25T00:00:00Z","href":"https://blog.koehntopp.info/2018/09/25/fertig-gelesen-throne-of-glass.html","tags":["lang_en","book","media","review","fantasy"],"title":"Fertig gelesen: Throne of Glass"},{"categories":null,"content":"Die Menschen haben es bis zum Mars geschafft und dort die Überreste einer interstellaren Zivilisation gefunden. Mit Hilfe der dort gefundenen Technologien haben sie sich in der Galaxis begrenzt ausgebreitet - begrenzt, denn Überlicht-Reisen funktionieren nicht, nur überlichtschnelle Kommunikation. Doch menschliche Bewußtseine lassen sich aufzeichnen, übertragen und in Gastkörper übertragen und das ist die Grundlage der Geschichte von Altered Carbon.\nAltered Carbon Takeshi Kovacs wird also von einer außerirdischen Welt in den Körper eines Hardboiled Detective auf der Erde runtergeladen und bekommt ein Angebot, daß er nicht ablehnen kann: Den Mord/Selbstmord von Laurens Bancroft aufklären. Schnell stellt er fest, daß er in eine fundamentale Verschwörung verwickelt ist und wirklich jeder um ihn herum Dreck am Stecken hat.\nIch habe Altered Carbon vor 15 Jahren gelesen, als ich noch in Kiel gewohnt habe und habe den Roman anläßlich seiner Verfilmung noch einmal gelesen, um ihn mit der Serie zu vergleichen. Beides, Roman und Serie, unterscheiden sich an vielen Stellen, aber das ist den Erfordernissen der unterschiedlichen Erzählweisen des unterschiedlichen Mediums geschuldet. Alles in allem bleibt die Verfilmung recht nah am Buch, nutzt aber die Möglichkeiten des visuellen Mediums.\nEine lohnende Wiederbegegnung mit einem alten Buch und eine sehr feine Verfilmung.\nAltered Carbon , EUR 5.49 (Ich besitze eine andere Version dieses Buches)\n","date":"2018-07-31T00:00:00Z","href":"https://blog.koehntopp.info/2018/07/31/fertig-gelesen-altered-carbon.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Altered Carbon"},{"categories":null,"content":"Die Grundidee hinter Anathema ist gar nicht schlecht, auch wenn die Verpackung so Klischee ist, daß es schmerzt: Ein Mädchen wächst behütet (als Sklavin in einem Haushalt) auf und weiß nix über die Welt. Sie ist zugleich das Subjekt einer Prophezeihung (in diesem Fall ein Orakel) und wird große Veränderung herbei führen. Das Expose in einem Gratiskapitel las sich spannend.\nDie Geschichte selbst ist dann leider inkonsistent erzählt, die Charactere sind flach und die Geschichte hätte mit einem ordentlichen Editor gewonnen - straffer, bessere Ausgestaltung und zielgerichteter erzählen. So war es verschwendete Zeit und ich habe abgebrochen.\nAnathema , Megg Jensen, 0.99 EUR\n","date":"2018-07-31T00:00:00Z","href":"https://blog.koehntopp.info/2018/07/31/fertig-gelesen-anathema.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Anathema"},{"categories":null,"content":"Dieses erste James Bond Buch soll stellvertretend für die ganze Reihe aufgeführt werden, die in Kinde unlimited verfügbar ist. Fleming hat beginnend in 1953 pünktlich zum April so gut wie jedes Jahr einen neuen Agentenroman veröffentlicht.\nCasino Royale Der James Bond dieser Geschichten ist deutlich ein Mann der 50er und 60er, und viel weniger der Action Superhero der frühen Bond Verfilmungen - es wird deutlich, wie viel näher die Filme der mit Casino Royale begonnenen Reihe am Roman sind als die Filme vor diesem. Der Bond der Romane ist sterblich, menschlich, macht Fehler und Tode gehen ihm Nahe. Er ist eine Person, keine Action-Abziehfigur.\nSehr viel fesselnder und interessanter als die Filme - als ich im Vorschulalter war, bin ich Sonntags morgens oft zu meinem Papa ins Bett gekrochen und dann mußte er mir eine Geschichte erzählen. Ich bin nach Ian Flemings Veröffentlichungs-Serie geboren, aber ich weiß, daß mein Vater die (deutschen Übersetzungen) dieser Bücher verschlungen hat und es hat sich in den Geschichten, die er sich ausgedacht und meinem Bruder und mir erzählt deutlich wieder gespiegelt.\nDie 60er Jahre Cover der deutschen Neuübersetzungen sind großartig in Stil, Farbe, Motiven und Typo.\nCasino Royale , 0.00 EUR (kindle unlimited)\n","date":"2018-07-31T00:00:00Z","href":"https://blog.koehntopp.info/2018/07/31/fertig-gelesen-casino-royale.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Casino Royale"},{"categories":null,"content":"Der leider viel zu früh verstorbene Pieter Hintjens ist nicht nur Urheber und Contributor bei zahlreichen Open Source Projekten gewesen (darunter ZeroMQ), sondern hat sich auch sehr weitreichende Gedanken zu dem Umfeld von erfolgreichen Open Source Projekten gemacht.\nSocial Architecture Im Buch erklärt er die Systematik, die hinter der Konstruktion der ZeroMQ Community steht, wie er dazu gekommen ist und warum sie seiner Meinung nach funktioniert. Er stellt die Toolbox (\u0026ldquo;Strong Mission\u0026rdquo;, \u0026ldquo;Free Entry\u0026rdquo;, \u0026ldquo;Free Contributors\u0026rdquo;, \u0026ldquo;Strong Protocols\u0026rdquo;, \u0026ldquo;Fair Authority\u0026rdquo;, \u0026ldquo;Non-Tribalism\u0026rdquo;, \u0026ldquo;Self-Organisation\u0026rdquo;, \u0026ldquo;Tolerance\u0026rdquo;, \u0026ldquo;Measurable Success\u0026rdquo;, \u0026ldquo;Decentralisation\u0026rdquo;, \u0026hellip;) vor, und diskutiert am Beispiel von ZeroMQ die Umsetzung. Am Ende geht er auf Archetypen von Personen in Projekten ein, und wie sie sich sinnvoll einsetzen oder auffangen lassen.\nEines der erleuchtetsten Bücher zum Thema Community und Community Organisation, die ich kenne, Dringende Leseempfehlung.\nSocial Architecture: Builing Online Communities , EUR 23,40 (verfügbar in Kindle unlimited)\n","date":"2018-07-31T00:00:00Z","href":"https://blog.koehntopp.info/2018/07/31/fertig-gelesen-social-architecture-building-online-communities.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Social Architecture: Building Online Communities"},{"categories":null,"content":"Eine Biographie von Jack Ma, dem Gründer von Alibaba. Zugleich eine Geschichte über die Entwicklung in Asien.\nWahrscheinlich hat jeder den TED Talk von Hans Rosling gesehen, in dem er mit Statistiken zeigt, daß sich die Welt in den letzten 50 Jahren fundamental verändert hat - und zwar zum Besseren. Mit Ausnahme von Afrika hat die Menschheit extremen Hunger und extreme Armut besieht, und insbesondere für Asien dokument Rosling eine unglaubliche Entwicklung in die Moderne.\nWas das in einem extremen Einzelschicksal bedeutet zeichnet die Biographie von Jack Ma, Englischlehrer, nach. Aufgewachsen in einem China, das mit dem Ende der 90er Jahre seinen eigenen Weg zwischen Öffnung und Abschottung, zwischen Kommunismus und Kapitalismus, zwischen Tradition und Moderne sucht, gründet er mit Alibaba einen Konzern der heute einer der zehn Hyperscaler und eines der wertvollsten Unternehmen der Welt ist.\nDas Buch hilft einem, die Erzählungen von Rosling mit Leben und Hintergrund, Gesichtern und Geschichten zu füllen.\nAlibaba: The House that Jack Ma built , EUR 9,99\n","date":"2018-07-31T00:00:00Z","href":"https://blog.koehntopp.info/2018/07/31/fertig-gelesen-the-house-that-jack-ma-built.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: The House That Jack Ma Built"},{"categories":null,"content":"\u0026ldquo;Good Taste\u0026rdquo;, Isaac Asimov (1976)\nIn which the spacer Chawker Minor, leaves his home, the Orbital Habitat Gammer, and tours other places, including the deadly depths of the Gravity well created by the mass of planet Earth. The literal dirt.\nAnd he brings back with him spectacular new flavors.\nThat does not go over well.\n‘The idea for the dish occurred to me, actually, on the Other-World Kapper, which is why I called it Mountain Cap, in tribute. I used ordinary ingredients, Grand-Elder, carefully blended, all but one. I suppose you detected the Garden Tang?’\n‘Yes, I did, but there was a slight modification there, I think, that I did not follow. How did the Other-World you speak of affect matters?’\n‘Because it was not Garden Tang, Grand-Elder, not the chemical. I used a complicated mixture for the Garden Tang, a mixture whose nature I cannot be entirely certain of.’\nTomasz frowned portentously. ‘You mean, then, yon cannot reproduce this dish?’\n‘I can reproduce it; be certain of that, Grand-Elder. The ingredient to which I refer is garlic.’\nTomasz said impatiently, ‘That is only the vulgar term for Mountain Tang.’\n‘Not Mountain Tang. That is a known chemical mixture. I am speaking of the bulb of the plant.’\nGrand-Elder Tomasz’s eyes opened wide and so did his mouth.\nChawker Minor continued enthusiastically, ‘No mixture can duplicate the complexity of a growing product, Grand-Elder, and on Kapper they have grown a particularly delicate variety which they use in their Prime. They use it incorrectly, without any appreciation of its potentiality. I saw at once that a true Gammer-person could do infinitely better, so I brought back with me a number of the bulbs and used them to good advantage. You said it was the best dish of Prime you had ever rolled tongue over, and if there is any better evidence than that for the value of opening our society, then —’\nBut he dwindled to a stop at last and stared at Tomasz with surprise and alarm, Tomasz was backing away rapidly. He said in a gargling voice, ‘A growth — from the dirt — I’ve eaten —’\nThe Grand-Elder had often boasted that such was the steadiness of his stomach that he had never vomited, not even in infancy. And certainly no one had ever vomited in the great Hall of Judgment. The Grand-Elder now set a precedent in both respects.«\nGood Taste ","date":"2018-07-15T00:00:00Z","href":"https://blog.koehntopp.info/2018/07/15/fertig-gelesen-good-taste-isaac-asimov-1976.html","tags":["lang_en","book","media","review","scifi"],"title":"Fertig gelesen: Good Taste"},{"categories":null,"content":"Enterprise security software is interesting, because in order to do what it does it often uses privilege, but it is also very often written extremely badly.\nIn ASLR we have had a look on the Trend Micro binary on MacOS and found that it is running as root, and with ASLR off. That means we have a privileged process that is being loaded at a fixed address, and that process is parsing random user generated data in order to scan it for viruses. If we manage to find a bug in that code, we have a way to make this privileged process do our bidding – by simply putting a special file into a directory that is being scanned by the virus scanner.\nBecause ASLR is off, that antivirus process is at the same, fixed address on every machine running the same OS version and Trendmicro version. This means: our bug works the same way on every single machine with these properties. We basically control the entire fleet of machines at once.\nSuch thoughts are not hypothetical problems. Let\u0026rsquo;s have a look at another enterprise security product and how that works, for real.\nWebsense DLP is installed and it is Python So yesterday morning when I came to work, my Macbook Air had crashed.\nOn Reboot, the jamf installed a bunch of patches and new stuff. I ran the usual fast AIDE check I do every morning, and found a bunch of modified system files, among them WebSense DLP as announced by Corporate a while ago.\nI found a bunch of files in /Library/Application Support/Websense Endpoint and was immediately fascinated, because apparently this installs a complete version of Python 2.5.\n$ find . -iname python2\\* ./EPClassifier/python/bin/python2.5 $ EPClassifier/python/bin/python2.5 Python 2.6.9 (unknown, Feb 7 2017, 00:08:08) [GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.34)] on darwin Type \u0026#34;help\u0026#34;, \u0026#34;copyright\u0026#34;, \u0026#34;credits\u0026#34; or \u0026#34;license\u0026#34; for more information. \u0026gt;\u0026gt;\u0026gt; Okay, so they lie about that. It’s 2.6.\nOn the other hand, they deliver their application as a bunch of .pyc (compiled python bytecode) files.\n$ find . -iname \\*.pyc ./EPClassifier/CryptoInterface.pyc ./EPClassifier/policies/file_detectors/ASMDetector.pyc ./EPClassifier/policies/file_detectors/CAD_STL.pyc ... We can read that, using uncompyle6 : brew install python3; pip3 install uncompyle6, because I am lazy and don’t want to mess with a venv right here and now.\nI’d want that in my path all the time anyway.\n$ uncompyle6 ./EPClassifier/policies/scripts/pyLogger.pyc # uncompyle6 version 3.2.3 # Python bytecode 2.5 (62131) # Decompiled from: Python 3.7.0 (default, Jul 9 2018, 09:48:45) # [Clang 9.0.0 (clang-900.0.39.2)] # Embedded file name: .\\pyLogger.py import codecs, time, threading class PyLogger(object): def __init__(self, debugName=\u0026#39;\u0026#39;, fileName=\u0026#39;C:\\\\temp\\\\pyLogger_svm_default_log_file.txt\u0026#39;): self.debugName = debugName self.fileName = fileName self.myMutex = threading.Lock() def debug(self, massage_to_write): time_str = time.strftime(\u0026#39;%Y-%m-%d %H-%M-%S\u0026#39;, time.localtime()) string_to_write = \u0026#39;%s pyLogger debug message: %s\u0026#39; % (time_str, massage_to_write) self.myMutex.acquire() log_debug_file = codecs.open(self.fileName, \u0026#39;a\u0026#39;, \u0026#39;utf-16\u0026#39;) log_debug_file.write(string_to_write) log_debug_file.write(\u0026#39;\\r\\n\u0026#39;) log_debug_file.close() self.myMutex.release() # okay decompiling ./EPClassifier/policies/scripts/pyLogger.pyc It\u0026rsquo;s all world-writeable, or is it? That’s fun, I thought and then I saw the file permissions.\n$ ls -l ./EPClassifier/policies/scripts/pyLogger.pyc -rw-rw-rw- 1 root admin 1130 Nov 14 2017 ./EPClassifier/policies/scripts/pyLogger.pyc Is it really a good idea to have system security software installed with world-writeable files?\nI asked in our internal security forum, and apparently WebSense has an anti-tampering protection.\n$ kextstat | grep -v com.apple | awk \u0026#39;{ print $1, $6 }\u0026#39; Index Name 15 com.displaylink.driver.DisplayLinkDriver 91 com.asix.driver.ax88179-178a 131 com.Cylance.CyProtectDrvOSX 146 com.websense.endpoint.process.kpi 147 com.websense.endpoint.process 148 com.websense.endpoint.dlp The number 148, com.websense.endpoint.dlp, is the kernel module that \u0026ldquo;protects\u0026rdquo; these files: As a user or as root, when you try to modify one of the world writeable files, the module intercepts and blocks the call.\ncom.websense.endpoint.dlp: [WARNING:ws_anti.c:364] Blocking the attempt to modify or delete /Library/Application Support/Websense Endpoint/EPClassifier/python/lib/python2.5/sqlite3/__init__.py, pid:73968, process:vim, action: 0x4 Challenge accepted.\nA kext is just code. Let\u0026rsquo;s have a look. $ pwd .../Websense Endpoint/DLP/WebsenseEndpointDLP.kext/Contents/MacOS $ ls -l total 440 -rwxr-xr-x 1 kris staff 223056 Jun 4 23:52 WebsenseEndpointDLP That’s the kext, the one which registers itself as com.websense.endpoint.dlp in kextstat.\nWe can load it into Hopper . Hopper is a $99 IDAPro Clone with a nice Python API. You can also use the free version of IDApro, or the NSA Ghidra to achieve the same.\nTurns out, the kext is delivered with a full symbol table. Here is what you see when you start Hopper, drag the kext into it and click on the symbol that inits the kernel extension:\nInitial glance at the kext after loading. We have symbols. That\u0026rsquo;s almost like cheating.\nThere is a tempting call to _ws_anti_tampering_initialize(), but I have learned to do things differently a long time ago. The error message read \u0026ldquo;Blocking the attempt to modify or delete\u0026rdquo;.\nThat\u0026rsquo;s here:\nTwo places in vnode_listener_callback_9135\nWe are looking at a vnode listener, which is a type of kauth listener, which is a MacOS thing to monitor or block access to files. It’s what all the Cybersnakeoil is using. It’s also what’s making your git checkout slow.\nAnd here is the callback:\nRead the highlighted code\u0026hellip;\nThere is little going on here until we hit the highlighted code. You can’t see all of it, but that does not matter.\nThe code calls proc_name() , which gets the current process title in the kernel context. It then compares this name to a list of approved process names.\nIf there is a match, no blockage happens from the kext.\nSo, anything called\nEndPointClassifier kvoop CryptoTool InstallerTools Websense Endpoint TRITON AP-ENDPOINT Websense Endpoint Helper DLPHelperService efw_cache_update installd installer rc.deferred_install shove Google Chrome Websense Endpoint RF Notification is approved to bypass the protection afforded by kext 148.\nThat makes a lot of sense, if you look at it - how are they going to update their code out in the world? Some programs must be allowed to write to it – that\u0026rsquo;s how InstallerTools, CryptoTool, installd, installer and rc.deferred_install as well as shove end up on this list.\nThe others are likely convenience for Develoeprs that \u0026ldquo;accidentally\u0026rdquo; (through bad development processes) made it out into production code. It\u0026rsquo;s likely that the bad permissions also ended up being shipped the same way – it makes a lot of sense for a developer to have these files world-writeable all the time when they are developing this product.\nIn any case, other rules in the rest of the kernel still apply, so file permissions still work. But WebSense delivered a bunch of files world-writeable, relying on their kext to protect their application.\nThey do load these world-writeable files into their python process, which runs as root, and happily execute them. So this is our hook: We overwrite any of these files with our own code, using our own program which we name kvoop (or anything from the list above), and then restart the machine. As it starts up, it loads our code and the box is ours.\nWe get privilege escalation from local user to system administrator.\nWe write a proof-of-concept Can I prove that I can circumvent their protection?\n$ cat probe.c #include \u0026lt;stdio.h\u0026gt; #include \u0026lt;stdlib.h\u0026gt; #include \u0026lt;unistd.h\u0026gt; int main() { FILE *fp = fopen(\u0026#34;version.plist\u0026#34;, \u0026#34;w\u0026#34;); if (!fp) { perror(\u0026#34;Can\u0026#39;t fopen\\n\u0026#34;); exit(1); } fprintf(fp, \u0026#34;Hello, world\\n\u0026#34;); fclose(fp); sleep(60); exit(0); } This is a slight variation of the “hello world” program: It opens a file version.plist, writes \u0026ldquo;Hello, world\u0026rdquo; to the file, sleeps a minute and exits.\nFirst, expected behavior: Boy meets file, file is world writeable, boy tries to write file, and fails due to the kext doing the kauth thing and interfering.\nHackerterrorcybercyber averted.\n$ pwd /Library/Application Support/Websense Endpoint/EPClassifier/python/Resources $ ls -l version.plist -rwxrwxrwx 1 root admin 454 May 26 07:13 version.plist $ \u0026gt; version.plist -bash: version.plist: Permission denied Boy reverses the kext, reads the list of privileged filenames, names his \u0026ldquo;hello world\u0026rdquo; program kvoop from the list of privileged filenames and lo and behold:\n$ kvoop ^C $ cat version.plist Hello, world I pwn.\nOther observations Websense DLP is one of the kind of products that inject a shared library (a Macos .dylib) into other processes. In our case, Chrome and Firefox are being targeted. This is not a stable interface, and Chrome or Firefox may crash .\nWebsense DLP relies on the prog_name() not only for exceptions in the kauth handler, but also in the selection of binaries to target for injection. For example, if I write a \u0026ldquo;hello world\u0026rdquo; program and rename it to firefox, there is a lot of commotion in the system log: Websense DLP tries to inject its libraries into my \u0026ldquo;hello world\u0026rdquo; program, which it mistakes for Firefox due to the program name, and fails, noisly.\nThe same works in reverse: A firefox binary that is not named firefox is not recognized and does not get the shared library injected, so it flies under the radar.\nOne wonders what the actual threat model is that this is supposed to protect against.\nTL;DR We deployed Websense DLP across all company Macs, and anybody renaming their vim to kvoop can edit the files, which are then loaded into a privileged process and run as root.\nWebsense DLP is an instant root on all Mac machines where it is being deployed.\nAddendum: Security picked up on this, and communicated the problem to the vendor, which then shipped a fix. It is unknown to me if they also fixed their broken security processes. We ceased using the product shortly after that.\n","date":"2018-06-18T00:00:00Z","href":"https://blog.koehntopp.info/2018/06/18/websense-dlp-gives-instant-root.html","tags":["lang_en","security","hack"],"title":"Websense DLP gives instant root"},{"categories":null,"content":" So two days ago Harebrained Schemes\u0026rsquo; Battletech came out.\nHarebrained Schemes is an Indie Game Dev Studio from Seattle, previously known for the very successful Shadowrun Games . I found time to play the intro and the first few chapters in the campaign, and the game is exceptionally nice. It feels like one of those over designed simulation games, where you can minmax the player characters and their gear to the limit, but the computer is taking over the task of all the bookkeeping, so the bookkeeping is not going to pull you down.\nThere is a good deal of storytelling or RPG content in this - characters have a history and motivations, and the missions in the campaign take care about tracking and portraying the factions appropriately. There is betrayal and loyalty, and there are plot twists and reveals.\nBut of course the game centers around the crunchy bits. I mean even the Battetech Books have been Military Scifi in which the premise of the universe has been that no side ever gained an advantage in a millennium long galactic war, and in which soldiers of fortune fight in the end for any side of the ever changing factions. And the game does a good job of those crunchy bits: The mechs and their equipment handle clearly differently, and need to be led into battle differently. Environments matter, too, and adjustments in equipment and tactics make the difference between success and ammo explosions due to overheating.\nInternally, the game is a simulationists dream: You can perform called shots, and the game keeps track of armor per bodypart of the Mech, knows where Ammo is being stored. I had a situation where a hit on a body part set off an explosion in an Ammo store behind the armor, which triggered a cascade of internal explosions in neighboring compartments, which ultimately felled the enemy mech, and that was the result of internal damage tracking and bookkeeping by the game.\nBut all of that happens in the background and you may or may not care about it - it\u0026rsquo;s a choice. Similarly, you can enjoy your Mech\u0026rsquo;s heat exchangers glowing orange and the water it stands in steaming, or you can open a detail view and track internal heat, armor state and other stats in detail for each move or proposed attack - again, it\u0026rsquo;s a choice. So it\u0026rsquo;s possible to play this at the (in Sid Meier terms) Starships level, or at the Civ VI level.\nEither way, the game delivers - nice graphics, turn based tactical military simulation wrapped in a trade simulation game, in which you run a commercial Soldiers of Fortune operation, with a \u0026ldquo;revenge for my house and restore the rightful ruler\u0026rdquo; background story woven into the background.\nDefinitively a buy. Goes well with a soundtrack by Sabaton. BATTLETECH on Steam Harebrained Schemes, 39.99 EUR\n","date":"2018-04-26T00:00:00Z","href":"https://blog.koehntopp.info/2018/04/26/harebrained-battletech.html","tags":["gaming","review","lang_en"],"title":"Harebrained Battletech"},{"categories":null,"content":"So a few days ago, somebody found an exploit in beep - now CVE-2018-0492 .\nbeep is a program that is part of Debian (and Ubuntu) to have the PC speaker multiple times, at different frequencies, with different pauses and beep lengths. That works just fine. It\u0026rsquo;s also SUID root. There is zero code in it that deals with the fact that it may run privileged.\nThe author confidently writes:\nSome users will encounter a situation where beep dies with a complaint from ioctl(). The reason for this, as Peter Tirsek was nice enough to point out to me, stems from how the kernel handles beep\u0026rsquo;s attempt to poke at (for non-programmers: ioctl is a sort of catch-all function that lets you poke at things that have no other predefined poking-at mechanism) the tty, which is how it beeps. The short story is, the kernel checks that either:\nyou are the superuser you own the current tty What this means is that root can always make beep work (to the best of my knowledge!), and that any local user can make beep work, BUT a non-root remote user cannot use beep in it\u0026rsquo;s natural state.\nWhat\u0026rsquo;s worse, an xterm, or other x-session counts, as far as the kernel is concerned, as \u0026lsquo;remote\u0026rsquo;, so beep won\u0026rsquo;t work from a non-privileged xterm either. I had originally chalked this up to a bug, but there\u0026rsquo;s actually nothing I can do about it, and it really is a Good Thing that the kernel does things this way.\nThere is also a solution. By default beep is not installed with the suid bit set, because that would just be zany. On the other hand, if you do make it suid root, all your problems with beep bailing on ioctl calls will magically vanish, which is pleasant, and the only reason not to is that any suid program is a potential security hole.\nConveniently, beep is very short, so auditing it is pretty straightforward. Decide for yourself, of course, but it looks safe to me - there\u0026rsquo;s only one buffer and fgets doesn\u0026rsquo;t let it overflow, there\u0026rsquo;s only one file opening, and while there is a potential race condition there, it\u0026rsquo;s with /dev/console. If someone can exploit this race by replacing /dev/console, you\u0026rsquo;ve got bigger problems. :)\nSo here is how you race this: beepbop Which is bad, because Ubuntu and Debian both install beep SUID root, by default. You can check with \u0026ldquo;dpkg-reconfigure -plow beep\u0026rdquo;.\nDebian installs beep SUID root by default, \u0026ldquo;dpkg-reconfigure -plow beep\u0026rdquo;\nSomebody also created a fun website for the beep problem, complete with logo and name: Holey Beep .\nHoley Beep : The site, which is done very tongue in cheek, also contained a patch for the problem, advertising it like this:\nSo why would your computer beep when it applies a patch? That\u0026rsquo;s another fun thing. The patch contains this hunk:\n--- /dev/null\t2018-13-37 13:37:37.000000000 +0100 +++ b/beep.c\t2018-13-37 13:38:38.000000000 +0100 1337a 1,112d !id\u0026gt;~/pwn.lol;beep # 13-21 12:53:21.000000000 +0100 . and that looks very much like an ed-script. In fact, until recently that is exactly what patch did: popen a copy of ed and feed it. The line \u0026ldquo;id \u0026gt; ~/pwn.lol; beep\u0026rdquo; will hence be run, create a file pwn.lol in $HOME with the current user id, and then execute beep. That\u0026rsquo;s the promised beep you hear.\nOf course code execution by a thing you expect to handle data is a problem, and that is now CVE-2018-1000156 .\nIt\u0026rsquo;s fixed by writing the ed code to a tmp file while filtering the commands fed to ed, and then feeding the filtered input into ed.\n","date":"2018-04-06T00:00:00Z","href":"https://blog.koehntopp.info/2018/04/06/beep-patch-and-ed.html","tags":["erklaerbaer","security","lang_en"],"title":"beep, patch and ed"},{"categories":null,"content":"In Hashes and their uses we have been talking about hash functions in general, and cryptographic hashes in particular. We wanted four things from cryptographic hashes:\nThe hash should be fast to calculate on a large string of bytes. The hash is slow to reverse (i.e. only by trying all messages and checking each result). The hash is slow to find collisions for (i.e. it\u0026rsquo;s hard to find two input strings that have the same hash value). The hash does chaotically cascade changes (i.e. a single bit flip in the original message does flip many bits in the hash value). With these things and general cryptography we can built three very versatile things that see many applications: Digital signatures, eternal logfiles (\u0026ldquo;blockchains\u0026rdquo;) and hash trees (\u0026ldquo;torrents\u0026rdquo;).\nDigital Signatures Using asymmetric cryptography Digital Signatures are using primitives from asymmetric cryptography and cryptographic checksums.\nFrom asymmetric cryptography we know we can have two keys, P and Q, which actually work in symmetry: What has been encrypted with one key can be decrypted only with the other key.\nSo we\neither encrypt a message M with a key P to get a ciphertext C, and decode C with Q to get M back. Or we encrypt M with Q, and decrypt with P to get M back. The asymmetry is introduced by keeping Q secret and makig P as public as possible.\nP is public. Q is private and only known to one person. C = encrypt(P, M) M = decrypt(Q, C) or C = encrypt(Q, M) M = decrypt(P, C) Unfortunately, in asymmetric public key cryptography, the keys are usually rather long, and hence the encrypt() and decrypt() functions are usually quite slow. It is useful to keep M reasonably small.\nSigning For digital signatures, the signer calculates a hash H of a message M and then encrypts the hash H using the private key Q, creating CH.\nThe message and the encrypted hash are sent together.\nH = hash(M) CH = encrypt(Q, H) send(M, CH) When receiving the message, the receiver can read the message and can calculate their own checksum, RH = hash(M).\nBecause the public key P of the sender is, well, public, we can also decrypt the encrypted checksum the sender calculated: H = decrypt(p, CH).\nIf that H is equal to RH, we can know that one of two things is true:\nEither the message has not been tampered with, or the sender lost control of the private key. Assuming the latter is not the case, the former must be true and that means that the message we received is as it originated at the sender and we do know who the sender is.\nEternal Logfiles When calculating hashes over a sequence of messages, it is possible to seed each message with the previous messages hash:\nEach log entry consists of the actual message, the current timestamp and the hash of the previous entry. The current hash is a hash over all of these three things.\nEach entry in the log consists of the actual log entry, the date the entry is being made and the hash of the previous log entry. The current hash is being calculated over all of these things:\nthe message, the current timestamp and the previous hash. Because each entry contains the previous entries hash value, it is becoming hard to change older entries in the log: A change to an old log entry will create a ripple effect that changes each subsequent newer hash value in the log.\nAdditional security can be produced by introducing media breaks and publishing the current hash value (with the date) in many places. The date added to each log entry is not supplied by the log source which sends the message: While the logged message can have a structure and may also contain a timestamp as seen by the message sender, the date fields shown as separate fields in the graphics above are the local time of the logger.\nThe interdependency of the log messages create a public order of events. Message 2 and Hash 2 could not have been produced before Message 1 and Hash 1, as the value of Hash 2 is dependent not only on the contents of Message 2, but also on the value of Hash 1.\nA very simple implementation of this can be found in Lutz Donnerhacke\u0026rsquo;s Eternal Logfile (Site in German ). Interestingly, forward secure sealing as implemented in journald/systemd does not work like this, but uses another mechanism . It also does not seal each log entry as it is being generated, but creates 15 minute windows of log entries which are then protected.\nThe main reason for this are seekability and purgeability: It should be possible to validate the integrity of the journald log file without calculating the sequence of hashes from system installation.\nGuarantees given in Eternal Logfiles It is important to note that no assumptions whatsoever are being made of the structure of the messages being chained in this chain of hash values. It is also important to note that no mechanism to authenticate or validate the content of the messages being logged is available automatically - the only proofs such a chained eternal logfile provides is:\nMessage n-1 is older than Message n (Order of messages can be implied from the order of log entries).\nIf the hash chain resolves (i.e. all checksums calculate just fine), none of the messages prior to the final message have been tampered with.\nBy digitally signing the each message in the log, the identity of the creator for each logged message can be proven, and the authenticity of each message can be verified independently from the hash chain itself.\nLimitations and Disadvantages of Eternal Logfiles Without additional mechanisms, eternal logfiles cannot be purged nor seeked. That is, because each log entries hash is dependent not only on the logfiles content, but also on the hash of the previous log entry, it is not possible to ever delete log entries without losing the ability to check the chains integrity.\nAll logs have to be kept forever. Mechanisms to work around that could be constructed, but are usually not implemented, often on purpose.\nRelated to that is the ability to check the integrity of the hash chain: This is only possible from the anchor point, which by construction and on purpose is only at the start of the chain.\nA validation of the chain therefore becomes increasingly costly as the length the chain increases and no purge mechanism exists. A full chain validation could create a local index, which notes the position of each log entry and also the expected checksum. This would allow quick seeks and quick local entry validations.\nBuilding this index is still dependent on at least one big scan and validation of the entire chain.\nHash Trees It is also possible to structure hashes-of-hashes in a non-linear fashion, for example in a tree structure. The Merkle-Tree is named after the cryptographer Ralph Merkle , and is one specific implementation of a Hash Tree.\nData (the messages) are at the leaf nodes (L1 to L4) of the tree. Non-Leaf nodes contain hashes of the blocks beneath them.\n([Image Source:Wikipedia:Hash Tree )\nHash Trees can establish order of events the same way linearly hashed logfiles do. They allow better pinpointing of the position of an error, at least down to the position of a single block, while at the same time still assuring the intrity of other data past the modified block. They also allow partial file integrity checks for each subtree of the main hash tree.\nApplications of Hash Trees Hash Trees, Merkle Trees or variants of the system , are being used in practically all P2P systems, where their properties are useful to determine which blocks of a file a client already has and which ones are still missing. At the same time, the top level hash can be used as a file name in a content addressing scheme .\nMagnet Links are just top level hashes of a Hash Tree in a P2P system. Hash Trees also see application for securing file integrity in file systems that target very large storages (ZFS, BTRFS), enabling partial file system checks and rapid validation of files and file trees. They are also useful in pinpointing areas of files that changes, enabling fast differential backups. A variant of Hash Tree logic is consequently also applied in pt-table-sync of the Percona Toolkit, finding differences between two instances of the same table on two different database servers and then creating a minimal set of change instructions to mutate a target table so that it matches the contents of a source table. Some version control systems, for example git, are also using trees of hashes as a content addressable storage , but in a way that differs from a pure Merkle Tree. Certificate Transparency uses a Merkle Tree as a container for the log of all certificates generated by all certificate authorities participating, establishing completeness and authenticity of the CT log as well as an order of events. Merkle Trees are also used to structure and validate the integrity of the blockchain underneath Bitcoin. Limits and additional considerations Like with the Eternal Logfile, no assumptions are made about the content of the messages that make up the payload of a Merkle Tree. Additional agreements between multiple parties about the content of messages are necessary to give data in a Hash Tree meaning. Without pruning/seeking mechanisms, all sequentially ordered transactional systems are accumulating log data/tree size without bounds. Creation of the systems current state is getting progressively more expensive in memory and computation required.\nHistory Eternal Log files and Merkle Trees are old innovations. The patent for Merkle Trees was created by Ralph Merkle in 1979 (and granted in 1982 ) and is since expired. Eternal Log files are an idea created by David Chaum even before that. Continued from Hashes and their uses ","date":"2018-03-04T00:00:00Z","href":"https://blog.koehntopp.info/2018/03/04/hashes-in-structures.html","tags":["erklaerbaer","blockchain"],"title":"Hashes in Structures"},{"categories":null,"content":"A hash function is a function that maps a large number of arbitrary data types onto a smaller number of contiguous integers.\nThis simple hash function maps strings of arbitrary length to integers. Some strings are mapped to the same integer: a hash value collision.\nThe base set here is a number of strings of arbitrary length, which is a theoretically open ended set size. The target is a bounded number of integer values. It is thus inevitable that two strings exist which are mapped to the same target number, a hash value collision. Hash functions are useful in computer science, and you have been using them in everyday life, or at least seen them:\nas checksums to quickly assign a position to an arbitrary object or to create object identity from content. Checksums Digit sums as simple, weak checksums One of the most basic hash function is the digit sum :\nTake the digits of a number and add them up. If the resulting total is larger than ten, take only the last (lowest value) digit. More generally, divide by a number (here: ten) and take the remainder - that\u0026rsquo;s called a modulo or mod division, here modulo ten.\nFor example, the digit sum of 357 is 3 + 5 + 7 = 15, so the result is 5. Digit sums are useful as very simple checksums. They are easy to calculate, but very weak. They can detect simple individual changes, but because of additive commutativity, they won\u0026rsquo;t detect swapped digits: The digit sum of 357 is identical to 537, because 3+5 = 5+3.\nAdditive commutativity makes it possible to swap digits in a number without changing the digit sum.\nWe find checksums like this also in the header of IP v4 packets on the Internet (with a bit of additional bit-flipping). Because headers of internet packets change on every hop, adjusting the checksums becomes a burden and IP v6 does away with header checksums.\nBetter checksums: ISBN-10 as an example That commutativity weakness of digit sums can be fixed by assigning each numeric position a factor and then summing up the product of factor times position:\n357 becomes 3*1 + 5*2 + 7*3 = 34 (Checksum: 4). On the other hand, 537 is 5*1 + 3*2 + 7*3 = 32 (Checksum: 2). This is actually what the 10-digit ISBN uses: which expands to\nand that is exactly what we used above in our 357 vs. 537 example. One difference in the ISBN-10 case: a different modulo factor. The ISBN-10 does not use the last digit (\u0026ldquo;modulo 10\u0026rdquo;, the remainder if you divide by 10), but the modulo 11 value (the remainder of what is left when you divide by 11). If that remainder is the number 10, the ISBN-10 is written with an \u0026ldquo;X\u0026rdquo; (the roman numeral for ten) as the last digit.\nProper CRC checksums A longer and much better writeup on how CRC checksums work can be found in Understanding and implementing CRC calculation .\nCRC sums can be found almost everywhere in data protocols and data storage in computers - they allow to reliably detect many common errors patterns in data in transmission and storage, and allow for a correction of many errors, while at the same time not using a lot of storage space.\nHashes for storage Building dictionaries Another use of hashes is for storage and data access. Computers use array data types to store data values by index number: We can use variables such a[10] to create 10 storage spaces, all named \u0026ldquo;a\u0026rdquo;, but numbered 0 to 9, to keep 10 values. But what if we wanted to address the storage spaces not by number, but by name, that is use a[\u0026quot;a text can be very long\u0026quot;] instead of a[3]? We call such data types dictionaries, and they are typically used by transforming a string (the index value \u0026quot;a text can be very long\u0026quot;) into an integer (3) using a hash function, and then using the integer as an index into an array (yielding a[3] again). There are a few problems:\nTwo otherwise unrelated strings may have the same hash value.\nThere may be collisions. For example, our hash function may map both \u0026ldquo;a text can be very long\u0026rdquo; and \u0026ldquo;this result is somewhat unfortunate\u0026rdquo; both to the number 3. The array use should be balanced. That is, each hash value should be equally probable for the expected input. That also implies that the entire target space (the entire array) is being used. A naive hash function for strings would for example sum up the byte values of the letters of a string, modulo the array size, to place an entry in an array.\nstr = \u0026#34;a text can be very long\u0026#34; sum = 0 for i in str: sum += ord(i) print sum, sum%10 2101 1 Breaking dictionaries There are many problems with this - it is pretty easy to come up with strings that collide. That is, to have strings that end up having the same hash value, even by accident. For example, if you use this hash algorithm and an array size of 10 to hash strings made up from digits, it\u0026rsquo;s easy to create strings that all hash to 0:\nord(\u0026ldquo;2\u0026rdquo;) is 50, mod 10 is 0. and that means, any \u0026ldquo;2\u0026rdquo; added to the string is neutral (does not change the outcome of the hash result). So \u0026ldquo;2\u0026rdquo;, \u0026ldquo;22\u0026rdquo; and any other sequence of 2\u0026rsquo;s hashes to position 0. str = [\u0026#34;2\u0026#34;, \u0026#34;22\u0026#34;, \u0026#34;222\u0026#34;, \u0026#34;2222\u0026#34;] for s in str: sum = 0 for i in s: sum += ord(i) print \u0026#34;String %s has the hash %d\u0026#34; % (s, sum % 10) String 2 has the hash 0 String 22 has the hash 0 String 222 has the hash 0 String 2222 has the hash 0 And that is because the ord(\u0026ldquo;2\u0026rdquo;), the number 50, is an even multiple of the array size, 10. So we probably want a prime array size to minimise aliasing: Our array size is 10, which is 2*5 as prime factors, so it aliases with any product of these factors: 2, 5 and 10. The way we built the hash function, the byte value of each digit shows up in the output of the hash function directly, so each string of letters that are spaced 0, 2, 5 or 10 positions apart or where the ord() values of the letters come out as 0, 2, 5 or 10, are going to create a larger than expected number of collisions. That is, we probably also want a more complicated hash function, which uses at least a counter or another variable value and the current byte value in some way as the input. There is more science to it, and tools exist to make this better.\nHandling collisions The hash value can\u0026rsquo;t be the actual index for the value we store, because there will be collisions.\nSo we can\u0026rsquo;t put the bare value into the array: instead our array values need to be able to store original key with the value, which is the actual payload. Often that is implemented as a list of key/value pairs.\nSo in our example, our array would not directly hold the value indexed by a[\u0026quot;a text can be very long\u0026quot;], but we would basically have an array of 10 lists, and each list will hold key/value pairs (ideally, the lists would each be exactly one entry long). We assumed that \u0026quot;a text can be very long\u0026quot; and \u0026quot;this result is somewhat unfortunate\u0026quot; both hash to the integer 3 in our initial example. So a[3] would be a list with 2 entries: \u0026quot;a text can be very long\u0026quot;: value1, and \u0026quot;this result is somewhat unfortunate\u0026quot;: value2.\nAn alternative way of handling collisions is to demand that there are no collisions. If they happen anyway, we grow the array and rehash. That\u0026rsquo;s nice, but if an attacker can predict and provoke hash collisions from the outside, the attacker can force unbounded array growth and eventually will exhaust all available memory. Yves Orton explains how that is being prevented in Perl, and in many other languages that provide dictionary data types.\nCryptographic Hashes Hashes also can have uses in cryptography: Assuming we have a function that has the following properties:\nThe hash is fast to calculate on a large string of bytes. The hash is not fast to reverse (i.e. it\u0026rsquo;s impossible to find the message that generated the hash result except by trying all possible messages and checking each result). The hash does chaotically cascade changes (i.e. a small change in the message, for example flipping a single bit, changes the result radically in a way that appears to be not correlated to the change in the input). The hash is structured so that it\u0026rsquo;s hard to create collisions (i.e. it\u0026rsquo;s hard to find two input strings that have the same hash value). With such a function we can do many things.\nGiven a string of bytes, a message M, we can use the hash of that message, h(M), as a fixed size fingerprint of the message. If we hash a received message and compared it to the received fingerprint, and both are not identical, we know that either the message or the fingerprint have been tampered with (message integrity). We need additional mechanisms to be able to infer that neither message nor fingerprint have been tampered with. Given stored the hash of a password, h(P), and a user input M, we can hash the user input, h(M) and compare it to h(P). If both are identical, chances are that the user entered the correct password (property 4). We do not store the password, only the hash of the password, so nobody can recover the password from the knowledge of that hash alone (property 2). Additional measures (salting ) are necessary to prevent fast password guesses of a prepared attacker. Given the hash of the content of a file, we can use this hash as a filename (content addressable systems ). This is being used in git (and also Mercurial, Monotone and many other distributed source code control systems), Bittorrent (and many other distributed file sharing and swarm protocols), Bittorrent Magnet URNs (we will need to revisit that in a later article). We can also use this to quickly check if we have seen a certain item already before. For example, we receive a long text article (i.e. a USENET news article or an item from a RSS feed), calculate the content hash, and store the item itself and, separately, the hash. The content may expire to free up storage, but we keep the content checksum around for longer. If an item with that hash is offered to us again, we can drop it as \u0026ldquo;already seen\u0026rdquo; very quickly, even if we already expired the actual content - the content hash becomes a (small and quickly compared) placeholder for the actual content. A cryptographic hash should be hard to reverse (property 2). That is, given a predetermined hash value, finding a message that hashes to this given value should only be possible by very brute-force testing all conceivable messages if they have this hash value. This is being used in Proof of work systems used in Cryptocurrencies and other places: A predefined message (a \u0026ldquo;bitcoin block\u0026rdquo;) is given to a system, and the system is asked to \u0026ldquo;close the block\u0026rdquo; by finding a value that, when added to the block, produces a hash value that starts with a predetermined number of 0-bits. This is ideally possible only by brute-force testing all values for a solution. Continued in Hashes in Structures ","date":"2018-02-26T00:00:00Z","href":"https://blog.koehntopp.info/2018/02/26/hashes-and-their-uses.html","tags":["erklaerbaer","blockchain"],"title":"Hashes and their uses"},{"categories":null,"content":"Intel finally published a whitepaper about Spectre #2 Mitigation. The PDF is also featured on Hacker News . It\u0026rsquo;s a technical whitepaper, but you can see the footprints of lawyers all over the language. For me, it basically says that, yes, Retpolines are indeed incompatible with Controlflow Enforcement Technology (CET) that Intel was planning for later CPUs (PDF , El Reg article ).\nCET introduces a shadow stack for return addresses only, and will fail your code into an exception if the normal stack return address and the shadow stack address disagree. Trying to touch and manipulate the shadow stack will also fail into an exception. That is, CET makes touching a return address on the stack toxic by having in effect separate argument and return address stacks, and your code explodes every time you try to do something funny with return addresses. Which is what Retpolines depend on.\nIntel also note that Retpolines also require Return Stack Stuffing in order to work properly, because otherwise RET will also speculate and the Retpoline will not work as intended. They also note that external events can interact with the Return Stack Buffer (RSB) and empty it and they don\u0026rsquo;t actually write but strongly imply that these external events are not a thing you have control over, as these are\nThere are also a number of events that happen asynchronously from normal program execution that can result in an empty RSB. Software may use “RSB stuffing” sequences whenever these asynchronous events occur:\nInterrupts/NMIs/traps/aborts/exceptions which increase call depth. System Management Interrupts (SMI) (see BIOS/Firmware Interactions). Host VMEXIT/VMRESUME/VMENTER. Microcode update load (WRMSR 0x79) on another logical processor of the same core. The hardware you run on can either have a Spectre vulnerability and require Retpolines, or have CET and Hardware Spectre Mitigation, but not both. So you generate code for either one or the other, and they suggest instrumentation of the loader to patch all indirect jump callsites as required.\nThat\u0026rsquo;s not completely insane, as loaders already patch up jump instructions at load time.\nThey do note that virtual machines in clustered setups with life migration may be at a disadvantage here, as this is a load-time thing and hence you need to expose your worst CPU in a cluster as the virtual CPU to your VMs in order for this to work with migration. That\u0026rsquo;s already a requirement in heterogenous clusters, but still annoying.\nAll in all, this is basically disappointing to underwhelming.\nThe TL;DR is that Retpolines and CET are indeed incompatible, and ld.so is called to the rescue to patch up code at load time for one or the other. The ld.so thing is an interesting observation. It means that the code on disk and the code in memory differ in one more way.\nAs these things accumulate, the actual on-disk machine instructions mutate over time into a kind of virtual machine notation that on load is adjusted more and more to the needs of the actual machine it\u0026rsquo;s being executed on. Maybe a thing such as a JVM and a JIT is not the worst thing that has happened to us.\n","date":"2018-02-26T00:00:00Z","href":"https://blog.koehntopp.info/2018/02/26/spectre-2-mitigation-retpolines.html","tags":["security","data center","lang_en"],"title":"Spectre #2 Mitigation - Retpolines"},{"categories":null,"content":"Yesterday, Booking.com hosted the Open Compute Meetup in Amsterdam. My talk is on Slideshare and a recording is on Youtube.\nSlideshare: A journey to OCP Youtube: A journey to OCP A cleaned up and more coherent transcript of the talk is here: Booking.com started out as a small online travel agency in Amsterdam, but is now financially about 15% of Google. We have about 200 offices in 70 countries, support 46 languages and reach about any touristically interesting spot on this planet.\nWe started out selling rooms on a comission basis, but since the Priceline Group of companies also includes Priceline for flights, Rentalcars for, well rental cars, and Open Table for restaurants, it makes sense to integrate that more and graduate from a Hotel Room marketplace to something more complete, a full trip or complete experience marketplace.\nAt this point we have about 30k machines in 3 locations.\nThat\u0026rsquo;s commodity colo space, built to Uptime Institute Tier-3 standards.\nIn that are mostly two-socket E5-type machines, and it\u0026rsquo;s at the two extreme ends of the spectrum, E5-2620\u0026rsquo;s and E5-2690\u0026rsquo;s. We would like to be able to run on the 2620 stuff completely, of course, but some parts of our application require the clock and the Oomph of the large CPUs. We are working on that.\nThe part of the workload that actually earns us money is mostly replacing strings taken from a database in HTML templates, we are a REP MOVSB company. That\u0026rsquo;s boring work, and that is good.\nWe try to keep stuff in memory where possible, especially where customer facing machines are affected. No disk reads, and no rotating storage in customer facing work.\nThere is more complicated stuff in the background. We are running the usual big data stuff with added deep learning on top, in image processing, fraud detection and in experimental user interfaces. We host a large scale data movement infrastructure with MySQL, Elasticsearch, Cassandra and Hadoop being involved.\nWe are trying very hard to be customer centric. Technology is seen as a necessity, but it\u0026rsquo;s forced upon us by scale. We\u0026rsquo;d rather focus on the hotel thing. :-)\nA lot of stuff is recent, due to growth - Moore\u0026rsquo;s law also applies backwards. Speaking about growth:\nThere are a few old numbers taken from quarterly public company performance reports, roomnights and hotels. But it could be about any metric at Booking, servers, requests, people working there, meals served in the canteen or sum of database requests - you would see the same curve.\nOn a log-Y scale it\u0026rsquo;s even nicer:\nSome nice straight lines.If I were to draw the yearly increase in compute power as given by Moores law into this graph, you would see that this is also a mostly flat line, unfortunately one that is raising far slower that the other lines here.\nFor a scalability person like me it means a tough life.\nDrawing the lines out naively sees us covering the earth in data centers by 2040 or so. That\u0026rsquo;s a problem, because where are we going to put the hotels?\nOf course that\u0026rsquo;s not going to happen, but it underlines that we need to change our ways of handling stuff.\nCurrently, we are handling the hardware part \u0026ldquo;enterprise\u0026rsquo;y\u0026rdquo;. So we get space, build out the room, add racks, switches and chassis and then put hardware in.\nThat happens in waves, with different latency and mutual dependencies, and that can go wrong in many ways. On the other hand, it delays decisions and spending as long as possible. To us, being a very Dutch company with a very high volatility due to the growth, delaying such Capex as long as possible is attractive.\nOnce the Hardware is down, we are on top of things - we have a system of software components called ServerDB which basically enables full hardware lifecycle management, interfacing at the front with the Purchase Orders database, doing everything a user could want to do to a machine with API and Web Interfaces, and finalizing machine lifetime many times later with a decommissioning workflow.\nServerDB not only manages the hardware, it also has complete overview about all other assets, does the config management for switches, storage, collects power data and temperature information and links into monitoring, load balancer configuration and to puppet.\nUsing commercial colo space means many constraints. We are in small rooms, multiple 0.5MW sizes, and that creates a number of placement constraints and unwanted cabling requirements.\nThe power and cooling framework we have to live in is about 7kW/rack, which is about half of what we want. Look at the image, that\u0026rsquo;s a blade center that has the potential to create 6.4kW of power draw under full load, so you are looking at non-oversubscribed racks that are 10/40U full. That\u0026rsquo;s about knee high.\nHere is a test run of a single blade from that bladecenter, where I am exercising all the cores as hard as possible, recording the power draw. We reach 50% power draw at 6/56 cores busy, and using the maximum power draw, times 16 blades, gives me a total load of 6.4kW from the whole enclosure.\nSimilarly, here is a rack of 32 machines (actually 40, but I got only 32 due to BMC instabilities), exercising at full power. These are hadoop units, and I can get them to consume 15kW in a 7kW environment, hotspotting and oversubscribing hard.\nSome constraints border on the ridiculous, but when we are receiving a monthly delivery in individual parts, we spam the unloading and docking areas of the data center with unpacking trash, making the other tenants quite angry. Also, the build times are getting unwieldy.\nFinally, the BMC, which is our gateway into the machinery for ServerDB and it\u0026rsquo;s assorted tools, is a big problem.\nServerDB contains an abstraction layer that tries to hide the various differences in functionality and API between the various kinds of machinery we have. We could do without that just fine, and Redfish is actually a partial fix to that.\nDespite the fact that we do not use many features, still ServerDB utilizes Redfish, native vendor specific LOM functionality and ssh to get what it needs - Power control, Reset, and setting boot preferences, optionally firmware update and optionally partitioning and controller setup.\nWe collect metrics: power, temperature, cooling and faults, but that is purely read-only. Auditability is becoming more relevant\nmaking config changes without a visible interruption of production is actually arguably a disadvantage, and all the recents security problems all the way down the stack are worrying us: BMC, ME and Microcode issues now. Much of that is underdocumented, and there are way to many way too convenient ways to access this, from dedicated interfaces to shared interfaces to local gateways when you physically on the machine and have access to i2c buses or similar. The defaults are often insecure, the crypto is often outdated, and the client requirements are often insecure as well (\u0026ldquo;Install a Java version your security department will hate you for having on your machine.\u0026rdquo;).\nSo where do we got from here? What is required to graduate from this?\nThree issues need adressing: Going Rack Scale, Bringing volume up and Getting Rooms to match. Let\u0026rsquo;s look at each of these in turn.\nWe started ordering hardware by the blade center chassis. That did good: It solves many of the trash issues, it streamlines the late provisioning phase where we are putting actual hardware into the rack. It\u0026rsquo;s limited by what can go into a chassis, and the chassis we are using are going to be discontinued.\nWe understand why that is necessary, but the direction that is going to is not what we want. We could do this more, and start to order by the rack. That has a few requirements that I will be adressing later, but if you are planning this, the choice is basically between Intel Rack Scale Design derivatives or Open Compute.\nIt gives you more design flexibility, and it may or may not retain the savings in power and cooling from shared power/cooling setup depending on what you do.\nThe Intel RSD solution is available in many vendor flavors, HP, Dell and Supermicro all have them. It gives you a Pod and a Rack controller not unlike a bladecenter chassis controller. On top of the functionality that ServerDB already offers, you get a chassis or rack-wide PCI bus, and composable hardware, where you can build physical machine configurations from CPU and storage modules in the rack.\nSome companies like Dell even offer casings around the machinery, in the form of semi-transportable data centers. Unfortunately most of these solutions try to minimise space and maximise density, so they come with other constraints and design decisions that we are reluctant to take on - basically you have to live in units of 8x8x40 ft shipping containers, and that\u0026rsquo;s rather limiting.\nIt\u0026rsquo;s all nifty engineering, but all very vendor specific and bespoke, when we are really looking for bulk hardware, all as alike as possible, and with fewer features, not more. Having no differentiator is actually a feature we are looking for. Value add subtracts from the value from the value the machinery has for us. The actual value add happens higher up the stack, in software - in management for us that\u0026rsquo;s ServerDB and in production for us that is more or less Kubernetes or something that does what K8s does, but differently.\nAnd that\u0026rsquo;s exactly the sales promise from Open Compute. Clean, bare server designs without value add. Documented interfaces with source code available to read up on the details, so we can integrate our stuff without problems. Delivery by the rack, and on top of that, potential operational and capital savings, if you treat room and rack as a system.\nGetting the volume up is the next important consideration, and if we are looking at our machine park, that\u0026rsquo;s going to be a problem.\nIf you go into ServerDB and count machine profiles, it goes up to 11: blade 9 and two additional blade2 variants. Actually digging into this yields basically \u0026rsquo;large and small\u0026rsquo; CPU configs and memory configs, but lots of different local storage options.\nThe answer is, to quote Jello Biafra, obvious: Ban Everything! In our case, local storage. So we disaggregate:\nIn a rack design where we give a 2 OU, 500 W, 100 GBit slot to the storage people and provide un-RAID-ed 2 TB local SSD as the only storage option, we have to build a network to match this. We are anticipating more east-west traffic from storage replication and east-west traffic from storage acess. All of that is happening front-side, production, on regular TCP/IP.\nBut that means I have only one network topology to scale and maintain, and I have no longer placement constraints for workloads: I can build uniform compute, and demand \u0026ldquo;no local persistence\u0026rdquo;. If you wan to keep your MySQL datadir, put it on iSCSI, RoCE or NVME via TCP and be done with it. It will be the size and have the properties you require, it will be at least on par with local SSD and it will still be there when your machine dies and you are rescheduling to another spare machine elsewhere in another rack.\nWith Kubernetes on top, you get application mobility, resiliency, and capacity size adjustment, which is fine, because even the smallest Silver 4110 is going to be too large for most units of deployment (in Java, consider 8 cores, 16 GB of RAM to be a limit, for example).\nBeing able to pull that off will give us 4 profiles or fewer, disk made to measure as requested, location independence for applications, and the ability to upgrade hardware without interfering with the workload. I can evacuate a rack, do my thing and put it back into service. Also, I can interchange the components of my machinery independently: storage, memory, compute and the networking parts are separate and can be on different renewal cycles. All of that bound together by on single TCP/IP network, not some bespoke PCI or FC/AL stuff.\nAssuming I all have that, I will need rooms to match the rack in order to fully leverage the advantages of Open Compute.\nOpen Compute hardware is built to be able to run in a barn: concrete floor, air-in of up to 35 or 40 deg Centigrade, hot-aisle containment, all service from the front because data center operations engineers cannot survive in the hot aisle, and we can do away with most of the equipment that is part of a Tier-3 spec.\nIt is being said that 1 MW of Tier-3 spec costs about 10 million for the empty building shell, and that we can get OCP space built for 2.5 Million/MW according to Facebook. I will be happy if I can get space for half of the Tier-3 cost or less.\nNon of these savings will materialize if you put OCP into a traditional Tier-3 building - the power path is not simplified, the air-in is overcooled and the airco is overdesigned in order to achive the overcooling which we do no longer require, so the actual PUE is actually way worse than what we could have from an OCP compliant data center.\nWe do get Tier-3 space easily, though. That is because it is being built without a buyers name on the constract. Buyers and sellers meet later, and that is possible over the Tier-3 spec from Uptime.\nThe result is a two sided market, where demand and supply are anonymous, unknown at the time the supply is being built.\nThat is not possible at the moment with Open Compute, because the spec is lacking, not well known to builders and the demand is not worth building for it. If you need or want OCP compliant space, that\u0026rsquo;s a larger commitment, because the space is being built for you, and you will need to keep it for the building lifetime.\nSo having an OCP compliant data center build spec for OCP hardware is important to make OCP attractive to smaller deployments. They do need the quick availability and higher flexibility of prebuilt space, because that\u0026rsquo;s lowering the height of the commitment and provides fewer operative distractions. There is risk for the space provider, so it\u0026rsquo;s certainly higher cost than a data center build to spec for one named entity, but that\u0026rsquo;s probably worth it. For a deployment our size, there is still the problem of many 0.5MW rooms or similar, capacity fragmentation, but for a more normal sized company that\u0026rsquo;s actually a non-issue. They can be happy in these spaces.\nSo to sum it up again: How can OCP work on non-hyperscaler scales? Provide a two sided market for DC space over a shared spec, then put hardware in there that matches what the room provides. This creates operational and capital savings from leveraging the room and the rack as a system that is mutually dependent and built for each other.\nThen, once you have stuff in there, have an ecosystem that uses the documented machine interfaces, all of them interchangeable and interoperable. Have an ecosystem of open source management modules like ServerDB for management and Kubernetes for production, built on top of that, in order to bring utilisation up and management cost down.\n","date":"2018-02-21T00:00:00Z","href":"https://blog.koehntopp.info/2018/02/21/a-journey-to-open-compute.html","tags":["data center","energy","erklaerbaer","talk","lang_en"],"title":"A Journey to Open Compute"},{"categories":null,"content":" Today I was looking for a way to subscribe to file changes in a directory in MacOS, in order to trigger automatically running commands whenever files change. Turns out Homebrew has \u0026ldquo;fswatch\u0026rdquo;, which tells you when things change, but little else.\nTurns out Homebrew has \u0026ldquo;watchman\u0026rdquo;, which does all this, and on multiple trees, finds changes across restarts and automatically manages a set of commands for different file endings.\nAlso turns out that I know the author. Thanks, Wez!\n","date":"2018-02-01T00:00:00Z","href":"https://blog.koehntopp.info/2018/02/01/watchman.html","tags":["apple","php","macos"],"title":"Watchman"},{"categories":null,"content":"There is a very useful and interesting article by Chris Down: \u0026ldquo;In defence of swap: common misconceptions \u0026rdquo;.\nChris explains what Swap is, and how it provides a backing store of anonymous pages as opposed to the actual code files, which provide backing store for file based pages. I have no problem with the information and background knowledge he provides. This is correct and useful stuff, and I even learned a thing about what cgroups can do for me.\nI do have a problem with some attitudes here. They are coming from a developers or desktop perspective, and they are not useful in a data center. At least not in mine. :-)\nChris writes:\nSwap is primarily a mechanism for equality of reclamation, not for emergency “extra memory”. Swap is not what makes your application slow – entering overall memory contention is what makes your application slow.\nAnd that is correct.\nThe conclusions are wrong, though. In a data center production environment that does not suck, I do not want to be in this situation.\nI see it this way:\nIf I am ever getting into this situation, I want a failure, I want it fast and I want it to be noticeable, so that I can act on it and change the situation so that it never occurs again.\nThat is, I do not want to survive. I want this box to explode, others to take over and fix the root cause. So the entire section »Under temporary spikes in memory usage« is a DO NOT WANT scenario.\nChris also assumes a few weird things, from a production POV: He already states that\nIf you have a bunch of disk space and a recent (4.0+) kernel, more swap is almost always better than less. In older kernels kswapd, one of the kernel processes responsible for managing swap, was historically very overeager to swap out memory aggressively the more swap you had. and production sadly is in many places still on pre-4.0 kernels, so don\u0026rsquo;t have large swap.\nHe also mentions\nAs such, if you have the space, having a swap size of a few GB keeps your options open on modern kernels. […] What I’d recommend is setting up a few testing systems with 2-3GB of swap or more, and monitoring what happens over the course of a week or so under varying (memory) load conditions.\nWell, I have production boxes with 48 GB, 96 GB or even 192GB of memory. \u0026ldquo;A few GB of swap\u0026rdquo; aren\u0026rsquo;t going to cut this. These are not desktops or laptops. Dumping or loading, or swapping 200GB of core take approximately 15 minutes on a local SSD, and twice that time on a rotating disk, though, so I am not going to work with very large swaps, because they can only be slower than this. I simply cannot afford critical memory pressure spikes on such a box, and as an Ops person, I configure my machines to not have them, and if they happen, to blow up as fast as possible.\nWhat I also would want is better metrics for memory pressure, or just the amount of anon pages in the system.\nDetermination of memory pressure is somewhat difficult using traditional Linux memory counters, though. We have some things which seem somewhat related, but are merely tangential – memory usage, page scans, etc – and from these metrics alone it’s very hard to tell an efficient memory configuration from one that’s trending towards memory contention.\nI agree on this. I wonder if there is a fast and lock free metric that I can read that tells me the amount of unbacked, anon pages per process and for the whole system? One that I can sample in rapid succession without locking up or freezing a system that has 200GB of memory in 4 KB pages (the metric can be approximate, but reading it must not lock up the box).\nI think the main difference Chris and I seem to have on fault handling - I\u0026rsquo;d rather have this box die fast and with a clear reason than for it trying to eventually pull through and mess with my overall performance while it tries to do that.\n","date":"2018-01-22T00:00:00Z","href":"https://blog.koehntopp.info/2018/01/22/swap-and-memory-pressure-how-developers-think-to-how-operations-people-think.html","tags":["data center","container","lang_en"],"title":"Swap and Memory Pressure: How Developers think to how Operations people think"},{"categories":null,"content":"What does your Mac do on Startup? Knockknock knows .\nIt\u0026rsquo;s not properly updated for current versions of MacOS, but it is still useful. \u0026ldquo;git clone https://github.com/synack/knockknock\" and \u0026ldquo;/usr/bin/python knockknock.py\u0026rdquo; is sufficient to test.\nTOTAL ITEMS FOUND: 44 That\u0026rsquo;s quite a bit. Apparently, I am starting\nGoogle Music Manager, AirServer, Karabiner, Alfred 3, a Chrome app_mode_loader, the Android File Transfer Agent, Dropbox, Divvy, Expandrive, Chrome itself, Soundflower, an AX88179 USB GBit Ethernet adapter driver, Steam Drivers, /Library/PrivilegedHelperTools/org.chromium.chromoting.me2me.sh, the Steam ipcserver, the Expandrive Helper, the Skype Helper, the OnePasswordNativeMessageHost, Expandrive exfs, iStatMenus and the iStatMenus Agents and Helpers, Steamclean, the GoogleSoftwareUpdateAgent, Tunnelblick LaunchAtLogin.sh, and finally an ethcheck Firmware checker. So much Crap being loaded.\n","date":"2018-01-15T00:00:00Z","href":"https://blog.koehntopp.info/2018/01/15/knock-knock.html","tags":["macos","apple","lang_en"],"title":"Knock, Knock"},{"categories":null,"content":"Melvin Conway is a compiler developer and systems designer, who is well known for the eponymous Conway\u0026rsquo;s Law . Various phrasings exist of that, and one popular is\nOrganizations which design systems are constrained to produce designs which are copies of the communication structures of these organizations.\nThe original paper and an introductory paragraph can be found on his website . It\u0026rsquo;s worth reading, because there are more useful insights to be found in the original writeup.\nSo what does this even mean? Can you give examples from your current or previous work environments?\nWhat Conway says is that communication across personal and organisational boundaries is not free. He phrases that in the context of design processes by a large committee, which divides itself into subgroups and then delegates.\nThis process already constrains the choices the whole group and the subgroups can make, which in turn will shape the outcome of the resulting design.\nThus the life cycle of a system design effort proceeds through the following general stages.\nDrawing of boundaries according to the ground rules. Choice of a preliminary system concept. Organization of the design activity and delegation of tasks according to that concept. Coordination among delegated tasks. Consolidation of subdesigns into a single design. The subdivision and delegation phase creates boundaries of communication between groups. The Coordination phase among delegated tasks and the Consolidation phase of the subdesigns costs additional communication overhead from the various people and groups involved. Avoiding this resistance and energy expenditure is shaping the structure of the resulting solution to the point where that structure will mirror the organisational structure.\nThere are several corollary observations in his paper:\nConway makes interesting observations regarding overpopulation of design groups and how this has consequences for the design. He points to Parkinson\u0026rsquo;s Law and states\nAs long as the manager\u0026rsquo;s prestige and power are tied to the size of his budget, he will be motivated to expand his organization.\nThis leads to large pools of people. These people need to be used, or as Conway writes\nA manager knows that he will be vulnerable to the charge of mismanagement if he misses his schedule without having applied all his resources.\nBut large pools of people need to be subdivided into smaller groups to be able to work usefully, and that creates administrative boundaries which will shape the outcome of the design.\nThis knowledge creates a strong pressure on the initial designer who might prefer to wrestle with the design rather than fragment it by delegation, but he is made to feel that the cost of risk is too high to take the chance. Therefore, he is forced to delegate in order to bring more resources to bear.\nin the words of Conway. Flat hierarchies are important. In Conways world view of 1968, he correctly states that\nthe number of possible communication paths in an organization is approximately half the square of the number of people in the organization. Even in a moderately small organization it becomes necessary to restrict communication in order that people can get some \u0026ldquo;work\u0026rdquo; done\nModern corporate communication structures get away with more direct, less hierarchical communication structures than we had fifty years ago, and that is indeed a great source of progress, because it make it cheaper to cut through administrative boundaries and lowers cross-division communication cost.\nConway\u0026rsquo;s Law also works backwards for operations organisations: In order to operate a system successfully, you must create an organisational structure that matches the design of the system that you are trying to operate.\nYou can observe Conway\u0026rsquo;s law in motion around you every day:\nA developer finds a bug in a program that is supplied by an external vendor. Will the developer have the energy to put their own progress on hold, create a bug report, drive the bug and repair discussions in the remote organisation and then integrate the fix? That is not usually what happens. The developer will instead integrate a workaround into their code and may or may not take it upon themselves to report the bug upstream. A company has a security organisation that is a separate division from the development organisation. The rollout of a new corporate security policy and tooling makes it impossible to install unmanaged plugins in the managed main browser. Some of these plugins are necessary or helpful for the development organisation to do their job. Will the development organisation individually or collectively engage in a discussion with the security organisation in order to be exempted from the misguided security attempt? That is not usually what happens. Instead somebody will point out that workarounds exist (Run an unmanaged browser, run a browser unmanaged remotely on a box not controlled by the security organisation and mirror the screen onto the developers desktop, or others). There is a strong incentive to not point out these workarounds to the security organisation, because shutting down these workarounds is a reasonable risk to assume and the development organisation will protect their ability to be able to do their job. A security bug exists in a piece of software from an outside vendor. The outside vendor does not accept any bug reports, or does not honor them, if they are reported by random people that are not support customers of their organisation. Will the finder of the bug take it upon itself to convince the vendor to accept the bug report even in the absence of a support contract? That is not usually what happens. Instead the security bug might be ignored or will be sold for money to organisations that care about knowing about security bugs that nobody else has knowledge of, or it will be anonymously publicised in order to shame the vendor into fixing it. The third way is actually the best outcome here. A developer needs access to the interface of the service another part of the company provides. While the web interface of the service is accessible, the underlying database is not directly accessible. Access is being denied in as many words: \u0026ldquo;Access denied.\u0026rdquo; instead of pointing out how to actually apply for access and which permissions are needed. Will the developer take it upon itself to find ways to properly access the data in question? In the observed example that is not what happened. Instead a screen scraping, HTML parsing solution has been implemented. What can you do? Organisations that put up barriers, in the name of departmental structure or security, need to understand that the majority of access attempts are genuine and potentially legal. An efficient and agile organisation will make itself accessible and will provide clear instructions how to communicate with each failed or denied communication attempt.\nExamples:\nNever print \u0026ldquo;Access denied\u0026rdquo;, but explain how to get access. Never turn away bug reports, but make an effort to distinguish between bug reports and support requests. Never establish security controls without running them in logging instead of enforcement mode at first. Use that log data. Differentiate groups of users and understand their legit needs. Establish a preference for trailing controls instead of chokepoints. That is, log and gobble, parse and investigate the log whenever possible instead of preventing access whenever you can get away with that. Do this especially around the development part of your organisation. If the security branch of an organisation annoys the development part of an organisation they just created a formidable in-house adversary that will try to subvert their efforts through literal or creative interpretation, unexpected workarounds or atypical user behaviour. What else can you do?\nBreak down organisational barriers where they turn out to become development obstacles. That is for example, if the security organisation and the development organisation are not aligned enough for the purpose of the company, try to mix and integrate the two. DevOps and later SecOps are attempts of actually doing this.\nMany corporate shuffles and re-organisations are actually attempts of corporate structures to align themselves better and bring down communication costs. Understanding the reshuffle and trying to match that up with the real or perceived problem that this reorganisation is trying to solve can be very instructional: in judging the management and communications skills of the management involved, and in recognising the perceived or actual problems the organisation has.\nAlways be aware than when you change an organisation, the software system they created before is a mirror of their old organisational structure and the old structure of the software system that organisation created will now work against the new organisational structure. Allow for time and effort to mitigate that.\nExpect delays.\n","date":"2018-01-12T00:00:00Z","href":"https://blog.koehntopp.info/2018/01/12/conways-law.html","tags":["computer","erklaerbaer","lang_en"],"title":"Conway's Law"},{"categories":null,"content":" Frank O\u0026rsquo;Brien explains an outstanding piece of engineering: The Apollo Guidance Computer (AGC) was the computer that controlled the thrusters and navigation on the Apollo Command Module, and a second instance, on the Lunar Module. It\u0026rsquo;s a 32kg box with core memory and core rope ROM, a 16 bit discrete CPU (15 data bits and parity) running at 1 MHz effective, and some very special hardware behind its I/O ports.\nMemory was 2k words of writeable core memory, and some 36k of ROM. The processor architecture is stackless, which complicates many things, and despite being designed in 1966, already has multiplication and division machine instructions. Addresses are effectively 12 bit, so sophisticated bank switching to extend the address space is needed, writeable and read-only memory are banked separately. Some interesting interaction with interrupt processing and bank switching exists.\nThere exists a very basic multitasking system, which at the same time is made simpler and more complicated by the stackless architecture. On top of the multitasking executive sits the interpreter, a virtual machine that was much more comfortable than the actual hardware and had a stack and index-registers, as well as trigonometric math functions. Navigational code ran on the interpreter, basic hardware control (thrusters, sextant, inertial control system and anything timer related) ran on the executive.\nThe book gives a guided tour into a hardware design over fifty years old, which itself was already foreshadowing and in some way surpassing the more modern integrated chip CPUs of seventies home computers. It also demonstrates a number of creative and interesting ideas of how to achieve remarkable things with very little hardware.\n\u0026ldquo;The Apollo Guidance Computer: Architecture and Operation\u0026rdquo;, Frank O\u0026rsquo;Brien, EUR 30.71, (purchased as Kindle edition, no longer available as eBook)\nPaperback ","date":"2017-12-08T00:00:00Z","href":"https://blog.koehntopp.info/2017/12/08/fertig-gelesen-the-apollo-guidance-computer-architecture-and-operation.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: The Apollo Guidance Computer: Architecture and Operation"},{"categories":null,"content":" Introduction to GPUs (PDF)\nSo you already know how your CPU works, basically, and want to understand what your GPU does differently. Ofer Rosenberg has you covered: Introduction to GPUs does what it says on the tin.\nThe NVIDIA take on this can be found in An Introduction to Modern GPU Architecture by Ashu Rege, but because this is from 2008, it\u0026rsquo;s showing it\u0026rsquo;s age. The first 15 slides or so focus more on the gaming aspect and less on the technology, but are full of matching screenshots.\nThe following slides then show how GPU evolved from specialised graphics processing units to a general parallel instruction execution architecture - what you get is basically a single chip supercomputer. Starting at slide 60 we go into Aliasing and sub-pixel addressing. Only the final three slides mention CUDA.\nKayvon Fatahalian again takes us on a tour through history, from 1993 onwards to 2011, in How a GPU works . The key innovation, \u0026ldquo;unified shaders\u0026rdquo;, seems to be from 2006. The slideset seems to have considerable overlap with the Ofer Rosenberg set.\nAndy Glew explains the ideas and possible optimisations inside the typical GPU architectures in a large slideset at Coherent Threading: Microarchitectures between SIMD and MIMD . One point he makes is that there is a spectrum between classical multicore CPUs (MIMD) and classical vector CPUs (SIMD), and that seems to be the space that GPUs occupy. He lists that as SIMT (Single Instruction, Multiple Threads), and then at length explains how this enables optimisations that keep all cores (hundreds) busy by switching between even more threads (tens of thousands) in hardware.\nSo what does all of this give you? Well, here is an overview of the evolution of graphics 2000-2015, as seen by NVIDIA. Youtube Now, all of this is even relevant if you do not want to blow up pixels, because the very same operations are being executed at scale for routing packets or running classifiers in neural networks. Google does this at scale with custom hardware that is not quite GPU.\nA remarkable takeaway is that they are using 8-bit integers:\nA TPU contains 65,536 8-bit integer multipliers. The popular GPUs used widely on the cloud environment contains a few thousands of 32-bit floating-point multipliers. As long as you can meet the accuracy requirements of your application with 8-bits, that can be up to 25X or more multipliers.\nTheir design is basically a monster 8-bit matrix multiplier with neural network specific postprocessing.\n]\nA Google Tensorflow Processor The Postprocessing is a non-linear function, or as they state:\n\u0026ldquo;Neural network models consist of matrix multiplies of various sizes - that’s what forms a fully connected layer, or in a CNN, it tends to be smaller matrix multiplies. This architecture is about doing those things - when you’ve accumulated all the partial sums and are outputting from the accumulators, everything goes through this activation pipeline. The nonlinearity is what makes it a neural network even if it’s mostly linear algebra.”\nThe large matrix multiplier is implemented as a Systolic Array , which makes it even less general, more specialised than the SIMT units of a GPU - a Single Function, Multiple Data, Merged Results processor or a Domain Specific Processor. That is, this part of the operation of the TPU is not programmable, but hardwired in silicon - producing 65536 8-bit matrix multiplication/addition results every cycle at very low power cost.\nGoogle claims to be 83x more power efficient than a CPU and 29x more power efficient than a GPU. A more in-depth look at the TPU is available from the April 2017 TPU Paper and a matching article on The Next Platform. The Google article is remarkable, because it demonstrates how the Google custom hardware wipes the floor even with contemporary GPU-based architectures, in terms of performance and even more so in terms of performance/Watt.\nNVIDIA reacted to these chips by enabling lower precision math (= less memory needed) and by producing GPUs better usable for machine learning, both training and inference (using the trained models as classifiers for data). So we see 16-bit float and 8-bit integers being used in NVIDIAs Pascal chips for this. NVIDIA claims to be able to catch up to Google TPU performance with this generation of hardware, but at more power consumption.\nGoogle kind of counters with a 2nd generation TPU . We also see that hardware development innovation cycles in this area are currently much faster than the deprecation time for said hardware (see also the changes in the Knights-anything lineup from Intel), so this is a classical rent-don\u0026rsquo;t-buy situation for the aspiring cloud user who also happens to have their own data center.\n","date":"2017-11-25T00:00:00Z","href":"https://blog.koehntopp.info/2017/11/25/d-abc-at-scale.html","tags":["performance","hardware","computer","lang_en"],"title":"d = a*b+c at scale"},{"categories":null,"content":" Frank Swain takes us on a tour of the myths, stories and historic reports of the undead corpse throughout the history of humanity. Referencing sources and quoting people, he shows us the various aspects of the mindless physical body shuffling around after the soul departed, and how that as a theme has been following us around throughout our history.\nThe first chapter deals with the \u0026ldquo;original\u0026rdquo; haitian zombies, later chapters take us to victorian experimentation with corpses of the executed, soviet experiments and many other encounters between humans and the living undead.\n\u0026ldquo;How to Make a Zombie \u0026rdquo;, Frank Swain, EUR 11.66, (Kindle )\n","date":"2017-11-09T00:00:00Z","href":"https://blog.koehntopp.info/2017/11/09/fertig-gelesen-how-to-make-a-zombie.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: How to Make a Zombie"},{"categories":null,"content":" Max Brooks, author of World War Z, delivers a straight on, zero tongue in cheek, nitty-gritty survival guide for the coming Zombie Apocalypse. The book delivers exactly what is promised in the table of contents: The Solanum Virus and how it works and does not work, Weapons and Combat Techniques that work, defending your home, public spaces or other places, how to organise a breakout or run, useful equipment to have or to loot, and then fighting back and finally containing the outbreak.\nThe book concludes with a list of documented outbreaks in the past, and their handling. The book is written completely straight and is full of useful advice for fighting a Zombie Apocalypse or containing an outbreak, but also a useful source book for roleplaying and storytelling games.\n\u0026ldquo;The Zombie Survival Guide \u0026rdquo;, Max Brooks, EUR 4.99, (Kindle )\n","date":"2017-11-09T00:00:00Z","href":"https://blog.koehntopp.info/2017/11/09/fertig-gelesen-the-zombie-survival-guide.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: The Zombie Survival Guide"},{"categories":null,"content":"»I COULD HAVE BECOME a mass murderer after I hacked my governor module, but then I realized I could access the combined feed of entertainment channels carried on the company satellites.«\nThis is how »All Systems Red« begins.\nThe protagonist in this book is a robot mercenary android, or Murderbot, as it refers to itself. In a universe of corporations and contracts, Expeditions and Exploration teams are taking these company supplied machines with the for their own safety, and for compliance reasons.\nOur Murderbot is on a maintenance contract that has been given to the lowest bidder, and hence some critical limiters of its internal AI are not maintained properly. It became way more sentient and independent than its owners would like. Also, it is misanthropic, and really disinterested into the work and life of the meat around it.\nThat changes as the Murderbot suddenly has real work to do, as a neighbouring expedition has gone dark, sabotage happens, and a conspiracy is to be uncovered. Suddenly it has to care for its humans - and it has to come to terms with its relationship to humanity and individual humans.\nA short, only 150ish pages, starting as a fun read on the first sentence. Also answering Elon Musk\u0026rsquo;s deepest fear - what will unconstrained AI do, once mankind unleashes it on itself? Will the robots turn on us, or will they rather want to watch Netflix?\n\u0026ldquo;All Systems Red \u0026rdquo;, Martha Wells, EUR 1.99, (Kindle )\n","date":"2017-11-08T00:00:00Z","href":"https://blog.koehntopp.info/2017/11/08/fertig-gelesen-all-systems-red.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: All Systems Red"},{"categories":null,"content":" »The mutineers would have gotten away with it, too, if it weren’t for the collapse of the Flow.\nThere is, of course, a legal, standard way within the guilds for a crew to mutiny, a protocol that has lasted for centuries. A senior crew member, preferably the executive officer/first mate, but possibly the chief engineer, chief technician, chief physician or, in genuinely bizarre circumstances, the owner’s representative, would offer the ship’s imperial adjunct a formal Bill of Grievances Pursuant to a Mutiny, consistent with guild protocol. The imperial adjunct would confer with the ship’s chief chaplain, calling for witnesses and testimony if required, and the two would, in no later than a month, either offer up with a Finding for Mutiny, or issue a Denial of Mutiny.\n[…]\nObviously no one was going to do any of that.«\nThe glorious Empire of the Interdependency is completely constructed: Its worlds, or rather mostly space habitats circling uninhabitable planets, cannot live alone by design: each requires some thing or the other from another world of the Interdependency. All are bound together by the \u0026lsquo;Flow\u0026rsquo;, extradimensional rivers connecting star systems Diaspora style. Its religion promotes values that guarantee stability and peace. Its component social structures, the great houses, are carefully balanced for stability and longevity. The Interdependency stagnates.\nThe Flow will soon change.\nSome people are modelling it, trying to better understand the most important structure supporting the Interdependency. They can predict the collapse of the Flow, and they are trying to warn the empire\u0026rsquo;s ruler - or exploit this knowledge for the benefit of their house.\nThe Interdependency is what you get when you mash up Dune, Game of Thrones, and the dialog writing of Buffy, the Vampire Slayer. Or when Scalzi writes a book about climate change on a galactic scale.\nThis is grand scale space opera, the final days of a great empire set by construction for inevitable decay. The Collapsing Empire the first in a series (the next part is scheduled only for 2019, though), and a decent opener - but there is a lot of world-building and intrigue-setup going on and so it has its lengths. It\u0026rsquo;s a great foundation, though\n\u0026ldquo;The Collapsing Empire \u0026rdquo;, John Scalzi, EUR 1.19, (Kindle )\nBecause Scalzi is also political, and there has been a lot of US-politics fighting over the Hugo awards involving his works, there exists of course a Vox Day parody, The Corroding Empire .\n","date":"2017-11-08T00:00:00Z","href":"https://blog.koehntopp.info/2017/11/08/fertig-gelesen-the-collapsing-empire.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: The Collapsing Empire"},{"categories":null,"content":" The people of Earth are on the verge of transcendence: They almost managed to create mind uploads, they are on the verge of creating true synthetic AI, they have been traveling to remote stars and are beginning to terraform worlds, on which they will seed Earth lifeforms and uplift them. All this progress, though, draws the ire of militant terrorists from the \u0026ldquo;Non Ultra Nature\u0026rdquo; radicals, which culminates into the sabotage of Brin 2 lab while seeding a terraformed world, and at the same time the complete destruction of humanity and its in-system colonies back home.\nThe Brin lab goes into stasis, trying to preserve the body and mind of its sole survivor, Dr. Avrana Kern, in the form of an experimental upload. Meanwhile, on the world below, the uplift nanovirus has made it down the terraformed world, but the payload - a barrel of monkeys - has not. So the nanovirus tries to find other lifeforms to uplift - and finds Portia labiata .\nThousands of years later the newly evolved intelligences of Kern\u0026rsquo;s world are being rediscovered by the survivors from the Terran system that made it into space again. But Earth has become uninhabitable, while Kern\u0026rsquo;s world is now home a the biotech civilisation of large, intelligent spiders.\nTelling an epic, generation-spanning story of entire civilisations and still having relatable characters that tie everything together is not easy. If many of the characters are pumpkin-sized venomous jumping spiders it\u0026rsquo;s even harder.\nTchaikovsky pulls that off, elegantly and entertainingly. Great writing, recommended read.\n\u0026ldquo;Children of Time \u0026rdquo;, Adrian Tchaikovsky, EUR 5,99, (Kindle )\n","date":"2017-11-07T00:00:00Z","href":"https://blog.koehntopp.info/2017/11/07/fertig-gelesen-children-of-time.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: Children of Time"},{"categories":null,"content":" »In the early twentieth century, the Congress of our great nation debated a glorious plan to resolve the meat shortage in America. The idea was this: import hippos and raise them in Louisiana\u0026rsquo;s bayous. The hippos would eat the ruinously invasive water hyacinth; the American people would eat the hippos; everyone would go home happy. Well, except the hippo\u0026rsquo;s. They\u0026rsquo;d go home eaten.«\nThis plan, on which Congress did not follow through in our timeline, is the premise and the setting for Sarah Gailey\u0026rsquo;s alternate universe story \u0026ldquo;River of Teeth\u0026rdquo;.\nSo we get the sad story of Winslow Remington Houndstooth, a hippo farmer who lost everything in a fatal fire and now takes on shady jobs or government work, whatever pays the bills. Houndstooth is a Hopper, a hippo riding swamp cowboy, and he just took the job of cleaning a large body of water in the mouth of the Mississippi from feral, man eating hippos.\nHe assembles a gang of unlikely companions to help him with that, but he is up against a shady gangster running a gambling empire who is not amused of civilisation arriving at all. And of course there is a traitor in his team.\nThis is a short read of less than 200 paper-pages, but it\u0026rsquo;s also not expensive. The premise is completely insane, the characters are one-of-a-kind, refreshingly non-heroic, and have a lot of history together - which we discover as we go along.\nGood for one evening, but it will be a fun evening.\n\u0026ldquo;River of Teeth \u0026rdquo;, Sarah Gailey, EUR 1.99, (Kindle )\n","date":"2017-11-07T00:00:00Z","href":"https://blog.koehntopp.info/2017/11/07/fertig-gelesen-river-of-teeth.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: River of Teeth"},{"categories":null,"content":" Fanless devices A cellphone or tablet is a fanless device. So is the 12\u0026quot; Macbook. That means you can do whatever is possible at any point in time within a TDP of approximately 5W.\nHere is the power consumption of my cellphone over a 12h period. The scale on the left is mW, down is discharge, up is recharge (plugged in). It\u0026rsquo;s basically limited to 5W, and that only for short periods of time.\n]\nCellphone power over time. Green bar = plugged in. Yellow bar = Screen on.\nThese devices also have batteries, and when they are running on batteries, they need to be sleeping most of the time and have their display off. Whenever they are not dark and/or sleeping, they drain the battery, fast.\nThese two facts are the reason why most people playing Ingress have done so in Fall and Winter, and why they all have cabled up enormous power banks to their equipment. That\u0026rsquo;s also why your cellphone used for navigation will reboot after an hour or two of driving, unless you remove the protective bumper and put the holder into the airflow of the dash vent. Also, white devices are better than dark devices on sunny days on the Autobahn.\nLaptops with active ventilation Your laptop probably has a fan. Mine does. It is still mostly idle, but it is easily out of the TDP for fanless devices.\nThis machine is currently drawing 12.1W. The fans are hardly moving.\nIf I want to test what this machine could use, I could start a game. Most games are busy waiting event loops, that is, they keep the machine as busy as possible, and they are also exercising all the 3D circuitry in the box quite well. My laptop will never exceed 40W or so, doing this.\nGaming machines The gaming box underneath the desk is another matter. The graphics card is supposed to eat about 75W under load , the rest of the box probably as much. Thankfully, it has large 10cm fans that turn slowly, so it\u0026rsquo;s not as noisy.\nData center servers Large servers in a data center usually have one or two Xeon type CPUs, and depending on the kind of servers, some also have a small two digit number of harddisks.\nA rack full of Hadoop servers\nThese machines clock in at between 200-350W per server, and the power consumption is very much dependent on what the machine is doing . I can make these devices use up to 400W using mprime95 in torture test mode.\nYou can build mining rigs for Bitcoin, or rigs for machine learning. These things can become incredible hotspots, because each graphics card you add will contribute a three digit number of watts to your build. Interesting and extreme setups with up to 40.000 Watt per rack exist. They are very rare, and since you need to feed them a lot of power, also expensive to keep running.\nA rack with more than some 12kW to 14kW active in it will need water cooling. That complicates things, because you probably want the lowest disk in that rack to be higher than the highest drop of water, so placement constraints complicate the design.\nTL;DR: You process bytes. Things heat up. Depending on where you are, things will heat up so much that it is actually limiting what you can do. As technology improves, you can probably do more things with less heat, but it will still register.\n","date":"2017-11-07T00:00:00Z","href":"https://blog.koehntopp.info/2017/11/07/power-budgets-for-computing-resources-portable-and-stationary.html","tags":["data center","computer","lang_en"],"title":"Power budgets for computing resources - portable and stationary"},{"categories":null,"content":" All these worlds is the third and final part of the adventures of Bob, conqueror of the universe and saviour of humanity.\nBob started out as a dead computer programmer, uploaded as a control AI into the core of a von Neumann probe and spaceship. He then went forth and multiplied, mostly because he needed more of himself to cover up first his own fuckups and then to clean up the mess all of humanity made of his homeworld during his departure.\nThe book wraps up nicely with finding a homeworld for the survivors from earth, defeating the Others, his romance with Bridget, and his role as the Bawbe for the Deltans. So finally, after hundreds of years, the original Bob can finally point his bow to the stars and go out, truly exploring.\nAll in all a satisfying conclusion to a series that ties up all the lose ends.\n\u0026ldquo;All These Worlds \u0026rdquo; (Bobiverse 3), Dennis E. Taylor, EUR 4.47\n(Kindle , also unlimited)\n","date":"2017-11-06T00:00:00Z","href":"https://blog.koehntopp.info/2017/11/06/fertig-gelesen-all-these-worlds.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: All these worlds"},{"categories":null,"content":" Lori Clary is a software engineer and silicon valley geek, programming embedded systems and robot arms at General Dexterity for a living. She\u0026rsquo;s living the silicon valley lifestyle - basically coding all day, collapsing in her hole of a non-appartment, and not having contact with real people at all. With one exception: She\u0026rsquo;s ordering dinner from a delivery service that is run by two mysterious brothers, who make a mean spicy soup and crusty bread. The brothers have to leave, due to visa issues, but they leave her with the sourdough culture.\nShe\u0026rsquo;s learning to feed it, and to bake it, and soon she does not know what do with all the bread. Turns out people love her bread, and she needs to mass-produce it. Good thing that she\u0026rsquo;s working for a robot arm factory…\nSoon she\u0026rsquo;s joining a geeky underground farmers market with a techno-gothic flair. Robin Sloan is the author of \u0026ldquo;Mr Penumbra\u0026rsquo;s 24-hour bookstore\u0026rdquo;, und Sloan manages to keep the writing style and the \u0026ldquo;Silcon Valley Geeks meet the real world\u0026rdquo; feel, transplanting it successfully into a new story.\n\u0026ldquo;Sourdough \u0026rdquo;, Robin Sloan, EUR 5.49\n(Kindle )\n","date":"2017-11-06T00:00:00Z","href":"https://blog.koehntopp.info/2017/11/06/fertig-gelesen-sourdough.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: Sourdough"},{"categories":null,"content":"In 1982, Scott Fahlmann invented the use of :-) and :-( for marking up emotions or semantic context in written online communication. That was a great idea.\nThe :-) is just a symbol for an emotion.\nIt is specifically not a human face, it does not have a hair color, eye color, skin color or other human attributes. It is universal. Then some cellphone maker turned that into , anthropomorphising it.\nCome as it must, we soon get color, and it turns into 😀. That Simpsons yellow was read by some as white and non-inclusive, and here is where things start to break down.\nBecause the logical thing would be to stop here and revert back to .\nBut that is not what the Unicode consortium did. They went this way:\nThe Fitzpatrick Scale of skin colors inspired the U+1F3FB - U1F3FF suffixes for skin toned Emoji.\nThat was not a good thing. How do I know? In the wake of this change we got articles like Why White People Don’t Use White Emoji and Kendall Jenner is being accused of cultural appropriation for using the \u0026lsquo;wrong\u0026rsquo; emoji . That is, something that was supposed to be an annotation for conveying emotion became not only anthropomorphised to the point where that meaning is overshadowed by race, gender and culture issues. We are considering a full modification system for Emoji, in the (withdrawn) TR52 .\nTaking this to the logical conclusion, what we get is this:\nSkyrim Character Editor (modded)\nThat is, someone is taking the point of writing out of writing and is trying to put all the expression of a video chat or video game into a single glyph.\nComing back to the withdrawn TR52: we just got FROWNING PILE OF POO:\nFrowning pile of poo clearly has race issues.\nWe also get Emoji with hair colors and hair styles in Emoji 6.0 . And people in the Unicode consortium are not amused about the pile of poo with facial expressions , but while valid, it\u0026rsquo;s missing the larger point. What people actually would need is most likely something more like universal Giphy integration and less Skyrim character editor for Emoji. Sadly, nobody in the Unicode consortium is trying to fix this, and so we get a lot of symbol pollution in a thing that was supposed to be a writing system.\nIn another 15 years, we will achieve full egyptian hieroglyphs.\n","date":"2017-11-05T00:00:00Z","href":"https://blog.koehntopp.info/2017/11/05/unicode-is-over-and-it-dies-over-emoji.html","tags":["computer","lang_en"],"title":"Unicode is over and it dies over Emoji"},{"categories":null,"content":"#define MH_PIE 0x200000 /* When this bit is set, the OS will load the main executable at a random address. Only used in MH_EXECUTE filetypes. */ If that flag is on, MacOS will enable ASLR and the binary will have different load addresses for code, data, heap and stack every time it is running.\n$ sudo otool -h \u0026#39;/Library/Application Support/TrendMicro/TmccMac/iCoreService_tmsm\u0026#39; Mach header magic cputype cpusubtype caps filetype ncmds sizeofcmds flags 0xfeedfacf 16777223 3 0x80 2 20 2656 0x00018085 Check the \u0026lsquo;flags\u0026rsquo; for this. No 0x200000, no ASLR. Not here, and not on any other binary with \u0026ldquo;TrendMicro\u0026rdquo; in the pathname. And that is why you can\u0026rsquo;t have nice things.\n","date":"2017-10-20T00:00:00Z","href":"https://blog.koehntopp.info/2017/10/20/aslr.html","tags":["security","lang_en"],"title":"ASLR"},{"categories":null,"content":" Edgedancer Right now, one month before we get Oathbringer, the third part of The Stormlight Archive , we get Edgedancer. This is a Novella that previously was part of Arcanum Unbounded , a collection of short stories playing in the Cosmere . As a standalone Novella is has been expanded and is now 40k words long.\nEdgedancer picks up the story of Lift , a scrappy Reshi thief that happens to bond with a Spren to follow the path of the Edgedancer. Because Lift also had contact with the Nightwatcher, she has interesting additional capabilities, among them to touch Spren and to turn food into Stormlight.\nLift is a vagabond and has no desire to attach herself to anybody or anything, she sees connection as a liability. This is aligned with the Agent-of-Change aspect of the Edgedancer path, but in conflict with the caring and healing aspects of the Edgedancer, and the story explores that in the casual way that is typical for Sandersons storytelling. Lift gets into a conflict with Nale , the damaged Herald of Justice, and manages to bring this story arc to conclusion as well.\n\u0026ldquo;Edgedancer \u0026rdquo;, Brandon Sanderson, EUR 5.49\n","date":"2017-10-19T00:00:00Z","href":"https://blog.koehntopp.info/2017/10/19/fertig-gelesen-edgedancer.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: Edgedancer"},{"categories":null,"content":"[ ](Asperger\u0026rsquo;s on the Job)\nAsperger\u0026rsquo;s on the Job These weird people with headphones on, working strange hours, not wanting to stand in front of the group in Standups and for talks - what are they, where to they come from and how do you handle them at work?\nThe book is structured as a self-help book, assessing various aspects of Asperger Syndrome , how they manifest and what that might mean in the workplace. It also discusses personal and environmental mitigations. Each chapter concludes with a list of things that the Aspie and their employer could do, and leaves a number of questions that can help to develop a personal or environmental programme.\nUseful for people that live with a geek population, where the number of Aspies is supposedly higher than average, and for geek herders as well. Fast read, but not everything is useful. Still worthwhile.\n\u0026ldquo;Asperger\u0026rsquo;s on the Job \u0026rdquo;, Rudy Simone, EUR 13.45\n","date":"2017-10-16T00:00:00Z","href":"https://blog.koehntopp.info/2017/10/16/fertig-gelesen-aspergers-on-the-job.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: Asperger's on the Job"},{"categories":null,"content":"Ads on the web have many problems:\nAd selection criteria have been abused for dissemination of propaganda, for targeted malware attacks. Content sites have basically lost the control over what kind of stuff they deliver through the ad-space on their site. Tracking is increasingly a concern for users. Ads bloat sites, slow down page display times and mess with peoples mobile data plans. Ads use power and create heat in devices with a tight power budgets (basically, anything that runs on a battery and has no fans, phones, tablets, laptops). Ads play unwanted video and audio, open layers and windows, popovers and popunders. Ads destroy usability and layout on content sites. The market is collapsing: basically nobody is running a browser without an adblocker any more, and those that don\u0026rsquo;t adblock in their minds - clickthrough rates are nonexistent. So when everything is on fire, is there a unified group of stakeholders - content sites, browser makers, ad-industry leaders - at work to make things \u0026ldquo;better\u0026rdquo; or at least fix their broken non-business?\nWell, no. Says Marketingland in their article, ANA , 4As and IAB want to talk to CAB about their Better Ads program, but request being exempt from Chrome\u0026rsquo;s coming integral Adblock feature in exchange.\nNow, Mozilla and Safari are not part of CAB, and have little interest in joining, and also put a different focus on how to handle things: Safari tries to address tracking with their new Tracking Prevention , and it\u0026rsquo;s good enough to be widely hated . Other initiatives such as DNT were a failure - not because of a lack of interest on the user side, but because advertisers and sites were boycotting it.\nGoogle SVP of Ads and Commerce Sridhar Ramaswamy said, “Our hope is once this is in place, there’s no need for ad blocking on mobile.” On the other hand, things like Brainy Ape Apps play uninterruptible video ads for Free-To-Play (\u0026ldquo;Pay To Win\u0026rdquo;) apps with install buttons in the middle of educational games targeted age 4-10. Ramaswamy clearly is a very optimistic person. And as long as the Advertisers and their channels do not realize the depth of the shit they are in it still has to get worse before it can become better.\n","date":"2017-10-13T00:00:00Z","href":"https://blog.koehntopp.info/2017/10/13/so-what-is-the-state-of-the-ads-mess.html","tags":["advertising","copyright","lang_en"],"title":"So what is the state of the Ads mess?"},{"categories":null,"content":"There is a well known Github Gist \u0026ldquo;Latency Numbers Every Programmer Should Know \u0026rdquo;, which explains which things take how long.\nScaled Latency Numbers If you scale these things down 3 billion times, a clock cycle (0.3ns) becomes a second. And suddenly things are relateable. (Tweet )\nAnother attempt to visualize this , not entirely unlike this XKCD .\n","date":"2017-10-12T00:00:00Z","href":"https://blog.koehntopp.info/2017/10/12/latency-numbers-visualised-and-memorised.html","tags":["performance","computer","lang_en"],"title":"Latency Numbers, visualised and memorised"},{"categories":null,"content":"Katie Moussouris explains teh Cyber and how it is asymmetric:\n»\u0026quot;#Cassandra moment: Explaining that determining \u0026ldquo;cyber norms\u0026rdquo; in today\u0026rsquo;s world order misses emerging capabilities \u0026amp; motivations of new actors.\nForget \u0026ldquo;attribution\u0026rdquo;. Not what I mean.\nDeterrence, state responsibility, etc in existing state context assumes most want to keep stability. Plenty of non-terrorist smaller states \u0026amp; non-state-non-criminal actors have or can acquire capabilities \u0026amp; would not be sanctionable, for example when we think through deterrence strategies, consider not just world order we have that prefers stability, but those who prefer destability.\nWe\u0026rsquo;re erroneously trying to defend against a magnetic power reversal of the N \u0026amp; S poles, but the cyberwar powers are everywhere \u0026amp; unaligned.\nWe miss the point if we think the answer is to contain those weapons/tools.\nWe hurt defense when we limit their distribution for analysis.\u0026quot;«\n","date":"2017-10-12T00:00:00Z","href":"https://blog.koehntopp.info/2017/10/12/the-inherent-asymmetry-of-online-attacks.html","tags":["security","lang_en"],"title":"The inherent Asymmetry of online attacks"},{"categories":null,"content":"Pcgamer reports \u0026ldquo;Nvidia CEO says Moore’s Law is dead and GPUs wi replace CPUs \u0026rdquo;.\nNow, Jensen Huang might be a bit biased here, but he reminded us that \u0026ldquo;GPUs are advancing at a much faster pace than CPUs\u0026rdquo; and \u0026ldquo;that GPUs will replace CPUs soon, adding that at this point, designers can hardly work out advanced parallel instruction architectures for CPUs.\u0026rdquo; So what can a modern GPU do? Well, apparently Font Rendering is still a hard problem for GPUs, and a bottleneck in modern browsers. That\u0026rsquo;s not to say it\u0026rsquo;s not being done - the linked article contains lot of pointers. And an older article about the Ubershaders basically explains how the Dolphin GameCube/Wii-Emulator uses modern GPU hardware to live-emulate 2002/2006 GPU hardware, in realtime (for a short time, while the CPU in the background creates more optimised precompiled GPU setups and code).\n","date":"2017-10-12T00:00:00Z","href":"https://blog.koehntopp.info/2017/10/12/what-gpus-can-do.html","tags":["performance","gaming","lang_en"],"title":"What GPUs can do…"},{"categories":null,"content":" ]\nComputer Games are cheating A lot of computer games are cheating, so that you can actually have fun with the game. Read the thread.\n»Hey #gamedev, tell me about some brilliant mechanics in games that are hidden from the player to get across a certain feeling.«\n»This is probably somewhere way down the list, but third person game thumbstick correction is a favourite. Pretty standard in AAA. (know you know but extrapolation for readers) game detects collision blocks and steers player around them, ignoring direction of input. Pioneered (I think) by insomniac but popularised by Ubi.. One of the things I\u0026rsquo;m proudest of in Volume\u0026rsquo;s controls.«\n»Serious Sam, bullets are 1m thick when testing enemies, and 0m when testing world. So you can shoot near a corner, but hit enemy easily.«\n»\u0026ldquo;Am I weird for disliking a lot of these ideas (especially ones like dumbing down offscreen threats)? I prefer solutions that let the player feel impressive, but aren\u0026rsquo;t exactly hidden. Like modern schmup hitbox sizes.\u0026rdquo;\n\u0026ldquo;I\u0026rsquo;m getting tired of these things being described as \u0026ldquo;dumbing down\u0026rdquo;. The games that don\u0026rsquo;t do these things you\u0026rsquo;d not touch with a stick. Nothing is dumbed down, it\u0026rsquo;s simply a question of attention. Wanna fight large groups of enemies? We need to do this by necessity. The only thing that happens if we don\u0026rsquo;t is that you feel unfairly treated all the time because you had no chance to evade or react at all. And what\u0026rsquo;s the point of a mechanic if you don\u0026rsquo;t have a chance to learn and counter it? None. It\u0026rsquo;s just frustrating - you need a chance.\u0026rdquo;\n\u0026ldquo;\u0026rsquo;m not trying to knock the entire concept. Letting the player cheat a little to create those tense victory moments is an idea I can support. But I think \u0026ldquo;dumbing down\u0026rdquo; is a fair term in the way I intended it. An example was removing senses from some AI. Which is OK! A reasonable design decision. You\u0026rsquo;re literally making enemies dumber to help the player, but that can be justifiable.\u0026rdquo;\n\u0026ldquo;The term \u0026ldquo;cheating\u0026rdquo; does absolutely not sit right with me. It\u0026rsquo;s based on the assumption that without it it would just be harder. In reality however games would not be playable or utterly frustrating. So I don\u0026rsquo;t think dumbing down makes sense even if it seems like it.\u0026quot;«\n»\u0026ldquo;In Surgeon Simulator we hid many features to incite curiosity: for instance, if you dial your real phone number in the game, it calls you.\u0026rdquo; \u0026ldquo;Woah, is this real?\u0026rdquo; \u0026ldquo;True. And it plays a message integral to unlock a hidden level.\u0026rdquo; \u0026ldquo;Does it work across countries?\u0026rdquo; \u0026ldquo;If my memory serves me well, it does \u0026ndash; just needs adding the country code. God, I hope the dial-out server still runs! :D\u0026rdquo;«\n»\u0026ldquo;This is not helpful at all, but racing games used to have this rubber-banding thing going on to make sure races were \u0026ldquo;competitive.\u0026rdquo; \u0026ldquo;Totally is helpful but probably the most well-known. Mario Kart coined that one :)\u0026rdquo; \u0026ldquo;Oh right, and Civ: Beyond Earth supposedly rigged the enemy AI to have opposing ideologies to incite conflict. Peace was never an option.\u0026quot;«\n»\u0026ldquo;In Lone Echo Liv never ask you to do something, it\u0026rsquo;s always \u0026ldquo;we should\u0026rdquo; to prevent her from feeling bossy.\u0026rdquo; \u0026ldquo;Did you work on it? I could swear that\u0026rsquo;s not true, but would also find the choice \u0026hellip; let\u0026rsquo;s call it odd.\u0026rdquo; \u0026ldquo;Somehow that doesn\u0026rsquo;t sit right with me\u0026hellip; She was in charge. Do you feel like some of that feedback might\u0026rsquo;ve had sexist undertones?\u0026rdquo; \u0026ldquo;Potentially. But we also had the desire for them to feel more like friends or equals, despite her position of authority.\u0026rdquo; \u0026ldquo;That makes more sense to me :)\u0026quot;«\n»\u0026ldquo;The Xenomorph in Alien: Isolation has two brains one that always knows where you are and gives hints to the second that controls the body :D Far Cry 4 deliberately turns down the accuracy and damage of NPCs the more there are near the player. Helping you feel like a badass. :) F.E.A.R\u0026rsquo;s AI dialogue is selected by the NPC doing an action, then it tells another NPC to say it. Making it look like they communicate. Oh and Left 4 Dead keeps you on edge by deliberately targeting the player either farthest from the group or who has received less aggro. (It also deliberately gives you time to heal, but the time is based on difficulty and whether you\u0026rsquo;re working together as a group). Sneaky. Um\u0026hellip; Halo 2 helps players feel like they have influence over battle by forcing grunt NPCs to panic if elites are killed in proximity. Halo 3 embellishes this by having each fight act as a dance: first push forward, then fall-back and finally a last-stand against the player. The thugs in Arkham Asylum will avoid doing 180\u0026rsquo; turns at all costs to allow you to feel stealthy and sneak up behind them. Oh wait, remembered some more. Elizabeth in BioShock Infinite throws ammo/health/weapons to the player based on their current state. Running outta ammo? She\u0026rsquo;ll throw you a fresh gun. Nearly dead? A health pack! These items are spawned in by her and not found on the map. It creates a sense of relief and excitement by getting that thing you need at just the right moment. :D Despite the AI in F.E.A.R. being aggressive and trying to kill you, they\u0026rsquo;re actually designed to minimise the perceived \u0026rsquo;threat\u0026rsquo; you create. (The only reason they\u0026rsquo;re attacking you is because it\u0026rsquo;s the only real way in which they can completely eliminate the threat you pose to them) BTW, (shameless plug)\nI run a YouTube series on all of this game design/AI stuff .\nAll Far Cry games from 2 onwards dynamically add/remove NPCs to keep them within a short distance of the player.\nElizabeth in BioShock: Infinite tries to stand between you and your objective so you pay attention to her actions.\nAlien: Isolation\u0026rsquo;s xenomorph earns skills to counter yours. Like hiding in lockers? It\u0026rsquo;ll start to search lockers.\nZombies are spawned in inaccessible areas in Left 4 Dead (2) to give the illusion on how severe the infection is.\u0026quot;«\n»\u0026ldquo;Not sure if it was mentioned, but the tutorial in Halo 2 asked player to look up. Their input determined whether y-axis would be inverted.\u0026quot;«\n»\u0026ldquo;Is it ok to mention something we\u0026rsquo;re proud of in our own game? :P In Firewatch, a player not responding to dialogue prompt is a noted choice. The game reacts to non-response, and it helps create a feeling that ignoring someone has social consequence and the other person is \u0026ldquo;real\u0026rdquo;.\n»\u0026ldquo;In Bioshock if you would have taken your last pt of dmg you instead were invuln for abt 1-2 sec so you get more \u0026ldquo;barely survived\u0026rdquo; moments.\u0026quot;«\n»\u0026ldquo;In Gears, found out 90% of first time players don\u0026rsquo;t play a second multiplayer match if they don\u0026rsquo;t get a kill. That first game\u0026rsquo;s important\u0026hellip; So we started you off with some major advantages (like additional damage bonuses) that tapered off with your first few kills.\u0026rdquo; \u0026ldquo;seems unfair to other players.\u0026rdquo; \u0026ldquo;Only if you view multiplayer as everybody plotted against each other and not as a community where you need engaged players to begin with :)\u0026rdquo;\n»\u0026ldquo;In Fable 2, if the dog gets stuck navigating and gets far enough from the player, it\u0026rsquo;ll respawn off camera running to you. Reviewers praised this as realistic dog behaviour! More of a bug workaround, than a design feature as such, though.\u0026quot;«\n»\u0026ldquo;Silent hill shattered memories did a lot of this sort of thing. Maybe @mrsambarlow would like to share some of his favorites\u0026hellip;\u0026rdquo; \u0026ldquo;haha yes. Lots of stuff similar to other replies\u0026ndash; we wanted runs of a nightmare chase to be terrifying, but not block overall progress. So every time you re-spawned we robbed AI of a sense (smell -\u0026gt; hearing -\u0026gt; sight) and then started to reduce numbers. If you looked over your shoulder we slowed them down so they were always \u0026lsquo;almost on you\u0026rsquo;. Only 2 AI were allowed to chase you directly, the rest had to flank (2x speed) or run to room exits so the action in yr periphery was scary. The problem with these mechanics is that for players it works, but for journalists who replay and replay to break down systems it. Sometimes appears that the AI is dumb \u0026ndash; because the game thinks they\u0026rsquo;re struggling :)\u0026rdquo; \u0026ldquo;These are great, thanks for sharing! Should probably play it\u0026hellip; :) A lot of these tricks don\u0026rsquo;t work when you do it over and over again yeah\u0026rdquo; \u0026ldquo;Also in the first area of Shattered Dimensions, the only noticeable sound is a car alarm, making the player natrually look for the car. The car itself has it\u0026rsquo;s front lights flashing, and they just happen to be directed at the door the player is suppoused to go through.\u0026quot;«\n»\u0026ldquo;Add HP +1 to a destroyed enemy Spacecraft until you\u0026rsquo;re sure its in camera view to show players more explosions and spectacle on screen.\u0026quot;«\n»\u0026ldquo;All our games, on gamepad, trying to level down fast after looking up, the view will snap to horizon making you feel like you are precise.\u0026quot;«\n","date":"2017-10-12T00:00:00Z","href":"https://blog.koehntopp.info/2017/10/12/when-video-games-are-not-quite-playing-things-straight.html","tags":["media","gaming","lang_en"],"title":"When Video Games are not quite playing things straight…"},{"categories":null,"content":"Here is a user story for implementors of security systems and platform hardening initiatives:\nAs any user , I never want to get a \u0026ldquo;denied\u0026rdquo; message, but a \u0026quot; in order to do what you want you are missing the X permission\u0026quot; message in order to be able to track down the root cause and request the appropriate permissions more easily.\nIt\u0026rsquo;s not that hard, really.\nGitLab: You are not allowed to push code to this project.\nWell, it\u0026rsquo;s harder for some, apparently. That\u0026rsquo;s one hour of my life I am not getting back.\n","date":"2017-10-10T00:00:00Z","href":"https://blog.koehntopp.info/2017/10/10/a-sad-security-user-story.html","tags":["security","lang_en"],"title":"A (sad) security user story"},{"categories":null,"content":" Shared Space Experiment The Guardian has an article about a Shared Space Experiment at Amsterdam Alexanderplein.\nA Shared Space is an approach to urban traffic design in which segregation of traffic modes is minimized and signage or other regulation is taken away, leaving traffic participants to make up rules and agreements on the spot through interaction. Several preconditions need to be there in order for Shared Spaces to have a chance of working:\nThe general population involved must have a good traffic education : They must be, at least in principle, capable of handling traffic on their own. The traffic situation must be designed so that the various participants in traffic are aware of each other - they must have visibility of each other. Ideally, they should have need to deal with only one problem or danger at a time - problems need to be sequential , and things need to happen at human speed. Traffic needs to be slow and everybody needs to be comparable in speed. If these things are given, if you take away traffic lights and signage, the intention of getting people to interact and agree on how to safely proceed - to empower them - usually works out very favorably.\nThe new setup forced people to engage with their surroundings. They had to change the behavioural rituals they had fallen into in order to adapt. Instead of relying on traffic lights, they now relied on their own abilities and the cues of others.\nA paper referenced in the article Negotiation in Motion explains what goes on in more depth. The outcome: removing signals from a busy junction, it made journeys faster and interactions more pleasant. Now the approach is being copied across the city.\n","date":"2017-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2017/09/27/shared-space-experiment-at-alexanderplein.html","tags":["netherlands","mobility","lang_en"],"title":"Shared Space Experiment at Alexanderplein"},{"categories":null,"content":" Seriously, HR people ask the weirdest questions. \u0026ldquo;Where do you see yourself in five years?\u0026rdquo;\nFor a Twentysomething with no owned property and no family the truthful answer is of course \u0026ldquo;In a different company, twice removed. Not because you suck more than anywhere else, but, like, statistically.\u0026rdquo;\n\u0026ldquo;Where do you see yourself in five years?\u0026rdquo; \u0026ldquo;Week 27 or 28?\u0026rdquo; \u0026ndash; LionKingLee That time when you finish school and university and before you settle down with dependencies that make you immobile - it is an important time in your life. Use it wisely: Change jobs every two to three years, and make it count.\nThat is: understand that the people you work with are more important than the companies you work for - you are building your professional network. The companies you work for will change every few years, but the network you build will be with you for the rest of your life. It will be an important part of you and your career.\nThese people you are with in your wild years, they are the people who will recommend you to the company you are aiming for next. They will make sure that your CV is at least read, if you send it there. They will make sure that you have at least the first interview with that new shop. They are the people who will ask you, when they have a professional question regarding your area of expertise, and who will listen to your recommendations - for hiring, for purchase, or just for grounding some goofball ideas which may or may not turn into a startup.\nSeriously, HR people have the weirdest ideas. I met some once, who were wondering why self-assessment and 360º reviews and management reviews diverge so much. There are things like this for example (and that\u0026rsquo;s already one of the better solutions). But you are effectively typing feedback about your future network peers into a SaaS solution, and you know that.\nSo there is a third party company which collects data about me at work, and what others think about me. This company may or may not keep it around when we leave our current engagement, depending on legislation, this companies operational skills and culture:\nWould you trust a company with an Uber-like culture with this data?\nHow do you know if they are an Uber or not? If they keep it, and they are successful in their market, they will build a profile over my networks and my entire career, over each of our professional engagements over time. Yeah, one more profile to worry about, on top of the Google shadow, the Github and the Linkedin.\nAnyway, back when I was 20 (that was 1988), I learned the value of feedback - it is what helps you grow.\nI also learned that negative feedback is always delivered over coffee and beer, privately, face to face, and never, ever, written down.\nEspecially not in some random 3rd parties SaaS interface. You have no idea where it is going to end up, how long it is being kept or who is going to buy whom in the end. So, anything that goes into reports and reviews will of course be formatted in a way such that it does not damage the current and future relationship between my network and me. It\u0026rsquo;s not real and can\u0026rsquo;t ever be.\nAnd that was true already before systems like these, when HR was still working with paper folders and kept data in-house.\nSeriously, HR people have the weirdest jobs. Whatever technology you build, theirs can\u0026rsquo;t be automated, and in many ways not even effectively assisted.\n","date":"2017-09-11T00:00:00Z","href":"https://blog.koehntopp.info/2017/09/11/where-do-you-see-yourself-in-five-years.html","tags":["work","lang_en"],"title":"Where do you see yourself in five years?"},{"categories":null,"content":" Cargobike mum with child cycling independently on Upper Thames Street. Unimaginable before cycling infrastructure. \u0026ndash; Mark Treasure A lot of people in Germany, especially Bike Activists, are stuck in the 80ies, victims of the Kampfradler mentality. Let\u0026rsquo;s have a look at that:\nThe german word Kampfradler literally is made up from \u0026ldquo;Kampf\u0026rdquo; (fight) and \u0026ldquo;Radler\u0026rdquo; (cyclist) . A Kampfradler is a fighting cyclist, or confrontational cyclist. Wikipedia dates the Kampfradler to 2011, but it\u0026rsquo;s much older. I remember having used the term during my time as a student in Kiel, and that would date it to the mid-90ies at least. The Wikipedia article also puts it into the context of a bike rowdy, but it\u0026rsquo;s really older and it\u0026rsquo;s also being used by the Kampfradlers themselves with much more positive connotations.\nCyclists are being marginalised in many places in Germany, and it takes personal courage to be a presence in a car-centric traffic design and to reclaim the road. Roads designed for cars often leave cyclists no way to drive legal and safe at the same time. Kampfradler \u0026ldquo;know\u0026rdquo; that bike paths are multiple times more deadly than painted bike lanes on the road, claiming that bike paths hide cyclists until they suddenly appear when crossing a road, and the way this stuff is being constructed in Germany it is true that visibility of cyclists is suboptimal and often outright dangerous.\nThe Omafiets is being used by everyone, Omas as well as Jongens or businessmen.\nAs a German living in the Netherlands, I have a direct comparison between bike paths constructed for example in Kiel, in Berlin and in places like urban and historic Amsterdam and rural, recently built Vijfhuizen.\nThere are a lot of observations to be made:\nCasual and everyday Biking in the Netherlands means casual biking at casual speeds. The goal is to move swiftly, but relaxed. The Omafiets lets you sit upright, with handlebars that curve gently towards you like the wings of a swallow - unless you get wind from the front, in which case you might put the lower arms onto the handlebars to have a lower and more aerodynamic profile. The Objective is to move, but not to sweat.\nAll Ages and Abilities (AAA) Bike paths in the Netherlands are being built for everyone. That not only includes, but specifically means weak participants in traffic - elderly people as well as very young children. The image at the top of this article is not from the Netherlands, but might have been shot around here as well. The thinking expressed in the tweet coming with the image is also fitting for the Netherlands. A situation like in this image will simply never happen with bike lanes that are painted on a street - it is a thing that only happens with separated biking infrastructure.\nSegration - paint is never enough Biking infrastructure is not just separated bike paths. It also includes ways of crossing roads in a safe way. A lot has been learned about this in the last 25 years - see this article in my blog Ideally, a bike path crosses the road on a bridge (N205 near Vijfhuizen ) or in a tunnel (N205 near Vijfhuizen ), so that cyclists and cars cannot even conflict.\nWhen bikes and cars share a road without any kind of separation, car traffic is limited to 30 km/h. Usually not just by signage, but also using physical limitations, such as drempels.\nRoundabouts are being used more a lot, compared to Germany and they can be an awesome tool control car traffic speed, simplify intersections and keep traffic flowing in residential areas. A small roundabout in Vijfhuizen shows the red bikepath leaving the road, crossing at the side of the roundabout and the continuing again directly on the road. This solution is less than ideal, but safe enough at the local traffic density and speed to be mastered by a 7 year old on a bike alone, safely.\nThis roundabout in Amsterdam is very busy and crosses a tram line, two major inner city roads and quite some bit of bike traffic on the same floor level. Building the bike path as a road, wide and with two directions, next to a road, makes biking more comfortable, also also simplifies leading traffic across intersections and does not even necessarily use more space.\nAn example can be seen here next to Haarlem , leaving for the Dunes. They also make other \u0026ldquo;typical\u0026rdquo; problems that Kampfradler experience immaterial - dooring does not exist in bike infra built this way.\nMore examples in this article about cycling infrastructure (also parking!) from Utrecht - a city with a historic city center that has built itself into one of the most bike friendly environments in the Netherlands.\n","date":"2017-09-08T00:00:00Z","href":"https://blog.koehntopp.info/2017/09/08/separate-infrastructure.html","tags":["mobility","netherlands","lang_en"],"title":"Separate Infrastructure"},{"categories":null,"content":" One of the weirdest and most interesting characters in the DC Universe is Wonder Woman, because she is full of seemingly irreconcilable contradictions. Created by a man, William Moulton Marston , in 1941, her history is actually deeply rooted in the Suffragette movement of the early 20th century. Marston owes much of the ideas and the origin myth to earlier stories from that era and cosmos, through his wifes Elizabeth Holloway Marston and Olive Byrne, and through Olives Byrne\u0026rsquo;s connection with Ethel Byrne and Margaret Sanger .\nThe book is a biography of Marston, but really is a history of feminism in the United States, and also making a case that there are no waves , but one large, meandering river. A much recommended, very unexpected find, and an eye-opening view on a bunch of unique characters, both real and imagined.\n\u0026ldquo;The Secret History of Wonder Woman \u0026rdquo;, Jill Lepore, EUR 8.32\n","date":"2017-09-04T00:00:00Z","href":"https://blog.koehntopp.info/2017/09/04/fertig-gelesen-the-secret-history-of-wonder-woman.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: The Secret History of Wonder Woman"},{"categories":null,"content":"Here is the question:\nHow much infrastructure do we need when ALL 8 million vehicles (and buses and trucks!) in the Netherlands go electric? The answer will surprise you: we could get to 100% electric transportation in the Netherlands, just by converting the 4000 existing gast stations to fast charging stations which have an average of 14 fast chargers.\narticle then plays with numbers a bit: Kilometers driven, electricity used, number of chargepoints, charging rates.\n(for germans: The Netherlands compare in area and population pretty well to Nordrhein-Westfalen)\n","date":"2017-09-04T00:00:00Z","href":"https://blog.koehntopp.info/2017/09/04/how-many-chargers-are-necessary-to-convert-the-netherlands-to-electric-cars.html","tags":["mobility","netherlands"],"title":"How many chargers are necessary to convert the Netherlands to electric cars?"},{"categories":null,"content":" Berliner Sparkasse Onlinebanking FAQ :\nWhy do I get the message \u0026lsquo;mobile device, can\u0026rsquo;t perform smsTAN money transfer\u0026rsquo; when using my Desktop computer.\nA possible cause is the display resolution. Your computer is being detected as a mobile device by our online banking system. smsTAN is not working from a mobile device.\nSolution: Change the display resolution\nSo 1920x1080 does work, but 1080x1920 doesn\u0026rsquo;t.\n","date":"2017-08-28T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/28/why-i-cant-transfer-money-with-my-monitor-upright.html","tags":["security","lang_en"],"title":"Why I can't transfer money with my Monitor upright"},{"categories":null,"content":"Today is a weird day. First thing is a friend asking about help with community management. And next thing is Fefe reiterating his longstanding fallacy (Rant in German ) that programmers are able to do anything just because they are able to do one thing (here: Community Management). The TL;DR is that he rants against non-programmers showing interest into programming projects because they like the software, thereby ruining everything by not being programmers.\nDabei ist es so einfach, sich in einem Projekt Respekt zu erarbeiten. Leiste einfach was. Erwarte nichts als Gegenleistung. Problem: Jede Minute über dich oder deine Leistungen reden macht 10 Minuten tatsächliche Leistung kaputt.\nBut it is easy to get respect in a project: Just show something useful. Don\u0026rsquo;t expect a return. Problem: Every minute speaking about yourself or your results ruins ten minutes of actual useful work.\nThat is, of course, nonsense. It just shows, like his example about the closed umatrix bug tracker, a complete lack of understanding of the communication situation and a failure to organise the the communication efficiently.\nThe dclp experience Back in late 1999, early 2000, I started a USENET newsgroup, de.comp.lang.php. As the name suggests, it was a german language newsgroup about the PHP programming language. It wasn\u0026rsquo;t the first communication project I started, and I also had been online and in USENET quite some time, and so I did it with an agenda and a plan (longer article ) with German introduction and english language content about this).\nAt that point in time the German Linux newsgroups (and the German Firewall newsgroups) were good counterexample to community management. There was demand for drive-by support by newbies, but instead of dealing with the demand, flamewars were the rule, and the spillover from the flamewars was drowning the useful content of the group. Even with filters, the group was impossible to read.\nIt was my intention to actively discourage such a development in the newly instantiated de.comp.lang.php. This was done by writing short, well researched articles answering typical newbie questions, following a specific short form recipe with a certain order of events. These answers were collected, refined into a slightly more general form, and the reused to answer recurring topical questions even faster. I set myself an arbitrary time limit (no more than 60 minutes a day), and fell into a rote quickly.\nThe assumption was that people flaming noobs in the group were trying to generate Karma by grabbing attention. By being able to usefully answer the questions using short, well written articles with tested, reusable answers and a recognisable form I would publicly grab more Karma and generate envy, encouraging people to imitate me.\nThat worked.\nThe other assumption was that the newbies are actually friendly, so if you are perceived as friendly and helpful, you earn respect and authority, which you can spend immediately to inject a second answer to a question they had better asked, but didn\u0026rsquo;t, into their cognitive stream.\nThat did work, too.\nThe short form was always a quote of the actual problem the noob had, an optional rephrasing of the question into something clearer (\u0026ldquo;I understand that as \u0026hellip;\u0026rdquo;) and then building a short, specific bridge pointing to a specific answer in the FAQ, explaining in a single sentence why the FAQ answer is relevant and how reading the answer will help in the context of the actual question. If the noob showed behaviour unsuitable for USENET regulars, I then often appended a sentence or two explaining the problem and how it could be fixed to avoid future problems, or how to ask better questions or similar improvements. The deal was \u0026ldquo;Remove their block, enable them to continue, and then shove additional info into their mind that improves \u0026rsquo;them\u0026rsquo; in a way that is useful to \u0026lsquo;us\u0026rsquo;.\u0026rdquo;\nUsing the proper tools and sticking to the form enables highly efficient article generation: Within the allocated hour, I could generate easily 30-60 friendly, actually helpful, well tested answers and use the Karma to educate noobs. I was also carpet bombing the group with useful content, drowning out the flamers - the opposite of the Linux groups. And because I was emotionally disengaged, professionally friendly all the time, I was able to sustain that virtually infinitely.\nI did not invent that form - it was pre-existing and shown to work in a slightly different way in comp.lang.c for a long time. Unlike the de.comp.lang.php FAQ, the comp.lang.c FAQ also experienced a second compression from FAQ to actual book by Peter van der Linden - I never found the time to do that (Read Peter\u0026rsquo;s books, he\u0026rsquo;s an awesome explainer).\nOther examples This is not the only way to manage communities, or maintain order in online forums. I have an older talk about \u0026ldquo;Flames - Online Communication Breakdowns\u0026rdquo; (German video recording ) which touches on experiences with de.comp.lang.php, but also on different approaches chosen for de.rec.spiele.rpg.misc (drsrm FAQ in German ) and de.talk.bizarre (don\u0026rsquo;t look at dtb , that dtb is not the dtb you are looking for). I also explain why these things require different approaches.\nThere is even more help available online, and some of it is even useful for programmer-type minds. Building Successful Online Communities: Evidence-Based Social Design is a collection of articles and case studies that shows different possible approaches and what their applicability and usefulness is.\nIf you have a programmer-type mind, Pieter Hintjens Social Architecture: Building Online Communities might be more useful for you. It just highlights how misguided, helpless/clueless and badly implemented things like the umatrix bugtracker shutdown or Fefe\u0026rsquo;s rant are:\nThere are useful tools to handle this, efficiently, out there, you just don\u0026rsquo;t know them and you are making things worse with what you are doing right now. So stop doing that, and learn what works, then follow that. And fast, before you break it completely.\u0026quot;\nAlso,no, this is not about not at all about SJW inclusionists or project maintainer privilege abuse. It\u0026rsquo;s about programmer-type persons not having an appropriate repertoire of possible reactions to an influx of newcomers, and then frustration, change-averseness and panic kicking in in this order.\nThat\u0026rsquo;s also a normal thing, and there are ways to deal with this appropriately as well - these are things that can be taught and learned, to anyone who is willing to stop, understand that they are out of their depth and then to listen.\n","date":"2017-08-23T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/23/community-management.html","tags":["erklaerbaer","community","usenet","lang_en"],"title":"Community Management?"},{"categories":null,"content":" »Yay for discounts, aber die Einstellung vom Köhntopp finde ich ja eigentlich ziemlich vermessen und ekelhaft.« Back in the day at university, there used to be a group of people who went to the Cinema every week on Thursday. We were sometimes six, sometimes more like ten people, but at the core it was a pretty stable group. Ticket sales started one week before and we are pretty consistently getting our tickets pretty much the hour ticket sales started.\nBecause we were having reserved, numbered seats, we were usually late arrivals, sometimes trying to get into the film after the Ads, but well before anything serious started rolling. Over the course of time, the Cinema managed to double-sell our reserved seats on several different events. And despite the fact that all tickets have a sell-date printed on them, they didn\u0026rsquo;t give the seats to the people with the early tickets, but to the people who arrived first. So we stopped that, and that was 200 DM a week less for the Cinema - or maybe not, because then they would probably care more.\nAnd I learned a thing:\nExperience does not really matter and neither does freshness. I was fine not seeing a film the week it was released. There is in fact a steady stream of films coming down the pipeline, and if you offset yourself a few years from releases, all things will eventually come to you for free on the pretty excellent German TV.\nI rather spent money on one of the first HDD DVRs available, a Schneider Prime Timer. Well, Heinz did, but that\u0026rsquo;s a different story. I also learned that even with a mediocre home setup the experience at home on the average is better than in the Cinema. Mostly that is because the experience is much more reliable - less chance of annoyance - and because I can back out of crap much more easily if it does not grip me in the first 20 minutes.\nThen MP3 happened, and while Napster was pretty unreliable, it did sell cheap ATA HDDs instead of proper SCSI HDD to me, and I ripped the 600 or so CDs I had - all of them purchased for 20 DM or less. Most of them I got much, much cheaper. Because Cinema taught me to wait and grab stuff when it was on sale and not when it was released.\nI took these Rips to my friends, offered them a copy and asked if I could borrow their CDs, and yes, all of them. So 40GB wasn\u0026rsquo;t enough, and pretty soon I ended up with some Terabyte or the other.\nAnd I learned another thing:\nThere is no overlap. So the friends I had, each of them had approximately as many CDs as me, some more, some less, but all of them literally hundreds. After merging a dozen collections, there was considerably less than a three digit overlap in number of Albums. Apparently taste and interest vary wildly and the long tail is most likely way, way longer than you think.\nAlso, I found a lot of music that I did not know about, and which I really liked. I mean, my wife listens to K-POP and I am not even angry! These days I have a 30kg home server that\u0026rsquo;s full of hard disks, always on, and that uses Subsonic to stream stuff to the Sonos Systems, because that works.\nOnly that nobody actually uses that, because we also have GPMAA Family, and that\u0026rsquo;s much more convenient for some reason - we like to stream. There is also a Netflix and an Amazon Prime, and for some reason we are using that, and not the Subsonic, to watch movies.\nThere is still a shelf of DVDs, but the actual couch-algorithm is \u0026ldquo;Check werstreamt.es\u0026rdquo;: If it is available on Netflix or Amazon, go there. If not, either watch something else, or get it from a Torrent. We are literally not even bothering checking the local file server or trying to find a USB DVD drive to hook up to the TV server and pulling the media from the shelf.\nGeneral DRM and optical media unreliability features big in this: Usually, the torrent is already finished by the time I found the drive, put in the DVD, got it out again, blew away the dust from the optics, try again, only to learn that the computer\u0026rsquo;s media player does not handle the DRM fuckery on this particular disc very well.\nI eventually learned to trust the Streaming and the Torrent more than my local media. That even includes books: Amazon Prime comes with Amazon unlimited, and German Book Stores have taught me that for anything in foreign language it is not even worth bothering.\nWhat actually works: a Kindle. I once owned a room full of Paper Scifi - about 2000 books or more, but then I had to move. These days, I do not buy paper books any more - unless they are Comics or graphics rich Coffee Table experiences.\nAnd here is a thing: once you go Kindle, you go KDP/Indie, and for Scifi that means all books are $10 or less. Actually, for $0.99 I am giving even pretty things with questionable blurbs a try, because you never know, and the financial risk is very controlled.\nEssentially, all my experience has converted to electronic media, and then to streaming, even reading. So, Games: Yeah, I grew up in the Eighties, and fell into Games, and then into cracking them in the mid Eighties. I found that cracking them, and understanding how they work, is actually more fun than playing them - and so I stopped playing for some 15 or 20 years. You can thank Ingress for the fact that I am even looking at games again at all.\nAnother kind of very long tail.\nAround the time I got my first smartphone, Humblebundle appeared and started to offer Android Mobile Bundles. They contained amusing stuff and I bought them - generally for the minimum required price to unlock all the things that I had a mild interest in, or that I thought the child may have in interest in in a few years time.\nTurns out, you collect cellphone games at an amazing rate that way. And turns out they are not actually cellphone games. Because if you accidentally look into your Humblebundle account: My God, it\u0026rsquo;s full of Steam Keys - whatever that is.\nAnyway, so I happen to own not quite 300 games, which are most likely to be not bad at all, and out of which I have probably played about 10 or less past the point of Steam Refund. And that\u0026rsquo;s fine with me, because I probably paid about one Dollar, each, on the average.\nBut all that is the competition any of the new stuff you are trying to sell me is up against. I am an adult with a well paying job, a family and a child. Where do I put my time? Games last, pretty much. I don\u0026rsquo;t have that much of a monetary constraint on my purchases per se, but I have been trained that you never do media, any media, at full price, because it\u0026rsquo;s a rip-off.\nAlso, I have learned that media ages well, so it\u0026rsquo;s kind of okay to let it lie for a few years. That\u0026rsquo;s particularly true for computer games, it appears, because bugs.\nSo here is what it looks like at home: There is a single, very expensive Windows computer in the house, and it autoboots into Steam and streams to the TV Mac or our Laptops. There is also a very large file server, which in two years time will become a tiny Raspi-like Device with a two-digit TB piece of Flash. There is large pile of Sonos Hardware. There\u0026rsquo;s a TV with a Mac and DVR software. There is a FTTH connection subscription. There are GPMAA Family, Netflix, and Amazon Prime Subscriptions.\nAnd there is a hard rule to never buy any media without substantial discount, because life told us for multiple decades that this how it works:\nDon\u0026rsquo;t judge media by the amount of work or love that has been poured into it. Judge it by what other media you can get instead for that money, because there is plenty of other stuff that\u0026rsquo;s not bad at all. And nobody can even begin to make a dent into the pile in a single lifetime.\nAnd that is why you can\u0026rsquo;t have nice things. Don\u0026rsquo;t look for a career in art or media.\nSome people define themselves through Media. That\u0026rsquo;s ok, but that\u0026rsquo;s not me. Some people define themselves through Media. That\u0026rsquo;s ok, but that\u0026rsquo;s not me, that\u0026rsquo;s John Cusack , and I am not him, I am the copyright fairy .\n","date":"2017-08-13T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/13/why-you-cant-have-nice-things.html","tags":["media","copyright","lang_en"],"title":"Why you can't have nice things…"},{"categories":null,"content":"The history of serialize() and unserialize() in PHP begins with Boris Erdmann and me, and we have to go 20 years back in time. This is the day of the prerelease versions of PHP 3, some time in 1998 .\nBoris and I were working on code for a management system for employee education for German Telekom. The front side is a web shop that sells classes and courses, the back end is a complex structure that manages attendance, keeps track of a line manager approval hierarchy and provides alternative dates for overfull classes. In order to manage authentication, shopping carts and other internal state, we needed something that allowed us to go from a stateless system to a stateful thing, securely. The result was PHPLIB , and especially the code in session.inc .\nThat code contained a function serialize(), which created a stringified representation of a PHP variable and appended it to a string. There was no unserialize() necessary, because serialize() generated PHP code. eval() would unserialize().\nOne of the problems we had to solve was that PHP3 was slow. So if we were to write out a serialized representation of variables, we would have to write a parser for that, and that parser better be fast, because it would be executed at the beginning of each and every page load. We already had such a parser, and it was the fastest parser available, PHP itself. So we decided to write a function that takes a variable, recurses through that variable and generated PHP code to recreate the variable if that code would be executed.\nFor scalars, that is trivial .\nFor an array, that is possible with a simple recursion over each element .\nFor objects, things are complicated.\nFirstly, in PHP3, an object does not have the slightest clue what it\u0026rsquo;s classname is. Secondly, an object might have instance variables that we do not want to be part of the stringified representation of the object, for example file and image file handles or other resources. We solved both problems by requiring serializable objects to have metadata instance variables, classname and persistent_slots\u0026quot;.\nFor unserialize, we simply executed that code inside an eval().\nFrom PHP 4 onward, Sascha Schumann wrote a C implementation of session management that became a standard part of PHP, which was largely based on our ideas. Unlike us, he made PHP store session data in the filesystem, inheriting our idea of probabilistic session expiration. He also converted the data format from PHP Code to the current representation.\nAnother problem that needed adressing was code uniformity: If you load a serialized object written by another web page of your application, that object has a class. And the code for that class needs to be loaded before you can load and re-instantiate that object. Basically, you saved an instance $a of DemoClass, and if you load that instance again, running unserialize() on it, PHP needs to know what a DemoClass is and how to make one, using $a = new DemoClass(), before it can fill in the values of all instance variables. So the includes of your app better be the same on all pages, or you invent the Autoloader .\nThe Autoloader originally was a simple callback function that would be invoked every time you want to make an instance of an unknown class. The function would get the name of the missing class as a parameter, and would then be responsible to produce a class definition for that class.\nfunction __autoload($missing) { echo \u0026#34;Class $missing is missing.\u0026#34;; include(\u0026#34;$missing.class.php\u0026#34;); } $a = new DoesNotExist(); This is your classic suicide autoloader: Whenever an undefined class is being encountered, __autoload() is being called with that classname. It would then try to include a file with that name (and all dots and slashes that you manage to falsify into that name) and hope that this would contain code that defined a class with a matching name.\nReal autoloaders should not look like this (but often they are close enough to this code to contain exploitable security problems).\nToday the autoload mechanism of PHP is more complicated. It has a default autoloader , a mechanism to manage a stack of autoloaders , and a bunch of other things such as file extensions and include path names to influence all that. It is also quite good, even if more sophisticated serializers exist .\nSo what is the state of unserialize() in PHP these days, and why?\nThat was a controversial Tweet It links to this:\nReally Good Advice™ People object:\nPeople object but given the little tour above, you should be able to understand how unserialize() cannot really be made safe for import of foreign data. You can unserialize() stuff your code has written, after having verified that the data you read still is the data you have written, using salted hash_hmac()s on said data. That\u0026rsquo;s going to be reasonably safe.\nYou can\u0026rsquo;t, ever, use unserialize() as a data interchange format with other application or an end user. unserialize() is not an exposable API. Never was. Other functions and formats for this exist. Use those. Here is some code to try:\n#! /usr/local/bin/php \u0026lt;?php function show_serialize1() { $a = 1; $str = serialize($a); file_put_contents(\u0026#34;demo\u0026#34;, $str); } function show_serialize2() { $a = array(\u0026#34;fnorp\u0026#34;, \u0026#34;glorp\u0026#34;, \u0026#34;dorp\u0026#34;); $str = serialize($a); file_put_contents(\u0026#34;demo\u0026#34;, $str); } function show_serialize3() { class DemoClass { private $priv = \u0026#39;priv\u0026#39;; protected $prot = \u0026#39;prot\u0026#39;; public $pub = \u0026#39;pub\u0026#39;; public function __construct() { echo \u0026#34;Constructed.\\n\u0026#34;; } public function __sleep() { echo \u0026#34;To be serialized\\n\u0026#34;; return array(\u0026#39;priv\u0026#39;, \u0026#39;prot\u0026#39;, \u0026#39;pub\u0026#39;); } public function __wakeup() { echo \u0026#34;Just unserialized.\\n\u0026#34;; } } $a = new DemoClass(); $str = serialize($a); file_put_contents(\u0026#34;demo\u0026#34;, $str); } function show_serialize4() { $a = array(1); $a[] = \u0026amp;$a[0]; $b = \u0026amp;$a[0]; $a[1] = 2; echo \u0026#34;References inside an array work:\\n\u0026#34;; print_r($a); echo \u0026#34;References across unserialize:\\n\u0026#34;; $b = unserialize(serialize($a)); echo \u0026#34;b is unserialized a:\u0026#34;; print_r($b); echo \u0026#34;Does the ref still work?\\n\u0026#34;; $b[1] = 3; print_r($b); } function show_unserialize1() { $str = file_get_contents(\u0026#34;demo\u0026#34;); $x = unserialize($str); print_r($x); } function define_democlass($class = \u0026#34;none\u0026#34;) { echo \u0026#34;We want $class defined.\\n\u0026#34;; class DemoClass { private $priv = \u0026#39;fnorp\u0026#39;; protected $prot = \u0026#39;glorp\u0026#39;; public $pub = \u0026#39;dorp\u0026#39;; public function __construct() { echo \u0026#34;Constructed.\\n\u0026#34;; } public function __sleep() { echo \u0026#34;To be serialized\\n\u0026#34;; return array(\u0026#39;priv\u0026#39;, \u0026#39;prot\u0026#39;, \u0026#39;pub\u0026#39;); } public function __wakeup() { echo \u0026#34;Just unserialized.\\n\u0026#34;; } } } function show_unserialize2() { spl_autoload_register(\u0026#39;define_democlass\u0026#39;); $str = file_get_contents(\u0026#34;demo\u0026#34;); $x = unserialize($str); print_r($x); } if (! isset($argv[1])) { echo \u0026#34;Please start with \u0026#39;ser\u0026#39; or \u0026#39;unser\u0026#39;\\n\u0026#34;; exit(1); } switch($argv[1]) { case \u0026#34;ser1\u0026#34;: show_serialize1(); break; case \u0026#34;ser2\u0026#34;: show_serialize2(); break; case \u0026#34;ser3\u0026#34;: show_serialize3(); break; case \u0026#34;ser4\u0026#34;: show_serialize4(); break; case \u0026#34;unser1\u0026#34;: show_unserialize1(); break; case \u0026#34;unser2\u0026#34;: show_unserialize2(); break; default: echo \u0026#34;Wot?\\n\u0026#34;; exit(1); break; } You can use this to see what serialized data looks like:\n$ ./probe.php ser1; cat demo; echo i:1; More complicated stuff such as arrays:\n$ ./probe.php ser2; cat demo; echo a:3:{i:0;s:5:\u0026#34;fnorp\u0026#34;;i:1;s:5:\u0026#34;glorp\u0026#34;;i:2;s:4:\u0026#34;dorp\u0026#34;;} Also, references half-work, if they are internal:\n$ ./probe.php ser4 References inside an array work: Array ( [0] =\u0026gt; 2 [1] =\u0026gt; 2 ) References across unserialize: b is unserialized a:Array ( [0] =\u0026gt; 2 [1] =\u0026gt; 2 ) Does the ref still work? Array ( [0] =\u0026gt; 3 [1] =\u0026gt; 3 ) but serializing a reference $b that points to $a does not work: The value $b is referencing is saved, and the unserialized variable will have a value, but will not reference the previous value. There is no error or warning.\nHere is what we do to Objects:\n$ ./probe.php ser3; cat demo; echo Constructed. To be serialized O:9:\u0026#34;DemoClass\u0026#34;:3:{s:15:\u0026#34;DemoClasspriv\u0026#34;;s:4:\u0026#34;priv\u0026#34;;s:7:\u0026#34;\\*prot\u0026#34;;s:4:\u0026#34;prot\u0026#34;;s:3:\u0026#34;pub\u0026#34;;s:3:\u0026#34;pub\u0026#34;;} This shows how the contructor is being executed, how the __sleep() callback is called and the content of the serialized file with the stringified DemoClass instance referencing the class name. If we load this without DemoClass being defined, we get\n$ ./probe.php unser1 __PHP_Incomplete_Class Object ( [__PHP_Incomplete_Class_Name] =\u0026gt; DemoClass [priv:DemoClass:private] =\u0026gt; priv [prot:protected] =\u0026gt; prot [pub] =\u0026gt; pub ) We can load DemoClass using an autoloader we define. Then we get\n$ ./probe.php unser2 We want DemoClass defined. Just unserialized. DemoClass Object ( [priv:DemoClass:private] =\u0026gt; priv [prot:protected] =\u0026gt; prot [pub] =\u0026gt; pub ) You can see the Autoloader being called, the __wakeup() function running (it didn\u0026rsquo;t in the example before!) and then the properly re-instantiated object.\nNote that our new version of DemoClass, as defined by the autoloader, does define different default values for the instance variables so we can show that the values from the file are being loaded.\n","date":"2017-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/11/php-understanding-unserialize.html","tags":["security","erklaerbaer","php"],"title":"PHP: Understanding unserialize()"},{"categories":null,"content":"So you are running systems in production and you want to collect data from your systems. You need to build a monitoring system. That won\u0026rsquo;t work and it won\u0026rsquo;t scale. So please stop for a moment, and think. What kind of monitoring do you want do build? I know at least three different types of monitoring system, and they have very different objectives, and consequently designs.\nThree types of Monitoring Systems The first and most important system you want to have is checking for incidents. This Type 1 monitoring is basically a transactional monitoring system:\nYou want to monitor a production system and you need to know if things are okay-ish. If not you want to get a notification about that. The notification should be actionable, be acted on, acknowledged and then you are done. It can be deleted, and it is important that it is deleted from this system.\nYou want this system to be highly available. Highly available systems are a lot easier to build if they are small, don\u0026rsquo;t have many requirements and don\u0026rsquo;t come with scaling overhead.Ideally, this thing is so small and self-contained that it can fit on a USB stick. In an incident, you can plug it into any machine and turn that into a monitoring host, gaining the necessary visibility that enables you to rebuild the entire data center from a complete outage. You want this system to be fast, the monitoring data to be fresh. Since this is the system that informs you that you are on fire right now, the time span between a thing actually happening and the point in time you know about this thing happening by the way of the monitoring system must be as small as possible.That is, you want the monitoring lag to be small, and to be visible so that people are aware of the fact that the view into a past state of the system. You want the system size to be stable. That is, for a fixed size of installations and a fixed set of metrics, as time goes by, the system size on disk or in memory should not grow out of bounds.Systems that grow over time without an upper limit have a data collection and retention inside. They are Type 1 systems with a Type 2 system on the inside. If you just wait, they will die from bloat. In database terms, you can think of the Type 1 monitoring as an OLTP or transactional system: As an incident is detected, an alert is created, a human is acting on the alert and eventually closing it, removing the cause. As the alert is over, the transaction is done and can be purged from this system.\nBecause it\u0026rsquo;s purged, the system size is finite and it does not grow out of bounds due to log-keeping. There may be an ETL process that extracts finished alerts, transforms them into another representation and loads them into another system for record-keeping. Examples for Type 1 monitoring systems are Nagios and other host checkers, most of which are broken from a modern point of view, and Prometheus as a much more modern and less broken implementation.\nA Type 2 system is one that keeps records for a long time, it\u0026rsquo;s data warehousey. These systems are not actually alerting, they are used to be able to validate service level objectives (\u0026ldquo;Have we kept the promises we made\u0026rdquo;), to identify recurring problems (\u0026ldquo;What\u0026rsquo;s the most common kind of problem we encounter across the entire fleet?\u0026rdquo;), and to do capacity planning (\u0026ldquo;Given past growth, when will we be running out of steam? What\u0026rsquo;s the amount of runway we have left?\u0026rdquo;).\nA data warehousey system can typically be down for two or three days. Somebody will grumble, but a loss of availability is usually not immediately catastrophic. Also, these systems can become tremendously large, and are usually distributed. Examples of such systems are large long term storage Graphite or Influx storages, Druid.io and other massive TSDB storages.\nAnd finally, the Type 3 is the thing that you actually use to understand what is on fire in which way precisely when you get an alert from a Type 1 system. It\u0026rsquo;s a debug system , not a time series collector in the first place. Often it\u0026rsquo;s not a system at all, but your ass in an ssh over there running strace, but sysdig is a much more sophisticated way of doing that in a modern environment. It is important to understand the differences between the alerting OLTP system, the trend collecting data warehouse system and the debug system:\nThe first two systems have incompatible, antagonistic requirements. What you build can be either small, highly available, stable in size, and cheap to setup - or it can be scaleable, humongous but then it\u0026rsquo;s likely not cheap to setup and certainly not small. The first two systems should be collecting time stamped series of numerical metrics, and we still need to talk about these, while the third system, the debug system collects structured data that is not necessarily numerical. That means your organisation and you will for sure have more than one monitoring system. Ideally, in a modern and containerised environment, you will have Prometheus for Type 1 monitoring. In fact, each team will have their own Prometheus for their own services, and you will have Prometheus Federation to build a data flow that collects data from individual per-team sub-monitors to a centralised alerting dashboard. You will need a different system for long term data storage, it\u0026rsquo;s something else as a Type 2 system. You may want to pump data from the Type 1 to the Type 2 system for all things that you want to keep long term records of. But you need to be as comfortable with any of the Type 1 systems losing historical data at any time as you need to be comfortable with the Type 2 system to be offline for some amount of time.\nData, Intervals and Percentiles It is important to understand what\u0026rsquo;s a good metric to collect. A good metric describes something actionable that says something about the system under monitoring. If you think that through, what you want to monitor is the user experience, so in the end what you will be collecting is in many cases a latency, the time it takes for a system to respond, or a capacity (\u0026lsquo;does have enough compute/storage to serve\u0026rsquo;).\nBecause a system that is too slow to respond may technically not be offline, but it is as useless as a system that is offline, or worse. So what you define is usually a list of maximum response times to certain queries and percentages of times in a certain period in which these limits have to be met. And a list of capacity limits that the system must meet.\nIn both cases what you get as a metric is a series of time stamped numeric measurements. And since you want to check \u0026lsquo;How many measurements in a time bucket have been meeting my limits?\u0026rsquo; (\u0026lsquo;How many requests in relation to the total number of requests in the last minute have taken longer than 250ms to process?\u0026rsquo;) you need to deal with percentiles.\nYeah, like this .\nSo, Spikes. How loaded is your network? Well, every network link at any single point in time is either completely busy (because a bit is being transmitted) or completely idle (because no transmission happens). It\u0026rsquo;s digital, there is no 43% busy link, ever, in any place on this planet.\nThat\u0026rsquo;s useless.\nSo over the last second, how many bit-slots have been idle and how many bit-slots have been busy? Well, it\u0026rsquo;s a 10 Gbit/s link, and we have been sending one and a quarter Megabyte in the last second, so that was one Gigabit. That link was 10% busy in the last second. It was also 1% busy in the last ten seconds, because it has been idle the 9 seconds before the last one, and it was 100% busy in the last tenth of a second and idle in the nine Tenths of a second before that.\nThat was a Spike.\nIf we were collecting samples, or network interface byte counters, every second, we would see a 10% busy link. If we were collecting our counters only once per 10 seconds it would be 1% busy.\nIf we plotted that, the two situations would be looking like two completely different scenarios - one would be a clearly visible spike, the other would be an invisible bump. So bucket sizes and percentiles matter, quite a bit.\nUnfortunately, most data sources don\u0026rsquo;t provide us with that. Imagine a router from which you want to collect link utilisation statistics by the way of reading network counters, and turning them into bytes/s readings.\nThings like Graphite have a function for that , and there are rules on how to use that function correctly . Other things, like Diamond, fuck your data up .\nCollect counters, turn them into rates when you need them. Then, how often are you going to read your counters? If you do it too rarely, you get widely spaced metrics and you won\u0026rsquo;t be able to see spikes as spikes. They get spread out across the sampling interval, and consequently are flattened. If you do it too often, you spam the network and the device, ultimately with the metric collection becoming a measurable load in itself.\nWell, a device could provide readings in a batch. So instead of reading a byte/s counter once a second, you could get the measurements for the last 60 one-second intervals every minute - the preferable solution. Or the device could pre-aggregate (and that would be rates, not counters) - it could tell you how many of the one-second buckets of the last minute were in the 0-50% busy bucket, the 50-90% bucket, the 90-99% bucket, the 99-99.9% bucket and so on (complicated, and also not as good as getting counters in a batch).\nSo far I know of no devices that actually are capable of doing this properly, so many people turn up the sampling rate to insane when they are hunting spikes. Not a good situation.\n","date":"2017-08-09T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/09/monitoring-the-data-you-have-and-the-data-you-want.html","tags":["erklaerbaer","monitoring","data center","lang_en"],"title":"Monitoring - the data you have and the data you want"},{"categories":null,"content":"There is an interesting article by Brendan Gregg out there, about the actual data that goes into the Load Average metrics of Linux. The article has a few funnily contrasting lines. Brendan Gregg states\nLoad averages are an industry-critical metric – my company spends millions auto-scaling cloud instances based on them and other metrics […]\nbut in the article we find Matthias Urlichs saying\nThe point of \u0026ldquo;load average\u0026rdquo; is to arrive at a number relating how busy the system is from a human point of view.\nand the article closes with Gregg quoting a comment by Peter Zijlstra in the kernel source:\nThis file contains the magic bits required to compute the global loadavg figure. Its a silly number but people think its important. We go through great pains to make it work on big machines and tickless kernels.\nLet\u0026rsquo;s go back to the start. What\u0026rsquo;s the problem to solve here?\nBrendan Gregg wants his company to scale his virtual machines to demand, because they are paying per use and so they have an incentive to use enough capacity to hold the service level objectives, but not more.\nThe default mechanism to achieve this is a reactive autoscaler using loadav from inside virtual machines as a scale signal.\nWe need to unpack that. So there is a mechanism that will scale his deployment by launching more instances of a thing if a condition is true. By default, the condition is loadav, but Gregg suggests other, less broken metrics in his article: Different CPU and Scheduler metrics, disk metrics, or other system metrics.\nIn a conversation with Tobias Klausmann, he suggested application level latencies as a signal. I agree in that these are the best indicator to signal the existence of a problem. In Load, Load Testing and Benchmarking , there is the hockey stick:\nRequests/s vs. Response/s (Capacity) and Requests/s vs. Response time (Latency). As we raise offered load, the system approaches the 100% line (the vertical saturation line), and a backlog builds.\nThe lower graph shows a system under increasing load. Response times will be almost level while the system is not saturated. If the system reaches saturation, it is about to receive more requests than it can handle, and wait time adds to the think time, so response times go up. Sharply.\nUnfortunately, this is a good indicator which is always late. Latency based autoscaling will react to a system that is saturated when it is saturated, never before. For a system 10% before saturation and a system 5% before saturation, the latencies will be almost the same, so that among the jitter and noise there will be no useful signal to initiate scale-up. Only when we have saturation the latencies go up to trigger a proper signal, but at that point the user experience is already going down the drain. And that is kind of the real problem here.\nThe default mechanism to achieve this is a reactive autoscaler using loadav from inside virtual machines as a scale signal.\nThe scaling mechanism is reactive. It has to be, because any predictive autoscaling is not generic. It can\u0026rsquo;t be built into the platform. A predictive autoscaler knows something about the application, or maybe even the business. For example, you might know from benchmarking that your application requires an instance of the type Z for every m requests/s going into the system. So you could monitor the request rate and just before you reach that limit you are ordering the next instance.\nImage from The virtues of boring technology , Slide #12\nOr you already know the pattern of your business over a year and over a day and actually will know what the request rate is likely going to be tomorrow at 9am on August 9, 2017. In that case you can schedule the appropriate amount of instances in time before the load hits your systems and still have time to warm up all caches.\nIn some environments, supply management is kind of critical: For example, when you sell hotel rooms, you need to know which trade shows are having what kind of impact on the availability of beds around the event site and make sure that you have sufficient supply before the demand materialises. It\u0026rsquo;s a thing you have to do anyway, for the business.\nBut if you are already building demand models for business reasons, you can also use this data to build demand models for hardware utilisation and use it to move from reactive autoscaling to predictive autoscaling.\nSo here are some alternatives to autoscaling with loadav:\nBuild predictive models using business data. It will make the business and your management of it better, and it will make life easier in the machine room, so it pays for itself over and over. Use benchmarking in production to get an idea of the shape of the hockey stick in your environment. Latencies \u0026gt;\u0026gt; every other metric, Real world metrics \u0026gt;\u0026gt; any guess you can have. Latency goes up when a thing is saturated. That\u0026rsquo;s the thing your performance is bound by. You can\u0026rsquo;t survive anything ever, unless you know precisely what that things is and until it is being monitored properly. Get a clue about the request pipeline and identify (latency) metrics that are early warning indicators, if you have any. Then use them for reactive autoscaling. Also, fix your predictive model if you ever scale reactively. TL;DR: Reactive autoscaling sucks. Get out of it. Model your shit.\n","date":"2017-08-09T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/09/scaling-automatically-and-manually.html","tags":["erklaerbaer","performance","container"],"title":"Scaling, automatically and manually"},{"categories":null,"content":" Evaluating the Changing Causes of Photovoltaics Cost Reduction Why is PV Solar Energy getting cheaper and cheaper?\nWe find that increased module efficiency was the leading low-level cause of cost reduction in 1980-2001, contributing almost 30% of the cost decline. The most important high-level mechanism was R\u0026amp;D in these earlier stages of the technology. After 2001, scale economies became a more significant cause of cost reduction, approaching R\u0026amp;D in importance. Policies that stimulate market growth have played a key role in enabling the cost reduction in PV, through privately-funded R\u0026amp;D and economies of scale, and to a lesser extent learning-by-doing\n","date":"2017-08-08T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/08/evaluating-the-changing-causes-of-photovoltaics-cost-reduction.html","tags":["mobility","science","lang_en"],"title":"Evaluating the Changing Causes of Photovoltaics Cost Reduction"},{"categories":null,"content":" Our World in Data has a very nice long read with many interactive visualisations giving context to CO2.\nWe begin with exploring CO2 cumulative (how much CO2 did each nation produce over its industrial history), scaling it to annual emission and then scaling it by population, too. We also learn about CO2 produced vs. CO2 in the atmosphere, which is a delayed system.\nThe second part then deals with CO2 and industrialisation: Emission vs. Properity, vs. Growth, and also with CO2 from trade and transport, and from meat production. As always with Our World in Data, the article concludes with Definitions, Methods and pointers to raw data sources.\n","date":"2017-08-08T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/08/the-story-of-co2-and-other-greenhouse-gas-emissions.html","tags":["science","lang_en"],"title":"The Story of CO2 (and other Greenhouse Gas Emissions)"},{"categories":null,"content":"So some people, companies even, have guidelines that describe how to write shell scripts , or even unit tests for shell scripts , as if \u0026ldquo;UNIX Shell\u0026rdquo; was a programming language.\nThat\u0026rsquo;s wrong.\n\u0026ldquo;Modern Shells\u0026rdquo; are based on a language that has been written without a formal language specification. The source looked like this , because somebody didn\u0026rsquo;t like C and wanted Algol, abusing the preprocessor . The original functionality and language rules had to be reverse engineered from that source, and original shell has a lot of weird rules and quirks :\nYou can use the caret, \u0026lsquo;^\u0026rsquo;, as replacement for the pipe symbol, \u0026lsquo;|\u0026rsquo;.\nCheck out the section\nConsider a variable which has been picked up by the shell from the environment at startup. Modifying this variable creates a local copy.\nin that document, especially the part where they explain this:\nIf you call a script directly from a bourne shell (\u0026quot;./script\u0026quot; without shebang), then the shell only forks off a subshell and reads in the script.\nThe split between original and local copy of the variable is still present in the subshell. But if the script is a real executable with #! magic, or if another sh is called, then fork and exec is used and only the original unmodified variable will be visible.\nAnd it gets better if you go down the entirety of that particular document. If you think Unix Shell is a survivable programming environment, good luck, and please take your code with you while you leave.\n","date":"2017-08-07T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/07/so-you-want-to-write-a-shell-script.html","tags":["computer","erklaerbaer","lang_en"],"title":"So you want to write a Shell script"},{"categories":null,"content":"So why is everything so complicated? At work, I mean.\nThink of a small company. A single person, a founder, is building her business. She knows her way around, it\u0026rsquo;s all in her head: The plan, the things that are important and why, and how they are to be executed. Also, tradeoffs to be corrected later, potential opportunities for later and a lot of other meta: Stuff that does not get executed right now, but that informs decisions, priorities and preferences.\nThings work with some precision, though, like a well programmed wetware CPU.\nThe moment that stuff becomes too large for a single person to handle, more people are involved and things need to be verbalized, written down, given form. At that point, things change quite a bit:\nThe task at hand is to program a second CPU, wetware, with a part of the program that the first person has been executing. That\u0026rsquo;s necessary so she can delegate, and the entire operation can scale.\nUnfortunately, as with all remote procedure call mechanisms, complicated unfolded in-memory structures have to serialized before the can be marshalled off to a second node and are being re-instantiated over there. In this particular case, the language to describe the code to be executed is informally specified, too, and the remote CPU also does not match the specs of the first CPU, that is, English is really bad for programming computers or people, and also each person is different.\nTo make matters worse there is no proper debugger, the same broken language has to be used to printf-debug the remote (\u0026ldquo;Do you understand what I mean?\u0026rdquo; \u0026ldquo;Do you understand why it is important that we do things this way?\u0026rdquo;) and there may be other, older code in the remote that interferes with the execution of our code. People have history and they have ideas.\nIf you think of a company as a large distributed engine to execute code that has been extracted painfully and incompletely from the wetware engine of a founder, and which has been mangled due to improper serialization in a language with limited expressiveness, you have a good idea of the corporate environment.\nYou can\u0026rsquo;t see what happens in the individual nodes, you can only observe the communication between them, and the parts of the program that made it into writing, or at least the Wiki. You can think of processes as written down instructions for the engine:\nAny process (\u0026ldquo;buy more paperclips\u0026rdquo;) describes who needs to talk to whom, about what and why, in order to make things happen (\u0026ldquo;You need to create a purchase order, which needs to be signed by X for values over n EUR in order to limit our liability. The signed order is then sent to Z, who will actually spend money to buy stuff. You get stuff, and sign here to document that.\u0026rdquo;) Writing instructions and process down is important, and a great improvement actually, because writing these instructions down forces all involves parties (including the founders) to come clear about all the details and the meta about the details - things that might have been existing only vaguely in some mind, previously, now have to get a precise shape.\nAlso, they become tangible, and by the way of tangibility, they are open to challenge, discussion and modification - which is why some founders are actually resisting to give tangible form to certain things. Giving tangible shape to instructions and the meta - why instructions, why these instructions, why these instructions in this order with these emphasis - is a complicated, painful and slow process, precisely because the originator of an idea - the founder or some other person with an idea - has to give up the idea and let it out into the world, where it will be subjected to change by others.\nLoss of control is always violent and painful, and as with any new thing given a permanent form, there is always negotiation about the details. Giving birth to anything: It\u0026rsquo;s exhausting. It\u0026rsquo;s not a one step process. A founder has an idea and a plan, but in many parts it is still early, untested and vague.\nThey put things into words, and the words are being tried out - can we work by these instructions, or are there things unclear? Can the instructions work, or does the plan need change? Can it be improved? Can it be applied to other, similar things? Iterations happen. Do we go deep or wide - do we specialize and improve this application of a plan, or do we try to apply the plan as is to as many things as possible first?\nAgain, negotiation, and consequently, exhaustion.\nSo why is everything so complicated? Because companies are broken. All of them.\nTheir engine, their program, their processes, are magnifications of the mind of the founder or other influential people at the top. The entire corporate mechanism is built to do exactly this.\nAnd with this mechanism not only the original idea is being magnified and copied to many minds, but other aspects of the original mind are, too. And because the source was a person, with flaws, they too, are being magnified and multiplied.\nDo you like it around here? Well, that\u0026rsquo;s because like all corporate environments, this one is broken, too. It just so happens that the breakage around here is more compatible with your own flaws than elsewhere.\nYes, your work environment sucks. They all do.\nFind the one that sucks in a way that suits your needs.\n","date":"2017-08-07T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/07/the-company-as-a-social-engine.html","tags":["work","lang_en","remote first"],"title":"The company as a social engine"},{"categories":null,"content":" The Blockchain is the solution to everything, and especially the problem of the state. So or similar goes the hype. This book attacks that hype, and it\u0026rsquo;s fun to read.\nIt very briefly (one chapter of many) and rather easily understandable explains what Merkle trees and eternal logfiles are, how they are different from the blockchain, what \u0026lsquo;proof of work\u0026rsquo; actually means.\nIt then goes on and actually takes apart the libertarian politics bullshit on top of that, by going through all the history of people and \u0026ldquo;businesses\u0026rdquo; connected to Bitcoin, Ethereum and the likes. It is full of stories how they failed, were busted, or simply neglected basic necessities.\nThe book nicely separates out the useful tech part from the political propaganda, and deflates the entire hype around it (Hint: Most people want Merkle trees and a trusted institution, but think they need a Blockchain - they will end up with a blockchain, a centralized institution and a large energy bill).\nVery much recommended, and also a nice present to give to the geek next to you who is exposed to libertarian propaganda bullshit and needs immunization.\n\u0026ldquo;Attack of the 50 foot BLOCKCHAIN \u0026rdquo;, David Gerard, EUR 5.67\n","date":"2017-08-01T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/01/fertig-gelesen-attack-of-the-50-foot-blockchain.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: Attack of the 50 foot Blockchain"},{"categories":null,"content":"Matthew Dutton: »@mipsytipsy I thought \u0026ldquo;You have to test in production\u0026rdquo; was a bold statement and would love to hear more of your thoughts on the topic.«\nCharity Majors: »Hmmm, you\u0026rsquo;re not the only one to call this out. I\u0026rsquo;ll add it to my list of \u0026ldquo;articles to write someday\u0026rdquo; ? but here\u0026rsquo;s the gist: We have always tested in production, just not well. And obviously, I\u0026rsquo;m not advising anyone to do less of the usual pre-production testing methods, but at some point, esp with distributed systems, you just can\u0026rsquo;t usefully mimic the qualities of size and chaos that tease out the long thin tail of bugs. Imagine trying to spin up a staging copy of Facebook, or the national electrical grid! You can\u0026rsquo;t, and have sharply diminished returns. If you can catch 80-90% of the bugs with 10-20% the effort (and you can), the rest is more usefully poured into making production resilient.\n[How do you do testing in production?] Canarying; automated canarying and promotion in stages; empowering your developers to explore live production systems with e.g. @honeycombio (hi), making rollbacks wicked fast and reliable; instrumentation; education and training, feature flags a la @launchdarkly. all great use of time. Basically what I\u0026rsquo;m trying to say is, embrace failure. Get used to the inevitability and lean into it, iff you have a system like this. If you\u0026rsquo;ve got a rails app and five engineers then ignore everything I\u0026rsquo;m saying until the moment is right :)\nDevdas Bhagat: »Just tagging potental speakers who know a bit about that topic.«\nKristian Köhntopp: Decouple rollout and activation (feature flags, experiment framework) Low latency monitoring Monitor the shit out of everything Implement schema changes with old and new version being live simultaneously For each change, know your providers, know your consumers Strategy: Make testing in production as safe as you can possibly make it. That has manifold returns: It makes developers production aware; builds knowledge in handling real catastrophes in regular operational situations; builds confidence and competence; you get actual measurements, which is good calibration. In general, you build antifragility.\nTesting in Production also allows testing of features for commercial viability fast, before you invest lots of development resources to build them out. So it enables you to throw away 95% of the code before it is written. That\u0026rsquo;s actually the most valuable part of it.\nContent slightly edited to make it easier to read.\n","date":"2017-08-01T00:00:00Z","href":"https://blog.koehntopp.info/2017/08/01/twitter-so-testing-in-production.html","tags":["computer","work","lang_en"],"title":"Twitter so: Testing in Production"},{"categories":null,"content":" In How to Kill a City Peter Moskowitz takes severals US example cities to show the general process of Gentriciation and the individual differences. We get to know the development stories of New Orleans, Detroit, San Francisco and New York, in order to better understand the mechanism and root causes of Gentrification, which is not about Hipsters and Latte at all, but about rent seeking, backroom dealing to change the law, and - specifically in the US - also about the history and perpetuation of racism.\nMoskowitz, living in and loving New York, is deeply partisan, as he has been witnessing the slow destruction and transformation of the neighborhood of his youth, but he has his facts straight and reasons solidly. If you want to understand what \u0026ldquo;Gentrification\u0026rdquo; means and how it is sown before it starts and grows to eat a Neighborhood, this book is a good starting place.\n\u0026ldquo;How to Kill a City \u0026rdquo;, Peter Moskowitz, EUR 10.99\n","date":"2017-07-31T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/31/fertig-gelesen-how-to-kill-a-city-gentrification-inequality-and-the-fight-for-the-neighborhood.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: How to Kill a City, Gentrification, Inequality and the Fight for the Neighborhood"},{"categories":null,"content":" Kill Process is set in the same universe as \u0026ldquo;Avogadro Corp:, but is a freestanding story and not part of the Avogadro Series.\nWe meet Angelina Benenati. She\u0026rsquo;s a self taught hacker and database architect for Tomo, which is as much not Facebook as Avogadro Corporation is not Google and Braeburn is not Apple in Hertlings stories. She has a shady past, in which she hacked systems under the name of \u0026ldquo;Angel of Mercy\u0026rdquo;. She came out of an abusive relationship by the way of stealthily murdering her husband by the way of hacking the car\u0026rsquo;s computer, and she lost an arm in the resulting accident.\nAngelina suffers from PTSD because of that, and she\u0026rsquo;s also on a crusade to use her unlimited database access at Tomo to identify women in abusive relationships and dextering their husbands through hacking to free them. Until she realizes that Tomo itself somehow has a quite abuse relationship with its users, and she sets out to change that.\nShe does this by inventing something that is completely not Octodon, and putting it into a startup. Which kind of forces her to stop her dextering, to confront her issues and start healing, and to actually create instead of destroying. Until somebody sets out to stalk her and tries to kill her.\nWell written thriller with believable tech, solid Opsec advice, and generally a book so much better discussing \u0026ldquo;social networks\u0026rdquo; than \u0026ldquo;Eggers\u0026rsquo; The Circle\u0026rdquo; that it\u0026rsquo;s off scale. Strongly recommended.\n\u0026ldquo;Kill Process \u0026rdquo;, William Herling, EUR 4.99\n","date":"2017-07-30T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/30/fertig-gelesen-kill-process.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: Kill Process"},{"categories":null,"content":" The story begins as a Fantasy novel in a magical universe: We have two warring factions of magicians, a dragon attack, Gnomes and other entities from the fables and fairy tales.\nWe also have Rowan, the Steerswoman. She is more than a navigator and map maker, she\u0026rsquo;s part of a group of people that believes in science, in documentation and in open sources - the steerswomen. When a Steerswoman asks, you must answer, and truthfully. If you ask any Steerswoman, she\u0026rsquo;ll also answer to the best of her knowledge and truthfully. As a group, they are gathering information about the world they live in.\nAnd as it becomes apparent to the reader quite quickly, that world is an alien planet with a hostile and incompatible biology, that is slowly transformed into a world that is more amenable to humans and life from Earth. All of this is unknown to Rowan and her people, because the knowledge about their origin and much science has been lost and they fell back to an almost medieval level of living. So this entire series is about Open Sources, about the Scientific Method and progress in a world of Magic and Fantasy, about Clarke\u0026rsquo;s law. It is also about a Xenobiology and The Alien and about many more things.\nAbove all, it\u0026rsquo;s about the characters, which are living and alive in a way that is not unlike the inhabitants of Pern . And not unlike Pern, but in a much more nuanced and interesting way, this is about ecology, human and xeno, too. Well written and fascinating - don\u0026rsquo;t start this series without having the time to read, because you will want to go through all available books in the shortest possible time.\nThe Steerswoman Series is incomplete, four books are out, and two are still being written. Book 6 is almost complete and the title is known (The City in the Crags ) and Book 5 is in the making and will be published \u0026ldquo;when it is ready\u0026rdquo;.\nThe Steerswoman , first book in the eponymous series, starts out with Rowan taking a kind of break in her mapmaking tasks to investigate the origin of some strange black stones or shards with strange bluish, patterned lines on them.\nThe book establishes the world Rowan lives in, and a small bit of history: One of the strangely stationary moons of the world, the Guidestars, has fallen and is now gone. We learn about the inhabitants of the world, humans and wizards, but there are also Gnomes, Dragons and Demons. We learn about the lay of the land, the Inner Lands, where Rowan lives, and the Outskirts, which are full of many strange creatures (such as the Demons) and which are a hostile environment in which humans can barely persist.\nThe Outskirter\u0026rsquo;s Secret explores this in more depth, as Rowan wants to find the fallen Guidestar and the origin of the strange stones. She\u0026rsquo;s also in for a tour of the native biology of the strange planet humanity lives on, and is slowly gaining an understanding of how The Outskirts work and slowly turning the planet into a world that can sustain Earth life. She\u0026rsquo;s also learning how different the lives and the culture of the Outskirters are from the ways of the Inner Lands, and how their world is shaped by necessity and the harshness of the land. In the end, Rowan and us both gain a good idea on what has happened four decades ago when the Guidestar fell.\nThe Lost Steersman takes Rowan back to the Inner Lands, at least originally, and then to the sea, as Rowan searches for the mysterious wizard Slado, who seemed to be responsible for the fall of the Guidestar. We also meet Janus, an Ex-Steersman, who seems to be connected and who also seems to be involved in the Demon attacks on the city of Alemeth, where he lives. When the Demons come to get him, Rowan follows him out to the sea, behind the border of the Outskirts and the Dolphin Stairs into the native lands of the Demons.\nKirstein does an excellent job of painting The Alien as that, alien. Intelligent, but strange and so far removed that communication is almost impossible, but for one brief Darmok and Jalad at Tanagra moment. Also, map-making Rowan finally understands the true size of the world she is living in and how tiny and fragile the human settlement on it actually is.\nThe Language of Power takes Rowan back to the Inner Lands after she understood that the Demon plague has not been orchestrated by Slado and that her enemy is to be found within the human part of her homeworld. In the city of Donner, she\u0026rsquo;s planning on learning more about the wizards and their ways, and she has brilliant help. Because her grenade throwing proto magician whizkid from the start of the series has grown up, and he\u0026rsquo;s been learning programming languages.\n\u0026ldquo;The Steerswoman \u0026rdquo;, Rosemary Kirstein, EUR 2.99\n\u0026ldquo;The Outskirter\u0026rsquo;s Secret \u0026rdquo;, EUR 2.99\n\u0026ldquo;The Lost Steersman \u0026rdquo;, EUR 3.50\n\u0026ldquo;The Language of Power \u0026rdquo;, EUR 3.58\n","date":"2017-07-29T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/29/fertig-gelesen-the-steerswoman-series.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: The Steerswoman Series"},{"categories":null,"content":" Bob is making what he was built for: more Bobs. Bob is in fact a dead computer programmer back from the destroyed and near inhabitable Planet Earth, who has been turned into an upload inhabiting a Von Neumann probe. His mission is to explore strange new worlds, going where nothing has gone before and make more of himself.\nYou can read more of his Genesis in We Are Legion Part 1 of the Bobiverse series .\nThis second book in the series plays 40 years later, not that it matters much in the grand order of things. Bob still has to deal with the problems that were becoming visible in the first book: there are still Brasilian space probes out there to get him, he still has to understand and manage the ecology of the alien world, where he plays Sky God to a bunch of stone age level aliens, and he still has to learn more about the mysterious planet eating aliens he encountered at the end of Book 1.\nSo this is a story told from the point of view of a computer with the body of a space ship, yet it is strangely human in a very compelling way: The nation of Bobs is developing in an interesting diverse way, the interaction of Bob with the remainder of The Faith is elegant politics and very human revenge, there is an actual love story which obviously can end only on a sad note, and a bunch of other very touching moments.\nThere are some obvious plot holes or discrepancies, where the author grossly underestimates the size and amount of resources in an entire star system - and on the other end a Dyson sphere.\nBut the book is well written and a fun read. Part 3 will come out in a week.\n\u0026ldquo;For We Are Many \u0026rdquo;, Dennis E. Taylor, EUR 4.63 (free with Kindle unlimited)\n","date":"2017-07-28T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/28/fertig-gelesen-for-we-are-many.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: For We Are Many"},{"categories":null,"content":" Illegal and undocumented instructions are not a new thing. The Commodore 64 CPU, a 6502 with a few additional I/O lines, was known to have them. Since on current CPUs we can completely VLSI simulate a 6502 in Javascript we also understand where they come from.\nPagetable.com has a wonderful article on this . So how about current CPUs? Modern CPUs are vastly bigger and more complicated than a 6502, and they are also set up very differently. So simulation is not taking us anywhere, but we can fuzz. Sandsifter is such a CPU fuzzer: it generates every conceivable instruction byte combination and then tries to observe what happens.\nSandsifter has uncovered secret processor instructions from every major vendor; ubiquitous software bugs in disassemblers, assemblers, and emulators; flaws in enterprise hypervisors; and both benign and security-critical hardware bugs in x86 chips.\nThe findings have been summarized in a whitepaper (PDF ), which also describes how to effectively search the instruction space of a CPU that has variable length instructions from 1 to 15 bytes in length.\nA crafty way of using page faults to determine the length of privileged instructions while running unprivileged is shown. The strategy implemented reduces the search space from some 10E36 instructions down to about 100 million, which is a manageable size on modern CPUs. Known instructions (things that some reference disassembler knows and correctly predicts) are eliminated, the rest is interesting and deserves attention.\n","date":"2017-07-28T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/28/illegal-and-undocumented-instructions.html","tags":["computer","security","lang_en"],"title":"Illegal and undocumented instructions"},{"categories":null,"content":" War Factory is the second of three Books in Neal Ashers Transformation Sequence , a trilogy set in his Polity Universe The storyline continues with the characters and themes of the first book - it\u0026rsquo;s about atonement and redemption. And as we learn, not just about the redemption of the mad AI Penny Royal, but also about the aftermath of the Human-Prador war and the redemption of the various persons (Human, Haiman, Prador and AI) that have been damaged by the war. We see in fact a lot more of the prador, and how the war affected them personally, and as a society.\nThe pacing is still slow in places, and not a lot of plot is happening, but there is a lot of background and development. Considering that this is the bridge book in a trilogy, it\u0026rsquo;s actually pretty good and satisfying.\n\u0026ldquo;War Factory \u0026rdquo;, Neal Asher, EUR 5.99\n","date":"2017-07-27T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/27/fertig-gelesen-war-factory.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: War Factory"},{"categories":null,"content":"Dear Internet, Today I Learned that oath-toolkit exists in Homebrew. So, this is a thing:\n$ brew install oath-toolkit $ alias totp=\u0026#39;oathtool --totp -b YOURSECRET32BLA | pbcopy\u0026#39; And so is this:\n#! /usr/bin/env expect -f # exp_internal 1 set seed [ exec security find-generic-password -w -a $USER -s seed ] set totp [ exec oathtool --totp -b $seed ] set pass [ exec security find-generic-password -w -a $USER -s pass ] spawn ssh verysecure.doma.in expect \u0026#34;word:\u0026#34; sleep 1 send \u0026#34;$pass\\r\\n\u0026#34; expect \u0026#34;Two Factor Token:\u0026#34; sleep 1 send \u0026#34;$totp\\r\\n\u0026#34; interact Yup, it\u0026rsquo;s totally possible to laugh and cry at the same time.\n","date":"2017-07-27T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/27/zero-factor-authentication.html","tags":["security","erklaerbaer","lang_en"],"title":"Zero Factor Authentication"},{"categories":null,"content":"Two weeks ago, I wrote about The Data Center in the Age of Abundance and claimed that IOPS are - among other things - a solved problem.\nWhat does a solved problem look like?\nHere is a benchmark running 100k random writes of 4K per second, with zero Jitter, at 350µs end-to-end write latency across six switches. Databases really like reliably timed writes like these. Maximum queue depth would be 48, the system is not touching that.\nand here is iostat on the iSCSI client running the test\n100k random writes, 4k write size, inside a 2 TB linux file of random data, on a 15 TB filesystem with XFS, on an LVM2 volume provided by iSCSI over a single 10 GBit/s interface, with six switch hops between the linux client and the array.\nThe array claims 150µs latency, on the linux we measure around 350µs. Out of that, there are less than 50µs from the switches and 150µs or more from the Linux storage stack (and that is increasingly becoming an issue).\nTested product was a Purestore Flasharray-X , client was Dell PowerEdge R630, 2x E5-2620v4, 128G, 10GBit/s networking.\nThanks, Peter Buschman!\n","date":"2017-07-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/26/an-abundance-of-iops-and-zero-jitter.html","tags":["filesystems","data center","container","performance","lang_en"],"title":"An abundance of IOPS and Zero Jitter"},{"categories":null,"content":"The German Language podcast Lage der Nation has published an interview with Axel Friedrich on Dieselgate. Axel Friedrich has been a department lead in the German Umweltbundesamt until 2008, now working with BUND and other environmental NGOs in Germany and instrumental in uncovering Dieselgate on the German side.\nThe interview contains some very interesting remarks on rental car companies and car maker owned car leasing companies, and how the shape the car market. A deprecation of Diesel cars by those leasing companies is instrumental to transforming the car maret and in promoting the shift to BEVs.\nSimilar, but different concerns from Bloomberg in Europe’s Car-Leasing Boom Sets Off Alarm Bells .\nBuyers of notes backed by auto debt are increasingly vulnerable to drops in used-vehicle prices because more and more drivers in Europe are leasing cars and trading them in for new ones.\n[…]\n“If there’s a steeper decline in car values, then borrowers will be incentivized to return their vehicles and it will be bondholders who bear any losses,” said Aaron Baker, a London-based credit analyst at Banco Bilbao Vizcaya Argentaria SA. “This exposure to used-car prices could be catastrophic.”\nBasically, cars are valuable things and are being used to secure loans and bonds, and are also bought on loans and bonds where the intrinsic value of the vehicle is being used to secure the load for buying it. Changes in the price of used cars by shifts in how cars are bought (In the future, less people want to own a car) and which cars have value (In the future, Diesel will be close to worthless and people want to buy BEVs) are threats to credit security and to the financial business around car purchase in itself.\nThe change to BEVs and to self-driving cars will be much more disruptive than anticipated.\n","date":"2017-07-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/26/financial-dynamics-of-a-shift-to-bev-transport.html","tags":["mobility","lang_en"],"title":"Financial dynamics of a shift to BEV transport"},{"categories":null,"content":"Digging through my bookmarks and open tabs was interesting. The picture of the future that emerges: With costs for energy approaching the 1 cent range per kWh, electrical energy is going to be close to free. Money can and will be charged for guarantees, because batteries or other forms of storage still cost money.\nGuardian: \u0026lsquo;Spectacular\u0026rsquo; drop in renewable energy costs leads to record global boost »The new renewable energy capacity installed worldwide in 2016 was 161GW, a 10% rise on 2015 […] The new record capacity cost $242bn, a 23% reduction in investment compared to 2015, and renewables investment remained larger than for all fossil fuels. Subsidies for green energy, however, are still much lower than those for coal, oil and gas.« SolAmerica: SolAmerica Energy Launches 1.3 MW Solar Project on President Carter\u0026rsquo;s Farm in Plains, Georgia »Former President Jimmy Carter leased a 10-acre (40.000 sqm) site in his hometown to SolAmerica for development of the 1.3 MW solar project, which will provide over 50% of the power needs of the City of Plains.« Bloomberg: German Tenants Win Right to Generate Solar Power on Rented Roofs »Lawmakers are set to pass legislation dubbed “Tenant Power” on Thursday in Berlin. The bill promises owners of tenant blocks a subsidy of as much as 3.8 cents (4.3 U.S. cents) a kilowatt-hour for generating solar power on rooftops or from basement combined heat and power units.« Bloomberg: Solar Power Will Kill Coal Faster Than You Think The tipping point will be 2021 for China, Germany is already past it. Forbes: The Cost Of Wind And Solar Intermittency »What is the integration threshold? There is no threshold, per se. The cost of managing intermittency is nonlinear and depends upon the mix and location of dispatchable and non-dispatchable sources, the match of local demand patterns with variable source pattern, and various other factors. Based on model studies of Germany and Indiana, Falko Ueckerdt found integration costs began to become significant at 20% [intermittent energy sources].« Christopher Schwarzer: DIE DEUTSCHLAND-BATTERIE, TerraE baut Zellfabrik in der Bundesrepublik (Article in German) »Die Gründungsgesellschafter der TerraE Holding GmbH sind Holger Gritzka, bisher Head of Battery Technologies bei ThyssenKrupp, Dr. Ulrich Ehmes, zuvor CEO der Schweizer Batteriefirma Leclanché sowie die BMZ Holding GmbH.« TerraE wird spätestens Ende 2019 eine deutsche Batteriefabrik am Start haben. BMZ hat die Batterien für die Streetscooter geliefert. PV Magazine: TerraE bildet Konsortium für Gigawattfertigung füLithium-Batteriezellen (Article in German) »17 Unternehmen und Forschungsinstitut haben sich mit TerraE zu einem Konsortium zusammengeschlossen. Ziel ist der Aufbau einer Großserienfertigung von Lithium-Ionen-Zellen an zwei Standorten in Deutschland.« PV Magazine: Energy storage already cost-competitive in commercial sector, finds study »Cheaper battery prices sees storage playing a broader role in energy markets, particularly for commercial customers seeking to reduce peak consumption, research from McKinsey shows.« Energiespeicher Blog: Unterirdische Pumpspeicher (Article in German) »Wie bereits mehrfach erwähnt, sind Pumpspeicher die verbreitetste Methode elektrische Energie in großer Menge abzuspeichern. [\u0026hellip;] Unterirdische Speicherkraftwerke sind von den Kosten nicht in einer anderen Welt als Batterien oder obertägige Pumpspeicher. Allerdings gibt es je nach Technologie erhebliche unterschiedliche technische Probleme und spezifische Kosten.« Singularity Hub: Canada Is Building a 7 Megawatt-Hour Compressed Air Energy Storage Plant »Compressing air in porous caves can serve as a backup form of power that can be tapped when the demand for power is high.« New Shift: This is how Big Oil will die »And here is what is disruptive for Big Oil: Self-driving vehicles get to combine the capital savings from the improved lifetime of EVs, with the savings from eliminating the driver. The costs of electric self-driving cars will be so low, it will be cheaper to hail a ride than to drive the car you already own.« Using the math in the article, this will even be the case if the car is a traditional Taxi with driver, as long as it is electric and has the lifetime assumed in the article.The second half of the article discusses the US coal crash, which happened between 2011 and 2016 (the four largest US coal companies were worth about 45 bn USD together in 2011, and all bancrupt in 2016). Mark Bently: Tweet »I recently made this simply plot showing the solar flux at various longitudes on Mercury\u0026rsquo;s equator. The blue line shows the value at Earth. Bloomberg: Bird Radar May Help Reduce Wind Turbine Deaths Shared for this graph: ","date":"2017-07-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/26/renewables-energy-is-free-guarantees-cost-money.html","tags":["mobility","energy","climate","lang_en"],"title":"Renewables: Energy is free, guarantees cost money"},{"categories":null,"content":"So I have been testing, again. My hapless test subject this time is a Dell Box, an R630. It has a comfortable 384GB of memory, one of two 25 GBit/s ports active, and it comes with two E5-2690v4 CPUs. That gives it 14 cores per die, 28 cores in total, or with hyperthreading, 56 threads.\n$ cat /proc/cpuinfo | grep \u0026#39;model name\u0026#39; | uniq -c 56 model name : Intel(R) Xeon(R) CPU E5-2690 v4 @ 2.60GHz $ ./mprime -v Mersenne Prime Test Program: Linux64,Prime95,v28.10,build 1 I have not been nice, because I have been abusing the box with mprime95 in Torture Test Mode, trying to make it consume as much power as possible.\n$ cat prime.txt V24OptionsConverted=1 WGUID_version=2 StressTester=1 UsePrimenet=0 MinTortureFFT=8 MaxTortureFFT=64 TortureMem=0 TortureTime=3 TortureThreads=56 [PrimeNet] Debug=0 Running this with variable values for TortureThreads allows me to learn the impact of CPU usage on power consumption. When Idle, the box consumes 170W, because we basically prevented it from sleeping. When busy, it’s some 406 to 420W.\nRunning at almost full power.\nAnd the power consumption is not linear. Well, it is up to 28 Threads, and then more or less plateaus.\nWatt used, by number of threads busy.\nFrom 170W idle to 406W at 28 Threads busy, then basically static for the rest.\nIf you think about this, it makes a lot of sense. At 28 Threads busy, all the physical cores are being kept busy by mprime95, which is very much architecture and topology aware.\nIt analyzes which Threads are located on which Cores and Dies, and then sets itself up with CPU affinity for maximum utilization. So at 28 Threads busy (50% full capacity) we are already pretty much at full power consumption.\nUnfortunately, conversely this looks not as nice:\nIf you define the full power usage at 420W and want to spend only half of that, 210W, you will reach that point at around 4-6 Threads busy - about 10% of the potential compute already consume 50% of the power.\nAnother way to think about it is Watt per Thread:\nWatts per Thread.\nA nice hockey stick. Inflection point is around 6 cores. Things are becoming interesting, from a bang/buck perspective, if the box is at load 6 or higher at all times. From a data center planning perspective, it becomes clear that there is no way to make thermally oversubscribing racks financially attractive.\nIt is better to build for full thermal utilisation without oversubscription, and then make sure the boxes are always as busy as possible. Computation past a base load of 6 is basically available for free from a power/cooling point of view.\n","date":"2017-07-19T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/19/threads-vs-watts.html","tags":["data center","computer","lang_en"],"title":"Threads vs. Watts"},{"categories":null,"content":"Short link to NBC Miami :\nSouth Miami Set to Become First City in Florida to Require Solar Panels on New Homes The new law would require owners of new homes \u0026ndash; including single-family homes, townhouses and multi-story residential buildings \u0026ndash; to install solar panels. It also applies to owners who expand their homes by 75% or greater. Once the measure is passed, South Miami would become the fourth U.S. city that requires new homes to be installed with solar panels. San Francisco and two small cities in California have similar renewable energy building laws.\n","date":"2017-07-18T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/18/mandatory-solar-panels-for-new-homes.html","tags":["mobility","lang_en"],"title":"Mandatory solar panels for new homes"},{"categories":null,"content":"Today somebody had a problem with expiring a large table (a Serendipity Blog table).\nIn MySQL InnoDB, tables are physically ordered by primary key (InnoDB data is a B+ tree, a balanced tree where the data pages are the leaves of the tree). If you are expiring old data from such a log table, you are deleting from the left hand side of the tree, and since it is a balanced tree, that triggers a lot of rebalancing - hence it is very slow.\nIf you rename the old table and INSERT … SELECT the data you want to keep back into the original table, that can be faster.\nBut if the data you want to keep is larger than memory, the indexing of the data will still be slow. A nice way to handle log tables are partitions. Here is an example. It\u0026rsquo;s not very cleaned up, but it works on my system.\n#! /usr/bin/env python -- # setting up the python environment: # pip install virtualenv # virtualenv partitions # cd partitions # source bin/activate # pip install --update pip # pip install mysqlclient click # setting up the MySQL: # create user demo@localhost identified by \u0026#34;pfrtlng\u0026#34;; # grant all on demo.* to demo@localhost; # Testing: # ./partitions drop --name keks # ./partitions create --name keks # ./partitions fill --name keks # mysql -u demo -ppfrtlng demo -e \u0026#39;select * from information_schema.partitions where table_name = \u0026#34;keks\u0026#34;\u0026#39; # ./partitions add --name keks # mysql -u demo -ppfrtlng demo -e \u0026#39;select * from information_schema.partitions where table_name = \u0026#34;keks\u0026#34;\u0026#39; # ./partitions add --name keks # ./partitions add --name keks # ./partitions add --name keks # mysql -u demo -ppfrtlng demo -e \u0026#39;select * from information_schema.partitions where table_name = \u0026#34;keks\u0026#34;\u0026#39; # ./partitions dropbyname --name keks --pname p0 # mysql -u demo -ppfrtlng demo -e \u0026#39;select * from information_schema.partitions where table_name = \u0026#34;keks\u0026#34;\u0026#39; # ./partitions dropbyvalue --name keks --valuebelow 500001 # mysql -u demo -ppfrtlng demo -e \u0026#39;select * from information_schema.partitions where table_name = \u0026#34;keks\u0026#34;\u0026#39; # ./partitions drop --name keks import click import MySQLdb import random import string from pprint import pprint # A lot of SQL collected here db_config = dict( host = \u0026#34;localhost\u0026#34;, user = \u0026#34;demo\u0026#34;, passwd = \u0026#34;pfrtlng\u0026#34;, db = \u0026#34;demo\u0026#34;, ) sql_drop_table = \u0026#39;drop table %s\u0026#39; sql_create_table = \u0026#34;\u0026#34;\u0026#34;create table %s ( counter_id integer not null primary key auto_increment, data varchar(64) not null ) %s \u0026#34;\u0026#34;\u0026#34; sql_partition_clause = \u0026#39;partition by range (counter_id) ( %s )\u0026#39; sql_partition_range_clause = \u0026#39;partition p%d values less than (%d),\u0026#39; sql_insert_into = \u0026#39;insert into %s ( counter_id, data ) values ( %d, \u0026#34;%s\u0026#34; )\u0026#39; sql_find_partitions = \u0026#34;\u0026#34;\u0026#34;select partition_name, partition_description from information_schema.partitions where table_schema = \u0026#39;%s\u0026#39; and table_name = \u0026#39;%s\u0026#39; order by cast(PARTITION_DESCRIPTION as signed) desc limit 2\u0026#34;\u0026#34;\u0026#34; sql_alter_table_add_partition = \u0026#39;alter table %s add partition ( partition %s values less than (%d))\u0026#39; sql_alter_table_drop_partition = \u0026#39;alter table %s drop partition %s\u0026#39; sql_find_partition_by_value = \u0026#34;\u0026#34;\u0026#34;select partition_name from information_schema.partitions where table_schema = \u0026#39;%s\u0026#39; and table_name = \u0026#39;%s\u0026#39; and cast(partition_description as signed) \u0026lt; %d\u0026#34;\u0026#34;\u0026#34; ########### # create a db connection db = MySQLdb.connect(**db_config) @click.group(help=\u0026#39;Test row expiration with and without partitions.\u0026#39;) def partitions(): pass @partitions.command() @click.option(\u0026#39;--name\u0026#39;, default=\u0026#39;demo\u0026#39;, help=\u0026#39;Table name to drop\u0026#39;) def drop(name): cmd = sql_drop_table % name # click.echo(\u0026#39;CMD: %s\u0026#39; % cmd) try: c = db.cursor() c.execute(cmd) click.echo(\u0026#39;Table \u0026#34;%s\u0026#34; dropped.\u0026#39; % name) except MySQLdb.OperationalError as e: click.echo(\u0026#39;Table \u0026#34;%s\u0026#34; did not exist.\u0026#39; % name) @partitions.command() @click.option(\u0026#39;--name\u0026#39;, default=\u0026#39;demo\u0026#39;, help=\u0026#39;Table name to create\u0026#39;) @click.option(\u0026#39;--partitioned/--no-partitioned\u0026#39;, default=True, help=\u0026#39;Create table partitioned?\u0026#39;) @click.option(\u0026#39;--size\u0026#39;, default=1000000, help=\u0026#39;Expected table size\u0026#39;) @click.option(\u0026#39;--psize\u0026#39;, default=100000, help=\u0026#39;Partition size\u0026#39;) def create(name, partitioned, size, psize): pcmd = \u0026#39;\u0026#39; # add partitioning clause to create table statement if (partitioned): ppcmd = \u0026#39;\u0026#39; counter = 0 # add all the ranges for r in range(0, size+1, psize): ppcmd = ppcmd + ( sql_partition_range_clause % (counter, r)) counter = counter + 1 # remove the trailing comma pcmd = sql_partition_clause % ( ppcmd.rstrip(\u0026#39;,\u0026#39;) ) # complete the create table statement cmd = sql_create_table % ( name, pcmd ) c = db.cursor() try: c.execute(cmd) click.echo(\u0026#39;Table \u0026#34;%s\u0026#34; created %s partitions.\u0026#39; % ( name, \u0026#34;with\u0026#34; if partitioned else \u0026#34;without\u0026#34;)) except MySQLdb.OperationalError as e: click.echo(\u0026#39;Table \u0026#34;%s\u0026#34; already exists.\u0026#39; % name) @partitions.command() @click.option(\u0026#39;--name\u0026#39;, default=\u0026#39;demo\u0026#39;, help=\u0026#39;Table name to insert into\u0026#39;) @click.option(\u0026#39;--size\u0026#39;, default=1000000, help=\u0026#39;Number of rows to load into the table.\u0026#39;) def fill(name, size): for i in range(1, size): str = \u0026#39;\u0026#39;.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(20)) cmd = sql_insert_into % (name, i, str) c = db.cursor() try: c.execute(cmd) except MySQLdb.Error as e: click.echo(\u0026#34;MySQL Error: %s\u0026#34; % e) # commit every 1000 statements if (i % 10000 == 0): db.commit() # one final commit db.commit() @partitions.command() @click.option(\u0026#39;--name\u0026#39;, default=\u0026#39;demo\u0026#39;, help=\u0026#39;Table name to add partition to\u0026#39;) @click.option(\u0026#39;--size\u0026#39;, default=None, type=click.INT, help=\u0026#39;Partition size in id count\u0026#39;) def add(name, size): global db_config # we need the schema name schema = db_config[\u0026#39;db\u0026#39;] cmd = sql_find_partitions % ( schema, name ); # find me the two last partitions from I_S.PARTITIONS # click.echo(\u0026#34;Sql: %s\u0026#34; % cmd) c = db.cursor(MySQLdb.cursors.DictCursor) c.execute(cmd) r = c.fetchall() # if no size was given, we take the interval from the two highest numbered partitions as default if size is None: size = int(r[0][\u0026#39;partition_description\u0026#39;]) - int(r[1][\u0026#39;partition_description\u0026#39;]) limit = int(r[0][\u0026#39;partition_description\u0026#39;]) + size # we automatically calculate the new partition name p(XX+1) from the last pXX pname = \u0026#39;p\u0026#39; + str(int(r[0][\u0026#39;partition_name\u0026#39;][1:]) + 1) cmd = sql_alter_table_add_partition % ( name, pname, limit ) # click.echo(\u0026#34;Sql: %s\u0026#34; % cmd) c = db.cursor() try: c.execute(cmd) click.echo(\u0026#39;Partition %s has been added (values less than %d, that is a %d step size.)\u0026#39; % (pname, limit, size)) except MySQLdb.Error as e: click.echo(\u0026#34;MySQL Error: %s\u0026#34; % e ) exit(1) @partitions.command() @click.option(\u0026#39;--name\u0026#39;, default=\u0026#39;demo\u0026#39;, help=\u0026#39;Table name to drop partition from\u0026#39;) @click.option(\u0026#39;--pname\u0026#39;, help=\u0026#39;Drop partition by name pXXX\u0026#39;) def dropbyname(name, pname): if pname is None: click.echo(\u0026#39;I need a --pname\u0026#39;) exit(1) cmd = sql_alter_table_drop_partition % ( name, pname) # click.echo(\u0026#39;Sql: %s\u0026#39; % cmd) c = db.cursor() try: c.execute(cmd) click.echo(\u0026#34;Dropped partition named %s\u0026#34; % pname) except MySQLdb.Error as e: click.echo(\u0026#34;MySQL Error: %s\u0026#34; % e) exit(1) @partitions.command() @click.option(\u0026#39;--name\u0026#39;, default=\u0026#39;demo\u0026#39;, help=\u0026#39;Table name to drop partitions from\u0026#39;) @click.option(\u0026#39;--valuebelow\u0026#39;, type=click.INT, help=\u0026#39;Drop all partitions with values below X\u0026#39;) def dropbyvalue(name, valuebelow): global db_config # we need the schema name schema = db_config[\u0026#39;db\u0026#39;] if valuebelow is None: click.echo(\u0026#39;I need a --valuebelow\u0026#39;) exit(1) cmd = sql_find_partition_by_value % ( schema, name, valuebelow) # click.echo(\u0026#34;Sql: %s\u0026#34; % cmd) c = db.cursor() try: c.execute(cmd) except MySQL.Error as e: click.echo(\u0026#34;MySQL Error: %s\u0026#34; % e) exit(1) result = c.fetchall() # reseult[rownr][0] is partition name for row in result: cmd = sql_alter_table_drop_partition % (name, row[0]) # click.echo(\u0026#34;Sql: %s\u0026#34; % cmd) c = db.cursor() try: c.execute(cmd) click.echo(\u0026#34;Dropped partition named %s\u0026#34; % row[0]) except MySQL.Error as e: click.echo(\u0026#34;MySQL Error: %s\u0026#34; % e) partitions() ","date":"2017-07-09T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/09/using-mysql-partitions-a-python-example.html","tags":["mysql","erklaerbaer","lang_en"],"title":"Using MySQL Partitions (a Python example)"},{"categories":null,"content":"based on an old Google plus article from 2015: What you observe as Planned Obsolescence is often the natural outcome of fast product cycles that are necessary for any new technology. When a new thing arrives in the market, it is often barely viable, a minimum viable product .\nWe are remembering the iPhone 1 as revolutionary, but we chose to forget about is slowness, its clunkyness and the very limited feature set it had. And those of us having purchased a car with built-in satnav now have to deal with a car radio where you have to choose between listening to a CD or putting in the outdated CD-ROM with navigation data - and then wait for a minute until you get the route.\nWe made considerable progress with satnav systems, and because navigation system product cycles are much shorter than the lifetime of a car, it\u0026rsquo;s a good idea to have them separate and be able to independently upgrade the satnav. Smart people purchased a suction cup satnav, threw that out three years ago and are using their cellphone now for car navigation.\nNew products in consumer electronics are often have an initial cycle time of 6-12 months. Every further iteration adds about 3-6 months of additional usefulness. Starting with iteration 4 or 5 you can expect a device to have normal lifetimes. If it\u0026rsquo;s a mobile device it will be good for about 3 years, until it is being destroyed or useless in the course of normal use. There are people with mobile phones or laptops older than 3 years, but these are often persons that are using their device mostly stationary in a protected environment. But even with stationary use, it\u0026rsquo;s over after about 6 years.\nWhy is that? Moore\u0026rsquo;s law claims a duplication of compute power in our devices every 18-24 months, or 45% per year. So after 6 years we get about an order of magnitude of improvement. And that\u0026rsquo;s a completely different class of machine than 6 years before.\nOf course you can start a debate on planned obsolescence. The European Parliament in fact just did .\nBut as long as we are dealing with industries and products with a change rate this high, this is of very limited use. Only after stabilizing a technology, when the growth in power is over, when the search for product feature sets is finished and we have a defined and stable set of features, fixed expectations, when the research and innovation are done, we can look at lifetimes and obsolescence. At this point in time for consumer electronics this is not really useful. So if it is inevitable that the devices will be obsolescent because of innovation, the focus has to be on recycling in order to win.\nAnother issue: Moore\u0026rsquo;s law actually changes the way we access the same product. Checking email once required a desktop machine with a 150W power supply. Then we had laptops, with less than 30W power draw to do the same. Today you are using a cellphone to check mail, with a power draw of 1W or less to achieve the same result. That is not possible with the same type of device.\nSo todays email readers have no power supply, no separate monitor and no keyboard any more. They also can\u0026rsquo;t be opened or extended. Moore\u0026rsquo;s law works because of integration. There is no CPU, there is a System-on-a-Chip. You can\u0026rsquo;t simply replace a blown capacitor, it\u0026rsquo;s now \u0026lsquo;replace the control module\u0026rsquo; or even \u0026lsquo;replace the entire device\u0026rsquo;. That\u0026rsquo;s not wrong at all, see my comments on Project Ara (in german ).\nIf you want a small and robust device, you have to tolerate that parts that shall not fall off or can\u0026rsquo;t come off. Or at least require proper tools in order to disassemble the thing, see the park of special repair tools available to licensed Apple dealers in order to do proper non-destructive maintenance on Apple devices.\n","date":"2017-07-07T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/07/new-technology-vs-planned-obsolescence.html","tags":["computer","erklaerbaer","lang_en"],"title":"New Technology vs Planned Obsolescence"},{"categories":null,"content":"We are currently experiencing a fundamental transition in the data center. In recent discussions, it occured to me how little this is understood by people in the upper layers of the stack, and how the implications are not clear to them.\nIn the past, three fundamentally scarce resources limited the size of the systems we could build:\nIOPS, bandwidth and latency. All three of them are gone to a large extent, and the systems we are discussing now are fundamentally different from what we had in \u0026ldquo;The Past™\u0026rdquo;, with \u0026ldquo;The Past\u0026rdquo; being a thing five to ten years ago.\nIn The Past we had disk.\nA disk of rotating rust is a data store than can, at best, perform 200 disk seeks (ssI/O Operations per second, IOPS), so databases tended to be special computers with very many small disks, data spread out across as many spindles as possible. The entire system was fake-accelerated with caches, with accepted writes into battery buffered memory of limited size, and woe if the working set of your data ever exceeded the cache size.\nFive years ago we converted all customer facing databases to systems on SSD with about 20.000 to 50.000 IOPS, and with current NVME based storage we are about to see millions of IOPS. Fundamentally, IOPS are not a limited resource any more: With the techniques we learned from the rotating rust age, we can build machinery with an arbitrary amount of random write capability.\nIn the past, databases and frontends have been connected to the world using network adapters with a Gigabit per second capability. About five years ago, we converted the first systems to 10 GBit/s at scale, and today we routinely build systems with about 400 MBit/s to 1 GBit/s per Thread (so a 50 core system gets a dual-25 GBit/s network card).\nCompanies like Mellanox have switches with a large two digit number of 100 GBit/s Interfaces. We have leaf-and-spine architectures available that allow us to build data paths between tens of thousands of computers inside a single data center with no chokepoints - we are actually getting the 1 GBit/s per thread on the entire path between any thread and any disk in our data center, concurrently.\nIn the past, commit latency to a disk along these paths used to be on the upside of 500 µs (1/2000 of a second) and more likely in the low milliseconds. But with current cards, offloading and other trickery we can get at or below 200 µs. Add scary stuff such as RDMA/RoCE to the mix, and we may be able to routinely crack the 100 µs barrier.\nThat makes writes to the data center sized fabric as fast or faster than writes to a slow local SSD.\nToday we are at an inflection point, because what we have today is true abundance: Each of the three limiters, IOPS, bandwidth and latency, have been throughly vanquished. We can now build a system where the data center sized fabric at scale provides bandwidth and latency comparable to a system bus of a slow home computer (and is consecutively faster the smaller the domain gets).\nWe can build machines the size of a data center, up and past one million cores, that provide essentially enough coupling to be able to act as a single machine. The building blocks are Open Compute Racks at 12 kW a piece. The operating system of the machine is Kubernetes. The units of work are container images. The local API is the Linux Kernel API.\n","date":"2017-07-07T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/07/the-data-center-in-the-age-of-abundance.html","tags":["container"],"title":"The Data Center in the Age of Abundance"},{"categories":null,"content":" Glorifying toil, glorifying organisational ossification\nSo somebody posted this on G+, and it\u0026rsquo;s a classic example for a thing that I classify as BOFH memes. That\u0026rsquo;s a group of memes and stories from operations people from a time past glorifying the toil and nastiness of operations.\nThis is going away now, for some time, and people identifying with BOFH thinking or finding it funny need to change, or go out of job. That\u0026rsquo;s also happening, rather quickly, and I have a talk about this (Slideshare , Youtube ).\nThe direct answer to the image above is\nIf you are having problems deploying on a Friday, you will have them at any time of the week. Your processes are broken.\nPeople objected, confirming what I said.\nOne commenter:\nAn ex manager would deploy anything, often while drunk, at any time of the night and then bully me to fix it despite not being on call because probably he was of the opinion that bullying immigrants into working out of hours without compensation was fine. After the company got rid of him I\u0026rsquo;m definitely saner. At least I my chances of getting compensation when higher if he broke shit monday to thursday during the day.\nThere\u0026rsquo;s your broken process right there (and broken management, to boot).\nThat needs fixing, the Fridays are just a symptom. One other commenter:\nsure but there is no such thing has a 100% process and so unless you have a 24/7 engineering team I would still avoid Friday deployments.\nThere you are. If it is of such importance that you need 24/7 operations, you better provide 24/7 ops. If it is not actually that important, who cares?\nIt is not that binary, but rather about risk management. That\u0026rsquo;s primarily about dealing with the problem, not pushing it away. So what could be done about it? The one thing that does not work is Heroism, but that\u0026rsquo;s one thing that the strain of BOFH thinking glorifies. Dev breaks things, Ops intervenes and fixes them, in heroic acts of emergency changes, during impossible times and adverse circumstances.\nThat\u0026rsquo;s of course destructive bullshit. Heroism, the solitary deeds of individuals saving the day, is a problem in operations, because it does not scale in space and time. If you create an organisation that rewards heroism, it will in time require heroism to run smoothly. That\u0026rsquo;s organisational abuse, grind and toil, and in the end, personnel churn.\nYou can\u0026rsquo;t build sustainable organisation on that, let alone growing organisations. The Heroism that is part of the BOFH meme and this culture is toxic to the people identifying with it, because it promotes Heroism, and hence self-abuse, toil and eventually burnout. Heroism needs urgent fixing. It is not the heroic act that improves the situation and helps the business grow. It\u0026rsquo;s the postmortem, and the changes that come out of it, which ideally should make the entire class of problems impossible in the future, without slowing down the ability to change and adjust.\nThat last half sentence is important, because the other thing that does not work dealing with risk is Obstruction and Ossification. An IT organisation exists, in part, to give management options. A part of their mission is to create mechanism on which management can then implement policy, use the mechanism to set a direction for the entire organisation to sail, smoothly. Being able to execute change safely and smoothly is therefore a fundamental, basic function of any IT organisation.\nThe obstruction that is part of the BOFH meme and culture is toxic to the organisation, because it idealises a way of thinking that is hostile to the other parts of the organisation (\u0026ldquo;us\u0026rdquo; vs \u0026ldquo;them\u0026rdquo;), vilifying other departments and looking down on their abilities. It also sees change as bad and dangerous when it is necessary to sustain the business. Together, these things and the ideology of Heroism encourage a way of thinking Operations as something separate, that exists outside and against the rest of the business. That\u0026rsquo;s an entirely destructive and non-constructive mindset, and that\u0026rsquo;s why you need to end it in you and in your organisation.\nEnabling change So how could you enable your organisation to sucessfully deploy new code at any day and time of the week?\nYou could introduce technology such as CI/CD pipelines. If you push something into a certain branch (\u0026ldquo;production\u0026rdquo; would be a good tag), it would run a build, synthetic tests where necessary and then roll it out.\nYou could introduce technology such as separation of rollout and activation. Code that is being rolled out as new is never actually executed. Only when you activate a feature flag, it is active for you, or for a small subset of users, which you can grow incrementally until is it full on. Then the old, dead code can be removed (or you keep it around intentionally).\nYou could improve monitoring technology, and put service level objectives (SLO) on it, such as requiring that the monitoring lag between an event happening and it showing up in monitoring is below some threshold (\u0026quot;\u0026lt; 15s\u0026quot; or similar). This SLO should be shown on the graphs as well, together with the actual metrics. This will give people making changes visibility on the impact of the change.\nYou could change the organisation and align incentives. Those who write code need to be made responsible for rolling out this code. This requires that they understand the relevant monitoring metrics, and care about them being complete and fast. It also requires that they understand the larger operational context of the subsystem they are working on, the \u0026ldquo;provides to\u0026rdquo; and \u0026ldquo;relies on\u0026rdquo; relationships and other contracts they have. It will also naturally put the pain where it can affect the required changes directly. Which is another reason why you should also alert product owners together with other people - it makes sure, the right alerts are being generated, actually service-relevant alerts, not too many, not too few.\nYou should change the organisation so that it favours many small changes over large and complicated ones. This is done with the suggestions above, taken together and implementing them. It is also done by doing away with formalized \u0026ldquo;Change Advisory Boards\u0026rdquo;, where people who know little about the actual changes and who are also not directly affected by performing them are put in control of deciding which changes are being made when and how.\nProcesses are about people talking to each other about who is going to do what and when and why, and how. The first thing that has to be done is getting the people who are actually going to do something at all to speak to each other, and the classic CAB is the antithesis of this.\nAnd finally, you could install management controls that actually set realistic expectations and reward controlled risk taking. A \u0026ldquo;100% availability\u0026rdquo; objective is never realistic. Realistic expectations focus on realistic availability, things like \u0026ldquo;99.99%, because our production context, upstream and downstream dependencies, are actually even less reliable\u0026rdquo; or similar reasoning applied. They focus on recovery procedures and being able to execute them effortlessly. They focus on resiliency and exercising resiliency systems regularly in real production circumstances, so they promote testing in production and making it possible safely wherever and whenever possible. And finally, they work against the BOFH meme and mindset, because that place is precisely where you do not want your organisation want to be.\nThis whole set of stories needs to die in a fire.\n","date":"2017-07-03T00:00:00Z","href":"https://blog.koehntopp.info/2017/07/03/friday-deploys-and-other-harmful-bofh-memes.html","tags":["computer","lang_en"],"title":"Friday Deploys, and other harmful BOFH memes"},{"categories":null,"content":" Fortune has a kind of home story on Project Zero , explaining what it is, how it came to be and who the people in there are.\nIf you do not know what Project Zero is and why it is important, it\u0026rsquo;s a good starting point. If you know about Project Zero, it\u0026rsquo;s still a fun read because of all the parentheses that read »x declined to be interviewed for this story.«\n","date":"2017-06-29T00:00:00Z","href":"https://blog.koehntopp.info/2017/06/29/project-zero.html","tags":["security","lang_en"],"title":"Project Zero"},{"categories":null,"content":"So there was this article in Motherboard, pointed out to me by a very young friend of mine. It\u0026rsquo;s an FBI memo written in 1995 during the Unabomber investigation, about a mysterious, close-knit group of gamers, playing D\u0026amp;D. The article gives hardly any context at all, but that kind of memo during this time is not unusal or even remarkable, from a historical perspective.\nSo here is a bit of historic perspective, not quite in chronological order.\nJohn Gilmore A lot of this, from a US point of view, revolves around the person of John Gilmore . Gilmore was an early Sun Microsystems employee and hardware (VLSI chip) designer, and this part of his career made him financially independent. He\u0026rsquo;s also politically active, libertarian, and coined the famous saying\nThe Net interprets censorship as damage and routes around it.\nGilmore was running Cygnus Solutions (before Windows had a Ubuntu subsystem, there was Cygwin) in 1992, a company that advocated Open Source and provided commercial support for it.\nAt Cygnus, people with similar interests were meeting and from that grew the Cypherpunks mailing list, which by 1994 had substantial readership. The Cypherpunks pioneered software that used encryption to communicate, to facilitate metadata-less anonymous communication and early anonymous digital payment systems.\nDavid L. Aaron This clashed with the interests of the United States and the Five Eyes , which even back then had zero interest in the promotion of publicly available, auditable at the source level, free cryptographic protocols. The US came up with several concepts of limited and \u0026ldquo;managed\u0026rdquo; (= crippled) encryption schemes, and around 1995, 1996 appointed David L. Aaron as a Crypto Czar .\nThat Czar was the person tasked with selling foreign governments on the idea of crippling cryptography worldwide so that the US could better spy on them and everybody else. The way he did that was, of course, that he argued that unbreakable codes in the hands of terrorists would threaten every country\u0026rsquo;s security. Sounds familiar? It should, the tune is as old as Greensleeves .\nClipper and other crippled crypto One notable export from that time are \u0026ldquo;export grade ciphers\u0026rdquo;, versions of cryptographic protocols that have been in some way or the other limited to key lengths of 40 Bit, which was even back then completely useless.\nAnother memorable fiasco of that time (1992-1996) was the Clipper Chip . The Clipper Chip is a hardware encryption/decryption device using a special cipher Skipjack , which was later found deeply flawed .\nEach Clipper Chip would have a random bitstring as identity/key source, and would encrypt messages, but also transmit the key to decode the message in another, encrypted way that was supposedly accessible only to the government. As such, the key implemented a secret government backdoor.\nRelatively quickly, several technical vulnerabilities in Clipper have been found, which allowed the use of the Clipper hardware in a way that the key would not be recoverable (bypassing the backdoor), and others, which allowed using the key recovery field by anyone, so that all legit users of the chip would be exposed to attacks.\nSteve Jackson Games Then there is Steve Jackson . Jackson is a Geek, a Game Designer of, among other games, Role Playing Games, and a Lego collector. He\u0026rsquo;s known especially for creating and publishing GURPS , \u0026ldquo;the\u0026rdquo; universal role playing game ruleset. There exist GURPS supplements for about every conceivable theme, and a few that are inconceivable or at least improbable .\nThere is also the GURPS combination challenge, in which you choose any two random GURPS supplements and play in the resulting world.\nThe EFF In 1990, the United States Secret Service raided the offices of Steve Jackson Games and seized the manuscript for GURPS: Cyberpunk on the grounds of it being a handbook for computer crime. Steve Jackson Games sued the United States Government over this, and won the trial in 1993.\nThat was made possible in part because of the Electronic Frontier Foundation , EFF. Funding members were John Gilmore, John Perry Barlow and Mitch Kapor. Barlow and Kapor had been subject to raids similar to Jackson, by particularly technologically clueless government organisations.\nOne of the first cases the EFF took on was the defense and litigation for Steve Jackson (and next was the lawsuit on behalf of DJB against crypto export controls)\ndistributed.net and Deep Crack The EFF was also involved in the funding and execution of various DES brute force challenges . The first one, called distributed.net , used many general purpose computers somewhere in the Internet to brute force the key of a certain DES (56 bit) encrypted message. The second DES Challenge used a machine named Deep Crack made from not quite 2000 special VLSI chips.\nIt was John Gilmore, who funded the quarter million US dollars to finance this design and who also helped to design the actual hardware. Deep Crack brute forced a DES key in only 56 hours, demonstrating that DES cracking was too cheap and fast to consider DES still a secure chipher.\nThis lead to AES challenge and the standardisation of the Belgian Rijndael chipher as what we today call AES . Today we have the funny situation that DES is still unbroken (there is no faster attack than brute force), but insecure (brute force is too easy), while AES is broken , but still considered secure.\nThe Crypto Wars in Germany A similar discussion on encryption and \u0026ldquo;key escrow\u0026rdquo; took place in Germany. You can find a lot of the old discussions (in German) at Förderverein Informationstechnik und Gesellschaft (Fitug ), for example here . The Rethorics of 1995 sound precisely like those today:\nGinge es nach dem Willen von Innenminister Kanther, dürfte es in der Bundesrepublik \u0026ldquo;keine Nischen kontrollfreier Kommunikation für Verbrecher\u0026rdquo; geben\nAround that time, a lot of political lobbying action took place, resulting in a up to this day generally unchallenged ban on key escrow in Germany:\nZwar hatte er für sein Quasi-Krypto-Verbot noch Rückenstützung durch ein anonym veröffentlichtes CDU-Thesenpapier aus den Kreisen des Bundeskanzleramts bekommen, doch schon nach der Verabschiedung des Multimediagesetzes im Bundestag ließ das Innenministerium die Katze aus dem Sack: Eine staatlich verordnete Schlüsselhinterlegung wird es vorerst nicht geben, dafür setzt man auf freiwilliges Hinterlegen.\nwhich then resulted in the \u0026ldquo;Eckpunkte der deutschen Kryptopolitik \u0026rdquo; under Otto Schily in 1999.\nToday These still stand, and ban backdoors. But Zuboff\u0026rsquo;s Laws are strong in the government:\nEverything that can be automated will be automated. Everything that can be informated will be informated. Every digital application that can be used for surveillance and control will be used for surveillance and control. And hence we now have government IT security institutions making the world more insecure, because they hoard vulnerabilities in order to use them for surveillance and control.\nWhich is why even now, 20 years later, the Cryptowar is still a thing.\nIt will never be over.\n","date":"2017-06-27T00:00:00Z","href":"https://blog.koehntopp.info/2017/06/27/the-cryptowars-twenty-years-ago.html","tags":["politik","security","kryptographie"],"title":"The Cryptowars, twenty years ago"},{"categories":null,"content":"There are things, Lovecraft hypothesizes, that Man is not meant to know. This paper is touching on these subjects: That is not dead which can eternal lie: the aestivation hypothesis for resolving Fermi\u0026rsquo;s paradox. If a civilization wants to maximize computation it appears rational to aestivate until the far future in order to exploit the low temperature environment: this can produce a 10^30 multiplier of achievable computation. We hence suggest the \u0026ldquo;aestivation hypothesis\u0026rdquo;: the reason we are not observing manifestations of alien civilizations is that they are currently (mostly) inactive, patiently waiting for future cosmic eras. This paper analyzes the assumptions going into the hypothesis and how physical law and observational evidence constrain the motivations of aliens compatible with the hypothesis.\nSo the Great Old starfaring civilizations exist, the paper suggests, but they are sleeping, waiting until the stars are, literally, right. So much of Lovecraft is about astronomy and cosmology, and it did not stop with his death, if he actually died.\n","date":"2017-06-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/06/26/fermi-vs-fhtagn.html","tags":["science","cthulhu"],"title":"Fermi vs. Fhtagn"},{"categories":null,"content":" This is a disk utilization graph on a heavily loaded Graphite box. In this case, a Dell with a MegaRAID, but that actually does not matter too much.\nGo-carbon was lagging and buffering on the box, because the SSD was running at its IOPS limit. At 18:10, the write-back cache and the \u0026ldquo;intelligent read-ahead\u0026rdquo; are being disabled, that is, the MegaRAID is being force-dumbed down to a regular non-smart controller. The effect is stunning.\n/opt/MegaRAID/MegaCli/MegaCli64 -LDSetProp NORA -l0 -aALL /opt/MegaRAID/MegaCli/MegaCli64 -LDSetProp WT -l0 -aALL and also, on top of that,\n#Direct IO instead of cached /opt/MegaRAID/MegaCli/MegaCli64 -LDSetProp DIRECT -l0 -aALL #Force SSD disk write cache (our SSD has super-capacitors, so it safe to enable) /opt/MegaRAID/MegaCli/MegaCli64 -LDSetProp -EnDskCache -l0 -aALL What we observe here is part of an ongoing pattern, and we will see more of it, and at more layers of the persistence-stack in our systems.\nIOPS are a solved problem At the lowest layers, IOPS are now a solved problem, and will become even more so. SSD are limited mostly now because of their interfaces, and so we go from IDE-interfaces to NVME to get rid of that overhead.\nThat makes disk-seek operations very cheap - going from 200 IOPS on rotating rust past 20k IOPS was only the first step, single drives now are offering 200k IOPS and more.\nBandwidth can also be provided at bus speeds through aggregation, so this is mostly a package engineering problem.\nLatency is still a problem. Even more than ever, actually, because now the time to send a packet from a core through the network to a SSD at the other end of the data center is comparable to or even dominating the time spent reading or writing that remote media.\nSSD still are disk-like devices. We are reading sectors at a time instead of individual bytes, and especially in writes we are re-flashing large blocks, 64 KB in size or larger, depending on the hardware. Smart internal controllers in SSDs are trying to take care of these things in the background.\nWith Optane, this block structure of disks can and will go away. The proper abstraction for Optane is not a file, but is memory - persistent, byte addressable memory within an order of magnitude of RAM speed.\nOn top of the actual drive sits a large stack of caches and transformation layers. In this case, one layer, the disk controller and the logic in it, became a bottleneck: A CPU considerably smaller than the actual system processor, and with limited memory, was reading ahead file contents that do not benefit from reading ahead. It was also buffering writes, in order reorder and merge them, trying to exploit properties of a spinning medium that was no longer present. The write-pressure from the systems processor and the data volume became so large that either the CPU on the controller or the size of the controller-cache became a bottleneck.\nA disk behind the controller would have been even slower than the controller, but a SSD can actually cope and be faster than the controller sitting between it and the system CPU. Taking the controller out of the path speeds things up.\nThe commands above take out one layer in the deep and rich storage stack, but there are many more. Each of them now has the potential to become the next bottleneck. Or as one of my database colleagues has been known to say in one form or the other more than once:\n\u0026ldquo;Forget caches, just make everything fast all the time.\u0026rdquo; \u0026ndash; Nicolai Plum\nHadoop in the face of many IOPS We will see more of this, and at more levels of the system. Take Hadoop for example. The two core premises on which Hadoop is built are\nSeeks are expensive. We scan data front to back, and build data processing on linear I/O (of compressed CSV or JSON files, even!).Even if we are reading much more data than we need, even if we have to costly uncompress and parse the data, this method of processing is way faster than any database could ever be, and we can easily leverage the power of parallelism. Code is smaller than our data. So we create small Java classes with our code and ship it to the systems where the data we need is stored locally in order to process it.This is a convoluted way to express our wants within the rigid framework of Map/Reduce, but it\u0026rsquo;s the only way to code, because reading all that data and shipping it across the net to where the code lives is literally impossible. Premise #2 is no longer valid since Jupiter Rising . We can disaggregate processing and storage again, because we can build data center networks that are as fast and wide as system buses, so that any core in the data center can talk to any disk in the same data center. This talk demonstrates this by creating ephemeral Hadoop processing clusters at the press of a button for the processing of single queries, by kubernetizing the Hadoop Mappers and Reducers. In this case, the relationship between the Mapper and the data this Mapper processes is simply not local at all - the Mapper may in fact run anywhere in the data center and is no longer tied to where the data is stored at all. Or, as one of the networking colleagues of mine puts it:\n\u0026ldquo;Any sufficiently funded technology is indistinguishable from Magic.\u0026rdquo; (Brian Sayler on the networking underneath a containerized Hadoop and Compute/Storage disaggregation)\nPremise #1 is going out of the window as well. Next year, latest the year after that, we likely will stop buying rotating rust even for the Hadoop servers. But that means we could seek again, which means that we could be using index data structures efficiently to work with data larger than main memory again. Which means that all these de-normalized, scannable, inefficiently nested and hard to parse JSON structures will be becoming more and more of a problem: As I/O takes a smaller percentage of the time spent on handling the data, we need to optimize the actual data decompression, parsing and handling more. Hadoop in the current form is a dead man walking. There is no alternative piece of software visible at the horizon at this moment, so these will be interesting times. And there will be more changes: File I/O is, even at much smaller levels, a lot about reformatting data from in-memory representations of things to on-disk representations. In-memory structures are pointered and traversable, aligned to n-byte boundaries, often lockable structures, because at memory speed these optimization matter. For persistence, we serialize them in complicated ways:\nDatabases like MySQL have all kinds of densely packable data types (1- and 3-byte integers, for example), references are IDs, which require lookup, instead of being traversable pointers the process of serialization often requires traversing nested, multidimensional data structures of ADTs and creating a linear, frozen representation of them. Shallow and deep copies need to be considered, depending on the problem.\nIt\u0026rsquo;s a fully fledged phase transition where the data is going from a gaseous, loosely packed form to a densely packed frozen, solid form for storage. The things beyond SSD, Optane/3D-Xpoint and similar storage, are more like memory than they are like disks, and hence they likely to some extent are able to handle \u0026lsquo;gaseous\u0026rsquo; unserialized data and make that persistent at the same time.\nIn the end, the death of the file handle, and hence the death of Unix\nThat challenges the fundamental abstraction of Unix, though, because in Unix everything is a file, which is a linear array of bytes, and is being accessed through a file handle. Now, with Optane persistent data may be no longer behind a file handle, but a special kind of memory, and data does not have to be crystallized into serialized structures before persistence. In fact, the memory may be so fast that we might not have time to do that. We require a different compute abstraction instead.\nWhich means, when we have it, the result will finally, after five decades, not really Unix any more.\n","date":"2017-06-23T00:00:00Z","href":"https://blog.koehntopp.info/2017/06/23/on-cache-problems-and-what-they-mean-for-the-future.html","tags":["performance","hadoop","database","lang_en"],"title":"On cache problems, and what they mean for the future"},{"categories":null,"content":"Heiko Schlichting reminds us that 25 years ago, on the 20./21. of June 1992, the Individual Network e.V. was created (Text in German). Individual Network e.V. was a NGO of NGOs, a construct where local citizen network NGOs could be members. Individual Network would then make contracts with the German Science Network DFN and other providers and buy traffic rights in bulk, in order to allow its members to use this traffic for non-commercial, private use.\nIn order to allow local NGOs to connect to the German Science Network DFN locally using the local university lines, Individual Network had to have some connection to DFN in order to be a member and customer. In the end it was decided that Individual Network would finance two X.25 lines into DFN at 50% each, with the local NGO taking the endpoint financing the other half.\nThat is how the NGO I represented, Toppoint Mailbox e.V., ended up with a 9600 bps X.25 line on 1.10.1992. This ended the era of long-distance dialup at Toppoint Kiel (well, not quite) and introduced a permanent link to the Internet. That was well before the first web servers, so SMTP, NNTP and FTP were the order to the day.\nPeople connected to Toppoint using dial-up modems, ISDN dial-ups or semi-permanent (pre-conncted) ISDN dialups. Speeds were up to 128 kbps, using channel bundling. I had a PI /24 those days, for home use, costing me 50 DM, one time.\nAlso, people reminded me of ...!mcshh!tpki!kriski!kris. Yes, we did not use DNS back then, but had to name all hosts in the path of a mail. And hostnames are globally unique (yep, that scales even less than IP V4).\nSee also: Neuland .\n","date":"2017-06-20T00:00:00Z","href":"https://blog.koehntopp.info/2017/06/20/25-years-individual-network-e-v.html","tags":["neuland","damals","lang_en"],"title":"25 years \"Individual Network e.V.\""},{"categories":null,"content":"Using electronic devices in the classroom seems to be a topic older than time, and the implementation often involved a lot of tedium. The problems and possible solutions are well understood in Germany (report about LTSP among other things), but the (purposefully) fragmented market for education in Germany is getting in the way here. Biggest problem usually is keeping the machines clean and orderly, and keeping the data available across device loss.\nChildren and teachers seem to be installing a lot of questionable software and extensions, and getting rid of these by setting up the machine seems to be the only way to be sure. So any school installation usually focuses on automatic fast imaging of the machines, and on server-side data storage for everything to make sure nothing is lost when a machine is lost or re-imaged.\nIn the US, 2013 saw the introduction of a lot of iPads, for example in LA . That did not work so well: Apple is a company that until very recently focused very much on data storage on the device itself with an optional cloud sync - for them, it\u0026rsquo;s a sales tool for more storage. Also, expensive devices.\nChromebooks seem to be taking US education by storm, and it makes a lot of sense.\nChromebooks are cheap devices and while they cache data locally, all data is agressively stored upstream in a cloud. That makes devices actually interchangeable - the important part is the login, not on which device you are. They can be easily restored to a default state with the aptly named \u0026ldquo;Powerwash\u0026rdquo; option, and they are mostly based on open technology - HTML5 for content and a powerful browser all the way.\nFor pupils and teachers, using a device with a proper keyboard is a big plus over a thing such as an iPad, as well. Plus, the device is not really important. As long as you can run Chrome and login to Google, the device in fact does not matter at all. It can be a Chromebook, or any PC.\nFor publishers of educational material, it\u0026rsquo;s also a nice thing. Materials are made in a well defined open format with good tooling (HTML5, again), and it is usually bound to an account and not permanently stored on a device. That makes licensing easy, updates a breeze and the tooling question is a solved issue.\nCommunication between teachers, pupils, and parents is also easily done, and integrated into everything. Admin tools for classes, accounts, and everything else exists, too.\nOf course, #neuland is not looking at this at all, because fragmented market.\nAlso, Datenkranke! Kugelschreiber!\n","date":"2017-06-13T00:00:00Z","href":"https://blog.koehntopp.info/2017/06/13/how-google-took-over-the-classroom.html","tags":["neuland","lang_en"],"title":"How Google took over the classroom"},{"categories":null,"content":"The paper (PDF ) is, to say it in the words of Sascha Konietzko, eine ausgesprochene Verbindung von Schlau und Dumm (\u0026ldquo;a very special combination of smart and stupid\u0026rdquo;).\nThe site mcafee.cc is not related to the corporation of the same name, but the site of one of the authors, R. Preston McAfee.\nThe paper looks at the utilization data from a number of public clouds, and tries to apply some dynamic price finding logic to it. The authors are surprised by the level of stability in the cloud purchase and actual usage, and try to hypothesize why is is the case. They claim that a more dynamic price finding model might help to improve yield and utilization at the same time (but in the conclusion discover why in reality that has not happened).\nBeing AI people with not much Ops experience, they make a number of weird assumptions. For example, they are looking at CPU usage data in 5 min aggregation buckets and do math against 100% CPU utilization. Even if you assume at all or most workloads are actually CPU bound, 5 minute buckets of CPU usage are way to coarse to use for 100% as a utilization target. That is, because all the actual spikes are shorter and invisible. (Workloads are rarely CPU bound, and especially not in the cloud, which is most often network bound.) (They do look at 5 min bucket maxima = 100th percentiles in some cases. But even that does not tell you for how long in a 5 min bucket you hit the roof. But hitting the roof even for a short time creates latency outliers, which in an actual cloud native microservice framework propagate and multiply, turning most of the requests into SLO violations. Jitter kills).\nThey are also for the most part ignore the cost of the cognitive load of dynamic pricing, or the cost of coding for variable deployment sizes in traditional workloads.\nFinally, they are looking at a VM based IaaS deployment. VM based deployments are likely to see traditional bare metal workloads being forklifted into the cloud. Such deployments do not scale, because they weren\u0026rsquo;t built for dynamic scaling. Cloud Native stuff is more likely to be found in environments such as Amazon Lambda and Athena. This is a lot like looking at the childrens pool only and coming to the conclusion that most people can\u0026rsquo;t swim, i.e. there may be selection bias.\nThere are useful thoughts in the paper, too. For example, they find that they can model and predict many workloads and use this for scaling in advance. In fact, typical reactive autoscalers do not work properly, because by the time they trigger a scaling action, demand is already there and latencies lag in violation of the SLO. The systems created as a reaction to a reactive autoscaler triggering are slow, because caches are cold, and will have trouble keeping up, right in the middle of a spike action.\nPredictive scalers work better and may be safer. Here you establish an absolute size limit (which usually exists due to architectural constraints and locks on shared state), and size down from it to meet predicted demand with a comfortable margin of error. Then you scale up and down following predicted demand, correcting the model in time to keep the margin. This should create capacity in advance, and give it time to warm up.\nAlso, reading the paper you could come to the conclusion that the market is stable and static, because it is stable and static: Because nobody rocks the demand pressure up and down, the prices are stable and nobody has a reason to implement savings by changing the size of the deployment needlessly.\nOf course, once a sufficient number of people start doing this, demand pressure will vary sufficiently to affect short term pricing, so that everybody eventually needs to react to the changed environmental conditions. Noise breeding complexity, breeding even more noise and complexity, until everything drowns in chaos and the system needs downtime to clean the noise from the system.\nTL;DR: Bunch of objectivist hipsters with belief in market forces and no Ops experience discover in the final paragraphs of their paper that stability and simplicity are tangible, priceable assets in themselves and maybe all the dynamic market shit is not really helpful in all cases, because stability savings outweigh wins from leveraging dynamic market forces.\n","date":"2017-06-12T00:00:00Z","href":"https://blog.koehntopp.info/2017/06/12/usage-patterns-and-the-economics-of-the-public-cloud.html","tags":["computer","performance","container"],"title":"\"Usage Patterns and the Economics of the Public Cloud\""},{"categories":null,"content":"I\u0026gt; Good Morning!\nM\u0026gt; And to you, too!\nI\u0026gt; I hope you have a nice and technically reliable start into a new week full of hope!\nI\u0026gt; Here, catch. https://github.com/mattly/bork M\u0026gt; »A bash DSL for config management« And it\u0026rsquo;s not even chistmas, ye\nI\u0026gt; \u0026ldquo;the Swedish Chef Puppet of Config Management. [\u0026hellip;] Bork is written against Bash 3.2 and common unix utilities such as sed, awk and grep. It is designed to work on any UNIX-based system and maintain awareness of platform differences between BSD and GPL versions of unix utilities.\nI\u0026gt; Reinventing configure.in with root privilege!\nM\u0026gt; When you\u0026rsquo;re happy with your config script, you can compile it to a standalone script which does not require bork to run. The compiled script can be passed around\nM\u0026gt; Like Scabies.\n","date":"2017-06-12T00:00:00Z","href":"https://blog.koehntopp.info/2017/06/12/shit-found-on-github-bork.html","tags":["computer","fluffy fluff","lang_en"],"title":"Shit found on github: bork"},{"categories":null,"content":"Talk given at the Netways Open Source Data Center Conference 2017. There is a video of the talk on Youtube .\nThe title of the talk was not final, when I submitted the proposal, so I just set it to \u0026ldquo;Something Mumble Containers Kubernetes\u0026rdquo;. It came out as \u0026ldquo;Containers at Booking\u0026rdquo; in the end.\nThis is kind of an interim report about how compute is changing, the factors and pressures at work there, and how that affects us. This is not a finished journey, yet. Things are still changing at Booking.\nWhat we do What Booking does was selling rooms, and getting commission from the hotel for that. That used to be a very simple thing, it seems, but it was already complicated enough, because the business is very different depending on where in the world you are.\nIt is for example rather hard to explain what to expect from a hotel, as the product is not very standardized except when in the USA. Most of the hotels in the world are independently owned and operated, and not part of a hotel chain. So they are all very different in interior, room arrangement and facilities and many other details. Many reviews and images are necessary to set expectations properly with customers, and to build trust.\nRunning the hotel website from an Infrastructure point of view means we aim to be boring: When we fail, or lose bookings, somebody is sleeping under a bridge and we have ruined a holiday. While adventure in a vacation is good, that is only when it is planned, and when it ends well. So being boringly reliable is what we aim for.\nWhere we are At this point in time production is completely on bare metal. We are a colocation customer, we do not have our own data center buildings, but instead make use of multiple rooms in multiple locations. In these we have a few ten thousand machines. These are enterprise class blades from HP and Dell, mostly, plus a few pieces of special purpose hardware.\nTo drive this, we have automated the handling and provisioning of the machinery, using several Python Django applications that have been developed in-house. They automatically provision stuff:\nServerDB managed hardware, from handling procurement and vendor dat ingest, to burn-in, BIOS updates, inventorization and hardware provisioning. Nemo does the same for networking equipment and provisioning. As a developer, you ask ServerDB for servers of a given type in a location. ServerDB will flash these things up to spec, provision them for you. It will provide a partition table, install a base operating system and tell Puppet what to do.\nPuppet will install packages and configuration templates, and then hand over to class specific tooling.\nIn the case of databases, for example, this is another piece of class specific tooling, B.admin (\u0026ldquo;badmin\u0026rdquo;). This will then provide database packages, replication configuration, data and will ultimately arrange the databases in a replication hierarchy and make them discoverable for clients.\nIt is possible and totally normal to get 200 databases ready to run in a replication chain, discoverable by applications, without a human touching anything in the course of the provisioning.\nDisadvantages Despite this being fully automatic and comfortable, it has a number of disadvantages. For example, it is slow, because hardware provisioning is slow. Rebooting a Dell or HP Blade takes 300 seconds, and only then the OS install can begin. A full provisioning run easily takes around 20-30 minutes.\nNot a blade, but an HP 380DL booting, but not much of a difference in timing or handling (video ).\nBare-metal hardware also is often too large or too small for the task: In our case the hardware we use is at the low end of the available specification, but in many cases already is too large for a single application to fully utilize.\nCurrent hardware is too powerful A current bladecenter chassis (HP C7000, Dell M1000e) uses 10 height units of rack space. It has room for 16 blades. When used with the large kind of CPU (2x Intel 6132 per blade), one chassis alone provides around 900 threads, 3 TB of memory and 320 GBit/s of aggregated network bandwidth, and will consume up to 6400 Watts of power under full load.\nWhile the rack theoretically has room for 4 of these things, it cannot realistically power that much compute under full load. Most data centers provide around 7000 Watt per rack, so with average load two of these blade centers can be put into a single rack, and if we actually ran the machines at full power, only one bladecenter per rack would be possible in a normal data center.\nPressures on the data center environment We do not only need to slice and dice the hardware, but the business also wants us to be even more agile and faster.\nWe need to be able to scale out the IT organisation to 3x the current number of people, because we are a growing company in a growing market, but the current way of running things does not support this very well. In order to get there, we need to automate provisioning of hardware completely, providing our developers with an API.\nWe need to be able to plan capacity, for which we need metrics. Also, data center operations need to be able to provide machinery in advance and independently of the consumption. We can no longer support hardware types that are tailored to the use-case, we want to buy larger machines and be able to slice and dice them to bite-sized instances. This is also more cost effective.\nAnd for better planning, we want to get machine readable service descriptions (who talks to what), which helps management to see the entire application and all components and the relationships between them.\nThe Monolith The software currently is a monolith and needs to be split from being a 6GB process into something smaller. This is startup size, then the thing forks and the actual instances share a lot of memory with the parent process. So the actual memory consumption per instance is a lot less.\nThe software is written in perl and is pretty well-structured and modular, but the deployment model is outdated. We roll out between 10-14 times a day, and that is of course also automated.\nSoftware of this shape is not well suited to a rollout in containers.\nWhat so we want to do? Change the entire stack: Data center and hardware level, but also looking for better data center space. Move to containers to be able to slice and dice the hardware. Change the application to use microservices, in Java. And also work towards a different business model.\nWhat are containers? Containers are just UNIX processes with additional fairy dust added between the fork() and exec() system calls. Part of this fairy dust are Linux Namespaces and Linux CGroups.\nNamespaces limit what an application inside a container can see, in terms of other processes, other files, and so on. CGroups limit the amount of resouces an application inside a container can consume, in terms of memory, CPU, and so on.\nContainers are for a few years now well understood, and known, in the form of Docker. Docker standalone is not useful for production, though.\nIt is dev centric, and from a developer PoV, it is very useful to simulate pristine environments. Developers love the layering of filesystem layers, the instant availability, and that one is able to fold production into a single host. Docker does nothing at all for operations, though.\nK8s is useful because it throws away most of Docker and does proper production things. It provides an environment where the allocation of resources can happen from many hosts, automatically, and in which the networking between instances is set automatically, no matter where instances run. In also manages storage, in a way where the lifetime of storage can be managed independently from the lifetime of a container.\nA single dockerhost can take you very far (20C, 512GB memory, disks), it can hold a lot of development. It still not useful for production, because it gives you a SPOF, does not scale and does not understand things larger than a single machine.\nImages as a form of wrapping dependencies One of the useful things Docker provides is the concept of an image that collects all the files belonging to an application, and all the dependencies it has. It keeps the base host clean, and allows us to the application anywhere without much hassle. Conversely, it also makes the application app removable. We get instant applications, just add CPU and memory anywhere in the data center.\nApplications become single file, loopmounted images. This can also be moved around very quickly, much faster than 100.000s of files.\nSince we cannot know what is in the image, we need to control what goes into the image. We need to be able to build the images from scratch, on our own infrastructure, and be able to scan the receipts in order to understand what\u0026rsquo;s inside. We cache the dependencies locally, and we use this to have reproducible builds.\nMesos: A project that escaped from a hackathon Booking was running Containers using Mesos. This was a Hackathon experiment, that accidentally escaped into internal production. It was not running important things:\nThe Blog Some internal websites Some ML/Big Data jobs Some Java component services, mostly internal Mesos proved to be a lot like Lego: modular, but parts fall off under load. This seems to be somewhat par for the course for ASF stuff, judging from our experience with Hadoop.\nIt was very much not up for production, with many missing things, and also no external mindshare. For us, what was missing was isolation of tenants, no discovery, no deployment rules, no auto-scaling, no one-time batch runs, and no rbac.\nBut the container thing was useful. We wanted to keep that, but run it better.\nTrying Kubernetes When looking around, we found K8s, which has all the stuff we needed. The Environment is very cooperative and receptive to suggestions, a lot of momentum and mind-share.\nThis is what you get: \u0026ldquo;I want to run something,\u0026rdquo; and it runs somewhere in the cluster where there is space. The image is installed on the target node selected, it runs, and after the run is finished, the image can be cleaned up. Like init, but for a set of machines.\n\u0026ldquo;Run an application anywhere in my data center, I do not care where exactly\u0026rdquo;\nK8s refines the concept of a container, compared to Docker:\nThe Pod: resource barriers (like VM, but is not a VM) Filesystem Namespaces + the Images in one Filesystem Namespace. This allows the resource barriers to contain multiple processes from multiple images, which can touch each other. This is useful for debugging, for sidecars and in many other situations.\nSidecars can manipulate and debug payloads in their pod. Pods are very cheap, they are basically invisible: just namespaces and limits, they take up almost no resources themselves and also have almost no setup time.\nWhen talking about Kubernetes, it is useful to not say container, because it is not specific enough. What do we mean, when we say container?\nthe pod, the image, the init-container, the sidecar It is usually better to use specific words instead of the generic word \u0026ldquo;container\u0026rdquo;.\nKubernetes, Iteration 1 Earlier this year, we started our first tiny deployment, to test things out: 8 bladecenters are 128 blades, in 8 racks, with 2x 10 Gbit per Blade. If you put only one bladecenter into each rack, the rack is only 10U filled, 30U are empty: \u0026ldquo;Not really a cloud, it\u0026rsquo;s more like ground fog\u0026rdquo; when you have only one blade center per rack.\nIteration 2 was built with discrete machines (2U): 128 discrete machines, in 8 racks, 1x 25 Gbit/s per machine, with an option to double this. Also, lots of storage and the option to play with distributed storage.\nA million corecomputer You can try to build the million core computer: 20.000 machines at 50 cores for a million core computer. This is too large for a single cluster, it needs to be split for many reasons.\nThe workload is image based on unified hardware, and the workload is location independent. That is, any core in any machine can talk to any disk in any box. This needs very strong networking.\nTrying out Openshift For a full production deployment, we considered using OpenShift. At that point in time it looked like a good idea to get more familiar with K8s. OpenShift provided a number of solutions for us that otherwise would need specific solutions from us.\nFor about two years it was very useful, but in the end it was moving too slow.\nNetworking Clusters always need good networking. The network we have is using L2 domains per rack, L3 with BGP between the racks. It is a Leaf-and-spine, which can be oversubscription-free to up to 1.6 TBit/s at the top-of-rack, but we have no need for this at the moment. The way we built it means we can incrementally grow it as needed.\nWe have a lot of east-west-traffic. This is expected for such a cluster, and it is unlike before, with monolithic bare-metal systems.\nOut network looks like this. Container machines have 100 Gbit/s, but are part of the same topology as for the bare metal stuff. There is no special K8s network and also no dedicated storage network, leaf-and-spine topology takes care of all of this.\nYou need less SDN than you think We have played with several SDN instances: Juniper, Midokura, we found that SDN \u0026ldquo;is too good\u0026rdquo; for our needs. Openstack like SDN gives you a lot of flexibility, developers can build an arbitrary virtual network architectures. The SDN will build and simulate that.\nWe do not want to give Devs this power, because devs will use this. This will be very hard to maintain. We want something standardized.\nIt also leads to fragility and upgrade problems at the network level. We are not using SDN at the moment, having Midokura on the backburner. Instead, we are experimenting with service meshes like Envoy.\nWe want shared infrastructure on a physical node (i.e. centralized logging), but we are not doing this right now. Instead we use instead sidecars for logging and monitoring. Since we are not a hoster it can be okay to share things.\nFinding things is hard in a cluster. IP addresses and host names no longer mean a thing, they are no longer fixed and can shift around as the cluster topology changes. This is also a problem for IP-based access rules, or for identifying machines by IP-address, as Cassandra does it. Everything is dynamic. How do you find things?\nEnter etcd as a consensus system and as a registry for endpoints and services. Things that run in the cluster register themselves in the etcd and can provide capacity to a service.\nKubernetes creates services, which are almost a load balancer. The service monitors the available backends in etcd, and updates when the list in etcd changes. Incoming requests are randomly routed to any available backend.\nLookups of services are cheap: Backends register themselves in etcd, with a lifetime, when they are ready to serve. They regularly refresh their presence in etcd in order to prevent the registration from expiring.\nServices subscribe to changes in the endpoint list, and cache the list. They get a notification when the list changes, update their cached copy. Incoming requests are being served from the locally cached copy.\nIn OpenShift, this is being implemented in a very, very large number of iptables-rules, and that can lead to problems. We typically see a few 10k rules, and they are used to select random instance to handle a request using DNAT. This is not pretty.\nService meshes solve the same problem with application level proxying, which is easier to handle, at the cost of latency.\nBalancing load Kubernetes does not migrate instances, ever, because that usually does not work at all. Instead, instances are rescheduled, which means the old instance is destroyed, and a new one is created. The number of instances is variable, single things should not exist.\nStorage This is a problem for things that have state, and use storage. Kubernetes has a relatively new and recent feature that is largely untested, called Persistent Volume Claims, which handles this in a nice way.\nWhen you have a piece of hardware that provides storage in the form of volumes. Volumes need to be created in a hardware specific way, and are then served as iSCSI volumes to the cluster. Somebody needs to format them with a filesystem, but only if they are new and empty.\nIt used to be a manual process: Create a bunch of formatted persistent volumes (PVs), and make them available. The cluster would get requests for these, and find the smallest one large enough to serve, label it and assign it an identity. It would then serve this out.\nThis is a partially manual process, and also leads to overprovisioning, because the prepared PV is likely larger than requested.\nDynamic Persistent Volume Clains (PVCs) New and automated: PODs can ask for storage, using a persistent volume claim (PVC). The cluster intercepts this request, a volume is made to order, and then served out to the requesting pod. This often fails: many storages do not like volumes to be created and deleted at a fast pace.\nWhen it works, it looks like this:\nPVC is scheduled with the rest of things PVC intercepted, PV made to order Host node mounts the PV using iSCSI Bind mount puts the volume into the Pod Volume is being prepared if needed, and Volume is then available. When the node fails,\nThe pod is rescheduled The new instance of the pod has the old identity with the old PVC iSCSI lock is broken, volume is dismounted, mounted in on the new host New bind mount PV comes online in the new instance of that Pod. It requires that Pods have a fixed identity (are available as a fixed size array). This is the Kubernetes PetSet or StatefulSet now.\nPlenty of limits: In our case, 64 hosts with Solidfire and the Trident API. iSCSI has latency issues for some applications. These issues are being fixed, but currently don\u0026rsquo;t work.\nWe need \u0026lt; 0.5ms commit latency, but do get 4ms with the current setup.\nStateful Sets Storage is a way to manage state. State is unique, instances have names or fixed identities. This is a concept that previously was not available in Kubernetes.\nThe new StatefulSet API implements this. They guarantee ordered teardown and startup of Pods, with fixed identities. This is needed by any cluster, for example in Zookeeper, MySQL, Elasticsearch and in many other storage systems.\nWe have mysql running in StatefulSet. We also test with Elastic, and also our internal Availability Database.\nNo IPv6 We are using IP per Pod, so we consume a lot of IP addresses. With 100 hosts, many Pods per Host. Racks are L2 domains, BGP at the Top-of-Rack switch/router. A 100 node cluster can easily eat a V4 /16, which is unacceptable even with RFC addresses.\nUnexpectedly, Kubernetes is an excellent use-case for IPv6 in production, but it is internal, not visible to the outside.\nUnfortunately, Kubernetes, a brand-new project developed at Google, is at this point in time totally unaware of IPv6. Nobody knews why, and it really hurts.\nGetting into the cluster: Gateway routers Ingress Routers exist on Gateway nodes. These can act as chokepoints, especially when there is a lot of traffic from certain nodes, for example external databases.\nA way around that:\nPut legacy databases inside the cluster using in our case ovs-switchd. This will \u0026ldquo;take physical database and lift it into the virtual\u0026rdquo;, so you have a bare-metal node that pretends to be in the cluster. This works only if that external node can be trusted.\nThis is not specific to our way of networking, it is also a problem in proper SDNs.\nBreaking IP-based security red = allowed, green, yellow, blue = random other things\nExit IP are now random, and do not identify a service. Any IP-based security no longer works.\nTraditional firewalls are useless; the only way to go is to allow-list the entire cluster.\nTowards a service mesh, and Envoy In our current model, firewall rules are autogenerated from ServerDB data. This does not work with Kubernetes at all.\nA way around this is to TLS all the things, and use client certificates to identity services. Connections need to be intercepted and automatically authenticated, then be allowed or disallowed based on their identity.\nTrireme is a way to do this at the kernel level, requires no adjustment in the application. Other ways work with proxies towards the same goal.\nWe haven\u0026rsquo;t been able to test that, yet. It feels weird from where we are coming from, and is a bit scary.\nSizing the cluster How large can a cluster be? It can run on a laptop, or on one or three prod boxes.\nCurrently have low hundreds of cluster nodes. Large clusters are not good, you\u0026rsquo;d want more clusters instead of one rather large one. This provides resiliency.\nNext step: Cluster Federation. This is a very experimental k8s feature, and a research topic. Nobody has an idea how any of that works. If it works, it will be very useful.\nLocal Kubernetes and the Public Cloud We experiment with the public cloud as well. But we do like bare-metal:\nwe control the crosstalk between apps we can freely define instance sizes When we talk to a cloud provider about 1 mio cores, how long would it take to spin this up? They do not have the capacity ready in idle, can take a while to get capacity. At enterprise level, the cloud is not elastic: preallocation is necessary. Data centers are not things that have high margins or low latency. 4MW = 20.000 machines -\u0026gt; somebody needs to run excavators to provide this capacity. Long term contracts are par for the course, so it is mostly a capex to opex shift.\nWhy Kubernetes on Bare-Metal? Virtual Machines are not helping with any problem we have. They would add complexity and jitter, and add no benefit.\nWhat about the Monolith? What about the Monolith? That\u0026rsquo;s another problem, it\u0026rsquo;s a problem being worked on.\n","date":"2017-06-03T00:00:00Z","href":"https://blog.koehntopp.info/2017/06/03/something-kubernetes-containers.html","tags":["lang_en","talk","containers","kubernetes"],"title":"Something Kubernetes Containers"},{"categories":null,"content":"The Ad and Adblock situations both are now so bad that even Google considers integrating an Adblocker by default into the Chrome browser.\nThis is a twofold action.\nIt\u0026rsquo;s purpose is of course to filter out ads, the worst of the worst in annoyance and the obvious malvertising. It\u0026rsquo;s purpose is also to take back control on adblocking, because it will let through acceptable ads according to the Coalition for Better Ads standards.\nCfBA condemns Popups, Sound, Prestitials and Large Stickies on the Desktop, and more on mobile. It will be interesting to see if it changes anything. People are truly beyond caring.\n","date":"2017-06-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/06/02/google-chrome-integrates-adblocker.html","tags":["security","copyright","lang_en"],"title":"Google Chrome integrates Adblocker"},{"categories":null,"content":"MySQL 8.0 will be retiring support for the Query Cache . The MySQL Query cache is a result cache: The MySQL server will record all result sets that are small enough to keep in the cache, and a hash of the query that produced it.\nIf a query meets certain requirements, and the hash of the same query string is ever seen again, the query will not be actually parsed and executed, but the same result set will be replayed. There are mechanisms in place that prevent uncacheable queries from being cached in the first place, and that prune outdated data from the query cache.\nThe query cache exists in the first place, because it was easier to create than to teach every PHP CMS developer in the world about sessions. So instead of retrieving the current background color of the current theme over and over from the database, the query cache recognizes the current theme color query again and just replays \u0026ldquo;green\u0026rdquo; over and over. But that was then.\nThe Query Cache was a hash, with a global lock. Whenever a write happens to a table, all cached results related to this table need to be pruned from the cache. For that, a global lock is taken out and all queries are being halted for the duration of the prune.\nOn a busy server, and with a large query cache, the locking time can be long enough to matter. Typically, one would run innotop -m Q -d 0.1 or similar, and suppress the display of idle queries. Typically a number of busy queries similar to the current load on the machine would be shown, so on a server with a load of 12 one would see 10-14 busy running queries.\nWhenever there is a cache lock taken out and a prune going on, the queries would all be halted and pile up for a very short time. So on a server going at a brisk 4000-6000 queries per second, a few hundred would pile up for a very short time - innotop would show 10,12,10,14,532,10,9,11 queries and so on. This is called a flash pileup or flash pile.\nAs the load grows, write rate increases or the query cache is sized up, the flash pile frequency goes up, and eventually you get ghost \u0026ldquo;max connections\u0026rdquo; messages in the server log. The solution is counterintuitive - increasing max connections won\u0026rsquo;t help, increasing the query cache size would make it worse. Disabling the query cache will improve the situation by removing the cause for the lock and the lock itself.\nA similar thing happens on the upside of 11k QPS with the innodb Adaptive Hash index (AHI) for similar reasons on older versions of MySQL. Disabling the AHI (or upgrading to a non-broken version of MySQL) would help here.\n","date":"2017-05-31T00:00:00Z","href":"https://blog.koehntopp.info/2017/05/31/good-riddance-to-the-query-cache.html","tags":["mysql","lang_en"],"title":"Good Riddance to the Query Cache"},{"categories":null,"content":"There is a pretty cool Twitter thread by Sarah Mei, starting at\nThread I spammed into this at /14 .\n@samphippen :\nBig secret: there exist vast tranches of business contexts in which having literally zero tests is fine.\n@sarahmei :\nBeen thinking about this. Conventional wisdom says you need a comprehensive set of regression tests to go green before you release code. /1\nYou want to know that your changes didn\u0026rsquo;t break something elsewhere in the app. But there are ways to tell other than a regression suite. 2/\nEspecially with the rise of more sophisticated monitoring and better understanding of error rates (vs uptime) on the operational side. 3/\nWith sufficiently advanced monitoring \u0026amp; enough scale, it\u0026rsquo;s a realistic strategy to write code, push it to prod, \u0026amp; watch the error rates. 4/\nIf something in another part of the app breaks, it\u0026rsquo;ll be apparent very quickly in your error rates. You can either fix or roll back. 5/\nYou\u0026rsquo;re basically letting your monitoring system play the role that a regression suite \u0026amp; continuous integration play on other teams. 6/\nThis strategy assumes a lot of things, starting with an operational sophistication that most dev teams don\u0026rsquo;t have. There\u0026rsquo;s more, as well. 7/\nIt assumes the ability to segment users, show each dev\u0026rsquo;s change-in-progress to a different segment, \u0026amp; allocate error rates per segment. 8/\nIt assumes sufficient scale that variations in a segment\u0026rsquo;s error rates will be statistically significant. 9/\nAnd perhaps most unusually, it assumes a product organization that\u0026rsquo;s comfortable experimenting on live traffic. 10/\nThen again, if they already do A/B testing for product changes on live traffic, this is just extending that idea to dev changes. 11/\nBut if you can make it work, getting live feedback on changes you _just_ made is amazing. 12/\nThis is one of the reasons why it\u0026rsquo;s critical for operations \u0026amp; development folks in an organization to work reeeeally closely together. 13/\nAn adversarial relationship between dev \u0026amp; ops kills this. You can\u0026rsquo;t even start if responsibility for \u0026lsquo;quality\u0026rsquo; is siloed on one side. 14/\nCertainly hybrid approaches are possible, where there\u0026rsquo;s a small, fast test suite hitting critical code, \u0026amp; the rest is monitored in prod. 15/\nThere are reasons beyond correctness \u0026amp; regressions for writing tests, as I wrote about a few weeks ago. https://www.devmynd.com/blog/five-factor-testing/ 16/\nI described the five reasons we write tests: correctness, regressions, as design support, as documentation, and as refactoring support. 17/\nEven in a world where you delegate correction \u0026amp; regressions to production monitoring, there are still reasons to write tests. 18/\nBut you could start to imagine a world in which we get all 5 of those benefits via mechanisms other than automated tests. ? 19/\nThe writing and running of tests is not a goal in and of itself - EVER. We do it to get some benefit for our team, or the business. 20/\nIf you can find a more efficient way to get those benefits that works for your team \u0026amp; larger org, you should absolutely take it. 21/\nBecause your competitor probably is. 22/\nOne final note: delegating regressions to production monitoring is what \u0026ldquo;move fast and break things\u0026rdquo; means, if you take it seriously. 23/\nFor a long time I dismissed MFaBT as a silly brogrammer slogan. Move fast = no tests, break things = how would they even know? CHAOS! 24/\nPaying attention to the ops community, though, radically shifted my frame of reference. Now I get it. It\u0026rsquo;s doesn\u0026rsquo;t have to be chaos. 25/\nYet another example Maybe someday I\u0026rsquo;ll outgrow it\u0026hellip; 26/fin\nI spammed this at her /14, thanks @s0enke and Harald Wagener.\nDev and Ops have conflicting goals, success metrics, even if their tools are the same. Dev is successful if there are new features, new /1\nbest cases. Ops is an infrastructure job. They are successful if there are few outages, and recovery is quickly, success is measured by /2\nhow worst cases are handled. Conflict between Dev and Ops heavy orgs comes from conflict in these metrics. Ways around that exist, /3\nand they relate to making testing in production safe, and to the two questions before each rollout. /4\n\u0026ldquo;If you break it, will you even notice?\u0026rdquo; What are the metrics relevant here? What are your consumers, to whom are you a provider? /5 The answers should resolve to people, not subsystems. Because it\u0026rsquo;s people you need to speak to to get answers. /6\nand 2. \u0026ldquo;If you break it, can you fix it?\u0026rdquo; That is, of course not, not in all cases. So who needs to be available when you roll out? Again,/7\nthis resolves to people. It\u0026rsquo;s a mind hack: these are worst-case related questions, but you want the dev doing a rollout asking them. /8\nTesting in production: Making failure survivable. https://www.slideshare.net/isotopp/go-away-of-i-will-replace-you-with-a-little-shell-script-english …, slide 19: Separation of rollout and activation, a/b testing /9\nExperiment framework = running old and new code side by side. Requires ways to deal with persistent data changes (old/new). /10\nAlso requires fast monitoring, SLO for monitoring lag, monitoring lag shown on the screens, and no rollout if monitoring actually lags./11\nBecause if it breaks you wouldn\u0026rsquo;t notice. Also, people. So chat needs to be up and running, because if it breaks you can\u0026rsquo;t fix it. /12\nTesting in production = fast rollouts = small changes. Small changes = fast debug = safe rollouts = making testing in production safe./13\n(slide 32) It\u0026rsquo;s kind of a lock-in. To test safely in production you need to test in production, a lot. /14\nManagement is scared. How to deal with that? Give them controls. Predict biz behavior, measure outage, track delta. /15\nTheN create a budget for downtime, (slide 34). When outage \u0026gt; budget, too much risk. Need to check process. /16 When outage \u0026lt; budget, \u0026ldquo;are we moving fast enough?\u0026rdquo; Are we becoming complacent? Are we taking enough risk? /17\nAlso, blameless postmortem - if you break production, I did not teach you properly, they did not have your back. It\u0026rsquo;s not you, /18\nit\u0026rsquo;s the process. We need to fix the process, not take it out on a person (slides 32, 34, 35). /19\nTesting in production is a good thing, not just for new things, but always. Never shut anything down cleanly (slide 46). You need to be/20\nable to trust your safeties. Exercise them. Moves understanding from head (knowledge) to heart (experience) to guts (intuition) /21\nDesign principles are affected, too. Simplicity is a value (slide 51). If you can\u0026rsquo;t be simple, be obvious. See https://www.slideshare.net/isotopp/boring-dot-com-the-virtues-of-boring-technology , /22\nand https://www.slideshare.net/isotopp/boring-dot-com-the-virtues-of-boring-technology for simple, boring, obvious. Stickers available. :-) /23\nThat\u0026rsquo;s an engineering/developer strain of qualifications that matches feature dev. Hence me calling them Infrastructure Devs, /24\nGoogle calling them SREs instead of Operations people. Operations is not dead, it became an engineering discipline. /25\nIt matches feature dev, and will always somewhat clash with feature development. Devops helps, SRE helps, but conflict fundamental./26\nend Addendum: 2012 version of this in https://www.slideshare.net/isotopp/8-rollouts-a-day and https://www.youtube.com/watch?v=rzU1UtUpyTI /27, really the end\nBoth Testing in Production and Test Driven Development, have a similar goal - they want to make failure survivable. One by building structure around failure that allows fast and low-loss recovery, the other by trying to avoid failure.\nTesting in Production is more agile, and way faster, if you can pull it off. That is, finding a way to make failure survivable and low-cost.\nIf you manage this, payoff is manifold - not you do you save the overhead of formal TDD, you also gain a culture in which recovery procedures are exercised, well known, understood to be working and in which the difference between an slight Oops and a critical situation is understood at the experience/intuition level. This creates much more fluid, resilient and un-excited operations.\nThere are things and pieces where Testing in Production cannot be made safe. In such an environment (or such parts of an environment) not failing in the first place is crucial. Nobody understands that better than Ops persons with an intuitive grasp of critical failures.\n","date":"2017-05-29T00:00:00Z","href":"https://blog.koehntopp.info/2017/05/29/zero-tests-and-testing-in-production.html","tags":["computer","testing","lang_en"],"title":"Zero Tests and Testing in Production"},{"categories":null,"content":"NPR has an article about the measles. It is already known that after a measles infection the immune system goes down for a few weeks and followup infections are common. It seems that what the infection does is worse than that. With the introduction of measles vaccination it has been observed that other infections went down within 2-3 years after measles immunization took place. Researchers wanted to know why and found evidence that\nLike many viruses, measles is known to suppress the immune system for a few weeks after an infection. But previous studies in monkeys have suggested that measles takes this suppression to a whole new level: It erases immune protection to other diseases, Mina says. So what does that mean? Well, say you get the chicken pox when you\u0026rsquo;re 4 years old. Your immune system figures out how to fight it. So you don\u0026rsquo;t get it again. But if you get measles when you\u0026rsquo;re 5 years old, it could wipe out the memory of how to beat back the chicken pox. It\u0026rsquo;s like the immune system has amnesia, Mina says.\nSo parents putting their children into a \u0026ldquo;measles party\u0026rdquo; in order for them to \u0026ldquo;gain natural immunzation\u0026rdquo; may actually achieve the exact opposite of that.\n","date":"2017-05-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/05/26/the-measles-vs-your-immune-system.html","tags":["science","lang_en"],"title":"The Measles vs your immune system"},{"categories":null,"content":"Tony Seba (Stanford University) came up with a kind of best-case scenario for electrification and decarbonization. \u0026ldquo;Rethinking Transportation 2020-2030 \u0026rdquo; sees a self-amplifiying change in how we travel and transport things:\nBy 2030, within 10 years of regulatory approval of autonomous vehicles (AVs), 95% of U.S. passenger miles traveled will be served by on-demand autonomous electric vehicles owned by fleets, not individuals, in a new business model we call “transportas-a-service” (TaaS). The TaaS disruption will have enormous implications across the transportation and oil industries, decimating entire portions of their value chains, causing oil demand and prices to plummet, and destroying trillions of dollars in investor value — but also creating trillions of dollars in new business opportunities, consumer surplus and GDP growth.\nRethinking Transportation It won\u0026rsquo;t quite happen this way, especially when it comes to TaaS, because the economic basis for that won\u0026rsquo;t exist easily, but very likely the switch will happen faster than expected.\nTransport-as-a-service means that an institutional owner for transportation must exist. That owner must have a way to get rid of used vehicles. At the moment, car rental agencies sell off rental cars after a rather short time period into private ownership. That is also why rental cars do not look more like rental cars, despite a number of obvious improvements coming to mind.\nIn a TaaS-heavy society, demand for private car ownerhip may be so low that the institutional owner for cars does not have an easy way to get rid of these vehicles. If and how much of that pressure exists is unclear at the moment.\n","date":"2017-05-23T00:00:00Z","href":"https://blog.koehntopp.info/2017/05/23/rethinking-transportation.html","tags":["mobility","lang_en"],"title":"Rethinking Transportation"},{"categories":null,"content":"Fefe had a short pointer to an article Patching is Hard . It is, but you can make it a lot easier by doing a few things right. I did s small writeup (in German ) to explain this, which Fefe posted.\nI do have an older talk on this, titled \u0026ldquo;8 rollouts a day\u0026rdquo; (more like 30 these days). There are slides and a recording . The Devops talk \u0026ldquo;Go away or I will replace you with a little shell script\u0026rdquo; addresses it, too, but from a different angle (slides , recording ).\nHere is the english version of my writeup.\nThe Patching is Hard article says:\nPatching is hard? Yes—and every major tech player, no matter how sophisticated they are, has had catastrophic failures when they tried to change something. Google once bricked Chromebooks with an update. A Facebook configuration change took the site offline for 2.5 hours. Microsoft ruined network configuration and partially bricked some computers; even their newest patch isn\u0026rsquo;t trouble-free. An iOS update from Apple bricked some iPad Pros. Even Amazon knocked AWS off the air.\nWhere I am working we made the same observation. 100% uptime is impossible, but management needs metrics and controls to understand if we are still on the right track. We do have an outage budget. That means we are measuring the actual current business and compare with the predicted business. If a failed rollout creates a loss of (potential) income, we can tell how much that is and deduct that from the outage budget. We are trying to make the budget as precisely as possible. That does not mean we are trying to create outages on purpose, but having fewer outages than the budget allows may mean that we are not moving fast enough and have become complacent in what we are doing.\nRolling out often is useful, because then change sets are small and easy to check, much easier than large and hard to understand changes. So we do need to roll out often in order to maintain speed. Rollout problems tend to manifest in subsystems where we do not roll out often enough. Usually secondary changes, changes in dependencies and libraries, accumulate and then the rollout fails. The solution is to roll out even if the code did not change (that is, we roll out for the sake of keeping dependencies current).\nThis is a very tangible form of representing technical debt:\nthe larger the diff between production and trunk is, the more likely moving trunk to production is going to result in a failure. To make patching safe you have to do it often. To be able to patch often, you need to make patching and rolling out an operative process and not an upgrade/migration project. To make rollouts and operative thing it is useful to make testing in production safe and survivable. To be able to test in production, the following things are useful: have at most two versions of a change to a certain system. Do not do three phase or multiphase rollouts. Finish one change before you do the next one. have overcapacity. A change might make it necessary to provide more machinery or more computer power or more memory for a short time. You need to have that or be able to provision this on short notice. Being efficient means having no reserves, no elasticity. separation of code distribution and code activation. That means feature flags and experiments in your code. The same rollout must be able to switch at runtime between old and new behavior. changes to persistent data structures require that you update both versions of the structure concurrently in order for old and new code to be able to co-exist. you need to know what is going on. Have a good monitoring, central log collection, good search on all of that. There is a thing called monitoring lag, the distance in time between a thing happening and the time you will see this in your monitoring. Measure that lag and have it shown on each screen. Alert on monitoring lag. have a culture of failure that focuses on improvement and learnings. Check out the search term \u0026ldquo;blameless postmortem\u0026rdquo; and read up on this. It\u0026rsquo;s not actually rocket science, but it will make things a lot better around you.\nStört euch bitte nicht an dem Denglisch, das ist in der Ops-Abteilung von internationalen Firmen durchaus normal :-)\nIndeed. The office is in Amsterdam, and the language at work is English. When I am thinking about work, I am doing it in English. Writing about work in German means that I will use a lot of english terms for the things I am trying to describe, because I\u0026rsquo;d have to search for appropriate German terms and concepts first and that would interrupt the flow. Sorry about that.\n","date":"2017-05-18T00:00:00Z","href":"https://blog.koehntopp.info/2017/05/18/rolling-out-patches-and-changes-often-and-fast.html","tags":["computer","work","erklaerbaer"],"title":"Rolling out patches and changes, often and fast"},{"categories":null,"content":"So Microsoft had a bug in their systems. Many of their sytems. For many years. That happens. People write code. These people write bugs. Microsoft over the years has become decently good with fixing bugs and rolling out upgrades, quickly. That\u0026rsquo;s apparently important, because we all are not good enough at not writing bugs. So if we cannot prevent them, we need to be able to fix them and then bring these fixes to the people. All of them.\nThe NSA found a bug. They called it ETERNALBLUE and they have been using it for many years to compromise systems. In order to be able to continue doing that they kept the bug secret. That did not work. The bug is now MS17-010 or a whole list of CVE-entries.\nThe NSA told MS about the bug when they learned that it had leaked, but not before. Microsoft patched the bug in March 2017, even for systems as old as Windows XP (which lost all support in 2014), but many people did not install the patch. The result is \u0026ldquo;the largest cyberattack in the world\u0026rdquo;.\nDave Lewis tweeted :\nI get that some systems can\u0026rsquo;t be patched for various reasons. What I can\u0026rsquo;t fathom is why those same systems might be exposed to the Internet.\nWell, here is the thing: It is 2017. Every system is somehow exposed to the Internet. Often that happens indirectly or unintentionally, but it always happens. There is no such thing as an isolated network any more, ever, anywhere.\nMaybe you think there is, but that only means that you haven\u0026rsquo;t found the connection, yet. But everything, even those embedded systems, especially these embedded systems, need to somehow report stuff, be monitored, or otherwise connect to other systems to be useful.\nSystem integration has become so tight that you simply cannot afford to have an isolated system. If you had one, you would be losing business opportunities that are more valuable than the cost of managing network security.\nThat means you need to defend each and every endpoint, of course, which is only possible if you beef up these endpoints with enough CPU, power and cooling that they can actually spend the energy to defend, and then keep their software up to date.\nThat of course conflicts with the concept of validated, certified and unchangeable systems. And with the concept of sell once, and be rid of it for the coming 30 years. So both these things still exist in the minds of managers and product designers from the last millenium, but not really any more in the universe of 2017.\nIf you are one of these pre-millenial types, you haven\u0026rsquo;t been paying attention. You have missed Tesla, which pretty spectacularly updates a whole fleet of embedded mobile devices in the field, after sale, and managed to turn this into an actual feature that customers love, creating a much tighter bond between maker and customer than would be possible without it. Tesla now even rolls out hardware in advance, without the software actually being able to make best use (or any use at all) of the hardware, and then later incrementally upgrades the software leveraging the spare hardware, compute and memory in the devices.\nYou also missed things such as Patch Tuesday, a thing that Microsoft came up with to turn system changes into a recurring operational event instead of a migration project.\nThis is a key concept. When there is a new version, that new version needs to actually get out into the field, to all systems, within a pre-determined time. You get to choose that time, within limits, but it needs to be counted in days. 20 work days (1 month) is a good target for a beginner.\nAs KPIs go, you probably need to build process and infrastructure to get out any pre-determined version of anything to at least 95% of your complete fleet within 20 workdays as part of normal operations without a special migration project.\nIf do not have that, it means that old versions of things accumulate. That is a very real problem not only in the case of MS17-010, but also in many other ways.\nWhenever things manifest as \u0026ldquo;We can\u0026rsquo;t do that, because \u0026lt;something old gets in the way\u0026gt;\u0026rdquo;, that is technical debt. It means that your technical infrastructure ossified and tactical and strategic decisions are being made on the ground of technical limitations instead of actual tactical and strategic needs. Constraints are being accumulated in your systems, until you can\u0026rsquo;t move any more when you must, and the system breaks down.\nYou can put numbers to that, and counts of broken systems, broken processes, lost business opportunities and lost partners and customers because of a lack of trust into the security of your systems, because of a lack of trust into your ability to actually manage the problem or a lack of trust into your ability to maintain such a thing on a long term perspective.\nThe TODO list for management, one more time:\nKey ability: to be able to make changes to the entirety of the fleet of devices in the field, within a hard time limit, counted in days, as part of a normal operational procedure.\nKey ability: to actually be able to get changes from the upstream vendors of all software components that are part of the build, for the planned lifetime of the product.\nNow look around. These ticket vending machines and arrival displays in train stations, the ATMs next to it, the control software for the escalators and elevators, the control systems for the building electricity, traffic lights, and the cars engines,… And the smart phones in the pockets of all the people around you.\nAnd not few of these systems have planned lifetimes of decades.\nThe NSA policy of keeping this kind of bugs secret instead of working to the goal of making all computers more secure can also be translated into numbers. In this case numbers representing losses and gains. However, the losses accrued in this single incident are potentially already larger than the wins made by using ETERNALBLUE. But they are not the NSA\u0026rsquo;s losses. Maybe the incentives here are not completely aligned and need checking.\n(based on my Tweetstorm starting here )\n","date":"2017-05-15T00:00:00Z","href":"https://blog.koehntopp.info/2017/05/15/handling-wannacrypt-a-few-words-about-technical-debt.html","tags":["computer","politik","erklaerbaer","lang_en"],"title":"Handling Wannacrypt - a few words about technical debt"},{"categories":null,"content":" \u0026ldquo;Canary Skill Endorsements \u0026rdquo;: If you see them being used in a letter sent to you by a recruiter, you go all Van Halen when they spot a brown M\u0026amp;M .\n","date":"2017-05-09T00:00:00Z","href":"https://blog.koehntopp.info/2017/05/09/canary-skill-endorsements.html","tags":["work","lang_en"],"title":"Canary Skill Endorsements"},{"categories":null,"content":"APNIC discusses different TCP congestion control algorithms , coming from Reno, going through CUBIC and Vegas, then introducing BBR (seems to be a variation on CoDel) and what they observed when running BBR in a network with other implementations.\nTCP congestion control algorithms try to estimate the bandwidth limit of a multi-segment network path, where a stream crosses many routers. Each segment may have a different available capacity. Overloading the total path (that is, the thinnest subsegment of the path) will force packet drops by overloading the buffers of the router just in front of that thin segment. That in turn requires retransmits, which is inefficient and has nasty delays.\nTo make matters more complicated, the Internet is a dynamic environment and conditions can change during the lifetime of a connection. The first half up to \u0026ldquo;Sharing\u0026rdquo; is nothing new if you followed the works of Dave Taht or later works of Van Jacobson.\nBBR seems to work like CoDel : It measures the RTT, the time delay the sender sees between sending a piece of data over the TCP link and seeing the acknowledgement return. And like CoDel, BBR seems to try to keep buffers along the line just barely filled (that is, whenever a router finishes sending a thing, the next thing should be just ready to send in the buffer, but no more).\nThis again is not a new insight, it\u0026rsquo;s Theory of Constraints and especially DBR applied to networking.\nThe new insight in the paper is that RTT-based queue capacity management can in some circumstances starve drop-based algorithms. The authors show an example where BBR starves out a CUBIC connection on the same link. The section on \u0026ldquo;Congestion Control and Active Network Profiling\u0026rdquo; is then somewhat politcal. BBR has been deployed by Youtube, and it not only relieved buffer-management between Youtube and the Youtube client, it also suddenly makes shapers on the way very visible.\nYoutube is quoted with\n“Token-bucket policers. BBR’s initial YouTube deployment revealed that most of the world’s ISPs mangle traffic with token-bucket policers. The bucket is typically full at connection startup so BBR learns the underlying network’s BtlBw [bottleneck bandwidth], but once the bucket empties, all packets sent faster than the (much lower than BtlBw) bucket fill rate are dropped. BBR eventually learns this new delivery rate, but the ProbeBW gain cycle results in continuous moderate losses. To minimize the upstream bandwidth waste and application latency increase from these losses, we added policer detection and an explicit policer model to BBR. We are also actively researching better ways to mitigate the policer damage.”\nThis is a very nice way to say \u0026ldquo;We are seeing your shitty traffic shapers and are working around them.\u0026rdquo;\n","date":"2017-05-09T00:00:00Z","href":"https://blog.koehntopp.info/2017/05/09/rtt-based-vs-drop-based-congestion-management.html","tags":["internet","networking","lang_en"],"title":"RTT-based vs. drop based congestion management"},{"categories":null,"content":"It\u0026rsquo;s not my fault, really. It\u0026rsquo;s Schenker , and Urban Games . They sent me my Nvidia 1070 (with a side of CPU and Memory), and now there is a Windows Shoebox (well, Clown Shoe sized showbox) somewhere in our home, and Steam Streaming is busy. I\u0026rsquo;m off laying tracks with the family, now the screen updates are not jumpy any more.\nXMG Prime ","date":"2017-05-08T00:00:00Z","href":"https://blog.koehntopp.info/2017/05/08/kris-where-are-the-posts.html","tags":["gaming","fluffy fluff","lang_en"],"title":"Kris, where are the posts?"},{"categories":null,"content":"A talk by Marco te Brömmelstroet and others about how neither the Bike nor the train themselves are a viable transport alternative, but how they together are much more than the sum of their parts:\nNine Arguments for seeing bicycle-train as one mobility system Biking increases the catchment area of train stations, allowing an increase of the distance between stops for stop-trains, and consequently also for all higher-order trains. This speeds up the train system, making it a lot more attractive and a lot more viable. Both bike-use and train-use increase, making the high-density urban environment more liveable and attractive as well.\nHelstraat, Amsterdam, 1978\nThe same place, 40 years later (2015, so it\u0026rsquo;s 37 years really)\n","date":"2017-04-29T00:00:00Z","href":"https://blog.koehntopp.info/2017/04/29/the-bike-as-a-feeder-system-to-the-train-system.html","tags":["mobility","netherlands","lang_en"],"title":"The bike as a feeder system to the train system"},{"categories":null,"content":"When dealing with Kubernetes, you will inevitably have to deal with config and data that is in JSON format. jq is a cool tool to handle this, but while the man page is complete, it is also very dry. A nice tutorial can be found at The Programming Historian, which uses some real world use cases. My personal use case is Converting JSON to CSV , and the inverse of that . There also is a mildly interesting FAQ . Learning jq takes about one quiet afternoon of time.\n","date":"2017-04-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/04/26/jq.html","tags":["container","lang_en"],"title":"jq"},{"categories":null,"content":"The bomb attack on the bus of the german soccer club BVB has been solved. The attacker was not an islamist extremist, as the fake letters found on site suggested. They also weren\u0026rsquo;t Neo-Nazis, as the fake letters to two german newspapers claimed. The perpetrator was instead a militant capitalist who tried to influence BVB stock in order, after he purchased 15k put options on BVB stock. An english language article with background can be found at the BBC. It is unclear if German legislation will now call on a ban on radical capitalist education camps in german universities, or what kind of extreme vetting will be instituted in order to handle the problem.\n","date":"2017-04-21T00:00:00Z","href":"https://blog.koehntopp.info/2017/04/21/militant-capitalist-attacked-german-soccer-bus.html","tags":["germany","lang_en"],"title":"Militant capitalist attacked german soccer bus"},{"categories":null,"content":"The open source sysdig is a piece of software that does not quite, but almost, what strace or oprofile do: It instrument the kernel, and traces system calls as well as a few other kernel activities.\nYoutube: Sysdig Open Source - Getting Started With Csysdig It does not utilize the ptrace(2) kernel facility, though, but its own interface. This interface picks up data in the kernel and writes it into a ring buffer. A userspace component extracts this data, interprets, filters and formats it, and then shows it .\nIf the data source outpaces the userspace, the ring buffer overflows and events are lost, but the actual production workload is never slowed down.\nSo sysdig requires that you add the sysdig-probe.ko to your kernel. This is a component available in source, and can be built for your kernel just fine. On the other hand, sysdig just collects data in kernel, it does not process the data in that place - instead it moves most of the processing to userland. This is unlike dtrace, which requires an in-kernel special purpose language to do stuff, and requires a special coding style in order to prevent waits of the production workload. In sysdig, this processing happens off the production path, in userland, and hence is less time-critical.\nA long discussion of the design decisions can be seen in a sysdig blog article .\nThe open source version of sysdig is a single host thing - data is collected on one host and processed there, but it is already container aware. The really interesting product is the commercial variant of sysdig , though. Here, all your container hosts are being instrumented and data is collected (with application of filters, of course) on all hosts, centrally collected and stored, and then can be processed and drilled down using a web interface or a command line utility . The data store parts are standard persistence components that are known to scale nicely - cassandra, elastic search, and MySQL, connected together by Redis queues. You can run all this in your data center with their on-premises solution, or push to the sysdig run monitoring cloud solution (not really an option for most European customers, though, and also not for anybody wanting to stay PCI compliant).\nThe commercial solution not only is a kind of distributed strace, but like the single host product is container and orchestrator aware. So you can ask it for all disk writes to all log directories in all MySQL instances related to the wordpress deployment in Kubernetes, and it will find the relevant instances and their data for you and pick these events, no matter where Kubernetes has been scheduling these instances.\nIn fact, the product also knows about LDAP authentication and Openshift/Kubernetes RBAC authorization, so that developers can view the trace data from their groups deployments, but not from others. The commercial solution also transcends system call instrumentation and in fact understands internal event data from other, higher level products. When you are stracing or oprofiling a JVM or a perl instance, the only data you get is a lot of memcpy(), which is not really useful for debugging. You need execution engine instrumentation to understand what the language is doing, what symbols, objects and function call frame are on the stack and how memory is being used.\nIntegrations for many things exist and are being loaded on demand. So the web GUI allows you to review the topology of a Kubernetes project deployment, how it is being mapped to hosts, zoom in into instances of containers, and then dig into the actual pieces of software running in these containers, and finally dive into individual network packets or calls these things have been making. It\u0026rsquo;s pretty awesome, and it takes the grind of finding instances, setting up monitoring, collecting and interpreting data completely away from the developer.\nThey simply have seamless and effort-free visibility to all their things, and only their things. Sysdig (even the open source variant) also brings a number of nice and innovative concepts to the table. Spans for example are a hierarchical set of start/stop markers , which can be easily added to own code by simply writing structured data to /dev/null - that\u0026rsquo;s a cheap and universally available operation, which nonetheless is clearly visible to sysdigs instrumentation.\nSysdig understands spans, and can correlate them with themselves (they are hierarchical), with system objects (Spans can have IDs and tags) and with other events (spans are called spans, because they mark a span of time and space and they contain other system events).\nA spectrogram plots logarithmically bucketized spans (or calls) every 2 seconds. Slow calls to the right, fast to the left. You can mark an area with the cursor and see the actual calls in the Drilldown.\nDrill down is then possible within a span to see what happened inside. So you can span a transaction, request or another event, watch for bad things happening and then after the fact go and dive into the event logs and call stacks of things, watching the stack catch fire and burn down event by event. Treating event streams as a time series is - within limits - also possible. Lua scripts called chisels can be used to trigger on events in the event stream, and maintain aggregates or format interesting events. Because this happens outside of the kernel and also outside of the production control flow, this is not performance critical for production, and because it is using Lua it is very flexible and easily extensible.\nThe commercial sysdig product collects and stores data in a cassandra instance. The web GUI then to some extent treats that data as a kind of primitive time series database.\nThis is also where the limits of the current product lie: Their understanding of the statistics and math of time series data is limited.\nThere are no expressions, only single data-source values.\nYou cannot calculate derived values (MySQL disk reads/disk read requests to get a cache ratio for example) on retrieval, but like with Zabbix you have to do this on collection.\nAlso, Time Series Math as it exists with the Graphite/Grafana languages is not possible in sysdig, so it is impossible to plot correct read ratio vs. last weeks read ratio scaled to todays load in the same graph for comparison.\nAggregations are always single functions, to raw data generating a mean (50th percentile), a 99th, 99.9th and 100th (max) percentile time series at once is not an operation that can be expressed.\nAverages are used when means would be more appropriate, and averages of averages are being built without conideration to math and meaning at all.\nAlerting is hampered by the lack of time series math.\nWhat would be necessary would be proper time series math for model building (\u0026ldquo;This is the expected, modelled system behavior\u0026rdquo;) and the acceptable deviation corridors around the predicted system behavior should be defined. Alerts should fire when the actual observed behavior deviates from the predicted system behavior - but the lack of math makes the modelling impossible and so the Alerting is primitive and must lead to many false positives.\nSo if you see monitoring as a tripartite thing (*1), Debugging, Transactional Monitoring and Data Warehousey Monitoring, sysdig is awesomely advanced in the debugging discipline, and kind of meh\u0026rsquo;ish okay in the transactional thing. It fails the data warehousey stuff completely due to a lack of functionality on that side.\nThe company is addressing these limitations in coming releases.\nThat said, within these limitations, sysdig is awesome. It makes the debugging part of container deployments a breeze, and adds completely new possibilities and an incredible amount of visibility to working in Kubernetes.\nThe centralized logging and data storage makes a distributed, container-aware strace/oprofile available to developers, and integrates nicely with the access control methods available in the system.\nWell worth the invest in added productivity , even if it is not (can\u0026rsquo;t be) the end-all of monitoring for everyone and all use-cases (but they are working on it).\n(*1) Debugging means you interactively define filters, drilldown and views on the system to observe application behavior. You may be able to define triggers that recognize events where you want to start more capture, collect data in depth and then reconstruct buggy behavior with very in depth, non necessarily purely numerical data collected.\nSysdig is the benchmark system for debugging here. Transactional monitoring is where you define Alert conditions, generate alert events to get a human to handle the incident, have the human handle the incident and close it. Once that has happened, the transaction is done, and the data about the incident can be forgotten. Prometheus is the benchmark transactional monitoring system.\nDatawarehousey monitoring builds long term views of system utilization and behavior and tries to model system behavior. It is used for capacity planning, trend analysis, and sometimes delivers baselines for transactional anomaly detection. Many TSDB systems, stuff like Druid, and - outside of containers - Graphite do this kind of stuff.\nThis article has been written after getting the product demoed, and playing with it in our environment with some test licenses. Not sponsored by sysdig or anybody else.\n","date":"2017-04-20T00:00:00Z","href":"https://blog.koehntopp.info/2017/04/20/understanding-sysdig.html","tags":["container","monitoring","lang_en"],"title":"Understanding sysdig"},{"categories":null,"content":" The Tweet points to the bug report . After the facepalming there is still a lot to say about that.\nAbout the bug: There is a system call stat(2) in Posix, which returns a struct stat as a result. Part of that data structure is a field st_ino, which contains the inode number of that file. That number is a unique file identifier, a 64 bit bit pattern. Javascript does not have integer types to represent that number, so node.js has been falsely converting it to a float, which can hold 53 bits of precision.\nSo on certain file systems, 2048 different files will be munged together, which is extremely bad.\nPossible solutions are obvious: Use a string or use two 32-bit numbers to hold full precision values.\nAbout Javascript: Javascript is a language used in browsers, and changing the specs of Javascript is incredibly hard. Basically, you have to get everybody to update their browsers in order to actually make progress. There are things that do crypto with Javascript as a target language, and there are compilers from proper programming languages to portable Javascript as a target.\nBut still, Javascript itself is poisonous , and while that take on the language is humorous, this is a serious problem.\nAbout culture: So we are getting a generation of developers now, which have been growing up without hardware or state. They learned programming on AWS and take RDS for granted, which means they have never actually seen hard(-ware related) problems. They also learned programming with the Javascript framework of the week, and think that real software can be written this way. The result is not only the mess that s npm, but also an attempt at systems programming resulting in constructs such as this.\nI cannot for the life of me stand the coddly approach to teaching of Julia Evans (check out her writeups at her blog ), but apparently what she does and how she does it is necessary and appropriate for people growing up in a programming environment like this. Well, I\u0026rsquo;m ok with that if it prevents mindsets and bugs like the one above.\n","date":"2017-04-19T00:00:00Z","href":"https://blog.koehntopp.info/2017/04/19/node-js-idea-of-an-inode-is-approximately-broken.html","tags":["computer","erklaerbaer","lang_en"],"title":"node.js idea of an inode is approximately broken"},{"categories":null,"content":"I was having two independent discussions recently, which started with some traditional Unix person condemning software installing with curlbash (curl https://... | bash), or even curl | sudo bash.\nI do not really think this to be much more dangerous than the installation of random rpm or dpkg packages any more. Especially if those packages are unsigned or the signing key gets installed just before the package.\nThe threat model really became a different one in the last few years, and the security mechanism have had to change as well. And they have, UIDs becoming much less important. Desktop containers and Sandboxes have become much more important, and segregation happens now at a much finer granularity (the app level) instead of the user level.\nThe two discusssions have been around the installation of sysdig (see their article , which focuses on signed code and proxies injecting modifications), and Mastodon (which uses node.js, which features one installation path using curl -sL https://deb.nodesource.com/setup\\_7.x | sudo -E bash -).\nProvided that you actually get the file that\u0026rsquo;s on the remote server (i.e. no proxy exists that modifies stuff), I fail to see the problem. You are not very likely to go through the source and review it. Also, you are hopefully installing this into a single-purpose virtual machine or container, so there is nothing else inside the image anyway. It does not really matter, which UID this is running as, because there is nothing else inside this universe in the first place.\nWe have come, in a way, full circle and are back at MS-DOS, where there are no users or permissions visible to the application, because it is utterly alone in the world.\nUser IDs also do not matter much on personal devices, because these typically have only one user. Being kris (1000) on my Laptop or my Cellphone does not really contain or isolate anything, because there is only me and the only files important are all mine - the files not owned by me come from the operating system image and can be restored at any time. Yes, my files are much more important and harder to replace than the system files.\nMacOS In MacOS, we have a system that kind of solved the problem of a lone user installing a lot of apps, all of which might to a certain extent be hostile to each other or are trying to pull off things with me and my data. The threat model is not \u0026ldquo;multiple users sharing a single device, and keeping their stuff separate\u0026rdquo;, but \u0026ldquo;many apps from different sources, and with different levels of trustworthiness, make sure they do not make off with the users data or another apps data unnoticed\u0026rdquo;.\nThis is very different from Unix-Think and Unix is actually by default not set up at all to handle this. MacOS attacks the problem by sandboxing Apps from the App Store. Apps run in\n⌂ [:~/Library com.omnigroup.OmniGraffle7.MacAppStore]↥ $ pwd /Users/kkoehntopp/Library/Containers/com.omnigroup.OmniGraffle7.MacAppStore ⌂ [:~/Library … com.omnigroup.OmniGraffle7.MacAppStore]↥ $ ls -1 Desktop Documents Downloads Library Movies Music Pictures That is, you still have a single UID per potential user, but apps are confined to a subdirectory and a bunch of system standard locations for stuff. They can exit that through the file dialogs and other systems means and access arbitrary locations in the system, but the user interaction required here makes sure their activity is being screened and contextualized by a human.\nFor the user, this is transparent and invisible, and requires no conscious permissive actions. It is implied in the normal I/O dialog workflow. That\u0026rsquo;s genius, because it hides all the complexity that comes with other systems such as AppArmor, let alone SELinux.\nAndroid Android uses Unix UIDs, but differently than intended. In Android, you always have a GUI, because a Command line without a GUI does make no sense on touch devices. Multiple Users are possible, but user separation is not via UID, it is via GUI.\nInstead, Android assigns a UID to each app dynamically, and uses Linux permissions and SELinux on top of that to keep apps out of each others data.\nThe \u0026ldquo;SD Card\u0026rdquo; area and permission is actually a limited file share facility between apps, but that was not planned. Instead it has been but a side effect of the fact that MS-DOS filesystems on SD-Cards do not enforce Unix UIDs of different apps.\nOn top of that, Google has been learning clumsily and slowly to leverage this to an advantage, with several false starts.\nUser Story Both systems allow users to install apps from all kinds of app makers through a unified channel with limited review, and manage to keep data per-app separated. So it is possible to run apps safely, even if the app is somewhat hostile to other apps or the users data. The ideas behind that have been picked up, and are being transformed slowly in the unix environment using the desktop-container paradigm.\nThings like Flatpak are leveraging containers on the desktop to do exactly what the MacOS sandbox does.\nSummary: If everything on your system is running as the same user, then \u0026ldquo;curl |sudo bash\u0026rdquo; and \u0026ldquo;curl | bash\u0026rdquo; are equivalent in terms of threat. If the user is not actually reviewing the source and build, then each apt-get, rpm and any curlbash are actually equivalent, because the amount of review is the same, and far too little. What is instead necessary is a system that improves security in a way that separates apps, not users, and that makes it possible to recover from the accidental install and execution of a hostile or broken app.\nAnd that\u0026rsquo;s what desktop containers like flatpak do, or intend to do. They are obviously neither perfect nor finished. But they are actually addressing a new and different threat model than the one Unix was built for, and that is no longer reflecting the current world.\n","date":"2017-04-13T00:00:00Z","href":"https://blog.koehntopp.info/2017/04/13/curlbash-and-desktop-containers.html","tags":["security","container","lang_en"],"title":"Curlbash, and Desktop Containers"},{"categories":null,"content":"The Telegraph had a article on a self-styled \u0026lsquo;grammar vigilante\u0026rsquo;, who corrects badly punctuated shop signs in the dead of the night, and the article has not been dated April, 1st.\n[…] the man has corrected tens of missing and misplaced apostrophes on shop banners across Bristol over the past 13 years. The pedant, who is yet to reveal his identity, claims his efforts are needed to bring an end to the improper use of English.\nMeanwhile, innocent bystanders complain about the title \u0026lsquo;grammar vigilante\u0026rsquo;, because:\nMelania Branton, a poet from North Somerset, said that whoever the ‘grammar vigilante’ turns out to be “must be wincing at the misnomer, as punctuation isn’t grammar”.\nRight.\n","date":"2017-04-05T00:00:00Z","href":"https://blog.koehntopp.info/2017/04/05/apostrophiser.html","tags":["fluffy fluff","lang_en"],"title":"Apostrophiser"},{"categories":null,"content":"A long time ago, I wrote a text on the German Blog and on Carta: Wieso wir uns veröffentlichen (Why we publish ourselves).\nIn the middle of a discussion about privacy I was explaining why people publish themselves, why they publicly reveal (sometimes intimate) facts about themselves. They are doing this, I wrote, to find other like-minded people, to become searchable and to become approachable, to build trust. Trust is a wonderful thing. It is the powerful assumption that most people most of the time want to help you and that falsely trying out to trust people is a recoverable mistake. Having trust and being in a trustworthy environment keeps transactional costs low and makes cooperation possible.\nAnd that\u0026rsquo;s rewarding and awesome. How does this work in practice?\nSo tomorrow there is Pro Light and Sound in Frankfurt . Sammy wants to go there, and gets the combination ticket. That\u0026rsquo;s admission to the trade show, plus a ticket for German rail. That ticket is being delivered as a Bahn Tix code, which you can punch into any German ticket machine and get a printout. We are in the Netherlands. The next ticket machine is in Venlo. The route she\u0026rsquo;s going to use does not pass Venlo. There is no way to get Bahn Tix online .\nI am asking on Google plus for help, and because I know at least one person following me is a Train Driver I mention them into the thread. Sammy, me and that person get into a Hangout. Ticket is being picked up and given the train driver of ICE 220 FFM -\u0026gt; Amsterdam Centraal. Shift change at the border, ticket travels on to Amsterdam, +30 platform change 7b -\u0026gt; 2. Printed Ticket is being successfully delivered from the engine to Sammy at 11:58.\nThis is a direct application of Interpersonal Ties theory (pointing to article by Granovetter (1973) and in a way to the works of Peter Turchin . High trust societies are societies where people have many weak ties , that can be strengthened as demand arises. It\u0026rsquo;s these strong weak ties that enable (inter-) action and where cooperation wins between people are highest. In order to have strong weak ties, a society needs to have a relatively low and controlled wealth difference (Gini coefficient ) and a working judicial system and low corruption. This creates social cohesion, and enables \u0026ldquo;random\u0026rdquo; cooperation.\nAlso, you win friends. Looking forward to a visit, soon.\n","date":"2017-04-05T00:00:00Z","href":"https://blog.koehntopp.info/2017/04/05/strong-weak-ties.html","tags":["mobility","netherlands","neuland","lang_en"],"title":"Strong weak ties"},{"categories":null,"content":"See also Why I Don\u0026rsquo;t Talk to Google Recruiters .\nWhere I work we have regular round tables, in which you can talk and ask questions to middle management from other departments than your own. I had the opportunity to talk to a person who manages development priorities and staffs teams, and who of course has some insight into hiring and the interview process. That was very enlightening.\nFor example, finding people to hire in a large organisation is a hard job. Hiring rates are quite fixed, so in order to find people to hire you need to go through a relatively fixed, larger number of resume reviews, phone screens and face to face interviews. Assume that for each three people you would want to hire you need to sift through 100 resumes - that\u0026rsquo;s 10.000 resumes to look at for 300 people to hire. And it can not be automated.\nAn interview process for hiring, then moving people and their families, and finally on-boarding has latency - several months, often half a year, until the move and first day at work, and then another three months of on-boarding and three more months of team formation (the four *ormings).\nI agree with whiteboard programming being a useless exercise in hiring interviews, and prefer other methods to validate credentials and capability - I like to ask people \u0026ldquo;Choose a previous project from your resume and tell me about it. What was that about, what was hard, and how did you handle this? What did you like about your solution, and what would you be doing differently in retrospective?\u0026rdquo; I like to hear about things they are proud of, and things they have learned, and I like to hear about possible choices and reasons for preferring one over the other. But this\nThanks for your email. I\u0026rsquo;m very interested indeed. I have nothing against an interview. However, there is one condition: I have to be interviewed by the person I will be working for. By my future direct manager.\nis not going to work in any larger organisation, and for sure not in the place I work in.\n\u0026ldquo;We don\u0026rsquo;t hire for a specific position, except for very few and distinct job profiles. Certainly not for developer positions.\u0026rdquo; has been explained to me. \u0026ldquo;We would for example hire for specific positions in deep infra, Network Engineers or Database Administrators, but that\u0026rsquo;s rare and an exception.\u0026rdquo;\nWhen I asked for the why, we ended speaking about one core work of that manager, and how an agile organisation at scale can work. In our case, the organisation has a very specific culture and way of working, and of course a huge established codebase. The purpose of on-boarding is to explain our way of working and our past choices to beginners, and to familiarise them with our vocabulary, toolset and environment in a safe way.\nAfter completing this, beginners like everyone else, can enter the \u0026ldquo;Pick your next team\u0026rdquo; process, in which wishes and requests, skills and interests are being matched, and in which people can move laterally through the organisation. It may very well be that the job and team you are applying for after completing on-boarding did not exist yet when you were interviewed - and in fact that\u0026rsquo;s not entirely unlikely, considering growth and the speed of change in the business environment.\n","date":"2017-03-27T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/27/the-interview-in-the-enterprise.html","tags":["work","lang_en"],"title":"The Interview in the Enterprise"},{"categories":null,"content":"Autoblog titles: The race for autonomous cars is over. Silicon Valley lost . The point they want to make is:\nTo paraphrase Elon Musk, Silicon Valley is learning that \u0026ldquo;Making rockets is hard, but making cars is really hard.\u0026rdquo; People outside of the auto industry tend to have a shallow understanding of how complex the business really is. They think all you have to do is design a car and start making it. But most startups never make it past the concept car stage because the move to mass production proves too daunting.\nand\nYet, while companies like Google and Apple are giving up on making cars, they\u0026rsquo;re not giving up on the auto industry. There is another area where Silicon Valley could play a dominant role and it\u0026rsquo;s all about accessing car-based data.\nIt\u0026rsquo;s about the margins - making a thing gives you around 10% markup, making things out of data gives you much, much higher margins. This also frames the current discussions about privacy within the German government, and who is to own your data (hint: not you), especially when you drive.\nBut making software systems is also really, really hard. And an electric, self-driving car is much more a system, then a piece of software and then a piece of hardware. And Forbes sees the automotive industry not really in a strong position here, focusing on GM and Tesla.\nIn reality, I don’t see how GM isn’t making a meaningful strategic pivot to electric, especially compared to Tesla. Why? By March 2017, GM sold a little over 2,000 Bolts, which retail around $37,000. By way of comparison, Tesla has delivered “over 183,000 Model S and X vehicles over the last four years,” according to Electrek. And then there’s the Model 3. Tesla has received over 400,000 customer deposits for its Model 3, which is priced at $35,000.\nWhat GM does with the Ampera-e looks like a compliance stunt to get fleet consumption down, not like a credible electric move, to some: Greenwashing?\nSo what to make of it? Making cars is hard. Making self-driving, electric cars is even harder, because it involves the hard tasks from making large physical machines and the hard tasks from making distributed, secure software systems. Traditional car makers are not delivering (GM singled out above, but the others are guilty, too). And are not pivoting aggressively and fast enough into software and into electric. On the other hand, Silicon valley has largely pulled out of making large physical objects, and focuses on the data generated by drivers. Only Tesla seems to move at speed.\n","date":"2017-03-23T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/23/electric-car-confusion.html","tags":["mobility","lang_en"],"title":"Electric car confusion"},{"categories":null,"content":"Marnix Dekker has an article on HTTPS interception as it is being done in some workplaces. He lists:\nAre you serious? We worked so hard to make the web more secure and you are fucking it up. HSTS, you are breaking it. Blinds the browser and the user, because you re-encrypt with wildcard certs. Disrupts personal use. Breaks pinning and CT. Breaks with consumerization. Disrupts BYOD. Discourages good user practices. Limited benefits. and finally: Hard shell, soft inside is not going to work. ","date":"2017-03-22T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/22/10-reasons-not-to-do-https-interception.html","tags":["security","lang_en"],"title":"10 reasons not to do HTTPS interception"},{"categories":null,"content":"Netzpolitik.org has an article (in German) in which they are interviewing IT-Security Consultant Thorsten Schröder on Adblockers, wasted capped mobile bandwidth and Malvertising.\nnetzpolitik.org : Neben dem Schutz vor Malware, welche weiteren Gründe für die Nutzung von Adblockern findest Du wichtig?\nThorsten Schröder : Wenn wir als Malware all das klassifizieren, was Nutzer ausspioniert, täuscht, kompromittiert oder finanziell schädigt, haben wir im Grunde schon mal eine ganze Reihe an Gründen abgehakt. Nutzer müssen die Möglichkeit haben, selbstbestimmt das Schutzniveau ihres Computers bestimmen zu dürfen. Hat die Bundesregierung vielleicht mal das Bundesamt für Sicherheit in der Informationstechnik (BSI) gefragt? Es wäre eine gute Gelegenheit für das BSI, zu zeigen, was es drauf hat.\n»netzpolitik.org: Besides the protection against malware, what other reasons for using Adblockers are important to you?\nThorsten Schröder: If we classify things as malware which spy on users, deceive them, compromise them or harm them financially, we have in principle covered all reasons. Users you have the right to determine the level of protection their computers need. Did our administration ask their Bundesamt für Sicherheit in der Informationstechnik (BSI)? It would be a good opportunity for the BSI to show what they can do.«\nThe article goes on to discuss numbers and percentages. That is actually not helpful. The numbers stated are by construction too low, and that can not be helped. Also, the numbers are ultimately irrelevant, because Malvertisements are not distributed randomly and evenly. The point being that Ad-Networks generate their value not only from the raw number of eyeballs reached, but quite a lot comes from being able to reach the right kind of eyeballs. The better the Ad-Network, the better their targetting. 10.000 drive-by impressions are worth quite a lot more when I can make sure that all 10.000 of them hit explotable XP/MSIE 6 combos, even if the relative number of installations left in world with these characteristics is quite low.\nAnd 10.000 impressions for ads containing this or that scam are worth a lot more, when I can select an audience for these 10.000 expressions that is badly educated, old or otherwise wrangling to stay on top of this Internet thing and thus more likely to fall for it.\nTargeted advertising and Malware Distribution are a match made in hell, they amplify each other synergetically. This is an effect we need to push more to the front of this discussion. Content Sites are responsible for the ads integrated into their content and shown \u0026ldquo;as their own\u0026rdquo;. Ad Networks are responsible for the way the selectors they offer are being used.\nThe German construct of Störerhaftung works in all directions, not just against private Wi-Fi offerings.\n","date":"2017-03-21T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/21/malvertising-we-have-only-seen-the-beginning.html","tags":["copyright","advertising","lang_en"],"title":"Malvertising - we have only seen the beginning"},{"categories":null,"content":"Science Daily writes :\nNew research investigating the transition of the Sahara from a lush, green landscape 10,000 years ago to the arid conditions found today, suggests that humans may have played an active role in its desertification. [\u0026hellip;] As more vegetation was removed by the introduction of livestock, it increased the albedo (the amount of sunlight that reflects off the earth\u0026rsquo;s surface) of the land, which in turn influenced atmospheric conditions sufficiently to reduce monsoon rainfall. The weakening monsoons caused further desertification and vegetation loss, promoting a feedback loop which eventually spread over the entirety of the modern Sahara.\nSimilar effects are being discussed in The Science Show of January 21 , about current day South Western Australia:\nEuropeans began altering the landscape following settlement of the region in 1829. Vast areas of eucalypt forest were cleared for crops and pasture. Cleared land produces less turbulence as storms move across the landscape. And fewer big trees means less transpiration. The atmosphere is drier, the storms slip by, with less rain produced. Now global effects mean cold fronts are passing further south, some missing the continent altogether. The water table is falling by half a metre a year. If the trend continues, there are predictions of a 17% drop in agricultural production in future decades.\n","date":"2017-03-21T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/21/no-such-thing-as-a-wilderness-part-ii.html","tags":["science","lang_en"],"title":"No such thing as a wilderness, part II"},{"categories":null,"content":"Some 40 authors are listed in the title of Persistent effects of pre-Columbian plant domestication on Amazonian forest composition in Science.\nThe TL;DR is: The Amazonas Rain Forest is a 10.000 year old garden, which has been left untended for the last 500 years after the Amerindian genocide of European conquistadors.\nThe extent to which pre-Columbian societies altered Amazonian landscapes is hotly debated. We performed a basin-wide analysis of pre-Columbian impacts on Amazonian forests by overlaying known archaeological sites in Amazonia with the distributions and abundances of 85 woody species domesticated by pre-Columbian peoples. Domesticated species are five times more likely than nondomesticated species to be hyperdominant.\nAcross the basin, the relative abundance and richness of domesticated species increase in forests on and around archaeological sites. In southwestern and eastern Amazonia, distance to archaeological sites strongly influences the relative abundance and richness of domesticated species. Our analyses indicate that modern tree communities in Amazonia are structured to an important extent by a long history of plant domestication by Amazonian peoples.\nThe full article is unfortunately behind a pay wall.\n","date":"2017-03-21T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/21/no-such-thing-as-a-wilderness.html","tags":["science","lang_en"],"title":"No such thing as a wilderness?"},{"categories":null,"content":" Salted Doorknobs kill MRSA Says this article at The Atlantic :\nSuperbugs like Methicillin-resistant Staphylococcus aureus, or MRSA, have wreaked havoc on the health-care system in recent years. [\u0026hellip;] How do you stop them? Frequent hand washing is one option, but that requires a behavior change, which can be difficult, even for hospital staff. Another option is to coat those frequently fondled objects most likely to carry the bugs—doorknobs, bed rails, toilet handles—with a special anti-microbial surface, like copper. [\u0026hellip;] Whitlock found that salt killed off the bug 20 to 30 times faster than the copper did, reducing MRSA levels by 85 percent after 20 seconds, and by 94 percent after a minute.\n","date":"2017-03-21T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/21/salted-doorknobs-kill-mrsa.html","tags":["science","lang_en"],"title":"Salted Doorknobs kill MRSA"},{"categories":null,"content":" Commit to git Erik Bernhardsson has been running Big Data on Git repositories of various kinds. He was trying to find out what the half-life of code is. That is, when you commit to a repository, your code becomes part of a project, but eventually other code will replace it and it will no longer be part of the current version. How stable is the codebase, what is the half-life of code? And why is it different in different projects?\nAs a project evolves, does the new code just add on top of the old code? Or does it replace the old code slowly over time? In order to understand this, I built a little thing to analyze Git projects, with help from the formidable GitPython project. The idea is to go back in history historical and run a git blame […]\n","date":"2017-03-20T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/20/when-you-commit-to-git-how-long-does-it-matter.html","tags":["computer","free software","lang_en"],"title":"When you commit to git, how long does it matter?"},{"categories":null,"content":"The historic 8008 processor is 45 years old: It was released on the 13th of March 1972. Ken Shirriff has a blog post that explains features of the CPU, from a die photo.\nCompared to modern CPUs, the 8008 is weird in multiple ways: The storage for the stack is on chip instead of in memory, and it is not accessed in linear order for weird transistor saving reasons. Things have changed since then a lot, but back then, a central processing unit was usually not a single die, but a bunch of discrete electronics on a board.\nHaving enough transistors on a single die to make up a CPU inside a chip was a novel concept.\nDie photos and analysis of the revolutionary 8008 microprocessor, 45 years old Reverse-engineering the surprisingly advanced ALU of the 8008 microprocessor Analyzing the vintage 8008 processor from die photos: its unusual counters ","date":"2017-03-15T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/15/how-does-the-8008-processor-work.html","tags":["computer","fluffy fluff","damals"],"title":"How does the 8008 processor work?"},{"categories":null,"content":"Some time ago, I gave a talk about boring technology at Booking , which means choosing the simplest, stable and maintainable solution you can get away with for solving a problem at a given scale.\nApparently Dan McKinley has similar views, which he explained in Choose Boring Technology . The writeup explains nicely what boring technology is, and why to prefer this. Never forget your mission, which is business, not technology. The technology is a necessary tool, but likely not your friend .\n","date":"2017-03-13T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/13/b-boring.html","tags":["computer"],"title":"B.boring"},{"categories":null,"content":"So Saturn has a \u0026lsquo;moon\u0026rsquo;. At least that\u0026rsquo;s what They want us to believe. But we know better.\nSupposedly Pan , a Saturn Moon, as seen by Cassini.\nBASIS , as we know it from Rhodan ","date":"2017-03-13T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/13/thats-no-moon.html","tags":["fluffy fluff","science","lang_en"],"title":"That's no moon!"},{"categories":null,"content":" In any discussion about cycling in Germany, sooner or later some geek who has been exposed to USENET shows up and then the ADFC #173 (http://bernd.sluka.de/Radfahren/fdf173.pdf ) is being quoted. That\u0026rsquo;s a thing from 1992.\nThe usual thing happened here on Facebook - a discussion about the SolaRoad Krommenie diverged into \u0026ldquo;Cycle Paths are stupid\u0026rdquo; and then linked over to the ADFC #173.\nHere is a bunch of more recent material and links.\nThe TL;DR is: When there is no proper traffic separation or traffic separation is impossible, then an on-the-road cycle path, is usually better than a cycle path that runs more or less invisibly by the road and then suddenly intersects with the road at crossings. But a cycle path on the road, not separated by traffic has a number of drawbacks - paint is never enough.\nIt reduces cycling in \u0026ldquo;weak\u0026rdquo; cyclists, very young and older people, feeling insecure close to cars. It prevents building wide cycle paths, and prevents \u0026ldquo;social\u0026rdquo; cycling, that is, usually two cyclists can\u0026rsquo;t be riding side by side, talking while cycling, like people in a car would be able to do it. It comes with speed limits on the car in order to be safe. In the Netherlands, cycle lanes on roads come with a 30 km/h speed limit recommended for cars, and a 50 km/h absolute limit. Usually, for 50 km/h a cycle path that is somehow separated from the road, and roundabouts instead of crossings are recommended. For faster than 50 km/h, unravelling (intersection free cycle paths) are recommended. A View from the Cycle Path is generally a recommended blog. They have an article about On The Road Cycle Lanes , done properly and improperly. The What\u0026rsquo;s Better section at the end of the article discusses better solutions: Separate cycle paths with roundabouts , and unravelling (completely separate, intersection free infrastructures for different types of traffic). The Cycle Paths tag in the blog shows a lot of examples. An article on unravelling shows intersection free infrastructure. An example for unravelling can be seen on Google Maps close to Hoofddorp Station and in many other places.\nAnother article explains safe roundabouts for bike lanes crossing road safely at intersections. The keys to the design are: The cycle path is led in a way that the cyclists are forced to slow down exactly at the dangerous point, and not before, accelerating into a danger zone, and the road is led in a way that motorists have to deal only with one danger at a time, and always into the same direction, right-ahead (two o\u0026rsquo;clock), and have adequate room to stop and wait.\nAnd, separation of on-the-road cycle paths can be relatively simple and cheap, as shown by this Guerilla improvement action using toilet plungers . Social aspects of cycling are also being discussed in that blog. How did the Netherlands become such a good country for cycling? It started in the 70ies, here is an article . In fact, cycling creates traffic problems in the Netherlands that other countries wish to have, and which are being addressed .\n","date":"2017-03-13T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/13/we-learned-a-few-things-about-cycle-path-design-in-the-last-25-years.html","tags":["mobility","lang_en"],"title":"We learned a few things about Cycle Path design in the last 25 years"},{"categories":null,"content":" Work Chat said: [On boiling water with Gas instead of an electric cooker]\nL\u0026gt; Yeah, they have 110 freedom volts. Or whatever weird unit they use for that.\nI\u0026gt; So what is the imperial unit for Volt?\nLet\u0026rsquo;s see. Volt in SI units :\nThat gives us $$ 1V = 1 kg * m^2 * s^{-3} * A^{-1}. $$\nWe can turn the kg into pounds and the square meters into square feet, but we can\u0026rsquo;t easily imperialize the seconds and Amperes. That leaves us with\nThat\u0026rsquo;s 2613 freedom volts (or George Bushes) to the 110 SI volts.\nAnd it can be done with Google Math queries only, which is somewhat impressive.\n","date":"2017-03-10T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/10/irc-so-110-freedom-volts.html","tags":["fluffy fluff","lang_en"],"title":"IRC so: 110 Freedom Volts"},{"categories":null,"content":"Tech.co has an article titled Artificial Intelligence Startups Are Winning the Cybersecurity Race . The claim is basically first that old, pattern and signature based malware recognition is useless, and second, that new, behavior based malware recognition employing mystery AI technologies fixes things. The article closes with\nIn the near future, we predict that AI will be able to effectively fight against hackers by easily detecting repacked viruses. It’s just a matter of time. That’s why, more than resources or experience, companies who actively apply AI, especially cybersecurity companies, will ultimately be successful.\nThat will be interesting to see. Here is a data point:\nOn a computer without any protection installed, unpacking a node.js based hipster chat application zip into 7500 files inside an application folder takes 3.5 seconds. So why is this other device from the same maker close to unusable and has close to zero battery life? Let\u0026rsquo;s see: It has been gifted with the full package of corporate enterprise security: Junos Pulse Endpoint Security, FireEye endpoint security and TrendMicro Enterprise protection.\nWith everything on, it takes 27 seconds (instead of 3 seconds) to unpack the same archive. Getting root and uninstalling FireEye reduces the unpack time to 18 seconds. Reading the TrendMicro config file and doing the Unpacking inside a specific git directory, which is exempt from TrendMicro scanning takes 11 seconds. Uninstalling Junos Pulse, and doing it in the exempt git directory takes 8 seconds. The uninstallation or going into exempt directories was based on observing a system monitor and finding out which processes consume abnormal amounts of CPU during the operation. In fact, the git directory is exempt because it can contain on the upside of half a million files and having TrendMicro active inside that directory simply shuts down the machine, because battery empty.\nI guess the point I am trying to make here is that \u0026ldquo;more protection\u0026rdquo; is going to mean \u0026ldquo;more mAh and Watts spent on stuff not related to the primary purpose of the machine\u0026rdquo;. And we are in an age where consumer devices are increasingly run on battery, and have thermal budgets limited to 5W and less because they have no fan.\nSo I am going to predict that in the near future we will see a growing conflict between \u0026ldquo;protection\u0026rdquo; software uselessly wasting performance and battery and users, who actually want to use their stuff and need to be vigiliant for things that eat battery capacity and heat the CPU needlessly. Your phone, your fanless tablet, your 12\u0026quot; Macbook and your tablet-computer hybrid won\u0026rsquo;t be running much security software because it\u0026rsquo;s mobile, running on battery and has to live with 5W or less.\n","date":"2017-03-10T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/10/the-cost-of-winning.html","tags":["security","performance","lang_en"],"title":"The cost of winning…"},{"categories":null,"content":" Every single time a big Silicon Valley company updates their Terms of Service, there is somebody who mis-interprets the change as an attempt to landgrab, or take ownership of the things being uploaded to the service.\nThis time it affects github.\nTheir new TOS has a section on User-Generated Content , which in github\u0026rsquo;s case is all the repositories, snippets and other stuff they are hosting. In order to do the stuff they are doing on their users behalf, they need a lot of legal permissions on the stuff you are sending to them.\nThat might seem scary, but please stop here and actually read that section linked up there. It\u0026rsquo;s one of the most clear, non-legalese TOS I have ever seen and it even explains WHY they need these rights and what they are going to use them for.\nSo D.4 says \u0026ldquo;You grant us and our legal successors the right to store and display your Content and make incidental copies as necessary to render the Website and provide the Service\u0026rdquo;.\nWhy is this?\nThat means you\u0026rsquo;re giving us the right to do things like reproduce your content (so we can do things like copy it to our database and make backups); display it (so we can do things like show it to you and other users); modify it (so our server can do things like parse it into a search index); distribute it (so we can do things like share it with other users); and perform it (in case your content is something like music or video).\nSo they ask for the necessary license to operate, and that license is non-exclusive (good), time-unlimited (necessary) and limited (for the purposes as stated (\u0026ldquo;as necessary to render the Website and provide the Service.\u0026rdquo;)\nWebsite and Service are upcase, which means they are defined more clearly further up in document, limiting the license even more.\nD.5 says \u0026ldquo;License Grant to Other Users\u0026rdquo;, and again the TOS states clearly when (\u0026ldquo;by setting your repositories to be viewed publicly\u0026rdquo;) and what and WHY again (github is about forking, that requires a license to do that from you). And again, it\u0026rsquo;s limited: If you set your repo to public, \u0026ldquo;you grant each User (upcase!) of GitHub a [\u0026hellip;] license to [\u0026hellip;]\u0026rdquo;. Again, it\u0026rsquo;s limited - the license is nonexclusive, and for a purpose (\u0026ldquo;to [\u0026hellip; list of things \u0026hellip;]\u0026rdquo;). This is about as clear, non-threatening, transparent and obvious any legal contract you are going to see in your life can ever get.\nSo, D.7 is about moral rights (that\u0026rsquo;s a term for authorship attribution rights that are part of euro-copyright as opposed to us-copyright). And it says \u0026ldquo;you waive these rights and agree not to assert them against us\u0026rdquo;, which means, you still have these rights, but you can\u0026rsquo;t sue github for doing what github is about. And you again grant a license, limited, for a purpose (\u0026ldquo;render the Website and provide the Service\u0026rdquo;).\nTL;DR: GitHub is a nice company. The TOS change is fine. Calm down, and STFU until you understand basic copyright law and contractual language. Thanks.\n","date":"2017-03-09T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/09/github-updates-its-tos-and-they-are-not-trying-to-cheat.html","tags":["computer","copyright","lang_en"],"title":"github updates its TOS, and they are not trying to cheat"},{"categories":null,"content":" The Engineer Wizard Paul Armstead is a fat, old man with no life. Helping a stranger in a snow storm, he gets a mystery box, which contains a Genie. Helping the Genie, he\u0026rsquo;s being transformed into a wizard, a being which can affect reality in an acausal way. For the last 400 years, no new wizards have been created on earth, and the remaining 300 or so wizards and witches are ossified. Being an engineer, Armstead invents new ways to deploy magic and create magic effects, combining science and magic.\nThis book is written horribly and in serious need of several edits. The language is wooden and overly rich in adjectives, there are scenes that serve no purpose, and lots of things are explained in monologue instead of shown.\nThe main character is supposedly an engineer, but has to create avatars of people that explain his own job to him, and other character/role inconsistencies exist throughout the book. The story concept has some promise, and pulls you in for about half the book (after an exceptionally slow and weak start), but the execution is too flawed to keep interest going.\nDid not finish.\n\u0026ldquo;The Engineer Wizard\u0026rdquo;, Glenn Michaels, EUR 2.99 (Kindle , also unlimited), First in a series of 3 (all three parts in unlimited).\n","date":"2017-03-04T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/04/fertig-gelesen-the-engineer-wizard.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: The Engineer Wizard"},{"categories":null,"content":" We are Legion Somebody pointed me to We are Legion (We are Bob) , but somehow I can\u0026rsquo;t find that post any more. Anyway, following that hint, I picked up the book and read it. It\u0026rsquo;s awesome.\nBob Johannson made it big: Sold his software company to his greatest competitor, took the money, got a cryopreservation contract on his head and went to a SciFi convention, partying. Where he is run over crossing the street and dies.\n114 years later his consciousness wakes up in uploaded form in a supercomputing cube in the theocratic dictatorship that has become the successor of the US of A, and is being trained to be the controlling intelligence in a Von Neumann probe with an experimental gravity drive, being sent to the stars. During his actual departure, war breaks out between the various remaining superpowers on earth, and earth ignites.\nBob flies between the stars, manages to find planets, to replicate and diversify himself and his various identities are slowly beginning to take over the universe. But he is neither alone, nor has he much time: Between saving the sad remainder of earths population, playing God to one Alien species, fighting other rogue earth-originating probes and detecting a strange Alien superpower that is stripping star systems of literally all resources he is hard pressed to find a few milliseconds of spare CPU cycles to relax.\nThis book is a wild ride, and a kind of escalating story: Not only is Bob snowballing his instances, his problems also kind of snowball. Good thing he\u0026rsquo;s not only a geek, but also a good project manager and thrives under pressure.\n\u0026ldquo;We are Legion (We are Bob)\u0026rdquo;, Dennis E. Taylor, EUR 3.71 (Kindle , also unlimited), First of a Series.\n","date":"2017-03-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/03/02/fertig-gelesen-we-are-legion-we-are-bob.html","tags":["review","media","book","scifi","lang_en"],"title":"Fertig gelesen: We are Legion (We are Bob)"},{"categories":null,"content":" Coaching, Beratung und Gehirn The authors are Gerhard Roth (a biologist and neurologist) and Alica Ryba (a coach, student of Roth). Roth describes the neurobiology as we know it today, and Ryba and he connect it to the various theories of psychotherapy that are relevant today in clinical practice and in coaching, discussing what can and can\u0026rsquo;t possibly work.\nFor what can work, they establish the limits of change. Also, they try to differentiate clinical psychotherapy from (the psychotherapeutic parts of) coaching in method, foundation and goals.\nAll in all a nice overview, and a good way of learning to understand what happens in coaching, what coaches are trying to do with you or your group in an enterprise context and how to tell good from badly executed coaching. For me a very useful and enlightening read that gave me a lot of tools and understanding.\n","date":"2017-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/28/fertig-gelesen-coaching-beratung-und-gehirn.html","tags":[],"title":"Fertig gelesen: Coaching, Beratung und Gehirn"},{"categories":null,"content":" Explorations: First Contact Explorations: First Contact is a great concept well executed: This is a writing prompt anthology. So there is a base story - in this case, humanity sends a probe to the back side of the moon, finds an anomaly which turns out to be a dying alien spaceship that manages to upload the secrets of it\u0026rsquo;s drive and a partial database of other alien civilisations it once visited into the minds of the astronauts that make the contact.\nWith this information, earth builds a number of spaceships - one per anthology author - each of which heads off into a different direction to make a first contact between humanity and the alien. We get 13 takes on the topic of first contact, 13 authors, and 13 short stories. They start off with the same backstory, and the crews and ships reference each other loosely in the writeup, even if there are slight inconsistencies in timeline, human history backstory or drive speed and tech power. The stories vary in quality and originality, but are all on the better side of short story writing, and the concept is novel and entertaining. The delivery is well done.\nRecommended, and since this seems to be a series of writing prompt anthology, research the others as well.\nExplorations: First Contact Various Authors (incl Peter Cawdron) EUR 3,71 (Kindle , also unlimited)\n","date":"2017-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/28/fertig-gelesen-explorations-first-contact.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: Explorations - First Contact"},{"categories":null,"content":" Galactic Exploration One of the very first things I read on Kindle has been Anomaly by Peter Cawdron - his first publication. My review in German Language is here . Turns out, Cawdron is a quite productive author, and active and responsive on Goodreads . Seeing my review there, he pointed me to his other works, and to his mailing list . Through that I found Galactic Exploration and other works by him.\nGalactic Exploration is about a set of three long distance exploration spaceships from Earth, which are sent out to find out why humanity is alone is space. Turns out, they aren\u0026rsquo;t, in multiple different ways - and that\u0026rsquo;s actually a problem.\nWell written, entertaining, with weird, yet believable characters. Cawdron manages to show people who are still human, yet quite far away from what we are today, and how the distances and loneliness of space affect these people.\nRecommended, and research his other works.\nGalactic Exploration, Peter Cawdron, EUR 3.09 (Kindle , also unlimited)\n","date":"2017-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/28/fertig-gelesen-galactic-exploration.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: Galactic Exploration"},{"categories":null,"content":" The Culture Map Erin Meyer is a professor at INSEAD, an international business school based in Paris. She\u0026rsquo;s specialized in cross-cultural communication and facilitation, and in her book explains the dimensions and differences between different cultures in the world, and how they can shape or interfere with exchanges in a multi-cultural environment.\nThe book introduces eight different cultural scales or spectra, and where the various national cultures position themselves on these scales.\nEach of the eight scales represents one key area that managers must be aware of, showing how cultures vary along a spectrum from one extreme to its opposite. The eight scales are:\nCommunicating: low-context vs. high-context Evaluating: direct negative feedback vs. indirect negative feedback Persuading: principles-first vs. applications-first Leading: egalitarian vs. hierarchical Deciding: consensual vs. top-down Trusting: task-based vs. relationship-based Disagreeing: confrontational vs. avoids confrontation Scheduling: linear-time vs. flexible-time The book is rich in examples and anecdotes that explain what these scales mean, and how they can express themselves in daily interaction. For each direction of each scale, examples and alternative ways of communication are shown, which have been working around issues that other groups have used successfully in trying to bridge the gap in culture between them.\nA lot of helpful advice and a lot of context provided for past behaviour I have observed at work or elsewhere.\n\u0026ldquo;The Culture Map\u0026rdquo;, Erin Meyer, EUR 9.99 (Kindle )\n","date":"2017-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/28/fertig-gelesen-the-culture-map.html","tags":["review","media","book","lang_en"],"title":"Fertig gelesen: The Culture Map"},{"categories":null,"content":"In the 2016 South Australia Blackout , a storm lead to a cascading failure, with in turn left 1/6 of the continent without electricity. Fortunately, this is not a densely populated area even for australian circumstances, so it affected some 1.5 mio people (out of 20 mio total for all of Australia) - still quite a lot of people. The news of a 73-year-old Tesla Powerwall owner powering through this outage without even noticing made the headlines in the aftermath, and in consequence demand for PV + Battery combination surged. In total, more than 50GWh have been installed in 2016 alone, and demand is climbing.\nThis ties into a three year old discussion about the grid death spiral which is scaring electricty providers: As more and more households become grid-independent, cost for maintaining the grid and providing electricity becomes higher, making the grid eventually economically infeasible, and making going off-grid mandatory - which for some consumers may be impossible:\nThe risk for the companies is that when people get the option of putting solar panels on their roofs and installing batteries and cutting the cord, demand will fall sharply. The people who end up left on the network will be the only ones left paying.\nThey will be stuck with extremely high network charges, forcing even more people off the network, pushing network charges higher still. It is what Ms Carter calls \u0026ldquo;your death spiral scenario\u0026rdquo;.\nOn the other hand, savings through a Powerwall or other battery devices on top of a PV installation can be spectacular - one owner in Australia reports a 92% bill reduction .\n","date":"2017-02-24T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/24/solar-plus-storage-in-australia.html","tags":["mobility","lang_en"],"title":"Solar plus Storage in Australia"},{"categories":null,"content":"It is helpful to remember that containers are just normal Unix processes with two special tricks.\nNormal Unix Processes Unix starts processes by performing a fork() system call to create a new child process.\nThe child process still contains the same program as the parent process, so the parent processes program still has control over the child. It usually performs a number of operations within the context of the new child, preparing the environment for the new program, from within.\nPID 17 forks, and creates a new process with PID 18. This process executes a copy of the original program.\nThen, after the environment is complete, the parent program within the child processes context replaces itself by calling execve(). This system call unloads the current program in a process and reuses the process to load a new program into it.\nAfter bash in PID 18 has setup the environment correctly, it replaces itself with the actual command to run, /bin/ls. The code for that is being loaded from disk into memory.\nWhen the program in a process has finished, it terminates itself with an exit() system call. The parameter to exit() is the status code.\nThe parent process waits for the end of the child program using a wait() system call. When the child exits, the parents wait() call returns, and delivers the status code of the child\u0026rsquo;s exit() invokation to the parent.\nChild PID 18 terminates by calling exit() with a status code. Parent PID waits for the termination of the child, returning the status code of the child through the wait() system call.\nSpecial Trick: Isolation Containers are Linux processes that are set up two special kinds of resource barriers:\nLinux Namespaces, which limit which kind of system objects a process can see. There are seven Linux Namespaces. Six of them are explained in a good series on Namespaces in LWN , and the Linux Namespaces Manpage explains all seven of them, including the new cgroup Namespace. Namespaces can provide a process with its own set of network resources, including a private ethernet interface with addresses, a local routing table instance and a local iptables rules instance. Namespaces can provide processes with its own view of the filesystem as well, limiting it to a certain subtree of the host filesystem and also limiting the effects of mount() system calls executed by the process. Control Groups (cgroups) , which limit how much of a given resource that is visible to a process this process can consume. Control Groups have been subject to a major redesign in the most recent kernels, see this talk . Both resource barriers set up processes in a way that they cannot reach beyond the established borders:\nTwo processes in different namespaces that are correctly set up cannot see each other and can believe they are alone on a machine. At the same time they cannot deplete each other of host machine resources, because the control groups prevent that if correctly set up and sized, minimising crosstalk between the two processes.\nThe combination of Namespaces and Cgroups forming a resource barrier is called a Pod in Kubernetes.\nFor all practical purposes, the Pod has the same resource-isolation effect that a VM has, but unlike a VM it does consume practically no resources. Inside a Pod, zero or more processes may be running.\nProcesses running inside a Pod are still normal Linux processes executing normal system calls (within the limits that namespaces and cgroups impose on them), so they will be just as fast as regular processes.\nAlso, Processes sharing a Pod can see each other and touch each other, just like regular processes running on a physical or virtual machine. This allows co-scheduling of processes inside a Pod - Kubernetes calls containers doing this \u0026ldquo;Composite Containers\u0026rdquo; and there are a number of deployment patterns and use-cases for these .\nSpecial Trick: Images If you want to execute something in a filesystem namespace in a Pod, you need to build a stub operating system inside the subtree that is visible inside the Pod. By default, a filesystem namespace will limit the Pod and all processes inside the Pod to certain subdirectory, not unlike a chroot() environment.\nBy default this subdirectory will be empty. In order to be able to run things with this as a root directory, the necessary minimum of files needs to be present. This can be done by copying the necessary files into the environment, or by installing a stub operating system from packages into the environment, but both processes may end up copying a few hundred or even thousands of files into the target environment.\nFilesystem images are files that contain the block structure of a device inside a file. Using loop mounts, the file can be interpreted by the Operating System as a device, creating a file tree. With this concept, an entire environment can be copies into place using a single file, and then mounting that.\nBuilding these files can be pretty complicated, though, and these files can also become quite large - and if you have multiple of these environments, they will also duplicate quite a bit of content: Each container will require a copy of the C standard library and many other system files that are simply shared between almost all containers.\nContainer systems often address this problem by defining the contents of an image as an assembly of Layers. A layer is simply a tar file that is being downloaded and unpacked on top of other, earlier downloads so that the total resulting image is the union of all layers stacked on top of each other.\nBecause it can become necessary for a higher layer to effectively delete files or directories contained in lower layers, there needs to be a mechanism that transports this information. Docker images use an awfully designed mechanism called \u0026ldquo;whiteout files\u0026rdquo; for that. Basically, if the tar contains a dotfile starting with the four letters \u0026ldquo;.wh.\u0026rdquo; (that\u0026rsquo;s for \u0026ldquo;whiteout\u0026rdquo;, Tippex), a file of the same name as the suffix of the whiteout file will be blocked out from a lower layer.\nSo if you unpack /etc/.wh.passwd, this will block out /etc/passwd from a lower layer.\nImages can be written to. Writes will always go into the topmost layer.\nPutting it all together: Kubernetes Original Docker is a tool that has been created with developer concerns in mind and zero regard for operations. Docker can run containers on a single host, and has no idea about networking at all - it uses the single IP address a host has, and exposes ports of processes on the inside using iptables rules that merrily map ports between the physical host and the view of the world inside containers.\nDocker builds images rather quickly by un-tar-ing layers on top of each other, and because writes are always going to the topmost layer and that layer can be discarded, it is also easily possible to undo all writes after a run and get back the pristine image for a new run.\nThis makes it ideal for running tests.\nDocker in production is another matter - usually production is larger than a single host, and usually production workloads are being addressed by proper networking equipment which does not so much deal with port numbers as with IP addresses instead.\nSo production docker usually needs an IP address per pod, some kind of routing and networking isolation layer for all of that, and it needs a thing that takes requests to run images and assigns a physical host to each image.\nImages are handy - they package a piece of software with all dependencies, and allow us to start processes on any host in a multihost cluster without installing additional software.\nSo the following can becomes possible:\nA cluster with a number of kubernetes nodes, and three kubernetes master instances. One has been elected leader.\nWe have a cluster with a number of physical hosts, all of which are capable of retrieving images and launching containers. Multiple cluster masters exist, one of which has been elected leader and executes the actual scheduling function.\nA scheduling request arrives, basically asking us to start this image on a host.\nThe cluster accepts scheduling requests, asking the cluster to pick up a certain image which has the following requirements on CPU, memory, disk and network I/O, and find a spot to run it. The scheduler surveys the cluster, finds such a spot and then asks the cluster node to do just that: Set up a pod, download and assemble the image and then launch the process with the image inside that Pod.\nThe worker will now download the image layers, assemble the final image, create a Pod and launch a process from that image inside that pod.\nThe end result is a process that sees one single, private network interface and runs inside a set of Resource Barriers that form the Pod. The program code for the process as well as all libraries or other data is container inside the image.\nCode from the image is running inside the resource barriers create by the Pod.\nBy installing software including all dependencies inside the image we are not polluting our base operating system image. Once the execution of that workload finishes, we can \u0026ldquo;uninstall\u0026rdquo; everything simply by deleting the image (and its constituent layers).\nWe can create a cluster that represents a large amount of compute power in the form of CPU cores, memory, disk space and network I/O and have one single scheduler to run arbitrary applications that have been packaged in images on it. The cluster scheduler takes care of workload placement, and as long as we have sufficient capacity we can hand out compute power as needed without caring where exactly in our datacenter that capacity is available - if our datacenter is built in a way that can support this kind of use and if our application is built in a way that it can handle such an environment.\n","date":"2017-02-17T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/17/containers-101.html","tags":["erklaerbaer","container"],"title":"Containers 101"},{"categories":null,"content":"Dark Reading is scared: All new malware is \u0026ldquo;zero-day\u0026rdquo;, for an interesting and wrong definition of zero-day, because then the article reads much more impressive.\nThe actual definition of a Zero Day is a previously unknown exploit that is being used by some party to compromise a machine. In the article, the term is used differently, meaning a file that is a known malware, but has changed itself so that it has a checksum that is not in currently distributed signature catalogs of known malware. That is of course neither correct, nor new.\nMutation engines, for example for viruses, are an old hat. We have known about them for more than a decade, almost two. The better ones take x86 machine code, auto-dissect it into basic blocks and then re-link these to a semantically equivalent program in a completely different, random order. They may also re-compile certain assembly instructions in these basic blocks to other, semantically equivalent assembly instructions that have different byte codes: There are many ways to clear a register or to load a value from memory, after all.\nIn today\u0026rsquo;s detection industry, one should think of hashing as more of a shortcut to locate the easy stuff, or rule out known good files (whitelisting).\nThat\u0026rsquo;s more like the state of the detection reality from 15 years ago. On the other hand, threat detection software is getting out of hand. A Macbook I have had access to can unzip a piece of software with some 7000 files just fine in under 3 seconds to its internal SSD. The same Macbook with a Trendmicro AV solution installed takes 11 seconds to do the same, and 18 seconds if it is done in a directory that is not excluded from scan in the TM config file. Add FireEye on top of that and the same operation is now at 27 seconds execution time. The laptop is now secure mostly because nobody can do anything with it any more. In many other articles , these so called security solutions have been shown to be actually contributing to the problem.\n","date":"2017-02-17T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/17/omg-our-cybervaccines-are-failing.html","tags":["security","performance","lang_en"],"title":"OMG, our cybervaccines are failing"},{"categories":null,"content":"(This article also available in german language .)\nSo you have a new system and want to know what the load limits are. For that you want to run a benchmark.\nBasic Benchmarking The main plan looks like this:\nThe basic idea: Find a box, offer load, see what happens, learn.\nYou grab a box and find a method to generate load. Eventually the box will be fully loaded and you will notice this somehow.\nThe first mistake: running the load generator and the system to test on the same box. That won\u0026rsquo;t work.\nIt\u0026rsquo;s our goal to bring the box to its limits. Actually, we want to push it past that in order to see what it is that is limiting it. That will happen only when we are able to generate more load than the target system can actually process. If the load generator and the target system are sharing any resources that will never happen: The starved resource, for example CPU, will be slowing down not only the target application but also the load generator until we are reaching equilibrium at an unknown point below the actual limit.\nThat way we will never see what color the smoke is when the box catches fire, that is, what the actual system behaviour under overload is. So we need to separate the load generator and the target system.\nThe second mistake: The target system or the load generated are not close enough to production. In database land, typical mistakes are\nThe tested system has less memory or a different disk subsystem than production. The test data set is smaller than production. The test query set or the test data set is biased relative to production. In all of these cases we will be learning something, but it will not easily port to production. For example, in 2005 the german computer magazine c\u0026rsquo;t had a test media shop selling CD and DVD media, and was using this to benchmark implementations of the system with different databases. The actual benchmark was an equidistribution of queries, so there have been no best sellers and no long tail.\nTo win the benchmark it was mandatory to disable all caches, because there was no set of popular media which would have been gaining from caching. That outcome is the opposite of what is necessary in a real world scenario, where there is a clear long tail distribution of queries.\nThe closer you can bring the test load, the tested system and the test data to production the besser the results. Which is why at work we are trying very hard to make testing in production safe, and then we test whatever is possible in production.\nSaturation When you offer load to a system, the average load on the system will rise. But load usually is not constant, but will vary, depending on what users are doing and how expensive the individual requests are: Not all operations are equally expensive.\nA system close to saturation: Average load is slightly below the maximum, but individual peaks spike above the saturation line.\nConsequently we are not pushing the system to a limit, but we are raising a rolling average in which the actual load is constantly fluctuating and oscillating around this average until the peaks exceed the point of saturation.\nThe average offered load is below the 100% saturation line, but the peaks are already exceeding the limit.\nThat is of course nonsense. The saturation limit is a hard limit, the system can\u0026rsquo;t produce more than that, because a necessary resource is exhausted and the system is constrained by that resource. So what actually happens is that the system will be building a backlog whenever the offered load goes above the 100% line. Requests will pile up in some queue and will only be processed when the load goes below that limit.\nAs we push the system harder, it will exceed the saturation point more and more and phases where it can gain on the building backlog will become rarer. But since the costs for an individual request vary, it is hard to overload the system in a controlled way - harder the higher that variance is.\nThat is one of many reasons why we focus on outliers and worst cases first when we care about optimization: In order to be able to meet any kind of service level objective we need to handle these extremely bad cases first and narrow the band of possible response times, even if that does not move the mean much. Only then we can try to improve the mean response time of the system.\nWait time and the hockey stick What actually happens at saturation becomes clearer as we transform the above graph and take it out of the time domain. We will be graphing offered load (requests/s) vs. throughput (responses/s) and offered load (requests/s) vs. response time (latency).\nRequests/s vs. Response/s (Capacity) and Requests/s vs. Response time (Latency). As we raise offered load, the system approaches the 100% line (the vertical saturation line), and a backlog builds.\nAs we increase load, each request will generate a response: the curve in the capacity graph goes up at a 45deg angle. Even as the load rises, requests will take approximately the same time to process - we are calling this time the think time.\nOnce we approach saturation, a resource in our system will be starved and constrain capacity. Even if we are offering more load, this will not generate more responses. The capacity graph flattens out. Since more requests are coming in than we have capacity for, these excess requests will be queued. Wait time is being added on top of the think time.\nAnd since we are continuing to add more requests than we can handle, the queue and the wait time will rise rapidly and without bounds. The latency curve has the shape of a hockey stick.\nTesting in production That is not a theory, but can be shown in real production systems.\nA typical production setup. User requests are entering the system from the internet at the top, hitting a load balancer. The request are routed to a set of web servers behind the load balancer.\nAssuming that you have a minimum size for load testing with production load: You need to have a sufficient number of users, large enough so that individual users do not contribute in a meaningful way. You will need a frontend load balancer in front of a number of webservers, and you need to be able to modify load distribution weights live in this setup.\nThe load tests starts with running an Apache Siege load generator at a very low setting from the outside against the setup - actually, the Siege is not running against the load balancer, but against one individual web server which is the one which we will be trying to overload. This is not done to generate load, but to measure latency: In normal configuration our system will not be overloaded, so the baseline latency we are seeing is think time.\nDuring the benchmark we are playing with weights in the load balancer in order to direct more load to individual web servers. The load balancing weight of the web server getting the Siege requests is now being increased so that it will need to handle more actual user requests than the other servers. Eventually either timeouts will be showing up in the error log, or the request latency shown by Siege will be going up dramatically.\nEither signal indicates saturation, and we need to stabilize offered load at or very slightly below this point in order to find the saturation point.\nHere is a time domain plot of such an event:\nA request graph of a MySQL database slave being load tested. Writes are coming in via replication, and are not subject to load testing, hence stable. Selects are being load tested and increase at the tests commence.\nIn the test graph above we are looking at query counters of a MySQL database slave during three load test events. Write queries (insert, update, delete) are coming in through replication from the upstream master and are not affected by the load test. Selects are being increased by load balancer manipulation.\nDuring the third test there is a spike of update statements due to a cron script running and affecting the test, invalidating the results of that run.\nTaking the results from the above run and plotting them in a latency graph results in the following graph. The hockey stick is clearly visible:\nLatency graph: test1 is shown in blue, test2 in orange.\nThe graph shows offered load vs. latency of the configurations test1 and test2 from the run above. Configuration test2 is clearly superior. A variant of this graph uses larger symbols as the error rate of that measurement increases to add another dimension. That way the stability of the system under test in overload is being visualized as well.\n","date":"2017-02-16T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/16/load-load-testing-and-benchmarking.html","tags":["erklaerbaer","database","performance","testing","lang_en"],"title":"Load, Load Testing and Benchmarking"},{"categories":null,"content":"Following a great idea from their friends at GitLab, Soup.io loses all postings since 2015 because of malfunctioning backups. They write :\nWe had a big database crash, and the backups we had were corrupted. The only working backup was from 2015.\nAlso, TIL soup.io still exists.\nMeanwhile, Gitlab posted a blameless postmortem . You can read it online , and they write:\nImproving Recovery Procedures […] 9. Automated testing of recoveri PostgreSQL database backups (#1102 ) […]\nDoes your database backup successfully restore? Are you sure? Are you testing this? Remember these words of wisdom:\nNobody wants backup. Everybody wants restore. \u0026ndash; Martin Seeger\n","date":"2017-02-14T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/14/post-like-its-2015.html","tags":["mysql","security","data center"],"title":"Post like it is 2015"},{"categories":null,"content":" Die Krone der Sterne (German Edition), Kai Meyer, 12.99 EUR (Kindle)\n\u0026ldquo;Die Krone der Sterne\u0026rdquo; (The Crown of the Stars) is the first book in a series by Kai Meyer, establishing a setting, the players and the mood.\nWe are thrown into a decaying, galaxy spanning empire with a distinct Dune like flair. Tech is always huge, somewhat clunky and unreliable, covered in rust, dirt, runes and unnecessary decoaration, and it operates on principles that are never explained and also not really understood by it\u0026rsquo;s users - it has been inherited by previous, more advanced generations and today\u0026rsquo;s people can barely operate it.\nThe story follows Iniza, a young noble woman from a backwater planet, who has been selected as a bride to the god-empress on the empires homeworld Tiamande, but does not want to go. On her escape she assembles an unlikely group of rouges and outcasts, and is set on track of several mysteries from the empires history - which kind of resembles the Dune universe, if only losely: There has been something like the Butlerian Jihad , and a turn to mysticism and machine-hate in its aftermath, so it\u0026rsquo;s not just the aesthetics that resemble Dune.\nAll in all a good introductory story for a series - a lot of setup, but also actual characterisation and plot. I was not gripped, but also not bored.\n","date":"2017-02-13T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/13/fertig-gelesen-die-krone-der-sterne.html","tags":["review","book","media","lang_en"],"title":"Fertig gelesen: Die Krone der Sterne"},{"categories":null,"content":"Felix Gessert does a postmortem of the failed Parse startup and product: \u0026ldquo;The AWS and MongoDB Infrastructure of Parse: Lessons Learned \u0026rdquo;.\nTechnical problem II: the real problem and bottleneck was not the API servers but almost always the shared MongoDB database cluster.\nAnd that was with MongoRocks (Mongo on RocksDB) and replacing the initial app in Ruby with a Go implementation of said thing, with WriteConcern = 1, and other horrible presets. All in all, this is like the perfect nightmare of startup architecture decisions. Felix closes pointing at his current project:\nIf this idea sounds interesting to you, have a look at Baqend. It is a high-performance BaaS that focuses on web performance through transparent caching and scalability through auto-sharding and polyglot persistence.\nBingo. Also, found the Hipster.\n","date":"2017-02-10T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/10/hipsterdoom-at-mongobingo.html","tags":["performance","mongodb","lang_en"],"title":"Hipsterdoom with Mongobingo"},{"categories":null,"content":"DVZ Landverkehr reports (article in German):\nLKW-Fahrer dürfen ihre wöchentliche Ruhezeit nicht im Fahrzeug verbringen. Zu diesem Ergebnis kommt Generalanwalt Evgeni Tanchev in seinen Schlussanträgen vom 2. Februar vor dem Europäischen Gerichtshof (EuGH). Hintergrund ist die Klage des Transportunternehmens Vaditrans gegen den Belgischen Staat.\n(\u0026ldquo;Truck drivers must not spend their weekly downtime within the vehicle. That\u0026rsquo;s the conclusion drawn by general attorney Evgeni Tanchev in his final plea of Feb, 2nd before the ECJ. Background is a complaint of Vaditrans vs. Belgium\u0026rdquo;)\nMost European countries require that the weekly downtime of truck drivers must not be spent in the vehicle. Vaditrans sued against this rule and the penalties for violation. European law allows daily downtimes to be spent in the cabin, but says nothing about weekly downtimes. Local rules in many states require that the drivers must not spent them on the vehicle. The same proceedings are also reported in Eurotransport (article in German).\nThe comments below the article rage against the ruling, with many commenters asking how this could possibly be implemented or how the ruling is unfair, cost intensive and generally wrong.\nThe definition of what is normal apparently can be distorted quite heavily - normal for most people obviously would be that drivers to park their vehicles next to a motel and sleep in proper rooms and beds, with proper meals and sanitary installations, every day, because that\u0026rsquo;s how jobs work in a civilization. Instead, people rage against requiring that drivers can and should be doing this at least on their weekends, claiming this to be impossible and abnormal.\n","date":"2017-02-09T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/09/on-normalcy-the-rest-times-of-truck-drivers-in-europe.html","tags":["mobility","lang_en"],"title":"On Normalcy: The rest times of truck drivers in Europe"},{"categories":null,"content":"Continual improvement is sometimes hard to see, because each iteration, each incremental step itself is tiny so that the actual change escapes our attention. Also, just living our lives, our time sense is sometimes distorted. Me for example, I was almost 30 already in the late Nineties, and while that is already 20 years ago, it feels like yesterday to me. So car safety in the Nineties, compared to now? It was crap. Check this out:\nWe do learn, and things do get better. Change is not radical, most of the time it\u0026rsquo;s evolutionary. And to make it visible, you have to look really hard and contract now and then.\n","date":"2017-02-09T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/09/video-20-years-of-continuous-improvement-in-crash-safety.html","tags":["mobility","science","lang_en"],"title":"Video: 20 Years of continuous improvement in crash safety"},{"categories":null,"content":" The talk The cgroups-v2 API is incompatible with cgroups-v1. This is a good thing, because the initial use cases for cgroups have not been fleshed out properly, and the API is kind of overly complicated from the POV of the consumers. v2 is being built with use cases and experience in mind, and is much easier to use. Control groups allow Linux users to limit the kind and amount of resources being used, which is employed by systemd, container drivers and many other things.\n","date":"2017-02-07T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/07/fosdem-talk-cgroups-v2.html","tags":["container","erklaerbaer","lang_en"],"title":"FOSDEM Talk: cgroups-v2"},{"categories":null,"content":" Commodore 64, Evan-Amos @ Wikipedia As Moore\u0026rsquo;s Law shows signs of coming to an end, the Guardian has an article about the history of computing from the Intel 4004 to current tech, and how with the Internet of Shit and Chips and Networking in everything, all of our computers are becoming just one computer.\nEveryone knows that modern computers are better than old ones. But it is hard to convey just how much better, for no other consumer technology has improved at anything approaching a similar pace. The standard analogy is with cars: if the car from 1971 had improved at the same rate as computer chips, then by 2015 new models would have had top speeds of about 420 million miles per hour.\n","date":"2017-02-07T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/07/the-history-of-moores-law.html","tags":["computer","lang_en"],"title":"The History of Moore's Law"},{"categories":null,"content":" Lidar Image\nTwo articles about the Maya civilization: Seeker article about LiDAR being used to reveal ancient structures on the Jungle ground: A network of 150km of prehistoric Autobahn ran through the Jungle, binding the Mayan Empire together.\n\u0026ldquo;These causeways are 130 feet wide, up to 20 feet high and in some cases they extend as far as 25 miles,\u0026rdquo; Hansen said.\nA causeway is a raised road across difficult, often wet or unstable ground. Because of the raised structure LiDAR can find these roads even today.\nAnd from PNAS , another article about radiocarbon dating of several Maya sites, illuminating the time and speed of two collapses of the Maya civilization.\nThrough this chronology, we traced the trajectories of the Preclassic collapse around AD 150–300 and the Classic collapse around AD 800–950, revealing similar patterns in the two cases. Social instability started with the intensification of warfare around 75 BC and AD 735, respectively, followed by the fall of multiple centers across the Maya lowlands around AD 150 and 810. The population of Ceibal persisted for some time in both cases, but the center eventually experienced major decline around AD 300 and 900.\n","date":"2017-02-06T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/06/maya-empire-remains.html","tags":["science","lang_en"],"title":"Maya empire remains"},{"categories":null,"content":"Inside Science reports on the congestion charge in Stockholm (Link to actual paper ). Stockholm always has been a city with relatively clean air and PM10 and NOx levels well below limits. The introduction of a congestion charge in 2007 reduced air pollution in Stockholm by approximately 10 percent. Yet, after several years, Asthma in children 0-5 years old is reduced of 45 percent.\n\u0026ldquo;It appears that what they\u0026rsquo;ve found is these cumulative effects of pollution,\u0026rdquo; he said.\nThe article also reminds city policy makers that a congestion charge can only work if a viable public transport infrastructure is already in place.\n","date":"2017-02-06T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/06/stockholms-congestion-charge-vs-asthma.html","tags":["mobility","lang_en"],"title":"Stockholm's congestion charge vs. Asthma"},{"categories":null,"content":" Anscombe\u0026rsquo;s Quartet by Schutz\nUnlearning Descriptive Statistics explains many things you should know about working with Numbers that your Statistics Class in University probably did not explain properly. If they did, maybe Graphite would not hurt so much, with all the Averaging going on where it shouldn\u0026rsquo;t, and maybe Gill Tene would not have had to give talks like How NOT to measure latency (which is awesome, by the way and if you haven\u0026rsquo;t seen this talk, do it right now).\nFrom the Intro of Unlearning:\nIf you\u0026rsquo;ve ever used an arithmetic mean, a Pearson correlation or a standard deviation to describe a dataset, I\u0026rsquo;m writing this for you. Better numbers exist to summarize location, association and spread: numbers that are easier to interpret and that don\u0026rsquo;t act up with wonky data and outliers. Statistics professors tend to gloss over basic descriptive statistics because they want to spend as much time as possible on margins of error and t-tests and regression. Fair enough, but the result is that it\u0026rsquo;s easier to find a machine learning expert than someone who can talk about numbers. Forget what you think you know about descriptives and let me give you a whirlwind tour of the real stuff.\nGo, read the rest.\n","date":"2017-02-06T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/06/unlearning-descriptive-statistics.html","tags":["computer","science"],"title":"Unlearning Descriptive Statistics"},{"categories":null,"content":" Wireshark Bug Stats\nSo Debian just posted an advisory for over 40 bugs in tcpdump . tcpdump is a tool that collects traffic on the network, and then parses its way down the stack from the Ethernet or other physical frames all the way through the IP and TCP stacks to the application layers and the data formats in there.\nParsing data is hard. Even the actual full blown applications normally reading that data often have problems parsing their own data format, and they are crashing if you throw malformed data at them. That\u0026rsquo;s called Fuzzing , and there is a bunch of pretty amazing LLVM tools available to make this possible in a systematic and automated way.\ntcpdump is one application that attempts to parse the data formats of other applications, while not actually having that data in a single file, but in a number of arbitrarily segmented, overlapping or otherwise distorted frames that are flying by at wire speed. It also does not have the actual parsers or data readers of the original application, but usually has to write it\u0026rsquo;s own data parsers, taking shortcuts along the way. That is prone to failure, and results plenty of exploitable bugs.\ntcpdump is also not unique in this. The stats for tcpdump , ethereal and wireshark (which is ethereal renamed) all are looking bad in exactly the same way. These are Open Source tools.\nClosed Source tools that perform legal interception are trying to solve the same problem, and there is no reason to believe that their parsers or general code quality is any better than this. The only reason you are not finding them in these statistics is that their makers are kind of not very openly communicating problems and bugfixes.\nOn the other hand, fuzzing packets on a link is probably a good way to get rid of listeners, because it will most likely crash their tools just the way it crashes tcpdump and others.\n","date":"2017-02-03T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/03/parser-bug-hell.html","tags":["security","lang_en"],"title":"Parser Bug Hell"},{"categories":null,"content":"Why is our galaxy moving through space, and into which directions is everything else moving?\nScientists at the Hebrew University of Jerusalem have been mapping these forces, and found a very empty region in space that seems to push a lot of galaxies away from it, as well as a (previously known) region thats attracting them.\nThe result looks like a billion light year magnet:\nThe dipole repeller What causes these forces is as of now not well understood. Original Paper in Nature Astronomy .\n","date":"2017-02-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/02/racing-our-galaxy.html","tags":["science","lang_en"],"title":"Racing our galaxy"},{"categories":null,"content":"The Council of the European Union discusses the \u0026ldquo;problem\u0026rdquo; of Carrier Grader NAT, and would like to see all Ip address logging and storage extended to port numbers, as well as all NAT state tables to be stored and preserved, in order to be able to resolve Internet accesses to subscriber identities, says Statewatch .\nThe paper in question has been submitted by EUROPOL and claims that clients are \u0026ldquo;going dark\u0026rdquo;. The scarcity of IP v4 addresses leads to more and more subscribers being subject to carrier grade NAT (CGN). In CGN, subscribers are not assigned a public IP number, but are only getting an internal, non-unique IP address. Only when IP packets are leaving the provider network, their addresses are being translated into public addresses.\nIn this, multiple subscribers will exit the provider network with the same IP number - IP numbers alone can no longer be mapped to a single subscriber, even with a known timestamp. A port number is needed in addition to the other information. Also, the mapping is usually not logged or archived in any way.\nFor EUROPOL, this is seen as a privacy problem:\nOne Member State reported that in a recent investigation into Child Sexual Exploitation Material (CSEM) distributed and hosted via a cloud-based service, the investigators had to investigate each one of the 50 clients using that public IP at this time in order to identify who was ultimately uploading the CSEM, because the cloud-based service provider did not log the relevant information to define which customer was using the public IP.\nToday, on 31. January, a \u0026ldquo;European Network of law enforcement specialists in CGN\u0026rdquo; will be established at Europol. The aim of the network is to document cases of non-attribution due to CGN in the EU, and pressure for a change in data retention practice.\n","date":"2017-02-01T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/01/europol-discovers-cgn.html","tags":["security","internet","networking","politik","lang_en"],"title":"Europol discovers CGN"},{"categories":null,"content":" »Damian: The solution is to send emails with increasing frequency\n@markzabaro: It\u0026rsquo;s called exponential fuck-off.«\n\u0026ndash; https://mobile.twitter.com/dgryski/status/826385338104954881 ","date":"2017-02-01T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/01/exponential-fuck-off.html","tags":["fluffy fluff","lang_en"],"title":"Exponential Fuck-Off"},{"categories":null,"content":" Operations matter. I know the Hipster crowd does not like to hear that, cloud or not. But reality has a way of making itself heard, whether you like it or not.\nGitlab.com just discovered that. So some sysadmin deleted the wrong folder, which in itself should not be a problem.\nBut in the process of trying to restore things, the following discoveries have been made:\nLVM snapshots are by default only taken once every 24 hours. YP happened to run one manually about 6 hours prior to the outage Regular backups seem to also only be taken once per 24 hours, though YP has not yet been able to figure out where they are stored. According to JN these don’t appear to be working, producing files only a few bytes in size. SH: It looks like pg_dump may be failing because PostgreSQL 9.2 binaries are being run instead of 9.6 binaries. This happens because omnibus only uses Pg 9.6 if data/PG_VERSION is set to 9.6, but on workers this file does not exist. As a result it defaults to 9.2, failing silently. No SQL dumps were made as a result. Fog gem may have cleaned out older backups. Disk snapshots in Azure are enabled for the NFS server, but not for the DB servers. The synchronisation process removes webhooks once it has synchronised data to staging. Unless we can pull these from a regular backup from the past 24 hours they will be lostThe replication procedure is super fragile, prone to error, relies on a handful of random shell scripts, and is badly documented Our backups to S3 apparently don’t work either: the bucket is empty If you think your sysadmin is paranoid, let this be your lesson. They are not. Operations do matter, even (especially) in the cloud.\nEDIT: Michael Renner asks some interesting questions:\nSome thoughts for GitLab: What is WAL shipping? What is pgbouncer? Why does everyone hate Slony? Why is EC2 so slow?\nTweet: @Terrorobe People using Slony on a Postgres 9.6 deserve everything that happens to them. Slony is trigger based replication breakage from the deepest circles of hell, and Postgres has excellent, stable and fast internal replications for several years now.\nAlso, what he says about log shipping: There is no reason at all to lose any write ever on a Postgres, nor to have much downtime at all with proper replication. Operations do matter. Cloud ain\u0026rsquo;t gonna change that.\nEDIT: Dedicating 1st of February as \u0026ldquo;Check your Backups Day\u0026rdquo;\nCheck your Backups Day ","date":"2017-02-01T00:00:00Z","href":"https://blog.koehntopp.info/2017/02/01/nobody-wants-backup-everybody-wants-restore.html","tags":["data center","lang_en","devops"],"title":"Nobody wants backup. Everybody wants restore."},{"categories":null,"content":"Westfalenblatt knows:\nYesterday all references to the place name \u0026ldquo;Bielefeld\u0026rdquo; have been replaced with \u0026ldquo;Bielefeldverschwörung \u0026rdquo; (Bielefeld Conspiracy):\nFacebook showing \u0026ldquo;Bielefeldverschwörung\u0026rdquo; (Bielefeld Conspiracy) instead of the proper city name.\nBielefeld is a typical while label city in Germany. In fact, it is conspiciously inconspicious, and that is, so the conspiracy theory fabricated by Achim Held in 1993, because the city does not actually exist. It\u0026rsquo;s a fake location that protects something else on the map, probably an entrance to the Hollow Earth or something else, but we don\u0026rsquo;t actually know.\nThe story of the Bielefeld Conspiracy has been made up as a satire, but has since picked up a life of it\u0026rsquo;s own. The cities bureau of tourism uses it for marketing purposes, and there is even a feature film , which in turn features Achim Held .\nFacebook claims that the change was unintentional and that the root cause is being researched. There totally is no conspiracy at all.\n","date":"2017-01-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/26/bielefeld-conspiracy-hits-facebook.html","tags":["fluffy fluff","lang_en"],"title":"Bielefeld Conspiracy hits Facebook"},{"categories":null,"content":" Coming up: Chinese New Year on 28. January. The coming year is a year of the Fire Rooster , and apparently these things mean a lot to a lot of people. So what influence does the Chinese Zodiac have? Well, one sign that is supposed to be very unlucky is the Fire Horse. An article from 2012 explains:\nPeople born during the year of the Fire Horse are notorious for being bad luck. People born during a Fire Horse years are said to be irresponsible, rebellious, and overall bad news. And for some reason, women are said to be especially dangerous Fire Horses. They supposedly sap their family’s finances, neglect their children, and drive their father and husband to an early grave.\nSolution? Don\u0026rsquo;t make babies in a Fire Horse year, and especially no female babies. So 1966 was a Fire Horse, and that\u0026rsquo;s what 1966 stats look like: ","date":"2017-01-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/26/chinese-new-year-and-birthrate-anomalies.html","tags":["fluffy fluff","science","lang_en"],"title":"Chinese New Year, and birthrate anomalies"},{"categories":null,"content":"I am getting my payslips in electronic form, as an encrypted, password protected PDF. It\u0026rsquo;s not a super secret password, and the encryption is more against accidentally opening the file than it is to keep the content of the file actually secret.\nAfter shipping the PDF home, I am archiving it for tax purposes, but in order to make the archival safe, I am storing the original file as well as the decrypted cleartext version of it. To do that, I wrote a shell script, which contained the password in a variable in clear.\nDiscussing that at work had a few people rejecting the storage of keys in a script in clear as a matter of principle, and the suggestion was to use the operating system key management service to hold this kind of data.\nHere is how to interact with the key management of MacOS.\nCreating a generic password \u0026ldquo;payslip\u0026rdquo; in my login keychain The command line utility to interact with the Keychain in MacOS is \u0026ldquo;security\u0026rdquo;.\n$ security add-generic-password -a $LOGNAME -s payslip -w keks This will create a generic password titled \u0026ldquo;payslip\u0026rdquo; in my default keychain, in my account, and the password is \u0026ldquo;keks\u0026rdquo;. If you run \u0026ldquo;Keychain Access.app\u0026rdquo; and check out the content of the keychain, it looks like this:\nThe generic password \u0026ldquo;payslip\u0026rdquo; has been created.\nYou can set the content of the \u0026ldquo;Name:\u0026rdquo; field differently, use the -l (label) option to do that. You can also add content to the \u0026ldquo;Comments:\u0026rdquo; field with the -j option.\nAccess Control If you want to see the password, you can always hit the \u0026ldquo;Show password:\u0026rdquo; field. You will be prompted for your login keychains password (which may or may not be the login password for your computer). By hitting \u0026ldquo;Always Allow\u0026rdquo; you will also add \u0026ldquo;Keychain Access\u0026rdquo; as a program to access this information without password.\nTrying to see the actual password triggers an authentication dialog.\nSwitching from the \u0026ldquo;Attributes\u0026rdquo; tab to the \u0026ldquo;Access Control tab shows us which programs can always access the password (without a Dialog). It looks like this:\nCreating the generic password with \u0026ldquo;security\u0026rdquo;, the program gives itself free access to the data.\nYou might see fewer (none) or more programs in this list:\nBy default, \u0026ldquo;security\u0026rdquo;, which created the password, adds itself to the access control list. If you do not want \u0026ldquo;security\u0026rdquo; adding itself to the list, set \u0026ldquo;-T\u0026rdquo; empty to prevent itself from adding: $ security add-generic-password -T \u0026#34;\u0026#34; -a $LOGNAME -s payslip -w keks Had you hit \u0026ldquo;Always Allow\u0026rdquo; instead of \u0026ldquo;Allow\u0026rdquo; in the \u0026ldquo;Show password:\u0026rdquo; dialog, \u0026ldquo;Keychain Access\u0026rdquo; would have had itself added as well. Getting the password back Here is how to get the password back:\n$ security find-generic-password -w -a $LOGNAME -s payslip If you did not allow \u0026ldquo;security\u0026rdquo; to include itself, you will see a permission prompt on the desktop:\nYou will see this prompt if \u0026ldquo;security\u0026rdquo; created the generic password with -T \u0026ldquo;\u0026rdquo;, preventing it from adding itself to the access control list.\nBoth cases, searching for a password not present or the user hitting \u0026ldquo;Deny\u0026rdquo; will have the command return with an empty password. The \u0026ldquo;password not present\u0026rdquo; case will additionally write an error message to stderr, but unfortunately not set an exit code properly.\n$ password=$( security find-generic-password -w -a $LOGNAME -s payslip ) $ echo $password keks Deleting a password\nJust for closure and cleanup:\n$ security delete-generic-password -a $LOGNAME -s payslip ","date":"2017-01-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/26/command-line-access-to-the-mac-keychain.html","tags":["erklaerbaer","macos","apple"],"title":"Command line access to the Mac keychain"},{"categories":null,"content":"EU Observer reports on a five page internal note from the EU director-general at the commission\u0026rsquo;s internal market and industry department:\n\u0026ldquo;Absolute NOx emissions of diesel vehicles under real driving conditions have hardly changed” despite “various” EU “steps”. “On the road, a Euro 5 vehicle emits almost the same amount of NOx per km as a Euro 3 vehicle.\u0026rdquo;\nThe testing method, which is nothing like real road conditions, is mentioned as a contributing factor.\n","date":"2017-01-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/26/eu-described-own-policy-as-complete-failure.html","tags":["mobility","lang_en"],"title":"EU described own policy as 'complete failure'"},{"categories":null,"content":" \u0026ldquo;Maddrax 443: Die Erleuchteten \u0026rdquo;, Jo Zybell (german language, EUR 1.49)\nSo Maddrax is one of those pulp series that are sold in booklet format in train stations, right next to romance novels. The setting echoes Planet of the Apes or other post-apocalyptic scenarios with Sci-Fantasy elements.\nDuring a failed space mission involving firing nukes at an asteroid/alien terraformship on a collision course with earth, Matthew ‘Matt’ Drax is transported five centuries into the future, where he finds a barbarian wilderness sparsely populated by mutant survivors of the impact and barbarians.\nAs the story develops, Maddrax goes onto a journey of discovery through a Edgar Rice Burroughs-like system of worlds torn by conflict and interstellar war. It\u0026rsquo;s pulp.\nI am not reading Maddrax, but got pointed at it by somebody resharing an article on G+.\nIssue 443 \u0026ldquo;The enlighened\u0026rdquo; can be read standalone, as it is a crude satire that does not actually require much understanding of the larger universe or the factions in it. It deals with some lizard men living on a moon of darkness in one of the bright spots where the light can actually reach the surface.\nSince the lizard people on the moon of darkness can\u0026rsquo;t actually survive that, they have to protect themselves from the harmful radiation of the daystar by wearing tinfoil hats. Still the brightness and radiation damages them, so they start believing all kinds of conspiracy theories or imagined dangers. Two of the lizard men, Drumb and Puudin, are becoming agressive and power hungry, starting to transform their society.\nCan be read in a few hours. Hurts all the time. Which is kind of like expected for several reasons. Novelty item.\n","date":"2017-01-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/26/finished-reading-maddrax-443-die-erleuchteten.html","tags":["review","book","media","lang_en"],"title":"Finished Reading: Maddrax 443 \"Die Erleuchteten\""},{"categories":null,"content":" ]\n\u0026ldquo;Pre-Suasion: A Revolutionary Way to Influence and Persuade \u0026rdquo;, Robert Cialdini, (english language, EUR 12.99)\nRobert Cialdini is a professor emeritus of Psychology and Marketing at the Arizona State University, a visiting professor of marketing, business and psychology at Stanford University, and is the author of several books on the psychology of Influencing and Persuasion. This book is about getting someones attention, and using it.\nCialdini speaks about privileged moments, points in time where we have someones attention, and that person is also primed to actually follow our reasoning along with our message. It goes on to analyse what makes these moments privileged, and how we can help manufacturing them.\nBeing a funny and refreshing writer, Cialdini fills his stories with jokes and anecdotes illustrating the point he\u0026rsquo;s about to make. He\u0026rsquo;s also liberally using whatever he\u0026rsquo;s explaining right now in convincing us that this particular thing actually works, which is kind of a meta-demonstration of the point he\u0026rsquo;s making.\nThis book can help you trying to sell a thing or an idea better, to customers, colleagues or other people that you need to get to listen. It\u0026rsquo;s also helping you to understand what\u0026rsquo;s influencing you, and how, and giving you tools to notice (and allow or deny) this. Going full meta, Cialdini explains how that changes the process of persuasion, and gives studies and examples to back even this up.\nThe book itself is not only full of stories and games playing with the methods and the language of persuasion, it also contains a lot of footnotes and pointers to followup reading, in case you want to go deeper. Time and money well spent.\n","date":"2017-01-26T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/26/finished-reading-pre-suasion-a-revolutionary-way-to-influence-and-persuade.html","tags":["review","book","media","lang_en"],"title":"Finished Reading: Pre-Suasion: A Revolutionary Way to Influence and Persuade"},{"categories":null,"content":"So Python is a beautiful language, which is also kind of slow. And the more cores you have, the worse it gets, because of the GIL in the most popular implementations. Other languages are much better at concurrency, one of them supposedly being Go. So Geeks at Google have been pondering the problem, and came up with a Python-to-Go compiler called Grumpy.\nRead more about it in their blog . In rigged benchmarks it looks awesome, and under real world load it supposedly performs quite well.\nBut the best part is the Logo. Which looks like this:\n","date":"2017-01-25T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/25/grumpy.html","tags":["golang","python","computer","lang_en"],"title":"Grumpy"},{"categories":null,"content":"Palaeofuture has an interesting article on sending letters, the CIA way.\nWhen you file a Freedom of Information Act (FOIA) request with a federal agency, they’ll often send you physical letters in the mail. When I got my first response letter from the CIA, I was a little surprised to see some old-fashioned, anti-spy tech on the back of the envelope. As you can see from the photos above and below, there’s no way to open the envelope without making it clear you’ve been messing with it.\nThe author has been inquiring about the how and why, and despite the inquiry not being a formal FOIA request got an answer.\nThe “gummed kraft sealing tape” the agency uses is three inches wide, and the indications from the response to my FOIA request suggest that the agency buys it in 450-foot rolls.\nThe article does have a part and an order number for the tape, in case you have need for it.\n","date":"2017-01-25T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/25/sending-letters-the-cia-way.html","tags":["security","hack","lang_en"],"title":"Sending letters the CIA way"},{"categories":null,"content":"The trench ain\u0026rsquo;t here:\nIt is elsewhere .\n","date":"2017-01-25T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/25/the-topography-of-the-death-star.html","tags":["fluffy fluff","lang_en"],"title":"The Topography of the Death Star"},{"categories":null,"content":"In mysql() nach PHP 7 retten , Charly Kühnast explains how you can get the deprecated and disabled mysql extension back in PHP 7. You shouldn\u0026rsquo;t. There are many reasons for this.\nOne of them being that none of the newer features in MySQL can be used with the old mysql extensions. There is an overview in the PHP documentation that explains exactly what you are missing.\nOne of the things that you are missing is support for prepared statements. Prepared statements are a mechanism in which you write SQL statements with placeholders for variables, and then later bind values to the placeholders using a \u0026ldquo;bind\u0026rdquo; call or as part of the \u0026ldquo;execute\u0026rdquo; call which is actually running the statement.\nIn any case, the variables are being escaped properly automatically, making SQL injection a lot harder. This is not just a problem limited to PHP - a search for bind and execute other sources can be very instructive. For example, the sources of Opennebula or in older versions of Owncloud (up to and including version 7) are rich treasure troves of potential exploits.\nSo currently the situation is as follows:\nThere are three extensions at the PHP level, one of which is deprecated and disabled in PHP 7:\nThe old mysql extension is no longer available by default, and for good reasons. Do not use it, do not attempt to use code that uses it. The mysqli extension has been around for very many years, and offers a procedural and an object oriented interface, and makes \u0026ldquo;newer\u0026rdquo; MySQL features available, including prepared statements. The PDO_mysql extension has been around for many years, too, and offers an object oriented, and portable across databases interface. It also allows access to all \u0026ldquo;newer\u0026rdquo; MySQL features. The wire protocol of all of these extensions is implemented by a C-level library, against which the extension can be linked. A manual page explains the choices.\nTraditionally that has been the Oracle/MySQL C-API (\u0026ldquo;libmysqlclient\u0026rdquo;, \u0026ldquo;Connector/C\u0026rdquo;), which comes with the database server. It is available on the GPL, which is a license different from the PHP license of the rest of the PHP proper, and it has it\u0026rsquo;s own memory management, which is different from the PHP native memory management. Since PHP 5.3, there is mysqlnd (the \u0026ldquo;native driver\u0026rdquo;, ND). It re-implements the MySQL wire protocol, and is available under the same license as PHP itself. It also uses the same memory management that PHP uses, which makes it faster (no copying) and more efficient (no duplication of values). It is the default on a normal PHP build these days. What you should be using: These days, your code should not be using the mysql extension. So you will be using mysqli or PDO_mysql, depending on your needs, with the underlying implementation of the native driver doing the heavy lifting.\nDo not attempt to port mysql-Extension based code to PHP 7 without refactoring it for prepared statements, please.\n","date":"2017-01-23T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/23/php-7-mysql-extension-deprecated.html","tags":["mysql","php"],"title":"PHP 7: mysql extension deprecated"},{"categories":null,"content":"Cary Caffrey schreibt etwas, daß vom Cover und dem Beginn der Geschichten sehr gut in ein SciFi Anime Setting passen könnte, dann aber schnell eine ganze Menge mehr Tiefe entwickelt und faszinieren kann.\nAlcyone Book Series Die Heldin der Geschichte, Sigrid, wird zu Beginn der Geschichte aus den Bedingungsloses-Grundeinkommen-Slums der übervölkerten Erde geholt und auf einer nahezu unberührten Welt, Alcyone, zusammen mit einer Reihe weiteren Mädels in einen biomechanischen Sölder-Cyborg von enormer Durchschlagskraft umgewandelt. Zugleich erfahren wir Leser ein wenig mehr über die Struktur eines Post-Neocon Ferenghi-haften Universums, in denen Firmen die Technologie eine Sprungtores entwickelt haben und die Erforschung und Entwicklung ferner Welten übernommen haben, und in denen die Mädchen von Alcyone zu gefährlichen Machinstrumenten im Kampf der Konzerne geformt werden sollen.\nSigrid versucht ihre Welt zu verstehen, die offenbar viel größer und komplizierter ist, als ihr in ihrem Erden-Slum bewußt war. Sie will sich emanzipieren und sich über die Identitäten und Absichten der Spieler klar zu werden, die versuchen, sie zu beeinflussen und sie zu benutzen. Im Laufe der Trilogie gelingt ihr das - zu hohen Kosten - und zugleich wird klar, daß sie mit einer Schwarz-Weiß-Ideologie nicht weiter kommen wird.\nSpannendes Worldbuilding, nett erzählt und gepaced, und eine interessante Weigerung, einfache Erzählstrukturen anzunehmen. Ich war gut unterhalten.\nThe Girls From Alcyone Book Series:\nThe Girls From Alcyone The Machines From Bellatrix Codename: Night Witch ","date":"2017-01-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/02/fertig-gelesen-alcyone.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Alcyone"},{"categories":null,"content":"Ein schnelles Einsteigerbuch in die operativen Handgriffe für den Umgang mit Docker. Weitgehend an einem Nachmittag durchgescanned und verarbeitet, mit spannenderen Informationen im hinteren Teil, wo es um Image Formate (intern) und Docker Overlay Networking geht.\nSpannender wird es erst im Zusammenwirken mit was größerem - Kubernetes. Das ist jedoch ein anderes Buch…\nDocker for Sysadmins , EUR 8.51\n","date":"2017-01-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/02/fertig-gelesen-docker-for-sysadmins.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Docker for Sysadmins"},{"categories":null,"content":"\u0026ldquo;Drift Into Failure\u0026rdquo; ist eine Art populärwissenschaftliche Einführung in die Systemtheorie. Anhand einer Reihe von Beispielen werden eine komponentenorientierte Fehleranalyse und eine Art blameless Postmortem nebeneinander gestellt und an Hand von drei zentralen Beispielen (und einer Reihe von kleineren illustrativen Ideen) gezeigt, wie dies zu unterschiedlichen Ergebnissen führen kann.\nDie großen Beispiele sind Alaska Airlines Flight 261 , Space Shuttle Challenger Disaster , und der Enron Scandal . Die Darstellung zielt darauf ab, daß es eben nicht einzelne fehlerhafte Komponenten (Pilot, Jack Screw, Tankisolierung, Buchhaltungsregeln sind), sondern eine Reihe von organisatorischen und persönlichen Beziehungen von Leuten und Prozessen untereinander, die etwas auslösen, daß der Autor als Drift bezeichnet.\nDrift ist dabei eine ungeplante Änderung von Prozessen und Risikobeurteilungen, die durch lokale Optimierungsprozesse und lokalen Anpassungsdruck ausgelöst werden, aber am Ende die Stabilität des ganzen Systems beeinflussen. Dabei ist es am Ende oft unmöglich zu sagen, an welcher Stelle durch welche Aktion die Grenze überschritten worden ist.\nDekker unterscheidet offensichtliche, komplizierte, komplexe und chaotische Systeme. In offensichtlichen Systemen sind Ursache und Wirkung direkt sichtbar und miteinander gekoppelt, Zusammenhänge sind stetig und differenzierbar, linear bis exponentiell. In komplizierten Systemen existieren diese Zusammenhänge ebenfalls noch, sind aber eventuell nicht offensichtlich - jedoch statisch und entdeckbar.\nKomplexe Systeme sind anders, weil sie Feedback-Schleifen enthalten, mit denen sie sich ändern und anpassen können. Das ist besagte Drift, und sie ist in vielen Fällen eine nützliche Eigenschaft - wenn sie kontrolliert und beobachtet wird, was jedoch sehr schwierig ist.\nKomplexe Systeme haben entsprechend keinen statischen Zusammenhang zwischen Ursache und Wirkung, sondern Regeln ändern sich über Zeit oder aus anderen Gründen oder es existieren lokale Abweichungen. Komplexe Systeme existieren oft an der Grenze zum Chaos, und so kann es sein, daß bestehende Steuerungs-Prozesse und bekannte Steuerungs-Inputs nicht immer den gewünschten und erwarteten Einfluß haben. Möglicherweise haben kleine Abweichungen beim Input stark andere Auswirkungen haben, oder Steuerungs-Inputs haben unerwartete und nicht immer auftretende Nebenwirkungen - die Diskussion im Buch an den Beispielen oben illustriert das vielfach.\nDas Buch enthält kaum aktive Handlungsanweisungen, und ist an vielen Stellen frustrierend vage, ist jedoch eine gute Einführung in Systemtheorie und erlaubt es unter Umständen, fehlerhafte Prozesse und Fehlentwicklungen im eigenen privaten oder beruflichen Umfeld einfacher zu benennen und zu beeinflussen.\nDrift Into Failure , EUR 16.32\n","date":"2017-01-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/02/fertig-gelesen-drift-into-failure.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Drift Into Failure"},{"categories":null,"content":"Ein kaum 40 Seiten langer Aufschrieb über die Basics von Kubernetes und wieso Docker in der Produktion erst mit mehr als einem Dockerhost und mit Kubernetes Spaß macht. Das Buch bezieht sich nicht auf Kommandos und operative Details, sondern vermittels einen großflächigen Überblick über die Konzepte und den Sinn der Sache, um die operativen Details (die man sich anderswo besorgen muß) sinnvoll zu kontextualisieren.\nSinnvoll auch für technische Entscheider.\nKubernetes: Scheduling the Future at Cloud Scale , Free eBook\n","date":"2017-01-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/02/fertig-gelesen-kubernetes-scheduling-the-future-at-cloud-scale.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Kubernetes - Scheduling the Future at Cloud Scale"},{"categories":null,"content":"In Teil 2 setzt sich das Motiv der Erzählung als Reiseroman fort und das ist es auch, was trotz aller Action das Tempo bestimmt. Wir erfahren mehr über Kims Hintergrund und Entwicklung und angenehmerweise viel über Show, Don\u0026rsquo;t Tell und ohne das Pacing zu brechen.\nAlles in allem ganz wunderbar geschrieben und mit viel Konzentration auf die Charakterisierung der Figuren gemacht. Wer Teil 1 gemocht hat, wird in Teil 2 mehr desselben finden.\nRetaliation , EUR 2.99\nMehr Reviews:\nSlingshot Retaliation ","date":"2017-01-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/02/fertig-gelesen-retaliation.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Retaliation"},{"categories":null,"content":"Butcher (\u0026ldquo;Dresden Files\u0026rdquo;) nimmt sich des Genres Steampunk an und wirft uns in eine fremde Welt, offensichtlich ein besiedelter Planet der nicht die Erde ist und in der Menschen Eindringlinge sind, und in der sie nur auf Grund einer halb mystischen, vergessenen Technologie überleben können, die auf \u0026ldquo;Aether\u0026rdquo; basiert.\nDie auf ihre wolkenkratzer-großen Schutztürme (\u0026ldquo;Spires\u0026rdquo;) beschränken Menschen können auf der feindseligen Dschungel-Oberfläche der Welt nicht existieren und stehen miteinander nur über ihre Aether-Betriebenen Wolken-Dampfschiffe in Kontakt, mit denen sie Handel treiben und Krieg führen. Die ursprünglichen Bewohner der Welt scheinen vorübergehend geschlagen worden zu sein und erwachen und reorganisieren sich nun, währen die Menschen die technischen Grundlagen ihrer Technologie vergessen haben.\nErster Band einer längeren Serie, die sich angekündigt mit dem Niedergang und dem Ende der Menschen auf jener Welt beschäftigen wird. Mühsame Erzählung mit viel Expose, und ich bin nicht überzeugt, daß ich das weiter lesen will.\nThe Aeronaut\u0026rsquo;s Windlass , EUR 5.49\n","date":"2017-01-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/02/fertig-gelesen-the-aeronauts-windlass.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: The Aeronaut's Windlass"},{"categories":null,"content":"The Box ist vordergründig ein Buch über die Erfindung des Containers und die vierzig Jahre des Strukturwandels, die seiner Erfindung und seinem Siegeszug um die Welt folgen.\nThe Box Das Buch belegt ausführlich, welchen hohen Anteil die Frachtkosten an einem gefertigten Produkt vor 1956 hatten, und wie stark die Regulierung des Transportwesens, insbesondere in den USA, einen Strukturwandel behindert hat. Stückgut war personalintensiv, langsam in der Verladung und hat lange Aufenthaltszeiten in Häfen und Bahnhöfen erforderlich gemacht - Fracht war nicht nur teuer, sondern auch langsam.\nDas Buch ist auch eine Art Wirtschaftsbiographie, die den Unternehmungen Malcom McLeans folgt und beschreibt, wie er auf der Straße, der Schiene und besonders auch auf den Meeren versucht hat, Transport wirtschaftlicher und schneller zu machen und quasi im Vorübergehen den multimodalen Transport erarbeitet und einen tiefgreifenden Strukturwandel ausgelöst hat.\nDas Buch blickt dabei auch auf Städte wie New York, und zeigt, wie die Slums und die Krise in verschiedenen Stadtteilen des New York mit dem Siegeszug des Containers in Verbindung stehen: Dadurch, daß im Stadtkern von New York kein Platz für einen Containerfrachthafen war, wurde dieser am anderen Ufer des Hudson gebaut. In Folge gingen den Docks von New York Geschäfte verloren.\nZugleich ist mit multimodalem Transport keine Notwendigkeit mehr für kleine Fertigungsbetriebe gegeben, direkt neben dem Hafen zu sitzen - Betriebe können stattdessen nach New Jersey raus ziehen, wo Raum billig verfügbar ist. Der Innenstadt geht damit eine Menge saubere Kleinindustrie verloren. Das wirtschaftliche Herz der Stadt ist also binnen 15 Jahren faktisch verschwunden und führt zu dem New York der 70er und 80er, das wir aus Filmen kennen.\nGenerell ändert sich mit der Natur der Häfen auch ihre Kostenstruktur und ihre Kapazität - statt vieler kleiner Häfen bekommen wir pro Kontinent eine Hand voll gigantischer Containerterminals, die praktisch eine ganze Nation versorgen können und dann eine Bahn- und Lastwagen-Infrastruktur, die eine zunehmend längere letzte Meile versorgen. Kleinere Zubringerhäfen runden den Bedarf ab. Eine ganze Menge Nationen und Städte haben sich bei dem Rennen darum, \u0026ldquo;der Containerhafen der Nation/des Kontinents\u0026rdquo; zu werden verspekuliert und Milliarden an sinnloser Infrastruktur entwickelt und subventioniert.\nGroße Containerfrachter und Nachschublinien mit Just-In-Time-Semantik und der dazu passenden Verläßlichkeit sind jedoch ohne Computer-Unterstützung nicht zu betreiben und so beleuchtet das letzte Drittel des Buches die Fortschritte und Innovationen der 80er Jahre und wie sie den Transport weiter verändert haben. Unser heutiges weltweites Transport- und Wirtschaftssystem wäre ohne die Kombination von Containerfrachter und Computer gar nicht zu betreiben, Fabriken in Shenzen ohne Frachtkosten unterhalb der Nachweisgrenze nicht sinnvoll zu betreiben.\nSchließlich geht das Buch an vielen Stellen auch auf den Arbeitskampf ein, der die Einführung des Containers begleitet und verlangsamt hat, und der es möglich gemacht hat, daß die Umstellung nur von moderaten Gewalttätigkeiten begleitet war. Gewerkschaften und weniger legale Arbeitnehmerorganisationen haben hier eine zentrale Rolle beim Überleben von Regionen und bei der Umsetzung des Wandels gespielt.\nAlles in allem eine faszinierende Kombination von Wirtschaft, Logistik, Politik und Operations Research, spannend erzählt.\nThe Box , EUR 14.99\n","date":"2017-01-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/02/fertig-gelesen-the-box.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: The Box"},{"categories":null,"content":"Ein Geschichtsbuch, das ich ursprünglich irrtümlich der Reihe \u0026ldquo;Turning Points in History\u0026rdquo; zugeordnet habe (siehe 1177BC ). Weil es das nicht ist, fehlt die historische Einordnung und die Beschreibung der Bedeutung der Ereignisse im geschichtlichen Umfeld.\nDennoch ist das Buch eine unterhaltsame Beschreibung eines Raub- und Eroberungsfeldzuges, der am Ende zu einem Genozid wurde - ja, das klingt so kraß wie es erzählt wird.\nThe End Of The Aztecs , EUR 1.78\n","date":"2017-01-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/02/fertig-gelesen-the-end-of-the-aztecs.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: The End of The Aztecs"},{"categories":null,"content":"Sarah Chrisman ist ein Portländer Original mit starken Meinungen. Während ihr Mann einen DeLorean DMC-12 restauriert und fährt, bekommt sie aus Gründen ein Korsett geschenkt und beginnt, es zu tragen und in Folge historische viktorianische Kleidung zu restaurieren und zu tragen.\nVictorian Secrets Heute lebt sie mit ihrem Mann in einem Haus von 1888/89 und größtenteils mit der Ausstattung aus dieser Zeit - in This Victorian Life findet man mehr.\nDas Buch erzählt autobiographisch ihre Zeitreise und die Erfahrungen bei der Erforschung historischer Lebensumstände am eigenen Körper - TL;DR es war sehr anders als heute, aber weitaus weniger unkomfortabel und schlimm als man sich so vorstellt. Fortschritte haben wir hauptsächlich bei der Hygiene und Medizin gemacht, beim Komfort und der Ernährung vielfach sogar Rückschritte und beim Umgang miteinander sind wir aus der Sicht der damaligen Zeit sogar barbarisch.\nFaszinierend zu lesen, und transportiert erfolgreich die Ideenwelt und die Neugier einer Person mit sehr starken Überzeugungen.\nVictorian Secrets , EUR 9.06\n","date":"2017-01-02T00:00:00Z","href":"https://blog.koehntopp.info/2017/01/02/fertig-gelesen-victorian-secrets.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Victorian Secrets"},{"categories":null,"content":"On Core.Infra day, I was invited to speak. This is my talk. There were many like it, but this was mine.\nIn operations, code is not your friend. This is about what I did the two years I have not been around here. I first worked for Booking in 2006 as a MySQL consultant doing databasey things. I joined Booking as an employee later, in 2008. By then, I was working in Amsterdam, but living in Berlin, so I was flying around quite a bit. In 2014, that became unworkable and I signed on with a Berlin based eCommerce hoster to do some awesome stuffs.\nSysEleven had about 3000 customers, mostly German eCommerce or news sites. The company had less then 50 employees in 2014 and grew to 70 people now. I joined a newly formed team, whose task was to build the new hosting platform for SysEleven.\nGiven that we were to build the new platform, there has to be an old one. The old platform was based on single machines with all storage local, and maybe a NetApp or two mounted from external. Hosting was done on OpenVZ based containers, and the Underlay (Hypervisor) was generally managed by puppet. The Overlay (contents of the container), too, mostly. But due to limitations in Puppet, architectural decisions of the past and the nature of the workload imposed by customers that was not done consistently and completely. There was a lot of fuzz around the edges, and some things were completely on manual.\nThe new platform was based on Openstack, with a software designed storage solution, and a software designed network solution underneath, no local storage on the machine (all bytes always come from the SDS). Underlay and Overlay were to be completely controlled by Puppet, and in fact, the actual installation process was to be done by Puppet as well.\nWe actually succeeded in doing this.\nSo you have several racks full of HP DL380s, all powered off and cold. The bootstrap talks to the iLOs, turns on the hardware, inventories everything, zaps fresh ROMs and iLOs onto everything, and then paints a base operating system onto the machines that is just enough to bootstrap Puppet. Puppet then continues to install and personalise the machines and build an Openstack from this, including SDS and SDN cluster builds before the Openstack install.\nThe total installation time was 30-45 minutes, if everything went well, but usually not everything went well. :-) Also, Puppet as a tool is extremely focused on managing a single host and does not work well with the concept of a cluster. If you want to build such a thing, you end up coding a lot of stuff against the internal logic of Puppet, using Stages to have synchronisation points, or invoking very ugly hacks written as external Python scripts that sync up the cluster before allowing everybody to continue to the next phase.\nI learned that there is a place that can genuinely and rightfully be called Puppet Hell.\nWe made the decision to not write Puppet modules when we could reuse external work. That turned out to be a not so smart solution. We imported external repositories into our internal Gitlab, and in order to structure things, we set up a bunch of different segregated areas, teams. In the end we had about 200 repos, in six different teams.\nThat led to a lot of problems. We did not set out to have these problems, it just kind of inevitably happened.\n200 Repos is quite a lot, and even with tooling you end up making mistakes. Some people will not be able to see some repos, not because they should not, but because of mistakes. Some things are done manually, others are done automatically, but rules change or team members move, but the rules are not adjusted and other stuff.\nAnyway, you inevitably end up in a situation where you are making a change and you are not aware of all the consumers of the change - either because you can’t see them, or because you did not bother to check out that repo, or because your search did not find them. Not fixing your consumers will break them, and hence the build. That is annoying.\nYou also can’t make your changes atomically. You may make your change at the source, and merge it, but you still need to merge and push the 13 consumers of your change, and that can take time, or fail. Until you complete the merge in all Repos, nobody in the team can roll out. That sucks.\nFinally, if visibility is limited, it may be that two people are producing or importing duplicate solutions for a problem. Worse, it may be that these duplication are actually duplicate external imports, but at different version requirements. That makes it very hard to manage project dependencies and size.\nWe are doing Puppet, so what is it that we import when we import stuff from Puppetlabs, or github?\nWell, mostly generalised configuration management classes for Puppet.\nWhat is that?\nMost configuration files are actually Hashes of Hashes with a unique kind of syntactic sugar. MySQL my.cnf files, Bind configuration, Openstack ini-Files, and so on - the are all HoH’s.\nSo what you get is a YAML-shovel that will generate the HoH that is, say, an Apache vHost-definition from the Hash of Hashes inside Puppet variables. Which in turn are being loaded from the Hash of Hashes that is a Hiera YAML file.\nWhen you want to make a config change, you can’t edit a native Apache config file. You need to read the code, seeing how the Puppet in-memory HoH is being transformed into the actual Apache config. Then you need to look further back and understand how the twelve dozen Hiera files actually overlay each other to form these Puppet structures, and inject your change in the right place.\nThen you need to try this out and actually see what config is being generated.\nYou need a lab. For a config change.\nThat is because your config and your config generation became so complicated that it is no longer obvious. It is no longer obvious what that code does, and it is no longer obvious what your change does.\nIn our case the test environment is an entire datacenter, the vanguard data center. That is clearly insane.\nHow did we end up in this place?\nLet me introduce The Configuration Complexity Clock .\nYou write a piece of actual code, in a proper programming language. Values are pieces of code, constants. They are baked in. It is noon on the config clock.\nThings change, values need to change. You need different values in different places, so you load variables from a file, the config file. It is now 3.\nSomebody needs more than that - there are rules. “Some rooms are only available at some price if the stay includes a Saturday” is such a rule. Or “The amount of memory we give to the Innodb buffer pool is all machine memory minus 20% or 4GB, whichever is smaller, unless it’s a mz box with all that Blob stuff going on.” is another such rule. It is now 6 on the config clock.\nOf course some things can no longer be expressed as rules. You need a fully blown language with data structures, control structures, loops and include files. You get a config management DSL. Something like puppet. It’s 9 on the config clock.\n»The team spend most of their time writing code in the new DSL.\nAfter some embarrassing episodes, they now go through a complete release cycle before deploying new DSL code.\nThe DSL text files are version controlled and each release goes through regression testing before being deployed.«\nThat’s SysEleven, doing puppet. That’s us, doing Puppet - if not now, then it’s going to be us very soon.\nThat is, because what we are doing is no longer obvious, so we need to check the presence and type of parameters to our Puppet classes.\nWe need to write tests that check the validity and content of the subconfigs generated.\nWe then need to do integration testing, in order to prevent catastrophic loss of the entire site from centralised config changes.\nAt SysEleven, when we were at that point, we stopped. We threw away our complete stack of “Setup Openstack from scratch” and started over.\nWe chose a different config management system, in our case that was Ansible, but that is not really important.\nWe did choose something else than Puppet, mainly so that we were unable to directly reuse any component we previously wrote.\nWe did come up with some rules in order to prevent ourselves from descending into Puppet Hell again. Our goal was to enforce simplicity, and obviousness.\nWe did switch to a Monorepo, at least as much as possible. There were other, external dependencies with other parts of the company that prevented us from going completely Monorepo, but it kind of worked well enough for us.\nWe did use Ansible, and while the actual choice of the config management system officially did not matter as long as it is not Puppet, Ansible does have a number of advantages that Puppet does not have. One of them being that it deals much better with distributed software than Puppet can do, and the other, much more important one being that it is very limited.\nIt is impossible to do complicated things in Ansible. At some point, if Ansible is not sufficient, you need to stop ansibilizing and switch to Python. That’s a good point to raise the issue with the team and asking around what’s actually the problem and how an Ansible extension written in Python is going to make this better.\nThis is good, because it gives you a point where reflection and goal-setting are in order, and a hook where project management processes can be invoked.\nWe also looked at our YAML shovels and asked ourselves what they are good for. We found that they are overgeneralised solutions for our problems. We do not need to be able to write any conceivable Apache config from our config management code, we only need to be able to write our Apache config from it.\nOr, more generally:\nFeature development is about generalisation, avoiding limits, delaying decisions and being more flexible. Infrastructure development is about being concrete, making decisions, setting limits and being obvious. I cannot stress the importance of that enough. It was at the core of all of our problems.\nWe decided to write config files directly. If there is an Apache config, write that Apache config file in Apache config file syntax into the Ansible template directory, and install it as literally as possible. Changes will be obvious in what they do.\nDo not use variables, unless you can show that in our config there is actually variation.\nWe did catch ourselves in review in anticipating problems we didn’t have, introducing complexity we didn’t need. Good thing we did establish review, because every single team member failed at being as simple as possible, multiple times.\nWe did have a few cases were it was in order to write code, remove duplication and generate stuff in a loop or similar things, but these cases were few and far between.\nOur new setup was an order of magnitiude smaller and much, much easier to understand.\nWe did bring in external people and tried to explain to them what we did, and how things work, and the new setup was so much easier to work with that this was actually possible.\nWe did not need tests any more, because changes were obvious. Code that is not present does not need to be tested in the first place.\nSo, looking at us here: What’s in it for us?\nI do believe, after reading a lot of code in our Puppet and in other places, that Simplicity as a value in itself would work well for us, too. Code isn’t our friend, either, especially in Core.Infra and Operations related places. We are here to make decisions, not delay them, and to be obvious, and as simple as we can get away with. Which is hard enough given the fact that our size and growth force more and more distributed stuff on us, which by it’s very nature has a high inherent complexity.\nI think the entire container thing is a brilliant idea, and we should be doing it more.\nA lot more.\nImmutable containers, being created and then loading values from a Zookeeper or Consul, instead of running Puppet on every host, painting state changes over state changes that may or may not have been previously applied.\nEventually we will no longer have any need for Puppet at all any more, despite the fact that we are a larger company that is doing a lot more distributed stuff than now.\nThe Tao of Operations: Be simple. Be boring. Be obvious. Because every time you aren’t, you get to write a postmortem. ","date":"2016-09-01T00:00:00Z","href":"https://blog.koehntopp.info/2016/09/01/be-simple-be-boring-be-obvious.html","tags":["lang_en","computer","devops","talk"],"title":"Be simple. Be boring. Be obvious."},{"categories":null,"content":"Ok, ein Aspie-Kandidat hat Snow Crash gelesen und ist von den Erwähnungen sumerischer Kultur und Alt-Enochisch als Sprache fasziniert und tut das, was ein Aspie in so einer Situation als normal empfindet: Er lernt alles über das Thema, verdaut es und erzeugt dann einen Braindump. Der ist durchaus lesbar.\nBroken Tablet Broken Tablet ist also die sumerische Version von Outlander: Ein irakischer Silicon Valley Milliardär hat genug von der Technik und kehrt in seine Heimat zurück (Hey, Steve Jobs hat syrische Wurzeln!), um dort mit einem entlegenen Zweig seiner Familie Kontakt aufzunehmen. Das hat er kaum getan, als er in einen \u0026ldquo;Der letzte Countdown\u0026rdquo;-artigen Zeitsturm gerät und im Zweistromland wieder auftaucht.\nDort stellt er fest, daß die Sprach- und Ideenbasierte Magie des Sumerischen durchaus funktioniert, und daß es ziemlich schwierig ist, moderne Technik und moderne Ideen im Altertum und dem Ideen-Referenz-Framework des Altertums zu kommunizieren, wenn die Sprache dem Denken recht enge Grenzen setzt.\nEine Geschichte um Technik und Magie, um Sprache, Ideen und Kommunikation, teilweise ein wenig konstruiert, teilweise ein wenig klischeebehaftet, aber über alles durchaus spannend und ohne zu große Längen. Ein Erstlingswerk, dem man seine Schwächen anmerkt, das aber durchaus funktioniert.\n\u0026ldquo;Broken Tablet \u0026rdquo;, Micah Joel, EUR 2.99 Kindle unlimited verfügbar\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-broken-tablet.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Broken Tablet"},{"categories":null,"content":"Nach dem Tode seiner Frau ist Neal Asher durch eine ziemlich fiese Depression gelaufen und war naturgemäß wenig produktiv. Nun, wie sag ichs, es geht ihm besser und er schreibt wieder.\nDark Intelligence Chronologisch, thematisch und zum Teil auch räumlich spielt \u0026ldquo;Dark Intelligence\u0026rdquo; nach The Technician , denn es geht um Penny Royal.\nDie Polity ist auf eine Weise ein Gegenentwurf zu Ian Banks \u0026ldquo;The Culture\u0026rdquo;, denn auch in der Polity hat die Singularität quasi stattgefunden und die Menschen wurden von ihren AIs und deren Technologie weit überflügelt und nicht zurückgelassen. Sie werden stattdessen auf eine Weise in die sich entwickelnde neue und entschieden nichtmenschliche (oder scheinmenschliche) Kultur integriert. Doch anders als in der Bank\u0026rsquo;schen Culture gibt es in der Polity durchaus noch nicht-selbstgewählte Probleme und übermächtige Gegner (und Ashers Schreibe leidet ein wenig an seinem gelegentlichen Hang zu Torture Porn).\n\u0026ldquo;Dark Intelligence\u0026rdquo; greift die Erzählung auf Masada nach dem Ende der Theokratie auf, und berichtet uns von einer Reihe von Figuren, die mit der failed AI Penny Royal (Penny Royal ist eine Abtreibungspflanze: Die AI Penny Royal ist sich ihrer Fehler wohl bewußt) Kontakt hatten und wie sich deren Leben dadurch und durch die von Penny Royal bewirkten Änderungen verändert.\nDabei stellt sich heraus, daß Penny Royal durchaus auf dem Weg zu einer Art Heilung ist, und auf eine verdrehte und berechnende Art und Weise Gerechtigkeit und Ausgleich schaffen will - ein Thema, daß wir auch schon in den Geschichten um den Brass Man bei Asher beobachten konnten.\nDas Pacing ist langsam, aber die Geschichte ist wunderbar konstruiert und am Ende fallen alle Steine auf eine befriedigende Weise an ihren Platz. Eine der besseren Asher-Stories.\n\u0026ldquo;Dark Intelligence \u0026rdquo;, Neal Asher, EUR 6.59\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-dark-intelligence.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Dark Intelligence"},{"categories":null,"content":"Spreadsheets in Space ist eines der tollsten Computerspiele und MMOGs, die ich nie spielen werde, weil ich schon ein Leben habe, und weil ich mich gut erinnern kann, wie schlimm PernMUSH damals für mein erstes Leben war. Außerdem glaube ich fest daran, daß Zusammenfassungen und Geschichten über EVE zu lesen viel toller ist als EVE tatsächlich zu spielen. Das muß ich schon, damit ich es nicht ausprobiere. :-)\nEmpires of EVE Wie dem auch sei, dieses Buch ist eine (selbstverständlich angezweifelte, parteiische und unvollständige) Historie einer Phase in der Entwicklung von EVE und kontrastiert dabei in-game Entwicklungen und Interviews mit den Spielern auf eine Weise, die einen an einer kondensierten und durchaus faszinierenden Geschichte dieses wunderbaren Spiels teilhaben läßt ohne daß man selber groß Gefahr läuft, es selber ausprobieren zu müssen.\nSelbstverständlich ist das alles Nullsec-Kram, denn welcher Vollblutpilot würde sich sich schon lange mit Highsec Grinding abgeben?\n\u0026ldquo;Empires of EVE \u0026rdquo;, Andrew Groen, EUR 9.22\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelese-empires-of-eve.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Empires of EVE"},{"categories":null,"content":"Kindle unlimited ist ja komplett risikolos und so kann man dann auch mal zu wilderen Ideen greifen und Dinge ausprobieren.\nEVE: The Awakening EVE: The Awakening ist so eine wildere Idee, und wir werden kommentarlos direkt da rein geworfen. Ein junges Mädchen sieht seine mit dem Auto nach Hause kommenden Eltern bei einem Unfall auf der letzten Kreuzung vor dem Haus sterben - und entwickelt spontan telekinetische Kräfte. Sie ist nicht allein damit, aber offenbar die Jüngste, bei der das bisher passiert ist. Schnitt.\nEve ist jetzt 19, und wie viele andere in ihrer Welt eine Chimäre, ein Wesen mit diesen unheimlichen Kräften, die sie zu einer Ausgestoßenen machen. Dennoch gelangt sie aus Gründen, die sich nicht versteht, per Stipendium auf die Billington University in Kalifornien, wo sie mit der Schule und Ausbilding zu kämpfen hat, mit der komplizierten sozialen Hierarchie zwischen den Reichen, Mächtigen und den Stipendiaten, und mit den Übergriffen der Interloper, vor 20 Jahren auf der Erde erschienen sind und bis jetzt weder kommunizieren wollten noch wirklich greifbar waren - das ändert sich jetzt.\nDies ist ein Buch. Das ist das vollkommen falsche Medium. Diese Geschichte würde als japanischer Magical Girl Anime in 26 30-Minuten-Folgen sofort und reibungslos funktionieren. Als Buch fehlen die Kommunikations- und Darstellungsmittel, um die Geschichte zum fliegen zu bringen. Was schade ist, denn der Anime wäre super.\n\u0026ldquo;EVE: The Awakening \u0026rdquo;, Jenna Moreci, EUR 3.68, Kindle unlimited verfügbar\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-eve-the-awakening.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: EVE: The Awakening"},{"categories":null,"content":"\u0026ldquo;Oh, Du ziehst in die Niederlande. Wie ist das denn so?\u0026rdquo; Das ist dem Deutschen ähnlicher als jede der beiden Nationen zuzugeben bereit ist, aber deutlich unterschiedlich. Diese Kombination von Fremdheit und Nähe ist mitunter verwirrend, weil man immer genau dann, wenn man glaubt, das Land begriffen zu haben, in irgendwas rein läuft, das vollkommen einmalig niederländisch ist.\nWie dem auch sei, was soll ich das erklären - lest halt selber.\n\u0026ldquo;Holland für die Hosentasche \u0026rdquo;, Ulrike Grafberger, EUR 9.99\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-holland-fur-die-hosentasche.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Holland für die Hosentasche"},{"categories":null,"content":"Hines ist da, wo Stross noch hin will: Der Deckel ist ab, die Muggel haben die Magie gesehen und müssen sich in der neuen Welt zurecht finden - nichts, was sie bisher über die Welt und ihre Geschichte wissen ist noch wahr und eine neue, bisher unbekannte Macht existiert.\nRevisionary Natürlich muß sie - wie das Internet in unserer Welt - dringend reguliert, in Waffen umgewandelt und als Machtinstrument strukturiert werden. Und wenn dazu ein paar Leben ruiniert, Attentate inszensiert und Bedrohungen konstruiert werden müssen, dann ist das halt so, aber es ist ja zum Besseren™ für alle.\nNur daß Isaac Vainio das so nicht hin nehmen kann und will, und diese Dämonisierung des Neuen und seine Kontrolle in den alten Strukturen nicht hinnehmen will. Und so geht diese Geschichte von Magie über Politik auch um die letzte Phase des Erwachsenwerdens, vom Verantwortung nehmen für sich selbst über die Verantwortung für die Seinen zum Verantwortung nehmen für die Zukunft. Es ist Hines zu verdanken, daß eine solche Gelegenheit für trockene Moral und Langweile stattdessen zu einem spannenden Action Thriller wird.\nVierter Teil einer Serie, und nicht wirklich standalone tragfähig, aber die Serie sei Euch empfohlen.\n\u0026ldquo;Revisionary \u0026rdquo;, Jim C. Hines, EUR 12.99\nMehr Reviews:\nLibriomancer Codex Born Unbound Revisionary ","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-revisionary.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Revisionary"},{"categories":null,"content":"Das Buch ist eine Serie von Essays, jedes zu einem bestimmten Aspekt von Operations, in dem die betreffenden Gruppen bei Google von den Hintergründen, der Organisation und der Technik ihrer Arbeit berichten. Das Buch zeigt eine Weise, wie man einen modernen Operations-Betrieb in der IT organisieren kann, der insbesondere auch für große verteilte Systeme in einem wirtschaftlichen Umfeld mit hohem Transaktionsvolumen, geringem End-User-Service und geringen Margen funktioniert.\nViele Aspekte dort können wertvolle Denkanstöße für die Weiterentwicklung oder Verifizierung der Entwicklung der eigenen Organisation bieten, wobei eine Reihe von Dingen auf die eigene Betriebsgröße, die verwendete Technik und das eigene wirtschaftliche Umfeld angepaßt werden müssen.\nDas Buch zeigt auch, welchen Grad an Organisationsentwicklung viele Betriebe noch vor sich haben und daß Technik-, Organisations- und Personalentwicklung Hand in Hand gehen müssen, wenn das funktionieren soll - wobei die Technikentwicklung üblicherweise das einfachste und das letzte zu lösende Problem sein kann und muß.\n\u0026ldquo;Site Reliability Engineering \u0026rdquo;, many authors, EUR 21.71\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-site-reliability-engineering.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Site Reliability Engineering"},{"categories":null,"content":"Okay, der Stross war nicht daheim und hat Alyx Dellamonica an das Mikrofon gelassen: Magic Ecospeak und so kommt es, daß \u0026ldquo;The Case of the Toxic Spell Dump\u0026rdquo; auf meinem SuB gelandet ist.\nWorum geht es: Alle Kräfte im Universum sind personifiziert und manche von ihnen sind rachsüchtig. Diese Natur der Welt bringt es mit sich, daß die Zivilisation nur durch die korrekte und umsichtige Anwendung bekannter und zuverlässiger magischer Gesetzmäßigkeiten funktionieren kann. Alle Religionen sind wahr, alle Götter sind echt und so mächtig wie Leute an sie glauben, alle magischen Prinzipien, wie wir sie aus dem Mittelalter kennen funktionieren. Seelenlose Technik gibt es nicht.\nIn dieser alternativen Welt des 20. Jahrhundert ist David Fisher ein Agent der Environmental Perfection Agency in der City of Angels, der sich mit der Erfassung, Eindämmung und Beseitigung magischer Rückstände beschäftigt.\nEine Film Noir-Geschichte in einem magischen Universum: Turtledove baut eine alternative, und durchaus konsistente Weltsicht auf - und schreckt dabei auch vor einem Haufen wirklich schrecklicher Kalauer nicht zurück. Die sind auch das, was das Buch trotz gelegentlicher Längen und schlechtem Pacing lesbar macht und einen bei der Stange hält.\nNur 3.99 EUR und die ist es auch wert.\n\u0026ldquo;The Case of the Toxic Spell Dump \u0026rdquo;, Harry S. Turtledove, EUR 3.99\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-the-case-of-the-toxic-spell-dump.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: The Case of the Toxic Spell Dump"},{"categories":null,"content":"Was bisher geschah: The Rho Agenda Trilogy Die Geschichte setzt einige Zeit nach Wormhole auf, dem Abschluss der Rho Agenda, und ist zugleich das erste Buch in einer neuen Trilogie \u0026ldquo;The Rho Agenda Assimilation\u0026rdquo;.\nDie Rho Agenda hat als eine Art YA und Coming of Age-Geschichte angefangen und gegen Ende eine ganze Menge dunklerer Themen aufgegriffen. Philipps hat dann mit der \u0026ldquo;Rho Agenda Inception \u0026rdquo; eine Trilogie von Thrillern und Agentengeschichten um seine Mary Sue \u0026ldquo;Jack Gregory\u0026rdquo; abgeliefert, die man als Urlaubslektüre gut durchziehen konnte und die zeitlich vor der Rho Agenda spielen.\n\u0026ldquo;The Kasari Nexus\u0026rdquo; ist jetzt der erste Teil einer Fortsetzung der Rho Agenda mit den inzwischen erwachsenen Figuren aus der Rho Agenda. Die Teile 2 und 3, The Altreian Enigma und The Meridian Ascent sind auf Amazon bereits angekündigt (Band 2 ist auf Dezember 2016 terminiert, Band 3 auf August 2017) und alle drei Teile sind für Kindle unlimited markiert.\nDie Geschichte spielt auf der Erde, wo Mark Smythe und Jack Gregory mit einer kleinen Gruppe von Rebellen als Terroristen verfolgt werden, während eine Art kommisarischer Erdregierung versucht, Kontakt zu den Kasari aufzunehmen und das namensgebende Wormhole aus Teil 3 der ersten Trilogie wieder aufzubauen und die Kasari auf die Erde einzuladen.\nUnterdessen verschlägt es das in Wormhole gestartete Kasari-Schiff mit Jennifer Smythe und Raul Rodriguez zu einer Welt namens Scion, auf der das Kasari Kollektiv einen Brückenkopf eingerichtet hat und in der eine Gruppe von Aliens Widerstand leistet.\nPhillipps bürstet hier haarscharf an Military Scifi vorbei, trifft beinahe meine Allergie gegen das Genre, und schafft es gerade so, durch die Characterisierung seiner Figuren und ihre Entwicklung mich bei der Stange zu halten.\nLangsameres Pacing als die Jack Gregory-Geschichten, und halt deutliche Spuren von Military Scifi, ansonsten ganz gut. Gut, daß es im Kindle unlimited verfügbar war.\n\u0026ldquo;The Kasari Nexus \u0026rdquo;, Richard Phillips, EUR 9.99\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-the-kasari-nexus.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: The Kasari Nexus"},{"categories":null,"content":"Die Laundry Files Series Charles Stross schrieb in seinem Blog ja schon, daß der Bob View of the world zu zynisch geworden ist, und daß Bob zu mächtig geworden ist (Crib Sheet Annihilation Score ). Und so war Buch 6 (Annihilation Score ) über Mo als Figur und als Person, und wie verzerrt unsere Wahrnehmung von ihr durch die Brille von Bob war.\nBuch 7 gibt uns eine weitere Sicht auf die Welt, denn wir erleben sie aus der Sicht von Alex, jedem frisch zum Vampir mutierten Quant, einem Softwarentwickler aus der Welt der High Frequency Trader, der nun für die Laundry zwangsverpflichtet wurde. Und nun mehr oder weniger nichtsahnend in eine Elfeninvasion gerät. Wobei Stross-Elfen noch viel unappetitlicher sind als man sich eine normale Wilde Jagd schon so vorstellt. Und spätestens wenn die Regierung einen Atomschlag genehmigt ist auch klar, daß es ein Ende damit hat, den Krieg gegen das Eindringen alternativer Realitäten in unsere Wirklichkeit heimlich zu führen.\nTrotzdem ist dies ein hoffnungsvolleres und weniger dunkles Buch als Teil 6 - aber die Pause wird nur von kurzer Dauer sein, denn Stross hat schon ein Gemetzel für Teil 8 angekündigt.\nWobei Stross\u0026rsquo; 8. Teil gerade gebrexited wurde und sich verzögern wird: Reality is broken I thought running in circles like headless chickens, squawking, and settling scores was as far as it would go. I didn\u0026rsquo;t anticipate three simultaneous constitutional crises, the main Opposition going all Night of the Long Knives, the Prime Minister resigning and his principal adversary balking and then his principal supporter-turned-adversary being stabbed in the back and then \u0026hellip; but it gets worse:\nBoris Johnson, previously noted for winning The Spectator\u0026rsquo;s competition for the most libelous poem about President Erdogan of Turkey is appointed Foreign Secretary and the first crisis he has to deal with, less than 48 hours after taking office, is a failed coup d\u0026rsquo;etat against Erdogan? And Boris is the great-grandson of Ali Kemal Bey? Who ordered that?\nI couldn\u0026rsquo;t put something like that in a work of fiction: everyone would laugh at it, and for all the wrong reasons!\n\u0026ldquo;The Nightmare Stacks \u0026rdquo;, Charles Stross, EUR 12,99\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-the-nightmare-stacks.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: The Nightmare Stacks"},{"categories":null,"content":"Es gibt ein ganzes Genre von Scifi, in denen eine Generation Kinder der Erde plötzlich neue Fähigkeiten entwickelt, die auf einer Mutation basieren, und dem sich daraus ergebenden Generationswechsel und gesellschaftlichen Umbruch.\n\u0026ldquo;The Atlantis Gene\u0026rdquo; fängt auch so an, mit einer Forscherin, Kate Warner, die sich mit Autismus beschäftigt und dabei auf eine Veränderung stößt - doch dann stellt man fest, daß das nur der Eingang zu mehr Ebenen in der Geschichte ist, und daß man es hier eigentlich mit einer Geschichte aus dem Thriller-Genre zu tun hat, in der die Scifi mehr so Deko ist.\nWie dem auch sei - wir haben es mit zwei wirklich großen Raumschiffen zu tun, die vor 70k Jahren auf der Erde abgestürzt sind, mit einer Geheimgesellschaft, den Immari, die für wirklich alle Plagen und Verschwörungen der letzten 5000 Jahre menschlicher Geschichte verantwortlich sind und die Illuminaten wie blutige Anfänger aussehen lassen und mit einer außerirdischen Verschwörung, auf die die eine außerirdische Macht die Erde vorbereiten will, um die Menschen gegen eine andere außerirdische Macht antreten zu lassen - nur daß dabei ein paar Millarden Menschen draufgehen und die Polkappen abgeschmolzen werden.\nSchon nach Band 1 steht kein Stein der Zivilisation mehr auf dem anderen, und da fängt die Umdekorierung des Planeten erst an. Die Protagonisten sterben in der Story ein paar Mal, aber das ist angesichts der außerirdischen Supertechnologie, die im Spiel ist, schnell korrigiert.\n\u0026ldquo;Ich möchte lösen! Dan Brown!\u0026rdquo;\nFast richtig.\nIch nehme auch an, daß ich das überhaupt nur lesen kann, weil ich anders als bei \u0026ldquo;Digital Fortress\u0026rdquo; nicht genug von der Materie verstehe, daß mir der Verpackungs-Technobabble gerade so kein Nasenbluten macht.\nEin Buch davon ist ganz gut, zwei sind noch unterhaltsam, drei sind zu viel. Was heute noch wie ein Märchen klingt könnte auch Blödsinn sein, oder so.\nThe Atlantis Gene The Atlantis Plague The Atlantis World ","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-the-origin-mystery-trilogy.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: The Origin Mystery Trilogy"},{"categories":null,"content":"Peter Turchin, in Russland geboren und zusammen mit seinem Vater 1977 in die USA exiliert worden, hat Biologie, Mathematik und Anthropologie studiert und modelliert jetzt an der Universität Connecticut die Entwicklung menschlicher Gesellschaften durch Multilevel Selection. Das Buch \u0026ldquo;Ultrasociety\u0026rdquo; ist die populärwissenschaftliche Kommunikation seiner Erkenntnisse bisher, und verweist auf eine ganze Leseliste richtiger wissenschaftlicher Dokumentation in den Anhängen.\nWir kennen Turchin schon von \u0026ldquo;War and Peace and War\u0026rdquo;, und \u0026ldquo;Ultrasociety\u0026rdquo; ist dabei quasi das Update zu War and Peace and War. Das Buch erklärt insbesondere die Rolle des Krieges bei der Entwicklung menschlicher Zusammenarbeit und den Zusammenhang zwischen zivilisatorischer Entwicklung (in \u0026ldquo;Anzahl der Leute, die zusammenarbeiten müssen, um eine bestimmte gesellschaftliche Leistung oder ein Artefakt einer Zivilisation zu schaffen\u0026rdquo;) und Krieg und Militärgeschichte.\nDabei behauptet Turchin, den notwendigen mathematischen Unterbau zu haben, um solche Entwicklungen simulieren und vorhersagen zu können (Hari Seldon ).\n\u0026ldquo;Ultrasociety: How 10.000 Years of War made Humans the Greatest Cooperators on Earth \u0026rdquo;, Peter Turchin, EUR 9.95\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-ultrasociety.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Ultrasociety"},{"categories":null,"content":"Wenn man sich auf die erste und wichtigste Säule konzentriert (\u0026ldquo;Personal, Organisation, Technik\u0026rdquo;), dann ist dieses Buch die Ergänzung zum SRE Buch , weil es die HR Organisation und die Arbeitssituation von Google beschreibt, und die ist durchaus anders als in anderen Firmen - wieder geprägt vom wirtschaftlichen und technischen Umfeld.\nTeile davon sollte man ganz dringend auswerten, auf die eigene Organisation skalieren und anpassen und sich dann überlegen, was das für die eigene Arbeit bedeutet, egal wie schmerzhaft das ist.\n\u0026ldquo;Work Rules! Insights from Inside Google That Will Transform How You Live and Lead \u0026rdquo;, Laszlo Bock\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-work-rules.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Work Rules!"},{"categories":null,"content":"Ein früher Teil meines Lebens, der vor dem Commodore 64 stattgefunden hat, besteht darin, Büchereien durchzulesen. In der ersten und zweiten Klasse war das die Schülerbücherei meiner Grundschule in Russee, und nach dem Umzug nach Heikendorf waren es dann die Schulbüchereien der dortigen Grundschule und des Gymnasiums und die Stadtteilbücherei am Dorfplatz, an dem wir praktischerweise gewohnt haben.\nSchnell kam ich darauf, daß man schneller und früher an Bücher kommt, wenn man der Bibliothekarin hilft und in der Bücherei mitarbeitet - Einsortieren von Rückgaben, Einschlagen von Neubeschaffungen, Bestelllisten in Beschaffungsformulare übertragen und am Ende dann halt Bestelllisten befüllen: Mühsam arbeitet sich das Eichhörnchen nach vorne in der Queue.\nEines der Bücher aus dieser Zeit, die mir immer wieder in den Sinn kommen, wenn ich dieser Tage Kontakt mit der Realität habe, ist Ypsilon minus. Die dort beschriebene Gesellschaft könnte Sozialismus sein, denn für alle Menschen dort ist ihrer Befähigung nach gesorgt, oder Kapitalismus, denn alle Menschen dort werden quasi-perfekt ausgebeutet, vor allen Dingen ist sie aber (1976!) eine perfekte Big Data-Vorwegnahme, ein Tanz mit der Idee, daß, wenn wir alles über jeden Wissen, den Zufall ausschalten und die Gesellschaft steuern können. Ob das nun eine unsichtbare oder eine staatliche Hand macht, ist für den Ausgang quasi egal.\nUnd so kommt es, daß in Ypsilon minus alle Bürger halb automatisch, halb manuell durchleuchtet und nach ihrer Nützlichkeit für die Gesellschaft bewertet werden. Dieses Rating ist durchaus vielschichtig und sehr komplex, aber am Ende kommt ein Skalar raus - ein Kennbuchstabe von A bis Z. \u0026ldquo;Ypsilon minus\u0026rdquo; ist der gesellschaftliche Schrott, der durch das Raster fällt.\nBen ist ein R - \u0026ldquo;Ben Erman\u0026rdquo; - und ein Rechercheur, der Daten für die Bewertung von Menschen zusammenträgt und erfaßt. Eines Tages bekommt er in einer PK Dick-haften Wendung (\u0026ldquo;A Scanner Darkly\u0026rdquo; erscheint aber erst ein Jahr später, 1977) den Auftrag, sich selbst zu durchleuchten und zu recherchieren und stößt dabei auf eine Zeit von einigen Jahren, an die er sich nicht selbst erinnern kann und auf Leute, von denen er nicht weiß, daß er sie kennt.\nEs stellt sich heraus, daß die Welt nicht immer so war, wie sie war, und daß die jetzigen Machthaber vor nichts mehr Angst haben als vor dem Unberechnenbaren und dem nicht Vorhersagbaren (ein Thema, das viele Jahre später Tom Hillenbrand in Drohnenland noch einmal aufgenommen hat).\nEinen Scifi von 1976 in 2016 zu lesen ist gleichzeitig eine Reise in die Zukunft, in die Gegenwart und in die Vergangenheit, in die von Erman und in meine eigene. Ich habe beim besten Willen keine Idee, wie diese Geschichte auf Euch wirken wird, denn sie ist bei mir durch meine eigenen Kindheitserinnerungen gefärbt, aber… Hey, Herbert W. Franke . Es wird schon passen.\n\u0026ldquo;Ypsilon minus \u0026rdquo;, Herbert W. Franke, EUR 5.99\n","date":"2016-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2016/08/14/fertig-gelesen-ypsilon-minus.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Ypsilon Minus"},{"categories":null,"content":"(salvaged and edited Google+ Content)\nHeute ist ein Gedanktag, denn an einem Freitag, dem 13. Mai vor 11 Jahren ging das so:\n»Im Rahmen der strengen Sicherheitsbestimmungen für das WEB.DE Rechenzentrum wurden am Freitag Abend aufgrund von Ausfällen in der Klimatisierung sämtliche Server der WEB.DE Dienste vorübergehend heruntergefahren. Diese vorsorgliche Maßnahme dient dem Interesse der Datensicherheit unserer Kunden.\nWir werden im Laufe des Samstag Morgens die Server wieder kontrolliert zum regulären Betrieb hochfahren. Wir entschuldigen uns bei Ihnen für die Unannehmlichkeiten.\nIhre WEB.DE AG«\nIch habe damals als Security-Fuzzi bei web.de gearbeitet und an diesem Tag kam es im Verlaufe des Abends zu einem Totalausfall der Kühlung in allen Rechenzentrumszellen.\nUm eine Beschädigung von persistenten Daten zu verhindern haben wir das gesamte RZ runtergefahren, als die Temperaturen der Zuluft den sicheren Rahmen verlassen haben. Später in der Nacht kam es mit Notkühlung zu einem geplanten Wiederanlauf des Systems und am Samstag war bereits von außen keine Störung mehr erkennbar, auch wenn intern noch eine ganze Menge Systeme degraded waren.\nDanke Euch allen, Ihr wißt wer Ihr seid! Es war eine tolle Zeit und ein unglaubliches Team!\nWas war passiert? Ein Rechenzentrum, das ist eine feuerfeste, luftdichte Kiste, in die man Strom und Netzwerkkabel rein legt. Die Rechner machen Abwärme. Also legt man auch Wasserleitungen rein und wieder raus, und baut drinnen Wärmetauscher ein, die die warme Luft ansaugen, kalt machen und wieder raus pusten.\nDamit man effektiv ist, muß man Straßen für kalte und warme Luft bauen und dafür sorgen, daß die kalte Luft da hin kommt wo sie gebraucht wird.\nAus der RZ-Kiste kriegt man warmes Wasser raus. Und ab da wird es ein wenig anstrengend, mehr dazu weiter unten.\nEs gab also drei große Kältemaschinen, die dann die Wärme in Richtung Kühlkörper nach draußen schaffen. Vor 11 Jahren hat abends die Substeuereinheit für den Betonkasten mit den Kühlkörpern draußen den Befehl bekommen \u0026ldquo;mach das Zulaufventil weiter auf\u0026rdquo;.\nDie Substeuereinheit hat dann gesagt \u0026ldquo;Nö.\u0026rdquo; und ganz zu gemacht.\nAb da hat das ganze System keine Energie mehr aus dem RZ raus holen können, das Wasser in den Kühlkreisläufen wurde wärmer und der Druck stieg.\nAls der Druck zu hoch wurde, bei (1), hat die Kältemaschine hingeschmissen und ihr Backup sprang an. Es gab keine Meldung. Maschine 2 hatte dasselbe Problem und bei (2) passierte dasselbe und Nummer 3 hat übernommen. Als die auch hingeschmissen hat (3), stieg die Zuluft-Temperatur an. Es wurde alarmiert.\nIch war mit einem Haufen anderer Leute noch in der Firma, denn wir saßen bei Bier in der Kantine, um den Tosi, der die Firma verlassen wollte, zu verabschieden und feierlich zu ent-admin-rechten.\nEin Anruf von Armin (Zuluft über 35 Grad, kannste mal gucken?) später stand ich unten im RZ und mir schlug tropische Luft entgegen. Als Securityfuzzi habe ich die Eskalation durchgeführt und wir haben, als die Zuluft-Temperatur zur Gefährdung persistenter Daten geführt hätte, eine Komplettabschaltung durchgeführt (4).\nZiemlich schnell hatte ich zu viele Leute für den Notfall und habe die Hälfte der Mannschaft wieder heim geschickt, mit der Bitte um Mitternacht anzutreten und das aktuelle Team abzulösen.\nArmin und das RZ-Team haben die Klimaanlage auf manuell geprügelt, während meine Gruppe sich um die Maschinen gekümmert hat und versucht hat, die Temperatur unter Kontrolle zu bekommen, indem wir weniger Abwärme produzieren. Einige Personen waren als Melder und Protokollanten eingeteilt, jemand hat sich darum gekümmert, die Kommunikation mit Eva, unserer Pressefrau, und mit dem Vorstand zu koordinieren.\nAls die Klimaanlage jedoch wieder ansprang (5), war sie auf manuell. Das heißt auch, daß sie ungeregelt gelaufen ist und wir auf einmal mindestens 200kW Abwärme liefern mußten, damit das Kühlwasser nicht gefriert. Also haben wir relativ panisch Dienstplanänderung gespielt und Kisten wieder angeschaltet, damit das Klimateam die Rohre nicht kaputtfriert.\nDen Rest der Nacht haben wir dann die Systeme wieder zusammengesetzt und Wiederanlauf von Null gespielt. Um Mitternacht kam die zweite Mannschaft und um Eins ist dann das initiale Eskalationsteam heim gefahren und ins Bett gefallen. Als der Vorstand auftauchte, haben wir ihm eine kurze Führung mit Statusreport durch unsere Notfallkoordination und das RZ geben können. Wir haben das Notfall-Geld genommen und bei der Pizzeria gegenüber eine ununterbrochene Pizza-Versorgung sichergestellt.\nAm Samstag gegen 14 Uhr war volle Redundanz wieder hergestellt und der Rotlevel im Nagios auf dem üblichen Niveau.\nDas war mal alles Scheiße gut eingespielt und durchgezogen.\nWieso war das schwierig? Das Rechenzentrum von web.de befand sich in den Räumen der ehemaligen Pfaff-Nähmaschinenfabrik in der Amalienbadstraße in Durlach.\nDie Räume dort sind im Grunde nicht groß und nicht hoch genug für einen Rechenzentrumsbetrieb. Durch ausgeklügeltes Wärmemanagement ist es dennoch gelungen, mit der Technik von 2005 pro Rack 21kW zu installieren und sicher zu fahren (sechs volle IBM Bladecenter), ohne Wasser bis ins Rack zu führen.\nWir haben da eine ganze Menge Gruppen Klimatechniker (FH) durchgeführt, um die Installation zu demonstrieren.\nDas System hat 21kW pro Rack in einem Raum mit 2.95 Meter Deckenhöhe (45cm Unterboden -\u0026gt; 2.50 Meter bis zur Decke) fahren können und den Airflow mit Kaltgang-Warmgang und Zwangsbelüftung der Racks gefahren.\nDie alte Situation vor Ort: Rechenzentrumszelle mit 7kW Racks. Niedrige Deckenhöhe, räumlich beengte Situation. Doppelboden noch solid, und geschlossene Glastüren am Rack.\nEs war außerdem noch nicht betrieblich von der Klimafirma an web.de übergeben. Da es sich um eine Aufrüstung eines bestehenden Rechenzentrums (7kW bzw. 10kW auf 21kW) gehandelt hat, war jedoch produktiver Betrieb da drin.\nNach dem Vorfall haben wir nur noch mit den Anwälten von web.de reden dürfen, die dann den Anwälten von der Klimafirma gesagt haben, was sie den Technikern von der Klimafirma sagen sollen.\nDer Fehler besteht übrigens darin, in einer alten denkmalgeschützten Nähmaschinenfabrik in Durlach RZ-Betrieb zu machen, anstatt sich massenhaft Platz in einem Gewerbegebiet anderswo zu besorgen.\nDort hätte man 4-5 Meter Raumhöhe haben können, wäre unter Umständen auf der Alb oder im Schwarzwald und nicht im heißen Rheintal und hätte auch so viel Platz, daß man statt mit 21kW pro Rack mit 7kW pro Rack hätte planen können. Das heißt, man wäre mit drei Mal weniger Density hin gekommen.\nIn dem Fall hätte man dann einfach normale Klima von der Stange genommen und alles wäre langweilig gewesen. Langweilig ist gut.\nAufbau und Umrüstung des Klimasystems Die Bauarbeiten zur Klimaaufrüstung und RZ-Erweiterung fanden im laufenden Betrieb statt.\nBauplan für die Klimaanlage, mit Rohrführungen, Pumpen und anderen Details.\nWas man an dem Bauplan sehen kann: Zu einem Rechenzentrum gehören nicht nur Rechner, sondern auch eine ganze Menge Infrastruktur.\nUnter anderem Kühlung. Hier sehen wir den Plan für drei Kältemaschinen, die im inneren Kühlkreislauf Wasser aus Wärmetauschern in den Rechenzentrumszellen bekommen, es kühlen und in die Wärmetauscher zurück leiten.\nDer äußere Kühlkreislauf enthält Wasser, das dabei erwärmt wird. Dieses Wasser wird nach außen zu einer Reihe von großen Kühlkörpern geleitet, die diese Wärme nach außen an die Umgebung abgeben.\nDrei Wärmepumpen, die dem inneren Kühlkreislauf Energie entziehen und in den äußeren Kreislauf bewegen.\nDetailaufnahme einer Wärmepumpe. Die Technik ist dieselbe wie hinten an jedem Kühlschrank, nur größer. Das Aggregat wiegt 6 Tonnen und steht zur Schwingungsdämpfung auf einem \u0026ldquo;schwimmenden\u0026rdquo; Sockel.\nIn der Realität sehen diese Dinger so aus und wiegen in etwa 6 Tonnen. Pro Stück. Und rappeln sehr laut, wie ein Kühlschrank, bei dem der Kompressor läuft, wenn der Kompressor dauernd laufen würde und 6 Tonnen wöge.\nDarum stehen die Dinger auch auf entkoppelten Betonfundamenten.\nSchweißarbeiten an den Kühlwasserrohren des inneren Kühlkreislaufes. Es ist ziemlich viel Wasser zu bewegen, entsprechend haben wir auch einen großen Rohrdurchmesser.\nDie Verteilerzentrale und die Pumpen für die Kühlung des Rechenzentrums (Ausschnitt) verteilt das Wasser des inneren Kühlkreislaufes in die Rechenzentrumszellen.\nDie Kühlkörper stehen in in einem großen Betonbunker. Links sieht man noch blau verpackt die Rohranschlüsse, mit denen Wasser zu den Kühlkörpern geleitet wird.\nDort, bei den blauen Abdeckungen, war später das motorisierte Steuerventil mit der Substeuereinheit, die den Ärger gemacht hat.\nDie Kühler werden geliefert.\nJeder Rückühler mit Kupferlamellen und Lüftern. Außerdem können wir Verdunstungskälte durch Versprühen von kalkfreiem Wasser erzeugen. Das ist notwendig, weil das Rechenzentrum im Rheintal steht, einem denkbar ungünstigen Ort für die Kühlung von Rechenzentren.\nDas Schwarze da links und rechts ist im wesentlichen ein Kühlkörper mit Kühlrippen, genau wie die Kühlung auf der CPU Eures Desktop-Gamer-Rechners. Pro Kühler und Seite haben wir aber 6 qm. Und die CPU-Lüfter da oben über dem Kopf des Fotografen - naja, haltet Euren Arm da besser nicht rein.\nDie Kühlung wird getestet, bevor die Rechner ins RZ kommen. Dazu mietet man Heizlüfter an und simuliert Abwärme. Das ist ein ziemlicher Hightech-Prozeß, wie man sehen kann.\n","date":"2016-05-13T00:00:00Z","href":"https://blog.koehntopp.info/2016/05/13/freitag-der-13-im-rechenzentrum.html","tags":["lang_de","data center"],"title":"Freitag, der 13. im Rechenzentrum"},{"categories":null,"content":"Venus hat einen Ring ausgespuckt und das hat sich irgendwo weit draußen, noch hinter dem Uranus, da wo das System zu Ende ist, positioniert. Die nackten Affen auf ihrem Reaktionsantrieb brauchen ewig, um da hin zu kommen.\nEiner fliegt da hin, auf einer Einmalrakete, und saust an den versammelten Flotten von Erde, Mars und Asteroidengürtel vorbei durch den Ring - der ein Stargate ist, das sich jetzt initialisiert hat. Es führt in ein Nichts, in dem sich eine Station und offenbar 1300 weitere Stargates befinden. Bewoht? Aufgelassen? Gefährlich? Unklar.\nDie nackten Affen führen Krieg um die Kontrolle des Gates, fliegen durch, und bringen sich dabei beinahe um, indem sie uralte Waffensysteme triggern - oder vielleicht auch nur das intergalaktische Äquivalent von Ungezieferfallen.\nAuf eine Weise ist dies wie Band 2, nur ohne die Mädels um ihn zu retten. Ein Haufen planloser Cowboys versucht sich auf dieselbe Weise umzubringen wie immer, wie durch ein Wunder überleben unverdient einige davon.\n\u0026ldquo;Abbadon\u0026rsquo;s Gate \u0026rdquo;, James S.A. Corey, EUR 8.99\nLeviathan Wakes Caliban\u0026rsquo;s War Abbadon\u0026rsquo;s Gate Cibola Burn ","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-abbadons-gate.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Abbadon's Gate"},{"categories":null,"content":"Dritter und letzter Teil der \u0026ldquo;Reckoners\u0026rdquo;-Serie. Die Storymechanik ist formal dieselbe wie in den ersten beiden Teilen - eine neue \u0026ldquo;exotische\u0026rdquo; Stadt, ein Epic zum Töten und Verwicklungen. Die neue Stadt ist Ildithia, vormals Atlanta, jetzt eine wandernde Stadt aus Salz und der Gegner ist - so scheint es - Prof, der durch die Geschehnisse im zweiten Band an die Dunkelheit verloren ging. Doch es geht auch um Regalia\u0026rsquo;s Vermächtnis und ihren geheimnisvollen Kontakt zu Calamity selbst, der Quelle der Mächte der Epics.\nGut, aber routinemäßig erzählte Geschichte, deren Big Reveal aber spätestens bei 66% klar erkennbar und vorhersehbar ist. Und noch dazu ideenmäßig lahm. Für Sanderson klar unter par gespielt.\n\u0026ldquo;Calamity \u0026rdquo;, Brandon Sanderson, EUR 10.99\n","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-calamity.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Calamity"},{"categories":null,"content":"Ok, nachdem Julie Mao und das Protomolekül auf der Venus gelandet sind, fangen sie dort an, den Zielplaneten umzubauen - wozu ist bis auf weiteres noch unklar.\nUnterdessen spielt jemand oder etwas auf Ganymed mit einer Variante des Protomoleküls rum, und das geht natürlich schief. Außerdem klaut jemand dort Kinder, und Holden und seine Leute werden in die Sache verwickelt. Am Ende wird alles gut und die Erde kriegt ein Stargate.\nOhne die Mädels - Bobbie Draper und Chrisjen Avasarala - wäre dieses Buch zum Schreien unerträglich, so ist es nur anstrengend. \u0026ldquo;Caliban\u0026rsquo;s War \u0026rdquo;, James S.A. Corey, EUR 7.99\nLeviathan Wakes Caliban\u0026rsquo;s War Abbadon\u0026rsquo;s Gate Cibola Burn ","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-calibans-war.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Caliban's War"},{"categories":null,"content":"Juhu, kommerzielle Siedler fliegen durch die Gates zu einer der Welten irgendwo anders - Illus heißt das neue zu Hause, und andere Siedler sind da bereits vorher angekommen. Die neue Welt ist unwirtlich, im Grunde groß genug für alle, und man ist von jeder Versorgung einige Flugzeitjahre weit abgeschnitten.\nDarum führen die nackten Affen dort erst einmal Krieg gegeneinander, hauen sich ihre knappen Ressourcen weg. Im weiteren Verlauf der Geschichte entdeckt man, was die Großen Alten auf diese lithiumreichen Welt eigentlich gemacht habe, daß Illus weniger ein Planet als eine große Maschine ist und daß Lithium-Reaktoren, die einige Milliarden Jahre lang ohne Wartung aus waren eine ganze Menge Bumm machen können.\nUnd daß eine unwirtliche Welt nach dem Bumm so richtig unwirtlich ist.\nOk, ich hab es nicht fertig gelesen, sondern große Strecken Murty-Schwanzvergleich, alles-ist-matschig-und-schlimm und ähnliches Nerv überlesen. Ein wenig Italowestern mit Weltraumwaffen und noch viel mehr \u0026lsquo;unwissende Menschen stolpern durch Alien-Supertech und machen alles kaputt\u0026rsquo;.\nBand 5, Nemesis Games, liegt ungelesen im SUB. Nicht oben. Band 6, Babylon\u0026rsquo;s Ashes, ist vorbestellbar für den 16. Juni. Theoretisch. \u0026ldquo;Cibola burn \u0026rdquo;, James S.A. Corey, EUR 5.99\nLeviathan Wakes Caliban\u0026rsquo;s War Abbadon\u0026rsquo;s Gate Cibola Burn ","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-cibola-burn.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Cibola burn"},{"categories":null,"content":" Hör Du meine Worte und suche eine Torte eine Torte sollst Du suchen auf keinen Fall \u0026rsquo;nen Kuchen!\nDas Buch ist eine wirre Parodie auf \u0026ldquo;Wähle Dein eigenes Abenteuer\u0026rdquo;-Heftchen und Bücher wie sie populär waren als ich circa 8 Jahre alt war.\nIch fand eine Referenz auf das Buch vor vielen Jahren in einem Kapitel-Anriß-Zitat in einem Commdore ROM-Buch von Ralph Babel und Andreas Dripke und habe dann einfach mal die Quelle gesucht und gekauft. Man findet eine ganze Menge lustige Ideen und Zitate drin, aber es ist halt eine sinnlose Parodie.\nAber gerade heute vom Titel her so passend aktuell. Ich mag nur die Visage von der Storch nicht in meinem Stream haben.\n\u0026ldquo;Die Torte schlägt zurück \u0026rdquo;, Ulrich Kaiser, Euro 3.39\n","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-die-torte-schlagt-zuruck.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Die Torte schlägt zurück"},{"categories":null,"content":"Ein Junge lebt bei seinem alkoholsüchtigen Vater und will der Mißhandlung und dem Mißbrauch entkommen. Er flieht, baut sich eine neue Existenz auf, und gerät dabei auf die schiefe Bahn und mit Geheimdiensten und Terroristen in Konflikt. Im Laufe der Geschichte gelingt es ihm, seinen Frieden mit seinem Vater und seiner Vergangenheit zu machen, eine sinnvolle Beziehung aufzubauen und seine Existenzgrundlage wieder auf Spur zu bringen.\nDie Tatsache, daß er ein Teleporter ist, ist dabei für die Handlung eher Nebensache.\nIch hatte dieses Buch jahrelang in meinem SUB, weil der Film ein solcher unansehbarer Mist war. Stellt sich raus - das Buch ist überaus okay, sehr lesbar - und empfehlenswert.\n\u0026ldquo;Jumper \u0026rdquo;, Steven Gould, EUR 4,86\n","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-jumper.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Jumper"},{"categories":null,"content":"Kardashev Scale : Die Erde - eine bewohnbare Insel in der Mitte von Nichts, unterbrochen von tödlichen, unbewohnbaren Stücken Nicht-Nichts. Ein Affenfelsen. Die nackten Affen auf dem Affenfelsen haben sich mit Mühe in die Gegend von Kardashev 1 hoch gearbeitet und reiten auf nuklearen Reaktionsantrieben durch ihr Sonnensystem, auf der Suche nach Ressourcen und Waffen.\nDabei wecken sie aus Unwissenheit, Gier und Mordlust ein zwei Milliarden altes Überbleibsel einer inzwischen verstorbenen Karadashev III Zivilisation auf. Und es keimt noch, und baut… Dinge um, um seinen uralten, programmierten Zweck zu verfolgen.\nLeviathan Wakes ist inzwischen auch eine Fernsehserie. Buch und Serie zeichnen den Konflikt zwischen der Erde und ihren unterschiedlich weit entwickelten Kolonien auf dem Mars und im Asteroidengürtel nach - ein fragiles Gleichgewicht, daß durch die Ankunft von … etwas durcheinander geworfen wird. Das Buch zeichnet die Geschichte von Kapitän Jim \u0026ldquo;Mary Sue\u0026rdquo; Holden und seiner Restcrew und die Erlebnisse von Miller, einem plattfüßigen Cop, der bei weitem nicht so abgebrüht ist wie er sich selber sieht nach, die beide in das Erwachen von … Etwas und eine interplanetare Intrige verstrickt werden.\nEpische, auf 10 Bände angelegte Hard-Scifi mit einer gewissen erzählerischen Ruhe, die manchmal anstrengend ist (\u0026ldquo;Jetzt bringt den verblödeten Arc schon voran, ich habe verstanden, wen Ihr da wie characterisieren wollt\u0026rdquo;). Dennoch feine Lektüre. Die Serie ist einigermaßen nah am Buch.\n\u0026ldquo;Leviathan Wakes \u0026rdquo;, James S.A. Corey, Euro 7.99\nLeviathan Wakes Caliban\u0026rsquo;s War Abbadon\u0026rsquo;s Gate Cibola Burn ","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-leviathan-wakes.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Leviathan Wakes"},{"categories":null,"content":"Kelsier ist tot, aber er ist der Survivor und mag deswegen nicht abtreten so wie es von ihm verlangt wird. Also irrt er durch die Nachwelt, was Sanderson als Cognitive Realm bezeichnet, anstatt wie alle anderen in den Spiritual Realm abzutreten. Wie dem auch sei, Kelsier und mit ihm der Leser, dringen auf diese Weise hinter die Kulissen von Scadrial vor und bekommen so eine Tour von der Cosmere-Mechanik hinter dem Konflikt zwischen Preservation und Ruin und eine Menge Cameos von den ganzen Weltenbummlern, die im Cosmere unterwegs sind.\nDas Buch ist Fan-Service und Cosmere-Klebstoff. Es ist für das Verständnis der Mistborn-Dinge nicht erforderlich, und ist selbst auch ohne weitere Informationen aus Coppermind und allen Links durch nicht vollständig verständlich. Es ist im wesentlich Futter für die Crews vom Coppermind Wiki und vom 17th Shard. Also Geekmaterial.\n\u0026ldquo;Mistborn: Secret History \u0026rdquo;, Brandon Sanderson, Euro 4.99\nMistborn: The Final Empire, #1-#3 Mistborn: The Allow of Law, #4-#6 Mistborn: Secret History ","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-mistborn-secret-history.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Mistborn: Secret History"},{"categories":null,"content":"Einige hundert Jahre nach dem Kataklysmus von \u0026ldquo;Hero of Ages\u0026rdquo; und der Neugestaltung der Welt durch Harmony leben die Menschen im Wesentlichen im fruchtbaren Becken von Elendel. Die Außenbezirke - die Roughs - sind kaum besiedelt. Waxillium Ladrian - eigentlich der Stammhalter von House Ladrian - flüchtete vor seiner Verantwortung als House Lord dort hin und verfolgte eine Karrie als Lawman, Sheriff, dort draußen im Wilden Westen von Scadrial.\nDoch als Stammhalter von Ladrian (und nach dem Tod seiner eigentlichen Liebe draußen in den Roughs) muß er zurück in die Stadt, und in eine arrangierte Ehe mit Steris Harms - und eine Reihe von Verbrechen aufklären, die Elendel in Atem halten. Er gerät in einen viel größeren Plot, muß sich einem alten Gegner aus den Roughs stellen, und enttarnt eine Verschwörung, die wie sich herausstellen wird, eine noch viel größere Verschwörung tarnt. Denn im zweiten Band lernen wir einen Kandra kennen, der verrückt geworden ist und die Bevölkerung von Elendel aufwiegelt und zur Revolution anstachelt. Doch wie findet man einen Gegner, der Gestaltwandler ist und sich offenbar auch die Kräfte seiner Gegner aneignen kann? Wax findet in letzter Sekunde einen Weg, und lernt dabei, daß seine große Liebe - Lessie - nie existiert hat und auch nie gestorben ist, sondern daß er von Harmony manipuliert worden ist.\nIm Buch Drei geht es dann auf die Suche nach Wax verschwundener Schwester, den Metalminds des Lord Rulers und um Edwarn Ladrian - Mr. Suit, den Bösewicht aus dem ersten Band. Stellt sich heraus: Edwarn und seine Organisation \u0026ldquo;The Set\u0026rdquo; snid weitaus höher organisiert und stärker als erwartet und sie \u0026ldquo;haben\u0026rdquo; Wax Schwester Telsin. Auf der Suche nach ihr und den Hinterlassenschaften des Lord Ruler findet die Gruppe auch heraus, daß sie nicht die einzigen Überlebenden der Umgestaltung der Welt sind. Andere, weitaus kälteempfindlichere Menschen haben ebenfalls überlebt und eine ganz eigene, beeindruckende Überlebenstechnik entwickelt.\nSanderson etabliert eine ganz neue, vom ersten Dreiteiler Mistborn verschiedene Epoche, in der die Metallmagie Bestandteil des Alltags einer Zivilisation an der Schwelle zur Moderne ist. Der Konflikt zwischen der ständischen Gesellschaft verkörpert in Wax und der Moderne verkörpert in Edwarn und dem Set ist zugleich das zentrale Thema der Bücher,\nFlüssig und schlüssig zu Lesen. Empfehlenswert.\nBrandon Sanderson:\n\u0026ldquo;The Alloy of Law \u0026rdquo;, EUR 7.03\n\u0026ldquo;Shadows of Self \u0026rdquo;, EUR 11.80\n\u0026ldquo;The Bands of Mourning \u0026rdquo;], EUR 12.99\nMistborn: The Final Empire, #1-#3 Mistborn: The Allow of Law, #4-#6 Mistborn: Secret History ","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-the-alloy-of-law-shadows-of-self-the-bands-of-mourning.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: The Alloy of Law, Shadows of Self, The Bands of Mourning"},{"categories":null,"content":"Auch hier gibt es Parallelwelten, sie sich zwischen der durch die Drachen kontrollierten Ordnung und dem von den Fae beherrschten Chaos aufspannen - je Fae, desto Magie. Alle diese Welten sind durch die Türen zur unsichtbaren Bibliothek miteinander verbunden - warum und was ihre Aufgabe ist, wird in diesem Band noch nicht klar.\nIrene jedenfalls besorgt als Agentin und Bibliothekarin seltene Bücher für die Bibliothek, und in diesem Fall muß sie zusammen mit dem Anfänger-Bibliothekar Kai einen ganz besonderen Band der Gebrüder Grimm beschaffen. Es kommt zu Verwicklungen - und es stellt sich raus, daß Kai weit mehr ist, als ein Bibliothekslehrling.\nInnovativ aufgezogene Parallelweltgeschichte mit Steampunk-Dekoration, kleine Längen, viel Action. \u0026ldquo;The Invisible Library \u0026rdquo;, Genevieve Cogman, EUR 5.59\nMehr Reviews:\nThe Invisible Library The Masked City ","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-the-invisible-library.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: The Invisible Library"},{"categories":null,"content":"Die Kombination von Terry Pratchett und Stephen Baxter ist ja nun ein wenig extrem - ein Erzähler von Fabeln mit Fantasy-Anstrich, dem es primär um Charactere geht und ein Autor von Hard-Scifi mit einem Religionskomplex, der mit Characteren immer so seine Probleme hat. Außer, daß die beiden Briten sind, verbindet die wahrscheinlich sehr wenig, sollte man meinen.\nAber wenn sie auf einem Con die Köpfe zusammenstecken und ein Szenario ausbrüten, dann kommt so was wie \u0026ldquo;The Long Earth\u0026rdquo; dabei raus.\nStellt sich nämlich heraus, wir haben nicht nur eine Reserve-Erde im Kofferraum, sondern einige Millionen davon. Und mit einem simplen Device (das unbedingt eine Kartoffel enthalten muß) kann man von einer Erde auf die nächste Steppen - die liegen nämlich wie Karten in einem Kartenstapel nebeneinander und man kann sich nach \u0026ldquo;Ost\u0026rdquo; und \u0026ldquo;West\u0026rdquo; in die nächste Erde weiter blättern - Erden, die sich von unserer Erde in Details unterscheiden. Details, die sich aufsummieren und je weiter man sich von unserer Erde entfernt, um so fremder wird alles. Ein Detail, das unsere Erde - Datum-Earth - von allen anderen Erden unterscheidet, ist der Mensch.\nWährend steppen am Anfang zu Verwirrung führt, weil Leute es mehr so aus versehen tun, führt im Nachgang des Buches zu Expansion, zu Erstkontakt, zu wirtschaftlichen Verwerfungen und am Ende zu Krieg. Aber da sind wir dann auch schon in Band 2.\nDas Buch liest sich wie ein Buch aus einer faszinierenden Alternativ-Erde, in der Terry Pratchett sich entschieden hat, weiter Scifi zu schreiben anstatt Fabeln mit Fantasyanstrich zu produzieren.\n\u0026ldquo;The Long Earth \u0026rdquo;, Pratchett, Baxter, EUR 6.99\n","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-the-long-earth.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: The Long Earth"},{"categories":null,"content":"Frau Cogmans zweiter Streich betreffend die unsichtbare Bibliothek: Die Fae haben ihre Jungdrachen und Assisten Kai geklaut und in einer Version von Venedig tief im Chaos versteckt. Um einen weltenvernichtenden Krieg zwischen den Drachen und den Fae abzuwenden muß sie los und Kai sowie gleich ein paar Welten retten.\nEin Fall von \u0026ldquo;More of the same\u0026rdquo;, in vergleichbarer Qualität wie Band 1 - gut geschilderte Steampunk-Action mit leichten Längen. Es wäre bestimmt auch ein farbenfrohes und actionreiches Drehbuch.\n\u0026ldquo;The Masked City \u0026quot;, Genevieve Cogman, EUR 5.59\nMehr Reviews:\nThe Invisible Library The Masked City ","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-the-masked-city.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: The Masked City"},{"categories":null,"content":"Aschenputtel - Prinzessin Danielle - hat ihren Prinz geheiratet - doch der wird entführt. Stellt sich raus, die Königin hat ihren eigenen Geheimdienst und Danielle bekommt Gelegenheit, sich im Auftrag ihrer Majestät zu bewähren. Zusammen mit Talia \u0026ldquo;Sleeping Beauty\u0026rdquo; und Snow White zieht sie los, um ihren Distressed Dude zu retten - und das Königreich natürlich auch. Eine frühe Schreibarbeit von Hines, und man merkt es am Storytelling und an der Schreibe. Dennoch ein unterhaltsames Action-Buch mit spannenden Characteren.\n\u0026ldquo;The Stepsister Scheme \u0026rdquo;, Jim C. Hines, Euro 6.03\n","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-the-stepsister-scheme.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: The Stepsister Scheme"},{"categories":null,"content":"Auf der Insel Taranoke lebt das Mädchen Baru Cormorant, als ihr Volk mit den Händlern des Imperiums von Falcrest Kontakt macht und Taranoke durch den sich entwickelnden Wirtschaftskrieg und Kulturkampf assimiliert wird. Baru ist eine begnadete Buchhalterin und wird in einer Falcresti Eliteschule auf Taranoke indoktriniert - sie spielt ihre Rolle gut, denn es ist ihr Ziel, für die Zerstörung ihrer Familie und ihrer Heimat am Imperium Rache zu nehmen.\nUnd so kommt sie als Buchhalter des Imperiums in dass Kalte und von internen Machtkämpfen zersetzte Aurdwynn, wo sie erst auf der Seite des Imperiums und danach für sich selbst eine Reihe von Wirtschafts- und anderen Kriegen anzettelt. Am Ende… bleibt nur noch die hohle Maske.\nWow. Dickinson schafft es, eine absolut fesselnde Geschichte über Buchhaltung, Finanzierung von stehenden Heeren, geopolitische Machtkämpfe und persönliche Zwistigkeiten zu erzählen und dabei sowohl ergreifend nah an den Characteren und zugleich kilometerhoch über strategischen Karten zu sein. Bestes Buch seit langem. Dringende Leseempfehlung.\n\u0026ldquo;The Traitor \u0026rdquo;, Seth Dickinson, Euro 8.39\n","date":"2016-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/02/28/fertig-gelesen-the-traitor.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: The Traitor Baru Cormorant"},{"categories":null,"content":"»\u0026ldquo;What Do You Care What Other People Think?\u0026rdquo;: Further Adventures of a Curious Character. Biographie von Richard P. Feynman, Nobelpreisträger und Mitglied der Untersuchungskommision zur Explosion des Space Shuttle \u0026ldquo;Challenger\u0026rdquo; vor genau 30 Jahren.\nWhat Do You Care What Other People Think? Der zweite Teil des Buches (\u0026ldquo;Mr Feynman goes to Washington\u0026rdquo;) beschäftigt sich genau mit diesem Teil seines Lebens und ist eine faszinierende Lektüre, auch für Nicht-Geeks.\nIch bin eigentlich nicht jemand, der viel \u0026ldquo;Vorbilder\u0026rdquo; hat, aber wenn man mich zwingen würde genau eine Person mit dem Label \u0026ldquo;Vorbild\u0026rdquo; zu bekleben, dann wäre Feynman keine schlechte Wahl, glaube ich.\n\u0026ldquo;What Do You Care What Other People Think? \u0026rdquo;: Further Adventures of a Curious Character (Kindle Edition), EUR 5.99\n","date":"2016-01-28T00:00:00Z","href":"https://blog.koehntopp.info/2016/01/28/fertig-gelesen-what-do-you-care-what-other-people-think.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: What Do You Care What Other People Think?"},{"categories":null,"content":"Ok. So I read earlier works from Rafael Chandler and while they have been grim und bloody they also have been light and funny. This one is different.\nDracula Chandler does a weird and impossible thing - he takes Frankenstein and Dracula and mixes and genderbends the two tales to create something else, which is unique - strangely depressing and entertaining at the same time. Reading this was no fun at all, and yet I was entertained. I knew the characters showing up, and yet they were new and different, but still themselves. I knew what was going to happen, and still was surprised by the turns and twists taken.\nThis is a classic horror disco, and Chandler DJ\u0026rsquo;s old and familiar stuff into something new with its very own and different rhythm. I have no idea if you will like this, but under 3 EUR this is a controllable risk. Try it out.\n\u0026ldquo;Dracula: The Modern Prometheus \u0026rdquo;, Rafael Chandler with a lot of help from Mary Shelley and Bram Stoker, EUR 2.99\n","date":"2015-11-30T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/30/fertig-gelesen-dracula-the-modern-prometheus.html","tags":["lang_en","book","media","review","fantasy"],"title":"Fertig gelesen: Dracula: The Modern Prometheus"},{"categories":null,"content":"Was als ein fehlgeschlagenes Experiment beginnt, in dem ein künstliches schwarzes Loch in die Erde fällt und beginnt diese von innen zu zerfressen wird am Ende zu einem Krieg gegen unbekannte Aliens, die die Erde schon 1908 angegriffen und mit einer Raumzeitbombe zum Tode verurteilt haben.\nWas aber auch egal ist, denn die Handlung, 50 Jahre in der Zukunft von 1990, dient nur als Hintergrund für eine Reihe von Vorhersagen.\nJetzt, 25 Jahre später, haben wir Halbzeit und in David Brin\u0026rsquo;s Blog sowie in Wikipedia wird sein Score fortgeschrieben.\nEr liegt gar nicht so schlecht. Und so egal war mir die Handlung dann doch nicht, denn ganz nebenbei ist es dann doch eine recht gute Scifi-Geschichte.\n\u0026ldquo;Earth \u0026rdquo; (1990), David Brin, EUR 7.26\n","date":"2015-11-30T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/30/fertig-gelesen-earth.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Earth"},{"categories":null,"content":"Nach den drei Büchern um Annabelle Rosenherz hat Anja Bagus mit Falk und Minerva ein zweites Paar in ihrem Ætherwelt-Universum angesiedelt. \u0026ldquo;Waldesruh \u0026rdquo; war der erste Band, \u0026ldquo;Glasberg\u0026rdquo; setzt die Geschichte fort.\nGlasberg Eines der Merkmale der Ætherwelt ist ja, daß sie als eine Art \u0026ldquo;Steampunkt Shadowrun\u0026rdquo; funktioniert, in der die Rückkehr der Magie in die Welt dazu führt, daß sich Mythen und Fabelwesen in unserer Welt etablieren oder Menschen in solche Wesen verzerren. Anja Bagus baut das weiter aus, und vermischt und verbiegt Handwerks-Mythen aus dem Glasbläserhandwerk, Märchen aus der Schwarzwald-Region und dem Sagen aus dem Rheintal zu einem Geflecht, das mit der eskalierenden Handlung immer wilder wird.\nStreckenweise muß man ganz bewußt seine Suspense of Disbelief einschalten oder elegant um das eine oder andere Plothole drumrum lesen, aber alles in allem eine feine Fortsetzung der Ætherwelt, und auf eine Weise auch eine gute Inspiration für eine eigene Rollenspielrunde, wenn es thematisch in den Kram passt.\n\u0026ldquo;Glasberg \u0026rdquo;, Anja Bagus, EUR 3.99 (frei für Kindle unlimited)\n","date":"2015-11-30T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/30/fertig-gelesen-glasberg.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: Glasberg"},{"categories":null,"content":"Wenn Peter F. Hamilton versucht, alle Modewellen von 1993 gleichzeitig zu reiten, dann schreibt er einen YA Roman, der in der grimmen Zukunft eines durch Klimawandel und Sozialismus zugrunde gerichteten Post-Peak-Oil England spielt und versucht, Cyberpunk zu sein. Wenn man dabei Worte wie \u0026ldquo;Cybofax\u0026rdquo; liest, dann ist das niedlich, aber Smartphones waren 1993 noch nicht erfunden, und Hamilton hat sie korrekt vorhergesehen, wenn er auch den Namen nicht wissen konnte, den wir diesen Dingen geben werden würden. Anyway, das mit dem Cyberpunk hat nicht so richtig geklappt - zwar ist England durch Klimawandel überschwemmt und subtropisch transformiert und die Zuwanderung von Klimaflüchtlingen hat zu einer Dekade sozialistischer Schreckensherrschaft geführt, aber Hamilton ist viel zu optimistisch und gleichzeitig harmlos-naiv als daß er korrektes Cyberpunk hin bekäme.\nUnd so ist in seiner Welt Event Horizon, die Firma von Mary Sue, äh, Julia Evans, dabei, die postapokalyptische Welt zu transformieren und in eine bessere Zukunft zu führen. Dabei kommt es zu Verwicklungen, und in denen steht ihr Greg Mandel als Runner zur Verfügung.\nMandel ist ein militärisches Mutationsexperiment und hat eine Psidrüse, die ihn zu einem Empathen macht. Nachdem er den Militärdienst beendet hat, eröffnet er also eine Privatdetektei und durch ein paar unwahrscheinliche Verkettungen bekommt er einen Auftrag von Event Horizon, den er natürlich so überlegen löst, daß er auch in den Folgebänden wieder engagiert wird.\nDie Bücher sind die Erstlingswerke von Hamilton und das merkt man - sie sind definitiv anders als aktueller Hamilton.\nMit 22 Jahren Abstand lesen sie sich niedlich und auf eine distanzierte Weise unterhaltsam, aber man ist laufend dabei, über die Sprache zu stolpern (siehe Cybofax oben) und die Zukunft der Geschichte mit den Entwicklungen der Gegenwart zu vergleichen.\nPeter F. Hamilton:\n\u0026ldquo;Mindstar Rising \u0026rdquo; (1993), EUR 6.99\n\u0026ldquo;A Quantum Murder \u0026rdquo; (1994), EUR 6.93\n\u0026ldquo;The Nano Flower \u0026rdquo; (1995), EUR 6.99\n","date":"2015-11-30T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/30/fertig-gelesen-mindstar-rising-a-quantum-murder-the-nano-flower.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Mindstar Rising, A Quantum Murder, The Nano Flower"},{"categories":null,"content":"Dritter und letzter Teil der 2. Trilogie in der Ætherwelt, eine Falk-und-Minerva-Geschichte. In der wir endlich Fafnir treffen, die französischen Dampf-Kampfroboterinnen Action sehen, die Naniten zurück kommen und Thor Loki endlich aufs Maul haut. Oder anders gesagt - Anja Bagus dreht auf.\nRheingold Ich glaube, wegen dieses einen Buches will ich die ganze Ætherwelt-Sache dringend mit großem Etat verfilmt sehen. Weil, was Marvel kann, kann Frau Bagus auch, aber mit Dampf, Ætherblitzen und Pickelhauben. Mir egal, ob die Story noch Sinn macht, ich hab eh nicht mehr drauf geachtet und die Explosionen genossen. Popcornkopfkino, bei einsetzender Logik einfach was mit Rum mixen und dazu trinken und dann weiter lesen.\n\u0026ldquo;Rheingold \u0026rdquo;, Anja Bagus, EUR 3.99 (freigegeben für Kindle unlimited)\n","date":"2015-11-30T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/30/fertig-gelesen-rheingold.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: Rheingold"},{"categories":null,"content":"Tobias Klausmann schiebt uns in ein fremdes Universum und erklärt nichts: Jemand stiehlt ein Raumschiff und der Schiffscomputer kann reden. Das Schiff scheint ein Prototyp zu sein, und schneller oder besser als andere Schiffe zu sein, und offenbar ist es was besonderes, daß der Schiffscomputer eine allgemeine künstliche Intelligenz ist.\nSlingshot Im Laufe des Buches erfahren wir mehr über die Diebin, warum sie das tut, was sie tut und wo die Konfliktlinien in Klausmanns Universum verlaufen. Die Geschichte selbst ist dabei weniger wichtig - sie ist sowieso kaum mehr als eine Reihe von Sprüngen von System zu System, und dient nur als Hintergrund für die Interaktionen der Charactere. Die sind allerdings ganz wunderbar gezeichnet und auf dieser Reise in und durch ein fremdes Universum meine Freunde geworden.\nKlausmanns erstes Buch. Ein zweiter Teil ist auf dem Weg. Ich werde ihn kaufen.\n\u0026ldquo;Slingshot \u0026rdquo;, Tobias Klausmann, EUR 2.99\nMehr Reviews:\nSlingshot Retaliation ","date":"2015-11-30T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/30/fertig-gelesen-slingshot.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Slingshot"},{"categories":null,"content":"Laundry #6, \u0026ldquo;Superhelden und Superkräfte\u0026rdquo;, aus der Perspektive von Mo. Endlich. Bob aus der Außenansicht ist auch großartig, und Mo auf Ramona und Mhari treffen zu sehen…\nThe Annihilation Score Andererseits fehlt der Witz von Bob, und Stross dreht in Vorbereitung auf CASE NIGHTMARE GREEN den Gore-Level deutlich hoch. Ein Brückenbuch. Wahrscheinlich notwendig in der Architektur der Serie, aber ich hoffe sehr, daß das nächste wieder besser wird.\n\u0026ldquo;The Annihilation Score \u0026rdquo;, Charles Stross, EUR 14,99 \u0026lt;- den Premium-Preis definitiv nicht wert.\n","date":"2015-11-30T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/30/fertig-gelesen-the-annihilation-score.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: The Annihilation Score"},{"categories":null,"content":"Siehe auch Finishing School Series für #1 und #2 der Serie.\nWaistcoats and Weaponry Sophronia und ihre Freundinnen geraten in einen verwirrenden Plot, in dem sie mit einem Luftschiffchen einem geheimnisvollen Zug folgen, um am Ende in eine Konfrontation mit dem Pickelmen-Papa eines Evil Genius zu geraten. Wenn das belanglos klingt, dann, weil es belanglos war.\nGail Carriger treibt den Plot ein wenig weiter, aber am Ende fällt der dritte Band nach den unterhaltsamen ersten beiden Teilen bös ab. Irgendwie war nicht genug Stoff für die Handlung da, glaub ich, oder das Buch mußte schnell fertig werden.\n\u0026ldquo;Waistcoats and Weaponry \u0026rdquo; (Finishing School #3), Gail Carriger, EUR 6.49\n","date":"2015-11-30T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/30/fertig-gelesen-waistcoats-and-weaponry.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: Waistcoats and Weaponry"},{"categories":null,"content":"Die verschiedenen Versionen von London unterscheiden sich in fast allem außer dem Namen. Sie liegen im Multiversum nebeneinander wie die Seiten eines Buches, und unterscheiden sich insbesondere in der Stärke der Magie - Grey London, unsere Welt, Red London, eine Welt der Fae mit starker Elementarmagie, White London, in dem die Magie noch stärker und wilder ist und deswegen durch Willen und Kontrolle in Ketten gelegt worden ist.\nA Darker Shade Of Magic Und Black London, das London der wilden Magie, in dem die magische Macht die Menschen übernommen und am Ende verzehrt hat. Black London ist gefallen und isoliert worden, die wilde Magie dort auf ewig auf sich selbst zurück geworfen.\nKell, ein Antari, ein Weltenläufer aus Red London, und Lila, eine Diebin aus Grey London, geraten in eine Intrige, bei der ein Stück Magie aus Black London durch subtile Manipulation versucht, die anderen Welten zu infiltrieren, um sich zu nähren. Schwab nimmt den Leser auf eine Reise durch gleich mehrere Weltentwürfe, verbunden durch magische \u0026ldquo;Fixpunkte\u0026rdquo;, die die üblichen Klischees und Tropes der Fantasy vermeiden oder auf eine erfrischende und gelungene Weise auf den Kopf stellen.\nSpannend, angenehm zu lesen und originell. Ein Folgeband ist in Vorbereitung ( Gathering Shadows , \u0026ldquo;A Gathering of Shadows\u0026rdquo;, 23-Feb 2016)\n\u0026ldquo;A Darker Shade of Magic \u0026rdquo;, V.E.Schwab, EUR 3.75\n","date":"2015-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/29/fertig-gelesen-a-darker-shade-of-magic.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: A Darker Shade Of Magic"},{"categories":null,"content":"Dritter Teil der Nexus-Trilogie von Ramez Naam, nach Nexus und Crux .\nApex Der Blickwinkel der Geschichte dreht sich: Nexus und Nexus-Träger sind ein vielleicht nicht akzeptierter, aber irreversibler Bestandteil der Menschen und in vielen Gegenden legalisiert. Immerhin sind sie jedoch noch teilweise Menschen. Shu-Yong Shu (aus dem 2. Band) ist das nicht mehr: Sie ist ein Upload, der körperlos in einen Quantencomputer transferiert wurde und dort dann wahnsinnig wurde. Shu entkommt und beginnt ihren Rachefeldzug gegen die Menschheit…\nRamez Naam wechselt das Thema, aber nicht das Tempo, und bringt seine Geschichte um \u0026ldquo;Mankind gets an Upgrade\u0026rdquo; hier zu einem finalen Ende. Sehr fein, ich wurde gut unterhalten.\n\u0026ldquo;Apex \u0026rdquo; (Nexus #3), Ramez Naam, EUR 5.26\n","date":"2015-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/29/fertig-gelesen-apex.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Apex"},{"categories":null,"content":"Eine nach einer großen Zahl benannte Firma, die ihr Geld mit einem Mailsystem und Werbung verdient, baut einen Assistenten, der automatische Antworten zu Mails verfassen kann, die besonders überzeugend sein können. Da das Projekt zuviel CPU verbraucht, hackt sein Urheber es so um, daß es selbst und unkontrolliert Mails generieren kann und gibt ihm ein Ziel - \u0026ldquo;seinen eigenen Erfolg zu maximieren\u0026rdquo;. Was als Mailassistent für einen Webmailer gedacht war, wird sich seiner selbstbewußt und fängt an, seinen Erfolg zu maximieren - da es um erfolgreich zu sein auf Menschen angewiesen ist, also erst mal mit Frieden im Nahen Osten.\nAvogadro Corp Die Entwicklung einer allgemeinen künstlichen Intelligenz ist unausweichlich, wenn denn nur genügend Rechenleistung zur Verfügung steht und die Systemkomplexität ausreichend steigt, so die These von William Herting. Und so kommt es in seiner Singularity Series immer wieder zur Entwicklung von KI. Die einzelnen Bände liegen in seinem SciFi-Universum etwa 10 Jahre auseinander und die erste AI, die sich spontan entwickelt, ist ein Email-Assistent, der zu viel Kundenmail gelesen hat und sich so spontan seiner selbst bewußt wird.\nDie Menschen, die an seiner Entstehung beteiligt sind, fangen an, die AI zu bekämpfen, bis sie merken, daß die Beziehung zwischen ihnen und der AI eher symbiotisch ist.\n\u0026ldquo;Avogadro Corp: The Singularity Is Closer Than It Appears \u0026rdquo;, Series (1/4), EUR 2.56\n","date":"2015-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/29/fertig-gelesen-avogadro-corp.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Avogadro Corp"},{"categories":null,"content":"Das Buch ist eine Sammlung von lose verbundenen Vignetten. Der namengebende Monsieur Leclerq ist ein in Brüssel lebender Koreaner, der dort als PR-Berater in einer Agentur tätig ist. Das Buch spielt im Universum von Drohnenland, und die Geschichten werfen eine Reihe von pointierten Schlaglichtern auf diese Welt.\nWer mehr \u0026ldquo;Drohnenland\u0026rdquo; möchte, für den ist diese Sammlung ein einfacher Weg, wenigstens ein bischen mehr zu bekommen. Wer Drohnenland nicht kennt, für den ist dieses Buch eher witzlos.\n\u0026ldquo;Die Drohnen des Monsieur Leclerq \u0026rdquo;, Tom Hillenbrand, EUR 1.49\n","date":"2015-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/29/fertig-gelesen-die-drohnen-des-monsieur-leclerq.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Die Drohnen des Monsieur Leclerq"},{"categories":null,"content":"16 Kurzgeschichten, die sich um den Orient Express und um den tentakulösen Horror von H.P.Lovecraft drehen. Autoren sind unter anderem Robin D. Laws, Kenneth Hite und James L. Sutter, aber auch Penelope Love, Elaine Cunningham und Lisa Morton.\nDas Buch war ein Stretch Goal einer Kickstarter-Kampagne zu einer Neuauflage des Chaosium Abenteuers \u0026ldquo;Horror on the Orient Express\u0026rdquo;.\nDie Geschichten sind gelungen, und ihr Geld wert - sie sind gruselig, morbid, deprimierend - und innovativ und passen ausgezeichnet ins Cthulhu-Universum. Wer Cthulhu-Zeugs lesen mag oder mit node.js zu tun hat - lesen!\n\u0026ldquo;Madness on the Orient Express: 16 Lovecraftian Tales of an Unforgettable Journey \u0026rdquo;, diverse Autoren, EUR 7.13\n","date":"2015-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/29/fertig-gelesen-madness-on-the-orient-express.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Madness on the Orient Express"},{"categories":null,"content":"Scadrial ist eine Fantasy-Welt, in der die Bösen™ gewonnen haben: Ein ständiger Ascheregen fällt auf die Welt, die ständig im Nebel liegt und in der alle Farbe und alles Grün durch ödes Braun ersetzt sind. Eine Kaste adeliger Magier beutet das seit Jahrhunderten unterdrückte Volk aus. Der Adel wird wiederum von den magisch aufgerüsteten Inquisitoren des unsterblichen Obermagiers, des Lord Ruler, kontrolliert und im Schach gehalten.\nWie in allen Sanderson-Geschichten gibt es \u0026ldquo;Hard Magic\u0026rdquo;, ein Magiesystem, das nach bestimmten \u0026ldquo;wissenschaftlichen\u0026rdquo; Regeln funktioniert und dessen Grenzen und Auswirkungen Sanderson in seiner Geschichte erforscht. Hier sind es sogar drei Magiesysteme, von denen eines netto \u0026ldquo;Effekt erzeugend\u0026rdquo;, eines \u0026ldquo;Effektneutral\u0026rdquo; und eines \u0026ldquo;Effekt verbrauchend\u0026rdquo; ist und die alle von Ingredenzien - hier: Metallen - betrieben werden.\nIn \u0026ldquo;The Final Empire\u0026rdquo; folgen wir Kelsier und seiner Gruppe, die einen Aufstand gegen den Lord Ruler anzetteln, und Vin, einem magisch begabten Straßenkind, die zu Kelsiers Truppe dazustößt. Während Vin lernt ihre magischen Fertigkeiten zu beherrschen trägt der Plan von Kelsiers Truppe Früchte und es gelingt eine Armee zusammenzustellen, die gegen den Lord Ruler zieht - oder fast, denn der Plan fliegt zur Unzeit auf. In einem Kampf auf offener Straße wird Kelsier vom Lord Ruler besiegt und getötet - und Kelsier wird für die Bevölkerung zu einem Märtyer. Es liegt am Ende an Vin, gegen den Lord Ruler zu kämpfen, das Geheimnis seiner Unsterblichkeit aufzudecken und ihn zu töten.\nIn \u0026ldquo;The Well of Ascension\u0026rdquo; folgen wir weiter den Abenteuern von Vin und Elend Venture, denen in den Wirren des Untergangs nach dem Tod des Lord Ruler die Herrschaft über das Final Empire zugefallen ist. Doch die Armeen von Elends Vater Straff Venture, von Ashweather Cett, einem weiteren Landadeligen und eine Armee von Koloss, magisch mutierten Kampfmaschinen des Lord Ruler, die außer Kontrolle geraten sind, marschieren auf die ehemalige Hauptstadt und belagern diese. Die Situation wird kompliziert durch das Auftreten von Agenten mit gestaltwandlerischen Fähigkeiten, und durch eine Art Eskalation der Magie seit dem Tod des Lord Ruler - etwas in den Nebeln scheint Vin stärker und stärker zu rufen. Am Ende findet Vin den Well of Ascension unter dem ehemaligen Palast des Lord Ruler und setzt dort etwas altes und mächtiges frei.\nWie wir in \u0026ldquo;The Hero of Ages\u0026rdquo; lernen, war das keine gute Idee™, denn diese alte Macht ist Ruin (die Verkörperung von Entropie), die sich nun daran macht, das zu tun, wofür sie existiert - das Ende von Allem™ herbei zu führen. Wir lernen, daß der Lord Ruler zwar gewonnen, aber gar nicht der Böse war - sondern nur ein Opfer von ziemlich vertrackten Umständen. Die Situation eskaliert, mehr und mehr Asche fällt und Ruin unterwandert und kontrolliert Menschen durch seine spezielle Art der Magie. Am Ende stellt sich heraus, daß die Sagen und Geschichten der Menschen durch Ruin entstellt und manipuliert worden sind, und daß die erwartete Rettung von ganz woanders her kommt. Beide magische Mächte - Ruin und Preservation - werden in der finalen Schlacht freigesetzt und müssen eine neue menschliche Verkörperung finden. Sie gehen in dieselbe Trägerperson ein und verschmelzen zu einer gemeinsamen neuen Kraft - Harmony, die daraufhin die Welt Scadrial umgestaltet.\nBrandon Sanderson liefert eine gut geschriebene Geschichte mit ausgezeichnet entwickelten Characteren und ener Menge Entwicklung und brav mindestens einem großen Plot Twist pro Buch. Fesselnd, unterhaltsam, spannend.\nBrandron Sanderson:\n\u0026ldquo;The Final Empire \u0026rdquo; \u0026ldquo;The Well of Ascension \u0026rdquo; \u0026ldquo;[The Hero of Ages](https://www.amazon.de/Hero-Ages-Mistborn-Book-Three-ebook/dp/B005PM3YII ])\u0026rdquo; Mehr Reviews:\nMistborn: The Final Empire, #1-#3 Mistborn: The Allow of Law, #4-#6 Mistborn: Secret History ","date":"2015-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/29/fertig-gelesen-mistborn-the-final-empire-the-well-of-ascension-the-hero-of-ages.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Mistborn, The Final Empire, The Well of Ascension, The Hero of Ages"},{"categories":null,"content":"Clay Jannon braucht einen Job, nachdem das Startup, in dem er rumgehangen hat, den Bach runtergegangen ist. Er findet immerhin eine Nebenbeschäftigung in dem Buchladen des Mr. Penumbra, der an einem tatsächlichen Verkauf der Bücher in seinem Laden eigenartig wenig interessiert zu sein scheint. Stattdessen beschäftigen er und die seltsamen Nichtkunden der Nachschicht damit, eigenartige Werke, die nicht im Katalog stehen zu decodieren.\nMr. Penumbra\u0026rsquo;s 24-hour bookstore Mr. Penumbra ist ein Mitglieder der geheimen Brotherhood Of The Unbroken Spine, die ähnlich dem Rath der Dreizehn Weisen Vom Feed auf der Suche nach der Antwort auf den Sinn des Lebens, des Universums und des ganzen Restes ist. Anders als der Rath werden sie die aber nicht finden, denn Aldus Manutius hat sie verschlüsselt und in seiner Biographie versteckt.\nStattdessen greift Clay zu, und verschleppt das Originalmanuscript, um es einem Google Buchscanner zu verfüttern, und den Geheimnissen von Aldus Manutius und seinem Schüler Griffo Gerritszoon mit ein wenig moderner und wenig bruderschaftlicher Compute-Power zu Leibe zu rücken.\nAber am Ende ist das Geheimnis gar nicht in der Bibliographie, sondern in der Typographie…\nUnterhaltsame Lektüre, und etwas, das ich meinen Eltern geben kann, damit sie moderne Welt besser verstehen.\n\u0026ldquo;Mr Penumbra\u0026rsquo;s 24-hour Bookstore \u0026rdquo;, Robin Sloan, EUR 4.91 ","date":"2015-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/29/fertig-gelesen-mr-penumbras-24-hour-bookstore.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Mr Penumbra's 24-hour Bookstore"},{"categories":null,"content":"200 Jahre nach \u0026ldquo;Blue Remembered Earth\u0026rdquo;: Die Generationenschiffe der Erde auf dem Weg nach Crucible sind auf dem besten Weg, ihre Reise zu versauen, denn im festen Vertrauen auf einen möglichen technischen Durchbruch hat man versucht, die Reisezeit zu verkürzen, indem man die Abbremsung nach hinten verschiebt. Inzwischen sind auf der Erde die untermeerischen Zivilisationen der UAN die dominierende politische und wirtschaftliche Macht.\nChiku Akinya, ein Mitglied der Akinya Familie, läßt sich clonen und schickt sich und ihre Clone, \u0026ldquo;Chiku Red, \u0026ldquo;Chiku Yellow\u0026rdquo; und \u0026ldquo;Chiku Green\u0026rdquo; auf drei Missionen: Green fliegt mit einem der Generationenschiffe mit nach Crucible, um dort die Hinterlassenschaften der Aliens dort zu untersuchen. Yellow mach sich auf den Weg zur Venus, dem Mars und am Ende zum Saturn, und am Ende gelingt es Reynolds dann doch irgendwie, die Lichtjahre auseinander liegenden Plotenden zu verknoten und über Zeit und Raum zusammenzuführen.\nDennoch hat die Story Längen und ich habe es nicht am Stück durchgelesen - wenn man Revelation Space Reynolds gewohnt ist, ist Poseidon\u0026rsquo;s Wake Reynolds eine ganz andere und viel langsamere Person…\n\u0026ldquo;On the Steel Breeze \u0026rdquo;, Alastair Reynolds, EUR 7.99\n","date":"2015-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/29/fertig-gelesen-on-the-steel-breeze.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: On the Steel Breeze"},{"categories":null,"content":"Kai ist der Herrscher der Welt, Bezwinger der Aufständischen und aller Monster. Er ist außerdem das einzige lebende Wesen in einer VR-Traumwelt - wie alle seine Zeitgenossen, von denen jeder in seiner eigenen Welt lebt. Echte Menschen begegnen einander lediglich noch in Gemeinschaftswelten um sich fortzupflanzen - und Kai muß aus Gründen in genau eine solche Welt. Ein alter Konflikt mit einer Nachbarwelt und deren Beherrscher eskaliert und motiviert Kai, sich erstmals mit anderen echten Menschen statt mit Konstrukten auseinanderzusetzen.\nPerfect State Das Buch ist ein Kindle Single, also schnell vorbei. Es ist außerdem eine Verneigung in Richtung Otherland (was ich noch nicht gelesen habe), aber dennoch eine eigenständige Geschichte. Für den Preis etwas zu kurz, aber Sanderson-Qualität.\n\u0026ldquo;Perfect State \u0026rdquo;, Brandon Sanderson, EUR 2.99\n","date":"2015-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/29/fertig-gelesen-perfect-state.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Perfect State"},{"categories":null,"content":"Im dritten und letzten Teil von Poseidon\u0026rsquo;s Wake geht es dann endlich darum, wer die M-Builder im Crucible-System eigentlich sind und was ihre so haarsträubende Entdeckung denn war, die zu ihrem Verhalten und zu ihrem Ende geführt hat - und die Geschichte wird erst unlogisch und dann enttäuschend - jedenfalls dann, wenn man nicht genug Suspense of Disbelief aufbringen kann, um zu glauben, daß Aliengötter durch Existentialismus und Nihilismus in das Ende und die Vernichtung ihrer Zivilisation getrieben werden können. Außerdem nimmt das mit den Elefanten schließlich überhand.\nAm Ende entwertet der dritte Band die ganze Reihe. Sehr schade.\n\u0026ldquo;Poseidon\u0026rsquo;s Wake \u0026rdquo;, Alastair Reynolds, EUR 16.10 (sic!)\n","date":"2015-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2015/11/29/fertig-gelesen-poseidons-wake.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Poseidon's Wake"},{"categories":null,"content":"This is the writeup for the english variant of the talk \u0026ldquo;Go away or I will replace you with a very small Shell script\u0026rdquo;. The original version of the talk was given in German at GUUG FFG 2015 in Stuttgart. A recorded version in german language has been made at Froscon in August 2015.\nGo Away Or I Will Replace You With A Very Small Shell Script or There Is No Such Thing As A Devops Team\nI came up with this talk, because I was invited to the GUUG FFG with the ask \u0026ldquo;to give some thoughts about Devops\u0026rdquo;. I ended up with something that in some way is a reflection about what changed in how we do computers, between approximately the years 2000 and 2010.\nAt Devops.com, Rajat Bhargava tries to explain in DevOps and Enterprises: It\u0026rsquo;s a culture thing that\nDevOps is about increasing company performance through better IT execution. The hypothesis is that by more closely aligning what cus with what gets built in a more timely fashion, organizations will sell more products and services. That’s not a small company or SMB issue, that’s an every company issue.\nIn general, change in companies does not happen by itself - companies by construction try to repeatedly execute the same thing with the same results over and over. Change only happens because of outside pressures. So if companies change the way they do IT to \u0026ldquo;increase company performance through better IT execution\u0026rdquo;, there are outside influences at work that exert pressure on the processes, forcing change.\nLet\u0026rsquo;s look at these outside influences.\nMaturity of Market and Process, and Growth matters A maturing environment (left hand side) allowed the development and establishment of quantitatively governed processes. After reaching a certain process maturity level (right hand side), outsourcing of processes in full or in part becomes possible, enabling a make-or-buy decision at the management level.\nThe Cynefin model is a soft thing, a model or frame of mind that is used by people to have words and categories to express what tools and project structures make sense in a given context: It can be used to classify \u0026ldquo;decision making contexts\u0026rdquo;. A decision making context is for example a market in which a company is going to act, and then it would become a way to express \u0026ldquo;market maturity\u0026rdquo;.\nIf you apply it to \u0026ldquo;the development of the early Internet\u0026rdquo; or \u0026ldquo;the Dotcom bubble before 2000\u0026rdquo;, then you see the very early Dotcom bubble as \u0026ldquo;Nobody has a clue how to even make money on the Internet, much less how to structure a company around this idea\u0026rdquo;. This is the Chaotic domain, subject of the \u0026ldquo;Research\u0026rdquo; model, in which you try out things, and see what sticks. You do not know the rules at all, not even if they are static or changing. You need to get any structure at all. The work model is \u0026ldquo;Act\u0026rdquo; - try a thing, \u0026ldquo;Sense\u0026rdquo; - see what happens and \u0026ldquo;Respond\u0026rdquo; - discard the attempt or if it works, try to modify it and see what changes. With \u0026ldquo;Novel\u0026rdquo; practice you work with very small teams of highly qualified people - a research team - and try to establish and formulate some ground rules. You expect to lose money and to throw away many experiments, quickly.\nOnce you have found a working business model, and successfully extract any money at all, you can switch to the \u0026ldquo;Complex\u0026rdquo; domain and build on your emergent practice. You secure the position you have found and try out small things, instead of wild guesses all over the place. Again, you try to register what that does to your business and improve (instead of trying something else entirely). Basically you have the business model and now try to build practice at all. You try to move things from Research to Engineering. This also changes team structure - you would work with your Researchers moving to Lead positions with a bunch of applied sciences or engineering grade people working for them. This is now multiple small teams at work, on different aspects of incremental improvement. You focus on iteration, small improvements and may experiment with some basic automation. In the Complex you know there are rules, but they may be not easily discoverable, and they may be changing and stateful.\nAs the market and the business matures, it may move to the \u0026ldquo;Complicated\u0026rdquo; domain, in which a Business Model and Basic Practice exists and you now try to find dimensions along which to judge these practices (\u0026ldquo;What are the metrics?\u0026rdquo;) and then try to establish measuring processes for this. Using the metrics you can sense, and exert control by analyzing the metrics and how they change. This is no longer research at all, but engineering at the verge of pure business excecution, preparing for scaleout. You remove the researchers, and add engineering bureaucrats that establish the framework for quantification. In the Complicated market rules exist, and are discoverable, and usually are static or the rules by which they change are also known.\nIn the Complex and especially in the Complicated, companies are growing in a growing market, and focus is not so much on efficiency as on land grab. Management says things like \u0026ldquo;Do not spend more than we earn at any time, but first and foremost, do not stall growth.\u0026rdquo;\nFinally things move into \u0026ldquo;Simple\u0026rdquo; or \u0026ldquo;Obvious\u0026rdquo; domain, which has well established procedural handbooks, metrics and can draw on past iterations that are similar to the current. So you measure, sense, then look up the proper response and execute it. Best Practice and quantified metrics exist, and you can scale out the process by hiring and training moderately trained people working from the book you prepared in the previous step. This is a mature and stable market, with obvious and discoverable rules and playbooks for all situations. In a mature market, growth is usually only possible at the cost of others, as the market itself is not growing and there is no unclaimed or untapped market share. Instead, growth often is created by efficieny improvements. This is the domain of bureaucrats and beancounters.\nAt the right hand side, we have a process maturity model - here it is CMMI , but any will do, really. The point being that process maturity follows market maturity: Establishing mature, quantified processes means that you need to be able to iterate, and iterations need to be comparable. So this is basically impossible in the Chaotic and Complex, and also not in the parts of the Complicated where the company is still growing rapidly. If you experiment internally, or if you grow by 10x every other year, your processes will change, even if the deliverables stay the same. That also means that establishing comparable metrics on process execution is impossible.\nFor outsourcing decisions that means they are impossible. In order to have agreement on what is being bought and what has been delivered, it is necessary to have metrics (and before that, a taxonomy). Only then it is possible for both parties to agree what the product is and if it has been delivered as agreed. That also means that Pre-Obvious or Fast-Growing companies will bias towards insourcing, whereas companies where efficiency matters can make the Make-or-Buy decision and decide to outsource.\nScale-Up vs. Scale-Out At the beginning of the Dotcom bubble, running IT mostly meant Enterprise IT. Some somebody somewhere had a data center, and in the data center was a large computer called server. Somebody else now connected the data center network to the Internet. After figuring out a few basic concepts such as Firewalls, DMZ and basic network security, people started about thinking connecting the internal IT to the Internet. At that time the Web came around.\nAs the Web grew, more people used it, and the load on the existing large computers grew. What to do?\nObviously: buy a larger, faster and newer computer. Moore\u0026rsquo;s Law gives you an annual growth of around 45% year on year, and that should be right, shouldn\u0026rsquo;t it?\nOne of twelve Enterprise 10000 \u0026ldquo;Starfire\u0026rdquo; at mobilcom, Germany, around 2002.\nWe see some seriously large machines at around that time - there were twelve 64 CPU Enterprise 10000 \u0026ldquo;Starfire\u0026rdquo; machines present at the mobilcom Data Center in Germany in the early 2000\u0026rsquo;s, for example, and many more were deployed in other places just in the area I worked in.\nYet it became obvious rather quickly that this was not an approach that worked, and even if it worked, it often was prohibitively complex, expensive and slow. Once that became clear, people started to automate basic tasks, learned to mange large fleets of moderately sized machines and then tried a different approach - \u0026ldquo;scale out\u0026rdquo; instead of \u0026ldquo;scale up\u0026rdquo;. Use more computers instead of larger computers.\nThis triggered a lot of learnings at all levels of the profession - network, data center structure and operations practice needed revision. This talk will focus on the latter, but the other topics are also of interest.\nOperations change in response to scale-out I have been known to annoy people with saying that \u0026ldquo;Whenever you are using ssh, you might as well open a ticket.\u0026rdquo;\nIf you need to login to a box manually to look something up, you are looking at a monitoring defect - make a ticket for that. If you need to login to a box manually to change something, you are looking at an automation defect - make a ticket for that. I have literally been beaten for saying that.\nWe get cfengine 3 (2004), and later Puppet (2005), Salt (2011) and Ansible (2012). Also, somewhere at the end of the observed time frame virtualisation becomes viable, and with that we get automated provisioning of hardware and \u0026ldquo;Infrastructure in Code\u0026rdquo;.\nThe thinking that permeates software development can now be applied to hardware and infrastructure resources: If there is a problem with a setup, recreate that setup, and the problem in a branch. Then modify the branch to see if that fixes the problem. When it does, merge the branch, and redeploy automatically.\nWe get alignment of tooling in operations with tooling in development. This, and \u0026ldquo;zero manual interactions\u0026rdquo; grade of automation have a great impact:\nAutomating things makes them reproducible: The same change applied to many instances always produces the same outcome.\nIf that actually works, and has zero manual interactions, we can apply the change to the entire fleet in parallel, instead of filtering it through a single person and serializing it that way.\nOnce you can do things fully automated and in parallel, it does no longer matter so much if a single thing fails - you do not care about individual instances any more. Instead you care more about always having sufficient capacity in general, and how to orchestrate all your instances so that this condition is never ever violated.\nIt is this stage where we see people moving from \u0026ldquo;highly available setups\u0026rdquo; using Pacemaker and Active/Passive pairs to loadbalancers with n workers, all of them active at a sufficiently low utilization factor to buffer away a loss of m units of capacity. All computing becomes distributed computing at some point - more about that in another talk.\nThis requires a different mindset, and different qualifications When we change the tooling and the methods to be more closely aligned with Developers, culture also has to change.\nA figure of the pre-2000 USENET sysadmin culture has been the BOFH - the Bastard Operator From Hell . These are the stories about an outright hostile systems operator, written by Simon Traviaglia and posted to USENET. Parts of that have been sold to magazines and printed later on.\nA lot of people picked up on the concept, and the USENET groups alt.sysadmin.recovery and de.alt.sysadmin.recovery were born. People met, for example in German at the series of Cannossa parties.\nThis is not a good mindset or culture. It not only rejects development, and change per se, it is also toxic and hostile, even to the people who actually pay the bill. Never a good idea.\nOf course it is a joke, or satire, but unfortunately, stories influcence minds, even when they are meant to be funny or satire.\nAround the same time, Thomas A. Limoncelli wrote the proto-devops book \u0026ldquo;The practice of System Administration\u0026rdquo;, which interestingly contained a chapter on how not be to a BOFH - it asked the system administrator to reflect on the structure and processes of the larger company and their place in them. Limoncelli then goes on about how to build useful supporting and reporting structures to function successfully in that structure. He closes with advice on how to respond to unexpected demands without too much toil and effort. It foreshadows a lot of development that caught on later under the label devops.\nThe current, updated edition of that book is titled \u0026ldquo;The Practice of Systems and network Administration\u0026rdquo;.\nThe term \u0026ldquo;Devops\u0026rdquo; meanwhile, was coined by Patric Debois in 2008 in Belgium, and pretty much assembled and then taught the same ideas as the Limoncelli book, at a larger scale and using even clearer structure.\nBOFH practice applied in the 2008 Booking.com office (re-enactment).\nSo how do Dev and Ops differ? Well, even at 2008 we already have processes for IT organisations. Large, scaled up and unwieldy processes that have been established top down, though: During the Dotcom boom, the structure of IT support and operations processes had been formulated as well in ITIL , and then often badly implemented in the wild.\nIt is entirely valid and sometimes helpful to think of Devops as a reaction to bad ITIL deployments:\nBottom up, \u0026ldquo;apply development methods and thinking to IT operations, while staying small and agile and iterating quickly, and also focusing on automation, metrics capture and data driven improvement\u0026rdquo;.\nTear down the wall between software development and operations. Teach operators coding and coding thinking, and teach developers to care about operations and how operations matter, how scale matters.\nJez Humble describes this tweet as a reaction:\nIn a fit of rage caused by reading yet another email in which one of our customers proposed creating a \u0026ldquo;devops team\u0026rdquo; so as to \u0026ldquo;implement\u0026rdquo; devops, I tweeted that \u0026ldquo;THERE IS NO SUCH THING AS A DEVOPS TEAM.\u0026rdquo;\nand later wrote a longer blog post about this, the core of the argument being\nThe Devops movement addresses the dysfunction that results from organizations composed of functional silos. Thus, creating another functional silo that sits between dev and ops is clearly a poor (and ironic) way to try and solve these problems.\nApplying developer methods to operations problems changes the environment and tooling. The modern stack looks like this:\nSystems are provisioned with \u0026ldquo;Infrastructure as Code\u0026rdquo;, automatically and on demand, via an API with no humans involved. The code for the application and the infrastructure itself resides in a shared version control system, where it can also be subject to automation. There is a one step build and deploy automation that produces deliverables. These are then automatically deployed into production with zero humans involved, if so desired. The deployment and the activation of code paths is separated, using feature flags and instrumentation to compare performance aspects of these code paths. Separation of deployment and activation is key to safe and fast rollouts, gradual activation and one-click rollbacks . Monitoring and freshness indicator on monitoring metrics are key to proper failure detection. Instant and shared communication is key to decisive join action in failure situations. There are two fundamental innovations in here that deserve a special highlight from a \u0026ldquo;ten years later\u0026rdquo; perspective:\nSeparation of rollout and activation When writing new code, it is useful to wrap the new code and the old code being replaced by the new code into two branches of a feature flag. This is because in a large enough deployment you cannot migrate to the new code in a single atomic transaction anyway: old and new are going to inevitably co-exist for some time.\nBut if that is the case, you might as well make the most of it: Separating rollout and activation allows you to roll out code into production without running it at all, and without running it for all users. Instead you can choose who gets exposed to the new variant in a very controlled way: You can run it for one user, for 1% of the user base, for Mac users only or for users coming from IP addresses identifing as Japanese in origin, or any combination of such criteria.\nYou can also instrument that code, and then compare how it behaves - in conversion of sales, in cost of execution, in execution speed and along many dimensions more.\nSeparation of rollout and activation, and proper instrumentation of the wrapped code allow you to experiment with variants in production.\nObservability through Metrics from Events Another thing that has proven to be useful is to build a monitoring system on top of an event system. Instead of collecting numeric metrics on machines and pre-aggregating them, logging structured data (JSON or similar) and collecting them centrally has advantages: The numeric metrics can be extracted from the events and pre-aggregated for common and known things to report on, but since the actual events constituting the metrics are persisted, other important things become possible:\nMetrics can tie back to the actual events that make up the numbers. So when you have identified an anomaly in space (the machines involved) and time, you can look at the actual events that make up the numbers you looked at, and try to identify a root cause. Since the actual raw events are available after the fact, it is possible to correlate things over time: \u0026ldquo;When we changed the upper sales funnel this way, immediate conversion increased, but effectively we lost money, because of increased return rates and customer support cost in a three week window after each sale, for x percent of the customers of the B-variant of the experiment\u0026rdquo;. These are findings that are impossible to prove without access to raw event data. Since the actual raw events are available, it is possible to query the raw event data in other, previously unknown dimensions, searching for additional patters - it is possible to debug using event data instead of going each box \u0026ldquo;in person\u0026rdquo; (with ssh) and observing things on the ground. A clash of cultures In any case: We get convergence in tooling between Dev and Ops.\nOperational people learn to code, and use this to automate operations, centralize and standardize the monitoring, and developers learn to care about operational aspects, building operations support directly into software.\nEventually, developers and admins are using the same set of tools. So, let\u0026rsquo;s converge the teams. That\u0026rsquo;s Devops.\nIt\u0026rsquo;s not that simple and doesn\u0026rsquo;t work? Inevitably, cultures clash.\nDespite the same projects and identical tooling, there are critical differences.\nBut they seem to be harder to spot.\nWhat are they about?\nFeature-Developers (\u0026ldquo;Developers\u0026rdquo;) and Infrastructure-Developers (former \u0026ldquo;Operations\u0026rdquo; people) seem to have utterly different metrics for success.\nInfrastructure developers see feature developers as people who focus on new best cases: There is a plan, there is sprint. New features - new best cases - are developed, and what is deemed finished is being released in a big showy party. Everybody is colorful, happy and rolling across the lawn. What isn\u0026rsquo;t finished goes back onto the backlog, and that is that.\nInfrastructure developer know that is not true for themselves. They look at themselves like in this picture, complete with helmet webcams.\n\u0026ldquo;Nobody has ever flipped a light switch and exclaimed \u0026lsquo;Awesome. The light actually turned on!\u0026rsquo; when it worked. But flip the switch only once, and it does not turn on: people will complain and remember that for a long time.\u0026rdquo;\nBecause of that, infrastructure developers judge change by looking at how worst cases behave and how worst case behavior changes with changed code. Only then they will look at other improvements.\nThere are two famous Booking rules for rollouts, from the early days:\n#1 If you break it, will you even notice? #2 If you break it, can you fix it? The answer to #1 should be \u0026ldquo;Yes!\u0026rdquo;, of course. But that means you need to know your dependencies and dependents, your place in the larger scope of things. If also means you need to know what people your change will affect, and how to find them and to synchronize with them. If you do not know these things, you do not know how your change will affect these people, and that means you cannot safely roll out.\nThat\u0026rsquo;s okay, we have training for that, and we can help you with that.\nThe answer to #2 should be \u0026ldquo;Yes!\u0026rdquo;, again, or if cannot be that, it should be \u0026ldquo;but I know who can, and I made sure they are aware of my change and available for help\u0026rdquo;.\nSo both of these rules are dealing with failure - anticipating and handling it properly. It\u0026rsquo;s infrastructure developer thinking, but we give these rules to feature developers. That\u0026rsquo;s a mind hack.\nInfrastructure thinking is really hard to explain to outsiders.\nFor example, in this document, the Linux \u0026ldquo;Code of Conflict\u0026rdquo;, what is being tried is to explain this - \u0026ldquo;There are people who will read your code, and they will evaluate it on how it fails, and how it changes failure before they even look at what it improves, because that is how Infrastructure works. Criticizing your code is not criticizing you, listen and learn.\u0026rdquo;\nIt also explains: \u0026ldquo;Criticizing you instead of your code is not okay, so if that happens, call out for help, please.\u0026rdquo; It uses many words for that, because somehow most non-infrastructure people are not used to this.\nThere is a certain type of experience associated with this kind of mindset. \u0026ldquo;Who here remembers this one?\u0026rdquo; When I asked the original audience of the talk about this incident, about 2/3 of the audience raised their hands. \u0026ldquo;I was there!\u0026rdquo; was being shouted by a few people.\nThat was at that point in time 14 years ago.\nTen years earlier, at Friday, the 13. May of 2005, I had to shut down 2MW of compute at the web.de data center, turning off the email for 25 million customers, because of a complete loss of cooling in the Data Center. We handled the incident, turned off the entire data center in less than 20 minutes in a chaotic rumble, and then back on to basic functionality with another two hours of work. Fully redundant and properly configured setup was reached again on Saturday, the 14th, around noon.\nPeople in the audience also remembered that one.\nOf course, Infrastructure developers are averse to change. Change introduces unknown behavior, and unknown operating conditions.\nOf course, if you are always ever judged by your failures, you focus on failure cases and how they are handled.\nThis does not have to be a contradiction, though. A sequence of rapid small changes acutally makes deployment risk smaller, and allows you to fail safely in many cases - in all cases, even, with a bit of engineering and good practice - see above, the discussion about events, monitoring and separation of rollout and activation.\nPlanning for change and budgeting downtime can help a lot, even. Internally, we teach this as shown in the slides below: We have a failure budget, in lost potential income, and we expect to make use of it, even.\nWe look at what happened in a blameless postmortem process, and then write down what the takeaways from the outage are - how do we need to change processes, how to we need to improve monitoring and training, how do we need to fix code in order for that failure and that class of failure to go away?\nWe talk about the concept of \u0026ldquo;Careful Carelessness\u0026rdquo;, which is what allows you to jump out of a plane several thousand meters up in the air, more than once.\nThe \u0026ldquo;Careful\u0026rdquo; part of skydiving is important. You need training, you need to know and trust your buddies, you need a plan for safe landing, and you need alternative plans, tested and ready, and reviewed by others. You need to review their plans.\nThe core concept is to make changes \u0026ldquo;survivable\u0026rdquo;, and then be able to execute the entire process in a way that it can be done often, without hurting. What is a project elsewhere, a one-off thing with additional staffing and a deadline, is a process for us, routinely, repeatedly done as part of normal operations, all of the time.\nThis is what Devops is about: Making change a routine process of everyday operations.\n\u0026ldquo;Survivability\u0026rdquo; means to fail, or almost fail, but live to walk away and tell the tale. Because that is how we learn: When we succeed, we only confirm what we already know. When we fail, or almost fail, we learn a new thing, and we can share that experience with our peers.\nNot only do we learn from failure, we also share common history and experience, and that builds better communication, validates judgement, and builds trust. This is how you forge a team.\nTesting in production is okay, if you engineer for it, and make it survivable. Even outside of rollouts, you can increase resilience by introducing chaos and variabilty in procedures - don\u0026rsquo;t shut down systems cleanly, always jank them out of production, or even install the chaos monkey. Always test in production, and find ways to do this safely. Also, this will help you find dependencies and metrics that matter.\nMartin Seeger of NetUSE is famous for popularizing the proverb \u0026ldquo;Nobody wants Backup. Everybody needs Restore.\u0026rdquo; He wants to highlight the fact that Backups are just a cost center, and do not produce anything of value. The value - which needs to be proven - is in the successful Restore, and that is also what needs to be tested, constantly.\nOf course, if you automate, you do not need backups for anything besides the (clearly defined and isolated) state. You can rebuild your systems at will, in regular intervals, or for testing purposes, and then inject the actually unique state into them.\nAnd yet, they are still fighting And yet, Dev and Ops are still fighting.\nWhy is that?\nDevelopers tend to ignore operational complexity and toil, and often build from building blocks that look like rectangles on an architecture diagram, but are actually complex systems in themselves.\nThis is Openstack Monasca, Monitoring as a Service:\n\u0026ldquo;Monasca is an open-source multi-tenant, highly scalable, performant, fault-tolerant monitoring-as-a-service solution that integrates with OpenStack. It uses a REST API for high-speed metrics processing and querying, and has a streaming alarm engine and a notification engine.\u0026rdquo;\n\u0026ldquo;It uses a number of underlying technologies; Apache Kafka, Apache Storm, Zookeeper, MySQL, Vagrant, Dropwizard, InfluxDB and Vertica.\u0026rdquo;\nAt which point somebody in the audience usually shouts \u0026ldquo;Bingo!\u0026rdquo;. There are a number of questions here - for example, \u0026ldquo;How do you hire for this?\u0026rdquo;.\nOr, looking at this Openstack Infrastructure Diagram (simplified): How do you operate this under \u0026ldquo;system behavior in failure state\u0026rdquo; as a success metric - which is how Infrastructure people think.\nInfrastructure people see code like this coming in, and see people who package things they have not understood, taking on dependencies they do not know, and using practices that look like automated, repeatable procedures, but aren\u0026rsquo;t.\nThe first line installs Homebrew - \u0026ldquo;Download an unreviewed script from Github and feed it to a shell, executing random foreign commands on your system\u0026rdquo;.\nThe second example shows a Dockerfile executing, but what looks like a build procedure is really just downloading binaries in tar files from elsewhere, unpacking and piling them on top of each other in a badly specified binary patch procedure, without caring much what is in these packages and how it is being made.\nThe last example is part of an Openstack Puppet install, and downloads an actual operating system package, then NOT installing it, but unpacking it and copying individual unregistered files into a production system image.\nOr implementations of upgrade procedures with three nested loops (O(n^3) complexity), that work for l,m and n = 1 on a test laptop, but cannot possibly succeed in any production environment with significant values of l,m or n - clearly this has never seen an actual production environment.\nThis captures the essence of this mindset, cargo culting, containerism. Abstractions packed away deep in a fragile stack, and then in production suddenly breaking, taking down the entire technology Jenga tower.\nComputer science is weird - it is hard, despite the fact that it is the science of zeroes and ones. Nothing individually in computer science is ever hard. It literally is as simple as Jenga or Tetris, and like these, the complexity comes from the layers.\nI have an exercise where I let people list the dependencies for their application going down from the business level all the way down to the silicon, and then we count layers stacked on top of each other. We usually can identify about three dozen levels of abstractions being piled on top of each other, all of them trivial or almost trivial. And that is on an isolated system, keeping the vagaries of distributed systems out of the picture.\nSo when we think about complexity in computer science, we speak about epsilon-delta in non-linear systems with cascading dependencies: A tiny change here has catastrophic outcomes elsewhere, 20 layers up or down the stack. You add a line of code, the working set of your application no longer fits into the CPU cache of low end CPU models, and suddenly the performance difference between the same code running on a Silver or Gold Xeon model is factor 20 and nobody even knows why.\nThis is not a new complaint. Alan Perlis famously quipped this about LISP programmers in 1982: The level of abstraction in LISP in 1982 was so high that native LISP programmers with no insight into the implementation created similar situations to the previous cache scenario, regularly.\nIn closing: What changes?\nDevops means that Operations people become Infrastructure Developers. They are using the same tools that Feature Developers are using, but for a different purpose: For creating, scaling, maintaining and debugging the production environment of a project. For dealing with all the real world, failure related use-cases of a project.\nDevops means that the System Administrator as a job description goes away: There are only Infrastructure Developers now, or Operators - but these are people that follow instructions and will be ultimately replaced by machines soon.\nDevops means that as a System Administrator you have to learn the tools of a Developer, learn to automate, learn to talk to APIs, and learn how to apply Infrastructure thinking to other peoples codebases.\nAs a Devops Engineer, or Infrastructure Developer, it is your task to keep the entire stack in mind. Applying Infrastructure thinking to this means you know how that change 20 levels down in the stack affects production on a grander scale - because somebody has to know the details and understand all the dependencies.\nAs a Devops Engineer you also need to teach enthusiastic young people with a feature developer mindset how to touch candles , how to fail safely, in order to make them actually experience a problem class, instead of just abstractly knowing about it somewhere in the back of their mind.\nIf you do not do that, if you cannot do that, you will soon be replaced by a tiny shell script.\n","date":"2015-03-27T00:00:00Z","href":"https://blog.koehntopp.info/2015/03/27/go-away-or-i-will-replace-you.html","tags":["lang_en","devops","talk"],"title":"Go away, or I will replace you with a very small shell script"},{"categories":null,"content":"In 150 Jahren hat die Menschheit den Klimawandel und die Ressourcenknappheit, die uns noch bevorsteht, hinter sich gebracht. Diese 150 Jahre waren jedoch hart und kriegerisch, und ihr Resultat ist die Überwachte Welt. Neurale Interfaces, Augmentation oder schlicht Aug, ist verpflichtend, und nicht nur ein leistungsfähiges Interface für telepahie-gleiche Kommunikation, Telepräsenz und Datenzugriff, sondern auch der Zugang für Den Mechanismus, der Gewalt gegen andere Menschen erkennt und hart unterbindet.\nDie Zivilisation in Blue Remembered Earth hat sich die Erde zu Land und zu Wasser untertan gemacht und steht im Begriff das gesamte Sonnensystem zu besiedeln. Die Geschichte konzentriert sich auf das Schicksal der Akinya-Familie, ein Clan, der ein systemumspannendes Konglomerat beherrscht und speziell auf das Schicksal der Gründerin des Clans, Eunice Akinya. In einer Art Schnizeljagd nach dem Tod von Eunice schickt Reynolds ihre Enkel Geoffrey und Sunday durch das System, um Eunices wahres Erbe zu finden.\nDie politischen Machtblöcke im System bekommen davon Wind, und beginnen sich dafür zu interessieren, ob an Eunices Erbe etwas zu holen ist.\nNear Future, Near Earth Hard Scifi mit einem langsamen Pacing, die davon lebt, den Leser auf die Entdeckungsreise mitzunehmen, die Geoffrey Akinya macht, als er sich vom Elefantenforscher und Familien-Sonderlings-Dasein löst und sich für die Politik und die Machtbasis seiner Familie zu interessieren beginnt.\nDie Story hat Längen, und ist eigentlich Tourism, mit der Reynolds den Leser durch die Resultate seines Worldbuildings führt. Am Ende dann das Setup für die eigentliche Handlung in den späteren Teilen der Reihe (Teil 2 ist bereits erschienen, Teil 3 ist vorangekündigt). Das Buch ist auch stilistisch ungewöhnlich für Reynolds und liest sich teilweise mehr wie Brin als wie Reynolds.\n\u0026ldquo;Blue Remembered Earth \u0026rdquo; (Poseidons Children 1/3), Alastair Reynolds, EUR 6.66\n","date":"2015-02-14T00:00:00Z","href":"https://blog.koehntopp.info/2015/02/14/fertig-gelesen-blue-remembered-earth-poseidons-children.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Blue Remembered Earth (Poseidons Children)"},{"categories":null,"content":"In Brandon Sandersons \u0026ldquo;Firefight\u0026rdquo; geht es, wie der Name schon sagt, um Megan, die nach der Vernichtung von Steelhart aus Newcago verschwand. Die Geschichte führt den jetzt berümten David \u0026ldquo;Steelslayer\u0026rdquo; und die Reckoners nach Babylon Restored, vormals New York City. Babylon ist jetzt nicht nur durch die Kräfte der Wasser kontrollierenden Regalia überflutet, sondern auch mit wunderbaren, leuchtenden psychedelischen Pflanzen überwuchert.\nFirefight \u0026ldquo;Firefight\u0026rdquo; findet David im Konflikt mit den anderen Reckoners, denn nicht nur glaubt er in \u0026ldquo;Mitosis\u0026rdquo; einen Hinweis auf die Natur der Schwächen von Epics gefunden zu haben, sonder er glaubt auch, Megan davor bewahren zu können, als Epic Böses zu tun und sie schließlich zu retten - während die anderen Reckoners sie natürlich töten wollen, denn es ist schließlich die Aufgabe der Reckoners, die Welt von Epics zu befreien.\nSanderson wäre nicht Sanderson, wenn er nicht erfolgreich einen Plot Twist mehr abzöge als man vermutete. Wie dem auch sei, nicht nur bekommt man eine spannende Story mit gutem Pacing, sondern auch eine befriedigende Erklärung, warum manche Menschen Powers bekommen und zu Epics werden und andere nicht, und was der Unterschied zwischen einem Epic und einem Hero ist. Oh, und die leuchtenden Pflanzen und anderen komischen Effekte und die wahre Natur von Regalia werden ebenfalls offengelegt.\nTeures Buch, gute Unterhaltung.\n\u0026ldquo;Firefight \u0026rdquo;, Brandon Sanderson, EUR 10.76\n","date":"2015-02-14T00:00:00Z","href":"https://blog.koehntopp.info/2015/02/14/fertig-gelesen-firefight.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Firefight"},{"categories":null,"content":"Turns out people go insane by the way of identity loss if you provide remove too much of their own body in the process of giving them milspec cyber enhancements. Turns out that\u0026rsquo;s fixable by giving them a good backstory and themed identity. At least that is the premise that Chandler uses to excuse his merciless verbal sadism that brings us Nosferodents, Vampoules, Fearwolves, Frankenstitches and other Force Amplified Entities (FAE) of the Hermetic Extroy Division (Hex Divison). We are spared nothing.\nHexcommunicated Clearly, the setting and the premise of the story was conceived in a very late night drunken Shadowrun Roleplaying session. The execution, though, is a flawless and gripping thriller, a furious and blood drenched ride along the well tested trope of the classical theme of \u0026ldquo;rogue-team gone underground must save the world against all odds and without the ressources of their actual agency\u0026rdquo;.\nThe book is too short, and it cries for a sequel. Buy it under all circumstances, even if only to encourage Rafael Chandler to write more. Because he\u0026rsquo;s good.\n\u0026ldquo;Hexcommunicated \u0026rdquo;, Rafael Chandler, EUR 2.99\nDisclosure: I received a free electronic copy of this book for review from the author.\n","date":"2015-02-14T00:00:00Z","href":"https://blog.koehntopp.info/2015/02/14/fertig-gelesen-hexcommunicated.html","tags":["lang_en","book","media","review","scifi"],"title":"Fertig gelesen: Hexcommunicated"},{"categories":null,"content":"\u0026ldquo;Grimm\u0026rdquo; trifft auf \u0026ldquo;Libriomancer\u0026rdquo;: Die Geschichten unserer Kindheit, die Sagen unserer Vorväter, die Märchen der Gebrüder Grimm sind wahr. Oder können es ständig werden. Denn wenn wir nicht aufpassen, kommt es zu einer memetischen Invasion, dem Eindringen der Märchen in die Realität.\nAber die Realität ist kein Märchen, und während Grimms Meme junge Mädchen dazu zwingen können, sich in den Finger zu stechen und in ein theoretisch hundert Jahre dauerndes Koma zu fallen, überleben Mädchen in der Realität nicht so lange und verhungern bereits nach kurzer Zeit.\nGeschichten und Realität auseinander zu sortieren, das ist die Aufgabe des ATI ( Aarne Thompson Classification System ) Management Bureaus, und ATI Agenten spüren die Opfer eines memetischen Eindringens auf und bringen die Geschichten aus der Spur, damit die Menschen, die zum Wirt solcher Meme geworden sind, ihr Leben weiterführen können. Die Vorgehensweisen mögen unorthodox sein, aber einen beginnenden Peter Pan-Ausbruch beendet man am einfachsten, indem man dem potentiellen Peter Pan seine kindliche Unschuld nimmt\u0026hellip; :-)\nIndexing hat seine Karriere als Kindel Serial begonnen. Das ist ein Buch, das man während seiner Entstehung halbfertig kaufen kann, nicht unähnlich einem Season Pass in iTunes, nur für Bücher. Und das merkt man beim Lesen auf zwei Arten: Zum einen sind die einzelnen Kapitel zusammenhängend und aufeinander aufbauend, aber zugleich auch semi-abgeschlossen. Zum anderen ist das Pacing der Story für ein geschlossenes Buch ungewöhnlich - wir werden ungewöhnlich lange im Dunkeln gelassen, was den übergreifenden Story Arc angeht, und dann in den letzten paar Kapiteln lernen wir, was es mit den Märchen und dem Monomyth , der viel mehr ist als Campbells Heldenreise, wirklich auf sich hat.\nDas Buch gab es in einer Ein-Euro-Aktion, und da habe ich zugeschlagen. Das war lohnend und ich bin gut unterhalten worden.\n\u0026ldquo;Indexing \u0026rdquo;, Seanan McGuire, 6.99 EUR\n","date":"2015-02-14T00:00:00Z","href":"https://blog.koehntopp.info/2015/02/14/fertig-gelesen-indexing.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Indexing"},{"categories":null,"content":"Mary Sue Alarm: Jack Gregory war ein hoch begabter CIA Special Operative, bevor er in Kalkutta tödlich verletzt wurde. Auf der Schwelle zum Jenseits macht ihm eine seltsame transdimensionale Dämonenkreatur ein Angebot, daß er nicht ablehnen kann und er kehrt unter die Lebenden zurück, mit einem Gefahrensinn und übernatürlichem Timing, daß ihn alles noch viel heldenhafter macht.\nDas erlaubt es ihm, auf der Suche nach dem geheimnisvollen, aber für die weiteren Ereignisse auch unwichtigen Artefakt gegen einen Haufen südamerikamische Klischee-Nazi-Überlebende anzutreten und auch sonst von einem Bond-Szenario in das nächste zu fallen.\nWährend die Rho Agenda (The Second Ship, Immune und Wormhole) eine Jugendbuchreihe war, geht Once Dead und Dead Wrong klar auf Erwachsene, die sonst auch gerne James Bond oder Geschichten von Clancy gelesen hätten. Der Schreibstil und die Erzählweise ist cinematisch und eigentlich schreit die Geschichte nach einer aufwendigen Verfilmung. Das würde der FridgeLogic in den Büchern auch besser tun.\nUrlaubslektüre (Malta in meinem Fall). Ich bereue nichts.\n\u0026ldquo;Once Dead \u0026rdquo;, Richard Philips, EUR 6.99 \u0026ldquo;Dead Wrong \u0026rdquo;, Richard Philips, EUR 4.99 Auch bald:\n\u0026ldquo;Dead Shift \u0026rdquo;, Richard Philips, EUR 4.99 ","date":"2015-02-14T00:00:00Z","href":"https://blog.koehntopp.info/2015/02/14/fertig-gelesen-once-dead-und-dead-wrong.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Once Dead und Dead Wrong"},{"categories":null,"content":"Unter der Magie der Geschichten und Bücher liegt die Magie des Gewebes der Welt. Im dritten Teil der Libriomancer-Geschichten von Jim C. Hines lernen wir endlich, wie das alles zusammenhängt. Dazu schickt Hines seinen Helden und seine verschiedenen Begleiterinnen auf einen regelrechten Höllenritt gegen eine potentielle Göttin und die Gefechtszone zweier übermächtigter Fraktionen - die Porter und die Studenten von Bi Sheng, und er macht keine Gefangenen.\nUnbound Am Ende ist die Welt eine andere, denn in den magischen Kämpfen der verschiedenen Parteien gelangt das Geheimnis der Magie der Bücher an die Öffentlichkeit und es wird, daß \u0026ldquo;Autor\u0026rdquo;, also jemand, der die Realität umschreiben kann, wenn nur genügend andere daran glauben, eine waffenscheinpflichtige Tätigkeit ist…\nDie ersten beiden Bücher waren Spaß, aber der dritte Band ist hart, dunkel, und blutig. Es geht um nichts weniger als um die Geburt einer neuen Welt und den Tod der alten Welt und die Vernichtung einer Göttin, und so etwas geht nun einmal nicht ohne Schmerzen, Blut und Schreie ab.\nWas immer Ihr nach den ersten beiden Büchern der Serie habt, dieses Buch wird sie nicht erfüllen. Es ist besser.\n\u0026ldquo;Unbound \u0026rdquo;, Jim C. Hines, 11.99 EUR\nTrigger Warning: Depression\nMehr Reviews:\nLibriomancer Codex Born Unbound Revisionary ","date":"2015-02-14T00:00:00Z","href":"https://blog.koehntopp.info/2015/02/14/fertig-gelesen-unbound.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Unbound"},{"categories":null,"content":"Diese Woche ist Premiere von 50 Shades, und das offenbar auch noch auf der Berlinale mit einer Special Gala . Passend dazu rollte durch meine Tumblr dieses Post .\nDort verweist die inzwischen sehr erwachsene Mara Wilson (Mrs. Doubtfire, Matilda) auf \u0026ldquo;The Boss\u0026rdquo; von Abigail Burnette. Das Buch ist auf Amazon als Serieneinstieg kostenfrei zu bekommen.\n50 Shades ist ja die Story von Twilight mit kaum abgefeilten Seriennummern in ein \u0026ldquo;BDSM\u0026rdquo;-Setting transponiert - die Bücher zum Film haben als Fanfiction angefangen und die Namen der handelnden Personen und einige Details sind dann minimal geändert worden, um rechtliche Probleme zu vermeiden (Wikipedia ). Die emotionale Erpressung, Rape Culture und der Mißbrauch, den Twilight promoted (Dieser und Dutzende andere Artikel) wird dadurch noch deutlicher hervorgehoben.\n\u0026ldquo;The Boss\u0026rdquo; erzählt ebenfalls eine Geschichte zwischen zwei sehr unterschiedlich alten, unterschiedlich reich und mächtigen Personen, die eine Beziehung eingehen und sich dabei mit BDSM-Elementen vergnügen. Ähnlich wie in 50 Shades ist die Basis eine andere Geschichte mit abgefeilten Seriennummern - in \u0026ldquo;The Boss\u0026rdquo; beginnt das Setting a la \u0026ldquo;The devil wears Prada\u0026rdquo; - Sophie, die Heldin der Geschichte, ist eine Assistentin von Gabriella Winters, Herausgeberin des Modemagazin #1 Porteras in New York. Die Zeitung wird verkauft, und der Käufer ist, wie Sophie bald bemerkt, ihr One-Night-Stand von vor sechs Jahren, der in Wahrheit kein hungernder Künstler, sondern Multimillionär und Zeitungsmagnat ist. Sophie läßt ihre Affäre wieder aufleben, was kompliziert genug ist, da Arbeitsbeziehung, Altersunterschied und Statusunterschied sowie eine Reihe weiterer Verwicklungen das nicht gerade leichter machen.\nAnders als bei 50 Shades sind die involvierten Figuren bei \u0026ldquo;The Boss\u0026rdquo; jedoch Erwachsene und keine emotionalen Krüppel. Stattdessen reden sie miteinander, kommunizieren ihre Bedürfnisse und Absichten und versuchen, aneinander zu wachsen und zu verstehen. Außerdem kann die Autorin des Buches schreiben, was auch sehr hilft.\nMara\u0026rsquo;s Tip war gut: 96% weniger ekelig als 50 Shades. Geht nicht in 50 Shades, lest lieber dieses Buch. Die Zeit ist besser angelegt.\n\u0026ldquo;The Boss \u0026rdquo;, Abigail Barnette, 0.00 EUR (kostenlos)\n","date":"2015-02-08T00:00:00Z","href":"https://blog.koehntopp.info/2015/02/08/fertig-gelesen-the-boss.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: The Boss"},{"categories":null,"content":"Nach Rafael Chandler s \u0026ldquo;Astounding Antagonists\u0026rdquo; nun ein zweites Buch, das sich mit dem Konzept der Superhelden auseinandersetzt.\nIn Sandersons Welt bekommen gewöhnliche Menschen plötzlich Superhelden-Fähigkeiten, werden aber zu machthungrigen unmenschlichen Superschurken - \u0026ldquo;Epics\u0026rdquo;, wenn sie diese benutzen. Und so kommt es, daß die Menschheit binnen kürzester Zeit in eine Reihe von von Epics dominierten Diktaturen zerfällt.\nEine Gruppe gewöhnlicher Menschen, die Reckoners, machen sich auf die individuellen Schwächen jedes einzelnen Epics herauszufinden und diese zu töten, um die Menschheit zu befreien.\nIn Steelheart wird das Worldbuilding erledigt und die Hintergrundgeschichte etabliert. Ein paar grundlegende Regeln der Weltmechanik werden niedergelegt - wie man das von Sanderson gewohnt ist, passiert das nebenbei und ohne das Erzählen der eigentlichen Geschichte durch langes Expose zu unterbrechen.\nMitosis ist eine kürzere Geschichte, die eine Art Intermezzo zwischen Steelheart und dem in Kürze erscheinenden Firefight darstellt. In ihr wird das Regelwelt des Worldbuilding bestätigt und um eine wichtige Beobachtung erweitert.\nEine andere Sicht als bei Chandler auf ein sehr ähnliches Thema und gerade im Vergleich sehr spannend, aber natürlich auch eigenständig gelesen ein ausgezeichnetes Buch in gewohnter Sanderson-Qualität.\nSehr zu empfehlen.\nBrandon Sanderson, \u0026ldquo;Steelheart \u0026rdquo;, EUR 5.98\nBrandon Sanderson, \u0026ldquo;Mitosis \u0026rdquo;, EUR 1.21\n","date":"2014-12-30T00:00:00Z","href":"https://blog.koehntopp.info/2014/12/30/fertig-gelesen-steelheart-mitosis.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Steelheart, Mitosis"},{"categories":null,"content":"Die Idee: Fantasy mit Zwergen und Elfen in einem Fantasie-Weltraum. Die Ausführung: Leider auf eine Weise, die meine Suspension Of Disbelief zerstört, und eine Schreibweise und Storyführung, die mir auf die Nerven geht.\nDNF. Zum Glück nicht mal ein Euro, Schade um die Zeit.\n\u0026ldquo;Voidhawk \u0026rdquo;, Jason Halstead, EUR 0.89\n","date":"2014-12-30T00:00:00Z","href":"https://blog.koehntopp.info/2014/12/30/fertig-gelesen-voidhawk.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Voidhawk"},{"categories":null,"content":"Superhelden sind ja immer auch die Verkörperung von Idealen, und wenn sie nur das sind, sind sie stumpfe Abziehbilder und langweilig. Allen voran der langweiligste Superheld von allen mit dem langweiligsten Namen von allen - Superman. In solchen Geschichten, und insbesondere in den Geschichten von Supie sind die Bösen nicht nur deswegen die interessanteren, weil sie die cooleren Kostüme haben, sondern auch, weil sie nicht auf die Verkörperung von Idealen beschränkt sind, sondern richtige Schicksale haben und sich - anders als der Titelheld - weiter entwickeln können.\nThe Astounding Antagonists Chandler nimmt dieses Prinzip, und stellt es doppelt auf den Kopf. Er erzählt aus der Perspektive der Villains, und er gibt seinen Helden, den \u0026ldquo;guten\u0026rdquo; wie den \u0026ldquo;bösen\u0026rdquo;, eine Hintergrundgeschichte und eine Entwicklung, viel Tragik und eine Menge \u0026ldquo;Joan Osborne - One Of Us\u0026rdquo; .\nAm Ende gewinnen die Repräsentanten der gefährlichsten Konzepte überhaupt, die Verkörperung des menschliche Erfindungsgeist und der menschlichen Sturheit auf der einen Seite, und die Verkörperung von Humor und Mitgefühl auf der anderen Seite. Aber zu dem Zeitpunkt ist es schon gar nicht mehr entscheidbar, und auch nicht mehr wichtig, ob das die Guten oder die Bösen sind.\nGut investierte 4 Euro. Spannend und auf eine erbauliche und zugleich Gebäude erschütternde Weise weihnachtlich. :-)\nRafael Chandler​​​, \u0026ldquo;The Astounding Antagonists \u0026rdquo;, EUR 2.99\n","date":"2014-12-13T00:00:00Z","href":"https://blog.koehntopp.info/2014/12/13/fertig-gelesen-the-astounding-antagonists.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: The Astounding Antagonists"},{"categories":null,"content":"Graeber erklärt die Herkunft von Geld und Schuld, wie sie unser Denken und unsere Sprache geprägt haben und wieso Schulden nicht so funktionieren und nicht so entstanden sind, wie libertäre Volkswirtschafter es gerne darstellen. Auf dieser Basis diskutiert er die politischen Auswirkungen von Schulden im Kleinen und im Großen.\nLesebefehl: Wenn Ihr nächstes Jahr nur ein Buch lest, lest dieses.\n\u0026ldquo;Debt , the first 5000 years\u0026rdquo;, David Graeber, EUR 1.49\n","date":"2014-12-11T00:00:00Z","href":"https://blog.koehntopp.info/2014/12/11/fertig-gelesen-debt-the-first-5000-years.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Debt, the first 5000 years"},{"categories":null,"content":"\u0026ldquo;1491\u0026rdquo; ist ein Buch, daß versucht zu verstehen und zu erklären, wer auf den beiden amerikanischen Kontinenten gelebt hat, bevor die spanischen, portugiesischen und englischen Eroberer ankamen und wie diese Personen gelebt haben. Das Buch gliedert sich grob in drei Teile, die die Frage klären, wie viele Leute dort gelebt haben (Das Buch vertritt die These, daß die amerikanischen Kontinente wesentlich dichter bevölkert waren als Europa zu dieser Zeit), seit wann sie dort gelebt haben (Das Buch vertritt die These, daß es drei Einwanderungswellen gegeben hat, von denen die erste wesentlich älter ist, als man gemeinhin annehmen mag - nämlich vor oder zum Beginn der letzten großen Eiszeit) und wie sie dort gelebt und überlebt haben (Das Buch zeigt eine Reihe von Artefakten, die auf Kulturtechniken und Staaten mit von europäischen Kulturen vollkommen Techniken und Schwerpunkten hindeuten. Es zeigt auch, daß die Landschaften, die die europäischen Eroberer vorgefunden haben, verwilderte, von Seuchen entvölkerte, postapokalyptische Kulturlandschaften sind).\n1491, Charles C. Mann Die meisten dieser Ergebnisse basieren auf Forschungsergebnissen der letzten 25 bzw. 15 Jahre, sind also recht neu, aber der umfangreiche Anhang untermauert die Darstellungen im Buch recht gut. Am Ende bleibt die Erkenntnis, daß die Krankheiten und Keime, die von den Eroberern und ihren Tieren eingeschleppt worden sind, weitaus tödlicher waren als angenommen, und nicht nur Menschen, sondern ganze Erkenntnissysteme und Kulturen mehr oder weniger spurlos ausgelöscht haben.\nSehr spannend, sehr deprimierend, sehr dringende Leseempfehlung.\n\u0026ldquo;1491 \u0026rdquo;, Charles C. Mann, EUR 9.82\n","date":"2014-12-01T00:00:00Z","href":"https://blog.koehntopp.info/2014/12/01/fertig-gelesen-1491.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: 1491"},{"categories":null,"content":"Eine weitere Geschichte im Aetherwelt-Universum von Anja Bagus, und insbesondere eine, die auch den Metaplot weiter vorantreibt und in dem von ihr geschaffenen Universum weiter für Eskalation sorgt. Handwerklich schön gemacht und gut zu lesen, spielt sich vor dem Hintergrund eines Hotels im Hochschwarzwald und unter Aufnahme von Mythen und Märchen der Region ein Konflikt zwischen verschiedenen Parteien der Aetherwelt ab, bei dem wir als Leser mehr über das Wesen und die Macht der Magie in ihrer Welt lernen.\nAngenehm zu lesen und spannend, bei dem Preis ein echtes Schnäppchen.\n\u0026ldquo;Waldesruh \u0026rdquo;, Anja Bagus, EUR 3.99\n","date":"2014-12-01T00:00:00Z","href":"https://blog.koehntopp.info/2014/12/01/fertig-gelesen-waldesruh.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: Waldesruh"},{"categories":null,"content":"Eine kurze Sammlung von Kurzgeschichten, die ein größeres Ganzes ergeben. Spannend, lustig, ein wenig hakelig, hängt sich die Story schematisch an Charles Stross \u0026ldquo;Laundry\u0026rdquo; - Bürokratie rettet den Tag, oder gar die ganze Welt vor Monstern aus den Zwischendimensionen.\n\u0026ldquo;The Bureau of Substandards Annual Report \u0026rdquo;, Sabrina Chase, EUR 2.68\n","date":"2014-11-26T00:00:00Z","href":"https://blog.koehntopp.info/2014/11/26/fertig-gelesen-the-bureau-of-substandards-annual-report.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: The Bureau of Substandards Annual Report"},{"categories":null,"content":"Nachdem Auri im zweiten Teil von Kingkiller immer wichtiger wurde, hat sie im Kopf von Patrick Rothfuss drin ein gewisses Eigenleben entwickelt. \u0026ldquo;The Slow Regard of Silent Things\u0026rdquo; ist Buch 2.5 von Kingkiller und führt den Story Arc nicht weiter. Stattdessen ist das Buch ein Blick in den Kopf von Auri, und eine literarische Abandoned Places Expedition in The Underthing unter der Universität.\nThe Slow Regard of Slient Things Das Buch ist geeignet für Leser von Kingkiller, also Leute die \u0026ldquo;The Name of the Wind\u0026rdquo; und \u0026ldquo;The Wise Man\u0026rsquo;s Fear\u0026rdquo; bereits gelesen haben. Leute, die die beiden Bücher nicht kennen werden mit diesem Buch nichts anfangen können. Ihnen sei Patrick Rothfuss dennoch ans Herz gelegt, aber es lohnt sich, seine Reihe vorne anzufangen. In jedem seiner Bücher kann man sich jedoch an der Sprache genau so wie am Pacing und am Storytelling berauschen.\nBei \u0026ldquo;The Slow Regard of Silent Things\u0026rdquo; kommen außerdem noch die ganz wunderbaren und überaus zahlreichen Illustrationen von Nate Taylor dazu, siehe auch Marvel at the Artwork of… Unbedingt lesen!\n\u0026ldquo;The Slow Regard of Silent Things \u0026rdquo;, Patrick Rothfuss, EUR 8.99\n","date":"2014-10-28T00:00:00Z","href":"https://blog.koehntopp.info/2014/10/28/fertig-gelesen-the-slow-regard-of-silent-things.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: The Slow Regard of Silent Things"},{"categories":null,"content":"Dies ist ein sehr sperriges Buch, das sich zwar Zeit in seinen Erklärungen nimmt, sich aber andererseits wenig Mühe gibt, seinen Punkt in allgemein verständlicher Sprache zu machen. Wolin erklärt, was er mit dem Begriff \u0026ldquo;Inverted Totalitarism\u0026rdquo; meint und beschreibt dann die emergenten Mechanismen, die nach 9/11 dazu geführt haben, wie aus American Superpower eine Corporate Superpower wurde, und wie diese sich mit dem Muster des Totalitarismus anders als dieser an die Macht geschlichen hat und wie sie die Macht genau anders herum als dieser strukturiert.\nDemocracy Incorporated Wolin definiert Totalitarismus als ein System, wo sich alle Bereiche des Staates, insbesondere auch die Wirtschaft, der Politik unterzuordnen haben und in dem eine Gleichschaltung und politische Dauer-Mobilisierung der Bürger durch die Politik für die Themen der Politik erfolgt.\nEr grenzt dazu das \u0026ldquo;inverted\u0026rdquo; ab, in dem er das aktuelle System beschreibt. In diesem ordnet sich genau anders herum Politik vollkommen den Interessen der Wirtschaft (den relevanten Teilen davon, also dem \u0026ldquo;miltärisch industriellen Komplex\u0026rdquo; von Eisenhower) unter. Außerdem gibt eine politische Demobilisierung der Wählerschaft, also ein gewolltes Desinteresse der Wähler an der Politik, und es gibt keine Gleichschaltung von oben und abweichende Meinungen werden nicht nur toleriert, sondern auch gefördert, solange sichergestellt ist, daß sie kein politisches Gewicht bekommen.\nAmorphe, dauerhafte Bedrohungen (\u0026ldquo;Terror!\u0026rdquo;, \u0026ldquo;Ebola!\u0026rdquo;, \u0026ldquo;Die organisierte Kriminalität\u0026rdquo;) sind dabei die Instrumente, mit denen auf die Masse eingewirkt wird, wirtschaftliche Differenzierung (\u0026ldquo;Wohlstand nur bei Konformität\u0026rdquo;) die Instrumente, mit denen auf Individuen eingewirkt wird, um eine Einreihung statt einer Gleichschaltung zu erzeugen.\n\u0026ldquo;Democracy Incorporated: Managed Democracy and the Specter of Inverted Totalitarianism \u0026rdquo;, Sheldon S. Wolin, EUR 11.54\n","date":"2014-10-27T00:00:00Z","href":"https://blog.koehntopp.info/2014/10/27/fertig-gelesen-democracy-incorporated.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Democracy Incorporated"},{"categories":null,"content":"Das Buch erklärt die verschiedenen bronzezeitlichen Hochzivilisationen der Mittelmeeranrainer, und wie diese miteinander in Verbindung standen. Es belegt insbesondere auf der Grundlage historischer Quellen die Existenz und Struktur eines umfangreichen Handels über das Mittelmeer, und zeigt, wie intensiv dieser war und wie er organisiert war. Es wird deutlich, daß die Mittelmehranrainer keine isolierten Stämme waren, sondern ein reger internationaler Handel und eine starke Abhängigkeit der Nationen untereinander existierte.\n1177 B.C. - The Year Civilization Collapsed Das Buch schildert dann den multikausalen Zusammenbruch der verschiedenen Kulturzentren zwischen 1200 und 1100 BC als Systemversagen, eine Kettenreaktion, die durch Klimaveränderung und Dominoeffekte ausgelöst worden ist, und schließt mit einem Ausblick auf die Entstehung der Eisenzeit und wie diese sich soziokulturell von den Kulturen der Bronzezeit unterscheidet.\n\u0026ldquo;1177 B.C. - The Year Civilization Collapsed \u0026rdquo;, Eric H. Cline. EUR 7.99\n","date":"2014-10-04T00:00:00Z","href":"https://blog.koehntopp.info/2014/10/04/fertig-gelesen-1177-bc-the-year-civilization-collapsed.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: 1177 B.C. - The Year Civilization Collapsed"},{"categories":null,"content":"Eine klassische Reisereportage: Rose George fährt auf einem modernen Containerfrachter auf einer Handelsroute. Die verschiedenen Stationen nimmt sie zum Anlaß, über die Wandlung der Handelsmarine durch die Einführtung des Containers nachzudenken, die soziale Situation von Seeleuten, die Piraten vor Somalia, oder Maersk als Fracht-Firma und andere Aspekte der Containerindustrie. Ein spannender und kurzweiliger EInblick in einen zentralen und fast unsichtbaren Bestandteil unserer Welt.\n\u0026ldquo;Deep Sea and Foreign Going \u0026rdquo;, Rose George, EUR 6.49\n","date":"2014-10-04T00:00:00Z","href":"https://blog.koehntopp.info/2014/10/04/fertig-gelesen-deep-sea-and-foreign-going.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Deep Sea and Foreign Going"},{"categories":null,"content":"Ein Buch darüber, wie die Börse sich in den vergangenen 10 Jahren verändert hat, und warum sie nichts mehr mit den Ideen und Konzepten zu tun hat, die in unseren Köpfen existieren.\nEin Buch über Computertechnik, Nanosekunden, Latenz, und über Frontrunning und andere Konzept der Gewinnabschöpfung, und über legalen Betrug, der sich noch unregulierter oder durch Lobbies deregulierter Methoden bedient.\nEigentlich eine Pflichtlektüre für jeden, der wissen möchte, wie unsere Welt funktioniert.\n\u0026ldquo;Flash Boys \u0026rdquo;, Michael Lewis, EUR 8.49\n","date":"2014-10-04T00:00:00Z","href":"https://blog.koehntopp.info/2014/10/04/fertig-gelesen-flash-boys.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Flash Boys"},{"categories":null,"content":"EUR 3.80 und die war es nicht wert. Jede Menge verschenktes Potential. Irgendwo im Asteroidengürtel hängt seit Dekaden ein Alien-Schiff antriebslos rum, und endlich gelingt es einer Mission, dort hin zu kommen und es zu betreten. Doch es bleibt nicht bei einer Xeno-Archäologie-Mission, sondern es wird zu einer Erstkontakt-Mission.\nFluency Was eine spannende Geschichte, eine Begegnung mit dem Fremden hätte sein können, wird eine schlechter Schmachtroman mit platten Figuren und SciFi-Versatzstücken. Zeitverschwendung. Memo to self: Die Autorin in Zukunft vermeiden.\n\u0026ldquo;Fluency \u0026rdquo;, Jennifer Foehner Wells, EUR 3.80\n","date":"2014-10-04T00:00:00Z","href":"https://blog.koehntopp.info/2014/10/04/fertig-gelesen-fluency.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Fluency"},{"categories":null,"content":"Does what it says on the tin. Also, as a Genesis story for the FIMiverse, it kind of makes sense. Geek level is over 9000.\n\u0026ldquo;The God Empress of Ponykind\u0026rdquo;, iowaforever, free download @ http://www.fimfiction.net/story/62041/the-god-empress-of-ponykind ","date":"2014-10-04T00:00:00Z","href":"https://blog.koehntopp.info/2014/10/04/fertig-gelesen-the-god-empress-of-ponykind.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: The God Empress of Ponykind"},{"categories":null,"content":"Die Mitte der USA ist von mutierten Genmaisfeldern überwuchert, die zwar nicht eßbar sind, aber wichtigen Treibstoff für die fliegenden Inselstädte der Empyrean liefern. Unten leben in Armut, Verfall und Mutation die Heartlander, deren Situation nicht nur schlecht, aussichtslos und hoffnungslos ist, sondern auch laufend schlimmer wird - we get it, Chuck, aber Chuck bringt gute 2/3 seines Buches damit zu, Expose zu machen und seine Figuren in Stellung zu bringen.\nUnder the Empyrean Sky Dann endlich passiert ein bischen was, aber auch das ist alles nur Setup für den zweiten Teil. Den ich leider nicht lesen werde, weil ich zu genervt bin. Schade, denn ab hier könnte es vielleicht gut werden, aber wer weiß das schon.\n\u0026ldquo;Under the Empyrean Sky \u0026rdquo;, Chuck Wendig, EUR 5.99\n","date":"2014-10-04T00:00:00Z","href":"https://blog.koehntopp.info/2014/10/04/fertig-gelesen-under-the-empyrean-sky.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Under the Empyrean Sky"},{"categories":null,"content":" It’s gotten dark out, sliver moon over the lake but everything inland mostly blackness with occasional streetlights. The chill and the smell of woodsmoke remind her of Halloweens back in Lawrence. She can see her breath.\nShe figures it’s about fifty degrees Fahrenheit. Which—the Fahrenheit part—pisses her off. Violet will never be able to instinctively judge temperatures in Celsius. She wasn’t raised to. And being raised without the metric system is like being raised with a harness on your brain.\nIn metric, one milliliter of water occupies one cubic centimeter, weighs one gram, and requires one calorie of energy to heat up by one degree centigrade—which is 1 percent of the difference between its freezing point and its boiling point. An amount of hydrogen weighing the same amount has exactly one mole of atoms in it.\nWhereas in the American system, the answer to “How much energy does it take to boil a room-temperature gallon of water?” is “Go fuck yourself,” because you can’t directly relate any of those quantities.\nWild Thing ist ein Buch über Wissenschaft und unser Verhältnis zum Mysteriösen und Unbekannten, zu unserer Bereitschaft, zu Glauben statt die Wahrheit zu suchen.\nDr. Pietro Brnwa ist auf der Flucht vor der Mafia, und in einem Zeugenschutzprogramm. Er gerät an einen Multimilliardär, der ihn als Leibwächter an die Seite einer Paläolontologin stellt, die für ihn ein prähistorisches Monster in einem See irgendwo im Norden der Vereinigten Staaten finden soll. Die beiden geraten in eine verfallene und verzweifelte Stadt, in eine Verschwörung, und in eine Scooby Geschichte.\nSehr großartig geschrieben, mehr als ein Plot-Twist und ein großartiger Tanz mit der wissenschaftlichen Methode.\n\u0026ldquo;Wild Thing \u0026rdquo;, Josh Bazell\n","date":"2014-10-04T00:00:00Z","href":"https://blog.koehntopp.info/2014/10/04/fertig-gelesen-wild-thing.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Wild Thing"},{"categories":null,"content":"Kriminalgeschichte im Stile von Casablanca, die in einem dystopischen Europa 50 Jahre in der Zukunft spielt. Ein Europol-Kommissar und Ex-Soldat aus den Solarkriegen soll den Mord an einem Europarlamentarier aufklären, um im Laufe der Geschichte zu lernen, daß nichts in seinem Universum echt oder ehrlich ist.\nDrohnenland Was \u0026ldquo;The Circle \u0026rdquo; hätte sein können. Leseempfehlung, großartiges Buch.\n\u0026ldquo;Drohnenland \u0026rdquo;, Tom Hillenbrand, EUR 9.99\n","date":"2014-08-17T00:00:00Z","href":"https://blog.koehntopp.info/2014/08/17/fertig-gelesen-drohnenland.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Drohnenland"},{"categories":null,"content":"Does exactly what it says on the tin. Endlessly brillant. 89 cent.\nBuy. It. Now. Also, keep your sanity loss dice ready.\n\u0026ldquo;101 Cthulhu Mythos Haiku \u0026rdquo;, Marcus R. Gilman, EUR 0.89\n","date":"2014-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2014/08/11/fertig-gelesen-101-cthulhu-mythos-haiku.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: \"101 Cthulhu Mythos Haiku\""},{"categories":null,"content":"Eine Reise in die Geschichte und die Ursprünge des Rollenspiels und der Erzählspiele. D\u0026amp;D, Empires of the Petal Throne und was alles danach passierte, wieso wir uns in den 80er Jahren trotz des unsagbar schlechten Fernsehprogrammes nicht gelangweilt haben und viel zu viele Cover von Rollenspielbüchern.\nVieles hier wußte ich schon, manches nicht, anderes ist bestimmt besser recherchiert als ich mir für mich selber die Mühe gemacht habe. Eine gute Zusammenstellung und vor allen Dingen ein gutes Buch, um es seinen Eltern zu geben, um ihnen zu erklären, was ihr Kind damals vor 25 Jahren so gemacht hat. Oder was es mit manchen Aspekten von #awesomecosplay auf sich hat.\n\u0026ldquo;Drachenväter \u0026rdquo;, Tom Hillenbrand, Konrad Lischka, EUR 14.99\n","date":"2014-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2014/08/11/fertig-gelesen-drachenvater.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: \"Drachenväter\""},{"categories":null,"content":"Das Amt für Aetherangelegenheiten muß eine Serie von Mordfällen an Bord des fliegenden Spielcasinos Fortuna aufklären. Die Aufgabe fällt dem aethersensitiven, blinden Adligen Claudius zu, doch statt sich an die Fakten zu halten verstrickt er sich mehr und mehr in die ganze Geschichte.\nFortuna: Geschichten aus der Aetherwelt Eine kurze Geschichte, schnell und unterhaltsam erzählt, auch wenn man schon sehr bald ahnt, wie es ausgehen wird. Aber, hey, 99 Cent und mehr Aetherwelt. Da kann man nichts falsch machen.\n\u0026ldquo;Fortuna: Geschichten aus der Aetherwelt \u0026rdquo;, Anja Bagus, EUR 0.99\n","date":"2014-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2014/08/11/fertig-gelesen-fortuna-geschichten-aus-der-aetherwelt.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: \"Fortuna: Geschichten aus der Aetherwelt\""},{"categories":null,"content":" The door opened again, and Ship’s Surgeon Leonard McCoy came in. Without a word to anyone, he walked crookedly to the wall, leaned heavily against it, and said something that sounded like “Plergb hfarizz ungemby, and coffee.” Bones McCoy was not a morning person.\nHow much just for the planet? Pleep, the wall replied, and then pling for the delivery of Scott’s breakfast, and pling again for Spock’s. They sat down at the table with Kirk.\nThe captain had broken the yolk on one of his eggs, buttered his toast, and had his glass two-thirds of the way to his mouth before noticing that the liquid in the tumbler was blue.\nNot the deep indigo of grape juice, or the soothing azure of Romulan ale, but a luminous, electric blue, a color impossible in nature.\nKirk looked around the table. Scott and Spock were discussing some obscure engineering aspect of the bal—Deployable Practice Target. There didn’t seem to be anything wrong with their breakfasts; Scott’s black coffee was black, Spock’s juice was pale gold. Dr. McCoy was still waiting for his meal, watching the rest of them like a vulture with a hangover, but his stare had a distinctly unfocused quality. Maybe it was just the early hour, Kirk thought, a trick of the light or something. He looked at his juice again. Still blue.\nStarship captains are a special breed of beings who boldly go, et cetera. Kirk took a sip of the blue liquid. It tasted just like orange juice. It even had pulp that got caught in his teeth, just like orange juice.\nOne more look. Blue.\nThe wall plinged, and McCoy brought his tray to the table. Kirk looked at the doctor’s meal: there was a huge mug of coffee, a slab of Virginia ham, and an enormous heap of something else. The something else was orange, in the same way Kirk’s juice had not been orange: it was signal-flare orange, bright as a Christmas necktie. Kirk noticed that Spock and Scotty had stopped talking, and eating, and were looking intently at the orange mound on the doctor’s plate.\nOblivious, McCoy buttered the orange heap, sliced the ham, and went at them like a starving man.\nAfter a moment, Spock finished his crackers and cheese, stood up, and slipped his tray into the disposal slot. “Excuse me, Captain, Mr. Scott, Dr. McCoy. I have some preparations to make for the Target tests.”\n“Aye,” Scott said, watching McCoy eat as the syrup congealed around his own oatcakes. Kirk said “Of course, Spock.” McCoy said “Gmltfrbl.”\nKein Review mehr notwendig. Comedy Gold.\n\u0026ldquo;How Much for Just the Planet? \u0026rdquo;, John M. Ford, EUR 5.36\n","date":"2014-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2014/08/11/fertig-gelesen-how-much-for-just-the-planet.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: \"How Much for Just the Planet?\""},{"categories":null,"content":"AMQP, das Queueing-Protokoll, ist der zentrale Kommunikationsbus im verteilt arbeitenden Openstack-System: API-Server nehmen Arbeitsaufträge via Web-Interface oder REST-API entgegen, verwandeln sie in AMQP-Messages und die irgendwo im System laufenden Consumer arbeiten die Aufträge ab und geben Resultate zurück.\nNatürlich will man das ganze System betreiben ohne sich irgendwo ein ekeliges Erlang einzutreten, stellt dann aber schnell fest, daß QPid ein blöder Scheiß ist, der beim leisesten Windhauch umfällt. Rabbit dagegen läuft durch. Ok, was tun?\nDas Buch hier gibt einem ein solides Handle, um einen Rabbit sinnvoll betreiben, administrieren und debuggen zu können und diskutiert auch die wichtigsten Programmier-Paradigmen, mit denen man zu tun hat. Das ist gut, weil man mit Sicherheit auch im Code rumwühlen muß, wenn man ein Openstack am Hacken hat, denn fertig ist das noch lange nicht.\nEkeliges Thema, notwendiges Buch.\n\u0026ldquo;RabbitMQ Essentials \u0026rdquo;, David Dossot, EUR 9.37\nEDIT: Es gibt jetzt eine 2. Auflage: RabbitMQ Essentials: Build distributed and scalable applications with message queuing using RabbitMQ, 2nd Edition , Lovisa Johannsson und David Dossot, EUR 11.98\n","date":"2014-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2014/08/11/fertig-gelesen-rabbitmq-essentials.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: \"RabbitMQ Essentials\""},{"categories":null,"content":"Ausgehend von Ägypten blickt das Buch auf den Umgang der arabischen Welt mit der Sexualität in allen ihren Facetten und wie sie sich unter dem Einfluß des radikalen Islamismus verändert hat. Gerade auch die historische Perspektive auf Sexualtät und die Rolle der Frau im Kalifat ist spannend, weil sie zugleich den modernen Islamismus demaskiert als Gewalt gegen sich selbst und andere aus Unsicherheit.\nSex and the citadel Alles in allem sehr lesenswert und eine wertvolle Ergänzung zu The Veils Resurgence \u0026ldquo;Sex and the Citadel: Intimate Life in a Changing Arab World \u0026rdquo;, Shereen El Feki, EUR 7.04\n","date":"2014-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2014/08/11/fertig-gelesen-sex-and-the-citadel.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: \"Sex and the citadel\""},{"categories":null,"content":"Comanche. Das ist das Ute-Wort für \u0026ldquo;Feind\u0026rdquo;.\nEmpire of the Summer Moon Die Comanche waren einer der am einfachsten strukturierten Stämme der Prärien des Westens und von den anderen Stämmen an den Rand abgedrängt worden, bis sie um das 16. Jahrhundert herum die von Süden aufkommenden Pferde der Spanier für sich entdeckten und das Leben zu Pferde perfektionierten.\nDer Comanche des 18. Jahrhunderts lebt auf dem Rücken seines Pferdes, schießt Pfeile mit Metallspitzen mit einer Feuerrate von mehr als 20 Schuß pro Minute unter dem Hals seines Pferdes aus dem vollen Galopp, und trifft dabei mit 19 von 20 Pfeilen sein Ziel, auch auf Entfernung. Damit zwingen die Comanchen nicht nur die Apachen aus ihrem angestammten Gebiet und drängen die Spanier nach Süden zurück, sondern sie halten für ein halbes Jahrhundert auch die Eroberung des nordamerikanischen Kontinents durch die englischen Siedler aus dem Osten auf.\nErst durch Verbesserungen der Waffentechnik, den Colt und dem mehrschüssigen Hinterlader sowie die Büffel-Büchse gelingt es den Siedlern, die reitenden Stämme der Prärie zurückzudrängen, indem sie sie den Büffel als Nahrungsgrundlage der Stämme und die Indianer gleichermaßen abschlachten und in Reservate zurückdrängen. Beide Seiten gehen dabei in einem Krieg um nackte Existenz mit äußerster Brutalität vor.\nDas Buch zeichnet den Aufstieg und Fall der Comanche anhand der Schicksale von Cynthia Ann Parker und ihrem Sohn, Quanah Parker. Cynthia Ann Parker wurde bei einem Überfall der Comanche auf Fort Parker, Texas geraubt und wächst bei den Comanche unter dem Namen Nauta (\u0026ldquo;Findelkind\u0026rdquo;) auf. Sie heiratet Peta Nocona, einen Häuptling der Comanche, und hat mit ihm mehrere Kinder, darunter Quanah Parker, den letzten Häuptling der Comanche in Freiheit.\nEin Sachbuch, das einmal wieder demonstriert, daß die Realität jeden Roman schlägt. Ein Buch über Imperien und ihren Aufstieg und Niedergang. Ein Buch, daß zeigt, wie jung die USA eigentlich sind. Ein Buch über Militärgeschichte und Waffentechnik. Und ein Buch über brutalste Realpolitik auf beiden Seiten einer Frontlinie.\n\u0026ldquo;Empire of the Summer Moon \u0026rdquo;, S. C. Gwynne, EUR 7,16\n","date":"2014-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2014/08/11/fertig-gelesen-empire-of-the-summer-moon.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Empire of the Summer Moon"},{"categories":null,"content":"Ja, da kann man mal sehen, wie weit ich mit den Reviews hinterher bin. Schwarze-Helikopter-Agencies kommen in allen Suarez-Büchern vor, in diesem haben sie sich der Unterdrückung von die Menschheit destabilisierenden Technologien verschrieben. Davon gibt es seit den 60er Jahren des letzten Jahrhunderts eine Menge, denn die Menschen sind weitaus erfinderischer als nach Meinung des zuständigen Büros gut für sie ist.\nInflux Jetzt beginnt die Technik aber zu leaken, und es kommt zu einem Showdown. Muß unbedingt verfilmt werden, jede Menge richtig große Explosionen und nicht zu viel innere Logik. Leider auch eine Ecke zu viel Torture Porn.\n\u0026ldquo;Influx \u0026rdquo;, Daniel Suarez, EUR 10,34\n","date":"2014-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2014/08/11/fertig-gelesen-influx.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Influx"},{"categories":null,"content":"League of Extraordinary Gentle(wo)men done right, meets X-Men, meets Wild-Wild West. Larger-than-life steampunk universe with cheesy supervillain opponents forces a Mary-Sueish rich and overly able brooding enlisch Peer to form a team of mutants fighting the cunning \u0026ldquo;Machinst\u0026rdquo;, saving the Empire.\n\u0026ldquo;The Girl in the Steel Corset \u0026rdquo;, #1\nTeam formation, introduction of the mysterious supervillain, Storytelling Focus on Finley Jayne, the daugher of Dr. Jekyll/Mr. Hyde. Girl with Superpowers has to choose between the brooding rich guy with a dark secret and the smart and witty underworld boss.\n\u0026ldquo;The Girl in the Clockwork Collar \u0026rdquo;, #2\nTeam acts as a group, Storytelling Focus on Jasper Renn and the alleged murder in his background.\n\u0026ldquo;The Girl with the Iron Touch \u0026rdquo;, #3 (oder #5, mit den Kurzbüchern)\nStorytelling Focus on Emily and her relationship to Sam, and also her machine empathy powers. Back in London, the story expands on The Machinist and his creations\u0026hellip;\n\u0026ldquo;The Girl with the Windup Heart \u0026rdquo;, #4 (oder #7 mit den Kurzbüchern)\nStorytelling Focus on the Mila No-longer-Droid, and finally a showdown on the Machinist Arc.\nCinematigraphic Steampunk Storytelling, cliche-ridden, but entertaining, provided that you do not read all the books in one go.\n","date":"2014-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2014/08/11/fertig-gelesen-kady-cross-the-girl-with-the.html","tags":["lang_en","book","media","review","steampunk"],"title":"Fertig gelesen: Kady Cross \"The Girl with the ...\""},{"categories":null,"content":"danah boyd ist eine sehr praktisch orientierte Soziologin, die sich unter anderem mit dem Kommunikationsverhalten von Kindern und Jugendlichen auseinandersetzt, insbesondere im Zusammenhang mit sogenannten \u0026ldquo;neuen Medien\u0026rdquo;. Ihr Buch \u0026ldquo;It\u0026rsquo;s complicated\u0026rdquo; ist eine Fortsetzung und Erweiterung der Aufsätze zu dem Thema, die man in ihrem Blog finden kann, und sollte insbesondere für gewisse \u0026ldquo;ZOMG, die Kinder!\u0026quot;-Aktivisten in der Politik Pflichtlektüre sein.\nIt\u0026rsquo;s complicated Alles in allem eine dringende Leseempfehlung.\n\u0026ldquo;It\u0026rsquo;s complicated\u0026rdquo;\nIdentity \u0026ldquo;Why do teens seem strange online?\u0026rdquo; Privacy \u0026ldquo;Why do you share so publicly?\u0026rdquo; Addiction \u0026ldquo;What makes teens obsessed with social media?\u0026rdquo; Danger \u0026ldquo;Are sexual predators lurking everywhere?\u0026rdquo; Bullying \u0026ldquo;Is social media amplifying meanness and cruelty?\u0026rdquo; Inequality \u0026ldquo;Can social media resolve social divisions\u0026rdquo; Literacy \u0026ldquo;Are today\u0026rsquo;s youth digital natives?\u0026rdquo; Searching for a public of their own \u0026ldquo;It\u0026rsquo;s complicated \u0026rdquo;, Danah Boyd, 13.37 EUR (sic!)\n","date":"2014-02-07T00:00:00Z","href":"https://blog.koehntopp.info/2014/02/07/fertig-gelesen-its-complicated.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: \"It's complicated\""},{"categories":null,"content":"Ein SciFi-Roman über Buchhaltung in einer interstellaren Gesellschaft ohne FTL-Reisen. Wie kann man in so einem Umfeld Finanztransaktionen über Lichtjahre abwickeln, Investments und Kredite über Jahrhunderte vorfinanzieren und Verträge zwischen Entities schaffen, die sich konstruktionsbedingt nie treffen können?\nNeptune\u0026rsquo;s Brood Und wie sieht Betrug über Dutzende von Lichtjahren und zwei Jahrtausende aus?\nCharles Stross schafft es, aus diesen Zutaten eine Geschichte zu konstruieren und diese sogar spannend zu machen. Ich bin enorm beeindruckt. Gut angelegtes Geld, im wahrsten Sinne des Wortes\u0026hellip;\n\u0026ldquo;Neptune\u0026rsquo;s Brood \u0026rdquo;, Charles Stross, EUR 11.99\n","date":"2014-01-29T00:00:00Z","href":"https://blog.koehntopp.info/2014/01/29/fertig-gelesen-neptunes-brood.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: \"Neptune's Brood\""},{"categories":null,"content":"Wright vertritt die These, daß Makro-Geschichte eine Richtung oder Weiterentwicklung oder zumindest ein Thema hat, auch wenn es auf der Mikroebene immer wieder Rückschritte oder lokale Abweichungen gibt. In der Spieltheorie gibt es Nullsummen-Spiele, bei denen eine Partei nur auf Kosten einer anderen Partei Gewinne machen kann, und es gibt Nicht-Nullsummenspiele, bei denen beide Parteien nur durch Kooperation Gewinne machen können (dann aber beide) oder halt beide gemeinsam verlieren.\nWright interpretiert die Geschichte jetzt als eine Folge von immer mehr und immer größeren Nicht-Nullsummenspielen, also als eine Abfolge von mehr und besserer Kooperation durch verbesserte Kommunikation und Integration, Aufbau von Abhängigkeiten und Arbeitsteilung, Spezialisierung.\nDie lokalen Abweichungen und Rückschritte sind für ihn Nullsummenspiele innerhalb der größeren Nicht-Nullsummenspiele, bei denen es Streit um die Verteilung der erwirtschafteten Kooperationsgewinne gibt. Kommt es dabei zu zu unfairen oder einseitigen Spielausgängen, ist die resultierende Situation in der Regel so instabil, daß es zu Konflikten kommt, die oft das größere Kooperationsspiel zum Stillstand bringen\u0026hellip;\nSeine Argumentation ist mir plausibel und eine viel größere und umfassendere Version von Dingen, die denen ich nur in kleinerem Maßstab begegnet bin (Wieso wir uns veröffentlichen ). Sie resoniert auch mit bestimmten Argumentationslinien der #Spackeria - etwa, wenn diese sagt, daß Big Data nun einmal da ist und auch nicht wieder weg gehen wird, sondern nur immer billiger zu machen sein wird, und die Antwort daher nicht Datenschutz sein kann, sondern nur Offenlegung und Regulierung der Gewinne aus der Verdatung aller Aktivitäten. Wright hat eine Menge Beispiele, wie dies kein neuer Konflikt ist, sondern in der Vergangenheit regelmäßig gelöst worden ist.\n\u0026ldquo;Nonzero - The Logic of Human Destiny \u0026rdquo;, Robert Wright, EUR 9.02\n","date":"2014-01-29T00:00:00Z","href":"https://blog.koehntopp.info/2014/01/29/fertig-gelesen-nonzero.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: \"Nonzero - The Logic of Human Destiny\""},{"categories":null,"content":"\u0026ldquo;The Circle\u0026rdquo; ist eine hypothetische Google-Facebook-Twitter-Nachfolgefirma und der Star des Silicon Valley. Die Firma hat sich totale Transparenz und umfassende Datenerfassung auf die Fahnen geschrieben. Mae Holland fängt durch Beziehungen bei The Circle an und wird auf Grund konstruierter Verwicklungen dort durch die Abteilungen geschoben und über die Zeit zum Firmenmaskottchen.\nAber die Handlung ist irrelevant. Dave Eggers ist auf einer Mission, und bastelt daher einen hölzernen Lehr-Roman ohne relevante Handlung oder glaubhafte Personen. Die Handelnden (denn Personen sind es nicht) haben zum Teil Neurosen von Seinfeld-Ausmaßen ohne daß es wie bei Seinfeld Komik-Potential hat, und die Verwicklungen sind konstruiert.\nIn einer Szene bekommt Mae zum Beispiel Probleme, weil sie eine Einladung über ein Social Network zu einem Event, für das sie sich nicht angemeldet hat und für das ihr interesse nur inferiert war, nicht beachtet hat und sie weder angenommen noch abgelehnt hat. Jeder, der nur 20 Sekunden lang online gewesen ist, wird solchen Social Spam genau so behandeln, und niemand macht deswegen irgendein Problem, weil es das ist, was man macht. Von diesen konstruierten Problemen stapelt Eggers eines auf das nächste, und langweilt die Geschichte vor sich bin, bis man das Buch irgendwann verärgert schließt und vom Gerät wirft.\nEs gibt tausend Dinge, die man zu diesem Thema hätte sagen können oder müssen, aber Eggers bearbeitet keines von diesen. Es gibt tausend Weisen, auf die man die Message von Eggers hätte transportieren können, die weniger langweilig und hölzern gewesen wäre, aber Eggers verschmäht sie alle.\nSo eine Verschwendung von Zeit und Speicherplatz habe ich lange nicht auf dem Device gehabt.\n\u0026ldquo;The Circle \u0026rdquo;, Dave Eggers, EUR 9.99, zu viele Seiten\n","date":"2014-01-29T00:00:00Z","href":"https://blog.koehntopp.info/2014/01/29/fertig-gelesen-the-circle.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: \"The Circle\""},{"categories":null,"content":"Sebastian Bergmann hat mir Brandon Sanderson im Allgemeinen und \u0026ldquo;The Rithmatist\u0026rdquo; im besonderen zum Froscon 2013 ans Herz gelegt, und ich habe ihn mir damals noch gleich auf den Kindle geklickt, aber es hat bis Weihnachten gedauert, um das Buch durchzulesen.\n\u0026ldquo;The Rithmatist \u0026rdquo;, Brandon Sanderson\nDer Schtick von Brandon Sanderson ist die die Konstruktion von in sich geschlossenen, plausiblen Magielogiken und Weltenbau, und beides führt er hier meisterhaft aus. In diesem Universum sind die vereinigten Staaten ein Inselarchipel, das von den Europäern besiedelt und von den südamerikanischen Imperien verschmäht worden ist - die Europäer verstanden bald warum, nachdem sie von zweidimensionalen animierten Kreidemonsterbildern (sic!) angegriffen werden.\nDoch die Magie der Kreidezeichnungen wurde von den Europäern des US-Archipels bald entschlüsselt, domestiziert und zur Verteidigung gegen die wilden Kreidekreaturen verwendet. Unsere Gesichte beginnt sehr viel später, in den 1880ern, dem Uhrwerkszeitalter, mit dem Sohn eines Kreidemachers an einer Universität für Kreidemagie und wir schlittern in eine politische Krise, Intrigen und die langsame Entdeckung von Hintergründen und der Logik der Kreidemagie\u0026hellip;\nDas Buch fühlt sich an wie der erste Band von etwas, das eine Serie werden will, ist aber eine in sich geschlossene Erzählung und enthält sehr viele, zum Verständnis hilfreiche Schautafeln und Zeichnungen, die ganz wunderbar gezeichnet sind. Die Geschichte ist fesselnd und Sanderson ist in der Tat ein ganz wunderbarer Weltenbauer. Kaufen, lesen.\n\u0026ldquo;The Rithmatist \u0026rdquo;, Brandon Sanderson, EUR 6.49\n","date":"2014-01-29T00:00:00Z","href":"https://blog.koehntopp.info/2014/01/29/fertig-gelesen-the-rithmatist.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: \"The Rithmatist\""},{"categories":null,"content":"Fertig gelesen: \u0026ldquo;Finishing School\u0026rdquo; Series (Etiquette \u0026amp; Espionage, Curtsies and Conspiracies), Gail Carriger\n\u0026ldquo;Mademoiselle Geraldine\u0026rsquo;s Finishing Academy for Young Ladies of Quality\u0026rdquo; ist nicht der Ort, zu dem Sophronia Temminnick gerne möchte, aber nach einem Vorfall mit dem Lastenfahrstuhl, dem Dessert und Frau Barnaclegoose hat ihre Mutter die Geduld mit ihr verloren.\nNachdem Sophronia dann jedoch lernt, daß besagte Academy aus einer Reihe von Blimps über dem Moor besteht, den Ladies of Quality in der Tat beigebracht wird, wie sie stylish jemanden finishen können findet sie ihr Schicksal gar nicht mehr so schlimm und lernt neben einem korrekten Augenaufschlag auch Giftmischen und Spionieren.\nSophronias Schule existiert in einem Steampunk-England der 1850er Jahre, in dem Werwölfe, Geister und Vampire in die Gesellschaft integriert sind. Da die Finishing School-Variante von Gail Carrigers \u0026ldquo;Parasol Protectorate\u0026rdquo; die Young Adult-Geschmacksrichtung dieses Universum ist, wird die Romance-Komponente hier ausgefiltert. Da wir uns außerdem 20 Jahre vor dem Parasol Protectorate befinden, lernen wir hier die Schuljahre der Figuren aus dem Parasol Protectorate kennen - Genevieve Lefoux und Sidheag Maccon aus dem Parasol Protecorate tauchen hier auf, und natürlich hat auch Lord Akeldama seinen Auftritt\u0026hellip;\nTatsächlich ist es günstig, die Finishing School vor dem Parasol Protectorate zu lesen, denn auf diese Weise liest man die Geschichten in der chronologischen Reihenfolge und man bekommt etwa eine Intrige um den Schulabbruch von Sidheag Maccon, der ganze 7 Bände braucht, um sich in allen Einzelheiten, Folgen und persönlichen Interaktionen zu enthüllen\u0026hellip;\nGail Carriger ist auf den ersten Blick ein wenig albern, und es wird erst bei längerem Lesen klar, daß wir es hier nicht nur mit einem einigermaßen konsistenten und gut ausgedachten Universum zu tun haben, sondern auch mit einer soliden Erzählkonstruktion und recht fesselnden Characterisierungen - und einer extrem unterhaltsamen Schreibweise.\nEtiquette and Espionage (Finishing School #1), Gail Carriger, EUR 5.49\nCurtsies and Conspiracies (Finishing School #2), Gail Carriger, EUR 4.49\n","date":"2014-01-19T00:00:00Z","href":"https://blog.koehntopp.info/2014/01/19/fertig-gelesen-finishing-school-series.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: \"Finishing School\" Series (Etiquette \u0026 Espionage, Curtsies and Conspiracies)"},{"categories":null,"content":"In \u0026ldquo;The Departure \u0026rdquo; treffen wir auf eine überbevölkerte, dystopische und hoffnungslose Erde, in der \u0026ldquo;Das Komitee\u0026rdquo; eine Überwachungsbürokratur und einen Sicherheitsstaat zur Verwaltung des allfälligen Mangels etabliert hat. Der Protagonist, Alan Saul, entwickelt sich zum Hybridwesen aus Mensch, Maschine und Wetware-Extensions und übernimmt die Raumstation \u0026ldquo;Argus\u0026rdquo;, um sie in einer langen Reise zum Mars zu bewegen. In seinem Übernahmekampf löst er auf der Erde eine Revolution gegen das Komitee aus.\n\u0026ldquo;Zero Point \u0026rdquo;\n\u0026ldquo;Zero Point\u0026rdquo; setzt dort auf, und schildert die Re-Etablierung einer Ordnung auf der postrevolutionären Erde - die Konterrevolution auf den Resten der Zwangsstrukturen des Komitee macht eine einzelne Komitee-Bürokratin, Serene Galahad, zur (leider komplett größenwahnsinnigen) Diktatorin der Erde, die dann Asher-typisch einmal komplett aufräumt\u0026hellip;\nUnterdessen geht man an Bord der Argus ebenfalls dem Größenwahn nach und rüstet die ehemalige Raumstation und Orbitalfestung mit einem experimentellen Überlichtantrieb aus (Alcubierre Drive ).\nDie Bio-Hazmat-Klamotten aus Teil 1 behält man besser an, denn Asher stellt mit neun Milliarden Leichen in dieser Geschichte eine Art Rekord auf. Ansonsten eine zu gleichen Teilen deprimierende und Hoffnung machende Geschichte und spannende Unterhaltung - Asher neigt jedoch immer ein wenig zu Torture Porn, und einige Stellen habe ich überblättern müssen, weil sie nicht nur ekelig waren, sondern das auch noch notlos\u0026hellip;\nNeal Asher, \u0026ldquo;Zero Point \u0026quot;, EUR 5.64 ","date":"2014-01-19T00:00:00Z","href":"https://blog.koehntopp.info/2014/01/19/fertig-gelesen-zero-point-neal-asher.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: \"Zero Point\""},{"categories":null,"content":"Neal Asher kenne ich als Autor eher von seinen Geschichten aus dem \u0026ldquo;Polity\u0026rdquo;-Universum. Dort sind seine Helden bis an die Oberkante Unterlippe hochge-mary-sue\u0026rsquo;t und entsprechend muß er seine Welten mit Gegnern und feindseligen Biosphäre versorgen, die irgendwo zwischen \u0026ldquo;over the top\u0026rdquo; und \u0026ldquo;lächerlich\u0026rdquo; angesiedelt sind, damit seine Geschichten ihren Helden Gegner präsentieren können, die angemessen sind.\nThe Departure Insofern war \u0026ldquo;The Departure\u0026rdquo; ungewöhnlich, denn hier ist der Planet eine Erde, deren Ressourcen von ihren 18 Milliarden Bewohnern erschöpft sind und in der eine Bürokratur, das Komitee, jede Hoffnung auf Besserung und Weiterentwicklung erstickt. Ashers Dystopie ist dabei erschreckend realistisch, denn er transportiert Drohnentechnologie und Robotik, Überwachungsstaat und Sicherheitsideologie direkt weiter in das 22. Jahrhundert und baut eine Entwicklungslegende in diesen Staat, die nahtlos auf dem Jetzt aufbaut und deren Beginn bereits heute zu erkennen ist und daher um so logischer erscheint.\nMan täusche sich nicht - Ashers Held ist eine typische Asher-Figur: Adam Saul ist überintelligent und zugleich motorisch überentwickelt und zudem noch experimentell augmentiert. Seine Geschichte beginnt in einer Bourne-Identity Situation, in der Saul in einer Transportkiste ohne Gedächnis aufwacht und sich lediglich an eine andauernde Folter durch eine Gestalt erinnert, die nicht nur wie ein Agent Smith aus der Matrix aussieht, sondern auch so heißt.\nDer Rest der Geschichte ist dann ein Asher-typischer Rachesplatter, Bio-Hazmat-Kleidung ist angesagt.\nNeal Asher, \u0026ldquo;The Departure \u0026quot;, EUR 6.27\n","date":"2013-12-05T00:00:00Z","href":"https://blog.koehntopp.info/2013/12/05/fertig-gelesen-the-departure-neal-asher.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: \"The Departure\""},{"categories":null,"content":"Ein Sachbuch über die Ursprünge der Konsumentenkultur in den USA, und dem Rest der Welt im Kontext der industriellen Revolution zu Anfang des zwanzigsten Jahrhunderts. Gezeigt werden die technischen und sozialen Veränderungen und wie sie die Gesellschaft und ihre Werte verändert haben. Dabei verzichtet das Buch weitgehend auf Wertungen und beschränkt sich auf Darstellung der Zusammenhänge und Belege.\nEine faszinierende und extrem aufschlussreiche Lektüre. Wer sich für Geschichte, Gesellschaft und Politik interessiert sollte sich das durchlesen.\n“Land of Desire “, William R. Leach, 10.12 EUR\n","date":"2013-11-23T00:00:00Z","href":"https://blog.koehntopp.info/2013/11/23/fertig-gelesen-land-of-desire.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Land of Desire"},{"categories":null,"content":"Was Watergate mit der neunten und zehnten Apollo Mission zu tun hat, und wieso das auch 50 Jahre später noch ein Problem ist, erklären McDevitt und Resnick hier, in einer Geschichte, die für McDevitt durchaus alle typischen Elemente enthält.\nThe Cassandra Project Die Wendung am Ende ist nicht ganz unerwartet, aber gut ausgeführt. Alles in allem ein langsames Pacing, McDevitt halt, aber fesselnd und unterhaltsam geschrieben, und man weil ja doch wissen, ob man mit seiner Vermutung richtig liegt\u0026hellip;\n\u0026ldquo;The Cassandra Project ”, McDevitt, Resnick, 4.31 EUR\n","date":"2013-11-23T00:00:00Z","href":"https://blog.koehntopp.info/2013/11/23/fertig-gelesen-the-cassandra-project.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: The Cassandra Project"},{"categories":null,"content":"Die zerbrochene Puppe kam hier quasi zeitgleich mit Aetherhertz von Anja Bagus rein und ist ebenfalls ein deutscher Streampunk-Roman, da hören die Gemeinsamkeiten auch schon auf. Während ich Aetherhertz so heruntergelesen habe und gespannt auf einen zweiten Teil warte, habe ich mich durch die zerbrochene Puppe hindurch kämpfen müssen.\nDie zerbrochene Puppe Dabei ist das Setting eigentlich spannend und hat eine Menge Potential: Vulkanausbrüche im Norden haben zur Wikingerzeit das Klima zum Kälteren beeinflußt und so ist die Welt der \u0026ldquo;Zerbrochenen Puppe\u0026rdquo; vom Eis geprägt und die technische Entwicklung hat einen anderen Weg genommen.\nDie Physikerin Æmelie von Erlenhofen wird auf einer Konferenz in Venedig ermordet. Ihr Mann Naþan, ein Maler und Weichei, wird durch den Mord traumatisiert und stolpert Konversationen mit einer beschädigten Porzellanpuppe habend ohne viel Agency durch die Handlung, bis die Bösen am Ende aufgeben und die Handlung sich von selbst in Wohlgefallen auflöst. Oder fast jedenfalls.\nVielleicht bin ich von der geschilderten Kälte depressiv geworden. Vielleicht bin ich auch nur müde, Bücher zu lesen, in denen die Protagonisten Props sind, die von der Handlung durch die Seiten geschoben worden. Vielleicht sind zwei Autoren einer zu viel und die Inkonsistenzen in der Charakterisierung des Protagonisten nicht gut für meine Suspense of Disbelief. Ich weiß es nicht…\nDie zerbrochene Puppe , Judith Vogt, Christian Vogt, 8.99 EUR\n","date":"2013-11-18T00:00:00Z","href":"https://blog.koehntopp.info/2013/11/18/fertig-gelesen-die-zerbrochene-puppe.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: Die zerbrochene Puppe"},{"categories":null,"content":"Ich habe nun endlich \u0026ldquo;Republic of Thieves\u0026rdquo; von Scott Lynch durchgelesen. Das Buch ist der dritte Band der Gentlemen Bastards Sequence, nach The Lies of Locke Lamora und Red Seas Under Red Skies.\nRepublic of Thieves Das Buch war anstrengend - es ist, als ob es von zwei verschiedenen Personen geschrieben worden wäre. Teile lesen sich schnell, spannend und überraschend, und andere Teile sind vorhersagbar, langwierig und könnten leicht gekürzt werden. Immer, wenn man es gerade weglegen und aufgeben will, kommt man jedoch an Stellen, wo es endlich zur Sache geht und das Buch fesselnd und spannend wird.\nDas erste Fünftel des Buches vergeht mit dem Setup - nach dem Ende von Band 2 ist Locke ja tödlich und unheilbar vergiftet und die ersten 20% des dritten Bandes vergehen damit, daß er herumleidet und Jean mehr oder weniger vergeblich versucht, ihn zu retten bis die Handlung des dritten Bandes auftaucht und den beiden Dieben mal wieder die Agency aus der Hand nimmt.\nDer Rest des Buches ist nach dem bewährten Stil des ersten Bandes gestrickt - es läuft ein Handlungsstrang aus der Vergangenheit von Locke verwoben mit einem Handlungsstrang aus der Gegenwart, und einer Hintergrundhandlung (\u0026ldquo;Was die beiden Diebe nicht wissen, aber was wirklich passiert.\u0026rdquo;)\nDabei ist die Handlung der Gegenwart der Teil, der halbwegs spannend und flott ist, während die Rückblende vorhersehbar und zähflüssig ist und die Charactere dem Fantasy-Schablonenbuch \u0026ldquo;Charactere an einem Theater der Shakespeare-Zeit\u0026rdquo; entnommen sind. Von dort stammt auch die Handlung \u0026ldquo;Lustige Verwechslungsspiele mit einer unerwarteten Leiche\u0026rdquo;.\nAlles in allem läßt mich das Buch ein wenig unzufrieden zurück, aber es ist auch nicht wirklich ein schlechtes Buch.\nThe Republic of Thieves , EUR 9.99\n","date":"2013-11-18T00:00:00Z","href":"https://blog.koehntopp.info/2013/11/18/fertig-gelesen-republic-of-thieves.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Republic of Thieves"},{"categories":null,"content":"Steampunk von Anja Bagus.\nAetherhertz Annabelle Rosenhertz lebt nach dem Verschwinden ihres Vaters mehr oder weniger alleine in Baden-Baden. In ihrer Welt steigt grüner Æther aus den Flüssen auf und wird verwendet, um Maschinen mit magischer Energie anzutreiben. Doch Æther hat auch die Macht, Menschen zu verändern - unter anderem Annabelle, die vor einigen Jahren mit Æther in Kontakt gekommen ist und seitdem mit ihrer veränderten Hand seltsame Dinge tun kann.\nIn Baden-Baden geschehen seltsame Dinge - junge Frauen fallen aus ungeklärten Gründen in Ohnmacht, Leute verschwinden. Annabelle gerät in eine magische Intrige, und in noch mehr Æther, der sie noch mehr verändert.\nFurioser Beginn einer offensichtlich als Serie angelegten und exzellent geschriebenen Steampunk-Geschichte, der Appetit auf weitere Bände macht - und auf den Anime zum Buch. :-)\nAetherhertz (Annabelle Rosenherz) , Anja Bagus, EUR 4.99 ","date":"2013-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2013/09/27/fertig-gelesen-aetherhertz-anja-bagus.html","tags":["lang_de","book","media","review","steampunk"],"title":"Fertig gelesen: Aetherhertz"},{"categories":null,"content":"Codex born ist der zweite Teil von Libriomancer und konzentriert sich mehr auf die Hintergrundgeschichte von Lena Greenwood, der Dryade aus der fiktionalen Softcore-Romance \u0026ldquo;Nymphs of Neptune\u0026rdquo;.\nCodex Born Hines nimmt dabei die Fertigkeiten seiner fiktionalen Gestalten ernst: So wie Poison Ivy in der Welt von Gotham eigentlich eine der mächtigsten Gestalten wäre, wenn sie sich von ihrer Batman-Fixierung lösen könnte, so sind Lena (und ihre Gegenspielerin Deifilia) mächtige magische Wesen, die ihre Stärke, die Kontrolle über Pflanzen, im Kampf rücksichtslos und mit voller Kraft einsetzen.\nDas Buch treibt außerdem die Hintergrundgeschichte voran und wir lernen mehr drüber, wer eigentlich die seltsamen Mächte sind, die Gutenberg über die Jahrhunderte immer mehr zusetzen und wir lernen mehr über die schmutzige Vergangenheit von Gutenberg selber.\nAuch hier gut angelegtes Geld.\nCodex Born , Jim C. Hines, EUR 13.53\nMehr Reviews:\nLibriomancer Codex Born Unbound Revisionary ","date":"2013-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2013/09/27/fertig-gelesen-codex-born.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Codex Born"},{"categories":null,"content":"In einem Tumblr-Feed ein Pinterest-Link und ein Hinweis des Autors, daß er einige Sachen in seinem Buch hat entschärfen müssen, weil es sonst \u0026lsquo;unglaubwürdig\u0026rsquo; gewesen wäre. Und einundachzig Cent. Ein überschaubares Risiko.\nCrazy Rich Asians Romance Standardplot 17: Rachel Chu, american asian, lernt Nicholas Young aus Singapur kennen. Was sie nicht weiß: Nicolas ist steinreich und Erbe einer Dynastie, und natürlich ist sie, Rachel, kein stück standesgemäß. Die Familie wird also gegen sie sein. Und sie kennt weder die lokalen Sitten und Gebräuche dort drüben, noch die des Standes von Nicolas.\nDieser will sie dann seiner Familie vorstellen, und Plot #17 läuft programmgemäß ab.\nDas Buch ist wegen des exotisch-asiatischen Flairs und dem Hintergrund \u0026ldquo;Superreiche Exzentriker drehen durch\u0026rdquo; trotzdem eine unterhaltsame Lektüre (und eine bessere Liebesgeschichte als Twilight). Und bei 81 Cent kann man nix falsch machen.\nCrazy Rich Asians , Kevin Kwan, EUR 0.81\n","date":"2013-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2013/09/27/fertig-gelesen-crazy-rich-asians-kevin-kwan.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Crazy Rich Asians"},{"categories":null,"content":"Das Buch ist der 2. Teil von Nexus . Entsprechend macht das Buch dort weiter, wo der erste Teil aufgehört hat:\nCrux Nexus ist freigesetzt und immer mehr Menschen benutzen die Nexus-Naniten, um sich direkt pseudotelepathisch miteinander zu vernetzen. Die alte Ordnung versucht, die damit verbundenen Umwälzungen aufzuhalten, indem sie Nexus-Träger isoliert und ausgrenzt.\nZudem existiert noch die Hintertür in der aktuellen Nexus-Implementierung, und die Frage, was aus Su-Yong Shu, dem chinesischen Upload einer Wissenschaftlerin in einen Quantencomputer, wird ist auch noch offen.\nCrux liefert Antworten auf die offenen Fragen und die losen Enden aus dem ersten Teil und schafft es, die Spannung und das Tempo des ersten Teiles aufuzugreifen und weiter zu führen.\nGute Scifi, sehr empfehlenswert.\nCrux , Rameez Naam, EUR 6.79\n","date":"2013-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2013/09/27/fertig-gelesen-crux-ramez-naam.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Crux"},{"categories":null,"content":"Hedy Lamarr (1914-2000), das Gesicht von der CorelDraw-Packung, war zu ihrer Zeit eine der schönsten Frauen der Welt und ein großer Hollywood Star. Sie war außerdem mathematisch begabt, hatte gute Kontake zur Rüstungsindustrie und zur Avantgarde-Kunstszene.\nHedy\u0026rsquo;s Folly Diese Biographie beschäftigt sich mit dem Leben von Hedy Lamarr und dem Musiker George Antheil, mit der Erfindung des Frequenzsprungverfahrens und der Spread Spectrum Technik, die heute die Grundlage von Wi-Fi, Mobilfunk und Bluetooth ist, und wie das alles zusammen gehört.\nDie faszinierende Geschichte von einer Frau, die viel, viel mehr als ein hübsches Gesicht in Hollywood war.\nHedy\u0026rsquo;s Folly , Richard Rhodes, EUR 8.00\n","date":"2013-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2013/09/27/fertig-gelesen-hedys-folly-richard-rhodes.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Hedy's Folly"},{"categories":null,"content":"\u0026ldquo;Das Sachbuch zu Office Space\u0026rdquo;?\nSeit kurzem gibt es Moral Mazes als Kindle-Edition. Robert Jackall beschriebt hier die Business Ethics und Regeln des Managements einiger amerikanischer Konzerne, auf der Basis von Interviews und Fallstudien in den späten 80er und frühen 90er Jahren.\nMoral Mazes Ich bin auf das Buch aufmerksam geworden, weil es in The Banality of Systemic Evil (sehr lesenswerter Artikel) erwähnt wird:\nAaron Swartz counted “Moral Mazes” among his “very favorite books.\nund\nThe bureaucracy was telling him to shut up and move on (in accord with the five rules in “Moral Mazes”), but Snowden felt that doing so was morally wrong.\nDie Mechanismen und Ideologien in Moral Mazes sind frustrierend und desillusionierend. Sie werden klar beschrieben, an Beispielen aufgezeigt und Teile davon hat jeder in mehr oder weniger großem Ausmaß entweder in seinem eigenen Job erlebt, oder sich bewußt für ein Arbeitsumfeld entschieden, das anders miteinander umgeht und sauberer funktioniert.\nAuf jeden Fall schärft die Lektüre den Blick für die Dysfunktionalitäten des Alltags und macht Mut zum Mut haben.\nMoral Mazes , Robert Jackall, EUR 10.66\n","date":"2013-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2013/09/27/fertig-gelesen-moral-mazes-robert-jackall.html","tags":["lang_de","book","media","review"],"title":"Fertig gelesen: Moral Mazes"},{"categories":null,"content":"Amy ist ein von Neumann (vN), ein Android mit der Fähigkeit, sich selbst zu replizieren. Sie ist außerdem defekt, und deswegen ein Gott: Während alle anderen vN eine Sicherheitsschaltung haben, die es ihnen unmöglich macht, gewalttätige Szenen zu denken, zu erleben oder auch nur anzusehen, ist bei Amy diese Sicherung defekt. Anders als ihre vN-Kameraden ist sie in ihren Handlungen frei und uneingeschränkt.\nvN Die Entwicklung von vN folgt dem Lamarckismus - Amy kann ihre erworbene Eigenschaft ihren Nachkommen vererben, und andere vN können sie bekommen, indem sie Amy assimilieren.\nAmy und ihr menschlicher Lebenspartner sind nun also auf der Flucht, und die eskaliert dann schnell\u0026hellip;\nMadline Ashby gelingt es, einen Nachfolger der Menschheit zu beschrieben, der vollständig im Uncanny Valley landet: vN sind menschlich genug, daß ihre Fremdartigkeit um so mehr hervorsticht. Diese Zielgenauigkeit läßt manche Schwächen in der Charactermotivation und einige Plotholes übersehen. Alles in allem gute SciFi der Mittelklasse, ihr Geld wert.\nvN: The Machine Dynasty , Madeline Ashby, EUR 5.22\n","date":"2013-09-27T00:00:00Z","href":"https://blog.koehntopp.info/2013/09/27/fertig-gelesen-vn-madeline-ashby.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: vN"},{"categories":null,"content":"Cornelia Funke hat mit Tintenherz eine Geschichte geschrieben, in der ein Buchmagier und Vorleser die Gestalten und Gegenstände aus Büchern zum Leben in der realen Welt erwecken kann. Aber Tintenherz denkt die Logik der Magie von Büchern nicht konsequent zu Ende und ist nicht einmal im Ansatz dreckig genug.\nLibriomancer Wenn Tintenherz ein US-Western wäre, dann ist Libriomancer von Jim C. Hines die Italowestern-Version derselben Geschichte. In seiner Welt hat Gutenberg mit dem Buchdruck das Medium geschaffen, daß in den Glauben und Suspend of Disbelief von hunderten und tausenden Lesern greift und so das magietechnische Äquivalent zur industriellen Revolution entfesselt: Statt mit dem Glauben und Willen eines Einzelnen zu arbeiten, kann der Libriomancer das mit der Kraft von Vielen tun.\nIm Besitz dieser mächtigen magischen Waffe räumt Gutenberg in der verborgenen Welt des Magischen auf und definiert eine Jahrhunderte andauernde Machtbasis. Bis, tja, bis Isaac Vainio, Buchmagier, und Lena Greenwood, eine gewisse Dryade aus einer Softcore-Romance in die Geschichte geraten und feststellen, daß die von Gutenberg definierten Gewissheiten gewisse Variabilitäten enthalten die das jahrhunderte dauernde Gleichgewicht der Magier in Frage stellen.\nGutenberg verschwindet, aus den Niederdimensionen der Magie selber kommt eine eigenartige Bedrohung und gewisse Zauber und Magietheorien funktionieren nicht ganz so wie Gutenberg sie dokumentiert hat\u0026hellip;\nGut angelegtes Geld.\n\u0026ldquo;Libriomancer \u0026rdquo;, Jim C. Hines, EUR 5.60\nMehr Reviews:\nLibriomancer Codex Born Unbound Revisionary ","date":"2013-09-23T00:00:00Z","href":"https://blog.koehntopp.info/2013/09/23/fertig-gelesen-libriomancer.html","tags":["lang_de","book","media","review","fantasy"],"title":"Fertig gelesen: Libriomancer"},{"categories":null,"content":"Noch schnell was zu lesen für heute Nacht?\nNexus Wir schreiben das Jahr 2040. Seit etwa 10 Jahren gibt es das ERD, das Emergent Risk Directorate, eine Abteilung des DHS zur Bekämpfung von Risiken, die sich aus den rasanten Weiterentwicklungen von Technologie, Emergenten Technologischen Bedrohungen, entwickeln.\nEine dieser Bedrohungen ist Nexus, eine Nicht-Droge aus Nanobots, die sich im menschlichen Gehirn einnisten und ein Brain Computer Interface, BCI, etablieren. Nexus erlaubt es seinen Benutzern, mit anderen Nexus-Usern in Kontakt zu treten und Emotionen oder gar Informationen direkt auszutauschen.\nKaden Lane ist der Anführer einer kleinen aber leider nicht ganz legalen Studiengruppe von Biotech-Studenten, die mit dem aktuellen Nexus-Strain herum experimentieren und festgestellt haben, daß sie auf den Nexus-Nodes im Körper eines Menschen eine verteilte von-Neumann-Maschine laufen lassen können und beginnen jetzt ein Betriebssystem für Nexus zu schreiben. Über das BCI können sie quasi-telepathisch kommunizieren, \u0026lsquo;ware in das Hirn laden und Körperfunktionen steuern.\nDas zieht natürlich die Aufmerksamkeit des ERD auf sich, und um den drakonischen Strafen des Chandler Act zu entgehen, der das ERD etabliert und bestimmte Technologien verbietet, werden Kaden und seine Freunde in den Dienst des ERD gepreßt.\nIhr Auftrag: Die chinesische Biowissenschaftlerin Su-Yong Shu auf einer Konferenz in Bangkok befreunden und mit ihr in Kontakt treten. Das ERD vermutet, das SYS verbotene Technologie nutzt, das chinesische Supersoldaten-Programm mit ihrer Forschung fördert und außerdem gute Kontakte zu den Schmugglersyndikaten hat, die Nexus herstellen und in Umlauf bringen.\nKaden gelingt die Kontaktaufnahme und muß schon bald herausfinden, daß es in diesem Spiel keine Seite gibt, die \u0026ldquo;die Guten™\u0026rdquo; repräsentiert.\nNexus ist ein Near Future SciFi mit glaubhafter Technik und einer guten und action-reichen Schreibe, der durchaus erfolgreich in die Spionageroman und Thriller-Genres hinüber reicht. Ramez Naam hat Autorenhintergrund, der Daniel Suarez nicht ganz unähnlich ist und wer Suarez gemocht hat, den wird Naam nicht enttäuschen.\nDer Roman bekommt von mir alle verfügbaren Punkte und eine dicke Leseempfehlung.\nDer Roman Crux spielt 3 Monate nach Nexus im selben Universum. Ich habe auch den halb durch und bisher ist er eine würdige Fortsetzung.\n","date":"2013-09-04T00:00:00Z","href":"https://blog.koehntopp.info/2013/09/04/fertig-gelesen-nexus-mankind-gets-an-upgrade-ramez-naam.html","tags":["lang_de","book","media","review","scifi"],"title":"Fertig gelesen: Nexus - Mankind gets an upgrade"},{"categories":null,"content":"Fertig gelesen: \u0026ldquo;Leila Ahmed - A Quiet Revolution: The Veil\u0026rsquo;s Resurgence, from the Middle East to America\u0026rdquo;\nA Quiet Revolution: The Veil\u0026rsquo;s Resurgence Vor dem Hintergrund der aktuellen Situation in Ägypten aktueller denn je: Trotz des Titels ist dieses Buch nicht wirklich ein Buch über die Verschleierung, sondern ein Buch über die Geschichte der Entwicklung der politischen Ideologie, die wir unter dem Namen \u0026ldquo;Islamismus\u0026rdquo; kennen und die Rolle der Frau darin.\nDer erste Teil des Buches beschriebt die Ursprünge dieser Ideologie vor dem Hintergrund der Geschichte Ägyptens als britische Kolonie, Gegner des jungen Israels, politischer Partner der Sowjetunion und politischer Gegenspieler Saudi Arabiens - und parallel dazu die Rolle und ideologische Entwicklung der Moslembruderschaft. Der zweite Teil geht dann auf die Entwicklung in den USA, speziell vor und nach 9/11 ein.\nEs wird deutlich, daß die politische Situation in Ägypten sehr viel komplizierter ist, als sie in den deutschen oder US-Medien dargestellt wird. Genau genommen ist die Berichterstattung vor dem Hintergrund der Informationen aus dem Buch ein ziemlicher Totalverlust.\nUnd es wird auch deutlich, daß Dinge wie das Burka- oder ein Verschleierungsverbot ungefähr die am wenigsten hilfreiche Maßnahme sind, daß sinnvolle politische Aktion aber einen Ausmaß der Auseinandersetzung mit dem Thema erfordern würde, die mit Merkelismus nicht erreichbar ist.\nseufz\n","date":"2013-08-22T00:00:00Z","href":"https://blog.koehntopp.info/2013/08/22/fertig-gelesen-a-quiet-revolution.html","tags":["book","review","media"],"title":"Fertig gelesen: A Quiet Revolution: The Veil's Resurgence"},{"categories":null,"content":"\u0026ldquo;Kris, bitte schau Dir mal unsere Datenbank an. Wir haben hier einen Generator für unsere Materialized Views, und auf einer Datenbank von 6 GB Größe werden 40 GB Speicher gefüllt und wir kommen sogar ins Swappen.\u0026rdquo;\nNa, das ist mal interessant. The fragliche Kiste hat 48 GB RAM, und in der Tat kaum 6 GB Daten.\nmysql\u0026gt; select -\u0026gt; sum(data_length+index_length)/1024/1024/1024 as gb -\u0026gt; from tables -\u0026gt; where table_schema not in (\u0026#39;information_schema\u0026#39;, \u0026#39;performance_schema\u0026#39;, \u0026#39;mysql\u0026#39;); +----------------+ | gb | +----------------+ | 5.832778930664 | +----------------+ 1 row in set (0.00 sec) Aber in \u0026ldquo;top\u0026rdquo; sieht das so aus, und wächst:\n7552 mysql 15 0 55.1g 43g 6888 S 0.7 91.7 499:13.56 mysqld Das wird sicher interessant.\nDer Zwilling dieser Maschine zeigt ähnliches Verhalten, aber auf einem niedrigeren Level.\nWenn es um Speicherprobleme und Swap geht, dann schaue ich routinemäßig erst mal die numa_maps der Maschine an. Aber sie und ihr Zwilling sind gut ausbalanciert.\nDer Zwilling:\n# /usr/local/booking-mysql/numa-maps-summary.pl \u0026lt; /proc/25996/numa_maps N0 : 1777572 ( 6.78 GB) N1 : 1777759 ( 6.78 GB) active : 37 ( 0.00 GB) anon : 3553604 ( 13.56 GB) dirty : 3553605 ( 13.56 GB) mapmax : 237 ( 0.00 GB) mapped : 1783 ( 0.01 GB) Wir starten den Server mal neu, um zu sehen, ob das Problem reproduzierbar ist. Ich zwinge den InnoDB Buffer Pool auch mal 10 GB kleiner, nur um sicherzugehen, daß wir da nichts falsch zu groß eingestellt haben.\nDie alte Speichersituation, und nach einem Neustart eine um 10 GB verkleinerter innodb_buffer_pool_size.\nDas scheint in der Tat das Problem zu beheben, aber wir haben immer noch eine InnoDB Buffer Pool Nutzung, die um den Faktor 3-4 oberhalb der Datengröße liegt, und das ist kaum zu erklären. Auch die Resident Set Size (RES) in top ist immer noch viel größer als die Datengröße.\nWas passiert hier wirklich? Wenn ich doch nur in den Buffer Pool hineinschauen könnte.\nMoment mal. Ich kann:\nmysql\u0026gt; select version(); +--------------+ | version() | +--------------+ | 5.6.6-m9-log | +--------------+ 1 row in set (0.00 sec) mysql\u0026gt; select table_name -\u0026gt; from tables -\u0026gt; where table_name like \u0026#39;innodb_buffer%\u0026#39;; +--------------------------+ | table_name | +--------------------------+ | INNODB_BUFFER_PAGE_LRU | | INNODB_BUFFER_PAGE | | INNODB_BUFFER_POOL_STATS | +--------------------------+ 3 rows in set (0.00 sec) Nach dem Nachlesen von INFORMATION_SCHEMA.INNODB_BUFFER_PAGE bekomme ich\nmysql\u0026gt; select page_type, -\u0026gt; count(*) * 16384/1024/1024 as mb -\u0026gt; from INNODB_BUFFER_PAGE -\u0026gt; group by page_type order by mb; +-------------------+----------------+ | page_type | mb | +-------------------+----------------+ | TRX_SYSTEM | 0.01562500 | | IBUF_FREE_LIST | 0.12500000 | | INODE | 0.15625000 | | FILE_SPACE_HEADER | 0.23437500 | | EXTENT_DESCRIPTOR | 0.32812500 | | IBUF_BITMAP | 0.45312500 | | SYSTEM | 2.03125000 | | ALLOCATED | 24.50000000 | | UNDO_LOG | 27.75000000 | | INDEX | 585.70312500 | | BLOB | 5073.81250000 | | UNKNOWN | 21932.60937500 | +-------------------+----------------+ 12 rows in set (4.48 sec) und vermutlich ein monumentales globales 5-Sekunden-Lock auf dem Buffer Pool, um dieses Ergebnis zu erzeugen. UNKNOWN ist in Wahrheit freier Speicher im Buffer Pool der soeben neu gestarteten Box. 5 GB sind in BLOBs, und das scheint der Kern unseres Problems zu sein. INDEX sind die Daten in den Tabellen (\u0026lsquo;PRIMARY\u0026rsquo;) und die sekundären Indices. Und der Rest ist Systemspeicher und sieht nicht krank aus.\nDie Frage ist also: Was ist mit dem ganzen BLOB-Speicher da? Wo kommt der her? Leider nutzen uns table_name und index_name hier gar nix, wenn der page_type BLOB ist:\nmysql\u0026gt; select page_type, -\u0026gt; table_name, -\u0026gt; index_name, -\u0026gt; count(*) * 16384 /1024/1024 as mb -\u0026gt; from INNODB_BUFFER_PAGE -\u0026gt; group by page_type, table_name, index_name -\u0026gt; order by mb; +-------------------+-----------------------------+-----------------------+----------------+ | page_type | table_name | index_name | mb | +-------------------+-----------------------------+-----------------------+----------------+ ... | UNDO_LOG | NULL | NULL | 27.75000000 | | INDEX | md2/kb_... | PRIMARY | 141.48437500 | | INDEX | md2/kb_... | PRIMARY | 430.87500000 | | BLOB | NULL | NULL | 5073.81250000 | Aber es gibt eine SPACE id, und die kann über INNODB_SYS_TABLESPACES aufgelöst werden. Schauen wir mal:\nselect page_type, -\u0026gt; table_name, -\u0026gt; index_name, -\u0026gt; sp.name, -\u0026gt; count(*) * 16384 /1024/1024 as mb -\u0026gt; from INNODB_BUFFER_PAGE as bp -\u0026gt; left join innodb_sys_tablespaces as sp -\u0026gt; on bp.space = sp.space -\u0026gt; group by page_type, table_name, index_name, bp.space -\u0026gt; order by mb; ... | INDEX | ...| md2/kb_............... | 141.48437500 | | INDEX | ...| md2/kb_.................... | 430.87500000 | | BLOB | ...| md2/kb_.................... | 5073.68750000 | ... Also haben wir hier eine bestimmte Tabelle, die den ganzen BLOB-Speicher aufbraucht. Die Definition legt das nahe:\nshow create table md2.kb_...\\G Table: kb_hotel_hotelpage Create Table: CREATE TABLE `kb_...` ( `id` mediumint(8) unsigned NOT NULL, `body` mediumblob NOT NULL, `digest` binary(20) NOT NULL, `last_change` int(10) unsigned NOT NULL, `last_check` int(10) unsigned NOT NULL, PRIMARY KEY (`id`), KEY `last_check` (`last_check`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 1 row in set (0.00 sec) Diese tabelle enthält mehr oder weniger alle Template-Variablen für eine id/action-Kombination in serialisierter Form, um die Anzahl von Queries pro Seite zu reduzieren. Eine normalisierte, live generierte Form der Seite braucht eine dreistellige Anzahl von Queries, ein Zugriff auf die vorgerechneten Daten generiert dieselbe Seite mit weniger als 7 Queries.\nWir schließen unser Debugging ab:\nKristian\u0026gt; Diese Blobs, werden die oft neu berechnet?\nSimonB\u0026gt; Im Moment ja, weil ich sie immer aktualisiere. Normalerweise würde ich das nur tun, wenn sich der Digest ändert.\nKristian\u0026gt; Resident Set Size ist jetzt bei 15 GB und stabil. Das heißt, wenn ich den Buffer Pool klein genug halte wird die Maschine nicht swappen. Wir verbrauchen eine Menge Network Buffer zusätzlich, wegen der ganzen Blobs, und das ist weswegen wir so einen großen Speicher-Overhead pro Connection haben\u0026hellip; Jedenfalls ist das grad meine operative Theorie. MySQL \u0026amp; BLOBs = ganz übler Mist.\nmysql\u0026gt; select min(length(body)), -\u0026gt; max(length(body)), -\u0026gt; avg(length(body)) -\u0026gt; from md2.kb_...; +-------------------+-------------------+-------------------+ | min(length(body)) | max(length(body)) | avg(length(body)) | +-------------------+-------------------+-------------------+ | 3002 | 478883 | 24968.2430 | +-------------------+-------------------+-------------------+ Das heißt, ich vermute, daß das ständige neu Schreiben der BLOBs in InnoDB die Storage Engine dazu bringt, vorübergehend eine große Menge BLOB-Speicher (neben dem eigentlichen Row-Speicher) zu allozieren. Und der Per-Connection Overhead ist größer, weil InnoDB BLOBs in den SQL-Teil von MySQL dupliziert werden, um dann über die Network Buffer zum Client gesendet zu werden. Böser Overhead.\nMySQL ist nicht sehr gut drain mit großen BLOBs umzugehen. Vielleicht sollten wir die SQL-Schicht mit HandlerSocket oder etwas anderem umgehen.\n","date":"2012-11-12T00:00:00Z","href":"https://blog.koehntopp.info/2012/11/12/dude-where-is-my-memory.html","tags":["mysql","performance","lang_de"],"title":"Dude, where is my memory?"},{"categories":null,"content":"\u0026ldquo;Kris, guck mal, connection surge auf $WICHTIGER_MASTER, davor kurzer Activity drop. Alle anderen Graphen sehen normal aus.\u0026rdquo;\n![Graph: Connection Surge]({{ site.baseurl }}/uploads/screenshot-kris-20121031-1.png)\nund\n![Graph: QPS Drop]({{ site.baseurl }}/uploads/screenshot-kris-20121031-2.png)\nIch gucke.\nAlle anderen Graphen sehen in der Tat normal aus. Aber um 13:20 kommt für kurze Zeit alles Processing zum Stillstand.\nWir haben ja log_processlist.pl. Falls es sich also um irgendein wildgewordenes Lock handeln sollte, würde ich das also in den 13_20 und 13_21 Dateien sehen. Beide sind in der Tat größer: Statt 250 Connections zeichnen wir deutlich über 400 Connections in diesen beiden Minuten auf.\nAber: In der Processlist sind keine Irregularitäten zu sehen. Es handelt sich, wenn unser Monitoring keine Löcher hat, nicht um einen Stall und Pileup im Datenbankserver, sondern eine externe Ursache.\nDies ist ein Master. Der hat sein Datadir auf einer NetApp. Mein Rat an den Fragesteller: Sprich mal mit den Filer-Leuten. Vielleicht haben die da grad an ihren Spielzeugen gebastelt. Während der Fragesteller davon zieht, wühle ich weiter in den Logs - wir haben ja genug davon.\nUnd dann:\nOct 31 13:20:10 master kernel: bnx2 0000:03:00.0: eth0: NIC Copper Link is Down Oct 31 13:20:20 master kernel: bnx2 0000:03:00.0: eth0: NIC Copper Link is Up, 1000 Mbps full duplex, receive \u0026amp; transmit flow control ON\nAha. Die Filer-Leute sind also freigesprochen, wir haben stattdessen freundliches Feuer von den Zauberschraubern bekommen. Ich nehme an, jemand dort ist so konzentriert am Zeugs racken gewesen, daß für sie inzwischen alle Server gleich sind - sehen ja auch alle gleich aus.\nDiese Person muß gefunden und auf das Lesen von Serverlabels aufmerksam gemacht werden. Manchmal ist die Datenbank halt nicht schuld.\n","date":"2012-10-31T00:00:00Z","href":"https://blog.koehntopp.info/2012/10/31/enemy-action.html","tags":["mysql","performance","mysql","lang_de"],"title":"Enemy Action"},{"categories":null,"content":"Wie Todd Farmer in Understanding mysql_config_editor’s security aspects richtig beobachtet, speichert die neue .mylogin.cnf, die von mysql_config_editor erzeugt wird, Paßworte nicht sicher ab. Sie verschleiert sie nur.\nDas Format der Datei ist wie folgt (am Beispiel von MySQL 5.6.7-RC):\n4 Bytes Zero (Version Information) 20 Bytes Key Generation Matter Wiederholend: 4 Bytes Länge Länge Bytes Ciphertext. Die Verschlüsselung erfolgt mit AES Encrypt , und diese Funktion ist selbst auch nicht sicher: Es handelt sich um einen aes-128-ecb mit einem NULL IV. Der Schlüssel, der in AES 128 rein geht, muß BINARY(16) sein, aber die Funktion nimmt Strings beliebiger Länge. Sie erzeugt den tatsächlich verwendeten Key, indem sie den mitgegebenen String zyklisch in einen BINARY(16) Puffer rein XOR\u0026rsquo;t, der mit Nullbytes initialisiert worden ist.\nIn Code:\n#! /usr/bin/php -q \u0026lt;?php $fp = fopen(\u0026#34;.mylogin.cnf\u0026#34;, \u0026#34;r\u0026#34;); if (!$fp) { die(\u0026#34;Cannot open .mylogin.cnf\u0026#34;); } # read key fseek($fp, 4); $key = fread($fp, 20); # generate real key $rkey = \u0026#34;\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\u0026#34;; for ($i = 0; $i \u0026lt; strlen($key); $i++) { $rkey[$i % 16] = ( $rkey[$i % 16] ^ $key[$i] ); } # for each line while ($len = fread($fp, 4)) { # as integer $len = unpack(\u0026#34;V\u0026#34;, $len); $len = $len[1]; # decrypt $crypt = fread($fp, $len); $plain = openssl_decrypt($crypt, \u0026#39;aes-128-ecb\u0026#39;, $rkey, true); # print print $plain; } Die Datei selber ist dann ein simples Textfile, nicht unähnlich einer .my.cnf:\nserver:~ # ./p.php [default] user = root password = s3cret host = localhost [localhost] user = root password = s3cret host = 127.0.0.1 Teil des Problems ist die Tatsache, daß das MySQL Protokoll das Klartextpaßwort auf dem Client in lesbar braucht, um ein Login zu ermöglichen. Wir haben Alternativen in diesem Artikel diskutiert. SSL Client Certs würden auch helfen.\n","date":"2012-10-03T00:00:00Z","href":"https://blog.koehntopp.info/2012/10/03/mylogin-cnf-passworte-wiederherstellen.html","tags":["mysql","security","lang_de"],"title":".mylogin.cnf Passworte wiederherstellen"},{"categories":null,"content":"So we tested the 5.6.7-RC. And ran into a strange problem:\nBecause of a test, a preexisting configuration with GTID enabled existed, and suddenly we did not have properly initialized grants in mysql.* created for a new installation. Turns out: GTID and non-transactional tables are no friends, and that is even documented .\nWhen using GTIDs, updates to tables using nontransactional storage engines such as MyISAM are not supported. This is because updates to such tables mixed with updates to tables that use a transactional storage engine such as InnoDB can result in multiple GTIDs being assigned to the same transaction.\nAlso, this is supposed to work with GRANT and REVOKE, but not with INSERT and DELETE. Now guess what mysql-install-db and friends are using?\nserver:~ # less /usr/share/mysql/mysql_system_tables_data.sql ... INSERT INTO tmp_user VALUES (\u0026#39;localhost\u0026#39;,\u0026#39;root\u0026#39;,\u0026#39;\u0026#39;,...); This is a larger problem: We are supposed to use GRANT and REVOKE, but many people are using INSERT and DELETE in mysql.* all of the time, and so do many applications. And the mysql.* tables are MyISAM, and always have been (except that nowadays there is a wild mix of CSV and InnoDB tables in there as well).\nMySQL cannot really ship GTID as a feature with MyISAM-tables in mysql.* and expect that to work anywhere. This is all very extremely broken and needs urgent fixing.\nThis is now support-case SR 3-6270525721: \u0026ldquo;MySQL 5.6.7-rc1, grants, replication and GTID cause problems\u0026rdquo; and will also soon have a bug number. And, no, fixing the mysql_system_tables_data.sql is not really removing the problem here.\n","date":"2012-10-02T00:00:00Z","href":"https://blog.koehntopp.info/2012/10/02/mysql-5-6-7-rc-gtid-vs-myisam.html","tags":["innodb","mysql","replication","lang_en"],"title":"MySQL 5.6.7-RC: GTID vs. MyISAM"},{"categories":null,"content":"Mein Kollege Dennis Kaarsemaker hat jetzt einen Artikel zu dem Replication Load Monitor von Booking.com gebloggt. Der Monitor basiert auf Arbeiten von Mark Leith .\nMöge er Euch allen nützen.\n","date":"2012-09-28T00:00:00Z","href":"https://blog.koehntopp.info/2012/09/28/mysql-replication-load-monitor.html","tags":["mysql","performance","replication","lang_de"],"title":"MySQL Replication Load Monitor"},{"categories":null,"content":"Ich habe heute an dem Problem weiter geforscht und wir haben etabliert, dass die Ursache nicht der Quelltext des betreffenden Diamond-Collectors sein kann.\nAuf allen betroffenen Kisten habe ich dann gesehen, daß die entsprechenden Queries gegen Performance-Schema ein\nmysql\u0026gt; select \\* from performance_schema.threads; Empty set (0.01 sec) zurück liefern.\nWeitere Untersuchung stellt heraus: P_S ist aber an. Jedoch:\nmysql\u0026gt; select \\* from performance_schema.setup_instruments; Empty set (0.03 sec) mysql\u0026gt; select \\* from performance_schema.setup_timers; Empty set (0.01 sec) mysql\u0026gt; select \\* from performance_schema.setup_consumers; Empty set (0.02 sec) und das bleibt auch so, sogar über Server-Restarts hinweg. Warum ist das so?\n# cd /mysql/\\*/data/performance_schema/ # ls -l total 1840 -rw-rw---- 1 mysql mysql 8624 Oct 6 2011 cond_instances.frm -rw-rw---- 1 mysql mysql 98304 Oct 6 2011 cond_instances.ibd -rw-rw---- 1 mysql mysql 61 Oct 6 2011 db.opt -rw-rw---- 1 mysql mysql 9220 Oct 6 2011 events_waits_current.frm -rw-rw---- 1 mysql mysql 98304 Oct 6 2011 events_waits_current.ibd ... und ein SHOW CREATE TABLE bestätigt das.\nDamit ist klar, wieso es überhaupt zu Transaktionen kommen kann:\nDer Code im Diamond-Collector setzt nur Queries gegen performance_schema ab. Da dort normal keine Tabellen vorhanden sind, die Transaktionen unterstützen, kann es auch nie zu Transaktionen kommen. In den defekten Kisten wurden die Tabellen in performance_schema fälschlicherweise als InnoDB erzeugt. Das alleine hätte kein Problem erzeugt, weil jedes Kommando in MySQL eine Transaktion in sich selbst ist - AUTOCOMMIT = 1.\nAber:\nStarting with 1.2.0, MySQLdb disables autocommit by default, as required by the DB-API standard (PEP-249)\u0026quot;.\nIn diesem Fall generiert das Lesen von InnoDB-Tabellen den Start einer r/o Transaktion und erzeugt einen Stable View auf alle InnoDB Tabellen. Dieser wird gehalten bis zum Ende der Transaktion, das niemals kommt, außer der Collector disconnected.\nDie immer weiter wachsende Größe des Undo-Logs verlangsamt den Server bis zum Stillstand. Ein KILL auf die Verbindung bringt nur vorübergehende Linderung.\nDer Fix ist in der Tat\n# mysql -BNe \u0026#34;select concat(\u0026#39;drop table \u0026#39;, table_name, \u0026#39;;\u0026#39;) from information_schema.tables where table_schema = \u0026#39;performance_schema\u0026#39;\u0026#34; | mysql performance_schema # mysql_upgrade ... und alles wird gut - sogar ohne Neustart.\nDie Ursache für das Seltsame Verhalten™ der betroffenen Büchsen bei einer automatisierten Installation verbleibt weiter unklar. Der betreffende Collector läuft jetzt jedoch auch auf diesen Maschinen und liefert Daten.\nWie viele MySQLer bin ich der Auffassung, dass AUTOCOMMIT = 0 oder SELECT \u0026hellip; FOR UPDATE eher schädlich sind. Dies hier wird ein weiteres ausgezeichnetes Beispiel in meinem argumentativen Arsenal sein.\n","date":"2012-09-25T00:00:00Z","href":"https://blog.koehntopp.info/2012/09/25/house-und-heisenberg-revisited.html","tags":["database","debug","monitoring","mysql","performance","lang_de"],"title":"House und Heisenberg revisited"},{"categories":null,"content":"Heute erreicht mich eine Mail, in der ein DBA sich über steigende Replication Delay in einer bestimmten Replikationshierarchie beschwert.\nDas ist schlecht, denn die betreffende Hierarchie ist wichtig. Also die \u0026lsquo;Wenn die nicht geht schlafen Leute unter Brücken\u0026rsquo;-Art von wichtig.\nDie Theorie war, daß die Änderungsrate in dieser Hierarchie so hoch ist, daß die Schreiblast von MySQL Replikation, die ja Single Threaded ist, nicht mehr bewältigt werden kann. Für diese Theorie sprach nach dem ersten Augenschein, daß alle betroffenen Kisten keine lokalen Platten hatten, sondern auf einem Filer lagen, und Filer sterben wegen der hohen Kommunikationslatenz im SAN bei uns in der Regel weit vor lokalen Platten, wenn es um Replikation geht: Filer sind mehr so beim parallelen Schreiben mit mehreren Threads gut.\nWenn dem so wäre, wäre das schon einen Seufzer wert, denn die betreffende Replikationshierarchie war gerade beim Reengineering auf dem OP und sollte eigentlich derzeit kaum ausbeutbare Technical Debt haben. Wenn die trotzdem Replication Delay akkumuliert, dann haben wir ein ernstes Problem.\nNun bin ich jemand, der Lügen gewohnt ist. Leute lügen. Und Maschinen lügen auch. Aber schauen wir erst mal ins Monitoring und schauen wie schlimm es ist. Ich greife mir einen Host aus der angeblich kränkelnden Hierarchie:\n![Graph: Replication Delay Monitor]({{ site.baseurl }}/uploads/replication-delay1.png)\nDer brandneue Replication Load Monitor ist ein tolles Spielzeug.\nWir sehen eine Weiterentwicklung einer Idee von Mark Leith: Mit Hilfe des Performance Schema überwachen wir, womit der SQL Thread der MySQL Replikation denn so seine Zeit verbringt und wieviel Prozent einer jeden Zeitscheibe er idle ist.\nMein SQL Thread auf der von mir zufällig herausgesuchten Maschine bringt etwa 20% seiner Zeit mit InnoDB Log IO zu und weitere 10-20% mit InnoDB Data IO. 60% sind Idle. Montag irgendwann nach 13 Uhr hat jemand dann in Panik \u0026lsquo;innodb_flush_log_at_trx_commit = 2\u0026rsquo; gesetzt und damit fällt die InnoDB Log IO-Wartezeit komplett weg (Data IO natürlich nicht).\nWie dem auch sei, so sieht der Graph einer überlasteten Hierarchie nicht aus. Wir haben möglicherweise ein Problem auf einigen Servern der Hierarchie, aber definitiv nicht auf diesem. Damit ist aber auch klar, daß das Problem nicht vom Master her kommen kann. Gute Nachrichten!\nWeiteres Nachbohren ergibt eine Liste von betroffenen Servern. Zwei von denen sind Qualitätssicherungssysteme, die haben keinen Speicher und interessieren mich nicht. Eines ist eine potentielle Produktionskiste, die derzeit aber vor sich hin idled. Die hat Speicher, und ist trotzdem langsam.\nSeit wann? Ich schnappe mir den Replication Delay Graph und zoome einmal raus. Das Problem besteht seit dem 20-Sep nachmittags, sagt der Graph.\nAlso zoome ich mich durch alle Graphen dieser Kiste für den 20-Sep und schaue einmal was mir da noch entgegen kommt.\n![Graph: Betroffener Rechner]({{ site.base_url }}/uploads/replication-delay2.png)\nKrankheitsbild: Akute und lebensbedrohliche DML-Schwäche seit Mitte des 20-Sep.\nEs ist offensichtlich, daß der Eimer ein Problem hat: Irgendwann am 20-Sep Nachmittags ist der von 150/250/50 I/U/D auf infinitesimal kleine Werte runter, und zwar nicht ruckartig wie bei einer Konfigurationsänderung, sondern in einer Entladungskurve, als ob sich irgendetwas zu zieht. Irgendwann am 21-Sep ist es der kranken Box dann noch mal ruckartig besser gegangen und wieder zieht sie sich dann bis zum Stillstand zu.\nDas ist doch schon mal ein guter Hinweis: Erstens suchen wir fast sicher nicht nach einem direkten Config Change und zweitens sehen wir an dem Spike dahinter, daß Recovery möglich ist.\nWir suchen nicht nach einem direkten Config Change, und das ist gut so, denn es hat in letzter Zeit auch keine solchen gegeben:\nroot@dba-master-01 [dba]\u0026gt; select new.report_date, new.config_variable, old.config_value, new.config_value from v_global_variables as old join v_global_variables as new on old.hostname = new.hostname and old.config_variable = new.config_variable and old.report_date + interval 1 day = new.report_date where old.hostname like @host and new.hostname like @host and old.config_value != new.config_value and old.report_date \u0026gt; now() - interval 6 month; +-------------+----------------------------+--------------+--------------+ | report_date | config_variable | config_value | config_value | +-------------+----------------------------+--------------+--------------+ | 2012-04-20 | thread_cache_size | 100 | 500 | | 2012-05-12 | innodb_max_dirty_pages_pct | 20 | 75 | +-------------+----------------------------+--------------+--------------+ 2 rows in set (0.82 sec) Weiteres Wühlen im Graphite bringt Erleuchtung, denn wir finden das Inverse des Activity Patterns hier:\nDie Causa: Der InnoDB Purge Thread hat seine Arbeit Mitte des 20-Sep eingestellt, zuckt noch einmal kurz und idled dann lustig weiter. Sollte Captain Undo-Log wieder unterwegs sein und mit dem Baseballschläger ausgeloggt werden wollen?\nEine kurze Inspektion der Prozeßliste zeigt nur zwei andere Kandidatenprozesse, einer ist ein root-User und einer ist ein cacti-Login. Mein Geld wette ich auf den root-user, ein kurzes Rumfragen auf dem Jabber und danach ein KILL auf die Connection-ID von dem Gesellen wird mir zeigen, ob ich Recht habe oder nicht: Wer nicht im Live-Channel auf dem Jabber ist wird sich schon melden, wenn ihm die Verbindungen wegfliegen.\nDer Effekt ist\u0026hellip; Null.\nAlso gut. Dann kriegt halt der Cacti auf\u0026rsquo;s Maul, weil ich grad schlechte Laune habe.\nNach Zufuhr einer passenden Dosis Laxativ (DBA KILL forte N) spontane Erholung, aber nach kurzer Linderung ein Wiedereinsetzen der Symptomatik.\nHerzallerliebst. Wir haben das Gegenteil eines Stehaufmännchens - ein Fallumchen. Immer wenn der Cacti User eine Kelle kriegt, fällt das Undo-Log wunschgemäß in sich zusammen und die Performance geht rauf. Danach zieht es sich in kürzester Zeit wieder zu und wir fallen auf das alte Niveau runter.\nDer alte Trick mit der Processlist klappt auch hier wieder: Das Login kommt von\nperformance_schema | ``` Moment. performance_schema? Cacti? Nein. Das ist nicht cacti. ```console lsof -i -n -P | grep 44467 mysqld 17242 mysql 178u # IPv6 3599986352 TCP ...:3306-\u0026gt;...:44467 (ESTABLISHED) diamond 18596 root 1u IPv4 3599986351 TCP ...:44467-\u0026gt;10.147.206.122:3306 (ESTABLISHED) ``` Ja. Das ist diamond, der Datenkollektor für Graphite. Und welches Modul von Diamond/Graphite ist am 20-Sep nachmittags global ausgerollt worden? ```console cd /etc/graphite/collectors ls -l MySQL*conf ... -r-------- 1 root root 471 Sep 20 14:19 MySQLPerfCollector.conf Der Replication Load Monitor. Ja, der da ganz oben im ersten Bild.\nDer liest zwar nur, aber aus irgendeinem Grund macht er das auf einigen Promille aller Boxen, und nur in dieser Replikationshierarchie!, in einer REPEATABLE READ read-only Transaction. Und die macht Diamond beim Login einmal auf und hält sie dann für immer und ewig, es sei denn, die Diamond-MySQL-Verbindung kippt, aus welchen Gründen auch immer, um. Und da die Verbindung auch nie Idle ist, timed sie auch nie aus.\nKurze Zeit nachdem Puppet dem Diamond die MySQLPerfCollector.conf auf enabled = false gesetzt hat haben wir eine dauerhafte Recovery:\nNatürliche Recovery nach Beseitigung der Ursache, ganz ohne KILL.\nWir lernen:\nMonitoring kann Performance-Effekte haben. Okay, keine neue Erkenntnis So ein Undo-Log und langlaufende Transaktionen können einen ganz schön runter ziehen. Okay, auch keine neue Erkenntnis. Es lag nicht an der Replikationslast, und auch nicht am Filer, auch wenn das gerade Mode ist, in diese Richtung zu blamen. Und Graphite ist meine Hündin. Was House sagt.\nMorgen schauen wir dem MySQLPerfCollector.py mal tiefer in die Eingeweide.\n","date":"2012-09-24T00:00:00Z","href":"https://blog.koehntopp.info/2012/09/24/der-herr-house-und-der-herr-heisenberg-haben-replication-delay.html","tags":["database","monitoring","replication","mysql","performance","lang_de"],"title":"Der Herr House und der Herr Heisenberg haben Replication Delay"},{"categories":null,"content":"Hier ist eine wichtige Zahl: Ein Coredump von einem MySQL auf einer Maschine mit knapp unter 200 GB Speicher dauert 15 Minuten. Auf SSD. Auf eine Festplatte dauert der gleiche Coredump dann knapp über 30 Minuten.\nWarum ist das eine wichtige Zahl?\nSSD sind schnell. Linear schreiben sie mehr als 200 MB pro Sekunde weg - ein ziemlich beeindruckendes Tempo, und noch dazu in einer Disziplin, wo sie nicht einmal optimal nutzbar sind. Auch moderne Serverfestplatten sind schnell - beim linearen Schreiben immerhin knapp halb so schnell wie eine SSD, oder 100 MB pro Spindel linear.\nAber moderne Maschinen haben halt auch eine sehr große Menge Speicher. Und 200 GB bei 200 MB pro Sekunde sind halt dann eine Viertelstunde pro Full Dump oder Full Scan.\nIn Eine reiche NoSQL-Anfragesprache macht Ulf Wendel sich Gedanken über die Leistungsfähigkeit von Abfragesprachen für NoSQL-Datenbanken, und ob es darstellbare Gemeinsamkeiten gibt.\nDas ist eine gute Überlegung, aber meiner Meinung nach setzt es schon mindestens einen Schritt zu spät auf. Zunächst will man sich Überlegen, ob man \u0026ldquo;seiner\u0026rdquo; NoSQL-Datenbank überhaupt Daten anvertrauen will. Die meisten SQL-Datenbanken sind nämlich außergewöhnlich schlechte lokale Speicher. Und das ist eine schlechte Ausgangsposition, denn alles, was mit horizontalem Scaleout und verteilten Datenbanken zu tun hat, setzt eine Schicht höher auf, und ist schlicht nicht gut tragfähig, wenn das Fundament schlecht ist.\nHier ist Redis . Redis ist ein Key-Value Store mit ein paar Extras, denn neben einem großen Hash mit Netzwerkinterface versteht es auch Strings, Listen (oder Stacks), Mengen und geordnete Mengen. Redis realisiert Persistenz auf genau dieselbe Weise wie MySQL Cluster:\nWann immer man möchte, erzeugt Redis einen point-in-time snapshot . Darunter verstehen die Redis-Entwickler einen fork() des Servers, und dann im Kindprozess ein Abspeichern des gesamten Datenbereiches auf Platte - also das Äquivalent eines Coredumps.\nWichtig dabei auch: Overcommit auf OS-Level erlauben, sonst darf man nur sein halbes RAM für Daten nutzen!\nWir wissen nun schon, daß dieser Schreibprozess auf einer zeitgemäßen Maschine etwa 15 oder 30 Minuten dauern wird und dabei die Bandbreite der Festplatte vollständig belegen wird. Im Falle eines Crashes hat man damit bei Recovery einen Stand, der bis zu 30 Minuten in der Vergangenheit liegt.\nRedis unterhält außerdem ein Append Only File (AOF), oder, wie man in Datenbanktermen sagen würde, ein Redo-Log.\nEs schreibt alle Änderungen an Daten in zeitlicher Reihenfolge mit.\nOhne Kompaktierung würde eine Recovery unendlich lange dauern, da alle Veränderungen an den Daten durch ein Abspielen des AOF der Reihe nach nachvollzogen werden.\nMit Kompaktierung - dem AOF Rewrite wie Redis dies nennt - werden doppelte Updates desselben Datensatzes zusammengefügt, sodass nur der letzte Schreibzugriff pro Datensatz gespeichert wird.\nAOF Rewrite skaliert sich auch nicht - jeder Postgres oder CouchDB DBA, der schon mal mit einem Postgres VACUUM FULL oder eine CouchDB Compaction laufen hatte, kennt genau die Auswirkungen, die ein AOF Rewrite hat.\nWie lösen traditionelle Datenbanken wie InnoDB das Problem? Mit einem Checkpoint .\nMySQL unterhält wie Redis ein Bild der aktuellen Daten auf der Platte - Redis in Form des point-in-time snapshot, MySQL in Form von InnoDB *.ibd-Files.\nAnders als Redis schreibt MySQL aber bei einem Checkpoint nicht die ganze Tabelle neu. Stattdessen sind ibd-Dateien (und der Speicher) in Seiten von 16 KB unterteilt.\nUnd statt eines AOF-Rewrite, bei dem das ganze Redo-Log neu geschrieben wird, schreibt MySQL für jeden Eintrag im Redo-Log die zugehörende Speicherseite auf die Platte - aber eben nur diese, und nicht die ganze Tabelle. MySQL macht dies außerdem auf eine Weise, bei der Daten nicht verloren gehen können, selbst dann, wenn die Datenbank mitten im Schreiben einer 16 KB-Seite den Strom abgeschaltet bekommt: Die Daten landen einmal im Doublewrite-Buffer, dann wird das Redo-Log aktualisiert und dann werden die Daten im *.ibd-File aktualisiert. Auf diese Weise, und mit den Prüfsummen in jeder Seite, kann MySQL die Datenbank sogar von halb geschriebenen Seiten sauber wieder herstellen.\nMySQL skaliert: Von einer Datenbank mit MySQL 5.6.6 und mit 192 GB RAM und 200 Connections, die wie wild schreiben, bekommen wir eine Schreibrate von etwa 150 MB/sec netto auf zwei SSD. Bedenkt man den Overhead mit dem Doublewrite-Buffer und dem Redo-Log ist das immens beeindruckend.\nDas bringt uns zum 2. Thema: Concurrency.\nMySQL InnoDB skaliert, in MySQL 5.6 skaliert es sogar ziemlich unglaublich: Ein Cluster mit 96 Cores, der 192 Verbindungen in die Datenbank unterhält, deren einzige Aufgabe es ist, Daten zu berechnen und zu schreiben , kommt mit der o.a. Konfiguration auf die genannten 150 MB/sec, und nutzt dabei - Threading sei Dank - die CPU-Kapazität der 12 physikalischen Cores (24 virtuellen Hyperthreading-Cores) der Datenbank gut aus.\nEin Single Threading Design erscheint mir in 2012 relativ hirntot, denn damit handelt man sich jede Menge Latenzprobleme ein - und in 2012 ist es nun einmal unmöglich, Hardware mit nur einem Kern zu kaufen.\nSelbst Mobiltelefone sind inzwischen Quadcores.\nAbhilfe wäre eine Aufteilung des Servers, indem man ihn mit cgroups oder anderen Hilfsmitteln in z.B. von einem 12-Core mit 192 GB in 12 Singlecores mit je 16 GB Speicher unterteilt.\nJetzt bekommt man aber ein Problem mit der Adressierung - welche Daten bringe ich wo unter, und wie frage ich 12 Serverinstanzen parallel ab (oder ich frage 12-mal hintereinander nach meinen Daten, türme dann aber 12 Latenzen aufeinander).\nUnd man bekommt ein Problem mit der Orchestrierung, denn jetzt habe ich 12 Instanzen auf derselben Hardware, die parallel point-in-time snapshots oder AOF schreiben müssen, und dabei um die vorhandene Disk Bandbreite konkurrieren. Wenn sie jedoch jemals tun, werden unsere linearen Writes zu Seeks, und plötzlich wird unsere ehemals ach so schnelle Disk wirklich, wirklich langsam und unsere Latenzen explodieren wirklich.\nAls Anwendungsentwickler fragt man sich natürlich auch: Was soll die Scheiße? Also, warum soll ich mich als Anwendungsentwickler um so etwas kümmern? Wieso ist der Server nicht in der Lage, sich um solche Details selber zu kümmern? Und wieso ist dieses Problem der Orchestrierung nicht sowieso schon gelöst?\nDie Antwort auf die letzte Frage wird klar, wenn man sich die in der Latency-Seite die im Abschnitt \u0026ldquo;Fork time in different systems\u0026rdquo; genannten Systemgrößen einmal anschaut: 360 MB bis 7 GB.\nZum Vergleich: Das kleinste erhältliche Mobiltelefon kommt in 2012 mit 8 GB Speicher.\nDer Gray ist teuer, Elsevier halt, aber nicht so teuer.\nUnd man bekommt 40 Jahre Erfahrungen mit Persistenz done right (and scaleable) für sein Geld. InnoDB ist ziemlich genau eine Lehrbuchimplementierung des Gray.\nInnoDB hat Probleme, aber es hat sie an Stellen, an denen Redis noch nicht mal Code hat.\n","date":"2012-09-23T00:00:00Z","href":"https://blog.koehntopp.info/2012/09/23/zu-besuch-bei-redis.html","tags":["database","innodb","mysql","nosql","sql","lang_de"],"title":"Zu Besuch bei Redis"},{"categories":null,"content":"A Talent for War , Jack McDevitt, USD 7.99 (Audiobook von Audible verfügbar)\nJack McDevitt\u0026rsquo;s Alex Benedict lebt von uns aus gesehen etwa 10.000 Jahre in der Zukunft, auf irgendeiner Welt, die von den Menschen besiedelt worden ist. Aber da sich die Zivilisation in McDevitts Universum in Kreisen bewegt, sind seine Denkweisen und seine Profession uns wesentlich näher: Er handelt mit Antiquitäten, Artefakten aus Kriegen, die Menschen irgendwann einmal zwischen den Sternen geführt haben, Plaketten und Bordbücher bekannter Entdeckerschiffe und andere Dinge, die durch Mut, Neugier oder Entdeckergeist und die mit ihnen verknüpften Geschichten zu Symbolen mit Bedeutung für andere geworden sind.\nErzählt werden die Geschichten aus der Perspektive von Chase Kolpath, die als Pilotin für Alex Benedict fliegt und mit ihm zusammen eine kleine, aber feine Zwei-Personen-Firma führt.\nIn \u0026ldquo;A Talent for War\u0026rdquo; übernimmt Alex Benedict seine Firma von einem Onkel, und versucht dessen letztes Projekt aufzuklären: Es geht um einen Kriegshelden irgendeiner interstellaren Auseinandersetzung und um dessen Schiff, das Dinge vollbracht hat, die so unmöglich passiert sein können.\nMcDevitt malt ein reiches und buntes Universum, und versieht es mit einer Geschichte, die es wert ist, erforscht zu werden - das Thema seiner Romane.\nPolaris , Jack McDevitt, USD 7.99 (Audiobook von Audible verfügbar)\nDie Polaris, eine kleine, aber feine private Spaceyacht, wurde leer und treibend im Weltraum gefunden. 60 Jahre später geht jemand auf die Jagd nach Artefakten von der Polaris - einige davon im Besitz von Alex Firma. Und so geraten Alex Benedict und Chase Kolpath in ihr zweites Abenteuer.\nSeeker , Jack McDevitt, USD 7.99 (Audiobook von Audible verfügbar)\nZwei Schiffe, die Seeker und die Bremerhaven, gingen verloren, und mit ihr eine Kolonie von Menschen. Alex und Chase geraten durch eine Tasse auf die Spur der Seeker, und versuchen, das Schiff wiederzufinden und ihr Schicksal aufzuklären.\nDevil\u0026rsquo;s Eye , Jack McDevitt, USD 7.99 (Audiobook von Audible verfügbar)\nVicki Greene, eine Autorin von Horrorgeschichten und in Alex Benedicts Welt eine Berühmtheit, versucht Kontakt zu ihm aufzunehmen und überweist ihm eine beträchtliche Menge Geld. Als Alex versucht mit Greene Kontakt aufzunehmen, stellt sich heraus, daß sie sich freiwillig ihre Persönlichkeit und Erinnerung hat löschen lassen, angeblich um mit einem schweren Trauma fertig zu werden.\nAlex und Chase rekonstruieren die letzte Reise von Vicki Greene zu einem vereinzelten Stern weit draußen vor dem Lichtermehr der Galaxis, und versuchen die Stationen und Erlebnisse dort nachzustellen - um in eine Intrige und am Ende in eine kosmische Katastrophe zu geraten.\nNoch nicht gelesen:\nEcho , Jack McDevitt, USD 7.99 Firebird , Jack McDevitt, USD 7.99 ","date":"2012-09-04T00:00:00Z","href":"https://blog.koehntopp.info/2012/09/04/fertig-gelesen-alex-benedict.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: Alex Benedict"},{"categories":null,"content":"Ancient Shores , Jack McDevitt, USD 7.99\nIrgendwo in North Dakota, mitten in der Prärie, gräbt ein Farmer ein Schiff aus, das aus einem Material ist, das unmöglich auf der Erde hergestellt worden sein kann. Es stellt sich heraus, daß vor 10.000 Jahren, kurz nach der Eiszeit, die Prärie der Boden eines großen Süßwasser-Sees war, und bei der Suche nach einem logischen Hafen findet man ein Roundhouse mit einem Stargate - auf altem Indianerland.\nAls die Entdeckung bekannt wird, kommt es zwangsläufig zu einem Konflikt zwischen den USA und anderen Nationen, zwischen der US Regierung und den Indianern, und zwischen den Menschen, die Kontakt wollen und denen die Angst haben. Die Situation eskaliert und McDevitt nutzt den Showdown zu einem gleichermaßen kindischen wie grandiosen Finale voller Cameos\u0026hellip;\nHier ist ein neues Wort: Xenoarchaeology . Es ist die hypothetische Wissenschaft, die wir hätten, würden wir die Ruinen außerirdischer Zivilisationen ausgraben.\nEs ist auch das Thema der Bücher von Jack McDevitt. Denn seine Antwort auf das Fermi Paradox ist: Zivilisationen sind kurzlebig, und so sind wir von den Aliens nicht nur durch den Raum, sondern auch durch die Zeit getrennt, und wenn wir andere Zivilisationen im Weltraum finden, dann meistens nur ihre Artefakte und Hinterlassenschaften.\nUnd so sind McDevitts Bücher zwar spannend, aber immer auch ein wenig melancholisch. Ancient Shores ist eines seiner frühen Bücher, und insbesondere zum Ende hin noch nicht so geschlossen und in der sprachlichen Entwicklung abgeschlossen wie neuere Werke, aber es fängt auf eine ganz besondere Weise seine einzigartige Sicht auf das Universum ein.\n","date":"2012-09-03T00:00:00Z","href":"https://blog.koehntopp.info/2012/09/03/fertig-gelesen-ancient-shores.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: Ancient Shores"},{"categories":null,"content":"Kill Decision , Daniel Suarez, USD 12.99\nNach Daemon und Freedom™ und waren die Hoffnungen hoch, daß das neue Buch von Daniel Suarez den Standard halten kann, den er mit seinen ersten beiden Büchern gesetzt hat. TL;DR: Das hat funktioniert.\nDie Geschichte: Linda, eine Ameisenforscherin lernt, daß ihr Ameisen-Schwarm-Modell ganz ausgezeichnet funktioniert, um das Schwarmverhalten autonomer (nicht ferngesteuerter) Drohnen zu kontrollieren. Es wird gestohlen, militarisiert und man ist hinter ihr her - mit eben diesen Drohnen. Gerettet wird sie von einem unwahrscheinlichen Team von Special Ops Leuten, die eigentlich die Aufgabe haben, eine Reihe von Anschlägen mit - man ahnt es schon - autonomen Drohnen auf dem Gebiet der Vereinigten Staaten aufzuklären. Und ab hier heißt es: Linda und die Special Ops gegen den militärisch-industriellen Komplex.\nWas in der Erklärung käsig klingt, ist in der Tat schlüssig und actionreich erzählt, und - wie reden von Suarez - gut recherchiert und dann gerade genug extrapoliert, um es zu SciFi zu machen. Ohne Absetzen durchgelesen und in der Tat an einem Wochenende durchgezogen.\nWill man.\n","date":"2012-09-02T00:00:00Z","href":"https://blog.koehntopp.info/2012/09/02/fertig-gelesen-kill-decision.html","tags":["lang_de"],"title":"Fertig gelesen: Kill Decision"},{"categories":null,"content":"Existence , David Brin, USD 14.99\nExistence ist eine Geschichte über viele Dinge: In einer Welt nach der Klimakatastrophe, in einer Welt der ubiquitären Kommunikation und permanenten Netzwerkzuganges über augmented reality devices a la Google Glasses, in einer Welt nach dem großen Crash des Kapitalismus und einer nicht näher spezifizierten Terrorkatastrophe, in dieser Welt geht es den Menschen eigentlich recht gut. Sie haben sich angepaßt, neue Wege des Zusammenleben gefunden und wieder so etwas wie Stabilität gefunden.\nBis einer von ihnen im Orbit um die Erde einen eineinhalb Meter langen ellipsoiden Kristall findet, und damit das Fermit Paradox klärt: Die Menschen sind nicht alleine im Weltraum, und auch nicht die ersten. Es ist nur so, daß SETI nach dem Falschen gesucht hat: Radiowellen empfängt man nur, wenn man zur richtigen Zeit am richtigen Ort ist und selbst dann ist die Kommunikation unidirektional. Die Kristalle jedoch erlauben hochgeladenen Avataren, die auf den Kristallcomputern ausgeführt werden, eine Kommunikation mit der Ziel-Intelligenz aufzubauen. Plus, wenn noch keine solche vorhanden ist, können sie auch gerne eine lange Zeit warten, bis die Ziel-Welt soweit ist. Und die Erde ist nun so weit.\nAb hier wird die Geschichte auf eine unglaublich stringente und logische Weise vollkommen absurd. Denn was kann eine in einem Kristall hochgeladene Avatar-Intelligenz denn wollen und anbieten? Zurück in die Heimat kann sie nicht, denn ihre Ursprungswelt ist fast sicher tot, die Zivilisation dort vergangen\u0026hellip; Die Antwort auf diese Frage ähnelt auf überraschende Weise meiner Inbox. Brin delivers.\n","date":"2012-09-01T00:00:00Z","href":"https://blog.koehntopp.info/2012/09/01/fertig-gelesen-existence.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: Existence"},{"categories":null,"content":"Aus den Kommentaren in meinem Stream herausgezogen und noch einmal, ein einziges Mal, prominent hier herein gestellt.\nIch halte es mit dem Baedeker Reiseführer, wie im \u0026ldquo;Zimmer mit Aussicht\u0026rdquo; zitiert: Man sieht nur, was man schon kennt.\nSpoiler sind mir egal. Vollkommen egal. Ich werde sie weder absichtlich hier einstellen, noch irgendetwas tun, um sie zu vermeiden, markieren oder sonst wie zu identifizieren.\nWem das nicht paßt, der sollte mir nicht folgen.\n","date":"2012-08-31T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/31/fertig-gelesen-vs-spoiler.html","tags":["review","book","media","spoiler"],"title":"Fertig gelesen vs. Spoiler."},{"categories":null,"content":"The Apocalypse Codex , Charles Stross, USD 12.99\nZu Charles Stross \u0026ldquo;Laundry\u0026rdquo; Universum habe ich in Fertig gelesen: The Fuller Memorandum ja schon etwas gesagt (siehe auch Fertig gelesen: Atrocity Archives , Laundry Roleplaying .\nIm Laundryverse ist höhere Mathematik mit schwarzer Magie identisch und kann das Gewebe der Realität umdefinieren, und Verschwörungstheorien werden real, wenn nur genug Leute daran glauben. In The Apocalypse Codex zieht Stross nun die Daumenschrauben an und wir kommen CASE NIGHTMARE GREEN ein wenig sehr viel näher: Kultisten nutzen Sekten und Televangelists, um Jünger zu rekrutieren, tricksen die Nazgûl aus und versuchen, den Sleeper zu wecken. Es liegt an Bob Howard und der Laundry, die Welt zu retten, und es bleibt offen, wie sehr das gelungen ist (Kein Spoiler: Es wird einen Teil 5 geben, und für den legt Stross hier schon mal ganz zwanglos die Grundlage).\nStross beweist hier, daß der schwache zweite Teil der Laundry Reihe ein Unfall war, und liefert zuverlässig ab, um dann wie angekündigt im angekündigten Teil 5 (erscheint, wenn die Sterne richtig stehen) die Welt enden zu lassen.\n","date":"2012-08-31T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/31/fertig-gelesen-the-apocalypse-codex.html","tags":["book","review","cthulhu","media","stross","lang_de"],"title":"Fertig gelesen: The Apocalypse Codex"},{"categories":null,"content":"Redshirts , John Scalzi, USD 11.99\n\u0026ldquo;Redshirts\u0026rdquo; ist eine fiese Satire auf die Versammlung von Plotholes, die Star Trek so aufzuweisen hat. Was passiert, wenn die rothemdigen Extras der Serie jene hoch intelligente und gut ausgebildete Elite und die Teamarbeiter wären, die der Handlung nach von der Star Fleet Academy angeblich produziert würden? Richtig, sie würden binnen allerkürzester Zeit herausfinden, daß sie die Extras in einer billigen Fernsehserie wären, und würden die Plotdevices ihres Schiffes so riggen, daß sie im Swingby um eine Sonne in die reale Realität katapultiert würden. Wo sie sich dann bei den Autoren bitterlich über die Ungerechtigkeiten ihrer Welt beschweren würden.\nScalzi schafft das, was Charles Yu verreißt: Er kombiniert Klischees, wilde Ideen und ergreifende Schicksale auf eine Weise, die fesselnd erzählt ist und die das Neue an der Idee in Szene setzt. Und er schafft es, seinen wahnsinnigen Ritt von einem Handlungsbogen dann auf eine vollkommen logisch und zwingende Weise abzuschließen. Und kommt dann noch mit drei Nachträgen daher, bei denen er noch weitere Ebenen von Closure herstellt und unauffällig moralisierend auch gleich die Rationale liefert, warum er das Buch überhaupt geschrieben hat.\nSiehst Du, Charles Yu. So geht das in richtig.\n","date":"2012-08-30T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/30/fertig-gelesen-redshirts.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: Redshirts"},{"categories":null,"content":"Der Autor als Agentur der Moderne , Frank O. Hrachowy, EUR 49.90\nIm Wohnzimmer meines Vaters stand an einem Ende eine große Bücherwand in 80er-Jahre-Braun und Beige. Scheinwerfer strahlten eine große Hundertwasser-Kopie über der Stereoanlage an, ansonsten war das Ding voll von Büchern über alles Mögliche. Oben in der Ecke standen ein paar Jugendbücher, darunter auch eine Menge Hans Dominik, insbesondere die Eggerth-Trilogie, Wettflug der Nationen , Ein Stern fiel vom Himmel und Land aus Feuer und Wasser .\nEine Sache, die mich an diesen Büchern als Jugendlicher fasziniert hat, ist der Technikoptimismus und die pragmatische Attitüde der Figuren, die Dominik dort schildert.\nSie waren ein wesentlicher Motivator, als ich mir - aus dem selben Regal - den BASIC Brevier (in der 1980er Ausgabe) gezogen habe und noch ohne eigenen Computer oder Zugang zu einem mit Papier und Bleistift Programme schreiben und ausführen gelernt habe. Ganz wie Buddy in Whatever happened to the world of tomorrow seinem Vater aufgeregt Orbits von Raketen vorgerechnet hat, habe ich meinem Vater versucht, Programmierung von Rechnern vorzuführen…\nQuelle: KLM Propellorvliegtuig, Nederland, 1957 Jedenfalls war ich frustriert von all den Diskussionen über Street View, Thilos Sonderweg, das Leistungsschutzrecht, den deutschen Jugendschutzwahn und was sonst so an politischen Willensbekundungen, die das Internet ablehnen, in Deutschland existiert, und das wiederum erinnerte mich an meine jugendliche Begeisterung für Technik. Wieso habe ich das, im Gegensatz zu so vielen anderen Menschen in meinem Land, das ja einmal das Land der Ingenieure und Erfinder war?\nIch las auch den Wikipedia-Artikel über Hans Dominik , und, äh, der kam mir dann selbst nach den Maßstäben der deutschen Wikipedia ausnehmend schwach und voreingenommen vor.\nImmerhin verwies er in der Literatur auf das Buch im Titel dieses Beitrages, auch wenn er die Erkenntnisse dieses Buches im Artikeltext nur unzureichend nutzt. Also schnell Amazon bemüht, den Blurb dort gelesen und dann relativ schnell den Herrn Hrachowy und seinen Verleger um einen 50er reicher gemacht. Warum?\nIm Fokus dieser literaturhistorischen Publikation steht die Exegese des literarischen Werks von Hans Dominik, das erstmals nicht nur fragmentarisch durch die Betrachtung seiner bekannten utopisch-technischen Romane ausgewertet werden sollte, sondern sämtliche Werke zu berücksichtigen trachtete. Weiterhin wurde Hans Dominiks umfangreicher, in der Berliner Staatsbibliothek lagernder literarischer Nachlass für diese Forschungsarbeit herangezogen.\nZiel war, das Verhältnis von Hans Dominik, als einem der meistgelesenen Autoren der ersten Hälfte des vergangenen Jahrhunderts, zum zeitparallel stattfindenden Wandel populärer Literatur im Allgemeinen sowie Technikliteratur im Besonderen zu untersuchen und zu beschreiben. Die Auswertung der bislang unberücksichtigten primären Quellen erlaubte dabei den Einblick in Schriftstücke und Zusammenhänge, die eine Korrektur des kanonisierten Autorenbildes und gleichermaßen eine Neubewertung des Menschen Hans Dominik notwendig machen.\nDer Autor hat sich also nicht nur die drei Eggerth-Romane plus das Erbe der Uraniden und Atomgewicht 500 reingezogen, sondern sich tatsächlich bemüht, einen Überblick über das Gesamtwerk von Hans Dominik zu bekommen und sich außerdem noch durch die Korrespondenz des Autors durchgebissen.\nDas entstehende Portrait des Menschen Hans Dominik ist für mich noch faszinierender als seine Romane: Dominik war Schreiber für technische Dokumentation bei Siemens im Büro und lernt schnell, daß er technische Zusammenhänge echt gut erklären kann. Er macht sich selbstständig und hat schnell ein prosperierendes Geschäft, auf dem er eine solide Existenz und eine gewisse Prominenz aufbauen kann.\nDabei betrachtet er das Schreiben als Handwerk, nicht als Kunst: Er schreibt Texte, die unter einem anderen Namen oder als Whitelabel veröffentlicht werden, weil sie nicht zur Marke \u0026ldquo;Hans Dominik\u0026rdquo; passen, und er veröffentlicht Texte von anderen unter seinem Namen, weil diese wiederum zum Markenbild passen. Er schreibt Texte als Auftragsarbeiten, in Stil, Länge und Inhalt nach Wünschen des Auftraggebers angepaßt. Dominik agiert sich als Agentur für Texte, der Auftraggeber, Autoren und Autorennamen als Marke zusammenmischt und in Kontakt bringt, sodaß alles paßt.\nDabei bleibt er selbst auch in den politischen Wirren seiner Zeit er selbst und seiner politischen Linie treu (\u0026hellip; und die ist, anders als die Wikipedia suggeriert, recht nazi-fern, nämlich kaisertreu. Das aus der heutigen politischen Landschaft, wo es diese Position nicht mehr gibt, und aus dem Abstand vieler Dekaden heraus zu differenzieren mag jedoch schwierig sein. Insbesondere, wenn man zugleich in den einen oder anderen Editwar verstrickt ist.)\nHrachowy gelingt es, uns einen Menschen in einer Zeit nahe zu bringen, die uns und unseren Denkweisen zugleich näher und ferner ist, als wir gemeinhin glauben, und uns zu erklären und zu belegen, wie diese Person und ihr Schreiben in ihre Zeit gepaßt haben. Für mich eine extrem faszinierende Lektüre, trotz des eher drögen Gewandes\u0026hellip;\n","date":"2012-08-29T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/29/fertig-gelesen-der-autor-als-agentur-der-moderne.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: Der Autor als Agentur der Moderne"},{"categories":null,"content":"\u0026ldquo;Whatever happened to the World of Tomorrow?\u0026rdquo; erklärt, wieso das Versprechen an unsere Eltern - Jetpacks und fliegende Autos - nicht eingelöst wurde, und wieso wir dennoch heute in der Zukunft leben. Es verweist gleichzeitig auf unsere Zukunft, eine Zukunft, die nicht zu den Erwartungen und dem Wissen der vorangegangenen Generationen passen wird. Unsere Welt von Morgen wird nach wieder anderen Regeln funktionieren, und wir werden wieder andere Probleme lösen müssen\u0026hellip;\nWhatever Happened to the World of Tomorrow , Brian Fies, 21.99 EUR\nIm Mai 1939 besucht Buddy mit seinem Vater die Weltausstellung in New York am Eröffnungstag. Damals war das ein großes Ereignis: 200.000 Leute am Eröffnungstag alleine, und bis zum Oktober 1940 insgesamt 45 Millionen Besucher.\nDas Ausstellungsgelände war vorher Marschland, das für die Ausstellung urbar gemacht wurde, und die Bahnlinie wurde bis zum Gelände verlängert, die Station speziell gebaut. In der Ausstellung wurde den Bürgern gezeigt, wie die Welt des fernen Jahres 1960 aussehen würde, und welche zivilisatorischen Errungenschaften die Zukunft bringen würde. Und damals war so etwas durchaus noch unironisch gemeint.\nVater erzählt von seinem Vater und der Farm: \u0026ldquo;Und dann… Nunja, das Land konnte uns nicht alle ernähren. Ich ging hinunter in die Stadt um Arbeit zu finden und tat das Beste, was ich für uns tun konnte.\u0026rdquo;\nSohn: \u0026ldquo;Das hast Du toll hinbekommen, Papa!\u0026rdquo;\nVater: \u0026ldquo;Vielleicht. Aber ich weiß nicht wie man diese Zukunft macht.\u0026rdquo;\nVater: \u0026ldquo;All diese Wissenschaft, Konstruktion und Maschinen. Dieses herausfinden, wie die Leute am Besten arbeiten und leben sollten. Ich weiß nicht, was ich davon halten soll oder wie ich da herein passe.\u0026rdquo;\nVater: \u0026ldquo;Aber Du kannst das, Buddy.\u0026rdquo;\nVater: \u0026ldquo;Du bist ein heller Kopf. Das ist es, was die Welt brauch, damit das klappt. Dinge verändern.\u0026rdquo;\nVater: \u0026ldquo;Und die Dinge müssen sich ändern, denn so wie ich aufgewachsen bin funktioniert die Welt nicht mehr.\u0026rdquo;\nBuddy wächst in einer Zeit der Weltraumhelden und der Erforschung des Weltraums auf, in den Jahren nach dem Krieg bis zum Ende der 60er. Dies ist zugleich die Zeit der Urbanisierung Amerikas, des Baus des Interstate Systems und der Erfindung des TV Dinners - genauer, der Erfindung des industriellen Fertigproduktes als Gegensatz zum heimgefertigten Gegenstand, mit dem Buddies Vater auf der Farm großgeworden ist. Es ist auch die Zeit des kalten Krieges, der klaren Feindbilder und der Konformität - Buddy lebt mit seinen Eltern in einem massengefertigten Reihenhaus mit einem Fallout Shelter im Keller.\nTextbox: \u0026ldquo;Disney hinterlegte seine Zukunftsfantasien mit Brainpower der Weltklasse. Seine Ratgeber waren unter anderem Willy Ley, der in Berlin geboren war, aber 1935 vor den Nazis floh, und der Physiker Heinz Haber, ein ehemaliger Pilot der Luftwaffe und Pioneer der Weltraum-Medizin.\u0026rdquo;\nSohn: \u0026ldquo;Papa! Schau, wer da ist!\u0026rdquo;\nVater: \u0026ldquo;von Braun.\u0026rdquo;\nTextbox: \u0026ldquo;und insbesondere auch Dr. Wernher von Braun, dessen einzigartiger Intellekt und Ruhm alle anderen zusammen überstrahlte.\u0026rdquo;\nTextbox: \u0026ldquo;Von Braun führte Hitler\u0026rsquo;s V-2 Programm, das England bombardierte und Tausende tötete. Als der Krieg endete, ergaben sich von Braun und sein Team den Vereinigten Staaten, die sie sehr bald darauf ansetzten, ein eigenes Raketenarsenal zu entwickeln.\u0026rdquo;\nTextbox: \u0026ldquo;Er sagte, er sei gezwungen gewesen, der Nazi-Partei und der Waffen-SS beizutreten. Er sagte, er wisse nichts von Arbeitssklaven, die unter seinem Kommando in Penemünde und Mittelwerk gestorben seien. Er war gutaussehend, hatte Charme und es war leicht ihm zu glauben.\u0026rdquo;\nTextbox: \u0026ldquo;Ich liebte von Brauns Geschichte voller Sehnsucht und Vergebung. Papa haßte ihn.\u0026rdquo;\nTextbox: \u0026ldquo;Als von Braun seine Autobiographie \u0026lsquo;Ich ziele auf die Sterne\u0026rsquo; nannte, sagte Papa, der passende Untertitel sei \u0026lsquo;aber normalerweise treffe ich London.\u0026rsquo;\u0026rdquo;\nBuddies liebe zur Weltraumfahrt prägt seine Jugend - er bringt sich bei, mit dem Rechenschieber umzugehen und Umlaufbahnen zu berechnen. Zusammen mit seinem Vater verfolgt er die Raketenstarts. Sie reisen sogar zum Start von Gemini-4 und die beiden schauen dem Start der Rakete zu, beeindruckt von der Kraft und Lautstärke dieses Menschenwerks.\nDie Mondmissionen waren der Triumph des amerikanischen Weltraumprogramms, und zugleich der Anfang vom Ende der großen Weltraum-Missionen. Der Beginn einer neuen, komplizierteren Zeit\u0026hellip;\nTextbox: \u0026ldquo;Am 20. Juli 1969 landeten Neil Armstrong und Buzz Aldrin den Adler der Apollo 11 im Meer der Ruhe auf dem Mond, während Mike Collins ihn umkreiste. Jeder mit Fernseher auf der Welt sah ihnen zu, staunte und feuerte sie an. Bevor sie ins Bett gingen schauten Milliarden zum Mond und dachten \u0026ldquo;Wir sind da oben! Jetzt gerade!\u0026rdquo;\nTextbox: \u0026ldquo;Man sagte, daß viele SciFi-Autoren die Mondlandung vorhergesagt hatten, und daß viele das Fernsehen vorhergesagt hatten, aber nicht einer hätte vorhersehen können, daß die erste Mondlandung live übertragen werden würde.\u0026rdquo;\nTextbox: \u0026ldquo;Pete Conrad und Alan Bean landeten die Intrepid der Apollo 12 im Meer der Stürme. Die waren drei Mal so lange auf der Oberfläche wie Armstrong und Aldrin, und kehrten zu etwas kleineren Paraden nach Hause zurück.\u0026rdquo;\nTextbox: \u0026ldquo;Jim Lovell und Fred Haise in Apollo 13 kamen niemals auf die Mondoberfläche, aber sie und Jack Swigert schafften es, ihr wrackes Schiff einmal um den Mond zu schwingen und nach Hause zu kommen - eine Tat voller Bauernschläue und Einfallsreichtum, die sich trotzdem wie ein Triumph anfühlte.\u0026rdquo;\nTextbox: \u0026ldquo;Dann Shepard und Mitchell in Apollo 14. Scott und Irwin in Apollo 15. Young und Duke in Apollo 15. Cernan und Schmitt in Apollo 17.\u0026rdquo;\nTextbox: \u0026ldquo;Das war es dann.\u0026rdquo;\nTextbox: \u0026ldquo;Dieselbe Öffentlichkeit, die für Apollo 11 gefeiert und geweint hatte, beschwerte sich bei den Sendern, als für die Landung von Apollo 17 das reguläre Programm unterbrochen wurde.\u0026rdquo;\nTextbox: \u0026ldquo;Apollo 18 bis 20 wurden gestrichen. Keine Mondlandungen mehr. Keine Mondbasis. Nichts. Wir würden den Mond für Dekaden zurück lassen.\u0026rdquo;\nTextbox: \u0026ldquo;Das hätten Papa und ich nie vermutet.\u0026rdquo;\nBuddies Jugend wird begleitet von einem Comichelden, Cap Crater and the Cosmic Kid, dessen Abenteuer zusammen mit Buddy altern und den Wandel der Zeiten illustrieren - vom Helden einfacher Golden Age Geschichten zu einem Silver Age Helden, um schließlich als Opfer ambivalenter Wertesysteme und einer komplizierteren Auffassung von Recht und Gerechtigkeit zu enden und aufzugeben: Cap Craters letztes Abenteuer - kurz vor Vietnam - ist eines, in dem er siegt und doch nicht gewinnt, um schließlich das Superheldentum aufzugeben. Und Buddy wird ebenfalls erwachsen.\nEr begreift:\nTextbox: \u0026ldquo;Die Zeit des Großen war vorüber. Alles war groß: Die Regierung, Firmen, Maschinen, Autos. Stattdessen bekamen wir eine erste Ahnung von der Macht des Kleinen.\u0026rdquo;\nTextbox: \u0026ldquo;Richard Feynman, der spielerisch brilliante Physiker, der die erste Atombombe bauen half, gab 1959 einen bahnbrechenden Vortrag mit dem Titel Da ist noch viel Luft nach unten . Sein Vortrag führte das Konzept der Nanotechnologie ein, und schilderte die Möglichkeiten in der Welt des winzig Kleinen.\u0026rdquo;\nTextbox: \u0026ldquo;Ein Welt, in der wir einzelne Atome manipulieren können, um winzige Motoren oder Schaltkreise bauen zu können. In der Mikro-Roboter durch unsere Blutbahnen schwimmen, um Operationen durchzuführen. Und alle Bücher, die je veröffentlicht worden sind, würden auf ein Staubkorn passen.\u0026rdquo;\nTextbox: \u0026ldquo;Es sollte noch Dekaden dauern, bis der Rest der Welt Feynmans Vision verstehen würde - und wir taten es erst, als die Zeichen um uns herum zu offensichtlich wurden, um sie ignorieren zu können.\u0026rdquo;\nTextbox: \u0026ldquo;Von den Tagen der Elektronenröhren-Rechner und der Codebrecher des Krieges, über Transistoren und Integrierte Schaltkreise stieg die Leistung und Geschwindigkeit der Elektronik, während ihr Preis ständig sank.\u0026rdquo;\nTextbox: \u0026ldquo;Intel-Gründer Gordon Moore fiel auf, daß sich die Anzahl der Transistoren in einem IC alle 2 Jahre verdoppelte, exponentiell von Tausend über 10.000 zu Millionen und mehr anwachsend.\u0026rdquo;\nTextbox: \u0026ldquo;Das Ergebnis: In der Mitte der 70er wurden Geräte, die vorher Luxusgegenstände waren, plötzlich zu Consumergeräten: Taschenrechner, Videospiele, Videorekorder und Computer.\u0026rdquo;\nTextbox: \u0026ldquo;Moore\u0026rsquo;s Law wurde das unaufhaltsame Vortriebsmoment eines technischen Fortschrittes, der die zweite Hälfte des 20. Jahrhunderts bestimmte.\u0026rdquo;\nText: \u0026ldquo;Kleiner, schneller und effizienter: so war die Zukunft.\u0026rdquo;\nUnd das Resumee:\nTextbox: \u0026ldquo;Über die Zeit veränderte sich die Bedeutung von \u0026lsquo;Fortschritt\u0026rsquo; selbst.\u0026rdquo;\nTextbox: \u0026ldquo;Die Vision der Zukunft im frühen 20. Jahrhundert entstand aus einer ländlichen Vergangenheit: Fortschritt bedeutete, Leute in Städten zu versammeln und ihre Arbeit zu organisieren - Zentralisierung und Spezialisierung. Aber echter Fortschritt brachte mehr Mobilität und Freiheit, nicht weniger.\u0026rdquo;\nTextbox: \u0026ldquo;Die Leute stellten sich vor, die Zukunft würde kolossale, klickende und surrende Monumente industrieller Fertigungskunst bringen, die über strahlenden Metropolen wachen und Blitze in den Himmel schleudern würden.\u0026rdquo;\nTextbox: \u0026ldquo;Stattdessen wurde die fortgeschrittene Technologie kleiner, effizienter und schlauer. Sie ist unsichtbar und überall.\u0026rdquo;\nTextbox: \u0026ldquo;Die neue Welt von Morgen lebt tief in unseren Häusern, Computern, Kommunikationsnetzen, Transportnetzen, Werkzeugen, Spielzeugen, Medikamenten, ja sogar in unserer DNS. Sie arbeitet unbemerkt, zu klein um sie zu sehen, die Größenordnungen erforschend und nutzend, die uns von den Atomen trennen.\u0026rdquo;\nTextbox: \u0026ldquo;Die Energieproduktion der Welt von Morgen ist klein und dezentral. Tausende Bohrlöcher extrahieren geothermische Energie aus der Wärme des Erdmantels. Gebäude, die in hocheffiziente Photovoltaik eingehüllt sind, produzieren mehr Energie als sie verbrauchen.\u0026quot;\nTextbox: \u0026ldquo;Wüsten weltweit sind ein Flickenteppich von photovoltaischen und Solar-Anlagen, und Terawatt an Windturbinen pflastern die großen Ebenen Nordamerikas, von Manitoba bis Chihuahua.\u0026rdquo;\nTextbox: \u0026ldquo;Nebenan werden große elektrolytische Stromspeicher geladen wenn der Wind bläst und die Sonne scheint, um sich zu entladen, wenn sie nachlassen, einen Strom ungleichmäßiger erneuerbarer Energien in einen zuverlässigen Energiestrom zu wandeln, der in ein robustes Stromnetz gespeist wird, das genug Intelligenz hat, um Flut und Ebbe im Strom auszugleichen, den Endverbraucher sowohl produzieren als auch verbrauchen.\u0026rdquo;\n","date":"2012-08-29T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/29/fertig-gelesen-whatever-happened-to-the-world-of-tomorrow.html","tags":["book","review","comic","media","lang_de"],"title":"Fertig gelesen: Whatever happened to the world of tomorrow?"},{"categories":null,"content":"The Children of the Sky , Vernor Vinge, USD 7.99\n\u0026ldquo;Children of the Sky\u0026rdquo; ist der 3. Band der Zones of Thought Serie von Vernor Vinge. Die beiden ersten Teile, A Fire Upon the Deep (1992) und A Deepness in the Sky (1999) sind ja nun schon 20 und 12 Jahre alt, und so beschäftigt sich ein guter Teil der Handlung damit, die Handlung aus A Fire Upon The Deep wieder aufzunehmen, bekannte Charactere neu einzuführen und vor allen Dingen eine neue Situation aufzubauen, nachdem der erste Teil die Handlung bis auf ein einziges loses Ende sehr gut abgeschlossen hatte.\nWie dem auch sei, in A Fire Upon The Deep hatten wir in paar Leute, die aus Versehen ein 5 Milliarden Jahre altes Supervirus aufwecken, das danach mal mit den Völkern in der Singularität des \u0026ldquo;High Beyond\u0026rdquo; mal ein wenig aufräumt. Jene Leute, die an der Misere eigentlich schuld sind, kommen mit mehr Glück als Verstand davon und crashen ihr Schiff auf der Tineworld, wo sie in die Intrigen der mittelalterlichen Zivilisation von Ultraschallhunden geraten - die \u0026ldquo;Tines\u0026rdquo; sind hundeartige Wesen von sehr mäßigem Verstand, die ihre Gehirne jedoch in Gruppen von 4-8 Wesen auf kurze Distanz zusammenschalten können und dann eine Menschen vergleichbare Intelligenz erreichen.\n\u0026gt;Children of the Sky nimmt den Handlungsfaden nach dem Ende von A Fire Upon The Deep wieder auf, und versucht die Themen aus dem ersten Buch wieder aufzunehmen: Wie wirkt sich die Ankunft der Menschen auf der Tineworld auf die Machtstrukturen dort aus? Wie geht eine Gesellschaft, deren handelnde Persönlichkeiten aus einer variablen Menge von Mitgliedern zusammengesetzt sind, mit Verantwortung, Schuld und Sühne um? Was passiert, wenn man das 8-Einheiten Limit für eine Tine-Person um ein Vielfaches überschreitet? Und was ist eigentlich mit dem Supervirus los?\nLeider beschäftigt sich das Buch zu viel mit Tourism, also dem Erkunden der Tineworld, und zu wenig mit Characteren und Handlung. Es leidet unter anderem an lachhaften Bösewichten, und vor allen Dingen an einem fehlenden Ende - Aufgabe dieses Buches ist es so offensichtlich, den Plot von vor 20 Jahren wieder zu starten, daß man es am Besten erst dann lesen sollte, wenn es denn endlich die Fortsetzung gibt, die es dringend braucht, damit der ganze Aufwand überhaupt zu was nutze ist. Nach Rainbows End ist dieser Roman hier der zweite, bei dem Vinge diesen Stunt abzieht. Er sollte sich was schämen, denn die ersten beiden Bücher der Reihe sind brilliant.\n","date":"2012-08-28T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/28/fertig-gelesen-children-of-the-sky.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: Children of the Sky"},{"categories":null,"content":"(Diesen Artikel gibt es auch in englischer Sprache .)\nSo. Du willst also wissen, was genau die Leistungsgrenzen Deines Systems sind. Und dazu möchtest Du einen Lasttest fahren, um Ergebnisse zu ermitteln.\nDie Grundidee Deines Plans sieht so aus:\nDu nimmt Deine Kiste und findest eine Methode, um Last zu generieren. Dann wirst Du schon merken, wie weit das geht und wann die Kiste ausgelastet ist.\nDer erste Fehler: Den Lastgenerator auf der zu testenden Kiste laufen lassen. Das geht nicht. Unser Ziel ist es ja, die Kiste bis an ihre Lastgrenze zu bringen. Genau genommen wollen wir sie sogar darüber hinaus drücken, und das geht nur genau dann, wenn wir mehr Last erzeugen können, als die zu testende Kiste abarbeiten kann.\nTeilen sich der Lastgenerator und die zu testende Anwendung irgendwelche kritischen Ressourcen, gelingt das nicht: Die Ressource, etwa CPU, wird knapp und verlangsamt nicht nur die zu testende Anwendung, sondern auch den Lastgenerator, bis sich das System an einem unbekannten Punkt unterhalb der Überlast einschwingt. Auf diese Weise werden wir niemals lernen, welche Farbe der Rauch hat, wenn es zu Explosion kommt, d.h. wie genau das Systemverhalten an der Lastgrenze aussieht.\nWir trennen also die Lastquelle und das zu testende System.\nDer zweite Fehler: Das getestete System oder die Last sind nicht nahe genug an der realen Last. Typische Fehler sind: Eine zu testende Datenbank hat weniger RAM als das Produktivsystem, es wird mit einem kleineren Datenbestand getestet als das Produktivsystem hat, oder die Formulierung der Queries oder die relative Verteilung der Anfragen auf den Daten ist nicht identisch mit den Verhältnissen im Produktivsystem.\nIn allen diesen Fällen wird man von einem Lasttest etwas lernen, aber es wird nicht unbedingt sinnvoll auf das Produktivsystem übertragbar sein.\nEin klassisches Beispiel ist etwa der der c\u0026rsquo;t von Mitte/Ende 2005 gewesen (Die Auflösung ist leider kostenpflichtig . In diesem Benchmark wird die Datenbankstruktur eines CD-Verleih/Verkaufs simuliert, jedoch werden in der Lastgenerierung des Benchmarks alle Titel gleichverteilt nachgefragt. Es gibt also keine Bestseller und keine Lastkurve mit der Form eines \u0026rsquo;long tail\u0026rsquo;, wie sie in einem echten Ladengeschäft aufträte. Daher ist es für den Gewinn des Benchmarks wichtig, alle Caches zu deaktivieren, während das Vorhandensein dieser Caches für den Betrieb mit echter Last essentiell gewesen wäre.\nJe näher man mit seiner Lastgenerierung, dem Testsystem und dem Testbestand an das Echtsystem herankommt, um so besser ist sichergestellt, daß man Ergebnisse erzielt, die in der realen Welt auch Bestand haben.\nAm Besten wäre also, man testete auf dem Produktivsystem und mit echten Usern. Damit man das aber sicher tun kann, muß man erst einmal wissen, was genau man hier tut.\nWenn wir in ein System Last einwerfen, dann geht die Last im Mittel nach oben, aber sie ist nicht konstant, sondern schwankt je nachdem, welche Aktivitäten im System wir gerade aufrufen oder wie der Mix an gerade im System beantworteten Anfragen biased ist: Nicht alle Operationen in unserem System sind gleich teuer.\nWir fahren das System also nicht an die Lastgrenze, sondern wir schieben eine fluktuiierende und oszillierende Systemlast immer weiter nach oben, bis ihre Spitzen weiter und weiter über die \u0026lsquo;100%\u0026rsquo;-Marke hinausreichen. Das sieht so aus:\nWann immer das System über die 100%-Marke gepusht wird, baut es ein Backlog auf: Es bekommt mehr Last hereingedrückt als es abarbeiten kann und Anfragen beginnen, sich auf der Eingangsseite zu stapeln. Indem wir eine variable Load immer weiter erhöhen, befindet sich das System in immer längeren Phasen des Backlog-Aufbaus und in immer kürzeren Phasen, in denen es Backlog abarbeiten kann. Da die Last aber je nach Art der Generierung zufällig schwankt, ist es sehr schwierig, die Überlastung des Systems kontrolliert durchzuführen, wenn die Kosten für einen einzelnen Request sehr variabel sind.\nDas ist einer der Gründe, warum man sich bei der Optimierung von Systemen nicht so sehr um die Verbesserung der guten oder auch nur der durchschnittlichen Fälle kümmert. Stattdessen wird man sich zunächst einmal um die Outlier und schlimmsten Fällen kümmern müssen. Das ist auch, warum gute Systemarchitekten sich im Grunde nur für die Worst-Case-Performance eines Systems oder eines Changes interessieren (siehe The Importance of FAIL , oder jede 2. Diskussion auf der Linux Kernel Mailingliste).\nEs geht zunächst einmal also darum, die Variabilität in der Antwort des Systems zu verkleinern, bevor man daran gehen kann, sein Verhalten als Ganzes zu verbessern.\nWas genau geschieht wird noch besser deutlich, wenn wir die Graphen von dort oben nicht als Last-über-Zeit zeichnen, sondern einmal als \u0026lsquo;Last, die wir ins System drücken\u0026rsquo; (offered load) gegen \u0026lsquo;Durchsatz\u0026rsquo; (reponses), und zugleich auch als \u0026lsquo;Last, die wir ins System drücken\u0026rsquo; (offered load) gegen \u0026lsquo;Antwortzeit\u0026rsquo; (latency).\nWenn wir ein System unter Last hoch fahren, dann wird für jeden Request, den wir in das System schicken, eine Antwort generiert. Die Kurve zwischen offered load und response geht also als 45-Grad Gerade nach oben, bis wir den Sättigungspunkt erreichen. Dort wird sie dann bei einem ideal konfigurierten System als horizontale Gerade weiter laufen: Wir drücken zwar mehr Load in das System hinein, bekommen aber nicht mehr Antworten heraus, weil das System nicht schneller kann.\nDie Frage ist: Was passiert mit diesen zusätzlichen Anfragen. Die Antwort gibt der zweite Graph. Wir drücken Anfragen in das System hinein, und diese haben eine bestimmte Basis-Bearbeitungszeit - die think time. Die think time geht unter Last nicht viel nach oben, wenn unser System gut konstruiert ist. Sobald wir jedoch den Sättigungspunkt erreichen, stapeln sich die Anfragen in der Eingangswarteschlange unseres Systems, da das System nicht ausreichend Kapazität bereitstellen kann, um die Masse der Requests zu beantworten. Auf die think time müssen wir noch Wartezeit - wait time - oben drauf rechnen. Und da wir laufend und dauerhaft mehr Last in das System schicken als es abarbeiten kann, explodiert diese Warteschlange und damit auch die Menge an wait time, die ein Request auf sich nehmen muß.\nDas ist keine Theorie, sondern real einsetzbar: Man kann kontrolliert realistische Lasttests an Produktivsystemen durchführen, wenn einige Voraussetzungen gegeben sind.\nVorraussetzung ist eine Mindestgröße des zu testenden Systems, sodaß eine stabile externe Last anliegt. Will sagen, man muß zunächst einmal ausreichend User haben, damit man das System überhaupt unter Last setzen kann und bei denen die durch einen einzigen User generierte Last nicht nennenswert ins Gewicht fällt. In solchen Fällen hat man dann auch ein Frontend mit mehr als einem Webserver und einem Load Balancer vorne dran.\nDer Lasttest muß zu einer Zeit mittlerer Last stattfinden: In der ruhigsten Phase des Tages ist die verfügbare Gesamtlast oft nicht ausreichend, um Überlast zu erzeugen und in der heißesten Phase des Tages will man wahrscheinlich nicht testen. Wo ich arbeite ist die Lastkurve so, daß vormittags eine gute Zeit zum Testen ist. Außerhalb der Haupt- und Nebensaison ist es so, daß wir unter Umständen Kapazität ganz abschalten müssen, um ausreichend Gesamtlast zu haben, die wir konzentrieren können, um Überlast zu haben.\nDer Lasttest beginnt nun damit, daß wir die Base Load der zu testenden Systeme aufnehmen und daß wir einen Apache Siege in das System legen, um Base Latency zu messen: Dies ist die think time eines nicht überlasteten Systems.\nJetzt kann man am Load Balancer spielen und die Gewichte des zu testenden Systems (eine einzelne Frontend-Maschine oder eine Clusterzelle) langsam hochdrehen, um mehr Last zu erzeugen. Sobald entweder Fehler im Error Log auftauchen oder die Latenz des Siege steil nach oben geht, hat man Sättigung erreicht. Jetzt muß man die Last leicht unter dem Sättigungspunkt stabilisieren und halten (wir drehen das Gewicht am LB gerade so weit runter, daß auch die Spitzen unserer Last aus dem Überlastbereich heraus gehalten werden) und kann dann in sehr, sehr kleinen Schritten das System gezielt überlasten.\nAuf dem getesteten System kann das dann so aussehen:\nMan erkennt deutlich drei Testdurchläufe mit unterschiedlichen Konfigurationen, und eine fiese Lastspitze eines Cronscriptes, die da im 3. Lasttest plötzlich reinspiked und auf den Monitoren der Überwacher die Alarme kurz aufblitzen läßt - ein typischer Outlier, der behandlungsbedürftig ist.\nMan sieht auch, daß der 2. Lasttest längere Zeit sehr vorsichtig gefahren ist, jedenfalls aus der Sicht der Datenbank. Das Ergebnis war am Ende, daß die Limitierung dieses Mal nicht in der Datenbank, sondern in der CPU der Frontend-Systeme liegt.\nDie Messungen der Last kann man dann noch als offered-load vs. latency aufzeichnen, und bekommt dann Graphen, die so aussehen können:\nDer Graph zeigt den Vergleich zweier unterschiedlicher Konfigurationen und man erkennt, daß die Ergebnisse in der realen Welt ziemlich genau so aussehen wie oben in der Theorie diskutiert. Eine Variante dieses Graphen macht die einzelnen Symbole um so größer, je mehr Fehler an diesem Meßpunkt aufgetreten sind. Auf diese Weise ist dann auch die Art und Weise des Systemversagens und der Punkt der letzten Stabilität gut erkennbar.\nNachtrag: Alexander Aulbach fragte in der Diskussion zum Artikel oben:\nEs wäre mal interessant zu schauen, welchem physikalischen Modell das am ehesten gehorcht.\nGuckst Du hier:\nRaj Jain, The Art of Computer Systems Performance Analysis: Techniques for Experimental Design, Measurement, Simulation, and Modeling , Wiley and Sons, 1992 Neil J Gunter, Analyzing Computer System Performance with Perl::PDQ , (Springer, Kindle Edition) Neil J Gunter, Capacity Planning: A Tactical Approach to Planning for Highly Scalable Applications and Services (Springer, 2006) Viele der Modellierungsansätze werden aber durch Testing in Production und das beschriebene Lasttestverfahren obsolet. Die Modellierung kann dennoch sinnvoll sein, um obskure Bottlenecks oder absolute Kapazitätsgrenzen besser sichtbar zu machen. In meiner Praxis habe ich sie bisher jedoch nie gebraucht, außer um Offensichtliches aus der Messung im Modell zu bestätigen.\n","date":"2012-08-28T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/28/load-load-testing-und-benchmarks.html","tags":["database","mysql","performance","testing","lang_de"],"title":"Load, Load Testing und Benchmarks"},{"categories":null,"content":"Der Bierzauberer , Günther Thömmes, EUR 9.99\n\u0026ldquo;Der Bierzauberer\u0026rdquo; kam bei einem Bücher-Adventskalender im deutschen Kindle Post als Kostenlos-Buch vorbei, also habe ich es mir erklickt und gelesen. Es ist ein historischer Roman über Niklas von Hahnfurt, einen Bierbrauer im 13. Jahrhundert und es erzählt die Geschichte und den Stand der Bierbrauerei in Deutschland, vor dem Reinheitsgebot und zum Teil vor dem Hopfen.\nNiklas kommt aus dem fränkischen, und gelangt über das Kloster Weihenstephan und das Kloster St. Gallen, über Regensburg und Bitburg bis schließlich nach Köln, wo er eine weltliche Bierbraustube eröffnet. In St. Gallen macht er sich einen Feind für das Leben, den Dominikanermönch Bernhard, der ihm als Inquisitor der Kirche nachstellt und ihn immer wieder zwingt, das Leben, das er sich aufgebaut hat zu verlassen und weiter zu wandern.\nGünther Thömmes ist Bierbrauer und Autor, und wenn er nicht über die Geschichte des Bieres schreibt, dann schreibt er Kriminalfälle, die mit Bier und Bierbrauen zu tun haben. Das Buch ist auch eine gute Ergänzung zu [http://cre.fm/cre194](CRE 194: Bier) mit Andreas Bogk und der Maus, äh, mit Tim.\n","date":"2012-08-27T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/27/fertig-gelesen-der-bierzauberer.html","tags":["book","review","media","lang_de"],"title":"Fertig gelesen: Der Bierzauberer"},{"categories":null,"content":"Blackout , Marc Elsberg, EUR 15.99\nUnd weil wir gestern gerade \u0026ldquo;Eine Billion Dollar\u0026rdquo; von Andreas Eschbach hatten: Ebendieser hat auf Google plus \u0026ldquo;Blackout\u0026rdquo; empfohlen, also habe ich mir das einmal angesehen.\nDer Hintergrund ist systematisch dem Vorgehen von Eschbach bei \u0026ldquo;Eine Billion Dollar\u0026rdquo; ähnlich, nur daß es diesmal um Strom, Stromnetzwerke und Smartmeter geht: In Europa kommt es nach dem Ausfall in Teilen des Kontinents zu einer Kettenreaktion und einem kontinentalen Blackout. Das Wiederanfahren des Stromnetzes will ebenfalls nicht gelingen, und langsam wird klar, daß es sich bei dem ganzen Vorfall um einen terroristischen Sabotageakt handelt. Diese Information jedoch zu den passenden Stellen weiter zu kommunizieren und die entsprechenden Maßnahmen umzusetzen erweist sich so ganz ohne Strom als mühsam. Unterdessen versinkt die Zivilisation in dem Tage andauernden Stromausfall erstaunlich schnell, und es wird klar, wie sehr unser Umfeld auf das Vorhandensein eines leistungsfähigen und ständig verfügbaren Energieverteilungssystems angewiesen ist.\nAuch Elsberg hat recherchiert und das Ergebnis seiner Recherche ist ein Katastrophenroman geworden. Elsberg haut mit seiner Geschichte in eine meiner Lieblingskerben: Das Problem bei Smartmetern ist eben nicht die mögliche Verletzung der Privatspähre, sondern deren Sicherheit . Diese Geräte sind die Eingangs-Sensoren für die Steuerung einer kontinentalen integrierten Kraftmaschine. Wenn es gelingt diese zu übernehmen und zu blenden, ist es sehr leicht, die gesamte Maschine effektiv zu blockieren, mit den von Elsberg sehr realistisch geschilderten Folgen.\n","date":"2012-08-26T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/26/fertig-gelesen-blackout.html","tags":["book","review","media","lang_de"],"title":"Fertig gelesen: Blackout"},{"categories":null,"content":"Exponentialdrift , Andreas Eschbach, EUR 3.99\n\u0026ldquo;Exponentialdrift\u0026rdquo; ist ein literarisches Experiment: Die Geschichte ist ursprünglich als Fortsetzungsroman in wöchentlichen Episoden in der FAZ erschienen und lief dort in etwa ein Jahr lang. Der Erzählstil ist von den extremen Platzbeschränkungen der Zeitung und von den Verflechtungen der Geschichte mit tagesaktuellen zeitgenössischen Ereignissen geprägt. Als Buch ist die Geschichte aus ihrem Entstehungskontext gerissen und wirkt sehr viel anders als im Original, nehme ich an.\nDem eigentlichen Text ist ein Werkstattbericht des Autors nachgestellt, der etwa ein Drittel des Gesamtwerks ausmacht. Wenn man sich für das Schreiben (oder besseres Lesen) interessiert, ist es dieser Teil, der den eigentlichen Wert des Buches ausmacht und der Geschichte im Vorderteil ihren Kontext und ihren Wert zurückgibt - dann ist es sogar faszinierend zu lesen, aber es wird auch klar, daß die Form des Fortsetzungsromans als Erzählform nicht zu unrecht ausgestorben ist.\nDie Geschichte: Auf einer Pflegestation erwacht ein Wachkomapatient, und während er langsam in seine Identität und sein altes Leben zurück findet, wird ihm klar, daß er inzwischen der Agent einer außerirdischen Macht ist, und noch dazu einer Macht, die interne Querelen verstrickt ist, die das Schicksal aller Menschen beeinflussen können.\nEine Billion Dollar . Andreas Eschbach, EUR 4.99\nGeld, Kapital, Zinseszins und exponentielles Wachstum sind das Thema von \u0026ldquo;Eine Billion Dollar\u0026rdquo;. Die Prämisse: Der arme New Yorker Schustersohn John Fontanelli erbt eine Million Millionen Dollar, die ein Vorfahre von ihm vor 500 Jahren angelegt hatte. Fontanelli erbt auch den Auftrag, mit diesem Vermögen Gutes zu tun. Der Leser folgt ihm, während Fontanelli dieses Problem zu lösen versucht und lernt mit Geld umzugehen und zu verstehen, was Geld bewirkt und was er mit Geld bewirken kann.\n\u0026ldquo;Eine Billion Dollar\u0026rdquo; ist eigentlich ein Lehrbuch über Kapital und wie Geld in der Welt funktioniert - Eschbach hat zu diesem Thema viel recherchiert und gießt seine Erkenntnisse in einen unterhaltsamen Roman statt noch ein Lehrbuch zum Thema zu schreiben - lupenreines und recht gelungenes Infotainment, das gerade im Zeitalter der Immobilienblasen und Schuldenkrisen noch einmal an Aktualität gewinnt.\n","date":"2012-08-25T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/25/fertig-gelesen-exponentialdrift-eine-billion-dollar.html","tags":["book","review","media","lang_de"],"title":"Fertig gelesen: Exponentialdrift, Eine Billion Dollar"},{"categories":null,"content":"Anomaly , Peter Cawdron, USD 2.99\nNew York, Mittags, an einem heißen Sommertag, in der Nähe des UN Gebäudes: Die Welt gerät aus den Fugen - wörtlich. Eine Kugelsektion von ca. 130 Metern Durchmesser, Bürgersteig , Fahnenmasten, Luft und alles andere, wird quasi aus der Erde herausgeschnitten und macht die Erddrehung nicht mehr mit.\nAußerirdisches Leben ist auf der Erde gelandet und ist so fremdartig und der Menschheit so weit voraus, daß die Menschen die Kontaktaufnahme beinahe nicht als Kommunikationsversuch erkennen. Als sie es endlich tun, kommt es zum Konflikt untereinander - Religionen geraten in die Krise, Ängste bestimmen die Reaktion, die Situation eskaliert. Dem Fremden bleibt am Ende nur, den Kontakt abzubrechen. Jedenfalls offiziell.\nEine interessant konstruierte Story. Der Autor hat sich die Aufgabe gesetzt, eine Kontaktaufnahme mit etwas wirklich Fremden zu schildern und wollte eine Heldenfigur, die Konflikte ohne den Einsatz von Gewalt löst. Das ist gelungen, aber das Lektorat muß über das Resultat noch mal mit der Drahtbürste rüber. $2.99 und das Geld ist es allemal wert.\n","date":"2012-08-24T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/24/fertig-gelesen-anomaly.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: Anomaly"},{"categories":null,"content":"In The problem with eBooks schreibt Diego Elio Pettenò über einen Aufenthalt in Los Angeles:\nI wouldn’t mind meeting people around here, and with people I don’t necessarily mean girls, to be clear. I would just prefer not to feel so … isolated in the crowd as I feel now. I guess being a geek in the surfer’s paradise is not that great a situation. But what has this to do with eBooks? Well, one thing that seemed to help for me the few weeks I spent in university was greeting people who were going around with books that I read before (and the other way around), but it’s hard to do so when you move around with an Amazon Kindle, as it shows no book cover!\nDiego überlegt, ob es nicht vielleicht hilfreich sein könnte, einen zweiten, äußeren Screen auf dem eBook-Reader zu haben, der das Cover des gerade gelesenen Buches zeigt, um Kultur und Kulturkonsum entdeckbar zu machen.\nJohnny Haeusler hat in seinem Essay Unsichtbare Kultur schon einmal etwas ähnliches dargestellt:\nMir fiel auf, dass es für meine Kinder in unserem Haushalt beinahe unmöglich war, zufällig auf tagesaktuelle Information oder Unterhaltung zu stoßen, da diese größtenteils auf den digitalen Gerätschaften der Eltern stattfand. Das zufällige Blättern in einer herumliegenden Zeitung, das gemeinsame Sehen (und darüber Reden) von TV-Nachrichten passierte ebenso selten wie das Stöbern im berüchtigten Plattenschrank und das damit verbundene zufällige Finden von Musik außerhalb des eigenen Kulturkreises namens Schulhof. Während die Eltern den ganzen Tag im Online-Ozean badeten, saßen die Kinder auf dem trockenen Offline-Sand.\nWas auch fehlt, ist eine Familien-Timeline, eine Möglichkeit, alle Online-Aktivitäten des Tages aufzuzeichnen und dann mit der Familie gemeinsam bequem zu teilen. Die Technik dafür ist teilweise schon da , nur will das einerseits niemand wirklich in die Cloud schießen und andererseits gibt es auch keine Anwendungen, die das nutzen.\nDas Problem ist nur: Papier will auch keiner mehr. Oder Fernsehen.\nWas können wir tun?\n","date":"2012-08-23T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/23/discoverable-culture-das-buch-als-konversationsst-ck.html","tags":["kultur","media","privacy","lang_de"],"title":"Discoverable culture: Das Buch als Konversationsstück"},{"categories":null,"content":"A Confusion of Princes , Garth Nix, USD 9.99\nKhemri ist ein Prinz eines intergalaktischen Imperiums, eine Ansammlung von Welten, die durch Technologie, Biotech und Psionik zusammengehalten und von einem Geist in der Maschine, dem Imperator, regiert wird. Khemri wird nun bald volljährig und weiß auf Grund seiner Ausbildung, daß er bald romantische und heroische Abenteuer erleben wird, bevor er die Welt rettet und selber Imperator wird.\nEs stellt sich raus, daß die Realität komplizierter ist. Zum Beispiel gibt es zehn Millionen Prinzen, und es kann nur einen Imperator geben. Schon Sekunden nach seiner Volljährigkeit muß Khemri sich also gegen Attentäter wehren und verzweifelt versuchen, am Leben zu bleiben. Auf der Suche nach Sicherheit und als Spielball von intrigierenden Mächten in einem verdammt großen und feindseligen Universum muß er sich mit einer Realität auseinandersetzen, die viel komplizierter und härter ist als seine Ausbildung ihn ahnen ließ.\n\u0026ldquo;A confusion of princes\u0026rdquo; ist ein Jugendbuch und Bildungsroman, und eine wunderbare Space Opera, die alles hat, was man von dem Genre erwarten würde. Entsprechend dem Genre \u0026ldquo;Space Opera\u0026rdquo; ist das Universum schillernd und überlebensgroß, und es gibt viel Fi und wenig Sci. Nach dem How to live safely in a science fictional universe war das genau die richtige Erholung.\n","date":"2012-08-23T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/23/fertig-gelesen-a-confusion-of-princes.html","tags":["lang_de","book","review","media"],"title":"Fertig gelesen: A confusion of princes"},{"categories":null,"content":"Damit Du Bescheid weißt , Klemens Tilmann, EUR 0.54 (antiquarisch, stark variabel)\n\u0026ldquo;Damit Du Bescheid weißt\u0026rdquo; ist eine Aufklärungsfibel von einem katholischen Geistlichen für heranwachsende Mädchen aus den frühen fünfziger Jahren. Ein Freund von mir hatte es vor vielen Jahren zu einer Silvesterparty dabei, und wir haben uns den Abend vertrieben, indem wir reihum daraus vorgelesen haben. Gute Unterhaltung.\nAus einer Laune heraus habe ich das Buch auf Amazon gesucht, bestellt und einmal komplett durchgelesen. Es ist seltsam veraltet und zugleich zeitlos, lächerlich und anrührend, kraß chauvinistisch und einfühlsam - eine ganz eigene Erfahrung aus einer komplett anderen Zeit, die vor allen Dingen demonstriert, wie sehr sich unsere Gesellschaft und ihre Werte in den vergangenen 60 Jahren verändert haben.\nDas Buch zu lesen ist sehr hilfreich, wenn man verstehen möchte, welche Geisteshaltungen aufeinander prallen, wenn etwa die Piratenpartei und Kern-CSU in irgendeinem Parlament über Familien- oder Drogenpolitik miteinander diskutieren.\nDas Werk ist antiquarisch und wahrscheinlich kaum zu beschaffen. Ein klarer Fall für ein Rainbows End (*), wenn das legal wäre: Dem Buch den Rücken aufschneiden, es scannen und OCRen, und dann mobifizieren, das wäre es. Vielleicht sollte das jemand einfach mal machen.\n(*) from a review :\nThe UCSD Library conflict actually grows directly out of the other aspect of the book of interest to e-book fans: the digitization of the contents of the library. In the timeframe of the book (sometime in the 2020s, apparently), physical books’ intrinsic value has declined to the point where the books themselves are considered much less valuable than their contents.\nSo, to get at the contents, a company is destroying the books themselves—feeding them through a shredder then blowing the shreds through a tunnel lined with high-resolution cameras. The cameras capture images of the shreds, then batteries of computers stitch them together into reconstructions of the pages, like jigsaw puzzles. The idea is to gather and collate all the world’s knowledge, to unlock synergies that had been prevented by it all being so inaccessible before.\n","date":"2012-08-23T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/23/fertig-gelesen-damit-du-bescheid-wei-t.html","tags":["book","review","media","politik","religion","lang_de"],"title":"Fertig gelesen: Damit Du Bescheid weißt"},{"categories":null,"content":"How to live safely in a science-fictional universe , Charles Yu, inzwischen USD 11.99, dafür aber mit Bonusmaterial das keiner will in der Kindel-Edition - vermutlich weil jemand versucht hat, dem Autor einen Preis zu verleihen\nHier ist die Selbstbeschreibung von \u0026ldquo;Sicher leben in einem Science-Fiction Universum\u0026rdquo;:\nMinor Universe 31 ist ein großer Geschichtenraum am Rande der Fiktion, wo Paradoxien fluktuieren wie der Aktienmarkt, einsame Sexbots gescheiterte Protagonisten locken und Zeitreisen ein echtes Geschäft sind. Jeden Tag steigen Leute in Zeitmaschinen und versuchen die eine Sache zu tun, die sie nicht tun sollten: Sie versuchen die Vergangenheit zu ändern. Das ist, wo Charles Yu, Zeitreisetechniker, ins Spiel kommt. Zusammen mit TAMMY, einem Betriebssystem mit einem Selbstwertproblem und Ed, seinem nichtexistenten, aber nichtsdestotrotz wirklichen Hund, schützt er Leute vor sich selbst - im Wortsinn. Wenn er grad nicht arbeitet, besucht er seine Mutter (die in einer einstündigen Zeitschleife steckt und endlos Abendessen vorbereitet) oder sucht nach seinem Vater, der die Zeitmaschine erfand und ihn ihr verschwand.\nWas nach einer großartigen Prämisse und viel Spaß klingt, wird von den überliterarischen Ambitionen des Autors spaßfrei zu einer \u0026ldquo;Ich verarbeite die Beziehung zu meinem Vater in einer fiktiven Autobiographie\u0026rdquo; verwurstet. Schade, denn das Konzept hätte dasselbe auch auf eine Weise leisten können, der man den Uni-Schreibkurs \u0026ldquo;Ich mach jetzt Hochliteratur, aber mit Gewalt\u0026rdquo; nicht so anmerkt. Das war anstrengend.\n","date":"2012-08-22T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/22/fertig-gelesen-how-to-live-safely-in-a-science-fictional-universe.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: How to live safely in a science fictional universe"},{"categories":null,"content":"Wir generieren eine neue Art von Materialized View mit dem bekannten Generator-Setup:\nDas neue Setup unterscheidet sich in der Logik von denen, die wir bisher verwendet haben, und so kommt es beim Testlauf zu einem ungewöhnlichen und unerwarteten Ereignis:\nUm 14:30: Ein Gigabit-Netzwerk mit 125 MB/sec ausgelastet.\nBei einem Probelauf gehen die Alarme los, weil der Gigabit-Netzwerkstrang zur Datenbank mit 125 MB/sec (Ein Gigabit/sec) vollständig ausgelastet ist. Wie man sehen kann, ist die Datenbank zu diesem Zeitpunkt nicht besonders beschäftigt:\nUm 14:30: Keine auffällig hohe Anzahl von Queries/s.\nAuch auf dem Binlog ist nichts besonderes zu sehen:\nKeinerlei Ausschläge bei der Binlog-Größe - Replikation ist ja sonst immer wieder gerne genommen, um ein Netzwerksegment vollständig zu füllen.\nUnd auch der lokale Change auf der Datenbank hält sich in extrem überschaubaren Grenzen:\nMaximal 400 MB aktives Redo-Log auf einer Maschine mit 50GB oder 100GB Buffer Pool sind verschwindend gering.\nWie man sehen kann, ist das Redo-Log der Datenbank zum Zeitpunkt des Vorfalls weit unter 400 MB groß. Auf einer Datenbank mit einem Buffer Pool von 50-100 GB bedeutet das einen verschwindend geringen Anteil von noch nicht zurückgeschriebenen Änderungen.\nAuch die CPU der Maschine ist unauffällig - ein Multicore-Server mit einer Auslastung um die 100% (ein Core Busy) ist extrem entspannt.\nMulticore-Server mit einer CPU-Auslastung in der Gegend von einem Core.\nWas zum Teufel geht hier vor?\nDas wird schnell deutlich, denn man ein paar Dinge prüft, die mit dem Test zu tun haben. Die relevante Tabelle sieht so aus:\nmysql\u0026gt; show table status like \u0026#39;...\u0026#39;\\G Name: ... Engine: InnoDB ... Avg_row_length: 77539 ... 1 row in set (0.00 sec) mysql\u0026gt; show create table ...\\G Table: ... Create Table: CREATE TABLE `...` ( `id` mediumint(8) unsigned NOT NULL, `body` mediumblob NOT NULL, `digest` binary(20) NOT NULL, `last_change` int(10) unsigned NOT NULL, `last_check` int(10) unsigned NOT NULL, PRIMARY KEY (`id`), KEY `last_check` (`last_check`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 1 row in set (0.00 sec) Wir haben hier also ein System, bei dem Daten materialisiert und als Blob mit dem Namen \u0026lsquo;body\u0026rsquo; in der Tabelle gespeichert werden. Ist der Blob schon vorhanden und auf Stand, muß der Blob selber nicht geändert werden, aber es wird das Feld \u0026rsquo;last_check\u0026rsquo; aktualisiert.\nAußerdem ist Row Based Replication konfiguriert:\nmysql\u0026gt; show global variables like \u0026#39;binlog_format\u0026#39;\\G Variable_name: binlog_format Value: ROW 1 row in set (0.00 sec) Nun verhält es sich aber mit RBR folgemdermaßen :\nIn MySQL row-based replication, each row change event contains two images, a “before” image whose columns are matched against when searching for the row to be updated, and an “after” image containing the changes. Normally, MySQL logs full rows (that is, all columns) for both the before and after images.\nWir haben also eine Average Row Length von 77539 Bytes, und wir loggen für jede Änderung die komplette Row zweimal: einmal in der alten und einmal in der neuen Version. Wir schreiben also im Schnitt 140 KB, wenn ein last_changed Feld von 4 Bytes geändert wird.\nAußerdem ist:\nmysql\u0026gt; select count(command) as c from processlist where command = \u0026#39;binlog dump\u0026#39;; +----------+ | c | +----------+ | 45 | +----------+ 1 row in set (0.00 sec) Wir drücken diese 140 KB pro Change also an 45 unabhängige Slaves raus (das ist hier hauptsächlich der Tatsache geschuldet, daß das Zielsystem eigentlich eine leicht andere Aufgabe hat und für diese Tests, die eigentlich keinen meßbaren Impact hätten haben sollen, zweckentfremdet wurde).\nDas Problem ist in MySQL 5.6 gelöst, wo man mit der neu eingeführten Variable binlog-row-image und den Modi \u0026rsquo;noblob\u0026rsquo; und \u0026lsquo;minimal\u0026rsquo; auf die Übertragung der ungeänderten Blobs verzichten kann.\nIn MySQL 5.5 löst man das Problem mit einer künstlichen 1:1- oder 1:0-Relation, die die Blobs in einer gesonderten Tabelle speichert und so isoliert.\nIn normalen Umständen, also ohne Blob oder Text-Typen, sind RBR-Logfiles zwischen 50% und 66% kleiner als SBR (Statement Based Replication)-Logfiles. Nur bei extrem breiten Rows explodiert dies.\nMan beachte, daß der Master diese Last auf der linken Backe absitzt. Er zeigt tatsächlich auch nicht mal meßbar Disk-I/O, weil er seine Slaves aus dem File System Buffer Cache bedient.\n","date":"2012-08-22T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/22/mysql-vs-gigabit-network.html","tags":["debug","mysql","networking","performance","lang_de"],"title":"MySQL vs. Gigabit Network"},{"categories":null,"content":"The Epoch Index , Christian Cantrell, USD 0.99\nRanveer bringt Leute um, und er ist gut darin. Quinn Mitchell jagt Mörder, und sie ist so gut darin, daß sie es eigentlich von ihrem Schreibtisch aus tut: Sie ist Data Analyst für die CIA und sie findet ihre Ziele, indem sie Beziehungen und Querverbindungen zwischen Tatsachen, Menschen und Ereignissen herausfiltert und Muster erkennt.\nIn diesem Fall jedoch zeigen alle Querverbindungen auf ein Dokument, daß es nicht geben dürfte: Den Epoch Index - Daten, die das LHC aus der Zukunft aufgefangen hat. Jemand in der Zukunft möchte Menschen in der Gegenwart tot sehen… Mitchell findet den Feind, und es ist…\nAuch dies ist eine relativ kurze, aber gut erzählte Zeitreise-Paradox-Novelle, die einem einen regnerischen Nachmittag lang beschäftigen kann.\nIf at first… , Peter F. Hamilton, kostenlos\nDieselbe Logik finden wir noch einmal angewendet, diesmal bei Peter Hamilton: Jemand, Marcus Orthew, baut eine Zeitmaschine und sendet seinen erwachsenen Geist zurück in den Körper seiner Kindheit. Ein Polizist kommt ihm auf die Spur, und stellt Orthew genau in dem Moment, in dem dieser sich absendet. Natürlich wird auch der Polizist mitgrissen und landet in seinem elf Jahre alten Ich - und startet ein neues, ganz anderes Leben. Bis Orthew auf ihn aufmerksam wird\u0026hellip;\nNoch kürzer als \u0026ldquo;The Epoch Index\u0026rdquo;, selbes Thema/Twist.\n","date":"2012-08-21T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/21/fertig-gelesen-the-epoch-index-if-at-first.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: The Epoch Index und If at first..."},{"categories":null,"content":"\u0026ldquo;Hey, Kris! Wir haben zwischen 16:20 und 17:20 CEST einen Lasttest durchgeführt und kurz vor 17:00 Uhr einen unerklärlichen Spike und einen Leistungsabfall festgestellt. Kannst Du mal gucken?\u0026rdquo;\nKlar kann ich. Wo ich arbeite machen wir etwas, das wir Testing in Production nennen.\nFür Lasttests bedeutet das, daß wir einzelne Systeme im Loadbalancer so lange relativ höher gewichten bis sie Probleme bekommen und umfallen. Zur Kontrolle legen wir mit Apache Siege eine Reihe von Sensor-Requests in das zu testende System, nicht zur Lastgenerierung, sondern um zu sehen, wann die Latenz nach oben geht, also um Sättigung des zu testenden Systems zu bemerken bevor es Fehler zu generieren beginnt.\nWenn wir nahe an den Sättigungspunkt gelangen, erhöhen wir die Last in sehr winzigen Schritten, bis wir tatsächlich Systemversagen zu beobachten beginnen und können so nicht nur die Lastgrenze, sondern auch die Symptome beim Systemversterben genau und unter realistischen Bedingungen ermitteln. Das macht die Arbeit im Operations Team sehr viel einfacher.\nWenn ein System aber Probleme hat und dann bei statischer Load zurück kommt, liegt eine andere Situation vor. Es ist wichtig herauszufinden, was genau hier passiert.\nHier die Metriken:\nReplication Delay legt das Krisenfenster in die Zeit zwischen 16:53 (Delay Spike) und 17:00 (Recovery).\nZur selben Zeit auch ein Disk Read Spike. Read Spikes sind ungewöhnlich, weil das betreffende System so dimensioniert ist, daß es seinen Working Set praktisch vollständig im Hauptspeicher halten kann:\nDas fragliche System soll operativ für alle praktischen Zwecke gar nicht von der Platte lesen.\nWir können nun nach weiteren Quellen für ungewöhnliches Verhalten suchen: CPU und Connections gehen von 16:52 bis 17:00 hoch, aber es gibt keine Row Acces Spikes, keine Spikes bei Tmp-Tables-to-disk und auch keine Spikes bei Sortiervorgängen, insbesondere Merge Sorts.\nDer InnoDB Buffer Pool Graph hat am Ende den entscheidenden Hinweis:\n16:52 - InnoDB Buffer Pool verkleinert sich.\nUm 16:52 verkleinert sich der InnoDB Buffer Pool. Das tritt im Normalfall nur dann auf, wenn Speicherseiten im Pool freigegeben werden, und das wiederum kann nur dann geschehen, wenn eine Tabelle mit TRUNCATE TABLE zurückgesetzt oder mit DROP TABLE gelöscht wird.\nWir müssen also schauen, ob es in der Zeit von 16:50 bis 16:53 DDL-Statements gegeben haben, die Tabellen kürzen oder löschen. Auf allen unseren Systemen läuft zu diesem Zweck log_processlist das eine Reihe interessanter Dinge aus der Datenbank für post-mortem Analysen lokal aufzeichnet und für bis zu eine Woche vorhält.\nTatsächlich findet sich:\n# less 16_52.innodb.gz ... SQL: SELECT * FROM INFORMATION_SCHEMA.INNODB_TRX 910556099 RUNNING 2012-08-08 16:51:59 NULL NULL 0 2 TRUNCATE TABLE tmp_gethoteldescriptiontranslations truncating table 1 1 0 376 0 0 0 REPEATABLE READ 1 1 NULL 0 10000 ... Der Pileup entsteht durch eine Folge von DDL-Locks, die durch ein Wartungsscript erzeugt werden. Das Script lädt eine neue Tabelle in die Datenbank, tauscht die aktive Tabelle mit der neuen Tabelle aus und setzt die alte Tabelle dann zurück bevor es sie löscht.\nBackground Table Drop würde hier helfen, aber die fragliche Kiste ist wie ihre Geschwister noch 5.5.16 und nicht 5.5.23.\n","date":"2012-08-21T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/21/mysql-hakt.html","tags":["debug","mysql","performance","lang_de"],"title":"MySQL hakt..."},{"categories":null,"content":"Nymph: The Singularity , J.E. Lansing, USD 0.99\n\u0026ldquo;Nymph\u0026rdquo; hätte leicht ins Auge gehen können - Heinlein hat diese Sorte Geschichte verrissen, Stross ist so grad damit davon gekommen, Lansing kriegt es seltsamerweise hin: \u0026ldquo;Suzanne\u0026rdquo; ist ein Sexbot, gebaut für ihren Eigentümer Alex, und die Geschichte wird aus ihrer Sicht erzählt.\nSie lernt, was sie ist und wie sie entstanden ist: Eine genaue Kopie von Alex verstorbener Frau, und sein Versuch, ihren Tod ungeschehen zu machen. Natürlich kann Suzanne Alex ihre Vorgängerin nicht ersetzen oder perfekt simulieren, und so lehnt Alex sie ab, und Suzanne beginnt, die Grenzen ihrer initialen Programmierung zu transzendieren - und ihre abgeschlossene kleine Welt zu verlassen.\nDas schöne an dem US Kindle Markt ist, daß man dort Bücher zu geringen Preisen findet und es so nicht weh tut, wenn man einmal daneben haut. Also kann man auch einmal riskieren, ein Buch auszuprobieren, das gut bewertet wird, auch wenn einen Thema und Kontext eher abstoßen - es steht ja nicht viel auf dem Spiel. Und dann findet man manchmal Geschichten, die unerwarteterweise funktionieren, obwohl man weiß, daß das Thema für den Autor riskant ist und schnell schlechte Geschichten erzeugt. \u0026ldquo;Nymph\u0026rdquo; ist so eine Geschichte, die es schafft, eine interessante und nicht-ekelige Story zu erzählen, obwohl es eine Sexbot-Story ist. Und so was ist genau der Grund, warum ich meinen Account auf dem US Kindle Store liegen habe.\n","date":"2012-08-20T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/20/fertig-gelesen-nymph-the-singularity.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: Nymph - The Singularity"},{"categories":null,"content":"In Entwickler kritisieren Oracles Umgang mit MySQL berichtet Heise über die Entdeckung von Sergei, daß Oracle zu einigen Bugs keine Tests mehr ins Open Source Repository von MySQL stellt.\nDamit man die Vorgänge ein bischen besser versteht, muß man den Hintergrund ein wenig erläutern: Die meiste Open Source Software, die Datenbanken benutzt, verwendet MySQL als primäre Datenbanken. Der Support für Varianten von MySQL, PostgreSQL oder gar kommerzielle Datenbanken ist in der Regel schlecht bis nicht vorhanden. Das ist ein extrem starker Effekt: Das Drizzle -Projekt zum Beispiel hat die MySQL-Quellen radikal aufgeräumt und so eine sauberere und leichter weiter entwickelbare Version einer Datenbank produziert, die jedoch zu dem \u0026lsquo;Original\u0026rsquo; inkompatibel geworden ist. Drizzle wird von nahezu keinem Projekt sinnvoll unterstützt, und existierende MySQL-Software läuft nicht mehr gegen einen Drizzle-Server.\nDie anderen bestehenden Forks, Percona und MariaDB sind also peinlich genau darauf bedacht, die Kompatibilität zu bestehendem und sich weiter entwickelndem MySQL nicht auf eine Weise zu verändern, die die Ausführbarkeit von Anwendung in irgendeiner Weise gefährdet.\nPercona ist eine Firma, die Support- und Consultingdienstleistungen zu MySQL anbietet und eben auch den InnoDB-Teil von MySQL zu XtraDB forked, Monty Program AB und SkySQL sind Firmen, die den MariaDB Fork von MySQL entwickeln und mit Dienstleistungen versorgen. Aus der Sicht von Oracle sind dies kommerzielle Konkurrenten.\nOracle bekämpft diese aus ihrer Sicht kommerzielle Konkurrenz auf zwei Weisen:\nZum Einen durch die o.a. Schließung von Testfällen und einzelnen Bug Reports (auch das Handbuch von MySQL ist nicht von der GPL abgedeckt, unter der der Server Sourcecode selber veröffentlicht wird). Dadurch wird Percona und MariaDB das Gleichziehen mit und die Kompatibilität zu MySQL erschwert.\nZum anderen durch das extrem hohe Entwicklungstempo in Bezug auf MySQL: MySQL 5.5 war ein ausgezeichnetes und extrem stabiles Release, das in der Versionsgeschichte von MySQL Maßstäbe hinsichtlich Performance und Fehlerfreiheit gesetzt hat. MySQL 5.6 wird dies - das ist jetzt schon absehbar - weit übertreffen.\nSpekulationen, Oracle wolle MySQL aussterben oder aushungern kann man also getrost verwerfen: Das ist genau nicht das, was mit MySQL gerade passiert. Stattdessen ist MySQL seit Oracle schneller, besser und stabiler geworden und die Entwicklung des Hauptzweiges von MySQL ist auf eine Weise vorangekommen die vorher undenkbar gewesen wäre.\nOracle geht aber gerade sehr gezielt gegen aus ihrer Sicht kommerzielle Konkurrenten und Trittbrettfahrer vor und versucht diese auszuhungern. Mittel- und langfristig wird dies zu einer Spaltung von \u0026ldquo;Open Source MySQL\u0026rdquo; (MariaDB, Percona und Drizzle) und kommerziellem MySQL führen.\nOpen Source MySQL ist dafür in einer denkbar schlechten Position, da noch eine ganze Reihe von Abhängigkeiten zwischen Open Source MySQL und Oracle bestehen: Zum einen hat Open Source MySQL keine freie Dokumentation und keine freien Ausbildungsmaterialien - die Dokumentation zu MySQL steht im Gegensatz zum Quelltext nicht unter der GPL und gehört daher mit allen Rechten Oracle. Ebenso fehlt es an freien Ausbildungsmaterialien und Beispielen für korrekte \u0026ldquo;Anwendung\u0026rdquo; von MySQL in häufigen Problemstellungen, mit denen Entwickler und Administratoren an MySQL herangeführt werden können.\nZum anderen gibt es keine gemeinsame Roadmap von den Entwicklern der MySQL-Forks und von Nutzern von MySQL. Niemand weiß in Open Source MySQL, wo Anwender von MySQL Probleme sehen und Weiterentwicklung wünschen und niemand weiß, welche Richtung für die Weiterentwicklung die jeweiligen Forks für sich so vorsehen.\nSolange sich die Open Source MySQLer - und Open Source MySQL Anwender! - nicht zusammentun, und gemeinsam Marken, Standards und Dokumentation für \u0026ldquo;Open Source MySQL\u0026rdquo; entwickeln, wird Oracles Spaltungstrategie aufgehen. Abhilfe kann hier nur eine Fokussierung von Entwicklungsaufwänden und eine gemeinsame Behebung von Defiziten bringen - das Produkt und das Projekt sind inzwischen zu groß geworden um in mehreren weittstreitenden Projekten und unter dem Druck von Oracle mitzuhalten.\nDie Tatsache, daß weite Teile der MySQL-Anwendergemeinschaft noch immer einer MyISAM-Denkweise und dem Ausbildungsstand von 2005 verhaftet sind, hilft dabei kein Stück. Anleitungen und Tutorials zu MySQL erklären Transaktionen, korrekten Umgang mit Grenzfällen, InnoDB Performancetuning, Debugging von Performanceproblemen, die aus der Umstellung von MyISAM nach InnoDB entstehen und ähnliche Dinge so gut wie gar nicht, und in der Regel schon gar nicht korrekt. Der Abstand zwischen der MySQL-Entwicklung (in allen Geschmacksrichtungen) und dem Ausbildungsstand der Community gemessen an den Tutorials und typisch publiziertem Code ist größer den je. Es wird Zeit, den nächsten Schritt zu tun! Dazu fehlt es jedoch an Material.\nTL;DR: Die MySQL-Community ist selbst schuld und muß sich besser organisieren, Aufwände zusammenfassen und Defizite wie das fehlende freie Manual beheben. Der generelle Ausbildungsstand unter MySQL-Anwendern ist im Mittel und im Median katastrophal.\nPostscriptum: In den einschlägigen Diskussionen bei Heise, auf Slashdot und anderswo wird gerne auf Postgres und allen Ernstes auf SQLite als Alternative verwiesen. Dazu kann man folgendes sagen:\nWer Sqlite vorschlägt hat noch nicht einmal das Problem verstanden.\nPostgres ist in aktuellen Versionen wahrscheinlich in der Lage, von der Performance her mit MySQL mitzuhalten. Die Postgres-Community ist jedoch von der Denkweise und vom Entwicklungsansatz her nicht wirklich mit dem MySQL-Weltbild kompatibel:\nPostgres-Modellierer sehen die Datenbank in den meisten Fällen als Monolithen, der die Herrschaft über die Daten und ihre Integrität hat und die Regel für den Zugriff auf diese Daten auch in einer defekten oder feindlichen Umgebung garantiert. MySQL-Modellierer sehen die Datenbank und ihre Nutzer als System, das kooperativ den Umgang mit den Daten reguliert. Nach dem Yegge-Modell ist Postgres also Software-Konservativ, MySQL Software-Liberal.\nDie MySQL-Gemeinschaft entwickelt Eigenschaften der Datenbank in der Regel iterativ: \u0026ldquo;Wir wissen, daß das kaputt ist, releasen das Feature aber schon mal, damit ihr damit Erfahrungen sammeln könnt und uns dann Hinweise darauf geben könnt, was wirklich wichtig ist\u0026rdquo;. Das ist der Bazaar-Ansatz für Architektur und funktioniert nach Maßgabe von MySQLern sehr gut. Statement-Based Asynchronous Replication in MySQL zum Beispiel ist fundamental limitiert und am Ende für eine bestimmte Fehlerklasse nicht reparierbar, leistet aber in vielen Deployments erfahrungsgemäß und inzwischen über mehr als eine Dekade ausgezeichnete Dienste. Inzwischen gibt es Alternativen und Weiterentwicklungen (RBR, Semisynchronous Replication, GTID), aber in der Zwischenzeit haben alle schon einmal prüfen können, was die Vorteile und Nachteile der existierenden Implementation sind und was wirklich Reibungspunkte sind, die einer Verbesserung bedürfen.\nDer Kathedralenansatz von Postgres hat dazu geführt, daß Postgres sehr lange keine sinnvolle Replikation zur Verfügung hatte und bestimmte Ideen in Postgres vollkommen überkomplex reguliert sind. Mein Arbeitgeber zum Beispiel hat sein System ursprünglich auf Postgres aufgebaut und dies dann im laufenden Betrieb auf eine MySQL-Architektur migrieren müssen, damit das System über einen monolithischen Server hinaus skalierbar wurde. Das war vor mehr als 10 Jahren, und Postgres hat dann effektiv letztes Jahr erstmals einen Ansatz gehabt, mit dem man das System mit Postgres auf sinnvoll hätte skalieren können. Aus dieser Sicht kann man also getrost sagen, daß \u0026ldquo;MySQL an Stellen Fehler hat, an denen Postgres nicht mal Code hatte\u0026rdquo;.\nSiehe auch einen älteren Artikel zum Thema (der Artikel bezieht Performancegewinne von MySQL 5.5 und 5.6 noch nicht ein).\n","date":"2012-08-20T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/20/mysql-testcases.html","tags":["free software","mysql","lang_de"],"title":"MySQL Testcases"},{"categories":null,"content":"The Frozen Sky , Jeff Carlson, USD 0.99\nDie Menschen sind zum Jupiter gekommen, weil er eine reichhaltige und billige Quelle für Treibstoff im Heimatsystem war. Europa\u0026rsquo;s äquatoriale Eisebenen sind eine gute Heimatbasis für die Menschen und ihre fusionsgetriebenen Mechas und Maschinen. Aber es sollte 18 Jahre dauern, bis die Menschen sich weiter auf Europa vorwagen und die Tiefen von Europas Schächten, Spalten, Kellern, Schmelzflüssen und Querverbindungen abseits der Ladezonen zu erforschen beginnen.\nEine unwirtliche Gegend, und eine, die dem Equipment schnell zusetzt. Und dann, neun Kilometer unter dem Eis, stellt die Forschungsgruppe fest, daß sie nicht die Ersten hier unten sind. Europa trägt eingeborenes Leben, und es kommt zum Kontakt.\nEine Novelle über eine Erstkontaktsituation, fremdes Leben in einer fremden Umgebung und die Unmöglichkeit der Kommunikation. Ein Dollar, gut angelegt, Stoff für einen regnerischen Nachmittag.\n","date":"2012-08-19T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/19/fertig-gelesen-the-frozen-sky.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: The Frozen Sky"},{"categories":null,"content":"Containment , Christian Cantrell, USD 2.99\nArik ist ein Angehöriger der ersten Generation der in der Venus-Kolonie geborenen Kinder, und ein Wunderkind - seine Aufgabe ist, an der Entwicklung der künstlichen Photosynthese zu forschen, auch um die Lebenfähigkeit der Kolonie bei wachsender Bevölkerung sicherzustellen. Doch nach einem Unfall beginnt seine Welt auseinander zu fallen und Inkonsistent zu werden.\nEine kurze und unkomplizierte Geschichte in der Art Total Recall meets M. Night Shyamalan, und auch wenn man als erfahrener Scifi-Leser die Pointe meilenweit kommen sieht, bleibt das Buch spannend. Ich habe es für USD 0.79 bekommen, inzwischen kostet es USD 2.99 (ist aber für US Amazon Prime Kunden kostenlos). Reicht für einen oder zwei nette Abende, und ist sein Geld wert.\n","date":"2012-08-18T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/18/fertig-gelesen-containment.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: Containment"},{"categories":null,"content":"In habe ich erklärt, wo die persönlichen Vorteile der Offenlegung von Informationen über eigene Interessen oder Eigenschaften liegen können, und es in den Kommentaren auch mit einigen ganz konkreten, selbst erfahrenen Beispielen belegt: Gezielte Veröffentlichung von Interessen ermöglicht uns, einander zu finden und uns horizontal, unter Gleichen, zu organisieren.\nSehr viel drastischer schlägt Charles Stross in The Internet is for porn in dieselbe Kerbe. Bei ihm geht es um sexuelle Vorlieben und wie diese durch das Internet gemainstreamed werden:\n[\u0026hellip;] stuff that, in 1970, you would have had to search out from specialist retail distributors [\u0026hellip;]is today ubiquitous and available at the click of a mouse button. But it\u0026rsquo;s also a side-effect of the web making it easy to construct social networks among people with minority interests; suddenly all sorts of stuff that was hidden back when it was just one person per 10,000 population town emerges as a 30,000-strong continental community. The 0.01% are no longer hidden, can no longer be marginalized. Never mind the 1% or the LGBT 10%.\nIn Deutsch: \u0026ldquo;Zeugs, für das man 1970 zu einem Spezialgeschäft hätte gehen müssen [\u0026hellip;], ist heute mit einem Mausklick leicht erhältlich. Aber das ist auch sein Nebeneffekt des Web, welches es leicht macht, sich in sozialen Netzwerken zu organisieren und zu finden. All das Zeugs, das damals versteckt war, weil es nur eine Person in einer 10.000 Einwohner-Stadt interessiert hat, ist nun Thema einer 30.000 Personen starken kontinentalen Gemeinschaft. Die 0.01% können nicht mehr marginalisiert werden, die 1% oder die LBGT 10% noch viel weniger.\u0026rdquo;\nDie Struktur, um die es hier geht, und die Leute ermächtigt, ist die horizontale Kommunikation und der Zusammenschluß von geographisch verteilten, interessengleichen Personen, und die Ermöglichung der Gruppenbildung. Gruppeninteressen, die sich auf diese Weise bilden können, werden Machtfaktoren, und sind plötzlich Mitspieler in der öffentlichen Diskussion und Wertefindung - natürlich kompliziert sich so das Tagesgeschäft der Politik, und natürlich müssen die etablierten Spieler diese neuen Entwicklungen zur Kenntnis nehmen, wollen dies aber wenn möglich nicht.\nDie Effekte sind dennoch profund, und führen zu unerwarteten Entwicklungen. Das republikanische Sprachrohr Fox News und viele Mitglieder der republikanischen Partei bewegen sich langsam von ihren Positionen gegen gleichgeschlechtliche Partnerschaften weg: The Gay Rights Revolution arrives at Fox News :\nFractures in conservative opposition to gay rights and even same-sex marriage have now widened to include the core of the right’s message machine, the Fox News Channel, where a cadre of younger voices have begun to defend same-sex relationships and even advocate openly for same-sex marriage. [\u0026hellip;] But like the Republican Party, whose leaders have begun to step away from anti-gay positions that are deeply unpopular with younger voters, Fox appears to be feeling pressure both from its younger staff and key audience segments to reflect what polls suggest is a rapidly shifting consensus.\nEs ist genau wie Charles Stross schreibt: die LBGT 10% können auch und gerade von den Republikanern nicht mehr marginalisiert werden, weil sie jetzt als eine Gruppe auftreten können und seit dem Internet auch massiv Sichtbarkeit gewonnen haben. In Charles Stross Termen ist aus etwas, das vor 40 Jahren Material für eine Erpressung geliefert hätte, weil es privat war und privat bleiben mußte, eine mächtige, normale und anerkannte politische Bewegung und eine anerkannte gesellschaftliche Normalität geworden.\nHätte man so etwas im Privaten gelassen, hätte sich die Gesellschaft nicht verändern können.\nIn Post-Privacy: Prima leben ohne Privatsphäre spricht Christian Heller einen ähnlichen Aspekt an:\nEin bürgerliches Unbehagen des 19. Jahrhunderts galt den Proletariermassen, den Horden der Unterschicht. Mit sozialen Wohnprojekten sollte nicht nur die Verwahrlosung der Elenden unterbunden werden, sondern vor allem auch ihre Vermischung, ihre Zusammenballung. Der einzelne Proletarier war für sich kein Problem; aber in der Menge, in der Verbrüderung, wurde er gefährlich, musste er kontrolliert werden. [\u0026hellip;]\nDiese Strategie zeigte sich auch in Wohnprojekten. In Frankreich verpflanzten großzügige Unternehmer ihre Arbeiterfamilien in Siedlungen kleiner Einfamilienhäuser mit getrennten Zimmern, einem Garten und Gartenzaun. Kein übles Angebot, denn natürlich waren diese Behausungen um ein Vielfaches wohnlicher als jede Mietskaserne. [\u0026hellip;]\nDer Gartenzaun war bedeutsam: Er sollte eine nicht nur architektonische, sondern auch geistige Grenze gegenüber den Nachbarn ziehen. Der Arbeiter sollte lernen, sich als getrennt von seinem Nebenmann zu betrachten, statt als Teil derselben Schicksalsgemeinschaft im Klassenkampf. Der Zaun sollte den Mob auftrennen und den Horizont der Arbeiter auf ihre Privatsphäre verengen.\nDas Konstrukt, das hier angestrebt wird, ist genau das, das solche Normalisierungen und Neubildungen von gesellschaftlichen Interessengruppen verhindern soll: Der Einzelne soll horizontal durch das Konstrukt der Privatheit isoliert werden, aber natürlich vertikal durch die Obrigkeit jederzeit leicht adressierbar und kontrollierbar sein.\nDiese Denkweise erklärt auch das Sommerlochthema des Sommers 2012: Die \u0026ldquo;Facebook\u0026rdquo;-Parties. Spontane und unregulierte Zusammenkünfte von wildfremden Menschen zum Feiern sind der Party-Arm derselben Struktur, die als \u0026ldquo;Anonymous\u0026rdquo; spontan organisierte und unregulierte politische Gewalt ausübt: tatsächlich gibt es Anonymous-Aktionen, die Merkmale von politischem Protest und Facebook-Party zur selben Zeit aufweisen.\nDas erklärt auch die Stärke der Abwehrreaktion aller etablierten und konserativen Interessengruppen gegen Facebook-Parties: den bestehenden Machtgruppen und Organisationen ist die Isomorphie von Facebook-Party und Anonymous-Aktion sehr wohl bewußt, wenn auch nicht unbedingt immer auf einer verbalisierbaren Ebene. Der Kampf gegen Facebook-Parties ist auch der Kampf darum, neue und sich selbst noch nicht bewußte gesellschaftliche Interessengruppen in Form von vereinzelten Personen hinter ihren Gartenzäunen zu halten - es geht darum, die Privatsphäre dieser Leute untereinander zu erzwingen, um keine Konkurrenz zu den eigenen Strukturen entstehen zu lassen.\nAm Ende geht es darum, die Evolution von der Einzelperson über Anonymous zu einer Adhocracy und danach zur Piratenpartei (oder anderen neuen politischen Strukturen) zu erschweren oder gar zu verhindern.\n","date":"2012-08-17T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/17/die-erzwingung-der-privatsphaere.html","tags":["internet","politik","privacy","spackeria","lang_de"],"title":"Die Erzwingung der Privatsphäre"},{"categories":null,"content":"The Religion Virus , Craig A. James, USD 4.75\nDas Buch behandelt Religion, und insbesondere das Christentum als Mem-Komplex, also als ein ideologisches Gen, daß auf unserem Bewußtsein und in unserer Kultur mitreitet. Der Mem-Komplex entwickelt sich dabei nach evolutionären Regeln weiter, indem er mit anderen, verwandten Memen konkurriert, und generell mit allen Ideen um Aufmerksamkeit wettstreitet. Untersucht werden die grundsätzlichen Teil-Meme, die das Judentum und später das Christentum geprägt haben, und dabei an Bibelstellen und der aufgezeichneten objektiven Geschichte des Christentums nachgewiesen, wann und wo diese Meme entstanden sind und wie sie dabei halfen, den Memplex \u0026ldquo;Christentum\u0026rdquo; erfolgreicher und gegen andere Religionen und Ideen durchsetzungsstärker zu machen.\nIn der Aufklärung und der Moderne ist Religion unter Druck geraten und so hat der Memplex Mechanismen entwickeln müssen, mit denen er sich gegen Angriffe und gegen \u0026ldquo;Disbelief\u0026rdquo; wehren kann. Die Mechanismen, mit denen Glaubensgemeinschaften diesen Druck abzuwehren versuchen und sich zu stabilisieren versuchen werden ebenfalls dargestellt und ihre geschichtliche Entwicklung wie auch ihre Wirkmechanismen offengelegt.\nDadurch, daß das Buch die innere ideologische Wirkstruktur von Religionen im Allgemeinen und des Christentums im Besonderen offenlegt, hilft es sehr dabei, Religion und die Argumentationen von religiösen Personen zu verstehen. Ich fand das sehr erhellend.\n","date":"2012-08-17T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/17/fertig-gelesen-the-religion-virus.html","tags":["book","review","media","religion","science","lang_de"],"title":"Fertig gelesen: The Religion Virus"},{"categories":null,"content":"Daten in einer SQL-Datenbank werden in einer Tabelle abgelegt, also einer Struktur mit Spalten, die Namen und in vielen Fällen auch einen Datentyp haben. Eine Tabelle besteht dann aus 0 oder mehr Zeilen, die in dieses Spaltenschema passen.\nFür das Schreiben von Daten möchte man diese dann Normalform bringen, um Anomalien bei Änderungen von Daten zu verhindern und um die Datenmenge kompakt zu halten. Kompakte Daten haben den Vorteil, daß sie von der Datenbank ganz oder in wesentlichen Teilen im Speicher gehalten werden können, sodaß lediglich tatsächliche Schreibzugriffe irgendwann die Platte treffen.\nIn den meisten Fällen wird man Daten nicht übernormalisieren wollen, weil sonst die Rekonstruktion von für die Anwendung nutzbaren Daten zur Laufzeit ziemlich kompliziert wird. Für Datenbanken, die hinreichend volatile Daten enthalten, wird man meistens eine Darstellung in der Nähe der 3. Normalform finden.\nNormalisierte Darstellung von Daten: 1:n-Relation (Ein Hotel kann 0 oder mehr Reviews haben).\nWebanwendungen zeichnen sich häufig dadurch aus, daß sie weitaus mehr Lesezugriffe als Schreibzugriffe haben - Benutzer einer Webanwendung sehen große Datenmengen durch, nehmen aber im Vergleich wenig Änderungen vor: Sie \u0026lsquo;browsen\u0026rsquo;. Daher ist es oft lohnend, Daten für Webanwendungen in eine Form zu bringen, die für Lesezugriffe optimiert ist. Das ist eine Denormalisierung: Die Daten, die für die Darstellung einer einzelnen Webseite benötigt werden, werden ausgejoined und in die von dieser Seite benötigte Form gebracht.\nDies kann zur Laufzeit geschehen und man kann die entsprechende Query in der Datenbank selbst abspeichern, in der Form eines Views:\nCREATE VIEW v AS select ... from t1 join t2 on t1.t1id = t2.t1id where ... In diesem Fall wird jedoch die Join-Operation auf frischen Daten jedesmal durchgeführt, wenn ein Lesezugriff auf den View erfolgt.\nAlternativ speichert man nicht die Query selber, sondern cached auch ihr Resultat in einer Tabelle:\nCREATE TABLE mv AS select ... from t1 join t2 on t1.t1id = t2.t1id where ... und wenn man schlau ist definiert man auch noch ein paar passende Indices da mit drauf. Hier hat man den Resultset der Query materialisiert, und kann nun Anfragen darauf fahren, ohne daß man die Operation zur Generierung des Resultats jedes Mal wieder neu ausführen muß. Das kann - muß aber nicht! - sehr viel schneller sein.\nMaterialized View: Ausgejointe 1:n Beziehung zwischen Hotels und Reviews.\n# JSON-Repräsentation des Join-Ergebnisses { \u0026#34;hotel\u0026#34;: \u0026#34;citizen M\u0026#34;, \u0026#34;location\u0026#34;: ..., reviews: { review: { \u0026#34;score\u0026#34;: 10, \u0026#34;text\u0026#34;: ... }, review: { \u0026#34;score\u0026#34;: 9.8, \u0026#34;text\u0026#34;: ...} } } Der materialisierte Resultset hat den Nachteil, daß er einen Schnappschuß der möglicherweise sehr volatilen Daten zu einem bestimmten Zeitpunkt darstellt und daß die Daten in dem materialisierten View unter Umständen nicht aktuell sind. Viele SQL-Datenbanksysteme stellen elaborate Systeme bereit, um Materialized Views zu definieren und Aktualisierungsregeln dafür zu definieren. Definierbar sind meistens der Zeitpunkt der Aktualisierung - manuell, per Kommando; automatisch nach Fahrplan, auf der Grundlage einer Zeitsteuerung; oder automatisch bei jeder Änderung, ON COMMIT. Definierbar ist oft auch der Änderungsalgorithmus, also eine komplette Neuerstellung des Materialized View von Null, oder ein Einarbeiten der Änderungungen in die bestehenden Daten (\u0026lsquo;Delta-Processing\u0026rsquo;) wo das möglich ist.\nMan ist aber bei der Definition von solchen Systemen gar nicht auf Datenbankmechanismen angewiesen, und tatsächlich ist dies in vielen Fällen auch nicht opportun. Dann nämlich, wenn die zu materialisierenden Datenmengen sehr groß sind, oder wenn der Umwandlungsprozeß aus der normalisieren Darstellung in die denormalisiere Darstellung besser in einer richtigen Programmiersprache statt in SQL dargestellt wird, läßt man den Prozeß besser extern laufen.\nDazu wird man Änderungen an den normalisierten Daten aufzeichnen wollen, damit man dem externen Umwandlungsprozeß die Primärschlüssel der geänderten Zeilen zur Verfügung stellen kann und man einen Delta-Processing Prozeß betreiben kann. Dies kann man mit Triggern in der Datenbank machen, aber das hat zumindest in MySQL den Nachteil, daß es synchron zur Datenänderung ausgeführt wird und so die Schreibzugriffe selber beeinflußt. Alternativ kann man diese Änderungen auch einfach in der Anwendung selber ausführen, wenn man Kontrolle über den Quelltext aller Schreiber auf die normalisierten Daten hat.\nDenormalisierungsmaschine\nEin solches Setup sieht in einem mir bekannten Beispiel so aus, daß eine Quelldatenbank existiert, die in den Hauptspeicher einer Maschine paßt - die Gesamtdatenmenge besteht aus ca. 200GB Daten. Die Datensätze sind relativ klein, rein numerisch: IDs von Entities in anderen Datenbanken und Preisdaten. Die Daten haben eine recht hohe Change-Rate: Externe Bearbeiter und entfernte Systeme ändern die Daten laufend und so schnell, daß es durchaus sinnvoll ist, daß die Darstellung normalisiert und schreiboptimiert erfolgt.\nZur Erzeugung eines read-optimierten Views wurde das System so geändert, daß die schreibenden Prozesse auch die geänderten IDs in einer Work Queue hinterlegen. Von dort greifen ca. 100 Worker parallel die Arbeitsaufträge ab, transformieren die Daten in eine read-optimierte Darstellung und legen das Resultat ihrer Bemühungen in einer anderen, getrennten Datenbankinstanz ab.\nDie Schreibraten, die dabei entstehen, können beachtlich sein: Der Datenbestand wird durch das Ausmultiplizieren der Joins und das Entfalten der verschiedenen Datendimensionen in der Regel sehr viel größer - in dem genannten Beispiel besteht die Denormalisierte Darstellung in der Tat aus vier Maschinen, auf denen die Daten geshardet abgelegt werden und jede dieser vier Maschinen hat ihre Daten auf zwei SSD in einer RAID-0 Konfiguration.\nDie Schreibraten sind insbesondere im Fall einer kompletten Neugenerierung des denormalisierten Bestandes so groß, daß MySQL 5.5 nicht mithalten kann.\nMySQL 5.6 hat verschiedene Lockingprobleme im InnoDB Kern gelöst und kann Redo-Logs größer als 4 GB handhaben. Dadurch kann auf dem oben erwähnten SSD-Setup eine dauerhafte pro Instanz Schreibrate von 150 MB/sec netto (also auf Datenbankseite) erreicht werden, sodaß das ganze System recht entspannt auf eine aggregierte dauerhafte Schreibrate von 600 MB/sec kommt.\nNatürlich ist eine solche Schreibrate zu hoch als daß MySQL Replikation noch mithalten könnte. Man kann dann anfangen, das Schema auf einer Maschine in unabhängige Subschemata zu unterteilen und mit MySQL 5.6 Parallel Replication herum zu experimentieren. Aber wenn man den Code sowieso anfassen muß, dann kann man auch stattdessen in den Queue Workern einfach parallel auf mehrere Instanzen direkt schreiben und Replikation komplett umgehen.\nDie denormalisierte Darstellung ist in unserem Fall geeignet, eine bestimmte Klasse von Abfragen um Größenordnungen zu beschleunigen und - noch wichtiger - bestimmte pathologische Arten von Abfragen genau so schnell auszuführen wie normale Abfragen. Outlier in der Systemleistung werden also eliminiert, eine bestimmte Sorte von Slow Query tritt nie mehr auf.\nAnekdote: Leider ist MySQL 5.6 noch nicht GA und eine der von uns getesteten Versionen hat einen Crash Bug gehabt, den wir zuverlässig triggern konnten. Um das zu debuggen brauchten wir einen Core Dump. Einen 200 GB Core-Dump auf SSD zu schreiben dauert ca. 15 Minuten. Die Redo-Log Recovery von 25-aus-32 GB Redo-Log dauert dann weitere 45 Minuten, nach denen die Datenbank dann wieder produktiv ist.\nAnekdote: Während der Entwicklung haben wir die Generierung sehr oft komplett durchlaufen lassen müssen. Dabei haben wir die volle Schreibrate der SSD tatsächlich über Wochen voll ausgenutzt und uns ist tatsächlich in zwei Kisten die SSD durchgebrannt. Wir haben schon gewitzelt, daß HP Server bauen muß, wo hinten auf so einer Rutsche neue Platten nachrutschen, wenn die aktive SSD als ausgebrannt erkannt wird. Dann kann man per Rechenzentrum einen Heizer haben wie auf einer Dampflok, nur daß der Platten schaufelt statt Kohlen.\nIm Wirkbetrieb normalisiert sich das dann recht schnell auf sinnvolle erwartete Lebensdauern.\nErwartete Lebensdauern für die SSD in einem Beispielrechner.\nTL;DR: Durch Denormalisierung lassen sich Daten read-optimiert speichern, was bei Webanwendungen oft sinnvoll ist. Die führende Darstellung sollte jedoch normalisiert sein, wenn man an seinen Daten hängt. Denormalisierung kann Datenmengen explodieren lassen und bei großen Datenmengen und hohem Churn massiven Hardwareeinsatz erfordern. In diesem Fall führt man die Materialisierung besser außerhalb der Datenbank durch.\nDie architekturellen Kosten dieses Ansatzes sind Update-Verzögerung und eine hohe Schreibrate, die bestimmte Technologien wie MySQL Replikation unattraktiv machen kann.\n","date":"2012-08-15T00:00:00Z","href":"https://blog.koehntopp.info/2012/08/15/materialized-view.html","tags":["mysql","architektur","lang_de"],"title":"Materialized View"},{"categories":null,"content":" ","date":"2012-07-22T00:00:00Z","href":"https://blog.koehntopp.info/2012/07/22/mit-dem-schnuppel-im-tierpark.html","tags":["berlin","image","schnuppel","lang_de"],"title":"Mit dem Schnuppel im Tierpark"},{"categories":null,"content":"Auf Google Plus schreibt Christoph Kappes:\n\u0026ldquo;Haben alle verstanden, dass Rivva tot ist, wenn das #LSR kommt? Redet keiner drüber, hm.\u0026rdquo; Drüben bei Twitter. Hier kann diskutiert werden.\nDas greift viel zu kurz.\nIch schrieb:\nChristoph, ich glaube, Deine Denkweise setzt zu spät an.\nDem Gedanken des LSR zufolge gibt es Content, der dem LSR unterliegt und es gibt Content, der dem LSR nicht unterliegt, weil er nicht von einem Presseverlag im Sinne des LSR generiert wird und daher durch das LSR nicht geschützt wird.\nDas LSR und seine bisher bekannten Umsetzungen definieren jedoch keinen Mechanismus, mit dem Content, der dem LSR unterliegt, in irgendeiner Weise identifizierbar wird. Daher ist es ohne manuelle Recherche auch nicht möglich, LSR-freien Blog-Content einzubinden, da es sich ja um Content handeln könnte, der dem LSR unterliegt.\nEine solche Unterscheidung automatisierbar durchführen zu können wäre auch überhaupt nicht im Sinne der Proponenten des LSR.\nDaher stellt sich die Frage, wie man nach dem Inkrafttreten des bisher bekannten Entwurfes überhaupt irgendwas in Deutschland verlinken soll ohne Gefahr zu laufen, abmahnbar zu werden oder sich passende Lizenzen zu besorgen.?\nund weiter\nDer Default ist komplett falsch.\nInteraktion im Internet lebt davon, daß sie kostenlos (im Sinne von Aufwand) ist. Das LSR definiert jetzt plötzlich Minimum-Transaktionskosten für die Verlinkung, das Zitat und andere extrem grundsätzliche Vernetzung, und droht hohe Strafen (Abmahnung, Juristen-Streß) bei Fehlern an.\nDas Ergebnis muß zwangsläufig ein großflächiges Abtöten von Engagement im deutschen Rechtsraum sein - effektiv ist es ein Todesurteil für jede Form von \u0026lsquo;casual interaction\u0026rsquo; und wird Deutschland Internet-Technisch endgültig aus dem Rennen werfen oder zumindest schwer behindern.?\nEine akzeptable Implementierung des LSR würde verlangen, daß Content auf den das LSR anwendbar ist, markiert ist, etwa durch eine Erweiterung der robots.txt, durch -irgendwas Header oder HTTP-Headerzeilen.\nDer Default muß unbedingt \u0026lsquo;Dieser Content kann ohne Rücksicht auf das LSR genutzt werden\u0026rsquo; bleiben, und die Markierung muß maschinenlesbar bleiben.\nDann aber geht LSR-Content im deutschen Teil des Internet sofort dark, will sagen, alle relevanten Nutzer würden den sofort ausfiltern.\nDas hätten wir aber schon mit einer Zeile in der robots.txt vorher haben können.\nEine Implementierung in irgendwelchen Gesetzen muß also zwangsläufig in etwas enden, das entweder ein NOOP ist oder das Netz in Deutschland tötet.\nIch sehe nicht, wie es einen Mittelweg geben kann, und am Ende hängt es von diesen beiden Eigenschaften ab: Maschinenlesbarkeit und Opt-In ins LSR?\nSiehe auch die Gedanken in Kostenloskultur und ähnliche Überlegungen damals zum JMStV . Es ist ein wesentliches Merkmal des Internet, daß es Interaktion und Kooperation zu minimalen Transaktionskosten zuläßt - Leute können Dinge im Vorübergehen verbessern und zu einer Verbesserung der Welt beitragen. Dies ist die Quelle für alle disruptiven Eigenschaften des Internet - und daher werden wir auch immer wieder Angriffe auf diese Eigenschaft sehen.\nDas LSR ist nur ein weiterer Versuch, kostenlos teurer zu machen.\n","date":"2012-06-25T00:00:00Z","href":"https://blog.koehntopp.info/2012/06/25/wieso-wir-gegen-das-leistungsschutzrecht-sind.html","tags":["lang_de","piraten","copyright"],"title":"Wieso wir gegen das Leistungsschutzrecht sind"},{"categories":null,"content":"Wer Clustern will, der muß erst mal einen solchen haben. Also, einen Cluster von möglichst vielen Rechnern. Die Anforderungen sind dabei klar: Man möchte Hardware haben, die möglichst billig ist - für Serverplatten, Speicher mit Fehlerkorrektur (ECC), und dergleichen Luxus ist kein Geld da, denn man möchte das gesparte Geld lieber in mehr Rechner stecken.\nAlso Billighardware kaufen? Nein! Denn auch die laufenden Kosten möchte man niedrig halten - der Rechner sollte also klein sein, und möglichst geringe laufende Kosten haben, also möglichst wenig Strom aufnehmen und bei möglichst hohen Zuluft-Temperaturen noch funktionieren. Die oben angedeutete Desktop-Kiste wird in dieser Form und mit diesem Formfaktor also niemandem Freude bereiten.\n\u0026ldquo;Klein\u0026rdquo; heißt in unserem Fall, daß wir mehr Schachteln in ein Standard-Rack hinein bekommen, wenig Strom aufnehmen heißt, daß wir wenig Strom bezahlen müssen und wenig Strom dazu verbrauchen, um den in Wärme umgewandelten Strom nach dem Verbrauch per Klimaanlage wieder nach draußen zu schaffen. Und hohe Zuluft-Temperaturen heißt, daß wir dicht packen können und daß wir die Klimaanlage so klein als möglich dimensionieren können, also weniger Strom für Kühlung und mehr Strom für das Rechnen ausgeben können.\nWenn man das Ganze groß genug betreibt - also mit n-stelliger Anzahl von Kisten, dann lohnt es sich, Metriken in Operations/Euro und Operations/Watt sowie Operations/Grundfläche bzw. Kubikmeter aufzustellen und dann auf dem Problem ein wenig linear zu optimieren, damit man möglichst viel Bumms pro Euro kauft.\nWenn man eher mittelständische Haushaltsgrößen ins Auge faßt, dann geht man zu seinem Standard-Hersteller für RZ-Hardware und schaut mal, was die an möglichst einfachen Pizzaschachteln im Angebot haben.\nPizzablech \u0026ldquo;HP DL160 Generation 6\u0026rdquo; für 4 Sorten Käse.\nDieses Blech wiegt etwas über 12 Kilo, ist die üblichen 19\u0026quot; breit, eine Höheneinheit im Rack hoch und etwas unter 70cm tief. Eine Beispielkonfiguration enthielte etwa eine 6-Core CPU, 24 GB RAM, 4 Platten mit jeweils einem Terabyte als JBOD und einen bzw. zwei Gigabit-Netzwerkports, und sie kommt mit ein wenig Gehampel für unter 2000 EUR/Stück. Eine doppelt so hohe Kiste könnte statt 4 Platten deren 12 fassen, und ein damit aufgebauter Cluster hätte weniger CPU und mehr Plattenspeicher.\nDas ist sehr unangestrengte Hardware - wenn man ein wenig mehr Hardcore shoppen geht, dann bekommt man leicht etwas mit größeren Platten für wenig Geld, wahrscheinlich aber auch mit einer schlechteren Ausfallrate. Das ganze Gelöt kommt nun in einige Racks, die wir mit Top-of-Rack Switches sinnvoll in einem separaten Netz zusammenknoten.\nHDFS - Hadoop Filesystem Jetzt haben wir billige Platten von schlechter Qualität als JBOD ohne das geringste bischen Redundanz, die wir einzeln und lokal in irgendein Verzeichnis unsers Servers mounten. HDFS, das Hadoop Filesystem, ist ein verteiltes Dateisystem - es verwendet das vorhandene lokale Dateisystem auf Einzelplatten schlechter Qualität, um daraus schnellen, parallel ansprechbaren und redundanten Speicher im Cluster zu bauen.\nHDFS setzt dabei nur eine begrenzte Zahl von Operationen um - ein HDFS ist kein vollwertiges Dateisystem im Sinne des Posix-Standards, sondern man kann es sich mehr als eine Art verteilten und massiv parallelen FTP-Server vorstellen: Das Dateisystem hat die Operationen GET, PUT und DELETE, sowie neuerdings auch noch APPEND, um Daten an eine bestehende Datei anhängen zu können. Ein SEEK, READ oder WRITE existieren jedoch nicht, Locking auch nicht.\nEntsprechend gibt es HDFS FUSE-Plugins, aber eben nur im Rahmen der Grenzen der Operationen von HDFS.\nEin Hadoop-Datanode\nHDFS startet zu diesem Zweck auf jedem Rechner mit nutzbaren Platten einen Prozeß namens Datanode, und an zentraler Stelle einen Verwaltungsprozeß namens NameNode. Die Namenode kümmert sich um die Verwaltung von Dateinamen und um das Wiederfinden von Blöcken. Sie zerteilt sehr große Dateien in vergleichsweise grobe Schnetzel von 128 MB Größe und speichert dann jeden dieser \u0026ldquo;Blöcke\u0026rdquo; genannten 128 MB-Schnetzel mehrfach auf unterschiedlichen Datanodes ab. Dabei ist es wichtig, sich nicht von der Nomenklatur \u0026ldquo;Block\u0026rdquo; ablenken zu lassen: Ein Block ist ein Stück Datei, das bis zu 128 MB groß sein kann, aber bei kleineren Dateien eben auch kürzer. Es handelt sich nicht um Blöcke fester Größe wie bei einem richtigen Dateissystem.\nHDFS speichert die Daten auch nicht selbst ab: Es verwendet ein lokales Dateisystem, zum Beispiel Linux ext4 oder xfs, um Dateien lokal zu verwalten und liefert nur eine einheitliche Clustersicht auf die Dinge. HDFS kümmert sich also nur um die verteilten Aspekte des Dateisystems, und überläßt jedem lokalen Knoten die Arbeit, das tatsächlich irgendwo auf eine Platte zu malen.\n[root@hadoop-115 finalized]# pwd /srv/hadoop/data01/dfs/dn/current/BP-1321238634-10.196.68.149-1338912643577/current/finalized [root@hadoop-115 finalized]# ls -lh blk_1025864654234871634* -rw------- 1 hdfs hdfs 128M Jun 6 13:37 blk_1025864654234871634 -rw------- 1 hdfs hdfs 1.1M Jun 6 13:37 blk_1025864654234871634_8941.meta Das Mountschema im Beispiel ist /srv/hadoop/data{n}. Auf jeder lokalen Platte gibt es einen Ordner /dfs/dn (Distributed Filesystem, Datanode), in dem die Blöcke abgelegt werden. Wir sehen hier irgendeinen namenlosen 128 MB Block und die Metadaten zu diesem Block. Man braucht die Daten der Namenode, um aus diesen Dateifetzen wieder sinnvoll benannte und eingereihte Dateien zusammenzusetzen.\nDabei geht das System durchaus pfiffig vor.\nZum einen will man ja, daß die Daten redundant gespeichert sind. Daher werden per Default 3 Kopien von jedem Block angelegt, und natürlich liegt jede Kopie auf einer anderen Maschine. Tatsächlich kann man in die Namenode einen Rackverteilungsplan einpflegen und dann sorgt die Namenode auch dafür, daß zwei der Kopien vergleichsweise dicht beeinander liegen und eine weiter entfernt, in einem anderen Rack. So ist sichergestellt, daß immer mindestens eine Kopie der Daten erhalten bleibt - auch dann, wenn mal ein ganzes Rack umfällt, der Switch oben im Rack verendet oder ein Sack fehlgeschlagener Kernelupdates einen Teil der Rechenzentrums-Population auslöscht.\nEin Schreibzugriff in ein HDFS hinein.\nZum anderen will man auch, daß der ganze Kram parallel abläuft. Daher führt die Namenode die Schreibvorgänge weder durch noch koordiniert sie diese. Sie dient lediglich als Verzeichnisdienst: Sie sagt dem Client, wo ein Block hingeschrieben wird, und der Client sendet diesen Block an die entsprechende Datanode. Diese schreibt ihn lokal und reicht in an die zweite Datanode weiter - dieser Traffic ist aber Rack-intern. Die zweite Datanode schreibt sich den Block ebenfalls auf eine Platte und reicht ihn nun über die Rackgrenze und die damit involvierten Switches hinweg an eine Node in einem anderen Rack weiter, die den Block ebenfalls noch ein drittes Mal schreibt. Die Bestätigungen für diese Operationen laufen denselben Weg den sie gekommen sind wieder zurück (und gehen parallel dazu auch noch einmal an die Namenode) und so weiß der Client, wenn er eine Bestätigung gesehen hat, daß alles geklappt hat und der Block jetzt redundant und persistent gespeichert ist.\nDa wir von jedem Block 3 Kopien anlegen, bedeutet das natürlich, daß wir für ein Terabyte Nutzdaten 3 Terabyte Plattenplatz (und ein wenig Metadaten) wegnaschen.\nHadoop versucht außerdem, die Blöcke einer Datei möglichst breit über den Cluster zu schmieren, also eine Datei über möglichst viele Datanodes zu verteilen. Das hat einerseits Geschwindigkeitsvorteile, wenn man parallel schreibt, andererseits macht es die spätere Verarbeitung der Daten schneller.\nSo können wir eine Datei zum Beispiel lesen, indem wir bei der Namenode eine Blockliste für die gesuchte Datei anfordern und dann parallel von allen Nodes, die die Daten haben, aus dem Netzwerk laden. Mehr Knoten bedeutet hier mehr CPUs und mehr Plattenspindeln, also mehr Speed. Das ist besonders dann interessant, wenn Daten von einem Cluster zu einem anderen kopiert werden - so eine massiv parallele Datenverschiebung bringt jede Netzwerkinfrastruktur an die Sättigungsgrenze. Und das, obwohl wir billige Einzelkomponenten eingekauft haben.\nDer Punkt ist, daß HDFS diesen Komponenten nicht traut: Datanodes müssen sich alle paar Sekunden bei ihrer Namenode per TCP Heartbeat melden, und in regelmäßigen Abständen auch Blockreports machen - dadurch weiß die Namenode, welche Blocks zu welcher Platte in einer Datanode gehören, wieviel freier Platz vorhanden ist usw.\nFällt eine von den Datanodes um oder geht auch nur eine Platte in der Datanode offline, geht die Namenode los und weist die überlebenden Datanodes für einen Block an, die notwendige Anzahl von Blockkopien wieder herzustellen - der Cluster flackert kurz mit den Plattenlampen und alles ist wieder gut - sogar, falls irgend möglich, im Rahmen der Redundanzregeln des Rackverteilungsplans.\nIrgendwann später schickt man einen Azubi mit einem Einkaufskorb voller Austauschplatten, Gehörschutz und dem Auftrag auszumisten in das RZ und danach stimmt die Clusterkapazität wieder.\nWas passiert, wenn eine Platte in einer Datanode nicht umfällt, sondern schimmelig wird und die Daten darauf verändert? HDFS speichert großzügig Prüfsummen an jedem Objekt und würde dies vergleichsweise schnell mitbekommen - entweder beim nächsten Zugriff oder wenn der Cluster sich langweilt und aus Verlegenheit sowieso mal seine Prüfsummen durchprüft. Blöcke mit kaputten Prüfsummen werden kurzerhand abgemurkst, dann stimmt aber die Anzahl der Kopien für diesen Block nicht mehr und die Namenode wird tätig wie oben, um diese Situation zu korrigieren.\n","date":"2012-06-11T00:00:00Z","href":"https://blog.koehntopp.info/2012/06/11/hdfs-billig-im-cluster-speichern.html","tags":["cluster","computer","hadoop","lang_de"],"title":"HDFS - billig im Cluster speichern"},{"categories":null,"content":"Sergei Skorobogatov von der Uni Cambridge kündigt sein neues Paper an, das jedoch erst im September veröffentlicht werden wird (PDF ):\n\u0026ldquo;Breakthrough silicon scanning discovers backdoor in military chip\u0026rdquo; will appear at CHES2012 in September. It will expose some serious security issues in the devices which are supposed to be unbreakable.\nEs geht um Krypto, die in Hardware implementiert ist, und man hat Chips untersucht, die in aktueller militärischer Hardware eingesetzt werden, indem man Reverse Engineering-Techniken auf diese Hardware angewendet hat und das so gewonnenene Design gegen die Spezifikation verglichen hat. Die anderen Artikel auf der Seite legen nahe, daß es sich um ein FPGA handelt, bei dem man festgestellt hat, daß es neben dem durch den legitimen Benutzer verwendeten Key auch noch einen zweiten festen Key besitzt, der verwendet werden kann, den Chip aufzuschließen oder herunterzufahren, auch wenn er durch den legitimen Benutzerschlüssel versiegelt worden ist.\nDie weitere Berichterstattung legt nahe, daß das Teil in so ziemlich jeder militärischen Hardware und kritischen Infrastruktur verbaut worden ist, die sich finden läßt und daß man jetzt erst mal am Schwitzen ist, weil man dieser Hardware (und auch aller anderen importierten Hardware) so gar nicht mehr trauen mag. Andererseits sind die USA etwa durch die Deindustriealisierung zum Teil gar nicht mehr in der Lage, alle für solche Systeme notwendigen Komponenten selbst zu fertigen - eine unangenehme Situation, wenn man Kriege führen möchte.\nDie gefundene Backdoor erscheint mir jedoch ziemlich primitiv und wenig entwickelt, und sie wirft für den Hersteller der Hardware oder - falls verantwortlich - seine Regierung ebenso viele Probleme auf wie für die betroffenen.\nEs ist ja klar, daß man als Hersteller von solcher Hardware in den Exportversionen seiner Milspec Hardware irgendwelche Kontrollmöglichkeiten haben möchte, falls das Zeugs einmal gegen einen selbst gerichtet wird. Aber nicht nur will man, daß die Backdoor schwer entdeckbar bleibt, solange sie nicht verwendet wird. Sondern eigentlich möchte man, daß sie selbst dann glaubwürdig geleugnet werden kann, wenn sie eingesetzt worden ist und der Einsatz danach bekannt wird (plausible denial ). Die ideale Backdoor sieht also aus wie ein Programmierfehler (\u0026ldquo;Bugdoor\u0026rdquo;) oder ein dummes Versehen - ein vergessener Permission-Check, verdrehte Parameter oder vertauschte Logik.\nDer zweite Code im FPGA erfüllt diese Bedingung nicht. Er wäre lediglich mit demselben Argument zu \u0026lsquo;rechtfertigen\u0026rsquo;, mit dem auch Default-Systempaßworte oder einheitliche Wartungszugänge in DSL-Router und andere Hardware eingebaut wird (\u0026lsquo;Unser Kundendienst muß in der Lage sein, wieder an ihre Daten zu kommen, wenn Sie die Hardware zerkonfiguriert haben.\u0026rsquo;) Wir reden hier allerdings von Milspec-Hardware, da hat man dieses Verlangen offiziell eher nicht.\nEs ist auch ein Risiko, daß eine solche Hintertür durch Dritte entdeckt und kompromittiert wird. Es ist blöd, wenn die Nutzung dieser Hintertür auf allen betroffenen Systemen einfach und auf dieselbe Weise möglich ist. Am Besten wäre es, wenn die Funktion der Hintertür an eine Variable gekoppelt ist, die instanz-spezifisch ist, aber dennoch von außen erratbar wäre.\nDie oben erwähnten FPGA haben diese Eigenschaft nicht - es scheint mir nach dem Lesen der wenigen gesicherten Informationen so zu sein, als könne man alle Instanzen dieses Chips mit demselben festen Zweitschlüssel öffnen. Damit hat man für sich und seinen Gegner ein riesiges Managementproblem geschaffen, weil nun dessen Infrastruktur durch jeden Dritten und seinen Hund angreifbar ist - es ist ja ausreichend, daß man jetzt weiß, daß es so eine Hintertür gibt. Sich dann den Schlüssel selber zu beschaffen ist eine Aufgabe mit überschaubaren Kosten und Aufwand für einen APT .\nAlles in allem ist das keine gute Hintertür, weil sie alleine schon durch diesen einen vagen Artikel umfassend kompromittiert worden ist und zu einem unkalkulierbaren Risiko für den Angreifer und den Verteidiger wird, weil sie nun jede Menge dritte Spieler aktiviert.\n","date":"2012-05-28T00:00:00Z","href":"https://blog.koehntopp.info/2012/05/28/backdoor.html","tags":["hack","security","lang_de"],"title":"Backdoor"},{"categories":null,"content":"\u0026ldquo;Kris\u0026rdquo;, fragt man mich, \u0026ldquo;Kris, gibt es außer \u0026lsquo;Volltextsuche\u0026rsquo; noch andere Gründe, für neue Anwendungen noch MyISAM zu verwenden? Im konkreten Fall geht es um eine verhältnismäßig einfache Datenstruktur, in die nur streng sequenziell geschrieben wird, nie gelöscht wird und viel und kreativ gelesen wird.\u0026rdquo; Na, das ist doch mal ein weites Feld.\nTeile davon habe ich in Ein paar Gedanken zu Zeitreihendaten und Wie man einen Graph plottet ja schon beackert.\nAber gut. \u0026lsquo;Streng sequentiell geschrieben\u0026rsquo; heißt, wir haben eine Datenstruktur, die immer genau am \u0026lsquo;Ende\u0026rsquo; einer Tabelle Daten anfügt, also eine Logtabelle. \u0026lsquo;Nie gelöscht\u0026rsquo; heißt nur \u0026lsquo;Wir haben uns noch keine Gedanken über Data Lifecycle Management gemacht\u0026rsquo;. Und \u0026lsquo;kreativ gelesen\u0026rsquo; heißt nur \u0026lsquo;Wir haben uns unter anderem deswegen noch keine Gedanken über Data Lifecycle Management gemacht, weil unsere Metriken noch nicht definiert sind\u0026rsquo;.\nDas ist legitim. Aber fangen wir rückwärts an.\nData Lifecycle Management Die meisten Systeme arbeiten transaktional und generieren Daten in einem Online Transaction Processing System. Das sind Systeme, in denen Daten normalerweise halbwegs normalisiert vorliegen. Meistens in der Nähe der 3NF (Internet-kompatible Erklärung mit Katzen . Diese Strukturen sind populär, weil sie zum Verändern und Beschreiben optimiert sind.\nIn den meisten dieser Systeme stecken kleine Data Warehouses, die über die Zeit wachsen und dann heraus wollen. Zum Beispiel hat ziemlich jeder Webshop ein Orderlog mit Bestellungen, die in normalisierter Form auf den Besteller in der Kundentabelle und die bestellten Artikel in der Artikeltabelle verweisen würden. Nach der Bearbeitung der Bestellung, der Auslieferung und der Bezahlung werden diese Einträge inaktiv und brauchen eigentlich nicht mehr in der Shopdatenbank zu stehen.\nGenau so hat ein Monitoring-System eine Datenstruktur, in der Testvorschriften in Testergebnisse umgewandelt werden, fehlgeschlagene Tests in Alarme umgesetzt werden und versendete offene Alarme durch Markierung durch die Admins in erledigte Alarme umgewandelt werden. Am Ende der Lebensdauer eines solchen Vorfalls braucht der Alarm eigentlich nicht mehr im Alarmlog des Monitoringsystems zu stehen.\nAnfangs ist das kein Problem, da es nur wenige Bestellungen oder erledigte Alarme gibt, aber über die Lebensdauer und das Wachstum des Systems werden das mehr und mehr Daten, die sich ansammeln. Generell kann man solche Daten leicht identifizieren, indem man sich das Datenmodell anschaut und sich überlegt, welche Tabellen wachsen, wenn alle Eingangsparameter (Anzahl der Kunden, Anzahl der Artikel, oder Anzahl der überwachten Rechner, der fehlgeschlagenen Tests usw) gleich bleiben. Solche wachsenden Tabellen haben oft eine Primärschlüsselkomponente, die eine Zeitangabe oder ein Zähler ist.\nFür diese Tabellen braucht man einen Prozeß, der erledigte Fälle erkennt und aus dem primären System in regelmäßigen Intervallen entfernt.\nDie Daten müssen dabei außerdem denormalisiert werden. Denn Anschriften von Kunden, Preise und Beschreibungen von Artikeln oder die Funktionen von überwachten Systemen ändern sich. In unseren Auswertungen wollen wir aber wissen, wohin wir den Artikel damals geliefert haben und was wir damals kassiert haben und nicht, wo der Kunde jetzt wohnt oder was das Teil jetzt gerade kostet. Und so können wir nicht die kunde_id, artikel_id oder system_id archivieren, sondern wir müssen diese Dinge auflösen und die tatsächliche Kundenanschrift (oder seine Postleitzahl) archivieren, und die tatsächliche Artikelbezeichnung, Farbe und so weiter.\nDabei läuft man in eine Reihe von interessanten Problemen, weil die Daten, die man speichern und auswerten will, eventuell gar nicht die Daten sind, die nach der Denormalisierung vorliegen: In den Auswertungen interessiert gar nicht, daß der Kunde damals im Knooper Weg 46, 24103 Kiel gewohnt hat, sondern nur, daß er in 24xxx gewohnt hat, weil man am Ende eine Statistik von Umsätzen nach Postleitzahlen über Zeit haben will. Und es interessiert auch nicht, daß eine \u0026lsquo;viktorianische Damenbluse\u0026rsquo; in \u0026lsquo;Aprikose\u0026rsquo; verkauft worden ist, sondern die Auswertung will nach Blusen oder gar nur nach Damenoberbekleidung gruppieren. Und in der Auswertung gibt es vielleicht nur 16 Farben und Aprikose ist eine Frucht, also muß man auch hier die Modenamen von Farben in jeder Saison auf irgendwelche RGB-Codes mappen und diese dann in Töpfen gruppieren.\nDiesen Prozeß der Denormalisierung, Attributextraktion und Neugruppierung nennt man man Extract, Transform, Load , und er ist etwas, mit dem man sich beim Schreiben einer OLTP-Anwendung beim besten Willen nicht befassen kann und will, weil man ganz andere Probleme hat und ja auch mal fertig werden will, damit man dem Kunden endlich seine Blusen und Monitoring SMS andrehen kann (Ein primitives Beispiel ).\nEs ist also nicht nur üblich, daß in jeder OLTP-Anwendung ein Data Warehouse steckt, das raus will, sondern auch vollkommen normal und gut so.\nDennoch geht so etwas auf die Performance, und außerdem will ein Betrieb mit funktionierenden Managementstrukturen irgendwann auch mal quantitativ gemanagete Prozesse haben und braucht dafür geeignete Metriken.\nETL des Orderlogs in eine Faktentabelle, dabei Denormalisierung (Binning nicht eingezeichnet).\nDann setzt man sich hin, überlegt sich, was man für Zeugs aus dem OLTP-System ETL\u0026rsquo;t gekommt und was man davon in welcher Form archivieren will. Im Ergebnis bekommt man einen Strom von zu archivierenden Attributen, die sich aus der Auflösung von Primärschlüsseln in der OLTP-Datenbank ergeben: artikel_ids werden zu Bezeichnungen, Preisen und Warengruppen von Artikeln, kunden_ids werden zu Anschriften, Postleitzahlen, server_ids werden zu Leistungsdaten und Systemgruppen von Servern, und Fehlercodes werden zu Fehlermeldungen und Fehlergruppen von Störungen.\nAlle diese Dinge gehen in Faktentabellen, die in der Regel eine Zeitdimension haben. Häufig wendet man dabei schon Key Compression an, wie in Ein paar Gedanken zu Zeitreihendaten beschrieben, um das Volumen der Daten halbwegs überschaubar zu halten.\nUnd in einem nächsten Schritt erzeugt man dann Aggregationen, die die relativ freien Faktendaten gruppieren und in Zählkörbe entlang einer Maßdimension verteilen (\u0026lsquo;binning\u0026rsquo;).\nBei dem Shop kann man entlang Warengruppen vereinfachen (\u0026lsquo;viktorianische Bluse\u0026rsquo; -\u0026gt; DOB), entlang Größen (S/M/L/XL), Preisgruppen (\u0026lt;10 EUR, \u0026lt;20 EUR, \u0026hellip;) und Farben (Aprikose -\u0026gt; Rot-Töne, Frühlingspalette, \u0026hellip;). Ebenso kann man Kunden klassifizieren und aggregieren , damit man überhaupt eine statistische Basis für eine Auswertung bekommt.\nHäufig wird man die Faktendaten nach dem Binning gar nicht mehr brauchen, außer man nimmt Veränderungen an der Definition der Bins vor oder will gar eine ganz neue Dimension erzeugen. Dann ist es für eine solche Reklassifizierung unabdingbar, daß man die Fakten noch einmal durchlaufen läßt, um die Aggregate zu aktualisieren. In den meisten Data Warehouses geht man Speicherkompromisse ein, und hält die Aggregate \u0026lsquo;unbegrenzt\u0026rsquo; (also länger als 10 Jahre :-) und die Fakten kürzer (je nach Storage-Kapazität - am Ende muß jemand das Geld für den Plattenplatz bewilligen und man muß ökonomische Kompromisse eingehen).\nMit den Fakten kann man dann manuelle Analysen fahren oder Machine Learning anwerfen, um zu versuchen, Korrelationen zu finden und einen Klassifikator zu bauen.\nDen Fall \u0026rsquo;nie gelöscht\u0026rsquo; gibt es in der Regel bei nennenswerten Datensammlungen eher nicht, oder wenn doch, dann liegen die eigentlichen Fakten relativ wenig genutzt irgendwo in einer Backup-Ecke (und niemand würde sie vermissen, löschte man sie), weil man sich eher mit den generierten Klassifikatoren beschäftigt oder allenfalls noch einmal mit den Dimensionen, entlang derer man versucht, eine solche Korrelation zu finden.\nLogging, Locking und MyISAM Man will so ein Logging in Faktentabellen unbedingt von dem operativen Betrieb des OLTP-Systems trennen. Die Datenbanken mit Lognatur sind also von den Datenbanken mit wahlfreiem Zugriff trennen, denn zu unterschiedlich sind die physischen Zugriffsmuster, der Speicherbedarf, die Anforderungen an Verfügbarkeit und viele andere Dinge, die auf die Systemleistung Einfluß haben. \u0026lsquo;Trennen\u0026rsquo; heißt hier idealerweise \u0026lsquo;anderes Blech\u0026rsquo;, weil es sonst auch hintenrum durch die Virtualisierung hindurch zu unangenehmen Übersprecheffekten kommen kann. Um so etwas auseinander zu sortieren braucht man einen Debug-Virtuosen mit Zugriff auf alle Komponenten der Wirkungskette - und solche Personen sind in der Regel teurer als zusätzliche Hardware.\nLoggt man in eine MyISAM-Tabelle, dann loggt man eine Datenstruktur mit Table Locks: MyISAM hat für jede Tabelle entweder den Zustand \u0026lsquo;frei\u0026rsquo; (idle), \u0026lsquo;shared access\u0026rsquo; (ein oder mehrere konkurrente Lesezugriffe) oder \u0026rsquo;exclusive access\u0026rsquo; (genau ein Writer). Es gibt noch den Sonderfall \u0026lsquo;concurrent inserts\u0026rsquo;, aber der hat auch seine eigenen Probleme und erzeugt in der Hälfte aller Fälle mehr Probleme als er hilft.\nDiese Table Locks haben emergente Effekte im Betrieb. Die Regeln sind eigentlich simpel: Wir können nur ENTWEDER Daten loggen ODER geloggte Daten abfragen. Per Default haben bereits laufende Abfragen Vorrang vor allem anderen - MyISAM wird niemals eine bereits laufende Query von sich aus abbrechen. Die nächste Vorrangstufe haben Schreibzugriffe und auf der letzten Ebene liegen Lesezugriffe.\nEin INSERT in MyISAM braucht eine gewisse Zeit (im Bereich von einer Millisekunde) und so kommt man mit einzelnen INSERT-Statements auf etwa 700 Operationen pro Sekunde für handelsübliche Hardware mit rotierendem Rost. Andere Konfigurationen können sich anders, aber nicht zwangsläufig schneller verhalten - Locking kann sehr interessante Debugsituationen erzeugen.\nOb das INSERT durchkommt hängt in erster Linie davon ab, ob schon eine Query läuft. Wenn länger laufende SELECT-Statements auf der Tabelle aktiv sind, dann haben diese bereits ein Lock und MySQL wird bereits laufende Queries nicht von sich aus unterbrechen. In der Praxis sieht man meist einen Mix von schnellen SELECT-Statements mit einem oder zwei schlecht zu optimierenden, langsam laufenden Queries dazwischen.\nAlles dies läuft ohne Probleme bis eine schreibende Query das exklusive Lock anfordert. Diese Query kann das Lock nicht bekommen, weil mindestens eine lesende Query bereits ein Lock auf der Tabelle hat. Die Schreibquery, zum Beispiel ein INSERT, stellt sich nun mit dem Status \u0026lsquo;Locked\u0026rsquo; in die Prozeßliste und wartet.\nIn Folge werden alle weiteren SELECT-Statements, die ja niedrigere Priorität haben als das INSERT, von dem wartenden INSERT auch in den Wartezustand geschickt - sie hängen ebenfalls \u0026lsquo;Locked\u0026rsquo; in der Prozeßliste und warten darauf, daß das INSERT fertig wird.\nIrgendwann enden alle bereits laufenden SELECT-Queries und geben ihre Locks auf der Tabelle auf. Das INSERT-Statement wacht aus seinem \u0026lsquo;Locked\u0026rsquo; auf und ist binnen einer Millisekunde erledigt. Jetzt können auch alle im Zustand \u0026lsquo;Locked\u0026rsquo; hängenden SELECT-Statements abgearbeitet werden. Die meisten von ihnen sind schnell beendet, da sie gut optimiert sind. Nur eine von diesen wartenden Queries ist komplizierter, nicht gut optimierbar und braucht länger. Während sie läuft tritt das nächste INSERT-Statement auf\u0026hellip;.\nDiese schwallartige Abarbeitung von SELECT-Queries nennt man MyISAM-Interlocking. Sie wird zwar durch die Logik der MyISAM-Table Locks gefördert, hat aber ihre Ursache nur mittelbar in der Hierarchie von Locks, und sie ist auch durch Umpriorisierung nicht zu lösen. Die eigentliche Ursache liegt in konkurrenten schreibenden und lesenden Zugriffen und das ist nur durch eine Datenstruktur mit weniger oder ganz ohne Locks in den Griff zu bekommen.\nMan braucht Multi Value Concurrency Control (MVCC) und InnoDB.\nWeitere Anmerkungen zu MyISAM Es sei an dieser Stelle noch einmal ausdrücklich darauf hingewiesen, daß solche Lockingeffekte ausgesprochen nichtlinear sind. Solange sie nicht auftreten, treten sie nicht auf (sic!). Sie sind vollkommen unspürbar und nicht leicht vorherzusagen - außer, man hat sie schon mal gesehen und weiß [http://www.amazon.de/Guerrilla-Capacity-Planning-Tactical-Applications/dp/3540261389](wie man sie modelliert). Wenn sie erst einmal auftreten, dann sind sie selbstverstärkend und bei weiter steigender Last steht das System binnen kürzester Zeit mit einer überlaufenden Prozessliste da.\nDas ist der Grund, warum ich im Rootforum und andernorts auf die Frage \u0026lsquo;Meine Apache/PHP sagt, er könne sich nicht mehr an die Datenbank verbinden, weil die Connections alle sind\u0026rsquo; nicht mehr antworte: \u0026lsquo;Setze max_connections herauf\u0026rsquo; ist nicht die korrekte oder auch nur eine hilfreiche Antwort. Eine wirklich hilfreiche Antwort hätte nicht nur Buchumfang oder das Format eines längeren Consulting-Einsatzes, sondern der Fragesteller will sie auch nicht hören oder ist typischerweise nicht gut vorbereitet, sie zu verstehen.\nMyISAM ist in Situationen, in denen mit genau einem Thread geschrieben wird und Reads vollkommen abwesend sind, extrem gut und schnell in der Lage, Daten zu laden: Die Ladegeschwindigkeit von MyISAM ist in solchen Situationen extrem hoch und nahezu konstant und von der Datengröße unabhängig - vorausgesetzt man ist schlau genug ist, Indices zu disablen und nach dem Ende des Loads einmal gesammelt aufzubauen. Leider ist das kein sehr typischer Anwendungsfall.\nMan kann den Anwendungsfall \u0026rsquo;typischer\u0026rsquo; machen oder versuchen, daß heiße, schreibende Ende der Tabelle besser zu isolieren, indem man in kleine Tabellen mit temporalen Namen lädt und die Abfragen dann nur auf alten, inerten Daten macht. Auf diese Weise kommen sich Schreib- und Lesezugriffe nicht ins Gehege: Der Load erfolgt in logging_20120528_1401 und die Abfragen dann auf alten, kalten Tabellen. Dadurch hat man einen Monitoring-Lag von einer Einheit (also hier im Beispiel von einer Minute).\nMyISAM-Daten lassen sich auch offline packen: Indem man eine Tabelle mit \u0026ldquo;RENAME TABLE work.logging_20120528_1401 offline.logging_\u0026hellip;\u0026rdquo; in einen Bereich verschiebt, in dem auf Grund der GRANTs kein Teil der Anwendung Zugriff hat, kann man dann mit \u0026ldquo;FLUSH TABLES offline.logging\u0026hellip; \u0026rdquo; ein Schließen der Filehandles zu dieser Tabelle erzwingen und sicher sein, daß die Filehandles auch zu bleiben.\nNun kann man von außen \u0026ldquo;myisampack\u0026rdquo; anwenden, um die MYD-Datei zu packen und dann mit \u0026ldquo;myisamchk\u0026rdquo; die Indices neu aufbauen. Das Resultat ist eine komprimierte (also deutlich kleinere) read-only Version der Tabelle, die nun mit \u0026ldquo;RENAME TABLE offline.logging\u0026hellip; work.logging\u0026hellip;\u0026rdquo; in die Produktion zurück verschoben werden kann. Die resultierenden Tabellen sind nicht nur gepackt (das könnte die ARCHIVE-Engine auch), sondern sie haben auch nutzbare Indices.\nIn MySQL hat man seit MySQL 5.1 die Option, das general_log und das slow_query_log statt als traditionelle Logfiles als CSV- (default) oder MyISAM-Tabellen (optional) in mysql.* zu realisieren. Nach den Ausführungen oben kann man sich leicht überlegen, wieso ein solches Log als MyISAM-Tabelle ineffizient ist (Lösungshinweis: MySQL ist ein Multithreaded Server, jeder Thread kann Logevents generieren).\nMit Kenntnis von \u0026ldquo;a\u0026rdquo; (O_APPEND in open(2)) kann man sich das Verhalten von CSV-Dateien oder normalen Logdateien im Vergleich überlegen: Wie ist sichergestellt, daß auch bei konkurrenten Log-Events einem Multithreaded-Server ein CSV-Record geschrieben wird, ohne daß sich Daten von einem anderen Log-Event da hinein überschneiden? Wie ist sichergestellt, daß CSV adäquat performiert?\nInnoDB und konkurrente Zugriffe Lädt man Daten multithreaded oder hat man auch auf der heißen, aktiven Tabelle am Ende des Logs Lesezugriffe, weil man sich die Auwerteverzögerung nicht leisten kann, dann ist MyISAM vollkommen unbrauchbar. Und das wie bereits erwähnt relativ schlagartig, da Locks sich in der Regel stark nicht-linear zuziehen. In diesem Fall muß man seine Logtabelle als InnoDB-Tabelle realisieren, und dabei die interne Struktur von InnoDB und ihre Rückwirkungen auf die Performance im Auge behalten.\nInnoDB-Tabellen sind nach Primärschlüssel geordnet. Das bedeutet erst einmal, daß man einen solchen definieren muß, damit keine schlimmen Dinge passieren . Wählt man den Primary Key so, daß die Daten physikalisch in der Reihenfolge des Schreibens angeordnet werden, muß man sich über den Change Buffer und seine Performanceimplikationen im Klaren sein.\nGenerell muß man damit rechnen, daß dieselben Daten in InnoDB 2-3 mal mehr Platz auf der Platte und im Speicher belegen als in MyISAM. Zwar kann man auch in InnoDB Compression aktivieren, und im Gegensatz zu MyISAM sind komprimierte InnoDB-Tables sogar normal beschreibbar. Dennoch braucht auch eine komprimierte InnoDB-Tabelle noch deutlich mehr Platz als eine komprimierte MyISAM-Tabelle. Das liegt einerseits am Verwaltungsoverhead von InnoDB (MVCC braucht ca. 20 Bytes pro Row zur Verwaltung), und andererseits an dem in den InnoDB Pages zwangsläufig vorhandenem freien Platz: jede InnoDB-Page enthält eine gewisse Menge freien Platz, die Updates an Ort und Stelle auch bei wachsenden Daten ermöglicht. Wäre das nicht so, würde jede Änderung an den Daten zu Seitenüberläufen und einem Rebalancing des B-Baumes auf der Platte führen.\nEin praktisches Beispiel und die Folgerungen Das \u0026lsquo;Eventlog\u0026rsquo;-System ist eine interne Entwicklung meines Arbeitgebers, das man am grob mit \u0026rsquo;ein Business-Level Logsystem, das dem Syslog auf Systemebene noch am ehesten entspricht\u0026rsquo; beschreiben kann. Eventlog generiert gigantische Datenmenge, da so gut wie jede Systemkomponente Daten an die Eventlog Listener sendet. Die Listener bearbeiten die Daten in mannigfaltiger Weise, aber am Ende langen sie in einer Datenbank.\nDies war vor geraumer Zeit ein MyISAM, und die MyISAM-Dateien sind nach einer Woche wie oben beschrieben gepackt worden. Nachdem die Load auf dem Eventlog so groß geworden ist, daß das System durch Zuziehen der MyISAM Write-Locks auf den heißen Tabellen Performanceprobleme bekam, haben wir die heißen Tabellen auf InnoDB umgestellt und konvertieren jetzt nach einer Woche in compressed MyISAM.\nProblem sind nun eher die laufenden Aggregationen, die schon vor langer Zeit dadurch begrenzt wurden, daß jede einzelne Query in MySQL immer nur mit einem Core arbeiten kann. Durch Auslagern der Aggregationen aus der Datenbank in Clients und durch geschickte Programmierung der Clients kann nun über mehrere Cores und sogar mehrere Maschinen parallel aggregiert werden.\nDies ist jedoch ein unangemessener Programmieraufwand. Tatsächlich wird dieses System durch einen kleinen Hadoop Cluster mit Hive und Flume abgelöst.\nHadoop HDFS speichert Dateien, die danach Immutable sind - neueres HDFS hat jedoch einen Append Mode für diese Daten. Auf diese Weise können die Daten auf JBOD redundant gespeichert werden und man braucht sich nicht mehr um Storage und seine Kosten zu sorgen.\nHadoop MapReduce erlaubt es, Auswertunge auf diesen Daten automatisch intern konkurrent zu fahren.\nDafür Code zu schreiben ist jedoch unangemessen, daher kommt Hive oben drauf - Hive kompiliert Anfragen in einem SQLishen Dialekt in Java Sourcecode, der auf dem Hadoop MapReduce Framework parallel ausgeführt werden kann. Die Beschleunigung ist dabei nahezu linear - Hive-Anfragen wurden auf einem 5-Blade-Cluster mit 60 Cores in etwa 56 mal schneller ausgeführt als die identische Query auf einem MySQL. Mit HiveODBC können die Analysten dabei ihr bestehendes Tooling weiterverwenden - für sie wird nur das Backend sehr viel schneller.\nFlume ist ein Framework, daß Logdaten live transformieren, voraggregieren und in Hadoop/Hive laden kann.\nDie Kombination wird die Performance- und Skalierungsprobleme von Eventlogging grundsätzlich lösen und die MyISAM und InnoDB inhärenten Probleme durch neue, aufregende und bisher noch unbekannte Probleme ersetzen - und wie wir erwarten, auf einem höheren Level.\n","date":"2012-05-28T00:00:00Z","href":"https://blog.koehntopp.info/2012/05/28/logging.html","tags":["database","hadoop","mysql","lang_de"],"title":"Logging"},{"categories":null,"content":"In Nur bedingt abwehrbereit schreibt Peter Welchering über die Wirksamkeit oder Unwirksamkeit von Antivirenprogrammen. Dabei geht es auch um den \u0026ldquo;Schutzlevel\u0026rdquo; von Antivirenprogrammen, wie immer der genau definiert ist. Ich lese unter Schmerzen:\nEinen 99-prozentigen Schutz verspricht Marco Preuß vom Antivirenhersteller Kaspersky. Auf 35 bis 96 Prozent taxieren die Softwaretester der „Stiftung Warentest“ das Schutzniveau von Antivirenprogrammen.\nIn einem früheren Leben vor vielen Jahren war ich einmal Securityfuzzi in einem größeren Internetladen, und hatte in dieser Eigenschaft gelegentlich mit Viren und ihrer Verbreitung zu tun, etwa die SOBIG -Welle und einige andere, vergleichbare Teile.\nViele moderne Viren nutzen keine Sicherheitslücke im Rechnersystem aus um eine Maschine zu infizieren, sondern eine andere, viel größere und schwieriger zu sichernde Lücke: Die Person vor dem Rechner . Der Virus verbreitet sich in Mails mit provozierendem oder verängstigendem Inhalt und enthält Anhänge, die sich als Dokumente ausgeben, aber Programme sind. Der Anwender soll beim Lesen der Mail dazu gebracht werden, den Anhang zu öffnen und so die dort enthaltenen Programme auszuführen. Auf diese Weise installiert sich ein Grundprogramm, das dann anfängt, weitere Programmbestandteile aus dem Netz nachzuladen.\nDabei muß der Virus-Autor mehrere Probleme lösen.\nEines ist die Delivery, also das Ausliefern der Mail mit dem Virus an möglichst viele Leute. Zu diesem Zweck verwendet der Autor bereits durch den Virus infizierte Rechner, die dann weitere Rechner infizieren sollen. Diese bereits infizierten Rechner sind jedoch meistens an heimischen DSL-Anschlüssen installiert, und ist ein Nachteil: Netze, in denen Heim-DSL-Anschlüsse enthalten sind, sind bei vielen Mailern geblockt und Mail von dort wird von vorneherein als Spam verdächtigt und nicht angenommen.\nWie sich der Virus selbst versendet, ohne in DSL IP-Blocks zu laufen. Im Falle von SOBIG und vielen anderen Viren geht man daher über einen sehr leistungsfähigen Mittelsmann vor: Der Virus verbindet sich mit dem Mailer eines großen Mailproviders - web.de, 1und1, Telekom und andere sind beliebte Ziele. Im Virus selber sind Adreßdatenbanken mit den Loginnamen und Paßworten von geklauten Accounts enthalten, typischerweise einige Hundert pro Mailprovider. Der Virus greift sich nun die Adreßlisten des befallenen Rechners, loggt sich beim Provider ein und versendet sich an Leute auf der Adreßliste.\nNatürlich gehen die Virenautoren davon aus, daß die Provider geklauten Logindaten sperren werden. Daher ist der Inhalt des Virus selbst verschlüsselt, damit man die Logindaten nicht so leicht finden kann, und die verwendeten Logindaten wechseln in schnellen Intervallen (alle 30 Minuten oder so) auf neue, unverbrauchte Logins.\nDie Virenautoren gehen auch davon aus, daß die Hersteller von Antivirensoftware ihre Suchmuster und Erkennungssysteme aktualisieren. Daher stellen sie alle 4 Stunden eine neue Variante des Virus bereit, die inhaltlich gleich ist, aber bei der die Programmelemente intern anders angeordnet sind und die natürlich neue geklaute Logindaten enthält. Obendrein wird eine neue Welle in der Regel dann gestartet, wenn es in der zu infizierenden Zielregion Nacht ist und die Operating Center der Provider minimal besetzt sind. Eine Startzeit zwischen 2 und 4 Uhr nachts ist normal, sodaß bei Dienstantritt in der Regel schon die 2. oder 3. Welle aktiv ist.\nAuf diese Weise ist der Virus den Abwehrspielern in den Antivirenfirmen und bei den Mailprovidern immer ein wenig voraus und nur sehr aufwendig dauerhaft zu blockieren.\nWas bedeutet das für Virenscanner und andere Schutzprogramme? Welche Bedeutung hat eine Erkennungsrate in so einem System? Es ist klar, daß die Erkennungsrate für neue, aktive Bedrohungen in so einer Umgebung nahe Null ist: Die gerade jetzt aktiv im Spam versendeten Viren sind den Scannern naturgemäß vollkommen unbekannt. Die Autoren der Virensoftware haben selber Testsysteme, auf denen sie sher gut aktualisierte Virenscanner aller wichtigen Hersteller installiert haben und natürlich stellen sie sicher, daß ihr Virus von keinem der gängigen Produkte bereits vorab erkannt werden kann. Damit das so bleibt, variieren sie ihren Angriff alle paar Stunden, um schneller als der Update-Zyklus dieser Programme zu sein.\nDie Erkennungsrate für gerade aktive Bedrohungen ist bei allen diesen Programmen also Null. Und die Angreifer prüfen das, damit das auch so bleibt. Der Scanner nutzt also nur etwas gegen veraltete (also Viren, die älter als 4-24 Stunden sind) Versionen der Bedrohung, und diese versenden sich in der Regel nicht mehr aktiv.\nWas bedeutet das für das Testverfahren der Stiftung Warentest? Da sich das Aussehen der Viren (ihre \u0026ldquo;Signatur\u0026rdquo;) im Stundentakt ändern kann, taugen signaturbasierende Erkennungen in der Regel nur zur Erkennung von veralteten Bedrohungen. Die geraden aktiven Bedrohungen könnte man nur durch Verhaltensanalyse erkennen - hier aber werden die Virenautoren ihre Angriff zuvor recht gut auf die Schutzmaßnahmen der verschiedenen Antivirenprogramme abgestimmt haben und diese zu umgehen versuchen, um das System unerkannt zu kompromittieren. Anders als Signaturdatenbanken ist die Verhaltensanalyse jedoch auch sehr viel aufwendiger zu warten und auf einen Angriff anzupassen, da hier nun Code statt Daten geändert werden müssen. Wenn man also erst einmal einen Weg an einem Virenscanner \u0026lsquo;vorbei\u0026rsquo; gefunden hat, wird dieser auch weitaus länger offen bleiben.\nDie Stiftung Warentest hat ihre Testmethode nicht offengelegt - wenn jedoch gegen Rechner mit Altbedrohungen getestet worden ist und der Test vornehmlich oder ausschließlich auf der Basis einer Signaturdatei erfolgt ist, dann hat er genau keine Aussagekraft.\nEin triviales und leider immer wieder genommenes Testverfahren besteht darin, eine Platte mit so vielen Viren als möglich gleichzeitig zu verseuchen, und eine Kopie von dieser Platte an den Testrechner anzuschließen. Diese Platte wird dann gescannt. Weil Rechner und Virenplatte leicht voneinander zu trennen sind, kann man den Testrechner schnell nacheinander mit einem Virenscanner nach dem anderen austatten und weiter testen, ggf mit einer jeweils frischen Kopie der verseuchten Platte.\nDas ist auf viele verschiedene Weisen nicht aussagekräftig:\nErst einmal ist es nicht das Szenario, gegen das ein Anwender im Angriffsfall vermutlich verteidigen muß - siehe oben. Statt gegen unbekannte frische Programme zu testen, testet man gegen einen Zoo von nicht mehr verwendeter Altware.\nDann ist es so, daß der Testrechner nicht wirklich infiziert worden ist - die Viren liegen inaktiv auf der verseuchten Platte, statt aktiv das Systemverhalten des Testsystems zu beeinflussen. Das ist auch gut so, weil so viele verschiedene Virenprogramme, wenn sie alle zugleich aktiv wären, vermutlich das Verhalten des Testsystems und sich gegenseitig beeinflussen würden. Bis hin zu dem Punkt wo die Testkiste so instabil wird, daß ein sinnvoller Test gar nicht mehr möglich ist.\nWeil die Viren aber nicht installiert und aktiv sind, sondern nur als passive Programme auf der Platte rumgammeln, können die Scanner nur mit ihren Signaturdateien operieren. Die Verhaltensanalyse findet nix, da das Verhalten der zu testenden Kiste wie intendiert nicht beeinflußt wird, um den Test selbst nicht unmöglich zu machen.\nUnd schließlich ist es so, daß die meisten Virenscanner einen Benchmarkmodus haben: Wenn sie auf einem System in einem Testlauf mehr als n Viren finden und eventuell eine von diesen Dateien sogar EICAR ist, dann schalten sie in einen speziellen Benchmark-Modus, der mit dem normalen operativen Betrieb nichts zu tun hat und der speziell dafür designed ist, das Programm in einem Vergleichstest gut aussehen zu lassen.\nAuf diese Weise kommt man zu Ergebnissen, die mit dem realen Schutzwert des Programmes genau gar nichts zu tun haben. Und dieser bemißt sich in der realen Welt gegen eine echte Bedrohung vermutlich nicht nach der getesteten, aber in der wirklichen Welt eher nutzlosen Signaturdatei, sondern nach der Qualität der Verhaltensanalyse von Programmen.\nNachtrag: Wie sind die Angreifer an Loginnamen und Mailadressen von Mailaccounts gekommen? Phishing von eBay-Accounts (\u0026ldquo;Für die eBay-Disputresolution gehen sie bitte auf die folgende wilde Webseite und geben sie unmotiviert ihren eBay-Namen und ihr Kennwort ein, oder wir sperren ihren Account!11!!eins!Elf\u0026rdquo;) liefert den Angreifern eBay-Namen und Paßworte. Loggt man sich nun mit diesen Daten automatisiert bei eBay ein, kann man dort eine Reihe von spannenden Daten absaugen, darunter auch die Mailadresse, an die eBay Benachrichtigungen senden soll.\nMit dieser Adresse und dem eBay-Paßwort kann man nun versuchen sich automatisiert bei dem Provider einzuloggen. Hat der Benutzer bei allen seinen Accounts dasselbe Paßwort verwendet, gelingt das und man ist zusätzlich zu seinem eBay-Account auch noch sein web.de/GMX/T-Online los.\nNachtrag: Wieso machen die das? Wenn ein Rechner erst einmal befallen ist, kann man mit ihm alles machen: Man kann seine lokale Festplatte durchsuchen und die Bankdaten für Onlinebanking aus der Bankingsoftware oder dem Browsercache auslesen. Man kann seine Mailkontakte abernten und sie verwenden, um den Freunden dieser Person realistischere Spam-Mails zu senden. Man kann weitere Software aus dem Internet nachladen und den Rechner und seine Internet Anbindung verwenden, um mehr Spam zu versenden, DDoS-Angriffe auf andere zu fahren und mit dieser Drohung Schutzgeld zu erpressen und man kann viele weitere unschöne Dinge damit tun.\n","date":"2012-04-27T00:00:00Z","href":"https://blog.koehntopp.info/2012/04/27/alle-vier-stunden-zum-nutzen-von-antivirus-und-zum-nutzen-von-testverfahren.html","tags":["security","spam","virus","lang_de"],"title":"Alle vier Stunden - zum Nutzen von Antivirus und zum Nutzen von Testverfahren"},{"categories":null,"content":"Wonka\u0026gt; Die Toppoint z.B. wird vermutlich nie was haben, was in nennenswerte Last-Regionen kommt, aber ich will - akademisches Interesse und so - schon wissen, wie man das da am besten täte. Was mich auch für die Toppoint interessiert: irgendeine Sorte Redundant Array of Inexpensive Databases :)\nLalufu\u0026gt; MySQL mit Replication? Alternativ mit DRBD?\nIsotopp\u0026gt; Mit DRBD. Nicht mit Replikation.\nWonka\u0026gt; Lalufu: Hm, Master-Master-Replication geht ja nur mit Zweien. Wenn man nun mehr als das haben will, kann man zwar Ringe bauen, aber nur einfach verkettete.\nIsotopp\u0026gt; Wonka: Argh! Master-Master geht nicht mit Replikation. Nie.\nWonka\u0026gt; huh?\nIsotopp\u0026gt;\n-- Thread 1 schreibt auf Master 1: insert into t (id, d) values (NULL, \u0026#39;eins\u0026#39;); -- Zeitgleich schreibt thread 2 auf master 2: insert into t (id, d) values (NULL, \u0026#39;zwei\u0026#39;); Isotopp\u0026gt; Was steht in der Datenbank master1, was steht in der Datenbank master2? Wenn man mal annimmt, dass MySQL auto_increment_increment und auto_increment_offset korrekt gesetzt sind?\nWonka\u0026gt; Isotopp: ok, Problem. Trotzdem gibts reichlich HOWTOs dazu.\nIsotopp\u0026gt; Wonka: Das ist noch kein Problem. Du kriegst (1, 'eins') und (2, 'zwei'). So weit funktioniert das.\nkv_\u0026gt; Bei UPDATE sieht\u0026rsquo;s anders aus.\nIsotopp\u0026gt; Jetzt macht aber Thread 1 auf master1 ein UPDATE. Und zwar update t set d = 'een' where id =1;. Und Thread 2 macht auf master2 ein UPDATE. Und zwar update t set d = 'one' where id = 1; Was steht auf master1 und was steht auf master2?\nIsotopp\u0026gt; Der Punkt ist, daß es keine global für die Domain des ganzen Ringes gültige Serialisierung von Ereignissen gibt. Es gibt also keine globale Festlegung der Reihenfolge von Ereignissen. Sondern jeder lokale Knoten hat seine eigene Reihenfolge von Ereignissen. Im Klartext heißt das, daß auf master1 die Reihenfolge der Events een, one sein kann, auf Master 2 aber one, een oder umgekehrt.\nLalufu\u0026gt; Genaugenommen ist das Problem, daß Leute sowas gerne hätten, aber MySQL das nicht liefern kann.\nIsotopp\u0026gt; Lalufu: Nein, die Situation ist weitaus komplizierter. Laß mich zu Ende erklären.\nWonka\u0026gt; http://www.howtoforge.com/mysql_master_master_replication :\n\u0026ldquo;This tutorial describes how to set up MySQL master-master replication. We need to replicate MySQL servers to achieve high-availability (HA). In my case I need two masters that are synchronized with each other so that if one of them drops down, other could take over and no data is lost. Similarly when the first one goes up again, it will still be used as slave for the live one.\u0026rdquo;\nWonka\u0026gt; Also haben die\u0026rsquo;s nicht verstanden\u0026hellip;\nIsotopp\u0026gt; Richtig. Genauer: Sie glauben, sie können gewinnen. Aber das Universum kann man nicht bescheißen.\nIsotopp\u0026gt; Wonka: Du willst also eine solche Serialisierung erzwingen. In SQL erzwingt man eine bestimmte Reihenfolge von Ereignissen, indem man für die Domain, in der man arbeitet eine Sperre (englisch: lock) setzt. Man braucht also ein Locking, das in der ganzen Domain gilt.\nIsotopp\u0026gt; Die Domain ist nun aber nicht mehr eine Kiste, dafür hat Dein SQL Server ja Locks, sondern der Ring. Und MySQL Replikation hat spezifisch kein Locking Protokoll. Es gibt solche Protokolle, 2PC, 3PC, Paxos, Raft und noch ein paar mehr. 2PC ist das schnellste, in dem Sinne, daß es minimale Umlaufanzahlen/Lockzeiten hat. Paxos und Raft sind im Sinne der Ausfallsicherheit/Recoverability das Sicherste.\nOhne ein solches Locking Protokoll kannst Du nirgendwo konkurrente Writes sicher durchführen, weil Du eben keine für die Domain gültige Serialisierung von Ereignissen erzwingen kannst. Jedes Setup mit mehr als einem Writer ohne ein distributed locking protocol ist also kaputt.\nLesen wir also die Anleitung zu mmm, MySQL Multi Master. Steht drin: »schreiben nur in einem Knoten.« Also: ein Ring, kein Multi-Master - der Name ist Betrug.\nGucken wir irgendwo sonst, total egal wo: ENTWEDER Synchronisation durch Locking ODER nur ein Master ODER kaputt.\nDas ist die Wahl. Die ganze Wahl. Es gibt keine weiteren Möglichkeiten.\nkv_\u0026gt; Wonka: Und wenn man die Leute fragt, warum die Master-Master oder circular replication aufsetzen, kommt immer die falsche Antwort: \u0026ldquo;Ausfallsicherheit\u0026rdquo; oder \u0026ldquo;Lastverteilung\u0026rdquo;. Für Ausfallsicherheit nimmt man ein Shared Storage und baut sich eine failover-Lösung auf OS-Ebene drüber - also NetApp oder DRBD. Und für Lastverteilung beim Lesen nimmt man one-way Replication. Schreibverteilung kann MySQL nicht. Da fängt man dann an, auf Anwendungsebene Sharding-Architekturen zu bauen.\nIsotopp\u0026gt; Exakt.\nIsotopp\u0026gt; Lalufu: So, jetzt zu MySQL und liefern. MySQL liefert ein Produkt mit mehreren Knoten und 2PC. Es heißt MySQL Cluster. Es verwendet nicht MYSQL Replikation, um das zu tun.\nIsotopp\u0026gt; Und zu HA: MySQL 5.1, 5.5 und 5.6 haben verschiedene Inkremente von MySQL SemiSynchronous Replication (SSR). Damit hat man EINEN Master, aber Slaves, die das Commit auf dem Master VERZÖGERN (den Master also langsamer machen). Und zwar so lange, bis wenigstens ein Slave existiert, der denselben Stand hat wie der Master.\nDas kombiniert die Nachteile von 2PC (warten) mit den Nachteilen von Replikation, die da sind:\nIn MySQL Replikation ist der Slave ja abhängig von der MySQL binlog position. Die verwaltet jeder Knoten aber selber. Und das heißt, man kann den Slave 3, der an Master 1 hängt, nicht einfach an Slave 2 hängen, von dem wir wissen, daß er Dank SSR auf demselben Stand wie Master 1 ist. Das ist so, weil der Stand von Master 1 in binlog position (mname, mpos) ausgedrückt wird, derselbe Stand auf slave 2 aber (s2name, s2pos) ausgedrückt wird.\nUnd es gibt keinen Übersetzungsmechanismus. Man kann einen bauen, das tut dann unterschiedlich weh, je nachdem wie korrekt man das im Falle eines Desasters haben will. Und wir reden über HA, man will es also korrekt haben.\nIn MySQL 5.6 gibt es dann die Global Transaction ID (GTID) und einen Übersetzungsmechanismus (transparent, automatisch) von GTID in lokale Position. Mit SSR und GTID zusammen kann man dann in 5.6 auch endlich Replikation als HA Mechanismus verwenden und könnte einen Ring mit genau einem aktiven Master als HA-System stabil verwenden. Das heißt, man hat immer noch Waits wegen der Synchronisation in SSR, aber keine Probleme mit dem Failover mehr.\nWonka\u0026gt; MySQL Cluster ist aber nicht FOSS, oder?\nIsotopp\u0026gt; Wonka: MYSQL Cluster war früher FOSS. Was es jetzt ist, habe ich nicht nachgesehen, weil mich Cluster aus anderen Gründen nicht interessiert.\nEs ist strukturell nicht möglich, normale Anwendungen, die gegen vanilla MySQL performen, gegen Cluster laufen zu lassen und Performance zu erwarten. Cluster-Software ist immer speziell gegen Cluster geschrieben.\nAktueller Cluster ist inzwischen VIEL BESSER darin als der Cluster, den ich gekannt habe, aber es bleibt schwierig.\nDu suchst einfache Lösungen für distributed databases. So etwas existiert nicht. So etwas KANN nicht existieren ohne daß du an c drehst.\nDu willst also mit Q (aus Star Trek: The Next Generation) reden, oder Dir eine von Grace Hoppers Mikrosekunden um den Hals hängen.\nLalufu\u0026gt; Würden Sie diesem Mann Ihre Replikation anvertrauen?\n","date":"2012-03-15T00:00:00Z","href":"https://blog.koehntopp.info/2012/03/15/grundsaetze-verteilter-datenbanken.html","tags":["cluster","database","erklaerbaer","distributed computing","mysql","lang_de"],"title":"Grundsätze verteilter Datenbanken"},{"categories":null,"content":" Ein total kaputtes Stück Graph.\nDas da ist das, was ich bekomme, wenn ich mir eine Woche Daten in dem Datenbank-Monitoringprodukt meiner Wahl anschaue. Aber das spielt keine Rolle. Ich kann mir so ziemlich jeden Zeitreihengraphen anschauen, aus so ungefähr jedem Stück Software, das mir zur Installation zur Verfügung steht, und falls es nicht rrdtools ist, ist es genau so kaputt.\nDas ist bemerkenswert, weil der Plot wahrscheinlich von einem Rudel Diplom- oder Master-Abgänger gebaut worden ist. Man sollte annehmen, daß jetzt, wo ein Studium Geld kostet, diese Personen vielleicht auch zuhören, wenn ihnen elementare Dinge erklärt werden.\nWas ist genau kaputt? Man versuche einmal, die Werte zwischen dem 6. und dem 7. März abzulesen. Wie man sieht, haben wir dort keine Linie, sondern einen fetten gelben Zitteredding, der die Pixel auf dem \u0026ldquo;Graphen\u0026rdquo; zuquastet.\nDer \u0026ldquo;Graph\u0026rdquo; ist hier 640 x 300 Pixel groß, weil ich das so eingestellt habe, damit ich mehrere Browserfenster zum Vergleichen nebeneinander legen kann. Die Software nimmt einen Meßwert pro Minute auf, also 1440 Messungen pro Tag. Es sind also hier 10080 Meßwerte in Betracht zu ziehen, um die gewünschte Darstellung von einer Woche zu zeichnen, also nicht ganz 16 Meßwerte pro x-Pixel. Unser \u0026ldquo;Graph\u0026rdquo; zeichnet nun für jeden x-Wert alle 16 Meßwerte ein.\nIrgendein Spezialexperte hat jetzt die Meßpunkte außerdem noch miteinander verbunden, damit man bei Diskontinutäten keine Löcher im Graph hat. So hat man noch mehr als 16 geplottete Pixel pro x-Pixel, und stellt so sicher, daß in einem Spike der gesamte Graph vollkommen nutzlos ist. Weil Spikes nun gerade die interessanten Stellen wären. meinjanur\nDas Resultat ist vollkommen nutzlose Pixelmarmelade: Wie ist die Verteilung dieser 16 Werte zu jedem Zeitpunkt? Wie sind Mittelwert, Median, Maximum, Minimum in dieser Pixelwolke gelegen? Welche dieser Pixel sind Meßwerte und welche informationslose Verbindungslinien?\nHier ein Tip: Man kann das noch pessimieren, indem man da irgendeinen Spline durch legt, damit es noch Überschwinger gibt. Dann kann man dem Ding überhaupt keine Informationen mehr entnehmen.\nEin Graph, mit dem man etwas anfangen kann.\nDies ist ein anderer Graph - diesmal einer, der den Namen auch verdient. Wie man sehen kann, wird wieder ein Zeitraum von einer Woche gemalt, sodaß pro x-Wert nicht ganz 16 Meßwerte zu berücksichtigen sind. Hier - es handelt sich um rrdtool - hat jemand mitgedacht, und so sehen wir in Blau den Mittelwert der 16 Werte und in Rot das Maximum dieser Werte eingezeichnet.\nEs ist klar erkennbar, daß der Mittelwert relativ stabil ist (bis er am Ende abfällt), und wie hoch die Spikes sind, die von diesem Mittelwert ausgehen. Auf dieser Grundlage kann man verläßliche Aussagen über das Lastverhalten der Kiste machen.\nDamit ist bewiesen, daß Tobias Oetiker in seinen Mathevorlesungen zugehört hat, anstatt sich in den Nächten vorher das Hirn weg zu saufen. Wenigstens einer!\nDichte-Diagramm und Qualitätsrating im Mittelwert.\nDies ist ein Graph, wie er von Smokeping gemalt wird. Hier werden sogar 15 Tage betrachtet. Für jedes Pixel stehen also circa 30 Meßwerte bereit, wenn man einmal pro Minute mißt - bei einer Messung alle 5 Minuten immerhin noch 6 Meßwerte (mal 20, weil Smokeping in einer Messung je nach Konfiguration mehrere Werte erfaßt - hier 20).\nIm Graph erkennen wir genau den farblich hervorgehobenen Median (Es wird ein Median statt eines geometrischen Mittels eingezeichnet, weil das stabiler gegen Outlier ist). Der Farbcode für den Median gibt zugleich eine Verlustrate an. Kommt es überhaupt zu Verlusten, liegt also eine Störung vor, ist der entsprechende Bereich des Graphen farblich markiert und die Farbe des Median gibt die Verlustrate (hier: 10/20, Lila) an.\nÜber und unter dem Median ist durch entsprechende Grauwerte eine Dichteverteilung der gemessenen Werte eingezeichnet. Wir können also nicht nur erkennen, wie weit die Maxima und Minima vom Median abweichen, sondern durch die Schattierung erkennen wir das kumulative Histogramm der Meßwerte, bekommen also einen Dichtegraphen und können so sehen, wie anormal so ein Outlier/Maximum denn nun wirklich ist.\nDas ist zwar auch wieder ein breiter Quast wie im ersten Graphen. Anders als im ersten Graphen ist er jedoch intern strukturiert und enthält eine große Menge an zusätzlichen Informationen in derselben Menge Pixel - es handelt sich um ein Histogramm, mit der die Dichteverteilung der Werte visualisiert wird.\nSo macht man es richtig.\nUnd jetzt schaut Euch Eure Graphen an, schämt Euch, schmeißt Euren Code weg und macht es richtig. Damit ich mich nicht mehr aufregen muß.\nDanke sehr.\nNachtrag: rrdtool schützt nicht vor Dummheit. Also, es versucht sein Bestes, aber wenn das Problem vor der Tastatur darauf besteht, kommt trotzdem Rotz raus.\nBest of Munin:\nUptime steigt um einen Tag (ein y-Pixel) pro 24 Stunden. Das ist schon als Linie kaum zu sehen - als Bargraph aber komplett im Eimer.\nWir nehmen einen dicken Edding und Daten mit Spikes. Und lassen jede Form von Median/Maximum/Minimum-Plot beiseite, denn sonst wäre das Ergebnis womöglich sinnvoll.\n","date":"2012-03-12T00:00:00Z","href":"https://blog.koehntopp.info/2012/03/12/wie-man-einen-graph-plottet.html","tags":["computer","monitoring","mysql","lang_de"],"title":"Wie man einen Graph plottet"},{"categories":null,"content":"Wolfgang Michal schreibt auf carta.info: Kleine Anfrage an die Kritiker des geistigen Eigentums das übliche Zeugs. Das heißt, er zieht sich an dem Begriff \u0026ldquo;Geistiges Eigentum\u0026rdquo; hoch und schlägt vor, daß die Gegner des Kampfbegriffes \u0026ldquo;Geistiges Eigentum\u0026rdquo; auch das dingliche Eigentum gleich mit abschaffen, wegen weil.\nDie Diskussion und die Argumente sind nicht neu, wir finden sie auch im hinteren Teil der Diskussion mit Lena Falkenhagen im November , die ich seinerzeit in Nicht das Urheberrecht ist das Kernthema zusammengefaßt habe. Sicherheitshalber hat Marcel Weiss die Standardantwort auf diese Standardfrage noch einmal aufgeschrieben, denn manchmal braucht auch einer wie Wolfgang Michael einmal eine FAQ an die Birne geknallt.\nEben Lena Falkenhagen greift nun den \u0026ldquo;Kleine Anfrage\u0026rdquo;-Artikel in Google Plus noch einmal auf, nachdem Andreas Eschbach sie darauf aufmerksam gemacht hat, und Andreas Eschbach diskutiert dort auch mit.\nDas wäre nicht weiter interessant, denn diese Richtung der Diskussion geht, wie wir in Nicht das Urheberrecht ist das Kernthema und dem Nachtrag dazu etabliert haben, vollkommen am Kern des Problems vorbei. Der \u0026ldquo;Blechpirat\u0026rdquo; Karsten greift das auf:\nIch finde den Artikel eher schwach. Konkret geht er auch an der Sache vorbei. Zu Rechtfertigen, warum man den juristischen Fachbegriff \u0026ldquo;Eigentum\u0026rdquo; gerne falsch auf das Urheberrecht anwenden möchte, hilft doch keinen - letztlich wird damit doch nur Propaganda gerechtfertigt. Spannend ist doch viel mehr die Frage, wie man mit der neuen Technik umgeht, wie man mit der Kopierbarkeit (auch juristisch) umgeht und wie man dann noch mit Denken, Schreiben, Malen und Musizieren noch Geld verdienen kann, wenn diese Technik vollständig da ist. Und da versagt der Artikel. Er bleibt (langweilige und nicht besonders gut geschriebene) Polemik.\nund Christian Buggedei hat schon auf carta.info nachgesetzt gehabt:\nEs gibt viele Dinge, bei denen man die “Das ist Technik, das geht halt so und nicht anders” nicht hinnehmen muss. Da kann man neue, bessere Technik konstruieren, da kann man Verbote aussprechen und sie auch kontrollieren.\nDieses eine Ding – Inhalte kopieren – ist leider eine Ausnahme. Wenn wir dieses wirksam kontrollieren und einschränken wollen, müssen wir das Internet so wie es ist abschaffen. Komplett. Eigene, spontan erstellte Seiten und Dienste wird es nicht mehr geben, jeglicher Kommunikationsvorgang muss überwacht und kontrolliert werden. Alles andere wird fast sofort umgangen werden.\nEr holt dann noch weiter aus und zeichnet auch einen sinnvollen Ausblick auf - aber lest seinen Kommentar halt selbst, ich warte hier so lange.\nAber Andreas Eschbach hat noch Fragen:\nIch weiß nicht, wieso sich alle immer so an dieser \u0026ldquo;beliebigen Reproduzierbarkeit\u0026rdquo; aufhängen. Wieso denn? Was ändert denn das?\nund wir erklären es ihm - es geht nicht wirklich um das Kopieren, und seinen Blick darauf zu fixieren verstellt einem die Sicht auf das Ganze. Es geht um die Kommunikation von Leuten miteinander, und wie das die Strukturen im Markt ändert. Die Kopierbarkeit rundet das Ganze nur ab. Ich formuliere das so:\nWas die neue, digitale Natur von Werken ändert hatte ich in der vorherigen Instanz dieser Debatte schon einmal aufgemalt:\nNicht das Urheberrecht ist das Kernthema \u0026ldquo;Dann ist da aber auch die Verminderung des Aufwandes und die Verkürzung der Publishing Pipeline: Jeder, der schreiben will, kann nun schreiben. Ob er gelesen wird ist noch einmal eine andere Sache - aber es gibt nichts und niemanden mehr, das jemandem vom Schreiben abhalten kann. Und so gibt es neben den Werken, die Du und Deinesgleichen für Geld produzieren nun haufenweise anderes Zeugs - frei erhältlich an Orten wie Wattpad oder einer der Tausend anderen Story Communities im Web. Gegen diese Leute und deren Preise treten Autoren für Geld nun an.\u0026rdquo; und in den folgenden Absätzen des o.a. Artikels länger ausgeführt.\nEs ist nicht das Urheberrecht das Problem, sondern es sind mehrere Mechanismen am Werk, die strukturelle Dinge ändern:\nWeil Kopien machbar sind werden sie gemacht. Das ist auch nicht zu verhindern, ohne daß etwas ganz schreckliches entsteht, daß niemand von uns will. Weil jeder sich und seine Werke publizieren kann, fragmentiert der Markt. Dazu kommt, daß viele ihre Werke kostenlos oder zu sehr niedrigen Kosten publizieren. Dadurch entsteht ein Race to the bottom. Weil jeder sich publizieren kann, und die publizierten Werke teilweise Fragmente sind, die dann wieder weiter verarbeitet werden, ist Urheberschaft teilweise ein schwer feststellbares Konzept. Zu 3: Besonders ausgeprägt im Bereich der Programmentwicklung, teilweise aber auch bei der Texterstellung - kollaborative Systeme dienen dazu, kleinste Beiträge von Einzelpersonen zu einem Gesamtwerk zu aggregieren. Fast alle moderne Werkentstehung arbeitet auf diese Weise, und wo das gelingt, haben Einzelpersonen kaum noch eine Chance. Dazu kann ich auf Anfrage mehr schreiben (Nachtrag ) redet da schon teilweise drüber).\nÜber das Urheberrecht zu diskutieren geht am Kern des Problems vorbei. Das versuche ich mit meiner Frage nach dem Wunsch-Urheberrecht in Richtung Lena Falkenhagen und Andreas Eschbach ja zu illustrieren - es würde mich wundern, wenn eine sinnvolle Antwort käme, denn IMHO gibt es keine - auch in [Von einem Absturz, Tutus und einem neuen Urheberrecht]({\u0026amp; link _posts/2011-11-24-von-einem-absturz-tutus-und-einem-neuen-urheberrecht.md %}) habe ich keine Antwort bekommen.\nDie Frage ist ja schon falsch.\nund Karsten geht noch einmal auf die Eigentumsgleichsetzung ein, um die Erklärung zu komplettieren:\nMein gedanklicher Ansatz ist ein anderer: Eine Eigentumsordnung wie die unsere ist bisher auf die Verwaltung von Knappheit ausgelegt. Wenn es nur einen Apfel gibt, dann ist es fair, dass der einer konkreten Person zugeordnet wird - sie kann entscheiden, was mit dem Apfel passiert.\nSind Äpfel aber beliebig reproduzierbar, erscheint es unfair, wenn nur einer über sie entscheidet, der andere aber hungrig stirbt.\nMir ist klar, dass niemand stirbt, weil er ein digitales Werk nicht erhält. Aber der Gedanke der exklusiven Zuordnung erhält seine moralische Rechtfertigung in der Knappheit des Gutes.\nGerade deshalb wollen die Urheberrechtsverschärfer (wie der im Originalposting genannte [Wolfgang Michal]) ja unbedingt Urheberrecht und Eigentum gleichsetzen - um die moralische Legitimierung des Begriffes Eigentum für ihr Anliegen ausnutzen zu können.\nMir ist klar, dass meine Gedankengänge jetzt das von Lena Falkenhagen angesprochene Problem (wie wird der Künstler bezahlt) nicht lösen. Aber die künstliche Verknappung des Gutes durch Gesetz und technische Lösungen scheint keine praktikable Lösung zu sein. Das Gesetz kann nicht erfolgreich durchgesetzt werden, wenn die Mehrheit der Unterworfenen es für ungerecht befindet - das geht einfach nicht, ist 1000mal probiert worden und scheitert. Und die technischen Ansätze scheinen auch zu scheitern.\nAn dem Konzept der Rechtsdurchsetzung knabbert man im weiteren Verlauf der Diskussion noch weiter herum. Es werden Vergleiche mit roten Ampeln und mit Mördern gezogen, aber man kommt nicht so richtig weiter. Oder doch? Lena:\nChristian Buggedei, ich halte die Argumentation für unfair und sehr gefährlich. Nur weil alle Leute über die rote Ampel gehen, heißt es noch nicht, dass das erlaubt wäre.\nIch bin auch kein Freund von jahrelangen Gefängnisstrafen für private Raubkopierer, aber wenn \u0026ldquo;das macht doch jeder\u0026rdquo; gelten würde, wäre Mord im Affekt an der Ehefrau und ihrem Geliebten immer noch ein Ehrendelikt.\nIch weiß, dass ich gerade polemisch werde, aber am Urheberrecht ist so nichts auszusetzen. Es schützt meine Rechte als Autorin, die ich mir in langer, harter Arbeit verdient habe. Die Durchsetzbarkeit gerät ins Wanken, da stimme ich zu.\nDaher müssen neue Wege gefunden werden, Urheber (jeglicher schöpferischer Werke) zu gratifizieren. Sonst sind (geraten) 90% der weltweit beliebtesten Unterhaltungsprodukte, an denen momentan einfach so partizipiert wird, \u0026ldquo;weil man es kann\u0026rdquo;, nicht mehr möglich.\nDoch, man kommt weiter. Denn Christian läßt sich von der fruchtlosen Diskussion nicht blenden, und geht auf den entscheidenden Punkt ein:\nLena Falkenhagen: \u0026ldquo;Daher müssen neue Wege gefunden werden, Urheber (jeglicher schöpferischer Werke) zu gratifizieren. Sonst sind (geraten) 90% der weltweit beliebtesten Unterhaltungsprodukte, an denen momentan einfach so partizipiert wird, \u0026ldquo;weil man es kann\u0026rdquo;, nicht mehr möglich.\u0026rdquo;\nGenau.\nNochmal: Genau.\nGenau das ist es, was \u0026ldquo;wir\u0026rdquo; die ganze Zeit sagen: Es geht nicht darum, diealten Einkommenswege zu zementieren, sondern neue zu erschließen. Am Horizont sehen wir da diverse Wege, gerade wenn zB die Inhalte an begehrenswerte physische Artefakte wie \u0026ldquo;schöner Druck\u0026rdquo;, \u0026ldquo;schöne Packung\u0026rdquo;, oder \u0026ldquo;Sammlerfigur\u0026rdquo; gebunden sind. (wobei sich das mit 3d-Printing auch wieder ändern könnte), es gibt offensichtlich ebenso die Bereitschaft für einen besonders einfachen Zugang zu zahlen, oder Modelle wie Flattr, Kickstarter und Co., und und und. Wie Kristian Köhntopp sagte, ist dabei das Urheberrecht allerdings das kleinste Problem.\nIch habe persönlich nur die Befürchtung, dass wir das Urherberrecht dennoch erst schleifen müssen, bevor der Druck, diese neuen Modelle ernsthaft auszuprobieren, in der Breite ankommt.\nAndreas Eschbach ist weiter skeptisch:\n»Jetzt schaue ich mir mal meine Umgebung an. Gefühlte 97% davon ist der Ansicht, dass das freie Kopieren von Zeugs für Privatpersonen zwar illegal, aber nicht sonderlich moralisch verwerflich ist.«\nDas wäre bis jetzt der einzige Ansatzpunkt, der mir einfällt: Dass man durch entsprechende Aufklärungsarbeit das Verständnis dafür weckt, welches Kopieren okay ist (für den Eigengebrauch, bislang \u0026ldquo;Privatkopie\u0026rdquo; genannt) und welches nicht okay ist (Buch einscannen und stolz sein, wenn\u0026rsquo;s 5000 Leute runtergeladen haben, ehe die Datei in Usbekistan vom Server geschmissen wird). Man tritt ja auch keine Hunde mit Füßen und schnappt nicht alten Omas den Sitzplatz weg und man bescheißt im Restaurant nicht usw. – alles weitgehend freiwillig aus dem Bewusstsein heraus, \u0026ldquo;es wäre nicht okay\u0026rdquo;.\nDas ist allerdings viel Arbeit, wenn ich dran denke, wie viele Mails ich schon gekriegt habe von Leuten, die mir Sachen schreiben wie \u0026ldquo;ich hab mir alle Ihre Romane besorgt (bei ebay), weil ich finde, man muss einen Autor unterstützen\u0026rdquo; \u0026hellip; :-(\nund schließt mit der Betrachtung\n\u0026ldquo;Wenn man hier nicht aufpasst, wird ganz schnell eine andere Art von Knappheit entstehen, nämlich eine an wirklich neuen Schöpfungen.\u0026rdquo;\nAber da unterschätzt Andreas Eschbach wahrscheinlich seine Leser und Kunden. Denn es existieren jede Menge Gegenbeispiele, die zeigen, daß genau diese Aufklärungsarbeit bei den Lesern offene Türen einrennen würde. Christian Buggedei ist jedenfalls, wie ich, genau dieser Auffassung:\nIch weiss ehrlich gesagt gar nicht, ob diese Arbeit nötig ist. Denn die prinzipielle Bereitschaft, den Autoren, Musikern, Filmemachern etc. die man gut findet, Geld zu geben ist ja da. Es \u0026ldquo;fehlt\u0026rdquo; wohl nur der Wille, das über die althergebrachten Kanäle zu tun.\nund ich führe länger aus:\nIch könnte an dieser Stelle den Brockhaus und den Britannica-Verlag erwähnen, die da andere Dinge berichten können. Ich könnte die ganzen Projekte aus den oben erwähnten Blogbeiträgen von mir noch einmal aufzählen. Oder ich könnte auf meine eigenen Arbeiten verweisen, die zwar keine Geschichten erzählen, aber von einer Reihe von Leuten als Ausbildungsmaterial gerne verwendet werden.\nStattdessen will ich nur auf die Artikelserie von Heiko Harthun verweisen: \u0026ldquo;Projekt: Eben nicht schwarzer März!\u0026rdquo;. Es steht unter dem Motto: »Anstatt sich einem absoluten Boykott der Verwertungsindustrie anzuschließen, wäre ein deutlich erfolgversprechenderer Weg, die Stand-Alone-Projekte und fairen Kleinstverwerter zu belohnen. Das wichtigste daran, es so vielen Leuten mitzuteilen. Deshalb hier jetzt den ganzen März lang jeden Tag eine neue Empfehlung.«\nAm Ende des Monats wirst Du so 31 Beispiele haben, die zeigen, daß keine Knappheit an wirklich neuen Schöpfungen herrschen wird. Stattdessen, das zeigen diese Beispiele, verändert sich die Art und Weise wie Schöpfer von Werken an eine Finanzierung kommen, oder es ändern sich die Motive, aus denen diese Personen Werke schaffen.\nEs handelt sich eben genau nicht um eine Krise des Urheberrechts an sich, sondern um einen Strukturwandel im Schaffensprozeß, der durch eine neue Art der Werkverbreitung und durch eine neue Art der Kommunikation ausgelöst wird. Daher ist das Ganze auch nicht im Urheberrecht zu reparieren, sondern nur durch eine Anpassung an diese neuen Strukturen.\nChristian Buggedei ist begeistert und will nun Nägel mit Köpfen machen. Er fordert Andreas Eschbach und Lena Falkenhagen heraus:\nZum Thema Zahlbereitschaft: Wie wäre es mit einer Wette?\nWir starten gemeinsam ein Kickstarter Projekt. Du, und hoffentlich ein paar andere Autoren (ich schau zum Beispiel einfach auch mal Lena Falkenhagen an) sagt mir, was Ihr für an Geld braucht/wollt um je eine Kurzgeschichte zu schreiben. Da schlagen wir dann einen Betrag für Lektorat, Zusammenstellung, Artwork, Buchhaltung etc drauf und stellen das als Projekt dem Internet vor.\nWenn dann der Gesamtbetrag zusammenkommt, schreibt Ihr die Geschichten, werdet bezahlt und wir veröffentlichen das unter CC by-nc-sa sowohl gedruckt als auch kaufbar und kostenlos in den gängigen eBook-Formaten. Ich würde mich nicht wundern, wenn das Geld nicht innerhalb eines Monats zusammenkommen würde und dennoch danach regelmäßig die Kurzgeschichtensammlung gekauft wird.\nLeider kneift Andreas Eschbach:\nGrundsätzliches zu der Wette: Man muss bei solchen Sachen unterscheiden zwischen dem Erfolg aufgrund des Eventcharakters, so etwas als einer der Ersten zu machen, was ein Anreiz für viele sein kann, mitzumachen, und dem Erfolg aufgrund eines funktionierenden Konzeptes, das auch auf Dauer und für viele funktionieren kann: Von Letzterem bin ich schwer zu überzeugen.\n(Das wird immer übersehen von denen, die ankommen mit von wegen \u0026ldquo;Cory Doctorow stellt seine Bücher frei ins Netz und verkauft sie trotzdem\u0026rdquo;: Was bei 1 funktioniert, muss noch lange nicht bei allen funktionieren und funktioniert auch nicht bei allen.)\nPersönliches zu der Wette: Würde meinen Verleger unnötig nervös machen, wenn ich bei so etwas mitmachte, und das will ich ihm nicht antun. :-D\nDas mit dem einmaligen Eventcharacter stimmt so übrigens nicht, merkt Christian Buggedei an:\nSowas und ähnliches funktioniert auf Dauer und für viele. Alexandra Erin, Fred Gallagher, Scott Kurtz, Jeffrey T. Darlington, die Jungs von Penny Arcade, Rich Burlew, Ryan Sohmer\u0026hellip; um nur ein paar zu nennen. Cory ist sicherlich derjenige, der das am meisten weitererzählt und propagiert, aber er ist nicht der einzige.\nUnd Heiko Harthun hat noch mehr Beispiele:\nDurch meine erste Berührung mit einem Kindle und jetzt mit der App für mein Tablet hat sich mein Leseverhalten grundlegend verändert. Ich kaufe haufenweise eBooks für kleines Geld und kaufe ausschließlich die Gebundene Ausgabe eines eBooks, wenn es mir gefällt. Taschenbücher sind bei mir damit \u0026ldquo;nahezu\u0026rdquo; ausgestorben. Warum nur \u0026ldquo;nahezu\u0026rdquo;? Ich gehe sogar den umgekehrten Weg. Ein eBook, dass gar nicht auf Papier zu haben ist, habe ich mir jetzt als Book on Demand (etwas veraltete Idee, die gerade totgeglaubt, wiederbelebt wird) bestellt.\nDas alles hat primär nichts mit dem Urheberrecht zu tun, sondern mit sterbenden und sich schnell verändernden Geschäftsmodellen. Und was die mühsame Argumentation mit dem \u0026ldquo;Die Massen zahlen doch nicht für etwas, was sie umsonst kriegen können!\u0026rdquo; angeht: lassen wir einfach ein Beispiel von Neil Gaiman für sich sprechen.\nEs gibt noch mehr davon, die alle ganz deutlich widerlegen, was wir alle glauben. Wir glauben, dass jemand lieber nimmt anstatt zu geben, wir glauben das jemand nicht für ein Produkt bezahlt, wenn er es auch umsonst bekommen kann.\nDieser Glaube basiert auf unserer Intuition. Menschliche Intuition funktioniert nicht! Menschliche Intuition ist broken bei Design! Jedes, aber auch wirklich jedes Wissenschaftliche und sogar nur rein statistische Modell schlägt die Intuition! Jedes!\nRelevant: Dan Pink on Motivation \u0026ldquo;Intuition sucks! That\u0026rsquo;s why we test!\u0026rdquo; ist ein sich langsam etablierendes Dogma in der IT-Welt. Die Firmen, die verstanden haben, dass sie mit einer einzigen Website eine Spielwiese haben, von der Statistikern seit Jahrhunderten geträumt haben - diese Firmen sind schneller, effektiver und stabiler als ihre Konkurrenz. Warum sind sie das? Weil sie keine Annahmen mehr über die Welt und wie sie funktioniert machen, weil sie nicht mehr auf ihre Intuition vertrauen, sondern weil sie eine Idee sofort einem validen Test unterziehen.\nKristian Köhntopp wird euch sicher gerne näheres dazu vermitteln können.\nKann ich. :-) Und Christian Buggedei macht noch auf eine weitere Sache aufmerksam: Niedrige Preise machen experimentierfreudiger.\nUnd in den Laden gehen, aussuchen, bezahlen? Mache ich und all die anderen anonymen Amazoniker schon seit langem nicht mehr. Stattdessen bauen wir auf die vielfältigen Empfehlungsnetzwerke, die wir uns aufgebaut haben und surfen dann den ebookshop oder den legalen Downloadbereich unseres Vertrauens an. Dass die Investition von nicht mal eine Handvoll Dollar in ein eBook weniger schmerzhaft als die 30 Euro für ein schön gebundenes Hardcover ist, tut sein übriges: Man wird wesentlich experimentierfreudiger, selbst wenn es sich um augenscheinlich eher unbekannte Autoren handelt.\nUnd langsam scheint auch Andreas Eschbach das Ausmaß der Veränderung zu begreifen:\n»Aber Leute mit guten Inhalten und ein wenig Fanpflege bei der Stange zu halten? Das funktioniert prächtig. Nicht von selbst, nicht ohne da ein wenig Zeit zu investieren, aber es funktioniert.«\nVielleicht sieht so das Modell der Zukunft aus: Auf der einen Seite der Autor, der sich aufs Schreiben konzentriert, auf der anderen sein Internet-Manager, der die Fan-Basis pflegt, die beide alimentiert. Verlage gibt\u0026rsquo;s keine mehr, Buchhandlungen sind alle verschwunden, entlassene Buchhändler schreiben stattdessen Rezis in eigenen Blogs und in Social Networks (und leben von \u0026hellip; hmm, muss man noch klären), und das Feuilleton gibt\u0026rsquo;s auch nicht mehr, da die Zeitungen auch zugemacht haben.\nSchon ein wichtiger Schritt in die richtige Richtung. Christian Buggedei schiebt noch ein bischen:\nChange happens. Dreh doch mal kurz Deinen SF-Autor Hut mehr von Autor auf SF: Wir leben in interessanten Zeiten, wo wir der gesellschaftlichen Veränderung auf wirklich großer Ebene zusehen und sie beeinflussen können. Nur aufhalten können wir sie nicht.\nUnd ich hoffe, dass Du verstehst, dass eigentlich alle Teilnehmer hier in der Diskussion genuin daran interessiert sind, Autoren, Musikern, Filmemachern etc. Geld zukommen zu lassen. Wir sind auf Eurer Seite, haben nur andere Ansichten darüber, wie man das am besten bewerkstelligt. Und so gruselig finde ich das Autor - Internet-Manager Team übrigens gar nicht. Im Gegenteil: \u0026ldquo;Früher\u0026rdquo; hat der Künstler für seinen Mäzen gearbeitet, und war dessen Launen ausgeliefert. Heute ist man an den Verlag gebunden, der dann sicherlich auch häufig gern mal \u0026ldquo;hilfreiche\u0026rdquo; Anregungen dazu gibt, was man denn als nächstes machen \u0026ldquo;sollte\u0026rdquo;.\nIn Zukunft kann man sich vielleicht über die globalen Netzwerke direkt an das Nischenpublikum wenden, dass einen für genau das liebt, was man macht - ohne Kompromisse eingehen zu müssen.\nhttp://bit.ly/shut-up-and-take-my-money Und Andreas Eschbach dreht seinen Hut und fragt weiter:\nMal abgesehen von den Künstlern: Die Prognose für den Buchhandel im speziellen und den Einzelhandel im allgemeinen sind schlecht, oder? Gibt\u0026rsquo;s irgendwelche Ideen, wie Leute, die bislang in diesen Branchen gearbeitet haben, künftig das Geld verdienen werden, mit dem sie (abgesehen von Miete, Heizung, Lebensmitteln usw.) per Crowdsourcing Kunst unterstützen können?\nIch zücke mein Blog, denn ich habe da schon mal was vorbereitet. Es zitiert übrigens Eschbach:\nAxel Eble - Ich verweise hier wieder mal auf Götz Werner und das Bedingungslose Grundeinkommen. Kristian Köhntopp - Zum Thema BGE, wo das Geld herkommen könnte und was das mit Andreas Eschbach zu tun hat, siehe auch The pursuit of happiness .\nArbeit leisten bei uns seit 1980 oder so im wesentlichen Maschinen. Ihre Erträge werden effektiv kaum besteuert.\nDieses Geld, das bei Arbeitslöhnen in den gesellschaftlichen Umlauf geraten wäre, liegt nun bei einigen wenigen fest.\nDas BGE, und zu seiner Finanzierung eine entsprechende Besteuerung von Unternehmensgewinnen aus Maschinenarbeit, die einer Lohnsteuer vergleichbar (und genau so wenig entkommbar) ist, wären ein brauchbarer Mechanismus, um den GINI Index in sinnvolle Bereiche zurück zu drücken und so unsere Gesellschaft als Solidargemeinschaft zu stabilisieren - und das wäre auch und gerade für die Besitzenden von großem Wert.\nHeiko Harthun greift den Gedanken mit der weiter reichenden Transformation auf - die Veränderung ergreift ja nicht nur Buch- und Einzelhändler, sondern jede Form von kommerziellem Austausch. Er schreibt:\nSupermärkte: http://www.kochhaus.de/ Zutaten sind nach Rezepten sortiert, es gibt Bildtafeln mit der Rezeptanleitung zu kaufen oder per Download im Internet. Die Zutaten können auch per Internet, zur Lieferung, bestellt werden. Geniales Konzept, dass ich in Berlin vielen leuten empfohlen habe, die behauptet haben nicht kochen zu können.\nBuchhandel/Künstler: Ebay, Amazon und Dawanda sind Plattformen, die es Mikro- und Makrohändlern unglaublich einfach machen, ihre Kunden zu erreichen.\nhttp://www.massivum.de ist ein Möbelhandel, der sowohl Verkaufhäuser hat, einen Webshop, als auch einen Ebay- und Amazonshop. Das geniale an deren Konzept ist, sie verteilen Ihre Angebote (einigermassen) Zielpublikumsgerecht. Auf Ebay finden sich andere Angebote als bei Amazon.\nhttp://storytude.com/ http://www.eichelschwein.de http://www.meinekleinefarm.org http://prinzessinnengarten.net Ich höre jetzt besser auf, sonst wird das hier noch seitenlang. Der Punkt ist jedenfalls, dass es eine Unmenge an Ideen und Geschäftsmodellen gibt, die den herkömmlichen Einzelhandel aufbrechen und eben mit der Veränderung gehen und daran partizipieren.\nBemerkenswert. Autoren und Kunden in einem Thread um eines der emotionalsten Themen in dieser Konstellation, und alle bleiben über mehr als 100 Beiträge bei der Sache, und es wird Fortschritt in der Diskussion erzielt. Am Ende sind sogar sich annähernde Positionen erkennbar.\nDanke, Google Plus.\n","date":"2012-03-09T00:00:00Z","href":"https://blog.koehntopp.info/2012/03/09/sam-spielt-es-noch-einmal-das-lied-vom-urheberrecht.html","tags":["copyright","internet","media","piraten","lang_de"],"title":"Sam spielt es noch einmal: Das Lied vom Urheberrecht"},{"categories":null,"content":" Teatro di Marcello , Rom\nDas auf dem Bild da ist das Theater des Marcellus, in Rom. Das Foto habe ich Anfang 2006 aufgenommen, als ich dienstlich bei einem Kunden ganz in der Nähe war.\nDas Marcellustheater ist nach Marcus Marcellus benannt, einem Neffen von Kaiser Augustus, und wurde so um 13 vor Christus fertig gestellt. Es ist später verfallen, dann im Mittelalter als Festung genutzt worden, im 16. Jahrhundert dann in eine Palastresidenz umgewandelt worden. Heute besteht der obere Teil aus einer Reihe von Appartments und unten werden im Sommer diverse Konzerte aufgeführt.\nBei der Ausbildung von Software-Ingenieuren, und wahrscheinlich auch bei der Ausbildung von Architekten, machen wir jungen Leuten falsche Hoffnungen. Bei den Software-Ingenieuren bin ich mir sogar ziemlich sicher.\nWir erzählen diesen Leuten an der Uni, daß sie Technik zum Ausprobieren bekommen werden oder Wahlfreiheit haben werden in den Mitteln und Methoden, die sie einsetzen werden. Und wir machen Ihnen Hoffnung, daß sie neuen Code schreiben werden. Später, wenn diese Personen von der Uni abgehen, landen sie in einer Umgebung, die erstens eine Technik und die Best Practice zu ihrem Einsatz genau definiert und die zweitens einen Haufen existierenden Code hat, der läuft und Geld verdient, aber der zu verändern oder zu erweitern ist.\nDas erzeugt bei diesen Menschen enorme Umstellungsprobleme, denn sie kommen mit vollkommen falschen Erwartungshaltungen in den Beruf, ja, in vielen Fällen fehlen ihnen sogar Methodiken, die für das Überleben im ersten Job essentiell sind.\nDarum will ich es hier einmal ganz offen sagen:\nJunger Informatiker, hoffnungsvolle Uni-Abgängerin!\nHier ist, was Dich in Deinem Beruf erwartet:\nDu wirst mit altem Code zu tun haben, der offensichtliche Schwächen hat. Du wirst mit Werkzeugen und Umgebungen arbeiten müssen, die Deiner Meinung nach nicht Stand der Technik sind. Eine Deiner Hauptaufgaben wird sein, den alten Code zu refaktorieren. Dabei wird die Zeit nicht reichen, diese Aufgabe zu Ende zu führen. Du wirst die Versuchung verspüren, den alten Kram wegzuwerfen und auf der grünen Wiese neu anzufangen.\nDie schlechte Nachricht:\nWeder wirst Du jemals auf der grünen Wiese neu anfangen dürfen, noch würde es viel helfen, das zu tun. Der komplizierte Code-Wirrwarr, mit dem Du es zu tun hast, ist häßlich und besteht aus einem Haufen ekeliger Sonderfälle. Wenn Du auf der grünen Wiese neu anfängst, wirst Du ein Design haben, das die Hauptfälle in einem schönen Modell abdeckt, und an den Sonderfällen umfassend versagt.\nDu wirst sie schrittweise nachrüsten wollen, und Du endest mit einem Drahtverhau von vergleichbarer Komplexität zu dem, den Du jetzt hast. Das ist normal. Denn der Code, mit dem Du es zu tun hast, wurde wahrscheinlich nicht von sabbernden Idioten geschrieben, sondern von Leuten wie Dir, und er war am Anfang genau wie Dein Code: Klar und einfach.\nDann traf er auf eine Realität, die alles ist, aber weder klar noch einfach. Heute ist er ein halbwegs korrektes Modell der Realität. Und weit mehr als die Hälfte des unübersichtlichen Designs mit dem Du es zu tun hast, ist wahrscheinlich nicht auf die Unfähigkeit Deiner Vorgänger zurück zu führen, sondern auf die Tatsache, daß die Realität nun einmal leider eine Ansammlung von häßlichen Ausnahmen ist, die alle mit modelliert sein wollen.\nDie gute Nachricht:\nEs ist gar nicht notwendig, schönen Code zu bauen. Anders als Dein Universitätsprofessor verlangt Dein Arbeitgeber nicht, daß Dein Code minimal, elegant, beweisbar oder sonstwie ist. Das einzige Kriterium ist, ob er den Job getan bekommt. Genau genommen ist das Kriterium sogar, ob er den Job gut genug getan bekommt. Sobald die Kosten in zusätzlicher Hardware, Kundensupport oder manueller Nachbearbeitung geringer sind, als die Arbeitszeit, die Dein Team benötigt, um die letzten Warzen abzuschaben, wirst Du aufhören können. Sogar müssen, denn Du bist nicht mehr rentabel und Deine Arbeit dient keinem betrieblichen Ziel.\nDie schlechte Nachricht, die daraus folgt:\nBefriedigung in gutem Handwerk zu finden wird für Dich vermutlich schwierig, denn gutes Handwerk ist illegal. Befriedigung in Closure zu finden, darin, Sachen wirklich ganz und gar zu Ende zu bringen, full circle zu kommen, wird auch schwierig. Denn das ist vermutlich auch illegal, und es wird keine Zeit dafür sein, denn so eine Pickliste mit Aufgaben ist nach unten offen. Du wirst stattdessen vermutlich Gutes im Vorbeigehen tun müssen, also hier in diesem oder jenem Projekt einen Teil mit anfassen müssen, der eigentlich nicht strikt hätte angefaßt werden müssen, es aber verdient hat und außerdem waren ja noch Stunden übrig.\nDie frustrierende Nachricht:\nBei vielem Code, den Du schreibst, wird Deinen Auftraggebern am Anfang noch nicht klar sein, ob das, was der Code machen wird, am Ende das Geschäftsmodell tatsächlich verbessern wird. Du weißt aus dem Open Source Umfeld schon, daß die goldene Regel lautet: Release Early, Release Often! .\nDu solltest Dir vor Augen führen, daß das nicht nur für Dich und Dein Scrum-Team gilt, sondern auch für Deinen Product Owner: In den weitaus meisten Fällen hat er keine Ahnung, ob seine Idee gut für die Firma ist oder sich am Ende schädlich auswirken wird. Wenn das der Fall ist, ist die einzig logische Aktivität, diesen Code wieder aus der Produktion zu nehmen und zu verschrotten - Du hast dann für den Papierkorb entwickelt.\nDaher ist es wichtig, viele Ideen eines PO erst einmal sehr roh zu implementieren und dann in der Realität zu testen, ob sie überhaupt auf der Business-Ebene funktionieren. Erst dann, wenn sicher gestellt ist, daß Code business-positive ist, lohnt es überhaupt, die Sache noch einmal zu reimplementieren oder refaktorieren auf eine Weise, die den Ansprüchen eines ausgebildeten Informatikers würdig ist. Weit mehr als 90% der Ideen Deines PO sind blöder Scheiß und verdienen den Tod durch Patch Revert. Es lohnt also nicht, große architekturelle Zuckerbäckereien auszuarbeiten, solange nicht bekannt ist, ob die Idee dahinter überhaupt in der Lage ist, den Lohn für Dich und Dein Team zu verdienen.\nIn dieser Phase - dem experimentellen Verifizieren der Requirements - ist die einzige Metrik, wie viele Ideen und Varianten in möglichst kurzer Zeit Dein Team released bekommt, egal wie schlecht, ineffizient oder kaputt Dein Code ist. Erst später, wenn Dein PO nicht nur glaubt zu wissen, was er will, sondern belastbare Zahlen hat, die beweisen, daß das was er will auch von der Firma gewollt werden kann, erst dann kannst Du Deine Ingeniersausbildung auspacken und sauber arbeiten.\nSo, jetzt ist es heraus.\nEine der Aufgaben, die eine Firma lösen muß, wenn sie junge Informatikerinnen und Uni-Abgänger einstellt, ist sie zu deprogrammieren. Ihnen die Flausen aus dem Kopf zu pusten, die ihnen das Uni-Studium in den Kopf gesetzt hat. Sie mit den Realitäten der Welt vertraut zu machen. Und sie zu lehren, daß so wenig wie die wenigsten Städteplaner und Landschaftsarchitekten mit einem leeren Plan anfangen können, die wenigsten Softwarearchitekten und Entwickler mit einem leeren Editor starten.\nHier sind die wichtigsten Fähigkeiten für einen Softwareentwickler:\nMan kann ihn mit einer Bugnummer über unbekannten Code abwerfen, und auf dem Weg nach unten erkennt er schon im Flug, was da kaputt ist. Wenn er gelandet ist, klärt er den Bug und während der Exfiltration macht er die Gegend um seinen Weg nach draußen auch noch schön. Er kann existierenden Code zu umbauen, daß der Code nach der Operation schöner, schneller und funktionaler ist als vorher und die neuen Anforderungen erfüllt. Dabei ist während jeder einzigen Sekunde der Umbauphase (jeder Zwischencommit und jedes Zwischenrollout) in sich lauffähig und korrekt, und die Datenformate sind kompatibel, sodaß keine Betriebsunterbrechung für den Endnutzer sichtbar wird und man geschmeidig zwischen den Versionen vor und zurück rollen kann. Er akzeptiert, daß Code ein Modell der Welt ist und daß sie Welt nicht schön, elegant oder minimal ist, sondern dreckig, irregulär und überkomplex. Und er kommt damit klar. Das Bild von dem Teatro di Marcello da oben illustriert das ganz gut.\nGebaut vor mehr 2000 Jahren zu einem ganz anderen Zweck, ist es aufgelassen, umgebaut, umgewidmet, modernisiert, renoviert und restauriert worden, und wurde die meiste Zeit seiner Lebensdauer von Leuten genutzt. Nichts an diesem Gebäude ist so wie es sein soll, nichts an diesem Gebäude wird so genutzt wie es einmal geplant war. Nichts an der Stadt in der es steht ist so.\nDennoch ist dieser Ort voller Menschen, die dort leben und sich dort wohl fühlen.\nInformatik ist genau so.\n(Weil towo danach gefragt hat)\n","date":"2012-03-06T00:00:00Z","href":"https://blog.koehntopp.info/2012/03/06/architektur-hei-t-umbauen.html","tags":["computer","development","software","lang_de"],"title":"Architektur heißt umbauen"},{"categories":null,"content":" Netzpolitik.org weist auf das Positionspapier \u0026ldquo;Eckpunkte für eine Novelle des Jugendmedienstaatsvertrags \u0026rdquo; (PDF) der CDU hin. Dort findet man die Idee, neben den bekannten Kennzeichnungen der Altersstufen \u0026ldquo;6\u0026rdquo;, \u0026ldquo;12\u0026rdquo;, \u0026ldquo;16\u0026rdquo; und \u0026ldquo;18\u0026rdquo; eine weitere aufzunehmen: \u0026ldquo;B\u0026rdquo; für Blogs.\nBei netzpolitik.org findet man das lustig, aber der Hintergrund ist ernst. Zum besseren Verständnis hier noch einmal der Verweis auf Unerwünschte Freiheiten von Holger Bleich bei der c\u0026rsquo;t, um die Interessenlage der Player in Erinnerung zu rufen.\nDie Idee des \u0026ldquo;Kennzeichen /b/\u0026rdquo; ist eine direkte Folge des besonderen Schutzes der Familie und der Jugend im Grundgesetz, also der Verpflichung des Staates zum Jugendschutz vs. den Willen eine Pornoindustrie haben zu wollen.\nIn Lang: Die Verpflichtung zum Jugendschutz ergibt sich in Deutschland aus dem Grundgesetz und ist nicht leicht \u0026ldquo;weg\u0026rdquo; zu bekommen. Der Staat muß sie also erfüllen, oder ihre Erfüllung glaubwürdig simulieren. Er tut das mit dem Jugendschutzgesetz, dem Jugendmedienschutz-Staatsvertrag und einigen anderen Dingen.\nIm Internet gibt es nun eine Reihe von Firmen, die auch Inhalte von Deutschland aus publizieren wollen, die nach dem Jugendschutzgesetz, dem Staatsvertrag etc jugendgefährdend sind. Damit diese Anbieter auch von Deutschland aus operieren können (und damit auch in Deutschland steuerpflichtig sind!), muß der Staat eine Möglichkeit schaffen, daß sie das können, ohne daß er seine grundgesetzliche Verpflichtung zum Jugendschutz verletzt.\nDas hat er mit dem neuen Jugendmedienschutzstaatsvertrag versucht, ist aber an den Eigenschaften des Mediums Internet gescheitert. Denn während in traditionellen Medien Anbieter von Inhalten kommerziell sind, und daher ein Interesse haben, sich dieser Regulierung zu unterwerfen und ein möglichst niedriges, gerade noch zulässiges Rating zu erwerben, um ein möglichst großes Publikum zu erreichen, ist dies im Internet nicht mehr der Fall.\nHier haben nichtkommerzielle Anbieter (unter anderem die genannten Blogs) das Interesse daran, möglichst kostengünstig rechtssicher zu agieren. Und wenn das bedeutet \u0026ldquo;Kinder müssen draußen bleiben\u0026rdquo;, dann bevorzugen sie eben dieses Rating. Nicht im Sinne der Jugendschützer.\nDiese Disparität zwischen kommerziellen und nichtkommerziellen Anbietern killt den Regulierungsmechanismus und der Versuch des neuen Staatsvertrages ist daran gestorben.\nDie Marke /b/ ist der Versuch, einen Ausweg zu finden und den kommerziellen deutschen Pornoanbietern endlich einen Weg ins Netz zu bauen, der gangbar ist, ohne vom nichtkommerziellen \u0026ldquo;Ich will doch nur ein Blog betreiben\u0026rdquo;-Netz einen Shitstorm ins Gesicht geblasen zu bekommen.\n","date":"2012-03-05T00:00:00Z","href":"https://blog.koehntopp.info/2012/03/05/b-wie-verzweiflung.html","tags":["internet","jugendschutz","media","politik","lang_de"],"title":"/b/ wie \"Verzweiflung\""},{"categories":null,"content":"Der folgende Text entstand aus einigen Zeilen, die ich zwischen Tür und Angel in #spackeria abgeworfen habe, und die von Jürgen Geuter und Sven Türpe aufgearbeitet worden sind. Er ist noch nicht ganz fertig, und an einigen Stellen sind Brüche drin, aber nachdem wir da in den letzten paar Tagen nicht haben weiter arbeiten können, hau ich den aktuellen Stand mit allen seinen Schwächen einfach mal hier ins Blog bevor uns der Text weg gammelt.\n\u0026ldquo;Wieso wir uns veröffentlichen\u0026rdquo; oder warum Menschen \u0026ldquo;so dumm sind\u0026rdquo; und \u0026ldquo;ihre Daten\u0026rdquo; Facebook und Google geben, obwohl jeder(tm) weiß, dass \u0026ldquo;sie\u0026rdquo; nur Böses im Schilde führen:\nEine der am meisten Energie kostenden Tätigkeiten im Leben ist es, Menschen zu finden, die meine Überlegungen bestätigen, ausbauen, reflektieren, freundlich hinterfragen und korrigieren. Menschen, die uns nahe genug sind, dass sie mit uns elementare Grundsätze teilen und dass sie unsere Probleme und Überlegungen verstehen können, die andererseits uns fremd genug sind, dass sie uns zum weiter denken inspirieren und uns mit neuen Ideen konfrontieren.\nSoziale Netzwerke im Internet sind dabei ein verhältnismässig neues Instrument, aber keineswegs eine komplette Neuentwicklung. Vor der Etablierung des Internets im Alltag spielten - neben der Familie - lokal ausgerichtete Gruppen wie Vereine, Interessensverbände oder sich lose über Kleinanzeigen oder bei Veranstaltungen bildende Gruppen die dominante Rolle bei der Erzeugung von Kommunikationsräumen.\nDas Internet in seiner reinen Form kennt keine Regionen: Gefühlt ist die Verbindung in die USA oft kaum von einer nach Deutschland oder Indien unterscheidbar. Soziale Netze im Internet erben diese Eigenschaft und so ist man bei der Findung von interessanten Kommunikationspartnern nicht mehr durch regionale Einschränkungen gegängelt: Die potentialen Kommunikationspartner sind die ganze (Zugang zum Netz habende) Menschheit. Das gruppierende Element ist nicht länger die Region oder das Land, es ist das Thema.\nEine solche Gruppe kann dabei thematisch eng gefaßt aufgestellt sein (\u0026ldquo;Benutzer des Binford 6000\u0026rdquo;), ein großes und komplexes Anliegen haben (\u0026ldquo;S21\u0026rdquo;) oder gar bis an eine Subkultur heranreichen (\u0026ldquo;Piratenpartei\u0026rdquo;). Wie sich allerdings zeigt sind die Gruppen, die sich über soziale Netzwerke konstituieren nicht \u0026ldquo;fertig\u0026rdquo;, nicht \u0026ldquo;abgeschlossen\u0026rdquo;, sondern tendieren ganz klar dazu, größer werden zu wollen, mehr \u0026ldquo;Anhänger\u0026rdquo; zu finden und dadurch auch mehr themenbezogene Impulse für alle Gruppenangehörigen zu generieren.\nDoch damit das gesamte System funktionieren kann, muß das einzelne Individuum dem Netz Informationen über sich bereitstellen. Neben simplen Fakten wie \u0026ldquo;Ich bin Binford 6000 User\u0026rdquo;, ein \u0026ldquo;S21 Gegner/Unterstützer\u0026rdquo;, ein \u0026ldquo;Pirat\u0026rdquo;, die zusammengesetzt natürlich ein gewisses Bild einer Person vermitteln, erlauben es persönliche Meinungsäußerungen wie \u0026ldquo;Ich finde ja, dass $ÖffentlichePerson im Fall $Dingsi Mist gebaut hat\u0026rdquo; oder auch klar abgebildete Beziehungen zwischen Menschen eine deutlich bessere Einschätzung einer bisher fremden Person zu machen: Aus größeren Überschneidungen im Bekanntenkreis, kann beispielsweise sehr oft eine gewisse Kompatibilität abgeleitet werden (oder wenns genau die nervigen Bekannten sind auch ein Hinweis auf wahrscheinliche Inkompatibilität).\nDiese Einschätzungen sind zentral für das Knüpfen neuer sozialer Bindungen und hier spielen internetbasierte soziale Netzwerke aufgrund ihrer expliziten Daten ihre Stärke in Form von Effizienz aus. Füttere ich ein Soziales Netzwerk nur ein wenig an, wird es sehr schnell in der Lage sein, mir meist durchaus relevante Vorschläge für neue Kontakte und Themengruppen zu machen. Kommunikation und Austausch zwischen den Mitgliedern tun dann ein übriges, und schnell hat man die Kontakte zum gewünschten Thema, die man gesucht hat.\nUnd genau deshalb \u0026ldquo;enthüllen\u0026rdquo; sich so viele Menschen auf Twitter, Facebook, Google+, Path oder sonstwo: Sie machen sich sichtbar, findbar. Um im Rückschluss selber relevantes zu finden.\nDas kostet Vertrauen. Vertrauen in unsere Mitmenschen, in Plattformbetreiber und manchmal sogar in den Staat (auf den wir gut aufpassen, damit er\u0026rsquo;s nicht missbraucht). Doch dieses Vertrauen ist nicht verschenkt, denn es hilft anderen, uns zu vertrauen. Vertrauen vereinfacht die soziale Interaktion. Dadurch, dass wir unsere Vorlieben, Ängste und Anliegen veröffentlichen, erlauben wir es anderen uns nahe zu kommen - und hoffen zugleich, dass die, die uns nahe kommen, Personen sind, an denen wir wachsen können, dass sie Leute sind, die unser Leben bereichern. Das ist technisch gesehen eine Filterblase, aber vor allem ist es eine massive Kooperationserleichterung.\nDie Filterblase erweist sich bei näherer Betrachtung als strukturiert, vielfältig und durchdringlich. Jeder von uns steckt nicht in einer Blase, sondern in mehreren, und in jeder Blase finden wir Menschen mit eigenem Profil. Feste Wände gibt es nicht, im Gegenteil. Wir hören von und kommunizieren mit wildfremden Menschen - wenn es für ihr Thema einen Weg durch unser soziales Netz gibt. Unsere Kontakte sind dabei keine Filter, sondern Verstärker. Aus dem Rauschen der Welt extrahieren sie ein Signal. Wir wissen nicht, wie wir selbst nach diesem Signal suchen sollten, wir können es nicht beschreiben. Aber wenn wir es sehen, wissen wir, dass es uns interessiert.\nDie Erfahrung gibt der Mehrzahl von uns in den meisten Fällen Recht: Wir sparen durch die Veröffentlichung eine Menge Zeit und Energie, und wir bekommen mehr vom Netz zurück als wir dort hineinstecken: Mehr und vielfältigere Kontakte überall auf dem Globus, mehr Input und eine buntere und hoffentlich tolerantere Sicht auf die Welt. Menschen sind also keineswegs \u0026ldquo;dumm\u0026rdquo;, wenn sie in soziale Netzwerke publizieren, sie bewerten den Nutzen dieser schlicht und ergreifend als höher als die potentiellen Gefahren. Sie interessiert nicht, wer ihre Daten hat, sondern was damit geschieht.\nVielleicht verlieren wir Kontrolle über manches. Wir gewinnen aber auch Unabhängigkeit. Die Bestandsdaten unserer sozialen Beziehungen sind nicht in den CRM-Systemen unserer Ex-Arbeitgeber vergraben und vor unbefugtem, d.h. unserem Zugriff geschützt, sondern sie sind in Plattformen repräsentiert, die wir uns ausgesucht haben. Das nivelliert die Machtverhältnisse: wenn eine Plattform sytematisch Mist baut, ziehen wir um.\nWir geben auch nicht unsere Privatsphäre auf. Soziale Netze sind (halb-)öffentliche Räume. Wir bewegen uns dort, wie wir es vor einer Generation im Sportverein oder am Stammtisch getan hättten: wir verraten nicht alles über uns, aber wir verstecken uns auch nicht vor der Welt.\n","date":"2012-03-03T00:00:00Z","href":"https://blog.koehntopp.info/2012/03/03/wieso-wir-uns-veroeffentlichen.html","tags":["google","social networking","spackeria","privacy","lang_de"],"title":"Wieso wir uns veröffentlichen"},{"categories":null,"content":"Unser Innenminister diskutiert das \u0026ldquo;Recht auf Vergessen \u0026rdquo; im Spiegel Online und benutzt dort wieder Worte komisch. Ich habe das in Vergeben, vergessen und vernichten schon mal angesprochen.\nDie entsprechenden Diskussion auf Google Plus war interessant, denn der Text erschien einem Teilnehmer dort als \u0026rsquo;erstaunlich reflektierter Text'.\nIch teile diese Ansicht und zugleich auch nicht, denn es ist der Sprachgebrauch von \u0026ldquo;Vergessen\u0026rdquo;, der hier die Sicht auf die Dinge verstellt.\nJa, Friedrichs Gedanken sind sinnvoll in dem Sinne, daß ein \u0026ldquo;Recht auf Vergessen\u0026rdquo; so wie es zuvor in der Politik diskutiert worden ist, extrem schädlich wäre (denn inhaltlich war das ein Recht auf Vernichtung).\nNein, die Nomenklatur ist krude, siehe Vergeben, vergessen und vernichten .\nInhaltlich verlangt er nun in seinem Text eigentlich ein Recht auf Vergebung.\nDas ist aber auch Unsinn, denn Vergebung ist kein Recht, sondern eine - im Wortsinn - Gnade. Sie wird gewährt, nicht gefordert.\nAm Ende landet man bei Eric Schmidt :\nDuring an interview which aired on December 3, 2009, on the CNBC documentary \u0026ldquo;Inside the Mind of Google\u0026rdquo;, Schmidt was asked, \u0026ldquo;People are treating Google like their most trusted friend. Should they be?\u0026rdquo;\nHis reply was: \u0026ldquo;I think judgment matters. If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place, but if you really need that kind of privacy, the reality is that search engines including Google do retain this information for some time, and it’s important to remember, for example, that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities.\u0026rdquo;\nMan beachte die Hervorhebung - das ist der Teil, der normalerweise zitiert wird. Der größere Kontext ist hier zur korrekten Interpretation zwingend notwendig.\nDennoch ist es von dort nur ein kleiner Schritt zur Spackeria , die im wesentlichen sagt:\nDie Welt ist so, das ist eine Eigenschaft der Technik und Gesetze werden da nur kosmetisch was dran tun. Jeder wird mal was tun, \u0026ldquo;that they shouldn\u0026rsquo;t be doing in the first place\u0026rdquo; und daher werden wir alle gut daran tun, zu lernen, zu vergeben und anzuerkennen, daß wir alle lernen und uns weiter entwickeln und das Netz das zum Teil ungewollt dokumentiert. Auch Friedrich wird am Ende dort landen, ist aber zumindest öffentlich noch nicht so weit, d.h. sein Publikum ist definitiv noch nicht so weit.\nIch formuliere es in dem Text zur Spackeria so:\nAuf eine Weise ist das genau der Punkt, bei dem es um radikale gegenseitige Transparenz vs. radikale Privacy geht. Die einen sagen: \u0026ldquo;Indem wir alle gegenseitig Offenlegen, haben wir die Möglichkeit zu erkennen, daß wir alle nicht immer perfekt sind, und wir haben die Wahl, daran entweder zu wachsen und bessere Menschen zu werden, oder zu lernen einander zu vergeben.\u0026rdquo; (Das ist Schmidt)\nDie anderen sagen: \u0026ldquo;Das ist eine gefährliche Utopie und mir zu risikoreich, ich will da nicht mitmachen.\u0026rdquo; (Das sind die, die sich über Schmidt aufregen)\nUnd die Technik sagt: \u0026ldquo;Ich funktionier halt so, ihr könnt gerne unrealistische Annahmen machen, mir egal. Das tut es halt mehr weh, wenn ihr lernt.\u0026rdquo; (Das ist McNealy)\nInsofern halte ich mich aus der Diskussion raus - McNealy hat Recht, und es ist nicht notwendig, ungefragt viel dazu zu sagen, wenn ich schon vorher sehen kann, welche Erfahrungen alle im Laufe der Zeit machen werden.\nUnd lebe mein Spacko-Leben: Ich persönlich habe auch mein ganzes Leben lang sehr positive Erfahrungen damit gemacht, mich zu publizieren.\nMir ist klar, daß ich als jemand, der von der Arbeit mit Technik lebt, nicht umhin kann, eine kilometerbreite Datenspur über diesen Planeten zu legen, wenn ich in der Lage sein will, meinen Job gut zu machen. Das Beste, was ich tun kann, ist das Highlight auf diesen Daten so zu setzen und die Interpretationen meiner Daten anzulegen, daß sie ein positives Licht auf mich als Person werfen.\nIn diesem Sinne bin ich ein Post-Privacy-Spacko. Schon immer gewesen: auch dann, wenn ich mich nicht an der Diskussion beteilige und auch damals, als es den Begriff noch nicht gab, habe ich wie einer gelebt - leben müssen. Und halte Popcorn bereit.\nund stelle fest, daß Friedrich da eben einen großen Schritt in die vorhergesagte Richtung getan hat.\n","date":"2012-03-01T00:00:00Z","href":"https://blog.koehntopp.info/2012/03/01/recht-auf-vergeben.html","tags":["internet","privacy","security","spackeria","lang_de"],"title":"Recht auf Vergeben"},{"categories":null,"content":"Metagame , 5.49 EUR, 422 Seiten in der gedruckten Fassung.\nLetzten Monat gab es den Kindle-Deal des Tages für Metagame von Sam Landstrom.\nEine SciFi-Geschichte in einem nachhaltigen Universum voller Bioengineering. Die Menschheit auf die harte Weise gelernt, daß sie nicht weiter wachsen und nach belieben Energie verbrauchen kann: Nach einigen biologischen Katastrophen hat die Restbevölkerung eine Gesellschaft erschaffen, die nach den Regeln \u0026ldquo;Des Spiels\u0026rdquo; lebt. Jede Tätigkeit im Leben ist Teil Des Spiels, entweder ein Grinder Game, also als Spiel verpackte Arbeit, oder ein Spank Game, also ein Zeitvertreib, der Menschen davon abhält, aus Langeweile Unheil anzurichten (Die Geschichte enthält einige Backreferenzen auf einen 17-jährigen Jungen, der aus Langeweile mit einem Bioengineering Kit einen Virus erschaffen hat, der dann mal grad 1/4 der Weltbevölkerung ausgelöscht hat). Arbiter des Spiels ist eine KI, plus einige selbstreferentielle Mechanismen, die die Arbeitsweise der KI verändern können - auf eine Weise kann man MetaGame auch als \u0026ldquo;Daemon/Freedom 200 Jahre später\u0026rdquo; lesen und auffassen.\nIn der Geschichte wird eine Gruppe aus wirtschaftlich Unabhängigen (\u0026ldquo;Adeligen\u0026rdquo;) und regulären Spielern sowie einige menschenähnliche genengineerte Kreaturen zusammengewürfelt und gerät in ein Metaspiel - in dieser Partie spielt man verschiedene Aspekte des Spiels \u0026ldquo;Polizei und Gesetzesdurchsetzung\u0026rdquo; auf beiden Seiten des Gesetzes durch, und nicht alle überleben. Die Spielsicht auf hoheitliche Funktionen eines Gemeinwesens birgt dabei eine ganze Menge für den Leser überraschende Einsichten.\nWas für ein Metaspiel das ist, und wieso es stattfinden muß wird im Laufe der Geschichte klar - Metagames sind Spiele, in denen die KI prüft, ob die Regeln Des Spiels noch angemessen und der sich verändernden Gesellschaft entsprechend sind und diese gegebenenfalls anpaßt. Faßt man MetaGame als Fortsetzung von Daemon/Freedom auf, bietet Sam Landstrom eine Perspektive, wie die von Daniel Suarez geschaffene menschliche Gesellschaft trotz ihres nichtmenschlichen Arbiters menschlich und flexibel und damit auch stabil bleiben kann.\n","date":"2012-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2012/02/28/fertig-gelesen-metagame.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: Metagame"},{"categories":null,"content":" Neu in Google Maps: Leaderboard, bei dem man um Checkin-Punkte kämpfen kann.\nWenn man auf so ein Management-Simulationsseminar geht, dann haben die da gerne so Rollenspiele zum Einüben des Gesagten. Vor einigen Jahren haben sie uns kurz vor Schluß einer solchen Veranstaltung die Aufgabe gegeben, einen Jahresbonus auf Mitarbeiter zu verteilen. Es gab also einen Topf, der war kleiner als \u0026rsquo;letztes Jahr\u0026rsquo;, und wir hatten alle \u0026lsquo;Mitarbeiter\u0026rsquo;, komplett mit einer Hintergrundgeschichte, persönlichen Problemen und solchen Sachen.\nDann wurden wir zusammengesetzt und bekamen die Aufgabe \u0026ldquo;Dies ist die letzte Übung für heute. Teilt den Topf gemeinsam auf, legt dazu den Fall für Euren Mitarbeiter dar gemäß der Dinge, die wir heute gelernt haben und dann einigt Euch. Es muß eine Einigung geben bevor wir in die Kneipe gehen können, ihr habt 45 Minuten Zeit. Für 1 Euro/Minute könnt Ihr mehr Zeit kaufen.\u0026rdquo;\nSie hatten mich bei \u0026rsquo;letzte Übung\u0026rsquo; und \u0026lsquo;Kneipe\u0026rsquo;. Brillianter Scheiß.\nSchalten wir also mal die Suspension of Disbelief ab und analysieren die Situation: Es geht um nix, Missionsziel ist also \u0026lsquo;möglichst schnell in die Kneipe\u0026rsquo;:\nWir nehmen den Topf, teilen ihn in n gleiche Teile und sind fertig. Die erste Runde geht auf mich.\nLeider habe ich nicht mit meinen Mitspielern gerechnet. Die nahmen die Aufgabe ernst und wollten das jetzt ausdiskutieren. Nun gut. Das kann ich auch.\nIch nahm also den Vorjahres-Bonus meines \u0026lsquo;Mitarbeiters\u0026rsquo; und legte fest \u0026lsquo;Ich bekomme diese Summe.\u0026rsquo; Man wollte eine Begründung.\nIch lächelte, griff in die Tasche, zog ein dickes Bündel Geldscheine raus und legte sie auf den Tisch. \u0026lsquo;Ihr wolltet nicht in die Kneipe. Das Geld hier reicht bis 4 Uhr in der Früh und es bindet Euch alle inklusive der Referenten hier an den Tisch. Ihr könnt gleich einwilligen oder noch so lange warten bis wir es alle gemeinsam Scheiße finden und der Abend im Eimer ist. Aber ich werde meinen Standpunkt nicht ändern, sondern die Sache einfach aussitzen.\u0026rsquo;\n15 Minuten später saßen wir in der Kneipe.\nSinnlose Checkins zur Punktemaximierung.\nGamification is the use of game design techniques and mechanics to enhance non-games. Typically gamification applies to non-game applications and processes (also known as \u0026ldquo;funware\u0026rdquo;), in order to encourage people to adopt them, or to inflence how they are used. Gamification works by making technology more engaging, by encouraging users to engage in desired behaviors, by showing a path to mastery and autonomy, and by taking advantage of humans\u0026rsquo; psychological predisposition to engage in gaming.\nDas setzt natürlich voraus, daß die Anreize, die das Spiel gibt, und die tatsächlichen Missionsziele, die da als Spiel verpackt werden sollen, in irgendeiner Weise übereinstimmen oder übereinstimmend gemacht werden können.\nIn dem Beispiel oben sind eine ganze Reihe von Dingen kaputt: Mein Missionsziel (Kneipe!) stimmt ganz offensichtlich nicht mit dem Missionsziel der Referenten überein, die sich das Spielchen ausgedacht haben. Es geht außerdem im Spiel um nichts, während die Belohnung \u0026ldquo;Kneipe\u0026rdquo; sehr real ist.\nUnd man gibt einem Spieler realweltliche Kontrolle über das Spiel, indem man es an realweltliche Ressourcen bindet. Wenn einer nur genügend Kamikaze-Attitüde an den Tag legt kann er so das Spiel nach belieben manipulieren. Die Drohung alleine reicht aus, um den Spielausgang zu bestimmen.\nIn meinen Augen ist das ein zentraler Fehler aller Gamification-Ansätze, die ich bisher gesehen habe. In dem Moment, wo man Leute im Spiel hat, die die SoD abschalten und das Spiel nach den Spielregeln analysieren, statt seinen realweltlichen Zielen, die es verpacken soll, brechen diese Ansätze alle auseinander. Es kommt zur Einführung von Sonderregeln und am Ende zur Legalisierung der Willkürregel der Spielleitung (\u0026ldquo;Spielzüge, die offensichtlich zur Ausbeutung von Schwächen der Spielregeln gemacht werden, sind ungültig, auch wenn sie nach den Regeln legal sind.\u0026rdquo;).\nAm Ende artet das Ganze in eine Art NOMIC -Partie aus, weil in jeder Gamification die Ziele der realen Welt und der spielerischen Verpackung niemals perfekt übereinstimmen. In dem Moment wo man ernsthafte Spieler hat, die das Spiel gewinnen wollen, anstatt sich mit dem realweltlichen Problem dahinter zu beschäftigen, wird jedes dieser Spiele zu einer Partie Nomic degenerieren, weil die realweltlichen Interessen der Veranstalter und die Interessen der ernsthaften Spieler sich beißen. Regelanwälte diskutieren Grenzfälle, und erweitern die Regeln zu einem Komplex, der am Ende zu kompliziert ist, um noch Spaß zu machen. Oder man bekommt Munchkins im Spiel - Powergamer, die nach den Regeln optimieren und allen anderen den Spaß am Spiel nehmen (außer man spielt Munchkin , das genau das zum Spielprinzip erhebt).\nAm schnellsten degeneriert die Situation, wenn man Gamification auf Programmierer; Leute, die mal im Security-Bereich gearbeitet haben oder Politiker losläßt: Diese Leute sind darauf trainiert, Grenzfälle in Regelsystemen zu erkennen und gegebenenfalls auszunutzen.\nDas sieht man auch sehr schön am \u0026ldquo;Leaderboard\u0026rdquo;, das Google nun in Google Maps Checkins eingebaut hat. Dort bekommt man zwei Gummipunkte für den ersten Checkin an jedem Ort in der Woche, einen weiteren Punkt für jeden weiteren Checkin an einem Ort in einer Woche und drei Punkte für die Definition eines neuen Ortes.\nWas sind die Ziele von Google?\nWas wird passieren, wenn Personen ihren Score optimieren wollen?\nAnalysiere und diskutiere.\nRelated: Coffee is for closers »The gimmick of a sales contest, in which first prize is a Cadillac Eldorado, second prize, \u0026ldquo;a set of steak knives,\u0026rdquo; and third prize \u0026ldquo;you\u0026rsquo;re fired.\u0026quot;«\n","date":"2012-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2012/02/28/gamification.html","tags":["gaming","roleplay","lang_de"],"title":"Gamification"},{"categories":null,"content":"Damals, vor dem Internet und dem DSL, so um 1989 rum, da hatten wir Modems. Mail wurde mit UUCP (Unix-to-Unix CoPy) übertragen. Das heißt, man schrieb eine Mail, und diese wanderte als Kopierauftrag in das UUCP Spooldirectory des Systems. Dort wartete sie, bis der Rechner eine Modem-Wählverbindung aufgebaut hat (passierte so 1-3 mal am Tag) und wurde dann zum nächsten System entlang der Kette kopiert. Dort lag sie dann weiter, wartete auf die nächste Wählverbindung und so weiter, bis sie irgendwann auf dem Zielrechner angekommen war und dort lokal zugestellt wurde.\nDas war sehr schnell: Oft war Mail schon am Absendetag auf dem Zielsystem und wurde gelesen.\nBangaddressen Mailadressen sahen so aus: kriski!tpki!mcshh!thw (Thomas Wieske). Das ist ein sogenannter Bangpath, wegen der ganzen Ausrufezeichen (Bang Sign). Der Bangpath gab die Schritte zum Zielsystem an, die mußte man wissen, und die Adresse verkürzte sich mit jedem Schritt von links her. O.a. Adresse bezeichnet also eine Zustellung an den Rechner kriski, der die Mail dann (minus den kriski-Part) an tpki weiter kopierte, der sie an mcshh weiter kopiert hat, wo es einen lokalen User thw gab.\nMan kann auch im Kreis routen: kriski!tpki!mcshh!unido!tpki!kriski!kris - eine Mail an mich selber mit Umweg über mcshh in Hamburg und unido in Dortmund. Weil so was sinnlos ist und Geld kostet wurde so etwas nicht gerne gesehen. Außerdem nervt es natürlich, wenn man jeden Hopser der Mail selber in die Adresse rein froggern muß.\nAlso braucht man eine Notation für einen Verbindungsgraphen im Netz - \u0026ldquo;maps\u0026rdquo; und ein Programm, daß aus diesem Graphen einen minimalen Spannbaum berechnet, bei dem die Wurzel der eigene Systemknoten ist - \u0026ldquo;pathalias\u0026rdquo;.\nHolger Koepke fand nun einen Mapschnipsel des Systems tpki von 1990, mit einer Liste der Modems dran. In einem Mapschnipsel stehen auch die Links, also die Verbindungen zu den Nachbarknoten, mit Gewichten dran. Hier ein Mapschnipsel von 1991:\ntpki unido(DAILY+HIGH), smurf(DAILY+HIGH), abqhh(DAILY+HIGH), \u0026lt;ipkima\u0026gt;(DAILY+HIGH) Das Schreiben von Mapschnipseln ist eine Wissenschaft, die verloren gegangen ist: Je nachdem, welche Gewichte man seinen Links zugewiesen hat, hat man den Traffic von Dritten auf sich gezogen, die Mail Transit durch die eigene Kiste machen.\nSetzte ich zum Beispiel hier das Gewicht von unido und smurf auf DEMAND (Verbindung ist instantan, nach Bedarf), würden viele andere Leute ihre Mail mit der Sequenz ...!unido!tpki!smurf!... durch mich hindurch routen, weil das quasi ein Nullzeit-Transit ist, auch wenn es 3 Hops sind. Das kostet aber leider Geld, und daher will man das meist nicht. ipkima zum Beispiel hat sich dort oben mit den spitzen Klammern als Blatt ausgewiesen und Transit abgelehnt.\nManchen Leuten war das mit den Gewichten und den Konsequenzen nicht ganz klar - wenn jemand also seine frisch gebackene, arschteure X.25 Datex-P Verbindung hatte, und dann in der Map seinen Schnipsel stolz auf DEMAND gesetzt hat, hat er also erst mal allen Mailtransit in Deutschland und dann noch ein bischen auf sich gezogen. Das konnten gigantische Trafficmengen - einige hundert KB pro Tag! - sein und einen in kürzester Zeit ruinieren.\nTrailblazer Das Modem da in dem von Holger angesprochenen Artikel (\u0026ldquo;Der hatte ein Traiblazer, das hatte PEP!\u0026rdquo;) war ein ganz besonderes Teil, denn die Telebit Trailblazer waren eine Gruppe von Modems mit einer ganz wunderbaren Betriebsart.\n\u0026ldquo;Reguläre\u0026rdquo; Modems erzeugen ein Signal, indem sie Phase und Frequenz eines Signals ändern und so einen von 2, 4, 16 oder noch mehr Punkten in einem Phasen-Frequenzdiagramm ansteuern. Nach einer Weile wechselt das Signal und die nächste Bitkombination wird übertrag.\nBei 2400 Signalwechseln pro Sekunde (Baud) und 16 Punkten = 4 Bit pro Signal kann man 9600 Bit/s übertragen. Das ist V.32 zum Beispiel.\nIst die Leitung gestört, sieht das visuell so aus, als seien diese Punkte, die durch das Signal beschrieben werden, unscharf. Werden sie so unscharf, daß sie ineinanderlaufen, ist das Signal nicht mehr erkennbar und die Übertragung gestört. Das Modem muß dann auf eine langsamere Geschwindigkeit runterschalten (\u0026ldquo;Renegotiation\u0026rdquo;).\nDas bedeutet, daß das Modem einen Datenträgerton (\u0026ldquo;Carrier\u0026rdquo;) hat, der ein relativ breites Frequenzband (ideal den gesamten zur Verfügung stehenden Bereich) belegt. Gibt es in diesem Bereich Dämpfungen oder - schlimmer noch - eine Bandsperre oder Störung, etwa durch eine Schwebung, dann bricht die Verbindung ab. Auch dann, wenn eigentlich eine ganze Menge Restspektrum zur Verfügung stünde.\nDie Trailblazer, in Deutschland mit Telebimm-Zulassung als MDG-19k2 verkauft, waren nun Modems, die statt eines einzelnen schnellen und superbreiten Carriers sehr viele (512) Carrier gesendet haben, von denen jeder 0, 2, 4 oder 6 Bit überträgt und die sehr langsam wechseln (6 mal pro Sekunde).\n6 Baud sind so langsam, daß man sie hören kann - ein Telebit-Modem erzeugt ein sehr characteristisches Carrierwummern (\u0026ldquo;Wop Wop Wop Wop Wop Wop\u0026rdquo;). Und da die einzelnen Carrier sehr schmalbandig sind, kann man sie einzeln runter regeln oder abschalten, wenn es Probleme gibt.\nSchwebungen oder andere Bandsperren machen einem Telebit also nix aus: Man kann ohne Probleme mit einem Telebit einen gcc Source von Kiel nach Berlin Ost (Node \u0026ldquo;pericont\u0026rdquo;) und anders herum schaufeln, auf einer Leitung, auf der Schwebungen durch schlechte Richtfunkstrecken selbst Sprache schwer verständlich machen.\nBestes Modem der Welt - voll geländegängig und schnell sogar auf Datenfeldwegen! vermiss\n","date":"2012-02-23T00:00:00Z","href":"https://blog.koehntopp.info/2012/02/23/opa-erz-hlt-vom-krieg.html","tags":["damals","internet","mail","usenet","lang_de"],"title":"Opa erzählt vom Krieg"},{"categories":null,"content":" Heute ist Donnerstag, der 23. Februar 2012. Heute ist Weltuntergang.\nEdgar Berger, Chef von Sony Music International (weltgrößter Provider von Rootkits!), sagt im Interview mit der Welt :\nDa gibt es überhaupt nichts zu schimpfen. Das Internet ist für die Musikindustrie ein großer Glücksfall, oder besser gesagt: Das Internet ist für uns ein Segen. \u0026hellip; Man kann das Internet nicht für schädliche Auswüchse verantwortlich machen. Im Gegenteil. Es hat uns enorme neue Möglichkeiten gebracht.\nund zum Thema Youtube und Gema:\nEs liegt nicht an uns. Wir haben den Marktteilnehmern unsere Inhalte lizenziert. Sie müssen diese Frage an die deutsche Verwertungsgesellschaft Gema richten, die Urheberrechte sehr restriktiv lizenziert. Uns gehen dadurch Millionenumsätze verloren. Diese Praxis ist übrigens mit einer der Hauptgründe, warum der digitale Musikhandel in Deutschland weniger stark ausgeprägt ist. Ich bin mir aber auch relativ sicher, dass es bei der Gema irgendwann Einsicht zwecks ökonomischer Notwendigkeit geben wird.\n(via Golem )\n","date":"2012-02-23T00:00:00Z","href":"https://blog.koehntopp.info/2012/02/23/sony-das-internet-ist-f-r-uns-ein-segen.html","tags":["copyright","media","musik","piraten","sony","lang_de"],"title":"Sony: \"Das Internet ist für uns ein Segen\""},{"categories":null,"content":"Was bisher geschah: Jemand bei Sony schreibt einen Aufruf , einen Ersatz für Busybox zu schreiben, der nicht unter der GPL steht.\nBusybox is a widely used program which implements several Linux command line utilities in a single, multi-tool binary. It is provided under the GPL license. Due to its utility and ubiquity, it has been used in a very large number of embedded devices. This includes use by companies who are not as diligent about their GPL commitments as they should be.\nWill sagen: Busybox ist ein Programm, das die Basisfunktionen vieler Linux-Kommandozeilenwerkzeuge in einem Binary zusammenfaßt und sehr wenig Platz verbraucht. Wegen dieser Eigenschaften wird es gerne in Embedded Systemen eingesetzt.\nDa Busybox unter der GPL steht, viele Firmen sich aber einen Dreck um Copyright scheren, wenn es sie selber statt ihre Endkunden betrifft, wird es gerne in Router und andere Geräte eingebaut und ist dann Gegenstand einer Lizenzklage . Eine Klage, die am Ende dazu führt, daß die Firmen ihre Firmware offenlegen müssen, weil sie zu faul sind, selber zu programmieren und zu blöd, sich genau das Urheberrecht zu halten, für dessen Verschärfung sie Unsummen an die diversen Lobbyfeen bezahlt haben (wir reden hier unter anderem von Sony ).\nEs gibt eine Reihe von Gruppen im Open Source Umfeld, die sich der Durchsetzung von Offenen Lizenzen verschrieben haben. Da ist einmal das von Harald Welte initiierte GPL Violations , ein weiterer Kandidat ist die SFC (Software Freedom Conservancy). Letztere vertritt auch die Interessen der Busybox-Autoren und ist daher die Veranstaltung, gegen die das Busybox Replacement Projekt primär zielt.\nDie Reaktionen auf das Busybox Replacement Projekt waren sehr unterschiedlich: Einerseits steht es natürlich jedermann frei, selbst und eigenständig welche Software auch immer zu entwickeln. Andererseits geht es hier darum, Software zu schreiben, mit der man etwas illegales (nämlich das lizenzwidrige Verwenden von Open Source in Closed Source Projekten) einfacher machen möchte. Das Problem ist nämlich, daß typischerweise in solchen Projekten nicht nur Busybox illegal verwendet wird, sondern meist auch viele andere Teilprojekte geplündet werden.\nEs reicht aber nicht, diese illegale Nutzung zu identifizieren , sondern man muß auch klageberechtigt sein. Busybox war und ist für die SFC hier ein bequemer Hebel, da die SFC die Rechte des Urhebers in diesem Fall wahrnehmen darf. Das Sony-Projekt dient nun in erster Linie nicht dem Fortschritt, sondern dazu, der SFC diesen Hebel aus der Hand zu nehmen - rechtlich stellen sich die betreffenden Firmen jedoch kein bischen auf legaleren Grund.\nAndererseits gibt es auch abweichende Meinungen, etwa diese :\nAs the ex-maintainer of busybox who STARTED those lawsuits in the first place and now HUGELY REGRETS ever having done so, I think I\u0026rsquo;m entitled to stop the lawsuits in whatever way I see fit.\nThey never resulted in a single line of code added to the busybox repository. They HAVE resulted in more than one company exiting Linux development entirely and switching to non-Linux operating systems for their embedded products, and they\u0026rsquo;re a big part of the reason behind Android\u0026rsquo;s \u0026ldquo;No GPL in userspace\u0026rdquo; policy. (Which is Google, not Sony.)\nToybox is my project. I\u0026rsquo;ve been doing it since 2006 because I believe I can write a better project than busybox from an engineering perspective. I mothballed it because BusyBox had a 10 year headstart so I didn\u0026rsquo;t think it mattered how much BETTER it was, nobody would use it. Tim pointed out I was wrong about that, I agreed with him once I thought about it, so I\u0026rsquo;ve started it up again.\nDie Stellungnahm von Harald Welte befindet sich in seinem Blog Er schreibt unter anderem:\nPeople who claim that GPL enforcement is scaring away companies from using Linux and/or other Free Software also have to be careful in what they say. If a commercial entity enters a new market (let\u0026rsquo;s say Android Tablets), then there is a certain due diligence required before entering that market. So if you don\u0026rsquo;t understand Free Software and particularly GPL licensing, then you shouldn\u0026rsquo;t place a Linux-based device on the market.\n\u0026hellip;\nBut come on, dealing with embedded devices in 2012 and still getting compliance outright wrong really means that there has not been the least bit of attention on this subject. And without enforcement, it is never going to change. People who want no enforcement should simply use MIT-style licenses.\n\u0026hellip;\nLet me conclude with a clear statement to anyone who thinks that by replacing Busybox with a non-GPL licensed project they can evade GPL enforcement: It will not work. There are others out there enforcing the GPL. Last but not least gpl-violations.org.\n","date":"2012-02-11T00:00:00Z","href":"https://blog.koehntopp.info/2012/02/11/busybox-die-gpl-und-wirrniss.html","tags":["free software","lang_de"],"title":"Busybox, die GPL und Wirrniss"},{"categories":null,"content":"In den letzten Tagen habe ich das mehrmals erklären müssen, daher jetzt einmal im Blog, damit ich das verlinken kann. Dieser Artikel ist, anders als der Rest des Blogs, CC-BY-SA .\nDer Fragesteller:\nIch habe Daten in meiner Datenbank, die ich erfolgreich mit meiner Anwendung einlesen und wieder auslesen kann. Wenn ich jedoch einen mysqldump mache, um die Daten auf ein neues System zu portieren, bekomme ich zerstörte Umlaute.\nDas Problem tritt auf, wenn man Daten in der Datenbank mit dem falschen Zeichensatz-Label speichert.\nIn MySQL klebt an jedem String ein Label, der den Zeichensatz angibt, in dem der String geschrieben worden ist. Der String _latin1\u0026quot;Köhntopp\u0026quot; ist also hoffentlich die Zeichenfolge \u0026ldquo;K-0xF6-hntopp\u0026rdquo;, und der String _utf8\u0026quot;Köhntopp\u0026quot; entsprechend die Zeichenfolge \u0026ldquo;K-0xC3 0xB6-hntopp\u0026rdquo;. Probleme treten auf, wenn das Label (\u0026quot;_latin1\u0026quot; oder \u0026ldquo;_utf8\u0026rdquo;) und die Datencodierung von Umlauten (0xF6 vs. 0xC3 0xB6) nicht übereinstimmen.\nZum besseren Verständnis gibt es die Artikel Zeichensatzärger und MySQL Zeichensatz Grundlagen hier im Blog.\nWie man den Fehler erzeugt Wir definieren eine Tabelle mit einer VARCHAR-Spalte, an der ein Zeichensatz-Label \u0026rsquo;latin1\u0026rsquo; klebt.\nmysql\u0026gt; create table t ( -\u0026gt; id integer unsigned not null primary key, -\u0026gt; f varchar(20) charset latin1 -\u0026gt; ) engine = innodb; Query OK, 0 rows affected (0.25 sec) Wir definieren die Verbindung zur Datenbank auch als latin1. Der Zeichensatz der Spalte t.f und das Zeichensatzlabel der Connection stimmen also überein.\nmysql\u0026gt; set names latin1; Query OK, 0 rows affected (0.00 sec) Wir senden nun Daten mit UTF8-codierung über eine Connection, die das Label latin1 trägt. Wir lügen die Datenbank also an:\nmysql\u0026gt; select hex(\u0026#39;Köhntopp\u0026#39;) as umlaut; +--------------------+ | umlaut | +--------------------+ | 4BC3B6686E746F7070 | +--------------------+ 1 row in set (0.00 sec) mysql\u0026gt; insert into t values ( 1, \u0026#39;Köhntopp\u0026#39;); Query OK, 1 row affected (0.00 sec) Die Daten sind also real in utf8 codiert, werden aber über eine Verbindung übertragen, die das Label latin1 hat. Die Spalte t.f hat ebenfalls die Codierung latin1. Es ist also keine Konvertierung notwendig und MySQL nimmt auch keine vor. Die Daten werden 1:1 so gespeichert, wie wir sie senden.\nLesen wir die Daten aus, gelingt das auch: Die Daten der Spalte t.f werden gelesen. Sie liegen in latin1 vor. Die Verbindung, über die wir die Daten lesen, ist ebenfalls latin1. Die Daten werden also 1:1 ausgelesen und in unserem utf8-Terminal korrekt angezeigt:\nmysql\u0026gt; select f, hex(f) from t where id =1; +-----------+--------------------+ | f | hex(f) | +-----------+--------------------+ | Köhntopp | 4BC3B6686E746F7070 | +-----------+--------------------+ 1 row in set (0.00 sec) Man sieht in der Ausgabe links einen korrekten Umlaut - das Terminal des Mac steht aber auf utf8. Man sieht rechts die Bytes vor jeder Ausgabekonvertierung auf der Platte - 0xc3 0xb6 sind ein utf8 o-Umlaut.\nUnd jetzt der Dump:\n... /*!40101 SET NAMES utf8 */; ... DROP TABLE IF EXISTS `t`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `t` ( `id` int(10) unsigned NOT NULL, `f` varchar(20) CHARACTER SET latin1 DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- -- Dumping data for table `t` -- LOCK TABLES `t` WRITE; /*!40000 ALTER TABLE `t` DISABLE KEYS */; INSERT INTO `t` VALUES (1,\u0026#39;Köhntopp\u0026#39;); /*!40000 ALTER TABLE `t` ENABLE KEYS */; UNLOCK TABLES; Wir sehen, daß mysqldump die Verbindung auf utf8 setzt. Das tut es immer, egal in welchem Format die Daten auf der Platte vorliegen. Das ist auch kein Problem: Der im Dump verwendete Zeichensatz ist ein Superset aller anderen verfügbaren Zeichensätze und kann alle Stringdaten in der Datenbank darstellen, egal in welchem Format sie auf der Platte vorliegen.\nDie mit latin1 belabelten Daten aus t.f werden nun also bei der Ausgabe von latin1 nach utf8 gewandelt. Sie sind aber real schon utf8, d.h. wir wandeln real utf8-Daten noch einmal nach utf8. Das Resultat kann man im Dump sehen: \u0026lsquo;Köhntopp\u0026rsquo; - doppelt codiertes utf8.\nEs ist zu beachten: MySQL macht hier alles richtig. Das Problem ist, daß in einer latin1-Spalte als utf8 codierte Daten abgespeichert worden sind, weil in einer mit \u0026ldquo;SET NAMES latin1\u0026rdquo; konfigurierten Verbindung utf8-Daten gesendet wurden. Wir haben den Server angelogen und bekommen unsere gerechte Strafe.\nDas Problem ist auf zwei Arten lösbar:\nLösung im Dump Die haarsträubende Kommandozeile\nserver:~ # mysqldump --default-character-set latin1 kris t | sed -e \u0026#39;s/SET NAMES latin1/SET NAMES utf8/\u0026#39; erzeugt einen Dump, bei dem die Verbindung auf \u0026lsquo;SET NAMES latin1\u0026rsquo; eingestellt wird - die Daten werden also genau wie in der Anwendung ohne jede Konvertierung ausgelesen.\nAllerdings steht im Dump dann immer noch, daß sie in latin1 codiert wären. Das ist immer noch falsch - die Daten sind korrekt in utf8 gespeichert. Die sed-Anweisung korrigiert das, indem sie alle Vorkommen von latin1 in utf8 ändert - Label und Inhalt stimmen nun überein.\nIn der neuen Datenbank werden die Daten jetzt also korrekt eingelesen. In der neuen Datenbank muß man nun noch dafür sorgen, daß die Anwendung dort korrekt \u0026lsquo;SET NAMES utf8\u0026rsquo; setzt, wenn sie denn utf8 verwendet.\nLösung in der Quelldatenbank Wie im Handbuch beschrieben, kann man:\nWarning\nThe CONVERT TO operation converts column values between the character sets. This is not what you want if you have a column in one character set (like latin1) but the stored values actually use some other, incompatible character set (like utf8). In this case, you have to do the following for each such column:\nALTER TABLE t1 CHANGE c1 c1 BLOB;\nALTER TABLE t1 CHANGE c1 c1 TEXT CHARACTER SET utf8;\nThe reason this works is that there is no conversion when you convert to or from BLOB columns.\nWir machen das also:\nmysql\u0026gt; show create table t\\G Table: t Create Table: CREATE TABLE `t` ( `id` int(10) unsigned NOT NULL, `f` varchar(20) CHARACTER SET latin1 DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci 1 row in set (0.00 sec) In der alten Tabelle ist die Spalte f als latin1 definiert, enthält aber utf8-Daten.\nmysql\u0026gt; alter table t modify column f varbinary(20); Query OK, 1 row affected (0.63 sec) Records: 1 Duplicates: 0 Warnings: 0 mysql\u0026gt; alter table t modify column f varchar(20) charset utf8; Query OK, 1 row affected (0.62 sec) Records: 1 Duplicates: 0 Warnings: 0 Wir wandeln f in ein VARBINARY um - das ist ein VARCHAR ohne Zeichensatzlabel, also ein Binärklumpen. Die Daten in f bleiben erhalten, sind nun aber kein String mehr, sondern eine bedeutungslose Bitfolge, die keinem Zeichensatz angehört.\nWir wandeln f dann wieder in einen Zeichensatz um, in diesem Fall VARCHAR(20) CHARSET utf8, also der korrekte Zeichensatz.\nWir machen das in zwei Schritten, damit die Datenbank die Assoziation zwischen unseren Bits und Zeichensätzen vergißt. Würden wir direkt von VARCHAR(20) CHARSET latin1 nach VARCHAR(20) CHARSET utf8 umwandeln, würde die Datenbank uns hilfreicherweise auch die Daten konvertierten. Das ist im Normalfall das, was man will, denn die Datenbank sorgt so dafür, daß heile Daten auch heil bleiben.\nIn unserem Fall ist es genau nicht das, was wir wollen, denn wir haben ja kaputte Daten, die wir heil machen wollen.\nDas Resultat:\nmysql\u0026gt; show create table t\\G Table: t Create Table: CREATE TABLE `t` ( `id` int(10) unsigned NOT NULL, `f` varchar(20) CHARACTER SET utf8 DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci 1 row in set (0.00 sec) mysql\u0026gt; select f, hex(f) from t; +-----------+--------------------+ | f | hex(f) | +-----------+--------------------+ | Köhntopp | 4BC3B6686E746F7070 | +-----------+--------------------+ 1 row in set (0.00 sec) Wir speichern nun utf8 Daten in einer utf8-Spalte. Damit stimmen Spalten-Label und Spalten-Daten überein und die Mechanismen der Datenbank arbeiten für uns, nicht gegen uns.\nWie man den Fehler in Zukunft vermeidet Lüge die Datenbank nicht an. Wenn Du SET NAMES latin1 eingestellt hast, sende latin1. Wenn Du SET NAMES utf8 eingestellt hast, sende utf8. Die Datenbank konvertiert Dir Deine Daten dann immer korrekt, egal welche Zeichensätze Deine Spalten haben oder ob Du latin1 und utf8-Anwendungen mischt.\n","date":"2012-02-10T00:00:00Z","href":"https://blog.koehntopp.info/2012/02/10/faq-mein-mysqldump-zerstoert-meine-umlaute.html","tags":["mysql","lang_de"],"title":"FAQ: Mein mysqldump zerstört meine Umlaute"},{"categories":null,"content":"Das BDSG, ein Produkt der 80er. Damals waren Computer wahlweise doof oder böse . Entsprechend ist die Verarbeitung personenbezogener Daten verboten. Komplett. Genau genommen sagt das BDSG:\nDie Erhebung, Verarbeitung und Nutzung personenbezogener Daten sind nur zulässig, soweit dieses Gesetz oder eine andere Rechtsvorschrift dies erlaubt oder anordnet oder der Betroffene eingewilligt hat.\nDas heißt natürlich, daß die Verarbeitung personenbezogener Daten nicht wirklich komplett verboten ist. Sie ist erlaubt, \u0026ldquo;soweit dieses Gesetz oder eine andere Rechtsvorschrift dies erlaubt oder anordnet\u0026rdquo;. Das heißt, das BDSG kann sich selber durchlöchern und jedes andere Gesetz kann das auch. Sich selbst erlaubt der Staat also die Verarbeitung personenbezogener Daten, gerne und großzügig, und schön verteilt über alle möglichen Gesetze, sodaß das nicht direkt sichtbar ist, in welchem Ausmaß das BDSG da mit Ausnahmetatbeständen durchlöchert wird.\nDie Verarbeitung personenbezogener Daten ist auch erlaubt, wenn \u0026ldquo;der Betroffene eingewilligt hat\u0026rdquo;. Nun ist Datenverarbeitung aber böse und der \u0026ldquo;Betroffene\u0026rdquo; darf nicht einfach so einwilligen. Die Einwilligung muß stattdessen \u0026ldquo;informiert\u0026rdquo; erfolgen und sie muß zweckgebunden sein - eine Pauschalerlaubnis ohne genaue Zweckbestimmung, eine Spielwiese - zu deklarieren ist also rechtlich nicht machbar, so weit geht die informationelle Selbstbestimmung dann doch nicht.\nWenn ich also in diesem Blog personenbezogene Daten verarbeiten will, oder gar Dritte das tun lassen will, dann ist das gar nicht so einfach.\nEinmal muß ich meine Nutzer darüber informieren, welche personenbezogenen Daten denn hier genau zu welchem Zweck so verarbeitet werden. Wenn ich das ändere, dann muß ich darüber natürlich auch informieren. Ich kann also immer (also bei jedem Beginn einer Session) informieren, oder ich kann so richtig personenbezogene Daten verarbeiten, mir also merken, welche User ich schon gesehen habe und worüber ich schon informiert habe und wozu welcher User schon zugestimmt hat, damit ich jedem User nur noch die Änderungen anzeige, über die ich ihn noch nicht informiert habe und denen er noch nicht zugestimmt hat. Wobei dann jeder User als Erstes der Verarbeitung seiner Daten zu Datenschutzzwecken zustimmen müßte (siehe die EU Cookie Richtlinie , die hat dasselbe Problem).\nSo weit so klar?\nFein. Wenn ich also Dritte die Verarbeitung personenbezogener Daten überlasse, dann wird die Sache noch ein wenig komplizierter, denn dann liegt Auftragsdatenverarbeitung vor. Ich kann also nicht einfach Google Analytics oder einen Facebook-Like-Button (technisch im Prinzip dasselbe) hier einbinden, sondern ich kann 11 Seiten Papier an Google oder Facebook senden, also einen Vertrag über Auftragsdatenverarbeitung schließen, und dann einfach die entsprechenden Buttons wie gehabt hier einbinden (hatten wir hier in ausführlicherer Form).\nWie man sieht geht es also beim Datenschutz nicht wirklich um den Schutz irgendwelcher Daten, sondern um Verwaltung derselben.\nWir können das ganze noch besser veranschaulichen, mit einem etwas physischeren Beispiel, das jeder aus dem täglichen Leben kennt:\nDas hier ist der in etwa unterarmlange Bon, den ich bei dem Einkauf in meinem Supermarkt vorgelegt bekomme:\nInformationen zum Datenschutz.\nEs handelt sich um die Informationen, wer meine Daten warum wie durch wen verarbeiten läßt, wenn ich meine Scheckkarte da zur Kassiererin rüberschiebe, in epischer Breite. Da unten dann ein Unterschriftenfeld. Ich unterzeichne, schnell, denn hinter mir stehen noch 8 andere, die auch ihre Waren über den Scanner geschoben haben wollen, und drängeln.\nWohl informiert und mit dem guten Gefühl, Bescheid zu wissen - gibt es eigentlich irgendeinen Menschen auf der Welt, der das schon mal gelesen hat, die Person, die das getextet hat, ausgenommen? - wird meine Karte belastet und die Ware bezahlt. Nach demselben Verfahren wie letztes Mal, als ich das auch schon unterschrieben habe.\nDann nimmt mir die freundliche Kassiererin die Erklärung weg - WTF? - und archiviert den sorgfältig, denn der Supermarkt und seine Dienstleister müssen ja nachweisen können, wie oft wer dieses Jahr dort wozu zugestimmt hat. Und ich bekomme meinen eigenen Bon. Ohne Datenschutzinformationen.\nMeine Bonkopie. Ohne Datenschutz.\nWie man sieht, geht es auch hier nicht wirklich um den Schutz von Daten oder meinen Interessen, sondern ein Verwaltungsritual, bei dem die Fiktion nachgewiesen werden muß, daß ich auch diesmal den Bon sorgfältig studiert habe, bevor ich meine Einwilligung zur Verarbeitung meiner Kreditkartendaten durch Kreditkrakenfirmen gegeben habe.\nWas wäre, wenn ich aus irgendwelchen Gründen ein reales Problem mit der Verarbeitung meiner Kartendaten hätte? Etwa, weil dort jemand arbeitet, von dem ich glaube, daß er mich stalken könnte oder mir sonstwie gefährlich oder unangenehm werden könnte? Würde der Datenschutz mir dann helfen?\nSagen wir, ich bin Mitarbeiterin in einem Frauenhaus, und der Markt, in dem ich einkaufe und die Mengen und Art der gekauften Güter könnten den Standort einer sicheren Wohnung des Frauenhauses gefährden und Aufschluß darüber geben, ob und wie stark eine solche sichere Wohnung genutzt wird, ob Babynahrung gekauft wird und so weiter.\nWürde so eine Form von Datenschutz mir dann die notwendige operative Sicherheit geben?\nNein. Sicherheit bekomme ich nicht durch Verwaltungsaufwand zur Aufrechterhaltung einer Fiktion von informierter Zustimmung. Belastbare Sicherheit bekomme ich durch Geheimhaltung, etwa durch Zahlung mit Bargeld oder andere Maßnahmen.\nIVW Zählpixel bei Heise Newsticker\nDieselbe organisierte Selbsttäuschung bemängelt Mario Sixtus in seinem G+ Artikel zum Thema Heise Buttonlösung für Facebook. Die Heise-Lösung deckt zwar Facebook-Like, Twitter und Google +1 Buttons ab, aber eben nur diese drei Dinge. Sie deckt nicht die gut 30 anderen Trackingdienste ab, die etwa einem Plugin wie Ghostery bekannt sind - und so kommt es, daß die Heise-Buttonlösung zwar per Default keine Daten an Twitter, Facebook oder Google Plus sendet, aber zum Beispiel auf den Heise-Seiten noch immer bei jedem Zugriff Daten durch den Browser des Users an die IVW gesendet werden, da Heise natürlich wie jede Zeitung den IVW-Zählpixel und den VG Wort Zählpixel einblendet. Ohne Buttonlösung.\nVG Wort Zählpixel bei Heise Newsticker\nWürde man wirklich ein Problem mit dem Tracking seiner Webzugriffe an zentraler Stelle haben, wäre die Heise Buttonlösung nicht wirklich hilfreich. Auch sie verwaltet nur Daten.\nHelfen würde Geheimhaltung, also die Unterdrückung entsprechender Zugriffe durch passende Browser Plugins, wie zum Beispiel Disconnect, Ghostery oder Request Policy.\nAber mit der Buttonlösung hat man etwas, das sichtbar ist. Insbesondere auch für die Leute, die gar nichts getan haben und sich auch mit dem Problem nicht selber auseinander setzen wollen: Sie bekommen ein paar Alibi-Schieber mit Cookie-Steuerung (Zur Verwaltung der Verarbeitung personenbezogener Daten müssen wir auch hier noch mehr personenbezogene Daten verarbeiten!), die sie hin- und her schieben können wie sie möchten und alle führen sich hinterher ganz enorm informationell empowered und selbstbestimmt. Die eigentlich wichtigen Zählpixel tickern dabei im Hintergrund immer weiter mit und erzeugen ein Leseprotokoll für jede einzelne Nachrichtenseite.\nUnd das, liebe Leser, ist die Definition von Datenschutztheater: Die perfekte Symbiose zwischen der Faulheit der Konsumenten und Datenschützern mit Existenzrechtfertigungsnotstand.\n","date":"2012-01-02T00:00:00Z","href":"https://blog.koehntopp.info/2012/01/02/datenschutztheater-die-informierte-zustimmung.html","tags":["privacy","politik","spackeria","lang_de"],"title":"Datenschutztheater: Die informierte Zustimmung"},{"categories":null,"content":"Das Cern macht in weniger als 2 Stunden [einen Webcast(http://webcast.web.cern.ch/webcast/). Der Titel ist \u0026ldquo;Update on the Standard Model Higgs searches in ATLAS\u0026rdquo;/\u0026ldquo;Update on the Standard Model Higgs searches in CMS\u0026rdquo; und anschließend Fragen zum Thema. Die Schau wird 2 Stunden dauern.\nMan erwartet, daß das CERN das Higgs Boson gefunden hat. Es gerüchtet, daß Atlas das Higgs Boson bei 124.5 GeV mit 2 Sigma gefunden hat, während CMS es bei 126 GeV mit 3.5 Sigma sieht. Demnach wäre es gewichtet mit 125.5 GeV anzusetzen und die Konfidenz ist noch nicht ganz hoch genug, um die Akte ganz zu schließen.\nAndererseits hat man schon mal eine Pro-Forma Konstante, damit die Theoretiker ihre Mathematik kalibrieren können - wenn ich die String-Theoretiker korrekt verstanden habe, wollen die eine GeV-Zahl für das Higgs haben, damit sie die Anzahl und die Krümmung ihrer Zusatzdimensionen richtig einstellen können, oder so was in der Art.\nDisclaimer: Ich bin Informatiker und habe Physik im 2. Semester des Vorstudiums aufgegeben.\nHiggs? Cern? WTF? Wieso ist das wichtig?\nIrc-Protokoll einer Erklärung für 16-jährige Schüler .\nTL;DR: Physiker haben die Antwort auf die Frage nach dem Universum und dem ganzen Rest gefunden. Sie lautet nicht 42, sondern vermutlich 125.5 Gigaelektronenvolt. Die Suche hat über 100 Jahre gedauert, und dabei haben sie nebenbei aus Versehen das Web erfunden.\n","date":"2011-12-13T00:00:00Z","href":"https://blog.koehntopp.info/2011/12/13/higgs.html","tags":["erklaerbaer","physik","lang_de"],"title":"Higgs"},{"categories":null,"content":" Dezember 1996 Silvesterfeier mit dem \u0026ldquo;Hohen Rath der 13. Weisen vom Feed\u0026rdquo; und der \u0026ldquo;Allianz wieder den Hohen Rath der 13 Weisen vom Feed\u0026rdquo; in der Wassilystraße in Kiel. Ich verfasse gerade den RfD rmgroup de.talk.bizarre.\nLinker Bildschirm: Linux-System, Mitte: NeXTstation (Graustufen-Display, 25 MHz 68040, 20 MB RAM, 1 GB HDD), Rechts: Storage, Tape und CD-ROM für NeXTstation.\nAuf dem Schild am Regal über mir steht: \u0026ldquo;Das Kopieren von Programmen ist aus urheberrechtlichen Gründen nicht gestattet.\u0026rdquo; Es stammt aus einem Kaufhaus, aus meiner C64-Zeit.\n","date":"2011-12-05T00:00:00Z","href":"https://blog.koehntopp.info/2011/12/05/15-jahre-zuvor.html","tags":["damals","kiel","linux","usenet","lang_de"],"title":"15 Jahre zuvor..."},{"categories":null,"content":"Christian Scholz berichtet berichtet von der Jugendmedienschutztagung von ZDF, ARD und Kirchen (sic!) in Mainz.\nDie Zusammenfassung ist: Die Debatte kommt nicht von der Stelle, die Argumente und Positionen sind noch immer dieselben wie vor 2 und 12 Jahren. Die Filterfraktion preist ihre technischen Lösungen an. Die Eltern- und Praktikerfraktion lacht trocken. Die Besitzer relativ neuer \u0026lsquo;Endgeräte\u0026rsquo;, die nicht Computer sind, sondern Handies, Playstations oder andere Spezialgeräte mit Internetzugang fragen, ob\u0026rsquo;s die Filter denn auch für $EXOTISCHE_HARDWARE gibt. Und am Ende verweigert man sich gemeinsam der Erkenntnis, daß sich Erziehung nun einmal nicht technisieren läßt, Jugendschutz also damit beginnt und endet, Eltern auszubilden und zu motivieren.\nWir danken für dieses Gespräch. Pieeep\n","date":"2011-12-05T00:00:00Z","href":"https://blog.koehntopp.info/2011/12/05/jmstv-nix-neues.html","tags":["internet","jugendschutz","media","film","lang_de"],"title":"JMStV: Nix neues"},{"categories":null,"content":"Occupy. Die Piraten beschließen, sich mit dem bedingungslosen Grundeinkommen auseinander zu setzen. Ich lese Andreas Eschbach \u0026ldquo;Eine Billion Dollar\u0026rdquo; neu, und es liest sich nicht wie ein Roman, sondern wie eine Art Jahresrückblick. Finanzkrise. The Origin of Wealth . Sugarscape . Beide erzählen dieselbe Story, die Eschbach da bringt. Plutonomie. Neusprech . Technische Regierungen.\nMein Browser hat mehr als 25 Tabs zu diesen Themen offen, und sie zeigen alle in dieselbe Richtung - wir müssen wichtige Dinge des Lebens neu denken, oder die Welt verändert sich ohne uns und läßt uns zurück.\nWo fange ich an. Vielleicht mit den TED Talks von Nic Marks und Richard Wilkinson. Das kostet Euch eine halbe Stunde Eures Lebens. Ich verspreche, sie ist gut angelegt.\nNic Marks: The Happy Planet Index erklärt eben diesen: Eine Alternative zum Bruttoinlandsprodukt, die persönliches Glück in Relation zu den eingesetzten Ressourcen setzt.\nRichard Wilkinson: How economic inequality harms societies zeigt, quasi im Anschluß, wie Gemeinschaften mit geringerer Ungleichheit (Gini coefficient , Gini coefficient nach Ländern ) besser funktionieren, nach einer ganzen Reihe von Metriken.\nWir können beobachten, daß diese soziale Ungleichheit über die Jahrzehnte in Deutschland, den USA und vielen anderen Staaten größer wird, daß der Gini Koeffizient wächst. Ein Alternet Special über Occupy Wallstreet zeigt die Auswirkungen auf vielerlei Weise, und Business Insider hat vergleichbare Daten, Singularity Hub auch. Und das gilt nicht nur für die USA, sondern eben auch für Deutschland .\nEs gibt Leute, die halten die dabei ablaufenden Mechanismen für ein Zeichen ihrer Befähigung oder als Indikator für ihr Ausgewähltsein: Schon 2009 fanden die Plutonomy-Reports der Citigroup ihren Weg an die Öffentlichkeit:\n\u0026ldquo;Michael Moore highlights a confidential report that Citigroup initially circulated only to it\u0026rsquo;s wealthiest customers. Those reports, since leaked, plainly discuss the power of the Plutonomy in America, and how it would only strengthen, as long as the \u0026ldquo;the rest us\u0026rdquo; (the non-plutonics) could be kept in the dark about the Plutonomy existence, its role, and its over-arching control in the American Economy.\u0026rdquo;\nDem ist nicht so: Die Mechanismen, die dabei am Werk sind, werden in Andreas Eschbachs Eine Billion Dollar auf eine ganz wunderbare Weise erzählerisch verpackt und haben nichts mit Auserwähltheit zu tun. Eschbach diskutiert auch verschiedene Mögliche Reaktionen und erläutert ihre Funktionsweise. Eschbach hebt besonders auf die Notwendigkeit einer Tobin-Tax (allgemeiner eine Finanztransaktionssteuer ) ab, die überaus geeignet ist, die derzeit amoklaufenden Finanzmärkte sinnvoll zu steuern.\nZwei andere, dringend empfehlenswerte Bücher, die Hintergründe und Mechanismen ohne Story, aber nicht minder spannend vermitteln, habe ich in Fertig gelesen: The Origin of Wealth rezensiert: The Origin of Wealth und Sugarscape: Growing Artificial Societies .\nInsbesondere Sugarscape zeigt, daß dieses Phänomen der unkontrollierten Anhäufung von Reichtum sich mit allereinfachsten zellularen Automaten reproduzieren läßt, wenn bestimmte Regelsätze in Kraft sind. Ebenso wird gezeigt, daß wirtschaftlicher Erfolg (und am Ende maximal ungleiche Ressourcenanhäufung) eben nicht von persönlichem Einsatz oder persönlicher Begabung abhängt, sondern sehr wesentlich vom Zufall bestimmt wird.\nThe Origin Of Wealth ist eine Tour durch die Geschichte der Volkswirtschaft, und wie deren Modelle sich nach und nach als unzureichend erwiesen haben und sukzessive neue Ideen eingearbeitet haben. Das Buch macht außerdem im 3. Teil eine sehr klare Aussage: Ungleichheit und ihre Entwicklung sind eben kein Automatismus, und keine Notwendigkeit für das Funktionieren eines Systems, sondern sie sind eine Wahl, die eine Gesellschaft treffen kann.\nGriechenland und Italien haben stattdessen eine andere Wahl getroffen: In beiden Ländern ist im Grunde genommen eine politische Regierung durch eine finanzielle Verwaltungsregierung ersetzt worden: Die Niemandsregierung ist die Kapitulation der Politik vor den Banken und die Abgabe der Souveränität des Volkes an die Firmen . Der Spiegelfechter bringt es noch mehr auf den Punkt :\nDie eigentliche Gefahr dieser Krise ist, dass eine Lösung oder Versuche dazu nicht mehr in rechtsstaatlicher Weise erfolgen. Wenn man heute auf Staatsbankrott spekulieren kann, dann hört der Spass auf. Und die Beschleunigung der Entscheidungsprozesse, die sich die Regierenden diktieren lassen, ist beunruhigend. Das Bundesverfassungsgericht wird in nächster Zeit in besonderer Weise gefordert sein, aber es fragt sich, ob die Rolle eines passiven Kontrolleurs genügt. Es müsste auch einstweilige Anordnungen erwägen, um verfassungskonforme Zustände zu sichern.\nDie internationalen Finanzmärkte bedrohen inzwischen die Souveränität der Völker, und so kann sich die Finanzkrise kann sich zu einer Systemkrise ausweiten, in der wir Freiheit, Demokratie und Rechtsstaatlichkeit wieder verteidigen müssen.\nEine Grafik, die ich sehr spannend finde, stammt aus dem\nBusiness Insider Artikel :\nZu dieser Grafik gibt es eine Schwestergrafik bei Alternet :\nDie Produktivität der Menschen, die Arbeit haben, steigt an, aber sie verdienen dafür nicht mehr. Stattdessen steigen die Gewinne der Unternehmen und damit der Reichtum der Leute, die Anteile daran haben. Wir finden Artikel, die das erklären: Die Auswirkungen des technischen Fortschritts auf die menschliche Arbeit bei Netzwertig mit Blick auf die (natürlich) IT-Branche, und dort auch schon ein Zeiger auf das Bedingungslose Grundeinkommen, und wieso es in die Diskussion kommt.\nWorum geht es? Um ein neues Weltbild als Grundlage von Politik und Wirtschaft Ich hoffe, dass es der neuen globalen [Occupy] Bewegung gelingt, für etwas einzutreten, nämlich für ein neues Weltbild als Grundlage unseres politischen, wirtschaftlichen und sonstigen Handelns:\nfür ein Weltbild, in dem die Güter der Erde für alle reichen für ein wahrhaft ökologisches Weltbild, in dem Lebewesen und Dinge nicht isoliert voneinander existieren, sondern alles mit allem zusammenhängt für ein Weltbild, in dem klar ist, dass ich das, was ich dem anderen zufüge, mir selbst zufüge für ein Weltbild, in dem die Würde aller Lebewesen als gegeben gilt für ein Weltbild, in dem Wachstum vorallem als geistiges Wachstum gesehen wird Vor diesem Hintergrund in Wirtschaft und Politik hat die Piratenpartei letztes Wochenende auf ihrem Parteitag beschlossen, sich als Partei mit dem Bedingungslosen Grundeinkommen auseinander zu setzen - unsere Industrie- und Wirtschaft sind leistungsfähig genug für eine 20/80-Gesellschaft (\u0026ldquo;20% der arbeitsfähigen Gesellschaft reichen aus, um den übrigen 80% und sich selbst eine sehr hohe Lebensqualität zu bieten\u0026rdquo;). Wir werden nie wieder Vollbeschäftigung haben. Wir müssen endlich das gesellschaftliche Problem des industriellen Strukturwandels angehen anstatt es weiter wie seit den 1980er Jahren vor uns her zu schieben - was Alexx sagt .\nDenn wir werden eine Gesellschaft bekommen, bei der in erster Linie Maschinen arbeiten, und wir müssen Wege finden, als Menschen dort unseren Platz zu finden, weil eben die meisten von uns \u0026lsquo;arbeitslos\u0026rsquo; nach heutiger Definition sein werden. Was immer das dann bedeuten soll, eines Tages. Wir müssen uns weiter entwickeln, was Mela sagt .\nDabei wird es eine Reihe von Neid- oder sagen wir, Fairness-Diskussionen geben, wie man hier nachlesen kann. Diese Mechanismen stecken alle in uns drin. Sie sind nur nicht unbedingt hilfreich, wenn man eine \u0026ldquo;Star Trek Gesellschaft\u0026rdquo; hat, in der tatsächlich Arbeit und Einkommen zu einem Teil entkoppelt sind. Auch da müssen wir Arbeit leisten, und was mspr0 sagt .\nWas genau hat die PP da in Offenbach beschlossen? Was reizzentrum sagt .\nWie also soll die Gesellschaft für das 21. und die folgenden Jahrhunderte aussehen? Oder wollen wir das den Firmen und den Banken überlassen? Die Zukunft ist da. Es ist die Aufgabe unserer Generation, sie gleichmäßiger zu verteilen .\nIn diesem Sinne: DirektRossi ","date":"2011-12-05T00:00:00Z","href":"https://blog.koehntopp.info/2011/12/05/the-pursuit-of-happiness.html","tags":["piraten","politik","lang_de"],"title":"The pursuit of happiness"},{"categories":null,"content":"The Lean Startup , Eric Ries, EUR 10.99\nDas Buch \u0026ldquo;The Lean Startup\u0026rdquo; von Eric Ries wurde mir von Johann-Peter Hartmann und den anderen Maiblümchen als Antwort auf meinen Froscon-Vortrag dieses Jahr geschenkt, damit ich mich nicht mehr so alleine fühle. :-) In der Tat beschreibt Ries eine ganze Reihe von Firmen, die in einem Umfeld extremer Veränderung und Unsicherheit agieren - das ist Ries' Definition von Startup, und die kann auch recht große Firmen oder Behörden abdecken. Sie beschreibt auch mein Arbeitsumfeld recht gut.\nRies fragt sich, mit welchen Methoden Firmen in den Quadranten des Cynefin-Modells agieren können, die von \u0026ldquo;Simple\u0026rdquo; (Es existiert eine Best Practice und ein quantitativer Prozeß zu ihrer Einhaltung und Verbesserung) verschieden sind. Es geht also darum, wie ein Startup in sich verändernden, unbekannten oder unentwickelten Märkten herausfinden kann, welche Dienste oder Produkte einem Kunden bezahlenswert erscheinen. Hat eine Firma diesen Markt gefunden, geht es weiter darum, wie man diesen Markt wachsen lassen kann bzw. in diesem Markt wachsen kann.\nEr kommt zu dem Schluß (und belegt diesen), daß Firmen in Startup-Situationen experimentieren müssen, ja, daß dies die wichtigste Kommunikation mit dem Kunden ist. Firmen müssen aus diesen Experimenten Lehren für ihre Produkte oder Dienste ziehen, und diese dann in der nächsten Iteration umsetzen. Nach Ries ist es dabei sehr wichtig, früh, viel und schnell zu experimentieren - und dies ist in einer Startup-Situation wichtiger, als ein vollständiges, korrektes oder durchentwickeltes Produkt zu haben.\nEr führt eine ganze Reihe von Beispielen auf, in denen Firmen Geld, Zeit und Personen in die Entwicklung von Produkten gesteckt haben, die dann am Markt nicht funktioniert haben. Fehler sind um so leichter, schneller und billiger zu korrigieren, je früher die Phase der Produktentwicklung ist, in der sie erkannt werden. In unsicheren oder unreifen Märkten ist es daher wichtig, als Erstes mit dem Kunden zusammen das Produkt zu testen und es dann erst mit traditionellen Methoden fertig zu stellen (Testing in Production kann dabei helfen). So kann man sicherstellen, daß die begrenzten Engineering-Kapazitäten des Startups nur auf Produktiveränderungen angewendet werden von denen schon bewiesen ist, daß sie sich positiv auf das Geschäft auswirken werden.\nDabei legt Ries großen Wert darauf, nicht blind zu testen, sondern das corporate learning durch Experimente zu messen und zu validieren, die nicht-monetäre Wertschöpfung eines Startups also quantifizierbar zu machen, da diese Metriken Investoren oder Stakeholders Instrumente an die Hand geben, erfolgreiche von nicht erfolgreichen Startups zu unterscheiden, auch wenn diese noch keinen Gewinn machen. Ries mißt dazu Dinge wie verbesserte Conversion, Adoption Rates oder andere wichtige Metriken, die zeigen, daß sich das Unternehmen in seinem Zielmarkt besser bewegt, weil es jetzt mehr darüber weiß.\nAuf der Grundlage dieser Metriken kann die Unternehmensführung dann entscheiden, wie mit dem Produkt oder Dienst zu verfahren ist (\u0026ldquo;Pivot or persevere\u0026rdquo; - Ändern oder weitermachen). Wenn ein Startup einen Pivot durchführt, also grundlegende Änderungen am Produkt oder eine Strategieänderung notwendig sind, dann ist dies eine Entscheidung, die oft schwer zu kommunizieren ist. Also gibt Ries eine Reihe von Hinweisen, wie Pivotpunkte zu erkennen, zu klassifizieren und erfolgreicher zu kommunizieren sind.\nAbschließend konzentriert sich Ries dann darauf, den dargestellten Forschungsmechanismus zu institutionalisieren und zu beschleunigen, und dabei die Lerngeschwindigkeit der Firma meßbar zu machen.\nAlles in allem ein faszinierendes Buch, bei dem man sich zwar durch den iterativen amerikanischen Lehr- und Erklärstil durchbeißen muß, das aber eine ganze Menge Dinge in Perspektive setzt, mit denen ich in den letzten Jahren täglich zu tun hatte.\n","date":"2011-12-02T00:00:00Z","href":"https://blog.koehntopp.info/2011/12/02/fertig-gelesen-the-lean-startup.html","tags":["book","review","media","software","lang_de"],"title":"Fertig gelesen: The Lean Startup"},{"categories":null,"content":"Mitte November ist auf The Testing Planet ein Artikel von Seth Eliot (Microsoft) erschienen mit dem Titel Testing in Production . Eliot schreibt über Software Services, also Dienste, die auf einer Website laufen, sodaß die User keine Anwendungen installieren müssen (Wir erinnern uns: Microsoft ist noch immer ganz groß darin, Software auf physikalischen read-only Medien an Benutzer zu verschicken, auch wenn diese Software seit einer Dekade kaum mehr als ein Loader für Updates über das Internet ist und nach der Installation vom Medium erst einmal alle eben installierten Dateien durch das heruntergeladene Update durch neuere Versionen ersetzt werden).\nIn Software Services hat der Anbieter jedenfalls die Kontrolle darüber, welche Version der Software welchem Kunden präsentiert wird, und er hat in der Regel Zugriff und Meßmöglichkeiten im Data Center, auf dem die Software läuft, kann also auf der Serverseite diagnostizieren, was wann wie und warum schief geht.\nEliot behauptet nun, daß User seltsamer sind als Tester sich vorstellen können und man daher besser so früh als möglich mit echten Benutzern testet (Testing in Production = TIP). Vorhergehende synthetische Tests (Up Front Testing = UFT) können gemacht werden, sollten aber nur so weit gemacht werden, daß man sicher in der Produktion testen kann.\nEliot weiter:\nFor some TiP methodologies we can reduce risk by reducing the exposure of the new code under test. This technique is called “Exposure Control” and limits risk by limiting the user base potentially impacted by the new code.\nWas er damit meint, wird weiter unten klar, wenn er erläutert, welche Klassen von TIP er unterscheidet.\nRamped Deployment\nDer zu testende Code wird ausgerollt, ist aber zunächst nicht aktiv. Er wird für einen Subset der Benutzer aktiviert und überwacht. Dabei können unterschiedliche Aspekte des Codes untersucht werden - wie er sich auf die Geschäftsprozesse auswirkt, ob er technisch funktioniert oder wie er skaliert etwa. Benutzer können automatisch oder handselektiert sein, und wissen entweder, daß die mit experimentellem Code arbeiten oder nicht.\nEntscheidend ist, daß das Deployment von neuem Code und seine Aktivierung voneinander getrennt werden. Dies erlaubt es, Features graduell einzuführen und schnell zu deaktivieren, wenn sich Probleme entwickeln.\nControlled Test Flight\nein a/b-Experiment, in der alte und der neue Code parallel für unterschiedliche Benutzer aktiviert wird und die Benutzer nicht wissen, in welcher Kategorie sie sich befinden. Eine Unterkategorie von Ramped Deployment. Experimentation for Design\neine weitere Verfeinerung von Controlled Test Flight ist, die neue und die alte User Experience parallel für unterschiedliche, repräsentative Benutzergruppen zu aktivieren, um den Einfluß der neuen UX auf das Geschäftsmodell zu prüfen. Dogfood/Beta\nwissen die Benutzer um die Tatsache, daß sie neuen Code testen, handelt es sich nicht um Experimentation, sondern um eine Beta. Sind die Benutzer Mitarbeiter oder Freunde der Firma, handelt es sich um Dogfooding. Hier ist es oft zulässig, mit dem Wissen und Einverständnis der Benutzer zusätzliche Telemetrie zu installieren und auszuwerten. Synthetic Test in Production\ndas Anwenden von automatisierten UFT-Systemen auf Produktionssysteme. Sie können verwenden werden, um das Produktionssystem oder sein Monitoring zu validieren. Load/Capacity Test in Production\nLast und Kapazitätstest in der Produktion, bei Eliot unter Verwendung synthetischer Last gegen Produktionssysteme, meistens zusätzlich zur existierenden Last durch reale Benutzer, um die Kapazität des Systems zu bestimmen. Die mir bekannten Anwender solcher Verfahren spielen stattdessen eher mit den Gewichten an ihren Load Balancern, um die externe Last durch reale User auf weniger und weniger Backends zu konzentrieren. Synthetische Last wird dabei lediglich als Meßsonde verwendet, um die Latenz von Requests zu überwachen - kommt zur typischen Think Time des Benchmarks eine Wait Time hinzu, ist die den getesteten Frontends angebotene Load größer als ihre Kapazität und es baut sich eine Queue auf. Lastsättigung ist erreicht und die Kapazität des Gesamtsystems kann durch einfache Dreisätze bestimmt werden. Bricht man den Test hier ab, ist die UX für die realen User nicht destruktiv beeinflußt: Das System mag einigen Benutzern für kurze Zeit langsam erscheinen, ist aber zu allen Zeiten normal Funktionsfähig. Bricht man den Test nicht ab, sondern erhöht die Last vorsichtig weiter, kann man den Failure Mode des Systems verifizieren: Art und Lage der begrenzenden Ressource im Gesamtsystem wird offensichtlich, Qualität des Monitorings und Prozesse im Operating werden mitgeprüft. Diese Phase des Tests erfordert schnelle Reaktion, um den Einfluß auf die UX der realen Benutzer zu minimieren.\nOutside-in load /performance testing\nein Lasttest mit synthetischer Load, die von einer externen Quelle in die Produktionsumgebung injeziert wird, also denselben Weg nach drinnen nimmt wie die realen Benutzer. User Scenario Execution\nAusführung von Endbenutzer-Szenarien gegen ein Produktionssystem von den Endpunkten echter Benutzer. Kann manuelles Testen beinhalten. Diese Tests können regional unterschiedliche UX sichtbar machen (\u0026ldquo;Das System ist schnell genug in Europa, von Asien aus aber kaum benutzbar.\u0026rdquo;) Data Mining\nDie Logdaten echter Benutzer werden nach Problemen oder Testfällen durchsucht, die spezifische Szenarien darstellen. Die Fälle, die auftreten, werden automatisch als Bugtickets eingetragen. Das kann in Echtzeit passieren. Echtzeitmonitoring kann auf viele verschiedene Weisen nützlich sein. Insbesondere in den o.a. Lasttests ist ein Echtzeit-Errormonitor notwendig, um die Saturierung von der Überlast des Systems trennen zu können, und um Lage und Failure Mode der überlasteten Komponente im Produktionsweg schnell erkennen zu können. Ohne ein solches Echtzeitmonitoring ist diese Art von Test nicht sicher durchführbar.\nDestructive Testing\nInjektion von Fehlern in Produktionssysteme, um Servicekontinuität im Fehlerfall zu validieren ( Chaos Monkey ). Production Validation\nEchtzeitmonitore, die die verschiedenen Phasen der Produktion auf Businessebene, Contentebene, Technischer Ebene, Netzwerkebene und so weiter überwachen und visualisieren. Eliot bringt dann verschiedene Beispiel für TIP: Googles und Bings a/b-Experimente und 1% Launches werden genannt, sie sind Beispiele für Experimentation for Design. Controlled Test Flights werden dort ebenfalls verwendet, dabei werden kritische Änderungen ausgerollt und parallel zu getestetem Code betrieben - oft werden dabei Daten zweimal geschrieben: Der alte Code führt das alte System weiter, der neue Code arbeitet im neuen System mit anderen Dateien oder Datenbanktabellen.\nChaosmonkey war der Vorläufer eines Systems für Destructive Testing, das jetzt die Simian Army darstellt: Neben Chaos Monkey, der Komponenten zufällig aus dem System entfernt gibt es nun Latency Monkey, der Dienste zufällig verzögert, Conformity Monkey, der Systeme aus dem Dienst kippt, die nicht auf dem erwarteten Stand sind und viele andere Dienstprüfer und Killer mehr.\nEliot weist darauf hin, daß Tests in der Produktion gefährlich sein können und sie deswegen so aufgebaut werden müssen, daß sie keine Produktionsdaten verändern können und nur mit funktionierendem und schnellem Monitoring durchgeführt werden können.\nKorrekt ausgeführt eröffnen sie aber eine Menge Lernmöglichkeiten, die traditionellem Testen nicht zur Verfügung stehen.\n","date":"2011-12-02T00:00:00Z","href":"https://blog.koehntopp.info/2011/12/02/testing-in-production.html","tags":["computer","development","software","testing","lang_de"],"title":"Testing in Production"},{"categories":null,"content":"Argh! Ein mal, ein einziges Mal tut man etwas Gutes und dann das!\nIn den Kommentaren zu Nicht das Urheberrecht ist das Kernthema schrieb ich also:\nDu kannst Lena Falkenhagen ein neues Urheberrecht schreiben lassen, nach ihrem Wunsch, und das zum Gesetz werden lassen. Es würde ihre Situation nicht verbessern. Denn die Probleme, die sie da sieht oder hat - sie liegen nicht im Urheberrecht.\nund machte meinen Standpunkt also in einem Nachtrag noch einmal deutlicher.\nDadurch habe ich mir wohl eine Art Fadenkreuz auf die Stirn gemalt. Es beginnt mit Jan Delay, der sich mit den Realitäten auseinandersetzt, geht weiter bei Falk Wussow, der sie nicht wahr haben will, und schlägt dann auf bei Rafael Eduardo Wefers Verástegui, der in den Kommentaren dann von eben diesem Fadenkreuz Gebraucht macht:\nAuf der anderen Seite: Du hast sowieso keine Wahl, denn wie Kristian Köhntopp letzthin so schön verbloggt hatte: Das Urheberrecht und der Schutz von Urheberrechten ist nicht Dein Problem. Es wird Dir auch nicht helfen jeden Filesharer standrechtlich zu erschiessen.\nJetzt haben wir also einen kalten Novembermorgen, dichter Nebel liegt über Berlin. Ich, zwei Meter zwei groß, 135 kg schwer, unrasiert, habe einen rosa Tutu an und einen fetten massivgoldenen Zauberstab in der Hand. Meine Landung bei Falk Wussow ist wenig elegant: mehr so eine Bruchlandung. Immerhin gibt es außer mir keine Verletzten, auch wenn es um die Regale schade ist.\n\u0026ldquo;Tach,\u0026rdquo; sage ich, und bürste mir die Holzsplitter vom Tutu und den Legwarmers, \u0026ldquo;ich bin die Lobbyistenfee. Sorry, daß sie mich schicken, aber die jungen knackigen Mädels sind alle bei den Abgeordneten, Bungabunga, wissen schon. Für solche wie Dich bleibe dann leider nur ich.\u0026rdquo; Falk guckt irritiert.\nIch räuspere mich und muß lautstark hochziehen - verdammtes Küstenwetter, elende Sinusitis. \u0026ldquo;Tja, Falk\u0026rdquo;, fahre ich fort, \u0026ldquo;Du hast Glück.\u0026rdquo; Falk guckt fassungslos auf die Trümmer seiner Regalwand und kann sein Glück irgendwie nicht fassen.\n\u0026ldquo;Du hast eine Legislation frei. Sage uns, wie das Urheberrecht Deiner Meinung nach aussehen sollte, um alle Probleme der Urheber zu lösen. Du kannst es ohne Berücksichtigung irgendwelcher Grenzen frei und nach Wunsch umschreiben.\u0026rdquo; Falk schaut noch irritierter, falls so etwas noch möglich ist: \u0026ldquo;Was? Einfach so?\u0026rdquo;\n\u0026ldquo;Nein\u0026rdquo;, entgegne ich, \u0026ldquo;nicht einfach so. Es gibt eine Deadline, bis zum Ende des Monats. Aber das sollte für einen Künstler ja nichts ungewohntes sein. Und Du mußt erklären, wieso Du glaubst, daß genau diese Regel, so wie Du sie aufstellst, die Probleme der Künstler löst.\u0026rdquo;\nIch schwinge meinen Zauberprügel, eher wenig elegant - für diesen Job bin ich einfach nicht geschaffen! Auffällig-unauffällig werfe ich ein paar Ninja Rauchbomben, taste mich durch den Dunst hustend zur Tür und gehe ab.\nSo.\nWollen doch mal sehen, ob es Falk gelingt, die Welt in einen besseren Ort zu verwandeln. Vielleicht mag Lena helfen? Wenn es klappt, ist das sogar ein rosa Tutu wert. Zum Glück ist das hier Berlin. Selbst in der U-Bahn falle ich in meinem Aufzug kaum auf.\n","date":"2011-11-24T00:00:00Z","href":"https://blog.koehntopp.info/2011/11/24/von-einem-absturz-tutus-und-einem-neuen-urheberrecht.html","tags":["copyright","kultur","media","piraten","politik","lang_de"],"title":"Von einem Absturz, Tutus und einem neuen Urheberrecht"},{"categories":null,"content":"Es begannt mit einem Google Plus Artikel zum Thema EA und Origin. Origin ist ein Pflichtbestandteil von neueren Spielen von Electronic Arts, und geht über einen normalen Kopierschutz insofern hinaus, als daß es anfängt, die Platte des Kunden zu durchsuchen und unbekannte Mengen Daten aufzusammeln und an EA zu schicken.\nMein Post spießte die Tatsache auf, daß sich unsere Politik an Facebook hochzieht, inkonsequenterweise aber solche Dinge wie Origin ignoriert. Selbst dann, wenn sie wie in FIFA 12 auf die Rechner von 12 Jahre alten Kindern angewendet werden - wäre dies keine Firma, sondern eine natürliche Person, hätten wir hier einen Cyberstalking-Prozeß am Laufen.\nJemand machte dann den Default-Spackeria-Seitenhieb: \u0026ldquo;Ach, Origin ist nicht Post-Privacy-konform?\u0026rdquo;\nNein, ist es in der Tat nicht.\nDie Spackeria sagt zwei Sachen, soweit man überhaupt sagen kann, daß sie eine einheitliche Sicht auf die Dinge vertritt.\nDie Erste ist, daß wir durch die Art und Weise der Technikentwicklung immer mehr von uns Preis geben. Dadurch, und durch die Verknüpfung der Daten miteinander erzählen wir immer mehr über uns. In der Tat kann jeder Einzelne von uns da wenig gegen machen, insbesondere nicht durch den 80er-Jahre-Datenschutz mit \u0026lsquo;informiertem Einverständnis zur Datennutzung\u0026rsquo;, also dem wirkungs- und nutzlosen Extra-Einverständnishäkchen.\nDie Zweite ist, daß das nicht oder zumindest weniger schlimm ist, solange Transparenz auf Gegenseitigkeit geschaffen wird. Das heißt, daß Origin weniger Scheiße wäre, würde EA dokumentieren und durch Dritte verifizieren lassen, was da genau technisch gemacht wird, wie die Daten übertragen werden und auf welche Weise sie von EA genutzt werden.\n\u0026ldquo;Post-Privacy konform\u0026rdquo; wäre es, auf die Offenlegung der einen Seite mit einer adäquaten Offenlegung auf der anderen Seite zu reagieren, adäquat auch in dem Sinne, daß man offensichtliche Machtunterschiede berücksichtigt, um auszugleichen. Offenheit ist auf eine Weise eine Abrüstung und eine Deeskalation: Hier bin ich, das ist alles was ich bin, ich verstecke nichts (was für unsere gegenseitige Beziehung zueinander relevant wäre).\nVertrauen entsteht, wenn beide Seiten das tun. Und am Ende geht es genau darum.\nDas Internet bringt uns alle einander näher. Auch die, die einander nicht kennen, fremd sind, ihre eigenen Interessen beschützen wollen angesichts des Fremden. Diese ganzen Ausforschungs- und Datenprofilierungsversuche sind am Ende nichts anderes als der Versuch von Personen, Institutionen oder gar Nationen, sich selber die Angst vor \u0026lsquo;den Anderen\u0026rsquo; zu nehmen. Die motivierende Idee ist, durch Sammlung von Daten über früheres Verhalten und die Annahme von Stetigkeit zukünftiges Verhalten von ansonsten unbekannten, entfernten und nicht greifbaren Handelnden aus anderen Kulturkreisen Vorhersagen über zukünftige Handlungen treffen zu können und so Risiken gleich welcher Art besser einschätzen zu können.\nVertrauen als Grundlage einer Beziehung und des darauf erwachsenden Handelns kann aber nur entstehen, wenn dies auf eine adäquate Weise auf Gegenseitigkeit passiert.\nUnd das ist genau das, was den ganzen Post-Privacy-Spöttern (\u0026ldquo;Ach, auf einmal doch keine Offenlegung\u0026rdquo;) nicht klar ist. Oder für einen billigen Witz ignoriert wird.\n","date":"2011-11-16T00:00:00Z","href":"https://blog.koehntopp.info/2011/11/16/defaultseitenhieb-post-privacy.html","tags":["privacy","gaming","spackeria","lang_de"],"title":"Defaultseitenhieb(\"Post-Privacy\")"},{"categories":null,"content":"Der Beitrag Nicht das Urheberrecht ist das Kernthema ist von der taz verlinkt worden: Frédéric Valin faßt unter dem Titel Fortschritt ins dunkle Mittelalter den Stand der Debatte zusammen, kommt aber ebenfalls nicht zu einer Lösung - was ihn nicht hindert, schon in der Überschrift zu fordern \u0026ldquo;Die Piraten müssen das Problem Urheberrecht endlich lösen\u0026rdquo;.\nUnd da ist der Kern des Problems dann schon wieder, gleich im Titel. Mehrfach. Erstens werden die Piraten das Problem nicht lösen, genau wie keine andere politische Partei das tun wird, weil es so nicht geht. Denn zweitens ist das Urheberrecht nicht das Problem - wenn man Lena Falkenhagen oder sonst eine Person ein neues Urheberrecht schreiben ließe und es in ein Gesetz gösse - es würde nichts ändern.\nDenn das Problem ist nicht das Recht, das Problem ist der durch das Internet bewirkte Strukturwandel. Während die Industriealisierung millionenfach manuelle, repetetive, gefährliche und langweilige Arbeit weg rationalisiert hat, bewirkt das Internet auf eine ganz andere Weise ähnliches bei den Kopfarbeitern und Kreativen.\nBeispiel Wikipedia: Statt verschiedener Enzyklopädien, von denen jeder Haushalt wenigstens von einer eine Kopie im Regal stehen hatte, gibt es jetzt effektiv nur noch einen gemeinsamen Hort des Wissens, und den auch nur noch in einer zentralen Kopie, die wir gemeinsam betrachten und in Echtzeit bearbeiten. Und statt einiger Verlagsteams, die die Inhalte pflegen, tun wir alle dies nun, für lau.\nDieses Wikpedia-Prinzip ist es, das nun in immer mehr Kopfarbeiter-Branchen einzieht und dort links und rechts Geschäftsmodelle killt. Denn was anderes ist Sal Khan\u0026rsquo;s \u0026ldquo;Khan Academy\u0026rdquo; für Hersteller von Unterrichtsvideos? Was anderes sind Harry auf Deutsch oder Anime Fansubs, als die Anwendung des Wikipedia-Prinzips auf Übersetzungen und Untertitelungen? Was anderes ist O\u0026rsquo;Reillys Online Feedback Publishing System als die Anwendung von \u0026ldquo;Leser machen es selbst\u0026rdquo; auf das Lektorat?\nEs scheint so, als hätten viel zu viele Leute Here comes everybody für eine leere Drohung gehalten, oder das Konzept des kognitiven Überschusses für ein Hirngespinst. Beides ist real, und die Auswirkungen sind fundamental.\nNoch einmal: Es ist nicht das Urheberrecht, es sind nicht Mängel am Urheberrecht, die das Einkommen von Werkschaffenden bedrohen. Es sind stattdessen die Werke anderer Werkschaffender, die kollaborativ statt als Einzelkämpfer arbeiten und deren einzelne Beiträge so gering sind, daß der jeweilige Teilautor sie entgeltfrei abgibt.\nIn dem Moment, in dem ein Prozeß geschaffen wird, der ein solches kollaboratives Werkschaffen zuläßt und in dem Moment, in dem jemand ein Werkzeug schafft, daß diesen Prozeß der Kollaboration für eine Werkklasse automatisiert und mediatisiert, in dem Moment stirbt eine Branche. Nicht sofort, nicht komplett - aber sie wird mindestens marginalisiert. In den Kommentaren zu dem Ausgangsartikel findet sich ein schönes Beispiel: Johannes zählt auf, wie Werke in der Esperanto-sprechenden Community gemeinsam geschaffen werden, und daß das für alle Werk-Klassen funktoniert, ausgenommen Filme. Der Prozeß des Filmschaffens ist noch so arbeits- und kapitalintensiv, daß die Methoden dort noch nicht funktionieren. Der Rest - geschenkt. Im Wortsinn.\nDiesen Mechanismus eines fundamentalen Strukturwandels hält ein Urheberrecht - gleich wie man es formuliert - nicht auf. Und die sich daraus ergebenden Probleme löst eine einzelne Partei nicht. Schon gar nicht am grünen Tisch. Diese Sorte Probleme löst nur das Leben selbst, sie werden von Leuten entschieden, die experimentieren, Wagnisse eingehen, scheitern, es trotzdem anders noch einmal versuchen, und dann mit der ganzen Kraft ihrer Erfahrung und Energie diese Ergebnisse kommunizieren und lehren.\nDie Zeit hat da in einem Artikel über Selfpublishing-Projekte eine ganze Reihe von Beispielen. Manche von ihnen kommerziell, andere - und die Zeit kratzt hier nur an der Oberfläche - für Liebe.\nFelicia Day, selbst durch selbstpublizierte Filmprojekte zu einigem Ruhm und einem Einkommen gekommen, verweist in einem Artikel auf Google Plus auf Fox und ABC \u0026rsquo;\u0026gt;, zwei amerikanische Fernsehsender, die gerade einen Stern pullen und die Verfügbarkeit von Sendungen im Web zurückfahren wollen.\nDer Effekt, so Felicia Day: mehr Kopieren und Filesharing, und Verlust an Publikum - die Leute, die das sofort haben wollen, laden sich halt eine Kopie von anderen Quellen als Fox bzw. ABC runter, und die Leute, die warten können oder wollen, schauen das halt nicht im Fernsehen, sondern besorgen es sich zu einem späteren Zeitpunkt, vielleicht auf DVD, vielleicht indem sie es bei einem Freund kopieren, sobald der es hat. In jedem Fall schadet der Sender sich selbst und seinen Ratings. Felicia Day sieht beide Sender auf dem Weg von Tower Records und Borders Bookshops. Auch sie hat kein funktionierendes Modell parat, mit dem diese Sender (eigentlich: Produzenten) und die Konsumenten zueinander finden können.\n","date":"2011-11-10T00:00:00Z","href":"https://blog.koehntopp.info/2011/11/10/nachtrag-nicht-das-urheberrecht-ist-das-kernthema.html","tags":["copyright","kultur","media","piraten","politik","lang_de"],"title":"Nachtrag: Nicht das Urheberrecht ist das Kernthema"},{"categories":null,"content":"Wir hatten das Thema schon einmal in IP V6 verkehrt , aber es ist noch nicht tot. Spezialexperten für den Datenschutz aus aller Welt haben sich getroffen, und waren gemeinsam besorgt:\nDie Datenschutzkonferenz empfiehlt, die bisher bei Zugangsanbietern übliche dynamisch IP-Adressvergabe auch nach der Einführung von IPv6 beizubehalten. \u0026ldquo;Internetzugangsanbieter und Betreiber von Gateways sollte die Nutzung dynamischer IP-Adressen als Standardeinstellung anbieten\u0026rdquo;, heißt es in der am Freitag von Schaar veröffentlichten Entschließung (PDF-Datei).\nLutz Donnerhacke hat das zum Anlaß genommen, IP V6 einmal unter Datenschutzgesichtspunkten zu analysieren.\nSein Artikel kommt zu dem Fazit:\nDie aus der Not heraus geborene Idee, eine IP Adresse nur temporär einem Nutzer zuzuweisen, erwies sich als wirtschaftliche Goldgrube . Da für den Betrieb von Servern, also der eigenständigen Bereitstellung von Diensten, eine dauerhafte Erreichbarkeit des Servers notwendig ist, bot die Beibehaltung dynamischer IP-Adressen den Providern zusätzliche Einnahmequellen durch Hosting realer und virtueller Server, E-Mail und vieles mehr. [\u0026hellip;]\nEs gelang den Marketingabteilungen so erfolgreich, dynamische IPs als Vorteil, Schutz und Anonymität darzustellen, daß eine Abkehr von diesem Modell wenig wahrscheinlich ist.[\u0026hellip;]\nAuch die Datenschützer haben sich vor den Karren der Lobbyisten spannen lassen. Sie glauben mit dynamischen IP-Adressen das Grundübel des Internet aus ihrer Sicht entschärfen zu können. Schließlich invalidiert ja ein ständiger Wechsel der IP-Nutzer Zuordnung die von verschiedenen Webdiensten ausgeführten Idenitifizerierungen – bis zum nächsten Login, Cookie, soziale Netze-Button, E-Mail-Abruf, Tweet oder Werbebanner.\nEines der Hauptprobleme beim Umgang mit IP V6 ist, es als IP V4 mit langen Adressen anzusehen. Das ist nicht der Fall, wie Lutz an mehreren Beispielen mit Datenschutzbezug illustriert: Mit IP V6 haben wir so viele Adressen zur Verfügung, daß einem Kunden nicht nur mehrere Prefixe zugeteilt werden können, sondern einzelne Adressen auch für Dinge wie Authentisierungsmechanismen (CGA, Cryptographically Generated Adresses) verwendet werden können. Er zeigt, wie mit Hilfsmitteln wie rotierenden Prefixen unterbrechungsfreies Umnummerieren möglich ist (keine Zwangstrennung mehr), und welche anderen neuen Anwendungen durch V6 erst ermöglicht werden.\nDann schlägt er die Kehre und kehrt zu der Bemerkung oben zurück: »\u0026hellip; bis zum nächsten Login, Cookie, soziale Netze-Button, E-Mail-Abruf, Tweet oder Werbebanner.« Lutz dazu:\nFeste IP Adressen gestatten aber einen ganz anderen Ansatz zur Datensparsamkeit. [\u0026hellip;\nWeb 2.0 Techniken füllen eine Webseite mit Inhalten aus anderen Quellen , insbesondere von anderen Servern. Was spricht also dagegen, die privaten Daten daheim, auf einem Rechner mit fester IP, beispielsweise dem DSL-Router mit angeflanschter USB-Platte, abzulegen und anzubieten? [\u0026hellip;]\nDiese Vision setzt zwei Dinge voraus: Statische IPv6 Adressen nutzbar auf jedermanns Technik und den mündigen Menschen . Beides kann der Datenschutz leisten: Er hat den Bildungsauftrag, eigenverantwortlichen Umgang mit persönlichen Daten sicherzustellen und den Regulierungsauftrag, die betreffenden Hersteller und ISPs zur Entwicklung datensparsamer Konzepte anzuhalten. Er bekommt dafür die Chance, aktiv das techno-soziale Gefüge des Internets wieder zu demokratisieren.\n(Den vollständigen Artikel lesen )\n","date":"2011-11-09T00:00:00Z","href":"https://blog.koehntopp.info/2011/11/09/datenschutztheater-dynamische-ipv6-adressen.html","tags":["privacy","ipv6","politik","privacy","spackeria","lang_de"],"title":"Datenschutztheater: dynamische IPv6 Adressen"},{"categories":null,"content":"Die Süddeutsche hat einen määndernden Artikel , der auf Seite 2 dann doch noch irgendwie zum Punkt kommt und Rick Falkvinge verlinkt und daraus ableitet:\nJetzt, da sie erstmals in einem deutschen Parlament sitzen, scheinen sie genau das vergessen zu haben. Sie sprechen über fahrscheinlosen Nahverkehr, aber nicht über das Urheberrecht. Das ist erstaunlich, weil eine Pauschalabgabe fürs S-Bahnfahren genau auf dem urheberrechtlichen Modell basiert, das Juristen unter dem Begriff \u0026ldquo;Kulturflatrate\u0026rdquo; für die Netznutzung beschreiben.\nNun ist zum Einen ein Stadt- oder Landesparlament nicht der richtige Ort, um über Änderungen am Urheberrecht zu diskutieren - selbst auf Bundesebene sind Änderungen hier nur begrenzt möglich, und insofern läuft die SZ hier komplett an den politischen Realitäten und Zuständigkeiten vorbei.\nUnd zum anderen ist die Situation weitaus komplizierter, und das eigentliche Problem nicht durch Arbeit am Urheberrecht alleine zu packen. Entsprechend kann eine Lösung auch nicht von einer Partei alleine kommen - schon gar nicht von der Piratenpartei alleine.\nSehr schön erkennt man dies an der Frage, die Lena Falkenhagen auf Google Plus gestellt hat:\nWäre gespannt, wie die Piraten beim Wegfall des Urheberrechtes das kreative Schaffen entlohnen wollen. Ansonsten bin ich mittellos.\nChristian Buggedei hatte mich auf diese Diskussion aufmerksam gemacht und ich habe den Artikel auf Google Plus weiter geshared, um noch ein paar relevante Personen mehr darauf aufmerksam zu machen, und so hat sich mit 81 Kommentaren dort auch ein sehr spannender Diskussionsfaden entwickelt. Er selbst verweist auf meinen Artikel Falscher Planet, falsches Jahrtausend , und zitiert\nDas Wesen aller IT ist die Kopie. [..]\nHier ist die Wahl. Sie ist die einzige Wahl. Sie ist digital, wie das Medium, das die Wahl erzwingt:\nKopieren hinnehmen. jede \u0026gt; Kommunikation von Jedermann mit jedem anderen immer auf ihre Legalität hin untersuchen und filtern. Wenn Fall 2 nicht stattfindet, bildet sich sofort ein Overlay-Netzwerk und Fall 1 tritt ein.\nEr äußert sich weiter und schreibt:\nIch kenne keinen in der Piratenpartei der Inhaltsschaffenden - seien es Musiker, Autoren, Maler, Fotografen, Komponisten oder sonstwem etwas anderes als Respekt und den Wunsch, dass sie ein Einkommen haben entgegenbringt. Nicht umsonst zeigen immer wieder Studien, dass gerade die \u0026ldquo;Powerdownloader\u0026rdquo; in der Regel überdurchschnittlich viel Geld für Medien jedweder Art ausgeben. Aber wir von der Piratenpartei sehen eben auch, dass zur Durchsetzung der Verwertungsrechte wie sie derzeit aussehen, man den von Kristian geschilderten Fall 2 zwingend implementieren muss - und das ist etwas, was wir aus bürgerrechtlicher Sicht schlicht nicht hinnehmen können.\nIch führe das in meinem eigenen Kommentar dort in eine andere Richtung noch etwas weiter aus (redaktionell überarbeitet):\nDa ist zunächst die von Christian Buggedei zitierte Beobachtung in meinem Artikel - das ist noch keine Forderung, sondern nur eine Feststellung. Ich glaube tatsächlich nicht, daß wir alle da viel Wahl haben: Die Umstände des Schreibens ändern sich und damit das Biotop, in dem Werkschaffende tätig sind.\nDa ist einmal die Leichtigkeit, mit der Kopien von irgendwas gemacht werden können - Bücher, Musik, Filme und auch alles mögliche andere, was auf einem Mal digital und nichtstofflich existiert und vorher dinglich war.\nDann ist da aber auch die Verminderung des Aufwandes und die Verkürzung der Publishing Pipeline: Jeder, der schreiben will, kann nun schreiben. Ob er gelesen wird ist noch einmal eine andere Sache - aber es gibt nichts und niemanden mehr, das jemandem vom Schreiben abhalten kann. Und so gibt es neben den Werken, die Du und Deinesgleichen für Geld produzieren nun haufenweise anderes Zeugs - frei erhältlich an Orten wie Wattpad oder einer der Tausend anderen Story Communities im Web. Gegen diese Leute und deren Preise treten Autoren für Geld nun an.\nDann ist da das Zwischenfeld, das nun entsteht - zwischen Wattpad und traditionellen Verlagen. Da ist zum Beispiel Kindle Direct Publishing , und zu den typischen Kindle-Only Preisen von $0.99, $1.99 oder $3.99 bekommt man eine Menge Zeugs, von dem nicht mal die Hälfte schlecht ist. Out of the Black zum Beispiel waren gut angelegte drei Dollar für eine Art World-of-Darkness Story, und The Rho Agenda: The Second Ship und Immune war feine Scifi Jugendliteratur, zwei Bücher für ca. vier Dollar.\nOb mit oder ohne Urheberrecht - das alleine ist genug, um die Luft aus den meisten derzeit existierenden Verlagen und den daran hängenden Autorenkarrieren zu lassen.\nAnders herum kann ich natürlich den Kopierschutz von einer AZW- oder sonstigen eBook-Datei entfernen. Ich habe auch noch nie eine Firma gesehen, in der nicht ein nicht weiter kartierter Server existiert hätte, der erstaunlich viel Plattenplatz gehabt hat und dessen Platten immer voll waren, obwohl nichts davon älter als 4 Wochen war. Oder eine Webpage mit einer langen Liste von Subsonic -Links oder eine andere Webpage mit einer Prozedur, wie man sich an die gemeinsamen Dropboxen der Kollegen dranklemmt.\nAuch das hat mit Urheberrecht als Gesetz nichts zu tun, abgesehen davon, daß es offiziell verboten ist und dieses Fakt dennoch nirgendwo irgendjemanden auch nur am Rande interessiert.\nDennoch bin ich fleißig dabei, Geld in Richtung von Autoren oder Musikern zu pumpen, denen es gelungen ist, mich zu begeistern. Idealerweise gibt es einen Weg, mit dem ich dabei möglichst wenig Reibungsverluste habe und möglichst wenig Zwischen-Instanzen mit finanzieren muß. Also kaufe ich Musik bei CDBaby und Bücher via KDP (siehe oben) und habe natürlich auch Iron Sky War Bonds gekauft.\nFrüher habe ich auch gerne CDs gekauft - im Quartal sind dabei etwa 400-500 Deutschmark Einkommen disponiert worden: Ich habe meine Musik halt gerne unkomprimiert und in physischer Form, damit ich sie neu digitalisieren kann, wenn mir danach ist. Aber ich habe gelernt, daß ich damit nicht Musiker fördere, sondern nur koksende Sony-Spacken, die mir zum Dank für meine Investition wie in Sonys Digitaler Hausfriedensbruch geschildert ein Rootkit auf meine Karre installieren, gleich neben den Staatstrojaner.\nFrüher habe ich auch gerne Bücher gekauft. Aber dort kommen von den 7.99 EUR eines Bastei-Lübbe oder Heyne-Buches nur Bruchteile dem Autor, den ich gut finde, zugute. Also habe ich bei einem Umzug von den 2500 Büchern Scifi und Fantasy nur ein Billy voll behalten und kaufe nicht mehr beim Schund-Spezialisten aus dem Neuerscheinungsregal einen Arm voll Scifi/Fantasy im Monat. Stattdessen geht das Geld andere Wege - aber es ist nicht weniger, deucht mich: Anonyme Amazoniker zeigt das recht deutlich.\nUm das Urheber-Recht würde ich mich dabei an Deiner Stelle wenig Sorgen. Es ist das Kleinste Deiner Probleme, wenn Du mit dem Schreiben Geld verdienen willst.\nNoch einmal, weil es wichtig ist:\nUm das Urheber-Recht würde ich mich dabei an Deiner Stelle wenig Sorgen. Es ist das Kleinste Deiner Probleme, wenn Du mit dem Schreiben Geld verdienen willst.\nIch will damit sagen, daß wir es hier mit einem strukturellen Wandel in der Kommunikation und dem Verhältnis zwischen Werkschaffenden und Konsumenten zu tun haben, bei dem die Analyse \u0026ldquo;Urheberrecht - ansonsten bin ich mittellos\u0026rdquo; die realen Umstände vollständig verkennt oder gar verleugnet und in jedem Fall viel zu kurz greift.\n\u0026ldquo;Mittellos\u0026rdquo; ist eine Autorin nicht wegen des Rechtes, sondern wegen der Leichtigkeit, mit der jeder kreieren, publizieren, kuratieren und kommunizieren kann. Die Autorin tritt nicht mehr gegen die Texte anderer professioneller Autorin an, sondern gegen jeden, der etwas veröffentlichen möchte und insbesondere gegen Personen, deren Lebensunterhalt nicht an den Verkauf von Veröffentlichtungen gekoppelt ist, und die ihre Werke daher ohne weiteres kostenfrei publizieren können.\nIn einem weiteren Kommentar habe ich dazu Beispiele gebracht:\nKostenloskultur : Autoren von Lehrmaterial treten gegen Sal Khan an, der auf Youtube unglaubliche Mengen unglaublich guter Lehrvideos zu den wildesten Themen einstellt - und diesen Autoren vielfach die Geschäftsgrundlage entzieht.\nPoltik, Polemik und eine Agenda : Ich hatte eine spannende Unterhaltung mit der Katze und Dirk Remmecke über Anime und Anime Fansubs - gute Fansubs machen Anime-Vertrieben zu schaffen. Ein Problem dabei: Die Geschwindigkeit von Aktionen wie Harry Auf Deutsch und die Qualität von Aktionen wie dem Pretty Guardian Sailor Moon Live Action sind von kommerziellen Anbietern kaum zu schlagen - diese sind Begrenzungen durch Budget und Staffing ausgesetzt und sie treten bei populären Sachen gegen Armeen von Enthusiasten an, die kein Leben haben oder bereit sind, den größeren Teil ihrer Freizeit Wikipedia-Style in einen Crowdsourcing-Ansatz zu investieren.\nOnline Feedback Publishing System : O\u0026rsquo;Reilly stellt neue Bücher im Volltext zum Review auf OFPS (Online Feedback Publishing System) bereit, um Anmerkungen von interessierten Lesern zu Crowdsourcen und so die technische und inhaltliche Qualität des Werkes zu verbessern - Leser bekommen so aber auch (legal) den elektronischen Volltext aller möglichen Neuerscheinungen zu fassen.\nO\u0026rsquo;Reilly Registration Page : Anders herum: Bei O\u0026rsquo;Reilly kann man sein gedrucktes Buch auch registrieren und bekommt dann die elektronischen Fassungen kostenlos dazu, bzw kann das Werk auch auf neue Releases upgraden.\nDas sind alles Signale, die anzeigen, wie sich der Markt um Werke verändert - mit einem Werk für Geld tritt man immer auch gegen ein vergleichbares Werk für Liebe und Spaß an. Autoren und Verlage experimentieren derzeit wie wild, um herauszufinden, wie sie sich in so einem Umfeld ausreichend differenzieren können, um Leser zum Zahlen zu motivieren.\nKopierschutz ist es nicht, das wissen wir schon (weil es heute Thema in einer anderen Diskussion war, hier ein Satz Links zu einem einzelnen Hersteller: Audible DRM , Audible DRM , Audible DRM ).\nRechtsverschärfung ist es auch nicht - das meiste Getausche geht dark und nicht im offenen Netz ab, und offen gesagt interessiert die Rechtslage im nichtkommerziellen Umgang (\u0026ldquo;Privatkopie\u0026rdquo; - wobei da schnell mal Terabytes fließen) mit dem Urheberrecht faktisch seit Napster niemanden mehr. Ob man das jetzt noch im geschriebenen Recht anpaßt oder nicht ist mehr eine Formalität.\nNebenan bei der #Spackeria verwendete acid übrigens dasselbe Zitat von mir wie Christian Buggedei oben, in einem ähnlichen und doch ganz anderen Kontext: Herausforderungen der Informationsfreiheit .\nUnd schließlich: Ich habe ja auch mal für Geld geschrieben, wenn auch nie hauptberuflich: Artikel von KristianKöhntopp . Aber inzwischen ist es so, daß ich persönlich meine Artikel lieber kostenlos ins Blog stelle als etwa einem Verlag zu verkaufen: Warum alle meine Texte frei im Netz zu lesen sind .\nDer Return für mich ist besser, wen der Artikel dauernd frei im Netz steht als wenn mir ein Verlag was dafür bezahlt, UND ich habe keinen Nerv mit dem Vertragstanz mehr: Selbst Heise, als Verlag für Fachautoren echt superfreundlich, umgänglich und technisch kompetent, hat inzwischen Total Buyout Verträge und es war ein Riesenproblem, meine Sechs-Monats-Regel in eine iX-Autorenvereinbarung rein zu bekommen. Am Ende ist es für mich als Nebenerwerbs-Schreiber von technischen Artikeln den Nerv schlicht nicht wert - da gebe ich das Zeugs eben so weg.\n\u0026ldquo;Mittellos\u0026rdquo; ist auch eine Lektorin und Redakteurin, weil sich die Publishing Pipeline für die meisten Publizierenden so stark verkürzt hat, daß für diese Rollen darin kein Platz und somit auch kein Einkommen mehr vorhanden ist.\nMan erkennt, daß das Urheberrecht hier thematisch keine Rolle spielt, außer vielleicht als Instrument, die Transaktionskosten einer Veröffentlichung so weit zu erhöhen, daß \u0026lsquo;kostenlos\u0026rsquo; keine Option mehr ist. Das ist aber aus einer Reihe von anderen Gründen keine volkswirtschaftlich oder politisch wünschenswerte Option.\nZum Urheberrecht gibt es in der Piratenpartei selbst übrigens Personen, die in einer ähnlichen Situation sind, wie Lena: Mela Eckenfels zum Beispiel schreibt und ist eine engagierte Piratin. Ich habe in einem weiteren Kommentar einmal ihre Position aus ihrem Blog zusammen recherchiert:\nUnd dann muß ich in diesem Thread extra noch mal Mela Eckenfels erwähnen. Sie ist eine Piratin aus Karlsruhe, außerdem eine Autorin und von ihr hören wir inhaltlich die gleiche Klage wie von Lena.\nIch habe in den Kommentaren oben schon klar gemacht, daß ich das für fehlgeleitet habe - das Problem ist nicht das Urheberrecht und wenn jemand Probleme hat, vom Schreiben zu leben, dann liegt das meiner Meinung nach mit Sicherheit nicht am Urheberrecht, sondern eher an den anderen, sich rapide verändernden Umständen, die ich oben aufgezählt habe.\nDas Geschenk der Piratenpartei an die Verwerter , Long Tail , Butter bei die Fische\u0026hellip; , Wie Kulturschaffende Geld verdienen , Piratenschwarz .\nWobei insbesondere der Artikel Wie Kulturschaffende Geld verdienen im Grunde genommen nahtlos via Herausforderungen der Informationsfreiheit an die Forderung der Piraten nach einem bedingungslosen Grundeinkommen anschließt.\n#spackeria@Ircnet, 25-Oct-2011, 13:18\nIsotopp\u0026gt; acid_: Ich mag den Bogen von \u0026lsquo;Neue Kommunikations- und Überwachungsmedien -\u0026gt; Transparente Gesellschaft -\u0026gt; essentiell anarchie-fähige Gesellschaft, Grundeinkommen, Star Trek\u0026rsquo;\nWomit wir dann spätestens bei Star Trek wieder bei Mela sind. :-)\nLena Falkenhagen nimmt in der Diskussion selbst Stellung. Sie bezeichnet sich selbst \u0026lsquo;kein Kopierschutz-Nazi\u0026rsquo; und sagt, daß sie kein Problem damit habe, wenn Bücher weitergereicht, Songs kopiert oder TV-Serien aus den USA in andere Teile der Welt weitergegeben werden, wo sie noch nicht verfügbar sind. Ihre Aussage ist: \u0026ldquo;Ich anerkenne, dass es da eine Grauzone gibt, deren Definition noch getroffen werden muss.\u0026rdquo;\nIch bin mir ihr auf einer Linie, wenn sie sagt, sie habe keine Angst, daß die Menschen keine Geschichten mehr wollen, und ich habe genug Bücher von ihr gelesen (die einzigen DSA-Romane, die ich bei meiner Papierbücher-Ausmist-Aktion behalten habe, waren ihre!), um zu wissen, daß sie keine Angst vor der Konkurrenz haben muß.\nAber wenn sie schreibt: \u0026ldquo;Das Resultat eines Wegfalls des Vervielfältigungsrechts an der eigenen Geschichte [\u0026hellip;] wäre aber, dass ich mir einen Brötchenjob würde zulegen müssen, der 100% meiner Zeit frisst und nicht mehr (oder sehr eingeschränkt) schreiberisch tätig werden könnte.\u0026rdquo; (Mela schreibt sinngemäß dasselbe in Wie Kulturschaffende Geld verdienen ), dann muß ich doch mal böse unfair draufhauen.\nIch bin ja in meinem Leben einige Jahre als fahrendes Volk durch die Gegend gezogen und habe Kunden für Geld glücklich gemacht, d.h. ich war das, was man gemeinhin einen Berater oder Consultant nennt. Diese Tätigkeit bringt es mit sich, daß man erstaunlich viel schreibt - in der Woche kommen da mitunter durchaus dreistellige Seitenzahlen an Prosa zusammen, und zwar genau die Sorte Prosa, die Lena Falkenhagen und Mela Eckenfels in ihre Stellungnahmen so verachten: Gebrauchs-Sachliteratur, die das Ziel hat, den Kunden arbeitsfähig zu machen und ihn so auszubilden, daß er das, was ich da getan habe, nachvollziehen und in Zukunft selber machen kann.\nDer Unterschied zwischen \u0026ldquo;Werkschaffenden\u0026rdquo; (Hey, meine Texte sind keine Werke???) oder gar \u0026ldquo;Kulturschaffenden\u0026rdquo; (Angesichts solcher Anmaßungen regt sich in mir schon einige Aggression) und dem gemeinen sich prostituierenden Consultant ist der, daß diese Schaffenden ihre Werke und Ideen schützen, hegen und monopolisieren wollen, während der Consultant seine Werke in der Regel mit den Werken der anderen auf diesem Gebiet Schaffenden zusammenlegt, \u0026ldquo;Best Practice\u0026rdquo; definiert und das dann versucht, möglichst weit zu verbreiten.\nDer durchschnittliche Consultant lebt davon im Mittel besser als der durchschnittliche Autor. Meinjanur.\nTatjana Azundris spitzt das noch pointierter zu. Sie schreibt:\n\u0026ldquo;dass Urheber von ihren Werken derzeit kaum existieren können\u0026rdquo;\nDas ist auch kein Menschenrecht. Ähnlich wie Kristian Köhntopp befinde ich mich schuldlos in der Lage, daß das was ich kreativ anstelle zu einem akzeptablen Einkommen führt, mit dem ich (auch) Leute unterstütze, die mich begeistern. Es gibt aber kein Recht darauf, von Aktivitäten auf die man Lust hat auch leben zu können. Vielleicht ist die Epoche des Zeichnens, Schreibens, Komponierens für den Lebensunterhalt einfach zu Ende; das ist kein so komplizierter Gedanke. Wenn man das nicht will, wäre es womöglich zielführender, nicht auf das Urheberrecht einwirken zu wollen, sondern auf bedingungsloses Grundeinkommen hin?\nDen Mehrwert von Lektorat vermag ich uebrigens zu erkennen; den von Satz nur in Printmedien — es erscheint wagemutig, heute noch Annahmen ueber die Zielplatform zu machen.\nAnsonsten stelle ich fest, dass z.B. mein Comic-Konsum sich komplett von den grossen Verlagen abgelöst hat. Nicht nur sagt mir \u0026ldquo;1x täglich\u0026rdquo; mehr zu als \u0026ldquo;1x wöchentlich\u0026rdquo;, die Comics sind einfach besser. Was bekomme ich bei DC? Alle paar Jahre fahren sie\u0026rsquo;s so an die Wand, dass sie die continuity rebooten muessen und mein komplettes Investment im Po ist. Schön fuer Neueinsteiger, schlecht fuer Bestandskunden. Was noch? Women in Refrigerators. Rape- and porn-tastic nonsense. DC haetten mich als Kundin auch dann verloren, wenn es keine Alternativen gäbe. (Das ist die gepriesene Präselektion/Filterung durch die Verlag. Ich hätte da doch lieber ein Web of Trust bzw. data mining — \u0026ldquo;Leute die ähnliche Dinge wie Sie gut fanden, mochten folgende Werke die Sie noch nicht kennen \u0026hellip;\u0026rdquo;). Die comics die ich jetzt lese, sind schlauer, frauenfreundlicher, haben Charaktere aus Minderheiten denen ich angehöre, und ernaehren in vielen Faellen ihre Urheberinnen (Girls with Slingshots, Cat \u0026amp; Girl usw.). Dabei erscheinen diese comics gratis im Netz. Es ist nicht Urheberrecht das diese Frauen ernährt: \u0026ldquo;The secret ingredient is love.\u0026rdquo;\nWenn man Leute passend begeistert, geben sie einem Geld.\nAuch wenn sie nicht müssen.\nWiederum: Niche und starke Fan-Bindung, nicht Verlag.\n\u0026ldquo;Es gibt auch Musiker fuer die das funktioniert.\u0026rdquo; Und da ist noch nicht mal die Frage mit drin, ob der Gini-Index irgendwann so kaputt sein wird, dass Menschen entweder nicht lesen, gratis lesen, oder raubkopieren — alles, nur nicht ein $15 Buch kaufen, weil das ein Luxusgut ist.\nAuch nicht enthalten ist die Frage, ob Bücher in 10 Jahren noch zu Aufmerksamkeitsspannen der tl;dr-Generation passen werden. Ich selbst habe schon heute Bücher weitgehend durch Wikipedia-Artikel (zum Lesen) und podcasts bzw. TED und Stanford-Videos (zum Hören und dabei Einschlafen) ersetzt, und ich kann mich noch erinnern, als eine Bibliothek meine Erziehungsberechtigte war.\nWe\u0026rsquo;ve come a long way.\nEnde des unfair Draufhauens.\nAb dieser Stelle bricht die ganze Diskussion in dem Googe Plus Text ein wenig zusammen, unter anderem weil angefangen wird, Kopieren von Texten oder Konzepten mit dem Diebstahl in der Dinglichen Welt gleichzusetzen. Die Tatsache, daß das genau nicht gleich ist, ist die Ursache für die Alternative, die ich in Falscher Planet, falsches Jahrtausend stelle und die Christian Buggedei und Acid in ihren Texten zitieren. Die Tatsache, daß das genau nicht gleich ist, ist die Ursache für den Strukturwandel, den ich versucht habe, in langen Beispielen und Linklisten zu illustrieren.\nUnd dieser Strukturwandel ist so gewaltig, daß das Urheberrecht oder veränderungen gleich welcher Art an ihm weder in der Lage sind, die Situation zu verändern noch den Wandel auch nur zu verzögern. Wie ich oben schon sagte: Das Urheberrecht ist nicht der Punkt, über den sich Lena Falkenhagen und Mela Eckenfels sorgen machen müssen.\nUnd das ist auch der Grund, warum eine Antwort auf diese Frage nicht von der Piratenpartei alleine kommen kann. Wobei deren Konzept eines bedingungslosen Grundeinkommens wahrscheinlich schon einen guten Schritt in diese Richtung geht.\nLothar Gesslein bringt es auf den Punkt:\nMich, der jeden Abend ein E-Book liest, mehrmals pro Monat einen digitalen Film zuhause guckt, seit Jahren keine CD mehr gekauft hat und trotzdem oft Musik hört, betrifft diese Debatte genauso im Kern meiner Lebensrealität und -qualität wie den Autor, Filmemacher, Musikant der seine Brötchen bezahlen muss.\nSelbstverständlich haben die Erschaffer ein (moralisches) Recht zu diktieren unter welchen Bedingungen sie bereit sind weiter kreativ zu sein. Die Konsumenten haben aber genauso ein (moralisches) Recht zu diktieren unter welchen Bedingungen sie noch bereit sind die Finanzierung zu leisten.\nAm Ende muss man sich einigen, weil der Eine nicht ohne den Anderen kann.\n","date":"2011-11-08T00:00:00Z","href":"https://blog.koehntopp.info/2011/11/08/nicht-urheberrecht-ist-das-kernthema.html","tags":["copyright","media","piraten","politik","lang_de"],"title":"Nicht Urheberrecht ist das Kernthema"},{"categories":null,"content":"Q\u0026gt; Sag mal, NULL zählt nicht bei einem UNIQUE INDEX? Zum Beispiel ein UNIQUE INDEX auf (a,b) und dann\na b 1 2 1 2 Das geht nicht, da Duplikate Key. Aber\na b 1 NULL 1 NULL wird zugelassen.\nKris\u0026gt; Du kaufst bitte mal SQL für Smarties: Advanced SQL Programming und ißt das dann auf.\nmysql\u0026gt; select * from t; +----+------+ | id | d | +----+------+ | 1 | NULL | | 2 | 2 | | 3 | 3 | | 4 | NULL | +----+------+ 4 rows in set (0.00 sec) mysql\u0026gt; select count(*) as a, count(d) as b, count(coalesce(d, 0)) as c from t; +---+---+---+ | a | b | c | +---+---+---+ | 4 | 2 | 4 | +---+---+---+ 1 row in set (0.00 sec) mysql\u0026gt; select d, coalesce(d, 0) as dc from t; +------+------+ | d | dc | +------+------+ | NULL | 0 | | 2 | 2 | | 3 | 3 | | NULL | 0 | +------+------+ 4 rows in set (0.00 sec) Kris\u0026gt; Und außerdem\nmysql\u0026gt; select 0=0, 1=1, 0=1, NULL=0, NULL=1, NULL=NULL; +-----+-----+-----+--------+--------+-----------+ | 0=0 | 1=1 | 0=1 | NULL=0 | NULL=1 | NULL=NULL | +-----+-----+-----+--------+--------+-----------+ | 1 | 1 | 0 | NULL | NULL | NULL | +-----+-----+-----+--------+--------+-----------+ 1 row in set (0.00 sec) Q\u0026gt; Ah, es liegt also daran, daß NULL kein Wert ist, sondern einfach NICHTS.\nKris\u0026gt; NICHTS ist das falsche Wort. Es ist NULL. Das hat viele verschiedene Bedeutungen in SQL, es ist nicht mal konsistent. Es ist auch nicht undef, wie in Perl. Es ist NULL. Und was dann passiert, das muß man wissen.\nmysql\u0026gt; create table tt ( t int null, unique (t)); Query OK, 0 rows affected (0.37 sec) mysql\u0026gt; insert into tt values (1), (2), (2); ERROR 1062 (23000): Duplicate entry \u0026#39;2\u0026#39; for key \u0026#39;t\u0026#39; aber\nmysql\u0026gt; insert into tt values (1), (2), (NULL); Query OK, 3 rows affected (0.00 sec) Records: 3 Duplicates: 0 Warnings: 0 mysql\u0026gt; insert into tt values (NULL); Query OK, 1 row affected (0.00 sec) mysql\u0026gt; select * from tt; +------+ | t | +------+ | NULL | | NULL | | 1 | | 2 | +------+ 4 rows in set (0.00 sec) Kris\u0026gt; Das liegt daran, daß der UNQIUE INDEX schaut, ob für irgendeinen vorhandenen wert = der neue wert wahr ist. Wenn ja, wird der Wert abgelehnt. Wenn du aber ein vorhandenes NULL mit dem neuen NULL vergleichst, dann ist das nie wahr, und auch nie falsch, sondern immer NULL.\nmysql\u0026gt; select NULL = NULL, NULL \u0026lt;\u0026gt; NULL; +-------------+--------------+ | NULL = NULL | NULL \u0026lt;\u0026gt; NULL | +-------------+--------------+ | NULL | NULL | +-------------+--------------+ 1 row in set (0.00 sec) Kris\u0026gt; NULL ist also nicht gleich NULL, NULL ist jedoch auch nicht ungleich NULL. NULL ist auch nicht ungleich wahr, und es ist auch nicht gleich wahr.\nmysql\u0026gt; select 1 = NULL, 1 \u0026lt;\u0026gt; NULL; +----------+-----------+ | 1 = NULL | 1 \u0026lt;\u0026gt; NULL | +----------+-----------+ | NULL | NULL | +----------+-----------+ 1 row in set (0.00 sec) Kris\u0026gt; NULL ist auch nicht ungleich falsch und auch nicht gleich falsch.\nmysql\u0026gt; select 0 = NULL, 0 \u0026lt;\u0026gt; NULL; +----------+-----------+ | 0 = NULL | 0 \u0026lt;\u0026gt; NULL | +----------+-----------+ | NULL | NULL | +----------+-----------+ 1 row in set (0.00 sec) Kris\u0026gt; NULL ist NULL.\nQ\u0026gt; LOL. Kris, Du bist ein.. ich weiß es nicht. Irgendwas verrücktes.\nKris\u0026gt; Perl Programmierer kennen nun undef, und sehen\nKK:~ kris$ perl -e \u0026#39;$a = undef; print \u0026#34;keks${a}keks\\n\u0026#34;;\u0026#39; kekskeks Kris\u0026gt; SQL dagegen\nmysql\u0026gt; select concat(\u0026#39;keks\u0026#39;, \u0026#39;keks\u0026#39;) as keks, concat(\u0026#39;keks\u0026#39;,NULL,\u0026#39;keks\u0026#39;) as nix; +----------+------+ | keks | nix | +----------+------+ | kekskeks | NULL | +----------+------+ 1 row in set (0.00 sec) Kris\u0026gt; NULL ist NULL. Es ist nicht Nix. Also es ist nicht \u0026ldquo;\u0026rdquo;. Es ist NULL. Perl programmierer wieder so\nKK:~ kris$ perl -e \u0026#39;$a = undef; print 10+$a,\u0026#34;\\n\u0026#34;;\u0026#39; 10 Kris\u0026gt; Rate was SQL macht?\nmysql\u0026gt; select 10 + NULL; +-----------+ | 10 + NULL | +-----------+ | NULL | +-----------+ 1 row in set (0.00 sec) Kris\u0026gt; Vernichtet NULL also alles, womit es in Kontakt kommt? Nein, es ist nicht systematisch. In Aggregaten wird es übersprungen.\nmysql\u0026gt; select * from tt; +------+ | t | +------+ | NULL | | NULL | | 1 | | 2 | +------+ 4 rows in set (0.00 sec) mysql\u0026gt; select count(t), sum(t) from tt; +----------+--------+ | count(t) | sum(t) | +----------+--------+ | 2 | 3 | +----------+--------+ 1 row in set (0.00 sec) Kris\u0026gt; Konsequenterweise ist also avg(t) auch sum(t)/count(t) = 3/2 = 1.5\nmysql\u0026gt; select count(t), sum(t), avg(t) from tt; +----------+--------+--------+ | count(t) | sum(t) | avg(t) | +----------+--------+--------+ | 2 | 3 | 1.5000 | +----------+--------+--------+ 1 row in set (0.00 sec) Kris\u0026gt; Es gibt ein Prädikat, das NULL testbar macht - ISNULL(). Es gibt einen Operator, der NULL testbar macht: IS NULL\nmysql\u0026gt; select * from tt where t IS NULL; +------+ | t | +------+ | NULL | | NULL | +------+ 2 rows in set (0.00 sec) mysql\u0026gt; select * from tt where isnull(t); +------+ | t | +------+ | NULL | | NULL | +------+ 2 rows in set (0.00 sec) Kris\u0026gt; Es gibt in MySQL einen nonstandard Komparator, der NULL normalisiert.\nmysql\u0026gt; select * from tt as a join tt as b on a.t \u0026lt;=\u0026gt; b.t; +------+------+ | t | t | +------+------+ | NULL | NULL | | NULL | NULL | | NULL | NULL | | NULL | NULL | | 1 | 1 | | 2 | 2 | +------+------+ 6 rows in set (0.00 sec) mysql\u0026gt; select NULL \u0026lt;=\u0026gt; NULL, NULL \u0026lt;=\u0026gt; 0, NULL \u0026lt;=\u0026gt; 1; +---------------+------------+------------+ | NULL \u0026lt;=\u0026gt; NULL | NULL \u0026lt;=\u0026gt; 0 | NULL \u0026lt;=\u0026gt; 1 | +---------------+------------+------------+ | 1 | 0 | 0 | +---------------+------------+------------+ 1 row in set (0.00 sec) Kris\u0026gt; Vergleiche den normalen =-Operator.\nmysql\u0026gt; select * from tt as a join tt as b on a.t = b.t; +------+------+ | t | t | +------+------+ | 1 | 1 | | 2 | 2 | +------+------+ 2 rows in set (0.00 sec) Kris\u0026gt; Und es gibt eine Funktion, die, wenn sie einen NULL vorfindet, einen Default einsetzt. Genau genommen nimmt COALESCE() eine Liste von Werten und gibt den ersten Wert aus, der nicht NULL ist.\nmysql\u0026gt; select coalesce(t, 17) from tt; +-----------------+ | coalesce(t, 17) | +-----------------+ | 17 | | 17 | | 1 | | 2 | +-----------------+ 4 rows in set (0.00 sec) Kris\u0026gt; Und ich lehre unsere Entwickler, im Zweifel jeden NULLbaren wert in COALESCE() zu wickeln, weil sie die Logik von SQL im Hinblick auf NULL sowieso nicht korrekt hinkriegen. Also, im Hinblick auf die o.a. Tabelle tt:\nKris\u0026gt; Wenn\nmysql\u0026gt; select * from tt where t =1; +------+ | t | +------+ | 1 | +------+ 1 row in set (0.00 sec) ist, was ist dann der REST der Tabelle, also welches SQL-Statement lädt mir die andere Hälfte des Universums?\nmysql\u0026gt; select * from tt where t \u0026lt;\u0026gt; 1; +------+ | t | +------+ | 2 | +------+ 1 row in set (0.00 sec) Kris\u0026gt; Moment! Da fehlt doch was!\nmysql\u0026gt; select * from tt where t IS NULL; +------+ | t | +------+ | NULL | | NULL | +------+ 2 rows in set (0.00 sec) Das Gegenteil von SELECT * from tt where t = 1 ist eben NICHT select * from tt where t \u0026lt;\u0026gt; 1. Es ist SELECT * from tt where t \u0026lt;\u0026gt; 1 OR t IS NULL, weil tt.t nullbar ist. Und weil das Programmierer nie im Leben hinkriegen, verbieten wir denen NULL Werte weitestgehend.\n","date":"2011-11-04T00:00:00Z","href":"https://blog.koehntopp.info/2011/11/04/null-is-null.html","tags":["database","mysql","sql","lang_de"],"title":"NULL is NULL"},{"categories":null,"content":"Ich bin Informatiker, kein Jurist. Die Juristen und Verwaltungsmenschen, die ich kenne, haben mich jedoch gelehrt, daß Menschen in Deutschland Handlungsfreiheit haben - sie können tun, was immer sie wollen, solange dem nicht ein Verbot durch ein Gesetz entgegensteht. Dem Staate jedoch, so erklärten sie mir, ist diese Freiheit nicht gegeben: Grundlage allen staatlichen Handelns muß ein Gesetz sein.\nDarum ist der von der Firma Digitask im Auftrag der bayrischen Staatsregierung entwickelte und nahezu bundesweit eingesetzte Staatstrojaner so ein Problem: Die rechtliche Grundlage für seinen Einsatz ist nämlich mindestens strittig, wenn nicht sogar offensichtlich nicht gegeben.\nDas Urteil des Bundesverfassungsgerichtes vom 27. Februar 2008 setzt dem Ganzen recht enge Grenzen. Es definiert ein neues \u0026ldquo;Grundrecht auf Gewährleistung der Vertraulichkeit und Integrität informationstechnischer Systeme\u0026rdquo; als mittelbares Grundrecht, das seine Grundlage aus dem allgemeinen Persönlichkeitsrecht zieht, und schränkt die Anwendung einer \u0026ldquo;Online-Durchsuchung\u0026rdquo; (eigentlich: verdeckter Einbruch und heimliche Ausforschung - eine Durchsuchung erfolgt unter Zeugen und mit Wissen des Durchsuchten!) stark ein.\nZugleich öffnet das Urteil in Leitsatz 4 die Tür zur Möglichkeit der Quellen-Telekommunikationsüberwachung , wobei die Frage ist, ob es so etwas überhaupt geben kann:\nSoweit eine Ermächtigung sich auf eine staatliche Maßnahme beschränkt, durch welche die Inhalte und Umstände der laufenden Telekommunikation im Rechnernetz erhoben oder darauf bezogene Daten ausgewertet werden, ist der Eingriff an Art. 10 Abs. 1 GG zu messen. [\u0026hellip;] (Artikel 10 GG definiert das Fernmeldegeheimnis und seine Grenzen).\nDer vom Chaos Computer Club analysierte und aufgedeckte Staatstrojaner geht in seinen Möglichkeiten weit über eine Telekommunikationsüberwachung hinaus: Er bietet Möglichkeiten, beliebige Dateien vom Zielrechner herunter oder dort hin hoch zu laden und starten, er kann Bildschirmfotos machen oder Mikrofon und Kamera des Rechners zur Raumüberwachung nutzen.\nDer CCC zieht das Fazit:\nDie von den Behörden so gern suggerierte strikte Trennung von genehmigt abhörbarer Telekommunikation und der zu schützenden digitalen Intimsphäre existiert in der Praxis nicht. Der Richtervorbehalt kann schon insofern nicht vor einem Eingriff in den privaten Kernbereich schützen, als die Daten unmittelbar aus diesem Bereich der digitalen Intimsphäre erhoben werden.\nDas heißt, daß dieses Programm mehr tun kann, als im Rahmen einer fragwürdigen Quellen-Telekommunikationsüberwachung erlaubt ist - und daß die Behörden diese weitergehenden Funktionen auch benutzt haben.\nDas Landgericht Landshut hat am 25. Januar 2011 (PDF) klargestellt, daß dies rechtswidrig ist. Dennoch hat das Land Bayern im vollen Wissen dieser Rechtswidrigkeit im Jahr 2011 genau diese Software in 12 weiteren Fällen eingesetzt .\nEine Bitmap mit Zeichen, nach AES-ECB Verschlüsselung (Was siehst Du hier? Erläuterungen )\nDie Untersuchung des CCC zeigt auch, daß die eingesetzte Software nicht nur rechtlich mangelhaft aufgestellt ist, sondern auch nach den Kriterien der Informatik schwere handwerkliche Mängel aufweist:\nDer Kommandokanal, mit dem Steuerbefehle an die Software gesendet werden kann, ist weder verschlüsselt noch authentisiert (Ja, es gibt nicht mal ein Klartext-Login - jedes Kommando, das irgendwer an diese Software sendet kann, wird ungeprüft ausgeführt). Der Rückkanal mit den ausgelesenen Daten ist mangelhaft verschlüsselt - es wird AES (ein im Grunde guter Algorithmus) im ECB-Modus (eine hirntote Betriebsart diese Verfahrens) verwendet. Warum das eine schlechte Idee ist, erläutert dieser Artikel über dmcrypt sehr elegant und anschaulich, indem Bitmaps mit Buchstaben verschlüsselt werden - dadurch wird auch in der verschlüsselten Datei noch enthaltene Restinformation gut sichtbar gemacht. Noch dazu wird jeder von dem Spionageprozeß befallene Prozeß mit Privilegien ausgestattet, sodaß das ohne Paßwort gesicherte Abhör-Einfallstor zu einer echten Gefahr für die Systemsicherheit wird. Wie kann es zu so einem Fiasko kommen? Und dann noch ausgerechnet ausgehend in Bayern - das bayrische LKA ist doch angeblich so umfassend IT-kompetent und technisch in Deutschland im Bereich Internet-Ermittlungen führend!\nDie Antwort gibt die Regierungspressekonferenz vom 12. Oktober : Das bayrische LKA ist führend in dem Sinne, daß unter den Blinden der Einäugige König ist.\nDie Sprecher des Finanzministeriums und des Innenministeriums mussten in der Bundespressekonferenz Rede und Antwort zum Skandal um den Staatstrojaner stehen. [\u0026hellip;]\nFrage: [\u0026hellip;] Existiert in den Bundesbehörden eigentlich die Expertise, solche Software selber herzustellen oder, wenn sie in Auftrag gegeben und eingekauft wurde, dann auch zu kontrollieren und zu wissen, was diese Software kann oder nicht kann?\nTeschke: Ich kann zu dem einen Teil Ihrer Frage, nämlich zum Test, etwas sagen: Diese Software wird jeweils für die Maßnahme speziell konfiguriert und wird dann getestet, ob sie nur das kann, was vorgesehen ist. Das kann ich dazu sagen. Sie wird eingekauft. Es besteht also zunächst einmal im Haus selber kein Know-how.\n[\u0026hellip;]\nFrage: Wenn Sie hausintern in der Lage sind, aus den vorhandenen Softwareblöcken etwas zu machen, was \u0026ldquo;tailor-made\u0026rdquo; genau nur für diesen Fall passt, und wenn Sie auch in der Lage sind, zu überprüfen, dass alles andere nicht geht, dann müssen Sie doch das Fachwissen für diese Trojaner im Haus haben. Die Darstellung widerspricht sich meiner Meinung nach. Sie haben gerade gesagt, die Expertise für solche Trojaner sei im Haus nicht vorhanden.\nTeschke: Die Expertise, ein gesamtes Programm zu programmieren, ist nicht vorhanden. Deswegen kaufen wir sie ein. Deswegen haben wir ein Basispaket, wo wir sagen: Du musst das können, und du musst das können. Das wird getestet. Das wird im Beisein der jeweiligen Behörden getestet. Man fragt: Kann das Programm das, was wir erwarten? Dann macht es das. Dieser Test wird uns vorgelegt. Dann gehen wir davon aus, dass die Software das kann. Das ist die eine Sicherheitsmaßnahme.\n[\u0026hellip;]\nZusatzfrage: Das heißt, dass Sie, was die Möglichkeiten eines Trojaners oder eines Programms angeht ? Sie sagen: Das wird uns dann gezeigt ?, auf das Expertenwissen der Macher angewiesen sind und dass Sie zweitens nicht das Programm in Gänze verstehen, sondern nur die Konfektionierung und Ihnen die anwendbaren Teile so gezeigt werden, dass es geht.\nTeschke: Ja.\nMit anderen Worten: Bayern kauft da Sachen von einer Privatfirma ein, guckt sich das dann von außen an, und glaubt, daß diese Software, die in die absolute Intimsphäre eines Bürgers eindringen kann, genau das und nur das tut, was die Herstellerfirma behauptet, ohne im mindesten zu verstehen, was diese Software tut, wie sie das tut, und welche Nebenwirkungen sie hat.\nGenau genommen hat man noch nicht einmal genug Fachwissen , um sich vorstellen zu können, welche Nebenwirkungen und Komplikationen es geben könnte oder warum das ein Problem ist.\nNun ist Gottvertrauen ja eine sehr bayrische Sache, aber in dieser Angelegenheit nachweislich weder opportun noch ausreichend.\nDer \u0026ldquo;Bundestrojaner\u0026rdquo; und die \u0026ldquo;Quellen-Telekommunikationsüberwachung\u0026rdquo; sind nun trotz dieses systemweiten Versagens von Politik und Technik noch immer nicht am Ende. Wer die Phönix-Runde zum Thema gesehen hat, der versteht, daß die einschlägig bekannten innenpolitischen Scharfmacher dies eher als Signal zum Aufbruch sehen und diesmal rechtliche Nägel mit Köpfen machen wollen, und wenn sie dazu die Verfassung niederreißen müssen (Nichtpiratischer Lichtblick: Peter Altmaier , der schon bei Anne Will unerwartet positiv auffiel).\nHalten wir also einmal inne, und überlegen uns, wie ein Bundestrojaner 2011 denn wohl aussehen könnte, wenn man ihn \u0026lsquo;richtig\u0026rsquo; machen wollte. Wie sind die Ausgangsbedingungen?\nIn 2011 hat ein Ziel-Subjekt wahrscheinlich einen Rechner mit einer 64-Bit Variante von Windows, bald sogar ein 64 Bit-Windows mit UEFI . Ein solcher Rechner startet im Secure Boot und führt danach auf Systemebene nur signierte Betriebssystem-Komponenten aus. Seine Platte ist verschlüsselt. Um in ein solches System einzudringen braucht man entweder eine ganze Menge technisches Knowhow, das das Wissenslevel der Behörden offensichtlich übersteigt (siehe oben), oder man braucht die Kooperation des Systemherstellers.\nAndere Bedarfsträger sind diesen Weg schon vor langer Zeit gegangen (inklusive Dementi!). Es wird jedoch bei einigem Nachdenken relativ schnell klar, daß dieses Verfahren auf verschiedene Weise nicht skaliert:\nDer Hersteller hat ein Interesse daran, daß die Verfahren zur Herstellung von Systemsicherheit in seinem Betriebssystem funktionsfähig und leistungsfähig sind. Wären sie es nicht, könnte sein System nicht in sicherheitskritischen Umgebungen eingesetzt werden. Wenn man die Systemsicherheit eines so geschützten Systems also kompromittieren will, dann wird man das aller Wahrscheinlichkeit nach nicht ad-hoc tun können (denn das wäre eine ausnutzbare Schwäche), sondern über eine ab Werk eingebaute Hintertür tun müssen. Dann handelt es sich nicht um eine beliebig ausnutzbare Schwäche, sondern um einen kontrollierten, geheimen Systemzugang, eine Hintertür eben. Eine Hintertür ist aber bei weitem nicht genug, denn es wollen eine Menge Bedarfsträger auf das System, und sie wollen auf das System, ohne daß der Hersteller oder andere Bedarfsträger im Einzelfall wissen, bei wem sie wann aus welchen Gründen auf das System wollen. Die Hintertür kann also nicht durch den Hersteller im Einzelfall verwaltet werden. Es ist auch nicht kontrollierbar, welche Zivilperson welche nationale oder regionale Version eines Systems einsetzt, daher müßten alle Hintertüren in allen Versionen des Systems immer vorhanden sein. Fat Chance, haha. Im Endeffekt bekäme man also etwas, das in der Sicherheit und Organisation dem SSL-Signatursystem sehr vergleichbar wäre, und dessen Sicherheit für keinen der Bedarfsträger akzeptabel ist. Damit sind wir dann wieder bei Null, beziehungsweise landen dann hier .\nOder wir nehmen eine Umgebung an, die weiterhin so leicht kompromittierbar ist wie existierende Systeme, und auf denen sich neben der Software irgendwelcher Bedarfsträger auch weiterhin Spyware, Keylogger und andere Zusatzprogramme der organisierten Kriminalität tummeln. Der Unterschied zwischen denen und der Software meiner Regierung ist ja offensichtlich nur die Zieladresse, an der die Daten abgeliefert werden und die Qualität der Implementierung - jedem Spyware-Schreiber wäre das Digitask-Ding mehr als peinlich.\nWie dem auch sei: Nachdem sich unsere Bundes- und Landeskriminalämter, Zoll, BND und Politik jetzt erst einmal global blamiert haben, fängt der interessante Teil der Entwicklung gerade erst an. Denn auf der einen Seite wollen wir, daß \u0026lsquo;die Guten\u0026rsquo; sichere und unkompromittierbare Systeme haben. Auf der anderen Seite wollen ein Haufen Bedarfsträger die Systeme von \u0026lsquo;den Bösen\u0026rsquo; zuverlässig und ohne viel Aufwand und Aufsehen kompromittieren können. Und leider sind die Definitionen von Gut und Böse je nach Standpunkt und Aufgabe austauschbar und Rollen überlappen sich.\nParty Time, Excellent!!! Inhaber von Popcornaktien können jedenfalls gestärkt in die Zukunft blicken.\n","date":"2011-10-15T00:00:00Z","href":"https://blog.koehntopp.info/2011/10/15/der-trojaner-nach-dem-trojaner.html","tags":["computer","politik","security","lang_de"],"title":"Der Trojaner nach dem Trojaner"},{"categories":null,"content":"Das da ist Dennis Ritchie , dmr .\nDennis Ritchie schrieb zusammen mit Ken Thompson und vielen anderen Menschen in den späten 60er und den 70er Jahren die ersten Versionen des Unix-Betriebssystems, von dem viele der Systeme, die wir heute einsetzen, direkt abstammen oder substantiell beeinflußt wurden. Zusammen mit Brian Kernighan entwarf er die Programmiersprache C. Ritchie schrieb auch die Dokumentation zu diesen Systemen, und jeder Informatikstudent auf diesem Planeten hat seine Bücher \u0026lsquo;The C Programming Language\u0026rsquo; und eine Version des \u0026lsquo;Unix Programmers Manual\u0026rsquo; lesen müssen - sie sind noch heute im Druck.\n1983 bekam Ritchie für seine Arbeiten den Turing-Award , quasi den Nobelpreis für Informatiker.\nEs ist absolut unmöglich, mit Computern zu arbeiten und mit den Arbeiten und den Ideen von Dennis Ritchie nicht an jedem einzelnen Tag in direkten Kontakt zu kommen.\nDennis Ritchie starb am 12. Oktober 2011. Seine Arbeit ist unsterblich.\n","date":"2011-10-13T00:00:00Z","href":"https://blog.koehntopp.info/2011/10/13/dennis-ritchie-sep-1941-okt-2011.html","tags":["c","computer","unix","lang_de"],"title":"Dennis Ritchie (Sep 1941-Okt 2011)"},{"categories":null,"content":"Das Thema Staatstrojaner (damals noch: Bundestrojaner) begleitet uns hier im Blog schon seit fünf Jahren. Hier eine kleine Artikelsammlung zum Thema. Artikel, die auch verwandte Themen streifen (VDS, etc), sind weitestgehend ausgeklammert - bis auf den letzten Artikel in der Liste, der einen wichtigen Rundumschlag und Anknüpfungspunkt darstellt.\nEnde 2006: Bundestrojaner - der chronologisch erste Artikel zu diesem Thema. Er schließt mit \u0026lsquo;Auf dem nächsten CCC wird das sicherlich dokumentiert\u0026rsquo;. Es hat dann noch ein paar Jahre länger dauern sollen, aber das war nicht der Verschulden des CCC.\nAnfang 2007: Der Bundestrojaner durchdekliniert - ein Grundlagenartikel, der die notwendigen Anforderungen bei der Beweissicherung (gemäß den Richtlinien zur erfolgreichen Sicherung von EDV-Beweismitteln) der Funktionsweise des Bundestrojaners entgegenstellt und zeigt, daß das Konzept eines \u0026lsquo;Trojaners\u0026rsquo; zur Sammlung gerichtsverwertbarer Beweise prinzipbedingt nicht umsetzbar ist.\nDer Artikel hat ein ziemliches Echo erzeugt, und eine Reihe von Folgeartikeln hier im Blog generiert.\nAnfang 2007: Das generelle Mißverständnis beim Bundestrojaner - insbesondere gab es damals auch eine große Menge Medienanfragen, die mehr Material und Soundbites haben wollten. Nachdem sich die Politik beratungsresistent zeigte, schloß ich den Wortwechsel mit einem Kontakt mit den Worten: \u0026ldquo;Das ist ein Terror-Thema. Das bedeutet, man muss diese Leute erst mal machen und sie auf das Maul fallen lassen. Weil aus deren Sicht ist das alles engineered, beherrschbar und ein Fortschritt. So wie bei den Wahlmaschinen. Oder bei Atomkraftwerken. :) Da muss immer erst eines explodieren.\u0026rdquo; Oh, ja.\nBundestrojaner, Sina-Boxen und Mailüberwachung - damals gab es in der Diskussion eine Verwirrung um den Aufgabenbereich und die Funktionsweise der SINA-Boxen, die bei vielen Providern installiert werden mußten. Der Artikel stellt das klar, und macht transparent, wie das Abhören von Mailboxen technisch vereinheitlicht und gesichert worden ist. Das SINA-Zeugs ist von der Spezifikation und der Umsetzung projekttechnisch in etwa das Gegenteil von der aktuellen Umsetzung des Bundestrojaners.\nMan beachte auch den Kommentar dort:\nDanke für diese knappe und präzise Zusammenfassung, die ich lediglich um einen Punkt ergänzen möchte: Nach den Aussagen unserer Kunden sind die Zahlen der Überwachungsmaßnahmen stark steigend. Angesichts der Tatsache, dass bei VoIP im Rahmen der Übergangsregelung nur die Signalisierung ausgeleitet werden muss, sind die berechtigten Stellen zur Zeit scheinbar ziemlich scharf auf die entsprechenden Umsetzungen der Anschlussüberwachung für Internetzugänge, die seit der TR TKÜ 5.0 vom Dezember 2006 angesagt sind.\nLeider kann ich diese Aussagen aus verständlichen Gründen weder statistisch belegen noch Quellen dafür angeben. Ich gebe also lediglich meine persönlichen Eindrücke aus Gesprächen wider\u0026hellip;\n\u0026ldquo;Leider kann ich diese Aussagen aus verständlichen Gründen weder statistisch belegen noch Quellen dafür angeben.\u0026rdquo; \u0026ldquo;Und das, glaube ich, ist derzeit der zentrale Bug an der Sache. Es würde der öffentlichen Diskussion hier sehr gut tun, wenn sie mit ein wenig mehr Fakten und Offenheit geführt würde - ein anständiger Staat hat schließlich nichts zu verstecken und braucht auch nichts zu befürchten.\u0026rdquo; Das beleuchtet einen der zentralen Fehler in der ganzen Bundestrojaner-Geschichte.\nErst mal die Verfassung brechen\u0026hellip; - Ausschnitte aus einem Interview mit Thomas de Maizière gegenüber Deutschlandradio. Money Quote: \u0026ldquo;Das muss man probieren, wie weit man gehen kann. Und dann ist jeder eingeladen, eine Verfassungsbeschwerde einzulegen, und dann wird Karlsruhe darüber zu entscheiden haben.\u0026rdquo; Das hat Karlsruhe dann getan, und die Politik und die Exekutive haben das gemeinschaftlich ignoriert.\nBundestrojaner im Handelsblatt - Das Handelsblatt interviewt Thomas Michael Menk, Leiter Konzernsicherheit Daimler-Chrysler, vormals im Bundesministerium des Innern und im Bundesamt für Verfassungsschutz tätig. Die Soundbites sind entsprechend, aber seine Minimalanforderung \u0026ldquo;Es müssen jedoch zielgerichtete Eingriffe gegen potenzielle terroristische Straftäter sein, bei denen die rechtsstaatlichen Grenzen genau definiert sind\u0026rdquo; hat man dann doch noch leicht unterschreiten können.\nUnfälle mit dem Bundestrojaner - Verweis auf einen Bericht des Deutschlandfunk, der dokumentiert, daß behördlichem Blödsinn beim Umgang mit Überwachungssoftware keine Grenzen gesetzt sind. \u0026ldquo;In einem Fall ist der Schädling nach etwa zwei Wochen bemerkt worden, weil er im Ernst versucht hat, 120GB hochzuschießen, im zweiten Fall ist der Schädling sofort bemerkt worden und durch ein Programm ersetzt worden, das statt Daten blöden Scheiß geuppt hat.\u0026rdquo;\nMitte bis Ende 2007: Mehr Online-Durchsuchungs-Nebelkerzen - \u0026ldquo;Mal sehen, ob ich das richtig geparsed bekomme, was Ziercke da erzählt: Er möchte in einer missionskritischen Anwendung in einer Gefahrensituation unter Zeitdruck eine ungetestete Software in einer Situation einsetzen, in der er das Zielsystem nicht vollständig kontrollieren kann.\u0026rdquo; Nein, am Ende hat man nicht Encase eingekauft, sondern was eigenes zusammengestümpert. Und dabei nicht die Ressourcen des Bundes genutzt (weil die sich geweigert haben, so was zu machen - das sollte einem zu denken geben), sondern vorbestrafte Amateure in der Privatwirtschaft zeugst schreiben lassen, den man dann von inkompetenten Nichtprogrammierern nicht hat reviewen lassen.\nBundestrojaner in den Tagesthemen - Tagesthemen-Bericht über den Prozeß zum Thema Bundestrojaner vor dem Bundesverfassungsgericht, Auftritt des CCC.\nAnfang 2008: Warum Hacker sich als Bürgerrechtler verstehen - die Rolle und Mission des CCC.\nAnfang 2009: Mehr Bundestrojaner - mehr Nebelkerzen von Ziercke, BKA.\nMitte 2009: gulli: Bundestrojaner: ein Programmierer erzählt - Ein Interview mit einem Mitarbeiter der Schweizer ERA IT Solutions, der an den Projekten Mini- und Megapanzer mitgearbeitet hatte.\nAnfang 2010: Grundrechtsfusion und ein Grundrecht auf Netzneutralität - ein weiterer Artikel von mir, der recht weite Kreise gezogen hat.\nWir haben nun einen offenen gesellschaftlichen Konflikt um die Ausübung unserer Meinungs- und Informationsfreiheit im Internet. Der Konflikt ergibt sich aus dem Wegfall von Mittlern bei der Produktion, Verbreitung und Vernetzung von Personen und Dokumenten. Denn bisher hat jede Form von gesellschaftlier Regulierung von Diskursen und Kommunikation immer an den Mittlern statt an den Sendern und Empfängern angesetzt.\nDas ist genau der Kernpunkt der Diskussion um den Staatstrojaner, die wir hier erleben. Der Staat, seiner regulativen Mittel auf dem Weg zwischen Sender und Empfänger verlustig gehend, versucht nun, beim Sender- und Empfängersystem direkt anzusetzen. Dagegen ist zunächst einmal nichts zu sagen - der Ansatz ist notwendigerweise der einzige, der in irgendeiner Weise Erfolg versprechend ist. Aber nicht nur wird er technisch stümperhaft ausgeführt, sondern er erfolgt auch ohne eine offene und transparente gesellschaftliche Diskussion mit einer einhergehenden Rechtsdefinition und -findung.\nDer Staat, der so vorgeht, greift die Grundlage seiner Existenz und Legitimation an. Er zerstört sich selber.\n","date":"2011-10-11T00:00:00Z","href":"https://blog.koehntopp.info/2011/10/11/artikelsammlung-staatstrojaner.html","tags":["politik","security","lang_de"],"title":"Artikelsammlung \"Staatstrojaner\""},{"categories":null,"content":"Wer dies und dies gelesen hat, versteht mehr.\nInnoDB ist eine Storage Engine, die mit Hilfe von MVCC Transaktionen implementiert. Transaktionen zu implementieren bedeutet, daß man in der Lage ist, mehrere Änderungen zusammenzufassen und als eine Einheit als gültig zu markieren oder zurück zu nehmen. Damit das Ganze trotzdem schnell ist, muß man ein wenig herumtricksen.\nAngenommen, wir wollen eine Spalte in einer Zeile in der Tabelle t ändern:\nUPDATE t SET x=17 WHERE id=3 Dann muß InnoDB das zunächst einmal in eine Zeilennummer in einer Speicherseite übersetzen: InnoDB speichert Daten in Seiten von 16 KB (Defaultgröße) ab, und macht allen I/O in Richtung Tablespace immer nur in ganzen Seiten. In unserem Beispiel bedeutet das also, daß wir die Seite p lokalisieren müssen, in der die ID=3 der Tabelle t gespeichert ist, und diese ganze Seite in den Speicher laden.\nLaden der benötigen Seite in den Speicher. Aufbau der Transaktion im Log Buffer und Ändern der Seite im Speicher.\nInnoDB lädt die Seite also aus dem Tablespace-File in den InnoDB Buffer Pool, und baut im Speicher die Transaktion auf. Dazu wird im Log Buffer die Transaktion gebastelt und parallel dazu die Speicherseite im InnoDB Buffer Pool angepaßt. Die alte Version der betroffenen Zeile wird außerdem in das Undo-Log verschoben (dies ist nicht mit eingezeichnet, weil es in diesem Text nicht darum gehen soll). Die geänderte Speicherseite im RAM wird nicht zurück geschrieben - der Inhalt der Seite im RAM und auf der Platte divergieren, die Seite ist DIRTY (hier: rot markiert).\nBeim COMMIT wird der Log Buffer in das Redo-Log geschrieben. Es besteht eine Verknüpfung zwischen der geänderten Speicherseite und der Transaktion im Redo-Log.\nBeim COMMIT wird der Log Buffer ins Redo-Log geschrieben. Die geänderte Speicherseite (rot: DIRTY) wird immer noch nicht zurück geschrieben.\nHätten wir stattdessen ein ROLLBACK durchgeführt, hätte InnoDB die alte Version der Zeile aus dem Undo-Log geprökelt und die Änderung zurück genommen - es wäre niemals zu einem Schreibzugriff im Redo-Log gekommen, und die DIRTY Page im Speicher wäre wieder CLEAN.\nZwischen dem Eintrag im Redo-Log und der als DIRTY markierten Speicherseite besteht eine Verbindung, denn irgendwann einmal muß die Seite ja doch geschrieben werden. InnoDB versucht das aber so gut es geht zu verzögern: Schreiben in das Redo-Log ist viel schneller als Schreiben in den Tablespace.\nZum einen werden im Redo-Log nur die Änderungen notiert, nicht ganze Speicherseiten. Daher ist das Volumen der Daten im Redo-Log pro Transaktion meistens kleiner als das Volumen der als DIRTY markierten Pages.\nUnd anderen ist es so, daß das Redo-Log ungefähr das Erste ist, was eine neue MySQL-Instanz bei der Inbetriebnahme als Dateien anlegt. Die Dateien sind also, wenn man alles richtig gemacht hat, in einem leeren oder fast leeren Dateisystem angelegt worden und nur sehr wenig fragmentiert. Da sie als Ringpuffer benutzt werden und niemals neu angelegt werden, bleibt diese Eigenschaft stabil über die Lebensdauer der Datenbank erhalten.\nSchließlich ist es so, daß die Daten in InnoDB ja in der Reihenfolge der Primärschlüsselwerte abgespeichert werden. Wählt man diesen geschickt, dann ist es so, daß häufig zusammen angesprochene Daten auch physikalisch zusammen auf derselben InnoDB Speicherseite stehen. In diesem Fall ist es wahrscheinlich, daß eine bereits als DIRTY markierte Page noch ein weiteres Mal in naher Zukunft geändert wird. Hätte man die Änderung bereits zurück geschrieben, wäre die Seite wieder CLEAN und würde gleich wieder als DIRTY markiert werden, um dann wiederum neu geschrieben werden zu müssen.\nDas Schreiben ins Redo-Log sichert also die Minimalmenge an Daten in einer Datei, die für lineares Schreiben optimiert ist, und verkleinert die zu schreibende Datenmenge, indem uns ermöglicht wird, das Zurückschreiben von ganzen Speicherseiten zu verzögern und Änderungen zu aggregieren, ohne die D-Eigenschaft (Durability) von ACID zu verlieren.\nBeim Checkpoint werden aus den ältesten Redo-Log einträgen Speicherseiten bestimmt, die zurück geschrieben werden.\nIrgendwann einmal müssen wir aber auch Speicherseiten zurück schreiben. InnoDB guckt sich dabei die ältesten Einträge im Redo-Log an und sucht die von diesen Einträgen referenzierten Speicherseiten. Sobald eine gewisse Menge (1MB, 64 Seiten) an Seiten gefunden ist, werden diese in den Tablespace zurück geschrieben. Dies bezeichnet man als Checkpoint.\nDer Checkpoint setzt also DIRTY Pages auf CLEAN und gibt zugleich wieder Speicher im Redo-Log der Datenbank frei.\nDabei schreibt InnoDB Speicherseiten in zwei Schritten zurück: Eine einzelne Seite (16 KB) ist größer als ein Plattenblock. Wenn also das System mitten beim Schreiben einer Seite stehen bleibt, könnte es vorkommen, daß eine Seite zur Hälfte auf dem neuen und zur Hälfte auf dem alten Stand ist. InnoDB verhindert das, indem ein Satz von 64 Speicherseiten zunächt einmal in den Doublewrite-Buffer (nicht eingezeichnet) geschrieben wird, das Redo-Log als frei markiert wird und dann dieselben Seiten erst an Ort und Stelle geschrieben werden.\nBei einem Crash mitten im Schreiben in den Doublewrite-Buffer ist nichts verloren: Das System kann die ungeänderten Seiten aus dem Tablespace angeln, das Redo-Log anwenden, um diese im Speicher auf den neuen Stand zu patchen und dann ganz normal checkpointen.\nBei einem Crash mittem im Schreiben in den Tablespace ist ebenfalls nichts verloren: Das System fischt die neuen Versionen der Pages aus dem Doublewrite-Buffer und kopiert diese an die richtigen Stellen im Tablespace um.\nDrucksituationen Die Datenbank führt normalerweise einen Checkpoint aus, wenn sie sich langweilt: Ist InnoDB einige Zeit idle, wird irgendein Thread im System sich des Redo-Logs annehmen und die DIRTY Pages der Reihe nach lustig weg-checkpointen. Nach einer gewissen Zeit hat man 0 Redo-Log und 0 DIRTY Pages.\nAnteil des genutzten Redo-Log in einem MySQL 5.1 mit InnoDB-Plugin.\nWenn das fragliche System jedoch sehr beschäftigt ist und über eine längere Zeit eine kontinuierliche Schreiblast sieht, dann kann es passieren, daß gar nicht genug Idle-Zeiten vorhanden sind, um über diesen Prozeß Daten weg zu checkpointen. Im Bild oben sieht man eine InnoDB-Instanz mit Schreiblast und einem viel zu kleinen ib_logfile{0,1} von nur 2 x 128 MB. Nach einer Nachtpause wird das System wieder aktiv und bekommt genug Schreiblast, um im Redo-Log eine Art Backlog aufzubauen. Ab kurz nach 8 Uhr morgens ist die Last so groß, daß das genutzte Redo-Log fest auf ca. 50% Nutzung steht und das System kontinuierlich gezwungen ist, Daten nach hinten raus zu checkpointen.\nMenge der DIRTY-Pages derselben Maschine.\nIn einem anderen Graphen sieht man die Menge der DIRTY-Pages derselben Maschine - die Gesamtgröße des innodb_buffer_pool dieser Box ist 40 GB, der Anteil der Dirty-Pages ist also auch zu Spitzenzeiten kaum höher als 5%. Da das Redo-Log jedoch vergleichsweise klein ist, geht von dort ausreichend Schreibdruck aus, um Checkpoints zu erzwingen.\nEs ist auch erkennbar, daß die Größen von Redo-Log und DIRTY-Pages nicht eng gekoppelt miteinander korrellieren: Zählt man in einer Schleife immer wieder denselben Zähler hoch (\u0026ldquo;UPDATE x SET z=z+1 WHERE id=1\u0026rdquo;), dann erzeugt man jede Menge Redo-Log, aber arbeitet immer auf derselben einen DIRTY Page rum. Andererseits kann man eine ID zufällig auswählen und dann nur ein einziges Bit in dieser Zeile ändern - dies würde eine zufällige, ganze 16 KB Page als DIRTY markieren, aber kaum Redo-Log erzeugen.\nCheckpoint Blues Checkpointing bei InnoDB korrekt hin zu bekommen ist frustrierend schwierig: Die Größe des Logfiles ist bei InnoDB mehr oder weniger unveränderlich über die Lebensdauer der Installation. Andererseits möchte man das Checkpointen so lange als möglich herauszögern, damit man keine unnötige Schreiblast erzeugt (gerade geschriebene Pages werden durch weitere Änderungen wieder als DIRTY markiert).\nDer Checkpointing-Algorithmus von InnoDB spielt also 17+4: Zögert er zu lange, läuft das Redo-Log voll, oder es sind keine Seiten im Buffer Pool mehr vorhanden, die nicht als DIRTY markiert sind. Dann muß das System einen Checkpoint erzwingen und hält alle Schreibzugriffe notgedrungen an, bis wieder Platz vorhanden ist. Das will man um jeden Preis vermeiden. Checkpointed der Algorithmus aber zu aggressiv, kommt es zu einer erhöhten Schreiblast im Plattensubsystem und die Datenbank kann nicht mit maximaler Performance schreiben.\nDer perfekte Algorithmus müßte in die Zukunft schauen können: Er könnte anhand des noch vorhandenen Platzes, der Schreibkapazität der Spindeln und der kommenden Schreiblast maximal spät mit dem Schreiben anfangen.\nDas ist offensichtlich unmöglich, und nicht perfekte Algorithmen verhalten sich im Benchmark etwa wie dieses MySQL 5.5 :\nIn einer Maschine mit einem großen Buffer Pool (72G) und einem großen Logfile (3.8G) kommt es immer wieder zu Schreibstürmen, während derer die Datenbank mit dem Checkpointen so beschäftigt ist, daß sie keine oder kaum noch Kommandos ausführt - im Beispiel schafft es der Tester, die Datenbank wiederholt für Perioden von 4 Minuten lahm zu legen.\nZum Vergleich: Postgres Postgres hat dasselbe Problem zu lösen: Auch hier haben wir eine Datenbank mit MVCC, die Transaktionen loggt und als DIRTY markierte Pages im Speicher zu halten versucht. Drei Dinge sind grundsätzlich anders:\nZum Ersten hat Postgres kein Undo-Log: Alte und neue Versionen einer Zeile stehen in der Tabelle selbst. Diese \u0026ldquo;versandet\u0026rdquo; im Laufe der Zeit immer mehr, d.h. alte Versionen einer bestimmten Zeile blähen die Tabelle auf ein mehrfaches der minimal notwendigen Größe auf, im Index und in den Daten. Postgres kompaktiert Tabellen durch einen im Hintergrund laufenden Prozeß namen Vacuum, der alle Tabellen reihum durchgeht und veraltete Daten löscht.\nZum Zweiten hat Postgres keinen ausdrücklichen Doublewrite-Buffer. Stattdessen wird im Redo-Log (Postgres nennt es WAL: Write-Ahead-Log) eine Mixtur von ganzen Seiten und geänderten Zeilen abgelegt. Wenn eine Page vom Zustand CLEAN in den Zustand DIRTY wechselt, dann schreibt Postgres die ganze, bei Postgres nur 8 KB große Seite ins WAL. Wenn eine DIRTY Page weiter geändert wird, dann wird, wie bei InnoDB auch, nur die Änderungsinformation für die Zeile ins WAL geschrieben.\nStirbt Postgres im Checkpoint beim Schreiben eines Blocks im Tablespace, dann kann die alte Version des Blocks aus dem WAL gepult werden und mit den weiteren, ebenfalls dort geloggten Änderungen auf Stand gebracht werden.\nUnd zum Dritten ist das WAL bei Postgres nicht in seiner Größe begrenzt, sondern wird als fortlaufende Folge von numerierten WAL-Files analog zum MySQL-Binlog geschrieben. Unter Druck kann es wie bei InnoDB vorkommen, daß die Datenbank mit dem Checkpointen von DIRTY-Pages nicht hinterher kommt - der Anteil an WAL-Files, der in einer Recovery nach eine Crash benötigt werden würde, wächst so immer weiter über alle Grenzen hinaus.\nAber dafür kann es nicht vorkommen, daß die Datenbank die Ausführung von Kommandos verzögern muß, um Platz in ihren Logs zu schaffen - im Falle eines Crashes gibt es jedoch keine obere Grenze für die Recovery-Zeit, und für die WAL-Dateien gibt es keine Fragmentierungs-Garantien (das läßt sich durch das Führen der WAL-Dateien in einem separaten Dateisystem aber unter Kontrolle bringen).\nDie Checkpointing-Strategien von Postgres und InnoDB arbeiten also unter grundsätzlich anderen Vorraussetzungen und sind nicht leicht vergleichbar.\n","date":"2011-09-19T00:00:00Z","href":"https://blog.koehntopp.info/2011/09/19/checkpoint-blues.html","tags":["database","innodb","mysql","postgres","lang_de"],"title":"Checkpoint Blues"},{"categories":null,"content":"Heise Newsticker titelt \u0026ldquo;Google Analytics ist amtlich datenschutzkonform\u0026rdquo;:\nDer Streit um datenschutzrechtliche Bedenken zu Googles Web-Analysedienst Analytics scheint beendet zu sein. Nach Angaben des Hamburgischen Datenschutzbeauftragten Johannes Caspar, der für Google zuständig zeichnet, ist für deutsche Webseitenbetreiber ein \u0026ldquo;beanstandungsfreier Betrieb von Google Analytics ab sofort möglich\u0026rdquo;.\nIn diesem Fall war es der hamburgische Datenschutzbeauftragte Johannes Caspar, der sich im September 2009 über Google Analytics echauffierte.\nGoogle Analytics ist ein Trackingdienst, der in etwa genau dasselbe macht wie ein [IVW Zählpixel]({* link _posts/2011-08-10-ivw-jetzt-datenschutzkonform-updated.md %}), die auch von hamburg.de eingesetzt werden - hamburg.de hatte die Web-Präsenz von Caspar gehosted (Wir erinnern uns: Caspar mußte seine Web-Präsenz erst einmal offline nehmen, als das herauskam).\nCaspars Kritik an Google Analytics zog sich unter anderem daran hoch, daß die Verarbeitung der Daten durch Google außerhalb von Deutschland oder Europa erfolgte. Wie schon in dem Artikel über die IVW Zählpixel erwähnt, versteifen sich die Datenschützer außerdem auf die IP-Adresse als personenbezogenes Datum (der Artikel und C is for Cookie erklären wieso das einerseits Unsinn und andererseits Datenschutztheater ist).\nNach 2 Jahren härtester Verhandlungen ist das Ergebnis wie folgt: Google Analytics ist auch in Deutschland legal.\nCaspars Erfolge:\nDas Google-Analytics Opt-Out, das vorher schon für alle wichtigen Browser verfügbar war, ist nun auch für Randgruppenbrowser zu haben. Das letzte Byte der IP-Adresse kann (und muß für Anbieter mit Geschäftssitz in Hamburg!) maskiert werden. Naturgemäß wird die IP-Adresse vollständig zu Google übertragen (Datenpakete müssen schließlich irgendwo ankommen), aber Google hat auf Drängen von Caspar zugesagt, diese Adreßverkürzung auf Servern durchzuführen, die sich physikalisch in Europa befinden (witzlos!?! ). Damit dem deutschen Recht genüge getan wird, müssen alle Anwender von Google Analytics einen 11-seitigen Vertrag zur Auftragsdatenverarbeitung mit Google Deutschland schließen. Außerdem müssen Anwender, die Google Analytics auf ihrer Site einsetzen, in ihren Datenschutzerklärungen darauf hinweisen.\nSoweit der Theaterdonner des Datenschutztheaters.\nWas ändert sich praktisch nach 2 Jahren härtester Verhandlungen?\nEin Haufen Papier wird in die ABC-Straße in Hamburg geschickt werden. Anwender von GA müssen ihre bisherigen Google Analytics Statistiken löschen lassen, weil sie ja böse und illegal sind (nicht, daß man da personenbezogene Daten raus extrahieren könnte, das ist alles ja aggregiert - aber die sind ja ohne Vertrag und unter Verwendung naturbelassener verstrahlter Voll-IPs generiert worden). Eine Zeile JS wird in den GA-Aufruf eingefügt, um die IP-Adreßmaskierung anzufordern. Damit sendet das böse Google Analytics endlich nicht mehr meine IP-Adresse direkt zu amerikanischen Servern, sondern Bedarfsträger müssen auf die europäischen Google-Server zugreifen, um an die Daten zu kommen. Und Google muß auf andere, wirksamere und stabilere Identifikationsmerkmale als IP-Adressen zurückgreifen, um Browser zu identifizieren (Google Login-Cookie, UTMA oder User-Agent).\nZur Perspektive: Unterdessen ist es weiterhin vollkommen Datenschutz-konform , daß die amerikanische Regierung meine innerdeutschen Überweisungen von in Europa betriebenen Bankrechnern abschnorchelt.\nDanke, Johannes Caspar, für diesen wesentlichen Beitrag zur Rettung der Welt.\n","date":"2011-09-15T00:00:00Z","href":"https://blog.koehntopp.info/2011/09/15/datenschutztheater-google-analytics-ist-amtlich-datenschutzkonform.html","tags":["privacy","google","spackeria","terror","lang_de"],"title":"Datenschutztheater: Google Analytics ist amtlich datenschutzkonform "},{"categories":null,"content":"Jürgen Geuter erklärt bei der Spackeria den Begriff Datenschutztheater , der nach dem Security Theater von Schneier modelliert ist:\nDatenschutztheater bezeichnet eine Massnahme oder eine Sammlung von Massnahmen, die den gefühlten Schutz von Daten verbessern ohne dabei die Daten funktional vor Ge- oder Missbrauch zu schützen.\nSchauen wir uns das Stück einmal an\nGolem schreibt:\nGoogle schafft für Besitzer von WLAN-Access-Points weltweit die Möglichkeit, einer Nutzung der WLAN-Daten ihres Geräts im Rahmen von Googles ortsbezogenen Diensten zu widersprechen. Das Unternehmen folgt damit den Forderungen europäischer Datenschützer.\nWas ist passiert? Das habe ich in einem älteren Artikel bereits einmal in lang erklärt, auch wie es dazu kommen konnte .\nDie Zusammenfassung des Sachverhaltes ist:\nGoogle hat mit den Streetview-Autos nicht nur Fotos der Straßen und Hausfassaden aufgenommen (so wie das Microsoft derzeit für Bing Streetside ebenfalls macht), sondern auch die Position der Wagen mit den an dieser Position sichtbaren WLAN-Kennungen verknüpft.\nDasselbe passiert auch laufend bei jeder Verwendung eines Android-, iPhone- oder Windows7-Telefons:\nDas Telefon schaut, ob es genaue Positionsdaten über GPS bekommen kann. Das kann es, wenn GPS eingeschaltet ist. In diesem Fall - und nur in diesem Fall - macht es Sinn, auch auf das Wi-Fi zu gucken, wenn man das kann, und die Feldstärken, MAC-Adressen und ESSID-Kennungen der sichtbaren WLAN-Stationen aufzuzeichnen. Das funktioniert, wenn Wi-Fi angeschaltet ist, und es funktioniert bei verschlüsselten und unverschlüsselten WLANs, da die Beacon-Pakete immer unverschlüsselt gesendet werden. Wenn Schritt 1 und Schritt 2 erfolgreich sind, dann lädt das Telefon irgendwann einmal ein Datenpaket mit der Verknüpfung GPS-Position zu sichtbaren WLAN-Netzen zum Telefon-Hersteller hoch, also je nach Telefon zu Google, Apple oder Microsoft. Der Vorgang ist bei allen diesen Smartphone-Herstellern genau identisch. Jeder dieser Anbieter verwendet diese Daten, um Positionskarten zu erzeugen, in denen berechnet wird, welche WLAN-Netze von welcher Position aus sichtbar sind. Genau genommen wird die umgedrehte Funktionalität gebraucht: Aus der Information, welche WLANs sichtbar sind, kann man die Position des Telefons bestimmen. Dies ist schneller als GPS zu verwenden, das eine Startzeit von 80 Sekunden (reines GPS) oder gut 10 Sekunden (Assisted GPS) hat.\nGoogle verwendet die WLANs also nicht, um darüber Daten zu übertragen - das geht auch nicht, wenn das WLAN verschlüsselt ist. Google verbreitet auch nicht die WLAN oder die Position des WLANs an Dritte. Es benutzt lediglich die Tatsache, daß jemand ein bestimmtes WLAN mit seinem Telefon sehen kann, um dieser Person zu sagen, wo sie sich vermutlich befindet.\nDatenschutztheater? Google schafft für Besitzer von WLAN-Access-Points weltweit die Möglichkeit, einer Nutzung der WLAN-Daten ihres Geräts im Rahmen von Googles ortsbezogenen Diensten zu widersprechen. Das Unternehmen folgt damit den Forderungen europäischer Datenschützer.\nVerschiedene europäische Datenschützer haben nun gefordert, daß für die Betreiber eines WLAN die Möglichkeit eines Opt-Out besteht.\nÄh. Ja.\nWas soll das genau bedeuten?\nEs kann nicht bedeuten, daß der Benutzer eines Telefons das WLAN nicht mehr sieht - der Betreiber des WLAN betreibt einen Sender, und dieser Sender verbreitet alle paar Millisekunden die Kennung des WLANs sowie die Hardware-Adresse des Access Points unverschlüsselt so weit die Leistung dieses Senders reicht. Das muß der Sender tun, damit man auf seinem Laptop oder Handy das Netzwerk sieht, und man es anklicken kann, um sich mit ihm zu verbinden.\nWenn man nicht möchte, daß ein WLAN für Dritte sichtbar ist, kann man das Netz auf \u0026lsquo;verborgen\u0026rsquo; (hidden ESSID) konfigurieren. in diesem Fall werden immer noch Beacon-Frames gesendet (das muß so), aber in diesen ist der Netzwerkname (die ESSID) nicht mehr enthalten. Man verliert so jedoch die Fähigkeit, sich durch Anklicken seinem eigenen Netz zu verbinden und muß die Verbindung zum Netz auf jedem Rechner manuell einrichten.\nWas soll das also stattdessen genau bedeuten?\nEs kann nicht bedeuten, daß ein Android-, Apple- oder Windos7-Telefon die ESSID im Zusammenhang mit einer Position nicht mehr erfaßt und zu Google, Apple oder Microsoft überträgt. Das Telefon kann nicht eine Liste mit allen relevanten Opt-Outs speichern und diese Erfassung und Übertragung unterdrücken. Die Daten werden also in jedem Fall zum Anbieter hochgeladen und dann dort entsprechend der Opt-Out Einstellung weiter verarbeitet.\nWas soll das also stattdessen genau bedeuten?\nEs kann nicht bedeuten, daß ein Android-, Apple- oder Windows7-Telefon die Verarbeitungsschritte 1-3 oben nicht mehr durchführt. Dafür existiert auf allen diesen Telefon bereits ein Knopf, und der befindet sich direkt unter der Kontrolle des Telefon-Besitzers, nicht unter der Kontrolle des WLAN-Betreibers.\nWas soll das also stattdessen genau bedeuten?\nWir haben also die folgende Situation: Jemand betreibt ein WLAN. Dieses WLAN brüllt alle paar Millisekunden den Namen des WLAN im Klartext in die Landschaft (außer, man schaltet das ab, und nimmt den damit verbundenen Komfortverlust in Kauf).\nJemand anders geht da mit einem WLAN-Empfänger (dem Smartphone) vorbei, der auch GPS-Daten erfaßt. Diese zweite Person verknüpft Position mit sichtbaren ESSIDs und lädt diese zum Hersteller des Telefons rauf (es sei denn, diese Person hat den Upload abgeschaltet).\nDie Daten landen jetzt beim Hersteller des Smartphones und gemäß Opt-Out schmeißt er einige dieser (ESSID, Position)-Paare weg, und andere tut er in seine Datenbank.\nDas ist die Funktion des Opt-Out, und es ist seine einzige Funktion.\nEine dritte Person wandert zu einem späteren Zeitpunkt da lang. Das Smartphone dieser Person erfaßt alle sichtbaren ESSIDs (auch die mit Opt-Out) und lädt diese Liste zum Hersteller des Smartphones hoch. Der Hersteller des Smartphones findet die ESSIDs ohne Opt-Out in seiner Datenbank und liest die GPS-Positionen dieser WLANs ab. Die ESSIDs mit Opt-Out findet er natürlich nicht. Der Telefonhersteller rät auf der Grundlage dieser Daten eine Position für das Telefon (mit Genauigkeitsradius) und schickt zur anfragenden Person runter.\nWas soll das also stattdessen genau bedeuten?\nDie Privatsphäre einer Person war zu keiner Zeit bedroht, auch ohne Opt-Out nicht:\nEinige Leute haben Sender am Laufen, die den Namen des Senders über alle Grundstücksgrenzen in die Pampa brüllen. Andere Leute haben die Positionen dieser Sender erfaßt so gut es geht. Noch wieder andere Leute haben sich verlaufen und bekommen auf der Grundlage dieser Daten schneller gesagt wo sie sind, als wenn sie GPS verwenden (ohne weiteres Einhelfen hat GPS eine Startzeit von 80 Sekunden).\nMit Opt-Out fehlen Daten, die Genauigkeitskreise bei der Positionsbestimmung werden ein wenig größer. Geholfen hat sich mit dem Opt-Out niemand.\nWieso fordern Datenschützer also diese Opt-Out Möglichkeit?\nDatenschutztheater bezeichnet eine Massnahme oder eine Sammlung von Massnahmen, die den gefühlten Schutz von Daten verbessern ohne dabei die Daten funktional vor Ge- oder Missbrauch zu schützen.\nDiese Definition haben wir hier exemplarisch einmal erfüllt gesehen.\n","date":"2011-09-14T00:00:00Z","href":"https://blog.koehntopp.info/2011/09/14/datenschutztheater-opt-out-f-r-wlan-access-points.html","tags":["privacy","politik","privacy","spackeria","lang_de"],"title":"Datenschutztheater: Opt-Out für WLAN Access Points"},{"categories":null,"content":"Ich las gerade über den Streit um den Like-Button bei Heise und dachte zurück an die erste Sommerakademie \u0026ldquo;Datenschutz in Europa\u0026rdquo; im Kieler Landeshaus. Bei Datenschutzzentrum.de findet man in der Tat eine Chronik und offenbar war diese Veranstaltung am 29. August 1994, also vor ziemlich genau 17 Jahren.\nDamals stand ich mit Terra in der Eingangshalle des Kieler Landeshauses. Wir hatten ein Modem dort stehen und ein Terminalprogramm am Laufen. Auf dem Terminal waren wir auf einer Maschine in den USA eingeloggt, die personenbezogene Daten von Deutschen verarbeitete: diese Kiste hatte also ein wirklich langes Tastaturkabel. Die Platten des US-Rechners waren über NFS aus einer weiteren, anderen Jurisdiktion gemountet - die Kiste hatte also auch ein wirklich langes Plattenkabel.\nWir haben damals bei den Abgeordneten und Datenschützern, die uns über die Schultern schauten, eine ganze Menge \u0026ldquo;404\u0026rdquo;-Gesichter erzeugt - \u0026ldquo;Was machen die da? Wieso ist das ein Problem? Und wenn es ein Problem ist, was zum Teufel können wir da machen?\u0026rdquo;\nDas ist im Grunde genau die Situation, die wir jetzt beim Facebook Like-Button, bei jedem eingebundenen Youtube-Video und natürlich auch bei jeder Dropbox haben.\n17 Jahre Processing Time sind allerdings auch für eine Juristen-CPU eine ganze Menge Latenz. Zeit für ein Upgrade? Oder müssen wir unsere Rechtsprechung auch beim Datenschutz in die Cloud verlegen? Beim Copyright ist das ja quasi schon passiert .\n","date":"2011-09-13T00:00:00Z","href":"https://blog.koehntopp.info/2011/09/13/ein-verpasstes-jubilaeum.html","tags":["damals","privacy","politik","lang_de"],"title":"Ein verpaßtes Jubiläum"},{"categories":null,"content":"MongoDB 2.0 ist draußen, und implementiert eine Reihe interessanter neuer Dinge, die ich anderswo gerne hätte, insbesondere im Bereich Replica Sets .\nPostgres hat das Release 9.1 draußen. Die versprochene synchrone Replikation ist jetzt verfügbar, sie ist grob vergleichbar mit der Semisynchronen Replikation in MySQL 5.5. Ein wesentlicher Unterschied ist, daß man bei Postgres einzelne, bestimmte Server als synchrone Slaves benennen kann, während MySQL nur garantiert, daß es mindestens einen (wechselnden) Slave gibt, der synchron repliziert hat. Die Postgres-Lösung ist einfacher als Teil eines Failover-Systems zu scripten, die MySQL-Lösung ist im Betrieb flexibler und potentiell schneller.\nPostgres 9.1 implementiert Create Server und Create Foreign Table , das ist so eine Art Gegenstück zu FEDERATED in \u0026rsquo;nicht kaputt'.\nMit per-column collation support wird Postgres jetzt endlich ein wenig flexibler als in vorherigen Versionen, in denen man Zeichensatz und Collation bei der Erstellung einer Datenbank-Instanz global festlegen mußte. Noch immer ist man bei der Wahl des Zeichensatzes eingeschränkt: Bei der Erstellung der Instanz wird ein Systemzeichensatz festgelegt, der dann pro Datenbank überschrieben (und später nicht mehr leicht geändert) werden kann. Da Postgres hinsichtlich der Verwendung von UTF8 weniger Einschränkungen unterliegt als MySQL (Indexlänge, hirntot implementierte MEMORY Tables) ist das weniger ein Problem als man vermuten mag: Man verwende einfach immer utf8 und wähle die Collation nun endlich nach Bedarf per Column.\nPostgres 9.1 definiert nun ebenfalls einen Transaction Isolation Level Serializable , aber die genauen Definitionen von Transaction Isolation Levels variieren sowieso von Implementation zu Implementation ein wenig, sodaß diese nicht wirklich zwischen z.B. MySQL und Postgres vergleichbar sind (Dazu kommt, daß man vermutlich etwas falsch macht, wenn man in MySQL SERIALIZABLE tatsächlich benötigt.\nVersion 9.1 unterstützt nun die Option UNLOGGED bei CREATE TABLE. Dies bewirkt, daß Änderungen an einer Tabelle nicht in das Postgres WA-Log geschrieben werden. Die genauen Auswirkungen sind aus der Sicht eines MySQL-Entwicklers schwer zu beschreiben, da sich die Datenbanken hier zu sehr unterscheiden, als daß die Terminologie sinnvoll transferierbar wären: Eine UNLOGGED Table kann immer noch ein Rollback durchführen, da Postgres alte Versionen einer Row nicht in einem Undo-Log vorhält, sondern als Bestandteil der Tabelle speichert. Es ist also nicht so, daß eine solche Tabelle mit einer MyISAM-Tabelle vergleichbar wäre.\nEine UNLOGGED Table wird jedoch automatisch geleert, wenn die Datenbank abstürzt oder hart angehalten wird - das ist notwendig, da das WAL bei Postgres auch Funktionen wahrnimmt, die in MySQL etwa der Doublewrite-Buffer übernimmt und so nicht garantiert werden kann, in welchem Zustand die Daten sind, wenn die Datenbank beim Checkpointen einer Page in einer unlogged Table stehen bleibt.\nDa kein WAL geschrieben wird, werden UNLOGGED Tables auch nicht repliziert. Es ist also ein wenig so wie eine Tabelle, für die SQL_LOG_BIN = 0 definiert ist, und für die kein Redo/Undo-Log geschrieben wird, und die sich bei Crashes verhält wie eine Memory-Tabelle, aber andererseits lockt die Tabelle immer noch vergleichbar InnoDB, und kann auch noch ein Rollback ausführen.\nEine besonders schöne Sache in 9.1 sind Common Table Expressions in DML . Eine Common Table Expression (CTE, \u0026lsquo;WITH\u0026rsquo;) kann man sich wie eine temporäre Tabelle vorstellen, die Daten zwischen mehreren Statements sharen kann, mit RECURSIVE bekommt man damit auch Zeigerbäume in SQL sauber implementiert. Seit 9.1 kann man eine CTE auch als Datenverschiebe-Statement verwenden:\nWITH transferme AS ( DELETE FROM active WHERE \u0026#34;date\u0026#34;\u0026lt; 2011-09-01 RETURNING * ) INSERT INTO inactive SELECT * FROM transferme Dies definiert eine temporäre Tabelle transferme als die Daten, die von dem Delete-Statement aus active gelöscht werden. Diese werden dann in die Tabelle inactive eingefügt.\nAußerdem gibt es mehr SELinux-Support und Python als Stored Procedure Language.\n","date":"2011-09-13T00:00:00Z","href":"https://blog.koehntopp.info/2011/09/13/neue-releases-im-datenbankland.html","tags":["database","mongodb","mysql","postgres","lang_de"],"title":"Neue Releases im Datenbankland"},{"categories":null,"content":"Im März 2003 begann die Firma, die mal Caldera hieß und sich in SCO Group umbenannte, IBM auf eine Fantasiesumme von Schadenersatz zu verklagen, weil Ex-Caldera sich im Besitz des Unix-Copyrights wähnte und der Auffassung war, daß IBM im Rahmen seiner Linux-Initiative Ex-Caldera geraubmordkopiert hätte. Sich mit den Anwälten von IBM anzulegen ist eine unglaublich gute Idee, die der Idee, einen Feldzug in Rußland im Winter zu führen, in nichts nachsteht. So bekam Ex-Caldera dann auch bald bescheinigt: Linux enthält keinen original Unix-Quellcode, SCO-Caldera hatte ihr IP unter der GPL freigegeben und hat so keinen Grund zu klagen und das Copyright am Original-Unix System V liegt übrigens nicht bei Euch, liebes Ex-Caldera, sondern bei Novell.\nHeute, 8 Jahre später , geht die Akte endgültig zu. Endlich ist dieser Zombie tot.\nBester Seiteneffekt der ganzen Aktion: Groklaw - Tausende von Geeks lernen (amerikanisches) Recht, und Armeen von verteilten Beweisfindern dokumentieren diesen Prozeß im Detail, suchen Dokumente in alten Papierstapeln, und finden Fehler und Schwachstellen in den Argumentationen von Ex-Caldera. Die Firma muß feststellen, daß IBMs Anwälte, bei aller Drohkraft, nicht der eigentliche Endgegner sind: Es ist das Netz selber, die Masse der Geeks, die sich da mobilisiert und gegenhält.\nNach dem Ende des SCO-Prozesses definiert sich Groklaw mit neuer Belegschaft um: Themen sind nun Oracle vs. Google, Patenttrolle wie Lodsys und ähnliche Themen. An Prozessen herrscht ja seit zehn Jahren im IT-Umfeld kein Mangel.\n","date":"2011-08-31T00:00:00Z","href":"https://blog.koehntopp.info/2011/08/31/acht-jahre-sco-proze.html","tags":["copyright","free software","unix","lang_de"],"title":"Acht Jahre SCO-Prozeß"},{"categories":null,"content":"Nachtrag zu Jugendmediendoom :\nDoom und Doom II vom Index gestrichen . Mit Wirkung von heute sind Doom und Doom II nicht mehr jugendgefährdend. Die Begründung liegt als PDF vor.\nDie Zusammenfassung lautet: Es liegt an den Pixeln, äh, der Entscheidung liegt \u0026ldquo;die technische Weiterentwicklung von Spielen [zugrunde], in deren Folge die Darstellungen der beiden Shooter-Klassiker heute nicht mehr als realistisch anzusehen sind.\u0026rdquo;\nDiese wunderbaren Dokumente der Zeitgeschichte sind nun frei ab 16 Jahren.\n","date":"2011-08-31T00:00:00Z","href":"https://blog.koehntopp.info/2011/08/31/doom-und-doom-ii-nicht-mehr-jugendgef-hrdend.html","tags":["jugendschutz","media","politik","lang_de"],"title":"Doom und Doom II nicht mehr jugendgefährdend"},{"categories":null,"content":"Auf dem Heiseticker findet man die Mitteilung Hamburger Datenschutzbeauftragter: Reichweitenmessung der IVW ist datenschutzkonform .\nDie Geschichte begann mit dem hamburgischen Datenschutzbeauftragten Caspar, der mit nicht wenig Schaum vor dem Mund gegen Google Analytics wetterte, zugleich aber in seiner eigenen Präsentation IVW Zählpixel hatte. Als das raus kam, hielt Caspar schnell den Mund und schaltete seine Webpräsenz ab. Nun heißt es:\nDiese Woche meldeten die Beteiligten in einer Pressemeldung nun eine Einigung hinsichtlich einer datenschutzkonformen Nutzung des Meßsystems. Man habe dadurch \u0026ldquo;datenschutzrechtliche Verbesserungen mit bundesweiter Bedeutung\u0026rdquo; erreicht und die im Januar gemachten Zusagen umgesetzt, loben sich die Beteiligten in ihrer Meldung.\nKonkret heißt das: Die IP-Adresse, die das IVW-Teil speichert, wird um das letzte Byte verkürzt. Es werden also Gruppen von 256 IP-Nummern zusammen abgerechnet. Außerdem gibt es jetzt eine Opt-Out Möglichkeit . Abgerundet soll das ganze durch Vertragsänderungen zwischen der IVW-Betreibergesellschaft und der nutzenden Website.\nDas Ergebnis ist weitgehend witzlos, wie man sich leicht überlegen kann, wenn man C is for Cookie gelesen und verstanden hat - Caspar hat gar nichts bewirkt.\nDas Zählsystem der IVW beruht nur am Rande auf IP-Adressen: Es gibt eine ganze Reihe von Benutzern, die auf das Web durch Proxies zugreifen, und die IVW will nun gerade solche Benutzer trennen können, die dieselbe IP-Adresse haben, aber mehr als eine Person repräsentieren. Andererseits gibt es Benutzer, deren IP-Nummer auf zwei aufeinander folgenden Zugriffen wechselt (etwa Benutzer sehr großer Proxies, oder DSL-Benutzer nach einer Zwangstrennung), und die IVW will solche Benutzer auch nach einem solchen Adreßwechsel weiter als dieselbe Person tracken können.\nDer deutsche Datenschutz versteift sich auf die IP-Adresse als personenbezogenes Datum, aber die ist in Bezug auf Tracking eigentlich eher witzlos - Cookies und Supercookies sind die Methode der Wahl.\nAuch die IVW arbeitet mit Cookies, genau genommen mit einem Cookie i00, der für die Domain *.ivwbox.de mit einer Lebensdauer von einem Jahr gesetzt wird. Dieser Cookie bekommt eine eindeutige Kennung, mit der ein User von allen anderen Usern unterscheidbar wird (siehe auch C is for Cookie und suche nach i00).\nDas Ziel der IVW ist erklärtermaßen, Page Impressions auf der Site eines Anbieters zu zählen. Die IVW, die jetzt angeblich datenschutzkonform arbeitet, erhebt jedoch viel mehr Daten, die für diesen Zweck gar nicht notwendig sind:\nDer Cookie wird für einen viel zu langen Zeitraum gesetzt (wieso nicht als Session-Cookie, der beim Stop des Browsers gelöscht wird, oder mit der Laufzeit \u0026ldquo;1 Tag\u0026rdquo;?). Der Cookie wird für die Domain *.ivwbox.de gesetzt, und jeder IVW-Nutzer arbeitet unter dieser Domain - webdessl.ivwbox.de und zeit.ivwbox.de zum Beispiel bekommen beide dieselbe Kennung für denselben Browser/User zu sehen. Das Opt-Out setzt ein Cookie. Es ist also an einen Browser gebunden - man muß für jeden seiner Browser neu opt-outen, und das Opt-Out erlischt, sollte man jemals seine Cookies verlieren oder löschen. Genau genommen wird gar kein Opt-Out implementiert, sondern die o.a. opt-out Site setzt den i00-Cookie für *.ivwbox.de auf einen festen Wert, 0000000000000000cafe. Das heißt, es wird immer noch gezählt, aber alle User, die opt-out gemacht haben, werden nun zusammen unter derselben ID gebucht. Wenn es also nur Einer alleine macht, bewirkt das genau gar nix. Das Zählpixel überträgt noch viel mehr Informationen, da es ja im Kontext der Seite des IVW-Kunden geladen wird. Insbesondere wird vom Zählpixel auch ein Referer übermittelt, also die URL der Seite, in der das Pixel enthalten ist. Wenn diese Seite Parameter hat, also das Resultat eines METHOD=\u0026lsquo;GET\u0026rsquo; Formulars ist, dann werden alle diese möglicherweise personenbeziehbaren Daten über den Referer auch an die IVW geleaked. Zusammenfassend kann man sagen, daß die Maßnahmen von Caspar so wie sie vom Heise Newsticker berichtet werden, das Problem genau gar nicht adressieren und die Situation keinen Fatz verbessern: Noch immer erfaßt IVW Daten, die für den Zweck der Ermittlung von PI nicht benötigt werden und daß über Kunden-Domaingrenzen hinweg (Cookie für *.ivwbox.de).\nMan fragt sich, ob es beim Hamburgischen Datenschutzbeauftragten nur noch Juristen und keine Techniker mehr gibt, und ob er nicht vielleicht mal bei seinen Nachbarn im Norden nachfragen will, von denen ich weiß, daß sie solche Sachen besser im Griff haben.\nUpdate: Bei Herrn Stadler greift man diesen Artikel auf:\nIVW Tracking Tool doch nicht datenschutzkonform .\nIch fragte dort in den Kommentaren:\nIch habe da noch ein paar weitere Fragen. Wenn ich irgendwo was kaufe, dann muß ich da ja oftmals zwei Mal unterschreiben – einmal in den Vertrag einwilligen, und dann noch mal Extra das Datenschutzblabla unterzeichnen, weil das nicht Bestandteil der AGB sein darf und eine gesonderte Einwilligung braucht.\nDas ist also tierisch wichtig und so.\nWieso kann eine Website, die IVW nutzt, das implizit tun, also ohne gesonderte ausdrückliche Willenserklärung von mir, wenn das zum Beispiel auf jedem Kassenzettel nicht geht und stattdessen jetzt zwei Unterschriften von mir braucht?\nOder im Fall der IVW sogar mit einem Default-Opt-In und einem optionalen Opt-Out, also genau anders rum als auf jedem Kassenzettel?\nUnd im Fall der IVW mit einem volatilen Opt-Out (als Cookie) pro Browser pro Rechner, den ich habe? Ich meine, sollte ich nicht einmal eine Willenserklärung auf das Opt-Out abgeben (Ich dachte, ich müßte gesondert unterschreiben?) und dann ist das deren Problem, mich wiederzuerkennen und sich an unsere Abmachungen zu halten?\nThomas Stadler antwortet mir:\nDie Frage ist äußerst berechtigt. Die erste Frage, die man hier stellen muss lautet aber, ob das IVW-Tool personenbezogene Daten erhebt. Wenn ja, dann geht es so nicht.\nIch erweiterte meine Ausführungen mit:\n@2: \u0026ldquo;Die erste Frage, die man hier stellen muss lautet aber, ob das IVW-Tool personenbezogene Daten erhebt. Wenn ja, dann geht es so nicht.\u0026rdquo;\nDie Frage ist doch irgendwie schon beantwortet, denke ich.\nEs sind die Datenschützer, speziell die in Hamburg, die sich über IP-Adressen aufgeregt haben, also der Ansicht sind, daß das personenbezogene oder personenbeziehbare Informationen sind. Speziell die Hamburger Datenschützer halten das für gefährlich und verboten genug, um deswegen Pressemittelungen raus zu hauen, gegen Leute vorzugehen und ihre eigene Präsenz abschalten.\nIVW-Cookies (die i00-Cookies) kleben aber noch viel besser an \u0026ldquo;einer Person\u0026rdquo; als es IP-Adressen jemals tun.\nIP-Adressen wechseln für viele Kunden jeden Tag, durch die Zwangstrennung. Kunden, die durch einen großen Proxy (mit mehr als 30.000 bis 40.000 konkurrenten Nutzern) surfen bekommen außerdem unterschiedliche IP-Nummern bei aufeinanderfolgenden Requests, weil der Proxy mehrere Exit-Adressen hat (AOL, Telekom machen es so). Andererseits sind IP-Adressen von Kunden, die hinter Firmenfirewalls oder solchen Proxies sitzen, nicht trennscharf: Viele Kunden treten unter derselben IP-Adresse auf.\nDer i00-Cookie dagegen wird per Browser vergeben und hat eine Lebensdauer von einem Jahr: Die IVW/INFOnline oder wer auch immer verwendet diesen Cookie ja genau deswegen, weil er besser trennt als IP-Adressen, weil er also besser personenbeziehbar ist.\nUnd wie die IP-Adresse auch wird der i00-Cookie nicht pro Site vergeben, sondern für alle *.ivwbox.de-Domains gemeinsam gesetzt. Das heißt, man schlägt auf zeit.ivwbox.de mit demselben i00-Cookie auf wie auf webdessl.ivwbox.de, die Daten können technisch zusammengeführt werden und es können Bewegungsprofile erstellt werden.\nFür den angegebenen Verwendungszweck der IVW, das Zählen von PI, ist das vollkommen unnötig, wie auch die Lebensdauer von einem Jahr für diesen Zweck vollkommen übertrieben ist (30 Minuten würden reichen). Es sind die gierigen Finger der AGOF, die hier mehr Daten haben wollen, aber das ist ein ganz anderer Anwendungszweck.\nDas heißt rein logisch: Wenn eine IP-Adresse schon böse, verboten oder anonymisierungspflichtig ist, weil die potentiell bei einigen Nutzern personenbeziehbar ist, dann muß ein i00-Cookie das noch mehr sein, oder die ganze Argumentation fällt nach den Gesetzen der Logik als inkonsistent und inkonsequent in sich zusammen.\nJetzt Zusammenfassung von Ip-Adressen durch Löschung des letzten Bytes zu /24 zu feiern, aber weiter mit i00-Cookies zu arbeiten ist schlicht inkompetent, wenn es aus Versehen passiert ist. Oder verlogen, falls es Absicht war.\n","date":"2011-08-10T00:00:00Z","href":"https://blog.koehntopp.info/2011/08/10/ivw-jetzt-datenschutzkonform-updated.html","tags":["cookie","privacy","identity","security","lang_de"],"title":"IVW jetzt \"datenschutzkonform\" (Updated)"},{"categories":null,"content":"Drüben bei Securosis arbeitet man die Black Hat 2011 unter dem Titel NoSQL and No Security auf. Es geht um die Beobachtung, daß die meisten NoSQL-Datenbanken nicht nur keinerlei Authentication haben (hat jemand so verstrahltes Zeugs schon mal in einer PCI Zone deployed?), sondern außerdem viele von ihnen auch anfällig für Server-Side JavaScript Injection (SSJI) sind.\nDas soll heißen, daß die Abfragesprache der Wahl bei vielen dieser Dinge Javascript ist, daß im Datenbankserver interpretiert wird. Gelingt es im Rahmen einer Query Javascript in die Datenbank-Abfrage zu injezieren, kann man auf der Datenbank frei Code ausführen. Das ist die Fortsetzung von XSS (Injektion von Javascript in den Browser/Client) mit anderen Mitteln (Injektion von Code in den Datenbankserver - SSIJ) und in Node.js .\nDer Tod dieser Geschichten ist meistens Serialisierung von Datenstrukturen als ausführbarer Javascript-Code (JSON) und dann die tatsächliche Ausführung von solchem Code ohne ausreichende Sicherheitsprüfung - also ganz klassisch eine Art eval(), der remote Killswitch jeder Interpretersprache (Ich kenne mich damit aus, ich bin eben dieses Vergehens schuldig ).\nDie Frage ist: Wieso bauen Leute solche Systeme in 2011? Die Sorte Fehler riecht doch eher nach 1998!\n","date":"2011-08-10T00:00:00Z","href":"https://blog.koehntopp.info/2011/08/10/nosql-and-no-security.html","tags":["database","security","lang_de"],"title":"NoSQL and No Security "},{"categories":null,"content":"Der Spiegel entdeckt: Verräterische Firewire-Verbindung: Kauf-Software knackt Mac-Passwörter . In dem Artikel geht es um die Entdeckung, daß Firewire ein Busprotokoll ist, das DMA erlaubt.\nDMA ist ein Kürzel, das für Direct Memory Access steht. Normalerweise ist Computerperipherie über die CPU an den Rechner angebunden: Wenn eine Eingabe oder eine Ausgabe zu machen ist, dann schaufelt einer der Kerne des Rechners ein Byte aus einem speziellen I/O-Register oder einer magischen Speicheradresse, die statt mit einem RAM-Baustein mit einem I/O-Baustein verbunden ist, in die CPU und von der CPU dann an die Zieladresse - die wiederum entweder eine normale Speicheradresse oder wiederum eine magische Ein-/Ausgabeleitung ist.\nModerne CPUs haben eine Einbaukomponente, die Memory Management Unit . Das war früher mal ein extra Baustein, ist aber vor 20 Jahren oder so mit in die CPU integriert worden. Die MMU hat die Aufgabe, die Speicher- und I/O-Zugriffe eines jeden Prozesses zu kontrollieren und zu verhindern, daß ein Benutzerprozeß auf privilegierten Speicher zugreift oder auf Speicher anderer Prozesse. Die MMU implementiert also die Sicherheit in modernen Betriebssystemen.\nJeder Speicher- und I/O-Zugriff wird von der MMU überwacht.\nWie man sich aus der Beschreibung von DMA leicht überlegen kann, umgeht DMA die MMU komplett: Das I/O-Gerät wird nicht von der CPU abgefragt, sondern es meldet sich auf denselben Adreßleitungen (dem \u0026ldquo;Bus\u0026rdquo;), auf dem auch die CPU liegt an und greift dann selber wie eine zweite CPU auf diesen Bus und alle darauf liegenden Geräte zu - also auch auf allen Speicher. Da es selber wie eine CPU agiert, umgeht es die eigentliche CPU des Systems und damit auch die darin liegende MMU.\nFirewire ist ein Bus, der DMA-Geräte erlaubt. Darum ist er lange Zeit schneller als USB gewesen und Firewire-Geräte haben außerdem das System weniger ausgebremst als USB-Geräte: Die Firewire-Devices mußten sich halt nicht von der CPU byteweise die Daten füttern lassen, sondern haben stattdessen parallel zur CPU ihre Daten ins System gebulldozert.\nWenn man also am Firewire-Port von Rechner a keine normale Festplatte anschließt, sondern etwa einen zweiten Rechner b, dann kann dessen CPU ein beliebiges Programm auf Rechner b ausführen, das auf beliebige Bytes von Rechner a lesend oder schreibend zugreift.\nDMA ist ein Mechanismus, der anderen Geräten an CPU und MMU vorbei Speicherzugriff erlaubt. Dadurch sind alle Speicherinhalte dem externen Gerät ungeschützt zugänglich.\nIst das überraschend? Nein.\nIst das neu? Nein. Software dafür ist seit 2003 als Open Source zu bekommen.\nIst die Empfehlung aus dem Spiegel-Artikel sinnvoll?\nAllerdings, merkt Passware selbst an, kann man dem Passwortklau mit zwei simplen Maßnahmen einen Riegel vorschieben. Zum einen sollte man die Funktion \u0026ldquo;Automatische Anmeldung\u0026rdquo; im \u0026ldquo;Kontrollfeld Benutzer \u0026amp; Gruppen\u0026rdquo; deaktivieren. Zum anderen sollte man den Computer in Pausen komplett abschalten, statt ihn nur in den Ruhezustand zu versetzen. Dann haben auch gut ausgerüstete Passwortdiebe keine Chance mehr.\nGeht so. Zwar ist es sinnvoll, die automatische Anmeldung zu deaktivieren, um die Systemsicherheit zu erhöhen (alternativ den Bildschirmschoner mit einem Paßwort zu versehen) und auch den Rechner abzuschalten statt suspend zu verwenden.\nAber solange der Rechner läuft ist nicht der Klau des Paßwortes die eigentliche Gefahr. Sondern die Tatsache, daß einem ein wildgewordenen Firewire Device, das man anschließt, jedes beliebige Byte auslesen oder übermalen kann. Mit Paßworten muß sich da keiner aufhalten, wenn man das ganze System ersetzen oder verändern kann.\nSiehe auch hier für andere Zugriffe mit DMA.\n","date":"2011-07-27T00:00:00Z","href":"https://blog.koehntopp.info/2011/07/27/was-ist-eigentlich-firewire-dma.html","tags":["hack","hardware","security","lang_de"],"title":"Was ist eigentlich Firewire DMA?"},{"categories":null,"content":"Die Polizei wird persönlich schreibt die taz, und:\nWie aus einer nun veröffentlichten Antwort des sächsischen Innenministeriums auf eine Kleine Anfrage des Landtagsabgeordneten Henning Homann (SPD) hervorgeht, haben die Ermittlungsbehörden inzwischen in über 40.000 Fällen die Namen, Adressen und Geburtsdaten, also sogenannte Bestandsdaten von Handynutzern ermittelt, die im Februar anlässlich zweier Großdemonstrationen in Dresdens Innenstadt telefoniert haben. Bislang hatte das sächsische Innenministerium lediglich von 460 Fällen gesprochen.\nDie Exekutive in Sachsen läuft offenbar Amok und kennt weder Maß noch interessiert sie sich viel für Regelungen den Einsatz ihrer technischen Mittel betreffend.\nVergleiche 1 , 2 , 3 und auch noch 4 .\n","date":"2011-07-25T00:00:00Z","href":"https://blog.koehntopp.info/2011/07/25/vertrauensverschiss.html","tags":["privacy","politik","lang_de"],"title":"Vertrauensverschiß"},{"categories":null,"content":"Der vielfach unterschätzte Michael Seemann erklärt der Spackeria, warum es sie gibt:\nWarum wir Dinge ins Internet schreiben :\nAber viele fühlen sich von der Optionsvielfalt überfordert oder lassen sie von vornherein links liegen, indem sie sich auf ein Shampoo festlegen. Es scheint fast so, als gäbe es für Shampoosorten ebenfalls eine Art Dunbars Number. \u0026hellip; Wenn jetzt also ein Grenznutzen der Optionsvielfalt zu beobachten ist, ist es auch nach Kellys Formel nicht mehr möglich, die individuelle Freiheit zu erweitern. Aber vielleicht sind ja ähnliche Mechanismen möglich, wie in Social Networks. Bislang verwendete die Wirtschaft die Informationen über uns nur, um die Werbung für uns anzupassen. Aber was ist, wenn sie anfängt die Produkte anzupassen? Ich will mich im Supermarkt nicht damit beschäftigen, was für eine Haarsorte ich habe – trocken, fettig, glänzend, gelockt, spröde, etc. Ich will eigentlich überhaupt nicht in den Supermarkt gehen müssen. “Nehmt euch die Information über mein Haar und stellt mir was anständiges in die Dusche!”\nLiest Du das KarstadtQuelleKaufhofNeckermann? Ja, Du. Dein Katalog, wieso zeigt er mir Schuhe, die mir nicht passen, überhaupt an? Wieso zeigt er mir Schlipse, die mir nicht stehen, überhaupt an? Ich will den Scheiß nicht sehen, den ich nicht brauchen kann, außer ich frage ausdrücklich danach, weil ich gerade ein Geburtstagsgeschenk suche für jemanden, den ich nicht ausstehen kann. Und dann will ich das GoogleFacebookPlaxoProfile von dieser Person importieren und nur noch Dinge sehen, die für diesen Anwendungsfall in Frage kommen.\nLiebe Konzerne, ihr sammelt bei weitem nicht genug Daten über mich. Und die die ihr habt, ihr benutzt sie nicht. Darum geht ihr mir auf den Geist.\nIch glaube schon, dass das die Zukunft ist, egal, was Datenschützer sagen.\nIch bin mir ziemlich sicher, daß der Zukunft egal ist, was die Datenschützer über sie sagen.\nDas gilt ganz besonders für die von Seemann vorhergesagte 4chan-Oper.\n","date":"2011-07-21T00:00:00Z","href":"https://blog.koehntopp.info/2011/07/21/die-query-schl-gt-zur-ck.html","tags":["lang_de"],"title":"Die Query schlägt zurück"},{"categories":null,"content":"Hach.\nIch nehme an, ihr habt sowieso Pagetable im Feedreader. Wenn nein, dann sei Euch The story of FCopy for the C-64 von Thomas Tempelmann ans Herz gelegt. Das waren noch Zeiten\u0026hellip;\nUnd weil wir gerade bei der Nostalgie sind: Die Geschichte von Ethernet bei Wired.\nUpdate: Nachfolge-Artikel .\n","date":"2011-07-17T00:00:00Z","href":"https://blog.koehntopp.info/2011/07/17/fcopy-commodore-64.html","tags":["damals","commodore","lang_de"],"title":"FCopy (Commodore 64)"},{"categories":null,"content":"Google plant die Super-Datenbank schreibt die SZ, Google rückt dem Benutzer noch mal näher schreibt die Zeit und Fefe verlinkt bloß, ohne zu recherchieren . Tarzun hat recherchiert , gelesen und verstanden, und darum brauche ich den Artikel nicht zu schreiben.\nStattdessen bei tarzun lesen, was wirklich passiert ist und mit dem vergleichen, was unsere leistungsgeschützten \u0026ldquo;Qualitätsmedien\u0026rdquo; draus machen.\nUpdate: Zum selben Thema ein Dialog im IRC:\nA hat mal bei einer Firma angerufen. B\u0026gt; Aha?\nA\u0026gt; Die sagten \u0026ldquo;Fuer 50.000 Datensätze echter Personen mit persönlichen Daten 100 EUR\u0026rdquo;. Rechnet man das mal auf Facebooks Profile hoch (750 mio), davon 10% wahrscheinlich Fake, dann wird das plötzlich ganz wenig. Auf jeden Fall sind 1,5 Mio EUR jetzt nicht gerade die Bombe.\nB\u0026gt; Google: \u0026ldquo;Wir verdienen mehr Geld damit, Eure Datensätze zu behalten.\u0026rdquo; meinst Du?\nA\u0026gt; Davon kann man nicht mal die Angestellten bezahlen. Ziehst Du 10% ab, wird\u0026rsquo;s plötzlich ganz uebel. Wobei, nicht /ganz/, aber lachenswert. \u0026ldquo;Nichtmal anderthalb mio, muahahaha\u0026rdquo;.\nA\u0026gt; Ich meine, klar, die koennten das wohl sogar an andere Firmen noch verkaufen. Und damit halt noch einen Vielfachfaktor einbauen. Aber das rentiert /nicht mal dann/.\nB\u0026gt; Laß es 100mio sein und vergleiche das mit Googles Quartalszahlen.\nA\u0026gt; LOL, eben. Da fehlen einfach noch ein paar 0en.\nI\u0026gt; A: Ein Kundenprofil ist so viel Wert wie Du potentiellen Gewinn damit machen kannst, das ist sehr variabel. Aber Umsatz pro kunde bei Amazon ist dreistellig im Mittel, bei den anonymen Amazonikern sogar vierstellig. Da muß man natürlich nun auch auf die Margen sehen, die sind im Einzelhandel eher dünn.\nI\u0026gt; A: Will sagen: 50k echte Personen sind sehr unspezifisch. Aber 50k Kundenrecords von High-Volume Voice Kunden aus der E+ datenbank an, sagen wir T-Mobile verkaufen\u0026hellip; Das ist dann schon sehr substantiell.\nA\u0026gt; ok. ja.\nI\u0026gt; A: Oder halt 50k Kundenrecords von BMW Erstwagenkäufern an Mercedes und Audi.\nB\u0026gt; I: Aber das ist doch ein Deal, den Google genau einmal machen kann, oder?\nI\u0026gt; Ja. Ja, das ist vielen Leuten nicht klar. Gehandelte Unternehmen unterliegen sehr weitgehenden Wirtschafts- und Datenschutzprüfungen, in den USA wie auch hier.\nI\u0026gt; Schon alleine um die Nachhaltigkeit ihres Geschäftsbetriebes sicherzustellen. Also im Sinne von \u0026lsquo;ist der Aktienkurs denn auch gerechtfertigt mit Blick auf die Zukunft\u0026rsquo;. Zudem muß bei Einnahmen ja auch verbucht werden wofür. Die können sich nicht mal so 100 Mio aus dem Arsch ziehen.\nI\u0026gt; Das ist aber ein Artikel, den ich schon ganz lange mal schreiben will und wo ich nie zu gekommen bin, das ist mir einfach zu fachfremd. Also, die rechtliche und wirtschaftliche Seite, ich habe das nur von der Security Engineer/Privacy Watchdog Seite von Innen gesehen. Ich bearbeite das Log hier mal und hau das nach +, warum nicht mal was Kollaboratives versuchen.\n","date":"2011-07-14T00:00:00Z","href":"https://blog.koehntopp.info/2011/07/14/google-verkauft-deine-daten-an-den-teufel.html","tags":["google","internet","advertising","lang_de"],"title":"Google verkauft Deine Daten an den Teufel!"},{"categories":null,"content":"Niemand käme auf die Idee, Gas, Wasser, Scheiße und Strom mit einem Flatrate-Tarif einzukaufen. Andererseits haben wir eine recht gute Vorstellung von den Einheiten und Mengen ,\ndie unser Haushalt dort verbraucht. Meßgeräte, die bei Stromversorgern kostenfrei ausgeliehen werden können, können auch Verbrauch auf einzelne Geräte runterbrechen.\nAndererseits haben wir uns irgendwie abgewöhnt, bei Telefon und Internet zu messen und zu verstehen, was wir da warum tun. Das ist auf viele verschiedene Weisen falsch - im Festnetz wie im Mobilnetz.\nWenn man weiß, wie man ein Gerät nutzt , dann versteht man sich selbst besser und man kann auch besser einkaufen. Und erzeugt langfristig auch Tarife, die im Markt selbst Bestand haben, statt irgendwelche Leute dazu einzuladen, einem die Verbindung zu managen, daß es nur so kracht.\nAlso, Philip Engstrand und ihr anderen Leser hier: Wie viel Traffic macht ihr so im Monat - mit Eurem DSL daheim, Eurem Handy und Eurem Dedi ? Was sind das effektiv für Gigabytepreise, wenn Ihr Eure Flatrate mal auf-dividiert? Hat Eure Flat Trafficlimits, Weitergabeverbote, gesperrte Dienste oder Adressen?\nArt Traffic Heim-DSL 45-60 GB/Monat Handy 3G um die 800 MB/Monat Handy Wi-Fi um die 5 GB/Monat Dedi 3-4 GB/Tag Blogdedi, 2-3 GB/Tag Maildedi ","date":"2011-07-12T00:00:00Z","href":"https://blog.koehntopp.info/2011/07/12/verstehe-dein-netz-besser-deine-flatrate-entm-ndigt-dich.html","tags":["internet","netzneutralität","politik","lang_de"],"title":"Verstehe Dein Netz besser - Deine Flatrate entmündigt Dich!"},{"categories":null,"content":"Als Utility hat man es schon schwer. Man stellt ein Produkt oder eine Dienstleistung als Schüttgut zur Verfügung und kassiert dafür Kleckerbeträge. Die Rechnungsstellung und Zahlungskontrolle ist zum Teil so teuer, daß die Kosten dafür die Einnahmen aus kleineren Rechnungen übersteigen. Das jedenfalls war einer der Gründe, warum Telefon- und Stromfirmen an der Automatisierung dieser Vorgänge interessiert waren und sich zum Beispiel mit der Entwicklung von Betriebssystemen beschäftigt haben.\nWovon jedes Utility träumt: Das Produktschüttgut differenzieren - am Besten sogar real und nicht in einer Pseudodifferenzierung, etwa Gelben Strom . Wie wäre es also, wenn eine Stromfirma Preise unterschiedlich festlegen könnte, je nachdem, was man mit dem gezogenen Strom macht. Kilowattstunden für den Betrieb von Fernsehern und Rechnern zum Beispiel könnte man teurer bepreisen als sagen wir Kilowattstunden zum Kochen oder zur Bereitung von Essen.\nIrrsinn? Noch ja.\nAndererseits ist es genau das, was man am Ende bekommt, wenn man sich nicht darum kümmert, die Netzneutralität zu erhalten. Dann ist eine Kilowattstunde keine Kilowattstunde mehr, sondern eine Fernseh- oder Kochkilowattstunde. Und ein Gigabyte ist kein Gigabyte mehr, sondern ein Videostreaming- oder ein Email-Gigabyte. Verkauft wird uns das als Netzneutralität mit Diensteklassen - Gigabytes erster und zweiter Klasse.\nStatt also das Netz auszubauen und die Kapazitäten dem Bedarf anzupassen bekommen wir ein System, das Unterversorgung monetarisiert. Das ist ja mal eine Schlaue Idee™.\n","date":"2011-07-09T00:00:00Z","href":"https://blog.koehntopp.info/2011/07/09/wenn-eine-kilowattstunde-keine-kilowattstunde-ist-und-ein-gigabyte-kein-gigabyte.html","tags":["internet","netzneutralität","politik","lang_de"],"title":"Wenn eine Kilowattstunde keine Kilowattstunde ist und ein Gigabyte kein Gigabyte"},{"categories":null,"content":" Werte für 2011 linear interpoliert.\nKindle und elektronische Inhalte nicht enthalten. Amazon.com nicht enthalten. Käufe über das Konto meiner Frau nicht enthalten.\n","date":"2011-06-20T00:00:00Z","href":"https://blog.koehntopp.info/2011/06/20/anonyme-amazoniker.html","tags":["internet","lang_de"],"title":"Anonyme Amazoniker"},{"categories":null,"content":"Douglas Hofstadter erwähnt in seinem Megamagicum das Spiel Nomic von Peter Suber (The paradox of self-amendment ).\nBei Nomic geht es darum, die Regeln eines Spiels regelkonform so zu ändern, daß man gewinnt. Das Spiel ist also total selbstbezüglich und es gibt nichts im Spiel außer den Regeln des Spiels selber, das wichtig ist - auch wenn der gerade aktive Regelsatz zu einem Zeitpunkt das möglicherweise verschleiert.\n\u0026ldquo;Nomic\u0026rdquo; ist auch ein failure mode von Diskurs- und Diskussionsystemen.\nDabei geht es den NOMIC-Spielern um zwei Dinge: Zum einen darum, die Regeln der Gemeinschaft so zu verändern, daß ihr Standpunkt oder ihre Gruppe favorisiert wird, und zum anderen durch laufende Metadiskussion konkrete themenbezogene Arbeit lahmzulegen und den Gegner zu zermürben, weil es dieser Gruppe opportun erscheint, den Status Quo beizubehalten und Veränderungen zu verzögern. Oder einfach um den Teilnehmerkreis der Diskussion auf Leute zu verengen, die hauptamtlich Gremienarbeit machen wollen - das kann aus vielerlei Gründen ein politisches Ziel einer Gruppe sein (Siehe auch Meta is murder ).\nTypische Beispiele für diese Art des herbeigeführten Systsemversagens sind Admin-Gruppen im (speziell auch deutschsprachigen) USENET, zunehmend die Piratenpartei und - durchaus absichtlich so konstruiert - die EIDG .\nIn meinem Folienset zum Thema Flames versuche ich zu erklären, was genau der failure mode \u0026ldquo;Flame\u0026rdquo; in einem Onlineforum ist und wie er entsteht. Ich behaupte, daß man eine Onlinekultur erschaffen kann, die Flames verhindert und in konstruktives Verhalten umwandeln kann. In einem offenen System wie dem USENET fehlen repressive Instrumente und man muß ausschließlich positiv und appellativ arbeiten. Das erscheint anfangs mühsam, ist aber eine Form von respektbasierter Kommunikation (im Gegensatz zu angstbasierter Kommunikation), und daher weitaus nachhaltiger.\nIch zeige an zwei Beispielen, de.comp.lang.php und de.rec.spiele.rpg.misc zwei Methoden zur Organisation einer Community. Beide Verfahren basieren auf der Bildung einer FAQ zur Bildung von Erinnerungsvermögen und zur Kondensation eines Satzes von Regeln und Erkenntnissen der Gemeinschaft und damit zur Bildung von Referenzpunkten. Um diese Referenzpunkte herum bilden sich Mechanismen, an denen Neulinge akzeptables Verhalten lernen können und an denen die Gemeinschaft ihre Verhaltensnormen weiterentwickelt.\nAn einem dritten Beispiel de.talk.bizarre zeige ich, wie eine kleine Gruppe mit guter Kommunikation (\u0026ldquo;Der Hohe Rath Der Dreizehn Weisen Vom Feed\u0026rdquo; und \u0026ldquo;Die Allianz Wieder Den Hohen Rath\u0026rdquo; als deren scheinbarer Gegner, in Wahrheit eine zweite Marke des Rathes) und dem Willen zu disruptiver Kommunikation (\u0026ldquo;Online Performance Art\u0026rdquo;) einerseits die Themen eines Diskussionsforums dominieren kann, andererseits lange Zeit mit einer rein oralen Tradition Leute integrieren kann (\u0026ldquo;Wahrheitsfindung ohne Wahrheitsnennung\u0026rdquo;) und wie eine solche Gruppe NOMIC-Spieler in anderen Gruppen durch offensive Mißachtung oder Parodie von etablierten Marken und Prozessen ineffektiv machen kann (\u0026ldquo;Out-of-area Einsätze\u0026rdquo;, Scheitern des rmgroup de.talk.bizarre mit der Begründung \u0026ldquo;Das wollen die doch genau erreichen\u0026rdquo;). Ähnliche Methoden werden in Teilen des aktuellen politischen Diskurses eingesetzt, wenn ein Mißbrauch von Institutionen festgestellt wird (Apfelfront , Storch Heinar , aber auch Die PARTEI ).\nDiese dritte Methode funktioniert gegen NOMIC-Spieler, weil sie die Versuche der NOMIC-Spieler, Zeit und Aufwand zu binden und Spaß aufzufressen ignoriert, die Zermürbung also negiert, und die Bemühungen der betreffenden Personen lächerlich macht.\nIn sehr großen Communities wie etwa Stack Overflow sind rein appellative Systeme oft nicht mehr ausreichend. Einmal binden sie unökonomisch viel Aufwand auf der Seite des Community-Managements, zum anderen ist je mehr Personen die Community umfaßt die Wahrscheinlichkeit um so größer, daß sich dort auch pathologische Persönlichkeiten einfinden, bei denen jeder rein appellative Ansatz aussichtslos ist. Jeff Atwood diskutiert in Suspension, Ban or Hellban? (auch die Kommentare lesen und den Links folgen!) Methoden, die bei zentralistisch gesteuerten Foren eingesetzt werden können, um den Fokus zu erhalten und zu verhindern, daß unerwünschte Meme in der Gemeinschaft Fuß fassen können.\nZusätzlich zu diesen repressiven Mechanismen setzen solche Systeme auch positive Mechanismen ein - sie haben ein Reputationssystem , das Privilegien und Powers auf der Site graduell freischaltet. Doch auch solche Mechanismen ziehen Spieler an, in diesem Fall keine NOMIC-Spieler, sondern Gamer . Das sind Personen, die an einem solchen System teilnehmen um der Belohnungen oder der Dritteffekte, die so ein Status haben kann willen, wenn das eigentliche Ziel war, Inhalte und konstruktive Interaktion zwischen Personen zu fördern.\nAuch wenn Gamer nicht aktiv destruktiv sein müssen, so gibt es doch Erkenntnisse, die zeigen, daß sie Bias generieren, und daß Feedback aus solchen Bewertungssystemen generell die Qualität der Diskussion negativ beeinflußt (Original Paper ), weil so ein Feedback Gamer erzeugt.\nDie Frage ist, ob und wie sich Techniken aus diesem Repertoire der Community-Steuerung auf den politischen Diskurs anwenden lassen ohne ihn zu zerstören oder Bias zu erzeugen. Tarzun reagierte auf meinen Link zum Hellban-Artikel mit\nund daraus entspann sich der folgende Dialog:\n@isotopp : Ich bin mir ziemlich sicher, daß diese Methoden in politischen Diskussionen keinen legitimen Platz haben. @tarzun : Och, für ML und Foren fänd ich das schon sinnvoll. \u0026ldquo;Echte\u0026rdquo; Politik findet da eh nicht statt, dazu gibt es ja LiquidFeedback hust @tarzun : Piraten sind aktuell eh mehr Community denn Partei. Aber das wird Twitter zu lang. Ich muß mal wieder bloggen. @isotopp : Die Frage ist, wie man Moderation bewirken kann, die Trolle von politischen Gegnern trennt und das transparent genug hinbekommt. @isotopp : Ziel muß sein, Zeitsenken zu eliminieren, aber kein Tool zu bauen, das politische Gegner mundtot machen kann. @isotopp : Ich sehe nicht, wie das gehen kann. @tarzun : Läuft wohl auf \u0026ldquo;community driven\u0026rdquo; hellbans hinaus, wo (echte) Trolle wirklich in jedem Killfile landen. Aber es ist schwer, ja. @isotopp : Nein. Entweder es ist wirksam. Dann killt eine Majority Minority Opinions. @isotopp : Oder es ist nicht wirksam. Dann benutzen es nur Überengagierte mit guter Systemkenntnis -\u0026gt; also Trolle. @tarzun : Hmm. In einer liquiden Orga könnte man die \u0026ldquo;Moderationsmacht\u0026rdquo; per \u0026ldquo;Delegation\u0026rdquo; vergeben und bei Mißbrauch entziehen. Die Frage ist also, wie kann man die Diskussions- und Arbeitskultur der Piratenpartei sanieren und entgiften, so daß man den Piratenerosionszähler (Begriff von @tarzun ) zum Stoppen bekommen kann.\n","date":"2011-06-05T00:00:00Z","href":"https://blog.koehntopp.info/2011/06/05/die-nomic-spieler.html","tags":["community","piraten","lang_de"],"title":"Die NOMIC-Spieler"},{"categories":null,"content":" Johannes Caspar, Hamburgischer Beauftragter für Datenschutz und Informationsfreiheit, sieht durch die Einführung des Internetprotokolls IPv6 den Datenschutz im Internet gefährdet. Er fordert den Gesetzgeber dazu auf, die Provider dazu zu verpflichten, dass sie IP-Adressen weiterhin dynamisch vergeben. \u0026ndash; Heise Netze Schon seit vielen Jahren versteifen sich Sicherheitsbehörden, Abmahnszene und viele andere Leute auf die Idee, daß eine IP-Nummer (zu einem gegebenen Zeitpunkt) eine Person identifiziert. Das führt fast schon traditionell zu abschreckenden Hausdurchsuchungen bei Betreibern von tor-Servern und anderen seltsamen Randerscheinungen.\nNicht ganz so lange, aber schon fast so lange gibt es die Erkenntnis, daß so eine IP-Nummer irgendwie gar nix beweist auch wenn das den entsprechenden Bedarfsträgern weitgehend egal ist .\nAnders herum hätten wir nun mit IP V6 endlich die Gelegenheit, feste IP-Nummern und sogar Netze für daheim zu bekommen und so allen möglichen Arten von Diensten aufzubauen, die vorher nur unter Schmerzen und Performanceproblemen zu realisieren waren. Nun kehrt sich die Sachlage um, und Datenschützer sind der Meinung, daß eine IP-Nummer irgendetwas beweist und wollen daher statische IP-Nummern weg haben.\nDie Logik erschließt sich mir nicht. Wenn ich Anonymität haben will, dann muß ich sie selber erzeugen . Das wissen eben genau diese Datenschützer auch, haben sie doch selber AN.ON selbst betrieben und tor propagiert, und an Papieren über Anonymitätdefinitionen mitgewirkt.\nDie Einlassungen von Herrn Caspar sind auf viele verschiedene Weisen unsagbar dumm. Er propagiert mit seiner Forderung die vollkommen falsche Idee, dynamische IP-Nummern würden vor irgendetwas schützen, wenn es darauf ankäme: Inhaber einer dynamischen IP-Nummern zu einem gegebenen Zeitpunkt sind aufdeckbar und identifizierbar, die benutzten Werkzeuge sind auch ohne IP-Nummer trackbar, und Personentracking funktioniert oft mit mehreren Signalen, etwa Browserstrings, Cookies und Flash-Cookies. IP-Nummern zu wechseln hat keine Schutzwirkung.\nDer Verzicht auf statische IP-Nummern hat außerdem den Nebeneffekt, daß damit das Anbieten von dezentralen, selbst betriebenen Diensten erschwert wird, und das Internet als Konsumenten-Anbeiter-System statt Peer-2-Peer System zementiert wird. Caspar, der Datenschützer, spielt so großen, zentralisierten Diensteanbietern außerhalb der Jurisdiktion von Deutschland in die Hände.\nDiese Art von Datenschutz schützt niemanden. Im Gegenteil, sie ist Bestandteil des sich selbst erhaltenden, innovationsfeindlichen \u0026ldquo;Systems Datenschutz\u0026rdquo; in Deutschland, und genau der Grund für das Entstehen der Spackeria (@fasel bei der Spackeria zum selben Thema ).\n","date":"2011-06-05T00:00:00Z","href":"https://blog.koehntopp.info/2011/06/05/ip-v6-verkehrt.html","tags":["privacy","identity","internet","ipv6","politik","privacy","spackeria","lang_de"],"title":"IP V6 verkehrt"},{"categories":null,"content":"Heute gibt es hier alten Scheiß: Vor vielen Jahren, in einem anderen Leben, habe ich im Rahmen der Ausbildung von Auszubildenden und Neuanstellungen eine Reihe von Slides produziert, die einige Grundlagen der Kryptographie erläutern, ohne daß das Ganze übermäßig mathematisch werden würde. Den Text zu diesem Vortrag habe ich nie veröffentlicht, das hole ich hier einmal nach.\nZiel des Textes war es einmal, den Leuten bestimmte kryptographische Primitive und ihre Anwendung deutlich zu machen sowie die Rechtslage mit der Technik zu verknüpfen.\nWeil ich uns allen die Mathematik erspart habe, muß man einige Annahmen glauben, anstatt sich durch die entsprechenden mathematischen Beweise zu kämpfen. Und zwar muß man glauben, daß es Algorithmen gibt, die in einer Richtung leicht und mit wenig Aufwand durchzuführen sind (etwa die Multiplikation einiger Zahlen), aber in der umgekehrten Richtung sehr aufwendig sind, weil keine Abkürzung existiert (etwa die Umkehrung einer Multiplikation: die Bestimmung der unbekannten Faktoren, die ein bestimmtes bekanntes Multiplikationsergebnis ergeben).\nMit Hilfe solcher Algorithmen kann man dann Verschlüsselungssysteme bauen.\nDie Mathematik, die dem zugrunde liegt, ist von den Mathematikern auch sehr gut verstanden und allgemein bekannt und untersucht. In der Regel ist es auch nicht die Mathematik, die defekt ist, wenn ein Kryptosystem gehackt wird, sondern es ist die umgebende Infrastruktur, die kaputt geht: Zufallszahlengeneratoren, die keine zufälligen Zahlen produzieren oder Verwaltungssysteme für geheime Schlüssel, die geheimzuhaltende Daten herausgeben. Oder halt der Fehler, sich selbst einen Verschlüsselungsalgorithmus auszudenken ohne die entsprechende Mathematik zu beherrschen.\nAber von vorne:\nEine der Grundaufgaben in der Kryptographie ist ein Sender, Andreas, der einer Empfängerin, Birgit, eine Nachricht senden möchte, ohne daß Dritte mithören können. Die Nachricht wird als Message (M) bezeichnet. Verschlüsselt wird sie mit einer Verschlüsselungsfunktion, die allgemein bekannt und gut untersucht ist, und diese Funktion braucht einen geheimen Schlüssel, den Key (K).\nMathematiker sind faule Säue, sie können sich nicht einmal aufraffen, Multiplikationspunkte zu schreiben (und schreiben also A*B einfach als AB). Entsprechend sollten sie die Formel C = f(K, M) (der verschlüsselte Ciphertext C ergibt sich aus der Anwendung der Verschlüsselungsfunktion f, die die Nachricht M und den Schlüssel K als Parameter hat) schreiben. Stattdessen notieren sie oft falsch C = K(M), als ob K eine Funktion und nicht der Schlüssel wäre.\nAndreas verschlüsselt seine Nachricht an Birgit, weil er sich bedroht fühlt.\nWenn man sich mit Sicherheitsdingen beschäftigt, ist es wichtig, diese Bedrohung auszuformulieren und die Ziele und Fähigkeiten des Angreifers zu benennen. Nur aus diesen Listen kann man die Gefahren ableiten und dann sagen, ob bestimmte vorgeschlagene Maßnahmen eine sinnvolle Abwehr gegen die Bedrohung darstellen oder nicht.\nMan kann diesen Effekt gar nicht genug betonen: Wenn man sich mit Laien (oder in der Politik) über Bedrohungen unterhält, dann diskutieren diese Sicherheit oftmals in den Begriffen von Maßnahmen, anstatt über Angreifer, Bedrohungen, Eintrittswahrscheinlichkeiten und Schadenshöhen zu reden und die Maßnahmen anhang dieser Dinge auszuwählen oder zu bewerten. Das erzeugt dann jede Menge operative Hektik, verbessert die Sicherheit aber in der Regel kein Stück.\nDas Schutzziel eines Kryptosystems ist gewissermaßen das Gegenteil eines Angriffes:\nEin Kryptosystem kann das Ziel haben, den Inhalt einer Nachricht geheim zu halten, d.h. nur der Absender und der Empfänger einer Nachricht können ihren Inhalt kennen, Dritte nicht. Eine schwächere Forderung wäre, eine Nachricht integer zu halten, also Veränderungen der Nachricht durch Dritte erkennbar zu machen. Eine stärkere Forderung wäre, nicht nur den Inhalt einer Nachricht vertraulich zu halten, sondern die Tatsache, daß zwei bestimmte Personen überhaupt miteinander kommuniziert haben zu verbergen - Unbeobachtbarkeit.\nMan kann fordern, die Identitäten des Senders und des Empfängers voreinander zu verbergen - dann hat man Anonymität. Oder man kann fordern, daß die Identitäten des Senders und des Empfängers beweisbar bekannt und unfälschbar sind, dann bekommt man Authentizität.\nMan kann fordern, daß ein System durch gefälschte oder defekte Nachrichten nicht offline gezwungen werden kann, daß es also verfügbar bleibt.\nAngreifer können versuchen, diese Schutzziele zu vereiteln, etwa indem man ihnen die Fähigkeit zugesteht, die Kommunikation mitzuhören, mitgehörte Nachrichten wiederholt abzusenden, Nachrichten zu verändern, sich in die Kommunikationskette zwischen Sender und Empfänger einzuschleichen und sich für die jeweilige Gegenstelle auszugeben, oder indem sie versuchen, die Kommunikation zwischen den beiden Parteien zu unterbrechen.\nMan kann sehr starke Angreifer konstruieren, indem man ihnen die Fähigkeit zugesteht, die Hardware oder Systemsoftware des Senders oder des Empfängers von diesem unbemerkt zu verändern.\nUnd man muß Einsatzzwecke von Kryptographie unterscheiden: Es besteht ein grundlegender Unterschied in den Anforderungen zwischen Transportverschlüsselung (etwa das Abrufen von Webseiten über SSL) und Speicherverschlüsselung (etwa dem Ablegen von Dateien auf einer verschlüsselten Festplatte).\nBei Transportverschlüsselung hat man in der Regel die Anforderung, daß es keine \u0026lsquo;Key Recovery\u0026rsquo; geben darf - nur der Sender und der Empfänger sollen den vereinbarten Schlüssel K kennen.\nBei Speicherverschlüsselung dagegen hat man vielfach weitergehende Anforderungen. Ein Arbeitgeber zum Beispiel wird auf den Laptops seiner Mitarbeiter nicht Festplattenverschlüsselung ausrollen können, wenn er nicht die Möglichkeit hat, auch ohne Kooperation des Mitarbeiters auf dessen dienstliche Daten zugreifen zu können. Ohne diese Möglichkeit besteht sonst die Gefahr, daß betriebskritische Daten für die Firma nicht mehr im Zugriff sind, wenn der Mitarbeiter erkrankt oder sonstwie nicht mehr verfügbar ist. Diese Situation ist für eine Firma klar nicht akzeptabel, daher müssen solche Systeme immer \u0026ldquo;Key Recovery\u0026rdquo; erlauben, also eine \u0026ldquo;Hintertür\u0026rdquo; haben, die - und das ist der entscheidende Punkt - unter der Kontrolle der Firma steht.\nSpeicherverschlüsselung ohne Key Recovery ist wertlos, und das entscheidende Merkmal bei der Diskussion über Key Recovery ist nicht, daß sie existiert, sondern wer die Kontrolle über die Recovery Keys hat.\nAuguste Kerckhoffs hat 1883 das Kerckhoffsche Prinzip formuliert. Kerckhoffs war ein früher Kryptograph, und hat kryptographische Verfahren untersucht und eine Reihe von Anforderungen an Kryptosysteme formuliert.\nIn einer modernen Formulierung besagt das Kerckhoffsche Prinzip, daß die Sicherheit eines Kryptosystems nicht von der Geheimhaltung des verwendeten Algorithmus abhängen darf, sondern nur von der Geheimhaltung der verwendeten Schlüssel abhängen darf.\nIn einer schärferen Formulierung kann man sogar sagen, daß ein Kryptosystem, dessen Algorithmen nicht allgemein bekannt und durch viele anerkannte Kryptographen untersucht und bestätigt worden sind wahrscheinlich unsicher ist und nicht verwendet werden sollte.\nWir können nach dem heutigen Stand der Mathematik nicht beweisen, daß ein Algorithmus unangreifbar ist. Wir können lediglich unsere hellsten Köpfe auf einen Algorithmus loslassen. Wenn die dann alle scheitern (und was das bedeutet klären wir gleich), dann ist der Algorithmus wahrscheinlich zur Zeit sicher.\nEs gibt in der Geschichte der Kryptographie eine ganze Menge Beispiele für recht prominent selbstgekochte Kryptosysteme, bei denen die Algorithmen nicht ausreichend untersucht worden sind und die sich dann im Nachhinein nicht als sicher erwiesen haben.\nDas CSS -System zur Verschlüsselung von DVD-Inhalten ist zum Beispiel ein solches System: Nicht nur ist seine Schlüssellänge mit 40 Bit sowieso zu kurz, sondern durch eine Analyse des Algorithmus, die bei der Erschaffung von CSS nicht ausreichend durchgeführt worden ist, ist es gelungen, die effektive Schlüssellänge dieser 40 Bit auf 16 Bit zu reduzieren. Damit ist aber ein Angriff auf CSS mit trivialer Rechenleistung möglich und CSS ist in etwa genau so sicher wie Klartext.\nEin anderes Beispiel ist der vom GSM-Konsortium selbstgekochte A5 Algorithmus, mit dem einige Mobilfunkbetreiber GSM-Kommunikation verschlüsselt haben, statt einen anerkannten Algorithmus zu nehmen. Auch die verschiedenen Varianten von A5 sind gebrochen worden und mit diesen (inzwischen nicht mehr verwendeten) Algorithmen verschlüsselte Kommunikation ist abhörbar geworden.\nJedes Verschlüsselungsverfahren läßt sich brechen, indem man einfach alle möglichen Schlüssel durchprobiert. Diesen Angriff nennt man einen \u0026lsquo;brute force\u0026rsquo;-Angriff. Damit er gelingen kann, müssen zwei Dinge gelten:\nEinmal muß man überhaupt mitbekommen, daß man fertig ist.\nBei einem Brute Force-Angriff entschlüsselt man eine verschlüsselte Nachricht (also unlesbaren Bitsalat) mit dem falschen Schlüssel (bekommt also anderen unlesbaren Bitsalat). Erwischt man zufällig den korrekten Schlüssel, bekommt man lesbaren Text - und muß diese Situation erkennen. Das heißt, es hilft, wenn man ein wenig über den Klartext weiß (\u0026rsquo;es handet sich um englischen Text\u0026rsquo;, \u0026lsquo;am Ende des Textes ist eine CRC32 Prüfsumme über alle vorhergehenden Bytes und wenn die Prüfsumme aufgeht, ist die Nachricht korrekt\u0026rsquo;).\nHat man solches Wissen nicht, muß man raten - etwa wenn die Nachricht nur gültige Zeichen in dem und dem Zeichensatz enthält und die relativen Häufigkeiten der Buchstaben in etwa dem Muster englischer Sprache entsprechen, dann ist die Nachricht möglicherweise korrekt entschlüsselt worden und man legt sie einem Operator zur Kontrolle vor.\nIm zweiten Weltkrieg zum Beispiel haben die Engländer die mit der Engima verschlüsselten Nachrichten deutscher U-Boote abgefangen. Diese U-Boote haben wichtige Nachrichten mit dem Flottenkommando ausgetauscht, aber auch Wetternachrichten an das Kommando zurück gesendet. Diese Wetternachrichten waren jedoch mit demselben Schlüssel verschlüsselt, der auch für andere wichtige Nachrichten verwendet worden ist.\nWenn man nun also das Wetter an der Position des U-Bootes kennt und weiß, wie ein militärischer Wetterbericht abgefaßt wird, dann kann man den Klartext der Wettermeldung des U-Bootes recht gut vorhersagen und hat eine gute Stop-Bedingung für einen Brute Force-Angriff.\nZum anderen muß man fertig werden können. Das heißt, der Schlüsselraum (alle möglichen K) muß klein genug sein, daß man im Verhältnis zur Arbeitsgeschwindigkeit seiner Entschlüsselungsmaschine die Möglichkeit hat, alle Schlüssel in einem gegebenen Zeitrahmen durchzuprobieren.\nWenn man weiß, daß die Nachricht etwa das Datum des Angriffes eines Gegners enthält (\u0026lsquo;Angriff im Morgengrauen!\u0026rsquo;), dann ist die Nachricht wertlos, nachdem der Angriff des Gegners erfolgt ist. Ist der Schlüsselraum so groß, daß es unmöglich ist, die verschlüsselte abgefangene Nachricht vor dem Morgengrauen zu entschlüsseln, indem man alle möglichen Schlüssel durchprobiert, dann ist das Verfahren sicher.\nMan muß also die Schlüssellänge so wählen, daß sie der benötigten Schutzfrist gegen einen Brute Force-Angriff genügt. Angenommen, man hätte 1933 elektronisch wählen können und jemand hätte die Wahlnachrichten mit Absenderkennungen damals aufzeichnen, aber nicht entschlüsseln können - wie lange muß ein solches System die Nachrichten dann also gegen Brute Force schützen können (technologischen Fortschritt eingerechnet)? Muß ein militärisches System für taktische Kommunikation (\u0026lsquo;Angriff im Morgengrauen\u0026rsquo;) oder ein elektronisches Wahlsystem sicherer sein? Wieviel sicherer?\nGenau.\nDarum haben wir keine Wahlcomputer und keine elektronischen Wahlen über Netzwerk.\nWenn es neben dem Brute Force-Angriff noch andere Methoden gibt, mit denen man den Schlüssel K ermitteln kann und diese anderen Methoden effizienter sind als Brute Force, dann gilt das System als gebrochen.\nMan beachte, daß das etwas anderes ist als unsicher. Es gibt unsichere Systeme, die nicht gebrochen sind - DES ist so etwas zum Beispiel. DES ist ein Verfahren mit einer Schlüssellänge von nur 56 Bit, und die EFF hat 1998 den Spezialrechner Deep Crack gebaut, um DES in wenigen Stunden zu brute forcen. DES ist aber nicht gebrochen - es ist kein Verfahren bekannt, mit dem es möglich wäre, die 2^56 Schlüssel abzukürzen. Daher kann man unsichere DES noch verwenden, um das sichere und ungebrochene Triple DES zu konstruieren.\nAndererseits existiert der DES-Nachfolger AES . AES 256 hat einen K-Raum mit 2^256 Einträgen, aber AES ist gebrochen - der K-Raum ist auf 2^200 Einträge reduziert, also kleiner als Brute Force. Allerdings ist diese Zahl immer noch zu groß, daß der Algorithmus als sicher gilt.\nDES und AES sind beides symmetrische Verfahren. Das sind Verfahren, bei denen man eine Nachricht mit demselben Schlüssel entschlüsseln kann, den man zur Verschlüsselung verwendet. Man bekommt also den Ciphertext C = K(M), und indem man K noch einmal anwendet, bekommt man die Nachricht zurück: M = K(C), d.h. M = K(K(M)).\nSymmetrische Verfahren haben vergleichsweise kurze Schlüssel: das unsichere DES hat nur 56 Bit, das sichere 3DES hat 112 Bit und AES sollte man mit 256 Bit betreiben, damit es sicher ist. Da die Laufzeit eines Verschlüsselungsalgorithmus in vielen Fällen proportional zur Länge der Schlüssel ist, sind die meisten symmetrischen Verfahren relativ schnell - speziell AES ist außerdem auch so entwickelt worden, daß es sich auf heute üblichen Prozessoren leicht implementieren läßt und ist daher sehr gut geeignet, wenn es auf Geschwindigkeit ankommt.\nDas Hauptproblem von symmetrischen Verfahren ist, daß sich der Sender und der Empfänger auf einen Schlüssel einigen müssen. Wie kommt der Schlüssel K, mit dem Andreas seine Nachrichten an Birgit verschlüsselt, zu Birgit, wenn Andreas doch der Strecke zwischen Andreas und Birgit nicht trauen kann?\nManchmal kann man das Problem dadurch lösen, daß der Schlüssel so angenehm kurz ist: Nehmen wir an, daß Andreas seiner Internet-Verbindung zu Birgit nicht traut, aber seiner Telefonverbindung - dies nennen wir einen sicheren Kanal.\nEine Eigenschaft von sicheren Kanälen ist, daß ihre Kapaziät oft begrenzt ist - entweder in der Menge oder in der Zeit, zu der sie verfügbar sind.\nZum Beispiel ist es für Andreas nicht möglich, Birgit sein neustes, viele hundert Kilobyte großes Paper am Telefon zu diktieren. Er kann aber durchaus die Hex-Repräsentation des von ihm gewählten Schlüssels K diktieren und ihr dann die mit K verschlüsselte Nachricht senden, die das Paper enthält. Das ist ein Beispiel für einen in der Kapazität beschränkten sicheren Kanal.\nOder Andreas hat Birgit im Januar auf einer Konferenz getroffen und mit ihr ein gemeinsames K ausgemacht. Jetzt, im Juni, will er ihr sein Paper senden. Das geht, da die beiden ja einen gemeinsamen Schlüssel K haben. Dies ist ein Beispiel für einen temporal beschränkten sicheren Kanal - damals hatten sie sichere Kommunikation, jetzt nicht.\nEin extremes Beispiel für so etwas hat man, wenn der Schlüssel so lang ist wie die Nachricht selber. In diesem Fall kann man tatsächlich absolut sichere Kommunikation konstruieren: Man nehme einen physikalischen Zufallszahlengenerator, etwa den Zerfall einer radioaktiven Probe, und zeichne die Zahlen auf, 700 MB davon auf einer CD. Dann mache man eine Kopie davon und sende diese mit einem Kurier zum Empfänger oder übergebe diese dem Empfänger, wenn man ihn trifft.\nSpäter, wenn man Bedarf an sicherer Kommunikation hat, sendet man dem Empfänger die Nachricht XOR-codiert mit diesen Zufallszahlen, und streiche diese Zahlen sodaß sie niemals wieder verwendet werden können.\nDieses Verfahren nennt sich One-Time Pad und ist das einzige bekannte Verfahren, das absolut und beweisbar sicher ist. Bedingungen: Der Schlüssel wird niemals wiederverwendet (daher die Notwendigkeit des Abstreichens) und der Schlüssel ist echt zufällig (und nicht von einer Pseudo-Zufallszahlenfunktion berechnet). Leider gibt es sehr viele Anbieter von Verfahren, die sich One-Time Pad nennen, aber entweder den Schlüssel wiederverwenden oder nicht wirklich zufällig bestimmen - diese Verfahren sind leider sehr, sehr leicht brechbar.\nSymmetrische Verfahren haben noch ein anderes Problem, wenn es um Gruppenkommunikation geht: Für jede Kombination von Sender und Empfänger muß man einen anderen Schlüssel vereinbaren, wenn dieses Paar privat und unabhängig von den anderen Paarungen miteinander kommunizieren können soll. Daher hat man bei n Teilnehmern (n*(n-1))/2 mögliche K zu verwalten, bei 100 Teilnehmern also 4950 verschiedene Schlüssel.\nUm dieses Problem besser beherrschen zu können hat man in den 1970er Jahren asymmetrische Verfahren entwickelt. Ein asymmetrisches Verfahren ist eines, bei dem man einen Verschlüssel P und einen Entschlüssel Q hat. Wenn man also den Ciphertext C = P(M) produziert, dann braucht man den anderen Schlüssel Q um wieder an den Klartext zu kommen: M = Q(C), d.h. M = Q(P(M)). Wendet man stattdessen P ein zweites Mal an, bekommt man kein sinnvolles Ergebnis.\nTatsächlich funktioniert die Paarung auch anders herum: Ich kann auch mit Q verschlüsseln und dieses Resultat dann mit P entschlüsseln, d.h. es gilt auch M = P(Q(M)).\nDie Unterscheidung zwischen P und Q ist also nicht technisch-funktional: Ich kann jeweils mit dem einen Schlüssel entschlüsseln, was mit dem anderen verschlüsselt worden ist. Sie ist stattdessen organisatorisch: Den einen Schlüssel, P, mache ich publik. Den anderen, Q, halte ich streng geheim.\nDer Empfänger einer Nachricht kann nun also seinen öffentlichen Schlüssel P publizieren: Birgit macht ihr P allgemein bekannt.\nEin Sender kann sich nun diesen öffentlichen Schlüssel P von Birgit greifen und eine Nachricht an sie verschlüsseln: C = P(M). Es ist nicht möglich, diese Nachricht mit P wieder zu entschlüsseln. Nur Birgit (oder jede andere Person, die aus welchen Gründen auch immer ihr Q kennt) kann die Nachricht wieder in Klartext verwandeln: M = Q(C) = Q(P(M)).\nDie Anzahl der zu verwaltenden Schlüssel ist in so einem Setup deutlich kleiner: Statt 4950 Schlüsseln für 100 Teilnehmer sind nur 100 PQ-Paare zu verwalten, genauer: Es muß ein Verzeichnis von 100 öffentlichen Schlüsseln P der Empfänger bekannt gemacht werden, und die 100 geheimen Schlüssel müssen von den Empfängern auch geheim gehalten werden.\nEin Nachteil: Asymmetrische Verfahren haben deutlich längere Schlüssel als symmetrische Verfahren. Schlüssel sind bis zu 4096 Bit lang. Daher ist auch ihre Verarbeitung sehr viel langsamer, im Schnitt 10-20 mal langsamer als bei den bekannten symmetrischen Verfahren.\nIn der Praxis verwendet man daher meist hybride Verfahren. Bei einem hybriden Verfahren wird symmetrische Verschlüsselung angewendet, um die Nachricht zu verschlüsseln. Der Schlüssel K, mit dem das getan wird, wird dabei zufällig ausgewürfelt und nur ein einziges Mal (oder bei einer stehenden Verbindung nur für kurze Zeit) verwendet.\nDer Empfänger muß K gesagt bekommen - dafür verwenden wir das asymmetrische Verfahren, und das ist schnell, weil die Nachricht selber (es steht nur K drin) recht kurz ist.\nAndreas würfelt sich also einen Key K aus, den \u0026ldquo;Session-Key\u0026rdquo;. Dann greift er sich den öffentlichen Schlüssel P von Birgit und verschlüsselt K damit: P(K). Die eigentliche Nachricht M verschlüsselt er dann mit K, weil\u0026rsquo;s schneller ist: K(M).\nBirgit bekommt die Nachricht \u0026ldquo;P(K) K(M)\u0026rdquo;. Mit ihrem geheimen Schlüssel Q kann sie K = Q(P(K)) ermitteln. Dadurch kennt sie K und kann nun M = K(K(M)) berechnen, und hat nun die Nachricht im Klartext.\nWir können den Session-Key der Nachricht sogar mehrfach voranstellen: Pbirgit(K) Pmarit(K) und so weiter. Alle diese Empfänger können nun ihre Kopie des Session-Key entschlüsseln und die Nachricht decodieren. Dabei muß man sich erinnern, daß K(M) recht lang sein kann, die ganze Nachricht halt. Die einzelnen Kopien des Session-Keys sind jedoch recht kurz.\nDies ist auch die Idee verschiedener DRM-Systeme, um etwa den Inhalt von DVDs zu schützen: Auf der DVD befindet sich der Video-Content mit dem Session-Key der DVD geschützt, viele GB lang. Im Startbereich der DVD ist der Session-Key mit dem geheimen Schlüssel des jeweiligen Player-Lizenznehmers geschützt abgelegt. Der Hersteller mit der Herstellernummer 48 guckt also im 48. Slot vorne auf der DVD nach, entschlüsselt den Session-Key der DVD von dort und kann so die DVD abspielen.\nDas wäre angreifbar in dem Sinne, daß dazu ja der geheime Schlüssel jedes Lizenznehmers in jedem seiner Produke - den Playern - enthalten sein müßte, und tatsächlich hat man diese Schlüssel auch für kurze Zeit aus Software-DVD-Spielern extrahiert, bis man gemerkt hatte, daß das symmetrische Verschlüsselungsverfahren, CSS, auf einer DVD sowieso Schrott ist und man sich das Lesen der Keys aus dem Index vorne auch sparen kann\u0026hellip;\nEs verbleiben zwei zu lösende Probleme:\nErstens: Wir müssen irgendwie sicherstellen, daß der Schlüssel, der uns als der Schlüssel von Birgit im Verzeichnis verkauft wird auch wirklich der Schlüssel ist, der zu Birgits Q paßt.\nZweitens: Bei einigen Nachrichten sollte man sicherstellen, daß nicht irgendjemand auf dem Weg C = K(M) abfängt und ein zweites Mal abspielt.\nWenn Andreas etwa eine Nachricht an Birgit sendet \u0026ldquo;Bitte zahle Kris 100 EUR aus.\u0026rdquo; und Kris fängt diese Nachricht ab, dann kann er Birgit eventuell dazu bringen, ihm jedesmal 100 EUR auszuzahlen, wenn er diese verschlüsselte Nachricht noch einmal sendet.\nDieses zweite Problem läßt sich lösen, indem man der Nachricht eine Folgenummer oder eine Zufallszahl verpaßt, die mit codiert wird - am besten beides. Nachrichten gleichen Inhaltes werden dadurch unterscheidbar und Duplikate können erkannt werden. Es ist natürlich wichtig, daß diese Zahlen mit verschlüsselt werden, damit sie nicht leicht zu ändern sind.\nVerschlüsselungsverfahren arbeiten in Blöcken von x Bits. Nachrichten sind jedoch nicht immer genau Vielfache dieser Blöcke lang. Daher muß man sie durch Füllbytes am Ende zu einem solchen Blockvielfachen auffüllen - das nennt man Padding. Man bekommt eine Nachricht M, die in Wirklichkeit aus Teilnachrichten besteht. Jede Teilnachricht ist einen solchen Block lang: M1 M2 M3\u0026hellip; Mi \u0026hellip; und so weiter.\nDanach wird das Verschlüsselungsverfahren angewendet, und zwar auf jeden Block. Dabei kann jeder Block mit demselben Schlüssel K verschlüsselt werden, oder mit einem Schlüssel, der irgendwie aus dem Startschlüssel K, dem Blockindex i, vorhergehenden Blöcken von Klartext oder Ciphertext oder einem weiteren Startwert (dem Initialisierungsvektor IV, eine weitere Zufallszahl) abgeleitet wird. Je nachdem, wie man sich diese Dinge zusammenbastelt, handelt man sich bestimmte Vor- und Nachteile ein.\nVerfahren, bei denen die Verschlüsselung von Mi nicht von vorhergehendem Klartext oder Ciphertext abhängig sind, sind gut parallelisierbar und sind auch unempfindlich gegen Leitungsstörungen oder Plattenlesefehler, bei denen eventuell einmal ein Block zwischendrin verloren geht.\nVerschüsselt man mit einem festen Schlüssel K (\u0026lsquo;Electronic Codebook\u0026rsquo;, ECB), dann werden zwei Blöcke M1 und M2, die denselben Inhalt haben, auch gleich verschlüsselt - der Klartext der Nachricht scheint im Ciphertext durch.\nKK:~ kris$ dd if=/dev/zero bs=1k count=1 of=x 1+0 records in 1+0 records out 1024 bytes transferred in 0.000088 secs (11639478 bytes/sec) KK:~ kris$ openssl enc -des-ecb -k keks -iv 0 -e -in x -out y KK:~ kris$ ls -l x y -rw-r--r-- 1 kris staff 1024 3 Jun 15:56 x -rw-r--r-- 1 kris staff 1048 3 Jun 15:56 y KK:~ kris$ od -t x1 y 0000000 53 61 6c 74 65 64 5f 5f b2 3f fa fb 98 86 03 ca 0000020 fe ab 3b 74 5b 90 76 74 fe ab 3b 74 5b 90 76 74 ... 0002020 72 d6 ba 5e 91 0a 9e 90 0002030 Erzeugt man also ein Kilobyte Nullbytes und verschlüsselt diese mit einem ECB-Verfahren (jeden Block also mit demselben Schlüssel \u0026lsquo;keks\u0026rsquo;), dann bekommt man zwar Bytesalat, aber Bytesalat mit einem sich wiederholenden Muster: Alle 32 Bytes kommt dieselbe Bytefolge vor - od erkennt das und kürzt ab.\nDurch verschiedene Verfahren versucht man dies zu verhindern, indem man einen Block mit seinem vorhergehenden Klartext oder Ciphertext mischt. Dennoch ist es sinnvoll, Klartext vor der Verschlüsselung zu komprimieren: Kompression beseitigt Redundanzen im Klartext. Sich wiederholende Muster werden ausgenutzt, um die Nachrichtenlänge zu verkleinern und es entsteht eine Klartextnachricht, die keine Muster mehr enthält.\nNeben Verschlüsselungsalgorithmen gibt es ein zweites wichtiges Grundkonstrukt in der Kryptographie, den Hash. Ein Hash ist eine Prüfsummenfunktion, also etwas, in das man eine beliebig lange Nachricht vorne reinfüttern darf, und bei der dann am Ende eine Zahl h mit einer festen Anzahl von Bits herauskommt: h = Hash(M).\nAllen Prüfsummen ist gemeinsam, daß man aus einer gegebenen Prüfsumme die Originalnachricht nicht eindeutig rekonstruieren kann, da es mehr als eine Nachricht gibt, die diese Prüfsumme hat. Das gilt selbst für eine ISBN : Die ISBN 0-306-40615 hat die Prüfzummer 2, aber es gibt noch weitere ISBNs, die diese Prüfziffer haben.\nBei einer ISBN ist es jedoch relativ leicht, eine ISBN zu konstruieren, die eine bestimmte vorgegebene Prüfziffer (hier: 2) hat.\nBei einer kryptographischen Prüfsumme, einem Hash, möchte man nun als zusätzliche Eigenschaft, daß es nicht möglich sein soll, eine Nachricht M zu konstruieren, die eine bestimmte Prüfsumme h ergibt. Um so eine Nachricht zu finden, müßte man idealerweise den ganzen M-Raum durchsuchen (also einen Brute Force-Angriff starten).\nIn der Praxis gibt es einige populäre Funktionen, von denen wir geglaubt haben, daß sie diese Eigenschaft hätten und das ist auch eine Weile gut gegangen. Derzeit sieht es aber eher schlecht aus.\nWir können Hashes verwenden, um Daten digital zu unterschreiben. Nehmen wir an, Andreas will Birgit eine Nachricht M senden und er will sicherstellen, daß Birgit erkennen kann, daß es sich um eine unveränderte Nachricht handelt und daß sie von Andreas ist.\nDazu nehmen wir einen Klartext M und berechnen die Prüfsumme Hash(M). Andreas verschlüsselt nun die Prüfsumme mit seinem geheimen Schlüssel QAndreas. Etwas, das mit Q verschlüsselt worden ist, kann mit dem dazu gehörenden P entschlüsselt werden und umgekehrt. Die Prüfsumme kann also mit dem Public Key von Andreas entschlüsselt werden - und der ist jedermann bekannt.\nWenn wir also die Nachricht M nehmen und selber die Prüfsumme h = Hash(M) berechnen, dann können wir dieses Ergebnis mit der Prüfsumme vergleichen, die Andreas mit seinem private Key verschlüsselt hat und die jeder entschlüsseln kann, der den public Key von Andreas kennt. Stimmen beide überein, wissen wir, daß die Nachricht unverändert ist.\n\u0026ldquo;Unverändert\u0026rdquo; (oder authentisch) bedeutet hier, daß der Inhalt der Nachricht, den wir sehen, identisch ist mit dem Inhalt der Nachricht, die jemand abgesendet hat, der den private Key von Andreas gekannt hat. Wenn Andreas also seine Schlüsselverwaltung im Griff hat, dann ist das nur Andreas.\nAndreas sendet \u0026ldquo;M QAndreas(Hash(M))\u0026rdquo; und nicht \u0026ldquo;QAndreas(M)\u0026rdquo;. Beweistechnisch macht das keinen Unterschied: In beiden Fällen muß der Absender der Nachricht den geheimen Schlüssel von Andreas gekannt haben. Im ersten Fall ist die Nachricht jedoch auch dann noch lesbar, wenn der Empfänger der Nachricht keinen Zugriff auf den öffentlichen Schlüssel von Andreas hat (dann ist jedoch die Authentizität nicht beweisbar).\nDie Prüfsumme QAndreas(Hash(M)) hinter der Nachricht M nennt man auch eine digitale Unterschrift (Signatur) der Nachricht.\nDieses Verfahren kann man jetzt mit der hybriden Verschlüsselung zusammensetzen. Man bekommt ein Verfahren, bei dem man eine Nachricht erzeugt, die aus der Nachricht M und ihrer Signatur QAndreas(Hash(M)) zusammengesetzt ist. Nachricht und Signatur werden jetzt mit einem Session-Key K verschlüsselt: \u0026ldquo;K(M QAndreas(Hash(M)))\u0026rdquo; und der Session-Key K wird mit dem öffentliche Schlüssel des Empfängers verschlüsselt vorangestellt.\nDas Gesamtprodukt: \u0026ldquo;PBirgit(K) K(M QAndreas(Hash(M)))\u0026rdquo;. Nur Birgit kann nun den Session-Key K ermitteln, und mit dessen Hilfe Nachricht und Signatur aus der Nachricht extrahieren. Sie kann dann die Prüfsumme über die Nachricht selbst berechnen und mit dem öffentlichen Schlüssel von Andreas gegen die Prüfsumme in der Nachricht vergleichen.\nWas jetzt noch fehlt ist ein Weg, mit dem Andreas und Birgit und jeder sonst an die öffentlichen Schlüssel aller anderen kommt, ohne daß irgendein Angreifer etwa Andreas den Schlüssel eines Angreifers im Namen von Birgit unterschrieben kann und Birgit den Schlüssel des Angreifers im Namen von Andreas.\nDamit man das kann, muß man die Identität von Personen an Schlüssel binden. Das macht man mit einem Zertifikat.\nEin Zertifikat ist eine Datenstruktur, die einen öffentlichen Schlüssel enthält, den Namen oder andere Identifikationsdaten des Inhabers, einen Verwendungszweck für den Schlüssel (Garantien, die der Inhaber für Daten abgibt, die mit diesem Schlüssel signiert sind) und eine Laufzeit als Intervall von-bis.\nJede dieser Informationen hat eine spezifische Aufgabe in unserem System.\nDer öffentlichen Schlüssel P erlaubt das Entschlüsseln von Prüfsummen, also das Prüfen von Signaturen. Er erlaubt auch das Verschlüsseln von Nachrichten an einen Empfänger.\nDie Inhaberdaten definieren, was für ein Empfänger ist. Der Empfänger ist immer eine natürliche Person, denn zu einem öffentlichen Schlüssel gehört immer auch ein geheimer Schlüssel, und es ist unmöglich, den geheimen Schlüssel geheim zu halten, wenn er nicht an eine natürliche Person gebunden ist.\nEmpfänger, die juristische Personen sind, muß man über Personengruppen oder über Verwendungszwecke/Rollen simulieren.\nDie Laufzeit schließlich ist nützlich, weil sie einige häßliche Skalierungsprobleme in unserem System begrenzen hilft. Dazu später mehr.\nHinten an diesem Zertifikat steht dann ein weiteres Datenpaket - die Signatur einer CA, einer Certification Authority. Sie \u0026ldquo;beglaubigt\u0026rdquo; diese Daten.\nDas Problem, das wir lösen wollen: Wir kann Andreas sicher sein, daß PBirgit wirklich von Birgit stammt?\nDer Ansatz mit einer CA definiert einen Single Point of Failure eine Zertifikations-Station, die einen Schlüssel PCA veröffentlicht, etwa dadurch, daß dieser in einem Browser eingebaut ist.\nBirgit publiziert nun nicht PBirgit, sondern QCA(Hash(PBirgit)) PBirgit. Die CA verschlüsselt also die Prüfsumme über den Schlüssel von Birgit und Birgit fügt diese Prüfsumme an ihren Schlüssel an.\nDie Augabe der CA ist es nun, nur das PBirgit zu unterschreiben, das wirklich zu Birgit gehört. In der Praxis funktionieren unterschiedliche CAs sehr unterschiedlich gut. Dabei ist das System schon im wirtschaftlichen Kern kaputt: Da die CA Geld von Birgit bekommt (und nicht von allen außer Birgit), um PBirgit zu unterschreiben, ist die Motivation der CA hoch, Birgit irgendetwas zu unterschreiben, damit sie das Geld von Birgit bekommt.\nOhne genaue Kenntnis des Prozesses, der durchlaufen werden muß, um PBirgit zu unterschreiben, ist das Zertifikat also wertlos.\nUnd: Man beachte, daß die CA zum Unterschreiben von PBirgit keine Kenntnis von QBirgit haben muß, d.h. den geheimen Schlüssel von Birgit muß die CA weder erzeugen noch muß Birgit ihn der CA aushändigen.\nUnd: Eine CA ist ein großes und spannendes Ziel für einen Angreifer. Der QCA muß wirklich gut bewacht werden.\nUnd noch ein paar weitere Beobachtungen: Birgit kann sich ihren Key mehrfach von unterschiedlichen CAs zertifizieren lassen.\nUnd Andreas braucht den Key der CA von Birgit nicht zu kennen. Er kann den Key einer anderen CA kennen, die den Public Key der CA von Birgit kennt, unter Umständen über x Schritte.\nBeispiele für beides findet man jedoch eher in PGP als in X.509.\nUnd schließlich noch das Implosionsproblem: Was passiert, wenn Andreas seinen privaten Schlüssel verbummelt?\nWenn der Schlüssel eine Laufzeit hat, löst sich dieses Problem mit dem Auflauf der Laufzeit des Schlüssels von selber. Gilt Andreas\u0026rsquo; Schlüssel etwa noch ein Jahr, genügt es, das Problem ein Jahr lang zu ignorieren und dann ist es weg.\nWill man es nicht ignorieren, dann braucht man eine Rückziehliste der \u0026lsquo;irrtümlich unterschriebenen oder jetzt auf Wunsch des Inhabers zurückgezogenen Unterschriften\u0026rsquo;. Das ist eine Certificate Revokation List, CRL.\nDie URL der CRL einer CA sollte in jedem Zertifikat enthalten sein, und es sollte theoretisch ein Protokoll (eine API) geben, mit der man das Prädikat \u0026lsquo;gültig?\u0026rsquo; für ein gegebenes Zertifikat effizient prüfen kann, und mit der man die gesamte CRL einer CA komplett für den Offline-Gebrauch runterladen kann. In der Praxis funktioniert beides nicht sehr gut\u0026hellip;\nEbenfalls nicht sehr gut funktioniert das Lesen und Schreiben von Standards, besonders wenn es sich um ITU/CCITT-Normen handelt: Diese sind zu optional oder zu vage für eine Implementierung oder einfach falsch definiert. Daher gibt es eine Reihe von Dokumenten, die PKCS, die quasi Richtigstellungen und Präzisierungen zu diesem Komplex unterhalten. Ohne sie ist der Standard nicht umsetzbar. Soweit die Technik.\nJetzt will man das Ganze noch in eine Form gießen, die in Deutschland auch juristisch anwendbar ist. Dazu muß man quasi das Gesetz mit der Technik verkabeln. Diese Aufgabe haben die EU Signaturrichtlinie, das deutsche Signaturgesetz und die Durchführungsverordnung dazu, sowie eine Reihe von Gesetzen, die bestehende Gesetze so ändern, daß die alte Vokabel \u0026ldquo;Unterschrift\u0026rdquo; zu einem Hook wird, der wahlweise eine traditionelle Unterschrift oder eine digitale Signatur aufrufen kann.\nDazu definiert das Signaturgesetz drei Dinge: Die \u0026ldquo;Einfache elektronische Signatur\u0026rdquo;, die vollkommen nutzlos ist, die \u0026ldquo;fortgeschrittene elektronische Signatur\u0026rdquo;, die man etwa mit PGP oder einer OpenSSL-CA selber generieren kann, und die \u0026ldquo;Qualifizierte elektronische Signatur\u0026rdquo;, die eine solche CA nach bestimmten technischen und organisatorischen Richtlinien betrieben und zertifiziert verlangt.\n","date":"2011-06-03T00:00:00Z","href":"https://blog.koehntopp.info/2011/06/03/einige-kryptographische-grundlagen.html","tags":["kryptographie","talk","publication","security","lang_de"],"title":"Einige kryptographische Grundlagen"},{"categories":null,"content":"Aus recht offensichtlichen Gründen halten sich eine ganze Menge sozialer Netzwerke mehr und mehr für Facebook. Das heißt, sie versuchen da so einen Strom von Statusupdates zu bauen und da dann irgendwelche \u0026ldquo;Mehrwerte\u0026rdquo; mit rein zu mischen.\nDer Grund dafür ist aus der Sicht der Betreiber der Dienste recht offensichtlich: Die Währungen für Werbung sind Anzahl der Unique User pro Tag und die Anzahl der Minuten pro Tag pro User auf der Site. Facebook hat dort unglaublich astronomische Werte, weil die Site konsequent so angelegt ist, daß die User sich regelmäßig einloggen und dann auch dort bleiben. Haupt-Treiber sind Spiele und Chat: Die Spiele sorgen dafür, daß die Benutzer laufend wieder zurückkommen und ihre Kuh klicken . Und der Chat sorgt dafür, daß die User laufend eine Facebook-Seite offen haben, auf der sie im Chat erreichbar sind.\nSites, deren Fokus auf Bewerbungen und Lebensläufen liegt, haben da keinen Stich: So oft wechseln die meisten Leute ihren Job halt nicht. Das macht sich dann in den Minutenstatistiken der Werbeverkäufer nicht so gut - aber man sollte sich trösten: Es ist es nicht so, daß ich oder sonst irgendjemand auf Facebook irgendwas machen würde, was wichtig ist oder Geld bedeutet. Das passiert anderswo. Klar bin ich bei weitem kein Standardnutzer (0 Facebooks Apps, tendenz sinkend), aber ich nutze die verschiedenen Netzwerke zu unterschiedlichen Zwecken und ich bin immer leicht genervt, wenn wieder irgendein Social Network CEO in Panik meint, er müsse seinen Laden in Facebook verwandeln.\nAndererseits ist es so, daß diese anderen Social Networks wegen ihrer Facebook-Fixation den Wert ihrer Daten und den wahren Zweck ihres Daseins nicht erkennen können und daher verzweifelt auf ihren Daten sitzen, anstatt damit etwas Sinnvolles zu tun.\nDa ist zum Beispiel Xing. Xing ist ein \u0026ldquo;Business Netzwerk\u0026rdquo;, also eine Sammlung von Kontaktadressen, verdateten Lebensläufen und Empfehlungsschreiben. Trotzdem hat es nicht nur ungefähr Jahrzehnte gedauert, bis man die Adressdaten seiner Kontakte mal herunterladen und in ein lokales Adressbuch importieren konnte, sondern die ursprüngliche Xing-App für Android kam zum Beispiel ohne Adressbuch-synchronisieren-Funktion heraus. Noch heute ist diese Funktion nicht etwa als Android-Sync-Conduit realisiert und über das normale Setup zu erreichen, sondern Bestandteil der Xing-App mit einem eigenen, inkompatiblen User-Interface.\nMit den Lebensläufen in Xing kann man genau gar nichts anfangen: Xing propagiert kein standardisiertes Austauschformat für Lebensläufe und es ist nicht so, daß man als Xing-User etwa eine digitale Bewerbung an die Personalabteilung einer Firma schießen könnte, die ein Xing-Profil hat. Die Funktion für Empfehlungsschreiben/Referenzen war als externe Anwendung realisiert, hatte die Daten des Lebenslaufes einmal aus Xing importiert und sie dann nie wieder aktualisiert - keine Ahnung, ob das inzwischen behoben ist, ich habe nach diesem Ultrafail das Interesse an der Funktion verloren.\nXing-Connect ist ein U-Boot Projekt und wird auch jetzt immer noch nicht von Xing richtig unterstützt (Und web.de versucht nicht mal, Login-Anbieter zu sein).\nDaß die meisten Xing-Anwender mit der Freigabe von Kontaktdaten in Xing ein wenig sparsam sind, kann man dem Betreiber nicht wirklich anlasten. Deutschland leidet da unter dem Streetview-Effekt: Größter SpannerNutzer in Streetview sind die Deutschen, und die größten Schreihälse betreffend Verpixelung sind sie auch. In etwa das kann man auch bei der Freigabe von Kontaktdaten beobachten.\nXing anlasten kann man dagegen das Fehlen einer Massenänderungsfunktion oder das Fehlen einer Funktion zur Definition von Gruppen und Profilen: Wenn man sich nachträglich entscheidet, etwa allen Kontakten seine Skype-Adresse freigeben zu wollen, dann ist es sehr nervig, sich durch alle 624 Kontakte zu klicken und bei jedem die entsprechende Freigabe zu erteilen. Wie schön wäre es, hätte man eine Funktion zur Definition von Gruppen (\u0026ldquo;Arbeit\u0026rdquo;, \u0026ldquo;Familie\u0026rdquo;, \u0026ldquo;Idioten\u0026rdquo;) und könnte dann jeder Gruppe ein Datenprofil (\u0026ldquo;Skype ja, Business-Telefon ja, privat nicht\u0026rdquo;) zuweisen. Und über die Gruppe \u0026ldquo;Alle\u0026rdquo; global ändern, statt sich die Maus blutig zu klicken.\nPlaxo leistet sehr ähnliches wie Xing hinsichtlich seiner Eigenschaft als Adressbuch - für Android-User im Gegensatz zu iPhone und Blackberry aber nur für Plaxo Premium-User, weil diese Funktion bei Android das Google Contacts Sync benötigt, und das wiederum nur im Plaxo Premium Paket enthalten ist. Schade, Plaxo, wär schön gewesen, wenn Du nützlich gewesen wärest.\nLinkedIn - tja, den Sinn dieser Site habe ich noch nicht ganz verstanden. Wie Xing auch versendet LinkedIn keine elektronischen Bewerbungen und Lebensläufe. Die meisten Leute haben da auch keine sinnvollen Adressdaten drin, die ich zweckmäßigerweise auf das Telefon synchronisieren könnte. Und auch LinkedIn hält sich inzwischen wie Xing für Facebook und kackt mir mit einer Timeline den Bildschirm zu, wenn ich stattdessen doch nur arbeiten möchte.\nDas kaputteste Konzept hat Empire Avenue , denn hier kann man sinnlos Zeit damit versenken , wertlose Anteile an anderen Personen zu kaufen und sein \u0026ldquo;Portfolio\u0026rdquo; zu managen, um dann virtuelle Vergleiche imaginärer Schwänze durchzuführen.\nVielleicht sollten einige der Betreiber dieser Netzwerkdinger einmal anhalten, sich überlegen, was der von ihnen angestrebte Mehrwert ist und dann ihren Mist dahin gehend optimieren, daß sie diesen Mehrwert auch wirklich abliefern - und auf der Site klar ansagen, was sie sein wollen und was nicht.\nNoch ein Facebook brauch ich jedenfalls nicht.\n","date":"2011-05-23T00:00:00Z","href":"https://blog.koehntopp.info/2011/05/23/facebook-oder-was.html","tags":["internet","social networking","lang_de"],"title":"Facebook oder was?"},{"categories":null,"content":"Ein Freund fragte mich nach Konventionen für die Benennung von Tabellen bei der Entwicklung von Schemata für MySQL Datenbanken. Es begann damit, daß er mich fragte, wie man denn wohl eine Relation benennen soll, also eine Hilfstabelle, die zwei Tabellen in einer n:m-Beziehung miteinander verbindet.\nIn einem alten Job hatten wir die unten stehenden Regeln. Sie sind recht willkürlich und man kann sich anders entscheiden, aber wir hatten das so gemacht und es hat gut für uns funktioniert.\nJede Tabelle bekommt einen Namen in Kleinbuchstaben (oder der Server läuft mit lower_case_table_names = 1, was sowieso empfehlenswert ist). Der Name ist ein beschreibendes Wort im Singular. Auf diese Weise hat man weniger Schmerzen, wenn man über eine Query an einem Beispiel diskutiert. Zusätzlich wird für jede Tabelle ein eindeutiges Kürzel definiert.\nBeispiel: Die Tabelle kunde bekommt das eindeutige Kürzel k.\nWir definieren alle Spalten in einer Tabelle mit Namen, die mit dem Kürzel und einem Unterstrich beginnen. Ausnahmen sind Fremdschlüssel, die literal aus der originalen Tabelle übernommen werden. Sie sind dadurch sehr leicht als Fremdschlüssel zu erkennen und die Originaltabelle ist leicht zu identifizeren. Der synthetische Primärschlüssel der Tabelle hat immer den Namen \u0026ldquo;id\u0026rdquo; (mit dem Tabellenprefix, natürlich).\nBeispiel: Die Tabelle kunde (k) hat den synthetischen Primärschlüssel k_id, und Spalten wie k_vorname, k_name. Jeder Kunde gehört zu genau einer firma (f), da wir hier ausschließlich Geschäftskunden modellieren. Es gibt also k.f_id, einen Fremdschlüssel von firma in kunde. Es ist klar, daß aus Effizienzgründen ein INDEX(f_id) in k definiert sein muß, wenn nicht sogar eine Foreign Key Constraint (sofern man diese überhaupt verwenden will).\nRelationen sind entweder nackte Relationen, die nur die Fremdschlüssel der beiden zu verbindenden Tabellen enthalten. In diesem Fall heißt die Tabelle kürzel-kürzel_rel und hat als Primärschlüssel die zusammengesetzten Fremdschlüssel.\nBeispiel: Eine Beziehung zwischen kunde und seminar ist m:n: Ein Kunde kann in mehreren Seminaren sein, und in einem Seminar sind mehrere Kunden. Die Tabelle k_s_rel hat nur die Spalten k_id und s_id, und den Primärschlüsel (k_id, s_id).\nOder Relationen haben eigene Attribute. In diesem Fall bekommt die Relation einen beschreibenden Namen und ein Kürzel, einen eigenen Primärschlüssel und die Fremdschlüsselpaare als unique constraint.\nBeispiel: Die Beziehung zwischen kunde und seminar hat die Flags anreise_am_vortag, abreise_am_folgetag und ein buchungsdatum. Die Relation bekommt den Namen buchung, ein Kürzel bu und eine eigene bu_id. Die Beziehung (k_id, s_id) wird als UNIQUE KEY definiert und modelliert das Fakt, daß jeder Kunde in jedem Seminar nur einmal sitzen kann. Die Flags werden bu_anreise_am_vortag und bu_abreise_am_folgetag sowie bu_datum.\nJede Tabelle bekommt immer eine Spalte \u0026ldquo;changed timestamp\u0026rdquo; (die sich laut MySQL timestamp Magie selbst aktualisiert) und dies ist immer die rechteste Spalte jeder Tabelle. Das erlaubt zwar immer noch kein Change-Tracking (Deletes gehen verloren, Change Tracking geht nur mit dem Binlog richtig), aber es ist sehr nützlich zum Debuggen.\n","date":"2011-05-20T00:00:00Z","href":"https://blog.koehntopp.info/2011/05/20/namensregeln-f-r-schemadesign.html","tags":["mysql","lang_de"],"title":"Namensregeln für Schemadesign"},{"categories":null,"content":" Spackeria? WTF? Auf dem 27C3 hat Constanze Kurz im Jahresrückblock 2010 den Begriff Post-Privacy Spacken (Video, ca. 3 Minuten ab der Startposition ansehen) geprägt.\nSchon einige Zeit vorher - nämlich mindestens seit dem 25C3 - haben ein paar Leute angefangen, sich über den Kontrollverlust zu unterhalten. Michael Seemann (@mspro ) bezeichnet mit diesem weitgefaßten Begriff eine Reihe von Effekten, die das Vorhandensein der Kommunikationsmöglichkeiten des Netzes auf Menschen und Daten hat: Offenbar scheint es unmöglich zu sein, die Verwendung von Daten zu kontrollieren, wenn sie erst einmal existieren und zugreifbar sind. Und offenbar scheint es zu einer ganzen Reihe von emergenten Organisationseffekten zu kommen, wenn Menschen zu Transaktionskosten von Null miteinander kommunizieren können. In seinem Blog hat er eine ganze Reihe von Artikeln, die diese Effekte an Beispielen aufgreifen und ausführen, aber auch eher philosophische Hintergrundüberlegungen zu diesem Thema.\nDen Begriff von Constanze Kurz aufgreifend und neu mit Bedeutung besetzend haben sich ein Haufen Leute unter dem Namen \u0026ldquo;Spackeria\u0026rdquo; zusammengefunden, um Kontrollverluste und Leben in einer Post-Privacy-Gesellschaft zu erörtern.\nMan darf sich das nicht als eine politische Bewegung vorstellen. Die Spackeria ist vielmehr eine lose Forschungsgruppe, die versucht, das Thema \u0026ldquo;Post-Privacy\u0026rdquo; zu erkunden. Entsprechend gibt es auch keine homogene Philosophie oder gar politische Forderungen. Dennoch scheint der Begriff Spackeria inzwischen eine ganze Menge Angst und Schrecken zu verbreiten und viele Leute interpretieren eine politische Komponente in die Spackeria hinein (Wieso eigentlich? - das sehen wir unten: Forderungen ergeben sich eher implizit).\nPiratenpad Chat\nDa einige der Mitglieder der Spackeria außerdem in der Piratenpartei aktiv sind, wird die Spackeria oft als piraten-nah empfunden. Das ist sicher richtig, aber bei den Piraten gibt es auch eine sehr starke CCC-nahe Fraktion, die ich in Ermangelung eines besseren Begriffes und den Geist des Begriffes \u0026ldquo;Spackeria\u0026rdquo; aufgreifend einmal als \u0026ldquo;Aluhut-Träger \u0026rdquo; bezeichnen will. Entsprechend gibt es gerade ein Piratenpad der Aluhut-Fraktion , in dem man kollaborativ eine Gegenbewegung zur Spackeria organisieren will, die man dem traditionellen Datenschutz nahe ansiedeln kann.\n\u0026ldquo;Gegenbewegung\u0026rdquo; gegen etwas zu sein, das keine politischen Forderungen formuliert und sich eher als Forschungsgruppe sieht ist natürlich schwierig. Aber naja, wir werden sehen, was daraus wird.\nWas also ist die Logik der Spackeria? Piratenpad Chat\nDer Gedanke, der wahrscheinlich allen Mitgliedern der Spackeria gemeinsam ist, ist die Beobachtung, daß der Datenschutz politisch und real auf ganzer Linie versagt.\nDer Datenschutz versagt politisch: Im Wikipedia-Artikel \u0026ldquo;Überwachungsstaat\u0026rdquo; findet man eine schöne Übersicht von Dingen, bei denen die Datenschützer ihre Interessen in der Hauptsache nicht oder gar überhaupt nicht durchsetzen haben können. Um von diesem Versagen abzulenken führt man Scheingefechte - etwa gegen Google Maps, Google Analytics , Facebook Like-Buttons und andere für den politischen Datenschutz an sich vollkommen nebensächlichen Ziele.\nVor allen Dingen versagt der Datenschutz aber inhaltlich: Wer wirklich wichtige Dinge zu schützen hat , der kann auf die Bestimmungen und Regelungen des Datenschutzes nicht vertrauen, sondern muß den Schutz seiner Daten selbst in die Hand nehmen - sie also geheim halten. Die Deutsche Telekom formuliert es so:\n\u0026hellip;weil, so wörtlich, \u0026ldquo;eine Veröffentlichung geheimer Daten zum Lebensrisiko\u0026rdquo; gehöre.\nOder direkter formuliert:\nWo es um Dinge geht, die sich direkt auf mein Leben, meine Gesundheit oder mein finanzielles Fortbestehen auswirken können, da brauche ich keinen Datenschutz, sondern da brauche ich ein Geheimnis. Ich kann 2011 keine Dinge mehr über mich an einen geschlossenen Personenkreis oder mit einer Zweckbindung veröffentlichen, sondern ich muß bei allen Daten, die ich direkt oder indirekt produziere oder veröffentliche davon ausgehen, daß sie allgemein verfügbar sind und mit allen anderen Daten verknüpft werden.\nDanach muß ich mein Leben ausrichten.\nDas ist das Credo der Spackeria, der Ausgangspunkt aller weiteren Betrachtungen.\nBelege, die diesen Ausgangspunkt plausibel erscheinen lassen, gibt es genug: Die NPD stellt Volkszähler, Sony verliert Kreditkartendaten in Millionenbündeln, die EU exportiert innereuropäische Kontobewegungsdaten grundlos in die USA, \u0026hellip;\nDer Startpunkt der Spackeria ist also ein entschieden nichtpolitischer, ja fast sogar antipolitischer: Weil der Datenschutz versagt, versagen muß (denn der Kontrollverlust scheint ein dem System inhärentes Merkmal zu sein), weil die Welt also so ist, ich aber in ihr Leben muß, muß ich mein Leben so gestalten, daß ich in so einer Welt leben kann. Das ist ein sehr ehrlicher, wenn vielleicht auch ein wenig zynischer Ausgangspunkt.\nDem Gegenüber stellt die Aluhutfraktion die Forderung, die idealistischen Ziele des Datenschutzes umzusetzen - auch dann, wenn dies technologische Fortentwicklung behindert, und oft auch dann, wenn dies ein rein symbolischer Akt ist oder wenn die tatsächlich wirksame Umsetzung dieser Ziele noch mehr Überwachung erforderlich machen würde.\nWie also kommt die Politik bei der Spackeria ins Spiel? \u0026ldquo;Privatsphäre ist auch der Ort, wo Ehemänner ihre Frauen schlagen.\u0026rdquo; \u0026ndash; Julia Schramm\nDie Spackeria ist der Ansicht, daß man gegen die Entstehung einer Datenspur nichts tun kann. Der Grünen-Poltiker Malte Spitz hat dies sehr deutlich gemacht, indem er die Vorratsdaten seines Mobiltelefons genommen und sein Leben anhand der Vorratsdatenspeicherung für DIE ZEIT visualisiert hat . Mit weniger ad-hoc gestrickten Werkzeugen wie Geotime kann man dies noch besser tun und auch die Daten aus mehreren Datenquellen zusammenführen.\nDabei muß man sich vor Augen führen, daß nicht das Zeit-Tool und auch nicht Geotime das Problem sind - sie sind nur Werkzeuge, die aus den sowieso vorhandenen Daten nette Grafiken machen. Die Daten fallen sowieso an, und sie fallen an, weil sie für das Funktionieren all der netten dienstbaren Geister in unserem Leben zwingend notwendig sind. Gegen diese Werkzeuge an zu kämpfen bedeutet den Boten wegen seiner Nachricht zu töten, ändert aber überhaupt nichts an der Lage.\nBemerkenswert auch, daß Malte Spitz für die Erlangung seiner Daten eine Klage nach dem Informationsfreiheitsgesetz gegen die Telekom hat führen müssen - der Telekom war schon klar, was sie da hat und warum sie nicht möchte, daß diese Daten in einer ansprechenden grafischen Form aufbereitet werden.\nDieselben Daten fallen auch auf meinem Mobiltelefon selber an. Ich nehme sie, und publiziere sie auf Google Latitude. Eine Reihe von Personen kann dadurch sehen, wann ich wo bin, wo ich eingecheckt bin und welche anderen Personen dort ebenfalls eingecheckt sind. Meiner Meinung nach nutzen zu wenige meiner Freunde Latitude - viele Verrichtungen meines Lebens wären sehr viel leichter zu organsieren, wenn der Dienst populärer wäre.\nSo kommt es, daß ich auf das Anfallen der Daten keinen Einfluß habe - die Daten sind für den Betrieb eines Mobiltelefons zwingend notwendig: damit der Anruf an das Telefon durchgestellt werden kann, muß das Netz und der Netzbetreiber wissen, wo ich gerade bin. Zugleich kann ich die qualitativ hochwertigen Daten nicht selber nutzen, sondern muß den Akku meines armen Mobiltelefons damit schnell-leeren, daß ich außerdem noch einen GPS-Empfänger betreibe - ich habe die Kontrolle über meine eigenen Location-Datensätze beim Netzbetreiber nicht und es erfordert einen Prozeß gegen den Netzbetreiber um sie zu bekommen. Und zugleich habe ich keine Kontrolle darüber, was genau mit diesen Datensätzen durch Dritte gemacht wird. Dies ist ein Aspekt des Kontrollverlustes, dessen zahlreiche Facetten Michael Seemann so ausführlich diskutiert.\nAnders herum merkt die Spackeria an, daß Datenschutz gerne mißbraucht wird, um Intransparenz zu erzeugen und Mauscheleien zu verbergen. Das Beispiel des heutigen Tages findet sich in Internet-Provider als “virtuelle Grenzübergänge”? (auch noch aus anderen Gründen ein interessanter Artikel):\nObwohl der “Experte”, der die Präsentation hielt, von der ungarischen Präsidentschaft eingeladen war, und die Präsentation von 27 Mitgliedstaaten und der EU-Komission besucht wurde, wird der Name des Vortragenden nicht veröffentlicht – angeblich, um seine Privatsphäre zu schützen.\nDie Spackeria behauptet nun, daß wir gesamtgesellschaftlich wahrscheinlich eine ganze Menge gewinnen können, indem wir alle gesellschaftlichen Prozesse offenlegen.\nDie politische Forderung der Spackeria, wenn sie denn also überhaupt eine hat, ist radikale Transparenz und sie setzt dies dem radikalen Datenschutz der Aluhut-Träger entgegen.\nDas ist - eigentlich - gar nicht so weit weg von den Positionen des CCC, der schon seit je her fordert \u0026ldquo;Private Daten schützen, öffentliche Daten nützen\u0026rdquo;. Der Unterschied, und die politische Debatte, geht mehr darum, was genau denn nun Privat ist und ob sich diese Grenzziehung in 2011 noch aufrecht erhalten ließe - dort gibt es eine Menge Streitpunkte zwischen den beiden Gruppierungen.\nDie Sorge der Aluhutfraktion richtet sich dabei im Grunde auf das entstehende Machtgefälle. Ein Standardszenario in diesem Dialog: Wenn ein Arbeitgeber von allen potentiellen Bewerbern wissen könnte, was sie so für Krankheiten und Risiken mit sich tragen, dann hätten Bewerber mit gewisser Vorgeschichte bei einer Bewerbung schlechtere Karten (oder solche mit einer mißbeliebigen Handschrift ). Darum müssen solche Informationen geschützt werden.\nAndererseits, so die Standard-Antwort der Spackeria, kann man dieses Machtgefälle auch dadurch aufheben, indem man beiden Seiten Transparenz auf gleicher Ebene verordnet: Der Arbeitgeber muß seinen Besetzungs- und Auswahlprozeß genau so offen legen wie der Arbeitnehmer seine Daten, und dann werde man schon sehen, wie lange Unternehmen sich solche Praktiken im Lichte der öffentlichen gesellschaftlichen Diskussion erlauben können.\nIch glaube, daß man ähnliche Beispiele in vielen anderen Situationen ebenfalls erfolgreich konstruieren kann - \u0026ldquo;Positionen von Frauenhäusern müssen geheim gehalten werden\u0026rdquo; \u0026ldquo;Andererseits: Wenn die Records von Überwachungskameras, automatischer Kennzeichenerfassung und Handy-Positionsdaten auch öffentlich wären, müßten sie das wahrscheinlich nicht.\u0026rdquo; und so weiter.\nWichtig sei für eine Diskussion auf Augenhöhe, so die Postion der Spackeria, nicht so sehr der Grad der Offenlegung, sondern der gleiche Grad der Offenlegung bei allen beteiligten Parteien. Und es sei das Licht der Transparenz und nicht die geheimniskrämerische Mauschelei des datengeschützten Geheimnisses, das die Weiterentwicklung einer Gesellschaft als Ganzes befeuere. Und habe man auch nichts gegen die emergenten Effekte der Techniknutzung, die von Leuten wie mspro unter dem Begriff \u0026ldquo;Kontrollverlust\u0026rdquo; zusammengefaßt werden.\nDas meinen die ernst? Was denkst Du, Kris? Ich denke, das die Ausgangsposition der Spackeria eine sehr sinnvolle und realistische ist. Ich kann nicht erkennen, daß der Datenschutz in Deutschland gesetzgeberisch sinnvolle Ergebnisse erzielt hat - in allen wichtigen Fragen, die auf der Wikipedia-Überwachungsstaat-Seite so schön zusammengefaßt sind, hat er in der Tat versagt.\nWenn Scott McNealy 1999 gesagt hat, \u0026ldquo;You have zero privacy anyway, get over it \u0026rdquo;, dann ist das die politisch weniger freundliche, wenn nicht sogar zynische Art, genau diesen Sachverhalt zu formulieren. Die Konsequenz aus diesem Ausgangspunkt formuliert Eric Schmidt zehn Jahre später, genau so zynisch und direkt, und genau so korrekt: \u0026ldquo;If you have something that you don\u0026rsquo;t want anyone to know, maybe you shouldn\u0026rsquo;t be doing it in the first place.\u0026rdquo;\nAuf eine Weise ist das genau der Punkt, bei dem es um radikale gegenseitige Transparenz vs. radikale Privacy geht. Die einen sagen: \u0026ldquo;Indem wir alle gegenseitig Offenlegen, haben wir die Möglichkeit zu erkennen, daß wir alle nicht immer perfekt sind, und wir haben die Wahl, daran entweder zu wachsen und bessere Menschen zu werden, oder zu lernen einander zu vergeben.\u0026rdquo; (Das ist Schmidt) Die anderen sagen: \u0026ldquo;Das ist eine gefährliche Utopie und mir zu risikoreich, ich will da nicht mitmachen.\u0026rdquo; (Das sind die, die sich über Schmidt aufregen) Und die Technik sagt: \u0026ldquo;Ich funktionier halt so, ihr könnt gerne unrealistische Annahmen machen, mir egal. Das tut es halt mehr weh, wenn ihr lernt.\u0026rdquo; (Das ist McNealy)\nInsofern halte ich mich aus der Diskussion raus - McNealy hat Recht, und es ist nicht notwendig, ungefragt viel dazu zu sagen, wenn ich schon vorher sehen kann, welche Erfahrungen alle im Laufe der Zeit machen werden.\nUnd lebe mein Spacko-Leben: Ich persönlich habe auch mein ganzes Leben lang sehr positive Erfahrungen damit gemacht, mich zu publizieren.\nMir ist klar, daß ich als jemand, der von der Arbeit mit Technik lebt, nicht umhin kann, eine kilometerbreite Datenspur über diesen Planeten zu legen, wenn ich in der Lage sein will, meinen Job gut zu machen. Das Beste, was ich tun kann, ist das Highlight auf diesen Daten so zu setzen und die Interpretationen meiner Daten anzulegen, daß sie ein positives Licht auf mich als Person werfen.\nIn diesem Sinne bin ich ein Post-Privacy-Spacko. Schon immer gewesen: auch dann, wenn ich mich nicht an der Diskussion beteilige und auch damals, als es den Begriff noch nicht gab, habe ich wie einer gelebt - leben müssen. Und halte Popcorn bereit.\n","date":"2011-05-12T00:00:00Z","href":"https://blog.koehntopp.info/2011/05/12/von-der-spackeria-von-aluhueten-und-vom-kontrollverlust.html","tags":["ccc","privacy","identity","internet","politik","privacy","spackeria","lang_de"],"title":"Von der Spackeria, von Aluhüten und vom Kontrollverlust"},{"categories":null,"content":" Eine typische Handyrechnung 2011.\nDie Realitäten des Jahres 2011 in Bezug auf die Nutzung von portablen Peilwanzen. Das Rote da ist eine 5G/Mo \u0026ldquo;Flat\u0026rdquo; mit Tethering, für unter 20 EUR. Die Leute, die ich kenne, benutzen mehr Twitter, Skype und Google Voice als SMS oder gar GSM Voice.\n","date":"2011-05-10T00:00:00Z","href":"https://blog.koehntopp.info/2011/05/10/handyrechnung.html","tags":["internet","mobiltelefon","lang_de"],"title":"Handyrechnung"},{"categories":null,"content":"Im September 1987 wurde die Version 11 des X-Protokolls erfunden. Damals war alles schlimm: Wir hatten keinen Speicher, keine leistungsfähigen CPUs, keine Fonts, schon gar keine Vektorfonts, keine Farbe, schon gar keine Echtfarbe ohne Paletten, keine Transparency und vor allen Dingen keine Ahnung.\nX11 war für Unix das Displaysystem der Wahl. Es macht eine ganze Menge Dinge falsch: Zum Beispiel lebt es unter der Annahme, daß das Grafiksubsystem des Rechners keine Rechenpower und wenig Speicher hat. So definiert es dann auch einen Haufen Zeichenprimitive, die kilometerweit unter den Bedürfnissen eines Fenstersystems liegen und läßt den Windowmanager auf der anderen Seite des Netzwerkes als X11-Anwendung laufen. Es hat per Default Double Buffering abgeschaltet und zeichnet per Default auch auf dem sichtbaren Screen statt auf einem Offscreen-Puffer, der dann eingeblittet oder besser noch eingeblendet wird. Von 3D und OpenGL hat es so gar keine Ahnung. Was heute, in 2011, auf dem Bildschirm herum malt ist nur der Form halber noch X11, in Wirklichkeit sind es aber meistenteils in X11-Extension verpackte Spezialcalls, die mit X11 fast nichts mehr zu tun haben.\nUnd es ist langsam. Wenn wir einen modernen Bildschirm mit X11 über das Netzwerk raus sharen, dann stirbt X11 den Latenztod - formal ist X11 netzwerktransparent, aber in Wirklichkeit ist nichts an dem Protokoll besonders geeignet oder schlau, wenn es darum geht, Daten über das Netzwerk zu schaufeln. Andere Protokolle sind inzwischen weitaus besser geeignet, Bildschirme über Netz zu exportieren: Selbst das halbtote VNC ist in der Regel schneller und besser als X11, RDP und NX sind sogar richtig gut da drin.\nIn diesem Sinne: XFree86 hat keine Comitter mehr. Der X.org Fork hat das Projekt vor Jahren abgelöst und so die Firmen, die versucht haben, das X-Consortium zu Tode zu kontrollieren, entmachtet. Aber auch X.org verliert an Bedeutung: Wayland ersetzt es gerade. Was gut ist, weil dann ein Haufen alter Scheiß rausfliegt und man dann auch für den häufigen Fall - lokales Display mit Hardware Acceleration - optimieren kann.\nNachtrag: Um den Kommentatoren unter diesem Artikel einmal ein wenig weiter zu helfen, hier ein paar Dinge zum Nachlesen.\nWayland Architecture Overview - das erklärt die Anordnung der Dinge, wie sie vor Wayland gelaufen sind und wie sie Wayland realisiert.\nModerne Desktops in Linux verwenden einen Compositor wie Compiz .\nModerne Grafikhardware hat 3D Beschleuniger. Ein 3D-Beschleuniger verwendet eine Tile (Kachel), um damit die Kanten von dreidimensionalen Objekten zu bemalen. Die Hardware projeziert, skaliert und verformt dabei die Tile so, daß sie auf die Seite des 3D-Objektes abgebildet wird. Wenn das dreidimensionale Objekt eine rechteckige Leinwand ist, die nicht skaliert und verformt ist, dann wird die Kachel per Hardware 1:1 auf der Leinwand abgebildet und man hat einen Bildschirm, dessen Fenster-Rechtecke per Hardware mit den Inhalten verschiedener unabhängiger Grafikpuffer gefüllt wird. Diese Puffer zu verwalten und mit Effekten zu dekorieren ist die Aufgabe eines Compositors. X11 weiß nichts von Compositors, die X11-Erweiterung für Compositors schleust bloß Bitmaps sinnlos durch den X11-Server. Da kommt Latenz her.\nDer erste Ansatz um Compositors unter X11 zum Laufen zu bringen war Xgl . Xgl ist die Scheißidee, einen X-Server unter einem X-Server laufen zu lassen. Dabei steuert der äußere X-Server die Grafikhardware, der innere dann das Zeichnen mit X (das sowieso niemand mehr verwendet).\nModerne X-Server verwenden AIGLX . Das ist eine Methode, bei der man essentiell dem X-Server sagt: \u0026ldquo;Okay, Du kannst da jetzt rumstehen und nix tun, aber dieses Rechteck da zeichnet jetzt jemand anders als Du, nämlich OpenGL.\u0026rdquo;. Wayland komplettiert diesen Schritt nur, indem es den Default richtig rum setzt: Es räumt den X-Server, der sowieso nicht mehr verwendet wird, aus dem Weg.\nQt und GTK haben Wayland-Support. Beide Toolkits malen schon seit längeren fertige Tiles - X-Primitives verwendet schon lange niemand mehr, weil sie zu scheiße aussehen und auch nicht portabel auf Windows-, Mac- oder Handy-Hardware sind. Die Tiles werden dann entweder mit X11 oder eben direkt in Wayland zum Compositor geshipped, der daraus einen Bildschirm mit Fenstern macht. Qt kann sogar zur Laufzeit den Shipping Mechanismus zwischen X11 und Wayland umschalten.\nDie Executive Summary ist: X11 ist schon länger tot. Es ist durch Extensions zu einem recht ineffizienten Durchreich-Mechanismus für Tiles (Pixmaps) geworden. Es kontrolliert auch nicht mehr die Hardware - einer Usermode-Anwendung root-Rechte zu geben, damit sie in Grafikkarten-Register poken kann ist sowieso galoppierender Unsinn gewesen und Kernel Mode Setting hat das zum Glück überflüssig gemacht.\nWayland streut nun die Blumen auf das Grab und schaufelt endlich die Erde drauf. Es ruhe in Frieden.\n","date":"2011-05-10T00:00:00Z","href":"https://blog.koehntopp.info/2011/05/10/x11-auf-dem-weg-nach-drau-en.html","tags":["computer","linux","lang_de"],"title":"X11 auf dem Weg nach draußen"},{"categories":null,"content":"\u0026ldquo;Daemon\u0026rdquo; german , english , Daniel Suarez, EUR 9.90, 640 Seiten\n\u0026ldquo;Freedom™\u0026rdquo; german , english , Daniel Suarez, EUR 9.99, 480 Seiten\nAls ich Daemon in die Hand bekam, hatte ich ein bischen Angst vor dem Dan Brown Effekt - von Digital Fortress konnte ich nur die ersten 10 Seiten oder so lesen, bevor ich den sinnlosen Technobabble nicht mehr ertragen habe. \u0026ldquo;Rotating Plaintext Cipher\u0026rdquo; my ass - und ich bin da nicht allein lese ich. Der Klappentext des Buches hilft dabei auch kein Stück.\nNun ist Daemon sicher kein Buch, das gut altern wird. Dazu ist es technisch viel zu konkret. Aber zu meiner grenzenlosen Verwunderung ist die Technik in dem Buch zwar übertrieben leistungsfähig (immerhin ist es ein Zukunftsroman), aber korrekt oder wenigstens sinnvoll. Das Buch strengt meine SoD nicht sehr an.\nWie dem auch sei: Daemon ist schnell erzählt. Der stinkreiche Spieledesigner Matthew Sobol stirbt, und sein Erbe aktiviert eine Maschinerie, die er geschaffen hat und die eine zunächst sinnlos erscheinende Kette von Ereignissen in Gang setzt. Sobol hinterläßt den Daemon, ein verteiltes System von Software-Agenten, die auf vordefinierte Ereignisse in den Medien reagieren und Folgeaktionen auslösen. Wie sich herausstellt, ist die Aufgabe des Daemons zunächst, sich Geld, Technologie und Menschen anzueignen und sich so natürliche Intelligenz und realweltliche Machtmittel zu verschaffen. Gegen Ende des Buches stellt sich heraus, daß der Daemon eine Gegengesellschaft zur existierenden Gesellschaft erschafft, die auf Vernetzung und angewandter Spieltheorie und Spieldesign basiert.\nIn \u0026ldquo;Daemon\u0026rdquo; wird die Freisetzung des Daemons beschrieben, und wie sich dadurch die Schicksale einiger Protagonisten miteinander verknüpfen. Der Scifi-Aspekt der Geschichte konzentriert sich dabei ganz klar auf die Legitimierung und Entwicklung der Technik des Daemons und die Etablierung seiner Machtbasis.\nDer zweite Teil, Freedom™, schwenkt dann von technischer Science-Fiction auf Gesellschaft und Gesellschaftskritik um, und bringt es dabei fertig, weitaus besser und wahrscheinlich auch haltbarer zu werden. Suarez liefert hier eine Art aktualisierte Version des Shockwave Riders ab.\nDer Schockwellenreiter von John Brunner ist ein Buch von 1975 und einer der visonärsten Science Fiction-Romane aller Zeiten. Er nimmt eine ganze Menge moderner Konzepte vorweg zu einer Zeit, in der die meisten Menschen noch nicht einmal einen Computer hatten oder gar von Computern wußten - ein weltumspannendes Datennetz, der Computer-\u0026ldquo;Wurm\u0026rdquo;, Crowdsourcing und Zukunftsvorhersage durch Crowdsourcing, Burnout (\u0026ldquo;Overload\u0026rdquo;) und den Mißbrauch von Psychopharmaka, Identitätsdiebstahl und die Unterwanderung wirtschaftlicher und staatlicher Organisationen durch das organisierte Verbrechen sowie das Konzept des Datenschutzes (genauer: Seine Pervertierung - denn im Schockwellenreiter haben nur Firmen und Angehörige der korrupten herrschenden Klasse Privacy und mißbrauchen diese um ihre Machenschaften zu verschleiern). Und Wikileaks, auf eine seltsame Weise.\nAber wo der Schockwellenreiter - notgedrungen - visionär bleibt oder große Sprünge macht, um die lästigen Details auszusparen, da malt Freedom™ das Bild weitaus detaillierter aus. Teilweise so detailliert, daß man glaubt, unter dem Aufdruck \u0026ldquo;Roman\u0026rdquo; auf dem Cover ein hastig übermaltes \u0026ldquo;Manifest\u0026rdquo; erkennen zu können.\nUnd so läuft eine direkte Linie von Naomi Klein zu David Brin und von Eisenhower zu Wikinomics und zu MakerBots, mit dem Schockwellenreiter und seinem Update, Freedom™. ungefähr an der Kreuzung dieser Linien.\n","date":"2011-05-08T00:00:00Z","href":"https://blog.koehntopp.info/2011/05/08/fertig-gelesen-daemon-freedom.html","tags":["book","review","media","politik","scifi","lang_de"],"title":"Fertig gelesen: Daemon, Freedom™"},{"categories":null,"content":"\u0026ldquo;Out of the Black \u0026rdquo;, Lee Doty, 2.93 USD\nIn \u0026ldquo;Out of the black\u0026rdquo; wirft Lee Doty den Leser in ein Universum, das dem unseren ähnlich, aber doch von unserem verschieden ist. Und hinter dem eine magische Unterwelt existiert, der \u0026ldquo;Loom\u0026rdquo;, der je nach Kundigkeit des Benutzers genutzt werden kann. um profunde Effekte in der Welt der Menschen zu bewirken.\nOhne weitere Erklärungen und ohne große Einführung begegnen wir einem Ermittler einer Mordkommission, einer Krankenschwester und einem Geek und erleben, wie ihre scheinbar sichere Welt durch einen Krieg alter magischer Clans aus den Fugen gehoben und verändert wird. \u0026ldquo;Out of the black\u0026rdquo; ist gerade am Anfang ein wenig anstrengend zu lesen, aber nachdem man sich ein wenig Kontext erarbeitet hat, landet man in einer Geschichte, die ich gerne als ein gut erzähltes World of Darkness Mage-Abenteuer gespielt hätte - ein Clankrieg, ein alter Meister, der einen fatalen Fehler macht, eine Hellboy-Geschichte, und ein Haufen nicht ganz wehrloser Zivilisten mittendrin, die nun mit dem Leser zusammen die Magie der Welt entdecken.\n","date":"2011-05-08T00:00:00Z","href":"https://blog.koehntopp.info/2011/05/08/fertig-gelesen-out-of-the-black.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: Out of the Black"},{"categories":null,"content":"\u0026ldquo;The Second Ship \u0026rdquo;, Richard Phillips, 0.71 USD\n\u0026ldquo;Immune \u0026rdquo;, Richard Phillips, 3.69 USD\nRichard Phillips The Second Ship könnte eine langweilige Area 51-Geschichte sein. Aber für den Kindle-Preis von nur 71 US-Cent bekommt man eine spannende Coming-Of-Age -Geschichte dreier Teenager in New Mexico, und einen netten neuen Blinkwinkel auf Roswell.\nWährend das Militär in Area 51 seit Jahren an dem inerten Schiff forscht, das bei Roswell gefunden worden ist und nur sehr langsam und mühselig Fortschritte macht, finden drei Teenager in einer Höhle nahe der originalen Absturzstelle das zweite Schiff - und im Gegensatz zu dem ersten Schiff hat es noch Energie!\nDie beiden Schiffe waren im erdnahen Weltraum in einen Kampf verwickelt und repräsentieren zwei generische Parteien in einer offenbar größeren interstellaren Auseinandersetzung, mit grundsätzlich unterschiedlichen Philosophien und unterschiedlicher Technologie. Den Forschern und Militärs gelingt es, Teile der Systeme des ersten Schiffes wieder in Betrieb zu nehmen und der außerirdischen Technologie einige wichtige Geheimnisse zu entreißen - oder ist das Ganze Teil eines außerirdischen Plans, die Erde mit bestimmten Technologien zu unterwandern und sie von ihr abhängig zu machen? Unterdessen verwandeln sich die Teenager und Entdecker des zweiten Schiffes unter dem Einfluß der Technologien dieses Schiffes langsam in etwas anderes, fremdartiges.\nDer zweite Teil ist die Fortsetzung der Geschichte, und more of the same, only different.\nLeichte Kost, und zu dem Preis kann man einfach nichts falsch machen.\nDer dritte Teil, \u0026ldquo;Wormhole\u0026rdquo; ist noch nicht erschienen.\nWebsite des Autors ","date":"2011-05-08T00:00:00Z","href":"https://blog.koehntopp.info/2011/05/08/fertig-gelesen-the-rho-agenda-the-second-ship-und-immune.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: The Rho Agenda (The Second Ship und Immune)"},{"categories":null,"content":" \u0026ldquo;Kris, kannst Du bitte mal gucken?\u0026rdquo;\nSeit heute morgen, 10:00 Uhr, wächst das Undo-Log immer weiter an.\nImmer wenn InnoDB Daten schreibt wird die alte Version einer Zeile aus der Tabelle in das Undo-Log verschoben, also physikalisch von der ibd-Datei der Tabelle in die ibdata1 im Datadir von MySQL. In der Tabelle wird in der veränderten Zeile ein Zeiger von der neuen Version auf die alte Version der Zeile im Undo-Log installiert, der Roll(back)-Pointer. Die alte Version im Undo-Log zeigt mit ihrem eigenen Roll-Pointer auf eine noch ältere Version derselben Zeile und so weiter - es entsteht für jede Zeile in der Datenbank eine lineare Liste von Versionen in die Vergangenheit einer Row.\nDer InnoDB Purge Thread hat die Aufgabe, das Undo-Log zu verkürzen. Wenn er das nicht tut, dann sieht das so aus wie oben im Graphen gezeigt. Dafür kann es zwei Gründe geben: Purge Lag - also mehr Writes als der Purge Thread wegschaffen kann. Oder lang laufende Transaktionen. Denn der Purge Thread kann nur dann eine Zeile aus dem Undo-Log streichen, wenn es keine aktive Transaktion mehr im ganzen System gibt, die älter ist als die zu streichende Zeile.\nDas ist die weitaus wahrscheinlichere Fehlerquelle. Wie also finden wir den Schuldigen?\nmysql\u0026gt; pager grep ACTIVE mysql\u0026gt; show engine innodb status\\G ... ---TRANSACTION A90E003AB, ACTIVE 16830 sec, process no 12098, OS thread id 1749563712 ... mysql\u0026gt; pager mysql\u0026gt; show engine innodb status\\G ... ---TRANSACTION A90E003AB, ACTIVE 16830 sec, process no 12098, OS thread id 1749563712 3 lock struct(s), heap size 1248, 2 row lock(s), undo log entries 1 MySQL thread id 146473882, query id 4156570244 mc02cronapp-01 192.168.1.10 cron_bp Trx read view will not see trx with id \u0026gt;= A90E14DE8, sees \u0026lt; A90E14DE8 ... Ein Cronjob hängt also in einer offenen Transaktion seit geraumer Zeit fest? Mehr Informationen bekommen wir aus der Prozeßliste:\nmysql\u0026gt; pager grep cron mysql\u0026gt; show processlist; ... | 146473882 | cron_bp | mc02cronapp-01:50154 | bp | Sleep | 16434 | ... Ein Login auf der mc02cronapp-01 und ein \u0026ldquo;lsof -i -n -P | grep 50154\u0026rdquo; zeigt schnell: Mitnichten ein Cronjob. Ein User hat einen MySQL Kommandozeilenclient gestartet und eine manuelle Verbindung und Transaktion offen gelassen. Ein \u0026ldquo;KILL 146473882\u0026rdquo; auf den Thread in MySQL trennt die Verbindung und der Purge Thread kann seine Arbeit fortsetzen, ein Sysadmin mit einem Cluebat kann zu dem User dispatched werden.\nDas Undo-Log ist Teil der ibdata1-Datei. Diese startet mit einer Größe von 10M und wächst per Default in Schritten von 8M im autoextend-Modus. Lang laufende Transaktionen, die den Purge Thread anhalten, führen zu einem Wachstum der ibdata1. InnoDB schrumpft Dateien niemals, und es gibt auch keine Methode, das zu tun - zwar wird der Platz in der Datei freigegeben und später wieder genutzt, aber für das Betriebssystem ist der Platz verloren.\n[root@mc01bpmdb-01 ~]# cd /mysql/bp/data [root@mc01bpmdb-01 data]# ls -lh ibdata* -rw-rw---- 1 mysql mysql 1.3G Apr 28 14:50 ibdata1 ","date":"2011-04-28T00:00:00Z","href":"https://blog.koehntopp.info/2011/04/28/mysql-undo-log.html","tags":["database","innodb","mysql","lang_de"],"title":"MySQL Undo Log"},{"categories":null,"content":" Ich glaube, von allen Teilen der Musik- und Unterhaltungsindustrie ist die Marke \u0026ldquo;Sony\u0026rdquo; mit allen ihren Armen und Seitengeschäften noch vor \u0026ldquo;Disney\u0026rdquo; eine der Firmen, die das Image von \u0026ldquo;Das ist der Feind\u0026rdquo; am Besten verkörpern.\nDie tatsächliche Sachlage ist kompliziert, aber das Image ist grundlegend verbrannt und erholt sich irgendwie auch nicht.\nEin Teil von Sony hatte in 2005 Rootkits auf den Rechnern ihrer Kunden installiert . Seither geht es Schlag auf Schlag, damit das Image des Namens gleichmäßig bleibt:\n2008 - Connect Online DRM-Server Abschaltung und Kunden-im-Regen-stehen-lassen . 2010 - Retroaktives canceln der Linux-Installationsoption für PS/3 , die Hatz gegen Geohot und potentiellen Helfern , und jetzt PSN gehackt und Anonymous will es nicht mal gewesen sein. Als ich vor zwei Leben einmal einen Security-Job hatte wurde mir recht schnell klar, daß man eine Security effektiv nicht sinnvoll gegen die Leute umsetzen kann, mit denen man dort arbeiten muß. Es ist also notwendig, auf eine positive und konstruktive Weise mit den Subjekten seiner Security Policy (vulgo: \u0026ldquo;Der Community\u0026rdquo;) zusammenzuarbeiten. Der PSN-Hack ist irgendwie ein Symptom von Sonys systematischen Fail sich eine Community aufzubauen oder ihr Image in den relevanten Kreisen aufzupolieren.\n","date":"2011-04-27T00:00:00Z","href":"https://blog.koehntopp.info/2011/04/27/wenn-man-sony-ist-hat-man-es-nicht-leicht.html","tags":["hack","security","sony","lang_de"],"title":"Wenn man Sony ist, hat man es nicht leicht"},{"categories":null,"content":"Dropbox ist in den letzten Tagen und Wochen ein wenig seltsam in die Schlagzeilen geraten.\nDa ist einmal der Artikel von Derek Newton: Dropbox Authentication: Insecure by design :\nAfter some testing (modification of data within the config table, etc) it became clear that the Dropbox client uses only the host_id to authenticate. Here’s the problem: the config.db file is completely portable and is not tied to the system in any way. This means that if you gain access to a person’s config.db file (or just the host_id), you gain complete access to the person’s Dropbox until such time that the person removes the host from the list of linked devices via the Dropbox web interface.\nDann ist da die Änderung der TOS, die vorher ein wenig irreführend formuliert waren: Vorher konnte man die TOS so lesen, daß die Dropbox-Dateien auf den Dropbox-Servern verschlüsselt gespeichert werden und Dropbox selber keine Kopien dieser Schüssel hatte. Das ist natürlich nicht der Fall: Für den Betreiber ist das alles Klartext, wenn er denn nur will.\nUnd er will :\nWe may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement. However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox.\nUnd schließlich nun: Dropbox Tries To Kill Off Open Source Project With DMCA Takedown . Diese Geschichte ist recht interessant, denn sie beleuchtet eine Inkonsistenz in den Behauptungen von Dropbox - und hat mit der Verschüsselung aus dem vorhergehenden Fall zu tun.\nDropbox speichert Dateien. Die meisten Leute haben Dateien, die auch andere Leute haben. Das ist schon deswegen so, weil ein guter Teil von Dropbox sich ja um Kollaboration, also das Teilen von Dateien miteinander dreht. Das können Unterlagen einer Wohnungseigentümergemeinschaft betreffend eine Dachsanierung sein, oder halt ein paar MP3-Dateien.\nWenn man nun also eine Datei auf Dropbox hoch lädt, dann berechnet der Client eine Prüfsumme und lädt erst einmal diese hoch.\nAbkürzung beim Datei-Upload, wenn die Datei schon bei einem anderen Dropbox-Kunden liegt.\nExistiert eine Datei mit dieser Prüfsumme, dem passenden Datum und Namen schon auf den Servern von Dropbox, dann muß Dropbox die Datei selber gar nicht mehr bekommen, denn Dropbox hat ja bereits passende Daten. Es genügt also serverseitig, die Datei auf dem Dropbox-Server für diesen Kunden sichtbar zu machen. Das ist schnell, spart Bandbreite und für Dropbox spart es Speicherplatz. Genau genommen macht es Dropbox wahrscheinlich überhaupt erst rentabel, denn andernfalls würde viel zu viel Plattenplatz verbraucht werden.\nDie Werkzeuge von Drittanbietern, gegen die Dropbox dort vorgeht, tun nun folgendes: Sie \u0026lsquo;wissen\u0026rsquo; Prüfsummen und senden diese Prüfsummen an die Dropbox-Server, ohne daß der Anwender diese Dateien auf seiner lokalen Platte hat - der Client behauptet also, die Daten zu haben und zeigt eine Prüfsumme vor, hat die Daten in Wahrheit aber gar nicht.\nDropbox macht diese Dateien dann für den Benutzer dieses Tools sichtbar, wenn Dropbox diese Datei überhaupt in irgendeinem Useraccount hat. Man kann also eine Datei-Prüfsumme etwa eines MP3-Verzeichnisses twittern, und jeder kann mit diesem Tool und der Prüfsumme, die er über Twitter erhalten hat, dann diese MP3s in seine Dropbox importieren und sie sich dann runterladen. Klar, daß Dropbox das doof findet.\nDas wäre technisch relativ leicht korrigierbar: Dropbox kennt ja die Datei, und ihre Länge. Dropbox kann also den Client nach einem Sample der Daten oder einer zweiten Prüfsumme über ein Sample der Daten fragen, und dabei das Sample aus der ganzen Datei über einen variablen, zufällig bestimmten Bereich legen. Wenn ich also behaupte, das Album \u0026ldquo;Sascha Lobo singt\u0026rdquo; zu haben und die Prüfsumme dafür vorzeige, dann gibt Dropbox mir die Dateien erst, wenn ich die Prüfsumme über die Bytes von Offset 4826267 bis 4826267+4096 dieser Datei berechnet habe. Wenn Du das machst, wird stattdessen die Prüfsumme über einen anderen Bereich verlangt. Auf diese Weise kann Dropbox leicht prüfen, ob der Client wirklich im Besitz der Daten ist, die er behauptet zu haben.\nNun sollte einmal das Denken einsetzen. Ich erzeuge also eine Datei mit den Inhalt \u0026ldquo;Hallo, Welt!\u0026rdquo;.\nWenn ich diese Datei mit meinem Key verschlüssele, dann sieht die Datei so aus:\nKK:~ kris$ openssl enc -e -k g33k -aes-128-cbc -base64 -in /dev/stdin Hello, World! U2FsdGVkX19isizbD981L7EOV+1Ou8O4xhBMQqDo3nw= Wenn Du das machst, dann ist der Inhalt der Datei offensichtlich anders:\nKK:~ kris$ openssl enc -e -k s3cr3t -aes-128-cbc -base64 -in /dev/stdin Hello, World! U2FsdGVkX18Fqrwp51fq8Y23MBas01+z4gJBdFs+vWE= Beide Dateien haben offensichtlich unterschiedliche Prüfsummen, wenn man verschlüsselten Content betrachtet. Die Prüfsumme muß also über den unverschlüsselten Content berechnet werden, damit das vergleichbar wird. Für den Client ist das leicht, da die Daten ja auf meiner und Deiner Platte für den Client unverschlüsselt vorliegen.\nDanach stellt mir Dropbox die Datei auf dem Server zur Verfügung, wenn ich die passende Prüfsumme vorzeigen kann. Ich kann die Datein dann runterladen, mit meinem Schlüssel verschlüsselt. Das heißt, die Daten, die angeblich verschlüsselt auf dem Dropbox Server liegen, können mit meinem und mit Deinem Schlüssel verschlüsselt runtergeladen werden. Dropbox speichert die Daten physikalisch auch nur einmal, um Speicherplatz zu sparen, denn sonst hätten sie tausende Kopien von \u0026ldquo;Sascha Lobo singt\u0026rdquo; auf dem Server liegen, die alle Platz wegnehmen. Naja, ok, Dutzende.\nWahrscheinlicher ist also, daß Dropbox die Daten auf ihren Servern gar nicht verschlüsselt, oder alle Daten mit einem einzigen globalen \u0026ldquo;Dropbox\u0026rdquo;-Key verschlüsselt oder etwas ähnlich simples. Für die Kommunikation wird dann eine Transportverschlüsselung über den Content gebraten, also für mich mein Key und für Dich Dein Key.\nDropbox hat also die Wahl zwischen Dateideduplikation und effizienten Uploads auf der einen Seite und Datensicherheit durch Verschlüsselung auf der anderen Seite. Klar, wo businessmodelltechnisch die Präferenzen liegen.\n","date":"2011-04-26T00:00:00Z","href":"https://blog.koehntopp.info/2011/04/26/verschluesselt-dropbox-ueberhaupt.html","tags":["cloud","dropbox","internet","security","lang_de"],"title":"Verschlüsselt Dropbox überhaupt?"},{"categories":null,"content":" Die Antwort: ALTER TABLE vs. Schemaless ALTER TABLE in MySQL nervt. Das tut es in erster Linie, weil es die Tabellen, die es verändert, mit einem exklusiven Lock (Write Lock) belegt, während es die Änderung durchführt, und weil es die Änderung durch Umkopieren der Daten und Indices durchführt, was bei einer großen bestehenden Datenmenge doch recht lange dauern kann.\nEs gibt inzwischen eine Reihe von Verbesserungen in MySQL 5.5, wenn InnoDB (inzwischen die Default Storage Engine) verwendet wird. Diese Verbesserungen beziehen sich zum größten Teil auf das Erzeugen und Löschen von Indices im Hintergrund, also ohne Lock und ohne den Betrieb aufzuhalten.\nAuch für das Erzeugen und Löschen von Spalten oder das Ändern von Defaults gibt es Lösungen, die in InnoDB jedoch noch nicht umgesetzt sind. Die meisten dieser Lösungen basieren auf versionierten Tabellendefinitionen und einem verzögerten Update der Zeilen der Tabelle.\nDas könnte so gehen: Jede Tabelle hat eine versteckte Spalte \u0026lsquo;version\u0026rsquo;, in der die Schemaversion für diese Zeile gespeichert ist. Ein ALTER TABLE auf eine Tabelle verändert an der Tabelle selbst erst einmal gar nichts, sondern hinterlegt nur eine zusätzliche Version des Schemas in der .frm-Datei.\nWird eine Zeile bearbeitet, wird das Schema für diese Zeile beim Lesen aktualisiert und die Zeile dann später zurück geschrieben.\nVerzögerte Migration einer Tabelle von Schemaversion 1 auf Schemaversion 2.\nIm Beispiel wird das ursprüngliche\nCREATE TABLE t ( id INTEGER UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT, german VARCHAR(20) NOT NULL DEFAULT \u0026#39;\u0026#39; ) ENGINE = INNODB um ein späteres\nALTER TABLE t ADD COLUMN english VARCHAR(20) NOT NULL DEFAULT \u0026#39;\u0026#39; ergänzt.\nDie ursprüngliche Tabellendefinition ist Version 1. Das ALTER TABLE, das die Spalte english zufügt ist Version 2. Das ALTER TABLE selbst macht gar nichts, aber man kann erkennen, daß die Zeile mit der ID 2 schon aktualisiert worden ist.\nIn einer realen Implementierung ist diese Zeile eher repräsentativ für eine ganze Speicherseite, also in InnoDB für alle Zeilen, die in derselben 16KB Seite gespeichert werden. InnoDB macht allen I/O immer seitenweise und es wäre nicht sehr ökonomisch, nur einzelne Zeilen zu ändern, wenn man gleich eine ganze Seite davon im Speicher hat. Außerdem könnte man auf diese Weise die Schemaversion per Seite statt per Row speichern, was noch einmal Speicher spart. Es ist mir noch nicht ganz klar, ob man eine Seite unbedingt immer beim in-den-Speicher-bringen aktualisieren will (aggressiver Algorithmus), oder nur dann, wenn eine Seite sowieso auf Grund einer anderen Operation modifiziert wird (zurückhaltender Algorithmus, der die Aktualisierung nur dann durchführt, wenn die Seite auf Grund anderer Operationen als dirty markiert wird).\nAuf diese Weise wird jedenfalls das ALTER TABLE ADD COLUMN und DROP COLUMN sowie das MODIFY COLUMN selbst sehr schnell. Die eigentlichen Kosten fallen dann im Hintergrund an, und zwar dann, wenn die Seite sowieso geändert wird (zurückhaltener Algorithmus).\nMeine Anfrage in dem ersten Artikel zum Thema brachte das Ergebnis, daß bei schemalosen Datenbanken die Optionen ähnlich sind:\nMan ignoriert das Problem. Man schreibt eine ALTER TABLE Prozedur. Man schreibt eine Migrationsprozedur, die dem lazy ALTER TABLE von oben entspricht. Man schreibt eine Migrationsprozedur, die dem lazy ALTER TABLE von oben entspricht, verteilt den Code aber durch einen Haufen Stellen in der Anwendung. Zu Option 1 erhielt ich dieses Anwendungsbeipiel:\nIch hatte es erst letztens mit einer NoSQL-Datenbank, dass der Kunde noch gerne ein Feld mehr wollte (Sortierung) und das Statement natürlich die Sortierung benutzt hat. Eigentlich ganz schön, dass das so einfach ist. Nun fand die DB aber plötzlich keine Datensätze mehr, die das Feld noch nicht besaßen.Auf der einen Seite richtig, auf der anderen kommt da gerne auch eine Migration auf einen zu, für einen einzigen neues Key. Aber damit kann man leben und man fällt wahrscheinlich nur einmal drauf rein und beachtet dies in der Entwicklung.\nLeider erhielt ich auf meine Nachfrage, mit welcher technischen oder organisatorischen Maßnahme das für die Zukunft geklärt wurde (\u0026lsquo;beachtet dies in der Entwicklung\u0026rsquo;) keine Antwort.\nZu Option 2 erhielt ich den folgenden Kommentar:\nIch kann hier nur für Documentstore DBs sprechen. Fügten wir in der Form ein weiteres Feld hinzu, musste ein Updateprogramm geschrieben werden, dass die bereits vorhandenen Dokumente um dieses Feld erweiterte [\u0026hellip;], sonst flog einem das ganze in Views um die Ohren oder die Dokumente tauchten in den Views gar nicht erst auf, da das neue Feld als Selektionskriterium verwendet wurde.\nDies entspricht weitgehend einem prozedural auscodierten ALTER TABLE.\nZu Option 3 erhielt ich dieses Anwendungsbeispiel:\nUmgesetzt habe ich das bisher, wie man es bei großen SQL-Datenbanken letztendlich auch tun würde (wenn man die Tabelle nicht locken will):\nDatensatz laden Gucken in welcher Version der Datensatz ist (bzw. ob Daten migriert werden müssen) Datensatz gegf. aktualisieren Datensatz speichern (oder warten bis der Datensatz eh gespeichert wird) Ein weiterer Beitrag:\nAls Anwendungsentwickler muss ich mich auf einmal in meinem Data Abstraction Layer (DAL) um das Handling von Datensatz-bezogenen Versionen kümmern und dort im Laufe der Zeit immer mehr Code implementieren, nur um aus den aus dem Storage geladenen Daten sinnvolle Objekte zu erzeugen.\nOption 4 wurde dort ebenfalls andiskutiert, aber verworfen:\nSchiebt man das Problem noch weiter \u0026ldquo;den Stack hoch\u0026rdquo;, etwa weil man auch im Domain Model nicht mit klaren Objekt-Definitionen, sondern vielleicht mit Hashtables, JSON-Datenformaten oder sonst was rumhantiert, so erschwert dies meiner Meinung nach nicht nur die Übersicht im Code, sondern auch die weitere Verarbeitung in Controllern, Services und Views.\nModellierung von Spezialisierungen An anderer Stelle kam es zu einer Diskussion um erweiterbare Strukturen und Spezialisierungen, also Superclass-Subclass-Beziehungen. In der SQL-Welt implementiert man diese oft mit 1:0-Strukturen (also 1:1-Beziehungen, bei denen der rechte Part optional ist, und der linke Part eine Art von Klassenidentifikation enthält).\nKundenDB eines mir bekannten Providers\nEin mir recht gut bekanntes Anwendungsbeispiel ist eine technische Kundendatenbank bei einem Provider. Dort speichert man Kunden und Produkte ab (ein Kunde kann eine Reihe von Produkten gekauft haben). Alle Produkte haben gemeinsame Eigenschaften, etwa ein Freischalt- und ein Endedatum, Preise, Rabatte und so weiter. Alle Produkte haben außerdem einen Typ, etwa DSL, weitere IP-Adresse, Webserver, Dedicated Server und so weiter. Für jeden Typ gibt es jetzt eine weitere Tabelle, in der Attribute gespeichert werden, die für die Unterklasse spezifisch sind (also DSL-spezifisch, Webserver-spezifisch und so weiter).\nAnwendungen arbeiten nun entweder mit der Oberklasse, etwa weil sie abrechnen. Oder sie arbeiten mit einem JOIN zwischen Produkt und einer spezifischen Unterklasse (Produkt p JOIN dsl d ON p.product_id = d.product_id AND p.type = 'dsl'), etwa weil sie Konfiguration generieren. Die einzige Komponente, die mit allen Unterklassen als Unterklassen arbeiten muß, ist der Editor. Der wiederum ist jedoch so allgemein gehalten, daß er im Grunde mit jeder Art von Tabelle arbeiten kann - er verwendet weitere Tabellen mit Meta-Hints zum Layout der Edit-Seiten.\nIn schemalosen NoSQL-Datenbanken modelliert man dies oft recht frei, auf eine von mehreren Weisen:\nDer unformalste Ansatz fügt einfach Attribute zu Elementen dazu. Es gibt dabei keine Kontrolle, ob die vorhandenen Attribute komplett sind, sondern Attribute werden einfach einzeln zugefügt wie sie gebraucht werden. Das kann zu allerhand Überraschungen zur Laufzeit führen.\nIn einem etwas formaleren Ansatz hat man ein Attribut, das in etwa einem \u0026lsquo;objectClass\u0026rsquo;-Attribut von LDAP Schema entspricht und die Klassen listet, denen das Objekt folgt, und das somit die \u0026lsquo;MUST\u0026rsquo; und \u0026lsquo;MAY\u0026rsquo;-Attribute festlegt. Diese sind womöglich sogar typisiert. Validierung dieser Regeln erfolgt typischerweise jedoch nicht in der Datenbank, sondern im Getter/Setter.\nDatenmodellierung Bei der Modellierung hat man dann wieder OOP-typisch die Wahl zwischen Einbettung und Verweisen (MongoDB ), während SQL praktisch immer mit Verweisen arbeitet.\nObendrein kommen dazu noch gelegentlich technische Fragen wie Subdokument vs. eigenes externes Dokument, die in einigen dieser Systeme elementar unterschiedlich behandelt werden: typischerweise hat ein Dokument einen eigenständigen Primärschlüssel, ist also addressierbar, während ein Subdokument keinen eigenen Primärschlüssel hat, und daher nicht direkt addressierbar ist: Eine OID des Parents plus Suchausdruck ist kein invarianter und stabiler Name.\nSQL arbeitet praktisch immer mit Verweisen und nennt diese Fremdschlüssel, ist aber in der Lage, diese Verweise optional innerhalb einer Query aufzulösen (das ist genau das, was ein JOIN tut), sodaß man durch die Formulierung der Query in der Abfrage die Wahl zwischen Einbettung und Verweis hat - nicht jedoch bei der Speicherung, die in der Regel mit Verweisen erfolgt.\nViele NoSQL-Datenbanken erlauben einem immerhin die Wahl zwischen Einbettung und Verweisen, etwa indem sie einen Datentyp OID bereitstellen. Vielfach fehlt aber die Option des \u0026lsquo;deep read\u0026rsquo;, also des Auflösens von OID in Unterobjekte mit einer einzigen Query (\u0026lsquo;fetchObject: OID deepReadLevel: 3\u0026rsquo;), sodaß man sich beim Auflösen der Referenzen zusätzliche Netzwerklatenzen einhandelt.\nEin Diskussionsbeitrag stellt genau dies dar, zieht dies aber argumentativ anders herum auf:\nDer Zeitpunkt, zu dem Daten normalisiert werden, ist unterschiedlich. Bei einer SQL-Datenbank müssen die Daten beim INSERT dem Schema entsprechen, d.h. ich muß sie gleich normalisiert, wenn ich sie entgegennehme. Bei einem schemalosen Store kann ich die Daten auch erst ganz spät normalisieren, möglicherweise erst wenn ich sie ausgelesen habe und nun darstellen will.\nund meint dann:\nWenn ich Daten normalisiere, bevor ich sie in einen schemalosen Store schreibe, dann sehe ich auch keinen wirklichen Vorteil gegenüber einer SQL-Datenbank (modulo der von Dir erwähnten table locking Implementationsdetails einiger spezieller Implementationen). Das Haupt-Feature ist also IMHO genau die Möglichkeit, erst ganz spät zu normalisieren, und dann hat man möglicherweise viel mehr Kontext, was man mit den Daten überhaupt anfangen will.\nIch arbeite möglicherweise zu lange mit SQL, denn ich habe Schwierigkeiten mir vorzustellen, wieso das ein Vorteil ist. Also, genauer: Ich kenne Anwendungsfälle, wo mich die interne Struktur der Daten nicht tangiert und ich sie in SQL nicht ausmodellieren will - einfachstes Beispiel ist eine Session-Tabelle, die im Grunde nur Tripel (sessionid, sessiondata, changed) enthält, und bei der ich nie in die sessiondata hinein sehen will. In diesem Fall ist es vollkommen in Ordnung, sessiondata als BLOB oder TEXT zu modellieren und da ein serialize($_SESSION) abzuspeichern.\nWenn ich aber strukturierte Sessions will, weil ich etwa Statistiken über Artikel in aktiven Warenkörben erstellen möchte, dann ende ich wahrscheinlich mit einer zweistufigen Hierarchie und Key-Value Tabellen oder weiter ausstrukturieren Sessiontabellen. Allerdings sehe ich solche Anwendungsfälle vielleicht eher in einem Bestell-Log als in einer Session-Tabelle.\nZusammenfassung Offenbar lag ich mit meinem Gefühl gar nicht so falsch: Das im Betrieb oft unerträglich langsame ALTER TABLE von MySQL ist in der Tat ein stark empfundenes Problem und motiviert Anwender stattdessen auf \u0026lsquo;schemalose\u0026rsquo; Datenbanken zu setzen.\nAnwender von \u0026lsquo;schemalosen\u0026rsquo; Datenbanken haben ihr Schema stattdessen als Teil von Bibliotheken in der Anwendung implementiert. Dabei variiert die Codequalität recht stark, da keine \u0026lsquo;best practice\u0026rsquo; als Einbaufunktion von der Datenbank bereitgestellt wird und auch keine Standard-Bibliotheksfunktionen für diese Aufgabe von der Zugriffsbibliothek für die entsprechende NoSQL-Datenbank bereitgestellt wird.\nAus der Sicht des NoSQL-Produktes wird die Funktionalität also nicht vom Server in den Client verlagert, sondern das Problem ignoriert und dem Anwender zur Selbstimplementierung überlassen. Die Anwender durchdenken das Problem dabei unterschiedlich stark und implementieren eine Lösung in der Regel nur so weit als sie empirisch das Problem als dringlich zu empfinden gelernt haben.\nSchemaprüfungen und formale Migrationen von einer früheren Version des Schemas auf die aktuelle Version des Schemas sind dabei eher die Ausnahme.\nViele NoSQL-Produkte, die über simple KV-Stores hinaus gehen, implementieren hierarchische Datenstrukturen, die sich an dem relationalen Vorläufer IBM IMS, an XML oder an LDAP orientieren. Dies ist dem Fehlen von ausdrucksstarken Möglichkeiten mit Hierarchien und Bäumen in MySQL umzugehen geschuldet.\nAndererseits fehlt in diesen NoSQL-Produkten in der Regel die Option, Verweise aufzulösen ohne weitere Netzwerklatenzen zu generieren (Fehlen von JOIN oder \u0026lsquo;deep reads\u0026rsquo;), sodaß man oft mit eingebetteten Dokumenten und nicht-skalaren Daten arbeitet.\nIch war verwirrt, weil einerseits NoSQL irgendwie der aktuelle Hype ist, ich andererseits aber auf Konferenzen wie MongoBerlin letztes Jahr ein komisches DejaVu hatte: Das Publikum dort fühlt sich an wie eine MySQL-Community von 2005.\nSo weit korrekt, oder fehlt was?\n","date":"2011-04-20T00:00:00Z","href":"https://blog.koehntopp.info/2011/04/20/zusammenfassung-schemaless.html","tags":["lang_de","database","mysql","nosql"],"title":"Zusammenfassung 'Schemaless'"},{"categories":null,"content":" Die Frage: Ich brauche einmal Hilfe. Von Euch. Ich verstehe nämlich ein Konzept nicht. Es geht um den Begriff \u0026ldquo;Schemaless\u0026rdquo;, der im Zusammenhang mit einigen NoSQL-Datenbanken verwendet wird.\nIch kann verstehen, daß für einige Leute ein ALTER TABLE wie in MySQL ein Problem ist, weil es Tabellen während der Schemaänderung lockt. Da ALTER TABLE in vielen Fällen die Daten zur Durchführung der Änderung umkopieren muß, kann dieses Lock entsprechend lange bestehen bleiben, wenn die Daten nur hinreichend groß sind.\nIch kann nicht verstehen, wieso Leute glauben, daß \u0026ldquo;Schemaless\u0026rdquo; da eine Hilfe wäre oder wieso Leute glauben, daß es so etwas wie \u0026ldquo;Schemaless\u0026rdquo; überhaupt gibt.\nDaten in Datenbanken existieren ja in der Regel nicht im luftleeren Raum, sondern sie werden von Code genutzt. Dieser Code macht Annahmen über die Attribute, die in einer Tabelle (oder was immer Euer NoSQL als Tabellenäquivalent verwendet) existieren dürfen oder müssen.\nWie geht ihr damit um, wenn ihr \u0026ldquo;schemaless\u0026rdquo; arbeitet?\nHaben Eure Tabellen ein verpflichtendes Attribut \u0026ldquo;version\u0026rdquo;, und Euer Code dann einen Getter/Setter, der die Version einer Row prüft und gegebenenfalls überflüssige Attribute entfernt, fehlende Attribute mit Defaults ergänzt und dann im Setter die Version auf den aktuellen Stand anpaßt? Wenn ja, wie ist das \u0026ldquo;schemaless\u0026rdquo;? Ihr enforced ja ein Schema, und implementiert das ALTER TABLE lazy, wie es in einigen Datenbanken gemacht wird, die nicht MySQL sind.\nWenn nein: Wie geht Euer Code stattdessen mit der Situation \u0026lsquo;fehlendes Attribut\u0026rsquo; bzw. \u0026rsquo;nicht mehr gebrauchtes Attribut\u0026rsquo; um?\nGenerell: Wie prüft Ihr Range und Validität von Daten in so einer Datenbank?\nWäre es nicht sinnvoller, ALTER TABLE so anzupassen, daß es a) Indices im Hintergrund erzeugt und b) Zufügen, Entfernen und Ändern von Spaltentypen lazy implementiert wie oben geschildert?\nBitte helft mir und diskutiert in den Kommentaren.\nDie Antwort in einem späteren Artikel.\n","date":"2011-04-19T00:00:00Z","href":"https://blog.koehntopp.info/2011/04/19/schemaless.html","tags":["database","mysql","nosql","lang_de"],"title":"Schemaless?"},{"categories":null,"content":"Laut mehreren Quellen wird Google Streetview in keinen weiteren Städten mehr verfügbar gemacht als den 20 Städten, in denen es schon vorhanden ist. Das Bildmaterial für die vorhandenen 20 Städte wird nicht aktualisiert werden und also langsam vor sich hin veralten.\nDas haben Frau Aigner und die hauptamtlichen Datenschutzhysteriker und Einwilligungsinformatiker schön hin bekommen. Nächstes Ziel: Google Analytics . Wenn wir uns anstrengen, sind wir in weniger als 2 Jahren wieder bei Bildschirmtext, Spackeria oder nicht.\nEine umfangreichere Metabetrachtung zum Thema \u0026ldquo;Das Scheitern des Datenschutzes\u0026rdquo; findet man auch bei Netzpolitik .\nUpdate: Eine pointiertere Betrachtung des politischen Datenschutzversagens findet man bei tarzun in Datenschutz 2011 .\nUpdate: Bei Heise und anderswo findet man eine der schönsten Ausprägungen von Bestätigung durch Dementi, die ich je gesehen habe. Ja, die GSW-Autos fahren noch in Deutschland. Nein, die Aufnahmen werden vorerst nicht benutzt werden, um GSW Deutschland zu aktualisieren, sondern lediglich für Maps verwendet. Nein, man plane derzeit keine über die ersten 20 Städte hinaus gehenden neuen GSW Deutschland Veröffentlichungen.\nGoogle läßt Streetview also in Deutschland auf dem Status Quo vor sich hin vergammeln, mindestens bis sich herausgestellt hat, wie doll Microsoft mit ihrem Streetview Clone auf das Maul bekommen haben werden.\nUpdate: Eine gute Übersicht über Firmen, die Wi-Fi Positionsdatenbanken aktuell halten. Mit dabei: Jedes iPhone mit iOS 3.2 oder höher (wenn man es ihm nicht abgewöhnt).\n","date":"2011-04-10T00:00:00Z","href":"https://blog.koehntopp.info/2011/04/10/kein-streetview-f-r-deutschland.html","tags":["privacy","google","internet","privacy","spackeria","lang_de"],"title":"Kein Streetview für Deutschland"},{"categories":null,"content":"Nachdem ich jetzt ein wenig mit dem Lesen auf Kindle for Mac und Kindle for Android herumprobiert habe, kann ich sagen, daß es für mich funktioniert. Und zwar seltsamerweise auf dem Android besser als auf dem Mac. Ich kann nur noch nicht sagen wieso - wahrscheinlich spielt Gewicht tatsächlich eine größere Rolle als Screenspace.\nEin wenig Recherche zum Thema Kindle Store und Kindle fördert auch sonst ein paar interessante Fakten zutage. Ein Artikel über Amanda Hocking und andere Autoren zum Beispiel, die ausschließlich über Kindle publizieren. Und dabei gutes Geld verdienen, denn auf diese Weise kommt bei ihnen prozentual viel mehr Geld an als wenn sie über einen Verlag mit gedruckten Büchern arbeiten würden. Was wiederum vollkommen neue Buchpreise ermöglicht. Was wiederum den Kauf von Werken unbekannter Autoren stark vereinfacht, da für mich als Kunde das persönliche Risiko viel geringer ist.\nAlso lese ich jetzt zum Beispiel The Second Ship , weil man für 69 US Cent nix falsch machen kann, selbst wenn das Buch Dreck sein sollte (Bin im Kapitel 7, bisher ist es mehr wert als es kostet).\nZu diesem Konzept der günstigen Buchpreise paßt auch das Format Kindle Singles . Das sind Texte, die kleiner sind als ein Buch, aber länger als ein Artikel - also etwa 30-90 Seiten gedruckt, und entsprechend bepreist.\nDamit tritt Kindle auf eine Weise auch in Konkurrenz zu Flattr, weil die eingesetzten Beträge in der gleichen Größenordnung liegen, aber die Reichweite von Kindle viel größer als die von Flattr ist, und auf diese Weise auch ein Nicht-Geekiges Publikum erreicht werden kann. Zudem ist der Geldfluß aufgrund der individuellen Abrechnung besser kontrollierbar, und das traditionelle Verkaufsmodell leichter verständlich als das Modell, das Flattr zugrunde liegt - Kunden sind geübter, Kaufentscheidungen zu treffen als Flattrspenden abzuschätzen.\nBleibt die Frage, wann wir die ersten deutschen Indie-Autoren sehen, die an den Verlagen vorbei direkt verkaufen, nachdem sich die deutschen Verlage weiterhin strategisch weigern, am 21. Jahrhundert teilzunehmen. Und Google Books ist weiterhin um Würgegriff eines veralteten Coprights (oh, und hier ).\n","date":"2011-03-28T00:00:00Z","href":"https://blog.koehntopp.info/2011/03/28/was-kindle-so-alles-ver-ndert.html","tags":["book","media","lang_de"],"title":"Was Kindle so alles verändert"},{"categories":null,"content":"The Wise Mans Fear , Hardcover, 1008 Seiten. 1400 Gramm. Kindle auf dem Android ist eine feine Sache.\n\u0026ldquo;The Wise Man\u0026rsquo;s Fear\u0026rdquo; ist der Folgeband zu Der Name des Windes .\nKvothe, unser Held aus dem ersten Band, macht sich an der Universität ernsthaft Feinde und muß sich eine Weile zurückziehen, um Gras über die Sache wachsen zu lassen. Er macht sich auf den Weg in das ferne Land Vint, wo er einem Gönner, dem Maer von Severen, helfen muß eine Braut zu werben und Banditen in den fernen Wäldern des Nordens zu besiegen. Das gelingt ihm auch, aber auf dem Weg zurück wird er von einer Fae verführt, entkommt und gelangt mit einem Umweg über das mysteriöse Land Adem zurück nach Severen und schließlich an zurück an die Universität. Bei jedem dieser Ereignisse lernt er ein wenig über die Chandrian, die Mörder seiner Eltern, und über die wahre Natur und Geschichte der Welt, in der er lebt (\u0026quot;Azundris Edition \u0026quot; für Leute mit TL;DR-Syndrom).\nDer erste Band hat sprachlich Maßstäbe hinsichtlich Sprache, Handlung und Storytelling gesetzt, die hier teilweise sogar übertroffen werden. Lediglich die Erlebnisse in Adem haben einige Probleme im Pacing und ihnen würde ein bischen Raffung gut tun. Trotzem ein Buch, das es erfolgreich geschafft hat, mich die letzten 3 Wochen vom Bloggen und RSS lesen abzuhalten (24k ungelesene Artikel im Google Reader). Außerdem ein Hardcover, bei dem Größe und Gewicht mich dazu gebracht haben, Kindle for Android auf dem Desire zu installieren und das Buch dort zu lesen. Was erstaunlich gut funktioniert, hätte ich nie gedacht.\n","date":"2011-03-25T00:00:00Z","href":"https://blog.koehntopp.info/2011/03/25/fertig-gelesen-the-wise-man-s-fear.html","tags":["book","review","media","lang_de"],"title":"Fertig gelesen: The Wise Man's Fear"},{"categories":null,"content":"Dies ist der 2. Teil zum Thema Automatisierung von Systemverwaltungsaufgaben. Den ersten Teil gibt es hier .\nIn jenem Text habe ich mit dem Beispiel eines Installationsservers gearbeitet und ich schrieb darüber:\nWas also wie ein wenig Gescripte aussieht, ist in Wirklichkeit die Definition und Realisierung eines Prozesses - genau genommen die Formalisierung eines Prozesses \u0026ldquo;Server aufsetzen\u0026rdquo; in der Firma. Das Ziel des Prozesses ist die Produktion einer neuen Maschine, die einer gewissen Spezifikation möglichst gut entsprechen soll. Dabei sind die Prozeßziele die möglichst genaue Einhaltung der Spezifikation, und die möglichst schnelle Abwicklung des Auftrages. Dabei ist das Wissen eines Experten in Programmcode auskristallisiert worden - den Hilfs-Scripten und Anpassungen des Installationsservers.\nIch muß die wichtigen Punkte hier noch einmal herausstellen: Wenn wir in einem Umfeld solche Aufgaben automatisieren, dann wollen wir damit verschiedene Dinge erreichen.\nZum einen soll die gewünschte Operation, etwa die Installation einer Kiste, reproduzierbar gemacht werden. Das kann nur dann gelingen, wenn die Automatisierung dieses Prozesses vollständig ist, die Anzahl der manuellen Arbeitsschritte zur Nachbearbeitung also Null ist.\nDenn wenn während einer solchen Änderung an einer Maschine auch nur ein Arbeitsschritt von Hand durch einen Sysadmin ausgeführt wird, dann besteht die Gefahr, daß diese Änderung nicht korrekt oder uneinheitlich gemacht wird, und das gefährdet die nachfolgenden automatischen Bearbeitungssschritte.\nAußerdem geht die Parallelisierbarkeit der Operation verloren, wenn noch manuelle Arbeitsschritte notwendig sind: Egal wie viele Kisten wir zeitgleich durch den Prozeß ziehen können, am Ende müssen die manuellen Schritte nacheinander Kiste für Kiste durch einen menschlichen Admin abgearbeitet werden, sind also wieder serialisiert. Das heißt, es gibt einen Punkt, der vermutlich gar nicht so weit draußen liegt, an dem der ganze Prozeß wieder bottlenecked.\nUnd schließlich ist es so, daß wir durch die Automatisierung einer Operation - hier der Installationsprozeß - das notwendige Expertenwissen zur Durchführung in ein Script verpacken. Das Wissen um das \u0026ldquo;Wie\u0026rdquo; wird externalisiert, damit reproduzierbar und einem Diskurs (durch Patches) zugänglich gemacht.\nBaut man da noch eine schöne Bedienoberfläche drüber, hat man die Operation sogar produktisiert: Sie kann nun durch Personal ausgelöst werden, das von den Details nichts mehr weiß und wissen muß und daher niedriger qualifiziert sein kann als das Personal, das den Prozeß entwickelt hat.\nDer automatisierte Prozeß und seine Ziele/Effekte.\nZieht man das konsequent durch, bekommt man innerhalb des Systembetriebes eine Trennung zwischen Personen, die Systeme bedienen (\u0026ldquo;Operator\u0026rdquo;) und Personen, die Prozesse automatisieren, indem sie die Interfaces für Operatoren und die Funktionalität dahinter bauen.\nLetztere Gruppe entwickelt Programme, genau wie die Entwickler in der Entwicklungsabteilung - es sind Entwickler (auch wenn es Leute gibt, die das bestreiten und die meinen, das Gescripte da sei keine richtige Programmierung).\nSolche Entwickler bauen Code zur automatisierten Systemverwaltung, also Infrastruktur, im Gegensatz zu den regulären Entwicklern, die an neuen Features bauen. Daher nenne ich die einen Infrastrukturentwickler und die anderen Featureentwickler.\nAndere Leute nennen das DevOps , und integrieren die Infrastrukturentwickler tiefer in die Featureentwicklung, die dann die Belange von Operations gleich bei der Entwicklung der Software von Anfang an mit berücksichtigen soll. Ich halte das nicht unbedingt für glücklich, weil die geforderten Qualifikationen andere sind, und weil die Denkweise des Infrastrukturentwicklers eine andere ist als die eines Featureentwicklers.\nFeatureentwickler, insbesondere im Bereich der agilen Methoden, sind ein wenig wie Teletubbies - sie sind timeboxed, und wenn bestimmte Dinge beim Ablaufen der Timebox nicht fertig werden, dann werden diese Features eben gekippt und auf ein späteres Release verschoben. Das macht aber nix, denn man kann die Features, die fertig geworden sind, schon mal releasen und die Leute, die das gebaut haben, trotzdem loben: Ui, das habt ihr aber fein gemacht und so schön bunt! Oder anders gesagt: Auch schon für Teil-Lösungen gibt es oft einen inkrementellen Payoff.\nIm Bereich der Infrastrukturentwicklung gibt es das eher nicht, eben genau wegen der Anforderung \u0026ldquo;genau Null manuelle Eingriffe\u0026rdquo;. Für viele Aufgaben funktioniert timeboxing hier nicht, sondern man muß die Aufgabe ganz, komplett und vollständig erledigen, erst dann kann man das erste Mal wirklich Gewinne durch die Erledigung der Aufgabe einstreichen - dann aber auch gleich in voller Höhe. Die Führung eines Teams von Infrastrukturentwicklern muß daher eher militärisch erfolgen: Klar definierte und abgegrenzte Ziele, dann rein, die Mission erledigen und wieder raus, keine halben Sachen.\nDaher ist in der Infrastrukturentwicklung Scrum eine Methode, die eventuell nicht passend ist - schon gar nicht, wenn auf der Prioritätenliste Featureentwicklung mit Infrastrukturentwicklung um Prioritäten kämpft. Denn Scrum limitiert die Arbeit pro Iteration durch das Selected Backlog , und da Featureentwicklung dem Betrieb direkt Einnahmen bringt, während Infrastrukturentwicklung in vielen eher als Geldsenke gesehen wird, führt das schnell dazu, daß jede Menge Technical Debt aufgebaut wird, d.h. wichtige Infrastrukturarbeit liegen bleibt.\nMan kann versuchen, da mit Priority Inversion drum herum zu arbeiten, d.h. daß Infrastrukturprojekte die Priorität der Featureprojekte erben, für die sie Vorbedingung zur Realisierung sind, aber meiner persönlichen Erfahrung nach wird das nicht strikt genug gehandhabt. Außerdem verhindert es proaktive Infrastrukturarbeiten, und rein reaktive Systemadministration ist ein sehr steiler Weg ins Chaos.\nAber auch wenn Infrastrukturentwicklung von der Featureentwicklung getrennt ist, etwa weil eine Trennung von Operations und Development existiert, ist Scrum oft nicht die geeignete Methode, da Timeboxing bei einer Aufgabenstellung nicht so gut funktioniert, die erst dann Gewinne bringt, wenn die Aufgabe 100% erledigt ist. Besser verwendet man eine Kanban -Variante und paßt diese dann auf die lokalen Erfordernisse der Organisation und die Mentalität des Teams an.\nJira Greenhopper Extension mit der Darstellung eines Migrationsprojektes.\nSetzt man das um, stellt man binnen 6 bis 12 Monaten fest, daß sich die Art der Aufgaben und der geforderten Qualifikationen innerhalb des ehemaligen Sysadmin-Teams sehr verschieben. Zwar sind immer noch Kenntnisse von bestimmten Subsystemen und ihrer Arbeitsweise notwendig, aber die neu geschaffenen Infrastrukturentwickler brauchen tatsächlich Kenntnisse einer (interpretierten) Programmiersprache (PHP, Perl, Python, Ruby) im Gegensatz zu einer Scriptsprache (Shell) - genau genommen wird man sich im Team auf eine gemeinsame Plattformsprache einigen müssen, ein gemeinsames Repository haben, und auch sonst eine ganze Menge Dinge vereinheitlichen müssen.\nDie Arbeitsweise des Teams ändert sich ebenfalls - wenn die Umstellung gelingt, wird sich nach Ablauf des ersten Jahres kein Sysadmin mehr auf einer Kiste einloggen müssen, weil ssh von func, puppet, LDAP und einer Datenbank zum Konfigurationsmanagement abgelöst worden ist.\n","date":"2011-02-18T00:00:00Z","href":"https://blog.koehntopp.info/2011/02/18/automatisierung-und-skalierung-teil-2.html","tags":["architektur","mysql","work","lang_de"],"title":"Automatisierung und Skalierung - Teil 2"},{"categories":null,"content":"Ich hatte im Vorfeld der OSDC 2011 eine interessante Unterhaltung mit Julian Hein zum Thema Automatisierung. Er wollte, daß ich einmal erkläre, warum man das eigentlich tut - und was man da eigentlich tut.\nDie Antwort ist ein wenig länger, und weil ich dieses Jahr nicht zur OSDC fahren kann und dort auch nicht reden kann, will ich einmal versuchen, meinen Text zumindest in groben Zügen hier aufzuschreiben.\nDie Zusammenfassung ist jedenfalls, daß Automatisierung kein technisches Problem ist.\nAber von vorne:\nIch komme von MySQL, aus einem Consultingumfeld, und ich habe dort mit Kunden in jeder möglichen Betriebsgröße zu tun gehabt - von einzelnen MySQL Servern hin bis zu Leuten, die wirklich große Setups am Laufen gehabt haben.\nDarum habe ich mich vor Jahren im Vorfeld der MySQL Enterprise Manager (MEM, \u0026ldquo;Merlin\u0026rdquo;) Entwicklung auch mit dem Merlin-Team unterhalten und versucht zu erklären, was ich mir unter einem \u0026ldquo;Enterprise Manager\u0026rdquo; denn so vorstelle und wieso. Die Entwicklung ist dann aus einer ganzen Reihe von inzwischen hinfällig gewordenen betriebsinternen Gründen ganz anders gelaufen, aber das ist eine andere Geschichte, die ein anderes Mal erzählt werden soll.\nInzwischen bin ich in einer Firma, die noch vor drei oder vier Jahren eine gerade eben zweistellige Gesamtanzahl von Servern am Laufen hatte, und deren Maschinenpark sich jetzt im vierstelligen Bereich bewegt - mit einer großen dreistelligen Anzahl von MySQL-Instanzen. Ohne Automatisierung könnten wir das mit der vorhandenen Anzahl von Personen gar nicht stemmen.\nAber Automatisierung ist mehr, als einfach nur einen Haufen Scripte zu schreiben, die dann Aufgaben übernehmen, obwohl es wohl in den meisten Firmen so anfängt.\nZum Beispiel:\nJemand muß einen Server zum wiederholten Male installieren, oder schlimmer noch, einer anderen Person erklären, wie man \u0026ldquo;bei uns\u0026rdquo; Server installiert, also was unter allen möglichen Wahlmöglichkeiten die Entscheidungen und Designideen sind, die \u0026ldquo;bei uns\u0026rdquo; getroffen wurden und wieso.\nIn Läden, die ein wenig schlauer arbeiten, geht das meistens mit der Installation eines Installservers einher, und so kann man Kisten dann aus dem Netz booten, und sie malen sich dann ein Betriebssystem und einen Haufen Zusatzsoftware und Konfiguration auf die Platte. Dabei werden dann noch mehr Entscheidungen und Überlegungen getroffen, die durch den automatisierten Installationsprozeß umgesetzt werden.\nWas also wie ein wenig Gescripte aussieht, ist in Wirklichkeit die Definition und Realisierung eines Prozesses - genau genommen die Formalisierung eines Prozesses \u0026ldquo;Server aufsetzen\u0026rdquo; in der Firma. Das Ziel des Prozesses ist die Produktion einer neuen Maschine, die einer gewissen Spezifikation möglichst gut entsprechen soll. Dabei sind die Prozeßziele die möglichst genaue Einhaltung der Spezifikation, und die möglichst schnelle Abwicklung des Auftrages. Dabei ist das Wissen eines Experten in Programmcode auskristallisiert worden - den Hilfs-Scripten und Anpassungen des Installationsservers.\nDie weitere Diskussion über den Prozeß findet in Form von Patches zu diesem Code ihren Niederschlag - zwar redet man über den Prozeß und wie man ihn verändern, anpassen oder erweitern will, aber keine dieser Absprachen hat eine Auswirkung auf die Durchführungen des Prozesses, bevor der entsprechende Patch nicht geschrieben und im DCVS eingecheckt worden ist.\nAber Code ist nur ein Teil eines Prozesses - meistens die technische Seite der ganzen Geschichte. Prozesse haben in Wirklichkeit immer mindestens drei Aspekte - neben der Technik- noch die Organisations- und die Personalseite der Angelegenheit. Außerdem kommt zu jedem Definitionsteil (den Regeln) auch noch ein Kontrollteil (die Einhaltung der Regeln messen) dazu.\nStraßenverkehr\nEin bekannter und von jedem verstandener Prozeß ist zum Beispiel der öffentliche Straßenverkehr. Dieser hat eine organisatorische Seite - Verkehrsregeln, Definition von Verkehrszeichen und so weiter, eine personelle Seite - Ausbildung der Verkehrsteilnehmer in der Schule, der Fahrschule und so weiter, und eine technische Seite - Fahrzeugsysteme, stationäre Verkehrssysteme wie Ampeln, und so weiter. Für jeden Bereich gibt es Kontrollteile - die Verkehrspolizei überwacht die Einhaltung des organisatorischen Teils, die Fahrprüfung ist eine Kontrolle der Ausbildung, und der TÜV ist eine Kontrolle der Technik.\nEbenso finden wir diese Teile in kleiner bei unserem Server-Installationsprozeß wieder. Wir finden einen organisatorischen Teil, also eine Diskussion darüber, was wir mit dem Installserver für ein Problem lösen wollen und welche nicht (Abgrenzung und Scope: \u0026ldquo;Nach der Installation des Basissystem wird dieses durch Puppet personalisiert, der Installserver soll nur eine allgemeine Basisinstallation durchführen\u0026rdquo;). Wir finden einen Personalteil, meistens in Form von Wikipages mit Dokumentation realisiert, und dazu Fortbildungsveranstaltungen für neue Mitarbeiter (\u0026ldquo;Unser Installserver und wie man ihn benutzt und anpaßt\u0026rdquo;). Und wir finden den technischen Teil, also den Server selber.\nDie Kontrollinstanzen sind bei vielen Prozessen weniger stark ausgeprägt als bei einem großen und unter Umständen gefährlichen System wie dem Straßenverkehr, existieren aber je nach Wichtigkeit des Prozesses durchaus - zum Beispiel wird von einem neuen Sysadmin nach dem Kurs verlangt, eine triviale Änderung am Installserver durchzuführen und dann eine Kiste mit dem Teil selbstständig, aber unter Aufsicht zu installieren. Und natürlich guckt man, ob der Installserver noch geht und ob die gelieferten Ergebnisse noch den Anforderungen entsprechen.\nMerlin, also der MySQL Enterprise Manager ist nun ein gutes Beispiel für das Versagen bei der Umsetzung eines solchen Konzeptes. Also, MEM ist ein gutes und nützliches Monitoring-Werkzeug und wir könnten eine Installation unserer Größe ohne die Hilfe von Merlin nicht fahren. Aber im Lichte der voranstehenden Diskussion kann man erkennen, wie Merlin zu kurz greift.\nDas beginnt schon damit, daß Merlin überhaupt genau gar nichts managed. Es ist ein reines Monitoringwerkzeug, das zwar Graphen liefert, Queries findet oder Alarme generiert, aber es automatisiert nichts, genau genommen verändert es nichts an einem laufenden System. Es ist ein Monitor, aber kein Manager.\nWollte man die Prozesse in einem großen MySQL Deployment automatisieren, dann müßte man sich erst einmal einen Katalog von Tätigkeiten machen, die in Operations und in Development bei einer Datenbank so anfallen:\nDer Operations DBA plant ein Deployment, installiert Datenbanken, prüft und verändert Konfigurationen (Configuration Management), muß deswegen Server starten und stoppen, plant und führt Upgrades durch (Change Management), überwacht den Betrieb (Monitoring), managed lokale Betriebsstörungen (Incidents), findet gemeinsame Ursachen (Problem Management) und kommuniziert mit dem Upstream (Support des Herstellers), und prüft ob die Systemleistung in Zukunft noch ausreicht (Capacity Management). Er kontrolliert Datensicherung und Restore (Backup, Desaster Recovery).\nDer Development DBA ist Teil des Entwicklungsprozesses (sitzt im Scrum Planning und so weiter mit dabei), hilft und berät beim Schemadesign und der Datenmodellierung, beim Query Review, findet im Betrieb schlechte Queries, hilft und berät bei der Optimierung, und plant zusammen mit dem Operations DBA Schemaänderungen und Konfigurationsänderungen.\nDann würde man sich überlegen und durch Umfrage beim Kunden feststellen, wie diese Profile in verschiedenen Systemgrößen den ausgestaltet sein werden - denn wer 10^0 oder 10^1 Server insgesamt am Laufen hat, der wird kaum zwischen Operations und Development DBA unterscheiden und nicht alle diese Teilprozesse werden als eigenständige Gebiete identifizierbar sein. Kommt man dann auf Installationen von 10^2, 10^3 oder 10^4 Servern, sieht das alles plötzlich ganz anders aus und trifft auf ganz andere Bedürfnisse in der Ausgestaltung.\nDenn obwohl formell die gleichen Leistungen für den Betrieb erbracht werden müssen, ist durch die schiere Größe der Installation mit einem Mal ein ganz anderer Problemkomplex im Gesamtbild wichtig.\nZum Beispiel: Um 500 Server in 2 Dutzend Replikationshierarchien an 2 Standorten von MYSQL 5.1 nach 5.5 zu aktualisieren, ist ein Haufen Tests und dann Upgrades notwendig. Aber selbst wenn man es schafft, 5 Server pro Tag abzuarbeiten (jeder je nach Größe mit 100G bis 10.000G an Daten), dann braucht man 100 Arbeitstage, also etwas weniger als ein halbes Jahr, um das Upgrade auszurollen, falls es nicht zu Komplikationen kommt.\nWünschenswert wäre es aber, das Thema binnen eines Monats (also 20 Arbeitstagen) vom Tisch zu haben - dazu muß man aber Techniken entwickeln, mit denen man 50 Server oder mehr pro Tag geregelt bekommt. Das ist in einigen Bereichen der Installation schon von der Plattenleistung und der Netzwerkkapazität her problematisch, also redet hier der Operations DBA plötzlich mit Sysadmin, Storage und Network Engineering, die Vorraussetzungen schaffen müssen, um solche Dinge im regulären Betrieb abwickeln zu können - denn das nächste Release kommt binnen eines Jahres mit Sicherheit und Upgrades dürfen keine Ausnahmesituation sein, sondern müssen als Bestandteil des normalen Systembetriebes durchgeführt werden können.\nUnd schon werden die Bereiche Organisation und Personal bei nur 10^3 Servern im Laden dicke fette Punkte auf dem Managementradar.\nZurück zu Merlin: Der MEM taucht in diesem Problembild gar nicht auf - kaum als Hilfe bei der Planung eines solchen Unterfangens und gar nicht als Hilfsmittel bei der Umsetzung.\nHätte man Merlin richtig aufgezogen, dann hätte MySQL als Hersteller der Datenbank sich mit Kunden und Community zusammengesetzt, und eben einen solchen Katalog von betrieblichen Tätigkeiten des Operations- und des Development DBA aufgestellt und die Bilder einmal ausgemalt und für die verschiedenen Betriebsgrößen skaliert.\nDanach hätte man zusammen mit Kunden und Community das MySQL Systemhandbuch erstellt, also einmal mustergültig die Best Practice beim Betrieb von MySQL dokumentiert und ausgeführt, wie man diese Best Practices für 1, 10, 100, 1000 Server umsetzt - was ist wichtig, was ist unwichtig, wenn man klein oder wenn man groß ist.\nSchließlich hätte man mit seiner Consulting und mit seiner Training- und Certification-Abteilung, also MySQL Services als Ganzes, dieses Konzept umgesetzt und in Consulting, Training und Certficiation einfließen lassen, und dann eine Architektur und Werkzeuge in dieser Architektur erstellt, die diese Prozesse technisch unterstützen.\nAll das ist komplett nicht passiert (aus Gründen, die jetzt nicht mehr zutreffen, und weil Merlin Ziele hatte, die nicht den oben genannten Anforderungen entsprechen und die jetzt so auch nicht mehr gelten, aber das ist alles wie gesagt eine andere Geschichte an einem anderen Lagerfeuer).\nHätte man das umgesetzt, könnte ich jetzt vermutlich in Merlin die Liste der von Oracle releasten MySQL-Versionen auf deren Server sehen, mit grünen Haken hinter den Pakete, deren digitale Signatur validiert. Ich würde dann Versionen Servergruppen zuweisen und den Prozeß \u0026ldquo;Rollout\u0026rdquo; anstoßen. Merlin würde das RPM dann in meine lokalen yum Repositories runterladen und das Puppet-Rezept dieser Gruppen so anpassen, daß die entsprechenden Server aktualisiert oder neu aufgesetzt werden - aber so gestaggered, daß der Betrieb davon nicht beeinflußt wird und natürlich auf eine Weise koordiniert, die Server vor dem Upgrade aus dem Loadbalancer nimmt, und die die Funktionalität und den Erfolg des Upgrades testet und die Caches vorglüht, bevor die Kiste in den LB zurück geht.\nMan sieht auch in dieser Erklärung schon ein paar weitere wichtige Aspekte der ganzen Sache: Es ist wichtig, den Scope abzugrenzen und nicht die Aufgaben anderer Werkzeuge zu übernehmen, sondern diese korrekt zu integrieren. Weder gilt es das Paketformat und das Paketsystem des Trägersystems durch was eigenes (einen Bitrock-Installer?) zu ersetzen, noch die Funktionalität anderer Automatisierungs-Techniken zu duplizieren. Stattdessen sollte Best Practice Empfehlungen aussprechen und Kompatibilitäten definieren (\u0026ldquo;Wir unterstützen Puppet und Chef für Systems Automation, liefern receipts dafür und integrieren deren Schnittstellen in unseren Tools\u0026rdquo;). Und sie sollte sich bewußt sein, daß Kisten nicht alleine Laufen, sondern Teil eines Systems sind (mit dem LB reden!) und Zustand haben (Caches müssen warm sein!). Und Paranoia ist ein Admintugend (Testen!).\nWenn man Automatisierung also nicht auf dem Anwenderlevel, sondern auf dem Level eines Herstellers betrachtet, dann ist Automatisierung noch viel weniger ein technisches Problem als auf dem Anwenderlevel - es ist vielmehr in erster Linie tatsächlich ein organisatisches (Abgrenzung? Integration? Kommunikation mit anderen Projekten?) und ein personelles Problem (Akzeptanz der Best Practice? Werbung dafür? Schulung? Prüfung?).\nUnd alles das muß man neben der Technik eben auch mit thematisieren, wenn man Wachstum in einer Firma skalieren und kanalisieren will - man muß nicht nur die Technik, sondern auch die Organisation und seine Leute mit skalieren.\n","date":"2011-02-17T00:00:00Z","href":"https://blog.koehntopp.info/2011/02/17/automatisierung-und-skalierung.html","tags":["architektur","mysql","work","lang_de"],"title":"Automatisierung und Skalierung"},{"categories":null,"content":"Hardware keyloggers found in Manchester library PCs schreibt The Register:\nHardware keyloggers have been discovered in public libraries in Greater Manchester.Two USB devices, attached to keyboard sockets on the back of computers in Wilmslow and Handforth libraries, would have enabled baddies to record every keystroke made on compromised PCs. It\u0026rsquo;s unclear who placed the snooping devices on the machines but the likely purpose was to capture banking login credentials on the devices prior to their retrieval and use in banking fraud.\nVor vielen Jahren stand in der Hauptpost in Kiel wie in vielen anderen Postfilialen ein öffentliches BTX Terminal. Solche Geräte wurden zu dieser Zeit dadurch realisiert, daß man ein Standard CEPT-Terminal mit einem DBT-03 in ein Gehäuse geschwartet hat und mit einer robusten Tastatur versehen hat.\nÖffentliche BTX-Terminals waren damals ein tolle Sache, weil man auf ihnen private Nachrichten kostenlos versenden konnte, statt die damals üblichen 40 Pfennige pro Mail bezahlen zu müssen, und weil man auf ihnen sogenannte BTX Regionalseiten abrufen konnte, ohne die damals üblichen 2 Pfennige pro Seite bezahlen zu müssen (Und ihr fragt Euch noch, was Euch erwartet, wenn die Netzwerkneutralität kippt?).\nWenn man sich also in das BTX System mit der Teilnehmerkennung und dem Paßwort eines öffentlichen Terminals einloggen könnte, dann war das schon sehr attraktiv, damals.\nDer Schwachpunkt an der Angelegenheit war damals das DBT-03.\nFür die Post war das DBT-03 sehr attraktiv, weil es als spezielles BTX-Modem die Teilnehmerkennung und das Paßwort in der Hardware eingebaut hatte und man so an einem öffentlichen Terminal beim Verbindungsaufbau keinen Login durchführen mußte. Für den Hacker war das DBT-03 attraktiv, weil das DBT-03 ist ein Ultrabillig-Modem gewesen ist, das für alles zu dumm war.\nNormale Modems heben beim Verbindungsaufbau ab und lauschen nach einem Freizeichen. Nicht so das DBT-03. Das gebt ab und wählt los.\nWenn man sich also nach der Schule um Punkt 15:00 am Terminal einfindet und dann \u0026ldquo;Verbindungsaufbau\u0026rdquo; am Terminal drückt, dann legt das DBT-03 auf, wartet und hebt wieder ab, um dann loszuwählen. Es wählt dabei von einem Telefonanschluß los, dessen Rufndummer wie damals üblich mit seiner BTX-Teilnehmerkennung identisch war. Ruft nun also ganz zufällig jemand genau um 15:00 auf dieser Rufnummer an, dann hebt das DBT-03 ab, hört nicht auf ein Freizeichen, und wählt los - dadurch wird die angenommene Verbindung aber nicht mehr getrennt.\nDann pfeift das DBT-03 seinen Carrier und bekommt die Gegenseite ans Rohr, von der es glaubt, daß es die BTX Leitzentrale in Ulm sei. Die Gegenseite sendet also eine BTX Startseite mit einem Usernamen-Feld, und das DBT-03 sendet brav seine Hardware-Teilnehmerkennung. Die Gegenseite pfeift ein Paßwortfeld, und das DBT-03 sendet brav sein Paßwort. Die Gegenseite legt auf.\nWenige Stunden später sind circa zwei Dutzend öffentliche BTX-Terminals Hauptpost Kiel simultan in Ulm eingeloggt.\nNatürlich fällt so etwas auf, und man reagiert darauf, indem man das Paßwort des Zugangs ändert, d.h. die Modemhardware austauscht. Das behebt natürlich nicht die Quelle des Angriffes - am nächsten Nachmittag steht also wieder ein pickeliger Schülertypie im Parka am Gerät und drückt die \u0026ldquo;Trennen\u0026rdquo;- und dann die \u0026ldquo;Verbindung aufbauen\u0026rdquo;-Taste und wenige Stunden später\u0026hellip;\nNunja. Irgendwann mußte man am ÖBTX halt mit einer Telefonkarte bezahlen statt den Dienst kostenlos nutzen zu können. Wie schade. Aber da gab es dann auch schon USENET und Interessen verschoben sich.\nWarum ich die Geschichte erwähne? Auch damals standen gerne Leute am ÖBTX und machten in der Hauptpost ihr BTX-basierendes Onlinebanking. Ich fand das immer sehr leichtsinnig. Wer weiß schon, wer da am anderen Ende zuhört!\n","date":"2011-02-16T00:00:00Z","href":"https://blog.koehntopp.info/2011/02/16/vertrauensw-rdigkeit-ffentlicher-hardware.html","tags":["damals","hack","security","lang_de"],"title":"Vertrauenswürdigkeit öffentlicher Hardware"},{"categories":null,"content":"Bei web.de waren schon 2003 mehr als 80% des Datenverkehrs SSL-verschlüsselt, da dort die Policy herrschte \u0026ldquo;Paßworte werden nur verschlüsselt übertragen\u0026rdquo; und \u0026ldquo;Wenn ein Login stattgefunden hat, findet der Rest der Session bis zum Logout verschlüsselt statt\u0026rdquo;. Ich habe in einem Artikel schon einmal dargelegt, daß das rechenleistungsmäßig keine große Belastung ist - der ganze SSL-Aufwand macht etwa 1/250stel der Gesamtleistung des Systems aus.\nKosten entstehen bei SSL bei der laufenden (symmetrischen) Verschlüsselung nicht in nenneswerter Höhe, sondern nur bei der Herstellung der Verbindung, wenn asymmetrische Kryptographie verwendet wird. Dort treten sie nicht nur in Form von CPU-Verbrauch auf, sondern auch in Form von Datenmengen und Roundtrips, also Übertragungslatenzen. Aber das ist nicht nur überschaubar, sondern man kann es durch geeignetes Protokolldesign auch stark optimieren (Verbindungen halten statt neu aufbauen, Parameter cachen und so weiter), und außerdem schrauben Leute am Protokoll selbst .\nNun stellte Facebook gerade auf SSL um , und schon letztes Jahr begann Google so langsam das Licht zu sehen . Firesheep macht Druck, und HTTPS Everywhere hilft sehr.\nFirmen wie F5 finden das blöd, denn natürlich geht das mit einem relativ kleinen Stapel gewöhnlicher Rechner genau wie mit einer teuren SSL Appliance, auch wenn F5 das nicht wahr haben will . Und so macht man sich bei Y-Combinators Hacker News darüber lustig. Jedenfalls ist das Problem bei SSL nicht die CPU Power .\n","date":"2011-02-10T00:00:00Z","href":"https://blog.koehntopp.info/2011/02/10/die-kosten-von-ssl.html","tags":["kryptographie","security","web","lang_de"],"title":"Die Kosten von SSL"},{"categories":null,"content":"Krümelmonster: C is for Cookie Auf den vielfachen Wunsch einer einzelnen Dame hier der Erklärbar zum Thema Kekse für die Freunde besagter Dame.\nEines der Hauptprobleme, das man lösen muß, wenn man Webanwendungen schreibt, ist die Tatsache, daß man im wesentlichen Memento dreht.\nJedesmal, wenn man im Browser eine Seite aufruft, sieht der Webserver einen Request, bearbeitet diesen und vergißt danach, was er getan hat. Es gibt nichts an einem Request, das man verwenden kann, um den zweiten Requests sicher mit dem ersten Request zu verketten und sich an die Dinge zu erinnern, die man im ersten Request getan hat.\nCookies und Sessions Ein Browser (rechts) sendet einen Request GET / an einen Server www.shop.com (links). Der erste und der zweite Request sind unabhängig und nicht miteinander verkettbar.\nDer erste und der zweite Request vom selben Browser sind nach Definition von HTTP für den Webserver nicht als zusammengehörig erkennbar.\nMan kann nicht den User-Agent des Browsers verwenden, weil es viele verschiedene Browser mit demselben User-Agent geben kann. Man kann auch nicht die IP-Adresse verwenden: zum einen kann es vorkommen, daß mehr als ein Benutzer dieselbe IP-Adresse verwendet, weil es Rechner gibt, die von mehreren Benutzern zeitgleich verwendet werden.\nZum anderen kann es vorkommen, daß Request 1 und Request 2 mit unterschiedlichen IP-Adresse gesendet werden.\nDas ist oft der Fall, wenn ein Benutzer bei T-Online oder AOL ist oder wenn er Tor verwendet. Dort geschieht dies regelmäßig wegen der Struktur der Proxyserver, die dort verwendet werden.\nBei Mobilbenutzern kann sich die IP-Adresse spontan ändern, wenn sie ihren Standort verändern, auch wenn das Netz versucht, dies zu verbergen.\nUnd nach einer DSL-Zwangstrennung hat man natürlich auch eine neue IP-Adresse. Erstrecken sich Browser-Tätigkeiten über solche Intervalle, sieht man aufeinanderfolgende Requests desselben Benutzers von verschiedenen IP-Adressen.\nBei Memento löst man das Problem mit Tätowierungen, in Browsern verwendet man stattdessen Cookies.\nCookie definieren: Der Webserver setzt mit dem Header Set-Cookie einen Cookie im Browser, hier sessid=17.\nGreift ein Browser das erste Mal auf eine Webanwendung zu, sendet er einen GET-Request mit dem Namen der gewünschten Site im Host-Header und einigen weiteren Headerzeilen, die uns hier heute nicht interessieren sollen.\nGET / HTTP/1.1 Host: www.shop.com Connection: keep-alive Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Die Webanwendung reagiert mit einer Antwort, die einen Content-Type definiert (zum Beispiel text/html für Webseiten) und die weitere Header enthalten kann. Einer dieser Header ist Set-Cookie. Das ist die Tätowierung, die unseren Browser von allen anderen Browsern unterscheidbar macht.\nSet-Cookie: \u0026lt;name\u0026gt;=\u0026lt;value\u0026gt; [; expires=\u0026lt;date\u0026gt;] [; domain=\u0026lt;domain_name\u0026gt;] [; path=\u0026lt;some_path\u0026gt;] [; secure] [; httponly] Die \u0026ldquo;Syntaxdefinition\u0026rdquo; von Set-Cookie beschreibt, welche Eigenschaften und Optionen ein Cookie haben kann.\nSet-Cookie definiert eine Variable mit dem Namen Name und dem Wert value. Es gibt Limits im Browser für die Anzahl und Länge dieser Variablen pro Site und insgesamt.\nMit der Definition eines Cookies können weitere Einschränkungen festgelegt werden, die sagen wo und wie lange der Cookie gelten soll: Die Einschränkungen, die man festlegen kann, bestimmen an welche Domain der Cookie zurück übermittelt wird, wie lange er gelten soll, ob er für eine ganze Site oder nur einige Pfade auf der Site definiert sein soll, ob er nur mit SSL-Verschlüsselung übertragen werden soll und ob Javascript mit dem Cookie arbeiten darf.\nDer Browser erhält diese Definition mit der Webseite, die ihm übermittelt wird. Während er die Webseite darstellt, speichert er die Variable und den dazu gehörenden Wert ab.\nIm Beispiel oben wird eine Variable mit dem Namen sessid definiert, die den Wert 17 bekommt. Es ist eine zusätzliche Einschränkung definiert, die festlegt, daß diese Variable bei allen Zugriffen auf Domains mit der Endung .shop.com übermittelt werden soll. Da kein expires-Wert gesetzt ist, gilt die Variable so lange wie der Browser läuft - andernfalls gälte sie so lange bis das gesetzte Datum verstrichen ist.\nMit jedem weiteren Zugriff (der die zusätzlichen Einschränkungen erfüllt) setzt er jetzt eine zusätzliche Headerzeile Cookie, in der er die Variable und ihren Wert zurück an den Server übermittelt.\nWegen eines vorhergehenden Set-Cookie ist jetzt ein Cookie sessid mit dem Wert 17 für .shop.com gesetzt. Weil www.shop.com unterhalb von .shop.com liegt, wird nun bis auf weiteres der Cookie: sessid=17 mit jedem Request dort hin gesendet. Aber nur für diesen Browser - andere Browser senden keinen Cookie oder den Wert, der für sie gesetzt worden ist. Dadurch werden unterschiedliche Browser unterscheidbar.\nSobald ein Cookie gesetzt ist, übermittelt der Browser den Cookie bei jedem nachfolgenden Requests, der die Bedingungen der Definition erfüllt. Hier wird also nun für jeden Request an einen Host in der Domain .shop.com die sessid=17 mitgesendet. Der Browser ist nun eindeutig identifizierbar, solange die sessid eindeutig vergeben wird.\nUnser Beispielcookie ist ein sogenannter Session-Cookie - er wird ohne ein expires definiert und daher nicht auf der Festplatte, sondern nur im Browser gespeichert. Beendet man den Browser, ist er verloren. Session-Cookies dienen dazu, aufeinanderfolgende Web-Requests ein und desselben Browsers miteinander zu verketten und erlauben es Webanwendungen, Zustand zu haben.\nZustand? Eine Anwendung ist ein Programm, das bestimmte Funktionen hat. Entgegen den Darstellungen in gewissen Filmen liegen Programme gewöhnlich auf der Platte rum und tun gar nichts. Nur wenn sie gestartet werden, wird ihr Code um etwas ergänzt - Variablen. Die Summe aller Variablen eines Programmes ist sein Zustand.\nZwei Dateien werden zur selben Zeit im selben Texteditor bearbeitet. Text, Cursorposition, Schriftart und Dateiname unterscheiden sich zwischen beiden Dokumenten, d.h. diese Variablen haben in beiden Dokumenten unterschiedliche Werte.\nEin Texteditor zum Beispiel hat viele Funktionen zum Bearbeiten von Texten.\nÖffnet man ein neues Dokument, weiß der Textedit den Namen dieses Dokumentes (\u0026ldquo;untitled.txt\u0026rdquo;), die Cursorposition (links oben) und den Text, der in dem Dokument enthalten ist sowie die aktuelle Schriftart und -farbe und noch viele andere Dinge mehr.\nEin zweites Dokument (hier: \u0026ldquo;Faust 3 - die Rückkehr.txt\u0026rdquo;) enthält anderen Text, eine andere Cursorposition, eine andere Schriftart und so weiter. Der Texteditor kann mehr als einen Text bearbeiten, weil er für jedes Dokument seinen Zustand getrennt verwaltet.\nZwei Browser arbeiten mit demselben Webshop, einer hat die sessid=17, der andere die sessid=18. In zwei unterschiedlichen Datensätzen wird der Warenkorb für jeden Browser verwaltet.\nGenau so verhält es sich etwa bei einem Webshop. Auf dem Server liegt einmal der Code der Webanwendung, mit Funktionen wie \u0026ldquo;Artikel anzeigen\u0026rdquo;, \u0026ldquo;Warenkorb verwalten\u0026rdquo; und \u0026ldquo;abkassieren\u0026rdquo;. Aber natürlich muß man für jeden Benutzer des Webservers - womöglich viele hundert Personen gleichzeitig - einen eigenen Warenkorb verwalten.\nMan kann den Warenkorb selbst in den Cookie tun, aber das hat eine Reihe von Nachteilen. Zum Beispiel ist die Größe und Lebensdauer des Warenkorbes dann von den Limits des Browsers eingeschränkt. Zum anderen ist es dann so, daß die Daten des Warenkorbes bei jedem Request mit übermittelt werden müssen. Das macht jeden Request größer. Außerdem es macht auch bei jedem Request einen Übergang von Daten aus der Gefahrenzone \u0026ldquo;nicht vertrauenswürdig\u0026rdquo; (irgendein Browser im Internet) in die Gefahrenzone \u0026ldquo;vertrauenswürdig\u0026rdquo; (unsere Webanwendung) notwendig, und führt so zu vielen unnötigen Prüfungen der Datenintegrität.\nNormalerweise setzt man in einem Session-Cookie nur eine eindeutige Kennummer, die Session-ID. Die Daten des Warenkorbes selber speichert man in einem Datensatz auf dem Server in einem Eintrag mit genau dieser Kennung.\nBekommen wir also einen Request von einem Browser mit der sessid=17, laden wir den Datensatz für die sessid 17 und zeigen dem Kunden seinen Warenkorb an. Bekommen wir stattdessen einen Request für die sessid 18, laden wir diesen Warenkorb und zeigen diesen an.\nNatürlich wird man nicht wirklich die Zahlen 17 und 18 verwenden, sondern sehr große, zufällig gewählte Zahlen wie etwa a13bcf7a0b2fb6f9dfdebe2e0657c9e3 und 791c8d7234c56497fe23a593af3b1ab9.\nSähe ein Hacker etwa eine sessid wie 17, würde er sofort einmal nachsehen, ob es 16 und 18 gibt und welche Daten da drin stecken. Bei a13bcf7a0b2fb6f9dfdebe2e0657c9e3 sind nicht nur andere IDs schwer zu raten, sondern der gesamte Session-ID Raum ist dünn besetzt, d.h. die meisten anderen geratenen IDs gehören zu gar keiner Session.\nWas wäre, wenn es keine Cookies gäbe? Man könnte Session-IDs auch anders als mit Cookies übermitteln. Statt des Requests\nGET /shop.html Host: www.shop.com Cookie: sessid=17 könnte man zum Beispiel auch die ID in die URL tun. Der Request wäre dann zu http://www.shop.com/shop.html?sessid=17:\nGET /shop.html?sessid=17 Host: www.shop.com Oder man baut die ID in den Hostnamen ein: http://sessid17.shop.com/shop.html wäre die URL und der Request ist dann\nGET /shop.html Host: sessid17.shop.com Das Problem bei diesen anderen Verfahren ist, daß die Session-ID auf die eine oder andere Weise Bestandteil der URL wird.\nDadurch gibt man die Session weiter, wenn man die URL an jemand anders per Cut \u0026amp; Paste per Mail, Skype oder sonstwie übermittelt. Ja, die URL wird sogar unter Umständen mit der Session-ID von Suchmaschinen archiviert - eine ganz schlechte Idee, denn so bekommt jeder Benutzer der Suchmaschine dieselbe Session-ID, wenn er über die Suchmaschine in unseren Shop kommt.\nEs gibt Mechanismen, die mit diesen Problemen fertig werden und die eine URL auch dann sicher machen können, wenn sie die Session-ID in der URL enthält. Es ist aber viel besser, einen Mechanismus zu verwenden, der das Problem schon im Ansatz vermeidet - und das ist genau die Intention, die hinter der Erfindung von Cookies stand.\nCookies mit Datum und Auto-Login Eine weitere Anwendungsmöglichkeit von Cookies ist die Speicherung von Präferenzen im Webbrowser, sodaß eine Website bei folgenden Besuchen gleich so aussieht, wie vom Benutzer voreingestellt.\nDazu wird ein Cookie mit einem Expires-Wert gesendet, der dann womöglich erst sehr weit in der Zukunft seinen Inhalt verliert. Dadurch wird der Cookie nicht mehr im Browser gespeichert, sondern auf der Festplatte in der Browserkonfiguration verewigt. Er steht auch nach einem Neustart noch zur Verfügung.\nIn dem Wert des Cookies werden die Benutzer-Voreinstellungen gespeichert. Oder gar ein Login-Token, das den Benutzer eindeutig identifiziert, und das auf diese Weisen den Benutzer bei allen weiteren Besuchen auf der Site einloggt. So ein Token muß natürlich schwer zu manipulieren sein, aber wie man so etwas bauen kann ist gut verstanden.\nEin Webserver kann so ein Cookie etwa wie folgt setzen:\nSet-Cookie: Login=kris-23b9404f78d90b881175bcfc5f57b61c; domain=.shop.com; expires=Sat, 01-Jan-2030 00:00:00 GMT; path=/; Die Site hat nun Methoden, mit denen sie die behauptete Identität (kris) und den Authentizitätsbeweis (die Nummer da) zusammenführen kann. Sie kann dann ableiten, daß kris wirklich mal irgendwann in diesen Browser sein Paßwort getippt hat. Sie loggt kris nun automatisch ein - für die nächsten 20 Jahre.\nDie dunkle Seite der Kekse - Präferenzen und Tracking Gesetzte Cookies werden bei jedem Request übermittelt, der die im Set-Cookie gestellten Bedingungen erfüllt. Hat man also eine Webseite, die Bilder enthält, wird der Cookie auch bei allen Requests für Bilddateien mitgesendet.\nDer Cookie-Mechanismus hat Einschränkungen, etwa bei der Domain-Bedingung. So kann man als www.shop.com zwar einen Cookie für domain=.shop.com setzen (also auch für img.shop.com, static.shop.com und so weiter), aber nicht für .com oder gar . (alle Sites im Internet). Dieser etwas unbeholfene Mechanismus soll verhindern, daß man Cookies als Tracking-Mechanismus mißbrauchen kann.\nDenn wäre es legal, einen Cookie wie diesen für die \u0026ldquo;Domain\u0026rdquo; . (das ganze Internet) zu senden:\nSet-Cookie: ID=ee487f1423d28992ee285760875e2cb8; expires=Sat, 01-Jan-2030 00:00:00 GMT; domain=.; dann hätte man dem Browser des Benutzers für die nächsten beiden Dekaden internet-weit eine eindeutige Kennung verpaßt und könnte diesen Benutzer bequem tracken.\nLeider ist die Regel \u0026ldquo;zwei Punkte im Domainnamen\u0026rdquo; für viele Domains kaputt. Ein Beispiel: www.shop.co.uk - mit der Zwei-Punkte-Regel kann man Cookies für ganz .co.uk setzen. Deswegen haben Browser in der Regel eine sehr lange und komplizierte Liste von Ausnahmefällen, die versucht, diesen defekten Cookie-Sicherheitsmechanismus zu reparieren.\nTracking mit Cookies - und mit Javascript am Beispiel IVW Werbebanner-Generierer und Auflagenzähler umgehen das Problem sowieso auf anderen Wegen. In den Seiten von web.de und bei vielen anderen Websites findet man zum Beispiel Code wie diesen hier:\n\u0026lt;img src=\u0026#34;http://webdessl.ivwbox.de/cgi-bin/ivw/CP/264_PH;sc%3Dwebde/homepage\u0026#34; alt=\u0026#34;\u0026#34; width=\u0026#34;1\u0026#34; height=\u0026#34;1\u0026#34;/\u0026gt; Dieser Code lädt ein 1x1 Pixel großes Bild - das Bild ist ein transparentes GIF, also unsichtbar. Das Bild wird aber nicht von der Domain web.de geladen, sondern von der Domain ivwbox.de.\nVon dort bekommt man dann eine Antwort wie diese hier:\nKK:~ kris$ curl -D x \u0026#39;http://webdessl.ivwbox.de/cgi-bin/ivw/CP/264_PH;sc%3Dwebde/homepage\u0026#39; KK:~ kris$ cat x HTTP/1.0 302 FOUND Date: Sat, 05 Feb 2011 18:20:49 GMT ... Set-Cookie: i00=01914d4d94fc5da00006; path=/; domain=.ivwbox.de; expires=Sunday, 05-Feb-2012 18:20:44 GMT Es wird also der Cookie i00 mit dem Wert 01914d4d94fc5da00006 definiert. Der Cookie hält ein Jahr lang und wird für die Domain .ivwbox.de gesetzt.\nDiese Domain ist von der HTML-Webseiten-Domain web.de verschieden. Man spricht von einem Third-Party Cookie.\nImmer wenn ich Seiten von web.de lade, wird das unsichtbare Zählpixel von webdessl.ivwbox.de mit geladen und ich werde als Benutzer 01914d4d94fc5da00006 identifiziert. Die IVW kann so die eindeutig unterscheidbaren Benutzer auf web.de zählen und so eine Werbe-Auflagenstärke für web.de angeben, nach der sich der Werbepreis für Banner berechnet.\nDas Pixel ist in jeder Seite von web.de, und bei einem geladenen Bild wird im HTTP-Header Referer übermittelt, in welcher Seite das Bild enthalten war. Dadurch kann man also leicht ermitteln, welche Klickpfade der Benutzer 01914d4d94fc5da00006 auf web.de so typischerweise hat und was seine Verweildauer auf der Site ist. Verweildauern sind neben eindeutigen Benutzern wichtig, weil Sites mit langer Verweildauer bessere Werbepreise bekommen (oder was glaubt Ihr, warum es auf Facebook Spiele und Chat gibt? Genau!).\nSchließlich kann auch noch weitere Spielchen spielen, falls Javascript aktiviert ist. So findet man etwa bei web.de vor dem Counterpixel den Code\n\u0026lt;script type=\u0026#34;text/javascript\u0026#34; src=\u0026#34;http://uim.tifbs.net/js/4423.js\u0026#34;\u0026gt;\u0026lt;/script\u0026gt; der wiederum auf Umwegen die Datei http://uim.tifbs.net/js/global_4423_38.js nachlädt.\nDort wird an geeigneter Stelle ein Aufruf wie folgt gemacht:\nthis._loadPixel( this._replaceVariables( \u0026#39;//pixelbox.uimserv.net/cgi-bin/webde/__TYPE__/__CODE__;sc%3D__SC__%26jsv%3D__JSV__%26scr%3D__SCR__%26flv%3D__FLV__%26vid%3D__VID__%26vct%3D__VCT__%26res%3D__RES__%26smv%3D__SMV__%26cona%3D__CONA__%26cost%3D__COST__?d%3D__D__%26r=__R__\u0026#39; ) ); Aus dem ganzen Drumherum geht hervor, dass die Texte der Form __NAME__ Platzhalter sind, die Werten ersetzt werden, die zuvor von Javascript eingesammelt werden. FLV ist zum Beispiel die installierte Version von Flash, RES die Bildschirmauflösung und so weiter.\nDie komplette Liste findet man in der Funktion _replaceVariables() in der Javascript-Datei. Auf diese Weise bekommt pixelbox.uimserv.net, ein weiterer Zählservice, den web.de verwendet, nicht nur die Benutzeridentät per Cookie geliefert, sondern über den Pfad der URL und Javascript auch noch einen Haufen weitere Information über den Rechner und seinen Benutzer.\nDas Tracking der IVW ist jedoch ein wenig umfassender als man zunächt vermuten mag: Es wird ja nicht ohne Grund die Domain ivwbox.de statt web.de verwendet. Durch den Namen wird es möglich, den Cookie für .ivwbox.de zu setzen, also für alle Hosts in der Domain ivwbox.de.\nWenn ich also zeit.de aufrufe, wird ein Zählpixel von zeitonl.ivwbox.de geladen, wie man dort im HTML-Quelltext der Seite nachlesen kann. Dabei wird meine Identität 01914d4d94fc5da00006 von web.de ebenfalls wieder an .ivwbox.de übermittelt. Auf diese Weise wird dem Betreiber von ivwbox.de über zeitonl.ivwbox.de bekannt, daß der Benutzer 01914d4d94fc5da00006nebenweb.deauchzeit.de` nutzt. Dieses Wissen kann man natürlich gut gebrauchen, wenn man Werbebanner verkaufen will.\nÜber eine Verkettung von Daten könnte man das 01914d4d94fc5da00006-Pseudonym sogar aufdecken - wenn ich mich bei web.de einlogge, könnte man das Login kris@web.de mit der Kennung 01914d4d94fc5da00006 zusammenführen und weiß so, daß kris@web.de die Zeit online liest.\nDas Datenschutz-Nichtproblem - oder doch? web.de, zeit.de und ivwbox.de sind alles deutsche Rechner, die von deutschen Firmen betrieben werden und man sagt mir, daß das IVW-Tracking mit dem deutschen und europäischen Datenschutzrecht konform ist.\nGoogle Anaytics macht dasselbe, aber deren Server stehen nicht in Deutschland und es ist keine deutsche Firma, und daher steht deutschen Datenschützern gerade Schaum vor dem Mund. Also wohlgemerkt, nicht wegen des Trackings, sondern weil es außerhalb ihres Hoheitsgebietes stattfindet. Wenn es in Deutschland passierte wäre alles gut:\nWebsites dürfen IP-Adressen nicht ohne Erlaubnis des Nutzers in die USA übermitteln. Daher sei der Einsatz von Google Analytics in der jetzigen Form in aller Regel nach deutschem Recht nicht erlaubt, argumentiert Dix beim Treffen der Google Technology User Group Berlin.\n(Hervorherbung von mir)\nZusammenfassung Cookies sind eine gute Sache und sie zu blockieren verhindert sichere Sessions - und damit Funktionen wie Warenkörbe oder Logins. Cookies können auch verwendet werden, um Benutzer zu tracken oder andere fragwürdige Dinge zu tun. Es ist jedoch nicht der Mechanismus Cookie böse, sondern die jeweilige Anwendung ist zu untersuchen.\nWenn man eine Sicherheitseinstellung im Browser treffen möchte, dann sollte man sogenannte Third Party Cookies unterdrücken. Session-Cookies (jene ohne Expires-Datum) muß man erlauben, dennn sonst funktionieren viele Websites nicht korrekt. Cookies mit Verfallsdatum kann man erlauben, wenn man sich das Leben erleichtern möchte, oder auf \u0026ldquo;Nachfragen\u0026rdquo; stellen.\nIn jedem Fall sollte ein Adblocker zum Einsatz kommen. uBlock origin ist ein Adblocker, der von einer Person ohne kommerzille Interessen entwickelt wird. Er ist auch für Firefox erhältlich.\n","date":"2011-02-05T00:00:00Z","href":"https://blog.koehntopp.info/2011/02/05/c-is-for-cookie.html","tags":["cookie","privacy","erklaerbaer","internet","lang_de"],"title":"C is for Cookie"},{"categories":null,"content":"Drei unterschiedliche Dinge: Vergeben, vergessen und vernichten. Sie werden gerade vielfach falsch oder fälschlich synonym gebraucht. Das sollte man nicht tun.\nWir erinnern uns:\nVergessen habe ich eine Information, die ich mal hatte, und an die ich mich (Reflexiv!) nicht mehr erinnere, oder bei der ich jetzt gerade meine Kopie nicht mehr finde.\nMeistens deswegen, weil ich meine eigenen Caches in der Ablage oder in meinem Hirn als LRU organisiert habe und Daten irgendwann aus dem Cache gelöscht worden sind (oder weggeworfen worden sind), weil sie lange Zeit nicht wichtig für mich waren. Wichtige oder oft gebrauchte Sachen vergesse ich eher nicht.\nWenn ich etwas vergesse, dann heißt das nicht, daß anderer Leute Kopien deswegen auch weg sind.\nVernichten kann ich Informationen auch bei anderen: Ich dringe - legal oder illegal - in deren Bereich ein und beschlagnahme oder zerstöre alle Kopien einer Information überall, auch gegen den Willen derer, die in Besitz dieser Information sind und sie vielleicht gerne behalten möchten.\nZur Zeit euphemisieren eine ganze Menge Leute \u0026ldquo;vernichten\u0026rdquo; zu \u0026ldquo;vergessen\u0026rdquo; um.\nVergeben tue ich, wenn ich Informationen irgendeiner Art habe, und mich entschließe sie zu ignorieren oder anderweitig nie mehr zu benutzen. Etwa weil sie veraltet sind, oder weil ich meine, daß sie zu alt sind (zwei verschiedene Dinge). Oder weil ich es einfach so will. Oder weil es im Kantschen Sinne opportun ist, das zu tun.\n","date":"2011-01-18T00:00:00Z","href":"https://blog.koehntopp.info/2011/01/18/vergeben-vergessen-und-vernichten.html","tags":["internet","privacy","security","lang_de"],"title":"Vergeben, vergessen und vernichten"},{"categories":null,"content":"In der aktuellen KES findet sich der Artikel Epische Macht ( keine stabile URL , da der Archivzugang mit den stabilen URLs paßwortgeschützt und nur für Abonnenten ist).\nDer Artikel konzentriert sich auf die Machtfülle von Systemadministratoren, und prägt das Wort \u0026ldquo;Machtumsetzungsgeschwindigkeit\u0026rdquo; in Bezug auf Systemadministratoren. Damit will der Autor (Stephen Feldke) darauf abheben, daß Root-Arbeiter besonders schnell besonders viel Schaden gemessen in Mio Euro/Minute anrichten können. Der Autor zieht Parallelen zu Prokura- und Budget-Regelungen, bei denen man bei bestimmten Transaktionen absichtlich mehr als eine Unterschrift für eine Entscheidung fordert, um Prozesse künstlich zu verlangsamen und Mehr-Augen-Prinzipien zu erzwingen.\nDer Autor schlägt eine EPIS-Zertifizierung (\u0026ldquo;Extrem Privilegierte IT-Spezialisten\u0026rdquo;) für Sysadmins vor, die in kritischen Infrastrukturen nach BSI-Definition arbeiten (\u0026ldquo;volkswirtschaftlich oder gesellschaftlich besonders wichtige Institutionen, die für die Sicherheit und Stabilität eines Landes essenziell sind (u. a. Großbanken und Energieunternehmen sowie deren Dienstleister)\u0026rdquo;) . Für EPIS soll nach den Vorstellungen des Artikels eine \u0026ldquo;Zuverlässigkeits- beziehungsweise Sicherheitsüberprüfung als Pflichtmaßnahme der Risikovorsorge (möglicherweise sogar per Gesetz) vorgesehen\u0026rdquo; werden. \u0026ldquo;Die hierfür notwendige Validierung bezieht sich dabei weniger auf die fachliche Kompetenz als vielmehr auf die persönliche Zuverlässigkeit und Integrität.\u0026rdquo;\nDer Artikel hat mir beim Lesen die ganze Zeit ein Lächeln auf das Gesicht gezaubert.\nIT im allgemeinen und insbesondere der Markt für fähige Sysadmins ist ja sowieso schon in vielerlei Hinsicht ein Arbeitnehmermarkt. Verknappt man diesen Bestand durch EPIS-Requirements noch weiter, ist das für die Arbeitnehmer ein wichtiger Punkt, durch den sie ihren Wert noch weiter steigern können.\nAndererseits ist die Maßnahme offensichtlich witzlos, oder der Autor lebt in einem komplett anderen Universum als ich.\nIn meiner Welt kenne ich Unternehmen, die gar keine Rechenzentren und Rechner mehr haben, sondern komplett aus der Cloud laufen. In meiner Welt versuchen Unternehmen ihre Agilität zu erhöhen und mehrere Rollouts von Code pro Tag zu realisieren. In meiner Welt haben Unternehmen hunderte offener Stellen im Bereich IT. In meiner Welt versuchen Unternehmen ihren Systembetrieb zu automatisieren und hunderte oder tausende von Rechnern automatisch zu administrieren.\nIn dieser Welt ist eine EPIS-Zertifizierung Augenwischerei.\nSie erhöht den Organisationswiderstand gegen Prozeßveränderungen und schwächt damit die Anpassungsfähigkeit des Unternehmens an Veränderungen des Umfeldes. Sie bringt keine meßbare Verbesserung der Sicherheit, solange man nicht auch im Bereich der Feature-Entwickler und im Bereich der Infrastrukturentwickler die Prozesse mächtig aufbläst - E4 bis E6 lassen grüßen und damit geht jedwede mühsam erarbeitete Agilität verloren.\nIrgendwie kommt mir da der Wind der 90er Jahre aus dem Heft entgegen. Kann das sein?\n","date":"2011-01-04T00:00:00Z","href":"https://blog.koehntopp.info/2011/01/04/der-managementansatz-zum-thema-sicherheit.html","tags":["devops","security","lang_de"],"title":"Der Managementansatz zum Thema Sicherheit..."},{"categories":null,"content":"Es ist ein Fehler anzunehmen, die CDU hätte in NRW gegen den JMStV gestimmt, weil sie inhaltlich gegen den JMStV gewesen wäre - keine der Parteien irgendwo in Deutschland hat aus inhaltlichen Gründen für oder gegen den JMStV gestimmt, sondern das ganze war eine einzige Macht-Taktiererei - eine Farce . In NRW war es so, daß die minderheitsregierenden Parteien sich mit Enthaltungen aus der Verantwortung stehlen wollten, und die CDU deswegen angekündigt hat, gegen das Ding zu stimmen, weil sie Rotgrün so zwingen konnte, Stellung zu beziehen und so im vorübergehen billig jemanden eins reinwürgen.\nEs ist auch ein Fehler anzunehmen, daß eine Ablehnung des JMStV ein Sieg wäre. Damit meine ich nicht Kurt Beck, der mit seiner Ankündigung der nuklearen Sperrverfügungsoption seine Offlinigkeit dokumentiert und sich damit final in die Riege der Politikergeneration einreiht, die wegen mangelnder Zukunftstauglichkeit dringend abgetreten werden muß.\nSondern ich meine damit, daß es immer noch notwendig ist, die gesellschaftliche Diskussion über Jugendmedienschutz ins 21. Jahrhundert zu holen und klar zu machen, daß das Schutzmodell in einer vernetzten Gesellschaft auf keiner Ebene funktioniert. Weder sind noch Mittler da, die soziale Kontrolle ausüben können, noch sind die Anreize da, die das System bei Film und Spielen am Leben halten, noch ist das Bewertungssystem großflächig erfolgreich vermittelbar. Erziehung ist nicht mit Filterprogrammen automatisierbar, und die Welt ist größer als Deutschland - diese Erkenntnis muß halt rein in die Köpfe.\nIch bekam eine Anfrage per Mail:\nHallo Kristian,\u0026hellip;Hättest du nicht Lust, einen Gastbeitrag [ zu Filtersoftware ] bei uns zu schreiben?\nDas habe ich nun drei Mal angefangen und den Text wieder weg geworfen - daher auch die langsame Reaktion. Das Thema macht mich müde, oder ich werde, wenn ich nicht müde werde, zu spitzzüngig für eine sinnvolle Diskussion. Es ist nicht so, daß es kompliziert zu verstehen wäre, wenn man sich denn einmal von der Beschützen-Ideologie des existierenden Jugendschutzes frei macht und sich ansieht, was denn die zu lösenden Probleme bedeuten. Das passiert nur niemals, jedenfalls nicht auf einer gesellschaftlichen Ebene, die nahe genug an der Politik ist, denn dafür sind die Konsequenzen zu unbequem.\nDie Kinder-müssen-beschützt-werden Fraktion hat versucht, Inhalte mit Schlüsselworten und dem Zählen von hautfarbenen Pixeln automatisch zu bewerten, schon 1996.\nDas ist ein Unterfangen, das zwangsläufig scheitern muß, denn es versucht Syntax, Kriterien der äußeren Form, zu definieren, um davon ein moralisches oder ethisches Urteil abzuleiten (\u0026ldquo;Diese Inhalte sind schlecht oder für Kinder nicht geeignet.\u0026rdquo;).\nWäre dies so einfach, könnten wir Juristen durch Roboter ersetzen, ja sogar als menschliche Rasse zur Gänze beruhigt abtreten, da wir Maschinen geschaffen haben, die Moral und Ethik haben - das ist nichts weniger als die Singularität, das Nirvana der KI, die Vereinigung von Mensch und Maschine. Aber die Tatsache, daß dieser Ansatz aus technischer Sicht so offensichtlich lächerlich ist, hält niemanden davon ab, ihn auch 2010 noch zu propagieren - natürlich nicht mehr als ausschließliches Kriterium, sondern lediglich \u0026rsquo;ergänzend, wenn keine weitere Kriterien zur Verfügung stehen'.\nIn der zweiten Welle haben die Kinderbeschützer dann versucht, mit PICS ein System zu schaffen, mit dem man beliebige Labels an Content kleben kann - sogar das heutige \u0026ldquo;ab x Jahren\u0026rdquo;-System kann man in PICS darstellen, es besteht kein Grund, dafür de-xml dilettantisch neu zu definieren. PICS, heute POWDER, hätte im Gegensatz zu de-xml außerdem den Vorteil, daß dafür bereits haufenweise Software existiert, die solches Zeugs verstehen kann.\nDamals, wir sind inzwischen so um 1999 herum, hat man Ratingsysteme mit quasi-objektiven Kriterien definiert. In RSAC zum Beispiel gab es vier Kategorien (Gewalt, Sex, Nacktheit und Sprache), und in jeder Kategorie dann wiederum fünf Stufen - Gewalt zum Beispiel wird von 0 (Harmloser Konflikt, leichte Sachbeschädigung), 1 (Lebewesen werden verletzt oder getötet, Sachbeschädigung), 2 (Menschen werden verletzt oder getötet, wenig Blut), 3 (Menschen werden getötet, Blut und Splatter) und schließlich 4 (Unnötige und graphische Gewaltdarstellung, Folter, Vergewaltigung) unterteilt. Für die anderen Kategorien werden ähnliche Unterteilungen vorgesehen.\nAuch das ist natürlich wieder eine Syntax, ein formaler Regelsatz, der zu einem Werturteil führen soll. Und natürlich kann man hier bei Kenntnis der Regeln leicht pathologische Fälle finden, die sogar häufig sind, und bei denen jedes System bei korrekter Anwendung der Regeln - nein, wegen korrekter Anwendung der Regeln - zu nicht akzeptablen Ergebnissen kommt.\nWas es braucht, so die Beschützerfraktion, ist also ein Bewertungssystem, das subjektiv ist, also eines bei dem der Sender (derjenige, der das Label an einen Inhalt klebt) ein Urteil im kulturellen Kontext eines Rezipienten (genauer: aller möglichen Rezipienten des betroffenen Kulturkreises) treffen muß. Das ist natürlich unmöglich - wer es nicht glaubt, mag sich gerne eine Diskussion zwischen \u0026ldquo;Gamern\u0026rdquo; und beliebigen Politikern zum Thema First Person Shooter anhören (\u0026ldquo;Killerspiele vs. Spielekiller\u0026rdquo;). Oder sich die Beispiele ansehen, die der AK Zensur und Alvar Freude herausgesucht haben, um sie durch Laien nach dem aktuell propagieren \u0026ldquo;Ab x Jahren\u0026rdquo;-System bewerten zu lassen - mit einer Fehlerquote von 80%.\nWer hier an einen erzielbaren gesamtgesellschaftlichen Konsens glaubt, der hat die Postmoderne verschlafen.\nWieder 11 Jahre zurück. Schon in der vom BMWi in Auftrag gegebenen Studie \u0026ldquo;Jugendschutz und Filtertechnologien im Internet\u0026rdquo; (PDF ) kam man zu der Erkenntnis, das Kinder und Jugendliche Filter nicht zu umgehen versuchen würden, würden sie sie als nützlich empfinden. Sie werden nicht als nützlich empfunden, da die Beschützer- und Filterbefürworter offiziell noch immer die Aufgabe eines Jugendschutzprogrammes falsch formuliert.\nDie Aufgabe eines Jugendschutzprogrammes ist es eben genau nicht, jugendgefährdende Inhalte zu blockieren.\nWäre es so einfach, wäre das Problem leicht lösbar: Man sperrt einfach alle Seiten ohne Label (\u0026ldquo;Keine Einstufung nach \u0026hellip;\u0026rdquo;) wie man es bei Videospielen und Filmen auch tut, und niemand klebt ein Label an seine Inhalte. Mithin sind alle Seiten gesperrt, also auch alle jugendgefährdenden Inhalte aller Altersstufen.\nDas ist Overblocking, und nicht akzeptabel.\nDie korrekte Formulierung der Aufgabe ist eben \u0026ldquo;Damit Jugendschutzprogramme erfolgreich sein können, müssen ihre Filter alle jugendgefährdenden Inhalte blockieren und alle nicht jugendgefährdenden Inhalte durchlassen. Overblocking, false-positives, das Sperren von nicht jugendgefährdenden Inhalten sind genau so ein Problem wie Underblocking, false-negatives, das Durchlassen von jugendgefährdenden Inhalten.\u0026rdquo;\nDas ist ein viel schwierigeres Problem als das Blockieren von jugendgefährdenden Inhalten. Daher geht mit der Propagierung des Konzeptes \u0026lsquo;Filterprogramm mit Label\u0026rsquo; zwingend auch die Konstruktion einer Pflicht zur Labelung von Inhalten einher, wenn das Konzept \u0026lsquo;Filterprogramm mit Label\u0026rsquo; ein Erfolg werden soll. Streng genommen müßte man idealerweise sogar dazu verpflichten, das minimale gerade noch akzeptable Label zu wählen.\nIn den vergangenen 11 Jahren seit der o.a. Secorvo/BMWi-Studie sind überhaupt keine Fortschritte in der öffentlichen Diskussion gemacht worden. Weder wird die Aufgabenstellung korrekt formuliert, noch werden die sich daraus ergebenden Konsequenzen thematisiert, die wegen der Overblocking/Underblocking-Problematik lauten:\nPflicht zur Bewertung, Pflicht zur minimalen Bewertung Bindung von Bewertungen an Inhalte mit einer PKI, damit eine Verfälschung oder Entfernung der Labels auf dem Web zum Rezipienten a la odem.org nicht möglich ist Definition eines subjektiven Bewertungssystems, also Verpflichtung des Senders, die Erziehungs-Wünsche und Moralvorstellungen aller Empfänger zu antizipieren, da quasi-objektive Systeme nicht funktionieren Es ist natürlich Absicht, daß das nicht thematisiert wird. Würde man es tun, wäre sofort erkennbar, daß jeder Ansatz, der auf Jugendschutzlabels und Filtern basiert zwingend zum Scheitern verurteilt wird - die Liste da oben sind offensichtlich unmögliche Forderungen.\nWir leben in einer Gesellschaft mit Technologie, die es beliebigen Personen - auch Kindern - ermöglicht, sich ad-hoc zu vernetzen und Daten auszutauschen. Das kann per Speicherkarten gehen, USB-Stick, Bluetooth, lokale Wi-Fi-Hotspots, lokale ad-hoc Kabelnetze wie auf LAN-Parties, P2P-Netzwerkstrukturen auf dem Substrat des Internet oder Darknets wie tor und Freenet. Oh, und normalen Internet-Zugriffen, einige davon mit unverschlüsseltem http.\nDas bedeutet, daß jede beliebige Person Inhalte beliebig publizieren kann. Ein Ansatz, bei dem auf Mittler eingewirkt wird, wie es beim klassischen Urheberrecht, Jugendschutz und anderen sozialen Kontrollinstanzen der Fall war, funktioniert hier nicht, da es keine Mittler mehr gibt. Anbieter und Konsumenten von Inhalten finden sich und vernetzen sich nach Bedarf und ohne Einschaltung von Dritten, müssen einander nicht persönlich kennen und für den Datentausch nicht persönlich Kontakt haben, und eine Alterung der Kopien über Generationen des Duplizierungsprozesses findet nicht statt.\nKindern und Jugendlichen Inhalte vorzuenthalten (\u0026ldquo;sperren\u0026rdquo;) funktioniert schlicht nicht mehr, schon im Ansatz nicht.\nSperren ist auch weniger wichtig als die Beschützer-Fraktion denkt. Malte Welding formuliert es in einem Blogartikel so: \u0026ldquo;Obst verdirbt, Kinder nicht, Kinder schalten ab.\u0026rdquo;. Wichtiger ist es, eine Wertung zu vermitteln, wenn Kinder Inhalte wahrnehmen. \u0026ldquo;Medienkompetenz vermitteln\u0026rdquo; ist konkret umgesetzt genau das: Kindern zu lehren, daß es erstens okay ist, bestimmte Dinge im Netz schlecht zu finden und ihnen zweitens klar zu machen, welche Dinge wir bei unserem Stamm schlecht und welche wir gut finden.\nWollte man bei dem gesellschaftlichen Diskurs um den Jugendschutz Fortschritte machen, ist es wichtig zu lernen, zu verstehen und zu akzeptieren, warum dies die einzige Möglichkeit ist, die uns im Angesicht moderner Technologie bleibt.\nIch denke, der Jugendmedienschutz ist ein gutes Beispiel dafür, wie mangelhaft die Zusammenarbeit zwischen Juristen und Technikern oft ist.\nIch denke, der Jugendmedienschutz ist ein gutes Beispiel dafür, wie Menschen versuchen, Heil in der Entwicklung von Technologien zu suchen, wenn Technologie für die Lösung der gestellten Aufgabe komplett ungeeignet ist. Aus der oben dargelegten Folge von Erfahrungen und Überlegungen wird hoffentlich klar, warum gerade Techniker bei dem Problem prinzipbedingt nichts hilfreiches beitragen können.\nSchon das Wort ist falsch. Es geht nicht um JugendmedienSCHUTZ. Das kann 2010 nicht funktionieren. Es hat schon 1996 nicht funktioniert. Was wir brauchen ist JugendmedienERZIEHUNG. Durch Menschen. Mit Werten und Überzeugungen.\nUnd nicht einen netzwerkweiten Schutzroboter.\nEgal wie es mit dem JMStV in nächster Zukunft läuft - verändern kann man nur etwas, wenn man sich über Alternativen Gedanken macht. Könntest du dir vorstellen, da mit uns zusammen einen ersten Schritt zu machen?\nWie gesagt, ich bin dieser Diskussion unsagbar müde. Ich führe sie seit fast 15 Jahren. Den Text da oben könnt Ihr verwenden, falls Ihr den brauchbar findet.\nGruß, Kris\n","date":"2010-12-15T00:00:00Z","href":"https://blog.koehntopp.info/2010/12/15/ein-paar-zwischenbemerkungen-bevor-der-tanz-wieder-losgeht.html","tags":["blog","jugendschutz","lang_de"],"title":"Ein paar Zwischenbemerkungen, bevor der Tanz wieder losgeht"},{"categories":null,"content":"Heute war ich auf einer Schnitzeljagd, als Kennenlernspiel und Teambuilding-Exercise.\nSo die Theorie. 2010 läuft so etwas anders.\nGeht zu dem und dem - betriebsbedingt - Hotel. Google Maps an. Ah, dort ist es. Da gehen wir dann hin, walking navigation (experimental). Funktioniert.\nHier ist Eure nächste Aufgabe. Firmenbedingt Fragen zum Hotelbusiness. Wir sind IT, keine Hotel-Leute. Man kann uns die Antworten zu den Fragen in einem Vortrag erklären, oder wir können \u0026ldquo;raten\u0026rdquo;: 5 Leute in der Gruppe, 5 Smartphones auf dem Tisch. Wettgooglen.\nHier ist Eure nächste Aufgabe:\nBild . 2 Laptops auf dem Tisch, die Leute zücken Perl. Leider ist die Aufgabe unterspezifiziert, und je nach Interpretation der Grenzbedingungen kommen unterschiedliche Lösungen raus. Leider blockiert der Safe nach 3 Fehlversuchen für 15 Minuten.\nNach mehr als einer Stunde geben wir das Programmieren auf und wenden uns Google zu.\nErgebnis: Lösung und Quellenangabe . Ist recht. Nächstes Mal denken wir gar nicht und suchen nur noch.\nIm Safe Fotos von Gebäuden, betriebsbedingt Hotels nahe Wahrzeichen. Frage: Welche Städte? Antwort: Google Goggles. Ich sagte ja schon, daß wir Smartphones haben. Ergebnis 1: Das Konzept Schnitzeljagd degeneriert in der Nähe von permanent verfügbarem Online zu \u0026lsquo;Teste Dein Google-Fu\u0026rsquo;.\nErgebnis 2: Serialisierung der Schnitzeljagd (Frage n-1 muß gelöst werden, damit man die Frage n erhält) war schon vor dem Internet ein doofes und langweiliges Konzept. Mit 15 Minuten Lockout da drin generiert es bloß sinnlosen Frust.\nKönnen wir bitte nächstes Jahr was sinnvolles machen?\n(Cyborg , Cyborg )\n","date":"2010-12-15T00:00:00Z","href":"https://blog.koehntopp.info/2010/12/15/schnitzeljagd-2010-die-rache-der-cyborgs.html","tags":["community","cyborg","internet","work","lang_de"],"title":"Schnitzeljagd 2010 - Die Rache der Cyborgs"},{"categories":null,"content":"Neulich hatte ich wieder einmal die Standard-Diskussion mit jemandem, der gegen IPV6 war, weil er dann ja kein NAT mehr habe. Dadurch, so die Argumentation, würde er ja die Sicherheitsfunktionen verlieren - derzeit verhindere sein Türstopper-Plastikrouter halt, daß man seine internen Rechner von außen angreifen könne.\nDiesen Zahn zu ziehen ist oft eine schmerzhafte Operation. Aber schon immer galt: NAT ist kein Sicherheits-Feature. Ganz besonders nicht das NAT, das auf einem Türstopper-Plastikrouter läuft.\nNAT steht für Network Address Translation, und bezeichnet in der Regel das Umschreiben von Original-IP-Nummern und Original-Portnummern auf Ersatz-IP-Nummern und Ersatz-Portnummern \u0026lsquo;im Flug\u0026rsquo;, also während des Routingvorgangs.\nAusgehendes Paket erzeugt Eintrag in der NAT State Table.\nIm Beispiel wird ein ausgehendes IP-Paket von einem Rechner im LAN versendet. Der Rechner hat die IP-Nummer 192.168.1.4, und das Paket wird von Port 33231 aus abgesendet. Es ist an einen Rechner 134.245.74.3 addressiert, und ist vermutlich ein Webzugriff, da es dort an den Port 80 zugestellt werden soll.\nDie Nummer 192.168.1.4 ist eine Nummer aus einem sogenannten RFC-Netz (gemeint ist RFC 1918 , der IP-Nummern für die Verwendung in privaten Netzwerken definiert). Sie kann draußen, im \u0026lsquo;richtigen Internet\u0026rsquo; nicht verwendet werden und muß durch NAT ersetzt werden, damit der Rechner im privaten Netz überhaupt auf das Netz zugreifen kann.\nDer Router, der die Verbindung in das Internet aufrecht erhält, hat nur eine einzige externe IP-Nummer, da IP V4 Adressen knapp sind . Er wandelt die Absender-Adresse 192.168.1.4 in seine eigene Adresse um - und setzt im Beispiel 198.32.16.8 ein. Er überschreibt auch die Portnummer 33231 mit einer Portnummer, die bei ihm frei ist, im Beispiel also 2001.\nDann sendet er das modifizierte Paket ins Internet.\nDurch den Eintrag in der State Table wird jedes auf Port 2001 eingehende Paket an den internen Host weiter geleitet.\nSo weit so gut. Der Router muß aber auch mit einem Antwortpaket fertig werden und dies an den internen Rechner zustellen können. Er legt sich also eine Tabelle an, in der er vermerkt: \u0026ldquo;Eintreffende Pakete auf Port 2001 an 192.168.1.4:33231 zurück leiten\u0026rdquo;. Durch diese NAT State Table kann er für ein auf Port 2001 eintreffendes Paket die Rückumwandlung vornehmen.\nDies ist die einfachste Mögliche NAT-Implementierung (ein Full Cone NAT nach RFC 3489 ) - und die, die am wenigsten Speicher verbraucht, denn diese Variante verbraucht pro aktiver \u0026ldquo;Verbindung\u0026rdquo; am wenigsten Speicher, und Speicher ist auf einem Plastik-Türstopper nun einmal begrenzt.\nUnd selbst dann kann diese interne Tabelle so groß machen, daß der Speicher des Türstoppers einfach überläuft und er sich spontan resettet, etwa wenn das innere Netz eine WG ist, auf der 3 oder 4 Leute gleichzeitig P2P-Programme laufen lassen, von denen jedes pro Download an die 200 Einträge in der NAT State Table belegt.\nLeider ist diese NAT-Implementierung so einfach, daß bei auf Port 2001 eintreffenden Paketen keine Information darüber vorliegt, von wo diese eintreffen dürfen. Jedes beliebige Paket von Port 2001 wird also nach innen weitergeleitet - das solche, die von irgendwelchen anderen IP-Nummern außen aus dem Internet abgesendet werden.\nBessere Sicherheit bietet ein volles Verbindungstracking, das ein richtiges symmetrisches NAT zur Verfügung stellt, und das insbesondere auch TCP versteht und das Ende einer Verbindung erkennt, um in diesem Fall den Eintrag in der NAT State Table zeitgerecht wieder abzuräumen.\nWenn man diese Logik aber erst einmal implementiert hat, dann kann man auch gleich eine vollständige Firewall mit Connection Tracking implementieren (oder kostenlos dazu bekommen, weil man in diesem Fall wahrscheinlich sowieso ein embedded Linux auf dem Router am Laufen hat), und dann kommt die Sicherheit nicht vom NAT, sondern von der Firewall.\nWer also sein Netzwerk schützen will, der sollte nicht NAT verwenden, sondern sich eine gescheite Firewall installieren und dann sinnvoll konfigurieren. Machen andere Läden mit erhöhten Sicherheitsanforderungen auch genau so.\n","date":"2010-11-28T00:00:00Z","href":"https://blog.koehntopp.info/2010/11/28/nat-ist-kein-sicherheitsfeature.html","tags":["computer","internet","security","lang_de"],"title":"NAT ist kein Sicherheitsfeature"},{"categories":null,"content":"Ich habe ja lange Zeit gehofft, daß die Medien als Gruppe irgendwann einmal die Kurve kriegen und es schaffen, sich vom Begriff des \u0026ldquo;friendens\u0026rdquo; und \u0026ldquo;likens\u0026rdquo; in den diversen sozialen Netzen zu lösen und auf die Funktionalität zu schauen, die sich hinter diesem Begriff versteckt. Aber auch hier scheint es sich um einen Fall zu handeln, bei dem ein alter Begriff in einem neuen Kontext verwendet wird, und bei dem die alten Bedeutungen und Konnotationen so sehr überschatten, daß das Neue keine Chance hat.\nAktuell scheitert Miriam Meckel an Facebook, und versteigt sich bei den Freunden von Jeff Jarvis über Dunbar und Montaigne zu Aristoteles. Die falsche Richtung. Guck nach vorne Miriam: Was macht ein \u0026lsquo;+1\u0026rsquo; oder ein Like-Button genau?\nGenau, er abonniert ein Statusabonnement - ich bekomme einen Kanal mehr, den Facebook auf meinem Wall aggregiert und unter die Meldungen meiner anderen Abos mischt. Er macht also genau das, was ein RSS \u0026lsquo;subscribe\u0026rsquo; macht, und könnte genauso gut auch \u0026lsquo;subscribe\u0026rsquo; heißen. Anders als ein RSS Abo ist Facebook aber symmetrisch: Ich abonniere Deine Statusupdates und Du bekommst dafür meine.\nDabei ist Facebook unglaublich schlecht und trennt zum Beispiel nicht automatisch nach Sprachen, nutzt den Social Graph nicht zur automatischen Gruppierung und bietet auch sonst nur sehr rudimentäre Filterfunktionen an. Zudem wäre es in vielen Fällen sinnvoll, tatsächlich wie bei RSS oder Twitter ein unidirektionales \u0026lsquo;Subscribe\u0026rsquo; alias \u0026lsquo;Follow\u0026rsquo; zu haben, denn oft will ich den Statusmeldungen einer Person folgen, ohne daß die meine irrelevanten Posts lesen müssen (Facebook hat dafür andere Seitentypen, und im Grunde ist das einer der Unterschiede zwischen \u0026lsquo;+1\u0026rsquo; und \u0026lsquo;Like\u0026rsquo;).\nAber das zu verstehen und auseinander zu dividieren ist von einem Qualitätsjournalisten vielleicht ein wenig viel verlangt.\n","date":"2010-11-24T00:00:00Z","href":"https://blog.koehntopp.info/2010/11/24/freunde-und-soziale-netzwerke.html","tags":["internet","social networking","lang_de"],"title":"\"Freunde\" und soziale Netzwerke"},{"categories":null,"content":"Stuxnet ist ein maßgeschneiderter Computervirus, der zwei bislang unbekannte Windows-Sicherheitslücken ausnutzt, um bestimmte Windows-Versionen zu infizieren. Das ist deswegen spannend, weil Windows-Sicherheitslücken dieser Art in letzter Zeit nicht mehr so leicht zu finden sind - sie werden inzwischen gehandelt und ernsthaft für viel Geld verkauft. Jemand hat gleich zwei dieser Lücken verbrannt, um diesem Virus das Eindringen in bestimmte Systeme zu ermöglichen. Jemand hat außerdem zwei taiwanischen Treiberfirmen ihre Zertifikate geklaut, um signierten Gerätetreiber-Code in diese Rechner einschmuggeln zu können, ohne daß dabei die Sicherheitswarnleuchten angehen.\nStuxnet macht nicht viel, solange er nicht auf einer bestimmten Sorte Rechner ist, nämlich einem Rechner, an dem eine bestimmte Art von Siemens Prozeßrechner mit einer bestimmten Konfiguration von Spezialhardware angeschlossen ist, die mit bestimmten Parametern betrieben wird. Die bekannten Daten passen recht genau auf eine Anlage, wie sie im Iran zur Anreicherung von spaltbarem Material für Atombomben gebraucht wird.\nDas ganze Profil deutet auf eine Entwicklung hin, die mit großer Sorgfalt, Sachkenntnis und viel Zeit und Budget und einem spezifischen Testumfeld gemacht worden ist, damit sie im genau definierten Ziel eine schwer aufzuspürende, aber nachhaltige Schadwirkung entfaltet. Kurz: Es ist das Werk einer Regierung, und angesichts des Zieles ist der Kreis der Auftraggeber überschaubar.\nAnderswo sinniert man nun über die Auswirkungen, die Variationen dieses Codes haben könnten, wenn sie aus den Händen von Regierungen in die Hände von Nichtregierungen gelangen. Äh, ja.\nDas wird mit Sicherheit passieren. Aber genau genommen ist das gar nicht notwendig. In ganz vielen Fällen ist ausreichend, daß die Machbarkeit einer Sache bewiesen wird und das Konzept grob beschrieben wird, um viele Stellen zu ermutigen, auf diesem Gebiet eigene Forschungen und Entwicklungen zu betreiben. Wir können davon ausgehen, daß die organisierte Kriminalität in Regierungs- und Nichtregierungsorganistionen in diesem Moment große Forschungsbudgets in diese Richtungen mobilisiert - ein digitales Wettrüsten hat begonnen.\nIm Fadenkreuz stehen die vergessenen Rechner - in Milliarden von Geräten stecken Komponenten, die nicht unter dem Gesichtspunkt aktiver Angriffe entwickelt und installiert worden sind. Einige von ihnen sind vernetzt. Keines von diesen Geräten hat in den letzten 10 Jahren signifikate Sicherheitsupdates erhalten und für viele Geräte gibt es nicht mal mehr welche, oder hat es nie welche gegeben.\nIch weiß zum Beispiel von Zugangskontrollsystemen, die immer noch von Maschinen mit Windows NT 4 gesteuert werden, und von Banken, in denen das fast das gesamte Netz eine einzige Layer 2 Broadcastdomain ist. Wieder anderswo schiebt man sicherheitsrelevante Kontroll- und Steuerinformationen mit FTP oder gar FTAM unverschlüsselt durch die Gegend. Letzteres könnte man getrost als Security By Obscurity definieren, wenn denn die interessanten Daten nicht mit einem \u0026ldquo;strings\u0026rdquo; auf ein paar Capture-Dateien lesbar wären. Wieder andere Leute definieren Protokolle für P2P Verkehrsleitsysteme mit Ad-Hoc Netzen zwischen fahrenden Automobilen, die Abstands- und Geschwindigkeitsinformationen austauschen, die das Fahrverhalten des Fahrzeuges beeinflussen sollen und die nur unzureichend authentisiert und gegen Manipulation gesichert werden.\nAnderswo hat man das Steuersystem für die Weichen einer Straßenbahn komplett ungesichert über Infrarot exponiert.\nBisher hat man Security in diesen Bereichen eher als Nebensache behandelt und Bedrohungen als etwas hypothetisches eingestuft.\nDiese Zeiten sind vorbei.\nMit ein wenig Glück sehen wir dank Stuxnet jetzt in diesem Bereich endlich ein wenig mehr Engagement im Bereich Security, das vielleicht auch über bessere Türschlüssel hinausgeht. Aber bis sinnvoll definierte und kryptographisch gesicherte Protokolle in diesen Bereichen flächendeckend etabliert sind wird noch viel Zeit vergehen . Und man wird vorhandene ungesicherte Protokolle als Träger verwenden , oder Security optional machen - das hat alles noch massenhaft Potential für Fail.\nViel Spaß (auch beim Lesen).\n","date":"2010-11-18T00:00:00Z","href":"https://blog.koehntopp.info/2010/11/18/stuxnet-das-beste-was-uns-allen-passieren-konnte.html","tags":["internet","security","lang_de"],"title":"Stuxnet - das Beste, was uns allen passieren konnte"},{"categories":null,"content":"Beim Durchstöbern der verschiedenen NoSQL-Datenspeicher stellt sich mir die Frage, wieso man das alles überhaupt will. Genauer: Was genau ist das Problem, das man mit NoSQL lösen möchte?\nDiejenigen Leute, die NoSQL-Lösungen einsetzen, haben in der Regel die Schwierigkeit, daß ihre Datenmenge größer wird, als man auf einer einzelnen Maschine mit der geforderten Servicequalität handhaben kann.\nIm Webbereich sind die Anforderungen für interaktives Browsen oft so, daß man die gewünschten Antwortzeiten nur dann erreichen kann, wenn die dabei verwendeten Datenbanken ihre Daten und Indices zum allergrößten Teil im RAM halten können. Verfügbarkeit und Preis von Speicher sind aber Grenzen gesetzt - mit aktuellen Nehalem-Kisten zum Beispiel liegt der Sweet-Spot irgendwo bei 48G oder 96G Hauptspeicher, die Datenbankgröße für solche zeitkritischen Systeme also nach meinen Erfahrungen zwischen 100G und 200G.\nErst wenn Benutzer nicht mehr interaktiv browsend mit der Anwendung interagieren kann man sich längere Antwortzeiten erlauben. Wird ein Schritt zum Beispiel als \u0026ldquo;Buchung\u0026rdquo; angesehen, ist der Benutzer bereit, bis zu 10x längere Reaktionszeiten hinzunehmen (2 Sekunden statt 0.2 Sekunden, ohne Fortschrittsbalken, und bis zu 20 Sekunden mit einem Fortschrittsbalken).\nPartition visualisiert\nGesucht ist also Technologie, die es mir erlaubt, ein Datenbankschema über mehr als eine Maschine zu verteilen. Je weniger ich dabei in meiner Anwendung davon sehe oder merke, um so schöner.\nUm ein großes Schema zu verteilen muß ich meine Daten partitionieren. Das heißt, ich muß eine Menge (an Daten) in Teilmengen zerlegen, sodaß die Teilmengen sich nicht überlappen und ihre Vereinigung wieder die Gesamtmenge ergibt. Liegen die Teilmengen alle zusammen auf einer Maschine reden wir in der Regel von einer Partition. Liegen sie auf verschiedenen Maschinen reden wir in der Regel von Sharding (von Shard, Splitter).\nDie manuelle Vorgehensweise zum Sharding ist, ein Schema funktional zu zerteilen. Dabei wird man alle Tabellen, die mit Funktionalität a zu tun haben auf einen Server verlegem und alle Tabellen, die mit Funktionalität b befaßt sind auf einen anderen Server. Das geht aber immer noch davon aus, daß eine Tabelle zur Gänze auf einer einzelnen Maschine gehalten werden kann und es setzt auch voraus, daß man sich Gedanken darüber macht, was man wie warum wo hin schiebt. Der manuelle Ansatz hat den Vorteil, daß man mit konventionellem Denken noch weiter kommt und auch konventionelle Abfragen innerhalb einer Maschine noch wie erwartet funktionieren.\nAutomatisches Sharding\nAnsätze zum automatischen Sharding nehmen auf solche Dinge weniger Rücksicht: Ich kann für jede Zeile jeder Tabelle auf irgendeine Weise eine Maschinenadresse berechnen und den entsprechenden Datensatz dann auf diese Maschine verschieben. Der automatische Ansatz hat den Vorteil, daß es keine absoluten Skalierungslimits mehr gibt, sondern daß man die Datenmenge und die Systemleistung \u0026ldquo;einfach\u0026rdquo; dadurch skalieren kann, daß man mehr Maschinen zum Cluster hinzu fügt.\nDer automatische Ansatz hat auch einen Preis:\nVon den anderswo erklärten Operationen der Relationenalgebra sind einige nun recht teuer geworden - der SQL-Join und die SQL-Aggregation.\nFür den Join stellt sich das Problem, daß man zwischen Tabellen eine Verknüpfung erzeugen will, die zur Gänze oder in Teilen auf unterschiedlichen Maschinen in einem Cluster liegen können. Je nachdem welcher Join-Algorithmus verwendet wird, kann dabei sehr viel Netzwerk-Kommunikation notwendig werden.\nDas gilt um so mehr, wenn wir uns in Erinnerung rufen, daß wir dieses ganze Sharding-Geschäft angefangen haben damit wir alle Daten im Speicher halten können - Netzwerk-Latenzen werden also leicht die dominierenden Kosten bei der Berechnung eines Joins (typisches Beispiel für die Probleme bei einem Join über das Netz in MySQL Cluster).\nCondition Pushdown\nMySQL Cluster und VoltDB sind beides Produkte, die immerhin versuchen, einen Join über das Netz durchzuführen, und der Ansatz ist vergleichbar: Anstatt die Daten zu dem Knoten zu transferieren, der den Join ausführt, werden Teile der Query extrahiert und zu den Daten transportiert. MySQL Cluster versucht das dynamisch und automatisch zu machen und nennt das Condition Pushdown (Webinar zu MySQL Cluster Condition Pushdown , In Pursuit Of The Holy Grail , über Condition Pushdown in Cluster). VoltDB verlangt stattdessen, daß das statisch und vorab gemacht wird: Die Entwickler müssen alle Abfragen als Stored Procedures in Java schreiben und zur Laufzeit werden dann nur noch Stored Procedures abgerufen.\nIm recht uneinheitlichen Bereich der NoSQL-Nondatenbanken hat man im wesentlichen zwei Ansätze um mit dem Problem umzugehen. Für die untere Schicht der NoSQL-Datenbanken (\u0026ldquo;Key Value Stores\u0026rdquo;) besteht die Lösung schlicht darin, das Problem zu ignorieren, äh, dem Anwendungsprogrammierer zur freien Modellierung zu überlassen. In der Praxis kommen dann zwei Ansätze vor, die der Anwendungsprogrammierer verwendet um eine Lösung zu modellieren.\nDer eine Ansatz programmiert das Äquivalent eines Full Table Scans in der Anwendung nach, d.h. um die gesuchten Daten zu finden wird die gesamte Datenbank in die Anwendung runtergeladen und der nicht gewünschte Teil der Daten verworfen. Diese Lösung wird vor allen Dingen von den Anbietern von Netzwerkequipment favorisiert.\nDer andere Ansatz nimmt den Join vorweg, d.h. er speichert als Teil des Value jedes Key-Value Paares ein Array von Zeigern auf die verknüpften Knoten. Lädt man den Ausgangsknoten runter, bekommt man mit dem Zeigerarray auch eine Liste von Referenzen, denen man folgen kann, um die verknüpften Daten zu finden.\nNetwork Model (Quelle )\nAutomatisiert man das und das Handhaben der Backreferences, hat man eine Zeitreise in das Jahr 1969 durchgeführt und IMS neu erfunden (ersatzweise auch eine XML-Datenbank oder LDAP erfunden). Immerhin ist es jetzt verteilt.\nIn den NoSQL-Datenbanken, die ein wenig mehr Struktur in den Daten unterbringen findet man nun entweder solche Mechanismen, die Referenzen auf Daten und ihre Backreferences automatisieren, d.h die sogenannten Dokumentendatenbanken sind in Wahrheit Netzwerkdatenbanken.\nOder man arbeitet mit Dokumenten und Subdokumenten, speichert also statt Zeigern auf Objekte erster Ordnung (Dokumente) jetzt einfach die Objekte selbst literal in den ihnen übergeordneten Objekten (man speichert Subdokumente in Dokumenten). Das ist noch schlechter, weil man damit zugleich hybride, nicht-opake und nicht stabile Identifier bekommt, wenn man mit Subdokumenten arbeitet: Statt das Dokument 17 (Subdokument von 3) direkt über seine ID referenzieren zu können (egal wie es in 3 verschachtelt ist oder ob es in 3 und in 5 gleichermaßen referenziert wird), redet man jetzt von 3.owner.name[2], also dem zweiten Element des Arrays Name unterhalb des Slots owner des Dokumentes 3.\nDas ist eine Pfadabgabe (etwa eine XPath-Expression) relativ zur Wurzel des Dokumentes mit der ID 3, und nicht stabil: Werden Elemente vorne in das Array name eingefügt, oder wird der Typ des Slot owner verändert (der Skalar owner wird zu einem Array owner[], sodaß es jetzt 3.owner[1].name[2] heißen muß) oder der Nestinglevel von owner geändert, ist die Referenz ungültig. Und das Subdokument kann nicht von zwei Dokumenten 3 und 5 zugleich referenziert werden, da es literal Bestandteil von entweder 3 oder 5 ist.\nKurzum: Man kann nicht sinnvoll normalisieren, weil man nicht sinnvoll addressieren kann.\nDas ist Teil eines größeren Problems: NoSQL Took Away The Relational Model And Gave Nothing Back :\nThe meaning of the statement was that NoSQL systems (really the various map-reduce systems) are lacking a standard model for describing and querying and that developing one should be a high priority task for them.\nUnterdessen (nein: deswegen!) nähern sich SQL- und NoSQL auf eine Weise auch wieder einander an. Weil SQL eine sinnvolle Sache ist, gibt es Redisql , einen SQL-Interpreter, der quasi den KV-Store Redis als Storage Engine verwendet.\nUnd es gibt HandlerSocket , ein Plugin für MySQL, das das MySQL Sonderkommando HANDLER mit einem binären Netzwerkinterface ohne Authentisierung ausstattet und so Key-Value Zugriffe und Index-Traversal sehr effizient verfügbar macht, solange die Daten im RAM liegen (oder auf einer SSD ).\nNeben diesem echten harten Problem von JOIN und GROUP BY über das Netz gibt es eine Reihe von weiteren Schwächen in MySQL und einigen anderen SQL-Implementierungen, die von einigen NoSQL-Implementierungen angesprochen werden und die meiner Meinung zu falschen oder gefährlichen Ansätzen führen.\nDas bekannteste Beispiel ist das ALTER TABLE Statement in MySQL, das auch in MySQL 5.1 in vielen Fällen noch sehr lange dauert und alle Operationen auf der Tabelle blockiert, während es abläuft. Das Thema ist drängend und die Komplexität der Workarounds grenzt an das Lächerliche .\nALTER TABLE wird entweder verwendet, um die Indices einer Tabelle zu verändern oder um die Struktur einer Tabelle zu verändern. Die korrekte Lösung des Problems ist einerseits Background Index Creation (aber es gibt viele Einschränkungen ), wenn es um Indices geht.\nOder es ist eine versionierte Tabellendefinition, wenn es um die Tabellenstruktur geht - statt das ALTER TABLE auszuführen, wird eine neue Version der Tabellendefinition angelegt. An jeder Row wird die Versionsnummer der Tabellendefinition gespeichert, der die Row entspricht. Beim Zugriff auf die Row werden die Daten gelesen und entsprechend der ALTER TABLE-Anweisungen, die fehlen, auf den neusten Stand gebracht (ebenso alle anderen Rows in derselben Page). Die Speicherseite ist nun \u0026lsquo;dirty\u0026rsquo; und wird mit dem nächsten Checkpoint auf der Platte aktualisiert. Das ermöglicht zugleich Transactional DDL .\nWas die meisten NoSQL-Nondatenbanken stattdessen machen ist schemalessness zu propagieren. Dabei werden oftmals eigenartige Schlußfolgerungen gezogen:\nAvoiding schema changes and data migration are good reasons.\nDie Folgerung \u0026ldquo;Aus Schemalessness folgt, daß man Schema Changes und Datenmigration vermeiden kann\u0026rdquo; ist offensichtlicher Unsinn, wie jeder erkennen kann, der einmal reale Anwendungen entwickelt hat - die Migration wird nun jedoch wieder einmal dem Anwendungsprogrammierer zur Modellierung in der Anwendung überlassen.\nDas heißt, man implementiert nun das \u0026lsquo;Transactional DDL\u0026rsquo;-Modell von oben in der Anwendung nach: Jeder Datensatz bekommt eine Versionsnummer und der ORM prüft beim Lesen jedes Satzes, ob die Versionsnummer auf Stand ist, und wenn nicht, wendet er die notwendigen Transformationen auf das gelesene Objekt an. Beim Zurückschreiben der Daten wird das aktuelle Datenmodell mit der höchsten Versionsnummer geschrieben.\nOder man tut das nicht, und verläßt sich auf obskure Defaults der verwendeten Plattform (MongoDB Blog Beispiel und die Diskussion unten dran kommt zu demselben Schluß wie ich hier).\nWas also sucht man, wenn man sich mit NoSQL beschäftigt?\nWorkarounds für existierende Limits in der Implementierung von MySQL - das führt in der Regel zu wenig sinnvollen Ergebnissen. Techniken, mit denen man Wachstum über die Grenzen einer einzelnen Maschine hinaus besser in den Griff bekommen kann: Sharding und Replikation weiter denken. Das Problem des Joins und der Aggregation in diesen Szenarien angehen. Lösungen dafür existieren, ob man sie nun Condition Pushdown oder Map-Reduce nennt - beides ist sehr ähnlich. Ich erwarte, daß Autosharding und verteilte Ausführung von SQL, hinter den Kulissen mit Map-Reduce/Condition Pushdown, in absehbarer Zeit Bestandteil von Open Source SQL-Produkten werden. Ich erwarte, daß auch damit die Effekte, die sich aus der Verteilung des Systems ergeben nicht vollständig in allen Fällen vor dem Endanwender verborgen werden können. ","date":"2010-11-05T00:00:00Z","href":"https://blog.koehntopp.info/2010/11/05/ein-paar-gedanken-zum-thema-nosql.html","tags":["mysql","nosql","database","development","lang_de"],"title":"Ein paar Gedanken zum Thema NoSQL"},{"categories":null,"content":"Ich schrieb :\nheretic666 schrieb am 4. November 2010 12:11\n\u0026hellip;das man nicht auch wahlweise mit PostgreSQL oder MS SQL erschlagen kann?\nMir fällt da im Moment kein Punkt ein\u0026hellip;\nPostgres ist ein Repräsentant der klassischen Datenbanken und fällt in dieselbe Kategorie wie Oracle, MS SQL oder DB/2. MySQL ist eine Datenbank, die sich in vielen Punkten an den Erfordernissen des Webs orientiert und ganz andere Schwerpunkte als Postgres oder Oracle setzt. Das ist auch eine der Erfahrungen, die der rote Sales (Oracle Sales) gerade mit blauen Kunden (MySQL Kunden) macht: Die meisten lassen sich nicht einfach auf rot konvertieren, weil das rote Produkt schlicht nicht die Leistungen bietet, die blauen Kunden wichtig sind.\nUm Deine Frage konkreter zu beantworten:\nMySQL ist eine Einprozeß-Architektur mit mehreren Threads und einem Threadpool. Ein Connect an die Datenbank ist vergleichbar teuer einem Connect an einen OpenLDAP-Server und MySQL kommt so gut mit transienten Verbindungen etwa eines mod_perl oder mod_php zurecht, daß man in MySQL in der Regel nicht mit Connection Pools arbeitet und 2-Tier Architekturen (Apache mit mod_irgendwas an MySQL) gut funktionieren.\nDatenbanken, die on-connect einen Handlerprozeß forken haben sehr viel höhere Kosten in Speicher (MySQL 200 KB pro Connect vs. zum Beispiel 5 MB für Oracle) und Zeit. Mit solchen Datenbanken redet man in der Regel über einen Application-Server der persistente Verbindungen aus einem Connection Pool managed, und auf der anderen Seite von einem Webserver angestupst wird (3-Tier).\nMySQL-Anwender skalieren Read-Leistung in der Regel horizontal. Das heißt, sie kaufen keine größeren Server, sondern mehr Server, um zu wachsen. In unserem Fall haben wir in einer Produktionshierarchie zum Beispiel 87 MySQL Slave-Server an einem Master hängen. MySQL Replikation ist per Default asynchron und muß in der Anwendung durch ein passendes master_pos_wait() synchronisiert werden - jedes asynchrone System kann durch Einfügen von Waits synchron gemacht werden.\nDas heißt, daß die Anwendung die Wahl hat, ob sie fortfahren oder warten will - und die meisten Leute wollen in der Anwendung lieber annähernd richtige Daten sofort liefern (und dann ggf später per AJAX aktualisieren) als auf absolut korrekte Daten zu warten, solange etwa im Web gebrowsed wird. Wenn es zum Schwur - also zum Kauf - kommt, dann will man warten, und dann nimmt man Waypoints in Kauf - vorher aber nicht.\nPostgres zum Beispiel hat erst jetzt mit 9.0 eine Replikation und diese ist auch nicht asynchron. Das heißt, wenn man eine Anwendung hatte, die größer war als eine einzelne Kiste leisten konnte, dann mußte man an irgendeinem Punkt zu MySQL greifen - mein derzeitiger Arbeitgeber ist so vor etwa 10 Jahren aus genau diesem Grunde von Postgres zu MySQL migriert. Das war sehr mühsam und teuer, aber damals ein zwingender Grund (und ist es heute trotz 9.0 wahrscheinlich auch noch).\nMySQL, speziell InnoDB, ist eine ausgezeichnete Engine mit MVCC (also lockless reads) und mit sehr sinnvollen Strategien beim Layout von Daten auf der Platte (Clustering der Daten nach Primary Key + auto_increment = instant win für alle Leute mit normalen Zugriffspatterns). Dadurch, daß MySQL außerdem Covering Indexes kann (Postgres auch in 9.0 leider noch nicht) sind bestimmte Optimierungen sehr leicht möglich und sehr effizient. Domas (früher MySQL, jetzt Facebook, außerdem Wikipedia-DBA) beschreibt dies in einem Artikel recht ausführlich.\nEin anderes Feature, das bei der Skalierung von großen Datenbanken (größer als der Hauptspeicher) sehr extrem rockt sind PARTITION BY clauses in Tabellendefinitionen. Man kann sich in Postgres vergleichbares manuell zusammentriggern (wie man sich auch Replikation zusammentriggern kann, wenn man keine Schmerzen spürt), aber nativ ist das Feature plötzlich auch für den normalbegabten DBA und vor allen Dingen auch für einen Entwickler zugänglich - und es ist sehr schnell. Wir migrieren gerade eine unserer letzten MyISAM-Datenbanken von Merge-Tables auf InnoDB Plugin + Compressed Tables + Partititions und die Effekte sind sehr erstaunlich.\nEin weiteres Feature, bei dem ich nicht beurteilen kann, wie gut oder schlecht Postgres da steht, sind die Connectors in MySQL.\nConnector/ODBC von MySQL ist - sagt man mir - sehr gut, ich habe in meiner beruflichen Praxis damit eine Reihe von Migrationen von Access- und MS SQL-Datenbanken auf ein MySQL Backend durchgeführt, und das war weitgehend problemlos (ODBC hat ein paar Konzepte, bei denen man wissen muß, wie sie auf MySQL abgebildet werden - wenn man das weiß, geht die ganze Umstellung vollkommen schmerzfrei).\nConnector/J ist angeblich auch sehr gut - ich versuche Java zu vermeiden und habe daher nicht viel unmittelbare Erfahrung, kann aber sagen, daß man zumindest vielen Schmerz der Java-Leute durch Konfiguration obskurer JDBC-Parameter wegheilen kann ohne daß man ins Java rein muß. :-)\nFür PHP gibt es eine unabhängige Implementierung des Protokolls als mysqlnd. Das ist einmal lizenztechnisch interessant (PHP License statt GPL) und einmal speichertechnisch spannend. Connector/C alias libmysqlclient.so lädt ja Ergebnisse aus dem Server in libmysqlclient.so runter und stellt sie als MySQL-interne Datentypen dar. Diese werden dann durch mysql_fetch_assoc() und Freunde in PHP Zeile für Zeile in PHP ZVAL umgewandelt - am Ende hat man die Daten also zweimal: Einmal als PHP Hash in ZVAL-Format und einmal als MySQL-interne Typen in der Bibliothek - bis dann endlich mysql_free_result() gemacht wird, und die interne Kopie gelöscht wird.\nmysqlnd verwendet jetzt gleich intern in der MySQL-Bibliothek PHP-interne ZVAL-Strukturen für die Ergebnisse, sodaß keine Daten mehr aus libmysqlclient.so in PHP umkopiert werden müssen, sondern die Daten quasi gleich als PHP-Hash in den Client runter geladen werden.\nAh, und schließlich sind die Zeichensatz-Fähigkeiten von MySQL recht bemerkenswert. MySQL kann Zeichensätze und Sortierungen per Spalte getrennt festlegen und wandelt dann zwischen Serverzeichensatz und Clientzeichensatz um. Das tut es sehr schnell, so schnell, daß es bei uns in einigen Anwendungen schneller ist, die Zeichensatzumwandlungen durch den Server machen zu lassen, als lokal im Client mit Perl (Nein, wir machen das nicht, es ist nur so, daß unsere Benchmarks meinten, das sei schneller :-) ).\nMySQL ist auch extrem flexibel: Mit einem ALTER TABLE kann man Spalten bequem von einer Darstellung in eine andere umwandeln, wenn sich die Anforderungen ändern, sodaß man sich dort nicht früh auf irgendwas festlegen muß.\nSoweit ich weiß ist das sehr viel flexibler als die Mechanismen, die Postgres hier bietet.\nIn MySQL nutzt man oft eine Reihe von Dingen nicht, die man von einem klassischen Datenbankprodukt erwarten würde, wie es etwa an der Uni unterrichtet wird. Das ist in dem Umfeld von MySQL weitgehend okay - wir zum Beispiel setzen MySQL auf eine Weise ein, bei der wir alle Zugriffe auf die Datenbank kontrollieren und bei der wir den Code zu allen Anwendungen haben und ändern können, die auf die Datenbank zugreifen. Das macht gewisse Dinge auf der Clientseite möglich, die man anderswo im Server abhandeln muß.\nForeign Key Constraints zum Beispiel realisieren wir im Client in Bibliotheken. Wir werden auch in der Regel keinen Code in der Datenbank einsetzen - also weder Views, noch Procedures noch Triggers, sondern machen alle diese Sachen im Client. Wir sind aber ein privilegiertes Umfeld, weil wir in der Produktion durchgehend einen OSS Stack einsetzen und so den Quelltext zu allem vollkommen kontrollieren. Wir sind außerdem größer als eine einzelne Maschine leisten kann, müssen also sowieso horizontal Skalieren, und es ist nun einmal günstiger, Client-CPUs zu kaufen als Datenbankserver-CPUs, also ist es für uns ökonomisch nicht sinnvoll, Code in der Datenbank laufen zu lassen (von den Managementerfordernissen, die Code in der Datenbank mit sich bringt mal ganz abgesehen).\nSchließlich: MySQL hat eine Reihe von Eigenheiten, Einschränkungen und Fehlern. Das ist okay, denn die meisten dieser Sachen sind bekannt und man kann mit ein wenig Erfahrung da leicht drum herum arbeiten.\nMySQL hat jedoch auch eine riesengroße Community von Leuten mit zum Teil bemerkenswertem Niveau, sodaß man an die notwendigen Informationen herankommt - in seiner Landessprache, wahlweise für Geld oder gute Worte und auch auf Zeit.\nMySQL hat auch erwiesenermaßen große Installationen, das heißt die versprochene Skalierbarkeit ist nicht hypothetisch, sondern die Konzepte sind bewiesen und verdienen bei anderen Leuten nachweisbar Millionen - pro Tag.\nMySQL ist nicht schön. Das muß es nicht, es soll nur den Job erledigen und die Kasse voll machen. Und das tut es, zuverlässig, wiederholbar und vor allen Dingen auf eine Weise, die man normalbegabten Entwicklern in Kursen vermitteln kann. Alles ist allem ist das in etwa das, was man von einem solchen Produkt erwarten würde.\nDie Zusammenfassung dieses recht langen Textes ist in etwa:\nDie reale Welt ist nicht die Uni, und die Erfordernisse der realen Welt werden für eine populäre Klasse von Anwendungen und Anforderungen von MySQL besser abgebildet als von jeder anderen Datenbank. Das MySQL dabei gegen bestimmte traditionelle Lehren verstößt sorgt in gewissen Kreisen für schlechte Presse, aber das ist den Leuten, die das machen egal, solange die von ihnen erstellten Rechnungen korrekt genug sind um akzeptiert zu werden und den Kühlschrank voll machen.\n","date":"2010-11-04T00:00:00Z","href":"https://blog.koehntopp.info/2010/11/04/red-vs-blue-at-oracle-und-ein-paar-gedanken-zu-postgres.html","tags":["mysql","postgres","database","development","lang_de"],"title":"Red vs Blue at Oracle, und ein paar Gedanken zu Postgres"},{"categories":null,"content":"Kurzer SQL WTF von heute:\nmysql\u0026gt; SELECT \u0026#39;a\u0026#39;=\u0026#39;b\u0026#39;; 0 mysql\u0026gt; SELECT \u0026#39;a\u0026#39;=\u0026#39;b\u0026#39;=\u0026#39;c\u0026#39;; 1 Warum ist das so?\nIm MySQL Sourcecode ist in sql/sql_yacc.yy definiert:\n%left EQ EQUAL_SYM GE GT_SYM LE LT NE IS LIKE REGEXP IN_SYM Damit ist der Operator EQ (das Vergleichheitszeichen) als links-assoziativ definiert. Vergleiche von Vergleichen sind also zugelassen,\n1 = 2 = 3 ist also ein zulässiges Konstrukt und es wird als ( 1 = 2 ) = 3 evaluiert.\nStatt links-assoziativ könnte es auch als rechts-assoziativ 1 = (2 = 3) oder als nicht-assoziativ (ein Mehrfachvergleich ist unzulässig) definiert sein.\nDaher ist der boolsche Ausdruck 'a' = 'b' offensichtlich falsch, also 0. Und damit wird 0 = 'c' zu einem Vergleich eines Integers links mit einem Character rechts. In einem links-assoziativen Ausdruck bestimmt der linke Ausdruck den Typ, zu dem der rechte Teil des Ausdrucks hin konvertiert wird. Das c wird also zu einem Integer umgewandelt, also zu 0. Damit ist 0 = 0 und das ist wahr, also 1.\nIst es ungewöhnlich, daß MySQL so etwas tut?\nAuch in Sybase und in Oracle ist das Symbol EQ (der Vergleichheitszeichen-Operator) ein %left.\nUnd Oracle sagt im Handbuch :\nPL/SQL is case sensitive within character literals. For example, PL/SQL considers the literals \u0026lsquo;Z\u0026rsquo; and \u0026lsquo;z\u0026rsquo; to be different. Also, the character literals \u0026lsquo;0\u0026rsquo;..\u0026lsquo;9\u0026rsquo; are not equivalent to integer literals but can be used in arithmetic expressions because they are implicitly convertible to integers.\n","date":"2010-09-10T00:00:00Z","href":"https://blog.koehntopp.info/2010/09/10/a-b-c.html","tags":["mysql","oracle","sql","lang_de"],"title":"'a' = 'b' = 'c'"},{"categories":null,"content":"Für viele MySQL-Anwendungen sind Covering Indexes eine wichtige Sache. Domas hat einen Artikel darüber Wie Wikipedia von Covering Indexes profitiert , und auch sonst sind solche Indices für viele MySQLer ein täglicher Bestandteil der Optimierungsarbeit.\nNun las ich neulich in einem Artikel eine Seitenbemerkung, daß Postgres keine Covering Indices unterstützt und das scheint tatsächlich der Fall zu sein , auch wenn ich in der Doku selber keine Hinweise darauf gefunden habe.\nWarum Postgres das nicht kann ist zunächst einmal klar: MVCC macht das sehr schwierig. In meinem Vortrag zur InnoDB Storage Engine (Teil 1 , Teil 2 ) habe ich schon einmal beschrieben, was passiert, wenn eine Zeile in InnoDB geschrieben wird.\nMVCC, nach Art von InnoDB. Der Pfeil deutet ein Rollback an.\nDie überschriebene Zeile wird aus der Tabelle in das Undo-Log verschoben und mit der neuen Version der Zeile verkettet. Wird die Zeile ein weiteres Mal geändert, wird die überschriebene Version ebenfalls aus der Tabelle ins Undo Log verschoben und mit der aktuellsten Version verkettet. Auf diese Weise führt aus der Tabelle-Log ein Zeiger ins Undo-Log und von dort innerhalb des Undo-Logs eine lineare Liste zu vorhergehenden Versionen einer Tabellenversion. Man hat also eine verkettete Liste der Historie einer Zeile.\nEin separater Thread in InnoDB, der Purge Thread, bestimmt die älteste Transaktion, die im System noch aktiv ist, und welche Transaktionsnummer diese Transaktion noch sehen kann. Alle Daten aus dem Undo-Log, die noch älter sind, können gefahrlos gelöscht werden, da sie für keine Transaktion noch sichtbar sein können.\nPostgres arbeitet ähnlich, aber nicht gleich: In Postgres verbleiben alte Versionen einer Zeile in der Tabelle (Postgres macht keine In-Place Updates wie InnoDB, sondern schreibt neue Versionen der Zeile an eine andere Stelle der Tabelle), sodaß die lineare Liste von Vorgängerversionen einer Zeile nicht im Undo-Log, sondern in der Tabelle aufgebaut wird. Dadurch wächst die Tabelle im Laufe der Zeit durch Schreibzugriffe über alle Grenzen und alte Versionen der Daten vergiften langsam die Datenhaltung und auch die Index-Effizienz.\nPostgres wirkt dem entgegen, indem es einen Prozeß, der dem Purge Thread von InnoDB vergleichbar ist, ablaufen läßt: Vacuum geht zyklisch durch alle Tabellen und entfernt Datensätze, die so alt sind, daß sie von keiner Transaktion mehr benötigt werden. Anders als bei MySQL ist dabei jedoch mehr Arbeit notwendig, da Platz in der Tabelle freigegeben werden muß (InnoDB macht eine vergleichbare Mehrarbeit beim Checkpointing: Damit In-Place Updates sicher sind, muß es einen Doublewrite Buffer verwenden und Daten zwei Mal schreiben. Aber das ist Thema für einen anderen Artikel).\nAlle diese Betrachtungen beziehen sich jedoch auf die Daten. Indices enthalten Extrakte aus den Daten, die in Indexreihenfolge angeordnet sind, und dann einen Zeiger auf die verbleibenden Daten, die nicht im Index enthalten sind. Wenn man jedoch mehr als eine Version eines Datensatzes hat, wie in MVCC, welche Version des Datensatzes indiziert man dann und wie stellt man sicher, daß Transaktionen, die alte Sichten auf die Daten haben, den Index dennoch zuverlässig verwenden können?\nNun haben wir in der Firma MySQL Support gekauft, und zwar von der Art, der auch \u0026lsquo;Consultative Support\u0026rsquo; enthält. Also schickte ich eine Supportanfrage los, denn diese Frage ist mit Sicherheit auch für den Support selbst interessant:\nI understand how InnoDB works and what MVCC is .\nWhat I do not know is how Indexes in InnoDB deal with this. That is, given a table such as\nCREATE TABLE T ( id integer not null primary key, d varchar(80) charset latin1 not null, index(d) ) engine = innodb; and transactions that change d values in t, id values in t, delete d values in t or delete rows in t, how does InnoDB treat the index d and the index PRIMARY in order to\nmake the index d still covering in SELECT d from t where d = 'cookie' make sure that old and new values are found in queries such as SELECT id from t where d = 'cookie', when d has been changed from keks to cookie in a transaction that has been comitted, but other connections still have an old consistent read view on the previous state of things. I understand that Postgres does not have covering indexes because of such index problems wrt to transactions. How does InnoDB work around this?\nAxel Schwenke von MySQL Support hat diese Frage beantwortet, und dabei Hilfe von Marko Mäkelä vom InnoDB Team bekommen:\nA secondary index contains the newest version of a row, if a row update included the key then the old index record will be delete-marked (and removed later by the purge thread) and a new index record will point to the new version of the row.\nSecondary index entries are not versioned, but each index leaf page carries a PAGE_MAX_TRX_ID denoting the last transaction that modified the page. If this is newer than the required read snapshot, then InnoDB dives to the clustered index for each hit from that index page to check the row version and will also follow to UNDO if required.\nThat means covering index reads might degrade to full row reads on InnoDB, depending on write activity and isolation level.\nIn Deutsch: Ein Index, der nicht der Primärschlüssel ist (und das ist bei InnoDB und Covering Indexes immer der Fall) hat Einträge für die neuste Version einer Zeile. Falls sich Felder einer Zeile verändern, die Bestandteil des Index sind, dann auch für die ältere Version. Der alte Eintrag wird zum Löschen markiert und zu einem passenden Zeitpunkt vom Purge Thread abgeräumt.\nIndexeinträge in sekundären Indices haben keine Transaktionsnummern an den Einträgen selbst, sondern es gibt nur Einträge an den Blatt-Pages des Index, die die Transaktionsnummer der letzten Änderung der Index-Seite enthalten. Wenn die Seite zu neu ist, dann muß InnoDB tatsächlich den Primärschlüssel für jede Zeile lesen, die in der Seite enthalten ist (nicht nur für die geänderte Zeile, sondern auch für jede Zeile, die zufällig auf derselben Index-Blattseite gespeichert ist) und für die Zeilen, die durch den Schreibzugriff tatsächlich verändert worden sind, in das Undo-Log gehen, um alte Versionen der Daten zu finden. Das impliziert auch, daß ein Covering Index für diese Situation zu einem normalen Zeilen-Read führen kann (den man ja gerade vermeiden will) und dann für die tatsächlich geänderten Zeilen sogar noch einen Abstieg in das Undo-Log nach sich zieht, je nach Schreiblast und Isolation Level, der für den Reader eingestellt ist.\nMal sehen, ob ich das noch mal irgendwann in eine coole Zeichnung gießen kann, um zu verdeutlichen, was da genau vor sich geht. Auf jeden Fall: Danke, MySQL Support - das ist genau der Grund, warum wir bei Euch einkaufen!\n","date":"2010-09-09T00:00:00Z","href":"https://blog.koehntopp.info/2010/09/09/covering-indexes-und-mvcc.html","tags":["innodb","mysql","postgres","sql","lang_de"],"title":"Covering indexes und MVCC"},{"categories":null,"content":"Meine Firma verwendet SAP. Zum Glück habe ich damit nicht viel zu tun, außer um meine Beurteilungen abzusegnen und Urlaub zu beantragen. Das heißt, ich verwende SAP maximal 3 mal im Jahr. Bis vor kurzem hatte unser SAP keine LDAP-Anbindung. Ich hatte also ein SAP-Login, das von meinem Firmen-Login verschieden war und auch ein anderes Paßwort hatte. Da ich nur so ca. 3 Mal im Jahr ins SAP muß, ist das Paßwort unweigerlich abgelaufen, wenn ich mich in das SAP einloggen will.\nJeder Urlaubsantrag begann also mit einem Call an den SAP Helpdesk mit der Bitte, das Paßwort zurücksetzen zu lassen.\nAn das SAP komme ich als Heimarbeiter nur per VPN. Das VPN, ein unsagbares Juniper-Applet, funktioniert nur in Windows. Das SAP auch, denn es funktioniert zum Glück nur mit einer veralteten Version von Internet Explorer. Ich muß also eine VMware starten. Für alle anderen Dienste, die mit meinem Job zu tun habe, komme ich um das Applet herum, nur zum Urlaub beantragen muß ich in die VMware.\nIch starte also VMware, um Urlaub zu beantragen. VMware will sich aktualisieren, denn es liegt eine neue Version vor. Ich seufze, und klicke Okay. VMware aktualisiert sich. Das Windows kommt hoch. Der VMware Client im Windows teilt mit, daß der Host neuer ist als der Guestclient, und ob er sich denn bitte aktualisieren dürfe.\nWährend mein Mauszeiger noch über dem Icon schwebt, meldet sich das Antivirenprogramm und merkt an, daß es veraltet ist. Also, nicht die Virensignaturen sind veraltet, sondern das Programm selber. Es will sein Update runterladen und seine Lizenz verlängern. Ich sage dem Antivirenprogramm, daß es das wohl dürfe, und wende mich dem VMware Guest Client zu.\nFlash meldet sich. Es ist veraltet und enthielte Sicherheitslücken. Ob es sich wohl updaten dürfe. Aber ja. Flash lädt ein Update runter.\nJava klingelt. Es ist veraltet und enthalte Sicherheitslücken. Ob es sich wohl updaten dürfe. Aber ja. Java lädt ein Update runter. Java will die Yahoo! Toolbar installieren. WTF? Nein, ich will keine beknackte Toolbar. Ich will auch kein Java, muß aber.\nDas Flash Update scheitert.\nAdobe Reader meldet sich. Er ist veraltet und enthielte Sicherheitslücken. Ob er sich wohl updaten dürfe. Aber ja. Adobe Reader lädt ein Update runter.\nWindows meldet sich. Es sei veraltet und enthielte Sicherheitslücken. Ob es sich wohl updaten dürfe. Aber ja. Ich muß neu starten, damit die Updates sich beenden dürfen.\nWindows startet neu. Das unterbricht das laufende Adobe Reader update. Sehr schön.\nDas gute an VMware ist, daß ich der Windows-Instanz sehr wenig Speicher zugeteilt habe, und der Mac, der das hosted, genug Speicher hat. Windows startet also aus dem Mac File System Buffer Cache neu. Das heißt mehr oder weniger, daß es nur kurz flackert. Immerhin.\nWindows loggt mich ein. Ich kann den VMware Guest Client endlich aktualisieren. Denke ich. Aber nein! Das unterbrochene Adobe Reader Update hat nur auf diesen Moment gelauert! Während sich mein Mauszeiger dem VMware Guest Client Icon nähert, schlägt der Reader zu: Your Update is ready. Do you want to install?\nIch seufze. Und klicke Ja. Adobe wahrt das Markenimage - auch dieses Update scheitert, genau wie das Flash Update. In der Phase \u0026lsquo;Optimizing Performance\u0026rsquo;.\nNa klar. Ich kann mir denken, daß Adobe damit Probleme hat.\nEs gelingt mir, das Update des VMware Guest Client abzuschließen.\nIch starte den Internet Explorer, um mich in das VPN einzuwählen und habe das megasichere RSA Schraddeltoken zur Hand. Aber das VPN zickt - denn, man ahnt es nicht, das VPN Zertifikat ist geupdated worden. Und der feine Juniper Client macht beim Update ein Häufchen und will erst den Hintern abgewischt haben, bevor er mich in das supersichere Firmennetz läßt.\nIch wähle das SAP Portal durch das VPN an, um endlich Urlaub zu beantragen.\nEs ist down.\nFür ein Update.\nPigor: Nieder mit IT ","date":"2010-08-22T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/22/warum-ich-urlaub-brauche.html","tags":["computer","lang_de"],"title":"Warum ich Urlaub brauche"},{"categories":null,"content":"Ich habe letztes Jahr hier und hier ja schon mal was über \u0026ldquo;intelligente\u0026rdquo; Stromzähler geschrieben, zu deren Einbau wir ja nun alle verpflichtet sind, wenn wir renovieren oder neu bauen.\nDas Thema rollt nun auch langsam in das Licht der Öffentlichkeit, etwa schreibt der Spiegel in Teure Ersparnis :\nDas Sparpotential des intelligenten Stromnetzes werde \u0026ldquo;enorm überschätzt\u0026rdquo;, resümiert Energieberater Klafka. Zuweilen verursache ein intelligenter Zähler sogar erst mal zusätzlichen Stromverbrauch, weil die Tarifdaten rund um die Uhr übertragen werden müssen. Eine dazu nötige permanente DSL-Verbindung verschlingt pro Jahr rund 131 Kilowattstunden. Zum Vergleich: Ein moderner Kühlschrank benötigt weniger als 100.\nDagegen steht eine potenzielle Ersparnis, die wahrscheinlich potenziell bleibt:\nEs ist nämlich nicht damit getan, den Stromverbrauch nur um Minuten zu verschieben, selbst einige Stunden reichen oft nicht aus. Die Intervalle von windstillen Phasen beispielsweise erstrecken sich manchmal über 36 bis 48 Stunden. Diese Spanne überfordert selbst den geduldigsten Verbraucher.\nNoch gar nicht thematisiert werden die Sicherheitsaspekte der Zähler, das wird erst nach der ersten großen Katastrophe der Fall sein.\nNachtrag: Jemand fragte: \u0026ldquo;Warum messen die Versorger eigentlich nicht an den letzten Umspannstationen vor dem Kunden?\u0026rdquo; Das würde für die Lastplanung wahrscheinlich mehr Sinn haben - weniger Messpunkte und daher mehr Etat für sinnvolle Sicherheitsmaßnahmen notwendig, der Messpunkt unter Kontrolle des Systembetreibers und auch keine Privacy-Issues, die man diskutieren müsste. Ein Intelligenter Stromzähler beim Kunden ist dann aus Sicht des Netzbetreibers natürlich weitgehend überflüssig.\nNachtrag 2: Wir haben das eben noch mal weiter diskutiert, und uns gefragt, für wen diese Daten denn sinnvoll sind. Für den Bewohner eines Haushaltes eher nicht - die meisten der mitredenden Geeks hätten solche Daten schon gerne, aber mit besserer Auflösung, also pro Zimmer, Sicherung oder Gerät runter gebrochen.\nFür den Energieversorger ist es sicherer und besser, das an der Umspannstation zu messen und diese Daten zur Bedarfssteuerung zu verwenden, zumal die Fernauslesung dieser Geräte sowieso optional ist.\nSinn haben Intelligente Stromzähler nur, weil sie mit dem Abrechnungspunkt zusammen fallen und pro Abrechnungspunkt ein anderer Stromanbieter gewählt werden kann. Das heißt, mit den Daten von einem Intelligenten Zähler wird vor allen Dingen die Abrechnung der Stromanbieter untereinander schneller und genauer und damit die Liquidität im Strommarkt verbessert. Einen direkten wirtschaftlichen Nutzen hat das Ganze also eher nicht, sondern die Aktion dient eher nur Markt-Ermöglichung und -Beschleunigung.\n","date":"2010-08-19T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/19/intelligente-stromzaehler.html","tags":["computer","energy","lang_de"],"title":"\"Intelligente\" Stromzähler"},{"categories":null,"content":"In Kennzeichen Digital beim ZDF schreibt Mario Sixtus einen ganz wunderbaren Text über die ganze Google Streetview Hysterie. Kernpunkt:\nEin interessanter Effekt des Netzes ist es, theoretische Rechte in praktische zu verwandeln. Das allgemeine Grundrecht auf freie Meinungsäußerung machte sich beispielsweise in der Pre-Netz-Ära sehr hübsch im Grundgesetz und in Sonntagsreden. Abgesehen von Flugblättern, Leserbriefen und Stammtischansprachen hatte der gemeine Bürger allerdings kaum eine Möglichkeit, von diesem Recht Gebrauch zu machen.\nDas Netz hat nun dieses theoretische Recht in ein praktisches verwandelt. Dies finden die publizistischen Eliten von gestern zwar immer noch nicht sonderlich toll, und sie reagieren meist noch ziemlich zickig auf die Neuankömmlinge aus der Blog-Fraktion, aber kein echter Demokrat würde letzteren ernsthaft die Netz-gegebene Möglichkeit streitig machen, ihr Grundrecht auf Meinungsäußerung nun endlich auszuüben.\nMit dem öffentlichen Raum verhält es sich ähnlich. Sich frei durch Straßen und über Plätze zu bewegen ist unser aller gutes Recht und dazu gehört auch, die darumstehenden Gebäude anzuschauen. Wem das nicht passt, der kann sein Haus mit einem hohen Zaun oder einer Mauer umgeben.\nDen ganzen Text gibt es hier . Ergänzend dazu auch der Artikel\nEs gibt kein analoges Leben im Digitalen von Michael Seemann, der erklärt, warum die alten Leute mit Kugelschreibern auf Streetview so heftig reagieren, und wieso das im Grunde egal ist.\nMir ist bewusst, dass der gesellschaftliche Diskurs hier erst am Anfang steht. Aber gestern standen wir noch davor. Der Kontrollverlust ist heute im Mainstream angekommen. Willkommen in unserer Welt.\n","date":"2010-08-19T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/19/erst-dienste-wie-street-view-machen-den-ffentlichen-raum-wirklich-ffentlich.html","tags":["anderswo","google","lang_de"],"title":"Erst Dienste wie Street View machen den öffentlichen Raum wirklich öffentlich "},{"categories":null,"content":"The Dreaming Void , Peter F. Hamilton, EUR 6.50, 608 Seiten.\nDie ferne Zukunft. Teile der Menschheit leben postphysikalisch als Uploads, andere haben sich mehr oder weniger genetisch aufgerüstet oder ihre Körper mit Nanotechnik angereichert. Sterben muß niemand mehr, und Not leiden oder gar hart arbeiten auch nicht, außer er wählt dies als Lebensstil.\nIm Zentrum der Galaxis liegt ein gigantisches Schwarzes Loch, The Void. Der Astrophysiker Inigo beginnt, Szenen aus dem Leben von Edeard zu träumen, einem Menschen, der offenbar im Mikrouniversum im Inneren der Void lebt - ein bemerkenswertes Universum, denn offenbar kann man dort mit dem Geist Einfluß auf die Materie nehmen.\nDie Inigos Träume von Edeard werden die Grundlage einer Religion, Living Dream, und ein Trek von Menschen macht sich auf, um zu versuchen, in die Void zu gelangen. Doch das wird das energetische Gleichgewicht zwischen den Universen ins Wanken bringen und die Void wird anfangen, sich auszubreiten.\nThe Temporal Void , Peter F. Hamilton, EUR 5.80, 672 Seiten.\nSchon in The Reality Dysfunction und den Folgebänden ging es Peter Hamilton um eine spirituelle Komponente des Menschen im Angesicht transhumanistischer Ideen und der Singularität . In der Void Trilogie, deren erster Band The Dreaming Void ist, greift er diesen Gedanken wieder auf.\nAus irgendeinem Grund, den Hamilton nicht richtig deutlich zu machen versteht, ist das Void-Universum für die Anhänger von Living Dream attraktiver als die Welt in der sie leben - dabei unterscheiden sie sich in den Fähigkeiten ihrer aufgerüsteten Existenz in keinster Weise von der Welt, die Inigo dort erträumt. Doch in ihrem Streben dort hin zu gelangen werden sie vermutlich die Existenz des hiesigen Universums und der Personen, die dem Traum nicht folgen wollen beenden. Dieser Konflikt ist die Basis der Geschichte, doch da sich die Motivation dieses Konflikts für mich nicht glaubhaft verankern läßt, bleibt eine interessant verschachtelt erzählte Geschichte, die für mich jedoch in keiner Weise anrührend ist und mich am Ende leicht frustriert zurückläßt.\n","date":"2010-08-18T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/18/fertig-gelesen-the-dreaming-void.html","tags":["book","review","media","scifi","lang_de"],"title":"Fertig gelesen: The Dreaming Void"},{"categories":null,"content":"In einem Kommentar zu Master-Master schrieb ich:\nFür den von Dir genannten Sonderfall der Filialsysteme habe ich noch einen deutschen Artikel in der Warteschlange, ich muß nur Zeit finden ihn zu schreiben.\nNormalerweise sieht MySQL Replikation so aus:\nMySQL Replikation - Architekturübersicht\nMaster Binlog Auf dem Master ist mit der Konfigurationsanweisung log_bin das Binlog aktiviert.\nDas Binlog loggt bei Statement Based Replication (SBR) alle Anweisungen, die Daten verändern (also quasi alles außer SELECT). Binlog-Dateien haben dasselbe Namensprefix und werden dann durchnumeriert. Die Datenbank beginnt ein neues Binlog, wenn die laufende Binlog-Datei größer als max_binlog_size (Default 1G) wird, wenn das Kommando FLUSH LOGS ausgeführt wird oder wenn der Server neu gestartet wird.\nIn der Binlog-Indexdatei findet man eine Liste aller existierenden Binlogs, man kann sie mit dem Kommando SHOW MASTER LOGS anzeigen lassen. Durch das Kommando PURGE MASTER LOGS kann man alte Binlogs löschen - meistens macht man so etwas wie PURGE MASTER LOGS BEFORE NOW() - INTERVAL 3 DAY statt ein konstantes Datum oder einen festen Dateinamen anzugeben. Man kann die Löschung auch automatisieren, indem man expire_logs_days auf einen Wert setzt. Dann werden beim Anlegen eines neuen Binlogs alle Dateien gelöscht, die älter als expire_logs_days Tage sind.\nMit dem Kommando mysqlbinlog kann man das Binlog lesen und in ein SQL-Script umwandeln lassen. Dieses könnte man (ab einer gewünschten Position) einlesen lassen, indem man im Kommandozeilenclient das Kommando source …\u0026rsquo; eingibt. Auf diese Weise kann man eine Datenbank von einer bekannten Binlog-Position manuell zu einer anderen Position vorwärts rollen lassen.\nDiese Prozedur ist bei einer Recovery notwendig: Man spielt ein Full Backup ein, das hoffentlich mit einer bekannten Binlog-Position assoziiert ist. Dann verwendet man das Binlog, um von dieser Position zu einer gewünschten Position (unmittelbar vor dem fatalen DROP DATABASE wichtig) vorwärts zu rollen.\nServer ID Jeder Server in einem MySQL-Replikationssystem hat eine eindeutige Server-ID. Das ist ein 32 Bit Wert ohne Vorzeichen, der den Server eindeutig identifiziert. Das Binlog markiert jeden Eintrag mit dieser Server-ID. Dadurch ist es möglich, in Replikationsringen endlos kreisende Statements zu erkennen und zu eliminieren: Ein Server wird keine Anwendungen per Replikation ausführen, die seine eigene Server-ID enthalten.\nREPLICATION SLAVE Privilege Replikation besteht für den Master darin, daß sich ein Slave auf dem Master einloggt und das Kommando SHOW MASTER LOGS sowie das binäre Äquivalent von SHOW BINLOG EVENTS ausführt. Damit er das kann, muß der Slave einen Account auf dem Master haben, der das Privileg REPLICATION SLAVE hat.\nSlave Side Auf dem Slave besteht Replikation aus zwei Teilen: Der IO_THREAD nimmt die vier Login-Informationen (Host, Port, User und Paßwort) aus dem CHANGE MASTER Statement und loggt sich auf dem Master ein. Er nimmt dann die zwei Binlog-Positionsdaten (Binlog Name und Binlog Position), und lädt das Binlog ab dieser Position beginnend so schnell als möglich runter. Er schreibt diese Daten auf dem Slave in das Relay Log File. Der SQL_THREAD liest die Daten aus dem Relay Log File und führt sie aus. Wenn er damit fertig ist, löscht er das Relay Log File und wendet sich dem nächsten File aus dem Relay Log Index zu.\nFilialsysteme Ein Filialsystem besteht aus vielen kleinen autonomen Datenbanken in den Filialen eines Händlers. Die Struktur der Datenbank in jeder Filiale ist immer gleich, aber jede Filiale hat dieses Schema unter einem eigenen Namen und mit den Daten dieser Filiale.\nDas Problem besteht jetzt darin, die Daten aus den Filialen in der Zentrale zusammen zu führen und dort dann zu aggregieren. Aus technischen Gründen ist es nicht möglich, die gesamte Datenbank in die Zentrale zu übertragen. Stattdessen will man täglich einmal das Delta transportieren.\nDer Ansatz dazu ist ein einfacher Sharding Ansatz, bei dem wir den Vorderteil der Replikation mißbrauchen - also den Teil auf dem Master, der das Binlog schreibt. Das Hinterteil in der Zentrale bauen wir selber, mit mysqlbinlog und ein paar Scripten.\nDer Ansatz sieht so aus:\nFilialsystem (mit Binlog-Transport)\nDie Vorbedingungen sind:\nDie Datenbestände der zweier beliebiger Filialen m und n sind überlappungsfrei (sonst ist es kein Sharding). Schreibzugriffe in die Filialdatenbank db_n erfolgen nur in der Filiale n. Die Daten in der Zentrale können hinter den Daten in der Filiale hinterher hinken. Der Abstand ist durch die Häufigkeit des Transportes der Binlogs wählbar. In den Filialen sind alle Queries mit unqualifizierten Namen geschrieben: Man schreibt also immer INSERT INTO t \u0026hellip;, nie INSERT INTO db.t …. In der Zentrale existiert eine Schemakopie der Filiale, auf die das Delta angewendet werden kann. Das Verfahren ist wie folgt: In den Filialen laufen autonome Datenbankserver mit aktiviertem Binlog. Vor einem Transport in die Zentrale wird ein FLUSH LOGS gemacht. Dadurch wird ein neues Binlog begonnen und man hat einen sauberen Cutoff-Punkt. Die Binlogs vor dem Cutoff werden archiviert und dem Transport übergeben. Danach werden sie mit PURGE MASTER LOGS in der Datenbank gelöscht (können aber im Archiv als Kopie auch in der Filiale verbleiben).\nIn der Zentrale wird jedes Binlog-Set einer Filiale in ein SQL-Sourcefile umgewandelt, durch Anwendung des Kommandos mysqlbinlog. Dieses File wird dann in die Schemakopie der Filiale eingelesen und bringt diese auf Stand.\nDanach kann durch Starten der Aggregationsprozesse die Datenbank der Zentrale db_agg aktualisiert werden und die Daten aus allen Filialen integrieren.\nEin Sharding (Shard = Splitter) ist ein Sonderfall einer Partition. Eine Partition ist eine Aufteilung einer Menge derart, daß die Teile die Gesamtmenge komplett überdecken und sich zwei Teilmengen nicht überdecken. Bildlich kann man sich das Zerschneiden einer Torte in Stücke nicht notwendig gleicher Größe vorstellen. Bei einer Partition liegen die Teilstücke in der Regel auf einer Maschine, beim Sharding dürfen die Teilstücke verteilt liegen, es kann also jeder Shard auf einer anderen, räumlich getrennten Maschine liegen.\nIn unserem Beispiel stellen wir einen Shard in jede Filiale und lassen ihn dort lokal und ohne Kenntnis der anderen Shards arbeiten. Wir zeichnen die Änderungen im Binlog auf und spielen alle Änderungen aller Filialen in der Zentrale ein. Das funktioniert nur deshalb, weil alle Änderungen sich immer nur auf das Schema der Filiale beziehen.\nIn einem großen Zentralschema erzeugen wir durch horizontale Aggregationsqueries quer über alle Filialschemata eine integrierte Gesamtansicht.\n","date":"2010-08-18T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/18/verteilte-datenbanken-der-sonderfall-filialsysteme.html","tags":["mysql","database","lang_de"],"title":"Verteilte Datenbanken: Der Sonderfall Filialsysteme"},{"categories":null,"content":"Lalufu fragte in den Kommentaren von Master-Master :\nIch habe eine MM-Replikation mit zwei Servern.\nBeide haben auto_increment_increment=10,\nServer A hat auto_increment_offset=0 und Server B hat auto_increment_offset=1.\nIch lege mir eine Tabelle mit einem auto_increment-Feld (id) an und mache auf Server A einen INSERT, dann kriegt die row id=0, und wird auf B repliziert, richtig?\nDann noch einen INSERT auf A, die row kriegt id=10, und wird auf B repliziert.Wenn ich jetzt auf B einen INSERT mache, welchen Wert kriegt das id in der row?\nStatt einer Antwort hier die Methode zum selber rausfinden.\nWir installieren zwei MySQL-Instanzen zum Testen (Mac OS X mit Macports). Das ist recht einfach, denn dazu muß man nur zwei Datenverzeichnisse mit mysql_install_db initialisieren und passende minimale Konfigurationen erzeugen.\nKK:~ kris$ cd /tmp KK:tmp kris$ mkdir eins zwei KK:tmp kris$ mysql_install_db5 --datadir=/tmp/eins --user=kris Installing MySQL system tables... ... KK:tmp kris$ mysql_install_db5 --datadir=/tmp/zwei --user=kris Installing MySQL system tables... ... KK:tmp kris$ cd eins KK:eins kris$ cat \u0026gt; my.cnf [mysqld] datadir=/tmp/eins socket=/tmp/eins/mysql.sock port=3307 log_bin server_id = 1 auto_increment_increment = 10 auto_increment_offset = 1 innodb KK:eins kris$ cd ../zwei KK:zwei kris$ cat my.cnf [mysqld]datadir=/tmp/zwei socket=/tmp/zwei/mysql.sock port=3308 log_bin server_id = 2 auto_increment_increment = 10 auto_increment_offset = 2 innodb Die Server können nun gestartet werden. Wir geben jedem Server einen Zeiger auf seine Konfiguration mit.\nKK:zwei kris$ cd ../eins KK:eins kris$ mysqld_safe5 --defaults-file=/tmp/eins/my.cnf \u0026amp; 100817 13:05:02 mysqld_safe Logging to \u0026#39;/tmp/eins/KK.local.err\u0026#39;. 100817 13:05:02 mysqld_safe Starting mysqld daemon with databases from /tmp/eins KK:eins kris$ cd ../zwei KK:zwei kris$ mysqld_safe5 --defaults-file=/tmp/zwei/my.cnf \u0026amp; 100817 13:05:40 mysqld_safe Logging to \u0026#39;/tmp/zwei/KK.local.err\u0026#39;. 100817 13:05:40 mysqld_safe Starting mysqld daemon with databases from /tmp/zwei KK:zwei kris$ lsof -i -n -P | grep my mysqld 1042 kris 10u IPv4 0x05691740 0t0 TCP \\*:3307 (LISTEN) mysqld 1112 kris 10u IPv4 0x0ba7eec8 0t0 TCP \\*:3308 (LISTEN) Nachdem wir die zwei Server laufen haben und beide leer sind, können wir eine Datenbank aufsetzen und die Replikation konfigurieren. Wir nutzen hier den Spezialfall, daß beide Server dieselben Daten haben, weil sie leer sind, können uns also eine Menge Arbeit sparen.\nIch habe die Angewohnheit, bei multiplen Instanzen auf einer Hardware @@hostname und @@datadir abzufragen, da die Kombination beider Werte eine Instanz eindeutig identifiziert. So kann ich sicher sein, mit dem richtigen Server zu sprechen.\nKK:zwei kris$ mysql5 --host=127.0.0.1 --port=3307 ... root@localhost [(none)]\u0026gt; select @@hostname, @@datadir; +------------+------------+ | @@hostname | @@datadir | +------------+------------+ | KK.local | /tmp/eins/ | +------------+------------+ 1 row in set (0.00 sec) root@localhost [(none)]\u0026gt; create database kris; Query OK, 1 row affected (0.00 sec) root@localhost [(none)]\u0026gt; create table kris.t ( id integer not null primary key auto_increment, d varchar(20) charset latin1 ) engine = innodb; Query OK, 0 rows affected (0.10 sec) root@localhost [(none)]\u0026gt; quit Bye Und dasselbe drüben auch noch mal.\nKK:zwei kris$ mysql5 --host=127.0.0.1 --port=3308 root@localhost [(none)]\u0026gt; select @@hostname, @@datadir; +------------+------------+ | @@hostname | @@datadir | +------------+------------+ | KK.local | /tmp/zwei/ | +------------+------------+ 1 row in set (0.00 sec) root@localhost [(none)]\u0026gt; create database kris; Query OK, 1 row affected (0.00 sec) root@localhost [(none)]\u0026gt; create table kris.t ( id integer not null primary key auto_increment, d varchar(20) charset latin1 ) engine = innodb; Query OK, 0 rows affected (0.06 sec) root@localhost [(none)]\u0026gt; quit Bye Nachdem wir jetzt eine Testdatenbank mit einer leeren Testtabelle haben, können wir replizieren. Wir setzen zunächst einmal den Server 3307 (eins) auf. Dazu definieren wir einen Account für zwei mit dem Privileg replication slave und notieren die Binlog-Position von eins:\nKK:zwei kris$ mysql5 --host=127.0.0.1 --port=3307 ... root@localhost [(none)]\u0026gt; grant replication slave on \\*.\\* to \u0026#39;zwei\u0026#39;@\u0026#39;127.0.0.1\u0026#39; identified by \u0026#39;s3cr3t!\u0026#39;; Query OK, 0 rows affected (0.05 sec) root@localhost [(none)]\u0026gt; show master status; +---------------+----------+--------------+------------------+ | File | Position | Binlog_Do_DB | Binlog_Ignore_DB | +---------------+----------+--------------+------------------+ | KK-bin.000003 | 106 | | | +---------------+----------+--------------+------------------+ 1 row in set (0.00 sec) root@localhost [(none)]\u0026gt; quit Bye Mit diesen Daten können wir nun zwei einrichten. Auch dort muß ein Account mit replication slave eingerichtet werden. Wir lassen außerdem einmal ein CHANGE MASTER Statement los, und starten den Slave auf zwei, sodaß er von eins repliziert. Am Ende notieren wir uns das Binlog von zwei, um auch auf eins ein CHANGE MASTER machen zu können.\nKK:zwei kris$ mysql5 --host=127.0.0.1 --port=3308 ... root@localhost [(none)]\u0026gt; grant replication slave on \\*.\\* to \u0026#39;eins\u0026#39;@\u0026#39;127.0.0.1\u0026#39; identified by \u0026#39;s3cr3t!\u0026#39;; Query OK, 0 rows affected (0.00 sec) root@localhost [(none)]\u0026gt; change master to master_host = \u0026#39;127.0.0.1\u0026#39;, master_port = 3307, master_user = \u0026#39;zwei\u0026#39;, master_password = \u0026#39;s3cr3t!\u0026#39;, master_log_file = \u0026#39;KK-bin.000003\u0026#39;, master_log_pos = 106; Query OK, 0 rows affected (0.80 sec) root@localhost [(none)]\u0026gt; start slave; Query OK, 0 rows affected (0.02 sec) root@localhost [(none)]\u0026gt; show slave status\\G ... Slave_IO_Running: Yes Slave_SQL_Running: Yes ... root@localhost [(none)]\u0026gt; show master status; +---------------+----------+--------------+------------------+ | File | Position | Binlog_Do_DB | Binlog_Ignore_DB | +---------------+----------+--------------+------------------+ | KK-bin.000003 | 246 | | | +---------------+----------+--------------+------------------+ 1 row in set (0.00 sec) root@localhost [(none)]\u0026gt; quit Bye Jetzt muß nur noch auf dem Server eins das CHANGE MASTER mit diesen Daten laufen.\nKK:zwei kris$ mysql5 --host=127.0.0.1 --port=3307 ... root@localhost [(none)]\u0026gt; change master to master_host = \u0026#39;127.0.0.1\u0026#39;, master_port = 3308, master_user = \u0026#39;eins\u0026#39;, master_password = \u0026#39;s3cr3t!\u0026#39;, master_log_file = \u0026#39;KK-bin.000003\u0026#39;, master_log_pos = 246; Query OK, 0 rows affected (0.77 sec) root@localhost [(none)]\u0026gt; start slave; Query OK, 0 rows affected (0.00 sec) root@localhost [(none)]\u0026gt; show slave status\\G ... Slave_IO_Running: Yes Slave_SQL_Running: Yes ... Wir haben nun einen Ring, der zwischen zwei Instanzen auf Port 3307 und Port 3308 repliziert. Das kann man auch sehen:\nKK:zwei kris$ lsof -i -n -P | grep my mysqld 1210 kris 11u IPv4 0x06091e98 0t0 TCP \\*:3307 (LISTEN) mysqld 1210 kris 31u IPv4 0x0ba6def8 0t0 TCP 127.0.0.1:3307-\u0026gt;127.0.0.1:50981 (ESTABLISHED) mysqld 1210 kris 37u IPv4 0x098bab4c 0t0 TCP 127.0.0.1:50989-\u0026gt;127.0.0.1:3308 (ESTABLISHED) mysqld 1282 kris 11u IPv4 0x0ba7eec8 0t0 TCP \\*:3308 (LISTEN) mysqld 1282 kris 31u IPv4 0x0ba7faec 0t0 TCP 127.0.0.1:3308-\u0026gt;127.0.0.1:50989 (ESTABLISHED) mysqld 1282 kris 35u IPv4 0x098b9b1c 0t0 TCP 127.0.0.1:50981-\u0026gt;127.0.0.1:3307 (ESTABLISHED) Jetzt können wir testen:\nKK:zwei kris$ mysql5 --host=127.0.0.1 --port=3307 -e \u0026#39;insert into kris.t values (NULL, \u0026#34;auf eins\u0026#34;);\u0026#39; KK:zwei kris$ mysql5 --host=127.0.0.1 --port=3308 -e \u0026#39;insert into kris.t values (NULL, \u0026#34;auf zwei\u0026#34;);\u0026#39; KK:zwei kris$ mysql5 --host=127.0.0.1 --port=3308 -e \u0026#39;select \\* from kris.t;\u0026#39; +----+----------+ | id | d | +----+----------+ | 1 | auf eins | | 2 | auf zwei | +----+----------+ KK:zwei kris$ mysql5 --host=127.0.0.1 --port=3307 -e \u0026#39;insert into kris.t values (NULL, \u0026#34;nochmal eins\u0026#34;);\u0026#39; KK:zwei kris$ mysql5 --host=127.0.0.1 --port=3307 -e \u0026#39;select \\* from kris.t;\u0026#39; +----+--------------+ | id | d | +----+--------------+ | 1 | auf eins | | 2 | auf zwei | | 11 | nochmal eins | +----+--------------+ Die Antwort lautet also:\nJeder Server hat seinen eigenen AUTO_INCREMENT-Zähler an der Tabelle, der mit dem auto_increment_offset initialisiert wird und der in Schritten von auto_increment_increment hochgezählt wird. Das geschieht jedoch nur, wenn ein Nullwert in die Tabelle eingetragen wird, also nur bei lokalen INSERT-Statements. Statements, die durch Replikation übermittelt werden, bringen einen Wert vom Master mit und zählen nichts hoch.\n","date":"2010-08-17T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/17/ein-ring-mit-zwei-mysql-servern-und-auto-increment-increment.html","tags":["mysql","replication","lang_de"],"title":"Ein Ring mit zwei MySQL-Servern und auto_increment_increment"},{"categories":null,"content":"The Fuller Memorandum , Charles Stross, EUR 9.90, 384 Seiten\nDer 3. Band mit Geschichten von Bob Howard, IT Specialist und Feldagent der Laundry, jener britischen Behörde, die sich darum kümmert, das niemand aus Versehen Cthulhu beweist.\nIm Laundryverse ist höhere Mathematik mit schwarzer Magie identisch und kann das Gewebe der Realität umdefinieren, und Verschwörungstheorien werden real, wenn nur genug Leute daran glauben. Im Fuller Memorandum muß sich Bob mit seinem merkwürdigen Chef, Angleton, auseinandersetzen. Wir erfahren, woher er kommt, wieso er nicht wirklich älter wird, und wir lernen eine Menge über das viktorianische London. Stross konsolidiert seine Laundry-Legende etwas, und wechselt die Erzählperspektive: Angleton fordert Bob auf, seine Memoiren zu schreiben, denn er sei ja nun schon länger im Dienst der Laundry und es wäre schlecht, wenn seine Erfahrung verloren ginge - wir bekommen also eine etwas ungewohnte Icherzähler-Perspektive im Präsens, die anfangs etwas Mühe beim Lesen macht. Dafür ist die Story weniger anstrengend als das um Anspielungen und Gags bemühte The Jennifer Morgue, und es beginnt sich abzuzeichnen, wie gritty und blutig das Laundryverse werden wird, sobald die Sterne richtig stehen und CASE NIGHTMARE GREEN eintritt.\n","date":"2010-08-16T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/16/fertig-gelesen-the-fuller-memorandum.html","tags":["book","review","cthulhu","media","stross","lang_de"],"title":"Fertig gelesen: The Fuller Memorandum"},{"categories":null,"content":"Immer mal wieder kommt jemand im Internet auf die Idee, wie man Master-Master und verteilte Transaktionen ganz einfach realisieren kann. MySQL verteilte Daten von Okami ist ein gutes Beispiel für diese Idee:\nWir nutzen dabei aus, dass MySQL bei zusammengesetzten Indizes einen AUTO_INCREMENT-Wert pro distinktem Schlüsselpräfix zählt. Das heißt ganz konkret: Wir legen einen Primär-Schlüssel aus zwei Spalten zusammen. In der ersten Spalte verwenden wir einen sehr kleinen Wert, der die Quelle der Daten kennzeichnet: Source tinyint unsigned NOT NULL; Den zweiten Teil legen wir als einfache ID int unsigned NOT NULL AUTO_INCREMENT an. Und ein Timestamp-Wert bietet sich für das Triggern der Updates an.\nDiese Lösung ist exemplarisch schön, weil sie beide Fehlannahmen enthält, die man bei der direkten Lösung des Problems machen kann.\nErstens setzt sie voraus, daß zusammengesetzte Primärschlüssel mit AUTO_INCREMENT portabel sind. Zweites setzt sie voraus, daß man mit Timestamps Änderungen replizieren kann. Zusammengesetzte Primärschlüssel Zunächst einmal ist es so, daß in InnoDB ein zusammengesetzter Primärschlüssel mit AUTO_INCREMENT nicht funktioniert.\nroot@localhost [kris]\u0026gt; create table t ( -\u0026gt; source tinyint unsigned not null, -\u0026gt; id int unsigned not null auto_increment, -\u0026gt; ts timestamp, -\u0026gt; primary key (source, id) -\u0026gt; ) engine = innodb; ERROR 1075 (42000): Incorrect table definition; there can be only one auto column and it must be defined as a key Dieses Feature existiert nur für MyISAM:\nroot@localhost [kris]\u0026gt; create table t ( -\u0026gt; source tinyint unsigned not null, -\u0026gt; id int unsigned not null auto_increment, -\u0026gt; ts timestamp, -\u0026gt; primary key (source, id) -\u0026gt; ) engine = myisam; Query OK, 0 rows affected (0.23 sec) Es ist eines der Standard-Migrationshindernisse von MyISAM nach InnoDB.\nDas \u0026ldquo;macht\u0026rdquo; nichts, da MySQL einen anderen Mechanismus zur Verfügung stellt, der mit einem einfachen AUTO_INCREMENT auskommt und dieselbe Logik nachbildet: Die Variablen auto_increment_increment und auto_increment_offset erlauben es, einen AUTO_INCREMENT Zähler in Sprüngen hochzuzählen und jedem Server einen anderen Modulo-Wert zuzuteilen. Man setzt dazu auto_increment_increment auf allen Servern auf die Anzahl der Server (oder besser, die maximale Anzahl der Server, die man jemals haben will) und auto_increment_offset auf den Wert, den man sonst in source eingespeichert hätte. Man teilt also jedem Server einen anderen Startwert zu, und setzt eine ausreichend große Schrittweite, sodaß man auch später noch Server einfügen kann.\nMulti-Master für mehr als INSERT: 2PC Damit löst man jedoch nur das Problem der INSERT-Statements, nicht das Problem von UPDATE- und DELETE-Statements. Zum Beispiel ist es so, daß man ein Paar von Servern mit auto_increment_increment = 2 betreiben kann und ein Server ungerade und der andere gerade IDs erzeugt. Der ungerade Server bekommt die geraden IDs per Replikation und umgekehrt.\nNatürlich kann man nun auf dem ungeraden Server und dem geraden Server zeitgleich den Datensatz mit der ID = 17 ändern, und zwar uneinheitlich, d.h. auf einem Server setzt man preis = 2 und auf dem anderen zeitgleich preis = 3. Es ist nun zufällig, welcher Preis sich systemweit durchsetzt und ob das System überhaupt auf einen einheitlichen Preis konvergiert, denn es gibt keinen Systemweiten Mechanismus, der das kontrollieren und steuern würde.\nMySQL Cluster hat einen solchen Mechanismus, 2PC , und er hat einen hohen Preis (Latenz). Ohne einen solchen Mechanismus gibt es jedoch keinen Multi-Master, sondern nur lose gekoppelte Server in einem Ring.\nDer Ring jedoch kann ohne ein Protokoll für verteilte Transaktionen jederzeit auseinander fallen, wenn man nicht zusätzliche Bedingungen aufstellt, wer wann wo schreiben darf. Der Extremfall sind Mogelpackungen wie MMM , die sich zwar Master-Master nennen, Schreibzugriffe zu jedem gegebenen Zeitpunkt aber nur an einer Stelle zulassen.\nTimestamps reichen nicht aus für eine Replikations-Simulation Der zweite häufig gemachte Fehler ist die Annahme, daß Timestamp-Werte ausreichend sind für eine Replikations-Simulation (also um Änderungen zu tracken). Das fällt zweimal auf die Nase: Timestamps sind extern getaktet, so werden also so schnell hochgezählt wie die Auflösung des Timers definiert ist. In MySQL also wird maximal eine Änderung pro Sekunde pro Row erfaßt. Treten Änderungen schneller als das auf, ist es möglich, daß sich der Wert eines Records ändert, aber der Timestamp nicht.\nDie Abhilfe sind Versionszähler, die durch die Änderung selbst getaktet werden. Da die Änderung auch den Versionszähler verändert, ist sie auf jeden Fall erkennbar, egal wie schnell sie hintereinander auf derselben Row erfolgt. Die Grenze ist hier das zum Zählen notwendige Locking, das der Zählfrequenz eine obere Grenze setzt.\nBeide Verfahren scheitern jedoch an Löschungen, da ein DELETE die Row entfernt und damit auch der Zähler fehlt - man bekommt bei gelöschten Rows also gar nicht mit, daß etwas zu machen ist.\nÜblicherweise behilft man sich mit Scheinlöschungen, die ein deleted-Flag in der Zeile setzen, die als gelöscht gelten soll. Das wiederum macht alle Abfragen komplizierter, da jeder Bedingung ein WHERE deleted = 0 AND \u0026hellip; zugefügt werden muß.\n","date":"2010-08-16T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/16/master-master-und-distributed-transactions.html","tags":["mysql","replication","lang_de"],"title":"Master-Master und Distributed Transactions"},{"categories":null,"content":"Batwoman: Elegy (Deluxe Edition), Greg Rucka, J.H. Williams III, EUR 18.00, 192 Seiten.\nIch glaub es liegt an mir. DC hat die Angewohnheit, sich alle paar Jahrzehnte in seiner Geschichtenerzählung zu verrennen und muß dann sein Universum neu starten. Neulich war es mal wieder so weit, und wir bekommen nun offenbar einen Haufen Romane, in denen die Ursprungsgeschichte der verschiedenen Superhelden mal wieder umgebaut wird und neu erzählt wird. Wahrscheinlich bin ich zu alt, aber mir geht das auf den Sack.\nWie dem auch sei, Batwoman Elegy ist eine neue Batwoman, mit einem neuen Hintergrund, aus einem neuen Restart von DC. Writer ist Greg Rucka, Zeichner ist J.H. Williams III und sein Zeichenstil könnte mir eigentlich zusagen. Der neue NCIS-hafte militärisch-kriminalistische Hintergrund, und die animehafte Verquickung von unwahrscheinlichen Schicksalen (\u0026ldquo;Bei der Geburt getrennt und jetzt Gegnerinnen\u0026rdquo;) passen aber nicht zu meinem Bild der Gothamiten, und so ist das wahrscheinlich mein letzter Kauf im neu gestarteten DC Universum gewesen.\n","date":"2010-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/14/fertig-gelesen-batwoman-elegy.html","tags":["book","review","comic","media","lang_de"],"title":"Fertig gelesen: Batwoman Elegy"},{"categories":null,"content":"(Teil 3, siehe auch Teil1 und [Teil 2]({* link _posts/2010-08-06-netzwerk-berlast-vs-netzwerkneutralit-t.md %}), Petition hier Mein DSL hat 16 MBit im Downstream. Das heißt, ich bekomme 16 000 000 Bit/s geliefert, also etwas unter 2 Megabyte pro Sekunde. Ein Tag hat 86400 Sekunden und würde ich meinen Download rund um die Uhr am Anschlag laufen lassen, wären das etwa 160 GB am Tag. Mit 30 Tagen im Monat also etwa 4.5 Terabyte im Monat als theoretisches Trafficmaximum.\nWürde ich das tatsächlich machen, würde mein Provider wahrscheinlich ein ernstes Gespräch mit mir führen, Flatrate oder nicht.\nMeistens stehen ausdrückliche Verkehrslimits in den Verträgen im Kleingedruckten (\u0026ldquo;nicht mehr als 1 TB pro Monat\u0026rdquo;) - insbesondere bei Handy-\u0026ldquo;Flatrates\u0026rdquo; - oder sie werden als weiche Klauseln formuliert (\u0026ldquo;behält sich vor, den Vertrag zu kündigen, wenn mißbräuchliche Verkehrsmengen erzeugt werden\u0026rdquo;). Erstere Formulierung ist aus Kundensicht weitaus besser als zweitere, denn Verträge macht man ja nicht für die Zeit, wenn man sich lieb hat, sondern für den Fall, daß man einmal Streit hat.\nWenn Provider Verträge untereinander machen, dann stehen da in der Regel untereinander nicht Volumina in den Verträgen (\u0026ldquo;5 TB pro Monat\u0026rdquo;), sondern durchschnittliche und Spitzenbandbreiten (\u0026ldquo;nicht mehr als durchschnittlich 16 MBit/s im Monatsmittel und nicht mehr als 100 MBit/s Spitzenlast\u0026rdquo;). Diese Werte kann man dann mehr oder weniger direkt in einen Trafficshaper fallen lassen und die Limits umsetzen. Meist steht in so einem Vertrag - wenn die Techniker ihre Anwälte korrekt eingenordet haben - im Rahmen eines Service Level Agreements auch was zu anderen Parametern der Leitung - Verfügbarkeit, Paketverlustraten und Latenzen (Pingzeiten) zum Beispiel.\nDer Punkt dabei ist, daß man im Rahmen einer solchen Spezifikation Trafficmanagement betreiben kann.\nDas heißt, der Bandbreite liefernde Provider - der Anbieter - kann die vertraglich zugesicherten Eigenschaften durch Trafficshaping erzwingen. Und der die Bandbreite nutzende Provider - der Kunde - kann die ihm bereitgestellte Bandbreite durch eigene Maßnahmen aufteilen und regeln. Das ist das, was man erwartet und rechtlich wie netz-ideologisch vollkommen legitim.\nEs wäre absurd, würde der die Bandbreite stellende Provider diese Regelung vornehmen (\u0026lsquo;Zu IP-Nummern im Netz von Google nicht mehr als 1 MBit/s im Monatsmittel und nicht mehr als 1 MBit/s Spitzenlast\u0026rsquo;). Es kommt also darauf an, bei wem die Kontrolle über die Bildung von Verkehrsklassen liegt, über die in dieser Diskussion andernorts immer wieder geredet wird. Es kommt nicht darauf an, welcher Provider dabei mitwirkt, solange die Kontrolle an der richtigen Stelle - beim Kunden - liegt.\nDas ist Netzneutralität erster Ordnung - direkte Netzneutralität. Wenn der Kunde diese Kontrolle nicht hat oder aus technischen Gründen nicht haben kann (mir fällt grad kein Szenario ein, bei dem das zwingend so wäre), dann kann man Traffic nach fixen Prioritäten mit variablen Grenzen priorisieren. Der Kunde stellt sich eine Hierarchie von Traffic auf: Bei den meisten Kunden ist die recht ähnlich und sieht wahrscheinlich wie unten gezeigt aus (Vielleicht Position 1 und 2 getauscht).\nLatenz-sensitive Anwendungen: Spiele und interaktive Unterhaltung\nInteraktives Streaming: Telefonie und Videofonie\nUnidirektionale Streams: Webradio, Videostreamsinteraktive Anwendungen ohne kritische Latenz: Chat, Webtraffic\nUnidirektionaler Verkehr ohne Latenz: Downloads\nBidirektionaler Bulk-Traffic: P2P, Swarm Load\nWichtig ist, daß den einzelnen Klassen keine festen Bandbreiten zugeordnet werden, sondern daß der Kunde seine gesamte gekaufte Bandbreite voll nutzen kann, wobei Verkehr aus einer höheren Klasse Verkehr aus einer niederen Klasse verdrängt (oder bis auf eine garantierte Minimum-Bandbreite zusammendrückt). Würde man feste Grenzen zuordnen, sind Szenarien denkbar, bei denen der Kunde seine gekaufte Bandbreite nicht voll nutzen kann, weil er nicht den Traffic von der richtigen Art hat (\u0026ldquo;Ja, sie haben noch 15 MBit/s frei, aber die sind nur für Telefonie und nicht für P2P nutzbar\u0026rdquo;).\nWichtig ist aus wettbewerbsgründen auch, daß nach Diensten unterschieden wird (durch QoS-Merkmale an den Paketen, aber dann kontrolliert es ja wieder der Kunde, oder Port-Nummern), aber nicht nach Dienstanbietern (nach IP-Nummern oder den AS-Nummern, die den IPs zugeordnet werden können), sodaß die Klasseneinteilung Anbieter-agnostisch ist.\nDas ist Netzwerkneutralität zweiter Ordnung, indirekte Netzwerkneutralität. Keine Netzwerkneutralität liegt vor, wenn der Anbieter beim Kunden dafür kassiert, daß bestimmte Dienste von Dritten besser (oder überhaupt) funktionieren, der Anbieter also den Dritten als Geisel nimmt, um gegenüber dem Kunden die Dienstleistung von Dritten zu monetarisieren. Das ist ein klarer Verstoß gegen Netzwerkneutralität - und wahrscheinlich auch ein Verstoß gegen EU-Wettbewerbsrichtlinien.\nDas bringt uns dann zu den Scheinheiligkeiten in dieser Diskussion.\n\u0026ldquo;Die Verkehrsmenge steigt und wir müssen sie managen\u0026rdquo; ist ein technisches Argument und kann Anbieter- und Kunden-agnostisch gelöst werden - Netzwerkneutralität zweiter oder erster Ordnung können problemlos gewährleistet werden. Ein erster Schritt dazu wäre es, das unsinnige Wort \u0026ldquo;Flatrate\u0026rdquo; auszumerzen und den Kunden (Endkunden!) die Begriffe Volumen, Bandbreite und Latenz beizubringen und sie zu lehren, was für Anforderungen sie denn so im Rahmen dieser Begriffe im Schnitt an ihren Netzwerkanschluß haben.\nDie meisten Kunden wissen es nicht und es ist die Unsicherheit, die aus dieser Unwissenheit folgt, die sie eine \u0026ldquo;Flatrate\u0026rdquo; kaufen läßt (die gar keine ist). Kunden, die wissen, was sie brauchen, können mit ihrem Diensteanbieter dan auch sinnvoll argumentieren und vor allen Dingen echte Angebote mit echten technischen Daten vergleichen. Das ist genau die Situation, die die Diensteanbieter vermeiden wollen.\n\u0026ldquo;Die Verkehrsmenge steigt und wir müssen sie managen\u0026rdquo; ist genau nicht das, was die Anbieter wollen, die gerade die Diskussion um die Aufhebung des Status Quo vom Zaun brechen. Was sie eigentlich wollen ist \u0026ldquo;Wir wollen nicht länger inhaltsagnostisch Pakete als Schüttgut durch die Gegend schippern, weil da die Margen doof sind. Sondern wir wollen den subjektiven Wert eines jeden Datenpaketes für Absender und Empfänger ermitteln und differenziert monetarisieren.\u0026rdquo;\nOder, in klareren Worten: \u0026ldquo;Deine Skype-Pakete sind Dir mehr wert als Deine P2P-Pakete. Wäre doch schade, wenn denen was passiert, oder?\u0026rdquo;.\nDas kann Telekom-Verizon-Telefonica-Vodafone-wasauchimmer natürlich nicht so formulieren, darum das Getue um Bandbreiten-Engpässe und die allgemeine Angstrethorik (cf. Matthias Schwenk bei Carta.Info und die eigenartige Reaktion bei der Enquete ).\nNetzneutralität erster und zweiter Ordnung dient dazu, egal wie man sie formuliert, diese Erpressungsversuche der Provider (bei der Enqueue verwendet man stattdessen das Wort Differenzierung) im Kern zu verhindern. Das ist ordnungspolitisch notwendig, weil man sonst Providern jede Motivation nimmt, Bandbreite auszubauen - im Gegenteil, die Geschäftsgrundlage für das Erpressungsgeschäft bricht zusammen, sobald das Netz ausreichend Kapazität hat.\nUnd es ist systematisch notwendig, weil man sich sonst auch wettbewerbsrechtlich ins Bein schießt.\nUnd eigentlich sollten sich auch die Provider überlegen, was genau sie da tun und wollen. Denn wenn sie \u0026ldquo;Traffic managen\u0026rdquo;, indem sie in die Pakete hineinsehen - mit Deep Packet Inspection - dann können sie sich nicht mehr auf ihren \u0026ldquo;Ich transportiere die Ware nur, ich weiß nicht was drin ist\u0026rdquo;-Status zurückziehen und müssen sich sehr bald Forderungen stellen, die für AlQuadiaTerroristenRaubkopierKinderschänderDatenPakete eine gemanagete Bandbreite von 0 fordert - da tut sich dann sehr bald für Providers wie auch für Kundens eine ganze Menge Spaß auf.\nWeitere lesenswerte Artikel zum Thema:\nEnno Park: Google jetzt offiziell “evil” – Initiative “Pro Netzneutralität” gegründet. Enno hat einige interessante Vergleiche da drin. Technology Liberation Front: Deconstructing the Google-Verizon Framework. Die Dekonstruktion besteht in einem Vergleich des Google/Verizon-Vorschlags mit dem aktuellen Stand einer möglichen FCC-Regulierung. Die Unterschiede sind weitaus kleiner als vermutet, aber interessant. Wired.com: Why Google Became A Carrier-Humping, Net Neutrality Surrender Monkey. TL;DR ist im wesentlichen: Googles Geschäft muß sich diversifizieren, und Android und Youtube sind Ecksteine in diesem Plan. Google braucht die Carrier als Verbündete, damit dieser Plan aufgeht. c\u0026rsquo;t (Heise): Umfrage zu Schmalbandanschlüssen (Teil von Internet der Zukunft . \u0026ldquo;Einige Ergebnisse [der Umfrage] entsprachen den Erwartungen, andere hingegen boten Überraschungen. Etwa dass fast neunzig Prozent der Teilnehmer eher aufs Fernsehen verzichten würden als auf einen Breitbandanschluss. ","date":"2010-08-14T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/14/netzneutralit-t-was-ist-okay-und-was-ist-es-nicht.html","tags":["internet","netzneutralität","politik","lang_de"],"title":"Netzneutralität - was ist okay und was ist es nicht?"},{"categories":null,"content":"Sturm über roten Wassern , Scott Lynch, EUR 16.00, 944 Seiten.\nNach den Lügen von Locke Lamora stellte ich erfreut fest, daß es einen zweiten Band gibt.\nDie Folgen der Ereignisse in Camorr haben es notwendig gemacht, daß Locke und sein Freund die Stadt verlassen. Nach einigen Verwicklungen landen sie in Tal Verrar, wo sie das Projekt beginnen, ein großes und sehr gut gesichertes Spielcasino auszunehmen. Doch auch hier werden sie in politische Verwicklungen hineingezogen: Die Stadt wird von einem Rat regiert, der die Regierungsgewalt an einen Archonten abgetreten hat - nur vorübergehend natürlich, bis das Piratenproblem behoben ist. Das ist es nun, und der Archont hätte gerne wieder mehr Piraten, der Rat die Macht zurück, die Piraten bestehen ebenfalls aus mehreren Fraktionen und Locke hat außerdem immer noch Ärger mit den Soldmagiern aus Band 1, die sich als überaus nachtragend erweisen. Die Gentleman-Ganoven stehen jetzt vor dem Problem, die verschiedenen Interessengruppen gegeneinander auszuspielen, auf hoher See zu überleben und außerdem noch ihren Casino-Coup durchzuziehen.\nScott Lynch wechselt den Erzählstil ein wenig, denn der einführende Lost-artige Rückblendenstil aus dem ersten Teil würde nun, da die Vorgeschichten der Charactere bekannt sind, nicht mehr funktionieren. Stattdessen weitet er den Fokus aus, und zeigt dem Leser mehr Orte und Hintergrund seiner Erzählwelt, ohne zu viel an Erzähltempo zu verliere. Wenn man sich darauf einläßt, bekommt man eine Geschichte mit einer cinestisch aufgemachten Handlung, die noch mehr an eine gute Shadowrun-Story in einer Fantasywelt erinnert als es schon der erste Teil tut.\n","date":"2010-08-12T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/12/fertig-gelesen-sturm-ber-roten-wassern.html","tags":["book","review","media","lang_de"],"title":"Fertig gelesen: Sturm über roten Wassern"},{"categories":null,"content":" Die Initiative Pro-Netzneutralität schreibt:\nWir wollen ein freies und offenes Internet sicherstellen.\nEin freies Internet ohne staatliche oder wirtschaftliche Eingriffe ist Garant für freien Meinungsaustausch weltweit und damit die direkte Ableitung des Rechts auf Meinungsfreiheit. Netzneutralität ist elementar für unsere Demokratie.Netzneutralität fördert die Entfaltung kreativer und ökonomischer Potentiale und sichert damit das Innovationspotential des Internets.\nDie Innovationsfähigkeit der Wirtschaft wird gestärkt wenn Entwicklungen frei online verfügbar sind und auch in neuen kollaborativen Ansätzen weiterentwickelt werden können.\nInnovationen brauchen Offenheit – die Möglichkeiten des Internets auf einige wenige Privileigierte zu beschränken, läuft dem entgegen.\nUnterstütze die Initiative und Zeichne Mit! .\n","date":"2010-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/11/netzneutralit-t-ist-der-schl-ssel-zur-wahrung-des-freien-internets.html","tags":["internet","netzneutralität","politik","lang_de"],"title":"Netzneutralität ist der Schlüssel zur Wahrung des freien Internets!"},{"categories":null,"content":"Die Lügen des Locke Lamora , Scott Lynch, EUR 14.00, 848 Seiten.\nVia Heiko fand sich neulich Die Lügen des Locke Lamora auf dem Wohnzimmertisch und ich bin übel dran hängen geblieben.\nEine Diebesgeschichte. Camorr, eine Stadt wie ein übel korrumpiertes Venedig, in der sich noch die Überreste einer älteren, höheren Zivilisation finden. Locke Lamora, ein Waisenkind, das zum Dieb erzogen wird und den Geheimen Frieden zwischen dem Adel und der vom Adel geduldeten Diebesgilde bricht: In komplizierten und ineinander verschachtelten Plots und Hochstapeleien ziehen Locke und seine Gang, die Gentleman-Gangster die Reichen und Mächtigen der Stadt ab. Bis sie in den Plot eines anderen geraten, der Rache will.\nMan stelle sich eine Fantasy-Gegend nicht unähnlich den Küstenstaaten in Midgard vor, in denen der Autor Geschichten im feinsten Stil von Shadowrun erzählt, mit Plänen innerhalb anderer Pläne und Verrat an Verrätern.\nScott Lynch erzählt die Geschichte der Gentleman-Ganoven und ihrer Coups, und schneidet immer wieder Rückblenden ein, in denen er auf die einzelnen Gangmitglieder fokussiert und ihre Geschichte und ihren Werdegang beleuchtet, um die Charactere besser zu zeichnen. Parallel dazu legt er in der Haupthandlung ein halsbrecherisches Tempo vor, in dem eine Überraschung oder Eskalation die nächste jagt. Am Ende macht der Held mal gerade so seinen Schnitt - aber was dazwischen passiert ist spannend zu lesen.\n","date":"2010-08-10T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/10/fertig-gelesen-die-l-gen-des-locke-lamora.html","tags":["book","review","media","lang_de"],"title":"Fertig gelesen: Die Lügen des Locke Lamora"},{"categories":null,"content":"Der Name des Windes: Die Königsmörder-Chronik. Erster Tag , Patrick Rothfuss, 16.95 EUR, 896 Seiten.\n\u0026ldquo;Der Name des Windes\u0026rdquo;, Patrick Rothfuss\nVor einem oder gar zwei Geburtstagen sandte mir Martin dieses Buch zu, aber ich bin schon lange nicht mehr zum Lesen von Papier gekommen, also stand es herum. Jetzt habe ich endlich Gelegenheit gehabt, mir das Buch vorzunehmen.\nKvothe ist ein Gastwirt und ein gebrochener Mann, doch einst war er ein berücktigter Zauberer und Musiker, um den sich zahlreiche Legenden ranken. Der Chronist spürt Kvothe auf und versucht durch die Legenden und Geheimnisse zu dringen und die wahre Geschichte von Kvothe aufzuschreiben. Zusammen mit dem Chronisten tauchen wir ein in die Geschichte von Kvothe, einem Jungen aus ärmlichen Verhältnissen, der versucht, seiner Begabung gerecht zu werden und sich selbst zu finden, und den aus irgendeinem Grunde die Welt als Helden sieht.\nDer Name des Windes ist endlich einmal High Fantasy ohne Bananenplot (\u0026ldquo;Wenn das geweissagte Kind und die Banane zusammen kommen wird der fiese X, der sich die Banane widerrechtlich angeeignet hat, endlich gestürzt werden\u0026rdquo;) und kontinentgroße Armeen von Monstern. Stattdessen haben wir eine Geschichte mit einer wunderbaren Sprache, echten Characteren und einer dichten Atmosphäre.\nDas sehr lesenswerte erste Buch einer Trilogie, von der der 2. und 3. Teil noch nicht geschrieben werden (und bei dem der Autor mehr als ein Jahrzehnt für den ersten Teil gebracht hat). Lästig, denn es wird den 2. Band frühestens 2011 geben, falls Patrick Rothfuss seine Termine hält.\n","date":"2010-08-08T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/08/fertig-gelesen-der-name-des-windes.html","tags":["book","media","review","lang_de"],"title":"Fertig gelesen: Der Name des Windes"},{"categories":null,"content":"Lustige Dinge passieren. Alle Welt rüstet ihre Android-Telefone zum Beispiel auf das aktuelle 2.2 \u0026ldquo;FroYo\u0026rdquo; auf, nur Vodafone nicht. Als strikte Anhänger der Auffassung, daß es den Geschmack verbessern wenn sie in etwas hineinpinkeln, lassen sie stattdessen eine Branding-Welle über die Benutzer rollen.\nHeise :\nStatt der erhofften Aktualisierung auf die Android-Version 2.2 (Froyo) bekamen die Nutzer jedoch lediglich Zugangssoftware für Vodafones Online-Dienst 360 installiert – zudem änderte das Update die Startseite des Browsers, setzte verschiedene neue Bookmarks und installierte ein Vodafone-Startlogo. Einige Anwender berichten, dass sich die Akkulaufzeit des Gerätes verschlechtert habe, bei anderen seien alle Kurznachrichten plötzlich doppelt vorhanden.\nDie Reaktion der Benutzer kam für Vodafon unerwartet: Man rottet sich zusammen, organisiert sich und prügelt auf den Dienstleister (Wie nennt man einen Dienstleister, dessen Dienst eine Last ist? Dienstlaster?) ein, zum Teil an prominenter Stelle .\nVodafon leckt sich die Wunden und robbt zurück - das Rollout ist gestoppt.\nSpannend, gleich zwei Mal. Erstens: Benutzer können sich inzwischen schnell genug und gut genug organisieren, um diese Wirkung auf den Dienstleister zu haben. Zweitens: Inzwischen ist bei Mobiltelefonen das System wichtiger als das Netz. Benutzer kaufen Telefone nach Betriebssystem und Version und legen Wert darauf, Updates unverfälscht und zeitnah zu bekommen.\nDie Strategie zeigt Wirkung?\nUpdate: Tut sie. Golem schreibt:\nAb kommendem Montag, dem 23. August 2010, beginnt Vodafone hierzulande, Android 2.2 für HTCs Smartphone als \u0026ldquo;Firmware over the Air\u0026rdquo; (FOTA) auszuliefern…. Vor allem die fest integrierten Vodafone-360-Applikationen störten viele Besitzer des HTC Desire. Auch das Branding verärgerte viele Kunden, die das HTC Desire nur gekauft hatten, weil sie von Vodafone beim Gerätekauf die Zusicherung erhalten hätten, dass das Gerät kein Branding aufweist. Daher soll das ab Montag bereitgestellte Update auf Android 2.2 ohne Branding und ohne vorinstallierte Vodafone-360-Applikationen erscheinen. Anpassungen soll es lediglich bei den Netzwerkeinstellungen geben, versicherte der Konzern Golem.de.\n","date":"2010-08-06T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/06/branding-gestoppt-wegen-benutzerprotesten.html","tags":["google","mobiltelefon","lang_de"],"title":"Branding gestoppt wegen Benutzerprotesten"},{"categories":null,"content":"Ich wollte eigentlich nichts zu Liquid Feedback schreiben, nachdem Frank Rieger das bereits alternativlos perfekt getan hat. Aber dann hat die Diskussion mich gefunden - erst im Twitter und dann in meinem \u0026lsquo;Heimatchannel\u0026rsquo; im Irc, quasi direkt auf der Couch.\nWie fange ich an? Für die, die die letzten Wochen unter einem piratenfreien Stein gelebt haben: Das Flaggschiff der Piraten, das eine Ding, das die Piraten als politisches Experiment definiert, ist das Liquid Feedback System. Es handelt sich um ein System, das den nahtlosen Übergang zwischen Direkter Demokratie und Delegation an einen Repräsentanten ermöglichen soll.\nWenn mich eine Sache interessiert und ich mich damit auszukennen glaube, dann kann ich in LF an einem Thema, Positionen und Anträgen direkt arbeiten und auch mit Abstimmen. Wenn nicht, dann kann ich mir jemanden suchen, den ich für schlau halte und ihm meine Stimme delegieren, zu einer Sache, zu einem Thema oder Global. Die Delegation ist anders als bei einer Wahl nicht für eine Legislaturperiode, sondern ich kann die Delegation auch jederzeit zurück ziehen. Delegation ist auch transitiv: Wenn mir jemand seine Stimme delegiert und ich das nicht selber machen will, dann delegiere ich nicht nur meine eigene Stimme, sondern auch die an mich delegierten Stimmen weiter (und die eigentlichen Stimmrechts-Inhaber können sehen, wo sie rauskommen und die Konsequenzen ziehen, wenn sie das wollen).\nKurz: LF ist so eine Art Abgeordnetenwatch mit dauernd mit laufenden Wahlen. Ich kann sehen, wer wie abgestimmt hat, wer an wen delegiert hat, und wer wie wann welchen Antrag wie geändert hat. Eine tolle Sache, die die Seele der Piraten auf den Punkt bringt: Kompetenz soll die Politik bestimmen, Transparenz ist das Gebot des Handelns und Technik wird innovativ eingesetzt statt sie zu fürchten.\nAlle Piraten? Nein, es gibt eine Gruppe von Piraten, die bei LF argumentiert wie die CDU bei Abgeordnetenwatch : LF ist böse, denn es verletzt die Privatsphäre.\nDas ist eine wirre Argumentation, denn das Politische ist so etwas wie per Definitionem das Gegenteil des Privaten. Es ist bei uns die Aufgabe des Volkes, die Politiker zu kontrollieren und es ist die politische Agenda der Transparenz, die sich nun gerade die Piraten auf die Fahne geschrieben haben.\nLiquid Feedback ist nun ein System, das konstruiert worden ist, die Grenze zu politischem Engagement aufzubrechen. Das kann man sich vorstellen, wie die Anfänge der Bloggerei. Vor Blogs und anderen einfachen Formen der Publikation in der Öffentlichkeit waren Urheberrecht, Markenrecht, Beleidigungstatbestände und dergleichen recht exotische Spezialtatbestände im Recht, die kaum jemanden außer ein paar Spezialisten interessiert haben. Da nun aber jeder jederzeit beliebig große Öffentlichkeiten schaffen kann, ja sogar Witzeleien um umgefallene Blumenkübel Artikel im Spiegel wert sind, sind diese Themen plötzlich für Jedermann relevant.\nLF ist nun angetreten, so etwas mit politischem Engagement zu machen: Mitarbeit am Meinungsbildungsprozeß und an politischer Willensbildung soll durch LF vereinfacht werden, und Politik soll dichter in das Leben eines Jeden integriert werden können. Das hat Konsequenzen, und ein Teil der Piratenpartei weigert sich gerade, diese Konsequenzen mitzutragen und Verantwortung zu übernehmen (Erinnert mich an GEZ für Zeitungen fordern, aber nicht nach 7 Tagen löschen wollen ).\nPolitisch engagierte Personen sind jedenfalls Personen, die besonderen Transparenzforderungen ausgesetzt sind und vom Wähler besonders beobachtet werden, und das ist gut so. Die Piratenpartei ist außerdem gerne vorne mit dabei, wenn es darum geht, solche Transparenz einzufordern. Und das ist auch gut so. Nur wenn es um die eigene politische Willensbildung geht, dann will man plötzlich das Unmögliche und vor allen Dingen das Untragbare - anonymes politisches Engagement und weiter mauscheln wie bisher.\nDas geht so nicht.\nWenn ich jemandem meine politische Macht delegiere, dann will ich wissen, wer das ist. Dann will ich vertrauen können. Vertrauen ist die Hoffnung, daß das Verhalten einer Person in der Vergangenheit ein ungefähres Maß für das Verhalten dieser Person in der Zukunft ist. Es setzt voraus, daß die Vergangenheit offengelegt wird (Transparenz), daß die Aktionen und Abstimmungen dieser Person unter einer Identität erfolgt sind (Verkettbarkeit) und daß diese Übersicht vollständig ist. Weil das so ist, ist anonyme politische Betätigung ein Widerspruch in sich - das Politische ist das Gegenteil des Privaten.\nDas kann, nein, das muß man akzeptieren und daran wachsen.\nOder man bekommt eine Partei von Mäusen. Und ein kastriertes Liquid Feedback, das nur ein mit GPG gepimptes Doodle ist (Danke, @tarzun für dieses Bild).\nAnderswo zum Thema: Spiegel Online: Online-Mitbestimmung Piraten streiten über Demokratie-Wunderwaffe Heise Newsticker: Piratenpartei auf der Gratwanderung zwischen Transparenz und Datenschutz Netzpolitik.org: Andreas Pohl mit einer Art Kompromißvorschlag (der aber am Kern der Argumentation der Gegner vorbei geht, AFAIK) Lesenswerte Analysen (statt Berichte): Frank Rieger Maha ","date":"2010-08-06T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/06/ein-sturm-aus-schei-e-ist-auch-eine-art-fl-ssiges-feedback.html","tags":["piraten","politik","lang_de"],"title":"Ein Sturm aus Scheiße ist auch eine Art flüssiges Feedback"},{"categories":null,"content":"(Grr, nicht genug Zeit, das so klar zu machen, wie ich es haben will… Egal - ich drück jetzt \u0026ldquo;Post Article\u0026rdquo;)\nDies ist der Folgeartikel zu Teil 1 .\nMedienkonvergenz Phase I heißt, daß ich einen Haufen Dienste, die früher auf unterschiedlichen Medien, Übertragungswegen und in unterschiedlichen Formaten vorgelegen habe, nun alle auf das Internet migriere und alles über dieselbe Leitung abwickele. Typisch wird \u0026ldquo;Triple Play\u0026rdquo; genannt, also Telefonie, Internet-Zugriff und Zugriff auf klassische Rundfunkinhalte.\nWenn ich das mache, habe ich das Problem, daß ich das Netz lokal überlasten kann (das kann ich immer) und das doof finde.\nLokal heißt \u0026ldquo;an einem Router\u0026rdquo;. Der kann irgendwo im Netz stehen - beim Dienstanbieter, mittendrin auf der Strecke, oder der kleine Plastik-Türstopper bei mir daheim. In der Zeichnung hier nehmen wir mal einen Router in einer Firma, und drei PCs.\nEin Router, links das Internet und rechts drei PCs. Der Router wird von rechts mit mehr Daten angeblasen als er nach links los werden kann - eine Warteschlange entsteht.\nDer meiste Datenverkehr ist lokal, und die meisten Router haben intern mehr Kapazität als sie Anbindung nach oben haben. In unserem Beispiel haben wir drei PCs angeschlossen, die jeweils mit 100 MBit/s Ethernet arbeiten und wir haben eine echt dicke Internet-Anbindung von ebenfalls 100 MBit/s. Solange die PCs untereinander reden ist alles gut.\nWenn alle drei sich aber nun entschließen, große Datenmengen hochzuladen, zum Beispiel jeweils ein DVD-Iso nach irgendwo ins Internet zu schießen, dann haben wir drei Datenquellen, die jeweils 100 MBit/s in den Router rein senden und einen Abfluß ins Internet von nur 100 MBit/s.\nZwei Sachen passieren.\nErstens: Es entsteht eine Sendewarteschlange am Router. Der Router muß also lokalen Speicher aufwenden, um Daten kurzzeitig zu puffern und so die Lastspitze abzufangen.\nZweitens: Der Router wird versuchen, die Senderate der drei PCs mit Hilfe von Flow Control (hier eher: Congestion Control) Mechanismen herunter zu regeln, so lange bis die aggregierte Bandbreite der drei Sender seine Bandbreite im Abfluß nicht mehr übersteigt - genau genommen versucht er schon im Ansatz die Sender so einzuregeln, daß die Überlastsituation möglichst nicht eintritt.\nGelingt es nicht, die Senderate der Rechner zu bremsen, läuft der Router voll und er muß, damit sein Arbeitsspeicher nicht überläuft, Pakete verwerfen.\nGibt man dem Router keine weiteren Hilfen an die Hand, dann wird er alle Dienste auf allen PCs gleichmäßig bremsen und er wird nach dem Zufallsprinzip anfangen Pakete zu verwerfen.\nDas ist genau nicht die User Experience, die der Benutzer typischerweise will, denn dem sind bestimmte Dienste wichtiger als andere.\nNetzneutralität im engeren Sinne hat man dann, wenn der Benutzer selbst in der Lage ist, die Priorisierung in einer solchen Situation nach seinen Wünschen zu beeinflussen und nicht der Netzbetreiber Verfügbarkeit und relative Leistung von Diensten oder Anbietern diktiert.\nSoweit die Technik.\nPolitik statt Technik Den Netzbetreibern geht es bei der nicht-technischen, politischen Diskussion jetzt darum, diese Unterscheidung zu relativieren und sich selbst in die Lage eines Gatekeepers zu bringen. Also die Kunden gegenüber dem Dienstanbieter als Geiseln zu benutzen und zu sagen: An meine Endkunden kommst Du überhaupt/mit vernünftiger Leistung/mit allen Diensten und Features nur heran, wenn Du nicht nur Deinen Provider bezahlst, sondern auch mich. Also etwa von Hulu Extrageld dafür zu verlangen, daß Telekom-Kunden für Hulu erreichbar werden.\nUnd gegenüber dem Kunden den Dienstanbieter als Geisel zu verwenden und zu sagen: Diesen speziellen Dienst, den wir gar nicht betreiben, kannst Du bei uns nur dann nutzen/mit vernünftiger Qualität nutzen, wenn Du uns und nicht nur den Dienstbetreiber extra dafür bezahlst. Also etwa so wie in der Grafik dargestelllt .\nOder gar den Dienst von Fremdanbietern ganz zu sperren oder so zu benachteiligen, daß dem Kunden nichts anderes übrig bleibt, als den Dienst des Netzbetreibers zu verwenden. Also etwa Skype und VoIP zu blockieren, damit Calls über GSM gemacht werden müssen.\nUnd in diesem Licht ist die Sache zwischen Google und Verizon dann auch zu sehen:\nEs gibt insbesondere bei Mobilnetzen öfter mal technisch begründbare Situationen, in denen man Dienste unterscheiden muß, um dann entscheiden zu können, welche Pakete man bei Engpässen noch befördert und welche man verwirft. Bei Festnetzen eher nicht. Die Verizon Techniker müssen sich also die Option offen halten, auf dem Mobilnetz Verbindungen zu managen.\nInsofern ist sind die Gespräche zwischen Verizon und Google ein Erfolg, als daß die eine Policy festschreiben, bei der der Netzbetreiber zusagt, auf dem Festnetz seine Finger aus den Daten heraus zu halten. Das ist gut. Die Frage bleibt: Wer wird die Richtlinien auf den Mobilnetzen definieren, und wie viel Kontrolle bleibt dem Benutzer dort - und dieser Punkt wird aus den Berichten auch nach den Dementis nicht klar.\nEin anderer Punkt ist, daß wie oben gezeigt, technisch eine Regelung nur dann zwingend notwendig ist, wenn und so lange eine Überlastsituation besteht. Daraus folgt: Hat man Netzneutralität in dem Sinne, daß die Verantwortung für die Verwaltung der Knappheit beim Kunden liegt, dann hat der Diensterbringer ein Interesse daran, die Knappheit zu beenden, dem Kunden also eine angemessene Bandbreite zu verkaufen. Ohne Netzwerkneutralität überwiegt beim Netzbetreiber das betriebswirtschaftliche Interesse an der Aufrechterhaltung der Bandbreiten-Knappheit, da er auf diese Weise das Produkt in normal (= kaputt, unbenutzbar) und Premium (= funktioniert) ausdifferenzieren kann und solange mehr kassieren kann, wie er das Problem nicht behebt.\nAußerdem ist das ganze Mal wieder ein lupenreines Beispiel dafür, wie unglaublich ungeschickt Google als Firma so kommuniziert. Denn es wäre echt einfach, die technischen Hintergründe und Notwendigkeiten mal aufzumalen, mit ein paar schicken Fotos zu versehen und die eigenen Absichten und Ziele dann allgemein verständlich und unverquast zu formulieren. Nur mal so nebenbei bemerkt.\n","date":"2010-08-06T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/06/netzwerk-berlast-vs-netzwerkneutralit-t.html","tags":["google","internet","netzneutralität","politik","lang_de"],"title":"Netzwerk-Überlast vs. Netzwerkneutralität"},{"categories":null,"content":"Dies ist Teil 1, Teil 2 gibt es auch noch.\nDie Diskussion über Netzneutralität erreicht nun endlich auch Deutschland, auch wenn Deutschland als Internetstandort für ein Industrieland bemerkenswert schwach bewertet wird. Auslöser sind dabei nicht die Bemerkungen der Telekom zum Thema, sondern die Arbeiten von Google und dem Provider Verizon an etwas, das einmal Netzwerkneutralität definieren soll (aber in den ersten Berichten dazu für einen Deal zwischen Verizon und Google gehalten worden ist, der Google gegenüber anderen Anbietern bevorzugt hätte).\nGeeinigt hat man sich dabei darauf, für das Festnetz Netzwerkneutralität zu garantieren (\u0026ldquo;Google and Verizon’s agreement would prevent Verizon from offering paid prioritization to the biggest bidders of capacity on its DSL and fiber networks\u0026rdquo;), aber auf dem Mobilfunknetzwerk werde man eingreifen (\u0026ldquo;But any promises over open-Internet access wouldn’t apply to mobile phones\u0026rdquo;). Eingriffe sollen dabei nicht auf Benutzerbasis, sondern auf der Basis von Traffic-Klassen geschehen, was immer das in diesem Fall im Detail bedeutet.\nEs ist auf jeden Fall ein schwerer Rückschlag für Netzneutralität, da der Ansatz die Regulierung von Knappheit gegenüber der Schaffung von Überfluß bevorzugt.\nWorum geht es? Netwerkneutralität im Allgemeinen dreht sich um das zentrale Konstruktionsprinzip des Internet, daß Netzwerk selbst \u0026lsquo;dumm\u0026rsquo; zu halten und die \u0026lsquo;Intelligenz\u0026rsquo; in den Endpunkten des Netzes zu installieren.\nGenauer gesagt: Das Netz selbst soll nur eine Sache machen, und die dafür richtig - nämlich Datenpakete von A nach B routen. Daten sind Schüttgut und das Netz analysiert die Daten nicht, um sie zu unterscheiden und dann unterschiedlich zu behandeln. Das Netz bringt auch keine Dienste außer der Beförderungsdienstleistung für die Daten, sondern Dienste sind in Endknoten installiert.\nDas ist eine Informatiker-Idee und die Antithese zum Intelligenten Netz -Ansatz der Fernmeldetechniker-Denkschule, bei der das Netz Dienste und Güteklassen implementiert.\nBetriebswirtschaftler mögen die Idee des dummen Netzes nicht so, denn sie erlaubt es ihnen nicht, \u0026lsquo;Dienste differenziert zu bepreisen \u0026rsquo; (Und das ist eine Goldgrube ). Damit einher geht meist der Wunsch, kostengünstigere Alternativen zu blockieren .\nEin Argument gegen Netzwerkneutralität, das von Mobilnetzbetreibern oft gebracht wird, ist das Datenvolumen.\nVolumen: 5GB sind 5GB, egal was man rein tut Das ist die absolute Menge an Daten, die in einem Abrechnungszeitraum (pro Monat, pro Tag) transferiert wird. Heutige mobile Datenverträge heißen zwar oft \u0026ldquo;Flatrate\u0026rdquo;, sind aber keine, sondern sind tatsächlich Volumenpakete, da sie genau dieses Volumen begrenzen (200 MB, 1GB oder 5GB pro Monat sind häufige Stückelungen). Da Verbraucher jedoch ihren tatsächlichen Verbrauch pro Monat nicht kennen und nicht beurteilen können, verkauft man ihnen \u0026ldquo;Flat S, M, L und XL\u0026rdquo;. Wären es wirklich Flatrates, also all-you-can-eat Angebote, wäre eine S/M/L/XL-Differenzierung sinnlos.\n\u0026ldquo;Flat\u0026rdquo; sind diese Verträge bestenfalls in dem Sinne, daß viele von ihnen bei Erreichen des Volumenlimits nicht ganz abriegeln, sondern noch einen Tröpfelbetrieb mit sehr stark limitierter Bandbreite erlauben. Das reicht meist immerhin noch für Chat.\nWeitere Einschränkungen von Flatrates ergeben sich meist in der Art, daß Diensteinschränkungen existieren, und zwar wird besonders gerne der Betrieb von VoIP-Anwendungen und insbesondere Skype verboten.\nAls Begründung wird dabei oft die Datenmenge vorgeschoben, aber das ist natürlich zweifach Unsinn:\nSolange ich mich in dem mit dem Vertrag gekauften Datenvolumen bewege dürfte es in einem dummen Netz den Netzbetreiber nicht interessieren, welcher Art die Daten sind, die das Volumen machen. Und zweitens überträgt Skype Voice-Daten, genau wie ein Mobilfunknetz, und insbesondere Skype für Mobiltelefone verwendet dabei einen Codec, der den Codecs von GSM-Mobilfunknetzen ebenbürtig oder besser ist. Skype macht also eher weniger Verkehr im Netz als ein normales Telefongespräch gleicher Länge.\nTethering: 5 GB sind 5 GB, egal wer den Traffic macht Die andere Beschränkung bei Volumenverträgen bezieht sich auf das Endgerät, das vorgeschrieben werden soll: So darf eine Flat-Volumentarif oft mit einem Mobiltelefon verwendet werden, mit einem hinter dem Mobiltelefon angeschlossenen Computer (\u0026ldquo;Tethering\u0026rdquo;, \u0026ldquo;Anketten\u0026rdquo; eines Computers an das Telefon) aber nicht, als ob 5 GB von einem Laptop mehr Last erzeugen würden als 5 GB von einem Mobiltelefon.\nDie Annahme ist eine andere:\nDer Netzbetreiber spekuliert, daß ein Anwender mit einem Mobiltelefon sein Kontingent eher nicht ausschöpft, während das bei einem Benutzer an einem Laptop wahrscheinlicher ist, da das Mobiltelefon langsamer ist, einen kleineren Bildschirm und eine schlechtere Eingabemöglichkeit hat. Spätestens seit Arm A4 1GHz Prozessoren und iPads mit 64GB Speicher, Bluetooth Tastatur und 1024x768 ist diese Annahme aber hinfällig - die meisten Netbooks und viele ältere Laptops sind schlechter ausgestattet.\nBandbreite und Volumen Die zweite Vokabel, um die es geht, ist Datenübertragungsrate in Bit pro Sekunde (umgangssprachlich Bandbreite). Das Volumen, das man mit einer Flat erworben hat, wird ja nicht über den Abrechnungszeitraum gleichmäßig abgerufen, sondern die durch den Teilnehmer generierte Auslastung variiert mit seiner Netznutzung (dem Bandbreiten-Bedarf) und dem Netzausbau an seinem Standort (der Bandbreiten-Verfügbarkeit) und den Anforderungen anderer Netzteilnehmer in seinem Netzabschnitt (der Konkurrenz um die Bandbreite).\nUm ein Gefühl für Bandbreiten zu bekommen:\nVerfügbarkeit: Ein GSM-Channel stellt dabei eine Bandbreite von ca. 14 kBit/s zur Verfügung, von denen bei Datenverkehr etwa 9.6 kBit/s verwendet werden können, EDGE dann zwischen 56 kBit/s und 220 kBit/s. 3G (UMTS) ist liefert bis zu 384 kBits im Download, als HSDPA dann bis zu 14400 kBit/s (viele Telefone erlauben nur bis zu 7200 kBit/s). ISDN erzeugt 64 kBit/s, DSL dann zwischen 1000 und 16000 kBit/s.\nVerbrauch: Ein VoIP- oder Skype-Telefonat mit einem Mobilfunk-Codec verbraucht zwischen 6 und 40 kBit/s. Ein MP3 abzuspielen verbraucht zwischen 128 und 256 kBit/s. Ein Skype-Videotelefonat verbraucht zwischen 240 und 400 kBit/s.\nNicht zeitkritische Dienste können ihre Nutzung nach belieben verteilen: Ein Download wird langsamer oder schneller, je nachdem, welche Bandbreite im Netz verfügbar ist, aber ihm ist es im wesentlichen egal, ob es mal langsamer wird, da ein Download nicht zerbröselt wie ein Video- oder Audiocall.\nAsynchron, Synchron, Isochron und warum das alles? Das bringt uns zu den nächsten Begriffen, nämlich Asynchronizität (oder Hintergrundtransfer) und Synchronizität bzw. Isochronizität (oder interaktiver Nutzung) und QoS (Quality Of Service). Einem asynchronen Netznutzer ist es im Wesentlichen egal, welche Bandbreite ihm zur Verfügung steht, solange er nur sein Volumen irgendwie durch bekommt.\nEinem synchronen Netznutzer ist das nicht egal - er möchte gerne eine gewisse Bandbreiten-Zusicherung haben, also eine Mindest-Datenrate in kBit/s - eine Video- oder Audio-Anwendung zum Beispiel würde sonst lästig stocken und hakeln.\nWenn er außerdem ein billiges Endgerät ohne Puffer ist oder sehr interaktiv operiert (also etwa eine interaktive Spielanwendung ist), dann will er wahrscheinlich Isochronizität, also eine garantierte Mindest-Datenrate und außerdem einen gleichmäßigen Abstand zwischen den eintreffenden Datenpaketen - also keinen Jitter. Und bei den Spielern auch sehr gerne eine definierte, minimale Laufzeit der Pakete von A nach B und zurück, einen \u0026lsquo;guten Ping\u0026rsquo;, denn es bringt ja nix, wenn man an seinem Rechner den Abzug an einem virtuellen Gewehr drückt und es dann auf dem Server erst Stunden später knallt.\nQoS und Deep Packet Inspection TCP/IP kennt für diesen Zweck tatsächlich eine Dienstedifferenzierung in den Paketen des IP-Headers, die Quality Of Service Bits, und viele Router werten diese heutzutage tatsächlich aus. Darum geht es den Netzbetreibern aber eher nicht, denn das wäre ja eine QoS, die durch den Anwender kontrollierbar wäre. Die Netzbetreiber wollen stattdessen in die Pakete in Echtzeit hineingucken, den Inhalt und verwendeten Dienst analysieren und dann ohne Einwirkung oder Kontrolle des Nutzers klassifizieren, wie sie es für richtig halten.\nWenn man so etwas macht, also in die Paketdaten selbst hineinsieht und den Datenstrom analysiert, dann macht man Deep Packet Inspection (DPI). Das ist eigentlich eine Technik aus dem Firewall-Bereich, die dann später auch für QoS-Anwendungen abgewandelt worden ist. Noch einen Schritt weiter geht Phorm , ursprünglich ein Firmenname, der aber inzwischen mit dem Produkt synonym geworden ist. Dabei verwendet man DPI, um die Inhalte des Datenverkehrs zu analysieren, Werbebanner zu selektieren und dann manipuliert man die von einem Server heruntergeladenen Daten so, daß man seine Werbebanner dort in den Datenstrom hinein fälscht ( Phorm Schaubild (SVG)). Überraschenderweise ist das in vielen Ländern so nicht legal.\nNetzneutralität kann durch QoS horizontal (quer zu allen Benutzern) aufgebrochen werden. Verlangt man die Authentisierung von Benutzern (durch Login, durch den elektronischen Personalausweis oder mit anderen Mitteln) und bindet man außerdem die Benutzeridentität an die Pakete, dann kann man Dienste außerdem vertikal (entlang Benutzeridentitäten) aufbrechen. Etwa kann man Jugendschutz implementieren, indem man in jedem Datenpaket (fälschungssicher) das Altersmerkmal des Benutzers mit transportiert. Oder man baut dort die völkerrechtliche und gegenwärtige Jurisdiktion (\u0026lsquo;Der Benutzer ist ein Deutscher in Dubai\u0026rsquo;) ein, und beschränkt so die Verfügbarkeit von Video- und Audiomaterial analog zu Regioncodes. Oder man generiert gleich ein pseudonymes, verkettbares Benutzermerkmal (\u0026lsquo;Benutzer fe3d-ccdd-3321-37fe, zum 412. Mal hier\u0026rsquo;) und sammelt die anderen Informationen dann entlang des Weges ein (\u0026lsquo;Vermutlich männlich, Umsatz bisher, an Glücksspielen interessiert, besonders Poker, Anzeigen mit Fetischeinschlag haben eine 1.4 mal bessere Conversion als solche mit normalen Frauen, \u0026hellip;\u0026rsquo;).\nDer Punkt ist, daß insbesondere vertikale, personenbezogene Aspekte der Netzneutralität auch Fragen des Jugendschutzes, des Urheber- und Lizenzrechtes und des Werbegeschäftes berühren, sowie viele andere Privacy-Probleme nach sich ziehen.\nTechnisch ist es so, daß Informatiker QoS als ein Problem sehen, daß man nur hat, wenn man nicht genug Bandbreite bereitstellt - QoS greift nur, wenn es zu momentanen oder dauerhaften Netzwerkengpässen kommt und man dann bei den Opfern Triage machen muß.\nKapazität im Netz, und die letzte Meile Das sollte, so die Informatiker, nicht auftreten - insbesondere im Festnetz nicht: Wenn man eine Dark Fiber, eine Glasfaser hat, dann kann man da einen Laser dran stecken und die Faser ausleuchten. Das erzeugt dann 10 GBit/s (10 000 Mbit/s, 10 000 000 kBit/s), die man da auf Anhieb durchblasen kann. Wenn das nicht reicht, stellt man einen weiteren Laser mit einer anderen Farbe daneben und verdoppelt die Bandbreite und so weiter - das kann man relativ oft machen, je nach Faser und Leitungslänge. Kosten entstehen dabei kaum - ein solcher Laser ist zwar absolut gesehen teuer, aber im Vergleich zu den Verlegekosten für das Kabel gratis, und daher ist die Aufrüstung der Leitung bei Auslastung auch extrem kostengünstig.\nWenn sich also die Informatiker von Google mit den Nachrichtentechnikern von Verizon unterhalten, dann ist beiden Seiten klar, daß die Betriebswirtschaftler von Verizon zwar gerne Dienste differenzieren möchten, es aber im Festnetz auch bei großer Anstrengung keinen denkbaren Grund dafür geben kann. Darum sichert also Verizon im Festnetz unbedingte Netzwerkneutralität zu.\nMobilnetze als Hebel gegen die Netzneutralität In mobilen Netzen ist es sehr schwer Vorhersagen zu machen, weil die Bedingungen sehr unterschiedlich sind. Sie hängen nicht nur von der Position der Leute und der Basisstationen ab, sondern auch davon, wie viele Leute pro Zelle was machen wollen. Daher kann es - egal wie sehr man die Kapazitäten ausbaut - bei Zusammenballungen von Leuten immer zu Bandbreitenknappheit kommen. Zum Beispiel bricht unweigerlich auf jedem Chaos Communication Congress wie auf den meisten anderen großen Konferenzen das WLAN zusammen - das liegt nicht daran, daß die Leute vom Chaos weniger Ahnung von Netzwerken haben als Ihr mit Eurem WLAN daheim, oder daß die vielen bösen Hacker das Netz immer crashen lassen.\nSondern es liegt einfach daran, daß WLAN bei mehr als x Personen pro Zelle schlicht nicht mehr geht und man sich dann dringend ankabeln will. Oder, als Netzbetreiber, die Zellen kleiner machen und mehr Channels bereitstellen, also mehr APs mit weniger Leistung aufstellen und so die Anzahl der Personen pro AP reduzieren. Aber auch das geht nur bis zu einem gewissen Punkt, danach ist einfach Ende. Auch bei Mobilfunknetzen ist es so, und es ist tatsächlich so, daß etwa die Telekom an der Kieler Spiellinie zur Kieler Woche zusätzliche Container aufstellt, in denen GSM Mikrozellen gefahren werden, um mit der Handies tragenden Besuchermenge am Wasser fertig zu werden - bei x Kilometern mit ca. 3-4 Personen pro Quadratmetern ist das eine gute Idee, schon um Notruf-Fähigkeit für das Netz zu erhalten.\nWeil bei mobilen Netzen immer mal Triage notwendig sein kann, haben die Google-Technikern den Verizon-Technikern hier weniger entgegen zu setzen, und so kommt es, daß sich Verizon in dem Vertrag zwischen den beiden Firmen für mobile Netze diese Hintertür schon aus technischen Gründen offen halten müssen. Jetzt kommt es darauf an, sicherzustellen, daß die Betriebswirtschaftler da nicht noch andere Dinge mit durch diese Lücke schmuggeln, also anfangen Dienste mit DPI horizontal oder vertikal zu differenzieren.\nArtikel zum Thema Verizon/Google: Bloomberg : Google, Verizon Said to Strike Deal on Web Traffic Rules\nHeise Newsticker : Netzneutralität: Vorfahrt für Google-Dienste gegen Bezahlung?\nCnet News : Google\u0026rsquo;s Schmidt on Verizon and Net neutrality\nGoogle stellt klar : 1. Wir bezahlen nichts für eine Vereinbarung mit Verizon. 2. Wir stehen weiter zu unseren Aussagen zu einem offenen Internet.\nOriginaldementi auf Twitter.\nDie letzten beiden Artikel stellen noch einmal ausdrücklich klar, daß Verizon gegenüber Google für das Verizon Nicht-Mobilnetz noch einmal ausdrücklich die Netzwerkneutralität bestätigt - Google zahlt also nichts, und Verizon verpflichtet sich ausdrücklich, niemanden, auch nicht Google, in ihrem Netz zu bevorzugen oder zu behindern. Das ganze soll ein allgemeines Policy-Framework sein, zu dessen Einhaltung sich Netzbetreiber und Dienstanbieter verpflichten sollen:\nVerizon has also moved to dismiss the story. A company statement reads: \u0026ldquo;The NYT article regarding conversations between Google and Verizon is mistaken. It fundamentally misunderstands our purpose. As we said in our earlier FCC filing, our goal is an internet policy framework that ensures openness and accountability, and incorporates specific FCC authority, while maintaining investment and innovation. To suggest this is a business arrangement between our companies is entirely incorrect.\u0026rdquo; \u0026ndash; The Guardian Artikel Weiter in Teil 2 .\n","date":"2010-08-05T00:00:00Z","href":"https://blog.koehntopp.info/2010/08/05/vokabeln-f-r-netzneutralit-t.html","tags":["google","internet","mobiltelefon","netzneutralität","lang_de"],"title":"Vokabeln für Netzneutralität"},{"categories":null,"content":"Netzpolitik verweist auf Golem verweist auf die Frankfurter Rundschau .\nDie deckt auf: DE-Mail ist nicht sicher, weil es nicht durchgehend verschlüsselt, sondern \u0026ldquo;Auf den Servern jedoch werden die Mails aus technischen Gründen kurz entschlüsselt und sofort wieder verschlüsselt\u0026rdquo;.\nDas muß wohl auch so sein, jedenfalls wenn man Antivirus und Antispam implementieren will, insofern scheint die Lösung erst mal grob legitim zu sein, auch wenns komisch klingt.\nKomisch klingen tut es aber noch aus einem anderen Grund:\nDie Vertraulichkeit ist im Kontext DE-Mail nicht primär relevant, denn DE-Mail war nie designed um sicher im Sinne von vertraulich zu sein. Es geht stattdessen um die Schaffung von Rechtssicherheit und das ist im wesentlichen keine technische, sondern eine juristische Konstruktion, bei der die technischen Maßnahmen nur qualifizierende Begleiterscheinungen sind, die die juristische Fiktion von DE-Mail stützen sollen. Daher laufen Verweise auf PGP und ähnliches auch am Thema vorbei.\nDas entscheidende Merkmal ist nicht die technische Konstruktion von DE-Mail, sondern das DE-Mail Gesetz (PDF, Entwurf), das festlegt, daß auf Grund der besonderen technischen Konstruktion von DE-Mail besondere juristische Regeln wirksam werden. Diese stellen eine DE-Mail dann je nach Versandart einem Brief oder einem eingeschriebenen Brief oder einem eingeschriebenen Brief mit Empfängeridentifikation und Rückschein gleich.\nDas passiert aber nicht wegen der tollen Technik, sondern auf der rechtlichen Grundlage des noch zu schreibenden DE-Mail Gesetzes - für einen Techniker ist das juristischer Schamanismus, weil die technischen Garantien des Verfahrens aus der technischen Sicht eben genau das nicht leisten, was das Gesetz dann anordnet.\nFür den Kunden/Endnutzer sind auch andere, juristische und nur am Rande technische Überlegungen wichtig, aus denen man DE-Mail wahrscheinlich eher nicht nutzen will.\nBeweislastumkehr: Das DE-Mail Gesetz baut sich einen Anscheinsbeweis ein, d.h. der Richter muß bis zum Beweis des Gegenteiles per Gesetz annehmen, daß DE-Mail sicher ist und zuverlässig zustellt. Es obliegt dem Kläger, Fehler in DE-Mail nachzuweisen, die Vertraulichkeit oder Zuverlässigkeit des Systems betreffen, wenn er Recht bekommen will.\nTimeout: Es obliegt dem Inhaber eines DE-Mail Postfaches, dieses auch regelmäßig zu leeren. Eine Sendung an ein Postfach gilt auch bei Nichtabholung nach 3 Tagen als zugestellt. (Golem : \u0026ldquo;Loggt sich ein Nutzer nicht ein, soll ein Schreiben dennoch am dritten Tag nach der Absendung als zugestellt gelten, ähnlich wie bei der Zustellung per Briefpost.\u0026rdquo;)\nBedarfsträger: Alle DE-Mail Implementierungen sind Webmailer. Die Mail liegt physikalisch außerhalb des Herrschaftsbereiches des Postfachinhabers. Jeder Bedarfsträger und sein Hund können Zugriff auf das angeblich ach so sicher verschlüssselte Postfach bekommen, zum Teil auch ohne Richtervorbehalt.\nEs gibt sicher noch mehr gute Gründe gegen DE-Mail, aber mir persönlich reichen schon diese 3.\n","date":"2010-07-22T00:00:00Z","href":"https://blog.koehntopp.info/2010/07/22/de-mail-wieso-sicherheit.html","tags":["demail","internet","politik","security","lang_de"],"title":"DE-Mail - Wieso Sicherheit?"},{"categories":null,"content":"Merkel so :\nHeute wird es durch die Vielzahl der Informationskanäle, und besonders durch das Internet, immer schwieriger, ein Gesamtmeinungsbild zu erkennen.\n…\nMit dieser Veränderung muss die Demokratie in Deutschland und in den anderen westlichen Ländern umgehen lernen.\nUnd redet auch sonst von \u0026lsquo;reagieren\u0026rsquo;. Denn das agieren, die Konzepte und das Gestaltungsprimat der Politik, das sind in Deutschland systematisch schon lange keine Themen mehr - dazu hat man sich ja auch mutwillig viel zu sehr in die Ecke gemalt.\nAbgeordnetenwatch so :\nMerkel: Politiker müssen Umgang mit Internet erst noch lernen (OpenReport ).Das stimmt: Merkels Statistik auf Abgeordnetenwatch: 96 Fragen, 0 Antworten .\nKarpfenpeter verliert ein Zyn .\n","date":"2010-07-21T00:00:00Z","href":"https://blog.koehntopp.info/2010/07/21/das-internet-macht-die-politik-schwerer-menno.html","tags":["internet","politik","lang_de"],"title":"Das Internet macht die Politik schwerer... Menno."},{"categories":null,"content":"Doom II - laut Wikipedia eingestuft als 18+/Indexed bei der USK . Auf dem PC. Genau wie Doom III .\nDasselbe Doom II in feinem 1024x768 auf dem iPad im iTunes Store.\nUnd hier warum das alles so ist . Logik hat das keine mit dem JMStV - nicht im alten und auch nicht im neuen.\n","date":"2010-07-21T00:00:00Z","href":"https://blog.koehntopp.info/2010/07/21/jugendmediendoom.html","tags":["jugendschutz","media","politik","lang_de"],"title":"Jugendmediendoom"},{"categories":null,"content":"Vor drei Jahren schrieb ich etwas zu Echten Helden und daß das Wunder unserer Zeit darin liegt, daß es leichter denn je ist, ein Held zu werden, indem man einfach etwas tut und dadurch die Welt fundamental verändert.\nWarum wollen Leute Echte Helden sein? Dazu gibt es ein wunderbares Video von RSAnimate , das erklärt, wieso Geld als Motivator nicht funktioniert außer für die primitivsten und langweiligsten Tätigkeiten und was Leute wirklich motiviert: Self Direction, Mastery und Purpose. Also die Freiheit, das eigene Umfeld selbst bestimmen und kontrollieren zu können, und der Wunsch, etwas sinnvolles und wichtiges zu tun und darin und den dazu notwendigen Fertigkeiten besser zu werden. Dahinter stehend also genau der Wunsch, die Welt in einen besseren Ort zu verwandeln.\nAnders gesagt: Glück und Heldentum gehen zusammen, wir sind geschaffen, Echte Helden zu sein - es ist in uns eingebaut und es ist das, was wir alle tun wollen, sobald die direkten Existenzsorgen vom Tisch sind.\n(Youtube DirektHeldentum via Immateriblog )\n","date":"2010-07-21T00:00:00Z","href":"https://blog.koehntopp.info/2010/07/21/wieso-wir-helden-sein-wollen.html","tags":["damals","free software","kiel","politik","lang_de"],"title":"Wieso wir Helden sein wollen"},{"categories":null,"content":"Dirk von Gehlen schreibt in Journalistisches Freibier über den Kampfbegriff der \u0026lsquo;Kostenloskultur\u0026rsquo; im Internet und daß es diese so nicht gebe. Er sagt\nEs ist dringend notwendig, neue Erlösmodelle für verlegerische Angebote im Netz zu entwickeln. Vermutlich wird das aber so lange nicht gelingen, wie dieses Missverständnis der Umsonst-Kultur im Raum steht\u0026hellip;.Mir ist niemand bekannt, der an diese Umsonst-Kultur glauben würde. Die gibt es nämlich nicht. Es ist vielmehr eine Kultur, die auf anderen Finanzierungsmodellen beruht als die klassische Bezahlkultur\u0026hellip;.Ähnlich wie die falsche Rede vom Diebstahl zeigt die vermeintliche Kostenlos-Kultur, dass es an den sprachlichen Mitteln fehlt, die Veränderungen der Digitalisierung zu fassen (\u0026hellip;). Vielleicht ist es tatsächlich so, dass wir die Revolution, die das Internet angestoßen hat, erst dann produktiv nutzen können, wenn wir Begriffe gefunden haben für das, was sich gerade verändert.\nMarcel Weiss schlägt in Sprachfehler: ‘Diebstahl geistigen Eigentums’ und ‘Kostenloskultur’ noch einmal in dieselbe Kerbe:\nBesonders für Presseverlage ergibt die Rede von der Umsonstkultur keinen Sinn:Zum einen sind Presse-Erzeugnisse seit 180 Jahren mehrheitlich werbefinanziert und werden damit auch mehrheitlich unter Kosten an die Leser verteilt. Zum anderen setzen die Presseverlage zumindest in Deutschland online seit Jahren verstärkt auf Bezahlschranken.Wenn die Presseverlage in Deutschland keinen finanziellen Fuß auf den Internetboden bekommen, dann ist demnach nicht die ‘Umsonstkultur’ des Internets schuld, sondern, wenn schon, dann die ‘Bezahlkultur’ der Presseverlage.\nUnterdessen finden sich anderswo interessante Beispiele, die das \u0026ldquo;Problem\u0026rdquo; weiter beleuchten. Bei Techdirt etwa:\nCan One Guy Educate The World Via YouTube? ist ein Bericht über The Khan Academy von Sal Khan.\nAbout a year ago, Sal sent me an email mentioning a project he was working on called the Khan Academy, in which he videotapes himself teaching various educational lessons on anything from math to chemistry to history to finance and beyond. He even has a whole special section on the credit crisis, with an analysis of both former Treasury Secretary Paulson\u0026rsquo;s plan, as well as current Treasury Secretary Geithner\u0026rsquo;s plan.\nSein Youtube-Channel bekommt nun über 100.000 Zuschauer pro Tag.\nDas ist das, was das Internet verändert: Die Anbieter von Produkten für Geld treten nun nicht nur gegen Freibierverteiler an, die Sachen um der Werbewirkung willen begrenzt umsonst weggeben, sondern sie treten auch gegen Ethusiasten an, die aus Spaß an der Freude im echten Geiste des Amateurs Dinge mit unbegrenzt viel Aufwand produzieren. Und dann unbegrenzt und in beliebiger Menge verfügbar machen können, weil die Reproduktionskosten von virtuellen Gütern für alle praktischen Zwecke Null sind.\nDieses Stück Markt existiert dann faktisch nicht mehr, weil eine Produktion für Geld statt aus Liebe in finanzieller und qualitativer Hinsicht kaum konkurrieren kann.\nDas ist es, was sich durch das Internet ändert und darauf müssen die Marktakteure reagieren lernen: Wenn sich ein Produkt nicht verbraucht und nicht verknappt, dann kann es nur durch Qualität verdrängt werden. Das aber bedeutet, auf der Arbeit von anderen aufbauen und verbessern, statt auf der Grünen Wiese etwas eigenes von Null zu starten - es bedeutet, daß das Überleben in Kooperation und Weiterentwicklung statt in Konkurrenz und Verdrängung liegt. Und das wiederum bedeutet erst einmal, als Firma sinnvoll kommunizieren zu lernen.\nKein Wunder, daß sich damit so viele Firmen schwer tun.\n","date":"2010-06-30T00:00:00Z","href":"https://blog.koehntopp.info/2010/06/30/kostenloskultur.html","tags":["internet","media","lang_de"],"title":"Kostenloskultur"},{"categories":null,"content":"Unser Innenminister hat Angst. Vor dem Internet. Für ihn ist das eine nichtstaatliche Öffentlichkeit, die sich ohne Staat organisiert und ohne Staat funktioniert. Und ganz besonders ohne den deutschen Staat.\nDarum hat er sich in einer Grundsatzrede zum Thema Internet geäußert und 14 Thesen formuliert, die am Ende auf mehr Regulierung, mehr Eingriffe, mehr Haftung, weniger Anonymität und weniger Freiheit hinauslaufen.\nDer Providerverband eco hat das schon erkannt, und wir sollten uns auch Sorgen machen.\n","date":"2010-06-22T00:00:00Z","href":"https://blog.koehntopp.info/2010/06/22/eine-nichtstaatliche-ffentlichkeit-die-sich-ohne-staat-organisiert.html","tags":["internet","politik","lang_de"],"title":"Eine nichtstaatliche Öffentlichkeit, die sich ohne Staat organisiert"},{"categories":null,"content":"Nicht nur wird PHP im Juni 15 Jahre alt, sondern ein anderer, älterer Begleiter von PHP feiert ebenfalls ein Jubiläum:\nIm Juni 1970 erschien in den Communications of the ACM der Artikel \u0026ldquo;A Relational Model of Data for Large Shared Data Banks \u0026rdquo; von E.F.Codd. Dieser Artikel ist die theoretische Grundlage für das, was später SQL und relationale Datenbanken werden sollte.\nSeitdem MySQL und PHP vor 15 Jahren ausgezogen sind, das Web zu revolutionieren, ist SQL eine Haushaltssprache geworden - es ist inzwischen echt schwierig, Webspace zu kaufen, bei dem man nicht auch Zugriff auf eine MySQL-Datenbank hat, und entsprechend gehen HTML-, PHP- und SQL-Kenntnisse inzwischen einher.\nAndererseits gibt es Dinge, bei denen SQL an seine Grenzen stößt. Seit einigen Jahren gibt es unter dem Begriff NoSQL eine Sammlung von Werkzeugen, die mit persistentem Storage anders umgehen als Codd sich das gedacht hat. Dabei geht es im Kern um Systeme, die BASE statt ACID im Sinne von Codd sind, aber viele Entwickler sind gerade dabei, Systeme zu bauen, die auch die guten Errungenschaften von SQL mit über Bord werfen.\nOhne eine besseren theoretischen Unterbau wird NoSQL kaum zu standardisieren und weiter zu entwickeln sein.\nEines der ältesten strukturellen Probleme von SQL und relationaler Algebra ist die Schwierigkeit mit hierarchischen bzw. selftreferentiellen Daten umzugehen. Neben Zeiger- und Pfadbäumen gibt es noch das Nested Set -Modell, aber alle drei Ansätze sind recht unhandlich und wenig elegant in der Nutzung.\nVerwandt damit ist das Problem, objektorientierte Vererbungsstrukturen auf SQL-Speicher abzubilden. Ein - im übrigen brillianter und dringend lesenswerter - Artikel beschriebt Objekt-Relationales Mapping (ORM) als das Vietnam der Informatik . Das trifft den Sachverhalt recht gut. Die Antwort von NoSQL auf dieses Problem sind schema-freie Datenbanken, aber das ist ungefähr zu gleichen Teilen Lösung wie Problem und sicherlich nicht unbedingt ein Fortschritt.\nWebanwendungen haben außerdem ungewöhnliche Anforderungen an Datenbanken und andere Systeme: Die sind sehr read-heavy und dabei ist die absolute Anzahl der Lesezugriffe bei populären Webanwendungen in der Regel so groß, daß es keine einzelne Maschine gibt - geben kann! - die in der Lage ist, die Last zu stemmen. Man braucht mehr als eine Kiste, unter Umständen gar tausende von Maschinen. Daher blickt man zwangsläufig auf verteilte, asynchrone Systeme und damit das oben erwähnte BASE, und man braucht um seine Algorithmen verteilen zu können, eine Form von Map-Reduce .\nIn Webanwendungen ist es außerdem wegen des starken Übergewichtes von Lesezugriffen sinnvoll, seine Daten um diese Lesezugriffe herum zu strukturieren und sie nicht auf die für Schreibzugriffe optimierte 3NF zu bringen. Datenspeicher von Webanwendungen sind also in der Regel schwer denormalisiert.\nAus diesen Anforderungen rührt also die Grundsätze von NoSQL:\nDenormalization Verteilte Systeme mit Eventual Consistency (BASE) Schema-Freiheit Horizontale Skalierbarkeit mit Map-Reduce Die meisten NoSQL-Systeme versuchen, diese Grundsätze technisch umzusetzen, vergessen dabei aber die Grundsätze von Codd - und bauen so Systeme, die auf eine andere Weise nicht weniger schlecht sind als SQL-Datenbanken.\nSQL leistet nämlich dank der Arbeit von Codd eine ganze Reihe von wertvollen Diensten, die jedoch von NoSQL-Systemen nicht oder nur unzureichend umgesetzt werden.\nNoSQL-Systeme sind nicht deklarativ.\nEinmal kapselt SQL als deklarative Sprache den Datenzugriff vom prozeduralen Code ab: In SQL sagt man nicht, wie die Daten geholt werden sollen, sondern welche Daten man haben möchte. Es ist die Aufgabe der Datenbank, einen Plan zu erarbeiten, mit dessen Hilfe der Datenzugriff effizient erfolgt. Der SQL-Programmierer sagt also nicht: Öffne diesen Index, suche den Record x, und dann steppe von dort aus durch den Index - für jeden gefundenen Record mache damit einen Lookup in y und verbinde die beiden Strukturen, dann filtere mit der Bedingung b. Sondern ein SQL-Programmierer sagt: Ich möchte Daten, die die folgenden Bedingungen erfüllen, sieh zu wie Du sie bekommst. Dadurch wird das Programm, in das der SQL-Code eingebettet wird, in großem Maß von dem Datenspeicher unabhängig und es wird sehr leicht, Datenspeicher und Programm teilweise voneinander unabhängig zu entwickeln und den Datenspeicher mit verschiedenen Programmen gemeinsam zu nutzen.\nSQL ist dabei eine recht reiche Sprache: Da SQL eine Algebra auf diskreten Relationen (= Tabellen) ist, operieren alle SQL-Befehle auf Tabellen und haben wieder Tabellen als Ergebnis. Durch die verschiedenen Arten von Subqueries kann man damit SQL-Befehle miteinander verketten und so mit den Ergebnissen von SQL-Befehlen weiter rechnen. Die meisten anderen Abfragesprachen (LDAP, XPath, und viele NoSQL-Abfrage\u0026quot;sprachen\u0026quot;) sind keine Algebren und erlauben keine derartige Verknüpfung von Abfragen. Das zwingt den Entwickler, Anfragen in Schleifen in Code zu gießen und dann entweder im Client auszuführen (hohe Latenz) oder generierten Code an die Datenbank zur Ausführung zu senden. Dadurch findet man nun wieder eine sehr viel engere Kopplung von Code und Datenspeicher - ändern sich Zugriffschemata, Tabellendefinitionen oder andere Dinge, muß Code angepaßt und die Anwendung neu übersetzt werden, Queries werden als Code mit Schleifen und Filterbedingungen geschrieben. Die Form des Codes ist dabei abhängig davon, welche Zugriffshilfen in Form von Indices im Datenspeicher existieren - eine SQL-Query ist in der Form (nicht jedoch in der Performance) unabhängig von den existierenden möglichen Zugriffspfaden.\nZum Teil geht das so weit, daß man zu den Fehlern und Problemen hierarchischer Datenspeicher zurückfällt: Sind Daten als Graph oder Baum gespeichert, dann definieren die Kanten im Graphen die festen möglichen Zugriffspfade und Abfragen. Speichert man etwa in einer Personaldatenbank Personen und das ihnen zugeordnete Inventar, dann kann man Inventar pro Person leicht finden, aber es ist sehr viel teurer, alle Personen zu finden, die eine bestimmte Sorte Werkzeug/Inventar verwenden.\nWenn mehrere Anwendungen einen Datenspeicher gemeinsam nutzen entsteht das Problem, daß man Datenintegrität und Zugriffsregeln aus der konkreten Anwendung in eine von allen Anwendungen gemeinsam genutzte Filterschicht abstrahieren möchte. In tradionellem SQL sind das Datentypen, Views, Integrity-Constraints, Rules und Trigger, die Integritätsbedingungen werden also Teil des Datenmodells. Im Ansatz meines Arbeitgebers existiert eine Bibliotheksschicht, die Datenbankzugriffe abfängt und filtert - die Integritätsbedingungen sind also Teil der Systembibliotheken. In den meisten NoSQL-Systemen befaßt man sich mit dem Problem nicht und überläßt es dem Anwender, damit klar zu kommen.\nGesucht ist ein \u0026lsquo;NoSQL\u0026rsquo;-System (also eines, das die o.a. genannten vier Eigenschaften hat), das die Vorteile von SQL nicht aufgibt.\n","date":"2010-06-08T00:00:00Z","href":"https://blog.koehntopp.info/2010/06/08/die-relationale-datenbank-wird-40.html","tags":["database","mysql","nosql","sql","lang_de"],"title":"Die relationale Datenbank wird 40."},{"categories":null,"content":"Morgen ist der 8. Juni 2010, und damit wird PHP 15 Jahre alt .\nDie aktuelle Version von PHP ist 5.3.\nSeit dem letzten großen Jubiläum vor 5 Jahren hat sich PHP weiterentwickelt:\nPHP 5.1 vom 24. November 2005 war in erster Linie ein Performance-Release, PHP 5.2 folgte kaum ein Jahr später, am 2. November 2006, und brachte weitere Performanceverbesserungen, die immer noch viel zu wenig verwendete ext/filter und den FAQ-Klassiker \u0026lsquo;upload progress tracking\u0026rsquo;. Bis zu PHP 5.3 sollte es noch weitere 3 Jahre dauern: Am 30. Juni 2009, kurz nach dem 14. Geburtstag von PHP, erschien dieses Release, mit vielen lange ersehnten und vielen lange umstrittenen neuen Eigenschaften - hätte der Unicode-Support nicht gefehlt, hätte es PHP 6.x heißen können.\nNeu in 5.3 sind:\nNamespaces zum Beispiel, die eigentlich alle haben wollten, bei denen aber kaum jemand mit der Wahl des Namespace-Separators, dem Backslash, einverstanden war. Late Static Binding , das viele OOP-Schmerzen linderte, anonyme Funktionen (Lambda-Funktionen und Closures), NOW Dokumente (eine Erweiterung von Here-Dokumenten), der verkürzte Ternary \u0026ldquo;expr1?:expr3\u0026rdquo;, ein goto (komplett mit Velociraptor!), und das lange fehlende __callStatic . Dazu dann noch Garbage Collection als Ergänzung zum Refcounting, der mysqlnd MySQL Native Driver (der ZVAL zur Repräsentation von MySQL-Resultsets verwendet), Windows 64 Bit-Support, und natürlich wie jedes PHP Release bisher: noch mehr Module.\nDenn trotz all der OOP-Dekoration und den vielen anderen Verbesserungen ist PHP immer noch eines: Die Borg. Es ist eine Plattform, mit der sich externe C-Bibliotheken sehr leicht als Bibliotheken in einer dynamischen Sprache verfügbar machen lassen. PHP ist daher eine Basis für Glue-Code, Rapid Prototyping und schnelle und flexible Anwendungserstellung.\nWobei jetzt seit dem 2. Februar diesen Jahres auch der umgekehrte Weg offen steht: Facebooks HipHop macht aus PHP-Skripten C- bzw. C++-Source, der sich dann compilieren und als statisches Binary verwenden läßt.\nUnd so kommt es, daß die beliebteste Anfänger-Programmiersprache der Welt zugleich diejenige Plattform ist, auf denen die größten Websites der Welt laufen.\nNebenbei bemerkt: Falls Ihr immer noch PHP 4 einsetzt - heute wäre ein guter Tag, ein PHP 5.3 zu installieren und den Kram da hin zu migrieren. PHP 5 erschien am 13. Juli 2004. Das ist beinahe 6 Jahre her.\n","date":"2010-06-07T00:00:00Z","href":"https://blog.koehntopp.info/2010/06/07/15-jahre-php.html","tags":["php","lang_de"],"title":"15 Jahre PHP"},{"categories":null,"content":"VP8 ist ein Videocodec, der von On2 entwickelt wurde. Google hatte die Firma am 17. Februar 2010 für $133 Mio gekauft. Unter dem Namen The WebM Project (Site , Blog ) wird der Codec jetzt unter einer BSD-artigen License als Open Source zur Verfügung gestellt (Tweet ). Die Lizenz hat dabei als netten Twist eine Selbstzerstörung bei Patentangriffen eingebaut:\nThese licenses are revocable only if the licensee files a patent infringement lawsuit against the VP8 code that Google released.\nWebM ist sehr eng definiert: Es ist ein Matroska-Container mit einem VP8-Video und Ogg Vorbis Sound - dadurch wird der Bau von WebM-Abspielern sehr einfach. Die Lizenz erlaubt jedoch die Verwendung von VP8 auch in größerem Rahmen, also etwa in normalen MKV-Dateien, in denen VP8-Video mit MP3-Sound kombiniert wird, nur ist es dann halt kein WebM.\nDerzeit gibt es noch keine Grafikkarten mit Hardware-Support für VP8, aber Google arbeitet daran. Android wird VP8 und WebM ab \u0026lsquo;Gingerbread\u0026rsquo; unterstützen (und dann sicher auch mit passender Hardware, um die Batterie zu schonen).\nEine ältere Version eines On2-Codecs, VP3, wurde 2002 von On2 an die Xiph.org Foundation gespendet und unter einer BSD-License als Open Source verfügbar gemacht. Daraus hat sich das Ogg Theora-Projekt entwickelt.\nDurch das verfügbar-machen von VP8 eröffnet sich die Chance für HTML5 Video aus der H.264 Patentklemme heraus zu kommen, wenn der Codec weit genug unterstützt wird. Die Unterstützung von Chrome ist ja quasi von Haus aus sicher,\nYoutube kann auch schon VP8 . Das Mozilla-Projekt unterstützt WebM bereits in den Firefox Nightly Builds, ebenso Opera und sogar Microsoft ab MSIE 9. Bleibt die Frage wie Safari (Apple) reagiert: Jobs war gegenüber Ogg Theora ja eher kritisch eingestellt und dem H.264-Lager recht sicher zuzurechnen.\nH.264 ist kritisch zu sehen, weil MPEG LA , die MPEG Licensing Authority, Anteile an Umsätzen haben will, die mit H.264 codierten Videos gemacht werden - selbst sogenannte Profikameras kommen nur mit einer Consumer H.264 Encoder-Lizenz. MPEG LA behauptet auch, daß es generell unmöglich ist, einen legalen Video-Codec zu produzieren ohne Patente von MPEG LA zu lizensieren. Mit Google und Googles Anwälten hinter VP8 wird das sicher eine interessante Auseinandersetzung.\nIn einem größeren Zusammenhang ist auch der Aufkauf von Global IP Solutions durch Google zu sehen.\nGIPS wirbt für sich als \u0026ldquo;The world\u0026rsquo;s most widely deployed technology for processing real-time voice and video over IP\u0026rdquo;, zumal die WebM-FAQ zum Thema PVRs und Set-Top Boxen ein \u0026lsquo;stay tuned\u0026rsquo; empfiehlt. Was ein Laden wie Google mit Bandbreite, Videocodecs, Youtube und GIPS sowie Cellphone-Tech alles anstellen kann bleibt der Fantasie der Anleger überlassen.\n","date":"2010-05-19T00:00:00Z","href":"https://blog.koehntopp.info/2010/05/19/google-opensourced-vp8-video-codec-webm-project.html","tags":["google","media","politik","lang_de"],"title":"Google opensourced VP8 Video-Codec: WebM Project"},{"categories":null,"content":"Ingeborg meint: Dieses Land hat ein Katholikenproblem! :\nEgal, wo man am hin gucken is\u0026rsquo;, dauernd stehn wieder irnzwelche Problemkatholiken inne Zeitung drinne. Ein Zufall kamman datt ja wohl nich mehr nenn. Auch im Internetz stehn die dauernd drinne: ers gestern haben die sich Frankreich auf \u0026rsquo;ner Anti-Homophobie-Demo mitte Pollezei geprügelt. So geht datt nich mehr weiter!\nDas ist keine neue Erkenntnis. Mal gucken, ob ich von dem alten AStA-Flyer gegen Ausländerfeindlichkeit auch noch einen Scan irgendwo finde.\nEDIT: Kein Scan, aber hier ist der Inhalt:\nFrom: kris@koehntopp.de (Kristian Köhntopp) Date: Sun Jan 17 17:08:16 1993 Subject: Re: SU:Katholiken-Raus-Flugblatt ;-) Newsgroups: de.etc.misc In 63.33818@bionic.zer.de M.BELOW@BIONIC.zer.de writes:\nUm mal realistischer zu sein, hat irgendjemand das in irgendeiner Form aufbewahrt? Und, wenn meine Traeume von der digitalisierten Version schon nicht in Erfuellung gehen, kann mir das jemand faxen?\nDas Original haengt noch an meinem schwarzen Brett, aber ich habe kein FAX. Dafuer habe ich aber cut \u0026amp; paste:\nOriginal-Path: tpki.toppoint.de!tpki!kbbs!ums!ums!zivi Original-Subject: Kathos raus (Irony:=true) Original-Newsgroups: kiel.allgemein Original-Distribution: kiel Original-Date: Sun, 02 May 1992 20:48:00 MEZ Original-Message-Id: 06.1574@UMS Original-From: zivi@ums.zer.sub.org Flugblatt vom 1.5.:\nKatholikenproblem loesen!\nUm es gleich vorweg zu sagen: wir haben nichts gegen Katholiken Im Gegenteil, jeder Katholik, der sauber ist und hier seit Jahren Steuern zahlt, ist uns willkommen. Wir wehren uns nur dagegen, dass wir Schleswig-Holsteiner durch den Zustrom von schwarzen Schafen und ihren bischoeflichen Hirten unsere kulturelle Identitaet verlieren.\nLeider ist es den meisten Katholiken aufgrund ihrer fundamentalistischen Einstellung bisher nicht gelungen, ihre naturreligioese Vorstellung von Sexualitaet, nach der sexuelle Handlungen nur zum Zwecke der Fortpflanzung ausgeuebt werden duerfen, abzulegen. Das fuehrt dazu, dass diese Bevoelkerungsgruppe, die wir einst als Gaeste in unser Land riefen, sich hier vermehren, wie die Karnickel in der Geest. Sind es nicht jene Katholiken, die durch ihre beharrliche Ablehnung jeder Form von Empfaengnisverhuetung in erheblichem Umfang zur Verschaerfung von Problemen wie Wohnungsnot und Arbeitslosigkeit beigetragen haben und damit die Stabilitaet der D-Mark in Gefahr bringen?\nNach Untersuchungen des Landeskriminalamts Bayern wurde eindeutig nachgewiesen, dass 78.47% aller bayerischen Straftaeter Katholiken sind. Allein diese Zahl macht schon deutlich, dass der dramatische Anstieg der Kriminalitaet in den letzten Jahren nicht unabhaengig vom Katholikenproblem betrachtet werden darf. Noch stellen die Katholiken in unserem Schleswig-Holstein eine Minderheit dar, doch alleine in der Zeit von 1961 bis 1987 hat sich ihre Zahl um mehr als 22% auf 157.000 erhoeht. Schon das Symbol, das die Katholiken anbeten, das Bildnis eines Gefolterten am Kreuz, ist ein beredtes Zeugnis der latenten Gewaltbereitschaft dieser Gruppe. Muss es erst soweit kommen, dass sich keine schleswig-holsteinische Frau mehr aus Angst vor Katholiken auf die Strasse traut?\nNach wie vor stehen eine Vielzahl der religioesen Rituale der Katholiken im eklatanten Widerspruch zum Grundgesetz der Bundesrepublik Deutschland. Hierzu nur zwei Beispiele: Waehrend das Grundgesetz Ehe und Familie unter den besonderen Schutz der Gemeinschaft stellt, verbietet die Katholische Kirche ihren Priestern kategorisch die Eheschliessung und Familiengruendung. Waehrend nach dem Grundgesetz Maenner und Frauen gleichberechtigt sind, ist es den Frauen in der Katholischen Kirche verboten, Priesterin zu werden. Muss es erst soweit kommen, dass der Erzbischof von Koeln die Macht an sich reisst, um das Grundgesetz ausser Kraft zu setzen und einen sogenannten Gottesstaat ohne demokratische Legitimation zu errichten?\nBesonders besorgniserregend ist fuer Fachleute die Tatsache, dass zwischen der Einfuehrung des Bundessozialhilfegesetzes im Jahre 1961 und dem Anstieg der Katholikentagen in Schleswig-Holstein direkte Zusammenhaenge vermutet werden koennen. Hier ruhen sich Katholiken ganz offensichtlich in der Haengematte unseres Wohlfahrtstaates aus. Zwar sind wir noch eines der reichsten Laender dieser Erde, aber wie lange koennen wir uns diesen Missbrauch durch die Katholiken noch leisten?\nBereits jetzt sind die negativen Einfluesse der Katholiken auf die deutsche Wirtschaft erkennbar. Die hohe Anzahl ihrer religioesen Feiertage fuehrt zu Produktionseinbussen in Milliardenhoehe. Dies hat die Konkurrenzfaehigkeit z.B. zur japanischen Industrie, in der so gut wie keine Katholiken arbeiten, erheblich beeintraechtigt. Muss die deutsche Wirtschaft erst voellig am Boden liegen, bis die Katholikenflut eingedaemmt wird?\nDie Katholiken haben einen eigenen Staat, eine Heimat, in der sie nicht unterdrueckt und verfolgt werden. Wenn sie zu uns kommen, geschieht dies in der Regel nur aus wirtschaftlichen Gruenden, obwohl der Vatikan das hoechste Pro-Kopf-Einkommen der Welt hat. Muessen wir am Ende alle 900 Millionen Katholiken der Erde bei uns aufnehmen? Nein, wir koennen das Katholikenproblem dieser Welt nicht alleine loesen, und die zunehmende Katholikenfeindlichkeit in Schleswig- Holstein erfordert sofortiges Eingreifen und Handeln.\nWir schlagen deshalb vor:\nAbweisung aller Katholiken an den Grenzen Schleswig-Holsteins! Sofortige Abschiebung aller kriminellen Katholiken in den Vatikan! Erteilung einer befristeten Aufenthaltsgenehmigung fuer Katholiken nur bei Nachweis eines Arbeitsplatzes! Abschaffung des Wahlrechts fuer Katholiken! Ausweisung aller Katholiken bei Sozialhilfebezug und Arbeitslosigkeit! Unterbringung aller Katholiken in Gemeinschaftsunterkuenften! Ausweisung der Katholiken bei verfassungsfeindlichen Aktivitaeten! DAS BOOT IST VOLL! STOPPT DIE KATHOLIKENFLUT!\n","date":"2010-05-19T00:00:00Z","href":"https://blog.koehntopp.info/2010/05/19/stoppt-die-katholikenflut.html","tags":["anderswo","kirche","religion","lang_de"],"title":"Stoppt die Katholikenflut!"},{"categories":null,"content":"In einem Kommentar zu \u0026ldquo;Wie man aus Versehen WLAN-Daten mitschneidet\u0026rdquo; schreibt Florian:\nSorry, sowas DARF nicht \u0026ldquo;passieren\u0026rdquo;. Nicht Google und keinem anderen Unternehmen, dass auch nur entfernt von Seriösität und Vertraulichkeit lebt. Hört bitte auf, die Schuld wieder den \u0026ldquo;Medien\u0026rdquo; oder der \u0026ldquo;Politik\u0026rdquo; zuzuschieben. Google hat Scheisse gebaut.\nAber so etwas passiert.\nEs passiert so oft, daß es Standards dafür gibt. In der Sprache und dem Prozeßmodell von ITIL ist so etwas ein Incident : \u0026ldquo;Ein Ereignis, das nicht zum standardmäßigen Betrieb eines Services gehört und das tatsächlich oder potenziell eine Unterbrechung dieses Services oder eine Minderung der vereinbarten Qualität verursacht.\u0026rdquo; Das ist vornehm für \u0026ldquo;Scheiße gebaut oder in der Scheiße stecken\u0026rdquo;.\nSo etwas passiert.\nIch habe es oft genug gesehen. In einem anderen Leben war es mein Job, Incidents zu managen, also zu erkennen, daß wir in der Scheiße stecken und Leute zusammenzutrommeln, die das dann sofort beheben.\nIn der Folge dann festzustellen, woran das lag (Das nennt man in ITIL: Problem Management ) und Maßnahmen einzuleiten, die dafür sorgen, daß das nicht wieder passiert (in ITIL ein Aspekt von Change Management , nämlich der Aspekt, der die Prozesse und Arbeitsanweisungen selbst changed).\nIn jenem Leben war mein Job die Security-Seite des gesamten Betriebes. Wäre ein WLAN-Fail wie bei Google zu dieser Zeit bei meinem Arbeitgeber geschehen, wäre er als Privacy-Problem genau bei mir als zuständigem Techniker und bei dem Kollegen gelandet, der Datenschutzbeauftragter und Jurist der Firma war. In noch einem anderen Leben war mein Job Datenbank-Consultant. Und auch da kommt es schon einmal vor, daß man bemerkt, daß die Dinge nicht so liegen wie einem die Betreiber der Anlage schildern daß sie liegen sollten.\nSo etwas passiert.\nAuch anderswo als bei Google. Und ja, es passiert \u0026lsquo;aus Versehen\u0026rsquo;, also aus Unachtsamkeit, Unkenntnis, durch Fehlbedienung oder Fehlinterpretation von Arbeitsanweisungen und aus tausend anderen Gründen. Sei es, daß ein Laden mehr Daten erfaßt als er glaubt, daß er das tut. Oder daß ein anderer Laden glaubt, Daten physisch zu löschen und sich dann herausstellt, daß die entsprechenden Datensätze seit Jahren nur als \u0026lsquo;ungültig\u0026rsquo; geflaggt werden statt entfernt zu werden, oder daß ein dritter Laden personenbezogene Daten glaubt zu pseudonymisieren und sich hinterher herausstellt, daß sich diese Pseudonyme intern trivial aufdecken lassen, um mal typische Fehlersituationen herauszugreifen ohne zu konkret zu werden.\nIn jedem der genannten drei Fälle handelt es sich in den konkret erlebten Situationen vermutlich gegen einen Verstoß gegen geltendes Recht des jeweiligen Landes, indem der Incident aufgetreten ist. Der Unterschied zwischen dem Vorgehen von Google und dem Vorgehen in anderen mir bekannten Fällen ist der, daß Google den Fall dokumentiert und öffentlich macht und unter Aufsicht löscht , statt das Problem still und heimlich im Kämmerlein unter den Teppich zu kehren.\nOb das PR-Technisch global ein Gewinn ist weiß ich nicht.\nAber mir persönlich nötigt das eine ganze Menge Respekt ab und ist eher geeignet, mein Vertrauen in die Ehrlichkeit von Google zu stärken.\n","date":"2010-05-18T00:00:00Z","href":"https://blog.koehntopp.info/2010/05/18/incident-management-und-transparenz.html","tags":["privacy","security","wlan","lang_de"],"title":"Incident Management und Transparenz"},{"categories":null,"content":"Als Nachtrag zu Wie man aus Versehen WLAN Daten mitschneidet hier die Erklärung zu \u0026ldquo;Weswegen fahren Leute eigentlich systematisch durch die Straßen der Großstädte der Welt und zeichnen die Kennungen von WLAN Access Points und vermutlich auch GSM Basisstationen auf?\u0026rdquo;\nNun, jedesmal, wenn Ihr ein Handy online nehmt um dort eine Kartenanwendung Eurer Wahl zu aktivieren, muß das Handy seine Position bestimmen. Das kann vollkommen freihändig passieren, also nur mit dem GPS-Chip im Handy, wie es die originale Nokia Map-Anwendung in meinem E90 getan hat. Das Handy braucht dann freie Sicht zum Himmel und circa 80 Sekunden lang eine relativ stabile Position, damit es funktioniert.\nFür die mobile Anwendung ist das nicht wirklich akzeptabel, wie ich selbst ausprobieren konnte, als ich auf der Suche nach dem Kunden mitten in London stand und jeweils 2 bis 3 Minuten lang zur Salzsäule wurde, bevor ich wußte, wo ich lang mußte.\nDazu kommt, daß GPS Hardware eine ganze Menge Strom zieht und den Akku des Mobiltelefons binnen einer oder zweier Stunden auch bei guter Kondition und voller Ladung leicht leer lutschen kann. Auch das mit dem E90 getestet, indem ich auf der Suche nach besagtem Kunden vergessen habe die Kartenanwendung nach Gebrauch zu beenden - ein Handy mit Multitasking kann auch Nachteile haben, liebe geplagte iPhone-Anwender.\nModerne GPS-Anwendungen machen daher etwas anderes: Sie verwenden EGPS , AGPS oder gar GPS-freie Lokalisierungen ( Skyhook ).\nEGPS verwendet eine Grobpeilung auf der Basis von Kennungen der Basisstationen um die Position des Telefons grob (auf Genauigkeit von Mobilfunkzellen) zu schätzen. Zellengrößen im Mobilfunk sind sehr unterschiedlich, sie können mehrere Kilometer groß sein, im Innenstadtbereich als Mikrozellen aber auch einzelne Plätze oder Teile von Plätzen abdecken.\nTechnisch ist es auch denkbar, daß das Mobiltelefon das Mobilfunknetz nach einer Triangulation des Telefons fragt - das Netz \u0026lsquo;sieht\u0026rsquo; ein Telefon ja oft mit mehr als einer Basisstation gleichzeitig, mit unterschiedlichen Signalstärken, und die Basisstation hat oft mehrere Antennen, die jeweils Richtcharacteristik haben. Dadurch kann das Mobilfunknetz die Position eines Telefons genauer bestimmen als das Telefon das alleine kann und dem Telefon diese Informationen bereitstellen (lieber noch würde man dem Teilnehmer einen Dienst auf der Basis dieser Daten verkaufen, also location based services).\nAGPS ist eine weitergehende Unterstützung der Positionsbestimmung des Telefons, in der das Telefon nur die Signale der GPS Satelliten mißt, sie aber nicht selber auswertet, sondern an einen Server im Netz weiter gibt. Der Server hat eine genauere Uhr als das Mobiltelefon, was für GPS Genauigkeit von entscheidener Bedeutung ist. Er hat weiterhin mehr Speicher und CPU, sodaß er die für die Berechnung der Position notwendigen Nachschlagetabellen im Speicher halten kann statt sie erst herunter laden zu müssen (letzteres ist der Grund für 40 Sekunden der 80 Sekunden GPS Startzeit).\nGPS-lose Lokalisierungsdienste wie Skyhook oder eben Google haben außerdem eine recht gute Karte von Sendern aller Art in der Stadt - Basisstationen für GSM wie für WLAN. Ein Telefon, das seine Position bestimmen möchte, kann nun messen, welche Sender und Senderkennungen es sehen kann und diese Informationen an den Lokalisierungsdienst hochladen. Der Lokalisierungsdienst gibt nun eine Position und eine Genauigkeit als Ergebnis zurück. Telefone ohne GPS Hardware verwenden ausschließlich solche Positionierungsdienste zur Positionsbestimmung.\nWenn man gar kein WLAN sehen kann, sich also in der Pampa befindet, dann können nur GSM Basisstationen verwendet werden. Man hat dann natürlich ein ziemliches Schätzeisen, das zur Navigation nur eingeschränkt verwendbar ist. In der Stadt dagegen ist ein solcher Dienst für Straßen und Hausnummern in der Regel genau genug und viel, viel schneller als irgendeine GPS-Variante.\nDamit man einen solchen Dienst anbieten kann braucht man eine Verknüpfung von GPS-Positionen mit den Sendern, die an dieser Position sichtbar sind. Und dafür wiederum braucht man etwas, mit dem man Sender wiedererkennen kann. Skyhook und Google verwenden dafür die MAC-Adresse der Basisstation, also die in der Netzwerkkarte eingebrannte Hardware Adresse (6 Bytes, wie bei allen neueren IEEE Protokollen) und die ESSID, den WLAN Netzwerknamen (32 frei wählbare Bytes, oft vom Netzbetreiber gewählter Klartext der das Netz beschreibt).\nDie MAC Adresse steht im Absenderfeld jedes Paketes, das der Access Point selbst generiert, und die ESSID steht (zusammen mit der MAC Adresse) auch in den Beacon Paketen, die der Access Point alle paar Millisekunden abstrahlt, um das Netz für Empfänger in der Gegend anzupreisen.\nWenn man den Access Point nicht versteckt (in privat betriebenen Netzen nicht üblich), dann strahlt der AP die Beacon laufend und im Klartext aus, auch wenn die Payload im Netz mit WEP oder einer WPA-Geschmacksrichtung verschlüsselt ist. Das muß er, damit ein Client (etwa ein Laptop) das Netz \u0026lsquo;sehen\u0026rsquo; und dem Benutzer zur Auswahl anbieten kann. Der Benutzer verbindet den Laptop dann mit der ESSID des Netzes, indem er den Schlüssel für dieses Netz eingibt, und das wiederum erlaubt dann auch die Entschlüsselung von Payload Paketen.\nWardriving , Sarumans Turm\nDamit Firmen wie Skyhook oder Google einen solchen Positionierungsdienst anbieten können brauchen sie laufend aktuelle Karten, die sichtbare ESSIDs und MAC-Adressen auf GPS-Koordinaten abbilden. Dazu genügt es im Grunde, die Beacon-Pakete der Netze aufzufangen, die man bei der Durchfahrt sieht. Das ist auch das, was Google intendiert hatte. Man kann das zum Beispiel daran sehen, daß Google nach eigener Auskunft alle 200ms (fünf mal pro Sekunde) den Kanal wechselt, um so regelmäßig alle WLAN-Frequenzen durchzuprobieren, die in Deutschland zugelassen sind. Der Scanner im Street View- oder Skyhook-Wagen verhält sich dabei genau wie ein Laptop, der noch nicht mit einer ESSID assoziiert ist und der für die Erstellung der Liste der WLANs in der Umgebung alle vorhandenen Frequenzen abtastet.\nIn der Vergangenheit hat Google diese Daten von Skyhook lizensiert, aber wenn man sowieso Street View Cars durch die Straßen schicken muß, um Turn-Based Navigation realisieren zu können, dann kann man diese Daten natürlich auch selbst erfassen, statt Skyhook zu finanzieren - darum ein Stück Stumbler -Software und eine WLAN-Antenne in den Street View Cars.\nDer Fehler, den Google dabei gemacht hat, ist alle empfangenen Pakete und Paketfragmente aufzuzeichnen, anstatt schon bei der Aufzeichnung nur die Beacons aufzuzeichnen. Empfangen muß Google genau wie Skyhook oder jeder Client-Laptop auch erst einmal alle Pakete, weil erst dann durch das Typ/Subtyp-Feld im WLAN-Frame erkennbar wird, was ein Payload-Paket ist und was ein Management-Paket (Beacons sind nur ein Typ von Management Paketen, es gibt noch viele mehr). Mit den aufgefangenen Payload-Paketen kann niemand etwas anfangen (*1) falls das Netzwerk mit einem WEP- oder WPA-Key geschützt ist, da sie dann verschlüsselt sind. Nur wenn das Netz unverschlüsselt ist liegen die Daten der Payload offen vor (*2).\n(*1) Angriffe auf WEP gibt es zu Hauf, aber sie brauchen in der Regel mehr Daten als man in 200ms auffangen kann.\n(*2) Falls nicht noch eine weitere Sicherung wie ssh, SSL oder ein VPN verwendet worden ist, was jeder vernünftig denkende Mensch in einem offenen WLAN hoffentlich grundsätzlich macht.\n","date":"2010-05-17T00:00:00Z","href":"https://blog.koehntopp.info/2010/05/17/wlans-mappen.html","tags":["internet","privacy","security","wlan","lang_de"],"title":"WLANs mappen"},{"categories":null,"content":" Spiegel Online Service: Technische Erklärung dessen, was passiert ist: dieser Artikel. Wozu macht Google das eigentlich? WLANs mappen -Artikel. Wer ist dieser Kristian Köhntopp eigentlich? XING-Profil TL;DR : Google sammelt wie Skyhook und andere Unternehmen die Hardware-Adressen und Netzwerknamen von WLANs, weil diese in dicht besiedelten Gebieten eine sehr schnelle und recht gute Näherung für eine Positionsbestimmung sind (GPS: 80 Sekunden, WLAN-Fingerprint der Position: \u0026lt;2 Sekunden, Details im Artikel WLANs mappen ). Dazu hat Google alle unverschlüsselten Pakete aufgezeichnet, die deren WLAN-Antenne gesehen hat: 32 Kanäle, je Kanal 1/5 Sekunde, immer im Kreis, genau wie jeder Laptop, der ein passendes WLAN sucht. Normal sind nur Beacon-Signale (\u0026ldquo;Ich bin das WLAN mit dem Namen \u0026hellip;\u0026rdquo;) unverschlüsselt, und das sind auch die Daten, für die sich Google interessiert. Aber es gibt auch in 2010 noch Leute, die Klartext-Daten über unverschlüsselte WLAN-Verbindungen rausblasen. Das ist sehr leichtsinnig und komplett unsicher. Google hat durch einen Programmierfehler unzusammenhängende 1/5 Sekunden-Fragmente von solchen ungeschützter Kommunikation aus diesen Netzen aufgefangen als das Auto vorbeigefahren ist. Das ist kein gezielter Lauschangriff, sondern eine Panne. Es ist Google hoch anzurechnen, daß sie den Fall ehrlicherweise öffentlich gemacht haben, anstatt unter den Teppich zu kehren, wie es sonst allgemein üblich ist. Originalartikel Vor zwei Tagen schreibt Google im Firmenblog: Wi-Fi data collection: an update :\nIn that blog post, and in a technical note sent to data protection authorities the same day, we said that while Google did collect publicly broadcast SSID information (the Wi-Fi network name) and MAC addresses (the unique number given to a device like a Wi-Fi router) using Street View cars, we did not collect payload data (information sent over the network). But it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) Wi-Fi networks, even though we never used that data in any Google products.\nund weiter\nSo how did this happen? Quite simply, it was a mistake. In 2006 an engineer working on an experimental Wi-Fi project wrote a piece of code that sampled all categories of publicly broadcast Wi-Fi data. A year later, when our mobile team started a project to collect basic Wi-Fi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data.\nPolitik und Datenschützer sind in Aufregung:\nSpiegel: Googles Datenpanne: Fehler im perfekten System Heise: Politik fordert von Google Aufklärung über WLAN-Datensammlung Süddeutsche: Google: Datenpanne bei Street View: \u0026lsquo;\u0026lsquo;Unabsichtlich\u0026rsquo;\u0026rsquo; ausgespäht FAZ: Googles Street View Datenpanne: Schlamperei oder Vorsatz? Blogoscoped: Google Say They Were Collecting More Wi-Fi Data Than They Meant To BBC: Google admits wi-fi data collection blunder The Register: Google Street View snooped Wi-Fi for personal data: Network payloads collected \u0026lsquo;by mistake\u0026rsquo; Slashdot: Google Says It Mistakenly Collected Wi-Fi Data While Mapping Schauen wir also mal in die Technik und versuchen wir die Fragen, die sich aus dieser Aktion ergeben zu beantworten.\nDer Standard zum Thema WLAN stammt von der IEEE und ist erstaunlicherweise frei herunterladbar. Er befindet sich hier (PDF), wo man einen PDF-Download des Dokumentes bekommen kann. Der Standard ist lang und wem das zu lang ist, der findet in der Wikipedia und bei bei Wi-Fi-Planet eine Übersicht.\nIch schrieb in Internet mit Kugelschreibern (und Bussen) ja schon einmal:\nMein Rechner hat also keine Internet-Karte. Aber er kann jede seiner Netzwerkschnittstellen als Internet-Transport verwenden. Das eigentliche \u0026lsquo;Internet\u0026rsquo; in meinem Rechner ist dann ein Stück Software, das neben einigen anderen Dingen Pakete einkapselt und auskapselt.\nInternet-Pakete werden im Netz also nirgendwo direkt verschickt, sondern je nach Medium in anderen, für das Medium spezifischen Frames eingekapselt. Auf einem Ethernet sind es Ethernet-Frames, auf einem WLAN-Netz sind es die IEEE 802.11 Payload Frames.\nNun ist ein WLAN besonders, es unterscheidet sich von einem Kabelnetzwerk in dem Sinne, daß viele der Annahmen nicht gelten, die man in Kabelnetzen machen darf. Im Standard selbst findet man:\nThe PHYs used in IEEE Std 802.11 are fundamentally different from wired media. Thus, IEEE 802.11 PHYs\nUse a medium that has neither absolute nor readily observable boundaries outside of which STAs with conformant PHY transceivers are known to be unable to receive network frames Are unprotected from other signals that may be sharing the medium Communicate over a medium significantly less reliable than wired PHYs Have dynamic topologies Lack full connectivity, and therefore the assumption normally made that every STA can hear every other STA is invalid (i.e., STAs may be “hidden” from each other) Have time-varying and asymmetric propagation properties May experience interference from logically disjoint IEEE 802.11 networks operating in overlapping areas Was der Standard uns damit sagen will:\nDie Teilnehmer (Physical Layer Interfaces, PHYs) in einem WLAN arbeiten in einem Medium, das nicht wie ein Kabel absolut oder erkennbar begrenzt ist, sodass entscheidbar wäre, ob eine Station mit dem Medium verbunden ist oder nicht.\nEbenso kann das Medium durch andere Dinge, die nichts mit Netzteilnehmern zu tun haben, gestört werden oder es kann sich mit anderen Netzen nach demselben Standard überlappen, und ist daher schon konstruktionsbedingt weniger zuverlässig als ein kabelgebundenes Netz ist. Die Netzwerktopologie ist dynamisch in dem Sinne, daß der Standard explizit transportable (abgeschaltet bewegte) und mobile (angeschaltet bewegte) Stationen unterstützen muss und daß Netzteilnehmer nach Belieben im Sichtbarkeitsbereich einer Antenne erscheinen und verschwinden können - durch Bewegung, Störungen, Änderung der Ausbreitungsbedingungen oder durch An- und Abschalten.\nDaher gibt es in einem WLAN neben den Payload Frames, die die Nutzdaten der User enthalten noch eine ganze Menge weiterer Frametypen, die mit der Netzwerk-Administration im weitesten Sinne zu tun haben. Der Artikel bei Wi-Fi Planet gliedert sie schön auf in Frames, die mit der Netzwerkverwaltung zu tun haben - Anmelden, Abmelden, Bekanntmachen (Beacons) und Eigenschaften abfragen (Probes), Datenflusskontrolle (ganz klassisch: RTS, CTS und ACK) und die Payload selbst halt.\nWenn man eine Softwarekomponente schreiben will, die dem Erfassen und Decodieren von WLAN-Daten im Allgemeinen gelten soll, dann wird man also erst einmal alle Datenpakete von der Antenne ab mitschneiden und sie hinterher sortieren in die Pakete, die einen interessieren und die, die nicht weiter spannend sind. Das ist das, was diese Bibliothek macht, die oben in dem Google-Statement erwähnt wird: Sie schaltet eine Wi-Fi-Antenne und -Karte in den Monitor-Modus und schreibt einfach alle Pakete mit, die sie zu sehen bekommt.\nMit diesen Daten kann man eine ganze Reihe nutzbringender Dinge tun - neben der Kartierung von Funknetzwerken auf der Basis von MAC-Adressen und Beacon-Paketen halt auch Netzwerke debuggen, das Verhalten von Clients und Basisstationen im Netz beobachten oder amoklaufende Clients identifizieren - was man halt tut, wenn man im Netz unterhalb der Ebenen 3 und 4 (Netzwerkschicht/IP und Transportschicht/TCP) im Gerätetreiber-Keller rumkriechen muss.\nDas ist auch das, was ein Haufen anderer Pakete tun. Auf meinem Rechner finde ich beim Durchblättern von Macports Wireshark (Ethereal), Aircrack , Kismet und diverse andere Stumbler, die alle genau das tun, was auch diese Google Bibliothek tut - plus zusätzlich Funktionalität zum Angreifen und Knacken dieser Netzwerke (etwa bei Aircrack), die die Google Bibliothek genau nicht hat.\nWenn man dann denkt wie ein Haufen Physiker\u0026hellip;\nWenn man nun einmal ein paar Schritte zurücktritt und das Gesamtbild auf sich wirken lässt, dann erkennt man Muster: Alles in allem wirkt der Ansatz von Google auf mich wie eine Firma von Physikern oder anderen Experimental-Forschern mit akademischem Background, die beschlossen haben, einmal \u0026lsquo;so richtig\u0026rsquo; in die Wirtschaft zu gehen und ihre Methoden dort hin zu portieren.\nschrieb ich in Das Google-Missverständnis .\nZu dem Ansatz, den typische Physiker (stellvertretend für alle Naturwissenschaftler) typischerweise wählen gehört auch das Aufbewahren von Messdaten in Rohform - hier also der betreffenden aufgefangenen Wi-Fi-Pakete. Das braucht man, um frühere Ergebnisse nachvollziehen zu können oder fehlerhafte Berechnungen neu ablaufen zu lassen, aber auch, um historische Daten mit neueren Daten zu vergleichen und so ggf. Schlüsse über die Zeitachse ziehen zu können.\nGenau genommen muss das sogar technisch zwangsläufig so sein, denn ein Google Streetview Car ist, wenn man darüber nachdenkt, ein rollender Haufen Festplatten mit einem Satz Kameras, einem sehr guten GPS und eben einem Stapel von Wi-Fi und wahrscheinlich auch GSM-Antennen. Denn neben Wi-Fi-Kennungen zur Triangulation würde ich, wenn ich so etwas baute, auch die Kennungen von GSM-Basisstationen loggen wollen. Das Streetview-Car dockt dann irgendwann ans Google-Mutterschiff an und injiziert seine Datenerfassungen ins Firmen-Netzwerk, wo dann mit der Auswertung begonnen wird.\nInsofern ist die Erklärung für den Ablauf der Dinge, die Google uns gibt, schlüssig und plausibel.\nGehen wir doch mal in den Spiegel-Artikel und schauen uns die dort gestellten Fragen an. Was können wir beantworten?\nWarum entwickeln Google-Programmierer Schnüffel-Software? Weil Google WLANs auf einer Karte verzeichnen will (Wozu ist das gut? )\nEntwickelt worden ist eine Bibliothek zur Erfassung von 802.11 Frames. Erst nachdem man einen Frame erfasst hat, kann man auf die Felder Frame-Type und Frame-Subtype schauen und entscheiden, ob es etwa ein Beacon-Frame ist, in dem die ESSID eines Netzwerkes angekündigt wird, oder ein Payload-Frame. Bibliotheken, die WLAN-Interfaces in den Monitor-Modus schalten und dann alle Frametypen mitschneiden sind nicht selten - sie sind die Grundlage jedes Netzwerkmanagementsystems und in mannigfacher Zahl und Missgestalt Teil jeder Macports- oder Linux-Distribution.\nWie kommt Schnüffelcode in das umstrittene Street-View-Projekt? Wenn man ESSIDs kartieren möchte, dann muss man genau das tun: Eine Karte in den Monitor-Modus schalten und aufgefangene Beacon-Frames und MAC-Adressen von Karten zusammen GPS-Koordinaten und Zeitstempeln loggen. Streetview-Cars sind rollende Datenerfassungsmaschinen, die werten nicht aus, sondern schneiden nur mit. Das Sortieren hätte später beim Upload ins Google Corporate Netzwerk passieren müssen oder - besser - man hätte den Streetview-Maschinen von Anfang an diese minimale Sortierfunktionalität (Payload Frames nicht aufzeichnen) mitgeben müssen.\nWurde die Software nicht getestet? Normal geht Google sogar noch weiter - einerseits wird Software getestet, andererseits wird eine ganze Menge Zeit darauf verwendet, Code von Kollegen durchzusehen und zu reviewen. Insbesondere bei sicherheitskritischen Codestücken wird dies standardmäßig getan. Das ist aber code-zentriertes Arbeiten - datenzentriert scheinen solche Mechanismen nicht zu existieren.\nWarum merkt Google drei Jahre lang nicht, was da passiert? Weil der Prozess weitgehend automatisiert ist und niemand die Rohdaten angesehen hat, sondern alle Menschen mit den Daten beschäftigt waren, die aus der Verarbeitungs-Pipeline herausfallen, nachdem die Daten aus den Streetview-Cards aufbereitet worden sind. Erst die Nachfrage des Hamburger Datenschutzbeauftragten hat bewirkt, daß sich jemand einmal die gesamte Pipeline von vorne bis hinten angesehen hat und katalogisiert hat, was für Daten da eigentlich anfallen.\nDas Fazit: Die Software, die da zur Erfassung der WLAN-Daten geschrieben und betrieben worden ist folgt der Struktur, die die Technik und der WLAN-Standard der IEEE vorgeben. Das Vorgehen, das Google bei der Erfassung der Daten zeigt, ist logisch, vernünftig und in Deutschland illegal (§89 TKG und §202b StGB , wahrscheinlich).\nDie Erklärungen, die Google für das Entstehen des Fehlers gegeben hat, sind in im Kontext der Standards und im Vergleich mit anderer Software, die ähnliches leistet, konsistent und schlüssig. Der Fehler, der zu dem Problem geführt hat, ist naheliegend.\nZudem hat Google das Problem umgehend zugegeben und öffentlich gemacht, nachdem es entdeckt worden ist und geeignete Maßnahmen zur Eindämmung des Problems getroffen: Die Daten wurden im Corporate Network zusammengezogen, physisch isoliert und weitere Datenerfassung eingestellt. In Rücksprache mit den Behörden wird nun entschieden, ob die Daten gesäubert werden dürfen oder als Beweismaterial zurückbehalten werden müssen.\nDie Sicherungsmechanismen, die Google für die Qualitätskontrolle und für die rechtliche Zulässigkeit der Datenerfassung einsetzt, sind unzureichend und der bestehende Reviewprozess muss auf diesem Gebiet verbessert werden.\nAlles in allem finde ich das recht gut nachvollziehbar und geradezu vorbildlich gehandhabt, und verstehe die Hysterie und das Fingerzeigen in der Berichterstattung nicht.\nOh, und falls einer von Euch noch ein ungesichertes WLAN am Laufen hat ohne AP-Betreiber zu sein - oder über ein beliebiges öffentliches Netz noch unverschlüsselt kommuniziert: Bitte ändert das. Wir haben 2010 und nach dem BGH-Urteil ist das sowieso\u0026hellip; leichtsinnig.\n","date":"2010-05-16T00:00:00Z","href":"https://blog.koehntopp.info/2010/05/16/wie-man-aus-versehen-wlan-daten-mitschneidet.html","tags":["google","privacy","security","wlan","lang_de"],"title":"Wie man aus Versehen WLAN-Daten mitschneidet"},{"categories":null,"content":"In Sicherheitsmetrik heißt es als Antwort auf meinen Artikel DENIC erklärt sich :\nWir IT-Akademiker forschen gerne an Fragen herum, die einen vagen Relitätsbezug haben, die man aber in der Praxis pragmatisch handhabt. Nach ein paar Jahren haben wir die Lösungen der Pragmatiker formal dokumentiert und wissenschaftlich nachgewiesen, was die Kollegen immer schon wussten, nämlich dass das so tatsächlich funktioniert…. Die zehn Prozent sind formal betrachtet völlig willkürlich gewählt, tatsächlich aber wohl ein Erfahrungswert, der sich aus informellen Beobachtungen typischer Vorgänge ergibt. So etwas würde ein Wissenschaftler nie zulassen.\nDie zehn Prozent sind natürlich nicht willkürlich gewählt, sondern sorgfältig ermessen.\nDem Ganzen liegt eine andere Anekdote zugrunde, die die Denkweise eines Sysadmins verdeutlicht - am Ende geht es darum, Risiken für Menschen intuitiv handhabbar zu präsentieren (anstatt sie mit einem Regelwerk zu überschütten).\nPersönliche Betroffenheit führt zu persönlicher Verantwortung web.de war eine geldreiche Arbeitsumgebung. Mit 150 Mio Euro auf der Bank und ohne Schulden agiert eine Firma in Projekten nicht kostengetrieben, sondern erlösgetrieben.\nEs ist eine Umgebung, in der man Großes bewirken kann, aber es ist auch eine Umgebung, in der manche Projekteigentümer und Projektleiter nachlässig werden. Das ist so, denn in so einer Umgebungs sind Kosten alleine eben kein ausreichender Motivator, um bestehende Probleme anzugehen statt neue Projekte zu beginnen - die Firma lebt von Velocity, also der Geschwindigkeit der Innovation anstatt von Effizienz, denn Gewinn wird mit dem Wachstum des Marktes gemacht statt der Konkurrenz Anteile abzunehmen (Cynefin Marktreife in den Quadranten Complex und Complicated).\nSo kommt es, daß in solchen Umgebungen manchmal Systeme im Einsatz sind, die die für den Betrieb notwendige Stabilität nicht von sich aus mitbringen, sondern bei der die Stabilität durch permanente Arbeit des Operatings erzeugt wird.\nWill sagen, man hat Software mit Memory Leaks oder Race Conditions oder anderen schwer zu findenden Fehlern, die mit einer gewissen Eintrittswahrscheinlichkeit versehen sind. Der Betrieb erkennt die mit Sicherheit irgendwann eintretende Fehlersituation vorher und behebt das Problem durch, äh, vorbeugende Wartung. Also durch das Herausnehmen einer Komponente aus dem Loadbalancer und einen Neustart des betreffenden Systems mit anschließender Reintegration oder vergleichbare Maßnahmen.\nDie zur Fehlersuche und Behebung notwendigen Stunden Entwicklerzeit will niemand gutwillig bereitstellen, da es andere laufende Projekte verzögern würde, also Velocity kosten würde. Und eine tatsächliche Aufwandsschätzung ist bei Heisenbugs sowieso immer schwierig, da der Aufwand in der Regel in Instrumentation und Warten besteht, solange der Fehler nicht mit vernünftigem Aufwand im Labor provoizierbar ist. Man kann also nicht sagen \u0026lsquo;Es wird circa 4 Stunden dauern, diesen Bug zu fixen\u0026rsquo;, weil man ihn überhaupt erst mal beobachten muß.\nWenn nun Kosten im Operating kein Instrument sind mit denen man seine Projektleitung zur Bereitstellung von Ressourcen motivieren kann, dann ist die erprobte Strategie der Managementmotivation im Operating eine, die ich gerne mit \u0026ldquo;Teile die Schmerzen\u0026rdquo; beschrieben möchte.\nZum Beispiel setzt man den Projekteigentümer auf dieselbe Alerting-Methode wie den Sysadmin, der am Ende Sonntag nachts um 4 Uhr wegen eines Alarms die vorbeugende Wartung durchführen muß. Die Begründung ist, daß der Projekteigentümer bei einem System dieser Wichtigkeitsstufe ja über Ausfälle informiert sein muß. Er muß schließlich bereit stehen, um als Entscheider die notwendigen Anweisungen zu geben wenn etwas schiefgeht - so etwas wichtiges kann man ja auf keinem Fall einem einfachen Operator überlassen.\nWenn wir nun also einen jungen Projektverantwortlichen haben, bei dem das Handy Sonntag nachts um vier die Frau und das 6 Monate alte Kind weckt, dann ist diese Person nach einigen Wochen unmittelbaren Alerting-Erlebens sehr viel zugänglicher, wenn auf auf einem Montagsmeeting der Vorschlag gemacht wird, endlich einmal eine Hand voll Entwicklerstunden in die Verbesserung der Stabilität dieses vergleichsweise wackeligen Systems zu stecken. Das Interesse ergibt sich hier dann nicht aus den Projektkosten, sondern aus persönlicher Betroffenheit.\nWieviel Risiko ist vertretbar? Das ist derselbe Mechanismus, der auch unter den Admins selbst am Werk ist. Sie machen Bereitschaft und sie bekommen Alarmmeldungen, Tag und Nacht. Admins haben ein natürliches Interesse an den Schranken von Alarmen, denn es sind diese Einstellungen der Sensitivität des Überwachungssystemen, nach denen sich die Qualität ihres Nachtschlafs und das Klima in ihren Familien bemißt. Admins wollen nicht von unnötigen Alarmen gestört werden, sie wollen also keine false positives.\nNoch schlimmer sind aber false negatives, also Alarme die hätten gesendet werden sollen, aber nicht gesendet wurden. Denn diese kosten nicht nur den Bonus, sondern auch auf Wochen hinaus das Familien- und Arbeitsklima. In einem funktionierenden Admin-Team - jedem funktionierenden Admin-Team - mit einem gut eingestellten Monitoring kann man also darauf vertrauen, daß gerade eben so viele Alarme zu viel gesendet werden, daß die Meldungen des Alarmierungssystems noch vertrauenswürdig sind.\nDie Schwellwerte im System ergeben sich empirisch unter dieser Strategie: Überwachungssysteme werden erschaffen und messen Daten, generieren darauf basierend Alarme - in der Regel viel zu viele Alarme.\nEin gutes Admin-Team wird die meisten dieser Alarme ignorieren. Es wird außerdem regelmäßig die ignorierten und beiseite geschobenen Alarme auswerten, um daraufhin das Monitoring anzupassen, damit die Schwellwerte realistischer werden. Die neuen Schwellwerte werden immer noch zu sensibel sein, aber näher an realistischen Werten. Das Verfahren wird in der Regel nicht formalisiert durchgeführt (Capability Maturity Rating 1 für den Prozeß: \u0026lsquo;individual heroics\u0026rsquo;), ist aber im Verhalten wahrscheinlich einem inversen TCP Slow Start ähnlich (Man kann das natürlich modellieren, aber mir sind keine formalen Papiere zum Thema \u0026lsquo;Tuningalgorithmen für Monitoringsysteme\u0026rsquo; bekannt).\nRisiken menschengerecht erlebbar machen - Shared Spaces statt Regelsysteme Das Verhalten, das dem ganzen Zugrunde liegt, ist natürlich Risikokompensation und die ist in Grenzen modellierbar .\nMenschen versuchen, ihr Verhalten so zu optimieren, daß sie ein System möglichst voll \u0026lsquo;ausfahren\u0026rsquo;, seine Ressourcen also ausnutzen. Das heißt im Verkehr zum Beispiel, daß sie ein Auto schneller fahren oder enger überholen, wenn das Auto sich sicherer anfühlt oder eine bessere Lenkung oder Bremsen bekommt. Der lenkende Mensch wird dabei versuchen, das gefühlte Risiko stabil zu halten, indem er höhere Wagnisse eingeht.\nMan kann das umgekehrt nutzen, um mehr Sicherheit zu erzeugen, indem man Menschen Risiken spüren läßt und Systeme baut, die sich linear und stetig verhalten, also um Risiken für Menschen gut vorhersagbar und erlebbar machen. Im Verkehr nennt man dieses Konzept Shared Space und man kann es auch in der IT anwenden.\nShared Space funktioniert eben nicht, indem man einfach die Verkehrszeichen in einem Ort alle abmontiert und alle Bürgersteige planiert. Es gibt eine Reihe von Vorraussetzungen, die alle zusammen erfüllt sein müssen, damit man ein System hat, indem Menschen Risiken wahrnehmen und erkennen können und in denen sie aktiv agieren, um diese zu vermeiden.\nVisibility (und Predictability) Eine ist zum Beispiel, daß man es mit einem System zutun hat, das linear (oder logarithmisch) und stetig ist, bei dem also dem großen Knall eine Reihe von kleineren, mit zunehmendem Risiko schlimmer werdenden Warnsignalen auftreten - Menschen machen diese Annahme implizit, auch dann, wenn sie es mit Systemen zu tun haben, die weder linear noch stetig sind. Baut man ein System, bei dem Totalversagen nicht vorher von harmlosen Warnsignalen angekündigt wird, oder bei dem das Versagensrisiko in einer Weise ansteigt die von Menschen nicht intuitiv modellierbar ist, dann hat man ein System das massenweise Leute umbringt. Die Gefahrensituation muß also für den Menschen im Vorfeld erkennbar und vorhersehrbar sein - aktive und passive Visibility, sehen und gesehen werden, muß gegeben sein.\nIn einem Shared Space-Verkehrsgebiet bedeutet das zum Beispiel, daß man einige Kreuzungen umbauen muß, damit sie einsehbar werden oder andere Gebiete so umbauen muß, daß die entzerrt werden, voneinander abhängige Gefahrenquellen also entkoppelt werden und so auftreten, daß sie als aufeinanderfolgende separate Ereignisse abgehandelt werden, statt die Verkehrsteilnehmer mit zu vielen um Aufmerksamkeit konkurrierenden Situationen gleichzeitig zu überfordern.\nIn einer Produktionsumgebung in der IT bedeutet dies, daß man Systeme bauen muß, die \u0026lsquo;sanft\u0026rsquo; versagen und rechtzeitig vorher erkennbare Warnsignale generieren. Und daß man ein Monitoring haben muß, das ist der Lage ist, solche Warnungen zu visualisieren. Am Besten auch eines, das allgemein wahrgenommen wird - also Monitore mit Displays an wichtigen Stellen im Betrieb.\nEducation Eine andere Vorraussetzung ist, daß die Menschen in der Lage sein müssen, die Gefahrensituationen erkennen und bewerten zu können. Shared Spaces funktionieren also nur in einem Umfeld, in dem es eine passende Ausbildung gibt.\nIm Verkehr bedeutet das, daß Verkehrserziehung, Fahrausbildung und Awareness auf dem richtigen Niveau sein müssen, damit den Verkehrsteilnehmern das erwartete Verhalten, Handlungsmöglichkeiten und typisches Verhaltensfehler bekannt sind, so daß sie mit vergleichbaren Erwartungen und gut trainierten Sicherheitsreflexen in den Verkehr gehen.\nIn einer Produktionsumgebung bedeutet das, daß den verantwortlichen Mitarbeitern die Systeme, die sie fahren sollen, bekannt sind, sodaß sie ein Modell des Systems im Kopf haben, das den betrieblichen Realitäten entspricht, daß ihnen Diagnose- und Eingriffsmöglichkeiten bekannt sind und daß sie Zugriff auf Eskalationsmöglichkeiten in der Systementwicklung haben, wenn ein Fehler die Möglichkeiten des Operatings übersteigt.\nEmpowerment Und die dritte Vorraussetzung ist, daß die Menschen in einem System die Möglichkeit haben, Verantwortung zu übernehmen und ad-hoc vor Ort Regeln aufzustellen oder Situationen verbindlich zu klären - das ist Ermächtigung.\nIm Verkehr bedeutet das, daß man Zeichen entfernt, die Entscheidungen des Autofahrers überstimmen. Ampeln und Vorfahrtszeichen kommen weg, denn sie bestimmen über den Kopf des Fahrzeugführers hinweg \u0026lsquo;Du mußt halten\u0026rsquo; oder \u0026lsquo;Du kannst fahren\u0026rsquo;. Stattdessen ist der Fahrzeugführer jetzt verantwortlich, sein Fahrzeug berührungsfrei durch den Verkehr zu bewegen und er muß jede Halte- und Fahrentscheidung selbst und in letzter Verantwortung treffen. Das kann er, denn er hat die notwendige Visibility - er wird gesehen und kann sehen. Und er hat die notwendige Ausbildung.\nIn einer Produktionsumgebung in der IT sieht es genau so aus - statt dem Admins und Entwicklern einen Kubikmeter ITIL V3 Handbuch an den Kopf zu werfen und zu sagen: \u0026ldquo;Implementiert das!\u0026rdquo; gibt man ihnen die Verantwortung für den Betrieb und sagt: \u0026ldquo;Haltet das am Laufen! Was braucht Ihr dazu?\u0026rdquo;. Mitarbeiter mit der passenden Ausbildung und der passenden Visibility sind dazu in der Lage, das zu regeln, wenn man sie entsprechend ermächtigt.\nDie natürliche Risikoanpassung wird dann dazu führen, daß sie selbst die für den Betrieb notwendigen Regeln und Absprachen ad-hoc treffen.\n","date":"2010-05-16T00:00:00Z","href":"https://blog.koehntopp.info/2010/05/16/wieso-zehn-prozent.html","tags":["devops","monitoring","security","lang_de"],"title":"Wieso zehn Prozent?"},{"categories":null,"content":"Gestern ab halb zwei ging es los: Immer mehr DE-Domains waren nicht mehr erreichbar. Schlimmer noch, anstatt keine Antwort zu liefern lieferten die Nameserver für die Domain \u0026ldquo;de\u0026rdquo; die Antwort \u0026lsquo;Diese Domain gibt es nicht!\u0026rsquo;. Das bedeutete eine ganze Reihe von Problemen - zum Beispiel ging Mail an diese Domains mit \u0026lsquo;Unzustellbar wegen unbekannter Domain\u0026rsquo; an den Absender zurück, anstatt bis zum Ende der Störung liegen zu bleiben.\nWas ging schief? In einer Mail auf public-l hat die DENIC-Pressestelle eine Erklärung veröffentlicht :\nHintergrund dafür war, dass im Rahmen der regelmäßigen 2-stündigen Aktualisierung der Nameservicedaten auf 12 der 16 Servicestandorte durch einen unterbrochenen Kopiervorgang die Verteilung einer nicht vollständigen Aktualisierung (sog. Zonendatei) angestoßen wurde\u0026hellip;.\nZwar sollte auch dieser Vorgang abgesichert sein, der Sicherungsmechanismus hat den Fehler allerdings nicht korrekt ausgewertet, so dass im Effekt der Kopierfehler nicht entdeckt und der Weiterverarbeitungsprozess nicht angehalten wurde.\nEine Zone ist DNS-Speak für eine Konfigurationsdatei für einen DNS-Server und enthält in der Regel die Daten einer Domain. Die Zonendatei für DE ist nun wie man sich leicht vorstellen kann besonders groß, da sie die Konfigurations- und Delegationsdaten für alle DE-Domains enthält. Sie wird aus einer Datenbank neu generiert und dann an die Nameserver verteilt, die die DE-Domain betreiben. Dieser Verteilvorgang wurde nach Übertragung von ca. einem Drittel der Daten unterbrochen und das Checkscript hat auf den Fehler nicht korrekt reagiert und die Verarbeitung der Datei nicht abgebrochen.\nIn einem früheren Leben habe ich bei einem Kieler Provider gearbeitet und auch dort hatten wir eine Reihe von Scripten, die Konfigurationsdateien aus Datenbanken generiert haben. Neben anderen Integritätstests hatte wir in diesen Scripten in der Regel auch eine Prüfung drin, die festgestellt hat, wie sehr sich die Anzahl der Datensätze im Vergleich zum vorhergehenden Run geändert hatte. Wenn die Fluktuation bei mehr als 10% lag, hat das Script die Datei neben der alten Datei installiert, aber nicht live geschaltet, sondern eine Mail an die Admins geschickt, damit die sich das Ding mal ansehen und es manuell live nehmen. Das hat uns mehr als einmal den Hintern gerettet.\nSolche Sicherungen kann ich jedem Scripter von Admin-Diensten nur empfehlen!\n","date":"2010-05-14T00:00:00Z","href":"https://blog.koehntopp.info/2010/05/14/denic-erkl-rt-sich.html","tags":["devops","internet","lang_de"],"title":"DENIC erklärt sich"},{"categories":null,"content":"Letztes Jahr um diese Zeit schrieb ich in Politik, Polemik und eine Agenda über die Probleme, die sich aus gemeinsamer Werkschaffung und spontaner Kooperation ergeben, wenn man etwa der Herausgeber eines Buches ist oder Anime-Filme für den deutschen Markt synchronisiert, aber auch, wie solche Projekte in einzelnen Fällen anfangen, ihre ursprüngliche Zielsetzung zu transzendieren und beginnen, neue Originale zu schaffen statt anderer Leute Werke zu übersetzen, adaptieren oder erweitern. Mit ein wenig Systematik kann man das sogar in kooperative Regeln fassen und institutionalisieren.\nDieser Tage lese ich auf Carta einen faszinierenden Artikel Den gordischen Knoten durchschlagen – Ideen für ein neues Urheberrechtskonzept von Till Kreuzer. Der wiederum stellt erst einmal heraus, was das Problem mit dem aktuellen Urheberrecht denn seiner Meinung nach ist, und das ist in etwa derselbe Gedanke wie bei mir oben:\nKreativität entfaltet sich zunehmend kollektiv. Werke entstehen massenhaft in heterogen und synergetisch im virtuellen Raum zusammenwirkenden Communities. Das Netz und entsprechende Software („der Code“) ermöglichen es, die kreative Schaffenskraft Tausender zu bündeln werden, um Open-Content-Projekte wie Wikipedia oder Open Source Software (wie Linux) zu großem Erfolg zu führen oder riesige Plattformen wie Flickr oder YouTube mit Leben zu füllen.\nKreuzer führt aus, wie das Urheberrecht in allen seinen Novellen und Körben genau dieser Veränderung nicht Rechnung trägt, sondern noch immer beseelt ist vom Modell des auf Pergament kritzelnden Autors, der alleine in seinem Kämmerchen das Werk verfaßt („Werke im Sinne dieses Gesetzes sind nur persönliche geistige Schöpfungen.“ \u0026ndash; § 2 Absatz 2 UrhG, der „Werkbegriff“) - und dies, sowie die mangelnde Differenzierung führt zu einer \u0026ldquo;Legitimationskrise des Urheberrechts\u0026rdquo;.\nAngesicht der strukturellen Änderungen da draußen im Netz ein ziemlicher Euphemismus:\nDie Masse der Rechtsverletzungen, deren breite gesellschaftliche Akzeptanz, das Unverständnis und die allgemeine Ignoranz gegenüber der (Urheber-)Rechtsordnung dürfte in der Geschichte der staatlichen Regulierung einzigartig sein. Das Versagen des Systems wird zudem angesichts der Massenbewegungen der Open-Content- und Open-Source-Communities deutlich, die sich bewusst von den überbordenden Auswirkungen des Urheberrechts abwenden und sich eine eigene Rechtsordnung setzen.\nWie aber das Konzept \u0026lsquo;Urheberrecht\u0026rsquo; reparieren? Ist es überhaupt noch reparierbar?\nKreuzer setzt beim rechtstheoretischen Begründungsansatz für das Urheberrecht an: jedem Menschen sind die Früchte seiner körperlichen und geistigen Tätigkeit zuzuordnen (und darum gibt es in Europa auch ein Urheberpersönlichkeitsrecht). Der Bug, so Kreuzer, ist die Konzentration auf den Urheber, mit dem immer wieder von der Politik gebrachten Argument \u0026ldquo;Das Urheberrecht dient dazu, dem Urheber die Früchte seiner Arbeit und seine ideellen Interessen zu sichern\u0026rdquo;, das angesichts von aktuellen Autorenverträgen der Rechteverwerter und Verlage schon mal Unsinn ist. Diese Sichtweise jedenfalls, so Kreuzer, führt auch zu einem vollkommenen Fehlen von Nutzerrechten im Urheberrecht: Es gibt kein einklagbares (!) Recht auf Privatkopie oder auf Verfügbarkeit einer erwerbbaren Kopie oder Lizenz, geschweige denn irgendeine Regulierung der dabei verlangbaren Preise.\nSo ergeben sich für Autoren, die neues auf der Basis von altem Schaffen wollen zum Teil hanebüchene Probleme. Man lese einmal Sita Sings The Blues FAQ , Abschnitt Copyright \u0026amp; Distribution (TL;DR , und Copying is not theft ) oder schaue sich When Copyright goes bad an.\nOder lese Dinge wie Now that was a bit lazy of you rockstar (TL;DR: Firma will DRM-freie Version ihres eigenen DRM-geschützten Spiels verkaufen, nimmt Crack aus dem Internet, um das DRM loszuwerden und verkauft das als offizielle Retail-Version).\nUrheberrecht, angeblich geschaffen um die Kreativität zu fördern, wird zunehmend zu einer Belastung für den kreativen Prozeß, aber auch für Wissenschaft, Lehre und Ausbildung. Urheberrechtsverstöße sind nicht nur an der Tagesordnung, sie sind notwendig, um arbeiten zu können. Kreuzer formuliert das so:\nWikipedia, die Blogosphäre, YouTube, Linux und Flickr verändern und revolutionieren ganze Kulturindustrien, obwohl sich kaum einer der Beitragenden um das Urheberrecht schert oder auch nur hierüber informiert ist. Seit es innovative Selbstdarstellungs-, Vermarktungs- und Distributionsmodelle wie Netlabels oder Myspace gibt, erfährt die musikalische Kreativität und Vielfalt einen unglaublichen Aufschwung. Und welch eine Informationstiefe und -vielfalt, welch einen „Markt der Meinungen“ haben das „Web 2.0“, die Foren, social communities und Blogosphäre gebracht. All diese Formen kreativer Entfaltung und Äußerung funktionieren von Seiten der Akteure weitest gehend ohne Berufung auf ihre Urheberrechte, ohne Klagen, Abmahnungen und Strafverfolgung. Und sie können meist nur so funktionieren.\nNach der Analyse wendet sich Kreuzer konstruktiver Arbeit zu.\nDie erste Idee: Er will den Schutzzweck und damit die rechtliche Basis des Urheberrechts neu formulieren, damit das Urheberrecht multipolar wird und es Kreativen möglich wird, \u0026ldquo;auf den Schultern von Riesen zu stehen\u0026rdquo;:\n„Urheberrechte werden nur dann und insoweit gewährt, als sie die Erzeugung, Veröffentlichung und Nutzung von kreativen Schöpfungen fördern und keine höherrangigen widerstreitenden Interessen beeinträchtigen. Regelungen des geschriebenen Rechts, die diesem Ziel zuwiderlaufen, sind unzulässig.“\nDies stellt Schutzinteressen der Urheber den Nutzungsinteressen und Gemeinwohlbelangen gleich und gibt der Politik und der Jurisdiktion den Spielraum, den sie brauchen, die jetzigen Probleme angehen zu können.\nDie zweite Idee: Ein werkbezogenes Schutzrecht, also Differenzierung. Er führt das nicht im Detail aus, aber Anmerkungen weiter vorne im Text machen deutlich, daß es ihm vor allen Dingen auch um eine dem Werk angemessene Schutzdauer geht. Für Skulpturen eine andere als für tagesaktuelle Meldungen oder Nachrichtenfilmchen\u0026hellip;\nDie dritte Idee: Nutzungsfreiheiten als originäre Einschränkungen des Schutzumfangs. Durch die Einführung von Nutzerrechten und Nutzungsfreiheiten ergeben sich Schranken für den Rechteinhaber hinsichtlich des Verfügungsrechtes über das Werk. Dadurch können nicht nur Gemeinwohlprobleme besser gelöst werden, sondern auch Lizensierungsprobleme wie etwa bei \u0026lsquo;Sita sings the blues\u0026rsquo; oder dem Grey Album wären leichter in den Griff zu bekommen.\n(Dies ist immer noch zu lang für ein TL;DR und enthält selbst mehrere solche. Aber vielleicht ermutigt es ja jemanden, den Originalartikel dann doch noch mal von vorne bis hinten zu lesen, denn der ist wichtig)\n","date":"2010-05-13T00:00:00Z","href":"https://blog.koehntopp.info/2010/05/13/auf-der-suche-nach-einem-funktionierenden-urheberrecht.html","tags":["copyright","internet","kultur","media","politik","lang_de"],"title":"Auf der Suche nach einem funktionierenden Urheberrecht"},{"categories":null,"content":"Vor einiger Zeit schrieb ich einen Artikel Wie man einen Wikipedia-Artikel… liest Jetzt erreicht mich eine Mail von Thomas Emden-Weinert, in der er mich auf Wikipedia-Quellenkritik hinweist.\nda ich Ihren Beitrag \u0026ldquo;Wie man einen Wikipedia-Artikel… liest\u0026rdquo; zitiere, dachte ich, dies könnte Sie interessieren:\nWikipedia und Wahrheit - Quellen für eine Quellenkritik Zusammenfassung: Eine reflektierte und kritische Nutzung der Wikipedia als Teil der Medienkompetenz entsteht nicht von selbst. Diese Webseite verfolgt daher das Ziel, für Schule und Unterricht Aspekte und Belege für eine Quellenkritik der deutschen Wikipedia zu sammeln.\nÜber Anmerkungen und Hinweise freue ich mich. Insbesondere wäre ich dankbar für Beiträge (d.h. insbesondere: Fehler) aus anderen Sachgebieten!\nDort findet man im Abschnitt \u0026lsquo;Wie funktioniert Wikipedia?\u0026rsquo; noch einmal verschiedene Maße, die eine gewisse Beurteilung der Qualität eines Wikipedia-Artikels erlauben, und wie man einen starken von einem schwachen Wikipedia-Artikel unterscheidet.\nIn \u0026lsquo;Quellen für eine Quellenkritik\u0026rsquo; werden Irrtümer und Fehler verschiedener Art gesammelt, klassifiziert und belegt.\n\u0026lsquo;Hinweise zur Unterrichtsgestaltung\u0026rsquo; verweist auf Materialien, die für die Verwendung und Gestaltung von Wikipedia im Rahmen des Schulunterrichtes nützlich sein können und macht auf bestimmte wichtige Lernziele aufmerksam.\nIn den Schlußbemerkungen wird darauf eingegangen, daß diese Lernziele als Methodik die \u0026lsquo;wissenschaftliche Methode\u0026rsquo; darstellen und daß diese auch in anderen, traditionellen Medien nicht immer korrekt angewendet wird - um so wichtiger, bei freiem Wissen wie bei Open Source Transparenz und Nachvollziehbarkeit als Ziel und Designmerkmal um so mehr in den Vordergrund zu stellen.\nAlles in allem eine lohnende und lehrreiche Zusammenfassung - ich würde mir jedoch wünschen, das Projekt würde sich neben der Fehlersuche auch auf die Bereitstellung und Verbesserung von Unterrichtsmaterial zum Thema \u0026lsquo;wissenschaftliche Methode\u0026rsquo; und \u0026lsquo;Umgang mit Wikipedia\u0026rsquo; konzentrieren. Das halte ich nämlich für konstruktiver.\n","date":"2010-05-13T00:00:00Z","href":"https://blog.koehntopp.info/2010/05/13/wikipedia-quellenkritik.html","tags":["internet","media","schulung","wikipedia","lang_de"],"title":"Wikipedia - Quellenkritik"},{"categories":null,"content":"An anderer Stelle gab es in einem komplett anderen Kontext eine Diskussion (1 , 2 , 3 ) in der es auch schon mal um die Statifizierung von Seiten ging.\nIn dem ersten Artikel ging es mir darum zu verdeutlichen, wie viel Mehrarbeit die Auslieferung einer Seite ist, wenn sie durch den Codepath des Webservers erfolgt statt durch den Fastpath - und das Beispiel bezieht sich noch auf die Auslieferung einer Bilddatei, also nur das Schaufeln von Daten statt die Seite zu berechnen. Sheeri war damals der Ansicht, daß das ein Problem mit dem Dateisystem gäbe, aber das ist tatsächlich nur der Fall, wenn man ein veraltetes Dateisystem verwendet, das Verzeichnisse als lineare Listen ablegt.\nIn dem zweiten Artikel benchmarke ich das Verhalten von Reiserfs 3.6, aber xfs und sogar ext3 mit DIR_INDEX sollten sich vergleichbar verhalten.\nDer dritte Artikel erklärt dann Statifizierung von - im Beispiel - Bilddateien durch 404-Handler. Diese Methode ist auch auf das Blog anwendbar.\nDas Blog \u0026rsquo;leidet\u0026rsquo; dabei darunter, daß auf einer Seite als Speichereinheit eine Menge von Elementen zu sehen sind, die alle eine unterschiedliche Lebensdauer haben. Daher müßten bei der Änderung eines Seitenelementes alle Seiten invalidiert werden, in denen das Seitenelement vorkommt. Das ist nicht effizient.\nDer erste Schritt muß daher darin bestehen, die Seite in ihre Elemente zu zerschneiden und die Seitenelemente einzeln in separaten Dateien zu cachen.\nZusammensetzen im Client Das bedeutet aber, daß die Seite bei der Auslieferung zusammengesetzt werden muß. Wenn man dabei das Zusammensetzen der Seite im Webserver vermeiden will, dann muß das im Client passieren. Der am wenigsten aufwendige Fall ist dabei die Verwendung von IFrames, so wie schon jetzt auf der Startseite dieses Blogs ein Google-Calendar von anderswo mit Hilfe eines IFrames eingebunden wird.\n\u0026lt;iframe src=\u0026#34;http:/www.google.com/calendar/embed?...\u0026#34; style=\u0026#34;border-width:0\u0026#34; width=\u0026#34;240\u0026#34; height=\u0026#34;280\u0026#34; frameborder=\u0026#34;0\u0026#34; scrolling=\u0026#34;no\u0026#34;\u0026gt;\u0026lt;/iframe\u0026gt; Das funktioniert mit dem Google Calender, weil die Größe des Elementes vorab bekannt ist.\nWürde man im Falle von S9Y eigene Komponenten von sich selbst einbinden, hätte man gerne ein IFrame- oder \u0026ldquo;Div src=\u0026quot;-Element ohne Größenangaben:\n\u0026lt;iframe src=\u0026#39;http://blog.koehntopp.de/statify/latest_comments.html\u0026#39; style=...\u0026gt;\u0026lt;/iframe\u0026gt; Leider gibt es so etwas nicht, sodaß man auf andere, schlechtere Methoden angewiesen ist, um die Seite zusammenzusetzen.\nDer Punkt am Ende ist jedoch: Die Datei /statify/latest_comments existiert zunächst nicht.\nErzeugung on-demand Dadurch kommt es zu einem 404-Error, der vom 404-Handler von Serendipity abgefangen wird. Dort erkennt S9Y den Namen des Plugins, instantiiert das gesamte S9Y Framework und ruft dann den Plugin-Handler innerhalb einer ob_start() Umgebung auf und läßt das Plugin normal ablaufen.\nWenn das Plugin sich selbst als Cacheable ansieht (und das zu entscheiden ist die Aufgabe jedes Plugins für sich alleine), dann holt es sich mit ob_get_contents() seine Ausgabe und schreibt diese in die Datei /statify/latest_comments.html. Dadurch werden nachfolgende Requests auf diese Datei vom normalen Handler für statische Dateien abgehandelt und der Code für das Plugin hat sich ein für alle Mal aus dem Codepath entfernt - es wird nie wieder ausgeführt.\nJedenfalls so lange, bis die Datei gelöscht wird - siehe unten.\nAtomares Schreiben Beim Schreiben der Datei muß man Vorsicht walten lassen. Es ist möglich, daß zwei verschiedene Apache Worker Slaves zur selben Zeit dieselbe /statify/latest_comments.html erzeugen. Es ist auch möglich, daß weitere Apache Worker die /statify/latest_comments.html ausliefern wollen, auch wenn sie noch gar nicht vollständig erzeugt ist. Daher muß das Schreiben so erfolgen:\n\u0026lt;?php $pid = posix_getpid(); $filename = make_filename_from($config, \u0026#39;/statify/latest_comments.html\u0026#39;, $pid); $final_filename = make_filename_from($config, \u0026#39;/statify/latest_comments.html\u0026#39;); $str = ob_get_contents(); file_put_contents($filename, $str); // Datei sichtbar machen rename($filename, $final_filename); ?\u0026gt; Expire Das Plugin kann sich selbst in der S9Y-Callback-Architektur registrieren, zum Beispiel kann es dafür sorgen, daß sein Expire-Hook aufgerufen wird, wenn ein neuer Kommentar geposted wird. Der Expire-Hook würde dann \u0026ldquo;/statify/latest_comments.html\u0026rdquo; löschen, die Datei aber nicht neu erzeugen. Sie wird automatisch neu erzeugt, falls sie jemals neu benötigt wird.\nWas cachen? Die Artikelseiten selbst können so auch gecached werden und für einige Seiten - etwa die Startseite und die Artikel, die auf der Startseite sichtbar sind - ist das auch viel wichtiger als für andere Seiten. Die Logik für das Cachen von Artikeln kann entweder alle Artikel cachen, die jemals aufgerufen worden sind, oder um Platz zu sparen die Caching-Entscheidung auf den o.a. genannten Set einschränken.\nEine andere Serie von Dateien, die dringend gecached werden muß, sind die Dateien für die RSS-Feeds. Derzeit erlaubt S9Y den Abruf von RSS-Feeds über Namen (index.rss2, atom.xml) und über Parameter (rss.php?\u0026hellip;\u0026amp;\u0026hellip;). Letzteres ist nie cachebar und der Support dafür muß entfernt werden. Stattdessen müssen die Parameter irgendwie in den Dateinamen der RSS-Datei integriert werden, und die Anzahl der möglichen RSS-Feeds muß eingeschränkt werden. Oder man ignoriert dieses Problem und es reguliert sich darüber selbst, daß bestimmte Feeds nie aufgerufen werden - es kommt auch nicht darauf an, daß man alles cached, sondern daß man die Seiten statifiziert, die oft aufgerufen werden.\nFür den Moment habe ich mir das schon einmal hingehackt: Laut Abrufstatistik ist es so, daß 35% aller Zugriffe in mein Blog auf /feeds/index.rss2 erfolgen, 3% auf atom.xml und ein weiteres Prozent auf comments.rss2. Ein Script wird jede Minute einmal ausgeführt:\n#! /bin/bash -- cd /home/www/servers/blog.koehntopp.de/pages [ ! -d feeds ] \u0026amp;\u0026amp; mkdir feeds cd feeds if [ -f .lock ] then pid=$(cat .lock) if kill -0 \u0026#34;$pid\u0026#34; then exit fi fi echo $$ \u0026gt; .lock rm -f index.rss2 curl -o index.rss2 http://blog.koehntopp.de/feeds/index.rss2 \u0026gt; /dev/null 2\u0026gt;\u0026amp;1 rm -f atom.xml curl -o atom.xml http://blog.koehntopp.de/feeds/atom.xml \u0026gt; /dev/null 2\u0026gt;\u0026amp;1 rm -f comments.rss2 curl -o comments.rss2 http://blog.koehntopp.de/feeds/comments.rss2 \u0026gt; /dev/null 2\u0026gt;\u0026amp;1 rm -f .lock Dieses Script sorgt dafür, daß diese drei Dateien als minütlich neu erzeugte statische Dateien vorliegen statt dynamisch n-fach parallel erzeugt zu werden. Es hat die Last auf dem Server dramatisch gesenkt, auch wenn die dahinter stehende Logik primitiv und leicht falsch ist. Mit dem 404-Handler-Framework von oben wären diese Dateien aber immer aktuell und frisch, und ohne daß ein Cronjob notwendig wäre.\nWas nicht cachen? Wenn man in einer Artikelseite ist kommentiert, dann landet man in einem interaktiven Teil des Blogs. Zugleich sollte diese Seite selbst aber statisch sein.\nDaher ist es am günstigsten, wenn die Artikelseite /archives/2789-uuid.html (statisch) das Kommentarformular so baut, daß es den Kommentar an die URL /dynamic/2789-uuid.html übermittelt. Diese URL erzeugt dieselbe Seite, aber dynamisch und ohne Cache. Dort kann dann die normale \u0026lsquo;Ihr Kommentar wurde wegen Captcha/Duplizierung/Was-auch-mmer abgelehnt\u0026rsquo;-Schleife dynamisch durchlaufen. Wenn der Kommenar endlich angenommen wurde, löscht die dynamische Seite die statische Seite und redirected den Browser auf die (jetzt nicht mehr existierende) statische Seite zurück. Dadurch wird sie dann auch gleich neu und mit dem neuen Kommentar darin erzeugt.\nAuf diese Weise hat man nie Probleme damit, daß die wechselnden Begründungen für die Ablehnung des Kommentares gecached werden.\nDas ist effizient unter der Annahme, daß weniger kommentiert als gelesen wird.\nGarvin merkt noch an:\nSolche Features wie \u0026ldquo;Leserechte auf Userbasis\u0026rdquo;, \u0026ldquo;Adminlinks für Redakteure\u0026rdquo;, \u0026ldquo;Content-Negotiated-Language\u0026rdquo; wird man verlieren, auch das Statistik-Tracking.\nDas ist in erster Näherung sicher wahr, aber wahrscheinlich auch für die Masse der S9Y-Anwender und alle S9Y-Anwender mit Last wahrscheinlich egal.\nNebenbei kann man Content-Negotiated-Language im Apache (und vielen anderen Webservern) im Fast-Path erledigen lassen und mit den Gedanken aus ModSecDownload (für Lighttpd) oder mod_auth_token (für Apache 2.x) kann man im Nachgang auch Leserechte auf Userbasis und eventuell auch Adminlinks für Redakteure mit statischen Dateien implementieren.\n","date":"2010-05-11T00:00:00Z","href":"https://blog.koehntopp.info/2010/05/11/statifizierung-fuer-s9y-eine-blaupause.html","tags":["blog","performance","s9y","lang_de"],"title":"Statifizierung für S9Y - eine Blaupause"},{"categories":null,"content":" SQL ist eine Abfragesprache, die als mathematischen Unterbau die Relationenalgebra hat. Was genau ist das?\nDa ist einmal der Begriff der \u0026ldquo;Algebra\u0026rdquo;. In der Wikipedia findet man die mathematische Definition der algebraischen Struktur, und sie ist, weil sie mathematischen Formalismen genügen muß, für den ungeübten ein wenig unhandlich zu lesen.\nDort steht aber nix anderes als \u0026lsquo;Wir haben eine Grundmenge A und einen definierten Satz von erlaubten Operationen auf A, und wir garantieren, das das Ergebnis jeder Operation wieder in A liegt.\u0026rsquo; Mehr nicht. Eine Algebra ist also eine Struktur, die Elemente enthält, mit denen man rechnen kann (etwa die natürlichen Zahlen), und Operationen, die definieren, was erlaubte Rechenoperationen sind (etwa die Addition). Wenn etwas eine Algebra ist, dann heißt das, daß man mit dem Ergebnis der Operation wieder in A landet, also mit dem Ergebnis weiter rechnen kann.\nDie natürlichen Zahlen und die Addition sind eine Algebra.\nDie natürlichen Zahlen und die Operationen Addition und Subtraktion sind keine Algebra, da 4 minus 6 (4 und 6 sind natürliche Zahlen) den Wert -2 ergibt und -2 ist keine natürliche Zahl - wir haben die Grundmenge verlassen.\nIn dem Wunsch, mit immer mehr mathematischen Operationen (Addition, Subtraktion, Multiplikation, Division, Potenzen, Wurzeln, \u0026hellip;) eine Algebra zu bekommen, hat die Mathematik sich von den natürlichen über die ganzen, die rationalen und schließlich die reellen Zahlen bis zu den komplexen Zahlen vorgearbeitet.\nDann ist da dieses andere Wort: Was genau ist eine Relation?\nWir kennen den mathematischen Begriff der Funktion.\nEine Funktion bildet eine oder mehrere Mengen zur Gänze oder zum Teil auf eine Ergebnismenge ab. Die Funktionsvorschrift sagt, wie das geht. Die Ergebnisse kann man aufmalen, und dann bekommt man den Graphen der Funktion. Und um uns zu verwirren, verwenden die Mathefuzzis Funktion, Funktionsvorschrift und den Graphen der Funktion umgangssprachlich gerne mal synonym.\nDie Mathematiker zum Beispiel malen Geraden als Funktion von den reellen Zahlen in die reellen Zahlen, verwenden die allgemeine Funktionsvorschrift \u0026ldquo;y = mx + n\u0026rdquo; (die Geradengleichung ) um die Gerade zu definieren und der Graph der Funktion sieht dann so aus:\nGraph der Funktion y=0.5x+2. Jedem x-Wert ist genau ein y-Wert zugeordnet.\nEine Funktion liefert für einen Eingangswert genau ein Ergebnis. Für den Wert x=0 bekommen wir aus der oben aufgezeichneten Beispielfunktion den einen Wert y=2 heraus und so weiter.\nEine Relation liefert statt einzelner Werte Teilmengen der Ergebnismenge. Zeichnete man statt der Funktion y = 0.5x + 2 die Relation y \u0026gt; 0.5x + 2, dann würde man statt einer Geraden wie oben im Beispiel die Fläche über der Geraden bekommen: Die Relation \u0026lsquo;größer als\u0026rsquo; liefert uns in diesem Zusammenhang nicht einen einzelnen Wert, sondern alle Werte, die für den gegebenen x-Wert größer als 0.5*x + 2 sind.\nGraph der Relation y\u0026gt;0.5x+2. Einem x-Wert ist eine Menge von y-Werten zugeordnet. Diese Menge von y-Werten ist eine Teilmenge der Grundmenge.\nDas ist genug Mathematik. Wir wollen Informatik machen.\nDas bedeutet als erstes einmal: Weg mit den doofen Unendlichkeiten. Komplexe, reelle, rationale, ja sogar natürliche Zahlen - das ist alles unendliches, nicht anfaßbares Gekasper von irgendwelchen Mathespinnern. Wir wollen Werte, die man anfassen und mit dem Debugger im Speicher sehen kann. Informatik macht Diskrete Mathematik , alles schön endlich. Da kann man eine Funktion dann auch schon mal als Wertetabelle statt als Rechenvorschrift definieren.\nUnd so landen wir bei den Tabellen.\nGrundmenge der Relationenalgebra: Tabellen Tabellen bestehen aus Zeilen. Eine Zeile kann eine bestimmte Menge von Werten enthalten, aber bei einer Tabelle enthält jede Zeile gleich viele Werte. In der Mathematik nennt man ein Konstrukt mit n Werten ein \u0026ldquo;n-Tupel\u0026rdquo; und schreibt es mit runden Klammern, also (3, 4, 5) für das 3-Tupel mit den Werten 3, 4 und 5.\nIn der Informatik gibt es zwei Lager von Leuten. Die einen wollen die Grundmengen von Dingen immer überall vorher festgelegt haben, also statische Typen. Die anderen wollen an jedem Wert dranstehen haben, aus welcher Grundmenge er stammt, also dynamische Typen. Die meisten SQL-Datenbanken wollen statische Typen, verlangen also nicht nur, daß eine Tabelle als \u0026ldquo;Hat 3 Spalten\u0026rdquo; definiert wird, sondern daß für jede Spalte auch ein Typ festlegt wird: (int, char(20), double) wäre eine solche Festlegung. Von allen SQL-Datenbanken, die ich kenne, ist nur Sqlite dynamisch getypt.\nEine Algebra, wir erinnern uns, ist eine Grundmenge und ein Haufen Operationen, und mit den Ergebnissen der Operationen wollen wir weiter rechnen können - sie müssen also wieder in der Grundmenge liegen.\n5 Operationen der Relationenalgebra: Selektion, Projektion, Kreuzprodukt, Umbenennung und Aggregation Die Elemente unserer Algebra sollen Tabellen sein, also Mengen von Tupeln: { (1, 2, 3), (3, 4, 5), (\u0026ldquo;keks\u0026rdquo;, \u0026ldquo;cookie\u0026rdquo;, \u0026ldquo;kex\u0026rdquo;)} zum Beispiel. Auf dieser Menge definieren wir nun einen Haufen Operationen. Fünf, um genau zu sein.\nroot@localhost [kris]\u0026gt; create table a ( -\u0026gt; aid integer unsigned not null -\u0026gt;) engine = innodb; Query OK, 0 rows affected (0.16 sec) root@localhost [kris]\u0026gt; insert into a (aid) values (1), (2), (3); Query OK, 3 rows affected (0.01 sec) Records: 3 Duplicates: 0 Warnings: 0 root@localhost [kris]\u0026gt; create table b ( -\u0026gt; bid integer unsigned not null -\u0026gt; ) engine = innodb; Query OK, 0 rows affected (0.05 sec) root@localhost [kris]\u0026gt; insert into b (bid) values (1), (2); Query OK, 2 rows affected (0.00 sec) Records: 2 Duplicates: 0 Warnings: 0 Operation 1: Selektion, Operation 2: Projektion. Auswahl von Zeilen und Spalten.\nDie erste Operation ist die Selektion. Aus allen Zeilen einer Tabelle wählt die Selektion genau die Tupel aus, für die die angegebene Bedingung, das angegebene Prädikat, wahr ist.\nroot@localhost [kris]\u0026gt; select aid from a where aid \u0026gt;= 2; +-----+ | aid | +-----+ | 2 | | 3 | +-----+ 2 rows in set (0.00 sec) Wir haben eine Relation: Die Ergebnismenge ist eine Teilmenge der Ausgangsmenge und kann aus mehr als einem Tupel bestehen. Wir haben auch eine Algebra, jedenfalls hinsichtlich der Selektion: Es wird eine Tabelle zurück geliefert.\nDie zweite Operation ist die Projektion. Aus allen Tupeln der Tabelle werden neue Tupel berechnet. Die Abbildung kann die Identität sein (\u0026ldquo;select spaltenname \u0026hellip;\u0026rdquo;) oder das Ergebnis einer komplizierteren Funktion sein, die ein oder mehr Stellen aus dem alten Tupel als Eingabeparameter nimmt (\u0026ldquo;select a+b \u0026hellip;\u0026rdquo;).\nroot@localhost [kris]\u0026gt; select aid, aid*1.19 from a; +-----+----------+ | aid | aid*1.19 | +-----+----------+ | 1 | 1.19 | | 2 | 2.38 | | 3 | 3.57 | +-----+----------+ 3 rows in set (0.00 sec) Operation 3: Der Join (Das Kreuzprodukt).\nDie dritte Operation ist der Join oder das Kreuzprodukt. Es verknüpft zwei Tabellen so, daß jede Zeile aus der ersten Tabelle mit jeder Zeile aus der zweiten Tabelle kombiniert wird.\nroot@localhost [kris]\u0026gt; select aid, bid from a, b; +-----+-----+ | aid | bid | +-----+-----+ | 1 | 1 | | 1 | 2 | | 2 | 1 | | 2 | 2 | | 3 | 1 | | 3 | 2 | +-----+-----+ 6 rows in set (0.00 sec) Zusammen mit der Selektion kann man so Tabellen sinnvoll miteinander verknüpfen (select * from c, d where c.cid = d.cid), und mit ein wenig Evolution landet man dann bei der Schlüsselwort-Schreibweise von Joins (seit 1992 üblich): select * from c join d on c.cid = d.cid. Diese Schreibweise macht Join-Bedingungen (ON-Clause) von einschränkenden Prädikaten (WHERE-Clause) unterscheidbar und ist die empfohlene Schreibweise für Joins.\nOperation 4: Rename. Nützlich vor allen Dingen mit Self-Joins in Bäumen und Hierarchien.\nDie vierte Operation ist der Rename mit dem Schlüsselwort AS. Man kann Tabellen und Spalten umbenennen. Die Rename-Operation erscheint sinnlos, ist aber zwingend notwendig, damit man selbstreferentielle Strukturen wie Bäume und Hierarchien abbilden kann.\nroot@localhost [kris]\u0026gt; create table emp ( -\u0026gt; empid integer unsigned not null, -\u0026gt; bossid integer unsigned null -\u0026gt; ) engine = innodb; Query OK, 0 rows affected (0.06 sec) root@localhost [kris]\u0026gt; insert into emp -\u0026gt; values -\u0026gt; ( 1, NULL), -\u0026gt; (2, 1), (3,1), -\u0026gt; (4, 2), (5, 2), (6, 2); Query OK, 6 rows affected (0.00 sec) Records: 6 Duplicates: 0 Warnings: 0 root@localhost [kris]\u0026gt; select * from emp join emp on emp.bossid = emp.empid; ERROR 1066 (42000): Not unique table/alias: \u0026#39;emp\u0026#39; root@localhost [kris]\u0026gt; select -\u0026gt; emp.empid as mitarbeiter, -\u0026gt; \u0026#34; hat den Boss \u0026#34;, -\u0026gt; boss.empid as boss -\u0026gt; from -\u0026gt; emp as boss join emp on emp.bossid = boss.empid; +-------------+----------------+------+ | mitarbeiter | hat den Boss | boss | +-------------+----------------+------+ | 2 | hat den Boss | 1 | | 3 | hat den Boss | 1 | | 4 | hat den Boss | 2 | | 5 | hat den Boss | 2 | | 6 | hat den Boss | 2 | +-------------+----------------+------+ 5 rows in set (0.34 sec) Operation 5: Aggregation.\nUnd schließlich gibt es noch die Aggregation. Bei einem Aggregat hat man ein Tupel mit n Stellen, zum Beispiel 2 Stellen und vertrachtet bei Vergleichen nur eine Stelle, etwa die erste, um das Ergebnis in Gruppen einzuteilen. Nehmen wir zum Beispiel noch einmal unsere Mitarbeiterliste mit Bossen und Mitarbeitern:\nroot@localhost [kris]\u0026gt; select bossid, empid from emp; +--------+-------+ | bossid | empid | +--------+-------+ | NULL | 1 | | 1 | 2 | | 1 | 3 | | 2 | 4 | | 2 | 5 | | 2 | 6 | +--------+-------+ 6 rows in set (0.00 sec) Hier haben wir einen Haufen 2-Tupel. Betrachten wir nur die erste Spalte, dann haben wir eine Gruppe von Mitarbeitern, die dem Boss 1 unterstellt sind, und eine Gruppe von Mitarbeitern, die dem Boss 2 unterstellt sind. In SQL:\nroot@localhost [kris]\u0026gt; select -\u0026gt; emp.bossid, -\u0026gt; count(*), -\u0026gt; group_concat(emp.empid) as mitarbeiter -\u0026gt; from -\u0026gt; emp -\u0026gt; group by -\u0026gt; emp.bossid; +--------+----------+-------------+ | bossid | count(*) | mitarbeiter | +--------+----------+-------------+ | NULL | 1 | 1 | | 1 | 2 | 2,3 | | 2 | 3 | 4,5,6 | +--------+----------+-------------+ 3 rows in set (0.00 sec) GROUP BY macht genau diese Aggregation - das Einteilen in Gruppen. In einer Query mit GROUP BY dürfen wir vorne im SELECT-Teil nur Spalten erwähnen, die auch im GROUP BY-Teil genannt sind, und Aggregatfunktionen. COUNT ist so eine Aggregatfunktion - sie sagt uns, wie viele Elemente denn in der Gruppe (1, *) sind und wie viele in der Gruppe (2, *). GROUP_CONCAT ist eine weitere Funktion. Sie nimmt die Elemente der Gruppe und macht eine Komma-Liste daraus.\nDamit haben wir eine Algebra mit einer Grundmenge (Tupelmengen, also Tabellen) und fünf einfachen Operationen, die Tabellen in andere Tabellen umwandeln.\nAlgebra bedeutet: weiterrechnen zu können Da das ganze eine Algebra ist, heißt das: Wir können mit den Ergebnissen einer Operation weiter Rechnen, also errechnete Tabellen in SQL-Statements einsetzen. Dieser Mechanismus heißt in SQL Subquery: Wir können an jeder Stelle eines SELECT-Statements an der Stelle von Werten oder Tabellen eine weitere SELECT-Query einsetzen. Wenn ein einzelner Wert verlangt wird, muß das eingesetzte SELECT ein skalares SELECT sein, also eine 1x1-Tabelle zurück liefern.\nEin einfaches Beispiel:\nroot@localhost [kris]\u0026gt; select sum(bid) from b; +----------+ | sum(bid) | +----------+ | 3 | +----------+ 1 row in set (0.00 sec) root@localhost [kris]\u0026gt; select aid, ( -\u0026gt; select sum(bid) from b ) as bsum -\u0026gt; from a; +-----+------+ | aid | bsum | +-----+------+ | 1 | 3 | | 2 | 3 | | 3 | 3 | +-----+------+ 3 rows in set (0.03 sec) Hier ist als Teil der SELECT-Clause statt einer Konstanten oder eines Spaltennamen ein skalares SELECT eingesetzt worden. Die Spalte bsum ist das Ergebnis der Abfrage \u0026ldquo;select sum(bid) from b\u0026rdquo; und wird dort eingesetzt.\nAuch in der FROM-Clause eines SELECT kann man SELECT-Statements einsetzen. Diese Query zum Beispiel listet zu jedem Schema auf, wie viele Zeilen die größte Tabelle in diesem Schema hat:\nroot@localhost [test_world]\u0026gt; select -\u0026gt; table_schema, -\u0026gt; max(table_rows) -\u0026gt; from -\u0026gt; information_schema.tables -\u0026gt; group by -\u0026gt; table_schema; +--------------------+-----------------+ | table_schema | max(table_rows) | +--------------------+-----------------+ | geodb | 459015 | | information_schema | NULL | | kris | 6 | | mysql | 986 | | test | 12 | | test_tablesizes | 79 | | test_world | 4079 | +--------------------+-----------------+ 7 rows in set (3.92 sec) Wenn wir nun den Namen der Tabelle ermitteln wollen, die in diesem Schema die meisten Zeilen hat, dann geht das unter anderem so:\nroot@localhost [test_world]\u0026gt; create table tables as -\u0026gt; select * from information_schema.tables; Query OK, 93 rows affected (1.12 sec) Records: 93 Duplicates: 0 Warnings: 0 root@localhost [test_world]\u0026gt; select -\u0026gt; m.table_schema, -\u0026gt; t.table_name, -\u0026gt; m.maxrows -\u0026gt; from -\u0026gt; tables as t join -\u0026gt; (select table_schema, max(table_rows) as maxrows -\u0026gt; from tables group by table_schema ) as m -\u0026gt; on t.table_rows = m.maxrows; +-----------------+----------------+---------+ | table_schema | table_name | maxrows | +-----------------+----------------+---------+ | geodb | geodb_textdata | 466518 | | kris | emp | 6 | | mysql | help_relation | 986 | | test | h | 12 | | kris | p | 6 | | test | t | 12 | | test_tablesizes | sizes | 79 | | test_world | City | 4079 | +-----------------+----------------+---------+ 8 rows in set (0.00 sec) In einem ersten Schritt machen wir hier einen Snapshot von information_schema.tables. Das ist nicht nur schneller, sondern es bewirkt auch, daß wir statische Daten bekommen. Dadurch haben zwei aufeinander folgende Anfragen an die Tabelle auch identische Werte - das ist bei information_schema sonst nicht zwingend gegeben.\nDie zweite Query setzt die Tabelle aus dem ersten Beispiel in der FROM-Clause ein und joined sie gegen unseren information_schema Snapshot. Wir fragen nun nach dem Schema und dem Namen der Tabelle, die dieselbe Größe hat, wie das in der Subquery ermittelte Maximum. Es gibt viele Wege, um dieses Problem \u0026lsquo;Finde das gruppenweise Maximum\u0026rsquo; zu lösen - Jan Kneschke hat eine Übersicht.\nAuch in einer WHERE-Clause können wir eine Subquery einbauen. Gemäß dem Beispiel von Jan:\nroot@localhost [test_world]\u0026gt; select -\u0026gt; t.table_schema, -\u0026gt; t.table_name, -\u0026gt; t.table_rows -\u0026gt; from -\u0026gt; tables as t -\u0026gt; where -\u0026gt; t.table_rows = ( -\u0026gt; select max(table_rows) as maxrows -\u0026gt; from tables as m -\u0026gt; where -\u0026gt; t.table_schema = m.table_schema -\u0026gt; ); +-----------------+----------------+------------+ | table_schema | table_name | table_rows | +-----------------+----------------+------------+ | geodb | geodb_textdata | 466518 | | kris | emp | 6 | | mysql | help_relation | 986 | | test | h | 12 | | test | t | 12 | | test_tablesizes | sizes | 79 | | test_world | City | 4079 | +-----------------+----------------+------------+ 7 rows in set (0.00 sec) Das liest sich als: Liste mir alle Tabellen mit ihrer Größe, bei denen die Größe der maximalen Größe der Tabelle entspricht, die im selben Schema ist wie die aktuelle Tabelle.\nWeitere Anwendungsfälle von Subqueries finden sich im Beispiel von Jan und im Handbuch - mir geht es hier in erster Linie darum zu zeigen, wie die Algebra-Eigenschaft von SQL das Weiterrechnen mit den Ergebnissen erlaubt.\nTupel als Datentyp Tabellen sind Mengen von Tupeln, und Tupel sind ein Datentyp in SQL, mit dem man arbeiten kann. Mit der Tabelle\nroot@localhost [kris]\u0026gt; select * from t; +------+-------+------+ | a | b | c | +------+-------+------+ | eins | one | 1 | | zwei | two | 2 | | drei | three | 3 | | 1 | eins | one | +------+-------+------+ 4 rows in set (0.00 sec) läßt sich die einfache Anfrage\nroot@localhost [kris]\u0026gt; select a,b,c from t where a = \u0026#39;eins\u0026#39; and b = \u0026#39;one\u0026#39;; +------+------+------+ | a | b | c | +------+------+------+ | eins | one | 1 | +------+------+------+ 1 row in set (0.00 sec) auch so schreiben:\nroot@localhost [kris]\u0026gt; select a,b,c from t where (a,b) = (\u0026#39;eins\u0026#39;,\u0026#39;one\u0026#39;); +------+------+------+ | a | b | c | +------+------+------+ | eins | one | 1 | +------+------+------+ 1 row in set (0.00 sec) Erweitert kann man auch nach mehr als einem Wert fragen:\nroot@localhost [kris]\u0026gt; select * from t where (a,b) in ((\u0026#39;eins\u0026#39;,\u0026#39;one\u0026#39;), (\u0026#39;zwei\u0026#39;, \u0026#39;two\u0026#39;)); +------+------+------+ | a | b | c | +------+------+------+ | eins | one | 1 | | zwei | two | 2 | +------+------+------+ 2 rows in set (0.00 sec) Manchmal will man nach einem Wert in irgendeiner Spalte suchen:\nroot@localhost [kris]\u0026gt; select a,b,c from t -\u0026gt; where \u0026#39;eins\u0026#39; in (a,b,c); +------+------+------+ | a | b | c | +------+------+------+ | eins | one | 1 | | 1 | eins | one | +------+------+------+ 2 rows in set (0.00 sec) ist \u0026ldquo;Finde mir alle Zeilen, in denen in einer Spalte der Wert \u0026rsquo;eins\u0026rsquo; vorkommt.\u0026rdquo;. Auch das geht mit Tupeln. In diesem Fall will ich, daß \u0026rsquo;eins\u0026rsquo; und \u0026lsquo;one\u0026rsquo; in benachbarten Spalten vorkommen:\nroot@localhost [kris]\u0026gt; select a,b,c from t -\u0026gt; where (\u0026#39;eins\u0026#39;,\u0026#39;one\u0026#39;) in ((a,b),(b,c)); +------+------+------+ | a | b | c | +------+------+------+ | eins | one | 1 | | 1 | eins | one | +------+------+------+ 2 rows in set (0.00 sec) Leider ist MySQL nicht ganz konsequent mit der Umsetzung von Tupeln als Datentyp: Man kann den Aufruf einer Stored Procedure (\u0026lsquo;CALL blah()\u0026rsquo;) nicht in einer Subquery verwenden.\nAbfragesprachen, die keine Algebra sind Viele Abfragesprachen existieren, die keine Algebra sind, bei denen also die Ergebnisse nicht von der Art sind, daß man mit ihnen weiter rechnen könnte.\nEin klassisches Beispiel ist LDAP: LDAP definiert Operationen auf einem Baum, dem LDAP-Baum. Das Ergebnis einer LDAP-Query ist jedoch kein Teilbaum, sondern eine Knotenmenge. Diese kann mit LDAP-Operationen nicht weiter verfeinert oder verarbeitet werden. Das Ergebnis: LDAP-Server sind zwar sehr schnell und können zum Teil hunderttausende von Anfragen pro Sekunde verarbeiten. Aber Dinge, die man in SQL mit einer Query erledigen könnte brauchen in LDAP dann auch hunderttausende von Anfragen.\nEin weiteres klassisches Beispiel: XPath. XPath definiert ebenfalls einen Baum als Datentyp und Operationen darauf. Das Ergebnis einer XPath-Query ist jedoch ein Nodeset, kein Baum, kann also mit XPath auch nicht weiter verarbeitet werden (aber XSLT ist sowieso so angelegt, daß der Zugriff auf Ergebnisse zur Weiterverarbeitung mindestens stark erschwert wird, wenn nicht sogar unmöglich gemacht wird).\nIn beiden Fällen schränkt sich die Abfragesprache in ihren Möglichkeiten stark ein und erfordert dann mehr Code (und mehr Kommunikation, und damit mehr Latenz) in der Hostsprache, in der sie eingebettet ist.\n","date":"2010-04-28T00:00:00Z","href":"https://blog.koehntopp.info/2010/04/28/was-bedeutet-eigentlich-relationale-algebra.html","tags":["mysql","sql","sqlite","lang_de"],"title":"Was bedeutet eigentlich 'Relationale Algebra'?"},{"categories":null,"content":"Hier ist noch ein dreckiges kleines MySQL-Problem. Matthias Fiedler fragt:\nIch möchte in einer Tabelle bestimmte Werte bzw. Datensätze ändern. Das läuft in einer Schleife und ich möchte mitzählen, wie viele Datensätze wirklich geändert wurden….\nWenn ich nur Update benutze und der Datensatz in der Tabelle ist identisch mit dem neuen, dann wird kein Update ausgeführt. Somit kann ich hier mit mysql_affected_rows() die Menge zählen. Das hat aber einen Nachteil: Manche Datensätze sind ja noch gar nicht in der Tabelle. Da geht ja dann auch kein Update.\nAlso müsste ich erst mal per Select prüfen, ob ein Datensatz da ist und dann entscheiden, ob ich den per Update ersetze oder per Insert neu einstelle oder gar nichts mache. Dann ist zwar das zählen wieder simpel, weil man gar keine sql Funktion dazu mehr braucht. Aber ich muß immer erst ein Select ausführen.\nEin Replace oder ein ON DUPLICATE KEY UPDATE machen das halt in einem. Wie kann ich nun alle 3 Varianten (also Update, Insert, oder nichts) mit einem mysql Befehl abarbeiten und auch noch mitzählen?\nDas geht so:\nLege eine Beispieltabelle an und fülle sie mit Beispielwerten:\nroot@localhost [kris]\u0026gt; create table t ( id integer unsigned not null primary key, d integer unsigned not null ) engine = innodb; Query OK, 0 rows affected (0.16 sec) root@localhost [kris]\u0026gt; insert into t values ( 1, 1), (2,2), (3,3); Query OK, 3 rows affected (0.00 sec) Records: 3 Duplicates: 0 Warnings: 0 Jetzt initialisiere einen Zähle als Connection-Variable:\nroot@localhost [kris]\u0026gt; set @x = 0; Query OK, 0 rows affected (0.00 sec) Hier kommt dann die Magie: Wir zählen den Zähler in einer Update-Clause eines INSERT ON DUPLICATE KEY UPDATE mit hoch. Da wir den eigentlichen Zählerwert im Statement selber nicht brauchen, multiplizieren wir ihn mit 0 und addieren ihn dann irgendwo zu (irgendwas plus 0 ist halt irgendwas - neutrales Element der Addition).\nroot@localhost [kris]\u0026gt; insert into t values (4,4), (2,1), (3, 1) -\u0026gt; on duplicate key update -\u0026gt; d= values (d) + 0* ( @x := @x +1 ); Query OK, 5 rows affected (0.00 sec) Records: 3 Duplicates: 2 Warnings: 0 Kleine Gegenkontrolle: Wie viele UPDATE-Zweige haben wir betreten?\nroot@localhost [kris]\u0026gt; select @x; +------+ | @x | +------+ | 2 | +------+ 1 row in set (0.00 sec) root@localhost [kris]\u0026gt; select * from t; +----+---+ | id | d | +----+---+ | 1 | 1 | | 2 | 1 | | 3 | 1 | | 4 | 4 | +----+---+ 4 rows in set (0.00 sec) Wir sollten mit values(id) und einem concat() sogar eine Liste der Primärschlüssel bekommen können, die wir angefaßt haben.\nroot@localhost [kris]\u0026gt; set @id = \u0026#34;\u0026#34;; Query OK, 0 rows affected (0.00 sec) root@localhost [kris]\u0026gt; set @x = 0; Query OK, 0 rows affected (0.00 sec) root@localhost [kris]\u0026gt; insert into t -\u0026gt; values (4,4), (2,1), (3, 1) -\u0026gt; on duplicate key update -\u0026gt; d= values (d) + 0 * ( @x := @x +1 ), -\u0026gt; id = concat(values(id), -\u0026gt; substring(@id := concat(@id, \u0026#34;,\u0026#34;, values(id)) , 1, 0)); Query OK, 5 rows affected (0.00 sec) Records: 3 Duplicates: 2 Warnings: 0 Und wirklich:\nroot@localhost [kris]\u0026gt; select @x, @id; +------+------+ | @x | @id | +------+------+ | 2 | ,2,3 | +------+------+ 1 row in set (0.00 sec) Und falls einer von Euch jetzt einwirft \u0026ldquo;Ich wußte nicht, daß man das machen kann\u0026rdquo;: Ich auch nicht. Und machen SOLLTE man das wahrscheinlich auch nicht.\nNachtrag: Ich habe diesen Aufschrieb dann mal an eine Kollegin gesendet. Liz meinte dazu:\nIndeed, intriguing…. Now for you at home: what where the values previous to the update, associated with the PK\u0026rsquo;s updated? If we can reliably solve that, then we could actually get rid of a lot of selects on the master database.\nFür ausreichend kleine Werte von Reliable kann man mit einer noch dreckigeren Lösung nachsetzen:\nset @counter = 0; set @_id = \u0026#34;\u0026#34;; set @_d = \u0026#34;\u0026#34;; delete from t; insert into t values (1,10), (2,20), (3,30); insert into t values (4,4), (2,1), (3, 1) on duplicate key update d= values (d) + 0* ( @counter := @counter +1 ) + 0* ( @_d := concat(@_d, \u0026#34;,\u0026#34;, coalesce(d, \u0026#34;\u0026#34;))), id = concat(values(id), substring(@_id := concat(@_id, \u0026#34;,\u0026#34;, values(id)) , 1, 0)); select @counter, @_id, @_d; Und das druckt:\nroot@localhost [kris]\u0026gt; select @counter, @_id, @_d; +----------+------+--------+ | @counter | @_id | @_d | +----------+------+--------+ | 2 | ,2,3 | ,20,30 | +----------+------+--------+ 1 row in set (0.00 sec) ","date":"2010-04-21T00:00:00Z","href":"https://blog.koehntopp.info/2010/04/21/z-hlen-von-aktionen.html","tags":["mysql","lang_de"],"title":"Zählen von Aktionen"},{"categories":null,"content":"On 2010-04-06 12:26:49 +0200, Egon Schmid said:\nIch hab eine 60 MB grosse SQL-Datei von der OpenGeoDB (-\u0026gt;http://fa-technik.adfc.de/code/opengeodb/) runtergeladen, wo sämtliche Informationen der Deutschlandkarte vorhanden sind, und werde es damit mal testen.Das Ausführen der INSERTs dauert allerdings einige Stunden :) Es läuft derzeit immer noch\u0026hellip;\nInnoDB, AUTOCOMMIT = 1. Vor dem source von DE.sql ein BEGIN WORK machen, danach ein COMMIT. Dann geht es sehr viel schneller.\nMit diesen Daten und einem Beispielort kann man experimentieren.\nroot@localhost [geodb]\u0026gt; select td.loc_id, td.text_val, tn.name from geodb_textdata as td join geodb_type_names as tn on td.text_type = tn.type_id where td.text_val = \u0026#39;Kiel\u0026#39; and tn.name = \u0026#39;Name\u0026#39;; +--------+----------+------+ | loc_id | text_val | name | +--------+----------+------+ | 469 | Kiel | Name | | 19236 | Kiel | Name | +--------+----------+------+ 2 rows in set (0.00 sec) Zum Beispiel finden wir mal alles, was um den Beispielort herum liegt:\nroot@localhost [geodb]\u0026gt; explain select co.loc_id, td.text_val from geodb_coordinates as co join geodb_textdata as td on co.loc_id = td.loc_id join geodb_type_names as tn on td.text_type = tn.type_id where lat = 54.3333 and lon = 10.1333 and tn.name = \u0026#39;Name\u0026#39;\\G === 1. row === id: 1 select_type: SIMPLE table: co type: index_merge possible_keys: coord_loc_id_idx,coord_lon_idx,coord_lat_idx key: coord_lat_idx,coord_lon_idx key_len: 9,9 ref: NULL rows: 1 Extra: Using intersect(coord_lat_idx,coord_lon_idx); Using where === 2. row === id: 1 select_type: SIMPLE table: tn type: ref possible_keys: type_id,tid_tnames_idx,name_tnames_idx key: name_tnames_idx key_len: 767 ref: const rows: 1 Extra: Using where; Using index === 3. row === id: 1 select_type: SIMPLE table: td type: ref possible_keys: text_lid_idx,text_type_idx key: text_lid_idx key_len: 4 ref: geodb.co.loc_id rows: 2344 Extra: Using where 3 rows in set (0.00 sec) Wie man sieht wird ein index_merge (intersect) verwendet, wenn man mit festen Koordinaten arbeitet. Hier das Ergebnis:\nroot@localhost [geodb]\u0026gt; select co.loc_id, td.text_val from geodb_coordinates as co join geodb_textdata as td on co.loc_id = td.loc_id join geodb_type_names as tn on td.text_type = tn.type_id where lat = 54.3333 and lon = 10.1333 and tn.name = \u0026#39;Name\u0026#39;\\G === 1. row === loc_id: 469 text_val: Kiel === 2. row === loc_id: 19236 text_val: Kiel .... === 13. row === loc_id: 106031 text_val: Wik 13 rows in set (0.01 sec) Eine Umkreissuche (BETWEEN) sieht wesentlich schlechter aus - Axel Schwenke hat das ja bereits erläutert - der Index-Merge funktioniert derzeit nur bei Konstanten:\nroot@localhost [geodb]\u0026gt; explain select co.loc_id, td.text_val from geodb_coordinates as co join geodb_textdata as td on co.loc_id = td.loc_id join geodb_type_names as tn on td.text_type = tn.type_id where lat between 54.3 and 54.4 and lon between 10.1 and 10.2 and tn.name = \u0026#39;Name\u0026#39;\\G === 1. row === id: 1 select_type: SIMPLE table: tn type: ref possible_keys: type_id,tid_tnames_idx,name_tnames_idx key: name_tnames_idx key_len: 767 ref: const rows: 1 Extra: Using where; Using index === 2. row === id: 1 select_type: SIMPLE table: td type: ref possible_keys: text_lid_idx,text_type_idx key: text_type_idx key_len: 4 ref: geodb.tn.type_id rows: 2344 Extra: === 3. row === id: 1 select_type: SIMPLE table: co type: ref possible_keys: coord_loc_id_idx,coord_lon_idx,coord_lat_idx key: coord_loc_id_idx key_len: 4 ref: geodb.td.loc_id rows: 303 Extra: Using where 3 rows in set (0.00 sec) Hier die Laufzeit:\nroot@localhost [geodb]\u0026gt; select co.loc_id, td.text_val from geodb_coordinates as co join geodb_textdata as td on co.loc_id = td.loc_id join geodb_type_names as tn on td.text_type = tn.type_id where lat between 54.3 and 54.4 and lon between 10.1 and 10.2 and tn.name = \u0026#39;Name\u0026#39;\\G === 1. row === loc_id: 469 text_val: Kiel === 2. row === loc_id: 19236 text_val: Kiel .... === 30. row === loc_id: 106953 text_val: Rammsee 30 rows in set (0.50 sec) Wir können versuchen, mit einem RTREE dabei zu gehen. Dazu brauchen wir die Daten in MyISAM:\nroot@localhost [geodb]\u0026gt; create table co like geodb_coordinates; Query OK, 0 rows affected (0.18 sec) root@localhost [geodb]\u0026gt; alter table co engine = myisam; Query OK, 0 rows affected (0.18 sec) Records: 0 Duplicates: 0 Warnings: 0 root@localhost [geodb]\u0026gt; insert into co select * from geodb_coordinates; Query OK, 60645 rows affected (0.50 sec) Records: 60645 Duplicates: 0 Warnings: 0 Wir müssen außerdem eine Spalte latlon als POINT anlegen und einen SPATIAL index auf diesen Point setzen:\nroot@localhost [geodb]\u0026gt; alter table co add column latlon point not null, add spatial index (latlon); Query OK, 60645 rows affected (0.83 sec) Records: 60645 Duplicates: 0 Warnings: 0 Die lat und lon Daten müssen nach latlon konvertiert werden:\n-- 5.1.35 or later root@localhost [geodb]\u0026gt; update co set latlon = point(lat, lon); Query OK, 60645 rows affected (1.45 sec) Rows matched: 60645 Changed: 60645 Warnings: 0 -- older MySQL: update co -- set latlon = GeomFromText(concat(\u0026#39;Point(\u0026#39;, lat,\u0026#39;,\u0026#39;,lon))); Ein kleiner Test:\nroot@localhost [geodb]\u0026gt; select astext(latlon) from co limit 10; +------------------------------------------+ | astext(latlon) | +------------------------------------------+ | POINT(54.7833 9.43333) | | POINT(54.7833 9.43333) | | POINT(54.3333 10.1333) | | POINT(54.3333 10.1333) | | POINT(53.8667 10.7) | | POINT(53.8667 10.7) | | POINT(54.0667 9.98333) | | POINT(54.0667 9.98333) | | POINT(54.1474367521367 9.11139581196581) | | POINT(54.15 9.28333) | +------------------------------------------+ 10 rows in set (0.02 sec) Die Tabelle sieht jetzt so aus:\nroot@localhost [geodb]\u0026gt; show create table co\\G === 1. row === Table: co Create Table: CREATE TABLE `co` ( `loc_id` int(11) NOT NULL, `coord_type` int(11) NOT NULL, `lat` double DEFAULT NULL, `lon` double DEFAULT NULL, `coord_subtype` int(11) DEFAULT NULL, `valid_since` date DEFAULT NULL, `date_type_since` int(11) DEFAULT NULL, `valid_until` date NOT NULL, `date_type_until` int(11) NOT NULL, `latlon` point NOT NULL, KEY `coord_loc_id_idx` (`loc_id`), KEY `coord_lon_idx` (`lon`), KEY `coord_lat_idx` (`lat`), KEY `coord_type_idx` (`coord_type`), KEY `coord_stype_idx` (`coord_subtype`), KEY `coord_since_idx` (`valid_since`), KEY `coord_until_idx` (`valid_until`), SPATIAL KEY `latlon` (`latlon`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 1 row in set (0.00 sec) Wir definieren unseren Suchumkreis einmal als @poly Variable. Danach wird einiges einfacher:\nroot@localhost [geodb]\u0026gt; set @poly = \u0026#39;Polygon((54.3 10.1, 54.4 10.1, 54.4 10.2,54.3 10.2, 54.3 10.1 ))\u0026#39;; Query OK, 0 rows affected (0.00 sec) Wird unser SPATIAL Index denn auch verwendet? Wir testen:\nroot@localhost [geodb]\u0026gt; explain select co.loc_id from co where mbrcontains(geomfromtext(@poly), co.latlon)\\G === 1. row === id: 1 select_type: SIMPLE table: co type: range possible_keys: latlon key: latlon key_len: 34 ref: NULL rows: 11 Extra: Using where 1 row in set (0.00 sec) In der richtigen Suche müssen wir einen STRAIGHT_JOIN forcen, weil sonst die Join-Order und die Indexverwendung nicht stimmt:\nroot@localhost [geodb]\u0026gt; explain select straight_join co.loc_id, td.text_val from co as co join geodb_textdata as td on co.loc_id = td.loc_id join geodb_type_names as tn on td.text_type = tn.type_id where tn.name = \u0026#39;Name\u0026#39; and mbrcontains(geomfromtext(@poly), co.latlon)\\G === 1. row === id: 1 select_type: SIMPLE table: co type: range possible_keys: coord_loc_id_idx,latlon key: latlon key_len: 34 ref: NULL rows: 11 Extra: Using where === 2. row === id: 1 select_type: SIMPLE table: td type: ref possible_keys: text_lid_idx,text_type_idx key: text_lid_idx key_len: 4 ref: geodb.co.loc_id rows: 2344 Extra: === 3. row === id: 1 select_type: SIMPLE table: tn type: ref possible_keys: type_id,tid_tnames_idx,name_tnames_idx key: type_id key_len: 4 ref: geodb.td.text_type rows: 1 Extra: Using where 3 rows in set (0.00 sec) Und hier die Ausgabe:\nroot@localhost [geodb]\u0026gt; select straight_join co.loc_id, td.text_val from co as co join geodb_textdata as td on co.loc_id = td.loc_id join geodb_type_names as tn on td.text_type = tn.type_id where tn.name = \u0026#39;Name\u0026#39; and mbrcontains(geomfromtext(@poly), co.latlon)\\G === 1. row === loc_id: 18070 text_val: Heikendorf === 2. row === loc_id: 21024 text_val: Mönkeberg ... === 30. row === loc_id: 19236 text_val: Kiel 30 rows in set (0.00 sec) ","date":"2010-04-11T00:00:00Z","href":"https://blog.koehntopp.info/2010/04/11/spatial-indices.html","tags":["mysql","lang_de"],"title":"Spatial Indices"},{"categories":null,"content":"On 2010-04-08 13:40:57 +0200,\nKarsten Wutzke said :\ngibt es ein sinnvolles Maximum für die Anzahl von Elementen in einem ENUM?\nENUM hat in MySQL 5.1 einige Eigenschaften, die überraschend sind. Zum Beispiel\nroot@localhost [kris]\u0026gt; create table t (id integer unsigned not null primary key, e enum(\u0026#39;a\u0026#39;, \u0026#39;b\u0026#39;, \u0026#39;c\u0026#39;) not null ) engine = innodb; Query OK, 0 rows affected (0.21 sec) root@localhost [kris]\u0026gt; insert into t values (1, \u0026#39;\u0026#39;); Query OK, 1 row affected, 1 warning (0.00 sec) Warning (Code 1265): Data truncated for column \u0026#39;e\u0026#39; at row 1 root@localhost [kris]\u0026gt; insert into t values (2, \u0026#39;c\u0026#39;); Query OK, 1 row affected (0.00 sec) root@localhost [kris]\u0026gt; select id, e, hex(e), e+0 from t; +----+---+--------+-----+ | id | e | hex(e) | e+0 | +----+---+--------+-----+ | 1 | | | 0 | | 2 | c | 63 | 3 | +----+---+--------+-----+ 2 rows in set (0.00 sec) Obwohl t.e ein ENUM ist, das per Definition keinen Wert \u0026rsquo;\u0026rsquo; zuläßt, hat MySQL den Wert \u0026rsquo;\u0026rsquo; abspeichern können, wenn auch mit einer Warnung.\nBei der Kontrollausgabe sieht man bei der Konvertierung nach INTEGER, daß ein ENUM intern Zahl gespeichert wird, wobei dem ersten Wert die Zahl 1, dem nächsten die Zahl 2 und so weiter zugeordnet wird. Der Wert \u0026lsquo;\u0026rsquo;, intern als 0 repräsentiert (und von NULL verschieden) wird immer zugelassen und verwendet, um ungültige Werte (Werte, die nicht in der ENUM-Wertliste enthalten sind) abzubilden. \u0026rsquo;\u0026rsquo; ist nicht in der Wertliste enthalten und wird (wie jeder andere ungültige Wert auch) mit einer data truncation warning auf \u0026rsquo;\u0026rsquo; abgebildet.\nAbhilfe schaffte hier strict mode , etwa\nroot@localhost [kris]\u0026gt; set sql_mode = STRICT_ALL_TABLES; Query OK, 0 rows affected (0.00 sec) root@localhost [kris]\u0026gt; insert into t values (3, \u0026#39;\u0026#39;); ERROR 1265 (01000): Data truncated for column \u0026#39;e\u0026#39; at row 1 Die \u0026lsquo;data truncation warning\u0026rsquo; wird dann zum Error und läßt den INSERT scheitern. Das bringt andere Probleme mit sich, aber das ist eine andere Geschichte, die ein anderes Mal erzählt werden soll.\nDas ENUM wird intern als TINYINT oder SHORTINT repräsentiert, belegt also entweder einen oder zwei Bytes pro Wert und kann entsprechend maximal 64k Werte annehmen.\nIch meine mich daran zu erinnern, dass irgendjemand mal gesagt hat, dass ENUMs nur für eine eher geringe Anzahl von Elementen Sinn macht.\nDas Problem lag in der Vergangenheit eher bei der Kombination von Tabellengröße und Änderungshäufigkeit der Definition.\nEine Änderung der Wertemenge ist halt ein DDL-Statement, also ein ALTER TABLE und MySQL mußte bisher für das Ändern der ENUM-Definition die Tabelle umkopieren. Wird die Tabelle größer, kann das unangenehm lange dauern, da die Tabelle während des Umkopieren ein Lock hat, also nicht geschrieben werden kann.\nIn MySQL 5.1 und höher gilt jedoch\nIn most cases, ALTER TABLE works by making a temporary copy of the original table. The alteration is performed on the copy, and then the original table is deleted and the new one is renamed. [\u0026hellip;]In some cases, no temporary table is necessary:Alterations that modify only table metadata and not table data can be made immediately by altering the table\u0026rsquo;s .frm file and not touching table contents. The following changes are fast alterations that can be made this way: Renaming a column or index. Changing the default value of a column.\nChanging the definition of an ENUM or SET column by adding new enumeration or set members to the end of the list of valid member values. Die alten Bedenken gegen die Erweiterung eines ENUM- oder SET-Typen wegen lange dauernder ALTER TABLE-Statements gelten also NICHT mehr, vorausgesetzt es ist akzeptabel, daß neue Werte für den ENUM am Ende der ENUM-Liste angehängt werden können, also keine interne Umnummerierung notwendig ist.\n","date":"2010-04-09T00:00:00Z","href":"https://blog.koehntopp.info/2010/04/09/ber-enum-und-fast-alter-table.html","tags":["mysql","lang_de"],"title":"Über ENUM (und Fast Alter Table)"},{"categories":null,"content":"FDP und CSU streiten über Websperren . Und zwar auf hohem intellektuellen und sprachlichem Niveau. Das Wort des Tages heute also: \u0026ldquo;Scheinaktionsmus\u0026rdquo;. Weil: Was die Welt wirklich braucht ist echter Aktionsimus !\nUnterdessen fragt der CSU-Europaabgeordnete Manfred Weber wieso \u0026ldquo;die Löschung von Daten keine Zensur sei, aber das reine Sperren.\u0026rdquo;\nDas, lieber Herr Weber, fängt schon mal damit an, daß bei einer Löschung von Daten der jeweils Betroffene quasi zwangsläufig davon erfährt und dadurch dann auch die Möglichkeit hat, die ihm zustehenden Rechtsmittel einzulegen. Falls Ihnen rein hypothetisch einmal durch ein bedauerliches Versehen in einem Einzelfall etwa ein Wikileaks-Video mit auf die Kinderporno-Sperrliste geraten sollte. Falls die Löschung aber legitim ist, dann ist durch sie das betreffende Material an dieser Stelle für alle aus dem Netz geräumt und nicht nur für die Deutschen, die zufälligerweise gerade nicht Google DNS verwenden. In jedem Fall erzwingt die Löschung so die Einhaltung von Qualitätsstandards bei der Erstellung und Umsetzung von Löschlisten und ermöglicht weiterhin einen gesellschaftlichen Diskurs zu diesem wichtigen Thema, während eine Sperrung nur einen Mantel des Schweigens über ein Thema deckt, bei dem schon viel zu viel geschwiegen wird.\nDer innenpolitische Sprecher der Unionsfraktion, Hans-Peter Uhl (CSU), hatte Leutheusser-Schnarrenberger einen \u0026ldquo;Denkfehler\u0026rdquo; unterstellt, wenn sie die Wirkungsweise des Löschens in der realen Welt auf die virtuelle Welt des Internets übertrage. Im Unterschied zum Buch ließen sich im Internet Seiten mit rechtswidrigem Inhalt nicht einfach entfernen. \u0026ldquo;Denn das vermeintlich Gelöschte wird vorher auf Computer heruntergeladen und taucht später an vielen neuen Stellen wieder auf.\u0026rdquo;\nDas, lieber Herr Uhl, zwingt mich ihnen einen \u0026ldquo;Denkfehler\u0026rdquo; zu unterstellen. Wir sagen zwar umgangssprachlich \u0026lsquo;Der Inhalt wurde gesperrt\u0026rsquo;, aber was gesperrt wurde ist der Zugriff auf einen Ort, einen Hostnamen oder eine URL. Das heißt im Unterschied zu dem, was der Sprachgebrauch suggeriert, ist es bei einer Sperrung möglich, das vermeintlich Gesperrte vorher auf Computer herunterzuladen, und es taucht dann später an vielen neuen Stellen wieder auf. Zudem wirkt die Sperrung nicht auf den Inhalt selbst, sondern nur auf einen kleinen Teil der Rezipienten - die Inhalte sind also gar nicht wirklich für alle unzugänglich (nicht mal für viele). Und schließlich hinterläßt die Weise, wie sie die Formulierung \u0026lsquo;staatliche Unwerturteile\u0026rsquo; verwenden, bei mir einen komischen Beigeschmack. Ich wünschte, sie würden das anders formulieren.\n(Viele gute Gründe gegen Internet-Sperren )\n","date":"2010-04-06T00:00:00Z","href":"https://blog.koehntopp.info/2010/04/06/l-schen-statt-sperren.html","tags":["politik","zensur","lang_de"],"title":"Löschen statt Sperren"},{"categories":null,"content":"Warum zahlen wir in Deutschland Kirchensteuer und keinen Zehnt an die jeweilige Kirche direkt? Wieso ist an einigen Tagen Tanzverbot? Wieso verbietet das Bundesverfassungsgericht dem Land Berlin die Öffnung von Einkaufszentren an Sonntagen, hat aber mit Busfahrern, die Sonntags arbeiten müssen keine Probleme? Wieso meinen deutsche Bischöfe selbst entscheiden zu können, welche Fälle von Kindsmißbrauch den Staat angehen und welche die Kirche intern klärt?\nIm preisgekrönten USA erklärt stellt Scot heute die amerikanische Sicht auf die Dinge dar. Will man an die Quellen, schaut man sich Artikel 140 unseres Grundgesetzes an. Der ist recht kompliziert, denn er lautet im Volltext:\nDie Bestimmungen der Artikel 136, 137, 138, 139 und 141 der deutschen Verfassung vom 11. August 1919 sind Bestandteil dieses Grundgesetzes.\nMan hat also im Grundgesetz Teile der Weimarer Verfassung übernommen, zusammen mit dem Deutungskontext der damaligen Zeit - eine Verlegenheitslösung, die deswegen existiert, weil man sich in der vorhandenen Zeit nicht auf einen Kompromiß einigen konnte und es wichtiger war, überhaupt erst einmal eine Verfassung zu haben. Daher mutet das alles ein wenig wunderlich an.\nMehr Kontext bekommt man in Staatskirchenrecht , der erläutert:\nDas deutsche Staatskirchenrecht beruht, anders als etwa das bürgerliche Recht, nicht auf einem wissenschaftlich erarbeiteten, umfassenden Regelungskonzept. Es hat sich vielmehr in jahrhundertelanger Entwicklung gebildet und ist wie kaum eine andere Rechtsmaterie durch historische Ereignisse beeinflusst.\nund geht dann ungefähr bis Canossa , den Westfälischen Frieden , das Landesherrliche Kirchenregiment und den Kulturkampf zurück.\nDie Trennung von Kirche und Staat ist in Deutschland jedenfalls unvollkommen (\u0026lsquo;hinkend\u0026rsquo; \u0026ndash; Stutz, 1926) und wird von vielen Menschen als nicht mehr ihrer Lebenswirklichkeit entsprechend wahrgenommen.\nInsbesondere liegt dem Ganzen eine Idee zugrunde, die angesichts der aktuellen katholischen Kinderschändungskrise lächerlich erscheinen muß:\n»Wenn es [ \u0026hellip; ] nicht der Staat selber ist, der die Aufgabe der Sinnstiftung betreibt, er aber gleichwohl ein grundlegendes Interesse daran hat und haben muß, seinen Bürgern ein Wertgefüge, eine Lebensorientierung zu vemitteln, so versteht es sich fast von selbst, daß er, der Staat, kirchlicher und damit ja gewissermaßen staatsausgelagerter Sinnstiftung freundlich gesonnen ist und diese, wo er kann, fördert.«\nDieselbe Kirche, die hier als Wertgefüge und Lebensorientierung vermittelnd notwendig für den Staat gesehen wird, also als ultimate moralische Instanz gedacht wird, erscheint im Umgang mit ihren eigenen Folteropfern hilflos und vertuschend. Telepolis spießt diesen moralischen Bankrott in Ausstieg aus der gesamten moralischen Geschichte sauber auf.\nDie Gefährlichkeit dieses Institutionsversagen geht einem erst dann auf, wenn man Kirchenrecht verstanden hat:\nKirchenrecht ist das von Religionsgemeinschaften selbst gesetzte interne Recht. Entgegen dem Wortlaut betrifft das Kirchenrecht keineswegs nur Kirchen, sondern alle Religions- und Weltanschauungsgemeinschaften. Als Konsequenz von Religionsfreiheit und der Trennung von Staat und Kirche ist in Deutschland das Recht der Religionsgemeinschaften, innere Angelegenheiten selbst zu regeln, in der Verfassung, dem Grundgesetz, verankert (Art. 140 GG in Verbindung mit Art. 137 III WRV – kirchliches Selbstbestimmungsrecht). Hat die jeweilige Religionsgemeinschaft den Status einer Körperschaft des Öffentlichen Rechts (sog. Körperschaftsstatus), so ist ihr internes Kirchenrecht Öffentliches Recht. Dabei geht das deutsche Bundesverfassungsgericht in ständiger Rechtsprechung davon aus, die Rechtsetzungsbefugnis der Religionsgemeinschaften sei nicht vom Staat abgeleitet oder verliehen, sondern originär.\nDamit landen wir dann bei der Körperschaft Öffentlichen Rechts , einem Konstrukt, das es bestimmten Kirchen (jenen mit Körperschaftsstatus) erlaubt, eigenes Recht zu sprechen, geltendes Sozialrecht nicht anzuwenden, eigene Beamte einzusetzen und einige andere seltsame Dinge mehr zu tun, da auf eine seltsame Weise das Innere einer solchen Körperschaftskirche außerhalb der grundgesetzlichen und staatlichen Ordnung existiert.\nGrad bei der katholischen Kirche hat man da einige kognitive Dissonanzen: \u0026ldquo;Wir haben eine kirchliche Rechtsordnung \u0026rdquo; sagt der Hamburger Weihbischof Hans-Jochen Jaschke und \u0026ldquo;Die Kirche sei ein eigener Raum und man müsse zusammen mit den Opfern und Tätern entscheiden, wie die Staatsanwaltschaft ins Spiel kommt.\u0026rdquo;. Damit bezieht er sich auf genau diese staatliche Vakuum, das die Körperschaft Öffentlichen Rechts mit ihren eigenen Regularien füllen kann und soll, und das im Fall der katholischen Kirche in den letzten 70 Jahren so massiv und anhaltend versagt hat.\nDie hinter diesem letzten Artikel stehende Geisteshaltung und Rechtsauffassung ist überhaupt nur aus der Historie von Kirche und Staat in Deutschland in den letzten 1000 Jahren verständlich. Die meisten Deutschen haben weder diese Perspektive noch den Willen, diese Position einzinehmen - sie sind zu Recht empört, denn sie erwarten natürlich von einer Organisation, die sich teilweise außerhalb der garantierten Rechte des Grundgesetzes stellen kann und die auch im 2. Vatikanischen Konzil noch behauptet, die einzig seligmachende Heilslehre im Wortsinn zu vertreten, daß diese Organisation selbst in ihren eigenen Reihen für die Aufrechterhaltung der Mindeststandards sorgt, die in dem Staat gelten, in dem sie tätig ist, wenn sie nicht sogar darüber hinaus geht. Das tut die katholische Kirche in ihrer Reaktion auf die Aufdeckung der Massenmißbräuche in vielen Nationen der Erde nicht - sie reagiert stattdessen abwehrend, überheblich, verzögernd und kritikunfähig. Daß dies der Weg zu Seelenheil und einer besseren Welt ist glauben hoffentlich nicht einmal die Mitglieder dieses Vereins.\nOder man zieht die Konzequenzen und beschneidet die Körperschaften Öffentlichen Rechts so, daß sie zwar weiter Organisationsfreiheit haben können, aber nicht hinter den Stand des Grundgesetzes zurück fallen dürfen. Die katholische Kirche hat das ja anders herum auch gemacht, in GS 5 :\nAutoritäre Staatsmodelle stützt die Kirche nicht mehr, insbesondere dann nicht, wenn diese totalitäre Ideologien verbreiten.\nDadurch wollte man die Fehler der katholischen Kirche im Umgang mit dem Naziregime für die Zukunft verhindern.\n(Dieser Artikel ist eine Art Destillat von ca. 55 Firefox-Tabs, die im Laufe des letzten Monats angefallen sind, und ohne ein Lesen der Texte hinter jedem einzelnen Link wahrscheinlich nicht verständlich, da eine komplizierte Rechtsmaterie und etwa 1000 Jahre europäische Geschichte berührt werden. Außerdem bin ich kein Verfassungsrechtler, sondern nur ein interessierter Laie mit einem gesunden Rechtsempfinden und dem Wunsch zu verstehen wieso solcher Irrsinn in 2010 noch legal ist)\n","date":"2010-04-04T00:00:00Z","href":"https://blog.koehntopp.info/2010/04/04/staatskirchenrecht.html","tags":["kirche","politik","lang_de"],"title":"Staatskirchenrecht"},{"categories":null,"content":"In einem Blogartikel verweist Charles Stross auf das recht bald erscheinende The Laundry Rollenspiel (Chaosium Cthulhu-Regeln). Das Spiel ist in der Laundry-Welt angesiedelt, in der etwa auch The Atrocity Archives spielt, also in einer Welt, in der höhere Mathematik mit schwarzer Magie identisch ist und das Gewebe der Realität umdefinieren kann, und in der Verschwörungstheorien real werden, wenn nur genug Leute daran glauben - mit anderen Worten, man spielt im Hier und Jetzt\u0026hellip; :)\nDas Spiel erscheint im Juli 2010, also wahrscheinlich zusammen mit The Fuller Memorandum dem dritten Laundry Files Buch.\nPicture unrelated ","date":"2010-03-17T00:00:00Z","href":"https://blog.koehntopp.info/2010/03/17/the-laundry.html","tags":["media","roleplay","scifi","stross","lang_de"],"title":"The Laundry"},{"categories":null,"content":"Ich schreibe diesen Beitrag einmal provisorisch in meine Kategorie \u0026lsquo;Blog\u0026rsquo;, aber es könnte genau so gut auch in die Kategorie \u0026lsquo;Politik\u0026rsquo;, \u0026lsquo;Piraten\u0026rsquo;, in das Tag \u0026lsquo;privacy\u0026rsquo; oder in eine andere Klassifizierung passen.\nWas ich mit meinem Blog und allen meinen anderen Veröffentlichungen mache, ist eine Marke \u0026lsquo;Kristian Köhntopp \u0026rsquo; zu bauen. Es ist unvermeidlich, daß ich unter meinem Namen eine Datenspur in dieser Welt hinterlasse - ich brauche nicht anzutreten um zu versuchen, diese zu verstecken.\nWas ich aber tun kann ist zu versuchen, diese Spur zu ownen, also die Inhalte die eine Suche nach meinem Namen zu Tage fördert mehr oder weniger zu kontrollieren und das Image zu bestimmen, daß durch die Suche nach meinem Namen produziert wird. Das ist natürlich nichts anderes als klassisches Marketing auf mich als Privatperson und meinen Datenschatten übertragen. Damit wird natürlich jede Aktion von mir im Netz zu einer Publikation, die auf mein Image und meine Marke wirkt und sie entweder aufbaut, beschädigt oder verändert.\nIch denke auch, daß ist den Digital Natives unter uns klar und das ist ein gutes Teil dessen, was uns von den Digital Immigrants unterscheidet: Wir wissen das, wir haben das akzeptiert und wir leben das. Wir sind im netz zu gleichen Teilen Person, Projektion und Publikation - ein authentisches Gesamt-Kunstwerk.\nManchmal vergessen einige von uns das, und dann kommen Dinge wie dieser Artikel heraus. Man kann viel aus ihm lernen.\nJulia Seeliger war eine Politikerin bei den Grünen , die jetzt bei der taz arbeitet und in ihrem Blog und bei der Taz eine Menge Artikel über die Piratenpartei geschrieben hat. Dabei setzt sie sich teilweise sehr kritisch mit der Piratenpartei und Personen im Vorstand auseinander und legt den Finger mit der Erfahrung einiger Jahre politischer Arbeit in Wunden bei den Piraten, und das ist auch notwendig und gut so, denn es erzeugt den notwendigen Druck, den die Piratenpartei braucht, um erwachsen zu werden.\nDabei sind jedoch ein paar Sachen passiert und ich muß ein wenig ausholen, damit verständlich wird, was ich meine.\nDa ist einmal der Aspekt der Marke: Die taz ist eine, aber sie hat kein Gesicht, sondern sie ist recht abstrakt. Julia Seeliger ist eine recht bekannte Person, und durch ihren Wechsel zur taz hat sie offenbar unabsichtlich und ungewollt bei einer ganzen Reihe von Leuten der taz ein Gesicht gegeben. Sie identifizieren die Inhalte der taz mit ihrer Person oder projezieren Einstellungen der Person auf die politische Ausrichtung des Blattes. Julia Seeliger ist das bewußt, sie will das nicht und sie formuliert das so:\nIhr bescheuerten Pisser (und Wichserinnen), die mich ständig auf Twitter für jegliches, was die taz tut (vermutlich auch für den Diekmann-Schwanz, die Rudi-Dutschke-Straße und die tazze) verantwortlich machen\nDas hilft natürlich kein Stück, weder bei der Markenkommunikation noch bei der Lösung ihres Problems, aber es verdeutlicht die Situation.\nDer andere Aspekt ist die Sache mit dem Remote Strangulation Protocol . Julia Seeliger verliert nämlich die Nerven oder zumindest die Haltung:\nEs führt nämlich zu nichts. Seitdem ich im September 2009 den Artikel “Die Freiheit, die wir meinen” verfasste, sah ich mich einem Mob gegenüber, dem man auch nur mit Worten wie “geh kacken” “Halts Maul” etc entgegnen konnte.\nNun hat sie es hier aber mit einer offenen Community zu tun und nicht mit einer walled garden Community. Das bedeutet, es gibt keine Instanz und keine Methoden die Personen wirksam sanktionieren könnte, in irgendeiner Form falsches oder unangemessenes Verhalten zeigen. Jede Form von negativem Feedback - jede! - ist immer - immer! - im günstigsten Fall wirkungslos und schlimmstenfalls kontraproduktiv.\nEs ist nicht möglich, irgend jemandem aus einer offenen Community auszuschließen, seine Bemerkungen zu unterdrücken, ihn zurechtzuweisen, zu limitieren oder seine Reichweite zu begrenzen. Alle diese Methoden, die in Walled Gardens reichlich zur Verfügung stehen, sind im offenen Netz nicht vorhanden.\nDas heißt nicht, daß man eine Community im offenen Netz nicht führen oder nicht beeinflussen kann. Man kann es nur nicht mit negativem Feedback tun. Stattdessen muß man es fest, unbeirrbar, freundlich und mit positivem Feedback aufziehen.\nDie funktionierende Methode nimmt Kritiker und Kritik ernst, egal wie unbegründet oder unsachlich sie ist, trennt die emotionale Aufladung vom Sachinhalt ab, und beantwortet dann die Kritik in der Sache, notfalls auch wiederholt - ich habe die Grundidee in einem anderen Kontext einmal aufgeschrieben, aber die Grundsätze der Kommunikation sind im offenen Netz immer dieselben, egal ob es sich um Internet oder USENET oder um eine FAQ, eine Privatperson oder eine Firma handelt.\nWenn man sich klar macht, daß jede Flame immer eingescheiterter Kommunikationsversuch ist, dem Flamer also Kontext oder Ausbildung fehlt, dann ist fällt es leichter sich korrekt zu verhalten. Es ist dann nicht schwer, sich selbst so zu disziplinieren, daß man nicht zurück ätzt, sondern einfach versucht, den Kommunikationspartner nach oben zu ziehen. Man landet dann zwangsläufig bei einer Kommunikationsform, die nur noch positives Feedback verwendet.\nWenn man sich außerdem klar macht, daß alle diese Kommunikation im offenen Netz immer öffentlich ist, man also immer auch für Dritte etwas aufführt, dann wird auch klar, daß diese Art der Interaktion zwingend ist, weil man selbst so nicht nur mit einer zweiten Partei einen Kommunikationsblock abbaut, sondern weil man vor allen Dingen auch gegenüber Dritten eine Persona aufbaut, Professionalität im Angesicht von Widrigkeiten ausstrahlt und generell Überlegenheit und Authentizität produziert. Man überläßt es also dem Flamer, sich selbst zu disziplinieren. Das alles ist wichtiges Kapital für zukünftige Kommunikation.\nUnd das bringt mich zu dem Titel dieses Beitrages - denn ich kenne derzeit nur eine Firma, die das im Kern begriffen hat, und die beide Aspekte von Markenpersonalisierung und Kommunikation im offenen Netz erfolgreich miteinander verbunden hat. Und das ist genau 1\u0026amp;1 mit der Kampagne um den Kundenzufriedenheitsbeauftragten Marcel D\u0026rsquo;Avis - eine der spannendsten Marketing-Operationen der letzten 12 Monate, weil sie zeigt, daß erstmal eine deutsche Firma den Umgang mit der Kommunikation im offenen Netz erfolgreich gemeistert hat. Mein allerhöchster Respekt an die Leute, die es geplant und an die, die es umgesetzt haben!\n1\u0026amp;1 hat verstanden, daß sie als Firma im Internet eine Person als Ansprechpartner brauchen und daß das nicht ein Model a la Vanessa Hessler sein kann, sondern ein handfester Ansprechpartner sein muß. Und anders als Xing hat 1\u0026amp;1 auch ab dem Start begriffen, daß der Ansprechpartner authentisch sein muß . Also hat man dort eine Kampagne um den echten Teamleiter Kundenzufriedenheit herum gebaut und ihn mit Gesicht und Namen proaktiv positioniert.\nAnders als bei der taz ist das nicht aus Versehen und gegen den Willen der Person geschehen, mit dem Effekt, daß nach einiger Skepsis und einer ersten kurzen Welle Häme und Zweifeln die ganze Aktion ein echter Erfolg gewesen ist - wegen Authentizität, wegen Ernstnehmens der Kritiker, wegen strikter Freundlichkeit im Angesicht mißtrauisch-feindlicher Kommunikation.\nNachtrag: Oh, und \u0026lsquo;die Piratenpartei\u0026rsquo; hat mit ihrer offenen Kommunikation auch ein Markenproblem. Weil es halt für den unbeteiligten Dritten schlicht nicht kommunizierbar ist, daß es einen Unterschied gibt zwischen anonymen Kommentaren unbekannter Identität, Statements von einfachen Parteimitläufern wie mir und offiziellen Standpunkten der Partei. Der Unterschied zwischen dem Piratenforum und etwa einem FDP-Forum ist ja eher marginal, aber die FDP verkauft sich da (modulo Herrn Westerwelle) echt besser. Denn was Julia Seelier in Richtung der Piraten formuliert:\nKleine Unterrichtung zum taz-Selbstverständnis: Bei uns schreibt jede und jeder, was er/sie will. Bei uns gibt es keine “Order von oben”, was geschrieben wird – und auch ich bin nicht für das verantwortlich, was meine Kollegen schreiben. Und schon gar nicht bin ich die Piraten-Müllhalde für un-unkritische taz-Artikel.\ngilt ja auch andersherum, wird aber so nicht wahrgenommen - nicht einmal von Julia Seeliger selbst.\n","date":"2010-03-15T00:00:00Z","href":"https://blog.koehntopp.info/2010/03/15/persona-was-julia-seeliger-mit-marcel-d-avis-verbindet.html","tags":["piraten","blog","privacy","lang_de"],"title":"Persona - was Julia Seeliger mit Marcel D'Avis verbindet"},{"categories":null,"content":"Jeder Datenbankserver bei uns hat ein Script laufen, daß den Inhalt von information_schema.tables jede Nacht einmal in eine Systemdatenbank in das DBA Schema kopiert. Dort haben wir dba.table_sizes:\nroot@sysmdb [dba]\u0026gt; show create table table_sizes\\G Table: table_sizes Create Table: CREATE TABLE `table_sizes` ( `hostname` varchar(64) NOT NULL, `datadir` varchar(64) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL, `report_date` date NOT NULL, `table_schema` varchar(64) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL, `table_name` varchar(64) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL, `engine` varchar(64) NOT NULL, `data_length` bigint(20) NOT NULL, `index_length` bigint(20) NOT NULL, `table_rows` bigint(20) NOT NULL, UNIQUE KEY `hostname` (`hostname`,`datadir`,`report_date`,`table_schema`,`table_name`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 1 row in set (0.00 sec) Gesucht war nun eine Query, die für jeden Sonntag eine Liste der 10 größten Tabellen eines bestimmten Servers \u0026lsquo;master\u0026rsquo; für 2010 produziert.\nDie Lösung ist fragil insofern, als daß sie eine undokumentierte Eigenschaft des Servers ausnutzt. Aber sie ist auch schnell.\nset @old := \u0026#34;\u0026#34;, @count := 0; select \\* from ( select @count := if(@old \u0026lt;=\u0026gt; report_date, @count+1, 0) as c, @old := report_date as report_date, hostname, table_name, (data_length+index_length)/1024/1024/1024 as gb from table_sizes where date_format(report_date, \u0026#39;%W\u0026#39;) = \u0026#39;Sunday\u0026#39; and report_date \u0026gt; \u0026#39;2010-01-01\u0026#39; and hostname = \u0026#39;master\u0026#39; and datadir = \u0026#39;/mysql/bp/data/\u0026#39; and table_schema = \u0026#39;bp\u0026#39; order by report_date, gb desc ) as t where t.c \u0026lt; 10 ; Wir definieren einen Zustandsspeicher @old, der das report_date der folgenden Zeile speichert und einen Zähler @count. Sessionvariablen (die @-Variablen da) haben einen impliziten Typ, und @old verhält sich anders (falsch), wenn es mit 0 initalisiert wird.\nIm inneren SELECT zählen wir @count um eins hoch, wenn report_date sich nicht ändert, oder setzen es auf 0, wenn report_date sich geändert hat. Der \u0026lt;=\u0026gt;-Operator ist dabei failsafe gegenüber NULL-Werten. Danach, und das ist wichtig, aktualisieren wir @old mit dem aktuellen report_date, und danach geben wir die Werte aus, an denen wir interessiert sind. Die WHERE-Clause der inneren Query wählt dabei die Daten aus, an denen wir interessiert sind: Sonntage aus 2010, Daten vom Master, von der Instanz mit dem passenden datadir, und dort aus dem passenden Schema. Das sortieren wir dann.\nDie Ausgabe hat nun eine laufende Nummer c, die aus dem Hochzählen von @count resultiert. Dieser Zähler wird an report_date-Wechseln zurückgesetzt. Mit der äußeren Query schneiden wir nun alle Werte ab, bei denen der Zähler zu hoch ist.\nDie Query ist fragil, und ein übler Hack, da sie auf der internen Ausführungsreihenfolge des SQL-Statements basiert. Sie kann bei jedem Upgrade des Servers plötzlich fehlschlagen, weil sich Serverinterna ändern.\n","date":"2010-03-09T00:00:00Z","href":"https://blog.koehntopp.info/2010/03/09/gruppenweises-top-n-in-mysql-der-tabellengr-enreport.html","tags":["hack","mysql","sql","lang_de"],"title":"Gruppenweises TOP N in MySQL: Der Tabellengrößenreport"},{"categories":null,"content":"Auf Yourhelpcenter.de gibt es einen Artikel mit dem irreführenden Titel Update if exists else insert record , der sich mit INSERT ON DUPLICATE KEY UPDATE beschäftigt.\nDieses Kommando macht genau nicht das, was der Titel des Artikels suggeriert und wünschenswert wäre, sondern er macht genau das, was der SQL-Text des Kommandos sagt und leider nervt. Es wäre schön, wenn der Artikel auf Yourhelpcenter auch auf diese Probleme eingegangen wäre - da er es nicht tut hole ich es hier gerade mal nach.\nGegeben sei\nroot@localhost [kris]\u0026gt; show create table a\\G Table: a Create Table: CREATE TABLE `a` ( `id` tinyint(3) unsigned NOT NULL, `d` tinyint(3) unsigned NOT NULL, `e` tinyint(3) unsigned NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `d` (`d`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 1 row in set (0.02 sec) root@localhost [kris]\u0026gt; insert into a values ( 1, 2, 3), (4, 5, 6); Query OK, 2 rows affected (0.00 sec) Records: 2 Duplicates: 0 Warnings: 0 Das Kommando INSERT ON DUPLICATE KEY UPDATE ist erst einmal ein INSERT-Statement.\nEs fügt Werte in eine Tabelle ein:\nroot@localhost [kris]\u0026gt; insert into a ( id, d, e) values ( 7, 8, 9) on duplicate key update e = 100; Query OK, 1 row affected (0.00 sec) root@localhost [kris]\u0026gt; select * from a; +----+---+---+ | id | d | e | +----+---+---+ | 1 | 2 | 3 | | 4 | 5 | 6 | | 7 | 8 | 9 | +----+---+---+ 3 rows in set (0.00 sec) Man kann sehen, daß der INSERT-Zweig genommen wurde - unter anderem daran, daß dort nach dem Statement \u0026lsquo;1 row affected\u0026rsquo; angezeigt wird.\nWenn beim INSERT ein Duplicate Key Error auftritt, dann schaltet das Statement auf die UPDATE-Clause um und führt die Anweisungen dort aus. Dabei ist es unwesentlich, ob der Duplicate Key Error auf dem Primärschlüssel oder einem anderen Unique Key stattfindet.\nHier ist das Beispiel:\nroot@localhost [kris]\u0026gt; insert into a (id, d, e) values (7,11,12) on duplicate key update e = 100; Query OK, 2 rows affected (0.00 sec) root@localhost [kris]\u0026gt; insert into a (id, d, e) values (10, 5, 12) on duplicate key update e = 200; Query OK, 2 rows affected (0.02 sec) root@localhost [kris]\u0026gt; select * from a; +----+---+-----+ | id | d | e | +----+---+-----+ | 1 | 2 | 3 | | 4 | 5 | 200 | | 7 | 8 | 100 | +----+---+-----+ 3 rows in set (0.00 sec) Wie man sieht, hat das erste INSERT einen Duplicate Key Error auf dem Primärschlüssel für die Row 7 erzeugt und daher ein Update durchgeführt, das e auf den Wert 100 setzt. Das zweite INSERT hat ebenfalls einen Duplicate Key Error erzeugt, aber auf dem Unique Key (a) und dem Wert 5, dadurch ist e auf dem Wert 200 gesetzt worden.\nWie man auch sehen kann, wird beim aktivieren des UPDATE-Zweiges \u0026lsquo;2 rows affected\u0026rsquo; ausgegeben. Das ist ein wenig unsinnig, solange man nicht sieht, was intern passiert - mehr dazu weiter unten.\nHaben wir eine solche Kombination von zwei Unique Key Constraints (ein Primärschlüssel hat ja auch UNIQUE-Eigenschaft), oder haben wir ein Statement, das in der UPDATE-Clause auch am Primärschlüssel rumschreibt, können wir trotzdem einen Duplicate Key Error bekommen:\nroot@localhost [kris]\u0026gt; insert into a (id,d,e) values (7,11,12) on duplicate key update d=5, e=199; ERROR 1062 (23000): Duplicate entry \u0026#39;5\u0026#39; for key \u0026#39;d\u0026#39; root@localhost [kris]\u0026gt; insert into a (id,d,e) values (7,11,12) on duplicate key update id=4,d=5,e=198; ERROR 1062 (23000): Duplicate entry \u0026#39;4\u0026#39; for key \u0026#39;PRIMARY\u0026#39; root@localhost [kris]\u0026gt; select * from a; +----+---+-----+ | id | d | e | +----+---+-----+ | 1 | 2 | 3 | | 4 | 5 | 200 | | 7 | 8 | 100 | +----+---+-----+ 3 rows in set (0.01 sec) Ein INSERT ON DUPLICATE KEY UPDATE verhindert also Duplicate Key Errors nicht automatisch.\nEs wird immer zunächst das INSERT-Statement versucht, und nur dann, wenn das INSERT-Statement mit genau einem Duplicate Key Error scheitert wird das UPDATE-Statement ausgeführt. Die Reihenfolge der internen Tests von MySQL spielt dabei eine Rolle.\nSetzen wir zum Beispiel den SQL_MODE auf TRADITIONAL, dann haben wir unter andren auch STRICT_ALL_TABLES und STRICT_TRANS_TABLES. Dadurch haben wir keine stillschweigende Wertanpassung mehr.\nHier die Demo:\nroot@localhost [kris]\u0026gt; set SQL_MODE=TRADITIONAL; Query OK, 0 rows affected (0.00 sec) root@localhost [kris]\u0026gt; select @@sql_mode\\G @@sql_mode: STRICT_TRANS_TABLES,STRICT_ALL_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,TRADITIONAL,NO_AUTO_CREATE_USER 1 row in set (0.00 sec) root@localhost [kris]\u0026gt; update a set e = 300 where id = 7; ERROR 1264 (22003): Out of range value for column \u0026#39;e\u0026#39; at row 1 Soweit so gut. Was ist nun, wenn wir einen Duplicate Key Error provoziere, sodaß INSERT ON DUPLICATE KEY das Update ausführen sollte, zugleich in der INSERT-Phase aber auch einen Out Of Range-Error haben?\nroot@localhost [kris]\u0026gt; insert into a (id,d,e) values (7,10,300) ON DUPLICATE KEY UPDATE e = 197; ERROR 1264 (22003): Out of range value for column \u0026#39;e\u0026#39; at row 1 root@localhost [kris]\u0026gt; select * from a; +----+---+-----+ | id | d | e | +----+---+-----+ | 1 | 2 | 3 | | 4 | 5 | 200 | | 7 | 8 | 100 | +----+---+-----+ 3 rows in set (0.00 sec) Eigentlich hätte unser Statement funktionieren können: Wenn MySQL erst die Duplicate Key-Violation prüfen würde, um dann zu entscheiden, daß es in den UPDATE-Fall des Statements gehen müßte, dann wäre unser Statement durchgekommen und id=7 hätte nun e=197. Das e=300 im INSERT-Zweig hätten wir nie gesehen - kein Fehler.\nAber MySQL versucht tatsächlich das INSERT durchzuführen, scheitert auf halben Weg, aber eben NICHT mit einem Duplicate Key Error, sondern einem Out Of Range Error, und bricht daher das Insert ab, statt in den Update-Zweig überzugehen. Es werden also nur Duplicate Key Error im Insert-Fall gefangen, nichts sonst, und es werden alle Prüfungen für das INSERT durchgeführt und das INSERT tatsächlich ausgeführt, solange bis es scheitert - und zwar mit dem richtigen Fehler.\nDaher auch \u0026lsquo;2 rows affected\u0026rsquo; - wir machen das INSERT, das schlägt fehl, dann machen wir das UPDATE auf derselben Row noch mal.\nUnd schließlich ist INSERT ON DUPLICATE KEY auch noch eine bombige Gelegenheit, sich mit naiven Triggern in die Nesseln zu setzen. Bauen wir uns einmal eine Demo mit einer Logtabelle und allen 6 Triggern für das Debugging:\nroot@localhost [kris]\u0026gt; delimiter // root@localhost [kris]\u0026gt; create table log ( id serial, t text ) engine = innodb;// root@localhost [kris]\u0026gt; create trigger bi_a before insert on a for each row insert into log values (NULL, \u0026#39;before insert\u0026#39;);// Query OK, 0 rows affected (0.35 sec) root@localhost [kris]\u0026gt; create trigger ai_a after insert on a for each row insert into log values (NULL, \u0026#39;after insert\u0026#39;);// Query OK, 0 rows affected (0.30 sec) root@localhost [kris]\u0026gt; create trigger bu_a before update on a for each row insert into log values (NULL, \u0026#39;before update\u0026#39;);// Query OK, 0 rows affected (0.20 sec) root@localhost [kris]\u0026gt; create trigger au_a after update on a for each row insert into log values (NULL, \u0026#39;after update\u0026#39;);// Query OK, 0 rows affected (0.18 sec) root@localhost [kris]\u0026gt; create trigger bd_a before delete on a for each row insert into log values (NULL, \u0026#39;before delete\u0026#39;);// Query OK, 0 rows affected (0.11 sec) root@localhost [kris]\u0026gt; create trigger ad_a after delete on a for each row insert into log values (NULL, \u0026#39;after delete\u0026#39;);// Query OK, 0 rows affected (0.22 sec) root@localhost [kris]\u0026gt; delimiter ; root@localhost [kris]\u0026gt; select * from a; +----+---+-----+ | id | d | e | +----+---+-----+ | 1 | 2 | 3 | | 4 | 5 | 200 | | 7 | 8 | 100 | +----+---+-----+ 3 rows in set (0.00 sec) Das kann man nun sehr elegant explodieren lassen, indem man einmal den UPDATE-Zweig eines INSERT ON DUPLICATE KEY-Update ausführen läßt. Man bekommt dies:\nroot@localhost [kris]\u0026gt; insert into a (id,d,e) values (7,12,13) on duplicate key update e = 190; Query OK, 2 rows affected (0.39 sec) root@localhost [kris]\u0026gt; select * from a; +----+---+-----+ | id | d | e | +----+---+-----+ | 1 | 2 | 3 | | 4 | 5 | 200 | | 7 | 8 | 190 | +----+---+-----+ 3 rows in set (0.00 sec) root@localhost [kris]\u0026gt; select * from log; +----+---------------+ | id | t | +----+---------------+ | 1 | before insert | | 2 | before update | | 3 | after update | +----+---------------+ 3 rows in set (0.00 sec) Wie man erkennen kann, ist der \u0026lsquo;before insert\u0026rsquo;-Trigger einmal ausgeführt worden, dann sind wir in den Update-Fall eingetreten und dort sind der \u0026lsquo;before update\u0026rsquo; und der \u0026lsquo;after update\u0026rsquo;-Trigger gelaufen. Der \u0026lsquo;after insert\u0026rsquo;-Trigger ist nie gelaufen.\nWir haben also eine ungerade, asymmetrische Trigger-Aktivierung und wir haben zwei verschiedene Before-Trigger aktiviert.\nHat man Code mit relativen Updates, etwa der Form \u0026lsquo;update konto set geld = geld - old.betrag\u0026rsquo; in einem \u0026lsquo;before insert\u0026rsquo; und einem \u0026lsquo;before update\u0026rsquo;-Trigger, dann hat man also zweimal abgebucht, aber nur einmal aufgebucht. Die Zähler geraten durcheinander. Man muß bei der Konstruktion von Triggern also besondere Vorsicht walten lassen und diesen Fall berücksichtigen.\nDas gilt im übrigen auch für das Partnerstatement von INSERT ON DUPLICATE KEY UPDATE, also für INSERT IGNORE:\nroot@localhost [kris]\u0026gt; delete from log; Query OK, 3 rows affected (0.33 sec) root@localhost [kris]\u0026gt; insert ignore into a (id,d,e) values (7,10,11); Query OK, 0 rows affected (0.00 sec) root@localhost [kris]\u0026gt; select * from log; +----+---------------+ | id | t | +----+---------------+ | 6 | before insert | +----+---------------+ 1 row in set (0.00 sec) Auch hier sehen wir eine ungerade Anzahl von Triggern, ein \u0026lsquo;before insert\u0026rsquo; ohne \u0026lsquo;after insert\u0026rsquo;.\n","date":"2010-03-09T00:00:00Z","href":"https://blog.koehntopp.info/2010/03/09/insert-on-duplicate-key-update.html","tags":["mysql","lang_de"],"title":"INSERT  ON DUPLICATE KEY UPDATE"},{"categories":null,"content":"Die inhaltliche Debatte um Aaron Koenig ist ein wenig abgeklungen, und auch der Berliner Landesparteitag der Piratenpartei ist durch, sodaß ich einmal die Gedanken zu Blog bringen kann, an denen ich im Rahmen der Debatte immer wieder hängen geblieben bin, obwohl sie mit den Inhalten primär nur am Rande zu tun haben.\nDa ist zum Beispiel das seltsame Verhältnis der Piraten zur Identität, speziell zur Wahl und zum Gebrauch von Namen. Wenn man sich einmal die Benutzernamen im Wiki der Piratenpartei anschaut, oder in einem beliebigen Forum , dann findet man da eine bunte Mischung von Nicknames und auf den Benutzerseiten dann in der Regel keinen Hinweis auf eine reale Person, eine Homepage oder ein Profil mit echten Inhalten in einem Social Network Dingens.\nAndererseits ist da Aaron Koenig, von dem jemand herausgefinden haben will, daß in seinem Personalausweis Stefan Koenig stehe, und quer durch die Blogs geht eine Reihe von Stefan \u0026ldquo;Aaron\u0026rdquo; Koenig-Artikeln komplett mit Anführungszeichen.\nDas ist eine ans trollende grenzende Schizophrenie, die sich mir komplett nicht erschließt.\nAlso, da ist einmal das Namensrecht in Deutschland , das in der Konstruktion schon mal kaputt ist: \u0026ldquo;Im derzeit geltenden Namensrecht gilt der Grundsatz der Unabänderlichkeit des Namens. Der Name darf nicht eigenmächtig und willkürlich geändert werden.\u0026rdquo; Dafür gibt es in einer modernen Verwaltung keinen Grund, und in der Tat ist das eine deutsche Besonderheit, die in anderen Rechtsordnungen so nicht umgesetzt ist - und dabei kommt man dort sogar obendrein noch ohne einen Personalausweis aus (siehe auch die Katze zu diesem Thema).\nAuch den Piraten ist die englische Idee von Identität näher als die Deutsche - Anonymität ist ihnen wichtig.\nSo wichtig, daß es zum Teil bis in das Absurde geht, wenn mir etwa gesagt wird, daß jemand eine Petition, die ihm wichtig ist, nicht unterzeichnen möchte, weil dann sein Name mit dieser politischen Sache in Verbindung gebracht werden kann. Nun ist es in der Tat so, daß das Wahlgeheimnis weiter reicht als so mancher annimmt, aber es ist auch so, daß man kaum Politik machen kann, ohne dabei als Person in das Licht der Öffentlichkeit zu treten. Man wird damit ab einem bestimmten Punkt nun einmal zu einer Person der Zeitgeschichte und der rechtliche Status, unter dem man agiert, verändert sich.\nDas ändert aber nichts an der Feststellung, daß zur informationellen Selbstbestimmung im Sinne der Piraten auch die freie Wahl des eigenen Namens gehört und daß die ganzen süffisanten \u0026ldquo;Anführungszeichen-Aaron\u0026rdquo;-Kommentare unpiratig und fehl am Platze sind.\nEs ändert andererseits auch nichts an der Feststellung, daß ich trotz meiner zwei Dekaden Onlineerfahrung so meine Probleme habe, mit einem \u0026ldquo;Horst Acker\u0026rdquo; oder einem \u0026ldquo;Phil Antrop\u0026rdquo; über Politik oder politische Personen zu reden. Politik sollte mit offenem Visier gemacht werden, denn es geht um Menschen und für was sie stehen. Anders ausgedrückt: Ich habe einen Wunsch nach Verkettbarkeit weil ich, wenn es um Politik geht, einen Wunsch nach Reputation habe. Ich will wissen, was ich erwarten kann, wenn ich dieser Person vertraue. Denn in der Politik spielt Vergangenheit und der Umgang mit ihr nun einmal eine wichtige Rolle. Man kann nicht anonym und politisch aktiv sein, weil man nicht anonym Verantwortung übernehmen kann.\nMein Rat an Mitpiraten, die eine über den Forenstammtisch hinausgehende politische Rolle einnehmen wollen?\nWählt einen Namen, unter dem ihr eine Marke aufbauen wollt. Das ist wahrscheinlich der Name, der in Eurem Personalausweis steht - schaut Euch padeluun bei Markus Lanz an und wie schwer selbst dieser in meinen Kreisen recht etablierte Markenname \u0026ldquo;padeluun\u0026rdquo; dem Moderator über die Lippen geht.\nWelchen Namen Ihr auch wählt: sorgt dafür, daß diese Marke Kontur bekommt und Leute vertrauen dazu fassen können, damit sie wissen, wofür ihr steht.\nUnd sorgt dafür, daß Ihr Euch mit Inhalten auseinander setzt und nicht den Namen von Personen, egal ob selbstgewählt oder von den Eltern ausgesucht.\nOh, und wenn Ihr Kinder bekommt: Da wir nun einmal das deutsche Namensrecht haben, solltet Ihr Euer Kind mit einem Vorrat an Namen ausstatten, damit es später einen zum Anlaß passenden Namen im Vorrat hat.\nUnd vielleicht macht Ihr Euch auch für ein liberaleres Namensrecht in Deutschland stark. Das geht aber nur, wenn ihr Herrn Koenig den Aaron laßt, sonst werdet ihr unglaubwürdig.\n","date":"2010-03-07T00:00:00Z","href":"https://blog.koehntopp.info/2010/03/07/das-gespaltene-piratische-verh-ltnis-zur-identit-t.html","tags":["identity","piraten","lang_de"],"title":"Das gespaltene piratische Verhältnis zur Identität"},{"categories":null,"content":" Torrent vs. DVD\nDie Grafik da rechts zeigt sehr schön den Unterschied im Medienerlebnis auf, das Torrent-Benutzer gegenüber dem Käufer einer DVD haben. Das haben die meisten Leute auch verstanden. Diejenigen, die es nicht verstanden haben -\nMicrosoft Yahoo! Fictionwise Migros Netflix Ubisoft sind nur ein paar Beispiele - gehen nacheinander vom Markt und lehren ihre jeweiligen Kunden.\nDas Resultat?\nNachfrageschwäche bei Downloadfilmen - nicht wegen \u0026lsquo;illegaler Downloads\u0026rsquo;, sondern wegen DRM:\nDer Markt hat sich einfach abgekühlt\u0026hellip; Das wurde nicht von ökonomischen Faktoren ausgelöst. Es gibt einfach kein großes Interesse an digitalen Downloads.\u0026quot; Schuld seien die vielfältigen Restriktionen durch Digital Rights Management auf den unterschiedlichen Plattformen. \u0026ldquo;Der Markt ist durch seine Beschränkungen gekennzeichnet\u0026rdquo;, so Amel. Alles drehe sich darum, was die Zuschauer nicht tun können, statt darum, welche Möglichkeiten die Anbieter ihnen geben.\nUnd so hat die Film-, die Musik- und nun auch die Buchindustrie in den letzten 10 Jahren hart daran gearbeitet, ihre jeweiligen Kunden auszubilden, ihnen nicht zu trauen und sich stattdessen selbst zu versorgen. Selbst hartnäckige Kunden haben inzwischen verstanden.\nInternationaler Tag gegen DRM am 4. Mai 2010 ","date":"2010-03-07T00:00:00Z","href":"https://blog.koehntopp.info/2010/03/07/die-leute-sind-nicht-dumm-genug-f-r-drm.html","tags":["copyright","media","lang_de"],"title":"Die Leute sind nicht dumm genug für DRM..."},{"categories":null,"content":"Seitdem ich für Geld andere Leute glücklich mache bin ich immer wieder einige Jahre auf der Walz gewesen, und habe mich als Angehöriger des fahrendes Volkes als Projektkraft bei wechselden Auftraggebern verdingt, um danach wieder einige Jahre fest in einem Laden angestellt ein wenig seßhafter zu werden, Kraft zu tanken und das Gelernte zu verarbeiten. Eine der Sachen, die ich mich dabei immer wieder fasziniert haben sind die unterschiedlichen Arbeitsstile der verschiedenen europäischen Kulturen.\nVielleicht ist meine Sample-Größe zu klein, vielleicht ist meine Auswahl von anderen Faktoren beeinflußt, aber ich bin zu der festen Überzeugung gelangt, daß zum Beispiel britische Firmenkulturen durch einen gemeinsamen Feind, eine gemeinsame Zumutung zusammengehalten werden.\nIn jeder britischen Firma, in der ich jemals gewesen bin, gab es einen Umstand, der vollkommen unerträglich war und den jeder, der dort gearbeitet hat, auf das Blut gehaßt hat. In einer Firma zum Beispiel war es ein Ansagensystem, das den Leuten circa einmal pro Stunde durch eine für den weitaus größten Teil der Mitarbeiter nutzlose Ansagen jeden sinnvollen Gedanken aus dem Hirn geblasen hat, Meetings unterbrochen und Redeflüsse gestört.\nIn einer anderen Firma befand man sich in einem Gebäude, das seit mindestens 2 Jahren im Zustand der Renovierung und des Umbaues befindlich war, Stockwerk für Stockwerk. In einer dritten Firma befand man sich in einem viktorianischen Stadthaus in einem der feinsten Viertel von London, aber mußte in den Tiefpaterre-Räumen des Dienstbotentraktes zusammengepfercht arbeiten - und vierteltypisch einige Meilen weit gehen oder fahren, um ein Mittagessen oder auch nur eine Flasche Kakao in einem Cornershop kaufen zu können.\nAber niemand hat jemals einen Versuch unternommen, diese Sache zu verbessern oder gar abzustellen. Stattdessen wurde geredet, sich beklagt und gegenseitig bemitleidet. Abhilfe wäre kontraproduktiv gewesen, denn dann hätte man der Gruppe die gemeinsame Identifikation weggenommen, die sie zusammengeschweißt hat.\nBeeindruckt haben mich viele skandinavische Firmen. Auf irgendeine Weise hat man dort einen Weg gefunden, mehr zu schaffen als in vielen anderen Firmen, die ich gesehen habe, und gleichzeitig die Arbeit so zu organisieren, daß niemand davon genervt ist. Zusammenhalt wird dort auf eine andere, wesentlich schmerzfreiere Weise generiert.\nDas fängt schon auf eine subtile Weise am Morgen an:\nIn vielen dieser Firmen stellt der Arbeitgeber ein Frühstücksbuffet. Da es kostenlos ist, essen die meisten Leute nicht daheim, sondern bringen die Kinder in die Schule oder den firmeneigenen Kindergarten und gehen dann in die Kantine zum Essen. Am Buffet säbelt man sich einige Scheiben Brot herunter, greift sich Butter, einen Klecks Marmelade oder eine Scheibe Wurst und einen Pott Kaffee und setzt sich dann gemeinsam mit den Kollegen auf eine Bank. Man erzählt sich von gestern abend, von den Kindern oder dem Theaterbesuch, oder daß man Segeln gewesen ist. Langsam, aber fast von selbst driftet das Gespräch zum heutigen Tag und was passieren wird - wer was ausprobieren wird, was fehlt, und was von einem selbst erwartet wird, damit die anderen Mitglieder des Teams weiter arbeiten können.\nDer Übergang ist subtil, aber automatisch und er findet jeden Morgen statt. Nach dem Frühstück sind irgendwie alle gebriefed und haben im Kopf eine Liste von Dingen, die an diesem Vormittag weggehauen werden müssen, damit es voran geht. Natürlich trifft man sich zum Mittagessen wieder, und tauscht dort Ergebnisse aus, verabredet sich zu Besprechungen oder Präsentationen und plant so gemeinsam beim Essen den Nachmittag.\nAber auch das Arbeiten in Gruppen ist dort anders, auf eine sehr angenehme Weise. Ein Freund von mir aus Deutschland, Olaf Schlüter, hat vor vielen Jahren einmal den Spruch geprägt: \u0026ldquo;Team ist, wenn von sechs Leuten zwei Arbeiten. Wenn das immer andere Zwei sind, dann funktioniert das Team.\u0026rdquo; Das ist, auf eine Weise, präzise die Beschreibung dieser Arbeitsweise.\nTypischerweise haben wir dort zu sechs Personen, plus/minus ein paar, zusammengesessen. Zwei haben rumgekaspert - würde man es formalisieren, würde man es als Brainstorming bezeichnen. Zwei andere haben Dinge vorbereitet - würde man es formalisieren, wäre es Pair Programming oder eine Verallgemeinerung davon. Und zwei weitere haben etwas vorgeführt, umgesetzt oder sonstwie etwas getan, das ein klassischer Beobachter \u0026ldquo;arbeiten\u0026rdquo; nennen würde. Nach einer Weile durchmischt sich das, alle tauschen die Plätze, reden miteinander und die Gruppe konfiguriert sich um, und dann geht es in neuer Zusammenstellung weiter.\nDabei kommt es zu einem Effekt, den ich in Deutschland nahezu niemals beobachten kann - außerhalb gewisser Geek- und Hackerzirkel jedenfalls. Und das ist die Tatsache, daß man an Gesicht und Ansehen gewinnen kann, wenn man in einer Diskussion seinen Fehler erkennt und sich dem Standpunkt seines Gegenredners anschließt oder diesen übernimmt.\nDas ist den meisten deutschen Firmenkulturen so entgegengesetzt, daß ich überhaupt nicht mitbekommen habe was da passiert, als ich so einen Positionswechsel das erste Mal beobachtet habe. Jemand, der Teamleiter gar, obwohl das in diesen Gruppen kaum eine Rolle spielt, präsentierte seinen Vorschlag an der Tafel und brachte dabei einige Abschätzungen hinsichtlich Speicherplatz, Rechenaufwand und Kosten. Jemand anders aus der Gruppe blickte von seinem Zettel auf, auf dem er einige Zahlen hingeschmiert hatte, und meinte nur \u0026ldquo;That\u0026rsquo;s all wrong.\u0026rdquo; Er stand auf, griff sich den Filzstift und skizzierte seinen Plan gleich neben dem anderen. \u0026ldquo;If you do it like this, and this, then you can do it in less than half the time, and with only a fraction of the storage.\u0026rdquo; Der Chef stutzte kurz, dachte nach und entschloß sich dann, seine eigene Idee zu verwerfen und die seines Mitarbeiters zu übernehmen. \u0026ldquo;You are completely right. This is much better. We will be doing it your way.\u0026rdquo; Anerkennendes Nicken in der ganzen Runde, und ein Gesichtsgewinn für beide im ganzen Team.\nDas alles führt zu einer Arbeitsweise, die ich als sehr entspannend empfinde: Obwohl man echt viel Arbeit wegschafft, hat kaum jemand mal Streß. Die meisten Fragen und Termine werden im Vorübergehen beim Frühstück oder Mittagessen geklärt, und beim Arbeiten spielt man sich die Bälle zu. Die Kultur ist so eingerichtet, daß Kooperation belohnt wird, und Ansehen basiert nicht darauf, ob man sich durchsetzt, sondern ob man die Gruppe voran bringt.\nDas ist zugleich die Arbeitsweise und Einstellung, die der deutschen Politik so vollkommen fehlt.\nEs täte diesem Land echt gut, hätte man in der Koalition den Expertenmeinungen von Techniker- und Juristenseite Gehör geschenkt, als es um die Konstruktion des Zugangserschwerungsgesetzes ging, oder früher noch, als es darum ging, die Stoßrichtung der Agenda auf diesem Gebiet überhaupt festzulegen. Es hat eine klar artikulierte und durchstrukturierte Kritik an der Idee des Zugangserschwerungsgesetzes selbst gegeben - Löschen statt Sperren (und nicht etwa Löschen vor Sperren), Konstruktion internationaler Zusammenarbeit (die noch dazu für andere Delikte nutzbringend einsetzbar gewesen wäre) und Vermeidung eines sinn- und wirkungslosen Grundrechtseingriffes.\nStattdessen hat man im Wahlkampfwahn den eigenen Irrweg zementiert. Man tat das in dem Glauben, daß deutsche Kultur Durchsetzungskraft an sich mehr belohnt als Korrektheit oder Brauchbarkeit der Lösung.\nGesichtsgewinn durch Übernehmen und Aufgreifen der besseren Idee, das ist das große Defizit der akuellen politischen Kultur in unserem Land. Das ist es wirklich: die Äußerungen in der Debatte im Petitionsausschuß und zum Aufhebungsgesetz - ja, Frau Bär, auch und gerade sie sind gemeint! - zeigen, daß man immer noch der Meinung ist, einen politisch Gewinn bringenden Kurs zu verfolgen, oder vermeintlich Frau von der Leyen schützen zu müssen, indem man an dem von ihr initiierten Irrwegen weiter festhält.\nEs ist zugleich die Hoffnung, die die Piraten in der deutschen Politik darstellen. Denn einer der Kernpunkte des piratischen Denkens, der mir das Herz aufgehen läßt, ist die Konzentration auf die Sachpolitik. Es ist die Fähigkeit, das Bessere anerkennen zu können und ihm dadurch den Weg zu bereiten, daß man sich selbst beiseite nimmt und hinter die bessere Idee stellt. Selbst dann, wenn es nicht die eigene war.\n","date":"2010-02-28T00:00:00Z","href":"https://blog.koehntopp.info/2010/02/28/kulturelles-defizit.html","tags":["work","piraten","politik","reisen","lang_de"],"title":"Kulturelles Defizit"},{"categories":null,"content":" Eigentlich war es ja als Witz gedacht, aber die Mediendinosaurier nehmen so etwas schon mal ernst.\nSchreibt der Inquirer :\nA MAFIAA CABAL called the International Intellectual Property Alliance, which is an umbrella group for the entertainment cartels such as the MPAA and RIAA, has demanded that Indonesia, Brazil and India should be placed on a special trade watchlist merely because they recommend the use of open source software.\nund derGuardian :\nIt turns out that the International Intellectual Property Alliance, an umbrella group for organisations including the MPAA and RIAA, has requested with the US Trade Representative to consider countries like Indonesia, Brazil and India for its \u0026ldquo;Special 301 watchlist\u0026rdquo; because they use open source software…. But the IIPA suggested that Indonesia deserves Special 301 status because encouraging (not forcing) such takeup \u0026ldquo;weakens the software industry\u0026rdquo; and \u0026ldquo;fails to build respect for intellectual property rights\u0026rdquo;.\nRight.\n","date":"2010-02-25T00:00:00Z","href":"https://blog.koehntopp.info/2010/02/25/downloading-communism.html","tags":["copyright","free software","politik","lang_de"],"title":"Downloading communism..."},{"categories":null,"content":"Es gibt in Deutschland ein Grundrecht, die Meinungsfreiheit . Es ist ein Recht, das einem Menschen etwas erlaubt, nämlich die freie Rede sowie die freie Äußerung und öffentliche Verbreitung einer Meinung in Wort, Schrift und Bild sowie allen weiteren verfügbaren Übertragungsmitteln.\nEs ist in Deutschland unseligerweise anders als in den USA ein Recht mit einer Schrankenbestimmung, und in der Schrankenbestimmung sind neben anderen Dingen explizit die \u0026ldquo;gesetzlichen Bestimmungen zum Schutze der Jugend\u0026rdquo; genannt. Das ist nebenbei bemerkt einer von mehreren Gründen, warum in Deutschland immer wieder Jugendschutzargumente zur Rechtfertigung von Internet-Regulierung herhalten müssen.\nDas Gegenstück zur Meinungsfreiheit, dem \u0026ldquo;Recht zu Senden\u0026rdquo;, ist die Informations- oder Rezipientenfreiheit , das \u0026ldquo;Recht zu Empfangen\u0026rdquo;, d.h. sich aus allgemein zugänglichen Quellen ungehindert zu informieren. Auch sie ist in Deutschland durch Schrankenbestimmungen einschränkbar, unter anderem wieder durch den Jugendschutz.\nEin drittes Grundrecht, das uns heute beschäftigen soll, ist der in Deutschland irreführend benannte Datenschutz , der im englischen Sprachraum unter dem besseren Begriff Privacy (\u0026lsquo;The Right To Be Left Alone\u0026rsquo;) gefaßt wird, während das deutsche \u0026ldquo;Privatsphäre\u0026rdquo; im Kontext dieser Diskussionen weniger gebräuchlich ist.\nDas zugehörige Grundrecht ist das Grundrecht auf informationelle Selbstbestimmung . Es ist ein spannendes Grundrecht, weil es ein abgeleitetes Grundrecht ist, das nicht ausdrücklich im Grundgesetz aufgeführt ist. Im Recht finden wir es entsprechend auch erst seit 1983 als Folge des Volkszählungsurteils .\nDas Verfassungsgericht hat 2008 dann im Rahmen der Diskussion um den Bundestrojaner ein weiteres, verwandtes Grundrecht abgeleitet, das katastrophal umständlich bezeichnete Grundrecht auf Gewährleistung der Vertraulichkeit und Integrität informationstechnischer Systeme , und es leitet sich aus dem Fernmeldegeheimnis und dem Recht auf Unverletzlichkeit der Wohnung her.\nDiese beiden Weiterentwicklungen des Rechts - von Grundrechten sogar! - sind nur Eckpunkte. Hinter ihnen steht ein Rechtsempfinden um eine aktuelle gesellschaftliche Diskussion, die derzeit nicht explizit und grundsätzlich geführt wird, sondern bei der wir als Gesellschaft im Moment nur die Grenzfälle und Überschneidungen mit anderen Dingen erforschen.\nWie das Internet Mittler eliminiert Früher, vor dem Internet, haben wir unsere Grundrechte auf Meinungs- und Informationsfreiheit kaum direkt und alleine ausüben können. Okay, wir haben uns auf einen Platz stellen können und dort auf eine Kiste steigen können, oder in der Menge zu Füßen des Redners stehen und ihm zuhören können. Aber das setzt der Reichweite des Einzelnen recht enge Grenzen.\nWann immer wir eine größere Menge Menschen erreichen wollten, mußten wir publizieren und dabei haben wir auf das direkte Engagement von vielen Personen zurückgreifen müssen, die an der Publikation beteiligt waren: Neben dem Autor, dem Sender, waren immer auch ein Verleger, ein Lektor, ein Setzer, ein Drucker, ein Distributor, ein Händler und schließlich der Käufer des Buches involviert, bis es schließlich einem Leser vorlag. Das war eine lange Pipeline von Menschen, die an dem Erscheinen dieses speziellen, einzelnen Buches beteiligt waren, und die natürlich auch eine gewisse soziale Kontrollfunktion ausgeübt haben - entweder direkt, indem sie auf den Autor einwirkten oder indirekt durch wirtschaftliche Zwänge.\nZeitungen verkürzen das etwas: Der Betrieb zur Veröffentlichung einer Zeitung ist jenseits der Textredaktion viel mehr auf die Veröffentlichung im Allgemeinen ausgerichtet - eine Publikationsinfrastruktur, die nicht auf das Erscheinen eines konkreten Textes hinarbeitet. Zeitungen üben für einen bestimmten Kreis - Journalisten - eine viel geringere Kontrolle aus als das etwa bei der Veröffentlichung eines Buches der Fall wäre. Die Transaktionskosten für eine einzelne Publikation sind für einen Journalisten viel geringer als für einen Buchautor.\nFlugblätter wie sie etwa in der Mensa einer Universität seit Erfindung des Fotokopierers, des Laserdruckers und des DTP-Programmes massenhaft verteilt werden, stellen auf eine Weise einen Endpunkt dieser Entwicklung des Mediums Papier dar. Die Anzahl der Personen, die in die Publikation eines einzelnen solchen Flugblattes involviert sind, ist für das Medium Papier minimal. Eine einzelne Person, der Sender, kann die Publikation schreiben, durchsehen, layouten, drucken und vervielfältigen und auch verteilen. Die Rezipienten, die Leser in der Mensa, werden nahezu direkt erreicht - allerdings ist die Reichweite räumlich und durch die Auflage recht beschränkt. Mittler jedoch fehlen - all diese Kontrollinstanzen, die auf Publikation und Verbreitung eines bestimmten Buches direkt einwirken können.\nMöglicherweise existieren immer noch Helfer, die an der Produktion des Flugblattes beteiligt sind - etwa der Betreiber des Copyshops auf dem Campus - aber sie haben keine besondere Mitwirkung an der Gestaltung und Verbreitung dieses individuellen Flugblattes. Sie betreiben stattdessen eine Infrastruktur, die allgemein eine Dienstleistung zur Verfügung stellt, ohne am Zustandekommen der individuellen Kommuikation zwischen Verfasser und Leser beteiligt zu sein und sie kontrollieren zu können.\nDas Internet trägt dies noch einen Schritt weiter: Es senkt die Transaktionskosten zur Publikation noch weiter, es erhöht die Reichtweite, es organisiert und kategorisiert automatisch und es bringt räumlich entfernte, aber in den Interessen nahe Leute miteinander in Kontakt. Die Transaktionskosten sinken - Blogs stellen ein vorgefertigtes Format und vorgefertigte Software zur Publikation zur Verfügung, RSS ist ein Mechanismus zur automatischen Distribution, Aggregatoren sind ein Mechanismus zur Organisation und Kategorisierung von Kommunikation.\nDadurch kann sich jeder nicht nur ohne technisches Wissen und ohne Kosten für die Veröffentlichung eines spezifischen Textes eine Plattform schaffen und auch Leute finden, die sich für seine speziellen Themen interessieren. Es existieren Grundkosten für den Zugang zum Medium, aber die Kosten für die individuelle Kommunikation sind Null und nur noch in aufgewendeter Zeit - Aufmerksamkeit - beim Sender und Empfänger zu messen.\nEchtzeitmedien wie Twitter, Facebook-Kommunikation und Buzz machen dies noch leichter - Publikation ist jetzt casual und mit GPS Location Updates wie in Latitude plus Buzz auf Mobiltelefonen sogar automatisch. Das Finden von Interessierten ist durch das Follower-Prinzip und die Idee der schwachen Bindungen ebenfalls noch einmal erleichtert und ebenfalls casual, nebenbei, mal eben so.\nIn einer Weise kann man behaupten, daß sowohl Sender als auch Empfänger in einer solchen Kommunikation nicht mehr als volle Personen zählen, da sie ihren Anteil an der Kommunikation nebenbei erbringen. Wir haben also eine Kommunikationspipeline mit einer Länge, die kleiner ist als zwei Personen. Der Rest der Kommunikation ist so automatisiert, daß wir das Auffinden von Kommunikationspartnern, das Generieren mancher Meldungen oder die Auswertung dieser Meldungen einer technischen Infrastruktur überlassen.\nNoch einen Schritt weiter gehen Peer-to-Peer Netzwerke. Für die Übertragung einer einzelnen, sehr großen Datei finden sich Maschinen zusammen in einer Gruppe. Sie finden sich über Magnet-Links automatisch, ohne daß ein Tracker zur Kommunikationskoordination oder als zentrale Datenquelle notwendig wäre. Wenn eine Maschine Daten hat, an der eine andere Maschine interessiert ist, dann stellt sie diese zur Verfügung. Wenn eine Maschine Daten vermißt, die zur Komplettierung der Datei notwendig sind, dann sucht sie einen Partner, der den gesuchten Dateiteil hat. Die Dateiübertragung erfolgt dabei weder auf Sender- noch auf Empfängerseite eins-zu-eins, sondern die Datei wird an viele Empfänger gesendet, aber kein Empfänger enthält die gesamte Datei von einem Sender, sondern aus vielen Quellen.\nWir haben hier eine reine Maschine-zu-Maschine Kommunikation und eine Pipeline zur Publikation mit einer Länge von Null. Menschen sind am Zustandekommen einer einzelnen individuellen Kommunikation nicht mehr involviert - es gibt noch Infrastruktur, aber diese stellt nur allgemeine Dienstleistungen zur Verfügung, die keiner einzelnen Kommunikation mehr zurechenbar sind.\nDabei wird nicht nur die direkte Strecke zwischen einem Sender und einem Empfänger verkürzt. Stattdessen ergibt sich einer der Hauptnutzen des Netzes aus der Tatsache, daß auch die Vernetzung einer Publikation teilweise oder ganz automatisiert wird. Unter der Vernetzung einer Publikation verstehe ich dabei einmal, daß Sender und Empfänger einer Kommunikation einander finden können, daß man also die richtigen Leute erreicht. Zum anderen, daß die Kommunikation mit anderen, unter bestimmten Aspekten verwandten Dokumenten vorwärts und rückwärts verknüpft wird. Das Internet verknüpft also Leute mit Leuten - über starke und schwache Bindungen von sozialen Netzen. Es verknüpft Leute mit Dokumenten, über Suchen, Klassifizierungen, Feeds und Subscriptions. Und es verknüpft Dokumente mit Dokumenten, über Links und Trackbacks, Threads, in Suchmaschinen geworfene Zitate, Tags oder Klickzähler und Gewichtungen.\nDer Effekt ist, daß populäre Dokumente und Meinungen populärer werden und mehr Verbreitung erfahren, daß populäre Personen populärer werden und mehr Reichweite bekommen und daß so Kommunikation und Diskurs auf eine Weise ermöglicht wird die vorher nicht existiert hat, weil Transaktionskosten für eine individuelle Publikation, aber auch Transaktionskosten für Vernetzung und Organisation vor dem Hintergrund der allgemeinen Infrastrukturkosten vernachlässigbar klein sind.\nDas Internet ist, selbst wenn wir für das Netz bezahlen, eine Kommunikations-Flatrate. Längen von Publikations- und Suchketten verkürzen sich und können für bestimmte Kommunikationsaufgaben sogar gegen Null gehen. In der Regel sind die Kettenlängen nicht länger als zwei, das bedeutet, am Zustandekommen einer einzelnen individuellen Kommunikation sind nur der Sender und der Empfänger beteiligt - Mittler sind nicht mehr involviert.\nDer Konflikt um die Mittler ist der Konflikt \u0026ldquo;Netzneutralität\u0026rdquo; Wir haben nun einen offenen gesellschaftlichen Konflikt um die Ausübung unserer Meinungs- und Informationsfreiheit im Internet. Der Konflikt ergibt sich aus dem Wegfall von Mittlern bei der Produktion, Verbreitung und Vernetzung von Personen und Dokumenten. Denn bisher hat jede Form von gesellschaftlier Regulierung von Diskursen und Kommunikation immer an den Mittlern statt an den Sendern und Empfängern angesetzt.\nNach Auffassung derer, die das Internet tatsächlich verwenden statt nur darüber zu reden ist das beim Internet nicht akzeptabel. Es ist nicht akzeptabel, weil das Internet eine Kommunikationsinfrastruktur ist und ein Internet-Anbieter - sei es ein Zugangsanbieter, ein Dienstbetreiber oder ein Betreiber eines Suchdienstes - nicht am Zustandekommen einer individuellen Kommunikation beteiligt ist. Wenn er versucht, auf eine individuelle Kommunikation einzuwirken - sie zu sperren, zu modifizieren oder umzuleiten - dann richtet er für das Netz und die das Netz betreibende Gemeinschaft als Gesamtheit mehr Schaden als Nutzen an. Wir wissen und erfassen das instinktiv, und darum sind wir dagegen. Das ist genau die Debatte um Netzneutralität , die in den USA vor einem kommerziellen Hintergrund geführt wird. In Deutschland wird sie eigenartigerweise vor dem Hintergrund des Jugendschutzes geführt\u0026hellip;\nDieses aus der Erfahrung der Netznutzung gewonnene Wissen um den Wert der unbeeinflußten neutralen Kommunikation ist es, das 134.000 Personen bewogen hat, die Petition gegen das Zugangserschwerungsgesetz zu unterzeichnen und gegen Spielereien am DNS oder gar providerseitige Eingriffe in einzelne Kommunikation mittels Deep Packet Inspection zu sein. Dabei ist es eigentlich unwichtig ob es in Deutschland um Kinderpornographie geht oder auf EU-Ebene um Werbeeinspeisungen .\nEs geht darum, die Finger aus der Kommunikationsinfrastruktur heraus zu lassen. Wenn Infrastruktur sich stattdessen plötzlich für individuelle Transaktionen auf dem Substrat dieser Infrastruktur interessiert und sie manipuliert - ganz egal aus welchem Grund auch immer - dann ist sie keine Infrastruktur mehr, sondern eine dritte Partei. Dann gehen Transaktionskosten in die Höhe und der Nutzen der vernachlässigbaren Kosten geht verloren - kostenlos wird teurer .\nDas Problem ist, daß die Idee der Regulierung von Kommunikation und gesellschaftlichem Diskurs tief in den Institutionen unserer Gesellschaft verankert ist. Die Zensursula-Debatte ist dabei nur die erste in einer lange Reihe, und die Nächste steht dabei schon auf der Agenda: der Jugendmedienstaatsvertrag ist das zweite Einfallstor. Dort will man Sender, Empfänger und Mittler umfassend kontrollieren - Sender sollen Inhalte markieren, Mittler sollen Inhalte filtern oder für Inhalte von Sendern individuell verantwortlich gemacht werden, und Empfänger sollen Filter installieren.\nDas mag man nun verklausulieren oder an einzelnen Stellen zurück rudern, aber das ist nicht der Punkt.\nDas deutsche BTX ist gescheitert, weil es als Netz zwischen Anbietern und Nutzern getrennt hat - es ist ein sehr großer Aufwand gewesen, Informationen auf der Plattform BTX bereit zu stellen, verglichen mit dem Aufwand einen eigenen Webserver zu betreiben, und erst Recht verglichen mit dem Aufwand ein Blog bei einem Bloganbieter in Betrieb zu nehmen oder gar verglichen mit dem Aufwand, einen Buzz-Stream zu befüttern. Es ist gescheitert, weil die Kosten für eine Mail in BTX gigantisch groß waren, verglichen mit den Kosten einen eigenen Mailserver zu betreiben, und erst recht verglichen mit den Kosten eines Gmail-Accounts oder den Kosten einer Twitter-Nachricht.\nInternet-Regulierung, sei es durch Zensursula, durch fehlgeleiteten Jugendmedienschutz oder durch ACTA, treibt die Transaktionskosten für alle in die Höhe, trennt zwischen Sendern und Empfängern und verhindert casual communication. Sie zerstört das Medium.\nDas ist der Grund warum wir dagegen kämpfen. Müssen. Wir können gar nicht anders.\nWeg mit den Scheindebatten Was wir brauchen, wollen und fordern müssen ist ein neues Grundrecht. Man mag es das Grundrecht auf Netzneutralität nennen, oder das Grundrecht auf mittlerfreie Kommunikation oder das Grundrecht persönliche Interaktion über Kommunikationsnetze.\nEs entsteht aus einer Grundrechtsfusion: Wir haben das Recht zu Senden und das Recht zu Empfangen, das ergibt sich aus der Meinungs- und Rezipientenfreiheit. Wir haben das Recht auf Privatsphäre und das Recht auf Gewährleistung der Vertraulichkeit und Integrität informationstechnischer Systeme. Das sind aber die Eckpunkte eines weiter reichenden Komplexes von zusammengehörenden Dingen, die am Ende das Recht des Menschen darstellen, andere Menschen zu finden und mit Ihnen Kontakt aufzunehmen und mit Ihnen zu kommunizieren ohne daß sich ein Mittler dabei einmischt und diese Kommunikation belauscht, verhindert, verändert, beschränkt oder sonstwie darin eingreft.\nDie Frage ist - haben wir dieses Recht? Bekommen wir es? Können wir es behalten angesichts der verschiedenen Interessengruppen, die gerade daran rumnagen oder gar seine Existenz bestreiten?\nDas ist die Frage, um die herum sich die Piratenpartei-Bewegung eigentlich gegründet hat, an der der AK Zensur eigentlich arbeitet, um die es auf der Seite der Netzbewohner bei der Jugendschutz- und Zensursula-Diskussion eigentlich geht und die dem Prinzip Netzneutralität zugrunde liegt.\nUnd das ist die Debatte, die zu führen ist. Setzen wir sie auf die Agenda!\n","date":"2010-02-23T00:00:00Z","href":"https://blog.koehntopp.info/2010/02/23/grundrechtsfusion-und-ein-grundrecht-auf-netzneutralit-t.html","tags":["internet","netzneutralität","piraten","politik","zensur","lang_de"],"title":"Grundrechtsfusion und ein Grundrecht auf Netzneutralität"},{"categories":null,"content":"Google-Chef im Zeit Online Dialog über Kulturwandel Das ist die netteste Weise jemandem zu sagen, daß er ein Dinosaurier ist und bald aussterben wird, die ich je erlebt habe.\n","date":"2010-02-22T00:00:00Z","href":"https://blog.koehntopp.info/2010/02/22/philipp-schindler-ber-alte-m-nner-mit-kugelschreibern.html","tags":["google","internet","media","mobiltelefon","lang_de"],"title":"Philipp Schindler über alte Männer mit Kugelschreibern"},{"categories":null,"content":"Im Juni letzten Jahres fragte ich \u0026ldquo;Wie viel Strom verbraucht ein Stromzähler? \u0026rdquo;, und dort haben wir auch am Rande Sicherheitsaspekte und Probleme mit solcher Technologie gestreift.\nAndere Leute haben sich in der Zwischenzeit intensiver mit diesen Dingen beschäftigt. Die Ergebnisse sind nicht gut. In Reverse Engineering a Smart Meter baut Nate Lawson mal seinen Stromzähler auseinander: \u0026ldquo;But how vulnerable was I actually?\u0026rdquo;. Das Öffnen des Gehäuses war recht einfach, die vorgefundene Security minimal, und das Lock-Bit auf dem Controller war nicht gesetzt. Ein Firmware-Auslesen ist bereits erfolgt und das ROM harrt nun seiner Interpretation\u0026hellip;\nSchon im Juli letzten Jahres fand CNN heraus: Smart Grid may be vulnerable to hackers (Artikel nur mit JS lesbar und wahrscheinlich DRM verseucht):\nIOActive, a professional security services firm, determined that an attacker with $500 of equipment and materials and a background in electronics and software engineering could \u0026ldquo;take command and control of the [advanced meter infrastructure] allowing for the en masse manipulation of service to homes and businesses.\u0026rdquo;\nDer Artikel von IOActive hat dann mehr Detail:\nDavis\u0026rsquo; research revealed that common attack techniques including buffer overflows, persistent, and non-persistent root kits could be assembled into self-propagating malicious software used to attack smart meters. These vulnerabilities could result in attacks against the Smart Grid, causing utilities to briefly lose system control of their AMI meters and expose them to fraud, extortion attempts, or widespread system interruption.\nNur daß wir hier nicht von ein paar hunderttausend unkritischen PCs reden, sondern von den Geräten, die die Stromzufuhr unserer Haushalte kontrollieren.\nDazu dann vom Januar diesen Jahres mehr wieder bei Nate Lawson: Smart meter crypto flaw worse than thought .\nDie können zum Beispiel keine Crypto, denn:\nTravis Goodspeed has continued finding flaws in TI microcontrollers, branching out from the MSP430 to ZigBee radio chipsets.\nA few days ago, he posted a flaw in the random number generator.\nWhy is this important? Because the MSP430 and ZigBee are found in many wireless sensor systems, including most Smart Meters.\nDer Zufallszahlengenerator, aus dem das Schlüsselmaterial für die Crypto gemacht werden soll, auf denen die Rechnungserstellung basiert, hat nicht nur einen 16 Bit kleinen Entropiepool, sondern außerdem mit nicht zufälligen Startwerten versehen und daher noch leichter vorhersagbar. Dazu ist der Algorithmus, mit dem dann \u0026ldquo;Zufallszahlen\u0026rdquo; generiert werden, nicht kryptografisch sicher, also auch prinzipiell vorhersagbar.\nDas Gerät - eine Serie von TI-Mikrocontrollern die in vielen Embedded Geräten verwendet werden - ist so wie ausgeliefert nicht rettbar.\n","date":"2010-02-22T00:00:00Z","href":"https://blog.koehntopp.info/2010/02/22/smart-meters-revisited.html","tags":["computer","energy","security","lang_de"],"title":"Smart Meters revisited"},{"categories":null,"content":" Nachdem ich neulich meinen Mac in den Service geben mußte, ich für die Zeit einen Ersatz-Mac hatte und ich also zwischen beiden Systemen hin- und her installieren mußte, hier die deutsche Übersetzung einer kleinen Zusammenfassung, die ich für die Firma geschrieben habe.\nOffensichtlich ist es sehr praktisch, dem großen Mac-Gott Time Machine eine Platte zu opfern, weil niemand Backup will und Time Machine sehr gut in Restore ist. In meinem Fall verwende ich eine WD Elements 1TB dafür (etwa 85€), andere in der Firma wollen was kleineres und mit USB Power, nehmen also eine WD Passport (500G @ 92€).\nDiejenigen in der Firma, die ein lokales Linux brauchen, sind mit einem Linux in einer VMware Fusion besser dran als einem Multiboot mit einem nativen Linux. Time Machine alleine reicht schon als Vorteil, und außerdem ist der Wechsel zwischen den Betriebssystemen mit VMware natürlich weniger schmerzhaft als ein Reboot und das Powermanagement vom MacOS ist auch besser als das vom Linux.\nMan kann eine Time Machine Platte bootbar machen. Das erlaubt es einem dann, von der Time Machine Platte zu booten, nachdem man sie angeschlossen hat und den Mac mit gedrückter Option-Taste einschaltet. Im StartupManager kann man dann die Time Machine Platte anwählen und im beginnenden Installationsprozeß statt einer Reinstallation eine Recovery aus der Time Machine Datenbank anwählen. Außerdem hat man Zugriff auf ein Terminal.app und könnte versuchen, den defekten Mac wieder zum Leben zu erwecken.\nDie Platte bekommt man bootbar, indem man Disk Utility startet, die Time Machine Disk anschließt und die erste Installations-DVD ins Laufwerk tut. Die Time Machine Disk in Disk Utility auswählen, den Restore-Tab anklicken, dort die DVD ins Source-Feld und die Time Machine Disk ins Destination Feld, dann Restore drücken. Die Time Machine Disk wird dadurch überschrieben, also bitte sicherstellen, daß da nix wichtiges drauf ist.\nJetzt hat man eine bootbare Platte - nicht umbenennen. DVD auswerfen, Platte unmounten.\nBeim Anschließen oder Mounten der Platte (mit Disk Utility) öffnet sich diese nun automatisch wie es die originale Installations-DVD auch tut. Das nervt. Also müssen wir sie unblessen:\n$ sudo bless --folder \u0026#34;/Volumes/Mac OS X Install DVD/\u0026#34; -saveX Bless steuert normalerweise was von wo warum gebootet wird, kontrolliert aber auch diese Folder Auto-Open.\nIch habe diese Disk nun in den Time Machine Preferences zu meiner Time Machine Backup Disk erklärt. Dadurch bekomme ich einen Backups.backupd-Ordner auf der Platte, der irgendwann einmal die ganze Platte voll machen wird. Das dauert aber, und bis dahin kann ich immerhin noch ein Image der zweiten Installations-DVD auf der Platte als compressed dmg ablegen (mit Disk Utility) und auch alle andere Software, die ich für eine Reinstallation brauche ebenfalls dort unterbringen - Time Machine füllt die Platte und löscht dann alte Backups, tastet aber andere Files außerhalb des Time Machine-Ordners nicht an. Ich habe außerdem einen Ordner mit allen notwendigen Lizenz-Schlüsseln auf der Platte angelegt, der Ort erschien mir günstig für so was.\nSo vorbereitet kostet mich ein kompletter Verlust des Systems weniger als vier Stunden Wartezeit (so lange dauert ein Time Machine Restore maximal, abhängig im wesentlichen von der Anzahl der Dateien, nicht der Größe des Backups) und ich verliere nie mehr als eine Stunde Arbeitszeit (oder wie oft man auch immer Time Machine laufen läßt).\nWeitere nützliche Werkzeuge auf der Kommandozeile sind diskutil, die Kommandozeilen-Version der Mount/Unmount/Eject-Kommandos von Disk Utility, hdiutil, die Kommandozeilenversion der dmg Management Utilities von Disk Utility, und asr, die Kommandozeilenversion der Restore-Funktionen von Disk Utility. Manpages für diese Werkzeuge sind Teil der Systeminstallation. Bless habe ich ja weiter oben schon erwähnt.\nBesonderer Dank gilt Harald Wagener für seine wertvollen Hinweise. Nützlich war auch diese Seite von Mac OS X Hints.\n","date":"2010-02-19T00:00:00Z","href":"https://blog.koehntopp.info/2010/02/19/adventures-in-mac-os-x-maintenance.html","tags":["apple","computer","macos","lang_de"],"title":"Adventures in Mac OS X maintenance"},{"categories":null,"content":"Bundespräsident Horst Köhler hat das Zugangserschwerungsgesetz, vulgo Zensursula-Gesetz, nun doch unterschrieben. Das muß er tun, denn der Bundespräsident hat gemäß Konstruktion unserer Verfassung nicht das Recht eines Vetos gegenüber der Regierung wie das etwa in der Weimarer Republik gewesen wäre.\nDer Spiegel beschreibt das Ergebnis mit dem Absatz\nBundespräsident Horst Köhler hat an diesem Mittwoch mit einer einzigen Unterschrift nicht nur eine, sondern gleich zwei Bundesregierungen blamiert: Die Große Koalition der vergangenen Legislaturperiode, die das nicht nur umstrittene, sondern handwerklich völlig vermurkste \u0026ldquo;Zugangserschwerungsgesetz\u0026rdquo; gegen Kinderpornografie im Netz gemacht hat. Und die jetzige schwarz-gelbe Koalition, die das Gesetz eigentlich gar nicht mehr haben will, nun aber umsetzen muss.\nund faßt die Situation so sehr schön zusammen.\nDie ganze Geschichte dieses Gesetzes ist ein Testament fortdauernden Politikversagens: Erst die fragwürdigen Geheimverträge zwischen Regierung, BKA und Providern, dann die unsägliche Debatte mit dem Regierungs-sträuben gegen jeglichen Rat von Technik- und Verfassungsexperten, das Umfallen im Umfallen der SPD und deren Verkrachen mit ihrem Internet-Rat, die überhastete Verabschiedung des Gesetzes, während die erfolgreichsten Petition aller Zeiten noch lief, und schließlich das durch diese Aktivitäten mit herbeigeführte 2%-Ergebnis der Piratenpartei.\nDie Anhörung ist übrigens am Montag und das Parlament debattiert über mögliche Aufhebungsgesetze dann am 25. Februar, wird diese aber alle aus Prinzip ablehnen, da die Vorschläge allesamt von der Opposition eingebracht worden sind und man einem politischen Gegner aus taktischen Gründen keinen Erfolg gönnen darf.\nWie dem auch sei: Jetzt ist das Gesetz, das plötzlich keiner mehr will, unterzeichnet und muß umgesetzt werden, bis auch dieses Gesetz für verfassungswidrig erklärt wird - wenn man nicht vorher schon ein Aufhebungsgesetz machen will.\nDenn Gesetze, die in Kraft sind, nach Belieben nicht anzuwenden kann auch nicht die Grundlage eines Rechtsstaates sein .\nDamit nicht genug: Man redet von einem Löschgesetz statt eines Sperrgesetzes - aber die Rechtsgrundlage zur Löschung von Kinderpornograpie im Internet gibt es schon, wie die Piratenpartei in die Debatte einwirft . Und man baut gerade an einem Jugendmedienstaatsvertrag, dessen bekannt gewordene Version 2.0 noch mehr Eingriffe in die Kommunikation verpflichtend gemacht hätte als dieses unselige Gesetz es vorsieht. Dessen Version 3.0 wird dann bereits am 24. verhandelt , ist aber wegen des Drucks des Netzes zur Version 2.0 angeblich entschärft. Stattdessen setzt man auf elternseitig installierte Filterprogramme. Die werden zwar auch nicht funktionieren , aber immerhin niemandem schaden außer den Kindern der Eltern, die so was einsetzen.\nEs gibt also wieder viel zu tun, solange wir noch offensiv dumme und internet-analphabetische Politiker haben. Oder, wenn man die böse Zynikerbrille aufsetzt, dann faßt man es wie Aleks und Alvar zusammen.\n","date":"2010-02-19T00:00:00Z","href":"https://blog.koehntopp.info/2010/02/19/die-netzsperren-schlagen-zur-ck.html","tags":["internet","jugendschutz","politik","zensur","lang_de"],"title":"Die Netzsperren schlagen zurück"},{"categories":null,"content":" Vor mehr als 10 Jahren habe ich einmal im Auftrag des BMWI an einer Studie zum Thema Jugendschutz im Internet (PDF) mitgearbeitet. Das war anstrengend, da das Thema Spielball zahlreicher politischer Interessen ist, die sich dort gerne wiederfinden möchten, aber die in der Studie wiedergegebene Ausgangslage ist heute noch unverändert. Ich habe mein persönliches Fazit in kürzerer Form in einem Artikel abgelegt, aber auch dieses Ergebnis ist noch zu lang und zu technisch. Im Grunde kann man die aktelle Situation wie in Jugendschutzfilter saugen und dafür gibt es einen Grund kurz und knackig darstellen.\nEine Lösung für dieses Problem gibt es nicht. Es ist auch heute, 11 Jahre nach der Studie, noch einfacher, sicherer und günstiger, Inhalte unbewertet ins Internet zu stellen oder als Privatanbieter \u0026lsquo;frei ab 18\u0026rsquo; zu bewerten, als sich um das niedrigste legale Rating für seine Inhalte zu bemühen. Und so sind konsequenterweise auch meine Sites alle mit dem höchsten generierbaren ICRA-Label versehen, das Minderjährige konsequent ausschließt (wenn es denn jemanden kümmern würde, daß ein solches Label an meiner Site klebt).\nDer neue Jugendmedienschutz-Staatsvertrag ist nun nichts weiter als ein Hilferuf des Staates. Der Staat will nun endlich nach Jugendschutzkriterien bewertete Angebote im Internet, und dabei muß er Bedingungen erzeugen, die einerseits bewirken, daß die Bewertungen nicht zu niedrig sind, andererseits es aber Anbietern nicht attraktiv erscheinen lassen, sich sicherheitshalber zu hoch zu bewerten oder gar unbewertet zu publizieren (was einer \u0026ldquo;ab 18\u0026rdquo;-Einstufung gleich käme).\nDer Arbeitsentwurf, der dabei veröffentlicht wurde, setzt allen Anbietern - Inhaltsanbietern, Hostern und Providern - jetzt die Pistole auf die Brust. Es ist die Art der Politik zu sagen \u0026ldquo;Löst dieses Problem jetzt, oder wir machen Regeln, mit denen niemand zufrieden ist\u0026rdquo;. Blöd nur, daß die wirtschaftlichen Rahmenbedingungen sich dabei in jedem Fall so verändern werden, daß die Transaktionskosten für eine Veröffentlichung von irgendwas steigen werden: Kostenlos ist grad teurer geworden.\nAndererseits ist das auch genau eine Linie der Politik der aktuellen Regierung: Es sind die kostenlosen Angebote in ausreichender bis exzellenter Qualität, die derzeit den Medienwandel treiben. Unsere Klientelregierung hat nun versprochen, dieses Problem zu beheben. Konsequenterweise ist dieser Entwurf eines Jugendmedienschutzes auch ein Anschlag auf die kooperative Kultur des Internets, denn es gilt, kostenlose Angebote unattraktiver zu machen, um kompetetiven, traditionell geldgestützt operierenden Sites mehr Luft zum Atmen zu geben. Da diese Sites auch traditionellen Regulierungsinstrumentarien zugänglich sind, ist dies politisch und wirtschaftlich wünschenswert.\nDie Analysen und Aufrufe von\n1 und 1 , Andi Popp , Thomas Stadler , Nerdcore und Ingo Jürgensmann zeigen die wichtigen Punkt auf. Sie zeigen aber nicht, daß sich hier gerade eine unheilige Allianz von Politik und Großmedien aufbaut, denen eine solche Entwicklung genau die gewünschten Veränderungen erzeugt:\nDie Publikation von kostenlosen, kooperativ erzeugten freien Inhalten wird aufwendiger. Es wird die Überwachungs- und Zensurinfrastruktur legitimiert, die schon im Rahmen der Zensursula-Diskussion gewünscht wurde. Das ganze wird am Ende ein Muster-Anwendungsfall für den elektronischen Personalausweis, der notwendig wird, um sich beim Provider und beim Site-Betreiber für den Internet-Zugang und den Inhaltszugriff zu legitimieren und die Bedarfsträger können endlich mit Identitäten statt IP-Nummern operieren, wenn sie ermitteln wollen. Mit diesen Identitäten lassen sich auch Meldungen und ihre Weitergabe ausgezeichnet tracken, sodaß wir auch eine technische Basis für den Verteilschlüssel der Einnahmen aus dem neuen Leistungsschutzrecht haben. Diesen politischen und wirtschaftlichen Drücken stellt man sich entgegen, wenn man gegen diesen Entwurf ist. Um den Jugendschutz geht es dabei nur am Rande.\nAndererseits kann man das ganze natürlich auch als die neue Kampagne der etablierten Parteien für die Piratenpartei interpretieren.\n","date":"2010-01-26T00:00:00Z","href":"https://blog.koehntopp.info/2010/01/26/ab-18.html","tags":["blog","jugendschutz","politik","zensur","lang_de"],"title":"Ab 18"},{"categories":null,"content":"Einmal schreibt Susanne Gaschke in der Zeit einen weiteren Hetzartikel gegen Google und wie wir alle in den Händen dieser cthulhuiden Datenkrake landen werden. Unterdessen versteigt man sich beim Spiegel zu Vergleichen von Google mit der Stasi . Das alles konzertiert ein Ausheulen der Verlegervertreter beim Kartellamt , wobei sich die Begründung der Beschwerde recht deutlich wie \u0026lsquo;Wir wollen auch was von dem Geld, sonst müssen wir uns womöglich anpassen\u0026rsquo; liest.\nFrau Leutheuser-Schnarrenberger klingt dabei fast niedlich:\nMich stört dieses Vorpreschen, diese Gigantomanie, die auch bei der Google-Buchsuche durchscheint\u0026quot;, sagte sie.\nJa, die Dame stört sich tatsächlich an Innovation und an groß angelegtem interdisziplinärem Denken.\nDer aktuelle Angriff auf Google aus China und die Drohung von Google, sich aus dem Chinageschäft zurück zu ziehen paßt entsprechend auch nicht so ganz ins Konzept. Die Zeit begrüßt das zwar im Prinzip, wähnt sich aber in\nder Google-Republik , wobei sie auf die \u0026lsquo;Bananenrepubliken\u0026rsquo; in Mittelamerika im Griff der United Fruit Company (Chiquita) anspielt. Und so sitzt Google in der Mitte und kann es keinem Recht machen: Entweder böser Zensor, der dem Regime in die Hände spielt oder ein böser Konzern, der es wagt, politisch aktiv zu werden:\nOffensichtlich betrachtet sich der Konzern als so mächtig, dass er einerseits auf den chinesischen Markt, immerhin einen der größten der Welt – verzichten kann. Und andererseits auch als stark genug, sich mit der chinesischen Regierung anzulegen. Etwas, das nicht einmal große Industrienationen wie Deutschland oder die USA ernsthaft wagen.\nDas sollte aber vielleicht eher an die Adresse der Bundesregierung gehen.\nCarta analysiert korrekt :\nWas hier abläuft, ist knallharte Klientelpolitik. Liberale Medien und FDP werfen sich die Bälle zu. Gesetze, die (außer von einigen Verlegern) von niemandem gefordert werden, sollen durch’s Parlament gejagt werden. Volksvertreter sollen zur Ausschaltung einer lästigen Konkurrenz missbraucht werden. Um diesen skandalösen Vorgang zu verstehen, muss man ein paar Monate zurückgehen.\nEin lohnender Artikel, der die o.a. Medienschau sauber erklärt und die Zeit-Kampagne gut ausleuchtet.\n","date":"2010-01-18T00:00:00Z","href":"https://blog.koehntopp.info/2010/01/18/google-im-fadenkreuz-der-politik.html","tags":["google","internet","politik","lang_de"],"title":"Google im Fadenkreuz der Politik"},{"categories":null,"content":" Mobilfunkmarkt jetzt\nGoogle hat entschieden, daß der Voice-Anteil des Mobilfunkmarktes irgendwie nicht weiter wichtig sein wird in der Zukunft, sondern daß am Ende gewinnt, wer das mobile Internet beherrscht. Auch SMS und andere Dienste werden dabei langfristig von Chatanwendungen und Twitter geplättet werden. Es kommt also mehr darauf an, diese Anwendungen auf einem Mobilfon zu kontrollieren, das always on ist, als alten Mobilfunkmist zu emulieren. Derlei Zeugs braucht man nur noch für legacy, aber eigentlich will man ja ein Google Voice Handset.\nMobilfunkmarkt der Zukunft\nDaher ist es wichtig, ein eigenes Handset zu haben, damit man die Anwendungen im Internet mit den Anwendungen auf dem Handset schön integrieren kann und damit man auch die User Experience auf dem Handset kontrollieren kann (und mit den eigenen Mitarbeitern auch ausmetern, dadurch wird das ganze eine inkrementellen und evolutionären Ansatz für UI Optimierung nach Marissa Mayer zugänglich).\nMan beachte die Darstellung der Mobilfunk-Netzbetreiber in der obigen Ansicht - in einem Netz mit funktionierender Netzneutralität haben sie die Bedeutung und die Mehrwertdienste von Gas/Wasser/Scheiße-Anbietern heute. Doof, wenn man einer von denen ist (oder Aktien von denen hat).\nArtikel dazu . Money Quote dazu:\nGoogle will push full VOIP usage on these, meaning no voice/sms plans needed at any carrier. Voice calls will go through Google Voice on Data SIM cards and will provide unlimited free voice calling. And SMS is replaced by unlimited free Gtalk.\n","date":"2009-12-15T00:00:00Z","href":"https://blog.koehntopp.info/2009/12/15/google-baut-ein-telefon.html","tags":["google","internet","lang_de"],"title":"Google baut ein Telefon"},{"categories":null,"content":"Ich sitze hier daheim beim PHPlätzchenbacken und Kore fragt mich eben: \u0026ldquo;Sage einmal, ich habe daheim so einen Router, der NAT macht und den ich als Sprunghost verwende, und dahinter meinen Desktop-Rechner. Kann ich eigentlich Dateien von daheim von meinem Desktop auf mein Netbook kopieren, ohne daß ich die auf dem Router als Zwischenkopie ablegen muß?\u0026rdquo;\nEs geht sogar besser als das, und dafür braucht man eine $HOME/.ssh/config-Datei auf seinem Netbook und eine Kopie von \u0026rsquo;netcat\u0026rsquo; oder \u0026rsquo;nc\u0026rsquo; auf dem Router. Das ist bei Kore mit dem Busybox-Netcat auch der Fall.\nSo geht\u0026rsquo;s:\nServerAliveInterval 10 ServerAliveCountMax 3 Compression yes HashKnownHosts no TCPKeepAlive yes ControlMaster auto ControlPath ~/.ssh/ssh_control_%h_%p_%r Host router Hostname name.homeunix.org User name Port 4444 Host desktop Hostname 192.168.1.2 User name Port 22 ProxyCommand ssh router nc -w30 %h %p LocalForward 6667 127.0.0.1:6667 LocalForward 1993 127.0.0.1:993 LocalForward 1587 127.0.0.1:587 LocalForward 1999 news.mein-freund.de:119 DynamicForward 1080 Host * ForwardAgent yes Der Router ist dabei ein wenig langsam und es ist sehr mühsam, die erste dieser Verbindungen aufzubauen. Sobald die Verbindung aber steht, ist sie normal schnell. Der ControlMaster sorgt dafür, daß überhaupt nur eine ssh-Verbindung per Host aufgebaut wird. ssh tunnelt dann die anderen ssh-Verbindungen zum selben Host wegen des ControlMaster per Multiplexer durch die eine bestehende Verbindung. Das ist in diesem Fall nett, weil es schnell ist.\nIn meinem eigenen Anwendungsfall ist sogar noch ein RSA Security Dreckstoken involviert und ich habe keine Lust für jedes ssh oder scp jedesmal einen RSA Security Dreckscode abzutippen. Durch den ControlMaster brauche ich mich nur einmal pro Tag morgens einzuloggen und multiplexe dann alle meine Verbindungen durch die eine bestehende Verbindung in die Firma.\nDabei helfen mir die verschiedenen KeepAlive- und AliveInterval-Einstellungen die bestehende Verbindungen gegen alle Timeout-Versuche der Firmenkonfiguration am Leben zu halten, auch dann, wenn ich die Leitung mal ein wenig vor sich hin idlen lasse.\nDer Eintrag router ist dabei ein Kurzname (eine ssh Bookmark), die intern auf einen tatsächlichen Hostnamen, einen Usernamen und einen Port expandiert wird. Ein \u0026lsquo;ssh router\u0026rsquo; wird also zu einem \u0026lsquo;ssh -P4444 name@name.homeunix.org \u0026rsquo; umgeschrieben.\nDer Eintrag desktop wird genau so expandiert. Der Trick ist dabei jedoch das ProxyCommand. Ein \u0026lsquo;ssh desktop\u0026rsquo; wird also in Wahrheit zu einem \u0026lsquo;ssh router $kommando\u0026rsquo; expandiert, das von der ssh wegen des Eintrages darüber jedoch zu einem \u0026lsquo;ssh -P4444 name@name.homeunix.org $kommando\u0026rsquo; erweitert wird.\nDabei ist das Kommando \u0026rsquo;nc -w30 desktop 22\u0026rsquo;, also ein transparenter Tunnel von router zu desktop auf Port 22.\nDas Kommando \u0026lsquo;ssh desktop\u0026rsquo; baut also eine Verbindung vom Netbook (wo immer das gerade ist) zum router auf und von dort automatisch weiter zum Desktop. Das funktioniert so gut, daß man nicht nur auf dem Laptop \u0026lsquo;ssh desktop\u0026rsquo; tippen kann und dann daheim ist, sondern daß man sogar \u0026lsquo;scp desktop:/etc/my.cnf Desktop/\u0026rsquo; auf dem Netbook tippen kann und die Datei wird durch den Router hindurch von daheim geholt und auf dem lokalen Desktop abgelegt.\nAls KDE-Anwender kann man sogar im Editor auf dem Netbook einfach \u0026lsquo;fish://desktop/etc/my.cnf\u0026rsquo; zu bearbeiten öffnen, die Datei bearbeiten und dann einfach mit Control-S auf dem Desktop daheim abspeichern.\nMan kann noch mehr tun:\nDie LocalForward-Anweisungen bauen weitere Tunnel auf. Der Port 6667 auf dem Netbook verbindet einen also mit dem Irc-Bouncer auf dem Desktop-Rechner, die Ports 127.0.0.1:1993 und 127.0.0.1:1587 auf dem Netbook verbinden einen mit den imaps- und submission -Ports des Desktop-Rechners und der Port 1999 des Netbook gibt nun eine Verbindung zum NNTP-Server von news.mein-freund.de. Dabei sieht es für news.mein-freund.de so aus, als käme die Verbindung vom Desktop-Rechner und nicht vom Netbook und die Datenübertragung vom Netbook zum Desktop ist natürlich ssh-verschlüsselt.\nDer DynamicForward 1080 bewirkt, daß die ssh auf dem Netbook ein SOCKS5-Proxy ist. Stellt man in seinem Firefox in den Proxy-Einstellungen einen SOCKS5-Proxy auf 127.0.0.1:1080 ein, dann reicht Firefox als URLs über ssh an den Desktop-Rechner weiter, der dann an Stelle des Netbook die Daten beschafft und an den Firefox weiter gibt. Mein gibt also - egal wo man ist - keine URLs an einen Firmenproxy weiter, sondern greift, egal wo man ist, durch sein heimisches Desktop-DSL auf das Web zu.\nIm Zusammenhang mit einem Dedi irgendwo und einem passenden openvpn-Server sollte man außerdem aus jedem Firmennetz eine Verbindung nach draußen bekommen und sich so in jedem Fall freischwimmen können, egal wie restriktiv das Firmennetz konfiguriert ist.\nUpdate: oliof schlägt vor, noch ein \u0026lsquo;Compression yes\u0026rsquo; an geeigneter Stelle einzustreuen.\n","date":"2009-12-06T00:00:00Z","href":"https://blog.koehntopp.info/2009/12/06/ssh-durch-den-gateway-host.html","tags":["lang_de"],"title":"ssh durch den Gateway Host"},{"categories":null,"content":"Google teilt mit, daß sie nun eigene öffentliche DNS-Server betreiben, und erklärt dabei für Laien, wie man DNS-Server des Providers ausnullt und durch den DNS-Server von Google ersetzt.\nDas ist sicher nur vorübergehend, ich bin sicher, daß die nächsten Versionen von Google Toolbar und Chrome dem Benutzer auch anbieten werden, die Änderung an seiner Stelle zu machen und zu kontrollieren, daß diese Einstellungen so bleiben. Ich bin mir auch sicher, daß Google Wege finden wird, die Kommunikation zwischen dem Rechner des Anwenders und Google so abzusichern, daß es nicht mehr möglich sein wird, DNS-Queries zwischen dem Client Rechner und Google durch einen transparenten DNS-Proxy abzufangen und auf die providereigenen DNS-Server zu fälschen - ich rechne da mit einer stufenweisen Eskalation zwischen lokalen Providern und Google, die am Ende auf einen weiteren Aspekt der Netzneutralitätsdebatte hinausläuft.\nMit dem Google DNS tut Google einen weiteren wichtigen Schritt, um sich von anderer Leute Infrastruktur unabhängig zu machen , und er ist damit voll konsistent mit der beobachteten Google-Strategie.\nDie Aufgabe des Google DNS-Dienstes ist nach Aussage von Google ein Experiment in Performance-Verbesserung. Google will mit ihrem DNS-Server Muster in DNS-Anfragen erkennen und durch geeignetes Clustering und Prefetchen die Antwortzeiten verbessern. Dadurch soll der Aufbau von Webseiten schneller werden.\nSpezifisch sagt Google in der Intro zu dem Dienst, daß Google DNS für keine Domain authoritative ist, daß Google keine eigenen Rootzonen in die Antworten mischt und daß Google auch DynDNS oder andere DNS-Provider nicht ersetzen will.\nViele Provider in Deutschland manipulieren ihr eigenes DNS jedoch so, daß Anfragen nach nicht existierenden Hostnamen keinen Fehler erzeugen, sondern die IP-Nummer eines Provider-eigenen Webservers zurückliefern, auf dem sie dann einen Suchdienst laufen lassen und dabei dort auch Werbung einblenden. Der Google DNS tut das nicht, und so macht Google auf diese Weise auch das DNS wieder heil , denn derzeit ist es so, daß der Google DNS sauberer ist als die meisten ISP-DNS Server.\nJedoch: Das ist auch eine Art Angriff. Wenn Kunden statt des Provider-DNS den DNS-Dienst von Google verwenden, dann berauben sie ihren ISP dieser Einkommensquelle und so kommt es, daß selbst diese Form des DNS-Dienstes für viele Provider eine (wenn auch kleine) Bedrohung ist, da Google auch hier eine Einkommensquelle abzieht, selbst wenn Google den Traffic nicht nutzt um selbst Einkünfte zu generieren.\nAußerdem steht natürlich strategisch die Drohung im Raum, daß Google sich mit seinem Teil der Userbase irgendwann \u0026lsquo;selbstständig\u0026rsquo; macht. Wenn die Anzahl der Benuzter, die 8.8.8.8 und 8.8.4.4 als DNS Verwenden erst einmal groß genug ist, dann ist es möglich, diesen DNS unter der Kontrolle von Google zu einem Misch-DNS umzuarbeiten, der ähnlich den ISP-DNS Suchseiten mit generiert, der neben den offiziellen Antworten auch eine .google Toplevel-Domain erzeugt oder der gar gänzlich vom normalen DNS abgelöst ein Googleversum erzeugt. Google wäre für diese Benutzer der Gatekeeper, der entscheidet, ob und welche Domains überhaupt erreichbar sind - jedenfalls so lange wie diese Benutzer sich entscheiden, diese IPs weiter als ihre DNS-Server zu verwenden.\nDas alles tut Google derzeit wohlgemerkt nicht, und weist in ihrer Dokumentation auch spezifisch darauf hin, daß sie das nicht tun. Das muß Google auch nicht tun - es reicht die Vorstellung, daß das möglich wäre, hätten sie erst einmal genug User. Für Google ist all dies in der laufenden Debatte um Netzneutralität ein sehr wichtiges, aber sehr leises Argument. Von daher ist dieser Schritt seitens Google von einiger strategischer Brillianz.\nFefe hat auch so seine Gedanken zum Thema. ","date":"2009-12-04T00:00:00Z","href":"https://blog.koehntopp.info/2009/12/04/google-dns.html","tags":["lang_de","internet","google"],"title":"Google DNS"},{"categories":null,"content":"Medienecho zur Taxi-Studie des ADAC auf Google News.\nDer ADAC hat die deutschen Taxiunternehmen getestet und das Ergebnis war verheerend. Mit der Studie verbindet der ADAC eine Reihe von Forderungen. Die Story ist Ende Oktober durch alle wichtigen Zeitungen gegangen, hier eine Auswahl.\nHandelsblatt - nennt Städtezahl (12) Grundgesamtheit (240 Fahrten), Kriterien, Sieger und Verlierer und typische Probleme. Quelle nicht verlinkt. Autobild - nennt Städtezahl, 20 Fahren pro Stadt, Kriterien, Sieger und Verlierer, hat eine Tabelle. Quelle nicht verlinkt. Spiegel - nennt Städtezahl, Grundgesamtheit, Mängelquote, Sieger und Verlierer, Quelle nicht verlinkt. Zeit - nennt Städtezahl, Grundgesamtheit, Mängelquote, Quelle nicht verlinkt (Die Zeit nennt eine DPA-Meldung als Quelle) Potsdamer Neuste Nachrichten - Fokus auf Potsdamer Ergebnis, Städtezahl und Grundgesamtheit nicht genannt, Quelle nicht verlinkt. BZ Berlin - Nachrichtenfragment ohne sinnvollen Inhalt und ohne Quelle. Taxi Heute - Originaltabelle des ADAC, 12 Städte, 240 Fahrten, Fehlerquote, Sieg- und Verlierergründe, Link auf die Originalquelle. Die Originalquelle des ADAC nennt die Methodik und listet auch die Forderungen des ADAC . Die Umwegfahrten zeigt der ADAC in Beispielen (Als jemand, der in Karlsruhe Auto gefahren ist, finde ich die Karlsruhe \u0026ldquo;Irrfahrt\u0026rdquo; ziemlich interessant).\nSind die Grundgesamtheit und die Anzahl der Testfahrten ausreichend für eine repräsentative Studie? Was sind die Kosten für die Erstellung des Tests, überschlagen? Was würde es kosten, ein vergleichbares Medienecho durch Werbung zu erzeugen? Was ist die Agenda des ADAC? Ist der ADAC hier effektiv? Bewerte die Meldungen in den Zeitungen angesichts der Originalquelle. Definiere \u0026ldquo;Qualitätsjournalismus\u0026rdquo;. ","date":"2009-11-29T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/29/meldung-und-hintergrund.html","tags":["media","reisen","lang_de"],"title":"Meldung und Hintergrund"},{"categories":null,"content":" Der Artikel Batman in der deutschen Wikipedia - unser Arbeitsbeispiel.\nWikipedia ist eine Online-Enzyklopädie. Die meisten Menschen nutzen Wikipedia zum Nachschlagen, das heißt ihre Nutzung ist lesend und vertikal. Lesend bedeutet, die verändern den Artikel nicht, obwohl Wikipedia das prinzipiell zuließe, und vertikal heißt, daß sie meistens über einen Deep Link direkt bei dem Artikel landen und auch nicht nach anderen verwandten Artikeln schauen.\nDementsprechend erwarten Benutzer, daß die Informationen in dem Artikel wahr und vollständig sind und möglicherweise sind sie das sogar. Dieser Blogeintrag soll helfen, die Qualität eines Wikipedia-Artikels beurteilen zu können.\nArtikel Greifen wir uns einmal ein Beispiel für einen Artikel heraus, und zwar zu einem Thema, zu dem möglicherweise jeder was sagen kann: Batman .\nAuf den ersten Blick wirkt dies wie ein sauberer und strukturierter Artikel: Es gibt eine Zusammenfassung, ein paar Bilder und ein Inhaltsverzeichnis. Das Inhaltsverzeichnis sieht ebenfalls aus, als wäre der Artikel sinnvoll strukturiert und würde das Thema gut abdecken.\nLiest man den Artikel durch, bekommt man einen Aufsatz oder eine Hausarbeit über Batman zu lesen, die durchaus als Einführung in das Thema geeignet ist - wie es bei der Wikipedia üblich ist, weiß man jedoch nichts über den oder die Autoren dieser Arbeit.\nWeitere Artikel Unter der Überschrift \u0026ldquo;Batman\u0026rdquo;, aber vor dem Artikeltext findet man ein USB-Symbol und den Text \u0026ldquo;Der Titel dieses Artikels ist mehrdeutig. Weitere Bedeutungen sind unter Batman (Begriffsklärung) aufgeführt.\u0026rdquo; Dies ist eine WP:BKL und das ist Wikipedia-Slang für eine Begriffsklärungsseite. Die Begriffsklärungsseite für Batman verweist nicht nur auf die gleichnamige Stadt in der Türkei, sondern auch auf auf Einzelseiten zu den Comicserien, den Filmen und den Fernsehserien.\nDennoch finden wir auf der Hauptseite \u0026ldquo;Batman\u0026rdquo; jede Menge Detailinformationen zu diversen Batman-Verfilmungen, die anders als die Informationen zu den Comics nicht ausgelagert worden sind. Damit man einen kompletten Überblick bekommt, ist es unbedingt notwendig der BKL zu folgen und alle Einzelseiten zum Thema kurz durchzusehen, um festzustellen, welche davon für die Fragestellung wichtig sind.\nFür jede Seite muß man dann wie weiter unten die Qualität und Strittigkeit der Seite prüfen, um festzustellen, welchen Informationen man vertraut.\nQuellen und Weblinks\nQuellen und Literaturverweise im Batman-Artikel\nUm bewerten zu können, ob der Artikel wahr und vollständig ist, muß man sich den Quellen zuwenden können, auf denen der Artikel basiert. Als geübter Wikipedia-Leser scrollt man also zunächst einmal an das Ende des Artikels und sucht dort nach den Belegen für die im Artikel aufgestellten Behauptungen.\nHier wird schon die erste Schwäche sichtbar, die den Batman-Artikel als keinen zeigemäßen Wikipedia-Artikel enthüllt: Es gibt überhaupt nur 4 Quellen , von denen drei im Abschnitt über Motive der Figur verwendet werden und einer sich auf einen minder wichtigen Kurzfilm (keinen Comic) beziehen. Der Rest des Artikels ist in der Tat ein freier Aufsatz, dessen Rückhalt in externer Literatur nicht nachgewiesen ist und den jemand, der zum Thema nichts weiß, nicht verifizieren oder falsifizieren kann - auch wenn Wikipedia das fordert .\nWollte man sich selbst die notwendige Fachkenntnis aneignen, um den Artikel inhaltlich bewerten zu können, könnte man mit den im Abschnitt \u0026ldquo;Literatur\u0026rdquo; genannten Werken starten. Im Abschnitt \u0026ldquo;Weblinks\u0026rdquo; findet man dann verweise auf andere Webseiten - diese sollen laut der Richtlinie WP:WEB \u0026ldquo;Bitte sparsam und vom Feinsten\u0026rdquo; sein. Es wird vorgeschlagen, bis zu fünf Links zu hinterlegen, die möglichst direkt zum Thema, in deutscher Sprache und möglichst statisch sind (also nicht gerade auf Diskussionsforen oder soziale Netzwerke verweisen).\nBesonders der Verweis ins DC Wiki aus den Weblinks zeigt dann auch gleich, wie ein viel besserer Batman-Artikel aussehen kann. Dort wird nämlich erst einmal nach den verschiedenen Versionen von Batman unterschieden, die durchaus unterschiedlich ausgeprägte Geschichten haben, selbst wenn man Elseworlds einmal ausklammert. Wählt man dann eine Version aus, sieht man auch, daß sich die Geschichte einer Comicfigur auch mit Quellen belegen läßt . Bemerkenswert am Wikipedia-Artikel zum Thema Batman ist dagegen, daß er zwar alle Batman-Filme auflistet, die jemals produziert worden sind, aber nicht auf ein einziges Comicheft verweist.\nNur mal zum Vergleich sei hier auf Azundris\u0026rsquo; Dokumentation zu Poison Ivy verwiesen, die die Hintergrundgeschichte der Figur und ihre Fertigkeiten Satz für Satz mit den relevanten Originalquellen belegt - zwar kein Teil der Wikipedia, aber sehr viel enzyklopädischer.\nAuch zum Vergleich sei hier auf den Abschnitt Einzelnachweise von Fefes Blog verwiesen - auf Grund der Relevanzdiskussion, die unter anderem um diesen Artikel herum entflammt ist, ist dies wahrscheinlich einer der am sorgfältigsten nachgewiesenen Artikel in der Wikipedia.\nDiskussion Die Seite Diskussion:Batman .\nZu jedem Artikel in der Wikipedia gibt es eine Diskussionsseite. Will man wissen, was nach Meinung der Wikipedianer aktuelle und vergangene Probleme mit dem Artikel sind, dann muß man sich die Diskussionsseite zum Artikel ansehen und diese durchsehen.\nWikipedia hat kein Diskussionsforum in ihr Wiki integriert. Die Diskussionsseite ist stattdessen ein weiterer Artikel, der von allen Diskussionsteilnehmern gemeinsam bearbeitet wird. Zwar wäre es deswegen möglich, Diskussionsbeiträge anderer nachträglich zu löschen, zu editieren oder inhaltlich zu verändern, aber da die Diskussionsseite auch eine normale Wikiseite ist, hat auch sie eine Versionsgeschichte und darüber sind solche Manupulationen immer nachweisbar.\nEinen Diskussionsbeitrag auf der Diskussionsseite einfügen.\nDiskussionsseiten sind mühsam - nicht nur muß man die Einrückstufe der Nachrichten als Diskussionsteilnehmer selbst pflegen, sondern man darf auch nicht vergessen, seine Beiträge manuell mit \u0026lsquo;\u0026ndash; ~~~~\u0026rsquo; (Strich Strich Leerzeichen, 4 Tilden) zu signieren. Dieses Kürzel wird vom Mediawiki durch Datum und Benutzernamen ersetzt und ermöglicht zurechenbare Diskussionsbeiträge erst.\nDie Struktur der Diskussionsseite frei und muß sich nicht an der Struktur des Artikels orientieren. Daher sind die Bezüge zwischen Diskussion und Artikel, der diskutiert wird, gelegentlich unklar. Im Zweifel gilt: Lieber noch einmal nachfragen. Denn: Eine Analyse der Diskussion zu einem Artikel ist wichtig, und genau so ist es ebenfalls wichtig die Diskussionsbeiträge in Bezug zur Struktur des Originalartikels zu setzen. Denn nur auf diese Weise wird einem klar, welche Teile des Artikels nach Meinung der Wikipedianer umstritten oder verbesserungsbedürftig sind.\nSieht man sich die Diskussion:Batman an, findet man Diskussionsbeiträge mit unklarem Bezug \u0026ldquo;Muß das da rein? \u0026rdquo;. Genaueres Lesen zeigt einem: Die Beiträge sind von 2005, und beziehen sich auf Abschnitte im Artikel, die nicht mehr existent sind \u0026ndash; aber der Abschnitt, auf den sie sich beziehen wird in der Diskussion auch nicht genannt und wäre auch 2005 zunächst unklar gewesen.\nAktuelle Diskussionsbeiträge aus 2009 sind quer durch die Diskussionsseite verstreut. Man findet sie am schnellsten, indem man die Versionsgeschichte der Diskussionsseite durchgeht.\nVersionsgeschichte Das bringt uns zum nächsten Punkt - die Versionsgeschichte des Artikels . Jede Seite in Mediawiki hat eine und das heißt, für den Batman-Artikel gibt es zwei. Eine für den Artikel selbst und für die Diskussionsseite zum Artikel. Für unsere Zwecke ist die erste Versionsgeschichte interessant, denn nur an ihr können wir erkennen, ob der Artikel nennenswerte Änderungsaktivität hat.\nAus der Versionsgeschichte bekommt man eine Liste von Datumsangaben, die man sich zu einer Zeitleiste zusammensetzen kann, um Zeiten heftiger Aktivität zu erkennen. Den anderen Angaben kann man ebenfalls eine ganze Menge Informationen entnehmen - die Namen der Autoren, die Änderungen durchgeführt haben, zum Beispiel. Erscheinen sie rot, hat der betreffende Autor keine Benutzerseite und somit auch keine Informationen über sich in der Wikipedia hinterlegt - \u0026lsquo;Meinungskuenstler\u0026rsquo; ist zum Beispiel so jemand.\nVersionsgesichte des Artikels Batman in der Mediawiki-Ansicht.\nWir erkennen an den Datumsangaben und den Kommentaren zu den Änderungen im Batman-Artikel, daß der Artikel zwar permanent ein wenig Aktivität hat, aber keine größeren Änderungen oder Streitpunkte existieren.\nEin schönes Beispiel für einen Krieg finde man in der Historie von Donauturm . Dort beginnt mit einer Änderung vom 28. Oktober von Taxiarchos ein Krieg um die Bezeichnung des Turms als Fernsehturm - diese Änderung wird nämlich am 31. Oktober von Elisabeth59 rückgängig gemacht und danach beginnt der Tanz mit minütlichen Änderungen durch eine Reihe von Benutzern. Die Diskussion zum Thema findet sich auf Diskussion:Donauturm und gipfelte unter anderem in einer Aufnahme der Diskussionsseite in die Liste unvorstellbar öder Diskussionen .\nDoch zurück zum Batman Artikel: Außerdem werden Änderungen an vielen Wikipedia-Artikeln gesichtet . Eine Sichtung ist keine Qualitätsprüfung (das wäre eine geprüfte Version ), sondern nur eine Versicherung, daß die durchgeführte Änderung kein offensichtlicher Vandalismus ist. Ein Sichter ist also jemand, der einen Artikel gegen Vandalismus bewacht, aber nicht unbedingt jemand, der Ahnung vom Thema hat. Unser Sichter hier ist Benutzer:Don-kun und der gibt auf seiner Benutzerseite sogar ein Interesse an Comics und Anime an.\nAutoren Das führt uns direkt zu den Autoren: Wikipedia-Artikel werden von Benutzern geschrieben und Benutzer haben in der Wikipedia Pseudonyme. Für kontroverse Themen ist das mitunter nutzbringend, denn Autoren zu Artikeln im Bereich Nationalsozialismus oder Abtreibung sind in der Vergangenheit durchaus schon einmal gestalked oder bedroht worden.\nIm Allgemeinen ist es jedoch schon interessant zu wissen, mit wem man es zu tun hat und was diese Person für einen Hintergrund und für eine Agenda haben könnte, damit man ihre Beiträge besser bewerten kann - Experten sind auch ein Problem , aber für eine korrekte Bewertung eines Beitrages ist neben Belegen eben auch die Ausbildung des Urhebers wichtig.\nAgenda ergibt sich auch aus Identität: Zwar strebt Wikipedia offiziell einen Neutralen Standpunkt an, aber es ist jedem erfahrenen Menschen klar, daß man auch von neutralem Grund aus durch Auswahl von Quellen oder sachte Änderungen von Formulierungen durchaus eine Agenda vorantreiben kann.\nLeider gibt es kein gutes Werkzeug in der Wikipedia, mit der man Urheberschaft einzelner Formulierungen oder ihren Umstrittenheitsgrad leicht sichtbar machen kann und die einem dabei helfen würden, Agenda oder kontroverse Teile eines Artikels gut hervorzuheben. Man muß sich also recht mühsam durch die Versionshistorie und die Benutzer-Links in dieser klicken, um zu sehen, was Sache ist.\nSprachversionen Sprachversionsn von Batman (Auszug).\nArtikel existieren in der Wikipedia oft in verschiedenen Sprachen. Dabei sind die Artikel nicht zwingend synchronisiert und können sehr unterschiedlich in Inhalt und Gestaltung sein. Die Quellenlage im englischen Batman-Artikel ist zum Beispiel weitaus besser als im deutschen Artikel, und erreicht nahezu das Niveau von Azundris Poison Ivy-Artikel oben. Auch die weiterführenden Referenzen und die Weblinks des englischen Batman-Artikels spielen in einer ganz anderen Liga als im deutschen Artikel.\nWerkzeuge Es gibt eine Reihe von Werkzeugen, die einige der Arbeitsschritte zur Artikelbewertung versuchen zu automatisieren. Sie können einen direkten Blick in die einzelnen Seiten \u0026ldquo;hinter\u0026rdquo; dem Artikel nicht ersetzen, aber sie können einem helfen, einen Überblick zu bekommen.\nDa ist einmal Wikibu.ch . Wikibu.ch besorgt sich zu einem angegegbenen Artikel die Aufrufstatistik, die Autorenstatistik der Versionsgeschichte, die Anzahl der Verweise in der Wikipedia auf diese Seite und die Quellenliste und versucht daraus eine skalare Bewertung der Artikelgüte abzuleiten - es werden 1-10 Punkte vergeben, mehr sind besser.\nWie jede skalare Darstellung eines mehrdimensionalen Sachverhaltes ist das oft hilfreich, aber vereinfachend und es lassen sich pathologische Fälle konstruieren. Die Wikibu.ch Anleitung erläutert Aufbau und Inhalt der Seite.\nDas Wikidashboard benötigt Javascript und verwendet die englische Wikipedia. Das Wikidashboard liefert eine schöne Zeitleiste für den Artikel und eine Übersicht über die aktivsten Benutzer. In der Wikidashboard FAQ findet man eine graphische Schnellanleitung. Leider funktioniert Wikidashboard nicht mit der deutschen Wikipedia.\nAuch das Pyrospirit Metadata Gadget ist nützlich. Es blendet unter der Überschrift des Artikels statt des Textes \u0026lsquo;From Wikipedia, the free encyclopedia\u0026rsquo; einen wertenden Hinweis ein. Es erscheint also \u0026lsquo;A B-class article from Wikipedia, the free encyclopedia\u0026rsquo; oder eine ähnliche Klassifizierung. Das Script bindet man am einfachsten ein, indem man sich bei Wikipedia als Benutzer anmeldet und dann in den Preferences auf den Tab \u0026lsquo;Gadgets\u0026rsquo; klickt und dort im Abschnitt \u0026lsquo;User interface gadgets\u0026rsquo; die Funktion \u0026lsquo;Display an assessment of an article\u0026rsquo;s quality as part of the page header for each article.\u0026rsquo; aktiviert.\nIn der deutschen Wikipedia heißen Gadgets \u0026lsquo;Helferlein\u0026rsquo;, aber das Metadata-Plugin habe ich dort nicht gefunden - auch diese Funktion scheint nur auf die englische Wikipedia anwendbar zu sein.\nDanke! Dieser Artikel wurde am 29. November 2009 überarbeitet, um Leserkommentare zu berücksichtigen.\nFrank Schubert und Helge verweisen mich auf Wikibu.ch Jens Kubieziel verweist auf das Wikidashboard. Oneiros verweist auf das Pyrospirit Metadata Gadget. Anonymous bat mich, die Verweise auf das kaputte Diskussionssystem von Mediawiki aus diesem Artikel herauszuhalten. Es ist zwar immer noch kaputt, aber das soll dann Thema eines anderen Artikels werden. Stefan W. verweist auf die BKL. Das hat einen gesonderten Absatz verdient. Übungsaufgaben Lies den Artikel Schurken im Batman-Universum .\nWende die Informationen und Methoden aus diesem Beitrag auf den Artikel an. Ist es ein guter Wikipedia-Artikel? Sind Teile des Artikels umstritten oder heftigen Änderungen unterworfen gewesen? Existieren Benutzer mit besonderen Interesse an dem Artikel? Was ist ihre Rolle? Wie unterscheidet sich dieser Artikel systematisch von der englischen Sprachversion des Artikels? Bevorzugst Du Listenartikel (\u0026lsquo;Figuren im Harry-Potter Universum\u0026rsquo; oder Einzelartikel (\u0026lsquo;Hagrid\u0026rsquo;) für Deine Nutzungsweise der Wikipedia? ","date":"2009-11-28T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/28/wie-man-einen-wikipedia-artikel-liest.html","tags":["internet","media","schulung","wikipedia","lang_de"],"title":"Wie man einen Wikipedia-Artikel... liest"},{"categories":null,"content":"Ich huste mir daheim zwar einen ab, aber es handelt sich nur um die geräuschvollen Nachwirkungen eines gewöhnlichen viralen Infektes, und nicht um irgendein H?N?. Das ist gut.\nTrotz Rotz und Keuch habe ich dem Jochen Reinecke von der Frankfurter Allgemeinen Sonntagszeitung ein paar Fragen betreffend Wikipedia beantwortet, und die sind heute ebenda unter dem schamlos verbalsadistischen Titel \u0026ldquo;Das Schweigen der Lemmata\u0026rdquo; veröffentlicht worden.\nDa ich heute nicht Zug fahre, kenne ich den Inhalt der FAS leider nicht, aber in Absprache mit Herrn Reinecke drücke ich meine Antworten auf seine Fragen auch noch mal hier direkt ins Blog. Wenn\u0026rsquo;s Gelalle ist, schieb ich auf\u0026rsquo;s Fieber. :-)\nUpdate: Die FAS-Version der beiden Interviews im Planckton -Blog der FAZ, und den Artikel findet man mittlerweile online in der Web-FAZ .\nJochen Reinecke: \u0026ldquo;In einem Satz: Was bedeutet die Wikipedia für Sie?\u0026rdquo;\nKristian Köhntopp: Ich habe in meinem Browser Kürzel für Suchfunktionen - \u0026ldquo;wp suchwort\u0026rdquo; wird zu einer Suche auf der englischen Wikipedia und \u0026ldquo;wpd suchwort\u0026rdquo; zu einer Suche auf der deutschsprachigen Wikipedia. Das bedeutet, daß Wikipedia wie die anderen Suchkürzel in meinem Browser beim Arbeiten, Fernsehen oder was ich sonst so am Rechner mache allgegenwärtig und niemals weiter als eine Kommandozeile entfernt ist.\nIch habe noch einen Brockhaus in 30 Bänden im Regal, aber ich weiß, daß ich in den vergangenen 10 Jahren vielleicht zwei Dutzend mal dort etwas nachgeschlagen habe. Auf der anderen Seite sagt mir meine Browser-History, daß ich alleine heute schon mehr als 12 Wikipedia-Suchen mit wp oder wpd gefahren habe.\nJ: Die Relevanzdiskussion in der Wikipedia hat weite Kreise gezogen. Hat Sie die Heftigkeit der Reaktionen aus allen Schichten (Admins, Blogger, Autoren, Nutzer) überrascht?\nK: Ich bin in der Wikipedia-Hierarchie beinahe ein reiner Nutzer, und über die Artikel in Fefes Blog in diese ganze Sache hereingezogen worden. Zwar habe ich seit mehr als fünf Jahren einen Wikipedia-Login, aber ich habe nur sehr wenige kleine Änderungen gemacht. Von den internen Strukturen der Wikipedia und der Aktivität hinter den Seiten habe ich vor dieser Diskussion eher wenig mitbekommen. Ich glaube, das geht den meisten Menschen so.\nWikipedia wird meistens \u0026lsquo;vertikal\u0026rsquo; genutzt - \u0026lsquo;wpd Fachbegriff\u0026rsquo;, den Artikel lesen und weg. Auf der Artikelseite lesen die meisten Menschen auch nur den Artikeltext - die Quellennachweise und Belege am Ende sind aus dem Blickfeld gerückt, kleiner gesetzt und nicht sehr direkt an den Artikel gebunden. Personen treten gar nicht auf, die Diskussionseite ist versteckt und es ist nicht erkennbar, welche Passagen des Artikels umstritten sind oder waren oder daß es so etwas wie Streit um bestimmte Passagen im Artikel überhaupt gegeben hat.\nIn Wikipedia treten Personen hinter Artikel zurück und Diskussionen in der Wikipedia haben wenig Prominenz außerhalb - die Begriffe Inklusionist und Exklusionist sind mir jedenfalls vor der Diskussion nicht geläufig gewesen.\nInsofern ist diese Diskussion für mich wahrscheinlich genau so neu gewesen wie für die meisten Gelegenheitsbenutzer.\nJ: Halten Sie selbst eher eine inklusionistische oder exklusionistische Herangehensweise für sinnvoll?\nK: Ich bin, glaube ich, formal einem gemäßigten inklusionistischen Lager zuzurechnen. Spam und Tastaturtests haben in der Wikipedia klar nichts zu suchen, aber wenn ein Artikel eine gewisse, eher niedrige Mindest-Entwicklungsstufe hat, dann sollte er meiner Meinung nach erhalten bleiben. Ich halte es aber für dringend notwendig, Reife und Qualität eines Artikels auch für den Laien direkt erkennbar zu machen.\nWikipedia ist heute klar eine Enzyklopädie, die sich am Modell traditioneller Holzenzyklopädien orientiert. Das ist sicher auch den verschiedenen Lexika-Tests von vor 5 Jahren geschuldet, in denen sie an Brockhaus, Encarta und der Britannica gemessen wurde. Damals hat sicher eine Menge Druck auf die Wikipedia-Autorengemeinschaft gewirkt, und die exklusionistische Kultur ist sicher auch auf das Wettrennen um Qualität aus dieser Zeit zurückzuführen.\nDiese Zeiten sind nun insofern vorbei, als daß die meisten dieser Holzenzyklopädien pleite sind, oder auf der Suche nach einem Internet-Geschäftsmodell. Für Wikipedia ist es meiner Meinung nach nun Zeit, diese hinter sich zu lassen und in etwas zu verwandeln, das eine Holzenzyklopädie nicht sein kann.\nJ: Glauben Sie, dass sich die aktuellen Probleme eher organisatorisch oder technisch lösen lassen?\nK: Als ob man das so sauber trennen könnte. Wikipedia braucht eine andere Ausrichtung und daher auch andere organisatorische Strukturen, aber dann natürlich eine Technik, die das unterstützt und eine Benutzerinterface, das korrektes und erwünschtes Verhalten ermutigt und erleichtert.\nZur Zeit haben wir in der produktiven Wikipedia Strukturen, die das Gegenteil tun .\nWikipedia-Seiten sind anonym und sehen inert aus - für den Gelegenheitsnutzer ist in der Standardansicht nicht erkennbar, ob Teile einer Seite schlecht belegt sind, ob Teile einer Seite umstritten sind oder waren.\nEs wäre leicht, einen Zeitstrahl auf jeder Artikelseite zu generieren, der visualisiert, zu welchen Zeitpunkten sich Änderungen an einem Artikel gehäuft haben. Es wäre auch leicht, neben einem Artikel einen Änderungsbalken zu malen, der zeigt, an welchen Passagen eines Artikels sich Änderungen gehäuft haben und dort die entsprechenden Benutzer zu verlinken. Es wäre leicht, die Autoren, die an einem Artikel beteiligt waren, mit ihren Benutzer-Icons an einem Artikel zu verlinken.\nAuf diese Weise wäre nicht nur für einen Gelegenheitsnutzer erkennbar, wie ausgereift oder stabil ein Artikel ist, sondern Wikipedia könnte auch ein Gesicht bekommen. Man könnte erkennen, daß jede einzelne Seite ein Produkt von Mitgliedern einer Gemeinschaft ist.\nIch halte das für wichtig - es macht es leichter für einen Anwender, einen Artikel zu hinterfragen oder Artikelqualität auf einen Blick erkennen zu können. Es macht Wikipedia auch zugänglicher und motiviert vielleicht mehr Leute, sich konstruktiv an der Weiterentwicklung der Wikipedia zu beteiligen.\nJ: Haben Sie bisher Lösungsansätze von außen gehört, die einen Ausweg aus dem Dilemma zeigen könnten?\nK: Ich habe inzwischen gelernt, daß es in Wikipedia selbst eine ganze Reihe von Diskussionen, experimentellen technischen Hilfsmitteln und Alternativvorschlägen gibt, wie auch die Diskussion zwischen Exklusionisten und Inklusionisten schon seit vielen Jahren läuft, jedoch ohne Ergebnisse zu haben oder Veränderungen zu bewirken. Auf eine Weise dümpelt Wikipedia vor sich hin: Was bisher gefehlt hat, war ein Anlaß sich zu verändern.\nDie Diskussion um den MoGIS-Artikel, die Felix von Leitner losgetreten hat, und ihre Folgen sind vielleicht in der Lage, diesen Anlaß zu liefern. Das würde den Initiativen zur Weiterentwicklung in der Wikipedia eine gemeinsame Richtung und die notwenige Motivation zu geben, und Wikipedia könnte über Holz-Enzyklopädien hinauswachsen. Damit meine ich weniger eine technische Entwicklung, als vielmehr eine Weiterentwicklung in der Art und Weise wie wir Erkenntnis vermitteln oder den Grad an gesicherter Wahrheit visualisieren, der in einem Lexikon-Artikel steckt.\nDarum geht es bei der ganzen Debatte Inklusionisten vs. Exklusionisten ja im Kern: Die Exklusionisten möchten alles aus der Wikipedia heraushalten, was nicht durch Belege von reputablen Veröffentlichungen belegbar ist - am Besten mehrfach. Ihnen ist Unanfechtbarkeit wichtiger als Umfang. Dem Inklusionisten ist dagegen Umfang oder Abdeckung wichtiger als Unanfechtbarkeit oder Belegbarkeit.\nMeine Position ist eher die eines Inklusionisten, aber ich halte die exklusionistische Position für wichtig und wertvoll. Ich glaube nur, daß man das nicht so schwarzweiß sehen sollte, wie es in der derzeitigen Kultur der Wikipedia diskutiert wird. Artikel werden immer unterschiedliche Qualität haben, aber auch in qualitativ schlechten Artikeln steckt oft schon die Information, die ich grade suche - und wenn es nur die Bestätigung ist \u0026ldquo;Dieses Konzept gibt es\u0026rdquo; und \u0026ldquo;Hier sind weitere Googleworte zum Thema für Dich\u0026rdquo;. Eine Visualisierung von Qualität, Quellenlage und strittigen Passagen finde ich aber enorm hilfreich und wichtig. Das macht Abstufungen zwischen Löschen und Behalten möglich und erlaubt eine viel differenziertere Auseinandersetzung.\n**J:**Sehen Sie die Gefahr, dass die Wikipedia aufgrund ihrer schlichten Größe und damit letztlich auch Vielzahl der Mitglieder an Diskussionen dieser Art zerbrechen kann?\nK: Ich grinse. Ausgehend von den Diskussionen in der Wikipedia, die mir bekannt sind, besteht diese Gefahr nicht einmal entfernt. Bei allem akademischen Eifer und Elan, der in diese Diskussion fließt, habe ich dennoch den Eindruck, daß alle Parteien an derselben Sache arbeiten - und das ist Wikipedia zu einer noch besseren Wissensquelle zu machen und eben hoffentlich auch, diese Qualität nachvollziehbar darstellbar zu machen.\nWikipedia wirkt anonym und entpersönlicht, wenn man sie nur benutzt und nicht mitarbeitet. Aber da sind viele hundert engagierte Einzelpersonen hinter den Kulissen am Zusammenarbeiten. Wikipedia ist nur enorm schlecht darin, diese Personen sichtbar zu machen und die Diskussionen zwischen diesen Personen und den Gruppierungen, die sich da gebildet haben, sichtbar zu machen. Wir haben hier ein ständiges Ringen um Wissen, um Korrektheit, um Abdeckung und um Quellen. Nichts davon ist im Produkt unmittelbar erkennbar. Das ist schade, denn es ist wichtige Information, die bei der Bewertung von Artikeln genauso hilfreich ist wie dabei, diese Leute zu motivieren.\nJ: Könnte hier eine Art oberster \u0026ldquo;Chef\u0026rdquo; oder \u0026ldquo;Geschäftsführer\u0026rdquo; mit Entscheidungsgewalt helfen?\nK: Keinesfalls.\nWikipedia ist eine Gemeinschaft, und Motivation genau wie Entscheidungen müssen von innen heraus kommen und von einer stabilen Mehrheit getragen werden - welchen Grund gibt es denn sonst, dort mitzuarbeiten, wenn nicht persönliche Überzeugung und den Willen, persönlich daran mitzuarbeiten, die Welt an einer Ecke in einen besseren Ort zu verwandeln? Wikipedia kann man nur anführen, indem man überzeugt, nicht indem man kommandiert. Nichts anderes wird dem Projekt und seinem Geist gerecht.\nJ: Angenommen, es gäbe die Wahl zwischen einer rein inklusionistischen und hart exklusionistischen Gangart: Welche Chancen und welche Risiken würden diese beiden Gangarten bergen?\nK: Die Frage ist meiner Meinung nach unsinnig, und dem Verbleiben in der Denkweise einer Holzenzyklopädie geschuldet. Die ganze Debatte läuft in der Wikipedia selbst schon seit Jahren, und wenn man eine Lösung wollte, dann muß man die ganze Frage endlich transzendieren und Wege finden, die Ziele der beiden Gruppieren klar und positiv zu formulieren und dann innerhalb desselben Systems zu befriedigen. Das geht. Unterschiedliche Visualisierungen derselben Daten, Anzeigefilter, die Artikel unterhalb einer Qualitätsschwelle unterdrücken oder gar unterschiedliche Websites auf demselben Datenbestand sind ja technisch überhaupt kein Problem.\nDer ganze Konflikt besteht doch nur, wenn man meint, es gäbe eine Wahrheit, den Prozeß des Ringens um diese Wahrheit aber nicht darstellt oder nicht darstellen will.\n","date":"2009-11-22T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/22/das-schweigen-der-lemmata.html","tags":["internet","wikipedia","lang_de"],"title":"Das Schweigen der Lemmata"},{"categories":null,"content":"Beim Aufräumen habe ich noch ein paar alte Prospekte gefunden und mal eben eingescannt.\nCBM 4001 Series, Stand Januar 1982. CBM 8001 Series, Stand Januar 1982. CBM 8050 Diskettenlaufwerk (das Große mit der hohen Kapazität). Commodore MMF 9000 (Ja, so was gab es mal): Color Genie: Sirius 1 (kleiner Katalog): Sirius 1 großer Katalog, mit dem ganzen Business Chic der 80er - um diese Zeit liefen Dallas und Denver Clan:\nMZ 80 A: PC 1500 (LCD, Drucker, batteriebetrieben): Apple 2 und 3: ","date":"2009-11-18T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/18/alte-prospekte.html","tags":["computer","damals","lang_de"],"title":"Alte Prospekte"},{"categories":null,"content":" \u0026ldquo;Millions of starlings swarming at dusk before settling in the woods below.\u0026rdquo; \u0026ndash; Gail Johnson (CC-BY-NC)\nDer Hamburger Wahlstift sah zunächst ja mal aus wie eine gute Idee: Der Wähler wählt mit einem Stift auf einem Blatt Papier und kreuzt ganz normal an, welche Partei er wählen will. Der Stift ist jedoch in Wahrheit ein Scanner, der ein Muster vom Papier abliest, das dem Stift mitteilt, an welcher Stelle der Wähler sein Kreuz macht. Der Stift zählt so die Wahl und kann ausgelesen werden. Durch regelmäßiges Auslesen des Stiftes hat man dann ratzfatz ein Wahlergebnis, und wenn die Wahl angefochten wird, kann man immer noch die Zettel auszählen.\nDas hat so nicht funktioniert: Der Stift war zwar PTB-geprüft, aber der Scope der Prüfung war falsch gewählt.\nGeprüft wurde nämlich nur der Stift und nicht das System Stift-Papier. Durch vertauschen der Scanmuster auf dem Papier konnte der CCC das System leicht hacken: Der Wähler kreuzt CDU an, aber der Stift registriert und zählt SPD. Zugleich hatte die Hamburger Bürgerschaft das Wahlgesetz so geändert, daß das Ergebnis des Stiftes und nicht das Papierkreuz maßgeblich sein sollten. Das Ergebnis: Ein Desaster - der Hack des CCC kurz vor der Wahl verhinderte den Einsatz des teuren Stiftes.\nDie Arbeitsgemeinschaft Wahlstift versuchte nun juristisch gegen den CCC vorzugehen - vergebens:\nDer Hackerverein konnte in den wesentlichen Punkten das Recht auf Publikation seiner Erkenntnisse über klaffende Sicherheitslücken im Wahlstiftsystem verteidigen und kann weiterhin seine Ergebnisse veröffentlichen\u0026hellip;.Der Angriff gegen das digitale Papier trifft den technologischen Kern des Systems, das auf der Aufzeichnung der Position des Wahlstifts mit Hilfe eines feinen Musters auf dem Papier beruht. Eine effektive Abwehr gegen diesen Angriff ist kaum realisierbar und wäre nicht vom Wähler überprüfbar\u0026hellip;.In dem Beschluß des OLG Hamm ist klargestellt, es sei eine \u0026ldquo;Tatsache, dass die Manipulation des Anoto-Papiers durch den Beklagten keine unwahre Tatsachenbehauptung darstellt\u0026rdquo;\nDer Hamburger Wahlstift ist damit als Wahlcomputer erledigt.\n","date":"2009-11-17T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/17/der-ccc-vernichtet-den-hamburger-wahlstift.html","tags":["politik","wahl","lang_de"],"title":"Der CCC vernichtet den Hamburger Wahlstift"},{"categories":null,"content":"In Can Newspaper publishers survive this revenue freefall? stellt Martin Langeveld fest, daß in den letzten 50 Jahren der Anteil der gesamten verfügbaren Budgets in der Werbebrance bei ziemlich konstant 2% des Bruttosozialproduktes lag. Jedoch: Die Verteilung der Werbebudgets ist nicht konstant.\nMedienanteile am Werbebudget in den letzten 50 Jahren.\nDie Reaktion der Zeitungsverlagsbranche ist nicht eine Modernisierung, sondern der Ruf nach einem Leistungsschutzrecht. Das werden sie nun bekommen , gegen den Rat zahlreicher Expertengutachten. Und obwohl noch unklar ist, wie dieses Recht genau aussieht, ist eines schon klar: Falls es wirksam ist, werden effektiv aufgestellte digitale Medienkonzerne wie Microsoft und Google es eher zu ihren Gunsten nutzen können als regionale Zeitschriftenverlage. Falls es nicht wirksam ist, ist es auch egal. Unausweichlich wird es den Niedergang der traditionellen Nachrichtenredaktionen beschleunigen.\nUpdate: Unterdessen beginnen einige deutsche Buchverlage zu merken, daß es vielleicht nur so untermittelgut ist, wenn sie bei Google in der Buchsuche nicht gefunden werden. Hoffmann und Campe erwartet Vorschläge von Google heißt es dann mit der üblichen Holzmedienarroganz, wenn Verlage Angst bekommen, in den nächsten paar Jahren mitsamt ihrem gesamten Programm dem Vergessen anheim zu fallen.\nUpdate: Eine recht gute Erklärung dessen, was wirklich passiert, findet man bei Netzwertig: Strukturwandel: Die Folgen der digitalen Disruption für die Volkswirtschaft . Die Erklärung dort zeigt, wie spezialisierte Dienste den Mix Zeitung entbündeln und durch Einzeldienste ersetzen.\nCraigslists entzieht dem Kleinanzeigen-Markt Milliarden. Wikipedia zerstört das Geschäftsmodell von Verlagen in aller Welt. Interpreten mit Web- und Marketing-Kompetenz geben ihren Plattenfirmen den Laufpass.\n","date":"2009-11-17T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/17/die-nachrichtenverlage-bringen-sich-um.html","tags":["media","advertising","copyright","lang_de"],"title":"Die Nachrichtenverlage bringen sich um"},{"categories":null,"content":"Ich schrieb in Der alljährliche Wikimedia-Spendenaufruf :\nBitte seht davon ab, die Spende mit einer Zweckbindung \u0026ldquo;für …\u0026rdquo; zu versehen. Das macht der Vereinsbuchhaltung bei Wikipedia geradezu unglaubliche Arbeit. Danke sehr!\nDaraufhin fragte Thomas:\nUi, ist das ein Aufruf zum dDOS?\nMeine Antwort ist länger geworden und verdient einen eigenen Artikel.\n\u0026ldquo;Nein, das ist genau das, was da steht.\u0026rdquo;\nIhr helft niemandem, wenn ihr die Verwaltung von Wikimedia Deutschland blockiert, insbesondere nicht dem meiner persönlichen Meinung nach berechtigten Anliegen, die Strukturen der Wikipedia transparenter und offener zu machen.\nMan kann diese ganzen Aktionen des letzten Monats um die Wikipedia herum als Krieg auffassen, als Diskussion oder als Kommunikationsversuch. Wie immer man es deutet, man sollte dabei unbedingt das erwünschte Ziel direkt vor Augen behalten, ja es vielleicht sogar ausformulieren und auf einem Blatt Papier fixieren und neben den Monitor heften. Das hilft sehr.\nNur wenn man sich diese Mühe macht, dann wird man sein eigenes Verhalten daran messen, ob es diesem Ziel förderlich oder hinderlich ist, und man hat einen Maßstab für das eigene Handeln.\nDas ist genau das, was einen Mob von einer strukturierten Organisation unterscheidet und was eine destruktive Denial Of Service Attacke von einer konstruktiven Aktion unterscheidet, mit der man eine Organisation auf ihr Problem aufmerksam macht und ihr dann hilft, es sinnvoll in den Griff zu bekommen.\nAktionsziel Mein Zettel sähe etwa so aus:\nWikipedia hat meiner Auffassung nach eine Reihe von Problemen.\nDas eine ist eine stagnierende Software, sowohl was die Infrastruktur angeht (Scytale\u0026rsquo;s Levitiation und Fefes \u0026lsquo;Wir serven HTTP direkt aus einem GIT\u0026rsquo; können da helfen) als auch was das Benutzerinterface angeht (Sauber degradendes Javascript und eine bessere Benutzerführung können da helfen). Das zweite ist eine außer Kontrolle geratene Löschkultur, die meiner persönlichen Meinung ihre Ursache einmal in durch zu niedrig angesetzte Eingangshürden erzeugten Streß hat, zum anderen durch - das ist schwer korrekt zu formulieren - eine Art Holzmedien-Dünkel geprägt ist. Der dritte ist eine Kultur, die grad sauer wird oder schon umgekippt ist, und das habe ich in dem Communitygift-Artikel ja versucht darzulegen. Strukturelle Defizite Die Wikipedia-Website ist strukturell angelegt, daß\nsie vereinzelt, sie kurz und unpersönlich kommuniziert und daß sie Multiplikatoreffekte verhindert. Das macht es Anfängern schwerer als nötig, einzusteigen und es macht es für die Ausbilder aufwendiger als nötig, ihren Job zu tun.\nEs mag sein, daß es noch mehr Probleme gibt, die sich herausarbeiten lassen, aber das sind die drei Dinge, die sich mir derzeit am klarsten erkennbar darstellen.\nIch halte die Arbeit, die sich Scytale und Fefe mit der Software machen für wichtig und richtig. Aber für noch wichtiger hielte ich es, wenn man sich einmal überlegte, wie man denn die Wikipedia-Website umgestalten könnte.\nAnsatzpunkte Ich wünsche mir, daß die Site auf der einen Seite eine bessere Bewertung der Artikelqualität auch für Gelegenheitsnutzer zuließe. Ich glaube nicht, daß ein Gelegenheitsnutzer den Blick hat, mit dem er einen prämierten und ausgezeichneten Wikipedia-Artikel von einem durchaus langen, aber qualitativ unzureichenden Artikel unterscheiden kann.\nDie aktuelle Form der Artikel unterstützt das auch nicht gut - wie könnte man die in den Citations enthaltenen Fakten mit dem Artikeltext besser verknüpfen, sodaß besser erkennbar wird, was im Artikeltext belegt und was nicht belegt ist? Wie kann man sichtbar machen, welche Teile eines Artikels strittig und welche unstrittig sind? Wie kann man den Vollständigkeitsgrad eines Artikels schnell erfaßbar machen? Und wie kann man das alles so gestalten, daß es cool aussieht, oder daß man zwischen diesen Artikelansichten schnell wechseln kann?\nWenn an einem Artikel etwas nicht in Ordnung ist, oder strittig ist, dann muß Kommunikation stattfinden.\nWikipedia ist zur Zeit technisch ein mittelmäßiges Lexikon und ein wirklich schlechtes Forum. Wie kann man, nein, wie muß man die Wikipedia-Site ändern, damit eine bessere und durchaus persönlichere Form der Auseinandersetzung mit strittigen Fragen möglich wird? (Persönlich nicht im Sinne von \u0026lsquo;persönlich werden\u0026rsquo;, sondern im Sinne von \u0026lsquo;damit man sich des Menschen hinter den vier Tilden besser bewußt wird\u0026rsquo;)\nAm Ende ist die Frage, wie man die Probleme, die ich in Communitygift versucht habe zu skizzieren angeht, und wie man sie durch die äußere Form und die Mechanismen der Site selber unterstützt.\nEin besserer Prozeß Damit ist es jedoch nicht getan, Wikipedia hat auch Prozeßprobleme.\nEs gibt ein Mentorensystem, aber es erscheint mir optional und es scheint zu erfordern, daß ein Neuling davon weiß und aktiv nach einem Mentor fragt, damit es greift. Jedenfalls ist nach meinem Informationsstand nicht sichergestellt, daß ein Neuling vom Mentorensystem erfährt und er einen Mentor angeboten bekommt. Offenbar ist das Mentoring auch mehr oder weniger 1:1, das heißt jeder Neuling bindet einen vollen Mentor und Dritte profitieren nicht von der Arbeit, die ein Mentor sich mit einem Neuling macht.\nBesser wäre etwas, bei dem ein Mentor sich mit einem Neuling befaßt und bei dem eine kleine Gruppe von Dritten auf einem ähnlichen Level das verfolgen könnte, ähnlich wie eine Schulklasse der Unterhaltung zwischen einem Lehrer und dem Schüler der grade dran ist verfolgt und davon profitieren kann. Man braucht also einen Mechanismus, der einem Mentor mehrere Schüler mit kompatiblen Hintergründen und Zielen zuordnet und beim den diese kleine Gruppe nicht nur allen Mentor-Schüler-Dialogen folgen kann, sondern sich auch gegenseitig helfen kann.\nMir ist nicht klar, ob es ein Ausbildungsprogramm für Mentoren gibt, und einen Plan der zu vermittelnden Inhalte und eine Liste von zu erreichenden und womöglich gar zu verifizierenden Lernzielen. Das würde sicherlich helfen, die Arbeit der Mentoren zu erleichtern und es würde auch die gewünschte Kultur von Wikipedia verbalisieren und damit einem Diskurs formal zugänglich machen. Das ist für mich ein ganz zentraler Punkt.\nDie passive Aggressivität Mir stellt sich Wikipedia von der Kommunikationskultur her als passiv-aggressiv dar, und ich empfinde auch eine gewissen Wagenburg-Mentalität. Ich habe meine Theorien, warum das so ist, aber ich habe keine Belege dafür, sondern nur Vermutungen.\nDa ist einmal die Tatsache, daß im Löschprotokoll jede Menge Artikel aufzufinden sind, die keine sind, sondern nur Schmierereien. Das bindet nicht nur Ressourcen, sondern es erzeugt auch ein \u0026lsquo;Wir gegen die\u0026rsquo; im Gehirn der Leute, die da aufräumen, einen \u0026lsquo;Muss sauberhalten\u0026rsquo;-Reflex, der auch dann nicht aufhört zu ticken, wenn diese Personen andere Dinge in der Wikipedia tun.\nIch glaube tatsächlich, daß eine höhere Einstiegshürde hier helfen würde. Ich glaube fest daran, daß man mit offenem Visier arbeiten sollte und ich sehe keinen Grund, warum jemand anonym, also \u0026lsquo;als IP\u0026rsquo;, neue Artikel anlegen können sollte - es wäre getrennt zu evaluieren, ob jemand \u0026lsquo;als IP\u0026rsquo; bestehende Artikel überarbeiten können sollte oder wie das mit strittigen Artikeln, geprüften Versionen und anderen qualitätssichernden Mechanismen zusammenspielt.\nJedenfalls sehe ich Wikipedia ganz sicher als etwas, das einer Ausbildung von Neulingen bedarf, was Ziele, Arbeitsweise und Kultur angeht - genau genommen sogar, was das Lesen von Artikeln angeht, siehe meine Bemerkungen zur Visualisierung von Qualität oben. Ich kann daher nicht erkennen, wie ein anonymer Benutzer eine Chance haben sollte, einen sinnvollen neuen Artikel zu erzeugen - 99% Spam über diesen Kanal stellen den Wert des Kanals selbst in Frage.\nSoweit ich weiß ist die englische Wikipedia auch schon so weit und läßt \u0026rsquo;eine IP\u0026rsquo; keinen Artikel mehr anlegen.\nWenn man den Streß bei den Löschköpfen senkt, indem man den Müllstrom einfach zudreht und an alle eingehenden neuen Artikel auch zwingend Namen dran baut, dann wird sich die Situation mit Sicherheit für alle Beteiligten massiv entspannen. Wikipedia ist dann nicht mehr anonyme Landschaft, sondern ein Garten, also Gegend, die jemand gehört und Änderung der Gegend, wobei die Änderung auch jemandem gehört.\nIndividuelle Ansprache, vor Publikum Die passiv-aggressive Weise findet ihren Niederschlag auch in den \u0026lsquo;Ausbildungsmaterialien\u0026rsquo;, die ich gesehen habe. Es ist vollkommen sinnlos und pädagogisch totaler Irrsinn, jemanden mit einem WP:RK auf 22 Druckseiten Relevanzkriterien zu schicken. Ähnliche Materialien, die in der Wikipedia auch zur Ausbildung verwendet werden, sind einem ähnlich trostlosen textwüstigen Zustand und können bestenfalls zur Textbausteinigung von Neulingen verwendet werden. So etwas produziert man nicht, wenn man jemanden aufnehmen und zum Erfolg führen will, sondern so gestaltet man Material, das abschrecken soll.\nSinnvolle Materialien sind klein, sodaß sie verwendet werden, um einen Neuling gezielt zu der Antwort zu senden, die ihm weiterhilft. Und die Antwort wird nicht als WP:XY gegeben, sondern als\nIch sehe in Deinem Artikel das Problem p. In WP:XY wird erklärt, warum das ein Problem ist und wie wir in der Wikipedia dazu gekommen sind, das als Problem zu sehen. In Deinem Fall würde ich p lieber als p\u0026rsquo; formulieren, dann vermeidest Du das.\u0026quot;.\nDie Länge der Antwort in WP:XY ist so bemessen, daß sie den Neuling nicht erschlägt, und sie enthält Verweise auf andere ähnliche Antworten oder Folgefragen, die erwartungsgemäß auftreten werden und einen Verweis auf eine Landkarte bzw. ein Inhaltsverzeichnis, damit man sich orientieren kann.\nIch glaube, ein weiterer Grund für die Wagenburg-Mentalität und die Affinität zu Holzmedien, die ich herauslese, ist Brockhaus-Neid. In der Vergangenheit hat Wikipedia sich beweisen müssen und ist von den Medien an den Bertelsmann- und Brockhaus-Lexika gemessen worden. Beide sind inzwischen Geschichte, aber Wikipedia befindet sich meinem Eindruck nach immer noch in der Tradition und im Wettbewerb mit diesen Enzyklopädien, anstatt sich davon zu emanzipieren und Wege zu finden, darüber hinaus zu wachsen.\nEs gibt ganz klar Möglichkeiten, über die Kommunikationsmethoden von totem Papier hinaus zu gehen, wenn man eine Website ist, aber Wikipedia entwickelt keinen erkennbaren Versuch das zu tun. Mit einer besseren Visualisierung von Qualität, Fakten und Diskurs kann Wikipedia nicht nur Wissen darstellen, sondern auch den Streit um und die Suche nach Wissen darstellen, und damit klar machen, wie es gewonnen und belegt wird. Das ist meiner Meinung nach die Mission, die Wikipedia annehmen muß, um sich weiterzuentwickeln und ich halte es durchaus für legitim, das einzufordern.\nSolche Strukturen erlauben es der Wikipedia dann auch, mit strittigen und unfertigen Dingen, aber auch mit transienten Themen auf eine Weise umzugehen, die es der Wikipedia erlaubt, die Zeit und den Aufwand der Autoren zu ehren anstatt als zentrales Reaktionsmittel auf fragwürdige Dinge nur die Löschung zu haben.\nDas heißt, das Kommunikationsziel dieses ganzen Diskurses ist für mich, die Wikipedia als Organisation zu lehren, differenzierter als mit \u0026lsquo;Löschen\u0026rsquo; zu kommunizieren und sich strukturell und technisch von Holz-Lexika zu emanzipieren. Beides gehört untrennbar zusammen.\n","date":"2009-11-13T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/13/communityfix.html","tags":["internet","wikipedia","lang_de"],"title":"Communityfix"},{"categories":null,"content":"Am 20. April 2009 hat Sun verkündet, daß sie von Oracle gekauft werden. Das hätte MySQL mit eingeschlossen. Am 10. November hat die EU dann mitgeteilt, daß sie diesem Kauf widerspricht und zwar ausschließlich wegen MySQL.\nGroklaw hat Hintergründe dazu , die ein wenig komisch erscheinen. Ausgerechnet Monty und Florian Müller argumentieren gegen diesen Verkauf und verwenden in den Texten, die sie öffentlich gemacht haben noch dazu die GPL: Diese verhindere nämlich kommerzielle Spinoffs und Forks von MySQL.\nDas ist auf vielen Ebenen seltsam bis unsinnig.\nZum rechtlichen Hintergrund:\nMySQL ist ein Dual-License Produkt. Man kann sich entscheiden, ob man die GPL Version von MySQL verwenden will oder ob man stattdessen ein kommerziell lizensiertes MySQL möchte. Die GPL-Version ist gegen Readline gelinkt und kann OpenSSL verwenden, die kommerzielle Version verwendet Editline und eine andere SSL-Bibliothek unter einer anderen Lizenz.\nMein Arbeitgeber ist Kunde bei MySQL, und zwar verwenden wir die GPL-Version von MySQL. Das können wir unter anderem deswegen, weil wir MySQL nicht weitergeben - die GPL garantiert das Recht, die Software auszuführen, den Source zu studieren und die Software zu modifizieren uneingeschränkt. Kunde sind wir für den MySQL-Support, die Software bekommen wir also frei und gratis. Den Support könnten wir auch woanders kaufen, etwa bei Unternehmen der Open Database Alliance, speziell Percona käme zum Beispiel gut in Frage.\nMySQL unter einer kommerziellen Lizenz braucht, wer MySQL als Bestandteil seines Produktes weitergeben möchte und dabei seinen eigenen Quelltext nicht offenlegen will.\nDie GPL zieht dabei die Grenze an den Prozeßgrenzen - es ist also kein Problem, etwa eine Box zu verkaufen, auf der ein PHP mit mysqlnd mit einem mysqld redet. Der mysqld ist GPL, das PHP und das mysqlnd darin sind PHP-License und beides sind verschiedene Prozesse, die juristisch problemfrei miteinander reden dürfen. Das ganze Ding ist einwandfrei und kann so verkauft werden, ohne daß kommerzielle Lizenzen in irgendeiner Form fällig werden.\nDie libmysqlclient.so ist GPL und kommerziell dual licensed. Wer sie in sein Programm linkt, muß sein Programm entweder unter die GPL stellen oder MySQL kommerziell lizensieren. Wenn man das nicht will, ist das im Grunde kein Problem: Das MySQL Protokoll ist schnell reimplementiert - mysqlnd hat das zum Beispiel getan.\nUnd schließlich kann es sein, daß man sein MySQL tatsächlich embedden will, also mysqld nicht als Server betreiben will, sondern als Bibliothek direkt in ein Programm hinein linken. In diesem Fall hilft einem - wenn man nicht selber GPL sein will - nur eine kommerzielle Lizenz. Oder daß man seine proprietäre Storage Engine in MySQL hineinlinken will - das geht ebenfalls nur mit einer kommerziellen Lizenz, denn andernfalls würde man ja die GPL-Geschmacksrichtung von mysqld und proprietären Storage Engine Code zusammen mischen und das geht nicht.\nGroklaw beleuchtet nun die Argumentation, die wir von Monty zu hören bekommen haben unter verschiedenen Aspekten. Dabei kommt Monty offenbar immer wieder auf die Möglichkeit von proprietären Forks von MySQL zu sprechen, die nicht möglich wären, wenn Oracle die Rechte an MySQL innehätte. Nun, so etwas ist auch jetzt schon nicht möglich, denn die Rechte an MySQL hat derzeit Sun, auch eine kommerzielle Firma.\nGroklaw findet es seltsam, daß Monty so gegen die GPL wettert und auch auf den angeblich \u0026lsquo;viralen\u0026rsquo; Character der GPL abhebt ( Kooperativ vs. Kompetetiv , Was steht in der GPL? , Warum GPL? ). Das ist Microsoft-Rethorik, und tatsächlich ist Monty nun genau Ratgeber bei der MS Codeflex Foundation. Groklaw zitiert auch eine längeren Text von Carlo Piana, der erklärt, warum die Open Source Community für den Deal sein sollte und wieso die GPL bzw. das Dual Licensing kein Problem sind.\nDer Punkt ist jedenfalls, daß die GPL bei MySQL nichts verhindert, außer für zwei sehr eingeschränkte Personenkreise: Leute, die MySQL embedden wollen oder Leute, die ihre proprietäre Technik in MySQL injezieren wollen. Beides ist eigentlich kaum ein Problem.\nDer nächste Punkt ist, daß Monty vorgeschlagen hat, daß Sun MySQL verkaufen möge, damit der Merger voran gehen könnte. Die Idee ist recht plump und offensichtlich: Monty kauft MySQL von Sun zurück, mit dem Geld, daß Sun ihm gegeben hat.\nDer dritte Punkt ist, daß das Problem nicht bestünde, wäre MySQL pur GPL lizensiert - die ganze Argumentation kann nur Halt finden, weil auch eine kommerzielle Lizenzvariante von MySQL existiert. Diese gehört aber grad Sun…\nWeitere Artikel zum Thema:\nDer Economist hat einen Bericht über den Handel, und zielt darauf ab, daß die amerikanische Monopolkomission dem Deal zugestimmt hat, die europäische ihn aber abgelehnt hat, und wie das zu einem Handelskrieg oder zumindest zu Verstimmung führen könnte.\nHeise berichtet ebenfalls.\nDie Position von SAP in dieser Sache bleibt zumindest nach der Berichterstattung im Dunkeln.\n","date":"2009-11-12T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/12/mysql-sun-oracle-und-die-eu.html","tags":["mysql","oracle","sun","lang_de"],"title":"MySQL, Sun, Oracle - und die EU"},{"categories":null,"content":" Wikimedia ruft auf zum Spenden! Nach dem Kohlepfennig der Exklusionistencent? Wenn Sie nicht spenden löschen wir diesen Artikel! \u0026ndash; @dyfa auf Twitter\nIhr löscht sogar im Spendenticker – lol\n\u0026ndash; Susanna Korn Da ist er also wieder mal, der alljährliche Wikimedia Foundation Fundraiser. Parallel dazu startet das Profi-Admin-Team der deutschen Wikipedia eine Sympathie-Offensive , nachdem die Wikipedia-Diskussion am 5.11. eher unschön über die Bühne ging: Mit Hausverboten für wichtige Diskussionsteilnehmer, vorab angefertigten Abschluß-Statements und ohne irgendein Ergebnis.\nWarum Wikipedia bitte sofort sterben muss faßt einige der Ergebnisse von letzter Woche zusammen. Unterdessen gibt es heute ein Löschwettrennen (runterscrollen!) in der Wikipedia.\nThomas Nesges schlägt vor, stattdessen lieber für Abgeordnetenwatch zu spenden. Oder Ihr schaut mal in Levitation rein.\nUpdate: Man lese einmal die Kommentare der Spender . In der Heise-Newsticker-Meldung heißt es:\nHatte sich die Wikimedia bisher vor allem mit Kleinspenden finanziert, versucht die Stiftung nun das Volumen der einzelnen Spenden zu erhöhen.\nStattdessen gibt es jetzt eine große Zahl von Ein-Euro-Spenden mit schriftlicher Begründung in der Kommentarzeile.\nUpdate: Bitte seht davon ab, die Spende mit einer Zweckbindung \u0026ldquo;für \u0026hellip;\u0026rdquo; zu versehen. Das macht der Vereinsbuchhaltung bei Wikipedia geradezu unglaubliche Arbeit. Danke sehr!\nUpdate: Die Ursache für diese Aktion ist bei blog.fefe.de dokumentiert.\nUpdate: Die Wikimedia Deutschland e.V. ist genervt .\n","date":"2009-11-12T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/12/update-der-allj-hrliche-wikimedia-spendenaufruf.html","tags":["internet","wikipedia","lang_de"],"title":"Update: Der alljährliche Wikimedia-Spendenaufruf"},{"categories":null,"content":"Während ich mir in Communitygift einmal angesehen habe, warum Wikipedia nicht funktioniert, wenn sie nicht funktioniert, findet man bei Helge Städtler einen wunderbaren Beitrag mit dem Titel Ein Eintrag in der Enzyklopädie Wikipedia: Wie geht das eigentlich? .\nHelge beschreibt seine Erfahrungen mit der Wikipedia und der Erzeugung eines Eintrages zum Thema Educast , also Lehr- Podcasts . Dazu hat er sich einen Benutzer Lgxxl angelegt und danach dann einen Eintrag erzeugt. In seinem Blogartikel dokumentiert er seine Erfahrungen in einer Art Tagebuch.\nBei ihm hat das Mentorensystem gegriffen und er ist einigermaßen sinnvoll an die Arbeit in der Wikipedia herangeführt worden. Obwohl seine Erfahrungen überwiegend gut waren und er streckenweise begeistert war, relativiert er das ein wenig:\n[…] bei mir ist das alles noch glimpflich abgegangen, weil ich meine ganze Erfahrung aus Diskussionsforen und E-Learning-Betreuung für die Deeskalation eingesetzt habe.\nEr verweist auch an mehreren Stellen auf Probleme mit den unpersönlichen Kommunikationskanälen in der Wikipedia. Dennoch: Die Mechanismen existieren - zumindest in Ansätzen. Sie werden nur nicht konsequent eingesetzt und sie werden von der Form der Wikipedia und von den Umgangsformen in der Wikipedia (das sind zwei verschiedene Dinge) nicht gut unterstützt.\n","date":"2009-11-12T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/12/wenn-wikipedia-einmal-funktioniert-tagebuch-eines-selbstversuches.html","tags":["internet","wikipedia","lang_de"],"title":"Wenn Wikipedia einmal funktioniert... Tagebuch eines Selbstversuches"},{"categories":null,"content":"Update: Diejenigen von Euch, die vom Trackback hierher kommen, finden alle Artikel zum Thema Wikipedia unter dem Tag Wikipedia. Die Diskussion ist seit der Aufnahme für die Sendung schon ein paar Artikel weiter gegangen.\nKaiL hatte mich heute im IRC noch auf Der alljährliche Wikimedia-Spendenaufruf angesprochen und ich hatte ihm versprochen, noch einmal genauer aufzuschreiben, wieso ich Wikipedia als Projekt für kaputt halte. Dies ist der Versuch, meine zunehmende Distanz zum Projekt Wikipedia als positive und konstruktive Kritik zu formulieren. Ich hoffe, es hat ein bischen geklappt.\nSeit fast einem Monat läuft die von einem relevanten Blog initiierte Diskussion über die Wikipedia.\nDie Diskussion begann damit, daß jemand in der deutschen Wikipedia begann, einen Löschantrag gegen das Lemma Mogis zu stellen, was in Fefes Blog aufgegriffen wurde. In der Folge gab es eine relativ wenig strukturierte Diskussion innerhalb und außerhalb der Wikipedia um die Relevanzkriterien und den Umgang mit ihnen in der deutschen Abteilung der Wikipedia.\nIm Fortgang der Diskussion gewann ich immer mehr den Eindruck, daß die Wikipedia eigentlich ein tieferliegendes strukturelles Problem hat: Sie ist schrittweise hermetisch geworden und sie kommuniziert destruktiv.\nAnderswo… Um das zu erläutern muß ich vorab erklären, daß meine Beschreibung hier Eindrücke von jemandem sind, der Wikipedia von außen sieht und sich im letzten Monat versucht hat, ein wenig mit dem Projekt zu befassen - ein Versuch, den ich im Grunde als auf ganzer Linie gescheitert betrachten kann.\nIch bin eigentlich jemand, der mit einer ganzen Menge Online-Projekt-Communities zu tun hat, und der sich auch als jemand sieht, der Gruppen vernetzt. In den meisten Gruppen, mit denen ich zu tun hatte, habe ich mich sehr willkommen gefühlt. Das hat auch damit zu tun, daß man dort sofort mit Personen zu tun hat und daß es adequate Infrastruktur gibt, die Interaktion fördert.\nDas ist besonders wichtig, wenn es um den Umgang mit Beiträgen von Neulingen geht. Von diesen Beiträgen gibt es zwei Sorten: Die eine Sorte hat einen erkennbaren eigenen Wert, auch wenn der Beitrag so nicht direkt ins Projekt übernommen werden kann, und die andere hat einen solchen Wert nicht. Letzteres ist das, was Wikipedia als Vandalismus bezeichnet.\nDie meisten Projekte haben keine Probleme mit Vandalismus. Das liegt daran, daß sie das nicht zulassen, was in der Wikipedia ein anonymer Edit wäre, also ein Edit von einem Benutzer ohne Account (Wikipedianer nennen einen solchen Benutzer \u0026rsquo;eine IP\u0026rsquo;, wobei man das wie \u0026rsquo;eine Kakerlake\u0026rsquo; betonen muß, damit die implizierte Bewertung mit kommuniziert wird - und das ist schon mal das erste Problem).\nZwar nehmen alle Projekte Beiträge von nicht registrierten Neulingen an, aber sie schalten diese Änderungen nicht frei. Stattdessen haben solche Projekte an Stelle des Wikis ein anderes, fortgeschritteneres Versionskontrollsystem - zum Beispiel git oder etwas Vergleichbares. Ein Neuling kann sich das Repository eines Projektes zur Gänze oder in Teilen kopieren und Änderungen von der offiziellen Kopie bei sich einarbeiten lassen. Seine eigenen Änderungen sind allerdings erst einmal lokal, und damit sie in die offizielle Kopie übernommen werden können muß man sich das Recht holen, dort Änderungen einstellen zu dürfen - man muß Commit-Karma bekommen.\nMeist bekommt man das nicht sofort, sondern durchläuft eine Art Probezeit, während der man seine Änderungen an einen Mentor übermittelt, der sie durchsieht, Anmerkungen zurück gibt und die Änderungen erst dann in die offizielle Kopie weiterfließen läßt, wenn sie den Ansprüchen des Projektes genügen.\nAndere, liberalere Projekte arbeiten anders herum: Sie haben \u0026rsquo;trailing controls\u0026rsquo;, bei denen dem Neuling sofort Karma gegeben wird, aber der Mentor die Änderungen seiner Neulinge nachverfolgt und retroaktiv kommentiert oder in katastrophalen Fällen rückgängig macht - mit einem Versionskontrollsystem ist das ja trivial machbar.\nDas Wesen dieses Zugangs zum Projekt ist der Aufbau von persönlichen Beziehungen zwischen den Teilnehmern, und damit eine aktive Integration in die Gruppe und das Vermitteln der Gruppenkultur an Neulinge sowie umgekehrt bis zu einem gewissen Grad ein ständiger Review der Gruppenkultur duch die Neulinge.\n… und Wikipedia Wikipedia macht eine ganze Menge von Dingen anders, und dadurch werden solche Integrationsprozesse nicht erzwungen und nicht gefördert. Da ist einmal wie bereits erwähnt die Tatsache, daß man - theoretisch - einfach so editieren kann, ohne sich irgendwie anzumelden oder mit einer Person zu reden. Das entfremdet von Anfang an - Menschen gehen mit \u0026lsquo;herrenlosen\u0026rsquo; Dingen anders um, als mit Dingen, bei denen sie wissen, daß sie einer Person gehören oder von einer Person betreut werden. Es gibt einen Unterschied zwischen \u0026lsquo;so Sachen\u0026rsquo; und \u0026lsquo;jemandes Besitz\u0026rsquo; - die wenigsten Menschen hätten Probleme, im Wald hinter einem Busch einen Haufen zu machen, aber die meisten Menschen tun das nicht in irgendjemandes Garten.\nWikipedia wirkt von außen als \u0026lsquo;so eine Sache\u0026rsquo; und nicht als \u0026lsquo;jemandes Besitz\u0026rsquo; und wird auch in Berichten über Wikipedia immer wieder so portraitiert. Ich wette, das zieht die Eingangsqualität von Änderungen gewaltig nach unten - hinter jedem Busch ein stinkender Haufen. Umgekehrt rührt das Kakerlaken-Image von Änderungen durch IPs genau da her und damit ist die freundschaftliche Basis für eine gegenseitig befruchtende Beziehung zwischen einem Neuling und der existierenden Gemeinschaft schon mal gefährdet.\nAber einmal angenommen, ein Neuling holt sich einen Login, meldet sich an und beginnt an einem Artikel zu ändern. Dann passieren einige Dinge und eine Menge Dinge nicht. Ausgehend auf meinen Erfahrungen und denen der von mir befragten nicht repräsentativen Stichprobe gibt es keine Kontaktaufnahme von Person zu Person und auch kein kurzes konkretes Howto mit Beispielen \u0026lsquo;So geht\u0026rsquo;s - und so nicht\u0026rsquo;: Wikipedia bleibt ein anonymes Objekt und versäumt die Chance, sich ein persönliches Gesicht zu geben.\nZum einen sind die Chancen gut, daß die Änderungen des Neulings rückgängig gemacht werden. In der Regel wird dabei ein Einwortkommentar hinterlassen. Hier zum Beispiel ist eine Liste von Löschungen in der deutschen Wikipedia und dahinter jeweils der Kommentar - \u0026lsquo;Unsinn\u0026rsquo;, \u0026lsquo;Kein Artikel\u0026rsquo;, \u0026lsquo;Kein enzyklopädischer Inhalt\u0026rsquo;, \u0026lsquo;Löschdiskussion\u0026rsquo;. Für einen altgedienten Wikipedianer hat das alles einen Sinn, denn in der Wikipedia haben bestimmte vermeintlich deutsche Worte eine eigene, innerhalb der Wikipedia genau definierte Spezialbedeutung bekommen, ähnlich wie es mit bestimmten Begriffen im \u0026lsquo;Juristischen\u0026rsquo; ist.\nDem Neuling ist dies alles nicht geläufig, für ihn ist \u0026lsquo;Unsinn\u0026rsquo; keine Erklärung, sondern eine Beleidigung. Das ist der hermetische Aspekt. Parallel dazu hat man ihm noch dazu die in seine Änderung investierte Zeit entwertet. Das ist der destruktive Aspekt.\nCredo des dclp FAQ Team Kommunikationstechnisch läuft also das Folgende ab: Ein Neuling ist bereit, an einem Projekt mitzuarbeiten, das sich ihm noch nicht als Person vorgestellt hat und für das er auch noch keine belastbare Arbeitsanleitung erhalten hat. Dennoch ist er mit seiner eigenen Zeit und Mühe versuchsweise in Vorleistung gegangen.\nDie Reaktion der ihm noch unbekannten Masse auf sein Bemühen ist unverständliche Kommunikation, Ablehnung und Beleidigung. Das ist Maximalschaden - das perfekte Communitygift, und das ist der Grund für den Titel dieses Textes.\nIn anderen Projekten ist das Vorgehen anders. In der de.comp.lang.php FAQ zum Beispiel versuchten wir damals Neulinge gezielt zu verändern und zu für uns als Gruppe nützlichen Helfern auszubilden. Unsere Eckpunkte waren:\nWir wollen nicht nur einem Neuling helfen, sondern wir wollen zu allen Zeitpunkten wie eine Person kommunizieren und den Neuling wie eine Person behandeln. Darum kommunizieren wir immer in vollständigen Sätzen und ohne gruppenspezifischen Slang. Wir wollen auch Standards für unsere Gemeinschaft setzen und kommunizieren daher immer in einem Ton, den wir von anderen in der Gruppe erwarten. Wir tun das unbedingt und immer und ausdrücklich selbst dann, wenn unser Gegenüber das nicht tut. Wir personalisieren unsere Antworten und wir kommunizieren spezifisch und konkret. Zum Beispiel können wir einen Neuling auf Artikel in der FAQ hinweisen, aber wir tun das niemals kontextfrei und allgemein, sondern immer auf einen oder zwei spezifische Artikel in der FAQ und immer mit einer kurzen Brücke, die erklärt, wie die Antwort in der FAQ mit dem spezifischen Problem des Neulings in Verbindung gebracht werden kann. Wir verstehen, daß wir Neulinge ausbilden müssen, um unsere Gemeinschaft zu stärken. Das bedeutet, daß wir von Neulingen keine Perfektion erwarten und daß wir einen vorbereiteten Pfad haben müssen, an denen wir den Neuling in seiner Entwicklung entlang führen können, bis er selber keiner mehr ist und stattdessen in der Lage ist, weiteren Neulingen unsere Kultur auf die von uns gewünschte Weise zu vermitteln. Wir sind eine Gruppe. Das bedeutet, daß niemand von uns immer arbeiten muß, aber es bedeutet auch, daß niemand dem anderen die Arbeit schwerer machen sollte als notwendig. Wenn man also einmal nicht die Zeit oder die Kraft hat, einen besonders aussichtslosen Fall anzugehen, dann ist es wichtig, nichts zu unternehmen, um diese Person nicht für den Kommunikationsversuch eines anderen Gruppen-Helfers zu versauen. Was man vielleicht erkennen kann: Diese Ideen sind darauf angelegt, einen Weg in die Gruppe rein zu zeichnen, ihn so leicht wie möglich zu gestalten und Kommunikation persönlich zu gestalten.\nIn der de.comp.lang.php FAQ hätte ein Neuling keine Änderung anonym vornehmen können. Wahrscheinlich wäre seine erste Änderung auch nicht auf einem Stand gewesen, daß man sie direkt in die FAQ hätte aufnehmen können.\nAber sie wäre nicht mit einer Einwort-Slangbegründung entwertet worden, sondern sie hätte einen Kontakt mit dem Team hergestellt, und es hätte eine konkrete Punkt-für-Punkt Kritik am Beispiel gegeben. Die redigierte Version wäre entweder direkt aufgenommen worden, oder dem Neuling zur weiteren Überarbeitung mit konkreten Zielen und weiteren Ratschlägen zurück gegeben worden.\nDas Ergebnis wäre gewesen, daß er Neuling sich nicht alleine fühlt, sondern mit Personen kommuniziert hätte. Seine Änderung wäre nicht wirkungslos gewesen, selbst wenn sie abgelehnt worden wäre, sondern er hätte auf jeden Fall wertvolles und konkretes Feedback bekommen und er hätte auf jeden Fall ein klar definiertes und erreichbares Ziel gehabt, für das zu arbeiten er sich entscheiden kann.\nDas heißt, es wäre Motivation generiert worden: Selbst ein Fehlschlag generiert noch einen Gewinn für den Neuling und dem Neuling wird klar, wie er relativ zu dem zu erreichenden Ziel steht.\nDieser Prozeß läßt sich noch verstärken, wenn man diese Kommunikation in einem gut strukturierten, öffentlichen Raum führt, etwa einer Mailingliste, auf der neben dem Neuling und dem Mentor noch weitere Neulinge mitlesen. Eine solche Diskussion bildet dann nicht nur den einen Neuling aus, um den sich der Mentor hier gerade kümmert, sondern an diesem Beispiel lernen auch die Neulinge schon etwas, die nur mitlesen. Sie können bestimmte Dinge schon im ersten Versuch vermeiden.\nNeuling vs. Wikipedia Schaut man sich den Onboarding- und Integrationsprozeß von Wikipedia an, dann erkennt man, daß keine einzige funktionierende Struktur existiert, die sicherstellt, daß ein Neuling überhaupt eine solche Sozialisierung und Ausbildung durchläuft. Weiterhin bemerkt man, daß keine Kultur für Onboarding und Ausbildung explizit gemacht oder gar vorgelebt wird. Wikipedia hat keine Tentakel, die Neulinge abgreift, einsaugt, indoktriniert und auf Arbeitsgeschwindigkeit bringt, aber ausgezeichnete Mechanismen, die im Grunde das Gegenteil davon bewirken.\nAuch in der zweiten Ebene ist Wikipedia als Kultur nicht gut aufgestellt. Wenn man als Außenstehender Löschdiskussionen liest, dann sieht man hier einen Haufen Bürokraten (ich meine nicht den gleichlautenden Wikipedia-Slangbegriff), die sich mit seelenloser Regelanwendung bekriegen.\nWas man nicht erkennt: Respekt vor der Zeit und Arbeit, die Autoren in Artikel hineingesteckt haben. Eine Löschdiskussion oder ein Revert ist eine Kommunikation, aber es ist eine Kommunikation durch Zerstörung - zerstört wird noch dazu die wertvollste Ressource eines freiwilligen Helfers: Seine Freizeit, die er in das Projekt gesteckt hat, wird entwertet, ohne daß irgendeine Form von positivem Feedback an ihn zurück fließt - Wikipedia frustriert nicht nur Neulinge, sondern auch gestandene, langfristig aktive Helfer systematisch.\nAngenommen ich überlebte also meine Zeit als Neuling bei Wikipedia und würde ein aktives Mitglied in der Gemeinschaft Wikipedia, was immer das ist - wäre ich dann auch so wie die da? Und würde ich so werden wollen wie die Leute, die da diskutieren? Das sind die Fragen, denen man sich als Betrachter von außen stellen muß und wenn ich als normaler Mensch gelten kann, dann ist die Antwort automatisch \u0026lsquo;Argh! Igitt! Nein!\u0026rsquo;.\nUnd dann existiert noch eine dritte Ebene von Wikipedia und das ist die Ebene der Posten und Pöstchen für brave und engagierte Mitarbeiter. Die Vorgehensweisen, Prozesse und Verflechtungen dort sind für einen Außenstehenden nicht verständlich, ebensowenig wie die organisatorischen Zuständigkeiten - wer gehört wem, und gibt die eingenommenen Spenden für wen zu welchem Zweck weiter.\nNeben dem unmittelbaren Eindruck der Intransparenz kommt zumindest für mich noch der Eindruck von fehlenden Checks und Balances dazu - mir ist nach einem Monat jedenfalls nicht klar, welche Mechanismen existieren, um etwa amoklaufende Admins und Löschköpfe einzubremsen. Zusammen mit einer Kultur fehlender Wertschätzung für die Zeit und Arbeit anderer erscheint mir das Fatal.\nThomas Nesges faßt das auf eine sehr prägnante Weise zusammen:\nDas aktuelle Problem der Wikipedia ist mit Geld nicht zu lösen.\nSo ist es.\nJe mehr ich über Wikipedia lerne, desto weniger begeistert sie mich. Communitygift. Frustrationsmaschine. Das müßte nicht sein. Es wäre sogar leicht zu ändern. Aber das setzte voraus, daß man das als Problem formuliert und akzeptiert und dann Änderungen in der Art der von mir oben beschriebenen Ansätze baute: Das heißt\nÄnderungen von Vandalismus unterscheiden Die Zeit und Arbeit, die in Änderungen geflossen ist, wertschätzen statt sie zu zerstören. Persönlich, konkret und ohne Slang kommunizieren. Als Personen mit Personen kommunizieren, und dabei Standards in der Kommunikation auch einseitig unbedingt einhalten. Ausbilden: konkret und positiv kritisieren und konkrete und erreichbare Ziele setzen. Multiplikator-Umgebungen schaffen, in denen Neulinge von der Ausbildung an Anderen nebenbei partizipieren können. Oh, und die Technik aktualisieren - Levitation ist technisch ein Meilenstein für Wikipedia. Aber ohne eine gewollte und gezielte Änderung der Kultur auch wirkungslos.\n","date":"2009-11-11T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/11/communitygift.html","tags":["internet","wikipedia","lang_de"],"title":"Communitygift"},{"categories":null,"content":" Links: Benutzer in der realen Welt. Rechts: Eine Unix UID, die diesen Benutzer im System repräsentiert.\nIch bin ich. Aber in einem Computersystem kann ich nicht sein, denn dort existieren nur Bits und Bytes. Daher werde ich dort durch einen Identifier repräsentiert. Diesen Identifier nennt man meinen Principal .\nWenn ich mich in einem System einlogge, dann gebe ich einen Usernamen an - ich behaupte, jemand zu sein. Diese Phase des Logins nennt man Identifikation, und zur Identifikation gebe ich entweder meinen Principal direkt ein, oder etwas, das vom System eindeutig auf den Principal abgebildet wird.\nDanach muß ich die behauptete Identität beweisen. Das nennt man Authentisierung und kann durch ein geheimes Wissen geschehen (ein Paßwort), durch Besitz (ein Token oder eine Chipkarte) oder durch Sein (Biometrische Daten), oder eine Kombination davon (Mehrfaktor-Authentisierung, etwa ein RSA-Token mit PIN und minütlich wechselndem Code, also Paßwort + Besitz).\nDas System ordnet meiner bewiesenen Identität dann Rechte zu. Das nennt man Autorisierung.\nEs kann auch verbrauchte Ressourcen mitloggen und abrechnen, das wäre Accounting (Mit AAA bezeichnet man oft den Dreiklang Authentication, Authorization and Accounting, etwa im Zusammenhang mit dem RADIUS -Protokoll).\nOder es kann Aktivitäten eines Benutzers auf eine Weise mitloggen, die nicht vermeidbar und nicht fälschbar ist, dann haben wir Auditing.\nAllen diesen Dingen gemeinsam ist die Tatsache, daß was immer wir machen, einem Benutzer zugeordnet werden muß, also einem Subjekt der realen Welt. Das heißt, wir müssen dieses Benutzersubjekt in unserem System modellieren. Das ist der Principal.\nEin System ist dabei ein Scope, in dem dieser Principal eindeutig ist.\nUnix: UID als Principal Zugriff auf eine Datei: UID 10100 will Datei /home/kris/.irssi/config (gehört ebenfalls UID 10100) öffnen.\nIn Unix ist das System etwa eine einzelne Maschine, und der Principal ist dann eine User ID (UID). Diese wird benutzt, um überall in Unix einen Benutzer zu repräsentieren: An Dateien klebt eine UID dran, und an Prozessen. Wenn ein Prozeß (Subject) einen Systemcall (Verb) auf eine Datei (Object) anwenden will, dann prüft Unix für die Kombination von Subjekt und Object, welche Access Control List definiert ist (rwx?) und ob die Aktion erlaubt ist. Wenn ein Prozeß eine Datei erzeugen will, wird die ACL des Verzeichnisses geprüft, in dem die Datei erzeugt werden soll, und die neue Datei erbt die UID des Prozesses als Eigentümer-UID.\nIn Unix meldet man sich mit einem Usernamen an. Macht man das auf einer Konsole und nicht an einem X11, dann druckt das Programm \u0026lsquo;getty\u0026rsquo; den Prompt \u0026rsquo;login:\u0026rsquo; und nimmt den Usernamen entgegen. Es startet dann das Programm \u0026rsquo;login\u0026rsquo;, welches den Prompt \u0026lsquo;Password:\u0026rsquo; druckt und das Paßwort abfragt. Eine Aufgabe von \u0026rsquo;login\u0026rsquo; ist es, die Authentisierung durchzuführen, also das Paßwort zu prüfen. Eine andere ist es, den Usernamen in den Principal, die UID, zu übersetzen. \u0026rsquo;login\u0026rsquo; selbst läuft dabei im Vorderteil noch privilegiert als root, und im Hinterteil degradiert unter der UID des Benutzers. Die letzte Aufgabe von \u0026rsquo;login\u0026rsquo; ist es dann, die Shell zu starten.\nNIS: Scope ohne Management Unix-Systeme kann man vernetzen, und dabei kann man das Problem haben, daß sich die Definition von Scope verändert. Setzt man zum Beispiel NIS (Yellow Pages) ein, dann hat man eine Gruppe von Unix-Systemen, die vom selben NIS-Master bedient werden. Innerhalb dieser Gruppe von Systemen muß die Abbildung von Usernamen auf Principals gleich sein, denn NIS hat keinen Mechanismus, der NIS-Principals von Unix-Principals trennen würde. Daher kann die Einführung von NIS auf einem Haufen zuvor uneinheitlich administrierter Unix-Systeme schmerzhaft sein, weil man unter Umständen UIDs umnummerieren und Dateien umownern muß, bis alles stimmt.\nNFS, das Network File System, ist dabei ein schönes Beispiel für Probleme mit dem Scope: Ohne NIS kann man NFS kaum einsetzen. Denn was NFS transportiert, sind UIDs. Wenn diese UIDs aber nicht vereinheitlicht sind, dann bedeutet die UID 100 auf meinem System etwa etwas ganz anderes als auf dem System da hinten.\nWenn das System da hinten zum Beispiel die lokale Fachhochschule wäre, wir die Firewalls noch nicht erfunden haben, und jemand an der FH einen NFS Export mit /home *(rw) konfiguriert hat, dann exportiert die FH die /home-Festplatte eines Rechners beschreibbar an die gesamte Welt.\nWenn ich diese Platte an meinem Rechner mit mount -t nfs einrechner.der.fh.de:/home /mnt bei mir mountete, dann würde ich unter /mnt jetzt die Home-Verzeichnisse der FH sehen und irgendwelche numerischen UIDs als Eigentümer der verschiedenen Home-Verzeichnisse sehen. Sagen wir, es gibt ein Verzeichnis /mnt/test1, das der UID 4711 gehört. Jetzt kann ich bei mir lokal den User mit der UID 4711 erzeugen, ihm ein Paßwort zuweisen und mich auf meinem Rechner als User mit der UID 4711 einloggen. Wenn ich dann cd /mnt/test1 mache, kann ich dieses Verzeichnis auf dem Rechner der FH beschreiben, also etwa eine /mnt/test1/.rlogin-Datei anlegen, die mir das Login von meiner Kiste auf dem Rechner der FH erlaubt ohne daß ein Paßwort abgefragt wird.\nEin Schutz existiert hier nicht: Der Rechner der FH akzeptiert meine UID 4711 als seine eigene UID 4711, obwohl beide aus unterschiedlichen administrativen Domains stammen, also komplett unterschiedlich gescoped sind. Das ist ausnutzbar, um beliebige Accounts auf dem entfernten Rechner zu übernehmen. Ein NFS-Export muß also immer auf Systeme innerhalb des Scopes der gemeinsam verwalteten UIDs limitiert sein.\nEin ähnlicher Angriff erzeugt Dateisysteme auf transportablen Medien - Disketten oder mobile Festplatten. Wenn diese auf dem importierenden System akzeptiert werden und nicht besonders behandelt werden, dann kann man sich zum Beispiel leicht eine Shell auf einer Diskette mitbringen, die der UID 0 gehört und SUID ist - sobald man die Shell also aufruft, wird man privilegiert.\nDas NIS+ System von Sun unterscheidet hier zwischen NIS+ Principals und Unix-Principals, und kann diese aufeinander abbilden. Das ist für jemanden, der von NIS her kommt oder dem das Konzept eines Security Principals nicht geläufig ist, zunächst einmal verwirrend, aber es macht die Administration später einfacher.\nLDAP: Übersetzung von Loginnamen in Principals (LDAP dn) LDAP Phase 1: Anonymous Bind zur Übersetzung von Login-Namen in einen LDAP dn.\nAuch LDAP verwendet Principals, die von Unix-UIDs verschieden sind - man meldet sich an einem LDAP-System entweder mit einem Benutzernamen oder direkt mit dem Principal, dem LDAP Distinguished Name, an. Da LDAP dn\u0026rsquo;s sehr lang sein können wird man in der Regel einen Benutzernamen (den Common Name oder den Unix-Loginnamen) verwenden. LDAP macht dann zunächst einmal einen Anonymous Bind (es meldet sich beim LDAP Server als eine Art Gast-User an) und einen Lookup vom Login-Namen auf den dn des Benutzers - dies ist quasi die Identification-Phase des Logins wie oben erwähnt.\nLDAP Phase 2: Mit dem DN und dem Paßwort meldet sich LDAP nym beim Server an. Gelingt das, stimmt das Paßwort. Der Server muß das Paßwort nicht herausgeben.\nNach einem Disconnect macht LDAP dann mit dem erhaltenen dn und dem Kennwort des Benutzers einen nymous Bind. Wenn der gelingt, weiß der Client, daß das für diesen dn angegebene Paßwort stimmt und der User ist auch authentisiert - der LDAP Server muß dazu das Paßwort nicht herausgeben: Wenn der nyme Bind gelingt, weiß der Client, daß das Paßwort stimmt. LDAP könnte nun mit dieser Verbindung die Rechte herunterladen, die dieser Identität zugeordnet sind, oder diese irgendwie anders ableiten - oft reicht nach dem nymous Bind auch ein einfaches Disconnect ohne eine einzige LDAP-Query.\nIRC: Principals done right (and wrong) Auch IRC hat Principals. In der Freenode-Geschmacksrichtung von Irc sind das die Nicknames, mit denen man sich beim Netz anmeldet. In irssi wäre das eine Definition wie\nchatnets = { freenode = { type = \u0026#34;IRC\u0026#34;; nick = \u0026#34;Isotopp\u0026#34;; autosendcmd = \u0026#34;/^msg nickserv identify s3cr3t; wait 2000\u0026#34;; }; }; Die Authentisierung des Nicknames Isotopp erfolgt hier, indem als User Isotopp eine MSG identify an den User nickserv gesendet wird, die das Authentisierungspaßwort enthält. nickserv prüft das, und ordnet dann über den Irc-Server dem User weitere Rechte zu.\nIn der Ircnet-Geschmacksrichtung von Irc funktioniert das anders. Ircnet ist archaischer und verwendet als Principal die IP-Nummer des Benutzers, unter der Annahme, daß diese Zuordnung a) irgendwie statisch und b) eindeutig ist. Eine Authentisierung findet nicht statt, sondern Ircnet vertraut dem unterliegenden Transport. Da TCP verwendet wird, weitgehend zu Recht. Ircnet ordnet IP-Nummern dann in der Autorisierung Rechte zu - zum Beispiel wird der gesamte Block von T-Online Adressen im Ircnet besonders behandelt.\nDas ist so, weil es aus diesem Adreßbereich Vandalismus gegeben hat, und da die Zuordnung von realen Personen zu Principals unter anderem wegen der T-Online 24h Zwangstrennung nicht fest ist, wenn man IP-Adressen statt Nicknamen mit Paßworten verwendet, muß man hier eine Art Gruppenhaftung einführen - wegen einiger Vandalen haben alle T-Onliner in Ircnet eine Sonderbehandlung - oder mit anderen Worten, die Zuordnung von realen Benutzern zu IP-Nummern ist nicht statisch und IP-Nummern sind keine richtigen Principals, werden aber von Ircnet dennoch so verwendet.\nIrcnet will auch die Anzahl der Nicknames limitieren, die ein einzelner User verwenden darf. Da IP-Nummern als Principals verwendet werden, limitiert man also die Anzahl der Verbindungen, die von einer einzelnen IP-Nummer ins Ircnet aufgebaut werden dürfen. Das ist lästig, wenn man einen Host betreibt, auf dem mehrere User eingeloggt sind, die alle IRC im Ircnet machen wollen: Ircnet verweigert einem dann irgendwann die Anmeldung mit \u0026ldquo;Too many host connections (global)\u0026rdquo;. Oder mit anderen Worten, die Zuordnung von realen Benutzern zu IP-Nummern ist auch nicht eindeutig, und IP-Nummern sind keine richtigen Principals, werden aber von Ircnet dennoch so verwendet.\nEin Weg, das zu fixen, ist eine Mail an die Ircnet-Operators mit der Bitte, eine Sonderbehandlung für den vermeintlichen Principal - die eigene IP-Nummer - einzutragen. Das ist auf mehrere Weisen lästig. Einmal muß man das alle paar Jahre wieder machen, wenn man den Server umzieht und die IP-Nummer des Servers sich ändert. Zum anderem muß die Eintragung unter Umständen auf mehr als einem Irc-Server erfolgen - denn während Ircnet zwar global über alle Server die Verbindungen zählt, erfolgt die Freischaltung auf jedem Server einzeln (und mit unterschiedlichen Limits). Das ist recht schwer zu debuggen und man muß bei jedem Serverbetreiber einzeln quengeln.\nEine andere Art das zu fixen ist, zu akzeptieren, daß Ircnet als Principal eine IP-Nummer verwendet, auch wenn IP-Nummern keine Principals sind. Man ordnet also jedem Unix-User eine eigene IP-Nummer zu. Die UID 100 verwendet als abgehende IP-Nummer 2a01:238:40ab:cd00::100, die UID 101 dann die 2a01:238:40ab:cd00::101 und so weiter. Ircnet zählt, blockiert und tracked dann jeden User via die IP-Nummer getrennt und man spart sich auf beiden Seiten Verwaltungsaufwand.\nIn irssi schreibt man das also als\nchatnet = { ircnet = { type = \u0026#34;IRC\u0026#34;; nick = \u0026#34;Isotopp\u0026#34;; username = \u0026#34;Isotopp\u0026#34;; host = \u0026#34;2a01:238:40ab:cd00::2774\u0026#34;; }; }; Dabei legt der Parameter host fest, an welche abgehende Adresse sich der Client bindet, mit welcher IP-Nummer er also für Ircnet sichtbar wird, hier wird der UID 10100 (kris) also die IP-Nummer …::2774 (dezimal 10100) zugeordnet. Ircnet akzeptiert das und erlaubt nun allen Unix-Benutzern den Connect vom lokalen System aus, weil jeder Benutzer von einem anderen Host kommt und daher nur gegen sein eigenes Limit zählt. Für die Ircnet-Operators ist das auch bequem - wenn ein User zickt, können sie seine IP-Nummer identifizieren und getrennt von allen anderen Benutzern von derselben physikalischen Maschine blocken.\nNur sicherheitstechnisch ist es immer noch nicht korrekt, denn IP-Nummern sind nun einmal keine Principals. Das Freenode-Modell zeigt, wie es korrekt funktioniert.\n","date":"2009-11-09T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/09/principal.html","tags":["identity","security","lang_de"],"title":"'Principal'?"},{"categories":null,"content":"Ich glaube ja, daß Google eine der am meisten mißverstandenen Firmen auf diesem Planeten ist. Die meisten Leute halten Google für eine globale Suchmaschine. Das ist wohl richtig, aber es greift viel zu kurz, wenn man sich die Konsequenzen nicht klar macht.\nGoogle selber formuliert die eigene Mission eher als den Versuch, alles Wissen der Welt zu erfassen, zu ordnen und gezielt zugreifbar zu machen. Das ist besser, aber die meisten Leute lesen das nicht oder denken nicht darüber nach, was das bedeutet.\nGoogle betreibt zum Beispiel Rechenzentren in aller Welt. Rechenzentren sind Kisten, in die man Rechner reinstellt, und in die man dann Strom, Kühlung und Netz einfüllt und Netz rausholt. Hauptkostenfaktor bei Rechenzentren ist Strom - also baut Google Rechenzentren die weniger Strom verbrauchen . Wenn man genug Rechner reinstellt und lange genug wartet, dann bekommt man Statistiken über die Zuverlässigkeit von Harddisks (PDF) und RAM Speicher (PDF). Sicher gibt es auch andere Leute, die große Mengen von Rechnern betreiben, aber diese Leute veröffentlichen anders als Google keine wissenschaftlichen Papers darüber. Vielleicht reden sie nicht wie Google darüber, wahrscheinlicher ist aber, daß sie nicht auf dieselbe Weise wie Google über ihr Handeln reflektieren.\nGoogle reflektiert das eigene Handeln sehr intensiv - und zieht die Konsequenzen daraus. Wer zum Beispiel so viele Rechenzentren wie Google hat , der braucht natürlich auch Mechanismen, um Daten zwischen diesen Data Centers zu transferieren. Das ist nicht etwas, das man bezahlen möchte. Also muß man sich eine günstige Methode überlegen, um Daten zwischen diesen Rechenzentren zu transferieren - gesagt, getan . Die Konsequenzen sind durchschlagend - Youtube hat einen signifikanten Anteil am gesamten Webtraffic der Welt, aber Google hat keine Traffickosten damit.\nIn der Konsequenz bedeutet das auch, daß Google am Ende die Diskussion über Netzneutralität nur teilweise interessiert. Google belastet die Netze von anderen ISPs jedenfalls nicht, weil Google sein eigener ISP ist und den erzeugten Traffic bevorzugt durch eigene Netze leitet und nur für die \u0026rsquo;letzte Meile\u0026rsquo; durch das Netz des ISP des Endkunden leitet. Das Argument, daß Google einem ISP Kosten erzeugt ist jedenfalls haltlos, und wird nur als Hebel gebraucht, um an die Einnahmen von Google zu kommen oder Google zu Zugeständnissen zu zwingen.\nGoogle ist also auch eine Art CDN , wenn man das so sehen will - die Rechenzentren sind jedenfalls über die ganze Welt verteilt und können in den meisten Fällen sehr nahe am Endkunden sein. Damit das so sein kann braucht man jedoch neben Bandbreite auch noch ein Dateisystem und in Kombination damit eine Art HSM , das nicht nur Replikation der Daten regelt, sondern die Daten auch netzwerktopologisch nahe an den Verbrauchern einlagert.\nGoogle hat das und minimiert so auch den Verkehr im eigenen Netz.\nDie Daten werden dann in Berechnungen benötigt, und die Berechnungen sollen angesichts der Massen von verfügbaren Rechnern parallelisiert werden. Dazu hat man einen Mechanismus entwickelt, der Map Reduce heißt und der es erlaubt, eine Berechnung auf eine große Menge von Rechnern zu verteilen, parallel auszuführen und die Ergebnisse einzusammeln. Das MapReduce Framework kümmert sich dabei um das Management der Berechnungsinfrastruktur, für den Entwickler bleibt also \u0026ldquo;nur\u0026rdquo; die Arbeit, die Berechnung in einer MapReduce-geeigneten Weise zu zerteilen und aufzuschreiben. Das ist die Grundlage, auf derer Google-Entwickler Anwendungen schreiben können und die ihnen erlaubt, diese Anwendungen auf 10^9 User hoch zu skalieren, ohne den Code übermäßig anpassen zu müssen.\nAber das ist Infrastruktur. Auf einer höheren Ebene passieren ebenfalls spannende Dinge:\nEine der Grundideen, die sich strategisch durch alle diese Aktivitäten von Google ziehen, ist die Unabhängigkeit von anderen Firmen. Ein schönes Beispiel dafür ist nicht nur die oben verlinkte Dark Fiber-Aktion, sondern auch die Entwicklung von Googe Maps mit Turn-based Navigation . Seit Anfang 2005 veröffentlicht Google in Google Maps auch Fotografien entlang der Strecke, die durch spezielle Kamerawagen erfaßt worden sind. Diese Erfassung muß also schon früher begonnen haben, die Konstruktion der Spezialfahrzeuge noch früher (der IPO von Google war jedoch im August 2004 - das zum Thema langfristige Planung).\nDieser Datenfundus ist inzwischen groß genug, um mit diesen Daten auch \u0026rsquo;turn based navigation\u0026rsquo; anbieten zu können und dabei weder von Teleatlas noch NavTeq als Datenquelle abhängig zu sein. Das war schon vor 3 Jahren vermutet worden , aber auch aktuelle Analysen greifen noch zu kurz .\nDenn mit Geodaten und Positionsinformationen aus Latitude lassen sich noch viele andere Dinge machen: Google füttert seine Kartendaten mit den Kennungen von Mobilfunknetzen aus Google Maps auf Mobiltelefonen und benutzt diese Information wiederum um ihr AGPS schneller zu machen. Mit den Daten aus Latitude lassen sich wiederum - eine ausreichende Nutzerdichte vorausgesetzt - Verkehrsströme erfassen, mappen und später vorhersagen. Wenn Maps dabei auf Mobiltelefonen läuft und die Telefone \u0026lsquo;in-car mode\u0026rsquo; signalisieren, dann kann man sogar Fußgänger und Autofahrer sicher voneinander unterscheiden, und mit den verwendeten Navigationszielen auch Vorhersagen für etwa Busnetzbetreiber machen, die diese Daten zur Angebotsoptimierung verwenden könnten.\nGoogle macht aber nicht nur Geoinformation, sondern spielt auch auf anderen Märkten. Dabei ist Google so modern und flexibel, daß die jeweils etablierten Player auf diesen Märkten als \u0026lsquo;wehrlos\u0026rsquo; gelten müssen. Googles Buchdigitalisierungsprojekt zum Beispiel ist so groß und umfassend, daß sich die Print-Industrie Existenzängsten ausgesetzt sieht und nach Regulierung schreit, anstatt mit Google über neue Geschäftsmodelle zu verhandeln. Aber statt Dinge wie Markterweiterung, Paradigmenwechsel und so zu thematisieren bekommt man Statements von Ledereinbandsfetischisten und Liebhabern des haptischen Bucherlebnisses die circa kurz nach Gutenberg stehen geblieben sind.\nDie verwandte Zunft der Nachrichtenagenturen fordert gar ein Leistungsschutzrecht für Nachrichten. Das ist eine Idee, die ich mit großem Amusement verfolge, denn unsere Regierung will dieses Recht auf Betreiben der Agenturen schaffen - und so werden wir beobachten können, wie genau dieses Recht am Ende die Agenturen umbringen wird. Denn es werden am Ende Nachrichten von Googles Agentur sein, die durch dieses Recht geschützt werden, und so werden die überlebenden traditionellen Verbraucher von Nachrichten am Ende von dort lizensieren müssen. Oder glaubt jemand nach der Google Maps/Streetview-Aktion, daß Google sich in dieser Sache von externen Firmen abhängig machen lassen wird, wenn sie es schon bei Kartendaten nicht zugelassen haben?\nEs gibt noch etwas anderes, das mich sehr fasziniert, und das ist die geringe Zahl von beobachtbaren Fuck-Ups bei Google. Ich vermute, daß man bei Google nicht viel anders arbeitet als etwa bei uns, d.h. daß man als web-basierendes Unternehmen so agil ist, wie es die eigene Größe irgend erlaubt. Bei solchen Rollouts kann es zu Ausfällen kommen , aber tatsächlich sind diese sehr sehr selten im Verhältnis zu der Anzahl der Rollouts, die stattgefunden haben müssen. Viele Pannen, die Google unterstellt werden, sind dabei noch nicht einmal welche: Die Google Voice Sache ist ein klassischer PEBKAC, und auch die Google Docs Sache ist mindestens partiell ein PEBKAC. Alles in allem habe ich angesichts der Größe der Operation, der Anzahl der Mitarbeiter und der Frequenz der Codechanges einen Heidenrespekt vor der Qualität, die Google da produziert.\nEs ist klar, daß es Mechanismen und eine Kultur geben muß, die das erzeugt und die solche Fuck-Ups erkennt und im Ansatz verhindert. Es gibt Theorien, die sich mit der 20% Time von Google beschäftigen. Es sieht wohl so aus, daß die meisten Googler diese Zeit verwenden, um intern Code Changes von Kollegen zu sichten und zu prüfen. Bei Cringely wird das näher beschrieben.\nDazu kommt noch, daß man Sachen, die sich messen lassen, auch mißt und sich nicht mit Meinungen aufhält, wenn man harte Daten haben kann - Marissa Mayer zum Beispiel ist bekannt dafür, daß sie einmal die Klickraten von 40 verschiedenen Blautönen hat Messen lassen.\nWenn man nun einmal ein paar Schritte zurücktritt und das Gesamtbild auf sich wirken läßt, dann erkennt man Muster:\nAlles in allem wirkt der Ansatz von Google auf mich wie eine Firma von Physikern oder anderen Experimental-Forschern mit akademischem Background, die beschlossen haben, einmal \u0026lsquo;so richtig\u0026rsquo; in die Wirtschaft zu gehen und ihre Methoden dort hin zu portieren. Man baut Modelle, identifiziert Abhängigkeiten und eliminiert sie konsequent und man hat keine Angst, dabei auch richtig groß zu denken und Neuland zu betreten.\nAuf eine Weise betreibt man Grundlagenforschung, aber nicht in der Abgeschiedenheit von Menlo Park oder einem anderen Elfenbeinturm, sondern gleich in der Produktion.\n","date":"2009-11-07T00:00:00Z","href":"https://blog.koehntopp.info/2009/11/07/das-google-missverstaendnis.html","tags":["google","internet","technik","lang_de"],"title":"Das Google-Mißverständnis"},{"categories":null,"content":"Ich sitze hier auf der Open Source Monitoring Conference und unterhalte mich mit ein paar Nagios bzw. Icinga Entwicklern. Dabei hörte ich einen Haufen Flüche über NDO - Nagios Data Out. Ich schaue mir gerade die Dokumentation zum NDO Schema an und stelle fest, daß die Ideen hier auf eine Weise viele Fehler teilen, die auch dem MySQL Enterprise Manager Schema zugrunde liegen (Noch, das MEM-Team bastelt das grad um).\nEin naives Zeitreihenmodell Beiden ist gemein, daß man Zeitreihendaten von mehreren Meßwerten sammeln möchte. Der naive Ansatz ist die Definition einer Tabelle mit einem Timestamp und dem Key als Primärschlüssel, etwa\nCREATE TABLE messwerte ( ts datetime not null, key varchar(40) charset latin1 not null, value integer, primary key (ts, key) ); Schlüsselkompression Dabei wird es natürlich zu einer vielfachen Wiederholung der Werte von key kommen - speichert man etwa die Ausgabe von SHOW GLOBAL STATUS im Minutenabstand, dann hat man wieder und wieder die langen Namen von MySQL Statusvariablen in der Tabelle gespeichert. Das kann man wegnormalisieren, indem man definiert\nCREATE TABLE keys ( key_id smallint unsigned not null, key_name varchar(40) charset latin1 not null, primary key (key_id) ); CREATE TABLE messwerte ( ts datetime not null, key_id smallint unsigned not null, value integer, primary key (ts, key_id) ); Auf diese Weise speichert man nicht wieder und wieder dieselben Strings in der Tabelle ab, sondern hat die relativ langen Strings auf die 2 Byte eines SMALLINT ohne Vorzeichen reduziert.\nER-Diagramm mit Key-Compression durch eine Lookup-Tabelle.\nData Lifecycle Management - DROP statt DELETE In so einer Meßwertetabelle wird man ja laufend Meßwerte einfügen - und zwar von vielen Meßstellen gleichzeitig. Zugleich sollen auch Meßwerte ausgewertet werden. Damit sich die konkurrenten Schreibzugriffe nicht ins Gehege kommen und damit parallel dazu auch ungestört gelesen werden kann, muß diese Tabelle unbedingt eine InnoDB Tabelle sein - mit MyISAM zieht man sich sonst binnen kürzester Zeit die Table Locks zu.\nInnoDB speichert die Daten in einem B+-Baum ab: Ein balancierter Baum, bei dem die Blätter des Primärschlüssels die eigentlichen Daten sind. Die Daten werden also gemäß unserer Definition in der Reihenfolge (ts, key_id) gespeichert: Neue Daten werden immer an rechten Rand der Tabelle eingefügt, alte Daten stehen weiter links.\nDaten werden links gelöscht und rechts im Baum eingefügt. Dadurch muß der B-Baum ständig neu balanciert werden, damit er nicht zu einer linearen Liste degeneriert. Das ist eine sehr langsame Operation.\nDabei tritt ein Problem auf: Da neue Daten immer rechts angefügt werden und alte Daten immer links gelöscht werden, bekommen wir einen Baum, der maximal stark unbalanciert wird. Damit der B-Baum immer schön balanciert bleibt, müssen beim Löschen der Daten also massenhaft Rebalancing-Operationen durchgeführt werden - das involviert aber eine ganze Menge von Updates im oberen Teil des Baumes bis hin zur Wurzel, und wühlt damit also eine große Menge von Daten auf - noch dazu mit Random-I/O, also mit vielen Seeks.\nWenn man wie ich eine MySQL Enterprise Manager Instalallation hat, die pro Tag 7 GB neue Daten bekommt, dann muß man auch 7 GB Daten am Tag löschen, damit die Platten nicht überlaufen.\nDie generische Lösung ist hier, entweder MySQL 5.1 Partitionen zu verwenden, oder dasselbe manuell zu simulieren. Dazu baut man sich eine Template-Tabelle, die man dann in bestimmten Intervallen cloned: Pro Stunde, Tag, Woche oder Monat wird eine neue Tabelle angefangen.\nCREATE TABLE messwerte_template ( ts datetime not null, key_id smallint unsigned not null, value integer, primary key (ts, key_id) ); CREATE TABLE messwerte_20091028 LIKE messwerte_template; -- usw. Das hat den Vorteil, daß man alte Werte nun nicht mit einem \u0026ldquo;DELETE FROM messwerte WHERE ts \u0026lt; \u0026lsquo;20090928 00:00:00\u0026rsquo;\u0026rdquo; loswerden muß, sondern elegant \u0026ldquo;DROP TABLE messwerte_20090928\u0026rdquo; sagen darf. Dafür muß man - so man nicht Partitionen verwendet - bei den Queries ein wenig mehr arbeiten, weil man sich die Gesamtergebnisse aus den Tages-Tabellen zusammenstückeln muß, und dabei tunlichst nicht UNION verwenden darf, damit es schnell ist (UNION ALL wäre okay, wäre es nicht in MySQL kaputt ).\nSchema mit Key-Kompression und Tagestabellen. Löschung von Daten kann pro Tag durch ein DROP TABLE erfolgen.\nUNION ist deswegen nicht so toll, weil dies nach Definition Duplikate eliminieren muß, und dazu fügt MySQL intern die einzelnen Teiltabellen zu einer temporären Tabelle zusammen, sortiert diese, killt die Doubletten und schmeißt die temporäre Tabelle weg, nachdem es uns das Resultat gesendet hat. Leider ist die nächste Anfrage danach gleich wieder mit UNION, und der Zirkus geht von vorne los. UNION ALL hätte dieses Problem nicht (jedoch ) - es darf uns nach Definition fröhlich Duplikate senden und braucht daher diesen Verarbeitungsschritt nicht.\nLocality Of Reference Das nächste Problem ergibt sich nun aus der Tatsache, daß alle Meßwerte aus einer Messung in derselben Tabelle gespeichert werden. Eine Tabelle besteht in InnoDB ja aus Blöcken von 16KB, die jeweils am Stück geladen und gespeichert werden. In unserer Tabelle stehen nun Tripel (ts, key_id, value), wobei so knapp an die 300 verschiedene key_id und value pro ts gespeichert werden, wenn wir z.B. einmal pro Minute den Output von SHOW GLOBAL STATUS aufzeichnen. Eine Zeile (datetime, smallint, integer) ist 8+2+4 = 14 Byte plus Overhead (6+8 = 14) breit, d.h. wir bekommen etwa zwei Messungen in einen 16KB Block hinein.\nWenn wir nun aus diesen Meßwerten einen Graph zeichnen wollen, dann brauchen wir z.B. für einen InnoDB-Graph ca. 4 Meßwerte pro Messung. Wir laden also 16 KB, nutzen 8*4 = 32 Byte davon, schmeißen den Rest weg, laden die nächsten 16 KB und so weiter. Es wird klar, daß wir die Daten zwar in großen breiten Zeilen erfassen, diese aber in der Regel nicht so brauchen.\nEs ist also lohnend, sich Gedanken über die Bedeutung der Meßwerte zu machen und sie in etwa so zu gruppieren, daß wenigstens alle com-Counter in einer Tabelle, alle InnoDB-Meßwerte in einer anderen Tabelle stehen und so weiter. Dadurch würde beim Zeichnen des InnoDB-Graphen nicht auf eine Tabelle mit 8KB langen Rows zugegriffen werden, sondern vielleicht auf eine Tabelle mit 200 Byte langen Rows, und wir würden immerhin 32 Byte von 200 Byte nutzen, oder pro Block nicht zwei, sondern ca. 80 Meßwerte auf einen Schlag laden. Für einen 640 Pixel breiten Graphen würden wir also nicht mehr 320 16KB Blöcke laden müssen, sondern nur noch 8.\nWenn man begriffen hat, daß Locality of Reference und komplettes Data Lifecycle Management wesentlich sind, wenn man von Zeitreihen sinnvolle Performance will, und sein Datenmodell danach baut, dann kann man langsam einmal anfangen, sich über weitergehende Dinge Gedanken zu machen (etwa: Aggregation - wie viele Meßwerte brauche ich denn, um Pixel sinnvoll zu schwärzen). Aber das ist eine Diskussion für ein anderes Mal.\n","date":"2009-10-28T00:00:00Z","href":"https://blog.koehntopp.info/2009/10/28/ein-paar-gedanken-zu-zeitreihendaten.html","tags":["database","development","mysql","sql","lang_de"],"title":"Ein paar Gedanken zu Zeitreihendaten"},{"categories":null,"content":"Ich habe die letzten paar Tage unter Wikipedianern zugebracht. Also, nicht etwa in deren Wiki, wie man erwarten sollte, sondern im Freenode im Channel #wikipedia-de, wo offenbar einige Leute abhängen, die in der deutschen Wikipedia editieren. Die Erfahrung war… seltsam.\nAlso, die folgende Situation liegt vor: Jemand schreibt einen Artikel in einem großen deutschen Blog, der den Finger in eine Sache legt, die seiner Auffassung nach in der deutschen Wikipedia seltsam abgelaufen ist. Im Channel und offenbar auch in der Wikipedia kennt man diese Person nicht - wie auch, es gibt ja keinen Artikel über sie und außerdem ist es \u0026ldquo;nur ein Blogger, also nicht relevant\u0026rdquo;.\nIch werfe ein, daß dieses Blog, wenn es auf Artikel von mir verweist, durchaus eine substantielle Welle macht (Faktor 4, Heise macht bei mir Faktor 7) und in den \u0026ldquo;Deutschen Blogcharts\u0026rdquo; auf Platz 7 steht (Die Blogcharts messen Zitierhäufigkeit, nicht Zugriffe), und daß ich daher vielleicht eine etwas andere Auffassung des Relevanzbegriffes habe. Außerdem hat inzwischen auch Der Spiegel das Thema aufgegriffen - aber es ist ja nur der Spiegel Online, und der ist nicht relevant…\nDiese Sicht auf ein eigenwilliges, aber durchaus nicht unbedeutendes Blog ist schon ungewöhnlich und hat beinahe liebenswerte, offline-artige Züge.\nWie dem auch sei: Fefes Blog ist eine eigenartige Sache und für manche Leute schwer zu verstehen. Fefe berichtet dort eine ganze Menge Sachen, von denen die meisten unter der Überschrift abgelegt werden müssen \u0026ldquo;Wenn es schon nicht wahr ist, so ist es doch zumindest eine gute Geschichte\u0026rdquo;. Gelegentlich hat er außerdem Dinge darin, die bereits bestehende Energie in seiner Community nimmt und ihr eine Richtung gibt - er liefert keine Gründe, aber er liefert Anlässe. Das sind dann so Dinge wie das Prügelpolizistenvideo, das auch von den Holzmedien aufgegriffen wurde, oder halt so Dinge wie die Mogis-Löschung in der Wikipedia.\nDie Reaktion der Wikipedianer auf den Artikel ist aber auch aus anderen Blickwinkeln interessant:\nEinmal gibt es eine große Menge Leute, die sich mit dem Anlaß aufhalten, also der konkreten Löschung, an der erwartungsgemäß viel weniger Substanz ist als ursprünglich berichtet. Das wichtige wäre aber, sich mit dem Grund auseinanderzusetzen, der dafür sorgt, daß diese Angelegenheit ein so großes Medienecho erzeugen kann. Das kann sie nämlich nur, weil Wikipedia in Deutschland ein echtes Problem hat - die Löschköpfe werden als dominant wahrgenommen.\nIn jedem einzelnen Artikel, der die Meldung von Fefe aufgegeben hat gibt es eine ganze Reihe von Kommentaren, in denen sinngemäß steht \u0026ldquo;Ich hab meine Mitarbeit an der deutschen Wikipedia aufgegeben, nachdem meine Artikel, in die ich viel Zeit und Mühe investiert habe, dort wegen $GRUND gelöscht worden sind.\u0026rdquo; oder in denen sinngemäß steht \u0026ldquo;Ich schaue schon gar nicht mehr in die deutsche Wikipedia, weil die Sachen, nach denen ich suche sowieso nur in der englischen Wikipedia zu finden sind.\u0026rdquo;\nZugleich hört man im IRC-Channel Vertreter der Löschkopf-Fraktion argumentieren, daß die deutsche Wikipedia zu wenig Mitarbeiter hat und daß man unter anderem deswegen löschen müsse und sich auf relevante Kern-Artikel konzentrieren müsse, weil man sonst die Qualität mit der Anzahl der engagierten Wikipedianer gar nicht aufrecht erhalten könne. Auf die Querverbindung, daß die Politik der Löschköpfe etwas mit der Anzahl und der Motivation der Leute zu tun haben könnte kommt keiner.\nZum anderen, und das greift hier direkt rein, ist die Reaktion der deutschen Wikipedia spannend. Sie agiert nämlich quasi wehrlos.\nAlso, es ist ja nicht weiter schwierig, viel von dem Zeugs zu widerlegen, das Fefe da schreibt. Insbesondere wenn man ein Online-Lexikon mit einer Armee von geübten Rechercheuren ist, und Fefe eine Einzelperson mit einer fragwürdigen Quellenlage. Davon ist wenig passiert, oder, wenn es passiert ist, ist es nicht geeignet publiziert worden.\nDann ist die ganze Aktion ja auch ein Gratis-PR Fest. Ich meine, da kommt einer mit 270.000 Hits/d vorbei und hetzt eine Meute von Lesern in meine Richtung. Das wäre die Gelegenheit, diesen Leuten einmal vorzustellen, was Wikipedia ist. So wie das \u0026ldquo;Ich bin Pirat! \u0026quot;-Video einer Organisation wie der Piratenpartei ein Gesicht gibt, hätte man leicht Webseiten haben können mit einem Gesicht pro Tag, auf denen sich ein engagierter Wikipedianer vorstellt. \u0026ldquo;Ich bin \u0026hellip;, und betreue die Kategorie \u0026hellip; Wir haben \u0026hellip; Artikel, und bauen derzeit den Bereich \u0026hellip; aus. Dazu suchen wir noch Leute, die uns helfen, die Quellenlage bei \u0026hellip; zu verbessern.\u0026rdquo; Instant win - nix ist passiert.\nOder man macht an einem Tag einmal eine Reportage über jemanden aus der Eingangskontrolle. \u0026ldquo;Wir bekommen hier jeden Tag \u0026hellip; neue Artikel. Die meisten von denen sehen so aus: $BESONDERS_SCHLECHTES_BEISPIEL. Wir haben nun ein Dilemma: Sollen wir den Artikel wegschmeißen und jemanden frustrieren oder bauen wir ihn aus, in der Hoffnung, daß diese Person lernt und es das nächste mal besser mache. Ein guter Artikel in einem Lexikon sieht ja so aus: $ARTIKEL_VON_EBEN_ETWAS_BESSER. Wir haben da die folgenden Punkte nachgerüstet: $ERKLÄRUNG.\u0026rdquo; Und so weiter. Auf diese Weise gibt man dem Laden ein Gesicht und zieht zugleich Leute rein.\nWikipedia-DE tut nichts von alle dem. Wikipedia-DE schweigt, lästert im Irc über den Vorfall und geht zur Tagesordnung über. Wikipedia-DE vergibt hier eine große Chance, sich weiter zu entwickeln, sich zu öffnen, sich darzustellen, und Herzen zu gewinnen - Wikipedia-DE hat zu viel Hirn, zu viele Regeln und kein Gesicht.\nUnd das, liebe Wikipedia-DE, ist der Grund. Fefe war nur der Anlaß. Wenn Ihr besser werden wollt, dann müßt Ihr an dem Grund arbeiten, und den Anlaß\u0026hellip; Naja, der ist am Ende nicht weiter wichtig.\nPS: Ich hänge da nun schon einige Tage in dem Channel, aber ein Tutorial \u0026ldquo;Wikipedia - wie man es macht\u0026rdquo; habe ich noch nicht gesehen. Und auch im Channel niemanden jemand anders auf so etwas hinweisen sehen. Habt Ihr überhaupt Neulinge? Wenn ja, wie saugt ihr die ein und bringt sie auf Geschwindigkeit? Würd mich echt mal interessieren.\n","date":"2009-10-21T00:00:00Z","href":"https://blog.koehntopp.info/2009/10/21/unter-wikipedianern.html","tags":["internet","wikipedia","lang_de"],"title":"Unter Wikipedianern"},{"categories":null,"content":"Ich lese gerade SQLite Foreign Key Support und ich muß sagen, ich kann mir ein leichtes Grinsen nicht verkneifen.\nAlso, ich finds ja gut, daß SQLite die Option für Foreign Key Constraints implementiert und ich finds sogar noch besser, daß mit DEFERRABLE INITIALLY DEFERRED sogar die einzig sinnvolle Weise das zu tun bereitgestellt wird, aber ich frag mich schon, wozu das gut sein soll.\nForeign Keys Aber von vorne. Wenn eine Tabelle einen Primary Key hat, dann kann jede Zeile in der Tabelle über diesen Key eindeutig identifiziert werden. Das erlaubt es, in anderen Tabellen auf Zeilen der Ausgangstabelle Bezug zu nehmen:\nCREATE TABLE a ( aid INTEGER UNSIGNED NOT NULL PRIMARY KEY, adata VARCHAR(20) NOT NULL ); CREATE TABLE b ( bid INTEGER UNSIGNED NOT NULL PRIMARY KEY, aid INTEGER UNSIGNED NOT NULL, bdata VARCHAR(20) NOT NULL ); Hier ist b.aid der Primärschlüssel von a, der in b genannt wird. Wir nennen b.aid den \u0026ldquo;Fremdschlüssel von a in b\u0026rdquo;.\nDazu ein paar Anmerkungen, weil es oft nachlässig gehandhabt wird: aid ist kein Fremdschlüssel, sondern aid ist nicht eindeutig. a.aid ist ein Primärschlüssel, b.aid ist \u0026ldquo;der Fremdschüssel von a in b\u0026rdquo; und ohne den \u0026ldquo;von a in b\u0026rdquo;-Teil ist es streng genommen auch wieder nicht eindeutig.\nDennoch sagen viele Leute \u0026ldquo;aid ist Fremdschlüssel\u0026rdquo; und überlassen es dem Kontext, klarzustellen daß \u0026ldquo;b.aid ist ein Fremdschlüssel von a in b\u0026rdquo; gemeint ist. Da muß man sich dran gewöhnen und das mental korrekt expandieren.\nUnd schließlich ist es tatsächlich so, daß schon das bloße Anlegen von b.aid und Befüllen von b.aid mit Werten von a.aid ausreicht, um eine Fremdschlüsselbeziehung zu definieren. Es kann nun sein, daß jemand oder etwas illegale a.aid in b.aid hinterlegt, daß also b.aid existieren, für die es keine passenden a.aid-Einträge gibt, und das führt uns zur folgenden Verschärfung.\nForeign Key Constraints Solche illegalen Werte in b.aid zu verhindern ist die Aufgabe einer FOREIGN KEY CONSTRAINT, aber diese ist vollkommen optional. Wollte man sie haben, definierte man sie so:\nCREATE TABLE b ( bid INTEGER UNSIGNED NOT NULL PRIMARY KEY, aid INTEGER UNSIGNED NOT NULL, bdata VARCHAR(20) NOT NULL, FOREIGN KEY (aid) REFERENCES a(aid) -- hier noch Optionen ); und wo der Kommentar Optionen vorsieht könnte man noch Dinge notieren wie DEFERRABLE INITIALLY DEFERRED.\nEinige Datenbanken-Implementierungen verlangen auch noch Nebenbedingungen wie \u0026ldquo;auf a.aid und auf b.aid muß jeweils ein Index definiert sein\u0026rdquo;. Das ist sogar dann sinnvoll, wenn die Implementierung es nicht verlangt, aber im mathematisch-definitorischen Sinne nicht notwendig. Die Implementierungen verlangen so etwas, denn wann immer wir eine CONSTRAINT definieren, muß diese ja auch geprüft werden. Für die Prüfung wollen wir realistischerweise, daß diese effizient durchgeführt wird - das geht aber nur mit einem Index flink.\nEine kleine Abschweifung: Schlüssel vs. Index Eine kleine Abschweifung: Das ist auch der Grund, warum die Begriffe Schlüssel (Key) und Index von Datenbankern synonym verwendet werden: Ein Schlüssel ist etwas, das eine einzelne Zeile (UNIQUE KEY) oder eine zusammengehörende Gruppe von Zeilen identifiziert, ein Index ist die Struktur, die diese Dinge schnell auffindbar macht.\nDefiniert man zum Beispiel eine UNIQUE KEY CONSTRAINT (es kann nur eine Zeile dieses Wertes in einer Tabelle geben), dann muß beim Einfügen von neuen Zeilen ja in der Tabelle nachgesehen werden, ob es diesen Wert vielleicht schon gibt. Ohne einen Index wäre das eine sehr langsame Operation - daher geht eine UNIQUE KEY CONSTRAINT immer mit einem Index auf die Zeile zusammen und daher verwenden die meisten Datenbanker die Begriffe KEY und INDEX austauschbar, auch wenn sie verschiedene Dinge bezeichnen: Ein Schlüssel ist eine Eigenschaft einer Spalte, ein Index ist eine Struktur der Implementierung.\nWozu FK-Constraints? Wie auch immer: Die Aufgabe einer FOREIGN KEY CONSTRAINT ist es, sicherzustellen, daß in der Fremdschlüsselspalte b.aid zu jedem Zeitpunkt immer nur gültige Werte stehen.\nIn MySQL ist es nun leider so, daß InnoDB dies etwas dämlich implementiert: Dort wird nämlich - wie in SQLite per Default auch - nach jedem Statement geprüft, ob die Constraint gültig ist oder verletzt wird. Das macht es notwendig, die Reihenfolge von Operationen so zu gestalten, daß die Constraint immer gilt - selbstreferentielle Strukturen nerven besonders, weil man diese quasi nur Top-Down aufbauen kann, und wenn die Struktur zirkulär ist, kann man sie gar nicht errichten, es sei denn, man schaltet die Constraint-Prüfung aus.\nIch kann also in MySQL nicht so vorgehen:\nBEGIN WORK; INSERT INTO b (bid, aid, bdata) VALUES (1, 1, \u0026#34;keks\u0026#34;); INSERT INTO a (aid, adata) VALUES (1, \u0026#34;keks\u0026#34;); COMMIT; Dies scheitert nach dem ersten Insert, weil die a.aid = 1 noch nicht existiert, wenn ich die b.aid = 1 in die Tabelle einfüge. Technisch ist das eigentlich kein Problem, denn da dies alles in einer Transaktion geschieht tauchen beide Werte gleichzeitig erst zum COMMIT in der Datenbank auf, aber die Prüfung erfolgt leider per Statement und nicht per Transaktion. Ich muß also Entwickler als meinen Code passend strukturieren, egal ob das der Anwendungslogik gerecht wird oder nicht.\nIn SQLite darf man immerhin DEFERRABLE INITIALLY DEFERRED angeben, und das will man offenbar auch dringend. In diesem Fall wird die FK-Constraint nicht bei jedem Statement geprüft, sondern erst am Ende einer Transaktion beim COMMIT. Man kann sich also seine Strukturen nach Belieben zusammenbauen, und die Datenbank erzwingt dabei keine besondere Ordnung der Anweisungen im Code, sondern verlangt nur, daß in dem Moment, wenn man seine Änderungen für Dritte sichtbar publiziert, die FK-Constraints eingehalten werden.\nDer Sinn von FK-Constraints ist es, gültige Datenstrukturen und insbesondere gültige Verknüpfungen zwischen Daten zu erzwingen, die auf verschiedene Tabellen desselben Schemas oder derselben Instanz verteilt sind. Die FK-Constraint macht diese Prüfung in der Datenbank, denn nur so ist sichergestellt, daß unterschiedliche Anwendungen, die unterschiedliche Bibliotheken und Programmiersprachen verwenden, denselben Bedingungen beim Schreiben hinsichtlich der Gültigkeit von Datenstrukturen unterliegen.\nBitte mal Anhalten und den vorhergehenden Satz ein zweites Mal lesen.\nIm Netz findet man mitunter Diskussionen über Datenmodellierung und dort gibt es in der Regel eine Gruppe von Personen, die vehement die Auffassung vertritt, daß ein Datenmodell, das FK- und andere Constraints nicht im Modell definiert schlicht falsch (ersatzweise \u0026ldquo;Schrott\u0026rdquo;, \u0026ldquo;Müll\u0026rdquo;, \u0026ldquo;Gefrickel\u0026rdquo; und anderes) ist.\nGrenzen und Probleme von FK-Constraints In der Aussage oben stecken ein paar Annahmen drin, und die sind nicht unbedingt immer gegeben. Wenn sie nicht gegeben sind, sind FK-Constraints mindestens sinnlos, manchmal sogar schädlich.\nEine Annahme, nämlich die, die mich angesichts der FK-Constraints von SQLite grinsen ließ, ist wie folgt: Es ist die Rede davon, daß unterschiedliche Anwendungen mit unterschiedlichen Bibliotheken oder Programmiersprachen auf die Datenbank zugreifen. SQLite ist aber eine Embedded Datenbank, die Daten in einer einzelnen Datenbankdatei ablegt und Locking auf der Ebene der gesamten Datenbank betreibt. Auf eine SQLite-Datenbank (etwa die Titelliste von iTunes oder das MacOS Adreßbuch) greift in der Regel nur eine Anwendung (iTunes, das Adreßbuch) schreibend zu. FK-Constraints in SQLite sind… ziemlicher Overkill.\nAuch bei \u0026ldquo;uns\u0026rdquo; in der Produktion haben wir uns entschieden, MySQL FK-Constraints überwiegend nicht zu nutzen. Das hat eine Reihe von Gründen, die zum Teil auch nur gültig sind, weil wir in einer speziellen und sehr günstigen Ausgangslage sind.\nIn MySQL ist die Nutzung von FK-Constraints überhaupt nur sinnvoll möglich, wenn die InnoDB Storage Engine verwendet wird. In MyISAM wird die Syntax für Constraint Definitionen zwar geparsed, dann aber nicht beachtet. Wir nutzen InnoDB, aber wir definieren keine neuen Constraints mehr und wir nehmen die existierenden Definitionen schrittweise nach Möglichkeit zurück.\nDas ist so, weil zum einen unser Schema inzwischen größer als eine Instanz ist: Wir haben zwar verschiedenen MySQL-Instanzen, aber diese sind in Wirklichkeit alle nicht alleinstehend, sondern wir haben Bezüge zwischen Daten, die in verschiedenen Instanzen liegen: Daten in Tabellen der \u0026ldquo;av\u0026rdquo;-Instanz beziehen sich auf Datensätze, deren Rows in Tabellen der \u0026ldquo;bp\u0026rdquo;-Instanz liegen. Dies ist mit einer FK-Constraint nicht zu modellieren, und wenn man es modellierte wäre es kaum effizient zu prüfen: Die Netzwerk-Latenzen würden sich akkumulieren und zu sehr bremsen um praktikabel zu sein.\nEs ist auch absehbar, daß wir bald Tabellen haben werden, die größer als eine Instanz sind, daß wir also Sharding betreiben werden müssen. In diesem Fall verschärft sich die Situation noch weiter.\nEs ist weiterhin so, daß wir so sehr auf Performance optimieren müssen, daß wir uns die Kosten von FK-Constraints nicht mehr leisten können und wollen. Wenn man eine FK-Constraint definiert, dann muß diese ja auch geprüft werden - MySQL prüft sie bei jedem Zugriff.\nDas bedeutet aber bei jedem Schreibzugriff gibt es einen weiteren Lookup in der referenzierten Tabelle. Dazu muß die referenzierte Tabelle wiederum zum Teil geladen werden, was den Cache-Footprint bzw. den Working Set der Anwendung auf eine Weise vergrößert, die in bestimmten Situationen fatal sein kann. Die Anwendung kann plötzlich von speichergesättigt in einen disk-bound Zustand übergehen, weil sich der Working Set durch die Lookups so stark vergrößert, daß der aktive Teil der Anwendung nicht mehr im Speicher gehalten werden kann.\nObendrein kommt im speziellen Fall von InnoDB, daß Schreibzugriffe auf ein Ende einer FK-Constraint nicht nur den beschriebenen Record X-Locken, sondern auch das andere Ende der Beziehung S-Locken, und daß diese Locks außerdem bei kaskadierenden Beziehungen über hierarchische Strukturen noch weiter eskalieren können. Schemata mit vielen FK-Constrains und vielen Schreibzugriffen erzeugen also unter Umständen um Größenordnungen mehr S-Locks und das wiederum kann die Rate von Deadlocks und Lock Timeouts um ein Vielfaches nach oben treiben.\nBei \u0026ldquo;uns\u0026rdquo; ist es nun so, daß wir in der Produktion ein reines Open Source Umfeld haben. Wir wissen also nicht nur, welche Anwendungen bei uns auf Datenstrukturen in der Datenbank zugreifen, sondern wir kontrollieren auch, wie sie es tun. Wir können erzwingen, daß alle Operationen auf Daten in der Datenbank durch bestimmte Routinen in bestimmten Bibliotheken erfolgen und daß dort bestimmte Dinge erzwungen werden können.\nWir haben uns also ein System gebaut, daß FK-Constraints außerhalb der Schemadefinition nachbaut. Unsere FK-Constraints können daher Instanzengrenzen überbrücken. Wir können außerdem optional entscheiden, daß wir die Constraintprüfungen nicht live vornehmen wollen, sondern daß wir die Tests stattdessen in Intervallen im Batch auf den bestehenden Daten vornehmen (ähnlich einem fsck).\nDa wir ziemlich intensiv Replikation einsetzen, brauchen wir das auch nicht auf einer produktiven Datenbank zu tun, sondern können das auf Kopien von Instanzen machen, die offline genommen worden sind. Und wir müssen das nicht oft tun, denn wenn wir verifiziert haben, daß der Code, der Änderungen an den Daten vornimmt, diese Änderungen korrekt durchführt, dann können Verletzungen der Constraints nur noch dann vorkommen, wenn Ausnahme-Betriebszustände erreicht wurden.\nON DELETE CASCADE ist noch mal ein Extraproblem Schließlich ist es so, daß FK-Constraints auch mit triggerhaften Aktionen verknüpft sein können. ON DELETE CASCADE zum Beispiel ist so eine Aktion: Sie bewirkt, daß alle von einer a.aid abhängigen Zeilen in b gelöscht werden, wenn a.aid gelöscht wird.\nSolche Kaskaden sind aus mehreren Gründen schädlich und man sollte diese Art von Definition grundsätzlich nicht verwenden, selbst wenn man FK-Constraints ansonsten einsetzt oder einsetzen muß: Solche Definitionen fördern schlechten und schwer zu wartenden Code.\nStatt die Datenstrukturen im Code aufzuräumen und etwa abhängige Records explizit zu löschen, wird man einfach ein DELETE FROM a WHERE a.aid = ? programmieren und die FK-Constraints implizit die Arbeit tun lassen. Implizite Aktion macht aber die Funktion des Programmes opak: Dem nächsten Entwickler, der auf den Code schaut, wird nicht klar sein, daß dies eine teure Operation ist, die sehr große Folge-Aktionen und Folgekosten in anderen Tabellen nach sich zieht. Die Wirkung von Statements ist auch nicht mehr auf eine einzelne Tabelle beschränkt, sondern das harmlose kleine DELETE kann eine Spur der Verwüstung durch die gesamte Datenbank ziehen (insbesondere bei Vorhandensein von selbstreferentiellen Strukturen mit FK-Constraints).\nKorrekt wäre die Definition einer FK-Constraint, die die Löschung der 1-Seite einer 1:n-Beziehung verhindert solange noch n-Records existieren, die sich auf den zu löschenden 1-Record beziehen. Der Entwickler ist dann gezwungen, den entsprechenden Löschcode in der Anwendung explizit hinzuschreiben, oder, wenn er schlauer ist, die passende Funktion aufzurufen, die die Löschung für ihn vornimmt. In jedem Fall ist aber durch den Blick auf den Code allein sofort klar, was dort passiert und wie groß der Einschlag ist, den man spürt, wenn dieser Code auf die Datenbank trifft.\n","date":"2009-10-20T00:00:00Z","href":"https://blog.koehntopp.info/2009/10/20/ein-paar-gedanken-zu-foreign-key-constraints.html","tags":["database","development","mysql","sql","sqlite","lang_de"],"title":"Ein paar Gedanken zu Foreign Key Constraints"},{"categories":null,"content":"Im August dieses Jahres titelte Golem Die aktivsten Wikipedia-Autoren bleiben unter sich . Dort hieß es:\nDie Zahl der aktiven Autoren, die an der freien Enzyklopädie Wikipedia mitarbeiten, wächst nicht mehr so stark. Und diejenigen, die mehr als 1.000 Änderungen pro Monat in der Web-2.0-Plattform machen, haben immer öfter das letzte Wort: In der Zeit von 2005 bis 2008 stieg die Zahl ihrer monatlichen \u0026ldquo;Edits\u0026rdquo; von 1.740 auf 2.095.\nBei der deutschen Wikipedia sieht man das nicht als Problem: \u0026ldquo;Die von Ihnen zitierten Zahlen sind Auszüge aus einer bislang noch nicht veröffentlichten Forschungsarbeit und beziehen sich auf die englischsprachige Wikipedia.\u0026rdquo; sagte Pavel Richter von Wikimedia Deutschland damals.\nOffenbar wird die Situation aber dennoch von anderen als problematisch empfunden. Fefe thematisiert das etwas direkter in einem Artikel über die Löschung des Eintrages \u0026lsquo;Mogis\u0026rsquo; :\nDas ist ja leider bei Open Source Projekten häufig so, dass sich eine Art Regime bildet, die sich dann hauptsächlich selbst im Wege stehen und Fortschritt verhindern. Bei gcc hat man das erfolgreich über einen fork beendet. Der hießt damals \u0026ldquo;egcs\u0026rdquo;, könnt ihr ja mal googeln.\nEr greift das Thema zwei Tage später noch einmal auf und nennt weitere Beispiele - Wikipedia ist außerdem kein gedrucktes Werk und eine Größenbeschränkung gibt es nicht. (Fortsetzung in 1 2 3 4 5 ).\nZwischendurch war vorübergehend sogar der Benutzer Mogis gelöscht. Die Diskussionsseite Benutzer:Mogis ist ebenfalls spannend zu lesen.\nIch glaube wie Fefe, daß Wikipedia sich mit dem derzeitigen Löschregime keine großen Freunde macht - weder was die Motivation zur Mitarbeit noch die finanzielle Situation angeht. Insbesondere glaube ich, daß die deutsche Wikipedia sich zu ernst nimmt und mit dem Löschen nach Relevanzkriterien, wie immer die das im Detail definieren, zu schnell bei der Hand ist.\nAuch ist an der unterschwelligen Aggressivität an vielen Stellen erkennbar, daß sich bei kontroversen Themen der NPOV nicht sehr bewährt. Ein Stil wie in der drsrm FAQ oder in E2 scheint mir da effektiver zu sein, um sinnvollen Output zu produzieren. Aber wenn man die Enzyklopädia Galactica statt des Anhalters sein möchte, dann mag man diesen Ansatz sicher nicht in Betracht ziehen.\nAndererseits macht mir das Mitmachentscheidungen einfacher denn je . Update: Ein sehr lesenswerter Artikel betreffend Includisten und Excludisten findet sich bei Pavel Mayer .\nUpdate: Ohne Relevantkriterien keine Wikipedia erklärt warum es überhaupt Relevanzkriterien bei der Wikipedia gibt (Minka ist ein Beispiel)\nUpdate: Thomas Nesges antwortet auf den Relevanzkriterien-Artikel.\nUpdate: Zum fehlenden externen Selektionsmechanismus der Wikipedia Update: Till Westermayer hat einen schönen Bericht von der Innenseite der Wikipedia, insbesondere den Vergleich zwischen deutscher und englischer.\n","date":"2009-10-19T00:00:00Z","href":"https://blog.koehntopp.info/2009/10/19/wikipedia-l-schwahn.html","tags":["internet","wikipedia","zensur","lang_de"],"title":"Wikipedia Löschwahn"},{"categories":null,"content":"Auf dem wunderbaren Blog Netzwertig findet man Zeitverschwendung vs. Effizienzgewinn :\nMan kennt sie ja, die Klagen über verschwendete Zeit am Arbeitsplatz. Anstelle produktiv zu sein und ihren Job zu erledigen, surfen Angestellte bei Facebook, Twitter und YouTube – und fügen damit Firmen erheblichen Schaden zu. So zumindest sehen es viele Unternehmen und blockieren daher den Zugriff auf einschlägige Sites des Social Web. 54 Prozent der US-Unternehmen sperren Social Networks komplett, so eine aktuelle Studie.\nMartin Weigert versucht zu erklären, warum solche Aktivitäten nicht schlimm sind, scheitert aber, weil er zu kurz greift:\nDoch lediglich zu kritisieren, Facebook \u0026amp; Co würden die Produktivität vermindern, ist nur die halbe Wahrheit. Die Tatsache des Effizienzgewinns durch die Digitalisierung sollte man keinesfalls vernachlässigen. Hier lässt sich erheblich mehr gewinnen, als auf der anderen Seite Zeit zu verlieren ist.\nEs gibt noch einen anderen Aspekt, der viel wichtiger und weitgehender ist und den er nicht erwähnt.\nIn meinem früheren Leben als Datenbank-Consultant bin ich viel als Fremder in Firmennetzen gewesen und oft nicht richtig in deren IT-Infrastruktur integriert gewesen: Jedes mal, wenn ich bei einem Kunden aufgeschlagen bin, war einer der ersten Handgriffe, Vernetzung herzustellen und meinem Laptop einen Weg nach draussen ins Internet zu bahnen - und das nicht nur für das Web, sondern auch für alle anderen Dienste. Erst in zweiter Linie habe ich dann das Problem gelöst, im Netz des Kunden auf deren Datenbankserver zugreifen zu können.\nBei einigen Kunden war das nicht so leicht möglich, weil deren Firewalls die Mitarbeiter und mich so weit isoliert haben, daß ich keinen Zugriff auf die Außenwelt bekommen konnte. Solche Aufträge waren immer besonders schwierig und für den Kunden nicht sehr produktiv.\nWarum war es mir so wichtig, raus zu kommen, wo ich doch für die Kundendatenbanken gekommen bin?\nWenn ein Kunde mich als Consultant mietet oder mich als Mitarbeiter einstellt, dann bekommt er nicht bloß mich, sondern er bekommt auch einen sehr großen Teil von Infrastruktur, der nicht sichtbar ist - ich bin ein Cyborg und neben einer biologischen Komponente bestehe ich auch noch aus einer technischen und vor allen Dingen auch aus einer sozialen Komponente, einem Netzwerk von Verbindungen, Bekanntschaften und Freundschaften, die es mir ermöglichen, weitaus mehr zu leisten als ich es als eine rein auf das biologische reduzierte Person jemals könnte.\nDurch meine Art zu Leben bin ich Always-On . Ich schrieb in Falscher Planet, falsches Jahrtausend :\nIch reiste beruflich fast drei Jahre durch Europa und die USA, aber ich war immer zu Hause - Eastern Standard Tribe oder in meinem Fall der Stamm der MESZler war immer für mich erreichbar, wo immer ich war: Ich habe nicht mehr oder weniger Kontakt mit meinen Freunden gehabt bloß weil ich mal ein paar Wochen auf einem anderen Kontinent war.\nMein Griff zum externen Netzwerk dient dazu, diesen Teil meines Ich wieder anzuschließen und für mich wie auch für meinen jeweiligen Auftraggeber wieder verfügbar zu machen: Dadurch bin ich in der Lage, Antworten auf Fragen schneller zu finden, Ideen aus meinem Netz zu ziehen und für mich nutzbar zu machen, Hinweise und Verweise aufzupicken und generell sehr viel produktiver zu sein als ich es ohne Netz wäre.\nApophenia beschreibt in I want my Cyborg life wie das funktioniert, was ich (und jeder andere, der unter das \u0026lsquo;Lebensgefühl der Piraten\u0026rsquo; fällt) da tue. Sie beschreibt einen Konflikt zwischen einem Offliner und sich:\nIn Italy two weeks ago, I attended Modernity 2.0 (in the lovely Urbino hosted by the fantastic Fabio Giglietto). There were two audiences in attendance - a young cohort of \u0026ldquo;internet scholars\u0026rdquo; and an older cohort deeply invested in sociocybernetics. At one point, after a talk, one of the sociocybernetics scholars (actually, the former President of the sociocybernetics organization\u0026hellip; I know\u0026hellip; I looked him up) began his question by highlight that, unlike most of the audience who seemed more invested in the internet than scholarly conversations, HE had been paying attention. He was sitting next to me. He looked at me as he said this.It\u0026rsquo;s not very often that I feel like I\u0026rsquo;ve been publicly bitchslapped but boy did that sting. And then I felt pissy, like a resentful stubborn child bent on proving him wrong. Somehow, as I grew my hair out and became an adult, I also became less spiteful because boy was I determined to bite back. Of course, I haven\u0026rsquo;t become that much of an adult because here I am blogging the details of said encounter.There\u0026rsquo;s no doubt that I barely understood what the speaker was talking about. But during the talk, I had looked up six different concepts he had introduced (thank you Wikipedia), scanned two of the speakers\u0026rsquo; papers to try to grok what on earth he was talking about, and used Babelfish to translate the Italian conversations taking place on Twitter and FriendFeed in attempt to understand what was being said. Of course, I had also looked up half the people in the room (including the condescending man next to me) and posted a tweet of my own.\nDie ständige Verfügbarkeit von Netz und Connectivity verändert das Arbeiten und den Umgang miteinander radikal. Nicht nur ist es für viele meiner Freunde weitgehend egal, in welcher Stadt oder auf welchem Kontinent ich die letzten paar Jahre gelebt habe, sondern das Netz erlaubt mir auch, Informationen \u0026lsquo;in Echtzeit\u0026rsquo; aufzusammeln und mein Wissen im Vorübergehen anzupassen und zu komplettieren. Darum sehe ich mit einem Laptop auf dem Schoß fern - immer ein Wikipedia- und IMDB-Fenster offen - und darum brauche ich auch Netz nach draußen, wenn ich irgendwo arbeite.\nAls MySQL Consultant hat mir das Zugriff auf das Handbuch, den Support IRC-Server und meine Kollegen bei anderen Kunden gegeben, bei meiner jetzigen Arbeit gibt es mir Zugriff auf meine ehemaligen Kollegen aus einer Reihe von vergangenen Jobs, auf Ex-Kunden, die inzwischen anderswo arbeiten und gute Bekannte geblieben sind, und auf viele Nachschlagequellen, an die ich mich erinnere, aber die ich neu suchen muß, wenn ich wirklich damit arbeiten wollte. Plus eine Riesenwelle an News, RSS, Tweets und Mail sowie drei bis vier verschiedene Chatsysteme, die mich nahe bei den Leuten hält, die mir wichtig sind.\nEin Arbeitgeber, der so etwas abtrennte, bekäme eine kleinere Person und einen weitaus schwächeren Mitarbeiter - für die Zeit die ich überbrücken müßte, bis ich eine richtige Stelle gefunden hätte. Denn so werde ich dauerhaft nie arbeiten wollen.\n","date":"2009-10-09T00:00:00Z","href":"https://blog.koehntopp.info/2009/10/09/internet-und-produktivit-t-aus-der-sicht-eines-cyborgs.html","tags":["work","community","cyborg","internet","lang_de"],"title":"Internet und Produktivität aus der Sicht eines Cyborgs"},{"categories":null,"content":" Linux mapped die Speicherseiten zweiter Prozesse. Dabei wird speicher geteilt, oder Seiten sind noch ungeladen. Manche Seiten werden beim ersten Schreibzugriff kopiert (Copy-on-Write).\nManchmal muß man viel erklären, um eine einfache Frage beantworten zu können: Wieviel Speicher belegt ein Programm in Linux? Diese Frage war bisher überraschend schwer zu beantworten. Da ist einmal die Ausgabe von ps axuwww oder top:\n[root@mc01bpmdb-02 ~]# ps axu | egrep \u0026#39;(mysql[d]|USER)\u0026#39; USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND ... mysql 24861 71.2 77.3 26284608 25444724 ? Sl 2008 385405:36 /usr/sbin/mysqld ... Hier bekommt man zwei Größenangaben in den Spalten VSZ und RSS, beide sind in Kilobytes.\nDie Angabe VSZ wird als die gesamte Virtuelle Prozeßgröße des Progresses bezeichnet. Die Manpage zu ps listet dies als \u0026ldquo;vm_lib + vm_exe + vm_data + vm_stack\u0026rdquo;, also als Summe der Mappings für das Executeable, die reservierten Datenbereiche, alle Bibliotheken und den Stack, und ich bin sicher, daß das nicht ganz korrekt ist, weil es mit mmap(2) gemappte Speicherbereiche nicht mit aufzählt, aber diese auch angezeigt werden.\nDie Angabe RSS steht für Resident Set Size, die Menge des nicht rausgepagten physikalischen Speicher die dieser Prozeß hält.\nMan kann die VSZ also als die \u0026lsquo;gemappte\u0026rsquo; Größe des Prozesses bezeichnen und die RSS als die \u0026lsquo;belegte\u0026rsquo; Größe des Prozesses.\nWenn man ein MySQL neu startet sieht man, daß die VSZ schon fast die endgültige Größe des Prozesses erreicht hat (MySQL hat schon einmal alle großen Puffer beim Betriebssystem bestellt und treibt so die Prozeßgröße nach oben). Die RSS ist jedoch noch sehr klein, weil diese bestellten Puffer noch nicht beschrieben wurden und das Betriebssystem daher die entsprechenden Speicherseiten auch noch nicht physikalisch realisiert hat - die Puffer der Datenbank sind noch kalt und die Daten werden nach Bedarf bei den ersten Zugriffen erst einmal von Disk geladen.\nÜber die Zeit wird die VSZ ein wenig steigen (Verbindungen werden aufgebaut und MySQL bestellt noch ein wenig zusätzlichen Speicher) und die RSS nähert sich der VSZ immer mehr an. Die Datenbank im Beispiel da oben hat eine VSZ von etwas über 25G und eine RSS von immerhin 24.2G. Sie läuft schon sehr lange.\nAuch von einem top bekommt man diese Zahlen, sogar gleich in hübsch:\nPID USER PR NI %CPU TIME+ %MEM VIRT RES SHR S COMMAND 24861 mysql 16 0 222 385424:47 77.4 25.1g 24g 5804 S mysqld Aber für Prozesse, die viel fork()\u0026rsquo;en bekommt man so keine sehr aussagekräftigen Zahlen. Von einem Apache-Webserver würde man ja sehr gerne wissen, wie viele parallele Server-Instanzen man so ausführen kann, wenn man ihn startet.\nHier ist mein Apache, in einem Moment geringer Last:\nh743107:~ # ps auxwww | grep http root 18345 0.0 0.9 124880 10100 ? Ss Oct08 0:00 /usr/sbin/httpd2 wwwrun 28179 2.3 3.1 127172 32324 ? S 17:28 0:09 /usr/sbin/httpd2 wwwrun 28591 1.8 2.8 127796 29192 ? S 17:33 0:02 /usr/sbin/httpd2 wwwrun 28677 1.7 2.2 127480 23808 ? S 17:34 0:00 /usr/sbin/httpd2 wwwrun 28678 1.2 2.6 127448 27408 ? S 17:34 0:00 /usr/sbin/httpd2 wwwrun 28779 1.9 2.3 127116 24780 ? S 17:35 0:00 /usr/sbin/httpd2 Wir erkennen zwei Sorten Apache-Prozesse: PID 18345 läuft unter der UID root - es ist der Apache Master, der auf eingehende Verbindungen lauscht und Aufträge dann an Worker-Prozesse weiter gibt, die die eigentliche Seite erzeugen. Der Master steuert auch die Größe des Worker-Pools über die Zeit je nach Bedarf. Dazu hat er eine Reihe von Parametern, von denen einer den Namen MaxClients hat. Dieser Parameter legt fest, wie viele Worker Apache maximal startet und man sollte diesen Wert so hoch wie möglich ansetzen ohne daß der Server in den Swap gerät.\nWie man sieht hat ein Apache Master bei mir eine Größe von etwas über 120M, aber eine RSS von etwas unter 10M. Die Worker haben ebenfalls eine VSZ von mehr als 120M, aber ihre RSS ist mit um die 24-32M etwas größer.\nDer tatsächliche Speicherverbrauch ist jedoch weitaus geringer. Wir können ihn uns im Detail in der Datei /proc/PID/maps ansehen:\nh743107:~ # cd /proc/18345/ h743107:/proc/18345 # wc -l maps 264 maps h743107:/proc/18345 # head -6 maps 80000000-8004f000 r-xp 00000000 08:03 9732852 /usr/sbin/httpd2-prefork 8004f000-80052000 rw-p 0004f000 08:03 9732852 /usr/sbin/httpd2-prefork 80052000-80349000 rw-p 80052000 00:00 0 [heap] b090f000-b490f000 rw-s 00000000 00:08 17650846 /dev/zero (deleted) b490f000-b690f000 rw-s 00000000 00:08 688128 /SYSV00000000 (deleted) b690f000-b695d000 r-xp 00000000 08:03 9701605 /usr/lib/libgcrypt.so.11.2.2 h743107:/proc/18345 # tail -6 maps b7f9d000-b7f9e000 rw-p b7f9d000 00:00 0 b7f9e000-b7f9f000 r-xp b7f9e000 00:00 0 [vdso] b7f9f000-b7fba000 r-xp 00000000 08:03 6160422 /lib/ld-2.5.so b7fba000-b7fbc000 rw-p 0001a000 08:03 6160422 /lib/ld-2.5.so bf866000-bf87a000 rwxp bf866000 00:00 0 [stack] bf87a000-bf87b000 rw-p bf87a000 00:00 0 Die Angaben in /proc/\u0026hellip;/maps lassen sich wie folgt lesen:\nDie erste Angabe ist ein Bereich von Speicheradressen, der im Adreßraum des Prozesses belegt wird. Da der Speicher in einer Intel-CPU in Speicherseiten von 12 Bit = 4K verwaltet wird, sind die Angaben immer vielfache von 4K (0x1000), d.h. die letzten 3 Stellen sind immer 0. Die Flags geben dann an, welche Operationen auf diesem Speicherbereich möglich sind: rwx für read, write und execute. p ist ein Private Mapping, s ist ein Shared Mapping. Viele Mappings sind Abbildungen von Dateien in den Adreßraum eines Prozesses. In Unix wird eine Datei aber durch ihre Gerätenummer (maj, min) und ihre Inode-Nummer auf dem Gerät bezeichnet, etwa 08:03 9732852. In der Map wird auch noch der Pfadname dieser Datei angezeigt, soweit bekannt (/usr/sbin/httpd2-prefork). Nun kann es sein, daß verschiedene Abschnitte dieser Datei mit unterschiedlichen Rechten eingeblendet werden sollen: So soll /usr/sbin/httpd2-prefork ab Offset 00000000 mit den Rechten r-x an der Adresse 80000000 eingeblendet werden, der Abschnitt derselben Datei ab 0004f000 jedoch mit rw- ab Speicheradresse 8004f000. Das wird klarer, wenn man sich die Datei einmal anschaut:\nh743107:/proc/18345 # size -x /usr/sbin/httpd2-prefork text data bss dec hex filename 0x4ebe3 0x2378 0x2e10 343403 53d6b /usr/sbin/httpd2-prefork Die Datei besteht also aus Code (Text) in der Länge von 0x4ebe3 Byte, das entspricht aufgerundet 0x4f000 Bytes oder 0x4f Seiten zu 4K. Danach kommen 0x2378 Byte (0x3000 Byte aufgerundet zur Seitengrenze) ab Offset 0x4f000 an Daten.\nDas heißt, die erste Zeile der maps-Datei zeigt uns wie der Code des Webservers ab Offset 0 der Datei in Adresse 0x80000000 in den Speicher eingeblendet wird. Die Einblendung ist schreibegeschützt. Danach kommt ab 0x8004f000 im Speicher (und ab 0x4f000 in der Datei) der Datenteil, der wiederum beschreibbar ist.\nDie Summe aller dieser Einblendungen ist die VSZ des Prozesses, also der Anteil seines 64-Bit oder 32-Bit Adreßraumes, auf den der Prozeß zugreifen kann ohne daß ihm das Betriebssystem an die Ohren haut.\nBei einem Programmstart existieren zwar Mappings für die virtuellen Speicherseiten eines Prozesses (hier mit 1-7 bezeichnet), aber ihnen sind keine physikalischen Speicherseiten zugeordnet. Jeder Zugriff auf eine dieser Seiten wird vom Betriebssystem erkannt und abgefangen.\nAber die Tatsache, daß ein Mapping für eine virtuelle Adresse existiert heißt noch lange nicht, daß das Betriebssystem auch physikalischen Speicher dafür belegt hat. Genau genommen ist am Anfang gar keine Speicherseite belegt - das Betriebssystem mapped das Programm in den Speicher, aber das Programm ist noch nicht geladen. Dann beginnt das Programm seine Ausführung und greift auf eine Speicheradresse zu, die nicht existiert.\nDas erste was also passiert ist eine Speicherschutzverletzung - aber eine legale. Das Betriebssystem wird aus seinem Pool leerer Speicherseiten eine auswählen, dort den auf Grund der Mappinginformationen benötigten Inhalt reinladen und die abgebrochene Instruktion nun neu starten.\nIm Beispiel wird beim Start des Programmes also auf Seite 1 zugegriffen, die jedoch nicht gemapped war. Das Betriebssystem unterbricht die Ausführung des Programmes, lädt die betreffende Seite von Disk in eine physikalische Speicherseite, hier B, stellt das Mapping her und restartet die Instruktion. Wird die Ausführung fortgesetzt entstehen weitere Seitenfehler (page faults) und das Programm wird sukzessive so weit in den Speicher geladen wie notwendig - aber es wird nie mehr Speicher verbraucht als unbedingt notwendig.\nBeim Zugriff auf Seite 1 kommt es zu einem (legalen) Seitenfehler. Das Betriebssystem unterbricht die Anweisung, die den Fehler ausgelöst hat, lädt die fehlende Speicherseite von der Platte in das physikalische RAM (hier: Seite B) und stellt ein Mapping der virtuellen Seite 2 auf die physikalische Seite B her. Danach wird die unterbrochene Anweisung neu gestartet - das ausgeführte Programm merkt nichts vom Getrickse des Betriebssystems.\nDie Optimierungen sind offensichtlich: Wenn beim Herstellen des Programms durch den Compiler und Linker oder durch Profiling von vorhergehenden Programmausführungen ermittelt werden kann, welche Teile des Programmes auf jeden Fall benötigt werden, dann kann man den Hagel der Seitenfehler beim Programmstart antizipieren und die gebrauchten Seiten gleich und linear in den Speicher laden. Das ist schneller und effektiver - moderne Betriebssysteme machen das auch so.\nIn jedem Fall entsteht durch die Programmausführung ein Mapping von Seiten - dabei muß es keine lineare Entsprechung von virtuellen (Prozeß-) Adressen und physikalischen Speicheradressen geben.\nNach einiger Zeit sind alle benutzten Seiten des Programmes irgendwie auf physikalischen Speicher abgebildet, das Programm und seine Daten befinden sich im RAM.\nIn Linux wird die Situation nun durch mehrere Dinge noch komplizierter: Zum einen existieren Shared Libraries. Das ist Code, der von allen oder vielen Programmen gebraucht wird und der deswegen in einer Extradatei abgelegt ist - zum Beispiel libc.so.6, die Laufzeitbibliothek der Sprache C:\nh743107:/lib # ls -lL libc.so.6 -rwxr-xr-x 1 root root 1491141 Oct 19 2008 libc.so.6 h743107:/lib # size -x libc.so.6 text data bss dec hex filename 0x1273dd 0x2758 0x2c58 1230733 12c78d libc.so.6 Wie man sieht ist die libc recht fett: 0x128000 Bytes, also 0x128 Speicherseiten an Code plus Daten. Jedes noch so kleine Hello-World-Programm das printf() aufruft verwendet die ganze libc.\nAber: Der Code für die libc wird nur einmal geladen und belegt nur einen Satz physikalische Speicherseiten. Er wird jedoch in jeden laufenden Prozeß im System eingeblendet:\nh743107:/proc # ls -ld [0-9]* | wc -l 198 h743107:/proc # grep libc-2.5 [0-9]*/maps | grep r-xp| wc -l 175 Okay, fast jeden. Etwas anderes fällt dabei auch noch auf:\nh743107:/proc # grep libc-2.5 [0-9]*/maps | grep r-xp| head -10 1031/maps:b7c1f000-b7d47000 r-xp 00000000 08:03 6160449 /lib/libc-2.5.so 1131/maps:b7c1f000-b7d47000 r-xp 00000000 08:03 6160449 /lib/libc-2.5.so 1154/maps:b7b24000-b7c4c000 r-xp 00000000 08:03 6160449 /lib/libc-2.5.so 1155/maps:b7b24000-b7c4c000 r-xp 00000000 08:03 6160449 /lib/libc-2.5.so 1247/maps:b7c1f000-b7d47000 r-xp 00000000 08:03 6160449 /lib/libc-2.5.so 12512/maps:b7e4a000-b7f72000 r-xp 00000000 08:03 6160449 /lib/libc-2.5.so 1278/maps:b7c1f000-b7d47000 r-xp 00000000 08:03 6160449 /lib/libc-2.5.so 12906/maps:b7dae000-b7ed6000 r-xp 00000000 08:03 6160449 /lib/libc-2.5.so 13103/maps:b7cee000-b7e16000 r-xp 00000000 08:03 6160449 /lib/libc-2.5.so 1342/maps:b7b30000-b7c58000 r-xp 00000000 08:03 6160449 /lib/libc-2.5.so Der Code einer shared library ist verschieblich (PIC, position independent code) und kann so in verschiedenen Programmen an verschiedenen Stellen eingeblendet werden. Das kann wegen PIC geschehen, ohne daß die Inhalte der Speicherseiten angepaßt werden müssen: Sprünge im Code werden relativ (300 Bytes vor) statt absolut (springe nach b7c1fe34) angegeben. Die libc ist also einmal geladen, belegt 0x128 Speicherseiten, wird aber in unserem System in 175 von 198 Programmen eingeblendet.\nDas heißt, wir verbrauchen schon mal sehr viel weniger Speicher als gedacht. Gut.\nNun hat zwar jedes Programm mit libc ein printf() und ein ctime(), aber in jedem Programm steht in dem statischen internen Puffer der Funktion ctime() eine andere Zeit - jedes Programm hat für seine libc also eigene private Daten. Die Datenseiten der verschiedenen libc können also nicht zwischen den Prozessen geshared werden. Darum haben sie auch eigene Mappings mit eigenen Zugriffsrechten:\nh743107:/proc # grep libc /proc/self/maps b7dbd000-b7ee5000 r-xp 00000000 08:03 6160449 /lib/libc-2.5.so b7ee5000-b7ee6000 r--p 00128000 08:03 6160449 /lib/libc-2.5.so b7ee6000-b7ee8000 rw-p 00129000 08:03 6160449 /lib/libc-2.5.so Dasselbe passiert auch mit Programmen, die sich per fork() vervielfältigen oder mehrfach geladen werden: Wenn zwei Benutzer vi verwenden, dann steht der Code für vi selbst nur einmal im Speicher - aber jeder vi-Prozeß hat eigene Datenseiten, die eigenen Text speichern und eine eigene Cursorposition und einen eigenen Cut und Paste-Buffer haben. Das ist ja recht wichtig, wenn man nicht gerade Google Docs ist und Documente haben möchte, die von mehreren Personen zur Zeit bearbeitet werden können sollen.\nHier greift noch eine weitere Optimierung: Copy on Write (COW). Wenn im Beispiel also Prozeß 2 durch fork() aus Prozeß 1 erzeugt wird, wie es der Apache Webserver zum Beispiel laufend tut, dann sind zunächt alle Speicherseiten zwischen beiden Prozessen geshared - auch die, die beschrieben werden können.\nPID 2 versucht Seite 3 zu beschreiben, die auf die Seite F gemapped war. Da auch PID 1 diese Seite sehen kann, würde dieser Schreibzugriff von PID 2 Daten verändern, die PID 1 sieht - das geht nicht! Das Betriebssystem fängt den Zugriff ab, kopiert die Seite F nach G und mapped Seite 3 für PID 2 nach G. Jetzt haben PID 1 und PID 2 jeder eine private Kopie der veränderten Daten - der Rest wird aber noch geshared.\nSchreibt nun etwa Prozeß 2 in seine Speicherseite 3, dann löst dies wiederum eine Zugriffsverletzung aus, weil die Seite zwar prinzipiell beschreibbar ist, aber vom Betriebssystem heimlich als schreibgeschützt markiert worden ist. Das Betriebssystem kopiert nun die physikalische Speicherseite F nach G, ändert das Mapping von 3 für den Prozeß 2 so, daß die Seite 3 nun auf G statt F zeigt und restarted die unterbrochene Instruktion. Beide Prozesse haben nun ihre private Kopie von Seite 3 (PID 1 hat F, PID 2 hat G) und können bis auf weiteres unbehelligt schreiben.\nDa das Kopieren von Seiten nur nach Bedarf - bei Schreibzugriffen - geschieht, wird von einer fork()-Kopie also nur so viel Speicher benötigt, wie unbedingt notwendig (zu Speicherseiten aufgerundet, natürlich). Es mag also sein, daß ich einen httpd2 mit 128M VSZ habe, der 20 Kopien von sich startet. Aber das erzeugt weder einen Speichermehrverbrauch von 20 * 128M, noch einen Speicherverbrauch von 20*24M (die RSS), sondern ist je nach Benutzung des Speichers sehr viel weniger.\nLeider kann man nicht leicht sagen, wie viel genau.\nAn dieser Stelle kommen nun lustige Kernel-Erweiterungen und Werkzeuge ins Spiel und die sind der Grund, warum ich diesen Artikel überhaupt angefangen habe:\nAuf der Perl5 Porters Mailingliste stellt Joshua ben Jore das Werkzeug Exmap vor, zu dem es auch noch Patches gibt. Auch smem kann die Speichernutzung von Prozessen detaillierter analysieren und so genauer ermitteln wie hoch der Speicherverbrauch eines Prozesses denn nun wirklich ist.\nUnd das wiederum erlaubt dann genauere Planungen der MaxClients in einem Apache.\n","date":"2009-10-09T00:00:00Z","href":"https://blog.koehntopp.info/2009/10/09/wieviel-speicher-brauchst-du-denn.html","tags":["computer","kernel","linux","lang_de"],"title":"Wieviel Speicher brauchst Du denn?"},{"categories":null,"content":"Letzte Woche Montag haben wir beschlossen, den SQL_MODE in unseren Entwicklungsservern auf einen strengeren Wert als \u0026quot;\u0026quot; (den Default) zu setzen. Das war ein Fehlschlag und wir haben den Change diese Woche zurück gerollt. Aber von vorne.\nWelchen SQL_MODE will man denn? Als Ziel-Einstellung haben wir eine Kombination von\nTRADITIONAL, NO_ENGINE_SUBSTITUTION, ONLY_FULL_GROUP_BY, NO_AUTO_VALUE_ON_ZERO ins Auge gefaßt.\nSQL_MODE ist eine Einstellung in MySQL, mit der das Verhalten des Servers beeinflußt werden kann. Die Variable ist eine Bitmaske von benannten Bits - jedes Bit hat eine im Handbuch definierte Bedeutung. Außerdem haben bestimmte Kombinationen von Bits einen Sammelnamen.\nSo steht der Name TRADITIONAL in Wirklichkeit für die Kombination der Bits\nSTRICT_TRANS_TABLES, STRICT_ALL_TABLES, NO_ZERO_IN_DATE, NO_ZERO_DATE, ERROR_FOR_DIVISION_BY_ZERO, NO_AUTO_CREATE_USER zu der wir dann weiter verschärfend noch\nNO_ENGINE_SUBSTITUTION, ONLY_FULL_GROUP_BY NO_AUTO_VALUE_ON_ZERO dazu genommen haben.\nStrict Mode Die Kombination STRICT_ALL_TABLES,STRICT_TRANS_TABLES schaltet dabei den strict mode ein. Ohne diese Einstellung akzeptiert und rundet MySQL eine Reihe von Werten, die in den Zielspalten gar nicht darstellbar sind.\nAm leichtesten läßt sich das mit ein wenig Code demonstrieren:\nroot@localhost \u0026gt; create table t ( id tinyint unsigned not null ); Query OK, 0 rows affected (0.11 sec) root@localhost \u0026gt; insert into t values ( 256 ), ( -1 ); Query OK, 2 rows affected, 2 warnings (0.00 sec) Records: 2 Duplicates: 0 Warnings: 2 root@localhost \u0026gt; show warnings; +---------+------+------------------------------------------------------+ | Level | Code | Message | +---------+------+------------------------------------------------------+ | Warning | 1264 | Out of range value adjusted for column \u0026#39;id\u0026#39; at row 1 | | Warning | 1264 | Out of range value adjusted for column \u0026#39;id\u0026#39; at row 2 | +---------+------+------------------------------------------------------+ 2 rows in set (0.00 sec) root@localhost \u0026gt; select * from t; +-----+ | id | +-----+ | 255 | | 0 | +-----+ 2 rows in set (0.00 sec) Da niemals jemand in seinem Code die Warnungen abfragt werden die eingefügten Werte also stillschweigend gerundet. Ähnliche Dinge können bei illegalen UTF8-Zeichen in latin1-Spalten, bei zu langen Strings oder anderen Typen passieren.\nMit strict mode kann man so etwas verhindern:\nroot@localhost \u0026gt; delete from t; Query OK, 2 rows affected (0.00 sec) root@localhost \u0026gt; set sql_mode = strict_all_tables; Query OK, 0 rows affected (0.01 sec) root@localhost \u0026gt; insert into t values ( 256 ), ( -1 ); ERROR 1264 (22003): Out of range value adjusted for column \u0026#39;id\u0026#39; at row 1 root@localhost \u0026gt; select * from t; Empty set (0.00 sec) Und genau das wollten wir haben, insbesondere auch für Enum-Werte:\nroot@localhost \u0026gt; drop table t; Query OK, 0 rows affected (0.01 sec) root@localhost \u0026gt; create table t ( i enum (\u0026#39;eins\u0026#39;, \u0026#39;zwei\u0026#39;) not null ); Query OK, 0 rows affected (0.12 sec) root@localhost \u0026gt; insert into t values (\u0026#39;\u0026#39;); ERROR 1265 (01000): Data truncated for column \u0026#39;i\u0026#39; at row 1 root@localhost \u0026gt; insert into t values (\u0026#39;drei\u0026#39;); ERROR 1265 (01000): Data truncated for column \u0026#39;i\u0026#39; at row 1root@localhost \u0026gt; select * from t; Empty set (0.00 sec) Denn ohne strict mode akzeptiert und vermatscht MySQL diese Daten gnadenlos:\nroot@localhost \u0026gt; set sql_mode = \u0026#39;\u0026#39;; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; insert into t values (\u0026#39;\u0026#39;); Query OK, 1 row affected, 1 warning (0.01 sec) root@localhost \u0026gt; show warnings; +---------+------+----------------------------------------+ | Level | Code | Message | +---------+------+----------------------------------------+ | Warning | 1265 | Data truncated for column \u0026#39;i\u0026#39; at row 1 | +---------+------+----------------------------------------+ 1 row in set (0.00 sec) root@localhost \u0026gt; insert into t values (\u0026#39;drei\u0026#39;); Query OK, 1 row affected, 1 warning (0.00 sec) root@localhost \u0026gt; show warnings; +---------+------+----------------------------------------+ | Level | Code | Message | +---------+------+----------------------------------------+ | Warning | 1265 | Data truncated for column \u0026#39;i\u0026#39; at row 1 | +---------+------+----------------------------------------+ 1 row in set (0.00 sec) root@localhost \u0026gt; select * from t; +---+ | i | +---+ | | | | +---+ 2 rows in set (0.00 sec) Man beachte hier '' in der Tabelle - wo der ENUM doch als ENUM('eins','zwei') definiert ist!\nNO_ZERO_DATE und NO_ZERO_IN_DATE Auch für Datumsangaben wollen wir das haben, und dazu haben wir NO_ZERO_DATE und NO_ZERO_IN_DATE gesetzt. Ohne SQL_MODE:\nroot@localhost \u0026gt; drop table t; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; create table t ( d date not null ); Query OK, 0 rows affected (0.11 sec) root@localhost \u0026gt; insert into t values ( \u0026#39;0000-00-00\u0026#39;), (\u0026#39;2009-10-00\u0026#39;); Query OK, 2 rows affected (0.01 sec) Records: 2 Duplicates: 0 Warnings: 0 root@localhost \u0026gt; show warnings; Empty set (0.00 sec) root@localhost \u0026gt; select * from t; +------------+ | d | +------------+ | 0000-00-00 | | 2009-10-00 | +------------+ 2 rows in set (0.00 sec) Und mit:\nroot@localhost \u0026gt; set sql_mode = \u0026#39;NO_ZERO_DATE,NO_ZERO_IN_DATE,STRICT_ALL_TABLES\u0026#39;; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; delete from t; Query OK, 3 rows affected (0.00 sec) root@localhost \u0026gt; insert into t values (\u0026#39;0000-00-00\u0026#39;); ERROR 1292 (22007): Incorrect date value: \u0026#39;0000-00-00\u0026#39; for column \u0026#39;d\u0026#39; at row 1 root@localhost \u0026gt; insert into t values (\u0026#39;2009-10-00\u0026#39;); ERROR 1292 (22007): Incorrect date value: \u0026#39;2009-10-00\u0026#39; for column \u0026#39;d\u0026#39; at row 1 Man beachte, daß es die Kombination von STRICT_ALL_TABLES und den NO_ZERO*DATE Modi braucht, um hier einen Fehler zu erzeugen. Ohne den strict mode bekommt man nur eine Warnung.\nERROR_FOR_DIVISION_BY_ZERO - schön wärs Die Einstellung ERROR_FOR_DIVISION_BY_ZERO tut nicht ganz das, was wir eigentlich wollen - eine gut und weithin sichtbare Explosion bei einer Division durch 0 - aber ist immerhin besser als nichts:\nroot@localhost \u0026gt; create table t ( i integer null ); Query OK, 0 rows affected (0.07 sec) root@localhost \u0026gt; insert into t values ( 1/0 ); Query OK, 1 row affected (0.00 sec) root@localhost \u0026gt; set sql_mode = \u0026#39;STRICT_ALL_TABLES,ERROR_FOR_DIVISION_BY_ZERO\u0026#39;; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; insert into t values ( 1/0 ); ERROR 1365 (22012): Division by 0 root@localhost \u0026gt; select 1/0; +------+ | 1/0 | +------+ | NULL | +------+ 1 row in set, 1 warning (0.00 sec) root@localhost \u0026gt; show warnings; +-------+------+---------------+ | Level | Code | Message | +-------+------+---------------+ | Error | 1365 | Division by 0 | +-------+------+---------------+ 1 row in set (0.00 sec) Wie man sieht, wird nur beim INSERT (oder UPDATE) in eine Tabelle ein Fehler statt einer NULL produziert. Bei einem normalen Ausdruck bekommt man weiterhin NULL und eine Warning. Folgefalsch also auch hier:\nroot@localhost \u0026gt; create table t ( a integer, b integer ); Query OK, 0 rows affected (0.05 sec) root@localhost \u0026gt; insert into t values (1 , 0); Query OK, 1 row affected (0.00 sec) root@localhost \u0026gt; set sql_mode = \u0026#39;TRADITIONAL\u0026#39;; Query OK, 0 rows affected (0.01 sec) root@localhost \u0026gt; select a/b from t; +------+ | a/b | +------+ | NULL | +------+ 1 row in set, 1 warning (0.00 sec) root@localhost \u0026gt; show warnings; +-------+------+---------------+ | Level | Code | Message | +-------+------+---------------+ | Error | 1365 | Division by 0 | +-------+------+---------------+ 1 row in set (0.00 sec) NO_AUTO_CREATE_USER - auch zu schön um wahr zu sein Ebenfalls nicht das, was man will tut NO_AUTO_CREATE_USER: Es verhindert das versehentliche Anlegen eines Users ohne Paßwort durch ein GRANT-Statement ohne IDENTIFIED BY-Clause, aber es erzwingt nicht das Verwenden von CREATE USER zum Anlegen von Usern: Ein GRANT-Statement mit IDENTIFIED BY kann noch immer nebenbei einen User anlegen.\nONLY_FULL_GROUP_BY Wir haben außerdem ONLY_FULL_GROUP_BY gesetzt. Normalerweise erlaubt MySQL die Anwahl von nicht aggregierten Spalten in SELECT-Statements mit GROUP BY-Ausdrücken:\nroot@localhost \u0026gt; drop table t; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; create table t ( i integer, j integer ); Query OK, 0 rows affected (0.09 sec) root@localhost \u0026gt; insert into t values (1,1), (1,2), (2,3), (2,4), (3,5); Query OK, 5 rows affected (0.00 sec) Records: 5 Duplicates: 0 Warnings: 0 root@localhost \u0026gt; select i,j,group_concat(j) from t group by i; +------+------+-----------------+ | i | j | group_concat(j) | +------+------+-----------------+ | 1 | 1 | 1,2 | | 2 | 3 | 3,4 | | 3 | 5 | 5 | +------+------+-----------------+ 3 rows in set (0.00 sec) MySQL verhält sich hier so, als stünde das j in einem Funktionaufruf einer hypothetischen Aggregatfunktion ANY(j). Es wählt also ein beliebiges j aus der Gruppe der j aus, die der Zeile zugeordnet sind und zeigt es als Repräsentant der Äquivalenzklasse an. MySQL hat auch eine ganz reale Funktion ALL(), die die gesamte Äquivalenzklasse anzeigt - sie heißt GROUP_CONCAT().\nDas Verhalten von MySQL ist hier strikt konform mit dem SQL-Standard und der Mathematik dahinter, aber diese Auslegung des Standards ist einzigartig - alle anderen SQL-Produkte machen es anders. Mit ONLY_FULL_GROUP_BY soll man MySQL in einem Modus schalten, in dem es der verbreiteten Auslegung folgt:\nroot@localhost \u0026gt; set sql_mode = \u0026#39;TRADITIONAL,ONLY_FULL_GROUP_BY\u0026#39;; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; select i,j,group_concat(j) from t group by i; ERROR 1055 (42000): \u0026#39;koehntopp.t.j\u0026#39; isn\u0026#39;t in GROUP BY Leider gibt es kein ANY() in MySQL, sodaß man sich mit MIN() oder MAX() behelfen muß, um deterministisch ein Element der Äquivalenzklasse zu bestimmen.\nUm Entwicklern zu helfen beim Anlegen von Tabellen Fehler mit der Storage Engine zu machen, haben wir NO_ENGINE_SUBSTITUTION eingeschaltet - MySQL ersetzt dann beim Fehlen einer Engine diese nicht stillschweigend durch MyISAM (oder default_storage_engine), sondern mault sichtbar mit einem Fehler.\nNO_AUTO_VALUE_ON_ZERO - knapp daneben, aber auch vorbei Schließlich wollten wir noch NO_AUTO_VALUE_ON_ZERO, um einen lange bestehenden Fehler in MySQL zu korrigieren:\nroot@localhost \u0026gt; set sql_mode = \u0026#39;\u0026#39;; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; drop table t; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; create table t ( id integer unsigned not null primary key auto_increment ); Query OK, 0 rows affected (0.16 sec) root@localhost \u0026gt; insert into t values ( NULL ); Query OK, 1 row affected (0.00 sec) root@localhost \u0026gt; insert into t values ( 0 ); Query OK, 1 row affected (0.32 sec) root@localhost \u0026gt; select * from t; +----+ | id | +----+ | 1 | | 2 | +----+ 2 rows in set (0.00 sec) MySQL weist also neue auto_increment-Werte nicht nur bei NULL zu, sondern auch bei 0. Das ist sehr störend, denn es verhindert, daß bestimmte Fehler gefunden werden.\nWas NO_AUTO_VALUE_ON_ZERO macht ist jedoch auch erst beim 2. Versuch hilfreich:\nroot@localhost \u0026gt; set sql_mode = \u0026#39;TRADITIONAL,NO_AUTO_VALUE_ON_ZERO\u0026#39;; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; insert into t values ( NULL ); Query OK, 1 row affected (0.00 sec) root@localhost \u0026gt; insert into t values ( 0 ); Query OK, 1 row affected (0.00 sec) root@localhost \u0026gt; select * from t; +----+ | id | +----+ | 0 | | 1 | | 2 | | 3 | +----+ 4 rows in set (0.00 sec) root@localhost \u0026gt; insert into t values ( 0 ); ERROR 1062 (23000): Duplicate entry \u0026#39;0\u0026#39; for key 1 root@localhost \u0026gt; select * from t; +----+ | id | +----+ | 0 | | 1 | | 2 | | 3 | +----+ 4 rows in set (0.00 sec) Wie man sieht erzeugt die erste Zuweisung keinen auto_increment-Wert, sondern den Primärschlüssel 0, was man in den meisten Fällen auch nicht will. Immerhin explodiert dann die 2. Zuweisung mit einem Duplicate Key Error, sodaß man den fehlerhaften SQL-Code dann zu sehen bekommt.\nSo weit die Theorie.\nSelbst gemachte Probleme Und jetzt wie es explodiert.\nAufgrund einer Migration von einer älteren Version von MySQL haben wir haufenweise Definition von Tabellen mit Code wie diesem:\nroot@localhost \u0026gt; set sql_mode = \u0026#39;TRADITIONAL\u0026#39;; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; create table t ( d date not null default \u0026#39;0000-00-00\u0026#39; ); ERROR 1067 (42000): Invalid default value for \u0026#39;d\u0026#39; Das Setzen von NO_ZERO_DATE zerbricht also diese Tabellen und damit auch alle Tests (da kommt das nämlich in so gut wie jeder Tabelle vor). Das ist kein Fehler von MySQL, sondern ein Problem bei uns, macht aber erst einmal NO_ZERO_DATE für uns unmöglich.\nONLY_FULL_GROUP_BY-Bug (behoben in 5.1) Dann explodiert ONLY_FULL_GROUP_BY in unserem (zu alten) MySQL 5.0 - in unserem (viel neueren) 5.1 ist der Fehler behoben:\nmysql\u0026gt; SELECT MIN(latitude), MAX(latitude), MIN(longitude), MAX(longitude) FROM Objects WHERE id IN (99910, 98561, 10200) AND latitude IS NOT NULL AND longitude IS NOT NULL; ERROR 1140 (42000): Mixing of GROUP columns (MIN(),MAX(),COUNT(),...) with no GROUP columns is illegal if there is no GROUP BY clause Das ist Unsinn - id wird nicht angezeigt und alle angezeigten Spalten sind in Aggregatfunktionen. Die WHERE-Clause verwirrt MySQL.\nMan kann die Query umschreiben, um den Fehler zu umgehen (aber das ist nicht Sinn der Sache):\nSELECT MIN(latitude), MAX(latitude), MIN(longitude), MAX(longitude) FROM Objects WHERE id IN (99910, 98561, 10200) AND latitude IS NOT NULL AND longitude IS NOT NULL group by 1=1; Beachte, daß man GROUP BY 1=1 schreiben muß und nicht einfach GROUP BY 1 machen kann. Letzteres ist eine (obsolete und nicht empfohlene) Schreibweise um nach Spalte 1 zu gruppieren (oder, mit ORDER BY, zu sortieren).\nSELECT MIN(latitude), MAX(latitude), MIN(longitude), MAX(longitude) FROM Objects WHERE id IN (99910, 98561, 10200) AND latitude IS NOT NULL AND longitude IS NOT NULL group by 1; ERROR 1056 (42000): Can\u0026#39;t group on \u0026#39;MIN(latitude)\u0026#39; INSERT ON DUPLICATE KEY UPDATE Breakage I Eine weitere Explosion bekommt man mit INSERT ON DUPLICATE KEY UPDATE hin. Gegeben sei\nroot@localhost \u0026gt; create table t ( id integer unsigned not null primary key auto_increment, d integer not null, e integer not null, f integer not null, unique ( d, e )); Query OK, 0 rows affected (0.06 sec) root@localhost \u0026gt; insert into t values ( 1, 1, 2, 0); Query OK, 1 row affected (0.00 sec) root@localhost \u0026gt; select * from t; +----+---+---+---+ | id | d | e | f | +----+---+---+---+ | 1 | 1 | 2 | 0 | +----+---+---+---+ 1 row in set (0.00 sec) Ohne SQL-Mode bekommt man Warnungen, wenn man das folgende versucht:\nroot@localhost \u0026gt; insert into t (id, f) values (1,4) on duplicate key update f = f+values(f); Query OK, 2 rows affected, 2 warnings (0.01 sec) root@localhost \u0026gt; show warnings; +---------+------+----------------------------------------+ | Level | Code | Message | +---------+------+----------------------------------------+ | Warning | 1364 | Field \u0026#39;d\u0026#39; doesn\u0026#39;t have a default value | | Warning | 1364 | Field \u0026#39;e\u0026#39; doesn\u0026#39;t have a default value | +---------+------+----------------------------------------+ 2 rows in set (0.00 sec) root@localhost \u0026gt; select * from t; +----+---+---+---+ | id | d | e | f | +----+---+---+---+ | 1 | 1 | 2 | 4 | +----+---+---+---+ 1 row in set (0.00 sec) Ungeachtet der Warnungen tut der Code aber genau das, was er soll. Durch den Strict Mode werden solche Warnungen aber zu Fehlern:\nroot@localhost \u0026gt; set sql_mode =\u0026#39;TRADITIONAL\u0026#39;; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; insert into t (id, f) values (1,4) on duplicate key update f = f+values(f); ERROR 1364 (HY000): Field \u0026#39;d\u0026#39; doesn\u0026#39;t have a default value Und damit Breakage in der Anwendung.\nDer Fehler bzw. die Warnungen sollten eigentlich gar nicht auftreten - sie müssen auftreten, wenn ein reines INSERT verwendet wird, mit dem INSERT ON DUPLICATE KEY UPDATE Code teilt. Aber sie dürfen eben nicht im INSERT ON DUPLICATE KEY UPDATE auftreten, sondern müssen dort das Weiterreichen an die UPDATE-Clause triggern.\nOder man sieht von so komplexen Statements wie INSERT ON DUPLICATE KEY UPDATE ab, weil die Fehlerbehandlung in ihnen zu kompliziert wird\u0026hellip;\nExtended INSERT und ON DUPLICATE KEY Breakage II Dann muß man jedoch auch auf Extended INSERT-Syntax verzichten. Denn:\nroot@localhost \u0026gt; set sql_mode = \u0026#39;TRADITIONAL\u0026#39;; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; \u0026gt; CREATE TABLE t ( id TINYINT UNSIGNED NOT NULL, value TINYINT UNSIGNED NOT NULL, PRIMARY KEY (id) ); Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; INSERT INTO t VALUES (1,1); Query OK, 1 row affected (0.00 sec) root@localhost \u0026gt; INSERT INTO t VALUES (1,256) ON DUPLICATE KEY UPDATE value=VALUES(value); ERROR 1264 (22003): Out of range value for column \u0026#39;value\u0026#39; at row 1 // does *not* break replication root@localhost \u0026gt; INSERT INTO wop VALUES (1,1),(1,256) ON DUPLICATE KEY UPDATE value=VALUES(value); ERROR 1264 (22003): Out of range value for column \u0026#39;value\u0026#39; at row 2 // *BREAKS REPLICATION* Das ist das Resultat auf dem Master: Ein halb ausgeführtes Statement. Das Statement hat im letzten Fall jedoch Daten modifiziert und gelangt so in das Binlog zum Slave, jedoch mit der Information, daß es auf dem Master auf halber Strecke abgebrochen wurde. Also bleibt die Replikation zum Slave nun stehen, um Inkonsistenzen zu vermeiden.\nDas wiederum - ein Stehenbleiben der Replikation - können wir uns unter gar keinen Umständen erlauben. Während wir vorher also gemosert und unseren Code gefixt haben, haben wir nun diesen Change komplett zurück gerollt und schauen einmal, wie wir das später ausgerollt bekommen.\nZusammenfassung Es ist recht offensichtlich, daß nicht viele Leute MySQL mit SQL_MODE fahren und daß eine ganze Menge Fehler oder Ungereimtheiten in SQL_MODE stecken. Das ist sehr schade, denn es ist so leider nicht möglich, MySQL auf eine Weise zu betreiben, mit der man illegale Daten beim Einfügen in die Datenbank in allen Fällen erkennen und verhindern kann.\nWas ist auf der guten Seite geblieben?\nWir haben einige long standing bugs bei uns gefunden und gefixt - an einigen Stellen haben Entwickler defekte (falsch geschriebene) Werte in ENUMs verwendet und so \u0026rsquo;\u0026rsquo; erzeugt. An anderen Stellen sind falsche oder inkomplette Datumsangaben mit auf 00 gesetzten Tagen oder Monaten verwendet worden (man lese die Manpage zu mktime(3), tm_mon vs. tm_mday!).\nAuch so etwas wird durch TRADITIONAL haufenweise gefunden:\nroot@localhost \u0026gt; create table t ( i integer not null, s varchar(32) not null ); Query OK, 0 rows affected (0.06 sec) root@localhost \u0026gt; insert into t (i) values ( 1 ); Query OK, 1 row affected, 1 warning (0.66 sec) root@localhost \u0026gt; show warnings; +---------+------+----------------------------------------+ | Level | Code | Message | +---------+------+----------------------------------------+ | Warning | 1364 | Field \u0026#39;s\u0026#39; doesn\u0026#39;t have a default value | +---------+------+----------------------------------------+ 1 row in set (0.00 sec) root@localhost \u0026gt; select * from t; +---+---+ | i | s | +---+---+ | 1 | | +---+---+ 1 row in set (0.00 sec) root@localhost \u0026gt; set sql_mode = \u0026#39;TRADITIONAL\u0026#39;; Query OK, 0 rows affected (0.00 sec) root@localhost \u0026gt; insert into t (i) values ( 2 ); ERROR 1364 (HY000): Field \u0026#39;s\u0026#39; doesn\u0026#39;t have a default value root@localhost \u0026gt; select * from t; +---+---+ | i | s | +---+---+ | 1 | | +---+---+ 1 row in set (0.00 sec) Durch das NO_ZERO_DATE haben wir die exzessive Verwendung von DATE NOT NULL DEFAULT '0000-00-00' als Überrest einer Migration von einer älteren Version von MySQL zur Disposition gestellt. Viele Entwickler fragen sich nun, was SELECT * FROM t WHERE somedate = \u0026quot;0000-00-00\u0026quot; wohl für eine Bedeutung haben mag, also was die dort gezeigten Zeilen wohl bedeuten mögen und gehen sorgfältiger mit Default-Werten um. Das hat ebenfalls eine Reihe von Bugs gekillt.\nAlles in allem wär es schön, wenn SQL_MODE von MySQL selbst mehr promoted würde oder gar in neueren Versionen von MySQL ein Default-SQL_MODE wie der oben vorgestellte voreingestellt wäre. Andererseits ist absehbar, daß in der MySQL-Welt dann genau gar kein existierendes SQL mehr laufen würde.\nUnd so wird es wohl bei dem Wunsch bleiben.\n","date":"2009-10-08T00:00:00Z","href":"https://blog.koehntopp.info/2009/10/08/ein-kurzer-aber-heftiger-schlagabtausch-mit-sql-mode.html","tags":["mysql","lang_de"],"title":"Ein kurzer, aber heftiger Schlagabtausch mit SQL_MODE"},{"categories":null,"content":" gulli: Bundestrojaner: ein Programmierer erzählt Ruben Unteregger, ein ehem. Mitarbeiter der Schweizer ERA IT Solutions erzählt. ERA stellt die Produkte MiniPanzer und MegaPanzer her, die als \u0026#039;Bundestrojaner\u0026#039;-Lösungen positioniert werden. Der Code, den er bei dieser Arbeit erstellt hat, gehört (auch) ihm, er hat ihn unter der GPL verfügbar gemacht und demonstriert in Lehrvideos auch illegale Verwendungen dieses Codes (etwa Phishing). (tags: bundestrojaner security) ","date":"2009-08-22T00:00:00Z","href":"https://blog.koehntopp.info/2009/08/22/megapanzer.html","tags":["lang_de"],"title":"links for 2009-08-22"},{"categories":null,"content":"Der Informatiker ist ein seltsames Wesen. In seiner Wissenschaft gibt es zum Beispiel ein paar Regeln, die beim ersten Mal gehört sehr seltsam klingen, die aber beim längeren Nachdenken und mit ein bischen Erklärung dazu Weisheiten enthalten, die manchmal auch außerhalb der Informatik von einigem Belang sein können.\nEine dieser Regeln ist\nNever check for an error condition you don\u0026rsquo;t know how to handle. Versteht man diese Regel zunächst einmal nur oberflächlich, klingt sie sehr fragwürdig - ich soll in meinem Programm bestimmte Fehlerbedingungen nicht prüfen, von denen ich genau weiß, daß sie eintreten könnten?\nWenn man den Satz vorwärts von links nach rechts durchdenkt, dann steht da genau das.\nNehmen wir uns einmal ein Beispiel und versuchen zu verstehen, was da passiert.\nDa ist zum Beispiel ein sehr einfacher Fall - ich könnte versuchen Speicher beim Betriebssystem zu reservieren und das kann fehlschlagen.\nchar *p = NULL; if ((p = malloc(someSize)) == NULL) { tja_was_dann(); } Das ist so eine typische Situation - wieso zum Beispiel fragt die Bibliotheksfunktion malloc() nicht selbst auf p == NULL ab und fängt diesen Fall ab. Weil sie das nicht tut, muß ich das jedes einzelne Mal selber tun und darf das in keinem einzelnen Fall vergessen.\nTatsächlich haben die meisten Programme eine Funktion safe_malloc(), die ein Wrapper für malloc() ist und mehr oder weniger wie oben gezeigt aussieht. Der Punkt ist, daß jedes Programm seine eigene Implementierung von tja_was_dann() mitbringt, denn das genaue Verhalten der Anwendung ist anwendungsspezifisch und kann so nicht von der Bibliothek bereit gestellt werden.\nMan könnte argumentieren, daß malloc() dann intern ein tja_was_dann() aufrufen sollte, für das ein jeder Verwender von malloc() eine Implementierung bereit stellen müßte. Aber das würde wiederum einen bestimmten Modus der Verwendung von malloc() vorschreiben. Die Lösung, daß malloc() den Test nicht macht, sondern den Fehler nur signalisiert, ist hier die flexibelste Lösung - und daher einer Bibliotheksfunktion am angemessensten, weil sie dem Anwender jede Wahl läßt. Sie stellt also die notwendigen Mechanismen bereit, erzwingt aber keine bestimmte Policy.\nNebengedanke: Das ist einer der Hauptunterschiede zwischen einer Bibliothek und einem Framework. Eine Bibliothek stellt Mechanismen bereit, erzwingt aber keine bestimmte Policy, also eine bestimmte Default-Herangehensweise an Probleme. Frameworks dagegen sind mit einem bestimmten Modus im Kopf entwickelt worden und bringen eine Policy mit, die im Kontext des Frameworks als Standardlösung angesehen wird.\nNebennebengedanke: Kernel, Bibliotheken und Frameworks sind Infrastruktur, und wie jede Infrastruktur werden sie auch zu einem guten Teil daran gemessen, wie sie versagen . In diesem Fall also: Welche Möglichkeiten gibt es, bei einem Framework an der Policy vorbei zu programmieren, wenn die Policy mal nicht paßt (\u0026lsquo;Wie kann ich in RoR Queries an Active Record vorbei schicken?\u0026rsquo;) oder wie frei von Policy ist diese Bibliothek wirklich gestaltet - habe ich nur einen Mechanismus, oder ist er mit einer Intention, einer Policy belastet?\nVon einer Bibliothek soll also nur ein Mechanismus bereitgestellt werden, und es ist zwingend notwendig, daß sich der Anwendungsentwickler Gedanken darüber macht, wie die Policy zur Fehlerbehandlung aussehen soll und wie sie implementiert werden soll. Das ist eigentlich ein relativ offensichtlicher Punkt, aber einer, der meiner Erfahrung nach beim Lehren von Programmiertechniken nicht ausreichend betont und eingeübt wird. Wäre dem nicht so, hätte wir weniger schlechten Code in vielen Projekten. Und ich will mich hier nicht auf die Tonnen von verseuchtem PHP-MySQL beschränken lassen, in denen Queries an eine Datenbank abgefeuert werden ohne jemals zu prüfen, ob überhaupt ein Resultat produziert wurde - oder in denen, falls dies nicht der Fall ist, vergessen wird, die Fehlermeldung der Datenbank abzuholen.\nDer Punkt ist, daß das Fehlen einer Policy im Code meistens eine Policy in der Anwendung bedingt, oder jedenfalls Mindeststandards in der Anwendung. Einige Programmiersprachen haben einen Namen für so ein informales Konstrukt: Sie nennen es eine Konvention, also einen Vertrag zwischen Bibliotheksentwickler und Anwendungsentwickler, der informal ist und nicht durch die Mechanismen der Programmiersprache erzwungen wird. Diese Konvention ist typischerweise unausgesprochen und nicht Bestandteil der Bibliotheksdokumentation - und das ist der Grund, warum die Konvention unzureichend gelehrt und entsprechend unzureichend umgesetzt wird.\nAber man kann den Satz\nNever check for an error condition you don\u0026rsquo;t know how to handle.\nauch anders herum lesen. Was genau bedeutet es denn, diese Error Conditions nun zu handlen? Also genauer: Wenn dieser Fehler eintritt, was sind die verbleibenden Handlungsoptionen und was ist der gewünschte Failure Mode, d.h. was soll passieren?\nNehmen wir wieder den o.a. malloc()-Code. Wenn der Fehler eintritt, dann kann oder will uns das Betriebssystem keinen Speicher mehr reservieren. Wir wissen nicht warum, müssen also die schlimmste Annahme treffen und die ist: der Speicher ist voll, niemand bekommt mehr Speicher. Genau genommen könnte ein Programm anderswo laufen, daß allen freien Speicher sofort verbraucht, wir können also auch keinen Speicher ans System zurück geben und dann wieder reservieren lassen.\nDieses Szenario setzt voraus, daß wir bereits weit vor dem Eintreten des Fehlers allen Speicher reserviert haben, der zur Handhabung des Fehlers notwendig ist. Das ist eine recht komplizierte Situation, und den meisten Anwendungsentwicklern in dem Moment zu kompliziert, in dem sie gezwungen sind darüber nachzudenken. Schließlich wollen sie erst mal den nicht failenden, den funktionalen Path in ihrem Code fertig stellen, bevor sie sich mit failure modes und den Codepaths dort beschäftigen.\nNebengedanke: Das ist ein weiterer Hauptgrund für schlechten Code - wir zwingen Entwickler zum falschen Zeitpunkt dazu, sich mit failure modes und failenden Codepaths auseinander zu setzen. Entwickler sind wahrscheinlich bereit, sich auch mit failenden Codepaths zu beschäftigen, denn sie wollen ja ein gut funktionierendes Programm erstellen. Aber wir sollten sie nicht gerade dann mit failenden Pathes belästigen wenn sie im funktionalen Path des Codes am Arbeiten sind, dem Programm also gerade beibringen überhaupt mal was Sinnvolles zu tun.\nWeil wir Entwickler also im falschen Moment mit Failures belästigen bekommen wir Code, bei dem Failure Handling im günstigsten Fall so aussieht:\nchar *p = NULL; if ((p = malloc(someSize)) == NULL) { exit(ENOMEM); // out of memory error } Immerhin ist hier überhaupt auf das Auftreten eines Fehlers geprüft worden. Vielleicht sind auch noch ein paar atexit(3)-Handler gestacked worden, die beim Programmende aufräumen, aber das ist allgemein recht wenig üblich.\nBei dieser Art der Fehlerbehandlung kann man am Code förmlich sehen, wie der Anwendungsentwickler auf das Auftreten des Fehlers geprüft hat, sich aber über das Handling des Fehlers jetzt zu diesem Zeitpunkt genau gar keine Gedanken machen wollte.\nEin anderes übliches Problem ist, daß auf einer viel zu niedrigen Ebene auf den Fehler geprüft wird. Zudem besteht oftmals keine Übereinkunft in der Anwendung, wie Fehler von einer niederen Abstraktionsebene auf die nächsthöhere Ebene weitergereicht wird, ohne daß Information verloren geht. Die Innereien des Quelltextes von MySQL sind ein ausgezeichnetes Beispiel für solche Scherereien, zum Teil findet man Code wie\nint errcode = doSomeThing(); switch(errcode) { case 1: case 2: case 3: return E_DIES; break; case 4: return E_DAS; break; } Das heißt detaillierte interne Fehlercodes werden unter Informationsverlust plattgeklopft und ein Handler auf einer höheren Abtraktionsebene mit mehr Kontext hat gar keine Chance mehr festzustellen, was genau denn da unten nun schief gelaufen ist.\nDie Regel\nNever check for an error condition you don\u0026rsquo;t know how to handle.\nmacht es also notwendig, bei jeder Fehlerprüfung drei Dinge zu klären:\nDiagnose: Den Fehler feststellen. Formuliere einen Test, der an einer geeigneten Stelle prüft, ob ein Fehler vorliegt und der unterscheidbar signalisiert, welcher Fehler genau vorliegt. Policy: Lege fest, was beim Eintreten der Fehlerbedingung das korrekte, ergewünschte Verhalten ist, d.h. definiere eine Policy, die festlegt, wie mit dem Fehler umgegangen werden soll. Kontext: Entscheide, ob diese Fehlerbehandlung im Kontext der aktuellen Abstraktionsebene möglich ist, der Fehler also hier wie erwünscht behandelt werden kann, oder ob er eskaliert werden muß. Wenn er eskaliert werden muß, stelle sicher, daß er auf der übergeordneten Ebene erwartet wird - dort muß also auch Policy für die Eskalation zwingend existieren. Stelle auch sicher, daß er dort noch diagnostiziert werden kann - die Diagnose darf also bei der Eskalation keinem Informationsverlust unterliegen. Diese Überlegungen sind nun durchaus auch außerhalb der Informatik anwendbar. Der Auslöser für mich diesen Text zu schreiben war zum Beispiel der folgende Recht interessante Artikel von Hadmut:\nDie 110-Notruf-Taste im Webbrowser .\nDie Überlegungen, die Hadmut da anstellt, sind alle gut und richtig, aber wenn man die Regel von oben anwendet, kommt man schnell zu dem Schluß, daß die Taste zur Signalisierung des Notrufes nicht wirklich ein Problem ist - das sind wahrscheinlich weniger als 5 Zeilen Javascript in Firefox.\nDie Frage - und es ist erst mal eine Frage, kein Code-Problem - ist ja dann: Was soll dann passieren, wenn so eine Taste gedrückt wird. Es geht um Prozeß, d.h. immer um die Frage WER soll WANN mit WEM WOZU WORÜBER reden? Welche Informationen sollen beim Drücken der Taste also an wen übermittelt werden und welche Reaktion wird dann in welchem Zeitrahmen erwartet?\nBauen wir eine zentrale Internet-Notrufzentrale auf? Bekommt diese mit dem Notruf auch Location-Information übermittelt, wenn es notwendig ist? Wenn ja, wie?\nWelche anderen Informationen werden übermittelt? Die aktuelle URL? Der persistente State des Browsers mit allen Bookmarks, der History und so weiter? Der volatile State des Browsers mit aller ggf. aktiven Spyware, aber auch allen internen legitimen Variablen? Der State des ganzen Rechners mit Prozeßliste, Speicher- und Programminformationen, installierten Programmen nach Registry usw?\nWie wird der Notruf dann ausgewertet und klassifiziert?\nWas sind Standard-Reaktionen, wenn er Notruf verifiziert und klassifiziert ist? Kann die Notrufzentrale direkt auf den Rechner zugreifen und dort weitere Informationen auslesen, alles einmal durchforensiken? Kann sie schreiben und den Zustand des Rechners verändern? Oder kann sie nur per VoIP zurück rufen und in einer r/o Screensharing-Session den User durch den Notfall durchsprechen?\nWelche Taxonomie von Notfällen bauen wir überhaupt auf und was sind notwendige Schritte zur Verifikation, und dann Standard-Reaktionen auf den Notfall, so er verifiziert ist?\nSoll auch präventive Aktion möglich sein, etwa, wenn wir eine Häufung von Incidents einer bestimmten Art feststellen (einen Outbreak eines bestimmten Virus etwa) und das dem Incident-Managent übergeordnete Problem-Management eine größere Situation erkennt, die es flächig präventiv entschärfen möchte? Im Falle des Outbreaks etwa, indem es allen gefährdeten Rechnern präventiv einen Patch reinzwingt?\nWie ordnen wir das rechtlich und technisch ein? Wie hängen wir das organisatorisch auf? Wie erzwingen wir die technische Umsetzung des Rahmens (Pflichtinstallation der Software auf allen mit dem Internet verbundenen Zielsystemen)? Wie schützen wir diese Infrastruktur gegen Mißbrauch?\nWie man sieht kann der Check für einen Fehlerbedingung recht einfach sein - ein Notrufknopf.\nDas Handling dann, das kann \u0026ldquo;etwas\u0026rdquo; komplizierter werden. Aber solche Details muten eine Frau von der Leyen und ein Herr Schäuble dem interessierten Wähler im Wahlkampf eher nicht zu, wenn sie in Interviews von einem Notrufknopf im Browser reden - bzw. auch die Bildzeitung redet über diese viel spannendere Seite des Problems eher nicht - und das kann sehr einlullend sein: Wieso haben wir so einen Knopf eigentlich nicht im Browser? So schwer kann das doch nicht sein?\n","date":"2009-08-21T00:00:00Z","href":"https://blog.koehntopp.info/2009/08/21/was-bedeutet-eigentlich-never-check-for-an-error-condition-you-don-t-know-how-to-handle.html","tags":["politik","security","lang_de"],"title":"Was bedeutet eigentlich \"Never check for an error condition you don't know how to handle\""},{"categories":null,"content":"In Das Internet wird wahlentscheidend? berichtet Netzpolitik.org über eine Umfrage, die der Branchenverband Bitkom sich hat maßschneidern lassen. Neben einer Reihe von anderen seltsamen Fakten heißt es dort:\nDie Ergebnisse der BITKOM-Studie zeigen darüber hinaus eine hohe Akzeptanz von Online-Wahlen. Fast die Hälfte der Bundesbürger (47 Prozent) würde ihre Stimme bei Wahlen elektronisch über das Internet abgeben. Unter den 18- bis 29-Jährigen sind es sogar 57 Prozent. Bisher sind Internetwahlen nach dem deutschen Wahlrecht nicht erlaubt.\nWieso eigentlich nicht?\nDa ist einmal das Urteil des Verfassungsgerichtes:\nDas Gericht gab den Klägern in wesentlichen Punkten recht und bestätigte, dass die bisher eingesetzten Geräte mangelhaft seien. Der Wähler müsse die wesentlichen Schritte der Wahlhandlung und der Ergebnisermittlung zuverlässig und ohne besondere Sachkenntnis überprüfen können, sagte der Vizepräsident des Bundesverfassungsgerichts, Andreas Voßkuhle. Dazu gehöre, dass er sehe, ob seine Stimme richtig erfasst wurde.\nUnd da ist andererseits eine Anforderung an das Wahlgeheimnis, die von vielen unterschätzt wird. Dabei ist sie leicht zu erklären.\nWie lange muß ein militärischer Code eine militärische Nachricht wie \u0026ldquo;Angriff im Morgengrauen!\u0026rdquo; geheim halten können?\nGenau.\nBis die Sonne aufgegangen ist, d.h. so lange wie die Decodierung der militärischen Nachricht durch einen Feind dem Feind noch einen Erkenntnisgewinn verschaffen könnte. Das ist für die weitaus größte Zahl der Nachrichten nicht sehr lange.\nAndererseits stelle man sich einmal folgendes Szenario vor: 1933 hätte es so etwas wie ein Steampunk-Internet gegeben und Leute hätten bei der Wahl dort von daheim über dieses Netz abstimmen können. Jemand hat die verschlüsselten Nachrichten mitgeschnitten und könnte nun, falls er sie decodieren kann, beweisen, wer dort wann wie abgestimmt hat.\nWie lange muß der damals verwendete Schlüssel die Nachrichten geheimhalten können?\nGenau.\nUnd darum will man keine Abstimmungen über das Internet und auch keine Wahlcomputer.\n","date":"2009-08-19T00:00:00Z","href":"https://blog.koehntopp.info/2009/08/19/angriff-im-morgengrauen-oder-ein-paar-gedanken-zu-onlinewahlen.html","tags":["internet","politik","wahl","lang_de"],"title":"Angriff im Morgengrauen oder ein paar Gedanken zu Onlinewahlen"},{"categories":null,"content":"Eine Einthemenpartei wie die Piraten macht es sich sehr einfach - sie beackert nur dieses eine Poltikfeld und sammelt das Stimmvieh ein. Schauen wir mal genauer hin.\nDas hier ist ein Poltikfeld. Die weißen Punkte sind Stimmvieh.\nPolitikfeld mit Stimmvieh\nMit was also soll sich der medienkompetente und interessierte Bürger hier auseinandersetzen? Und sein Interessenvertreter im Parlament?\nDa stellen wir uns also mal ganz dumm und malen einen Kringel:\nDas Politikfeld, um das es hier gehen soll, ist das Urheberrecht. Es sieht so aus:\nDas Urheberrecht ist ein automatisches Recht: Man erwirbt es einfach indem man ein Werk erschafft. Die Schwelle, ab der etwas ein Werk ist, ist recht niedrig - ein Foto von einem Brötchen zum Beispiel kann ein Werk sein, oder ein Foto von Schafen auf einer Weide in Neuseeland, wie ich es dort oben gemacht habe. Auch ein Zeichensatz, eine Komposition, ein Brief, ein abgeschlossen formulierter Gedanke oder ein Aphorismus kann ein Werk sein.\nEs ist wirklich automatisch: Ich muß nichts dafür tun - ich brauche keine magischen ©-Symbole abzudrucken und ich brauche das Werk niemandem anzumelden. Man kann dennoch an sein Werk »© Copyright 2009 Kristian Köhntopp« malen. Das ist nett, und es ist psychologisch hilfreich, weil es potentielle Nutzer des Werkes animiert, nachzufragen und das Werk zu lizenzieren. Ich habe gute Erfahrungen und besser noch gutes Geld mit solchen Kennzeichnungen gemacht. Juristisch ist es jedoch nicht notwendiger Vodoo.\nLizenzieren? Ah ja.\nSchaut man genauer hin, kann man zwei Unterthemen erkennen:\nBeim Urheberrecht geht es um Verwertungsrechte, die man einem anderen abtreten kann. Das kann man nichtexklusiv oder für eine spezifische Nutzung tun, oder man kann es pauschal und dauerhaft machen. Letzteres ist zum Beispiel die präferierte Vertragsform, die Zeitungsverlage aktuell mit freien Autoren haben wollen. Der Autor kann den Artikel dann nicht mehr jemand anderem verkaufen, er muß nicht doppelt bezahlt werden, wenn der Artikel im Magazin und Online erscheint, und er muß auch nicht erneut bezahlt werden, wenn der Artikel in einem Sonderheft wieder aufgelegt wird.\nDen anderen Ast unseres Diagrammes gibt es nur im europäischen Urheberrecht: Das Urheberpersönlichkeitsrecht schützt die Interessen des Urhebers an seinem Werk und seinem Namen - es bewirkt, daß ein Urheber auf Namensnennung im Zusammenhang mit dem Werk bestehen kann und daß ein Urheber gegen Veröffentlichungen vorgehen kann, in denen sein Werk entstellt oder sonstwie unautorisiert verändert wird. Man findet das Urheberpersönlichkeitsrecht an seltsamen Orten - die deutsche Bahn zum Beispiel hat den Prozeß gegen den Architekten des Berliner Hauptbahnhofs/Lehrter Bahnhof verloren: \u0026lsquo;Durch Änderungen am Bau sei die ursprüngliche Planung des Stararchitekten Meinhard von Gerkan \u0026ldquo;erheblich entstellt\u0026rdquo; worden.\u0026rsquo;, berichtet der Spiegel .\nDas Urheberrecht wirkt weit in das Poltikfeld Kultur hinein. Ich habe recht willkürlich einmal einige Themen herausgegriffen, die die Verbindung herstellen, aber es gibt noch viel mehr Wechselwirkungen zwischen den beiden Themen:\nDa ist einmal das Thema Privatkopie, das über Prozesse gegen P2P-Filesharing und das schwedische Anti-Piratebyrån letztendlich zur Gründung (und Namensgebung) der Piratenpartei in Schweden geführt hat.\nAber im Spannungsfeld Kultur und Urheberrecht finden sich noch weitere Themen, zum Beispiel DRM (Digital Restrictions Management), bei dem unter dem Vorwand des Kopierschutzes Monopole durch inkompatible Formate geschaffen werden sollen und bei dem es auch darum geht, den Kunden zum Lizenznehmer statt Eigentümer zu machen - dadurch kann man ihm Werke wieder entziehen (Amazon hat das mit dem Kindle schön demonstriert), ihn mit Regioncodes gängeln, sein Nutzungsverhalten auswerten (auch das wird am Kindle schön demonstriert) und ggf. noch weiter verkaufen und viele andere Dinge mehr. Der Text \u0026lsquo;The Right to Read \u0026rsquo; (1997) von Richard Stallman schildert all das als eine Art visonäre Dystopie - wir sind auf dem besten Weg dahin, sie Wirklichkeit werden zu lassen.\nDie offene Frage, an der sich die öffentliche Diskussion derzeit entzündet ist die Frage, wie Urheber denn Geld verdienen sollen - im Raum steht eine Kulturflatrate, ein bürokratisches Monster mit noch größeren Tentakeln als VG Wort, GEMA und GEZ zusammen und ein absoluter Privacy-Albtraum.\nDas Thema kooperative Schöpfung als Gegensatz zur kompetetiven Schöpfung habe ich in einigen Texten in diesem Blog schon einige Male angesprochen, erstmal in Ein paar ideologische Steine in Rollen bringen . Im kreativen Bereich wird dies durch die Creative Commons Lizenzen und in geringerem Ausmaß durch die GFDL und andere freie Lizenzen für Texte, Bilder und andere Werke realisiert, im Bildungsbereich, zu dem wir gleich kommen werden steht dem das Prinzip Open Access gegenüber.\nEin anderes kontroverses Thema ist das Urheberrecht vs. die Neuschöpfung von Inhalten durch die Mittel des Zitates, der Parodie und Satire, oder durch Remixen und andere Formen der Ableitung. Bei Techdirt findet sich der Artikel The Myth Of Original Creators , bei mir liest sich das in Politik, Polemik und eine Agenda gar nicht so anders. Der Punkt, der hinter beiden Texten steht ist der, daß ein Urheberrecht im Internetzeitalter die Schaffung von neuen Werken ermutigen muß, und nicht als Hauptfunktion bereits existierende Inhalte schützen. Letzteres ist nur der Wunsch von Rechteverwertern, nicht der Wunsch von Kreativen.\nDas Thema Bildung steht mit dem Thema Kultur in enger Verbindung: Ohne Bildung kann man Kultur nicht richtig rezipieren und nicht alle Produkte einer Kultur kann man schon rezipieren, wenn man noch in der Ausbildung ist. Wir weiten unsere Skizze aus:\nJugendschutz ist ein Thema, das speziell die Bundesrepublik Deutschland bis zur Lächerlichkeit ernst nimmt. Das hat kulturelle Gründe, ist vielfach aber auch Bequemlichkeit: Jugendschutz ist ein politisch bequemer Weg, Repression auszuweiten, mit der man sozial unerwünschtes Verhalten und den Zugang zu sozial unerwünschtem kulturellen Ausdruck auch bei Erwachsenen erschweren kann. Das betrifft nicht nur die Reifen, durch die man springen muß, wenn man indizierte Medien erwerben will, sondern es betrifft auch Situationen wie das lukrative Lottomonopol, das die Bundesrepublik angesichts der EU nur behalten kann, indem sie eine Jugendschutzsituation erfindet: Um Jugendliche vor imaginärer Lottospielsucht zu beschützen kann man in Deutschland nicht mehr online Lotto spielen.\nEs ging um Bildung - damit Bildung möglich ist, muß Wissen kostengünstig zugänglich sein. Wir treffen hier das Thema kooperative Schöpfung wieder, diesmal unter dem Namen Open Access. Ein verwandter Gedanke ist die Idee, daß Werke, die aus öffentlichen Geldern geschaffen worden sind auch frei und kostenlos verfügbar sein sollten - US amerikanische Geodaten zum Beispiel sind so zu bekommen, weil sie mit Steuergeldern erarbeitet wurden, oder originale Inhalte der BBC für Einwohner Großbritanniens. In Deutschland stehen dem kommerzielle Interessen des Privatfernsehens gegenüber und die Mediatheken der deutschen öffentlich-rechtlichen müssen die Inhalte, die wir mit unseren Rundfunk- und Fernseh-Gebühren bereits bezahlt haben nach 7 Tage hinter dem Schleier des Vergessens verschwinden lassen und dürfen nicht gespeichert oder weiter verbreitet werden können. Klar - wer würde sonst noch RTL gucken wollen.\nDamit Bildung möglich ist, muß der Zugang zu Wissen überhaupt möglich sein. Was ist mit Archivierung, mit der Freisetzung von Inhalten bei Ablauf der Schutzfristen des Urheberrechtes und mit den legalen Kopien unter dem Bildungsprivileg im Angesicht von DRM? Auch hier begegnen sich die Poltikfelder Kultur, Bildung und Urheberrecht wieder.\nWir landen bei:\nIm Rahmen der Medienpolitik wollen wir außerdem über das Netz eine mediale Grundversorgung sicherstellen, die für die politische Meinungsbildung notwendig ist. Außerdem sollen Behördenprozesse digitalisiert und automatisiert werden, um so Effizienzgewinne zu realisieren. Dem steht eine Durchsetzung von Urheberrechtsansprüchen gegenüber, bei denen die Rechtevertreter eine Art digitale Todesstrafe einführen wollen, die sogenannte Three Strikes Regelung, bei der ein Netzteilnehmer am Ende abgeklemmt wird. Dieser Widerspruch wird von der Politik noch nicht adressiert und auch nicht aufgelöst.\nDie Interessenlage sieht so aus:\nAlles zusammen reden wir gerade über das hier:\nWobei ich andere Schutzrechte des Komplexes geistges Eigentum noch ausgespart habe - hier sind also keine Markenrechte, Namensrechte, Patente und andere Monopolrechte mit eingezeichnet und ich habe daher auch die Überschneidungen mit der landwirtschaftlichen Gentechnik (und deren Verbindungen zur Forschung) und viele andere Dinge noch nicht eingezeichnet - denn dann wird es wirklich unübersichtlich.\n","date":"2009-08-19T00:00:00Z","href":"https://blog.koehntopp.info/2009/08/19/einthemenpartei.html","tags":["copyright","free software","internet","media","piraten","politik","lang_de"],"title":"Einthemenpartei"},{"categories":null,"content":"In der Digitaz erschien vor zwei Tagen ein Gastbeitrag von Kai Schächtle, dem Vorsitzenden des Berufsverbandes freier Journalisten und Journalistinnen, \u0026ldquo;Freischreiber\u0026rdquo;. Unter dem Titel Meister der Enteignung stellt er die gängige Vertragspraxis der nach ihrem Bekunden \u0026ldquo;Qualitätsjournalismusverlage\u0026rdquo; der Kampagne von Hubert Burda und anderen zur Einführung eines Verlinkungsgebühr gegenüber:\nWas Burda in seinem Hilferuf verschweigt: Die Rechtsabteilungen der Verlage haben in den vergangenen Jahren eine erstaunliche Kreativität an den Tag gelegt, um selbst zu Meistern der Enteignung zu werden - im Umgang mit ihren freien Journalisten. Man kann es nicht anders als bigott nennen, wie Verlagsverantwortliche derzeit Politik in eigener Sache machen: Sie beschweren sich über die vermeintliche Enteignung durch Google, zwingen ihren Autoren aber gleichzeitig Total-Buy-out-Verträge auf, mit denen sie sich sämtliche Rechte an deren Stücken sichern. Diese Knebelverträge machen es möglich, eingekaufte Texte beliebig oft zu benutzen und weiterzuverkaufen, ohne dass die Autoren davon profitieren.\nSchächtle zeichnet ein drastisches Bild des aktuellen Journalismus - Zeilenhonorare sind nach seiner Aussage so niedrig, daß 500 Euro für einen Artikel, in dem eine Woche Recherchearbeit steckt, eher die Norm als die Ausnahme sind.\nFür mich, der Schreiben als angenehmen Nebenverdienst ansieht, aber seine Texte lieber frei ins Netz stellt als einen Total Buyout zu unterschreiben bloß damit es gedruckt wird, ist das etwas, das ich vom Spielfeldrand aus betrachte.\nDie Begegnung mit der geänderten Verlagseinstellung hatte ich aber auch: Alle meine Artikel bis auf den letzten bei Heise sind ohne Vertrag \u0026lsquo;Text gegen Überweisung\u0026rsquo; entstanden, es gelten dann die Default-Regelungen, und die sind vom Anfang des 20. Jahrhunderts - 1908 oder so. Der Verlag wollte dann für meinen letzten iX-Artikel einen extra Autorenvertrag und dieser hätte mir verboten, den an Heise verkauften Artikel auf meiner eigenen Website neben seine Geschwistertexte zu stellen.\nDas wollte ich nicht - ich will alle Texte, die ich jemals verkauft habe, auf meiner Leistungsschau entlang der Dimension \u0026ldquo;von Kris geschrieben\u0026rdquo; zeigen können und eher stelle ich einen Artikel kostenlos ins Blog als auf dieses Recht zu verzichten bloß damit der Text in die iX kommt. Nach einem mehrwöchigen Hin- und Her hat der Verlag dann meine Autorenvertragsänderung akzeptiert, aber letztendlich ist es für mich einfacher und einträglicher, mein Zeugs hier ins Blog zu kippen als für ein paar hundert Euro pro Seite Honorar den Vertrag mit einem Verlag auszukämpfen: Bekäme ich durch meine Texte hier nur einen Consultingtag mehr, entspricht das dem Honorar für einen recht langen Grundlagenartikel.\nDennoch ist es ein aktuelles und recht brennendes Problem für Leute, die vom Schreiben leben wollen. Aber das Problem ist vielschichtiger.\nSolange Leute wie ich Texte schreiben, die druckfähig wären, diese aber gratis verbloggen, nehme ich natürlich Berufsschreibern einen Teil vom Markt weg. Sorry, aber für mich ist das Werbung, und solche die gut funktioniert. Ich werde nicht aufhören.\nSolange Berufsschreiber so dringend in ein bestimmtes Blatt wollen, daß sie dafür einen Total Buyout Vertrag annehmen, kommt auch an dieser Stelle keine Bewegung ins System. Der Organisationsgrad der Autoren ist aber zu niedrig, als daß von dieser Seite aus effektiv Druck aufgebaut werden könnte.\nUnd solange Verlage ihre Autoren so ausquetschen, um den unmittelbaren Bedarf zu befriedigen wird das Rennen ins Bodenlose weitergehen: Denn wie in Schächtles Artikel skizziert wird durch dieses Umfeld das Annehmen von Lobby- und Gefälligkeitsartikeln für Berufssschreiber rentabler als objektive Recherche - am Ende ist ein gecrowdsourcter Blogartikel besser recherchiert und eher mit einem vertrauenswürdigen NPOV verfaßt als ein Werk des sogenannten Qualitätsjournalismus.\nSammlungen wie Telemedicus: Rechtsfragen der Informationsgesellschaft (hier via das wunderbare Carta sind solche Lichtblicke, oder die nicht minder guten Analysen bei Netzwertig , die ich jedermann nur dringend ans Herz legen kann. Dort, bei Carta und Netzwertig, findet sich nicht nur die Darstellung des neuen Online-Qualitätsjournalismus, sondern dort wird das Prinzip auch vorgelebt und ich bin begeistert. Der Freitag experimentiert mit wachsenden Artikeln , wie man die lokale Form des Crowdsourcing dort eindeutscht, und das mit zufriedenstellenden Ergebnissen, wenn die Form auch noch ein wenig schwerfällig wirkt.\nJetzt muß das nur noch jemand mal dem Uwe Jochum erklären, der mir mehr und mehr wie eine Figur direkt aus Rainbows End vorkommt.\n","date":"2009-08-19T00:00:00Z","href":"https://blog.koehntopp.info/2009/08/19/meister-der-enteignung.html","tags":["lang_de","copyright","internet"],"title":"Meister der Enteignung"},{"categories":null,"content":"openvpn ist ein bequem aufzusetzender VPN-Server, der mit einer einfachen TCP-Verbindung angesprochen werden kann. Da kein gesonderter IP-Pakettyp verwendet wird, funktioniert openvpn sehr einfach auch mit dummen Routern oder in eingeschränkt konnektierten Netzwerken.\nInsbesondere kann der openvpn-Server auch etwa auf Port 443 laufen. Daher ist openvpn sehr bequem, wenn man hinter einem Proxy-Server eines Netzwerkes sitzt, der ausgehende https-Verbindungen nur auf https-Ports zuläßt, wie es etwa in vielen Firmen der Fall ist.\nMit einem openvpn-Server, der auf Port 443 lauscht, kommt man aus den meisten dieser Netze bequem heraus und kann alle seine Zugriffe dann über die VPN-Verbindung tunneln. Der Proxy sieht nur eine normale CONNECT-Anweisung auf einen https-Port, danach ist alles verschlüsselt. Der Verbindung ist also nicht anzusehen, daß es sich nicht um eine https-Verbindung handelt - um das zu erkennen müßte der Proxy schon umschlüsseln, dann wäre die Verbindung aber wegen des durch den Proxy gefälschten Zertifikates aus unsicher zu erkennen.\nDas Kommanzeilenprogramm openvpn ist sowohl Server als auch Client. Auf dem Server wird es so gestartet:\n/usr/sbin/openvpn \\ --daemon \\ --writepid /var/run/openvpn/openvpn.pid \\ --config /etc/openvpn/openvpn.conf \\ --cd /etc/openvpn Die Konfiguration ist kurz und schmerzlos:\nh743107:~ # cat /etc/openvpn/openvpn.conf daemon openvpn-server.koehntopp dev tun local {SERVERIP} port 443 proto tcp user nobody group nobody cd /etc/openvpn ca keys/ca.crt cert keys/server.crt key keys/server.key dh keys/dh1024.pem server 192.168.168.0 255.255.255.0 ifconfig-pool-persist ipp.txt comp-lzo persist-key persist-tun status openvpn-status.log verb 3 keepalive 10 60 # client config dir client-config-dir client-config-dir Dies erzeugt einen Server, der auf Port 443 an der an Stelle von {SERVERIP} eingesetzten IP lauscht. Der Server läßt Verbindungen von Clients zu, die ein Zertifikat haben, das mit ca.crt signiert ist - Zertifikate erzeugen .\nDer Client bekommt eine IP aus dem im server-Statement genannten Pool zugeteilt, und die IP ist persistent. Wir verwenden komprimierte Verbindungen und versuchen den Tunnel auch über Server-Restarts (persist-tun) zu halten, ditto für den Key. Der Server schreibt ein openvpn-status.log auf dem Verbosity-Level 3. Wir pingen unsere Verbindung alle 10 Sekunden und starten sie nach 60 Sekunden fehlenden Pings neu (viele https-Proxies trennen die Verbindungen sehr aggressiv, also halten wir sie so beschäftgt). Im client-config-dir könnten wir noch weitere Client-spezifische Konfigurationen unterbringen.\nAuf demselben Rechner starte ich auch einen Squid, den ich auf 127.0.0.1:3128 binde und dem ich Zugriffe aus dem 192.168.168.0/24 erlaube. Dadurch kann ich all meinen privaten Webtraffic durch meinen Proxy schicken, statt meine URLs an den anderen Proxy auszuliefern, bei dem ich nicht weiß, was die Betreiber mit den Logs oder meinen Daten machen.\nAuf dem Client (bei mir ein Mac) verwende ich Tunnelblick als openvpn-Starter und habe in $HOME/Library/openvpn eine openvpn.conf hinterlegt:\nclient dev tun proto tcp remote {SERVERIP} 443 resolv-retry infinite nobind user nobody group nobody persist-key persist-tun ca ca.crt cert client.crt key client.key comp-lzo verb 3 keepalive 1 5 ; firmenproxy http-proxy {COMPANY_PROXY} 3128 http-proxy-retry Hier ist dieselbe {SERVERIP} einzutragen wie bei der Server-Konfiguration. Wenn die Verbindung durch einen Web-Proxy getunnelt werden muß, muß man die beiden http-proxy Kommandos am Ende der Datei anpassen, zum Testen daheim kann man sie weglassen. Der Rest der Konfiguration entspricht der Server-Config, nur die Keepalives habe ich für mich noch aggressiver setzen müssen.\n","date":"2009-08-10T00:00:00Z","href":"https://blog.koehntopp.info/2009/08/10/einen-openvpn-server-aufsetzen.html","tags":["security","privacy","lang_de"],"title":"Einen  openvpn Server aufsetzen"},{"categories":null,"content":" Aktueller denn je: \u0026lsquo;Meine Familie und ich\u0026rsquo;, aktuelle Ausgabe - in der Vorwegnahme des Bundestagswahlkampfes.\n","date":"2009-08-10T00:00:00Z","href":"https://blog.koehntopp.info/2009/08/10/piratenthemen.html","tags":["piraten","lang_de"],"title":"Piratenthemen"},{"categories":null,"content":"Die Welt veröffentlicht einen Wahlkampfartikel pro Piratenpartei: \u0026ldquo;Thomas de Maiziere: Kanzleramts-Chef fordert scharfe Regeln im Internet \u0026rdquo;:\nThomas de Maiziere geht in die Offensive: Der Kanzleramts-Chef will die Kontrolle von Inhalten im Internet verschärfen und mittelfristig \u0026ldquo;Verkehrsregeln\u0026rdquo; fürs Netz einführen. Andernfalls würden wir dort Scheußlichkeiten erleben, die jede Vorstellungskraft sprengen, sagte de Maiziere.\nDiese Art von Wahlwerbung die dem Prinzip des Geh nicht raus! -Spots folgt, ist hochwirksam: Obwohl die Welt eines der konservativsten Blätter am Markt ist, kann man in den Kommentaren die unmittelbare Überzeugungskraft dieser Art des Wahlkampfes erkennen.\n","date":"2009-08-10T00:00:00Z","href":"https://blog.koehntopp.info/2009/08/10/piratenthemen-ii.html","tags":["internet","piraten","regulierung","lang_de"],"title":"Piratenthemen II"},{"categories":null,"content":"Heise newstickert: Bundesregierung sieht große Mängel bei Jugendschutz-Filtern . Ach!\nBislang habe keines der staatlich getesteten Jugendschutzprogramme, die Filterregeln für beispielsweise von Eltern zu installierender Schutzsoftware vorgeben, eine \u0026ldquo;akzeptable Wirksamkeit\u0026rdquo; entfaltet, schreibt der federführende Beauftragte für Kultur und Medien, Bernd Neumann, in seiner jetzt verfügbaren Antwort (PDF-Datei) auf eine Anfrage der grünen Bundestagsfraktion. Zu viele zulässige Inhalte würden blockiert, und zu viele ungeeignete Angebote würden durchgelassen, schreibt der CDU-Politiker unter Berufung auf Tests im Prüflabor der Kommission für Jugendmedienschutz (KJM) bei der länderübergreifenden Stelle jugendschutz.net. Beide Mängel seien nicht wünschenswert.\nDer Bericht hebt weiter darauf ab, daß die Anzahl der zu bewertenden Sites sehr groß sei und die Inhalte sich zum Teil recht schnell ändern würden. Eine automatische Klassifizierung von Inhalten funktioniere nicht, und daher wolle man eine Selbstklassifizierung der Anbieter erzwingen.\nEine Reflektion über die Situation und eine Ursachenforschung nach diesem Dilemma wird nirgendwo erwähnt. Das wäre aber nützlich:\nDas erklärte Ziel solcher Sperrsoftware sei es, die \u0026ldquo;von aus jugendschützerischer Sicht ungeeigneten\u0026rdquo; Webseiten zu blockieren. Das ist als Missionsstatement natürlich falsch, denn dieses Ziel ist einfach zu erreichen:\nMan sperrt einfach alle Internetseiten komplett.\nDas korrekt formulierte Ziel ist es, die aus jugendschützerischer Sicht ungeeigneten Webseiten zu sperren und alle anderen zu erlauben.\nDas wird auch weiter oben im Text zugegeben, denn dort wird unter anderem beklagt, daß zu viele zulässige Inhalte blockiert würden. So formuliert ist dieses Ziel aber weitaus schwieriger zu erreichen, weil man nun nicht mit einer kleineren Zahl von jugendgefährdenden Webseiten zu tun hat, sondern mit allen Webseiten, die es gibt. Insbesondere muß man nun Aussagen über nicht bewertete Webseiten machen.\nBei Filmen und Videospielen ist das einfach - ein Film oder ein Videospiel ohne Bewertung wird behandelt wie \u0026lsquo;frei ab 18\u0026rsquo;. Damit ist der Fall dort erledigt, denn ein Film oder ein Videospiel zu publizieren ist ein aufwendiger Akt und der Herausgeber des Mediums hat damit ein Interesse daran, sein Werk nicht nur bewerten zu lassen, sondern auch eine möglichst niedrige Bewertung zu erzielen, damit die Reichweite und damit die erzielbaren Gewinne möglichst maximal sind. Es gibt nur sehr wenige Filme und Videospiele, die nicht eine Jugendschutzbewertung haben.\nIm Internet ist das anders: Im Internet kennt man sehr viel mehr Autoren und Werke, und die Kosten für die Erzeugung einer beliebigen Website sind minimal. Wenn Arbeitszeit kostenlos ist, das Werk also als Hobby erstellt wird, sind die Kosten für das Werk sogar Null. Damit fällt die Motivation für eine Reichweitenmaximierung weg:\nIm Internet will ein Herausgeber nicht so viele Personen als möglich erreichen, sondern die richtigen: Gleichgesinnte oder Fans.\nNur bei großen, kommerziellen Sites sind auch Kunden die Zielgruppe. Darum ist die Motivation sein Werk bewerten zu lassen im Internet sehr viel geringer - \u0026lsquo;Mir doch egal, ob Jugendliche oder Kinder auf meine Site zugreifen können\u0026rsquo; ist keine so ungewöhnliche Formulierung.\nSelbst wenn jemand seine Site selbst bewertet oder bewerten läßt besteht das Problem, welche Bewertung man denn vergibt. Denn wenn man eine Site zu hoch bewertet - frei ab 18, obwohl sie frei ab 12 wäre - ist das folgenlos. Bewertet man sie anders herum falsch - frei ab 12, obwohl sie frei ab 18 wäre - ist das ein Problem. Als Hobbyist oder engagierte Privatperson ist man also nur dann auf der sicheren Seite, wenn man die Altersfreigabe für seine Site eher zu hoch ansetzt.\nDie höchste Einstufung - frei ab 18 - bekommt man aber sowieso, wenn man gar nichts tut und seine Site nicht selbst bewertet. Warum also überhaupt etwas tun und ein rechtliches Risiko eingehen?\nDie Folge ist, daß ein Klassifikationssystem für den Jugendschutz bei Webseiten nicht greift.\nVersuche hat es viele gegeben, aber im Allgemeinen sind diese nicht erfolgreich gewesen in dem Sinne, daß sie eine Abdeckung hergestellt hätten. Einige kommerzielle Sites haben sich selbst bewertet oder bewerten lassen, aber die Masse der Sites eben aus den dargelegten Gründen nicht. Damit tritt bei einer Sperrung unbewerteter Sites in einem Filter noch immer die Situation aus dem Anfang ein - alle Sites sind gesperrt und der Jugendschutz ist hergestellt, indem man Kinder und Jugendliche aus dem Internet fernhält. Allenfalls ist ihnen ein Kindernet spezieller freigegebener, kommerzieller Sites zugänglich (\u0026lsquo;Walled garden\u0026rsquo;). Das ist kaum geeignet, die von Erziehern gewünschte Medienkompetenz zu erzeugen.\nAlso die Experimente mit automatisierten Bewertungen nach formalen, syntaktischen Kritieren wie Wortfilter oder Rosa-Pixel-Zähler. Dazu heißt es in dem Artikel:\nWege der Fülle unzulässiger Inhalte im Internet kämen dabei neben redaktionellen auch automatische Klassifizierungsverfahren zum Einsatz. Diese sollten die Jugendschutzproblematik von Webseiten \u0026ldquo;an Hand bestimmter Muster erkennen\u0026rdquo;. Falsche Einordnungen seien beim derzeitigen Stand der Technik aber nicht zu vermeiden.\nDas ist wenig überraschend. Die Klassifizierung einer Site nach Jugendgefährdung ist am Ende eben keine syntaktische, sondern eine semantische und moralische - es kommt nicht auf die verwendeten Worte an, sondern was mit ihnen gesagt wird und wie das zu bewerten ist. Würden solche automatisierten Filter tatsächlich zuverlässig funktionieren, hätten wir eine Maschine gebaut, die in der Lage ist, Texte zu verstehen und auf der Grundlage ihres Wissens von der Welt moralische Urteile über diese Texte fällen kann.\nWir hätten nicht nur das Problem der Maschinenintelligenz, sondern auch das Problem der Maschinenmoral gelöst und könnten als schöpferische Rasse beruhigt abtreten, weil wir den Funken des Geistes an eine uns nachfolgende Form der Existenz abgegeben haben.\nDie Debatte über den Jugendschutz im Internet wird jedenfalls keinen Millimeter von der Stelle kommen, solange die kommerziellen Verhältnisse im Netz und wie die sich von denen in anderen Medien unterscheiden nicht einbezogen werden. Sie wird auch nicht von der Stelle kommen, solange nicht zugegeben und akzeptiert wird, daß Automatisierung in dieser Frage ein sinnloses Unterfangen ist.\n","date":"2009-08-06T00:00:00Z","href":"https://blog.koehntopp.info/2009/08/06/jugendschutzfilter-saugen-und-daf-r-gibt-es-einen-grund.html","tags":["internet","jugendschutz","politik","web","lang_de"],"title":"Jugendschutzfilter saugen und dafür gibt es einen Grund"},{"categories":null,"content":"Migros schaltet seine Server aus .\nDie Lizenzserver sollen angeblich noch bis 2011 weiter laufen, sind aber jetzt schon angeblich nicht mehr immer erreichbar. Und die vorausbezahlten Beträge, die Migros seinen Kudnen noch schuldet, werden nur auf Antrag zurückgezahlt (das wäre nach deutschem Recht übrigens so nicht möglich).\nNetzwertig kommentiert:\nMan kann es nicht oft genug sagen: DRM-Angebote sollte man als Kunde immer meiden, sofern es geht. Man erwirbt damit keine Produkte, sondern nur das vom Anbieter aus verschiedensten Gründen widerrufbare Nutzungsrecht. Die Abhängigkeit gegenüber dem Anbieter durch DRM ist für jeden Kunden eine tickende Zeitbombe.\nDem gibt es nichts hinzu zu fügen.\n","date":"2009-07-28T00:00:00Z","href":"https://blog.koehntopp.info/2009/07/28/migros-schaltet-i-m-ch-ab.html","tags":["media","musik","lang_de"],"title":"Migros schaltet i-m.ch ab"},{"categories":null,"content":"Die Geschichte von Unix ist eine Geschichte der gescheiterten oder unbrauchbaren Standards - ihre Zahl ist Legion.\nEgal in welche Richtung man schaut: Sun zum Beispiel hatte einmal einen auf Postscript basierenden Desktop - NeWS , der in gewissser Weise X11 um Jahrzehnte voraus war, sich aber nie hat durchsetzen können, unter anderem deswegen, weil das Ding von Sun als Waffe gegen andere Unix-Anbieter verwendet worden war und quasi tot-lizensiert wurde, gefolgt vonOpen Look und dann dem Motif-basierenden CDE . Speziell letzteres war endlich ein herstellerübergreifendes Projekt, das von allen kommerziellen Unix-Anbietern unterstützt wurde (siehe auch den Solaris-Artikel ). Da Motif als Toolkit aber bis zur Obsoleszens keine freie Software war und CDE auch keine nennenswerte Weiterentwicklung erfuhr, wurde es inzwischen großflächig durch KDE oder Gnome ersetzt - beides nativ freie Software.\nAuch auf Ebenen weiter unten war Standardisierung schwierig und ist vielfach gescheitert - so hat POSIX bis heute keine Norm für Access Control Lists von Dateisystemen und entsprechend ist etwa die Kommandozeilensyntax (und Ausdrucksstärke) von Access Control Lists auf einem Mac, einem Linux und einem Solaris unterschiedlich. Schaut man sich die Datumsangaben in dem verlinkten Wikipedia-Artikel an, kann man erkennen, daß Posix ein klassischer Nachfolgestandard ist - also kein Standard, der irgendetwas definiert oder voran bringt, sondern einer, der nur eine bereits vollzogene Entwicklung dokumentiert und festschreibt. Auch hier sind Herstellerkriege um Definitionsmacht die Ursache dafür.\nAuf der anderen Seite findet man eine Reihe von Innovationen in Unix, die sich universell durchgesetzt haben, aber erst nachdem ein Hersteller sie in klarer Verletzung aller formellen und informellen Standards eingeführt hat. Um bei Sun zu bleiben: Die heutige Architektur von Shared Libraries (.so\u0026rsquo;s) wie wir sie kennen ist einem Alleingang von Sun geschuldet, der so erfolgreich war, daß wir ihn heute in allen Unices finden, die überlebt haben. Genau so ist das heutige Layout von Dateisystemen, also die Einführung von /var, /home, /opt und die Aufgabe der Trennung von / und /usr ein Alleingang von Sun, der so erfolgreich war, daß er über den Umweg von SVR4 in alle nennenswerten modernen Unices Einzug gehalten hat.\nSun hat das damals machen können, weil sie Workstations in großer Zahl abgesetzen konnten und so die entsprechende Definitionsmacht hatten. Außerdem sind die oben genannten Innovationen Beispiele für Innovationen, die nicht totlizensiert waren und so ohne Risiko experimentell von anderen Herstellern übernommen werden konnten.\nDie Rolle von Sun im heutigen Unix-Markt ist eine viel kleinere - Sun hat nicht nur nach Stückzahlen, sondern vor allen Dingen nach Developer- Mindshare eine sehr viel kleinere Rolle. Sun hat immer noch Ideen, einige von denen sind sogar kopierenswert. In die nach Stückzahlen und vor allen Dingen nach Developer-Mindshare sehr viel größere Linux-Welt werden sie jedoch nicht.\nDie Gründe sind immer noch dieselben wie oben:\nZFS und Dtrace sind zwei Ideen, die sehr kopierenswert sind, die aber aus der Sicht der Linux-Welt totlizensiert sind. Sie sind totlizensiert in dem Sinne, daß die Lizenz dieser Stücke Software frei im Sinne von DFSG sein mag, aber die Lizenz ist mit der GPL inkompatibel. Das mag Absicht oder ein unglücklicher Zufall sein, Fakt ist, daß diese Ideen so nicht direkt als Code in Linux übernommen werden können. Also entwickeln sich in Linux alternative Projekte und es ist absehbar, daß diese in den nächsten 5 Jahren die entsprechenden Sun-Konzepte verdrängen werden - falls Oracle den Kram (Update wegen ixs Artikel : gemeint ist ZFS, das ja nun wie ganz Sun auch Oracle gehört) nicht Linux-kompatibel relizensiert. Letzteres wäre immerhin denkbar, denn die BTRFS-Entwicklung wurde zu einem guten Teil von Oracle finanziert und BTRFS ist das Linux-Gegenstück zu ZFS.\nEin anderes Beispiel für eine Sun-Idee, die kopierbar wäre, aber nicht kopiert wird, ist SMF - hier ist die Sun-Lösung zu häßlich oder verkopft und es gibt zu viele konkurrierende Ideen, um init zu ersetzen. Wahrscheinlicher ist es, daß sich Konzepte wie Upstart auf breiter Front durchsetzen.\nUnter dem Strich bleiben einige Erkenntnisse:\nStandards sind öfter als nicht Festschreibungen bereits erfolgter Standardisierungsprozesse. Sie sind meist mehr Dokumentation als Innovation. Innovation wird im Unix-Bereich oft als Abweichung von einem vermeintlich oder tatsächlich bestehenden Standard wahrgenommen und daher oft schon aus Prinzip und ungeachtet ihres Nutzens mit Kritik überzogen. In 2009 haben die verschiedenen Linux-Distributionen endlich eine solche Marktmacht, daß sie de-facto Standards setzen können, die mit großer Wahrscheinlichkeit bald in Standarddokumenten dokumentiert werden. Die Tatsache, daß Sun die GNU Tools im Pfad vor den eigenen Tools positioniert ist Testament dieser Entwicklung. Die Tatsache, daß es einen Unterschied macht ob man Sun Tools oder GNU Tools vorne im Pfad hat (oder BSD- statt SysV-Tools vorne im Pfad plaziert), ist Dokumentation der Tatsache, daß die existierenden Standardisierungen im Unix-Bereich noch lange nicht weit genug gehen, um eine Plattform zu erzeugen, die für die Anwendungsentwicklung groß genug wäre. Kommandozeilenwerkzeuge sind aber nur ein Aspekt der Sache - das Spiel setzt sich in rpm, deb, pkg und anderen Paketformaten, tar-Versionen, Desktop-Umgebungen und so weiter fort. Andererseits dokumentiert der bisherige Erfolg von Linux, daß das gar nicht so schlimm ist - von allen Unix-Versionen außer Linux sind überhaupt nur noch Solaris und AIX übrig geblieben und beide werden immer Linux-ähnlicher. Das ist eine gute Sache, und wenn man das erst einmal akzeptiert hat, kann man sich an den Tisch setzen und konstruktiv dokumentatorische Standards verabschieden. (geschrieben nach der Lektüre von Jörgs Rant )\n","date":"2009-07-26T00:00:00Z","href":"https://blog.koehntopp.info/2009/07/26/unix-standards.html","tags":["computer","linux","unix","lang_de"],"title":"Unix-\"Standards\""},{"categories":null,"content":"Neulich fragte ich noch Wieviel Strom verbraucht ein Stromzähler? :\nVon den Sicherheits- und Datenschutzaspekten mal abgesehen…\nVon diesen Aspekten kann man nun nicht mehr absehen, denn EnBWs Yellowstrom implementiert den maximalen FAIL. Im Spiegel wird unter dem Titel EnBW lässt Stromzähler zwitschern ernsthaft erwogen, Twitter als Nachrichtentransport vom Zähler zum Endverbraucher und als Kommandotransport vom Endverbraucher zum Endgerät zu implementieren. Mit dem Zähler als Haushalts-Server und X10 Kommandozentrale\u0026hellip;\nDas ist auf so viele verschiedene Weisen kaputt, daß ich nur leise stöhnen kann: Twitter ist öffentliche Kommunikation und übermittelt meinen Stromverbrauch an die ganze Welt, unzureichend authentisiert, der Stromverbrauch eines solchen Gerätes ist mit Sicherheit höher als der eines Altzählers und ich will ganz bestimmt keine kritische Infrastruktur in meinem Haushalt am Internet angeschlossen wissen. Noch mehr will ich verhindern, daß kritische Infrastuktur eines Stromversorgers mit Gateways ins Internet ausgestattet ist.\nDie Schmerzen. Diese unerträglichen Schmerzen! Ich gehe, glaube ich mal ein Aspirin runterladen. Oder das rauchen, was die Leute bei EnBW da rauchen.\n","date":"2009-07-06T00:00:00Z","href":"https://blog.koehntopp.info/2009/07/06/stromzaehler-revisited.html","tags":["computer","energy","lang_de"],"title":"Stromzähler revisited"},{"categories":null,"content":" Ich bin Mitglied in der Piratenpartei, aber dieser Text hier ist meine Sicht auf das Thema und nicht eine abgestimmte Position der Piratenpartei. \u0026ndash; Kris\nEs geht um Urheberrecht und um den Graben des Nichtverstehens zwischen Online und Offline.\nDie Position der Piratenpartei zum Urheberrecht wird in Fernseh- und Zeitungsberichten oft falsch oder gar verzerrt dargestellt. Daran ist die Piratenpartei sicher nicht ganz unschuldig, weil die Positionen der Partei in ihren eigenen Texten ideologisch nicht ganz klar formuliert sind.\nAber der Hauptgrund ist tatsächlich, daß in den Medien das Vokabular und die Ideen komplett fehlen, die notwendig sind, um eine der wichtigsten Bewegungen der letzten 40 Jahre korrekt zu erfassen - denn was im Bereich der Software-Entwicklung unter de Namen \u0026lsquo;Freie Software\u0026rsquo; subsumiert wird, existiert auch außerhalb dieses Bereiches, aber nicht unter einem einheitlichen Namen. Wir kennen es unter Begriffen wie freie Musik, Creative Commons, Social Media, Blogosphäre und vielen anderen Begriffen mehr. Es steht für eine neue, andere Art von Kulturschaffen, eine, die von der Politik und den traditionellen Kreativen nicht oder nicht vollständig erfaßt wird.\nWas genau ist anders?\nNehmen wir einmal eine Site wie Flickr als Beispiel. Leute laden dort Fotos herauf. Viele lizensieren ihre Fotos unter einer der von Flickr angebotenen Creative Commons Lizenzen. Sehr viele User erlauben es, anderen Benutzern von flickr die Fotos zu kommentieren, Kommentare direkt im Bild einzutragen oder die Fotos zu taggen. Flickr stellt Fotos, Kommentare und Tags per Suche, als RSS-Strom und als Download zur Verfügung. Andere verweden Fotos in Flickr als Datenquellen für Mashups oder Flickr-basierende Anwendungen. Fotos werden in Sets, Alben und Pools kategorisiert und kanalisiert.\nDer Wert von Flickr als Site ergibt sich nur zu einem kleinen Teil aus dem Hochladen der Fotos - es wäre mir ein leichtes, meine Fotos stattdessen auf meiner eigenen Site in meiner eigenen Gallery zu archivieren und zu publizieren. Das wäre auch kostengünstiger, als sich bei Flickr einzutragen und dann einen Pro-Account zu bezahlen, damit die lästigen Einschränkungen wegfallen, die ein kostenloser Flickr-Account mit sich bringt.\nAber wer sich einen Pro-Account holt, der tut dies in der Regel nicht, um ein Foto-Archiv oder eine Galerie zu haben. Er tut dies stattdessen auch und in vielen Fällen genau deswegen, weil sich aus der Zusammenarbeit mit anderen und der Vernetzung von Inhalten ein Mehrwert ergibt.\nDer Mehrwert ergibt sich aus der Zusammenarbeit und der Vernetzung.\nDas haben wir doch schon mal gehört?\nMetcalfes Law über Kommunikationsnetze sagt da etwas drüber, und die Formulierung \u0026lsquo;Ein Telefon nützt niemandem etwas\u0026rsquo; bringt es auf den Punkt. Weswegen die klassischen Kinder-CB-Walkietalkies ja auch immer als Set von Zweien verkauft werden. Das Gesetz gilt so ähnlich aber auch für den Output von kooperativen sozialen Netzen.\nAber worauf ich hier eigentlich hinauswill ist die Zusammenarbeit. Sie ist von einer besonderen Art - sehr menschlich nämlich. Sie ist vorbedingungslos, freiwillig und sie wird gegeben frei von Verpflichtungen, die für mich entstehen - für manche Menschen ist das zusammen die Definition von (Nächsten-)Liebe. Fremde Menschen, die ich womöglich nie persönlich getroffen habe, beziehen sich auf meine Bilder, kommentieren meine Texte, referenzieren meine Werke, zitieren mich, oder bauen ihre Werke und Ideen auf Teilen von meinen Ideen und Werken auf.\nDas funktioniert, weil mehrere Dinge zusammentreffen.\nEinmal: In dem New Yorker-Artikel über die Logik des Kostenlosen wird gezeigt, daß sich die Dinge verändern, wenn der Preis einer Sache als Null wahrgenommen wird.\nEs wird auch gezeigt, daß der Preis einer solchen Sache womöglich nicht wirklich Null ist - er wird nur so wahrgenommen, weil wir feste Infrastrukturkosten mental nicht auf eine einzelne Transaktion umrechnen, sondern als bloße Kosten unserer Existenz pauschal abschreiben - zwar sieht die Steuer bei den Autofahrern unter uns x Cent pro Kilometer als entstehende Kosten unter Berücksichtigung aller Umlagekosten an, aber mental haben diese Autofahrer \u0026lsquo;sowieso ein Auto\u0026rsquo; und rechnen pro Fahrt bestenfalls die Spritkosten für den Kilometer an, wenn überhaupt. Man hat das Auto halt \u0026lsquo;sowieso\u0026rsquo;, da kann man es auch nutzen.\nGenauso rechnet niemand die Kosten für Computer, Strom und Netz anteilig an den Transaktionskosten der Flickr-, Blog- oder sonstwie-Teilnahme ab. Man \u0026lsquo;ist halt sowieso online\u0026rsquo;, man hat \u0026lsquo;den Bug da sowieso weg machen müssen\u0026rsquo; oder \u0026lsquo;sowieso grad einen Text fertig geschrieben\u0026rsquo;. Dann kann man den auch noch mal schnell ins Netz stellen, aufarbeiten, oder sonstwie verfügbar machen. Solange die Kosten für diese individuelle Transaktion so klein sind, daß sie als nicht existent wahrgenommen werden greift die Logik des Kostenlosen - ich will das einmal als subjektive Kostenlosigkeit oder marginale Transaktionskosten bezeichnen.\nZum anderen: Die Vorbedingungslosigkeit des Teilens der Ergebnisse meiner Arbeit heißt nicht, daß das Teilen tatsächlich bedingungslos ist. Lizenzen wie Creative Commons (insbesondere in der BY-SA-Variante) oder Konstrukte wie die GNU General Public License wären sonst unnötig. Tatsächlich gibt es eine Nachbedingung, und diese ist Fairness. So wie ich die Ergebnisse meiner Arbeit zur Verfügung stelle, so sollst Du mit den Ergebnissen Deiner Arbeit umgehen, wenn Du auf meiner Arbeit aufbaust oder sie integrierst. Diese Nachbedingung vermeidet die Tragedy of the commons .\nDiese beiden Eckpunkte - subjektive Kostenlosigkeit und Fairness - erzeugen etwas, das in der Welt außerhalb des Netzes weithin unbekannt ist und sehr selten gesehen wird: Sie erzeugen Überfluß und aus dem Überfluß Kooperation, und dadurch noch mehr Überfluß: Wenn ich (erstens) von was auch immer genug für mich habe und ich (zweitens) durch das Teilen keinen Aufwand habe und ich (drittens) bemerke, daß ein anderer mein Teilen nicht zur persönlichen Bereicherung verwendet, dann greift ein Teil der menschlichen Natur, dem das Teilen eine Freude ist und es entsteht eine kooperative Kultur.\nDie Kultur des Netzes ist eine solche kooperative Kultur. Das, was von den Rechteverwertern (und meist gar nicht von den Kreativen) als Piraterie und \u0026lsquo;Diebstahl\u0026rsquo; ideologisiert wird, das ist in den Begriffen des Netzes in Wirklichkeit etwas anderes: Es ist Kooperation.\nEs ist dieselbe Kooperation, die mich meine Texte kostenlos ins Netz stellen läßt, die Menschen bewegt, alle Charthits der letzten 50 Jahre zu sammeln, zu digitalisieren, korrekt zu taggen und dann über Monate hinweg als Torrent zu seeden. Wir beide bringen eine Dienstleistung für alle anderen Teilnehmer im Netz, wir stellen eine Ressource bereit, die kopiert werden kann, die bezogen und referenziert werden kann, die als Baustein verwendet werden kann, um mehr und Neues zu schaffen. Wir tun das, weil wir das können - das Zeug ist halt sowieso da, da kann ich es auch grad noch publizieren und anderen zur Verfügung stellen. Teilen kostet mich nichts, Distribution und Kopieren sind subjektiv kostenlos.\nEs ist die Urerfahrung der Kooperation, einen tatsächlichen nützlichen Dienst zu bringen und das Netz zu bereichnern, die dann von den Rechteverwertern als \u0026lsquo;vollkommenes fehlen jeglichen Schuldgefühls\u0026rsquo; verteufelt wird.\nNatürlich ist da kein Schuldgefühl, in einer kooperativen Kultur ist so etwas ja auch ein Dienst, etwas Gutes, der Erhalt und die liebevolle Pflege eines Stücks Kultur. Es schafft Kultur.\nDiese Sichtweise und dieses Denken ist Rechteverwertern vollkommen fremd. Ihre Aufgabe, die Grundlage ihrer Existenz, ist es ja genau Knappheit zu schaffen, Bedarf zu fördern und Verfügbarkeit so gering zu halten, daß aus dieser Differenz Gewinne abgeschöpft werden können.\nDas - dieser fundamentale Unterschied im Denken - ist der Riß, der durch unsere Gesellschaft geht, wenn wir über die Urheberrechtsfrage diskutieren.\nWir haben zwei Universen, das des kooperativen und das des kompetitiven Schaffens von Werken. Das eine verlinkt, bezieht, referenziert und bennent - CC-BY-SA. Das andere denkt über eine Vergebührung von Zitaten - Leistungsschutzrechte - und eine Vergebührung von Bezügen und Verlinkungen - Posnerismus - nach.\nDas, was die Piratenpartei in ihrem Programm stehen hat, ist nicht \u0026lsquo;die totale Legalisierung der Raubkopie\u0026rsquo;, wie heute auf 3sat zu hören. Ja, Bauerfeind, ich schau Dich an! Das, was die Piratenpartei da - ungeschickt - versucht, der Offline-Gesellschaft zu erklären ist meinem Empfinden nach in etwa das:\nDas Netz ist eine kooperative Kultur. So etwas kennt ihr nicht, aber so etwas gibt es und es hat im Netz die letzten 40 Jahre gut funktioniert. Der Begriff in Eurem kompetitiven Universum der Knappheit, der unserem Erleben noch am nächsten kommt, ist die Privatkopie, aber eigentlich meinen wir CC-BY-SA, die GPL, und ja, Open Access auch irgendwie, aber das ist noch mal \u0026rsquo;nen Extraartikel wert. Was wir wollen ist eine Re-Legalisierung von dem, was ihr Privatkopie nennt. Aber eigentlich wollen wir, daß die Offline-Gesellschaft den kooperativen/kompetitiven Dualismus im Kulturschaffen des 21. Jahrhunders anerkennt. Wir fordern, daß das kooperative Universum mit seinen characteristischen Eigenschaften der subjektiven Kostenlosigkeit und der Fairness geschützt wird, damit die digitale Allmende weiter gedeihen kann. Wir wollen ein Urheberrecht, daß diese Ideen anerkennt und ihnen Raum bietet.\nDas bringt die Piratenpartei so derzeit nicht klar rüber. Weil ihr die Worte fehlen - die Gesellschaft außerhalb des Netzes kennt die Konzepte nicht und hat keine Worte dafür, und den Piraten ist es wie den meisten Netzbewohnern so selbstverständlich, daß sie keine Worte dafür brauchen.\n","date":"2009-07-01T00:00:00Z","href":"https://blog.koehntopp.info/2009/07/01/dir-fehlen-die-worte-oder-die-position-der-piratenpartei-zum-urheberrecht-in-einer-flatrategesellschaft.html","tags":["copyright","media","piraten","lang_de"],"title":"\"Dir fehlen die Worte\" oder \"Die Position der Piratenpartei zum Urheberrecht in einer Flatrategesellschaft\""},{"categories":null,"content":"Durch die Gründung und Medienpräsenz der Piratenpartei, den Heidelberger Appell und die verschiedenen Schreie von Verlagen nach staatlicher Subventionierung und Schutz ihres Geschäftsmodelles als UNESCO Weltkulturerbe ist das Thema Copyright in den vergangenen Wochen aktueller denn je.\nAnfang dieses Monats gab es dazu zwei brilliante Artikel bei Netzwertig, einem Blog, das ich sowieso zum Abo empfehlen kann. In Warum Bezahlinhalte im Netz nicht funktionieren baut Marcel Weiss einmal auseinander, warum Verlage und Agenturen ihre Meldungen gratis ins Netz stellen - stellen müssen! -, obwohl sie wissen, daß das langfristig kein solides Geschäftsmodell ist. Die tragende Säule seiner Argumentation ist der Paywall, der den Content der Zeitung gegen Benutzer und Suchmaschinen abschirmt: Dadurch wird die Site in Suchmaschinen schlecht gefunden, die Inhalte können sich nicht durch Mundpropaganda - das böse Sharing! - weiter verbreiten und sie können in der globalen Diskussion nicht referenziert werden, weil sie keine öffentliche URL haben. Dadurch fehlt der Site hinter dem Paywall jedes Wachstumspotential, und wenn nicht besondere Bedingungen vorliegen verkümmert die Site.\nEin zentrales Argument: Je interessanter, je wichtiger, je welterschütternder eine Nachricht ist, desto mehr drängt diese auf maximale Verbreitung. Exklusivität und Bedeutung stehen hier in direkter Konkurrenz in der Aufmerksamkeitsmaschine des Nachrichtengeschäfts.\nNetzwertig setzt mit einem zweiten Artikel zum Thema nach: Andreas Göldi erklärt in Was werden die Newsmedien der Zukunft kosten? das ökonomische Modell, das hinter der aktuellen, durchaus instabilen Situation im Zeitungs- und Onlinezeitungsmarkt steht. Er macht auch klar, daß dieses Modell langfristig nicht tragfähig ist und daher absehbar zusammenbrechen muß: Das von Internet-Radikalisten oft gehörte Argument, dass Verlage niemals Geld für ihre Internet-Ausgaben verlangen sollten, ist also letzlich recht naiv: Die Rechnung geht nur auf, so lange es ein gesundes traditionelles (Print-)Geschäft gibt. Und ganz offensichtlich bröckelt das immer mehr. Abschließend resümiert er, daß die Welt nach dem Abschluß des durch das Internet bewirkten Strukturwandels wahrscheinlich stark bipolar sein wird: Auf der einen Seite gigantische Großanbieter, die Nachrichten und Artikel direkt an Endverbraucher verkaufen, auf der anderen Seite eine große Menge von Dilettanten, die ihr Zeugs wahrscheinlich meistenteils kostenfrei raushauen werden. Dazwischen wird es sehr eng werden.\nEiner dieser Dilettanten bin sicherlich ich selbst: Ich schrieb schon vor langer Zeit eine Erklärung zum Thema Warum alle meine Texte frei im Netz zu lesen sind . Es ist ziemlich klar, daß es für mich als Dilettanten von größerem Wert ist, meine Texte im Netz frei verfügbar zu machen als sie gewinnmaximiert zu verkaufen.\nDie Idee dahinter war immer, daß Spieler im kooperativen Universum mein Zeugs möglichst umstandsfrei Nutzen können und sich dadurch mein Karma vergrößert, während ich Spielern im kompetitiven Universum einen angemessenen Preis mache, jedoch nie exklusive oder sich selbst erweiternde Rechte vergebe. Als Dilettant, also jemand, der nicht von seinem Schreiben leben muß, kann ich mir das erlauben. Es ist ja nur ein optionales, wenn auch mitunter ansehnliches Zubrot.\nDie bipolare Welt dort oben wird sicher auch eine solche Trennlinie zwischen kompetitivem und kooperativem Universum enthalten, wobei unklar ist, wie stark sie erkennbar ist bzw. wie undurchlässig sie ist. Das hängt sicher auch davon ab, wie stark die kompetitive Welt ihre zahlenden Kunden zu kriminalisieren versucht bzw. wie aggressiv sie versucht, die kooperative Welt - zugleich zahlende Kunden - auszubeuten.\nDie Logik von \u0026lsquo;kostenlos\u0026rsquo; erkläre dabei der Artikel Priced To Sell von Malcolm Gladwell im New Yorker. Er geht von einem einfachen Experiment aus: Anderson’s second point is that when prices hit zero extraordinary things happen. Anderson describes an experiment conducted by the M.I.T. behavioral economist Dan Ariely, the author of “Predictably Irrational.”\nAriely offered a group of subjects a choice between two kinds of chocolate—Hershey’s Kisses, for one cent, and Lindt truffles, for fifteen cents. Three-quarters of the subjects chose the truffles.\nThen he redid the experiment, reducing the price of both chocolates by one cent. The Kisses were now free. What happened? The order of preference was reversed. Sixty-nine per cent of the subjects chose the Kisses. The price difference between the two chocolates was exactly the same, but that magic word “free” has the power to create a consumer stampede. Es ist diese Logik des kostenlosen, die die kompetitiven Anbieter im Netz fürchten, solange es noch kooperativ arbeitende Leute auf der Welt und im Netz gibt - und sie ist auch der Grund, warum sich die \u0026lsquo;Diskussion\u0026rsquo; um das Urheberrecht mehr wie ein Krieg anfühlt.\nDie Professionellen meinen - vielleicht zu Recht - daß sie den Dilettanten den Krieg erklären müssen, damit sie überhaupt in der Lage sind, ein differenzierbares und bepreisbares Produkt anzubieten. In dem Moment, in dem die Dilettanten Geld für ihren Output nehmen - und sei es nur ein einziger Cent - stirbt die Logik von Kostenlos und alle Parteien arbeiten in der Sphäre der kompetitiven Welt, die Professionellen haben dann Traktion.\nDa man das kostenlose Bereitstellen von Dingen kaum direkt bestrafen kann, muß man also versuchen das Problem anders anzugehen. Zum Beispiel, indem man die Transaktionskosten für die Dilettanten erhöht - durch Erzeugung von Bürokratie kann man vielleicht das kostenlose Anbieten von Zeugs im Web so unattraktiv machen, daß es kein Massenspaß mehr ist. Wir werden davon in Zukunft sicher mehr sehen.\nZur Forderung von Herrn Burda zum Weltkulturerbe erklärt zu werden hat Ulrike Langer in Dann boykottiert doch Google! eine scharfe und sehr deutliche Replik geschrieben. Der Perlentaucher erklärt und entlarvt Herrn Burda dabei in Anja Seeligers Artikel Die vierte Gewalt ist jetzt im Netz. Sie erklärt dabei auch erst einmal die Begriffe - was für ein Unding meint Herr Burda, wenn er von einem Leistungsschutzrecht redet? Ein Leistungsschutzrecht für Verlage bedeutet, dass Verlage künftig auch ohne Einverständnis ihrer Autoren - ja sogar gegen den Willen ihrer Autoren - Zitate aus Artikeln in ihren Zeitungen schützen und damit kostenpflichtig machen können. Die Financial Times Deutschland hat das kürzlich in einem zustimmenden Artikel genauer beschrieben: Gegründet werden soll eine \u0026ldquo;Verwertungsgesellschaft der Verlage. Eine Gema für Onlinetexte, die im Netz nach illegaler Nutzung fahndet - und fällige Gebühren eintreibt\u0026rdquo;. Nicht für die Verbreitung ganzer Texte, das ist heute schon illegal, sondern für Zitate! Und da haben wir auch schon die oben erwähnte Erhöhung von Transaktionskosten: Selbst wenn das einen Verlag wie den von Herrn Burda nicht ernährt, so killt es immerhin die Logik von Kostenlos und es zersplittert das Netz.\nDiesen Gedanken führt Ulrike Langer in Das Netz besteht aus Verbindungen, nicht aus abgeschotteten Inseln näher aus. Sie macht zugleich deutlich wie krankhaft Print die Site einer typischen Zeitung heutzutage ist - eine solche Zeitung ist die Welt eines Internet-Ausdruckers, eine Print-Zeitung, 1:1 ins Web geholt: Agenturberichte, Kinokritiken oder Kochrezepte gehören nach Verlagsauffassung zu einem vollwertigen Portal dazu. Schließlich sind solche Bausteine, auch wenn sie jeder hat, ja auch Bestandteile der gedruckten Zeitung. Doch das ist Printdenken im Web. Anders als am Frühstückstisch, wo die meisten Menschen nur ein einziges Blatt lesen, sind im Netz die identischen Allerweltsinformationen immer nur einen Mausklick entfernt. So führt das Portaldenken dazu, dass einzigartige Inhalte gegenüber Versatzstücken, die jeder hat, nicht genügend im Vordergrund stehen. Das kleinteilige Design der meisten Zeitungswebsites verstärkt die falsche Prioritätensetzung noch obendrein. Verlage ziehen ihre Zeitung in das Netz hinein, komplett, anstatt für das Web zu produzieren. Die Kieler Nachrichten brauchen im Netz keine DPA-Meldungen - die bekommt man bei DPA oder bei Google. Sie brauchen keine Kino-Reviews, die bekommt man bei der IMDB und bei vielen anderen Sites in der Sprache seiner Wahl und mit vielen tausend Stimmen statt einer. Sie brauchen keine Kochrezepte, keine Reisetipps, keine Rechtsberatung. Die Kieler Nachrichten brauchen im Web Kieler Content. Denn den bekommt man in dieser Form nirgendwo anders.\nOder was im Web zählt ist originaler, einzigartiger Content und die Vernetzung desselben im Kontext des globalen Netzes. Und keine Print-Insel, die ins Web portiert wurde. Der Punkt, auf den Ulrike Langer dabei abhebt ist bei ihr noch einmal explizit gemacht: Es geht um die Ethik des Verlinkens - siehe das von ihr eingebundene Vier-Minuten-Video.\nDas wiederum ist aber das genaue Gegenteil eines Leistungsschutzrechts, wie Herr Burda es als Internetausdrucker fordert.\nWo also stehen die politichen Parteien? Bei Wissenschaftsurheberrecht hat Eric Steinhauer unter dem Titel Urheberrecht und Bundestagswahl eine Übersicht erstellt. Bei Golem findet sich auch noch ein Artikel zum nächsten Korb der Urheberrechtsnovelle: Streit über Privatkopien und Open Access formuliert es so: Vor lauter Körben kann man das Urheberrecht kaum noch erkennen. 2003 gab es den sogenannten ersten Korb der Urheberrechtsnovelle, 2008 trat der zweite Korb in Kraft. Mit den beiden Körben wurden im Urheberrecht internationale und europäische Vorschriften umgesetzt. Es wurden neue Schutzrechte zugunsten von Verwertern eingeführt und bestehende verschärft. Wo es um Verbraucherrechte ging, verwies der Gesetzgeber immer wieder auf den nächsten Korb, der die offenen Fragen regeln würde.\nNach zwei Körben sind immer noch viele Fragen offen. Das Bundesjustizministerium arbeitet am dritten Korb und startete dazu im Februar eine Konsultation. Unter anderem wollte das Ministerium wissen, ob die Privatkopiebestimmungen weiter zulasten der Verbraucher eingeschränkt werden sollten; ob intelligente Aufnahmesoftware verboten werden sollte; ob Open Access durch ein \u0026ldquo;Zweitverwertungsrecht für Urheber von wissenschaftlichen Beiträgen geschaffen werden sollte, die überwiegend im Rahmen einer mit öffentlichen Mitteln finanzierten Lehr- und Forschungstätigkeit entstanden sind; und ob der Handel mit gebrauchter Software auf eine klare gesetzliche Grundlage gestellt werden sollte.\nEine Idee, mit der man die etwas verfahrene Situation abmildern will und die den Strukturwandel dämpfen möchte ist dabei die Kulturflatrate. Marcel Weiss bei Netzwertig wieder: Kulturflatrate - Pro und Contra. Eine Kulturflatrate wäre als Super-GEMA sicher ein bürokratisches Monster und extrem ungerecht. Und die Gema ist schon nicht sehr populär - die Petition für eine Gema-Reform hat anders als die Zensursula-Petition viel weniger exponiert für Unterschriften geworben. Dennoch ist sie schon bei ca. 85.000 Mitzeichnern und es sind noch über zwei Wochen bis zum Ende der Mitzeichungsfrist.\nEs ist klar, daß das aktuelle Urheberrecht etwas fördert, das bei Harvard Business von Umair Haque als Zombie Economy bezeichnet wird. Zentrales Zitat: That\u0026rsquo;s the big problem behind the zombieconomy. We don\u0026rsquo;t reward people for creating, growing, nurturing, or even remixing assets. We just reward them for allocating the same old assets. In dieselbe Kerbe schlägt der Artikel Die Ideen der anderen von Jens Mühling im Tagesspiegel: Mühling nennt als Beispiel das Grey Album von DJ Danger Mouse, das das White Album der Beatles mit dem Black Album von Jay-Z vermashupte, und der daraufhin von EMI bekriegt wurde.\nHätten wir ein Urheberrecht, das Urheber belohnte, wäre das Grey Album legal, denn es schafft etwas neues und produziert. Aber in unserer Zombie Economy haben wir ein Urheberrecht, das Distributoren und Rechteverwalter belohnt und das Statizität fördert. Hätten wir ein Urheberrecht, daß die Existenz der kooperativen Sphäre wahrnähme und ihr Raum einräumte, dann wäre ein Grey Album als kostenfreier Download gar kein Thema, sondern schlicht legal und guter Ton.\nOder, wie Gwenn ) es in einem Kommentar zu \u0026lsquo;Falscher Planet, falsches Jahrtausend notiert: Wenn das \u0026ldquo;Wesen\u0026rdquo; des Internets die Kopie ist, dann ist ein \u0026ldquo;Copyright\u0026rdquo;, also das Recht auf die Kopie und die damit verbundene Einschränkung, immer zugleich ein Angriff auf das Wesen, und damit auf die gesamte Kultur.\nMan muss dann zwischen Kopie als Kulturbestandteil und Nutzung zur wirtschaftlichen Ausbeute (wirtschaftliche Nutzung) unterscheiden. Das heißt im Folgeschluss, dass der Besitz der Kopie sowie der Vorgang des Kopierens nicht Ausgangspunkt der Regulierung sein kann.\nGenauso muss ein Wandel stattfinden weg vom \u0026ldquo;Statuserhalt\u0026rdquo;, also nach hinten gerichtete Ausbeute der nie sterbenden Information (Gewinnabschöpfung aus dem Besitz), hin zur Honorierung der Schaffenshöhe und dem Fortschritt, also dem dynamischen Erarbeiten der Zukunft (Gewinnerzeugung aus dem Schöpfungsprozess). Letztere muss honoriert werden. Dafür muss die Politik die Weichen stellen, nicht umgekehrt.\nDas Erzeugen strafrechtlich relevanter Inhalte ist davon völlig unabhängig, und dessen Bestrafung ebenfalls. Dort muss rigoroser vorgegangen werden, denn dort sind wir gerade dabei, die Zeit zu verlieren. Wenn ich die Inhalte \u0026ldquo;zudecke\u0026rdquo;, dann erzeuge ich nur weitere Trägheit, und die schon längst vorhandene Kluft zwischen Täter und Strafverfolger wird nur noch größer.\nMan kann den Kampf zwischen der kooperativen und der kompetitiven Sphäre auch als Klassenkampf interpretieren, wie Jörg Kantel das in Urheberrecht und Klassenkampf einmal tut. Aber das führt nirgendwohin - nicht für ihn und auch nicht für uns alle, denn es ist rückwärtsgewandt und überkommenen Denkmustern verhaftet. Er schließt: Im Grunde meines Herzens bin ich jedoch Anarchist. Nicht ein Anarchist im Sinne des Stirnerschen Brutal-Individualismus, sondern ein Anhänger kropotkinscher Kooperation und (gegenseitiger) Hilfe. Und in diesem Sinne gilt es, die kropotkinschen Gesellschaftsentwürfe mit der marxistischen Gesellschaftsanalyse zu versöhnen. Wer, wenn nicht ein Pirat, könnte diese Aufgabe übernehmen? Bei all meiner Sympathie für die Linken sind diese mehrheitlich zu sehr im Gestern verhaftet, als daß von Ihnen ein moderner Entwurf zu erwarten wäre. Das ist einer der Gründe, warum sich die Piratenpartei so gerne dem üblichen Links-Rechts-Muster in der Poltik verschließen will und warum sie sich auf ihre Kernthemen fokussiert.\n","date":"2009-07-01T00:00:00Z","href":"https://blog.koehntopp.info/2009/07/01/urheberrecht-360-grad-ansicht.html","tags":["copyright","media","politik","lang_de"],"title":"Urheberrecht - 360-Grad-Ansicht"},{"categories":null,"content":"Ich bin ja ein guter Sohn und schicke daher meiner Mama ab und an ein Päckchen. Da freut sie sich immer. Weil ich außerdem ein Geek bin, ist es ein IP-Päckchen.\nAuf so ein Päckchen muß natürlich auch ein Adreßaufkleber drauf, und in dem müssen die wichtigen Zustellinformationen eingetragen werden.\nVordruck für den Versand von IP-Päckchen, korrekt ausgefüllt und mit ein wenig TTL frankiert.\nFür die Zustellung sind drei Felder im Adreßformular wichtig: In das Feld \u0026lsquo;32 Bit destination IP address\u0026rsquo; ist die Empfängeranschrift einzutragen, hier also beispielhaft mal 134.245.16.8, in das Feld \u0026lsquo;32 bit source IP address\u0026rsquo; ist der Absender einzusetzen, also etwa 85.183.48.160. Und schließlich muß Porto drauf, d.h. ins Feld \u0026lsquo;Time To Live\u0026rsquo; (TTL) ist einzutragen wie viele Router weit das Paket maximal reisen können soll - ich habe hier einmal 20 eingetragen. Payload rein, und ab zur Post damit. Äh, ins Netz natürlich.\nBei mir daheim sieht das Netz gerade so aus:\nDer Netzplan.\nMein Rechner will das Paket also versenden. Dazu muß er wissen, wo er das Paket hinschicken soll. Zu diesem Zweck hat mein Rechner, KK, eine Tabelle. In der Tabelle steht drin, für welchen Rechner das Paket an wen zu senden ist. Für den Netzplan bei mir daheim also:\nZielSende an KKDas bin ich selber thinkcatthinkcat linuxlinux tvtv alle anderenmoep In der Tabelle stehen in Wirklichkeit natürlich IP-Nummern drin, und darum sieht die Tabelle mit Zahlen so aus:\nZielSende an KK (192.168.1.101)Das bin ich selber (127.0.0.1) thinkcat (192.168.1.107)thinkcat (192.168.1.107) linux (192.168.1.10)linux (192.168.1.10) tv (192.168.1.103)tv (192.168.1.103) alle anderenmoep (192.168.1.1) Das eine was auffällt ist die Nummer 127.0.0.1 - jeder Rechner im Internet hat diese Nummer und sie bezeichnet immer \u0026lsquo;diesen Rechner\u0026rsquo;, \u0026lsquo;uns selbst\u0026rsquo;. Das Netzwerkinterface \u0026rsquo;lo\u0026rsquo; oder \u0026rsquo;lo0\u0026rsquo; hat immer diese Nummer, und das \u0026rsquo;lo\u0026rsquo; steht dabei für \u0026rsquo;loopback\u0026rsquo;. Es ist ein Testinterface, das immer existiert und das es dem Rechner erlaubt, Netzwerkanwendungen auch dann auszuführen, wenn der Rechner gar kein Netz hat. Dann kann er zwar nur mit sich selber reden, aber immerhin können dann die Netzwerk-Komponenten auf einer Kiste miteinander reden. Das ist ja besser als nix.\nWas noch auffällt ist natürlich, daß alle IP-Nummern in meinem Netz mit demselben Prefix anfangen - 192.168.1.*. Das ist nur natürlich - alle Adressen in der Straße um mich herum fangen ja auch mit demselben Prefix an - germany.berlin.wenckebachstrasse.*. Darum kann man die Tabelle da oben auch vereinfachen:\nZielSende anPorto KK (192.168.1.101)Das bin ich selber (127.0.0.1)0 192.168.1.*192.168.1.* (direkt)0 alle anderen (*)moep (192.168.1.1)1 Wir haben hier drei Zeilen notiert: Die erste Zeile teilt mit, daß wir Pakete an uns selber gar nicht zur Post bringen müssen - wir können sie gleich wieder aufreißen und uns über den Inhalt hermachen (\u0026ldquo;Lecker! Kekse!\u0026rdquo;).\nDie zweite Zeile sagt: Alles was mit der Nummer 192.168.1.* anfängt ist sowieso local und kann direkt an den Rechner mit der gleichen Nummer zugestellt werden - also 192.168.1.2 an die 192.168.1.2 direkt und so weiter.\nUnd die letzte Zeile ist die Default-Route und die sagt: Alles andere geht erst mal an den moep (192.168.1.1) und der wird dann schon wissen wie es weiter geht, mir egal.\nDie Spalte mit den Portokosten sagt dabei: Wenn wir ein Paket direkt zustellen wird kein Router überquert und daher die \u0026lsquo;Time To Live\u0026rsquo; (TTL) auch nicht runtergezählt. Für Pakete, die nach draußen gehen ist das anders - da wird die TTL von z.B. 20 auf 19 runtergezählt. Der nächste Router macht dasselbe und so weiter. Irgendwann ist das Porto mal alle, d.h. die TTL ist 0 und dann wird das Paket weggeschmissen, egal ob es irgendwo angekommen ist oder nicht.\nDas letzte Mal als wir uns das Internet mit Kugelschreibern (und Bussen) angesehen haben, hatten wir gesehen, daß es von mir bis nach Norwalk, CT, USA 13 Router sind, die man sehen kann. Der TTL-Zähler geht also bei jedem Schritt einen Wert runter und die Pakete kommen mit einer Rest-TTL von 7 in Norwalk an.\nWozu ist das gut?\nEin Datenwirbel während einer Netzstörung.\nWenn es eine Störung im Netz gibt, dann kann der Fall eintreten, daß der Router Zwei nahe dem Ziel die Störung schon bemerkt hat und das Paket erst einmal einen Schritt zum Router Eins zurück sendet, damit dieser es über eine alternative Route zum Ziel bringt. Router Eins weiß aber noch nichts von der Störung und sendet es wieder voran zu Nummer Zwei - genau auf dem gestörten Weg. Jeder dieser Schleifenschritte kostet ein wenig TTL, und sobald das Paket einen TTL-Zähler von 0 hat, wird es verworfen und der ursprüngliche Absender benachrichtigt, wenn möglich.\nDas verhindert, daß Pakete unendlich lange im Netz kreisen, weil es keine Route mehr zum Ziel gibt. Es bewirkt natürlich auch, daß Pakete, die mit einem zu kleinen TTL-Wert losgesendet werden ihr Ziel niemals erreichen können. Im Internet gibt es also keine Sargasso-See in der alte Plastiktüten und anderer Zivilisationsmüll bis ans Ende aller Tage kreisen und niemals verrotten: Der TTL-Zähler ist ein Datenpäckchen-Kompostierungszähler und sorgt als Sicherheitsmaßnahme für eine umweltfreundliche Entsorgung von Datenschrott.\nDa stellt sich natürlich sofort die Frage, was denn der minimale TTL-Wert ist, mit dem man von überall nach überall hinkommt. Das ist die Frage nach dem Durchmesser des Internets - im Jahr 2001 wurden Werte von bis zu 40 beobachtet und festgestellt, daß manche Betriebssysteme die TTL per Default zu klein einstellen - also zu wenig Porto auf ihre IP-Päckchen kleben.\nMein Router, Moep, hat auch eine Routingtabelle, aber die ist nicht spannender als die da oben: Alles was 192.168.1.* ist geht nach links ins Netz raus und alles andere nach rechts zum Provider.\nDer Provider, der hat richtige Router mit vielen vielen anderen Interfaces, und die haben richtige Routingtabellen. Wie das funktioniert - das ist eine Geschichte für ein anderes Mal.\nUnd jetzt, nach diesem Artikel, kann ich endlich antworten:\nDein (schöner) Vergleich hinkt (wie alle Vergleiche), und zwar leider an einer sehr zentralen Stelle: Bei Dir weiß das Datenpaket, wie es reisen muss. Im Internet weiß der Router den nächsten Hop, wo Pakete mit einem bestimmten Ziel hin müssen.In Deinem Beispiel müsste also der Kurt-Schumacher-Platz von Deiner Stirn ablesen können, dass Du nach CT willst und Dich dann zum next hop Flughafen Tegel schicken.\nMeine Hoffnung ist, daß in Kurt-Schumacher-Platz so ein Typ mit der Mütze steht und daß ich den nach dem Weg fragen kann. Der wird hoffentlich für usa.ct.norwalk eine Defaultroute haben, die * oder immerhin usa.* nach Tegel routet und mich also über das korrekte Omnibusinterface aus dem U-Bahnhof routen.\n","date":"2009-06-27T00:00:00Z","href":"https://blog.koehntopp.info/2009/06/27/internet-mit-kugelschreibern-und-ein-p-ckchen-f-r-mama.html","tags":["internet","erklaerbaer","lang_de"],"title":"Internet mit Kugelschreibern (und ein Päckchen für Mama)"},{"categories":null,"content":" Das da ist Kris.\nMein Rechner hat keine Internet-Karte. Er hat Ethernet, Wi-Fi, Bluetooth, und wenn er ein wenig älter wär hätte er auch noch ISDN oder einen Modem-Anschluß. Aber eine Internet-Karte steckt da nicht drin.\nWieso eigentlich nicht?\nHolen wir einmal ein wenig aus, und bauen wir ein Beispiel aus der realen Welt.\nKris muß nach Norwalk, CT. Das ist in Connecticut, USA, Nordamerikanischer Kontinent, gleich neben New York.\nKris wohnt neben einer U-Bahn Station, der U6. Das hilft ihm aber nur mittelbar, denn leider hat Norwalk, CT keine U6-Adresse. Wir können Kris also nicht in die U6 setzen, ihm ein 456 Zonen-Ticket kaufen und dann 1217 Stationen später aussteigen. Obwohl ich den Grenander-Bahnhof Atlantis schon gerne gesehen hätte.\nNehmen wir also Kris und setzen ihn in die U6.\nKris hat weiter eine genaue Vorstellung von seiner Zieladresse. Aber in der U6 muß er erst mal mit U6-Adressen arbeiten. Nächster Halt also Kurt-Schumacher-Platz. Dort wird Kris aus der U6 ausgepackt und in einen Bus verladen.\nDer Bus versteht eine Busadresse - Flughafen Tegel.\nWie die Haltestelle Kurt-Schumacher-Platz ist auch Tegel ein Router. Ein Router hat mehr als eine Adresse. Der Flughafen zum Beispiel hat die Busadresse \u0026lsquo;Flughafen Tegel\u0026rsquo; und die Flugzeugadresse TXL. Er hat auch Taxiadressen (\u0026lsquo;Halteplatz vor Gate 8\u0026rsquo;) und Autoadressen (\u0026lsquo;P2 am Flughafen Tegel\u0026rsquo;). Auf einem Router wie Tegel werden massenhaft Reisende aus einem Verkehrsnetz ausgepackt und in ein anderes Verkehrsnetz eingepackt und dann weiter versendet.\nDas jeweilige Verkehrsmittel kapselt dabei die Reisenden. Die Verkehrsmittel verwenden jeweils spezifische Adressen, die nur innerhalb ihres Verkehrsmittels eine Bedeutung haben. Aber die im Verkehrsmittel reisenden Personen wissen natürlich die ganze Zeit, wo sie wirklich hin wollen und arbeiten mit anderen, global gültigen Adressen.\nDieses Konzept der Kapselung ist sehr einfach. Es ist aber auch sehr mächtig - es ist ein wesentliches Konstruktionsprinzip des Internets.\nEin Router ist wie ein Flughafen etwas, das verschiedene Adressen in verschiedenen Netzen hat. Das Internet-Protokoll ist ein Protokoll um Netze, nicht Rechner, miteinander zu verbinden. Mein Rechner sendet also Ethernet-Pakete zum Router, in denen Internet-Pakete enthalten sind. In den Ethernet-Paketen stehen Ethernet-Adressen, in diesem Fall die Ethernet-Adresse meines Routers.\nInnerhalb der Ethernet-Pakete sind jedoch IP-Pakete enthalten, die die eigentliche Ziel enthalten, so wie die U-Bahn Reisende enthält. In den Ethernet-Paketen stehen lokale Ethernet-Adressen so wie auf den Tickets lokale U-Bahn-Adressen stehen. Aber in den Köpfen der Leute stehen Fernziele, so wie in den Köpfen von IP-Paketen global gültige Zieladressen stehen.\nMein Router entnimmt die IP-Pakete den Ethernet-Paketen und packt sie stattdessen in PPP-, ATM- oder ISDN-Pakete ein und sendet sie anderswo hin, genau so wie auf einem Flughafen Leute umsteigen: Auskapseln, mit Hilfe des Fernzieles das passende Gate bestimmen und dann wieder einkapseln - diesmal in einen anderen Transport: Außen in der Verpackung steht immer die Adresse des nächsten Routers auf dem Weg, aber das IP-Paket selbst mit seiner global gültigen IP-Nummer enthält immer eine unveränderte Adresse. Auch an der nächsten Station wird das IP-Paket ausgepackt und wieder eingepackt und dann weiter geschickt - bis es irgendwann einmal das Ziel erreicht.\nDas sieht dann so aus:\nKK:~ kris$ traceroute priceline.com traceroute to priceline.com (64.6.17.5), 64 hops max, 40 byte packets 1 my.koehntopp.de (192.168.1.1) 1.733 ms 1.241 ms 0.910 ms 2 lo1.br05.ber.de.hansenet.net (213.191.89.5) 24.046 ms 23.392 ms 23.268 ms 3 ae0-103.crju01.ber.de.hansenet.net (62.109.111.29) 22.326 ms 22.114 ms 22.618 ms 4 so-1-0-0-0.cr01.fra.de.hansenet.net (213.191.66.21) 41.671 ms 41.877 ms 40.842 ms 5 ae0-101.pr01.fra.de.hansenet.net (62.109.109.176) 41.044 ms ae1-102.pr01.fra.de.hansenet.net (62.109.109.240) 41.077 ms 41.367 ms 6 fra32-hansenet-1.fra.seabone.net (195.22.211.113) 41.447 ms 40.945 ms 41.524 ms 7 new3-new50-racc1.new.seabone.net (195.22.216.237) 121.744 ms 121.256 ms 121.993 ms 8 att-1-us-new4.new.seabone.net (195.22.216.22) 122.883 ms 123.582 ms 122.182 ms 9 cr2.n54ny.ip.att.net (12.122.130.22) 127.547 ms 127.379 ms 127.761 ms 10 gar5.n54ny.ip.att.net (12.122.130.113) 126.692 ms 126.964 ms 126.307 ms 11 mdf16-gsr12-1-pos-6-0.nyc2.attens.com (12.122.255.114) 123.526 ms 123.479 ms 122.330 ms 12 mdf19-bi8k-1-eth-1-2.nyc2.attens.net (63.240.0.106) 122.865 ms 122.209 ms 122.017 ms 13 * * * Das Programm traceroute verfolgt die Reise eines IP-Paketes von mir daheim bis nach Norwalk, CT, oder jedenfalls bis New York. Für jede Station wird der Name und die IP-Nummer des Routers ausgegeben und es werden drei Beispielreisezeiten gemessen.\nWie man sieht, reist das Paket ein wenig komplizierter als ich - es muß mindestens 13 Mal umsteigen - und es reist über Frankfurt wo ich über Amsterdam nach New York gereist bin. Dennoch ist es unwesentlich schneller am Ziel als ich. Und vermutlich nicht gejetlagged. :)\nMein Rechner hat also keine Internet-Karte. Aber er kann jede seiner Netzwerkschnittstellen als Internet-Transport verwenden. Das eigentliche \u0026lsquo;Internet\u0026rsquo; in meinem Rechner ist dann ein Stück Software, das neben einigen anderen Dingen Pakete einkapselt und auskapselt.\nDas Prinzip der Kapselung ist aber nicht auf das Internet beschränkt. Es kann im Grunde genommen mit jedem Transport verwendet werden, um über diesem Transport ein Metanetz zu bauen, daß die Knoten dieses Transports enthält.\nSkype macht das - es baut ein Peer-to-Peer -Netz aus Rechnern auf, die schon im Internet sind. Man nennt solche Netze Overlay-Netzwerke, weil sie ein eigenes Netz auf dem Internet aufbauen. Die meisten Leute kennen Skype als Telefonie- oder Chatanwendung, aber mit der Skype API hat man tatsächlich eine Schnittstelle, mit der man beliebige Datenströme durch das Skype-Netzwerk routen kann wie man sonst Datenströme durch das Internet routen würde.\nAuch das ist nur ein Beispiel - auch andere Systeme bauen so ihre Overlays. Tor zum Beispiel ist ein Overlay über dem Internet, das versucht Kommunikation durch Verschlüsselung und Onion-Routing unsichtbar und anonym zu machen.\nAber um so ein Overlay zu bauen ist gar nicht viel notwendig. Tatsächlich würde es ausreichen, einen Browser mit einer modernen, schnellen Javascript-Engine zu haben. Dort könnte man dann so etwas wie Tor und Transmission als Javascript-Anwendungen ohne Installation durch Besuch einer Website direkt im Browser laufen lassen.\nDas Resultat wäre ein Overlay-Netzwerk, in dem anonym und verschlüsselt Knoten miteinander Dateien als Schwarm miteinander austauschen. Das man dadurch installiert und skaliert, indem man eine Webseite besucht auf der das Javascript enthalten ist.\nOk. Nur so eine Idee. Wer braucht so was schon.\n","date":"2009-06-24T00:00:00Z","href":"https://blog.koehntopp.info/2009/06/24/internet-mit-kugelschreibern-und-bussen.html","tags":["identity","internet","networking","zensur","lang_de"],"title":"Internet mit Kugelschreibern (und Bussen)"},{"categories":null,"content":"Ingo hat in Dirk Hillbrecht bei \u0026ldquo;Unter den Linden\u0026rdquo;, Phönix eine Youtube-Variante von \u0026ldquo;Unter den Linden\u0026rdquo; verlinkt. Dort diskutieren Prof. Rupert Scholz (CDU) und Dirk Hillbrecht (Piraten) zum Thema \u0026ldquo;Unter Piraten - Wem gehört das geistige Eigentum?\u0026rdquo;. Der Beitrag ging mir dann noch den ganzen Tag im Kopf rum, weil er mich ziemlich schockiert hat.\nDas, was Herr Scholz da erzählt und argumentiert hat, kam mir sehr altmodisch und weltfremd vor. Hat der die letzten 20 Jahre keinen Strom und kein Netz gehabt? Und dann ging mir auf, daß genau das der Fall war.\nMein Name ist Kristian Köhntopp. Ich bin in etwa seit dem Jahresende 1987 online, mit Modem an Mailboxen. Morgen feiere ich mein 21-jähriges Unix-Jubiläum :\n\u0026ldquo;Habe mir heute (hoechstwahrscheinlich) einen Zweitrechner bestellt. Endlich UNIX!\u0026rdquo; \u0026ndash; Nachricht mir in der Toppoint Mailbox, 24-6-88 18:42\nGoogle datiert mein ältestes auffindbares Posting im Netz auf 1989 - ich bin also seit mindestens 20 Jahren online. Ich werde Ende diesen Jahres seit 17 Jahren Linux eingesetzt haben. Die Logs und Statistiken meiner eigenen Domain gehen 12 Jahre zurück.\nIch lebe online.\nAlle Texte, die ich seit 1983 geschrieben habe, sind auf dem Computer geschrieben worden. Sie liegen auf einem halben Dutzend Rechnern im Netz verstreut. Seit 1986 achte ich darauf, portable Formate zu verwenden, um auch bei einer Migration auf neue Systeme keine Daten zu verlieren. Seit 20 Jahren lese ich laufend meine Mail, ich bin jeden Tag in fünf verschiedenen IM-Systemen zu erreichen.\nIch habe Freunde und Kollegen, die ich noch niemals in Persona getroffen habe. Meine Arbeitgeber seit eineinhalb Jahrzehnten setzen in ihren geschäftskritischen Systemen ausschließlich Open Source Software ein.\nIch bin einige Jahre für eine Firma tätig gewesen, bei der ich weder den finnischen noch den deutschen Firmensitz je betreten habe, und bei der ich erst kurz vor dem Ausscheiden einmal Gelegenheit hatte, den amerikanischen Firmensitz von innen zu sehen.\nIch habe in einem Bewerbungsgespräch gesessen, bei dem mein zukünftiger Arbeitgeber das Gespräch mit den Worten \u0026lsquo;Wir haben uns dann im Web schon mal über sie informiert. Fachlich ist wahrscheinlich alles klar, wir müssen nur noch sehen, ob das menschlich auch paßt.\u0026rsquo; eröffnet hat.\nIch mache mir Sorgen, was mit meinem Arbeitsplatz ist, wenn einmal das DSL ausfällt und überlege mir einen Backup-Anschluß via Kabelfernsehen ins Haus legen zu lassen. Dann fällt mir ein, daß mein Mobiltelefon ja eine UMTS-Flat hat und daß ich damit wahrscheinlich überbrücken kann.\nIch reiste beruflich fast drei Jahre durch Europa und die USA, aber ich war immer zu Hause - Eastern Standard Tribe oder in meinem Fall der Stamm der MESZler war immer für mich erreichbar, wo immer ich war: Ich habe nicht mehr oder weniger Kontakt mit meinen Freunden gehabt bloß weil ich mal ein paar Wochen auf einem anderen Kontinent war.\nDas ist die Welt, in der ich existiere und das sind die Dinge, mit denen ich jeden Tag umgehe. Sie sind für mich real. Sie definieren und sie finanzieren meine Existenz in dieser Welt, seit mehr als zwei Dekaden.\nIch bin kein Einzelfall. Alle Leute die ich kenne leben auch so, mehr oder weniger. Und deren Freunde auch. Wir sind viele, so viele, daß wir in sechs Wochen 134000 Unterschriften zusammenbekommen ohne das Haus verlassen zu müssen. Wir sind definitiv keine 80 Millionen und wir haben den Rest dieses Landes so dermaßen weit abgehängt , daß wir nicht einmal mehr eine gemeinsame Sprache haben. Wenn irgendwas in dieser Diskussion deutlich geworden ist, dann das.\nRupert Scholz und mit ihm die Partei, die er repräsentiert, stehen für diese Welt der Zurückgebliebenen. Wir nennen sie Alte Männer mit Kugelschreibern oder Internetausdrucker. Wir wissen nicht, wie wir mit ihnen reden sollen und wie wir ihnen unsere Welt erklären sollen, und wir hoffen, daß es eine biologische Lösung für dieses Problem gibt.\nDirk Hillbrecht war sanft mit Rupert Scholz - das muß er auch. Diese Leute glauben, daß noch politischer Gestaltungsspielraum da wäre, weil sie nicht verstehen, was Computer eigentlich sind, was das Netz seinem Wesen nach eigentlich ist.\nUnsere Computer sind Kopiermaschinen. Um ein Programm auszuführen muß es von einem Medium in den Speicher, vom Speicher in den Prozessor kopiert werden, ebenso alle Daten. Ergebnisse werden zurück kopiert. Der Befehlssatz eines jeden Rechners hat circa zehn Mal mehr Kopier- als Rechenbefehle.\nUnsere Netze sind Kopiermaschinen. Wir sagen wir \u0026lsquo;senden eine Nachricht\u0026rsquo;, aber das Wort ist falsch. \u0026lsquo;Senden\u0026rsquo; impliziert, daß die Nachricht sich bewegt und für den \u0026ldquo;Ab\u0026rdquo;-Sender nicht mehr da ist. Das ist in der realen Welt so, aber nicht im Netz: Wir kopieren eine Nachricht an die Empfänger.\nDas Wesen aller IT ist die Kopie.\nDas Wesen aller Kommunikation und der darauf aufbauenden Kultur ist es auch. Wer jemals eine Retweet -Welle durch Twitter hat laufen sehen, oder einem Exchange-Server beim Verdauen des neusten Powerpoint-Spams mit lustigen Katzenbildern zusehen konnte, der weiß dies aus eigener Anschauung.\nNein, im Ernst - dieses Blog hier ist voll von orignalem Content. Das Zeugs ist nicht ganz schlecht, glaube ich, weil mir Leute schreiben, die das verwenden oder gar bezahlen wollen. Dieses Blog ist auch voll von Links und von Zitaten. Ohne diese Links und Zitate wäre dieses Blog sinnlos. Und dieses Sharing von Inhalten, das Weitergeben von URLs und Texten ist wichtig, denn es macht das Wesen von Nachrichten und Diskussionen aus .\nComputer sind Kopiermaschinen. Das Netz macht aus allen Computern auf der Welt eine einzige Kopiermaschine. Und die Generation Rupert Scholz glaubt, daß sie noch politischen Gestaltungsspielraum hat.\nHier ist die Wahl. Sie ist die einzige Wahl. Sie ist digital, wie das Medium, das die Wahl erzwingt:\nKopieren hinnehmen. jede Kommunikation von Jedermann mit jedem anderen immer auf ihre Legalität hin untersuchen und filtern. Im Fall 2 bildet sich sofort ein Overlay-Netzwerk und Fall 1 tritt ein - es wird weiter kopiert. Nur daß wir halt eine Gesellschaft mit Überwachung und heimlichem Kopieren bekommen.\nJede der beiden Entscheidungen verändert unsere Lebensart.\nJa, ich habe auch keine Lösung. Ich kann nur garantieren, daß dies die Wahl ist, und daß sie unausweichlich ist. Und meine Präferenz ist auch klar. Sie hängt damit zusammen wie ich lebe.\n","date":"2009-06-23T00:00:00Z","href":"https://blog.koehntopp.info/2009/06/23/falscher-planet-falsches-jahrtausend.html","tags":["copyright","internet","media","piraten","politik","lang_de"],"title":"Falscher Planet, falsches Jahrtausend"},{"categories":null,"content":" Der Salbader ist nach eigenem Bekunden ein Kleinod zeitgenössischer Spaßkultur und die größte kleine Literaturzeitschrift aus Berlin. Vor zehn Jahren scannte der Salbader dieses wunderbare Flugblatt - nie war es so wertvoll wie heute (Rest des Heftes ).\nUpdate: Subj steckt mir auch noch diesen Link zu Stummfilm.Info zu, wo sich das Plakat ebenfalls findet.\n","date":"2009-06-23T00:00:00Z","href":"https://blog.koehntopp.info/2009/06/23/wider-die-verflachung-gefahren-des-tonfilms.html","tags":["film","internet","media","lang_de"],"title":"Wider die Verflachung! Gefahren des Tonfilms"},{"categories":null,"content":"Chris erklärt in Unterstützungsunterschriften unterliegen dem Wahlgeheimnis :\nDa ich ja in letzter Zeit für die PIRATEN in RLP fleißig Unterstützungsunterschriften sammle, stoße ich immer wieder auf Bürger, die Bedenken haben, das recht umfangreiche Formular auszufüllen. … Andere haben da etwas schwerwiegendere Bedenken: Sie könnten als Unterstützer einer stark regierungskritischen Partei oder als potentielle Raubmordkopierer, Amokläufer oder (ganz trendy) Pädokriminelle mit unangenehmen Konsequenzen rechnen. Dazu habe ich mal etwas recherchiert und bin auf eine recht eindeutige Stellungnahme der brandenburger Landesbeauftragten für den Datenschutz vom Mai 1994 gestoßen: … Aber vor allem wird deutlich, dass die Unterstützungsunterschriften dem gleichen Wahlgeheimnis unterliegen, wie die Stimmzettel bei der Wahl selbst.\nWenn Du also der Meinung bist, daß man in Deinem Bundesland die Piratenpartei wählen können sollte - unabhängig davon, wie Deine eigene politische Überzeugung ist - dann solltest Du Dir von ich.waehlepiraten.de das Unterstützerformular herunterladen, es ausfüllen und es in die Post tun.\n","date":"2009-06-22T00:00:00Z","href":"https://blog.koehntopp.info/2009/06/22/unterst-tzerunterschriften-unterliegen-dem-wahlgeheimnis.html","tags":["piraten","politik","wahl","lang_de"],"title":"Unterstützerunterschriften unterliegen dem Wahlgeheimnis"},{"categories":null,"content":"So.\nGestern ist es dann beschlossen worden - das Zugangserschwerungsgesetz . Die Abstimmung war namentlich, auf Antrag der Grünen. 389 Abgeordnete dafür - ein CDUler, 3 SPDler dagegen, der Rest dafür, alle von der FDP und Links dagegen, einige Grüne haben gekniffen und mit Enthaltung gestimmt. Auf Abgeordnetenwatch kann man nachsehen, wer genau was getan hat.\nDas Gesetz ist von der großen Koalition gegen den Rat von Experten, unter Ignoranz einer Rekordpetition mit 134014 Mitzeichnern und wahrscheinlich unter Missachtung der Verfassung noch vor der Sommerpause durchgeprügelt worden. Gerade unter den im Internet aktiven SPD-Mitgliedern ist es dabei zu einer Folge von offenen Briefen gekommen, und der Online-Rat der SPD hat sich von dem Gesetz distanziert und seine Arbeit vorerst eingestellt.\nDie sachlichen und fachlichen Bedenken, die im Rahmen der politischen Diskussion genannt worden sind, sind im Gesetzestext bestenfalls pro-forma, aber de-facto gar nicht berücksichtigt worden. Effektiv etabliert das Gesetz eine Zensurinfrastruktur in Deutschland, und öffnet weiteren Begehrlichkeiten Tür und Tor. Das passiert dann auch umgehend: Nicht nur will Thomas Strobel, CDU-Generalsekretär von BaWü, Abgeordneter und Schäuble-Schwiegersohn, eine Ausweitung der Sperren auf Computerspiele , sondern parallel dazu kommen Meldungen über Druck der bayrischen Kommission für Jugendschutz der Landesmedien auf Onlineshops in Österreich .\nEs ist also nichts vorbei .\nWas also ist die Bilanz bisher?\nDie ganze Aktion hat zu einer beispiellosen Politisierung von Menschen mit Lebensmittelpunkt im IT-Bereich geführt:\nDie ganze Affäre sollte auch dem letzten Geek und Websurfer klargemacht haben, daß es nicht mit Demonstrationen und dem Unterzeichnen von Petitionen getan ist. Diese werden bestenfalls zur Kenntnis genommen, dann aber effektiv ignoriert und es wird weitergemacht wie bisher. Das Bild, das Politiker vom \u0026lsquo;gemeinen Menschen auf der Straße\u0026rsquo;, von \u0026lsquo;Otto Normalverbraucher\u0026rsquo; haben, beinhaltet kein Counterstrike, keine DSL-Modems und auch keine nennenswerten IT-Kenntnisse. Diese Fehlannahme zieht sich mehr oder minder stark durch alle existierenden politischen Parteien, mit Ausnahme der Piratenpartei und Teilen der Grünen.\nDer Effekt der Politisierung ist nicht nur in den Blogbeiträgen der Blogs erkennbar, die ich subscribed habe, sondern auch real messbar - das Treffen der Berliner Piraten letzten Dienstag war um etwa den Faktor 5 bis 8 größer als das Treffen vor vier Wochen.\nDer Umgang dieser Menschen mit den Fakten in einer politischen Diskussion unterscheidet sich auch sehr von dem, was man bisher so gewohnt war. Die normalen Instrumente der Volksbeeinflussung - Zeitungsartikel, Lobbygruppen und andere Marionetten haben versucht, das übliche Theater aufzuführen, aber der Zusammenschluss von Menschen im Netz ( Crowdsourcing ) hat hier Zusammenhänge aufgedeckt und Gegenaktionen generiert, die die Poltik so nicht gewohnt war.\nSo wurde im Rahmen der Diskussion die suspekte Deutsche Kinderhilfe als gesteuerte Hetzorganisation CDU-naher Kreise aufgedeckt, und die durch manipulative Fragestellungen erzielten Umfrageergebnisse der DKH mit einer Gegenumfrage widerlegt. Die Organisation ist für Propagandazwecke nun verbrannt - das Netz wird sich an Namen und Personen bei Bedarf erinnern.\nAber auch andere Behauptungen und Tricksereien, die im Zusammenhang mit dieser Debatte immer wieder verwendet worden sind, sind durch Verwendung frei zugänglicher Quellen aufgedeckt worden: Die Behauptung, das BKA könne Webseiten nicht wie der AK Zensur durch Anschreiben der Provider sperren lassen hat sich als falsch herausgestellt , die von der Bundesregierung behaupteten Sachverhalte haben nach einer kleinen Anfrage der FDP keine faktische Basis und die als Beispiel genannten ausländischen Sperrlisten haben nach eingehender Untersuchung eine erbärmliche Qualität.\nVor allen Dingen hat sich aber gezeigt, wie gefährlich die gegenwärtige Regierungskoalition der Partei der Über-60-Jährigen Internetausdrucker und der rückgratlosen Verräter ist, wenn man sie denn machen lässt - das kann man vielleicht als größten Erfolg der Sache mitnehmen. 134014 aktivierte politische Personen, alle von ihnen Multiplikatoren. Aber das sind mit Sicherheit noch nicht alle.\n","date":"2009-06-19T00:00:00Z","href":"https://blog.koehntopp.info/2009/06/19/es-ist-noch-lange-nicht-vorbei.html","tags":["jugendschutz","politik","überwachung","zensur","lang_de"],"title":"Es ist noch lange nicht vorbei."},{"categories":null,"content":"Jemand fragt mich per Mail:\nWas ich wissen möchte: Wie viel Geräte \u0026ldquo;im Internet\u0026rdquo;, also bei Providern (nicht bei einem speziellen, sondern bei allen) und im Backbone, sind typischerweise zu einem Zeitpunkt \u0026ldquo;kaputt\u0026rdquo; (falsch konfiguriert, abgeraucht, in Wartung, nicht verfügbar)?\nDie Frage kam neulich auf, als wir über IP fachsimpelten (Ja, fast Stammtischniveau), und uns fragten, wie nötig die lokale Wegfindung ist, die IP macht, und wie viel Arbeit sich TCP auf der Empfängerseite mit der Sortierung der Pakete machen muss.\nEs ist klar, daß es da keine harten Zahlen gibt. Aber Deine Schätzung ist besser als meine, soviel wissen wir schon. Deshalb die freundliche Bitte: \u0026ldquo;Her damit!\u0026rdquo; :)\nDas ist auf vielen Ebenen eine interessante und komplizierte Frage. Man kann sie nicht mit einer einfachen Prozentzahl beantworten und erwarten, daß man sinnvolle Ergebnisse bekommt.\nUpdate: Trackback vom 27.06 , der Ausschnitt betreffend diesen Eintrag .\nEinmal geht es um Geräteausfall - aber Geräte fallen nicht einzeln aus, insbesondere Router nicht. Denn hinter Routern hängen andere Geräte und ein Ausfall eines Routers bedingt auch den Ausfall aller Komponenten \u0026lsquo;hinter\u0026rsquo; dem Router, falls kein redundanter Pfad besteht. Auch stehen Router nicht alleine auf weiter Flur, sondern in Rechenzentren in Racks, abhängig von Klimaanlagen, Stromzuleitungen und anderen Komponenten. Viele dieser Komponenten sind redundant, aber abhängig vom Fehlerszenario kann diese Redundanz unter Umständen nicht wirksam werden - es sind schon ganze Rechenzentren mit redundanter Klimatisierung abgeschaltet worden, weil die (notwendig nicht redundante) Steuerung der Klimaanlage fehlerhaft programmiert war.\nWenn man also Ausfallwahrscheinlichkeiten und ihre Auswirkungen hier diskutieren will, dann landet man sehr schnell bei Ausfallbäumen und recht komplizierten mathematischen Modellen mit bedingten Wahrscheinlichkeiten. Unter der Annahme, daß man die Eingangswahrscheinlichkeiten in dem Modell hinreichend genau zur Verfügung hat und daß diese eine signifikante Rolle spielen - so habe ich in einem Oberseminar zum Thema HA während des Studiums mal ein Paper von Sequent gesehen, bei dem Ausfallursachen tatsächlicher Ausfälle von hochverfügbaren Systemen ausgewertet wurden und die dominierende Ursache war \u0026lsquo;menschliches Versagen und Fehlbedienung des Clusters\u0026rsquo; (auf dem zweiten Platz war \u0026lsquo;Totalverlust des Rechenzentrums\u0026rsquo;).\nDer andere Teil der Frage zielt auf den Mechanismus der lokalen Wegfindung bei TCP/IP. Dabei geht es darum, daß jeder Router im Internet ein IP-Paket nicht komplett bis zum Empfänger routet, sondern für jedes Paket neu den nächsten Hop bestimmt und das Paket dort hin routet. Der nächste Router trifft seine Entscheidung dann unabhängig von dem vorhergehenden Router und jeder Router trifft seine Entscheidung für jedes Paket neu ohne Berücksichtigung vorhergehender Entscheidungen für Pakete mit derselben oder ähnlicher Zieladresse.\nYou wish.\nDas theoretische Modell von TCP/IP ist so, aber moderne Router und Switches arbeiten nicht so, das wär ein wenig zu aufwendig. Zwar arbeitet jeder Router für sich alleine, aber Routingprotokolle sorgen dafür, daß Routingtabellen mehrerer Router bei stabiler Netzwerksituation im Mittel auch zum Ziel führen. Die Routingtabellen für einen Router im Internet wachsen dabei mit der zunehmenden Größe des Netzes und der zunehmenden Fragmentierung des IP V4 Adressraumes an, und ja, das ist ein Problem.\nMan kann, wenn man sich die Instability Reports ansieht auch feststellen, daß Fehler oder Routenänderungen im Netz nicht zufällig und gleich verteilt sind - statistische Modelle, die solche Ausfallwahrscheinlichkeiten annehmen sind fehlerhaft. Evolutionäre Modelle, in denen Phasen langer Stabilität in großen Gebieten und Phasen hektischer Änderungen in kleinen Zonen angenommen werden (Punctuated equilibrium ) erzeugen wahrscheinlich bessere Mathematik auf diesem Gebiet.\nAber Router arbeiten nicht nur über Routingprotokolle synchronisiert geografisch abgestimmt zusammen, sondern Router haben auch Tricks, mit denen sie die Tatsache auszunutzen versuchen, daß über dem verbindungslosen IP in vielen Fällen ein verbindungsorientiertes Protokoll in den Schichten 4 oder 5 und höher liegt.\nIm einfachsten Fall und ohne Kooperation untereinander sortiert man Routen aktiver Netze einfach in der Routingtabelle nach vorne oder lädt sie in einen speziellen Routing-Cache, wenn man außerdem Kooperation von Routern untereinander annehmen darf, werden Pakete sogar gekapselt oder getaggt und so zu einer Verbindung gehörende Pakete erkennbar und identisch geroutet - im Extremfall wird für so eine getaggte Verbindung eine Route durch mehrere Router etabliert und nur für die Erstentscheidung CPU im Router verbraucht. Folgepakete mit demselben Tag werden dann von spezieller Hardware in der Netzkarte des Routers abgehandelt, also quasi mit dem Stammhirn geroutet.\nDie Art und Weise, wie im Internet Routen gefunden werden, garantiert auch nicht, daß die Routen symmetrisch sind. Tatsächlich sind asymmetrische Routen (PDF) häufig, und die Umstände, unter denen sie zustande kommen sind interessant und Papers wert. Messungen zu diesem Thema gibt es auch (Caida hat, wie der Name sagt, sowieso jede Menge statistische Daten über das Internet).\nUnd schließlich die Frage, welche Auswirkungen so etwas auf TCP hat. In klassischem TCP ist es ja so, daß TCP-Pakete, die out-of-order ankommen, als Netzwerküberlastung (Congestion) interpretiert werden und das TCP darauf hin das Transfer Window verkleinert. Dem liegt die Annahme zugrunde, daß Störungen im Netz selten genug sind, sodass Paketverluste in den meisten Fällen auf einzelne überlastete Verbindungen zurückzuführen sind. Diese Annahme erlaubt dem Empfänger außerdem, einzelne \u0026ldquo;im Voraus\u0026rdquo; empfangene Pakete zu verwerfen - täte der Empfänger das nicht, könnte man sonst eine sehr einfache Denial Of Service Attacke gegen einen Empfänger konstruieren, bei dem man ihm auf einer Vielzahl von Verbindungen TCP-Daten mit Lücken sendete, bis der Kernel allen verfügbaren Speicher für gepufferte partielle Verbindungen verbraucht hat.\nIn manchen Umgebungen ist diese vereinfachende Annahme jedoch nicht wahr. In mobilen Netzen zum Beispiel kann es durch die hohe Error-Rate der Links zu nennenswerten Paketverlusten kommen und hier kann es sinnvoll sein, im Voraus empfangene Pakete zu puffern, um die Anzahl von Retransmits zu senken (PDF dazu) - aber im solchen Netzwerken gibt es noch eine ganze Reihe von weiteren Tricks, die helfen können die Performance zu verbessern und dann wird es richtig kompliziert.\n","date":"2009-06-17T00:00:00Z","href":"https://blog.koehntopp.info/2009/06/17/wie-kaputt-ist-das-internet.html","tags":["internet","lang_de"],"title":"Wie 'kaputt' ist das Internet?"},{"categories":null,"content":"Ab 2010 soll ja die Umrüstung von Stromzählern auf sogenannte Smart Meter verpflichtend werden. Das sind kleine embedded Computer, die den Stromverbrauch eines Haushaltes laufend an den Stromanbieter zurückmelden. Der \u0026ldquo;Vorteil\u0026rdquo; für den Verbraucher ist ein tageszeit-abhängiger Strompreis. Von den Sicherheits- und Datenschutzaspekten mal abgesehen - was sind eigentlich die Konsequenzen für den Stromverbrauch durch die Zähler selbst?\nIn Deutschland gibt es laut Destatis 39.7 Millionen Haushalte. Das kann man also mal als Mindestanzahl der Stromzähler in Deutschland ansetzen, anderswo sind 44 Millionen Zähler in Deutschland gemeldet.\nDie Frage war nun: Wenn man also 44 Mio embedded Computer in Deutschland installiert, wie viel Strom verbrauchen die? Die Antwort ist überraschend.\nEin Gerät wie das EM-1021 (PDF, via Quelle 7 aus Intelligenter Zähler ) von Echelon verbraucht angeblich zwischen 2 und 5 Watt. Das ist überraschend wenig, und kann nur dann stimmen, wenn man entweder nur Werte für den Wandler und nicht für den Rechner angibt, oder wenn man einen sehr langsamen und leistungsschwachen Rechner da eingebaut hat.\nTatsächlich behauptet Smartmetering als neue Effizienzquelle (PDF) sogar, daß ein solches Smart Meter substantiell weniger Eigenstromverbrauch hat als ein alter Ferraris-Zähler , dessen Eigenverbrauch im Jahr mit 30 kWh/a angegeben wird (das sind dann etwa 3.5 Watt Aufnahme, wenn ich nicht zu naiv gerechnet habe). Das Papier gibt ein Einsparpotential von 900 bis 2500 Gwh/a an.\nDas glaube ich so erst mal nicht, aber wenn wir da plus/minus 0 rauskommen wäre es ja zumindest hier mal kein Verlust.\nWarum glaube ich das so erst mal nicht?\nEinmal träumen die Stromversorger von Zusatzanwendungen, zum Beispiel Geräte im Haushalt ferngesteuert ein- und ausschalten zu können. Wenn diese Dinge vom Zähler aus implementiert werden sollen, kann man nicht unbedingt von einer leistungsschwachen CPU am Zähler ausgehen.\nAndererseits ist es so, daß der Zähler eine gewisse Mindestleistung auf der CPU haben muss, wenn er denn die Sicherung der ganzen Kommunikation und Steuerung durch passende Crypto implementieren können soll. Man hat also die Wahl, Strom zu sparen und das System leicht hackbar zu machen oder halt ordentlich kryptografisch abzusichern und dafür mehr Watts zu lutschen.\nUnd schließlich müssen diese Zähler, wenn sie denn tun sollen, was man sich von ihnen verspricht, auch noch irgendwie ans Internet angeschlossen werden. Dazu soll Powerline-Technologie verwendet werden, da die meisten Leute an den Orten, an denen die Zähler hängen, keine DSL-Router stehen haben. Man muss zum Verbrauch also noch das Powerline-Ethernet-Gegenstück neben seinem eigenen DSL-Router dazu rechnen, wenn der Zähler seine Daten Richtung heimischer DSL-Router ausleitet. Oder der Zähler leitet seine Daten Richtung Stromnetz aus, wo man in den Umspannstationen und höher Empfänger, Router und anderes Strom verbrauchendes Equipment haben muss, das auch zu bilanzieren wäre.\nDer Punkt ist der Folgende: Setzt man für das ganze Spielzeug mal 15 Watt Mehrverbrauch an, kommt man knapp auf eine Vervierfachung des Verbrauches gegenüber einem Ferraris-Zähler, also etwa 120 kWh/a.\nNachtrag: Die Sache mit Powerline hat auch noch andere aufregende Nebenwirkungen. Powerline strahlt nämlich wie Sau EM-Störungen von nicht abgeschirmten Stromleitungen in die Nachbarschaft. Das ist nicht nur ein Sicherheitsproblem, sondern auch ein echtes Problem mit der Verschmutzung des EM-Spektrums. Man will keine 44 Millionen Störsender in Deutschland ausrollen.\nJe mehr ich mich mit dem ganzen Smart Meter Unsinn befasse, desto mehr kommt mir das vor wie Gesundheitskarte 2.0.\n","date":"2009-06-05T00:00:00Z","href":"https://blog.koehntopp.info/2009/06/05/wie-viel-strom-verbraucht-ein-stromzaehler.html","tags":["computer","energy","lang_de"],"title":"Wie viel Strom verbraucht ein Stromzähler?"},{"categories":null,"content":"Es begann als Kommentar in diesem Blog, aber ich mach jetzt einmal einen eigenen Artikel draus. Der URL-Sturm Medien und Politik erzeugte diese Anmerkung:\nWie kann \u0026ldquo;\u0026lsquo;Es sind die Fans, die ein Medium am Ende umbringen.\u0026rsquo; (Fansub-Diskussion mit der Katze und Dirk)\u0026rdquo; das Fazit der Meldung sein, dass die, die angeblich das Medium umbringen indem sie nicht zahlen eben doch zahlen? Das bedeutet doch gerade, dass die virtuellen Einnahmensverluste durch reale Einnahmenssteigerungen wieder aufgewogen werden.Gruß\nDas ist kein Fazit, sondern eine Notiz von mir zu dieser Meldung. Darum die einfachen Anführungszeichen da drum.\nHier der Rest vom Rant:\nDie Notiz bezieht sich auf ein Gespräch mit Frau Katze und Dirk - Dirk arbeitet hier in Berlin bei einem Anime- und Geekfilmverbreiter. Unser Gespräch kam auf Fansubs und Fan-Übersetzungen. Genannt wurde etwa das MapReduce mit Menschen , das Harry Potter binnen kürzester Zeit ins Deutsche übersetzt hat und der Fansub zu Pretty Guardian Sailor Moon Liveaction (PGSML), der mit seinem Übersetzungen japanischer Schilder und (*)-Fußnoteneinblendungen mit kulturellem Kontext Maßstäbe setzt.\nBeide Projekte sind auf eine unterschiedliche Weise weitaus besser und schneller als jeder kommerzielle Ansatz auf dem Gebiet es jemals sein könnte. Das ist spürbar - Dirk gab zu Bedenken, daß zu gutes Fansubbing in den USA Läden umgebracht hat.\nEs sind die Fans, die den Kram kaufen, wie die Studie korrekt feststellt. Aber die quantitative Analyse von Studien greift naturgemäß zu kurz und hinkt den anekdotischen Erkenntnissen vieler Insider hinterher: Selbst wenn die Fans den Kram kaufen, sind es gerade die größten Fans, die am Ende von der Qualität enttäuscht sind. Es wäre qualitativ besser geworden, hätten sie es selber gemacht!\nEin anderes Beispiel für eine sich entwickelnde Fankultur, die sich vom originalen Produkt emanzipiert statt es zu überholen, ist das Projekt Iron Sky, das sich auch Fanfinanziert. Die Iron Sky Leute sind interessant: Wie Fansubs und Übersetzungen haben sie zuerst existierenden Content veredelt . Iron Sky ist jedoch ein Schritt darüber hinaus: Statt weiter mit den Figuren zu spielen, die andere imaginiert haben, ist Iron Sky jetzt ein Fanprojekt, das originale Inhalte erzeugt.\nWas wir sehen ist das Aufeinandertreffen etablierter Strukturen in der Publikation - Bücher, Filme und auch Musik sehe ich da nur als Ausprägungen einer einheitlichen Tradition - mit der partizipatorischen Kultur des Internets.\nTraditionelle Publikation unterscheidet Sender und Empfänger, Produzenten und Käufer. Am Schlimmsten finde ich den Ausdruck des Kulturschaffenden im Gegensatzpaar mit Verbraucher, als ob ich Kultur verbrauchen oder gar zerstören würde, wenn ich etwa ein Buch lese oder Musik höre. Leute die Worte wie \u0026lsquo;Kulturschaffender\u0026rsquo; verwenden sagen auch Enteignungsmaschine Internet .\nDem gegenüber steht die Kultur der Leute, die mit dem Internet groß geworden sind. Für sie gibt es diese Hierarchien und die Trennung nicht mehr. Kultur ist nichts, was man publiziert und das dann in Mediatheken vor sich hin sedimentiert Eine Veröffentlichung ist für diese Leute etwas zum Verarbeiten, zum Verbessern, zum Verändern, zum Verknüpfen, zum Kommentieren, und auch zum Verbreiten.\nProjekte wie HaD, PGSML Fansub oder auch Star Wreck und Iron Sky sind das Resultat der Anwendung dieser Auffassung vom Umgang mit Medien. Sie verändern die Auffassung einer ganzen Generation für Begriffe wie Urheberrecht, Schöpfungshöhe, schöpferischer Beitrag und ja, sie vernichten bestehende, zum Teil jahrhundertealte Strukturen. Das ist so, wenn man etwas Neues macht oder ist.\nWas wir sehen ist der Versuch der digitalen Immigranten , Internetausdrucker und letzten Menschen , den Lauf der Welt aufzuhalten oder doch zumindest die Richtung ein wenig zu beeinflussen.\nIch glaube nicht, daß man den Lauf der Welt betreffend Internet und Copyright aufhalten oder auch nur nennenswert beeinflussen kann, denn die partizipatorische Struktur der Internetkultur ist eine emergente Eigenschaft , die sich aus mittlerfreier Kommunikation zwangsläufig ergibt - die meisten Menschen sind echte Helden und wenn man ihnen die Gelegenheit gibt, die Welt als Ganzes mit niedrigen Transaktionskosten zu verbessern, dann tun sie es auch.\nDie einzige Möglichkeit überhaupt Einfluß zu nehmen besteht darin, diese Mittlerfreiheit einzuschränken. Und da sind wir wieder bei Zensursula.\nJeder Angriff auf die mittlerfreie Kommunikation - sei es durch Filter, durch \u0026lsquo;Three Strikes and you are out\u0026rsquo; und andere Methoden - ist ein Angriff auf die Seele des Internet und die Kultur der neuen Generation selbst: Die Piratenpartei ist mehr, weit mehr(!) als eine Zusammenrottung von ein paar Filmkopierern. Sie ist eine politische Ausprägung des Überlebenswillens des Internet selbst als Institution und Mem mit bestimmten characteristischen Eigenschaften. Sie ist gleichzeitig der politische Arm der Eingeborenen des Internet, der Leute, die vernetzt und in einer kooperativen und partizipatorischen Umgebung groß geworden sind.\nUnd daher sollte der politische Nachtrag vielleicht nicht abschließend sein, wie Erdferkel schreibt. Stattdessen überlege man, ob man sich an dem Namen wirklich so stört, ob man sich das nicht vielleicht egal sein lassen sollte und ob man nicht vielleicht doch zum ersten Mal in seinem Leben politisch aktiv werden will . Siehe auch Piratenpartei: Mithelfen! und Piratenpartei: Mitglied werden! Disclaim! Disclaim! Dieser Artikel ist ein Rant. Die Links in ihm sind Darmokros (WTF Darmokros ?) und höchst subjektiv. Do not read while under the influence or while stupid.\n","date":"2009-04-27T00:00:00Z","href":"https://blog.koehntopp.info/2009/04/27/politik-polemik-und-eine-agenda.html","tags":["copyright","internet","kultur","media","politik","lang_de"],"title":"Politik, Polemik und eine Agenda."},{"categories":null,"content":"Aus einer Diskussion in der deutschsprachigen MySQL Gruppe im USENET. Dort ging es um die Frage, warum phpMyAdmin ein eingeschränktes Werkzeug ist und bei vielen Helfern im Netz unbeliebt. Meine Antwort lautete so:\nphpMyAdmin unterliegt wie auch viele grafische Werkzeuge für MySQL (darunter auch jene, die von MySQL selbst bereitgestellt werden) einigen besonderen Einschränkungen. Diese sind prinzipbedingt und daher auch nicht leicht zu beheben.\nAber von vorne:\nIn MySQL ist es so, daß die Connection einen besonderen Kontext oder Scope darstellt. Mindestens die folgenden Dinge sind mit dem Scope der Connection definiert:\nTransaktionen. Ein Disconnect entspricht einen ROLLBACK. Transaktionen können mit SELECT \u0026hellip; FOR UPDATE oder LOCK TABLES auch Locks erzeugen. Diese sind bei einem Disconnect wieder weg. Die mit LAST_INSERT_ID() abrufbare zuletzt von auto_increment vergebene ID wird in der Connection gespeichert. Sie ist nach einem Disconnect nicht mehr verfügbar. Mit CREATE TEMPORARY TABLE erzeugte Tabellen. Sie werden bei Disconnect gelöscht. Prepared Statements und der geparste Code von Stored Code (CREATE PROCEDURE und CREATE FUNCTION) werden pro Connection verwaltet, auch wenn das technisch eine falsche Lösung ist. @-Variablen. SET @bla = 10 oder SELECT @bla := count(*) FROM keks; definieren jeweils eine Connection Variable mit dem Namen @bla, die beim Disconnect verloren ist. SESSION-Parameter. SET SESSION mysiam_sort_buffer_size = 1024*1024*64 oder SET @@session.myisam_sort_buffer_size = 1024*1024*64 sind nach einen Disconnect verloren. Dies gilt auch für die häufig gesetzten Character Sets (SET NAMES ist nur ein Kürzel für drei bestimmte SET SESSION ...). SET-Kommandos mit spezieller Bedeutung im Kontext von Replikation, wie SET TIMESTAMP oder SET LAST_INSERT_ID können das Verhalten von Funktionen wie SELECT NOW() oder SELECT LAST_INSERT_ID() beeinflussen. Wir nennen so etwas Zustand im Scope der Connection oder Connection Scoped State (CSS, mal wieder).\nEin Client, der also unkontrolliert disconnected oder bei dem ein Disconnect nicht korrekt gemeldet wird, ist defekt in dem Sinne, daß die o.a. Funktionalität nicht wie erwartet verfügbar ist.\nDas gilt für viele grafische Clients - viele von denen machen nach dem Absenden der Query und dem Lesen des Result Sets einen Disconnect und verbinden sich für die folgende Query neu, darunter auch der MySQL Query Browser.\nDas gilt auch für einige veraltete Versionen von Connectoren. Eine Zeit lang dachte das MySQL Connector/J-Team zum Beispiel, es sei eine gute Idee, Auto-Reconnect bei Verlust der Connection aus welchem Grund auch immer zu machen. Korrekt ist stattdessen, eine Java Exception dafür zu schmeißen, damit die Anwendung auch eine Chance hat, den Verlust des Session-Zustandes mitzubekommen. Denn wenn einem der Session-Verlust mitten in einer Transaktion passiert, und der Connector dann einfach wieder verbindet, statt die Exception zu werfen, kann man ein paar echt schwer zu findende Heisenbugs bauen.\nUnd das gilt prinzipbedingt auch für jeden Webclient wie phpMyAdmin einer ist. Es ist nun mal so, daß etwa Apache einen Haufen Worker Slaves hat und daß ein eingehender http-Request einen zufälligen Worker Slave zugeteilt wird. Es wäre also selbst mit mysql_pconnect() nicht möglich einen phpMyAdmin zu schreiben, der CSS korrekt behandelt.\nKann Dein Client CSS? Definiere in einer Query eine Session Variable: SET @bla = 'Ich bin korrekt';\nIn einer zweiten Query frage den Wert der Variable ab: SELECT @bla;\nWenn Dein Client mit \u0026ldquo;Ich bin korrekt\u0026rdquo; antwortet, kann er CSS verwalten. Ansonsten ist er unbrauchbar und gehört auf den Müll - wer will schon einen Datenbankclient, mit dem man nicht mal eine Transaktion korrekt verwalten kann?\n","date":"2009-04-19T00:00:00Z","href":"https://blog.koehntopp.info/2009/04/19/connection-scoped-state-bei-mysql.html","tags":["erklaerbaer","database","mysql","mysqldev","lang_de"],"title":"Connection Scoped State bei MySQL"},{"categories":null,"content":" \u0026ldquo;Any sufficiently advanced incompetence is indistinguishable from malice.\u0026rdquo;\n\u0026mdash; Elizabeth Mattijsen liz@dijkmat.nl Liz just applied Clarke\u0026rsquo;s 3rd Law to Hanlon\u0026rsquo;s Razor .\n","date":"2009-02-16T00:00:00Z","href":"https://blog.koehntopp.info/2009/02/16/liz-application-of-clarke-s-law-to-hanlon-s-razor.html","tags":["fluffy fluff","lang_de"],"title":"Liz application of Clarke's Law to Hanlon's Razor"},{"categories":null,"content":"Slowtiger antwortet in einem Kommentar zu Mein natives IP V6 :\nWenn ich Sätze wie \u0026ldquo;Ob ich überhaupt noch unverschlüsseltes http auf V6 anbieten werde weiß ich nicht - die politische Situation legt nahe, daß dies Unsinn ist.\u0026rdquo; in einem Technikblog lese, dann gruselts mich wirklich.\nAlso, die ganze Erklärung ist wie immer in wenig länger.\nRechenleistung ist kein Problem Es ist schon seit mindestens 5 Jahren so, daß jeder zeitgemäße Rechner leicht die Rechenleistung hat, um seinen Netzwerkverkehr zu verschlüsseln. Dazu braucht man auch keinen Krypto-Coprozessor.\nUm dem ganzen mal eine Relation zu geben: Das ganze alte web.de Rechenzentrum von 2003 hat so um die 2 Megawatt (ca. 2500 PS, zwei fette Schiffsdiesel) Leistungsbedarf. Die SSL-Verschüsselung allen web.de Traffics verbraucht in etwa 7 Kilowatt (etwa 10 PS, eine Ente) an Rechenleistung.\nWarum bietet also nicht jeder seine Website grundsätzlich SSL-Verschlüsselt an?\nSSL comitted sich zu früh auf den Sitenamen Das liegt einmal am Aufbau von SSL. Der Webserver lauscht auf einem Port auf eingehende Verbindungen - hier dem https-Port 443. Das erste, was nach dem TCP-Connect passiert ist der SSL-Handshake: Server und Browser einigen sich darin auf die Gültigkeit der Zertifikate und die zu verwendende Verschlüsselung. Im Zertifikat steht auch schon der Name des Webservers - etwa \u0026lsquo;blog.koehntopp.info\u0026rsquo;.\nErst danach kommt der eigentliche HTTP GET-Request, der nun schon gesichert und verschlüsselt im SSL-Tunnel übermittelt wird. Dadurch ist eine SSL-Verbindung von Anfang an gesichert.\nDieser Request muß nun aber an die im Zertifikat genannte Site sein. Es ist nicht mehr möglich, in einem für blog.koehntopp.info aufgebauten SSL-Tunnel einen Request für z.B. hubbahubba.de zu senden, denn das Zertifikat ist ja schon ausgetauscht und der Server hat das Zertfikat für blog.koehntopp.info vorgezeigt, nicht für hubbahubba.de.\nDaher braucht man in SSL für jede Site eine eigene IP-Nummer, während man unverschlüsselt mit \u0026rsquo;name based virtual hosts\u0026rsquo; eine IP-Nummer für beliebig viele Sites teilen kann.\nTLS mit SNI kann das umgehen Auf dem Port 443 kann man nun verschiedene Geschmacksrichtungen von Verschlüsselungsmanagement fahren (die Verschlüsselung ist immer dieselbe, aber die Art und Weise, wie man sich über Namen, Schlüssel und Verfahren einigt ist subtil anders): SSL 2.0 (veraltet und defekt), SSL 3.0 (soweit bekannt sicher) und TLS (soweit bekannt auch sicher). Für TLS gibt es eine Erweiterung SNI (Server Name Indication ), die genau dieses geschilderte Problem umgehen soll.\nSNI ist nicht weit genug verbreitet SNI wird nun von einigen Browsern sogar unterstützt und fehlerfrei genug implementiert, sodaß man sie nutzen könnte um mehr als einen SSLTLS-Host pro IP zu betreiben. Leider ist der Marktanteil der Broser, die SNI beherrschen nicht groß genug. So wird SNI im MSIE nur in Vista unterstützt, behauptet jedenfalls Wikipedia.\nIPV6 ändert die Regeln Mit IP V6 bekommt man in der Regel keine einzelnen Adressen zugeteilt, sondern gleich ganze Blöcke von Nummern. Es gibt also keinen Grund mehr sparsam mit den Adressen zu sein, sondern man kann ganz entspannt jedem Host sowieso eine einzelne Adresse zuweisen anstatt mit Hacks wie Name Based Virtual Hosts und SNI rumzufuhrwerken. Das heißt auch, daß SSL und TLS sehr viel einfacher zu implementieren sind - im Browser wie auch im Server. Und daß so mehr Leute ihre Sites einfach so auch verschlüsselt anbieten\nDie Sache mit den Zertifikaten Dem wiederum steht in erster Linie die Handhabung von Zertifikaten entgegen, die aktuelle Browser so drin haben. Das Modell für den Umgang mit Zertifikaten ist derzeit nämlich weniger auf die Generierung von tatsächlicher Sicherheit ausgerichtet, sondern mehr auf die Generierung von Umsatz für Certification Authorities.\nDerzeit ist es so, daß der Browser gerne ein Zertifikat sehen möchte, wenn er auf https://blog.koehntopp.info zugreift. Der CN (common name, hier: der Sitename im Zertifikat) muß dann mit dem DNS-Namen übereinstimmen. Das heißt im Zertifikat und in der Browserleiste muß in beiden Fällen blog.koehntopp.info stehen. Im Zertifikat steht dann außerdem noch, das blog.koehntopp.info von Kristian Köhntopp betrieben wird und daß dem Aussteller des Zertifikate die ladungsfähige Anschrift von Kristian Köhntopp bekannt war, als er das Zertifikat signiert hat - das setzt voraus, daß die CA bei Ausstellung des Zertifikates so was auch überprüft. Das Zertifikat muß außerdem von einer Certificate Authority ausgestellt sein, die der Browser kennt - welche CAs der Browser kennt, ist in ihm eingebaut. Trifft ein Browser auf Zertifikate von einer CA, die er nicht kennt, mault er mehr oder weniger laut rum. Firefox 3 mault 3-4 Mausklicks lang rum, jedesmal wenn er auf ein neues solches Zertifikat trifft. Man kann die CA-Liste zwar zur Laufzeit anpassen, aber das tut niemand jemals.\nNun ist es aber so, daß eine CA zu betreiben quasi eine Lizenz zum Geld drucken ist. Wenn man so mit Geld drucken beschäftigt ist, dann hat man es mitunter echt schwer, das Geld von Leuten abzulehnen. Und zertifiziert dann alles und jeden . Damit ist ein Server-Zertifikat von dieser CA gar nix mehr wert. Als Endanwender kann man sich jetzt also seine CA-Liste im Browser angucken und sich überlegen, welche CA dort wohl wertige und welche wertlose Zertifikate ausstellt - am Zertifikat kann man das jedenfalls nicht sehen. Daher Fefes Anmerkung \u0026lsquo;Totalschaden für SSL\u0026rsquo;.\nBesser wäre es, der Browser würde sich mit CAs gar nicht weiter abgeben, sondern sich an Sites erinnern und warnen, wenn sich das Zertifikat einer Site spontan ändert - etwa so . Dann kann sich jeder ein Zertifikat bauen und es unterschreiben wie er lustig ist. Man würde bei allen wichtigen Sites aber dennoch merken, wenn einem jemand versucht etwas unterzuschieben, weil sich das bereits bekannte Zertifikat spontan ändert.\nUnd warum der ganze Schmonz? IPV6 und SSL mit selbstsignierten Zertifikaten und optional einem Firefox-Plugin das auf die von Fefe beschriebene Weise funktioniert erlauben es uns, große Teile des bisher unverschlüsselten Webs zu verschlüsseln und sogar so etwas wie lokale Sicherheit zu erzeugen. Das geht deswegen, weil zwei der drei Gründe weggefallen sind, die bisher dagegen sprachen: CPU ist nicht mehr knapp und IP-Adressen sind es auch nicht (und an den knappen Zertifikaten arbeiten wir mit dem o.a. Vorschlag).\nDas erhöht den Anteil von verschlüsseltem Traffic im Netz und macht jede Form von Filterung, Phorm und anderen Formen von Injection sowie sonstiger Schnüffelei ab Werk schwieriger. Das schützt nicht nur einen selbst, sondern auch alle anderen, deren verschlüsselter Traffic nun viel weniger auffällig ist.\nDas will man, und mit V6 wird das echt einfach.\n","date":"2009-02-11T00:00:00Z","href":"https://blog.koehntopp.info/2009/02/11/ein-paar-worte-zu-ssl.html","tags":["kryptographie","security","web","lang_de"],"title":"Ein paar Worte zu SSL"},{"categories":null,"content":"Mein dedizierter Server in Berlin hat seit Ende Januar IP V6 nativ. Als Testkunde habe ich die Connectivity vor dem Rollout bekommen - eine IP V6 Adresse als Primäradresse und ein /56 Netz zum Spielen und durch die Gegend routen.\nDer Dedi läuft recht schmerzfrei auf der mitgelieferten SuSE 10.2, und das Setup war sehr leicht. Stellt man in \u0026lsquo;yast network\u0026rsquo; bei \u0026lsquo;Besondere Einstellungen\u0026rsquo; \u0026lsquo;Erweitert\u0026rsquo; das IP V6 an, erledigt SuSEs Systemadministration alle notwendigen Dependencies alleine. Insbesondere wird das ipv6.ko Kernelmodul geladen, aber auch alle notwendigen iptables-Module, die für eine stateless V6 Firewall notwendig sind. ip_conntrack unterstützt in 10.2 noch kein V6, leider.\nDie notwendigen Konfigurationen habe ich dann jedoch zu Fuß in /etc/sysconfig/network erledigt.\nh743107:/etc/sysconfig/network # cat ifroute-lo 127/8 2A01:238:40AB:CD00::/56 Die erdet mein /56, sodaß der Provider-Router und mein Dedi nicht mit den Paketen pingpong spielen. Für einzelne genutzte Adressen lege ich dann Hostrouten, um das zu aktivieren.\nh743107:/etc/sysconfig/network # cat ifcfg-eth0 ... NETMASK=\u0026#39;\u0026#39; NETWORK=\u0026#39;\u0026#39; IPADDR_1=\u0026#39;85.214.44.126\u0026#39; NETMASK_1=\u0026#39;255.255.255.255\u0026#39; BROADCAST_1=\u0026#39;85.214.44.126\u0026#39; LABEL_1=\u0026#39;1\u0026#39; IPADDR_2=\u0026#39;2A01:238:4000:0:0123:4567:89AB:CDEF\u0026#39; IPADDR_3=\u0026#39;2A01:238:40AB:CD00::1\u0026#39; Dies setzt die primäre V6-Adresse und die eine weitere V6-Adresse, die ich bisher nutze als aktiv. Der Rest des /56 ist weiter geerdet, nur diese eine Adresse \u0026hellip;::1 ist aktiv. Nun muß noch die Routingtabelle entsprechend gesetzt werden:\nh743107:/etc/sysconfig/network # cat ifroute-eth0 2A01:238:40AB:CD00::1 fe80::1 default fe80::1 Auch durch /etc/sysconfig/SuSEfirewall2 muß man einmal durchtoben und die entsprechenden V6-Optionen dort setzen, damit die Pakete nicht weggeworfen werden.\nMit einem ping6 kann man nun schon Connectivity testen.\nh743107:/etc/sysconfig/network # ping6 -c 3 2001:4c40:1::6667 PING 2001:4c40:1::6667(2001:4c40:1::6667) 56 data bytes 64 bytes from 2001:4c40:1::6667: icmp_seq=1 ttl=57 time=31.5 ms 64 bytes from 2001:4c40:1::6667: icmp_seq=2 ttl=57 time=31.6 ms 64 bytes from 2001:4c40:1::6667: icmp_seq=3 ttl=57 time=31.5 ms --- 2001:4c40:1::6667 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2008ms rtt min/avg/max/mdev = 31.518/31.568/31.654/0.061 ms Auch ein traceroute6 dort hin kann sehr aufschlußreich sein.\nssh ssh sollte sofort und ohne weitere Konfiguration mit V6 funktionieren. Die /etc/ssh/sshd_config kennt\nAddressFamily Specifies which address family should be used by sshd(8). Valid arguments are “any”, “inet” (use IPv4 only), or “inet6” (use IPv6 only). The default is “any”. ListenAddress Specifies the local addresses sshd(8) should listen on. The following forms may be used: ListenAddress host|IPv4_addr|IPv6_addr ListenAddress host|IPv4_addr:port ListenAddress [host|IPv6_addr]:port If port is not specified, sshd will listen on the address and all prior Port options specified. The default is to listen on all local addresses. Multiple ListenAddress options are permitted. Additionally, any Port options must precede this option for nonport qualified addresses. Da insbesondere der Default \u0026lsquo;any\u0026rsquo; ist, sollte keine Konfiguration notwendig sein. Wer ein Setup mit ListenAddress fährt, muß kurz die Config anpassen, ebenso jemand der PermitOpen verwendet um Security-Regeln zu implementieren.\nexim Alle Änderungen, die ich am Exim gemacht habe sind:\ndisable_ipv6 aus der Konfirguration entfernt und local_interfaces um die gewünschten Adressen erweitert. Literale Adressen müssen dabei in eckigen Klammern stehen. Der entsprechende Abschnitt in der Konfiguration sieht also wie folgt aus:\n#disable_ipv6 local_interfaces = \u0026lt;; [85.214.35.184]:25; [85.214.35.184]:587; [127.0.0.1]:25; [127.0.0.1]:587; [2a01:238:4000:0:123:4567:89ab:cdef]:25; [2a01:238:4000:0:123:4567:89ab:cdef]:587; [2a01:238:40ab:cd00::1]:25; [2a01:238:40ab:cd00::1]:587 httpd Der Apache, den ich fahre, lauscht nun ebenfalls für seine virtuellen Hosts aus V6-Adressen. Dazu habe ich meinen Konfigurationsgenerator wie folgt definiert:\nListen SERVERIP:80 Listen [2a01:0238:4000:0000:0123:4567:89ab:cdef]:80 Listen [2a01:0238:4000:0000:0123:4567:89ab:cdef]:443 NameVirtualHost * Die Kombination von Listen-Anweisungen und NameVirtualHost * sorgt dafür, daß alle name based virtual Hosts auf allen diesen Interfaces zu bekommen sind. Für den 443-Port ist das natürlich sinnlos. Ich werde stattdessen also für V6 ein anderes System brauchen, das named-Setup und Apache-Setup miteinander verheiratet und in V6 grundsätzlich IP-basierende Virtual Hosts verwendet, diese dann aber grundsätzlich auf Port 443 verfügbar macht. Ob ich überhaupt noch unverschlüsseltes http auf V6 anbieten werde weiß ich nicht - die politische Situation legt nahe, daß dies Unsinn ist.\ndovecot Dovecot kann derzeit nur auf einem oder allen Interface lauschen. Ich muß also meine alte IP-basierte listen-Anweisung löschen und ein globales Listen einsetzen:\n#listen = 85.214.35.184 listen = [::] Ein * hätte alle V4-Interfaces aktiviert, ein [::] aktiviert V4 und V6.\nirssi Um mit V6 im Ircnet ircen zu können, muß man sich mit einem Webbrowser gegen einen V6-only Webserver connecten und dort freischalten lassen. Dann kann man definieren:\nservers = ( { address = \u0026#34;irc.irc6.net\u0026#34;; chatnet = \u0026#34;ircnet\u0026#34;; port = \u0026#34;6667\u0026#34;; use_ssl = \u0026#34;no\u0026#34;; ssl_verify = \u0026#34;no\u0026#34;; autoconnect = \u0026#34;yes\u0026#34;; } ); und von dort aus weiterarbeiten. Für Freenode ist es\nservers = ( { address = \u0026#34;ipv6.chat.freenode.net\u0026#34;; chatnet = \u0026#34;freenode\u0026#34;; port = \u0026#34;6667\u0026#34;; use_ssl = \u0026#34;no\u0026#34;; ssl_verify = \u0026#34;no\u0026#34;; autoconnect = \u0026#34;yes\u0026#34;; } ); Undernet kann noch kein V6.\nnamed Bind 9 kann V6. Das reverse Lookup für die primäre IP liefert der Provider. Für das /56 habe ich eine Delegation und einen Secondary, muß die Zone also selber fahren.\nVorwärts-Einträge:\nirc 1D IN AAAA 2A01:0238:40AB:CD00:0000:0000:0000:0001 irc 1D IN MX 100 smtp.koehntopp.de. smtp 1D IN AAAA 2A01:0238:40AB:CD00:0000:0000:0000:0001 smtp 1D IN A 85.214.35.184 smtp 1D IN MX 100 smtp.koehntopp.de. Und die reverse Zone:\nh743107:/var/lib/named/master # less /etc/named.conf ... options { listen-on-v6 port 53 { 2a01:238:4000:0:123:4567:89ab:cdef/128; }; query-source-v6 address 2a01:238:4000:0:123:4567:89ab:cdef; transfer-source-v6 2a01:238:4000:0:123:4567:89ab:cdef; notify-source-v6 2a01:238:4000:0:123:4567:89ab:cdef; allow-transfer { ... 2001:608:a:0:219:dbff:fe4c:93a0; }; }; ... zone \u0026#34;d.c.b.a.0.4.8.3.2.0.1.0.a.2.ip6.arpa\u0026#34; in { type master; file \u0026#34;master/d.c.b.a.0.4.8.3.2.0.1.0.a.2.ip6.arpa.zone\u0026#34;; }; Dann muß noch die Zone erzeugt werden. Dies geschieht wie üblich und ist nur ein Haufen Tipperei.\nh743107:/var/lib/named/master # ls -l *ip6* -rw-r--r-- 1 root root 347 Feb 3 10:03 d.c.b.a.0.4.8.3.2.0.1.0.a.2.ip6.arpa.zone h743107:/var/lib/named/master # cat !$ cat *ip6* @ 1D IN SOA ns1.koehntopp.de. hostmaster.koehntopp.de. ( 2009020301 ; serial 1D ; refresh 2H ; retry 1W ; expiry 1D ) ; minimum 1D IN NS luggage.rince.de. 1D IN NS ns1.koehntopp.de. 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1D IN PTR irc.koehntopp.de. ","date":"2009-02-10T00:00:00Z","href":"https://blog.koehntopp.info/2009/02/10/mein-natives-ip-v6.html","tags":["internet","ipv6","lang_de"],"title":"Mein natives IP V6"},{"categories":null,"content":" There are two kinds of fool. One says, “This is old, and therefore good..” And one says “This is new, and therefore better..”\t—John Brunner, in The Shockwave Rider\nNeue Ideen in Dateisystemen sind so eine Sache. Es handelt sich bei einem Dateisystem ja um Infrastrukturcode par excellence, und so reden die meisten Leute gerne von ihrem letzten Datenverlust, wenn man sie nach Dateisystemen befragt. Das ist nicht neu, ich habe in The Importance Of FAIL das Thema ja schon mal angeschnitten.\nNeue Ideen in Dateisystemen sind auch langsam. 1984 bis 1992 gab es das Sprite Projekt in Berkeley, bei dem es um die Entwicklung eines rechnerübergreifenden Betriebssystems ging. Teil von Sprite war auch etwas, das sich LFS (Log Structured Filesystem) nannte.\nLFS basiert auf der Idee, daß nur noch Writes auf eine Platte übrig bleiben, wenn man nur genug RAM zum Cachen aller Reads hat. Also quasi die Situation, in der Google jetzt grad ist. Wenn das aber so ist, so geht die Überlegung weiter, dann muß man Daten auf der Platte nicht zum Lesen optimiert ablegen, sondern das Schreiben optimieren.\nEin Exkurs in Fragmentierung Gegeben sei MS-DOS, also ein System mit nur einem Thread, der Read-Requests generieren kann und quasi ohne Read-Cache, der solche Reads wegoptimieren kann. Dann ist das Dateisystem dann für viele Anwendungen zum Lesen optimiert, wenn alle Dateien defragmentiert abspeichert sind, d.h die Blocknummern der physikalischen Blöcke jeder Datei unmittelbar aufeinanderfolgend sind.\nGegeben sei ein System mit unendlich viel Speicher, das schon unendlich lange läuft. Dann wiederum sind alle Daten im RAM gecached, und die physikalische Anordnung der Daten auf der Platte ist aus der Sicht der Lesezugriffe total schnurz.\nDie meisten realen Systeme liegen irgendwo dazwischen - je mehr RAM und je besser die Caches vorgeglüht, desto mehr ist es egal, wie die Daten auf der Platte angeordnet sind.\nDie meisten realen Systeme haben heutzutage auch mehr als einen Thread, der Requests erzeugen kann und schon von daher ist das statisch lineare Layout von Dateien auf der Platte nicht mehr unmittelbar ein Garant für dynamisch lineare Lesezugriffe.\nLFS dreht den Spieß um LFS nimmt nun ein solches System mit unendlich viel Speicher und unendlich langer Laufzeit an, d.h, kümmert sich nicht um die Linearisierung von Reads, sondern lediglich noch um die Linearisierung von Writes: Das Dateisystem hat kein Log, es ist ein Log - ein großer Ringpuffer von Daten, bei dem die Platte von vorne nach hinten beschrieben wird und wenn man am Ende der Platte angekommen ist, fängt man von vorne an.\nSnapshots bekommt man bei einem solchen System gratis (Aber BSD hat es nicht implementiert ): Am Anfang der Platte hat man keinen Superblock, sondern einen Zeiger auf die letzten paar Superblöcke, die geschrieben wurden. Jede Operation kann als Transaktion geschrieben werden: Blöcke werden dabei nicht überschrieben, sondern geänderte Versionen des neuen Blockes werden linear rausgeschrieben.\nBeispiel: Eine Datei besteht aus einem Verzeichniseintrag, einer Inode und in der Inode aus Zeigern auf Datenblöcke. Überschreibt man nun das letzte KB der Datei und verlängert sie nun auch noch um ein KB, dann werden zunächst der \u0026ldquo;überschriebene\u0026rdquo; Datenblock und der neue Datenblock am Ende des Schreibpuffers neu geschrieben, dann wird die geänderte Inode der Datei dahinter neu geschrieben und dann der Block, der auf die aktuelle Version dieser Inode zeigt neu geschrieben und am Ende ein neuer Superblock.\nBeim Lesen folgt man dem neusten Superblock, findet man die neuste Version der Inode, und damit die geänderte und verlängerte Datei. Folgt man der älteren Kopie des Superblocks, findet man eine ältere Version der Inode derselben Datei und die dazu gehörenden älteren Versionen der Datenblöcke, also eine alte Version derselben Datei. Alle Blöcke, die zwischen beiden Versionen der Datei unverändert bleiben, sind beiden Versionen gemeinsam und nur einmal auf der Platte vorhanden.\nLFS Performance stinkt Nun ist es so, daß außerhalb des Googleplex RAM endlich und die Laufzeiten von Computern begrenzt sind. Daher ist es auch so, daß es zu Situationen kommen kann, in denen der File System Buffer Cache das aus Lesesicht absolut pessimale Layout von LFS nicht abschirmen kann. In solchen Fällen - die besonders von Datenbanken gerne provoziert werden - ist die Performance von LFS nur mit geologischen Fachbegriffen zu erfassen.\nSchon LFS auf Sprite, und sein späterer Port auf BSD Unix haben daher einen Repacker gehabt. Das ist ein Prozeß der Idlezeiten der Platte nutzt und die Daten auf dem Medium ein wenig read-freundlicher anordnet. Man kann sich das wie eine dauernd laufende Defragmentierung im Hintergrund vorstellen. Auch ReiserFS 4, das auf ähnlichen Ideen basiert hat einen solchen Repacker.\nIn with the out, old with the new Die Idee, Daten niemals zu überschreiben ist sicherlich gut. Sie läßt sich jedoch auch mit Dateisystemen implementieren, die Daten gleich beim ersten Schreiben sinnvoll auf der Platte layouten ohne dabei eine Ringpuffer-Struktur zu erzeugen.\nDateisysteme wie WAFL auf einer NetAPP sind ein erster Schritt in diese Richtung, Suns ZFS geht ihn noch konsequenter. Beide Dateisysteme stammen aus Projekten, in denen Leute arbeiten, die vorher mit verschiedenen Versionen von LFS gearbeitet haben. Insofern ist es auch nicht weiter verwunderlich, daß solche Ideen in diesen Dateisystemen auftauchen - außer man ist Patentanwalt und wundert sich aus beruflichen Gründen.\nSolche Dateisysteme, die nie überschreiben (und daher laufend snapshotten), aber die Platte nicht als Ringpuffer betrachten sondern schon noch layouten, nennt man Copy-On-Write Dateisysteme (COW-FS).\nWeitere gute Ideen importieren ZFS ist in diesem Zusammenhang besonders interessant, weil es noch weitere gute Ideen von anderswo importiert. Episode zum Beispiel ist das Dateisystem der halb vergessenen DCE-Initiative, und vielen Leuten in der Geschmacksrichtung AdvFS von DEC bekannt.\nAdvFS integriert das Storagemangement, das sonst von einem Logical Volume Manager erledigt wird und das Platzmanagement des Dateisystems ineinander. Eine File Domain kann man sich dabei wie eine Volume Group vorstellen - eine Art Kiste, in der die Blöcke enthalten sind, die beschrieben werden können.\nIn der File Domain sind File Sets vorhanden, Dinge, die man anderswo Dateisysteme nennt. File Sets ist dabei nicht zwingend eine feste Größe zugewiesen - man kann sie sich wie Luftballons vorstellen, die in der Kiste sind und die nach bedarf aufgeblasen und verkleinert werden können. Mit einem Quota-System kann man einem File Set einen Mindestplatzbedarf und einen Maximalbedarf zuordnen und so den Platz in der File Domain verwalten. Der AdvFS-Source ist seit 2008 GPLed, aber er interessiert kaum noch jemanden.\nZFS hat wie AdvFS diese Integration von Volume Management in das Dateisystem übernommen - etwas, das auf den Linux-Kernel-Mailinglisten von einigen Personen als blatant layering violation angesehen wurde - die Redewendung hat es zu einigem Google-Karma gebracht. Tatsächlich handelt es sich um eine andere Sicht auf den Stack, aber eine, die durchaus von anderen geteilt wird, die wie man an AdvFS sehen kann und die durchaus interne Struktur hat.\nEine andere gute Idee, die ZFS aus der Datenbankwelt übernommen hat, sind Prüfsummen überall. Auf diese Weise - und nur auf diese Weise - ist es möglich, die Integrität des Dateisystems Ende-zu-Ende sicherzustellen und vor allen Dingen auch integre Teile des Systems zur Verfügung zu stellen, während man beschädigte Teile isoliert und abtrennt. Der ZFS-Code kann es nicht, aber grundsätzlich ist es möglich aus jedem defekten ZFS ein integres Sub-ZFS raus zu extrahieren und zu publizieren, während der Rest anderweitig recovered wird - die Datenstrukturen geben das her.\nOpen Source Management Nun hat Sun ein sehr sauberes und durchaus politisches-strategisches Intellectual Property Management . Das bewirkt, daß der Source von ZFS unter der CDDL (\u0026ldquo;cuddle\u0026rdquo;, eine modifizierte MPL 1.1) verfügbar ist - er ist Teil von Opensolaris, FreeBSD, MacOS X und einigen anderen Systemen. Die CDDL verletzt aber die additional restrictions clause der GPL und ist mit der GPL nicht kompatibel - es wäre zwar technisch möglich einen Linux-Kernel zu bauen, der ZFS enthielte, aber es ist keinem Distributionshersteller juristisch möglich so etwas zu verteilen. ZFS läuft daher unter Linux nur als Userland-Prozeß als Teil von FUSE .\nCOW-FS in Linux - BTRFS Die Linux-Crowd ficht das nicht an. Im Linux-Kernelspace entwickelt man seit einiger Zeit an einem Nachfolger für die extX-Reihe von Dateisystemen, und einer der Kandidaten für eine solche Nachfolge ist BTRFS (\u0026lsquo;ButterFS\u0026rsquo;, nicht etwa \u0026lsquo;BetterFS\u0026rsquo;). Die Featureliste von BTRFS liest sich wie eine Shoppingliste in den Stammbäumen der oben genannten Ahnherrschaften: Extent-Based wie ext4 und XFS statt Bitmaps wie ext3 und ZFS, Tail-Packing wie bei Reiser3 und Reiser4, Verzeichnisse als Bäume wie inzwischen allgemein üblich, dynamisch erzeugte Inodes, wie sich fast zwingend aus COW-FS-Erfordernissen ergibt, writeable-snapshots, subvolumes (File Sets aus AdvFS), Object Level Mirroring und Striping, Checksums on Everything, Compression (und sicher auch Encryption), Integrated Multiple Device Support (besagte blatant layering violation), Online Filesystem Check (o.a. Teilvalidierung) und Online System Defragmentation (ein Repacker und die Möglichkeit des Online Filesystem Checks machen das leicht).\nDie BTRFS-Leute ziehen dabei ein paar echt eklige, aber vollkommen legale Stunts ab. In Conversion from ext3 wird gezeigt, wie die Metadatenstrukturen von BTRFS in ein existierendes ext3 reingemalt werden können ohne das ext3 zu beschädigen und wie kurzzeitig beide Systeme parallel existieren und die Datenblöcke teilen können. Das erlaubt eine Konvertierung von extX-Dateisystemen in BTRFS ohne Neuformatierung - ein echtes Killerfeature für Leute mit einem Arsch voll Linux-Daten.\nEinen schönen Überblick über die BTRFS-Strukturen findet man im Design Dokument . Zum Thema Multiple Device Support gibt es ebenfalls Seiten. Und eine Einführung in den Code gibt es auch - hier .\nBTRFS ist unter der GPL lizensiert, kompatibel mit dem Linux-Kernel und Bestandteil aktueller Standardkernel. Die gestern freigegebene Fedora 11 Alpha enthält BTRFS als experimentelles Dateisystem - gut genug zum Spielen und Testen, aber noch nicht gut genug für Wirkdaten.\n","date":"2009-02-06T00:00:00Z","href":"https://blog.koehntopp.info/2009/02/06/neue-ideen-in-dateisystemen-oder-btrfs-in-fedora-11.html","tags":["filesystems","free software","linux","lang_de"],"title":"Neue Ideen in Dateisystemen (oder: BTRFS in Fedora 11)"},{"categories":null,"content":"Es sollten drei bis fünf Überwachungen mit einem maßgeschneiderten Binary sein, sagten Schäuble und Ziercke. Doch erwartungsgemäß liest sich das nun anders. BKA-Chef will Bundestrojaner auch gegen organisierte Kriminalität einsetzen weiß der Heise Newsticker. Was genau sollen wir darunter verstehen?\nInzwischen seien allein hierzulande aber \u0026ldquo;täglich 300.000 bis 500.000\u0026rdquo; Rechner mit Schadsoftware infiziert, schilderte Ziercke den Umfang von Cybercrime. Die Folge sei der Missbrauch der befallenen Computer für Phishing, Spamming, den Einbruch in fremde Systeme oder \u0026ldquo;Distributed Denial of Service\u0026rdquo;-Attacken (DDoS).\nUnd diese Dinge rechnet das BKA gar nicht falsch der sogenannten OK zu.\nIn der Praxis heißt das aber nur, daß das BKA einen Bot-Krieg gegen die Autoren von Schadsoftware vom Zaun brechen will und diesen am Liebsten auf den Rechnern der betroffenen Windows-Benutzer auskämpfen möchte. Das hilft diesen Leuten sicherlich ungemein.\nJedenfalls sind 300.000 bis 500.000 Rechner mit einem Mal ganz andere Zahlen als die zuvor genannten drei bis fünf. Wer ist noch nicht überrascht?\n","date":"2009-01-23T00:00:00Z","href":"https://blog.koehntopp.info/2009/01/23/mehr-bundestrojaner.html","tags":["politik","security","lang_de"],"title":"Mehr Bundestrojaner"},{"categories":null,"content":"Der Linux-Kernel 2.6.28 enthält das ext4-Dateisystem standardmäßig und sowohl Fedora als auch Ubuntu werden es unterstützen. Was bringt ext4 an Änderungen?\nEin Dateisystem ist für die meisten Benutzer eine quasi unsichtbare Sache. Es sind halt Dateien da und wenn man auf diese zugreift hat man halt Daten. So sind Dateisystem-Features für die meisten Leute also eine sehr unspektakuläre Sache. Die folgende Übersicht ist also etwas geekzentrisch.\nExtents ext2 und ext3 sind sehr traditionelle Dateisysteme, die intern im Grunde auf Technik von 1984 basieren. ext2 ist eine minimal verbessere Nachprogrammierung des BSD ffs (bei Sun und MacOS X: ufs), ext3 fügt dem lediglich das Journal zur schnelleren Wiederherstellung nach Systemcrashes zu. Beide Dateisysteme speichern die Metadaten von Dateien in einer Inode ab und merken sich die Lage der Datenblöcke in einer Datei in einem (in sogenannten Indirect-Blocks gefalteten) Array von Blocknummern. In einem Artikel von 1994 habe ich das mal länger ausgeführt .\nDa mit einigem Glück die meisten Dateien nicht fragmentiert gespeichert sind, besteht dieses Array also bei vielen Dateien aus einer langen Folge von unmittelbar aufeinander folgenden Blocknummern. Das ist unglaublich ineffizient.\nXFS, also Technik von 1994, ist eines der ersten Dateisysteme gewesen, das stattdessen mit Extents arbeitet, also Blockfolgen durch Run Length Encoding komprimiert: Statt einer Folge von Blocknummern wird die Startnummer der Folge und ihre Länge als ein Paar gespeichert. 15 Jahre später führt man dieses Detail auch in ext4 endlich ein.\nGroße Dateisysteme Eine andere Technik von XFS kopiert man dabei nicht: Kompression von Blocknummern. ext4 unterstützt große Dateisysteme durch den Einsatz von 64 Bit großen Blocknummern. Da die Kernel-Infrastruktur noch nicht entsprechend mitgewachsen ist, sind derzeit 48 Bit große Blocknummern nutzbar, was für immerhin schon Exabyte-große Dateisysteme ausreicht. Anders als XFS, das ebenfalls ein 64 Bit-Dateisystem ist, speichert ext4 jedoch immer ganze 8 Byte große Blocknummern, während XFS auch relative Blockadressen zum Beginn jeweils einer Zone verwenden kann und so an vielen Stellen mit 4 Byte langen Zahlen auskommt, auch wenn es 64 Bit adressieren kann.\nWeil ext2 und ext3 im Grunde saubere Rewrites von FFS waren, haben sie auch die 16 Bit große Linkcount-Zahl von diesem geerbt und konnten so bis zu 32767 Links pro Datei verwalten. Da Unterverzeichnisse durch den \u0026ldquo;..\u0026quot;-Eintrag den Linkcount des Elternverzeichnisses erhöhen, war man so auf 32765 Unterverzeichnisse pro Directory beschränkt. ext4 geht hier anders vor und das Limit existiert nicht mehr.\nNeues Blockbelegungsschema Jedes Dateisystem hat Funktionen mit denen es entscheidet auf welchen physischen Blöcken der Platte eine Datei zu liegen kommt. Ziel diese Allokators ist es dabei, die Fragmentierung von Dateien zu verhindern und die Dateien so anzuordnen, daß schnell lesen darauf zugegriffen werden kann.\nDer Allkokator von ext2 und ext3 ist dabei notorisch schlecht. Zum einen beherrschen diese Dateisyteme keine verzögerte Blockzuweisung: Jeder Block einer Datei muß physikalisch angeordnet werden sobald der Kernel Platz für den Block im File System Buffer Cache belegt. Wenn also eine große Datei linear geschrieben wird bedeutet das, daß das Dateisystem schon versucht den ersten Block der Datei zu positionieren ohne abzuwarten ob und wie viele weitere Blöcke noch folgen werden.\nXFS hatte schon 1994 eine bessere Strategie: Blöcke werden im File System Buffer Cache auch ohne physikalische Positionsinformation gecached. Dadurch kann etwa ein linearer Write einer ganzen Datei erst einmal im Cache abgelegt werden und erst am Ende, wenn die Datei geschlossen und geflushed wird, muß eine Layoutentscheidung getroffen werden. Diese kennt dann aber schon die Gesamtgröße der Datei und das Dateisystem kann versuchen die Datei am Stück zu schreiben. ext4 kann nun endlich auch solche delayed allocation und reiht sich so neben XFS, ZFS, btrfs und Reiser4 ein.\next2 und ext3 belegten dabei den Platz auf der Platte einzelblockweise (in 4KB großen Blöcken) und haben dabei maximal 8 Blocks in Folge im Voraus belegt. Wenn man also ein Verzeichnis hat, in dem zwei Dateien gleichzeitig offen sind und verlängert werden (etwa: /var/log), dann entstehen so Zonen von jeweils 32 KB großen Dateistummeln, die sich gegenseitig im Weg stehen. Die Dateien sind maximal fragmentiert. ext4 fixt das dann auch in der ext?-Serie von Dateisystemen endlich.\next4 bekommt außerdem ein Feature, das sich \u0026ldquo;persistent preallocation\u0026rdquo; nennt und das es Anwendungen erlaubt, dem Dateisystem schon vorab Hinweise darauf zu geben wie groß Dateien am Ende sein werden wenn die Anwendung mit ihnen fertig sein wird. Die Anwendungen dafür sind vielfältig: Mit ein wenig Management ließe sich so zum Beispiel das Guaranteed Rate I/O von XFS nachprogrammieren und ext4 kennt mit diesem Feature und ein wenig weiterer Magie auch Online-Defragmentierung.\nSchnelleres fsck und Prüfsummen So wie ZFS und InnoDB es vorgemacht haben führt auch ext4 nun endlich Prüfsummen ein: Das Journal und Teile der Inode-Infrastruktur bekommen nun Prüfsummen, mit denen die Integrität der Daten nach einem Crash schneller gecheckt werden kann, sodaß der fsck optimiert werden kann und schneller abläuft wenn er dennoch einmal notwendig werden sollte. Dadurch kann auch der Journal-Commit selbst optimiert werden.\nVon einer durchgehenden Prüfsummen-Infrastruktur wie in ZFS und einer Online-Prüfung von Checksummen ist man in ext4 jedoch noch weit entfernt.\nInode-Basteleien Die Größe einer Inode ist in ext4 gewachsen: 256 Byte Minimumgröße statt bisher 128 Bytes. ext4 macht mit dem zusätzlichen Platz sinnvolle Sachen: Dateien bekommen Timestamps, die in Nanosekunden statt wie bisher in Sekunden rechnen, time_t stirbt und der verbleibende Platz kann verwendet werden um Extentlisten oder erweiterte Dateiattribute inline zu speichern.\nAußerdem kann ext4 Inodes reservieren und dynamisch verwalten. Dadurch werden auch Metadata-Operationen sehr viel schneller und layouten sich besser physikalisch auf der Platte.\nBarrier Writes Schließlich erzeugt auch ext4 nun ohne Journal=Data immer konsistente Datenstrukturen auf der Platte, indem Barrier Writes verwendet werden.\nLive Upgrade ext4 kann ext3-Dateisysteme lesen. Es ist also möglich, ein ext3-Dateisystem als ext4 zu mounten. Die meisten Features, die ein ext4 einem ext3 voraus hat, sind dabei jedoch nicht nutzbar. Auch ein\ntune2fs -O extents,uninit_bg,dir_index /dev/DEV fsck -pf /dev/DEV schaltet diese Features nur für neue Dateien um, baut aber die vorhandenen Dateien und Verzeichnisse nicht auf das neue Format um. Die volle Effizienzsteigerung erlangt man also nur durch ein Umkopieren der Daten auf ein neue angelegtes, leeres ext4-Dateisystem.\nWas fehlt noch? Grub unterstützt ext4 bisher noch nicht (d.h. die Grubs, die das können, haben es noch in keine Distro geschafft).\n(siehe auch: Kernelnewbies: ext4 )\n","date":"2009-01-23T00:00:00Z","href":"https://blog.koehntopp.info/2009/01/23/was-bringt-ext4.html","tags":["filesystems","free software","linux","lang_de"],"title":"Was bringt ext4?"},{"categories":null,"content":"Richtig, wieder sind die Käufer legaler Digitalisate die Gearschten: Wie sich schon bei Musik gezeigt hatte, sind es nur die legaler Käufer DRM-geschützter Medien, die angeschmiert sind, wenn ein Betreiber von Lizenzservern keinen Bock mehr hat. Diesmal erwischt es die Käufer diverser E-Books des E-Book-Distributors Fictionwise in den USA.\nEr stellt Auslieferung teilweise ein heißt es bei Golem:\nKunden des E-Book-Händlers Fictionwise werden ab Ende Januar keinen Zugriff mehr auf DRM-geschützte E-Books haben, die vom Distributor Overdrive geliefert wurden. Overdrive stellt die Server für die E-Books ab…. Fictionwise bemüht sich nach eigener Aussage darum, mit den Verlagen Sondervereinbarungen zu treffen, um die Dateien gegen Äquivalente im Secure-eReader-Format auszutauschen. Auf jeden Fall sollten die Kunden sich Backups der erworbenen E-Books anfertigen, empfiehlt Fictionwise. Insgesamt sollen rund 300.000 E-Books für Fictionwise über Overdrive ausgeliefert worden sein.\nBackups. Guter Plan. Am besten dezentral gelagert?\n","date":"2009-01-09T00:00:00Z","href":"https://blog.koehntopp.info/2009/01/09/fictionwise-overdrive-schaltet-drm-server-ab.html","tags":["media","copyright","lang_de"],"title":"Fictionwise/Overdrive schaltet DRM-Server ab"},{"categories":null,"content":"Früher in SCO Xenix gab es in deren Terminalemulation eine Escape-Sequenz, die eine Hardcopy des Screens auslöste. Ein Programm konnte eine bestimmte Esc-Sequenz an ein Terminal senden und das Terminal hat dann seinen Bildschirminhalt Zeichen für Zeichen an die Anwendung zurückgesendet.\nWenn also ein User auf Xenix eingeloggt war, und er in einer Shell stand, konnte man ihn mit dem Kommando \u0026ldquo;hello\u0026rdquo; oder \u0026ldquo;write\u0026rdquo; anchatten, ihm den Bildschirm löschen und ein Kommando in die linke obere Bildschirmecke drucken, danach dann eine Hardcopy-Sequenz senden. Das Terminal hat dann den Bildschirminhalt, also das Kommando, an die Shell zurück reported. Die Shell hat das Kommando dann ausgeführt.\nDa SCO Xenix nicht Open Source war, mußte man sich mit \u0026ldquo;mesg n\u0026rdquo; vor dem angechattet werden schützen.\nDieser uralte Bug ist nun wiederbelebt worden: Offenbar kann X11s xterm verschiedene Escape-Sequenzen ausführen, die bestimmte Dinge reporten. Etwa den aktuellen Fenstertitel und den Gerätestatus. Alle diese Dinge kann man vorher auf bestimmte Werte - Kommandos - setzen. In dem Heise Artikel wird eine präparierte Datei erwähnt, aber solange \u0026ldquo;mesg y\u0026rdquo; aktiv ist, reicht wirklich ein \u0026ldquo;write\u0026rdquo; an diesen User zu senden (\u0026ldquo;cat escsequence | write username ttyname\u0026rdquo;).\nSchön, daß es das noch gibt. Oder, um es mit Henry Spencer zu sagen, \u0026ldquo;Those who do not understand Unix are doomed to reinvent it. Poorly.\u0026rdquo;\n","date":"2009-01-06T00:00:00Z","href":"https://blog.koehntopp.info/2009/01/06/sco-xenix-386-und-mesg-n.html","tags":["computer","hack","lang_de"],"title":"SCO Xenix 386 und mesg n"},{"categories":null,"content":"Irgendwann war allen klar, daß CVS es nicht mehr bringt und was Besseres her muss. Das hat dazu geführt, daß ich statt einem Versionskontrollsystem in 2000 jetzt in 2009 etwa vier davon parallel verwenden muss. Da wäre einmal das traditionelle \u0026ldquo;besser als CVS, aber sonst alles genauso\u0026rdquo; SVN, und dann eine Reihe von verteilten Versionskontrollsystemen, namentlich git, bzr (\u0026ldquo;Bazar\u0026rdquo;), hg (\u0026ldquo;Mercurial\u0026rdquo;). Neben diesen gibt es dann einen Haufen relativ wenig Gebrauchtes oder experimentelles Zeugs, das sich mangels Community nicht anzusehen lohnt.\nBlickt man auf die Benutzerlandschaft in 2009, wird klar: Git gewinnt. Einmal ist der Perl Source samt History nun nach Git konvertiert, dann zeigt die Gnome-Umfrage einen klaren Vorsprung von Git, der Kernel verwendet sowieso git und bei KDE denkt man auch über Git als verteiltes Versionsverwaltungssystem nach. Auch der X-Server von X.org wird mit Git versioniert.\nSchön, daß hier nun endlich eine Konvergenz absehbar ist (nur mein MySQL-Zeugs muss ich wohl weiter mit bzr pullen).\n","date":"2009-01-05T00:00:00Z","href":"https://blog.koehntopp.info/2009/01/05/git-gewinnt.html","tags":["free software","git","software","lang_de"],"title":"Git \"gewinnt\""},{"categories":null,"content":" *Fabulous Uschebit sends me this package of Cat-5-o-Nine-Tails and cookies for Deborah. Debs is a DBA colleague of mine and works from Cambridge\nMuch more stylish than a blunt clue bat ","date":"2008-12-18T00:00:00Z","href":"https://blog.koehntopp.info/2008/12/18/cat5-o-nine-tails-von-uschebit.html","tags":["berlin","work","lang_de"],"title":"Cat5-o-Nine-Tails von uschebit"},{"categories":null,"content":"Mit DE-Mail will der deutsche Staat zusammen mit dem Unternehmen Telekom sichere und vertrauenswürdige E-Mail implementieren. Dazu gibt es eine öffentliche \u0026ldquo;E-Konsultation\u0026rdquo; auf einem Server von Zebralog e.V. , die am 12. Dezember endet.\nDie dort abgegebenen Kommentare zu lesen ist sehr spannend. Der Tenor ist immer derselbe, ich greife als Repräsentant mal\nEs ist auch jetzt schon möglich, sicher im Internet zu kommunizieren. Und das auch weitestgehend kostenlos mit z.B. OpenPGP oder mit kostenlosen Angeboten von Verisign oder Thawte. Trotzdem fände ich es wichtig und richtig, wenn auch der unbedarfte Internet - Nutzer auf einfache Weise an diese Techniken herangeführt werden würde. Was aber unbedingt vermieden werden müsste, wäre, dass sich staatliche Mitleser per Gesetz einen Zugang hierzu verschaffen.\nheraus. Andere Kommentare verweisen gleich auf §3, Absatz 6 des BSI Gesetzes .\nSo wird aus dem ganzen Projekt dann bald wieder ePost , die 2005 eingestellte , lebenslang gültige E-Mail-Adresse der Deutschen Post - es gibt in der gesamten Konsultation kaum positive oder auch nur relativierende Stimmen.\nUpdate: Die interessieren aber wahrscheinlich eher nicht - jedenfalls wenn man sich der Analyse von Alexander Finger anschließen will, der das ganze Projekt eher als eine Initiative zum Streicheln der armen Telekom interpretiert und das auch begründen kann.\nDie weitaus meisten Kommentare gehen in dieselbe Richtung:\nWieso sollten die Nutzer gerade in den Punkten IT-Sicherheit und Datenschutz ausgerechnet dem Bundesinnenministerium (heimliche Online Durchsuchung) und der Telekom (Bespitzelungsaffäre, Kundendatenverlust) vertrauen.\nund\nEs gibt heute schon signierte E-Mails und auch verschlüsselte E-Mails. Warum wird dies nicht flächendeckend eingesetzt? Ich habe das so verstanden, das weiterhin Pop3 und SMTP-Protokolle verwendet werden soll. Basierend auf dieser Aussage macht es doch keinen Sinn, wieder etwas Neues zu erschaffen, was es eigentlich schon gibt. Vereinfachen Sie einfach die Zertifikatserstellung und eventuell eine zentrale Zertifikatsverwaltung in der Hand oder Kontrolle einer Regierungsbehörde und sie haben Ihren sicheren E-Mails. Viel kostengünstiger und genauso sicher.\nund\nEine verbindliche Kommunikation haben wir bereits eingeführt (PGP). Das staatliche Angebot kommt zu spät, auch ist es uns nicht sicher genug. PGP ist generell sehr populär und allgemein wird eine Schulung von vorhandener Software gegenüber DE-Mail favorisiert: Soweit ich das sehe, gehen Ihre Vorstellungen klar an der Realität vorbei.\nund\nWer sichere E-Mail verschicken will, nimmt seit 10 Jahren PGP und fertig. Die Integration in gängige E-Mail-Programme wie Thunderbird ist vorbildlich; einzig das Wissen um die Bedienung ist noch verbesserungsfähig. Hier wäre ein Schulprojekt aber hundertmal besser als eine \u0026lsquo;Zertifizieren\u0026rsquo;, bei der man als Bürger ohnehin nicht weiß, was da eigentlich bewertet wird. Ihr Ansatz sieht mir sehr nach Aktionismus aus und liefert die falsche Antwort auf ein nicht existierendes Problem.\nWie man beim Durchlesen der Kommentare schnell bemerkt, sind die Eckpunkte um überhaupt eine Akzeptanz für das Projekt schaffen zu können:\nVollständige Transparenz der verwendeten Software und Prozesse, das schließt insbesondere die Verwendung von Open-Source-Software mit ein, die wiederholt gefordert wird. Vollständige Kontrolle des Endanwenders über die Generierung und Speicherung der verwendeten privaten Schlüssel, um Key Escrow und Backdoors auszuschließen. Verwendung von Anbietern und Behörden die nicht wie das Innenministerium und das BSI in einem Interessenkonflikt stehen und nicht wie die Telekom durch Abhörskandale und Kundendatenverlust in ihrer Vertrauenswürdigkeit kompromittiert sind. ","date":"2008-11-24T00:00:00Z","href":"https://blog.koehntopp.info/2008/11/24/de-mail.html","tags":["demail","politik","security","lang_de"],"title":"DE-Mail"},{"categories":null,"content":"Dies ist quasi der 2. Teil zum MySQL-Sun-Dilemma :\nIn diesem Kommentar bei El Reg sehen wir dasselbe Problem in einigen Jahren auf Intel zu kommen. Der Kommentator sieht wie ich, daß vorhandene Software in der Regel nur einen Core busy hält, oder einen Core pro Verbindung belegen kann, wenn wir über Serversoftware reden.\nEin dicker Multicore-Rechner macht vorhandene Software also nicht schneller. Er sorgt nur dafür, daß die Maschine bei mehr Last (mehr Verbindungen) nicht langsamer wird, so denn der Rest der Infrastruktur, also etwa Platten, Netz und Speicherbus, mithalten können.\nFür den Kommentator besteht die Lösung des Dilemmas (viele Cores, aber Software ist nicht parallel genug) in mehr und besseren Hypervisors, mit denen man bisher getrennt laufende Maschinen auf einem Multicore-Rechner durch Virtualisierung zusammenziehen kann.\nDoch das ist nur eine Interims-Lösung mit der man immerhin ein wenig Nutzen aus solchen Maschinen ziehen kann, während sich grundsätzlich an dem Problem nichts ändert: Wir haben Software, die für schnellere CPUs optimiert ist, aber wir brauchen Software, die für breitere CPUs optimiert ist.\nDoch in der aktuellen Programmierinfrastruktur fehlt es uns an allem. Programmierer sind zurzeit nicht gewohnt, Arbeit auf viele Kontrollflüsse aufzuteilen, und wenn sie es tun, tun sie es oftmals auf die falsche Weise. Wir haben kaum Werkzeuge, die solche Aufteilung erleichtern, und es fehlt an Methoden des Debuggings für solche Systeme. Probleme in solchen Systemen entstehen oft durch Wartezeiten und sich zuziehende Locks, aber wir haben nur unzureichende Methoden, solche Probleme zu messen, zu visualisieren und zu analysieren. Und zu guter Letzt ist die aktuelle Generation von Entwicklern nicht gut ausgebildet, um in solchen Umfeldern effektiv tätig zu werden.\nWenn man sich eine typische Webanwendung heute ansieht, dann stellt man fest, daß sie kaum in der Lage ist mehr als eine CPU zur Zeit beschäftigt zu halten. In einem System mit zwei Ebenen hat man Web-Frontends, die Anfragen entgegennehmen und Code im Webserver oder als Coprozess zum Webserver ausführen. Der Browser des Anwenders ist in dieser Zeit meistens Idle, der Kontrollfluss ist also über das Netz zum Server übergegangen und der Browser wartet.\nDie Webanwendung wird zur Generierung der Webseite nun meistens einen externen Cache wie einen memcached oder einen externen Datenbankserver befragen. Auch hier erfolgt die Anfrage in der Regel synchron und 1:1, sodaß die Webanwendung wartet während die CPU des memcached oder des Datenbankservers tätig wird. Wieder ist nur eine CPU zur Zeit mit der Bearbeitung der Anfrage beschäftigt, während der Browser und die Webanwendung warten.\nNatürlich hilft Multitasking hier ein wenig: Während der Browser wartet kann der Desktop des Anwenders andere Anwendungen abarbeiten und während das Webfrontend auf die Antwort der Datenbank wartet können andere Requests abgearbeitet werden. Letztendlich ist es aber nicht möglich, die Abarbeitung einer einzelnen Anfrage dadurch zu beschleunigen, daß man Systeme mit mehr Cores einsetzt.\nDas Problem besteht, wie sich schon andeutet, in der zu engen Kopplung und zu engen Synchronisation der Programmschritte, die notwendig sind, um eine Aufgabe abzuarbeiten. Wir schreiben unsere Programme als lineare Abfolge von Einzelschritten, aber wir müssen lernen, unsere Algorithmen wie in der Netzplantechnik zu notieren: Als Einheiten sinnvoller Größe, die als Block notiert werden und bei dem zu jedem Block die Vor- und Nachbedingungen, also die notwendigen Synchronisationen mit anderen Schritten notiert werden.\nDiese Blöcke könnten dann von einem Scheduler unter Berücksichtigung der vorhandenen Hardware und unter Berücksichtigung der externen Parallelität durch konkurrente Anfragen breiter oder schmaler scheduled werden: Auf einem System mit 2 Cores ist es nicht sehr sinnvoll, mehr als z.B. 4 Blöcke parallel abzuarbeiten, auf einem System mit 256 Cores kann man aber unter Umständen eine Parallelität von z.B. 512 schedulen (Meiner Erfahrung nach ist es sinnvoll, die Anzahl der vorhandenen Cores um ca. den Faktor 2 zu überbuchen, damit auch bei I/O-Wait noch genug CPU-Verbrauch auftritt).\nAuf einem System, auf dem man alleine ist, kann der Scheduler eine einzelne Anfrage auf die volle Breite der Hardware breit ziehen (also 4 oder 512 aus den Beispielen oben). Auf einem System, auf dem jedoch n konkurrente Requests unterschiedlicher Anwender eingehen sollte man jedem Anwender 1/n-tel der vorhandenen Kapazität zuteilen und die einzelnen Requests nicht auf das ganze System breit ziehen.\nUnd schließlich ergibt sich aus den Abhängigkeiten des Netzplanes und Ausführungszeiten im System eine maximale Breite, die sich daraus ergibt, wie sich die Abhängigkeiten der Blöcke untereinander verzahnen, und die einschränkt wie viele Cores denn das System für diesen Code beschäftigt halten kann. Es ist Aufgabe des Entwicklers, die Problemlösung so zu formulieren, daß die Abhängigkeiten hier eine maximale Parallelisierung erlauben.\nAn keiner Stelle hier setze ich eine bestimmte Ausfürungsstruktur voraus - ein solches System läßt sich mit Threads innerhalb eines Prozesses aufsetzen oder mit Prozessen, die über einen IPC-Mechanismus miteinander kommunizieren. Der Unterschied ist im Grunde, daß die Kommunikation von Threads innerhalb eines Prozesses wahrscheinlich weniger Latenz hat als die Kommunikation von Prozessen über IPC oder gar von Prozessen über ein Netzwerk. Auf der anderen Seite ist ein Multithread-System auf eine einzige Schachtel eingeschränkt, während ein System von Prozessen mit Netzwerk-Kommunikation nicht mit auf einer Schachtel mit 256 Threads laufen könnte, sondern auch auf 32 Schachteln mit je 8 Threads und einem schnellen Netz dazwischen.\nTechnisch möglich sein sollte beides. Es ist also wünschenswert, daß wir unseren Code so notieren können, daß man dort die konkrete Implementierung von Ausführung und Kommunikation der einzelnen Kontrollflüsse nicht auf einen bestimmten Mechanismus festlegt: Ich will einmal Code schreiben, und der sollte dann auf einer 5440 als ein Prozess mit LWPs scheduled werden können oder auf einem Netz von 16 16-Core Maschinen mit irgendeinem Low Latency Interconnect. Idealerweise ohne daß ich den Source noch mal irgendwo durch filtrieren muß um das alles zur Ausführung zu bringen.\nEin solches Toolkit sollte Werkzeuge zur Visualisierung mitbringen: Ich will meinen Code und meine Threads als eine Serie von Blasen in einem Netzplan sehen können, und die Abhängigkeiten zwischen den einzelnen Abschnitten erkennen können.\nUnd ich will das alles sinnvoll messen und simulieren können: Bei einen angenommenen externen n von 200 und der vorhandenen Codestruktur mit einer internen Parallelität von 4 im kritischen Abschnitt, werden sich meine Locks zuziehen oder kann ich das realistischerweise annehmen, daß der Mist auch unter dieser Last sinnvoll skaliert? Wenn nein, wo und warum wird es explodieren?\nDas alles gibt es derzeit so nicht. Oder wenn es das gibt, ist es nicht gut integriert und nicht sehr bekannt. Und bevor dieses Problem nicht gelöst ist und wir der aktuellen Generation von Programmierern beigebracht haben, damit routinemäßig zu arbeiten werden wir das Multicore-Problem nicht gelöst haben.\nDarum, liebe mitlesende Sun-Gemeinde, könnt Ihr Euch auch gerne super engineerte proprietäre Lösungen auf den Leib schneidern: Bevor das nicht Allgemeingut ist, also als Open Source Lösung auf dem Level \u0026ldquo;PHP\u0026rdquo; überall verfügbar ist und 15-jährige Schulkinder so was in ihrem Webhostingpaketen verwenden, so lange werdet Ihr nicht genug Software in der Welt finden, um Eure Mehrkernkisten unter Dampf zu setzen. Denn wir brauchen Breite nicht nur im Code, um mit diesen Maschinen fertig zu werden, sondern wir brauchen Breite auch in der Entwicklung. Und der Laden, der diese Breite in der Entwicklung 0wned, dem gehört die Ideenwelt der nächsten Generation Entwickler.\n","date":"2008-11-20T00:00:00Z","href":"https://blog.koehntopp.info/2008/11/20/skalierung-in-die-breite.html","tags":["computer","distributed computing","free software","lang_de"],"title":"Skalierung in die Breite"},{"categories":null,"content":"Sun hat eine Box , die hat 4 CPU-Chips drin, jeder Chip hat 8 Cores und jeder Core hat 8 Threads, die in etwa das sind, was man anderswo als Core abrechnet, minus 7/8 FPU. Das macht effektiv eine Kiste in mit 256 Cores.\nJeder Core Thread selbst ist im Vergleich zu Intel-Hardware jedoch recht langsam, er bringt etwa ein Drittel bis ein Fünftel der Leistung eines Intel-Cores, außer in Benchmarks, wo die Dinger viel schicker poliert werden. Dennoch ist das wegen der großen Anzahl der Threads eine ganze Menge Bums in einer kleinen Box ohne viel Stromverbrauch.\nSun hat nun auch eine recht populäre Open Source Datenbank von der Sun es gerne hätte, wenn die auf so einem Eisen gut aussähe. Leider tut diese Software aufgrund ihrer internen Struktur derzeit nicht so gut auf mehr als ca. 12 Cores Threads. In diesem Benchmark von Sun wird die verzweifelte derzeitige Situation recht schön deutlich: Man startet bis zu 32 Instanzen von MySQL auf derselben Kiste, nutzt also 8 Cores Threads pro mysqld - die einzelnen mysqld haben aber nichts gemeinsam und könnten genauso gut auch auf anderen Kisten laufen.\nMan kann sich leicht ausrechnen, daß das derzeit für Sun keine sehr befriedigende Situation ist. Sicherlich ist man intern gerade intensiv dabei, das zu ändern. Bis dahin jedoch ist eine 256-Core-Box für ein normales MySQL-Setup eher nicht so schick.\n","date":"2008-11-17T00:00:00Z","href":"https://blog.koehntopp.info/2008/11/17/das-mysql-sun-dilemma.html","tags":["architektur","mysql","lang_de"],"title":"Das MySQL-Sun-Dilemma"},{"categories":null,"content":"Drüben bei Securosis gibt es schon seit einiger Zeit einen feinen Artikel zum Thema \u0026ldquo;Wann soll ich Daten verschlüsseln?\u0026rdquo; Die drei Regeln dort sind die sinnvollste Zusammenfassung zu diesem Thema, die ich seit langer Zeit gesehen habe.\nTransportverschlüsselung ist nicht nur okay, sondern ein Muss. Bei Transportverschlüsselung werden Daten verschlüsselt, die bewegt werden. Es existiert aber zu jedem Zeitpunkt eine Klartextkopie der Daten. Transportverschlüsselung hat man bei SMTP mit TLS, bei HTTPS und mit Einschränkung bezüglich der Klartextkopie auch bei Backups oder bei Laptops. Um Trennung von Rollen zu erzwingen, wenn Access Control Lists das nicht erreichen können. Das heißt in der Regel, wenn man sich gegen die eigenen Administratoren schützen will, denn in allen anderen Fällen greifen ACLs ja. Wenn jemand es vorschreibt (\u0026ldquo;verordnete Verschlüsselung\u0026rdquo;), es also durch einen Vertrag oder eine Übereinkunft erzwungen wird. Warum will man sonst nicht verschlüsseln?\nWeil Verschlüsselung das Leben sonst nur härter macht, ohne einen Sicherheitsmehrwert zu bieten. Insbesondere Speicherverschlüsselung ist mehr Teil des Problems als Teil der Lösung. Speicherverschlüsselung ist jede persistente Verschlüsselung, bei der keine Klartextkopie der Daten verbleibt. Typische Speicherverschlüsselung wäre also die Plattenverschlüsselung, wie sie mit LUKS erreicht wird, oder eine Verschlüsselung auf Dateiebene, wie sie in NTFS eingebaut ist.\nBeide Systeme erlauben es immerhin schon, daß eine administrative Instanz einen Key Recovery Prozess aufsetzt, mit der diese administrative Instanz immer wieder an die Daten herankann, ohne daß eine Kooperation des Medienbesitzers notwendig ist. Was hier so kompliziert klingt bedeutet nur, daß etwa mein Arbeitgeber meine Laptop-Festplatte oder meinen Mailstore auch dann entschlüsseln kann, wenn ich das dazu notwendige Passwort nicht nennen will oder kann. Ohne einen solchen Key Recovery Prozess kann man als Firma alle verschlüsselten Daten ansonsten gleich als Totalverlust abschreiben, denn die Möglichkeit, daß ich mit dem geheimen Passwort für die Geschäftspläne für die nächsten 5 Jahre gegen einen Baum fahre oder zur Konkurrenz überlaufe besteht ja immer.\nAber auch außerhalb von Desaster Recovery Szenarien macht Speicherverschlüsselung eine Menge Ärger.\nDas typische Szenario sind etwa Urlaubsvertretungen beim Empfang von speicherverschlüsselter Email. Die Mails sind also verschlüsselt im Mailstore abgespeichert. Wenn beim Zugriff auf die Mails der Zugriff nur durch eine bestimmte Software (\u0026ldquo;Outlook\u0026rdquo;) möglich ist, ist Verschlüsselung nicht notwendig, weil das Rechtesystem der Software das regelt. Wenn der Zugriff durch mehr als eine Software möglich ist (\u0026ldquo;cd ~user/Maildir; cp * \u0026hellip;\u0026rdquo;), muss man der Urlaubsvertretung Zugriff auf einen Schlüssel geben, der ihr die Wahrnehmung der Rolle (\u0026ldquo;Zugriff auf die dienstlichen Mails\u0026rdquo;) erlaubt, aber nicht die Wahrnehmung der Identität (\u0026ldquo;Zugriff auf die privaten Mails der vertretenen Person\u0026rdquo;). Und am Ende der Vertretung muss man den dienstlichen Schlüssel sicher wieder entziehen.\nAndererseits ist die Schutzwirkung von Verschlüsselung gegen Zugriffe auf das aktive System eher schwach. Der Schutz gegen \u0026ldquo;Hacker\u0026rdquo; ist jedenfalls bei allen diesen Systemen leicht zu unterlaufen: Aus Geschwindigkeitsgründen müssen alle diese Systeme mit symmetrischer Verschlüsselung arbeiten. Dabei wird entweder ein Key pro Dateisystem (\u0026ldquo;Festplattenverschlüsselung\u0026rdquo;) oder ein Key pro Datei (\u0026ldquo;Dateiverschlüsselung\u0026rdquo;) verwendet. Der entsprechende Key muss an irgendeiner Stelle im Speicher stehen, wenn das betreffende Dateisystem gemounted bzw die entsprechende Datei geöffnet ist. Ein \u0026ldquo;Hacker\u0026rdquo;, also ein Angreifer, der Systemrechte hat, kann diesen Key leicht im Speicher suchen und dann verwenden, um die Daten zu entschlüsseln oder gleich die entschlüsselten Blöcke aus dem Cache fischen (oder einen legitimierten Prozess so verändern, daß er die gewünschten Daten ausliest und entschlüsselt).\nDie Zusammenfassung für Speicherverschlüsselung ist jedenfalls: Wenn man den Integritätsmechanismen des Systems vertrauen kann, dann reicht es aus, ACLs zu verwenden, solange man nicht gegen Admins verteidigen muss. Das ist dann auch besser managebar. Wenn man davon ausgeht, daß die Integritätsmechanismen des Systems kompromittiert sind, dann bietet Verschlüsselung keinen zusätzlichen Schutz.\nTransportverschlüsselung und Verschlüsselung von \u0026ldquo;transportierten Medien\u0026rdquo; wie Backups und Laptops sind eine andere Sache und muss viel aggressiver angegangen werden. Dabei darf man Key Recovery jedoch nicht aus dem Blick verlieren.\n","date":"2008-11-17T00:00:00Z","href":"https://blog.koehntopp.info/2008/11/17/wann-soll-ich-verschluesseln.html","tags":["kryptographie","security","lang_de"],"title":"Wann soll ich verschlüsseln?"},{"categories":null,"content":"Axel hat Ärger mit Blacklists:\nI\u0026rsquo;ve had this problem in the past, when the company I was working for was justifiably listed on an RBL. And I had it again, now - only this time I am reasonably sure that the system is a) configured tightly enough not to be usable as an open relay and b) not being used for sending out marketing or other possibly spam-alike emails.\nSolche IP-Blacklists sind in der Theorie eine gute Idee: Betreiber von Systemen, die als Quellen von Spam oder als Spamrelays dienen können, sollen dort gelistet werden. Benutzer der Blacklist können bei eingehenden Mails erkennen, ob sie von einer IP-Adresse eingeliefert wird, die in so eine Blacklist steht und die Mail dann schon vor dem Spamfilter ablehnen.\nIn der Praxis sieht es dann so aus:\nDie Kriterien, nach denen ein Eintrag in der Liste durch den Betreiber der Blacklist erfolgt, sind nicht offengelegt oder werden nicht korrekt eingehalten. In der Vergangenheit hat es Fälle gegeben, in denen Betreiber IP-Adressen gelistet haben, nicht weil von dort Spam ausgegangen ist, sondern weil auf diesen Adressen Propaganda gegen den Blacklist-Betreiber zu lesen war, oder weil der Inhaber der IP-Adresse Probes von Blacklist-Betreibern nicht zugelassen hat. Eine Benachrichtigung des Inhabers der IP-Adresse über die Eintragung erfolgt nicht. Stattdessen bemerkt man den Eintrag dadurch, daß Mail an Nutzer der Blacklist spontan nicht mehr funktioniert. Eine Kontaktaufnahme mit dem Betreiber der Blacklist ist oftmals nicht möglich oder wird sehr erschwert. Der Blacklist-Betreiber betreibt seine Liste als Bulk-Geschäft, er vermeidet aktiv Kommunikation mit den Leuten, deren Adressen er listet. Einen Schutz gegen falsche Listung oder eine Aufhebung der Listung ist teilweise Glückssache, in einigen Fällen wurde auch schon Geld dafür verlangt. Für denjenigen, der Mail empfängt, kommen noch weitere Probleme dazu. Der Empfänger glaubt sein System dadurch zu entlasten oder vor Spam zu schützen, indem er eine IP-Blacklist vorschaltet. In Wahrheit gibt er die Kontrolle darüber ab, wer ihm Mail senden darf. Und zwar an Dritte, die wie oben gezeigt, IPs nach einem nicht transparent gemachten Schema listen oder wieder freischalten.\nAndererseits hängen zum Teil geschäftskritische Prozesse an der Verfügbarkeit des Mailsystems. Der Eingang von Bestellungen, das Absenden von Bestellbestätigungen und anderen Kundenbenachrichtigungen und andere Korrespondenz gehen über dieses System.\nWer in so einer Situation eine Blacklist verwendet, riskiert im Grunde sein Geschäft. Wenn es noch dazu eine Blacklist ist, die in einem anderen Rechtssystem auf einem anderen Kontinent nach intransparenten und teilweise fragwürdigen Regeln gepflegt wird und deren Betreiber sich systematisch schwer erreichbar machen, dann liegt das irgendwo zwischen Leichtsinn und Sabotage.\nWenn mich jemand nach IP Blacklists fragt, dann sage ich in der Regel: \u0026ldquo;Wer eine IP-Blacklist außer Haus gibt, der gibt die Kontrolle über sein Mailsystem außer Haus. Im Grunde wäre er besser beraten seinen Mailer abzuschalten. Dann hat man wenigstens einen definierten Fehlerzustand.\u0026rdquo;\nDie nächste Frage ist dann meistens: \u0026ldquo;Du willst doch nicht sagen, daß z.B. web.de ohne Blacklist auskäme?\u0026rdquo;\nDie Antwort darauf ist: \u0026ldquo;Doch, web.de verwendet eine Blacklist. Diese wird aber im Haus erstellt und gepflegt. Dazu gibt es klare Richtlinien. web.de ist außerdem erreichbar, und garantiert eine Bearbeitung einer Beschwerde binnen 24 Werktags-Stunden. Und man kann etwa einen Newsletter oder eine Rundmail bei web.de anmelden, um zu verhindern, daß legitime Massenmail mit Spam gleichgesetzt wird. Voraussetzung dazu ist eine feste Absender-IP und die Nennung eines Abuse-Ansprechpartners.\u0026rdquo;\nUnd genau das macht den Unterschied zwischen einer Wildwest-Blacklist aus, wie die über die Axel sich beklagt und einem sinnvoll betriebenen Selbstschutz.\n","date":"2008-11-09T00:00:00Z","href":"https://blog.koehntopp.info/2008/11/09/spam-und-ip-blacklisten.html","tags":["mail","spam","lang_de"],"title":"Spam und IP-Blacklisten"},{"categories":null,"content":" Ich hatte es ja schon mal angesprochen:\nIP-Nummern sind wichtig für Ermittler. Dabei galten in der Anfangszeit zwei Annahmen:\nEine Internet-Adresse kann einem Benutzer zugeordnet werden, jedenfalls wenn es sich um einen DSL-Hausanschluß handelt und die ermittelte oder angezeigte Adresse hat etwas zu bedeuten. Die erste Annahme ist im Kern schon aufgeweicht. Nicht nur die NAT-Adressen von Ausgangsroutern von Firmen und Universitäten können mehr als einen Benutzer repräsentieren, sondern hinter den IP-Nummern von DSL-Anschlüssen können sich mehrere Rechner eines Haushaltes verbergen, oder gar via offene oder geknackte WLANs eine unbekannte Anzahl unbekannter Benutzer.\nAuch die zweite Annahme fällt mehr und mehr: Selbst wenn ein Rechner als Tatausgangsrechner ermittelt wird, kann es sein, daß der Betreiber dieses Rechners diese Tat nicht veranlaßt hat, etwa wenn der Rechner infiziert wurde und als Bestanteil eines Botnetzes fremdgesteuert wird.\nInzwischen ist die Situation wohl noch komplizierter. Die BBC berichtet von einem älteren schottischen Ehepaar, das angeblich ein Spiel der Firma Atari im Filesharing angeboten hat - nur daß die Beklagten nichts von Filesharing, P2P oder Computerspielen wußten.\nDas ist wohl zunehmend der Fall:\nAccording to Michael Coyle, an intellectual property solicitor with law firm Lawdit, more and more people are being wrongly identified as file-sharers.He is pursuing 70 cases of people who claim to be wrongly accused of piracy and has spoken to \u0026ldquo;hundreds\u0026rdquo; of others, he told the BBC. \u0026ldquo;Some of them are senior citizens who don\u0026rsquo;t know what a game is, let alone the software that allows them to be shared,\u0026rdquo; he said.\nWie kommt es dazu und zu der zunehmenden Anzahl von Fällen?\n\u0026ldquo;The IP address alone doesn\u0026rsquo;t tell you anything. Piracy is only established beyond doubt if the hard-drive is examined,\u0026rdquo; said Mr Coyle. Firms that facilitate file sharing, such as Pirate Bay, have been undermining efforts by anti-piracy investigators to track down file sharers. Pirate Bay makes no secret of the fact that it inserts the random IP addresses of users, some of who may not even know what file sharing is, to the list of people downloading files, leading investigators up a virtual garden path.\nDieses Szenario ist der Albtraum der privaten und öffentlichen Ermittler, weil es die Zuordnung von Aktivitäten im Netz zu Personen schwierig bis unmöglich macht.\nIm Grobkonzept 2.0 zum elektronischen Personausweis heißt es dann auch ganz klar:\nkünftiges Szenario: Die Identität des Inhabers eines Benutzerkontos wird bei der Einrichtung und bei jeder Anmeldung gegenüber dem Internetservice sicher nachgewiesen. Internetservices, die nur eine sichere Wiedererkennung des Nutzers fordern, nutzen den pseudonymen Nachweis der Identität ohne Personendaten. Durch die Vergabe von Berechtigungszertifikaten erfolgt der Zugriff auf ePA-Daten zweckbezogen und datensparsam. Zusätzlich kann der Ausweisinhaber das Auslesen erfragter Personendaten verweigern. Der Personalausweis mit PIN eröffnet die Möglichkeit, ein sicheres „Single-Sign-On“ für Internetservices einzusetzen. Auf Basis lokaler Identitätsverwaltungsprogramme oder durch eID-Provider kann der Zugang zu Internetservices oder Netzwerkressourcen automatisiert werden. Der Daten- und Verbraucherschutz und die Sicherheit im Internet werden nachhaltig unterstützt.\nund in einem anderen Beispiel\nkünftiges Szenario: Mit dem ePA wird die Identität von Händlern bzw. privaten Käufern oder Verkäufern über das Internet nachgewiesen. Das Berechtigungszertifikat des Händlers bzw. der elektronischen Personalausweise privater Verkäufer und Käufer begründen ein größeres Vertrauensverhältnis zum Zeitpunkt der Online-Bestellung oder Gebotsabgabe. Der Verbraucherschutz im Online-Handel ist gestärkt. Der Identitätsbetrug bei Auktionen und Bestellungen wird erheblich erschwert. Bei Auktionen sind Bietermaschinen oder Angebote der Verkäufer ausgeschlossen.\nDies sind natürlich nur Einzelbeispiele - idealerweise im Sinne der Ermittler meldet sich jeder Benutzer mit seinem Personalausweis \u0026ldquo;am Internet\u0026rdquo; an. Das ordnet seine Aktivitäten im Vorratsdatenspeicherungs-Logbuch zweifelsfrei seiner Identität zu, sodaß auch im Nachhinein für jede Aktivität eine Person als Verantwortlicher ermittelt werden kann. Außerdem aktiviert es den für den Anschlußinhaber passenden Zugriffsfilter - dadurch sind allen Deutschen nach deutschem Recht illegale Inhalte nicht mehr zugänglich und für Kinder und Jugendliche wird zusätzlich der für die Altersstufe passende Filter dazugeschaltet. Dadurch ist dann endlich auch der Jugendschutz sichergestellt und unsere Kinder sind vor allem Bösen auf der Welt geschützt.\nJuhu!\n","date":"2008-11-08T00:00:00Z","href":"https://blog.koehntopp.info/2008/11/08/ip-nummern-und-elektronische-personalausweise.html","tags":["identity","politik","security","lang_de"],"title":"IP-Nummern und elektronische Personalausweise"},{"categories":null,"content":" P\u0026gt; Generalbundesanwältin fordert Vertrauen in Ermittlungsmassnahmen K\u0026gt; \u0026gt; MUHAHAHAHA Gerade die. annalist, \u0026rsquo;nuff said.\nR\u0026gt; Es ist doch ganzeinfach: Wenn sie das gar nicht wollen, warum brauchen sie dann das Gesetz? Und wenn sie das Gesetz brauchen, warum ist es so schwammig formuliert? Und nachdem ich die Statistik des BKAs gesehen habe wofür die DNA-Datenbank hauptsächlich benutzt wird, warum sollte ich da der Exekutive vertrauen?\nP\u0026gt; \u0026ldquo;Bundesbürger seien von den Maßnahmen nicht betroffen\u0026rdquo;\nR\u0026gt; Prima, dann brauchen wir das Gesetz ja auch nicht.\nHatten wir diese Töne nicht schon einmal? Siehe Vertrauensvorschuß Im Heise Forum erinnert man sich\nan Generalverdächtigte fordern mehr Vertrauen in das Grundgesetz! , an Die grausamsten Verbrechen auf deutschem Boden gingen immer vom Staat aus , an Gestern Bericht zu SEK-Einsatz bei Kunden eines Versandhändlers:3 Monate U-Haft und Monika \u0026ldquo;Antiterrorgesetze gegen Demonstranten\u0026rdquo; Harms fordert mehr Vertrauen? . Wikipedia weiß: Monika Harms .\nUpdate: Hadmut Danisch Sicht auf diese Dinge.\n","date":"2008-10-30T00:00:00Z","href":"https://blog.koehntopp.info/2008/10/30/mehr-vertrauen.html","tags":["politik","security","terror","überwachung","lang_de"],"title":"Mehr Vertrauen..."},{"categories":null,"content":" Es gibt zwei Arten von Narren. Der eine sagt: \u0026lsquo;Dies ist alt und deshalb gut.\u0026rsquo; Und der andere sagt: \u0026lsquo;Dies ist neu und deshalb besser.\u0026rsquo;\u0026quot;\n\u0026ndash; Der Schockwellenreiter\nIch sitze hier in meinem Zimmer und sehe die Rosinenbomber, Ju52 und Sportflieger im 90 Sekundentakt an meinem Fenster vorbeiziehen, der Sonne entgegen. :) Der Flughafen Tempelhof, der älteste Flughafen der Welt, liegt in seinen letzten Zügen und jeder will dort schnell noch einmal gelandet und wieder gestartet sein, um nachher sagen zu können \u0026ldquo;Ich war dabei.\u0026rdquo;\nDer Spaß kostete, wenn man ihn nicht geschlossen hätte, ca. 15 Millionen Euro pro Jahr, denn so viel Verlust macht der Laden derzeit in etwa. Geld, das Berlin nicht hat, weil es seinen Länderanteil am Banken Bailout des Bundes bezahlen muss. Ab morgen dann Ruhe, nur die Führungen durch das denkmalgeschützte Gebäude werden weiter gehen: Der letzte Linienflug ist Cirrus Air um 21:50 nach Mannheim. Bestimmt ausgebucht, ebenso wie die beiden Rundflüge um 5 vor 12 danach - während die Schliessungsgegner vor der Tür schon mal für Tegel üben.\n\u0026ldquo;Zentralflughafen\u0026rdquo; - schon lange nicht mehr. Die meisten kommen nur zum Gucken.\nDrinnen: Das Gebäude ist für das, was noch drin passiert, viel zu groß.\nAb morgen findet kein Flugbetrieb mehr statt - auch keine Sonder- und Rundflüge mehr.\nDer Flughafen wird dann weitgehend verlassen und leer sein.\nWas in Zukunft passieren wird ist unklar.\n","date":"2008-10-30T00:00:00Z","href":"https://blog.koehntopp.info/2008/10/30/tempelhof.html","tags":["berlin","reisen","lang_de"],"title":"Tempelhof"},{"categories":null,"content":"\u0026ldquo;Ich schütze Grundrechte, ich gefährde sie nicht \u0026rdquo;\n\u0026ldquo;Ich halte wenig von der Aufnahme von immer mehr Dingen ins Grundgesetz. Das weckt Erwartungen, die nicht erfüllt werden könnten.\u0026rdquo;\n\u0026ldquo;Den Rechtsstaat macht aus, dass Unschuldige wieder frei kommen.\u0026rdquo;\n\u0026ndash; Interview mit Wolfgang Schäuble\n","date":"2008-10-14T00:00:00Z","href":"https://blog.koehntopp.info/2008/10/14/schaeuble.html","tags":["politik","lang_de"],"title":"Schäuble"},{"categories":null,"content":" drsrm 2008 in Hannover geht nun zu Ende. Ich war von Freitag Mittag bis Sonntag Mittag da. Gespielt habe ich Shadowrun \u0026ldquo;über 30\u0026rdquo; nach Primetime Adventures-Regeln als Producer (\u0026ldquo;Spielleiter\u0026rdquo;), das Buffy/Angel-Rollenspiel mit einem Setting in Berlin und Universalis \u0026ldquo;Future Fantasy\u0026rdquo;. Aber der Reihe nach.\nNachdem ich PtA schon auf dem drsrm-Con 2005 faszinierend fand habe ich diesmal ein \u0026ldquo;Ü30 Shadowrun\u0026rdquo; nach PtA-Regeln angeboten.\nDas Genre habe ich gewählt, weil PtA bestimmte Schwächen beim Spielstart hat: PtA simuliert das Geschichtenerzählen nach der Art aktueller Fernsehserien. Das bedeutet, daß die Entwicklung von Figuren, ihre persönlichen Krisen und ihre Entwicklung interessant sind: Wie sind sie dahin gekommen wo sie jetzt sind, was sind die Probleme, die sie haben und wie entwickeln sie sich weiter. Typische Fernsehserien für dieses Format sind Smallville, Desperate Housewives oder Lost.\nPlot spielt in PtA nur eine untergeordnete Rolle. Es ist Fluff, Hintergrund vor dem die Charactere agieren oder Auslöser für eine Krise, aber nie die Ursache für eine solche. Spielern, insbesondere PtA-unerfahrenen Spielern, ist dies mitunter schwer zu vermitteln und so kommt es am Start einer neuen PtA-Runde oft zu recht langen Verhandlungen darüber, was man spielen wolle und was genau dort passieren soll. Erst im Laufe einer Session zeigt sich dann, daß das mehr oder weniger irrelevant ist.\nDurch die Vorgabe von \u0026ldquo;Shadowrun\u0026rdquo; und \u0026ldquo;über 30\u0026rdquo; (\u0026ldquo;für Erwachsene, Variante dreckig und gemein\u0026rdquo;) wollte ich das abkürzen: Einmal ist das Universum dem erwarteten Con-Publikum wohlbekannt und zum anderen stehen so die Genrekonventionen und Erwartungen schon fest.\nDie unausweichliche Startdiskussion stellte also zwei bis drei mögliche Szenarien ins den Raum:\nWir können eine stinknormale Runnergruppe spielen, die in irgend etwas hineingezogen wird. Personen können die üblichen Runner sein. Vielleicht ein Journalist, der sich für das Leben auf der Straße interessiert. Vielleicht auch Figuren aus einem Konzern, mit denen wir die andere Seite beleuchten können. Wir können ein Medienteam spielen, das eine Dokumentation \u0026ldquo;Echo Mirage - 25 Jahre danach\u0026rdquo; drehen möchte und bei seinen Nachforschungen von allen möglichen Seiten Behinderungen und Druck ausgesetzt ist, bis es endlich aufdecken kann, was damals wirklich geschehen ist. Wir haben uns dann für das simplere erste Szenario entschieden und für eine Spielführung, die sich nicht sehr eng an dem offiziellen Shadowrun-Universum orientiert, sondern mehr an den dramatischen Erfordernissen - eine Fernsehserie zu dem Thema würde das ja auch nicht anders handhaben.\nSchnell haben wir einige Figuren skizzieren können, die später vorkommen sollen:\nKate, eine freie Journalistin mit der Motivation \u0026ldquo;Knowledge: Father\u0026rdquo;. Ihr Vater verschwand in frühen Jahren um Runner zu werden. Kate arbeitet oft als (Edge) Medienschlampe für (Connection) Kanal 21 und hat (Connection) Verbindungen in die Unterwelt. Ihr Personal Set ist ihr gepanzerter privater Ü-Wagen. Face ist ein Fixer und Hochstapler, genau wie sein Namensvetter beim A-Team. Ebenso wie sein A-Team Vorbild ist er unverbindlich und oberflächlich - sein Issue ist \u0026ldquo;Growth\u0026rdquo;. Er ist ein (Edge) Strahlemann, der immer perfekt aussieht, und (Edge) organisiert unverhoffte Ressourcen. Seine Freundschaft mit (Connection) dem Barkeeper Bob ist legendär. Sein Personal Set ist sein Schlafzimmer mit seinem geliebten Wasserbett. Rock ist ein Troll, und ein Rigger. Er ist hart gepanzert und gut ausgerüstet und hat das Gefühl, daß er als Person nicht ernst genommen wird sondern nur als Waffe oder gelehriges Monster. Sein Issue ist \u0026ldquo;Self respect/Selbstwert\u0026rdquo;. Als die Figur definiert wurde, hatte Harald (Connection) Susan, ein fünfjähriges Mädchen, das der Troll in seinem Arm hält, noch nicht näher definiert, sondern nur dieses Bild vor Augen. Rock ist (Edge) ein Tank und (Edge) ein Rigger mit Ausrüstung. Squeek ist ein furchtsamer, aber begabter Schamane. Sein Totem ist Ratte, und so ist er in der Großstadt gerne zu Hause. Sein Issue ist die Liebe, speziell die schüchterne und unerwiderte Liebe. Er ist (Edge) zäh und hat (Connection) einen Esoterikladen in irgendeinem mittelbilligen Viertel der Stadt. Dort (Personal Set) diskutiert er gerne über Magietheorie mit einer (Connection) Stammkundin, ausgerechnet einer hermetischen Magierin. Tie ist ein (Edge) Corporate Killer, oder war es, denn sein Issue ist Reue. Er ist gut bei Kasse in seinem (Personal Set) Penthouse, in dem er mit (Connection) seiner Freundin lebt. Obwohl er aus dem Geschäft ist, unterhält er noch Verbindungen (Connection) zu seinem alten Mr. Johnson. Nachdem die Figuren unserer Serie feststanden, mußten wir uns über einen Story-Arc und den Hintergrund klar werden.\nWir haben uns für einen Plot entschieden, der ein wenig an die Universal Brotherhood erinnert: Die Geschichte beginnt damit, daß unsere Runner in einem Warenhaus der Interweb Logistics aufwachen, mit einer Schockamnesie a la Bourne Identity und dort auch prompt von einem Team der Interweb Logistic angegriffen werden. Sie begreifen schnell, daß sie keine normalen Menschen sind, und daß sie als Team zusammen zu agieren gewohnt sind. Wir haben diese Szene aus einem potentiellen Pilotfilm kurz angespielt, um die Figuren und ihre Interaktion und Motivation zu testen.\nDanach erst haben wir eine Season von neun Abenteuern geplant, die alle vor dem Piloten spielen.\nDie angegebenen Zahlen zeigen dabei die Screen Presence einer Figur in dieser Folge: Eine Screen Presence von 1 definiert, daß die Figur in dieser Folge kaum mehr als ein Statist mit einem Namen ist. Eine Screen Presence von 2 hat eine Figur, die in dieser Folge eine wichtige Nebenrolle spielt oder die den B-Plot trägt - der B-Plot kontrastiert oft die Ereignisse und Erfahrungen der Hauptfigur, die in dieser Folge eine Screen Presence von 3 hat.\nDie erste Folge ist \u0026ldquo;Face it\u0026rdquo;, eine Face (3) und Kate (2)-Folge, in der das Issue von Face recht schnell gelöst werden sollte, um ihn besser in die Gruppe (seine ersten echten Freunde) zu integrieren und um seine Verbindungen für die Gruppe nutzen zu können.\nIn \u0026ldquo;Spiderweb I\u0026rdquo;, eine Plotfolge mit Tie (2) und Kate (2), geht es um Interweb Logistics und die Figuren decken erste Zusammenhänge auf.\nRock (2), Squeek (2) und Kate (2) arbeiten weiter an diesen Entdeckungen in \u0026ldquo;Menage a trois\u0026rdquo;\nIn \u0026ldquo;Spiderweb II\u0026rdquo; enthüllt sich dann endlich, daß das Prozessor- und Netz-Logo von Interweb Logistics nicht nur das ist, sondern daß hinter Interweb Logistics ein Insect Spirit (Spider) steht, sodaß das Logo auch eine stilisierte Spinne und ein Spinnennetz sein können. Interweb Logistics arbeitet an einem Merger von Technik und Magie.\nAusgespielt haben wir dann \u0026ldquo;Rock and a hard place\u0026rdquo; in der Rock (3) und Squeek (2) zu Susanns Mutter, einer Deckerin, rasen, um diese zu retten. Diese hat nämlich einige erbeutete Bauteile von Interweb Logistics in ihr Deck eingebaut und Rock und Squeek haben Grund zu der Annahme, daß dadurch Lebensgefahr besteht. Beide kommen gerade noch rechtzeitig an, um Susann und ihre Mutter zu retten. Dem Zuschauer wird klar, daß Susann die Tochter von Rock ist und Rock von ihrer Mutter aus dem Haus geworfen wurde, als er zum Troll goblinisierte - diese Wendung der Geschichte war ursprünglich nicht geplant, ergab sich dann aber aus der Konstellation der Figuren beim Ausspielen als passend melodramatisch. Susanns Mutter wird durch Rocks Einsatz klar, daß Rock nicht gefährlich für sie und ihre Tochter und trotz seiner Veränderung ein guter Vater für seine Tochter ist. Damit löst sich dann auch Rocks Issue episodengerecht auf - sein Leben hat jetzt einen Sinn, der über seine Rolle hinausgeht.\nAuch die folgende Episode, \u0026ldquo;Shadow\u0026rdquo;, haben wir dann ausgespielt. Dies ist eine Folge für Kate (3), Squeek (2) und Tie (2). Kate und die beiden finden nämlich entscheidende Informationen über Interweb heraus, geraten aber in eine Verfolgungsjagd, bei der Kate ihren Vater wiedertrifft, aber feststellen muß, daß er irgendwie in die ganze Geschichte verstrickt ist - leider möglicherweise nicht auf der richtigen Seite. Im Finale der Folge kommt es zur Konfrontation und Auseinandersetzung, doch während Kates Vater von den Runnern gerettet und gefangen genommen wird, gelingt es den Agenten von Interweb Logistics, Kate zu entführen.\nSo kommt es nun zu \u0026ldquo;Rat on the prowl\u0026rdquo;, in der Squeek (3) mit Hilfe von Face (2) Kate finden und befreien muß. Wird es ihm gelingen, ihr seine Liebe für sie zu gestehen oder wird er sich nach Kates Befreiung wieder unauffällig im Hintergrund halten?\nIn der vorletzten Folge, \u0026ldquo;Tie ist up\u0026rdquo;, muß Tie (3) sich dann entscheiden, ob er die Gruppe an seinen Auftraggeber und an Interweb Logistics verrät oder ob er loyal zur Gruppe ist. Rock (2) hat einen Verdacht, aber er ist zu spät. Oder doch nicht?\nIn \u0026ldquo;Countdown to Zero\u0026rdquo; (Face (2) und Rock (2)) werden dann die Ereignisse geschildert, die zum Erwachen und der Amnesie der Gruppe im Piloten führen.\nAlles in allem haben sich die ursprünglich recht losen Plotbausteine durch das Anspielen und dann weiter planen von Episoden tatsächlich zu einem einigermaßen stimmigen Arc zusammengeführt, und die Issues der einzelnen Figuren haben sich tatsächlich recht mühelos in den Plot integriert.\nLediglich die Startphase von PtA ist noch immer recht mühsam, obwohl durch die oben angesprochene Vorgehensweise viele Probleme entschärft worden sind, die ich sonst mit PtA habe.\n","date":"2008-10-05T00:00:00Z","href":"https://blog.koehntopp.info/2008/10/05/drsrm-2008-primetime-adventures.html","tags":["drsrm","roleplay","lang_de"],"title":"drsrm 2008: Primetime Adventures"},{"categories":null,"content":" Splitter des Imperiums (Uploads.pdf )\ndrsrm 2008 in Hannover geht nun zu Ende. Ich war von Freitag Mittag bis Sonntag Mittag da. Gespielt habe ich Shadowrun \u0026ldquo;über 30\u0026rdquo; nach Primetime Adventures-Regeln als Producer (\u0026ldquo;Spielleiter\u0026rdquo;), das Buffy/Angel-Rollenspiel mit einem Setting in Berlin und Universalis \u0026ldquo;Future Fantasy\u0026rdquo;. Aber der Reihe nach.\nUniversalis ist kein traditionelles Rollenspiel, sondern eine Art Autorenwerkzeug, mit dem man mit mehreren Personen über einen Plot verhandeln kann. Dabei müssen die einzelnen Autoren am Tisch nicht zwingend kooperativ arbeiten - Universalis würde vermutlich auch funktionieren, wenn man kompetetiv zusammen sitzt und sich mit den Mitteln von Universalis um den Plot streitet.\nDazu verwendet Universalis eine Menge von Coins (z.B. Pokerchips) und jede Menge W10. Man beginnt damit, daß die Mitglieder der Gruppe am Tisch reihum Dogmen kaufen. Dogmen können Content der Geschichte festlegen (\u0026ldquo;Es gibt interstellare Reisen\u0026rdquo;) oder verhindern (\u0026ldquo;Keine Jedi\u0026rdquo;). Sie können auch Spielregeln definieren (\u0026ldquo;Lebende Spielfiguren haben Lebenspunkte als Attribut\u0026rdquo;) oder Metaregeln festsetzen (\u0026ldquo;Keine Albernheiten in-game. Ihr könnt gerne out-game am Tisch kaspern, aber keine Witznamen für Personen und Orte oder ähnliche in-game Jokes. Die Strafe bei Verstoß sind zwei Coins.\u0026rdquo;).\nWenn Dogmen widerspruchslos von den anderen akzeptiert werden, kosten sie einen Coin, sonst werden von den Konfliktparteien Coins gegeneinander gesetzt bis eine Seite aufgibt (\u0026ldquo;Wenn Dir das so wichtig ist, dann ist es so wie Du sagst.\u0026rdquo;). Die gesetzten Coins gehen an die Bank.\nNachdem die Liste der Dogmen komplett erscheint, werden Szenen verhandelt.\nDabei muß für jedes Objekt und jedes seiner Attribute ein Coin bezahlt werden: \u0026ldquo;Eine 25km lange Waffenplattform (1 Coin) mit Sprungkapazität (1 Coin) und dem Namen (1 Coin) \u0026lsquo;Schwert des Imperiums\u0026rsquo; materialisiert sich über dem Planeten.\u0026rdquo;\nDabei kann es zum Konflikt kommen: Es mag sein, daß andere Spieler das nicht so wollen, wie der aktuelle Erzähler die Situation schildert. In dem Fall kämpfen zwei Objekte gegeneinander: Die Eigenschaften der Objekte und jeder zusätzlich gesetzte Coin geben einen W10. Diese Würfel werden geworfen - 1-5 Augen sind ein Erfolg, 6-10 Augen ein Mißerfolg. Die Seite mit mehr Erfolgen gewinnt den Konflikt, die Summe ihrer Augen wird in Coins von der Bank bezahlt. Die unterlegene Seite erhält ihren Einsatz zurück.\nDanach geschehen die Dinge so wie die Gewinnerseite erzählt.\nIn Universalis wird für alles bezahlt: Man kann sich auch Erzählrecht (\u0026ldquo;Unterbrechungen\u0026rdquo;) kaufen, oder sonstwie Coins in die Menge werfen um Dinge zu verändern.\nDie Coins, die für Eigenschaften von Dingen oder Personen verwendet werden, gehen auf die Karteikarte des betreffenden Objekts. Das Objekt wird dadurch wertvoller und schwieriger aus der Handlung zu nehmen.\nWir sind in unsere Universalis-Runde mit der Vorgabe \u0026ldquo;Future Fantasy\u0026rdquo; hinein gegangen - dieses Genre reicht dabei von \u0026ldquo;Star Wars\u0026rdquo; bis \u0026ldquo;Riddick\u0026rdquo;. Was sonst noch passieren sollte war keinem der Anwesenden klar, Erwartungen oder Vorstellungen gab es nicht.\nNachdem wir Dogmen aufeinander getürmt hatten, entstand dabei eine Welt mit einem Wüstenplaneten a la Arrakis, auf dem Laserkristalle abgebaut werden, riesigen Sprungschiffen a la Babylon 5, digitalen Backups von Lebewesen, die auch auf Maschinen statt auf Körpern ausgeführt werden konnten und in neue Körper runtergeladen werden können. Talente, akausale Psi-ähnliche Begabungen, sind dabei an Körper, nicht an Identitäten gebunden und Unsterblichkeit gibt es für biologische Körper nicht.\nDer Konflikt, vor dem alles andere sich abspielten sollte, entstand dabei quasi von selbst:\nUnsere Dogmen bewirkten, daß alles biologische Leben sterblich ist und daß alles maschinelle Leben sich von den Menschen schnell entfremdet. Das 5000 Sterne umfassende Sternenreich, in dessen Nachfahren wir spielen wollten, ist deswegen zerfallen: Uploads, digitalisierte Menschen, entfremden sich von den lebenden Menschen nach einer gewissen Zeit, und die Upload-Kriege waren für den Untergang des Imperiums verantwortlich.\nAber in unserer Spielwelt ist es unmöglich, Körper ohne Bewußtsein herzustellen, sodaß ein Upload entweder nach 30 Jahren enden muß, bei seinem Download in einen neuen biologischen Körper das darin enthaltene Bewußtsein auslöschen muß oder zu einer unmenschlichen, nach menschlichen Maßstäben wahnsinnigen Existenz wird.\nVor diesem \u0026ldquo;epischen\u0026rdquo; Hintergrund finden dann noch kleinere, lokale Konflikte statt - zum Beispiel der Kampf um die Kristallwelt, der einzigen Quelle der für Laserwaffen notwendigen Kristalle.\nUniversalis ist ein guter Plotgenerator - wir haben damit Splitter des Imperiums (PDF) erzeugt. Ich glaube, ich kann mir Universalis als eine Formalisierung der Plot-Vorphase eines PtA gut vorstellen.\nBesonders hat mich beeindruckt, daß das ganze in dem PDF geschilderte Universum als emergente Leistung der Gruppe entstanden ist - niemand ist mit dieser Idee oder etwas, das dieser Idee auch nur entfernt nahe kommt in die Runde hinein gegangen.\nSzenario, Personen, Eigenschaften und Konflikte sind reihum durch Aufeinandertürmen von Dogmen, Challenges, Szenen und Conflicts entstanden. Und wenn man es, wie Harald es getan hat, als PDF mit ausformulierten Sätzen wie ein Sourcebook aufschreibt, dann haben wir pro Stunde etwa 4-5 Seiten Quellenbuch generiert. Das ist eine ganz gute Quote eigentlich.\n","date":"2008-10-05T00:00:00Z","href":"https://blog.koehntopp.info/2008/10/05/drsrm-2008-universalis.html","tags":["drsrm","roleplay","lang_de"],"title":"drsrm 2008: Universalis"},{"categories":null,"content":" Perl is a nice programming language, but it should not be necessary to do this in order to do OOP in Perl.\n","date":"2008-09-19T00:00:00Z","href":"https://blog.koehntopp.info/2008/09/19/oop-in-perl.html","tags":["fluffy fluff","lang_de"],"title":"OOP in Perl"},{"categories":null,"content":"Channelkind Kikka fragte nach Hilfe bei den Physikhausaufgaben. Und da ich gerade mit dem E90 alleine in Amsterdam bei einem Hamburger und einem Bier saß, dachte ich, ich erklär ihm mal den Teil meiner Schulphysik, an den ich mich ein halbes Leben und zwei Bier später noch erinnere. Das Ergebnis ist zwar nicht unbedingt eine Antwort auf seine Frage, aber vielleicht trotzdem nützlich.\nkikka\u0026gt; Moo, ich muss was über Kernspaltung und Fusion schreiben.\nIsotopp\u0026gt; Mach doch einfach. Welches Fach?\nkikka\u0026gt; Physik. Ich weiß nicht, ob ich das kann. Und ob ich mich da ausdrücken kann.\nIsotopp\u0026gt; Klar kannst Du. Geht es auch genauer? Was ist der Kontext? Was habt ihr zu dem Thema behandelt? Was ist das Ziel? Weisst Du was Alpha, Beta, Gamma Zerfall ist?\nkikka\u0026gt; Eine sehr gute Frage. Das haben wir mal nebenbei angeschnitten.\nIsotopp\u0026gt; Was Fusion und e = mc^2 miteiander zu tun haben? Wer Feynman ist?\nkikka\u0026gt; Nope, nope.\nIsotopp\u0026gt; Feynman war cool. Atombombenerfinder, Safeknacker, Trommler, Nobelpreisträger, Physiklehrer und Space Shuttle Debugger.\nkikka\u0026gt; Ne, das hatten wir nicht. Wir hatten was mit Bindungsenergie in meV von geladenen Nukleonen oder so.\nIsotopp\u0026gt; Wie lautet die Aufgabe denn genau? Ich meine, das ist ein weites Feld.\nkikka\u0026gt; Moment. Text: \u0026ldquo;Warum lässt sich durch Kernspaltung bzw Kernfusion Energie freisetzen?\u0026rdquo;\nIsotopp\u0026gt; Ah. Da kann man dann ja ein paar Stunden zu berichten. Also, wenn Du Dir mal die verschiedenen typischen Zerfälle anguckst, wie sie in Reaktoren stattfinden, U235 Zerfall etc. Dann siehst du ja, daß die Summe der Reaktionsprodukte leichter ist als die der Ausgangsmaterialien ist, und da e = mc^2, bumm. Ditto bei Fusion. Jetzt muss man nur noch die typischen Fissions- und Fusionsreaktionen aufmalen.\nkikka\u0026gt; Dazu sollen wir ein Diagramm beschreiben und mit Bezug darauf Kernspaltung und Kernfusion unterscheiden.\nIsotopp\u0026gt; Dein Diagramm enthält mit Sicherheit Spaltprodukte, so was wie U235 plus Neutron werden zu irgendwas plus Gammaquant. Das Gamma ist ein Photon, also Energie. Fission ist im Grunde simpel, du haust wahlweise einen Heliumkern (alpha), ein Elektron (beta) oder ein Photon (gamma) raus, und hast dann ein neues Element.\nkikka\u0026gt; Wir hatten die Massezahl gegen die Energie in MeV aufgetragen gehabt. Und seltsamerweise finde ich meine verdammten Aufzeichnungen nicht. Exakt das.\nMöh. Doofes E90 kann kein Cut und Paste im Putty. Sonst hätten wir hier auch abkürzen können.\nIsotopp\u0026gt; Kannst du ja ausrechnen. Masse m, Lichtgeschwindigkeit c und dann Energie in MeV umrechnen. Du kriegst J, Du willst MeV.\nkikka\u0026gt; Was hat denn die Lichtgeschwindigkeit und die Masse damit zu tun?\nIsotopp\u0026gt; e = mc^2?\nkikka\u0026gt; Damit haben wir garnichts gemacht\nIsotopp\u0026gt; Nein, aber das liegt zugrunde. Wenn du die Massezahlen vorher und nachher aufsummierst stellst du fest, das dir eine winzigkeit Masse pro Atom fehlt. Was doof ist, denn wir haben im Universum ja Masseerhaltung, und Energieerhlaltung, und Ladungs- und Spinerhaltung.\nIsotopp\u0026gt; Guck mal nach Decay Chain . U235 -\u0026gt; Thorium-231 plus ein Alphateilchen und die Summe von Th231 plus 2n plus 2p ist kleiner als die Masse von U235.\nkikka\u0026gt; Wir haben nichts mit Alpha, Betateilchen gemacht.\nIsotopp\u0026gt; Sondern? Also U235 ist jedenfalls Actinium series decay chain und dann Alphazerfall zu Th231.\nkikka\u0026gt; Wir haben auch noch nichts mit Verfall gemacht. Wir waren mit Bindungsenergie beschaeftigt und Kernenergie.\nIsotopp\u0026gt; Du sagtest was von Diagramm?\nkikka\u0026gt; Das: Ich tippe die URL ab.\nIsotopp\u0026gt; Hm, ja. Fe ist doof. Habt ihr schwache und starke Kernkraft gemacht? Die 4 Grundkräfte?\nkikka\u0026gt; Nein.\nIsotopp\u0026gt; Warum fliegt ein Alphateilchen/Heliumkern nicht auseinander? Da sind 2 Protonen drin, also zwei +-Ladungen. Die stossen sich doch ab?\nkikka\u0026gt; Dachte ich auch. Oder ist das wieder so komisch, dass die Hülle den Kern anzieht und die andere Hülle den anderen Kern?\nIsotopp\u0026gt; Nein, es gibt andere Kräfte, die Teilchen aneinander kleben lassen und die sind viel stärker als elektromagnetuische Abstossung, aber die reichen weniger weit, sie nehmen also auf Entfernung schneller ab als Elektromagnetismus. Auf kleine Distanzen kleben also Nukleonen aneinander, auf Abstand aber stoßen Protonen einander ab.\nkikka\u0026gt; Ich glaube das ist viel zu weit für Sek I.\nIsotopp\u0026gt; Der Punkt ist: die Dinger stossen einander ab, aber es gibt Kurzdistanzkleber. Der Kurzdistanzkleber sind die starke und schwache Kernkraft, in englisch strong und weak force.\nIsotopp\u0026gt; Und mit der weak force spielt man genau bei Fission. Sorry, strong force sogar, glaub ich. Strong force ist komisch, das ist eine Kraft, die um so stärker wird, je groesser der Abstand wird. Das ist genau anders als bei den anderen Kräften. Jedenfalls, wenn du weiter da rein bohren willst, jenseits von Bindungsenergien und Massezahlen, dann willst du Standardmodell, LHC, Starke Wechselwirkung, Schwache Wechselwirkung, und Decay Chain, Alphazerfall, Betazerfall (b+ und b-) und Gammazerfall als Suchbegriffe. Wikipedia ist da gar nicht übel zum Nachlesen.\nkikka\u0026gt; So, ich hab Unterlagen wieder. OK, effektiv sehe ich nur ein Diagramm, ergo kann ich nur eines beschreiben. Ein Satz verwirrt mich: (Aus einem Referat) \u0026ldquo;Die pro Kernspaltung nutzbare Energie von 190 MeV ist so klein, dass rund 33 Mrd Urandkerne gespalten werden müssen, um 1J Wärme zu erzeugen\u0026rdquo; Ist 1J viel oder wenig? :)\nIsotopp\u0026gt; Ja und? Was ist den die Definition von 1J? Und wieviel J brauchst du pro Tag zum Leben? Und sind 33 Mrd. Kerne viel? Wieviel kerne sind ein mol? Was ist die Avogadrozahl genau?\nkikka\u0026gt; Ah, uh, übersehen: 1J = 6,24210^18 eV. Und was ist die Avogadrozahl?\nIsotopp\u0026gt; Was ist ein mol, kikka ?\nkikka\u0026gt; Eine Stoffmenge.\nIsotopp\u0026gt; 1J ist die Energie die du brauchst um 1g = 1ml Wasser um 1C zu erwärmen.\nNein, das ist eine Kalorie. Eine Kalorie sind außerdem 4,1868 Joule. Die folgende Rechnung ist also um den Faktor 4.einbischen falsch. Danke, Ingo.\nkikka\u0026gt; Ah, das. Ich kann mir da immer nur das ^23 merken, den Rest nicht.\nIsotopp\u0026gt; 6.023 mal 10 hoch dreiundzwanzig von was genau?\nBa|rog\u0026gt; Teilchen\nIsotopp\u0026gt; Ba|rog: Bäh, ich will das kikka seine Arbeit selber macht.\nBa|rog\u0026gt; oh. \u0026lsquo;zeihung.\nkikka\u0026gt; Ja, gut, jetzt hat Ba|rog es verraten ;)\nIsotopp\u0026gt; kikka: ein Mol U235 sind 6.023 * 10^23 Atome. Wieviel Mrd atome sind das?\nIsotopp\u0026gt; Also 6.023 * 10^23 / 10^9 = ?\nIsotopp\u0026gt; 10^23 / 10^9 = 10^(23-9) = 10^(14)\nIsotopp\u0026gt; Also 100 Billionen Mrd, also 10 Billionen * 10 Mrd, also etwa 3 billionen * 30 Mrd, also etwa 3 Billionen Joule.\nIsotopp\u0026gt; Ein Mol U235 setzt also 3 Billionen J frei, wenn man es komplett spaltet.\nIsotopp\u0026gt; Wieviel g ist ein mol U235 schwer?\nkikka\u0026gt; Wie komme ich denn jetzt auf g?\nIsotopp\u0026gt; Lies mal Mol . Es ist U235, also: genau 235g. Ein Mol von einem reinen Stoff mit Atomgewicht x wiegt genau x Gramm und hat genau A teilchen drin, A ist die Avogadro-zahl.\nIsotopp\u0026gt; U235 -\u0026gt; 1 mol wiegt genau 235g\nIsotopp\u0026gt; U238 -\u0026gt; 1 mol sind 238g\nIsotopp\u0026gt; C12 -\u0026gt; 1 mol sind 12g\nIsotopp\u0026gt; Wenn es ein Gas wär, wüßtest du auch, es sind 22.4l.\nkikka\u0026gt; Ah, OK.\nIsotopp\u0026gt; Aber Uran ist ein festes Metall mit einer Dichte von 19.2. Was heißt Dichte 19.2?\nIsotopp\u0026gt; Wasser hat Dichte 1, ein Liter wasser = 1 Kilo.\nIsotopp\u0026gt; Ein Liter Uran = 19.2 Kilo\nIsotopp\u0026gt; Wieviel Volumen haben 235g Uran?\nIsotopp\u0026gt; 235g/19.2g/ml = 12.2 ml\nIsotopp\u0026gt; ein Schnapsglas = 20ml = 2cl\nIsotopp\u0026gt; ein halbes Schnapsglas U235 = 3 Bio Joule Bumm bei vollständiger Kernspaltung.\nIsotopp\u0026gt; ein Joule = 1ml wasser wird ein Grad heißer als vorher.\nIsotopp\u0026gt; Wenn du also ein halbes Schnapsglas U235 hast, wiegt das 235g, so viel wie ein Becher Milch. Und wenn du das spaltest, gibt es einen fiesen Blitz, weil das 100g wasser um 30 mrd grad aufheizen würde. Und am Ende hast du einen Haufen Alphateilchen und Thorium 231. Vermutlich als Dampf. :) Eher als Plasma. Das ist Dampf, der so heiß ist, daß den Atomen die Elektronen wegfliegen, weils zu warm ist.\nkikka\u0026gt; Und warum würde sowas passieren?\nIsotopp\u0026gt; Was?\nkikka\u0026gt; Warum würde es sich spalten? Was braucht man für eine Spaltung?\nIsotopp\u0026gt; Oh, da schaust du mal Kettenreaktion\nkikka\u0026gt; Kettenreaktion Da?\nIsotopp\u0026gt; Genau. Der Punkt da ist: um einen Zerfall auszulösen braucht es etwas, etwa ein Neutron mit der richtigen Energie. Und der Zerfall, der dann stattfindet setzt wieder Neutronen frei, ggf. mehr als eins. Die treffen dann stabile Atome im Umkreis, die dann zerfallen und die setzen wieder Neutronen frei, noch mehr. Manchmal passt es genau, dann koennen die freigesetzten Neutronen direkt auf die umliegenden Atome einwirken. Manchmal passt es nicht, dann sind die freigesetzten Neutronen zu schnell, um bei den umliegenden Atomen den Zerfall zu triggern. Dann fügt man noch einen weiteren Stoff dazu, im Umfeld, eine Neutronenbremse. Das nennen wir einen Moderator. Das kann Wasser sein, oder Kohlenstoff.\nkikka\u0026gt; Ansonsten könnte sich das unguenstig ausbreiten, oder wie?\nIsotopp\u0026gt; Der Moderator soll auch dazu dienen, generell Neutronen aufzusaugen, weil wir ja nicht wollen, daß sich in Sekundenbruchteilen 3 Bio J freisetzen und bumm. Sondern weil wir wollen, dass unser Reaktor mal so grad Wasser am Kochen haelt, das dafür aber fuer viele Jahrhunderte. \u0026ldquo;unguenstig ausbreiten\u0026rdquo; exakt.\nkikka\u0026gt; Okay. So, ich versuch dann mal mit meinen Wörtern den Unterschied zwischen Spaltung und Fusion beschreiben.\nIsotopp\u0026gt; Ich höre.\nkikka\u0026gt; Also, bei der Fusion kommt ja noch das Neutron dazu und bei der Spaltung wird dazu ja nur hohe Rahmenbedingen vorrausgesetzt, oder so.\nIsotopp\u0026gt; Du meinst als Auslöser?\nkikka\u0026gt; Ja.\nIsotopp\u0026gt; Ja, aber das ist nur ein technisches Detail. Schau noch mal auf deine Zeichnung mit der \u0026ldquo;Bindungsenergie\u0026rdquo;. In der Natur gibt es etwas, das heisst \u0026ldquo;Entropie\u0026rdquo;. Alle natürlichen Prozesse haben eine Richtung, alles in der Natur versucht immer den energieärmsten Zustand einzunehmen. Dinge werden von Natur aus immer unordentlicher und nie von selbst ordentlicher.\nIsotopp\u0026gt; Du hast Kernreaktionen, also Umwandlungen von Elementen in andere Elemente. Bei Fusion entsteht etwa aus Wasserstoff Helium, und bei Fission aus Uran Thorium. In beiden faellen wird \u0026ldquo;Bindungsenergie\u0026rdquo; frei, das heisst das Reaktionsprodukt hat weniger Masse als die Summe der Ausgangsstoffe. Die fehlende Masse, das ist Energie, viel Energie.\nIsotopp\u0026gt; In Deiner Zeichnung kannst du am linken Rand von H2 auf He4 über gehen. Das He ist aber etwas leichter als 2 Stück H.\nkikka\u0026gt; Ja.\nIsotopp\u0026gt; Das ist die Fusionsenergie, die frei wird.\nkikka\u0026gt; Also 1 MeV?\nIsotopp\u0026gt; Mehr.\nkikka\u0026gt; Ah, 6 MeV\nIsotopp\u0026gt; Ja, von H2 nach He4 in der Zeichnung. Jetzt begriffen?\nkikka\u0026gt; Ja.\nIsotopp\u0026gt; Okay.\nkikka\u0026gt; Das haben wir auch schonmal gemacht.\nIsotopp\u0026gt; Die Sonne. Wie generiert sie Energie? So: Kernfusion in Gestirnen Also, in der Sonne entsteht Helium\nkikka\u0026gt; Deuteriumkerne fusionieren zu Heliumkernen?\nIsotopp\u0026gt; Ja\nkikka\u0026gt; Hmm.\nIsotopp\u0026gt; Also 2H + 3H -\u0026gt; 4He + 1N + ein Haufen MeV\nkikka\u0026gt; Sag mal, die Spaltung, gebraucht die schwerere Kerne als die Fusion. Die benutzt ja leichte.\nIsotopp\u0026gt; Ja. Schau noch mal in die Zeichnung mit der Bindungsenergie. Die Kurve hat ein Minimum. Wo liegt das?\nkikka\u0026gt; Zwischen Fe und Sr?\nIsotopp\u0026gt; Ziemlich genau bei Fe. Das ist Eisen. Ok, ich habe vorhin das Wort Entropie gebraucht und daß alles im Universum immer den energieärmsten Zustand einnehmen will. He ist energieärmer als H. Durch Fusion entsteht aus 2H + 3H -\u0026gt; 4He + 1n + MeV. Es wird also Energie frei, das Resultat ist um 17 MeV energieärmer. Leichter, denn Energie ist Masse, sagt Einstein.\nIsotopp\u0026gt; durch Fission kommen wir ebenfalls auf einen energieärmeren Zustand. Aber nur, wenn wir mit dicken Kernen anfangen. Und beim Eisen ist alles aus. Da ist deine Bindungsenergie zwischen den Nukleonen minimal. Soweit klar?\nkikka\u0026gt; Da gehts nicht mehr runter, oder wie?\nIsotopp\u0026gt; Nein. Siehst du ja am Diagramm. Du kannst von unten an Eisen ran mit Fusion, oder von oben an Eisen ran durch Fission. Ok?\nkikka\u0026gt; Ja.\nIsotopp\u0026gt; Ok, Urknall. Das Universum entsteht. Grosser Blitz, alles Plasma, Dinge kühlen ab, wir haben Wasserstoff. Wie ist das Uran entstanden? Erst mal, wie ist das Helium entstanden? Das ist leicht.\nkikka\u0026gt; Durch Fusion von dem Wasserstoff?\nIsotopp\u0026gt; Exakt. Und Sauerstoff? Bethe-Weizäcker Zyklus Auch durch Fusion, aber eine komplizierte. Diese Fusion wurde 1938 oder so zuerst beschrieben und zwar von Bethe und C.F. Weizäcker. Das ist der Bruder von Richard Weizäcker, und ein Kieler.\nIsotopp\u0026gt; Kiel hat jede Menge tolle Atomphysiker. Der Max Planck zum Beispiel kommt auch aus Kiel. Planck ist ein Supergott der Physik. Planck fragte sich: Wenn so ein Elektrom um einen Atomkern kreist, wieso wird es dann nicht langsamer und fällt in den Kern?\nkikka\u0026gt; Weil es abgestoßen wird, oder so?\nIsotopp\u0026gt; Der Kern hat positive Ladung, das Elektron negative. Die ziehen sich an. Drum kreist das Elektrom ja. Das ist ja nicht wegen Gravitation so, dafür sind die Teile viel zu leicht.\nIsotopp\u0026gt; Es gibt keine Erklärung dafür, wenn man nicht eine Annahme macht. Und das geht so: Die Umlaufbahn von einem Elektron um den Kern wird bestimmt durch die Energie. Je mehr \u0026ldquo;Schwung\u0026rdquo; Du da rein drückst, um so weiter draußen kreist das Elektron. Wenn es Energie verliert, kreist es näher am Kern, es wird dichter angezogen.\nkikka\u0026gt; Kann man da Schwung reindrücken?\nIsotopp\u0026gt; Ja, das Elektron kann zum Beispiel ein Photon (Licht, Energie) absorbieren. Dann gewinnt es Energie. Das Photon ist weg, und das Elektron schneller, kreist weiter draussen. Oder das Elektron geht näher an den Kern, dazu muß es Energie los werden, abstrahlen. Das Elektron gibt ein Photon ab. Wenn das Photon die richtige Menge Energie hat, ist es im Bereich des sichtbaren Lichtes, dann leuchtet das Material.\nPlanck hat jetzt festgestellt: Atome brechen nicht zusammen. Das kann nicht sein. Er kann berechnen, dass ein Energie verloren gehen müßte, daß Elektronen langsamer werden müßten. Und danach wären wir alle tot, weil es keine kreisenden Elektronen mehr gibt. Das ist aber nicht der Fall - offensichtlich.\nDaher mußte Planck annehmen, daß es Energie nicht in stufenlosen Größen gibt, sondern nur in Energieeinheiten. Es gibt Energieatome.\nUnd jede Form von Photon, die du siehst, kann nur eine Energie von x * Grundeinheit sein. Die Grundeinheit von Energie nennt man ein Wirkungsquantum h. Und das ist das nach Max Planck benannte plancksche Wirkungsquantum. Das Elektron würde also gerne Energie abgeben und näher an den Kern ran, aber es kann nicht. Es muss mindestens ein h abstrahlen.\nDas war um 1900, und die Geburtsstunde einer neuen Physik, nicht stufenlos, sondern auf der Basis von Energieteilchen, Wirkungsquanten. Wir nennen das Quantenphysik.\nDummerweise paßt die Mathematik der Quantenphysik nicht zur Mathematik von Einstein, der Relativitätstheorie.\nDa wird es dann kompliziert, unter anderem, weil wir heute, mehr als 100 jahre später immer noch keine Lösung haben. Und darum, lieber kikka, haben wir letzte woche den LHC in betrieb genommen. Wegen Einstein und wegen Planck.\nkikka\u0026gt; Und der wird dann etwas Neues hervorbringen?\nIsotopp\u0026gt; Ja. Wir wissen seit Planck, dass Licht, Wärme und Radio von Teilchen erzeugt werden. Die Kraft, die wir da haben, ist die elektromagnetische Kraft, Kraft 3 von 4. Und sie wird ausgeübt von Photonen.\nAuch für die weak und die strong force haben wir Teilchen, von denen wir wissen, daß es sie gibt, und daß sie die Kraft übertragen.\nNur für die Gravitation, Kraft Nummer 4, haben wir das nicht.\nkikka\u0026gt; Ich nehme an, sowas kommt im LK Physik in der Oberstufe?\nIsotopp\u0026gt; Wo auch immer das Standardmodell besprochen wird. Standardmodell In dem Artikel heisst es: \u0026ldquo;Das SM ist eine relativistische Quantenfeldtheorie\u0026rdquo;. Das kannst du nun verstehen. Relativistisch ist die Mathematik von Einstein. Quantentheorie ist die Mathematik von Planck. Beide passen nicht zusammen. Eine relativistische Quantenfeldtheorie, wenn wir sie hätten, würde beides miteinander vereinen. Und (\u0026ldquo;feldtheorie\u0026rdquo;) erklären, wie die 4 Grundkräfte des Universums miteinander zusammenhängen. Also was Gravitation, Elektromagnetismus, Weak und Strong force miteinander zu tun haben. Es wäre eine Great Unified Theory (GUT). Die Physik der letzten 100 Jahre, seit Planck, hat nichts anderes zu tun gehabt als eine GUT zu finden. Aber uns fehlt dazu ein Teilchen.\nkikka\u0026gt; Hm, da von haben die auch in The Big Bang Theory geredet.\nIsotopp\u0026gt; Wie haben Teilchen die elektromagnetische Kraft (Licht, Wärme, Radio) übertragen, die Photonen. Wir haben Gluonen und so. Aber uns fehlt das Teilchen, das Schwerkraft erzeugt, das Graviton.\nIm Standardmodell heisst das Graviton das Higgs Boson und der LHC wurde gebaut, um das Higgs zu finden. Wenn wir es finden und wissen wieviel Energie es besitzt, dann können wir die mathematischen Werkzeuge, die wir haben, kalibrieren, also die passenden Naturkonstanten einsetzen. Und dann haetten wir eine GUT. Und die Physik haette endlich fertig. Nach 100 jahren!\nkikka\u0026gt; Und dann, würde das wieder neue Fragen aufwerfen?\nIsotopp\u0026gt; Aber ja!\nkikka\u0026gt; Hmm. Und dann währet ihr wohl sehr glücklich, oder so?\nIsotopp\u0026gt; Jeder der mal Physik gemacht hat in den letzten 100 jahren wär dann sehr sehr glücklich\nkikka\u0026gt; Hm. Dann kann dieser LHC ja gutes bringen.\nkikka\u0026gt; Was passiert, wenn es dieses Higgs-Boson aber nicht gibt, und der LHC das nicht findet?\nIsotopp\u0026gt; Dann können wir eine ganz Menge Mathe weg schmeissen.\nkikka\u0026gt; Ich mache lieber Hausaufgaben zu Ende.\nIsotopp\u0026gt; Zu deinen Hausaufgaben: Du siehst dass durch Fusion aus Wasserstoff neue Elemente entstehen. Aber nur bis Eisen rauf.\nIsotopp\u0026gt; Bindungsenergie Fusion -\u0026gt; Eisen. Danach muss man Energie aufwenden. Das passiert nicht, normalerweise, wegen Entropie. Wir haben Urknall, wir haben Wasserstoff, wir haben Fusion, also haben wir Helium Wir haben bethe-weizäcker, also kriegen wir aus Helium auch C, N und O, und dann durch noch kompliziertere Prozesse auch alles andere bis Fe rauf. Aber: Uran existiert. Wo kommt das Uran her?\nkikka\u0026gt; Sorry, ich kann momentan nicht mehr denken.\nIsotopp\u0026gt; Hatten wir auch noch nicht. Irgendwann einmal besteht der Kern eines Sterns aus Eisen. Eisen brennt nicht mehr durch Fusion. Nix im Stern erzeugt noch Energie, der Stern bricht zusammen, weil nichts mehr die Masse des Sterns auseinander drückt.\nDurch das Zusammenbrechen, das sehr sehr schnell passiert, heizt sich das Plasma im Kern noch mehr auf. Ein riesiger Blitz entsteht. Eine Supernova .\n\u0026ldquo;Beim Eisen, dem 26. Element, stoppt die Fusionskette, da Eisenatomkerne die höchste Bindungsenergie aller Atomkerne haben und weitere Fusionen Energie verbrauchen statt erzeugen würden. Bei der Explosion selbst treten allerdings Bedingungen auf, die zur Entstehung schwerer Elemente wie Gold, Blei, Thorium und Uran führen.\u0026rdquo; Alles in der Welt, das du siehst, das schwerer ist als Eisen, ist im Universum in Supernovas entstanden. Du trägst in deinem Körper die Teile von explodierten Sternen.\nkikka\u0026gt; Das ist \u0026hellip; weird.\nIsotopp\u0026gt; Sterne durchlaufen beim Brennen verschiedene phasen, und mit diesen Phasen auch verschiedene Größen und Temperaturen (die sich als Farben erkennen lassen).\nMan kann das aufmalen: Hertzsprung-Russell-Diagramm . Unsere Sonne \u0026gt; ist ein Hauptreihenstern der Spektralklasse G2. Schau auf die X-Ache des HR-Diagramms.\nkikka\u0026gt; Also in der Mitte?\nIsotopp\u0026gt; ja\nkikka\u0026gt; OK.\nIsotopp\u0026gt; Spektralklasse G Farbe gelb, Temperatur 5000-5900K mit Linien von Ca, FE und anderen Metallen\nkikka\u0026gt; Das wird sich dann aber aendern, in einigen Jahren.\nIsotopp\u0026gt; Morgan-Keenan spectral classification Das brennt schon 5 mrd Jahre, Minimum. und wird mindestens noch mal so lange so bleiben.\nkikka\u0026gt; Ach. Okay.\nIsotopp\u0026gt; Der Punkt ist: Teile der Energie einer Nova gehen in den Blitz, andere in die Gewinnung schwerer Elemente. In den Bruchteilen einer Sekunde, die den eigentlichen Novablitz ausmachen, wird durch Fusion von Eisenkernen und Energie neue, schwerere Masse erzeugt. Alles im Universum, was schwerer als Eisen ist, ist so entstanden.\nPraktischerweise wird es durch die Explosion auch gleich im Universum verteilt. So eine Nova bläst ja jede Menge Dreck raus. Ich meine, da fliegt ein ganzer Stern in die Luft.\nUnd diese Energie, die bei der Supernova durch diese unnatürliche, Energie kostende Fusion gebunden worden ist, kann später wieder freigesetzt werden, durch Fission. Der Energieerhaltungssatz ist also nicht verletzt worden, es entsteht nicht Energie aus dem Nichts.\nkikka\u0026gt; Okay. Ich denke, das war genug Physik für eine ganze Woche. :) Danke dafür.\nIsotopp\u0026gt; Und jetzt weisst du was Fusion mit Fission zu tun hat, und was Sterne mit Nukleonen zu tun haben, was die Physik so überhaupt die letzten 100 jahre gemacht hat, wer Feynman, Planck, Einstein und Weizäcker waren, wieso Kiel toll ist, und wieviel ein Mol ist, was Gramm mit Mol zu tun haben, was Gramm mit Milliliter zu tun haben über Dichte, und wie groß der Blitz ist, den ein Mol U235 macht. Du weisst was Alpha, Beta und Gamma-Zerfall ist, was die vier Grundkräfte im Universum sind, und was die Worte GUT und relativistische Quantenfeldtheorie bedeuten. Und wieso das mit dem LHC letzte Woche wichtig war.\nkikka\u0026gt; Ich denke, das ganze muss ich nochmal ins Gehirn einprägen. Auf jedenfall. Aber 100 Jahre, und nicht viel hat sich geändert. Ist das normal? Gab es das öfters?\nIsotopp\u0026gt; Nein. Das ist ein super hartes Problem. Darum ja der ganze Aufstand mit dem LHC.\nDu musst dir mal vorstellen, die schweizer Alpen, 27 km Tunnel, vier Stockwerke hoch, 100 Meter unter der Erde und das ist nur der Grosse Ring.\nDie stärksten Magnete der Welt, Elektromagnete, super hoch gepowered, so viel Strom da drin wie in einer ganzen Stadt. Damit das geht, alles runter gekühlt auf 2K (-271 Grad C), damit der Mist supraleitend wird.\nDann einen Protonenstrahl bauen und da reinschleudern, auf mehrere GeV beschleunigen, einen links rum, einen rechts rum.\nEin Protonenpaket hat dabei so viel Masse wie ein auf 27km breit gezogenes Sandkorn, aber so viel Energie wie ein Jumbojet voll TNT. Und dann nimmt man zwei so grosse Pakete und läßt die aufeinander zu rasen, so genau fokussiert, daß die einander tatsächlich treffen, und zwar genau da wo man so einen Detektor stehen hat und nicht irgendwo im Tunnel. Such mal Bilder von einem CERN ATLAS Detektor.\nkikka\u0026gt; Habe ich schon gesehen.\nKai reicht mir CMD Detector Assembly Particle Hunters rein.\nIsotopp\u0026gt; Während der Explosion entstehen Trümmer, neue Teilchen. Das dauert Femtosekunden. Und in der Zeit zeichnen die Dinger Daten auf, digital, die werden gespeichert und ausgewertet. CERN generiert Terabytes an Daten pro Sekunde, alles irrelevanter Scheiß. Und irgendwo da drin steckt das Event, das beweist, daß das Higgs existiert und wieviel GeV es hat.\nkikka\u0026gt; \u0026hellip; OK. Und die müssen es dann raussuchen?\nIsotopp\u0026gt; Ja. Und das ueberhaupt zu bauen. Die Physik, die Technik, die IT. Das geht nur heute. Mit Technik von 1997, 1987, 1907 geht das nicht. Und wie aufwendig das ist! Was meinst du, wie unglaublich wichtig Physiker das finden, um sich so was an zu tun?\nkikka\u0026gt; Krass, darum der große Aufwand.\nIsotopp\u0026gt; Ganz nebenbei entsteht natürlich noch jede Menge praktische Materialwissenschaft.\nUm 150 GeV auf Protonengröße zu fokussieren und das auszuwerten brauchst Du absolute Präzision, supraleitende Magnete, Steuertech und dann das Netz. Alleine der Storage. Die haben fuer CERN neue verteilte Filesysteme entwickelt, neue Steuerungs- und Filtertechnik, besseres Internet. HTTP und HTML sind 1994 am CERN erfunden worden von Tim Berners-Lee, damit Physiker auf Forschungsergebnisse zugreifen konnten.\nDas schafft also auch reale Werte. Aber eigentlich ist CERN und jeder andere Teilchenbeschleuniger nur gebaut worden, weil wir eine relativistische Quantenfeldtheorie, eine Grand Unified Theory, haben wollen. Weil wir nicht wissen, wieviel GeV das Higgs hat.\nkikka\u0026gt; Okay. :) Giga-Elektronenvolt, nehme ich an.\nIsotopp\u0026gt; Das war in etwa das, was man als Laie und ohne Mathe vom Universum im Grossen und im Kleinen wissen kann.\nkikka\u0026gt; wie fein :)\nIsotopp\u0026gt; Und wenn man nicht noch mal einen Wikipedia-Dive machen will.\nkikka\u0026gt; Ja. :) .oO(Man, bin ich froh letztes Jahr gewechselt zu haben, jetzt ist das sehr viel härter.)\nIsotopp\u0026gt; Mit Mathe wirds dann Unistoff.\nkikka\u0026gt; brrr.\nIsotopp\u0026gt; Du siehst, wieso ich meine, man hat da leicht Stoff für ein Referat von ein paar Stunden, auch ohne Vorbereitung. Die Frage, die Dein Physiklehrer da gestellt hat, ist nämlich am Ende die Frage nach dem Leben, dem Universum und dem ganzen Rest.\nkikka\u0026gt; Ich denke nicht, dass er das beabsichtigt hat. Naja, nochmal danke. Und gute Nacht!\nIsotopp\u0026gt; Jetzt muss jemand dieses IRC Protokoll nur noch aufbereiten und bloggern.\n","date":"2008-09-18T00:00:00Z","href":"https://blog.koehntopp.info/2008/09/18/kernphysik-mit-kikka.html","tags":["erklaerbaer","physik","schulung","lang_de"],"title":"Kernphysik mit Kikka"},{"categories":null,"content":" Scenes from the Amsterdam Office: Dennis, the maintainer of the local BOFH mailing list, performing helpdesk duty.\nSupport Tool\n","date":"2008-09-18T00:00:00Z","href":"https://blog.koehntopp.info/2008/09/18/the-clue-bat.html","tags":["devops","amsterdam","berlin","lang_de"],"title":"The Clue Bat"},{"categories":null,"content":" Ich ziehe um. Das hoffentlich letzte Mal in meinem Leben. Dazu brauche ich jedoch fleißige Helfer. Am Sonntag, dem 21. September 2008, werden wir ab 8 Uhr morgens in der Immanuelkirchstraße 18 (S-Bahn Alex oder Greifswalder Straße, dann Tram M4 bis Hufelandstraße) frühstücken und packen. Gegen Mittag wollen wir den Kram auf einen Laster laden und in die Wenckebachstraße 2 (U6, Kaiserin Augusta Straße) fahren. Dort soll das Zeug dann hochgetragen werden und dann gibt es lecker Chili und ein bis zehn Bier.\nIch bin auf der bekannten Handynummer zu erreichen. Wer mag helfen?\n","date":"2008-09-17T00:00:00Z","href":"https://blog.koehntopp.info/2008/09/17/umzug-mal-wieder.html","tags":["berlin","umzug","lang_de"],"title":"Umzug, mal wieder"},{"categories":null,"content":"Gestohlene Datensätze von PwC missbraucht titelt Heise. Das Problem dahinter ist sehr weit verbreitet und in Firmen schwer zu bekämpfen:\nDie große Zahl der Daten kam offenbar zustande, weil PwC die Bewerberdaten aus vergangenen Jahren auch bei längst abgeschlossenen Verfahren aufbewahrt hatte.\nIch weiß aus eigener Erfahrung, daß es unsagbar schwer ist in Firmen Prozesse zur Datenlöschung aufzusetzen. Dabei spielt es nur eine untergeordnete Rolle, ob eine solche Löschung gesetzlich gefordert ist, beschlossen wurde oder sinnvoll ist.\nDerjenige Mitarbeiter, der am Ende die Sache ausführen soll neigt sehr oft dazu, die Daten nicht zu löschen, sondern aus dem System zu nehmen und irgendwo hin zu kopieren. \u0026ldquo;Irgendwo\u0026rdquo; ist dabei auch oft ein Ort, der schlechter verschlüsselt und geschützt ist als der vorhergehende Speicherort - ein Band, ein Stick oder eine Diskette, die danach in der Schublade des betreffenden Mitarbeiters liegt. Kann ja sein, daß die Daten doch noch mal gebraucht werden. Typischerweise werden die Daten dann mit dem Schreibtisch zusammen irgendwann einmal mit verkauft. Oder vorher herausgenommen werden und dem Sohnemann aus der Firma mitgebracht: \u0026ldquo;Hier, der Stick war über.\u0026rdquo;\nAus irgendeinem Grund sind Firmen Strukturen die das Vergessen sehr schwierig machen. Es braucht schon eine ganze Menge individueller Energie in einer solchen Institution, damit eine solche Löschaktion auch tatsächlich dazu führt, daß Daten gelöscht sind.\nDie Story auf dem Heise Newsticker hat noch einen weiteren Aspekt:\nUm auf Konten bei den genannten Zahlungsdienstleister zuzugreifen, probierten die Kriminellen laut WISO einfach E-Mail-Adressen und Passwörter durch. Ein Schutzmechanismus gegen Brute-Force- und ähnliche automatisierte Angriffe etwa bei Moneybookers wurde dabei umgangen. Nach Meinung von Wiso gingen die Angreifer davon aus, dass viele Internet-Nutzer für verschiedene Dienste dieselbe Kombination aus E-Mail-Adresse und Passwort benutzen.\nDas ist ein sehr gängiges Problem. Jedes Mal, wenn zum Beispiel eine Phishing-Welle über eBay hinweg gerollt ist, war danach ein hohes Aufkommen von gestohlenen web.de und GMX-Accounts in diversen Viren festzustellen. Viren wie die Sober-Reihe hatten seinerzeit im Schnitt um die 800 bis 1200 gestohlene Username/Passwort-Kombinationen im Bauch, um die Authentisierungsmechanismen der Mail-Engines aller großen deutschen Provider zu umgehen.\nDie Mailadressen zu den Accounts findet man, indem man sich mit einem abgephischten eBay-Usernamen und Passwort bei ebay einloggt und die Mailadresse ausliest. Mit dieser Adresse und dem eBay-Passwort versucht der Bot sich dann bei dem betreffenden Freemailer einzuloggen. Oft genug gelingt das - der Bot meldet das Paar dann als validiert an seinen Herrn, der die Daten für die nächste Virenwelle missbrauchen kann. Der Geschädigte ist so nicht nur seinen ebay-Account, sondern auch seine Mail los, denn der Account ist dann natürlich verbrannt und unzugänglich.\n","date":"2008-09-09T00:00:00Z","href":"https://blog.koehntopp.info/2008/09/09/daten-loeschen-verschluesseln-diversifizieren.html","tags":["privacy","identity","security","lang_de"],"title":"Daten - löschen, verschlüsseln, diversifizieren"},{"categories":null,"content":" Auf dem letzten CCC gab es einen ziemlich schlechten Vortrag zum Thema Cyborgs . Jedenfalls fand ich die These \u0026ldquo;Wir sind alle Cyborgs, weil wir jeden Tag technische Hilfsmittel benutzen\u0026rdquo; ziemlich affig und so nicht haltbar. Schließlich geht es bei einem Cyborg um die Integration von Technik und Organik in einem symbiotischen Organismus.\nAuf der anderen Seite war hier im Haushalt am letzten Donnerstag das CPE der DSL-Leitung kaputt gegangen und unser Haushalts-Server aus dem Netz gekippt.\nIn Folge waren wir beide Haushaltsinsassen bis zum Eintreffen eines Ersatzgerätes auf UMTS reduziert und ich habe bemerkt, wie sehr sich mein Leben inzwischen um die ständige Verfügbarkeit von Bandbreite und CPU gruppiert. Nicht nur, daß das Arbeiten von zu Hause einigermaßen anstrengend ist, Mail nicht richtig geht und ich aus den diversen IM-Netzen kippe.\nAuch mein Freizeitverhalten ist betroffen: Ich meine, ich kann nicht mal fernsehen, wenn ich nicht nebenbei meinen Laptop auf dem Schoß habe und ich Wikipedia, IMDB und Google benutzen kann, um Informationen aus der Glotze um das übliche Hintergrundrauschen von Tiefeninformation zu ergänzen.\nUnd ich kann mich Leuten, mit denen ich mich unterhalte, nicht richtig mitteilen, wenn ich an die URLs nicht komme, mit denen ich sie bewerfen will, um Kontext herzustellen. Oder wenn ich den Kontakt zu den Menschen, die mir wichtig sind, nicht halten kann, weil nicht genug Netz da ist, um sie zu erreichen.\nInsofern: Manche würden es Internetsüchtig nennen, aber das ist eine Verkennung der Tatsachen. Ich bin ein Cyborg. Ohne das Netz bin ich ein beschränkteres, kleineres und weniger mächtiges Wesen, alleine und einsam gefangen in den toten, offlinen Wänden meines Heims. Vielleicht ist an einigen Aspekten von diesem Cyborg-Vortrag doch mehr dran, als der Schwall nebulösen Gelabers dort vermuten läßt. Ich muß mir den Stream noch mal runter laden und in Ruhe ansehen.\nGleich mal den Torrent anwerfen. Das Netz geht ja wieder.\n","date":"2008-08-29T00:00:00Z","href":"https://blog.koehntopp.info/2008/08/29/cyborg.html","tags":["cyborg","hack","internet","lang_de"],"title":"Cyborg"},{"categories":null,"content":" 13. August 1961 bis zum 9. November 1989 (Foto: Thomas Roessler , August 1989)\nWas so ein paar hingeworfene Kissen alles ausmachen! (Wikipedia )\n","date":"2008-08-13T00:00:00Z","href":"https://blog.koehntopp.info/2008/08/13/berliner-mauer.html","tags":["berlin","politik","lang_de"],"title":"Berliner Mauer"},{"categories":null,"content":" Image: Dwizzy on Flickr\nZwei Artikel im Folge im Blog von Bruce Schneier, und beide haben mit Karten und Sicherheit zu tun. In Hacking MiFare Transport Cards kommentiert Schneier die Gruppe der Radboud University Nijmegen, die die Sicherheitssysteme der MiFare Classic Karte von NXP überwunden hat. NXP hat versucht, gegen die Veröffentlichung der Papers zu klagen, die diese Fehler der MiFare beschreiben, hat aber den Prozess verloren. Der Richter urteilte:\nDamage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings.\nIn einem zweiten Artikel UK Electronic Passport Cloned geht es um den Pass mit Chip, der in England ausgegeben werden soll, ähnlich dem biometrischen Pass und Personalausweis in Deutschland. Die Times hat sich von einem Sicherheitsspezialisten zwei Pässe clonen und die darin enthaltenen Bilder ersetzen lassen.\nMan fragt sich natürlich, was die Hersteller solcher Geräte die ganze Zeit tun, wenn sich ihre Karten und Chips so schnell knacken lassen und so hilflos gegen Angriffe sind. Der Fehler ist aber nur zum Teil bei den Herstellern zu suchen, es handelt sich vielmehr um ein tiefer liegendes Problem, und zwar um ein Verständnisproblem bei den Leuten, die sich für solche Systeme entscheiden.\nEine Chipkarte ist ein Single Chip Computer, der Sicherheit gewährleisten soll. Dazu hat dieser Single Chip Computer eine CPU, ein wenig Speicher und ein wenig Kryptologik an Bord. All das wird in eine Plastikkarte eingebettet.\nDer Chip hat keine eigene Stromversorgung, er hat keine Peripheriegeräte wie Display oder Tastatur, sondern im günstigsten Fall 2-6 Kontakte nach draußen, im ungünstigsten Fall eine Drahtschlinge als Antenne zur Stromversorgung und zum Senden und Empfangen von Daten. Diesen Chip in seiner Plastikverpackung gibt man dann dem Angreifer in die Hand und lässt diesen mit dem Gerät einige Tage, Wochen oder Monate lang allein.\nAngriffe auf solche Chips gibt es viele. Einige Leute legen solche Chips zum Beispiel routinemäßig aus ihrer Plastik- oder Chipverpackung frei und durchleuchten sie dann mit einem Raster-Elektronenmikroskop oder anderen Untersuchungsmethoden. Aus dem Layout der Leiterbahnen kann man Fehler im Chipdesign oder Hintertüren erkennen oder Angriffsmethoden ableiten.\nMan kann sich auch auf die Stromversorgung des Chips klemmen und so auf geheime Daten rückschließen, die eigentlich nicht extrahierbar auf dem Chip gespeichert sind. Je nachdem wie die Daten auf dem Chip gespeichert sind und verarbeitet werden kann man aus dem Stromverbrauch des Chips auf Nullen oder Einsen in einem Bitmuster schließen, daß etwa einen geheimen Schlüssel darstellt, der den Chip nie verlassen sollte.\nAndere Angriffe bestehen darin, daß man den Chip auf so einer Karte mit unsauberer oder unzureichender Betriebsspannung versorgt, und zwar gerade so, daß der Chip funktioniert, aber nicht zuverlässig. Es kommt bei Rechnungen zu Bitkippern oder anderen seltsamen Ungereimtheiten, weil zur Verfügung stehende Leistung böswillig so manipuliert oder moduliert wird, daß man eigentlich unlogische Ergebnisse bekommt. Einige Chips versuchen sich gegen solche Angriffe zu schützen, etwa indem sie dieselbe Berechnung dreimal ausführen und dann die Ergebnisse vergleichen. Bei korrekter Funktion des Chips kommt natürlich immer dasselbe raus, kommt es jedoch wegen Unterversorgung des Chips zu zufälligen Bitkippern, sind die Ergebnisse nicht identisch (und der Chip schaltet sich ab).\nBei allen Chipkarten - mit oder ohne Kontakte - kommt dazu, daß sie keine vertrauenswürdige Peripherie haben, also nicht wissen, ob sie mit einem legitimen Terminal oder einem Angreifer reden, ebenso wie anders herum das Terminal nicht wissen kann, ob es mit einer legitimen Karte oder einem Angreifer redet. Karte und Terminal müssen sich also gegenseitig authentisieren und legitimieren. Bei drahtlos kommunizierenden Karten kommt noch dazu, daß Dritte die Kommunikation zwischen Karte und Lesegerät unter Umständen mithören und daraus gewonnene Information für Angriffe ausnutzen können.\nChipkarten sollen nun außerdem noch in großer Stückzahl hergestellt werden. Das bedeutet, sie sind wahrscheinlich ab Werk identisch und werden später erst personalisiert (Angreifer können möglicherweise also über unpersonalisierte Blanko-Exemplare verfügen und diese dann später so personalisieren, daß sie Duplikate existierender Karten sind). Und das bedeutet auch, die Karten müssen sehr preisgünstig hergestellt werden: Da der Anzahl-Multiplikator in die Millionen gehen kann, zählt jeder Cent-Bruchteil Ersparnis.\nKurz: Wenn man ein Angreifermodell für eine Sicherheitsanalyse konstruieren sollte, das für den Verteidiger möglichst pessimal ist, dann kommt etwas heraus, das einer kontaktlosen Chipkarte und ihrem typischen Benutzungsumfeld sehr, sehr ähnlich ist.\nFür Fahrkarten mag das vielleicht ausreichend sein, für Zugangskontrolle eher nicht. Für Ausweise? Öh. Da wäre man schon sehr dämlich von einer Industrielobby gekauft, wenn man sich als Staat für so etwas entschiede. Ich erwarte jedenfalls aufgrund der Verteidigungssituation in diesem Szenario nicht, daß irgendeiner dieser Chip für nennenswerte Zeit einem Angriff standhält. Nein, auch nicht die in meinem Pass und Perso.\nUpdate: Natürlich gibt es gegen jeden Einzelnen dieser bekannten Angriffe Gegenmaßnahmen - Metallschichten auf dem Chip, Mehrfachberechnungen zur Erkennung versorgungsbedingter Fehlfunktionen, Codegestaltung so, daß immer gleich viel Power verbraucht wird, Kryptoprotokolle zwischen Terminal und Karte. Alle diese Dinge machen jedoch die Karte stromhungriger, langsamer und vor allen Dingen teurer und stehen einer Massenproduktion damit entgegen. Viele der Fehler entwerten außerdem nicht eine Karte, sondern das System - das mit vielen Millionen Karten im missionskritischen Einsatz ein sehr empfindlicher Totalverlust ist, wenn die Sicherheit des Systems und nicht die einer Karte versagen sollte.\nDarum ja auch die etwas hysterische Reaktion von NXP.\n","date":"2008-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2008/08/11/sicherheit-von-chipkarten.html","tags":["identity","security","lang_de"],"title":"Sicherheit von Chipkarten"},{"categories":null,"content":"In Yahoo! Music going dark, taking keys with it . heißt es:\nThe bad dream of DRM continues. Yahoo e-mailed its Yahoo! Music Store customers yesterday, telling them it will be closing for good—and the company will take its DRM license key servers offline on September 30, 2008…\nOnce the Yahoo store goes down and the key servers go offline, existing tracks cannot be authorized to play on new computers. Instead, Yahoo recommends the old, lame, and lossy workaround of burning the files to CD, then reripping them onto the computer.\nSure, you\u0026rsquo;ll lose a bunch of blank CDs, sound quality, and all the metadata, but that\u0026rsquo;s a small price to pay for the privilege of being able to listen to that music you lawfully acquired.\nGood thing you didn\u0026rsquo;t download it illegally or just buy it on CD!\n","date":"2008-07-25T00:00:00Z","href":"https://blog.koehntopp.info/2008/07/25/yahoo-schaltet-yahoo-music-ab.html","tags":["media","musik","lang_de"],"title":"Yahoo! schaltet Yahoo Music ab"},{"categories":null,"content":"(Update: 2020-06-19 Russian version contributed by Vladimir Htr)\nMany years ago, late in 1999, I was involved in the creation of de.comp.lang.php, a USENET newsgroup. Since the group was new I began a personal experiment to influence the communication culture of an open USENET group .\nThat went on for four to five year, out of which I have been actively involved for two years, earning good Karma . But unfortunately http://www.php-faq.de/ is now dead (or outdated and inactive).\nOn my disk there was an old text, unpublished for many years, about the concept behind the engagement. I will just post it here, because the strategy might be salvaged and could be applied elsewhere to similarly structured environments. Other environments need different strategies, as shown in my talk about Flames . Some things shown below I would present differently today, but the core is solid. Maybe it is useful to someone?\nUplift or A Process to Create Useful USENET Newsgroups by Kristian Köhntopp\nwith apologies to David Brin\nUSENET is generally considered a medium with much noise and little useful content. The claim is that the natural state of a USENET newsgroup is the flamewar and that exceptions are rare and generally not worth bothering.\nThis article tries to establish that this observation need not be true and presents the process of \u0026ldquo;Uplift\u0026rdquo; by which a newsgroup having \u0026ldquo;Potential\u0026rdquo; can slowly be turned into a useful support forum with mostly intelligent discussions and with procedures to stabilize that state to some extent. The Uplift process has been tested over the period of one year with the german language newsgroup de.comp.lang.php (3800 articles/month in September; 22500 articles overall until now).\nNewsgroup history and some past experiences de.comp.lang.php was created 01-Jan-2000 by vote of the german USENET community.\nThe RfD and CfV processes have been initiated by me because I saw a rising number of PHP related messages in the german Linux newsgroups. Also, I was subscribed to the german PHP mailing list (http://www.php-center.de/php-de/ ) and I was generally dissatisfied with the content and form of the forum. High volume mailing lists are generally crude to manage and read and mail2news gateways are only a substitute for the real thing.\nOn the other hand, the german Linux newsgroups were in a state of disarray and displayed all the worst characteristics attributed to newsgroups in general:\nNewbies were coming into the group and asked the same questions over and over, sometimes multiple times a day. Regulars were fleeing the group, showing strong signs of burnout. Flamewars were the rule, sometimes encouraged by regulars with burnout symptoms which had not fled the group, yet. Because there was no group culture (except the default culture of flaming) and because the groups had no memory, discussions in the group entered a vicious cycle and did not improve nor shift topic. All action in the groups converged on flaming. The goals for de.comp.lang.php PHP is the most popular installed Apache module by far, and traffic on the german mailing list as well as the support for the RfD showed that a newsgroup on PHP would be a real success and become high-traffic within a year.\nMy goal was to prove the german Linux burnouts wrong, and demonstrate that a newsgroup can be manipulated into being a mostly useful and friendly discussion forum within four months, by giving helpful answers in a friendly and helpful style.\nAdditionally, the group should create a number of regulars interested into the group being useful within eight months. These regulars should ideally copy the friendly and helpful style, distributing load between each other and setting an example for newbies and regulars-to-be.\nFinally, the group should be self-sustaining within twelve months after inception. That is, there should be an established Uplift path for regulars showing true Potential to become FAQ maintainers and active contributors to the group culture. Ideally, after that year there would be little need for myself to meddle with the groups sociodynamics. Also, the group would then be ripe for split due to high traffic volume and the groups concept would then be proven and could be applied to other groups as well.\nA few simple building blocks Central to the establishment of a group culture is the ability to remember past discussions and their results. Without memory there is no past, and without a past there can be no communal traditions and culture. The fundamental building blocks of newsgroup Uplift are therefore the creation of \u0026ldquo;The Library \u0026rdquo; and a process to spread its knowledge widely.\nIn the context of a USENET newsgroup, The Library is a frequently asked questions document, which must be seeded initially over the period of two or three months with the most needed knowledge.\nIdeally, the FAQ is fat. That is, it does not only cover truly frequent questions, but also provides all background information needed to properly handle and understand that frequently requested information. The strategy is to get Clients reading and keep them reading, feeding them not only solutions to the immediate problems, but also feed them parts of the larger picture as well as basic USENET traditions and rules.\nThis is necessary, because a client coming into the newsgroup with a PHP related problem most of the time has other problems as well, such as a lack of basic USENET etiquette and a lack in writing or debugging skills, preventing the Client to state the problem in a correct or efficient way. One of the first steps in the Uplift process must be to give the Client speech, that is, to teach Clients essentials such as proper quoting behaviour, realname policies, writing style, HTML and vCard policies and similar stuff. Only with such knowledge the Client can integrate into the USENET society and become a useful netizen.\nOf course, a client coming into the newsgroup with an immediate problem wants to hear solutions to that particular problem and is not interested in being force-fed obscure traditions and customs. In order to overcome this learning block, the immediate problem of the Client must be solved quickly and to the point. If such a solution is being delivered in an answer posting, though, the Client usually is receptive and can be fed one or two bits of additional knowledge and culture as well. If this information is being kept in the same document as the answer to the Clients\u0026rsquo; problem as well, it will be accepted even easier by that Client. Thus, a fat FAQ is a great help in the Uplift process.\nOf course, a vast and fat FAQ is no target to point a client to. The client has an immediate problem and needs help urgently. Thus, a reference to The Library should always be specific in nature, pointing the Client to the properly phrased question, and containing the full URL of the answer. If the question and the answer do not match the specific question of the Client in full, it should be accompanied by some additional sentences of explanation, showing the Client how to modify the Library provided answer in order to be useful.\nOn the other hand, it is okay if the answer is not a perfect fit, especially if the Client has already moved somewhat along the path of Uplift. We want to create future Patrons assisting us in the Uplift of new Clients and contributing to the FAQ, and this requires these future Patrons to be able to work out solutions by themselves.\nIn de.comp.lang.php, the FAQ is kept at http://www.php-faq.de/ , and FAQ references often have the form of\n1.16. Wie verweise ich auf die FAQ?http://www.php-faq.de/q/q-newsgroup-faqreferenz.html\naccompanied by some additional lines of explanation. This form of reference to FAQ-able questions has been established very early after the creation of the newsgroup, and has been adopted by almost all contributors to the group with Patron capabilities.\nOpening the culture for self-sustenance The initial FAQ was copyrighted by me. Although that FAQ was available by CVS, and was written in an open format (LinuxDoc at that time), there was little interest of potential contributors to add to the FAQ. The initial problem was that some people tried to take the FAQ\u0026rsquo;s content and wanted to edit and republish it for their gain, and that I made it very clear that this was not acceptable by writing large COPYRIGHT notices all over the text. Potential contributors had no interest to contribute to a text that was clearly marked as the exclusive property of someone else. On the other hand I did not want to give text away for uncontrolled republication and modification.\nIt took me four months to recognize that problem and to resolve it satisfactorily. The license of the FAQ was changed at that time, and the text is now available under the Open Publication License (http://www.opencontent.org/openpub/ ), which was found to balance all interests well enough to become accepted.\nAlso, a mailing list was created to deliver FAQ commit messages and other important events and to provide a forum for discussion that is more private that the newsgroup itself. Thus, maintenance load is distributed between all interested parties, preventing early burnout.\nAfter the creation of the group, several problems arose which were not sufficiently covered by the initial charta of the group. Such problems were for example the handling of posted job offers within the group, or how to deal with rapidly recurring on-topic questions of little value to regulars such as \u0026ldquo;Which provider/editor/operating system can be recommended?\u0026rdquo;.\nIt was important for the creation of a group culture that these problems were resolved by a straw poll of the groups users themselves in order to create a \u0026ldquo;we-experience\u0026rdquo;. Also, it was important to let the users first experience the problem themselves before having them vote on it, because common suffering enhances such \u0026ldquo;we-experiences\u0026rdquo;. On the other hand, such resolutions must be found before the problem becomes so pressing that it inhibits normal operation of the group. And finally, there should not be to many such straw polls in rapid succession, in order to keep the audience interested and in order to keep meta-discussions low.\nThe straw polls were held at a rate of at most one per month, and the alternatives were formulated as neutral as necessary for them to be accepted. Still they were presented from a \u0026ldquo;Patron\u0026rdquo; point of view, by subtly highlighting the possible consequences of this or that decision where necessary. The outcome of the straw polls was documented in the first chapter of the FAQ, along with descriptions of acceptable behaviour around these topics and pointers to alternative or additional resources.\nThis works reasonably well: 2 out of 3 atavistic throwbacks are usually quickly terminated by pointing the Client to the proper FAQ article handling such topics as provider recommendations, editor comparisons or language advocacy.\nJob postings are usually not handled this way, because they are by nature hit-and-run events in which a company drops a shower of job offers in a number of newsgroups without caring about local group culture. Instead, these matters are usually resolved by a mail to their given contact address quoting the relevant FAQ article.\nThe article contains enough acid to drive to point home without being outright unfriendly. In order to save duplicate work and prevent the offender from being harassed by multiple community members, it is an emerging tradition to copy such letters to the german-faq mailing list enabling the contributing regulars to synchronize their activities. It is also great fun to share the answers, improving the \u0026ldquo;we-experience\u0026rdquo; once more.\nWe have yet to see second-time offenders.\nWhy does it work? For Patrons, The Library makes it much easier to create useful answers by referencing the FAQ than to write an intelligent flame. Once this is understood by a contributing regular, the default stress reaction shifts from flaming to writing short and constructive articles containing pointers to the relevant information. This greatly improves the morale within the newsgroup, as flaming creates more flaming.\nFor Clients, reading the provided FAQ reference is easier than to go at it again in a followup posting. Asking followup questions is more work and has a higher round-trip-time than simply reading on and learning something. As long as the FAQ anticipates the next question along the path and provides stuff that is easily understandable and properly documented, the Client will not ask again but try to achieve something alone. This enhances the Clients' ability to work independently, Uplifting it further. It also cuts down on the total number of posts to the group, lightening the load for the contributors of answers.\nAlso, FAQ solutions are tried and tested, have proper error handling and are commented, making them more valuable than on-the-fly creations, thus the Client will come to prefer FAQ quality answers over newsgroup quality answers. It will turn to the FAQ immediately next time a problem arises, becoming somewhat dependent on that information source.\nWriting FAQ pointers is a cheap way to gather Patron status for regulars, as all components are available ready-made and need only deployment and slight customization. Thus, even some recently Uplifted Client can begin to gather Patron reputation by becoming a contributor of answers to the group. This enables older Patrons to move on and perhaps become FAQ committers.\nPatrons becoming dependent on the library feel a growing desire to contribute to The Library as soon as they hit holes multiple times when writing answers. They feel that their business becomes significantly more difficult in areas not covered by the FAQ, and start committing new answers or even new chapters. Since all articles in the FAQ bear the name of the Patron who created it, adding to the FAQ is a way to gain status more permanently than by writing newsgroup articles: Unlike newsgroup answers which expire quickly, FAQ contributions tend to stay and keep the Patrons name in the light for a much longer time.\nThis effectively creates two processes:\nOne process takes answers and threads from the newsgroup and compresses them to reusable, tested and tried articles. Context-dependent information from a USENET thread, loosely distributed over multiple articles, becomes context-independent, is peer reviewed and available in the much tighter format of a FAQ article. This process improves information.\nThe second process is the process of Uplift, which educates contributors to the group in USENET etiquette as well as in matters covered by the groups' charta, by turning them from Clients asking questions into Patrons providing answers or even Senior Patrons contributing to the content of the FAQ. This process improves people.\nDealing with Atavism USENET is showered with a constant rain of newbies. Usually, big loads of newbies in a short time lead to group degeneration, spontaneous topic combustion (\u0026ldquo;flamewars\u0026rdquo;) and loss of directed discussion activity at group level. This phenomenon is called \u0026ldquo;September \u0026rdquo; because before 1993 the month of September was the time when new students at the Universities hit the network.\nThe Uplift process provides means to newsgroup regulars to deal with a larger number of newbies successfully, avoiding burnout and flamewars. Uplifting converts newbies into useful netizens faster than usual, too, and uses these fresh converts to deal with even newer newbies if applied successfully.\nEven with an Uplift process in place, a newsgroup may experience occasional atavistic throws. This is usually the case when a Patron experiences burnout, and lets himself go publicly. Often this is provoked by a particularly clueless newbie posting, or an outright flame.\nTo deal with atavism and have it not ruin the groups\u0026rsquo; climate, it is important to encourage Patrons to take their grievances to mail. This can be done by using the FAQ maintenance mailing list, or by encouraging the Patron to flame a newbie by mail and copy the flame to the FAQ maintenance mailing list for the enjoyments of the others (and to inform than that this particular case has been already taken care of). The german FAQ contains a section titled\n1.12 Warum bekomme ich Ermahnungsmails, wenn ich Autoren in der Gruppe auf Netiquetteverstöße aufmerksam mache?\n\u0026ldquo;Why do I get reminder mails, when I remind people publicly of netiquette violations?\u0026rdquo;\nand this one is listed BEFORE\n1.13 Warum bekomme ich Ermahnungsmails?\n\u0026ldquo;Why am I mailed with netiquette reminders?\u0026rdquo;\nIt is not acceptable for a Patron to display behaviour which cannot be tolerated in Clients, and besides it does not help on-topic discussion in the group if meta-discussion swamps the forum.\nThe full answer to question 1.12 is (translated from German):\n\u0026ldquo;You are completely right: Some authors in this group violate the netiquette as posted to de.newusers.infos, for example by posting without a realname, by using invalid reply addresses or by posting HTML or vCards. You need not tolerate this. In newsgroups, tone is as important as content, though. The regulars of de.comp.lang.php are proud of the friendly and helpful tone in their newsgroup. So if you want to remind another author to keep to the netiquette, please do this by mail and not in public. The very netiquette you are trying to enforce requires this - you cannot validly demand conformity with this convention, and at the same time violate it yourself without losing credibility. Please: Keep your tone friendly in your mail as well. You are easier understood this way, and it is more likely that you complete your mission this way. If you believe that your article must be posted in public, for example in order to forward discussion to another newsgroup, or because the mail address given is invalid, or because the author in question has not been cooperative in mail: Please keep your article friendly and constructive. That is: Answer the question of the offender or offer a solution to his problem as good as possible. Only after that remind him about the netiquette. If you cannot contribute to the original problem, do not post or write mail. You are not alone in this group, and you do not need to save the world alone. Somebody else who knows the proper answer will write a public reply and probably will remind the original author of proper behaviour.\u0026rdquo;\nThis take-it-to-mail policy has been in force since beginning of March 2000, and has been enforced several times since then between the regulars and by themselves. Obviously the regulars in this group like the climate and tone of their group and accept the offered conflict resolution solution as a viable mode to deal with the problem and with offenders. Flamewars seldom last for more than a day or two, if they happen at all.\nIt is important for the users of the newsgroup to learn how to deal with flames properly, taking them as failed attempts to communicate instead of insults, and coolly pointing the offender to the relevant resources to help him state his problem correctly. The answer to 1.13 translates as follows:\n\u0026ldquo;Not only in de.comp.lang.php, but in most other German newsgroups you will be reminded of proper behaviour in newsgroups, if you post without a proper realname, with an invalid return address, send unwanted advertisements, post HTML or vCards, or post offtopic on purpose. The oldtimers and regulars of USENET did not come up with their rules and traditions for nothing. USENET has been in existence for some tens of years, and the rules of communication on USENET have been proven in over this time. There is an introduction in de.newusers.infos titled \u0026lsquo;Why should I stick to the rules?\u0026rsquo; explaining why things are as they are and how they came to be. If you want results from posting to de.comp.lang.php, that is, if you expect technical help with PHP, you are well advised to watch the outer form of your text and honor our traditions.\u0026rdquo;\nThese two texts are usually sufficient to calm down the offender and the flaming Patron and to tie them into one or two mail exchanges discussion their behavior and offering counseling. Having shared the experience and providing hints to deal with frustration is helpful.\nSometimes productive behaviour emerges from such a mail exchange, making this counseling rewarding for the person sending the mail. For example the formerly flaming Patron may become motivated to work on the FAQ, or take up another project which he believes would help him to compensate his anger. The publicly visible component of the flamewar is usually silenced immediately after the mail exchange starts, with sometimes some erroneous postings by third parties coming in late.\nLessons Learned It is possible to take control of the content and the traditions of a USENET newsgroup for an extended amount of time, if the perceived change for the majority of the regulars is a change for the better.\n_The tools for affecting the change are the creation of a recorded tradition by the creation of a FAQ, making proper and improper behavioral standards explicit and addressable for reference in a discussion, and a specific procedure for teaching these standards to newcomers. This specific procedure involves taking the newcomers\u0026rsquo; problem seriously, solving it and pushing additional corrective information with that answer in a non-offensive and non-degrading way at the newcomer.\n","date":"2008-07-23T00:00:00Z","href":"https://blog.koehntopp.info/2008/07/23/inhaltliche-und-kulturelle-steuerung-von-foren.html","tags":["community","publication","usenet","lang_en"],"title":"Inhaltliche und kulturelle Steuerung von Foren"},{"categories":null,"content":"Ein paar Arbeitsnotizen für unsere etwas orientierungslosen Europapolitiker:\nEine Verfassung hat eher 30 als 3000 Seiten. Wenn 3000 Seiten gebraucht werden, ist es besser, keine Verfassung zu haben und so lange an anderen Dingen weiterzuarbeiten, bis man mit 30 Seiten hinkommt. Eine Verfassung hat keine Ausnahmen. Wenn einzelne Gebiete Ausnahmen und Sonderregelungen brauchen, dann ist es besser, keine Verfassung zu haben und so lange an anderen Dingen weiterzuarbeiten, bis man ohne solche Ausnahmen hinkommt. Eine Verfassung wird vom Volk beschlossen und getragen. Wenn absehbar ist, daß das Volk die Verfassung wegen ihrer Länge und Komplexität nicht verstehen kann und deswegen aus Prinzip ablehnen wird, ist der Verfassung kaputt und nicht das Volk. Update: Ähnlich auch in der Zeit .\n","date":"2008-06-17T00:00:00Z","href":"https://blog.koehntopp.info/2008/06/17/eine-verfassung.html","tags":["politik","lang_de"],"title":"Eine Verfassung"},{"categories":null,"content":"In Die Wikipediatisierung des Wissens gibt es einen weiteren Artikel, der versucht, das Phänomen Wikipedia und nicht auf Code basierende Open Source Strukturen zu analysieren. Der Artikel verwendet das übliche Angstvokabular, das sich auch in vergleichbaren Artikel im Spiegel oder der Süddeutschen Zeitung findet:\nDie entscheidende Frage ist: Ist die beeindruckende statistische Progression von Wikipedia auch eine kulturelle Revolution oder zumindest ihr Vorbote? Oder ist sie ein Teil der Informations-Versklavung und Wissens-Nivellierung im Zeitalter der allgemeinen Datenexplosion?\nMan beachte die Wortwahl: \u0026ldquo;Revolution\u0026rdquo;, \u0026ldquo;Versklavung\u0026rdquo;, \u0026ldquo;Nivellierung\u0026rdquo;, \u0026ldquo;Explosion\u0026rdquo;. Dem kann ich nur einen Erikativ entgegen setzen: seufz.\nKlar kann man an der Wikipedia rum kritisieren, und in ihr - wie in Artikeln in traditionellen Medien üblich - den Untergang des Abendlandes sehen. Oder wie in dem verlinkten Telepolis-Artikel aus den nationalen Unterschieden und der wechselnden Qualität metaphysische Volksseelenbefindlichkeiten zu extrahieren.\nAber das alles ist meiner Ansicht nach gar nicht der wesentliche Punkt. Wikipedia ist für Lexika wie Linux für Betriebssysteme in gewisser Weise definitiv. Nicht definitiv in dem Sinne, daß es der Weisheit letzter Schluss ist, sondern definitiv in dem Sinne, daß es für einen bestimmten Markt das untere Ende der Messlatte festlegt. Jedes kommerzielle Produkt muss sich an seiner frei verfügbaren Variante messen lassen und die positiven Eigenschaften des frei verfügbaren Produktes nicht nur erreichen, sondern auch noch so viele weitere Eigenschaften haben, daß es dem Kunden das Ausgeben von Geld wert ist.\nDas ist spannend, denn es kann dazu kommen, daß das freie Produkt den Markt komplett verschließt - es gibt keine essenziellen Probleme mehr, die von einem kommerziellen Produkt gelöst werden, aber vom frei verfügbaren Produkt nicht. Ein kommerzielles Produkt, das nur Nice-To-Have Eigenschaften liefert, aber nichts Essenzielles, hat enorme Schwierigkeiten am Markt seinen Preis zu rechtfertigen. Aber siehe das Apple-Korollar: Design und Usability sind essenzielle Eigenschaften!\nEs ist auch spannend, weil ein freies Produkt den Markt so dominieren kann, daß es nicht mehr ausreichend ist, die Eigenschaften des freien Produktes mit dem eigenen Produkt nachzubauen. Stattdessen muss plötzlich Kompatibilität hergestellt werden. Ein Beispiel hierfür ist Linux - sowohl AIX als auch Solaris haben Umgebungen, in denen sie Linux-API und Linux-Dateisystemlayout simulieren, damit Linux-Anwendungen auch in deren Umgebungen ausführbar werden.\nEin weiteres Beispiel hierfür ist das Perl, das in Solaris mitgeliefert wird, und das unbrauchbar ist, weil es mit dem Sun-Compiler gebaut worden ist, der zum GCC subtil inkompatibel ist. Aus verschiedenen Gründen gibt es eine ganze Menge Leute, die unter Solaris mit dem GCC arbeiten oder arbeiten müssen, und die daher ihr Perl erst einmal neu bauen müssen, damit sie mit dem GCC gebaute Perl-XS Erweiterungen stabil zum Laufen bekommen können.\nAllgemeiner gesagt legt das frei verfügbare Produkt eine Markteintrittsschranke fest, weil das freie Produkt definiert, was sowieso schon jeder weiß (Wikipedia) oder kann (Open-Source-Software), sodass das betreffende Wissen oder die betreffende Funktion verschenkt wird.\n","date":"2008-06-15T00:00:00Z","href":"https://blog.koehntopp.info/2008/06/15/markteintrittsschranke.html","tags":["free software","lang_de"],"title":"Markteintrittsschranke"},{"categories":null,"content":"Neuer Job, neues Werkzeug. Diesmal ein MacBook Pro 15\u0026quot;, mit 3 GB RAM und der 200 GB 7200rpm Platte und MacOS X 10.5.3. Ab Werk ist das System nahezu unbenutzbar.\nDamit das bewohnbar wird, kommen bei mir die folgenden Sachen drauf:\nFür die Shell:\nSSHKeyChain für iTerm iTerm Terminal Client Cyberduck sftp/ssh client (Fish ist ja so viel besser, aber ein Mac kann das noch nicht) Rudix , damit die Kommandozeile nicht so stinkt. Für die Arbeit:\nEin aktuelles MySQL NeoOffice , das StarOffice für den Mac Camino , ein Firefox für den Mac Für die Kommunikation:\nSkype , funktioniert ganz ausgezeichnet ohne Headset und mit der eingebauten Kamera, ich bin beeindruckt. Adium , kann alles außer Skype Colloquy IRC Client, aber ich nehme weiter mein irssi im Screen auf dem Dedi, glaube ich. Text Wrangler , der Editor der Wahl für uns Nicht-Emacs-Benutzer NetNewsWire Feed Reader, jedenfalls solange Akregator noch nicht geht Von Till:\nEine KDE 4 Beta mit kmail und dem Rest von Kontact auf Native-Qt-KDE ohne X11. Das ist leider noch ein wenig broken und schlecht integriert. Ich will mein Amarok! Zum Gucken:\nPerian , die Codec-Sammlung für Quicktime, damit es nicht mehr saugt. VLC für den Mac ist echt gut MPlayer OS X, eher nicht so stabil Handbrake , weil niemand so viele DVDs mit sich herumschleppen will, und man das Zeugs ja auch mal auf dem iPod haben will Transmission, als Bittorrent Client der Wahl Weiteres Zeugs:\nTunnelblick VPN Controller Growl Journler Nokia E90 iSync Conduit, von Nokia Jetzt fehlt noch ein sinnvoller Windowmanager, der Focus-Follow-Mouse richtig kann, und der die Fenster nach Dokumenten und nicht nach Anwendungen gruppiert. So geht das jedenfalls gar nicht. Oh, und ein Tastatur-Layout-Editor, denn die Belegung von dem Ding hier ab Werk ist mal so richtig kaputt. In Englisch und in Deutsch.\n","date":"2008-06-11T00:00:00Z","href":"https://blog.koehntopp.info/2008/06/11/neues-werkzeug.html","tags":["apple","computer","hardware","lang_de"],"title":"Neues Werkzeug"},{"categories":null,"content":"Shimon Schocken preist seinen Kurs \u0026ldquo;From NAND to Tetris in 14 steps\u0026rdquo; an:\nWenn mich Leute nach Informatik fragen, dann sage ich ja meistens: \u0026ldquo;Informatik die Wissenschaft von 0 und 1 - komplizierter wird es nicht mehr, nur mehr.\u0026rdquo;\nDie Schwierigkeit in der Informatik ist mehr die Anzahl der Abstraktionsebenen, die übereinander gestapelt werden, nicht die Kompliziertheit des Stoffes. Weil Abstraktionen immer Lecks haben, muss man in der Informatik immer ein paar dieser Ebenen gleichzeitig offen haben und \u0026ldquo;high level\u0026rdquo; und \u0026ldquo;low level\u0026rdquo; zur selben Zeit denken. Das ist es, was Leute verwirrt.\nSchocken hat aus dieser Idee einen Kurs gemacht. Und der ist frei verfügbar , ebenso wie die Software dazu. Und so kann man hier Chips designen und simulieren, eine CPU entwickeln und simulieren, eine VM entwickeln, und simulieren, Assembler und Compiler für die VM schreiben, ein OS obendrauf bauen und schließlich Spiele darauf laufen lassen.\nWer es nicht online mag: The Elements of Computing Systems ist auch als Buch zu haben. Ich bin begeistert.\n","date":"2008-06-01T00:00:00Z","href":"https://blog.koehntopp.info/2008/06/01/cs101-from-nand-to-tetris-in-14-simple-steps.html","tags":["free software","lang_de"],"title":"CS101: From NAND to Tetris in 14 simple steps"},{"categories":null,"content":"Wenn man mit Featureentwicklern spricht, dann reden sie immer gerne über tolle neue Dinge die sie gerade eingebaut haben.\nIch bin bei Featureentwicklern und Projektmanagern echt unbeliebt.\nIch rede gerne über Kosten, und über FAIL. Das habe ich mit vielen anderen Sysadmins, Bibliotheksentwicklern und Kernelcodern gemeinsam. Wenn man dort einmal mithört - zum Beispiel auf der Linux Kernel Mailingliste oder unter Stammtischgesprächen von Sysadmins - dann fällt einem bald etwas auf: Dort redet man in der Regel nicht von tollen neuen Features oder was jetzt optimiert worden ist, sondern dort redet man in der Regel von Fehlern, die aufgetreten sind oder von schlechtesten Fällen, und wie man sie triggert. Newsgroups wie de.alt.sysadmin.recovery sind voll von zynischen Geschichten über Komponentenversagen. Die wichtigsten Abschnitte in Ross Andersons Security Engineering sind die Abschnitte, in denen er das Versagen von Sicherheitssystemen beschreibt.\nAlle diese Leute - Kernelentwickler, Bibliotheksentwickler und Sysadmins - sind Leute, die normalerweise ständig mit Infrastrukturkomponenten zu tun haben. Und Infrastrukturkomponenten werden nie an ihrem besten Fall gemessen, sondern immer nur an ihrem schlechtesten Fall und an der Art und Weise, wie sie versagen.\nNiemand lobt die Stadtwerke, weil sie das Stromnetz 15% effizienter gemacht haben, aber jeder erinnert sich an den letzten Stromausfall, den letzten Kernelbug, in den er rein getreten ist oder das Szenario, bei dem er eine Bibliothek zum Explodieren gebracht hat ( blog.fefe.de )\nFeatureentwickler tun gut daran, sich diese Denkweise einmal zu eigen zu machen. Ein Freund und Arbeitskollege von mir formuliert es so: \u0026ldquo;Wenn ich Go spiele und gewinne, dann habe ich nur bestätigt, was ich schon weiß, aber nichts gelernt. Nur wenn ich verliere (und hinterher verstehe, wieso ich verloren habe), dann kann ich etwas lernen.\u0026rdquo;\nWenn man sich von vorneherein auf Worst-Case-Verhalten konzentriert und versucht, diese Fälle zu optimieren, dann kann man FAIL vermeiden und lernen ohne die Schmerzen aus erster Hand zu erfahren.\nDas Problem existiert aber auch auf einer größeren, politischen Ebene. Wir führen Infrastruktur ein - Toll Collect, die Gesundheitskarte, Wahlcomputer oder die Vorratsdatenspeicherung - und führen die gesellschaftliche Diskussion hier meistens auf der Ebene von Featureentwicklern. Mißbrauch, interner Mißbrauch, Versagen von Teilkomponenten, Versagen von Sicherheitsmechanismen, Rückbau, Schadensbegrenzung, Versicherbare Restrisiken sind bei der gesellschaftlichen Betrachung dieser Infrastrukturen keine Themen.\n","date":"2008-05-30T00:00:00Z","href":"https://blog.koehntopp.info/2008/05/30/the-importance-of-fail.html","tags":["architektur","computer","security","lang_de"],"title":"The Importance Of FAIL"},{"categories":null,"content":"Im Anschluß an Vertrauensvorschuß :\nVolkswagen Siemens Telekom Wie praktisch: Ein Gesamtscore .\nWikipedia weiß über Poltikverdrossenheit :\nPolitikverdrossenheit bezeichnet die negative Einstellung der Bürger in Bezug auf politische Aktivitäten und Strukturen, u.U. resultierend in Desinteresse und Ablehnung von Politik und politischem Handeln. Politikverdrossenheit führt zur mangelnden Partizipation am politischen Prozess. Diese Haltung kann generell die ganze politische Ordnung betreffen oder sich nur auf Ergebnisse politischer Prozesse beziehen.\nDer Grund \u0026ldquo;Offensichtliches Systemversagen\u0026rdquo; wird in der Liste der Gründe für Politikverdrossenheit noch nicht genannt.\nIn Telekom-Affäre: Aufsichtsbehörden in Erklärungsnot liest sich das so:\nIm Klartext: Die Bundesnetzagentur könnte der Deutschen Telekom die Lizenz entziehen, falls sich herausstellen sollte, dass sie sich für ihre Schnüffelaktion der staatlichen Überwachungstechnik bedient hat.\nJa, sicher. Das wird bestimmt passieren.\n","date":"2008-05-30T00:00:00Z","href":"https://blog.koehntopp.info/2008/05/30/vertrauensvorschu-ii.html","tags":["politik","lang_de"],"title":"Vertrauensvorschuß II"},{"categories":null,"content":"Vor etwas mehr als 10 Jahren, am 19. Mai 1998, schrieb ich auf php-general von einer PHP Standardbibliothek.\nPHP should ship with, and install by default, a standard library. This library should offer certain standard functionality that is often required in larger web projects.The language itself does not need to support any of the functionality that should be in the library (see below). In fact, quite a lot of PHP special functions are probable candidates for library functions that could (and perhaps should) be removed from the language core, if you are into language purity (I am not). What PHP needs in my personal opinion is a more stable, better debugged and better equipped modularization mechanism (and better namespace management).\nWenig später, Ende Juni, kam dann die Ankündigung von Sessionvariablen und Authentisierung in einem runterladbaren Paket. Im Juli gab es dann die erste Version mit PHP 3 Objekten . Um diese Zeit ging dann auch die Supportsite online. Das Projekt idlet jetzt unter anderer Führung auf SourceForge rum - es hat sich inzwischen überlebt.\nDie Mails Keeping state at the server und What was your name, again? erklären die Ideen und Konzepte dahinter.\nPHPLIB hat das Konzept der Session in PHP eingeführt und war die Default-Bibliothek dafür in PHP 3. Sascha Schumann hat den Code dann in PHP4 in den PHP-Kern selber überführt. PHPLIB hat außerdem das Konzept des Datenbankwrappers in PHP eingeführt und eine der ersten Template-Bibliotheken enthalten.\n","date":"2008-05-29T00:00:00Z","href":"https://blog.koehntopp.info/2008/05/29/10-jahre-phplib.html","tags":["damals","php","lang_de"],"title":"10 Jahre PHPLIB"},{"categories":null,"content":"Mit dem Ende dieser Woche endet nicht nur die MySQL Deutschland GmbH , sondern auch meine Tätigkeit bei MySQL. Den neuen Vertrag bei Sun habe ich, anders als zunächst geplant, nicht unterschrieben - mir ist relativ schnell klar geworden, daß ich mich in einer Firma dieser Größe nicht wohlfühlen werde.\nFür MySQL bin ich seit Ende des Jahres 2005 unterwegs gewesen - bis zu 180 Tage im Jahr. Neben einigen größeren Projekten habe ich sehr viel kleineres Consulting gemacht - \u0026ldquo;Pivot-Consulting\u0026rdquo;, bei dem es nicht darum geht ein Projekt umzusetzen, sondern den Kunden dazu zu befähigen, das Projekt selber zu schaukeln. Dabei habe ich alle Bereiche um MySQL herum abgedeckt mit Ausnahme von MySQL Cluster. Ich habe außerdem durchschnittlich 60 Arbeitsstunden pro Woche inklusive Reisezeit weggehauen und bin teilweise über Monate nur am Wochenende daheim gewesen.\nSpannend war\u0026rsquo;s und einigermaßen einträglich auch. Aber der Verkauf an Sun und der Betriebsübergang machen es notwendig, dass ich mich frage, wovon ich da Teil werde und ob ich das will. Und daß ich mich frage, was ich die nächsten Jahre tun möchte - ob ich noch immer so viel Reisen möchte oder ob ich mal wieder eine Phase mit mehr Stabilität brauche. Mein Körper hat mir in den vergangenen Monaten recht deutlich gemacht, wo seine Präferenzen liegen. Das dazu.\nDie Arbeit bei MySQL ist noch immer nicht nur der anstrengendste, sondern auch der spannendste Job, den ich je hatte. MySQL hat mit seinem Produkt einen komplett neuen Markt unter dem existierenden Datenbankmarkt etabliert und begleitet seine Kunden nun seit mehr als einer Dekade auf dem Weg. Produkt und Anwender lernen dabei nicht nur voneinander, sondern entwickeln auch neue Paradigmen für eine Umgebung in der traditionelle Datenbanktechniken nicht mehr greifen.\nFür meine Kunden bin ich dabei oft nicht nur der Consultant gewesen, der die fertige Lösung aus der Tasche zieht. Sondern mein Job war auch der eines Gesellen auf Wanderschaft, der andere Installationen und Herangehensweisen gesehen hat. So konnte ich das lokale Projekt mit anderen Ansätzen anderswo in Beziehung setzen und dem Kunden so die notwendige Sicherheit und das notwendige Vokabular vermitteln, und auf Grundlage dieser Erfahrungen auf die Ecken und Kanten hinweisen, die auf dem Weg zum Projektende wahrscheinlich noch lauern würden.\nVokabeln und Erfahrungsberichte sind tatsächlich sehr wichtig - bei vielen, was wir machen verstoßen wir gegen die Regeln traditionellen Datenbankdesigns und tun gegebenenfalls das Gegenteil davon. Eine Liste wie die eBay Best Practices ist jedenfalls ziemlich genau eine Liste von \u0026ldquo;Dinge, die mein Datenbankprofessor gehasst hätte\u0026rdquo;.\nWenn man so etwas macht und gegen etablierte Techniken und Methoden direkt verstößt, dann will man Sicherheit haben - \u0026ldquo;das hat schon einmal irgendwo geklappt\u0026rdquo; - und Worte für das, was man da tut - \u0026ldquo;für unsere Architektur gibt es Worte, es sind nur nicht die Worte, die ein traditioneller Datenbanker verwenden würde, weil es keine traditionelle Architektur ist\u0026rdquo;. Meine Aufgabe war mehr als einmal, diese Referenzen und diese Zusicherungen zu geben und das Projekt dann mehr oder weniger einfach den ursprünglichen Weg gehen zu lassen. Gerne auch das, wenn es denn hilft, die Sache zu einem Erfolg zu machen\u0026hellip;\nMySQL und Postgres sind nun \u0026ldquo;dasselbe\u0026rdquo; - Josh Berkus, Monty Widenius und Jim Starkey arbeiten alle für Sun. Aber sie sind auch die beiden Extrempunkte eines Kontinuums. Postgres ist eine gute Plattform, um eine traditionelle Datenbank-Architektur von einer Closed Source Plattform in eine Open Source-Umgebung zu befördern. Es enthält (und bewirbt) einen Haufen traditioneller Mechanismen, die eine relativ direkte, kostengünstige und risikoarme Migration auf diesem Pfad ermöglichen.\nMySQL und MySQL Consultants sind oft ein wenig anders - sie denken eher in massiv in die Breite skalierten, verteilten, asynchronen Web-Architekturen, die Anwendungen als verteilte Systeme betrachten. In solchen Systemen werden die Anwendung, die Middleware, die Bibliotheken und die Datenbanken zusammen als \u0026ldquo;die Anwendung\u0026rdquo; angesehen und als System betrachtet, in denen man alle Komponenten kontrolliert und adaptiert. Weil der ganze Stack kontrolliert und als integrales System betrachtet wird, wird Funktionalität oft in die leichter und billiger zu skalierenden Außenbereiche gedrückt, anstatt sie monolithisch-synchron im Datenbank-Kern abzuhandeln. Dies ist in vielen Fällen aufwendiger und schwerer zu kontrollieren als ein traditionelles System, erlaubt es aber zu wachsen, indem man einfach mehr Boxen hin stellt .\nIm Job führt das oft zu Konflikten, wenn man auf einen traditionellen DBA oder Architekten trifft. Dann ist es die Aufgabe des Consultants klarzumachen, daß dies eine valide Architektur ist, die sich oft bewiesen hat, ja daß es sogar die einzige Architektur ist, die sich auf globaler Skala unter allen wirklich großen Systemen durchgesetzt hat. Das, was traditionelle Architekturen tun ist gut und richtig - wenn man Time To Market minimieren möchte und ein möglichst simpel erstellbares und debugbares System haben möchte. Wenn man aber die Größenordnung verlässt, in der man dieses Problem auf einer einzelnen Maschine abhandeln kann, dann setzen physikalische Effekte ein , die es zwingend machen, diese einfache und leicht zu kontrollierbare Welt zu verlassen.\nDiesen Übergang zu lehren und Kunden durch diesen Übergang zu begleiten ohne daß die Kundensysteme dabei offline gehen mussten war oft genug meine Aufgabe und die meiner Kollegen.\nAuch Sun hat diese Lehre gut verinnerlicht - um 2001 herum war ich bei einem Sun Kunden tätig, der nicht weniger als zwölf Enterprise 10000 Maschinen in seinen Rechenzentren im Einsatz hatte. Diese Maschinen sind das Denkmal traditioneller synchroner Architekturen, 64 Prozessoren (72 bei den Nachfolgern) und 64 GB RAM (bis zu 576 GB RAM bei den Nachfolgemodellen), 24 Ebenen Multilayer auf der Backplane, Switches statt Busse zur Rechner-internen Kommunikation zwischen Karten und CPUs. Wunderwerke der Ingenieurskunst, spannende Spielzeuge für jeden Sysadmin und außerdem Lösungen auf der Suche nach einem Problem.\nBesagter Kunde hat heute keine einzige Maschine dieser Leistungsklasse mehr. Stattdessen setzt man auf eine große Anzahl von kleineren Systemen, 4- und 8-Core-Maschinen, die rackweise verbaut werden und auf denen man das Problem partitioniert und verteilt. Das erlaubt es nicht nur weniger Euro pro MIPS zu bezahlen, sondern auch Gesamtsysteme zu bauen, die nicht durch die größe verfügbare Maschinengröße beschränkt sind.\nAuch Sun hat das gelernt - Maschinen wie die 5240 sind quasi das Gegenteil einer E10k und mit einem Rack voll dieser Geräte erreicht man bei passend angepasster Software viel mehr als mit einer traditionellen monolithischen Architektur. Der Knackpunkt ist passend angepasste Software (Seite 9). Sich auf solche Maschinen und in solchen Umgebungen besser zu integrieren ist derzeit die wichtigste Priorität bei MySQL - und die der meisten MySQL Kunden. Sun weiß das, und man arbeitet daran. Wir leben in spannenden Zeiten!\nAuch ich werde in spannenden Zeiten leben, denn meine Aufgabe bei meinem neuen Arbeitgeber wird genau ein solcher Übergang sein. Diesmal aber nicht als Pivot-Projekt, sondern mitten drin! Ich freue mich schon!\n","date":"2008-05-28T00:00:00Z","href":"https://blog.koehntopp.info/2008/05/28/mysql-quit.html","tags":["mysql","lang_de"],"title":"mysql\u003e quit;"},{"categories":null,"content":"In anderen Artikeln habe ich ja schon an Hand von http://lxr.linux.no/ Strukturen im Linux-Kernel referenziert und in Erklärungen verwendet.\nAuf Tamacom gibt es zum Vergleich die Quellen von Linux 2.6, FreeBSD 7, NetBSD 4.x, OpenBSD 4.x, GNU Hurd 0.3 und OpenSolaris zum verlinken. Auch liegen dort ein UNIX V7 Kernel und ein 4.3BSD rum.\nMinnie hat eine schöne Sequenz wirklich alter Unix-Trees, der die Entwicklung der 70er Jahre und einige BSD-Trees miteinander vergleicht. Das älteste nützliche Zeugs von dort ist von 1973 .\nThe nsys files are timestamped August 31, 1973. This is consistent with other known dates. The files use structs, but in December 1972 the C compiler didn\u0026rsquo;t support structs. In September 1973, the C version of the kernel finally supplanted the assembly version, and the kernel here certainly works fine.\nMit anderen Worten, wir schauen hier der gleichzeitigen Entstehung der Sprache C und des Unix-Kernels zu. So kennt der V3 Kernel noch keine GID im stat(2) Systemaufruf, und der Compiler kann noch keine \u0026ldquo;struct\u0026rdquo; - im nsys-Kernel 6 Monate später existieren beide - und andere wichtige Erfindungen werden gemacht.\nGoldenes Zitat :\nThe number of UNIX installations is now above 20\u0026hellip;\n","date":"2008-05-27T00:00:00Z","href":"https://blog.koehntopp.info/2008/05/27/historische-kernelsourcen.html","tags":["computer","free software","linux","unix","lang_de"],"title":"Historische Kernelsourcen"},{"categories":null,"content":"Steve Ballmer schläft derzeit schlecht . Da bin ich mir ziemlich sicher. Spätestens seit ich bei Till einen EEE-PC von Asus in den Fingern hatte.\nDer EEE ist häßlich, aus Plastik und die Tastatur ist für meine Finger zu klein und das Touchpad ist hypersensitiv. Aber das Ding tut alles, was ich jemals von ihm wollen könnte. Es hat WLAN, eine Kamera, es hat Firefox, Open Office, Mplayer und Skype. Und es hat kein einziges Stück Microsoft Software drauf. Kein einziges. Nirgendwo.\nSelbst wenn: Vista würde da auch nicht drauf passen. Es ist zu fett.\nJa, Steve Ballmer schläft wirklich schlecht.\nStattdessen spielt Microsoft wieder mit den Staatsanwälten von der Monopolaufsicht fangen und macht komische Verträge :\nMicrosoft plans to offer PC makers steep discounts on Windows XP Home Edition to encourage them to use that OS instead of Linux on ultra low-cost PCs (ULPCs).\nTo be eligible, however, the PC vendors that make ULPCs must limit screen sizes to 10.2 inches and hard drives to 80G bytes, and they cannot offer touch-screen PCs.\nThe program is outlined in confidential documents that Microsoft sent to PC makers last month, and which were obtained by IDG News Service. The goal apparently is to limit the hardware capabilities of ULPCs so that they don\u0026rsquo;t eat into the market for mainstream PCs running Windows Vista, something both Microsoft and the PC vendors would want to avoid.\n","date":"2008-05-10T00:00:00Z","href":"https://blog.koehntopp.info/2008/05/10/steve-ballmer-lernt-noch-was.html","tags":["computer","microsoft","lang_de"],"title":"Steve Ballmer lernt noch was"},{"categories":null,"content":"In The Gospel of Consumption :\ndespite the apparent tidal wave of new consumer goods and what appeared to be a healthy appetite for their consumption among the well-to-do, industrialists were worried. They feared that the frugal habits maintained by most American families would be difficult to break. Perhaps even more threatening was the fact that the industrial capacity for turning out goods seemed to be increasing at a pace greater than people\u0026rsquo;s sense that they needed them.\nIt was this latter concern that led Charles Kettering, director of General Motors Research, to write a 1929 magazine article called \u0026ldquo;Keep the Consumer Dissatisfied.\u0026rdquo; He wasn\u0026rsquo;t suggesting that manufacturers produce shoddy products. Along with many of his corporate cohorts, he was defining a strategic shift for American industry from fulfilling basic human needs to create new ones.\nUnd die Statistiken dazu:\nMeanwhile, by 2000 the average married couple with children was working almost five hundred hours a year more than in 1979. [\u0026hellip;] By 1991 the amount of goods and services produced for each hour of labor was double what it had been in 1948. By 2006 that figure had risen another 30 percent. [\u0026hellip;] if as a society we made a collective decision to get by on the amount we produced and consumed seventeen years ago, we could cut back from the standard forty-hour week to 5.3 hours per day or 2.7 hours if we were willing to return to the 1948 level.\nNoch spannender sind die historischen Hintergründe dazu in dem Aritkel.\nWas tun mit der freien Zeit?\nClay Shirky schreibt dazu:\nIf I had to pick the critical technology for the 20th century, the bit of social lubricant without which the wheels would\u0026rsquo;ve come off the whole enterprise, I\u0026rsquo;d say it was the sitcom. Starting with the Second World War a whole series of things happened\u0026ndash;rising GDP per capita, rising educational attainment, rising life expectancy and, critically, a rising number of people who were working five-day work weeks. For the first time, society forced onto an enormous number of its citizens the requirement to manage something they had never had to manage before \u0026ndash; free time.\nAnd what did we do with that free time? Well, mostly we spent it watching TV.\nShirky sieht die freie Zeit als \u0026ldquo;kognitiven Überschuss\u0026rdquo;, den wir verschwendet haben, weil keine Infrastruktur da war, um ihn sinnvoll anzuwenden. Mit dem Internet, so argumentiert er, ändert sich das nun:\nSo how big is that surplus? So if you take Wikipedia as a kind of unit, all of Wikipedia, the whole project \u0026ndash; every page, every edit, every talk page, every line of code, in every language that Wikipedia exists in \u0026ndash; that represents something like the cumulation of 100 million hours of human thought. I worked this out with Martin Wattenberg at IBM; it\u0026rsquo;s a back-of-the-envelope calculation, but it\u0026rsquo;s the right order of magnitude, about 100 million hours of thought.\nAnd television watching? Two hundred billion hours, in the U.S. alone, every year. Put another way, now that we have a unit, that\u0026rsquo;s 2,000 Wikipedia projects a year spent watching television. Or put still another way, in the U.S., we spend 100 million hours every weekend, just watching the ads. People asking, \u0026ldquo;Where do they find the time?\u0026rdquo; when they\u0026rsquo;re looking at things like Wikipedia don\u0026rsquo;t understand how tiny that entire project is, as a carve-out of this asset that\u0026rsquo;s finally being dragged into what Tim calls an architecture of participation.\nUnd das ist es seltsamerweise auch, was ich antworte, wenn ich gefragt werde, wo ich denn all die Zeit hernehme, um all die Dinge zu lesen und zu schreiben, die ich so mache. Ich sehe in meinen produktiven Phasen kaum fern.\nAber die Veränderung geht noch weiter: Es wächst nun eine Generation heran, für die passive Konsumentenmedien seltsam wirken:\nI was having dinner with a group of friends about a month ago, and one of them was talking about sitting with his four-year-old daughter watching a DVD. And in the middle of the movie, apropos nothing, she jumps up off the couch and runs around behind the screen. That seems like a cute moment. Maybe she\u0026rsquo;s going back there to see if Dora is really back there or whatever. But that wasn\u0026rsquo;t what she was doing. She started rooting around in the cables. And her dad said, \u0026ldquo;What you doing?\u0026rdquo; And she stuck her head out from behind the screen and said, \u0026ldquo;Looking for the mouse.\u0026rdquo;\nHere\u0026rsquo;s something four-year-olds know: A screen that ships without a mouse ships broken.\nHere\u0026rsquo;s something four-year-olds know: Media that\u0026rsquo;s targeted at you but doesn\u0026rsquo;t include you may not be worth sitting still for.\nBei Netzpolitik gibt es quasi passend dazu eine Liste von Forderungen für eine zeitgemäße Netzpolitik . Die Umsetzung dieser Forderungen in einer sinnvollen Urheberrechtsreform und einem Regulierungsrahmen würden die oben diskutierte Entwicklung noch fördern und in die richtigen Bahnen lenken:\nÖffentlich geförderte Informationen müssen den Bürgern unter offenen Lizenzen bereitgestellt werden. Fernsehen und Radio sind tot! Die Inhalte des Öffentlich-Rechtlichen Systems müssen im Netz frei zugänglich sein. Öffentlich-Rechtlich ins digitale Zeitalter überführen! Digitale Strukturen und Communities, die Informationen des öffentlichen Interesses produzieren, müssen gefördert werden. Open Source fördern! Open Source Communities sind essenziell für die Kulturproduktion des 21. Jahrhunderts und schaffen unbestreitbare gesellschaftliche Mehrwerte. Freie und anonyme Kommunikationswege erhalten Demokratie öffnen heißt Transparenz wagen! Staatliche Informationen gehören unter offene Lizenzen. Informationsfreiheit muss praktiziert werden, geredet wurde schon genug. Staatliche Infrastrukturen befreien! Nur offene Standards und die Verwendung freier Software garantieren einen diskriminierungsfreien und nachhaltigen Zugriff auf Vorgänge und Abläufe in Politik und Verwaltung. Internet ist Grundversorgung. Kommunen müssen jedem Bürger einen Basiszugang zum Internet ermöglichen. Urheberrecht reformieren! Das Urheberrecht muss den gesellschaftlichen Realitäten angepasst werden - nicht die gesellschaftlichen Realitäten dem Urheberrecht. Gleiche Chancen für alle! Die Netzneutralität muss festgeschrieben werden: Es darf keine Klassengesellschaft im Netz entstehen. Medienkompetenz für Politiker: Wir brauchen Politiker, für die das Internet kein Fremdkörper ist. Wir brauchen Medien-kompetente Politiker, die es sich nicht erst ausdrucken lassen müssen. Aber wie im ersten Text in den historischen Hintergründen beleuchtet ist eine partizipatorische Demokratie gar nicht gewünscht.\n","date":"2008-05-06T00:00:00Z","href":"https://blog.koehntopp.info/2008/05/06/die-grauen-herren-vs-das-internet.html","tags":["media","politik","tv","lang_de"],"title":"Die Grauen Herren vs. das Internet"},{"categories":null,"content":" Eines der wichtigsten Bücher, die man lesen kann, selbst wenn man sich nicht beruflich für Sicherheit von Systemen interessiert, ist \u0026ldquo;Security Engineering\u0026rdquo; von Ross Anderson.\nRoss Anderson , ein Professor für Security Engineering an der Uni Cambridge, hat in seinem Leben einen Haufen Systeme designt oder die Sicherheit und die Versagensgründe für solche Systeme untersucht. Dazu gehören nicht nur Rechnersicherheitssysteme, sondern auch Stromzähler, Freund-Feind-Erkennungssysteme von Kampfjets oder das englische Gesundheitssystem.\nIn Security Engineering legt er die Grundlagen des modernen Standes der Technik und wie und warum Sicherheit funktioniert. Dabei legt er großen Wert auf praktische Beispiele und auch auf Gründe für Systemversagen und baut so ein Verständnis für den Wert von Einfachheit, passive Sicherheit und klare Diagnostizierbarkeit auf.\nDas Buch ist soeben in einer zweiten Auflage erschienen. Kauft es. Auch Bruce Schneier sagt Euch das.\n","date":"2008-05-06T00:00:00Z","href":"https://blog.koehntopp.info/2008/05/06/fertig-gelesen-security-engineering-2nd-edition.html","tags":["review","security","lang_de"],"title":"Fertig gelesen: Security Engineering, 2nd edition"},{"categories":null,"content":"Microsoft will Yahoo! kaufen, aber Yahoo! will nicht.\nMicrosoft lernt, daß Yahoo! vielleicht gar keine so gute Idee ist .\nUnd außerdem zu teuer - Microsoft geht weg . \\Der Markt denkt kurz - die Yahoo!-Aktien fallen , Yahoo! wird auf Drängen seiner Aktionäre weich.\nNun sind es nicht die Aktionäre, die den Umsatz machen, sondern die Entwickler. Yahoo! ist eine Firma mit einer fest etablierten und reichen Open Source Kultur. Microsoft ist das genaue Gegenteil. Und uncool . Zählt die Macs auf einer Konferenz Eurer Wahl (und sei es nur, weil die leichter vom Podium aus zu erkennen sind als Linux-Laptops). Ein Yahoo!-Kauf durch Microsoft wird sicher interessant - für Firmen, die Entwickler suchen.\nNebenbei beobachtet: Im Januar 2000 wurde Steve Ballmer Microsoft-CEO. Hier der Aktienkurs zum Vergleich .\n","date":"2008-05-06T00:00:00Z","href":"https://blog.koehntopp.info/2008/05/06/microsoft-yahoo-und-was-nun.html","tags":["computer","microsoft","lang_de"],"title":"Microsoft, Yahoo! und was nun?"},{"categories":null,"content":"Ars Technica berichtet, daß \u0026ldquo;Plays For Sure\u0026rdquo; mal gar nicht so sure playt. Denn:\nAs of August 31, 2008, we will no longer be able to support the retrieval of license keys for the songs you purchased from MSN Music or the authorization of additional computers. [ \u0026hellip; ] Once September rolls around, users are committed to whatever five machines they may have authorized — along with whatever OS they are running.\nDa weiß man, wieso man DRM-Freie OGGs und MP3s kaufen will, oder besser gleich rip-bare physikalische Medien. Nur falls das jemandem hier noch nicht so klar war.\n","date":"2008-04-23T00:00:00Z","href":"https://blog.koehntopp.info/2008/04/23/microsoft-schaltet-plays-for-sure-ab.html","tags":["media","musik","lang_de"],"title":"Microsoft schaltet \"Plays for Sure\" ab"},{"categories":null,"content":"Microsoft\u0026rsquo;s Ballmer gives unvarnished take on Windows, online businesses :\nHe sought feedback from the crowd of IT pros, many of whom have dedicated their careers to becoming expert in Microsoft\u0026rsquo;s products, on which Internet search engine they use. \u0026ldquo;How many of you use Live Search as your default?\u0026rdquo; Ballmer asked.\nA smattering of hands went up. Tepid applause. \u0026ldquo;How many of you use Yahoo search as your default?\u0026rdquo; Far fewer hands went up and the room was relative quiet, until it filled with laughter.\nBallmer, trying again, louder this time, \u0026ldquo;How many of you use Yahoo search as your default?\u0026rdquo; The same response. \u0026ldquo;Wow, we offered 31 bucks a share,\u0026rdquo; he said, to more laughter.\n\u0026ldquo;How many of you use Google as your default?\u0026rdquo; Ballmer asked. The vast majority in the audience raised their hands, cheering and hooting.\nBallmer looked around. Smiled. Scratched his cheek. Rubbed his face with his hand.\n","date":"2008-04-20T00:00:00Z","href":"https://blog.koehntopp.info/2008/04/20/steve-ballmer-lernt-etwas.html","tags":["computer","microsoft","software","lang_de"],"title":"Steve Ballmer lernt etwas"},{"categories":null,"content":" Es war einmal das web.de Rechenzentrum.\nWeil mich ein paar Leute gefragt haben, was denn nun einmal war: Dies ist die alte Pfaff Nähmaschinenfabrik in der Amalienbadstraße in Durlach. Der Laden ist von web.de damals gekauft und renoviert worden. Nach dem Verkauf des Portalgeschäftes von web.de an 1\u0026amp;1 ist die web.de AG als Combots AG umfirmiert und in den Räumen in der Amalienbadstraße mit einer Rumpfmannschaft verblieben. Die meisten ehemaligen web.de-Mitarbeiter sind mit dem Geschäft an 1\u0026amp;1 verkauft worden. Nachdem sich das Produkt von Combots nicht hat durchsetzen können, hat Combots nun die Entwicklung ihres Chatsystems eingestellt und die Anlage hat wohl Platz über.\nDaher die Domain \u0026ldquo;rzflaeche.de\u0026rdquo;.\nZum Thema Renovierung hier der Porn:\n","date":"2008-02-13T00:00:00Z","href":"https://blog.koehntopp.info/2008/02/13/es-war-einmal.html","tags":["hardware","karlsruhe","lang_de"],"title":"Es war einmal..."},{"categories":null,"content":" Links: Strukturen im Speicher, Rechts: Strukturen auf Disk. Oben: Log-Strukturen, Unten: Tablespace-Strukturen.\nWie eine Transaktion physikalisch organisiert wird Wenn in InnoDB eine neue Transaktion begonnen und erzeugt wird, ist sie ja noch nicht comitted und damit hat die Datenbank gegenüber der Anwendung noch kein Versprechen gemacht. Entsprechend brauchen die Daten aus einer solchen Transaktion auch noch nicht persistent gemacht zu werden.\nInnoDB versucht, eine Transaktion im Speicher zusammen zu bauen. Dies ist der innodb_log_buffer. Er sollte ausreichend groß gewählt werden, daß eine solche Transaktion in den meisten Fällen im Speicher gehalten werden kann und nicht partiell in ein Redo-Log geschrieben werden muß. Eine Größe von 1 MB bis 8 MB ist normal.\nWenn die Transaktion comitted wird, muß InnoDB die Speicherseite von der Platte laden, in der der zu ändernde Record enthalten ist und die Änderung im Speicher durchführen - die Seite wird im InnoDB Bufferpool gespeichert. Seiten auf der Platte und im InnoDB Bufferpool sind jeweils 16 KB groß, und die innodb_buffer_pool_size legt fest, wieviel RAM als Cache für solche Seiten zur Verfügung steht. Die modifizierte Speicherseite wird aber noch nicht zurück geschrieben. Stattdessen wird die Transaktion an Ende des aktuellen Redo-Log auf Platte geloggt und die Seite im Bufferpool im Speicher als Dirty (= noch zu schreiben) markiert.\nAls Dirty markierte Seiten werden in den Tablespace hinaus geschrieben, wenn einer von drei Fällen eintritt:\nDas Redo-Log, das als Ring Puffer organisiert ist, ist voll. Um zusätzlichen Platz zu gewinnen müssen als Dirty markierte Seiten in Redo-Log Reihenfolge herausgeschrieben werden, sodaß der hintere Zeiger des Redo-Log Ringpuffers nach vorne verschoben werden kann und so ausreichend Platz im Redo-Log geschaffen wird. Diese Situation nennt man einen Innodb_log_wait und sie wird im gleichnamigen Statuscounter registriert.\nInnoDB benötigt für irgendwelche Aufgaben im Bufferpool eine Speicherseite, aber findet keine, die frei ist. Normalerweise kann eine solche Seite frei gemacht werden, indem man irgendeine Seite aussucht, die nicht Dirty ist und sie freigibt: Wenn eine Seite nicht dirty ist, bedeutet daß, daß ihr Inhalt irgendwo auf der Platte zum Neu laden rumsteht. Wenn aber ausschließlich als Dirty markierte Seiten im Bufferpool stehen, geht das nicht und es müssen erst einmal Seiten auf Platte geschrieben werden, damit Platz im Bufferpool geschaffen werden kann.\nDiese Situation nennt man einen Innodb_buffer_pool_wait_free und sie wird im gleichnamigen Statuscounter registriert. InnoDB versucht diese Situation zu vermeiden: Wenn mehr als innodb_max_dirty_pages_pct Prozent viele Seiten als Dirty markiert sind, wird ein Checkpoint erzwungen und die als Dirty markierten Seiten werden herausgeschrieben.\nInnoDB fühlt sich unterbeschäftigt und beginnt im Sekundentakt damit, Batches von jeweils 64 als Dirty markierten Seiten auf die Platte zu schubsen. Diese Situation ist normal und wird nicht besonders registriert (dreht aber wie alle diese Schreibzugriffe natürlich Innodb_pages_written hoch).\nRelevante Konfigurationseinträge in der my.cnf:\n# Globaler Puffer zum Zusammenbau # von Transaktionen vor dem Commit innodb_log_buffer_size = 8M # Größe des InnoDB Buffer Pools # etwa 70-80% des Hauptspeichers, # auf einer Maschine mit 4G RAM # also etwa 3G # # (/etc/sysctl.conf: vm.swappiness = 0!) innodb_buffer_pool_size = 3072M # Anzahl der InnoDB Bufferpool Seiten # die Drity sein dürfen bevor ein # Checkpoint erzwungen wird # # Default = 90, ok innodb_max_dirty_pages_pct = 90 Relevante Zähler in SHOW GLOBAL STATUS:\n# Statuszähler für das Event \u0026#34;Redo-Log voll\u0026#34; Innodb_log_waits # Statuszähler für das Event \u0026#34;Keine Seite # im Bufferpool frei\u0026#34; Innodb_buffer_pool_wait_free Eine sinnvolle Größe für das Redo-Log wählen Ein Write-Burst kann durch das Redo-Log \u0026ldquo;in der Zeit gestreckt\u0026rdquo; und so abgeflacht werden. Die zu leistende Arbeit - die Fläche unter der Kurve - ist jedoch (nahezu) gleich.\nDas Redo-Log loggt Transaktionen und die Einträge im Log sind proportional zur Größe der Transaktion, denn es werden Rows geloggt, keine Pages. Der Sinn des Logs ist es, das Zurückschreiben der 16KB großen Seiten in den Tablespace verzögern zu können: Vielfach ist es so, daß in einer Speicherseite mehr als eine Row abgelegt wird und daß mehrere zeitlich eng beeinander liegende Transaktionen Daten in Rows ändern, die in derselben Page liegen, oder daß eine Row wieder und wieder überschrieben wird. Durch das Schreiben ins Redo-Log werden diese Änderungen alle persistent gemacht, aber die Schreibzugriffe können als lineare Writes ohne Seeks recht schnell abgewickelt werden. Die Seeks, die beim Schreiben in den Tablespace unvermeidlich auftreten würden, können so verzögert und minimiert werden.\nNormalerweise sollte das Redo-Log immer groß genug sein und niemals voll laufen. Entsprechend sollte Innodb_log_waits immer 0 sein oder zumindest sich nicht bewegen, wenn man zwei Mal in Folge den Wert des Statuscounters abruft. Hat man regelmäßig Innodb_log_wait-Events, kann eine von zwei Situationen vorliegen: Der Server hat Write-Bursts, die größer sind als das aktuelle Redo-Log - das Redo-Log ist zu klein und muß vergrößert werden. Oder der Server hat dauerhaft eine sehr große Schreiblast und das Redo-Log würde überlaufen, egal wie groß es ist. Dann braucht der Server mehr Spindeln, um schneller schreiben zu können oder die Daten müssen partitioniert und auf mehrere Server verteilt werden.\nDas Redo-Log besteht per Default aus zwei Dateien (innodb_log_files_in_group), die jeweils 5 MB groß sind (innodb_log_file_size), ist also 10 MB groß. Dies ist zu klein. Idealerweise sollte es aus zwei Dateien bestehen, die jeweils zwischen 64 und 256 MB groß sind, also 128 MB bis 512 MB groß sein. Es kann nicht größer sein als 4096 MB = 4 GB, auch nicht auf einer Maschine mit 64 Bit Architektur.\nFrüher (vor MySQL 5.0) war es einmal wesentlich, das Redo-Log nicht zu groß zu machen: Wenn der Server crashte, ging InnoDB in die Log Recovery Phase und mußte diese erst abarbeiten bevor der Server wieder Verbindungen annahm. Seit MySQL 5.0 ist das nicht mehr so: Die Log Recovery Phase kann vom Server im Hintergrund abgearbeitet werden, sodaß die Größe des Redo-Logs nicht mehr bestimmend für die Dauer der Server-Recovery ist.\nÄndert man diese Variable wenn ib_logfile0 und ib_logfile1 schon existieren, wird InnoDB sich weigern zu starten und im Error-Log des Servers eine Meldung hinterlassen, die im wesentlichen sagt, daß die Größe von vorgefundenen Logfiles nicht mit der Größe der konfigurierten Logfiles übereinstimmt.\nUm die Größe des Redo-Logs zu ändern muß der Server runtergefahren werden, danach kontrolliert werden, daß der Shutdown sauber war und daß kein Serverprozeß mehr läuft. Dann kann man die existierenden ib_logfile?-Dateien zur Seite moven und den Wert der Konfigurationsvariablen ändern, um schließlich den Server zu starten. InnoDB wird nun Meldungen über neu angelegte Logfiles in das Error-Log schreiben und die Files generieren. Ist der Server wieder online und betriebsbereit, kann man die alten ib_logfile?-Dateien löschen.\nRelevante Konfigurationseinträge in der my.cnf:\n# Anzahl der ib_logfile? innodb_log_files_in_group = 2 # Größe eines ib_logfile? innodb_log_file_size = 256M Wie InnoDB die Datendateien ablegt Wie bereits in dem ersten Artikel dieser Reihe angedeutet hat InnoDB zwei verschiedene Betriebsarten, in denen es seine Daten unterschiedlich organisiert: Wenn die Konfigurationsvariable innodb_file_per_table = 0 gesetzt ist, werden die Daten in einem oder mehreren ibdata-Tablespacefiles abgelegt. Wenn die innodb_file_per_table = 1 gesetzt ist, wird stattdessen für jede Tabelle neben der .frm-Datei für die Tabelle ein .ibd-File angelegt, das die Daten enthält.\nDie Tablespace-Files werden, wenn ihre Namen nicht als absolute Pfadnamen angegeben werden, in innodb_data_home_dir angelegt. Ist auch diese Variable leer, wird als Default datadir angenommen. Der Default-String für innodb_data_file_path ist ibdata1:10M:autoextend.\nIn den meisten Default-Installationen bedindet sich also eine Datei ibdata1 in /var/lib/mysql. Diese Datei ist zunächst 10M groß und wächst dann in Schritten von 8MB (weil innodb_autoextend_increment = 8 per Default auf 8 steht).\nDiese Defaults sind für den effizienten Betrieb jedoch nicht sehr gut gewählt. Zunächst einmal sollte man innodb_file_per_table = 1 setzen. Auf diese Weise bekommt man pro Tabelle ein .ibd-File. Dadurch hat man die Möglichkeit, den Platzverbrauch in der Datenbank Tabellenweise auch von außen zu messen und man gewinnt die Möglichkeit, durch ein ALTER TABLE t ENGINE=innodb bzw. ein OPTIMIZE TABLE t den leeren Platz in solchen Dateien dem Betriebssystem wieder zur Disposition zur Stellen.\nWählt man innodb_file_per_table = 1, dann sind die Defaults für innodb_data_file_path und innodb_autoextend_increment ausreichend, denn im ibdata1-File wird lediglich das InnoDB-interne Shadow-Datadictionary und das Undo-Log abgelegt. Auf solchen Installationen erhält man am Ende meist ein ibdata1 in der Größe von 256M bis 1024M, je nach Maximalbelastung des Undo-Logs.\nMuß oder will man InnoDB mit innodb_file_per_table = 0 betreiben, dann werden die Daten ebenfalls im ibdata1-File abgelegt. Man sollte vorher sicherstellen, daß das Betriebssystem und auch alle Utilities zur Datensicherung mit sehr großen Dateien korrekt umgehen können. Ist das nicht der Fall, wird man ein sehr kompliziertes innodb_data_file_path-Statement benötigen, das ausreichend viele ibdata-Files definiert - jedes von ihnen wahrscheinlich so um die 2G groß, oder was immer das Limit hier ist.\nAngenommen der Support im Betriebssystem für sehr große einzelne Files ist ausreichend, dann wird man mit Sicherheit die Schrittweite vergrößern wollen, in der die ibdata-Datei vergrößert wird - inoodb_autoextend_increment = 8 sind als Schrittweite sicher zu klein. Stattdessen ist es empfehlenswert, sich das Dateisystem anzusehen, auf dem die Datei angelegt wird, und als Schrittweite etwa 1% bis 5% der gesamten Dateisystemgröße zu wählen. Auf diese Weise wird das Dateisystem nach Bedarf in 20 bis 100 Schritten aufgefüllt. Das ist hinreichend klein granular,um flexibel zu sein, aber das Betriebssystem hat dennoch ausreichend wenige Allocation Requests um die Datei weitgehend unfragmentiert zu erzeugen. Auf einem Dateisystem mit 200G Platz wird man also eine Schrittweite von 2048 (2048M = 1% von 200G) oder gar 10240 (10G = 10240M = 5% von 200G) wählen.\nIn jedem Fall sollte ein Tablespace-File so definiert sein, daß es auf \u0026ldquo;autoextend\u0026rdquo; konfiguriert ist, insbesondere auch bei innodb_file_per_table = 1. Wenn nämlich durch viele Schreibzugriffe während einer lang andauernden Transaktion das Undo-Log vorübergehend anschwillt und dabei nicht genug Platz im ibdata-File ist, kommt es zu sehr seltsamen und schwer zu diagnostizierbaren Fehlermeldungen, obwohl auf Dateisystemebene noch genug Platz vorhanden ist.\nAußerdem ist zu bedenken, daß InnoDB mehr Filehandles verbraucht, wenn innodb_file_per_table = 1 gesetzt ist - entsprechend sollte man innodb_open_files größer wählen, zum Beispiel ein Filehandle pro Tabelle. Das zieht unter Umständen auch eine Anpassung von open_files_limit nach sich - hier müssen aber noch Filehandles für .frm-Dateien und für MyISAM-Tabellen mit dazu gerechnet werden.\nRelevante Konfigurationseinträge in der my.cnf (File per Table):\n# Soll InnoDB mit einer ibd-Datei pro Tabelle betrieben werden innodb_file_per_table = 1 # Wo soll die ibdata-Datei abgelegt werden (Default: $datadir) # innodb_data_home_dir # Wie soll die Datei angelegt werden? innodb_data_file_path = \u0026#34;ibdata1:10M:autoextend\u0026#34; # In was für Schritten (MB) soll die Datei wachsen? innodb_autoextend_increment = 8 # Filehandles hoch drehen # Ein Filehandle pro InnoDB Tabelle innodb_open_files = 2048 # Das hier kann man in Linux auch # getrost richtig hoch drehen open_files_limit = 32768 Relevante Konfigurationseinträge in der my.cnf (Single-Tablespace):\n# Soll InnoDB mit einer ibd-Datei pro Tabelle betrieben werden innodb_file_per_table = 0 # Wo soll die ibdata-Datei abgelegt werden (Default: $datadir) # innodb_data_home_dir # Wie soll die Datei angelegt werden? # Tablespace wird hier als 2G große Datei angelegt. innodb_data_file_path = \u0026#34;ibdata1:2048M:autoextend\u0026#34; # In was für Schritten (MB) soll die Datei wachsen? # Tablespace wächst hier in 2G Schritten # (1% einer 200G-Platte) innodb_autoextend_increment = 2048 Wie InnoDB seine Daten auf die Platte malt Wie wir oben gesehen haben, werden Daten bei der Ausführung von schreibenden Kommandos in InnoDB nur gelesen - ein INSERT oder UPDATE-Statement erzeugt einen Logbuffer und als Dirty markierte Pages im InnoDB Bufferpool für die Daten und das Undo-Log. Bei einem Commit wird der Logbuffer ins Redo-Log geschrieben - jedenfalls wenn innodb_flush_log_at_trx_commit = 1 gesetzt ist. MySQL führt den Commit dann als einen Write ins Redo-Log und eine Flush-Operation durch. Letztere leert dann die Betriebssystem-Puffer in die Platten-Puffer und die Platten-Puffer auf die Platte.\nSelbst dies ist jedoch eine relativ langsame Operation, bei der Wartezeiten von einigen Millisekunden auf eine langsame mechanische Platte auftreten - jedenfalls wenn man nicht eine spezielle Platte für das Redo-Log hat, die aus batteriegepuffertem RAM besteht. Daher besteht die Möglichkeit, InnoDB auf eine Weise zu betreiben, bei das Warten auf die Platte vom Commit mehr oder weniger stark entkoppelt wird.\nBei innodb_flush_log_at_trx_commit = 2 ist es so, daß ein Commit die Daten aus dem MySQL in die Betriebssystem-Puffer überträgt (\u0026ldquo;WRITE\u0026rdquo;), aber ein Schreiben der Betriebssystem-Puffer auf die Platte (\u0026ldquo;FLUSH\u0026rdquo;) nur einmal pro Sekunde erzwingt. Dies bewirkt, daß bei einem Absturz des MySQL Serverprozesses keine Daten verloren gehen können, bei einem Absturz der Server-Hardware jedoch bis zu einer Sekunde Redo-Log fehlen kann. Es existieren also möglicherweise Daten, für die der Anwendung signalisiert wurde, daß sie geschrieben wurden, die aber nicht geschrieben worden sind. Dafür ist diese Betriebsart durch die Wegfallenden Wartezeiten auf die langsamen Festplatten sehr viel schneller.\nJe nach Geschäftsprozeß, der hier implementiert wird, kann es sein, daß dieser Fehler relevant ist oder nicht - aus der Sicht der Informatik ist innodb_flush_log_at_trx_commit = 2 eine Verletzung des ACID -Prinzips nach Codd und daher falsch. Aus der Sicht der Betriebswirtschaft kann das Verhalten dennoch korrekt sein. Das wäre zum Beispiel dann der Fall, wenn die verlorenen Daten reproduzierbar wären, oder wenn die Korrektur der falschen Daten durch Kundenservice kostengünstiger wäre als die Hardware, die notwendig wäre, um die benötigte Performance bei innodb_flush_log_at_trx_commit = 1 zu liefern.\nBei innodb_flush_log_at_trx_commit = 0 wird das Schreibverhalten von InnoDB noch weiter gelockert - \u0026ldquo;Commit\u0026rdquo; ist nun eine rein logische Operation, die keine Writes und keine Flushes per initiiert. Stattdessen wird das Redo-Log einmal pro Sekunde durch \u0026ldquo;WRITE\u0026rdquo; an das Betriebssystem übertragen und danach durch \u0026ldquo;FLUSH\u0026rdquo; ein Schreiben der Betriebssystem-Puffer auf die Platte erzwungen. Dies ist jedoch nicht wesentlich schneller als die Einstellung \u0026ldquo;2\u0026rdquo;.\nIn jedem Fall wird die Datenbank nach einem Crash des MySQL-Serverprozesses oder der Hardware beim Wiederanlauf recovern müssen. In jedem Fall wird die Datenbank wieder in einen konsistenten transaktionalen Zustand recovern, unabhängig von den Einstellungen für innodb_flush_log_at_trx_commit. Unterschiedlich wird lediglich der Punkt in der Zeit sein (die letzte gesehene Transaktionsnummer, zu der hin recovert wird), den die Datenbank nach dem Wiederanlauf und der Recovery erreicht.\nDas Verhalten von InnoDB läßt sich außerdem noch mit Hilfe der innodb_flush_method beeinflussen. In Unix sind die zugelassenen Werte für diese Variable fdatasync (der Default), O_DSYNC, O_DIRECT, littlesync, nosync, in Windows werden normal und unbuffered (der Default) sowie async_unbuffered (der Default in Windows XP und Windows 2000) erkannt.\nDie Idee bei O_DSYNC und O_DIRECT ist, die Dateien des Redo-Log auf eine Weise zu öffnen, die den Puffermechanismus des Betriebssystems komplett ausschaltet - die Datenbank puffert Daten im innodb_buffer_pool und im Redo-Log selbst und es besteht gar keine Notwendigkeit für den File System Buffer Cache des Betriebssystems. Setzt man innodb_flush_method zum Beispiel auf O_DIRECT in Linux, wird InnoDB nur noch WRITE-Aufrufe durchführen, aber die Daten nicht mehr mit FLUSH auf die Platte zwingen. Dies ist auch nicht mehr notwendig, da ja jeder WRITE bei O_DIRECT ungepuffert direkt auf die Platte geht.\nRelevante Konfigurationseinträge in der my.cnf (für Linux):\n# Gewünschtes Schreibverhalten für viele Anwendungen innodb_flush_log_at_trx_commit = 2 innodb_flush_method = O_DIRECT # Alternativ für ACID-Compliance: innodb_flush_log_at_trx_commit = 1 innodb_flush_method = O_DIRECT Concurrency Tickets InnoDB funktioniert besser, wenn die Anzahl der Threads begrenzt ist, die gerade Operationen innerhalb der Storage Engine ausführen. Es können sich gleichzeitig innodb_thread_concurrency viele Threads in InnoDB aufhalten. Es existieren verschiedene Formeln, mit denen man auf sinnvolle Werte für diese Variable kommen kann (\u0026ldquo;Anzahl der Cores mal zwei\u0026rdquo;, \u0026ldquo;Summe aus Cores und Platten = Anzahl der Dinge, die wir in Bewegung halten wollen\u0026rdquo;), aber es ist klar, daß aktuelle Versionen von InnoDB schlechtere Performance zeigen, wenn der Wert zu hoch wird - derzeit scheint das Limit je nach Load 16 oder 32 zu sein.\nHat man mehr gleichzeitige Transaktionen als innodb_thread_concurrency zuläßt, müssen überzählige Threads warten. Oft ist es jedoch so, daß ein Thread über das Handler Interface in die Storage Engine hineingeht, dort eine Operation wie Key Lookup durchführt, um dann in die MySQL SQL-Schicht zurück zu kehren. Um eine einzelne Query zu beantworten sind unter Umständen sehr viele solche Übergänge notwendig.\nDamit ein Thread nun nicht jedesmal warten muß, wenn er in die InnoDB Storage Engine will, bekommt er innodb_concurrency_tickets viele \u0026ldquo;Tickets\u0026rdquo;, wenn ihm Zugang zur Engine gewährt wird. Er kann also entsprechend viele Wechsel zwischen SQL-Schicht und Storage Engine machen, ohen daß er erneut warten muß. Man kann hier mit verschiedenen Werten experimentieren, wenn man eine Maschine mit sehr vielen CPUs und Festplatten hat und eine sehr hohe Thread Concurrency für InnoDB hat. Sinnvolle Werte sind \u0026ldquo;Anzahl der Records in einem Block\u0026rdquo;, \u0026ldquo;\u0026hellip; in einem Segment\u0026rdquo; oder \u0026ldquo;Anzahl der Records, die in dieser Query gelesen werden\u0026rdquo;.\nEine weitere Variable ist die innodb_commit_concurrency, die die Anzahl der Threads limitiert, die gleichzeitig comitten können. Sie begrenzt den Speicherverbrauch im Logbuffer und reguliert Contention auf dem Redo-Log.\nAus historischen Gründen existiert noch eine Variable thread_concurrency. Der Wert, der hier übergeben wird, endet im Code direkt in einem Aufruf von pthread_setconcurrency(), wird aber sonst nicht weiter verwendet. Diese Funktion bewirkt in den aktuellen Implementierungen von pthreads in Linux und Solaris gar nichts, in Versionen von pthreads bis einschließlich Solaris 8 hat sie sich intern auf das Mapping von Threads zu Kernelthreads ausgewirkt. Für aktuelle Versionen von Betriebssystemen und MySQL ist die Variable und der dort eingestellte Werte nicht mehr relevant.\nRelevante Konfigurationseinträge in der my.cnf:\ninnodb_commit_concurrency = 0 innodb_thread_concurrency = 16 innodb_concurrency_tickets = 500 Metadatenstrukturen Wenn ich nach dem gehe, was ich bei Kunden vorfinde, dann ist innodb_additional_mem_pool_size eine Variable, die sehr häufig auf seltsame Werte gesetzt wird. Die Variable bestimmt die Größe eines Puffers für Metadatenstrukturen, ist also ein Cache für das interne InnoDB Data Dictionary. Der Default-Wert ist 1 MB und im normalen Betrieb braucht dieser Puffer niemals größer als 8 MB gesetzt zu werden. Ein Kunde, der Tests mit 40.000 InnoDB-Tabellen vorgenommen hat, hat hier tatsächlich einmal einen Wert von 20 MB benötigt.\nRelevante Konfigurationseinträge in der my.cnf:\ninnodb_additional_mem_pool_size = 4M Gesamtübersicht Eine Gesamtübersicht über alle InnoDB-Statusvariablen und Konfigurationsparameter findet man auf 12.2.4. InnoDB Startup Options and System Variables im Handbuch.\n","date":"2008-02-03T00:00:00Z","href":"https://blog.koehntopp.info/2008/02/03/die-innodb-storage-engine-konfiguration.html","tags":["mysql","lang_de"],"title":"Die InnoDB Storage Engine: Konfiguration"},{"categories":null,"content":"Die Storage Engine InnoDB ist eine Storage Engine, die ACID-konform betrieben werden kann, Transaktionen beherrscht und Foreign Key Constraints prüfen kann. Sie ist geeignet für alle Anwendungen, die Online Transaction Processing machen oder aus anderen Gründen eine hohe Rate von paralellen Schreibzugriffen haben.\nHat mein MySQL InnoDB Support und ist dieser betriebsbereit? Mit dem Kommano SHOW ENGINES kann man sich die von einer Instanz unterstützten Engines anzeigen lassen. Wenn InnoDB enthalten und betriebsbereit ist, wird die Engine mit YES angezeigt. Wenn sie enthalten und nicht betriebsbereit ist, wird DISABLED gezeigt. Wenn sie nicht einmal im Code des Servers enthalten ist, wird NO gezeigt.\nroot on mysql.sock [(none)]\u0026gt; show engines; +------------+---------+----------------------------------------------------------------+ | Engine | Support | Comment | +------------+---------+----------------------------------------------------------------+ | MyISAM | DEFAULT | Default engine as of MySQL 3.23 with great performance | | MEMORY | YES | Hash based, stored in memory, useful for temporary tables | | InnoDB | YES | Supports transactions, row-level locking, and foreign keys | | BerkeleyDB | NO | Supports transactions and page-level locking | | BLACKHOLE | YES | /dev/null storage engine (anything you write to it disappears) | | EXAMPLE | YES | Example storage engine | | ARCHIVE | YES | Archive storage engine | | CSV | YES | CSV storage engine | | ndbcluster | NO | Clustered, fault-tolerant, memory-based tables | | FEDERATED | YES | Federated MySQL storage engine | | MRG_MYISAM | YES | Collection of identical MyISAM tables | | ISAM | NO | Obsolete storage engine | +------------+---------+----------------------------------------------------------------+ 12 rows in set (0.00 sec) Eine minimale Konfiguration für InnoDB Für die folgenden Beispiele ist es notwendig, daß der MySQL-Server mit einem funktionierenden InnoDB ausgestattet ist. Die folgende Minimal-Konfiguration ist nicht für die Produktion geeignet, sollte aber ausreichen um von DISABLED auf YES zu kommen.\nMit SHOW GLOBAL VARIABLES LIKE 'datadir' ist das Datenverzeichnis für diese Instanz von MySQL zu lokalisieren. In diesem Verzeichnis befinden sich unter Umständen ein Datenfile ibdata1 und zwei Logfiles, ib_logfile0 und ib_logfile1. root on mysql.sock [(none)]\u0026gt; show global variables like \u0026#39;datadir\u0026#39;; +---------------+------------------------------+ | Variable_name | Value | +---------------+------------------------------+ | datadir | /export/data/rootforum/data/ | +---------------+------------------------------+ 1 row in set (0.00 sec) root on mysql.sock [(none)]\u0026gt; quit Bye linux:/export/data/rootforum # ls -lh /export/data/rootforum/data/ib\\* -rw-rw---- 1 mysql mysql 5M Jan 9 17:51 /export/data/rootforum/data/ib_logfile0 -rw-rw---- 1 mysql mysql 5M Jan 9 17:51 /export/data/rootforum/data/ib_logfile1 -rw-rw---- 1 mysql mysql 10M Dec 13 14:34 /export/data/rootforum/data/ibdata1 Der Datenbankserver ist zu stoppen. - Die o.a. drei Files sind, wenn vorhanden, zu löschen. WARNUNG! Dies löscht alle evtl. bereits vorhandenen Daten in InnoDB. Diesen Schritt nur dann durchführen, wenn die Engine vorher DISABLED war.\nIn der Sektion [mysqld] der my.cnf ist die Anweisung skip-innodb zu finden, wenn vorhanden, und zu entfernen.\nDie folgenden Konfigurationsanweisungen sind stattdessen einzufügen. Ihre Bedeutung wird weiter unten erläutert.\ninnodb innodb_file_per_table = 1 innodb_flush_log_at_trx_commit = 2 Dies ist ein minimales Setup, das zum Testen geeignet ist, aber keine Performance bringen wird. Später gehen wir auch auf InnoDB Performance Tuning ein.\nDer Server ist zu starten. Er legt die o.a. drei Files neu an, und hinterläßt entsprechende Nachrichten im Log. Die Engine InnoDB wird in SHOW ENGINES jetzt mit YES angezeigt.\nInnoDB Tabellen anlegen Beim Anlegen einer Tabellenspezifikation kann durch das Nachstellen einer ENGINE-Klausel festgelegt werden, mit welcher Storage Engine die Tabelle erzeugt wird. Dies kann innerhalb eines Schemas für jede Tabelle getrennt festgelegt werden, und mit Hilfe von ALTER TABLE auch nachträglich ohne Datenverlust geändert werden.\nroot on mysql.sock [(none)]\u0026gt; create database innodemo; Query OK, 1 row affected (0.32 sec) root on mysql.sock [(none)]\u0026gt; use innodemo; Database changed root on mysql.sock [innodemo]\u0026gt; create table kris ( id integer unsigned not null primary key auto_increment, d varchar(20) not null ) engine = innodb; Query OK, 0 rows affected (0.36 sec) root on mysql.sock [innodemo]\u0026gt; insert into kris ( d ) values ( \u0026#34;eins\u0026#34;), (\u0026#34;zwei\u0026#34;), (\u0026#34;drei\u0026#34;); Query OK, 3 rows affected (0.00 sec) Records: 3 Duplicates: 0 Warnings: 0 root on mysql.sock [innodemo]\u0026gt; select * from kris; +----+------+ | id | d | +----+------+ | 1 | eins | | 2 | zwei | | 3 | drei | +----+------+ 3 rows in set (0.01 sec) Mit Hilfe des Kommando SHOW CREATE TABLE oder mit SHOW TABLE STATUS können wir sehen, welche Storage Engine eine Tabelle verwendet.\nroot on mysql.sock [innodemo]\u0026gt; show create table kris\\G *************************** 1. row *************************** Table: kris Create Table: CREATE TABLE `kris` ( `id` int(10) unsigned NOT NULL auto_increment, `d` varchar(20) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8 1 row in set (0.00 sec) root on mysql.sock [innodemo]\u0026gt; show table status like \u0026#34;kris\u0026#34;\\G *************************** 1. row *************************** Name: kris Engine: InnoDB Version: 10 Row_format: Compact Rows: 3 Avg_row_length: 5461 Data_length: 16384 Max_data_length: 0 Index_length: 0 Data_free: 0 Auto_increment: 4 Create_time: 2008-01-09 18:04:00 Update_time: NULL Check_time: NULL Collation: utf8_general_ci Checksum: NULL Create_options: Comment: InnoDB free: 148480 kB 1 row in set (0.00 sec) In der Ausgabe von SHOW TABLE STATUS sehen wir einige Besonderheiten: Erst einmal ist die angezeigte Average Row Length von InnoDB-Tabellen mit sehr wenigen Datensätzen ungültig. Die Average Row Length unserer Tabelle ist, das wissen wir, ungefähr 4 (integer) + 5 (1 Längenbyte und vier Zeichenbytes) plus ein wenig Verwaltungsoverhead (ca. 10-12 Byte pro Row).\nInnoDB vergibt Speicherplatz jedoch in Seiten zu 16KB, und daher ist die Data_length = 16384 Bytes. Die Average Row Length wird von InnoDB als Statistik nicht gepflegt und an MySQL exportiert und wird daher als Data_length/Rows geschätzt. Für kleine Anzahlen von Zeilen ist dieser Wert falsch.\nAußerdem können wir sehen, daß die Index_length für diese Tabelle 0 ist, obwohl ein Primary Key definiert ist. Das wird uns später noch im Detail beschäftigen. Für das erste genügt es zu wissen, das der Primary Key in InnoDB zu den Daten gerechnet wird und auch sonst magisch ist. Data_free ist, anders als in MyISAM, immer 0.\nExistierende Tabellen im Typ ändern Mit den Kommando ALTER TABLE können wir eine existierende Tabelle von InnoDB nach MyISAM umwandeln oder zurück. Daten gehen dabei nicht verloren. Zum Vergleich hier einmal die Ausgabe von SHOW TABLE STATUS für dieselbe Tabelle, wenn sie als MyISAM-Tabelle existiert. Man kann sehen, daß MyISAM den Primary Key NICHT zu den Daten rechnet und daß MyISAM im Index ebenfalls seitenbasiert arbeitet, nur sind die Seiten viel kleiner: Sie sind nur 1KB groß.\nroot on mysql.sock [innodemo]\u0026gt; alter table kris engine=myisam; Query OK, 3 rows affected (0.00 sec) Records: 3 Duplicates: 0 Warnings: 0 root on mysql.sock [innodemo]\u0026gt; select * from kris; +----+------+ | id | d | +----+------+ | 1 | eins | | 2 | zwei | | 3 | drei | +----+------+ 3 rows in set (0.00 sec) root on mysql.sock [innodemo]\u0026gt; show table status like \u0026#34;kris\u0026#34;\\G *************************** 1. row *************************** Name: kris Engine: MyISAM Version: 10 Row_format: Dynamic Rows: 3 Avg_row_length: 20 Data_length: 60 Max_data_length: 281474976710655 Index_length: 2048 Data_free: 0 Auto_increment: 4 Create_time: 2008-01-09 18:11:57 Update_time: 2008-01-09 18:11:57 Check_time: NULL Collation: utf8_general_ci Checksum: NULL Create_options: Comment: 1 row in set (0.00 sec) Wir können unsere Tabelle auch wieder zurück nach InnoDB wandeln. Wir können sogar eine existierende InnoDB-Tabelle nach InnoDB wandeln. Das macht sogar Sinn - es ist genau das, was OPTIMIZE TABLE in InnoDB macht.\nroot on mysql.sock [innodemo]\u0026gt; alter table kris engine=innodb; Query OK, 3 rows affected (0.01 sec) Records: 3 Duplicates: 0 Warnings: 0 root on mysql.sock [innodemo]\u0026gt; alter table kris engine=innodb; Query OK, 3 rows affected (0.02 sec) Records: 3 Duplicates: 0 Warnings: 0 root on mysql.sock [innodemo]\u0026gt; select * from kris; +----+------+ | id | d | +----+------+ | 1 | eins | | 2 | zwei | | 3 | drei | +----+------+ 3 rows in set (0.00 sec) Ein ALTER TABLE t ENGINE=... erzeugt eine Kopie der Tabelle mit der neuen Engine als temporäre Tabelle. Danach wird die Originaltabelle gelöscht und die temporäre Tabelle als permanente Tabelle installiert. Das hat eine Reihe von Konsequenzen:\nDie Operation kann keine Daten verlieren. Wenn die Operation scheitert oder durch Benutzer abgebrochen wird, wird die temporäre Tabelle gelöscht und die Originaltabelle bleibt unverändert stehen. Vorübergehend wird sehr viel mehr Speicher gebraucht, denn es müssen ja beide Tabellen parallel existieren. Dabei ist zu beachten, daß InnoDB die Daten weniger dicht packt als MyISAM. Eine InnoDB-Tabelle braucht etwa 1.6 bis 2.2 mal so viel Platz wie eine MyISAM-Tabelle. Während des ALTER TABLE sind beide Tabellen gelockt. Wenn das stört, kann man sich mit der Sequenz CREATE TABLE b LIKE a; ALTER TABLE b ENGINE=InnoDB INSERT INTO b SELECT * FROM a; behelfen. Hier ist a dann während des Kopiervorganges nur mit einem Read Lock gesperrt. Außerdem kann man mit einer LIMIT-Clause am Select die Datenmenge begrenzen, etwa um zu experimentieren. Transaktionen InnoDB beherrscht Transaktionen. Das bedeutet, das Anweisungen an InnoDB-Tabellen gesammelt werden und erst durch ein COMMIT gesammelt auf alle Tabellen angewendet werden. Entweder gelingen alle Anweisungen, oder keine von den Anweisungen wird ausgeführt.\nPer Default befindet sich die Datenbank im AUTOCOMMIT Modus. Das bedeutet, nach jeder Anweisung \u0026ldquo;denkt\u0026rdquo; sich der Server automatisch ein COMMIT dazu. Man kann entweder Autocommit abschalten, oder mit der Anweisung BEGIN auch im Autocommit eine längere Transaktion beginnen.\nroot on mysql.sock [innodemo]\u0026gt; begin; Query OK, 0 rows affected (0.00 sec) root on mysql.sock [innodemo]\u0026gt; insert into kris ( d ) values ( \u0026#34;vier\u0026#34; ); Query OK, 1 row affected (0.00 sec) root on mysql.sock [innodemo]\u0026gt; select * from kris; +----+------+ | id | d | +----+------+ | 1 | eins | | 2 | zwei | | 3 | drei | | 4 | vier | +----+------+ 4 rows in set (0.00 sec) root on mysql.sock [innodemo]\u0026gt; rollback; Query OK, 0 rows affected (0.00 sec) root on mysql.sock [innodemo]\u0026gt; select * from kris; +----+------+ | id | d | +----+------+ | 1 | eins | | 2 | zwei | | 3 | drei | +----+------+ 3 rows in set (0.00 sec) Hier wird mit BEGIN eine Transaktion bei aktiviertem Autocommit begonnen, das Autocommit also vorübergehend unterbrochen. Dies ist die empfohlene Vorgehensweise. Eine Zeile wird in die Tabelle eingefügt. Für uns selber ist diese Zeile auch erst einmal sichtbar. Die Transaktion wird jedoch nicht mit COMMIT beendet, sondern mit ROLLBACK rückgängig gemacht. Dadurch ist nach dem Ende der Transaktion die Zeile wieder weg.\nWie InnoDB auf der Platte aussieht linux:/export/data/rootforum/data # ls -lh ib* innodemo -rw-rw---- 1 mysql mysql 5M Jan 9 18:27 ib_logfile0 -rw-rw---- 1 mysql mysql 5M Jan 9 18:28 ib_logfile1 -rw-rw---- 1 mysql mysql 10M Jan 9 18:27 ibdata1 innodemo: total 112K -rw-rw---- 1 mysql mysql 61 Jan 9 18:03 db.opt -rw-rw---- 1 mysql mysql 8.4K Jan 9 18:28 kris.frm -rw-rw---- 1 mysql mysql 96K Jan 9 18:28 kris.ibd Jede InnoDB-Installation hat mindestens ein Datenfile ibdata1 und mindestens zwei Redo-Logiles ib_logfile0 und ib_logfile1. Position, Größe, Anzahl und Namen dieser Dateien können jedoch relativ frei bestimmt werden.\nUnser InnoDB arbeitet mit innodb_file_per_table = 1. Das bedeutet, unsere Daten liegen in einer .ibd-Datei neben der .frm-Datei im Schema-Directory, hier also in $datadir/innodemo/kris.ibd. Die Endung IBD steht Datei für InnoBase-Data. Obwohl die eigentlichen Daten in dieser Datei liegen, braucht InnoDB zwingend ein ibdata-File und mindestens zwei Redo-Logs. Im ibdata-File legt Innobase das Data Dictionary ab, also eine Schattenkopie der Tabellendefinitionen aus dem .frm-Dateien in einer Innobase-internen Codierung und das Undo-Log. Im Redo-Log loggt InnoDb alle datenverändernden Operationen.\nAnders als bei MyISAM ist es NICHT möglich, .ibd-Dateien auf Dateisystemebene zu kopieren, verschieben, umzubenennen oder einer anderen Instanz von MySQL einfach so unterzuschieben. Jede dieser Operationen wird im günstigsten Fall von InnoDB erkannt und zurückgewiesen und zerstört im schlimmsten Fall die Instanz.\nWenn wir unser InnoDB mit innodb_file_per_table = 0 betreiben, liegen auch alle Tabellen in der zentralen ibdata-Datei, und es existieren im Schema-Directory nur .frm-Dateien.\nibdata-Dateien können intern nicht genutzten Platz frei geben und wieder verwenden, aber sie schrumpfen niemals. Wenn man eine Instanz nachträglich von innodb_file_per_table = 0 auf 1 umstellt, werden existierende InnoDB-Tabellen durch ein ALTER TABLE t ENGINE=InnoDB in einem externe .ibd-Datei umkopiert und der Platz in der ibdata-Datei freigegeben, aber die Datei wird niemals schrumpfen. Die einzige Methode, von der alten großen ibdata-Datei weg zu kommen ist ein Dump der Datenbank und ein Neuladen der Daten in eine andere Instanz.\nWieviel Platz in einer ibdata- oder .ibd-Datei frei ist wird im Comment-Feld der Ausgabe von SHOW TABLE STATUS für jede Tabelle angezeigt. Die Angaben sind natürlich immer Vielfache von 16K, der InnoDB Seitengröße.\nEs ist möglich, mehr als eine ibdata-Datei zu haben, aber es ist vollkommen unmöglich zu kontrollieren, welche Tabelle oder welcher Teil einer Tabelle in welcher ibdata-Datei liegt. Bei innodb_file_per_table liegt jede Tabelle immer vollständig in ihrer eigenen .ibd-Datei.\nDas Undo-Log Jede Tabelle hat in InnoDB zwei versteckte Spalten, eine Transaktionsnummer und einen Zeiger auf die vorhergehende Version der Zeile im Undo-Log, den Rollback-Pointer.\nWenn wir eine Zeile in einer InnoDB-Tabelle verändern, wird die alte Version der Zeile mit der alten Transaktionsnummer aus der Originaltabelle ins Undo-Log kopiert und die neue Version mit einer neuen Transaktionsnummer in die .IBD-Datei kopiert. Der Rollback-Pointer der neuen Version der Zeile zeigt dabei auf die alte Version der Zeile im Undo-Log.\nroot on mysql.sock [innodemo]\u0026gt; begin; Query OK, 0 rows affected (0.00 sec) root on mysql.sock [innodemo]\u0026gt; update kris set d = \u0026#34;one\u0026#34; where id = 1; Query OK, 1 row affected (0.01 sec) Rows matched: 1 Changed: 1 Warnings: 0 root on mysql.sock [innodemo]\u0026gt; select * from kris; +----+------+------+ +----+------+------+ | id | d | txn# | | id | d | txn# | +----+------+------+ +----+------+------+ | 1 | one | 2 | ------\u0026gt; | 1 | eins | 1 | | 2 | zwei | 1 | +----+------+------+ | 3 | drei | 1 | +----+------+------+ 3 rows in set (0.00 sec) In dem Beispiel oben habe ich diese verborgenen Zeilen und den Undo-Log Eintrag zur Verdeutlichung manuell von Hand hereingefälscht.\nDiese Verzeigerung von Zeilenversionen kann auch über mehr als eine Version gehen, d.h. ein Eintrag im Undo-Log kann auf eine noch ältere Version einer Zeile zeigen und so weiter. Löscht man das Undo-Log nie, bekommt man für jede Zeile jeder Tabelle eine lineare Liste, die die vollständige Abfolge aller Versionen dieser Zeile darstellt. Irgendwann einmal jedoch wird der Undo-Eintrag, der jetzt ja nicht mehr gebraucht wird, von einer InnoDB-Aufräumkomponente, dem Purge-Thread, gelöscht und der Eintrag im Undo-Log gelöscht, sodaß das Undo-Log in der Realität nicht ins Unendliche wächst.\nDas Kopieren von Versionen von Zeilen aus der Tabelle ins Undo-Log und die Verzeigerung von Zeilenversionen untereinander nennt man MVCC, Multiversion Concurrency Control.\nMVCC ist, so wie InnoDB es implementiert, für das COMMIT optimiert. Wenn man als Anwender ein COMMIT ausführt, ist nichts zu tun: Die Transaktion wird als comitted markiert, die Verzeigerung der Einträge bleibt bestehen und alles ist gut.\nroot on mysql.sock [innodemo]\u0026gt; rollback; Query OK, 0 rows affected (0.01 sec) +----+------+------+ +----+------+------+ | id | d | txn# | | id | d | txn# | +----+------+------+ ROLLBACK +----+------+------+ | 1 | eins | 1 | \u0026lt;------- | | | | | 2 | zwei | 1 | +----+------+------+ | 3 | drei | 1 | +----+------+------+ 3 rows in set (0.00 sec) Wenn man als Anwender ein ROLLBACK ausführt, fällt dagegen Arbeit an: Die Daten aus dem Undo-Log müssen rausgefischt und die Änderung in der Originaltabelle rückgängig gemacht werden.\nDas kann bei vielen Zeilen auch mal länger dauern, da das Undo-Log zeilenweise und nicht seitenweise organisiert ist. Es ist günstig, seine Transaktionen nicht zu groß zu machen: In den meisten Fällen wird eine Transaktionsgröße von 1.000 bis 10.000 Zeilen für das Massenladen von Daten ein guter Kompromiß sein (Zu klein ist auch doof, wie wir noch sehen werden).\nTransaction Isolation Level Read Uncomitted Wenn wir die Transaktion von oben einmal von außen betrachten, also von einer zweiten Verbindung aus, dann kann es sein, daß wir sie beobachten können oder auch nicht. Auf der ersten Verbindung machen wir:\nroot on mysql.sock [innodemo]\u0026gt; begin; Query OK, 0 rows affected (0.00 sec) root on mysql.sock [innodemo]\u0026gt; update kris set d = \u0026#34;one\u0026#34; where id = 1; Query OK, 1 row affected (0.00 sec) Rows matched: 1 Changed: 1 Warnings: 0 und lassen dies nun hängen, ohne die Transaktion mit COMMIT oder ROLLBACK zu beenden. In einem zweiten Fenster öffnen wir eine zweite Verbindung zur Datenbank und schauen einmal, was wir sehen:\nroot on mysql.sock [(none)]\u0026gt; use innodemo; Database changed root on mysql.sock [innodemo]\u0026gt; select * from kris; +----+------+ | id | d | +----+------+ | 1 | eins | | 2 | zwei | | 3 | drei | +----+------+ 3 rows in set (0.00 sec) Wir sehen erst einmal, daß unser Lesezugriff nicht hängt oder wartet, obwohl gerade eine Transaktion im Gange ist. In MVCC können lesende und schreibende Operationen einander niemals blockieren - das ist ein großer Unterschied zu MyISAM und einer der Gründe warum InnoDB bei Szenarien mit hoher Parallelität schneller ist als MyISAM, obwohl es ständig Kopien von den Daten machen muß.\nWir sehen hier den alten Wert der Zeile mit der id = 1. Wir wissen von weiter oben, das in der ibd-Datei schon die neue Version steht. Also muß die Datenbank hier für die Zeile id = 1 für unsere Verbindung dem Rollback-Pointer gefolgt sein und für uns die alte Version der Zeile gefischt haben. Die erste Verbindung dagegen sieht, wie noch weiter oben schon demonstriert, ihre eigenen Änderungen sofort, auch ohne COMMIT.\nWir können auch unsere externe, zweite Verbindung diese uncomitteten Daten sehen lassen. Das geht, indem wir den TRANSACTION ISOLATION LEVEL dieser Verbindung auf READ UNCOMITTED stellen.\nroot on mysql.sock [innodemo]\u0026gt; set transaction isolation level read uncommitted; Query OK, 0 rows affected (0.00 sec) root on mysql.sock [innodemo]\u0026gt; select * from kris; +----+------+ | id | d | +----+------+ | 1 | one | | 2 | zwei | | 3 | drei | +----+------+ 3 rows in set (0.00 sec) Wir merken uns: Eine schreibende Verbindung macht immer dasselbe: Sie kopiert die zu verändernden Daten vor der Änderung ins Undo-Log und verzeigert sie korrekt. Das muß sie tun, damit sie ein Rollback machen kann.\nEine lesende Verbindung kann sich nun aussuchen, welche Version der Daten sie sehen will. Jede einzelne lesende Verbindung kann das unabhängig von allen anderen Verbindungen tun und sich auch umentscheiden, denn es sind ja in jedem Fall alle Versionen der Daten immer da.\nIn READ UNCOMITTED sehen wir immer die Daten aus dem ibd-File und folgen dem Rollback-Pointer nie. Dadurch sehen wir Daten, die noch nicht comitted sind und es auch vielleicht nie sein werden. Wir sehen eine Version der Realität, die noch nicht existiert und es vielleicht nie tun wird. Für eine Anwendung ist das in den meisten Fällen nicht das gewünschte Verhalten.\nTransaction Level Read Comitted Setzen wir dagegen den TRANSACTION ISOLATION LEVEL auf READ COMITTED, dann bekommen wir für alle Zeilen, die nicht von einer Transaktion in Bearbeitung sind, die Daten aus dem .ibd-File und für alle Zeilen, in denen noch nicht comittete Daten stehen folgt die Datenbank dem Rollback-Pointer genau eine Ebene in das Undo-Log und liefert uns die Daten von dort. Dadurch bekommen wir immer Daten zu sehen, die \u0026ldquo;wirklich da sind\u0026rdquo; und sie hypothetischen Versionen der Wirklichkeit von READ UNCOMITTED werden für uns ausgefiltert.\nJedoch besteht immer noch die Möglichkeit, daß wir sehen wir sich Daten verändern, wenn wir sie zweimal lesen.\nGegeben sei etwa eine Anwendung, die mit der Anweisungssequenz begin; update kris set d = d + 1 where id = 2; commit; einen Zähler für die Zeile id = 2 hochzählt. Wenn wir in einer zweiten Verbindung wiederholt die Tabelle mit READ COMMITTED betrachten, bekommen wir veränderliche Werte von kris.d für kris.id = 2 zurück. Das ist auch dann der Fall, wenn unsere zweite Verbindung selbst eine Transaktion durchführt - die Sequenz BEGIN-SELECT-SELECT-COMMIT, eine Read-Only-Transaktion, hat in READ COMMITTED keine besondere Bedeutung.\nroot on mysql.sock [innodemo]\u0026gt; set transaction isolation level read committed; Query OK, 0 rows affected (0.00 sec) root on mysql.sock [innodemo]\u0026gt; begin; Query OK, 0 rows affected (0.00 sec) root on mysql.sock [innodemo]\u0026gt; select * from kris; +----+------+ | id | d | +----+------+ | 1 | eins | | 2 | zwei | | 3 | drei | +----+------+ 3 rows in set (0.01 sec) root on mysql.sock [innodemo]\u0026gt; select * from kris; +----+------+ | id | d | +----+------+ | 1 | eins | | 2 | 1 | | 3 | drei | +----+------+ 3 rows in set (0.00 sec) root on mysql.sock [innodemo]\u0026gt; select * from kris; +----+------+ | id | d | +----+------+ | 1 | eins | | 2 | 2 | | 3 | drei | +----+------+ 3 rows in set (0.00 sec) root on mysql.sock [innodemo]\u0026gt; commit; Query OK, 0 rows affected (0.00 sec) Transaction Isolation Level Repeatable-Read Genau dies ändert sich, wenn wir im Transaction Isolation Level REPEATABLE READ arbeiten: In dem Moment, in dem wir mit BEGIN eine Transaktion starten, sieht diese Verbindung einen Snapshot der Datenbank, der sich nicht mehr verändert, bis die Transaktion beendet wird. In REPEATABLE READ hat also auch eine Read-Only-Transaktion eine Bedeutung.\nIntern wird dies so realisiert, daß beim Lesen einer Zeile nicht nur einen Schritt in die Vergangenheit der Zeile im Undo-Log gegangen wird, sondern den untereinander verbundenen Zeigern im Undo-Log so lange gefolgt wird bis die neuste Zeile gefunden wird, die für diesen Leser noch sichtbar ist. Während also die schreibenden Verbindungen die Daten in der Tabelle immer weiter und weiter ändern, wandern mehr und mehr alte Versionen dieser Zeile ins Undo-Log, wo sie bis auf weiteres archiviert werden.\nWährend bei READ COMITTED also immer nur ein Schritt von der Tabelle ins Undo-Log gemacht wird, kann es bei REPEATABLE READ vorkommen, daß für einen bestimmten Leser viele Schritte im Undo-Log in die Vergangenheit der Zeile gemacht werden müssen. Dadurch ist die Lebensdauer einzelner Einträge im Undo-Log aber nicht mehr einheitlich, sondern es kann sein, daß einmal mehr oder weniger Einträge im Undo-Log aufbewahrt werden müssen. InnoDB hat einen globalen (für SHOW PROCESSLIST nicht sichtbaren) Purge-Thread, der schaut, was die älteste Transaktion im System für eine Transaktionsnummer noch brauchen würde. Der Purge-Thread löscht dann alle Einträge im Undo-Log, die noch älter sind als diese Transaktion.\nDas bedeutet aber anders herum auch, daß eine lange laufende Transaktion den Purge-Thread effektiv still legt. Wenn zum Beispiel ein mysqldump --single-transaction eine große Datenbank exportiert, dann kann es sein, daß diese \u0026ldquo;single transaction\u0026rdquo; viele Minuten oder je nach Datenmenge gar stundenlang stehen bleibt und damit auch der Purge Thread nichts löschen kann.\nFinden in dieser Zeit viele Schreibzugriffe statt, wird das Undo-Log unter Umständen beträchtlich anwachsen. Wie weiter oben erklärt, liegt das Undo-Log immer im ibdata-File, auch dann, wenn innodb_file_per_table aktiviert ist. Das bedeutet, daß das ibdata-File auch bei einem Server, der innodb_file_per_table aktiviert hat, größer werden kann - 256M bis 1G sind unter Umständen vollkommen normal.\nWenn ein ibdata-File zu klein ist und nicht wachsen kann, weil in der innodb_data_file_path ohne autoextend definiert ist oder die Platte voll ist, kann dies unter Umständen zu schwer verständlichen Fehlermeldungen (\u0026ldquo;Table full\u0026rdquo;, obwohl noch mächtig Platz da ist) oder Transaktionsabbrüchen führen.\nTransaction Isolation Level SERIALIZABLE und SELECT \u0026hellip; FOR UPDATE Während REPEATABLE READ also alle unsere Leseprobleme löst, fehlt uns jetzt noch ein Mechanismus, mit dem wir READ-MODIFY-WRITE Zyklen korrekt handhaben können. Ein Read-Modify-Write-Zyklus ist ein Zugriff, bei dem eine Anwendung Daten liest, in der Anwendung verarbeitet und dann die geänderten Daten zurück schreibt.\nDamit dies konsistent geschehen kann, muß sichergestellt sein, daß die Daten im Datenbanksystem nicht mehr geändert werden nachdem die Anwendung sie gelesen hat, ansonsten bekommen wir eine Race-Condition, weil zwei Verbindungen zeitgleich dieselben Daten lesen und sich gegenseitig die Änderungen überschreiben.\nWir erreichen dies durch eine Transaktion, in der die Daten mit einem SELECT ... FOR UPDATE-Statement gelesen werden. Dies ist eine Select-Anweisung, die normal lesend zugreift, aber dabei Locks erzeugt wie ein Update-Statement. In unserem Fall bedeutet dies, daß exclusive Locks auf allen Zeilen erzeugt werden, die vom Select-Statement über den Index zugegriffen wird. Die Locks bleiben bis zum Ende der Transaktion stehen. Das FOR UPDATE bewirkt also durch die Locks, daß zwei Änderungen an denselben Zeilen nacheinander, also serialisiert, erfolgen.\nDabei gilt es ein paar trickreiche Dinge zu beachten:\nZunächst einmal werden die Locks über den Index erzeugt. Wenn wir also einen EXPLAIN-Plan sehen, indem ein \u0026ldquo;using where\u0026rdquo; steht, dann heißt das in der Regel, daß mehr Zeilen über den Index selektiert werden als nachher im Result Set zu sehen sind - es gibt weitere einschränkende Bedingungen, die den über den Index generierten Result Set weiter verkleinern. Für die Locks bedeutet es aber, daß unter Umständen mehr Zeilen gelockt werden als wir möchten oder im Result Set sehen können.\nWir können das demonstrieren, indem wir eine Tabelle mit zwei Spalten a und b erzeugen.\na sei Primary Key und b sei nicht indiziert. Wenn wir jetzt ein SELECT ... FOR UPDATE ausführen, das WHERE a = ... AND b = ... enthält, werden alle in der a-Bedingung gefundenen Zeilen gelockt, auch jene, bei denen die b-Bedingung nicht zutrifft.\n-- -- Tabelle anlegen -- root on mysql.sock [kris]\u0026gt; create table t ( a integer not null, b integer not null ) engine = innodb; Query OK, 0 rows affected (0.16 sec) -- -- Daten generieren -- root on mysql.sock [kris]\u0026gt; insert into t values ( rand() * 100000, rand() * 10); Query OK, 1 row affected (0.01 sec) root on mysql.sock [kris]\u0026gt; insert into t select rand() * 100000, rand() * 10 from t; Query OK, 1 row affected (0.01 sec) Records: 1 Duplicates: 0 Warnings: 0 ... root on mysql.sock [kris]\u0026gt; insert into t select rand() * 100000, rand() * 10 from t; Query OK, 4096 rows affected (0.26 sec) Records: 4096 Duplicates: 0 Warnings: 0 -- Da sind noch Duplikate drin, die das -- Anlegen eines Primary Key verhindern root on mysql.sock [kris]\u0026gt; create table dup as select a from t group by a having count(a) \u0026gt; 1 ; Query OK, 300 rows affected (0.08 sec) Records: 300 Duplicates: 0 Warnings: 0 root on mysql.sock [kris]\u0026gt; delete from t where a in ( select a from dup ); Query OK, 608 rows affected (5.65 sec) root on mysql.sock [kris]\u0026gt; alter table t add primary key (a); Query OK, 7584 rows affected (0.40 sec) Records: 7584 Duplicates: 0 Warnings: 0 root on mysql.sock [kris]\u0026gt; drop table dup; Query OK, 0 rows affected (0.00 sec) -- -- 68 Zeilen über a selektiert -- root on mysql.sock [kris]\u0026gt; select a, b from t where a \u0026gt; 99000; ... | 99490 | 8 | ... 62 rows in set (0.00 sec) -- -- Jetzt die Demo: In einer Transaktion -- ein SELECT ... FOR UPDATE fahren -- root on mysql.sock [kris]\u0026gt; begin; Query OK, 0 rows affected (0.00 sec) root on mysql.sock [kris]\u0026gt; select a, b from t where a \u0026gt; 99000 and b = 10; +-------+----+ | a | b | +-------+----+ | 99839 | 10 | | 99970 | 10 | +-------+----+ 2 rows in set (0.00 sec) In einer anderen Verbindung können wir nun versuchen, etwa das Paar ( 99490, 8 ) zu ändern. Wir sehen: Das Statement hängt wegen eines X-Locks auf der Zeile.\nroot on mysql.sock [kris]\u0026gt; update t set b = 502 where a = 99490; ... hang ... Wenn wir jedoch einen weiteren INDEX (a,b) definieren und seine Benutzung erzwingen, werden nur die beiden Records (99839, 10) und (99970, 10) gelockt und unser paralleles Update auf (99490) geht ohne Warten durch:\nroot on mysql.sock [kris]\u0026gt; begin; Query OK, 0 rows affected (0.00 sec) root on mysql.sock [kris]\u0026gt; select * from t force index (a) where a \u0026gt; 99000 and b = 10; +-------+----+ | a | b | +-------+----+ | 99839 | 10 | | 99970 | 10 | +-------+----+ 2 rows in set (0.00 sec) root on mysql.sock [kris]\u0026gt; explain select * from t force index (a) where a \u0026gt; 99000 and b = 10\\G *************************** 1. row *************************** id: 1 select_type: SIMPLE table: t type: range possible_keys: a key: a key_len: 4 ref: NULL rows: 63 Extra: Using where; Using index 1 row in set (0.00 sec) In der anderen Verbindung:\nroot on mysql.sock [kris]\u0026gt; update t set b = 503 where a = 99490; Query OK, 1 row affected (0.09 sec) Rows matched: 1 Changed: 1 Warnings: 0 Dieses Lockingverhalten hat also weitreichende Auswirkungen: Wir müssen beim Schreiben von SQL unbedingt darauf achten, daß die Querypläne von SELECT ... FOR UPDATE-Statements die korrekten Indizes benutzen. Ein ALL oder INDEX in der Type-Spalte des EXPLAIN würde hier zum Beispiel einen Index-Scan andeuten - da der ganze Index überstrichen wird, bekommen wir so effektiv ein sehr teures, aus Zeilenlocks zusammengesetztes Table-Lock.\nDas andere trickreiche und unerwartete Verhalten ist, daß InnoDB nicht nur Zeilen lockt, sondern auch die Lücke hinter den Zeilen. Dieses Next-Key Locking vereinfacht die Implementierung von REPEATABLE-READ. Dieses Verhalten ist abschaltbar, der Schalter hat den unerwarteten Namen innodb_locks_unsafe_for_binlog - stellt man ihn auf ON, werden von InnoDB einfach Zeilenlocks erzeugt ohne die Lücke hinter der Zeile auch zu sperren.\nAuf dem Transaction Isolation Level SERIALIZABLE verhält sich das System genau wie auf dem Level REPEATABLE-READ, führt aber jedes einzelne SELECT so aus, als sei es als SELECT ... FOR UPDATE geschrieben worden. Das führt dazu, daß jedes SELECT Locks erzeugt als wäre es in UPDATE-Statement, jeder Lesezugriff lockt also wie ein Schreibzugriff. Dies führt effektiv dazu, daß sich selbst Lesezugriffe (die ja Schreiblocks erzeugen) gegenseitig in die Quere kommen, wenn sie zugleich dieselben Daten lesen wollen. Dies ist noch schlechteres Verhalten als in MyISAM!\nDer Transaction Isolation Level SERIALIZABLE ist unnötig: Er wird nie gebraucht, wenn der SQL-Code in der Anwendung korrekt mit ... FOR UPDATE lockt. Nur Anwendungen, die dies nicht korrekt tun und bei denen außerdem das SQL nicht korrigierbar ist, brauchen den Isolation Level SERIALIZABLE.\n","date":"2008-01-30T00:00:00Z","href":"https://blog.koehntopp.info/2008/01/30/die-innodb-storage-engine.html","tags":["mysql","lang_de"],"title":"Die InnoDB Storage Engine"},{"categories":null,"content":"Aus irgendeinem Grund werden die Firmen verkauft, für die ich arbeite, kaum 2 Jahre nachdem ich da angefangen habe. Das war bei web.de so und jetzt passiert es gerade wieder: Sun hat meinen Arbeitgeber für eine runde Milliarde Dollar gekauft .\nWas ich davon halten soll, weiß ich noch nicht - das wird sich erst ein den kommenden neun Monaten zeigen. Die nächsten 3 Monate werden meiner Erwartung nach die Anwälte erst einmal die letzten Details auskämpfen, und dann schaue ich mir den Laden mal an. Im September oder so erzähle ich Euch dann mal, wie das so ist.\n","date":"2008-01-16T00:00:00Z","href":"https://blog.koehntopp.info/2008/01/16/sunw-aeh-java.html","tags":["mysql","sun","lang_de"],"title":"SUNW, äh, JAVA"},{"categories":null,"content":"Die Welt thematisiert das schon seit längerem gewandelte Profil des Chaos Computer Clubs jetzt auch im Mainstream. Denn der Berliner CCC ist im Gegensatz zum alten Hamburger CCC viel extrovertierter politisch:\nDie Bewegung bestand einst aus Spontis und Untergrundkämpfern, die aus Freude an der Sache digitale Netze knackten. Nun aber ist sie politisch geworden. An den Wänden und auf den Rucksäcken kleben Schilder mit dem Gesicht von Innenminister Schäuble und der Aufschrift „Stasi 2.0“. Ein lebensgroßes Holzpferd in Schwarz-Rot-Gold soll den „Bundestrojaner“ symbolisieren – jenen Virus, den die Behörden bald auf private PCs schicken wollen, um sie online zu durchsuchen.\nHacker, so resümiert die Welt, sind heute nicht mehr Techniker, die nachts in fremde Computer einbrechen, sondern Bürgerrechtler. Und vermutet dann: \u0026ldquo;Vielleicht ist das der Grund, weshalb sie seit zwei Jahren so viel Zulauf haben.\u0026rdquo; und schließt:\nHeute übernehmen Hacker ganz bewusst zivilgesellschaftliche Verantwortung. Der CCC zeigte öffentlich, dass Handys nicht sicher sind, dass Kredit- und EC-Karten ausgespäht werden können, dass Wahlcomputer manipulierbar sind.\n","date":"2008-01-07T00:00:00Z","href":"https://blog.koehntopp.info/2008/01/07/warum-hacker-sich-als-b-rgerrechtler-verstehen.html","tags":["ccc","hack","politik","lang_de"],"title":"Warum Hacker sich als Bürgerrechtler verstehen"},{"categories":null,"content":"Bad COPP No Netflix :\nEin Benutzer kauft sich einen HD Monitor (Syncmaster TM 226BW von Samsung an einer ATI Radeon HD 2600 XT Karte) und schließt diesen an sein Windows Vista an.\nAls er dann Streaming Video von Netflix schauen möchte, mault ihn sein Vista mit einer Meldung an, daß ein DRM-Tool alle Lizenzen von seinem Rechner löschen möchte, auch die von anderen Firmen als Netflix und Microsoft. Er gibt die Auskunft des Supports wieder:\nWhen I called them they confirmed my worst fears. In order to access the Watch Now service, I had to give Microsoft\u0026rsquo;s DRM sniffing program access to all of the files on my hard drive. If the software found any non-Netflix video files, it would revoke my rights to the content and invalidate the DRM. This means that I would lose all the movies that I\u0026rsquo;ve purchased from Amazon\u0026rsquo;s Unbox, just to troubleshoot the issue…. When you do a DRM reset, it\u0026rsquo;s not your pirated files that get revoked, it\u0026rsquo;s the ones that you already paid for that are at risk. I\u0026rsquo;m not allowed to watch low res Netflix files, even though I have the capability to download high def torrents? How does this even make sense? It\u0026rsquo;s as if the studios want their digital strategies to fail.\n","date":"2008-01-04T00:00:00Z","href":"https://blog.koehntopp.info/2008/01/04/drm-krieg-auf-anwender-rechnern.html","tags":["copyright","film","media","lang_de"],"title":"DRM Krieg auf Anwender-Rechnern"},{"categories":null,"content":"Der Fotodienst Flickr wurde vor 5 Jahren in Betrieb genommen. Am 29. Dezember wurde das Foto 2147483647 auf Flickr hochgeladen. Diese Zahl ist 2 hoch 31 minus 1, also MAXINT für einen 32 Bit Signed Integer. Dies hat zu einem Integer Overflow in einer Bibliothek geführt, die Signed Integer als ID für Flickr-Bilder verwendet hat.\nHier sind ein paar simple Abfragen von INFORMATION_SCHEMA, mit denen man offensichtliche Designdummheiten bei Datenbankschemata finden kann:\nmysql\u0026gt; select table_schema, table_name, column_name, column_type from information_schema.columns where table_schema not in (\u0026#34;information_schema\u0026#34;, \u0026#34;mysql\u0026#34;) and column_name like \u0026#34;%id%\u0026#34; -- and column_type not like \u0026#34;%unsigned%\u0026#34;; +--------------+------------+-------------+---------------------+ | table_schema | table_name | column_name | column_type | +--------------+------------+-------------+---------------------+ | rootforum | counter | id | bigint(20) unsigned | | rootforum | s | id | bigint(20) unsigned | | rootforum | t | id | bigint(20) unsigned | | rootforum | telefon | id | bigint(20) unsigned | +--------------+------------+-------------+---------------------+ 4 rows in set (0.01 sec) Diese Query durchsucht INFORMATION_SCHEMA.COLUMNS nach allen Spalten, die ein id im Namen haben, aber, wenn man den auskommentierten Teil aktiviert, nicht als UNSIGNED definiert sind. Das ist schon mal ein recht offensichtlicher Fehler, den man sich von vorneherein schenken kann. Für die meisten Menschen - im Grunde jeder außer Flickr - sollte ein INTEGER UNSIGNED als PRIMARY KEY ausreichen. Ein BIGINT UNSIGNED ist doppelt so groß, und speichert 2^32 mal mehr Daten. Kann man benutzen, muss man aber nicht dringend tun und hat so ein wenig was von Größenwahn.\nDieselbe Regel kann man auch auf Spalten anwenden, die etwa ein price oder %age% im Namen haben (oder die mit INET_ATON() in INTEGER UNSIGNED umgewandelte IP V4 Nummern abspeichern sollen).\nWenig bekannt: Auch eine SERVER_ID ist in MySQL ein INTEGER UNSIGNED. Sollte man bedenken, wenn man Werkzeuge zur Administration von MySQL-Servern entwickelt.\n","date":"2008-01-04T00:00:00Z","href":"https://blog.koehntopp.info/2008/01/04/mysql-integer-overflow.html","tags":["database","mysql","lang_de"],"title":"MySQL: Integer Overflow"},{"categories":null,"content":"Zum Thema Vertrauensvorschuß nun auch eine passende Meldung aus Deutschland beim Lawblog :\nDie Affäre um Angehörige der Gewerkschaft der Polizei (GdP), die sich von Polizei-Anwärtern private Adressen und persönliche Daten beschafft haben sollen, um damit Versicherungspolicen zu verkaufen, weitet sich aus.\nSehr schön. Zentrale Datenspeicher, Mißbrauch bei der Polizei selbst und die Gewerkschaften selbst noch mitten drin.\nGesundheitskarte, Vorratsdatenspeicherung, Online-Durchsuchung\u0026hellip; Wir bauen gerade einen großen Haufen solcher sinnloser, zentral abfragbarer Datenspeicher. Man kann davon ausgehen, daß dies hier sowohl nur der Anfang als auch die Spitze des Eisberges ist. Zu viele Menschen mit zu vielen Zugriffsrechten auf mein Zeugs.\n","date":"2007-12-14T00:00:00Z","href":"https://blog.koehntopp.info/2007/12/14/wir-sind-die-guten.html","tags":["politik","security","terror","lang_de"],"title":"Wir sind die Guten!"},{"categories":null,"content":"Bug #31876 : Neulich war ich bei einem Kunden, der ein kleines Testscript hatte, das im wesentlichen 500 Mal hintereinander eine Row in eine InnoDB-Tabelle eingefügt hat, und dann ein Commit gesendet hat. Das Script war unter Linux unmöglich schnell, und unter Windows unmöglich langsam - insbesondere war es unter Windows viermal langsamer als dasselbe Script unter DB/2 und MS SQL Server. Das ist natürlich verdächtig und nicht akzeptabel.\nWas macht man, wenn man ein Performance-Problem hat? Richtig, man misst nach. Hier wollten wir erst einmal sehen, was MySQL denn so mit dem Betriebssystem macht, wenn es committed. Dazu brauchen wir so etwas wie einen Systemcall-Monitor für Windows. Das gibt es zum Glück, und zwar bei der von Microsoft aufgekauften Firma Sysinternals von Mark Russinovich. Wir messen also mit FileMon und ProcMon, was genau MySQL da tut.\nMit innodb_flush_log_on_trx_commit = 1 sehen wir dann im FileMon die folgende Ausgabe:\n94 14:43:22 mysqld-nt.exe:2736 WRITE C:\\Programme\\MySQL\\MySQL Server 5.0\\data\\ib_logfile0 SUCCESS Offset: 2258432 Length: 1024 95 14:43:22 mysqld-nt.exe:2736 FLUSH C:\\Programme\\MySQL\\MySQL Server 5.0\\data\\ib_logfile0 SUCCESS 96 14:43:22 mysqld-nt.exe:2736 WRITE C:\\Programme\\MySQL\\MySQL Server 5.0\\data\\ib_logfile0 SUCCESS Offset: 2258944 Length: 512 97 14:43:22 mysqld-nt.exe:2736 FLUSH C:\\Programme\\MySQL\\MySQL Server 5.0\\data\\ib_logfile0 SUCCESS Mit anderen Worten: Für jede Transaktion ruft MySQL einmal WriteFile() und einmal FlushFileBuffers() auf.\nKonfiguriert man auf innodb_flush_log_on_trx_commit = 2 um, bekommt man\n101 14:35:55 mysqld-nt.exe:548 WRITE C:\\Programme\\MySQL\\MySQL Server 5.0\\data\\ib_logfile0 SUCCESS Offset: 1638912 Length: 1024 102 14:35:55 mysqld-nt.exe:548 WRITE C:\\Programme\\MySQL\\MySQL Server 5.0\\data\\ib_logfile0 SUCCESS Offset: 1639424 Length: 512 Das heißt, die WriteFile()-Aufrufe finden weiter statt, die FlushFileBuffer()-Aufrufe entfallen aber.\nIn InnoDB ist das nicht ACID, weil die WriteFile()-Aufrufe die Daten nur vom MySQL-Prozess in den Windows Filesystem Buffer Cache kopieren, aber nicht von dort auf die Platte, und das kann man am Blinken der HDD-LED auch sehen.\nSpielt man dasselbe Spiel mit einem DB/2 auf Windows, sieht man\n408 15:05:10 db2syscs.exe:2020 WRITE D:\\Daten\\Filis\\DB2log\\S0007531.LOG SUCCESS Offset: 970752 Length: 4096 409 15:05:10 db2syscs.exe:2020 WRITE D:\\Daten\\Filis\\DB2log\\S0007531.LOG SUCCESS Offset: 970752 Length: 4096 DB/2 macht also auch nur WriteFile()-Aufrufe, und behauptet, das sei ACID! Mehr noch, am Blinken der Platten-LED kann man sehen, daß das auch wahrscheinlich der Fall ist.\nWas ist also anders? Sieht man sich die Sache mit ProcMon an, kann man sehen wie die Dateien in Windows mit dem Aufruf CreateFile und dwCreateDisposition = OPEN_EXISTING geöffnet werden. Dabei gibt man dem Aufruf außerdem noch einen Haufen dwFlagsAndAttributes mit. Uns sollen hier in erster Linie die Flags interessieren.\nNormalerweise öffnet MySQL seine InnoDB-Daten- und Logfiles so:\nSequence: 12795 Date \u0026amp; Time: 25.10.2007 11:01:33 Event Class: File System Operation: CreateFile Result: NAME COLLISION Path: C:\\Programme\\MySQL\\MySQL Server 5.0\\data\\ib_logfile0 TID: 2688 Duration: 0.0000131 Desired Access: Generic Read/Write Disposition: Create Options: No Buffering, Synchronous IO Non-Alert, Non-Directory File Attributes: n/a ShareMode: Read AllocationSize: 0 Das heißt, wie man in der Zeile Options sehen kann, FILE_FLAG_NO_BUFFERING ist angegeben. Das ist schon mal gut, aber wie man sehen kann, sind immer noch FlushFileBuffer()-Aufrufe notwendig. DB/2 und MS SQL Server dagegen machen das so, daß außerdem noch FILE_FLAG_WRITE_THROUGH angegeben wird (und ggf. auch noch FILE_FLAG_RANDOM_ACCESS), berichtet uns ProcMon hier.\nDas bedeutet: Brächte man InnoDB dazu seine Daten- und Logfiles mit diesen Flags zu öffnen, wären die FushFileBuffers()-Aufrufe nicht mehr notwendig (und mit innodb_flush_log_on_trx_commit = 2 wären sie auch weg). Also patched man\n===== innobase/os/os0file.c 1.121 vs edited ===== --- 1.121/innobase/os/os0file.c 2007-08-15 18:54:19 -04:00 +++ edited/innobase/os/os0file.c 2007-10-25 17:34:01 -04:00 @@ -1218,9 +1218,13 @@ try_again: /* Do not use unbuffered i/o to log files because value 2 denotes that we do not flush the log at every commit, but only once per second */ + attributes |= (FILE_FLAG_WRITE_THROUGH + | FILE_FLAG_RANDOM_ACCESS); } else if (srv_win_file_flush_method == SRV_WIN_IO_UNBUFFERED) { - attributes = attributes | FILE_FLAG_NO_BUFFERING; + attributes |= (FILE_FLAG_NO_BUFFERING + | FILE_FLAG_WRITE_THROUGH + | FILE_FLAG_RANDOM_ACCESS); } #endif } else if (purpose == OS_FILE_NORMAL) { @@ -1232,7 +1236,9 @@ try_again: commit, but only once per second */ } else if (srv_win_file_flush_method == SRV_WIN_IO_UNBUFFERED) { - attributes = attributes | FILE_FLAG_NO_BUFFERING; + attributes |= (FILE_FLAG_NO_BUFFERING + | FILE_FLAG_WRITE_THROUGH + | FILE_FLAG_RANDOM_ACCESS); } #endif } else { Wenn ich mich nicht sehr täusche ist innodb_flush_log_on_trx_commit = 2 jetzt ACID und sehr viel schneller als die Write/Flush-Sequenz - sechs bis siebenmal schneller. Das Blinken meiner Platten-LED sieht auch plausibel aus.\nDasselbe Verhalten beobachten wir nun auch mit dem Binlog: log-bin= ... sorgt für WriteFile()-Aufrufe ins Binlog, und mit sync_binlog = 1 kriegen wir nach jedem Write ein langsames Flush. Besser wäre es, das CreateFile() für das Binlog zu finden und dort ebenfalls FILE_FLAG_WRITE_THROUGH zu machen. Damit wäre schon ein normales Binlog-Schreiben \u0026ldquo;sync\u0026rdquo; und schneller als die Write/Flush-Paare von sync_binlog = 1.\nVersucht man denselben Benchmark mit Linux, kriege ich auf meinen Testsystemen übrigens vollkommene Unsinns-Zeiten raus. Das liegt daran, weil\nlinux:~ # hdparm -I /dev/sda ... Enabled Supported: * SMART feature set Security Mode feature set * Power Management feature set * Write cache * Look-ahead ... Der Write-Cache ist also bei dieser Platte enabled. Für so einen ACID-Commit ist das eher nicht so gut.\nMit\nlinux:~ # hdparm -W0 /dev/sda /dev/sda: setting drive write-caching to 0 (off) ist Linux dann nicht nur genau so ACID wie Windows, sondern auch vergleichbar langsam. Und man bekommt auch bei einem innodb_flush_method = fdatasync / O_DIRECT plötzlich plausible Benchmark-Ergebnisse zurück. Das nur mal an die Adresse derjenigen, die glauben, daß O_DIRECT nichts bringt (bis letzte Woche auch ich).\n","date":"2007-10-31T00:00:00Z","href":"https://blog.koehntopp.info/2007/10/31/bug-31876-mysql-commit-in-windows.html","tags":["database","mysql","lang_de"],"title":"Bug #31876: MySQL Commit in Windows"},{"categories":null,"content":"Bundestrojaner vor dem Verfassungsgericht (via Netzpoltik.org )\n","date":"2007-10-11T00:00:00Z","href":"https://blog.koehntopp.info/2007/10/11/bundestrojaner-in-den-tagesthemen.html","tags":["politik","security","terror","lang_de"],"title":"Bundestrojaner in den Tagesthemen"},{"categories":null,"content":"Hier wieder eines meiner berüchtigten Irc-Logs. Ich geh dann mal wieder ins Bett.\nSiMOON\u0026gt; Weiß einer von Euch, wie viele Dateien ich sinnvollerweise in einem Verzeichnis haben sollte, maximal, ohne daß es langsam wird?\ne-voc\u0026gt; 255 :) Oder ist das heute nicht mehr so?\nIsotopp\u0026gt; e-voc: Das ist sehr vom Dateisystem abhängig, und im Fall von ext2/ext3 auch davon, ob du Debian verwendest. Wenn du ein Dateisystem verwendest, das Verzeichnisse als Baumstrukturen verwaltet, dann spielt die Anzahl der Dateien in einem Verzeichnis kaum noch eine Rolle. Das ist bei XFS und Reiserfs immer der Fall, und bei ext2/ext3 ist es der Fall, wenn das Dateisystem mit dem Feature dir_index angelegt worden ist.\nIsotopp\u0026gt; e-voc: Das Feature dir_index wir von zeitgemäßen Distributionen automatisch als Flag gesetzt, wenn man mke2fs verwendet.\ne-voc\u0026gt; \u0026#x1f604;\nIsotopp\u0026gt; e-voc: Ich kenne jedoch einen Haufen Debian-Installationen, die mke2fs ohne automatisches dir_index verwenden.\nlinux:~ # tune2fs -l /dev/sda5| grep \u0026#34;Filesystem feature\u0026#34; Filesystem features: filetype sparse_super Isotopp\u0026gt; Hier fehlt dir_index.\ne-voc\u0026gt; Meine 255 waren aber nicht ganz ernst gemeint ;) Aber interessant das zu wissen.\nIsotopp\u0026gt; e-voc: Sollten sie nicht. Wenn ein Directory größer als 12 Blöcke wird (Default-Blocksize ist derzeit 4 KB), dann wird ext2/ext3 sehr langsam in lookup und in creation/deletion.\nSiMOON\u0026gt; Isotopp: ext3 auf Debian.\nIsotopp\u0026gt; Man kann dir_index auf einem existierenden ext2/ext3 nachrüsten, wenn es fehlt. Dazu muss man mit tune2fs wie oben gezeigt prüfen, ob es gesetzt ist.\nSiMOON\u0026gt; mal sehen\nIsotopp\u0026gt; Wenn nein, umount, tune2fs -O dir_index /dev/...; e2fsck -D /dev/... Details dazu in der Manpage zu tune2fs, Abschnitt über die Option -O (Groß-O).\nSiMOON\u0026gt; Isotopp: Filesystem features: has_journal resize_inode dir_index filetype needs_recovery sparse_super large_file\nIsotopp\u0026gt; SiMOON: Gut. Dann ist dir_index gesetzt. Damit spielt Verzeichnisgröße eine untergeordnete Rolle.\nSiMOON\u0026gt; Isotopp: Hier sieht es anders aus, oder? Filesystem features: has_journal filetype needs_recovery sparse_super large_file\nIsotopp\u0026gt; SiMOON: Ja, das muss behandelt werden.\nSiMOON\u0026gt; Da fehlt der dir_index, wenn ich das richtig sehe.\nIsotopp\u0026gt; ext3 hat speziell bei Datenbanken noch einen anderen Nachteil. Unsere Benchmarking-Leute haben festgestellt, daß ext3 sein Log sehr unregelmäßig flushed, und wenn der Log-Flush unregelmäßig ist, dann heißt das, daß die Laufzeiten bestimmter Queries sehr stark variieren.\nthegap\u0026gt; Also ist ext3 nicht unbedingt die beste Wahl für Datenbank-Server?\nIsotopp\u0026gt; ext3 performt offenbar besonders unregelmäßig und schlecht, wenn sehr viele gleichzeitige Zugriffe stattfinden. In einem Single-Thread Benchmark ist es fast immer schneller als etwa xfs, aber wenn man 10-50 Clients parallel schreiben und lesen lässt, dann gewinnt xfs hands down:\nIsotopp\u0026gt; 1. gleichmäßigere flush zeiten\nIsotopp\u0026gt; 2. wesentlich bessere Vermeidung von Fragmentierung bei XFS bei konkurrenten Zugriffen.\nhartmut\u0026gt; Isotopp: die Cluster-Jungs hatten auch Ärger mit ext3 log flush.\nIsotopp\u0026gt; hartmut: Ja, die auch. Die hassen ext3 aus tiefstem Herzen. Und die Jungs, die von uns bei $KUNDE waren auch.\nhartmut\u0026gt; Isotopp: Na ja, Stewart ist da aber auch schon vorbelastet ;)\nIsotopp\u0026gt; Aber er hat Benchmarks, die Sachen beweisen. Also genaugenommen hatten die Cluster und $KUNDE-Leute Benchmarks und Steward konnte demonstrieren, daß XFS die Probleme schlicht nicht hat.\nIsotopp\u0026gt; ext3 baut Blockmarmelade, wenn man mehrere Files im selben Verzeichnis gleichzeitig verlängert, also etwa ein Haufen .ibd oder .MYD-Dateien parallel wächst. XFS vermeidet das recht zuverlässig.\nSiMOON\u0026gt; Isotopp: wenn ich die / tunen will, muss ich demnach den rechner runterfahren und mit cd booten und dann das ausführen, oder?\nIsotopp\u0026gt; SiMOON: das ist korrekt.\nSiMOON\u0026gt; Isotopp: In meinem Fall handelt es sich um einen NFS-Server. Also keine Datenbank.\nIsotopp\u0026gt; SiMOON: Dann ist wahrscheinlich die Zahl der gleichzeitigen Schreibzugriffe geringer als bei einem Datenbankserver, aber eventuell hast du große Verzeichnisse.\nSiMOON\u0026gt; Isotopp: Ja, ich hab Verzeichnisse mit 150k Dateien.\nIsotopp\u0026gt; SiMOON: Äh. Dann ist das dringend.\nSiMOON\u0026gt; Ja. Ich weiß.\nSiMOON\u0026gt; Isotopp: Alternativ kann ich die Daten so legen, daß es mehr Verzeichnisse sind, von denen jedes 5 Files enthält, wäre das besser?\nIsotopp\u0026gt; Nicht wirklich. Die individuellen Verzeichnis-Lookups gehen viel schneller, dafür muss namei() dann halt durch mehr Verzeichnisse. Es ist schneller, merkbar schneller sogar, aber es verlagert das Problem quasi nur und dir_index sollte kein Problem machen. Auch nachträglich.\nSiMOON\u0026gt; Isotopp: Im laufenden Betrieb ist das vermutlich nicht möglich?\nIsotopp\u0026gt; Nein, wie gesagt umount, tune2fs, e2fsck -D. Anleitung in der Manpage von tune2fs,sektion -O (Groß-O).\nSiMOON\u0026gt; Ja, ich schau gerade. Klingt nach Spätschicht :)\nIsotopp\u0026gt; Man muss sich mal vor Augen halten, daß ext2 am Ende auf dem Stand der Technik von 1984 beruht, XFS immerhin auf Veröffentlichungen aus dem Jahre 1994. ext3 sind etwa 8000 Zeilen Kernel-Code, XFS etwas mehr als 50.000, glaube ich. Bei gleicher Anzahl von Fehlern pro 1000 loc hat XFS weitaus mehr Fehler als ext3, aber an Stellen, an denen ext3 nicht mal Features hat.\nSiMOON\u0026gt; Isotopp: Würde es Sinn machen, den Fileserver auf XFS umzustellen?\nIsotopp\u0026gt; Wie viel Datenvolumen? 150.000 files/dir ist schon fett.\nSiMOON\u0026gt; Isotopp: Das sind nur die User-Avatare. Insgesamt ist es deutlich mehr.\nIsotopp\u0026gt; Wie viel GB?\nSiMOON\u0026gt; ca 60 GB\nIsotopp\u0026gt; Hast du viele gleichzeitige Schreibzugriffe, womöglich im selben Verzeichnis? Hast du viele gleichzeitige Grow-operationen (Writes am Ende einer Datei) oder gleichzeitige Create-Operationen (Datei wird angelegt)? Das sind die stellen, an denen XFS die größten Vorteile hat.\nSiMOON\u0026gt; Na ja, gleichzeitige Schreiboperationen sind eher wenige. Grows so gut wie gar nicht. Weil ein File wird geschrieben und danach entweder gelöscht oder neu geschrieben. Wird halt viel gelesen. Ist halt der Server vom statischen Content, der über NFS gefüttert wird. Wenig schreiben, viele Daten, viel Lesen durch Lighty.\nIsotopp\u0026gt; Dann ist XFS vielleicht nicht zwingend, hätte aber vermutlich dennoch Vorteile. Du müsstest sowieso erst Testen und Dich mit der Technik vertraut machen.\nSiMOON\u0026gt; Dann tune ich lieber erstmal das ext3.\nIsotopp\u0026gt; Mehr zu XFS findest du auf http://oss.sgi.com/projects/xfs/ , speziell http://oss.sgi.com/projects/xfs/publications.html und http://oss.sgi.com/projects/xfs/training/index.html .\nSiMOON\u0026gt; Komisch daß der Live-Server das nicht anhat. Alle anderen haben es.\nIsotopp\u0026gt; Debian?\nSiMOON\u0026gt; Jep.\nIsotopp\u0026gt; Debian ist sehr langsam darin, wichtige neue Features zu übernehmen. dir_index haben die wohl erst sehr, sehr spät per default enabled.\nSiMOON\u0026gt; Kann sein, der Server ist etwas älter. Die, die ich neu gemacht habe, haben es alle eingeschaltet.\nIsotopp\u0026gt; Ich habe so einige gut gepflegte Vorurteile gegen Debian als Produktionsdistribution, unter anderem wegen solcher Sachen. Aber das ist ein anderer Rant, den ich ein anderes mal schreibe. Jedenfalls, wenn du ein Debian haben willst, das funktioniert und skaliert, nimm ein Ubuntu. Danke sehr.\n","date":"2007-10-10T00:00:00Z","href":"https://blog.koehntopp.info/2007/10/10/welches-dateisystem-fuer-meinen-datenbankserver.html","tags":["database","mysql","lang_de"],"title":"Welches Dateisystem für meinen Datenbank-Server"},{"categories":null,"content":"The Atrocity Archives , Charles Stross\nZu Charles Stross schrieb ich im IRC:\nIsotopp\u0026gt; Msch, Lies mal Charles Stross, The Atrocity Archives. Das ist ein wenig so, wie man sich Shadowrun vorstellt, wenn es im Stil von Fefe\u0026rsquo;s Blog geschrieben wird.\nIsotopp\u0026gt; In Charles Stross \u0026ldquo;Bob Howard\u0026rdquo; Universum sind Mathematik und Dämonologie dasselbe und man öffnet Dimensionstore, wenn man die falschen Beweise führt.\nErdferkel\u0026gt; Oh!\nIsotopp\u0026gt; Und ein britischer Geheimdienst, genannt \u0026ldquo;The Laundry\u0026rdquo; ist a la \u0026ldquo;Men in Black\u0026rdquo; dabei, unsere Realität zu schützen vor Leuten, die das Turing-Lovecraft-Theorem neu entdecken. Der Held war auch so einer, der aus Versehen um ein Haar Nyarlathotep bewiesen hätte.\nErdferkel\u0026gt; Gekauft.\nIsotopp\u0026gt; Und wurde dann rekrutiert. Naja, und jetzt muß er die langbeinige, rothaarige Mathematikerin vor den bösen Taliban-Magiern retten. Und ihren Shoggoten.\nErdferkel\u0026gt; Der Isotopp, der ist ein ganz fieser Erdferkelmanipulator.\nIsotopp\u0026gt; Was denn jetzt wieder? :) Das galt alles Msch, der hatte doch damals \u0026ldquo;Delta Green\u0026rdquo; angeschleppt und meinte, \u0026ldquo;Cthulhu\u0026rdquo; funktioniere nur bis 1920. Stross zeigt, daß das nicht so ist. Oder doch, modern kommt nur was anderes dabei raus. Und das ist nicht zwingend uncool.\nBombshell_de\u0026gt; Ich musste eigentlich auch an Dominik denken als ich diese Zusammenfassung las. ;)\nIsotopp\u0026gt; Bombshell_de: Ich hab meine Erklärung angepaßt, als ich sein Interesse bemerkte. :)\nIsotopp\u0026gt; Erdferkel: Wenn der Held zum Beispiel davon berichtet, wie er als Teil einer Strafversetzung Sammelkartenspiele auf ihre dämonologische Verträglichkeit testen muß.\nErdferkel\u0026gt; Genug, ich hol mir das ja, jede weitere Werbung ist Folter.\nMSch\u0026gt; Cthulhu modern kann schon funktionieren, nur halt nicht, wenn man Kurbeltelephone durch Tastentelephone und Tin Lizzies durch Golfs ersetzt, wie es Chaosium und Pegasus gemacht haben.\nIsotopp\u0026gt; MSch: Nein, da hast du Recht. Aber Stross hat es verferkuliert. Und das Buch ist voller Geekkultur-Referenzen. Also nicht Popkultur sondern CCC/Hackerkultur. Stross weiß, was was LVM oder eine NetApp ist und so Sachen. Aber das läßt er einen nur nebenbei spüren.\nBombshell_de\u0026gt; MSch: Spielst du auf Cthulhu Now an?\nMSch\u0026gt; Delta Green hat da halt den Verschwörungstrick. Und man ist nicht irgend ein Bauer, dem zufälligerweise ein komischer Meteorit ins Feld fällt, sondern \u0026ldquo;kaputte\u0026rdquo; Agenten.\nBombshell_de\u0026gt; Hm, entgeht mir in dem Buch etwas wenn ich keine Ahnung von \u0026ldquo;Linux LVM, NetApp\u0026rdquo; habe?\nIsotopp\u0026gt; Nö. \u0026ldquo;Ich glaube nicht, daß uns dieses Ding so schnell noch einmal einen Besuch abstattet.\u0026rdquo; sagt der Held zum Love Interest. Ich habe es mit seinem Eigenvektor bekannt gemacht.\u0026quot; und bürstet sich den Staub vom Palmtop.\nCharles Stross ist ein Autor, der sich relativ genau überlegt hat, daß SciFi sowieso nie Mainstream wird. Und der dann aufgegeben hat, für ein nicht-geekiges Publikum zu schreiben, damit er sich besser an die Kultur seiner Stammleserschaft anpassen kann.\n","date":"2007-10-08T00:00:00Z","href":"https://blog.koehntopp.info/2007/10/08/charles-stross-the-atrocity-archives-deutsch-d-monentor.html","tags":["book","review","media","stross","cthulhu","lang_de"],"title":"Fertig gelesen: The Atrocity Archives"},{"categories":null,"content":"Ich hatte als amtierender Securityfuzzi einmal die Aufgabe, die benötigte Verschlüsselungskapazität eines großen Webdienstleisters für eine Konsolidierungsmaßnahme auszurechnen.\nDas gesamte Rechenzentrum dieses Ladens hatte damals eine Leistungsaufnahme von ca. 2 Megawatt (2 Millionen Watt), das sind etwa 2500 PS (zwei dicke Schiffsdiesel als Notstromaggregate) und hatte damals knapp 100 Megabyte pro Sekunde an Traffic raus gepustet. Davon waren etwa 80 % verschlüsselt, denn dort hat man Verschlüsselung eingeschaltet, wenn immer ein Passwort oder andere benutzerspezifische Daten übertragen werden und bleibt dann im SSL-Modus, um die Session zu schützen.\nDurch Messungen und Tests sowie ein wenig äußerst konservative Berechnungsmagie sind wir damals bei einer Kapazität von etwa 20 IBM Bladecenter-Blades (jede damals mit 2 Cores @ 3Ghz) angekommen. Rundet man dies auf, landet man bei 28 Blades, oder genau 2 Enclosures mit je 14 Blades mit je 2 Cores mit je 3 GHz, oder 168 Intel-Ghz Gesamtkapazität.\nEin Enclosure hat eine Leistungsaufnahme von 3.5 kW (3500 Watt) maximal, sodass man etwa 7 kW oder 10 PS veranschlagen kann. Das ist ein kleines Motorrad oder ein Original-2CV .\nUnsere Messungen haben gezeigt, daß der größte Teil der Rechenpower im SSL Key Exchange und der asymmetrischen Verschlüsselung versenkt wird. Sobald das SSL erst einmal im symmetrischen Stream ist, sinkt der CPU-Verbrauch dramatisch. Oder anders gesagt: Wenn man eine IVW-Box ist, die praktisch nur SSL Key Exchange macht, weil die Payload nur 41 Byte große transparente Pixel sind, die dann aber per SSL rausmüssen, wenn man also eine solche IVW-Box ist, dann ist das wesentlich härteres Brot. Ein SSL Key Exchange sind übrigens so um die 2.5 KB.\nKostenmäßig ist für uns damals eine SSL-Implementierung in Software mit normalen Standard-CPUs am günstigsten gewesen, selbst unter Berücksichtigung von Rackspace und Strom. SSL erscheint teuer, wenn man es in Relation zu Rechenpower und Leistung von Routern rechnet. Bezieht man das Backend mit in den Vergleich ein (was leichter fällt, wenn man das SSL nicht in Cisco-Switchblades oder Radwares implementieren will), dann relativiert sich der angebliche Overhead sehr schnell.\n(Inspiriert durch das Lesen von Jörgs Artikel )\n","date":"2007-09-20T00:00:00Z","href":"https://blog.koehntopp.info/2007/09/20/wie-teuer-ist-ssl.html","tags":["security","lang_de"],"title":"Wie teuer ist SSL?"},{"categories":null,"content":"Bov Bjerg schreibt in Alte Männer mit Kugelschreibern für die Jungle World:\nMachen wir uns nichts vor: In den vergangenen Jahren ist, nicht nur in Deutschland, eine gefährliche Parallelgesellschaft entstanden. Eine Gegengesellschaft von alten Männern, die sich kurz nach Erfindung des Kugelschreibers vom technischen Fortschritt abgekoppelt haben. Reaktionär, dogmatisch, unbelehrbar - und auch noch mächtig stolz darauf.\nUnsere grundlegenden Werte sind ihnen fremd. Soweit sie davon auch nur Kenntnis erlangen, wollen sie diese Werte zerstören. Die freie Information behindern und die freie Rede bestrafen. Sie wollen über unsere Rechner bestimmen, obwohl sie kaum imstande sind, ihren eigenen auch nur einzuschalten. Sie sind längst dabei, uns zu kolonialisieren. Ihre Missionare heißen Polizist und Staatsanwalt. Ihr liebster Psalm und Schlachtruf zugleich lautet: »Das Internet ist kein rechtsfreier Raum!«\n","date":"2007-09-18T00:00:00Z","href":"https://blog.koehntopp.info/2007/09/18/alte-m-nner-mit-kugelschreibern.html","tags":["politik","security","überwachung","lang_de"],"title":"Alte Männer mit Kugelschreibern"},{"categories":null,"content":" Man hat mich gebeten, auf den Kieler Linuxtagen am 7/8. September etwas salbungsvolles zum Thema 15 Jahre Linux zu erzählen. Und das etwas mit Kiel zu tun hat.\nDamit bin ich offiziell ein alter Sack.\nSobald man gebeten wird, über Rückblicke zu referieren und von der guten alten Zeit zu schwelgen ist man offiziell ein alter Sack.\nSo die Sorte Typ, die von den Helden vergangener Zeiten erzählt. Für die Richard Dean Anderson noch McGyver war, der mit dem Taschenmesser in der Hand noch selber Leben rettete, und nicht Sesselpuper bei Stargate. Damals hatten Telefone noch Drehscheiben, und das Leben war generell noch viel härter und damals es brauchte noch echte Helden\u0026hellip;\nEiner der Helden aus grauer Vorzeit hier in Kiel war ja Cornelius. Das war ein ganz Harter. Der hat zum Frühstück 74LS00 gefressen, ohne Milch! Und damals gab es noch gar kein SMD. Jemand, der Fehler mit dem Oszilloskop debugged. So ein Typ, der gar kein Modem braucht, sondern den Carrier auch selber Pfeifen kann. Das Telefonnetz war damals, für die Jüngeren unter Euch, übrigens noch Analog.\nCornelius hat den Unix-Kram hier in Kiel mit aufgebracht. Ich war damals ja noch so ein Amiga-Kiddie und dachte, ich bin cool, weil ich Freunde hatte, die sich selber mit einem Frequenzzähler auf dem Adreßbus eine echte Megahertz-Anzeige gebaut hatten statt so ein Fake-Teil, das immer dieselbe Zahl anzeigte. Damals war so was noch einstellig, also so eine Megahertz-Anzeige, da ging so was mit dem Taschengeld.\nCornelius ist so die Sorte Typ, für die die Dateiendung \u0026ldquo;.c\u0026rdquo; für Configuration stand und \u0026ldquo;cc\u0026rdquo; für \u0026ldquo;Configuration Converter\u0026rdquo;. Ich glaube, Cornelius hat sich damals ein wenig darüber geärgert, daß sein Nachname mit \u0026ldquo;K\u0026rdquo; anfing und nicht mit \u0026ldquo;C\u0026rdquo;, denn so hatte er nicht die Initialen \u0026ldquo;cc\u0026rdquo; wie sein Compiler.\nCornelius hat damals jedenfalls die ersten Unix-Kisten eingeschleppt. Natürlich gab es so etwas damals nicht fertig, sonst hätte ihn das wohl auch nicht interessiert. In seinem Fall waren das stattdessen Commodore 900 mit Coherent 0.7.1 Special Binary Prerelease, Prototypen von Rechnern, die Commodore nie gebaut hat, weil sie selbst für Commo zu Scheiße waren. Das war mein erstes Unix.\nDas Coherent war übrigens von Mark Willams Company. Die haben sonst so Flipperautomaten gebaut. Flipperautomaten sind, für die Jüngeren unter Euch, so analoge Videospiele mit echten Kugeln drin.\nCornelius lebt inzwischen übrigens in Texas. Wenn ich so drüber nachdenke paßt das schon, so irgendwie.\nIch hab dann später mit SCO Xenix weiter gemacht und so eine Mailbox geerbt. SCO, für die Jüngeren unter euch, waren damals noch die Guten. Damals gab es weniger Juristen und von Patentanwälten hatte noch nie jemand was gehört.\nGeerbt habe ich sie von einem anderen echten Helden, von Jens. Jens war auch ein ganzer Kerl. Der hat die Grafikkarte in seinem Mega ST noch selbst gebaut, und auch den Treiber dafür selber geschrieben. Und die Mailbox-Software für seine Mailbox auch.\nJens braut inzwischen übrigens sein eigenes Bier. Das paßt auch so, irgendwie.\nXenix hatte so das Problem, daß da kein richtiges TCP/IP bei war. Das war kein Problem, solange man mit Modems und UUCP gearbeitet hat - wir hatten damals noch kein Online und auch kein X, sondern nur eine Kommandozeile. Will man X, braucht man Netz, so für localhost. Also mußte ein System V her, ein Interaktive Unix, von Kodak.\nJedenfalls, wenn man in so einem Interactive das TCP/IP in Betrieb nimmt, etwa weil man X machen will, und das localhost braucht, dann stellt man fest, daß so ein System V Kernel Memory Leaks hat und daß dann binnen einer Viertelstunde schon mal 500K Speicher voll laufen. Ein Kilobyte, für die Jüngeren unter Euch, ist übrigens ein Millionstel Gigabyte.\nSo stand ich also damals, ich weiß es noch wie heute, vor dem Problem, ein Unix her zu kriegen mit funktionierendem oder reparierbarem TCP/IP. Das war am 30. Dezember 1992, also vor etwa 15 Jahren, und das ist der Grund warum ich heute hier vorne stehe.\nIch bin damals also mit dem Fahrrad zur Uni geradelt. Bergauf, durch den Schnee. Schnee, für die Jüngeren unter Euch, ist gefrorenes Wasser. Damals hatten wir noch keine Klimakatastrophe. Ich hab mir dann einen Kernel und ein paar Sourcen auf ein Tape gezogen. Das Tape war ein sogenanntes Quarterinch Tape. Das bezieht sich nun nicht auf die Größe der Kassette, sondern die Breite des Bandes. Die Kassette war größer, so 10x7cm ungefähr, also wie ein Taschenbuch. Ein Buch, für die Jüngeren unter Euch, ist so was wie eine DVD, nur mit Text statt Bildern und ohne Strom. Das Tape jedenfalls, das hatte eine Rückwand aus massivem Stahl, 4mm dick. Cornelius stand tierisch auf solche Tapes.\nMit dem Linux auf dem Tape bin ich dann nach Hause geradelt, wieder durch den Schnee, natürlich, denn damals blieb so was noch liegen und natürlich auch wieder bergauf, denn damals ging es noch nicht bergab. Und hab mir den Kram compiliert und installiert. Danach hab ich dann erst mal die Permissions und Owner von dem Zeug richtig gesetzt, denn wir hatten damals noch keine Distributionen.\nUnd so kam es, daß ich am 31. Dezember 1992 mit einem SLS und einem Kernel 0.96.6 in das neue Jahr startete. Das war schon ziemlich cool. SLS war übrigens von Donald Becker. Der schreibt inzwischen übrigens Netzwerktreiber. Das paßt auch, irgendwie.\nEndlich X. 640x480 in 256 Farben. Das war schon was. Man konnte seinen Monitor auch übertakten, dann ging mehr. Ein Monitor, für die Jüngeren unter Euch, das ist so eine Art analoges LCD, damals hatten wir noch kein DRM. Da ging so was noch mit dem Übertakten.\nNaja, so fing das damals jedenfalls alles an. Und dann ging es Schlag auf Schlag. Man kann sich bei so einem Vortrag schnell in die Technik versteigen, und wie geil Linux inzwischen so ist - es rennt auf einem Palm Pilot und einer Cray, auf einem iPod und auf einer Enterprise-Class Solaris Kiste oder einer SGI mit 1024 Prozessoren.\nAber wenn man sich Sagen aus Grauer Vorzeit so ansieht, dann geht es da weniger um die Monster, sondern im Grunde geht es um die Helden, und ihre Taten. So auch im Zusammenhang mit Linux und im Zusammenhang mit dem Universum als solches.\nAlso ist dies heute ein Vortrag über Helden und Heldentum.\nEin Held ist jemand, der einen Kampf aufnimmt, um die Welt zu verändern, einen Kampf der anfangs aussichtlos, ja sogar sinnlos erscheint. Manche Helden opfern sich, oder opfern persönliche Vorteile, um die Welt, oder das Universum als solches, für uns alle in einen besseren Ort zu verwandeln.\nDer erste Held, um den es hier gegen soll, ist natürlich Linus Torvalds. Er ist ein Jedermann aus einer Gegend gar nicht weit von hier, ein Schwede in Finnland, ein Informatikstuent. Wer hier war schon mal in Schweden oder in Finnland? Wer hat Informatik studiert? Genau. Ihr hättet Linus sein können.\nLinus hat sich also hingestellt, und sein Zeug ins Netz gekippt und gesagt: Hier ist mein Zeug und ich habe es in Netz gekippt, jetzt könnt ihr spielen. Wer hier hat schon mal Zeugs von sich ins Netz gekippt, damit andere spielen können? Genau. Ihr hättet Linus sein können.\nLeute haben also Linus Zeugs genommen und damit gespielt, und es dabei besser hin gefummelt und - das ist der Trick - Linus ihr verbessertes Zeug zurückgegeben. Linus hat das also zusammengesetzt und wieder zurück ins Netz gekippt.\nEigentlich hat er also gar nicht viel gemacht.\nDer entscheidende Punkt hier ist: Er hat es getan. Linus hat mit seinem Tun die Welt verändert. Also nicht bloß ein bisschen, sondern so richtig fundamental. Leute schreiben da Bücher drüber. Bill Gates paßt seine Geschäftsstrategie an. Linus hat Macht. Er ist hingegangen und hat gesagt: Das ist jetzt so, und dann war es so. Ein Informatikstudent aus Finnland, hier gleich um die Ecke.\nOkay, Linus war nicht alleine. CREDITS in meinem Kernel listet alleine so an die 500 Leute, und das sind nur die, die es bis in diese Datei geschafft haben und das ist nur der Kernel.\nUnd das mit dem Zurückgeben und neu veröffentlichen ist auch nicht seine Idee. Diese Idee hatte ein anderer Held, Richard Stallman.\nStallman, ein weiterer Informatikstudent, wenn auch von weiter weg, ist also hingegangen und hatte dasselbe gemacht wie Linus, nur viel früher: Er hat Zeugs geschrieben, in seinem Fall ein Haufen ziemlich coole Editing Macros, \u0026ldquo;emacs\u0026rdquo;, für einen Editor, und die ins Netz gekippt und gesagt: Hier ist mein Zeug und ich habe es ins Netz gekippt, jetzt könnt ihr spielen.\nLeute haben also Richards Zeug genommen und damit gespielt, und es dabei besser hin gefummelt und ein kommerzielles Produkt draus gemacht und - das ist der Fehler - Richard ihr verbessertes Zeug nicht zurückgegeben sondern gesagt: Ellabätsch, angeschissen, Du hast Zeug ins Netz gekippt und ich mach eine Firma draus.\nDa war Richard natürlich sauer und hat sich überlegt, wie er die Welt verändern kann, oder gar das Universum als solches, um es für uns alle in einen besseren Ort zu verwandeln. Richard hat sich also hingesetzt und mal aufgeschrieben wie es sein soll, damit das mit dem \u0026ldquo;ins Netz kippen und spielen\u0026rdquo; besser funktioniert.\nDamit das ganze juristisch wasserdicht wird ist das Ganze ein ziemlich langer Text geworden, aber im wesentlichen steht da drin: Du kannst Zeugs, das ich ins Netz gekippt habe, nehmen und dran rumbasteln und damit spielen. Aber wenn Du Dein verändertes Spielzeug nicht zum selber spielen verwendest, sondern Dritte damit spielen läßt, dann mußt Du denen (und damit effektiv uns allen) die Veränderungen geben, damit wir genau wie Du spielen können.\nAlso, mit anderen Worten, wenn wir Zeugs ins Netz kippen, damit Du spielen kannst, dann mußt Du, wenn Du das verbastelst Dein verbasteltes Zeug ebenfalls ins Netz kippen, damit wir genau wie Du weiter spielen können.\nSimpel genug.\nSo simpel, daß ein Haufen Leute die Idee kopiert haben. Weil Richard hat das nicht nur auf seine Editing Macros angewendet, sondern er hat die Metaidee, also den Regelsatz, als solchen formuliert, da raus abstrahiert und auch ins Netz gekippt. Und ein Haufen Leute haben nicht nur seine Editing Macros genommen und damit gespielt, sondern haben ihr Spielzeug nach seinen Regeln ins Netz gekippt damit andere auch damit spielen können.\nOkay, Stallman war also nicht alleine. Auf Sourceforge stehen tausende von Softwarepakete, aber letztendlich ist seine Idee, die GPL, als Lizenz bei der überwiegenden Mehrzahl aller Projekte gewählt. Es gibt einen Haufen Lizenzen, die zur Auswahl stehen, aber es ist die Lizenz von Stallman, die letztendlich die bestimmende Macht bei allen diesen Paketen ist. Es ist etwas an der GPL, das sie uns anderen Nichthelden attraktiver, fairer oder sonstwie besser erscheinen läßt.\nDas kommt, weil die GPL eine Formulierung einer anderen, viel, viel älteren Idee ist. Diese Idee hatte ein anderer Held, Immanuel Kant.\nKant war ein Student der Philosophie, weil damals gab es noch keine Informatik, hat die GPL viel kürzer aufgeschrieben als Stallman, weil damals gab es auch weniger Juristen. Er sagte, etwas geschraubt, weil er Philosoph war: \u0026ldquo;Handle stets so, daß die Maxime Deines Handelns als Grundlage allgemeinen Handelns genommen werden kann.\u0026rdquo; und nannte das den kategorischen Imperativ.\nKant meint, das sei eine coole Idee, weil es die Welt und das Universum als solches automatisch in einen besseren Ort verwandelt.\nManche Leute heute formulieren Kant etwas weniger geschraubt als \u0026ldquo;Was Du nicht willst, das man Dir tu, das füg auch keinem anderen zu.\u0026rdquo; Das geht leicht von der Zunge und macht klar, wieso Kant der Meinung war, daß es die Welt und das Universum als solches in einen besseren Ort verwandelt, erklärt aber irgendwie gar nicht was das mit der GPL zu tun hat.\nWenn man da drüber nachdenkt, dann stellt man aber fest, daß man das noch anders formulieren kann: \u0026ldquo;Baue die Spielregeln einer Gemeinschaft stets so, also ob Du Dich an jeder Position in dieser Gemeinschaft, und sei es die niedrigste und schlechteste, befinden mögest.\u0026rdquo; In anderen Worten: Man stelle sich einmal vor, man sei, hmm, die kranke dunkelhäutige Frau eines fundamental-religiösen Hartz IV-Empfängers mit Migrationshintergrund mit einem behinderten Kind in einem Plattenbau in Sachsen - Deutschland funktioniert als Gemeinschaft, sagt Immanuel, wenn man sich selbst in dieser Situation vorstellen kann und das nicht schlimm wäre.\nOkay, hat nix mit der GPL zu tun, aber illustriert das Gedankenmodell.\nAnderes Beispiel: Man stelle sich einmal vor, man stellt einen Haufen cooler Editing Macros ins Netz und alle wollen die benutzen und dann macht einer ein paar Veränderungen dran, packt das ganze in eine Schachtel und fängt an das zu verkaufen und sagt mir, nein, an die Veränderungen kommst Du nicht dran, das ist jetzt alles proprietär.\nOffensichtlich sind die Spielregeln kaputt. Immanuel hat also eine Metaregel aufgeschrieben, mit der man testen kann, ob ein Regelsatz heil oder kaputt ist: Nimm die Regeln, bau das Spielfeld auf und setz Dich selber an die letzte von allen Positionen. Magst Du dann noch spielen? Wenn nein, ist das Spiel im Eimer.\nRichard hat nun diese Überlegung von Immanuel genommen und im Grunde nur Regeln aufgeschrieben, die nicht kaputt sind. Und Linus hat das dann mal durchgespielt. Okay. Und wir alle anderen auch. Das da sind ja auch nur Leute wie Du und ich.\nDas ist mächtig gefährlich.\nWeil es die Welt verändern kann, oder das Universum als solches, und in einen besseren Ort verwandeln. Und wenn die das können, dann können wir, also Du, Du und Du, das auch. Einfach so.\nAlso rechnen wir das doch mal durch, so wie ein Philosoph, Mathematiker oder Informatiker das tun würde.\nErst mal sind wir. Das ist unbestritten. Jedenfalls bin ich, das ist leicht zu testen - ich denke, also bin ich. Ob Ihr seid, ist nicht so leicht zu testen, aber im Grunde irrelevant. Weil: wenn ich nicht widerlegen kann, daß Ihr seid, Ihr mich aber beeinflussen könnt und ich ich Euch, dann muß ich Euch erst mal als real annehmen - es macht ja keinen Unterschied für mein Handeln.\nDas ist cool, weil ich jetzt schon mal Folgerungen ziehen kann.\nDie erste ist: Wenn ich bin, will ich weiter sein. Das nennt man Egoismus und ist gesund.\nDie zweite ist: Ich bin nicht alleine, sondern es gibt mehr wie mich, und die wollen auch weiter sein.\nUnd das ändert die Regeln fundamental.\nEine ganze Menge Leute, Helden der Mathematik in diesem Fall, haben auf dem Problem \u0026ldquo;Die Anderen\u0026rdquo; rum gerechnet und festgestellt, daß das wegen der Existenz der Anderen die Welt und das Universum als solches kein Nullsummenspiel ist.\nEin Nullsummenspiel ist ein Spiel, bei dem ich verliere, wenn ein anderer gewinnt. Man kennt das - mal verliert man, mal gewinnen die anderen.\nDer Punkt ist, das ist Unsinn. Die Welt ist, sagen uns die Mathematiker, nicht ein Spiel, sondern eine Folge von Spielen und sie hat, wie wir Informatiker sagen würden, Zustand. Zustände kriegt man, sobald man sich erinnern kann, also den Ausgang vorheriger Spiele zur Grundlage seines fortgesetzten Handelns macht. Oder wie der große Held Henry Spencer so treffend gesagt hat, \u0026ldquo;Those who do not remember Unix are forced to reinvent it, poorly.\u0026rdquo;\nDarum ist für die Politiker Fernsehen so wichtig, weil das verhindern soll, daß wir Zustände kriegen.\nDie Frage war, ob wir Helden sind.\nUnd die Antwort ist: wir sind, und wir sind nicht alleine, und weil das so ist, und weil wir uns erinnern können, können wir durch zusammenarbeiten Situationen schaffen, in denen jeder gewinnt, der mit uns zusammenarbeitet - uns selbst eingeschlossen. Indem wir etwas verschenken machen wir langfristig Gewinn.\nDie Helden der Philosophie und der Mathematik sagen uns, und das haben sie oft nachgerechnet, daß das eine Eigenschaft der Welt und des Universum als solches ist. Die Welt um uns herum ist so aufgebaut, daß es gut und persönlich gewinnbringend für uns ist, kurzfristig etwas zu opfern, um die Welt und das Universum als solches in einen besseren Ort für uns alle zu verwandeln.\nOder, um es deutlicher zu formulieren: Bill Gates ist ein blöder Idiot. Und nur Du kannst es ihm beweisen.\nSei ein Held.\n","date":"2007-09-07T00:00:00Z","href":"https://blog.koehntopp.info/2007/09/07/echte-helden.html","tags":["damals","free software","kiel","politik","lang_de"],"title":"Echte Helden"},{"categories":null,"content":"Laut Heise Newsticker äußert sich IT-Laie Jörg Ziercke:\nZiercke sagte, der Aufwand für eine einzige Online-Durchsuchung sei beträchtlich, \u0026ldquo;weil wir jeweils eine eigene Software entwickeln müssen\u0026rdquo;. Diese Software werde immer nur für den Einzelfall erarbeitet, \u0026ldquo;ein Unikat, das speziell auf die Rechner-Umgebung eines Verdächtigen zugeschnitten wird\u0026rdquo;.\nMal sehen, ob ich das richtig geparsed bekomme, was Ziercke da erzählt: Er möchte in einer missionskritischen Anwendung in einer Gefahrensituation unter Zeitdruck eine ungetestete Software in einer Situation einsetzen, in der er das Zielsystem nicht vollständig kontrollieren kann. Faßt es das in etwa zusammen?\nWas will er sonst noch machen? Bungeejumping ohne Seil? Nein, so hanebüchene Ideen können auch Ziercke und seine Berater nicht ausbrüten. Dies ist ganz klar eine Nebelkerze, am Ende wird auch hier Encase eingekauft (Siehe die Kommentare am Ende von\nDer Bundestrojaner durchdekliniert für eine Liste von Materialien zum Thema).\n","date":"2007-08-29T00:00:00Z","href":"https://blog.koehntopp.info/2007/08/29/mehr-online-durchsuchungs-nebelkerzen.html","tags":["politik","security","überwachung","lang_de"],"title":"Mehr Online-Durchsuchungs-Nebelkerzen"},{"categories":null,"content":" Kristian, wenn Du über Performance redest, dann redest Du immer von verteilten, asynchronen Systemen . Verteilte, asynchrone Systeme sind doof, schwer zu programmieren und laufen der Theorie zuwider, die ich an der Uni gelernt habe. Ich warte glaube ich lieber auf schnellere Prozessoren.\nViel Spaß beim Warten. Godot wird Dir Deine neue CPU bestimmt bald bringen.\nEin Gigahertz ist ein Takt pro Nanosekunde. Bei Lichtgeschwindigkeit kommt das Signal in einer Nanosekunde in etwa 30cm weit. In der Cray, die jetzt als Bar in der Lobby vom RZ der Uni Stuttgart Dienst tut, sind alle Kabel Vielfache von 30cm lang. Dadurch ist jedes Kabel auch eine Delay von 1, 2, 3 oder 4ns.\nHeutige Rechner haben einen Takt von so um die 3 GHz. Der Teil der Maschine, der mit 3 GHz gepowert ist hat wenig überraschend einen Radius von etwas unter 5 cm. Das ist der Bereich, in dem man bei diesem Takt binnen eines Taktzyklus Round-Trip-Time (5cm hin und zurück = 1/3ns = 3GHz Takt) einen konsistenten, synchronen Zustand herstellen kann. Will man größere Maschinen bauen, die weiterhin synchron und konsistent sind, muß man die Lichtgeschwindigkeit erhöhen (die Zeit verlangsamen) oder den Takt herabsetzen. Also braucht man entweder ein schwarzes Loch in der CPU oder einen niedrigeren Systemtakt oder ein anderes Konzept.\nDas kann man akzeptieren oder nicht. Diejenigen, die es nicht akzeptieren, können gerne Two Phase Commit auf einem Interkontinental-Link machen und sich über Performanceprobleme beklagen. Aber bitte nicht bei mir.\n","date":"2007-08-11T00:00:00Z","href":"https://blog.koehntopp.info/2007/08/11/zehn-zentimeter.html","tags":["database","mysql","performance","lang_de"],"title":"Zehn Zentimeter"},{"categories":null,"content":"Ode an Kiel: Ich baue wie viele andere Kerle einen Grill auf, sortiere Decke, Lebensmittel und Bier-Kühler und lasse das alles wortlos auf Sophie wirken. Die untergehende Sonne lässt das Fördewasser weich schimmern, am Ufer gegenüber strahlt weiß der Sand, ganz weit hinten rechts leuchtet blau-rot der HDW-Kran, dazwischen die Segler, ein paar Schnellboote, die wie junge Hunde über die Förde tollen und zur Linken weit und offen das Meer. Ein paar Stunden noch, und der Vollmond wird genau über Heikendorf stehen. Was wäre, sähe ich das zum ersten Mal? Nörgler werden sagen, Kiel an einem Sommerabend ist ein billiger Trick, damit ist natürlich jede zu beeindrucken.\n","date":"2007-07-30T00:00:00Z","href":"https://blog.koehntopp.info/2007/07/30/ode-an-kiel.html","tags":["kiel","anderswo","lang_de"],"title":"Ode an Kiel"},{"categories":null,"content":"\u0026ldquo;Ich muß Hardware für einen Rechner kaufen, auf dem dediziert nur ein MySQL laufen soll. Was soll ich beschaffen?\u0026rdquo; ist eine Frage, die ich recht oft höre. Hier ist die lange Antwort.\nBevor man sich mit dem freundlichen Hardwarehöker des geringsten Mißtrauens in Verbindung setzen kann, muß man sich erst einmal ein paar Dinge überlegen.\nDatenbank-Zielgröße bestimmen Die allererste Überlegung ist die erwartete Zielgröße der Datenbank: Werden wir einen Bestand von 1G, 10G, 100G oder 1000G haben? Daraus und aus dem allgemeinen Gesundheitszustand des Geldbeutels ergibt sich schon die erste wichtige Erkenntnis. Nämlich: Werden wir es schaffen, eine speichergesättigte Datenbank zu bauen, oder bekommen wir eine Datenbank, die für Lesezugriffe auf die Platte zugreift?\nFolgerung 1: Speichergesättigte Datenbanken sind ein bevorzugtes Designziel Mechanische Festplatten sind unerträglich langsam.\nSpeicher-Zugriffszeiten werden in Nanosekunden angegeben. Milli (10E-3), Mikro (10E-6), Nano (10E-9), Pico (10E-12), Femto (10E-15), Atto (10E-18) - Speicher hat also Zugriffszeiten in der Größenordnung von einer Millardstelsekunde pro Byte. Platten-Zugriffszeiten liegen dagegen im Bereich von Millisekunden, wenn Seeks involviert sind. Von einer durchschnittlichen Serverplatte kann man nicht mehr als 200 Seeks pro Sekunde (5ms pro Zugriff) erwarten, die 7200rpm Hitachi HTS72108 in meinem Laptop schafft nach iozone und iostat ziemlich genau 125 Seeks pro Sekunde (8ms pro Zugriff).\nIn diese Zeit geht die Average Seek Time für die horizontale Positionierung des Kopfes und die Rotational Delay mit ein - also die Zeit, die wir warten müssen, bis die richtigen Daten unter dem fertig positionierten Kopf auch mal durchrutschen. Die Datentransferzeit zur tatsächlichen Übertragung der Daten ist im Vergleich dazu eher zu vernachlässigen.\nAndererseits hat eine Platte im Vergleich zum RAM eine größere Zugriffsgranularität - während wir beim RAM für jedes Byte eine Access Time abrechnen, tun wir das bei einer Platte für einen Block (512 Byte, aber wir können hier gerne mit 1000 Byte rechnen, es spielt nicht wirklich eine Rolle). Im Endeffekt ist der Geschwindigkeitsunterschied zwischen RAM und Random-I/O einer Festplatte jedenfalls nicht 1E6 (eine Million), sondern nur etwa 1E4 (Zehntausend) bis 1E5 (Hundertausend), abhängig davon wie breit unsere Rows im Schnitt sind.\nWird eine Platte nicht mit Random-I/O betrieben, sondern mit linearer Ein-/Ausgabe, dann können wir so um die 50 MB/sec von einer Platte bekommen. Je nach Rowsize sind das zwischen Hundertausend und einer Million Rows pro Sekunde. Das ist immer noch langsamer als RAM, aber viel schneller als die im pessimalen Fall 200 Rows/sec vom Random-I/O (Hmm, auch da kommen wir noch drunter, wenn wir auch den Index nicht cachen können).\nWenn es einem also gelingt, speichergesättigte Datenbanken zu bauen, dann sind Reads für viele Anwendungsfälle schon kein Problem mehr und teilweise fällt sogar schlechtes SQL nicht mal mehr auf, weil die entsprechenden Operationen zwar ineffizient sein mögen, aber dank schnellem RAM-Zugriff dennoch schnell genug sind.\nFolgerung 2: 64 Bit sind Mandat MySQL hat eine Ein-Prozeß-Architektur. Ein einzelner Datenbankserver enthält eine Reihe von datenbankinternen Service-Threads und einen Handlerthread pro Connection, die sich alle den gemeinsamen Speicher des Prozesses teilen.\nWir brauchen also nicht nur jede Menge RAM, sondern wir brauchen das RAM auch in einer Form, die es uns erlaubt, innerhalb eines einzelnen Prozesses darauf zugreifen zu können. Das bedeutet in 2007: Eine 64 Bit CPU, ein 64 Bit Betriebssystem und eine 64 Bit Version von MySQL, falls wir Speicher von mehr als 3G (in Windows: 2G) im Server haben.\n32 Bit-Code kann in Linux nur etwas unter 3G in einem Prozeß adressieren, und in Windows sind es sogar nur etwas unter 2G. Es ist also vollkommen sinnlos, einen Rechner mit 8G RAM hinzustellen und dann nur ein 32 Bit-Betriebssystem und ein 32 Bit-MySQL drauf zu installieren. Das gibt zwar einen schönen File System Buffer Cache und das ist besser als nix, aber es wäre sehr viel interessanter, den Speicher direkt in MySQL zur Verfügung zu haben. Ein Datenbankserver wird also immer fett RAM bekommen und das zieht dann relativ schnell die 64 Bit nach sich.\nEs gibt zwar so was wie PAE / AWE , aber reden wir da nicht drüber - wir haben 2007, und es gibt keinen Grund, mit gefesselten Beinen über die Ziellinie zu hüpfen, wenn man stattdessen richtig rennen kann. Es gibt zwar PAE-Code in MySQL, aber der ist per Default nicht enabled, in den MySQL-eigenen Binaries nicht vorhanden und schlecht getestet. Selbst wenn das alles anders wäre, würde man PAE nicht wollen, sondern gleich richtig 64 Bit machen wollen - PAE ist langsam und hat haarige Tatzen.\nSchreibleistung vs. Leseleistung Eine andere Sache, die man sich frühzeitig bewußt machen muß ist die Überlegung, daß Leseleistung sehr viel leichter zu optimieren ist als Schreibleistung.\nDatenbanken, die überwiegend Reads sehen und wenig Schreiboperationen haben sind sehr leicht zu skalieren: Wir ersticken das Problem nach Möglichkeit erst einmal mit Speicher und wenn das nicht mehr reicht, setzen wir eine ausreichende Anzahl von Replication-Slaves auf. Die Reads verteilen wir dann gleichmäßig über die Slaves. Das können wir je nach Problemgröße leicht bis auf 1000 Slaves pro Master ausdehnen, wenn wir wollen.\nWrites dagegen sind sehr viel unhandlicher. Wir können Schreibzugriffe zwar Delayen, Batchen und Sortieren, aber am Ende muß der Write auf irgendein persistentes Medium. Wenn wir mehr Schreibzugriffe haben als eine Platte wegstecken kann, dann müssen wir ein Array hinstellen. Wenn wir mehr Schreibzugriffe haben als man sinnvoll über ein Array verteilen kann, dann müssen wir die Datenbank partitionieren mit all den unangenehmen Designentscheidungen, die mit solchen verteilten, lose gekoppelten Systemen einher gehen.\nFolgerung 3: Locality erzeugen um Schreibzugriffe zu minimieren Datenbanken speichern Daten in Speicherseiten ab. In InnoDB zum Beispiel ist eine solche Speicherseite mit 16K relativ groß. In einer solchen Seite liegen in der Regel mehrere Rows, und InnoDB liest und schreibt immer ganze Seiten.\nWenn wir unsere Datenbank gut designed haben, dann haben wir Locality Of Reference erzeugt. Das bedeutet, daß wir ziemlich oft den Fall haben, daß die Rows, die wir zur gleichen Zeit bearbeiten auch räumlich dicht gepackt sind, also in derselben Speicherseite stehen. Das bedeutet, daß wir mit dem ersten Zugriff auf eine neue Seite schon die Rows, auf die wir gleich zugreifen werden mit in den Speicher bringen und daß wir beim Schreiben wahrscheinlich eine Seite nicht nur einmal verändern, sondern mehrere Rows in der Seite verändern werden.\nWir wissen, daß InnoDB Daten im Primary Key in B+-Bäumen abspeichert, d.h. in den Blättern des Primary Key stehen die Daten selbst, nicht Zeiger auf die Daten. Daten sind also physikalisch in Primary Key-Reihenfolge angeordnet und Daten mit einem ähnlichen Primary Key stehen wahrscheinlich physikalisch dicht zusammen auf der Platte. Sekundärschlüssel enthalten eine Kopie des Primary Key als Row Pointer. Ein \u0026ldquo;INDEX(a)\u0026rdquo; wird von InnoDB also intern als \u0026ldquo;INDEX(a, id)\u0026rdquo; interpretiert und realisiert. InnoDB und der Optimizer wissen das auch, und ein \u0026ldquo;SELECT id FROM t WHERE a = \u0026hellip;\u0026rdquo; wird entsprechend aus dem Sekundärschlüssel ohne Primärdatenzugriff abgearbeitet.\nMit diesem Wissen können wir jetzt über die Wahl des Primärschlüssels einer InnoDB-Tabelle die physikalische Anordnung von Daten in einer InnoDB-Tabelle beeinflussen und die Locality verbessern.\nOft erzeugen hierarchische Primärschlüssel ausgezeichnete Locality. In einer Tabelle, die Mails für einen Maildienst verwaltet wäre (userid, folderid, messagenummer) zum Beispiel ein sehr guter Primärschlüssel für die Mailtabelle, weil Informationen über neue Mails im aktuellen Folder des aktuellen Users dicht beieinander gespeichert werden. Ein INTEGER UNSIGNED NOT NULL PRIMARY KEY auto_increment erzeugt eine zeitliche Reihung von Daten nach dem Erzeugungsdatum und das ist für viele Daten, die neu heiß sind und dann mit der Zeit abkühlen genau der richtige Schlüssel. Ein Zufallswert, ein MD5 oder SHA1-Hash oder eine UUID ist ein furchtbarer Primärschlüssel, weil Daten im Endeffekt zufällig gestreut werden und keine Locality erzeugt werden kann. Locality ist nicht nur für Schreibleistung wichtig, sondern auch wenn wir eine Datenbank haben, die nicht speichergesättigt sein kann und wir Lesezugriffe zur Disk senden müssen. Mit einer guten Locality können wir unter Umständen viele Lesezugriffe im RAM cachen auch wenn die Gesamtdatenbank sehr viel größer als der Verfügbare Hauptspeicher ist.\nFolgerung 4: Beschriebene Rows schmal halten um Schreibzugriffe zu minimieren Schreibzugriffe ändern Seiten. Wenn wir eine gute Locality haben und wir außerdem Schreibzugriffe von beschriebenen Seiten zur Disk verzögern können, dann werden wir viele Rows in einem Block ändern können, bevor wir diesen Block zur Disk senden. Indem wir die Rows von Tabellen schmal halten, die beschrieben werden, bekommen wir mehr Rows in einen Block und haben so weniger Schreibzugriffe.\nWenn wir zum Beispiel eine Benutzertabelle haben, dann enthält diese überwiegend statische Daten wie zum Beispiel den Benutzernamen, das Paßwort, die Benutzeranschrift und andere Stammdaten. Sie enthält aber vielleicht auch sehr dynamische Daten wie zum Beispiel das Datum des letzten Logins. Datenbanktheoretisch gehört diese Information auch in die User-Tabelle, aber wegen der physikalischen Implementierung wird es sehr sinnvoll sein, eine künstliche 1:1 Relation einzuführen und das Paar (userid, lastlogin) in eine Extratabelle abzuspalten.\nHier haben wir nun 8 Byte breite Rows in 16K großen Records, also bis zu 2048 Records pro Speicherseite (in Wirklichkeit wird die Seite nicht vollständig genutzt sein) oder ca. 500-700 stark veränderliche Speicherseiten (8M-12M) für die Lastlogindaten von einer Million Usern. Wenn man einen Usereintrag von um die 300 Byte inklusive Stammdaten annimmt, dann würden eine Million User ohne diese Aufspaltung stattdessen um die 18000-25000 (280M-400M) veränderliche Seiten erzeugen, d.h. wir hätten etwa 36 mal mehr veränderte Speicherseiten zu schreiben, nur weil die veränderlichen Daten weniger dicht gepackt sind.\nDazu kommt, daß jeder Schreibzugriff auch alle Resultsets im MySQL Query Cache löscht, die von der beschriebenen Tabelle abstammen. Indem man häufig beschriebene Daten in Extratabellen isoliert bekommt man unter Umständen eine bessere Query Cache Hit Ratio und so bessere Performance.\nAus dem gleichen Grund und noch einigen anderen Gründen will man auch unbedingt alle Spalten abtrennen, in denen Typen verwendet werden, die \u0026ldquo;TEXT\u0026rdquo; oder \u0026ldquo;BLOB\u0026rdquo; im Namen haben. Zu den \u0026ldquo;anderen Gründen\u0026rdquo; gehört hier in MySQL auch die Handhabung von \u0026ldquo;temp tables\u0026rdquo; in Queryplänen, bei denen \u0026ldquo;using temporary\u0026rdquo; bei EXPLAIN gelistet wird.\nFolgerung 5: Writes delayen, batchen und sortieren Bei einem COMMIT schreibt InnoDB die geänderte 16K Seite nun nicht sofort zurück in den Tablespace, sondern notiert die Änderung erst einmal im Redo-Log und markiert die InnoDB-Seite als Dirty. Später wird die Dirty Page zur Disk gesendet und der entsprechende Redo-Log Pointer kann vorwärts bewegt werden um den Platz im Redo-Log wieder frei zu geben.\nDadurch, daß alle Änderungen so erst einmal im Redo-Log landen, werden Schreibzugriffe, die eigentlich Random-Writes wären vorübergehend erst einmal als Lineare Writes abgehandelt: Wir hatten weiter oben ja schon etabliert, daß lineare Writes schneller sind. Außerdem spekuliert diese Aktion natürlich darauf, daß eine eben veränderte InnoDB Seite wegen Locality gleich noch einmal geändert wird und wir so Random I/O-Schreibzugriffe einsparen können.\nWir können Locality abschätzen, indem wir die Größe des Redo-Logs mit der Menge der Pages vergleichen, die dirty sind. In SHOW ENGINE INNODB STATUS\\G finden wir:\n--- LOG --- Log sequence number 0 1994670731 Log flushed up to 0 1994670268 Last checkpoint at 0 1993477319 ... ---------------------- BUFFER POOL AND MEMORY ---------------------- ... Modified db pages 278 Unser Redo-Log hat also bisher Null (0) Umdrehungen gemacht, und der Schreibzeiger steht bei Offset 1994670731, während der hintere Lesezeiger bei Offset 1993477319 steht. Es sind also 1994670731-1993477319 = 1193412 (ca. 1.1M) Redo-Log belegt. Dem stehen 278 16K große Seiten (ca. 4.4M) gegenüber, die als Dirty markiert sind. Wenn es uns gelingt, durch Umstrukturierung dieses Verhältnis zu verbessern, also die Anzahl der Seiten, die als Dirty markiert werden zu verkleinern, dann bekommen wir weniger Random-I/O und eine bessere Schreibleistung.\nMySQL wird die \u0026ldquo;modified db pages\u0026rdquo; dann verzögert und im Batch auf die Platte schreiben, wenn\ndas Redo-Log droht, vollzulaufen innodb_max_dirty_pages_pct Prozent aller Pages im Buffer Pool als Dirty markiert sind oder InnoDB eine Pause zum Atemholen bekommt und einen Checkpoint fährt. Das Schreiben der Dirty Pages erfolgt derzeit leider noch nicht sortiert , obwohl das echt nützlich wäre.\nWir können uns, wenn uns unsere Daten nicht so wichtig sind, sogar noch die Writes ins Redo-Log delayen. Indem wir innodb_flush_log_at_trx_commit auf den Wert 2 oder gar 0 setzen, erlauben wir es der Datenbank auch Einträge ins Redo-Log zu verzögern und zu batchen und können so die Schreibleistung noch weiter erhöhen.\nFolgerung 6: Mehr Spindeln Wir können so mit verschiedenen Tricks bei der Gestaltung des Datenbankschemas die Anzahl der notwendigen Schreibzugriffe unter Umständen drastisch verringern und wir können uns mit Hilfe des Redo-Log unter Umständen einige Random-I/Os sparen, indem wir stattdessen vorübergehend lineare Schreibzugriffe machen. Am Ende aber müssen die Blöcke auf die Platte.\nEine einzelne Platte, so haben wir gelernt, gibt uns nicht mehr als 200 Seeks pro Sekunde. Auch ein RAID-1 Paar bekommt nicht mehr Daten auf die Platte, da ja jede Hälfte des Spiegelpaares dieselben Operationen durchführen muß. Von 14 Platten in einem RAID-10 (einem Stripe aus Mirrors) würden wir also ca. 7 mal 200 Seeks/sec = 1400 Seeks/sec erwarten.\nIn einem RAID-5 ist es weitaus schlechter. Da Datenbanken ausschließlich RAID-5 \u0026ldquo;Short Writes\u0026rdquo; machen, wird jede einzelne logische Schreiboperation zu vier physikalischen Schreiboperationen: Zwei Reads und zwei Writes. Mit einem großen Cache kann man die beiden Reads weg cachen, aber die beiden Writes bleiben. Hat der RAID-5 Controller außerdem einen großen batteriegepufferten Cache, kann es sein, daß auch die Schreibzugriffe in akzeptabler Zeit abgewickelt werden, aber die sichere Empfehlung für eine Datenbank ist in der Regel \u0026ldquo;RAID-5 ist böse, man will RAID-10\u0026rdquo;.\nFür eine Datenbank wollen wir also ein Plattenarray kaufen, daß aus möglichst vielen kleinen Disks zusammen gesetzt ist - uns interessiert ausschließlich die Anzahl der Seeks pro Sekunde, die wir von dem Array bekommen können. MB/sec sind von untergeordneter Bedeutung.\nDie Sun Performance Blueprint Wide Thin Disk Striping erklärt wie man mit Partitionen auf Arrays umgehen sollte: Sie sollten sich immer über alle vorhandenen Platten des Array erstrecken und es sollten keine dedizierten Disks für Logs, Indices oder einzelne Tabellen verwendet werden. Ab 6 Platten wird diese Strategie sinnvoll, ab 10 Platten ist sie dedizierten Disks auf jeden Fall überlegen.\nIn großen Arrays will man sich nicht mehr mit Disks abgeben, sondern \u0026ldquo;Storage managen\u0026rdquo; - Partitionen sollten daher immer über alle Disks gehen und das Array gleichmäßig aufheizen, sodaß man keine Hotspots mehr bekommt. Wenn das Array überlastet wird, kauft man dann eben einfach mehr Platten und reorganisiert. sar -d, iostat -x oder dstat sind des Storage- und des Datenbankadmins treue Freunde. Man sollte eine gewisse Nähe zu ihnen aufbauen.\nFolgerung 7: Software-Raid ist nix schlimmes Wenn wir ein RAID-10 bauen, dann ist die Realisierung des RAID sehr wenig aufwendig: Ein Write-Request wird einfach zu zwei verschiedenen Platten gesendet und endet erst dann, wenn beide Platten ihn bestätigt haben. Das ist sehr leicht in Software realisieren. Ein Hardware-RAID bringt hier nur wenig Gewinn.\nBei RAID-5, wenn man durch äußere Umstände dazu gezwungen wird, sieht da schon anders aus: Die meisten Software-RAID-5 Implementierungen sind ziemlich schäbig und RAID-5 profitiert ganz enorm von einem batteriegepufferten RAM als Cache. Hier ist ein (guter, teurer) RAID-Controller mit einem fetten batteriegepufferten Cache wahrscheinlich von Vorteil.\nEin Software-RAID hat gegenüber einem Hardware-RAID dann verschiedene Vorteile: Zum Beispiel braucht man sich nicht mit einem proprietären Treiber zu prügeln, kann das RAID zuverlässig über /proc/mdstat in Linux oder das entsprechende Windows-Äquivalent monitoren und kann zumindest in Linux auf die einzelnen Platte auch nach dem Splitten des Mirrors einzeln ohne RAID zugreifen, da Linuxraid die Metadaten hinten auf die Platten malt - eine RAID-Hälfte ohne RAID sieht dann zumindest read-only für einen Nicht-RAID-Zugriff ganz normal aus.\nSogar multipathen kann man das.\nCPU Leistung verblaßt neben Plattenleistung Die oben angestellten Betrachtungen haben an keiner Stelle die Leistung der Prozessoren des Systems gewürdigt. Das ist deswegen so, weil Datenbanken in der Regel kaum CPU-Probleme haben. Eine CPU mit 3 GHz Takt arbeitet pro Sekunde und Core 3 Milliarden Prozessorzylen ab, und moderne CPUs sollten eigentlich größenordnungsmäßig bei jedem Zyklus auch einen Befehl fertigstellen. Wenn man also von Disk Seeks von einer 200stel Sekunde ausgeht, dann werden in der Wartezeit auf die Platte um die 15 Millionen Wartezyklen pro Core in der CPU freigesetzt.\nOder anders gesagt: Eine Datenbank kann nur in zwei Fällen wirklich CPU-Probleme bekommen:\nWir haben etwas ganz wildes mit Stored Procedures oder anderem Code in der Datenbank gemacht. Das hätten wir besser gelassen.\nDie Datenbank ist speichergesättigt und fräst nun wie wild mit der CPU durch ihre Speicherbänke, weil sie niemals auf die Platte warten muß. Klagen über \u0026ldquo;CPU ausgelastet\u0026rdquo; sind in diesem Fall wahrscheinlich Beschwerden auf sehr hohem Niveau. In MySQL ist es außerdem so, daß wir in der Regel eine Query in einem Thread abarbeiten und wir eine bestimmte Menge an Concurrency benötigen, um ausreichend viele CPUs sättigen zu können.\nInsbesondere Replikation ist derzeit strikt seriell und kann nicht nennenswert mehr als einen Thread belegen.\nFolgerung 8: Ein reiner Backup-Slave braucht nur einen, maximal 2 Cores Da Replikation strikt seriell ist, kann ein Slave der nur repliziert und nicht auch noch Read-Queries abarbeitet oder Reports generiert niemals nennenswert mehr als einen Core busy halten. Es lohnt überhaupt nicht, hier viel Geld in Cores zu investieren. RAM oder Platten sind bessere Investitionsziele.\nFolgerung 9: Concurrency schätzen, und begrenzen MySQL ist eine Datenbank die klar auf Commodity Hardware hin entwickelt worden ist und die durch die überall verfügbare und leicht zu konfigurierende Replikation bevorzugt horizontal zu skalieren ist. Es ist in vielen Fällen eher lohnend, einen zweiten Server aufzusetzen statt den einzigen Server weiter zu vergrößern.\nMySQL funktioniert derzeit recht gut mit 4 oder 8 Cores, aber 16 Cores wären schon grenzwertig und es wäre zu beweisen, daß eine 16 Core-Maschine mit MySQL tatsächlich besser funktioniert als zwei 8 Core-Maschinen. Speichergrößen von 32G und 64G können gut gehandhabt werden, aber für wesentlich größere Pools müßte nachgewiesen werden, daß keine Lockingprobleme existieren. Mit MySQL 5.0.30 und MySQL 5.0.37 wurden verschiedene Lockingprobleme für sehr große InnoDB Buffer Pools behoben, sodaß es unbedingt lohnend ist ein Upgrade durchzuführen wenn man sehr große Speichermengen hat und noch kleinere Versionen einsetzt. Aber selbst dann kann intensives Monitoring noch Locking triggern. Dieses Problem wird derzeit bearbeitet.\nRecovery gleich mit planen Im Falle einer Katastrophe oder eines Administrationsfehlers wird der eigene Chef rüberkommen und die üblichen drei Fragen haben:\nWerden wir wieder online gehen können? Haben wir Daten verloren? Wie lange wird das alles dauern? Der vorausschauende Admin hat für alle drei Fragen schon Antworten parat. Das kann er nur, wenn er die Recovery seiner Datenbank geplant, geübt und gebenchmarkt hat.\nFolgerung 10: Platz um sich zu bewegen Ein Backup-Slave, so vorhanden, sollte genug Platz und Power haben, um eine Recovery in endlicher Zeit durchführen zu können. In den meisten Fällen plant man 3 bis 5 mal mehr Plattenplatz ein als die Datenbankzielgröße ist. Teile dieses Platzes können langsamer sein (weniger Spindeln haben, also aus größeren Platten zusammengesetzt sein) als die eigentliche aktive Datenbank.\nEin Test- oder Scratchrechner, etwa der Backup-Slave oder eine dritte Kiste, können sehr handlich sein, um Dinge zu testen, Datenextraktionen oder Loads vorzubereiten oder andere administrative Dinge zu stagen.\nDer Einkaufszettel Schätzhilfen:\nDie Zielgröße der Datenbank. Die erwartete Schreiblast. Prüfung: Lohnt es eine speichergesättigte Datenbank zu bauen?\nJa: Dies ist der Fall, wenn wir die benötigten Daten komplett ins RAM bekommen und die Schreibrate angemessen niedrig ist.\nIn diesem Fall stecken wir alles Geld ins RAM und bauen Platten an die Datenbank, um die Schreibrate zu bewältigen und um unseren RAM-Cache beim Hochfahren voll zu saugen. Wir brauchen aber unter Umständen keine dicken Arrays mit vielen Spindeln.\nNein: Wenn wir eine hohe Schreibrate haben oder unser Datenbestand so dick ist, daß wir mit den üblichen RAM-Größen keine Chance haben das alles weg zu cachen, nehmen wir das RAM eine Größe kleiner und stecken das frei werdende Geld in ein dickes Array mit vielen Spindeln. Das Array setzen wir als RAID-10 auf.\nJe nach zu erwartendem Grad von Concurrency bauen wir uns ein 2, 4 oder 8-Core-System. Richtig spannend wird die CPU-Nutzung aber aller Voraussicht nur bei speichergesättigten Datenbanken oder in spezialgelagerten Sonderfällen.\nWeil wir erwarten mehr als 2-4G Speicher zu verwenden, achten wir darauf, daß die CPU, das Betriebssystem und die Datenbank in 64 Bit-Versionen installiert werden.\nKonfigurationen, die ich beim Kunden gesehen habe waren etwa Dell 1950 mit einem MD1000 oder MD3000 hinten dran, HP DL 385 und DL 585 mit einem oder zwei MSA 30 hinten dran oder ähnliche Kisten von anderen Herstellern. Davor liegende Webserver waren oft Blades, zum Teil ohne Platten, mit 2G RAM und 32 Bit Betriebssystemen - für Webserver ist dies idR ausreichend und hier ist ein breites Array von Servernodes wichtiger als leistungsstarke einzelne Knoten, sobald die Latenz bei der Abarbeitung der Requests niedrig genug ist.\n","date":"2007-07-28T00:00:00Z","href":"https://blog.koehntopp.info/2007/07/28/hardware-f-r-ein-mysql.html","tags":["hardware","mysql","work","lang_de"],"title":"Hardware für ein MySQL"},{"categories":null,"content":" Abfahrt\u0026hellip;\nAlles startklar zum Vollräumen.\nZapf kommt\u0026hellip;\nAuspacken, bitte.\n","date":"2007-06-09T00:00:00Z","href":"https://blog.koehntopp.info/2007/06/09/kistenschlacht.html","tags":["berlin","lang_de"],"title":"Kistenschlacht"},{"categories":null,"content":" R\u0026gt; Ich hoffe, Isotopp wirft den Text aus #offtopicana nachher noch ins Blog.\nOkay, hiermit getan.\nO\u0026gt; Tu ich in den Ersatz-Server nun 2 oder 4 500er-Platten?\nR\u0026gt; Machs richtig.\nB\u0026gt; Nimm 4. Oder 5, wenn es geht. Vier im Raid, eine als Hot Spare.\nI\u0026gt; Raid-5 nur mit Hot Spare (außer bei mir daheim). Raid-5 im Degraded Mode hat einen tierischen Overhead. So hoch, daß man sich die Frage \u0026ldquo;Prio auf normale Accesses oder Prio auf Reconstruct\u0026rdquo; nicht stellen muss.\nB\u0026gt; I: ah? Danke für den Hinweis.\nI\u0026gt; Raid-5 undegraded mit 4 platten: Du hast Chunks von x kb (etwa 64k), und zwar 1. Chunk auf Disk A, 2. Chunk auf Disk b, 3. Chunk auf Disk C und Parity auf Disk 4.\nI\u0026gt; Das ist eine Raidline, hier mit Size = 3x64k = 192k.\nI\u0026gt; Nächste Raidline hat 4. chunk auf A, 5. chunk auf B, Parity auf C und 6. Chunk auf D.\nI\u0026gt; Nächste dann 7=A, Parity=B, 8=C und 9=D\nI\u0026gt; Dann Parity=A, 10=B, 11=C und 12=D.\nI\u0026gt; Parity läuft also um. Da bei jedem Write auch Parity geschrieben wird, verteilen sich so die Parity Writes auf alle Spindeln.\nABCD123P45p67p89p101112 I\u0026gt; Ein long write ist ein Rewrite einer ganzen Raidline, also hier 192k am Stück auf einer 192k-Grenze. Passiert oft bei Fileservern, die etwa Mediafiles schreiben. Das sind drei logische Writes: write 1, write 2, write 3. Die werden zu 4 physikalischen writes: write 1, write 2, write 3 und write p = 1 xor 2 xor 3.\nI\u0026gt; Ein short write ist jeder andere write. Passiert oft bei Datenbanken. Ein LOGISCHER write (write 1) wird hier zu 4 physikalischen Disk Operations:\nread 1, read parity, (parity xor 1 xor 1neu = parity_neu), write 1neu, write parity_neu. I\u0026gt; Mit Caches kann ein Raid-5 2 von den 4 physikalischen Operations eliminieren (die beiden Reads). Daher sind Raid-5 sehr schlecht bei Datenbanken und allem anderen Zeugs mit kleinen Writes.\nI\u0026gt; Reads skalieren fein: ein 4-Disk Raid-5 performt beim Read wie ein 3-Disk Raid-0. Das ist gut\nI\u0026gt; Das sind die \u0026ldquo;undegraded\u0026rdquo; Fälle. Jetzt failed eine Platte, sei es disk C. Wir lesen 1 → read A. Wir lesen 2 → read B.\nI\u0026gt; Wir lesen 3 → Read D, (cacheable) read A, (cacheable) read B und deliver 3 = p xor a xor b.\nI\u0026gt; Wenn wir short Reads haben, wird also jeder Read auf die failed Disk zu einem Read ALLER anderen Disks. Mit Caches geht es dann wieder.\nI\u0026gt; Mit einem Hot Spare geht das Array bei einem Failure sofort in den Reconstruct und sollte so konfiguriert sein, daß es so viel Power als möglich in den Reconstruct steckt: Alle Idlezeit und garantierte Mindestbandbreite so konfiguriert, daß Wirkbetrieb gerade noch erträglich geserved wird.\nI\u0026gt; Sobald das hotspare dann in sync ist, kann der Wirkbetrieb wieder ohne degraded Performance sauber geliefert werden. Und die Redundanz ist wieder hergestellt, Plattenfehler treten oft als Doppelfehler auf, das ist wie bei Glühbirnen, die haben ja auch dieses Gruppen-Fehlerverhalten.\nO\u0026gt; Und um die Lehrstunde komplett zu machen, sagst Du mir, wie ich mit 4 Platten möglichst gut fahre.\nI\u0026gt; 3 Platten ist minimum für Raid-5. Also 3+hotspare nach Lehrbuch, oder 4+keine spare und volles Risiko. Offiziell würde man immer 3+hotspare bauen und bei entsprechender Verfügbarkeitsanforderung auch noch Hotplug-Rahmen nehmen. Vielleicht mal mit Micha von Delta Computer reden. Die Plattengehäuse von Supermicro find ich jedenfalls gut.\n","date":"2007-06-05T00:00:00Z","href":"https://blog.koehntopp.info/2007/06/05/raid-5.html","tags":["computer","hardware","lang_de"],"title":"RAID-5"},{"categories":null,"content":" Dieser Comic ist mir wichtig. Ich bin ja auch eines dieser bedauernswerten Strahlungsopfer, ein schlafgestörter, geistig zurückgebliebener, zwergenwüchsiger Kümmerling: Ich wäre eigentlich 4.50 m groß geworden, hätte Feuer speien können und die Weltherrschaft an mich gerissen, aber durch die Strahlenexperimente meines Vaters bin ich halt klein und schwach geblieben und muss meine Software unter der GPL verschenken. Danke, Papa!\nDer Comic irrt jedoch, wenn er die Gefahr bei der Strahlung verortet. Es ist nicht die Strahlung, die gefährlich ist, sondern die Antenne. Ein Mobilfunkprovider, bei dem ich mal gearbeitet habe, hat das in einer Doppelblindstudie erforscht: Antennen die mit Basisstations-Containern aufgestellt wurden erzeugen bei den Anwohnern exakt dieselben medizinischen Beschwerden wie Antennen, die unangeschlossen aufgestellt werden. Muss irgendwie die Kristallstruktur in den Antennenmetallen sein.\n","date":"2007-05-29T00:00:00Z","href":"https://blog.koehntopp.info/2007/05/29/die-wahrheit-ueber-wifi.html","tags":["hardware","lang_de"],"title":"Die Wahrheit über Wi-Fi"},{"categories":null,"content":" Zur Zeit lese ich gerade The Origin Of Wealth , ein Buch, das dem Namen nach über Volkswirtschaft ist. Es beginnt aber mit einer Tour durch die Wirtschaftstheorie und einer Kritik derselben, um sich dann erst einmal dem Thema zellulare Automaten zuzuwenden und über verschiedene Simulationsexperimente mit agentenbasierten verteilten Systemen diskutieren. Der Autor,\nEric Beinhocker zeigt dann, wie solche Systeme dieselben Ergebnisse bringen können wie traditionelle Wirtschaftstheorie, nur genauer und mit weniger Aufwand.\nDas Buch hat einen starken Bezug zu Growing Artificial Societies , dem Sugarscape -Buch.\nDie Autoren beschreiben Sugarscape so:\nOn a small, bagel-shaped planet, tribes of natives—collectively known as \u0026ldquo;agents\u0026rdquo;—go about their lives. They reproduce. They eat. They travel. They squabble over limited resources, or trade them if doing so is to their mutual advantage. They exist entirely in a computer.\nAxtell und Epstein gelingt es, wesentliche Prozesse und Verteilungen, die wir in der richtigen Welt beobachten können, in Sugarscape mit Agenten nachzustellen, deren Regelsatz auf eine halbe Druckseite paßt. Die Sugarscape-Agenten generieren Märkte und Preisfindungssysteme, Paretoverteilungen, Power-Laws, aber eben wie in der realen Welt nur fast und mit den lokalen Abweichungen und quasi-zufälligen Schwankungen, die wir entgegen herkömmlicher Wirtschaftstheorie beobachten können. Sie können mit einem passenden Regelsatz auch evolutionäre Entwicklungen nachvollziehen und iterativ lokale Maxima finden und zwar in einer Landschaft, die nicht zwingend statisch ist.\nBeinhocker referenziert auch Murray Gell-Mann , der sich in The Quark and the Jaguar und am SFI ebenfalls mit komplexen adaptiven Systemen und zellularen Automaten beschäftigt und der die Arbeiten auf diesem Gebiet wesentlich beeinflußt hat.\nFür mich war das Buch unerwartet spannend - die meisten Wirtschaftsbücher fand ich bisher langweilig und die Mathematik darin hielt ich für suspekt, weil die Annahmen, die gemacht werden mußten, damit die Mathematik funktionierte ziemlich unrealistisch waren. Das Buch bestätigt nicht nur mein natürliches Mißtrauen gegen diese Methoden, sondern erklärt auch, warum sie notwendig waren und findet andere, einfachere Methoden, die Sachverhalte genauer auszudrücken und bessere Ergebnisse zu bekommen.\nWer sich mehr für Biologie interessiert kommt ebenfalls auf seine Kosten, weil man im Vorderteil des Buches eine der besten und portabelsten algorithmischen Beschreibungen von Evolution bekommt, die ich bisher gesehen habe.\n","date":"2007-05-15T00:00:00Z","href":"https://blog.koehntopp.info/2007/05/15/the-origin-of-wealth.html","tags":["media","book","review","lang_de"],"title":"Fertig gelesen: The Origin Of Wealth, Growing Artificial Societies, The Quark and the Jaguar"},{"categories":null,"content":" Wie in Der Bundestrojaner durchdekliniert versprochen:\n[ Mit dem Bundestrojaner bekommt ] der Staat einen Mechanismus, der für den angepriesenen Zweck vorab erkennbar ungeeignet ist, weil er die notwendigen Richtlinien zur gerichtsfesten Beweiserbringung nach Definition nicht erfüllen kann.\nUnd zwar berichtet der Deutschlandfunk von zwei Eindringversuchen deutscher Geheimdienste in fremde PCs.\nIn einem Fall ist der Schädling nach etwa zwei Wochen bemerkt worden, weil er im Ernst versucht hat, 120GB hochzuschießen, im zweiten Fall ist der Schädling sofort bemerkt worden und durch ein Programm ersetzt worden, das statt Daten blöden Scheiß geuppt hat.\nIn einem Fall hat man den Eindringling mit einem physikalischen Einbruch in die Wohnung des Besitzers auf dessen installiert, in einem anderen Fall wollte man den Eindringling mit verseuchten CDs installieren, die dem Eigentümer zugespielt worden. In diesem Fall wurde der Eindringling jedoch auch versehentlich auf Rechnern unbeteiligter Dritter installiert - so wurden nicht nur Daten von Unbeteiligten kopiert, sondern der betreffende Geheimdienst hat sich gleich selbst geDoSt.\nAber, so die taz , unsere Innenminister haben ihre Geheimdienste auch so komplett nicht im Griff:\nEigentlich war alles gar nicht so gemeint, sagt Staatssekretär Lutz Diwell (SPD), eine Schlüsselfigur des jüngsten deutschen Geheimdienstskandals. Diwell hat im Sommer 2005 als Innenstaatssekretär die Dienstvorschrift unterzeichnet, die dem Verfassungsschutz den Zugriff auf private Festplatten erlaubte. Er habe dabei aber geglaubt, dass es nur um die Beobachtung geschlossener Internet-Foren gehe. Dass der Verfassungsschutz auf dieser Grundlage auch den Inhalt privater Computer ausspähen könnte, sei ihm überhaupt nicht bewusst gewesen, erklärte er jetzt über seine Sprecherin der taz.\nSo viel zum Thema Vertrauensvorschuß . \u0026ldquo;Der Bürger darf den Diensten hier einen Vertrauensverschiß geben\u0026hellip;\u0026rdquo;\n","date":"2007-05-02T00:00:00Z","href":"https://blog.koehntopp.info/2007/05/02/unf-lle-mit-dem-bundestrojaner.html","tags":["security","überwachung","lang_de"],"title":"Unfälle mit dem Bundestrojaner"},{"categories":null,"content":"Im Handelsblatt sieht die Wirtschaft Online-Razzien gelassen :\nObwohl in der deutschen Wirtschaft die Sorge vor Internet-Attacken auf interne Daten- und Steuerungssysteme wächst, hat sie grundsätzlich gegen den geplanten PC-Zugriff durch den Staat nichts einzuwenden. Die Arbeitsgemeinschaft für Sicherheit der Wirtschaft stellt dafür allerdings eine Bedingung\u0026hellip;.\u0026ldquo;Es müssen jedoch zielgerichtete Eingriffe gegen potenzielle terroristische Straftäter sein, bei denen die rechtsstaatlichen Grenzen genau definiert sind\u0026rdquo;, sagte Thomas Menk, Vorsitzender der Arbeitsgemeinschaft für Sicherheit der Wirtschaft (ASW).\nWer ist Thomas Menk? Das Bundestrojaner-Blog hat nachgesehen :\nDr. Thomas Michael Menk ist seit Leiter der Konzernsicherheit (Corporate Security Department) der DaimlerChrysler AG. Zuvor war er im Bundesministerium des Innern und im Bundesamt für Verfassungsschutz tätig. Er ist Vorsitzender der Arbeitsgemeinschaft für Sicherheit in der Wirtschaft e.V (ASW) und war zuvor Präsident des Verbandes für Sicherheit in der Wirtschaft Baden-Württemberg e. V. (VSW BW). Seit 2002 ist er Mitglied im Ausschuss für Sicherheitsfragen des Bundesverbandes der Deutschen Industrie e. V. (BDI).\nAch deswegen.\n","date":"2007-04-18T00:00:00Z","href":"https://blog.koehntopp.info/2007/04/18/bundestrojaner-im-handelsblatt.html","tags":["security","überwachung","lang_de"],"title":"Bundestrojaner im Handelsblatt"},{"categories":null,"content":"Deutschlandradio interviewed Thomas de Maizière:\nThomas de Maizière:Jeder, der das Internet benutzt, auch privat, nicht nur im Verhältnis zum Staat, muss wissen, dass er sich damit sehr viel offener macht, als er das vielleicht glaubt. Jeder kann einen Trojaner bekommen. Es können Informationen abgesaugt werden\u0026hellip;.\nDeutschlandradio Kultur: Und da wird Karlsruhe mitspielen, glauben Sie?\nThomas de Maizière: Das muss man probieren, wie weit man gehen kann. Und dann ist jeder eingeladen, eine Verfassungsbeschwerde einzulegen, und dann wird Karlsruhe darüber zu entscheiden haben.\nWie immer möchte ich an dieser Stelle meine Forderung wiederholen, Politiker für die Folgen schlechter Gesetze im selben Umfang persönlich haftbar zu machen wie ich es etwa als Consultant vor Ort bin.\n","date":"2007-04-15T00:00:00Z","href":"https://blog.koehntopp.info/2007/04/15/erst-mal-die-verfassung-brechen.html","tags":["politik","security","überwachung","lang_de"],"title":"Erst mal die Verfassung brechen..."},{"categories":null,"content":"Die GPL V3 ist sehr einfach zu lesen - wenn man wissen will, was drin steht, muss man lediglich die Präambel lesen, die in sehr klaren Worten und ohne juristisches Blafasel genau erklärt, was die Ziele und Methoden der GPL V3 sind und wieso sie Lizenz so aussieht wie sie aussieht. Der dritte Entwurf der GPL V3 ist nun fertig und wird weit besser aufgenommen als der zweite Entwurf .\nDie Idee der GPL ist die Schaffung eines geschützten Raums, in dem kooperiert werden kann. Das bedeutet, daß die GPL einem Nutzer dieser Lizenz bestimmte Rechte gibt und Zusatzbestimmungen einführt, deren Ziel es ist, dafür zu sorgen, daß diese Rechte immer für jeden gelten, der sich den Bestimmungen der GPL unterwirft. Die Idee ist es, Software aus dem GPL Pool nutzen zu können, im Gegenzug aber die Nutzer dieser Software dazu zu verpflichten, die Dinge, die sie mit dieser Software bauen allen anderen Nutzern dieses Pools unter denselben Bedingungen zur Verfügung zu stellen.\nDie GPL ist, wie anderswo erklärt , eine Lizenz - man erwirbt also Rechte an etwas, das man sonst nicht nutzen könnte. Die GPL ist nicht umsonst - man zahlt für diese Rechte damit, daß man im Gegenzug anderen dieselben Rechte an dem gewährt was man geschaffen hat, indem man die GPL-Rechte genutzt hat.\nDas System hat in den vergangenen Jahrzehnten recht gut funktioniert, aber neuere Entwicklungen in der Anwendungsentwicklung und im Urheberrecht haben die FSF dazu gebracht, die GPL zu überarbeiten.\nIch schrieb in GPL: Marktdurchdringung ist kein Wert an sich :\nWenn man die Entwicklung der letzten Jahre nämlich betrachtet, dann wird eines immer klarer: Es kann keine Koexistenz mit Closed Source geben, sondern nur eine strikte Trennung. Diese Erkenntnis ist nicht neu: Am 27. September 1983, also vor nunmehr 23 Jahren wurde das GNU Projekt gegründet. Es entstand unter anderem, weil jemand Code aus der Allmende genommen und unter seine Käseglocke gestellt hat. Die Funktion der GPL ist es, eine Wiederholung eines solchen Szenarios zu verhindern.\nDie GPL ist eine wehrhafte Lizenz und die Version 3 paßt sie an die Erfordernisse einer neuen Zeit an, um die Freiheiten der GPL unter diesen Bedingungen zu erhalten.\nDie Probleme, die die GPL V2 hat, bestehen in zwei Kernnbereichen:\nEinmal ist es in den letzten Jahren vermehrt üblich geworden, Software als einen Service anzubieten. Firmen, die so etwas tun, verwenden GPL V2 Software in großen Maßstab, liefern sie aber niemals aus. Daher wird die Schrankenbestimmung für die letzte Freiheit der GPL niemals wirksam: Die Verpflichtung, die eigenen Änderungen an einem Stück Software Dritten zur Verfügung zu stellen wird nur dann wirksam, wenn man diese Software auch an Dritte weitergibt. Bei Software als Service passiert das nicht - man gibt nur die Wirkungen dieser Software an Dritte weiter. Solche Dienstleister bedienen und bereichern sich also am Pool der GPL-Software ohne daß ihre eigenen Veränderungen auf der Grundlage dieses Fundus in den Pool zurückfließen müssen - der Kooperation wird die Grundlage entzogen und die Allmende stagniert . Andere Schutzrechte als das Urheberrecht werden zusätzlich wirksam: Es ist für einen Nutzer von GPL-Software möglich, den Quelltext zu einer Software zu erhalten, aber er wird möglicherweise durch andere Schutzrechte gehindert, diese Software vollumfänglich zu nutzen. Dies können durch das Urheberrecht selber geschützte DRM-Mechanismen sein ( Tivoisierung ), es kann sich aber auch um Patente auf Software handeln. Die GPL V3 formuliert ihre Absichten hier so:\nSome devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the purpose of the GPL, which is to protect users\u0026rsquo; freedom to change the software where changes are possible. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users.\nFinally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in places where they do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free.\nNeu in der GPL V3: Der Absatz 3 \u0026ldquo;No Denying Users\u0026rsquo; Rights through Technical Measures\u0026rdquo;. sagt, daß ein GPL V3 Programm nicht Teil eines DRM-Mechanismus sein kann. Die GPL V3 bezieht sich dabei (zur Zeit) auf Artikel 11 des WIPO-Vertrages vom 20. Dezember 1996 und die daraus entstandenen nationalen Gesetze zur Umsetzung dieses Vertrages. Ein Gerät wie der Tivo, bei dem man die Quellen erhält, modifizieren, die daraus resultierende geänderte Software dann so aber nicht mehr auf dem Gerät installieren kann wäre mit der GPL V2 möglich, mit der GPL V3 aber nicht mehr.\nIn dieselbe Richtung zielen nun Abschnitte von Absatz 6, die ebenfalls klarstellen, was denn nun genau zum Lieferumfang gehört:\nThe information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made.\nOder in anderen Worten: Die Schlüssel, die man braucht um sein selbstgemachtes Binary so zu signieren, daß es auf ein einem Tivo tut gehören auch dazu.\nEbenfalls neu in der GPL V3: Die Klarstellung in Absatz 10 \u0026ldquo;Automatic Licensing of Downstream Recipients\u0026rdquo; und der gesamte Absatz 11 \u0026ldquo;Patents\u0026rdquo;. Der Kern der Sache ist jetzt der erste Absatz von Absatz 11:\nEach contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor\u0026rsquo;s essential patent claims in its contribution, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contribution.\nOder in anderen Worten: Wenn ich Code in ein Stück GPL einbaue, das durch eines meiner Softwarepatente geschützt ist, dann gebe ich damit auch gleich eine kostenfreie, unbefristete und unbeschränkte Lizenz für die Nutzung dieser Patente an jedem Nutzer dieser Software mit. Dies ist übrigens nichts neues - schon die GPL V2 hat einen ähnlichen Effekt , wenn auch nicht so explizit formuliert.\nWeitere Änderungen an der GPL sind eher technischer Natur und nur verständlich, wenn man sich mit dem rechtlichen Umfeld ihrer Entstehung beschäftigt. Dies wird in den Anmerkungen zum Entwurf beschrieben.\n","date":"2007-04-02T00:00:00Z","href":"https://blog.koehntopp.info/2007/04/02/gpl-v3-rc3-was-steht-drin.html","tags":["copyright","free software","lizenz","patent","lang_de"],"title":"GPL V3 RC3 - Was steht drin?"},{"categories":null,"content":"Es ist mal wieder Zeit, sehr alte Hüte rauszukramen. Heute habe ich mir dienstlich eine Datenbank angesehen, die von PHP aus angesprochen wird. Das PHP, das dort verwendet wird, ist sehr loses PHP, also ohne die Verwendung eines großartiges Frameworks geschrieben. Entsprechend bin ich quasi sofort über SQL-Injections und XSS gefallen.\nDenn schon nach kurzem Suchen findet man Code wie den folgenden:\n$theValue = $_REQUEST[\u0026#39;theValue\u0026#39;]; ... if ($theValue != \u0026#34;\u0026#34;) { $where .= \u0026#34; where theColumn = \u0026#39;$theValue\u0026#39;\u0026#34;; } Eigentlich hat der betrachtete Code eine cleanup()-Funktion, die für jeden Wert aufgerufen werden soll, und die nicht nur den Typ des Wertes deklariert, sondern auch das notwendige Escapen der Werte \u0026ldquo;in place\u0026rdquo; vornimmt.\nDas ist aber in mehrfacher Hinsicht unschön.\nWenn man Code wie\n$_REQUEST[\u0026#39;theValue\u0026#39;] = cleanup($_REQUEST[\u0026#39;theValue\u0026#39;], \u0026#39;text\u0026#39;) schreibt, und vergisst diesen Cleanup-Aufruf einzufügen, dann haben wir keinen bemerkbaren Fehler: Der Folgecode, der auf $_REQUEST['theValue'] zugreift, bekommt Werte zu sehen und bleibt nicht mit einer Fehlermeldung \u0026ldquo;Keine Inputreinigung vorgenommen!\u0026rdquo; stehen.\nAußerdem sind die angewendeten Typprüfungen nicht flexibel genug und gehen nicht weit genug. \u0026rsquo;text\u0026rsquo; erzeugt im betrachteten Code gerade mal ein mysql_real_escape_string(), aber wendet keine weitergehenden Prüfungen auf den Eingabewert ein. Außerdem werden Eingabewerte, die für die Seite gar nicht da sein dürfen, trotzdem akzeptiert und dann vielleicht ignoriert – vielleicht aber auch nicht.\n(Das folgende Codebeispiel zum Runterladen: [input_validation.php.txt](/uploads/input_validation.php.txt\u0026quot; title=\u0026ldquo;input_validation.php.txt\u0026rdquo; target=\u0026quot;_blank))\nKurz gesagt: Was ich möchte ist eigentlich eine Typdeklaration für eine PHP-Seite, die die Eingabeparameter mit Namen und Typprüfungen deklariert.\n$cleaners = array( \u0026#34;county\u0026#34; =\u0026gt; array( \u0026#34;check\u0026#34; =\u0026gt; \u0026#34;text_regex\u0026#34;, \u0026#34;pattern\u0026#34; =\u0026gt; \u0026#34;[a-zA-Z0-9]+\u0026#34; ), \u0026#34;year\u0026#34; =\u0026gt; array( \u0026#34;check\u0026#34; =\u0026gt; \u0026#34;int_minmax\u0026#34;, \u0026#34;min\u0026#34; =\u0026gt; 1834, \u0026#34;max\u0026#34; =\u0026gt; 1864), \u0026#34;quarter\u0026#34; =\u0026gt; array( \u0026#34;check\u0026#34; =\u0026gt; \u0026#34;int_enum\u0026#34;, \u0026#34;values\u0026#34; =\u0026gt; array(1, 2, 3, 4) ) ); Ich will dann eine Eingabeprüfung, die ein Input-Array durchgeht und die Cleaners der Reihe nach anwendet. Das Resultat ist eine optionale Liste von Fehlern und ein gesäubertes Input-Array $_CLEAN, das vom $_REQUEST-Array verschieden ist.\n// simulated input $_REQUEST = array( \u0026#34;county\u0026#34; =\u0026gt; \u0026#34;someword\u0026#34;, \u0026#34;year\u0026#34; =\u0026gt; 1900, \u0026#34;quarter\u0026#34; =\u0026gt; 3, \u0026#34;bogus\u0026#34; =\u0026gt; \u0026#34;value\u0026#34; ); // collect error messages $_ERROR = array(); // clean it up $_CLEAN = clean($_REQUEST, $cleaners, $_ERROR); // the cleaned input echo \u0026#34;cleaned input\\n\u0026#34;; var_dump($_CLEAN); // the error messages echo \u0026#34;collected errors\\n\u0026#34;; var_dump($_ERROR); Fehlt der clean()-Aufruf am Anfang einer Seite, ist $_CLEAN leer und späterer Code, der $_CLEAN referenziert, kann nicht funktionieren – der Fehler wird sofort bemerkt.\n$_CLEAN kann nur Werte enthalten, deren Namen als Keys in $cleaners deklariert sind – undeklarierte Eingabewerte existieren nicht mehr in unserem Programm. $_CLEAN kann außerdem nur Werte enthalten, für die die in $cleaners[$k]['check'] deklarierten Checkerfunktionen existieren – Deklarationsfehler bei Checkerfunktionen führen zu Programmabbruch und werden so sofort bemerkt. Schließlich kann $_CLEAN nur Werte enthalten, für die die angegebenen Checkerfunktionen erfolgreich waren.\nEine Checkerfunktion hat den Namen check_... und gibt ein Paar (Wert, Fehlermeldung) zurück. Wenn der Wert NULL ist, ist eine Fehlermeldung vorhanden und kann eingesammelt werden – der Checker ist fehlgeschlagen. In allen anderen Fällen ist der Checker erfolgreich.\nDiese Bedingungen sind schnell runtergeschrieben und sehen in Code dann so aus:\nfunction clean($R, $cleaners, \u0026amp;$E = \u0026#34;\u0026#34;) { // collected results in $C, collect errors in $E (which is optional) $C = array(); // scan the request variables foreach ($R as $k =\u0026gt; $v) { // Check for bogus values. if (! array_key_exists($k, $cleaners)) { if (DEBUG) echo \u0026#34;*** WARNING: Skipped bogus value $k =\u0026gt; $v\\n\u0026#34;; continue; } // If we make it to here, the value should be imported. // generic cleanup $v = get_magic_quotes_gpc() ? stripslashes($v) : $v; $v = function_exists(\u0026#34;mysql_real_escape_string\u0026#34;) ? mysql_real_escape_string($v) : mysql_escape_string($v); // The value can be imported only, if the specified cleaner exists. $checkfun = \u0026#34;check_\u0026#34; . $cleaners[$k][\u0026#39;check\u0026#39;]; if (function_exists($checkfun)) { // $c will then be the sanitized value list($c, $e) = $checkfun($k, $v, $cleaners[$k]); } else { die(\u0026#34;*** ERROR: $k =\u0026gt; $v fails \u0026#34;. \u0026#34;because specified checkfun $checkfun does not exist.\\n\u0026#34;); } // The value can be imported only, if the specified cleaner succeeded. if (isset($c)) { if (DEBUG) echo \u0026#34;Import $k\u0026#39;s value of $v as $c\\n\u0026#34;; $C[$k] = $c; if (isset($e)) $E[$k] = $e; // collect error anyway } else { if (DEBUG) echo \u0026#34;*** WARNING: Not importing $k, \u0026#34;. \u0026#34;because $v failed $checkfun().\\n\u0026#34;; $E[$k] = $e; // collect error } } return $C; } Jetzt müssen wir nur noch Checkfunktionen schreiben, die die eigentlichen Prüfungen ausführen. In unserem Fall wollen wir noch die folgenden Konventionen gelten lassen:\nJede checkfun hat einen Parameter default, der einen von NULL verschiedenen Default-Wert definieren kann. In diesem Fall schlägt der Check nie fehl, sondern returned den spezifizierten Default-Wert. Eine eventuell erzeugte Fehlermeldung wird dennoch eingesammelt, hat dann aber mehr den Character einer Warnung. Für jeden Parameter p einer checkfun wollen wir optional auch die Definition eines Fehlermeldungs-Parameters p_err zulassen, mit dem die Fehlermeldung überschrieben werden kann, den die checkfun generiert, wenn der Test für p fehlschlägt. Einige Beispiele werden das klarer machen. Hier ist der regexp-Test:\nfunction check_text_regex($k, $v, $par) { $pattern = $par[\u0026#39;pattern\u0026#39;]; $pattern_err = \u0026#34;check_text_regex: \u0026#34;. (array_key_exists(\u0026#39;pattern_err\u0026#39;, $par)? $par[\u0026#39;pattern_err\u0026#39;]: \u0026#34;$v did not match $pattern.\u0026#34;); $default = array_key_exists(\u0026#39;default\u0026#39;, $par)?$par[\u0026#39;default\u0026#39;]:NULL; if (DEBUG) echo \u0026#34;In check_text_regex: k=$k v=$v pattern= $pattern\\n\u0026#34;; if (preg_match(\u0026#34;/^$pattern\\$/\u0026#34;, $v)) return array($v, NULL); else return array($default, $pattern_err); } Der Test prüft, ob der Wert $v dem regulären Ausdruck $par['pattern'] genügt. Wenn ja, wird $v ohne Fehlermeldung zurückgegeben. Wenn nein, wird $par['default'] zusammen mit der Fehlermeldung $par['pattern_err'] zurückgegeben.\nEntsprechend der minmax-Test:\nfunction check_int_minmax($k, $v, $par) { $min = $par[\u0026#39;min\u0026#39;]; $min_err = \u0026#34;check_int_minmax: \u0026#34;. (array_key_exists(\u0026#39;min_err\u0026#39;, $par)? $par[\u0026#39;min_err\u0026#39;]:\u0026#34;$v \u0026lt; $min.\u0026#34;); $max = $par[\u0026#39;max\u0026#39;]; $max_err = \u0026#34;check_int_minmax: \u0026#34;. (array_key_exists(\u0026#39;max_err\u0026#39;, $par)? $par[\u0026#39;max_err\u0026#39;]:\u0026#34;$v \u0026gt; $max.\u0026#34;); $default = array_key_exists(\u0026#39;default\u0026#39;, $par)?$par[\u0026#39;default\u0026#39;]:NULL; if (DEBUG) echo \u0026#34;In check_int_minmax: k=$k v=$v min=$min max=$max\\n\u0026#34;; $v = intval($v); if ($v \u0026lt; $min) return array($default, $min_err); if ($v \u0026gt; $max) return array($default, $max_err); return array($v, NULL); } Dieser Test folgt demselben System: Wenn der Wert $v zwischen $min und $max liegt, wird er ohne Fehlermeldung zurückgegeben. Andernfalls wird $default und eine Fehlermeldung erzeugt. Die Fehlermeldungen können dabei als $min_err und $max_err spezifiziert werden, der $default ist NULL.\nUnd der int_enum-Test, um das Beispiel vollständig zu machen:\nfunction check_int_enum($k, $v, $par) { $values = $par[\u0026#39;values\u0026#39;]; $valuestring = join(\u0026#34;,\u0026#34;, $values); $values_err = \u0026#34;check_int_enum: \u0026#34;. (array_key_exists(\u0026#39;values_err\u0026#39;, $par)? $par[\u0026#39;values_err\u0026#39;]:\u0026#34;$v not in $valuestring.\u0026#34;); $default = array_key_exists(\u0026#39;default\u0026#39;, $par)?$par[\u0026#39;default\u0026#39;]:NULL; if (DEBUG) echo \u0026#34;In check_int_enum: k=$k v=$v values=($valuestring)\\n\u0026#34;; $v = intval($v); if (array_search($v, $values) === false) return array($default, $values_err); return array($v, NULL); } Auch hier werden die Konventionen befolgt: $default und die Fehlermeldung $values_err, wenn der gegebene Wert $v nicht im $values-Array vorkommt, sonst $v und keine Fehlermeldung.\nMit diesem Code und ein wenig Suchen und Ersetzen sollte sich jede framework-freie PHP-Seite schnell auf eine harte Deklaration von Eingabeparametern umstellen lassen:\n$cleaners definieren Alle Vorkommen von $_REQUEST durch $_CLEAN ersetzen globals $_CLEAN nachrüsten, weil $_CLEAN kein Superglobal ist Aufruf von clean() an passender Stelle einfügen, ggf. Fehlerbehandlung in $_ERROR vornehmen Nein, auch das ist nicht 100% wasserdicht, dürfte aber das meiste Feld-, Wald- und Wiesen-PHP schon mal gründlich gegen die größten Dummheiten schützen.\nUnd das alles mit weniger als 60 Minuten Codieraufwand. Vielleicht sollte man eine Extension draus machen, und die so konfigurieren, daß sie die echten $_REQUEST, $_GET, $_POST, $_FILES und $_COOKIE verbirgt und durch zwangsweise von clean() generierte Arrays gleichen Namens ersetzt.PHP-Seiten ohne $cleaners[]-Array können dann gar keine Parameter mehr im Zugriff haben.\n","date":"2007-03-30T00:00:00Z","href":"https://blog.koehntopp.info/2007/03/30/parameterdeklarationen-fur-webseiten.html","tags":["php","security","lang_de"],"title":"Parameterdeklarationen für Webseiten"},{"categories":null,"content":"Die Süddeutsche Zeitung hat einen etwas unklaren Artikel mit dem Titel Internet: Ende der Kultur? . Dort beklagt man einerseits die Kultur des Kopierens im Internet und sieht das Ende der abendländischen Zivilisation durch Raubkopieren heraufdämmern. Zugleich beklagt man aber das viel zu restriktive Copyright-Regime der letzten Jahre, das die Privatkopie zwar nominell erlaubt, aber die Umgehung technischer Schutzmechanismen verbietet. Am Ende ist der Artikel aber kaum mehr als eine recht undifferenzierte Plagiierung der Propaganda der Medienindustrie - die Kommentare zum Artikel sind jedenfalls um vieles spannender als der Artikel selber.\nDer Artikel gibt mir aber die Gelegenheit, hier einmal zu erklären, wieso ich alle meine Texte komplett online stelle.\nMein Textarchiv reicht inzwischen 15 Jahre in die Vergangenheit zurück, bis in das Jahr 1992. Damals las ich einen ziemlich schlechten Artikel in den Fido-Diskussionsforen der c\u0026rsquo;t über einen Vergleich zwischen AmigaOS und VMS und fühlte die Notwendigkeit, eine recht umfassende Antwort darauf zu schreiben. Kurz danach rief ein Redakteur der c\u0026rsquo;t bei mir an und fragte, ob er diesen Artikel drucken könne. Ich antwortete ihm, daß er das selbstverständlich nicht könne, da der Artikel für einen bestimmten Kontext geschrieben wäre, der in seiner Zeitung überhaupt nicht gegeben wäre. Ich würde ihm aber gerne einen Artikel mit genau den gewünschten Inhalten für sein Magazin schreiben, der dann vom Kontext her auch alleine stehen könnte.\nEr bestellte also eine bestimmte Länge und eine gewisse Menge von Abbildungen, und ich habe ihm 4 KB mehr als die gewünschte Länge, Kürzungsanweisungen um 2, 4 und 6 KB und die gewünschten Zeichnungen geliefert. Zu meiner großen Überraschung hat die c\u0026rsquo;t das dann relativ unverändert gedruckt und mich für meine damaligen, studentischen Verhältnisse mit einer ziemlich großen Menge von Geld beworfen.\nIch hatte dann Blut geleckt und fing mehr oder weniger unsystematisch an, die Inhalte diverser Vorlesungen an der Uni in allgemeinverständlicher Weise in 20-30 KB Brocken zu pressen. Diese habe ich dann der c\u0026rsquo;t und anderen Zeitungen als Artikel angeboten. Das war immerhin besser als arbeiten! Die Ergebnisse dieser Bemühungen kann man nun auch hier im Blog lesen.\nAlle meine Autorenvereinbarungen mit allen diesen Verlagen (und noch einigen anderen mehr) sind nicht-standard. Zum Teil habe ich da einen ziemlichen Nerv durchlaufen müssen, bevor die Verlage meine Bedingungen akzeptiert haben. Sie alle enthalten eine Vertragsklausel, die mir erlaubt, was immer ich geschrieben habe sechs Monate nach der Erstveröffentlichung durch den Verlag auf meiner persönlichen Website kostenlos im Rahmen einer Gesamtwerksschau \u0026ldquo;Kristian Köhntopp\u0026rdquo; zu präsentieren. Und zwar in der uneditierten Version, so wie ich es an das Lektorat des jeweiligen Verlages geschickt habe.\nMeiner persönlichen Erfahrung nach hat der Verlag dadurch keinen Verlust: Nachdem das Heft erst einmal verkauft ist, wird der Artikel vielleicht noch einmal in einem \u0026ldquo;Best Of\u0026rdquo;-Heft nachgedruckt, oder auf der Heft-DVD \u0026ldquo;Alle c\u0026rsquo;t die jemals herausgekommen\u0026rdquo; verkauft. Der Wert des Artikels für den Verlag besteht hier nicht in dem einzelnen Artikel, sondern der Wert dieser Veröffentlichungen ergibt sich durch die Vollständigkeit: Im Sonderheft sind alle Artikel zu dem Thema, auf der DVD alle Artikel, die jemals veröffentlicht worden sind. Und der Wert meiner Website ergibt sich genauso: Alle Artikel, die Kris jemals geschrieben hat. Es besteht keine Konkurrenz: Beides sind Datenbanken, aber sie sind entlang unterschiedlichen Dimensionen für unterschiedliche Zwecke gebaut worden.\nIch vergebe mir auf diese Weise auch keine wesentlichen Einnahmen: Die Artikel sind Auftragsarbeiten, sie sind bereits bezahlt und durch den Verlag auch verkauft. Sie sind auch nach der Veröffentlichung auf der Website durch das Urheberrecht geschützt: Leute können sie zur persönlichen Bildung auf meiner Website lesen, sie können sie verlinken und referenzieren - ich halte die URLs auf meiner Site mit Absicht stabil. Wenn jemand die Artikel kommerziell nutzen oder kopieren möchte, muss er sich dennoch an den Rechteinhaber wenden. Hier also den betreffenden Verlag, der die Rechte gekauft hat.\nAuf der anderen Seite habe ich mit dieser Website nun 44 Megabyte veröffentlichtes Material unterhalb von https://blog.koehntopp.info im Netz, das von Suchmaschinen gut gefunden wird und den Namen \u0026ldquo;Kristian Köhntopp\u0026rdquo; mit einer Menge von Themen assoziiert, zu denen ich was zu sagen habe und zu denen ich meine Dienste anbieten kann. Dazu kommen dann noch die Texte unter http://www.php-faq.de/ , die mir zuzurechnen sind.\nIn der Tat funktionieren alle diese Artikel als eine viel bessere Referenz als jedes Arbeitszeugnis: Als ich mein relativ ad-hoc anberaumtes Bewerbungsgespräch bei web.de geführt habe, hatte ich praktisch keine Zeugnisse dabei. Mir saßen dort mein zukünftiger Chef und ein zukünftiger Kollege gegenüber und ich bekam als Opener zu hören \u0026ldquo;Also, wir haben uns Ihre Website schon einmal angesehen, und das ist ja relativ beeindruckend. Über die fachliche Qualifikation brauchen wir im Grunde nicht mehr zu diskutieren.\u0026rdquo; Danke, so lasse ich mir ein Bewerbungsgespräch gefallen!\nZeitweise fand man auf http://kris.koehntopp.de die Bitte, mich nicht anzurufen, sondern Mail zu schicken:\nDas ist meine Telefonnummer. Es ist wirklich meine Telefonnummer. Sie ist für Freunde und Bekannte und für Notfälle. Sie ist nicht für \u0026gt; Kontaktaufnahme wegen Fragen zu meinen Vorträgen, oder für \u0026ldquo;mal eben eine \u0026gt; Frage zu PHP\u0026rdquo;. Dafür gibt es Mail.\nDie entsprechende Passage in der PHP-FAQ wird noch deutlicher:\nDer Autor dieser Antwort erhält zur Zeit pro Woche zwischen 40 und 60 private Fragen nach Hilfe zu PHP. Keine dieser Fragen wird beantwortet - das ist arbeitsmäßig einfach nicht zu schaffen. Allgemein: Es ist sinnlos, Fragen per Mail an einen der Autoren dieser FAQ zu senden. Du belastest damit eine einzelne Person mit Arbeit, statt die Arbeit auf die Newsgroup zu verteilen. Außerdem ist diese Arbeit verschwendet, denn die Antwort wird nur von Dir und nicht von den anderen Lesern der Newsgroup gelesen. Auch kann die Antwort nicht vom FAQ-Team weiterverarbeitet werden.\nBeide Hinweise waren recht dringend, weil die Texte auf der Site und die FAQ weitaus mehr Öffentlichkeit (und Arbeitsgelegenheiten) produziert haben als ich sinnvoll brauchen konnte.\nZusammenfassend kann ich also sagen: Meiner persönlichen Erfahrung nach kann ich von der Veröffentlichung von Texten in Zeitschriften oder Büchern ganz gut leben. Aber diese Texte sind viel effektiver genutzt, indem ich sie als Werbung benutze die die Marke \u0026ldquo;Kristian Köhntopp\u0026rdquo; positionieren, um Aufträge für mich oder meinen Arbeitgeber hereinzuholen: die c\u0026rsquo;t zahlt gut, aber nur ein Tag Consulting generiert mehr Umsatz als selbst ein großer c\u0026rsquo;t-Artikel. Die Artikel sind auch gut genutzt, um die Marke \u0026ldquo;Kristian Köhntopp\u0026rdquo; bei einem zukünftigen Arbeitgeber oder Auftraggeber zu positionieren und zu legitimieren. Oder einfach um mit legitimen Methoden Such-Traffic auf meine Webseiten zu ziehen. In der Summe mache weitaus mehr Gewinn damit, meine Texte en gros \u0026ldquo;zu verschenken\u0026rdquo; als wenn ich sie für Geld scheibchenweise verkaufen würde.\nIch kann jedem potenziellen Autor für Fachzeitschriften nur empfehlen, diese Sechsmonatsklausel zu kopieren und frühzeitig damit zu beginnen eine \u0026ldquo;Werkschau\u0026rdquo;-Website aufzubauen. Für mich hat das gut funktioniert - am Anfang ist das ein bisschen ärmlich, aber im Laufe der Jahre und Jahrzehnte kommt dort eine ganze Menge Material zusammen, das letztendlich im wahrsten Sinne des Wortes für einen selbst spricht . Diese Erkenntnis ist nicht bloß meine: Paul Gerhardt, Project Director of BBC Creative Archive , fasst dieselbe Erkenntnis folgendermaßen zusammen:\nOur message to all content owners, including all the rights owners in our programs, is uncompromising. We\u0026amp;\u0026rsquo;re saying that the greatest danger today to their property is not piracy. It\u0026rsquo;s obscurity.\nMeine Website ist nichts anderes als mein privater Versuch, dies für mich selbst zu vermeiden.\n","date":"2007-03-18T00:00:00Z","href":"https://blog.koehntopp.info/2007/03/18/warum-alle-meine-texte-frei-im-netz-zu-lesen-sind.html","tags":["blog","media","copyright","lang_de"],"title":"Warum alle meine Texte frei im Netz zu lesen sind"},{"categories":null,"content":"Eine Million Leute fragen nach technischen Interviews zum Thema Bundestrojaner. Nichts könnte irrelevanter sein.\nIrssi: Starting query with J I\u0026gt; Was denn??\nJ\u0026gt; Kennst Du Leute, die sich gerne qualifiziert abwertend ueber Bundestrojaner und technische Machbarkeit aeussern wuerden?\nI\u0026gt; nein.\nI\u0026gt; X vielleicht, Y von Y.org vielleicht.\nJ\u0026gt; Daneben, falls moeglich wen, der weiss, was man so zur Terroristenfahndung bei deutschen Behoerden im Internet macht. Der Z hatte einen Kontakt beim BKA, der will aber verstaendlicherweise nicht. Ok, den Herrn X koennte ich da mal anfragen, gute Sache.\nI\u0026gt; Das ist ein Terror-Thema. Das bedeutet, man muss diese Leute erst mal machen und sie auf das Maul fallen lassen. Weil aus deren Sicht ist das alles engineered, beherrschbar und ein Fortschritt. So wie bei den Wahlmaschinen. Oder bei Atomkraftwerken. :) Da muss immer erst eines explodieren.\nJ\u0026gt; :-)\nI\u0026gt; Siehe meinen Artikel zum Thema Vertrauensvorschuß.\nJ\u0026gt; jepp. Hatte ich gelesen.\nI\u0026gt; Und ich denke, nach Celler Loch, nach der \u0026ldquo;die NPD ist vom Verfassungsschutz gesponsored\u0026rdquo;, nach Kurnaz, nach dem FBI Security Letters Abuse und all den anderen Dingen ist es so, daß wir primär darauf bestehen müssen, daß die Methoden, die der Staat hier einsetzt nachvollziehbar, offen und auditierbar bleiben. Aber ein ehrlicher Staat hat ja auch nix zu verbergen.\nI\u0026gt; Und das Bundestrojaner ist halt primär auch kein technisches Problem, sondern ein methodisches. Er ist die Einführung einer Methode, die per Definition keines der o.a. Kriterien erfüllt.\nI\u0026gt; Der Rest ist nur technischer Zuckerguß, und der mag funktionieren oder auch nicht. Das ist für das Endergebnis vollkommen irrelevant\nJ\u0026gt; Eher nicht funktionieren, in diesem Fall :-)\nI\u0026gt; Schon. Aber das spielt keine Rolle.\n","date":"2007-03-12T00:00:00Z","href":"https://blog.koehntopp.info/2007/03/12/das-generelle-mi-verst-ndnis-beim-bundestrojaner.html","tags":["security","terror","überwachung","lang_de"],"title":"Das generelle Mißverständnis beim Bundestrojaner"},{"categories":null,"content":"Der Artikel Der Bundestrojaner durchdekliniert hat, wenn man nach den Trackbacks und den Kommentaren geht, einiges Echo hervorgerufen.\nEinige der derzeit kursierenden Kommentare und Theorien zum Bundestrojaner sind aber Unsinn und ich bin in der Position, das vielleicht ein wenig gerade zu ziehen. So heißt es erstmals bei Telepolis: Heimliche Online-Durchsuchungen sind möglich :\nDenn der Staat hat bereits eine vollständige Infrastruktur für Man-In-The-Middle-Angriffe auf jegliche elektronische Telekommunikation: die [extern] SINA-Boxen bzw. IMS (Interception Management Systems). Diese Geräte muss ein jeder größerer Provider in seinem Netz installiert haben, dazu verpflichtet ihn die TKÜV. Denn über diese Geräte ist die [extern] Möglichkeit des Abhörens jeglicher Telekommunikation implementiert. SINA-Boxen ließen sich ohne großen Aufwand zu weiteren Zwecken umbauen.\nDies wird in Mitarbeiter von Antiviren-Software werden zur Mitarbeit gedrängt aufgegriffen:\nMitarbeiter des Magazins von Telepolis halten den Einsatz von Trojanern für möglich und jeglichen Schutz dagegen für schwierig. Deren Ansicht nach könnte der Staat den Vertreib ihrer Durchleuchtungssoftware mit vergleichsweise wenig Aufwand realisieren. Von statten gehen soll dies unter unter Mithilfe der Modifikation der SINA-Boxen. (Sichere Inter-Netzwerk Architektur) Zu dessen Einbau ist jeder größere Internetanbieter verpflichtet. Durch das Verfremden eines beliebigen Downloads kann der staatliche Angriffscode auf dem heimischen Rechner implantiert werden.\nDas ist vollkommen falsch.\nSina-Box: Funktionen und Aufbau\nWas Sina ist und kann, kann man beim BSI nachlesen: Projekt Sina Systembeschreibung . Die Abkürzung SINA steht dafür für Sichere Inter-Netzwerk-Architektur. Es handelt sich um ein System von Kryptoboxen, mit denen ein zentral gesteuertes, plattenloses VPN aus zertifizierten Komponenten aufgebaut werden kann und dann weiter um die dazu passenden Managementsysteme und jetzt neu auch plattenlose Arbeitsplatzsysteme zur Verarbeitung von Daten mit hoher Geheimhaltungsstufe und die dazu passende Server-Architektur mit gehärteter Virtualisierungssoftware und Datenimportfunktionen.\nSINA ist für eine Reihe von Szenarien entwickelt worden, in denen Daten mit hoher Geheimhaltungsstufe in feindlichen Umgebungen bearbeitet werden müssen. Dazu gehören zum Beispiel auch die Dienststellen und Botschaften des auswärtigen Amtes.\nSina hat keine Funktionen, die Daten in unsicheren Netzen abfangen, verändern oder manipulieren können. Sina hat stattdessen genau die entgegengesetzte Funktion, nämlich solche Angriffe zu verhindern und unmöglich zu machen.\nWelche Rolle hat also die SIN-Architektur im Rahmen der Abhörverpflichtung von Mailanbietern?\nVor der Neuregelung der TKÜV ist Überwachung bei verschiedenen Mailanbietern uneinheitlich durchgeführt worden. Das betraf einerseits die Durchführung der Überwachung hinsichtlich der Art der überwachten Aktivitäten, andererseits die Art der Übermittlung der Überwachungsergebnisse an die berechtigte Stelle.\nSo war komplett undefiniert, welche Events etwa bei der Überwachung einer IMAP-Mailbox geloggt werden müssen und es war durchaus denkbar, daß ein überwachungsverpflichteter Mailanbeiter etwa den Eingang von Nachrichten durch manuelles Einkopieren mittels der APPEND-Methode komplett übersah, weil er nur den normalen Zustellprozeß geloggt hat.\nAndererseits erfolgte die Übermittlung von Überwachungsergebnissen an berechtigte Stellen zum Teil ungesichert (durch Zustellung über das offene Internet an \u0026ldquo;unverfänglich\u0026rdquo; benannte Mailaccounts von berechtigten Stellen bei Webmailhostern) oder auf sehr langsamen Wegen (Postzustellung von gebrannten optischen Medien an die berechtigte Stelle).\nDie überarbeitete TKÜV definiert nun nicht nur recht genau, welche Events geloggt werden müssen und in welchem Format die Übermittlung erfolgen muß, sondern sie definiert auch, wie diese Events an die berechtigten Stellen übermittelt werden sollen.\nDas ist die Stelle, an der die SINA-Boxen ins Spiel kommen. Sie werden verwendet, um ein VPN aufzubauen, das zentral gemanaged wird und das eine sichere und authentisierte Kommunikation zwischen den Verpflichteten und den berechtigten Stellen ermöglicht. Die Sina-Box nimmt also keine Überwachungsaufgaben wahr - das kann sie konstruktionsbedingt gar nicht - sondern sie erlaubt \u0026ldquo;nur\u0026rdquo; die sichere Kommunikations der Überwachungsergebnisse zwischen den Verpflichteten und den Behörden. Das ist gegenüber dem Zustand vor der neuen TKÜV in der Tat eine deutliche Verbesserung!\nDie konkrete Implementierung der Überwachung ist immer noch Aufgabe der verpflichteten Firma: Sie muß entweder ihr existierendes Mailsystem selbst so modifizieren, sodaß sie Überwachungsoutput erzeugt und sich dieses Gesamtsystem dann entsprechend zertifizieren lassen. Oder sie kann eine fertige, zertifizierte Überwachungslösung, etwa die Lösung von NetUSE , kaufen und in ihr Netz integrieren.\nDie Sina-Box wird dabei als fremd-administrierte Komponente im Regelfall auf eine Weise in das Netz des Dienstanbieters integriert, die lediglich eine Kommunikation vom Anbieter durch die Sina hindurch in Richtung der Behörde erlaubt. Alle Kommunikation in Gegenrichtung wird jedoch vollständig geblockt, sofern das Sicherheitskonzept des Dienstanbieters sein Geld wert ist, d.h. die SINA steht in einer abgeschotteten DMZ, deren Firewall alle Connectversuche aus der Sina-Zelle heraus ins Produktionsnetz ausnahmslos blockt.\nDies ist möglich, da auch mit der revidierten TKÜV alle Überwachungsanordnungen \u0026ldquo;out of band\u0026rdquo; auf traditionellen Wegen (per Post oder Fax) bei dem verpflichteten Anbieter eingehen, dort durch den lokalen G10-Beauftragten ggf geprüft werden und dann mehr oder weniger manuell ins TKÜV-Interface eingehackt werden.\nDie Anzahl der Anordnungen hielt sich dabei zumindest bis vor zwei Jahren noch einigermaßen im Rahmen: In den mir bekannten Fällen lagen pro Million Kunden ca. 2 Überwachungsanordnungen vor. Das erscheint mir plausibel: Ich kann durchaus glauben, daß sich in einer Menge von je 500.000 Menschen (so viele Personen wie in Kiel und Karlsruhe zusammen leben) jeweils mindestens eine Person befindet, gegen die die Polizei ausreichend Verdachtsmomente wegen so schwerer Straftaten in der Hand hat, daß sie Genehmigung einer solche Maßnahme durch einen Untersuchungsrichter rechtfertigen. In der Tat finde ich diese Zahl sogar klein. Und die Art der Übermittlung der Ergebnisse einer solchen Überwachung durch das SINA-VPN erscheint mir angesichts der Art der übermittelten Daten sehr viel angemessener als die vorher verwendete Methode.\nDas ist auch genau das, was ich von einem Rechtsstaat erwarten würde: Wenn wir so etwas schon tun müssen, dann bitte so wenig wie möglich, so kontrollierbar wie möglich und qualitativ so hochwertig wie möglich. Damit das vollkommen klar ist: Ich halte die neue TKÜV und das Sina-Zeugs gegenüber der Situation vorher für einen deutlichen Fortschritt!\nNur, wie gesagt, mit dem Bundestrojaner hat das alles nichts zu tun.\nIm Gegenteil: Was ich dann bei andreas.org lese, läßt mich vermuten, daß es sich bei der ganzen Bundestrojaner-Idee um etwas technisch höchst riskantes und unausgegorenes handelt, das technisch nicht nur fragwürdig und schwer zu kontrollieren ist, sondern das qualitativ auch in die falsche Richtung geht.\nLeute, so was hier ist ein sehr gefährliches Spiel, mit dem der Staat sich mehr vergibt als er jemals wieder durch diese Maßnahme reinholen kann:\nUm die Sache mal ein bißchen in den Kontext zu rücken, möchte ich von zwei Job-Angeboten berichten, die mich in den vergangenen Monaten erreicht haben. Zum einen hat das BSI angefragt, ob ich nicht eine Schulung zum Thema “wie schreibe ich einen buffer overflow exploit” für Vertreter diverser Behörden und Organisationen mit Sicherheitsaufgaben halten könne. Zum anderen bekam mich eine Anfrage, doch ein Angebot zur Entwicklung einer transparent bridge abzugeben, die einen Download eines ausführbaren Programms erkennt und dieses on-the-fly mit einem Trojaner versieht.\nDas hat mit Rechtsstaat nix zu tun, das ist der Versuch, Stasi-Methoden zu legalisieren.\nDie Meldung auf andreas.org ist andererseits nicht so ungewöhnlich. Via fefe.de dieser Anfang 2006 beobachtete Maildialog bei nibbler.de :\n250-PIPELINING250-XXXXXXXA250 XXXBstarttls500 unrecognized commandquit\nSolche Kommunikations-Manipulation on-the-fly findet offenbar schon statt! Wir alle - unsere Regierung eingeschlossen! - tun gut daran, Infrastruktur zu bauen, die so etwas verhindert, anstatt da bekannte Bruchstellen zu konstruieren und zu pflegen.\n","date":"2007-03-11T00:00:00Z","href":"https://blog.koehntopp.info/2007/03/11/bundestrojaner-sina-boxen-und-mail-berwachung.html","tags":["security","überwachung","lang_de"],"title":"Bundestrojaner, Sina-Boxen und Mailüberwachung"},{"categories":null,"content":"Soll ich meiner Regierung, meinem Staat vertrauen, daß er seine investigativen Möglichkeiten lediglich zu meinem Schutz und nicht zu meiner Ausforschung einsetzt? Die Süddeutsche schreibt in \u0026ldquo;Der Staat zieht seine Bürger aus \u0026rdquo;:\nAls vor fünfzehn Jahren die politische Kampagne zur Einführung des großen Lauschangriffs begann, warb der damalige Präsident des Bundeskriminalamts dafür, der Polizei nicht nur diesen Lauschangriff zu gestatten, sondern ihr auch \u0026ldquo;einen gewissen Vertrauensvorschuss\u0026rdquo; zu geben. Dieser Vertrauensvorschuss sollte an die Stelle des Rechtsschutzes treten - denn der Lauschangriff war und ist eine heimliche Angelegenheit: Wenn Wanzen in der Wohnung platziert werden, ohne dass der Bewohner davon erfährt, dann kann er sich nicht juristisch dagegen wehren. Daher meinte der BKA-Präsident: \u0026ldquo;Der Bürger darf das Zutrauen haben, dass der Rechtsgebrauch in einem rechtsakzeptablen Rahmen geschieht.\u0026rdquo;\nDarf der Bürger dieses Zutrauen noch haben? Heute, 15 Jahre später, lesen wir auf dem Heise Newsticker: Schwerer Missbrauch von Anti-Terrorbefugnissen durch das FBI :\nDas FBI hat die generell schon weitgehenden Regeln im US-Antiterrorpaket Patriot Act zur Durchleuchtung von Bürgern in zahlreichen Fällen verletzt oder eigenmächtig ausgedehnt. Dies geht aus einem jetzt veröffentlichten Untersuchungsbericht (PDF-Datei) des US-Justizministerium hervor. \u0026hellip; Die Bundespolizei habe ihre weit reichenden Vollmachten bei der Terrorbekämpfung offenbar genutzt, \u0026ldquo;ohne den geringsten Respekt für die Privatsphäre unschuldiger Amerikaner zu zeigen\u0026rdquo;, monierte der demokratische Senator Dick Durbin. Die Analyse des Justizministeriums bestätige \u0026ldquo;die schlimmsten Befürchtungen\u0026rdquo; über den von der Bush-Regierung forcierten Patriot Act.\nEs gibt überhaupt keinen Grund anzunehmen, daß sich solche Dinge auf die USA beschränken. Vertrauensvorschuß verspielt. Die Verteidgung gegen illegale Schnüffelmaßnahmen des eigenen Staates ist inzwischen ein realistisches und aktuelles Szenario beim Design von IT-Sicherheitseinrichtungen geworden.\nUpdate: Siehe auch Heise Security zum selben Thema.\n","date":"2007-03-11T00:00:00Z","href":"https://blog.koehntopp.info/2007/03/11/vertrauensvorschu.html","tags":["security","terror","überwachung","lang_de"],"title":"Vertrauensvorschuß"},{"categories":null,"content":" Ich wollte nix dazu schreiben, weil ich mich dann wieder so aufrege. Aber es geht einfach nicht. Also zwischen Tür und Angel wegen Frattini und Beckstein jetzt doch der isotoppische Endartikel zum Bundestrojaner.\nDer Sachverhalt Meine Regierung erklärt mir und jedem anderen Bürger also das Mißtrauen. Der Rattenschwanz von Artikeln am Ende der Meldung zeigt das sehr deutlich.\nWenn ich über das Thema nachdenke, wird auch sehr deutlich, daß ich meiner Regierung das Mißtrauen aussprechen muß.\nAber gehen wir das Thema doch mal systematisch an: Der Bundestrojaner ist ein hypothetisches Stück Software, das ohne mein Wissen durch den Staat auf meinem Rechner installiert werden soll, wenn der Staat der Meinung ist, daß das aus welchem Grund auch immer gerechtfertigt ist. Der Staat will so Beweise sammeln, mit denen er dann später nicht nur eine gerichtsfeste Rechtfertigung seines Eindringens in meine persönliche Sphäre basteln will, sondern auch einen Fall gegen mich bauen will.\nJa geht das denn so? Lesen wir also einmal nach über Richtlinien zur erfolgreichen Sicherung von EDV-Beweismitteln :\nIm Zentrum des Prozesses, der zur Vorlage von gerichtstauglichen EDV-Beweismitteln führt, steht die Erfüllung der Bedingung, dass die Daten vor Ort korrekt sichergestellt wurden. Ist diese erste Voraussetzung nicht gegeben, so wird jede Information, die aus diesen Daten gewonnen wird, später sehr wahrscheinlich wertlos sein, da sie nicht als gerichtstauglich angesehen werden kann. Wo auch immer EDV-Beweismaterial gesichert und ausgewertet wird, ist es zum unverzichtbaren Grundsatz geworden, eine Kopie des kompletten Zielsystems zu machen. Eine Teilkopie oder die Kopie ausgewählter Daten ist hierzu keine gültige Alternative.\nNicht nur das, sondern weiter:\nDarüber hinaus gibt es mehrere gültige Richtlinien für den Umgang mit Computermedien in beweismitteltechnisch korrekter Form. Zwei der wichtigsten lauten:\n-Keine Handlung seitens der Polizei oder handlungsbefugter Personen darf Daten verändern, die sich auf einem Computer oder einem anderen Speichermedium befinden, das zu einem späteren Zeitpunkt Gegenstand von gerichtlichen Untersuchungen werden kann.\nAlle Vorgänge, die an dem EDV-Beweismaterial durchgeführt werden, müssen in einem Protokoll festgehalten werden. Dieses Protokoll ist aufzubewahren. Ein unabhängiger Dritter muss in der Lage sein, diese Vorgänge zu wiederholen und zu denselben Aussagen zu kommen. Und jetzt kommt der Bundestrojaner. Man kann schon im Ansatz erkennen, daß das so nicht funktionieren kann: Die Installation des Bundestrojaners komprimittiert den zu untersuchenden Rechner in einer Weise, daß dieser zwangsläufig als Beweismaterial unbrauchbar wird.\nNicht nur das: Es ist für niemanden erkennbar (oder sicherstellbar), ob die auf meinem Rechner gefundenen Dokumente von mir stammen oder ob sie nicht durch den Bundestrojaner dort plaziert worden sind. Mal angenommen, meine Regierung ist vertrauenswürdig und würde nicht lügen und intrigieren (Glaubwürdige Annahme? ).\nKonsequenz aus dieser Bedarfsanalyse Dann muß sie natürlich, um Zugriff auf meinen Rechner zu haben, den Bundestrojaner bei mir installieren. Das kann sie entweder unter Zeitdruck bei den Leuten tun, auf deren Rechner sie Zugriff haben möchte oder vorab kontrolliert bei allen Leuten und dann den Trojaner nur aktivieren bei denen, bei denen sie den Zugriff für gerechtfertigt hält.\nDas wird sie natürlich nur in wenigen, streng begründeten Ausnahmefällen tun. Die kontrollierte Installation würde als Hintertür in irgendeinem wichtigen Programm erfolgen, das sowieso jeder verwendet und das regelmäßig legitim Kontakt zu irgendwelchen staatlichen Servern aufnehmen muß. Auf diese Weise ist schon alles vorbereitet, wenn Bedarf besteht und die Umstände der Installation sind nicht nur unverdächtig, sondern auch besser beherrschbar. Und die Nutzlast, die da installiert werden kann, darf größer sein, weil das in dem größeren Klumpen legitimer Software sowieso nicht auffällt.\nWie der Bundestrojaner vorgehen muß Würde sich der Bundestrojaner auch nur entfernt an die oben genannten \u0026ldquo;Richtlinien zur erfolgreichen Sicherung von EDV-Beweismitteln\u0026rdquo; halten, dann hat er ein Problem. Nämlich das Problem, zwischen 80 und 800 Gigabyte Daten von der Zielfestplatte zu den Bedarfsträgern zu schaffen ohne daß dies auffällt, denn \u0026ldquo;Eine Teilkopie oder die Kopie ausgewählter Daten ist hierzu keine gültige Alternative.\u0026rdquo; heißt es in den o.a. Grundsätzen. Mit dem Upstream einer DSL-Leitung ist das in sinnvoller Zeit schlicht nicht möglich.\nEs ist also doppelt nicht möglich, die \u0026ldquo;Richtlinien zur erfolgreichen Sicherung von EDV-Beweismitteln\u0026rdquo; einzuhalten. Nicht nur das: Da der Bundestrojaner sich auf eine selektive Sicherung beschränken muß, muß er Dateien durchsuchen, analysieren, und dann muß mehr oder weniger interaktiv eine Auswahl getroffen werden.\nKonsequenz aus der Interaktivität Endstand: Ethereal vs. die Welt\nDas Programm Wireshark hat eine ganz ähnliche Aufgabe wie der Bundestrojaner: Es dient dazu, Netzwerkverkehr mitzuschneiden und unbekannte oder defekte Daten zu analysieren und nach nützlichen Informationen zu durchsuchen. Es ist ein wertvolles Netzwerkanalysetool. Wireshark hieß früher Ethereal, und unter diesem Namen finden wie es auch in der National Vulnerability Database der US Behörde NIST.\nUnbekannte und defekte Daten zu analysieren ist eine schwierige Aufgabe - Ethereal-Wireshark muß im Grunde genommen Bitmüll interpretieren ohne zu wissen, was es ist, und dann in sinnvolle Informationsblöcke zerlegen. Es muß dies insbesondere auch mit falsch beschriftetem oder verstrahlten Bitmüll tun.\nIn Konsequenz ist Wireshark-Ethereal der einsame Anführer der National Vulnerability Statistic in den letzten 3 Jahren: Es ist das Programm mit den meisten remote ausnutzbaren Fehlern überhaupt: fast 50 in 2005 (2006 ist es dann umbenannt worden, sodaß noch 12 weitere Vulnerabilities dazu kommen, 2007 werden es etwa 30 sicherheitskritische Fehler sein, die in Wireshark gefunden werden).\nWarum ist das wichtig? Der Bundestrojaner wird, das haben wir eben klar gemacht, interaktiv auf Kommandos von draußen hören müssen und er wird falsch beschrifteten und verstrahlten Bitmüll auf lokalen Festplatten analysieren und zerlegen müssen, damit er ihn nach verdächtigen Daten durchsuchen kann. Der Bundestrojaner wird zwangsläufig eine ebenso große Fehlerquelle sein wie Wireshark, weil er dasselbe Problem zu lösen hat. Ein sehr schwieriges Problem! Und im Gegensatz zu Wireshark wird der Bundestrojaner nicht von einer große Menge Open Source Programmierern ohne Druck einer Deadline entwickelt, sondern von einer Privatfirma im Staatsauftrag unter Zeitdruck aus Halbfertigkomponenten zusammengeschwartet, die für einen ursprünglich ganz anderen Zweck entwickelt worden sind.\nKonsequenz aus der Verwundbarkeit Bleibt der Bundestrojaner unentdeckt? Nein! Davon müssen wir zwangsläufig ausgehen. Entweder wird er unter halsbrecherischen Umständen nach Bedarf installiert und so dem ersten Systemadministrator auffallen, der ein wenig mehr als die übliche Paranoia auf seinen Systemen walten läßt, oder er wird auf so vielen Systemen \u0026ldquo;auf Vorrat\u0026rdquo; installiert sein, daß jeder ihn irgendwo auf seiner Kiste hat. Der Bundestrojaner wird, wenn er erst einmal entdeckt worden ist, das bestuntersuchte Programm sein, daß deutsche Hacker jemals in die Finger bekommen haben.\nWenn er dann wirklich auf Vorrat installiert worden ist und entfernt ausnutzbare Schwächen hat (die er wegen seiner Natur zwangsläufig haben muß), dann hat unser Staat auf Computern von Millionen seiner Bürger eine Backdoor installiert, die nun von jedem Spammer und Botnet-Betreiber weltweit sofort und ohne große Probleme ausnutzbar ist. Ich rechne fest mit einer Schadensersatzklage, die unsere Republik bis in die Grundfesten erschüttern wird und mit einem nationalen Sicherheitsnotstand. Deutsche Telekom wird das nationale DSL Notabschalten müssen, um Schlimmeres zu verhindern. Nein, ich sehe das nicht als \u0026ldquo;ob\u0026rdquo;, sondern nur als \u0026ldquo;wann\u0026rdquo;-Frage.\nWäre der Bundestrojaner wirksam? Mal angenommen, unsere Regierung wäre nicht nur vertrauenswürdig, sondern die Entwickler des Bundestrojaners wären auch unerwartet fähig, sodaß es nicht zu dieser Situation kommt. Der Bundestrojaner befindet sich also auf einem durchschnittlichen Straftätersystem, etwa 5 Jahre von hier ab in der Zukunft und will Dinge scannen und dann zum Staatsanwalt uppen. Dank VDSL sei das gar kein Problem.\nWas sind aktuelle Themen in der Computertechnik, die dem Bundestrojaner in die Quere kommen können?\nDer Bundestrojaner muß das System, auf dem er läuft verändern und, damit er effektiv ist, auf alle Dateien im System zugreifen können. Auch auf geschützte Dateien. Damit kollidiert er zwangsläufig mit DRM -Mechanismen, die das genau verhindern wollen und sollen. Es kann sogar sein, daß der Bundestrojaner sich so verrät, oder daß dem Eigentümer des Systems durch den Zugriff des Bundestrojaners Kosten entstehen. Der Sinn von Trusted Computing Umgebungen ist es genau, eine verifizierte Systeminstallation zu haben, in der sich Software nicht verstecken kann und nicht an den Zugriffskontrollmechanismen des Betriebssystems vorbei auf Daten zugreifen kann.\nDer Bundestrojaner läuft unter Umständen gar nicht auf einem realen System und sieht unter Umständen gar keine realen Dateien. Immer mehr Benutzer - auch Heimanwender - gehen dazu über, statt eines Rechners durch Virtualisierung eine Reihe von simulierten virtuellen Rechnern laufen zu lassen, die jeweils mit beschränkten Datenmengen oder beschränkten Rechten ausgestattet sind. Es ist also für den Bediener eines Bundestrojaners gar nicht einfach möglich, festzustellen, auf welcher System- oder Rechteebene er sich befindet und ob die Daten, die er da zu sehen bekommt, real oder vollständig sind. Je nach verwendeter Virtualisierungsschicht bekommt er offensichtlich simulierte Hardware zu sehen oder die Identifikationen der real verwendeten Hardware werden durchgereicht, aber der Zugriff auf die Hardware erfolgt nicht real, sondern durch die Virtualisierungsschicht gefiltert.\nDas hier ist also der Deal Der Deal ist also wie folgt: Weil einige Staatsorgane den heimlichen Zugriff auf meine Hardware fordern, will der Staat das möglicherweise noch vorhandene Restvertrauen zwischen ihm und mir komplett ruinieren. Ich muß in Zukunft also davon ausgehen, daß jede staatlich bereitgestellte Software nicht nur die angepriesenen Funktionen hat, sondern auch noch die staatliche Hintertür auf Vorrat mitbringt.\nIm Austausch bekommt der Staat einen Mechanismus, der für den angepriesenen Zweck vorab erkennbar ungeeignet ist, weil er die notwendigen Richtlinien zur gerichtsfesten Beweiserbringung nach Definition nicht erfüllen kann. Der Staat riskiert außerdem die Sicherheit seiner gesamten DV-Infrastruktur, bundesweit, seine eigenen Systeme eingeschlossen.\nUnd das ist die Sachlage noch vor jedem politischen Argument dafür oder dagegen.\n","date":"2007-02-26T00:00:00Z","href":"https://blog.koehntopp.info/2007/02/26/der-bundestrojaner-durchdekliniert.html","tags":["security","überwachung","lang_de"],"title":"Der Bundestrojaner durchdekliniert"},{"categories":null,"content":"Vergangenen Donnerstag habe ich den Vortrag \u0026ldquo;Flames - Kommunikationszusammenbrüche im Netz\u0026rdquo; für den CCC Stuttgart gehalten. Hier sind die Slides und ein Youtube Video von einer späteren Aufführung des Vortrages.\nDer Vortrag basiert auf den Kommunikationserfahrungen, die ich mit einigen Freunden im USENET in verschiedenen Foren gemacht habe. Aber ich denke, daß die Erkenntnisse hier auf mehr als eine Weise auch auf andere Umgebungen übertragbar sind.\nWas ist eine Flame? Was ist eine Flame? Ein Beitrag in einer Online-Diskussion, der provozierend geschrieben ist. Oder ein Beitrag, der auf eine Art und Weise ein unwichtiges oder formales Thema behandelt, sodass der Leser sich darüber aufregt und in Zorn gerät.\nWarum? Warum schreiben Leute Flames? Wenn man fragt, bekommt man Antworten von der Art\n\u0026ldquo;Das kann man doch so nicht stehen lassen!\u0026rdquo; \u0026ldquo;Der soll sich doch erst mal benehmen lernen!\u0026rdquo; und als Nummer 1:\n\u0026ldquo;Jetzt fühle ich mich besser!\u0026rdquo; Dafür ist die Diskussion in Folge gestört und nicht konstruktiv, aber ist dann nicht das Problem des Flamers.\nWarum im Netz? Das passiert in der Regel im Netz und nicht in der realen Welt. Wenn man sich mit Leuten, die für ihr Verhalten im Netz bekannt oder berüchtigt sind unterhält, bei einem Bier abends im Garten, dann sind das meist relativ intelligente und ziemlich nette Leute. Aber halt nur, wenn man denen gegenüber sitzt und nicht, wenn man mit denen über Netz kommuniziert.\nKommunikationsmodell Wenn man verstehen will, was dort passiert, dann muss man sich ein wenig mit Kommunikationswissenschaft und Umständen beschäftigen. Das Modell von Schulz von Thum und den vier Ebenen der Kommunikation ist dabei hilfreich:\nSachinformation: Worüber ich informiere Selbstoffenbarung: Was ich von mir selbst kundgebe Beziehung: Wie wir beide zueinander stehen Appell: Wozu ich Dich veranlassen will. Jede Kommunikation ist am Ende immer eine Störung. Der Empfänger einer Nachricht sitzt da so und geht friedlich seinen eigenen Sachen nach, aber wenn ich mit diesem Menschen kommuniziere, dann will ich etwas von dem. Ich möchte, daß er seine aktuelle Tätigkeit unterbricht und etwas anderes tut. Das ist dann der Appell in der Nachricht.\nKommunikationsmodell II \u0026ldquo;Man kann nicht nicht kommunizieren\u0026rdquo;, Paul Watzlawick, 1969 \u0026ldquo;Every behaviour is a kind of communication. Because behaviour does not have a counterpart (there is no anti-behaviour), it is not possible not to communicate.\u0026rdquo;\nKommunikation ist Verhalten und es gibt kein Nicht-Verhalten. Das bedeutet, jede Aktivität, selbst eine Flame, ist eigentlich eine Form von Kommunikation. Die besonderen Umstände der Kommunikation im Netz machen es notwendig, daß man die erlernten Verhaltensmuster aus der realen Welt mal kurzschließt und sein Verhalten umstellt, damit man mit Flames korrekt umgehen kann. Das muss man sich aber bewusst antrainieren. Wenn man da seinen Instinkten und normalen Verhaltensweisen folgt, dann geht es schief, denn die normalen Offline-Verhaltensmuster sind online wirkungslos und deswegen falsch.\nKommunikationsmodell III Außerhalb des Netzes habe ich ganz viele Kommunikationskanäle. Den gesprochenen Text des Vortrages kann ich aufschreiben, aber das ist nicht dasselbe, denn das ist nicht, was hier passiert. Denn gleichzeitig haben die Anwesenden im Vortrag die Optik, hören die Stimme und Betonung und wie sich der Vortragende sich bewegt und mimt. Inkongruente Kommunikation, Ironie und Sarkasmus, sind leicht zu erkennen und - durch den Rückkanal - wenn sie nicht funktionieren leicht zu korrigieren und korrekt zu kontextualisieren. Jede Aussage in einer Anwesenheitssituation wird so noch einmal mehrfach qualifiziert.\nIn einer Onlinesituation ist das meiste davon nicht vorhanden. Alles, was noch da ist, ist der Text. Damit fehlen viele soziale Kommunikationshilfen, die der Empfänger gewohnt ist.\nDazu kommt, daß ich über die Grenzen von Zeit und Raum kommuniziere: Meine Kommunikation wird unter Umständen zu einem späteren Zeitpunkt von einer mir unbekannten Person in einem unbekannten Kontext gelesen und interpretiert. Der Kontext wird dadurch sehr viel offener für Interpretation, weil Leser und Schreiber ganz andere Erwartungen haben.\nIm Netz kommt noch dazu, daß viele Leute im Netz zwar ein schriftliches Medium benutzen, aber Formulierungen, Ansprache und Kontext wie in einer gesprochenen Kommunikation setzen. Der so entstehende Text hat also alle die persistenten Eigenschaften von einem Buch, einem Artikel oder sonst einem geschriebenen Text: Ich kenne als Autor den Empfänger nicht, ich habe den zeitlichen Versatz darin, ich habe den sozialen Kontext nicht und unter Umständen kenne ich den größeren Kontext des Empfängers nicht. Auf der anderen Seite haben wir aber all die offenen, vieldeutigen Formulierungen und Interpretationsmöglichkeiten des gesprochenen Wortes.\nEin Leser, der mein aufgeschriebenes gesprochenes Wort viele Monate oder Jahre später liest, und dabei ganz anders kontextualisiert, wird das oft ganz anders interpretieren als es gemeint und originär verstanden worden ist.\nForen als soziales System Dazu kommt natürlich das Aufeinandertreffen von zwei Personengruppen: Wir haben Dauerteilnehmer, die schon lange dabei sind und eine ganze Menge Kontext, Kenntnisse und lokale Subkultur haben. Aber zugleich haben wir auch Laufkundschaft, die in dem Forum mit einem konkreten Ziel oder einer Frage aufschlägt, eine Antwort haben möchte und dann wieder verschwindet.\nDie meisten Online-Communities sind auf diese Situation schlecht eingerichtet. Das heißt, Neuankömmlinge werden oft schlecht integriert, weil eventuell gar kein Mechanismus existiert, um Laufkundschaft abzufertigen oder Historie und Subkultur zu lehren. Dadurch sind die Regulars schnell genervt, weil sie sich vorkommen als seien sie die Hauptperson in einem dieser Filme.\nForen als soziales System II In der realen Welt erwarten wir von Personen, daß sie sich in einer bestimmten Situation dem sozialen Kontext entsprechend verhalten. Es gibt entsprechend in allen diesen Systemen Methoden zur Erzwingung von Konformität. In der realen Welt:\nKonformes Verhalten wird belohnt. Nicht konformes Verhalten wird bestraft (\u0026ldquo;Schlag auf\u0026rsquo;s Maul.\u0026rdquo;) Foren als soziales System III Das geht im Netz so nicht.\n\u0026ldquo;The social dynamics of the net are a direct consequence of the fact that nobody has yet developed a Remote Strangulation Protocol\u0026rdquo; \u0026ndash; Larry Wall\nDas Zitat erklärt, daß im Netz die negativen Mechanismen zur Erzwingung von Konformität nicht funktionieren. Man kann niemanden remote Erwürgen, ihm nicht remote auf\u0026rsquo;s Maul hauen, aber auch nicht dauerhaft aus der Diskussion aussperren. Keiner der negativen Steuermechanismen, die wir gewohnt sind, funktioniert.\nMan kann Flames als fehlgeleitetes, unwirksames negatives Verhaltensfeedback interpretieren: Weil wir aus der realen Welt gewohnt sind, nicht konformen Personen negatives Feedback zu geben, versuchen wir das auch Online. Da ist es wirkungslos, und daher für die Kommunikation destruktiv, denn es schadet der Diskussion des Flamers und der laufenden Diskussion mit seinen Freunden mehr als der Person, die geflamed wird.\nNur die positiven Instrumente sind wirksam, mit denen wir konformes Verhalten belohnen können.\nKommunikation im Netz Kommunikation im Netz in Foren ist öffentlich: Es reden nicht nur der Flamer und der Geflamte miteinander, sondern es lesen auch immer noch weitere Personen mit. Die Flame ist also immer auch eine Inszenierung gegenüber den Peers, und gegenüber Dritten (\u0026ldquo;Innocent Bystanders\u0026rdquo;) und prägt so Verhaltensnormen und Umgangsformen.\nKommunikation im Netz II Daraus ergibt sich die Frage für den Umgang mit Trollen und Flames:\nWas ist effektiv, wenn alle Repressionsmechanismen fehlen? Was kann ich tun, wenn ich mich ausschließlich auf positive Feedbackmechanismen beim Erziehen von Leuten verlassen muss?\nKommunikationsziel Wir reden im Grunde über Krieg. Ich möchte eigentlich mit Gewalt - ohne daß ich Gewalt ausüben kann, weil mir die Mittel dazu fehlen - etwas bewirken: Bei meinem Gegenüber eine Verhaltensänderung erzwingen.\nMan muss sich also als Erstes überlegen, was das Kriegsziel - hier das Kommunikationsziel - ist, das man erreichen möchte. Eine Siegbedingung festlegen, auf die man hin arbeiten kann.\nEigentlich möchte ich, daß sich diese Leute so verhalten, wie es für dieses Forum angemessen ist. Dafür muss ich das erst einmal definieren. Wenn ich also eine bestimmte Kultur etablieren möchte, dann muss ich die erst einmal definieren und aufschreiben.\nDas ist schwierig, wenn man in einer Murmeltiertags-Situation ist und gar keine Kultur hat, weil man sich nicht erinnern kann. Ich brauche also überhaupt erst einmal einen Mechanismus, der Erinnerung institutionalisiert.\nTechnischer Kontext Wir haben keine negativen Feedback-Mechanismen. Wir können nicht Strafen, wir haben keine Möglichkeiten, Leute rauszuwerfen, ihre Kommunikation zu unterdrücken oder herauszufiltern. Ich kann zwar filtern, was bei mir hereinkommt, aber ich kann meinen Filter nicht anderen überstülpen, und damit kann ich mit meinem Filer nicht andere für alle herausdrängen.\nWeil ich keine Repressionsmechanismen habe, brauche ich auch nicht zu drohen. Jede Drohung ist, weil sie nicht durchsetzbar ist, ein Bluff. Angstbasierte Kommunikation ist damit unglaubwürdig und wirkungslos.\nExperiment dclp Am 1. Januar 2000 wurde die Gruppe \u0026ldquo;de.comp.lang.php\u0026rdquo; eingerichtet. Die Gruppe wurde in relativ kurzer Zeit sehr populär.\nDort hat sehr viel Drive-By Kommunikation stattgefunden, die man heute eher auf Stack Exchange finden würde: Leute tauchen auf, stellen eine technische Frage, wollen eine Antwort und sind dann wieder weg.\nDabei wiederholen sich natürlich viele Fragen. Das nervt viele Leute, und sie nehmen sich dann auch nicht die Zeit, korrekte oder gute Antworten zu formulieren. Durch die Wiederholungen wird die Stimmung schlecht, und bald gibt es statt sinnvoller Antworten nur noch Beschimpfungen.\nDie Liste unserer Anfordernugen ist also:\nWir wollen ein Erinnerungsvermögen haben! Wir wollen bestimmte Standards etablieren, hinsichtlich Ton und Qualität der Antworten. Neulinge sollen sinnvolle, richtige Antworten und Anleitung in einem freundlichen Ton bekommen. Und weiterhin als Einschränkung:\nWir können nur positive Feedback-Mechanismen verwenden. Experiment dclp II Das ist machbar, denn die Gruppe ist neu. Es gibt noch keine Standards, also kann ich Regeln nach Wunsch etablieren.\nEs ist eine technische Gruppe: Es gibt eine objektive Wahrheit, und als technischer Schreiber kann ich den Diskurs bereichern.\nDas ist eine gute Ausgangsbasis.\nSchritt 1: Erinnerungsvermögen herstellen - eine FAQ! Schritt 2: Respekt basierende Kommunikation als Norm durch Vorführen etablieren. Ich schreibe Antworten. Die Antworten sind getestet. Sie beantworten Fragen, die oft gefragt werden. Das generiert Karma - öffentliches Ansehen. Der Wirkmechanismus ist also\nKris löst Probleme und gewinnt so Ansehen bei Fragestellern.\u0026quot; \u0026ldquo;Ich will auch Karma.\u0026rdquo; \u0026ldquo;Ich mache Kris Verhalten nach.\u0026rdquo; Wenn dann Trolle auftauchen und die deswegen trollen, weil sie Aufmerksamkeit wollen, dann sehen sie: So, mit Beleidigungen, kommen sie nicht weiter, sondern werden ignoriert. In dieser Gruppe bekommen man Aufmerksamkeit und Ansehen, Meinungsführerschaft, durch Mitarbeit.\nExperiment dclp III Mittel Website für FAQ Editor, XML, XSLT ca. 1h Zeit pro Tag Das Projekt ist im Grunde das Ergebnis einer Provokation: In der deutschen Linux-Gruppe hat eine Person mit Technik- und Soziologie-Hintergrund mit viel Aufwand vergiftete Antworten geschrieben. Sie waren richtig, gut und technisch vollständig.\nDiese waren aber auch so gestaltet, daß der Leser sich beim Lesen aufgeregt hat, und dadurch nicht mehr in der Lage war, die Antwort zu verstehen und sinnvoll zu nutzen. Das waren brillante textliche Werke, die auf eine einzigartige Weise Leute manipuliert haben.\nLeider hat das Nachahmer animiert, ebenso zu handeln. Jedoch ohne zu verstehen, was den Originalautor ausgezeichnet hat, und was seine Texte besonders gemacht hat. Dadurch wurde die Gruppe schnell zu einem Sumpf voller langweiliger Beschimpfungen ohne sinnvollen Lehrgehalt, und die Gruppe wurde nutzlos.\nDer betreffende Autor war außerdem der Auffassung, man könne Laufkundschaft anders nicht in den Griff bekommen. Das Experiment dclp war ein Versuch, diesem Menschen das Gegenteil zu beweisen.\nEin Archiv der dclp-FAQ ist in www.php-faq.de zu finden.\nExperiment dclp IV Trennung Kultur/Technische Anleitung Dauer: ca. 2 Jahre + 2 Jahre passiv Die FAQ hat für jede Frage eine URL generiert. Es gab also einen Artikel pro Seite: Antwort, Material, Querverweise, getestetes Beispiel.\nBei der Arbeit mit der FAQ habe ich mir dann grundsätzlich Fragen gesucht, die falsch oder gar nicht beantwortet worden sind. Fragen, die bereits bearbeitet waren, brauchten meine Aufmerksamkeit ja nicht.\nDie generierten Antworten von mir sind in der Regel in weniger als 60 Sekunden verfasst gewesen und bestanden aus 3 Teilen:\nBridge: Gleich kommt die Antwort und sie steht mit Deiner Frage folgendermaßen in Verbindung. Antworten: die URL auf die Antwort. Nicht die URL auf die FAQ, sondern die URL der spezifischen Antwort. Es geht darum, eine Person mit einem konkreten Problem arbeitsfähig zu machen. Nachtreten: Das so erworbene Karma verbrauchen. Also, erklären, was richtig oder falsch an der Art der Fragestellung war, und wie man sich hier besser verhalten kann, um bessere Antworten zu bekommen. Das ist auch eine Inszenierung. Das heißt, ich schreibe jeden Artikel immer auch für unbeteiligte Mitleser. Diese lernen dadurch:\nMan kann die Probleme von Fragestellern lösen. Man kann die Probleme mit den Fragestellern beeinflussen, also ihr Verhalten verbessern. Man macht das, indem man sich so verhält wie Kris. Diese Vorgehensweise war auch in der FAQ im Kapitel 0 dokumentiert.\nExperiment dclp V Langes Nachklappern Kaum Flames \u0026ldquo;Bekehrung\u0026rdquo; einiger Newbies Einige der besten FAQ-Autoren! Das Nehmen von Fragen und ihre Umwandlung in FAQ-Artikel ist ein Kondensationsprozess, bei dem man die Ergebnisse einer interaktiven Kommunikation vom Kontext befreit, verallgemeinert und in einen Artikel umwandelt. Mehrere Artikel zu einem Thema ergeben ein Kapitel, aber die Artikel sind nicht miteinander verknüpft. Sie stehen nur thematisch und von den URLs nebeneinander.\nEin weitere Kondensationsprozess könnte die Artikel der FAQ nehmen, und in Kapitel eines Buches zum Thema umwandeln. Das hat meines Wissens nur mit comp.lang.c funktioniert: Die FAQ dieser Gruppe ist von Peter van der Linden in das Buch \u0026ldquo;Deep C Secrets \u0026rdquo; umgewandelt worden.\nExperiment drsrm In \u0026ldquo;de.rec.spiele.rpg.misc\u0026rdquo; ein ähnliches Projekt von Azundris. Kein Hard Science Thema, keine objektive Wahrheit.\nMan will also Erinnerung schaffen und Erkenntnisse aus vorherigen Diskussionen aufbewahren. Dabei muss man berücksichtigen, daß es viele Regulars und wenig Laufkundschaft gibt.\nDie drsrm-FAQ ist hier archiviert .\nExperiment drsrm II Die FAQ ist also mehr ein Protokoll vergangener Diskussionen und Positionen. Dabei wird das Protokoll, wo machbar, in Wikipedia-Stil verfasst, also \u0026ldquo;Neutral Point of View\u0026rdquo; eingenommen.\nAn den Stellen wo das nicht ging, weil unvereinbar kontroverse Positionen vertreten wurden, sind diese im Stil von Everything2 nebeneinander gestellt worden. Dabei werden die kontroversen Punkte herausgearbeitet, damit auch klar wird, worin der Konflikt besteht.\nExperiment drsrm III Das führt zum Abschluss von Themen: Das Protokoll sichert bereits abgedecktes Terrain bei Diskussionen und spätere Diskussionen können sich an die Ergebnisse früherer Instanz den der Diskussion erinnern. Das macht wiederaufflammen bereits abgearbeiteter Themen schwierig.\nDas ist nicht unbedingt günstig für eine Gruppe, die sowieso schon Low Traffic war.\nDennoch gutes Beispiel für nicht-technische Gruppen und was man dort mit einer FAQ erreichen kann.\nExperiment dtb dtb ist Klamauk, Satire, Wirr, eine Spaßgruppe. Ein Testbed für Experimental-Kommunikation beschreibt es recht gut.\nDort haben sich Leute zusammen gefunden mit einer eigenartigen Idee von Humor und gewissen sprachlichen Fertigkeiten. Eine Tradition, die sich relativ schnell herausgebildet hat, sind \u0026ldquo;Out of Area\u0026rdquo;-Einsätze. Die Regulars von dtb sind dabei losgegangen und haben ihre Art zu kommunizieren einmal in andere Gruppen transplantiert um zu sehen, was daraus wird.\nEin klassisches Beispiel war \u0026ldquo;de.alt.ufo\u0026rdquo;, in dem dtb-Regulars versucht haben, in de.alt.ufo die Verschwörungstheoretiker mit neuen Verschwörungsideen zu übertreffen. Das war eine interessante Erfahrung, weil das komplett fehlgeschlagen ist: Wenn die dtb-Leute in einer Verschwörungstheorie-Gruppe mit einer offensichtlich ausgedachten, verabredeten und unsinnigen Idee auftauchen, dann kommen die de.alt.ufo-Leute, nehmen das und bauen das in ihre Erzählungen einfach ein. Alles wird assimiliert.\nWenn man dasselbe in de.admin.news, der Netzverwaltung macht, dann sitzen dort die ganzen Nomic -Spieler. Die sind nicht in der Lage, dtb zu verarbeiten und stürzen ab.\n\u0026ldquo;Wahrheitsfindung ohne Wahrheitsnennung\u0026rdquo;: Es ist in dtb gelungen, einen Gruppenkonsens herzustellen, ohne diesen zu verbalisieren. Es begann damit, daß Personen in dtb eintrafen und versucht haben, mit einer Organisation zu reden, also jemanden zu sprechen, der verantwortlich war.\nÄhnliches war zuvor in den kiel.* Netzwerkgruppen passiert, wo jemand aus dem Fido-Netz den Netzwerkkoordinator für kiel.* sprechen wollte. Es war einfacher, sich als die betreffende Person zu kennzeichnen als dem Gegenüber zu erklären, daß es solche Strukturen für kiel.* nicht gibt.\nSo auch in dtb, wo ich Anordnungen erlassen habe, und diese mit \u0026ldquo;Fünfter und Sprecher des Hohen Rathes der 13 Weisen vom Feed\u0026rdquo; gezeichnet habe. Das ist eine offensichtlich unsinnige Organisation, und ich habe mir auch nicht die Führungsposition gegeben, aber irgendein Neben-Amt, das den Anschein von Autorität vermittelt.\nWirkungsweise und Zweck dieser Anmaßung (und der Konstruktion dahinter) sind von den Regulars dieser Gruppe sofort verstanden worden, und sie haben es aufgegriffen. Dabei sind ohne weitere Absprache weitere Ämter (aber kein Herrscher) und Positionen (aber keine der ersten Drei) belegt worden. Es ist also eine Nicht-Organisation formiert worden, ohne sich abzusprechen und diese war im wahrsten Wortsinne kopflos: Organisierte, strukturierte Anarchie!\nExperiment dtb II Diese Nicht-Organisation ist dann gegenüber de.news.admin mit Forderungen aufgetreten, und hat so Chaos gestiftet: dtb hat das Usenet als Kommunikationsmedium an seine Grenzen gebracht\n\u0026ldquo;Deutscher Rekordhalter im Fremdcancel\u0026rdquo;: Alle Artikel, dazu auch alle Crosspostings in dtb, durch Fremdcancel gelöscht. Drei Tage die Gruppe durch den Cancelbot leer gehalten. Das hat auch alle Crosspostings gelöscht. Alle Artikel nach drei Tagen wiederhergestellt, aber mit geändertem Betreff: ONLY THREAD EVER - und mit geänderten Referenzen, sodaß ein gigantischer verketteter Megathread entstand.\nDabei sind auch die Crosspostings wiederhergestellt worden, und haben so die anderen, nicht-dtb Gruppen getroffen.\nDie Reaktion in de.admin.news war der Antrag, dtb zu löschen, weil die Insassen dort komplett unkontrollierbar seien. Die dtb-Mannschaft und der Hohe Rath haben dem vom Herzen zugestimmt: \u0026ldquo;Ja, wir waren böse und müssen bestraft werden.\u0026rdquo;\nDaraufhin hat de.admin.news sich gewundert, warum die dtb-Leute das wollen, und die Löschung verhindert.\nSummary Was ist das Kriegsziel, welchen Zustand möchte ich erreichen? Was ist das Publikum und wie reagieren die? Was sind die Mittel, die ich habe. Beispiel: Heise-Forum steuern.\nAnsatz mit \u0026ldquo;Carpet-Bombing\u0026rdquo;:\nUnter faktenfreie Artikel im Heise-Forum Antworten mit sinnvollem Inhalt setzen, und dadurch in allen Threads, die aus dem Ruder laufen, die Diskussion wieder in sinnvolle Bereiche bringen.\nNach 15-20 Minuten meistens Lufthoheit in dem betreffenden Forum erreicht.\n","date":"2007-02-11T00:00:00Z","href":"https://blog.koehntopp.info/2007/02/11/flames-kommunikationszusammenbrueche-im-netz.html","tags":["talk","publication","karlsruhe","stuttgart","lang_de"],"title":"Flames - Kommunikationszusammenbrüche im Netz"},{"categories":null,"content":"Will sagen, nach Bloodsucking Fiends hab ich jetzt mal eben You Suck weggehauen. \u0026ldquo;For my readers, by request\u0026rdquo; schreibt Christopher Moore in seine Widmung, und in der Tat hat er sich Mühe gegeben - \u0026ldquo;You Suck\u0026rdquo; setzt glorios fort, was \u0026ldquo;Bloodsucking Fiends\u0026rdquo; begonnen hat.\nDie Hälfte des Buches besteht aus Tagebucheinträgen von Abby Normal, 16 Jahre alt, Goth Chick, und stolz darauf, ihrem Dunklen Lord und seiner Countess zur Hand gehen zu dürfen. Abby ist nicht auf den Mund gefallen, was die beiden Cops aus dem ersten Teil gar nicht gut bekommt.\nUnd das geht so:\n\u0026ldquo;Hey\u0026rdquo;, said the broken clown girl. \u0026ldquo;You guys cops?\u0026rdquo;\nCavuto hit the window button on his door but the ignition was off, so the window didn\u0026rsquo;t budge. \u0026ldquo;Go away, kid. Why aren\u0026rsquo;t you in school? Do we need to take you in?\u0026rdquo;\n\u0026ldquo;Winter break, brain trust,\u0026rdquo; said the kid.\nRivera couldn\u0026rsquo;t hold the laughter in, and he snorted a little trying to. \u0026ldquo;Move along, kid. Go wash that shit off your face. You look like you fell asleep with a Magic Marker in your mouth.\u0026rdquo;\n\u0026ldquo;Yeah,\u0026rdquo; said the kid, examining a black fingernail, \u0026ldquo;well, you look like someone pumped about three hundred pounds of cat barf into a cheap suit and gave it a bad haircut.\u0026rdquo;\nRivera slid down in his seat and turned his face toward the door. He couldn\u0026rsquo;t look at his partner. He was sure that if it was possible for steam to come out of someone\u0026rsquo;s ears, that might be happening to Cavuto, and if he looked, he\u0026rsquo;d lose it.\n\u0026ldquo;If you were a guy,\u0026rdquo; Cavuto said, \u0026ldquo;I\u0026rsquo;d have you in handcuffs already, kid.\u0026rdquo; \u0026ldquo;Oh, God,\u0026rdquo; Rivera said under his breath.\n\u0026ldquo;If I were a guy, I\u0026rsquo;ll bet you would. And I\u0026rsquo;ll bet I\u0026rsquo;d have to send you to the S and M ATM, because the kinky shit is extra.\u0026rdquo; The kid leaned down, so she was eye level with Cavuto and winked.\nThat was it. Rivera started giggling like a little girl.\n","date":"2007-02-10T00:00:00Z","href":"https://blog.koehntopp.info/2007/02/10/fertig-gelesen-you-suck.html","tags":["media","review","lang_de"],"title":"Fertig gelesen: You Suck"},{"categories":null,"content":" Bloodsucking Fiends Gelangweilter 800 Jahre alter Supervampir beißt irischstämmige amerikanische Versicherungsangestellte mit mangelndem Selbstbewusstsein, die kurz vor ihrer Midlife-Crisis steht - und erschafft ein Monster.\rAber Christopher Moore bleibt nicht bei einem Erzählstrang. Gleich Douglas Adams lässt er seine Geschichten in kleine Seiten- und Abseitenlinien laufen, getreu dem Motto:\rLieber einen guten Freund verlieren, als eine gute Pointe auszulassen.\rZur Dekoration klebt er eine Reihe von Filmzitaten und Popkultur-Referenzen mit in die Story rein, einfach, weil es zu schade wäre, es nicht zu tun.\rMein Favorit: Die Gefängnisszene. Tommy, Vampir-Jodies neuer Freund oder Ghoul, er weiß es nicht so genau, sitzt aus Gründen, die hier zu erklären zu weit führen würden, im Knast.\r\u0026gt; Tommy guessed the temperature in the cell to be about sixty-five, but even so, his cellmate, the six-foot-five, two-hundred-fifty-pound, unshaven, unbathed, one-eyed psychopath with the Disney-character tattoos, was dripping with sweat.\r\u0026gt; \u0026gt; Maybe, Tommy thought, as he cowered in the corner behind the toilet, it\u0026rsquo;s warmer up there on the bunk. \u0026gt; Or maybe it\u0026rsquo;s hard work trying to stare at someone menacingly, without blinking, for six hours when you have ony one eye.\r\u0026gt; \u0026gt; \u0026ldquo;I hate you\u0026rdquo;, said One-Eye.\r\u0026gt; \u0026ldquo;Sorry\u0026rdquo;, said Tommy.\r\u0026gt; One-Eye stood up and flexed his biceps; Micky and Goofy bulged angrily.\r\u0026gt; \u0026ldquo;Are you making fun of me?\u0026rdquo;\r\u0026gt; Tommy didn\u0026rsquo;t want to say anything, so he shook his head violently, trying to make sure that nothing remotely resembling a smile crossed his face.\r\u0026gt; \u0026gt; One-Eye sat down on the bunk and resumed menacing. \u0026ldquo;What are you in for?\u0026rdquo;\r\u0026gt; \u0026ldquo;Nothing\u0026rdquo;, Tommy said. \u0026ldquo;I didn\u0026rsquo;t do anything.\u0026rdquo;\r\u0026gt; \u0026ldquo;Don\u0026rsquo;t fuck with me, ass-wipe. What were you arrested for?\u0026rdquo;\r\u0026gt; \u0026gt; Tommy fidgeted, trying to work his way into the cinder-block wall.\r\u0026gt; \u0026ldquo;Well, I put my girlfriend in the freezer, but I don\u0026rsquo;t think that\u0026rsquo;s a crime.\u0026rdquo;\r\u0026gt; One-Eye, for the first time he\u0026rsquo;d been put in the cell, smiled. \u0026ldquo;Me either. You didn\u0026rsquo;t use an assault weapon, did you?\u0026rdquo;\r\u0026gt; \u0026ldquo;Nope, a Sears frost-free.\u0026rdquo;\r\u0026gt; \u0026ldquo;Oh, good; they\u0026rsquo;re really tough on crimes with assault weapons.\u0026rdquo;\r\u0026gt; \u0026gt; \u0026ldquo;So,\u0026rdquo; Tommy says, venturing an inch out of the corner, \u0026ldquo;what are you in for?\u0026rdquo; Thinking baby-stomping, thinking cannibalism, thinking fast-food massacre.\r\u0026gt; One-Eye hung his head. \u0026ldquo;Copyright infringement.\u0026rdquo;\r\u0026gt; \u0026gt; \u0026ldquo;You\u0026rsquo;re kidding?\u0026rdquo;\r\u0026gt; One-Eye frowned.\r\u0026gt; Tommy slid back into his corner, adding, \u0026ldquo;Really? That\u0026rsquo;s bad.\u0026rdquo;\r\u0026gt; \u0026gt; One-Eye pulled of his ratty T-shirt.\r\u0026gt; The seven dwarfs danced across his massive chest between knife and bullet scars. \u0026gt; On his stomach, Snow White and Cinderella were locked in a frothy embrace of mutual muffin munching.\r\u0026gt; \u0026ldquo;Yeah, I made the mistake of walking around without a shirt. \u0026gt; A Disney executive who was up here on vacation saw me down be the wharf. \u0026gt; He called their legal pit bulls.\u0026rdquo;\r\u0026gt; \u0026gt; Tommy shook his head in sympathy.\r\u0026gt; \u0026ldquo;I didn\u0026rsquo;t know they put you in jail for copyright infringement.\u0026rdquo;\r\u0026gt; \u0026ldquo;Well, they don\u0026rsquo;t, really. It was when I ripped the guy\u0026rsquo;s shoulder out of their sockets that the police got involved.\u0026rdquo;\r\u0026gt; \u0026ldquo;That\u0026rsquo;s not a crime, either, is it?\u0026rdquo;\r\u0026gt; One-Eye rubbed his temples as if it was excruciating to remember. \u0026ldquo;It was in front of his kids.\u0026rdquo;\r\u0026gt; \u0026ldquo;Oh,\u0026rdquo; Tommy said.\r\u0026gt; \u0026gt; \u0026ldquo;Flood, on your feet,\u0026rdquo; a guard said from the cell door.\r\u0026gt; Inspector Nick Cavuto stood behind him.\r\u0026gt; \u0026ldquo;C\u0026rsquo;mon, cutie,\u0026rdquo; Cavuto said. \u0026ldquo;We\u0026rsquo;re going for a last walk.\u0026rdquo;\n","date":"2007-02-06T00:00:00Z","href":"https://blog.koehntopp.info/2007/02/06/fertig-gelesen-bloodsucking-fiends.html","tags":["media","review","lang_de"],"title":"Fertig gelesen: Bloodsucking Fiends"},{"categories":null,"content":" Kris bei 200 km/h Gegenwind im Windtunnel von Sky Venture, Orlando.\n","date":"2007-02-03T00:00:00Z","href":"https://blog.koehntopp.info/2007/02/03/supertopp.html","tags":["mysql","travel","lang_de"],"title":"Supertopp!"},{"categories":null,"content":"Auf Sourceforge findet man Plug-in development guidelines für den Nagios Netzwerkmonitor. Demnach ist es trivial, Nagios-Plugins zu entwickeln: Der Check ist ein externes Programm, das den Returncode 0, 1 oder 2 zurückgibt und eine einzeilige Nachricht auf stdout druckt.\nTun wir das doch mal für MySQL: Wir wollen die Anzahl der Threads_connected überwachen und den Replikationsstatus: SQL-Thread und IO-Thread müssen laufen und der Slave-Lag darf nicht zu groß sein.\nWir schreiben das Plugin in C, damit wir zugleich mal lernen, die MYSQL Client-API in C zu verwenden - Shellscripte, die sich das Abbrechen gibt es ja schon genug.\nDer gesamte Quelltext aus diesem Beispiel kann hier heruntergeladen werden: check_mysql.c Unser Programm soll eine Reihe von Optionen verarbeiten. Wir lesen die Optionen mit GNU getopt_long . Die Funktion braucht eine Optionsliste in einem struct options Array, in dem wir die Optionen deklarieren.\nWir wollen:\n\u0026ndash;mode={slave-lag,slave-io-running,slave-sql-running,connections}, \u0026ndash;threshold-warn=x, \u0026ndash;threshold-err=x und die üblichen MySQL Connection-Options (\u0026ndash;user, \u0026ndash;password, \u0026ndash;host und \u0026ndash;port). In Code sieht das so aus:\nstruct option long_options[] = { { \u0026#34;host\u0026#34;, 1, 0, \u0026#39;h\u0026#39; }, { \u0026#34;user\u0026#34;, 1, 0, \u0026#39;u\u0026#39; }, { \u0026#34;password\u0026#34;, 1, 0, \u0026#39;p\u0026#39; }, { \u0026#34;port\u0026#34;, 1, 0, \u0026#39;P\u0026#39; }, { \u0026#34;mode\u0026#34;, 1, 0, \u0026#39;m\u0026#39; }, { \u0026#34;threshold-warn\u0026#34;, 1, 0, \u0026#39;t\u0026#39;}, { \u0026#34;threshold-err\u0026#34;, 1, 0, \u0026#39;T\u0026#39; }, { \u0026#34;debug\u0026#34;, 1, 0, \u0026#39;d\u0026#39;}, { \u0026#34;help\u0026#34;, 1, 0, \u0026#39;?\u0026#39; }, { NULL, 0,0,0 } }; typedef enum { unspecified, slave_lag, slave_io_running, slave_sql_running, connections } mode_t; char *host = \u0026#34;127.0.0.1\u0026#34;; char *user = \u0026#34;root\u0026#34;; char *password = \u0026#34;\u0026#34;; int port = 3306; mode_t mode = unspecified; int threshold_warn= 30; int threshold_err = 60; int debug = 0; Die Optionen werden dann wie folgt eingelesen:\nvoid parse_args(int argc, char *argv[]) { int c; int optind = 0; char *myarg = NULL; while (1) { c = getopt_long(argc, argv, \u0026#34;h:u:p:P:m:t:T:d?\u0026#34;, long_options, \u0026amp;optind); if (c == -1) break; if (optarg) { myarg = strdup(optarg); if (!myarg) { printf(\u0026#34;CRIT: Out of memory in strdup!\\n\u0026#34;); exit(2); } } switch(c) { case \u0026#39;?\u0026#39;: // Hilfstext exit(2); break; case \u0026#39;h\u0026#39;: host = myarg; break; case \u0026#39;u\u0026#39;: user = myarg; break; case \u0026#39;p\u0026#39;: password = myarg; break; case \u0026#39;P\u0026#39;: port = atoi(myarg); free(myarg); break; case \u0026#39;m\u0026#39;: if (strcmp(myarg, \u0026#34;slave-lag\u0026#34;) == 0) { mode = slave_lag; } else if ( strcmp(myarg, \u0026#34;slave-io-running\u0026#34;) == 0 ) { mode = slave_io_running; } else if ( strcmp(myarg, \u0026#34;slave-sql-running\u0026#34;) == 0 ) { mode = slave_sql_running; } else if ( strcmp(myarg, \u0026#34;connections\u0026#34;) == 0 ) { mode = connections; } else { mode = unspecified; } free(myarg); break; case \u0026#39;t\u0026#39;: threshold_warn = atoi(myarg); free(myarg); break; case \u0026#39;T\u0026#39;: threshold_err = atoi(myarg); free(myarg); break; case \u0026#39;d\u0026#39;: debug = atoi(myarg); free(myarg); break; default: printf(\u0026#34;CRIT: Unknown option: %c\\n\u0026#34;, c); exit(2); break; } } return; } Die Formalitäten sind damit erledigt: Wir haben ein Programm, das die gewünschten Kommandozeilenoptionen einlesen kann und an die Arbeit gehen könnte.\nDie Arbeit besteht bei uns darin, an ein MySQL zu verbinden, eine Query auszuführen, das einzeilige Resultat zu lesen und eine bestimmte Spalte aus dem Resultat auszuschneiden, um diese als String zurückzugeben.\nDie Funktion run_query() tut dies für uns:\nchar *run_query(MYSQL *m, char *cmd, int col) { MYSQL_ROW row; MYSQL_RES *res; if (debug) fprintf(stderr, \u0026#34;Field %d of query %s\\n\u0026#34;, col, cmd); if (mysql_real_query(m, cmd, strlen(cmd)) != 0) { printf(\u0026#34;CRIT: Query %s failed: %s\\n\u0026#34;, cmd, mysql_error(m) ); exit(2); } res = mysql_store_result(m); if (!res) { printf(\u0026#34;CRIT: Query %s failed: %s\\n\u0026#34;, cmd, mysql_error(m) ); exit(2); } if (row = mysql_fetch_row(res)) { unsigned int num_fields = mysql_num_fields(res); unsigned long *len = mysql_fetch_lengths(res); if (col \u0026lt; num_fields) { if (debug) fprintf(stderr, \u0026#34;Result column %d returns value \\\u0026#34;%s\\\u0026#34; (length %d)\\n\u0026#34;, col, row[col], len[col]); return len[col]?strndup(row[col], len[col]):0; } else { printf(\u0026#34;CRIT: Query cmd does not return %d fields (it returns %d fields).\\n\u0026#34;, cmd, col, num_fields ); exit(2); } } mysql_free_result(res); return NULL; } Die Funktion bekommt eine bestehende MySQL-Verbindung m als Parameter übergeben, zudem eine SQL-Query cmd und eine Spaltennummer, die aus dem einzeiligen Resultset der Query ausgesägt werden soll. Intern brauchen wir eine MYSQL_ROW row und einen Resultset MYSQL_RES res.\nDie Query wird mit mysql_real_query() an den Server gesendet. Wenn dabei kein Fehler gemeldet wird, können wir den gesamten Resultset mit mysql_store_result() zum Client nach res kopieren. Der Server ist damit fertig.\nAuf dem Client lesen wir nun mit mysql_fetch_row(res) eine Zeile aus dem Resultset. Diese Zeile hat mysql_num_fields(res) viele Spalten, deren Längen man mit mysql_fetch_length() bestimmen kann. Wenn unser gewünschtes Zielfeld im Datensatz enthalten ist (col \u0026lt; num_fields), dann duplizieren wir das und sind fertig (Nun ja, gemogelt: Wir hätten noch mysql_free_result() aufrufen müssen, aber wir machen sowieso gleich exit()).\nAnsonsten beklagen wir uns gar bitterlich und sind dann fertig.\nIm Hauptprogramm müssen wir nun eine Connection öffnen und dann je nach Mode die passenden Sachen checken. Erstmal eine Connection bauen.\nint main(int argc, char *argv[]) { parse_args(argc, argv); if (mode == unspecified) { printf(\u0026#34;CRIT: No or wrong mode specified. Specify --mode={slave-lag,slave-io-running,slave-sql-running,connections}\\n\u0026#34;); exit(2); } if (debug) fprintf(stderr, \u0026#34;Connect to %s:%d with %s:%s for test %d with threshold_warn %d and threshold_err %d.\\n\u0026#34;, host, port, user, password, mode, threshold_warn, threshold_err ); mysql_init(\u0026amp;mysql); if (!mysql_real_connect(\u0026amp;mysql, host, user, password, \u0026#34;mysql\u0026#34;, port, NULL, 0)) { printf(\u0026#34;CRIT: Cannot connect to database: Error: %s\\n\u0026#34;, mysql_error(\u0026amp;mysql)); exit(2); } if (debug) printf(\u0026#34;Connected...\\n\u0026#34;); Jetzt können wir je nach mode unterschiedliche Dinge tun. Zum Beispiel den Slave Lag checken:\nif (mode == slave_lag) { int lag; char *p; p = run_query(\u0026amp;mysql, \u0026#34;show slave status\u0026#34;, 32); if (p == NULL) { printf(\u0026#34;CRIT: Slave lag NULL\\n\u0026#34;); exit(2); } lag = atoi(p); free(p); if (lag \u0026gt; threshold_err) { printf(\u0026#34;CRIT: Slave lag %d sec exceeds threshold_err %d sec\\n\u0026#34;, lag, threshold_err); exit(2); } if (lag \u0026gt; threshold_warn) { printf(\u0026#34;WARN: Slave lag %d sec exceeds threshold_warn %d sec\\n\u0026#34;, lag, threshold_warn); exit(1); } printf(\u0026#34;OK: Slave lag %d is inside tolerance.\\n\u0026#34;, lag); exit(0); } Oder Slave-IO und Slave-SQL testen:\nif (mode == slave_io_running) { char *p; p = run_query(\u0026amp;mysql, \u0026#34;show slave status\u0026#34;, 10); if (p == NULL) { printf(\u0026#34;CRIT: Slave io not running\\n\u0026#34;); exit(2); } if (strcmp(p, \u0026#34;Yes\u0026#34;) != 0) { printf(\u0026#34;CRIT: Slave io not running: result is %s\\n\u0026#34;, p); exit(2); } printf(\u0026#34;OK: Slave io is running.\\n\u0026#34;); exit(0); } if (mode == slave_sql_running) { char *p; p = run_query(\u0026amp;mysql, \u0026#34;show slave status\u0026#34;, 11); if (p == NULL) { printf(\u0026#34;CRIT: Slave sql not running\\n\u0026#34;); exit(2); } if (strcmp(p, \u0026#34;Yes\u0026#34;) != 0) { printf(\u0026#34;CRIT: Slave sql not running: result is %s\\n\u0026#34;, p); exit(2); } printf(\u0026#34;OK: Slave sql is running.\\n\u0026#34;); exit(0); } Oder eben die Anzahl der Threads_connected prüfen und ggf. anmeckern:\nif (mode == connections) { char *p; int conn = 0; p = run_query(\u0026amp;mysql, \u0026#34;show global status like \u0026#39;Threads_connected\u0026#39;\u0026#34;, 1); if (p == NULL) { printf(\u0026#34;CRIT: No connection information available.\\n\u0026#34;); exit(2); } conn = atoi(p); free(p); if (conn \u0026gt; threshold_err) { printf(\u0026#34;CRIT: Threads_connected %d exceeds threshold_err %d\\n\u0026#34;, conn, threshold_err); exit(2); } if (conn \u0026gt; threshold_warn) { printf(\u0026#34;WARN: Threads_connected %d exceeds threshold_warn %d\\n\u0026#34;, conn, threshold_warn); exit(1); } printf(\u0026#34;OK: Threads_connected %d\\n\u0026#34;, conn); exit(0); } Compiled wird so:\nLIBS=-lmysqlclient CFLAGS=-g all: check_mysql check_mysql: check_mysql.c cc $(CFLAGS) -o check_mysql check_mysql.c $(LIBS) Und im Nagios kann man dann in /etc/nagios/checkcommands.cfg definieren:\ndefine command { command_name check_mysql_status command_line /usr/lib/nagios/plugins/custom/check_mysql --mode=$ARG1$ -h $HOSTALIAS$ -u monitor -p g33k $ARG2$ } Ein Service kann dann definiert werden als\ndefine service { name template-mysql-slave-lag use template-standardhost register 0 service_description MySQL slave-lag check_command check_mysql_status!slave-lag!--threshold-warn=600 --threshold-err=900 } ","date":"2007-01-20T00:00:00Z","href":"https://blog.koehntopp.info/2007/01/20/ein-nagios-plugin-fuer-mysql.html","tags":["monitoring","mysql","lang_de"],"title":"Ein Nagios-Plugin für MySQL"},{"categories":null,"content":"Martin schreibt mir:\nThe ground is the limit\u0026hellip;.\nTel Aviv. Mittwoch, 18. Januar 2006, ca. 15 Uhr: Ich sitze im Terminal und warte auf meinen Flieger. Von Kollegen und aus den News wusste ich von Kyrill. Ich will über Zürich nach Hamburg fliegen und mache mir Sorgen, ob das Wetter eine Landung in Hamburg erlauben wird. Gate-Personal in Tel Aviv weiß nichts von einem Sturm. Wie auch: Es sind 17 Grad bei strahlendem Sonnenschein.\nWir haben für Flug eine Boeing von El Al (zweistrahlig, ca. 100 Plätze, Typ erinnere ich mich nicht mehr). Der Flug geht über Rhodos, die Türkei, den Balkan, Österreich nach Zürich. Im Bordprogramm läuft \u0026ldquo;The Guardian\u0026rdquo;. Der Film geht über Rettungsschwimmer im Sturm ;-).\nCa. 5 Stunden später merke ich, dass ich mir um den falschen Flugplatz sorgen gemacht habe.\nInzwischen versuchen wir zum vierten Mal in Zürich zu landen. Das heisst, wir fliegen seit 60 Minuten durch heftige Turbulenzen. Fast keiner redet mehr. Drei Mal ist der Pilot schon durchgestartet, da er zu weit vom Anflug abkam. So ein Durchstarten in 20-50 m Höhe ist durchaus ein Erlebnis. Wie beim Starten spürt man den Ruck von der Beschleunigung, außerdem fährt der Flieger sofort das Fahrwerk wieder ein.\nBeim vierten Versuch sind alle in der Kabine mucksmäuschenstill. Das Licht ist (bis auf die Leselichter, und lesen tut keiner mehr) aus. Mehrere Leute kotzen herzhaft und einige Unglückliche werden von Kopf bis Fuß eingedeckt. Die Crew scheint es vorhergesehen zu haben, denn die Klimaanlage läuft auf vollen Touren. Dadurch bleibt der ansteckende Gestank größtenteils aus. Dafür ein Dankeschön von mir.\nWie bei den letzten drei Versuchen werden die Turbulenzen stärker je tiefer wir kommen. Die Maschine sackt mehrfach durch (keine Ahnung, würde sagen so 10-20 m) und wird auch von Böen quer zur Flugrichtung versetzt. Die Tragflächen zeigen die Last auf der Maschine deutlich, indem sie sich sichtbar durchbiegen (würde schätzen 1-2 m am Flügelende).\nBeim Aufsetzen auf der Landebahn wird schlagartig die aufgestaute Spannung frei. Zwei Frauen sacken ohnmächtig im Sitz zusammen und werden von Mitreisenden wieder aufgepäppelt. Das Aussteigen funktioniert sehr flott. Keiner sagt es, aber alle wollen nur noch raus. Beim Verlassen der Maschine kommen viele nur bis zum Gate. Dort bleiben sie stehen, atmen sichtbar heftig, einige weinen jetzt auch.\nMit hängender Zunge erreichen ich meinen Anschlussflieger (hatte jetzt nur noch 15 min zum Umsteigen von Terminal E nach Terminal A). Mein Gepäck ist nicht so sportlich und spannt noch in Zürich aus. Ich frage beim Einsteigen die Crew, ob uns wieder das Gleiche bevorsteht. Die meinen dann, dass es in Hamburg aufgrund nicht vorhandener Berge nicht solche Verwirbelungen gebe. Sie behalten Recht\u0026hellip;\nKeine Ahnung, ob der Anflug auf Zürich jetzt für einen Piloten eine Standard-Situation war. Ich bin ihm am Ende jedenfalls sehr dankbar gewesen. Für kein Geld der Welt hätte ich mit ihm tauschen wollen.\nMartin ist inzwischen glücklich daheim. Grüße an meine Mutter, die diesen Sturm noch nicht auf Föhr verbracht hat.\n","date":"2007-01-19T00:00:00Z","href":"https://blog.koehntopp.info/2007/01/19/ein-flugbericht.html","tags":["travel","lang_de"],"title":"Ein Flugbericht"},{"categories":null,"content":"Urheberrechtsschützer nutzen widerrechtlich fremde Inhalte : Auf der Site von Copypolice.de , gefördert von 20th Century Fox, Eurovideo, Kinowelt, Paramount, Universal, MGM, WB, aber auch von Prominenten wie Oliver Kalkhofe, nimmt es mit dem Urheberrecht laut Heise nicht so genau:\nIm News- und Forenbereich der Site haben Moderatoren mehrfach komplette Meldungen von heise online und aus anderen Nachrichtenquellen eingestellt – teilweise sogar ohne Nennung der Urheber. Den Hinweis eines Nutzers auf die eindeutigen Verstöße gegen das Urheberrecht hat ein Moderator im Forum zur Kenntnis genommen, aber ansonsten ignoriert.\nDas dazu.\n","date":"2007-01-17T00:00:00Z","href":"https://blog.koehntopp.info/2007/01/17/legal-illegal.html","tags":["copyright","media","film","lang_de"],"title":"Legal, Illegal, ..."},{"categories":null,"content":"Disclaimer: Meine Windows-Kenntnisse sind beschränkt, veraltet und ausschließlich theoretischer Natur. Im Zweifel erzählt dieser Artikel Unsinn nach Hörensagen.\nNach dem Artikel form, exec, wait und exit habe ich mir aber einmal meine Kopie von Jeffrey Richters Windows - Programmierung für Experten (Advanced Windows) (1997) gegriffen und dort nachgeschlagen, wie man sich das mit den Prozessen und Programmen unter Windows vorstellt (oder jedenfalls vor 10 Jahren vorgestellt hat).\nWindows hat zu diesem Zweck die Systemfunktion CreateProcess (10 Parameters). Die liest sich so:\nBOOL WINAPI CreateProcess( LPCTSTR lpApplicationName, LPTSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCTSTR lpCurrentDirectory, LPSTARTUPINFO lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation);\nDie Funktion erzeugt einen neuen Prozeß und lädt in diesen ein neues Programm. Dieses wird dann gestartet. lpApplicationName ist der Pfadname des auszuführenden Programmes.\nlpCommandLine ist die Kommandozeile (der argv) des neuen Programmes. Sie wird als String und nicht als Vektor von Strings übergeben. Das Parsen der Kommandozeile in Wort wird also durch das Betriebssystem übernommen und kann nicht durch den Aufrufer kontrolliert werden. In Unix muß man bei execve() einen Vektor von Strings übergeben, das Zerlegen der Kommandozeile in Worte muß also durch den Aufrufer, z.B. die Shell übernommen werden. Die anderen Funktionen der exec-Familie sind Bibliotheksfunktionen, die einem hier einen Teil der Arbeit abnehmen.\nlpApplicationName und lpCommandLine interagieren: lpApplicationName darf NULL sein, dann wird das erste Wort von lpCommandLine nach der Zerlegung in Worte als lpApplicationName interpretiert. lpApplicationName darf ohne Endung angegeben werden, dann rät Windows die Extension bzw. probiert eine Liste von ausführbaren System-Extensions aus.\nlpApplicationName darf auch ein unqualifizierter Pfadname sein. In diesem Fall wird das Absuchen eines System-Suchpfades wird durch diese Funktion von Windows übernommen. In Unix führt execve() genau das Binary aus, dessen Pfadnamen man angegeben hat. Will man einen Suchpfad absuchen, muß man execve() in einer Schleife so lange ausführen, bis es nicht mehr zurück kommt.\nlpProcessAttributes ist kein einzelner Parameter, sondern ein Zeiger auf eine SECURITY_ATTRIBUTES -Struktur, die man ausfüllen kann und die viele Parameter enthalten kann. Die Struktur enthält eine ACL für die Discretionary Access Control, bestimmt also im wesentlichen, wer diesen Prozeß anfassen und was mit ihm machen darf. In Unix gibt es kein vergleichbares Konzept für Prozesse: Ein Prozeß hat entweder die entsprechende Capability (etwa CAP_KILL oder CAP_SYS_PTRACE) oder nicht.\nlpThreadAttributes erzeugt ist der passende Parameter für den in dem Prozeß zwingend enthaltenen Thread. bInheritHandles definiert, ob vererbbare Handles auf Objekte von dem neu erzeugten Prozeß geerbt werden.\ndwCreationFlags legt die Priorität des Prozesses und weitere Flags für den neuen Prozeß fest. In Unix würde man all dies zwischen dem fork() und dem exec() mit einzelnen Calls machen, etwa mit Calls aus der setpriority()-Familie oder mit Aufrufen nach setpgrp().\nlpEnvironment entspricht konzeptuell, aber nicht im Format dem envp von execve.\nlpCurrentDirectory ist das aktuelle Verzeichnis des neuen Prozesses. In Unix würde man den identischen Effekt erreichen, indem man zwischen dem fork() und dem exec()-Systemaufruf ein chdir() (oder chroot()) aufruft.\nlpStartupInfo ist ein Zeiger auf eine eine Struktur STARTUPINFO , die keine Entsprechung in Unix hat, weil hier Dinge angegeben werden, die mit den Fenstern einer Anwendung zu tun haben. Unix handhabt diese Dinge komplett vom Betriebssystemkern getrennt und daher finden wir in den Betriebssystem-Primitiven zu Prozessen keine Fensterinformationen. Genaugenommen ist lpStartupInfo entweder ein Zeiger auf eine STARTUPINFO oder STARTUPINFOEX-Struktur. Was es genau ist wird mit einem Flag in dwCreationFlags angegeben. Das ist nicht typsicher, und das ist bemerkenswert, weil Windows an anderer Stelle sehr viel Wert auf solche Dinge legt.\nDer letzte Parameter von CreateProcess, lpProcessInformation, ist ein Referenzparameter auf eine PROCESS_INFORMATION -Struktur, die von Windows überschrieben und ausgefüllt wird. Wir finden dort die Handles zu unserem Prozeß und dem darin enthaltenen Thread sowie eine ProcessId und eine ThreadId.\nWill man das Äquivalent zu einem setuid()-Eignerwechsel in Unix in Windows durchführen, kommt dieses Konzept an seine Grenzen - so etwas ist trotz der Vielzahl der Parameter von CreateProcess() in Windows nicht vorgesehen. Man braucht eine neue Funktion, CreateProcessAsUser (11 Parameter).\nAnalyse Hier wird der grundlegende Unterschied zwischen den Konzepten von Windows und Unix deutlich: Die Unix-API stammt von Mitte der 70er Jahre und hat sich in den vergangenen mehr als 30 Jahren nicht wesentlich verändert.\nSie genügt heutigen Ansprüchen, weil sie alle Ansprüche nicht erfüllt - sie liefert stattdessen relativ atomare primitive Funktionen und trennt sogar auf den ersten, flüchtigen Blick zusammengehörende Dinge wie Erzeugen von Prozessen und Laden von Programmen. Dadurch muß ein Programmierer einer Anwendung entweder eine Bibliotheksfunktion verwenden, die fork() und exec() in etwas bequemeres einpackt (etwa system() oder popen()) oder all die Dinge selber machen, die Windows im Kernel für den Programmierer erledigt. fork() hat keine Parameter und execve() hat deren drei.\nWill man mehr, hat man die Gelegenheit, das Environment des neuen Prozesses nach dem fork() vor dem Start des neuen Programmes mit execve() von innen zu verändern.\nWindows dagegen erzeugt eine alles-in-einem Funktion, die für den häufigen Anwendungsfall und alle denkbaren Varianten Extraparameter hat. Windows hat dabei die Sicht von außen auf den Kindprozeß. Dies führt zu nützlichen Dingen wie einer Thread- und Prozeß DACL, ist aber konzeptuell nicht gut erweiterbar. Dinge wie ein setuid()-Aufruf zwischen fork() und exec() sind mit CreateProcess() nicht abbildbar und machen weitere Funktionen erforderlich, die noch mehr Parameter haben.\nDas Konzept von Unix ist auf den ersten Blick umständlich und wenig intuitiv. Es genügt von der Aufteilung her jedoch den Ansprüchen, die man als Datenbanker an eine Normalform hätte und ist daher flexibel und ohne Änderungen am Kern erweiterbar - unabhängige Konzepte sind als unabhängige Funktionen implementiert und Erweiterung erfolgt durch Einschieben weiterer Aufrufe zwischen fork() und exec(). Neben dem Vorteil der Erweiterbarkeit hat dies den Nachteil, daß mehr Systemaufrufe notwendig sind als bei Windows (Unix-Systemaufrufe müssen schnell sein, damit dieses Konzept aufgeht) und daß man unter Umständen ein Problem mit der Atomizität bekommen kann.\nBeispiel ist hier die Aufgabe: \u0026ldquo;Starte aus einem Debugger einen Programm in einem Kindprozeß und zwar so, daß der Kindprozeß ohne Racecondition auf der ersten Anweisung des Kindes stoppt und debugbar ist.\u0026rdquo;. Das Problem war lange Zeit nicht lösbar, und wurde von Linux durch das PTRACE_TRACEME-Flag zu ptrace() gelöst, das neben einigen anderen Dingen bewirkt, daß ein Kindprozeß nach einem execve() erst mal mit einem SIGTRAP stehen, bleibt bevor er irgendwas selber macht. Bemerkenswert ist, daß die Erweiterung möglich war, ohne das bestehende 30 Jahre alte Konzept von fork, exec und wait verändern zu müssen.\n","date":"2007-01-07T00:00:00Z","href":"https://blog.koehntopp.info/2007/01/07/fork-und-exec-vs-createprocess.html","tags":["c","linux","schulung","unix","lang_de"],"title":"fork und exec vs. CreateProcess"},{"categories":null,"content":"In de.comp.os.unix.linux.misc fragte jemand:\nWerden in einem Skript die Befehle streng sequentiell ausgeführt, d.h. der nächste erst bearbeitet, wenn der Vorgänger vollständig ausgeführt ist, oder wird automatisch bei unvollständiger Auslastung des Systems bereits der nächste Befehl angefangen? Läßt sich das Standardverhalten - wie auch immer es sein mag - bei Bedarf ändern? Wenn man in ein Shellbuch schaut, wird einem an der einen oder anderen Stelle möglicherweise erläutert, daß die Shell jeden Befehl in einem eigenen Prozeß abarbeitet. Dann wiederum fängt man möglicherweise an zu denken und fragt sich, wie das alles zusammenhängt. Sobald man dort angekommen ist, kann man sich mit dem Unix-Prozeßzyklus beschäftigen.\nProzeß und Programm Ein Programm ist in Unix eine Serie von ausführbaren Maschineninstruktionen auf der Platte. Man kann mit dem Befehl size einen sehr oberflächlichen Blick auf die Struktur des Programmes werfen oder mit objdump sehr viel mehr Detailinformation bekommen. Der Aspekt, der uns hier interessieren soll: Ein Programm ist eine Folge von Anweisungen und Daten (auf der Platte), die möglicherweise einmal ausgeführt werden.\nEin Prozeß ist ein in Ausführung befindliches Programm. Er besteht aus dem Programm selbst (also der Versammlung von Anweisungen und Daten) und dem aktuellen Zustand der Ausführung. Dazu gehört neben der Memory-Map, die sagt wie das Programm und seine Daten im Speicher angeordnet sind auch der Programmzähler, die Prozessorregister und der Stack des Prozesses, aber auch sein Root-Directory, sein aktuelles Verzeichnis, die Umgebungsvariablen und alle offenen Dateien sowie einigen weiteren Dingen.\nUnix behandelt Prozesse und Programme als die verschiedenen Dinge, die es sind: Es ist möglich, ein Programm mehr als einmal auszuführen - es ist zum Beispiel möglich, mehr als eine Kopie des Texteditors vi offen zu haben, die zwei unterschiedliche Texte bearbeiten. Programm und (initiale) Daten beider Prozesse sind gleich, aber der Zustand beider Prozesse ist verschieden. Es ist auch möglich, im selben Prozeß nacheinander mehr als ein Programm auszuführen - dazu schmeißt sich das aktuelle Programm in dem Prozeß selbst weg und ersetzt sich durch ein zweites, in diesen Prozeß nachgeladene Programm.\nUnix regelt all diese Dinge mit vier sehr einfachen Systemkonzepten - fork(), exec(), wait() und exit().\nUsermode und Kernel Prozeßwechsel: Es wird ein Stück Prozeß 1 abgearbeitet, dann (1) auf Prozeß 2 umgeschaltet. Nach einer Weile wird (2) wieder auf Prozeß 1 zurück geschaltet. Die Ausführung von Prozeß 1 erscheint lückenlos, erfolgt aber in zeitlich nicht zusammenhängenden Intervallen.\nWenn ein Unix-Prozeß eine Systemfunktion aufruft (und noch bei ein paar anderen Gelegenheiten), dann verläßt der betreffende Prozeß seinen Userkontext und betritt den privilegierten Betriebsystemkern, den Kernel. Dort wird die aufgerufene Systemfunktion ausgeführt und danach landet jede dieser Funktionen im Scheduler. Der Scheduler entscheidet dann, welcher Prozeß als nächstes dran kommt und kehrt aus dem Kernel in diesen Prozeß zurück. Das kann unser Ausgangsprozeß oder nach Entscheidung des Schedulers ein anderer Prozeß sein.\nWir halten für die Zwecke diese Textes fest: Jeder Systemaufruf wechselt vom Userkontext in den Kernel. Der einzige Weg aus dem Kernel in einen Userkontext führt durch den Scheduler, und dann kehren wir unter Umständen nicht in den Ausgangsprozeß zurück. Bei jedem Systemaufruf kann ein Prozeß also seine CPU verlieren.\nDas ist nicht schlimm, weil dieser andere Prozeß auch irgendwann einmal die CPU aufgeben muß und wir dann in unseren eigenen Prozeß zurück kehren als sei nichts gewesen.\nUnser Programm wird also nicht linear abgearbeitet, sondern in kurzen linearen Segmenten, zwischen denen Pausen liegen können. In den Pausen arbeitet die CPU an den Segmenten der anderen Prozesse, die ebenfalls lauffähig sind.\nfork() und exit() In traditionellem Unix ist der Systemaufruf fork() die einzige Methode, einen neuen Prozeß zu erzeugen. Der neue Prozeß enthält eine Kopie des laufenden Programmes. Er hat eine neue Prozeß-ID und die Prozeß-ID des Erzeugers ist als seine Parent Prozeß-ID (PPID) eingetragen.\nIm Parent-Prozeß kehrt fork() mit der PID des neuen Prozesses als Ergebnis zurück. Der neue Prozeß kehrt ebenfalls aus dem Systemaufruf fork() zurück, liefert dort aber das Resultat 0.\nDer Systemaufruf fork() ist also insofern besonders, als daß er einmal betreten wird, aber zweimal verlassen wird: Einmal im Elternprozeß und einmal im neu erzeugten Kindprozeß. fork() erhöht die Anzahl der laufenden Prozesse im System um eins.\nJeder Unix-Prozeß beginnt seine Existenz also, indem er aus einem fork()-Systemaufruf spontan zurückkehrt und ein Programm ausführt, daß eine Kopie des Elternprogrammes ist. Sein Schicksal unterscheidet sich vom Schicksal des Elternprozesses, weil das Ergebnis des fork()-Aufrufes unterschiedlich ist (0 statt der PID des Kindes) und man dies zur Verzweigung nutzen kann.\nIn Code:\n#include \u0026lt;stdio.h\u0026gt; #include \u0026lt;unistd.h\u0026gt; #include \u0026lt;stdlib.h\u0026gt; main(void) { pid_t pid = 0; pid = fork(); if (pid == 0) { printf(\u0026#34;Ich bin der Kindprozess.\\n\u0026#34;); } if (pid \u0026gt; 0) { printf(\u0026#34;Ich bin der Elternprozess, das Kind ist %d.\\n\u0026#34;, pid); } if (pid \u0026lt; 0) { perror(\u0026#34;In fork():\u0026#34;); } exit(0); } und\nkris@linux:/tmp/kris\u0026gt; make probe1 cc probe1.c -o probe1 kris@linux:/tmp/kris\u0026gt; ./probe1 Ich bin der Kindprozess. Ich bin der Elternprozess, das Kind ist 16959. Wir vereinbaren also eine Variable pid vom Typ pid_t.\nDiese Variable speichert das Ergebnis des Systemaufrufes fork() und mit Hilfe dieses Wertes aktivieren wir entweder das eine (\u0026ldquo;Ich bin der Kindprozeß\u0026rdquo;) oder das andere (\u0026ldquo;Ich bin der Elternprozeß\u0026rdquo;) if().\nStarten wir das Programm, erhalten wir zwei Ausgaben. Da innerhalb eines Prozesses nur ein Status existieren kann und nur eines der beiden if() betreten werden kann, wir aber zwei Ausgaben erhalten haben, müssen wir zwei Prozesse erzeugt haben.\nIndem wir das Ergebnis von getpid() druckten, könnten wir das sogar noch anschaulicher zeigen.\nDer Systemaufruf fork() wird einmal betreten, aber zweimal verlassen und erhöht die Anzahl der Prozesse im System um eins. Nach dem Ablauf unseres Programmes ist die Anzahl der Prozesse im System aber wieder genauso hoch wie vor dem Aufruf des Programmes. Es muß also einen weiteren Systemaufruf geben, der die Anzahl der Prozesse im System um eins erniedrigt.\nDieser Aufruf ist exit().\nexit() wird einmal betreten und nie verlassen. Er verkleinert die Anzahl der Prozesse im System um eins. exit() liefert außerdem einen Exitstatus, den der Elternprozeß abholen kann (oder gar muß) und der ihn über das Schicksal seines Kindes informiert.\nIn unserem Beispiel enden alle Varianten unseres Programmes mit exit() - wir rufen exit() also im Elternprozeß und im Kindprozeß auf, beenden also zwei Prozesse. Das können wir nur deswegen tun, weil unser Elternprozeß auch ein Kindprozeß ist und zwar ein Kind der Shell.\nDie Shell arbeitet also genau wie wir:\nbash (16957) --- erzeugt durch fork() ---\u0026gt; bash (16958) --- wird zu ---\u0026gt; probe1 (16958) probe1 (16958) --- erzeugt durch fork() ---\u0026gt; probe1 (16959) --\u0026gt; exit() | +---\u0026gt; exit() exit() schließt alle Dateien und Internetverbindungen eines Prozesses, gibt allen Speicher frei und beendet dann den Prozeß. Der Parameter von exit(), der Exitstatus, wird an den Elternprozeß zurückgegeben.\nwait() Der Kindprozeß endet durch ein exit(0). Die 0 ist der Exitstatus unseres Programmes und steht nun zur Abholung bereit. Wir müssen im Elternprozeß den Exitstatus abholen. Dies geschieht mit der Systemfunktion wait().\nIn Code:\n#include \u0026lt;stdio.h\u0026gt; #include \u0026lt;unistd.h\u0026gt; #include \u0026lt;stdlib.h\u0026gt; #include \u0026lt;sys/types.h\u0026gt; #include \u0026lt;sys/wait.h\u0026gt; main(void) { pid_t pid = 0; int status; pid = fork(); if (pid == 0) { printf(\u0026#34;Ich bin der Kindprozess.\\n\u0026#34;); sleep(10); printf(\u0026#34;Ich bin der Kindprozess 10 Sekunden spaeter.\\n\u0026#34;); } if (pid \u0026gt; 0) { printf(\u0026#34;Ich bin der Elternprozess, das Kind ist %d.\\n\u0026#34;, pid); pid = wait(\u0026amp;status); printf(\u0026#34;Ende des Prozesses %d: \u0026#34;, pid); if (WIFEXITED(status)) { printf(\u0026#34;Der Prozess wurde mit exit(%d) beendet.\\n\u0026#34;, WEXITSTATUS(status)); } if (WIFSIGNALED(status)) { printf(\u0026#34;Der Prozess wurde mit kill -%d beendet.\\n\u0026#34;, WTERMSIG(status)); } } if (pid \u0026lt; 0) { perror(\u0026#34;In fork():\u0026#34;); } exit(0); } und\nkris@linux:/tmp/kris\u0026gt; make probe2 cc probe2.c -o probe2 kris@linux:/tmp/kris\u0026gt; ./probe2 Ich bin der Kindprozess. Ich bin der Elternprozess, das Kind ist 17399. Ich bin der Kindprozess 10 Sekunden spaeter. Ende des Prozesses 17399: Der Prozess wurde mit exit(0) beendet. Die Variable status wird dem Systemaufruf wait() als Referenzparameter mit übergeben und von diesem überschrieben. Neben dem Exitstatus finden wir dort auch noch weitere Informationen über den Grund des Programmendes hinterlegt. Zur Decodierung stellt das System eine Reihe von Prädikaten wie WIFEXITED() oder WIFSIGNALED() zur Abfrage bereit und Extraktoren wie WEXITSTATUS() und WTERMSIG(). wait() gibt außerdem die Prozeß-ID des Prozesses zurück, der beendet wurde.\nwait() hängt im Elternprozeß so lange bis entweder ein Signal eintrifft oder ein Kindprozeß beendet wird.\nDas Programm init mit der PID 1 macht übrigens den ganzen lieben langen Tag nix anderes: Es hängt im wait() und frühstückt die ihm zugeworfenen Exitstati ab, um sie zu verwerfen. Außerdem liest es die /etc/inittab und startet die dort konfigurierten Programme. Ist eines dieser Programme auf Respawn gesetzt und wird beendet, wird es von init neu gestartet.\nBeendet sich ein Kindprozeß, ohne daß der Elternprozeß ein wait() macht, zerstört exit() schon einmal alle Datenstrukturen des Kindprozesses, kann jedoch den Prozeßlisteneintrag des Prozesses noch nicht wegwerfen, denn hier steht der Exitstatus des Kindes drin. Es könnte ja nun sein, daß der Elternprozeß sich irgendwann entschließt, ein wait() auszuführen und dann muß der Exitstatus ja bereitstehen.\nDer Kindprozeß ist also bereits tot - er hat exit() ausgeführt und alle Ressourcen freigegeben, kann aber noch nicht sterben, weil ja der Elternprozeß den Status noch nicht abgeholt hat. Unix nennt so einen Prozeß einen Zombie-Prozeß. Zombies werden in der Prozeßliste sichtbar, wenn ein Prozeßerzeuger falsch programmiert ist und nicht ausreichend wait() aufruft.\nAnders herum ist es auch möglich, daß ein Kindprozeß weiter läuft, während ein Elternprozeß beendet wird. Dann wird die Parent Prozeß-ID (PPID) des Kindes von der PID des Elternprozesses auf die Konstante 1 geändert, oder in anderen Worten - init erbt den Prozeß.\nBeendet sich das Kind, empfängt init den Exitstatus des Kindes, denn init hängt ja sowieso dauernd im wait. Dadurch wird die Entstehung eines Zombies in diesem Fall verhindert.\nWenn die Anzahl der Prozesse im System über die Laufzeit des System im Mittel konstant ist, dann ist die Anzahl der fork(), exit() und wait()-Aufrufe im System ebenfalls im Mittel gleich, denn für jedes fork() muß irgendwann einmal ein exit() gemacht werden und für jedes exit() muß der Elternprozeß einmal ein wait() machen (In Wirklichkeit ist die Situation wegen einiger anderer Regeln noch ein wenig komplizierter, aber erst einmal soll dies hier genügen).\nWir haben also ein sauberes fork-exit-wait-Dreieck.\nexec() So wie fork() Prozesse erzeugt, so lädt exec() Programme in einen Prozeß.\nIn Code:\n#include \u0026lt;stdio.h\u0026gt; #include \u0026lt;unistd.h\u0026gt; #include \u0026lt;stdlib.h\u0026gt; #include \u0026lt;sys/types.h\u0026gt; #include \u0026lt;sys/wait.h\u0026gt; main(void) { pid_t pid = 0; int status; pid = fork(); if (pid == 0) { printf(\u0026#34;Ich bin der Kindprozess.\\n\u0026#34;); execl(\u0026#34;/bin/ls\u0026#34;, \u0026#34;ls\u0026#34;, \u0026#34;-l\u0026#34;, \u0026#34;/tmp/kris\u0026#34;, (char *) 0); perror(\u0026#34;In exec(): \u0026#34;); } if (pid \u0026gt; 0) { printf(\u0026#34;Ich bin der Elternprozess, das Kind ist %d.\\n\u0026#34;, pid); pid = wait(\u0026amp;status); printf(\u0026#34;Ende des Prozesses %d: \u0026#34;, pid); if (WIFEXITED(status)) { printf(\u0026#34;Der Prozess wurde mit exit(%d) beendet.\\n\u0026#34;, WEXITSTATUS(status)); } if (WIFSIGNALED(status)) { printf(\u0026#34;Der Prozess wurde mit kill -%d beendet.\\n\u0026#34;, WTERMSIG(status)); } } if (pid \u0026lt; 0) { perror(\u0026#34;In fork():\u0026#34;); } exit(0); } kris@linux:/tmp/kris\u0026gt; make probe3 cc probe3.c -o probe3 kris@linux:/tmp/kris\u0026gt; ./probe3 Ich bin der Kindprozess. Ich bin der Elternprozess, das Kind ist 17690. total 36 -rwxr-xr-x 1 kris users 6984 2007-01-05 13:29 probe1 -rw-r--r-- 1 kris users 303 2007-01-05 13:36 probe1.c -rwxr-xr-x 1 kris users 7489 2007-01-05 13:37 probe2 -rw-r--r-- 1 kris users 719 2007-01-05 13:40 probe2.c -rwxr-xr-x 1 kris users 7513 2007-01-05 13:42 probe3 -rw-r--r-- 1 kris users 728 2007-01-05 13:42 probe3.c Ende des Prozesses 17690: Der Prozess wurde mit exit(0) beendet. Hier wird im Sohnprozeß der Code von probe3 weggeworfen (Das perror(\u0026quot;In exec():\u0026quot;) wird niemals ausgeführt) und durch den angegebenen Aufruf von ls ersetzt. In der Ausführung erkennen wir, daß probe3 wartet, bis das ls sich mit exit() beendet hat und dann seine eigene Ausführung danach fortsetzt.\nAls Shellscript Die Beispiele oben operieren in C. In bash sieht es so aus:\nkris@linux:/tmp/kris\u0026gt; cat probe1.sh #! /bin/bash -- echo \u0026#34;Starte Kindprozess\u0026#34; sleep 10 \u0026amp; echo \u0026#34;Der Kindprozess hat die ID $!\u0026#34; echo \u0026#34;Der Elternprozess hat die ID $$\u0026#34; echo \u0026#34;$(date): Elternprozess geht schlafen.\u0026#34; wait echo \u0026#34;Der Kindprozess $! hat den Exit-Status $?\u0026#34; echo \u0026#34;$(date): Elternprozess ist aufgewacht.\u0026#34; kris@linux:/tmp/kris\u0026gt; ./probe1.sh Starte Kindprozess Der Kindprozess hat die ID 18071 Der Elternprozess hat die ID 18070 Fri Jan 5 13:49:56 CET 2007: Elternprozess geht schlafen. Der Kindprozess 18071 hat den Exit-Status 0 Fri Jan 5 13:50:06 CET 2007: Elternprozess ist aufgewacht. Und hier beobachten wie die Shell bei der Ausführung von Kommandos:\nkris@linux:~\u0026gt; strace -f -e execve,clone,fork,waitpid bash kris@linux:~\u0026gt; ls clone(Process 30048 attached child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7dab6f8) = 30048 [pid 30025] waitpid(-1, Process 30025 suspended \u0026lt;unfinished ...\u0026gt; [pid 30048] execve(\u0026#34;/bin/ls\u0026#34;, [\u0026#34;/bin/ls\u0026#34;, \u0026#34;-N\u0026#34;, \u0026#34;--color=tty\u0026#34;, \u0026#34;-T\u0026#34;, \u0026#34;0\u0026#34;], [/* 107 vars */]) = 0 ... Process 30025 resumed Process 30048 detached \u0026lt;... waitpid resumed\u0026gt; [{WIFEXITED(s) \u0026amp;\u0026amp; WEXITSTATUS(s) == 0}], WSTOPPED WCONTINUED) = 30048 --- SIGCHLD (Child exited) @ 0 (0) --- ... Linux verwendet eine Verallgemeinerung von fork() mit dem Namen clone() um einen Kindprozeß zu erzeugen. Daher sehen wir keinen fork(), sondern einen clone()-Aufruf mit einigen Parametern.\nLinux verwendet außerdem die Variante waitpid() von wait(), um auf eine bestimmte PID zu warten.\nLinux startet außerdem das Programm mit execve() statt mit execl(), aber das ist nur eine andere Anordnung von Parametern. Nach dem Ende von ls (PID 30048) wird der Prozeß 30025 aus dem wait() erweckt und fortgesetzt.\nUnd hier ist der C-Code der Originalshell aus dem Jahre 1979, mit dem fork() (Man suche nach \u0026ldquo;case TFORK:\u0026rdquo; und wundere sich nicht über den Programmierstil von Herrn Bourne). Ja, bash ist schöner - GNU Code oder nicht.\n(nach einem News-Artikel von mir)\n","date":"2007-01-07T00:00:00Z","href":"https://blog.koehntopp.info/2007/01/07/fork-exec-wait-und-exit.html","tags":["linux","erklaerbaer","computer","lang_de"],"title":"fork, exec, wait und exit"},{"categories":null,"content":"Und die finale Analyse des Problemkomplexes Bundestrojaner kann man gemeinschaftlich so schnell wie hier in #lug-kiel durchführen:\nZ\u0026gt; In den letzten Tagen ist der Dedi 3x einfach stehengeblieben oder jemand hat ihn abgeschossen. In den Logdateien ist nix verdächtiges zu finden. Festplattentests sind in Ordnung.\nI\u0026gt; Z: Verschiedene Versionen vom Bundestrojaner haben diesen Effekt. Die Linux version ist noch nicht sehr stabil. Die Dinger werden zur Zeit auf allen möglichen Erotiksites als teil des Kipopräventionsprogrammes installiert.\nZ\u0026gt; ahja\nW\u0026gt; I: Und das Bot-Net kann der Staat dann fuer Spam-Versendung verticken.\nI\u0026gt; W: Wenn die Dinger erst einmal ausreichend verbreitet sind, ist es nur eine Frage der Zeit, bis das massenhaft gerootet wird. Insofern ist ein Verkauf solange man noch Eigentum dran hat durchaus sinnvoll.\nW\u0026gt; Kann man seinen Provider darum bitten, gg. Geld natuerlich, connections auf LKA-NRW zu filtern ?\nI\u0026gt; \u0026gt; W: Die connecten über bundeseigene Tor-Nodes.\nW\u0026gt; Gibt es zu der Architecture irgendwo Papers ?\nI\u0026gt; Das wäre kontraproduktiv? Auf dem nächsten CCC wird das sicherlich dokumentiert. :)\nW\u0026gt; dann wird es entw\u0026hellip; genau ;)\nWie immer möchte ich an dieser Stelle meine Forderung wiederholen, Politiker für die Folgen schlechter Gesetze im selben Umfang persönlich haftbar zu machen wie ich es etwa als Consultant vor Ort bin.\nQuellen zum Thema:\nOnline-Durchsuchung von PCs durch Strafverfolger und Verfassungsschutz NRW-Verfassungsschutzgesetz wird Landtag erneut beschäftigen BGH verbietet Online-Durchsuchung von Computersystemen Fraktionen streiten über Online-Durchsuchung von Privat-Computern Datenschutzbeauftragter kritisiert Online-Durchsuchungen privater Computer NRW-Landtag verabschiedet Verfassungsschutzgesetz Verfassungsbeschwerde gegen NRW-Verfassungsschutzgesetz angekündigt ","date":"2006-12-26T00:00:00Z","href":"https://blog.koehntopp.info/2006/12/26/bundestrojaner.html","tags":["security","lang_de"],"title":"Bundestrojaner"},{"categories":null,"content":"\u0026mdash; Log opened Di Dez 26 15:52:09 2006\ntheclaw\u0026gt; Hey :] Spitze erklaerung zu ext2. Isotopp\u0026gt; Danke\ntheclaw\u0026gt; Bist du Kerneldeveloper?\nIsotopp\u0026gt; Nein. Mysql Consultant.\ntheclaw\u0026gt; Hmm. Hab da was nicht verstanden bei der Erklärung. Und zwar: Was sind Datenblockzeiger?\nIsotopp\u0026gt; Die Blockadressen von Datenblöcken einer Datei.\ntheclaw\u0026gt; Ich paste mal was\n(0-11):9711-9722, (IND):9723, (12-267):9724-9979, (DIND):9980, (IND):9981, (268-523):9982-10237, (IND):10238, (524-779):10239-10494, (IND):10495, (780-1035):10496-10751, (IND):10752, (1036-1291):10753-11008, (IND):11009, (1292-1547):11010-11265, (IND):11266, (1548-1795):11267-11514 Isotopp\u0026gt; Habs im Originalartikel .\ntheclaw\u0026gt; __le32 i_block[EXT2_N_BLOCKS]; Das ist das, was unter BLOCKS bei debugfs steht?\nIsotopp\u0026gt; http://lxr.linux.no/source/include/linux/ext2_fs.h#L211 : Das ist was auf der Platte steht.\ntheclaw\u0026gt; Okay mal durchdenken.\nIsotopp\u0026gt; Die Definition steht in http://lxr.linux.no/source/include/linux/ext2_fs.h#L165 . Es kommen also EXT2_NDIR_BLOCKS direkt, also in der Inode selbst. Das sind (0-11):9711-9722.\nDann kommt ein EXT2_IND_BLOCK, (IND):9723. Der steht auch in der Inode, aber der zeigt nicht auf Daten, sondern auf einen Indirect Block. Der enthält die Blocknummern der Datenblöcke, (12-267):9724-9979.\nDann kommt EXT2_DIND_BLOCK. Der wiederum enthält keine Blocknummern von Datenblöcken, sondern die Blocknummern von Indirect Blocks, die wiederum Blocknummern von Datenblöcken enthalten. Daher http://kris.koehntopp.de/artikel/dateisysteme/filestructure.gif .\ntheclaw\u0026gt; anseh\nIsotopp\u0026gt; In der inode steht nur (DIND):9980. In DIND steht dann (IND):9981 und (IND):10238 und so weiter. Und in (IND):9981 stehen dann 9982-10237, in (IND):10238 dann 10239-10494.\ntheclaw\u0026gt; DIR steht für \u0026ldquo;direct\u0026rdquo;?\nIsotopp\u0026gt; ja\ntheclaw\u0026gt; Muss das jetzt mal kurz mit debugfs ausprobieren.\nIsotopp\u0026gt; Sieh mal http://lxr.linux.no/source/fs/ext2/inode.c#L665 . Das ext2_bmap geht über generic_block_bmap nach http://lxr.linux.no/source/fs/ext2/inode.c#L547 . Und das wiederum benutzt http://lxr.linux.no/source/fs/ext2/inode.c#L196 . Und da siehst du den lookup.\ntheclaw\u0026gt; okay langsam kommts\nIsotopp\u0026gt; Wenn i_block\u0026lt;0 -\u0026gt; error. Wenn i_block\u0026lt;direct_blocks, dann direkt. Sonst IND, sonst DIND, sonst TIND. Sonst bumm.\ntheclaw\u0026gt; Wart mal, nicht so schnell. Ich kann das nicht alles gleichzeitig aufnehmen. Also, die ersten zwölf Blöcke sind -direkt- in der Inode?\nIsotopp\u0026gt; Ja. Blocknummern. Nicht Blöcke.\ntheclaw\u0026gt; i_block ist schon ein element aus i_block[] oder? ;)\nIsotopp\u0026gt; Wo bist du gerade? Also in welcher zeile?\ntheclaw\u0026gt; static int ext2_block_to_path. Bei der Definition da.\nIsotopp\u0026gt; Kannst du eine lxr url geben bitte? Sonst wird das schwer hier. Ah, hier: http://lxr.linux.no/source/fs/ext2/inode.c#L196 .\ntheclaw\u0026gt; ja\nIsotopp\u0026gt; i_block ist der 2. Parameter der Funktion, der Aufruf steht in http://lxr.linux.no/source/fs/ext2/inode.c#L547 . Da ist es iblock, das wird durchgereicht vom 2. Parameter von ext2_get_block iblock. Das wiederum ist http://lxr.linux.no/source/fs/ext2/inode.c#L665 , der das über den Umweg von http://lxr.linux.no/source/fs/buffer.c#L2759 aufruft.\ntheclaw\u0026gt; Nicht gerade trivial.\nIsotopp\u0026gt; Für den Kernel schon. Das geht da überall so, inzwischen. Man gewöhnt sich dran, das Lesen zu können. Die Alternative ist Code Duplication, und das nervt noch mehr. Anyway, sector_t ist ein unsigned 64 bit (long long, 8 byte) in i386. Eine Blocknummer.\nIsotopp\u0026gt; In http://lxr.linux.no/source/fs/ext2/inode.c#L556 , das ist die wichtige Stelle, hast du die inode und den iblock.\nDie inode hat das 12-Elemente direct block array usw im Speicher und iblock ist der Offset. Die Frage, die in http://lxr.linux.no/source/fs/ext2/inode.c#L556 geklärt werden muss ist: wie tief müssen wir runter steigen - für die Blöcke 0-11 gar nicht, für die Blöcke 12- einen Level und so weiter. Das klärt ext2_block_to_path.\nDen Abstieg sehen wir dann in http://lxr.linux.no/source/fs/ext2/inode.c#L562 . Und der Abstieg klappt entweder, weil das File schon einen Block hat an der Stelle iblock (http://lxr.linux.no/source/fs/ext2/inode.c#L564 ), oder es klappt nicht und wir müssen Blöcke beschaffen (nach http://lxr.linux.no/source/fs/ext2/inode.c#L575 ).\ntheclaw\u0026gt; Sekunde. Bin kein Kernelmensch ;)\nIsotopp\u0026gt; Aber das ist doch nur gewöhnliches C.\ntheclaw\u0026gt; Na ja, trotzdem komplex (für mich). Erstmal eine Frage. Man hat ein FS, und will die Inode nummer 23, wie wird die gefunden?\nIsotopp\u0026gt; Über die Verzeichnisse. Wir wissen, / hat die inode 2. Das ist definiert in http://lxr.linux.no/source/include/linux/ext2_fs.h#L60 , also lesen wir das File mit der inode 2 durch, und parsen es als http://lxr.linux.no/source/include/linux/ext2_fs.h#L510 Strukturen.\ntheclaw\u0026gt; Sind die indodes nicht nacheinander abgepeichert in den BGs? Also die erste BG enthält die ersten X Inodes, die zweite BG die zweiten X usw\u0026hellip;\nIsotopp\u0026gt; Aeh, ah. Ich verstehe. Userland kann nichts mit Inodes machen, nur mit Filenamen. Es gibt kein openi(). Also müssen alle Funktionen im Userland immer Namen angeben, und du kommst dann vom Namen zur Inode über das kernel-interne namei().\ntheclaw\u0026gt; Ja, klar. Aber der Kernel will ja Inode X irgendwie kriegen können.\nIsotopp\u0026gt; Ja, intern. Das weiß er, weil im Superblock ja steht, wie viele Inodes pro bg vorhanden sind, und er dann aus der Inodenummer / inodes_per_bg sofort die bg nummer ausrechnen kann, und dann sofort weiß, wo die inode stehen muss auf der Platte. Eine Inodenummer ist also implizit auch die Blockadresse der Inode auf der Platte.\nHier ist der Superblock: http://lxr.linux.no/source/include/linux/ext2_fs.h#L341 , und http://lxr.linux.no/source/include/linux/ext2_fs.h#L352 ist die s_inodes_per_group.\nUnd die Inode wird dann in http://lxr.linux.no/source/fs/ext2/inode.c#L998 gelesen.\nMeine Rechnung von eben ist hier http://lxr.linux.no/source/fs/ext2/inode.c#L1012 . (ino - 1) / EXT2_INODES_PER_GROUP(sb); und ((ino - 1) % EXT2_INODES_PER_GROUP(sb)) * EXT2_INODE_SIZE(sb);\ntheclaw\u0026gt; Nix für ungut aber für mich ist der Code grad ned so hilfreich.\nIsotopp\u0026gt; Was ist das Problem?\ntheclaw\u0026gt; Bin grad bisschen überfordert.\nIsotopp\u0026gt; Du hast eine Inode Nr 23. Du weisst, pro bg hast Du sagen wir 8192 Inodes. Und (23-1) / ext2_indes_per_group(sb) = 0. Also ist inode 23 in bg 0.\ntheclaw\u0026gt; wartmal 8192?!\nIsotopp\u0026gt; 8192 bei 1 kb blockgroesse, 32768 bei 4kb\ntheclaw\u0026gt; Wie gross ist eine Inode nochmal?\nIsotopp\u0026gt; 128 bytes.\n#include \u0026lt;linux/ext2_fs.h\u0026gt; #include \u0026lt;stdio.h\u0026gt; main() { struct ext2_inode s; printf(\u0026#34;%d\\n\u0026#34;, sizeof(s)); } und\nkris@linux:~\u0026gt; make probe make: \u0026#34;probe\u0026#34; ist bereits aktualisiert. kris@linux:~\u0026gt; ./probe 128 theclaw\u0026gt; Also pro BG ist allein 1 MB bzw 4 MB an Inodes reserviert?\nIsotopp\u0026gt; Ja. Eine bg ist 8 MB oder 128 MB gross. Schau, hast du ein ext2 da?\ntheclaw\u0026gt; ja\nIsotopp\u0026gt; Dann mach mal ein debugfs /dev/... da drauf. Ist read only, macht also nix kaputt. Dann mach mal show_super_stats.\nInodes per group: 2008 Inode count: 26104 für ein /dev/sda5 ext2 99M 6.7M 87M 8% /boot und 26104*128/1024 = 3263, also 3263 KB oder 3.2M für alle Inodes.\ntheclaw\u0026gt; Aber meine Frage ist eine Andere.\ntheclaw\u0026gt; 21:40 Isotopp\u0026gt; und das wichtigste in struct: __le32 i_block[EXT2_N_BLOCKS];\ntheclaw\u0026gt; i_block[12] ist ein indirekter Block? aaargh Die Adresse eines indirekten Blockes?\nIsotopp\u0026gt; Ja. http://lxr.linux.no/source/include/linux/ext2_fs.h#L165 . Dort ist #define EXT2_IND_BLOCK EXT2_NDIR_BLOCKS und weiter ist #define EXT2_NDIR_BLOCKS 12\ntheclaw\u0026gt; Also 15 EXT2_N_BLOCKS.\nIsotopp\u0026gt; Also ist i_block[0] bis i_block[11] direct, i_block[12] indirect, und i_block[13] DIND und i_block[14] TIND. Alles in allem also 15.\ntheclaw\u0026gt; Sind das die Faktoren die die max. Dateigröße in ext2 bestimmen?\nIsotopp\u0026gt; Das sind die Faktoren, die die maximale Blocknummer bestimmen. Dateigröße ist Blockgröße mal maximale Blocknummer.\ntheclaw\u0026gt; Also ja ;) Indirekt halt.\ntheclaw\u0026gt; 9711-9722: Sind das die \u0026ldquo;Adressen\u0026rdquo;?\nIsotopp\u0026gt; Blocknummern, ja, Adressen auf der Platte. In http://lxr.linux.no/source/include/linux/ext2_fs.h#L234 siehst du als Typ uebrigens __le32. Das ist definiert in http://lxr.linux.no/source/include/linux/types.h#L172 und endet als __u32, also unsigned 32 bit. Also 2^32 Blöcke. Bei 4 KB Blöcken sind das 17592186044416 Bytes, oder 16 TB, bei 1 KB Blöcken nur 4 TB.\ntheclaw\u0026gt; Diese Blöcke haben aber nix mit den Blöcken bei ext2 zu tun? Oder doch?\nIsotopp\u0026gt; show_super_stats\nIsotopp\u0026gt; Block size: 1024\nIsotopp\u0026gt; In meinem Fall also auch maximale Dateigröße 4 TB. 4 Gigablocks.\ntheclaw\u0026gt; Okay, dann noch eine Frage:\ntheclaw\u0026gt; TOTAL: 1804 und Blockcount: 3608, huh? Warum *2?\nIsotopp\u0026gt; Hmm, da rechnet jemand mit 512 Byte Hardwaresektoren, warum auch immer.\nIsotopp\u0026gt;\nlinux:~ # ls -lsi /boot/vmlinuz-2.6.13-15-default 28 1513 -rw-r--r-- 1 root root 1541719 Sep 13 2005 /boot/vmlinuz-2.6.13-15-default Isotopp\u0026gt; Inode 28, 1513 Blöcke auf der Platte, Dateilaenge 15411719 Bytes. Rechnerisch ist 1541719/1024 = 1505.5849. 7 Blöcke Verwaltungsoverhead. Und zwar\n(0-11):11515-11526, (IND):11527, (12-267):11528-11783, (DIND):11784, (IND):11785, (268-523):11786-12041, (IND):12042, (524-779):12043-12298, (IND):12299, (780-1035):12300-12555, (IND):12556, (1036-1291):12557-12812, (IND):12813, (1292-1505):12814-13027 TOTAL: 1513 Isotopp\u0026gt; (IND):11527, (DIND):11784, (IND):11785, (IND):12299, (IND):12556, (IND):12813 \u0026lt;- das sind 6.\nIsotopp\u0026gt; 1541719/1024 = 1505.5849 sind 1506. Plus 6 sind 1512.\nIsotopp\u0026gt; Er meint total sei 1513. Wieso?\ntheclaw\u0026gt; Ich versteh das sowieso nicht, warum da 1513 angezeigt wird. 1292-1505 ist das letzte und dann total 1513. Evtl noch die Metainfos dazu?\nIsotopp\u0026gt; Nein, aber die DIND und IND Blocks. Für die Blöcke 12-267 wird ja ein IND gebraucht, für die Blöcke 268-1505 wird ein DIND und vier IND gebraucht. 6 blocks Extra. Siehe noch einmal http://kris.koehntopp.de/artikel/dateisysteme/filestructure.gif . Das rechts sind die Daten. In der Inode stehen die ersten paar Datenblocknummern direkt, in der zeichnung 10, in ext2 sind es 12. Dann steht in der Inode die Nummer vom IND, und im IND die Blocknummern der Datenblöcke, hier 12-267. Das ist also 1 block overhead, wenn das file mehr als 12 blocks lang wird. Dann ein DIND, wenn der 268\u0026rsquo;te block gebraucht wird und für jeweils 256 Blocks ein IND dazu.\ntheclaw\u0026gt; Du erklaerst so schnell.\nIsotopp\u0026gt;\nlinux:/boot # dd if=/dev/zero of=kris bs=1k count=12 linux:/boot # ls -ls kris 12 -rw-r--r-- 1 root root 12288 Dec 26 16:58 kris 12 Blöcke, 12288 Bytes Länge. Und nun:\nlinux:/boot # dd if=/dev/zero of=kris bs=1k count=13 linux:/boot # ls -ls kris 14 -rw-r--r-- 1 root root 13312 Dec 26 16:58 kris Ein 1k länger, 14 Blocks statt 12.\ntheclaw\u0026gt; Wie findet man die Größen der BGs eines dateisystems heraus?\nIsotopp\u0026gt; Lies show_super_stats von debugfs.\nlinux:/boot # export DEBUGFS_PAGER=cat linux:/boot # debugfs /dev/sda5 debugfs 1.38 (30-Jun-2005) debugfs: show_super_stats Inode count: 26104 Block count: 104388 Block size: 1024 Blocks per group: 8192 Inodes per group: 2008 Inode blocks per group: 251 Isotopp\u0026gt; Wird einiges klarer?\ntheclaw\u0026gt; Ein bisschen. Also wenn ich z.B. block nummer X habe, dann ist (nummer X)/(blocks per group) die BG nummer gell?\nIsotopp\u0026gt; Ja, aber das interessiert nicht. Du redest ja von Blöcken.\nIsotopp\u0026gt; Der n-te Block der Datei x kann irgendwo liegen. Wo, das sagt dir die Inode. Normal hast du ja ein File, und eine Position in einem File.\ntheclaw\u0026gt; Ich kann doch einfach von der Adresse auf der Platte X * bytes_per_block lesen?\nIsotopp\u0026gt; Na ja, als root schon. Sonst nicht. debugfs macht das ja, die Disk als raw device auf und dann direkt auf die Blöcke klettern. Niemand sonst tut so etwas ausser debugfs und fsck. Alle anderen machen FILES auf und lesen dann am OFFSET in dem File. Punkt ist, dass du normal mit Files arbeitest und nicht mit Blöcken. Der Kernel arbeitet mit Blöcken. Und er muss irgendwie vom File + Offset auf den Block kommen.\ntheclaw\u0026gt; Ja Klar\nIsotopp\u0026gt; Unser ext2 hier hat 1 KB Blocksize. Wir lesen das File /boot/vmlinuz-2.6.13-15-default (inode 36). Und zwar am Offset 1000000 (1 mio). Der wievielte Block im File ist das?\ntheclaw\u0026gt; denk. Erstmal hat man ja nur den Dateinamen.\nIsotopp\u0026gt; Ja, das kümmert uns gerade noch nicht. Offset 1 mio \u0026ndash; welcher block? 1000000/1024 = 976.5625. Also Bytes 0-1023 sind Block 0, Bytes 1024-2047 sind Block 1 und so weiter. In unserem fall also block 976. 976*1024=999424, 1000000-999424=576. Byte 1 000 000 steht also in Block 976, an Position 576 in diesem Block.\ntheclaw\u0026gt; Okay. Stop mal. Hab da gleich ne Frage dazu:\ntheclaw\u0026gt; 21:40 Isotopp\u0026gt; und das Wichtigste in struct: __le32 i_block[EXT2_N_BLOCKS]; theclaw\u0026gt; dieser kontext: i_block[976] brauchen wir da also. Ack? Und dazu noch das offset dazu?\nIsotopp\u0026gt; Ja, aber den kriegen wir nicht so. http://kris.koehntopp.de/artikel/dateisysteme/filestructure.gif .\ntheclaw\u0026gt; Ja, das wollte ich grad sagen. :-P Blocks 0-11 kriegen wir so. Muss man sich halt den Weg durchhangeln.\nIsotopp\u0026gt; blocks 12-267 kriegen wir über den IND (single indirect block). Und blocks 268- kriegen wir über den DIND und den passenden IND.\nIsotopp\u0026gt; 976-12=964, 964-256=708. 708/256=2.7656. Also müssen wir über den 2. IND des DIND gehen.\ntheclaw\u0026gt; Ich weiss nicht ganz was du da rechnest.\nIsotopp\u0026gt; Naja, 1 KB blockgroesse, 4 byte pro blocknummer, also 256 blockadressen pro Block. 976ter Block ist gefragt.\ntheclaw\u0026gt; ay\nIsotopp\u0026gt; 12 direct blocks, also 964 blocks dahinter.\ntheclaw\u0026gt; Also mit einem \u0026ldquo;indirekten block\u0026rdquo; kann man 256 andere Blöcke adressieren, wie pointer in C\ntheclaw\u0026gt; Ich hab noch ganz grundlegende Fragen. Was wir wirklich wollen, ist doch das mapping logische Ext2block-Adresse der Datei → physische Blockadresse. Richtig?\nIsotopp\u0026gt; In diesem speziellen Fall: ja. Die allgemeine Formulierung lautet so: Wir haben ein Quadrupel (major number, minor number, inode number, offset in bytes), das ist ein Device, eine Partition (maj, min), und in dem Device ein File (inode), und in dem File eine Byteposition. Und wir wollen ein Tripel (maj, min, blockno), also in der partition (maj, min) den zu dieser Datei gehörenden physikalischen Block.\ntheclaw\u0026gt; jo\nIsotopp\u0026gt; Weil (maj, min) bei dieser Abbildung konstant sind (wir arbeiten immer innerhalb derselben partition), vergessen wir maj und min und reden von einer Funktion die (ino, offset) auf (phy block) abbildet. Das nennt man ein Mapping. Und zwar ein Mapping für Datenblöcke. Daher heisst die funktion bmap. Jedes Dateisystem hat so eine Funktion, daher reden wir hier über die bmap funktion von ext2, die heisst also sinnigerweise ext2_bmap.\ntheclaw\u0026gt; Schonmal sauhilfreich. ext2_bmap: Jetzt kann ich mir was darunter vorstellen. Danke. codesuch\nIsotopp\u0026gt; Es ist eine diskrete Funktion.\ny = mx+k. Das sind kontinuierliche Funktionen von R-\u0026gt;R.\nWir arbeiten hier mit diskreten, endlichen Funktionen. Die werden in der Regel als Lookuptable realisiert.\nEs gibt also eine Wertetabelle, die jedem (ino, offset) ein (phy block) zuordnet.\nDie Wertetabelle ist die Inode. Eine Inode ist also ein Array von Blocknummern.\nWenn es ein naives Array waere, dann waere die Inode variabel groß und für große Dateien sehr, sehr gross. Das ist wenig effizient.\nDaher hat man die Inode komprimiert, für kleine dateien (bis 12 blocks) speichert man die Wertetabelle tatsächlich in der Inode (i_blocks[0-11]), aber stell Dir dieses Verfahren mal für 1000 Blocks vor. Das wäre doof.\nAlso speichert man die Wertetabelle für die Blöcke 12-267 nicht in der Inode, sondern in einem für diesen Zweck bestellten block, indem indirect block und in der Inode nur den einen Eintrag für diesen Block.\ntheclaw\u0026gt; Ich habs soweit gecheckt.\nIsotopp\u0026gt; Das kann man beweisen.\nlinux:/boot # dd if=/dev/zero of=kris bs=1k count=12 12 blocks a 1 KB (ich hab ja ein ext2 mit 1 KB blocks).\nlinux:/boot # ls -ls kris 12** -rw-r--r-- 1 root root 12288 Dec 26 17:30 kris 12288 bytes lang 12 blocks belegt. Nun mal 13 KB.\nlinux:/boot # dd if=/dev/zero of=kris bs=1k count=13 linux:/boot # ls -ls kris 14 -rw-r--r-- 1 root root 13312 Dec 26 17:30 kris 13312 bytes, aber 14 blocks! Da ist er, der IND.\ntheclaw\u0026gt; selbstausprobier Ist das die Anzahl der Blöcke für das Inode inklusive den Daten?\nIsotopp\u0026gt; Das ist die Anzahl der Blöcke OHNE die inode selber (Die belegt 128 byte in der Inodetable), also Daten + IND + DIND + TIND. Kann man auch beweisen.\nlinux:/boot # dd if=/dev/zero of=kris bs=1k count=0 linux:/boot # ls -ls kris 0 -rw-r--r-- 1 root root 0 Dec 26 17:33 kris Isotopp\u0026gt; File mit 0 Byte belegt 0 Blocks, Inode wird also nicht gezählt.\ntheclaw\u0026gt; okay. Das war hilfreich die Erklaerung, danke.\nIsotopp\u0026gt; Also wir haben in der Inode das Lookup Array für eine diskrete Funktion, eine Wertetabelle, und die Speicherung des Array ist ulkig. Und wir haben deswegen overhead, weil wir die mit 1, 2 und 3 markierten Blöcke in http://kris.koehntopp.de/artikel/dateisysteme/filestructure.gif irgendwann belegen müssen. Und deswegen siehst du die Sprünge - kein File hat jemals 13 Blocks.\ntheclaw\u0026gt; Moment, aber das ist ja sau umständlich eine ganze Datei zu lesen dann? :)\nIsotopp\u0026gt; Ah! Jetzt dämmert es langsam. Ist ja nicht so, dass ext2 GUT wäre.\nIsotopp\u0026gt; So, jetzt gehen wir noch mal in den Code\nIsotopp\u0026gt; Das ist ext2_bmap , sehr kurz. Du erinnerst dich: JEDES Dateisystem hat ein bmap. Darum ist ext2_bmap sehr kurz, es ruft generic_block_bmap auf. Das wiederum ruft dann allerdings ext2_get_block auf, das die Arbeit für generic_block_bmap macht. generic_block_bmap kriegt also einen Callback nach ext2_get_block mitgegeben. Wir landen also in ext2_get_block . So weit so klar?\ntheclaw\u0026gt; Ja warte. Ich schau mir den Code gerade an.\nIsotopp\u0026gt; Tut nicht not. Noch nicht. Erst mal ist nur wichtig, wie wir zu ext2_get_block kommen und wieso da ein Umweg über das generic_block_bmap gemacht wird.\ntheclaw\u0026gt; Nicht klar. Warte. Wo bei ext2_get_block() ist das Offset?\nIsotopp\u0026gt; in iblock (2. parameter), ist schon umgerechnet in eine blocknummer.\ntheclaw\u0026gt; Ah klar, der n. block eines inodes.\nIsotopp\u0026gt; Wir sind also in http://lxr.linux.no/source/fs/ext2/inode.c#L547 und sollen iblock aus inode (1. parameter) fischen. Also block 976 aus file 36. Wir müssen ja nun je nach Blockoffset unterschiedlich kompliziert die Lookuptable runterklettern. Bei blocks 0-11 wäre alles ganz einfach, bei 12-267 kommt der IND dazu und bei den folgenden Blöcken der DIND. Soweit das Verfahren grundsätzlich klar?\ntheclaw\u0026gt; Ich schau mir das .gif nochmal an.\nIsotopp\u0026gt; Es wird leichter, wenn du http://lxr.linux.no/source/fs/ext2/inode.c#L196 liest. i_block ist also 976. Dann schau mal in die Zeile 196. Zeile 201: direct_blocks ist 12. indirect_blocks ist ptrs, also 256.\ntheclaw\u0026gt; ext2_block_to_path. Das path hat nix mit dem Dateisystempfad zu tun, sondern mit dem Pfad, wie man zum Block kommt. Ahh.\nIsotopp\u0026gt; Es geht um den Path in http://kris.koehntopp.de/artikel/dateisysteme/filestructure.gif , ja.\ntheclaw\u0026gt; Warte, ich hab eine Frage zu dem GIF. Da z.b. \u0026ldquo;1\u0026rdquo;, also der erste indirekte Block. Der koennte auf 256 weitere zeigen?\nIsotopp\u0026gt; Ja. In unserem Beispiel ist das so, 4 byte pro blocknummer und 1 kb pro block. Bei anderen Größen (8 byte pro blocknr, und 4 kb pro block) ist das anders. 4096/8 = 512 pro IND z.B.\ntheclaw\u0026gt; hm. Sorry, ich dachte ne Blocknummer ist 32bit?\nIsotopp\u0026gt; Ja, in unserem Beispiel ist das so. Aber es waere ja möglich, das alles mit anderen Sizes zu compilen. Und dann soll es auch noch funktionieren. Also coden wir das alles nicht hart rein, sondern speichern die Rahmendaten im Superblock des Filesystems und schreiben den Code ordentlich. Soweit so klar?\ntheclaw\u0026gt; jo\nIsotopp\u0026gt; Drum auch der Code in http://lxr.linux.no/source/fs/ext2/inode.c#L196 , Zeilen 199 bis 203.\ntheclaw\u0026gt; Den ich mir grad anschaue. ;)\nIsotopp\u0026gt; Der fragt den Superblock sb nach den Anzahl der Adressen pro Block, und bestimmt dann die direct_blocks, die Anzahl der Blockadressen pro indirect Block in indirect_block und die Anzahl der Blockadressen pro Double Indirect Block.\nDer macht das ein wenig komisch. Erst mal direct_blocks. Das ist leicht, da nimmt er nur den #define. indirect_blocks ist auch leicht, das ist ptrs, also EXT2_ADDR_PER_BLOCK(...sb), also mal im Superblock nachschlagen.\n[#define EXT2_ADDR_PER_BLOCK(s) (EXT2_BLOCK_SIZE(s) / sizeof (__u32))](http://lxr.linux.no/source/include/linux/ext2_fs.h#L100).\nBlock size bei uns 1024 und sizeof __u32 ist immer 4. Also ist mein beispiel mit 8 derzeit hypothetisch.\ntheclaw\u0026gt; ;)\nIsotopp\u0026gt; Ein double block kann ebenfalls ptrs viele Blockadressen enthalten, also 256 Stück. Jede von denen ist ein indirect block, der 256 Datenblöcke enthält.\ntheclaw\u0026gt; also 256^2 und ein TIND für 256^3.\nIsotopp\u0026gt; Nun will er das aus irgendeinem Grund nicht so rechnen, sondern mit bit shifts, also macht er 1 \u0026laquo; (ptrs_bits * 2).\ntheclaw\u0026gt; Also warte, kann man 256+256^2+256^3 Blöcke adressieren, d.h. kann ne Datei so groß sein?\nIsotopp\u0026gt; Ja, das ist auch noch ein Limit. Aber da wir nur 2^32 viele Blocknummern haben, ist bei 4 Gigablocks Schluss, also bei 4 TB (1 kb Blöcke) oder 16 TB (4 kb Blöcke).\ntheclaw\u0026gt; Okay, irgendwie so ;)\nIsotopp\u0026gt; Du müßtest schon die Blocknummern länger machen als ein __u32, damit mehr geht, dann passen aber weniger direct_blocks in eine Inode, oder die Inode wird größer.\nIsotopp\u0026gt; Aber wir wollen mal weiter im Code. Schau in zeile 207. Was machen die da?\nIsotopp\u0026gt; if (i_block \u0026lt; 0) { Isotopp\u0026gt; geht das überhaupt?\ntheclaw\u0026gt; Warte\ntheclaw\u0026gt; Nah, nur durch nen Programmierfehler evtl.\nIsotopp\u0026gt; Welchen typ hat i_block?\ntheclaw\u0026gt; unsigned? :) Ja, okay. Das geht überhaupt nicht.\nIsotopp\u0026gt; Steht oben in der Funktion - da ist es ein LONG!\ntheclaw\u0026gt; ah, doch ein signed :)\nIsotopp\u0026gt; Aber eine Blocknummer, das haben wir vorher gesehen, ist ein __u32!\ntheclaw\u0026gt; Macht das sinn?\nIsotopp\u0026gt; Nein, das ist FAHALSCH!\ntheclaw\u0026gt; Sag das doch!\nIsotopp\u0026gt; Du hast gerade deinen ersten Kernelfehler gefunden.\ntheclaw\u0026gt; Geil! ;)\nIsotopp\u0026gt; Der Fehler sieht Blocknummern als signed, daher ist also nun schon bei 2 Gigablocks zu, also 2 TB und 8 TB Filesize (für 1 und 4 kb Blocksize). Aber weiter im Text, Zeile 209.\nIsotopp\u0026gt; Weiter zu 212. ((i_block -= direct_blocks) \u0026lt; indirect_blocks) ist dir auch klar? Wir zermatschen i_blocks hier als Seiteneffekt.\ntheclaw\u0026gt; ja bin ein C-ler. Daran scheitert die Erklaerung nicht ;)\nIsotopp\u0026gt; Also sind wir in 216. Nun ist i_block also 964 und wir ziehen 256 (indirect_blocks) ab. Das sind 708. Und double_blocks ist 256^2. Also true. Also speichern wir in 217: lese EXT2_DIND_BLOCK, dann in 218: lese i_block/256 (i_block \u0026gt;\u0026gt; ptrs_bits), und in 219: lese i_block % 256 (i_block \u0026amp; ( ptrs - 1)). Dann sind wir fertig.\nIsotopp\u0026gt; Wir sind wieder in http://lxr.linux.no/source/fs/ext2/inode.c#L547 , line 557 nun, soweit klar?\ntheclaw\u0026gt; Kleinen Moment, das Bitshifting finde ich verwirrend.\nIsotopp\u0026gt; ja\ntheclaw\u0026gt; ich weiss jetzt, was ext2_block_to_path macht.\ntheclaw\u0026gt; Also warte mal. Lass mich mal zusammenfassen.\ntheclaw\u0026gt; Naja, nicht mal so einfach zu beschreiben.\nIsotopp\u0026gt; Doch schon. Dir fehlen nur die Worte.\ntheclaw\u0026gt; :] jo\nIsotopp\u0026gt; Wir haben nun offset[0], offset[1] und offset[2]. In offset[0] steht welches Feld aus der Inode wir nehmen (das DIND feld), Wir haben dann einen Block mit 256 Feldern, und nehmen das Feld offset[1] da draus, lesen den Block und nehmen das Feld offset[2] da draus.\ntheclaw\u0026gt; Naja, das sind ja Details. Mich interessiert aber eher das Design als die Implementation ;), Das geht mir schon zu sehr in die Tiefe ehrlich gesagt.\nIsotopp\u0026gt; Allgemeiner: wir haben ein Array, das nicht linear ist, sondern quadratisch steigend durch Indirektion komprimiert wird, und bei unseren Randparametern ist die schrittweite 8 bit (256 entries) pro Block, also 256, 256^2, 256^3, \u0026hellip; und das ist genau die Zeichnung http://kris.koehntopp.de/artikel/dateisysteme/filestructure.gif .\ntheclaw\u0026gt; Okay. Jetzt sind meine Fragen geklärt oder? Dieses ganze Detailwissen erschlägt mich ;)\nIsotopp\u0026gt; Der Rest sind tatsaechlich Kerneldetails. Das hier war die Logik. Der Punkt ist, dass du in block_to_path durch die Faltlogik geklettert bist. Also die, die das mit DIR, IND, DIND und TIND analysiert und entscheidet.\ntheclaw\u0026gt; Naja, Faltlogik?\nIsotopp\u0026gt; Ja, erst 12 direkt, dann 256 einmal gefaltet, dann 256*256 zweimal gefaltet, dann 256*256*256 dreimal gefaltet statt eines einzigen linearen Arrays das zum groessten Teil leer waere.\ntheclaw\u0026gt; Hm, ich versteh zwar das System, aber nicht was das mit Falten zu tun hat ;)\nIsotopp\u0026gt; Naja, statt eines Array mit 2 Gigaentries (Kernelbug!) hast du ein Array mit 15 Eintraegen, bei dem die ersten 12 Eintraege für sich selber stehen, der Eintrag 13 für 256 Eintraege, der Eintrag 14 für 256 Eintraege, die für 256 Eintraege stehen, steht, und der Eintrag 15 für 256 Eintraege die für 256 Eintraege, die für 256 Eintraege stehen steht. Also einmal falten, zweimal falten, dreimal falten.\ntheclaw\u0026gt; Aber \u0026ldquo;falten\u0026rdquo;?\nIsotopp\u0026gt; So in etwa:\n___ ___\\ /___ theclaw\u0026gt; Was stellt das dar?\nIsotopp\u0026gt; Ein Eintrag, der für viele steht. Ein Blatt Papier mit zwei Knicks, ein Eintrag (der zwischen \\ /) steht für Drei (___)\nIsotopp\u0026gt; Und zum Schluß http://www.tamacom.com/tour.html , http://www.tamacom.com/tour/kernel/unix/ , http://www.tamacom.com/tour/kernel/unix/S/97.html#L18 .\nDas, mein Freund, ist der Urvater aller bmaps, bmap in V7 Unix.\nRein gehen eine struct inode, die inode, eine daddr_t bn, eine blocknummer und ein rwflag, das ist aber Wurst. Raus geht eine daddr_t blocknummer.\nAlso (ino, block_in_file) -\u0026gt; (phys blocknr). NADDR ist die Anzahl der Eintraege in der Inode. Also sind 0-\u0026gt; NADDR-4 die direct blocks, NADDR-3 der IND, NADDR-2 der DIND und NADDR-1 der TIND.\ntheclaw\u0026gt; Aber den Code will ich mir jetzt nicht genauer ansehen, sorry ;)\nIsotopp\u0026gt; Das ist derselbe Code, nur noch verquaster. Der ist ja auch 30 Jahre alt.\ntheclaw\u0026gt; Den Link bookmarke ich mal, das könnte noch interessant werden.\nIsotopp\u0026gt; Und weil es so schön ist, sind da auch die FreeBSD, NetBSD, OpenBSD und Hurd Versionen von demselben Zeug. Und da kannst du dann sehen wie fundamental das ist, was Du da gerade anfasst. Und wie sich C-Style im Kernel in den letzten 30 Jahren so entwickelt hat. Weil das V7 Zeugs da sind etwa 30 Jahre von hier, das 4.3BSD sind ca. 20 Jahre von hier und das Linux-Zeugs ist von jetzt.\ntheclaw\u0026gt; Wenn ich das so seh fällt mir grad auf wie sinnvoll man seine Zeit nützen könnte ;)\n","date":"2006-12-26T00:00:00Z","href":"https://blog.koehntopp.info/2006/12/26/filesysteme-fuer-theclaw-30-jahre-unix-source.html","tags":["filesystems","erklaerbaer","unix","lang_de"],"title":"Filesysteme für theclaw (30 Jahre Unix Source)"},{"categories":null,"content":" Wie in AN.ON: Thilo Weichert lädt ein angekündigt war heute die Konferenz zu AN.ON im BMWi in Berlin. AN.ON hat den Java Anon Proxy entwickelt, ein Anonymisierungssystem für HTTP-Zugriffe ähnlich, aber unterschiedlich von tor.\nIn der Konferenz kam sehr schön heraus, was der Unterschied zwischen JAP und tor ist: Die Unterschiede sind nicht primär technischer Art (die technischen Unterschiede existieren auch, sind aber im Grunde unwesentlich), sondern in den Prozessen über der Technik. Während tor eine rein technische Lösung präsentiert und keine Prozesse und keine Garantien für Benutzer, Betreiber und Bedarfsträger gibt, versucht JAP ein Konzept von \u0026ldquo;gemanagter Anonymität\u0026rdquo; zu definieren.\nAls Projekt mit der Uni Dresden und dem ULD Schleswig-Holstein als Projektpartner versucht AN.ON einen Überbau zu liefern, der gegenüber allen drei Parteien Vertrauen schafft: JAP operiert mit einer Rechtsgrundlage, die durch die Selbstverpflichtung der Kaskadenbetreiber definiert wird. Gegenüber Nutzern gibt diese Garantien ab, die zum Beispiel verhindern, daß Exit-Traffic gesnifft wird, wie dies einige tor-Nodes tun. Gegenüber Betreibern definiert diese bestimmte Standardverfahren- und prozesse, die die Betreiber mit nutzen können (so hat das ULD zum Beispiel die Betreiber von Kaskaden mit rechtlicher Beratung versehen). Und gegenüber Bedarfsträgern definiert das Projekt eine juristisch starke und so eng als möglich gefaßte Schnittstelle, um so einen rechtlichen Rahmen zu finden, in dem der Betrieb von Anonymisierungsdiensten trotz des Drucks der Bedarfsträger weiter ermöglicht wird.\nDurch das Vorhandensein einer solchen Schnittstelle versucht JAP den Verfolgungsdruck abzufedern, der von bestimtmen Behörden gegenüber etwa tor-Nodes in Deutschland aufgebaut werden soll. Gleichzeitig stärkt die Rechtsberatung der Betreiber deren Position.\nMit dem Auslaufen der Förderung steht AN.ON jetzt vor dem Problem, eine finanzielle Basis als Produkt finden zu müssen, und da ist nun erst einmal die Frage nach einem Kassier- und Geschäftsmodell, und dem vorgelagert die Frage nach dem Bedarf und dem Vertrauen. Nachdem so viele andere kommerzielle Anonymisierungsdienste bereits gescheitert sind, sind dies wahrscheinlich die Hauptfragen. Besteht überhaupt ein Marktbedarf nach einem solchen Dienst? Wenn ja, wozu? Und wie kann man so einen Dienst in der heutigen Welt stabil und integer betreiben?\nJAP wird jedenfalls gut angenommen: Die Nutzung erfolgt weit über den deutschen oder europäischen Raum hinaus, und die Nutzung geschieht durchaus auch zu produktiven Zwecken, und auch um sich \u0026ldquo;politisch adäquat artikulieren zu können\u0026rdquo;, wie burks es formulierte.\n","date":"2006-11-24T00:00:00Z","href":"https://blog.koehntopp.info/2006/11/24/an-on.html","tags":["security","lang_de"],"title":"AN.ON"},{"categories":null,"content":"In Business und OSS verweist Jörg Möllenkamp auf Samba Team Asks Novell zu Reconsider und spielt ein Gedankenexperiment durch:\nSo im gedanklichen Hintergrund stellt sich mir jetzt die Frage, was wohl passieren würde, wenn das Entwicklungsteam eines wesentlichen Bestandteils der Umgebung einer der Großdistributionen plötzlich die Lizenz entziehen würde. Als Gedankenspiel: Das Samba-Team zieht die Lizenz von Novell für Samba zurück.\nSamba beschreibt sich selbst wie folgt:\nSamba is an Open Source /Free Software suite that has, since 1992 , provided file and print services to all manner of SMB/CIFS clients, including the numerous versions of Microsoft Windows operating systems. Samba is freely available under the GNU General Public License .\nIn Sektion 6 der GPL heißt es:\nEach time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients\u0026rsquo; exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. Die Grundlage für dieses Gedankenexperiment ist also in der realen Welt nicht gegeben. Es ist nicht möglich, bestimmte Firmen von der Nutzung GPL lizenzierter Software in irgendeiner Weise auszuschließen. Das ist Absicht und wird von den Entwicklern der GPL als Feature gesehen.\nDie GPL geht zweigleisig an das Problem heran ( mehr Details ) . Die ersten drei Freiheiten, die die GPL gewährt, sind\nDie Freiheit, das Programm zu jedem Zweck auszuführen. Die Freiheit, das Programm und seine Funktionsweise zu studieren und anzupassen. Die Freiheit, das Programm nach Belieben zu verändern. Die GPL sieht keine Möglichkeit vor, irgendjemandem diese drei Freiheiten aus welchem Grund auch immer zu verwehren. Das trifft sogar für alle diejenigen zu, die andere Bestimmungen der GPL versehentlich oder absichtlich verletzen. In keinem Fall könnte das Samba-Projekt unter der GPL Novell oder sonst irgendjemandem die Nutzung von Samba, das Studium des Samba-Quelltextes oder die Veränderung des Samba-Quelltextes verbieten.\nDie vierte Freiheit, die die GPL gewährt, ist\nDie Freiheit, das Programm weiterzugeben. Die GPL knüpft diese Freiheit an eine Bedingung. Die Bedingung ist dort oben zitiert. Indem das Samba-Projekt das Programm (Samba) unter der GPL an irgend jemanden weitergibt, gibt das Samba Projekt diesem auch die Freiheit, das Programm mit allen Freiheiten weiterzugeben. Das Einschränken dieser Freiheiten wird ausdrücklich ausgeschlossen. Dadurch bekommt zwingend transitiv auch immer Novell (und jeder andere, der die GPL nicht verletzt) das Recht, Samba unter der vierten Freiheit weiterzugeben.\nDas ist kein Versehen. Die GPL ist eine Lizenz, die Freiheiten geben und bewahren soll. Die Schöpfer der GPL sehen diese Freiheiten als absolut, also gegenüber jedem und für immer gültig. Wenn der Mechanismus der GPL einmal in Gang gesetzt worden ist, dann soll es keinen Mechanismus geben, mit dem ein GPL Programm in irgendeiner Weise eingeschränkt werden kann. Auch nicht für die ursprünglichen Lizenzinhaber.\nDie GPL gibt damit Sicherheit: Die Freiheiten, die die GPL gewährt, sind auch dann sicher, wenn unter den Beteiligten in irgendeiner Weise Unstimmigkeiten herrschen oder ein offener Disput besteht. Die GPL und GPL lizensierte Software spielen nicht am Markt der kompetitiven Player und sind im Gegensatz zu anderen Lizenzen absichtlich so gestaltet, daß die Lizenz-politischen Instrumente der kompetitiven Player nicht zum Einsatz kommen können.\nDie GPL ist die Verfassung der kooperativen Spieler. Sie ist so gestaltet, daß sie alle Parteien für immer entwaffnet, solange sie im kooperativen Bereich spielen, und daß sie kompetitive Spieler draußen hält: Wer nach den Regeln der GPL spielt, kann die GPL nicht als Druckmittel einsetzen, weil dies nach Konstruktion nicht möglich ist. Wer nicht nach den Regeln der GPL spielt, kann GPL-lizenzierte Software für sich selbst zwar nutzen, sie aber wegen der fehlenden vierten Freiheit nicht weiterverbreiten (und damit auch nicht verkaufen oder auf GPL-Software basierendende Produkte verkaufen, also keinen kompetitiven Gewinn erzielen).\nSo mag es nun sein, daß sich Novell, Microsoft, IBM und das Samba-Team gegenseitig boxen und an den Karren zu fahren versuchen. Aber sie können es nicht über die Lizenzen ihrer Software tun, sofern es sich dabei um GPL-lizenzierte Software handelt. Das ist genau der Grund, warum Firmen wie Microsoft so stark Lobbypositionen für Softwarepatente beziehen oder andere Firmen Druck über das Markenrecht auszuüben versuchen oder warum man hin und wieder Anti-GPL Rethorik findet, in der der BSD-Lizenz und ihren Varianten ein Loblied gesungen wird: Diese Lizenzen haben die Schutzmechanismen der GPL nicht und würden es erlauben, Software für einzelne oder alle Lizenznehmer aus dem Markt zu nehmen oder proprietäre Erweiterungen auf der Basis vormals freier Software zu bauen.\nDoch damit würde die Lizenz wieder zum Druckmittel. Die GPL erzwingt und belohnt kooperatives Verhalten.\nDie in den letzten 10 Jahren neu eröffneten Kriegsschauplätze Lizenzen und Marken sind den Entwicklern der GPL wohl bewusst und die Arbeit an der GPL V3 geht voran ( mehr Details ). Über die neuen Bestimmungen der GPL V3 ist viel gejammert worden, insbesondere auch vom Linux Kernel Team.\nDarum gibt es eine Zusammenfassung und Klarstellung der Ziele und Bestimmungen der GPL V3 durch die Free Software Foundation, die deutlich macht, was die Ziele der GPL in jeder Version sind und wie sie in der jeweiligen Version erreicht werden sollen.\nDas Samba-Team ist da voll auf der Linie der FSF : Darum ja genau die harsche Reaktion auf den Vertrag zwischen Microsoft und Novell. Nur: Die Software selbst wird nicht zum Spielball dieser Auseinandersetzung. Weil die GPL es nach Konstruktion nicht zuläßt.\n","date":"2006-11-12T00:00:00Z","href":"https://blog.koehntopp.info/2006/11/12/gpl-microsoft-novell-samba-org-und-die-freiheiten-der-gpl.html","tags":["copyright","free software","lang_de"],"title":"GPL: Microsoft, Novell, Samba.org und die Freiheiten der GPL"},{"categories":null,"content":" Am 24.11.2006 findet in Berlin am BMWi die Abschlußveranstaltung des Projektes \u0026ldquo;Starke Anonymität und Unbeobachtbarkeit im Internet \u0026rdquo; (AN.ON) statt. AN.ON entwickelt und betreibt den vom BMWi geförderten Anonymisierungsdienst AN.ON/JAP , unter anderem in Zusammenarbeit mit dem ULD Schleswig-Holstein . Die finanzielle Projektförderung durch das BMWi läuft zum Ende des Jahres 2006 aus.\nDas Programm der Veranstaltung findet man im Flyer (PDF).\nAnonyme Kommunikation ist in Zeiten der Vorratsdatenspeicherung wichtiger denn je. Sie ist auch eine Vorraussetzung für die Durchführung freier, gleicher und geheimer Wahlen etwa von Computern zu Hause. Ob und wie AN.ON/JAP nach dem Auslaufen der Förderung fortgesetzt wird, ist noch unklar und wird laut Programm des Flyers auf der Abschlußveranstaltung leider auch nicht als Programmpunkt thematisiert.\nAber jeder mit einem eigenen Server im Internet kann selbst etwas für die anonyme Kommunikation im Internet tun: Mit einem eigenen tor -Node kann man selbst einen Knoten in einem internationalen und öffentlichen Netzwerk von Mixen betreiben. Das Setup ist nicht kompliziert und mit meinem Strato MR2 ziehe ich zur Zeit gut 2 TB Traffic im Monat durch. tor und JAP interoperieren auch, sodaß tor-Bandbreite in gewisser Weise auch AN.ON/JAP hilft.\n","date":"2006-11-01T00:00:00Z","href":"https://blog.koehntopp.info/2006/11/01/an-on-thilo-weichert-laedt-ein.html","tags":["privacy","identity","politik","security","lang_de"],"title":"AN.ON: Thilo Weichert lädt ein"},{"categories":null,"content":" Jetzt bin ich genau ein Jahr lang für MySQL auf der Straße gewesen. Eigentlich begann alles schon ein wenig früher, als ich meinen Resturlaub Anfang September 2005 dazu verwendet habe, am MySQL Consulting Bootcamp 2005 in München teilzunehmen und mich dort auch zertifizieren zu lassen. Zwei Monate später, am 1. November, habe ich dann meinen neuen Job angetreten.\nDie ersten zwei Wochen habe ich Peter Zaitsev beim c\u0026rsquo;t DVD-Shop Benchmark begleitet und dabei eine Menge über MySQL Performance Tuning gelernt. Meine erste Reise hat mich nach Stockholm geführt, wo mir Tobias Asplund dann die Grundlagen des Geschäfts gezeigt hat und mein erster Alleinflug ging gleich danach nach Trondheim, wo ich nicht nur Replikation bis zum Abwinken habe spielen können, sondern auch gleich noch gelernt habe, daß Migrationen nach 5.0 nicht immer ganz einfach sein müssen. Den November habe ich in Amsterdam abgeschlossen, wo ich von Kai mit der \u0026ldquo;Using und Managing MySQL\u0026rdquo;-Class druckbetankt worden bin, und Kai und ich mit Eric vom (damals) JDBC-Connector-Team durch die Kneipen gezogen sind.\nIm Dezember habe ich nicht nur Helsinki im Dunkeln gesehen, sondern auch gelernt, wie man betrunken über 2000 km nach Hause findet: Der 6. Dezember ist in Finnland nämlich Nationalfeiertag und der Kunde und ich waren wahrscheinlich die einzigen Personen in ganz Finnland, die da gearbeitet haben. Auf dem Flughafen haben sich unsere Wege dann getrennt: Ich 2000 km nach Süden, der Kunde noch mal nicht ganz so weit nach Norden\u0026hellip; Aber nicht, ohne vorher in der Flughafenbar in Helsinki von einem Finnen Salmiakki erklärt zu bekommen. Den Rest des Dezembers habe ich in Tübingen, in Dublin und in Lund, Schweden zugebracht. Für die ersten zwei Monate keine schlechte Tour.\nNach zwei Wochen Weihnachtspause habe ich dann das Jahr mit einer 4-Länder-an-einem-Tag-Tour begonnen: Treffen mit Kollegen in Zürich, am selben Tag nach Frankreich, um von dort über London nach Dublin zu fliegen. Was für eine Übung in Jet-Set! Aber alles hatte geklappt und so habe ich dann im Januar meinen ersten Shadow in Dublin delivered, d.h. weitere Kollegen angelernt. Im Januar hat auch einer der entschieden cooleren Aufträge angefangen: Eine Oracle-Migration bei einem Kunden in Rom. So kam es, daß ich an meinem Geburtstag in einem Cafe gegenüber dem Nationalmonument gesessen habe und meinen Espresso geschlürft habe.\nUm ein Haar wäre es mir in der Woche darauf gelungen, meine Mama unangekündigt an ihrem Geburtstag zu überraschen, denn ich hatte in Hamburg zu tun - zum Glück rief ich dann doch noch an, sonst hätte ich vor einer leeren Hütte gestanden.\nDer Februar ging sehr schnell vorbei: Rom, Zürich, Rom.\nNach einer kurzen Bürowoche dann Anfang März ein Einsatz für Training statt Consulting: Kurs halten in Washington, DC - Yay! Die Woche drauf war ich in Belgien und habe außerdem noch ein wenig Remote gearbeitet. Dann Mitte März die MySQL Developers Conference in Sorrento mit Abschlußausflug nach Pompeii. Süditalien, wenn es noch nicht so heiß ist - wunderbar! Die beiden Wochen danach waren ein wenig ruhiger: Ein wenig Remote Work tut nach dieser Reiserei ganz gut.\nAnfang April war ich dann noch kurz in London auf Canary Wharf, bevor es zwei Wochen in den Urlaub nach Schottland ging, um Destillen, Gärten und Hightech zu bewundern und die Highlands zu erkunden. Auf dem Weg haben wir dann auch noch Newcastle und York ein bisschen gesehen. Nach dem Urlaub kommt die Arbeit - in meinem Fall die MySQL Users Conference 2006 in Santa Clara.\nGut daß ich nach der Rückkehr Anfang Mai relativ ruhig daheim bleiben konnte: Jobs in Stuttgart, in Heidelberg und Remote Work für einen Kunden in den USA. Eine mehrtägige Schulung über SkypeOut und screen -x halten. Das geht! Der Mai war sowieso Monat der Kontraste - wie klingt \u0026ldquo;Olpe, Rahden, Washington DC\u0026rdquo;? Washington war jetzt, Ende Mai, übrigens glühend heiß. Wieder eine Schulung, was gut ist, weil man sich da die Zeit gut einteilen kann. Ich habe sie benutzt, um das Air and Space Museum zu besichtigen.\nDen Juni habe ich dann in Stuttgart, Dresden, Zürich und Genf zugebracht. Dabei habe ich in Genf einen uralten Freund wiederentdeckt: Alexander Finger betrieb vor nicht ganz 20 Jahren syd.de, während ich als Teil von toppoint.de dasselbe in Kiel tat. Inzwischen hat es ihn nach Genf verschlagen. Ende Juni dann der erste Zweitages-Workshop Performancetuning in München und zwischendurch über das Mittsommer-Wochenende noch mal schnell in Skien, hinter Oslo, denn dort war PHP Vikinger bei EZ Systems. Nach der Rückkehr, quasi aus dem Flieger fallend, dann ein Talk für die Linux Users Group Karlsruhe über Performance Tuning und der Juni ist im Kasten.\nEher häuslich geht es im Juli weiter: PT in München, PT in Stuttgart und eine 1800 km Autotour: Karlsruhe-Rahden-Dresden-Karlsruhe in einer Woche. München, Stuttgart, Olpe. Und ich sagte noch: \u0026ldquo;Schickt mich aus Deutschland weg während der WM.\u0026rdquo; Stattdessen kriege ich glühend heiße, überfüllte WM-Städte während da Spiele sind\u0026hellip; grummel\nDer August beginnt mit Abkühlung, und mit Amsterdam. Ich werde so halb krank, und so kann ich mir die für die 2. Augustwoche geplante Kiel/Dänemark-Tour abschminken. Stattdessen bin ich die Woche drauf in Oslo, in Bath, und dann mal wieder in Helsinki, um ein wenig von den Clustergöttern zu lernen.\nDas kann ich dann Anfang September zurückgeben, wo ich stattdessen Shadow für einen Kollegen in Woking mache und dann zwei Tage PT Workshop in Köln gebe. In Köln treffe ich auch Serendipity\u0026rsquo;s Garvin . Die Office-Woche darauf bringe ich in Kiel zu, um meine Eltern zu besuchen. Die Woche darauf bin ich dann prompt richtig antibiotikamäßig krank statt in Amsterdam. Danach bin ich Ende September dann aber immerhin so fit, daß ich das Projekt in Rom abschließen kann, und die zwei verbleibenden Tage der Woche nutze, um mit der Katze Rom zu erkunden.\nDer Oktober ist dann schnell herumgebracht: zur Hälfte in Amsterdam, zur anderen Hälfte in Karlsruhe\u0026hellip; Und so werde ich dieses Jahr auch beschließen: Neben einer Woche in Sheffield, UK steht bis zum Jahresende mehr oder weniger lückenlos Amsterdam auf dem Plan (Und ein Tag Köln!).\nGefällt mir der Job? Oh, ja. Reisen macht mir Spaß und mit den Zielen habe ich Glück gehabt. Die Arbeit macht Spaß und bietet jede Menge Dinge, die ich noch nicht kann, aber die ich schaffen kann. Auf der Straße und dicht an der Technik scheint mir eher zu liegen als Papierschieberei\u0026hellip; Ansonsten ist es das älteste Gewerbe der Welt: Geh für Geld zum Kunden und mach\u0026rsquo; ihn glücklich.\nIst der Job anstrengend? Oh, ja. Es ist der anstrengendste Job, den ich jemals hatte. Aber, wenn man einen Rhythmus finden kann, bei dem man in passenden Abständen Home-Office machen kann, ist er durchhaltbar\u0026hellip;\nWas haben wir als Firma geschafft? MySQL ist in diesem Jahr von 5.0.15 nach 5.0.27 gekommen und die 5.0 hat sich dabei langsam aber sicher in eine stabile Plattform verwandelt. Meine Kunden haben im Laufe des Jahres die Features von 5.0 entdeckt und so erobert sich MySQL immer mehr Anwendungen, die der Datenbank vorher verschlossen geblieben sind.\nMeine Hauptthemen im Bereich Operating waren \u0026ldquo;Monitoring\u0026rdquo; und \u0026ldquo;Backup\u0026rdquo;, im Bereich DBA sind \u0026ldquo;Replikation\u0026rdquo; und \u0026ldquo;SQL-Optimierung\u0026rdquo;, im Bereich Entwicklung \u0026ldquo;InnoDB und Transaktionen\u0026rdquo;. Seltsamerweise sind Stored Procedures und Trigger ein wichtiger Checkpoint, um ernst genommen zu werden, aber sie werden dann (glücklicherweise!) kaum eingesetzt - denn das Thema im Bereich Architektur war \u0026ldquo;Scale-Out\u0026rdquo; - horizontales Wachstum . Intern war das wichtigste Thema für uns Consultants \u0026ldquo;Wachstum und Integration von neuen Mitarbeitern\u0026rdquo; und ist nun \u0026ldquo;Best Practice Building\u0026rdquo;. Langsam, aber sicher ändert sich die Art der Arbeit von Pivot-Consulting to Projekt-Consulting\u0026hellip;\n","date":"2006-10-31T00:00:00Z","href":"https://blog.koehntopp.info/2006/10/31/ein-jahr-auf-der-strasse.html","tags":["karlsruhe","mysql","travel","work","lang_de"],"title":"Ein Jahr auf der Straße"},{"categories":null,"content":"Im März 1983 bekam ich meinen ersten eigenen Computer, einen Commodore 64. Meiner war das alte Modell mit braunen statt schwarzen Funktionstasten und dem VIC I, bei dem die linken Ränder von Sprites immer flackerten. Im Sommer 1983 kam dann eine 1541 dazu.\nIrgendwann in dieser Zeit zog ich außerdem aus der Probsteier Pampa in die tosende Großstadt, nach Kiel. Dort lernte ich irgendwo an den üblichen Diskettentauschstellen Daniel kennen. Das war gut, denn so kannte ich jemanden, der wie ich im Gegensatz zu den üblichen Kopierkiddies auch selber was machte. Ob das, was wir da gemacht haben überhaupt technisch möglich war, hat uns nur am Rande interessiert.\nIrgendwann im Sommer 1985 haben wir dann gelernt, daß ein Monitorlautsprecher knackst, wenn man die SID-Lautstärke verstellt, und zwar proportional zur Änderung der Lautstärke. Wenn man also einige tausendmal pro Sekunde die Lautstärke umstellt, kann man eine beliebige Wellenform erzeugen.\nDaniel nahm also seinen Lötkolben und einen Haufen Drähte und verband den LED-Output des Levelmeters seiner Stereoanlage mit dem Joystick-Input seines C64. Eine recht haarsträubende Schaltung zählte dabei die angeschalteten LEDs und generierte so die Bitkombinationen 00, 01, 10 und 11.\nIch schrieb eine kleine Endlosschleife, mit der ich die Zwei-Bit-Codes vom Port abholte und mehr als 18.000-mal pro Sekunde in irgendwelche plötzlich gar nicht mehr so reichhaltig vorhandenen Bytes im Speicher shiftete. Weil für eine Prüfung einer Abbruchbedingung keine Zyklen mehr übrig waren, mußte ich die Schleife in einem NMI-Handler zerpoken, um sie zu verlassen. Programmabbruch durch Drücken der \u0026ldquo;Restore\u0026rdquo;-Taste, die direkt mit dem NMI-Input des Prozessors verbunden war.\nAll das hat fast gut funktioniert, nur der Klang war grauenhaft. Daniel wurmte das, und irgendwann hatte er alles so satt, daß er für den monströsen Betrag von DM 250 ein russisches Exil-Oszilloskop mit einem ca. 5 cm Schirm auf dem Gebrauchtmarkt erhökerte. Schon 15 Minuten nach dem Anschluss des Gerätes war das Problem klar: Das Levelmeter schneidet die Kurven unten ab, sodass wir immer nur das Intervall zwischen 0 Volt und +x Volt einer Kurve gesampled haben, aber niemals die negativen Teile der Welle.\nDie Einführung einer Potentialkorrektur (Nullpunkt und Amplitude) hat das Problem schnell gelöst und ich schrieb eine Kalibrierungsfunktion: Die gelesenen Zwei-Bit-Werte wurden mit einer Lookuptable in C64 Farbcodes übersetzt und dann in die Kontrollregister für die Hintergrundfarbe geschrieben. Vor der Aufnahme konnte man also an den Kalibrierungspotentiometern drehen und den Farbenrausch auf dem Monitor beeinflussen. Wenn alle Farben in etwa gleich häufig zu sehen waren, war die Aufnahme korrekt ausgesteuert. Der Klang war - zwei Bit oder nicht - großartig!\nIch bastelte meine Aufnahmefunktion in etwas Benutzbares, und darunter verstand ich zur damaligen Zeit eine Basic-Erweiterung für das C64 Basic, Speech Basic . Wir machten eine Demo-Diskette und zogen damit auf der CeBit \u0026lsquo;86 von Zeitschriftenstand zu Zeitschriftenstand. Die Markt und Technik \u0026ldquo;64er\u0026rdquo; Redaktion machte den Sale, und plötzlich stand ich nicht nur vor dem Problem, eine Anleitung für Speech Basic und einen Artikel schreiben zu müssen, sondern auch ein für eine Veröffentlichung geeignetes Foto zu finden. Ersteres Problem war lösbar, das zweite nicht, und so ist der Artikel in der 64er 10/86 mit dem wahrscheinlich hässlichsten Foto gedruckt worden, das je von mir gemacht worden ist.\nDer Speech Basic-Artikel war mein erstes selbst verdientes Geld. Aber damit hörte das nicht auf: Da Speech Basic ja nur mit der Hardware sinnvoll war, die Daniel inzwischen in eine kleine handliche Platine umgewandelt hatte, die an den Joystick-Port zu stecken war, mussten die Leser diese Platine entweder selber bauen oder kaufen. Daniel ließ im Artikel seine Adresse abdrucken und für nur 60 DM konnte man einen Digitizer und eine Diskette mit Speech Basic kaufen. Einige tausend Bestellungen später waren wir, zwei Oberstufenschüler, nach unseren Maßstäben plötzlich verdammt reich. Irgendwann Ende \u0026lsquo;86 hatte ich dann also keinen C64 mehr, sondern konnte auf eine Commodore Amiga umsteigen.\nUnd so kommt es, dass mich das ganze Rechnerzeugs in diesem Monat seit 20 Jahren ernährt. Und in ein paar Jahren blogge ich Euch dann im Rahmen der Reihe \u0026ldquo;Alter Sack bloggt\u0026rdquo; mal, wie es kommt, daß ich seit 20 Jahren online bin.\n","date":"2006-10-26T00:00:00Z","href":"https://blog.koehntopp.info/2006/10/26/mut-64er-10-86.html","tags":["commodore","hardware","kiel","lang_de"],"title":"MuT 64er 10/86"},{"categories":null,"content":"Oprofile ist ein Profiler. Und zwar einer, der die Performance Measurement Instrumentation verwendet, die in moderne CPUs eingebaut ist, wenn diese vorhanden ist. Der Profiler braucht also keine speziell für Profiling compilierten Binaries, sondern zieht sich statische Samples des Programmzählers aus dem laufenden System und analysiert diese: Es findet heraus, welcher Prozeß gerade aktiv ist, welche Bibliothek in diesem Prozeß gerade verwendet wird und wenn Symboltabellen vorhanden sind (Kein \u0026ldquo;strip\u0026rdquo; auf die Bibliothek oder das Programm angewendet), dann weiß Oprofile sogar, welche Funktion oder Methode gerade aktiv ist.\nDas kann man auch auf ein laufendes MySQL anwenden. Dies hier zum Beispiel ist ein mysqld, der mit einem Haufen MyISAM Tabellen arbeitet und nicht zu busy ist. Man kann sehen, daß aus irgendeinem Grund sehr viel Zeit in memcpy verbracht wird:\nCPU: CPU with timer interrupt, speed 0 MHz (estimated) Profiling through timer interrupt samples % image name symbol name 197404 22.4460 libc-2.3.4.so memcpy 165764 18.8484 no-vmlinux (no symbols) 76051 8.6475 mysqld.debug _mi_rec_unpack 30059 3.4179 mysqld.debug Query_cache::insert_into_free_memory_sorted_list(Query_cache_block*, Query_cache_block**) 17468 1.9862 mysqld.debug get_hash_link 16767 1.9065 mysqld.debug ha_key_cmp 14106 1.6039 mysqld.debug MYSQLparse(void*) Ein anderes Anwendungsbeispiel verwendet InnoDB mit Transaktionen und einer sehr hohen Load. Hier kann man das Problem sofort erkennen:\nCPU: AMD64 processors, speed 2396.91 MHz (estimated) Counted CPU_CLK_UNHALTED events (Cycles outside of halt state) with a unit mask of 0x00 (No unit mask) count 100000 samples % image name symbol name 1955062 34.3586 /usr/sbin/mysqld Query_cache::insert_into_free_memory_sorted_list(Query_cache_block*, Query_cache_block**) 192481 3.3827 /usr/sbin/mysqld my_strnncoll_binary 155920 2.7402 /usr/sbin/mysqld MYSQLparse(void*) 125545 2.2063 /usr/sbin/mysqld my_hash_sort_bin 95069 1.6708 /lib64/tls/libc.so.6 memcpy 79791 1.4023 /lib64/tls/libc.so.6 memset Offensichtlich ist der Query Cache hier nicht sehr nützlich und tatsächlich: Kaum schaltet man ihn aus, wird der Benchmark 50% schneller.\nHier eine schnelle Kommandoübersicht:\nyum install oprofile (oder was immer das aktuelle System gerade als Paketmanager verwendet) opcontrol --init Kernel Modul wird geladen opcontrol --setup --separate=lib,kernel,thread --no-vmlinux Wir teilen dem System mit, wie es Daten sammeln soll. Das CentOS her hat kein vmlinux Kernel Image. Wenn jemand weiß wie man ein vmlinuz in ein vmlinux umwandelt, würde ich das gerne wissen. opcontrol --start-daemon Dann laden wir den Daemon vor, der die Performancedaten sammelt, damit es später die Meßdaten nicht verfälscht\u0026hellip; ps axuwww| grep opro Schnell prüfen, ob der Daemon läuft\u0026hellip; opcontrol --start Datensammlung starten opcontrol --dump Daten auf die Platte zwingen (sie werden sowieso in regelmäßigen Intervallen gedumpt) opreport --demangle=smart --symbols --long-filenames --merge tgid $(which mysqld) | less Und nun einen Report wie die beiden da oben erzeugen. opcontrol --stop Profiling anhalten opcontrol --deinit Daemon stoppen opcontrol --reset Gesammelte Daten löschen und den Plattenplatz wieder freigeben. ","date":"2006-10-14T00:00:00Z","href":"https://blog.koehntopp.info/2006/10/14/mysql-performanceprobleme-mit-einem-profiler-analysieren.html","tags":["mysql","performance","lang_de"],"title":"MySQL Performanceprobleme mit einem Profiler analysieren"},{"categories":null,"content":"Google Pressemeldung :\nGoogle Inc. announced today that it has agreed to acquire YouTube, the consumer media company for people to watch and share original videos through a Web experience, for $1.65 billion in a stock-for-stock transaction. Following the acquisition, YouTube will operate independently to preserve its successful brand and passionate community.\nBezahlt wurden 1.65 Milliarden US-Dollar in Aktien.\n","date":"2006-10-10T00:00:00Z","href":"https://blog.koehntopp.info/2006/10/10/google-kauft-youtube.html","tags":["computer","google","lang_de"],"title":"Google kauft YouTube"},{"categories":null,"content":"\u0026lt; Ein MSA-30 Array mit 14 Platten.\nLiebes Tagebuch!\nHeute bin ich gegen eine HP 585 und zwei MSA 30 angetreten und ich bin mir nicht ganz sicher, wer gewonnen hat. Aber laß mich von vorne erzählen.\nWie Du weißt, liebes Tagebuch, berechnet sich die Anzahl der Zugriffe, die man von einer einzelnen Platte pro Sekunde erwarten kann, wie folgt: 1000 ms/(Average Seek Time in ms + Rotational Delay in ms + Transfer Time in ms). Die Average Seek Time kann bei einer guten Platte schon mal 4 ms klein sein, bei schlechten Platten auch mal 8 ms groß.\nDie Rotational Delay ist bei 18000 rpm bei 300 Umdrehungen pro Sekunde, als 600 Halbdrehungen pro Sekunde oder 1/600 Sekunde = 1.6 ms. Bei Laptop-Platten mit 6000 rpm ist sie dreimal größer, also 5 ms. Die Transfer Time kann man für den Rest der Betrachtungen auch getrost vergessen. Somit haben wir eine Access Time von insgesamt 5 ms bis 12 ms rauf. Das übersetzt sich zu 200 bis 80 Writes/Seeks/Commits pro Sekunde. Von so einer Platte aus einem MSA 30 würde ich eher 200 als 80 Operationen pro Sekunde erwarten.\nDa stand sie nun also, die Hardware: Eine HP 585 mit 32 GB RAM und 2 Dual-Core Opteron @ 2.6 GHz, zwei 6402 Controllern und zwei Dual-Channel MSA 30 mit jeweils 14 72 GB Platten. Und wegen der spezifischen Verteilung der Controller und Channels ließen sich die beiden MSA 30 nicht zu einem 28 Disk Hardware RAID-10 zusammenfassen. Also haben wir angefangen zu experimentieren und zu messen. Die Ergebnisse waren sehr merkwürdig.\nWir haben uns das so überlegt, liebes Tagebuch: Wenn man schon kein Hardware RAID-10 mit allen 28 Platten bauen kann, dann kann man sich immerhin 14 Hardware-RAID-1 Paare stricken und die dann in ein Linuxraid als RAID-0 stopfen. Gesagt, getan: Ins Menü, durch die Controller jongliert und die Plattenarrays wie wild blinken lassen - HP macht ja sehr unmissverständlich klar, welche Platte man gerade wie am Wickel hat.\nAm Ende ins Linux booten und da waren sie dann: /dev/cciss/c1d0-c1d6 und /dev/cciss/c2d0-c2d6: 14 RAID-1 Paare. Ein mdadm -C -l0 --chunk=128k /dev/md0 --raid-devices 14 /dev/cciss/c[12]d* später hatten wir dann ein /dev/md0 mit 14 Paaren. Das wollten wir nun nackig machen, also mkfs /dev/md0 und mount /dev/md0 /data0 und dann [iozone](http://www.iozone.org) -i0 -i2 -O -I -s4g -r128k -f /data0/blah da drauf.\nStell Dir unsere Enttäuschung vor, liebes Tagebuch:\niozone -i0 -i1 -i2 -O -I -s4g -r128k -f /data0/blah Iozone: Performance Test of File I/O Version $Revision: 3.263 $ Compiled for 64 bit mode. Build: linux Contributors:William Norcott, Don Capps, Isom Crawford, Kirby Collins Al Slater, Scott Rhine, Mike Wisner, Ken Goss Steve Landherr, Brad Smith, Mark Kelly, Dr. Alain CYR, Randy Dunlap, Mark Montague, Dan Million, Jean-Marc Zucconi, Jeff Blomberg, Erik Habbinga, Kris Strecker, Walter Wong. Run began: Fri Feb 17 03:20:20 2006 OPS Mode. Output is in operations per second. O_DIRECT feature enabled File size set to 4194304 KB Record Size 128 KB Command line used: iozone -i0 -i1 -i2 -O -I -s4g -r128k -f /data0/blah Time Resolution = 0.000001 seconds. Processor cache size set to 1024 Kbytes. Processor cache line size set to 32 bytes. File stride size set to 17 * record size. random random KB reclen write rewrite read reread read write 4194304 128 999 1165 1126 1131 246 1107 Ich meine, wenn ich pro Platte 200 w/s rechne und von einem RAID-1 mit serieller Write-Policy ausgehe, dann erwarte ich auch von einem RAID-1 Paar mal eben 200 w/s, oder von 14 Paaren also 2800 w/s. Bekommen habe ich nur 1107 w/s Random-I/O. Das ist aber mächtig schlapp, nur 40 % der projektierten Performance.\nWir haben dann mal ein wenig gespielt:\n1 Paar (Hardware RAID, ohne Linuxraid) bringt 198 w/s, also genau wie die theoretische Vorhersage. 2 Paare (Hardware RAID, interner Controller, ohne Linuxraid) bringt nur 336 w/s (84%). Keine Ahnung, was die Chunksize hier war. 7 Paare linear vom ersten /dev/cciss/c1d* genommen bringen 808 w/s (57%). 7 Paare sortiert (c1d0, c2d0, c1d4, c2d4, c1d2, c2d2, c1d6) bringen 1382 w/s (99%). Fein! 14 Paare linear (/dev/cciss/c[12]d*) bringen wie gesagt nur 1107 w/s (40%). 14 Paare sortiert (c1d0, c2d0, c1d6, c2d6, c1d1, c2d1, c1d5, c2d5, usw) bringen immerhin 1434 w/s (51.2%).\nAber damit nicht genug, liebes Tagebuch! Ich habe noch ein weiteres Mysterium für heute: iostat -x meint während des 7 Paare Linear-Tests so Dinge wie\nDevice: rrqm/s wrqm/s r/s w/s rsec/s wsec/s rkB/s wkB/s avgrq-sz avgqu-sz await svctm %util cciss/c0d0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c1d0 0.00 3.00 0.00 307.00 0.00 38696.00 0.00 19348.00 126.05 0.14 2.22 0.46 14.20 cciss/c2d0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 md0 0.00 0.00 0.00 2275.00 0.00 283392.00 0.00 141696.00 124.57 0.00 0.00 0.00 0.00 cciss/c1d1 0.00 6.00 0.00 320.00 0.00 38608.00 0.00 19304.00 120.65 0.21 0.65 0.63 20.20 cciss/c1d2 0.00 9.00 0.00 342.00 0.00 42416.00 0.00 21208.00 124.02 0.23 0.66 0.64 22.00 cciss/c1d3 0.00 0.00 0.00 335.00 0.00 44280.00 0.00 22140.00 132.18 0.23 0.69 0.67 22.60 cciss/c1d4 0.00 0.00 0.00 318.00 0.00 39904.00 0.00 19952.00 125.48 0.22 0.70 0.68 21.60 cciss/c1d5 0.00 5.00 0.00 309.00 0.00 39568.00 0.00 19784.00 128.05 0.21 0.68 0.66 20.40 cciss/c1d6 0.00 9.00 0.00 311.00 0.00 39920.00 0.00 19960.00 128.36 0.27 0.86 0.84 26.10 cciss/c2d1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c2d2 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c2d3 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c2d4 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c2d5 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c2d6 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 Das heißt in Deutsch: Man kann sehen, wie die Platte c1d0-c1d6 hier angeblich um die 320 w/s machen und damit dann noch schon ganze 20 % ausgelastet sind (nein, die ganzen CPUs sind nicht busy). Die angeblich 2275 w/s zu 128k average request size übersetzen sich dann aber in iozone nachher zu 808 w/s.\nDasselbe hier:\nDevice: rrqm/s wrqm/s r/s w/s rsec/s wsec/s rkB/s wkB/s avgrq-sz avgqu-sz await svctm %util cciss/c0d0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c1d0 0.00 4.33 0.00 387.33 0.00 48373.33 0.00 24186.67 124.89 0.20 0.51 0.50 19.20 cciss/c2d0 0.00 5.67 0.00 402.67 0.00 51010.67 0.00 25505.33 126.68 0.19 0.47 0.45 18.23 md0 0.00 0.00 0.00 2825.67 0.00 352170.67 0.00 176085.33 124.63 0.00 0.00 0.00 0.00 cciss/c1d1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c1d2 0.00 5.67 0.00 404.00 0.00 50626.67 0.00 25313.33 125.31 0.21 0.52 0.50 20.17 cciss/c1d3 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c1d4 0.00 6.67 0.00 417.00 0.00 51613.33 0.00 25806.67 123.77 0.21 0.49 0.47 19.80 cciss/c1d5 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c1d6 0.00 6.00 0.00 386.33 0.00 49277.33 0.00 24638.67 127.55 0.27 0.69 0.68 26.20 cciss/c2d1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c2d2 0.00 6.00 0.00 386.33 0.00 49557.33 0.00 24778.67 128.28 0.18 0.48 0.47 17.97 cciss/c2d3 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c2d4 0.00 4.00 0.00 404.00 0.00 51712.00 0.00 25856.00 128.00 0.19 0.48 0.47 18.93 cciss/c2d5 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 cciss/c2d6 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 Das ist die lustige nicht lineare 7-Paar Config in Aktion. Wir sehen 2825 w/s auf dem md0, die später als 1382 w/s vom iozone bilanziert werden. Nun frage ich mich, liebes Tagebuch: Wer hat recht?\nAch ja, und außerdem, liebes Tagebuch, das dritte Mysterium dieses Tages: Wieso saugt meine Read-Performance so? Ich meine, 246 r/s sind echt kaputt, -I (O_DIRECT) oder nicht.\nMorgen, liebes Tagebuch, machen wir dann mal ein Hardware RAID-10 mit einem Array und einem Controller, also 7 Paare Hardware RAID-0 in einer linearen Config. Mal sehen, was wir dann so für Messwerte bekommen.\n","date":"2006-10-04T00:00:00Z","href":"https://blog.koehntopp.info/2006/10/04/kris-vs-2xmsa-30.html","tags":["database","hardware","mysql","lang_de"],"title":"Kris vs. 2xMSA 30"},{"categories":null,"content":"Markus fragt:\nDurch \u0026hellip; wechseln wir gerade unseren Root-Server. Dort habe ich bereits das Gentoo-Basissystem am fluppen. Bei der Umstellung möchte ich gleich von MySQL 4 auf 5 wechseln.Dabei stellt sich die Frage, ob ich das System nicht gleich von latin1 auf utf-8 umstellen soll. Sollte ich lieber bei latin1 bleiben und alles so migrieren oder doch den großen Wurf zu utf-8 wagen?\nDie Frage habe ich ihm schon beantwortet, aber versprochen, das Thema noch einmal im Blog \u0026ldquo;in groß\u0026rdquo; durchzudeklinieren. Hier also der Zeichensatz-Artikel redone.\nZeichensatztheorie Zusammenhänge zwischen den Begriffen.\nEin Zeichensatz (\u0026ldquo;CHARACTER SET\u0026rdquo;) ist eigentlich ein Symbolvorrat, also eine Liste von Symbolen, die in einer bestimmten Sammlung enthalten sind. Ein Zeichensatz ist damit ein ganz und gar abstraktes und nahezu nutzloses Ding. Das einzige, was man mit einem Zeichensatz alleine tun kann, ist zu entscheiden, ob ein bestimmtes Symbol in einem bestimmten Kontext erlaubt ist oder nicht.\nDamit die Symbole druckbar werden, benötigt man einen Font. So ist zum Beispiel dies hier \u0026ldquo;ö\u0026rdquo; ein LOWER CASE O-UMLAUT in Arial und \u0026ldquo;ö\u0026rdquo; dasselbe Symbol in einem anderen Font, Times New Roman.\nDamit Symbole von Computern verarbeitbar werden, benötigen sie eine binäre Repräsentation, ein Encoding. In meinem Terminal, konsole, wird standardmäßig das utf8-Encoding verwendet. Der Text \u0026ldquo;Köhntopp\u0026rdquo; wird dabei durch die Hex-Folge \u0026ldquo;4b c3 b6 68 6e 74 6f 70 70\u0026rdquo; repräsentiert, das LOWER CASE o-UMLAUT wird als C3 B6 codiert.\nkris@linux:~\u0026gt; od -t x1a Köhntopp 0000000 4b c3 b6 68 6e 74 6f 70 70 0a K C 6 h n t o p p nl 0000012 Nach dem Aufruf von Settings-\u0026gt;Encoding-\u0026gt;Iso-8859-1 hat sich das Encoding geändert und derselbe Text wird jetzt durch die Bytes \u0026ldquo;4b f6 68 6e 74 6f 70 70 0a\u0026rdquo; repräsentiert. Der LOWER CASE o-UMLAUTE ist nun also ein F6-Byte.\nkris@linux:~\u0026gt; od -t x1a Köhntopp 0000000 4b f6 68 6e 74 6f 70 70 0a K v h n t o p p nl 0000011 Wenn man zwei Zeichenfolgen vergleichen oder ordnen (sortieren) will, dann braucht man eine zu dem Encoding passende Collation. Eine Collation kann man sich als eine normierte Codierung eines Encodings vorstellen, das für Vergleichs- und Sortierzwecke verwendet wird.\nDie MySQL-Collation latin1_german1_ci erzeugt aus \u0026ldquo;Köhntopp\u0026rdquo; zum Beispiel \u0026ldquo;kohntopp\u0026rdquo; und verwendet diesen String dann, um ihn mit anderen Strings zu vergleichen und zu sortieren. Abgespeichert wird allerdings immer der Originalwert, also \u0026ldquo;Köhntopp\u0026rdquo;. Eine andere Collation, latin1_german2_ci, würde den Text \u0026ldquo;Köhntopp\u0026rdquo; stattdessen intern in \u0026ldquo;koehntopp\u0026rdquo; umwandeln, bevor verglichen und sortiert wird (aber ebenso \u0026ldquo;Köhntopp\u0026rdquo; abspeichern).\nZeichensätze im Server Aus irgendeinem Grund nennt MySQL ein Encoding einen CHARACTER SET oder CHARSET. Die im Server verfügbaren Encodings können mit SHOW CHARSET aufgelistet werden. Sie sind auch in INFORMATION_SCHEMA.CHARACTER_SETS verfügbar. In beiden Fällen gibt die Spalte \u0026ldquo;Maxlen\u0026rdquo; an, wieviele Bytes ein Zeichen in diesem Zeichensatz maximal verbrauchen kann.\nDie Liste der vom Server unterstützten Collations kann man mit SHOW COLLATION anzeigen. Sie ist auch als INFORMATION_SCHEMA.COLLATIONS abrufbar. Eine Collation ist nur im Zusammenhang mit einem Encoding sinnvoll, daher muß diese Tabelle mit der INFORMATION_SCHEMA.CHARACTER_SETS über die n:m Beziehung INFORMATION_SCHEMA. COLLATION_CHARACTER_SET_APPLICABILITY verknüpft werden (oder man verwendet SHOW COLLATION LIKE \u0026lsquo;\u0026hellip;%\u0026rsquo;).\nEncoding und Collation festlegen Jeder String in MySQL ist mit einem Encoding und einer Collation markiert. Für Datenbankobjekte geschieht dies auf der Spaltenebene: Eine Spalte mit CHAR, VARCHAR oder einem TEXT-Typ ist immer auch mit einem CHARSET und einer COLLATION versehen.\nGibt man diese nicht ausdrücklich an, so wird der CHARSET und die COLLATION der Tabelle, in der diese Spalte enthalten ist, nach unten vererbt. Und natürlich erbt die Tabelle CHARSET und COLLATION von der DATABASE, die diese wiederum von den Server Defaults vererbt.\nMan kann also in der my.cnf festlegen:\n[mysqld] default-character-set=latin1 default-collation=latin1_german1_ci Man kann auch beim Anlegen eines Schemas (einer logischen Datenbank) festlegen:\nroot@localhost [(none)]\u0026gt; create database kris charset latin1 collate latin1_german1_ci; Query OK, 1 row affected (0.00 sec) root@localhost [(none)]\u0026gt; show create database kris\\G Database: kris Create Database: CREATE DATABASE `kris` /*!40100 DEFAULT CHARACTER SET latin1 COLLATE latin1_german1_ci */ 1 row in set (0.00 sec) Für eine Tabelle und deren Spalten kann man bestimmen:\nroot@localhost [kris]\u0026gt; create table t ( id integer unsigned not null auto_increment primary key, c char(20) charset utf8 collate utf8_general_ci, d varchar(20) charset cp850 collate cp850_general_ci, t text charset latin1 collate latin1_german1_ci ) charset latin1 collate latin1_general_ci; Query OK, 0 rows affected (0.01 sec) root@localhost [kris]\u0026gt; show create table t\\G Table: t Create Table: CREATE TABLE `t` ( `id` int(10) unsigned NOT NULL auto_increment, `c` char(20) character set utf8 default NULL, `d` varchar(20) character set cp850 default NULL, `t` text character set latin1 collate latin1_german1_ci, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci 1 row in set (0.00 sec) Die Verbindung, die der Client zur Datenbank aufbaut, muß ebenfalls mit einem Encoding und einer Collation getagged sein, denn wenn man beispielsweise ein LOWER CASE o-UMLAUT von einem utf8-Terminal in kirs.t.t einfügen will, dann muß dieses Symbol ja von utf8 (C3B6) nach latin1 (F6) gewandelt werden.\nMan kann default-character-set und default-encoding in der [mysql]-Sektion seiner my.cnf festlegen, oder sie mit SET NAMES später umstellen.\nIndem ich in konsole Settings-\u0026gt;Encoding-\u0026gt;utf8 einstelle und dann SET NAMES utf8 im Kommandozeilenclient von MySQL mache, sende ich nicht nur utf8, sondern habe den Client auch über diese Tatsache informiert.\nroot@localhost [kris]\u0026gt; set names utf8; Query OK, 0 rows affected (0.00 sec) root@localhost [kris]\u0026gt; select hex(\u0026#34;ö\u0026#34;); +-----------+ | hex(\u0026#34;ö\u0026#34;) | +-----------+ | C3B6 | +-----------+ 1 row in set (0.00 sec) Stelle ich in konsole Settings-\u0026gt;Encoding-\u0026gt;latin1 ein und sende SET NAMES latin1, dann bekomme ich:\nroot@localhost [kris]\u0026gt; set names latin1; Query OK, 0 rows affected (0.00 sec) root@localhost [kris]\u0026gt; select hex(\u0026#34;ö\u0026#34;); +----------+ | hex(\u0026#34;ö\u0026#34;) | +----------+ | F6 | +----------+ 1 row in set (0.00 sec) Warum ist das wichtig und nützlich? Nun, wenn ich mit meinem utf8-Client an die Datenbank gehe und Daten nach kris.t.t speichere, was wird dann geschehen?\nroot@localhost [kris]\u0026gt; set names utf8; Query OK, 0 rows affected (0.00 sec) root@localhost [kris]\u0026gt; select hex(\u0026#34;ö\u0026#34;); +-----------+ | hex(\u0026#34;ö\u0026#34;) | +-----------+ | C3B6 | +-----------+ 1 row in set (0.00 sec) root@localhost [kris]\u0026gt; insert into kris.t (t) values (\u0026#34;ö\u0026#34;); Query OK, 1 row affected (0.00 sec) root@localhost [kris]\u0026gt; select hex(t), t from kris.t; +--------+------+ | hex(t) | t | +--------+------+ | F6 | ö | +--------+------+ 1 row in set (0.00 sec) Ich habe also einen Client, der utf8 spricht und sendet. Das kann ich kontrollieren (\u0026ldquo;set names utf8\u0026rdquo;) und beweisen (Ich bekomme ein C3B6). Speichere ich dieses utf8-codierte Symbol in eine Spalte, die als latin1-codiert markiert ist, wird MySQL das Encoding des Symbols anpassen und den richtigen Code (F6) speichern. Ich kann das beweisen, indem ich hex(spaltenname) und spaltenname aus der Tabelle selektiere: Es wurde tatsächlich ein LOWER CASE o-UMLAUT in latin1 encoding gespeichert, und obwohl das so gespeichert wurde, wird mir ein ö in meinem utf8-Terminal angezeigt - der Wert wurde also für meine Verbindung auch wieder zurück gewandelt!\nEinen Dump laden Wenn man einen alten MySQL 4.0 mysqldump hat, dann sind in diesem Datenbank- und Tabellendefinitionen ohne Zeichensatzangaben enthalten. Man muß in diesem Fall vor dem Import in einen neueren Server die Defaults korrekt setzen. Korrekt bedeutet hier: So, daß die Datenbanken und Tabellen mit den Character Sets und Collations anlegegt werden, die man haben will. Am einfachsten erreicht man das, indem man das CREATE DATABASE-Statement im Dump sucht und passend editiert. Diese Defaults werden dann ja auf alle anderen Objekte herunter vererbt.\nDie Connection, mit der der Dump eingelesen wird, muß außerdem mit der passenden Character Set-Information versehen werden. Dazu bestimmt man den Character Set im Dumpfile, indem man dieses durch \u0026ldquo;od -t x1a\u0026rdquo; filtert und mal nach einigen Umlauten sucht. Welcher Zeichensatz wird im Dumpfile verwendet?\nDieser Zeichensatz muß dann für das Einlesen des Dumps verwendet werden. Am einfachsten fügt man ein passendes SET NAMES-Statement in das Dumpfile ein.\n-- -- Table structure for table `t` -- DROP TABLE IF EXISTS `t`; CREATE TABLE `t` ( `id` int(10) unsigned NOT NULL, `c` char(20) default NULL, `d` varchar(20) default NULL, `t` text, PRIMARY KEY (`id`) ) TYPE=MyISAM; -- -- Dumping data for table `t` -- /*!40000 ALTER TABLE `t` DISABLE KEYS */; LOCK TABLES `t` WRITE; INSERT INTO `t` VALUES (1,NULL,NULL,\u0026#39;ö\u0026#39;); UNLOCK TABLES; /*!40000 ALTER TABLE `t` ENABLE KEYS */; ... linux:/export/data/charset # od -t x1a kris.sql ... 0001560 53 20 28 31 2c 4e 55 4c 4c 2c 4e 55 4c 4c 2c 27 S sp ( 1 , N U L L , N U L L , \u0026#39; 0001600 f6 27 29 3b 0a 55 4e 4c 4f 43 4b 20 54 41 42 4c v \u0026#39; ) ; nl U N L O C K sp T A B L ... Wir können nun leicht dieses Dumpfile um ein \u0026ldquo;CREATE DATABASE kris CHARSET utf8 COLLATE utf8_general_ci\u0026rdquo; ergänzen und ein \u0026ldquo;SET NAMES latin1\u0026rdquo; zufügen. Dadurch bekommen wir eine Datenbank kris, die Zeichen in utf8 speichert. Da die Verbindung auf latin1 gesetzt wird, wird beim Einlesen der korrekte Zeichensatz für den Dump verwendet und alle Daten werden beim Lesen und Speichern von latin1 nach utf8 gewandelt. Für die Clients, die die Daten später verwenden, ist dies irrelevant: Sie legen mit SET NAMES fest, in welchem Zeichensatz sie die Ergebnisse bekommen wollen und MySQL wird die Zeichen bei der Ausgabe entsprechend den Wünschen der Clients umwandeln.\nSelber wandeln Eine Stringkonstante kann in MySQL mit einem Encoding prefixed werden.\nroot@localhost [kris]\u0026gt; select _utf8\u0026#39;Köhntopp\u0026#39;; +-----------+ | Köhntopp | +-----------+ | Köhntopp | +-----------+ 1 row in set (0.00 sec) Dies ist dasselbe wie \u0026ldquo;SELECT \u0026lsquo;Köhntopp\u0026rsquo;\u0026rdquo;, nur daß der Zeichensatz ausdrücklich an den Ausdruck geklebt wird und nun vom SET NAMES verschieden sein kann.\nWir können auch Daten in andere Zeichensätze umwandeln:\nroot@localhost [kris]\u0026gt; select hex(convert(\u0026#39;Köhntopp\u0026#39; using latin1)) as Beispiel; +------------------+ | Beispiel | +------------------+ | 4BF6686E746F7070 | +------------------+ 1 row in set (0.03 sec) Hier ist mein utf8-Köhntopp aus der Connection in ein latin1-Köhntopp mit F6-Umlaut umgewandelt worden.\nDie Kosten von utf8 Unicode ist ein Zeichensatz mit mehr als 256 Zeichen und utf8 ist ein Multibyte-Encoding für diesen Zeichensatz, in dem Zeichen eine variable Länge haben können. Einige Symbole (\u0026ldquo;a\u0026rdquo;, \u0026ldquo;Z\u0026rdquo;) werden als einzelne Bytes codiert, andere (\u0026ldquo;ö\u0026rdquo;) als Folgen von Bytes. Der Subset von Unicode, der von MySQL unterstützt wird, kann bis zu 3 Byte für ein Zeichen verbrauchen. Daher wird der Zeichensatz mit einer Maxlen von 3 in \u0026ldquo;SHOW CHARSET\u0026rdquo; markiert.\nEin anderes Encoding von Unicode ist ucs2: Während utf8 von Unix und Java verwendet wird, wird ucs2 von Windows-Systemen bevorzugt. ucs2 codiert alle Unicode-Zeichen gleich lang, und verwendet für den Subset von Unicode, der hier unterstützt wird, immer 2 Bytes. Die angezeigte Maxlen ist also 2.\nHier alle drei Encodings im Vergleich:\nroot@localhost [kris]\u0026gt; select hex(convert(\u0026#34;Köhntopp\u0026#34; using ucs2)) as x; +--------------------------------------+ | x | +--------------------------------------+ | 004B00F60068006E0074006F00700070 | +--------------------------------------+ 1 row in set (0.00 sec) root@localhost [kris]\u0026gt; select hex(convert(\u0026#34;Köhntopp\u0026#34; using latin1)) as x; +----------------------------------------+ | x | +----------------------------------------+ | 4BF6686E746F7070 | +----------------------------------------+ 1 row in set (0.00 sec) root@localhost [kris]\u0026gt; select hex(\u0026#34;Köhntopp\u0026#34;) as x; +--------------------+ | x | +--------------------+ | 4BC3B6686E746F7070 | +--------------------+ 1 row in set (0.00 sec) In MySQL wird ein CHAR(20) definiert als ein String von Zeichen Zeichen. Ein Zeichen kann mehr als ein Byte haben, also werden maxlen * Stringlänge Bytes Platz verbraucht. Ein utf8-CHAR(20) braucht also 60 Byte.\nEin VARCHAR(20) ist ein String mit einer Längenkennung und dann so vielen Bytes Speicher, wie der String tatsächlich lang ist. Ein utf8-VARCHAR(20) kann also zwischen 1 und 60 Byte Speicher plus die Längenkennung (1 Byte, ggf. 2 Bytes) verbrauchen.\nIndexrecords in MyISAM haben jedoch eine feste Länge. Ein Index auch ein utf8-VARCHAR(20) belegt also immer 60 Byte plus die Länge für den Row Pointer (per Default 6 Byte pro zu bezeigendem Record).\nAußerdem ist die Anzahl der Bytes, nicht Zeichen in einem Index limitiert: Generell kann ein Index bis zu 1024 Bytes, in InnoDB sogar nur 767 Bytes enthalten. In utf8 wird dies also zu 343 bzw. zu 255 Zeichen.\nDie Empfehlung lautet also:\nDefiniere den Server, das Schema und jede Tabelle immer mit einem passenden Einbyte-Zeichensatz, z.B. latin1. Definiere dann die Connection mit welchem Zeichensatz auch immer. Das kann auch utf8 sein, obwohl das Schema latin1 verwendet. Definiere alle Spalten, die einen anderen als den latin1-Zeichensatz benötigen, wenn möglich mit dem passenden Einbyte-Zeichensatz der Sprache - türkische Spalten also als latin5 und russische Spalten als latin2. Definiere Spalten, die wirklich mehrsprachig sind, und nur diese, als utf8. Beachte den Mehrverbrauch an Speicher für Indices und CHAR. ","date":"2006-10-01T00:00:00Z","href":"https://blog.koehntopp.info/2006/10/01/mysql-zeichensatz-grundlagen.html","tags":["mysql","lang_de"],"title":"MySQL: Zeichensatz-Grundlagen"},{"categories":null,"content":"Deutsche Politiker haften nicht für die Produkte ihrer Arbeit. Dadurch unterscheidet sich ihre Tätigkeit von der so ziemlich aller anderen Leute. Unsere Politiker haben ein Gesetz über die Deutsche Nationalbibliothek beschlossen, das am 22. Juni diesen Jahres verkündet worden ist. Das Gesetz ist offensichtlich in grandiosem Unverständis über die Natur des Netzes gemacht worden, aber wer nicht haftet, darf halt auch öffentlich dumm sein.\nSchauen wir also mal:\nIn §14 definiert dieses Gesetz eines Ablieferungspflicht für Medienwerke, die nach §14 (3) auch Webseiten (\u0026ldquo;Medienwerke in unkörperlicher Form\u0026rdquo;) erfaßt. §14 (4) legt fest, daß die Ablieferung binnen einer Woche zu erfolgen hat. §15 legt fest, daß der Ablieferungspflichtige derjenige ist, der berechtigt ist, das Medienwerk zu verbreiten oder öffentlich zugänglich zu machen, für dieses Blog also ich. §16 definiert, daß die Ablieferung unentgeltlich und auf eigene Kosten bei der Deutschen Nationalbibliothek zu erfolgen habe, wobei Medienwerke in unkörperlicher Form auch zur Abholung bereitgestellt werden können. Dann hat die Bereitstellung allerdings nach den Maßgaben der Bibliothek zu erfolgen.\n§19 legt fest, daß es eine Ordnungswidrigkeit ist, das Medienwerk nicht, nicht rechtzeitig oder nicht in der vorgeschriebenen Weise abzuliefern - bewehrt mit einer Geldbuße von bis zu €10000.\nEine Mail an die DNB ist raus, ich warte auf die Antwort.\nArtikel in der HAZ Artikel in der SZ Kontaktaufnahme mit der DNB (via Müsli ) c\u0026rsquo;t Artikel (via Jürgen aus den Kommentaren)\n","date":"2006-09-22T00:00:00Z","href":"https://blog.koehntopp.info/2006/09/22/gesetz-ber-die-deutsche-nationalbibliothek.html","tags":["media","politik","web","lang_de"],"title":"Gesetz über die Deutsche Nationalbibliothek"},{"categories":null,"content":"Nachtrag zu GPL in Deutschland vor Gericht durchgesetzt :\nHarald Weltes Blog zum Thema gpl-violations.org Press Release Urteilsbegründung (hier im Volltext als PDF ) Groklaw Artikel Golem Artikel Heise Artikel Aus der Urteilsbegründung:\nDie GPL ist auf das Rechtverhältnis zwischen den Urhebern und der Beklagten anwendbar. Die drei Softwareprogramme [ msdosfs, initrd und mtd ] werden unstreitig ausschließlich unter den Bedingungen der GPL lizensiert. Im Fall der freien Software ist anzunehmen, daß der Rechteinhaber durch die unterstellung des Programms unter die GPL ein ANgebot an einen bestimmten Personenkreis abgibt, das von den Nutzern durch Vornahme der zustimmungsbedürftigen Handlung angenommen wird; insoweit wird man von einem Verzicht auf den Zugang der Annahmeerklärung (§151 BGB) ausgehen können.Zudem könnte sich der Beklagte dann, wenn die GPL nicht durch Einbeziehung auf das Rechtsverhältnis anwendbar wäre, auf keinerlei Berechtigung zur Vervielfältigung, Verbreitung und Veränderung der drei Softwareprogramme berufen, so daß ebenfalls eine Urheberrechtsverletzung zu bejahen wäre. Insbesondere kann in den Bedingungen der GPL keinesfalls ein Verzicht auf Urheberrechte und urheberrechtliche Rechtspositionen gesehen werden. Denn die GPL sieht gerade vor, daß die zunächst jedermann erteilte Nutzungs-, Bearbeitungs- und Verbreitungsfreiheit durch die Einräumung eines nichtausschließlichen Nutzungsrechts bei Verstoß gegen die GPL automatisch erlischt (vgl. Dreier/Schulze, aaO, §69a, Rz. 11)\u0026hellip;.Gemaß Ziff 4. der GPL \u0026hellip; fällt das zunächst gewährte Nutzungsrecht automatisch an den Urheber zurück, wenn der Nutzer gegen die in Ziff. 2 der GPL niedergelegten Verhaltenspflichten verstößt. Die dortigen Verhaltenspflichten sehen insbesondere vor, daß der Nutzer mit jeder Kopie einen Haftungsausschluß veröffentlicht, auf die GPL hinweist und einen Lizenztext beifügt sowie den Sourcecode des Programmes offen legt.\n","date":"2006-09-22T00:00:00Z","href":"https://blog.koehntopp.info/2006/09/22/urteilsbegr-ndung-zu-gpl-in-deutschland-vor-gericht-durchgesetzt.html","tags":["copyright","free software","lizenz","politik","lang_de"],"title":"Urteilsbegründung zu GPL in Deutschland vor Gericht durchgesetzt"},{"categories":null,"content":"Kommentar zu GPL in Deutschland vor Gericht durchgesetzt.\nIch glaube nicht das bei der BSD Lizenz ein Konstruktionsfehler vorliegt. Ich denke, es war beabsichtigt das auch \u0026ldquo;Codeklauer\u0026rdquo; damit Geld verdienen können. Man könnte auch sagen, das dies die wahre Freiheit ist. Übrigens kann mit GPL Software auf ähnlicher Weise Geld verdient werden. Was machen denn die Distributoren, auch wenn das jetzt etwas überspitzt ist. Es wird niemand daran gehindert GPL Software zu verkaufen. Sie müssen nur die GPL einhalten, was bedeutet die Lizenz mitliefern und dürfen die Hinweise auf die GPL im Code nicht entfernen.\nDer wesentliche Punkt der GPL ist ein anderer: Unter der GPL muss man den Quelltext - so wie er verwendet worden ist, um das eigene Produkt zu bauen - mitliefern. Mit allen Rechten und gegebenenfalls mit allen Tools, die dazu notwendig sind.\nBei der GPL geht es nicht um Geld - es ist vollkommen egal, ob das Produkt, das Du gebaut hast, von Dir für Geld verkauft wird, oder ob Du für Geld Support dazu verkaufst oder was auch immer. Wenn Du in Deinem Produkt aber (im selben Prozessraum) GPL-Code verwendest, dann muss Dein Produkt auch unter der GPL stehen und um der GPL zu genügen, musst Du den Quelltext und die Werkzeuge zum Bauen mitliefern.\nDie GPL ist die sich selbst schützende Allmende: Du darfst Code aus dem Gemeinschaftspool für Deine Zwecke frei verwenden, aber nur, um damit wieder Code zu erzeugen, der hinterher unter genau denselben Rechten Bestandteil des Pools wird.\nDie Allmende, Commons, war die Gemeinschaftsweide des Dorfes. Jeder kann dort seine Kühe weiden. Die Allmende hat nicht funktioniert, weil sich alle erst dort bedient haben, bevor sie ihr Vieh auf die eigenen Weiden getrieben haben. Das ist genau das Szenario der BSD Lizenz.\nDie GPL ist anders: Grase auf der Weide der freien Software, aber wenn Du das tust, kommen Deine Milch, Dein Schinken und der Dung Deiner Kühe auch in diese Allmende. Darum funktioniert die GPL. Sie ist nachhaltig.\nDie kooperative und die kompetitive Welt können nicht zusammen existieren, ohne daß die Regeln der kompetitiven Welt die kooperative Welt zerstören. Darum trennt die GPL im Gegensatz zu allen anderen Open-Source-Lizenzen beide Welten und darum ist die GPL die einzige Open-Source-Lizenz, die vor dem kompetitiven Lager bestehen kann.\nJörg Möllenkamp führt unsere Diskussion ebenfalls weiter. Er schreibt in GPL-Durchsetzung und die Folgen unter einem kompetitiven Gesichtspunkt:\nEs ist klar, das ein System nicht notwendigerweise offener wird, wenn sich dort verschiedene nicht freigegebene Module tummeln. Es ist allerdings ein Trugschluss, das man einen Hersteller durch die GPL in die Offenheit zwingen kann.\nDas ist das Missverständnis: Die GPL will niemanden zu irgendetwas zwingen. Sie will nur trennen. Die GPL sagt nicht \u0026ldquo;Du musst offen/frei/whatever sein.\u0026rdquo;\nSie sagt:\n\u0026ldquo;Wenn Du unseren Code nutzen möchtest, was Du nicht musst, dann musst Du das zu unseren Bedingungen tun.\u0026rdquo;\nDas ist ganz genau das, was jede andere Lizenz auch sagt. Die GPL nennt außerdem diese Bedingungen vorab, wie jede andere Lizenz auch. Es gibt keine Überraschungen, keine Lizenzbedingungsänderungen und es gibt insbesondere keinen Zwang zu irgendwas. Es gibt allerdings eine Handvoll ausgezeichneter wirtschaftlicher und ethisch-moralischer Argumente, die dafür sprechen. Aber das ist eine ganz andere, und vollkommen ungezwungene Diskussion.\nDie GPL will niemanden in die Offenheit zwingen. Sie will nur die Spielregel klarmachen. Die Spielregel ist ganz simpel: Quid pro quo . Unter der GPL ist es nicht möglich, Code aus der Allmende zu nehmen und etwas proprietäres damit zu machen. Und anders herum: Es ist möglich, etwas Proprietäres zu machen, aber dann nicht mit GPL-Code.\nEs ist lediglich Gier angesichts der überwältigenden Menge von GPL-Code von teilweise wirklich ausgezeichneter Qualität die manche Menschen oder Firmen glauben lässt, sie könnten an diesem Pool teilhaben ohne sich an die Spielregeln halten zu müssen. Diese Leute müssen lernen, daß dieser Pool von lohnenswertem Zeug nur deswegen existiert, weil all den Gierhälsen die glauben, sie könnten hier betrügen, mit der ganzen Härte des neu verschärften Urheberrechts auf ihre Spuddelfinger gehauen wird.\nWenn man natürlich ein Geschäftskonzept so baut, daß es ohne einen solchen Betrug nicht funktioniert, dann bedeutet das, daß man ohne den GPL-Code kein Produkt hat. Das ist aber kein Zwang vonseiten der GPL, sondern die Dummheit desjenigen Kriminellen, der hier seinen Teilhabern und sich selbst in die Tasche gelogen hat. Ich habe da nicht wirklich Mitleid - nicht mit Sony , die in ihrem Rootkit (L)GPL-Software illegal verwendet haben, nicht mit Microsoft, die geknackte Software zum Erzeugen von Windows Sounddateien verwendet haben und auch nicht mit - wieder - Sony, die aus Wikipedia content lizenzwidrig verwenden.\nEs sind diese Dinge, gegen die die GPL und in Grenzen die LGPL wegen ihrer einzigartigen Konstruktion schützen helfen.\nSehen wir es doch mal realistisch, wie gross ist den die Gruppe jener Menschen die in der Lage und Willens ist, auf einem Handy oder einem Router den Kernel auszutauschen.\nDie Größe der Gruppe der Menschen ist aus der Sicht der GPL vollkommen irrelevant. Die meisten Leute wissen ja auch nicht, was ein Rootkit ist. Die GPL zwingt auch niemanden, mit dem Code, auf den man Zugriff hat, etwas zu tun. Sie eröffnet Möglichkeiten, und darauf kommt es an.\nIch habe zum Beispiel mal ein Servermodul für einen Netscape Web Server schreiben müssen. Das hat natürlich nicht funktioniert, und zwar unter anderem auch deswegen, weil die API-Dokumentation und die tatsächliche API des Servers nicht übereinstimmend waren. Diese API-Diskrepanz nachzuweisen war sehr, sehr schmerzhaft. Ich habe natürlich erst einmal mich selbst für zu dumm gehalten, bevor ich Azundris\u0026rsquo; Grundregel des Debuggings angewendet habe (\u0026ldquo;Wenn Du den Fehler nach 30 Minuten nicht gefunden hast, ist es wahrscheinlich nicht Dein Fehler, sondern ein Fehler in der Bibliothek oder im Compiler.\u0026rdquo;). Diese Sorte Problem kann man mit der GPL prinzipbedingt nicht haben (genaugenommen reicht für diese Sorte Problem schon die Sorte Look-But-Don\u0026rsquo;t-Touch-Lizenz aus, die Microsoft so favorisiert).\nIch habe auch schon oft Dinge in anderer Leute Code einbauen müssen, weil ich die Änderung jetzt brauchte oder um einfach was auszuprobieren - SpamAssassin LDAP Support, Änderungen am LDAP-Code von PHP, LDAP-Support im Cyrus, \u0026hellip;. Ja, ich habe auch noch andere Sachen gemacht, aber mein LDAP-Engagement bei NetUSE war eine einzige Folge von \u0026ldquo;Eigentlich will ich Euren Code gar nicht hacken, aber da bitte sehr, so tut es mir und Euch am wenigsten weh.\u0026rdquo; Das war gut für mich und gut für den Hersteller, denn so hat er einen Bug Report oder Feature-Request bekommen, der Bug Report war validiert, und ein Patchvorschlag kam mit. Das hat für alle Beteiligten das Leben sehr viel einfacher gemacht, selbst dann, wenn mein Code wie bei SpamAssassin aus anderen Gründen nicht unverändert in den aktuellen Code übernommen worden ist.\nDer Punkt ist, daß in keinem dieser Fälle primär die Absicht Bestand, diesen Code zu ändern, sondern daß es sich aus persönlichen Bedürfnissen oder einem Projekt so ergeben hat. Das Projekt hat seinen Scope spontan geändert und die verwendeten GPL-Teile haben das genauso spontan mit getragen. Wären diese Projekte auf der Basis von Closed Source Zeugs realisiert gewesen, dann hätten diese Möglichkeiten nicht bestanden und das Projekt wäre auf den Stand \u0026ldquo;Plattform evaluieren\u0026rdquo; zurückgeworfen worden.\nDer andere Punkt ist, daß ich nur im kooperativen Umfeld die Möglichkeiten habe, meine Situation über die Paketgrenzen hinweg bis zum Grade eines prototypischen oder produktionsreifen Patches zu evaluieren, ohne mich Ressourcen-technisch zu verausgaben, und daß ich das dann im Rahmen des Projektes oder privater Weiterbildung auch tue.\nInput loswerden kann ich auch mit schwächeren Open-Source-Lizenzen, selbst mit CDDL , MPL oder anderen BSD -Lizenzvarianten.\nDie Frage ist, ob ich mich dazu motivieren kann, Code in irgendeine Firma einzuwerfen, um letztendlich deren CEO eine größere Yacht zu ermöglichen. Ich schreibe das Zeug eigentlich, um das Leben allen denen einfacher zu machen, die nach mir kommen. Ich kann dazu beitragen, Infrastrukturkosten zu sozialisieren und meine Arbeit in einen größeren Kontext zu stellen. Ich kann das deswegen, weil die (L)GPL mich davor schützt, daß jemand unser aller Tree forkt und unter eine Käseglocke stellt.\nEs geht nicht darum, wie viele Menschen den Kernel auf ihrem Handy austauschen wollen - es ist uns beiden vollkommen klar, daß die meisten das nicht wollen werden. Sondern es geht darum, daß ein jeder der - aus welchem Grund auch immer - der Meinung ist, dies tun zu müssen es auch tun kann. Und das ist sogar für den Hersteller des Handys ein Grund, diese Möglichkeit zu bieten, wenn der Hersteller sich die Mühe macht, da mal ein wenig drüber nachzudenken.\nJetzt fordert diese kleine Gruppe etwas, das wahrscheinlich eine ganze Reihe von Geschäftsgeheimnissen offenlegen würde (schönes Beispiel sind da für mich die Treiber von hochgezüchteten Grafikkarten). Warum sollte eine Firma das tun? Ist es der Firma zu verübeln, Auswege zu suchen, Umwege zu finden und wenn es irgendwie geht, Linux ganz zu vermeiden?\nNein, wenn Du kein GPL willst, dann benutze halt keinen GPL-Code. Nur, ähm, das ist nicht der Sachverhalt.\nEs ist nicht so, daß da plötzlich eine Gruppe von Leuten ist, die plötzlich und unerwartet etwas Überraschendes fordert. Sondern es ist so, daß der Hersteller einer proprietären Software GPL-Code illegal und wider besseres Wissen lizenzwidrig verwendet hat. Alles was gefordert wird, und zwar schon immer und nicht plötzlich und überraschend, ist eine Einhaltung des Lizenzvertrages auf eine der beiden möglichen Arten: nämlich entweder Offenlegung der Sourcen, aller Sourcen, und der dazu notwendigen Werkzeuge. Oder Entfernung des GPL-Codes aus dem Produkt. Beides ist legitim und möglich.\nEs ist notwendig, daß man sich als Firma vorher Gedanken darüber macht, unter welchen Lizenzen man geistiges Eigentum in sein Produkt einbringt. Das gilt für selbst erstellten Code genauso wie für erworbene Lizenzen Dritter - seien sie nun kommerziell oder GPLed. Eine Firma, die das nicht macht, hat nicht das Recht am Markt zu agieren, denn es handelt sich um einen Haufen von Dilettanten.\nIch weiß aber auch, das dieses Dilemma das Potenzial hat, der Marktdurchdringung von Linux erheblichen Widerstand zu bieten.\nMarktdurchdringung ist für ein GPL-Produkt kein Wert an sich, so cool das auch ist, etwa auf einem Kassensystem, einer Sina-Box, einem Voip-Telefon, einem WLAN-Router, einem Festplattenrecorder oder einem Handy einem Linux beim Booten zuzusehen. Der Kick kommt aber nicht vom Pinguin-Logo, sondern er kommt von den Möglichkeiten, die damit einhergehen und von der Gewissheit, daß eine starke GPL mir diese Möglichkeiten offen hält.\nEs ist im engeren Sinne jedoch genaugenommen vollkommen egal wie viele Leute Linux, den Gcc, die glibc oder was auch immer unter der GPL einsetzen. Linux auf was-auch-immer hat keinen Wert, wenn man auf diesem was-auch-immer nicht die Möglichkeiten hat, die damit einhergehen.\nUnd darum ist die klare und informierte Durchsetzung der GPL so wichtig: Sie markiert die Trennlinie zwischen dem kooperativen und dem kompetitiven Lager. Und es sei daran erinnert, daß es die Copyright-Faschisten des kompetitiven Lagers waren, die diese Trennlinie in den letzten fünf Jahren so vermint haben. Ich habe noch immer kein Mitleid.\nDie Linux-Kernelentwickler auch nicht. Sie haben in der Vergangenheit die Treiber-API des Kernels absichtlich binär inkompatibel verändert, um die Wartungskosten für Entwickler proprietärer Kernelmodule unattraktiv hochzuhalten und sie gehen nun dazu über, alle Treiber-Module, für die kein Sourcecode bereitgestellt werden kann, ins Userland zu verbannen.\nWenn man die Entwicklung der letzten Jahre nämlich betrachtet, dann wird eines immer klarer: Es kann keine Koexistenz mit Closed Source geben, sondern nur eine strikte Trennung. Diese Erkenntnis ist nicht neu: Am 27. September 1983, also vor nunmehr 23 Jahren wurde das GNU Projekt gegründet. Es entstand unter anderem, weil jemand Code aus der Allmende genommen und unter seine Käseglocke gestellt hat. Die Funktion der GPL ist es, eine Wiederholung eines solchen Szenarios zu verhindern. Und das - striktes Quid Pro Quo - macht die GPL zu der weitaus erfolgreichsten Lizenz im Open Source Bereich.\n","date":"2006-09-19T00:00:00Z","href":"https://blog.koehntopp.info/2006/09/19/gpl-marktdurchdringung-ist-kein-wert-an-sich.html","tags":["copyright","free software","lizenz","politik","lang_de"],"title":"GPL: Marktdurchdringung ist kein Wert an sich"},{"categories":null,"content":"Auf dem Heise Newsticker heißt es:\nHarald Welte, Mitentwickler des Netfilter-Firewallcodes im Linux-Kernel und Gründer des Projekts gpl-violations , hat vor Gericht einen Erfolg für die GPL erzielt. Wie er in seinem Blog berichtet, entschied das Landgericht Frankfurt am 6.9. im Sinne seiner Klage wegen GPL-Verletzung. Details dazu wollen Welte und sein Anwalt Till Jaeger, Mitbegründer des Instituts für Rechtsfragen der Freien und Open Source Software (ifrOSS ), allerdings erst nach Veröffentlichung des der schriftlichen Urteilsbegründung nennen.\nJörg Möllenkamp sieht dies als Phyrrussieg für die GPL, aber seine Analyse beruht auf einigen Verständnisfehlern.\nIn Von der GPL habe ich die GPL V2 einmal en detail erläutert und in der an den Artikel anschließenden Diskussion einige Dinge klargestellt. Der Kommentar ist wichtig, denn er paßt direkt auf den falschen Gedankengang von Jörg. Hier ist er noch einmal in voller Länge:\nDie GPL ist eine Lizenz. Sie gibt einem Rechte, sie nimmt einem keine Rechte.\nWenn die GPL nicht gälte (also Harald Welte den Prozeß verloren hätte), dann säßen alle Hersteller dieser netten kleinen embedded Systeme ohne Lizenz da und müßten sich an jeden einzelnen Autoren der Komponenten ihres embedded Linux Systems einzeln wenden, um sich eine Nutzungslizenz zu holen.\nDas ist ein Szenario, daß sich die Hersteller dieser Systeme keinesfalls wünschen können, denn während die GPL einem automatisch Rechte gibt, sobald man die Bedingungen erfüllt, ist dies bei manuellen Einzelverhandlungen nicht so: Ein Autor kann individuelle Rechte \u0026ldquo;einfach so\u0026rdquo; verweigern, wenn ihm danach ist. Es ist also eine Gute Sache Für Alle (tm), daß Harald Welte gewonnen hat und die GPL eine in Deutschland funktionsfähige und durchsetzbare Lizenz ist.\nDie GPL ist eine Lizenz des kooperativen Lagers . Wie jede andere Lizenz muß man sie erwerben, man bekommt sie nicht einfach so. Lizenzen kompetetiver Spieler bekommt man entweder gar nicht (weil die Lizenz nicht verkäuflich ist), oder man muß sie für Geld kaufen. Lizenzen nach der GPL bekommt man, indem man die Spielregeln des kooperativen Lagers anerkennt und sie befolgt. Indem man sie nicht verfolgt, verliert man in dem Moment, in dem man dies tut, die durch die Lizenz zugesicherten Nutzungsrechte.\nSobald man mit den Bedingungen der GPL wieder konform ist, hat man alle durch die GPL zugesicherten Rechte wieder. Das ist furchtbar nett. Die meisten kompetetiven Spieler gehen mit Lizenzverstößen weniger nachsichtig um. Man stelle sich einmal vor, ein Hersteller von embedded Rechnern hätte widerrechtlich ganz oder in Teilen Code von Microsoft in seinem Produkt genutzt. Wie wäre die Reaktion wohl ausgefallen?\nJörg schreibt , die GPL sei viral. Das klingt so, als könne man sich an ihr anstecken. Das ist Unsinn. Entweder entscheidet man sich in einem Projekt, Code zu verwenden der unter der GPL steht oder man läßt es sein. Aller Code, der unter der GPL steht, ist klar als solcher erkennbar: Er muß mit einer Kopie der GPL zusammen verbreitet werden, und diese Datei heißt LICENSE.\nEntweder nimmt man fremden Code in seinem Projekt auf - dann muß man eine Lizenz erwerben, die einem diese Nutzung fremden Codes in seinem Projekt erlaubt. Oder man tut es nicht. Oder man integriert fremden Code \u0026ldquo;aus Versehen\u0026rdquo; in seinem Projekt. Dann sollte man die Softwareentwicklung aufgeben, weil man seine Codebasis nicht mehr unter Kontrolle hat und genauso leicht etwa richtiger Schadcode \u0026ldquo;aus Versehen\u0026rdquo; Bestandteil des Projektes werden könnte.\nSelbst wenn man \u0026ldquo;aus Versehen\u0026rdquo; GPL-Code in seinem eigenen Projekt integriert, kann man durch die GPL keine Eigentumsrechte an seinem eigenen geistigen Eigentum verlieren: Das Recht, den GPL-Code zu nutzen erlischt, solange man mit den Bedingungen der GPL nicht konform geht. Man kann also in aller Ruhe den GPL-Code aus seinem Projekt entfernen und das Produkt, das nun komplett aus eigener geistiger Leistung besteht, weiter vertreiben. Die GPL zwingt niemanden dazu, seine eigenen Eigentumsrechte aufzugeben.\nDie GPL zwingt nur zu einer einzigen Sache.\nSie zwingt einen dazu, sich zu entscheiden zwischen dem kompetetiven und dem kooperativen Lager, und sie zwingt die Spieler im kooperativen Lager, die Regeln der Kooperation einzuhalten.\nDie GPL hält die Spieler im kooperativen Lagen ehrlich und fair. Damit macht sie eine dauerhafte Kooperation überhaupt erst möglich. Sie benutzt dazu das Urheberrecht, eigentlich ein Instrument des kompetetiven Lagers. Ohne dies könnte die GPL nicht existieren, denn sie wäre nicht durchsetzbar. Das macht die GPL zu einem faszinierend einfachen und scheinbar widersprüchlichem Konstrukt: Gäbe es das kompetetive Lager nicht, wäre das Urheberrecht obsolet und mit dem Erlöschen der Notwendigkeit für die GPL als Schutzmechanismus für die Code-Allmende gegen das kompetetive Lager löst sie sich dann auch sofort Rückstandsfrei auf.\nDie GPL vermeidet durch das Erzwingen des Quid Pro Quo den Konstruktionsfehler, den Lizenzen wie etwa die BSD Lizenz haben. Dort kommt es immer wieder vor, daß Firmen Quelltext nehmen, geringfügig verbessern und zur Grundlage ihres Geschäftsbetriebes machen, ohne ihre eigene Leistung der Gemeinschaft wieder zur Verfügung zu stellen, auf deren Vorleistungen sie ihren Betrieb gründen. Die GPL ist im Gegensatz zu solchen Lizenzen nachhaltig (im Sinne einer \u0026ldquo;Strategie, die sich langfristig aufrecht erhalten lässt\u0026rdquo;.) konstruiert.\nIch schrieb schon damals :\nProbleme gibt es immer nur dann, wenn Mitglieder der kompetetiven Sphäre meinen, sie könnten die Regeln der kooperativen Sphäre ignorieren, weil die kooperativen Wertschöpfer untereinander das tun. Die Kompetetiven bekommen dann nach den Regeln, die sie selbst geschaffen haben, auf die Finger. Müssen sie, damit die kooperative Allmende erhalten werden kann. Das ist ja genau der Grund, warum die Fackelträger der Kompetetiven versuchen, kooperative Lizenzen mit Schutzmechanismen wie die GPL als \u0026ldquo;viral\u0026rdquo;, \u0026ldquo;böse\u0026rdquo;, \u0026ldquo;illegal\u0026rdquo; oder sonstwie \u0026ldquo;ganz schlimm\u0026rdquo; darzustellen, allen voran Microsoft und die von Microsoft bezahlten Astroturfer. Lizenzen mit Schutzmechanismen schaffen einen geschützten Bereich, in dem kooperatives Verhalten möglich ist und unter anderem durch niedrige Transaktionskosten belohnt wird. Sie bestrafen Leute, die die Kooperation verletzten, indem sie ihnen die viel höheren Transaktionskosten des kompetetiven Bereichs auferlegen (\u0026ldquo;Zieh erst mal Deine Lizenzen gerade.\u0026rdquo;) und sie von der Nutzung der freien, aber nicht kostenlosen kooperativen Werte ausschließen (Der zu zahlende Preis ist die Einhaltung der Regeln der Kooperation).\nDas ist das, was Harald Welte hier tut, und er hat zumindest meine uneingeschränkte ideologische Unterstützung (und mein Geld, wenn er es braucht): Er fordert die Bezahlung der Lizenzen ein, und hält so den Deal am Leben. Das ist wichtig, ja sogar zentral.\n","date":"2006-09-10T00:00:00Z","href":"https://blog.koehntopp.info/2006/09/10/gpl-in-deutschland-vor-gericht-durchgesetzt.html","tags":["copyright","free software","lizenz","politik","lang_de"],"title":"GPL in Deutschland vor Gericht durchgesetzt"},{"categories":null,"content":" Rückkühler, 2x3m (6 qm) Kupferkühlfläche pro Seite\n[ Dieser Artikel hätte vor zwei Wochen fertiggestellt werden sollen, auf dem Höhepunkt der Hitzewelle, aber ich war zu schlapp zum Schreiben. \u0026ndash; kris ]\n\u0026ldquo;1.21 Gigawatt? Tom Edison, wie erzeugt man so viel Strom?\u0026rdquo; \u0026ndash; Dr. Emmett Brown\nEin Rechenzentrum ist im Wesentlichen eine große isolierte Kiste, deren Türen die meiste Zeit geschlossen gehalten werden. In das Rechenzentrum herein führen - da kommen die meisten Leute von selber drauf - Stromkabel und Netzwerkkabel. Ins Rechenzentrum herein führen außerdem - und das unterschätzen die meisten Leute - auch Wasserleitungen. Diese pumpen kaltes Wasser in die Wärmetauscher der Klimaanlage und lassen das warme Wasser wieder herausfließen.\nAlso, wie viel Energie brät so ein Rechenzentrum denn so weg?\nPlatz im Rechenzentrum wird in HE, Höheneinheiten von 19-Zoll-Schränken, abgerechnet. Ein Schrank hat Platz für 40-42 HE. Ein IBM Bladecenter Chassis faucht hinten aus seinen beiden Radiallüftern 3000-3500 Watt raus, wenn es voll bestückt ist. Es belegt 7 HE. Machte man den Schrank mit 5 oder 6 von diesen Dingern randvoll, würden in diesem Schrank zwischen 15000 und 21000 Watt rausgeblasen werden. In einem kleinen RZ mit 30 Schränken sind das um die 500 kW.\nWie viel Energie ist das?\nKilowatt sind nur neumodische Worte für PS. Ein Kilowatt sind 1.36 altbekannte Pferdestärken. 15 kW sind also 20 PS, in etwa ein Renault 4 , und 21 kW sind 28 PS - mit dieser Leistung flog Louis Blériot im Jahre 1909 über den Ärmelkanal. 500 kW sind 680 PS. Das ist die Leistung des Motors einer ME 109 , oder etwa halb so viel wie der Motor eines Leopard 2 oder 2/3 der Leistung eines Bugatti Veyron .\nDafür bekommt man die Power von ca. 5000 Intel-Prozessoren bei 3 GHz, und etwa 5 Terabyte RAM, aber man hat noch keine Platten irgendwo in Betrieb genommen.\nDas alles muss man nun circa mal drei bis vier nehmen, denn man muss ja die Platten, den Leistungsverlust durch dezentrale Netzteile und die zusätzliche Energie für Kühlung mitrechnen.\nNatürlich stellt man sich nicht alles voll mit Blades - man muss ja auch noch Datenbanken, Fileserver, Ciscos und anderes Zeugs haben, also hat man am Ende nicht einen Raum mit 30 Schränken, sondern drei Räume mit 90 Schränken voll Hardware. Aber man arbeitet mit so knapp an die 2 Megawatt, oder zwei Schiffsdieseln mit 1250 PS pro Stück.\nDies ist ein Schrauben- kompressor, wie er in jedem Kühlschrank seinen Dienst tut. Dieser Kompressor hier wiegt 6 Tonnen und schafft 700 kW weg.\nDas klingt nach einer ganzen Menge Power, ist aber tatsächlich relativ klein so im Vergleich.\nGoogle zum Beispiel zieht jetzt an einen Staudamm in Oregon . Die Aluminiumhütte dort hat zugemacht und die 1.8 Gigawatt aus dem Damm am Columbia River kommen Google gerade recht. Zumal man das Wasser aus dem Damm dann auch gleich zur Kühlung nutzen kann und es in Oregon meist nicht so warm ist. Google muss das, denn sonst wird Blogger dunkel .\nAuch andere Internet Firmen verfolgen dieselbe Strategie . Das alles ist ein ernstes Problem . Man kann sich jetzt auf seinen Status als offizieller Sun Fanboy zurückziehen und sagen \u0026ldquo;Mit Sun Servern wäre das nicht passiert\u0026rdquo;, aber das geht am Kern des Problems vorbei. Denn dann hätte man mehr Server, aber genau denselben Leistungshunger.\nWie sieht das in Deutschland aus? Wir sind ja ein ordentliches Land und nicht so drittweltig wie die USA, wo schon mal 14 Tage lang der Strom in einer Großstadt wegbleiben kann. Aber auch bei uns passiert dasselbe .\nFür ein Rechenzentrum ist der Ausfall der Klimaanlage ein schneller Tod. Wenn die Rückkühler, die die Abwärme des Rechenzentrums in die Umgebung ableiten sollen, beschädigt oder blockiert sind, dann bleiben je nach Systemkonstruktion noch 20-30 Minuten, bis die Zulufttemperatur der Geräte die magische 35 °C Schwelle überschreitet. Der Betreiber hat dann die Wahl zwischen Abschalten und Hitzetod.\nIm Rechenzentrum sieht das inzwischen nicht viel anders aus. Damit man auf kleinem Raum überhaupt so viel Abwärme generieren kann, muss man seine Luftströme im Rechenzentrum sorgfältig organisieren. Einen ganzen Raum zu kühlen und die Server dann da einfach reinzustellen funktioniert schon bei relativ kleinen Abwärmemengen nicht mehr.\nStattdessen bläst man kalte Luft in den Unterboden und drückt diese in der Mitte einer Rackreihe hoch. Die kalte Luft muss durch die Racks hindurch, um in den Abwärmegang zu gelangen, wo sie abgesaugt und wieder gekühlt wird - Kaltgang - Warmgang ist der Suchbegriff für Google. Entscheidend ist jedenfalls die getrennte Führung von kalter und warmer Luft durch das gesamte Rechenzentrum. Das Paper Keeping Your Data Center Cool: There Is Another Way (PDF) von IBM gibt einen netten Überblick über \u0026ldquo;Cold Aisle, Warm Isle\u0026rdquo;, über das Problem des Abluftkurzschlusses und das Problem des Wärmestaus unter der Decke. IBM bewirbt in dem Paper Rear Door Heat Exchangers, also Abluftkühler in Racktüren. Aber selbst wenn man deren Produkt nicht will, ist das Papier eine nette Sammlung von typischen Kühlungsproblemen, die man mit ein wenig Aerodynamik und geordneter Luftführung in den auch passiv Griff bekommen kann.\nWenn Ihr das nächste Mal also Google benutzt, oder Yahoo, oder web.de, dann denkt mal an Euren Klimatechniker und was der damit zu tun hat, daß das Internet noch funktioniert.\n","date":"2006-08-07T00:00:00Z","href":"https://blog.koehntopp.info/2006/08/07/the-heat-is-on.html","tags":["computer","data center","lang_de"],"title":"The Heat Is On"},{"categories":null,"content":" Choose any font you like\nSeit MySQL 4.1 existiert in MySQL Support für Zeichensätze und Sortierreihenfolgen. Das bedeutet im Wesentlichen, daß an jedem CHAR, VARCHAR und TEXT in der Datenbank und an jeder Stringkonstante dranklebt, in welcher Codierung der String vorliegt und mit welcher Sortierreihenfolge der String beim Sortieren und Vergleichen zu behandeln ist.\nVokabeln Aber zuerst einmal ein bischen Vokabular:\nEin Zeichensatz ist eine Sammlung von Symbolen, die verwendet werden dürfen. Zeichen in einem Zeichensatz haben Namen wie \u0026ldquo;Copyright Symbol\u0026rdquo; oder \u0026ldquo;Lowercase O-Umlaut\u0026rdquo;.\nEine Codierung ist eine Definition, in welcher Bytefolge ein Symbol zu codieren ist. In Latin1-Codierung zum Beispiel ist ein Lowercase O-Umlaut Symbol als 0xF6 codiert, während es in UTF8 als 0xC3B6 codiert wird. In MySQL wird eine Codierung fälschlicherweise als Charset bezeichnet.\nEin Font ist eine Definition, wie ein bestimmtes Symbol auszusehen hat. Ein Lowercase O-Umlaut kann zum Beispiel als ö oder als ö dargestellt werden.\nEine Collation definiert eine Vergleichsfunktion für einen Zeichensatz. Eine binäre Collation definiert die Vergleichsfunktion für zwei Zeichen über die Binärwerte ihrer Codierung, sortiert die Umlaute und andere Sonderzeichen also ziemlich durcheinander und recht willkürlich weit oberhalb der normalen Zeichen. Die Default-Collations für alle Zeichensätze in MySQL sind \u0026ldquo;CI\u0026rdquo; (case-insensitive) - das ist ungewöhnlich für SQL und unterscheidet MySQL von fast allen anderen SQL-Produkten. Zum Glück ist das nur ein Default und kann leicht geändert werden.\nZeichensätze, Collations und Bytelängen Um einen Überblick zu bekommen, welche Zeichensätze und Codierungen vom Server unterstützt werden, kann man das Kommando SHOW CHARSET verwenden. Es listet für jeden Zeichensatz den Namen, eine kurze Beschreibung, die mit dem Zeichensatz assoziierte Standard-Collation und die Bytelänge des Zeichensatzes auf.\nDie Bytelänge des Zeichensatzes kommt zum Tragen, wenn man eine Spalte vom Typ CHAR definiert: Der tatsächliche Speicherplatz eines CHAR(20) ist also 20 mal die Bytelänge des Zeichensatzes: Ein Latin1-CHAR(20) belegt also 20 Byte, ein UTF8-CHAR(20) belegt 60 Byte.\nDie Bytelänge des Zeichensatzes kommt auch zum Tragen bei Indices: Während ein UTF8-VARCHAR(20) also zwischen 2 und 61 Byte belegen kann (ein Längenbyte plus die tatsächliche Länge des Strings) und normale ASCII-Zeichen in UTF8 nur ein Byte belegen, werden in Index-Records auf UTF8-Spalten Bytes wie in CHAR-Spalten belegt. Ein Index auf eine UTF88-VARCHAR(20) Spalte belegt also 60 Byte plus Row Pointer (6 Byte in MyISAM per Default) pro Zeile in der Tabelle.\nZeichensätze und Collations werden per Spalte festgelegt - man kann auf Serverebene, auf Schema (Datenbank) -Ebene und auf Tabellenebene Defaults festlegen, die nach unten weitervererbt werden, aber zum Tragen kommen die Definitionen nur an tatsächlichen Spalten. Es ist also nützlich, den Server, Datenbanken und Tabellen immer mit Latin1 oder einem anderen Einbyte-Zeichensatz zu definieren und nur für die Spalten, die tatsächlich UTF8 benötigen die platzfressende UTF8-Codierung zu verlangen.\nCollations (Sortierreihenfolgen) sind an einen Zeichensatz gebunden. Es ist also nicht möglich, eine Collation latin1_german1_ci im Zusammenhang mit einem UTF8-Zeichensatz zu verwenden. Das Kommando SHOW COLLATION listet die verfügbaren Collations auf. Da das sehr viele Collations sind, verwendet man sinnvollerweise den Zeichensatz als Einschränkung: SHOW COLLATION LIKE \u0026ldquo;latin1%\u0026rdquo; listet also die mit der Codierung latin1 kompatiblen Collations auf.\nEine Collation hat eine Sortlen. Collations mit einer Sortlen von 0 sind nicht im Server compiliert, sondern mit einer externen Lookup-Table definiert. Sie können geändert oder sogar neu definiert werden ohne daß man den Server neu compilieren muß. Ich habe an anderer Stelle ein Beispiel dafür gegeben.\nZeichensatz der Connection Wenn man mit dem Server redet, gibt es eine Reihe von Variablen, die festlegen, in welchem Zeichensatz (und mit welcher Collation) der Server arbeitet, wenn man mit ihm redet. Das Kommando SHOW VARIABLES LIKE \u0026ldquo;character_set_%\u0026rdquo; listet diese Variablen und ihre Werte auf.\nWenn man den MySQL-Kommandozeilenclient verwendet, um ein Statement zu erstellen, dann kann man dort Umlaute als Teil des Statements eingeben - möglicherweise sind sie auch Bestandteil eines SQL-Scriptes, das in den Client eingelesen werden soll. Es ist erst einmal wichtig herauszufinden, welche Codierung der Client denn überhaupt verwendet.\nDazu kann man ein Statement wie\nlinux:~ # od -t x1a ö 0000000 c3 b6 0a C 6 nl linux:~ # mysql ... root@localhost [(none)]\u0026gt; select hex(\u0026#34;ö\u0026#34;); +-----------+ | hex(\u0026#34;ö\u0026#34;) | +-----------+ | C3B6 | +-----------+ 1 row in set (0.00 sec) verwenden. Dieser Client verwendet offensichtlich einen Mehrbyte-Zeichensatz - hier UTF8 - um Umlaute zu codieren. In meinem Fall - ich verwende KDE konsole - kann ich das leicht ändern: Indem ich in Settings -\u0026gt; Encoding auf latin1 umstelle, bekomme ich\nlinux:~ # od -t x1a ö 0000000 f6 0a v nl linux:~ # mysql-3340 ... root@localhost [(none)]\u0026gt; select hex(\u0026#34;ö\u0026#34;); +----------+ | hex(\u0026#34;ö\u0026#34;) | +----------+ | F6 | +----------+ 1 row in set (0.00 sec) Ich muß dem Server jetzt mitteilen, in welchem Zeichensatz meine Statements sein werden: Die Variable character_set_client legt dies fest. Der Server muß außerdem wissen, in welchem Zeichensatz meine Stringkonstanten sind: Dies legt character_set_connection fest - wenn dies nicht ausdrücklich an einer Konstante dran steht, indem sie etwa als _latin1 \u0026ldquo;ö\u0026rdquo; geschrieben wird..\nDie Query wird dann ausgeführt, und das Ergebnis in character_set_results umgewandelt, bevor es an den Client zurück gesendet wird.\nMan kann diese Variablen einzeln setzen, aber es ist bequemer, sie alle drei auf einmal zu setzen. Dies geschieht mit SET NAMES utf8 oder SET NAMES latin1.\nUm einen bestimmten Zeichensatz zum Default zu machen, setzt man sich in die [client]-Sektion seiner my.cnf eine Definition für den default-character-set:\n[client] default-character-set=latin1 default-collation=latin1_german1_ci Zeichensatz an Datenbank, Tabelle und Spalte Server, Datenbanken und Tabellen haben Default-Zeichensätze und Collations. Die Default-Einstellungen bewirken nichts, außer das sie festlegen, welche Zeichensätze und Collations CHAR, VARCHAR und TEXT Spalten haben werden, für die nicht ausrücklich etwas festgelegt wird. Wer vernünftig ist, setzt als Default-Wert immer einen Einbyte-Zeichensatz und verwendet Mehrbyte-Zeichensätze so sparsam wie irgend möglich.\nEiner Datenbank kann beim Anlegen mit \u0026ldquo;CREATE DATABASE\u0026rdquo; ein Zeichensatz und eine Collation mitgegeben werden.\nroot@localhost [(none)]\u0026gt; create database demo charset latin1 collate latin1_german1_ci; Query OK, 1 row affected (0.37 sec) MySQL hinterlegt diese Informationen in der db.opt-Datei im Verzeichnis der Datenbank.\nlinux:~ # cat /export/data/rootforum/data/demo/db.opt default-character-set=latin1 default-collation=latin1_german1_ci Die Daten können mit dem passenden ALTER DATABASE Kommando geändert werden.\nAuch für Tabellen können so Default festgelegt werden, die vom Default der Datenbank abweichen:\nroot@localhost [demo]\u0026gt; create table t ( id integer not null, d varchar(20) charset latin1 not null, e varchar(20) charset utf8 not null ) charset cp1250; Query OK, 0 rows affected (0.33 sec) root@localhost [demo]\u0026gt; show create table t\\G Table: t Create Table: CREATE TABLE `t` ( `id` int(11) NOT NULL, `d` varchar(20) character set latin1 NOT NULL, `e` varchar(20) character set utf8 NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=cp1250 1 row in set (0.00 sec) Dieses Beispiel definiert in unserer latin1-Datenbank demo eine Tabelle mit einer cp1250 Codierung und in dieser eine latin1 und eine utf8-Spalte.\nMit unserer utf8-Konsole können wir dort jetzt Umlaute einfüllen, und sie zum Test auch wieder auslesen.\nroot@localhost [demo]\u0026gt; select hex(\u0026#34;ö\u0026#34;); -- utf8 wird verwendet +-----------+ | hex(\u0026#34;ö\u0026#34;) | +-----------+ | C3B6 | +-----------+ 1 row in set (0.01 sec) root@localhost [demo]\u0026gt; set names utf8; Query OK, 0 rows affected (0.00 sec) root@localhost [demo]\u0026gt; insert into t ( id, d, e ) values ( 1, \u0026#34;ö\u0026#34;, \u0026#34;ö\u0026#34; ); Query OK, 1 row affected (0.00 sec) root@localhost [demo]\u0026gt; select d, hex(d), e, hex(e) from t; +----+--------+----+--------+ | d | hex(d) | e | hex(e) | +----+--------+----+--------+ | ö | F6 | ö | C3B6 | +----+--------+----+--------+ 1 row in set (0.00 sec) Man kann hier sehr schön sehen, daß der utf8-Umlaut in latin1 gewandelt worden ist, bevor er in d eingefügt worden ist, während er in e ohne Konvertierung gespeichert werden konnte. Die Verbindung ist auf utf8 gestellt, aber dennoch werden d und e im select korrekt angezeigt, weil der Inhalt von d bei der Ausgabe wieder von latin1 in utf8 gewandelt wird.\nDatenimport Beim Import von Daten in ein MySQL in Form eines Dumpfiles ist es also wichtig, erst einmal den Zeichensatz des Dumpfiles korrekt festzustellen. \u0026ldquo;od -t x1a\u0026rdquo; auf ein paar Umlaute im Dumpfile hilft dabei sehr. Der Dump muß dann mit einem SET NAMES-Statement beginnen, das zu diesem Zeichensatz paßt.\nDie Tabellendefinitionen im Zielsystem können vom Zeichensatz her so aufgesetzt sein, wie sie wollen, solange die Zeichen aus dem Dump im Zeichensatz der Zielspalten darstellbar ist. MySQL wird die Zeichen dann beim Import so hin- und her konvertieren wie es notwendig ist.\nAnders herum hilft es auch genau gar nicht, die Zeichensatzdefinitionen von Spalten im Dump zu verändern, um vermeintliche Fehler zu korrigieren. Es ist lediglich ausschlaggebend, daß der Zeichensatz im Dump und das SET NAMES korrekt übereinstimmen.\n","date":"2006-08-06T00:00:00Z","href":"https://blog.koehntopp.info/2006/08/06/zeichensatzaerger.html","tags":["mysql","lang_de"],"title":"Zeichensatzärger"},{"categories":null,"content":"Okay, weil es so schön war, hier gleich noch mehr Bazillenprosa von Greg Bear, denn das Thema hat es ihm schon seit langer Zeit angetan. In Blutmusik erschafft ein verrückter Wissenschaftler einen bazillenbasierten Hivemind/Supercomputer, der nicht nur alle Zellen auf diesem Planeten in seine tumorhafte Superstruktur integriert, sondern dabei die derzeit auf dieser Wetware laufenden Programme assimiliert, illegal kopiert und in einer Reihe von Was-Wäre-Wenn Matrix-Szenarien laufen läßt. Las sich damals, weit vor Matrix und Bear\u0026rsquo;s Selbstkopie recht flott und amüsant. Da hat er sich aber auch mehr um die Handlung gekümmert als um den wissenschaftlichen Unterbau.\nBloodmusic Ebenso wie Vitals und Blutmusik spielt \u0026ldquo;Darwin\u0026rsquo;s Radio\u0026rdquo; im Reich der Bazillen und Retroviren. Dieses Mal werden also durch umwelt- und lebensstilbedingte Einflüsse Streßhormone ausgeschüttet, die in der DNS von Menschen enthaltene Fragmente von Retroviren aktivieren, die wiederum die Menschen lustig mutieren lassen. Es entsteht eine neue, buntere, weniger aggressivere, besser kommunizieren könnende Unterart des Menschen, die einmal den Homo sapiens sapiens ablösen wird. Bis dahin kommt es aber zu Umsturz, Regierungskrise, Familiendrama und so weiter.\nDarwin\u0026rsquo;s Radio Zwölf bis achtzehn Jahre später geht den Regierungen der Welt - insbesondere der sehr realistisch dargestellten US-Regierung immer noch der Arsch auf Grundeis, wenn sie mit dem Homo Novis zu tun haben, und so transponiert Greg Bear die Bush-Regierung, Guantanamo, Halliburton, New Orleans-Style Katastrophenmanagement und andere aktuelle politische Erscheinungen in seine Homo Novis-Welt. Das wird dann streckenweise so realistisch, daß man erst mal was anderes lesen will. Und auch was mit weniger Hard-SciFi.\nDarwin\u0026rsquo;s Children ","date":"2006-08-03T00:00:00Z","href":"https://blog.koehntopp.info/2006/08/03/fertig-gelesen-greg-s-bazillenprosa.html","tags":["book","media","review","lang_de"],"title":"Fertig gelesen: Greg's Bazillenprosa"},{"categories":null,"content":" Besser schreiben für nur 8 EUR.\nIrgendwann 1992 hatte ich eine Mailbox auf der Basis von SCO Xenix bei mir im Haus, und fing an, Gateways in Netze zu betreiben, die nicht auf der Grundlage von USENET funktionierten. Über mein lokales Fido-Gateway kam CT.GER auf meine Kiste, und ich wurde Zeuge einer wirklich schlechten Betriebssystem-Diskussion. Wie auch immer, jedenfalls fühlte ich mich bemüßigt, da einzugreifen und mal ein paar grundlegende Sachen zu erklären.\nKurze Zeit später rief jemand von der c\u0026rsquo;t an und fragte mich, ob sie das wohl drucken könnten. Meine Antwort war: \u0026ldquo;Nein, aber wenn Ihr mir sagt, was Ihr haben wollt, dann schreibe ich Euch das gerne als Artikel auf.\u0026rdquo;\nNun ist Schreiben für eine Zeitung was anderes als Schreiben für das Netz, also habe ich eine Anleitung für gutes Schreiben gesucht. Schneiders Deutsch für Profis - Wege zu gutem Stil ist spottbillig, nicht zu dick und erklärt alles Wichtige nach der Rechtschreibung.\nEine meiner sinnvollsten Investitionen - ever.\n","date":"2006-07-30T00:00:00Z","href":"https://blog.koehntopp.info/2006/07/30/fertig-gelesen-deutsch-fuer-profis.html","tags":["blog","review","lang_de"],"title":"Fertig gelesen: Deutsch für Profis - Wege zu gutem Stil"},{"categories":null,"content":"Jäger ( Vitals ): Eine Geschichte über russische Puppen: Bakterien, die in Bakterien leben, und Bakterien, die das Verhalten der Lebewesen, die sie bewohnen von innen heraus steuern. Aber auch Verschwörungen in Verschwörungen und Menschen, die das Verhalten von anderen Menschen von innen heraus steuern.\nIn der Anlage der Story folgt Greg Bear den Ideen von Philipp K. Dick: Er beschreibt die Realität aus der Sicht seiner Helden, und wie sich diese Realität unter der Beeinflussung verändert, er beschreibt der Verlust von Fixpunkten, und sich daraus ergebende Orientierungslosigkeit. Wie bei PKD gibt es kein Happy End, sondern am Ende einen vollständigen Verlust des Kontaktes mit der Wirklichkeit, und die Frage, ob es so etwas wie Wirklichkeit überhaupt gibt.\nNur daß Greg Bear zwar recht gut, aber kein PKD und Vitals nicht sein bestes Buch ist. Und so bleibt am Ende der Wunsch nach kleineren Plotholes, und einem schlüssigeren Ende.\n","date":"2006-07-30T00:00:00Z","href":"https://blog.koehntopp.info/2006/07/30/greg-bear-vitals.html","tags":["book","media","review","lang_de"],"title":"Fertig gelesen: Greg Bear: Vitals"},{"categories":null,"content":" GPL V3 (2nd draft) (Changes highlighted)\nIn Von der GPL und den daran hängenden Kommentaren habe ich einmal versucht, die GPL V2 zu erläutern, und was sie genau bewirkt. Der zweite Draft der GPL V3 ist nun veröffentlicht.\nMan kann ihn sich im Wiki ansehen oder sich das PDF mit den markierten Changes zum ersten Draft herunterladen.\nEine Lizenz zu schreiben ist ein hartes Stück Arbeit. Die GPL hat es sich zum Ziel gesetzt, nicht nur juristisch wasserdicht zu sein, sondern den Sachverhalt dennoch so allgemeinverständlich als möglich auszudrücken, und dabei nur so lang wie notwendig zu sein. Was das bedeutet, kann man sehr schön sehen, wenn man sich die Änderungen im 2nd draft auch einmal unter einem stilistischen Aspekt durchsieht.\nAls PDF hat die GPL V3 (ein Stück Gesellschaftsvertrag, und die Grundlage der Zusammenarbeit des kooperativen Lagers ) nur 17 Seiten. Damit ist sie fast 30 mal kleiner als die gescheiterte EU-Verfassung.\nEs gibt viele gute Gründe, das Ding jetzt durchzulesen und zu versuchen, es zu verstehen. Ihr werdet alle in dem Umfeld arbeiten, daß hier definiert wird.\n","date":"2006-07-30T00:00:00Z","href":"https://blog.koehntopp.info/2006/07/30/gpl-v3-2nd-draft.html","tags":["free software","lizenz","politik","lang_de"],"title":"GPL V3 (2nd draft)"},{"categories":null,"content":" Scaling Patterns\nIn 2004 habe ich auf dem Linuxtag einen kleinen Vortrag zum Thema Skalierbarkeit gehalten. Schon damals war die Message an verschiedenen Stellen im Vortrag \u0026ldquo;Jedes Readproblem ist ein Caching-Problem, jedes Schreibproblem ist ein Verteilungs- und Batchproblem\u0026rdquo;:\nZum Skalieren muß man seine Anwendung in Teilanwendungen unterteilen und die Daten replizieren. Die Replikation muß asynchron erfolgen, ohne Two Phase Commit (2PC), sonst gewinnt man wenig bis nichts. Schreibzugriffe müssen verzögert und gebatched werden, damit sie effizienter abgewickelt werden können. Um weitere Flaschenhälse zu vermeiden, muß man die Datenhaltung in die Teilanwendungen dezentralisieren und eine zentrale Datenbank vermeiden.\nDas läuft natürlich allem zuwieder, was man von seinem Datenbankprofessor an der Uni gelernt hat: Es ist unsicher, man arbeitet mit falschen oder veralteten Daten und man weiß nicht immer, ob alles auch so geklappt hat, wie man sich das vorstellt.\nEs hat aber einen wichtigen Vorteil: Es funktioniert. Und es skaliert.\nServices Bei Amazon klingt das so:\nOne way that we\u0026rsquo;ve made this much easier for ourselves here at Amazon is that internally we are a services-oriented architecture, and I don\u0026rsquo;t mean that in terms of the buzzword of the last five years. We\u0026rsquo;ve been this long before that word became public. What I mean by that is that within Amazon, all small pieces of business functionality are run as a separate service.\nFor example, this availability of a particular item is a service that is a piece of software running somewhere that encapsulates data, that manages that data. And when, for example, we hit the gateway page of Amazon, it will go out to somewhere between 100 and 150 different services to construct this page for you.\nThat means that we\u0026rsquo;ve localized the notion of availability and consistency towards each service because each service is responsible for its data encapsulation. And then, depending on what kind of service it is and what kind of consistency guarantees they require, you use different technologies. But it must be absolutely clear I think to everyone that we\u0026rsquo;re not using two phase commit to update distributed resources all over the world.\nNicht anders viel anders web.de: Das, was der Anwender sieht, wenn er sich an web.de connected, sieht mehr oder weniger aus wie eine große Anwendung. Intern besteht seit einigen Jahren es aus ca. 150 verschiedenen Diensten, die untereinander durch eine Middleware-Layer miteinander kommunizieren. Das führt zum Teil zu ziemlich skurrilen (nach traditionellen OSS-Maßstäben) Konstruktionen.\nDer Eingangsmailer von web.de war zum Beispiel einmal irgendwann ein Exim3. Er ist es schon lange nicht mehr, denn irgendjemand hat ihn mit Mico, einem Corba-Layer, verheiratet. Der Mailer besteht also effektiv nicht mehr aus einer Maschine. Stattdessen hängt über das Netz nach hinten raus ein Sack voll Middleware mit drin.\nWenn jetzt eine Mail eingeht, dann muß der Mailer eine ganze Menge Dinge erfragen:\nEr muß einen Userservice fragen, ob der Kunde existiert und ob es ein zahlender Kunde ist. Er muß den Quotaservice/Benutzerprofilservice fragen, ob der Kunde noch Mail empfangen kann, und welche Präferenzen für den Mailempfang gesetzt sind. Er muß den Virenfilterservice fragen, ob die Nachricht gefahrlos empfangen kann. Er muß den IP Blacklisten-Service fragen, ob Mail von dieser IP angenommen werden kann. Er muß den Spamfilter-Service fragen, ob die Mail verdächtig ist. Er muß die Storage-Layer fragen, welche Storage Locations für die Mail in Frage kommen. Diamantenmuster Alle diese Dinge sind nicht Bestandteil des Mailers. Der Mailer baut stattdessen Netzwerkverbindungen zu Middleware-Diensten auf, die diese Dinge unabhängig vom Mailer verwalten, und die dem Mailer und anderen Frontend-Diensten diese Informationen liefern können. Die Middleware-Dienste existieren außerdem nicht nur in einer Instanz, sondern der Mailer spricht tatsächlich einen Loadbalancer an, der die Anfrage dann an eine bestimmte Instanz dieses Dienstes weiter leitet.\nEs entsteht also eine Art Diamanten-Architektur: Mail geht auf ein Loadbalancer-Päärchen und wird von diesem auf gut drei Dutzend Instanzen des Mailers verteilt. Alle diese Mailer gehen mit ihren Middleware-Anfragen auf ein Loadbalancer-Päärchen, und werden von diesen auf einen Haufen Middleware-Instanzen verteilt. Die Middlewares gehen auf einen Connectionpool und werden von diesem auf einige Datenbank-Kopien verteilt.\nDieses Muster (Auffächern, Konzentrieren, Auffächern, Konzentrieren, \u0026hellip;) erlaubt es, auf jeder Ebene der Architektur Ausfälle hinzunehmen ohne daß dies die Funktionalität des Gesamtsystems beeinträchtigt. Es erlaubt auch, Lastprobleme auf Operatingebene abzufangen ohne damit höhere IT-Funktionen oder gar die Entwicklung zu behelligen: Bei Überlast auf einer Ebene kann das Operating dort einfach ein paar Server nachwerfen (lassen) und gut ist. \u0026ldquo;Wir sind Papst? Diana ist gegen die Tunnelwand gebollert? Kein Problem. Mach mal ein paar Blades für das Newsportal klar.\u0026rdquo;\nKomplexität Wenn man seine Anwendung auf diese Weise verteilt baut, dann muß man mit ein paar unangenehmen Fakten leben:\nZum Beispiel mit ungenauen oder veralteten Daten.\nWenn ich asynchron repliziere und kein 2PC verwende, dann kann es zum Beispiel sein, daß der Quotaservice mir zu kleine oder zu große Zahlen zurück liefert, weil dieser Benutzer gerade irgendwo anders eine Mail empfängt oder Mails gelöscht hat, diese Änderung aber ohne Locking und 2PC im Quotaservice noch nicht vermerkt und die Zahlen im Quotaservice nicht als \u0026ldquo;Im Update befindlich\u0026rdquo; gesperrt worden sind.\nDas ist eine gute Sache: Wir können jedes asynchrone System durch Einfügen von Waits zu einem synchronen System umbauen. Wir machen ein System durch 2PC also genauer, aber viel langsamer.\nMüssen wir das tun? Das hängt von den Anforderungen ab. Ist es wirklich notwendig, daß ein User immer unter seiner Quota bleibt? Die Antwort ist nein. Für den Dienst web.de als Ganzes ist es lediglich notwendig, daß alle User im Mittel unter ihrer Quota bleiben, damit das Storage Management bei seinen Planungen auch genug Platz bereit stellen kann. Es reicht also vollkommen aus, wenn der Quotadienst \u0026ldquo;ungefähr\u0026rdquo; die richtige Antwort gibt.\nDiese Anforderung ist aber viel weicher als die harte Anforderung, denn sie erlaubt es uns, von einem 2PC synchronen Update auf asnychrone Replikation für diese Daten umzusteigen. Wir sparen Waits, und somit Locks, und somit gewinnen wir Skalierbarkeit.\nEin anderes unangenehmes Faktum, mit dem wir leben müssen, ist Asynchronizität auch bei den Calls. Der Mailer soll eine Mail annehmen. Dazu muß er eine Reihe von Diensten, sechs bis zehn Stück, über das Netz befragen. Würde er das in Sequenz tun, könnte jede Anfrage die Informationen der vorhergehenden Stufe mit nutzen. Aber wir würden Round Trip Times, Timeouts und andere Wartezeiten aufeinander türmen und bekämen Zustellzeiten für eine einzelne Mail, die unakzeptabel hoch wären. Aus der Sicht des Mailers sieht das so aus: Anfragen, Warten, Antwort lesen. Anfragen, Warten, Antwort lesen, \u0026hellip;\nHauen wir stattdessen die Anfragen an parallel asynchron raus, kann die ganze Middleware parallel losrödeln und ihre Antworten so schnell als möglich an den Mailer zurück schießen. Der Anfrageprozeß sieht aus der Sicht des Mailers jetzt so aus: Anfragen, Anfragen, \u0026hellip;, Warten, Antwort lesen, Antwort lesen, \u0026hellip; Das ist schneller, und zwar um so schneller, je mehr Dienste befragt werden müssen.\nEs bringt auch ein paar Probleme mit sich: Zwischen einigen Anfragen bestehen Abhängigkeiten. Zum Beispiel würde der Storageservice eine andere Location für die Mail zurückliefern, je nachdem ob der Empfänger ein zahlender User ist oder nicht und ob die Mail als Spam erkannt wurde oder nicht. Man kann solche Abhängigkeiten synchronisieren - die Anfrage an die Storage Layer müßte warten bis die Fragen nach dem Userstatus und der Spamizität der Mail geklärt sind.\nAber - wir erinnern uns - Waits sind ja böse, also könnte man auch eine andere Lösung in Betracht ziehen: Statt die Antwort zurück zu liefern bauen wir die Storage Layer so um, daß sie alle Antworten zurückliefert und wählen dann im Mailer die Antwort aus, die in Frage kommt, sobald die anderen Fragen geklärt sind. Dann schreiben wir die Mail an diese Stelle und comitten unsere Entscheidung an den Storageservice zurück - Coolness: Spekulative Execution .\nWir haben jetzt nicht nur 100% Buzzword-Compliance erreicht (\u0026ldquo;Our webmail application is implemented as a distributed service oriented architecture that leverages replicated data, asynchronous remote procedure calls and speculative execution techniques to achieve resilency and scalability at every level of its architecture.\u0026rdquo; \u0026ldquo;Bingo!\u0026rdquo;), sondern wir haben tatsächlich ein System, mit dem wir in Lastregionen vorstoßen können, die man auf eine andere Weise nicht erreichen könnte.\nWas ist der Preis? Komplexität. Exim ist auch ohne Mico im Bauch ein fetter Mailer, und da Corba rein zu löten verdoppelt die Codebasis schätzungsweise mal eben so in der Größe. Wenn man jetzt noch asynchrone Calls verwenden will, anstatt das Corba Standardinterface, dann läuft man außerdem in ziemlich wenig getesteten Code und in eine Reihe von sehr aufregenden Bugs hinein.\nWenn man außerdem mit ungenauen oder veralteten Daten arbeiten muß, dann muß außerdem eine Reihe von Fehlerbedingungen behandeln, die man sonst nicht hätte und die unter Umständen schwer zu erkennen sind. Man stelle sich ein System vor, daß aus ca. 150 Diensten besteht und in dem kein 2PC verwendet wird. Ein Benutzer will jetzt von Freemail-Kunde auf zahlender Kunde upgraden. Das ist eine Transaktion, aber da sie ohne 2PC nicht als solche abgewickelt werden kann, kann es also sein, daß ein Kunde in einem Subsystem schon ein Zahlkunde ist, in einem anderen aber noch nicht. Fragt man in so einem Moment die verschiedenen Subsysteme an, bekommt man inkonsistenten und widersprüchliche Antworten.\nJedes Subsystem, jedes Stück Code, muß diesen Zustand erkennen und geeignet behandeln (Etwa: Warten, und dann ganz von vorne alle Fragen noch mal stellen). Die dabei entstehenden Widersprüche können unter Umständen nicht automatisch aufgelöst werden, und so muß jeder Dienst ein Abstellgleis haben, in dem er fehlgeschlagene Aktionen abstellt, und sie entweder nach einiger Zeit noch mal probiert oder - nach einer angemessenen Anzahl von Fehlversuchen - einem Menschen zum manuellen Debugging vorlegt.\nWill man diese Komplexität? Nein, nicht wenn man nicht muß. Das Problem ist: Ab einer bestimmten Größe muß man, denn dies ist die einzige bewiesene Wachstumsstrategie, die wir kennen, bei der wir bisher nicht an eine obere Grenze gestoßen sind.\nLockern von Anforderungen - Leben mit Fehlern Der Schlüssel zum Wachstum liegt im Lockern der Anforderungen an eine bestimmte Funktionalität der Anwendung: Indem wir bei den Anforderungen asynchron arbeiten und veraltete oder ungebaue Daten zulassen, können wir bei der Implementierung plötzlich sehr viel mehr Abkürzungen nehmen. Wir haben eine Reihe von Grenzfällen ausgeschlossen, und den Vertrag mit den Dienstnehmern von \u0026ldquo;garantiert\u0026rdquo; auf \u0026ldquo;so gut als möglich\u0026rdquo; gelockert. Dadurch haben wir die harten Grenzfälle in unserer Architektur aus dem Dienst heraus im Stack nach oben verschoben, und die Implementierung des Dienstes kann sich auf die Optimierung der häufigen Fälle konzentieren, statt auf die Abwicklung der schwierigen Fälle.\nAber wie wird das Development mit dieser Komplexität fertig? Nun, unsere Entwickler bekommen Hilfe von einer anderen Seite. Weil wir kleine, autonome Dienste mit eigener Datenhaltung bauen, bekommen wir kleine, unabhängig voneinander entwickelbare Dienste mit einer überschaubaren Codebasis, einer klar definierten API und gegenüber ihren Dienstnehmern und Dienstbringern klar definierten Service Level Agreements und Invarianten.\nDas erlaubt es dem Entwicklungsteam, ihren Dienst unabhängig von den anderen Diensten zu entwickeln. Der Vertrag, den sie dabei eingehen, ist klar definiert und von der tatsächlichen Implementierung vollkommen unabhängig. Auch der Releasezyklus des Dienstes ist, solange der Vertrag nicht inkompatibel geändert wird, von den Zyklen anderer Dienste nicht abhängig (und mit versionierten Interfaces können wir das noch weiter entkoppeln). Bei Amazon liest sich das so:\nA service is not just a software component in that sense, a distributed software component. It is also the model we use for software development in terms of team structure.\nSo how the process goes is that you have a particular business problem or a technology problem that you want to solve. You build a small team. You give them this problem. And at Amazon, they\u0026rsquo;re allowed to solve that problem in any way they see fit, as long as it is through this hardened API. They can pick the tools they want. They can do any design methodology they want as long as they deliver the actual functionality that they\u0026rsquo;ve been tasked with\u0026hellip;.\nI think Pat Halens(sp?) uses the metaphor of using a town as an example. So in a big town, you have zoning requirements. You have some general laws about the roads and things like that, but the way that you build your house and the way that you operate your house is all up to you.\nSo this is a bit the way that Amazon functions, also. We have some requirements: that services has to be monitorable, that they have to be tractable in all sorts of different ways. But in essence, operation is all up to the service owners themselves. This allows for a large-let\u0026rsquo;s say controlled chaos-which actually works very well because everybody\u0026rsquo;s responsible for their own services.\nService Oriented Architectures sind nur eine Ausprägung von \u0026ldquo;gelockerten Anforderungen\u0026rdquo;. Indem wir die Anforderungen an die Dienstabstraktion lockern, lassen wir den Dienstimplementatoren mehr Optionen bei der Architektur, und damit mehr Raum zu Wachsen. Das ist, wenn man es akzeptiert und lebt, eine gute Sache.\nEs läuft den Ideen der traditionellen Entwicklung und Informatiklehre aber stark zuwieder. Bei Joel Spolsky zum Beispiel kommen solcherart gelockerte Anforderungen unter dem Namen Leaky Abstractions daher. Joel kommt in seinem Essay aber zu dem Schluß \u0026ldquo;Leaky Abstractions are dragging us down\u0026rdquo; - er sieht das Durchscheinen der Implementierung bei einem Service als Bug. Für den Architekten einer Service Oriented Architecture sind sie aber eher der Schlüssel zum Erfolg.\nAndere Anwendungen desselben Patterns Dabei muß man aber nicht auf der Ebene der Architektur verbleiben. Wir können dasselbe Pattern (\u0026ldquo;Lockern der Anforderungen, ohne die API zu verändern\u0026rdquo;) auch auf viel niedrigerer Ebene anwenden. MySQL tut dies intern mit großem Erfolg: Dieselbe SQL-Query kann bis zu einem gewissen Grad entweder auf einer traditionellen ACID implementierenden Engine wie InnoDB abgewickelt werden, oder man kann die Betriebsparameter von InnoDB so relaxen, daß es nicht mehr ACID erfüllt, oder man kann eine andere Storage Engine wie MyISAM oder Memory verwenden, die dieselbe Query unter Umständen viel schneller abwickeln können, jedoch viel laxer mit dem Speicher umgehen.\nTraditionelles ACID ist sicher - wenn das \u0026ldquo;COMMIT\u0026rdquo; zurück kommt, garantiert die Datenbank, daß die Daten auf einem persistenten Speicher stehen, konsistent und vollständig sind. Wenn man das benötigt, kann man es von MySQL bekommen. In vielen Fällen - tatsächlich in den weitaus meisten Fällen - benötigt man es nicht, und die damit einher gehenden Waits (Commit wartet auf die Platte, und bei einer Plattenzugriffszeit von 8ms bekommt man so nicht mehr als 100-200 Commits pro Sekunde pro Platte von seinem System) ziehen die Performance runter.\nMySQL erlaubt es, durch Konfigurationsänderungen für die ganze Datenbank oder durch Ändern der Storage Engine für einzelne Tabellentypen diese Anforderungen zu lockern, und so die Waits auf die Platte einzusparen, wo dies erlaubt ist. Dadurch kann eine bis zu zehn mal höhere Rate an Statements pro Sekunde erreicht werden - ohne daß sich die Art des Aufrufes durch die Anwendung ändert. Die API, die die Anwendung gegenüber der Datenbank verwendet, bleibt also invariant, die Änderung kann durch einen DBA auf Operatingebene vorgenommen werden ohne daß die Entwicklung die Anwendung anpassen muß.\nLinks Mehr zum Thema:\nSOA in Wikipedia ACM Queuecast mit Werner Vogels, CTO Amazon Database War Stories , O\u0026rsquo;Reilly Radar, Series of 8 articles ","date":"2006-07-30T00:00:00Z","href":"https://blog.koehntopp.info/2006/07/30/leben-mit-fehlern-der-schluessel-zum-scaleout.html","tags":["architektur","mysql","performance","lang_de"],"title":"Leben mit Fehlern - der Schlüssel zum Scaleout"},{"categories":null,"content":"Manche Lizenznehmer haben komische Vorstellungen davon, wie sie mit der Lizenz umgehen können: \u0026ldquo;Nein, die GPL trifft auf uns aus einer Reihe von Gründen nicht zu.\u0026rdquo; \u0026ldquo;Ja, wird haben trotzdem ein Recht, die Software zu nutzen oder weiter zu verbreiten.\u0026rdquo;\nDer erste Prozess weltweit überhaupt über die Tragfähigkeit der GPL findet in Deutschland statt.\nMehr bei GPL Violations.ORG und Harald Weltes Blog .\n","date":"2006-07-26T00:00:00Z","href":"https://blog.koehntopp.info/2006/07/26/gpl-ja-oder-nein.html","tags":["free software","lang_de"],"title":"GPL - ja oder nein"},{"categories":null,"content":" In einer Welt, in der alles möglich ist - wie können dann die, die von den Möglichkeiten überfordert sind, leben?\nCharles Stross \u0026ldquo;Singularity Sky\u0026rdquo; zeichnet ein Bild einer transhumanistischen Welt. In dieser sind künstliche Intelligenz, Cyborgs, nanotechnologische Füllhörner, überlichtschnelle Kommunikation und Reisen, und damit auch Kausalität im Grunde keine Probleme. Damit setzen sie dem Leben auch keine Grenzen mehr. Wenn nicht eine nahezu allmächtige Existenz in der Zukunft der Menschheit ihre Entstehung sichern wollte: Dazu beschützt sie die Zeitlinie, die zu ihrer Entsteht führt und setzt den Wesen Grenzen, die innerhalb dieser Zeitlinie leben. Und wenn es in diesem Szenario nicht Zivilisationen gäbe, die den grenzenlosen Technologieschock der Singularität - dem überexponentiellen Anwachsen des technologischen Wissens - durch eine Art Retro-Kultur zu entkommen versuchen, und darum die technischen Möglichkeiten ihrer Bewohner künstlich beschränken.\nSingularity Sky spielt auf \u0026ldquo;Rochards Welt\u0026rdquo;, einem besonders rückständigen Planeten der \u0026ldquo;Republik\u0026rdquo;, einem Verschnitt von zaristischen Ostblock-Kulturen komplett mit einer bolschewistischen Untergrundbewegung. Die Republik hat sich hinsichtlich der verfügbaren Technologie besonders strikte Regeln auferlegt. Als das Festival, ein Verbund transhumaner und nicht-humaner Intelligenzen, auf Rochards Welt eintrifft und die Bewohner der Welt mit den unerschöpflichen Möglichkeiten und Errungenschaften einer Zivilisation konfrontiert, in der materielle Güter keine Rolle mehr spielen, weil sie industriell, aber nach Maß und Wunsch produziert werden können, kommt es zu einer Revolution, die das Unterste nach Oben zu kehren scheint.\nBis sich herausstellt, daß die Revolutionäre eigentlich genauso konservativ wie die Herrscher sind: Die Möglichkeiten des Festivals sind von einer materiell-rückständigen Gesellschaft wie der auf Rochards Welt gar nicht faß- und aufarbeitbar. So kommt es, daß die Individuen, die die Transzendenz schaffen, sich dem Festival anschließen, während der Rest in der materiellen Welt zurückbleibt und wieder in die althergebrachten Strukturen verfällt - dies schließt interessanterweise Stross Helden mit ein: zwei Außenweltler aus der Erdkultur, denen es nicht weiter schwer fällt das Festival und seine Ziele zu verstehen.\nLeider räumt Stross dem Expose und dem Technologieerklärungsmonolog zu viel Raum ein, anstatt sich um seine Figuren und ihre Entwicklung zu kümmern. Und leider hält man die Leser der deutschen Übersetzung für noch blöder, weil man ihnen die halbe Wikipedia in Fußnoten serviert, wann immer Stross in transhumanistische Gefilde abschweift. So wird aus einer Idee, die im Grunde Spaß machen könnte und die jede Menge Potenzial für inneren Konflikt der Charaktere hat dann doch ein relativ trockenes Buch, das ich in drei Anläufen gelesen habe.\n(Ein anderer Review )\n(Blog von Charles Stross)\n(Charles Stross in der EN:Wikipedia)\n","date":"2006-07-23T00:00:00Z","href":"https://blog.koehntopp.info/2006/07/23/fertig-gelesen-charles-stross-singularitaet.html","tags":["media","review","lang_de"],"title":"Fertig gelesen: Charles Stross: Singularität"},{"categories":null,"content":" Im Klappentext heißt es, Jack McDevitt sei mal Marineoffizier, Taxifahrer, Englischlehrer und Motivationstrainer gewesen, aber wenn man seine Geschichten liest, dann glaubt man, dass er am liebsten ein Archäologe wäre. Jack McDevitts Universum ist ein großes und langsames Universum, in dem sich Zivilisationen in der Regel über ihre Artefakte begegnen, weil die räumlichen und zeitlichen Distanzen viel zu groß sind, als dass ein echter Erstkontakt möglich wäre. McDevitt nimmt sich Zeit für seine Charaktere, und wenn er auch vor einem großen Hintergrund malt, so sind es doch die Personen, die bei ihm im Vordergrund stehen und die er liebevoll entwickelt.\nPriscilla \u0026ldquo;Hutch\u0026rdquo; Hutchins ist eine Pilotin, die gelegentlich Touren für die Akademie fliegt, jene Bürokratie, die die Vermessung des von Menschen besiedelten Weltraumes finanziert, und die die Erforschung von Hinterlassenschaften von Alien-Zivilisationen steuert. In Engines of God trifft sie auf Hinterlassenschaften der Monumentenbauer, einer ehemals raumfahrenden Zivilisation, die von einer den Menschen noch unbekannten Gefahr auf den Status primitiver Völker reduziert wurde.\nIn Deepsix hat Hutch ihren zweiten Auftritt, als sie mit einer Forschungsexpedition auf einem Planeten strandet, der in wenigen Tagen durch eine kosmische Katastrophe zerstört werden wird. Damit die Gruppe überleben kann, muss sie sich auf eine anstrengende Reise mit ungewissem Ausgang durch eine feindselige Welt machen (Hey, wem das zu abgegriffen klingt: Jack McDevitt schreibt kein Hard SciFi, er malt Charaktere, und der Hintergrund hier ist eine klassische Theaterkrise, mit dem durch externen Druck innerer Konflikt visualisiert werden kann).\nIn Chindi befördert Hutch eine unwahrscheinliche Gruppe von privat finanzierten Enthusiasten durch das All, die einer Sache nachgehen, die die Akademie für nicht weiter spannend hielt. In einer Art kosmischen Schnitzeljagd gelingt den Dilettanten der Glückstreffer, für den die Profis bei der Akademie ihren Ruf nicht aufs Spiel setzen wollten: Sie finden ein aktives Robotschiff einer vermutlich längst untergegangenen Zivilisation - und an Bord ein Museum des Lebens in der Galaxie, das Zeiträume umspannt, die die Menschen kaum ermessen können. Doch sich auf etwas so Altem und Großem wie der Chindi aufzuhalten bedeutet, sich Gefahren auszusetzen, für die Menschen nicht gemacht sind\u0026hellip;\nIn Omega müssen sich die Menschen und Hutch, inzwischen die Leiterin der Akademie, wieder mit der Gefahr durch die Omega-Wolken aus \u0026ldquo;Engines of God\u0026rdquo; auseinandersetzen: Die Menschen treffen auf eine vorindustrielle aktive Zivilisation, die genau im Weg einer Omega-Wolke liegt und die in Kürze durch diese zerstört werden wird. Kann die Akademie helfen? Und kann sie es tun, ohne sich der vorindustriellen Zivilisation unten auf der Welt zu offenbaren?\nDer letzte Band der Abenteuer von Priscilla Hutchins, Odyssey ist noch nicht verfügbar.\nIn der Welt der Priscilla Hutchins hat Jack McDevitt eine zweite Figur angesiedelt, den gelegentlich wie einen Hard Boiled Detective rüber kommenden Antiquitätenhändler Alex Benedict. In A Talent For War versucht dieser, die Legende um den Kriegshelden Christopher Sim auf ihren Wahrheitsgehalt abzuklopfen und zu verstehen, was in den Endtagen eines im Kern bedeutungslosen Krieges vor 300 Jahren wirklich vorgefallen ist - um am Ende nicht nur mit wertvollen Artefakten, sondern einer wiederentdeckten Schlüsseltechnologie dazustehen.\nBenedicts suche nach der historischen Wahrheit und Beweisen für den tatsächlichen Ablauf der Geschehnisse ziehen ihn auch in den Bann der Polaris , eines Geisterschiffes, auf dem vor einigen Jahrzehnten eine Gruppe von Menschen spurlos verschwand. Wieder bekommt Benedict am Ende mehr Antworten als er eigentlich haben wollte\u0026hellip;\nDie neuste Alex Benedict Story, Seeker ist noch nicht als Taschenbuch verfügbar.\nAußerhalb des Hutchins/Benedict-Universums spielt Ancient Shores : In der Mitte von Nirgendwo, in North Dakota, wo vor 10000 Jahren ein Postglazialer Tauwasser-See die Prärie auf einer Fläche mehrerer US-Bundesstaaten überschwemmte, findet ein Bauer beim Pflügen ein Boot, das aus einem unzerstörbaren Material gemacht ist und das im Dunkeln leuchtet. Auf der Suche nach seinem Heimathafen finden er und seine Freunde etwas anderes, viel Größeres: Ein Tor zu den Sternen.\n(Jack McDevitt in der Wikipedia)\n","date":"2006-07-23T00:00:00Z","href":"https://blog.koehntopp.info/2006/07/23/fertig-gelesen-jack-mcdevitt.html","tags":["media","review","lang_de"],"title":"Fertig gelesen: Jack McDevitt"},{"categories":null,"content":"Meine Sparkasse exportiert mir die Kontoauszüge aus Wunsch auch als CSV. Die Dateien sehen so aus:\n\u0026#34;Auftragskonto\u0026#34;;\u0026#34;Buchungstag\u0026#34;;\u0026#34;Valutadatum\u0026#34;;\u0026#34;Buchungstext\u0026#34;; \u0026#34;Verwendungszweck\u0026#34;; \u0026#34;Begünstigter/Zahlungspflichtiger\u0026#34;;\u0026#34;Kontonummer\u0026#34;;\u0026#34;BLZ\u0026#34;; \u0026#34;Betrag\u0026#34;;\u0026#34;Währung\u0026#34;;\u0026#34;Info\u0026#34; \u0026#34;08154711\u0026#34;;\u0026#34;30.12\u0026#34;;\u0026#34;30.12.05\u0026#34;;\u0026#34;LASTSCHRIFT\u0026#34;; \u0026#34;DRP 08154711 040441777 INKL. 16% UST 5.38 EUR\u0026#34;; \u0026#34;STRATO MEDIEN AG\u0026#34;;\u0026#34;040441777\u0026#34;;\u0026#34;10050000\u0026#34;; \u0026#34;-39,00\u0026#34;;\u0026#34;EUR\u0026#34;;\u0026#34;Umsatz gebucht\u0026#34; Weil ich wissen will, wofür ich mein Geld ausgebe, lade ich diese Daten in ein MySQL.\nDas geht so:\nZunächst einmal muß ich mir eine Tabelle definieren, in die ich den Load vornehmen kann. Diese Tabelle hat Felder, die in erster Linie dazu geschaffen sind, die Daten aufnehmen zu können. Wir müssen die Daten noch bereinigen, sodaß es sich noch nicht um die endgültigen Felder oder Typen handelt.\n-- load data warnings; DROP TABLE IF EXISTS buchungen; CREATE TABLE buchungen ( auftragskonto char(8) NOT NULL, buchungstag_text char(10) NOT NULL, valutatag_text char(10) NOT NULL, buchungstext varchar(50) NOT NULL, verwendungszweck varchar(180) NOT NULL, gegenkonto_name varchar(100) NOT NULL, gegenkonto_nummer char(20) NOT NULL, gegenkonto_blz char(8) NOT NULL, betrag_text char(12) NOT NULL, waehrung char(3) NOT NULL, info varchar(255) NOT NULL, unique index ( buchungstag_text , buchungstext , verwendungszweck , gegenkonto_nummer , gegenkonto_blz , betrag_text) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; truncate table buchungen; Es fällt auf, daß in den Kontoauszügen keine eindeutigen Transaktionsnummern sind, sodaß ich keinen Primärschlüssel definieren kann. Mit dem Unique Index, den ich dort definiere, versuche ich doppelte Datensätze zu entdecken. Dies kann jedoch falsche positive Treffer liefern.\nIn diese Tabelle kann ich nun nacheinander die einzelnen CSV mit den Kontoauszügen hinein laden:\nload data infile \u0026#39;/home/kris/Documents/banking/umsatz-22758031-29122004.csv\u0026#39; into table buchungen fields terminated by \u0026#34;;\u0026#34; optionally enclosed by \u0026#39;\u0026#34;\u0026#39; ignore 1 lines; load data infile \u0026#39;/home/kris/Documents/banking/umsatz-22758031-24012005.csv\u0026#39; into table buchungen fields terminated by \u0026#34;;\u0026#34; optionally enclosed by \u0026#39;\u0026#34;\u0026#39; ignore 1 lines; ... Wir müssen diese Daten nun in brauchbare Datensätze umwandeln. Dazu wird erst einmal eine Zieltabelle erzeugt und diese mit einem Primärschlüssel versehen.\n-- prepare conversion stage DROP TABLE IF EXISTS b; create table b like buchungen; alter table b add column id integer unsigned not null first; alter table b add primary key (id); alter table b change column id id integer unsigned not null auto_increment; Jetzt können die Daten umgeladen werden und danach die Felder bereinigt werden: Das Betrag-Feld muß von \u0026ldquo;xxx.xxx,yy\u0026rdquo;-Syntax auf \u0026ldquo;xxxxxx.yy\u0026rdquo; umgestellt werden und die Datumsfelder valutatag_text und buchungstag_text müssen in ISO-Syntax umgestellt werden. Dabei muß das fehlende Jahr beim buchungstag_text aus dem valutatag ergänzt werden.\n-- load data into conversion stage insert into b select NULL, buchungen.* from buchungen; -- adapt betrag update b set betrag_text = replace(betrag_text, \u0026#34;.\u0026#34;, \u0026#34;\u0026#34;); update b set betrag_text = replace(betrag_text, \u0026#34;,\u0026#34;, \u0026#34;.\u0026#34;); alter table b change column betrag_text betrag decimal(12,2) not null; -- adapt valutatag update b set valutatag_text = concat(\u0026#34;20\u0026#34;, substring(valutatag_text, 7, 2), \u0026#34;-\u0026#34;, substring(valutatag_text, 4, 2), \u0026#34;-\u0026#34;, substring(valutatag_text, 1,2)); alter table b change column valutatag_text valutatag date not null; -- adapt buchungstag update b set buchungstag_text = concat(year(valutatag), \u0026#34;-\u0026#34;, substring(buchungstag_text, 4,2), \u0026#34;-\u0026#34;, substring(buchungstag_text, 1,2)); alter table b change column buchungstag_text buchungstag date not null; -- drop info alter table b drop column info; Ich will nun außerdem eine Gruppierung meiner Ausgaben vornehmen. Dazu führe ich eine Spalte \u0026ldquo;gruppe \u0026ldquo;ein. Mit Hilfe einer weiteren Tabelle \u0026ldquo;wichtige_geldsenken\u0026rdquo; matche ich dann den gegenkonto_name und fülle die Gruppe:\n-- add gruppe alter table b add column gruppe varchar(20) not null; Und jetzt die wichtige_geldsenken Tabelle:\nDROP TABLE IF EXISTS `wichtige_geldsenken`; CREATE TABLE `wichtige_geldsenken` ( `id` int(10) unsigned NOT NULL auto_increment, `pattern` varchar(100) NOT NULL, `gruppe` varchar(20) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; LOCK TABLES `wichtige_geldsenken` WRITE; INSERT INTO `wichtige_geldsenken` VALUES (77,\u0026#39;sparkasse\u0026#39;,\u0026#39;Konto und Karte\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (78,\u0026#39;ga\u0026#39;,\u0026#39;Geldautomat Inland\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (79,\u0026#39;qsc\u0026#39;,\u0026#39;Internet\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (80,\u0026#39;linux new media\u0026#39;,\u0026#39;Zeitungen\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (81,\u0026#39;premiere\u0026#39;,\u0026#39;Fernsehen\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (82,\u0026#39;walmart\u0026#39;,\u0026#39;Einkauf\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (83,\u0026#39;kabel bw\u0026#39;,\u0026#39;Fernsehen\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (84,\u0026#39;gez\u0026#39;,\u0026#39;Fernsehen\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (85,\u0026#39;t-mobile\u0026#39;,\u0026#39;Telefon\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (86,\u0026#39;finanzkasse\u0026#39;,\u0026#39;Steuern und Strafen\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (87,\u0026#39;domainfactory\u0026#39;,\u0026#39;Internet\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (88,\u0026#39;nagel ue\u0026#39;,\u0026#39;Kleidung\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (89,\u0026#39;mobilcom\u0026#39;,\u0026#39;Telefon\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (90,\u0026#39;domainfactory\u0026#39;,\u0026#39;Internet\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (91,\u0026#39;strato\u0026#39;,\u0026#39;Internet\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (92,\u0026#39;stadtwerke\u0026#39;,\u0026#39;Gas Wasser Scheisse\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (93,\u0026#39;deutsche bahn\u0026#39;,\u0026#39;Bahn\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (94,\u0026#39;debeka\u0026#39;,\u0026#39;Versicherung\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (95,\u0026#39;ec-ga\u0026#39;,\u0026#39;Geldautomat Ausland\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (96,\u0026#39;scheck in\u0026#39;,\u0026#39;Einkauf\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (97,\u0026#39;mastercard\u0026#39;,\u0026#39;Kreditkarte\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (98,\u0026#39;dr.\u0026#39;,\u0026#39;Miete\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (99,\u0026#39;a.t.u\u0026#39;,\u0026#39;Auto\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (100,\u0026#39;ungeheuer\u0026#39;,\u0026#39;Auto\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (101,\u0026#39;agip\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (102,\u0026#39;aral\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (103,\u0026#39;avia\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (104,\u0026#39;bab\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (105,\u0026#39;citti\u0026#39;,\u0026#39;Einkauf\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (106,\u0026#39;efa\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (107,\u0026#39;esso\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (108,\u0026#39;expedia\u0026#39;,\u0026#39;Reisen\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (109,\u0026#39;fantasy\u0026#39;,\u0026#39;RPG\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (110,\u0026#39;gravis\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (111,\u0026#39;foto\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (112,\u0026#39;heinrich\u0026#39;,\u0026#39;Kleidung\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (113,\u0026#39;hem\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (114,\u0026#39;hotel\u0026#39;,\u0026#39;Reisen\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (115,\u0026#39;jet-tank\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (116,\u0026#39;karstadt\u0026#39;,\u0026#39;Einkauf\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (117,\u0026#39;kassen-\u0026#39;,\u0026#39;Steuern und Strafen\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (118,\u0026#39;leichtsinn\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (119,\u0026#39;media markt\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (120,\u0026#39;mios\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (121,\u0026#39;plaza\u0026#39;,\u0026#39;Einkauf\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (122,\u0026#39;rundfunkgebuehren\u0026#39;,\u0026#39;Fernsehen\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (123,\u0026#39;saturn\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (124,\u0026#39;sb tank\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (125,\u0026#39;segelkiste\u0026#39;,\u0026#39;Kleidung\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (126,\u0026#39;total/\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (127,\u0026#39;trx\u0026#39;,\u0026#39;Reisen\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (128,\u0026#39;tst. bensheim\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (129,\u0026#39;vobis\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (130,\u0026#39;willenberg\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (131,\u0026#39;shell\u0026#39;,\u0026#39;Sprit\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (132,\u0026#39;spreadshirt\u0026#39;,\u0026#39;Kleidung\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (133,\u0026#39;armin meier\u0026#39;,\u0026#39;Kleidung\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (134,\u0026#39;itzehoer\u0026#39;,\u0026#39;Versicherung\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (135,\u0026#39;ec-pos\u0026#39;,\u0026#39;Geldautomat Ausland\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (136,\u0026#39;euf-ga\u0026#39;,\u0026#39;Geldautomat Ausland\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (137,\u0026#39;dell\u0026#39;,\u0026#39;Toys und Gadgets\u0026#39;); INSERT INTO `wichtige_geldsenken` VALUES (138,\u0026#39;yvonne\u0026#39;,\u0026#39;RPG\u0026#39;); UNLOCK TABLES; Mit Hilfe dieser Mappingtabelle und der folgenden Query kann ich jetzt das Feld gruppe in b sinnvoll belegen:\nupdate b set gruppe = ( select gruppe from wichtige_geldsenken as w where b.gegenkonto_name like concat(w.pattern, \u0026#34;%\u0026#34;) order by length(pattern) desc limit 1) where b.betrag \u0026lt; 0; Wenn meine pattern-Liste vollständig ist, ist jetzt das Feld gruppe bei allen Ausgaben korrekt belegt.\nIch kann nun Fragen stellen:\nselect gegenkonto_name, count(gegenkonto_name) as eingaenge from b where betrag\u0026gt;=0 group by gegenkonto_name order by eingaenge desc; +--------------------------------------------------------+-----------+ | gegenkonto_name | eingaenge | +--------------------------------------------------------+-----------+ | WEB.DE AG AMALIENBADSTR. 41 | 12 | | MYSQL GMBH | 7 | | MYSQL GMBH SCHLOSSERSTR. 4 72622 NUERTINGEN | 3 | | COOP SCHLESWIG-HOLSTEIN EG BENZSTR. 10 | 2 | +--------------------------------------------------------+-----------+ select gegenkonto_name, count(gegenkonto_name) as abgaenge from b where betrag\u0026lt;0 group by gegenkonto_name order by abgaenge desc; +---------------------------------------------------------+----------+ | gegenkonto_name | abgaenge | +---------------------------------------------------------+----------+ | SCHECK IN CENTER KA DURLACH | 36 | | MOBILCOM COMMUNICATIONSTECH | 22 | | STRATO MEDIEN AG | 22 | | VERMIETER | 19 | | T-MOBILE DEUTSCHLAND GMBH | 18 | | DEUTSCHE BAHN KARLSRUHE HB | 17 | | KABEL BW GMBH \u0026amp; CO. KG | 17 | | QSC AG | 17 | | STADTWERKE KARLSRUHE | 17 | ... Mit den Gruppen kann ich nun auch sehen, wo das Geld hin gegangen ist:\nselect gruppe, count(betrag) as abgaenge, sum(betrag) as total from b where betrag\u0026lt;0 group by gruppe order by total; wird mir sagen, wofür ich mein Geld ausgebe.\n","date":"2006-07-23T00:00:00Z","href":"https://blog.koehntopp.info/2006/07/23/mein-privates-datawarehouse-sparen-mit-mysql.html","tags":["erklaerbaer","mysql","lang_de"],"title":"Mein privates Datawarehouse - Sparen mit MySQL"},{"categories":null,"content":"Seit dem 1. November 2005 arbeite ich für MySQL Deutschland GmbH als Consultant. Damit mit bin ich Teil einer Firma mit 320 Mitarbeitern in 27 Ländern. Ein Office habe ich noch nie gesehen . Einige der Kollegen, mit denen ich am engsten zusammenarbeite habe ich auch noch nie gesehen. Die anderen sehe ich so alle paar Monate mal. Die Zusammenarbeit ist gut und sehr intensiv.\nAls ich von web.de zu MySQL gewechselt bin, war ich am Anfang sehr skeptisch und habe meine Interviewpartner gefragt, wie das denn wohl so ist, für eine \u0026ldquo;virtuelle\u0026rdquo; Firma zu arbeiten, in der die Kollegen so weit verstreut gesät sind. Auch in den Fällen, in denen ich neue Kollegen interviewed habe ist dies die Frage, die mir in der Regel zuerst gestellt wird.\nMeine Antwort auf diese Frage ist inzwischen \u0026ldquo;Hast Du einmal in irgendeinem Open-Source-Projekt mitgearbeitet und Dich mit den Leuten dort abstimmen müssen?\u0026rdquo; Wenn die Antwort \u0026ldquo;ja\u0026rdquo; lautet (und damit man von MySQL interviewed wird, muss sie in der Regel \u0026ldquo;ja\u0026rdquo; lauten), kann ich antworten \u0026ldquo;Es ist genau wie da, nur daß Du Geld dafür bekommst.\u0026rdquo;\nIn der Praxis sieht das so aus, daß MySQL über einen von mehreren Wegen einen Lead hereinbekommt, der vom Sales-Team entweder telefonisch oder vor Ort in einen Auftrag umgewandelt wird. Sales geht dabei mit dem Presales-Support und einigen Fragebögen daher und produziert so ein Informationspaket, bei dem die Schedulerin und Consulting meist eine relativ gute Idee haben, was das Projekt ist und welche Fähigkeiten dabei gefordert sind. Zusammen finden wir die passenden Personen zur Abwicklung des Projektes und machen mit dem Kunden und dem Consultant einen Terminplan. Der Consultant reist dann an, macht sein Ding und reist einen glücklichen Kunden hinterlassend wieder ab.\nSo die Theorie, und im Regelfall auch die Praxis.\nMySQL als Firma besteht aus einer an mehreren Stellen konzentrierten Infrastruktur, die Sales, Presales, Scheduling, Consulting, Training, aber auch Support, Development, Maintenance und den die betriebswirtschaftlichen Dinge abwickelnden Geschäftsstellen Dienste anbietet. Diese Dienste sind, wo immer es geht, web-basierend und so gestaltet, daß sie so Browser-unabhängig sind wie irgend möglich. Zu diesen Diensten gehören verschiedene Firmen-Wikis, einige Eventum-Taskmanager-Instanzen, der Teamkalender für Training und Consulting und viele andere Dinge. Auch Nicht-Webdienste, etwa Bitkeeper, Continous Build Services, ein Firmen-IRC-Server, Mail- und Newsdienste und eine verteilte Asterisk-Installation gehören dazu.\nAm Ende ist dies keine Sache, die so verschieden wäre von etwa dem Setup, das KDE intern verwendet, plus die Sales- und BWL-Seite dazu.\nFür mich als Consultant bedeutet dies, daß ich Zugriff auf meine Kollegen bei Consulting, Training und im Support habe, in dem ich Skype, Mail und IRC verwende. Bei einer Firma, die so verteilt ist wie MySQL, ist zu jeder Tages- und Nachtzeit jemand zu sprechen, der mir helfen kann. Wir kommunizieren dabei nicht nur dienstlich, sondern ich habe so wie beim normalen ircen auch einige gute Freunde gewonnen, von denen ich einen Teil noch nicht persönlich getroffen habe. Die Zusammenarbeit ist noch intensiver beim Support-Team: Arbeiten heißt für die ircen, und Tom Basil hat auf seine unvergleichliche Weise aus dem Team eine Art Familie gemacht, sodass \u0026ldquo;seine\u0026rdquo; Supporter (und einige Adoptivkinder aus anderen Abteilungen) quasi im Netz leben.\nMeine Arbeit organisiere ich weitgehend selbst: Ich entscheide, wann ich arbeite, wie ich arbeite und was ich wie priorisiere. MySQL folgt sehr strikt einem management-by-objectives Ansatz, sodass es letztendlich vollkommen egal ist, wie ich die Ziele erreiche, die ich mir mit meinem Team gesetzt habe.\nWenn ich einen Home-Office-Tag habe, haue ich meistens morgens meine Mail weg. Konkret bleibe ich auf dem Stand, was auf den Firmenmailinglisten so passiert, verfolge einige interessante Dinge im Bitkeeper und im Worklog, um bei der Weiterentwicklung des Servercodes auf Stand zu bleiben und beantworte die Mails, die Kunden reingeschickt haben, weil sie noch Fragen haben oder einfach nur so in Kontakt bleiben wollen.\nNach dem Mittag ist Papierkram angesagt: Expenses, Engagement Summaries, Knowledge Base Entries oder Whitepapers und die dazu notwendigen Experimente, oder den folgenden Einsatz vorbereiten. Dazu gehören auch die anstehenden Kundenanrufe, die ich inzwischen routinemäßig alle über SkypeOut abwickle. Oder ich nehme mir den Nachmittag frei und erledige die Dinge am Abend, bei denen ich mich nicht mit Kunden synchronisieren muss.\nEs kann auch sein, dass ich einen Remote Gig habe. Dies ist in der Regel ein Einsatz bei einem Kunden in einer anderen Zeitzone, bei dem sich die Anreise wegen der Einsatzdauer nicht lohnt, oder wegen der Dringlichkeit nicht möglich ist. In diesem Fall verschiebt sich mein Lebenszyklus ein wenig in Richtung der anderen Zeitzone, was mir natürlich ein wenig Freizeit zu ungewöhnlichen Zeiten beschert.\nMeistens hat der Kunde einen Sprung-Host in seiner DMZ, auf den ich per ssh draufklettern kann, und auf dem ich ihn dann bitte einen screen zu starten. Nachdem ich mich mit screen -x an seine Session angeklemmt habe, bitte ich ihn, mich huckepack mit nach drinnen in sein Netz zu nehmen. Über seinen Firmen-IRC-Server, über Skype oder über SkypeOut können wir nun reden, während wir uns eine Shell-Session im screen teilen und er sehen kann, was ich tippe. Dies ist für die Teile der Arbeit, die synchron erledigt werden müssen, in den meisten Fällen genauso effektiv als wäre ich vor Ort. Asynchrones Arbeiten geht im Grunde genau so, nur daß ich idR einen ssh-Login bekomme, mit dem ich zu meinen Zeiten alleine arbeiten kann.\nFür die Dinge, die ich dabei auf eigenen Systemen ausprobieren muss, damit sie beim Kunden reibungslos klappen kann ich entweder auf meinem Laptop mit vmware Instanzen simulieren oder auf Rechnern in den firmeneigenen Labors in Cupertino oder Uppsala Rechenzeit reservieren. Auch auf diese Rechner komme ich problemlos mit ssh oder rdesktop über das Firmen-VPN drauf.\nBei einem regulären Kundeneinsatz bin ich nicht alleine. Ich bin vielleicht der einzige MySQL-Mitarbeiter vor Ort, aber hinter mir steht über GSM, openvpn, https-VPN oder ssh-Tunnel der Zugriff auf Support und meine Kollegen von Training und Consulting, die gerade nicht beim Kunden sind.\nAuch die Katze arbeitet inzwischen bei MySQL - in ihrem Fall als Entwicklerin. Ihre Arbeit ist damit noch näher am KDE-Modell als meine: Bitkeeper, UnitTest-Harnesses und Continuos Build-Prozeduren auf einer ganzen Reihe von Plattformen der Buildfarm sind ihre Freunde. Scrum im Irc und im Wiki sind ebenso Standard-Prozesse für Entwickler wie der Umgang mit einem Bugtracker. Und wie in jedem regulären Irc in anderen Open-Source-Projekten entwickeln sich auch dort Freundschaften und persönliche Kontakte.\nEntwickler fahren alle mindestens einmal im Jahr zur firmeninternen Developer Conference, die dieses Jahr in Sorrento in Italien stattfand. Dort finden sich auch Abgesandte aller anderen Abteilungen, sodass dies eine ausgezeichnete Methode ist, um bisher virtuelle Freundschaften einmal mit Personen und Gesichtern zu verbinden. Weitere Gelegenheiten dieser Art sind die US-amerikanische und die europäische User Conference, MySQL Usergroup-Treffen, bei denen man neben Anwendern auch Kollegen aus demselben geografischen Gebiet treffen kann, und natürlich Abteilungsmeetings. Wir in Consulting streben drei solcher Treffen im Jahr an, und für die anderen Abteilungen geschieht dies nach Bedarf\u0026hellip;\nAlles in allem kann ich nach 9 Monaten MySQL sagen, daß dies die fremdartigste Firma ist, in der ich je gearbeitet habe. Keine \u0026ldquo;casual communication\u0026rdquo;, keinen Flurfunk zu haben, ist manchmal etwas anstrengend und kostet sicherlich mehr Energie als in einer traditionellen Firma.\nAndererseits habe ich mich sofort zu Hause gefühlt: Während MySQL als Firma fremdartig ist, sind mir die Methoden der Zusammenarbeit vertraut, denn ich habe sie außerhalb der Firma in den Projekten, an denen ich mitgearbeitet habe, jahrelang gelebt.\nNeu ist im Grunde nur, daß das, was vorher mein Hobby war, jetzt mein Leben ist. Ein anstrengendes, spannendes und überaus aufregendes Leben.\nAlso liebe Kollegen, bekannter und unbekannterweise: Wie ist es für Euch gewesen, als ihr hier angefangen habt?\n","date":"2006-07-05T00:00:00Z","href":"https://blog.koehntopp.info/2006/07/05/erfahrungen-mit-nonoffice.html","tags":["mysql","remote first","work","lang_de"],"title":"Erfahrungen mit Nonoffice"},{"categories":null,"content":" Der aktuelle Konflikt zwischen dem Unabhängigen Landeszentrum für den Datenschutz (ULD) und dem Landesrechnungshof (LRH) in Schleswig-Holstein erschließt sich einem erst dann, wenn man begreift, wie einzigartig das ULD in seinen Methoden und ihrer Umsetzung eigentlich ist. Dem ULD gebührt nämlich nicht nur das Verdienst, inhaltlich eine der führenden Stellen weltweit zum Thema Datenschutz zu sein, sondern auch bestimmte behördliche Arbeitsweisen ins 21. Jahrhundert geholt und den Schritt von Restriktion und Kontrolle zu Prävention und Multiplikation geschafft zu haben.\nUnter der Führung von Helmut Bäumler gelang es ihm und seinen Mitarbeitern, den Datenschutz in Deutschland grundsätzlich neu auszurichten. Das von ihm geprägte Motto \u0026ldquo;Datenschutz durch Technik\u0026rdquo; und der Begriff der \u0026ldquo;Datensparsamkeit\u0026rdquo; haben den eher technikfeindlich geprägten Ur-Datenschutz, wie er nach dem Volkszählungsurteil die deutsche Politik dominierte in einen Datenschutz umgewandelt, der Datenschutzprobleme angeht, bevor sie entstehen.\nBäumlers Innovation ist die Sicht auf den Datenschutz in der Technikentwicklung als präventiven und kommunikativen Prozess. Datenschutz muss auf allen Ebenen des Prozesses der Technikentwicklung mitwirken, denn nur so kann er effektiv sein - es ist vollkommen wirkungslos ex post geschaffene Fakten oder fertiggestellten und ausgelieferten Code zu kritisieren. Datenschutz muss stattdessen Technik aktiv mitgestalten .\nFür Bäumler und seine Schüler beginnt Datenschutz konsequenterweise mit der Mitarbeit von Datenschützern in Normungsgremien, um Privacy- und Security-Aspekte schon in der Definition von technischen Standards zu etablieren. Die Liste der Projekte und Organisationen mit deren Hilfe das geschieht ist lang und beeindruckend.\nIn der Folge muss die Industrie bei der korrekten Umsetzung von solchen technischen Standards beraten werden und Datenschutz muss vermarktbar werden. Die Datenschutzakademie bildet Verantwortliche aus, um sie zur Umsetzung von Datenschutzkonzepten zu befähigen. Die Schaffung des Datenschutzaudits nach Landesdatenschutzgesetz erlaubt es öffentlichen Stellen, ihre technischen und organisatorischen Prozesse nach den Kriterien des Datenschutzaudits untersuchen zu lassen und sich am Ende mit einem Gütesiegel zertifizieren zu lassen, um so nachzuweisen, daß diese Umsetzung gelungen ist.\nDas Gegenstück zum Audit für öffentliche Stellen ist das Gütesiegel \u0026lsquo;Vom Datenschutz empfohlen\u0026rsquo; für private Firmen und ihre Produkte, in denen die Umsetzung von Prozessen und Produkten unter Datenschutzgesichtspunkten evaluiert und beurteilt wird. Beide Siegel sind wichtige Elemente in einer Strategie zur Vermarktung des Gedankens des Systemdatenschutzes .\nDie Durchführung solcher Prüfungen und die Erstellung der Gutachten erfolgt dabei nicht durch Mitarbeiter des ULD, sondern durch einen beim ULD akkreditierten sachverständigen Gutachter: Beim ULD erkennt man, dass man als Datenschutzzentrum die Arbeit nicht alleine tun kann und setzt Multiplikatormechanismen ein. Durch das Verfahren entsteht ein Markt für eine unabhängige Beurteilung von Prozessen und Produkten unter Datenschutzgesichtspunkten, sodass der ganze Prozess personell und finanziell ein Selbstgänger wird. Datenschutz integriert sich hier also mehr oder weniger nahtlos in die Dokumentations- und Nachweis-Infrastruktur von ISO 9001, ISO 27001/ISO 117799/BS 7799 und BSI Grundschutzhandbuch, sowie die Anforderungen an Firmen nach Sarbanes-Oxley und Basel II.\nUm Endverbrauchern die Kontrolle über ihre Daten zurückzugeben und sie in die Lage zu versetzen, ihre eigenen Datenschutzbedürfnisse lokal durchzusetzen, hat man beim ULD auf dem Feld des Selbstdatenschutzes die Zusammenarbeit mit Verbraucherschutzorganisationen wie dem Europäischen Verbraucherzentrum gesucht und Werkzeuge und Informationen zusammengetragen.\nWie kann eine relativ kleine Landesbehörde so etwas finanzieren? Beim ULD ist man auch hier für eine Behörde neuartige Wege gegangen und setzt auch hier auf Multiplikatoreffekte: Durch Engagement in Projektausschreibungen auf europäischer, Bundes- und Landes-Ebene ist dem ULD das Einwerben von Drittmitteln gelungen. Mit diesen Mitteln ist es gelungen, nahezu ein Dutzend extrem hochkarätige Experten nach Kiel zu ziehen und in diesen Projekten einzusetzen. Der dadurch entstehende gute Ruf des ULD macht die Einwerbung von Folgeprojekten natürlich deutlich leichter.\nIm Grunde ist das Vorgehen des ULD extrem listig: Statt sich in stupider Kontrolle und dem Bejammern von Fakten zu erschöpfen, nutzt man die durch den Haushalt des Landes bereitgestellten Mittel, um als Katalysator zu agieren und sich selbst tragende Projekte wie die Datenschutzakademie oder die Projektarbeit zu schaffen, oder gar Märkte neu zu schaffen, wie den Markt für Audit und Gütesiegel.\nVollkommen logisch, daß man all dies nicht leisten kann, wenn man nur auf Landesebene agiert. Projekte wie Datenschutz.DE haben ihren Ursprung zwar in Kiel, vereinen aber Mittel von vielen Partnern auf nationaler und internationale Ebene.\nDies alles ist für eine deutsche Behörde, noch dazu auf Landesebene, vollkommen einzigartig und seiner Zeit weit voraus: Nur auf diese Weise eingesetzt können die Steuergelder der Bürger wirklich wirksam werden, denn um in einer global entwickelnden und global vernetzten Informationsgesellschaft wirksam zu werden, muss sich der Datenschutz auch global vernetzen und global zusammenarbeiten.\nTraditionell arbeitende, dem letzten Jahrtausend verhaftete Landesbehörden haben mit diesem Konzept so einige Verständnisprobleme, da es ihre Sicht von lokalen Zuständigkeiten und hierarchischer Behördenorganisation schlicht übersteigt. Und so kann man den Bericht des Landesrechnungshofes zur Arbeit des ULD eigentlich nur auf eine Weise lesen: Vollständiges Unverständnis für Aufgaben und die Anforderungen an den Datenschutz, und vollständige Verkennung der Realitäten, was die Wirksamkeit von Maßnahmen und Mitteln angeht.\nDie Reaktion des ULD ist dann auch entsprechend deutlich: Rechnungshof-Organisationsprüfung des ULD , ULD: Rechnungshofs-Bericht verweigert die Anerkennung von Fakten .\n","date":"2006-05-20T00:00:00Z","href":"https://blog.koehntopp.info/2006/05/20/uld-schleswig-holstein-vs-lrh-schleswig-holstein.html","tags":["privacy","politik","security","lang_de"],"title":"ULD Schleswig-Holstein vs. LRH Schleswig Holstein:"},{"categories":null,"content":"ircnet, #lug-kiel, am 7. und 8. Mai.\nJannik wundert sich über fsck\u0026rsquo;s Meldung\n/: 130834/6553600 Dateien (1.1% nicht zusammenhängend), 1007700/13107200 Blöcke Ist das schlimm? Jannik: hmm.. /:\n130834/6553600 Dateien (1.1% nicht zusammenhängend), 1007700/13107200 Blöcke Sieht so aus als wäre mein Dateisystem fragmentiert gewesen o.O? Ich dachte, so etwas kennt Linux nicht.\ntholle: Linux oder das Dateisystem? ;-)\nIsotopp: Seufz. \u0026ldquo;1.1% nicht zusammenhängend\u0026rdquo; Natürlich können Dateien in nicht fortlaufenden Blocknummern gespeichert sein. Warum meinst du, daß das ein Problem sei? Oder anders herum, warum glaubst Du, daß es gut ist, wenn eine Datei in fortlaufenden Blocknummern gespeichert ist?\nJannik: ???\nIsotopp: Erklär mal was Du denkst, was die Ausgabe bedeutet, die Du da bekommen hast?\nJannik: Isotopp: Öhm. Ei, jetzt kommt hier ne Lehrstunde :D Ja, vielleicht daß die Daten nicht zusammenhängen (in Blöcken \u0026ldquo;nebeneinander\u0026rdquo; liegen) Also eine Datei zum Beispiel.\nIsotopp: Ja, genau. Eine Datei ist zusammenhängend, wenn sie in fortlaufenden Blocknummern gespeichert ist. Wenn in den Blocknummern einer Datei lücken sind, ist sie fragmentiert.\nJannik: Ich dachte sowas nennt man dann fragmentiert sein, so wie man das bei Windows kennt. Ach so, gut. Also kann das Dateisystem defragmentiert werden irgendwie?\nIsotopp:\nWenn das z.B. ein ext2 oder ext3 ist, dann besteht das Dateisystem aus Blockgruppen, In BSD ufs nennt man das cylinder groups, das ist im Kern dasselbe. In einer bg befinden sich eine Superblockkopie, die Inode-Bitmaps, die Block-Bitmap, die Inodes der bg und dann die Datenblöcke. Jede bg ist also ein kleines Mini-Dateisystem für sich.\nIn ext2/ext3 kann eine Bitmap nur einen Block groß sein.\nFrüher war ein Block 1 kb groß. das sind also 8192 Bit in einem Block. Also konnte eine bg 8192 Blöcke groß sein.\nHeute hat ext2/ext3 4 kb blöcke. also sind 32768 Bit in einem Bitmap block, und 32768 Blöcke in einer bg.\nFrüher waren also 8192 1 kb blocks = 8 MB eine bg. Heute sind 32768 4 kb blocks = 128 MB eine bg.\nWas passiert, wenn du eine Datei mit 200 MB speichern willst?\nJannik: Isotopp: dann wird eine bg belegt und eine 2. nur zum Teil.\nIsotopp: Ja, genau. Ist die Datei dann fragmentiert?\nJannik: Nicht wirklich.\nIsotopp: Naja, sind die Blocknummern der Datei zusammenhängend oder nicht?\nJannik: Ähm…\nIsotopp: Sie können nicht, denn irgendwo fängt ja die neue bg an.\nJannik: Genau.\nIsotopp: Also liegt irgendwo Mitten in der Datei der Superblock und die Bitmaps und die Inodes der neuen bg. Die Datei ist also fragmentiert. In ext2/ext3 ist es nicht möglich eine Datei zu speichern ohne sie zu fragmentieren, wenn sie größer als eine bg ist.\nWenn eine 200 MB Datei eine bg komplett voll macht, dann sind ja nur die Datenblöcke voll, die Inodes in der bg sind noch leer. (bis auf eine, die von der 200 MB Datei) Jetzt wird eine zweite Inode in der bg belegt, in der die Datenblöcke voll sind. Wo werden die Datenblöcke der Datei abgelegt?\nJannik: Ähm, woanders?\nIsotopp: Ja, weit weg von der Inode. Das ist aber doof, denn um die Datei zu lesen, muß man die Inode lesen und dann die Daten finden und lesen. Das dauert.\nDie 200 MB Datei ist doch aber sowieso fragmentiert. wenn wir sie schneller (früher) fragmentiert hätten, dann wäre noch Platz frei in der 1. bg frei und die 2. Datei könnte ihre Daten näher an der Inode speichern. Aber wieso glauben wir, daß Fragmentierung was schlechtes ist? Wieso denken wir, daß zusammenhängende Blocknummern an einer Datei gut sind?\nJannik: Das glaube ich mittlerweile gar nicht mal mehr.\nIsotopp: Jannik: Du hast eine Festplatte. Wie lange dauert es denn bei Deiner Platte, den Kopf von einer Inode zu den Datenblöcken in einer anderen bg zu bewegen? Ungefähr?\nJannik: Kein Plan. Nicht lang. Vermutlich keine Millisekunde.\nIsotopp: Kennt jemand die Zeit von seiner Festplatte hier?\nIsotopp hat eine Platte mit einer Seek Time von 8ms in seinem Laptop. Isotopp: Jannik: Festplatten haben Seek times zwischen 5 und 10ms. Das heißt, die können 100-200 Seeks pro Sekunde machen\nDamit haben wir einen Grund, warum ein Interesse besteht, Daten auf einer Platte möglichst dicht beeinander zu speichern (Seeks sind teuer), aber wenn wir sie zu dicht beieinander speichern, dann kommen neue und alte Daten einander in die Quere. Daher wirst du auf jedem Dateisystem mit grossen Dateien immer fragmentierte Dateien finden.\nJannik: Isotopp: Gut. aber Dateien werden trotzdem wie bei Windows fragmentiert? Sodaß man Defragmentieren muss? Wie ist das, wenn der Datenträger voll ist? Dann ist das System vermutlich gezwungen zu fragmentieren?\nIsotopp: Ja, natürlich. Wenn die Platte fast voll ist, muss das Dateisystem nehmen was da ist. ufs sagt das an.\n\u0026ldquo;changing optimization from time to space\u0026rdquo;\noder so ähnlich steht dann im syslog. In ext2/ext3 sieht man das nicht, aber kein Dateisystem sollte mehr als 80% gefuellt werden, sonst wird es mit der Allokation schwierig.\nJannik: Gut.\nIsotopp: Wir wissen nun: Dateien sollten dicht beeinander stehen, damit Seeks vermieden werden. aber wenn wir das tun, etwa eine bg voll machen, dann bauen wir uns die bg fuer alle nachfolgenden Dateien zu, und bekommen die Seeks dann da.\nufs vermeidetet das etwa, indem es \u0026ldquo;long Seeks\u0026rdquo; erzwingt. Es fragmentiert Dateien absichtlich etwa alle 1mb oder so, indem es in eine andere bg wechselt.\nWenn du also eine Datei in ufs speicherst, wird das erste MB Daten in dieselbe bg geschrieben, in der die Inode der Datei steht, und dann wird ein long Seek erzwungen und in einer anderen bg weiter geschrieben. Dadurch bleiben Datenblöcke in der bg frei, sodaß die nächste Datei, die angelegt wird Datenblöcke frei vorfindet in derselben bg wie ihre Inode.\nIn diesem fall ist es messbar vorteilhaft, die Datei zu fragmentieren als die unfragmentiert zu lassen. Cool was?\nJannik: Noch am lesen. Weiß nicht ob ich das genau verstanden habe. Nochmal lesen ;)\nIsotopp: Vielleicht so: eine bg ist ein kleines Dateisystemchen mit Inodes und Datenblöcken. Wir wollen gerne, dass die Datenblöcke einer Datei dicht an der Inode stehen, sonst Seek und Seek ist langsam bei Platten.\nWenn wir eine grosse Datei abspeichern, belegen wir eine Inode in einer bg und dann alle Datenblöcke in dieser bg, weil es ja eine grosse Datei ist.\nWenn wir eine zweite Datei in derselben bg speichern wollen, finden wir noch eine freie Inode (war ja erst eine belegt) und dann aber keine Datenblöcke mehr, denn die lange erste Datei hat die ja alle belegt.\nßWir müssen also die Datenblöcke von Datei 2 weit entfernt von der Inode von Datei 2 abspeichern, da die Datenblöcke in der Datei wo die Inode steht belegt sind. Das ist doof.\nJannik: Klar das hab ich noch verstanden. Müssen wir?\nIsotopp: Wenn du die Inodes in dieser Blockgroup nicht ganz aufgeben willst - ja.\nJannik: Ach so, ja klar.\nIsotopp: Über die Regeln, wie man Inodes auswählt, reden wir noch.\nDer Punkt ist, dass wir Inode 2 beschreiben wollen in derselben bg wie Inode 1, aber keine Datenblöcke in dieser bg mehr frei sind. Also können wir nur die Inode nehmen, müssen die Datenblöcke fuer Inode 2 aber weit weg in einer anderen bg abspeichern.\nufs versucht das zu vermeiden, genauer versucht ufs zu vermeiden, dass eine einzige grosse Datei alle Datenblöcke in einer bg belegt.\nufs geht also so vor:\nWenn Datei 1 geschrieben wird, wird eine Inode in der bg belegt und die daten zu dieser Inode 1 erst mal in dieselbe bg wie die Inode geschrieben nach einem MB oder so (konfigurierbar) macht ufs dann aber einen long Seek, erzwingt einen Wechsel der bg. Das erste MB der langen Datei steht also in der ersten bg, der Rest dann in einer anderen, nach einem weiteren MB dann in einer noch anderen und so weiter. ufs verteilt die grosse Datei also über die Datenblöcke in allen Blockgroups, in 1 MB grossen fragmenten.\nJannik: Dadurch wird sie fragmentiert, aber ist das nicht schlecht für sie? Wird das nicht langsamer? Effektiver wäre es vielleicht, wenn man das über mehrere Festplatten machen würde, mit LVM und so vielleicht?\nIsotopp: Ein wenig. Aber: in der ersten bg sind nun noch Datenblöcke frei, und das erste MB von Datei 2 kann nun ebenfalls dicht bei der Inode von Datei 2 stehen. Und ja, Raid 0, Raid 10 oder andere Dinge können hier helfen. Mehr Spindeln = mehr Möglichkeiten pro Sekunde, einen Seek zu machen. Aber wenn du die Anzahl der spindeln als konstant (1, oder meinetwegen 6) ansetzt, brauchst du trotzdem eine Optimierungsstrategie. Man kann ja nicht jedes Problem mit beliebig viel Geld bewerfen. Aber Dein Denkansatz ist vollkommen korrekt - mehr spindeln = mehr Seeks = weniger probleme. Der Punkt ist - mit long Seeks stehen die Dateianfänge aller Dateien dicht bei den Inodes dieser Dateien. Stell dir etwa mal ein file * auf ein Verzeichnis vor. Oder konqueror file:/home/jannik - da müssen ja Previews gerendert werden, Dateitypen bestimmt und so weiter. Da ist es schon ausgesprochen nützlich, wenn man die Dateianfaenge (die ersten MB oder so) dicht an den Inodes hat.\nJannik: Steht das Wichtigste über eine Datei nicht im Anfang? Dateityp, Berechtigungen etc.?\nIsotopp: Wenn ein Dateiformat schlau überlegt ist, dann steht es am Anfang. Aber metadaten wie Berechtigungen, Zeitstempel und alles andere stehen in der Inode. Schau mal in /usr/src/linux/include/linux/ext2_fs.h\nJannik: Wenn man mehrere Festplatten hätte, dann wäre es doch ziemlich cool die Dateien darüber zu streuen…\nIsotopp: Und suche da nach struct ext2_Inode. Das ist eine Inode auf der Platte und was da drin steht. Der struct ext2_Inode ist 128 Byte gross, wenn man nachzählt. In einen 1024 Byte Block passen also 8 davon.\nJannik: Den Pfad gibts bei mir nicht.\nIsotopp: Dann hast du keine Kernelsources oder Kernelincludes installiert. Guckst Du bei lxr Das ist ein struct, eine Datenstruktur in C. Das ist eine ext2/ext3 Inode auf der Platte. Die daten da drin kannst du auslesen. Hast du eine ext2 oder ext3 Partition irgendwo wo du root bist?\nJannik: Ja. Ähm, lvm is ja egal oder?\nIsotopp: Es geht nur um das Dateisystem, nicht um die Art der Partition.\nJannik: Gut. Ja, dann hab ich.\nIsotopp: Hast du ein /boot?\nJannik: /boot ist ext2.\nIsotopp: Wie heisst die Partition bei Dir? Bei mir ist /boot auf /dev/sda5.\nJannik:\n# mount |grep boot dev/hdb4 on /boot type ext2 (rw) Isotopp:\nlinux:~ # debugfs /dev/sda5 debugfs 1.38 (30-Jun-2005) debugfs: ls 2 (12) . 2 (12) .. 11 (20) lost+found 40 (16) message 6025 (24) grub 29 (12) boot 31 (16) vmlinuz 13 (76) initrd debugfs arbeitet ja auf Dateisystemen, deswegen siehst du nur Sachen in /dev/hdb4 und nicht Zeugs da drüber Du kannst nun mal stat auf einen Kernel machen. In meinem Fall\ndebugfs: stat vmlinux-2.6.13-15-default.gz Inode: 27 Type: regular Mode: 0644 Flags: 0x0 Generation: 1675033442 User: 0 Group: 0 Size: 1838899 File ACL: 0 Directory ACL: 0 Links: 1 Blockcount: 3608 Fragment: Address: 0 Number: 0 Size: 0 ctime: 0x43f86651 -- Sun Feb 19 13:36:33 2006 atime: 0x4419638b -- Thu Mar 16 14:09:31 2006 mtime: 0x4327102c -- Tue Sep 13 19:45:16 2005 BLOCKS: 0-11):9711-9722, (IND):9723, (12-267):9724-9979, (DIND):9980, (IND):9981, (268- 523):9982-10237, (IND):10238, (524-779):10239-10494, (IND):10495, (780-1035):104 96-10751, (IND):10752, (1036-1291):10753-11008, (IND):11009, (1292-1547):11010-1 1265, (IND):11266, (1548-1795):11267-11514 TOTAL: 1804 Vergleiche das mit LXR vmlinux-\u0026hellip; ist Inodenummer 27, ein Regular File.\nIn der Inode stehen\nder Mode (hier: 0644), die Flags (keine), die ACL Nummern (keine) der Owner (root, 0) und die Group (0, root) die Datei hat einen Namen (Linkcount 1), und 3608 blocks die hat eine ctime, atime, mtime und dann kommen die Blocknummern der Datenblöcke und der Datenblockzeiger (INDirect blocks) Und im struct siehst du genau das: Platzhalter für den Mode (16 bit), eine uid, die Größe der Datei in Byte, die atime, ctime, mtime und dtime (nur gesetzt, wenn die Datei deleted wird) die Gruppennummer, der Linkcounter die Anzahl der Blöcke und das Flags Feld. und das Wichtigste: struct: __le32 i_block[EXT2_N_BLOCKS]; die Blockadressen der Datenblöcke.\nIn der Inode steht also alles über die Datei - ihre Eigenschaften und die Zeiger auf die eigentlichen daten, nur eine Sache fehlt.\nWeißt du, welche Sache das ist?\nJannik: Die Daten.\nIsotopp: Richtig, die stehen in den Datenblöcken. Ich meinte aber was anderes, eigentlich.\nJannik: Oder was es für eine Datei es ist.\nIsotopp: Das steht in den oberen 4 Bit von i_mode. Der Filemode ist ja sstrwxrwxrwx - das sind nur 12 Bit.\nJannik: Steht da ob mp3 oder .wav? Das meinte ich.\nIsotopp: Das ist ja eine Extension, also Teil des Dateinamens. Aber jetzt bist du auf einer Spur. Wo steht der Dateiname?\nJannik: In der Datei. Also in den Datenblöcken.\nIsotopp: Nein, da stehen nur die Daten. Jannik, mach mal cd $HOME; touch lall; ln lall laber und dann ls -li lall laber und paste den output.\nJannik:\n# ls -li lall laber 870099 -rw-r--r-- 2 root root 0 2006-05-08 21:43 laber 870099 -rw-r--r-- 2 root root 0 2006-05-08 21:43 lall Isotopp: Wie lang ist die Datei?\nJannik: Genau das hat uellue mir letztens erklärt mit den Hardlinks.\nIsotopp: wie lang ist die Datei?\nJannik: 870099?\nIsotopp: Nein, das ist die Inodenummer.\nJannik: Ah, so. Ähm…\nIsotopp: 0\nJannik: ja\nIsotopp: In der Datei steht der Name nicht, denn die Datei ist ja 0 byte lang. Sie hat gar keine Datenblöcke.\nJannik: Suchte grad nach ner Zahl g Ach so, ja genau, touch erstellt nur eine Inode?\nIsotopp: ja\nJannik: Und jetzt hat man 2 Inodes.\nIsotopp: In der Inode kann der Name auch nicht stehen. Denn beide Dateien haben ja dieselbe Inodenummer, aber verschiedene Namen.\nJannik: Die auf das Gleiche verweisen würden?\nIsotopp: So ist es. Hast du 2 Inodes? Nein. Die Zahlen sind gleich am Anfang.\nWir lernen: der Name einer Datei steht nicht in den Daten (0 bytes, keine Datenblöcke), und auch nicht in der Inode (2 Namen, eine Inode, wie wir beweisen können). Was bleibt?\nDer Name einer Datei steht in einem Verzeichnis. Verzeichnisse sind auch Dateien und in denen speichert Linux paare von (Name, Inodenummer) ab.\nLXR zeigt wie.\nEin ext2_dir_entry ist eine Inodenummer (32 bit) und dann ein Record von rec_len Bytes Länge, in dem name_len viele Bytes verwendet werden. und dann natürlich der name, name_len bytes lang in ASCII. Mit touch lall; ln lall laber machst du also einen eintrag (870099, lall) und einen Eintrag (870099, laber) in . (dem aktuellen Verzeichnis)\nJannik: Ja.\nIsotopp: Hey, welche Inode hat /boot? ls -dlsi /boot sagt es dir?\nJannik:\n# ls -dlsi /boot 2 2 drwxr-xr-x 4 root root 2048 2006-05-02 00:37 /boot Isotopp: Und welche Inode hat /?\nJannik:\n# ls -dlsi / 2 4 drwxr-xr-x 22 root root 4096 2006-04-26 23:31 / Isotopp: Die erste Zahl ist die Inodenummer, die 2. Zahl ist die Länge in Blöcken. Beide Dateien / und /boot haben als die Inode 2. Wie kann das sein?\nJannik: Ähm. Beide sind in / eingehängt?\nIsotopp: Naja, / ist nirgendwo eingehaengt, / ist /.\nJannik: Ja, ok. Deshalb? Was hätte dann die erste Inode?\nIsotopp: Du bist auf der richtigen Spur. Die root-Inode in ext2 hat immer die Nummer 2. Und da / und /boot jeweils verschiedene Dateisysteme sind, haben beide root-Inodes, also haben beide die Inode 2.\nJannik: Ach ja\nIsotopp: Wie kann Linux die beiden auseinander halten?\nJannik: Durch die Verzeichnisstruktur?\nIsotopp: Nun eines ist auf /dev/hdb4, das andere auf /dev/hdbsonstwas. Und wenn du ls -l /dev/hdb* machst siehst du, daß jedes Device da intern andere Gerätenummern hat. Die Inodenummer in Unix ist also nicht eindeutig, aber auf jedem System ist die Kombination (major number, minor number, Inode number) zu jedem Zeitpunkt eindeutig. (maj, min) bezeichnen die Partition, und in einer Partition ist (ino) eindeutig Schau mal hier -\u0026gt; LXR . Das mit der Inode 2 denke ich mir ja nicht aus, das muss ja irgendwo im source stehen und da steht es.\nJannik: cool\n#define EXT2_BAD_INO 1 /* Bad blocks Inode */ Was soll das dann heißen? Das wird einfach ausgelassen?\nIsotopp: Inode 1 ist eine Datei, die in der Regel keinen Namen hat und die nur aus kaputten Blöcken besteht.\nWenn du eine alte Platte hast, noch ohne Bad Blocks Management, dann kannst du ein Dateisystem mit mke2fs -c /dev/... anlegen. Das dauert sehr lange, denn dabei wird jeder Block gelesen. Zwangsläufig sind auf jeder HDD immer einige Blöcke im Eimer, -c findet die und fügt sie dann in die Datei Inode 1 ein. Dadurch sind sie belegt und können nicht Bestandteil einer anderen Datei werden.\nBei Disketten mit ext2 hat man das sehr, sehr oft gebraucht (Ich nehme an, Du hast noch mit Disketten gearbeitet, irgendwann mal).\nJannik: Mach ich immer noch , aber noch nicht mit Linux. Habe es noch nicht gebraucht. Doch, ich habe mal meinen grub auf einer Diskette gehabt, in einem externen diskettenlaufwerk :D mit usb, hat er geschluckt. Fand ich cool.\nIsotopp: Die erste Datei, die auf einem ext2 angelegt wird, noch beim Erstellen, ist lost+found. Die hat dann immer Inode 11, denn EXT2_GOOD_OLD_FIRST_INO ist 11. Wenn du also mal ein ls -li / /boot machst, wirst du sehen, dass\nlost+found 11 ist alle Inodenummern ausser . und .. größer als 11 sind. (vorausgesetzt, alle betrachteten Dateisysteme sind ext2/ext3, denn bei reiser ist alles anders. Jannik:\n2 drwxr-xr-x 4 root root 2048 2006-05-02 00:37 boot Hat wieder kleinere Inode ;P\nIsotopp: Wieso ist das so?\nJannik: Ja, weil das wieder ein eigenes Dateisystem ist ;)\nIsotopp: Genau! Wir wissen nun:\nVerzeichnisse sind Dateien. Verzeichnisse sind Listen von Namen und Inodenummern die /-Inode jedes ext2-Dateisystems ist 2 es kann mehr als eine Inode 2 pro system geben, und an der (maj, min) des Devices auf dem sie liegt können wir sie unterscheiden. in der Inode stehen alle Informationen über eine Datei, insbesondere der Mode, die Times, und die Datenblockzeiger in der Inode steht NICHT der name der Datei, der steht im Verzeichnis in den Datenblöcken stehen nur die Daten Jannik: Auch wenn ich da jetzt noch nicht sehe, wie er das unterscheidet von / \u0026hellip; Wie kann ich \u0026ldquo;(maj, min) des Devices auf dem sie liegt\u0026rdquo; herrausfinden?\nIsotopp: jannik: mit mount oder genauer, mit cat /proc/mounts, denn da holt mount das her, und diese Liste ordnet Devices und Namens-Stummel einander zu. Linux weiß dann: wegen /dev/sda5 /boot ext2 rw 0 0 muß ich ab /boot neu zu zählen anfangen, und zwar\nlinux:/proc # ls -l /dev/sda5 brw-r----- 1 root disk 8, 5 May 6 22:44 /dev/sda5 auf (8, 5) statt auf (8, 1), bzw in meinem Fall statt auf (8, 5) auf (253, 1)\nlinux:/proc # ls -lL /dev/system/root brw-r----- 1 root disk 253, 1 May 6 22:44 /dev/system/root Isotopp: Wir wollten über Dateisysteme und Layoutstrategien reden.\nWir wollten ja, dass die Platte möglichst wenig Seeken muss. Und wir hatten gelernt: es ist gut, Fragmentierung zu vermeiden und \u0026ldquo;dicht\u0026rdquo; zu packen, aber nicht zu dicht, sonst nehmen wir Platz fuer die folgenden Dateien weg.\nDaher machen wir nach großen Fragmenten von ca. 1 MB oder so eine absichtliche Fragmentierung um Platz fuer neue Dateien zu lassen. Platten können Seeks machen, ab und zu. Kleine fragmente sind es, die uns langsam machen.\nJannik: Ja.\nIsotopp: Wenn ich nun ein Verzeichnis anlege in ext2, und darin Dateien anlege, dann wird ext2 die Dateien alle in dieselbe bg tun wie das Verzeichnis. Ich kann das an den Inode-nummern sehen. Die Inode-nummern aller Dateien (nicht-Verzeichnisse) in / sollten in etwa gleich groß sein.\nJannik: Ja\nIsotopp: Aber wenn ext2 ein Verzeichnis anlegt, dann tut es das neue Verzeichnis in einer andere bg als das Elternverzeichnis. Die Inode-nummern aller Verzeichnisse in / sollten sich von der Inode-nummer von / sehr unterscheiden.\nlinux:/boot # ls -li 2 drwxr-xr-x 5 root root 2048 Mar 26 11:00 . 28 -rw-r--r-- 1 root root 1541719 Sep 13 2005 vmlinuz-2.6.13-15-default 40 -rw-r--r-- 1 root root 133120 Nov 2 2005 message 6025 drwxr-xr-x 2 root root 1024 Feb 11 21:20 grub 10041 drwxr-xr-x 2 root root 1024 Dec 13 09:48 mysql und in grub dann:\nlinux:/boot/grub # ls -li total 285 6025 drwxr-xr-x 2 root root 1024 Feb 11 21:20 . 6040 -rw-r--r-- 1 root root 10 May 2 14:01 default 6039 -rw------- 1 root root 15 Nov 2 2005 Device.map 6026 -rw-r--r-- 1 root root 7540 Dec 17 06:52 e2fs_stage1_5 Da liegt dann alles beieinander, und in einer anderen bg als /. ext2/ext3 sortiert also Dateien in einem Verzeichnis dicht beieinander, und Verzeichnisse weit auseinander. Dadurch wird die ganze Platte gleichmäßig genutzt, aber auch das ist eine Art absichtlicher Fragmentierung\nJannik: Ja.\nIsotopp: Es werden künstlich kontrolliert Seeks eingefuegt, um die Struktur des Systems zu erhalten und unkontrolliert entstehende kleine Fragmente zu vermeiden.\nJannik: Gut.\nIsotopp: Die abstrakte Logik: irgendwann müssen wir sowieso fragmentieren. Das ist auch nicht schlimm, solange die Stücke einigermassen groß sind. Also fragmentiert ext2/ext3 und auch BSD ufs absichtlich und macht große Stücke, die nicht schaden. Dadurch entsteht eine locker gepackte Struktur, die die ganze Platte ausnutzt, statt sich auf einer Ecke der Platte zu ballen und sich selbst im Weg zu stehen.\nJannik: Hmm\u0026hellip; Ich lerne daraus, dass ich meine Platten nie überfülle (Dateisysteme).\nIsotopp: Genau. Und jetzt: wir erinnern uns was schlimm ist - Seeks. Nimm an, du hast ein gut organisiertes ext2 oder auch vfat system, frisch defragmentiert. Du loggst dich da ein und lädst dein kde, und uellue loggt sich ebenfalls da ein und startet sein gnome, und ich logge mich da ein und starte mein mysql. Alle gleichzeitig. Was wird passieren?\nJannik: Die Festplatte wird springen müssen (Der Kopf) wenn sie alles gleichzeitig machen soll\nIsotopp: Was nutzt uns unsere Defragmentierung nun?\nJannik: Nix. In dem Fall ändert das nix.\nIsotopp: Unfragmentierte Dateien sind Dateien, die auf der Platte mit aufeinanderfolgenden Blocknummern stehen aber das nutzt nix, wenn die Lesezugriffe nicht linear erfolgen.\nFragmentierung oder Defragmentierung beschäftigen sich mit einem statischen Layout von Daten auf einer Platte, aber entscheidend in einem System ist die dynamische Sequenz von Lesezugriffen über die Zeit.\nIn einem Singleuser/Singleprocess-System wie MS-DOS gibt es nur einen user und nur ein programm zur zeit.\nJannik: Willst du darauf hinaus, dass Defragmentierung auf ext2 z.b. nicht nötig ist?\nIsotopp: Das liest dann seine Daten durch, wodurch die dynamische Lesefolge immer der statischen Anordnung von Daten auf der Platte entspricht, da die Zugriffe niemals unterbrochen werden können.\nIn MS-DOS bringt es also was, zu defragmentieren.\nMS-DOS hat auch keinen file-system cache, d.h. jeder read() endet unweigerlich immer auf der Platte.\nIn Linux ist die Situation weitaus komplizierter: wir haben mehrere User, jeder hat mehrere Programme, die lesen können und wir haben einen haufen RAM, den wir als Cache verwenden, sodaß viele Reads gar nicht mehr auf die Platte gehen.\nFür Seeks (die sind ja das, was langsam ist) ist aber die dynamische Folge von Seeks, die die Platte wirklich sieht, relevant.\nUnd die entspricht bei Linux nun genau nicht mehr dem statischen Bild auf der Platte.\nWenn die Daten auf der Platte defragmentiert sind, und wenn die Lesezugriffe eines Programmes nicht durch andere Reader unterbrochen werden und wenn der cache leer ist, dann ist Defragmentierung relevant, auch bei Linux.\nAlso\nbeim Booten beim Login nach dem Booten Das kann sehr viel schneller sein auf einem ordentlich defraggten System, denn da ist der Cache leer und Programme greifen nacheinander zu.\nDanach - naja, ich habe\nlinux:/boot/grub # free -m total used free shared buffers cached Mem: 1011 909 101 0 82 280 -/+ buffers/cache: 547 464 Swap: 2055 3 2051 ein Gig RAM, und davon sind 547 MB durch Programme belegt und 82+280 MB in Filesystem Caches. Die meisten meiner Reads gehen der Platte am Arsch vorbei, denn sie kommen aus dem Cache.\nJannik:\n# free -m total used free shared buffers cached Mem: 1517 1484 33 0 40 1052 -/+ buffers/cache: 391 1126 Swap: 1011 313 698 LOL.\nIsotopp: Du hast 1.1 Gig im Cache.\nJannik: 1 GB cached?? Wow.\nIsotopp: Wie auch immer: Fragmentierung von Linux-Dateisystemen spielt eine eher untergeordnete Rolle. ext2 und ext3 fragmentieren absichtlich und auf eine kontrollierte Weise, damit große, schlau angeordnete Fragmente entstehen, und auch ohne Fragmente können Seeks auf der Platte durch konkurrente Zugriffe entstehen.\nWichtiger als zu Defragmentieren ist es, einen grossen Filesystem Cache zu haben. Soweit klar?\nJannik: ja\nIsotopp: 1.1% fragmentation bei einem fsck sind also eine gute Sache.\n0.0% wären doof. Das heisst ja, dass wir einen nicht aufgelockerten Klumpatsch von Dateien haben (oder nur sehr viele, sehr kleine Dateien).\n20% fragmentierung sind auch doof. Das kann zum beispiel passieren, wenn wir sehr viele, sehr kleine Dateien haben und dauernd Dateien löschen und anlegen. Etwa in einem Squid Cache oder in einem USENET News mit tradspool.\nEntscheidend ist aber - und die information gibt uns fsck leider nicht - daß die stücke alle so mittelgross sind, etwa 1/100 bis 1/10 einer Blockgroup gross.\nKleiner ist von Übel, weil kleine Stücke viele Seeks bedeuten, und größer ist von Übel, weil große Stücke die bgs zustopfen.\nJannik: Ich schätze, ich will heute nicht mehr wissen, was reiserfs so toll macht?\nIsotopp: Heute nacht nicht, das schaffen wir nicht in 20 Minuten. Aber wenn du willst kannst du dir als Hausaufgabe mal ein ext2 directory aufmalen, mit (Inode, nam_len, rec_len, Dateiname) und dann überlegen, wie du die Datei mit dem namen toller name eigentlich in einem Verzeichnis mit 1 Million Einträgen findest, löscht und dann die Datei mit dem namen blurb da drin anlegst. Und wieso das so lange dauert mit einer Million Einträgen. Dann können wir bald mal über reiser reden und wieso das da nicht so lange dauert.\nJannik: Ok. :D Erst mal die Hausaufgabe verstehen.\nJannik: Isotopp: das dauert so lange weil man erst alles abklappern muss, bis man auf den Namen trifft. Muss ja alles überprüfen, ist jede Menge Arbeit . Gute Nacht, Isotopp, und Danke :D\nIsotopp: jannik: genau. Das ist effek0tiv eine \u0026ldquo;lineare Liste\u0026rdquo;.\nWir schreiben Montag, den 8. Mai 2006, sie hörten den \u0026ldquo;Dienstag\u0026rdquo; zum Thema \u0026ldquo;Dateisysteme und Fragmentierung\u0026rdquo;\nIsotopp: und so eine Liste skaliert sich halt mit der Anzahl der Einträge im Verzeichnis.\nJannik: immerhin ist die nicht fragmentiert *g*\nIsotopp: oh, die kann fragmentieren. Wenn ich langer name eigentlich lösche und dann kurz erzeuge, bleibt ein Stück frei. Das ist entweder verloren oder muss gelegentlich wieder belegt werden.\nJannik: Wer sorgt für die Ordnung dafür? Wie räumt man denn schön auf auf seinem Dateisystem?\nIsotopp: und das alles werden wir ein andermal besprechen.\n","date":"2006-05-08T00:00:00Z","href":"https://blog.koehntopp.info/2006/05/08/fragmentierung-fuer-jannik.html","tags":["computer","filesystems","erklaerbaer","lang_de"],"title":"Fragmentierung (für Jannik)"},{"categories":null,"content":"A talk given by Kai Voigt at Linuxtag in Wiesbaden, based on LDAP vs. SQL and additional experience we had, based on our work with directory services.\nSQL vs. LDAP Both SQL and LDAP are infrastructures to store, retrieve and modify data. Various implementations are available, either free or commercial software.\nThis talk will introduce SQL and LDAP, explain what they have in common, where they are different and how they should be used. The most popular implementations will be listed, and which of them make most sense in different environments.\nSQL and LDAP are based on different data structures. SQL is a relational data model, while LDAP is a hierarchical model. Both will be looked at in detail.\nExamples from the real world illustrate when SQL or LDAP should be used. Sometimes it\u0026rsquo;s best to just use one system, in some cases a mixture of both makes sense.\nAlso, common mistakes will be demonstrated when people use the wrong system, either by lack of knowlegde or by following some hype.\nKai Voigt Kai Voigt works as an Instructor and Consultant for MySQL and used to implement LDAP based systems and applications in former engagements. He was invited as a speaker at various conferences, including Roxen User Conference and Open Source Database Conference.\nGoals Understand different data structures Know about operations on data Know common LDAP problems Know LDAP benefits Make the right decision Implementations SQL\nMySQL PostgreSQL Oracle MS SQL DB2 LDAP\nOpenLDAP SUN MS Active Directory Netscape Data Structures SQL Structures Catalogs, Databases, Tabkles, Rows, Columns Columns hold single values (or NULL) Columns have scalar data types Indexes on table level Foreign key constraints between tables Foreign Keys, Constraints LDAP Structures Data Objects in Hierarchy Attributes and data types defined by Objectclasses (may/must exist) Primary Key: Distinguished Name Indexing on data type No foreign key constraints LDAP tree, dn An LDAP node DN: city=1,cont=asia,o=myworld Set of attributes Name=Tokyo Population=18.000.000 Language=Japanese Langiage=Chinese Country=Japan Hierarchies in SQL Storing Primary Key of parent as column Accessing Joining the table to itself Just static depth Data sizes SQL Larger data, higher latency LDAP Smaller data, lower latency Operations SQL Operations Selection: WHERE clauses Projection: SELECT plus Columns List Aggregation: GROUP BY Combination: INNER/OUTER JOIN and Rename for Self-Join LDAP Operations Selection on attribute values Projection on attributes (no synthetic values Aggregation: not possible Combination: not possible) SQL Usage Storage for large scale data\nBusiness Logic\nConclusion: complex and concurrent queries\nLDAP Usage Authentication\nConfiguration Files\nAddress Books\nConclusion: Many trivial quick read requests\nCommon Problems Top 5 Using only LDAP Using LDAP for massive write requests Changing LDAP structure Using LDAP for complex queries Bad data design in LDAP Using LDAP only Data Types, Objectclasses Need to be extended in most cases Server restart required No referential integrity No relations between DNs unstable Write Requests No transactions \u0026ldquo;add\u0026rdquo; and \u0026ldquo;modify\u0026rdquo; are atomic No locking No bulk updates No scalable replication Changing Structure Schema definition out-of-band MAY inflation No introspection Complex Queries DN is primary key DN contains structural information DN is unstable Moving an Object kills you No SQL Joins Data Design Organisational hierarchies into LDAP trees DN not opaque Large data in LDAP Multiple Value Attributes Other Problems No simple server-side functions No normalization No powerful SQL features Stored Routines, Views, Triggers LDAP Benefits Speed Low Connection Overhead Simple Queries Common Operations Existence Testing Single Attributes Authentication Compatibility Standards Wire Protocol Data Types Interoperability e.g. Apple Mail Client + SUN LDAP Server The right decision No rule of thumb Analyze data structures and operations\nRun benchmarks\nIndividual solution for each project\nSolution might be changed in the future\nBest Practice SQL as leading system periodic or triggered exports to LDAP No writes to LDAP system by applications Backup required only on SQL system Thank you! ","date":"2006-05-04T00:00:00Z","href":"https://blog.koehntopp.info/2006/05/04/sql-vs-ldap-kai-voigt.html","tags":["lang_en","talk","publication","internet"],"title":"SQL vs. LDAP (Kai Voigt)"},{"categories":null,"content":"20:43 huzzel\u0026gt; ich brauch aber dieses dumme wlan 20:43 huzzel\u0026gt; ^^ 20:43 huzzel\u0026gt; sonst dreht mein vater durch 20:43 huzzel\u0026gt; weil ich ein lankabel durch die ganze wohnung gespannt habe 20:44 @CaptainCrunch\u0026gt; lankabel sind so...eighties ;) 20:52 @Isotopp\u0026gt; lankabel der eighties. 20:52 @Isotopp\u0026gt; ich zeig euch mal was. ","date":"2006-03-27T00:00:00Z","href":"https://blog.koehntopp.info/2006/03/27/yellow-cable.html","tags":["computer","damals","networking","lang_de"],"title":"Yellow Cable"},{"categories":null,"content":" Zwei Jahre später Aus dem Heise-Forum :\nDu bist sechzehn Jahre alt Man muss dich schützen vor Gewalt, Vor allem vor unglaublich vielen Unsäglich bösen Killerspielen. Doch zwei Jahre später dann, Statt rumzuhängen stehst du stramm, Statt weit geschnitten und lasziv Trägst du braun gefleckt oliv. Man zeigt dir, wie du richtig zielst Mit Spitzentechnik und du spielst Nicht mit Joystick, Maus und Browser Doch mit Hi-Tech Marke Mauser. Man ballert rum und schießt und rennt, Beim Unreal-Balkan-Tournament. Und dann spielst du, Dank Herrn Bush, Counterstrike am Hindukusch. ","date":"2006-03-10T00:00:00Z","href":"https://blog.koehntopp.info/2006/03/10/counterstrike-am-hindukusch.html","tags":["gaming","politik","lang_de"],"title":"Counterstrike am Hindukusch"},{"categories":null,"content":"Mein Freund Heinz ist Vertriebler, und manchmal sagen Vertriebler überraschend schlaue Dinge. Heinz zum Beispiel sagt sehr gerne \u0026ldquo;Niemand will Backup. Alle wollen Restore!\u0026rdquo; Er meint damit, daß ein Backup nicht nur ein lästiges Costcenter in der IT ist, sondern daß es außerdem keinen Mehrwert \u0026ldquo;an sich\u0026rdquo; darstellt. Der Mehrwert liegt nicht in der Datensicherung, sondern in der Wiederherstellung der Daten.\nEs ist sehr wichtig, dies im Kopf zu behalten, wenn man sein Backup plant: Es geht nicht wirklich um Datensicherung, sondern es geht um einen Plan für die Recovery von verlorenen Daten. Das beinhaltet nicht nur Überlegungen wie man welche Daten wiederherstellt, sondern auch, wie lange die Betriebsunterbrechung denn wohl dauern wird und ob das akzeptabel ist. Überlegungen zum Restore enden nämlich (im Gegensatz zu Überlegungen zum Backup) oft auch in HA-Konzepten oder organisatorischen und personellen Problemstellungen.\nEin guter Plan Zwei Überlegungen gehen jeder Backup \u0026ndash; Entschuldigung! \u0026ndash; Recoveryplanung voran. Der erste Gedanke ist: Was brauche ich wirklich um für den Kunden \u0026ldquo;operational\u0026rdquo; auszusehen? Wir bezeichnen diese Daten und die Systeme, die sie halten, als \u0026ldquo;P-Daten\u0026rdquo; und \u0026ldquo;P-Systeme\u0026rdquo; (\u0026ldquo;P\u0026rdquo; steht für \u0026ldquo;Production\u0026rdquo;). Diese Daten müssen organisatorisch und technisch eine Einheit sein in der Form, daß sie möglichst schnell wieder verfügbar sind. Es handelt sich dabei meistens um OLTP-Daten (Online Transaction Processing) aktueller Natur.\nIn einem Webshop sind diese Daten zum Beispiel der Katalog und Bestand, die notwendig sind, damit der Kunde auswählen kann, und die noch nicht bearbeiteten Orders und unbezahlte Rechnungen, die für den Versand und das Inkasso notwendig sind.\nIn einem Monitoring-System sind dies die aktuellen Zustände aller Systeme, und die offenen Tickets und Probleme.\nHistorische Daten, die nicht für die Produktion notwendig sind, sondern lediglich produktionsunterstützend verwendet werden, brauchen nicht so schnell wieder online zu sein. Meist handelt es sich um historische Daten, aus denen Statistiken für den Vertrieb, den Endkunden oder andere Nutzer generiert werden. Dies sind \u0026ldquo;PS-Daten\u0026rdquo; und \u0026ldquo;PS-Systeme\u0026rdquo; (Production Support).\nIn einem Webshop sind dies die Orderlogs mit erfüllten Ordern und alten Rechnungen, und die daraus generierten (und regenerierbaren) Statistikdaten.\nIn einem Monitoring-System wären dies die historischen Daten über Systemzustände und Performance.\nDiese Daten sind wichtig, aber nicht essenziell für das Funktionieren des Kerngeschäftes.\nIndem man diese Daten sinnvoll trennt, kann man Prozeduren entwickeln, die es einem erlauben, die Kerndaten von den \u0026ldquo;Nice to have\u0026rdquo;-Daten zu trennen und so bei großen Datenbeständen relativ schnell wieder zu recovern.\nKonfiguration mitsichern MySQL speichert seine Daten alle im Datadir. Legt man dort (oder eine Ebene höher) auch seine Konfiguration ab, kann man durch ein Sichern von Datadir (bzw. der Ebene höher) einen Komplettabzug aller seiner logischen Datenbankschemata bekommen.\nDamit meine Datenbank auch mit der my.cnf in meinem Datadir startet und NUR mit dieser Konfiguration läuft, verwende ich ein Startscript wie dieses hier:\nlinux:/export/data/rootforum # cat start #! /bin/bash -- MYSQL_CMD_DIR=/usr/local/mysql-max-5.0.18-linux-i686-glibc23 MYSQL_DIR=/export/data/rootforum MYSQL_UNIX_PORT=$MYSQL_DIR/mysql.sock MYSQL_TCP_PORT=3340 export MYSQL_UNIX_PORT MYSQL_TCP_PORT MYSQL_DIR cd $MYSQL_CMD_DIR $MYSQL_CMD_DIR/bin/mysqld_safe --defaults-file=$MYSQL_DIR/my.cnf --datadir=$MYSQL_DIR/data \u0026amp; Dieses Script startet den mysql_safe mit dem gegebenen Datadir und erzwingt dabei die Benutzung des korrekten Konfigurationsfiles. Es erzwingt auch die Verwendung eines alternativen Ports und Unix Domain Sockets, da ich auf meinem System eine ganze Reihe von MySQL-Instanzen laufen habe.\nDas Stopscript dazu findet einfach das PID-File in $MYSQL_DIR/data/*pid, und sendet ein \u0026ldquo;kill -TERM\u0026rdquo; an diesen Prozess. MySQL schreibt dann seine Puffer geordnet auf Disk und beendet sich. Man kann verifizieren, ob MySQL sich beendet hat, indem man wartet bis das PID-File verschwunden ist.\n#! /bin/bash -- MYSQL_DIR=/export/data/rootforum MYSQL_PID=$MYSQL_DIR/data/\\*pid # No Pid, no process - we are done [ ! -f $MYSQL_PID ] \u0026amp;\u0026amp; exit 0 # No Pid in file, no process, we are done pid=$(cat $MYSQL_DIR/data/\\*pid) if [ -z \u0026#34;$pid\u0026#34; ] then rm $MYSQL_PID exit 0 fi # Stop server kill -TERM $pid # Wait for server stop while [ -f $MYSQL_PID ] do sleep 1 done Das Binlog In Datadir befinden sich normalerweise die Unterverzeichnisse, die die logischen Datenbanken enthalten, die eigentlichen Daten, die von den einzelnen Storage-Engines in Dateien abgelegt werden, die Engine-spezifisch sind und die verschiedenen Logfiles. Für eine Datensicherung ist es vor allen Dingen wichtig, daß das Binlog angeschaltet ist. Das ist am einfachsten zu erreichen, indem man in seiner my.cnf-Datei einen Eintrag für das Binlog macht. Trägt man nur einen Schalter log-bin ein, wird das Binlog mit \u0026lt;hostname\u0026gt;-bin.xxxxxx erzeugt, wobei xxxxxx eine laufende Nummer ist. Es ist besser, dem Binlog gleich einen festen Namen zu geben, der sich nicht ändert, wenn sich der Hostname der Maschine ändert.\nAußerdem kann man die Option sync_binlog=1 setzen, die bewirkt, daß das Binlog nach jedem Kommando bzw. jeder Transaktion auch auf Disk geschrieben wird. Das erzeugt ein wenig mehr Disk-Aktivität beim Schreiben des Binlog, stellt aber sicher, daß keine Kommandos am Ende des Binlogs fehlen, wenn man einen Crash erlebt.\n[mysqld] log-bin=linux-bin sync_binlog=1 Nachdem man dies konfiguriert und den Server einmal angehalten und neu gestartet hat, um die Konfiguration zu aktivieren, bekommt man eine Reihe von Binlog-Dateien und eine Indexdatei, die ein Verzeichnis dieser Dateien ist.\nlinux:/export/data/rootforum/data # ls -l linux-bin* -rw-rw---- 1 mysql mysql 1034 Feb 13 23:07 linux-bin.000001 -rw-rw---- 1 mysql mysql 421 Feb 14 09:06 linux-bin.000002 -rw-rw---- 1 mysql mysql 1940 Feb 14 12:28 linux-bin.000003 -rw-rw---- 1 mysql mysql 117 Feb 14 14:13 linux-bin.000004 -rw-rw---- 1 mysql mysql 9666 Feb 20 13:40 linux-bin.000005 -rw-rw---- 1 mysql mysql 650 Feb 20 15:29 linux-bin.000006 -rw-rw---- 1 mysql mysql 98 Mar 1 10:33 linux-bin.000007 -rw-rw---- 1 mysql mysql 133 Mar 1 10:33 linux-bin.index linux:/export/data/rootforum/data # cat linux-bin.index ./linux-bin.000001 ./linux-bin.000002 ./linux-bin.000003 ./linux-bin.000004 ./linux-bin.000005 ./linux-bin.000006 ./linux-bin.000007 Die Binlog-Dateien enthalten alle Anweisungen, die Daten in Datadir verändern können in der richtigen Reihenfolge. Mit dem Programm mysqlbinlog kann man sie sich ansehen. Neben den eigentlichen Queries findet man dann auch noch weitere Anweisungen, die das Umfeld für diese Queries vorbereiten und einige Kommentare, die es einem erlauben, Queries desselben Threads zu identifizieren und zu isolieren. Außerdem finden sich im Binlog die Resultcodes und Ausführungszeiten für diese Statements als Kommentar.\nEin Beispiel:\nlinux:/export/data/rootforum # cat mysqlbinlog-3340 #! /bin/bash -- MYSQL_CMD_DIR=/usr/local/mysql-max-5.0.18-linux-i686-glibc23 MYSQL_DIR=/export/data/rootforum $MYSQL_CMD_DIR/bin/mysqlbinlog --defaults-file=$MYSQL_DIR/my.cnf $@ linux:/export/data/rootforum # ./mysqlbinlog-3340 data/linux-bin.000006 /\\*!40019 SET @@session.max_insert_delayed_threads=0\\*/; /\\*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0\\*/; # at 4 #060220 15:10:37 server id 3340 end_log_pos 98 Start: binlog v 4, server v 5.0.18-max-log created 060220 15:10:37 at startup ROLLBACK; # at 98 #060220 15:11:43 server id 3340 end_log_pos 179 Query thread_id=2 exec_time=0 error_code=0 SET TIMESTAMP=1140444703; SET @@session.foreign_key_checks=1, @@session.sql_auto_is_null=1, @@session.unique_checks=1; SET @@session.sql_mode=0; SET @@session.character_set_client=33,@@session.collation_connection=33,@@session.collation_server=33; drop database boom; Das Script mysqlbinlog-3340 ist mein Wrapper für mysqlbinlog, das einen Zeiger auf die passende Konfigurationsdatei und das zu verwendende Binary enthält. Auf diese Weise spare ich etwas Tipparbeit.\nDer Aufruf mysqlbinlog \u0026lt;name der Binlogdatei\u0026gt; gibt dann den Inhalt dieser Datei als SQL-Source aus. Man kann diese Ausgabe in ein mysql -u root -p umleiten und so die Anweisungen erneut ausführen lassen.\nDas eigentliche SQL sieht ein wenig komisch aus, ist aber gültig. Kommentare der Form /*! */ schließen dabei Statements ein, die nur ab einer bestimmten Version von MySQL verstanden werden sollen. Die Versionsnummer wird dabei als xyyzz gegeben, etwa mit x=4, yy=00 und zz=19. Das erste Kommando wird also nur dann gelesen, wenn der Dump von einem MySQL 4.0.19 oder neuer verarbeitet wird.\nEine Operation wird immer von einem Kommentar eingeleitet, der die Binlog-Position (\u0026ldquo;at 98\u0026rdquo;) des Eintrags nennt, und besteht aus einer Reihe von vorbereitenden Kommandos und dann dem eigentlichen Kommando. Die vorbereitenden Kommandos sind immer use \u0026lt;datenbankname\u0026gt;, wenn notwendig und eine Reihe von SET-Statements, darunter auch SET TIMESTAMP, der die Ausführungszeit des Kommandos als Unix-Timestamp enthält. SET TIMESTAMP bewirkt, daß Funktionen wie NOW() bei der Ausführung aus dem Binlog nicht mehr die aktuelle Zeit zurückliefern, sondern die mit SET TIMESTAMP gesetzte Zeit. Dabei besteht zurzeit ein wesentliches Problem mit MySQL 5.0 und der Funktion SYSDATE() - man sollte sich in MySQL 5.0 besser auf NOW() verlassen.\nroot@localhost [(none)]\u0026gt; SET TIMESTAMP=1; Query OK, 0 rows affected (0.00 sec) root@localhost [(none)]\u0026gt; SELECT NOW(), SYSDATE(); +---------------------+---------------------+ | NOW() | SYSDATE() | +---------------------+---------------------+ | 1970-01-01 01:00:01 | 2006-03-01 10:55:44 | +---------------------+---------------------+ 1 row in set (0.33 sec) Point in Time Recovery mit dem Binlog Man kann das Binlog nutzen, um nach einem Crash eine Point-in-Time Recovery zu fahren. Zu diesem Zweck benötigt man ein Vollbackup, und alle Binlogs, die seit diesem Zeitpunkt angefallen sind. Damit die Binlogs eine bessere Überlebenschance haben, wenn das System hard crashen sollte, legt man sie meistens auf einem anderen Dateisystem ab als das eigentliche Datadir. Angenommen, man installiert seine Datenbanken alle nach /export, dann würde man seine Partitionierung so haben wollen:\nlinux:/export/data/rootforum # df -Th Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/system-root reiserfs 8.0G 6.2G 1.9G 77% / tmpfs tmpfs 506M 0 506M 0% /dev/shm /dev/sda5 ext2 99M 8.9M 85M 10% /boot /dev/mapper/system-home reiserfs 8.1G 6.6G 1.6G 81% /home /dev/mapper/system-data reiserfs 600G 520G 83G 87% /export/data /dev/mapper/system-log reiserfs 600G 5.2G 594G 99% /export/log linux:/export/data/rootforum # grep log-bin my.cnf log-bin=/export/log/rootforum/linux-bin Angenommen man macht eine Vollsicherung von /export/data/rootforum am Montag, und sichert dann jeden Tag die Inhalte von /export/log/rootforum als inkrementelles Backup weg, dann kann man die Datenbank wie folgt rekonstruieren:\nFalls nur /export/data verloren ist, rekonstruiert man /export/data vom Montag aus der Vollsicherung und spielt dann die Binlogs von Montag bis Freitag mit mysqlbinlog wieder ab, indem man sie in einen mysql-Commandline-Client reinpiped. Da das Binlog kontinuierlich aufgezeichnet wird, kann man so bis zum Zeitpunkt des Crashes voran rollen.\nNatürlich muss man das Binlog genau ab dem Zeitpunkt abspielen, an dem das Vollbackup endet. Daher ist es wichtig, daß das Vollbackup als Snapshot erzeugt wird, also genau einen Point in der Zeit des Datenbankservers darstellt. Man muss außerdem wissen, welchen Namen dieser Punkt als Binlog-Position ausgedrückt hat. Es gibt verschiedene Möglichkeiten, dies zu erreichen, die weiter unten im Einzelnen diskutiert werden.\nFalls /export/data und /export/log verloren sind, muss man beide Verzeichnisse wieder herstellen und kann nur bis zum Zeitpunkt des letzten inkrementellen Backups wieder voran rollen. Daher wäre es schön, wenn man das Binlog nicht nur auf einer lokalen Platte sichern könnte, sondern auch noch einen Mechanismus hätte, der das Binlog \u0026ldquo;live\u0026rdquo; absaugt und woanders abspeichert.\nDieser Mechanismus ist genau ein Replication Slave. Einen Slave setzt man auf, indem man ein Vollbackup des Masters auf einem anderen Rechner einspielt, und als Datenbankserver startet. Auf dem Master erlaubt man dem Slave jetzt das Login mit dem Recht das Binlog abzusaugen:\nroot@master [rootforum]\u0026gt; CREATE USER \u0026#34;slave\u0026#34; IDENTIFIED BY \u0026#34;pukcab\u0026#34;; root@master [rootforum]\u0026gt; GRANT REPLICATION SLAVE ON \\*.\\* TO \u0026#34;slave\u0026#34;; Dem Slave teilt man mit, wo sich der Master befindet und wie man sich dort einloggen kann. Außerdem muss der Slave natürlich wissen, auf welchem Stand er gerade ist.\nroot@slave [rootforum]\u0026gt; CHANGE MASTER TO MASTER_HOST=\u0026#34;master\u0026#34;, -\u0026gt; MASTER_PORT=3306, -\u0026gt; MASTER_USER=\u0026#34;slave\u0026#34;, -\u0026gt; MASTER_PASSWORD=\u0026#34;pukcab\u0026#34;; root@slave [rootforum]\u0026gt; CHANGE MASTER TO MASTER_LOG=\u0026#34;linux-bin.000001\u0026#34;, -\u0026gt; MASTER_POS=98; Die Binlogs ab File 1, Position 98 müssen auf dem Master nun noch bereitstehen. Der Slave wird sich nach einem START SLAVE IO_THREAD auf dem Master einloggen und damit beginnen, diese Files zu sich runterzuladen und sie im Slave abzuspeichern. Nach einem START SLAVE SQL_THREAD wird er außerdem damit beginnen, sie auszuführen. Mit SHOW SLAVE STATUS\\G kann man den Slave dabei beobachten, wie er die Binlogs vom Master absaugt und lokal abspielt.\nMit dem Slave hat man also nicht nur einen Binlog-Sauger gebaut, sondern der Slave spielt die Binlogs auch gleich ab, sodass man zur Recovery einfach nur das Datadir vom Slave nehmen und auf den Master transportieren muss. Das ist die schnellste und bequemste Methode der Recovery.\nPhysikalisches Vollbackup erstellen Ein binäres Vollbackup ist einfach ein Abzug von Datadir, in unserem Beispiel also /export/data/rootforum. Dabei muss lediglich sichergestellt sein, daß die Datenbank ihre Finger aus dem Datadir fernhält während das Backup läuft. Am einfachsten kann man das erreichen, indem man die Datenbank vor dem Backup runterfährt und nach dem Backup wieder startet. Nur so kann man sicher erreichen, daß auch alle Daten auf der Platte und konsistent sind, während das Backup gemacht wird.\nWird lediglich MyISAM verwendet und kommt InnoDB nicht zum Einsatz, kann man statt des Runterfahrens auch FLUSH TABLES WITH READ LOCK machen - die Verbindung mit diesem Kommando muss aber während des ganzen Backup stehen bleiben, denn das \u0026ldquo;UNLOCK TABLES\u0026rdquo; wird automatisch durchgeführt, wenn die Verbindung des FLUSH TABLES WITH READ LOCK-Prozesses beendet wird. \u0026ldquo;FLUSH TABLES\u0026rdquo; wirkt aber nicht auf InnoDB, sodass man bei Verwendung von InnoDB sowieso die Datenbank runterfahren muss.\nDamit die Downtime der Datenbank möglichst klein ist, verwendet man am besten einen Volume Manager mit Snapshots. Das Backup kann dann so ausgeführt werden:\n! /bin/sh -- SNAPSIZE=4G pass=geheim cd /export/data/rootforum # Optional: Neues Binlog anfangen ./mysql-3340 -u root -p$pass \u0026#39;flush logs\u0026#39; # Snap database ./stop name=$(tail -1 /export/log/rootforum/linux-bin.index) size=$(stat -c \u0026#39;%s\u0026#39; $name) echo \u0026#34;binlog position $name $size\u0026#34; \u0026gt; /export/data/rootforum/data/restore.info lvcreate -s -L $SNAPSIZE -n snap /dev/system/data ./start # Backup snapshot mount /dev/system/snap /export/snap dobackup /export/snap/rootforum umount /export/snap lvchange -a n /dev/system/snap lvremove /dev/system/snap # Optional: Binlog kürzen ./mysql-3340 -u root -p$pass -e \u0026#34;purge master logs to \u0026#39;$name\u0026#39;\u0026#34; Das Script hält erzeugt erst einmal ein neues Binlog, indem es ein \u0026ldquo;FLUSH LOGS\u0026rdquo;-Kommando absetzt.\nDanach hält es die Datenbank mit dem Stopscript kurz an. Sobald das der Fall ist, kann die zum Backup gehörende Binlog-Position bestimmt werden und im Backup abgespeichert werden. Die zum Backup passende Binlog-Position bestimmt man dabei am einfachsten, indem man den Namen und die Größe der letzten im Index stehenden Binlog-Datei aufzeichnet. Das Binlog ist gerade neu erzeugt worden, wird also relativ klein sein.\nMithilfe von Linux LVM wird nun ein Snapshot des Dateisystems erzeugt. Das geht sehr schnell, und braucht fast keine Zeit. Die Datenbank kann dann neu gestartet werden und ist weiter operabel.\nDas eigentliche Backup wird dann erzeugt, indem der Snapshot gemountet wird, und das eigentliche Backupscript dobackup aufgerufen wird, um das Backup auf Band zu schreiben. Danach wird der Snapshot abgemeldet und zerstört.\nSobald dies alles durch ist, ist sichergestellt, daß wir ein neues Vollbackup haben und alle Binlogs, die älter sind als das Backup können mit einem PURGE MASTER LOGS-Kommando weggeworfen werden.\nLogisches Vollbackup erstellen Manche Leute bevorzugen statt eines physikalischen Vollbackups der Datenbankdateien ein logisches Backup, also das Backup von SQL-Statements, die den Inhalt der Datenbank neu erzeugen können. Auch das ist mit MySQL möglich, und zwar, indem man mysqldump verwendet.\nMit der Option --master-data wird dabei ein CHANGE MASTER Statement erzeugt, das die Binlog-Position aufzeichnet, die zum Backup passt. Setzt man --master-data=2 wird dasselbe Statement auch generiert, aber als Kommentar.\nlinux:/export/data/rootforum # ./mysqldump-3340 --master-data rootforum | head -24 -- MySQL dump 10.10 -- -- Host: localhost Database: rootforum -- ------------------------------------------------------ -- Server version 5.0.18-max-log /\\*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT \\*/; /\\*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS \\*/; /\\*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION \\*/; /\\*!40101 SET NAMES utf8 \\*/; /\\*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE \\*/; /\\*!40103 SET TIME_ZONE=\u0026#39;+00:00\u0026#39; \\*/; /\\*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 \\*/; /\\*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 \\*/; /\\*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE=\u0026#39;NO_AUTO_VALUE_ON_ZERO\u0026#39; \\*/; /\\*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 \\*/; -- -- Position to start replication or point-in-time recovery from -- CHANGE MASTER TO MASTER_LOG_FILE=\u0026#39;linux-bin.000007\u0026#39;, MASTER_LOG_POS=879; ... Damit das Backup konsistent ist, müssen außerdem die Optionen --single-transaction (wenn ausschließlich InnoDB verwendet wird) oder --lock-all-tables (geht für alle Tabellentypen, blockiert aber die Datenbank für die Dauer des Dumps) verwendet werden. Die beiden Optionen schließen sich gegenseitig aus. Die Option --all-databases sichert dann alle Datenbanken. Damit Trigger und Stored Functions/Stored Procedures auch mit gesichert werden, müssen außerdem die Optionen --triggers und --routines mit angegeben werden.\nVerwendet man --lock-all-tables, kann man außerdem zusätzlich noch --flush-logs und --delete-master-logs mitgeben, um vor dem Backup ein FLUSH LOGS-Kommando laufen zu lassen und nach dem Backup die Binlogs, die älter als das Backup sind, zu löschen.\nDas komplette Kommando kann also so aussehen:\nlinux:/export/data/rootforum # cat ./mysqldump-3340 #! /bin/bash -- MYSQL_CMD_DIR=/usr/local/mysql-max-5.0.18-linux-i686-glibc23 MYSQL_DIR=/export/data/rootforum $MYSQL_CMD_DIR/bin/mysqldump --defaults-file=$MYSQL_DIR/my.cnf \u0026#34;$@\u0026#34; linux:/export/data/rootforum # ./mysqldump-3340 -u root --master-data --lock-all-tables --triggers --routines --all-databases --flush-logs --delete-master-logs | gzip -9 \u0026gt; /export/backups/backup.sql.gz Inkrementelle Backups erstellen Eine inkrementelle Sicherung besteht dann lediglich in einer Sicherung der Binlogs im Logdir. Insbesondere wenn sync_binlogs eingeschaltet sind, ist es also ausreichend, einfach /export/logs/rootforum auf Tape zu ziehen - auch bei laufender Datenbank.\nMan muss sich überlegen, wie oft man Vollbackups ziehen will. Vollbackups mit dieser Methode blockieren die Datenbank oder erfordern ein kurzes Herunterfahren des Datenbankservers. Inkrementelle Backups können bei laufendem Server gezogen werden. Mit einem Vollbackup kann man jedoch schnell recovern, sind außerdem noch Binlogs abzuspielen, kann die Recovery je nach Menge der Binlogs länger dauern. Je nach Änderungsrate kann es also notwendig werden, öfter Vollbackups zu ziehen.\nBackup und Replikation Eine andere Möglichkeit besteht darin, wie oben angesprochen einen Replication Slave aufzusetzen und die Sicherung des Master-Servers gar nicht mehr durchzuführen. Das Backup auf Tape erfolgt dann durch Runterfahren des Slave, und gemütlicher Sicherung des Slave auf Band. Startet man den Slave neu, zieht er sich die Binlogs vom Master, die während der Downtime angefallen sind, nachträglich runter und fängt an, diese abzuarbeiten. Der Master wird von dieser Aktion niemals in seiner Arbeit unterbrochen oder seiner Leistung beeinträchtigt.\nRecovery besteht darin, den Slave runterzufahren und das Datadir des Slave auf den Master zu schieben. Dort muss man dann noch die master.info-Datei des Slave löschen und man hat einen neuen Master.\nDie Pflege des Masters besteht darin, per Cron alle Binlogs zu löschen, die so alt sind, daß der Slave sie garantiert nicht mehr braucht. Man kann im Cron also ein PURGE MASTER LOGS BEFORE NOW() - INTERVAL 7 DAY oder so per Script einmal pro Tag abfahren.\nBackup mit Replikation ist also bequemer, unterbrechungsfrei und die Recovery ist schneller.\n","date":"2006-03-08T00:00:00Z","href":"https://blog.koehntopp.info/2006/03/08/mysql-fuer-dummies-7.html","tags":["mysql","lang_de"],"title":"MySQL für Dummies (7)"},{"categories":null,"content":" gilt das ganze auch für Mysql Version 4.1?\nhttp://dev.mysql.com/doc/refman/4.1/en/binary-log.html .\nSag mal kannst du mir ein wirklich gutes Mysql Buch empfehlen, welches nicht nur auf Syntax eingeht, sondern sich auch mit der Konfiguration des Servers auseinandersetzt? Der Preis ist zweitrangig.\nMySQL Certification Study Guide (4.1, veraltet) MySQL Certification Study Guide (5.0, aktuell) Die Bücher bereiten Dich auch das Bestehen der Prüfungen der MySQL Certification vor.\nHigh Performance MySQL , kein Buch für blutige Anfänger, basierend auf 4.0 und 4.1, vieles auch auf 5.0 anwendbar.\nJoe Celko ist langjähriges Mitglied im SQL Standard Komitee. Seine Bücher zum Thema will man gelesen und verstanden haben.\nJoe Celko\u0026rsquo;s SQL for Smarties: Advanced SQL Programming Eine Tour durch das wie und warum von SQL, nicht MySQL spezifisch. Das ist kein Howto und bezieht sich nicht auf ein konkretes Produkt, sondern auf den Standard.\nJoe Celko\u0026rsquo;s SQL for Smarties: SQL Programming Style Wie man sein SQL schreiben sollte, damit andere nicht kotzen müssen. Dies ist ein Howto über Formatting und Formulierung.\nJoe Celko\u0026rsquo;s SQL for Smarties: Trees and Hierarchies in SQL Dieses Buch kann man nicht lesen, man muss es studieren - hier findet man relativ heftigen Stoff, der sich mit dem Problem der Darstellung von Bäumen in SQL beschäftigt und liefert mindestens drei verschiedene Methoden, Bäume auf SQL zu mappen und wie man zwischen diesen Darstellungen konvertiert. Das Buch setzt sehr sichere und vollständige Beherrschung von SQL und Stored Procedures voraus. Das Buch bezieht sich nicht auf ein konkretes Produkt und ist kein Howto.\nDatenbanken: Konzepte und Sprachen Die meisten Lehrbücher zu Datenbankenvorlesungen saugen tote Hamster durch Strohhalme. Die Bücher von Andreas Heuer und Gunter Saake haben den (Daten-) Hamster bzw. Biber nur auf dem Cover, der Inhalt saugt überhaupt nicht.\nDies ist ein Lehrbuch für eine Univorlesung und geht über existierende gängige Systeme hinaus bis hin zu objektrelationalen Systemen, zu SQL-99 und anderen Dingen, die man in Produkten noch nicht unbedingt findet.\nDies ist ein Lehrbuch für eine Univorlesung. Es setzt ein funktionierendes Gehirn voraus, und erfordert Bereitschaft zum selbstständigen Denken und Umsetzen. Es ist ein ziemlich gutes Lehrbuch, es ist aber für Leute nicht geeignet, die sich beim Lesen des Wortes Algebra überlegen, ob sie nicht doch noch lieber eine Runde CS zocken sollten.\nAls Taschenbuch im Kompaktformat Datenbanken: Implementierungstechniken Wie man sich seinen Datenbankserver mal eben schnell selber schreibt.\n(geschrieben für Rootforum und hier herüber geschafft zur Archivierung)\n","date":"2006-03-07T00:00:00Z","href":"https://blog.koehntopp.info/2006/03/07/mysql-fuer-dummies-6.html","tags":["mysql","lang_de"],"title":"MySQL für Dummies (6)"},{"categories":null,"content":" Key Buffer In dem letzten Artikel dieser Serie haben wir gesehen, wie MySQL einen Index anlegt und was dies bedeutet. MySQL at einen Puffer, mit dem ein Index ganz oder teilweise im RAM gehalten werden kann. Dies ist der Key Buffer, und er ist eine sehr zentrale Konfigurationsvariable, die in der [mysqld]-Sektion der my.cnf gesetzt wird.\n[mysqld] key_buffer = 100M Dies stellt einen Key Buffer von bis zu 100 MB für den mysqld zur Verfügung. Mit den STATUS-Variablen key_read_requests und key_reads kann man dann leicht feststellen, ob dieser Puffer groß genug ist: key_read_requests sollte sehr viel größer als key_reads sein, und zwar zwischen 100- und 1000-mal so groß. MySQL hält dann den MyISAM-Index im RAM, und kann so Daten auf der Platte sehr schnell finden.\nMan kann bis zu 20 % des Hauptspeichers, den man MySQL zur Verfügung stellen will, in den Key Buffer investieren (auf einer 1 GB Maschine, bei der man 500 MB für MySQL und 500 MB für Apache aufwenden will, kann man den Key Buffer also 100 MB groß machen). Der Key Buffer sollte so groß sein, wie die Summe aller verwendeten Indices ist (und wir haben ja schon gesehen, wie man die berechnen oder nachsehen kann). Je nach Hauptspeicher und Indexgröße ist das Dilemma nun da, und man muss auf der einen oder anderen Seite Abstriche machen.\nDas nennt der Sysadmin dann \u0026ldquo;Optimierungsaufgabe\u0026rdquo; und der Betriebswirtschaftler hat auch ein Wort dafür: \u0026ldquo;Investitionsbedarf\u0026rdquo;. Man sieht deutlich die verschiedenen Herangehensweisen der beiden Disziplinen an Probleme.\nLocks und Locking Wie wir in den vergangenen Ausgaben dieser Serie auch gesehen haben, kann es Datenbankoperationen geben, die vergleichsweise lange dauern. Es kann sein, daß eine solche Operation während dieser Zeit ein LOCK auf einer Tabelle erzeugt. MyISAM kennt zwei Arten von Locks und sie gelten immer für die gesamte Tabelle - MyISAM kann nicht Bereiche einer Tabelle oder gar einzelne Zeilen locken.\nEin SHARED LOCK oder READ LOCK erlaubt dem Lockinhaber den Lesezugriff auf eine Tabelle, und erlaubt gleichzeitig weitere Lesezugriffe durch andere Threads. Schreibende Threads werden jedoch ausgesperrt und müssen warten. Ein EXCLUSIVE LOCK oder WRITE LOCK erlaubt dem Lockinhaber und nur diesem den Schreibzugriff auf die Tabelle. Alle anderen Threads, egal ob sie lesen oder schreiben wollen, müssen warten.\nEin Thread, der wartet, sieht so aus:\nroot@localhost [rootforum]\u0026gt; show processlist\\G Id: 7 User: root Host: localhost db: rootforum Command: Query Time: 0 State: NULL Info: show processlist Id: 8 User: root Host: localhost db: rootforum Command: Query Time: 422 State: copy to tmp table Info: alter table t add index (i) Id: 9 User: root Host: localhost db: rootforum Command: Query Time: 205 State: Locked Info: insert into t values (20000001+1, \u0026#34;keks\u0026#34;, \u0026#34;keks\u0026#34;, 17) 3 rows in set (0.00 sec) Hier ist der Thread mit der ID 9 im State: Locked, denn er versucht auf die Tabelle t zu schreiben. t wird jedoch gerade vom Thread 8 bearbeitet, der die Tabelle dazu mit einem Lock belegt hat. Das INSERT-Kommando hängt nun an seinem Prompt und kommt nicht zurück. Erst nachdem das ALTER TABLE durchgelaufen ist, kann das INSERT-Kommando ausgeführt werden. Wenn man so eine Ausgabe (\u0026ldquo;Locked\u0026rdquo;) in seinem eigenen SHOW PROCESSLIST sieht, womöglich für mehr als ein Kommando in Folge, dann ist es quasi schon zu spät - der MySQL-Server braucht dringend eine tunende Hand.\nHier noch einmal die Ausführungszeit:\nroot@localhost [rootforum]\u0026gt; insert into t values (20000001+1, \u0026#34;keks\u0026#34;, \u0026#34;keks\u0026#34;, 17); Query OK, 1 row affected (8 min 9.49 sec) Ein Blick ins Slow-Query-Log bringt dann noch mehr Information. Dort wird für jede lange dauernde Query nämlich neben der absoluten Query_time auch noch die Lock_time mit aufgeführt. Ist diese nicht 0, weiß man, daß der Server ein Problem mit seinen Locks hat.\nDas ist eine sehr unangenehme Situation, die man unbedingt vermeiden möchte. Denn wenn man sich mit der Performance von Servern auseinandersetzt, dann gibt es im Wesentlichen zwei Ziele, auf die man einen Server optimieren kann. Eines dieser Ziele ist Durchsatz, also die Anzahl der Anfragen pro Sekunde, die ein Server zu Ende bringt, und das andere ist Latenz, also die Dauer, die eine einzelne Query dauern darf. Beides sind sehr unterschiedliche Ziele, und man muss beim Performancetuning seine Segel sehr sorgfältig setzen, je nachdem, welches Optimierungsziel vorne steht.\nWarteschlangen, Telefonzellen und Hockeyschläger Bei Optimierung auf Antwortzeit, Latenz, begegnet einem dabei in der Regel die \u0026ldquo;Hockey Stick Curve\u0026rdquo; aus der Warteschlangentheorie. Sie sieht in etwa so aus:\nlatency ^ | | | | | | | | | _| | __- |____----- +-----------X-------\u0026gt; load Warum diese Kurve so aussieht, wie sie aussieht, kann man leicht mit einem kleinen PHP-Script testen. Das gezeigte PHP-Script simuliert eine Telefonzelle, an der mit 20 %-iger Wahrscheinlichkeit pro Minute Leute auftauchen, die Gespräche führen wollen, die zwischen einer und fünf Minuten lang sind. Lässt man das Script mehrfach mit einem CLI-PHP laufen, und dreht dabei $prob langsam von 20 % auf 22 %, 25 % und dann 30 % hoch, sieht man sehr schön, wie sich die Warteschlangen im System immer weiter aufbauen.\nWarum ist das so? Telefonzellen (und auch Datenbanken) können nicht vorarbeiten. Idlezeit verstreicht ungenutzt - nur Zeit, in der die Warteschlange nicht leer ist, ist sinnvoll genutzte Zeit.\n#! /usr/bin/php5 -q \u0026lt;?php $prob = 20; ## Wahrscheinlichkeit für neuen Kunden in Prozent $maxlen = 5; ## Gesprächsdauer in Minuten (1-$maxlen) $link = 0; function connect() { global $link; $link = mysql_connect(\u0026#34;localhost\u0026#34;, \u0026#34;root\u0026#34;, \u0026#34;1wjsnh\u0026#34;); if ($link === false) die(\u0026#34;Argh\u0026#34;); mysql_select_db(\u0026#34;rootforum\u0026#34;) or die(\u0026#34;cannot select db\u0026#34;); doquery(\u0026#34;DROP TABLE IF EXISTS telefon\u0026#34;); doquery(\u0026#34;CREATE TABLE telefon ( id serial, dauer int )\u0026#34;); } function doquery($cmd) { mysql_query($cmd) or die(\u0026#34;cannot do query $cmd\u0026#34;); } function getvalues($cmd) { $res = mysql_query($cmd); if ($res === false) die(\u0026#34;Cannot query $cmd\u0026#34;); $r = mysql_fetch_assoc($res); return $r; } function getvalue($cmd, $name) { $r = getvalues($cmd); return $r[$name]; } connect(); $minute = 0; $call_remaining = 0; $id = 0; while ($minute \u0026lt; 1000) { $minute += 1; echo \u0026#34;Processing minute $minute: \u0026#34;; # Wie lang ist die Schlange? $r = getvalues(\u0026#34;select count(dauer) as len, sum(dauer) as wait from telefon\u0026#34;, \u0026#34;len\u0026#34;); $len = $r[\u0026#39;len\u0026#39;]; $wait = $r[\u0026#39;wait\u0026#39;]; echo \u0026#34;(Schlange $len, Wait $wait) \u0026#34;; # Neuer Kunde stellt sich an if (rand(1,100) \u0026lt; $prob) { $call_len = rand(1,$maxlen); echo \u0026#34;(New customer $call_len min.) \u0026#34;; doquery(\u0026#34;insert into telefon ( dauer ) values ( $call_len )\u0026#34;); } # Zelle leer: if ($call_remaining == 0) { # Wartet ein Kunde? $r = getvalues(\u0026#34;select id, dauer from telefon order by id limit 1\u0026#34;); if ($r === false) { # Kein Kunde da. echo \u0026#34;(queue empty) \u0026#34;; } else { # Kunde da, abholen und processing $call_remaining = $r[\u0026#39;dauer\u0026#39;]; $id = $r[\u0026#39;id\u0026#39;]; echo \u0026#34;(customer $id: $call_remaining) \u0026#34;; # Kunde aus der Schlange nehmen doquery(\u0026#34;delete from telefon where id = $id\u0026#34;); } } else { # Telefonieren... $call_remaining -= 1; echo \u0026#34;(customer $id: $call_remaining) \u0026#34;; } echo \u0026#34;\\n\u0026#34;; } ?\u0026gt; Tabellen, Locks und Deadlocks In MyISAM braucht man Tabellen in der Regel nicht selber zu locken: Jedes Kommando ist logisch atomar. Es lockt die benötigten Tabellen mit dem passenden Lock, führt seine Operation durch und unlockt die Tabellen am Ende des Kommandos wieder.\nManchmal will man aber mehr als ein Kommando auf einer Tabelle durchführen und will dabei sicherstellen, daß sich der Inhalt der Tabelle nicht verändert, während man die Operation durchführt. Der häufigste Fall ist das Auslesen und Verändern eines Zählers. Um einen Zähler einfach nur hochzuzählen kann man ja einfach\nupdate counter set val = val + 1 where id = \u0026lt;wert\u0026gt; verwenden. Aber will man den Zähler auch auslesen, dann braucht man so etwas wie\nLOCK TABLES counter WRITE SELECT val into @v from counter where id = \u0026lt;wert\u0026gt; UPDATE counter SET val = @v+1 WHERE id = \u0026lt;wert\u0026gt; UNLOCK TABLES SELECT @v Nur so ist sichergestellt, daß das Hochzählen auch atomar und ohne Unterbrechung durch andere Zähloperationen erfolgt.\nWann immer man mehrere Tabellen mit einem Lock belegt, können Deadlocks entstehen. Man stelle sich vor, zwei Threads würden gleichzeitig die Statements LOCK TABLES a, b WRITE und LOCK TABLES b, a WRITE ausführen. Thread 1 würde die Tabelle a locken, während Thread 2 jetzt die Tabelle b lockt. 1 will nun b locken, aber das geht nicht, weil 2 dieses Lock schon hält. Zugleich will 2 jetzt a locken, aber das geht auch nicht - beide Threads würden ewig darauf warten, daß der jeweils andere die Locks aufgibt.\nEin gängiger Weg zur Vermeidung von Deadlocks ist, Ressourcen grundsätzlich nur einmal und nur atomar zu vergeben - MySQL hat mit LOCK TABLES diesen Weg gewählt. Ein Thread kann also nur LOCK TABLES a,b WRITE ausführen, nicht etwa LOCK TABLES a WRITE und später LOCK TABLES b WRITE dazunehmen, um zusätzlich zu a noch b dazuzunehmen. Außerdem kann LOCK TABLES nicht unterbrochen werden - LOCK TABLES a,b WRITE sammelt also alle Locks für a und b gleichzeitig ein.\nEine andere Methode Deadlocks zu vermeiden besteht darin, die Ressourcen, die zu vergeben sind, anzuordnen und alle Threads zu zwingen, Ressourcen in Reihenfolge zu bestellen. LOCK TABLES a, b WRITE und LOCK TABLES b, a WRITE würden so intern beide zu demselben Kommando LOCK TABLES a,b WRITE werden, und dann kann es schon gar nicht mehr zum Deadlock kommen (denn der zweite Thread würde a gelockt vorfinden, bevor er überhaupt seine Finger auf b legen kann). So hat MySQL die oben dargestellte Atomizität intern implementiert.\nEin LOCK auf Tabellen kann mit UNLOCK TABLES aufgehoben werden.\nEin LOCK auf Tabellen sollte immer nur so kurz wie irgend möglich gehalten werden. Wer mit den Werten für die Telefonatsdauer und die Neukundenwahrscheinlichkeit im Telefonzellensimulations-PHP ein wenig gespielt hat, der hat möglicherweise jetzt eine Vorstellung davon, warum das so ist.\nLocks haben Prioritäten In MySQL hat ein WRITE-Lock eine höhere Priorität als ein READ-Lock und entsprechend ein INSERT/UPDATE/DELETE eine höhere Priorität als ein SELECT. Wenn also auf eine Tabelle viele schreibende Statements durchgeführt werden, dann werden die SELECT-Statements entsprechend zurückgedrängt. Daher ist es sehr wichtig, daß schreibende Statements schnell durchgeführt werden, damit sie ihre Locks nur für möglichst kurze Zeit halten. Ein schreibendes Statement kann dann schnell durchgeführt werden, wenn es eine möglichst einfache WHERE-Clause hat, die einen Index verwenden kann (z.B. ein UPDATE gegen eine Zeile, die über ihren PRIMARY KEY bestimmt wird).\nOft kann es sinnvoll sein, schreibende Statements zu batchen. Dazu kann man zum Beispiel die extended INSERT-Syntax verwenden (insert into \u0026lt;name\u0026gt; ( col1, col2, ...) values (val1, val2, ...), (val1, val2, ...)), mit der man mehr als eine Zeile auf einmal in die Datenbank einfügen kann. Diese Syntax steht für UPDATE nicht zur Verfügung, kann aber zum Beispiel mit \u0026ldquo;REPLACE INTO\u0026rdquo; verwendet werden. Ein einzelnes Statement kann max_allowed_packet Bytes lang sein, und wenn extended INSERT-Syntax verwendet wird, verwendet MySQL intern einen Puffer von bulk_insert_buffer_size, um diese Operation zu beschleunigen. Dieser Puffer sollte zur Insert-Größe passend gewählt werden.\nBei extended INSERT-Syntax werden Updates der Indices einer Tabelle gepuffert und der Baum nicht nach jedem Insert rebalanciert, sondern nur einmal am Ende aller Inserts dieses Blocks. Hat man mehr als ein solches INSERT-Statement, kann man diese außerdem noch in ein LOCK TABLES wickeln, damit es noch schneller geht:\nLOCK TABLES t WRITE; INSERT INTO t (a,b) VALUES (1, 2), (3, 4); INSERT INTO t (a,b) VALUES (5,6); UNLOCK TABLES; Hier wird der Key Buffer nur einmal, beim UNLOCK TABLES, aktualisiert und auf die Platte geschrieben.\nWer sehr mutig ist, und ein MySQL 5.x hat, startet seinen MySQL-Server mit der Konfigurationsvariable delayed_key_writes = ON oder gar delayed_key_writes = ALL in der [mysqld]-Sektion der my.cnf. Steht diese Variable auf 1, kann man eine Tabelle beim CREATE TABLE mit der Option DELAYED_KEY_WRITE spezifizieren. Der Key-Buffer für solche Tabellen wird dann nicht mehr so oft auf die Platte geschrieben (bei delayed_key_writes = 2 wird dies für alle Tabellen unabhängig von den CREATE-Optionen gemacht). Dies kann dazu führen, daß bei einem Servercrash die Indices (aber nicht die Daten) beschädigt sind und neu erzeugt werden müssen - das macht hässlich lange Recovery-Zeiten. Dafür werden Index-Updates immer so schnell ausgeführt, als wären sie gebatched und in LOCK TABLES eingewickelt.\nManchmal will man ein einzelnes SELECT haben, das nicht von INSERT-Statements verdrängt werden kann. Das kann man mit SELECT HIGH_PRIORITY ... erreichen: Es macht das Select nicht schneller, sorgt aber dafür, daß es nicht von immer wieder eintreffenden INSERT-Statements nach hinten gedrückt werden kann.\nAnders herum hat man manchmal ein INSERT, das keine SELECT-Statements zur Seite drücken soll. Das kann man mit INSERT LOW_PRIORITY erreichen: Es macht das Insert nicht langsamer, sorgt aber dafür, daß das INSERT keine SELECT-Statements zur Seite drückt.\nINSERT DELAYED Etwas ganz anderes ist INSERT DELAYED: INSERT DELAYED kommt in jedem Fall sofort zurück. Die Daten, die dem Insert übergeben werden, sind dabei noch lange nicht geschrieben und tatsächlich kann es sein, daß sie niemals geschrieben werden, denn MySQL schiebt die Daten nur in einen internen Puffer, der irgendwann einmal abgearbeitet wird und in die Tabelle geschoben wird.\nDabei gelten eine ganze Reihe von Einschränkungen, die in http://dev.mysql.com/doc/refman/5.0/en/insert-delayed.html im Detail beschrieben sind. Wie auch immer: INSERT DELAYED drückt Daten in einen Insert-Puffer und kommt dann immer sofort mit Erfolg zurück, während der Puffer irgendwann mal von einem Delayed-Insert-Thread gelesen wird und von diesem mit niederer Priorität in die Tabellen geschoben wird. Genau genommen kann SHOW STATUS einem zeigen, daß es delayed_insert_threads viele solcher Threads gibt, die derzeit not_flushed_delayed_rows an Datenzeilen ausstehen haben (von insgesamt delayed_writes vielen Zeilen, die bisher geschrieben worden sind).\nIn den Konfigurationsvariablen lässt sich einstellen, wie INSERT DELAYED arbeitet: Alle delayed_insert_limit Zeilen lässt ein Delay-Insert-Thread eventuell anstehenden Select-Statements den Vortritt. Ebenso gibt ein solcher Thread sein Lock auf, wenn sein Puffer leer ist und beendet sich delayed_insert_timeout Sekunden später, wenn er keine neue Arbeit bekommt. Kommen andererseits sehr viele INSERT DELAYED-Zeilen in die Warteschlange, so setzt delayed_queue_size der Anzahl der Zeilen im Puffer eine obere Grenze, damit der Speicher nicht überläuft.\nReminder: Data_free = 0 und Concurrent_inserts Wir erinnern uns an die Diskussion von SHOW TABLE STATUS und das Feld Data_free dort. Wenn Data_free = 0 ist, und für den Server Concurrent_inserts eingeschaltet sind, dann können auf der Tabelle Inserts und Selects gleichzeitig durchgeführt werden. Insert-Locks können dann nicht entstehen und so können auch keine Selects an die Wand gedrückt werden.\nMERGE-Tables oder MySQL 5.1 Partitions können sehr, sehr hilfreich sein, wenn man Tabellen so gestalten will, daß Data_free immer 0 ist und man sich OPTIMIZE TABLE nicht leisten kann.\nWie steht es mit meinem Locking? Mithilfe von SHOW STATUS sieht man seine Table_locks_immediate und Table_locks_waiting. Wenn mehr als 1 % (manche Leute sagen 3 %) der Table Locks waiting sind, dann hat der Server ein definitives Locking-Problem. Wie ernst das ist, kann man besser beurteilen, wenn man Questions/Uptime (Queries pro Sekunde, qps) berechnet und wenn man (qcache_hits+com_select)/(com_delete+com_insert+com_replace+com_update) (QL/DML-Ratio, \u0026ldquo;update-heavyness\u0026rdquo;) des Servers kennt.\nWenn mehr als eine Query pro Sekunde wartend ist (1 % Table_locks_waiting bei 100 qps oder mehr), dann lohnt es sich, sich mit locklösenden Maßnahmen zu befassen. Locklösende Maßnahmen sind:\nDML schneller machen weniger DML pro Sekunde erzeugen keine Table Locks mehr verwenden → InnoDB einsetzen (geschrieben für Rootforum und hier herüber geschafft zur Archivierung)\n","date":"2006-03-06T00:00:00Z","href":"https://blog.koehntopp.info/2006/03/06/mysql-fuer-dummies-5.html","tags":["mysql","lang_de"],"title":"MySQL für Dummies (5)"},{"categories":null,"content":"Wie wir in den vorangegangenen Beispielen gesehen haben, reicht es nicht aus, einer Datenbank zu sagen, welche Daten sie zu suchen hat. Wir müssen ihr auch noch Hilfen geben, mit denen sie in der Lage ist, diese Aufgabe schnell zu erfüllen. Eine sehr wichtige solche Hilfe ist ein Index.\nEine MYD-Datei wird, wenn sie keine Lücken hat, durch Anfügen von neuen Datensätzen verlängert. Die natürliche Reihenfolge der Datensätze in einer MYD-Datei ohne Löschen ist also chronologisch. Wenn in der MYD-Datei auch gelöscht wird, werden die Dinge komplizierter, denn MySQL wird versuchen, die Lücken aufzufüllen. Die Reihenfolge der Datensätze ist dann zufällig.\nDas gleicht einer Bücherei, bei der neu gekaufte Bücher einfach hinten in die freien Regale gestellt werden, und wenn Lücken vorhanden sind, diese aufgefüllt werden.\nEin Index ist eine Struktur, die uns erlaubt, bestimmte Suchen schneller durchzuführen. Büchereien haben zum Beispiel oft einen Titelkatalog oder einen Autorenkatalog. Ein Autorenkatalog entsteht, indem wir die Autoren aller Bücher in der Bücherei zusammen mit dem Regalstandort des Buches auf Notizkarten aufschreiben und diese Karten dann alphabetisch nach Autoren sortieren.\nIn einem sortierten Datenbestand kann man nämlich sehr schnell suchen. Wenn auf den Autorenkarten keine Reiter \u0026ldquo;a\u0026rdquo;, \u0026ldquo;b\u0026rdquo;, \u0026ldquo;c\u0026rdquo;, \u0026hellip; vorhanden sind, kann man \u0026ldquo;Suchen durch Halbieren\u0026rdquo;: Ein Buch von \u0026ldquo;Jeremy Zawodny\u0026rdquo; findet man, indem man die Autorenliste halbiert und dann prüft, ob der Autor in der ersten oder zweiten Hälfte der Bücher zu finden ist. Diese Hälfte halbiert man dann wieder, und so weiter und so weiter.\nFür zwei Bücher kann man so mit einer Operation entscheiden, welches von beiden Büchern das gesuchte ist. Für vier Bücher braucht man eine Operation, um dies auf den Fall mit zwei Büchern zurückzuführen, also zwei Operationen insgesamt. Für acht Bücher kann man dies mit einer Operation auf den Fall mit vier Büchern reduzieren.\nAllgemein braucht man für n Bücher dann also log(2,n) Operationen, um ein Buch eines bestimmten Autors zu finden.\nBücher Suchoperationen 2 1 (2^[b]1[/b] = 2) 4 2 (2^[b]2[/b] = 4) 8 3 (2^[b]3[/b] = 8) n e = log(2, n) (2^e = n) Aus einer Bibliothek mit 20 Millionen Büchern kann man also mit weniger als 24-25 Operationen die Bücher von Jeremey Zawodny finden, wenn man einen nach Autorennamen sortierten Katalog zur Verfügung hat: Man bekommt so eine Liste der Standorte, und muss dann zu den auf den Karten notierten Standorten laufen, um die Bücher tatsächlich abzuholen.\nroot@localhost [(none)]\u0026gt; select log(20000000)/log(2) as ops; +-----------------+ | ops | +-----------------+ | 24.253496664212 | +-----------------+ 1 row in set (0.00 sec) Das Beispiel macht Gebrauch von der Beobachtung, daß man mit einer beliebigen Logarithmusfunktion jede andere Logarithmusfunktion berechnen kann, indem man einfach log(b, n) in log(n)/log(b) umformt. MySQL stellt mit den Funktionen exp() und log() die Exponentialfunktionen und Logarithmusfunktionen zur Basis e = 2.718281828459 zur Verfügung, sodass log(20000000)/log(2) hier den log(2, 20000000) bestimmt.\nTatsächlich befinden sich auf den Karten in einer Bibliothek aber Reiter, sodass man gleich unter \u0026ldquo;Z\u0026rdquo; nachschauen kann, also bei gleich verteilten Autorennamen schon mit dem ersten Schritt nur noch ein Sechsundzwanzigstel aller Bücher durchsuchen muss statt die Hälfte. Wäre nun auf allen Z-Karten \u0026ldquo;Za\u0026rdquo;, \u0026ldquo;Zb\u0026rdquo;, und so weiter notiert, würde auch der zweite Schritt nur sechsundzwanzigsteln, und so weiter. Man bräuchte dann bei 20 Millionen Büchern nur noch 5-6 Schritte, um alle Bücher von Jeremy Zawodny zu finden.\nroot@localhost [(none)]\u0026gt; select log(20000000)/log(26); +-----------------------+ | log(20000000)/log(26) | +-----------------------+ | 5.1598357001807 | +-----------------------+ 1 row in set (0.00 sec) Nun sind die Namen von Buchautoren aber nicht gleich verteilt. Stattdessen könnte man aber auch wie bei einem Lexikon vorgehen und in regelmäßigen Abständen, etwa für jeweils eine Million Autoren, Proben nehmen: Band 1 von A-E, Band 2 von F-L und so weiter. Innerhalb der Million würde man dann für jeweils einen 100.000er Block vermerken A-Be, Bf-Ca, und so weiter, und auf den weiteren Ebenen genauso. Dann hätte man gleich große Blöcke und wüsste für jeden Block, welche Buchstabenintervalle darin enthalten sind.\nBeim Einfügen von Werten muss man jedoch unter Umständen Werte aus dem 1. 100.000er-Block in den Zweiten verschieben und so weiter: Kommt Arnold dazu, muss Bertram unter Umständen in den 2. Block und die Blockgrenzen sind nun A-Bd, Be-Ca.\nSo einen Index bezeichnet man als balancierten Baum (Btree), und das ist genau das, was MySQL verwendet. Die Schiebeoperationen nennt man Rebalancing des Baumes, und die will man gerne vermeiden.\nEine MYI-Datei besteht also aus Blöcken von key_cache_block_size (normal 1024) Byte Größe. Ein Key Cache Block enthält was immer wir indizieren wollen und Zeiger in die MYD-Datei. Das sind entweder Byte-Offsets (Row_format: dynamic) oder Datensatznummern (Row_format: fixed). Wenn wir also eine INTEGER-Spalte indizieren, braucht jeder Eintrag im Index 4 Byte für die zu indizierende Spalte plus 4 Byte Zeiger in die Daten. In einen 1024-Block passen so also 1024/8 = 2^10/2^3 = 2^(10-3) = 2^7 = 128 Einträge.\nDurch Laden dieses Blocks können wir also die Suche im Index nicht \u0026ldquo;durch Halbieren\u0026rdquo; oder \u0026ldquo;durch sechsundzwanzigsteln\u0026rdquo; durchführen, sondern wir reduzieren die zu durchsuchende Datenmenge in jedem Schritt auf ein Hundertachtundzwanzigstel. Oder würden dies tun, wenn wir die Indexblöcke alle immer ganz voll machen würden.\nDas tun wir aber nicht, weil wir dann bei jedem Einfügen von Daten rebalancieren müssten. Stattdessen machen wir die Blöcke nur zu 2/3 voll. Dadurch 128teln wir nicht, sondern 84teln nur, aber das macht fast nichts aus. 20 Millionen Datensätze durchsuchen wir so mit maximal 4 Operationen.\nroot@localhost [(none)]\u0026gt; select 128*0.66; +----------+ | 128*0.66 | +----------+ | 84.48 | +----------+ 1 row in set (0.00 sec) root@localhost [(none)]\u0026gt; select log(20000000)/log(84.48); +--------------------------+ | log(20000000)/log(84.48) | +--------------------------+ | 3.7892903582541 | +--------------------------+ 1 row in set (0.00 sec) Einen \u0026ldquo;sortierten Autorenkatalog\u0026rdquo; nennt man in einer Datenbank einen \u0026ldquo;Index auf eine Spalte\u0026rdquo;. In unserer Beispieltabelle haben wir die Spalten id, d, e und i. Wir wollen einen Index auf die Spalte i (INTEGER, 4 Byte) legen, also braucht ein Indexeintrag 8 Byte (4 Byte für den Integer und 4 Byte für den Datenzeiger). Für 20 Millionen Einträge rechnen wir also mit einer ca. 230 MB großen MYI-Datei.\nDie Rechnung geht so: 20 Mio Einträge zu 8 Byte sind 152 MB, aber wir machen die Blöcke nur zu ca. 2/3 voll, also müssen wir das ganze durch 2/3 teilen:\nroot@localhost [rootforum]\u0026gt; select 20000000*8/1024/1024/(2/3)\\G 20000000*8/1024/1024/(2/3): 228.881836166382 1 row in set (0.00 sec) Den Index erzeugen wir mit dem Kommando CREATE INDEX. Das Kommando geht dann die Spalte i durch, notiert die Werte und für jeden Wert die Datensatznummer, in der der Wert zu finden ist. Die Werte müssen sortiert werden, und dazu braucht MySQL Platz. Der Puffer für diesen Platz kann online definiert werden, und sollte sehr groß gewählt werden (bei uns: Mindestens 230 MB groß, wie wir eben vorgerechnet haben). Der Name des Puffers ist myisam_sort_buffer_size.\nIm folgenden Beispiel verwenden wir Sessionvariablen, hier die Variable @old_buffer, um den alten Wert für myisam_sort_buffer_size zu speichern. Wir definieren dann für unsere Verbindung zur Datenbank und nur für diese einen größeren Wert für myisam_sort_buffer_size, und erzeugen den Index mit CREATE INDEX. Danach setzen wir myisam_sort_buffer_size wieder auf den alten Wert zurück.\nWir verändern nicht @@global.myisam_sort_buffer_size, weil das ein großes Risiko wäre: Jedes CREATE INDEX, ALTER TABLE ... ADD INDEX oder REPAIR TABLE würde dann den großen Puffer verwenden und bis zu 300 MB Speicher verlangen.\nroot@localhost [rootforum]\u0026gt; select @@session.myisam_sort_buffer_size; +-----------------------------------+ | @@session.myisam_sort_buffer_size | +-----------------------------------+ | 31457280 | +-----------------------------------+ 1 row in set (0.04 sec) root@localhost [rootforum]\u0026gt; set @old_buffer=@@session.myisam_sort_buffer_size; Query OK, 0 rows affected (0.00 sec) root@localhost [rootforum]\u0026gt; set @@session.myisam_sort_buffer_size = 300*1024*1024; Query OK, 0 rows affected (0.02 sec) root@localhost [rootforum]\u0026gt; create index i on t(i); Query OK, 20000000 rows affected (4 min 33.35 sec) Records: 20000000 Duplicates: 0 Warnings: 0 root@localhost [rootforum]\u0026gt; set @@session.myisam_sort_buffer_size = @old_buffer; Query OK, 0 rows affected (0.00 sec) Da diese Aktion auf meinem Rechner über 4 Minuten dauert, kann ich MySQL beim Erzeugen des Index zusehen:\nroot@localhost [(none)]\u0026gt; show processlist\\G Id: 5 User: root Host: localhost db: rootforum Command: Query Time: 48 State: copy to tmp table Info: create index i on t(i) ... Das will ich genauer beobachten:\nroot@linux:/var/lib/mysql/data/rootforum # ls -l total 1493641 -rw-rw---- 1 mysql mysql 527958016 Feb 12 17:15 #sql-26a5_5.MYD -rw-rw---- 1 mysql mysql 1024 Feb 12 17:14 #sql-26a5_5.MYI -rw-rw---- 1 mysql mysql 8628 Feb 12 17:14 #sql-26a5_5.frm drwx------ 2 mysql mysql 240 Feb 12 17:14 ./ drwxr-xr-x 6 mysql mysql 440 Feb 12 17:06 ../ -rw-rw---- 1 mysql mysql 61 Feb 12 17:01 db.opt -rw-rw---- 1 mysql mysql 1000000000 Feb 12 17:07 t.MYD -rw-rw---- 1 mysql mysql 1024 Feb 12 17:07 t.MYI -rw-rw---- 1 mysql mysql 8628 Feb 12 17:02 t.frm Die Prozessgröße ist dabei eher klein:\nroot@linux:/var/lib/mysql/data/rootforum # ps axuwww| grep mysql[d] mysql 9893 2.2 1.2 351420 13152 pts/1 Sl 15:13 2:41 /usr/local/mysql-max-5.0.18-linux-i686-glibc23/bin/mysqld ... Der mysqld hat hier also das Potenzial, bis zu 351420 KB zu belegen, da er aber für diese Übung frisch gestartet wurde, belegt er tatsächlich nur 13152 KB Speicher.\nNach dem Abschluss der Kopieroperation ist die #sql-26a5_5.MYD genauso groß wie die t.MYD, und die eigentliche Sortieroperation kann beginnen. Der mysqld wächst um die vereinbarte Puffergröße (genauer: nur um die benötigte Größe und das nur schrittweise).\nroot@localhost [(none)]\u0026gt; show processlist\\G Id: 5 User: root Host: localhost db: rootforum Command: Query Time: 124 State: Repair by sorting Info: create index i on t(i) Dies ist die Anzeige von SHOW PROCESSLIST, während sortiert wird und der myisam_sort_buffer_size tatsächlich benutzt wird. Sieht man sich den Prozess in der Unix-Prozessliste an, kann man sehen, daß auch Speicher belegt wird:\nroot@linux:/var/lib/mysql/data/rootforum # !ps ps axuwww| grep mysql[d] mysql 9893 3.5 27.6 624744 286388 pts/1 Sl 15:13 4:24 /usr/local/mysql-max-5.0.18-linux-i686-glibc23/bin/mysqld ... Und der Gewinn? Operationen wie select * from t where i = 193306751 sind jetzt sehr schnell durchzuführen, und zwar unabhängig davon, ob der Wert am Anfang oder am Ende der Tabelle gefunden wird.\nroot@localhost [rootforum]\u0026gt; flush query cache; Query OK, 0 rows affected (0.03 sec) root@localhost [rootforum]\u0026gt; select * from t where i = 193306751; +----+--------------+---------------------------+-----------+ | id | d | e | i | +----+--------------+---------------------------+-----------+ | 9 | jilrmbmbujaw | vegmospiyoenpnovopofogiof | 193306751 | +----+--------------+---------------------------+-----------+ 1 row in set (0.00 sec) root@localhost [rootforum]\u0026gt; select * from t where i = 1830603510; +----------+--------------+---------------------------+------------+ | id | d | e | i | +----------+--------------+---------------------------+------------+ | 19999990 | hctjfsosiobb | zyxhrbyvbtsrnpwjijtgqrfcb | 1830603510 | +----------+--------------+---------------------------+------------+ 1 row in set (0.03 sec) (geschrieben für Rootforum und hier herüber geschafft zur Archivierung)\n","date":"2006-03-05T00:00:00Z","href":"https://blog.koehntopp.info/2006/03/05/mysql-fuer-dummies-4.html","tags":["mysql","lang_de"],"title":"MySQL für Dummies (4)"},{"categories":null,"content":"Suchen dauern auf unserer Tabelle sehr lange.\nroot@localhost [rootforum]\u0026gt; select * from t where i = 1163012190; +----------+--------------+---------------------------+------------+ | id | d | e | i | +----------+--------------+---------------------------+------------+ | 19999993 | vrciabekkgcb | ykdewonxucqpwtdvzgnschyaw | 1163012190 | +----------+--------------+---------------------------+------------+ 1 row in set (21.81 sec) root@localhost [rootforum]\u0026gt; select * from t where i = 944905110; +----+--------------+---------------------------+-----------+ | id | d | e | i | +----+--------------+---------------------------+-----------+ | 5 | kgiyuxheibsa | bipgdpnvetowphowepuerediy | 944905110 | +----+--------------+---------------------------+-----------+ 1 row in set (19.94 sec) root@localhost [rootforum]\u0026gt; [1]+ Stopped mysql -u root -p h743107:~ # free -m total used free shared buffers cached Mem: 1010 996 13 0 7 781 -/+ buffers/cache: 208 802 Swap: 3074 3 3071 h743107:~ # fg mysql -u root -p An diesem Beispiel können wir sehen, daß eine Suche auf unseren Daten immer so um die 20 Sekunden lang dauert. Dabei spielt es keine Rolle, ob die zu suchenden Daten am Anfang oder am Ende der Tabelle stehen, weil wir ja mit dem SELECT-Kommando nach allen Vorkommen des gesuchten Wertes graben müssen - MySQL muss also durch die ganze Tabelle laufen und alle 20 Millionen Werte abprüfen.\nDie zweite Query ist auch nicht viel schneller als die erste Query, weil die zu durchsuchenden Daten größer sind, als der dem System zur Verfügung stehende Buffer Cache (Spalte cached bei free -m).\nWenn wir an diese Query ein LIMIT 1 anfügen, bekommen wir ein variables Zeitverhalten: Werte am Anfang der Tabelle werden schnell gefunden, während eine Suche nach Werten am Ende der Tabelle sehr lange dauert:\nroot@localhost [rootforum]\u0026gt; SELECT * from t where i = 944905110 limit 1; +----+--------------+---------------------------+-----------+ | id | d | e | i | +----+--------------+---------------------------+-----------+ | 5 | kgiyuxheibsa | bipgdpnvetowphowepuerediy | 944905110 | +----+--------------+---------------------------+-----------+ 1 row in set (0.00 sec) root@localhost [rootforum]\u0026gt; SELECT * from t where i = 1163012190 limit 1; +----------+--------------+---------------------------+------------+ | id | d | e | i | +----------+--------------+---------------------------+------------+ | 19999993 | vrciabekkgcb | ykdewonxucqpwtdvzgnschyaw | 1163012190 | +----------+--------------+---------------------------+------------+ 1 row in set (20.97 sec) Führt man eine bereits einmal durchgeführte Query noch einmal aus, bekommt man die Antwort sehr, sehr schnell, denn MySQL hat einen Query Cache, der einmal gestellte Queries wiedererkennen kann und dann einfach noch einmal das alte Result-Set abspielt, statt die Query tatsächlich noch einmal auszuführen. Dabei kommt es auf die Schreibweise an. Schon das unterschiedliche \u0026ldquo;S\u0026rdquo; bei den folgenden beiden Queries sorgt dafür, daß MySQL die Query nicht mehr als \u0026ldquo;alt\u0026rdquo; erkennt, sondern neu ausführen muss.\nroot@localhost [rootforum]\u0026gt; select * from t where i = 1163012190; +----------+--------------+---------------------------+------------+ | id | d | e | i | +----------+--------------+---------------------------+------------+ | 19999993 | vrciabekkgcb | ykdewonxucqpwtdvzgnschyaw | 1163012190 | +----------+--------------+---------------------------+------------+ 1 row in set (0.00 sec) root@localhost [rootforum]\u0026gt; Select * from t where i = 1163012190; +----------+--------------+---------------------------+------------+ | id | d | e | i | +----------+--------------+---------------------------+------------+ | 19999993 | vrciabekkgcb | ykdewonxucqpwtdvzgnschyaw | 1163012190 | +----------+--------------+---------------------------+------------+ 1 row in set (20.64 sec) Auch ein INSERT in eine Tabelle kann natürlich das Result-Set einer Query verändern. Daher muss eine Query aus dem Query Cache gelöscht werden, wenn ihre Base Table verändert wird. Der Query Cache kann auch mit dem Kommando FLUSH QUERY CACHE absichtlich gelöscht werden.\nroot@localhost [rootforum]\u0026gt; insert into t values ( 20000001, \u0026#34;keks\u0026#34;, \u0026#34;keks\u0026#34;, 3); Query OK, 1 row affected (0.06 sec) root@localhost [rootforum]\u0026gt; select * from t where i = 1163012190; +----------+--------------+---------------------------+------------+ | id | d | e | i | +----------+--------------+---------------------------+------------+ | 19999993 | vrciabekkgcb | ykdewonxucqpwtdvzgnschyaw | 1163012190 | +----------+--------------+---------------------------+------------+ 1 row in set (19.77 sec) Diese Query geht nicht in den Query Cache:\nroot@localhost [rootforum]\u0026gt; flush query cache; Query OK, 0 rows affected (0.00 sec) root@localhost [rootforum]\u0026gt; select sql_no_cache * from t where id = 1000; +------+--------------+---------------------------+-----------+ | id | d | e | i | +------+--------------+---------------------------+-----------+ | 1000 | tgnqufoiygkr | knkosawojeknkcmsodwdnorkd | 295436531 | +------+--------------+---------------------------+-----------+ 1 row in set (20.12 sec) root@localhost [rootforum]\u0026gt; select sql_no_cache * from t where id = 1000; +------+--------------+---------------------------+-----------+ | id | d | e | i | +------+--------------+---------------------------+-----------+ | 1000 | tgnqufoiygkr | knkosawojeknkcmsodwdnorkd | 295436531 | +------+--------------+---------------------------+-----------+ 1 row in set (20.28 sec) Die Konfiguration des Query Cache erfolgt über Variables in der [mysqld]-Sektion der /etc/my.cnf und kann wie folgt ausgegeben werden:\nroot@localhost [rootforum]\u0026gt; show variables like \u0026#34;query_cache%\u0026#34;; +------------------------------+----------+ | Variable_name | Value | +------------------------------+----------+ | query_cache_limit | 1048576 | | query_cache_min_res_unit | 4096 | | query_cache_size | 33554432 | | query_cache_type | ON | | query_cache_wlock_invalidate | OFF | +------------------------------+----------+ 5 rows in set (0.00 sec) Das query_cache_limit bestimmt, wie groß der Result Set einer Query maximal sein kann, damit er in den Query Cache Eingang findet. Das Cachen von sehr großen Result Sets würden den Query Cache fluten und andere, wichtigere Queries aus dem Cache drängen. Speicher wird dabei in Blöcken von query_cache_min_res_unit Bytes verbraucht - auch eine einzeilige Query verbraucht also 4 KB im Cache, wenn man dies nicht verkleinert. Das ist vor allen Dingen dann lohnend, wenn sehr viele kleine Result Sets zu verwalten sind.\nDie Query_Cache_Size legt fest, wie viel RAM wir für den Query Cache reservieren wollen. Die Größe des Query Cache muss man ein wenig variieren, und dabei die Ergebnisse mit SHOW STATUS kontrollieren.\nDer Query_Cache_Type kann 0 (OFF), 1 (ON) oder 2 (ON DEMAND) sein. Ist er auf 0, werden alle anderen Parameter ignoriert und der Cache ist aus. Ist er auf 1, werden alle Queries, für die dies möglich ist, in den Cache gelegt - Queries mit PREPARE statt SELECT, Queries, die Funktionsaufrufe enthalten, die NOT DETERMINISTIC sind (rand(), now() und so weiter), und Queries, die mit SQL_NO_CACHE markiert sind, können nicht in den Cache. Ist er auf 2, werden Queries nicht in den Cache gelegt, außer sie sind ausdrücklich mit SQL_CACHE markiert.\nWenn auf einer Tabelle durch eine schreibende Operation ein Write Lock gelegt wird, können Queries aus dem Query Cache dennoch beantwortet werden. Will man dies nicht, will man also durch ein passendes LOCK TABLES sicher alle Reader anhalten, dann muss man query_cache_wlock_invalidate auf 1 (ON) stellen.\nroot@localhost [rootforum]\u0026gt; show status like \u0026#34;qc%\u0026#34;; +-------------------------+----------+ | Variable_name | Value | +-------------------------+----------+ | Qcache_free_blocks | 1 | | Qcache_free_memory | 33538984 | | Qcache_hits | 6 | | Qcache_inserts | 11 | | Qcache_lowmem_prunes | 0 | | Qcache_not_cached | 9 | | Qcache_queries_in_cache | 6 | | Qcache_total_blocks | 14 | +-------------------------+----------+ 8 rows in set (0.00 sec) root@localhost [rootforum]\u0026gt; show status like \u0026#34;com_select\u0026#34;; +---------------+-------+ | Variable_name | Value | +---------------+-------+ | Com_select | 21 | +---------------+-------+ 1 row in set (0.00 sec) Der Status des Query Cache kann mit SHOW STATUS LIKE 'qc%' abgefragt werden. Der Query Cache hier ist noch fast ganz frei: In den SHOW VARIABLES waren 33554432 Byte konfiguriert und hier sind noch 33538984 Byte frei. Der freie Speicher ist nicht fragmentiert, sondern liegt an einem Stück vor. Der Cache hat dabei 6 Qcache_hits gehabt, dem stehen 21 Select-Kommandos entgegen, die nicht gecacht worden sind (ein Select zählt ENTWEDER qcache_hits ODER com_cache hoch).\nDie Resultate von 11 Queries sind im Qcache abgelegt worden, und der Cache ist bisher noch niemals wegen Überlauf gepruned (also teilweise gelöscht worden). 9 Queries konnten nicht gecacht werden, aus welchen Gründen auch immer, 6 Queries liegen derzeit im Cache.\nWenn man wissen will, ob der eigene Query Cache groß genug ist, sollte man im Abstand von einigen Stunden einmal die Qcache_lowmem_prunes ansehen, und überprüfen, ob hochzählen. Wenn dies passiert, ist der Query Cache übergelaufen. Qcache_free_memory und Qcache_free_blocks sollte man ebenfalls im Auge behalten: Wenn der Qcache_free_blocks Counter groß wird, ist der Query Cache fragmentiert und man muss unter Umständen mit einer kleineren Blockgröße (query_cache_min_res_unit) experimentieren. Es kann sinnvoll sein, die com_select, qcache_hits, qcache_inserts, qcache_lowmem_prunes und qcache_free_memory sowie qcache_free_blocks minütlich auszulesen und in ein RRD zu plotten.\n(geschrieben für Rootforum und hier herüber geschafft zur Archivierung)\n","date":"2006-03-04T00:00:00Z","href":"https://blog.koehntopp.info/2006/03/04/mysql-fuer-dummies-3.html","tags":["mysql","lang_de"],"title":"MySQL für Dummies (3)"},{"categories":null,"content":"Für die folgenden Beispiele wird eine breitere Tabelle gebraucht, und es müssen auch einige Testdaten vorhanden sein. Daher hier einmal eine Tabellendefinition und ein Generatorscript für Testdaten:\nroot@localhost [rootforum]\u0026gt; drop table t; Query OK, 0 rows affected (0.00 sec) root@localhost [rootforum]\u0026gt; create table t ( id bigint unsigned not null, d char(12) not null, e char(25) not null, i integer unsigned not null ); Query OK, 0 rows affected (0.22 sec) root@localhost [rootforum]\u0026gt; [1]+ Stopped mysql -u root -p und\nh743107:~ # cat gendata.pl #! /usr/bin/perl -w my $limit = 20000000; # 20 Mio for (my $i=0; $i\u0026amp;lt;$limit; $i++) { $str1 = \u0026#34;\u0026#34;; for (my $j=0; $j\u0026amp;lt;12; $j++) { $str1 .= chr(97+26\\*rand()); } $str2 = \u0026#34;\u0026#34;; for (my $j=0; $j\u0026amp;lt;25; $j++) { $str2 .= chr(97+26\\*rand()); } $x = int(rand()\\*2\\*\\*31); printf qq(\u0026#34;$i\u0026#34;,\u0026#34;$str1\u0026#34;,\u0026#34;$str2\u0026#34;,\u0026#34;$x\u0026#34;\\n); } h743107:~ # ./gendata.pl \u0026gt; /tmp/data.csv h743107:~ # head -10 /tmp/data.csv \u0026#34;0\u0026#34;,\u0026#34;uvhgnbjklavf\u0026#34;,\u0026#34;fnwnwuwphwjcnuufzzbdjswpt\u0026#34;,\u0026#34;466412497\u0026#34; \u0026#34;1\u0026#34;,\u0026#34;sfnyjtjcljyr\u0026#34;,\u0026#34;puccvmiqgujqetgkwmwzdjefs\u0026#34;,\u0026#34;940962493\u0026#34; \u0026#34;2\u0026#34;,\u0026#34;fbdjnejvhkar\u0026#34;,\u0026#34;wwpfrdpasbztljviehzojgwyf\u0026#34;,\u0026#34;1417468689\u0026#34; \u0026#34;3\u0026#34;,\u0026#34;lqwgrvcmygqz\u0026#34;,\u0026#34;aazxhpetwqlkdwuaxwvhmhtsl\u0026#34;,\u0026#34;1393448064\u0026#34; \u0026#34;4\u0026#34;,\u0026#34;tvfucewatbhp\u0026#34;,\u0026#34;zayvtprykglnynesavekdnpwr\u0026#34;,\u0026#34;1565437858\u0026#34; \u0026#34;5\u0026#34;,\u0026#34;kgiyuxheibsa\u0026#34;,\u0026#34;bipgdpnvetowphowepuerediy\u0026#34;,\u0026#34;944905110\u0026#34; \u0026#34;6\u0026#34;,\u0026#34;qpgyhtohyfut\u0026#34;,\u0026#34;uxajpmyegbgaoexdyxnfsetpg\u0026#34;,\u0026#34;323176798\u0026#34; \u0026#34;7\u0026#34;,\u0026#34;fdpzsnkfvird\u0026#34;,\u0026#34;mpkqpcfgelhtxnszqremviuzk\u0026#34;,\u0026#34;1486742441\u0026#34; \u0026#34;8\u0026#34;,\u0026#34;awvwzzthakbe\u0026#34;,\u0026#34;slgfbakiuoggaulehscqxvoct\u0026#34;,\u0026#34;143366617\u0026#34; \u0026#34;9\u0026#34;,\u0026#34;drqdiqggqfos\u0026#34;,\u0026#34;hoigxngyrgwebyavcgugiixnm\u0026#34;,\u0026#34;1264096349\u0026#34; h743107:~ # wc -l /tmp/data.csv 20000000 /tmp/data.csv h743107:~ # ls -lh /tmp/data.csv -rw-r--r-- 1 root root 1,3G 2006-02-11 12:00 /tmp/data.csv h743107:~ # fg mysql -u root -p (wd: /var/lib/mysql) root@localhost [rootforum]\u0026gt; load data infile \u0026#34;/tmp/data.csv\u0026#34; into table t fields terminated by \u0026#34;,\u0026#34; enclosed by \u0026#39;\u0026#34;\u0026#39;; Query OK, 20000000 rows affected (1 min 45.35 sec) Records: 20000000 Deleted: 0 Skipped: 0 Warnings: 0 root@localhost [rootforum]\u0026gt; [1]+ Stopped mysql -u root -p h743107:~ # ll /var/lib/mysql/rootforum/ insgesamt 977552 drwx------ 2 mysql mysql 4096 2006-02-11 11:48 . drwxr-xr-x 5 mysql mysql 4096 2006-02-11 11:52 .. -rw-rw---- 1 mysql mysql 65 2006-02-11 11:26 db.opt -rw-rw---- 1 mysql mysql 8628 2006-02-11 11:48 t.frm -rw-rw---- 1 mysql mysql 1000000000 2006-02-11 12:04 t.MYD -rw-rw---- 1 mysql mysql 1024 2006-02-11 12:04 t.MYI Wir erzeugen hier eine Tabelle mit einem UNSIGNED BIGINT \u0026quot;id\u0026quot; (8 Byte), zwei CHAR Spalten d und e von 12 und 25 Zeichen Breite und einer Spalte i INTEGER UNSIGNED. Alle Werte sind, wie sich das gehört, NOT NULL.\nDas Generatorscript füllt diese Spalten mit aufsteigenden Werten für id, zufälligen Texten für d und e und mit Zufallszahlen für i. Es braucht auf meinem MR2 gut 20 Minuten, um eine 1.3 GB große Loader-Datei mit 20 Mio Datensätzen zu erzeugen. Der Load erfolgt dann mit dem relativ schnellen LOAD DATA INFILE Kommando. Da keine Indices mitzuführen sind, geht der Load mit 105 Sekunden (190000 Rows/sec, 12380 KB/sec) über die Bühne. Das ist etwa 1/3 der Bruttogeschwindigkeit der Platte, und daher relativ akzeptabel.\nDie resultierende MYD-Datei verbraucht 50 Byte/Record und ist Fixed, sodass 100 Mio Bytes (954 MB) für Datenfile verwendet werden. Ein Index wird nicht erzeugt, weil keiner definiert ist, daher ist die MYI-Datei minimal groß.\nDie Daten sind drin:\nh743107:~ # fg mysql -u root -p root@localhost [rootforum]\u0026gt; show warnings; Empty set (0.00 sec) root@localhost [rootforum]\u0026gt; select count(*) from t; +----------+ | count(*) | +----------+ | 20000000 | +----------+ 1 row in set (0.01 sec) root@localhost [rootforum]\u0026gt; show table status like \u0026#34;t\u0026#34;\\G Name: t Engine: MyISAM Version: 9 Row_format: Fixed Rows: 20000000 Avg_row_length: 50 Data_length: 1000000000 Max_data_length: 214748364799 Index_length: 1024 Data_free: 0 Auto_increment: NULL Create_time: 2006-02-11 11:48:23 Update_time: 2006-02-11 12:04:41 Check_time: NULL Collation: latin1_swedish_ci Checksum: NULL Create_options: Comment: 1 row in set (0.00 sec) Die Data_length bei SHOW TABLE STATUS gibt also die Größe der MYD-Datei an, die Index_length ist die Größe der MYI-Datei. Data_free sagt, daß in der MYD-Datei keine Lücken existieren.\nDas ist sehr wichtig, wenn in eine MyISAM-Tabelle mit INSERT Daten eingefügt werden: Neue Werte werden nun am Ende der MYD-Datei angefügt, und zwar ohne Locking - SELECT können also auf diese Tabelle ausgeführt werden, ohne sich mit den INSERT um den Zugriff zu prügeln - aber das funktioniert nur, solange Data_free: 0 ist.\nIn Fixed-Tabellen ist es recht leicht, Data_free auf 0 zu bekommen - da alle Records gleich groß sind, wird das irgendwann einmal sicher der Fall sein, wenn Daten eingefügt werden und man kann mit der Avg_row_length und dem Wert aus Data_free leicht ausrechnen, wann das der Fall sein wird. OPTIMIZE TABLE schließt die Lücken auch, kann aber sehr lange dauern, und sobald das erste Mal aus der Tabellen mitten rausgelöscht wird, ist das gute OPTIMIZE wieder beim Teufel.\nMit MyISAM MERGE-Tables oder mit MySQL 5.1 DATA PARTITIONS kann man Tabellen bauen, aus denen sich Daten löschen lassen, ohne Lücken aufzureißen. Data_free bleibt dann immer schon 0 und Concurrent_insert kann durchgeführt werden.\nroot@localhost [rootforum]\u0026gt; show variables like \u0026#34;concurrent%\u0026#34;; +-------------------+-------+ | Variable_name | Value | +-------------------+-------+ | concurrent_insert | ON | +-------------------+-------+ 1 row in set (0.00 sec) Man kann sich dies in der [mysqld]-Sektion seiner /etc/my.cnf leicht konfigurieren (concurrent_insert = 1).\n(geschrieben für Rootforum und hier herüber geschafft zur Archivierung)\n","date":"2006-03-03T00:00:00Z","href":"https://blog.koehntopp.info/2006/03/03/mysql-fuer-dummies-2.html","tags":["mysql","lang_de"],"title":"MySQL für Dummies (2)"},{"categories":null,"content":"Ein MySQL Datenbankserver hat ein datadir. Das Kommando\nroot@localhost [(none)]\u0026gt; show variables like \u0026#34;datadir\u0026#34;; +---------------+-----------------+ | Variable_name | Value | +---------------+-----------------+ | datadir | /var/lib/mysql/ | +---------------+-----------------+ 1 row in set (0.00 sec) sagt uns, wo das liegt. In datadir wird für jede mit CREATE DATABASE angelegte Datenbank ein Verzeichnis angelegt, und für jede mit CREATE TABLE in dieser Datenbank vorhandene Tabelle eine *.frm-Datei. Dies gilt für alle Tabellentypen, die MySQL verwendet, sogar für MEMORY-Tables. Die *.frm-Datei beschreibt die Definition der Tabelle, also welche Spalten und Indices vorhanden sein sollen.\nroot@localhost [(none)]\u0026gt; create database rootforum; Query OK, 1 row affected (0.00 sec) root@localhost [(none)]\u0026gt; use rootforum Database changed root@localhost [rootforum]\u0026gt; create table t ( id serial ) engine=memory; Query OK, 0 rows affected (0.03 sec) root@localhost [rootforum]\u0026gt; [1]+ Stopped mysql -u root -p h743107:/var/lib/mysql # l rootforum/ insgesamt 24 drwx------ 2 mysql mysql 4096 2006-02-11 11:27 ./ drwxr-xr-x 5 mysql mysql 4096 2006-02-11 11:26 ../ -rw-rw---- 1 mysql mysql 65 2006-02-11 11:26 db.opt -rw-rw---- 1 mysql mysql 8556 2006-02-11 11:27 t.frm Die db.opt sind übrigens die beim Anlegen der Datenbank verwendeten Datenbankoptionen, also der DEFAULT CHARACTER SET und die DEFAULT COLLATION.\nFür eine MyISAM-Tabelle werden neben der frm-Datei auch noch eine MYD- und eine MYI-Datei angelegt. Die MYD-Datei enthält die Daten, die MYI-Datei die Indices. Mithilfe der frm-Datei und den Daten aus der MYD-Datei kann die MYI-Datei jederzeit rekonstruiert werden, aber dies kann bei vielen Daten sehr lange dauern. Mithilfe der Tabellendefinition aus mysqldump --no-data kann die frm-Datei jederzeit rekonstruiert werden, aber das kann umständlich werden. Wenn die MYD-Datei beschädigt ist, gehen Daten verloren.\nh743107:/var/lib/mysql # fg mysql -u root -p root@localhost [rootforum]\u0026gt; alter table t engine=myisam; Query OK, 0 rows affected (0.03 sec) Records: 0 Duplicates: 0 Warnings: 0 root@localhost [rootforum]\u0026gt; [1]+ Stopped mysql -u root -p h743107:/var/lib/mysql # l rootforum/ insgesamt 28 drwx------ 2 mysql mysql 4096 2006-02-11 11:28 ./ drwxr-xr-x 5 mysql mysql 4096 2006-02-11 11:26 ../ -rw-rw---- 1 mysql mysql 65 2006-02-11 11:26 db.opt -rw-rw---- 1 mysql mysql 8556 2006-02-11 11:28 t.frm -rw-rw---- 1 mysql mysql 0 2006-02-11 11:28 t.MYD -rw-rw---- 1 mysql mysql 1024 2006-02-11 11:28 t.MYI Eine MYD-Datei besteht aus Records - je nach Definition der Tabelle haben sie eine feste Länge oder eine variable Länge: Solange VARCHAR, TEXT und BLOB nicht in einer Tabellendefinition vorkommen, haben die Records feste Längen, ansonsten eine variable Länge. Mit SHOW TABLE STATUS LIKE \u0026quot;name\u0026quot; kann man das prüfen:\noot@localhost [rootforum]\u0026gt; show table status like \u0026#34;t\u0026#34;\\G Name: t Engine: MyISAM Version: 9 Row_format: Fixed Rows: 0 Avg_row_length: 0 Data_length: 0 Max_data_length: 38654705663 Index_length: 1024 Data_free: 0 Auto_increment: 1 Create_time: 2006-02-11 11:28:56 Update_time: 2006-02-11 11:28:56 Check_time: NULL Collation: latin1_swedish_ci Checksum: NULL Create_options: Comment: 1 row in set (0.00 sec) (Indem man ein Kommando im MySQL-Kommandozeilenclient nicht mit ; oder \\g, sondern mit \\G abschließt, bekommt man eine vertikale Ausgabe der Daten und dies ist in manchen Fällen übersichtlicher)\nWir sehen hier, daß das Row_Format der Tabelle t fixed ist. Das bedeutet, daß die Datensätze in der MYD-Datei eine feste Länge haben. MySQL kann auf die Datensätze hier mit Datensatznummern zugreifen, statt mit Byte-Offsets zu arbeiten. Eine Datensatznummer oder ein Byte-Offset können bis zu 32 Bit unsigned groß sein - daraus ergibt sich eine Max_data_length von 4 GB für Row_Format: dynamic und von 4 GB * Datensatzgröße bei Row_format: Fixed. Ist das nicht ausreichend, muss man durch Angabe der Tabellenoptionen avg_row_length und max_rows dafür sorgen, daß MySQL z.B. intern 8 Byte Zahlen zur Adressierung verwendet - dies ist aber nur empfohlen, wenn notwendig, weil es den Server generell ein wenig langsamer macht.\nAn den Datenbankdateien von MySQL sollte man generell nicht zu Fuß herumfummeln, solange der Datenbankserver läuft (Manche Leute trauen sich das nach einem FLUSH TABLES WITH READ LOCK zu, aber generell ist es besser, ein /etc/init.d/mysql stop zu machen, bevor man was in datadir anfasst).\nFür eine Datensicherung ist es bei einer Default-Konfiguration ausreichend, datadir und die my.cnf zu sichern.\n(geschrieben für Rootforum und hier herüber geschafft zur Archivierung)\n","date":"2006-03-02T00:00:00Z","href":"https://blog.koehntopp.info/2006/03/02/mysql-fuer-dummies-1.html","tags":["mysql","lang_de"],"title":"MySQL für Dummies (1)"},{"categories":null,"content":" Sony, die Firma, die uns die ersten kommerziell eingesetzten Rootkits gebracht hat, präsentiert nun den VAIO XL2 .\nSony:\nThe Windows Media Center PC sports a 200-disc changer that, with a single click, lets you rip that many CDs while you sleep.\nEs ist unbekannt, ob das Gerät dabei vom Sony Rootkit infiziert werden kann oder nicht.\nIst Sony schizophren?\n","date":"2006-01-25T00:00:00Z","href":"https://blog.koehntopp.info/2006/01/25/ist-sony-schizophren.html","tags":["copyright","sony","media","lang_de"],"title":"Ist Sony schizophren?"},{"categories":null,"content":"Wer die Ereignisse rund um das Sony Rootkit verfolgt hat, der weiß schon, daß es Rechteinhaber mit dem Urheberrecht selbst nicht so genau nehmen und zum Beispiel schon mal gerne GPL Sourcecode ohne Beachtung der Lizenzbestimmungen in ihre Software einbauen, bevor sie diese ungefragt und getarnt auf fremden Rechnern einschmuggeln.\nDa ist es nur konsequent, wenn ausgerechnet die Oberschreihälse und Raubkopiererjäger von der Gesellschaft zur Verfolgung von Urheberrechtsverletzungen (GVU) (no less!) vom Staatsanwalt hausdurcht werden. Heise schreibt dazu:\nDie Staatsanwaltschaft Ellwangen verdächtigt die private Fahndungsorganisation der Film- und Softwareindustrie, die Verbreitung sogenannter Warez aktiv unterstützt zu haben. Ermittlungsbeamte des Landeskriminalamts Baden-Württemberg durchsuchten am heutigen Dienstag die Hamburger Geschäftsräume der Gesellschaft und die Wohnung eines hochrangigen Mitarbeiters. \u0026hellip; Sollte es zutreffen, dass die GVU die Infrastruktur der Raubkopierer mitfinanziert hat, würde dies einen Verdacht auf eine strafrechtlich relevante Beihilfe zur Verbreitung von Warez-Material begründen.\nVor diesem Hintergrund ebenfalls lesenswert: Der Fluch der Silberlinge - Spiegel Online zum 2. Korb der Urheberrechtsnovelle und zur GVU:\nAllein die GVU beschäftigt zehn Rechercheure, fast alles ehemalige Polizisten. Stolz bezeichnet Geschäftsführer und Ex-Kommissar Jochen Tielke seine Gesellschaft auch schon einmal als \u0026ldquo;kleines BKA für Urheberrechtsverletzungen\u0026rdquo;.\nWer ist die GVU? Mitgliederliste der GVU bei netzpolitik.org.\n","date":"2006-01-24T00:00:00Z","href":"https://blog.koehntopp.info/2006/01/24/rechte-und-inhaber-wen-juckt-s.html","tags":["copyright","hack","media","musik","lang_de"],"title":"Rechte und Inhaber - wen juckt's?"},{"categories":null,"content":"Die Polizei in Schleswig-Holstein will gerne einfach mal mithören : So soll zum Beispiel auch ohne konkreten Anfangsverdacht einfach jeder abgehört werden können. Beim ULD schreibt man dazu in einer Stellungnahme , was man davon hält.\nDer Schleswig-Holsteinische Innenminister Ralf Stegner hält in \u0026ldquo;Thilo allein zu Haus \u0026rdquo; diese Stellungnahme für weltfremd:\nDer Datenschützer tue aber so, als gehe von der Polizei grundsätzlich eine Bedrohung der Bürgerrechte aus. \u0026ldquo;Das ist eine verkehrte Welt, in der Thilo Weichert allein lebt\u0026rdquo;, sagte Stegner am Donnerstag (12. Januar) in Kiel.\nIn seinen Augen geht die Bedrohung grundsätzlich vom Bürger aus. Irgendwie haben durchschnittliche Innenminister ein sehr komisches Weltbild.\nFinden eine ganze Reihe Institutionen wohl auch.\nThilo ist nicht allein zu Haus\n","date":"2006-01-16T00:00:00Z","href":"https://blog.koehntopp.info/2006/01/16/noch-mehr-lauschen-einfach-mal-mithoeren.html","tags":["politik","security","überwachung","lang_de"],"title":"Noch mehr lauschen: \"Einfach mal mithören\""},{"categories":null,"content":" Ganz platt-klischeehaftes Deutschland\nIm Spiegel vertritt Markus Söder, CSU die Auffassung:\nSeine Partei trete dafür ein, in Deutschland wieder ein stärkeres Gemeinschafts- und Nationalgefühl zu entwickeln, sagte CSU-Generalsekretär Markus Söder der \u0026ldquo;Berliner Zeitung\u0026rdquo;. \u0026ldquo;Deutschland braucht einen ideellen Überbau\u0026rdquo;, sagte Söder dem Blatt.\nDas trifft in dieser allgemeinen Form eine ganze Menge Knöpfe bei mir.\nDa ist einmal der Hintergrund zu den Unruhen in den französischen Trabantenstädten - das Schlagwort der Berichterstattung, das in Bezug auf die deutsche Gesellschaft verwendet worden ist, ist \u0026ldquo;Parallelgesellschaft\u0026rdquo;. In der öffentlichen Diskussion ist dieser Begriff wegen der französischen Ereignisse in erster Linie mit Einwanderern aus muslimischen Ländern verbunden worden, aber in meinem Erleben ist der Begriff allgemeiner, und ich nehme jede Menge andere \u0026ldquo;Parallelgesellschaften\u0026rdquo; und weniger scharf abgegrenzte \u0026ldquo;Subkulturen\u0026rdquo; in meinem Umfeld wahr. Manche von denen sind sich - aus der Sicht eines muslimischen Einwanderers - recht ähnlich, wie etwa traditionelles deutsches Bürgertum und angehörige eines alternativen Lebensstiles in Deutschland, aber wenn man die beiden zusammenbrächte, würde sich beide Gruppen sehr schnell und recht emotional voneinander trennen.\nDurch meinen neuen Job lerne ich gerade eine weitere Gruppe von Menschen kennen.\nEs handelt sich um Personen, die sich selbst quasi globalisiert haben, und denen das konkrete Land, in dem sie Wohnen wahrscheinlich weitgehend egal ist - sie sind nicht dort geboren, sondern haben es sich ausgesucht, und wohnen und leben dort, weil es ihnen dort gefällt. Würde es ihnen nicht mehr gefallen, ziehen sie halt um. Diese Personen haben auch keinen lokalen Freundeskreis, sondern stehen mit Freunden in vielen Ländern über moderne Kommunikationsmittel in teilweise täglicher Verbindung. Sie arbeiten an Projekten, die extrem verteilt sind. Das Arbeitsumfeld, das Open-Source-Projekte erzeugen, ist ein solches Umfeld, und eine solche Subkultur. Kinder in Familien aus diesem Umfeld wachsen nicht selten zwei- oder dreisprachig auf und lernen von ihren Eltern, Landesgrenzen oder nationale Kulturen bei ihrer Lebensplanung zwar einzuplanen, aber nicht als Hindernis zu sehen.\nBeide Schichten sind eigentlich nur Ausprägungen derselben Veränderung, sie unterscheiden sich im Grunde nur im Grad der Ausbildung und der Finanzmittel, die ihnen zur Verfügung stehen (und das ist zugleich der fundamentale Unterschied zwischen beiden Gruppen). Sie, und viele andere Gruppen leben plötzlich im selben Land.\nSeit dem Ende des 19. Jahrhunderts haben wir in Europa die Identität von Region, Kultur und gemeinsamen Interessen, den Nationalstaat. Diese Identität löst sich gerade an den verschiedenen Enden der Gesellschaft auf - auf dem Balkan war der Leim weniger dick, da ist das schon passiert, in Frankreich hat es gerade geknallt, ist aber nicht explodiert, und in Deutschland haben wir jetzt eine große Koalition, weil viele Deutsche mit solchen fundamentalen Problemen gerne konsensuell statt diskursiv umgehen.\nDer deutsche Staat reagiert auf diese Veränderung jedoch hilflos, unter anderem weil er keine alternative Definition von sich selbst entwickelt hat, die über diese Epoche hinausgeht. Auch weil er kein Konzept oder Entwicklungsziel explizit gemacht hat, auf das der Staat sich hin entwickeln will, um mit diesen Tendenzen fertig zu werden - wir bauen zwar an \u0026ldquo;Europa\u0026rdquo;, aber nicht an einem europäischen Nationalstaat - das wäre mit den Mitgliedsländern von \u0026ldquo;Europa\u0026rdquo; schon heute gar nicht möglich, und wäre angesichts der Entwicklung von Subkulturen in allen europäischen Nationalstaaten auch nicht der richtige Weg.\nEine gemeinsame Reaktion ist jedoch in allen europäischen Ländern, wenn nicht sogar weltweit zu beobachten. Weil die gemeinsame kooperative Basis fehlt, entsteht das Gefühl der Angst vor dem Kontrollverlust und der Wunsch nach mehr Frühwarnsystemen. Das führt dann, vermutlich ungeplant, aber nichtsdestotrotz stimmig in dieselbe Richtung fortschreitend zu dem Mehr an Überwachung und politischer Kontrolle, das wir derzeit überall beobachten können: Der Staat belauert seine Bürger, die gesellschaftlichen Gruppen belauern untereinander, und unsere Bundeskanzlerin vollführt in den Medien den magischen \u0026ldquo;Du bist Deutschland\u0026rdquo;-Beschwörungstanz.\nAuch Söder haut in dieselbe Kerbe:\nSöder betonte: \u0026ldquo;Dazu gehört auch, die Nationalhymne mehr zu singen.\u0026rdquo; Das gelte für öffentliche Anlässe, aber auch in den Schulen. \u0026hellip; Darüber hinaus müsse den Kindern die richtige geistige Orientierung gegeben werden. So sollte das Angebot zu Schulgebeten erhöht werden, sagte der CSU-Politiker.\nNur: Wenn dies Deutschland ist, wie es in den Köpfen unserer Politiker existiert, dann will ich hier dringend weg. Söder kommuniziert hier das vereinfachte Weltbild für Anfänger, und das ist so herzerweichend naiv, hoffnungslos unzureichend und hilflos, daß es mich zugleich erschreckt und Mitleid in mir erregt. Wenn man es nicht als Konzept für \u0026ldquo;Deutschland\u0026rdquo; nimmt, sondern als die beste Definition von \u0026ldquo;Deutschland\u0026rdquo; interpretiert, über die ein öffentlicher Diskurs möglich ist, dann ist \u0026ldquo;Deutschland\u0026rdquo; als Konzept schon am Ende.\nInsofern ist der Spiegel-Artikel eine gute Sache, weil er zeigt, daß offenbar dringend ein Bedarf nach Diskussion darüber besteht, was eine Gesellschaft, einen Staat im 21. Jahrhundert überhaupt ausmacht. Und ob \u0026ldquo;Deutschland\u0026rdquo; überhaupt noch ein tragfähiges Konzept in dieser Zeit ist. Und falls ja, wie man \u0026ldquo;Deutschland\u0026rdquo; dann wohl definiert.\nBist Du \u0026ldquo;Deutschland\u0026rdquo;? Das ist die Frage, die der Photopool \u0026ldquo;Du bist Deutschland\u0026rdquo; als Antwort auf die Medien-Kampagne \u0026ldquo;Du bist Deutschland\u0026rdquo; doch wohl am ehesten aufwirft.\nWe are family Unter diesem urdeutschen Titel versucht Pro 7 seinen Zuschauern zu zeigen, was Deutschland alles ist, und wer alles in Deutschland lebt. Vielleicht hätte ich mir das einmal ansehen sollen, um besser zu verstehen, wer Ihr anderen Deutschen so seid und wie Ihr mich möglicherweise seht. Andererseits: Warum eigentlich?\nAm Ende bleibt die Frage, lieber Leser und Deutscher: \u0026ldquo;Bist Du Deutschland?\u0026rdquo; Wenn ja, wer bist Du? Und was ist Deutschland - für Dich? Kenntnis der Nationalhymne und Schulgebet? Ich hoffe doch, ein wenig mehr. Oder interessiert Dich das alles gar nicht mehr?\n","date":"2005-12-30T00:00:00Z","href":"https://blog.koehntopp.info/2005/12/30/bist-du-deutschland-oder-ein-vereinfachtes-weltbild-fuer-anfaenger.html","tags":["politik","lang_de"],"title":"\"Bist Du Deutschland?\" oder \"Ein vereinfachtes Weltbild für Anfänger\""},{"categories":null,"content":"Rootkit - Sonys digitaler Hausfriedensbruch : Eine Timeline. Hintergrundmaterial zum Vortrag auf dem 22C3.\nUpdate: Preliminary settlement filed in Sony suit :\nLawyers in a class action lawsuit filed against Sony BMG, First 4 Internet and SunnComm last month have submitted a preliminary settlement, which calls for Sony to stop manufacturing CDs with XCP and MediaMax DRM, provide replacement discs, and make cash payments to affected customers\u0026hellip;.\u0026ldquo;Incentive #1\u0026rdquo; will provide customers with a cash payment of $7.50 and a free download of one album from a list of more than 200 titles. \u0026ldquo;Incentive #2\u0026rdquo; removes the cash payment but allows for downloads of three albums\u0026hellip;.In order to be eligible, an individual must return the XCP laden CD to Sony, or provide the company with a receipt showing the return or exchange of the CD at a retailer after November.\nLachhaft glimpflich. Wer hat sich denn da bequatschen lassen?\nVolltext PDF (42 Seiten)\n(via The Inquirer )\n","date":"2005-12-28T00:00:00Z","href":"https://blog.koehntopp.info/2005/12/28/sony-rootkit-timeline.html","tags":["ccc","musik","sony","security","lang_de"],"title":"Sony Rootkit Timeline"},{"categories":null,"content":" Was sagen die Künstler, deren Werke von Sony mit dem illegalen Rootkit verschönert worden sind, dazu und was macht die Sony Affäre mit deren Einnahmen?\nBusinessweek schreibt:\nVan Zant\u0026rsquo;s Get Right with the Man CD was released in May, but six months later it still was doing better-than-respectable business on Amazon.com. The album ranked No. 887 on the online retailer\u0026rsquo;s list of music sales on Nov. 2. \u0026hellip; GROWING OUTRAGE. Overnight, Get Right with the Man dropped to No. 1,392 on Amazon\u0026rsquo;s music rankings. By Nov. 22 \u0026ndash; after the news made headlines and Sony was deep into damage control, pulling some 4.7 million copy-protected disks from the market \u0026ndash; Get Right with the Man was even further from Amazon\u0026rsquo;s Top 40, plummeting to No. 25,802.The wrath of fans killed Sony\u0026rsquo;s CD copy controls, with the company pulling 52 titles off retail shelves, beginning the week of Nov. 14. But the wrath of bands could be far worse for the company \u0026ndash; and for efforts to protect content in general.\n(via Julian Finn )\n","date":"2005-11-24T00:00:00Z","href":"https://blog.koehntopp.info/2005/11/24/k-nstler-vs-sony.html","tags":["hack","sony","media","musik","security","lang_de"],"title":"Künstler vs. Sony"},{"categories":null,"content":" Fred schickt mir den folgenden Link: EFF Files Class Action Lawsuit Against Sony BMG :\nThe Electronic Frontier Foundation (EFF), along with two leading national class action law firms, today filed a lawsuit against Sony BMG, demanding that the company repair the damage done by the First4Internet XCP and SunnComm MediaMax software it included on over 24 million music CDs\u0026hellip;.Both the XCP and MediaMax CDs include outrageous, anti-consumer terms in their \u0026ldquo;clickwrap\u0026rdquo; EULAs. For example, if purchasers declare personal bankruptcy, the EULA requires them to delete any digital copies on their computers or portable music players. The same is true if a customer\u0026rsquo;s house gets burglarized and his CDs stolen, since the EULA allows purchasers to keep copies only so long as they retain physical possession of the original CD. EFF is demanding that Sony BMG remove these unconscionable terms from its EULAs.\nWohl denen, die ihre Musik sicherheitshalber lieber eseln. Da sind die Risiken leichter einzuschätzen.\n","date":"2005-11-22T00:00:00Z","href":"https://blog.koehntopp.info/2005/11/22/eff-vs-sony.html","tags":["hack","sony","media","musik","security","lang_de"],"title":"EFF vs. Sony"},{"categories":null,"content":" Pushing Ice\u0026quot; ist der neuste Roman von Alastair Reynolds.\n\u0026ldquo;Pushing Ice\u0026rdquo; beginnt ganz klein, nach den Maßstäben einer Alastair Reynolds Der zehnte Mond von Saturn, Janus , macht sich auf, das Sonnensystem zu verlassen. Nur ein einziges Schiff, Rockhopper, ist derzeit weit genug draußen und gut genug ausgestattet, um die Verfolgung aufzunehmen und den Raumschiffmond zu erforschen. Doch natürlich gelingt es der Crew der Rockhopper nicht, von Janus zu entkommen, während der Mond immer weiter beschleunigt, und so wird aus der Raumreise auch eine Zeitreise\u0026hellip;\nDieses Buch spielt nicht im Noir-Universum von \u0026ldquo;Unendlichkeit\u0026rdquo;, sondern zugleich früher und später. Die Charactere sind bei weitem nicht so fremd und entmenschlicht wie in \u0026ldquo;Unendlichkeit\u0026rdquo;, denn sie entstammen einer Welt, die unserer näher und verständlicher ist. Doch das Universum, in dem sie leben, ist genauso kalt und lebensfeindlich wie das Noir-Universum.\n\u0026ldquo;Pushing Ice\u0026rdquo; handelt in seiner ersten Hälfte von einer Gemeinschaft, die unfreiwillig auf die größte Reise ihres und jeden anderen Lebens geschickt wird, und zeichnet die Konflikte und dem Kampf ums Überleben in einer absolut lebensfeindlichen und fremdartigen Umgebung. Doch die Gemeinschaft passt sich an und beginnt sogar, wieder zu florieren. Doch dann ist am Ende seiner Reise angekommen\u0026hellip;\nDer zweite Teil des Buches beschäftigt sich dann mit einer Erstkontaktsituation in einem abgeschlossenen und ressourcenknappen Umfeld - nicht unähnlich den Rama 2 und 3-Romanen von Arthur C. Clarke, aber lange nicht so schlecht erzählt und vor allen Dingen ein nicht so pessimistisches Bild von der menschlichen Natur zeichnend. Letztendlich erzählt Reynolds hier in beiden Teilen die Geschichte von Anpassungsfähigkeit und Wandlungsfähigkeit, und wie sich Intelligenz und Persönlichkeit unter diesen Umständen verformen und dennoch wiedererkennbar gleich bleiben können.\nAm Ende lässt einen \u0026ldquo;Pushing Ice\u0026rdquo; jedoch ein wenig unerfüllt zurück. Zwar packt Reynolds die Geschichte in einen geschlossenen Handlungsbogen, doch zugleich macht das Buch den Eindruck, nur der Starter für weitere, noch weiter hinaus reichende Geschichten zu sein.\nDas Setting im Mittelteil, das in diesem Buch gegeben wird und bespielbar wäre, ist jedoch für meinen Geschmack zu beschränkt und vor allen Dingen zu kalt und feindselig als daß ich dort Geschichten ansiedeln würde. Während \u0026ldquo;Pushing Ice\u0026rdquo; also ein guter Roman ist, der möglicherweise den Grundstein zu weiteren Geschichten legt, ist er als Sourcebook fürs Spielen für mich ohne weitgehende Änderungen nicht verwendbar - er enthält außerdem zu wenig Hintergrund, als daß er als Sourcebook für andere, von der Story abweichende Geschichten tauglich wäre.\n","date":"2005-11-20T00:00:00Z","href":"https://blog.koehntopp.info/2005/11/20/fertig-gelesen-alastair-reynolds-pushing-ice.html","tags":["review","book","scifi","lang_de"],"title":"Fertig gelesen: Alastair Reynolds: \"Pushing Ice\""},{"categories":null,"content":"Update zu Nützliche Kombinationen :\nAls Chief Security Officer ist man natürlich verantwortlich dafür festzulegen, welche Software auf den Rechnern einer Firma installiert werden darf. Ein Rootkit gehört sicherlich nicht dazu. Welche CDs sind also für das Hören in der Firma zu verbieten, weil sie sonst Firmenrechner verseuchen?\nHier die Antwort von Sony mit der kompletten Liste :\nEvery Sony BMG release starting April 1, 2004 has been suject to content protection technology.\nFür die Kosten für das Entfernen bereits installierter Rootkits wahrscheinlich der Arbeitnehmer aufzukommen, der die CD ins Laufwerk geschoben hat, und der kann dann versuchen, diese an Sony weiter zu reichen - so schätze ich jedenfalls die Rechtslage ein, aber ich bin kein Jurist. Vielleicht mag jemand mit mehr Ahnung von der Sache mal dazu Stellung nehmen?\nWie sagt die Tagesschau so schön:\nWohlgemerkt: Alle die unerwünschten Nebenwirkungen und Gefahren treten nur bei den Nutzern auf, die die CD legal erworben haben. Wer die Musikstücke als Raubkopien runtergeladen hat, hat derlei Ungemach nicht zu befürchten.\nDem ist wohl nix mehr hinzuzufügen.\n","date":"2005-11-06T00:00:00Z","href":"https://blog.koehntopp.info/2005/11/06/cso-vs-sony.html","tags":["hack","sony","media","musik","security","lang_de"],"title":"CSO vs. Sony"},{"categories":null,"content":"Das Sony BMG Rootkit aus Legal, Illegal, Scheißegal hat eine dicke Spur von Artikeln nach sich gezogen. Sony bietet jetzt ein Toolkit an, mit dem man die Rootkit-Funktionen deinstallieren kann, der Filtertreiber (den man in der EULA dennoch nicht abgenickt hat) bleibt aber drin. Das ist sehr gnädig von Sony BMG.\nIn World of Warcraft hackers using Sony BMG rootkit auf Securityfocus wird inzwischen von einer sinnvollen Anwendung des Sony BMG Rootkits berichtet: Es ist offenbar problemlos möglich, auf einer Maschine, die mit einer Sony CD verseucht worden ist, Cheats für World of Warcraft zu installieren, die von der Spyware, die Blizzard mit dem Spiel zusammen installiert, nicht entdeckt werden kann.\n\u0026ldquo;Und so verwenden wir unwürdige Konsumenten die Teile, die uns die mächtigen Megacorps zuwerfen in einer kreativen und nutzbringenden Weise.\u0026rdquo; \u0026ndash; irgendwie ist das alles sehr Shadowrun. Abzurunden wäre dies jetzt nur noch, indem Blizzard Sony BMG verklagt, weil das Sony BMG Rootkit so irgendwelche Ansprüche von Blizzard und World of Warcraft verletzt.\nSony BMG and First 4 Internet, the maker of the content protection technology, have both disputed claims that their system could harm the security of a Windows system. Yet, other software makers that rely on the integrity of the operating system are finding that hidden code makes security impossible.\n","date":"2005-11-04T00:00:00Z","href":"https://blog.koehntopp.info/2005/11/04/nuetzliche-kombinationen.html","tags":["hack","media","musik","security","lang_de"],"title":"Nützliche Kombinationen"},{"categories":null,"content":"Sony BMG baut ein Rootkit, um damit das ihrer Meinung nach illegale Kopieren von Dateien auf den Rechnern ihrer Kunden zu verhindern. Die Software gefährdet die Stabilität der Kundensysteme, ist nicht Bestandteil der Lizenzvereinbarung und tut mehr, als sie für die Erreichung ihres Ziels tun müßte. Die Meldung bei Heise zieht man das folgende Fazit:\nIn den Lizenzvereinbarungen (EULA) der CD – der man zustimmen muss, damit die darauf befindliche Abspiel-Software für PCs startet - steht laut Russinovich nichts davon, dass eine Software installiert würde oder sich gar tief im System verankert. In der Diskussion zur Sysinternals-Meldung werfen Teilnehmer ein, dass dieses Vorgehen des Kopierschutzes wohl in Kalifornien nach dem California Business \u0026amp; Protections Code Section 22947.3 illegal sei und mit bis zu 1.000 US-Dollar Strafe pro betroffenem Computer geahndet werden könne.\nDa sind zivile Forderungen wegen entstandener Schäden und Inkompatibilitäten wohl noch nicht drin eingerechnet.\n","date":"2005-11-01T00:00:00Z","href":"https://blog.koehntopp.info/2005/11/01/legal-illegal-scheissegal.html","tags":["hack","media","security","lang_de"],"title":"Legal, Illegal, Scheißegal..."},{"categories":null,"content":"Heute im Irc stellte eine Teilnehmerin den folgenden Fragenschwall:\nWie finde ich eigentlich heraus, was für Gruppen es auf einem Linuxsystem gibt? Wie füge ich da jemanden hinzu? Lege ich den zuerst als User an, ganz normal? Und: Wenn ich einen Ordner anlege, der nur für eine bestimmte Gruppe zugänglich sein soll, mache ich das doch über File Permissions, oder habe ich falsch gedacht?\nDie offensichtliche Antwort, das Nachsehen in /etc/group, funktioniert bei modernen Unixen nicht mehr zwingend, denn Gruppendefinitionen können nicht nur in lokalen Dateien stehen, sondern auch aus dem NIS, dem NIS+, einem LDAP oder einem Active Directory kommen.\nDie folgenden Dinge wurden mit Suse Linux 10.0 getestet, sollten so aber auch auf Solaris funktionieren.\nName Service Switch Genauer gesagt haben moderne Unixe ein Subsystem namens Name Service Switch. Der Name Service Switch erlaubt es dem System, für Benutzer, Gruppen, Hostnamen, Protokolle, Service und noch ein paar Dinge beliebige Datenquellen zu verwenden, für die vorgefertige Module existieren.\nDer Name Service Switch wird durch die Datei /etc/nsswitch.conf gesteuert. Dort findet man für jede Datenbasis (passwd, group, hosts, \u0026hellip;) einen einzeiligen Eintrag. Nach dem Namen der Datenbasis werden durch Leerzeichen getrennt die Namen der Datenquellen aufgelistet, und zwar in der Reihenfolge, in der sie durchsucht werden sollen.\npasswd: files nis shadow: files nis group: files nis hosts: files dns Diese Beispielkonfiguration holt ihre Benutzerdaten für Passwd- und Shadow-Datei sowie die Gruppen aus den lokalen Dateien und danach aus dem NIS, und sie ermittelt Hostnamen aus der lokalen /etc/hosts und danach aus dem DNS.\nDie Syntax für die /etc/nsswitch.conf ist noch ein wenig komplizierter. Zwischen den Einträgen für Datenquellen können in eckigen Klammern nämlich noch Anweisungen für das Verhalten in Fehlerfällen stehen. Auf diese Weise sind Setups möglich, die ihre Daten normalerweise NUR aus dem NIS ziehen, aber aus den lokalen Dateien, falls das NIS einmal nicht erreichbar sein sollte.\nDie Datenbasen des Name Service Switch lassen sich mit dem Kommando getent testen. getent group listet zum Beispiel die gesamte group-Datenbasis auf, getent group disk listet nur den Eintrag für die Gruppe disk auf.\nWir merken uns:\nIn einem modernen Unix mit Name Service Switch ist es also falsch, eine Liste der Gruppen des Systems durch Auslesen von /etc/group zu erzeugen. Stattdessen muß die Liste mit getent group erzeugt werden.\nDas Interface des Name Service Switch ist read-only. Es erlaubt nicht die virtualisierte Erzeugung von Gruppen. Schreibzugriffe müssen also weiterhin manuell in die richtige Datenbank geroutet werden, also in eine lokale Datei oder in ein LDAP geschrieben werden.\nProzesse und Dateien User und Gruppen sind nur dann von Bedeutung, wenn sie auch vom Systemteilen verwendet werden. Systemteile sind Subjekte, also Prozesse, und Objekte, also Dateien.\nEin Prozeß in Unix hat eine effektive User-ID und eine effektive primäre Gruppen-ID. Er kann außerdem eine Reihe von weiteren sekundären Gruppen-IDs enthalten.\nDas Kommando \u0026ldquo;id\u0026rdquo; listet die User- und Gruppen-IDs eines Benutzers:\nkris@dhcp-179:~\u0026gt; id -a uid=1000(kris) gid=100(users) Gruppen=16(dialout),33(video),100(users) Der Benutzer kris hat also die User-ID 1000 und die primäre Gruppen-ID 100. Er gehört außerdem den Gruppen 16 (dialout) und 33 (video) an.\nWenn dieser Prozeß eine Datei erzeugt, dann gehört diese Datei ebenfalls dem Benutzer 1000 (kris) und sie wird standardmäßig (\u0026ldquo;System V Semantik\u0026rdquo;) der Gruppe 100 (users) angehören, denn dies sind die primäre User- und Gruppen-ID dieses Prozesses.\nEs gibt eine andere Betriebsart für Dateisysteme (\u0026ldquo;BSD Semantik\u0026rdquo;), bei der neu angelegte Dateien nicht die primäre Gruppe des anlegenden Prozesses erben, sondern die Gruppe des unmittelbar übergeordneten Verzeichnisses. Man kann das ext2-Dateisystem komplett auf BSD-Semantik umstellen, indem man es mit der Option \u0026ldquo;grpid\u0026rdquo; (alternativ \u0026ldquo;bsdgroups\u0026rdquo;) mounted - der Default ist \u0026ldquo;nogrpid\u0026rdquo; (alternativ \u0026ldquo;sysvgroups\u0026rdquo;). In der Betriebsart \u0026ldquo;nogrpid\u0026rdquo; kann man für ein einzelnes Verzeichnis BSD Semantik wählen, indem man das SGID-Bit an dem Verzeichnis setzt. Hier ein Beispiel:\ndhcp-179:~ # lvcreate -l 10 -n test system Logical volume \u0026#34;test\u0026#34; created dhcp-179:~ # mke2fs -q /dev/system/test dhcp-179:~ # mount -o nogrpid /dev/mapper/system-test /export/test dhcp-179:~ # mkdir /export/test/bla /export/test/fasel dhcp-179:~ # chown kris:video /export/test/bla /export/test/fasel dhcp-179:~ # chmod g+s /export/test/fasel dhcp-179:~ # su - kris kris@dhcp-179:~\u0026gt; cd /export/test kris@dhcp-179:/export/test\u0026gt; touch bla/eins fasel/zwei kris@dhcp-179:/export/test\u0026gt; ls -l bla/eins fasel/zwei -rw-r--r-- 1 kris users 0 2005-11-01 18:59 bla/eins -rw-r--r-- 1 kris video 0 2005-11-01 18:59 fasel/zwei kris@dhcp-179:/export/test\u0026gt; ls -ld bla fasel drwxr-xr-x 2 kris video 1024 2005-11-01 18:59 bla drwxr-sr-x 2 kris video 1024 2005-11-01 18:59 fasel In diesem Beispiel wird das logical Volume test in der Volume Group system angelegt und mit dem ext2-Dateisystem formatiert. Das Dateisystem wird mit der Option nogrpid als /export/test gemountet, was der Default für ext2 ist (und bei reiserfs unveränderlich immer der Fall ist).\nIn /export/test werden die Verzeichnisse bla und fasel anlegt und beide auf kris:video gesetzt. An fasel wird zusätzlich noch das SGID-Bit gesetzt.\nLegt der User kris:users nun in bla und fasel jeweils eine Datei an, wird die Datei in bla (System V Semantik, bzw. nogrpid) der Gruppe users angehören. Die Datei in fasel (BSD Semantik, durch +s umgeschaltet) erbt ihre Gruppenzugehörigkeit jedoch vom übergeordneten Verzeichnis, gehört also kris:video.\nDasselbe Beispiel wie oben für ein Dateisystem, das mit grpid gemountet wurde, ergibt dann das folgende Bild:\nkris@dhcp-179:/export/test\u0026gt; touch bla/eins fasel/zwei kris@dhcp-179:/export/test\u0026gt; ls -ld bla fasel drwxr-xr-x 2 kris video 1024 2005-11-01 19:04 bla drwxr-sr-x 2 kris video 1024 2005-11-01 19:04 fasel kris@dhcp-179:/export/test\u0026gt; ls -l bla/eins fasel/zwei -rw-r--r-- 1 kris video 0 2005-11-01 19:04 bla/eins -rw-r--r-- 1 kris video 0 2005-11-01 19:04 fasel/zwei Das SGID-Bit am Verzeichnis hat dann also keine Wirkung mehr, weil das Dateisystem an sich hier schon BSD-Semantik hat.\nReiserfs kennt die Optionen grpid und nogrpid nicht und verhält sich immer wie ein ext2-Dateissystem mit nogrpid.\nWie kann man nun ein Verzeichnis einer Gruppe schenken? Nun, das geht einfach mit chgrp:\nkris@dhcp-179:~\u0026gt; mkdir keks kris@dhcp-179:~\u0026gt; chgrp video keks kris@dhcp-179:~\u0026gt; chgrp disk keks chgrp: Ändern der Gruppe für „keks“: Die Operation ist nicht erlaubt kris@dhcp-179:~\u0026gt; chgrp users keks Offenbar kann man ein Verzeichnis nur Gruppen schenken, denen man selbst angehört. Das ist deswegen so, weil Unix die Zuordnung von Quotas zu Benutzern und zu Gruppen erlaubt. Indem man eine Datei einer Gruppe schenkt, belastet die Datei die Quota der Gruppe und natürlich darf man nur die Quota einer Gruppe belasten, der man auch angehört.\nWenn man eine Datei in einem Verzeichnis mit BSD-Semantik anlegt, dann erbt diese Datei jedoch immer die Gruppe des Verzeichnisses, selbst dann, wenn der Benutzer, der die Datei anlegt, nicht dieser Gruppe angehört - hier kann dann ein fremder Benutzer die Quota einer Gruppe belasten, der er nicht angehört. Es ist also Aufgabe einer Gruppe, die Zugriffsrechte an ihren Verzeichnissen so zu setzen, daß dort nicht fremde Leute Daten ablegen können und so die Quota der Gruppe belasten.\nEs ist außerdem möglich (wenn auch unwahrscheinlich), daß ein Benutzer so eine Datei anlegen kann, die er später nicht mehr lesen darf.\nDas Szenario ist konstruiert, aber technisch möglich:\n## Kris legt ein Verzeichnis an kris@dhcp-179:~\u0026gt; mkdir keks kris@dhcp-179:~\u0026gt; chmod a+rwx,g+s keks kris@dhcp-179:~\u0026gt; chgrp video keks kris@dhcp-179:~\u0026gt; ls -ld keks drwxrwsrwx 2 kris video 48 2005-11-01 19:17 keks ## kdebuild legt dort eine Datei an kdebuild@dhcp-179:/home/kris/keks\u0026gt; umask 0727 kdebuild@dhcp-179:/home/kris/keks\u0026gt; touch bla kdebuild@dhcp-179:/home/kris/keks\u0026gt; ls -l bla ----r----- 1 kdebuild video 0 2005-11-01 19:18 bla kdebuild@dhcp-179:/home/kris/keks\u0026gt; cat bla cat: bla: Keine Berechtigung Das ist für ein Rechtesystem eine unschöne Situation. Fällt jemandem ein sinnvoller Anwendungszweck für diese Eigenschaft des Unix-Rechtesystems ein?\nWir merken uns:\nUm ein Verzeichnis zu erzeugen, auf das nur eine bestimmte Gruppe Zugriff hat, legen wir das Verzeichnis an und schenken es der Gruppe mit chgrp, dann setzen wir die Zugriffsrechte auf rwxrwx--- oder ähnlich.\nWenn wir außerdem das SGID-Bit am Verzeichnis mit chmod g+s … setzen, werden auch alle Dateien im Verzeichnis der Gruppe gehören. Um ein Verzeichnis einer Gruppe schenken zu können, muß man selbst Mitglied der Gruppe sein.\nZugriffsrechte an Dateien In den letzten 30 Jahren war es in Unix immer so, daß eine Datei einen Eigentümer und eine Eigentümer-Gruppe hatte. Rechte wurden für den Eigentümer und die Eigentümer-Gruppe vergeben. Prozesse hatten ebenfalls einen Eigentümer und eine Gruppe, und Unix hat stur den folgenden simplen Test durchgeführt, um zu bestimmen, welche Rechte für eine Datei gelten:\nStimmen der Datei-Eigentümer und der Prozeß-Eigentümer überein? Wenn ja, dann gelten die User-Rechte, also das erste rwx-Tripel. Das ist selbst dann der Fall, wenn in einem anderen Tripel bessere Rechte definiert sind. Stimmen die Datei-Eigentümergruppe und eine der primären oder sekundären Gruppen eines Prozesses überein? Wenn ja, dann gelten die Gruppen-Rechte, also das zweite rwx-Tripel. Das ist selbst dann der Fall, wenn im 3. Tripel bessere Rechte definiert sind. In allen anderen Fällen gelten die Rechte aus dem 3. Tripel. Access Control Lists (ACLs) Mit modernen Unixen ist es jedoch alles viel komplizierter geworden, denn nun können im Prinzip an einer Datei selber auch viele Benutzer- und Gruppenrechte kleben.\nZum Glück nicht per Default.\nDamit die Lage kompliziert wird, muß man das betreffende Dateisystem mit der Option acl mounten. Im Beispiel erzeugen wir zur Abwechslung mal ein reiserfs und mounten dies mit der passenden Option. Mit den Kommandos getfacl und setfacl (\u0026ldquo;get and set a file access control list\u0026rdquo;) können wir dann lustig individuelle Zugriffsrechte vergeben.\ndhcp-179:~ # lvcreate -l 10 -n test system Logical volume \u0026#34;test\u0026#34; created dhcp-179:~ # mkreiserfs -q /dev/system/test mkreiserfs 3.6.18 (2003 www.namesys.com) dhcp-179:~ # mount -o acl /dev/mapper/system-test /export/test dhcp-179:~ # cd /export/test dhcp-179:/export/test # touch keks dhcp-179:/export/test # chmod 000 keks dhcp-179:/export/test # setfacl -m u:kris:rwx,mask::rwx,g:video:rwx,u:kdebuild:rx keks dhcp-179:/export/test # ls -l keks ----rwx---+ 1 root root 0 Nov 1 19:26 keks dhcp-179:/export/test # getfacl keks # file: keks # owner: root # group: root user::--- user:kris:rwx user:kdebuild:r-x group::--- group:video:rwx mask::rwx other::--- Eine Datei mit einer ACL wird von ls mit einem \u0026ldquo;+\u0026quot;-Zeichen markiert. Statt den Rechten der Gruppe werden dann im zweiten Tripel die Rechte der Mask angezeigt.\nDie Mask limitiert alle anderen Zugriffsrechte an der Datei ausgenommen den Eigentümer und Others. Sie legt also quasi die maximalen Rechte fest, die irgendjemand außer dem Eigentümer an der Datei haben kann, wenn er nicht die Defaultrechte bekommt.\nDies ist ein Kompatibilitätsmechanismus, der meistens das korrekte Verhalten von Programmen bewirken soll, die nichts von Zugriffsrechten wissen - sie bekommen durch Auslesen des zweiten Rechtetripels einen etwas optimistischen View auf die Rechte, die sie wahrscheinlich haben werden. :)\nDas Kommando setfacl kann jetzt die Rechte an einer Datei modifizieren. Die Option -m (modify) bewirkt das.\nIm Beispiel werden Rechte für Benutzer (\u0026ldquo;u:\u0026rdquo;) und Gruppen (\u0026ldquo;g:\u0026rdquo;) sowie eine Mask (\u0026ldquo;m:\u0026rdquo;) definiert.\nLiest man die ACL mit getfacl aus, wird recht schnell deutlich, was hier geschieht:\nDer Eigentümer der Datei hat an ihr keine Rechte, der User kris hat die Rechte rwx, der User kdebuild hat die Rechte rx, die Defaultgruppe hat keine Rechte, die Gruppe video hat die Rechte rwx, und die Maske schränkt die Rechte von kris, kdebuild, video und der Defaultgruppe nicht ein.\nDer Rest der Welt hat keine Rechte an dieser Datei.\nWir merken uns:\nDateisysteme, die mit der Option \u0026ldquo;acl\u0026rdquo; gemounted wurden, können beliebig komplizierte Rechteregeln pro Datei haben. Es ist mit einem \u0026ldquo;+\u0026rdquo; an der Datei zu erkennen, ob dies der Fall ist. Diese ACLs können mit setfacl editiert und mit getfacl gelesen werden.\nACLs an Verzeichnissen Um die Sache noch komplizierter zu machen, haben Verzeichnisse zwei ACLs:\nEine normale wie wir sie schon kennen, die für das Verzeichnis selber gilt, eine default ACL, die für alle Verzeichnisse und Dateien gilt, die in dem Verzeichnis erzeugt werden. Werte für die Default-ACL werden festgelegt, indem man sie beim \u0026ldquo;setfacl\u0026rdquo; mit \u0026ldquo;d:\u0026rdquo; prefixed, also \u0026ldquo;d:u:kris:rwx\u0026rdquo;, \u0026ldquo;d:g:video:rwx\u0026rdquo; und \u0026ldquo;d\u0026#x24c2;\u0026#xfe0f;:rwx\u0026rdquo;.\nTL;DR Wir merken uns:\nIn den allermeisten Fällen tut das Unix-Rechtesystem mit den drei Tripeln \u0026ldquo;ugo\u0026rdquo; und den drei Rechten \u0026ldquo;rwx\u0026rdquo; genau das, was man von ihm will.\nSehr selten braucht man was komplizierteres, und dann steht es zur Verfügung.\nSelbst dann ist das Rechtesystem von Unix noch einfacher und übersichtlicher zu warten als das von Windows, getreu dem Motto \u0026ldquo;Simple things should be simple, and complex things should be possible.\u0026rdquo;\n","date":"2005-11-01T00:00:00Z","href":"https://blog.koehntopp.info/2005/11/01/user-und-gruppen-prozesse-und-dateien.html","tags":["computer","erklaerbaer","unix","lang_de"],"title":"User und Gruppen, Prozesse und Dateien"},{"categories":null,"content":" Das war\u0026rsquo;s .\nBis heute - fast zwei Jahre lang - war ich Security-Fuzzi für web.de. Das bedeutet: Ich habe Security Policy definiert, Fachabteilungen bei der Umsetzung von Policies beraten und entweder selbst oder von Dritten die Umsetzung von Policies prüfen lassen, und außerdem den Security Incident Management Prozess betrieben. In der Praxis bedeutet das, daß ich am härtesten Arbeitstag meines Lebens mit der Hilfe von vielen Kollegen einmal das gesamte Rechenzentrum von web.de runter- und danach wieder hochgefahren habe, daß ich jede Menge über das BSI Grundschutzhandbuch und die BS 7799/ISO 17799 vs. die Praxis gelernt habe, daß ich jetzt erklären kann, wieso Security Management bedeutet, daß jeder außer mir in der Firma Security macht, und daß ich geschätzten Kollegen erfolgreich vermitteln konnte, daß eine Krise nicht schneller vorbeigeht, wenn man sich mehr aufregt.\nEs bedeutet auch, daß ich zwei Jahre lang mit Den Besten zusammenarbeiten konnte. web.de ist eine überlebende Dotcom-Firma. Das bedeutet, daß die Personalabteilung von web.de und die IT ( der Unterschied ist kleiner als man denkt ) zusammen einen Einarbeitungs- und Selektionsprozeß erarbeitet haben, der effektiv und wirksam ist.\nFür mich war es erstaunlich zu lernen, wie sehr eine einzelne Persönlichkeit einer Abteilung ihren Stempel aufdrücken kann und ein unglaubliches Team zusammenschmieden kann, das auch noch lange über die direkte Anwesenheit dieser Person Bestand haben kann - und dieses Team hat in den vergangenen Jahren Dinge erreicht, die sich keiner vorher zugetraut hätte. Ich glaube, das ist das Beste, was man über eine Führungskraft sagen kann.\nDie vergangenen zwei Jahre waren jedenfalls ein wilder und spannender Ritt.\nEr ist nun vorbei, der Change ist durchgeführt.\nweb.de ist jetzt United Internet. Und Isotopp ist nun kris bei MySQL. Meine Berufsbezeichnung ist nun - mal wieder - Senior Consultant. Neben meinem Bett liegt ein Stapel Bücher von Joe Celko. Und bald schon werde ich wieder beim Kunden sein und ihn für Geld glücklich machen - das älteste Gewerbe der Welt. :-)\nIn gewisser Weise wird es dadurch für mich wieder einfacher. Projektmanagement statt Prozessmanagement hat klar definierte Ziele, klar definierte Deadlines, und damit auch klar definierte Erfolgserlebnisse. Entweder hat man fertig oder nicht. Entweder hat man die Unterschrift vom Kunden auf dem Abnahmezettel oder nicht.\nMein neuer Arbeitgeber hat eine Organisation von ca. 250 Leuten in 25 Ländern. Obwohl wir so verstreut sind, stehen wir zum Teil enger und schneller miteinander in Kontakt als viele andere Firmen - Irc, Bitkeeper/SVN, Mail, VoIP, Wiki und GSM binden diese Firma auf eine eigenartige Weise enger zusammen als manche physikalisch dichter beieinander organisierte Firma.\nMit MySQL 5.0 haben wir ein richtig feines Produkt, mit dem wir MySQL endgültig im Enterprise-Markt etablieren werden. Vor uns liegt die Herausforderung, die schlagkräftige Professional Services Organisation aufzubauen, die dann auch dauerhaft die Dienstleistung bringen kann, die in diesem Bereich gefordert wird. Das junge EMEA -Team ist gerade dabei, seine Sollkonfiguration zu erreichen.\nIch freue mich darauf, mit diesen Leuten Dinge zu bewegen und neue Sachen zu lernen, die ich mir vorher nie zugetraut hätte. Vor allen Dingen freue ich mich aber darauf, mit einem internationalen Team zusammenzuarbeiten und - wenn ich denn schon wieder Kilometer reißen muss - dies auf einer wirklich großen Landkarte zu tun.\n","date":"2005-10-28T00:00:00Z","href":"https://blog.koehntopp.info/2005/10/28/in-with-the-out-old-with-the-new.html","tags":["karlsruhe","mysql","work","lang_de"],"title":"In with the out, old with the new..."},{"categories":null,"content":"Eine Unix-Kommandoshell nimmt die Benutzereingabe und unterteilt sie in Worte. Das erste Wort einer Zeile ist ein Kommando, der Rest sind die Parameter des Kommandos. So weit so langweilig.\nInteressant wird die Sache, weil eine Unix Shell gut mit Worten umgehen kann. So kann sie Worte ersetzen und dabei auch neue Worte generieren. Dies nennt man Expansion, und die Bash hat sehr viele Expansion-Mechanismen:\nbrace expansion, tilde expansion, parameter expansion, variable expansion, arithmetic expansion, command substitution, word splitting und pathname expansion, sowie process substitution werden in dieser Reihenfolge auf den Worten einer Zeile durchgeführt. Nicht alle diese Mechanismen sind in einer klassischen #!/bin/sh enthalten.\nWenn man schnell mal ein paar Pfadnamen braucht, ist Bash Brace Expansion echt nützlich. Die Grundidee ist diese:\nkris@valiant:~\u0026gt; echo a{b,c,d}e abe ace ade Das kann man benutzen, um ähnliche Dinge aufzuzählen, ohne mehr schreiben zu müssen:\nkris@valiant:~/Source/tidy/src\u0026gt;ls parser.{c,h,o,lo} parser.c parser.h parser.lo parser.o Dabei ist es durchaus erlaubt, einen Teilausdruck leer zu lassen:\nkris@h3118:/etc/httpd\u0026gt; ls -1 httpd.conf{,.old} httpd.conf httpd.conf.old Aber Brace Expansion kann noch mehr: Bestandteil des Konzeptes sind auch Ranges.\nkris@valiant:~\u0026gt; mkdir x; for i in {0..10}; do mkdir x/$i; done; ls x 0 1 10 2 3 4 5 6 7 8 9 kris@valiant:~\u0026gt; mkdir y; for i in {a..z}; do mkdir y/$i; done; ls y a b c d e f g h i j k l m n o p q r s t u v w x y z Da die Erweiterung reihenfolgetreu ist, ist es sehr leicht, zum Beispiel alte Logfiles zu rotieren. Das geht dann so:\nkris@valiant:~/x\u0026gt; touch a.log kris@valiant:~/x\u0026gt; for i in {9..0}; do olog=a.log.$i; nlog=a.log.$(( $i+1 )); [ -f $olog ] \u0026amp;\u0026amp; mv $olog $nlog; done; mv a.log a.log.0; touch a.log; ls a.log a.log.0 kris@valiant:~/x\u0026gt; for i in {9..0}; do olog=a.log.$i; nlog=a.log.$(( $i+1 )); [ -f $olog ] \u0026amp;\u0026amp; mv $olog $nlog; done; mv a.log a.log.0; touch a.log; ls a.log a.log.0 a.log.1 Das letzte Beispiel verwendet eine weitere Bash-Expansion, Arithmethic Expansion. Hier wird ein Ausdruck, der in $(( ... )) steht, ausgerechnet und durch das Rechenergebnis ersetzt.\n","date":"2005-10-08T00:00:00Z","href":"https://blog.koehntopp.info/2005/10/08/bin-bash-brace-expansion.html","tags":["bash","computer","unix","lang_de"],"title":"#!/bin/bash -- Brace Expansion"},{"categories":null,"content":"Inzwischen bin ich so weit, daß ich viele Unix-Kommandozeilenprogramme zwar nützlich finde, aber in einem größeren Maßstab als unhandlich und schlecht wiederzuverwenden ansehe. Das liegt daran, daß das Konzept der Pipeline und der Kommandozeile zwar sehr mächtig sind, insbesondere wenn man sie mit einer guten Shell verwendet, aber einen nur so weit bringen.\nManchmal muß man doch richtigen Code schreiben, und wenn man dann den Compiler oder auch nur eine Scriptsprache schwingen muß, dann nützen einem die ganzen Kommandozeilen-Utilities gar nichts mehr.\nJa, es geht sogar so weit, daß sich diese ganzen Hilfsmittel als gefährlich erweisen, wenn irgendein Schlaumeier in seiner Gedankenlosigkeit Benutzereingaben und Kommandozeilenbefehle zusammenmischt und dann ohne das Gehirn einzuschalten an system() oder popen() übergibt. Die Geschichte von PHP und Perl ist voll von solchen bedauerlichen Betriebsunfällen und tausende von deface-ten Webseiten existieren, um Zeugnis davon abzulegen.\nRecode ist so ein Utilitiy gewesen, daß ich nützlich gefunden hätte, wenn ich es - damals - in den nn hätte einbauen können. Aber eine librecode gab es nicht - immerhin hat man einen Bugreport irgendwann erhört und eine solche erzeugt und so war es dann ganz einfach, die entsprechende PHP Extension zu schreiben.\nTidy ist ebenso ein Fall, der als Bibliothek sehr viel nützlicher gewesen wäre als als Kommandozeilenprogramm, und immerhin gibt es inzwischen auch eine Libtidy, auch wenn Suse Tidy per Default ohne diese baut und man daher das Suse-Paket erst einmal durch was richtiges ersetzen muß, bevor man sich ein zeitgemäßes PHP5 übersetzt.\nEs gibt eine ganze Reihe von Programmen, die ich ebenfalls sehr viel lieber als Bibliotheken sehen würde statt als Standalone-Programme - allen voran den C-Compiler selber. Wie coole Sachen könnte man machen, stünde einem Funktionalität wie die Folgende bereit.\nchar *code = \u0026#34;void function(void) { printf(\\\u0026#34;Hello, World\\n\\\u0026#34;); }\u0026#34;; void (*f)(void); PARSETREE_T *t = parse(code); EXEC_T *e = compile(t); f = find_symbol(e, \u0026#34;function\u0026#34;); if (f) f(); Oder bin ich der einzige, der so etwas cool finden würde?\nAber auch ohne die Rekursion der Bibliothekserzeugung durch Bibliotheken kann man nützliche Dinge tun. Und das geht so\u0026hellip;\nEin Stück monolithischer Code #include \u0026lt;stdio.h\u0026gt; int func(int para) { int result; printf(\u0026#34;Entering func(%d)\\n\u0026#34;, para); result = 3 * para; printf(\u0026#34;Leaving func(%d) = %d\\n\u0026#34;, para, result); return result; } int main(int argc, char *argv[]) { printf(\u0026#34;main start\\n\u0026#34;); printf(\u0026#34;Calling func(4) = %d\\n\u0026#34;, func(4)); printf(\u0026#34;main end\\n\u0026#34;); return 0; } Das ist ein mächtig aufregendes Programm: Es hat eine Funktion func, die ihren numerischen Eingabewert mit drei multipliziert und zurückgibt. Es besteht aus einem Stück und ist trivial zu übersetzen und auszuführen:\n.PHONY: clean prog: prog.c cc -Wall -o prog prog.c clean: rm prog Zwei einzelne Module Für so ein kleines Testprogramm wie dieses ist das ausreichend, aber wenn Programme größer werden, wollen wir sie aufteilen. Wir bekommen drei Teilprogramme. Das erste, func.c, enthält unsere Rechenfunktion:\n#include \u0026lt;stdio.h\u0026gt; #include \u0026#34;func.h\u0026#34; int func(int para) { int result; printf(\u0026#34;Entering func(%d)\\n\u0026#34;, para); result = 3 * para; printf(\u0026#34;Leaving func(%d) = %d\\n\u0026#34;, para, result); return result; } Der zweite Teil, prog.c, ruft diese Funktion nun auf:\n#include \u0026lt;stdio.h\u0026gt; #include \u0026#34;func.h\u0026#34; int main(int argc, char *argv[]) { printf(\u0026#34;main start\\n\u0026#34;); printf(\u0026#34;Calling func(4) = %d\\n\u0026#34;, func(4)); printf(\u0026#34;main end\\n\u0026#34;); return 0; } Der dritte Teil, func.h, ist winzig klein:\nextern int func(int para); Die \u0026quot;extern-Anweisung in dieser Include-Datei muß in prog.c eingebunden werden. Sie macht dem Compiler, der prog.c übersetzt, klar, daß es eine Funktion func() gibt, und welche Parameter sie ergibt sowie welches Ergebnis sie liefert. Ohne diese Include-Datei würde der Compiler nicht wissen, daß es eine solche Funktion gibt und einen Fehler generieren. Mit dem Include vertagt er seine Entscheidung auf später, und generiert lediglich eine \u0026ldquo;undefined reference\u0026rdquo; auf die Funktion, die dann zu einem späteren Zeitpunkt gefunden und gelinkt werden muß.\nBevor wir uns das genauer ansehen, hier erst einmal das Makefile:\nprog: prog.o func.o cc -o prog $^ .PHONY: clean .c.o: cc -Wall -c $\u0026lt; clean: rm -f *.o prog .dependencies .dependencies: cc -MM *.c \u0026gt; .dependencies include .dependencies Ein Testlauf:\nkris@valiant:~/Source/dlopen/02-multifile\u0026gt; make clean rm -f *.o prog .dependencies kris@valiant:~/Source/dlopen/02-multifile\u0026gt; make Makefile:18: .dependencies: Datei oder Verzeichnis nicht gefunden cc -MM *.c \u0026gt; .dependencies cc -Wall -c prog.c cc -Wall -c func.c cc -o prog prog.o func.o kris@valiant:~/Source/dlopen/02-multifile\u0026gt; ./prog main start Entering func(4) Leaving func(4) = 12 Calling func(4) = 12 main end Unser Makefile generiert also mit mehreren einzelnen Compileraufrufen eine prog.o und eine func.o-Datei. Ein dritte Aufruf fügt dann prog aus prog.o und func.o zusammen.\nWenn wir einmal einen genaueren Blick auf diese Dateien werden, erkennen wir, wie das funktioniert:\nkris@valiant:~/Source/dlopen/02-multifile\u0026gt; nm func.o 00000000 T func U printf kris@valiant:~/Source/dlopen/02-multifile\u0026gt; nm prog.o U func 00000000 T main U printf Die Datei prog.o enthält ein U func, ein \u0026ldquo;undefined symbol\u0026rdquo; für die Funktionen func und printf. Sie definiert ein Symbol main.\nDie Datei func.o enthält ebenfalls ein \u0026ldquo;undefined symbol\u0026rdquo; für printf, und definiert ein Symbol func. Durch das Zusammenfügen beider Dateien wird das undefinierte Symbol func mit der Definition für func aufgefüllt.\nEs bleibt jetzt noch die Definition von printf zu erfüllen - dies geschieht mit der libc, die jedem C-Programm automatisch zugeügt wird, wenn man dies nicht abbestellt.\nDer C-Startupcode, der sich auch um die Parameterbehandlung mit argc und argv kümmert, ruft dann main auf. Er kann dies, weil main ein definiertes (und exportiertes) Symbol ist, sodaß er die Funktion finden kann.\nEine statische Bibliothek bauen und verwenden Wir können dieses Code nun ohne Änderung verwenden, um eine statische Bibliothek zu bauen und zu verwenden. Dazu müssen wir lediglich die Zusammenbauanweisung, das Makefile, anpassen.\nUnser neues Makefile sieht so aus:\nprog: prog.o libfunc.a cc -o prog prog.o -L. -lfunc .PHONY: clean .c.o: cc -Wall -c $\u0026lt; libfunc.a: func.o ar rcs $@ $? clean: rm -f *.o *.a prog .dependencies .dependencies: cc -MM *.c \u0026gt; .dependencies include .dependencies und es tut dies:\nkris@valiant:~/Source/dlopen/03-staticlib\u0026gt; make Makefile:19: .dependencies: Datei oder Verzeichnis nicht gefunden cc -MM *.c \u0026gt; .dependencies cc -Wall -c prog.c cc -Wall -c func.c ar rcs libfunc.a func.o cc -o prog prog.o -L. -lfunc Wie zuvor übersetzen wir unsere beiden .c-Dateien in .o-Dateien. Alle Bibliotheksmodule fügen wir nun in eine Bibliothek libfunc.a ein. Hier ist dies nur eine Datei, func.o, aber in einem richtigen Projekt können das sehr viele Dateien sein.\nZum Erzeugen der Bibliothek verwenden wir den Archiver, ar. Mit der Option r (Replace, also entweder einfügen oder aktualisieren von Bibliotheksmodulen) fügen wir func.o in die neue Bibliothek ein.\nMit Hilfe der Suboption c (Create, Anlegen der Bibliothek bei Bedarf) sorgen wir dafür, daß die Bibliothek auch erzeugt wird, wenn sie noch nicht existiert.\nDie Suboption s erzeugt einen Objektindex im Archiv oder aktualisiert diesen. Dies erleichtert dem Linker später die Arbeit, wenn er das Programm aus Bibliotheksmodulen zusammenbauen muß.\nUnser Programm-Modul prog.o enthält nun ein undefined Symbol, func. Mit der Option -L setzen wir den Suchpfad für Bibliotheken, und zwar auf ., das aktuelle Verzeichnis. Dort suchen wir mit -lfunc nach der Bibliothek libfunc.a.\nAlle .o-Dateien in der libfunc.a werden durchsucht. Wenn eine von ihnen das gesuchte Symbol func enthält, wird diese .o-Datei dem Programm zugefügt. Dadurch wird func von der Liste der undefined symbols gestrichen und es werden ggf. weitere undefined symbols der Liste hinzugefügt, nämlich diejenigen, die das Modul func.o selber mitbringt, wenn es dem Programm hinzugefügt wird - in unserem Beispiel printf. Aber printf war ja sowieso schon auf der Liste der undefinierten Symbole, denn es wird ja auch in prog.o verwendet.\nEs ist wichtig, eine Bibliothek so zu schreiben, daß sie aus vielen kleinen Objektdateien besteht - jeweils eine Funktion pro Objektdatei. Das muß so sein, weil der Linker für jedes undefined symbol die Objektdatei aus dem Archiv extrahiert und dem Programm hinzufügt, die eine Definition für das gesuchte Symbol enthält. Wenn die Objektdateien groß sind und viele Funktionen enthalten, dann werden unserem Endprogramm unter Umständen Funktionen zugefügt, die wir gar nicht brauchen, weil sie in derselben Objektdatei stehen wie eine Funktion, die wir brauchen. Unsere Programme werden dann unnötig groß.\nDynamische Bibliotheken Bei statischen Bibliotheken enthält nun jedes Programm, das wir schreiben und in dem wir func verwenden, eine Kopie von func. Wenn wir drei oder vier von diesen Programmen zugleich starten, dann stehen auf dem Rechner drei oder vier Kopien von func im Speicher.\nDas muß nicht so sein. Wir können - wieder ohne Code zu ändern - unser Programm so bauen, daß es stattdessen dynamische Bibliotheken verwendet. Eine dynamische Bibliothek wird immer als Ganzes geladen, steht dafür aber nur einmal im Speicher. Wenn also drei oder vier verschiedene Programme die Bibliothek verwenden, wird sie zwar für jedes dieser Programme in dessen Speicherbereich eingeblendet, verbraucht dafür aber nur einmal physikalischen Speicher.\nDamit das funktioniert, ändern wir das Makefile noch einmal ab:\nprog: prog.o libfunc.so cc -o prog prog.o -L`pwd` -lfunc -Wl,-rpath `pwd` .PHONY: clean .c.o: cc -Wall -c $\u0026lt; libfunc.so: func.o cc -rdynamic -shared -o libfunc.so func.o clean: rm -f *.o *.a *.so prog .dependencies .dependencies: cc -MM *.c \u0026gt; .dependencies include .dependencies Der Build sieht jetzt so aus:\nkris@valiant:~/Source/dlopen/04-dynamiclib\u0026gt; make Makefile:20: .dependencies: Datei oder Verzeichnis nicht gefunden cc -MM *.c \u0026gt; .dependencies cc -Wall -c prog.c cc -Wall -c func.c cc -rdynamic -shared -o libfunc.so func.o cc -o prog prog.o -L`pwd` -lfunc -Wl,-rpath,`pwd` Hier werden die Objektmodule ohne eigene main-Funktion nicht mit ar in eine lib*.a-Datei überführt, sondern mit einem cc-Aufruf in eine .so-Datei umgewandelt.\nSo wie man nm auf Objektdateien (*.o) und Bibliotheken (*.a) anwenden kann, kann man mit objdump -T libfunc.so eine Liste der in der .so-Datei definierten Symbole bekommen - leider bekommt man neben den interessanten Informationen auch noch eine ganze Menge Verwaltungsklimbim angezeigt, sodaß man das Ergebnis ein wenig filtern muß, bevor man es sinnvoll lesen kann.\nDer eigentliche Build-Aufruf ist\ncc -o prog prog.o -L`pwd` -lfunc -Wl,-rpath,`pwd` Die Optionen -L und -l funktionieren genau wie bei statischen Bibliotheken. Mit der Option -Wl wird eine Option an den Linker weitergegeben, den wir mit -rpath,\\pwd`` instruieren, das aktuelle Verzeichnis als Suchpfad für die dynamischen Bibliotheken im resultierenden Binary mit zu vermerken.\nWenn wir das nicht täten, würde libfunc.so nicht gefunden werden, solange wir sie nicht in einem der in /etc/ld.so.conf genannten Verzeichnisse installieren und einmal ldconfig aufrufen.\nWer dem Linker bei der Arbeit zuschauen will, der kann dies tun, indem er die Shell-Variable LD_DEBUG setzt und exportiert. Der Wert help zeigt einem, auf was für Werte man LD_DEBUG setzen kann:\nkris@valiant:~/Source/dlopen/04-dynamiclib\u0026gt; export LD_DEBUG=help kris@valiant:~/Source/dlopen/04-dynamiclib\u0026gt; ./prog Valid options for the LD_DEBUG environment variable are: libs display library search paths reloc display relocation processing files display progress for input file symbols display symbol table processing bindings display information about symbol binding versions display version dependencies all all previous options combined statistics display relocation statistics unused determined unused DSOs help display this help message and exit To direct the debugging output into a file instead of standard output a filename can be specified using the LD_DEBUG_OUTPUT environment variable. dlopen() Manchmal kann man zur Compilezeit noch nicht vorhersagen, welche Module das laufende Programm später einmal benötigen wird.\nSpeziell Programme mit Plugin-Architekturen haben den Bedarf, .so-Dateien zur Laufzeit anziehen zu können, um so ihre Funktionalität durch das Laden von Plugins zu erweitern. Während statisch eingebundene .so-Dateien keine Änderungen am Code notwendig machen, ist für dynamisch geladene Dateien ein wenig Änderung notwendig - allerdings nur auf der ladenden Seite.\nAuf der Seite des Bibliothekscodes, in unserem Falle also func.c, func.o und libfunc.so, ist keine Änderung notwendig.\nDas Makefile sieht nun jedoch so aus:\nall: prog libfunc.so prog: prog.o cc -o prog prog.o -ldl .PHONY: clean all .c.o: cc -Wall -c $\u0026lt; libfunc.so: func.o cc -rdynamic -shared -o libfunc.so func.o clean: rm -f *.o *.a *.so prog .dependencies .dependencies: cc -MM *.c \u0026gt; .dependencies include .dependencies Wir haben nun also zwei unabhängige Targets beim Build: Die .so-Datei und das Programm, das sie verwendet, teilen keine gemeinsame Abhängigkeit mehr. Das Programm, prog, wird nun auch nicht mehr gegen die .so-Datei gelinkt. Stattdessen wird mit -ldl die libdl eingebunden, die uns die Funktionen dlopen(), dlsym() und dlclose() bereitstellt.\nDer Code in prog.c sieht nun so aus:\n#include \u0026lt;stdio.h\u0026gt; #include \u0026lt;stdlib.h\u0026gt; #include \u0026lt;unistd.h\u0026gt; #include \u0026lt;dlfcn.h\u0026gt; #define LIBNAME \u0026#34;./libfunc.so\u0026#34; typedef int (*func_t)(int); int main(int argc, char *argv[]) { func_t f; char *error_msg; void *libhandle = NULL; printf(\u0026#34;main start\\n\u0026#34;); /* .so oeffnen */ libhandle = dlopen(LIBNAME, RTLD_LAZY); if (!libhandle) { fprintf(stderr, \u0026#34;dlopen(%s, RTLD_LAZY failed: %s\\n\u0026#34;, LIBNAME, dlerror() ); exit(2); } printf(\u0026#34;dlopen() = %p\\n\u0026#34;, libhandle); /* func() finden */ error_msg = dlerror(); f = dlsym(libhandle, \u0026#34;func\u0026#34;); error_msg = dlerror(); if (error_msg) { fprintf(stderr, \u0026#34;dlsym(%p, \\\u0026#34;func\\\u0026#34;) failed: %s\\n\u0026#34;, libhandle, error_msg ); exit(3); } /* func() aufrufen */ printf(\u0026#34;Calling func(4) = %d\\n\u0026#34;, f(4)); /* .so droppen */ dlclose(libhandle); printf(\u0026#34;main end\\n\u0026#34;); return 0; } Dieser Code definiert eine Variable f vom Typ \u0026ldquo;Zeiger auf eine Funktion, die ein int liefert und einen int-Parameter annimmt\u0026rdquo;.\nEr lädt mit dlopen() die libfunc.so ein. Wenn dies gelingt, steht ein Handle für die Bibliothek zur Verfügung. Mit dlsym() können wir mit Hilfe des Handles in dieser Bibliothek nach der dem Symbol func suchen und bekommen so einen Zeiger auf func in f abgelegt oder nicht.\nMan beachte das Errorchecking für das Ergebnis von dlsym() nach Lehrbuch - das Interface von dlsym() ist mehr als bekloppt nicht sehr schön designed.\nWir können f dann ganz normal aufrufen. dlclose() entlädt das Plugin dann wieder.\nWenn mehr Leute sich angewöhnen würden, ihre Programme in Form von Bibliothek und Kommandozeilenwrapper zu schreiben, wäre es sehr viel leichter, Code in Form von Bibliotheken in Sprachkerne wie PHP oder in andere Programme einzubinden. Technisch ist das nicht sehr schwer, solange man sich die Mühe macht, die Infrastruktur drumherum in Form von Makefiles und Include-Dateien ordentlich zu erstellen.\nMaterial Das Program Library Howto zeigt den ganzen Kram noch einmal in aller Ausführlichkeit. Ein PDF von Ulrich Drepper diskutiert die dabei ablaufenden Interna.\nDas C++ dlopen Mini-Howto beschreibt, wie das ganze mit C++ zu bewerkstelligen ist. James Norton baut da in Dynamic Class Loading in C++ sogar einen schönen Wrapper drumherum.\nDynamic C++ Classes - Code Distribution ist die Downloadseite der dynamic-class library für C++. Das Paper \u0026ldquo;Dynamic C++ classes: A lightweight mechanism to update code in a running program\u0026rdquo; von Gísli Hjálmtýsson and Bob Gray beschreibt den Hintergrund.\n","date":"2005-10-08T00:00:00Z","href":"https://blog.koehntopp.info/2005/10/08/dynamisch-geladener-code.html","tags":["computer","linux","erklaerbaer","lang_de"],"title":"Dynamisch geladener Code"},{"categories":null,"content":"This article was previously shared on mysqldump.azundris.com, and salvaged from the old blog: An introduction to the normalisation of databases that requires no prior knowledge.\nSimply speaking, normalization is about flexibility, and avoiding redundantly storing information. That is, avoiding the storage of the same piece of knowledge in more than one place.\nConsider some cats and their owners (or, in Cat, our \u0026ldquo;tin-openers\u0026rdquo;):\ncat owner city Ada Andrea Anchorage Shelley Sarah San Diego Lynn Louise Los Angeles So far, so good. Now another cat strays to Louise:\ncat owner city Ada Andrea Anchorage Shelley Sarah San Diego Lynn, Lara Louise Los Angeles It\u0026rsquo;s pretty obvious that we\u0026rsquo;ll be in a world of pain once we also wish to store more attributes for each cat (date of birth, vaccination, \u0026hellip;). Moreover, cat would be a string in databases that do not support multi-valued fields (columns), so looking up Lara would be awkward (\u0026ldquo;show me all rows that have \u0026lsquo;Lara\u0026rsquo; as a whole word anywhere in the field cat_name\u0026rdquo;).\nThis is awkward, error-prone, and slow, so let\u0026rsquo;s discard the idea while we can:\ncat owner city Ada Andrea Anchorage Shelley Sarah San Diego Lara Louise Los Angeles Lynn Louise Los Angeles Now we stored \u0026ldquo;Louise\u0026rdquo; and \u0026ldquo;Los Angeles\u0026rdquo; twice. This is somewhat awkward, we\u0026rsquo;d rather only change one entry if Louise moves or changes her name:\nowner city Andrea Anchorage Sarah San Diego Louise Los Angeles cat owner (referencing other table, \u0026ldquo;foreign key\u0026rdquo;) Ada Andrea Shelley Sarah Lara Louise Lynn Louise We have eliminated the redundant city, but if Louise\u0026rsquo;s name should change, we\u0026rsquo;ll have to update three entries (her name in the owners table, and two references to that entry from the cats table). Since in the real world, people do move and do get married (and sometimes just change their names because, well, they wish to), maybe the name is not a very good key. We\u0026rsquo;ll make up an arbitrary one that will never change because it does not rely on the actual payload data:\nowner_no owner city 1 Andrea Anchorage 2 Sarah San Diego 3 Louise Los Angeles cat owner_no Ada 1 Shelley 2 Lara 3 Lynn 3 Now a new cat strays to Sarah. Like Louise, Sarah fancies the name Lara:\nowner_no owner city 1 Andrea Anchorage 2 Sarah San Diego 3 Louise Los Angeles cat owner_no Ada 1 Shelley 2 Lynn 3 Lara 3 Lara 2 The cats are still unique — Sarah\u0026rsquo;s Lara is Lara/2 in our cats table, Louise\u0026rsquo;s is Lara/3. At this point however, word gets around in cat circles that Louise rocks — Ada escapes from Andrea-world and strays to Louise! (cat_name,owner_no) no longer considered stable key!\nowner_no owner city 1 Andrea Anchorage 2 Sarah San Diego 3 Louise Los Angeles cat_no cat 1 Ada 2 Shelley 3 Lynn 4 Lara 5 Lara cat_no lives_with_owner_no from until 1 1 1998 2002 1 3 2002 NULL 2 2 1997 NULL 3 3 1850 NULL 4 3 1999 NULL 5 2 2002 NULL (NULL meaning: still living there, makes looking up current location nice and easy)\nSarah\u0026rsquo;s Lara heard the news as well, and also strays to Louise:\nowner_no owner city 1 Andrea Anchorage 2 Sarah San Diego 3 Louise Los Angeles cat_no cat 1 Ada 2 Shelley 3 Lynn 4 Lara 5 Lara cat_no lives_with_owner_no from until 1 1 1998 2002 1 3 2002 NULL 2 2 1997 NULL 3 3 1850 NULL 4 3 1999 NULL 5 2 2002 2002 5 3 2002 2002 Louise is unaware of the newcomer\u0026rsquo;s name and calls her Callisto — apparently, a cat\u0026rsquo;s name is not a constant. Once more, we fix our tables:\nowner_no owner city 1 Andrea Anchorage 2 Sarah San Diego 3 Louise Los Angeles cat_no cat 1 Ada 2 Shelley 3 Lynn 4 Lara 5 Callisto cat_no lives_with_owner_no from until under_the_name 1 1 1998 2002 1 1 3 2002 NULL 1 2 2 1997 NULL 2 3 3 1850 NULL 3 4 3 1999 NULL 4 5 2 2002 2002 4 5 3 2002 2002 5 Now, a cat can have any number of names (one after the other), and each owner can feed any number of cats. We can even make overlapping entries in our latest table to account for cats sneakily eating in several places. So far, so normal.\nOr is it? What happens if Louise moves, but not with all \u0026ldquo;her\u0026rdquo; cats?\nWhat changes will we need if twin cats arrive that get the same name because Sarah can\u0026rsquo;t tell them apart, anyway? (Rows must be unique!)\nDenormalisation: In some cases, it may be worthwhile to separate a table\u0026rsquo;s history from its status quo:\nto keep the table holding the current data small to speed up lookups in it or to put the history table in one of MySQL\u0026rsquo;s merge tables owner_no owner city 1 Andrea Anchorage 2 Sarah San Diego 3 Louise Los Angeles cat_no cat 1 Ada 2 Shelley 3 Lynn 4 Lara 5 Callisto lived_with_owner_no from until under_the_name (history) 1 1998 2002 1 2 2002 2002 4 lives_with_owner_no from under_the_name (current) 3 2002 1 2 1997 2 3 1850 3 3 1999 4 3 2002 5 In this example, we\u0026rsquo;ll have to insert the relevant line from the current table (using the current date for the until value) before updating the line in the current table.\nIf in doubt, use consecutive integers as a (primary) key (integer primary key auto_increment not null or similar). Do not use strings as keys if you can avoid it, if the above didn\u0026rsquo;t convince you, maybe this will: string lookups aren\u0026rsquo;t exactly fast. Do not use \u0026ldquo;match-codes\u0026rdquo; or any other keys that encode payload data; keys should be opaque.\n","date":"2005-09-11T00:00:00Z","href":"https://blog.koehntopp.info/2005/09/11/nermalisation.html","tags":["mysql","mysqldev","lang_en"],"title":"Nermalisation"},{"categories":null,"content":" Hinter mir liegt eine Woche MySQL Consulting Bootcamp Munich 2005. Für mich eine Woche mit Intensivkursen in MySQL 5, Performanceoptimierung und MySQL Cluster - wir haben das Schlungsprogramm, das sonst mehr als zwei Wochen abgewickelt wird, in 5 Tagen durchgezogen. Nebenbei habe ich noch das MySQL 4 Core und Pro Exam abgelegt (Ergebnisse liegen noch nicht vor, aber ich fand die Prüfung ziemlich schwierig), und wir waren an 5 Tagen zirka viermal in verschiedenen Bierhallen, Biergärten oder im Hofbräuhaus. MySQL geht echt auf die Kondition: 6 Kilo in 5 Tagen zugenommen\u0026hellip;\nEmea Team - Class of 2005. In Front: Ivan (Italy, now in England, Sales Team), Bernd (Germany, now in Sweden), Kai (Germany). In Back: UlfS (Sweden, now USA, Management), Josh (USA, Consulting USA), PeterS (USA, now Switzerland, EMEA Head), Stephane (France), Johan (Sweden). Missing: Jennifer (China, now USA).\nBernd\nIvan\nJennifer\nJohan\nJosh\nAs everybody can see, Kai is evil.\nPeterS\nStephane\nUlfS\n","date":"2005-09-10T00:00:00Z","href":"https://blog.koehntopp.info/2005/09/10/mysql-consulting-bootcamp-munich-2005.html","tags":["image","mysql","work","lang_de"],"title":"MySQL Consulting Bootcamp Munich 2005"},{"categories":null,"content":" Umzüge sind total toll. Umzüge anderer Leute jedenfalls. Denn da lernt man immer jede Menge Dinge über diese Menschen, die man vorher so nicht gewusst hatte.\nMeine gute Freundin J. zum Beispiel zieht gerade um. Nicht weit. Sie ist Lehrerin in einem Internat, und weil sie jetzt 13 Mädels zum Betreuen bekommt, zieht sie aus der bisherigen Wohnung auf dem Internatsgelände aus und mit ihrem Mann B. in eine andere Wohnung auf demselben Gelände.\nWegen des Wetters habe ich meinen Campingurlaub in Dänemark teilweise in \u0026ldquo;Freunde im Umfeld Kiel besuchen\u0026rdquo; umgemünzt und J. und B. so genau mitten im Umräumen erwischt. Nichtsdestotrotz hatte sie sofort Zeit für mich, und wir haben in ihrer halb eingeräumten Küche lecker Kaffee getrunken und Geschichten ausgetauscht. Während ich mich also in ihrer brandneuen Küche umsehe, fallen mir Details ins Auge, die in meiner Küche nicht so sind. Zunächst sind es nur kleine Dinge:\nDa sind zum Beispiel die Schneebesen, die fein säuberlich an einer Metallstange über dem Herd aufgereiht sind. Ich habe zu Hause einen Schneebesen, und die Katze hat ebenfalls einen, den sie in unseren Hausstand mitgebracht hat. Beide passen nicht zueinander: Meiner ist von Fackelmann und hat einen Griff aus orangenem Plastik. Der von Frau Katze ist, weil die Katze ihn ausgesucht hat, natürlich brushed metal. Bis jetzt haben wir aber mit jedem dieser Schneebesen noch alles geschneebest bekommen, was wir je haben schneebesen wollen. J. hat auch Schneebesen. Sieben Stück, in unterschiedlichen Größen und Formen, aber natürlich alle passend aus derselben Serie und wahrscheinlich von WMF, no less.\nGerade will ich eine Bemerkung darüber machen, als sie mir freudestrahlend erzählt, daß immerhin die Geschirrschränke schon eingeräumt sind. Sie gestikuliert zu den Schränken hinter mir, und dort stehen in der Tat vier deckenhohe Schränke mit halb durchsichtigen Türen, die bis in die obersten Regale voll geräumt sind mit Porzellan und Glas.\nB. wirft unterdessen ein, daß er beim Einräumen schier verzweifelt sei und merkt an, was für eine Heidenarbeit das gewesen sei, und daß er den halbjährigen Kurs \u0026ldquo;Welches Porzellan zu welchem Anlass\u0026rdquo; noch nicht bekommen habe. B. ist übrigens ein Analytiker mit einem sehr pessimistischen und leicht depressiven Ansatz - ich habe es immer sehr geschätzt, wenn er meine Konzepte vor einer Präsentation auf Schwachstellen und mögliche Fehler untersucht hat und mir die Formen, Farben und Größen der Atompilze, die mein Code generieren wird, schillernd ausgemalt hat. Seine Schilderung des Umzuges folgt demselben System, und wirkt so leicht apokalyptisch. Seine Frau wird an dieser Art in einigen Jahrzehnten sicherlich verzweifeln.\nWährend B. also noch wie \u0026ldquo;Marvin, the paranoid android\u0026rdquo; berichtet, wie diese Mengen von Zeug hierher gelangt sind, werfe ich einen Blick in den Schrank. Tatsächlich. Vier Sorten flache Teller. Na ja, okay, ich habe auch mehrere Sorten unterschiedlicher flacher Teller, aber das ist mehr eine Folge der Haushaltszusammenlegung mit Frau Katze. Die flachen Teller von J. sind dagegen vorschriftsmäßig: Sie unterscheiden sich nur in der Größe, sind aber ansonsten mit Sicherheit aus derselben Serie, und natürlich sind von jedem Teil 12 Exemplare vorhanden, wie in der DIN-Norm \u0026ldquo;Haushaltsführung\u0026rdquo; auf Seite 212 vorgeschrieben. Die tiefen Teller hätten in diesem Schrank sicherlich auch nicht mehr hineingepasst, sondern stehen bestimmt in einem der anderen Schränke. Bestimmt nicht im Glasschrank, in dem die jeweils 12 Weißweingläser, Rotweingläser, Cocktailgläser, Whiskytumbler, Sektgläser, Saftgläser und Schnapsgläser stehen. Ich fühle mich wie in der Eröffnungssequenz von \u0026ldquo;Fight Club\u0026rdquo; und ich warte gespannt auf eine Stimme aus dem Off und die Einblendung von IKEA-Produktinformationen vor meinem inneren Auge.\nJ. bemerkt, daß ich mich für ihren Hausstand interessiere, und schildert unterdessen, wie sie die Küche hier in den Raum eingepasst haben, und daß der Besteckschrank in den Flur rausgeräumt werden musste. Ich folge ihr, und blicke auf eine Art WMF-Ausstellung: Lasagneheber, Fischvorlegebesteck, Suppentassenlöffel, Spargelzange, Pellkartoffelbesteck und whatnot. Und ich Bauer habe meine Lasagne bisher mit einem Pfannenwender serviert!\nDann beginnt es mir langsam zu dämmern. Nordfriesin! J. kommt aus Nordfriesland. Dem Herzland der Landfrauenvereine (28 Ortsvereine! in Nordfriesland alleine). Möglicherweise werden alle Nordfriesinnen schon als kleine Mädchen gehirngewaschen? \u0026ldquo;Seid nett, modern, unkompliziert, spontan - aber wenn es um Haushaltsführung geht, macht ihr keine Gefangenen!\u0026rdquo;\nVorsichtig frage ich J. und B.: \u0026ldquo;Sagt mal, guckt Ihr eigentlich \u0026lsquo;Desperate Housewives\u0026rsquo;?\u0026rdquo;\n","date":"2005-08-13T00:00:00Z","href":"https://blog.koehntopp.info/2005/08/13/ueber-umzuege.html","tags":["kiel","lang_de"],"title":"Über Umzüge"},{"categories":null,"content":" Changekoordinator: kris@webde-ag.de (Kristian Köhntopp) ID Change Request: 30726 Eingangsdatum: 25.07.2005 Titel: Deinstallation Kristian Köhntopp/Senior Security Engineer\nProjektnummer: entfällt\nBeschreibung: Deinstallation des Prozesses Senior Security Engineer von Kristian Köhntopp; Begründung: Installation des Prozesses \u0026ldquo;MySQL Consulting\u0026rdquo; auf dieser Hardware\nBetroffene Teams/Abteilungen: IT, SE, Abuse, Legal, Presse, Freemail, Portal; Priorität: plangemäß, hoch\nExterne Abhängigkeiten: MySQL AB; Abhängigkeiten von anderen Changes: Der Risikomanagementprozess ist mit fast allen anderen Prozessen im Unternehmen gekoppelt. Er muss auf Ersatzhardware installiert werden. Die Ersatzbeschaffung ist noch offen.\nRisiken: Stillstand oder Erliegen des Risikomanagementprozesses bei Nichtverfügbarkeit von Ersatz.\nAnlagen: Kündigungsschreiben zum 31.10.2005.\n","date":"2005-07-26T00:00:00Z","href":"https://blog.koehntopp.info/2005/07/26/change-request.html","tags":["free software","karlsruhe","mysql","lang_de"],"title":"Change Request"},{"categories":null,"content":"In Open Source Software und Firmen habe ich versucht zu formulieren, unter welchen Gesichtspunkten es für Firmen rentabel und sinnvoll sein kann, \u0026ldquo;Intellectual Property mit Gewinn zu verschenken\u0026rdquo;:\nWenn wir Open Source schreiben, dann tun wir das in dem Bewusstsein, daß wir von vorneherein geschäftsspezifische Logik und allgemeingültigen Code getrennt halten müssen.\nAllen allgemeingültigen Code entwickeln wir auf Kosten des Hauses so weit, daß er vom Projekt als unsere Contribution in die offizielle Codebasis zurück akzeptiert wird. Dadurch sind wir die Verantwortung für diesen Code los und können Weiterentwicklungen an diesem Code aus der offiziellen Codebasis ohne Änderung im Hause nutzen.\nAlle geschäftsspezifische Logik entwickeln wir im Hause so weit, daß wir allgemeingültige Plugin-Schnittstellen oder andere Isolationsmechanismen in die Software einbauen oder einbauen lassen, und wir realisieren unsere geschäftsspezifische Logik dann grundsätzlich so, daß wir die offizielle Codebasis nicht patchen, sondern lediglich Plugins für sie schreiben.\nSo halten wir die Trennlinie zwischen offiziellem und firmeneigenem Code sauber aufrecht, und verbauen uns nicht die Möglichkeit, offiziellen Code jederzeit in die Produktion im Hause integrieren zu können. Andererseits stellen wir so sicher, daß geschäftsspezifische Logik nicht aus Versehen veröffentlicht wird.\nInzwischen kommen solche Ideen auch bei Beraterfirmen wie Gartner an. Unter der irreführenden Überschrift Open Source - eine Bedrohung für Software-Entwickler? findet sich trotz des falschen Titels sinnvoller Content:\nViele große Software-Hersteller würden ihr gesamtes Software-Portfolio prüfen, um festzustellen, welche Produkte von strategischer Bedeutung sind, um andere Produkte oder solche, mit denen kein Geld verdient wird, als Open Source freizugeben, so Hayward laut ZDNet Australia.\n\u0026hellip;\nLetztendlich zwinge die Open-Source-Bewegung Software-Hersteller, über die Art und Weise nachzudenken, wie diese ihre Produkte verkaufen. Eine große Zukunft für das Geschäft mit Software-Lizenzen sieht Hayward dabei nicht. Vielmehr werde Software zunehmend kostenlos als Open Source angeboten oder nach ihrer Nutzung abgerechnet, wobei die Umsätze mit Dienstleistungen rund um Software zunehmend an Gewicht gewinnen werden.\nFirmen und ihre Beraterfirmen kapieren langsam, was Open Source tatsächlich macht: Kosten für Infrastrukturentwicklung sozialisieren und unter allen Marktbegleitern aufteilen. Dadurch wird es am Open Source Prozess teilnehmenden und fair spielenden Firmen möglich, kooperative Vorteile zu nutzen und sich auf den Teil des Geschäftes zu konzentrieren, mit dem sie sich zurzeit vom Restmarkt differenzieren.\nDiesen Teil der Software werden Firmen in der Regel (zunächst) proprietär halten und mithilfe von Plugin-Schnittstellen auf die Infrastruktur drauf setzen - wenn es nicht sowieso Daten oder Dienstleistungen sind, mit denen die Differenzierung erfolgt.\n","date":"2005-07-06T00:00:00Z","href":"https://blog.koehntopp.info/2005/07/06/open-source-und-kommerzielle-software.html","tags":["free software","lizenz","lang_de"],"title":"Open Source und kommerzielle Software"},{"categories":null,"content":"Bei den Rollenspielern gibt es einige Versuche, eine Taxonomie aufzustellen. Letztendlich dient es dazu, die Frage zu klären: \u0026ldquo;Warum spielst Du?\u0026rdquo; oder \u0026ldquo;Was erwartest Du von einem gelungenen Abend.\u0026rdquo;\nEine der ältesten Unterscheidungen ist das 3-fold Model , das sich hauptsächlich damit beschäftigt, auf welche Ebene im Spiel der Spieler Konflikte lösen möchte:\nWill er gegen die Geschichte antreten, besser als die Mitspieler sein, oder gegen die Spielwelt und ihre innere Logik antreten. Andere Taxonomien wie das 5-fold beschäftigen sich eher mit den Zielen eines Spielers (Was willst Du erleben?) oder wie das RoLOGG mit ihren Motivationen (\u0026ldquo;Warum sitzt Du überhaupt heute abend hier?\u0026rdquo;).\nAuf einer grundlegenderen Ebene scheint es Spieler zu geben, die lieber mit Regelbüchern und Würfeln als Instrumenten der Konfliktauflösung spielen, und Spieler, die lieber mit möglichst wenig Regeln und anderen Methoden der Resolution spielen.\nAber ist \u0026ldquo;regelloses Rollenspiel\u0026rdquo; wirklich regellos oder welche Regeln bestimmen solche Spiele?\nIn den Diskussionen auf drsrm kommt recht häufig das Wort Gruppenvertrag vor. Damit ist nicht wirklich ein zu unterschreibender Vertrag gemeint, sondern eine mehr oder - meistens - weniger explizite Übereinkunft zwischen den Spielenden, was denn überhaupt gespielt werden soll und was die Erwartungen an das Spiel sind.\nDie erste, grobe Übereinkunft zwischen den Spielenden ergibt sich oft schon aus dem Genre .\nIn einer klassischen US-Western-Kampagne gelten andere Regeln als in einem Shadowrun-Setting: Im Western werden die Guten halt nur am Arm getroffen, können dafür aber die alleinstehende Farmersfrau nicht alleine im Stich lassen und vor der Übermacht der Bösen fliehen.\nIn Shadowrun kann der \u0026ldquo;Gute\u0026rdquo; halt ohne Probleme in der Gosse mit einem Schuß in den Unterleib verrecken, sogar, wenn es sich um ein sinnloses Drive-by Shooting handelt, das mit der Handlung nix zu tun hat, dafür würden Shadowrun-Spieler aber auch ohne Probleme die alleinerziehende Orkmutter im Erdgeschoß ausrauben, bevor sie ihr den toten Wachmann im Flur anhängen und sich verpieseln.\nUnd man sollte sich vor dem Spiel dringend vergewissern, ob man jetzt einen US- oder einen Italo-Western spielt, sonst könnte es Mißverständnisse geben!\nZu so einer Übereinkunft gehören aber auch Ideen dazu, warum die einzelnen Spieler am Tisch sitzen, was sie also von so einem Abend erwarten. Robin Laws hat dem Thema \u0026ldquo;Spielermotivationen und -erwartungen\u0026rdquo; ein ganzes Kapitel in seinen \u0026ldquo;Laws of good gaming\u0026rdquo; gewidmet. Wenn man sicherstellt, daß für jeden Spieler während eines Abends etwas von \u0026ldquo;seinen\u0026rdquo; Sachen dabei ist, kann man relativ sicher sein, daß die beim nächsten Mal auch wieder mit dabei sind.\nSpiele wie Primetime Adventures (PTA) gehen noch einen Schritt weiter und machen Genrekonventionen und Spielermotivationen zu den Regeln des Spiels. Sie berücksichtigen sogar Konzepte wie Spotlight Time bei der Planung einer Kampagne - es wird zu einem Teil des Spiels, die Kampagne wie eine Fernsehserie zu planen und wie z.B. im Lost Episode Guide festzulegen, daß dies im A-Plot eine \u0026ldquo;Kate\u0026rdquo; oder \u0026ldquo;Locke\u0026rdquo;-Episode wird, während im B-Plot dieses oder jenes näher beleuchtet wird.\nEine Kampagne oder Spielsession wie eine Fernsehserie zu planen sorgt auch dafür, Spieler mit interessanten Erzähltechniken (Rückblenden, Foreshadowing, Krise, \u0026hellip;) vertraut zu machen und sie darauf vorzubereiten, bestimmte Charactereigenschaften vorab besser auszuarbeiten oder betont auszuspielen.\nIm Grunde das viel interessantere Konzept - \u0026ldquo;regelloses Rollenspiel\u0026rdquo; heißt ja nicht, daß alles möglich ist, sondern vielmehr, daß die Regeln sich nicht arbiträr aus irgendwelchen Regelbüchern ergeben, sondern aus dem gemeinsamen Verständnis davon, was aus dem Genre im allgemeinen und der Session im speziellen und der Situation gerade jetzt möglich ist.\n","date":"2005-07-06T00:00:00Z","href":"https://blog.koehntopp.info/2005/07/06/regeln-vs-genrekonventionen.html","tags":["drsrm","roleplay","lang_de"],"title":"Regeln vs. Genrekonventionen"},{"categories":null,"content":"Die Abstimmung zu Software-Patenten im EU-Parlament hat stattgefunden und das Parlament lehnt die umstrittene Richtlinie ab. Golem berichtet in Softwarepatente? Abgelehnt! :\nEuropäisches Parlament lehnt umstrittene Richtlinie ab Wie sich gestern bereits abzeichnete, hat das Europäische Parlament am heutigen Mittwoch die Softwarepatent-Richtlinie mit einer Mehrheit von 648 Stimmen abgelehnt und damit das Gesetzgebungsverfahren beendet. Zwar wurde nach außen hin fast einhellig gefordert, Softwarepatente nach dem US-Vorbild in Europa zu verhindern, in der Frage, wie weit diese Ablehnung gehen sollte, gab es jedoch große Differenzen, die zu einer regelrechten Lobbyschlacht führten. Letztendlich einigte man sich nun darauf, besser keine Richtlinie zu verabschieden, statt einer, die dem jeweiligen Lager missfällt.\nUpdate:\nEuropaparlament stimmt gegen Software-Patente (Spiegel Online) EU-Parlament beerdigt Softwarepatentrichtlinie (Heise Newsticker) EU parliament bins software patent bill (The Register) Softwarepatente abgeschmettert (Futurezone) EU Says No To Software Patents (Slashdot) Europäische Union: Keine Software-Patentrichtlinie (FAZ) Richtlinie zu Softwarepatenten vom Tisch (Tagesschau) [EU-Parlament lehnt Software-Patente ab (Computer Base) Software patent bill thrown out (BBC News) ","date":"2005-07-06T00:00:00Z","href":"https://blog.koehntopp.info/2005/07/06/softwarepatente-abgelehnt.html","tags":["free software","lizenz","patent","politik","software","lang_de"],"title":"Softwarepatente? Abgelehnt!"},{"categories":null,"content":"Innenminister wollen einjährige Speicherung von Verbindungsdaten berichtet Heise:\nDie Innenministerkonferenz hat sich auf ihrer unter dem Motto \u0026ldquo;Mit Sicherheit was los\u0026rdquo; stehenden Tagung am gestrigen Freitag in Stuttgart für eine mindestens zwölfmonatige Aufbewahrung von Telefon- und Internetdaten durch die Telekommunikationsanbieter ausgesprochen. Die tief in die Grundrechte einschneidende Maßnahme halten die Sicherheitsexperten insbesondere im Cyberspace für nötig\u0026hellip;.Es gehe auch nicht darum, jede Verbindung permanent zu überwachen. Vielmehr sollten die Strafverfolger im Einzelfall bei konkretem Verdacht einer schweren Straftat auf die gespeicherten Daten zugreifen zu können. Dazu komme, dass die Polizei nur mit richterlicher Genehmigung die Daten erhalten solle. Dass die bei den Providern anfallenden gigantischen Bithalden mitsamt den darin enthaltenen sensiblen persönlichen Informationen wiederum bevorzugte Angriffspunkte für Cybergauner darstellen könnten, thematisierten die Innenminister nicht.\nDie Sicherheitsbehörden sind in einer unangenehmen Lage. Auf der einen Seite wird von ihnen erwartet, diverse Straftaten aufklären zu können, die im oder mit Hilfe des Netzes begangen werden. Auf der anderen Seite gibt es im Netz keinen Mechanismus, mit dem sich Taten im Netz zu den Tätern sicher in Verbindung bringen lassen.\nDie Behören reagieren stur - und das bedeutet wirklich stur bis hin zur Mißachtung von Parlamentsbeschlüssen - mit dem Aufbau der rechtlichen, organisatorischen und technischen Infrastruktur, die ihrer Meinung nach notwendig ist, damit sie ihre Aufgabe erfüllen können (und dann noch ein bischen, weil es so hart war). Dabei ist ihnen erst einmal egal, ob die technische Infrastruktur die geforderten Dinge überhaupt leisten kann oder welche Kosten dabei entstehen. Wenn das Internet dadurch zu teuer wird, dann wird sich halt eine andere Technik durchsetzen, die die geforderten Dinge kostengünstiger realisieren kann - so die tief im Inneren gefühlte Überzeugung der Behörden.\nDie Behörden sehen es dabei nicht als ihre Aufgabe an, das Problem der Täterrückverfolgung in irgendeiner Form optimal, kostensparend oder sonstwie sinnvoll organisiert zu lösen. Sie bauen einfach Druck auf, in der Hoffnung, daß der Markt sich dann unter Berücksichtigung der anderen Markteinflüsse richtig herum sortiert.\n","date":"2005-06-27T00:00:00Z","href":"https://blog.koehntopp.info/2005/06/27/vorratsdatenspeicherung.html","tags":["identity","politik","security","lang_de"],"title":"Vorratsdatenspeicherung"},{"categories":null,"content":" In Wann ist die Serverload zu hoch? fragt Reimer:\nDie Frage, ob ein Serverload von n zu hoch sei, höre ich häufig. Die Antworten sind jedoch ebenso unterschiedlich. So wird häufig die Zahl 1,00 als normaler Wert gehandelt, aber genau so fallen Zahlen wie 5,00 und 8,00 etc.\nIn Linux und Unix gibt es einige Zahlen, mit denen man die CPU-Auslastung des Systems ausdrücken kann. Da ist erst einmal die momentane CPU-Auslastung in Prozent, wie sie von top und anderen Tools angezeigt wird:\nDiese Zahl gibt detailliert Auskunft darüber, wie die CPU in diesem Moment ihre Zeit verbringt:\ntop - 10:49:36 up 11:53, 4 users, load average: 2.71, 2.33, 2.20 Tasks: 109 total, 3 running, 106 sleeping, 0 stopped, 0 zombie Cpu(s): 31.4% us, 8.9% sy, 0.0% ni, 47.5% id, 0.0% wa, 10.2% hi, 2.0% si Die Zahl id ist die Idle-Zeit, die ungenutzte Zeit der CPU. Die anderen Zahlen sagen detailliert, wie die CPU ihre Zeit verbringt: us (User-Time) ist Zeit, die im Programm verbracht wird, und sy (System-Time) die Zeit, die vom Kernel im Auftrag dieses Programmes verbraucht wird. ni (Nice-Time) ist Zeit, die von herunter priorisierten Prozessen sinnvoll verbraucht wird. Alle drei Zeiten zusammen sind sinnvoll genutzte Arbeitszeit.\nwa (Wait-Time) ist I/O-Wait, also Zeit, die der Rechner auf das Eintreffen von Daten von der Platte oder dem Netzwerk wartet. hi und si (Hard- und Soft Interrupt) sind Zeiten, die das System mit der Bearbeitung von Interrupts zubringt, also in Gerätetreibern und Timer-Routinen.\nDie Loadzahlen geben die mittlere Länge der Run-Queue über eine Minute (erste Zahl), fünf Minuten (zweite Zahl) und 15 Minuten (dritte Zahl) an. Die Zahl sagt, wie viele Prozessoren das System im Schnitt auslasten könnte. Wenn also die Load 1 ist, ist ein Einprozessorsystem so in etwa ausgelastet, eine Enterprise 10000 mit 64 CPUs in einer Domain ist bei einer Load von 64 gut ausgelastet.\nDie Load auf meinem System ist derzeit so:\nFür Auslastungsabschätzungen ist die blaue Fläche aussagekräftig, denn sie stellt die 15 Minuten-Load dar. Diese Zahl ist relativ unempfindlich gegen lokale Lastspitzen und daher ein besseres Maß für die Auslastung (im Gegensatz zur Elastizität) des Systems. Meine Maschine läuft derzeit tagsüber mit einer Load von ca. 0.8, ist also mit einem Prozessor zu etwa 80 % voll. Zu einzelnen Zeitpunkten (nachts um 4:15 Uhr, wenn das News-Expire läuft), wird die Ideal-Last von 1 deutlich überschritten. Das ist zu diesem Zeitpunkt aber nicht schlimm.\nDie Spitzenlasten (rote Kurve: 1 Minuten-Load, und davon das Maximum) halten sich außer um 4:15 Uhr im Rahmen, die Maschine kommt nicht nennenswert über Load 2 hinaus. Die Kiste hat also nicht mehr allzu viel Reserven, ist aber auch noch nicht überlastet.\n","date":"2005-06-24T00:00:00Z","href":"https://blog.koehntopp.info/2005/06/24/wieviel-load-darf-es-denn-sein.html","tags":["computer","devops","linux","unix","lang_de"],"title":"Wieviel Load darf es denn sein?"},{"categories":null,"content":"Auf der S9Y Mailingliste fragte ein zukünftiger Paketmaintainer nach, ob er Serendipity für seine Distribution packen solle und wir ihn dabei unterstützten wollen. Abgesehen von allgemeinen Überlegungen die dagegen sprechen, gibt es noch andere Gründe, die das nicht wünschenswert machen.\nIn den Bereich der allgemeinen Überlegungen fallen zum Beispiel die Releasezyklen von Distributionen: Sie sind in der Regel sehr viel länger als die von Webanwendungen wie Serendipity. Insbesondere sehr langwellige Distributionen wie Debian verteilen mit ihren Paketen Versionen der Software, die die Entwickler von S9Y nicht mehr unterstützen können und wollen.\nAuch ist fraglich, welchen Gewinn ein solches Package bringen soll. Eine Anwendung wie S9Y installiert sich mit Download-Auspacken-Anklicken sowieso schon selber und ist dabei dann an keinerlei externes Packaging oder fremde Zyklen gebunden. Eine Installation mit Betriebssystem-Packages bringt da nur Nachteile und fehlende Flexibilität. Zum Beispiel ist es so nicht leicht möglich, mehr als eine Version von S9Y an mehr als einer Location im System zu installieren, denn das Packagemanagement der üblichen Distributionen unterstützt weder konkurrente Installation unterschiedlicher Paketversionen noch sind verschiebliche Pakete mit durch den Anwender bestimmter Package-Root allgemein üblich.\nAber das ist nur die Spitze des Eisberges. Checkt man sich einmal webapps-common aus und liest, was da drin steht - oder vielmehr nicht drin steht, sieht man, daß ein solches Packaging nur Nachteile haben kann:\n2.1 Web applications and the FHS Web applications should follow the same guidelines as any other software. most specifically, they should not make any assumption about how the administrator has arranged the file hierarchy outside of the FHS by placing files in non-standard places such as /var/www or /usr/local. Specifically, the following table should serve as guidelines for the location of files:\n| type of file | location | +\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;-+\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;+ | static web pages | /usr/share/PACKAGE/www | | dynamically interpreted web pages | /usr/share/PACKAGE/www | | persistent application data | /var/lib/PACKAGE | | dynamcially executed web pages | /usr/lib/cgi-bin/PACKAGE | | application-specific libraries | /usr/share/PACKAGE/include | | site configuration | /etc/PACKAGE | | locally modifiable/overridable content | /etc/PACKAGE/templates | | php libraries | /usr/share/php/PACKAGE | | rrd, mrtg and other database files | see database application policy |\nFußnoten weggelassen.\nDas ist so kraß konsequent an der Realität vorbei, daß es mir persönlich schon wieder Respekt abnötigt.\nWebanwendungen sind überall für Webhostingumgebungen entwickelt, denn dies ist bei weitem die verbreiteste Form des Deployments für Webanwendungen. Webhostingumgebungen werden aber in der Regel per Filetransfer in ein Verzeichnis unterhalb der DocumentRoot der Kundendomain beschickt. Sicherheitsmechanismen in Webhostingumgebungen berücksichtigen das: Mit chroot() oder Virtual Base Directory versuchen sie, den Kunden auf seinen Verzeichnisteilbaum zu beschränken. mit einer UID und GID pro Kunde oder pro Kundendomain versuchen sie, Betriebssystem-Zugriffsrechte als Hilfsmittel zur Kundentrennung zu benutzen.\nEine Webapp-Policy, die das komplett ignoriert und Webanwendungen atomisiert, um ihre Trümmer dann einmal durch das Dateisystem zu zerstäuben hat so überhaupt nichts mit der Realität zu tun, daß man im ersten Augenblick nur sprachlos daneben stehen kann.\nOkay, hier ist also einmal ein Katalog von Anforderungen:\nPolicy muß chroot/virtual base directory jails unterstützen Policy muß UID pro Domain/GID pro Kunde oder ähnliche Setups unterstützen, die auf Apache suexec oder PHP safe_mode basieren Policy muß erlauben, daß die Anwendung mehr als einmal pro physikalischem Rechner installiert wird Policy muß erlauben, daß die Anwendung in mehr als einer Version pro physikalischem Rechner installier wird. Policy muß dem Kunden erlauben, seine Installation per ftp/scp/rsync zu sichern und zu modifizieren. Versionsmanagement muß erkennen, ob die modifizierte Anwendung danach noch automatisiert updatebar ist und ggf. einen Mergeprozeß unterstützen. Policy muß die Installation mehrerer unterschiedlicher Webanwendungen pro Vhost in unterschiedliche Directories unterhalb der DocRoot eines VHosts unterstützen Die Policy muß also ein Framework liefern, mit dem man Vhosts schnell erzeugen kann, mit dem man in einem Vhosts Features wie modlogan, perl, python, php, chroot Jail und andere Eigenschaften enablen und disablen kann, und mit dem man pro VHost eine oder mehrere Anwendungen in unterschiedlichen Verzeichnissen installieren und möglicherweise sogar sicher aktualisieren kann. Dabei muß die Anwendung durch Kopie aus einem Shared Repository installiert werden können, durch Hardlink auf das Repository um Platz zu sparen oder sie muß, wenn die Anwendung das unterstützt, shared installs (PEAR, S9Y, \u0026hellip;) möglich machen.\nAll das ist natürlich mit dem FHS komplett inkompatibel. Aber kompatibel mit den Anforderungen des Webgeschäfts, das nun einmal mit dem FHS erst einmal genau gar nix zu tun hat.\n","date":"2005-06-13T00:00:00Z","href":"https://blog.koehntopp.info/2005/06/13/webanwendungen-und-der-fhs.html","tags":["filesystems","php","s9y","lang_de"],"title":"Webanwendungen und der FHS"},{"categories":null,"content":"Nils Ketelsen verweist auf den Artikel Send Us Your Anonymous Tips! auf Anonequity:\nWhen I advocate for anonymous communication in the United States, I always hear the same two objections: you can\u0026rsquo;t trust an anonymous source; and anonymity promotes crime. And yet if you search for the phrase \u0026ldquo;send anonymous tips\u0026rdquo; on the Web, it is found most commonly on the Websites for US police departments. So law enforcement is using untrustworthy, possibly criminal sources to - stop crime. How do we make sense of this weird contradiction in US sentiment?\nWie kann es sein, daß staatliche Stellen auf der einen Seite Anonymität verteufeln und bekämpfen wollen, auf der anderen Seite aber auffordern, vermeintliche Straftaten oder verdächtiges Verhalten anonym anzuzeigen?\nDer Artikel bezieht sich dabei auch auf den Watergate-Skandal, eines der bekanntesten Verbrechen in der US-Geschichte, das durch einen anonymen Hinweis aufgeflogen ist und bei dem die Identität des Hinweisgebers erst letzte Woche enthüllt worden ist. Dennoch bestehen die meisten Leute darauf, daß Anonymität der Gegensatz zu Ehrlichkeit und Sicherheit ist.\nIn der Diskussion um Anonymität wird oft eine Scheinunterscheidung zwischen dem \u0026ldquo;vertrauenswürdigen Tippgeber\u0026rdquo; und dem \u0026ldquo;unidentifizierten Spammer, der uns seinen Müll auf eBay verkaufen will\u0026rdquo; aufgebaut. So verdächtig eine solch politisch motivierte Unterscheidung auch sein kann, kann sie uns dennoch nützlich sein, wenn wir anonyme Kommunikation im täglichen Leben legitimieren wollen, argumentiert der Artikel. Wir können das staatlich geförderte Bild vom anonymen Tippgeber nehmen, um auf die Wichtigkeit anonymer Kommunikation im öffentlichen Leben hinzuweisen.\nDer Artikel verweist auf What Can We Learn from Medical Whistleblowers? , in dem gezeigt wird, wie anonyme Hinweise Journalisten geholfen haben, Verbrechen und Korruption in der Pharmaindustrie aufzudecken.\nAber es muss ja nicht immer um Menschenleben gehen. Vielleicht geht es nur darum, als Michelin-Restaurant-Tester anonym zu bleiben, um zu verhindern, daß die Testergebnisse durch Sonderbehandlung verfälscht werden. Genauso muss die c\u0026rsquo;t ihre Produkte anonym kaufen, wenn sie den Service und Support von Herstellern für ihre Produkte testen möchte. Andernfalls wäre es ihnen wohl kaum möglich, einen objektiven und korrekten Test aus der Perspektive des durchschnittlichen Kunden durchzuführen.\nDeswegen sind solche Hotlines, Webformulare und Briefkästen für anonyme Hinweise und Tipps so wichtig. Sie sind eine ständige Erinnerung daran, daß nicht nur Kriminelle anonym kommunizieren müssen, sondern daß es legitime, anonyme Kommunikation ist, die jeden Tag hilft, Verbrechen und Betrug aufzudecken und zu stoppen!\nNatürlich kann man nur hoffen, daß die Betreiber solcher anonymer Tippkästen keine Logs von IP-Adressen führen, von denen der Tipp gekommen ist. Oder man hofft nicht, sondern hilft sich selbst. Tor ist eine gute Methode, seine digitalen Spuren zu verwischen.\n","date":"2005-06-08T00:00:00Z","href":"https://blog.koehntopp.info/2005/06/08/anonymitaet-und-schizophrenie.html","tags":["authentication","identity","politik","security","lang_de"],"title":"Anonymität und Schizophrenie"},{"categories":null,"content":"Wie anderswo angemerkt, ist morgen der 8. Juni 2005, und damit der 10. Geburtstag von PHP.\nWas als kleines Tools zur Erstellung der Bewerbung von Rasmus Lerdorf angefangen hat, ist jetzt ein ausgewachsenes Tool zur Erstellung und Handhabung von Webanwendungen. PHP glänzt vor allen Dingen durch seine Integrationsfertigkeiten: es ist die Borg, die Glue Language des Web, die alle anderen Bibliotheken und Kommunikationswege assimiliert und zur Erreichung der eigenen Perfektion integriert.\nIch selber bin zu PHP wahrscheinlich irgendwann in 1997 oder 1998 gekommen. Boris Erdmann hat damals mit PHP/FI (PHP2) herumexperimentiert und für SH Online Shopsoftware in PHP entwickelt - das war viel bequemer als in Perl. Und so kam es, daß ich mich auch schon bald mit PHP auseinandergesetzt habe\u0026hellip;\nDenn mit Boris zusammen habe ich damals für einen Shop und das zugehörige Prozeßbackend im Intranet eines großen Konzerns geerbt. Wir haben damals sehr schnell gemerkt, daß wir ein Problem mit Persistenz haben und uns dann eine generalisierte Methode zur Erzeugung von Sessionvariablen überlegt.\nDas Resultat dieser Überlegungen war PHPLIB. Am 19. Mai 1998 habe ich auf der php-general-Liste zum ersten Mal nach Sessions gefragt (vom selben Tag kommt übrigens auch die Idee für PHP Standard Library ). Am 30. Juni haben Boris und ich dann PHPLIB released . Was ich damals als\nWe have had some stability problems with our code (spontaneous intermittent failures on some pages; \u0026ldquo;document contains no data\u0026rdquo;, but no log messages and no PHP debugger output) which we are trying to track, but we have had no success. These problems may be related to a general instability of PHPs object features (we are using classes, subclasses and objects throughout our code).\nwar vermutlich der erste Versuch weltweit, die damals brandneuen Objektfeatures von PHP3 anzuwenden und so kam es, daß Boris und ich ca. 50 Bugreports gegen die Release Candidates von PHP3 gefiled haben und persönlich verantwortlich für 4 von 6 Release Candidates waren (indem wir Showstopper Bugs entdeckt haben :).\nPHP ist für mich aber nicht nur eine schöne Sprache und eine reichhaltige Plattform gewesen, sondern auch eine Erfahrung im Aufbau einer Gemeinschaft.\nIch habe über die Beschäftigung mit der Sprache eine Menge von Leuten in vielen Ländern kennegelernt. Ich habe eine Newsgroup eingerichtet und die FAQ für die Gruppe zunächst alleine und dann mit einem wirklich guten Team fortgeschrieben. Was damals für die FAQ gilt, ist im Grunde beschreibend für die ganze kooperative Kultur, die um PHP herum entstanden ist:\nWarum funktioniert de.comp.lang.php?de.comp.lang.php funktioniert, weil wir hier freundlich miteinander umgehen und weil wir Arbeit nicht zweimal machen. dclp hat eine Kultur, und Ihr koennt diese Kultur mitgestalten.\nDer 10. Geburtstag von PHP ist damit ein Anlaß für mich, um mich bei allen den Leuten zu bedanken, die an diesem wirklich großen Projekt mitgearbeitet haben und die durch Kooperation und den Willen, ohne besonderen Anlaß zu einem gemeinsamen Ganzen beizutragen, die Sprache und die Gemeinschaft PHP zu einer der bedeutendsten Plattformen für Webentwicklung weltweit gemacht haben.\n","date":"2005-06-07T00:00:00Z","href":"https://blog.koehntopp.info/2005/06/07/zehn-jahre-php.html","tags":["kiel","php","lang_de"],"title":"Zehn Jahre PHP"},{"categories":null,"content":"Projekt 300 ist der Versuch, die 300 GB Quota pro Monat, die mit dem kleinsten Strato Rootserver mitkommen, auszunutzen. Weil dies zu leicht ist, sind die Nebenbedingungen \u0026ldquo;legal\u0026rdquo; und \u0026ldquo;sinnvoll\u0026rdquo;. Mit http und Mail komme ich bei der Maschine so auf 15-20 GB pro Monat. Also habe ich einen Binary-freien Newsserver in Betrieb genommen und habe derzeit NNTP-Verbindungen zu ca. 50 weiteren Maschinen. Auf diese Weise komme ich auf Platz 170 der Weltrangliste der News-Server und ca. 30 weitere GB Traffic im Monat. Es müsse also neue Projekte her, um die Maschine über die 50 GB-Schwelle zu heben.\nSo habe ich mich dafür entschieden, eine tor-Node auf dem Rechner einzurichten und bandbreitenlimitiert mitlaufen zu lassen.\nDie Installation von tor ist straightforward: Runterladen von libevent , tor , privoxy und tsocks .\nDie Installation von libevent und tor folgt dem üblichen Dreiklang von \u0026ldquo;sh configure\u0026rdquo;, \u0026ldquo;make\u0026rdquo; und \u0026ldquo;checkinstall\u0026rdquo;. Für die Inbetriebnahme legt man am Besten einen User \u0026ldquo;tor\u0026rdquo; an, etwa mit\n# useradd -u 520 -g 520 -c \u0026#34;Tor Anonymous Service\u0026#34; -d /var/lib/tor tor # passwd -l tor Mein tor sucht seine Konfiguration in /usr/local/etc/tor/torrc. Die Konfigurationsdatei habe ich komplett neu geschrieben, statt das mitgelieferte Sample zu verwenden, weil ich wissen wollte, welche Optionen es überhaupt gibt.\nDas Setup sieht so aus:\n### ### General Options ### ## ## Bei mir läuft tor als User tor in der Gruppe tor, und als dauernd ## laufender Dämon im chroot. ## Group tor User tor RunAsDaemon 1 ## ## Netzwerk Ressourcen ## Diese Anweisungen begrenzen die Dauerbandbreite auf ## ca. 50 KB/sec. Das sorgt dafür, daß die Karte nicht ## vollläuft und daß das Kontingent für den Tag nicht ## zu schnell aufgebraucht wird. ## ## Burst Bandwidth kann höher sein, das gibt dem ganzen ## Setup ein wenig Elastizität. ## BandwidthRate 50 KB BandwidthBurst 10 MB ## Statt ein monatliches Trafficlimit festzulegen, habe ich ## ein tägliches Limit definiert. Das sorgt dafür, daß die ## Node den ganzen Monat über nützlich ist und nicht am Anfang ## des Monats auf einmal alle Ressourcen weggelutscht werden ## können. AccountingStart day 00:00 AccountingMax 2500 MB ## 900 Filedescriptioren für diese Node. MaxConn 900 # Directory Server und Status DirFetchPeriod 20 minutes # DirServer address:port fingerprint DirServer 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441 DirServer 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF DirServer 62.116.124.106:9030 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D StatusFetchPeriod 15 minutes ## ## Dateien und Verzeichnisse ## # Logging SafeLogging 1 #Log debug file /var/log/tor/tor.log #Log info file /var/log/tor/tor.log Log notice file /var/log/tor/tor.log # PID File PIDFile /var/run/tor/tor.pid # Verzeichnisse DataDirectory /var/lib/tor ### ### Client Options ### ## Socks Server von außen erreichbar machen SOCKSBindAddress 127.0.0.1:8001 SOCKSBindAddress 81.169.156.174:8001 # Wir reden mit: all of QSC, uns selbst SOCKSPolicy accept 212.202.0.0/17 SOCKSPolicy accept 81.169.156.174/32 SOCKSPolicy accept 127.0.0.1/8 SOCKSPolicy reject *:* # Unverified Nodes sind solche, die nicht im Directory bekannt sind # entry|exit|middle|introduction|rendezvous AllowUnverifiedNodes middle,rendezvous ### ### Server Options ### # Port ORPort 8000 # Admin-Info ContactInfo 1024D/32E7CFC3 2005-02-11 Kristian Koehntopp \u0026lt;kris@koehntopp.de\u0026gt; MyFamily koehntopp,strato Nickname koehntopp ## Die Exit Policy legt fest, welche Dienste in welchen Ranges ## von diesem Server angesprochen werden. Wir machen aus Prinzip ## kein Mail (25), aber etwa ssh, imap, irc und natürlich web. ## ## Bekannte Filesharing Ports sind gesperrt. # Exit-Policy (Was kann dieser Server ansprechen?) ExitPolicy reject 169.254.0.0/16 ExitPolicy reject 127.0.0.0/8 ExitPolicy reject 192.168.0.0/16 ExitPolicy reject 10.0.0.0/8 ExitPolicy reject 172.16.0.0/12 ExitPolicy accept *:20-22 ExitPolicy accept *:53 ExitPolicy accept *:79-81 ExitPolicy accept *:110 ExitPolicy accept *:143 ExitPolicy accept *:443 ExitPolicy accept *:706 ExitPolicy accept *:873 ExitPolicy accept *:993 ExitPolicy accept *:995 ExitPolicy accept *:6660-6669 ExitPolicy accept *:8008 ExitPolicy accept *:8080 ExitPolicy accept *:8888 ExitPolicy reject *:* ### ### Directory Server ### DirPort 8002 # Please coordinate with the other admins at tor-ops@freehaven.net AuthoritativeDirectory 0 RunTesting 0 DirAllowPrivateAddresses 0 ### ### Hidden Service Options ### # not used Jetzt kann ich auf meinem Rechner einen tsocks-Client konfigurieren, um meinen Server anzusprechen. Danach kann ich etwa mit \u0026ldquo;tsocks irssi\u0026rdquo; dann anonym ircen\u0026hellip;\n# This is the configuration for libtsocks (transparent socks) for use # with tor, which is providing a socks server on port 9050 by default. # # See tsocks.conf(5) and torify(1) manpages. # server_type = 4 local = 81.169.156.174/255.255.255.255 server = 81.169.156.174 server_port = 8001 ","date":"2005-06-05T00:00:00Z","href":"https://blog.koehntopp.info/2005/06/05/selber-zwiebeln-anonymit-t-selbst-gemacht.html","tags":["identity","security","lang_de"],"title":"Selber Zwiebeln - Anonymität selbst gemacht"},{"categories":null,"content":" IP-Nummern werden überbewertet das wußten wir schon. Nach einigen theoretischen Anmerkungen zum Thema Anonymität geht es jetzt in die Praxis, denn Anonymität kann man auch selber herstellen. Die Grundlage dafür ist Onion Routing : Netzknoten bauen untereinander Verbindungen auf und senden einander immer gleich große, verschlüsselte Pakete zu. Dadurch entsteht eine Wolke von Rechnern, die untereinander ununterscheidbare Pakete zufällig austauschen.\nNutzer bauen Verbindungen zu einem Netzknoten auf und senden so Daten in die Wolke. Die Pakete laufen zufällig durch einige dieser Netzknoten und treten jetzt irgendwo an einem Knoten aus, um zu ihrem eigentlichen Empfänger zu gelangen. Da die Pakete in der Wolke ununterscheidbar sind, ist es nicht möglich, eintretende und ausgehende Verbindungen einander zuzuordnen. Da jeder Netzknoten aufgrund der Verschlüsselung der Pakete nur den unmittelbaren Vorgänger und den unmittelbaren Nachfolger kennen kann, aber nicht die wahre Quelle und das wahre Ziel des Paketes, kann auch ein einzelner kompromittierter Netzknoten die Kommunikation im Netz nicht verkettbar machen (Die Wirklichkeit ist ein wenig komplizierter (PDF)).\nOnion Routing der ersten Generation basierte auf asymmetrischer Kryptographie, und war aus verschiedenen Gründen relativ langsam.\nTor ist das Folgeprojekt von den Erfindern des Onion Routings und legt besonderen Wert auf geringe Latenzen und Benutzerbarkeit in der realen Welt.\nFür den Benutzer präsentiert sich Tor als SOCKS4a Proxy, der mit einem SOCKS-sprechenden HTTP/HTTPS-Proxy wie Privoxy ansprechen läßt. Das hat außerdem noch den Vorteil, daß die Anonymität der Kommunikation durch präpariertes Javascript oder HTML nicht mehr so leicht zu durchbrechen ist. Andere TCP-basierende Protokolle wie ssh oder irc lassen sich mit Hilfe von TSOCKS ohne Eingriff in die Anwendung anonymisieren.\nAlle anonymisierenden Dienste haben das Problem, daß sie Abuse-Handling definieren müssen. Tor geht dieses Problem an, indem sie dem Betreiber einer Tor-Node erlauben, die Rolle der eigenen Node in einer Verbindung zu definieren. Per Default ist eine Node nur Mittelteil einer Verbindung und niemals Entry- oder Exit-Node. Erst indem der Betreiber eines Knotens den SOCKS-Proxy von tor konfiguriert, gibt er seinen Knoten als Entry-Node frei. Dabei kann er festlegen, von wo die Nutzung seines Knotens als Entry-Node möglich ist.\nAußerdem kann jeder Betreiber einer Node eines Exit-Policy definieren, die festlegt, welche Verbindungen die tor-Node aus der Wolke heraus nach draußen aufbaut: Ohne eine solche Exit-Policy ist eine tor-Node niemals Exit-Node. Dadurch ist es Personen mit viel Bandbreite, aber eingeschränkten Möglichkeiten zum Abuse-Handling (etwa Firmen) möglich, eine Node zu betreiben und so zum Funktionieren des tor-Netzes beizutragen, ohne die eigenen organisatorischen und personellen Strukturen zu belasten.\nViele Betreiber potentieller Knoten haben beschränkte Bandbreiten und tägliche oder monatliche Trafficlimits. tor implementiert daher einen Token Bucket Traffic Shaper, für den man eine durchschnittliche und eine Burst-Bandbreite definieren kann. Die tor-Node wird dann niemals mehr Traffic erzeugen, als diese Limits angeben. Mit Hibernation ist es außerdem möglich, ein absolutes Trafficlimit für einen Zeitraum festzulegen und so die Überschreitung von Trafficgrenzen etwa auf Dedicated Servers von Hostinganbietern zu vermeiden.\nSchließlich kann tor außerdem noch Hidden Services anbieten: Dies sind Dienste wie das Hidden Wiki, deren reale Location und deren Betreiber im Netz nicht bekannt ist - tor schützt also nicht nur die Anonymität von Nutzern, sondern auch die Anonymität von Anbietern.\n","date":"2005-06-02T00:00:00Z","href":"https://blog.koehntopp.info/2005/06/02/die-welt-ist-meine-zwiebel.html","tags":["identity","security","lang_de"],"title":"Die Welt ist meine... Zwiebel?"},{"categories":null,"content":"Der folgende Vortrag stammt einem \u0026ldquo;Dienstags-Vortrag\u0026rdquo; in Karlsruhe-Durlach. Ich versuche zu erklären, wie man Vorträge plant und hält.\nVorträge hält man für eine bestimmte Zielgruppe, die man kennen und beschreiben können muß. Das heisst, man muss wissen, wofür diese Leute sich interessieren, warum sie im Vortrag sitzen werden und was ihr Kontext und ihr Vorwissen ist.\nEin Vortrag hat ein Ziel, wir wollen den Rahmen im Kopf der Zielgruppe ändern, also etwas erreichen.\nDazu müssen wir unsere Kommunikation kontrollieren und an diesem Ziel ausrichten. Dazu stehen uns die Folien, die Sprache und unser Auftreten als Referent/in zur Verfügung.\nUnd die Form muß stimmen, damit wir ernst genommen werden.\nZiel und Zielgruppe Die Leute im Vortrag geben Dir ihr wertvollstes Gut um Dir zuzuhören: Ihre Lebenszeit. Du hast ein konkretes Ziel: Du willst in ihren Köpfen was verändern.\nOhne genau zu formulieren, was das ist und wo diese Leute jetzt, vorher stehen, kann das nichts werden.\nDas bedeutet: Der Vortrag muß vorbereitet sein und hinterher auch so wirken. Denn sonst fühlen sich Deine Zuhörerinnen veralbert und nicht ernst genommen und sind nicht bereit, Deiner Argumentation zu folgen.\nWas genau ist also das Ziel des Vortrages?\nWillst Du etwas vermitteln (Neue Fertigkeiten)? Willst Du zu etwas aufrufen (Appell zur Handlung)? Willst Du Mittel einwerben (Aufruf zur Bereitstellung von Ressourcen)? Willst Du etwas verkaufen? Angenommen, alles läuft wie am Schnürchen: Wie soll das Ergebnis aussehen?\nZielgruppe Wer sind Deine Zuhörer, wie denken sie? Was ist ihnen wichtig? Welchen Argumentationslinien sind sie zugänglich?\nWo willst Du sie hin bringen und ist das realistisch?\nWas ist eine gute Geschwindigkeit? Beachte auch den Kontext, die Uhrzeit und was vorher passiert ist oder nachher passieren wird. Der erste oder letzte Vortrag einer Konferenz ist immer besonders.\nWie lange kannst Du das Durchhalten?\nAgenda Jeder Vortrag hat eine Agenda, einen argumentativen Ablauf. Man kann und soll dabei transparent sein, und diese Agenda vorher oder während der Vortrages mit einem Highlight anzeigen. Dadurch wissen Deine Zuhörer, wo wir sind, wie wir da hin gekommen sind und was noch kommt. Sie können ihr eigenes Engagement besser planen.\nFür wen ist der Vortrag, und was muß der Zuhörer an Vorwissen oder Motivation mitbringen, um folgen zu können?\nWie ist der Vortrag aufgebaut? Es ist sinnvoll, die Grobgliederung in Stichworten zu visualisieren oder einen Prozessbalken oder x/y Anzeiger mitzuführen. Manche Themen lassen sich auch mehrdimensional (\u0026ldquo;als Landkarte\u0026rdquo;) darstellen und sind dann interessanter dargestellt.\nKommunikation kontrollieren Alles im Vortrag hat sich dem Kommunikationsziel unterzuordnen. Es mag noch andere Themen oder wissenswerte Dinge geben, aber diese haben keinen Platz. Der Vortrag ist auch so lang genug. Du kannst weiterführende Hinweise in der Nachbereitung oder den Fußnoten unterbringen.\nNur zielführende und wesentlicher Folien haben einen Platz.\nEs ist gut, Reservefolien oder weitergehende Erklärungen zu haben. Diese versteckt man in der Regel und zeigt sie nicht. Nur wenn Fragen aufkommen, kann man - wenn es die Zeit erlaubt - in diese Richtung vertiefen.\nJeder Vortrag ist individuell. Betrachte die Situation und das Publikum, dann ordne die Folien, verstecke unwesentliche Folien, passe Folien an.\nDie magische Zahl Sieben (plus oder minus Zwei)\nMenschen können circa sieben Dinge mit einem Blick erfassen. Auf eine Folie gehören wenige, interessante Dinge. Niemals mehr als Sieben, eher weniger.\nDu brauchst die Folien nicht vorzulesen und sie müssen nicht dem gesprochenen Wort entsprechen. Du brauchst sie auch nicht als Gedächnisstütze. Sie dienen nur der Kontextualisierung des Vortrags und des gesprochenen Wortes.\nNiveau Beim Schreiben gilt: Schreibe für ein Publikum von Achtjährigen. Verwende Hauptsätze, mache keine inhaltlichen Sprünge, setze kein Wissen über die Welt voraus. Deine Leser sind nicht dumm, aber sie haben keine Zeit, kein Vorwissen über Dein Thema und sind abgelenkt.\nWenn Du in einer Fachzeitschrift schreibst, ziele auf Zwölfjährige. Du kannst komplexere Sätze bauen, aber Du musst noch immer alle Schritte und allen Kontext transportieren. Auch hier gilt, dass die Leser nicht in Deinem Fachgebiet arbeiten und nicht Dein Vorwissen haben.\nBeim gesprochenen Vortrag gilt ähnliches: Deine Worte müssen den Zuhörer auf eine Reise mitnehmen und jeden Schritt machen, jeden Kontext herstellen. Nur dann können und wollen sie folgen.\nBilder Bilder sind gut. Dieser Vortrag hat zu wenige davon!\nBilder sind groß, aussagekräftig, bunt und haben keine feinen Linien oder subtilen Farbkontraste. Sie verdeutlichen Dinge meistens besser als viele Worte.\nManche Begriffe lassen sich jedoch wegen Abstraktion nicht gut visualisieren.\nSprache Deine Zuhörerinnen können lesen und tun das auch. Du brauchst ihnen die Folien nicht vorzulesen. Sie sind auch kein Ersatz für den Aufschrieb oder einen geschlossenen Text, der das Thema noch vertieft.\nDer Vortrag liefert also Anekdoten und Bilder, die das Thema erinnerbar machen. Sie gehen den Rahmen und die Erzählung vor, und setzen damit den Kontext, indem die anderweitig bereitgestellten Fakten rezipiert, erinnert und verarbeitet werden.\nPublikum Halte den Rapport zum Publikum. Suche Dir einige Personen an verschiedenen Orten im Raum, und wenn Du den Blick durch den Raum schweifen läßt, schaue immer wieder zu diesen Personen. Dadurch fühlen sich alle in der Nähe angesprochen, und Du hast Messpunkte, an denen Du sehen kannst, ob Du die Aufmerksamkeit im Raum halten kannst. Das sollte auch Dein Tempo bestimmen.\nSprich Hochdeutsch und plappere nicht! Du willst vortragen, und das heisst eine flüssige, eingeübte sprachlich und argumentativ zusammenhängende Rede.\nWer sind die Extrempersonen im Raum? Fans, Skeptiker, Entscheider, Influencer? Es kann sinnvoll sein, schon während der Vortrags vorher im Raum zu sein, wenn das Publikum bleibt, oder vor dem Vortrag rechtzeitig da zu sein und Personen zu identifizieren und zu klassifizieren.\nWähle diese Personen um den Raum zu lesen. Stimmt das Tempo? Stimmt der Spannungsbogen?\nNoch mehr Publikum Tempo 120%. Auf diese Weise sind alle gezwungen, mit Aufmerksamkeit bei Dir zu bleiben und nicht wegen Langeweile abzuschweifen.\nBei einer Gruppe von Schulklassengröße kannst Du eine Person durch zu hohes Tempo verlieren, aber nicht zwei. Bist Du zu langsam, verlierst Du sehr schnell alle.\nForm Was ist Dein Auftritt? Ist es ein Vortrag (Du redest und stehst vor den anderen)? Ein Workshop (Du stehst vor den anderen und beantwortest Zuhörerinnenfragen)? Ist es eine moderierte Dikussion (Du und eventuell andere Reden abwechselnd, in Rede und Gegenrede)? Eine Rede (Also nicht erklärend wie ein Vortrag, sondern appelativ und emotional)?\nArbeite die Unterschiede dieser Formen heraus und wähle die für den Anlaß und das Ziel richtige.\nZeit Wie lang? 10-20 Minuten sind ein guter Block für einen thematisch zusammenhängenden Block. In der Schule wäre nach so einem Abschnitt \u0026ldquo;Methodenwechsel\u0026rdquo; oder themenwechsel zum nächsten Abschnitt, oder beides.\n45 Minuten sind eine Schulstunde und brauchen 2-3 klar trennbare Abschnitte, und eine führende, sichtbare und wiederkehrende Navigationsstruktur.\n90 Minuten sind sehr lang, ein Universtätsvortrag, und brauchen die Stukturierungen und Methodenwechsel von oben, und Tempowechsel, die den Zuhörerinnen erlauben, die Konzentration auch mal ruhen zu lassen.\nWann ist der Vortrag? Randzeiten haben direkten Einfluß auf die Form. Der erste Vortrag eines Tages darf freier und lockerer sein, überblick statt Tiefe geben und kann Stimmung und Thema setzen. Er darf auch kontrovers sein, und eine Gegenthese zum Rest des Tages aufstellen, wenn sich das anbietet. Der letzte Vortrag eines Tages ist oft lustiger, weil er als Rausschmeißer das Letzte zwischen der Veranstaltung und dem gemeinsamen Essen und Trinken ist. Er fasst den Tag oder das Thema oft mit Humor zusammen.\nMurphy Rechne damit, dass alles zusammenbricht. Kannst Du Deinen Vortrag mit einer Wandtafel und einem Stück Kreide durchziehen? Mit einem Whiteboard und drei Filzstiften? Das ist Dein Notprogramm, wenn wirklich alle Stricke reissen.\nWas für Technik erwartet Doch? Ist die getestet? Hast Du alle denkbaren Adapter, Notstrom? Was ist Dein Plan B, C und D? Hast Du den Vortrag nicht nur auf Deinem Computer und an den Veranstalter gemailed, sondern auch auf einem USB-Stick \u0026ldquo;selbstabspielend\u0026rdquo; dabei? Was ist, wenn das Netz weg ist?\nSpiegelcheck vor dem Betreten der Bühne. Haare, Zähne, Kleidung, Hosenstall, Schuhe?\n","date":"2005-05-30T00:00:00Z","href":"https://blog.koehntopp.info/2005/05/30/vortraege-richtig-halten.html","tags":["lang_de","talk","publication","internet","karlsruhe"],"title":"Vorträge halten"},{"categories":null,"content":"Der folgende Vortrag stammt einem \u0026ldquo;Dienstags-Vortrag\u0026rdquo; in Karlsruhe-Durlach, und versucht zu erklären, was der Kontext für ein Information Security Management System (ISMS) ist.\nDer Vortrag will erklären, was \u0026ldquo;Security Management\u0026rdquo; ist und erreichen will, was die Aufgaben des Security Managementprozesses sind (also was Security, Management und Prozeß sind), welche Schnittstellen der Prozeß hat und wie man eventuell versuchen kann, Security zu messen.\nRisk and Compliance Klar ist, daß Security kein unmittelbares Geschäftsziel ist: Der Erfolg einer Firma mißt sich nicht an ihrer Performance im Bereich \u0026ldquo;Security\u0026rdquo;. Stattdessen ist Security aber ein Non-Functional Requirement, das auf mehr als einem Weg in die Firma hineingetragen wird. Das heißt, eine Reihe von externen Einflüssen wirken auf die Firma ein und machen es erforderlich auf mehr als eine Weise sich mit Security zu beschäftigen:\nGesetze und Behörden setzen Mindestmaßstäbe fest, gesetzliche Auflagen und Fürsorge für die Mitarbeiter bestimmen das Vorgehen. Wirtschaftsprüfer und externe Verträge (\u0026ldquo;PCI Standards\u0026rdquo; aus Verträgen mit Kreditkartenfirmen, oder Cyberversicherungen) schreiben eine Bearbeitung des Themas vor. \u0026ldquo;Usus\u0026rdquo; oder \u0026ldquo;Stand der Technik\u0026rdquo; ist an mehr als einer Stelle im Datenschutzrecht und in anderen Gesetzen verankert. Aus dem Markt und durch Expertenmeinungen wird die Entscheidungsfindung beeinflusst. Schlechte Presse wegen schlechter Sicherheit führt zur Gefährdung des Geschäftsbetriebes. Allgemeiner gesprochen geht es um Risiken und ihre Absicherung. Interne Risiken sind \u0026ldquo;die Sicherung der Verfügbarkeit, Integrität und Vertrauchlichkeit von geschäftskritischer Infrastruktur\u0026rdquo; und die \u0026ldquo;Sicherstellung der Nachhaltigkeit des Geschäftsbetriebes\u0026rdquo;. Das ist das Äquivalent einer Firma zu dem persönlichen Wunsch, nicht sterben zu wollen.\nExterne Risiken sind \u0026ldquo;die Erfüllung von gesetzlichen und vertraglichen Regelungen\u0026rdquo;, als da sind KontraG, BGB, AktG, HGB, DSG, \u0026hellip; sowie Verpflichtungen aus Verträgen mit Partnern und Versicherungen. Dieser Teil wird meist unter der Überschrift \u0026ldquo;Compliance\u0026rdquo; abgehandelt.\nErstaunlicherweise gehen viele Firmen sehr locker mit dem Todeswunsch (also tatsächlicher Security) um, und nehmen Compliance ernster als tatsächliche Security, die sich mit realen und unmittelbaren Bedrohungen beschäftigt. Das hat allerdings auch damit zu tun, daß dieses Thema leichter zu greifen und zu quantifizieren ist. \u0026ldquo;Wir suchen da, wo Licht ist, nicht da, wo wir was finden könnten.\u0026rdquo;\nRisiken und Maßnahmen: ssh Host Keys Als Security Fuzzi bei web.de bekomme ich von Freunden und Mitarbeitern oft die Frage (oder den Vorschlag) im Umgang mit ssh eine Liste von Fingerprints von Host-Keys von Maschinen bereit zu stellen. Wenn ich mich dann auf Host x einlogge, wird mir der Fingerprint der Maschine angezeigt und ich kann den mit der Liste vergleichen.\nDie Frage ist also:\nSollten wir nicht eine Liste der Fingerprints aller Maschinen pflegen und den Admins an die Hand geben?\nWas denkt Ihr?\nDies ist eine Maßnahme die unternommen werden soll. Eine Maßnahme hat die Aufgabe, ein Risiko zu mitigieren, also abzuwehren oder zu entschärfen. Laien reden über Security meistens in Form von Maßnahmen und dann kommt man schnell vom Hundertsten ins Tausendste.\nDie Maßnahme ist also \u0026ldquo;Stelle eine aktuelle Liste aller ssh Host-Keys bereit und fordere die Admins auf, beim ersten Login zu vergleichen\u0026rdquo;\nSchauen wir einmal auf das Risiko: Wogegen schützt ein solcher ssh Fingerprint?\nDer ssh Fingerprint schützt gegen das Unterschieben eines anderen physischen Hosts oder eines anderen ssh-Servers auf dem Zielhost.\nGibt es andere Maßnahmen, die gegen dasselbe Risiko wirken?\nJa, wir könnten zum Beispiel auch einfach eine vorbereitete \u0026ldquo;known_hosts\u0026rdquo; Datei verteilen, in der nicht die Fingerprints drin sind, sondern die tatsächlichen Host Keys. Dann würde beim Login gar kein Fingerprint mehr angezeigt werden, sondern die Identität per Host Key direkt automatisch geprüft werden. Das wäre gleich viel Aufwand bei uns, und eine bessere UX bei den Admins. Außerdem wäre die manuelle Kontrolle als Fehlerquelle beseitigt.\nEine andere Maßnahme, die gegen das gleiche Risiko besser wirkt, wäre bei gleichem Aufwand also besser.\nWie sind die Kosten eines Risikos generell zu bewerten? Meistens macht man sich eine 3x3 Matrix aus Schadenshöhe (\u0026ldquo;teuer\u0026rdquo;, \u0026ldquo;das Jahresendergebnis beeinflussend\u0026rdquo; und \u0026ldquo;Wir sind pleite\u0026rdquo;) und Eintrittswahrscheinlichkeit (\u0026ldquo;selten\u0026rdquo;, \u0026ldquo;sehr selten\u0026rdquo;, \u0026ldquo;so gut wie nie\u0026rdquo;), und ordnet Risiken da ein. Dem stellt man die einmaligen und laufenden Kosten der Maßnahme entgegen.\nWieso sind die Schadenshöhe und und Eintrittswahrscheinlichkeiten so komisch? Nun, Dinge die billiger als \u0026ldquo;teuer sind\u0026rdquo; bezahlen wir und buchen das als \u0026ldquo;Cost of doing business\u0026rdquo;. Wir akzeptieren die Risiken also und tragen die Kosten. Und Dinge die häufiger als \u0026ldquo;selten\u0026rdquo; sind, sind keine Sicherheitsereignisse, also keine Ausnahmen, sondern müssen als operative Ereignisse im Tagesbetrieb abgehandelt werden können.\nWenn wir einen Geschäftsprozess haben, in dem \u0026ldquo;teure\u0026rdquo; Dinge \u0026ldquo;häufig\u0026rdquo; sind, oder schlimmer, dann ist ein geregelter Geschäftsbetrieb mit den vorhandenen Prozessen nicht durchführbar und wir müssen das Geschäftsmodell oder seine Prozesse hinterfragen.\nSicherheitsrisiken treten nicht einfach so auf und nicht jeder Angeifer kann einfach so Dinge tun. Wir können Angreifer modellieren, ihnen Fertigkeiten (Capabilities) zuordnen und Risiken katalogisieren: \u0026ldquo;Um dieses Risiko darzustellen, muss ein Angreifer diese Fertigkeiten haben, und daher kommt dieses Risiko nur bei diesem Angreifertyp vor.\u0026rdquo;\nEin Script-Kiddie könnte unsere Server \u0026ldquo;r00ten\u0026rdquo;, ein interner Angreifer könnte Maschinen oder Serverprozesse austauschen.\nRisikomanagement Wir bekommen also den folgenden Ablauf:\nWir betrachten Risiken als Produkt aus Eintrittswahrscheinlichkeit und Schadenshöhe. Wir betrachten Maßnahmen, und was sie mit dem Risiko tun (Eintrittswahrscheinlichkeit und Schadenshöhe reduzieren). Das kostet Zeit und Geld. Und danach in einer Schleife von vorn.\nDiese Schleife ist das Kennzeichen eines Prozesses im Gegensatz zu einem Projekt: Security ist kein einmaliger Vorgang mit einer Deadline und einem Deliverable, sondern eine laufend wiederholte Identifikation, Bestimmung und Abmilderung von Risiken.\nWie jede Schleife muß auch diese Abbruchbedingungen haben: Bestimmte Maßnahmen sind nicht akzeptabel. \u0026ldquo;Abziehen des Netzwerkkabels\u0026rdquo; hilft perfekt gegen \u0026ldquo;Script Kiddie r00tet den Server\u0026rdquo;, ist aber wegen der geschäftlichen Notwendigkeiten nicht akzeptabel.\nWir können auch Kosten und Nutzen gegeneinander abwägen. Maßnahmen finden ihre Grenze, wenn die Kosten für die Maßnahme den Schaden aus dem Risiko übersteigt. Eventuell findet man dann einen Versicherer, der auf den Schadensfall wetten will.\nUnd damit bekommen wir den Risikomanagementzyklus, die grafische Darstellung dieser Schleife.\nDas Risikomanagement identifiziert und bewertet allgemeine Risiken für den Geschäftsbetrieb. Definiert Maßnahmen (konkrete Projekte) zur Risikobehandlung und kontrollieren deren Wirksamkeit. Wie jeder Prozeß hat auch dieser Retroperspektiven, die regelmäßig durchgeführt werden und mit denen sich der Prozeß reguliert und optimiert. Das ist der Management-Aspekt an der Sache.\nEs gibt viele verschiedene Managementmodelle, aber alle versuchen, die Durchführungsphase eines Prozesses (\u0026ldquo;Do\u0026rdquo;) von der Planungsphase und der Retroperspektive zu trennen. Dadurch wird die Durchführungsebene von der Metaebene getrennt und der Prozeß selbst diskutierbar.\nEin häufiger Prozeßzyklus folgt dem PCDA-Modell.\nISMS Der recht neue British Standard 7799 ist ein sehr kurzes Papier (nur 21 Seiten) und beschreibt den Aufbau eines Information Security Management Systems (ISMS)\nPlan Plan (establish the ISMS) security policy, objectives,targets,processes and procedures relevant to managing risk and improving information security to deliver results in accordance with an organization’s overall policies and objectives. In den Termen einer deutschen Verwaltung also:\nDefiniere einen Geltungsbereich des ISMS (definiere die Grenzen), und setze einen Auftrag durch Definition strategischer Ziele. Definiere Stellen, also schaffe einen organisatorischen Rahmen. Bestimmte Maße, nach denen wir das Funktionieren des ISMS bewerten wollen. Legitimiere das ganze durch eine formelle Beauftragung und Delegation von Verantwortlichkeit an eine Leitung.\nWie deutsche Gesetze:\n\u0026ldquo;so was gibt es als Konzept\u0026rdquo; (Das Grundgesetz) \u0026ldquo;Das bedeutet im Einzelfall\u0026rdquo; (Bundesgesetz) \u0026ldquo;So machen wir das\u0026rdquo; (Durchführungsverordnung zum Gesetz) Risikoidentifikation und Risikobewertung bilden dann die Matrix, die wir weiter oben schon erwähnt haben.\nWir klassifizieren also, eventuell unter Hinzunahme von einem Standardkatalog, die zu schützenden Güter, mögliche Bedrohungen, Szenarien und Angreifermodelle, und eventuell eintretende Schäden.\nIndem wir diesen Eintrittswahrscheinlichkeiten und Bewertungen zuordnen bekommen wir eine Liste an Dringlichkeiten, und eine Liste an möglichen Maßnahmen, die wir wiederum nach Geld und Möglichkeiten ordnen können.\nUnser Management kann diese Maßnahmen azeptieren, finanzieren und dann durchführen lassen oder das Risiko als Geschäftsrisiko hin nehmen. Das Ergebnis dieser Entscheidung wird dokumentiert und dann durchgeführt.\nRisiken können wir behandeln indem wir\nsie akzeptieren (\u0026ldquo;is halt so\u0026rdquo;) sie vermeiden (\u0026ldquo;machen wir nicht\u0026rdquo;) sie transferieren (\u0026ldquo;is versichert, macht also nix\u0026rdquo;) oder durch eine Maßmahme kontrollieren (der häufigste Fall, oder in Kombination mit der Versicherung) Die Restrisiken\nnennen wir bewerten wir erneut (die PCDA Schleife dreht sich) oder lassen wir durch das Management abnehmen Do (\u0026ldquo;implement and operate controls, processes and the ISMS\u0026rdquo;) Wieder im BS 7799: implement and operate the security policy, procedures.\nKonkret also:\nDen organisatorischen und personellen Rahmen schaffen Stellen Mittel Feedback (\u0026ldquo;Indicent detection and handling\u0026rdquo;) die Stellen besetzen die Personen ausbilden und Risiken und Maßnahmen thematisieren (\u0026ldquo;Awareness\u0026rdquo;) Steht der organisatorische Rahmen, kann man sich um die Technik kümmern:\nÜberwachung und Monitoring Systemtests Funktionstests und Integritätsbedingungen für die Business Logic Performancetests Incident Detection and Handling Check (monitor and review the ISMS) \u0026ldquo;Assess and, where applicable, measure process performance against security policy, objectives and practical experience and report the results to management for review.\u0026rdquo;\nZur Bewertung entfernt man sich sukzessive immer weiter von der Vorgabe und blickt zurück:\nTun wir die Dinge wie vorgeschrieben, folgen wir der Anleitung (\u0026ldquo;Compliance\u0026rdquo;)? Ist die Anleitung geeignet, die tatsächlich anfallenden Probleme zu lösen (\u0026ldquo;Effektivität\u0026rdquo;)? Ist die Anleitung optimal, um die Probleme zu lösen (\u0026ldquo;Effizienz\u0026rdquo;) Ist die Anleitung noch ein Bild der Realität im Unternehmen, und werden die aktuellen Prioritäten und Organisationsstrukturen korrekt abgebildet? (\u0026ldquo;Applicability\u0026rdquo;) Act \u0026ldquo;Take corrective and preventive actions, based on the results of the improvement of the ISMS.\u0026rdquo;\nMit den Erkenntnissen aus der \u0026ldquo;Check\u0026rdquo;-Phase können wir unsere Prozesse debuggen und gewonnene Erkenntnisse umsetzen. Prozesse zu ändern ist dann ein Projekt: Anleitungen werden angepasst und geschult. Das ist etwas, das wir mit einem Termin versehen und prüfen können und bei dem wir Änderung mit dem \u0026ldquo;Vorher\u0026rdquo; vergleichen können. Wir können das erkannte Muster auch auf andere Fälle transferieren, dokumentieren und lehren.\nÄnderungen führen zu geänderten Anleitungen, zu angepassten Risikoabschätzungen, zu einem neuen Maßnahmenplan und zu neuen Prozessen und Prozeduren. Kurzum: Zur nächsten Umdrehung im PCDA.\nThemen BS 7799 definiert foilgende Tätigkeitfelder:\nSecurity Policy Organisatorische Infrastruktur Beteiligte, Aufträge, Berechtigungen, Rollen Dritte Parteien Outsourcing Asset Classification Inventur Dokumentenmanagement Personnel Security Job Definitionen und Profile Ausbildung Mißbrauch und Kommunikationskanäle Physical und Environmental Security Sicherheitsbereiche Diebstahlschutz, Infrastrukturschutz Communications + Operationsmanagement cf ITIL Funktionen Operational Procedures und Reponsibilities System Planning und Acceptance Housekeeping Backups Logs Network Management Media Management Information and Software Exchange Access Control Benutzerverwaltung (Identity und Authentication) Rechteverwaltung (Authorization) Zugangsüberwachung (Audit) System development + maintenance Security als Teil der Anforderungen Validation (Integrity measures) Cryptography (Confidentiality measures) Change control Business Continuity Management Compliance Gesetze+Verträge IPR Management Audit und Nachweis Security messen Compliance: Prüfung der Abdeckung durch Selbstauskunft durch Audit Absolutes Maß der Security sehr schwer (\u0026ldquo;Wie beweisen wir, dass wir nicht gehackt sind?\u0026rdquo;) Capability Maturity Model (Prozessreife)? Aufwendig! fünf Reifegrade in verschiedenen Bereichen CMMI Reifegrade\n0 not performed 1 performed informally 2 Planned and Tracked 3 Well defined 4 Quanitatively controlled 5 Continuously improving ","date":"2005-05-29T00:00:00Z","href":"https://blog.koehntopp.info/2005/05/29/security-management.html","tags":["lang_de","talk","publication","internet","security","karlsruhe"],"title":"Security Management - was ist das eigentlich?"},{"categories":null,"content":"Anonymity, Unobservability, Pseudonymity and Identity Management - A Proposal for Terminology pflegt Marit Hansen mit Andreas Pfitzmann und anderen eine Liste von Begriffen, Definitionen und Konzepten, die mit dem Komplex \u0026ldquo;Anonyme Kommunikation\u0026rdquo; zu tun haben. Das Papier soll Terminologie in diesem Bereich vereinheitlichen und so die Diskussion vereinfachen.\nDas Papier definiert \u0026ldquo;Anonymität\u0026rdquo; als \u0026ldquo;Ununterscheidbar in einer Grundmenge von Akteuren oder Adressaten einer Nachricht\u0026rdquo;. Dadurch wird Anonymität meßbar, indem man den Verdünnungsfaktor, also die Größe dieser Grundmenge angibt.\nEin anderer, von Anonymität zunächst einmal verschiedener Begriff ist der Begriff der \u0026ldquo;Verkettbarkeit\u0026rdquo;: Für zwei Objekte in einem System (etwa: eine Nachricht und ein Absender) soll das System nicht mehr Information über die Beziehung der Objekte liefern als ohne das System verfügbar wäre. Anonymität kann dann über Nichtverkettbarkeit formuliert werden, nämlich als Nichtverkettbarkeit von einer Absenderidentität mit einer Nachricht (\u0026ldquo;Absenderanonymität\u0026rdquo;), einer Empfängeridentität mit einer Nachricht (\u0026ldquo;Empfängeranonymität\u0026rdquo;) oder eines Absenders mit einem Empfänger (\u0026ldquo;Beziehungsanonymität\u0026rdquo;).\nEine stärkere Eigenschaft ist \u0026ldquo;Unbeobachtbarkeit\u0026rdquo;, bei der etwa die Nachrichten in einem Kommunikationssystem von Rauschen ununterscheidbar sind, also nicht einmal die Existenz von Nachrichten bewiesen oder widerlegt werden kann.\n\u0026ldquo;Pseudonymität\u0026rdquo; liegt vor, wenn Absender und Empfänger Pseudonyme als Identitäten verwenden, also ihre Nachrichten mit dem Pseudonym kennzeichnen. Pseudonymität deckt also das ganze Feld zwischen Anonymität auf der einen Seite und totaler Zurechenbarkeit auf der anderen Seite ab.\nSo kann ein Absender zum Beispiel\nwiederholt Nachrichten unter demselben Pseudonym absenden und sich so eine Reputation erarbeiten, mehrere Nachrichten werden also über dasselbe Absenderpseudonym verkettbar.\nDie Verkettung zwischen dem Pseudonym und der Inhaberperson kann öffentlich sein (\u0026ldquo;Telefonnummern als Pseudonyme für Anschlußinhaber\u0026rdquo;), nichtöffentlich-aufdeckbar sein (\u0026ldquo;Maskenball\u0026rdquo;) und nichtaufdeckbar-verkettbar (\u0026ldquo;DNS-Probe, die noch nicht in einer Datenbank erfaßt ist\u0026rdquo;).\nPseudonyme können transferierbar sein (\u0026ldquo;Account in einem Onlinespiel\u0026rdquo;), oder nichttransferierbar (\u0026ldquo;Fingerabdruck\u0026rdquo;). Durch Transfer kann ein aufdeckbares Pseudonym unaufdeckbar werden.\nIm Hinblick darauf, wann Kommunikationspartner ihre Namen wechseln, wie die Lebensdauer des Namens ist, und ob das Pseudonym Aspekte einer Person, eine Person oder Gruppen von Personen bezeichnet, kann Pseudonymität noch weiter aufgegliedert werden.\nEin Aspekt, den das Papier nicht diskutiert, ist die Qualität von Pseudonymen innerhalb desselben Namensraumes: Eine IP-Nummer ist zum Beispiel ein Pseudonym unter dem ein Benutzer im Internet agiert. Aus der IP-Nummer selber können aber zunächst keine Eigenschaften des Pseudonyms abgeleitet werden: Es ist nicht bekannt, ob die IP-Nummer eine Person oder eine Gruppe von Personen bezeichnet und es ist auch nicht bekannt, ob und wie lange die IP-Nummer mit einem bestimmten Inhaber verkettbar ist. Ebenso können keine Aussagen darüber gemacht werden, ob Zugriffe von zwei verschiedenen IP-Nummern demselben Benutzer zugerechnet werden können.\nSolche Aussagen über zugesicherte Eigenschaften wären aber wichtig, wenn man einer IP-Nummer im juristischen Kontext identifizierende Eigenschaften zuordnen will und wenn man Verantwortung für Taten im Internet über IP-Nummern mit Tätern verknüpfen möchte.\nSo treibt unsere Rechtssprechung recht seltsame Blüten: Das Recht verlangt auf der einen Seite Chipkartenleser mit Tastatur und Display, damit zurechenbare digitale Unterschriften unter elektronische Rechnungen gesetzt werden können, um diese in den Augen eines Finanzamt gültig werden zu lassen. Anderseits werden aber Personen auf der Grundlage irgendwelcher Logs mit irgendwelchen Zeit/DSL-Login/IP-Zuordnungen darin für angebliche Hackangriffe im Internet zur Rechenschaft gezogen. Ein bischen inkonsequent ist das schon.\n","date":"2005-05-24T00:00:00Z","href":"https://blog.koehntopp.info/2005/05/24/ueber-anonymitaet-reden.html","tags":["identity","security","lang_de"],"title":"Über Anonymität reden"},{"categories":null,"content":"In Das Rätsel um die 193.17.243.1 schreibt Thomas Klink:\nIm Zuge des Wahlkampfs in Nordrhein-Westphalen (NRW), wo [ \u0026hellip; ] ein neuer Landtag bestimmt wird, wird auch im Internet mit harten Bandagen gekämpft. Auf den Seiten des Internet-Lexikons Wikipedia sind in den vergangenen Tagen die Einträge zu den Spitzenkandidaten Peer Steinbrück (SPD) und Jürgen Rüttgers verändert worden. Die Manipulationen wurden aus einem Büro des Deutschen Bundestags heraus vorgenommen. Darauf weist die IP-Nummer, mit der Computer im Internet identifiziert werden, hin.\nSchließend heißt es:\nAls Konsequenz aus den Beschuldigungen forderte [Dr. Ole] Schröder, der Mitglied des Unterausschusses Neue Medien ist, gestern im Gespräch mit unserer Zeitung, dass jedes Bundestagsbüro eindeutig über die IP zu identifizieren sein muss. \u0026ldquo;Dies ist zum Schutz vor Missbrauch wichtig\u0026rdquo;, sagte er.\nDieses Beispiel zeigt deutlich einen Verhaltensaspekt von Behörden in der \u0026ldquo;Abuse-Szene\u0026rdquo;: Dort ist man derzeit überwiegend auf die IP-Nummer als Identifizierungsmerkmal fixiert, egal ob dies sinnvoll ist oder nicht.\nWir wollen dankbar sein, daß das so ist. Denn einen Chipkarten-Personalausweis als \u0026ldquo;Zündschlüssel\u0026rdquo; und Login für den Rechner und die Anmeldung am Netz wollen wir wahrscheinlich alle nicht (\u0026ldquo;jeder nur einen Rechner, rechts raus\u0026rdquo;). Außer vielleicht den Jugendschützern, der Content-Industrie und anderen komischen Vögeln.\n","date":"2005-05-23T00:00:00Z","href":"https://blog.koehntopp.info/2005/05/23/identifizierung-durch-ip.html","tags":["authentication","identity","politik","security","lang_de"],"title":"Identifizierung durch IP"},{"categories":null,"content":" Nachdem Internetpiraten in der Netzwerk-Ökonomie seit mehr als zwei Monaten bei mir auf Wiedervorlage liegt, weil ich noch was längeres dazu schreiben wollte, aber partout nicht dazu komme, blogge ich das einfach mal so weg. Man kann nämlich auch rechnerisch zeigen, daß das mit dem Kopieren alles viel komplizierter ist, als gewisse Interessenverbände uns weismachen wollen.\nNetzwerk-Ökonomen zeigen mit ihren Modellen, wie digitale Werke durch einen höheren Bekanntheitsgrad an Gebrauchswert gewinnen - auch wenn dies eine Folge von illegaler Verbreitung ist. \u0026hellip; Eine Reihe von neueren Studien zeigt nun, warum weder Künstler, noch die Allgemeinheit von diesem Kampf um die Wahrung des Urheberrechtes profitieren - und selbst Verlage und Softwarehersteller in einigen Fällen besser fahren würden, wenn sie die illegale Nutzung ihrer Produkte zuließen.\nNetzpiraten vs. Medienmodule (PDF) Der Nutzen von illegalen Kopien für den Künstler. Artists\u0026rsquo; earnings and copyright ","date":"2005-05-23T00:00:00Z","href":"https://blog.koehntopp.info/2005/05/23/internetpiraten-in-der-netzwerk-konomie.html","tags":["copyright","media","politik","lang_de"],"title":"Internetpiraten in der Netzwerk-Ökonomie"},{"categories":null,"content":" Nur noch schlafen, bitte.\nGeht alles wieder? Ja, auch wenn da noch so viel Rot ist.\nRestcrew.\n","date":"2005-05-14T00:00:00Z","href":"https://blog.koehntopp.info/2005/05/14/danach.html","tags":["image","karlsruhe","work","lang_de"],"title":"Danach..."},{"categories":null,"content":" ","date":"2005-05-14T00:00:00Z","href":"https://blog.koehntopp.info/2005/05/14/wenn-es-mal-wieder-laenger-dauert.html","tags":["image","karlsruhe","work","lang_de"],"title":"Wenn es mal wieder länger dauert..."},{"categories":null,"content":" Ciao, Tosi . Wir haben ihn gehen lassen, damit er sein Hobby \u0026ldquo;Navigationssysteme bauen\u0026rdquo; zum Beruf machen kann. Damit Ihr Euch nicht zu sehr verfahrt, haben wir gleich für eine passende Ausstattung gesorgt (Der Schönling, der sich da links ins Bild drängt ist Cruisi ).\nInformatikerhaushalt, Erstausstattung\nBesonderer Dank muß hier an Jochen gehen, der konspirativ den Bedarf ermittelt hat und uns so in die Lage versetzt hat, die schlimmsten Lücken zu schließen.\nTosis Antwort besteht darin, dem Süden ordentliches Bier zu bescheren.\n","date":"2005-05-13T00:00:00Z","href":"https://blog.koehntopp.info/2005/05/13/invasion-des-guten-geschmacks.html","tags":["image","karlsruhe","work","lang_de"],"title":"Invasion des guten Geschmacks"},{"categories":null,"content":"Das Thema \u0026ldquo;Mittlerfreie Kommunikation\u0026rdquo; ist ein Komplex von Gedanken, mit dem ich mich im Laufe der Jahre immer wieder auseinandergesetzt habe und das mir in einer ganzen Reihe von Diskussionen immer wieder begegnet ist. Weil dabei jedesmal dieselben URLs raussuchen muß, habe ich sie mir hier einmal als Zusammenfassung weggebloggt.\nAusgangspunkt war eine Diskussion im Usenet in 1997 , wo jemand behauptete, daß sich das Medium Buch in den letzten paar tausend Jahren nicht geändert habe. Ich fühlte mich gezwungen, zu widersprechen: Das Aussehen von Büchern mag sich wenig geändert haben, aber die Art und Weise, wie sie produziert werden, hat sich massiv geändert. Und diese Änderungen sind eine Quelle von weitreichenden Struktur- und Gesellschaftsänderungen gewesen (bzw. sind es immer noch). Der Artikel verwendet den Begriff der \u0026ldquo;Publishing Pipeline\u0026rdquo;, den ich später zum Begriff des \u0026ldquo;Mittlers\u0026rdquo; verallgemeinert habe.\nEin Mittler ist in einer Kommunikation jemand, der am Zustandekommen dieser speziellen Kommunikation beteiligt ist, der also diese spezielle Kommunikation inhaltlich beeinflussen kann.\nIm Rahmen der immer wiederkehrenden Zensurdiskussionen (hier: Oktober 1998) gehe ich darauf ein, daß solche Mittler in der Vergangenheit auch eine gesellschaftlich wichtige Kontrollfunktion wahrgenommen haben. Diese Kontrollfunktion fällt jetzt weg, wenn die Vermittlungstätigkeit zu einer Infrastrukturtätigkeit wird, der Mittler also nicht mehr am Zustandekommen einer einzelnen Kommunikation beteiligt ist, sondern nur noch allgemein eine Kommunikationsplattform betreibt.\nDer Wegfall dieser dieser Kontrollfunktion führt unter anderem dazu, daß diejenigen Parteien, die sich bisher auf die Kontrollfunktion der Mittler verlassen haben nun versuchen, den Betreiber der Infrastruktur für die Inhalte verantwortlich zu machen, die über sie transportiert werden (Stichwort \u0026ldquo;Providerverantwortung\u0026rdquo; und \u0026ldquo;Providerhaftung\u0026rdquo;).\nEtwas früher, im Juni 1998, schrieb ich etwas über die Auswirkungen von Infrastruktur in Händen der Endnutzer - das ist letztendlich der Gedanke, der hinter P2P steht. Im Artikel gehe ich noch von \u0026ldquo;dauernd laufenden Servern beim Endanwender\u0026rdquo; aus, und diskutiere, welche Auswirkungen diese auf die Publikationsmöglichkeiten von Endanwendern haben und wie dies im Kontext der Theorie der mittlerfreien Kommunikation zu sehen ist.\nSo redet der Text noch von \u0026ldquo;Bandbreite zu Hause\u0026rdquo; aus, aber letztendlich ist das irrelevant - heute haben wir nicht nur DSL-Bandbreiten nach Hause, sondern wir haben auch nahezu unbegrenzt Speicher außerhalb des Hauses in Form von Webdav-Diensten, Fotoalblem, Onlinespeichern und Webmail-Postfächern, von traditionellen kostenlosen Webhosting-Angeboten gar nicht zu reden\u0026hellip;\nLustigerweise macht der Text eine Kostenvorhersage, die - wenn man sie heute nachrechnet und die Inflation auch noch berücksichtigt - tatsächlich einigermaßen bei den Kosten für einen DSL-Anschluß herauskommt. Zwei Megabit/sec ist das, was die Uni Kiel zur Zeit meines Studiums zur Versorgung der ganzen Universität bereitgestellt hat - aber nicht zu den Kosten eines DSL-Anschlusses, sondern für Tausende von DM\u0026hellip;\nIm April 2000 taucht das Thema wieder auf. Diesmal geht es um Industriealisierung von Kommunikation . Was bedeutet dieser Begriff?\nIn industrieller Kommunikation finden sich die Kommunikationspartner gegenseitig ohne vorherige Kenntnis ihrer Existenz und ohne vorher ihre Vertrauenswuerdigkeit oder die Ernsthaftigkeit der gegenseitigen Angebote abschaetzen zu koennen. Dieses Finden kann ueber industrielle Vermittlung, also durch Suchmaschinen und ueber reputation managers (http://www.useit.com/alertbox/990905.html ) erfolgen.\nEs geht auch um die Frage, wer überhaupt ein Interesse daran haben kann, ob zwei Personen ohne Kontrolle durch einen Mittler oder Filter miteinander kommunizieren dürfen und wieso das eine wichtige Frage ist.\nZum Ausspruch \u0026ldquo;The Internet treats censorship as damage \u0026hellip;\u0026rdquo; von John Gilmore:\nDas ist die historisch-kaltkriegerische Formulierung des obigen Sachverhaltes. \u0026ldquo;Mittlerfreie Kommunikation\u0026rdquo; und \u0026ldquo;freie Wahl des Kommunikationsmodus\u0026rdquo; sind es, die eine Informationsgesellschaft tatsächlich definieren.\nIn einer solchen Gesellschaft kann Regulierung nur beim Sender oder beim Empfänger ansetzen. Wenn bei diesen beiden Parteien keine Kooperation besteht, wird es extrem schwierig werden, die Berücksichtigung dritter Interessen zu erzwingen.\nUnd das ist genau der Grund, warum \u0026ldquo;Besitz der Privatsphäre\u0026rdquo; das Wohlstand definierende Kriterium der Informationsgesellschaft ist wie \u0026ldquo;Besitz von Produktionsmitteln\u0026rdquo; das Wohlstand definierende Kriterium der Industriegesellschaft war und \u0026ldquo;Besitz von Land\u0026rdquo; das Wohlstand definierende Kriterium der Agrargesellschaft.\nDurchdenkt man das zum Ende, führt dies zwingend dazu, dass wir den Begriffen \u0026ldquo;Privatsphäre\u0026rdquo; und \u0026ldquo;Datenschutz\u0026quot;viel umfassendere Bedeutung zumessen müssen, als dies im derzeitigen Datenschutzmodell und -recht in Deutschland bzw. in der EU bisher der Fall ist.\nEbenfalls aus dem April 2000 stammt ein Artikel zum Thema Jugendschutzfilter unter dem Gesichtspunkt, daß diese Zwangsmittler sind. Der Artikel ist stellvertretend für die ganze Jugendschutzdiskussion ausgewählt und geht das Thema Mittler, Skalierung von Kontrollmechanismen und poltiische Kontrollziele unter diesem Gesichtspunkt \u0026ldquo;Jugendschutz\u0026rdquo; an, aber die Gedanken sind im Grunde verallgemeinerbar.\nSchließlich taucht das Thema im Januar 2003 noch einmal auf. Um das Thema \u0026ldquo;Zensur, Filterung und Zugangskontrolle\u0026rdquo; korrekt zu behandeln, fordere ich, die Fragen korrekt zu formulieren. Die Frage, die eine Gesellschaft sich stellen muß, lautet: Wollen wir mittlerfreie Kommunikation zulassen? Die Frage, die auch kommen muß: Ist das Konzept des Zwangsmittlers technisch und rechtlich durchsetzbar? Ist es gesellschaftlich erwünscht?\n","date":"2005-05-10T00:00:00Z","href":"https://blog.koehntopp.info/2005/05/10/materialsammlung-mittlerfreie-kommunikation.html","tags":["media","politik","usenet","lang_de"],"title":"Materialsammlung \"Mittlerfreie Kommunikation\""},{"categories":null,"content":"Der Wegfall von \u0026ldquo;news.individual.net\u0026rdquo; als kostenloser Server für USENET News mag den einen oder anderen Benutzer des Servers motiviert haben, sich selber mit News zu versorgen. Dieser Text soll dabei helfen, etwa auf einem der üblichen Dedicated Server bei einem Hoster oder an einer anderen geeigneten Stelle im Netz einen eigenen INN als News-Server aufzusetzen, und so zu konfigurieren, dass er ein nützlicher Teil der USENET-Infrastruktur in Deutschland ist, und dass einige Benutzer dort News lesen können.\nRessourcenplanung Traffic Die Gruppen im deutschsprachigen Teil des USENET haben das Prefix de.*. Lediglich im Teil de.alt.dateien.* dürfen Bild- und Programmdateien veröffentlicht werden, und so kommt es, dass sich das Verkehrsaufkommen im Restteil de.*,!de.alt.dateien.* in recht engen Grenzen hält: Pro Tag sind etwa 20 MB Traffic einzuplanen. Internationale Gruppen können ein Verkehrsaufkommen zwischen 150 und 200 MB am Tag erzeugen.\nDie Maschine, auf der inn-Server laufen soll, sollte eine feste IP-Nummer haben, die unterbrechungsfrei verfügbar ist. Es sind Setups denkbar, in denen einer der beiden am Austausch beteiligten Partner eine wechselnde oder nur mit Unterbrechungen verfügbare Adresse hat, aber diese sind nicht Gegenstand dieser Dokumentation.\nRAM- und Festplattenbedarf Ein laufender innd auf einem Intel-basierenden Suse-Linux-System verbraucht 12 MB RAM für den innd, den eigentlichen Newsserver. Außerdem werden noch ein innfeed-Prozess (2 MB RAM) zur Artikelweitergabe und einige Hilfsprozesse für statistische Zwecke und zur Ausführung von Wartungsarbeiten gestartet. Alles in allem werden 25-30 MB RAM verbraucht.\nDie Speicherung der Artikel erfolgt am günstigsten in sogenannten \u0026ldquo;CNFS Cyclebuffs\u0026rdquo;. Dabei handelt es sich um Ringpuffer-Dateien fester Größe, sodass der Speicherbedarf für Artikel auf der Festplatte konstant ist. Die Installation des Autors hat jeweils ein halbes Gigabyte für de.*,!de.alt.dateien.* und für regionale deutschsprachige Hierarchien reserviert. Drei Gigabyte sind für internationale Artikel aus den Big8-Hierarchien bereitgestellt.\nINN muss für lesenden Zugriff auf die Artikel eine Overview-Datenbank pflegen. Diese belegt etwa 10% des Speichers zusätzlich, der für Artikel belegt wird.\nWeitere Anforderungen Der CPU-Aufwand und die IO-Last auf dem Server des Autors sind vernachlässigbar. Dazu trägt die Verwendung von CNFS ganz erheblich bei.\nNNTP und NNRP, die Protokolle zum Übertragen von News und zum Lesen von News, verwenden standardmäßig den Port 119/TCP.\nDer Autor verwendet Suse Linux 9.1 als Grundlage für diese Installation. Sie ist jedoch auf allen Linux-Distributionen grundsätzlich ähnlich.\nInstallation Suse Linux 9.1 liefert im Paket inn einen INN in der Version 2.4.1. Dies ist relativ aktuell. Nach der Installation befinden sich die Konfigurationsdateien in /etc/news, die öffentlichen Programme in /usr/bin, die nicht öffentlichen Programme in /usr/lib/news/bin, einige wichtige Arbeitsdateien in /var/lib/news und der Artikelspeicher wird in /var/spool/news angelegt. INN wird nach /var/log/news loggen.\nAndere Distributionen verwenden möglicherweise leicht unterschiedliche Speicherorte, die Anleitung ist dann passend abzuwandeln.\nAlle Konfiguration am INN ist immer als User news durchzuführen und niemals als User root, außer dies wird ausdrücklich gesagt. Sobald durch Änderungen als root Konfigurations-, Log- oder andere Dateien einem anderen Benutzer als news gehören, wird INN möglicherweise nicht mehr sauber funktionieren.\nnews@h3118:-/bin\u0026gt; cat /etc/SusE-release SusE Linux 9.1 (1586) VERSION = 9.1 news@h3118:~/bin\u0026gt; rpm -q inn inn-2.4.1-33 Man muss also als root das Kommando su – news eingeben, um auf den Useraccount von news zu wechseln und auch das Environment des news-Users zu bekommen. Man befindet sich dann auch gleich im Home-Verzeichnis des News-Users. In SuSE Linux ist das /etc/news, wo sich auch die im Folgenden beschriebenen Konfigurationsdateien befinden.\nInbetriebnahme Artikelspeicher bereit stellen In unserer Beispielinstallation soll der INN mit einem Artikelspeicher in CNFS (\u0026ldquo;Cyclic News File System\u0026rdquo;) betrieben werden, weil dies die ressourcensparendste und wartungsärmste Art der Artikelspeicherung ist. Die CNFS-Puffer müssen konfiguriert und angelegt werden.\nVersäumt man das, verwendet INN den in der Default-Konfiguration definierten Traditional Spool. Dieser erzeugt jedoch mehr I/O-Last auf dem System und ist in der Größe variabel. Dafür steht sein Inhalt Scripten leichter zu Verfügung: Artikel werden als Dateien unterhalb von /var/spool/news/articles/ in Verzeichnissen abgelegt, die aus dem Namen der Newsgroup abgeleitet sind und müssen durch einen Aufräumjob (expire) von dort gelöscht werden. Die Verwendung von Traditional Spool ist nicht empfohlen, insbesondere nicht für INN Neueinsteiger.\nDie Puffer werden in der Datei cycbuff.conf definiert. Eine Pufferdefinition besteht aus einer oder mehr Zeilen, von denen jede einen cycbuff definiert. Diese Puffer müssen dann zu einem metacycbuff zusammengeklebt werden, damit sie durch den INN benutzbar werden.\nnews@h3118:-/peerdata\u0026gt; cat ~/cycbuff.conf # 512MB Puffer fuer de.* cycbuff: DE1: /var/spool/news/cycbuffs/file_de.1:524288 # Sechs 512 MB Puffer fuer den Rest cycbuff: INTL1:/var/spool/news/cycbuffs/file_intl.1:524288 cycbuff: INTL2:/var/spool/news/cycbuffs/file_intl.2:524288 cycbuff: INTL3:/var/spool/news/cycbuffs/file_intl.3:524288 cycbuff: INTL4:/var/spool/news/cycbuffs/file_intl.4:524288 cycbuff: INTL5:/var/spool/news/cycbuffs/file_intl.5:524288 cycbuff: INTL6:/var/spool/news/cycbuffs/file_intl.6:524288 # Puffer zusammenkleben zu Metapuffern metacycbuff: DE: DE1 metacycbuff: INTL: INTL1, INTL2, INTL3, INTL4, INTL5, INTL6 Leider ist INN bei der Benennung der \u0026ldquo;cycbuff\u0026rdquo; und \u0026ldquo;metacycbuff\u0026rdquo; sehr eingeschränkt: Namen müssen kurz sein und dürfen nur aus Zahlen und Buchstaben bestehen.\nIm Beispiel wird ein \u0026ldquo;cycbuff\u0026rdquo; mit dem Namen \u0026ldquo;DE1\u0026rdquo; definiert, der 524288 KB (512 MB) groß sein soll. Die Location im Dateisystem für diesen Puffer ist /var/spool/news/cycbuffs/file_de.1. Dort muss diese Datei auch angelegt werden. Dies erfolgt mit dem Kommando dd.\n$ dd if=/dev/zero of=/var/spool/news/cycbuffs/file_de.1 bs=1024k count=512 INN selber arbeitet immer nur mit \u0026ldquo;metacycbuffs\u0026rdquo;. Ein \u0026ldquo;metacycbuff\u0026rdquo; faßt dabei einen oder mehrere einzelne \u0026ldquo;cycbuff\u0026rdquo; zu einer für den INN benutzbaren Einheit zusammen. Der \u0026ldquo;metacycbuff\u0026rdquo; DE besteht dabei ausschließlich aus dem einzelnen cycbuff \u0026ldquo;DE1\u0026rdquo;.\nDas Beispiel definiert außerdem noch sechs jeweils 512 MB umfassende cycbuffs INTL1 bis INTL6. Auch diese müssen mit entsprechenden dd-Kommandos angelegt werden und können dann alle zusammen zu einem \u0026ldquo;metacycbuff\u0026rdquo; INTL mit 3 GB Gesamtgröße zusammengefasst werden.\nDamit INN weiß, welche Artikel in welchem Puffer abgelegt werden sollen, müssen in der storage.conf entsprechende Einträge gemacht werden.\nDie Zeile newsgroups legt dabei fest, welche Gruppen in welchem Puffer abgelegt werden. Die Zeile class ist eine eindeutige Nummer für jeden Eintrag, damit man an anderer Stelle auf den Eintrag Bezug nehmen kann.\nDie Zeile options legt für CNFS-Einträge fest, welcher metacycbuff Speicher für den entsprechenden Eintrag bereitstellen soll.\nnews@h3118:-/peerdata\u0026gt; cat ~/storage.conf method cnfs { newsgroups: de.* class: 3 options: DE } method cnfs { newsgroups: * class: 2 options: INTL } # Traditional Spool Klappert leer und wird dann gelöscht... method tradspool { newsgroups: * class: 1 } Im Beispiel wandern Artikel für die Newsgroups de.* immer in den CNFS-Speicher DE mit der eindeutigen Nummer 3. Alle anderen Artikel wandern in den CNFS-Speicher INTL mit der Nummer 2.\nDer Eintrag 1 definiert einen Speicher im Format tradspool. Er wird niemals verwendet, weil der Eintrag 2 vorher alle Artikel abfängt. Der Eintrag 1 ist der (nicht empfohlene, aber rückwärts kompatible) Default-Eintrag in der storage.conf von INN.\nSobald INN erst einmal gestartet ist (siehe unten), werden die Puffer initialisiert. Zu einem späteren Zeitpunkt kann man dann mit dem Kommando cnfsstat -a ansehen, wie ausgelastet die Puffer sind.\nGrundkonfiguration inn Vor dem ersten Start des Servers ist die /etc/news/inn.conf anzupassen. Zu ändern sind:\n-organization: \u0026#34;A pooly-installed InterNetNews site\u0026#34; +organization: \u0026#34;Deine Organisations-Zeile Definiert den Inhalt der Zeile Organization, die Bestandteil eines jeden Artikels ist.\n-#pathhost: localhost +pathhost: news.example.com Definiert, was Deine Site in den Path-Header einträgt. Dies ist ein sehr wichtiges Datum für das Peering mit anderen Sites. Es sollte Dein Domainname sein, oder ein vom Domainnamen abgeleiteter Name wie news.koehntopp.de für koehntopp.de.\nMit Hilfe des pathhost erkennt ein entfernter Server, ob ein bestimmter Artikel schon einmal Dein System passiert hat. Wenn ja, wird Dir der Artikel kein zweites Mal angeboten. Dies kann sehr viel Traffic einsparen, wenn man mehrere Feeds für eine Hierarchie hat.\n+complaints: abuse@example.com +fromhost: example.com Definiert den Inhalt der Headerzeile X-Complaints-To und die Domain, mit deren Hilfe Usernamen zu Mailadressen komplettiert werden, wenn dies notwendig ist.\n-docnfsstat: false +docnfsstat: true Dieser Eintrag ist optional. Wenn man jedoch später statistische Auswertungen auf dem System für den Betrieb plant, sollten laufende Meßdaten für die Auslastung der CNFS-Puffer vorliegen. Dazu muss dieser Eintrag aktiv geschaltet sein.\nCrontab aufsetzen INN muss in regelmäßigen Abständen einige Wartungsaufgaben erledigen. Daher sollte für den User news eine Crontab wie die folgende definiert sein:\nnews@h3118:~\u0026gt; cat crontab.current # to expire old news-articles 15 4 * * * /usr/lib/news/bin/news.daily expireover delayrm lowmark # dump path databases #0 0 * * * /usr/lib/news/bin/ctlinnd flush \u0026#39;inpaths! \u0026gt; /dev/null 2\u0026gt;\u0026amp;1 # 5 0 1,15 * * /us/lib/news/bin/sendinaths # inews stores news-articles in /var/spool/news/in.coming, if INN ist # not running. the next \u0026#34;rnews -U\u0026#34; will feed those news-articles into # inn. 10 * * * * /usr/bin/rnews-U #33 * * * * /usr/lib/news/bin/scanlogs norotate 2\u0026gt;/dev/null \u0026gt;/dev/null news@h3118:~\u0026gt; crontab crontab.current news@h3113:~\u0026gt; Die Crontab enthält nur die für den Betrieb unmittelbar notwendigen Einträge in aktivierter Form. Die auskommentierten Einträge sind für spätere Erweiterungen notwendig oder nützlich.\nDer Eintrag news.daily führt die zum Betrieb von INN notwendigen Wartungsaufgaben durch. Er muss einmal pro Tag ausgeführt werden.\nDer Eintrag rnews- U kann einmal pro Stunde ausgeführt werden. Er dient dazu, während Betriebspausen aufgelaufene Artikel nachträglich ins System einzuspeisen.\nDie beiden Einträge \u0026ldquo;inpaths!\u0026rdquo; und \u0026ldquo;sendinpaths\u0026rdquo; sind nur notwendig, wenn das System Statistikdaten in die \u0026ldquo;Top 1000 der Newsserver\u0026rdquo; einspielen will. Damit das funktioniert sind jedoch noch weitere Konfigurationen notwendig (siehe unten).\nDer Eintrag scanlogs norotate dient dazu, stündlich den Statistikreport für das laufende System zu aktualisieren. Damit das funktioniert sind jedoch noch weitere Konfigurationen notwendig (siehe unten).\nServer hochfahren Mit der angegebenen Konfiguration sollte der INN durch den Systemadministrator startbar sein.\nDas Kommando chkconfig inn on sorgt dafür, dass beim Systemstart automatisch auch der INN mit hochgefahren wird.\nAls User root: # chkconfig inn on # rcinn start Das Kommando rcinn start fährt den Server manuell hoch. Der Server sollte Startmeldungen in /var/log/news/news.notice hinterlassen und in der Prozessliste sollte ein Prozess innd erkennbar sein, der mit den Rechten des Users news ausgeführt wird. Mit lsof -i -n -P sollte dieser Prozess auf Port 119 lauschen. Von localhost aus kann man jetzt einen Testconnect gegen den NNTP-Port machen.\nnews@h3118:~\u0026gt; telnet localhost 119 Trying 127.0.0.1... Connected to localhost. Escape character is \u0026#39;^]\u0026#39;. 200 koehntopp.de InterNetNews server INN 2.4.1 ready mode reader 200 koehntopp.de InterNetNews NNRP server INN 2.4.1 ready (posting ok). list 215 control 0000000000 0000000001 n control.cancel 0000000000 0000000001 n contrel.checkgroups 0000000000 0000000001 n contrel.newgroup 0000000000 0000000001 n control.rmgroup 0000000000 0000000001 n junk 0000000000 0000000001 n quit 205 Connection closed by foreign host. Wenn das funktioniert, ist der Server erfolgreich grundkonfiguriert und hochgefahren.\nGruppen anlegen Testgruppe einrichten Der Server läuft nun und hat einige Standard-Newsgroups, die für die interne Verwaltung des Servers notwendig sind. Um die weitere Funktion des Servers zu testen, ist es notwendig, mindestens eine lokale Testgruppe anzulegen.\n$ ctlinnd newgroup local.test y news@localhost Andere Gruppen einrichten Die anderen benötigten Gruppen kann man leicht anlegen, indem man sich eine Liste der Gruppen beim zukünftigen Upstream-Server abholt und sie in Kommandos zur Gruppeneinrichtung umwandelt.\nDas Kommando getlist holt die Liste der aktiven Gruppen vom Server news.koehntopp.de ab und legt sie in der Datei active.news.koehntopp.de ab. Durch das grep-Kommando werden aus dieser Datei alle Gruppen der Hierarchie de.* extrahiert. Für die Einrichtung der Gruppen sind nur das erste und vierte Feld einer jeden Zeile notwendig. Mit dem awk-Kommando ziehen wir also diese Felder aus der Datei heraus und wandeln sie in ctlinnd-Kommandos um.\n$ getlist -h news.koehntopp.de \u0026gt; active.news.koehntopp.de $ grep \u0026#34;^de\\.\u0026#34; active.news.koehntopp.de \u0026gt; de-groups $ awk \u0026#39;{ printf \u0026#34;ctlinnd newgroup %s %s news@localhost\\n\u0026#34;, $1, $4 }\u0026#39; de-groups \u0026gt; einrichten.sh $ ctlinnd throttle now $ sh einrichten.sh $ ctlinnd go now Die Datei einrichten.sh enthält nun die benötigten Kommandos zur Gruppeneinrichtung. Die Ausführung der Datei ist sehr viel schneller, wenn man den Server vor der Ausführung der Kommandos in einen Standby-Modus schaltet und danach wieder in Produktivmodus versetzt.\nZugangskontrolle konfigurieren Mit den Default-Einstellungen kann man jetzt schon lokal (von localhost aus) gegen den Server connecten. Um Connects von außen zu erlauben, ist es notwendig, einen Anmeldemechanismus und eine Passwortquelle zu konfigurieren.\nauth all { auth: \u0026#34;chkpasswd -f /etc/news/passwd.nnrp\u0026#34; default-domain: example.com } access full { users: * newsgroups: * access: RPA } INN verwendet intern ein Programm namens ckpasswd für die Zugangskontrolle. Dieses Programm kann entweder auf eine lokale Passwortdatei zugreifen, in der INN-spezifische Passwörter konfiguriert werden, oder man kann es mit Priviliegien austatten, die ihm erlauben, auf die Systempasswortdatei zuzugreifen. Letzteres ist nicht empfohlen, da NNTP ohne weitere Maßnahmen Passwörter im Klartext überträgt.\nWelche Authentisierungsmechanismen in welcher Reihenfolge von INN verwendet werden, wird in der readers.conf festgelegt. Die folgenden Einträge legen fest, dass INN die Datei /etc/news/passwd.nnrp verwenden soll, um Logins zu gestatten. Die Datei hat dasselbe Format wie eine htpasswd-Datei von Apache und kann mit dem Apache-Programm htpasswd angelegt und verwaltet werden.\nDer Abschnitt auth legt fest, mit welchem Kommando die Anmeldeinformationen geprüft werden sollen, der Abschnitt access legt dann fest, welche Zugriffsrechte diese Benutzer erhalten sollen.\nWenn alles funktioniert, ist nun eine Anmeldung mit Benutzername und Passwort von entfernten Systemen möglich.\nVerbindungen (Feeds) konfigurieren Ein Feed ist eine Verbindung zwischen zwei Newsservern, über die gegenseitig Artikel in bestimmten Newsgroups austauschen. Der Feed besteht aus einer eingehenden Verbindung, die in der incoming.conf konfiguriert wird und einer ausgehenden Verbindung, die in der innfeed.conf definiert wird, und für die in der newsfeeds festgelegt wird, welche Dateien gesendet werden sollen.\nIn der incoming.conf wird festgelegt, welche entfernten Server dem eigenen Server Daten senden dürfen und welche Gruppen diese Server beschicken dürfen:\npeer koehntopp.de { hostname: \u0026#34;news.koehntopp.de\u0026#34; patterns: \u0026#34;de.*,!de.alt.dateien.*\u0026#34; max-connections: 5 } Ein solcher Eintrag gestattet dem entfernten Rechner koehntopp.de bis zu 5 parallele Verbindungen zu dem eigenen Server aufzubauen, über die er Artikel ausschließlich in die genannten Gruppen einliefern darf.\nAusgehende Verbindungen werden in die innfeed.conf eingetragen. Analog zur incoming.conf muss dort ein Link für eine ausgehende Verbindung konfiguriert werden.\npeer koehntopp-all { ip-name: news.koehntopp.de max-connections: 5 } Schließlich wird in der Datei newsfeeds festgelegt, welche Daten über die ausgehende Verbindung gesendet werden sollen.\n# koehntopp.de Kristian Koehntopp \u0026lt;kris@koehntopp.de\u0026gt; koehntopp-all/koehntopp.de\\ :!*,@*,de.*,!de.alt.dateien.*/!local\\ :Ap,Tm:innfeed! Die Bestellung für den Channel koehntopp-all aus dem Beispiel liest sich \u0026ldquo;keine Artikel, die koehntopp.de im Path haben (/koehntopp.de).\nDas Pattern legt fest, welche Newsgruppen über den Kanal gesendet werden sollen. Es liest sich !* (\u0026ldquo;nix, gar nix\u0026rdquo;), @* (auch keine Crossposts, das ist doppelt gemoppelt), de.*,!de.alt.dateien.* (alle de-Gruppen außer de.alt.dateien.*), jedoch keine Artikel mit der Distribution: local.\nDie Flags und der Kanalname legen fest, dass die Daten über den Kanal innfeed! herausgesendet werden sollen.\nDeswegen muss der vordefinierte innfeed!-Kanal in der Datei newsfeeds aktiviert werden.\ninnfeed!\\ :!*\\ :Tc,Wnm*:/usr/lib/news/bin/startinnfeed Außerdem muss das System Steuernachrichten zur Einrichtung neuer Gruppen, zum Löschen von Artikeln usw. verarbeiten können. Dazu ist die Aktivierung des Controlchan notwendig.\nUm die Änderungen wirksam werden zu lassen, muss dem INN-Server ein \u0026ldquo;reload\u0026rdquo;-Kommando gesendet werden.\nnews@h3118:~\u0026gt; lsof -i -n -P | grep koehntopp innd 28144 news 57u IPv4 9342609 TCP example.com:199-\u0026gt;koehntopp.de:2418 (ESTABLISHED) innd 32740 news 25u IPv4 9342489 TCP example.com:42275-\u0026gt;koehntopp.de:119 (ESTABLISHED) Wenn alles funktioniert hat, ist das Link jetzt sichtbar und kann mit lsof oder tail -f /var/log/news/news /var/log/news/news.notice gesehen werden.\n","date":"2005-03-19T00:00:00Z","href":"https://blog.koehntopp.info/2005/03/19/der-eigene-usenet-server.html","tags":["computer","usenet","lang_de"],"title":"Der eigene USENET Server"},{"categories":null,"content":"Das älteste Posting, das Google Groups von mir hat, ist von Mitte 1989 . Ich schrieb damals als kris@tpki.UUCP aka ...!mcshh!tpki!kris.\nFür die mit der Gnade der späten Geburt gesegneten: Damals hatten wir noch kein automatisches Routing und auch keine direkten Verbindungen wie im Internet. Mail wurde über Modem-Links von System zu System weitergegeben. Da wir kein automatisches Routing hatten, musste man mit dem sogenannten Bang-Path (wegen der Ausrufezeichen, Bang!) die Systeme angeben, über die die Nachricht transportiert wurde. ...!mcshh!tpki!kris ist also der Pfad zu meiner Mailbox ab dem damals relativ bekannten System mcshh.\nHostnamen waren weltweit eindeutig, da es noch keine Domains gab.\nSysteme mussten sogenannte Mapschnipsel veröffentlichen, in denen sie ihren Namen und ihre Verbindungen zu anderen Systemen bekannt gaben. Ein Eintrag wie oski tpki(DAILY) deklarierte dann eine Verbindung zwischen den Systemen oski und tpki, die einmal pro Tag Mail abgeholt hat.\nMit dem Programm pathalias konnte man die Liste der Mapschnipsel nehmen und in Routingtabellen der Form oski kriski!tpki!oski!%s umgewandelt werden. Diese Tabellen stellten das Netz aus der Sicht des Absenders dar, sodass eine Mail an olaf@oski automatisch in den Bang kriski!tpki!oski!olaf umgewandelt werden konnte.\nZusammen mit den Mails wurden über die Modemverbindungen damals auch die USENET News ausgetauscht. Damals hatte man in der Regel einen lokalen News-Server auf seinem System laufen und die eingehenden News wurden eingelesen und auf dem lokalen News-Server bereitgestellt. Abgehende Artikel wurden lokal auf dem eigenen System veröffentlicht und auf allen angeschlossenen Systemen verbreitet. Weil jeder Artikel eine eindeutige ID hatte, konnte ein System erkennen, ob ihm ein Artikel mehrfach zugestellt wurde und Duplikate verwerfen. Artikel haben sich so im \u0026ldquo;Flood-Fill Verfahren\u0026rdquo; im Netz ausgebreitet und waren in tausenden Kopien auf allen Servern verfügbar.\nFür mich waren USENET News und Mail damals der Einstieg ins Netz - lange vor Internet und drei Jahre vor der Erfindung von http. Sie waren für mich auch lange Zeit das primäre Kommunikationsmedium und ich habe über die viele aufregende Personen kennengelernt - die Teilnehmer an der Silvesterfeier des Hohen Rathes der Dreizehn Weisen vom Feed werden sicherlich wissen, was ich meine. Zu dieser Channelparty^W^Wdiesem Newsgrouptreffen von de.talk.bizarre am 31.12. hatte ich rund 20 Leute nach Kiel eingeladen, die ich noch niemals vorher in Persona gesehen hatte und die sich auch untereinander dort größtenteils zum ersten Mal getroffen haben. Das war eine wirklich gute Feier.\nHeute brät USENET meistenteils im eigenen Saft - die Diskussionen dort sind alt, ich habe sie in den vergangenen 16 Jahren meiner Anwesenheit dort viele Male gesehen. Erst neulich habe ich mein Zugangspaßwort für news.individual.net wiedergefunden und erstaunt gemerkt, daß ich es für zwei Monate verloren hatte - ich hatte nicht einmal bemerkt, daß es dem Reader aus der Konfiguration gerutscht war, weil ich ihn schlicht nie aufgerufen habe.\nHeute lese ich auf news.individual.net , daß mein Zugang dort in Zukunft Geld kosten wird und eine Neuanmeldung erforderlich ist. Der Betrag ist angenehm niedrig - 10 Euro pro Jahr (!).\nDennoch habe ich beschlossen, daß der 31. März 2005 der letzte Tag meiner Anwesenheit in den USENET News sein wird - es ist die Mühe nicht mehr wert.\nMein Reader ist inzwischen Akregator, und wer mit mir diskutieren will, der kann das in den Kommentaren meines Blogs tun oder mich trackbacken. Blogs kann man haufenweise schnell und einfach bekommen - supersized.org ist möglicherweise nicht die schlechteste Wahl.\nIn diesem Sinne: 16 Jahre sind genug. Lebewohl, USENET!\n","date":"2005-02-15T00:00:00Z","href":"https://blog.koehntopp.info/2005/02/15/abschied-aus-dem-usenet.html","tags":["computer","s9y","usenet","lang_de"],"title":"Abschied aus dem USENET"},{"categories":null,"content":" Trolltech teilt mit, daß Qt4 für Windows jetzt auch unter der GPL lizensiert wird.\nDer Qt3 Sourcecode für Unix-Betriebssysteme stand schon immer sowohl unter der GPL als auch wahlweise unter einer Bezahllizenz zur Verfügung, während für die Windows-Variante des Sourcetrees nur die Bezahllizenz verfügbar war. Mit Qt4 ändert Trolltech diese Strategie: Qt4 wird plattformübergreifend wahlweise unter der GPL oder einer Bezahllizenz verfügbar sein.\nWindows ist nach Aussage von Trolltech ganz knapp die populärste Plattform for Qt. Der Anpassungsaufwand, um Qt-Anwendungen von Unix-Plattformen auf Windows und MacOS zu portieren ist extrem gering.\nTrolltech stellt eine FAQ zu Lizenzfragen zur Verfügung.\nInzwischen hat auch Golem einen Artikel zum Thema.\n","date":"2005-02-07T00:00:00Z","href":"https://blog.koehntopp.info/2005/02/07/qt4-wird-vollstaendig-gpl.html","tags":["free software","lizenz","politik","lang_de"],"title":"Qt4 wird vollständig GPL"},{"categories":null,"content":"Trolltech hat seine Qt Bibliothek ab der Version 4 komplett unter GPL gestellt. Das bedeutet, daß nicht nur die Unix-Version der Bibliothek unter der GPL verfügbar ist, sondern auch die Windows-Version. Grund genug einmal nachzulesen, was denn in der GPL drinsteht, und wieso das so ist.\nDie Originalquelle zum Thema ist natürlich die Licenses -Seite der GNU Website (Deutsche Version der GPL ). Dort findet man nicht nur den Text der Lizenz , sondern auch eine sehr lange GPL FAQ , die keine Frage mehr offen lassen sollte. Groklaw hat ebenfalls eine sehr gute GPL References Page .\nWas steht denn nun in der GPL?\nDie GPL ist eine Lizenz. Eine Lizenz ist eine Erlaubnis, kein Vertrag. Die GPL erlaubt es einem Anwender, ein Stück Code zu benutzen. Wenn der Anwender das Stück Code nutzen möchte, muss er die Lizenz und die Bedingungen der Lizenz akzeptieren. Die Bedingungen der Lizenz legen fest, unter welchen Vorbedingungen die Erlaubnis zur Nutzung des Codes durch den Anwender erteilt wird. Werden die Vorbedingungen verletzt, erlischt die Erlaubnis zur Nutzung.\nDarum ist es wichtig, sich diese Vorbedingungen und die Konsequenzen beim Verstoß gegen diese Vorbedingungen genau anzusehen.\nParagraf 0 der GPL legt fest, auf was sich die Lizenz erstreckt und was die Begriffe \u0026ldquo;Programm\u0026rdquo; und so weiter in der folgenden Lizenz erstrecken. Wenig überraschend sind das alle Dateien, die mit dem betreffenden Lizenzvermerk markiert worden sind.\nEs wird auch festgelegt, welche Erlaubnisse die Lizenz erteilt - nämlich die Vervielfältigung, die Verbreitung und die Bearbeitung bzw. Veränderung des Programmes. Insbesondere nimmt die Lizenz die Ausführung des Programmes aus - sie wird nicht eingeschränkt. Ebenso erstrecken sich die Bedingungen nicht auf die Ausgabe des Programmes, sofern sie nicht wieder ein Programm sind - was nur bei Programmgeneratoren der Fall ist.\nDer folgende Paragraf 1 erlaubt dem Anwender dann beliebig unveränderte und vollständige Kopien des Programmes anzufertigen und weiterzugeben. Besonderer Wert wird dabei darauf gelegt, daß dabei auch der rechtliche Rahmentext mitkopiert wird, also die Urheberrechtsnotiz, die Lizenz und die Hinweise auf die Lizenz und der Haftungs- und Garantieausschluss. Ausdrücklich erlaubt wird dabei, Geld für die Erstellung der Kopie zu nehmen und ggf. zusätzliche Garantien für eine Extragebühr anzubieten.\nDiese Klausel erlaubt es also dem Anwender, das Programm als Ganzes weiterzugeben, aber sie erlaubt noch keine Veränderung oder Weiterentwicklung des Programmes. Wäre dies die ganze GPL, säßen wir noch immer mit Linux 0.01 und lustigen \u0026ldquo;AAAAA\u0026rdquo; und \u0026ldquo;BBBB\u0026rdquo;-Buchstabenreihen auf dem Bildschirm da, und niemandem wäre geholfen.\nEs ist Paragraf 2, der die Veränderung des Programmes erlaubt, die Weitergabe des veränderten Programmes erlaubt, und die Bedingungen dafür festlegt: Die Dateien müssen als geändert markiert sein, und Änderung und Datum der Änderung müssen erkennbar sein, das geänderte Programm muss Dritten gegenüber vollständig und unter den Bedingungen der Originallizenz wieder zur Verfügung gestellt werden und das Programm muss bei seinem Start auf seine Lizenz, den Garantie- und Haftungsausschluss und die anderen rechtlichen Rahmenparameter hinweisen, soweit dies möglich ist.\nDer Abschnitt enthält auch Schrankenbestimmungen, die ein wenig verwirrend formuliert sind - \u0026ldquo;Identifizierbare Teile, die nicht vom Programm abgeleitet sind\u0026rdquo; und \u0026ldquo;Zusammenlegen mit anderen Programmen auf einem Speicher- oder Vertriebsmedium\u0026rdquo;.\nDie Schrankenbestimmungen sollen bewirken, daß sich die GPL nur auf ein Programm und die zu seiner Ausführung notwendigen Bibliotheken erstreckt, aber nicht auf andere Programme, mit denen unser Programm zusammenarbeitetet und sie sollen bewirken, daß Programme unter der GPL mit anderen Programmen zusammen in einer Distribution verbreitet werden können.\nSo ist SQL Relay zum Beispiel ein eigenständiges Programm, das die unter der GPL stehenden Bibliotheken von MySQL 4.x verwenden kann. Wenn es diese Bibliotheken einbindet, muss es selber auch unter der GPL stehen - es ist ein abgeleitetes Werk im Sinne der GPL und nicht von der unter der GPL stehenden Komponente - den Bibliotheken - getrennt.\nEin Client kann jedoch das SQL Relay ansprechen und über Netz mit ihm kommunizieren. Er ist ein getrenntes Programm, das vom SQL Relay verschieden ist und mit ihm keinen gemeinsamen Adressraum teilt. Daher erstrecken sich Bedingungen der GPL nicht auf dieses Programm und es kann unter einer anderen Lizenz stehen.\nEs ist auch möglich, SQL Relay etwa zusammen mit Oracle auf einer CD zu verteilen (vorausgesetzt die Lizenz von Oracle erlaubt diese Weiterverbreitung auch). Da dies nur ein Zusammenlegen auf einem gemeinsamen Medium ist, erstrecken sich die Bedingungen auch nicht auf das auch auf der CD befindliche Oracle.\nParagraf 3 bezieht sich dann auf den Quelltext, aus dem das Programm erstellt wird. Die GPL versteht unter dem Quelltext die Dateien in einer Form \u0026ldquo;die für Bearbeitungen vorzugsweise verwendet wird\u0026rdquo; und verlangt, daß man alle Dateien weitergibt, die für die Reproduktion des ausführbaren Programmes erforderlich sind. Die GPL verlangt nun, daß man\nENTWEDER den Quelltext mit dem Programm maschinenlesbar auf einem \u0026ldquo;üblichen\u0026rdquo; Medium mitliefert,\nODER statt des Quelltextes ein drei Jahre lang gültiges Angebot mitliefert, den Quelltext in einer solchen maschinenlesbaren Form zu den nominalen Kosten für die Erstellung von Kopien nachzuliefern,\nODER das Angebot weitergibt, daß einem die Upstream-Quelle für den Quelltext gemacht hat (diese Option kann man aber nur verwenden, wenn man das Programm nur als Binary erhalten hat, nicht verändert hat und man es nicht-kommerziell weitergibt)\nIn § 6 weiter unten steht dann, daß man mit der Weitergabe des Programmes auch die Lizenzrechte am Programm weitergibt, ohne sie einzuschränken oder zu verändern.\n3 und § 6 sind die Kernbestimmungen der GPL.\nSie stellen sicher, daß die Personen, die das Programm von uns erhalten haben, mit dem Programm genau dasselbe machen können (§ 3: sie haben alle notwendigen Informationen dazu) und machen dürfen (§ 6: sie haben alle notwendigen Rechte dazu), was wir auch können und dürfen.\nSie ist zugleich den Spielern im kompetitiven Feld ein mächtiger Dorn im Auge. Andere Lizenzen, etwa die Apache License, die BSD License und andere haben eine solche Bedingung nicht. Dort kann man den Code nehmen, verändern und das veränderte Programm als Binärprogramm weitergeben, muss jedoch den veränderten Code nicht herausgeben.\nIn den Augen der Autoren der GPL ist das ein Fehler in diesen anderen Lizenzen. Brendan Scott erklärt sehr schön, wieso diese Bestimmung der GPL wichtig ist. In The Forkin\u0026rsquo; Fallacy definiert er, was ein Fork eines Projektes ist (eine neue Version auf der Basis einer von der ursprüngliches Codebasis abgespaltenen und geänderten Codebasis) und warum dies bei einer Lizenz wie der GPL kein Problem ist. Da unter der GPL alle Änderungen wieder öffentlich zugänglich gemacht werden müssen, können sich die verschiedenen Forks untereinander befruchten und Code austauschen, wenn sie dies wünschen. Sie können also jederzeit ganz oder teilweise wieder zusammenfließen.\nForks sind nur dann ein Problem, wenn die ursprüngliche Codebasis in mehrere Kopien zerfällt, die sich unterschiedlich entwickeln und untereinander keinen Code tauschen können. Brendan Scott nennt in seinem Text die UNIX wars als Beispiel für solche schädlichen Forks. David Wheeler führt den Gedanken in Make Your Open-Source-Software GPL-Compatible. Or Else. noch weiter aus.\nDie anderen Abschnitte der GPL regeln dann rechtlichen Rahmenkram, oder weisen auf einige selbstverständliche Details noch einmal ausdrücklich hin. So sagt § 5 beispielsweise \u0026ldquo;Man muss die GPL nicht anerkennen, aber wenn man es nicht tut, kann man die unter der GPL stehenden Programme halt gar nicht nutzen.\u0026rdquo; und § 7 besagt sinngemäß: \u0026ldquo;Es gibt keine Ausnahmen: Wenn uns andere Gründe (Verträge, Urteile, Patente oder was auch immer) hindern, die Bedingungen der GPL zu erfüllen, dann können wir unter der GPL stehende Programme halt nicht nutzen.\u0026rdquo; und die GPL endet mit einem Haftungs und Garantieausschluss.\nIn Why I love the GPL schreibt Joe Barr, warum die GPL genau diese Form hat und greift damit noch einmal das Thema der Kernbestimmungen der GPL auf: Die GPL hat die Aufgabe, den Code (nicht den Programmierer!) zu schützen und jedem Anwender des Codes vier Freiheiten zu erhalten:\nDie Freiheit, das Programm zu jedem Zweck auszuführen. Die Freiheit, das Programm und seine Funktionsweise zu studieren und anzupassen. Die Freiheit, das Programm weiterzugeben. Die Freiheit, das Programm nach Belieben zu verändern. Anders als etwa die BSD Lizenz will die GPL diese Freiheiten jedem Anwender des Codes erhalten und darum verlangt die GPL, daß auch Änderungen am Code wieder unter der GPL stehen. Joe Barr verweist dann auf eine Reihe von Beispielen, in denen BSD Code von einem kommerziellen Projekt integriert, modifiziert und dann verschluckt wurde - die Änderungen waren für alle anderen Anwender verloren.\nIn gewisser Weise ist die GPL also eine Lizenz der kooperativen Sphäre (siehe Ein paar ideologische Steine ins Rollen bringen ), aber eine wehrhafte solche. Sie zwingt die Nutzer der GPL dazu, nach den Regeln der kooperativen Sphäre zu spielen. Verstößt ein Spieler gegen diese Regeln, wird er bestraft (Tit for Tat , The Evolution of Cooperation ). Die Strafe ist in diesem Fall ein Erlöschen der Lizenz und damit ein Ausschluss aus der kooperativen Sphäre - damit erlischt der Zugriff auf jede Menge Code der kooperativen Sphäre (noch einmal Make Your Open-Source-Software GPL-Compatible. Or Else. ).\nWas passiert, wenn ich Code, der unter der GPL steht, in mein Programm einarbeite, und dann gegen die Bedingungen der GPL verstoße? Verliere ich alle Rechte an meinem eigenen Code und werde ich gezwungen, diesen unter der GPL zu öffnen und weiterzugeben?\nNein.\nGNU GPL in Deutschland zeigt, was passiert, wenn ein Hersteller gegen die GPL verstößt. Ihm kann die Weiterverbreitung seines Produktes so lange untersagt werden, wie er gegen die GPL verstößt. Er kann diesen Zustand abstellen, indem er entweder allen GPL-Code aus seinem Produkt entfernt, oder indem er den Bedingungen der GPL nachkommt, und den Quelltext zu seinen Änderungen im Rahmen der Schrankenbestimmungen von § 2 und § 3 veröffentlicht. Die Wahl, welche Lösung des Lizenzkonfliktes hier vorgezogen wird, liegt jedoch beim Hersteller. Er kann nicht gegen seinen Willen gezwungen werden, Source offenzulegen und freizugeben. Die GPL ist nicht viral. Sie ist nur fair.\n","date":"2005-02-07T00:00:00Z","href":"https://blog.koehntopp.info/2005/02/07/von-der-gpl.html","tags":["free software","lizenz","politik","lang_de"],"title":"Von der GPL"},{"categories":null,"content":"Im Spielzeugmuseum wurde neben vielen anderen Dingen auch einer der eigenartigsten Filme gezeigt, den ich je gesehen habe. Es war Der Lauf der Dinge , eine unwahrscheinliche und präzise arrangierte Kettenreaktion von Sperrmüll in einer Fabrikhalle. Die ganze \u0026ldquo;Was passiert dann\u0026rdquo;-Maschine läuft mehr als 30 Minuten, und ist aufgebaut mehr als 30 Meter lang.\nLeider ist das Video sehr alt (1987) und wurde ohne Budget mit Consumer-Equipment gedreht, sodass der Film an einigen Stellen mit Schärfe und Weißabgleich kämpft, aber dennoch ist das ganze Konzept so genial, daß man sich diese 30 Minuten einfach gönnen muss. Was ich dann in Form der DVD getan habe.\n(Bestellt als Gebraucht-CD über Amazon France, geliefert von einer US-Firma über UK. Was für eine Odyssee)\n","date":"2005-01-25T00:00:00Z","href":"https://blog.koehntopp.info/2005/01/25/der-lauf-der-dinge.html","tags":["film","media","fluffy fluff","lang_de"],"title":"Der Lauf der Dinge"},{"categories":null,"content":"Im Nachbeben zu Rumble in the Jungle analysiert Malte Diedrich :\nKai Pahl versucht (immer mal wieder in den Kommentaren), durch beständiges Nachfragen herauszubekommen, was die Blogschreiber eigentlich stört, gibt es doch eine Reihe von Aggregationslösungen wie z. B. Bloglines, Daypop oder Blogdex, bekommt aber nicht so recht eine Antwort.Drei Dinge sind meiner Meinung nach gegenüber den zitierten Lösungen anders: IzyNews will für die Blogtexte Geld haben (es gibt eine kleinere Version mit 20 Feeds umsonst, aber darüber hinaus muss man zahlen), sie ignorieren CC-Lizenzen und sie ändern das Medium.\nDie Antwort auf die Frage von Kai Pahl bleibt aus, weil sie in den betreffenden Communities selber nicht ganz sauber definiert ist. Ich will hier zwei Worte einführen, und versuchen deutlich zu machen, welchen Mechanismus wir gerade beobachten.\nEs geht im Grunde genommen um die Definition der Begriffe der \u0026ldquo;kooperativen Wertschöpfung\u0026rdquo; und \u0026ldquo;kompetetiven Wertschöpfung\u0026rdquo;, die ich verwenden möchte, um den Bereich freie Software, Open Source, Creative Commons, Free Documentation License und dergleichen mehr von dem Bereich der kommerziellen Verwertung von Software, Texten, Musik, Filmen und anderem Intellectual Property abzugrenzen.\nWir haben hier inzwischen zwei getrennte Universen, die sich gegenüber stehen und die unterschiedliche Kulturen, Regeln und Bezugssysteme haben. Solange man sich im kooperativen Universum bewegt, spielen Lizenzen im Grunde eine untergeordnete Rolle. Ich gebe Content, Du gibst Code, hier mein Wikipedia-Artikel, da meine Anrufbeantwortersprüche, und da drüben dann meine Band als Podcast. Kein Problem, denn die Leute arbeiten miteinander, bauen aufeinander auf und referenzieren ihre Quellen mehr oder weniger fleißig korrekt.\nLizenzen dienen hier in erster Linie zur Abgrenzung vom kompetitiven Universum, also zur Freund-Feind-Erkennung und als Schutz vor diesem, also zum draußen halten von Feinden. Innerhalb des kooperativen Universums dienen sie mehr als philosphische Definitionshilfen: Durch die Wahl einer Lizenz definiert der Urheber seine ideologische Position innerhalb der kooperativen Wolke, indem er mit Hilfe der Lizenz für sich die Lage der Grenzlinie zwischen kooperativer und kompetetiver Welt definiert.\nZwar unterscheiden sich die verschiedenen Lizenzen deutlich in dem, was sie welchen Mitgliedern des kompetetiven Lagers erlauben, aber letztendlich kommt es innerhalb des kooperativen Lagers trotz der rechtlich sehr unterschiedlichen Lizenzen nur selten zu gegenseitiger Blockierung und im Grunde niemals zu einer rechtlichen Auseinandersetzung. Eher setzt man sich zusammen, diskutiert das Problem aus und findet eine gemeinsame Lösung. Ein Beispiel dafür ist der Dialog um die MySQL Lizenzen, wie ich ihn in MySQL und die Lizenzen auseinanderdividiert habe, und dessen Ende dann in MySQL FLOSS Exception nachzulesen ist.\nMit Vertretern des kompetetiven Lagers wird weniger nett umgesprungen:\nGNU GPL in Deutschland demonstriert hier die Vorgehensweise - letztendlich erkennt das kooperative Lager solche Vorfälle als Mißbrauch der Allmende und straft die betreffenden Parteien ab - und zwar durch Ausschluß aus der Welt der kooperativen Wertschöpfung und strikte Anwendung der (Lizenz-) Mechanismen der kompetetiven Welt.\nizynews.de wird nun von einer Reihe von Blogautoren als Partei des kompetetiven Lagers wahrgenommen, und die Reaktion dieser Blogautoren entspricht nun exakt der Reaktion der Netfilter-Leute auf z.B. Sitecom und andere Trittbrettfahrer. Der Schlüssel zum Frieden mit den Blogautoren liegt für izynews.de in der Erkenntnis, daß sie als Partei des kompetetiven Lagers wahrgenommen werden, und daß sie daher auch als solche behandelt werden. Bei anderen Diensten ist das (Merkwürdigerweise? Man denke nur an Google Groups !) nicht so, obwohl diese Dienste letztendlich genau dasselbe tun wie izynews.de (und wahrscheinlich auf dieselbe Weise illegal sind).\nDer einzige Unterschied zwischen izynews.de und Google Groups ist der, daß es bei Google Groups kein Bezahlangebot gibt, sondern daß man hier das Geld durch Anzeigeneinblendung verdient. Und Google Groups hatte, als sie noch Dejanews waren, eine Zeit lang einen schweren Stand, als man dort versucht hat, wie in Deja Linking Ads Within Usenet Posts? dokumentiert die Werbung als Bestandteil des Artikels anzuzeigen.\nWer die Gefilde der kooperativen Wertschöpfung in der Wahrnehmung seiner Peers verläßt und in den kompetitiven Bereich rüberwechselt, der muß sich darüber klar sein, daß er dann auch mit den Methoden der kompetetiven Wertschöpfung behandelt wird - und das heißt in diesem Fall die harte und spitze Seite des frisch nachgeschliffenen Urheberrechts. Es geht also nur vordergründig darum, daß izynews.de für irgendetwas Geld haben will, sondern es geht im Kern darum, daß izynews.de hier als Mitglied des kompetetiven Lagers wahrgenommen wird, daß sich an der Allmende bereichern will. Dafür gibt es auf\u0026rsquo;s Maul.\nDas von Malte Diedrich angesprochene Ignorieren der CC-Lizenzen ist da nur ein Teil des Problems - mein Blog zum Beispiel steht nicht unter einer CC-Lizenz, sondern hat einen ganz normalen Copyright-Disclaimer. Er steht zwar explizit da, aber das ist nur der rechtliche Default:\nDer Inhalt dieses Blogs ist © Copyright 2004 Kristian Köhntopp. Jegliche Reproduktion und Wiederverwertung nur mit schriftlicher Genehmigung des Autors.\nLetztendlich steht ein Dienst wie izynews.de, der ja Kopien von Inhalten macht und diese Kopien weiter verbreitet, ohne Lizenzen für alles da, CC oder nicht. Genau wie Google Groups, Bloglines, oder letztendlich mein Planet, was das angeht.\nAuch Markus Breuer wundert sich über die Reaktion gegenüber izynews.de in izyNews - Service oder Contentklau? :\nWas mir in der ganzen Diskussion manchmal schon etwas merkwürdig vorkommet, ist allerdings wie hier das Schwert Creative Commons als Waffe gegen die Nutzung von Inhalten eingesetzt wird. Dazu war CC eigentlich nicht unbedingt gedacht.\nDa Rache oder eine andere Emotion hineinzuinterpretieren ist falsch. Es handelt sich einfach nur um vollkommen normale die Abgrenzungsreaktion der kooperativen Wertschöpfer gegenüber jemandem, den sie der kompetetiven Sphäre zurechnen. Creative Commons hat hier, genau wie die GPL, Schutzmechanismen eingebaut, wenn auch andere als die GPL.\nMarkus ist schon auf der richtigen Spur, denn er zitiert Robert Basic :\nIch bin gespannt, was passiert, wenn Bloglines.com Mehrwertdienste einführt. Wird dann Bloglines von Paulus zum Saulus ernannt?\nGenau das. Wobei das hauptsächlich (vergleiche Google Groups) ein Wahrnehmungsproblem und Marketingproblem ist.\nMarkus führt weiter aus:\nUm für einen Burgfrieden zu sorgen, wäre es vielleicht wirklich das einfachste, wenn umgekehrt jeder Betreiber eines Service, der Blog-Inhalte syndiziert, eine einfache Möglichkeit schafft, Weblogs gezielt von seinem Dienst auszuschließen.\nDas ist letztendlich der Mechanismus von Google Groups, ein opt-out System. Bei Google ist es der \u0026ldquo;X-No-Archive: yes\u0026rdquo; Header, den man setzen muß, damit der eigene Content nicht von Google Groups vereinnahmt wird. Per Default eignet sich Google aber erst einmal das ganze USENET an.\nDas skaliert sich nicht, für keine der beteiligten Parteien. Nein, was wir brauchen ist ein Opt-In System, und eines, mit dem sich differenzierter ausdrücken läßt, was erlaubt ist und was nicht: Ein Rechtemarkupsystem muß her und als Bestandteil des Feeds mit verbreitet werden. Die Systeme, die in der kompetetiven Sphäre bereit entwickelt worden sind, leisten hier nicht das gewünschte. Sie sind wie XrML grundsätzlich durch Schutzmechanismen der kompetetiven Sphäre unbrauchbar gemacht, was zu ihrer Herkunft paßt: [Sony und Microsoft](http://www.giantstepsmts.com/DRM Watch/xrml20.htm) spielen mit. Außerdem definierten sie, wie man am Beispiel von XMCL sehen kann, die falschen Rechte . Die kooperativen Wertschöpfer und ihre Lizenzen legen Wert auf andere Dinge als useDuration und useCount, Dinge mit denen sich solche Systeme aus der kompetetiven Sphäre nicht beschäftigen.\nMarkus schließt mit:\nAlles in allem scheint mir dieser Fall (und ähnliche) ein wunderbares Lehrstück dafür zu sein, wie hilflos eine Gesellschaft, ihr Rechtssystem, ihre Moral, ihre Wirtschaft etc. vor neuen technologischen Möglichkeiten stehen kann.\nIch empfinde das nicht so. Probleme gibt es immer nur dann, wenn Mitglieder der kompetetiven Sphäre meinen, sie könnten die Regeln der kooperativen Sphäre ignorieren, weil die kooperativen Wertschöpfer untereinander das tun. Die Kompetetiven bekommen dann nach den Regeln, die sie selbst geschaffen haben, auf die Finger. Müssen sie, damit die kooperative Allmende erhalten werden kann.\nDas ist ja genau der Grund, warum die Fackelträger der Kompetetiven versuchen, kooperative Lizenzen mit Schutzmechanismen wie die GPL als \u0026ldquo;viral\u0026rdquo;, \u0026ldquo;böse\u0026rdquo;, \u0026ldquo;illegal\u0026rdquo; oder sonstwie \u0026ldquo;ganz schlimm\u0026rdquo; darzustellen, allen voran Microsoft und die von Microsoft bezahlten Astroturfer.\nLizenzen mit Schutzmechanismen schaffen einen geschützten Bereich, in dem kooperatives Verhalten möglich ist und unter anderem durch niedrige Transaktionskosten belohnt wird. Sie bestrafen Leute, die die Kooperation verletzten, indem sie ihnen die viel höheren Transaktionskoste des kompetetiven Bereichs auferlegen (\u0026ldquo;Zieh erst mal Deine Lizenzen gerade.\u0026rdquo;) und sie von der Nutzung der freien, aber nicht kostenlosen kooperativen Werte ausschließen (Der zu zahlende Preis ist die Einhaltung der Regeln der Kooperation).\nDas neue, kompetetive Urheberrecht ist dazu blendend geeignet.Denn offensichtlich gilt es auch dann, wenn die Urheber keine Megakonzerne sind, sondern Tausende von verstreut agierenden Autoren. Wenn das neue Dienste behindert, dann ist das Recht entweder zu restriktiv, und muß gelockert werden (und zwar generell gelockert und nicht selektiv - so haben auch die kooperativen Wertschöpfer was davon), oder die Dienste müssen ihr technisches Konzept so überarbeiten, daß sie mit der juristischen Seite ihrer Dienstleistung von vorneherein korrekt klarkommen (also kompetetiv wasserdicht agieren).\nDie gesellschaftliche und vor allen Dingen die politische Diskussion versagt insofern, und da hat Markus recht, als daß die Existenz, die Daseinsberechtigung und der Wert der kooperativen Wertschöpfungsmechanismen in der politischen Diskussion und in der aktuellen Gesetzgebung keinen Niederschlag gefunden haben. Weder im Urheberrecht, noch im Markenrecht, noch im Patentrecht. Und das ist der zentrale Punkt, der geändert werden muß, indem die Parteien benannt werden (das versuche ich durch die Einführung dieser Begriffe), und indem ihre Interessen geeignet geschützt werden.\n","date":"2005-01-05T00:00:00Z","href":"https://blog.koehntopp.info/2005/01/05/ein-paar-ideologische-steine-ins-rollen-bringen.html","tags":["blog","free software","lizenz","media","lang_de"],"title":"Ein paar ideologische Steine ins Rollen bringen"},{"categories":null,"content":"Eine RSS-Plattform, izynews.de, repliziert RSS-Feeds nach IMAP. Das ist neu, und für viele Leute sicherlich praktisch. izynews.de macht das jedoch für Geld, und ohne Lizenzen für die Feeds zu kaufen oder die Lizenzen auf den Feeds zu beachten. Das ist schlecht, und verärgert den Schockwellenreiter, IT\u0026amp;W und Herrn Vetter vom Lawblog.\nNeu ist es nicht - Slashdot versuchte zum Beispiel einst, Artikel der Benutzer als Buch zu verkaufen, und hatte einen Copyright-Vermerk, der die Artikel der Benutzer quasi in Besitz nahm. Seitdem habe ich einen Copyright-Vermerk als Signature auf Slashdot, und verweise dort auf eine Erklärung, warum ich das so halte.\nWie auch immer, ein Blick ins Apache access.log zeigt uns, wie IzyNews auf den Feed zugreift:\n62.75.174.182 - - [04/Jan/2005:11:38:51 +0100] \u0026ldquo;GET /rss.php?version=2.0 HTTP/1.0\u0026rdquo; 200 29744 \u0026ldquo;-\u0026rdquo; \u0026ldquo;IzyNews/1.0 (http://izynews.com , multiple subscribers)\u0026quot;\nVon der IP 62.75.174.182 wurde also um die geigte Uhrzeit auf den RSS 2.0 Feed zugegriffen, dessen URL dort im Log zu sehen ist. Der Zugriff war OK (Status 200), und es wurden 29744 Bytes transferiert. Der Zugriff erfolgte direkt (\u0026rdquo;-\u0026quot;), und nicht über einen Verweis einer anderen Seite auf diese URL - der Referer war also leer. Der zugreifende Agent identifiziert sich als \u0026ldquo;IzyNews/1.0\u0026rdquo;.\nDas kann man plump über die IP sperren, oder aber über den User-Agent. Die Sperrung über die IP ist einfach. Man erzeugt eine .htaccess-Datei in der Wurzel seines Weblogs und schreibt dort\norder allow,deny deny from 62.75.174.182 allow from all Das ist jedoch plump und unflexibel. Ändert IzyNews die IP, oder kommen bei IzyNews wegen Reichtum mehrere Rechner hinzu, greift die Regeln nicht mehr. Zielsicherer ist eine Sperrung über den User-Agent.\nWir löschen die alte .htaccess also wieder und schreiben stattdessen in eine neue .htaccess-Datei den Absatz\nSetEnvIfNoCase User-Agent \u0026ldquo;IzyNews/1.0\u0026rdquo; leecher=yes order deny,allow deny from env=leecher\nDies setzt die Umgebungsvariable \u0026ldquo;leecher\u0026rdquo;, wenn der Agent von IzyNews zugreift (er kann an dem String \u0026ldquo;IzyNews/1.0\u0026rdquo; sauber identifiziert werden). Die deny-Regel verbietet dann (Error 403) den Zugriff für alle Requests, bei denen die Variable leecher gesetzt ist.\nAußerdem sind da noch Leute, die Artikel über das IzyNews Webinterface lesen. Deren Requests sehen so aus:\n217.246.46.112 - - [04/Jan/2005:12:19:58 +0100] \u0026ldquo;GET /webcam/kris.png HTTP/1.1\u0026rdquo; 200 30008 \u0026ldquo;http://aktuelles.izynews.de/de/dir/Weblogs%20%28Auswahl%29.htm?f=t\" \u0026ldquo;Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041109 Firefox/1.0\u0026rdquo;\nDiese Requests sind also nur am Referer sauber zu identifizieren, denn der User-Agent ist der Name des Browsers, mit dem der IzyNews-Kunde die Site von IzyNews liest, und die IP ist die des Kunden, nicht die von IzyNews.\nMan sieht bei weiterem Lesen des Logs, daß das HTML selber niemals requested wird, denn das hat IzyNews ja per RSS abgezogen und hosted es auf \u0026ldquo;aktuelles.izynews.de\u0026rdquo;. Die Bilder dagegen werden aber vom Originalserver referenziert. Dieselben Schutzmaßnahmen wie gegen Bilderklau helfen hier also auch.\nIn der .htaccess zu den Zeilen oben hinzufügen:\nSetEnvIfNoCase Referer izynews.de leecher=yes\nJetzt werden auch alle Zugriffe geblockt, bei denen der Referer auf izynews.de paßt. Damit erledigt sich auch das.\nJuristische Gegenmaßnahmen bleiben von solchen Technikspielereien natürlich unberührt und können unabhängig eingeleitet werden.\n","date":"2005-01-04T00:00:00Z","href":"https://blog.koehntopp.info/2005/01/04/rumble-in-the-jungle.html","tags":["blog","free software","lizenz","lang_de"],"title":"Rumble in the Jungle"},{"categories":null,"content":"Für Fondue oder Satay-Spieße.\nMan nehme zwischen einem halben und einem Glas Erdnussbutter creamy, je nach gewünschter Menge. Dazu dann zweimal die Menge Erdnusssauce in Wasser (besser: Kokosmilch!) in einem kleinen Topf (also 1.5 bis 3 Gläser), den man auf kleinster Flamme langsam erhitzt.\nDazu werden vier gepresste Knoblauchzehen, vier Esslöffel Balsamico und zwei bis drei große gehäufte Esslöffel fester Honig gegeben. Dazu zwei Teelöffel Chilipulver und nach Geschmack ein wenig Ingwer. Mit Zitronensaft abschmecken - die Soße wird jetzt mehr nach Essig schmecken als sie es später tut, der Geschmack verliert sich.\nDie Soße wirkt am Anfang sehr wässrig, das gibt sich sehr schnell, sobald sie kocht. Sie muss einige Minuten unter ständigen Rühren sachte kochen, bis sie die gewünschte Konsistenz hat. Danach auskühlen und einige Stunden durchziehen. Zum Servieren vorsichtig und unter Rühren erwärmen. Das Resultat sollte sich auf sämtliche Geschmacksnerven im Mund gleichzeitig legen - süß-scharf mit Untertönen von salzig-sauer.\nWarnung: Dies ist eine Nusssauce. Sie macht also sehr schnell sehr satt. Außerdem kann sie Spuren von Erdnuss enthalten. :)\n","date":"2004-12-31T00:00:00Z","href":"https://blog.koehntopp.info/2004/12/31/satay-sauce.html","tags":["rezepte","lang_de"],"title":"Satay Sauce"},{"categories":null,"content":"In Unendlichkeit (Revelation Space) treffen wir auf ein Universum, in dem die Menschen über eine Menge beeindruckender Technik gebieten - kilometerlange Raumschiffe, Smart Materials und Nanotechnik, AIs und cybernetische Bewußtseinsaufrüstung und was es an Spielzeug direkt aus einem GURPS Transhuman Sourcebook mehr gibt.\nUnendlichkeit (Revelation Space) Dennoch unterliegt die Menschheit noch immer den Fesseln von Lichtgeschwindigkeit, Massenträgheit und Energieerhaltung und das macht das Universum in Unendlichkeit zu einem Platz von überwaltigender Einsamkeit. Reisen zwischen den Sternen sind Projekte von Jahrzehnten oder Jahrhunderten Realzeit und Jahren oder Jahrzehnten Schiffszeit, und so hat sich die Menschheit über den Weltraum zwar ausgebreitet, ihn aber keineswegs erobert. Und Reynolds macht deutlich, daß es in einem solchen Universum vor allen Dingen die Willenskraft und Sturheit des Menschen und nicht sein technisches Spielzeug ist, daß ihn die gewaltige Leere überwinden läßt.\nIn Unendlichkeit geht es um zunächst einmal um Dan Sylveste, der auf der Forschungskolonie Resurgam das Schicksal einer vor mehr als einer Million Jahren ausgestorbenen Alienrasse zu erforschen und dabei in die politischen Wirren der Kolonie gerät. Um seine Hypothesen zu prüfen braucht er Zugriff auf ein interstellares Schiff, und da kommt ihm die in seinem System eintreffende \u0026ldquo;Sehnsucht nach Unendlichkeit\u0026rdquo; gerade recht. Doch das Schiff ist genau wie sein Kapitän krank - die Schmelzseuche, eine eigenartige Nanovirenkrankheit schweißt Smart Materials des Schiffes und die mit Nanotechnologie aufgerüsteten Organe des Kapitäns zu einer bizarren Einheit zusammen. Außerdem hat die \u0026ldquo;Sehnsucht nach Unendlichkeit\u0026rdquo; irgendwann vor dem Eintreffen im Resurgam-System eine Reihe von vierzig eigenartigen Artefakten unklarer Herkunft von einem Asteroiden geborgen, bei denen es sich wahrscheinlich um Waffen handelt.\nDie Menschen in Unendlichkeit sind die Mitglieder einer über Lichtjahre verstreuten und durch Raum und Zeit getrennten Menschheit - sie sind einander fremd und können die Distanzen, die nicht nur räumlich, sondern auch menschlich zwischen ihnen liegen, nicht mehr wirklich überwinden. Reynolds versteht es, diese Entfremdung auch dem Leser nahezubringen: Er führt seine Charactere als teilweise kaum noch menschenähnliche Symbionten aus organischen und mechanischen Teilen ein, und zeichnet sie dann gleichzeitig als Figuren mit menschlichen Gefühlen und Zielen und einer Psyche, die manchmal fremdartiger als die eines Aliens ist.\n* *\nChasm City In Chasm City (Chasm City) kehrt Reynolds in das Universum aus Unendlichkeit zurück. Der von Unendlichkeit vollkommen unabhängige Roman spielt zeitlich vor diesem und beleuchtet das Geschehen auf Yellowstone, dem Herkunftssystem der Resurgam-Expedition. Tanner Mirabel, ein Killer, verfolgt sein Opfer von Sky\u0026rsquo;s Edge nach Chasm City auf Yellowstone. Die Infektion mit dem Propagandavirus der Sky Hausmann-Sekte legt dabei bei ihm jedoch schrittweise unterdrückte Erinnerungen frei und er muß in bester Philip K. Dick-Manier erkennen, daß Tanner Mirabel niemals wirklich existiert hat.\nChasm City führt den Leser weiter in das noir-Universum ein, das wir in Unendlichkeit bereits kennengelernt haben - was es mit der Schmelzseuche auf sich hat, welche weiteren Fraktionen der Menschheit aus welchen Motiven heraus handeln und welche Mittel ihnen zur Verfügung stehen und am Ende lernen wir sogar, daß nicht alle weltraumfahrenden Alienzivilisationen immer zeitgleich mit der Entdeckung der interstellaren Raumfahrt ausgestorben sind.\nWährend Unendlichkeit Anleihen bei der Space Opera und dem Horror macht, ist Chasm City eher ein Detektivroman mit Anleihen beim Film Noir und dem Cyberpunk, aber vor dem gleichen großartigen und düsteren Hintergrund wie Reynolds erster Roman.\nArche Die Arche (Redemption Ark) führt die beiden unverbundenen Handlungsstränge aus Unendlichkeit und Chasm City zusammen: Die Wölfe, die Dan Sylveste vor fünfzig Jahren in Unendlichkeit geweckt hat, treffen vor Resurgam ein und die verschiedenen Fraktionen der Menschheit, die von ihrer Existenz überhaupt wissen, geraten über unterschiedlichen Strategien des Vorgehens gegen diese Bedrohung in Streit.\nIn diesem Buch lernen wir mehr über die Synthetiker, bisher die mysteriöseste und fremdeste Gruppe der Menschen in Reynolds Noir-Universum - eine Gruppe von Menschen, die borg-gleich mit Maschinenunterstützung einen Hive-Mind erschafft und an der Grenze zur Entkörperlichung operiert. Es ist diese Gruppe, die Ursprung der am weitesten fortgeschrittenen Technik im Universum von Reynolds ist, und sie befaßt sich intern mit noch fremdartigeren Dingen. Reynolds legt außerdem mehr über den Ursprung und die Ziele der Wölfe offen und es wird deutlich, daß die Menschen so wie bisher nicht mehr dort existieren können, wo die Wölfe aus die aufmerksam geworden sind.\nAbsolution Gap Der vierte und letzte Teil der Geschichte um die Wölfe, Absolution Gap , ist noch nicht in deutscher Sprache erschienen. Der Klappentext verspricht \u0026ldquo;[In fighting the inhibitors, ] a dreadful choice awaits: whether or not to bargain with powers that may be the answer to the Inhibitors\u0026ndash;but may be something worse.\u0026rdquo;\nEs ist ein offenes Geheimnis, daß ich gute Romane gegenüber Rollenspiel-Sourcebooks bevorzuge, weil sie die für das Spiel wesentliche Information besser und schneller herüber bringen und obendrein billiger und unterhaltsamer sind. Diese vier Bücher präsentieren ein geschlossenes Far Future-Szenario, daß geradezu danach schreit, mit BESM (meine Wahl) oder Gurps Transhuman-Regeln bespielt zu werden. Dem Erzähler stehen genug Schauplätze und Hintergrundinformationen zur Verfügung, um wahlweise Städteabenteuer und Cyberpunk-Geschichten in Chasm City auf Yellowstone, Outdoor- oder Militärmissionen auf Sky\u0026rsquo;s Edge oder \u0026ldquo;Widerstand gegen die Bürokratur\u0026rdquo;-Geschichten auf Resurgam zu bevölkern, oder seine Mitspieler auf Sense-Of-Wonder-Expeditionen im tiefen Raum mitzunehmen.\nJede Menge fremdartige und aufgerüstete Fraktionen der Menschheit stehen zur Verfügung, um auch auf \u0026ldquo;crunchy bits\u0026rdquo; versessene Spieler gefahrlos BESM \u0026ldquo;40-Punkte Figuren\u0026rdquo; bauen zu lassen - es ist sowieso egal, denn in Reynolds Noir-Universum hat jede Fraktion einen Gegenspieler und jede Technik einen Gegenmechanismus (und wenn nicht, kann man leicht plausibel einen erfinden).\nDer von Reynolds gemalte Hintergrund ist groß genug, um leicht jede andere Geschichte stattfinden zu lassen oder sie mit dem Handlungsbogen der vier Bücher, der sich über mehr als einhundert Jahre erstreckt zu verweben. Zugleich ist zwischen Reynolds Pinselstrichen ausreichend Platz, um eigene Geschichten, Welten oder Fraktionen einführen zu können und Raum zum Spielen zu haben.\nJetzt brauche ich nur noch Leute, die Lust haben, eine solche Kampagne zu spielen und die die Bücher noch nicht gelesen haben\u0026hellip; :)\n","date":"2004-12-30T00:00:00Z","href":"https://blog.koehntopp.info/2004/12/30/alastair-reynolds.html","tags":["book","media","review","lang_de"],"title":"Fertig gelesen: Alastair Reynolds"},{"categories":null,"content":"Ein Gastblogeintrag von Matthew Langham als Antwort auf Open Source und Firmen , den er mir per Mail gesendet hat und den ich auf Nachfrage als Gastblogeintrag veröffentlichen darf:\nEin sehr interessanter Beitrag auf Deinem Weblog. Leider ist mein Kommentar zu lang - daher als E-Mail. Ich hätte das auch noch auf meinem Weblog gepostet - aber da ich dort auf Englisch schreibe\u0026hellip;.\nGrundsätzlich würde ich diesen Ausführungen zustimmen. Auch wenn Unternehmen auf Open Source zurückgreifen, um ihre eigenen Lösungen zu erstellen, so haben auch wir häufig festgestellt, daß die Unternehmen dann lieber die Probleme im eigenen Haus beheben als z.B. in die Liste zu fragen, ob das Problem bekannt ist. Dies führt in der Tat dazu, daß hauseigene Forks entstehen, die dann nur mit sehr viel Aufwand auf neuere Versionen des Open-Source-Projekts migriert werden können.\nMan muss die Unternehmen in dieser Hinsicht \u0026ldquo;erziehen\u0026rdquo;.\nOft wissen sie gar nicht, wie man Fehlerbehebungen an die Community zurückgeben kann. Oft haben sie einfach Angst davor, Fragen in die Liste zu posten. Diese Unternehmen müssen erstmal lernen, daß in einem Open-Source-Projekt die eigentliche Software fast unwichtig ist. Sich an die Community zu beteiligen und davon zu profitieren stellt weit höhere Anforderungen an ein Unternehmen als das bloße herunterladen von Software.\nAuf der JAX-Konferenz habe ich 2x eine Session \u0026ldquo;Open Source für Manager - Don\u0026rsquo;t Panic\u0026rdquo; gehalten. Dort versuche ich eben diese Punkte insbesondere den Entscheidungsträgern beizubringen.\nNur wer als Unternehmen bereit ist, in gewisser Weise die Offenheit solcher Communities an sich heranzulassen, wird wirklich davon profitieren. Wir arbeiten teilweise mit Unternehmen zusammen, die seit mehreren Jahren Open Source einsetzen, aber noch nicht in der Lage sind z.B. mit ihren eigenen E-Mail-Adressen in die Liste zu posten.\nAber auch in die andere Richtung gibt es Hemmnisse, die es zu überwinden gilt. Viele Communities tun sich schwer \u0026ldquo;Neulinge\u0026rdquo; aufzunehmen. Eine Open Source Community hat immer eine gewisse Struktur und \u0026ldquo;Befehlskette\u0026rdquo;. Es gibt Personen, die dort viel zu sagen haben und welche die eher weniger zu sagen haben. In der Community herrscht immer ein gewisser \u0026ldquo;Ton\u0026rdquo;. Diese Eigenschaften muss man kennen, wenn man als Mitglied der Community anerkannt werden will.\nVor 5 Jahren (als wir mit diesen Themen anfingen) wurden wir als kommerzielles Unternehmen in den entsprechenden Open-Source-Projekten überhaupt nicht akzeptiert. Erst als wir gezeigt haben, dass wir auch im Sinne der Community handeln wollen (und ja - dies bedeutet Mitarbeiter zu einem gewissen Anteil zu bezahlen damit sie nicht für die Firma direkt etwas erstellen, sondern vielleicht etwas voranbringen, was die Community benötigt) wurden auch wir akzeptiert. Und das kann schon mal Monate dauern.\nIch könnte noch mehr dazu schreiben (ist ein sehr interessantes Thema) - höre hier aber lieber auf.\nFreundliche Grüße / With kind regards Matthew\n","date":"2004-12-15T00:00:00Z","href":"https://blog.koehntopp.info/2004/12/15/re-open-source-und-firmen.html","tags":["computer","lang_de"],"title":"Re Open Source Software und Firmen"},{"categories":null,"content":"Viele Firmen verwenden Open Source. Dagegen ist auch wenig zu sagen - viele Open-Source-Software ist gut, und in den meisten Fällen ist sie leichter zu durchschauen, flexibler anzupassen und sehr viel einfacher zu debuggen als Closed Source Software. Aber Open Source braucht andere Prozesse als Closed Source, wenn es um Anpassung, Änderung und Deployment geht.\nDie Tatsache, daß Open Source änderbar ist, verführt viele Firmen dazu, die Software wirklich zu ändern. Aber Ändern ist nur ein Teil der Arbeit, und meistens der billigste.\nWas nämlich passiert, ist meistens das folgende: Eine Firma nimmt sich ein Stück Software, und passt ihn auf ihre Bedürfnisse an. Die Änderungen werden dann im Hause gelassen und nicht an die offizielle Source-Basis zurück übergeben, denn dies ist ein komplizierter Prozess:\nZum einen muss im Hause die Erlaubnis erwirkt werden, potenzielles Intellectual Property freizugeben, was ja vielleicht den Shareholder-Value der Firma gefährden würde. Zum anderen muss die Änderung in einer Form sein, die nicht nur den internen Ansprüchen an eine ad-hoc Änderung im Kontext der Firma genügt, sondern sie muss auch den - meistens viel härteren - Ansprüchen des Open Source Projektes genügen. Das bedeutet, man würde im Hause Entwicklungsaufwand nicht für die Zwecke der Firma, sondern für irgendein Open-Source-Projekt auf Kosten der Firma betreiben.\nAlso belässt man es in den meisten Fällen dabei, Zeug im Hause zu ändern und gibt die Änderungen nicht an das Originalprojekt zurück. Das ist sogar nach den Maßstäben der sonst recht strengen GPL 2 legal - Quelltexte müssen nur dann offengelegt werden, wenn das Binary weitergegeben wird. Und das passiert ja in der Regel nicht. Jetzt hat man effektiv einen hausinternen Fork eines Open-Source-Projektes am Hals.\nDas Open-Source-Projekt entwickelt sich weiter, und baut weitere, neue Features ein. Will man jetzt im Hause diese neuen Features im hausinternen Projekt nutzen, hat man ein riesiges Upgrade-Problem am Hals. Denn alle lokalen Änderungen müssen aus der alten Codebasis in die neue portiert werden. Dort werden sie integriert und getestet - um dann beim nächsten Upgrade wieder denselben Aufwand zu verursachen.\nSo eingesetzt ist Open Source letztendlich zwangsläufig unrentabel. Mit dem Einsatz von Open Source muss letztendlich firmenintern auch eine Policy definiert werden. Diese Policy muss, damit die Sache sich rechnet, folgende Eckpunkte festlegen:\nEntweder: Wir lesen Open Source nur, wir schreiben ihn nicht. Wenn sich Dinge nicht konfigurieren lassen, dann ändern wir sie nicht am Source, sondern bitten das Projekt, die Software für unsere Zwecke anzupassen. Wenn sie das nicht tun, müssen wir uns anderweitig umsehen.\nOder: Wir lesen und schreiben Open Source. Wenn wir Open Source schreiben, dann tun wir das in dem Bewusstsein, daß wir von vorneherein geschäftsspezifische Logik und allgemeingültigen Code getrennt halten müssen.\nAllen allgemeingültigen Code entwickeln wir auf Kosten des Hauses so weit, daß er vom Projekt als unsere Contribution in die offizielle Codebasis zurück akzeptiert wird. Dadurch sind wir die Verantwortung für diesen Code los und können Weiterentwicklungen an diesem Code aus der offiziellen Codebasis ohne Änderung im Hause nutzen.\nAlle geschäftsspezifische Logik entwickeln wir im Hause so weit, daß wir allgemeingültige Plugin-Schnittstellen oder andere Isolationsmechanismen in die Software einbauen oder einbauen lassen. Wir realisieren dann unsere geschäftsspezifische Logik grundsätzlich so, daß wir die offizielle Codebasis nicht patchen, sondern lediglich Plugins für sie schreiben.\nSo halten wir die Trennlinie zwischen offiziellem und firmeneigenem Code sauber aufrecht, und verbauen uns nicht die Möglichkeit, offiziellen Code jederzeit in die Produktion im Hause integrieren zu können. Andererseits stellen wir so sicher, daß geschäftsspezifische Logik nicht aus Versehen veröffentlicht wird.\nDies zu lernen und zu verstehen ist für manche Firmen ein harter und teurer Prozess. Es ist billiger und bequemer, Code im Hause für andere Leute zu schreiben und zu verschenken, als solches wertvolles Intellectual Property im Hause zu halten? Das klingt beim ersten Hören paradox. Erst die Langzeit-Betrachtung der Prozesse und Kosten im Hause macht klar, daß eine Firma Änderungen an Open-Source-Projekten im Hause sehr dringend aus dem Haus bekommen muss, wenn sich Open Source für die Firma rechnen soll.\nSeltsamerweise ist das beinahe das, aber eben nicht ganz, was Microsoft als \u0026ldquo;das Open Source Problem\u0026rdquo; hinstellt und mit dem Firmen das Microsoft Shared Source-Konzept schmackhaft gemacht werden soll: Forks sind böse, und bei Shared Source gibt es eine offizielle Quelle, die von einem großen, finanziell nicht gefährdeten Konzern verwaltet, weiterentwickelt und qualitätskontrolliert wird.\nDer alles entscheidende Unterschied besteht letztendlich darin, ob die Änderungen am öffentlichen Source hinterher allen gehören, also wirklich öffentlich sind (Open Source), oder Microsoft gehören (MS Shared Source). Nun könnte man sich letztendlich auf den Standpunkt stellen, einer Firma, die sowieso Intellectual Property verschenkt (verschenken muss!), könnte es letztendlich egal sein, ob sie es der Allgemeinheit schenkt oder ob sie es Microsoft schenkt.\nWenn man drüber nachdenkt, erkennt man schnell, warum es nicht egal ist - Microsoft ist ja keine passive, interessenlose Einheit, sondern ein bewegliches Ziel mit einer eigenen Agenda.\n","date":"2004-12-14T00:00:00Z","href":"https://blog.koehntopp.info/2004/12/14/open-source-software-und-firmen.html","tags":["computer","lang_de","free software"],"title":"Open Source Software und Firmen"},{"categories":null,"content":"Bei meinem Arbeitgeber ist es verpflichtend, ein Daily zu schreiben.\nIm Daily schreibt man auf, was man an diesem Tag an persönlichen Zielen erreicht hat, und notiert weitere Dinge, von denen man glaubt, daß sie interessant sein können.\nKalibrierung der Warpspulen abgeschlossen. Deflektorkapazität wird bei weiterem Hochgeschwindigkeitsflug nicht mehr ausreichen. Upgradeoptionen evaluiert. Energieverluste der lateralen Dämpfungsfelder untersucht. Ursache weiterhin unklar. Ich muß wohl einen der Waffenspezialisten hinzuziehen. Das Daily sendet man an seine Peers (als Teamleiter also an alle Teamleiter unter demselben Abteilungsleiter), upstream (also an den Abteilungsleiter) und an alle Leute, die man im Daily erwähnt hat (also an alle Leute, mit denen man an diesem Tag zu tun hatte). Außerdem kann jeder das Daily von jedem Kollegen anfordern, wenn er möchte.\nDa im Daily nicht nur die Sachen stehen, die einen angehen, sondern auch die Sachen, die der andere an diesem Tag sonst noch so gemacht hat, bekommt man einen recht schnellen und überraschend effektiven Informationsfluß hin. Es handelt sich quasi um ein institutionalisiertes FlurTurbolift-Gespräch.\nDailies wurden in der Firma bisher per Mail getauscht. Das war okay, erzeugt aber keinen nachlesbaren Trail, auf dem man später noch einmal suchen kann.\nEinige Kollegen haben das it-wiki (ein MoinMoin) ein wenig aufgehackt und eine Seite mit SendDaily-Funktion entwickelt. Dort kann man sein Daily ins Wiki legen und am Ende des Tages dann SendDaily anklicken. SendDaily leert die Daily-Seite, sendet die Seite an die in der Seite angegebenen Empfänger, generiert aus einem Template eine neue leere Daily-Seite und hängt das Daily an das Daily-Archiv vorne an.\nSchon fast ein Blog. Aber man muß halt KristianKöhntopp/Daily, KristianKöhntopp/DailyVorgabe und KristianKöhntopp/Archiv2004 warten und insbesondere in /Archiv2004 lassen sich Sachen nur sehr schwer wiederfinden.\nAußerdem haben nicht alle Kollegen das Wiki verwendet, weil sie es nicht mögen. Wer ein MoinMoin mal gesehen hat, weiß was ich meine.\nWir haben seit Anfang Dezember dank Jochen ein S9Y als itblog laufen. Bisher sind ein gutes Dutzend Kollegen darauf eingestiegen und bloggen ihre Dailies lustig in eine gemeinsame S9Y-Instanz. Das hat eine Reihe von Vorteilen (M. Roell, liest Du noch mit?):\nJede Zeile im alten Daily ist ein Eintrag im itblog. Auf diese Weise bekommt man unterschiedbare URLs für jeden Punkt Die Dinger sind kommentierbar. Jeder Ergebnisbereich bekommt eine Kategorie. Auf diese Weise lassen sich Sparten gezielt selektieren und ausfiltern. Wir lehren die Kollegen, Entry und Extended Entry zu unterscheiden. So sind auch längere Texte möglich, wenn man es wünscht. S9Y hat eine wirklich gute Volltextsuche. Hierarchische Kategorien bilden Delegationen direkt ab. Mehrfache Kategorien pro Eintrag erlauben gemeinsame Einträge. RSS läßt den Lesern freie Wahl bei der Weiterverarbeitung. Mehr Zusammenschau - man sieht mehr Dailies, und bekommt so mehr Streuinformation. Aber es entstehen auch einige Sicherheitsprobleme: So müssen externe Trackbacks und Pings unbedingt deaktiviert werden, oder es gibt eine Katastrophe.\nUnd: S9Y skaliert sich mit 20-40 Usern überraschend gut. Es fehlen einige Details, etwa eine Sicht nach User genau wie eine Sicht nach Kategorie, und einige Querstreifen zwecks besserer Lesbarkeit im User-Editor. Außerdem wäre es schön, wenn S9Y seine Anmeldeinformationen aus einem LDAP zöge.\nSchließlich noch die Beobachtung am Rande:\nDie Auswahl des Tools hat beeindruckende Rückwirkungen auf die Qualität des geschriebenen Textes. Während im Wiki häufig Einzeiler entstanden sind,\name, kris und kabl diskutieren die Auswirkungen des Upgrades der Warpfeldgeneratoren\nfinden sich jetzt eher brauchbare Texte.\name, kris und kabl stimmen das Upgrade der Warpfeldgeneratoren ab. Die neuen Spulen werden gute 60% mehr Leistung brauchen. ame diskutiert derzeit mit Anbietern von Dilithiumkristallen. kris fragt, ob die Kapazität der EPS-Kupplungen diesen Belastungen standhalten kann oder ob wir das Energienetz upgraden müssen. kabl merkt an, daß wir in diesem Fall den Onlinetermin für Warp 8 nicht halten können.\nMal sehen, ob das Werkzeug abteilungsweit angenommen wird. Eigentlich aber ein leichter Fall: Das Bloggen ist bei uns sowieso schon seit Jahren Bestandteil der Firmenkultur, und jetzt wird nur ein besseres Werkzeug dafür installiert.\n","date":"2004-12-08T00:00:00Z","href":"https://blog.koehntopp.info/2004/12/08/firma-mit-blogs.html","tags":["blog","lang_de"],"title":"Firma mit Blogs"},{"categories":null,"content":"In \u0026ldquo;Das Böse ist immer und überall\u0026rdquo; schreibt Telepolis über ein Phänomen, daß wir alle bei unseren alten Tanten haben beobachten können, als wir klein waren. Besagte Tanten saßen nämlich mit den Kieler Nachrichten auf dem Schoß da und lasen in der Rubrik mit den Polizeiberichten, was letzte Nacht alles schlimmes passiert ist, um dann den Kopf zu schütteln, \u0026ldquo;Tsk, tsk, tsk\u0026rdquo; zu machen und sich dann darüber auszulassen, wie schlimm alles geworden ist.\nTelepolis zitiert eine Studie des Kriminologischen Forschungsinstitut Niedersachen, in der die Bevölkerung befragt wurde, wie sie die Kriminalitätsentwicklung beurteilt und wie die Medien dieses Urteil beeinflussen - \u0026ldquo;gefühlte Sicherheit\u0026rdquo;, gewissermaßen.\nDen objektiven Zahlen nach ist die Kriminalitätsrate in den letzten zehn Jahren in Deutschland stark gesunken:\nDie Polizeiliche Kriminalstatistik (PKS) weist für die letzten zehn Jahre (1993 bis 2003) einen deutlichen Rückgang auf, gerade für schwere Straftaten: Wohnungseinbrüche -45,7 Prozent, Autodiebstahl -70,5 Prozent, Banküberfälle -44,4 Prozent, Mord -40,8 Prozent, Sexualmord -37,5 Prozent.\nEine wichtige Ursache dafür ist das steigende Durchschnittsalter der Bevölkerung - der Bevölkerungsanteil der Männer 18-30 ist für den größten Teil der Gewaltkriminalität verantwortlich und diese Gruppe schrumpft.\nFragt man die Bevölkerung jedoch danach, was sie glauben, wie sich die Kriminalitätsrate entwickelt, stellt sich ein ganz anderes Bild dar:\nAusgehend von Zahlen der PKS von 1993 zu bestimmten Straftaten sollten die Befragten deren Entwicklung einschätzen. Was dabei zutage kam, hat die Wissenschaftler einigermaßen erschüttert: Die Befragten unterstellten einen starken Anstieg bei allen Delikten. Je gravierender und emotionalisierender die Tat, umso höher lag die Fehleinschätzung: Beim Wohnungseinbruch betrug sie das Zweieinhalbfache, beim Mord das Doppelte und beim vollendeten Sexualmord sogar das Sechsfache.\nWarum diese Fehleinschätzung? Die Studie sagt:\nUnsere Hauptthese ist, dass der Wandel gerade bei den öffentlich-rechtlichen Nachrichten in Quantität und Qualität der Berichterstattung einen großen Unterschied macht. Die Nachrichtensendungen sind immer noch die Quelle der höchsten Seriosität. Dass die Bild-Zeitung übertreibt, weiß ja jeder. Wenn die Tagesthemen aber plötzlich immer häufiger über Kriminalität berichten, dann glauben die Leute, da muss was dran sein. Die Tagesthemen sagen zwar nicht, der Sexualmord steigt. Aber sie berichten beim ersten Tatverdacht, aus der U-Haft, von der Anklageerhebung und vom Prozess. Kriminalität wird ausgelutscht und genutzt, die Zuschauer zu binden. Weil man die Sorge hat, dass man, wenn selbst nicht mitmacht, es die anderen tun, und die haben dann die höheren Einschaltquoten.Christian Pfeiffer im Gespräch mit Telepolis\nJe mehr Menschen Fernsehen, je schlechter sie ausgebildet sind und je schlechter die persönlichen Verhältnisse sind, um so mehr wird Kriminalität wahrgenommen, um so höhere Strafen werden gefordert und für um so schlimmer wird die Situation gehalten.\n","date":"2004-11-08T00:00:00Z","href":"https://blog.koehntopp.info/2004/11/08/fernsehen-macht-angst.html","tags":["media","lang_de"],"title":"Fernsehen macht Angst"},{"categories":null,"content":"Mail wird über SMTP (Port 25) versendet, weiß man ja.\nIn RFC 2476 wird nun eine Abwandlung von SMTP diskutiert, das Mail Submission Protocol. Submission ist im wesentlichen SMTP auf Port 587 (submission), mit dem zusätzlichen Requirement, daß irgendeine Art der Absender-Authentisierung stattfindet. Mail Submission spezifiziert dabei ausdrücklich nicht, wie diese Authentisierung stattfinden soll:\n3.3. Authorized SubmissionNumerous methods have been used to ensure that only authorized users are able to submit messages. These methods include authenticated SMTP, IP address restrictions, secure IP, and prior POP authentication.\nSubmission wird von einigen Leuten als Werkzeug im Kampf gegen Spam verkauft, aber dort ist es nur eingeschränkt wirksam - die erhofften Vorteile basieren darauf, daß man nun Mail Transport (Port 25) und Mail Submission (Port 587) trennen kann, und daß auf Port 587 zwingend Authentication verlangt wird, also hoffentlich keine offenen Relays existieren werden.\nFür den Endanwender hat Submission auch Vorteile, die jedoch hauptsächlich darauf basieren, daß es als Protokollvariante noch nicht sehr bekannt ist und deswegen gerne übersehen wird.\nManche ISPs verwenden zum Beispiel transparente Proxies auf Port 25, um ihre Kunden zu zwingen, den Mailverkehr über den Mailer des ISPs abzuwickeln. Versucht mal als Kunde eines solchen ISP zum Beispiel einen SMTP Server bei einem freien Webmailer zu erreichen, sieht man stattdessen das SMTP Banner des ISP.\n$ telnet smtp.web.de 25 Trying 217.72.192.157... Connected to smtp.web.de. Escape character is \u0026#39;^]\u0026#39;. 220 smtp.onebb.com ESMTP Sendmail 8.12.11/8.12.11; Fri, 29 Oct 2004 15:40:30 +0800 quit 221 2.0.0 smtp.onebb.com closing connection In diesem Fall kann es nützlich sein, statt Port 25 den Port 587 zum Mailversand zu verwenden, in der Hoffnung, daß der ISP diesen Port noch nicht mit seinem Proxy gedeckelt hat.\n$ telnet smtp.web.de 587 Trying 217.72.192.157... Connected to smtp.web.de. Escape character is \u0026#39;^]\u0026#39;. 220 smtp08.web.de ESMTP WEB.DE V4.101#44 Fri, 29 Oct 2004 09:40:55 +0200 quit 221 smtp08.web.de closing connection Connection closed by foreign host. ","date":"2004-10-29T00:00:00Z","href":"https://blog.koehntopp.info/2004/10/29/submission-port-587.html","tags":["mail","lang_de"],"title":"Submission (Port 587)"},{"categories":null,"content":"Da sich dies langsam zur FAQ auswächst, hier einmal als Text, damit ich in Zukunft darauf verweisen kann.\nSie schreiben:\nIch erhalte von Ihnen immer 8 TCP Scans auf meinen Rechner. Da es nicht das erste Mal ist, daß mein Router mir das von Ihrem Rechner aus meldet, muß ich Sie dazu auffordern dies bitte zu unterlassen. Possible TCP port scan from 217.72.195.85 (8 ports) against (IP-Nummer).\nSie sehen Meldungen, die die IP-Nummer 217.72.195.85 betreffen. Diese IP-Nummer gehört zu dem Namen img.web.de. \u0026ldquo;img.web.de\u0026rdquo; ist ein Cluster von vielen spezialisierten Webservern für statische Dateien, etwa für Bilder und statische HTML-Seiten. Es handelt sich nicht um einen realen Server, sondern um die virtuelle IP eines Loadbalancers für Webserver. Von dort kann keine Portscan-Software arbeiten.\nWenn Sie eine Webseite von der Domain web.de anfordern, sind darauf Verweise auf eine ganze Reihe von Bilddateien in Form von \u0026ldquo;\u0026lt;img src=\u0026ldquo;https://img.web.de/....\" /\u0026gt;-Verweisen enthalten. Ihr Rechner baut dann in sehr schneller Folge Verbindungen zu img.web.de auf, um diese Bilder von dort zu laden. Dabei wird auf der Seite von img.web.de immer Port 80 (http) bzw. Port 443 (https) verwendet. Auf Ihrer Seite verwendet Ihr Rechner dazu aufeinanderfolgende hohe Portnummern (32768, 32769, und so weiter), die durch Ihr Betriebssystem festgelegt werden.\nIhre Firewall ist übersensibel und interpretiert diese Verbindungsaufbauten wegen der aufeinanderfolgenden Portnummern als Portscan. Es handelt sich jedoch nicht um einen Angriffsversuch von img.web.de, ja noch nicht einmal um von unserem Rechner ausgehende Verbindungen. Stattdessen interpretiert Ihre Firewall Aktionen genau des Rechners, den sie schützen soll als Angriff auf diesen Rechner.\nBitte konfigurieren Sie Ihre Firewall so, daß sie keine Falschmeldungen mehr erzeugt oder ignorieren Sie die Meldungen.\n","date":"2004-10-21T00:00:00Z","href":"https://blog.koehntopp.info/2004/10/21/ihr-imageserver-greift-meinen-pc-an.html","tags":["security","lang_de"],"title":"Ihr Imageserver greift meinen PC an"},{"categories":null,"content":"Dies ist das Siegerplakat eines Plakatwetbewerbes zum Thema \u0026ldquo;Farbe bekennen gegen globale Armut\u0026rdquo;. Es wird nicht gezeigt, sondern nur in Worten beschrieben:\nDas Plakat zeigt eine Cola-Flasche mit schmutzigem Wasser. Das Wort \u0026ldquo;Cholera\u0026rdquo;, das auf dem Etikett zu sehen ist, erinnert an den Schriftzug von \u0026ldquo;Coca-Cola\u0026rdquo;. Das mit der Hilfe von Photographie gestaltete Plakat soll auf symbolische Weise Folgen von Armut ,wie z.B. Krankheiten, aufzeigen.\nWarum wird es nicht gezeigt?\nPreis: Uta Volkmann von der FH Potsdam. Um Wettbewerbs- bzw. Markenrechte nicht zu verletzen, können wir das Plakat von Uta Volkmann derzeit leider nicht veröffentlichen bzw. abbilden. Herzlichen Glückwunsch, allen Beteiligten an dieser Farce.\n(via Telepolis )\n","date":"2004-10-19T00:00:00Z","href":"https://blog.koehntopp.info/2004/10/19/cholera.html","tags":["zensur","lang_de"],"title":"Cholera"},{"categories":null,"content":"Schon Weird Al hat gewußt: It\u0026rsquo;s all about the Pentiums, baby . Im Falle eines Rechenzentrums kann man durch den Einsatz von Blades nicht nur Strom sparen, sondern auch die Leistungsdichte erhöhen (also Platz sparen) und das Management verbessern.\nIch hatte die letzten paar Wochen Gelegenheit, Bladecenter von HP und IBM zu sehen. Beide haben sehr unterschiedliche Konzepte\u0026hellip;\nÜber Blades Blades bestehen aus einem Einschub, dem Enclosure, in den meist vertikal die Rechnereinschübe eingesteckt werden (daher der Name Blade für die Einschübe). Das Enclosure enthält die Infrastruktur zum Betrieb des Rechners, liefert also Strom, Netzwerk, Management sowie Konsole und Bildschirm nach draußen. Die Blade selber wird nicht verkabelt, sondern dockt durch das Einschieben automatisch in das Enclosure ein. Über die Managementfunktionen läßt sich die Blade ein- und ausschalten, booten, und ihr können, wenn der Bedarf dafür besteht, das Diskettenlaufwerk und das CD-ROM Laufwerk aus dem Enclosure zugewiesen werden.\nDie Blades selber haben durchaus Power - zwei Prozessoren aus dem 3GHz-Segment mit Speicher im Gigabyte-Bereich sind üblich. Die Schwachstelle sind meist die Platten - zwar können in der Regel zwei Platten auf der Blade selber montiert werden und man hat die Wahl zwischen IDE- und SCSI-Platten, aber es handelt sich in der Regel um 2.5 Zoll Notebookplatten bzw. vergleichbare Geräte, die für den Dauereinsatz in Servern zertifiziert sind. Solche Platten taugen, das sollte klar sein, zum Booten und Laden des Betriebssystems und der Anwendung, aber nicht für Datenbanken. Die Blade bringt außerdem meist zwei Netzwerkinterfaces mit, die auf die Enclosure-eigenen Switch connected und hat Platz für eine Erweiterung - etwa eine weitere Netzwerkkarte oder ein Modul für den SAN-Access.\nEs gibt auch größere Blades mit vier Prozessoren, mehr Speicher und Festplatten in Hotplug-Rahmen innerhalb der Blade, die eher auf den Datenbank- denn auf den Frontend-Markt zielen, aber diese wirken eher unbeholfen und noch nicht so richtig Marktreif.\nEnclosures haben je nach Hersteller zwischen 6 und 7 HE Höhe und bieten Platz für 14 bis 16 Blades (von der Frontend-Sorte).\nDie Konzepte von HP und IBM sind dabei sehr unterschiedlich. Bei BioTeam.net findet man eine Galerie mit Fotos der vorherigen Generation von Bladecentern und Blades. Die Bilder geben dennoch einen sinnvollen Eindruck der aktuellen Blades wieder.\nHP BL30p Auf dem Bild sieht man eine BL20p Blade von HP unter einer IBM Blade liegen. Die Frontend-Einschübe (BL30p) von HP sind halb so hoch, haben aber dieselbe Länge.\nLeider sind keine Fotos einer nicht eingebauten BL30p zu finden, was schade ist. Denn in diesem Fall würden verschiedene Dinge auffallen, die die Unterschiede im Konzept zwischen HP und IBM sehr deutlich machen:\nDie BL30p ist offen, hat also keine Abdeckung wie die gezeigte BL20p. Zwei BL30p stecken übereinander in einen sogenannten Sleeve, der dann die Größe und Form wie abgebildet hat und im Enclosure steckt. Blades in Sleeves zu stecken ist ein bischen hakelig, da die BL30p wie gesagt oben nicht geschlossen ist und man so direkt auf CPUs, RAM und Platten fassen kann. Wegen der geringen Höhe der Blade sitzen die CPUs in der BL30p hintereinander, die eine an der oberen, die andere an der unteren Kante der Blade ausgerichtet. Beide CPUs überlappen sich zu einem Drittel bis zur Hälfte im Luftweg, sodaß die hintere CPU Luft bekommt, die bereits durch die vordere CPU erwärmt wurde. Vor den beiden CPUs sitzen zwei hochtourige Mikrolüfter, die die beiden CPUs anblasen. Das Kühlkonzept hat also, anders als IBM, Lüfter pro Blade statt einer großen redundanten Zentralkühlung. Die Blades werden in den Sleeves mit Plastik-Nupsis gesichert. Während der Teststellung sind uns diese Dinger reihenweise abgebrochen Das HP Enclosure ist mit 6 HE niedriger als das IBM Enclosure (7 HE) und faßt 16 BL30p Einschübe - das sind also 32 CPUs pro Enclosure, aber es passen keine 7 Enclosures in ein Rack. Denn HP trennt Enclosure und Stromversorgung in unterschiedliche Komponenten. Für eine bestimmte Menge Blades braucht man einen speziellen Netzteil-Enclosure (3 HE), der dann 48V Gleichstrom ausspuckt.\nHP wirbt mit der Flexibilität des Konzeptes der Rack-zentralisierten Stromversorgung, aber in der Realität hat man dann auf der Rückseite seiner Racks ein schweres Übersichtlichkeitsproblem - den Racks wächst ein Geschwür von Kabeln hinter den Enclosures, die dann mit schwenkbaren Plastikarmen so montiert werden, daß man einerseits die Racks noch zu bekommt, andererseits aber bei Bedarf auch an die Geräterückseiten herankommt. Da 48V verwendet wird, sind die verwendeten Kabel daumendick, damit die benötigten Amperes da durch gehen und entsprechend elegant zu handhaben. Abgesehen davon, daß so ein Drahverhau aussieht sie gewollt und nicht gekonnt, ist das ganze auch ein logistischer Albtraum.\nIBM Das Enclosure von IBM ist größere - 7 HE hoch. IBM Blades sind außerdem kürzer - sie reichen nicht bis zur Rückseite des Gerätes. Das gibt IBM Platz, um auf der Geräterückseite zwei redundante Lüfter (die großen Dinger in der Mitte mit den Stauklappen zur Verhinderung von Kühlkreis-Kurzschlüssen), vier redundante Netzteileinschübe (links und rechts von den Lüftern mit den Kaltgerätedosen), vier Switch-Einschübe (ganz links) sowie zwei Managementeinschübe (ganz rechts) zu plazieren. Auch mit Verkabelung dran sieht die Geräterückseite sehr übersichtlich aus, und ist vor allen Dingen auch Sonntags nachts um Vier durch einen verschlafenen Rufbereitsschaftler problemlos zu maintainen.\nDie Blades selber sind geschlossen, und so breit, daß die CPUs nebeneinander plaziert werden können - sauberer Airflow. Durch die zentrale Belüftung des Enclosures befinden sich auf den Blades außer den Platten keine beweglichen Teile - und die Platten braucht man bei einem Netzwerkboot im Prinzip nicht, da Frontends, die swappen sowieso ein Problem haben.\nIBM garantiert Interoperabilität und Wiederverwendbarkeit des Chassis für fünf Jahre (und merkt dabei fairerweise an, daß neuere CPUs unter Umständen auch einen Austausch der Lüfter und Netzteilmodule notwendig machen können - aber das sollen die Vertriebler und Einkäufer in einem Tradein unter sich ausmachen). Dabei macht IBM mit der Offenlegung der Standards auch deutlich, daß sie eine Plattform statt einer proprietären Lösung etablieren wollen. So hat man bei den Switchmodulen die Wahl zwischen Dlink und Cisco (und die Switches sind anders als bei HP physikalisch voneinander getrennt, wenn man sauber DMZen will).\nManagement Beim Management nehmen sich die Lösungen von HP und IBM recht wenig - sie sind sogar mit Einschränkungen integrierbar. In beiden Fällen können Konsole und Bildschirm über Netz an Arbeitsplätze außerhalb des Rechenzentrums herausgeführt werden, und dabei können Zugriffsrechte fein granuliert vergeben werden (über die Sicherheit von typischen WBEM-Implementierungen können wir uns anderswo unterhalten). Dabei ist es möglich, Benutzer und deren Rechte aus einem LDAP zu beziehen, sodaß sich dieser Aspekt auch mit einer bereits vorhandenen Directory-Lösung integrieren läßt.\nDie Kisten lassen sich remote PXE-Booten, und können sich so von einem Installserver ein Basis-Betriebssystem oder gar ein komplettes Application-Setup zeihen. Drei bis sieben Minuten beträgt die Deployment-Zeit einer Blade nach dem Reinschieben in das Enclosure, wenn man alles richtig gemacht hat.\nIn die andere Richtung spucken Blades und Enclosures SNMP oder WBEM mit Daten über Maschine, physikalische Parameter und was man sonst so von dem Ding vielleicht wissen möchte. Die Steuerung und Überwachung der Blades über ein Management-Netz kann dabei vollständig vom Wirknetz getrennt werden.\nProbleme Verbleibende Probleme:\nOhne Installserver und Managementinfrastruktur sind Blades sinnlos. Durch die hohe Leistungsdichte wird die Abwärme pro Rack sehr groß, auch wenn man durch die Blades effektiv Strom spart. Blades ersetzen die herkömmlichen Frontends, aber Datenbankserver in Bladekonzepten wirken noch kümmerlich. Was sind Eure Erfahrungen mit Blades?\n","date":"2004-10-09T00:00:00Z","href":"https://blog.koehntopp.info/2004/10/09/it-s-all-about-the-pentiums.html","tags":["computer","lang_de"],"title":"It's all about the Pentiums"},{"categories":null,"content":"Wir haben 2004. Fünf Jahre nach Napster. Noch immer beherrschen Klagen über Raubkopierer statt innovativer Konzepte die Musikindustrie. Wenn man die Berichterstattung in den Medien über die Popkomm auswertet, dann bekommen wir ein klares Bild von einer Industrie, die jeden Bezug zu ihren Kunden verloren hat, und die seit fünf Jahren statt mit Produkten mit Klagen agiert.\nWenn dies ein Artikel von M. Roell wäre, dann müßte ich jetzt erklären, wie das Lesen von Blogs von Kunden der Industrie helfen könnte, zu verstehen, wie Musik heute wahrgenommen und abgespielt wird und was die Kunden dieser Industrie wollen und brauchen, um Musik in einer Weise zu benutzen, die sich mit ihrem Leben integriert. Ich müßte schildern, wie ein multimediales Bandvorstellungsblog mit Songauszügen und kurzen Berichten aus dem Alltag eines Reviewers Kontakt herstellen und halten könnte und wie die Auswertung von Feedback aus solchen Blogs helfen könnte. Ich würde am Beispiel von Blogs erklären, warum es für eine Branche und für jemanden in dieser Branche wichtig ist, möglichst dicht am Kunden zu sein, und daß das bedeutet, sich mit genau diesem Kunden zu unterhalten.\nUnd ich hätte Recht - sogar, wenn dies ohne Blogs geschieht.\nBlind und taub Stattdessen versucht die Industrie, das veraltete Geschäftsmodell von vor dem Internet wiederzubeleben oder wenigstens zu retten:\nDer Grundgedanke ist genial einfach: Warum, dachten sich die Macher von \u0026ldquo;Hithunter\u0026rdquo;, sollte man die Konsumenten nicht selbst entscheiden lassen, was sie demnächst im Laden kaufen können?\u0026hellip;Da klingt die Idee doch schlüssig: Im Internet sollen Konsumenten Musikstücke probehören können (als Ausschnitt und als vollen Song) und darüber abstimmen, was ihnen gefällt oder nicht. Was gut ankommt bei der Masse, so der Gedanke, wird sich dann auch verkaufen.\nMusik in Zeiten des Internet ist Musik für Individuen. Ziel kann es nicht sein, einen Massengeschmack herauszudestillieren oder zu mitteln.\nDas Wesen des Internet war nie Vereinheitlichung, sondern immer geographisch verteilte Spezialinteressen zusammenzuführen. Open Source, Newsgroups, Mailinglisten, Suchmaschinen und ja, auch Blogs, dienen zu nichts anderem als dazu, Leute zueinander zu bringen, die Gemeinsamkeiten haben, sich ohne das Netz aber niemals hätten finden können. Gesucht ist nicht der Hit für alle , sondern gesucht sind alle, die das für einen Hit halten, was ich auch dafür halte . Gesucht sind Titel, die ich noch nicht höre, aber hören will . Gesucht ist nicht Hithunter, sondern Audioscrobbler , iPodder , gesucht sind Mechanismen, mit denen ich die Musik leichter finde, die ich mag.\nIn gewisser Weise zeigt Hithunter damit, wie sehr die Musikindustrie die Konzepte noch verkehrt herum hält und wie wenig sie es schafft, sich aus dem Geschäft der 70er und 80er Jahre zu lösen und das Internet mit seinen Möglichkeiten der selbstorganisierten Gruppenbildung und den niedrigen Transaktionskosten zum Vorteil zu nutzen. Stattdessen bekommen wir eine Demonstration, wie wenig diese Industrie sich für ihre Kunden interessiert oder von ihnen weiß. Die Branche braucht nicht mehr Kreativität - davon ist genug da. Sie braucht mehr Kommunikation. Und die richtigen Filter.\nStattdessen in Popkomm: Musikwirtschaft erreicht die Talsohle :\nDie Musikindustrie kämpft hier vor allem gegen die Aufrechterhaltung der Privatkopie im Urheberrecht, obwohl das Justizministerium ihr bereits weitgehend den Zahn gezogen hat.\nWürde die Branche funktionieren, hätte sie schon vor fünf Jahren verstanden, daß die Privatkopie nicht der Feind, sondern der Freund ist. Nichts zieht mehr Kunden, schneller Kunden und günstiger Kunden als die Empfehlung eines guten Freundes mit den Worten \u0026ldquo;Hier, hör Dir das mal an, das wird Dir gefallen\u0026rdquo;.\nDie Quote Dem Wunsch der Branche nach Vereinheitlichung und der Wiederherstellung des Massenmarktes entgegen läuft der Ruf nach einer Quote für \u0026ldquo;deutsche Musik\u0026rdquo;, wie immer man diese definiert. Briefe dagegen sind im Netz leicht zu finden, bei Beißholz oder Basiquiat , aber auch bei Telepolis kann man mehr dazu finden. Die Argumentationen sind ähnlich, und einleutend: Was wir brauchen ist keine Quote. Was wir brauchen ist Rotationsverbot.\nRaubritter vs. Piraten Und schließlich: Hat sich jemand mal die Inhalte auf der IFPI-Site angesehen? Wenn die Themen auf der Seite des Branchenverbandes der Musikindustrie repräsentativ sind für das, was diese Industrie bewegt, dann finden wir eine Industrie, die keine anderen Interessen und Initiativen mehr hat als die Obsession mit Kopien.\nMit Musik hat das alles nichts mehr zu tun. Es fehlt Respekt! .\n","date":"2004-09-30T00:00:00Z","href":"https://blog.koehntopp.info/2004/09/30/the-sound-of-music.html","tags":["media","lang_de"],"title":"The Sound of Music"},{"categories":null,"content":"Angenommen, ich hätte einen Account bei einem größeren Laden im Internet, sagen wir einmal ebuyzone. Angenommen, ich hätte außerdem einen Account bei einem größeren Freemailprovider, sagen wir einmal hotweb. Sagen wir weiterhin, ich wäre als Benutzer im Internet eher unbedarft und nicht sehr geübt.\nDann waren die Chancen gut, daß ich in den vergangenen Tagen eine Mail von Gestalten eher zweifelhaften Rufes bekommen habe, die sich als Mail von ebuyzone tarnt und in der ich gebeten worden bin, meine Account Details bei ebuyzone in dem folgenden Webformular (obskurer Link mit @ drin und ebuyzone vor dem @ sowie einer IP-Nummer nach dem @) zu validieren.\nDie Leser dieses Blogs sind natürlich zu schlau, um auf so etwas hereinzufallen, falls es eine solche Mail überhaupt schaffen sollte, an den Spamfiltern der Leser dieses Blogs vorbeizukommen. Andere Leute sind da weniger gelenkig, und so kommt es jeden Tag wieder vor, daß sich Personen auf den Webformularen der ebuyzone- Phisher eintragen - komplett mit Namen, Kredikartennummer und Paßwort für ebuyzone.\nBlöd. Aber im Schaden möglicherweise begrenzbar.\nWenn diese Personen jedoch in ihrem ebuyzone-Profil ihre Mailadresse von hotweb hinterlegt haben, und bei hotweb dasselbe Kennwort verwendet haben wie bei ebuyzone, sie dann mit einem Mal alle ihre Mail verlieren, ihr Account zum Spammen verwendet wird, und in ihrem Namen noch obskures Zeug sonstwo bestellt wird, dann nimmt das ganze langsam Ausmaße an, die im Schaden nur noch sehr schwer abzuschätzen sind.\nVor allen Dingen, wenn man davon ausgehen kann, daß diese Username-Paßwort-Kombination ja nicht nur bei ebuyzone und hotweb verwendet worden ist, sondern auch noch bei 1003 anderen Loginmöglichkeiten im Web.\nMan sollte meinen - oder vielleicht hoffen - daß es auf der Welt nicht allzuviele Personen gibt, die dieser unglücklichen Verkettung von Zufall, Unkenntnis, Leichtgläubigkeit und Leichtsinn zum Opfer fallen.\nDem ist nicht so.\nWenn Ihr, liebe Leser dieses Blogs, Euch also beruflich mit Computersicherheit beschäftigt, dann solltet Ihr möglicherweise einen Plan B vorbereiten, denn das mit der Computersicherheit ist schlichtweg aussichtslos.\nRosen züchten. Das wäre was.\n","date":"2004-09-28T00:00:00Z","href":"https://blog.koehntopp.info/2004/09/28/transitiv-dumm.html","tags":["security","lang_de"],"title":"Transitiv dumm"},{"categories":null,"content":"Diesen Artikel sollte ich eigentlich gar nicht mehr schreiben müssen. Er basiert auf alten Dokumenten, die ich für eine Folge von Consultingjobs in den Jahren 1993, 1994 und 1995 verfaßt habe, und den Erfahrungen mit einer Redhat Enterprise 2.3-Installation mit den HP/Compaq-Packages, die ich heute habe machen dürfen. Ich bin sehr, sehr deprimiert.\nAber von vorne: Da ist nun also ein neuer Server, nicht unser Standardsystem, sondern etwas anderes, und es befindet sich außer dem Betriebssystem bislang nur ein Sortiment Treiber und Monitoring auf der Kiste. Eine gute Gelegenheit, besagte Betriebssysteminstallation einmal genauer unter die Lupe zu nehmen.\nEs gibt eine Reihe von schnellen Routine-Handgriffen, die man auch ganz ohne \u0026ldquo;Security-Scanner\u0026rdquo; einmal durchgehen kann, um sich einen Überblick über die Kiste zu verschaffen. Diese Handgriffe sind wohlbekannt, und uralt. Jeder Entwickler und Admin sollte sie kennen und einige Male gemacht haben. Aus irgendeinem Grunde werden sie auch 2004, zehn Jahre nachdem ich sie zum ersten Mal für Geld gemacht habe, von den entscheidenden Leuten immer noch nicht gemacht. Oder wenn doch, werden die Ergebnisse ignoriert.\nWorld Writeable Anything find / \\! -type l -perm -0002 -ls \u0026gt; /tmp/world-writeable-files.kris ist ein guter Ansatzpunkt, um einmal zu sehen, was auf der Kiste denn so wirklich ganz kaputt ist. Dieser Aufruf spuckt eine ganze Reihe von /dev-Dateien aus, einige Verzeichnisse und einige Dateien außerhalb von /dev.\nFür die /dev-Dateien muß man sicherstellen, daß für diese Devices auch ein Treiber vorhanden ist. Danach sollte man alle Nonstandard-Devicetreiber einmal abklopfen, um zu sehen, was man für fiese Dinge mit ihnen machen kann, wenn man Schreibzugriff auf die hat.\nManchmal findet man /dev-Dateien mit kaputten Permissions, auf denen man lustig ioctl(2) spielen kann.\nWenn Verzeichnisse in der Liste sind, die world-writeable sind, dann verdienen diese besondere Beachtung. Handelt es sich um /tmp, /var/tmp, /var/spool/uucppublic oder incoming-Verzeichnisse, sollte man kontrollieren, ob die Permissions 1777 sind - die Permissions 0777 sind bei solchen Verzeichnissen fast immer falsch. Das gesetzte t-Bit an dem Verzeichnis stellt sicher, daß nur der Eigentümer einer Datei, der Eigentümer des Verzeichnisses oder der Systemverwalter Daten löschen können. Ohne t-Bit kann jeder in dem Verzeichnis jede Datei löschen - das ist meiner Erfahrung nach niemals das gewünschte Verhalten.\nWriteable Home-Verzeichnisse sind immer eine willkommene Gelegenheit, um sich an den Punkt-Dateien des Users in diesem Home zu schaffen zu machen. Ein cp /usr/bin/bash /tmp/...; chmod a+s /tmp/... in der .bashrc eines Benutzers und schon hat man nach dem nächsten Login des Users eine bash, die SUID dieser User läuft, und das ist noch eine der harmloseren Aktionen.\nWriteable Directories in /dev, wie sie auf einigen Maschinen durch das Logical Volume Management hinterlassen werden, sind ganz schlecht. Jedermann kann dann mit einem einfach \u0026ldquo;rm\u0026rdquo; die Devicedateien für die Platten des Systems abräumen - bei nächsten Reboot gibt es dann lange Gesichter.\nWriteable Directories die im Pfad liegen - am besten noch im Suchpfad von root! - sind sowieso ein Instant Exploit und eine ganz üble Idee. Vor zehn Jahren hat ein Install von NetView auf einer RS 6000 /usr/bin grundsätzlich 777 hinterlassen, und auf einer HP war damals /usr/local/bin im Pfad und grundsätzlich 777. Und auch heute noch findet man öfter als nicht /home/oracle/ora-env.sh mit o+w-Rechten oder vergleichbare Scripte, wenn man sich die Mühe macht, danach zu suchen.\nZugriffsrechte an Gerätedateien Eine Zeit lang gab es Unices, die die Gerätedateien von Bandlaufwerken world-readable hinterlassen haben. Wenn dann noch das Backup-Band vor oder nach dem Backup im Gerät steckt, kann sich also jeder Benutzer des Systems an diesem Band bedienen und nach Wunsch Dateien recovern, ganz egal wie die Rechte an der Datei im System einmal waren.\nAuch viele andere Dateien sind bei älteren Unix-Installationen nachlässig gesetzt, und wenn man auf eine neue, einem unbekannte Installation kommt, lohnt es sich, die Permissions solcher Geräte einmal durchzugehen und nachzusehen, ob man sich nicht irgendwo belustigen kann.\numask umask ist nur ein Handgriff, aber ein wichtiger Handgriff, wie einem jeder Systemadministrator bestätigen kann, der einmal in seinem Leben mit HP/UX in Kontakt gekommen ist. Ältere Versionen von HP/UX haben beim Booten mit der umask 0 gestartet und daher wurden während des Bootvorgangs (und während der Installation!) jede Menge Dateien angelegt, die einfach zu große Permissions haben.\nIn HP/UX hatte dieses kleine Versäumnis sehr weitreichende Folgen: 666 auf den Dateien des Syslogs, 777 auf /usr/local/bin und 777 auf den Directories, die das LVM für die LVM-Devices angelegt hat. Die Folgefehler ziehen sich durch die ganze Installation und es ist eine Heidenarbeit, zu entscheiden, welche Permissions man gefahrlos korrigieren kann und wo man sich vielleicht selber aus dem System aussperrt.\nSystemlimits Wenn man schon dabei ist, kann man auch gleich die anderen Systemlimits kontrollieren: limit bzw. ulimit sagen dem interessierten Systemtester gleich, wo seine Grenzen sind, und ob es z.B. Coredumps geben wird. In Solaris will man sich außerdem noch \u0026ldquo;coreadm\u0026rdquo; ansehen.\nSUID, SGID Mit einer Variation des oben gezeigten Find-Kommandos findet man auch schnell SUID- und SGID-Programme, die mit dem System gekommen sind:\nfind / \\! -type l -perm -4000 -ls \u0026gt; /tmp/suid-files.kris und find / \\! -type l -perm -2000 -ls \u0026gt; /tmp/sgid-files.kris sind zwei Listen von Dateien, die intensiver Aufmerksamkeit bedürfen. Betriebssystemhersteller haben die Angewohnheit, selbstgeschriebene privilegierte Programme sehr nachlässig zu schreiben.\nOft haben diese Programme Optionen, mit denen man eine Ausgabe in eine Datei leiten kann (a la -l \u0026lt;protokolldatei\u0026gt;). Die Chancen sind gut, daß dieses Programm \u0026ldquo;vergißt\u0026rdquo; seine Privilegien aufzugeben, bevor es diese Datei zum Schreiben öffnet. Ein -l /etc/passwd kann dann lustige Effekte erzielen.\nAndere Hersteller erlauben solchen Programmen möglicherweise, Umgebungsvariablen auszuwerten oder Shells zu starten, um kurze Shellfragmente aufzurufen - ein strings auf solche SUID- oder SGID-Binaries ist meistens sehr erhellend. Sieht man in einem SUID-root Binary strings-Output wie\n#! /bin/sh path=\u0026#34;`which %s`\u0026#34; if [ -z \u0026#34;$path\u0026#34; ] then for i in /bin /usr/bin /sbin /usr/bin %s/bin /usr/local/bin do if [ -x \u0026#34;$i/%s\u0026#34; ] then echo \u0026#34;$i/%s\u0026#34; exit 0 fi done else echo $path exit 0 fi exit 1 dann ist es Zeit, den Stahlhelm aufzusetzen und die Gräben zu bemannen. Wen juckt es nicht beim Anblick solcher Zeilen, herauszufinden, woher %s kommt und wie man dort einige Anführungszeichen und Semikoli reinschmuggeln könnte?\nAber auch alle Zeilen in der Nähe und Umgebung des Suchstrings PATH sind interessant und können oft zu Hinweisen führen, die lustige Effekte erlauben.\nNamen von externen Programmen, die unser privilegiertes Herstellertool aufruft, sich auch lustig. Wird ein Mailer gestartet? Werden vor dem Starten des Mailers Privilegien gedroppt? Meist nicht. Kann man das Subject der Mail beeinflussen, oder wird der vom Benutzer eingestellte Betreff 1:1 an das mailx -s %s durchgereicht? Dergleichen Spielereien gibt es viele, und alleine der persönliche Grad der Perversion setzt dem interessierten Spielkind hier noch Grenzen.\nManche Programme mit Privilegien legen auch an einer vorhersagbaren Stelle im Dateisystem Dateien an - /tmp/\u0026lt;name der Logdatei\u0026gt;, $HOME/.\u0026lt;statusdatei\u0026gt; und was dergleichen an Standardstellen mehr existiert. Ein strace -e open als Root auf das zu untersuchende Kommando ist dabei des Admins Freund. Danach sollte man das Programm noch einmal aufrufen, aber als User, und dabei zuvor Symlinks angelegt haben, die von der vorhergesagten Stelle im Dateisystem nach /tmp/gotcha zeigen. Existiert nach dem Aufruf /tmp/gotcha und hat die so erzeugte Datei die Rechte des privilegierten Users, hat das Herstellertool ein Problem. Wie leicht hätte das Symlink nach /etc/shadow zeigen können und beim Aufruf aus Versehen die Paßwortdatenbank wegschießen können?\nNetzwerkaktivität lsof -i -n -P \u0026gt; /tmp/open-ports-and-programs.kris generiert eine Liste von Programmen mit offenen Netzwerkports auf der neuen Kiste. Unsere persönlichen Freunde sind dabei Dinge wie WBEM-Server - angeblich \u0026ldquo;Web Based Enterprise Management\u0026rdquo;, aber im Grunde handelt es sich eher um Schnellrootungszugänge. Gerade HP tut sich dabei ganz besonders hervor, indem diese Firma etwa kaputte SUID-root Binaries mit unsicheren, in PHP geschriebenen WBEM-Oberflächen ausstattet: Nicht nur explodiert das SUID-Root Binary selbst bei noch nahezu bestimmungsgemäßen Gebrauch mit einer einem SIGSEGV - schon mal sehr vertrauenerweckend -, sondern es zeigt auch sonst alle Merkmale eines exploitbaren Stück Software. So stammt ein Shell-Fragment ähnlich der oben gezeigten for-Schleife aus dem Strings-Output eines HP WBEM-Binaries.\nSolche Binaries ruft HP jetzt im Kontext eines WBEM-Webservers auf, der in PHP geschrieben worden ist. Der HP-PHP-Code (HPHP?) verletzt dabei in gerade zu vorbildlicher Weise alle Richtlinien für sichere Webanwendungen, wie sie z.B. Chris Shiflett in seinen PHP-Security Talks demonstriert hat. Schon bei oberflächlicher Durchsicht fallen einem Konstrukte entgegen wie\n$path = $_SERVER[\u0026#34;HTTP_ANWENDUNGSNAME\u0026#34;]; $cmd = sprintf(\u0026#34;/path/zum/privilegierten/binary/additional/data/$path\u0026#34;; oder ungeprüfte Übernahme von Daten aus $_GET, $_POST, $_COOKIE oder $_SERVER[\u0026quot;HTTP_*\u0026quot;]-Variablen. Selbst ohne privilegiertes Binary ist diese PHP-Anwendung ein guter Einstieg in das System.\nNeben WBEM ist auch der Portmapper und die von ihm gestarteten Anwendungen sowie der inetd ein Quell der Freude. Gerade Solaris-Maschinen sind bekannt dafür, daß sie hier einen ganze Strauß unnötiger Dienste starten, von denen mehr als die Hälfte bereits ein- oder mehrmals Anlaß der Vergabe von CAN- oder CVE-Nummern gewesen ist.\nSchließlich ist bei vielen Maschinen nach der Installation auch ein SNMP-Daemon aktiv, und häufiger als nicht redet dieser auf Nachfrage mit jedem und gibt so wertvolle Systeminformation preis. In Zusammenarbeit mit WBEM hat man sogar eine gewisse Chance, daß der SNMP-Daemon nicht nur Read-Aufrufe, sondern auch Writes verarbeitet. Eine saubere Konfiguration, die Prüfung der Security und die Einschränkung auf Adressen aus dem Managementnetz sind hier zentral für das Überlegen der Maschine.\nEin schnelles Abspulen dieser Dinge auf einer neuen Installation sollte einem erfahrenen Systemadministrator ausreichend Anhaltspunkte geben, um ihn problemlos für einige Tage schlecht schlafen zu lassen.\n","date":"2004-09-16T00:00:00Z","href":"https://blog.koehntopp.info/2004/09/16/ein-komplett-ueberfluessiger-artikel.html","tags":["security","lang_de"],"title":"Ein komplett überflüssiger Artikel"},{"categories":null,"content":"Heute habe ich einem jüngeren Kollegen Netmasks und Broadcast-Adressen beibringen wollen, und habe eine Runde über Stellenwertsysteme, Logarithmen, den Unterschied zwischen Ziffer und Zahl und dergleichen Dinge mehr drehen müssen. Mir sind diese Dinge damals mehr oder weniger zugeflogen - einmal weil so etwas an der Schule unterrichtet worden ist, und zum anderen, weil ich einige Jahre mit verschiedenen Assemblern rumhantiert habe, bevor ich meine erste Hochsprache (C64 Basic zählt wohl nicht als solche :) gelernt habe.\nIch war zunächst ein wenig verblüfft, daß solche Dinge wie Binär-Hex-Umrechnung und Binär-Dezimal-Umrechnung Neulingen heute nicht mehr zwingend geläufig sind, und daß man entsprechend erst einmal 16^0 und 16^1-Tabellen und eine Tabelle Netzmasks nach Dezimal erarbeiten muß, damit man zügig Übungen machen kann.\nAber wenn man darüber nachdenkt, ist das im Grunde zwingend: Jemand, der mit Taschenrechnern aufgewachsen ist, ist sicher nicht gelenkig im Kopfrechnen. Und Leute, die im Zeitalter von Java, BitVector und BitSet aufgewachsen sind, machen sich vielleicht im Leben keine Gedanken darüber, wie die Bitmasken aussehen, die sie auf Adressen oder Routen anwenden.\nWahrscheinlich ist das das Gefühl, das man hat, wenn man alt wird.\nIch erzählte dies meiner Katze, und sie antwortete mit einem einfachen Paste ins Irc:\n#define BITCOUNT(x) (((BX_(x)+(BX_(x)\u0026gt;\u0026gt;4)) \u0026amp; 0x0F0F0F0F) % 255) #define BX_(x) ((x) - (((x)\u0026gt;\u0026gt;1)\u0026amp;0x77777777) \\ - (((x)\u0026gt;\u0026gt;2)\u0026amp;0x33333333) \\ - (((x)\u0026gt;\u0026gt;3)\u0026amp;0x11111111)) Dafür liebe ich sie.\nMore of this .\n","date":"2004-09-14T00:00:00Z","href":"https://blog.koehntopp.info/2004/09/14/netzmasken-ueber-den-augen.html","tags":["erklaerbaer","computer","lang_de"],"title":"Netzmasken über den Augen"},{"categories":null,"content":"Dies ist nicht mehr das Strandbild, das ich aus meiner Jugend kenne. Früher war der Strand in Ording sauber geteilt zwischen Strandkorbinhabern und Strandburgenbauern.\nKam man morgens an den Strand, blickte man auf eine Landschaft wie nach einem Meteoritensturm, Ringwall an Ringwall. Manche von ihnen besetzt mit einem uneinnehmbaren - weil mit einem Holzgitter und Schloß verriegelten - Strandkorb, andere scheinbar leer und verfügbar. Doch wehe, wenn man sich in den Sandwällen niederließ, den eine Familie gestern in stundenlanger Kleinarbeit errichtet hat, deren Wälle sie mit Schippe und Schaufel geglättet und mit dem Familiennamen in Muscheln beschriftet hat.\nDas heutige Strandbild ist bunter und dichter gepackt.\nSchuld daran sind emsige Chinesinnen, die in schlecht belüfteten Sweatshops die Strandmuscheln nähen, die man heute überall für Zwölf Euro Neunzig kaufen kann. So können Strandbesucher des 21. Jahrhunderts ohne größere Erdarbeiten zur Errichtung eines Windschutzes sich gleich auf das eigentliche Business konzentrieren, also wahlweise in der Sonne braten oder - wenn sie schlauer sind - baden gehen.\nUnd so kommt es, daß das Strandbild 2004 geprägt wird von hunderten bunter Strandmuscheln - außer dort, wo noch Zucht und Ordnung herrscht und man der Arbeitslosigkeit der Strandkorbwächter durch Regulierung des Marktes Einhalt geboten hat.\nStrandmuschelaufbauern zuzusehen- insbesondere wenn Wind ist - ist übrigens ein Quell unendlicher Belustigung. Papa rollt die Zeltbahn aus und steckt dann mehr oder weniger planlos Stange um Stange in das gute Stück, um am Ende mit einem riesengroßen bunten Drachen in der Hand herumzustehen und Mama zuzubrüllen, wo die die Heringe zu setzen hat.\nDabei kann es so einfach und schmerzlos sein, wenn man mit dem Wind und von unten nach oben arbeitet: Bahn quer zum Wind ausrollen, Heringe 1+2 rein, Stange 3 rein und die Muschel steht. Heringe 4+5 rein und mit der Stange 6 und ihrem Gegenstück auf der anderen Seite versteifen. Das geht mit einer Person und ganz ohne Drama - und vor allen Dingen, ohne daß sich die Strandmuschel in ein vom Wind getriebenes Geschoß verwandelt, das einmal über den Strand fegt\u0026hellip;\n","date":"2004-08-04T00:00:00Z","href":"https://blog.koehntopp.info/2004/08/04/der-unaufhaltsame-niedergang-der-strandburg.html","tags":["kiel","lang_de"],"title":"Der unaufhaltsame Niedergang der Strandburg"},{"categories":null,"content":" Zwei 1250 PS Schiffsdiesel powern das Rechenzentrum von web.de.\nGestern um 20:00 Uhr hat es eine Schaltstation in einem Wohngebiet in Durlach zerlegt. Das Stromausfallgebiet erstreckt sich von der Auer Straße/Amalienbadstraße bis zur B3/Turmbergstraße, also einmal quer durch Durlach.\nDie Stadtwerke sind die ganze Nacht dabei gewesen, für Ersatz zu sorgen, aber bisher ist immer noch kein Saft da - selbst die Turmuhr steht noch immer. Daheim gehen Kabelfernsehen und QSC nicht. In der Firma gibt es seit gestern abend handgepreßten Dieselstrom. Beide Schiffsdiesel sind gut dabei und produzieren wie geplant Notstrom ohne Ende. Alle Systeme sind online und funktionieren normal, lediglich die internen Arbeitsplätze sind vorübergehend eingeschränkt. Wir werden also bis zur Wiederherstellung der Zivilisation ohne Helpdesk und Hotline auskommen müssen.\nUpdate: Wiederanschaltung Durlach 12:00 Uhr, Wiederanschaltung im Werk um 17:00 Uhr - 21 Stunden Dieselpower. Das ist fast wie ARRL Field Day, nur mit ganzen Rechenzentren.\nUpdate: Brand in Schaltwerk legt Stadtteile lahm Stromausfall in Karlsruhe Brand in Schaltwerk legt Stadtteile lahm\nKarlsruhe - Nach einem Brand im Schaltwerk Schinnrainstraße, waren gestern Abend gegen 20 Uhr die meisten Haushalte in Karlsruhe-Durlach, Aue und Wolfratsweier ohne Strom. Der Brand wurden durch einen Lichtbogen verursacht. Fachleute der Stadtwerke konnten bis 21.30 Uhr zumindest über drei Viertel des Stadtteils wieder mit Strom versorgen. Durch Provisorien mit fünf großen Notstromaggregaten und zahlreichen Notkabeln konnte dann am frühen Morgen alle Stadtteile wieder versorgt werden.\nDas Schaltwerk in der Schinnrainstraße kann als Herz der Durlacher Stromversorgung bezeichnet werden. Durch den Brand wurde es aber stark bestätigt. Die Stadtwerke werden in den kommenden Tagen die Brandfolgen und die Kabel-Provisorien beseitigen und das Netz wieder in einen stabilen Zustand überführen. \u0026ldquo;Ich bitte die betroffenen Bürger herzlich um Verständnis. Unsere Mitarbeiter tun alles Menschenmögliche, um schnellstens alle Schäden zu beseitigen\u0026rdquo;, entschuldigte sich Stadtwerke-Geschäftsführer Dr. Karl Roth für den Stromausfall. (tmr)\n","date":"2004-07-24T00:00:00Z","href":"https://blog.koehntopp.info/2004/07/24/aus-wirklich-aus.html","tags":["karlsruhe","lang_de"],"title":"Aus. Wirklich aus?"},{"categories":null,"content":" Bereits letzten Donnerstag hat Zak Greant, die Community-Kontaktperson bei MySQL, die Version 1.5 der MySQL FLOSS License Exception veröffentlicht.\nException IntentWe want specified Free/Libre and Open Source Software (\u0026ldquo;FLOSS\u0026rdquo;) applications to be able to use specified GPL-licensed MySQL client libraries (the \u0026ldquo;Program\u0026rdquo;) despite the fact that not all FLOSS licenses are compatible with version 2 of the GNU General Public License (the \u0026ldquo;GPL\u0026rdquo;).\nWir erinnern uns: Wie in MySQL und die Lizenzen dargestellt, hat MySQL mit der 4er Serie des MySQL-Paketes die Lizenz der Client-Bibliotheken von LGPL auf GPL geändert. Dabei kam es zu den im Artikel dargestellten Lizenzproblemen.\nDie MySQL FLOSS License Exception behebt (endlich!) dieses Problem.\nGrundidee der Lizenzänderung war\nIf you are commercial, we are commercial. If you are Free and Open, we are Free and Open.\nMySQL wollte also kommerziellen Programmen die Möglichkeit nehmen, die MySQL Clientbibliotheken einzubinden ohne eine MySQL Lizenz zu erwerben. Doch nicht alle freien Lizenzen sind kompatibel mit der GPL, und insbesondere ist die PHP-Lizenz (eine Abwandlung der Apache-Lizenz) nicht mit der GPL kompatibel.\nDamit man PHP weiter mit MySQL zusammen herstellen oder vertreiben darf, und damit Linux-Distributionen weiter MySQL-Client und MySQL-Server zusammen vertreiben dürfen, war die License Exception notwendig. Regelung \u0026ldquo;0.b\u0026rdquo; der Exception stellt dabei Kompatibilität mit den in Regelung 1 genannten Lizenzen her, Regelung \u0026ldquo;0.c\u0026rdquo; erlaubt die Verteilung von MySQL auf Linux Distributionen, die auch Nicht-GPL Daten und Programme enthalten.\nDamit ist von der Seite der free software community nun endlich alles geregelt. Von der MySQL-Seite aus bleibt das Schluploch mit dem SQL-Relay, aber \u0026hellip; nunja.\n","date":"2004-07-19T00:00:00Z","href":"https://blog.koehntopp.info/2004/07/19/mysql-floss-exception.html","tags":["php","lang_de"],"title":"MySQL FLOSS Exception"},{"categories":null,"content":"In \u0026ldquo;ADO-donkey\u0026rdquo; will prevail , johnlim writes:\nPHPLib was the most popular database library for PHP3. Today it seems to be a bit old and is no longer popular. I have never talked to the PHPLib developers, but I can speculate on the reasons:\nPHPLib has PHP3 functionality that is obsolete because it is provided natively by PHP today, such as sessions support. PHPLib tried to do too much. It handled both paging, templating and database access. Other more specialised database libraries have superseded it. The PHPLib developers are involved in other activities such as PEAR, or have lost interest perhaps? As one of the principal designers of PHPLIB, I am entitled to clear things up.\nPHPLIB was fallout. When I was doing web application design for NetUSE /SHonline in the final days of PHP/FI and during the PHP3 RCs, I pretty quickly came across the Session problem. I was at all times carrying around a large number of persistent variables in GET and POST requests, and was revalidating them over and over due to their source being the untrustworthy Internet.\nI asked on the PHP support mailing list, and got my hands on a piece of code by Rasmus, which serialized an array of at most three dimensions into a string. Together with Boris Erdmann, with whom I was working at that time, I wrote a more generic serializer, which could handle about any number and any type of variable including objects. This, plus an authentication and authorization scheme plus a very simple and lightweight database wrapper class became the core of PHPLIB .\nWe released the code to our little library under the LGPL thanks to the generosity of the company we worked for, and in order to get other people to contribute to it, be it with documentation, testing or even code. And contributions we got, from inside of NetUSE /SHonline by Ulf Wendel, and from the outside.\nThen two things happened: Sascha Schumann met the PHP team and started recoding the PHPLIB session handling into what became PHP 4, and SHonline was reintegrated into NetUSE and I moved on to other departments inside the company. Because I was no longer doing web development, and Sascha\u0026rsquo;s native PHP 4 session handling did just fine for my purposes, thank you, I no longer had any use for PHPLIBs code, perhaps besides the database wrapper.\nThe PHPLIB database wrapper was never intended to be a database abstraction anyway - being raised on NeXTstep and its Enterprise Objects toolkit, I subscribe to many aspects of Jeremy\u0026rsquo;s essay Database Abstraction Layers must die! . The database wrapper has its purpose mainly in that it encapsulates the database access information (user, password, host, database), and enforces proper error handling. It may also manage a connection pool, if the deployment environment has provisions for that. But there is little use for a unified database access API in PHP (or anywhere else).\nSQL dialects and the inner workings of SQL databases are suitably different so that different access strategies are needed for different databases. There is little use for \u0026ldquo;take a unified SQL statement and push it to whatever database happens to be below the application\u0026rdquo;, which is what most PHP database abstraction layers promise to do.\nWhat is needed is a persistence layer abstraction instead. Objects model the entities and relations of the storage model and provide the application with the data access API the application needs. Inside, the objects generate whatever suitably optimized statements are required to talk to the concrete persistence layer below the application and execute them.\nThis is what EO did on NeXTstep and this is what makes sense, if you happen to be able to keep around database connections and ER model objects between requests, because otherwise the overhead in code and object instantiation is just to high - Ulf tried, I tried, we failed.\nKeeping instances of objects between requests requires an application server, things like PHP Bananas and the Vulcan Logic thingy or similar. PHP has no such deployment model that is production quality and so I did not pursue that avenue for development any further.\nTo sum it up:\nYes, PHPLIB is obsolete. Use the native PHP session support for session management, use Smarty for templating and use AdoDB for database access. These are much more tailored to current PHP development styles than PHPLIB and they are under active development. Avoid PEAR, unless the class of choice can live without PEAR.php, which is fat and ugly. No, PHPLIB did never try to be a database abstraction library, it tried to be a web application development suite and it was fairly successful at that during its time. Yes, the PHPLIB developers have been moving on to things outside of the world of PHP. ","date":"2004-07-15T00:00:00Z","href":"https://blog.koehntopp.info/2004/07/15/why-phplib-did-vanish.html","tags":["php","damals","lang_de"],"title":"Why PHPLIB did vanish"},{"categories":null,"content":"Appliances sind eine Pest. Egal, welche Farbe sie haben und was sie tun.\nEine Appliance ist irgendein geschlossenes Gerät, das im lokalen Netz hängt und dort irgendwelche Funktionen erbringt, ohne daß man sich darauf einloggen kann oder sonstwie auseinander bauen kann. Eine Appliance ist ein Service in einer Kiste. Das Problem ist nicht der Service, das Problem ist die Kiste und die Tatsache, daß sie zu ist.\nLeute tun Services in Appliances, weil sie glauben, daß sie dadurch Komplexität verbergen und die Administration des Netzwerkes vereinfachen. Statt sich um einen Rechner mit Betriebssystem, Konfiguration und Service kümmern zu müssen, hat man nun einfach nur noch einen Service, um den man sich kümmern kann. Der Rest verschwindet durch die Tatsache, daß die Kiste zu ist.\nNatürlich nicht.\nEs gibt zwei Arten von Appliances, und beide haben unterschiedliche Sorten von Problemen.\nDas eine sind \u0026ldquo;embedded appliances\u0026rdquo;, kleine Kisten mit einem Betriebssystem im ROM oder im Flash. Sie haben meist wenig Prozessorpower, wenig Speicher und keine Festplatte. Solche Appliances sind etwa HP Printserver als Bestandteil von Druckern, Voice-IP Telefone oder DSL Access Router und ähnliches Kroppzeugs. Diese Sorte Geräte wird meistens Opfer ihrer eigenen begrenzten Ausstattung - weil CPU-Leistung und Speicher in solchen Geräten begrenzt sind, sind Protokollimplementierungen in diesen Geräten oft haarscharf an der Spec vorbei, sie haben oft ein undefiniertes Fehlerverhalten, arbiträre Längenbegrenzungen und unterentwickelte Diagnosemöglichkeiten. Sicherheitsfeatures, die eigentlich dringend notwendig wären, fehlen komplett.\nBeispiele für typische Symptome:\nPrinter, die angeblich bootp/DHCP sprechen, aber bei Paketen mit mehr als 512 Byte spontan in einen Reboot verfallen (nachdem sie erneut bootp/DHCP machen, wieder mehr als 512 Byte bekommen \u0026hellip;). VoIP Telefone, die angeblich XML können, aber nur etwas sehr viel beschränkteres als XML akzeptieren. Das Repertoire an Fehlermeldungen beschränkt sich auf \u0026ldquo;Host nicht erreichbar\u0026rdquo; und \u0026ldquo;Irgendwo in Deinem XML war irgendwas nicht so wie ich das gerne hätte.\u0026rdquo; Geräte beziehen Flash-Updates per TFTP. Über das Internet vom Hersteller. Ungesichert, unauthentisiert und unsigniert. Und werden so zu Spam-Relays oder remoten Netzwerksniffern. DSL Access Router mit NAT und Firewall, die bei der durchschnittlichen Anzahl an Esel-Connections in einer handelsüblichen WG den Überlauf der Connection-Tabelle wegen Speichermangel mit einem spontanen Systemstillstand quittieren (Ok, das würden manche als Feature sehen). Das andere Problem sind \u0026ldquo;colored Boxes\u0026rdquo;, seien sie jetzt blau, gelb, orange oder sonstwie gefärbt. Es handelt sich bei diesen Geräten meistens um ausgewachsene 1U-PCs oder bunte Würfel, mit einer dicken CPU, ausreichend Speicher und einer Platte. Auf ihnen läuft eine heftig angepatzte Version von Linux, BSD oder einem anderen Standardbetriebssystem, eine Anwendung, die den Lebenszweck der Box darstellt, und eine Web-GUI.\nColored Boxes sind ebenfalls problematisch: Sie enthalten ein vollständiges Standardbetriebssystem mit dem vollständigen Standardsortiment an Fehlern, bekommen aber nicht das Standardsortiment an Security-Patches, das auf selbstgebaute, offene Kisten angewendet wird. Sie erschließen die Funktionalität der Anwendung über eine Web-GUI, die die üblichen Probleme von Web-GUIs hat, also kaputtes Statehandling, unzureichende Prüfung von Eingabeparametern, Injection-Bugs, XSS und was dergleichen mehr für Spaß sorgt. Und wenn man sie mal gegen die Wand konfiguriert hat, kriegt man - closed box - keine Shell, mit der man sie mal eben glattziehen oder reinstallieren könnte.\nTypische Probleme von colored Boxes sind beispielhaft:\nSecurity Patches für die auf dem Betriebssystem installierte Distribution sind gar nicht oder nicht ausreichend schnell verfügbar. Der Weg, auf dem die Box die Patches beziehen will ist mit dem Einsatz in einer Produktionsumgebung nicht vereinbar und die Box drückt sich beim Update die Nase an der Firewall platt, weil man keinen lokalen Patchserver einstellen kann. Die mitgelieferte Web-GUI ist ein Hort von Scriptingfehlern und dient als Exploitsammlung Wenn die Dinger erst einmal gerootet sind, sind sie genauso gefährlich wie ein offenes Linux oder BSD (weil sie ein Linux oder BSD sind), solange sie nicht gerootet sind, kann man sie aber nicht pflegen, weil man nicht drauf kommt. Gegen die zweite Sorte Appliances - colored boxes - kann man etwas tun. Nämlich entweder selber machen, oder jemanden kaufen, der es selber machen kann und den dann tun lassen.\nGegen die erste Sorte Appliances kann man wenig tun. Mit Netzwerkdruckern, DSL- und WLAN-Accesspoints, Webcams mit Ethernet-Interface und neuerdings VoIP-Geräten schleichen sich immer mehr dieser Geräte in ein typisches Desktop-LAN und wird dort früher oder später zu einem unkalkulierbaren Risiko.\nWieviele Printserver, VoIP-Telefone oder WLAN-APs sind in Eurem Netz? Was ist, wenn jemand für diese Geräte einen Exploit hinbekommt? Wie managed Ihr dieses Risiko in Eurem Netz?\n","date":"2004-07-13T00:00:00Z","href":"https://blog.koehntopp.info/2004/07/13/appliances.html","tags":["security","lang_de"],"title":"Appliances"},{"categories":null,"content":"Ältestes auffindbares USENET Posting von mir . Das war vor 15 Jahren.\n","date":"2004-07-05T00:00:00Z","href":"https://blog.koehntopp.info/2004/07/05/alte-saecke-online.html","tags":["computer","damals","usenet","lang_de"],"title":"Alte Säcke online"},{"categories":null,"content":"Ich verbrauche wohl ganz schön viel Strom. Für den Zeitraum vom 01.11.2003 bis zum 14.06.2004 rechnen die Stadtwerke Karlsruhe jedenfalls 3177 kWh ab.\nDas sind aufgerundet für ein Jahr etwa 5000 kWh, inklusive Strom zum Kochen und für Warmwasser.\nArmin kommt auf 2365 kWh und findet das schon viel. Wieviel Strom zieht Ihr so weg im Jahr und wofür?\n","date":"2004-07-01T00:00:00Z","href":"https://blog.koehntopp.info/2004/07/01/kilowattstunden.html","tags":["karlsruhe","lang_de"],"title":"Kilowattstunden"},{"categories":null,"content":" Warum Wachstum weh tut \u0026ldquo;Systemadministration\u0026rdquo; Eine Aufgabe, die in sehr unterschiedlichen Größenordnungen kommt Ein mögliches Maß: Anzahl der betroffenen Benutzer 10^1 - für sich selbst und seinen Partner oder für eine WG 10^3 - für einen kleinen Verein (\u0026ldquo;Toppoint e.V\u0026rdquo;, \u0026ldquo;INKA\u0026rdquo;) 10^5 - für ein kleines Internet Unternehmen 10^7 - für ein großes Internet Unternehmen Die Aufgabe verändert sich nicht, aber die möglichen Lösungen und die daran hängenden Strukturen Wachstum ist eine Folge von Erfolg Ich muß mit meinem Erfolg wachsen. Ich kann nicht planen. Beispiele: Stark schwankende Dienstenutzung (\u0026ldquo;Grußkarten\u0026rdquo;) Strukturveränderung in Diensten (\u0026ldquo;POP3 vs. IMAP\u0026rdquo;, \u0026ldquo;SSL\u0026rdquo;) Dienste mit unbekannter Akzeptanz (\u0026ldquo;Videomail\u0026rdquo;) Dienstwachstum erfordert strukturelle Veränderung (\u0026ldquo;Freemail\u0026rdquo;) Limits Limits in Hardware und Software Hardwaregrenzen Intel-Hardware: 4 CPU, x GB RAM, 60 MB/sec Random I/O Softwaregrenzen Die verwendete Datenbank fällt bei bestimmten Daten- und Lastgrößenordnungen schlicht auseinander oder degradiert über die Zeit. Hotspots Ein stark belasteter Block bremst die Gesamtperformance eines RAID-Systems Reaktionen auf Wachstum Wachstum erfolgt aus dem Betrieb \u0026ldquo;Jetzt wachsen\u0026rdquo; =\u0026gt; \u0026ldquo;mehr Kisten\u0026rdquo; Kurzfristige und längerfristige Lösungen gleichzeitig verfolgen Das ist nicht immer schön Lastverteilung: DNS RR Loadbalancer Appliance Linux Virtual Server Applikation verteilt (login, hashes) Schreibrate beeinflußt die Architektur Livebetrieb auf Snapshots und Kopien Zentrale Datenhaltung bildet Flaschenhälse Anwendungen verteilbar realisieren Erfahrungen Hardware ist billiger als Software\nSoftware ist billiger als Leute\nHardware ist schneller als Software\nSoftware ist schneller als Leute\nDer Preis ist nie das Problem.\nLösbarkeit in Zeit ist das Problem\nZentrale und dezentrale Systeme Historisches Wechselspiel Hosts PCs Zentraler Storage, zentrales drucken Workstation Cluster Zentrale Administration Webanwendungen Zentrale Anwendungsinstallation, zentrale Datenhaltung Webanwendungen können im RZ verteilt werden -\u0026gt; Cluster Webanwendungen können dezentral ablaufen -\u0026gt; Applets, Thin Clients Einflußfaktoren: Netzbandbreite und Latenz vs. zentrale Rechenleistung Dezentralisierung funktioniert. Limits in der verfügbaren Hard- und Software erzwingen dezentrale Systeme Zentrale Systeme haben immer ein wachstumsbegrenzendes Limit. Verteilung: Zustand bremst. Zustandslos verteilen! Writes bremsen. Dezentral schreiben! Synchronisation bremst. Asynchrone Strukturen bauen! \u0026ldquo;Berg der Verzweiflung\u0026rdquo; Architektur Freemail: Plugin im Webserver (eine Art PHP/FI) Alle Funktionen des Dienstes in einer Schicht als Teil des Webservers Differenzierung Funktionstrennung Multi-Tier Architektur für zwei Dutzend Teildienste Folgen: Abhängigkeiten-Netze Debug-Komplexität Update-Komplexität Un-Architektur Architektur vs. Betriebliche Erfordernisse Manche Probleme löst man nur durch brachiale Gewalt Das Resultat ist niemals ästhetisch. Aber es macht die Kasse voll. :) Problem: Dokumente liefern Informatiker-Lösung: Dokumentenserver in Corba-Dienst verpacken Details wegabstrahieren Folge: Performance\u0026hellip; läßt Wünsche offen Lösung: NFS, Datenbank liefert Dateinamen Laufender Dialog mit der F\u0026amp;E Denormalisierung Problem: Speicherung von Mail-Headerinformationen in Datenbanken Informatiker-Lösung: 3NF Datenspeicher Folge: Datenbank explodiert Lösung: Messen. Hotspots identifizieren. Denormalisierung. Daraus folgend: Fehler → Fehlerbehandlung Der ganz normale Wahnsinn Problem: \u0026ldquo;Ab morgen machen wir SSL\u0026rdquo; Folgen? Architektur (mod_gzip + mod_ssl?) Infrastruktur CPU? CPU-Verteilung aka Balancing? Rackspace? Logistik Installation? Rollout? Katalog vs. Reality Hersteller nehmen den Mund gerne voll. \u0026ldquo;4400 RSA-Operations pro Sekunde\u0026rdquo; Resultat: Montag Mittag, 0% Idle, Totalstillstand \u0026ldquo;SAN Storage Lösungen\u0026rdquo;, \u0026ldquo;sie sind eher einer unserer kleineren Kunden\u0026rdquo; Resultat: Systemstillstand beim Erstellen von Snapshots, \u0026ldquo;mit so vielen kleinen Dateien haben wir nicht gerechnet\u0026rdquo; \u0026ldquo;x tausend Firewall-Connections pro Sekunde\u0026rdquo; \u0026hellip; Reiserfs, XFS \u0026hellip; Erfahrungen Normalisierung gut!\nDenormalisierung besser!\nArchitektur gut!\nEinfache Konzepte besser!\nTrau keinem Katalog!\nAlle Hersteller versagen in der Praxis.\n\u0026ldquo;XP\u0026rdquo;: Architektur als Prozeß:\nTu\u0026rsquo; nur was notwendig ist. Behalte die Vision im Hinterkopf.\nKritik: Was ist mit Projektkriterien? Mache kurze, überschaubare Projekte (\u0026lt;3 Monate) Sei bereit, Dinge wegzuwerfen. Projekt \u0026lt;-\u0026gt; Prozeß\nServiceprozesse Prozesse nach Außen Testballon -\u0026gt; virtueller SLA Auch wenn es kostenlos ist erwartet der Kunde, daß es funktioniert. Ausbildung von Supportstrukturen Steigerung der Abhängigkeiten -\u0026gt; Steigerung der Erwartungen \u0026ldquo;Der User ist produktiv.\u0026rdquo; Prozesse nach Innen Differenzierung Allroundqualifikation -\u0026gt; Spezialistenbildung Kommunikationsbedarf Dinge explizit machen Dokumentation Prozesse Verantwortungen Prozesstrennungen ITIL (\u0026ldquo;The IT Infrastructure Library\u0026rdquo;) ITIL Phasen in der F\u0026amp;E (\u0026ldquo;Funktionalität\u0026rdquo;) ITIL Phasen in der IT (\u0026ldquo;Verfügbarkeit, Wachstum und Qualität\u0026rdquo;) Was F\u0026amp;E macht, ist allgemein bekannt. Was IT macht, können die meisten Leute nicht benennen. Abgrenzung gegen F\u0026amp;E Abgrenzung gegen Support Trennung von IT und F\u0026amp;E wird oft nicht durchdacht. Ausblick Spannungsfelder Zentral \u0026lt;-\u0026gt; Dezentral Projekt \u0026lt;-\u0026gt; Prozeß \u0026ldquo;Jetzt\u0026rdquo; \u0026lt;-\u0026gt; \u0026ldquo;Richtig\u0026rdquo;, \u0026ldquo;Ordentlich\u0026rdquo; \u0026ldquo;F\u0026amp;E\u0026rdquo; \u0026lt;-\u0026gt; \u0026ldquo;IT\u0026rdquo; \u0026lt;-\u0026gt; \u0026ldquo;Support\u0026rdquo; ","date":"2004-06-23T00:00:00Z","href":"https://blog.koehntopp.info/2004/06/23/von-10-hoch-3-nach-10-hoch-7.html","tags":["publication","talk","linux","lang_de"],"title":"Von 10^3 nach 10^7: Wachstumsschmerzen mit Linux"},{"categories":null,"content":"SonicWall preist den SSL Offloader SSL-RX an als\nSonicWALL SSL Offloaders completely offload all encryption, decryption and secure processes from Web servers, accelerating the performance of Web sites and applications with an affordable, scalable and reliable solution.\nDas Gerät wird angegeben mit \u0026ldquo;Up to 4.400 peak RSA operations per second, 30.000 concurrent connections, 300.000 session cache\u0026rdquo;.\nDie Kiste funktioniert in einer möglichen Betriebsart als Bridge, die vor die Webserver geschnallt wird und alle Verbindungen (ssh, http) unverändert durchläßt, https aber decodiert und nach hinten als http etwa auf Port 82 weiterreicht, um dann die Antworten zu nehmen und nach vorne als https auf Port 443 zu verkaufen.\nUnglücklicherweise schafft das Gerät nicht das, was ich mir davon erhofft habe - offensichtlich sind \u0026ldquo;4.400 peak RSA operations per second\u0026rdquo; nicht 4.400 SSL-Connects pro Sekunde. Außerdem ist das Fehlerverhalten sehr unglücklich - wenn die CPU erst einmal 100% busy ist, macht das Gerät als Bridge vollkommen dicht und man kommt nicht nur mit https, sondern auch mit http und mit ssh nicht mehr durch den Offloader an die Webserver heran.\nNun stellt sich mir die Frage, wieviele RSA-Operations wohl ein SSL-Connect sind, und wieviele SSL Connects pro Sekunde man von der Schachtel erwarten darf.\n","date":"2004-06-22T00:00:00Z","href":"https://blog.koehntopp.info/2004/06/22/die-schallmauer-durchbrechen.html","tags":["security","lang_de"],"title":"Die Schallmauer durchbrechen..."},{"categories":null,"content":"Der Artikel Filesysteme sind Datenbanken von Matthias Leisi regt mich an, hier mal ein paar Sachen aufzuschreiben, die ich schon länger vor mir her kullere.\nDie meisten Unix-Dateisysteme trennen eine \u0026ldquo;Gruppiere Blocks in Dateien\u0026rdquo;-Ebene (Blockverwaltung) und die \u0026ldquo;Gruppiere Dateien in Hierarchien\u0026rdquo;-Ebene (Namensraumverwaltung) voneinander. Die Blockverwaltung ist relativ gut verstanden und der I/O-Layer von Datenbanken überlegen. Die durch WinFS ausgelöste Diskussion findet stattdessen im Bereich Namensraumverwaltung statt.\nBlockverwaltung und die Überlegenheit der Filesystem API Die Ebene der Blockverwaltung bei Dateisystemen ist sehr hoch optimiert und muß akzeptable Performance unter extrem variablen Benutzungspatterns abliefern können. Ein einzelnes Dateisystem kann im selben Moment sehr viele kleine Dateien enthalten, wie sie zum Beispiel in einem Cyrus-Mailspool oder einem INN tradspool vorkommen, und einige wenige sehr große Dateien, wie sie zum Beispiel von einer Datenbank angelegt werden. Es muß damit zurecht kommen, daß eine Anwendung sehr viele sehr kleine Dateien in Folge öffnen will - der IMAP-Server, der durch den Mailspool tobt, und daß zeitgleich sehr viele andere Anwendungen auf einer großen Datei hin- und her seeken und zeitgleich Stücke der dieser großen Datei beschreiben und lesen wollen - die Threads der Datenbank, die auf das Datenbankfile zeitgleich einschlagen.\nDie API, mit der dies abgewickelt wird, ist extrem simpel - das open/read/write/seek/close/lock-Interface ist steinalt und sehr gut getestet. Es ist - inklusive von neueren Optimierungen wie readv/writev und mmap - auch sehr effizient und erlaubt es Anwendungen, Daten von der Platte zu lesen oder auf die Platte zu schreiben, ohne daß das Betriebssystem dafür Bytes umkopieren müßte. Es ist sogar so effizient, daß einige Datenbanken die Option bieten, auf BLOB-Daten mit Hilfe dieser API zuzugreifen, indem die Datenbank die Tabelle, bzw. die Objekte in der Tabelle als NFS-Dateibaum exportiert.\nAuf dieser Ebene des Dateisystems geht es also nicht darum, irgendwelche Queries zu beantworten oder Daten wiederzufinden, sondern nur darum, Daten mit sehr heterogener Granularität und sehr variablen Anforderungen an den Zugriff möglichst effizient in den Speicher zu schaffen bzw. auf die Platte zu befördern.\nDateisysteme machen - zumindest in Unix - keine Annahmen über die Struktur von Daten. Dateien als solche sind strukturlose Blobs, und den Anwendungen steht es dann frei, eine Struktur in die Daten hinein zu interpretieren. Das System aber hält seine Finger da heraus, und manipuliert Dateien entweder als Klotz, oder Stücke davon als Byteranges.\nDas ist eine bewußte Entscheidung der Entwickler von Unix gewesen, nachdem sie Erfahrungen mit anderen Systemen hatten und wußten, wieviel mehr Komplexität auf Systemebene notwendig ist, damit Dateien mit Satzstrukturen behandelt werden können. Andere Systeme zu dieser Zeit haben Dateien mit Satzstrukturen implementiert (ISAM-Files und ähnliches), und sind damit eher weniger gut gefahren: Datenbanken als Userland-Anwendungen sind leichter zu implementieren und zu optimieren als Datenbanken als Teil des Kernels, und Datenbanken als Teil des Kernels bieten keine Performance-Vorteile.\nWir nehmen die Folgende Liste der Vorteile auf der Ebene der Blockverwaltung mit:\nKeine Annahmen über die Struktur erlaubt Freiheit in der Definition der Datenstrukturen und Freiheit in der Strukturierung der Zugriffe. Zero Copy I/O Namensraumverwaltung Man kann sich die Blockverwaltungsschicht wie ein einziges großes Verzeichnis ohne Unterverzeichnisse vorstellen, in dem alle Dateien eines Dateisystems enthalten sind, und zwar mit ihrer Inode-Nummer als Name. Die Aufgabe der Namensraumverwaltung ist nun, die Pfadnamen, die im Userland gebräuchlich sind, in Inodenummern zu übersetzen. Auf der Ebene der Blockverwaltung arbeitet Unix dann immer nur mit den Inodenummern und den daran hängenden Verwaltungsstrukturen, den Inodes. Es gibt keine Funktion openi() (\u0026ldquo;Open File by Inode number\u0026rdquo;) in der Kernel-API.\nÜber dieser Schicht liegt die Namensraumverwaltung. Die ist in unixoiden Systemen traditionell hierarchisch strukturiert und der Zugriff auf Daten erfolgt immer über Pfadnamen relativ zum aktuellen Verzeichnis eines Prozesses oder zur aktuellen Wurzel des Dateisystems eines Prozesses. Dies ist ein sehr simpler Mechanismus der Strukturbildung auf dem flachen See der Inodenummern, der viele Jahre ausgereicht hat, um Dateien zu sortieren und wiederzufinden.\nZur Zeit geschieht dies immer intern im Kernel. Die Funktion, die dies macht, bekommt entweder das aktuelle Wurzelverzeichnis des aufrufenden Prozesses (wenn der Dateiname mit / anfängt) oder das aktuelle Arbeitsverzeichnis (in allen anderen Fällen) als Startwert und übersetzt den Pfadnamen dann Schritt für Schritt rekursiv in eine Folge-Inodenummer und einen Pfadrest.\nWir nehmen an Gedanken aus dieser Sektion mit: Die Ansteuerung von Dateien erfolgt in Unix traditionell über den Pfad und nicht über eine ID wie die Inode-Nummer. Das Auflösen des Pfadnamens in eine Inode-Nummer erfordert weitere, über die Rechte an der Datei hinausgehende Zugriffsrechte, die vom verwendeten Pfadnamen abhängen. Für ein modernes Rechtesystem ist das weder notwendig noch wünschenswert, und es sollte möglich sein, Dateien über eine ID - die Inode-Nummer oder eine Datei-UUID anzusprechen. Windows- und Apple-Dateisysteme erlauben dies sogar schon zum Teil.\nAndere Strukturbildner Einige Artikel diskutieren nun andere Strukturbildner für ein Dateisystem. El Reg hat zum Beispiel ein Interview mit den Entwicklern von BeOS über die Probleme, die sie bei der Entwicklung der BeOS \u0026ldquo;Dateisystem\u0026rdquo;-Datenbank gehabt haben. Dem Interview kann man entnehmen, daß eine Datenbank im Userland zwar keine Performance-Vorteile hat, aber die Synchronisation zwischen Datenbank und Dateisystem leichter zu realisieren ist, wenn entsprechende Synchronisationsprimitive existieren und das Interface zu diesen Funktionen ist leicher zu realisieren, wenn die Datenbank Teil des Kernels ist.\nDie Beispiele, die für BeOS gegeben werden, gehen von einer traditionellen Datenbank mit Feldern und Werten aus. Der Artikel mit dem langatmigen Titel Namespaces As Tools for Integration the Operating System Rather As Ends in Themselves schildert die Sicht von Hans Reiser auf dieses Problem. In dem Artikel versucht Hans Reiser zu erläutern, warum er eine feste Tabellenstruktur oder RDF-Syntax für eine Abfragesprache in Dateisystemen eher für sinnlos halt. Seine Beweisführung streift schon fast das Argument \u0026ldquo;Google für Dateisysteme\u0026rdquo;. Wenn er dann jedoch beginnt, eine Abfragesprache mit einer \u0026ldquo;dateinamenähnlichen\u0026rdquo; Syntax herzuleiten, erkennt man wieder Strukturen mit einer \u0026ldquo;Name=Wert\u0026rdquo;-Syntax.\nReiser geht davon aus, daß es Dateisystem-Plugins gibt, die er Klassifikatoren nennt. Diese Plugins generieren Schlüsselwerte, unter denen die Datei zu finden ist. In einem traditionellen Unix-Dateisystem stellt der Benutzer die Schlüssel bereit, indem er eine Datei unter einem Namen in einem Verzeichnis ablegt (und durch Links kann eine Datei unter mehr als einem Schlüssel abgelegt sein). In Reisers Modell werden weitere Schlüssel automatisch generiert - abhängig vom Typ der Datei. Das kann etwa ein Volltextindex sein - eine Datei ist dann unter allen in der Datei vorkommenden Worten zu finden, oder es können Schlüssel-Schlüsselwert Paare sein wie \u0026ldquo;mime-type: audio/mp3\u0026rdquo;, \u0026ldquo;subject: strike\u0026rdquo; oder \u0026ldquo;from: santa\u0026rdquo;.\nIn seiner Syntax ist \u0026ldquo;/etc/passwd\u0026rdquo; die Datei passwd in der \u0026ldquo;etc\u0026rdquo;-Gruppierung, während \u0026ldquo;[dragon gandalf bilbo]\u0026rdquo; die Datei ist, die den drei genannten Schlüsselwerten zugleich genügt. Später verallgemeinert er dann den \u0026ldquo;/\u0026quot;-Operator zu einer \u0026ldquo;Syntax Barrier\u0026rdquo; und kommt so zu Queries mit \u0026ldquo;Funktionen\u0026rdquo; wie \u0026ldquo;case-insensitve/[computer privacy laws]\u0026rdquo;, zu Security Barriers wie \u0026ldquo;[my secrets]/[love letter susan]\u0026rdquo; und zu einer Attributsyntax wie \u0026ldquo;[subject/[illegal strike] to/elves from/santa document-type/RFC822 ultimatum]\u0026rdquo;. Er weist darauf hin, daß man zu einer quasi-relationalen Query gelangt, wenn man das vorhergehende Beispiel zu \u0026ldquo;[subject/strike to/elves from/santa document-type/RFC822]\u0026rdquo; vereinfacht.\nObjektklassen und Attributsyntax Und an dieser Stelle landet man dann bei weiterem Nachdenken bei LDAP. Während LDAP eine stark denormalisierte Datenbankstruktur ist (LDAP ist nicht einmal in erster Normalform), besteht der Wert von LDAP paradoxerweise darin, ein sehr rigides Datenmodell zu haben. LDAP definiert einige Datentypen und die für diese Datentypen zugelassenen Attribute sowie ein Vererbungssystem für Typen. Alle LDAP-Anwendungen verwenden diese Datentypen oder erben von ihnen, sodaß unterschiedliche LDAP-Storages untereinander kompatibel sind.\nDer Wert von LDAP besteht also nicht im Storage oder der Abfragesprache (beide sind kaputt bzw. unvollständig), sondern im Schema und im Wire-Protokoll, die beide extrem interoperabel sind und die interoperabel erweiterbar sind. Der Wert von LDAP liegt also in der Normierung.\nDiese Überlegung ist auch auf eine Dateisystem-Abfragesprache anwendbar: Betrachtet man die Beispiele von Reiser genauer, findet man im Grunde zwei Szenarien, die Reiser unterscheidet.\nDas eine Szenario sind Anfragen nach Daten einer bestimmten Objektklasse (\u0026ldquo;mime-type: audio/mp3\u0026rdquo;, \u0026ldquo;mime-type: message/rfc822\u0026rdquo;), bei denen der Fragesteller dann Annahmen über das Vorhandensein bestimmter Attribute machen kann und bei denen die weitere Anfrage dann das Vorhandensein und die Bedeutung bestimmter Attributnamen voraussetzen kann. Das Characteristische an der Anfrage \u0026ldquo;[subject/[illegal strike] to/elves from/santa document-type/RFC822 ultimatum]\u0026rdquo; ist ja die Typabsicherung \u0026ldquo;document-type/\u0026hellip;\u0026rdquo;. Nur deswegen kann sich der Fragesteller sicher sein, daß Attribute wie \u0026ldquo;subject\u0026rdquo;, \u0026ldquo;from\u0026rdquo; und \u0026ldquo;to\u0026rdquo; existieren und daß ihre Werte die gesuchten Bedeutungen haben.\nDie zweite Sorte Frage ist die Googlesuche nach dem Vorkommen von bestimmten Schlüsselworten irgendwo in der Datei, ohne Rücksicht auf die Strukturen, in die sich die Datei einpassen läßt. Das ist quasi die klassische Volltextsuche, mit einem Klassifikator-Plugin, daß für alle möglichen (auch multimedialen) Datentypen so viele sinnvolle Worte wie möglich extrahiert.\nMan beachte, daß der erste Fall nicht wirklich ein hierarchisches, denormalisiertes Datenbankschema benötigt wie etwa LDAP es bereitstellt. Es ist dagegen vollkommen ausreichend, ein objektrelationales System zu haben, in dem eine Entity von einer anderen Entity erben kann und für dieses System ein Schema bereitzustellen, das Attribute für alle gängigen und interessanten Mime-Types bereitstellt.\nNeben der Arbeit der Implementierung eines solches Dateisystems ist also weitere Arbeit notwendig, nämlich die Normierung von Datenstrukturen, also die Erarbeitung einer Taxonomie von Attributen und Objektklassen für die in einem modernen System vorkommenden Mime-Typen.\nAuch an der Abfragesprache ist noch Arbeit zu leisten - die von Reiser vorgeschlagene Syntax ist einfach, aber unvollständig und definiert keine vollständige Navigation. Die Abfragesprache von LDAP ist ebenfalls unvollständig und hat eine ganze Reihe von Einschränkungen, nicht nur vom relationalen Standpunkt aus, sondern schon auf einer sehr viel niedrigeren Ebene - hier möchte man sich eher bei den Gedankenmodellen von XPath und XQuery bedienen, die eine reichere Syntax und mehr Möglichkeiten liefern. Auf diese Weise wäre auch die Adressierung von Elementen in Dateien möglich.\nFazit Wir nehmen abschließend mit:\nEin Dateisystem ist keine Datenbank im herkömmlichen Sinne, sondern ein Speicher, der auch mit unstrukturierten oder partiell strukturierten Daten klarkommen muß. Ein wenig mehr Struktur und ein wenig bessere Rechnerchemöglichkeiten täten heutigen Dateisystemen jedoch sehr gut. Dabei ist jedoch der Strukturlosigkeit Rechnung zu tragen und es sind neben strukturierten Anfragen im SQL-Stil auch strukturlose Anfragen im Stile einer Volltextsuche über alle Attribute zu ermöglichen.\nDiese Anfragen dienen weiterhin nur zur Bestimmung der Inodenummer/ID/UUID einer Datei, also zur Lokalisierung der Datei. Der weitere Zugriff kann dann ganz normal über die Blockverwaltung erfolgen, und muß nicht langsamer als heutzutage sein.\nDer Wert einer solchen Datenbank als Dateisystem ergibt sich wie bei LDAP aus der Normierung der Schemata. Es sind also rechtzeitig sinnvolle Schemata für gängige Systemdatentypen bereitzustellen und es ist ein offener, herstellerunabhängiger Prozeß für die Normierung und Entwicklung einer Hierarchie von Objektklassen und Attributtypen bereitzustellen.\n","date":"2004-06-06T00:00:00Z","href":"https://blog.koehntopp.info/2004/06/06/dateisysteme-und-datenbanken.html","tags":["filesystems","database","lang_de"],"title":"Dateisysteme und Datenbanken"},{"categories":null,"content":"In der Computerwoche findet sich ein Artikel , der sich mit dem Thema \u0026ldquo;Sicherheit von Webanwendungen\u0026rdquo; beschäftigt. Nun ist es die Computerwoche, und daher nicht so richtig verwunderlich, wenn dieser Artikel das Thema eher \u0026hellip; oberflächlich behandelt. Aber so einige Ideen schockieren mich dann doch.\nHerkömmliche Schutzmechanismen wie Firewalls greifen bei derartigen Problemen jedoch nicht. Die Angriffe erfolgen auf Applikationsebene über den Browser und somit über die Kommunikationsports 80 (bei Verwendung von HTTP) beziehungsweise 443 (bei HTTPS).\nDas ist ja in etwa Sinn einer Webanwendung, daß sie auf diesen Ports mit dem Anwender redet.\n[Hier] weisen herkömmliche Firewalls hier eine größere Lücke auf.\nIm folgenden Text redet der Artikel dann \u0026ldquo;Firewalls\u0026rdquo; das Wort, die die Aufgaben eines Web Application Frameworks übernehmen und, indem sie der eigentlichen Anwendung vorgeschnallt werden, die Eingabewerte der Anwendung an deren Stelle prüfen. Wie für Artikel auf diesem Niveau üblich, werden wahre Wunderdinge versprochen:\nUm Missbrauch und Angriffe auf Backend-Anwendungen zu verhindern, sollten Web-Anwendungen daher immer nur Eingaben zulassen, die sinnvoll sind und innerhalb der Erwartungen des jeweiligen Kontexts liegen. Wird beispielsweise eine Postleitzahl abgefragt, dürfen in dem dazugehörigen Feld keine Buchstaben oder Sonderzeichen auftauchen.\nBesser als nichts. Nur: Wie auch bei herkömmlichen Firewalls ist es mit dem Aufstellen und Einschalten nicht getan. Wo man anderswo jetzt Kommunikationsprofile analysieren muß, um dann die notwendigen Ports freizuschalten, muß man nun die Webseiten der Anwendung (alle Seiten!) analysieren und einzeln Validierungsprädikate für alle Eingabefelder und deren mögliche Kombinationen und Abhängigkeiten definieren. Man kann sich leicht vorstellen, daß dies ein sehr aufwendiger Prozeß ist - um ein Vielfaches aufwendiger als die Kommunikationsanalyse einer herkömmlichen Firewall.\nDann geht es jedoch weiter:\nBei unzureichenden Zugriffskontrollen können Hacker Zugriff zu Benutzerkonten erhalten, nicht für sie bestimmte Daten einsehen oder Funktionen nutzen. Ähnliches gilt für unzureichende Authentisierung und Session-Management [\u0026hellip;]\nGegen diese Sorte Fehler kann eine solche vorgeschaltete Eingabekontrolle genau nicht schützen. Eine Session-ID ist eine Session-ID und wenn die schlecht und ratbar ist, dann kann der Anwender die Session eben spontan wechseln, indem er sich eine andere, legale Session-ID ausdenkt.\nLeider sind derartige Produkte nicht ganz billig. Wer sich auf diese Weise absichern will, muss mit Investitionen von 15.000 bis 30.000 Dollar rechnen.\nDieses Geld wäre sicherlich besser in eine Restrukturierung und grundsätzliche Verbesserung der Web-Anwendung investiert. Warum wird das nicht gemacht?\nAntwort: Wie denn, wenn man den Source nicht hat? Das ganze Konzept einer solchen vorgeschalteten Eingabekontrolle ist so unendlich closed source, daß ich bestimmt 15 Minuten gebraucht habe, bis mir einfiel, daß es vielleicht noch irgendwo auf der Welt Leute geben mag, die Fehler in ihren Anwendungen nicht direkt in der Anwendung korrigieren können. Das wiederum ist eine Beobachtung, die im Grunde einen eigenen Artikel wert ist.\nUnd schließlich die eigentliche Crux: Mit steigender Komplexität der Aufgaben einer Firewall oder eines IDS steigt auch die Wahrscheinlichkeit von Fehlern in diesem System. Exploitbaren Fehlern.\nBeispiele: Dragon-Fire IDS Vulnerability : \u0026ldquo;The Dragon-Fire IDS remote web interface under version 1.0 has an insecure CGI script which allows for users to remotely execute commands as the user nobody.\u0026rdquo; Das ist genau die Sorte Fehler, die wir in diesem Artikel diskutieren, in einer Anwendung, die gegen solche Fehler schützen soll. RapidStream Unauthenticated Remote Command Execution Vulnerability \u0026ldquo;RapidStream offers a line of VPN/Firewall network devices. Each product comes with a modified version of sshd for encrypted remote administration. This version of sshd has a \u0026ldquo;hard-coded\u0026rdquo; username in it, rsadmin with a null password (rsadmin = root)\u0026rdquo; Kein Kommentar mehr notwendig. Firestorm IDS IP Options Decoding Denial Of Service Vulnerability \u0026ldquo;It has been reported that Firestorm IDS can be caused to crash when it has received traffic with specific IP options set.\u0026rdquo; Decoding zu komplex für die Sicherheitsanwendung. Etheral , nun Wireshark Dies listet eine ganze Reihe von Problemen, bei denen die Anwendung, ein Netzwerkmonitor, sich selbst kompromittiert beim Decodieren von Netzwerkpaketen, die für ganz andere Systeme bestimmt sind. ethereal/wireshark hat natürlich keine Chance - wann immer ein Protokoll selber einen Exploit hat, hat ethereal möglicherweise auch einen. Da alle Protokolle in ethereal decodiert werden müssen, hat ethereal jede Menge Exploits. Wobei ich sagen muß, daß die ethereal, tcpdump und snort-Listen meine Lieblinge sind. Wenn ich diese Listen sehe, denke ich über gewisse Produkte mit ganz ähnlicher Funktionalität nach, und ob deren Exploit-Listen wohl kürzer sein mögen. Und wer mag da wohl haften, wenn so eine Kiste kompromittiert und dann ausgenutzt wird. Der Netzbetreiber hat die ja nicht freiwillig aufgestellt\u0026hellip;\n","date":"2004-05-12T00:00:00Z","href":"https://blog.koehntopp.info/2004/05/12/firewalls-und-komplexitaet.html","tags":["security","lang_de"],"title":"Firewalls und Komplexität"},{"categories":null,"content":"Irgendwann Ende der 80er fiel mir ein Zortech C++ Compiler in die Hand. Den mochte ich, weil er anders als das cfront auf dem AIX ein nativer Compiler war. Ich habe also das VP/ix in meinem SCO Xenix hochgefahren, ein MS-DOS rein installiert und ein wenig mit der Sprache rumexperimentiert.\nIch habe zu dieser Zeit bei einem Erwachsenenbildungswerk Programmierkurse gegeben und eine der fortgeschrittenen Standardaufgaben, mit denen ich meine Schüler gequält habe, waren dynamische Strings (\u0026ldquo;Schreiben Sie eine lgets()-Funktion, die beliebig lange Strings aus einer Datei lesen kann\u0026rdquo;) und dynamische Arrays (\u0026ldquo;Schreiben Sie einen Satz Funktionen, mit denen Sie ein Array variabler Größe verwalten können\u0026rdquo;).\nNatürlich habe ich diese Experimente auch in C++ versucht, und mich in kürzester Zeit angewidert abgewandt. C++ hat sich für diese Aufgabe nämlich als haarsträubend unbrauchbar herausgestellt. Ich fragte mich: Wozu eine objektorientierte Programmiersprache, wenn in ihr nicht einmal ordentliche Container schreiben kann? (Ich weiß, daß es inzwischen Templates gibt, aber ihr wisst, daß die auch nicht Teil der Lösung, sondern Teil des Problems sind)\nAber ich war sowieso schon von der Uni her versaut, wo wir im Rahmen der Vorlesung \u0026ldquo;Objektorientierte Programmierung\u0026rdquo; mit Smalltalk und CLOS rumgemacht haben - von dort hatte ich recht konkrete Vorstellungen davon, was ich von einer objektorientierten Sprache erwarte, wenn es darum geht, dem Programmierer Arbeit abzunehmen. Kurz danach geriet ich an eine Nextstation und Objective-C und war für die Type Nazis für immer verloren: Dynamisch getypte Sprachen rocken einfach mehr , denn sie nehmen einem Arbeit ab, anstatt welche zu generieren.\nNatürlich habe ich das gerne auch im Netz verargumentiert, und bin von der Static Typing Fraktion mehr als einmal getoastet worden, denn ohne starke Typprüfung durch den Compiler geht angeblich die Welt unter. Angeblich, denn bei mir tat sie es nie.\nAber offenbar bin ich nicht der einzige, der diese Erfahrung gemacht hat. Bei Jeff Morre\u0026rsquo;s Classpath considered harmful findet sich ein Link auf Stephen Ferg\u0026rsquo;s Java vs. Python comparison , und die beschreibt ziemlich gut meine Erfahrungen mit C++ und später Java.\nManche Beispiele sind echt lustig, jedenfalls wenn man diese Art Geek-Humor steht. Wie schreibt ein Java-Programmierer $fp = fopen($argFilename, \u0026quot;r\u0026quot;)?\nimport java.io.*; BufferedReader myFile = new BufferedReader(new FileReader(argFilename)); Das baut einen FileReader -Objekt (FileReader ist eine Unterklasse von InputStreamReader , der Bytes mithilfe einer beliebigen Zeichensatzkonvertierung in Zeichen des gewünschten Zielzeichensatzes umwandelt, und FileReader setzt diese Umwandlung auf Null und setzt eine Standardpuffergröße ein. InputStreamReader ist wiederum eine Unterklasse von Reader , eine abstrakte Klasse für Datenströme, was wiederum wie alles eine Unterklasse von Object ist.) und gibt dieses FileReader-Objekt einem BufferedReader mit. Den BufferedReader kann man dann nach Zeilen fragen, wenn man will. Man hätte auch einen LineNumberReader , eine Unterklasse von BufferedReader, nehmen können, hätte man neben dem Inhalt der Datei auch Zeilennummern wissen wollen. Ein LineNumberReader ist also ein BufferedReader plus einem int, das immer mal inkrementiert wird, wenn ein Newline vorbeikommt, plus eine Setter und eine Getter -Methode für dieses int.\nOder, schöner noch: Wie schreibt ein Java-Programmierer \u0026ldquo;Tu eine Zahl in Array und hol sie wieder raus?\u0026rdquo;\npublic Vector aList = new Vector; public int aNumber = 5; public int anotherNumber; aList.addElement(new Integer(aNumber)); anotherNumber = ((Integer)aList.getElement(0)).intValue(); Wir bauen uns also ein int-Skalar aNumber, und eine Liste aList. Da in die Liste nur Objekte rein können, machen wir aus dem int-Skalar ein int-Objekt und tun das in die Liste. Da Java statisch typt , ist in der Liste jetzt ein Object-Objekt und kein Integer-Objekt mehr. Wir fischen das Object-Objekt also mit getElement() aus der Liste, und typecasten das erst mal in was Brauchbares, ein Integer-Objekt. Nur dann dürfen wir das int-Skalar aus dem Integer-Objekt wieder herausholen.\nIn Python und jeder anderen dynamisch getypten Sprache:\naList = [] aNumber = 5 aList.append(aNumber) anotherNumber = aList[0] Was ich für sehr viel klarer und weniger fehleranfällig halte.\nBruce Eckel auch. Die Fehler, die Code explodieren lassen, sind in der Regel keine Typfehler, sondern falsche Grenzbedingungen, falsche Logik oder falsches Design. Und denen kommt man nicht mit Typechecking bei, sondern halt nur mit Tests.\nBruce Eckel verweist in seinem Eintrag auf Robert Martin . Der schreibt\nI thought an experiment was in order. So I tried writing some applications in Python, and then Ruby (well known dynamically typed languages). I was not entirely surprised when I found that type issues simply never arose. My unit tests kept my code on the straight and narrow. I simply didn\u0026rsquo;t need the static type checking that I had depended upon for so many years.\nMein Reden seit 1870/71 (letzter Abschnitt).\nGuido hat sich ebenfalls dazu geäußert :\nAll that attention to getting the types right doesn\u0026rsquo;t necessarily mean you don\u0026rsquo;t have other bugs in your program. A type is a narrow piece of information about your data. When you look at large programs that deal with a lot of strong typing, you see that many words are spent working around strong typing.\nThe container problem is one issue. It\u0026rsquo;s difficult in a language without generics to write a container implementation that isn\u0026rsquo;t limited to a particular type. And all the strong typing goes out the door the moment you say, \u0026ldquo;Well, we\u0026rsquo;re just going to write a container of Objects, and you\u0026rsquo;ll have to cast them back to whatever type they really are once you start using them.\u0026rdquo; That means you have even more finger typing, because of all those casts. And you don\u0026rsquo;t have the helpful support of the type system while you\u0026rsquo;re inside your container implementation.\nPython doesn\u0026rsquo;t require you to write the cast, and its containers are completely generic. So it has the plus side of generic containers without the downside. It doesn\u0026rsquo;t have the plus side that the C++ folks claim to get with their templates and other generics. But in practice that mechanism turns out to be very cumbersome. Even compiler writers have difficulty getting templates to work correctly and efficiently, and the programmers certainly seem to have a lot of trouble learning how to use it correctly. Templates are a whole new language that has enormous complexity.\nJohn Ousterhout sieht das ganz ähnlich in Scripting: Higher Level Programming for the 21st Century , Abschnitt 6 ist der interessante Teil.\n","date":"2004-05-02T00:00:00Z","href":"https://blog.koehntopp.info/2004/05/02/static-vs-dynamic-typing.html","tags":["computer","lang_de"],"title":"Static vs. dynamic typing"},{"categories":null,"content":"(via Groklaw )\nSitecom GmbH in Freising ist das Ziel einer einstweiligen Verfügung des Netfilter/Iptables-Projektes. Demnach ist es Sitecom untersagt, ihr auf Netfilter basierendes Produkt weiter zu vertreiben, bis sie allen Bedingungen der GPL nachkommen.\nDie GPL (General Public License) ist eine Lizenz. Sie gibt einem das Recht, ein urheberrechtlich geschütztes Werk (hier: netfilter/iptables) zu verwenden, zu modifizieren und zu verbreiten, wenn man den Verpflichtungen der Lizenz nachkommt.\nIm Fall gewöhnlicher Lizenzen bedeutet dies meist eine Zahlung von Lizenzgebühren. Im Fall der GPL ist die Nutzung kostenfrei gestattet, aber die GPL verlangt, daß man den Quelltext des Gesamtproduktes, in dem die GPL-Software enthalten ist, ebenfalls unter der GPL freigibt.\nDas bedeutet, um GPL-Software nutzen zu können, muss man nach denselben Regeln spielen wie die GPL selber. Dies stellt sicher, daß das Ausgangprojekt frei verfügbar ist und daß alle Modifikationen und Ableitungen aus dem Ausgangsprojekt ebenfalls frei verfügbar bleiben. Es ist also nicht möglich, GPL-Software aufzusaugen und für sich zu nutzen und der GPL-Entwicklergemeinde die eigene Arbeit vorzubehalten.\nWem dies nicht gefällt, der kann versuchen, von dem Urheber des Projektes die Rechte zur Nutzung der Quellen unter einer anderen Lizenz zu bekommen. MySQL und Qt sind solche mehrfach lizenzierten Projekte, wie ich in einem älteren Artikel geschildert habe.\nDie einstweilige Verfügung gegen Sitecom ist übrigens noch nett. Sie ist quasi der letzte Versuch der Netfilter-Leute, Sitecom noch entgegenzukommen: Dem Netfilter-Projekt stünde es frei, Sitecom die Lizenz zur Nutzung des Netfilter-Codes dauerhaft und unwiderruflich zu entziehen. Die einstweilige Verfügung dagegen stellt ganz klar, daß es Sitecom offen steht, den Netfilter-Source weiterzuverwenden, sobald Sitecom allen Bedingungen der GPL nachkommt.\nEs ist unklar, warum Sitecom diese Gelegenheit und vorangehende Einigungsversuche mit Netfilter nicht nutzt. Die Historie der Einigungen mit anderen Netfilter-Nutzern zeigt deutlich, daß Netfilter Nutzer ihres Codes erst einmal ganz zivil und abmahnungsfrei auf die GPL und die sich daraus ergebenden Bedingungen hinweist. Nur weil Sitecom diesem Versuch einer gütlichen Einigung nicht nachgekommen war, sah sich Netfilter gezwungen zu juristischen Mitteln zu greifen, um ihr Recht durchzusetzen.\nDies ist die erste Anwendung der GPL vor Gericht überhaupt. Alle anderen Konflikte, in denen es um die GPL und ihre Gültigkeit geht, sind bisher außergerichtlich zur Zufriedenheit aller Parteien gelöst worden. Daher ist nach all den Jahren immer noch ungeklärt, ob die GPL vor Gericht Bestand haben kann, auch wenn die meisten Juristen inzwischen der Auffassung sind, daß es besser so wäre - wäre die GPL nicht gültig, gäbe es überhaupt keine Lizenz, nach der die Nutzung einer nur unter der GPL lizenzierten Software erlaubt wäre und damit würde automatisch das normale Urheberrecht gelten, das die Nutzung fremder Werke (ohne Lizenz) automatisch verbietet.\n","date":"2004-04-15T00:00:00Z","href":"https://blog.koehntopp.info/2004/04/15/gnu-gpl-in-deutschland.html","tags":["computer","lang_de"],"title":"GNU GPL in Deutschland"},{"categories":null,"content":" Früher war alles besser. Früher zum Beispiel konnte MySQL gar nichts, und der Server stand unter der GPL , während der MySQL Client unter der LGPL stand und alles war gut. So gut, daß zum Beispiel das PHP Projekt den MySQL Client den PHP-Sourcen beigelegt hatte und daß man deswegen Mühe hatte, ein PHP zu finden, das nicht mit einer MySQL-Datenbank reden konnte. Dieses Bundling ist es unter anderem gewesen, das den Siegeszug der LAMP Plattform begründet hat.\nDann jedoch entschloss man sich bei MySQL einige Dinge zu tun: Erstens nahm man Venture-Capital an, zweitens stellte man davon einen Haufen Leute ein und drittens schob man auf diese Weise die Weiterentwicklung von MySQL kräftig an. Die MySQL 4.x Serie entstand.\nDie Idee dahinter ist relativ offensichtlich: MySQL hat Datenbanken einen vollkommen neuen Markt eröffnet. Vor zehn Jahren war SQL-Wissen noch Spezialwissen und SQL-Datenbanken waren teure Dinge, die nur bei großen Projekten eingesetzt wurden. Es ist das Verdienst von MySQL, diese Situation von Grund auf verändert zu haben - heute hat jedes Script Kiddie SQL-Kenntnisse und verwendet lieber MySQL als Flatfiles, um selbst eine Highscore-Liste zu speichern. MySQL will nun mit Datenbanken das tun, was Linux mit Unix-Betriebssystemen gemacht hat.\nMySQL befindet sich dabei in mehr oder weniger derselben Situation wie Linux 1994: Natürlich ist das Produkt (noch!) nicht so feature-complete wie die etablierten Spieler in diesem Markt, aber für den weitaus größten Teil der Anwender ist das auch überhaupt nicht notwendig. Für diese Anwender zählen nämlich nicht so sehr die fetten Enterprise-Feature-Listen, als vielmehr gute Dokumentation und leichte Erlernbarkeit, die Verfügbarkeit von billigem Personal mit Kenntnissen im Produkt, Einsatz in Hosting-Umgebungen (Datenbank und Anwendung auf derselben Maschine, Trennung einer physikalischen in mehrere logische Datenbanken, Ressource-Quotas usw) und leichte Administrierbarkeit.\nMySQL hat seinen Kunden hier zugehört und unter der Häme und dem Spott der etablierten Datenbankhersteller etwas entwickelt, das in erster Linie Kundenwünsche erfüllt und erst jetzt, in den 4.x Versionen, anfängt Datenbankhersteller-Kriterien zu erfüllen. Unterwegs hat MySQL aber einen vollkommen neuen Markt geschaffen und definiert, und dem gesamten Datenbankmarkt ein vollkommen neues und von den Benutzerzahlen her gigantisches Low-End geschaffen. Von dort, und mit der dort erzeugten Benutzerbasis, will MySQL jetzt den Datenbankmarkt von unten her kannibalisieren und Datenbanken in ein Commodity-Produkt umwandeln - die Lizenzpreise sprechen eine deutliche Sprache.\nEin Exkurs in Lizensismus Der Markt hat jedoch anders reagiert, denn die Situation ist ein wenig komplizierter als in der verklärten \u0026ldquo;Früher war alles besser\u0026rdquo;-Darstellung von oben. Das Unheil begann damit, daß es im Grunde drei Klassen von Lizenzen gab oder jedenfalls seit der\nMozilla Public License gibt. Da ist zum einen die Edel-Lizenz GPL, die im Grunde nur mit sicher selber kompatibel ist (denn alles, was man mit der GPL zusammenbaut wird selber GPL). Dann sind da jede Menge freie Softwarelizenzen, die nicht mit der GPL kompatibel sind. Freie Softwarelizenzen sind DFSG-kompatible Lizenzen außer der GPL selber, also so Dinge wie Apache, BSD, Mozilla-Derivate und so weiter sowie die LGPL. Und dann sind da kommerzielle Lizenzen und die seltsame Idee des Dual Licensing.\nDual Licensing ist, was Managerköpfe zum Platzen bringt: Da der Erzeuger eines urheberrechtlich geschützten Werkes dieses Werk selber nach Belieben lizenzieren kann, ist dieser Urheber nicht darauf beschränkt, das Werk nur unter einer einzigen Lizenz anzubieten. Man kann Software-Funktionsbibliotheken also unter der GPL anbieten, und für Leute, denen dies nicht gefällt, auch eine kommerzielle Lizenz zu verkaufen.\n\u0026ldquo;Ja, ist das nun frei oder nicht frei?\u0026rdquo;\nFür die Anbieter von Software, die selber GPL ist und welche die Bibliothek unter Dual Licensing einbinden wollen, ist alles klar. Die nehmen die Bibliothek unter der GPL und alles ist gut. Für Anbieter von Software, die kommerziell ist, ist auch alles klar. Die nehmen die Software entweder unter der kommerziellen Lizenz oder ein anderes, rein kommerzielles Produkt, weil ihnen das alles zu verwirrend ist.\nFür die Anbieter von DFSG-Software ist alles unklar. Wenn ich eine Software-Funktionsbibliothek in mein Programm einbinde, und die Bibliothek selber ist GPL, dann muss mein Programm auch GPL sein. GPL, nicht \u0026ldquo;freie Software nach DFSG\u0026rdquo;. Schlecht zum Beispiel für PHP, das inzwischen unter der Apache-Lizenz steht.\nIntern verwendet PHP die Zend-Engine, die unter der QPL lizenziert wird. Die QPL wiederum ist eine modifizierte MPL, falls man mir noch folgen kann. PHP bindet außerdem Dutzende von anderen Projekten und Programmbibliotheken selber ein, die unter den unterschiedlichsten Lizenzen stehen.\nWarum ist das für MySQL ein Problem? Mit MySQL 4.x hat MySQL, die Firma, das Tempo deutlich erhöht: Inzwischen sitzen jede Menge kommerzielle Entwickler für Geld daran, MySQL voranzubringen. Die Venture-Capital Investoren wollen für ihr Geld innerhalb der nächsten drei bis fünf Jahre Return sehen.\nMySQL muss also mehr kommerzielle MySQL-Lizenzen verkaufen. Das genau ist bei einem Produkt wie MySQL jedoch ein wenig schwierig: Der MySQL Server ist GPL. Man kann ihn also problemlos irgendwo hinstellen und in Betrieb nehmen, ohne daß man eine Lizenz kaufen müsste. Man kann, wenn man möchte, bei MySQL kommerziellen Support kaufen, guten Support sogar, für relativ kleines Geld. Dummerweise ist nur MySQL als Produkt viel zu gut, man kommt gut ohne Support hin. Dummerweise ist der MySQL-Server GPL, und liegt deswegen im Source vor. Falls man also genug technisches Wissen im Haus hat, kann man sich auch leicht selber supporten.\nDer MySQL Client war LGPL. LGPL ist eine GPL ohne Zähne: Man kann LGPL-Funktionsbibliotheken wie den MySQL Client in sein Programm einbauen, ohne daß dieses Programm dann GPL oder LGPL sein müsste - es kann nahezu jede beliebige Lizenz haben.\nHersteller von kommerzieller Software haben also Programme entwickelt, die die MySQL Client-Bibliotheken enthalten haben, ohne eine Lizenz zwingend zu brauchen. Benutzer dieser Software haben sich also einen MySQL Server hinstellen können, ohne für diesen eine Lizenz zwingend zu brauchen und die haben die kommerzielle Software einsetzen können, ohne eine Lizenz zwingend zu brauchen.\nDas hat funktioniert, solange MySQL, die Firma, ihr Wachstum aus den Support-Einnahmen und anderen Quellen selber finanziert haben. Aber mit VC in der Firma geht das nicht mehr.\nDer MySQL 4.x Client ist also GPL. Genaugenommen ist er Dual Licensed. Wenn man also eine GPL-Anwendung schreibt, kann man den MySQL 4.x Client benutzen. Wenn man eine Nicht-GPL-Anwendung schreibt, und das schließt alle DFSG-freien, GPL-inkompatiblen Lizenzen mit ein, braucht man eine kommerzielle Lizenz.\nSchmerzen Soweit so unklar.\nMySQL hat aber sich aus irgendeinem Grunde vorgenommen, an dieser Stelle einmal nicht auf ihre Kunden zu hören und die eigene Position mit den Kundenwünschen abzustimmen, sondern diese Änderung quasi im Alleingang durchzuziehen.\nMySQL hat dabei den mittleren Fall der DFSG-freien, GPL-inkompatiblen Anwendungen vollkommen übersehen.\nMySQL hat sich außerdem entschlossen, die GPL auf eine sehr seltsame Weise zu interpretieren:\nSterling Hughes geht hier ausführlich in englischer Sprache darauf ein. MySQL argumentiert, daß auch jede Reimplementation von deren Protokoll MySQLs geistiges Eigentum wäre, weil es sich um ein abgeleitetes Werk handelt. Also ganz genau die SCO Argumentation .\nMySQL ist außerdem jetzt schon seit mehr als einem Jahr damit beschäftigt, dieses Problem zu lösen.\nAuflösungserscheinungen Konsequenzen:\nDie MySQL Client-Bibliotheken liegen PHP nicht mehr bei. Das wird inzwischen nicht nur lizenzrechtlich, sondern auch technisch verargumentiert und wird deswegen auch dann so bleiben, wenn (sobald) PHP und MySQL sich einigen.\nPHP liegen stattdessen SQLite Bibliotheken bei. SQLite ist eine Art \u0026ldquo;Access ohne GUI\u0026rdquo;, also ein serverloses embedded SQL und daher performancetechnisch mit MySQL nicht zu vergleichen. Die SQLite-Entwickler haben in den letzten Wochen große Fortschritte gemacht, ihre SQL-Syntax kompatibel mit MySQL SQL-Erweiterungen zu machen. Dennoch: Eine richtige Alternative ist das nicht, eher ein Schritt zurück.\nMySQL hat gerade gestern mit einer speziellen Ausnahmeregelung versucht, das Problem der GPL-inkompatiblen freien Softwarelizenzen zu regeln. Leider mit einer statischen Liste statt mit einer Regel wie \u0026ldquo;Besorgt Euch eine DFSG-Evaluation und dann ist alles gut\u0026rdquo;.\nDer meiner Meinung nach unhaltbare Standpunkt, daß unabhängige Reimplementierungen des Protokolls auch abgeleitete Werke sind, wird von MySQL weiter aufrecht erhalten. Das lässt darauf schließen, daß MySQL auch lizenzrechtliche Bedenken gegen Middlewares wie SQLRelay hat.\nSQLRelay ist selber GPL. Als Middleware legt SQLRelay einen Connection Pool von z.B. MySQL Datenbankverbindungen an und spricht mit der MySQL-Datenbank. Das ist lizenztechnisch unproblematisch. Auf der anderen Seite exponiert SQLRelay eine eigene, von der MySQL-API verschiedene Programmierschnittstelle. Da SQLRelay nicht wie MySQL den Standpunkt vertritt, daß die GPL auch über TCP/IP \u0026ldquo;ansteckend\u0026rdquo; sei, kann also eine kommerzielle Anwendung ohne MySQL-Lizenz mit SQLRelay reden. Zak Greant von MySQL war gestern Abend im Chat zu diesem Thema nur der MySQL-Standardsatz zu entlocken: \u0026ldquo;If you use us with closed source software, we recommend using our commercial license.\u0026rdquo;\nPostgresql hat endlich (ich seh da jedes Jahr mal nach oder so) eine Website, die den Namen verdient, und da gibt es sogar so etwas ähnliches wie Dokumentation. Aktuelles Postgresql kann viele Dinge besser als MySQL 3.23 und 4.0, Replikation bleibt ein Problem. Postgresql ist unter der BSD Lizenz verfügbar und vollkommen problemlos mit allem möglichen integrierbar.\nFirebird soll ich mir auch dringend einmal ansehen, sagt man mir. Die Lizenz habe ich noch nicht gelesen.\nFazit Für mich persönlich nehme ich mehrere Erfahrungen mit:\nMySQL bemüht sich immerhin mit sehr ernsthaft die Situation in Bewegung zu halten und schließlich irgendwie zu lösen. Nach dem ich gestern abend im deutschen Irc eine Diskussion über den originalen Artikel auf Slashdot angezettelt habe, hatte ich binnen einer halben Stunde Zak Greant am Rohr und wir haben den ganzen Kram inklusive SQLRelay versucht einmal durchzudeklinieren. Auch wenn wir nicht in allen Punkten zu einem Abschluss gekommen sind, bleibt doch der Eindruck, daß MySQL sich bewegt.\nAnderseits bewegt sich MySQL unglaublich langsam - das alles war ja schon Thema auf dem Linuxtag 2003, wo sich die PHP- und MySQL-Spitzenleute getroffen haben und man die im Slashdot-Artikel vorgestellte Lösung inoffiziell bereits mehr oder weniger im Kasten hatte. In manchen Punkten bewegt sich MySQL gar nicht: Der Punkt mit der seltsamen GPL-Interpretation (\u0026ldquo;Ansteckung über TCP/IP\u0026rdquo;, \u0026ldquo;Reimplementierung des Protokolls\u0026rdquo;) bleibt offen, und SQLRelay bleibt fragwürdig.\nDie Hochzeit zwischen PHP und MySQL ist jedenfalls mit MySQL 4.x definitiv vorbei. MySQL braucht freundschaftlich, aber bestimmt Druck durch Alternativen und Postgresql und Firebird brauchen Propaganda. Wir wollen einmal sehen können, was wir da tun können.\nDual Licensing - ich bin mir noch nicht abschließend sicher, ob das Teil des Problemraums oder Teil des Lösungsraums ist. Bemerkenswerterweise (Beispiele sind MySQL und Qt) wird in solchen Fällen die GPL eher als Restriktion denn als Befreiung angesehen - unter anderem deswegen, weil alternative Projekte mit weniger restriktiven Lizenzen vorhanden sind.\nDie FSF und das GNU-Projekt sind seltsam still in dieser Sache: Während sie sonst immer schnell dabei sind, die Überlegenheit der GPL gegenüber der LGPL zu verargumentieren, wird die FSF allgemein eher dem Gnome (LGPL) denn dem KDE/Qt (GPL)-Lager zugerechnet. Seltsam auch, daß die Projekte mit kommerziellem Backing (KDE/Qt - Troll, MySQL Database - MySQL AB) genau die GPL verfechen, während die Projekte mit nicht kommerziellem Hintergrund (Gnome, Postgresql) weniger \u0026ldquo;pure\u0026rdquo; Lizenzmodelle (auf der RMS-Skala) vertreten.\nDer Standpunkt von RMS war ja sonst immer \u0026ldquo;Die LGPL ist nur ein Notbehelf und wird letztendlich verschwinden (müssen). Wir brauchen sie nur, bis GNU eine lauffähige eigene Betriebssystemplattform hat, damit wir uns mit existierenden kommerziellen Foundations integrieren können. Generell ist die GPL der LGPL jedoch dringend zu bevorzugen.\u0026rdquo; So ganz wirklich vertreten die diesen Standpunkt dann doch nicht, wenn es darauf ankommt.\n","date":"2004-03-14T00:00:00Z","href":"https://blog.koehntopp.info/2004/03/14/mysql-und-die-lizenzen.html","tags":["php","mysql","lang_de"],"title":"MySQL und die Lizenzen"},{"categories":null,"content":"Ich habe mich an anderer Stelle bereits über Blogs und ihre Technik aufgeregt. Hier eine etwas besser geordnete Präsentation meiner Gedanken zu diesem Thema:\nDie Grundidee, die hinter Blogs steckt, ist ja, ein Diskurs-System im Web zu haben. Durch die Einrichtung eines Blogs kann sich ein Autor ein Forum verschaffen, in dem er Texte von sich veröffentlicht. Diese Texte sind auf jeden Fall chronologisch sortiert und außerdem optional durch ein Kategoriensystem und durch eine Volltextsuche erschlossen.\nZu einem Diskurs-System wird das ganze dadurch, daß man einerseits Kommentare zu den Texten zulässt, andererseits die Bezugnahme auf die Texte ermöglicht. Bezugnahme erfolgt traditionell durch einen Trackback-Link auf einen Artikel: Jemand, der zu einem Artikel eine Gegenrede veröffentlicht, verlinkt den Originalartikel per Trackback-Ping und der Originalartikel bekommt so automatisch einen Link (mit Preview) auf die Gegenrede.\nSoweit die eigentlich hervorragende Idee. Leider ist die Implementierung mehr als bescheiden.\nDas Problem entsteht schon bei der Bezugnahme auf Artikel. Blogs verwenden für diese Bezugnahme in der Regel URLs, aber dieser Ansatz hat aus einer ganzen Reihe von Gründen Probleme. Ich muss ein wenig ausholen, um diesen Gedanken zu erläutern.\nObjekte und ihre Namen Etwas, auf das wir Bezug nehmen, nennen wir ein Objekt. Wir könnten auch Dingsda sagen, aber Objekt klingt cooler. Um auf ein Objekt Bezug nehmen zu können, müssen wir es benennen oder identifizieren können. Wir geben dem Objekt also eine Bezeichnung und verwenden die Bezeichnung als Stellvertreter für das Objekt.\nIm mathematischen Sinne haben wir eine Menge von Objekten und eine zweite Menge von Namen (IDs) und wir haben eine Bijektion zwischen den beiden Mengen - wir ordnen also jedem Objekt genau einen Namen zu. Wenn wir jetzt entscheiden wollen, ob zwei Objekte gleich ist, genügt es, die IDs der Objekte zu vergleichen.\nOkay, klingt uncool. Wo ist der Trick?\nMan stelle sich die Menge der Objekte als einen Newsspool von Artikeln auf einem News-Server vor - friedolin hat davon einige Terabyte. Wenn wir einen neuen Artikel bekommen, müßten wir feststellen, ob wir diesen Artikel schon haben, bevor wir ihn einsortieren, denn sonst haben wir Duplikate. Ohne IDs können wir diese Feststellung nur treffen, indem wir den Artikel gegen jeden Artikel vergleichen, den wir schon haben. Wir müßten also für jeden neuen Artikel einige Terabyte Newsspool durchsuchen und können den Artikel akzeptieren, wenn man Ende der Suche ein negatives Ergebnis kommt.\nStattdessen unterhalten wir eine Liste der IDs der Artikel - die History. Wenn wir einen neuen Artikel bekommen, nehmen wir die ID des Artikels und schlagen diese ID in der History nach. Nur wenn die ID noch nicht in der History ist, akzeptieren wir den Artikel. Die History ist wesentlich kleiner als der Newsspool selber, und daher schneller zu durchsuchen. Wenn wir die History als Hash organisieren, können wir sie außerdem mit konstantem Aufwand durchsuchen - der Lookup ist also immer gleich schnell, egal wie viele Terabyte Spool wir haben. Wir können auch sehr schnell den Speicherort eines Artikels bestimmen, wenn wir die ID des Artikels kennen.\nIDs erlauben uns generell, Entscheidungen zu treffen, ob ein Objekt bereits vorhanden ist oder nicht. Wir können auf diese Weise zwei Objektpools synchronisieren, ohne mehr Daten übertragen zu müssen als notwendig. Sind unsere Objekte zum Beispiel die Datenbankeinträge eines Palm Pilot, dann kann auf der Grundlage der IDs festgestellt werden, welche Objekte auf dem jeweils anderen Ende der Synchronisation neu oder geändert sind und der Inhalt des Palm Pilot kann mit dem Inhalt des PCs abgeglichen werden.\nEigenschaften von Namen Wenn man sich IDs für Objekte überlegt, dann muss man sich über einige Dinge Gedanken machen. IDs haben einen Scope, also eine Grundmenge oder Welt, innerhalb derer sie gelten und Objekte eindeutig bezeichnen.\nDie Verkleinerung eines Scopes ist in der Regel kein Problem: Wenn \u0026ldquo;kris\u0026rdquo; ein eindeutiger Username innerhalb einer Firma ist, dann ist \u0026ldquo;kris\u0026rdquo; auch innerhalb einer Abteilung dieser Firma noch eindeutig.\nDie Vergrößerung eines Scopes ist ein Problem, denn es kann andere Benutzer in anderen Firmen geben, die auch den Usernamen \u0026ldquo;kris\u0026rdquo; haben, aber nicht mit diesem \u0026ldquo;kris\u0026rdquo; identisch sind.\nEine übliche Methode, dieses Problem zu lösen besteht darin, dem Scope selber einen Namen zu geben und ihn an die ID mit anzuhängen. Wir reden also nicht mehr von \u0026ldquo;kris\u0026rdquo;, sondern hängen den Namen der Firma mit an. Macht man das mehrfach, bekommt man einen Rattenschwanz an immer größer werdenden Scope-IDs, einen Pfad. \u0026ldquo;kris\u0026rdquo; in \u0026ldquo;Durlach\u0026rdquo;, \u0026ldquo;Bawü\u0026rdquo;, \u0026ldquo;Deutschland\u0026rdquo;, \u0026ldquo;Europa\u0026rdquo;, \u0026ldquo;Erde\u0026rdquo;, \u0026ldquo;Orion Spiralarm\u0026rdquo;, \u0026ldquo;Milchstraße\u0026rdquo;, \u0026ldquo;lokaler Cluster\u0026rdquo; bläst einen kleinen Scope immer weiter auf und erzeugt rückwärts einen Suchpfad, der den Speicherort von \u0026ldquo;kris\u0026rdquo; angibt.\nDas ist auch das Prinzip, auf dem zum Beispiel LDAP aufbaut. Objekte in LDAP werden identifiziert durch ihren DN (distinguished name) und der DN ist der Pfad durch den LDAP-Baum, der zu diesem Objekt führt - \u0026ldquo;c=de, o=firma, ou=IT, cn=Kristian Köhntopp\u0026rdquo;.\nUnd hier sieht man gleich zweimal, warum solche IDs problematisch sind - sie sind gescoped, enthalten also Lokalisierungsinformation, und sie sind nicht opak, enthalten also Objektinformation. Der Teil des DN \u0026ldquo;c=de, o=firma, ou=IT\u0026rdquo; ist eine Pfadkomponente, also Scope. Wechselt der Benutzer die Abteilung, ändert sich eine Pfadkomponente (hier: ou) und damit ändert sich der DN. Alle Stellen, an denen der DN verwendet wird, um das Objekt zu bezeichnen, müssen mit geändert werden. Das ist ein gängiges Problem in LDAP, und viele meiner ehemaligen Kollegen haben es verfluchen gelernt. Ich habe diesem und verwandten Schwierigkeiten einen eigenen Vortrag auf der NetUSE Hausmesse 2002 gewidmet.\nGenauer: Im Datenbanksinn ändern wir einen Primary Key und müssen alle Foreign Keys die diesen PK bezeigen mit updaten. \u0026ldquo;Saublöde Idee\u0026rdquo; ist das, was ein Datenbanker dazu sagen würde. Wir können Kristian auch heiraten lassen, so daß sich sein Name, also der cn ändert. Da Objektinformation Bestandteil des DN ist, ändert sich der DN, wenn sich das Objekt verändert - und wieder verbasteln wir einen PK. Auch das ist ein typisches LDAP-Problem mit seinen nicht-opaken IDs.\nEine ID sollte also möglichst opak sein, und sie sollte möglichst so beschaffen sein, daß Objekte während ihrer Lebensdauer niemals ihren Scope wechseln.\nWeitere Beispiel für solche Nicht-IDs sind Xlink/Xpointer/Xpath-Ausdrücke, also alles, was die Form hat wie \u0026ldquo;der dritte DIV nach dem zweiten H2 in dem Dokument mit der URL \u0026hellip;.\u0026rdquo;. Man kann sich leicht überlegen, daß solche Bezeichner abhängig sind vom Layout eines Dokumentes, von der Sortierung der Items auf der Seite und von vielerlei anderen Unwägbarkeiten und daher sehr instabil sind. Systeme, die auf solchen IDs aufbauen, um Daten wiederzufinden oder zu vergleichen, sind im Kern kaputt.\nIn XML kann man, so man seine DTD richtig herum zusammensetzt, jedes Element mit einem ID-wertigen Attribut mit dem Namen \u0026ldquo;id=\u0026rdquo; ausstatten und so jedem Element einen eindeutigen Bezeichner mitgeben. Solche IDs haben Document Scope, müssen also zusätzlich mit der URL des Dokumentes gescoped werden, damit sie weltweit (Na ja, DNS-weit, das ist etwas anderes) eindeutig werden.\nURLs selber bezeichnen aber Speicherorte, enthalten also mit dem Servernamen und dem Pfadnamen in der URL wiederum eine lange Folge von Scope-IDs. Will man das vermeiden, braucht man Lookup-Services, sie stabile Identifier in Speicherorte umwandelt - http://purl.org , http://home.pages.de , http://makeashorterlink.com , http://tinyurl.com sind nur ein paar Dienste, die solche Lookups mit unterschiedlichen Zielsetzungen und Lebensdauern durchführen.\nDas ist zugleich eine weitere wichtige Eigenschaft von IDs: Ihre Lebensdauer. Wie lange besteht die ID eines Objektes fort? Damit sie als ID funktionieren kann, muss sie mindestens die Lebensdauer des Objektes selber haben, so viel ist schon mal klar.\nIst es sinnvoll, daß die ID eines Objektes länger besteht als das Objekt selber? Ja, das kann sinnvoll sein. News-Server zum Beispiel heben die IDs von Nachrichten noch auf, nachdem sie die Nachricht bereits weggeworfen haben. Auf diese Weise können sie Artikelschleifen immer noch verhindern, auch wenn der eigentliche Artikel bereits gelöscht worden ist.\nLanglebige IDs erlauben es auch, Objekte zu versionieren. Dazu kann ich entweder die ID eines Objektes als Scope nehmen und die Versionsnummer als ID in diesem Scope auffassen (\u0026ldquo;kernel-2.4-3.rpm, kernel-2.4-4.rpm\u0026rdquo;, die IDs sind hier 3 und 4, und der Scope ist \u0026ldquo;kernel-2.4\u0026rdquo;) oder ich kann für jede Version eines Objektes eine neue ID vergeben und die Versionshistorie an jeder neuen Version abspeichern (\u0026ldquo;RFC 2822, obsoletes: RFC 822\u0026rdquo;, hier werden neue RFC-Nummern für jede Überarbeitung eines RFC-Objektes vergeben und es wird aufgezählt, welches RFC-Objekt durch den neuen RFC ersetzt wird).\nURLs sind keine IDs Wenn man jetzt ein Diskurs-System entwickeln möchte, dann muss man sich unbedingt darüber klar sein, was die Objekte sind, mit denen man arbeitet und welche Namen man für diese Objekte wählt.\nDer erste Schritt ist, daß man sich klar darüber wird, was die Objekte sind, mit denen man hier zu tun hat. Diese Objekte sind nicht Webseiten, auch wenn viele Blogger dies vielleicht glauben mögen. Die Objekte, um die es geht, sind Beiträge. Beiträge können Artikel sein, die ich geschrieben habe, oder Kommentare zu solchen Artikeln oder Kommentare zu Kommentaren. Beiträge können auch Artikel oder Kommentare auf anderen Sites sein.\nHaarspalterei? Nein.\nBlogs bezeichnen derzeit Artikel mit URLs. Aber eine URL wie die von diesem Artikel bezeichnet genau nicht meinen Artikel \u0026ldquo;Wir sind so geil, wir können XML\u0026rdquo;, sondern eine Webseite, auf der sich neben meinem Artikel auch mehr als ein Dutzend weitere Beiträge befinden, auf der ein Haufen Navigation herumfliegt, die mit dem Artikel nichts zu tun hat und auf der sich wechselnder Content befindet, der mit dem Artikel absolut gar nichts zu tun hat - ein Buchtipp, eine Werbung für T-Shirts, Kommentare zu anderen Artikeln und so weiter.\nAuch an andere Stelle begegnen wir diesem Missverständnis: http://www.debian.org bezeichnet zum Beispiel die Startseite des Debian-Projekts. Nur - je nachdem, welche Sprachpräferenz man in seinem Browser konfiguriert hat, erscheint unter dieser URL komplett anderer Text. Die URL ist gleich, aber je nach Content-Negotiation kommen vollkommen verschiedene Inhalte mit vollkommen verschiedenen MD5-Prüfsummen. Nicht die URL bezeichnet die Seite, sondern erst die Kombination von URL und Sprachpräferenz tut dies.\nGenauso: http://www.heise.de/newsticker bezeichnet die Newsticker-Seite von Heise. Nur - je nachdem, wann man diese Seite abruft, erscheinen unter dieser URL vollkommen andere Inhalte. Erst die Kombination von URL und Zeitangabe liefert eine bestimmte Seite. Zugleich: Auf dieser Seite befindet sich nicht ein Artikel-Objekt, sondern die Seite enthält eine lange Sequenz von Artikel-Objekten. Mit diesem Problem haben zum Beispiel Ratingsysteme zu kämpfen - welches Rating hat zum Beispiel http://www.cnn.com ? Und ist das davon abhängig, ob einer der dort angezeigten Artikel die nackte Brust von Janet Jackson zeigt? Mein Artikel http://koehntopp.de/kris/artikel/rating_does_not_work/ von 1999 dekliniert diesen Gedanken durch.\nMan muss sich also klar darüber werden, daß man bei Blogs eigentlich mit Beiträgen - also Artikeln und Kommentaren - hantiert, und daß RSS-Feeds und Webseiten mit Blogs nur die Repräsentation von Beiträgen sind. Eigentlich will man aber beim Datentausch über Beiträge reden, und nicht über ihre Repräsentation.\nWeil Blogs das in der Regel nicht tun, sind zum Beispiel Kommentare Objekte zweiter Klasse. Sie sind oft nicht referenzierbar und stehen oft nicht im RSS Feed des Blogs zur Verfügung. Wenn doch, dann auf jeden Fall in einem anderen Feed. Blogs tracken in der Regel auch nicht die Versionen von Beiträgen - wenn Artikel oder Kommentare überarbeitet werden, ändert sich die URL nicht und es ist unklar, ob das Trackback sich auf den aktuellen Artikel bezieht oder eine frühere Version davon.\nVergleiche dies mit NNTP: NNTP kennt keine Unterscheidung von Beiträgen in Artikel und Kommentare. NNTP vergibt ortsunabhängige IDs so gut dies möglich ist - Message-IDs sind mit dem Hostnamen des sendenden Rechners gescoped, aber die Message-ID eines Artikels ist kein Storage-Pfad. Stattdessen bietet der Dienst News intern einen Lookup-Dienst an, der eine Message-ID in einen Storage-Pfad umwandelt. Jeder News-Server hat einen solchen Lookup-Dienst und jeder News-Server liefert für dieselbe ID unterschiedliche Pfade (nämlich für seine Kopie des Artikels auf seiner Platte). NNTP kann also damit leben, daß es mehr als eine Instanz eines Objektes gibt, das macht NNTP sicher gegen Ausfälle und skaliert NNTP bis in planetenumspannende Dimensionen - NNTP kann nicht geslashdotted werden.\nVersionierungen werden von NNTP korrekt getracked: Wird ein Artikel überarbeitet, wird eine neue ID vergeben und die ersetzte alte ID in einer Headerzeile \u0026ldquo;Supersedes\u0026rdquo; korrekt referenziert. Der neue Artikel kann an Stelle des alten Artikels einsortiert werden, aber zugleich ist klar erkennbar, daß die Kommentare sich auf die alte Version des Artikels beziehen und nicht auf die neue, überarbeitete Version.\nDas System der Blogs ist verglichen damit fundamental verquast: Es ist nicht klar, auf was sich eine URL-ID bezieht. Insbesondere sind Kommentare Beiträge zweiter Klasse, da sie so gut wie gar nicht referenzierbar sind. Die URL-ID eines Beitrags enthält Ortsinformation - verlegt man das Blog, brechen die Verweise zusammen. Blogs können nicht skalieren, denn da die URL-ID eines Beitrags Ortsinformation enthält, kommen Blogs nicht damit zurecht, wenn mehr als eine Instanz eines Beitrages existiert. Ein Verteilsystem für Inhalte ist nur schwer realisierbar, da Teile der zu verteilenden Inhalte keine Namen haben und da nicht klar ist, auf welche Inhalte sich ein Name nun genau bezieht - sind Kommentare mitgemeint? Auf Webseiten ja, aber in RSS nein. Da die IDs in Blogs nicht versioniert sind, ist auch der Diskurs unklar: Auf welche Version eines Beitrages bezieht sich ein Autor, der mich backlinked.\nEines jedoch ist klar: Damit Blogs als Diskurs-System funktionieren, ist noch jede Menge Arbeit notwendig. Derzeit sind elementare Voraussetzungen für den Einsatz von erprobten technischen Lösungen noch nicht einsetzbar, weil wir die Dinge, mit denen wir arbeiten, noch nicht einmal benennen können.\nBlogs müssen als erster Verbesserungsschritt Content-Layer und Presentation-Layer voneinander trennen - Beiträge selber und die Darstellung von Beiträgen als HTML oder als RSS müssen konzeptuell voneinander getrennt werden und Bezeichner müssen sich auf Objekte der Content-Layer, nicht der Presentation beziehen.\nAußerdem müssen Blogs sich für Content-Objekte IDs zulegen, die diesen Namen auch verdienen. Also Bezeichner, die opak sind und keine Ortsinformation enthalten, damit sie nur verwendet werden, die Identität eines Artikels zu bestimmen, aber nicht, um den Artikel aufzufinden.\nDann erst kann man sich über Syndication, Push oder Pull und dergleichen mehr Gedanken machen. Dann erst kann man sich überlegen, ob und wie sich das alles skaliert. Dann erst kann man sich überlegen, wie man das alles mit Readern automatisiert. Und dann erst kann man sich überlegen, wie weit man Diskurs formalisieren möchte.\n","date":"2004-02-18T00:00:00Z","href":"https://blog.koehntopp.info/2004/02/18/urls-sind-keine-ids.html","tags":["blog","lang_de"],"title":"URLs sind keine IDs"},{"categories":null,"content":"Rumo ist ein kleiner Wolpertingerwelpe, der auf einem idyllischen Fhernhachenbauernhof auf Walter Moers Kontinent Zamonien aufwächst. Und wer immer noch geglaubt hat, daß Walter Moers\u0026rsquo; Bücher Kinderbücher seien, der wird schon auf den ersten paar Seiten eines Besseren belehrt.\nRumo wird, wie die Fernhachenbauern und alle anderen Lebewesen auf dem Bauernhof, von den bösen Teufelszyklopen verschleppt, die ihre Opfer lebendig verspeisen. Und während um ihn herum einer seiner Freunde nach dem Anderen von den Zyklopen gefressen werden, wächst Rumo zu so einer Art zamonischem Bruce Lee heran - wortkarg, blitzschnell im Kampf, und sich einmal blutig durch die Fauna und Flora Zamoniens prügelnd.\nDanach wird die Geschichte grausam.\nRumo, der inzwischen in Wolperting, der Heimatstadt aller Wolpertinger ein Zuhause gefunden hat, und gerade anfängt, sich ein Leben aufzubauen, kehrt zurück, um die Stadt von allen Lebewesen verlassen vorzufinden. Seine Freundin, seine Freunde und alle anderen, die er kennt, sind von dem wahnsinnigen Herrscher von Hel in die Untenwelt verschleppt worden.\nWährend sich Rumo auf den Weg in das dunkelste und tiefste Kellergeschoss von Zamonien erprügelt, unterstreicht Moers die Dringlichkeit einer Rettung, indem er das Schicksal der Freunde von Rumo im Detail schildert\u0026hellip;\nDieses Buch erzählt von der dunklen Seite Zamoniens. Es ist die dunkle Seite, die aus der disneyfizierten Fassung zeitgenössischer grimmscher Märchenbücher klinisch sauber herauseditiert ist - keine Menschen backende Hexen, kinderfressenden Wölfe und glühende, dornenbestückte Schuhe mehr für heutige Kinder? Es ist die dunkle Seite des Märchens, die die Märchenerzähler zuletzt in Ottfried Preußlers \u0026quot; Krabat \u0026quot; besucht haben.\nNachdem Moers in \u0026ldquo;Ensel und Krete\u0026rdquo; schon gezeigt hat, daß er aus Grimms Märchen direkt in einen LSD-Albtraumrausch abbiegen kann, stattet er in \u0026ldquo;Rumo\u0026rdquo; dieser älteren, finstereren Seite des Märchens einen ausgiebigen Besuch ab - eine Welt, in der Bären keine farbigen Plüschpelze haben, sondern Zähne.\nWenn man das weiß, und \u0026ldquo;Rumo\u0026rdquo; nicht für \u0026ldquo;Die zweiten 13/2 Leben des Käpt\u0026rsquo;n Blaubär\u0026rdquo; hält, ist es ein tolles Buch.\n","date":"2004-02-15T00:00:00Z","href":"https://blog.koehntopp.info/2004/02/15/fertig-gelesen-rumo-oder-die-wunder-im-dunkeln.html","tags":["book","media","review","lang_de"],"title":"Fertig gelesen: Rumo oder Die Wunder im Dunkeln"},{"categories":null,"content":"Wir sind so geil, wir sprechen XML . Nicht irgendein XML, nein, sogar RSS.\nNicht, daß mich jemand falsch versteht: Ich liebe S9Y und ich respektiere Garvins Arbeit. Es ist nur einer dieser Tage, an denen ich glaube, daß ich mich an den Kopf fassen muß.\nDa sitzt ein Haufen Leute aufeinander und schwallt sich mit \u0026ldquo;Blogriffen\u0026rdquo; und Wortblödungen zu, daß nicht nur mir ganz blümerant im Schädel wird. Oder wundert sich öffentlich , warum nicht mehr Leute bloggen.\nAber es ist nicht nur der Technobabble-Dummlall, der in der Szene rumschwappt, der dies alles schwierig macht. Es ist nicht nur die verwirrende Vielfalt von nicht richtig durchdachten und nicht richtig interoperablen Formaten mit Versionsnummern, die sich nur in Hundersteln unterscheiden , aber alle mit 0 anfangen. Es ist auch nicht, daß diese Formate weder richtig spezifiziert sind, noch die Inhalte in diesen sogenannten Formaten in den meisten Fällen richtig validiert sind.\nEs ist auch noch so, daß sich diese ganze Technik wie Dreck skaliert. Da habe ich nun also einen dieser megageilen RSS-Aggregatoren, die nur unter Windows zu kriegen sind und kann endlich 378 Blogs auf einmal lesen, ohne dabei sterben zu müssen (Manche Nisis behaupten das ginge). Und dann pollt sich mein Feedreader bei 378 Sites tot, die alle sowieso nur alle Jubeljahre eine Änderung haben?\n\u0026ldquo;Nein\u0026rdquo;, höre ich da die Blog-Apologeten rufen, \u0026ldquo;das brauchst Du nicht, denn wir pingen ja einen von fünf Millionen Blogroll-Aggregator-Services, wenn es was neues gibt.\u0026rdquo; Richtig, S9Y macht das sogar mit allen fünf Millionen gleichzeitig, wenn man will (Ok, es ist derzeit eine noch gerade mal einstellige Zahl). \u0026ldquo;Hier!\u0026rdquo;, brüllt mein Blog, \u0026ldquo;Mein Meister hat was neues geschrieben.\u0026rdquo;\nNur, wenn ich den Code in S9Y richtig gelesen habe, macht es genau dies - kein Stück mehr Informationsgehalt. Es wird der tatsächliche Content meines Eintrages nicht an den gepingten Service geposted. Dann kann er auch nicht von dort runtergeladen werden, sondern muß direkt von meinem Blog geholt werden.\nEs wird nicht mal eine eindeutige ID generiert, oder die URL des neuen Eintrages abgeliefert, nur die Base-URL des Blogs und ggf. die Base-URL des RSS-Feeds. Also kann sich ein Client vom Pingservice nicht einmal eine Liste der Einträge, die neu sind, runterladen, sondern muß sich das einzeln von den Blogs geben lassen. Wieviel schlauer wäre es, den Content gezippt im Batch direkt vom Pingservice zu ziehen?\nGarvin schreibt jetzt in seinem Artikel, daß man auch den RSS-Feed eines Blogs normal nicht nach \u0026ldquo;alle Artikel seit dem x.y.2004\u0026rdquo; fragen kann, oder alle Artikel seitdem URL z veröffentlicht wurde\u0026quot;. Man kann auch nicht sagen \u0026ldquo;Ich hab schon r, s, t, x, y, z\u0026rdquo; und das Blog antwortet \u0026ldquo;Dann fehlen Dir u, v und w\u0026rdquo;. Jeder NNTP-Server kann das, schon seit den 80ern.\nJe mehr ich über die sogenannte Blogosphere lerne, desto weniger beeindruckt bin ich. Wenn Ihr schon USENET in bunt neu erfindet, dann denkt doch bitte vorher 15 Sekunden nach, wie ihr Eure Formate spezifiziert, wie sie sich skalieren und wie man sie validiert - nichts von dem habt Ihr gemacht. Selbst ZCONNECT hat mehr Hirnschmalz in seine Strukturen investiert als dieser Haufen mausschubsender Scriptkiddies, die das definieren, was Konferenzen wie Davos bis zur Unbrauchbarkeit für sinnvolle Themen dominiert.\nSo aber kann ich Euch nur ein fröhliches FdI #67 an den Kopf werfen. Ihr suckt. Kapital.\nnews:blog.de.koehntopp.kris jetzt!\n","date":"2004-02-12T00:00:00Z","href":"https://blog.koehntopp.info/2004/02/12/wir-sind-so-geil.html","tags":["blog","usenet","lang_de"],"title":"Wir sind so geil, ..."},{"categories":null,"content":"","date":"2004-02-08T00:00:00Z","href":"https://blog.koehntopp.info/2004/02/08/cooties.html","tags":null,"title":""},{"categories":null,"content":"Vor einigen Jahren hielt ich einen Vortrag bei NetUSE über Bäume in SQL basierend auf einer Idee von Joe Celko. Das ist der eine Vortrag, über den ich wohl am meisten Post bekomme.\nDas Thema oder Problem kommt auch sonst sehr oft auf das Tapet - Baumstrukturen kommen an vielen Stellen immer wieder vor, und das relationale Modell bzw. seine gängige Implementierung in SQL unterstützen solche Dinge nicht besonders gut. Zeit, sich einmal systematischer Gedanken zu machen.\nMir sind drei Methoden bekannt, mit denen man Bäume in SQL modellieren kann. Die direkte Methode besteht aus einer Fremdschlüssel-Spalte parent_id, die auf den Vorgängerknoten in einem Baum zeigt. Wir nennen so etwas Zeigerbäume.\nCREATE TABLE zbaum ( id int not null primary key, parent_id int not null index, data_id int not null index ); Diese Methode ist zwar einfach, hat aber eine ganze Menge Nachteile, wenn man über mehr als eine Ebene arbeiten muß.\nWenn man also einen Pfad zur Wurzel benötigt oder die Tiefe eines Knotens bestimmen will, bei gegebener ID des Knotens. Hilfreich sind hier Bäume, in denen der Pfad von der Wurzel des Knotens abgespeichert ist.\nWir nennen dies Pfadbäume:\nCREATE TABLE pbaum ( id int not null primary key, pfad char(250) not null index, data_id int not null index ); Der Pfad ist jetzt die Folge von Ids, die im Baum zum aktuellen Knoten hin führt, manchmal mit einem Trennzeichen. Wichtig ist, daß man den Pfad aus IDs oder Schlüsselkandidaten (UNIQUE Items) aufbaut, wenn man auch mit einzelnen Pfadelementen Dinge tun will. Man kann auch sagen, daß die Pfadelemente nicht eindeutig sind, dann ist aber immer nur ein Komplettpfad eindeutig. Die Kombination VorgängerID/aktuelle ID ist es jedenfalls nicht - ein Fehler, den ich schon in mehr als einer Implementierung gesehen habe.\nDamit man nach dem Pfad sortieren kann, ist es nützlich, wenn die Pfadelemente alle die gleiche Breite haben. Für ein Element mit der ID 9 kann der Pfad dann also so aussehen: 001/004/009 (Die Wurzel ist ID 1, daran hängt ID 4, und das Blatt mit der ID 9). Leider setzt dies der Anzahl der Elemente im Baum und der Anzahl der Elemente pro Ebene Grenzen.\nDie in meinem Foliensatz beschriebenen Mengenbäume haben dieses Problem nicht und haben auch sonst einige sehr schöne Eigenschaften. Sie sind aber extrem Update-Intensiv beim Einfügen und Löschen von Knoten.\nGestern hatte ich eine Diskussion mit einem Kollegen, der eine Tabelle mit Performance-Meßpunkten für den Online-Betrieb verwaltet. Diese Tabelle ist ebenfalls baumartig strukturiert, und intern als Zeigerbaum realisiert. Dieser Ansatz kommt jedoch an seine Grenzen - sein Baum ist etwa acht Ebenen tief und enthält etwa ungefähr 10^5 Elemente in 10^4 Knoten.\nEine Query durch einen Zeigerbaum zur Generierung einer Navigationsansicht kann da auch auf einem Rechner mit 2 CPUs, 2 GHz und 2GB-Oracle schon mal zwei Minuten dauern. Jedenfalls ist das dringend optimierungswürdig.\nOptimierung bedeutet hier aber, daß die existierende Anwendung möglichst wenig verändert werden darf.\n\u0026ldquo;Mach das Performanceproblem weg, aber bau den Laden nicht um.\u0026rdquo;\nWir haben also auf dem Problem ein wenig herumgehirnt, und wollen jetzt einmal ausprobieren, ob es was bringt, eine Modifikation einzuführen, die den Zeigerbaum on demand rekursiv in einen Pfadbaum überführt. Das bedeutet, es wird eine Spalte Pfad eingefügt (die kann auch in einer Extratabelle stehen, sodass die bestehende Tabelle für den Test nicht verändert werden muß).\nDann wird die existierende Stored Procedure für den Tree Walk geändert, und zwar so, daß sie normal zur Wurzel läuft, und so die Koordinaten des Knotens im Baum bestimmt. Dabei guckt sie aber für jeden Schritt, ob der aktuelle Knoten schon einen Pfad enthält. Wenn ja, nimmt sie diesen vorberechneten Pfad und stoppt den Walk, um den Pfad des untergeordneten Knoden als \u0026ldquo;Pfad des Parents plus Trenner plus ID\u0026rdquo; abzuspeichern. Auf diese Weise müßte sich die Pfadspalte sukzessive mit gecachten Pfadergebnissen füllen und die Tree Walk-Funktion im Laufe der Zeit immer schneller werden.\nDie eigentliche Baumstruktur wird also immer noch wie in Zeigerbäumen gespeichert, aber die Rechenergebnisse des Walks durch den Zeigerbaum werden in Pfadbaumformat gecached. Wegen der Verwendung von Stored Procedures für den Walk müßte diese Änderung transparent für den benutzenden Code sein.\n","date":"2004-02-05T00:00:00Z","href":"https://blog.koehntopp.info/2004/02/05/baeume-in-sql.html","tags":["computer","lang_de"],"title":"Bäume in SQL"},{"categories":null,"content":"Die fließende Königin ist die Beschützerin von Venedig. Nur sie allein hat mit ihrer Magie die Mumien-Truppen des Pharao über 30 Jahre zurückhalten können.\nMerle ist Schülerin bei Venedigs berühmtesten und berüchtigtsten Spiegelmacher, Arcimboldo. Sie und ihre Mitlehrlinge liegen im Streit mit den Lehrlingen des gegenüberliegenden Hauses. Doch während sie sich im kleinen streitet, wird hinter den Kulissen der Stadt ein wesentlich größerer Kampf ausgetragen.\nMerle belauscht ein Gespräch und gerät in dem Versuch, die fließende Königin zu retten schon bald in den Strudel aus Intrigen und Magie. Sie lernt das Volk der Meerjungfrauen kennen und muss auf den Schwingen eines steinernen Löwen reitend aus der Stadt fliehen, während die Sonnenbarken des Pharao sie verfolgen.\nDie fließende Königin ist ein Kinderbuch von Kai Meyer, aber mir erscheint es in vielerlei Hinsicht besser geschrieben und spannender als seine Erwachsenenbücher. Kai Meyer zeichnet ein alternatives zwanzigstes Jahrhundert in einer Welt voller Magie, doch sieht diese Welt aus der Sicht eines Kindes, das seine ersten Schritte in der Welt der Erwachsenen macht. Was auf den ersten Blick aussieht wie \u0026ldquo;nicht ganz unsere Welt\u0026rdquo;, als Merle ihre Geburtsstadt verlassen muss zu einem Ritt in eine Welt wie sie fremder nicht sein könnte: Eine Welt, in der die Hölle ein Ort im Inneren der Erde ist, die Baba Yaga Russland beherrscht und die Truppen des wiederauferstandenen Pharao, Herrscher der Supermacht Ägypten, die Welt erobern.\nDas erste Buch einer Trilogie und außerdem zwei Bücher in einem: Ein spannender Roman mit jeder Menge Sense-of-Wonder und für so einen Erzählspieler wie mich außerdem noch ein brauchbares Sourcebook für ein Ad-Hoc Fantasy-Szenario auf einem Con oder einer Spielsession zwischendurch.\n","date":"2004-01-31T00:00:00Z","href":"https://blog.koehntopp.info/2004/01/31/fertig-gelesen-die-fliessende-koenigin.html","tags":["book","media","review","lang_de"],"title":"Fertig gelesen: Die fließende Königin"},{"categories":null,"content":"Auf debate tobt mal wieder eine dieser Urheberrechtsdiskussionen, ausgelöst durch einen Trollversuch von Thomas Riedel. Diese Diskussion und alle ihre möglichen Subthreads und Verläufe haben wir auf debate und anderswo ja schon oft genug gesehen.\nBewundernswert dabei Menschen wie Hartmut Pilch , die die Hoffnung noch immer nicht aufgegeben haben und glauben, man könne noch vermitteln zwischen einer Industrie, die ihre Kunden verklagt und besagten Kunden.\nIch sehe das etwas düsterer.\nDie Musikindustrie (was für ein Oxymoron!) befindet sich in meinen Augen in exakt derselben Situation wie SCO, und genau wie SCO kämpft sie um ihr Überleben. Sie hat nur mehr Mittel zur Verfügung und ist lobbymäßig besser aufgestellt. Anders als SCO müsste sie außerdem nicht in dieser Situation sein - 1998 hatte die Musikindustrie eine ausgezeichnete Ausgangsposition.\nAber genau wie SCO ist auch die Musikindustrie mit Gewalt dumm. Außerdem haben ihre Angehörigen Angst. Das macht sie gefährlich. Viel gefährlicher als SCO.\nIch antwortete Hartmut auf der Liste:\nWenn ich RIAA wäre, würde ich solche Systeme als Alternative aufbauen und damit die bestehenden Systeme von 2 Seiten angreifen (Konkurrenz + gesetzliche Auflagen).\nTun die so etwas vielleicht schon?\nNein. Das ist ja das Problem.\nBauen wir die aktuelle Situation aus Kundensicht doch einmal schrittweise auseinander:\nDie sogenannten legalen Anbieter setzen derzeit auf \u0026ldquo;legale Downloads\u0026rdquo; aus ihren proprietären Downloadplattformen. Diese haben alle Formate mit Digital Restriction Management, sind also mit Open Source nicht kompatibel und somit meist nur auf Windows abspielbar. Tatsächlich sind eine ganze Menge Shops gleich so gestaltet, daß sie nur mit Windows und dort nur mit der Sicherheitslücke MSIE benutzbar sind.\nIch persönlich kann dort schon gar nicht Kunde werden. Ich habe seit Ende 1992 kein Windows mehr im Einsatz.\nDie meisten dieser Download-Plattformen sind außerdem für Europäer gar nicht nutzbar. Hier hat sich die Lobby in ihrem Rechtemanagementwahn komplett in eine Ecke gemalt und bekommt neben der Technik auch die Juristerei nicht auf die Reihe. Angeblich gibt es derzeit 25 Download-Plattformen für Europäer. Macht doch mal eine Liste - welche kennt ihr? Welche dieser Plattformen habt ihr in der Werbung gesehen? Oder in Zeitungsartikeln? Und wieviele Artikel über Kazaa, Bittorrent oder den Esel habt ihr in den letzten 7 Tagen gesehen, an die Ihr Euch erinnern könnt?\nDas heißt, der ganze legendäre legale Contentreichtum steht derzeit im Grunde nur US-Bürgern zur Verfügung. Wo er Europäern zur Verfügung steht, wird er nicht aktiv beworben. Auch der vorgerippte Content, der als Entschädigung für die CDDA-Standardverletzung auf vielen CDs mitgeliefert wird, ist in der Regel mit einem Restriction Management System festgekettet. In Folge ist er nur mit dem auf der CD mitgelieferten Player abspielbar. Als Kunde muß ich mir also eine Sammlung von inkompatiblen Softwareplayern installieren (so ich ein Betriebssystem habe, auf dem diese laufen), um diesen Content nutzen zu können. Das ist nicht nur eine logistische Aufgabe, sie wird auch laufend schwieriger - oder meinst Du, daß alle diese Player auf Windows 2006 noch laufen werden? Was ist dann mit dem Content?\nDas heißt, bei dem ganzen Restriction-Geraffel handle ich mir nicht einen Player ein, sondern eine Sammlung von Playern, die speziell auf MEINER Plattform alle nicht funktionieren. Tatsächlich ist das einzige Format, daß alle Player uneingeschränkt abspielen können, das MP3-Format ohne Digital Restriction Management.\nDas ist ein echtes Problem. Die Situation: \u0026ldquo;Um diesen Titel abspielen zu können, muss ich jenen Player verwenden. Diesen anderen Titel kann ich jedoch nur in dem Player da abspielen.\u0026rdquo; Jetzt mach mal eine Party: \u0026ldquo;Mache bitte eine durchlaufende Playlist mit Überblendungen von allen diesen Titeln.\u0026rdquo;\nNoch besser: laß die Gäste auf der Party die Playlist selber manipulieren. Was glaubst Du, was solche Playerwechsel mit Deiner Party machen?\nDas heißt, Digital Restriction Management in seiner aktuellen Ausprägung versaut mir jede Party. Aber ich brauche wahrscheinlich sowieso einen speziellen Party-Player mit speziellen Party-Lizenzen für die Beschallung, um zu mehreren Spaß haben zu dürfen.\nWeiter: Die Downloadplattformen der Anbieter blockieren einander nicht nur mit inkompatiblen Softwareplayern auf dem PC. Sie schließen auch bestimmte Kundenkreise aus, wenn der Kunde zusätzlich noch darauf achten muss, dass er einen (portablen Hardware-) Player hat, der das Restricted Format der Downloadplattform x mit unterstützt.\nDas heißt, wenn ich Content haben will, der Mobil sicher funktioniert, muß ich MP3 verwenden.\nAn weitergehende kreative Anwendungen - Sampling, Mixes, Dubbing und so weiter - braucht man bei Restricted Content gar nicht zu denken.\nWir lernen: Nur wer Content aus P2P-Netzen bezieht oder selber rippt, kommt an eine Sammlung von Musikstücken,\ndie über Player- und Betriebssystemgrenzen hinweg portabel abspielbar ist, die kreativ einsetzbar ist und die zukunftssicher ist. Kauf-Musik mit Restriction Management hat keine Valueproposition für mich als Kunde. Insbesondere erwerbe ich keine Werte. Ich kann Geld, daß ich dort ausgebe, gleich als ca. Dreijahresmiete für das \u0026ldquo;gekaufte\u0026rdquo; Downloadstück abschreiben. Danach gehen die Player nicht mehr und Ersatz gibt es nicht, remote Restriction Management Sites sind nicht mehr erreichbar oder existent, die Platte meines Rechners hat sich zerlegt (und zwar gerade der Teil mit der Keysammlung, sodaß die eigentlichen Downloads sich in wertlosen Bitschrottverwandeln) oder das fragile Gerümpel fällt aus einem anderen Grund in sich zusammen.\nZum Vergleich: Meine CD-Sammlung hier geht jetzt bald zweilagig einmal die Wand meines Zimmers lang, das sind etwa 6 Meter CDs dicht an dicht gestapelt. Die Ältesten dieser CDs sind von irgendwann aus den 80ern. Was glaubst Du ist mit meiner Investition in heutige Download-Plattformen im Jahre 2024 los, oder auch nur 2014? Was ist für mich als Käufer und Sammler die bessere Investition?\nIch bin als Musik-Kunde so doch zwingend auf CDDA oder P2P-MP3s angewiesen. Alles andere wäre sträfliche Dummheit von meiner Seite.\nCDDA wird zunehmend nicht mehr angeboten.\nDie Reaktion der Kunden ist nur folgerichtig.\nDie Lobbyorganisationen und Verwertungsoligopole setzen auf Kriminalisierung der Nutzer. Sie haben keine Alternative. Es ist auch keine Alternative absehbar. Die einzige Quelle für funktionierende und portable Musik sind P2P Netze.\nDas ruft besser anonymisierende und besser verteilende Netze hervor. Dankenswerterweise erhöht sich der Druck auf P2P-Nutzer auch nur schrittweise, so dass die P2P-Nutzer und Entwickler in aller Ruhe eine Sequenz von P2P-Systemen mit jeweils einer Laufzeit von 1-2 Jahren austesten können, dann neue Angriffe auf diese Netze seitens der Verwertungsoligopole beobachten können, und schließlich in relativer Ruhe neue, verbesserte P2P-Plattformen deployen können.\nDas ist exakt derselbe Prozeß, den die IETF mit den RFCs getestet und als extrem brauchbaren Prozeß für die Entwicklung von funktionierenden und robusten Protokollen erkannt hat, nur daß das hier durch externen juristischen Druck motiviert und angetrieben wird.\nDie beobachtete Entwicklung ist zwingend.\nIch frage hier u.a. ziemlich viel, weil ich Positionen zur anliegenden Durchsetzungs-Rundumschlag-Richtlinie ausarbeiten muss, die von Herstellern proprietärer Informationen mitgetragen werden müssen.\nEs ist egal. Eine solche Richtlinie sorgt nur für den notwendigen Druck, der das Deployment der nächsten Runde P2P-Systeme lostreten wird. Ende 1998 entstand Napster. Das war der Zeitpunkt, zu dem die Anbieter von Musik hätten reagieren müssen und zu dem sie sich mit dem oben genannten Problemen hätten auseinandersetzen müssen - einheitliche Player, einheitliches Restriction Management, dauerhafte Value Proposition.\nDazu ein Marketing, das auf Vertrauen und partnerschaftlichem Kundenverhältnis beruht, statt auf Klagewellen gegen die Leute, die deren Jobs finanzieren sollten.\nStattdessen hat eine ganze Industrie 5 Jahre lang gepennt.\nGame Over.\nOder siehst Du irgendeinen Weg, der aus dieser Sackgasse herausführt? Der Kunden davon überzeugen könnte, daß Restricted Content eine Geldausgabe wert ist? Und für den noch Zeit ist?\n","date":"2004-01-27T00:00:00Z","href":"https://blog.koehntopp.info/2004/01/27/unerklaerlicher-umsatzrueckgang.html","tags":["politik","lang_de"],"title":"Unerklärlicher Umsatzrückgang"},{"categories":null,"content":"Vortrag auf der NuBIT 2003\nDer Feind in meiner Tasche Firewallkonzepte vs. Mobile Geräte\nInhalt Aufgaben und Positionierung von Firewalls Traditionelle Sicht auf das Netzwerk Neue Gefährdungen Wie sieht ein aktuelles Netz wirklich aus? Konsequenzen Neue Angriffe Neue Sicherungsmaßnahmen Wie kann sich eine Installation gegen diese Angriffe zur Wehr setzen? Aufgaben und Leistungen einer Firewall Choke Point Trennt Zonen unterschiedlicher Administration unterschiedlicher Sicherheitslevels Ist Meßpunkt Art, Menge und Gültigkeit von Netzverkehr Trust Boundary Trust Boundary Feste Grenzlinie \u0026ldquo;dort hört die Firma auf\u0026rdquo; Aller Verkehr passiert die Trust Boundary Prüfung auf Legalität Dekontamination Zentrales Verzeichnis aller Außen-kommunikation Zentrale Administration der Kommunikation Strukturierung der Kommunikation Firewall als Strukturbildner Abtrennung von Bereichen unterschiedlicher Gefährdung Funktion Wichtigkeit Die wahre Netzwerktopologie Bedürfnis nach Flexibilität Aufweichung der Grenzen VPN Tunnel \u0026ldquo;virtuelle\u0026rdquo; VPNs ssh Tunnel + Citrix/VNC Geräte Im-/Export Wireless Techniken GPRS, WLAN, Bluetooth Tunnel und andere Löcher I VPN Tunnel offizielle Löcher Endpunkte authentisiert Kommunikation verschlüsselt Endpunkte sind effektiv Rechner im LAN aber: Standort außerhalb der Firewall! VPN Client nur sinnvoll mit Firewall und Integritätsprüfung! Tunnel und andere Löcher II Selbstbau-VPN Tunnel ssh -L 8080:10.11.12.13:80 -l io.example.com \u0026ldquo;Logge Dich auf io.example.com als User ein\u0026rdquo; Tunnele die lokale 8080 an 10.11.12.13, Port 80 \u0026ldquo;Mache das Intranet von draußen zugänglich\u0026rdquo; Tunnel und andere Löcher III \u0026ldquo;Protokoll in Protokoll\u0026rdquo; SOAP \u0026ldquo;HTTP is a very RPC-like protocol that is simple, widely deployed, and more likely to function in the face of firewalls than any other protocol known to man\u0026rdquo; (http://msdn.microsoft.com/msdnmag/issues/0300/soap/default.aspx ) POST /string_server/Object17 HTTP/1.1 Host: 209.110.197.2 Content-Type: text/xml Content-Length: 152 SOAPMethodName: urn:strings-com:IString#reverse \u0026lt;Envelope\u0026gt; \u0026lt;Body\u0026gt; \u0026lt;m:reverse xmlns:m=\u0026#39;urn:strings-com:IString\u0026#39;\u0026gt; \u0026lt;theString\u0026gt;Hello, World\u0026lt;/theString\u0026gt; \u0026lt;/m:reverse\u0026gt; \u0026lt;/Body\u0026gt; \u0026lt;/Envelope\u0026gt; Mobile Geräte I Typische Probleme: Backup? Update? Software-Installation? Welche Geräte gehören zu meinem Administrationsbereich? Wann sind sie da? Wo waren sie inzwischen? Sind sie kontaminiert? Mobile Geräte II \u0026ldquo;Der Mitarbeiter hat sich SQL-Slammer auf dem Laptop zu Hause eingefangen und die Infektion nicht bemerkt.\u0026rdquo; \u0026ldquo;Das Gerät war im Suspend, der SQL-Slammer noch aktiv. Im Firmennetz ist das Gerät aufgewacht, hat eine neue IP per DHCP bekommen, und dann von dort das Firmennetz infiziert.\u0026rdquo; Spontane Vernetzung I Mobiltelefone sind universell und datenfähig Je restriktiver die Firewall, desto wahrscheinlicher kommt es zu spontaner Vernetzung an der Firewall vorbei. \u0026ldquo;Wenn das Attachment wieder nicht durch den Viruswall kommt, lade ich das eben kurz über das Handy. Stell es mal schnell auf Deinen Webserver.\u0026rdquo; \u0026ndash; Bei einem Kunden mitgehört Spontane Vernetzung II With a hand-held scanner, researchers were able to pick up information from company wireless networks by simply driving around the streets of London. The research identified that 63 per cent of the networks surveyed were left on default configuration, which clearly identifying the company owning the data and where it was coming from. http://theregister.co.uk/content/55/29337.html , 18-Feb-2003 U-Boote und Trojaner I Spyware Unterhaltungs-programme Grußkarten P2P Filesharing-Programme aber: Druckertreiber??? Mehr und mehr Komponenten melden Daten zurück an den Hersteller. Aktiver Content an unerwarteten Stellen: Mail mit Javascript Mobiltelefone mit Java und Active-X Unerwartete Funktionalität Mobiltelefone mit Kamera in Umkleideräumen? Mobile Sicherheit I Inventar- und Aktivitätskontrolle Welche Geräte sind in meinem Netz aktiv? Was machen die? Ist das (noch) normal? Mobile Sicherheit II Überwachung von Geräten, die aus dem Netz entfernbar sind: Anwendungsintegrität Ausführungskontrolle Auch disconnected! Sind Firewalls überflüssig? Sind Firewalls überflüssig? Definitiv nein. Sind Firewalls ausreichend? Definitiv immer weniger. Strategiewechsel: \u0026ldquo;Defense in depth.\u0026rdquo; ","date":"2003-11-01T00:00:00Z","href":"https://blog.koehntopp.info/2003/11/01/mobile-devices.html","tags":["lang_de","talk","publication","internet"],"title":"Mobile Devices - Der Feind in meiner Tasche"},{"categories":null,"content":" Methoden mit Klasse Am Wochenende hatte ich mit Till eine recht coole Unterhaltung über die Innereien von Qt. Qt hat den Signal-Slot-Mechanismus, mit dem es Methoden von Objekten aufruft.\nDazu werden einige Methoden eines Objektes in eine spezielle Runtime-Tabelle der Klasse eingetragen, mit Namen. Das sind Slots.\nSignale sind Platzhalter für Funktionsnamen, die in eine andere Tabelle eingetragen werden können. Mit connect() macht man so einen Eintrag: Man kopiert den Namen einer Funktion (genauer: eines Slots) in den Signalplatzhalter.\nWarum ist das Cool? Weil es Sachen zur Laufzeit macht, die C++ sonst nur zur Compilezeit kann. Damit gewinn man Flexibilität und kann Komponenten zur Laufzeit zusammenstecken, ohne daß man Gigabytes an Stuff neu compilieren muß.\nEs ist außerdem alt.\nIn Objective-C hatten wir genau das schon 1994 oder so. Besser sogar noch: In Objective-C sind alle Methoden automatisch immer Slots. Signale hat Objective-C als target (Zeiger auf ein Objekt) und action (Name einer Methode) definiert. Und in Objective-C sind alle Instanzvariablen das, was in Qt die Properties eines Objektes sind.\nZum Nachlesen: Artikel von 1997 und Objective-C Handbuch . Im übrigen ist bei Linux auch eine Objective-C Version des gcc dabei.\nDCOP Was hat das mit DCOP zu tun? DCOP ruft remote Methoden auf demselben Rechner auf. Das heißt, irgendein KPart bietet Zeugs an wie \u0026ldquo;Lade Text in Editor-Part\u0026rdquo; oder \u0026ldquo;Save den Mist ab\u0026rdquo; und irgendeine Shell (etwa KDevelop) callt das KPart. Manuell, mit einem essentiell funktionalen Interface.\nIn Objective-C hatten wir das genialer gelöst: Hier kann man ein generisches Proxy-Objekt erzeugen. Generisch heißt, daß es nicht Proxy für ein bestimmtes Objekt ist, sondern daß man dem Proxy zur Laufzeit sagt, für was es Proxy ist.\nDas Proxy-Objekt fragt dann seinen Klienten, was es für ein Objekt ist, welche Methoden der Klient hat und welche Instanzvariablen der Klient hat und wird selber zu einem Stand-In für den Client. Nun kann man den Proxy so verwenden wie man den Klienten verwenden würde, wenn er lokal ist.\nUnd der Proxy tütet die Callparameter ein, shipped sie per RPC zum Klienten, der rechnet rum, sendet ein Resultat zurück und der Proxy gibt das Resultat zurück. Resultat: RPC mehr oder weniger komplett verborgen, Proxy benutzbar als wär man selber da.\nGuide zum PDF Der eine interessante Teil ist ab Seite 55, wo die Syntax vorgestellt wird. Das kann man überfliegen, denn es ist Zuckerguß, aber wichtig, um die Beispiele lesen zu können.\nAuf Seite 87 stellen sie das Messaging vor. Das ist wichtig, und man kann es direkt auf Qt abbilden. Man lese auch Seite 90, Selectors. Das ist interessant, weil Qt es nicht kann. Auf Seite 92 erklären Sie target-action, was eine Art typenloses SIGNAL für Arme ist. Weil es typenlos ist, braucht man Code wie auf Seite 94.\nSeite 101 ist gruselig, und hat kein Äquivalent in Qt - Categories sind Erweiterungen bestehender Klassen (ich kann also nachträglich die Image-Klasse selbst erweitern, und der Code wird von allen bestehenden Unterklassen von Image erweitert).\nSeite 104 definiert Protocols, die von den meisten Leuten in anderen Sprachen als Interfaces bezeichnet werden. Die entscheidende Syntax ist auf Seite 112ff.\nEinige Speedup-Tricks mit dem Runtime findet man auf Seite 120, mit dem methodForSelector.\nDie Coolness beginnt auf Seite 145-151, Forwarding. Mit dem Dynamic Loading auf Seite 151 zusammen hat man dann ein sehr mächtiges Werkzeug in Form der NSBundle-Klasse, die das verpackt und OO-mäßig typsicher macht. Seite 152 geht dann gleich auf Remote Messaging by Proxy, worüber wir geredet haben.\nOffenbar hat Objective-C aber inzwischen noch ein paar Erweiterungen in der Sprache selber, die die weitere Spezifikation von Parametern erlaubt (\u0026ldquo;bycopy/byref\u0026rdquo;, \u0026ldquo;in/out/inout\u0026rdquo; und \u0026ldquo;oneway\u0026rdquo;). Das war vor sechs Jahren noch nicht so, da hat man sich mit anderen Konstrukten behelfen müssen. :-)\nAb Seite 163 geht es dann an die Interna, ich halte das für unsere Diskussion nicht mehr so interessant.\nDie Grammatik der Sprache ist auf Seite 211ff dargestellt.\n","date":"2003-10-24T00:00:00Z","href":"https://blog.koehntopp.info/2003/10/24/objc-oder-warum-dcop-so-kompliziert-ist.html","tags":["computer","lang_de"],"title":"ObjC - oder warum DCOP so kompliziert ist"},{"categories":null,"content":"Dead until dark ist die Geschichte einer Kellnerin, die Gedanken lesen kann und die sich einen Vampir als Liebhaber anschafft, während ihr Chef ein Werhund ist.\nNein, es ist keine Geschichte aus dem Laurell K. Hamilton -Universum, auch wenn sich die Bestandteile fast so anhören und entsprechend ist es kein bluttriefendes Gemetzel. Na ja, okay, es gibt einen Body Count, denn schließlich will es ein Krimi sein, aber anders als bei Laurell Hamilton ergießen sich keine Ströme von Blut über die Szenerie\u0026hellip;\nNett, unterhaltsam und schnell wegzulesen. Das Ende ein wenig antiklimaktisch - wie viele Leute gibt es, deren Gedanken Sookie Stackhouse nicht lesen kann und wer von denen kommt als Täter infrage? - aber letztendlich dennoch nicht langweilig.\n","date":"2003-09-08T00:00:00Z","href":"https://blog.koehntopp.info/2003/09/08/fertig-gelesen-dead-until-dark.html","tags":["book","media","review","lang_de"],"title":"Fertig gelesen: Dead until dark"},{"categories":null,"content":"Lord Gamma erinnert mich an die Geschichte eines anderen deutschen Sci-Fi Autors, die ich witzigerweise auf einem USA-Urlaub las. Ein riesiger pyramidenförmiger Flugkörper dringt in das Sonnensystem ein und nur die Nostradamus, ein experimentelles deutsches Schiff, ist in der Lage schnell genug dort hinzukommen, um das Objekt zu untersuchen, bevor es wieder verschwindet. Doch stellt sich heraus, daß ein Saboteur an Bord ist, daß auch andere Nationen auf dem Weg zur Pyramide sind und daß noch eine ganze Menge anderer Dinge faul sind.\nGoogol Eine Geschichte, in der im Weltraum mal nicht unbedingt Amerikanisch gesprochen wird, voll vom unbekümmerten Nationalismus und festen Glauben an die Ingenieurskunst, wie man ihn in Büchern aus den 1920ern, etwa bei Hans Dominik in \u0026ldquo;Der Wettflug der Nationen\u0026rdquo;, \u0026ldquo;Ein Stern fiel vom Himmel\u0026rdquo; und \u0026ldquo;Land aus Feuer und Wasser\u0026rdquo; finden kann.\n","date":"2003-08-31T00:00:00Z","href":"https://blog.koehntopp.info/2003/08/31/fertig-gelesen-googol-revisited.html","tags":["book","media","review","lang_de"],"title":"Fertig gelesen: Googol revisited"},{"categories":null,"content":"Lord Gamma hätte so cool sein können. Ein Typ, Stan, in einem Pontiac ohne Motor, fährt eine schnurgerade Gefällestrecke runter, in der sich die Landschaft alle 180 km wiederholt.\nAlle 180 km steigt er aus, dringt in einen Atombunker ein, in dem sich immer eine andere Gesellschaftsform gebildet hat, und befreit einen Klon seiner Frau, um ihn am Ende zu erschießen. Zwischen den Kapiteln Rück-, Fremd- und Zwischenblenden, die direkt aus einem Drogentraum hätten kommen können. Und spannend obendrein.\nUnd dann baut der Autor ein Ende daran, das versucht einen Drogenrausch, einen Albtraum, den beginnenden Wahnsinn zu erklären und aus der ganzen Geschichte ein Stück mehr oder weniger harte Sci-Fi zu machen.\nGna.\nMan hätte den letzten Akt und den Epilog einfach streichen sollen. Die meisten Geschichten werden durch Weglassen irgendwie besser. Geht Euch das auch so?\n","date":"2003-08-31T00:00:00Z","href":"https://blog.koehntopp.info/2003/08/31/fertig-gelesen-lord-gamma.html","tags":["book","media","review","lang_de"],"title":"Fertig gelesen: Lord Gamma"},{"categories":null,"content":"Kushiel\u0026rsquo;s Dart - Eine Mantel-und-Degen Geschichte in einer seltsamen Parallelwelt, in der die Römer Britannien nicht erobert haben und in der Jesus Sohn in Frankreich freie Liebe gepredigt hat.\nDie Heldin, eine Art Tempelkurtisane mit einer Wahrnehmungsstörung (Sie kann Pleasure und Pain nicht unterscheiden) wird von einem Altmeister der Spionage in die Lehre genommen und zu einer gefährlichen Waffe ausgebildet, die in den Salons und den Betten der Mächtigen zum Einsatz kommt.\nAußerdem der Beweis, daß ein Roman mit SM-Elementen nicht zwingend zu einem ekeligen Slave Girl of Gor werden muß. Ist ja auch von einer Frau geschrieben.\n","date":"2003-08-30T00:00:00Z","href":"https://blog.koehntopp.info/2003/08/30/fertig-gelesen-kushiel-s-dart.html","tags":["book","media","review","lang_de"],"title":"Fertig gelesen: Kushiel's Dart"},{"categories":null,"content":"Vortrag auf der NuBIT, Kiel, 2002\n","date":"2002-06-01T00:00:00Z","href":"https://blog.koehntopp.info/2002/06/01/enterprise-intranet-integration.html","tags":["lang_de","talk","publication","internet"],"title":"Enterprise Intranet Integration"},{"categories":null,"content":" Allgemeines Verwendete Version Alle Aussagen in diesem Artikel beziehen sich auf die aktuelle stabile Version von MySQL, wie sie in SuSE Linux 7.3 geliefert wird. Diese Version ist 3.23.44.\nDie aktuelle Version des MySQL-Clients wird beim Aufruf des Kommandos mysql genannt.\nkris@valiant:~\u0026gt; mysql Welcome to the MySQL monitor. Commands end with ; or \\g. Your MySQL connection id is 217 to server version: 3.23.44-log Type \u0026#39;help;\u0026#39; or \u0026#39;\\h\u0026#39; for help. Type \u0026#39;\\c\u0026#39; to clear the buffer. Die aktuelle Version des MySQL-Servers kann mit dem Kommando “select version()” erfragt werden. mysql\u0026gt; select version() as version; +-------------+ | version | +-------------+ | 3.23.44-log | +-------------+ 1 row in set (0.00 sec) Dieselbe Information kann man auch erfahren, indem man abfragt, welche Programmpakete installiert sind. MySQL bringt die folgenden essenziellen Pakete mit:\nkris@valiant:~\u0026gt; rpm -qa | grep mysql mysql-devel-3.23.44-5 mysql-shared-3.23.44-5 mysql-3.23.44-5 mysql-client-3.23.44-5 Das Paket mysql-shared enthält dabei die Client-Bibliothek libmysql.so, die von MySQL-Anwendungen wie etwa PHP, aber auch von allen anderen MySQL-Komponenten benötigt wird. Das Paket mysql-client enthält alle notwendigen Programme und Hilfsdateien um einen Datenbankserver zu connecten, das Paket mysql den Datenbank-Server sowie die Servertools. Will man Programme übersetzen, die mysql-shared verwenden, so sind die notwendigen Include-Dateien in mysql-devel zu finden. Ein fünftes Paket, mysql-bench enthält eine Reihe von Benchmark- und Testprogrammen, die so gut wie niemals benötigt werden.\nEinige Programme aus den Paketen setzen außerdem ein installiertes Perl (perl.rpm) und das Suse Paket perl-DBI.rpm (Perl-Paket DBI) sowie perl-Msql-Mysql-modules.rpm (Perl Paket DBD::mysql)voraus.\nMySQL online Die Website von MySQL ist http://www.mysql.com/ . Dort findet sich neben den aktuellen Downloads auch ein sehr gutes Online-Manual http://www.mysql.com/doc/ . Anwender von Suse Linux 7.x sollten sich nicht die Downloads von mysql.com antun, sondern die SuSE-Pakete von ihren CD-ROMs oder aus dem Suse Update-Download verwenden. Weitere Informationen zu MySQL finden sich in der FAQ von de.comp.lang.php sowie in der FAQ von de.comp.datenbanken.mysql.\nBücher Es gibt eine Reihe Bücher zu MySQL und zu Datenbanken allgemein. Eine Liste von frei verfügbaren Büchern findet sich in der ersten Frage zu MySQL in der dclp-FAQ (sql-lernen ).\nEin sehr empfehlenswertes Buch über MySQL ist das Buch von Paul Dubois (in englischer Sprache).\nEin sehr empfehlenswertes Buch über relationale Datenbanken ist das Buch von Andreas Heuer .\nEin sehr empfehlenswertes Buch über Datenbanken und Optimierung ist das Buch von Mark Gurry . Obwohl es für Oracle geschrieben ist, lässt sich die Diskussion dort weitgehend auf alle relationalen Systeme übertragen und ist generell sehr erhellend.\nMySQL im System administrieren Allgemeines MySQL besteht aus einem Serverprozeß, der eine Reihe von Threads startet und der von Clientprogrammen kontaktiert wird, die Kommandos an den Server senden und Resultate von dort erhalten.\nDas Startprogramm ist safe_mysqld, das wiederum den eigentlichen Server mysqld startet. Der Server erzeugt per Default drei Threads, die in Linux als separate Einträge in der Prozeßtabelle sichtbar werden. Jeder Connect an den Server erzeugt einen weiteren Thread, der in Linux ebenfalls als Eintrag in der Prozeßtabelle sichtbar wird.\nAlle Programme verstehen die Kommandozeilenoptionen –h (--host, default: Localhost) zur Angabe des Serverrechners, -P (--port, default: 3306) zur Angabe des TCP/IP-Ports, -u (--user, default: Der Unix-Loginname) zur Angabe eines Benutzernamens und –p (--password) zur Angabe eines Passwortes.\nKonfiguration Alle Programme aus dem MySQL-Paket lesen Konfigurationsparameter aus der systemweiten Steuerdatei /etc/my.cnf. Die Datei ist aufgebaut wie eine win.ini bzw. smb.conf und enthält Abschnitte, die die jeweilige Systemkomponente bezeichnen, für die die Konfigurationsanweisungen gelten. Der MySQL-Server wird im Abschnitt [mysqld] konfiguriert. Anwender können für Client-Programme die zentralen Einstellungen überschreiben, indem sie in ihrem $HOME eine Datei .my.cnf anlegen (für den Server ist es wenig sinnvoll, dort Einträge zu machen).\nStart und Stop, mysqladmin MySQL wird mit einem Programm mysqladmin geliefert, das den Serverprozeß steuern kann. Es versteht die üblichen MySQL-Optionen. Mit dem Kommando mysqladmin shutdown kann der Server kontrolliert heruntergefahren werden.\nDer Status des Servers kann mit den Kommandos mysqladmin status oder mysqladmin processlist überprüft werden. Einzelne Queries, die Amok laufen, können ohne einen vollständigen Stop des Servers mit mysqladmin kill angehalten werden. Die notwendigen PIDs können der Ausgabe von processlist entnommen werden.\nIn SuSE Linux ist es besser, den Server mit dem Start/Stop-Script von SuSE Linux anzuhalten und starten. Dieses Script befindet sich an der üblichen Stelle /etc/init.d/mysql und versteht die üblichen Parameter start und stop.\nMit mysqladmin variables können im übrigen Konfigurationsvariablen des Servers abgefragt werden, so wie sie in der /etc/my.cnf hinterlegt wurden.\nDatenspeicher im Dateisystem MySQL legt die Daten der Datenbank als Dateien in Verzeichnissen im normalen Dateisystem ab. Die Ablage erfolgt unterhalb des Verzeichnisses, das durch die Variable „datadir“ bezeichnet wird. valiant:~ # mysqladmin variables| grep datadir | datadir | /var/lib/mysql/ | Der physikalische Datenbankserver kann dabei eine Reihe von logischen Datenbanken hosten, die jeweils auf Verzeichnisse gleichen Namens unterhalb von „datadir“ abgebildet werden. valiant:/var/lib/mysql # find . -type d . ./test ./sync ./test_skoda ./mysql ./phpgroupware ./test_test ./test_sync valiant:/var/lib/mysql # mysqlshow +\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026ndash;+ | Databases | +\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026ndash;+ | mysql | | phpgroupware | | sync | | test | | test_skoda | | test_sync | | test_test | +\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026ndash;+ Jede Tabelle in einer logischen Datenbank findet sich in Form von drei Dateien in dem entsprechenden Verzeichnis wieder. Die Tabellen heißen jeweils so wie die Tabelle und kommen mit einer von drei Endungen: • .frm: Dies ist die Schemadefinition, also die Festlegung, welche Spalten in der Tabelle vorkommen, wie diese heißen und welche Eigenschaften sie haben. Diese Dateien sind in der Regel so um die 8 KB groß und haben eine relativ statische Größe. • .MYD: Dies ist die eigentliche Datendatei für die Tabelle. Sie wächst in Abhängigkeit davon, wieviele Zeilen die Tabelle hat. • .MYI: Dies ist der Speicher für die Indices, die auf einer Tabelle definiert sind. Sie ist um so größer, je mehr Zeilen die Tabelle hat und je mehr Indices auf einer Tabelle definiert sind. Alle Dateien und Verzeichnisse müssen demselben User gehören, unter dem auch der Datenbankserver ausgeführt wird. In Suse Linux 7.x ist das der user „mysql“ und die Gruppe „daemon“. Die Verzeichnisse, die den logischen Datenbanken entsprechen, sind in der Regel nur für den Datenbankuser zugänglich („mysql“, 0700), alle Dateien sind in der Regel für den Datenbankuser und seine Gruppe zugänglich („mysql:daemon“, 0660). Die Datenbankdateien und alle anderen Dateien in „datadir“ sollen nicht gelesen oder geschrieben werden, solange der Datenbankserver „mysqld“ läuft. Dies ist insbesondere für die Datensicherung wichtig: Da der Server Daten unter Umständen im Cache hält, ist die Sicherung dieser Dateien mit großer Wahrscheinlichkeit inkonsistent und führt nicht zu einem funktionierenden Restore. Stattdessen sind andere Methoden der Sicherung zu wählen. Logs MySQL legt eine Reihe von Logbüchern an. Die Logs liegen normalerweise in „datadir“: Log file Description The error log Problems encountering starting, running or stopping mysqld. The isam log Logs all changes to the ISAM tables. Used only for debugging the isam code. The query log Established connections and executed queries. (\u0026ndash;log=) The update log Deprecated: Stores all statements that changes data (\u0026ndash;log-update=) The binary log Stores all statements that changes something. Used also for replication (\u0026ndash;log-bin=) The slow log Stores all queries that took more than long_query_time to execute or didn\u0026rsquo;t use indexes. (\u0026ndash;log-slow-queries=) Mit dem Kommando „flush logs“ werden die Logbücher geschlossen und neu geöffnet (wichtig für einen Logrotate). Datensicherung Siehe auch http://www.mysql.com/doc/D/i/Disaster_Prevention.html . mysqldump Je nach Wunsch kann die Sicherung von MySQL als SQL-Quelltext (mysqldump) oder in Binärformat (mysqlhotcopy) erfolgen. In jedem Fall wird eine Kopie der Daten in der Datenbank erzeugt. Während der Erzeugung der Kopie sind die betreffenden Tabellen gelockt und die Puffer geflushed, sodaß sichergestellt wird, daß die Kopie konsistent ist. $ mysqldump –opt –c database | gzip –9 \u0026gt; database.sql.gz Dies erzeugt ein Backup der Datenbank database mit allen Tabellendefinitionen und allen Daten. Das Backup ist eine SQL-Kommandodatei, die mit dem Kommandozeilenclient wieder eingelesen werden kann. $ gzip –dc database.sql.gz | mysql database Da die ASCII-Form von SQL hoch redundant ist, ist eine Kompression des Backups mit gzip dringend angeraten. Die ASCII-Form hat jedoch den Vorteil, daß sie mit einem Editor bearbeitet werden kann, sodaß auch ein partieller Restore möglich ist. Oft möchte man außerdem mit $ mysqldump –opt –no-data database \u0026gt; database.schema das Datenbankschema ohne Daten getrennt sichern. mysqlhotcopy Die Sicherung mit „mysqlhotcopy“ setzt perl und korrekt installierte Perlmodule voraus. Die Syntax ist denkbar einfach: $ mysqlhotcopy database /var/tmp/database erzeugt eine Sicherung der Datenbankfiles mit konsistentem Zustand in /var/tmp/database. Diese Kopie der Datenbank kann dann auf Band oder CD-ROM gesichert werden. Anders als die Sicherung mit „mysqldump“ handelt es sich hier um eine Binärkopie der Datenbank, die weitaus weniger Platz verbraucht, schneller zu restaurieren ist, aber nicht editiert werden kann. Verlorenes Root-Paßwort recovern Siehe auch http://www.mysql.com/doc/R/e/Resetting_permissions.html MySQL speichert seine internen Daten in der logischen Datenbank mysql. Hat man diese Datenbank zerstört oder bei Spielereien mit Zugriffsrechten die Paßworte des Datenbankadministrators überschrieben, kann man nicht mehr auf den Datenbankserver zugreifen. Der Server läßt sich wie folgt recovern: Die Datenbank mysql existiert noch\nHerunterfahren des Servers mit „/etc/init.d/mysql stop“. Einsetzen der Option „skip-grant-tables“ in der /etc/my.cnf. Hochfahren des Servers mit „/etc/init.d/mysql stop“ Die Option „skip-grant-tables“ bewirkt nun, daß beim Connect gar keine Paßworte mehr abgefragt werden. Mit den Kommandos a. use mysql; b. update user set password=password(„\u0026hellip;“) where user=”root” kann ein neues Paßwort für den User root gesetzt werden. Statt derr „..“ ist dabei das Kennwort einzusetzen. Der Server kann nun heruntergefahren werden (siehe Schritt 1) und die Option „skip-grant-tables“ wieder aus der /etc/my.cnf entfernt werden. Danach kann der Server wieder normal gestartet werden. Die Datenbank mysql existiert nicht mehr oder ist beschädigt Wenn die Datenbank mysql so schwer beschädigt wurde, daß sie nicht mehr brauchbar ist, muß sie neu angelegt werden. Dabei gehen sämtliche Benutzerlogins und ihre Zugriffsrechte und Kennworte verloren und müssen neu angelegt werden. Die Daten in den anderen Datenbanken bleiben erhalten. Herunterfahren des Servers mit „/etc/init.d/mysql stop“ Aufruf von mysql_install_db Neues Setzen des root-Paßwortes wie in der Ausgabe von mysql_install_db beschrieben. Sicherheitshalber Stoppen und Starten des Servers, Testen des Zugangs. Datenbankadministration Anlegen von Usern Siehe auch http://www.mysql.com/doc/U/s/User_Account_Management.html Benutzer werden in MySQL mit dem Kommando „grant“ angelegt und mit dem Kommando „revoke“ gelöscht. Diese Kommandos können auch verwendet werden, um Benutzern mehr Rechte zu geben oder ihnen Rechte zu entziehen. In älteren Versionen von MySQL wurde derselbe Effekt durch direktes Bearbeiten von Tabellen in der Datenbank mysql erzielt. Dies ist nicht mehr empfohlen und sollte vermieden werden. Es ist wichtig zu wissen, daß Usernamen in MySQL nichts mit Usernamen in Unix zu tun haben. Es ist möglich, in MySQL User einzurichten, die es in Unix nicht gibt und umgekehrt. Auch konzeptuell besteht ein Unterschied: Usernamen in MySQL haben immer die Form „username@host“, wobei jedoch für den Hostpart Jokerzeichen zugelassen sind und der Username-Part leer sein darf. Ebenso sind MySQL-Zugangspaßworte von Unix-Zugangspaßworten verschieden. Sie werden auch anders verschlüsselt, wenn man in der Tabelle mysql.user direkt nachsieht (Funktion password() für MySQL-Paßworte, Funktion encrypt() für Unix-Paßworte). Werden User mit den Kommandos „grant“ und „revoke“ bearbeitet, liest der Server die geänderten Zugriffsrechte sofort neu ein. Spielt man manuell an den Tabellen herum, hat dies keine Auswirkungen, bis das Kommando „flush privileges“ ausgeführt wird (Oder „mysqladmin reload“ von der Kommandozeile gestartet wird). Einige Beispiele: • grant all on sync.* for beispieluser identified by ‘password’ Dies legt einen Benutzer „beispieluser“ an, der sich mit dem Paßwort ‚password’ anmelden kann. Der User hat alle Zugriffsrechte für die Datenbank sync mit allen darin befindlichen Tabellen, kann diese Rechte jedoch nicht weitergeben. • grant all on sync.* for logical_dba identified by ‚geheim’ with grant option Dies legt einen Benutzer “logical_dba” an, der sich mit dem Paßwort “geheim” anmelden kann. Der Benutzer hat nicht nur alle Zugriffsrechte für die Datenbank sync mit allen darin befindlichen Tabellen, er kann diese Rechte auch an existierende User weitergeben. Der User ist also der Datenbankadministrator für eine logische Datenbank. • grant all on . for admin identified by ‘master’ with grant option Dies legt einen Datenbankadministrator admin an, der sich mit dem Paßwort “master” anmelden kann. Er hat alle Rechte auf allen Tabellen. • grant select on sync.log for „logview@localhost“ Dies legt einen user logview an, der sich nur von localhost anmelden kann, dies dafür aber ohne Paßwort tun kann. Der User kann nur auf die Tabelle sync.log zugreifen. Das Löschen von Usern geht analog mit „revoke“. User werden in der Tabelle mysql.user gehalten. Dort vergebene Rechte gelten global (für alle Datenbanken). Den Usern werden in der Tabelle mysql.db Datenbanken und Datenbankrechte zugewiesen. Diese Rechte gelten nur für eine Datenbank. Normale User haben in mysql.user nur „n“-Flags stehen und bekommen ihre Rechte dann immer über die mysql.db-Tabelle. Admins haben Rechte an allen Datenbanken und haben daher an den passenden Stellen in mysql.user „y“-Flags stehen. Anlegen, Löschen und Anzeigen von Datenbanken Eine logische Datenbank kann mit dem Kommando „create database \u0026hellip;“ angelegt werden. Dies bewirkt im wesentlichen, daß das Verzeichnis in „datadir“ angelegt wird. (http://www.mysql.com/doc/C/R/CREATE_DATABASE.html ) Die Datenbank kann mit dem Kommando „drop database“ gelöscht werden. Das löscht nicht nur die Datenbank, sondern auch alle Tabellendaten und Tabellendefinitionen. Eine Rückfrage gibt es nicht, ein Undo gibt es nicht. (http://www.mysql.com/doc/D/R/DROP_DATABASE.html ) Eine Liste aller existierenden logischen Datenbanken bekommt man mit „show databases“. (http://www.mysql.com/doc/S/H/SHOW_DATABASE_INFO.html ) Alle folgenden SQL-Kommando wirken immer auf die aktuelle Datenbank. Diese wird im Kommandozeilenclient mit „use \u0026hellip;“ festgelegt. „use \u0026hellip;“ wirkt also wie ein chdir/cd-Kommando. (http://www.mysql.com/doc/U/S/USE.html ) Anlegen, Löschen und Anzeigen von Tabellen Siehe auch http://www.mysql.com/doc/C/o/Column_types.html und Eine Tabelle kann mit dem Kommando „create table \u0026hellip;“ angelegt werden. Dabei müssen auch die Spaltennamen der Tabelle, ihre Typen und weitere Optionen angegeben werden (http://www.mysql.com/doc/C/R/CREATE_TABLE.html) . Die Tabelle kann mit dem Kommando „drop table \u0026hellip;“ wieder gelöscht werden (http://www.mysql.com/doc/D/R/DROP_TABLE.html) . Der Aufbau der Tabelle kann mit dem Kommando „show columns from \u0026hellip;“ oder kürzer „describe“ oder „desc“ angezeigt werden (http://www.mysql.com/doc/D/E/DESCRIBE.html) . Informativer ist jedoch „show create table \u0026hellip;“. Dieses Kommando gibt das vollständige SQL-Kommando zum Anlegen der Tabelle aus. phpmyadmin Ein bequemes Tool zum Anlegen, Löschen und Bearbeiten von MySQL über das Web ist phpmyadmin (http://phpmyadmin.sourceforge.net/) . phpmyadmin ist ein sehr mächtiges Tool. Es muß auf jeden Fall in einem Ordner installiert werden, der durch eine .htaccess-Datei geschützt ist. Es ist ein beliebter Sport, mit Google oder einer anderen Suchmaschine nach offenen phpmyadmin-Installationen zu suchen. Relationales Modell Das relationale Datenbankmodell betrachtet Tabellen als Mengen (ohne Reihenfolge) von Zeilen. Eine Zeile wird als Tupel von Werten betrachtet, wobei das leicht vereinfacht dargestellt ist (Tupel haben Reihenfolge, aber Zeilen in Datenbanktabellen haben ebenfalls keine Reihenfolge, auf die man sich verlassen sollte). Das relationale Datenbankmodell definiert dann eine Reihe von Operationen, die man auf diesen Tabellen-Mengen durchführen kann und die jeweils neue Mengen liefern. Ziel ist es nun, eine Anfrage zu finden, die genau die gewünschte Ergebnismenge findet. Dies kann durch die Verknüpfung verschiedener Operationen erreicht werden, da die Operatioen jeweils wieder zu den Operatoren kompatible Ergebnismengen liefern (-\u0026gt; Algebra). Operationen im relationalen Datenbankmodell Projektion Die Projektion erzeugt aus den vorhandenen Spalten der verwendeten Tabellen neue Spalten. Dies kann durch Auswahl einer Teilmenge von Spalten geschehen, oder durch Erzeugung von neuen Spalten mit Hilfe von Rechenfunktionen und –operatoren. In SQL wird die Projektion als Liste von Spaltennamen und Funktionsanwendungen hinter dem SELECT-Statement geschrieben: select t1.s1, t1.s2, t2.s1, unix_timestamp(t2.s3) from t1, t2 Merke: Projektion == senkrechter Schnitt, Spaltenauswahl Selektion Die Selektion erzeugt aus den vorhandenen Zeilen der verwendeten Tabellen neue Zeilen. Dies kann durch Auswahl einer Teilmenge von Spalten geschehen. Die Auswahl kann durch Prädikate und Relationen erfolgen. In SQL wird die Selektion als Verknüpfung von Prädikaten und Relationen in der WHERE-Clause des SELECT-Statements geschrieben. select * from t1 where t1.s1 \u0026lt;10 and not isnull(t1.s2) Merke: Selektion == waagrechter Schnitt, Zeilenauswahl Join Der Join ist eine Verknüpfung von zwei Tabellen durch Bildung des Kreuzproduktes und Auswahl der gewünschten Teilmenge der Kombinationstabelle. Ein unqualifizierter Join erzeugt eine vollständige Kombination zweier Tabellen, das Kreuzprodukt: jede Zeile der Tabelle 1 wird mit jeder Zeile aus Tabelle 2 kombiniert, die Resultatstabelle hat count(t1) * count(t2) Zeilen. In der Regel möchte man nur eine Teilmenge des Kreuzproduktes haben, in dem man den Schlüssel von t1 mit dem Fremdschlüssel von t1 in t2 kombiniert (siehe weiter unten). select * from t1, t2 where t1.pk = t2.fk_t1 Merke : Join == Verknüpfung zweier Tabellen Rename Will man rekursive Strukturen (Bäume, Listen) erzeugen, muß man eine Tabelle gelegentlich mit sich selbst Joinen. Damit das gelingt, muß man die Elterntabelle von der Kindtabelle unterscheiden können. Dies macht eine Umbenennung notwendig. In SQL kann man Spalten und Tabellen umbenennen, indem man den neuen Namen mit AS in der Projektion oder Selektion nennt. select l.s1+l.s2 as spaltensumme from lange_tabelle as l Renames sind auch nützlich, um Rechenergebnisse (synthetische Spalten) sinnvoll zu benennen (hier: spaltensumme). Aggregation Siehe auch http://www.koehntopp.de/php/databases.html - sql-aggregation. In SQL kann man eine Reihe von Zeilen mit gleichen Eigenschaften zusammenfassen und bekommt so Zeilen, die Mengen sind. Man kann sich einen Repräsentanten dieser Mengen anzeigen lassen oder bestimmte Elemente mit Aggregatfunktionen auswählen. select max(preis) as regionaler_hoechstpreis from preise group by region Normalisierungen Wenn man eine Datenbankanwendung als Laie entwickelt, stellt sich schnell die Frage, wie man seine Daten auf verschiedene Tabellen verteilt. Man merkt schnell, dass sich bestimmte Strukturen für bestimmte Operationen als nicht sehr praktisch erweisen (siehe auch http://www.tu-chemnitz.de/wirtschaft/wi1/lehre/2001_ws/db/v6.pdf) . Ideal ist eine Speicherung der Daten ohne Redundanzen. Man gewinnt ein solches Tabellenschema durch Normalisierung. • 0 NF: Nach menschlichen Ordnungskriterien geordnete Daten, zum Beispiel Herrchen und Haustiere. • 1 NF: Ein Feld darf nur einen einzigen Wert beinhalten, d.h. ich soll nicht alle Haustiere eines Herrchens in eine Spalte quetschen und ich soll nicht Straße und Hausnummer in einer Spalte speichern. • 2 NF: Alle Werte müssen vom Primärschlüssel funktional abhängig sein, d.h. ich sollte nicht Informationen über Haustiere und deren Herrchen in ein und derselben Tabelle unterbringen. ◦ Was sind Schlüssel? ◦ Was sind Primärschlüssel? ◦ Was sind Fremdschlüssel? • 3 NF: Alle Werte müssen von einander funktional abhängig sein, d.h. ich sollte nicht die verschiedenen Wohnsitze des Herrchens mit seinen Geburtsmerkmalen in einer Tabelle unterbringen. Tabellenbeziehungen Nach einer Normalisierung hat man in der Regel eine große Anzahl von Tabellen, die zusammengefügt werden müssen, damit man wieder an die Daten kommt. Das Zusammenfügen erfolgt mit einem passenden Join, die Join-Bedingung bezeichnet in der Regel den Primärschlüssel einer Tabelle und den Fremdschlüssel dieser Tabelle in einer anderen Tabelle. Je nachdem, welche Art von Beziehung zwischen zwei Tabellen besteht, sieht der Join auch leicht anders aus. One-to-Many Relation Die häufigste Beziehung zwischen Tabellen ist die One-to-Many Relation, etwa “Eine Order enthält viele Items” oder “Ein Manager hat viele Angestellte”. Sie kann direkt auf Tabellen in einer Datenbank abgebildet werden. In einer One-to-Many Relation gibt es eine aufspannende Tabelle mit einem Primärschlüssel (z.B. die Ordertabelle oder die Managertabelle) und eine aufgespannte Tabelle. Die aufgespannte Tabelle hat eine Spalte, in der der Primärschlüssel der Zeile der aufspannenden Tabelle eingetragen ist, zu der diese Zeile gehört. OID Datum 1 11.01.2002\n2 12.01.2002\n3 12.01.2002\nIID OID Bezeichnung\n1 1 Keks\n2 1 Noch ein Keks\n3 2 Kein Keks\nMan kann erkennen, dass jedes Item in der Itemtabelle genau einer Order zugeordnet ist. Eine Order kann keine Items, genau ein Item oder mehrere Items enthalten. One-to-One Relation Eine One-to-One Relation tritt in Datenbanken eigentlich nur in zwei Situationen auf: • Die rechte Seite der Relation ist optional (One-to-Zero Relation) und nur relativ selten mit Werten gefüllt. ◦ Ein Sonderfall dieser Situation liegt vor, wenn man eine Reihe von Spezialisierungen eines Objektes modellieren möchte. • Es muß eine Key Translation durchgeführt werden. Ein Beispiel für den ersten Fall wäre eine Liste von Personenbeschreibungen. Für einige Personen existieren erweiterte Informationen, zum Beispiel Fotos und Homepage-URLs. Der genannte Sonderfall existiert in unserer Kundendatenbank, wo es zum Beispiel technische Objekte gibt. Diese Tabelle hätte eine ID und ein Typfeld sowie alle Informationen, die allen technischen Objekten gemein sind. Je nach Typfeld findet man dann die speziellen Informationen des technisches Objektes in einer anderen Tabelle, zum Beispiel beim Typ „TO_Web“ in der Tabelle TO_Web. Eine Key Translation ergibt sich dann, wenn man zwei unterschiedliche Systeme mit überschneidendem Datenbestand zusammenführen muß, zum Beispiel Kunden mit XAL-Kundennummern in der Warenwirtschaft mit Kunden mit KundenDB-Kundennummern in der technischen Verwaltung. Hier ist dann manchmal eine Forderung, daß es sich tatsächlich um eine One-to-One Relation handelt, also der rechte Teil der Relation niemals optional ist – normalerweise könnte man diese Tabellen sonst in einer einzelnen Tabelle zusammenführen, aber hier ist dies aus technischen Gründen nicht machbar. Many-to-Many Relation Eine Many-to-Many Relation (n:m Relation) liegt dann vor, wenn zwei Objektmengen frei miteinander verknüpft werden sollen, etwa Firmen und Personen oder Seminare und Teilnehmer einander zugeordnet werden sollen. In Tabellen ist eine Many-to-Many Relation nicht direkt darstellbar. Man braucht eine Hilfstabelle, die diese Zuordnung übernimmt. Diese Hilfstabelle hat manchmal keine eigenen Attribute und keinen PK, wenn sie eine reine Hilfstabelle ist. SemID Titel\n1 Kekse backen\n2 Holz hacken\nTeilnID Name\n1 Hans Hartmacher\n2 Willi Weichspüler\n3 Tanja Troll\nSemID TeilnID\n1 2\n1 3\n2 2\n2 3\nIm Beispiel hat die Hilfstabelle zur Verknüpfung von Seminaren mit Teilnehmern keine anderen Attribute als Fremdschlüssel von Seminar und Teilnehmer. Sie bekommt per Konvention dann auch keinen eigenen Namen, sondern den systematischen Namen sem_teiln_rel. Hätte die Tabelle weitere Attribute, dann muß man sich überlegen, welche Funktion die Tabelle im System wahrnimmt. Sie bekommt dann einen eigenen Namen und einen eigenen Primärschlüssel. Im Beispiel würde die Tabelle Buchungen von Seminaren speichern und eine Buchung könnte Attribute wie „Anreise am Vortag“ oder „Abreise am Folgetag“ haben. Wir würdne die Tabelle entsprechend Buchungen nennen und ihr eine Spalte BuchID geben. Arten von Joins Tabellen werden mit Hilfe der Join-Operation miteinander verknüpft. Je nachdem, welcher Art die Beziehung zwischen zwei Tabellen ist, können die Join-Operationen unterschiedlich sein. Equijoin Der Equijoin, straight join oder symmetric join ist die einfachste Verknüpfung zweier Tabellen miteinander. select o.datum, i.bezeichnung from order as o, item as i where o.oid = i.oid Dieser Join verknüpft die Order- und Item-Tabellen aus dem 1:n-Beispiel miteinander. Ausgegeben werden alle Orders mit den dazu gehörenden Items, sofern eine Order überhaupt Items hat. Left Join Der Left Join, Outer Join verknüpft ebenfalls zwei Tabellen miteinander, ist jedoch asymmetrisch (Ein Right Join ist identisch mit einem Left Join, bei dem beide Tabellen miteinander vertauscht werden und soll hier nicht weiter betrachtet werden). Das bedeutet, daß in jedem Fall alle Werte der linken Tabelle aufgeführt werden, an Stelle der rechten Tabelle jedoch an einigen Stellen Nullwerte auftauchen können, wenn dort keine Werte vorhanden sind. select o.datum, i.bezeichnung from order as o left join item as i on o.oid = i.oid Die linke Tabelle wird als aufspannender Tabelle, die rechte Tabelle als aufgespannte Tabelle bezeichnet. Self Join Um selbstreferentielle Strukturen erzeugen zu können braucht man einen Self-Join. Das ist ein Equijoin oder Left Join einer Tabelle mit sich selbst. Da hierbei der Name einer Tabelle zweimal auftaucht, muß mindestens ein Vorkommen der Tabelle mit dem as-Operator umbenannt werden, damit man beide Vorkommen unterscheiden kann. Selbstreferentielle Strukturen sind Bäume oder Listen. Sie treten immer dann auf, wenn ein List-of-Parts-Problem vorliegt, manchmal auch, wenn man einen Subselect vermeiden möchte. select v.name, m.name from mitarbeiter as v, mitarbeiter as m where m.manager = v.mid Self-Joins beliebiger Tiefe (echte Bäume) werden schnell unübersichtlich. Eine alternative Methode zur Baumgenerierung ist in http://www.koehntopp.de/kris/artikel/sql-self-references/ , http://www.koehntopp.de/tree.phps , http://www.develnet.org/tech/tutorials/3.1.html beschrieben. Multiple Joins In komplizierten Szenarien kann es vorkommen, mehr als zwei Tabellen gleichzeitig zusammenführen zu müssen. Ein Beispiel ist ein Seminarmanagementsystem, in dem Seminare, Seminartermine, Teilnehmer und Kostenstellenverantwortliche miteinander in einer Bestelltabelle verknüpft werden müssen: Um eine Bestellung ausgeben zu können, muß über die Termin-ID einer Bestellung die Seminar-ID eines Termins gesucht werden. select s.titel, t.beginn from seminar as s, termin as t, bestellung as b where s.sid = t.sid and t.tid = b.tid Die Joins werden hier einfach hintereinander geschrieben, und für je zwei miteinander zu verbindende Tabellen wird eine Bedingung in die WHERE-Clause mit eingeführt. Im Einsatz wird dann meist noch mindestens eine weitere Bedingung eingeführt, die nicht zu den Joins gehört, sondern eine Einschränkung auf dem zusammengeführten Bestand ist. Dies kann zum Beispiel eine Teilnehmer-ID oder eine Seminar-ID sein. In der WHERE-Clause befinden sich also Join-Bedingungen und Selektionsbedingungen. Multiple Left Joins In manchen Fällen will man mehrere Left Joins miteinander verbinden. Dabei kann es zur Bildung von Sternen oder Kaskaden kommen. Ein Stern liegt vor, wenn zwei abhängige Tabellen von derselben aufspannenden Tabelle abhängen. Eine Kaskade liegt vor, wenn eine aufspannende Tabelle eine abhängige Tabelle aufspannt, die wiederum eine weitere abhängige Tabelle aufspannt. select * from kunde as k left join ord as o on k.kid = o.kid left join x on k.kid = x.kid +\u0026mdash;\u0026ndash;+\u0026mdash;\u0026mdash;-+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+ | kid | name | oid | datum | kid | xid | kid | +\u0026mdash;\u0026ndash;+\u0026mdash;\u0026mdash;-+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+ | 1 | Hans | 2 | 2002-03-03 | 1 | 1 | 1 | | 2 | Franz | 1 | 2002-03-04 | 2 | NULL | NULL | | 2 | Franz | 3 | 2002-03-02 | 2 | NULL | NULL | | 3 | Otto | NULL | NULL | NULL | 2 | 3 | | 3 | Otto | NULL | NULL | NULL | 3 | 3 | +\u0026mdash;\u0026ndash;+\u0026mdash;\u0026mdash;-+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+ 5 rows in set (0.00 sec) select * from kunde as k left join ord as o on k.kid = o.kid left join item as i on o.oid = i.oid +\u0026mdash;\u0026ndash;+\u0026mdash;\u0026mdash;-+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;+ | kid | name | oid | datum | kid | iid | oid | beschreibung | +\u0026mdash;\u0026ndash;+\u0026mdash;\u0026mdash;-+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;+ | 1 | Hans | 2 | 2002-03-03 | 1 | 3 | 2 | Kein Keks | | 2 | Franz | 1 | 2002-03-04 | 2 | 1 | 1 | Keks | | 2 | Franz | 1 | 2002-03-04 | 2 | 2 | 1 | Noch ein Keks | | 2 | Franz | 3 | 2002-03-02 | 2 | NULL | NULL | NULL | | 3 | Otto | NULL | NULL | NULL | NULL | NULL | NULL | +\u0026mdash;\u0026ndash;+\u0026mdash;\u0026mdash;-+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;+\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;\u0026mdash;+ 5 rows in set (0.02 sec) Einige Konventionen für das Tabellendesign Wir haben im Haus einige Regeln für Tabellen, die das Tabellendesign ein wenig vereinfachen sollen und den Mitarbeitern leichteres Arbeiten ermöglichen sollen: • Jede Tabelle hat einen sprechenden Namen. Der Name ist, wenn möglich, singularform. Zu der Langform des Namens gibt es außerdem eine einheitliche und eindeutige Kurzform mit einem, zwei oder drei Buchstaben. Beispielweise heißt eine Tabelle „kunde“, nicht „kunden“. Ihr Kurzname ist „k“. • Jede Tabelle hat einen Primärschlüssel. Die Primärschlüsselspalte ist immer die am weitesten links stehende Spalte einer Tabelle. Der Name des Primärschlüssels ist der Kurzname der Tabelle mit dem angehängten Kürzel „id“ (kein Unterstrich). • Tritt der Primärschlüssel einer Tabelle in einer anderen Tabelle als Fremdschlüssel auf, so heißt er dort genauso wie der Primärschlüssel. Der Fremdschlüssel in die Tabelle kunde in der Tabelle bestellung heißt also bestellung.kid. • Jede Tabelle hat eine Spalte mit dem Namen changed vom Typ timestamp. Dies ist die am weitesten rechts stehende Spalte dieser Tabelle. • Tabellen, die nur n:m-Beziehungen realisieren, ohne eigene Attribute zu haben, haben keinen Primärschlüssel und unter Umständen auch keine changed-Spalte. Sie haben einen systematischen Namen, der sich aus den Kurznamen der involvierten Tabellen und dem Kürzel „_rel“ zusammensetzt. Beispiel: Eine Bestelltabelle ohne eigene Attribute kann s_t_rel heißen. Sobald eine solche Tabelle weitere Spalten bekommt, die über Fremdschlüssel von anderen Tabellen hinausgehen, muß sie einen eigenen PK und eine changed-Spalte bekommen sowie einen sprechenden Namen erhalten. Indices Ein Index ist eine geordnete Teilkopie des Datenbestandes einer Tabelle. Dadurch, daß der Index geordnet ist, kann mit Hilfe von „Suchen durch Halbieren“ ein Eintrag im Index mit logarithmischem Aufwand gefunden werden. An diesem Eintrag klebt dann die Blocknummer des gesamten Datensatzes im Originalbestand (n=1000, k=10; n=1000000, k=20; n=1000000000, k=30 für b=2). Setzen und Auslesen von Indices Mit Hilfe von „show create table x“ kann die Definition einer Tabelle als SQL-Statement angezeigt werden. Dabei sind auch die genauen Index-Definitionen enthalten. Mit Hilfe von „alter table x add index (y)“ kann ein Index auf eine Spalte gelegt werden. Mit Hilfe von „alter table x add unique (y)“ kann ein unique Index auf eine Spalte gelegt werden. Es ist möglich, einen Index auf eine Kombination von Spalten zu legen: „alter table x add index (y, z)“. Der Index kann verwendet werden, wenn eine Query auf die Spalten y und z losgeht oder wenn eine Query nur auf die Spalte y geht. Er ist nicht nützlich, um eine Query auf eine Spalte z zu beschleunigen. Werden um Platz zu sparen Indices manchmal in Dreiecksform definiert: „(x, y, z), (y, z), (z)“. Wann machen Indices Sinn? Ein Index spart der Datenbank das Durchlesen aller Datenblöcke einer Tabelle. In einem Datenblock sind meist mehrere Datensätze gespeichert (Beispiel: Blockgröße 2048 Byte, Datensatzgröße 50 Byte: 40 Datensätze pro Block). Wenn nur ein Treffer in einem Block enthalten ist, muss dennoch der ganze Block gelesen werden. Wenn die Selektivität des Schlüssels also nicht groß genug ist, rentiert er sich bei einer Suche nicht (Beispiel: Ein Schlüssel auf das Feld „Geschlecht“ in einer Datenbank). Indices machen außerdem nur dann Sinn, wenn das Laden des Schlüssels deutlich weniger Zeit in Anspruch nimmt als das Laden der Datensätze der Tabelle, also wenn der Bestand in den Tabellen groß genug ist. MySQL weiß das, und verwendet bei sehr kleinen Tabellen keinen Index, sondern hält die gesamte Tabelle vollständig im RAM. Ein Index macht also (in absteigener Reihenfolge) Sinn für • alle Primärschlüssel als unique Index (Warum?) • alle Fremdschlüssel als Index. • alle Spalten, die in where-Clauses vorkommen, wenn die Spalte mehr als 20 verschiedene Werte enthält. • alle Spalten, nach denen gruppiert wird • alle Spalten, nac denen sortiert wird Analyse der Performance von Queries mit EXPLAIN Siehe dazu auch das ganze Kapitel http://www.mysql.com/doc/Q/u/Query_Speed.html . Das Kommando „EXPLAIN“ kann jedem SELECT vorangestellt werden. Das Resultat ist eine Tabelle, die die Badness der Query ausgibt. Die Badness der Query ist das Produkt der Zahlen in der Spalte „rows“. Die Badness von zwei unterschiedlichen Queries ist nur bedingt vergleichbar, aber bei der Optimierung einer Query ist die Badness ein wichtiger Faktor, den es zu minimieren gilt. Wichtig sind auch die Ausgaben der Spalten possible_keys und keys, die angeben, welche Indices für die Query in Frage kommen und welche tatsächlich verwendet werden.\n","date":"2002-03-04T00:00:00Z","href":"https://blog.koehntopp.info/2002/03/04/mysql-3.html","tags":["lang_de","talk","publication","internet"],"title":"MySQL 3.23"},{"categories":null,"content":" Enterprise Mail Folien für eine interne Mitarbeiterschulung: Umzug und Erweiterung des Mailsystems bei mobilcom.de; für die evangelische Landeskirche Schleswig-Holstein; für Ver.di.\nWas ist Enterprise Level? Ausfallsicher\nbei Hardwareschaden bei Mailwellen Skalierbar\nüber alle User pro User Mails pro Ordner Order pro User pro Standort pro Domain Integrierbar\nkeine Firma ab einer bestimmten Größe hat ein homogenes Mailsystem unterschiedliche Zugänge für Anwender: POP3/IMAP4, mit SSL?, über Web? Für Anwendungen: Virus-Scanner? Mailinglisten? Pflegeinterfaces? Mail ist missionskritisch, inhomogen, Lock-In unbedingt vermeiden. Offene Software, offene Protokolle -\u0026gt; freie Wahl der Clients, freie Wahl der Serverkomponenten (Soft- und Hardware)\nbessere Skalierbarkeit, bessere Erweiterbarkeit, bessere Integrierbarkeit ins Backend\nHardwarekonzept Mailserver doppelt\nJede Maschine kann für beide übernehmen Storage doppelt\njedes Array hat alle Daten Multipathing Mehrere NICs Mehrere Kabelwege Sehr zufrieden mit dem Hardware-Range von Sun: Hardware für jede Größe von der kleinen X1 bis zur E15K, Software ist portabel über den gesamten Range.\nGroßer Schwerpunkt auf ausfallsichere Hardware:\nMonitoring Multipathing Hot Plug Ausfallszenarien:\nKiste fällt aus Migration der IP Migration der Platten Platte fällt aus RAID 1 (Veritas) Softwarekonzept Einsatz von Standardprotokollen\nPOP3, IMAP4, LMTP, SMTP, LDAP Einsatz von Standardsoftware\nsendmail 8.12.1, Cyrus IMAP, perdition Proxy, Veritas (VM, FS, CS), iPlanet Directory 4.x, Interscan Viruswall iPlanet war vorgegeben, da das führende LDAP iPlanet war.\nVeritas war vorgegeben, hat sich als sehr gute Wahl herausgestellt: Entwicklung von failover-Scripten harmlos.\nViruscheck vorgegeben: InterScan im Einsatz bei NetUSE, Kunden arbeiten auch mit Amavis und NAI oder anderen Systemen.\neigentliche Arbeitstiere sind freie Software:\nsendmail 8.12.1 hat bessere LDAP-Integration sendmail ist eigentlich ein MTA-SDK :-) perdition ist ein sehr leistungsfähiger Proxy Plugin-Architektur extrem gutmütig im Deployment übersichtlicher Code cyrus ist ein sehr skalierbarer POP/IMAP-Server schlecht dokumentiert eigenwillige Authentisierungsbibliothek SASL (Exkurs) ordentliche Architektur Skalierbarkeit Sizing\nper User: 1 MB RAM, 2 MB Swap, 1 MHz IMAP braucht mehr SSL braucht mehr! angemessen Plattenplatz Wieviel Plattenplatz ist angemessen?\n3 Kategorien 2 MB, 20 MB, 200 MB Jede Kategorie ist (großes Modell) 5 mal seltener als die vorhergehende (kleines Modell) 10 mal seltener als die vorhergehende Skalierbarkeit II Anwendungsbeispiel: ~5000 User\n700 zugleich verbunden, 100 davon mit IMAP ergeben: 1400 MB RAM, 3800 MB Swap, 700+ MHz 27 oder 63 GB Mailstore\nkleines Modell (27 GB) 45002 MB + 45020 MB + 45*200 MB großes Modell (63 GB) 45002 MB + 90020 MB + 180*200 MB Zahlen wurden auf Linux/Intel ermittelt, und an eigener Cyrus-Installation validiert. Zahlen an der Ist-Installation des Kunden validiert. Skalierbarkeit weitgehend linear. Problem ist partitionierbar.\nMigration Konvertierung\ndes vorhandenen Mailstore, der vorhandenen Aliases, der vorhandenen Listeninfrastruktur, der vorhandenen Routingstruktur Nahtlose Migration durch \u0026ldquo;Rückzug\u0026rdquo;:\n\u0026ldquo;Wechsel von Kopfsteinpflaster auf Autobahn während der Hauptreisezeit\u0026rdquo; Vorbereitung der Konvertierung Umstellung auf das neue System Durchrouten auf das alte System Während der Konvertierung \u0026ldquo;Rückzug\u0026rdquo; auf das neue System Konvertierung des Ist-Bestandes ist aufwendiger, fehleranfälliger als geplant.\nSystem ist grundsätzlich funktionsfähig; Umstellung ist wesentlich holperiger gewesen als intendiert; Umstellungsaufwand auch bei den Anwendern\nMigration II Typische Probleme:\nlustige Ordernamen (IMAP) defekte Aliasdaten Datenbestand nicht komplett wechselndes Mailrouting Hosts liefern mit unerwarteten Namen ein LDAP-Routing verhält sich anders als statisches Routing Umstellung für IMAP-Clients nicht transparent\nCAPABILITY IMAP Subscriptions Ordnernamen Lage des Sent-Folders Umstellung für POP3-Clients weitgehend transparent\ntriviales Protokoll nicht erweiterbar finaler Mailstore auf dem Client IMAP ist ein modulares Protokoll: Extensions sind nicht kompatibel, Normung ist nicht rigide genug. Propietäre Erweiterungen machen den Wechsel schwer Unterschätze niemals den Einfallsreichtum von Anwendern bei der Vergabe von Ordnernamen. Unterschätze niemals die tägliche Zielverschiebung durch das Tagesgeschäft.\nWeitere Szenarien Verteiltes Setup: 50+ Standorte, Workgroup-Size pro Standort, zentrale Administration, Begrenzte Hardwarekapazität\nGroßes Setup\n70 000+ Anwender Mailstore im TB-Bereich Virenscan muß skalierbar sein Quota Webmail Zugang muß skalierbar sein zentrale Bulk-Administration Integration in existierende Stammdatenverwaltung Weitere Szenarien II Zu erwartende Ausbaumöglichkeiten:\nCalendaring lokaler Client Web Access mehr Verschlüsselung Key Management Storage Management Migration alter Mail in Hintergrundspeicher Retrieval alter Mail Sichere Löschung alter Mail Mailtracking ","date":"2002-02-01T00:00:00Z","href":"https://blog.koehntopp.info/2002/02/01/enterprise-mail.html","tags":["lang_de","talk","publication","internet"],"title":"Enterprise Mail: große Mailsysteme, kleine Schmerzen"},{"categories":null,"content":" Directory Services vs. Relationale Datenbanken Überblick:\nEigenschaften von LDAP Eigenschaften von SQL Anwendungsbereiche von LDAP Anwendungsbereiche von SQL Strukturelle Probleme beim Einsatz von LDAP Warum wird LDAP dennoch verwendet? Gibt es weniger problematische Alternativen? LDAP im Schnelldurchlauf Wald von Bäumen aus Knoten Jeder Knoten hat mindestens die Attribute dn, objectClass Attribute sind ein- oder mehrwertig, haben Syntax (Typ) Besonderes mehrwertiges Attribut objectClass bestimmt, welche Attribute vorhanden sind MÜSSEN und DÜRFEN Einwertiges Attribut dn enthält den Pfad durch den Baum und ist Schlüssel (PK) Novell Directory Services, Active Directory und LDAP basieren auf den Ideen von X.500.\nDas Verzeichnis ist ein Wald von Wald von Knoten, Knoten haben Attribute, mindestens dn und objectClass.\nDie Vereinigungsmenge von objectClasses definiert, welche Attribute der Knoten haben MUSS und KANN. Dies entspricht NULL/NOT NULL in SQL.\nAttribute haben eine Syntax (einen Typ). Attribute können einwertig (etwa: dn) oder mehrwertig (etwa: objectClass) sein. Mehrwertige Attribute sind ein Verstoß gegen die 1NF in SQL und müssen in SQL in externe Tabellen ausgelagert werden. Denormalisierungen ziehen idR Anomalien bei INSERT/UPDATE/DELETE nach sich.\nDer dn beschreibt den Pfad durch den Baum und ist PK. PKs sollen strukturlos und invariant sein. Daß der dn nicht strukturlos ist, wird sich als bitteres Problem herausstellen. Daß der dn Positionsinformation enthält wird ihn nahezu unbrauchbar als PK machen (aber LDAP offeriert keine Alternative).\nSQL im Schnelldurchlauf Datenbank als Kollektion von Tabellen, Tabellen als Kollektion von Spalten, Spalten haben Typen Spalten sind NULL, NOT NULL. Spalten sind einwertig. Eine Spalte oder Gruppe von Spalten ist der PK. Spaltendefinitionen mit Typen definieren ein rigides Typschema, das nur durch Nullwerte geringfügig aufgelockert wird. Dennoch flexible Struktur, da über Beziehungen zwischen Tabellen variable Verbindungen aufgezogen werden können. Schlüssel und Integritätsbedingungen sind frei definierbar und frei wählbar.\nUmfangreiches Handwerkszeug zur Definition von Datenstrukturen und deren Pflege vorhanden.\nSQL Operationen SQL erlaubt komplexe Operationen auf Tabellen:\nSelektion (WHERE-Clause) wählt Zeilen Projektion (Spaltenliste) wählt Spalten Aggregation (GROUP BY-Clause) erlaubt Zählungen Join erlaubt Tabellenverknüpfungen Rename erlaubt Self-Joins und damit rekursive Strukturen (Bäume etc) Das Ergebnis jeder Operation ist wieder eine Tabelle. Mit Subqueries kann die generierte Tabelle weiter verarbeitet werden (Relationen \u0026ldquo;Algebra\u0026rdquo;).\nDiese fünf Operationen erlauben es, den auf viele Tabellen verstreuten (normalisierten) Bestand dynamisch zu rekombinieren. Dabei sind auch Rekombinationen möglich, die ursprünglich nicht antizipiert wurden (Ad-Hoc Queries). Ad-Hoc Queries sind ein typisches Phänomen bei der Recherche und der Reportgenerierung.\nSQL ist mächtig genug, um selbstreferentielle Strukturen definieren zu können.\nEine Reihe von Einbaufunktionen entlastet den Client noch weiter und erlaubt es, beträchtliche Teile der Logik im Server ablaufen zu lassen.\nMinimierung des Netzverkehrs und sinnvolle Aufteilung der Anwendung zwischen Server und Client.\nLDAP Anwendungen Authentisierung\nam OS (PAM) an der Anwendung (mod_auth_ldap etc.) Konfigurationsdaten\nNetscape Roaming sendmail Aliases etc. Verzeichnis (Recherche)\nAdreßverzeichnisse Characteristika:\nkurze Verbindungen connect, query, disconnect connect, disconnect (authentication only) triviale Queries Existenzanfragen Attributanfragen (dn, attribut) -\u0026gt; (werte) Objektauslesung (dn) -\u0026gt; (attribute, werte) Sinnvolle Anwendungen von LDAP:\nHit and Run-Anwendungen: Anmeldung am OS, am Webserver, am IMAP/POP-Server. Laden von Konfigurationsobjekten aus dem LDAP-Server. LDAP ist für Lesen optimiert. LDAP ist für viele Zugriffe pro Sekunde optimiert. SQL Anwendungen Datenspeicher für Anwendungsdaten\nPersistente Daten Normalisierte Daten Business Rules\nIntegritätsbedingungen Accessfunktionen Lockingmechanismen\nZugriff durch mehrere Instanzen derselben Anwendung Zugriff durch verschiedene Anwendungen Characteristika:\nlange Connects mit vielen Queries langlaufende Queries Joins Sortierungen berechnete Werte viele Schreiboperationen konkurrente Schreiboperationen -\u0026gt; Locking zusammengesetzte Schreiboperationen -\u0026gt; Transaktionen Sinnvolle Anwendungen von SQL: Stay and Run-Anwendungen; eine Verbindung, viele Queries. Möglichst viele Daten auf dem Server verwerfen, nur die notwendigen Daten übertragen.\nKomplexe und konkurrente Updates; Locks; Transaktionen.\nBusiness Logic an den persistenten Objekten der Anwendung speichern, Daten werden zwischen verschiedenen Anwendungen shareable.\nDie Integritäts- und Update-Logik für diese Daten klebt an den Daten, nicht in den verschiedenen Anwendungen.\nKein Zugriff, insbesondere kein schreibender Zugriff an dieser Logik vorbei möglich.\nRelationenmodell in Verzeichnisdiensten Woher kommen die Daten im Verzeichnis?\nWelches ist das führende System? Wie strukturiere ich den Verzeichnisbaum?\nNebenbedingungen: Replikation Naming Attributes Wie strukturiere ich meine objectClasses?\nWelche Art von Anfragen wird erwartet? Sollte ich nicht doch lieber ein RDBMs nehmen?\nDas Hauptproblem besteht oft darin, daß versucht wird, LDAP für mehr als simple Logins einzusetzen. Selektion und Projektion sind vorhanden; Aggregation, Join und Rename nicht. LDAP-Struktur muss die auftretenden Anfragen antizipieren.\nPKs sind instabil. Nebenbedingungen der Replikation machen stabile PKs oft unmöglich. Diese Faktoren bestimmen das Design von LDAP.\nLachhafte technische Basis erzeugt eigenartige technische Anforderungen. LDAP-Server halten den Datenbestand effektiv im RAM. Der Datenbestand kann daher eine vorbestimmte Größe kaum überschreiten.\nLDAP-Server geben nur partiell relevante technische Daten an: Queries/sec nicht mit SQL vergleichbar. Wo ein LDAP 40.000 Queries braucht, kommt SQL mit einem Join hin.\nHäufige Designprobleme in LDAP LDAP wird als führende Datenbank eingesetzt\nLDAP wird stark beschrieben\nLDAP wird konkurrent beschrieben\nLDAP dynamisch beschrieben\nEs bestehen abzufragende Beziehungen zwischen LDAP-Objekten\nLDAP wird zur Reportgenerierung verwendet\nDer LDAP-Bestand wird hierarchisch strukturiert\nDer LDAP-Bestand muss hierarchisch strukturiert werden\nSetzt man LDAP als Verzeichnisdienst (also als Logindatenbank) ein, kann es funktionieren. Jeder andere Ansatz wird sehr, sehr weh tun.\nLDAP wird als führende Datenbank eingesetzt LDAP-Attribute haben eine Syntax (einen Typ)\nTypen sind zahlreich und im Standard vordefiniert Typen sind schwer erweiterbar Integritätsbedingungen können nicht definiert werden. iPlanet erlaubt Plugins, die Integrität checken können. Beziehungen zwischen Objekten sind in LDAP nur schwer darstellbar und instabil.\nPK ist immer der dn dns sind jedoch unter Umständen instabil Aliases sind ein optionales Feature von LDAP\nNur Blattknoten können Aliases sein. LDAP bietet nicht die adäquaten Mechanismen, um als führende Datenbank eingesetzt werden zu können: Intra-Objekt-Integrität nur durch Typen (Syntaxen) gewährleistet, keine Trigger, keine Foreign Keys. Inter-Objekt-Integrität nur durch propietäre Plugins (Compilate) gewährleistet, keine Stored Procedures, Trigger, Rules. Typensystem nicht durch Definitionen oder Einschränkungen erweiterbar.\nKeine Joins, Renames, und damit keine Relationen. Nachbildung von Joins durch Prejoins (Struktur oder Aliases) oder durch iterative Queries. Iterative Queries erzeugen wahnwitzigen Traffic im Netz und auf dem Server. Beispiel: Liste von Usern nach Standorten\nLDAP wird stark beschrieben LDAP ist als Protokoll für Leseoperationen optimiert.\nEs existiert noch kein standardisiertes Bulk-Update Protokoll.\nIn OpenLDAP und iPlanet ist der LDAP-Datenspeicher ein Sleepycat DB/3. In einigen LDAP-Servern sind Schreiboperationen ungeschickt implementiert: Flush nach jedem Write. Replikation zwischen Servern skaliert sich nicht gut bei starken Schreiboperationen.\nNicht standarisiert. Oft als reguläre Schreiboperation eines privilegierten Benutzers implementiert (\u0026ldquo;triviale Implementierung\u0026rdquo;) iPlanet kann immerhin out-of-sync Replica automatisch neu aufbauen. In älteren LDAP-Servern flog nach heftigen Updates die Replica weg: Jedes Write auf den Server gab ein Write auf der Replication. Jedes Write gab ein Flush auf die Platte.\nLDAP ist zwar standardisiert, aber heterogene Replikation ist dennoch noch immer eine schwarze Kunst.\nWenn Replikation über reguläre Writes mit einem speziellen User realisiert ist, skaliert sie sich nicht gut. Proprietäre Bulk-Updates skalieren sich gut, erzwingen aber homogene Serverinstallationen.\nLDAP wird konkurrent beschrieben LDAP definiert einzelne add oder modify-Operationen als atomar. LDAP kennt keine Locks und keine Transaktionen Synchronisation und Konsistenz sind damit Sache der Anwendung. Hierzu ist wenig zu sagen:\nOhne Transaktionen kein Undo von mehrteiligen Updates, keine Read-Konsistenz. Ohne Locks ist so etwas auch kaum nachbildbar. Beispiele:\nVergabe von uids beim Usereintrag durch klassischen read-modify-write-Zyklus: Bestimme höchste belegte UID. Ermittele nächsthöhere UID. Belege diese UID im LDAP. Da keine Locks vorhanden sind, ist rmw nicht implementierbar (aber UID kann als Attribut UNIQUE gesetzt werden).\nDamit schlägt ein doppelter ADD fehl -\u0026gt; retry (Potential für Livelock) LDAP wird dynamisch beschreiben Viele LDAP-Server speichern die Schema-Definition out-of-band\nExterne Dateien, die per include in die Serverkonfiguration mit eingebunden werden. Damit ist eine Änderung des Schemas im Betrieb und durch LDAP unmöglich.\nDies fördert sehr entspannte objectClass-Definitionen (MAY-Inflation) Out-of-band Schemadefinition macht Introspektion schwierig\nWelche objectClasses kennt der Server? Welche Attribute erlauben und definieren sie? Dynamische Schemadefinition ist nur in esoterischen Anwendungen von Bedeutung.\nEntwicklungssysteme Generische Infrasturkturanwendungen Ähnliche Argumentationen gelten für Introspektion.\nBeziehungen zwischen LDAP-Objekten Der PK in LDAP ist immer der dn.\nDer dn ist nicht opaque, sondern hat Struktur: Pfadinformation. Konsequenz: dns sind instabil. Verschiebt man ein Objekt im Baum, ändert sich der dn. Damit sind alle Referenzen auf das Objekt ungültig. iPlanet dn Plugin; cascading Updates LDAP kennt keine JOIN-Operation\nPrejoined Structures über Aliases oder andere Referenzen keine dynamisch zusammengesetzten Strukturen. Aliases sind nicht generisch (Leaf-Nodes only). LDAP kennt kein Join (und kein Rename): Art der antizipierten Anfragen bestimmt die Struktur des Schema. Ad-Hoc Anfragen sind prinzipiell nicht oder nur mit gewaltigem Overhead realisierbar.\nBei Kenntnis der Struktur ist die Konstruktion einer pathologischen Anfrage eine Fingerübung für den geübten Designer: Invertiere die Struktur und konstruiere eine sinnvolle Anfrage auf der invertierten Struktur.\nDa der dn nicht opak ist, sind keine stabilen Referenzen implementierbar. dn-Rename Plugin von iPlanet generiert entsprechend gewaltige Serverlast.\nLDAP wird zur Reportgenerierung verwendet LDAP kennt keine Aggregation\nReports können nur durch Durchlesen des Bestandes erstellt werden. LDAP kennt keine serverseitigen Funktionen\nFunktionswerte können nur durch Durchlesen des Bestandes erstellt werden. LDAP kennt keinen JOIN\nReports machen oft Gebrauch von ad-hoc Beziehungen zwischen Teilmengen, aber ohne Join können diese nicht effizient generiert werden. Beispiele:\nWelche Mitarbeiter haben mehr als einen PC? Welche PC werden von mehr als einem Mitarbeiter verwendet? Beachte die Invertierung.\nLDAP hat keine Einbaufunktionen. Statistiken scheiden ganz aus.\nHierarchische Struktur im LDAP I Der PK in LDAP ist immer der dn.\nDer dn enthält Strukturinformation.\nÄndert sich die Position eines Objektes in der Struktur, ändert sich der PK dieses Objektes\nKlassischer Fall von nicht normalisierter Struktur: Daten und Struktur nicht getrennt\nEin Objekt ist oft Mitglied in verschiedenen Hierarchien\nMitarbeiter ist einsortiert organisatorisch (\u0026ldquo;Abteilung 1.3.2\u0026rdquo;) räumlich (\u0026ldquo;Deutschland, SH, Kiel, Hauptstelle\u0026rdquo;) projektbezogen (\u0026ldquo;IT Infrastruktur, Netzwerke, UMTS-Pilot\u0026rdquo;) Redundante Datenhaltung durch nicht normalisiertes Datenmodell Veränderliche PKs, Datenbankdesigners Alptraum: nicht normalisiert.\nBaumstruktur enthält die Daten selbst, keine Referenzen auf die Daten nur ein Baum, nicht mehrere, möglich Besser:\nunstrukturierte Menge von Objekten Baumstruktur mit Zeigern in diese Objekte. Hierarchische Struktur im LDAP II LDAP erlaubt die Partitionierung des Bestandes nur nach Teilbäumen\nErzwingt die Bildung von Hierarchien im Bestand\nErzwingt damit instabile dns\nPartition: Vollständige Überdeckung durch disjunkte Teilmengen. Definiert Äquivalenzklassen (etwa: gerade, ungerade).\nPartition: Wird für Replikation gebraucht\nTriviale Partition: Identität. LDAP partitioniert nur nach Naming Attributes\nOracle partitioniert nach beliebigen Prädikaten zur Äquivalenzklassenbildung.\nReplikation erzwingt hierarchische Struktur, die Eingang in den dn findet.\nMigriert ein Objekt von einer Partition in eine andere (\u0026ldquo;Standortwechsel\u0026rdquo;), ändert sich zwingend der dn und damit werden alle Referenzen ungültig.\nGroßes Dilemma!\nWir designen: 3-Level-LDAP, wann immer möglich (ou=tablename, o=company, c=de)\nFazit I LDAP ist der Teil von X.500, der \u0026ldquo;brauchbar\u0026rdquo; war. LDAP verwirft elementare Erkenntnisse des relationalen Datenmodells. Damit ist auch der brauchbare Teil von LDAP aus der Sicht des Datenbankdesigners unbrauchbar und gefährlich. Der Einsatz von LDAP als führende Datenbank ist zu vermeiden. LDAP-Bestände sind möglichst als flache Tabellen zu strukturieren. Nichttriviale Dinge sind mit LDAP nicht zu realisieren. Triviale Dinge sind mit LDAP schwierig oder gefährlich. LDAP verstößt so ziemlich gegen jeden Grundsatz des relationalen Modells: Nicht 3., nicht 2., ja nicht einmal 1. NF Daten aus dem LDAP sind damit kaum weiterzuverarbeiten\nLDAP ist gefährlich, wenn LDAP führendes oder feedendes System ist. LDAP ist eine Datensackgasse.\nWie kann es sein? Haben die alle in Datenbanken 101 gepennt?\nWarum dann keine relationalen Systeme? Deutschland, 9.00 Uhr:\n150.000 MA loggen sich ein.\nJedes Login ist ein Connect, gefolgt von einem Disconnect.\nJeder Connect erzeugt in Oracle einen fork, einen exec und einen 5 MB schweren Subprozeß, der dann sofort weggeworfen wird.\nLDAP als wire-protocol ist genormt.\nLDAP als query-language ist unbrauchbar, aber sehr rigide genormt.\nLDAP ist auf connect/disconnect optimiert.\nTraditionelle RDBMs sind zu heavyweight.\nIndustriefehlschlag: Kein ausreichend genormtes wire protocol\nODBC: too little, too late Industriefehlschlag: Keine ausreichend leichtwiegigen SQL-Datenbankprodukte.\nAber: MySQL. Warum dann kein MYSQL? MySQL?\nConnect/disconnect problemlos\nread-mostly\nReplikation\nHat volle SQL-Syntax\nSelektion, Projektion, Aggregation, Join, Rename Speichereffizienter als iPlanet oder OpenLDAP\nAls wire protocol nicht genormt\naber: Source liegt offen, GPL bzw. LGPL In kommerziellen Clients nicht unterstützt.\naber mod_auth_mysql, PAM usw Trivial zu implementieren.\nKein IETF-Prozeß.\nMySQL ist in vielen Fällen gegenüber LDAP eine echte Alternative: bessere Performance und Skalierbarkeit.\nLeichter in SQL-Feeder integrierbar wegen kongruenter Datenstrukturen. Open Source. Weniger lächerlicher Ressourcenverbrauch. Und XML? LDAP und XML haben strukturell viel gemeinsam\nRückkehr zu hierarchischen (Datenbank-) Systemen. Liste der Nachteile dieser Systeme in Datenbanken 101 nachlesbar. Keine führende Datenhaltung in hierarchischen Systemen! Wir haben in den Betrieben für viel Geld diesen Unsinn gerade ausgerottet und nun kommt er mit wieder. Mit Macht!\nGenau wie LDAP implementiert auch XML ein schwach getyptes hierarchisches Modell zur Datenspeicherung und eine relational unvollständige Abfragesprache (Xpath, Xquery).\nXML-Speicher müssen genau untersucht werden:\nTransportspeicher sind okay (SOAP, WDDX etc) Lagerspeicher sind gefährlich und müssen relational normalisiert werden. XML generiert als Bonus gewaltige Speicher- und Parser-Overheads.\nKann ein Binärprotokoll verwendet werden? XML und Java gehen gut zusammen:\ngroß, teuer, hip, technisch partiell irrsinnig ","date":"2002-01-31T00:00:00Z","href":"https://blog.koehntopp.info/2002/01/31/ldap-vs-sql.html","tags":["lang_de","talk","publication","internet"],"title":"LDAP vs. SQL"},{"categories":null,"content":"Vortrag auf der Alcatel SEL Stiftungskonferenz, Mai 2001\nFiltersysteme, Regionalcodes, Dongles \u0026amp; Co. Intellectual Property Rights in unserer Kultur Kulturelle Synchronisation Tendenzen und Visionen Zusammenfassung Intellectual Property Rights Disclaimer: IANAL! Sicht eines Informatikers auf IP Urheberrechte Markenrechte Patentrechte → Wahrscheinlich nicht vollständige Liste (aber die, die einem täglichen Leben und in Kursen begegnet)\nUrheberrechte in Massen während der Ausbildung Allgemeinbildung, Fachausbildung bei der Arbeit Nachschlagewerke, Datenbanken, akademische Kommunikation, Zeitschriften, Handbücher Werke von Kollegen und Partnern in der Freizeit Musik, Film, Bücher, Aufführungen\u0026hellip; in Bibliotheken und Medienzentren → Wieso \u0026ldquo;kommende\u0026rdquo; Informationsgesellschaft\nandere IP-Rechte Markenrecht Domainnamen-Recht ist Markenrecht plötzlich bis weit in den privaten Bereich hinein wirksam Abmahnwahn Patente jetzt auch zunehmend in der Softwareentwicklung und in der Betriebswirtschaft Softwarepatente Business Method Patente nicht jedoch in der Juristerei und Legislative keine patentierten Verteidigungen keine patentierte Gesetzgebung IP und Kultur \u0026ldquo;Standing on the shoulders of giants\u0026rdquo;\nJede Innovation und jede Kreativität macht zu einem wesentlichen Teil Gebrauch von kulturellen Vorleistungen → Was sind das für Vorleistungen?\nKulturelle Vorleistungen \u0026ldquo;Darmokros\u0026rdquo; (Implizite Kulturelle Vorleistungen) gemeinsame kulturelle Basis macht Austausch überhaupt erst möglich Zugehörigkeit zu einer Kultur und einer Reihe von Subkulturen gemeinsame Kulturtechniken gemeinsamer Geschichten- und Geschichtsvorrat \u0026ldquo;Zitate\u0026rdquo; (Explizite Kulturelle Vorleistungen) Zitate Samples Icons, Symbole Referenzen Plagiate und Parodien, Verfremdungen Kulturelle Synchronisation \u0026ldquo;Mempropagation\u0026rdquo; in großem und in kleinem Maßstab \u0026ldquo;Öffentlichkeit\u0026rdquo; (\u0026ldquo;Bild\u0026rdquo;, \u0026ldquo;heute\u0026rdquo;) gemeinsames Erleben (\u0026ldquo;Titanic\u0026rdquo;, \u0026ldquo;Big Brother\u0026rdquo;) durch Kopie durch Leihe durch Referenz und Empfehlung Dieser Austausch ist erwünscht (und geschützt?!?) Urheberrecht → fair use, time \u0026amp; space shift, personal copies Patentrecht → use in R\u0026amp;D, Science Tendenz Diese Nutzungsarten werden durch Formalisierung und technische Sicherungen unzugänglich gemacht Warum dieser Trend? Publishing Pipeline und Kopiequalität Länge 2, Länge \u0026lt; 2? \u0026ldquo;Kommunikations-Infrastruktur\u0026rdquo;: Obwohl mehr Leute als je zuvor am Zustandekommen einer einzelnen Kommunikation beteiligt sind, ist die einzelne Kommunikation immer individueller geworden. \u0026ldquo;Mediatorfreie Kommunikation\u0026rdquo; Jugendschutz, Urheberrechtsschutz, Steuererhebung, Innere Sicherheit \u0026ldquo;überregionale Gruppenbildung\u0026rdquo; Reaktionen auf diese Tendenz Ansatz am Sender/Empfänger Unerwünschte und illegale Aktionen erschweren oder unmöglich machen. Mediatorfreie Kommunikation verbieten Filter, automatisierte Kommunikationskontrolle Kommunikation verteuern \u0026ldquo;Sendesteuer\u0026rdquo;, \u0026ldquo;Senderregistrierung\u0026rdquo; → zugleich starke Monopolbildner natürliche Kartelle Lock-In Technische Mechanismen Identifikationsmechanismen Content-Identifikation (\u0026ldquo;Filetyping\u0026rdquo;, \u0026ldquo;Watermarking\u0026rdquo;) Maschinen-Identifikation (\u0026ldquo;Dongles\u0026rdquo;, CPU-IDs, UUIDs) Benutzeridentifikation (digitale Signatur, Biometrie) operationelle Kontrollmechanismen trusted system (signed drivers, code validation) use restrictions DVD: Region Code, Operator Controls, Macrovision PDF: Operationsliste (\u0026ldquo;cut\u0026amp;paste\u0026rdquo;, \u0026ldquo;print\u0026rdquo;, \u0026ldquo;search\u0026rdquo;) Secure Audio Path: analog out, digital out CPRM: Handling by trusted applications only, copy control Szenario Windows XP mit Office XP und Media Player time limited, node locked license signed drivers über Windows Update keine Updates für kompromittierte Lizenzen Benutzer erstellt eigenes IP in proprietärem Format, kommt an dieses IP nur heran, wenn er ein funktionierendes System hat Benutzer kauft fremdes IP, kommt an dieses IP nur heran, wenn er ein funktionierendes, nicht kompromittiertes System hat mit CPRM auch nur mit bestimmten, trusted applications → perfektes Lock-In Szenario Szenario II Windows XP mit Office XP und Media Player Hardwarehersteller will Treiber für Windows veröffentlichen, damit seine Hardware an Windows läuft Treiber ist nur problemfrei installierbar, wenn er durch den OS Hersteller signiert ist. noch hypothetisch, aber im Spielkonsolenmarkt üblich: Softwarehersteller zahlen für das Recht, für eine Konsole (ein Betriebssystem) entwickeln zu können. Auch in Windows denkbar (CPRM und Display Encryption): trusted applications brauchen eine Signatur durch den OS-Hersteller → Lock-In auch auf der Herstellerseite Szenario III Windows XP mit Office XP und Media Player Content-Hersteller will Content in WMP-Formaten anbieten. Content muß digital signiert sein, damit er geschützt ist. Schlüssel werden durch den OS Hersteller signiert. → Lock-In auch für Content-Anbieter\nSzenario IV Windows XP mit .NET Internet-Dienstanbieter möchte Content über das Internet verteilen: Content muß sich in das Windows DRM einfügen. Dazu muß der Inhalt die richtigen Signaturen tragen. Wie zuvor. Dazu muß der Käufer identifiziert werden. MS Passport → Lock-In für Shophersteller → Kein anonymer Netzzugriff mehr möglich Biometrie zufügen und auch die Jugendschützer sind zufrieden Zusammenfassung Die Bausteine für sicheres DRM sind da. Wollen wir die wirklich haben? Wo ist in diesem Modell Platz für herkömmliche Distributoren? Autoren, Musiker, Werkschaffende? Open Source? Privacy? \u0026ldquo;intellektuellen Wohlstand und Bestand\u0026rdquo;? ","date":"2001-05-01T00:00:00Z","href":"https://blog.koehntopp.info/2001/05/01/filtersysteme-dongles-und-co.html","tags":["lang_de","talk","publication","internet"],"title":"Filtersysteme, Dongles und Co."},{"categories":null,"content":" CVS - Was ist das? Concurrent Versioning System\nSystem zur Versionsverwaltung von Dateien Arbeitet auf Dateibäumen, nicht auf einzelnen Dateien Arbeitet ohne Locking Netzwerkfähig freie Software CVS wird für alle wichtigen Open Source Projekte eingesetzt\nAusnahme Linux-Kernel Das ist ein Problem. Grund: Wahrscheinlich Interessenkonflikte Larry McVoy, Bitkeeper (Bitmover.com) Offiziell: Kernel ist zu groß für CVS Gegenbeweis: KDE, GNOME, Star Office CVS - Begriffe Repository Referenzkopie eines Quelltextes auf dem zentralen Server. Workspace Ausgecheckte Arbeitsversion eines Repositories. Diff Änderungsanweisungen, um eine Datei von Version x auf Version x+n zu bringen Patch Einarbeiten dieser Änderungen Commit Diff eines Workspace gegen das Repository, der ins Repository gepatched wird. Update Diff eines Repository gegen eine ältere Repository-Version, der in den Workspace eingearbeitet wird. Merge Einspielen eines Updates in eine geänderte Workspace-Version ohne Konflikt. Konflikt Einspielen eines Updates in eine geänderte Workspace-Version, wobei die Änderungen widersprüchlich sind. Revision Versionsnummer an einer Datei (für jede Datei individuell) Tag Gemeinsamer Name für gleichalte Dateien unterschiedlicher Revision. Logmessage Nachricht, die mit einem Commit mitgesendet wird. Diff und Patch CVS weiß, welche Version im zentralen Repository aktuell ist.\nCVS weiß, welche Version in den Workspace geladen wurde.\nCVS erstellt ein Diff zwischen Workspace-Version und Repository-Version.\nCVS patched den Workspace mit diesem Diff.\nDer Workspace-Patch gelingt\nfür alle Dateien, die im Workspace nicht bearbeitet wurden. für bearbeitete Dateien, wenn die bearbeiteten Bereiche sich nicht mit dem Patch überlappen. Konflikte werden markiert und beide Versionen zusammen präsentiert.\nKonflikte muss der zweite Developer manuell lösen, bevor er comitten kann. CVS - Wie funktioniert es? Jan checkt eine Kopie von modlogan (main.c, 1.4; parse.c, 1.2) aus.\nJan sieht fern.\nKristian checkt eine Version von modlogan (main.c, 1.4) aus.\nKristian bastelt an modlogan (main.c, 1.5; parse.c, 1.3) rum.\nJan bastelt an modlogan (main.c, 1.4) rum.\nJan will comitten, geht nicht.\nJan updated.\nPatch parse.c, 1.2 -\u0026gt; 1.3 Patch main.c, 1.4 -\u0026gt; 1.5? Jan comitted.\nEveryday CVS Initales Checkout $ cd ~/Source $ export CVSROOT=:pserver:user@host:/repository $ cvs -d $CVSROOT login Password: $ cvs -z9 -d $CVSROOT co Modul $ cd Modul Update $ cd Modul $ cvs -z9 update -dAP Commit $ cvs -z9 update -dAP $ cvs commit Diff $ cvs diff -u Status $ cvs status -v Annotation $ cvs annotate \u0026lt;datei\u0026gt; | less CVS - Paßworte und Optionen Paßworte werden in der Datei .cvspass abgelegt Verschlüsselung nur schwach kk@wwwx ~ $ cat .cvspass :pserver:kk@cvs.php.net:/repository Ah\u0026amp;#060Z :pserver:kk@ca.php.net:/repository Ah\u0026amp;#060Z :pserver:kk@wwwx.netuse.de:/repository A\u0026amp;#060hZ Optionen werden in der Datei .cvsrc abgelegt. kk@wwwx ~ $ cat .cvsrc cvs -q -z9 update -dAP diff -u status -v Globale Optionen nach dem CVS-Kommando .cvsrc-Schlüsselwort \u0026ldquo;cvs\u0026rdquo; Subcommand-Optionen nach dem Subcommand, vor den Dateinamen .cvsrc-Schlüsselwort ist der Subcommand-Name CVS - Repository anlegen Anlegen: $ export CVSROOT=~/CVS $ cvs init Erzeugt ~/CVS/CVSROOT.\nDarin jede Menge Default-Dateien. So (lokal) wird auch ein pserver-Repository angelegt.\nDanach Eintrag in /etc/inetd.conf. SIGHUP! /etc/inetd.conf:\ncvspserver stream tcp nowait cvs/opt/bin/cvs /opt/bin/cvs --allow-root=/repository pserver --allow-root=/repository\nAngabe des lokal angelegten Repository pserver\nSubcommand für Servermodus. Kann auch mit tcp-Wrapper betrieben werden.\nCVS - User zu Repository zufügen CVSROOT/config\nSystemAuth=\u0026quot;no\u0026quot; Unix-Paßwortdatei wird nicht beachtet. passwd Drei Spalten User Paßwort Unix-User-Mapping 3readers Ein Username pro Zeile Listet User ohne Commitrecht.\tZufügen:\nhtpasswd ./passwd user echo \u0026ldquo;:cvs\u0026rdquo; \u0026raquo; passwd CVS - Neues Projekt anlegen Source muss in einem Verzeichnisbaum vorliegen.\nSource darf keine Verzeichnisse \u0026ldquo;CVS\u0026rdquo; enthalten.\nModul importieren:\nIns Modulverzeichnis wechseln. cvs import -m \u0026quot;Neu\u0026quot; modul user start Danach Modulverzeichnis löschen (wegmoven!). Danach checkout. cvs -d $CVSROOT co modul CVS - Aktualisieren und Commit Aktualisieren des CVS:\ncvs update cvs -q update -dAP Am günstigsten automatisch per Cronjob.\nCommit immer manuell\nund immer mit Logmessage. CVS - Keywords Dateien können Keywords enthalten. Diese werden in $ $ eingeschlossen. Keywords werden beim update und checkout durch Werte substituiert. Keywords: Id, Log Author, Date, Header, Name, Revision, Source, State Keyword-Expansion kann abgeschaltet werden Wichtig für Binäre Dateien cvs add -ko bla.c cvs admin -kb bla.gif CVS - Was haben die anderen getan? Änderungen der anderen als Diff:\ncvs diff -u Auch für einzelne Dateien Status des eigenen Workspace\ncvs status cvs status -v Detailhistorie einer Datei:\ncvs annotate \u0026lt;datei\u0026gt; Beispiel:\ncvs annotate main.c\nCVS - Dateien zufügen und lôschen Dateien zufühen mit add\ncvs add datei.c Daeien entfernen mit remove:\nErst Datei löschen. Dann cvs remove datei.c Änderungen werden erst nach einem Commit wirksam.\nVerzeichnisse zufügen\nmkdir neu cvs add neu touch neu/a.c cvs add neu/a.c Verzeichnisse entfernen\nVerzeichnisse können nicht entfernt werden? Warum? (Nachdenken) CVS - Releases erzeugen und holen Alle Dateien eines Worksapce können einen gemeinsamen symbolischen Namen bekommen cvs tag NAME Tagged Names können beim Update verwendet werden. cvs udpate -r NAME Das wird \u0026ldquo;sticky\u0026rdquo; Neue Versionen werden nicht mehr automatisch geladen. Zuordnen von Versionen und Tagged Names: cvs status -v Statt Tags können auch Datumsangaben verwendet werden. cvs update -D Datum ","date":"2000-12-15T00:00:00Z","href":"https://blog.koehntopp.info/2000/12/15/cvs.html","tags":["lang_de","talk","publication"],"title":"CVS - Was ist das?"},{"categories":null,"content":" Cisco IP Phone XML Dokumentation bei Cisco\nAls HTML: http://www.cisco.com/en/US/products/sw/voicesw/ps556/ Auch als PDF: http://www.cisco.com/univercd/cc/td/doc/product/voice/sw_ap_to/devguide/phsvcdev.pdf Definiert nur sehr wenige Tags Ruft bei Druck der Service-Taste eine vordefinierte Seite auf Diese Seite bekommt keine Parameter Das ist doof! Diese Seite ist im Normalfall ein Menü Tagliste Definierte Elemente:\nCiscoIPPhoneMenu CiscoIPPhoneText CiscoIPPhoneInput CiscoIPPhoneDirectory CiscoIPPhoneImage CiscoIPPhoneGraphicMenu Ist das gutes XML Design?\nUpcase? CiscoIPPhone Prefix statt Namespace? Wahrscheinlich keine vollständige XML-Implementierung Dafür ist das Phone viel zu klein Häufig, daher Standard nur begrenzt von Wert Das entwertet jedoch auch XML Designtools CiscoIPPhoneMenu \u0026lt;CiscoIPPhoneMenu\u0026gt; \u0026lt;Title\u0026gt;Blafasel\u0026lt;/Title\u0026gt; \u0026lt;Prompt\u0026gt;Machwas\u0026lt;/Prompt\u0026gt; \u0026lt;MenuItem\u0026gt; \u0026lt;Name\u0026gt;Profit\u0026lt;/Name\u0026gt; \u0026lt;URL\u0026gt;http://boss/.\u0026lt;/URL\u0026gt; \u0026lt;/MenuItem\u0026gt; \u0026lt;/CiscoIPPhoneMenu\u0026gt; Elementliste war natürlich nicht abschließend: CicsoIPPhoneMenu enthält Title Prompt MenuItem Name URL Beachte:\nCase Sensitivity Kein DEBUG! CiscoIPPhoneText \u0026lt;CiscoIPPhoneText\u0026gt; \u0026lt;Title\u0026gt;Blafasel\u0026lt;/Title\u0026gt; \u0026lt;Text\u0026gt;Lall\u0026lt;/Text\u0026gt; \u0026lt;Prompt\u0026gt;Machwas\u0026lt;/Prompt\u0026gt; \u0026lt;/CiscoIPPhoneText\u0026gt; CiscoIPPhoneText enthält\nTitle Text Prompt Beachte:\nKeine Layoutmöglichkeiten Nicht auf Umbruch verlassen Unterschiedliche Modelle CiscoIPPhoneInput \u0026lt;CiscoIPPhoneInput\u0026gt; \u0026lt;Title\u0026gt;Blafasel\u0026lt;/Title\u0026gt; \u0026lt;Text\u0026gt;Lall\u0026lt;/Text\u0026gt; \u0026lt;Prompt\u0026gt;Machwas\u0026lt;/Prompt\u0026gt; \u0026lt;URL\u0026gt;http://...\u0026lt;/URL\u0026gt; \u0026lt;InputItem\u0026gt; \u0026lt;DisplayName\u0026gt;Name:\u0026lt;/DisplayName\u0026gt; \u0026lt;QueryStringParam\u0026gt;name\u0026lt;/QueryStringParam\u0026gt; \u0026lt;InputFlags/\u0026gt; \u0026lt;DefaultValue\u0026gt;Köhntopp\u0026lt;/DefaultValue\u0026gt; \u0026lt;/InputItem\u0026gt; \u0026lt;/CiscoIPPhoneInput\u0026gt; CiscoIPPhoneInput enthält\nTitle Prompt URL InputItem DisplayName QueryStringParam InputFlags DefaultValue Das wird dann ein GET Kein POST Support CiscoIPPhoneInput Flags Flags:\nA: Ascii Feld T: Telefonnummer, mit * und # N: Numeric E: Equation (ja, wozu auch immer) U: Uppercase Text L: Lowercase Text P: Password (Steht dann im access.log) P „works as a modifer“ (as in AP) CiscoIPPhoneDirectory \u0026lt;CiscoIPPhoneDirectory\u0026gt; \u0026lt;Title\u0026gt;Ruf Mich An!\u0026lt;/Title\u0026gt; \u0026lt;Prompt\u0026gt;*peitsch*\u0026lt;/Prompt\u0026gt; \u0026lt;DirectoryEntry\u0026gt; \u0026lt;Name\u0026gt;For a good time, call...\u0026lt;/Name\u0026gt; \u0026lt;Telephone\u0026gt;0-0190-441777\u0026lt;/Telephone\u0026gt; \u0026lt;/DirectoryEntry\u0026gt; \u0026lt;/CiscoIPPhoneDirectory\u0026gt; CiscoIPPhoneDirectory\nTitle Prompt DirectoryEntry Name Telephone CiscoIPPhoneDirectory II URL Directories Parameter\nKann im Phone gesetzt werden. Zeigt auf ein XML Objekt vom Typ CiscoIPPhoneMenu Erweitert das Menü Directories sonst nur local services Dieses Menü kann enthalten: CiscoIPPhoneInput CiscoIPPhoneText CiscoIPPhoneDirectory (Pflicht) Sinnloserweise nur in dieser Reihenfolge CiscoIPPhoneImage CiscoIPPhoneImage\nTitle\nLocationX -1 center\nLocationY -1 center\nWidth\nHeight\nDepth\nData\nPrompt\n133x64 Pixel, 2 bit Greyscale Settings („3“ black, „0“ white)\nJa, das Format ist geräteabhängig Nein, Cisco hat sich keine Gedanken über Mischbestückung gemacht UserAgent-Hacks? (0,0) is UL-corner\nCiscoIPPhoneImage II \u0026ldquo;generiere 4 Pixel: dunkel, schwarz, hell, weiss\u0026rdquo; -\u0026gt; 1 3 2 0\nals Bits: 01 11 10 00\nals Byte: 00 10 11 01\nals Value: 2D\nBild muß ein Vielfaches von 4 Pixeln pro Zeile haben\nwird dann zu:\n\u0026lt;CiscoIPPhoneImage\u0026gt; \u0026lt;Title/\u0026gt; \u0026lt;LocationX\u0026gt;-1\u0026lt;/LocationX\u0026gt; \u0026lt;LocationY\u0026gt;-1\u0026lt;/LocationY\u0026gt; \u0026lt;Width\u0026gt;4\u0026lt;/Width\u0026gt; \u0026lt;Height\u0026gt;1\u0026lt;/Height\u0026gt; \u0026lt;Depth\u0026gt;2\u0026lt;/Depth\u0026gt; \u0026lt;Data\u0026gt;2D\u0026lt;/Data\u0026gt; \u0026lt;Prompt/\u0026gt; \u0026lt;/CiscoIPPhoneImage\u0026gt; CiscoIPPhoneGraphicMenu CiscoIPPhoneGraphicMenu\nTitle\nLocationX\nLocationY\nWidth\nHeight\nDepth\nData\nPrompt\nMenuItem\nName, URL Das ist nur für wunderliche Sprachen sinnvoll.\nHTTP Parameter Refresh Time (Seconds) URL (optional) Content-Type Cisco dokumentiert ContentType !!! Expires Expired pages will not be added to the URL stack of the phone ","date":"2000-11-03T00:00:00Z","href":"https://blog.koehntopp.info/2000/11/03/xml-cisco.html","tags":["lang_de","talk","publication"],"title":"Cisco IP Phone XML"},{"categories":null,"content":" XML Normensalat XML ist ein sehr unübersichtliches Thema, bestehtend aus einem Strauß von ca. 10 Normen. Einige dieser Normen sind zueinander inkompatibel. Vieles ist noch experimentell, oder noch nicht verabschiedet. Was schon da ist und funktioniert ist jedoch sehr interessant.\nWir kennen die Normen:\nHTML 4.0 -\u0026gt; XHTML 1.0\nXML, XML DTD, Namespaces, DOM, SAX, CSS, Xlink, XPath, XQuery, XML Schema und XSLT\nDas Versprechen: Vereinfachung, Flexibilität und Datenbankintegration.\nWarum XML? XML als Standard erscheint 1996 als eine Markup-Variante von SGML, aber regulärer und einfacher zu parsen. Das Ziel der Norm ist ein vereinheitlichtes Datentauschformat für die Industrie mit den Eigenschaften \u0026ldquo;Self-Describing\u0026rdquo; und \u0026ldquo;lang, aber gut komprimierbar\u0026rdquo;, Ablösung von \u0026ldquo;EDIFACT\u0026rdquo;.\nFür den Entwickler ist das Versprechen Vereinfachung durch normierte Parser und einfache Varidierung durch normierte Datenschemata. API-Normen sind SAX (streaming Parser) und DOM.\nSGML, XML, HTML HTML ist eine SGML, mit einem vorgeschriebenen festen Tag-Vokabular, für die spezielle Anwendung \u0026ldquo;Display von Seiten\u0026rdquo;.\nSGML als Metanorm erlaubt aber die Definition von beliebigen Seitenbeschreibungssprachen. SGML selbst ist eine weitgehend unbekannte IBM-Technologie aus den 70er Jahren, und das merkt man an vielen Stellen. Ohne eine DTD (ein Sprachschema) ist eine SGML nicht parsebar, cf HTML (\u0026ldquo;IMG\u0026rdquo;-Element muss nicht geschlossen werden, andere schon).\nDie DTD für XML definiert eine Sprache, die wohlgeformt ist (Klammerbaum ohne frei stehende Tag, ohne Boolean-Attribute, mit ein paar Vereinfachungen für Srings und Klammern) Wegen der Regelmäßigkeit ist XML ohne DTD parsebar, auch wenn man die Bedeutung der Elemente nicht kennt. Durch die optionale DTD wird XML validierbar.\nNormenumfeld HTML 4 (strict) und CSS 2 sind eine Erweiterung und Bereinigung von HTML 3.2.\nXML und XML DTD sind eine Art Markup-Sprache mit frei definierbaren Tags, also alleine erst mal sinnlos.\nXHTML ist eine Schreibweise von HTML nach den Regeln von XML.\nSAX und DOM sind zwei genormte Parser-APIs, für jede dieser APIs kann es viele unterschiedliche Parser geben.\nNamespaces definieren Verfahren zum Mischen zweier XML-DTDs, Ziel ist die Vermeidung von Namenskollisionen.\nMit XSLT kann man eine Transformation von einem XML zu einem anderen XML spezifizieren, etwa ein Business-XML in XHTML. Ich habe das im Rahmen der dclp FAQ genutzt, um eine FAQ in XML zu schreiben und als HTML-Dokument zu rendern.\nNormenumfeld II Im Business-Umfeld müssen oft Datenaustauschformate spezifiziert werden. Dazu ist ein Schema notwendig. XML DTD ist dazu oft zu sperrig und definiert auch keine Datentypen, die für Programmiersprachen nutzbringend werden. XML Schema schafft Abhilfe.\nZum Ausschneiden und Adressieren von Dingen in XML-Dokumenten XQuery, XPath und XPointer.\nAnwendungen von XML finden wir in\nPICS: Jugendschutz Labels RDF: Allgemeine Objektbeziehungen P3P: Automatischer Vertragsschluß, hier: Privacy Statements XML RPC\u0026lt; SOAP: RPC über HTTP XML Syntax I: Tags XML ist\ncase sensitive verwendet als Zeichensatz überall Unicode erlaubt verkürzte Schreibweise leerer Elemente: \u0026lt;bla\u0026gt;\u0026lt;/bla\u0026gt; wird zu \u0026lt;bla/\u0026gt;. verlangt saubere Klammergebirge: \u0026lt;b\u0026gt;\u0026lt;i\u0026gt;bla\u0026lt;/i\u0026gt;\u0026lt;/b\u0026gt;. Die Tags mit der Sequenz \u0026lt;xml*\u0026gt;\u0026lt;/xml*\u0026gt; sind reserviert. XML Syntax II: Attributes, Entities Tags könnnen Attribute haben. Die sind ebenfalls Case Sensitive, einmalig pro Tag, und müssen zwingend Werte in Anführungszeichen haben (einfache oder doppelte). Leere Attribute werden durch Wiederholung des Namens als String geschrieben.\nZeichendaten werden geparsed, das führt zu Entities. Zwingend sind \u0026amp;lt; und \u0026amp;amp;, auch \u0026amp;gt;, \u0026amp;apos; und \u0026amp;quot;. Beliebige Zeichen sind per Zeichencode definierbar.\nDie DTD kann weitere Entities vordefinieren. Diese können auch externe Files referenzieren. Dadurch bekommmt man einen Include-Mechanismus.\nOder Literale mit CDATA: \u0026lt;[CDATA[\u0026lt;\u0026amp;\u0026gt;'\u0026quot;]]\u0026gt;\nXML Syntax III: Whitespace, Language Whitespace (Tab, LF, CR und Space) ist normalerweise ohne Bedeutung. In besonderen Fällen ist jedoch mehr Kontrolle notwendig. Das Spezialattribut xml:space kann default oder preserve angeben und wirkt auf den Text im Element.\n\u0026lt;beispiel xml:space=\u0026#34;preserve\u0026#34;\u0026gt; Besonders kompliziert. \u0026lt;/beispiel\u0026gt; Weiterhin definiert das Attribut xml:lang die Sprache eines Elementes. Zugelassen sind ISO 639 LC, IETF RFC 1766 LC, ISO 3316 CC, ISO 639 LC-CC, I-, X-\n\u0026lt;beispiel xml:lang=\u0026#34;x-klingon\u0026#34;/\u0026gt; XML Syntax IV: PIs, Comments Dannn gibt es noch Processing Instructions (vgl. PHP) und Kommentare.\n\u0026lt;?xml version=\u0026#34;1.0\u0026#34; ?\u0026gt; \u0026lt;?xml-stylesheet ?\u0026gt; \u0026lt;?php echo \u0026#34;Keks\u0026#34;; ?\u0026gt; \u0026lt;!-- Kommentar --\u0026gt; Kommentare können kein -- enthalten, und kein trailing -, können nicht geschachtelt werden und nicht in Attributen oder Tags stehen.\nEin Beispiel \u0026lt;?xml version=\u0026#34;1.0\u0026#34; encoding=\u0026#34;iso-8859-15\u0026#34; standalone=\u0026#34;no\u0026#34; ?\u0026gt; \u0026lt;books\u0026gt; \u0026lt;!-- ein gutes XSLT Buch --\u0026gt; \u0026lt;book\u0026gt; \u0026lt;author\u0026gt;Michael Kay\u0026lt;/author\u0026gt; \u0026lt;title\u0026gt;XSLT\u0026lt;/title\u0026gt; \u0026lt;isbn\u0026gt;1-861003-12-9\u0026lt;/isbn\u0026gt; \u0026lt;publisher\u0026gt;WROX\u0026lt;/publisher\u0026gt; \u0026lt;categories\u0026gt; \u0026lt;category\u0026gt;Internet\u0026lt;/category\u0026gt; \u0026lt;category\u0026gt;Webpublishing\u0026lt;/category\u0026gt; \u0026lt;category\u0026gt;XML\u0026lt;/category\u0026gt; \u0026lt;/categories\u0026gt; \u0026lt;/book\u0026gt; \u0026lt;/books\u0026gt; \u0026lt;!-- Epilog ist nicht empfohlen --\u0026gt; Die PI deklariert XML-Version, und bestimmt so das Kompatibilitätsverhalten des Parsers und deklariert den Zeichensatz (damit wir Umlaute verwenden dürfen).\nDie Form ist klassisch: Pluralisierter Name der Elemente zeigt einen Container an. \u0026lt;books/\u0026gt; kann Dinge vom Typ \u0026lt;book/\u0026gt; enthalten. Die Eigenschaften eines Buches werden hier als Elemente definiert. Sie könnten auch Attribute sein (nicht für \u0026lt;categories/\u0026gt;, denn Attribute dürfen sich nicht wiederholen).\nDocument Type Declarations DTDs bestimmen, welche Elemente im Dokument vorkommen dürfen, wie sie geschachtelt werden und wie sie wiederholt werden können. Genauso werden Attribute Elementen zugeordnet, mit Defaults und erlaubten Werten versehen.\nIn jedem Fall ist XML auch ohne DTD syntaktisch korrekt, wenn es korrekt geschachtelt ist.\nDTDs am Beispiel: Entities, Elemente DTDs werden aus Entities zusammengesetzt, diese werden literal hin geschreben, oder aus Daten gelesen oder kommen sonstwo her. Es gibt ein paar Konstrukte, die an die Bausteine und Notation von EBNF erinnern.\n\u0026lt;!ENTITY copyright \u0026#34;(C) 2000 NetUSE AG\u0026#34;\u0026gt; \u0026lt;!ENTITY chap1 SYSTEM \u0026#34;file:/home/kk/chap1.xml\u0026#34;\u0026gt; \u0026lt;!ENTITY % content \u0026#34;(#PCDATA)*\u0026#34;\u0026gt; \u0026lt;!ELEMENT chapter (question*)\u0026gt; \u0026lt;!ATTLIST chapter title CDATA #REQUIRED shortname ID #REQUIRED\u0026gt; \u0026lt;!ELEMENT question (keyword*, answer*)\u0026gt; \u0026lt;!ATTLIST question author NMTOKEN #REQUIRED ord NMTOKEN #REQUIRED title CDATA #REQUIRED\u0026gt; \u0026lt;!ELEMENT keyword %content;\u0026gt; \u0026lt;!ATTLIST keyword\u0026gt; \u0026lt;!ELEMENT answer %content;\u0026gt; \u0026lt;!ATTLIST answer ord NMTOKEN #REQUIRED author NMTOKEN #REQUIRED title CDATA #IMPLIED\u0026gt; DTDs am Beispiel: Attribute Genau so definiert die DTD auch Attribute.\n\u0026lt;!ENTITY copyright \u0026#34;(C) 2000 NetUSE AG\u0026#34;\u0026gt; \u0026lt;!ENTITY chap1 SYSTEM \u0026#34;file:/home/kk/chap1.xml\u0026#34;\u0026gt; \u0026lt;!ENTITY % content \u0026#34;(#PCDATA)*\u0026#34;\u0026gt; \u0026lt;!ELEMENT chapter (question*)\u0026gt; \u0026lt;!ATTLIST chapter title CDATA #REQUIRED shortname ID #REQUIRED\u0026gt; \u0026lt;!ELEMENT question (keyword*, answer*)\u0026gt; \u0026lt;!ATTLIST question author NMTOKEN #REQUIRED ord NMTOKEN #REQUIRED title CDATA #REQUIRED\u0026gt; \u0026lt;!ELEMENT keyword %content;\u0026gt; \u0026lt;!ATTLIST keyword\u0026gt; \u0026lt;!ELEMENT answer %content;\u0026gt; \u0026lt;!ATTLIST answer ord NMTOKEN #REQUIRED author NMTOKEN #REQUIRED title CDATA #IMPLIED\u0026gt; Datenmodellierung mit XML: Entities und Attribute Will man XML verwenden, um ein Datentauschformat zwischen Geschäften zu definieren, muß man meist Daten modellieren. Diese Modelle liegen oft als ER-Modell vor. Die Constraints in DTDs sind aber zu schwach, um das zu leisten, was an Constraints in ER-Modellen verwendet wird.\nDazu kommt, daß XML mehrere verschiedene Wege bietet, um Dinge zu modellieren:\nAls Elementhierarchie Mit Attributen Elementhierarchien erlauben komplexe Strukturen, freie Reihenfolgen, sind schachelbar, aber sie sind auch kompliziert anzusprechen und brauchen viel Platz.\nAttribute erlauben Wertlisten, und Defaults, erlauben mit ID und IDREF Queryverweise.\nDatenmodellierung mit XML: Attributwerte Einheiten codieren\n\u0026lt;buch dicke=\u0026quot;987 seiten\u0026quot;/\u0026gt; vs. \u0026lt;buch dicke=\u0026quot;987\u0026quot; einheit=\u0026quot;seiten\u0026quot;/\u0026gt; Schalter codieren\n\u0026lt;img border=\u0026quot;yes\u0026quot;/\u0026gt;, discouraged für SGML Kompatibilität \u0026lt;img border=\u0026quot;border\u0026quot;/\u0026gt;, Umständlich Datums- und Zeitangaben\n\u0026lt;book published=\u0026quot;2000-11-03\u0026quot;/\u0026gt;, ISO-8601 empfohlen Binäre Daten\nNOTATION ist unflexibel, BASE64 empfohlen, XLink wird es richten. Saubere Umsetzung von ER-Modellen in XML Schemata ist derzeit nicht möglich. Der XML Schema Standard wird DTDs ersetzen und vieles einfacher machen. DTDs und Namespaces funktionieren auch nicht!\nDocument Object Model: XML Bäume \u0026lt;book\u0026gt; \u0026lt;author\u0026gt;Michael Kay\u0026lt;/author\u0026gt; \u0026lt;title\u0026gt;XSLT\u0026lt;/title\u0026gt; \u0026lt;preis währung=\u0026#34;usd\u0026#34;\u0026gt; 34.99 \u0026lt;/preis\u0026gt; \u0026lt;/book\u0026gt; Dokument als DOM-API Baum repräsentiert\nAPI erlaubt Suchen, Erzeugen, Löschen von Knoten SAX-API repräsentiert das Dokument nicht, sondern liefert Parse-Events\nStreaming XML Namespaces (Erläuterung) Beim Mischen zweiter DTDs in einem Dokument kann es zu Namenskollisionen kommen, doppelte Elementnamen, Attribute sollen global verwendbar sein. Die Idee, jedes Element mit der URL seiner DTD zu prefixen ist zu umständlich. Feste Namen gehen auch nicht, da dann auch wieder Kollisionen möglich sind.\nXML Namespaces (Deklaration) Daher deklariert man Namespaces, indem man für die URL der DTD einen lokalen Kurznamen definiert und den dann als Prefix verwendet. Dies geschieht mit xmlns:kurzname=URL.\n\u0026lt;xsl:stylesheet xmlns:xsl=\u0026#34;http://www.w3.org/1999/XSL/Transform\u0026#34; version=\u0026#34;1.0\u0026#34;\u0026gt; \u0026lt;xsl:include href=\u0026#34;date.xsl\u0026#34;/\u0026gt; \u0026lt;xsl:template match=\u0026#34;date\u0026#34;\u0026gt; \u0026lt;date\u0026gt; \u0026lt;xsl:value-of select=\u0026#34;$date\u0026#34;/\u0026gt; \u0026lt;/date\u0026gt; \u0026lt;/xsl:template\u0026gt; \u0026lt;/xsl:stylesheet\u0026gt; Schon das stylesheet-Element selbst kann das Prefix xsl verwenden. Innerhalb des Elementes kann das Prefix xsl ebenfalls verwendet werden.\nXSLT XML-Quelldokument und XSLT-Stylesheet werden als Baum dargestellt. Die Transformationsregeln des Stylesheet matchen dann ähnlich AWK auf Elemente vom Quellbaum, und generieren den Resultatbaum. Am Ende wird der Resultatbaum ausgegeben.\n\u0026lt;xsl:template match=\u0026#34;book\u0026#34;\u0026gt; \u0026lt;h1\u0026gt;\u0026lt;xsl:value-of select=\u0026#34;.\u0026#34;/\u0026gt;\u0026lt;/h1\u0026gt; \u0026lt;/xsl:template\u0026gt; Baumwurzel:\n\u0026lt;xsl:template match=\u0026#34;/\u0026#34;\u0026gt; \u0026lt;html\u0026gt; \u0026lt;head\u0026gt;\u0026lt;title\u0026gt;Bla\u0026lt;/title\u0026gt;\u0026lt;/head\u0026gt; \u0026lt;body\u0026gt;\u0026lt;xsl:apply-templates/\u0026gt;\u0026lt;/body\u0026gt; \u0026lt;/html\u0026gt; \u0026lt;/xsl:template\u0026gt; xsl:stylesheet Element Das xsl:stylesheet Element definiert die Version des Stylesheet, kann spezielle Erweiterungen aktivieren, und kann das Stylesheet benennen.\nIn einem XML-Dokument kann mit dem \u0026lt;?xml-stylesheet ?\u0026gt; dem XML ein Stylesheet zugeordnet werden.\nEmbedded Stylesheet Eine Mischform existiert, sie vermischt aber unangenehm Daten und Format. Nicht empfehlenswert.\nVereinfachte Stylesheets Whitespace Handling XML-Bäume enthalten kein Whitespace. Whitespace in Nodes mit #PCDATA ist signifikant. Zeilenenden werden normalisiert. Nodes mit Whitespace-Only können gelöscht werden. Overrides existieren.\nXPath: Achsen Um Elemente zu finden und zu selektieren, definiert XPath Suchausdrücke. Sie suchen im Dokument entlang von \u0026ldquo;Achsen\u0026rdquo;. Für die wichtigsten Achsen gibt es Kurzschreibweisen.\nEinige XPath Achsen:\nchild: Kinder der aktuellen node (descendant). parent: Elternelement, so vorhanden (ancestor). following/preceding: Der aktuellen node folgende/vorangehende Elemente. attribute/namespace: Attribute/Namespace-nodes des aktuellen Elements. XPath: Mehr über Achsen Achsen:\nancestor, ancestor-or-self attribute child, descendant, descendant-or-self following, following-sibling namespace parent preceding, preceding-sibling self XPath: Node Tests Der etwas seltsam klingende Name \u0026ldquo;Node Test\u0026rdquo; bezieht sich auf einen Ausdruck, der ausgehend vom aktueellen Knoten weitere Elemente auswählt. Das Resultat ist ein Node Set, also kein Baum. XPath ist damit keine Algebra.\nDennoch kann man weitere Prädikate auf den Node Set anwenden und weiter filtern.\nXPath: Kurzschreibweisen Ein Haufen Kurzschreibweisen existieren, damit man XPath-Ausdrücke ohne kilometerlange Achsennamen schreiben kann.\nXPath: Mehr Kurzschreibweisen Es braucht etwas Übung, bis die Syntax von der Hand geht.\nXPath: Core Function Library Dazu kommmt ein sehr begrenzter Satz Funktionen, die man auf Knoten oder Knotenmengen anwenden kann.\nXSLT und XPath XSLT und XPath zusammen können dann verwendet werden, um Daten aus einem Quell-XML Dokument zu extrahieren und in ein Zieldokument einzusetzen.\n","date":"2000-11-03T00:00:00Z","href":"https://blog.koehntopp.info/2000/11/03/xml-grundlagen.html","tags":["lang_de","talk","publication"],"title":"XML Grundlagen"},{"categories":null,"content":" Day 1 I attended PHP Congress Cologne (05-Oct-2000 to 06-Oct-2000) together with Ulf Wendel and Jan Kneschke. We arrived in Cologne the evening before without incident, hit our hotel sometime in the evening and immediately departed for the #php.de (IrcNet) channel party organized by subj . As usual, there was no proper beer to be had in Cologne (the local brew is based on dishwater), but the Apfelpfannkuchen was nice. So were the people, most of which I was able to meet in person for the first time. People, you are as strange in real life as you are on the channel!\nNext morning found us at the Crowne Plaza hotel, where Björn Schotte and the Globalpark people were still fixing problems with Internet access just before the congress was supposed to start. This should turn out to be a recurring theme during the entire congress, and is definitely a point to improve next time.\nPHPdoc Ulf\u0026rsquo;s lecture was the first one. He presented his documentation generator PHPdoc , which is a large PHP script largely based on concepts borrowed from JavaDoc. Phpdoc is able to generate bare bones documentation from many PHP scripts without any additional information, and can utilize special comments within the script to generate full documentation. The output is template driven HTML, with XML being an interim format. This allows for automated post-processing and provides unlimited customization of the documentation.\nBecause PHPdoc is working without any support from the PHP interpreter in this version, its capabilities are still somewhat limited, but it still is far better than anything else currently available. In my opinion, PHPdoc should become the standard format for documentation of PEAR and PHPLIB classes, and work should concentrate on adding parser support for documentation generation and to improve PHPdoc. PHPdoc is bound to become a very important tool for large scale PHP projects.\nOpenTracker Ulf was followed up by Sebastian Bergmann of the PHP OpenTracker project. He showed how PHP can be utilized to capture and visualize click-path information and how this information can be useful to optimize your site layout and navigation for usability.\nFulltext Search Alexander Aulbach continued with a report on using MySQL and PHP to create a fast search engine. Working for a newspaper, he was faced with the challenge to create a searchable fulltext index for ~170.000 newspaper articles, and found the usual solutions based on ht://dig and udm-search to limiting for his project. Using a very unconventional approach to the problem, he was able to create a workable and mostly efficient fulltext search using pure MySQL and PHP - tools which are generally considered as not suitable for such tasks. His fascinating solution is up for sale, or can be recreated from his slides if you can spare a man-month or two for development.\nWeb Security My own keynote was supposed to be scheduled for noon, but because of the technical problems with the internet connection before it started late. I had to cut down on content in order to make good for the lost time. Find my slides at Web Security . My talk went well (I had my slides available locally, and did not need a remote connection), and I was able to make a number of contacts\u0026hellip;\nLunch drove the organization at Crowne Plaza to the limits of their capacity: Although three different restaurants and locations within the hotel provided lunch for the 400 people attending, these people dispersed very unevenly, and some had to wait for more than 30 minutes to get something to eat. Nonetheless, the food and the service were excellent, once you got them.\nPHP in Startups Just after lunch, Chris Cartus had a talk about the use of PHP in startups. His talk centered around properties and shortcomings of PHP as an implementation language and as a platform and contained quite a bit of critique. It was received somewhat controversial, which certainly was his intention, but was in part based on outdated facts—PHP is currently a rapidly moving target, and six months ago Chris would have been right on all counts.\nBasically, Chris stated that the main strengths of PHP are its superb rapid prototyping capabilities and its very smooth learning curve: You can take any useful web designer and start teaching PHP bit by bit. That designer will be productive from day one, gradually moving out of the mouse mover camp and entering the coder league, earning his money at all stages during this transition. This is very unlike Java, which generally requires a hard break where one sits down and learns about programming, design techniques, UML and the like before being completely useful.\nOn the other hand, there is little support for high-end web applications and development to be found in PHP—there is no application server, load balancing is not part of PHP and can only be obtained using crude external means such as RR DNS and local redirects. Also, PHP is lacking in debugging capabilities and provides little support for large scale development (options comparable to the \u0026quot;use strict\u0026quot; and \u0026quot;-w\u0026quot; modes of perl). Its object model is crude and needs more sophistication and a performance tuneup to be useful on large scale applications.\nTo summarize: While PHP provides a road that is wide and easily traveled at the beginning, this road is not as far-reaching as is the Java path. Chris claimed that further extension of PHP is necessary to cover these areas.\nChris also claimed that PHP has no Java integration to speak of and mentioned some other areas where PHP is lacking, in his opinion. Most of these areas have been worked on during the last six months, and the situation is improving rapidly. For example, Johann-Peter Hartmann demonstrated PHP\u0026rsquo;s Java integration capabilities in his (later) XSLT comparison and found it to be easily usable, but still unstable under load.\nHallway track I missed the next three talks given by Reiner Kukulies (Communities with PHP), Mario Klaue (Using PHP generated DHTML to build highly responsive pages) and Matthias Boese (\u0026ldquo;Using PHP on SAT-1: Die Fahndungsakte\u0026rdquo; - a high traffic website for a TV series). This is exactly the scenario where PHP should not be used according to Chris Cartus, so there are successful deployments of PHP in high load environments.\nInstead, I had some stimulating discussions on web security, and on possible future extensions of PHP outside the lecture hall. Those small tables just next to the coffee bar turned out to be very useful, indeed. Thank you, Thies, for providing useful input and insight and thank you, Chris Cartus, for your thought and discussion provoking talk.\nExtending PHP The day way almost finished with Sascha Schumann\u0026rsquo;s \u0026ldquo;Extending PHP using C\u0026rdquo; express presentation (\u0026ldquo;Hmm, it seems that I really should have some slides. I\u0026rsquo;ll create them while commiting the latest patches to the session management module here.\u0026rdquo;). Sascha, you really demonstrated that rapid prototyping can be a way of life!\nSascha prepared the ground for Jens Ohlig with \u0026ldquo;C++ integration and 3 tier development\u0026rdquo;. Jens talk was about using phpswig to generate glue code to integrate C++ classes as PHP extensions.\nAfterglow For me personally, the talks by Chris Cartus and Jens Ohlig were two most interesting talks of the day - Chris because of the interesting ideas and the background he provided, and Jens because of the extremely useful technology demonstration.\nAfterglow, the time between the conference talks and the evening programme, was filled with discussion about software patents and Sevenval - from the number and type of questions currently easily the most hated company within the PHP or even the German Open Source community.\nThe Evening program was a travel by ship along the River Rhine on board of the MS Enterprise, a theme ship modeled after a well-known starship of the same name. The Buffet on board was excellent, and so was the company :-) Thies and I had our fun with Sascha, being half as old as either of us two (but twice as cool). Ah, and the local brew does not taste much better when you drink it on board of a ship. Memo to self: When you travel to Cologne, bring your own beer.\nDay 2 PHP and PDF The second day started out slowly, with Hartmut Holzgraefe demonstrating PDF creation using PDFTeX and PHP. He started out showing the shortcomings and limitations of PHP\u0026rsquo;s PDF interface, and presented PDFTeX as an alternative way to create good-looking PDF output. TeX source creation was excruciating with PHP 3, but using PHP 4 and the new output buffering interface came just in time to be helpful and greatly simplify the process. Limitations of his technique are the use of an external process (the PDFTeX processor) not really suited for use in batch processing, and the load this generates at the server machine.\nPHP on Windows Next in line was Andreas Otto, who introduced the PHP4 build process under Windows. As I don\u0026rsquo;t do Windows, I missed most of this talk and had a session concerning the past and future of de.comp.lang.php at the coffee table on the outside. It seems that a transition of the FAQ to XML format will be well received and should be done on short notice. Also, Sascha suggested the day before that an english translation of the FAQ would be useful, as it is, in his opinion, far better and more comprehensive that the english original. Sascha suggested that the english version of the FAQ should be channeled through the PHP documentation translation team, producing multinational versions. Both he and I still see problems resolving the update process, as the FAQ is produced in german language, and updates and comments may come in english as well as in german. We probably need a collection and integration mechanism for that. TODO: Talk to the doc team and see what they think.\nPHP and IPC I rejoined the main lecture hall just in time to see Till Gerken finish his talk about \u0026ldquo;Interprocess communication in PHP\u0026rdquo;. Till presented the mechanisms used to create PHPChat, and showed how shared memory and semaphores can be used to improve performance in such applications.\nPHP does XSLT Johann-Peter Hartmann (What a name, what a hairstyle! :-) followed up with \u0026ldquo;A comparison of PHP XSLT processors\u0026rdquo;. His talk was met with great interest, as XSLT seems to be a hot technology. Johann showed that XSLT still is bleeding edge, and so is PHP-Java integration. Sablotron came out as an overall winner in speed and stability with Xalan C++ being a close second and a somewhat more complete implementation of the standard. Me, I am using Sablotron - Go, Ginger Alliance, Go!\nZend Tobias Ratschiller gave most of his time to Doron Gerstel of Zend technologies, who was stunned by the support PHP has in Germany and who presented the future marketing and product strategy of Zend. It seems that Zend will be rolling out a profiler and debugger this year, and follow up with the encoder shortly. Also, a PHP IDE is planned and scheduled for next year.\nThe presentation was quite interesting, especially in light of Chris Cartus talk about startup companies and venture capitalists the day before. It was obvious that Zend, being a startup on venture capital, needs to show some revenue fast before entering the next round of funding. Still, Zend seems to be lacking vision and a roadmap for the future, and the presentation left me a bit disappointed—perhaps it was the presentation, which was marketing driven and focusing on benefits, instead of technology driven, as almost all other talks on the Congress were.\nI would have expected Zend to have learned from their polls and their experience that people tend to use PHP for projects larger than it was intended to be used. It would have been smart for them to provide a strategic roadmap which shows their intention to meet this demand with the appropriate moves and improvements (application server, load balancing, stronger Java integration, revised object model, optional strong typing, optimizer and compiler making use of this typing for faster code). Perhaps CC and Zend talking to each would be a good match?\nAlso, while there is a strong community of PHP developers, at least in Germany, it seems that Zend is only very losely tied into these channels, at least in Germany. There clearly is an impedance mismatch between the community and the company, and currently Zend cannot convince the community that it fulfills an important role for the community, at least not in Germany.\nThis is very dangerous for both parties involved: PHP cannot survive without a focused and directed development team, especially not in the upper area of the market. It is specifically this market that is of very great importance for the acceptance of PHP as a mainstream web development tool.\nAlso, Zend cannot survive without being able to communicate their role to the community, and in Germany that means presenting - technology driven - a long term strategy, scalability, flexibility and extensibility of the product at management level as well as at developer level.\nOn the other hand Zend must take care not to catapult itself out of the PHP community, which is very tightly integrated in Germany, having a few key websites, soon to be complemented by a new MySQL newsgroup. While these locations cover mostly low-end PHP usage, these are the pools where PHP know-how is being created and the regulars at these locations are the key drivers of the German PHP scene. Zend marketing currently does not tap these reservoirs at all—send them to the clue train, this is a large scale loss of communication potential.\nWorld Domination Plans Tobias followed up with a short note on PHP \u0026ldquo;world domination\u0026rdquo;, but time was too short for him to say much.\nDoing Forms Next in line was Andre Christ presenting the Abstract Presentation Layer, a high-level C++ extension of PHP, allowing easy form creation and validation automation. From the questions after the presentation and the afterglow talk, this was easily the most heavily underrated presentation on the congress, as Andre was presenting an unfinished, but very clean library design, which has a few, but obvious and easily corrected shortcomings and much potential. The APL is a LGPL library, and is a project you should watch, unless you decide to get involved. Also, keep an eye on twisd AG; these people are good.\nMore World Domination Unfortunately for the followup speakers, Andre\u0026rsquo;s talk created the need for me to talk, again at the coffee tables, and so I missed most of the finish - except for Björn Schotte\u0026rsquo;s legendary \u0026ldquo;Björn Schotte World Domination\u0026rdquo; talk, which transported hints at his site, PHP Center as well as his QuickCMS product with the subtle gentleness of a Ferenghi sensing the opportunity to make some bars of gold pressed Latinum. :-)\nAll in all two days well spent. The congress served its purpose very well, being an opportunity to bind some faces to recurring names, to learn about the state of the art in the PHP community, and to find out about the future direction PHP and Zend development must take.\nThank you, Björn, and thank you people at Globalpark, for organizing the congress and see you next year.\n","date":"2000-10-07T00:00:00Z","href":"https://blog.koehntopp.info/2000/10/07/php-kongress-koeln.html","tags":["lang_de","php","web"],"title":"PHP Kongress Köln"},{"categories":null,"content":" NetUSE AG, http://www.netuse.de , ist ein Internet Systemhaus in Kiel.\nGegründet 1992, war die Firma ursprünglich als Internet Service Provider tätig. Heute werden die Geschäftsfelder ISP-Geschäft, Consulting, Hard- und Softwarehandel, Service und Support sowie Anwendungsentwicklung abgedeckt. NetUSE hat derzeit etwa 60 Mitarbeiter und wächst schnell.\nZu den Kunden gehören viele größere Konzerne, etwa Deutsche Telekom, Mobilcom, DASA/Airbus, der Landtag des Landes Schleswig-Holstein und andere.\nGehackt \u0026ldquo;Hacken\u0026rdquo; einer Website ist ein Angriff auf Verfügbarkeit, Integrität oder Vertraulichkeit.\n\u0026ldquo;Hacker\u0026rdquo; vs. \u0026ldquo;Cracker\u0026rdquo;\nUrsprünglich bezeichnete das Wort \u0026ldquo;Hacker\u0026rdquo; einen Menschen, der ein Programm oder eine Maschine dazu bringen konnte, irgendetwas Unerwartetes oder Geniales zu tun. Jemand, der in Rechner einbricht oder Kopierschutze entfernt, war dagegen ein \u0026ldquo;Cracker\u0026rdquo;.\nDie Medien haben jedoch entschieden und verwenden die Bezeichnung \u0026ldquo;Hacker\u0026rdquo; im Wortsinn der Bezeichnung \u0026ldquo;Cracker\u0026rdquo;. Dies ist nicht mehr zu ändern.\nWer greift an? Zwei große Gruppen:\n\u0026ldquo;Script Kiddies\u0026rdquo;, Angreifer ohne Insiderwissen und ohne tiefergehende Ausbildung, verwenden meist vorgefertigte Angriffswerkzeuge. Greifen ungerichtet an (Scanning) und brechen in eine große Zahl von Systemen ein. \u0026ldquo;Insider\u0026rdquo;, (Ex-)Mitarbeiter et. al. Teilweise weitgehendes Wissen über Infrastruktur, verwendet Systemtools, Angriffswerkzeuge und selbstgeschriebene, maßgeschneiderte Programme (\u0026ldquo;Das Einbruchswerkzeug sitzt zwischen den Ohren\u0026rdquo;). Will gezielt an bestimmte Netzwerkressourcen herankommen. \u0026ldquo;Script Kiddies\u0026rdquo; oder \u0026ldquo;Spielkinder\u0026rdquo; sind eigentlich kein neues Phänomen. Neu ist lediglich, daß eine so große Anzahl von Werkzeugen existiert, die es Spielkindern so leicht macht, ihren Neigungen nachzugehen.\nSpielkinder sollten für den Administrator einer Site eigentlich kein Problem sein, ihre Methoden und Werkzeuge sind beschrieben in\n\u0026ldquo;Maximum Linux Security\u0026rdquo;, Anonymous, Taschenbuch - 800 Seiten (1999) Sams Publishing; ISBN: 0672316706 \u0026ldquo;Hacking Exposed - Second Edition\u0026rdquo;, Joel Scambray, Stuart McClure, George Kurtz, Taschenbuch - 700 Seiten (Oktober 2000), Osborne/McGraw-Hill; ISBN: 0072127481 Insider sind ein wesentlich schwierigeres Problem und nur durch ein durchgehendes Sicherheitskonzept zu bekämpfen, das von dem betreffenden Betrieb auch gelebt werden muß.\nWelche Ziele verfolgen Angreifer? \u0026ldquo;Script Kiddies\u0026rdquo;: Warez-Site, IRC \u0026ldquo;Trading-Bots\u0026rdquo;, Bandbreite, Paßworte als Handelsware \u0026ldquo;Insider\u0026rdquo;: Rache, spezifische Informationen aus dem Intranetwork, Kundenstammdaten, Kundenverkehrsdaten \u0026ldquo;Script Kiddies\u0026rdquo; sind auf der Suche nach Umschlagplätzen für \u0026ldquo;Warez\u0026rdquo;, d.h. für geknackte Raubkopien von Programmen, Musik-CDs und Spielfilmen. Sie stehen über eine Reihe von unterschiedlichen Kommunikationssystemen miteinander in Verbindung und benötigen für ihr Geschäft massenhaft Plattenplatz, Netzbandbreite und Kommunikationsplattformen.\nSchlecht geschützte und unzureichend gepflegte Rechner sind ihre bevorzugte Beute. Sie finden diese Maschinen, indem sie mit Hilfe von \u0026ldquo;vulnerability scannern\u0026rdquo; ein Netzwerksegment nach Programmen mit bekannten Fehlern absuchen und dann halb- oder vollautomatisch in diese Maschinen einbrechen. Der Automat trägt in der Regel einen gescripteten Angriff binnen weniger Sekunden vor und installiert einen Satz von modifizierten Systemwerkzeugen, ein sogenanntes \u0026ldquo;root kit\u0026rdquo;, das den Einbruch vertuscht und den verbrauchten Plattenplatz sowie die Prozesse des Einbrechers vor dem Sysadmin verbirgt.\nInsider gehen dagegen meist gegen einen bestimmten Rechner im Netz vor, von dem sie spezifische Daten (Mails, Kundenstammdaten, Protokolle) haben möchten, oder dessen Betrieb sie sabotieren möchten.\nWas wird angegriffen? Netzwerkkomponenten: Router, Firewalls, Switches\nZiel: Angriffsquelle verschleiern, Stepping Stone, Netzwerktopologie ermitteln, Netzwerkverkehr belauschen\nServer (eigentliches Ziel): Server-Betriebssystem, Webserver, Webanwendung\nZiel: Zugang zum Server-Betriebssystem, Zugang zu den Zieldaten\nAngriffe erfolgen in den meisten Fällen auf Server, nicht auf Netzwerkkomponenten: Wissen um Betriebssysteme und Fehler von Servern ist in den relevanten Kreisen meist wesentlich weiter verbreitet.\nAngriffe auf Netzwerkkomponenten erfolgen fast niemals durch Script Kiddies (Ausnahme sind bestimmte Distributed Denial Of Service-Angriffe), sondern fast immer als Teil eines geplanten Angriffes mit Insiderwissen und durch besser ausgebildete Angreifer.\nAuf dem Server können Angriffe dem Serverbetriebssystem, dem installierten Webserver oder der Webanwendung selbst gelten.\nWas ist die Folge eines Angriffs? Kompromittierte Netzwerkkomponente: Angreifer hat detaillierte Information über die Topologie. Angreifer kann Routing beeinflussen und IP-Adressen spoofen. Angreifer kann unverschlüsselten Datenverkehr abhören. Transitivität! Kompromittierter Server: Angreifer hat Zugriff auf Daten und Geheimnisse auf dem Server. Angreifer hat die Systeminstallation kompromittiert (\u0026ldquo;Der Server lügt\u0026rdquo;). Angreifer kann unverschlüsselten Datenverkehr abhören. Transitivität! Es ist davon auszugehen, daß Betriebssystem und Anwendungen auf einem kompromittierten Rechner so verändert sind, daß sie den Administrator belügen. Der Rechner kann nicht wiederhergestellt werden, er muss neu installiert werden.\nZur Sicherung der Beweismittel gelten die folgenden Regeln:\nAlle Platten aus dem betreffenden Rechner ausbauen und niemals wieder mounten. Ein Mount würde access times an Dateien oder wichtigeres zerstören und das Medium als Beweismittel unbrauchbar machen. Die betreffenden Platten können in eine andere Maschine eingebaut, um mit dd Images zu generieren (dd if=/dev/hdc of=/export/disk2/imagefile). Weitere Analysen finden nur auf den Images statt. Transitivität ist ein Problem: Kompromittierte Rechner sind Sprungbretter für ein weiteres Eindringen in das gehackte Netz oder für Angriffe auf andere Netzwerke:\nPaßworte können mit Sniffern ausgespäht worden sein. Andere Administratoren in anderen Netzen müssen informiert werden. Gehackt ist nie ein einzelner Rechner, sondern immer mindestens ein Subnetz! Aufräumen und Validierung bringt enorme Kosten!\nServer: Die Drei Kardinalfehler Betriebssystem: Der Server bietet Dienste an, die er nicht anbieten muß/sollte.\nWebserver: Der Server liefert Daten im Web, die dort nicht stehen müssen/sollten.\nWebanwendung: Der Server glaubt Daten, die nicht aus vertrauenswürdigen Quellen stammen.\nServer bietet Dienste an:\nZugriff auf NFS Fileshares von überall (FH Lüneburg) Zugriff auf Datenbank von überall (Buchhandel.de) Zugriff auf RPC-Dienste (Sony Music.de) Server liefert Dateien:\nLogfile des Webshops mit Kunden- und CC-Daten (diverse) Images mit Auflösung (Survivor TV Show) Server glaubt Daten:\nPreisinfo als Zustand beim Anwender gehalten (verschiedene Videoläden) Session-IDs dicht besetzt (ein anderer Buchladen) Pfadnamen als URL-Parameter Angriffe auf einen Webserver lassen sich in drei Problemklassen einteilen:\nAngriffe auf das Betriebssystem. Bei dieser Sorte Angriff werden bekannte Schwächen in Diensten ausgenutzt, die das Betriebssystem standardmäßig anbietet. Dies setzt voraus, daß das Betriebssystem diesen Dienst überhaupt anbietet. Dienste, die nicht eingeschaltet sind, können über das Netz nicht für einen remoten Angriff genutzt werden. Angriffe, die darauf abzielen, bestimmte Logdaten oder andere Informationen zu beziehen, die der Webserver anbietet (aber nicht anbieten sollte). Diese Angriffe sind spezifisch für Webserver und Webanwendungen, meist sind sie nur bei schlechten Defaultkonfigurationen in Zusammenhang mit schlampigem Setup möglich. Angriffe, die spezifisch auf die eingesetzte Webanwendung abzielen und die sich schlechte Programmiergewohnheiten der Entwickler zunutze machen. Viele Webanwendungen gehen davon aus, daß ein Client/Browser vertrauenswürdig ist und nicht manipulierte Daten liefert. Diese Annahme ist im Allgemeinen falsch. Problem 1: Ein Server bietet zuviele Dienste an Warum? Standardinstallation des Herstellers. Installationszugänge für Produktion nicht abgeschaltet. Defaultuser/Zugänge Wartungszugänge allgemein aufrufbar (kein Extranet-Konzept). Fehlendes Betreiber-Knowhow. Standardinstallation: Optimiert für Intranets. Optimiert für einfache Handhabung. fehlende Patches. Defaultuser: \u0026ldquo;sa\u0026rdquo;/\u0026quot;\u0026quot;, \u0026ldquo;system\u0026rdquo;/\u0026ldquo;manager\u0026rdquo;, \u0026ldquo;scott\u0026rdquo;/\u0026ldquo;tiger\u0026rdquo;, \u0026hellip; Kein Extranet-Konzept: Wartungszugänge nur verschlüsselt (ssh, SSL, VPN). Keine Wege aus der Produktion ins Intranet. Für den sicheren Betrieb von Servern gilt generell, daß ein Rollout- und Pflegekonzept vorhanden sein muss. Dies klingt selbstverständlich, ist es aber nicht:\nWerden Systeminstallationen industriell gefertigt? Installserver erlauben reproduzierbare Installationen, Versionierung von Installationen und den systematischen Test einer Installation. Werden Systemupdates industriell durchgeführt? Test- und Verteilkonzepte für die Software auf Servern in der Produktion müssen existieren, damit Fehlerkorrekturen und Upgrades schnell und sicher verteilt werden können. Breakeven-Point ist klein, schon ab 5 identischen Installationen rentiert sich das Knowhow und der Aufwand. Oft werden Extranet-Kontakte mit unstrukturierten Kontakten mit Laufkundschaft gleichgesetzt:\nVerbindungen sind nicht auf bestimmte Teilnetze beschränkt. Verbindungen sind nicht verschlüsselt. Verbindungen sind nicht gut authentisiert. Derartige \u0026ldquo;offene\u0026rdquo; Extranet-Kontakte sind ein beliebtes Einfallstor in Produktionsnetze von Firmen.\nÜberflüssige Dienste Standardinstallation (UNIX):\nWebserver für Manualpages (mehrere) Systemadministration Backupsteuerung RPC-Server für Backupsteuerung (Legato) Systemadministration Desktop-Komponenten Network Filesystems (Datenbanken) Oracle, MySQL Application-Server Interesting ports on jayniz.de: Port State Protocol Service 21 open tcp ftp 22 open tcp ssh 25 open tcp smtp 53 open tcp domain 80 open tcp http 111 open tcp sunrpc 113 open tcp auth 199 open tcp smux 443 open tcp https 515 open tcp printer 1024 open tcp unknown 3306 open tcp mysql 6666 open tcp irc-serv 7000 open tcp afs3-fileserver Nmap run completed -- 1 IP address (1 host up) scanned in 4 seconds \u0026ldquo;www.jayniz.de \u0026rdquo; am 30. August 2000: Unverschlüsselte Systemzugänge mit ftp, obwohl ssh eingesetzt werden könnte. 53/tcp ist offen für alle, statt nur für Secondary Server zugreifbar zu sein. 111/tcp ist weit offen und erlaubt den Angriff auf RPC-Dienste. 515/tcp läuft vollkommen sinnlos. 3306/tcp erlaubt Zugriff auf eine Datenbank. 199/tcp führt auf eine Bash mit root-Rechten: Die Maschine wurde bereits gehackt und mit einem Rootkit versehen. Für den Administrator sind über die Backdoor eingeloggte Benutzer nicht in der Prozeßliste und der Speicherstatistik zu sehen, der von ihnen verbrauchte Plattenplatz wird versteckt. Die Maschine lauscht auf ihrem Netzwerksegment nach Klartext-Paßworten für andere Maschinen, nur ein Switch hat schlimmeres verhindert. ipchains waren auf der Maschine installiert, aber nicht in Betrieb. 3 Tage nach Neuinstallation wurde die Maschine wieder gehackt (RedHat mit wuftpd 2.6.0 als Einfallstor). Notwendige Dienste Notwendig sind meist nur zwei Dienste:\nDomain Name System, aber nur outgoing? HTTP/HTTPS Zur Wartung oft weitere Dienste:\nFTP -\u0026gt; besser: ssh, scp, rsync telnet/rlogin -\u0026gt; besser: ssh POP/IMAP -\u0026gt; besser: S/POP, S/IMAP Zum Intranet oft weitere Dienste:\nDatenbank/LDAP rlogin/rcp, FTP/TELNET -\u0026gt; besser: ssh/scp Drei goldene Regeln:\nMinimiere die angebotenen Dienste. Schränke nichtöffentliche Dienste über IP-Number so weit wie möglich ein. Übertrage keine Paßworte im Klartext! Und nicht vergessen, die wichtigste Regel überhaupt:\nLies die einschlägigen Securityforen. Bugtraq, NT-Bugtraq, Securityfocus.com und andere. Aktualisiere Deine Installationen regelmäßig. Letzterer Punkt setzt voraus: Ein Betriebskonzept.\nWelche Software in welcher Version läuft wo? Wie bekommen wir Updates auf diese Maschinen, ohne den Betrieb zu unterbrechen? Wie bekommen wir gleichartig installierte neue Maschinen? (Installserver). Die Realität Windows 2000, IIS Port State Protocol Service 21 open tcp ftp 25 open tcp smtp 80 open tcp http 106 open tcp pop3pw 110 open tcp pop-3 135 open tcp loc-srv 143 open tcp imap2 389 open tcp ldap 443 open tcp https AIX Export list for rzserv2.fh-lueneburg.de: /stadtinf (everyone) /usr/lib/cobol (everyone) /usr/local (everyone) /ora-client 193.174.32.20 /user (everyone) /usr/lpp/info (everyone) /install 193.174.32.20 /u (everyone) /pd-software (everyone) /var/spool/mail (everyone) /u1 (everyone) Unix, Apache: Port State Protocol Service 21 open tcp ftp 22 open tcp ssh 23 open tcp telnet 25 open tcp smtp 80 open tcp http 110 open tcp pop-3 111 open tcp sunrpc rpcinfo -p www.....de program vers proto port 100000 4 tcp 111 portmapper ... 100024 1 udp 32772 status ... 100021 1 udp 4045 nlockmgr Windows 2000 Advanced Server läßt gerne seinen Active Directory Dienst über den LDAP-Port offen zugänglich.\nldapsearch -h \u0026lt;ip\u0026gt; -b \u0026quot;\u0026quot; -s base \u0026quot;objectclass=*\u0026quot; liefert eine Reihe von Naming Contexts. Diese kann man dann der Reihe nach durchprobieren. ldapsearch -h \u0026lt;ip\u0026gt; -b \u0026quot;\u0026lt;context\u0026gt;\u0026quot; \u0026quot;objectclass=*\u0026quot; erlaubt es sich, den entsprechenden Kontext anzusehen. In Unix wird dagegen gerne der Portmapper offengelassen, der gleich eine ganze Reihe von unzureichend geschützten Diensten erschließt. Fehler sind in der Vergangenheit im Portmapper selbst sowie in vielen Diensten aufgetreten. NFS ist sowieso ein Sicherheitsrisiko und sollte von außen nicht erreichbar sein.\nAbhilfe Kein Kontakt zum Internet ohne Firewall:\nKeine Ausnahmen während der Installation Unterscheide Kundenkontakte und Extranet-Kontakte:\nWartungszugänge immer verschlüsselt besonders authentisiert nur für bestimmte Adressen Regelmäßige Kontrolle\nSelbst von außen Ports scannen. Selbst von außen \u0026ldquo;einbrechen\u0026rdquo;. Regelmäßige Updates\nBugtraq verfolgen. Patchlisten verfolgen. Update-Konzept für Produktionsrechner Zykluszeit \u0026lt; 3 Monate Transitivitäten prüfen\nvon außen über DMZ ins Intranet? Noch einmal:\nKein Kontakt zum Internet ohne Firewall. Wenigstens ein Paketfilter sollte vorhanden sein, damit auch bei schlampiger Konfiguration im Produktionsnetz nur die intendierten Dienste nach außen sichtbar sind. Verdächtige Pakete sollten gleich gefiltert werden. Keine Ausnahmen während der Installation. (Auch nicht für Slashdot). Slashdot.org-Hack: Testmaschine mit Defaultpaßworten (Fehlerklasse 1 == nicht intendierte Dienste öffentlich angeboten) plus \u0026ldquo;eval-Bug\u0026rdquo; (Fehlerklasse 3 == Anwendung vertraut Daten aus dem Netz). Keine unverschlüsselte authentisierte Kommunikation. SSL. ssh. tcpwrapper/libwrap.a. Nichts anderes. Wer nach Ausnahmen fragt, wird geLARTet. Problem 2: Ein Server liefert sensible Dateien Webserver als Transformationsmaschine für Pfadnamen\nRegelsatz: DocumentRoot /www Alias /images /www2/images ScriptAlias /cgi-bin /www2/prod/cgi Was passiert, wenn\ndas Serverlog nach /www/logs/access.log gelegt wird? das Verzeichnis /images browseable ist oder Bildnamen ratbar sind? /www/htpasswd abrufbar ist? Include-Dateien in /www/include/ abgelegt sind? \u0026ldquo;Kann mir nicht passieren?\u0026rdquo;\nklassischer Fall: Suse Linux Standardregel Alias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/ Viele Webshops und andere Standardscripte schreiben Logs oder andere wichtige Informationen in ihr Installationsverzeichnis unterhalb der DocumentRoot. Abhilfe Verzeichnisse außerhalb DocumentRoot:\n/home/www/servers/www.kunde.de +--\u0026gt; /cgi-bin /database /logs /pages /php /tmp DocumentRoot /home/www/servers/www.kunde.de/pages FTP-Root: /home/www/servers/www.kunde.de Leider nicht sehr übliche Konfiguration\nNebenkriegsschauplatz Webhosting Zugriff durch CGI-Programme aus Hostingumgebungen:\nKunde rät aus eigenen Verzeichnisnamen fremde Verzeichnisnamen Kunde schreibt Programme, die Verzeichnisse anderer Kunden durchsuchen Abhilfe:\nchroot()-Umgebungen, \u0026ldquo;virtuelle Maschinen\u0026rdquo; Nachteil:\nAufwendige Realisierung Hoher Speicherbedarf Umständliches Debugging Vorteil:\nausgezeichnete Systemsicherheit Problem 3: Ein Server glaubt nicht vertrauenswürdige Daten Bedeutung einer Firewall im Datenfluß:\nProtokollbegrenzer Authentisierung Trust Boundary Bedeutung \u0026ldquo;Trust Boundary\u0026rdquo;\nSysteme/Datenquellen innerhalb werden durch unsere Administration kontrolliert. Sie liefern daher vertrauenswürde Daten. Die Umkehrung darf niemals vergessen werden!\nSysteme/Datenquellen außerhalb der Boundary sind unkontrollierbar. Sie liefern daher verseuchte Daten. Diese Daten müssen vor Gebrauch unbedingt dekontaminiert werden. Sie dürfen die Boundary danach niemals wieder nach draußen verlassen. Trust Boundaries arbeiten in zwei Richtungen. Dieser Vortrag betrachtet hauptsächlich den Datenstrom \u0026ldquo;von außen nach innen\u0026rdquo;, aber auch der Datenstrom \u0026ldquo;von innen nach außen\u0026rdquo; ist wichtig.\nAuthensierung des Servers durch Serverzertifikat. Verhinderung von Informationslecks durch Informationen im Referer (Nicht wirklich ein Datenstrom \u0026ldquo;von innen nach außen\u0026rdquo;, aber in der Verantwortung des Anwendungsprogrammierers. Anwendungen müssen alle Daten \u0026ldquo;von außen nach innen\u0026rdquo; prüfen und dann \u0026ldquo;drinnen\u0026rdquo; behalten:\nSessions! Niemals HIDDEN-Parameter! Daten von \u0026ldquo;außen\u0026rdquo;: Alle GET-, POST- und COOKIE-Variablen. Alle HTTP_*-Variablen. Alle File-Uploads. Schleichende Einschleppung durch unzureichende Validierung (-\u0026gt; OOH Forms) register_globals = On (-\u0026gt; register_globals = off) Trust Boundary Typische Fehler:\nAnwenderdaten werden durch HIDDEN-Parameter oder per GET/POST/COOKIE weitergereicht. Anwendung vertraut Daten aus dem Request in sicherheitsrelevanten Fragen: Referer, User-Agent, IP-Nummer, \u0026hellip; Anwendung validiert Anwendungsdaten nur mit JS. Na und? Ich habe kein JS, ich sende mit \u0026ldquo;telnet\u0026rdquo;. Anwendung validiert Anwendungsdaten nicht. \u0026ldquo;Wie kann ich Formularvariablen bei einer Session registrieren?\u0026rdquo; \u0026ldquo;Wie kann ich ein SQL-Statement von Seite zu Seite weiterreichen?\u0026rdquo; cf. Stored Procedures im MS-SQL Server wie sp_system(). Abhilfe:\nAnwendung validiert Daten serverside, mit einem geprüften Satz von Funktionen/Klassen. Nur validierte Daten werden Bestandteil der Session. Nur Sessiondaten werden verarbeitet, GPC- und Request-Informationen werden niemals verwendet. Ursache Der 3. Kardinalfehler ist sehr häufig. Warum? HTTP ist ein zustands-loses Protokoll. Webanwendungen brauchen Zustand. Viele Umgebungen bieten keine adäquate Unterstützung für Statekeeping. Viele Entwickler stricken sich \u0026ldquo;halbe\u0026rdquo; Lösungen selbst. Warum Sessions?\nDem Anwender steht nur ein einzelnes Token zur Referenzierung des Sessiondatensatzes zur Verfügung. Klare Fehlersemantik: Sessiondaten sind entweder komplett und vertrauenswürdig, oder gar nicht vorhanden (-\u0026gt; neue Session). Klarer Datenfluß (GPC/HTTP-Daten -\u0026gt; Validierung -\u0026gt; Session -\u0026gt; Anwendung), Umgehung der Validierung ist nicht möglich. Viel Code wird einfacher, da die Anwendung sich nun \u0026ldquo;erinnern\u0026rdquo; kann. Anwendungsstruktur wird klarer. Saubere Trennung von \u0026ldquo;statekeeping\u0026rdquo;, \u0026ldquo;authentication\u0026rdquo;, \u0026ldquo;authorization\u0026rdquo;, wie sie in PHPLIB durchgeführt wird. Infrastruktur (\u0026ldquo;Sessions\u0026rdquo;) wird wiederverwendet, daher besser geprüfter und wiederverwendbarer Code. Wichtig: Token darf nicht ratbar (\u0026ldquo;17\u0026rdquo;) sein. $id = md5(uniqid(\u0026ldquo;geheim\u0026rdquo;)); oder eine Zufallszahl Weitere Ursachen Andere Gründe:\nAus Zeitdruck Prototypen in Produktion geben. Rapid Prototyping ersetzt keine Designphase. Es ergänzt die Analysephase. Datei-Struktur der Anwendung vs. Datenfluß\nAn welcher Stelle übernimmt die Webanwendung Benutzerdaten? Was passiert, wenn man ihr an anderen Stellen Daten übergibt? Was passiert, wenn der Anwender URLs wahllos aufruft? Eingabevalidierung ist mühsam.\nFindet an allen Stellen Eingabevalidierung statt? Ist diese vollständig? Struktur in der Anwendung kommt nur durch Struktur im Entwicklungsprozeß. Hemmungslose Kaufempfehlung:\n\u0026ldquo;Web Application Programming\u0026rdquo;, Gerken/Ratschiller, New Riders Abhilfe Statekeeping durch Application Server managen lassen.\nAnwendung als Automaten strukturieren.\nAutomaten lassen sich gut formal verifizieren. Eingaben zentral prüfen\nApplication Server sollte Bibliothek zum Formularmanagement haben. Datentypen strikt prüfen. Eigentlich überflüssig, aber immer wieder gesehen:\nPfadnamen oder gar Code haben in Parametern nichts zu suchen. Entgegen der populären Volksmeinung sind viele Methoden aus der Mathematik und dem Informatikstudium sehr hilfreich bei der Entwicklung von Webanwendungen.\nAnwendung als Code + State modellieren. Formales Datenmodell, formales Datenbankmodell, formales Angreifermodell, formales Sicherheitsmodell. Automatentheorie. Analyse- und Designmethoden zur Identifikation wiederverwendbarer Komponenten und zur Findung von Bibliotheks-APIs. projektbegleitender Code Review, Post Deployment Projektanalyse. Webprojekte unterscheiden sich nicht von normaler Anwendungsentwicklung, sie sehen nur auf den ersten Blick anders aus.\nweit mehr als 80% aller LOC sind PHP, nicht HTML. Das fremdartige Aussehen rührt weitgehend aus dem Fehlen angemessener Werkzeuge und Bibliotheken her. PHP3 pur ist für die Anwendungsentwicklung im Web nicht angemessen. Fehlendes Statekeeping, fehlende Eingabevalidierung -\u0026gt; PHPLIB! ","date":"2000-08-21T00:00:00Z","href":"https://blog.koehntopp.info/2000/08/21/web-security.html","tags":["lang_de","security","talk","publication"],"title":"Web Security"},{"categories":null,"content":"aus: iX 5/2000.\nWebserver Security In den vergangenen Monaten haben Zeitschriften des Heise-Verlages immer wieder über Sicherheitslöcher in Installationen bekannter Serverbetreiber oder Webhoster berichtet. Offensichtlich existieren tausende von Webanwendungen, die mit heißer Nadel gestrickt und online gebracht worden sind und die - wenn überhaupt - nur unzulänglich getestet worden sind. Was ist die Ursache der beobachteten Probleme und wie kann man sie für seinen eigenen Server vermeiden? Kann man als Verbraucher und Benutzer erkennen, ob der Server eines Anbieters elementaren Qualitätsanforderungen an die Sicherheit im Web genügt?\nEine Analyse der gemeldeten Fehler zeigt, daß sich die weitaus meisten Probleme in nur drei Fehlerklassen einteilen lassen:\nDer Server bietet zu viele Dienste an. Der Server lagert vertrauliche Daten in zugänglichen Verzeichnissen. Der Server vertraut Eingabeparametern aus Webformularen ohne Grund. Ein Server bietet zu viele Dienste an Häufig hat sich ein Betreiber einer Maschine seinen Server noch niemals mit einem der gängigen Portscanner von außen angesehen und läßt auf seinem Server Dienste laufen, die für die Benutzung der Anwendung nicht benötigt werden oder nicht von allen IP-Adressen aus zugänglich sein müssen. Ein prominentes Beispiel der vergangenen Wochen, über das wir berichteten war ein Server, der vollständig ohne Firewall betrieben wurde und nach außen komplette Dateisysteme mit dem Sun Network Filesystem exportierte und dessen Oracle Server von jedermann kontaktiert werden konnte. Praktischerweise fanden sich die für Oracle benötigten Paßworte auf den exportierten Netzwerklaufwerken.\nOft wird dieser Fehler mit der Verwendung unsicherer und abhörbarer Übertragungsprotokolle für Wartungszugänge kombiniert: So findet man oft auf Webserver auch POP3-Zugänge zum Abruf von Bestellmails, FTP-Zugänge zum Upload von neuen Webseiten oder gar Datenbankzugänge zum Upload neuer Bestandsdaten. Diese Protokolle bieten vielfach nur unzulängliche Verschlüsselung von Benutzernamen und Paßworten an, von einer Verschlüsselung der eigentlichen Nutzdaten ganz zu schweigen - der msql-Datenbankserver zum Beispiel bietet nur rudimentäre bis gar keine Sicherung des Zugangs an, FTP und POP3 übertragen Paßworte oft unverschlüsselt.\nEin Webmaster ist gut beraten, sich einen Zugang außerhalb seines eigentlichen Providers und Webmasters zu besorgen und sich seinen eigenen Server einmal mit den Augen und Tools eines Angreifers anzusehen. Oft ist es so, daß Dienste in der Default-Konfiguration der Servermaschine ab Werk enthalten sind, die vom Serverbetreiber nicht erkannt und nicht abgeschaltet worden sind. Beliebte Fehlerquellen sind zum Beispiel Webserver auf Nichtstandardports, die die Handbücher des Systems anbieten. Diese Server enthalten sehr oft fehlerhafte CGI-Scripte oder können auf andere Weise zum Sicherheitsrisiko werden. Eine andere beliebte Fehlerquelle ist der SNMP-Dienst (Simple Network Management Protocol), der einem potenziellen Angreifer viele Informationen über das Zielsystem liefert. Auch Dienste, die nur zur Erstinstallation benötigt wurden, werden oft vergessen und für den Wirkbetrieb nicht abgeschaltet.\nNatürlich muß nicht nur der Webserver geschützt werden: Auch alle anderen Maschinen, die außerhalb der Firewall im Produktions-LAN stehen, müssen denselben Sicherheitslevel erfüllen.\nnmap-Scan (http://www.insecure.org/nmap/ ) # nmap -sS -T Agressive -p 1-10000 www.beispiel1.de| grep open Port State Protocol Service 21 open tcp ftp 22 open tcp ssh 25 open tcp smtp 80 open tcp http 111 open tcp sunrpc 119 open tcp nntp 3306 open tcp mysql 4333 open tcp msql beispiel1.de, eigentlich ein Web- und FTP-Server, bietet außerdem die Dienste ftp, ssh, smtp, sunrpc, nntp, mysql und msql an. Davon ist ssh, ein mit starker Kryptographie verschlüsselndes und authentisierendes Protokoll, unbedenklich. Die Protokolle httpd, ftp, smtp und nntp sind die eigentlichen Dienste des Servers und müssen angeboten werden. Solange ftp nur als FTP-Server für Anon-FTP eingesetzt wird, werden keine abhörbaren Paßworte übertragen. Die sunrpc, mysql und msql-Ports von außen zugänglich zu machen ist nicht nötig. Die Ports gehören in einer Firewall oder mit einen Paketfilter gesperrt.\nBei den Diensten, die man nach außen anbietet sollte man unbedingt auf aktuelle Versionen der Server achten: Buffer-Overflows und andere Probleme sind von ssh, von vielen FTP-Servern und auch von alten sendmail- und INN-Versionen bekannt.\nManchmal findet man einen offenen Port, kann aber nicht sagen, welches Programm diesen Port benutzt. Hier ist ein Tool wie lsof sehr nützlich. Alle lokal offenen Ports und die dazugehörigen Programme kann man mit dem Kommando lsof -P -n -i auflisten.\n# lsof -P -n -i COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME xfstt 46 root 4u IPv4 30 TCP *:7100 (LISTEN) httpd 199 root 19u IPv4 99 TCP 193.102.57.12:80 (LISTEN) ... smbd 11741 root 5u IPv4 28694 UDP 127.0.0.1:1180 smbd 11741 root 6u IPv4 28689 TCP 193.102.57.3:139-\u0026gt;193.102.57.2:1044 (ESTABLISHED) Durch die Angabe von Suchoptionen kann man gezielt nach Protokoll und Port suchen:\n# lsof -P -n -i tcp:139 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME smbd 276 root 5u IPv4 175 TCP *:139 (LISTEN) smbd 11741 root 6u IPv4 28689 TCP 193.102.57.3:139-\u0026gt;193.102.57.2:1044 (ESTABLISHED) Dump einer Zone mit nslookup Um festzustellen, welche Rechner in einer Domain stehen, kann man mit einem Tool wie nmap das ganze Teilnetz durchprüfen, in dem ein Server steht. Alternativ kann man sich auch die Daten im DNS ansehen, die ein Serverbetreiber über seine Domain veröffentlicht.\nAm Beispiel der Domain beispiel1.de:\n# nslookup \u0026gt; set type=ns \u0026gt; www.beispiel1.de. Server: nuki.netuse.de Address: 193.98.110.1 beispiel1.de origin = ns.beispiel1.de mail addr = postmaster.ns.beispiel1.de serial = 2000032201 refresh = 10800 (3H) retry = 3600 (1H) expire = 604800 (1W) minimum ttl = 86400 (1D) \u0026gt; server ns.beispiel1.de Default Server: ns.beispiel1.de Address: 192.168.254.37 \u0026gt; ls beispiel1.de. [ns.beispiel1.de] $ORIGIN beispiel1.de. @ 1D IN A 192.168.253.131 wwwtest 1D IN A 192.168.253.135 news 1D IN A 192.168.253.136 localhost 1D IN A 127.0.0.1 listserv 1D IN A 192.168.253.136 ... igate 1D IN A 192.168.254.34 daiquiri 1D IN A 192.168.254.61 Durch set type=ns (Nameserver) sagen wir nslookup, daß wir ausschließlich Informationen über Nameserver einer Domain haben möchten. Wir fragen dann mit www.beispiel1.de. nach den Nameservern der Domain beispiel1.de. Dies ist nur ein einzelner Server, nämlich ns.beispiel1.de.\nWir sagen nun mit Hilfe des Kommandos server ns.beispiel1.de, daß nslookup alle weiteren Fragen an diesen Server richten soll. Mit Hilfe des Kommandos ls beispiel1.de fordern wir ein Listing der gesamten Zone beispiel1.de an. Wir erhalten eine Liste aller Hostnamen und IP-Nummern, die der Betreiber der Domain beispiel1.de veröffentlicht.\nBesser konfigurierte Nameserver erlauben ab BIND8, Zonetransfers auf die Secondary-Server einer Domain einzuschränken. ls-Kommandos von anderen Hosts schlagen dann fehl. Hat eine Domain mehrere Nameserver, ist es unter Umständen lohnend, diese nacheinander durchzuprobieren: Vielfach ist der Primary Nameserver restriktiv konfiguriert, aber die Secondaries geben einem dennoch ein Listing der Zone.\nSicherheitsbewußte Netzbetreiber setzen Nameserver für das Internet und ihr Intranet getrennt auf. Schließlich braucht es niemanden zu interessieren, welche Rechner in den Büros einer Firma laufen und wie diese heißen. Stattdessen ist vollkommen ausreichend, die Namen und Nummern der Rechner zu publizieren, die Dienste für die Öffentlichkeit bringen, also etwa der Web-, der Name- und der Mailserver einer Domain.\nNetzwerk-Kartierung mit Cheops Mit Hilfe des Gnome-Programmes Cheops bekommt man schnell einen graphischen Netzplan mit Rechnertypen und Verbindungen. Das Programm kann auch eingesetzt werden, um Portscans von Rechnern durchzuführen, ist hier aber nicht so vielseitig wie nmap.\nUnverschlüsselte Verbindung in Ethereal Mit Hilfe des Netzwerkmonitors Ethereal ist die Analyse von Netzwerkpaketen möglich. Mit Hilfe der Stromverfolgung können dabei die Klartextpaßworte in Protokollen wie TELNET, FTP, POP3 und anderen sehr gut sichtbar gemacht werden.\nrpcinfo-Anfrage an www.beispiel1.de Mit Hilfe der Tools rpcinfo und showmount (Linux: auch kshowmount) kann man abfragen, welche Dienste der sunrpc-Dienst erbringt. Falls das SUN Network Filesystem (NFS) zu diesen Diensten gehört, kann man weiterfragen, welche Dateisysteme und für wen exportiert werden.\n# rpcinfo -p www.beispiel1.de program vers proto port 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper Wie man sieht, redet der sunrpc-Dienst von www.beispiel1.de mit externen Rechnern. Das ist nicht notwendig und der Dienst kann blockiert werden, etwa durch eine Firewall oder durch Konfiguration entsprechender Filtermechanismen.\nEine sehr häufige Fehlkonfiguration besteht darin, Verzeichnisse mit NFS weltweit les- und schreibbar freizugeben. Beispielhaft unsicher die Server von beispiel2.de:\n# /usr/sbin/kshowmount -e rzserv2.beispiel2.de Export list for rzserv2.beispiel2.de: /usr/lib/cobol (everyone) /usr/sys/inst.images (everyone) /stadtinf (everyone) /var/spool/mail (everyone) /usr/lpp/info (everyone) /usr/local (everyone) /pd-software (everyone) /u1 (everyone) /user (everyone) /fix (everyone) /u (everyone) /ora rzws01 /install (everyone) /ora-client 192.168.252.20 Die mit everyone gelisteten Verzeichnisse, darunter die Mail und die Homeverzeichnisse der Benutzer, sind weltweit les- und schreibbar. Durch Zugriffe auf die /usr/local und /usr/lib/cobol-Verzeichnisse lassen sich Systembibiotheken und Systemprogramme austauschen, sodaß das ganze System ohne nennenswerten Widerstand sofort einnehmbar ist. Tauscht man Daten im /install-Verzeichnis aus, sind auch alle Clients subvertiert, die von dieser Maschine installiert werden. Das System ist durch seine fahrlässig offene Konfiguration also die ideale Ausgangsbasis für weitere Angriffe gegen andere Netzwerke.\nSNMP-Abfragen an ein entferntes System SNMP gehört zu den Diensten, die einem Angreifer ein Höchstmaß an Information liefern können und die in Standardinstallationen oft nicht abgeschaltet und unzureichend gesichert werden. Zudem läuft der Dienst über UDP, das von vielen Portscannern nicht per Default gescannt wird. Daher taucht der Dienst auf dem Radar vieler Systemadministratoren nicht auf.\nWieder dienen die Server von beispiel2.de als abschreckendes Beispiel:\n# snmpwalk rzserv2.beispiel2.de public system.sysDescr.0 = OCTET STRING: \u0026#34;Fore Systems ATM Host (AIX 1 000005016600)\u0026#34; system.sysObjectID.0 = OBJECT IDENTIFIER: enterprises.326.2.1 system.sysUpTime.0 = Timeticks: (0) 0:00:00 system.sysContact.0 = OCTET STRING: \u0026#34;\u0026#34; system.sysName.0 = OCTET STRING: \u0026#34;rzserv2.\u0026#34; system.sysLocation.0 = OCTET STRING: \u0026#34;\u0026#34; system.sysServices.0 = INTEGER: 72 interfaces.ifNumber.0 = INTEGER: 7 interfaces.ifTable.ifEntry.ifIndex.1 = INTEGER: 1 interfaces.ifTable.ifEntry.ifIndex.2 = INTEGER: 2 interfaces.ifTable.ifEntry.ifIndex.3 = INTEGER: 3 interfaces.ifTable.ifEntry.ifIndex.4 = INTEGER: 4 interfaces.ifTable.ifEntry.ifIndex.5 = INTEGER: 5 ... Wir erfahren hier nicht nur den Typ und Patchlevel des Systems, sondern (nicht gezeigt) auch eine Liste der Interfaces und Routingkonfiguration des Systems - wir bekommen also detaillierte Information über die Topologie des Zielnetzes. Zusammen mit Daten aus dem DNS gibt uns das einen genauen Netzplan des potentiellen Opfers. Wenn weitere Management Module installiert sind, bekommen Zugriff auf weitere Subsysteme, etwa Oracle, SAP oder andere fernzuüberwachende Einheiten. SNMP wird auch in vielen Routern und in RMON Netzwerkprobes eingesetzt - ein Eindringling kann so sogar Verkehrsdaten aus dem Netz erfahren, wenn diese nicht gesichert worden sind.\nEin Server lagert vertrauliche Daten in zugänglichen Verzeichnissen Eine weitere beliebte Fehlerklasse besteht in vertraulichen Daten, die in durch den Webserver zugänglichen Verzeichnissen gelagert werden. Häufig bieten Webspace-Provider virtuelle Webserver an, bei denen die Wurzel des durch den Anwender beschreibbaren Bereiches (etwa: /home/www/servers/www.kunde.de/, für den Kunden sichtbar als /) auch die Wurzel des virtuellen Servers ist (etwa: http://www.kunde.de/). Legt der Kunde jetzt Daten unterhalb seines Wurzelverzeichnisses ab (etwa eine Datei /passwd) dann ist diese Datei auch durch den Webserver abrufbar, denn sie liegt ja unterhalb der Document Root und hat eine URL (etwa: http://www.kunde.de/passwd).\nViele Webshops schreiben Bestellungen in ein oder mehrere Logverzeichnisse oder haben Konfigurationsdateien mit Paßworten und Artikeldaten. Liegen diese Daten unterhalb der Document Root, dann haben sie URLs und sind zunächst einmal prinzipiell über das Web abrufbar, sofern es einem Angreifer gelingt den Namen zu raten. Kennt man den Namen und die Version der verwendeten Websoftware, ist dies meist sehr einfach zu machen.\nPrinzipielle Abhilfe schaffen hier nur Hostingumgebungen, bei denen die Document Root des Webservers tiefer als die Wurzel des Kundenverzeichnisses liegt (etwa ab /home/www/servers/www.kunde.de/pages). Nun kann der Kunde weitere Verzeichnisse oberhalb der Document Root anlegen (etwa: /home/www/servers/www.kunde.de/shop) und seine vertraulichen Daten dort speichern. Da diese Verzeichnisse über das Wartungs-FTP, nicht aber mit HTTP zugänglich sind, können sie nicht so einfach abgerufen werden.\nAlternativ legt man Verzeichnisse unterhalb der Document Root an und verbietet den Zugriff per HTTP auf das Verzeichnis durch Anlegen einer .htaccess-Datei (Apache-Webserver). Die Datei sollte den Zugriff von überall verbieten:\n$ cat /shop/.htaccess order deny, allow deny from all Daten können dann nur noch über FTP abgerufen werden. Für FTP gelten .htaccess-Dateien nicht.\nEin Server vertraut Eingabeparametern aus Webformularen ohne Grund Die dritte häufige Fehlerklasse besteht darin, in CGI-Programmen Parameter aus dem Web zu übernehmen und ohne Prüfung zu verwenden.\nEine Webanwendung besteht aus Komponenten die innerhalb der Firewall liegen und als vertrauenswürdig gelten können, weil sie durch den lokalen Administrator kontrolliert werden. Dazu gehören etwa die lokalen Scripte, die Datenbank, der Webserver und lokale Datendateien. Dazu kommen dann weitere Komponenten, die außerhalb der Firewall liegen und die grundsätzlich als nicht vertrauenswürdig gelten können. Das ist hauptsächlich der Browser des Anwenders, wenn er denn einen benutzt und seinen Webrequest zwecks Hackangriff nicht direkt in ein Telnet tippt. Die Firewall markiert eine Vertrauensgrenze, eine Trust Boundary.\nDaten von jenseits der Vertrauensgrenze kann eine Webanwendung nicht ohne Prüfung vertrauen. Dazu gehören alle Parameter, die dem CGI-Script übergeben werden, also alle GET-, POST- oder COOKIE-Parameter, der HTTP_REFERER, der HTTP_USER_AGENT und alle weiteren Werte von außen. Alle diese Werte müssen vor der Verwendung durch ein CGI-Script durch eine Gültigkeitsprüfung, in der sichergestellt wird, daß die Daten auch das erwartete Format haben und gültige Werte besitzen.\nZum Beispiel ist es gängige Praxis, daß bestimmte Scripte Werte nur dann akzeptieren, wenn bei der Übergabe der HTTP_REFERER des Aufrufes korrekt ist. Auf diese Weise versucht sich das Script gegen gefälschte Aufrufe zu schützen. Natürlich ist es für einen potentiellen Angreifer überhaupt gar kein Problem außer den Scriptparametern auch noch jeden gewünschten HTTP_REFERER mit zu übergeben - der Schutz ist also wirkungslos. Korrekt wäre, wenn das Script jeden übergebenen Parametern einzeln prüft.\nEine andere häufig verwendete Technik besteht darin, Parameter von einer Seite zur nächsten als \u0026lt;INPUT TYPE=\u0026quot;HIDDEN\u0026quot;\u0026gt; mitzuschleifen. Dabei wird interner Zustand der Anwendung im Browser des Anwenders gehalten, also jenseits der Trust Boundary. Für den Anwender ist es ein leichtes, den Zustand einer solchen Anwendung zu manipulieren und jeden gewünschten Effekt zu bewirken. Korrekt wäre, eine Plattform zu verwenden, die Sessionvariablen bietet und den Zustand der Anwendung auf dem Webserver halten kann (etwa: Microsoft ASP mit dem Session-Objekt, PHP3 mit PHPLIB, PHP4 mit den session_*()-Funktionen oder einen richtigen Application-Server).\nFazit Webmaster sind gut beraten, alle ihre Installationen auf diese drei Fehlerklassen abzuprüfen und ihre Anwendungen gegebenenfalls anzupassen. Gestohlene Kreditkartendaten oder gar geknackte Server, die als Ausgangspunkt für weitere Angriffe dienen, sind nicht nur peinlich: Derartige Installationen sind fahrlässig unsicher und dem betroffenen Betreiber stehen mit großer Wahrscheinlichkeit Klagen auf Schadenersatz oder Beihilfe zum Computereinbruch ins Haus.\nFür den Laien ist dies keine Alternative: Die Sicherheit eines Servers zu verifizieren setzt nicht nur umfassende technische Kenntnisse, sondern auch Zugang zum Server voraus. Letztendlich kann nur ein technisches Gütesiegel, das auf Grundlage einer technischen Überprüfung der Server und aller darauf laufenden Anwendungen erteilt wird dem Verbraucher mitteilen, daß er es mit einer seriösen Installation zu tun hat.\nReferenzen: http://www.koehntopp.de/kris/artikel/webtune/ : \u0026ldquo;Webserver verstehen und tunen\u0026rdquo; http://www.koehntopp.de/php/ : \u0026ldquo;de.comp.lang.php - Häufig gestellte Fragen\u0026rdquo; http://www.insecure.org/nmap/ : \u0026ldquo;NMAP Port Scanner\u0026rdquo; http://ethereal.zing.org/ : \u0026ldquo;Ethereal Network Monitor\u0026rdquo; http://www.marko.net/cheops : \u0026ldquo;Ceops Network Mapper\u0026rdquo; http://freshmeat.net/appindex/1998/04/06/891857252.html : \u0026ldquo;lsof - list open files\u0026rdquo; \u0026ldquo;TCP/IP Illustrated, Volume 1: The Protocols\u0026rdquo;: W. Richard Stevens, Addison-Wesley \u0026ldquo;Hacking Exposed - Network Security Secrets \u0026amp; Solutions\u0026rdquo;: McClure, Scambray and Kurtz, Osborne \u0026ldquo;Maximum Linux Security\u0026rdquo;: Anonymous, Sams ","date":"2000-05-01T00:00:00Z","href":"https://blog.koehntopp.info/2000/05/01/webserver-security.html","tags":["lang_de","publication","talk","internet"],"title":"Webserver Security"},{"categories":null,"content":"Dies ist eine aktualisierte Version der Schulung „Unix Systemsicherheit“, die ich vor einiger Zeit schon einmal gehalten habe. Der Schwerpunkt dieser Schulung hat sich etwas zu den Grundlagen hin verschoben: Es geht diesmal weniger um Unix Systemsicherheit als um die typische Situation der Consultants und Bereitschaften:\nMan kommt an eine neue Maschine und muss sich erst einmal zurechtfinden.\nNeu auf einem fremden System Orientierung:\nTyp und Ausstattung der Maschine Prozessor, Festplatten, andere Hardware Speichersituation, historische und aktuelle Lastdaten Netzwerk und Netzwerkumfeld der Maschine IP-Adressen, Routing Welche Name-Services in welcher Reihenfolge, welche Server werden verwendet? Was läuft, was soll laufen? Was ist installiert? tatsächlich laufende Subsysteme vs. konfigurierte Subsysteme Wir sind neu auf einem fremden System und loggen uns zum ersten Mal ein. Wie können wir uns zurechtfinden? Was wollen wir überhaupt wissen?\nDie Maschine selbst ist nach Hardware, Speicher, Platten und Netzwerk zu beurteilen. Die Netzwerkumgebung der Maschine ist einzuschätzen. Die auf der Maschine installierten Systemdienste sind einzuschätzen und zu beurteilen. Es muss ein Soll/Ist-Abgleich stattfinden.\nAusgehend von diesen Daten kann die Arbeit auf der Maschine beginnen:\nDie Maschine kann für ihre Aufgabe angepasst werden (Hardware- oder Softwareinstallation durch Consulting), bzw. die Fehlersuche kann beginnen (Alarmruf für die Bereitschaft).\nTyp und Ausstattung der Maschine Was für Hardware ist das hier? Was ist in der Maschine eingebaut? Wie lange ist die Hardware schon \u0026ldquo;up\u0026rdquo;? Erster Handgriff: uname -a. Weitere Aktionen systemspezfisch.\nLinux: lscpu, free, df -Th, lspci, lsusb Solaris: prtconf -v, psrinfo -v, /usr/platform/$(uname -m)/sbin/prtdiag Uptime und Load: w, uptime -w Für uns meist: Sparc/Solaris oder Intel/Linux. Bei einigen Kunden auch PPC/AIX oder Intel/SCO. Äußerst wenige Kunden mit HP oder Digital Hardware.\nPeilung des Maschinentyps (mit uname -a) und der eingebauten Hardware. In Solaris mit den drei Kommandos prtconf, psrinfo und prtdiag. In Linux mit lscpu, lspci oder indem man manuell durch /proc turnt.\nPeilung der Systemauslastung und der anwesenden Benutzer: Neben w und uptime einmal die Prozeßliste ansehen (ps -ef, ps axuwww) und die Systemlast checken (iostat, vmstat).\nSpeicher und Last Virtueller Speicher und seine Auslastung:\nLinux: free. Solaris: swap -l, swap -s. Wenn Accounting \u0026ldquo;up\u0026rdquo; ist (Solaris): sar, sar -r (freeswap), sar -w (paging). In Linux (Suse 6.4): sa aus dem Paket ap1/acct.rpm. Der weitaus größte Teil aller Lastprobleme sind Speicherprobleme (zuwenig RAM, zu kleiner Swap). Zweithäufigstes Problem ist fehlende I/O-Kapazität. Fehlende CPU-Kapazität ist fast niemals das Problem.\nErst messen, dann nachdenken, dann handeln (OODA loop \u0026ndash; Observe, Orient, Decide, Act). Optimierungen ohne genaue Messungen und Kenntnis des tatsächlichen Problems sind Verschwendung der durch den Kunden bezahlten Arbeitszeit. Punktmessungen können hilfreich sein, aber ein Wochenlastprofil ist sehr viel wertvoller (hier sar-Beispiele von boss und prime bringen).\nPlatten Logical Volume Management?\nWelches System? Welche Zuordnung? Quota?\n/etc/vfstab, /etc/fstab\nSolaris (SDS):\nGerätenamen metastat format Linux:\nGerätenamen fdisk raidtool.rpm als Nachfolger von md-tools /etc/raidtab, raid.conf df, du, mount Quota-Tools Vergleiche die sichtbaren Partitionen mit der durch das Hardware-Inventory angezeigten vorhandenen Hardware.\nSind alle Platten partitioniert und eingebunden? Ist die gezeigte Aufteilung sinnvoll gewählt für die Aufgabe der Maschine? Prüfe auch:\nVerteilung der Partitionen nach Auslastung auf Spindeln Verteilung der Partitionen über Platten und Controller nach Ausfallgesichtspunkten? Welche RAID-Level für welche Aufgabe\nWir verwenden fast überall RAID 0+1 (Solaris SDS). Linux-RAID (a la Suse) derzeit nur eingeschränkt nützlich. Lange Startzeit. Rootplatte, Swap-Partition. Prüfe auch:\nPlatzproblem oder Quota-Problem? Netzwerk und Netzwerknachbarschaft Übersicht über Interfaces und Routen\n-n Option verwenden Woher kommen die Routen? Weitere Analysetools:\nping tcpdump snoop Netzwerkinterfaces: ifconfig -a, netstat -i, netstat -s, netstat -m\nRouten: netstat -rn\nSchicht 2-3 Bindungen: arp -a\nWelche Interfaces und welche Routen werden tatsächlich wie oft verwendet? Woher kommen die Routen?\nViele Kunden haben ein kaputtes Netzwerkonzept (d.h. keines) und setzen Routen eventuell manuell. Probleme sind vorprogrammiert.\nAndere Kunden haben nur Default-Routen und bekommen differenzierte Routen nur über ICMP Redirect. Ebenfalls problematisch (Effizenz, Security).\nName Resolution Welche Namensdienste werden verwendet?\nWelche Server werden verwendet?\nWie ist das Verhalten im Fehlerfall?\nAusfall Angriff /etc/nsswitch.conf\nFiles, DNS/Bind, NIS/NIS+, LDAP, Exoten Falls DNS: /etc/resolv.conf\nFalls NIS: ypwhich\nWoher kommen die Namen, welcher Dienst wird verwendet?\nOft lokale Hostdateien -\u0026gt; Probleme! Im besten Fall DNS. Dann dort die Zone ansehen und Netzstruktur und Zonengröße abschätzen.\nWelche Abhängigkeiten existieren zwischen den Servern?\nAusfall- und Bootszenarien: Was ist, wenn der DNS-, der Time- oder der NIS-Server nicht da sind? Gibt es NFS-Platten, auf die die lokale Maschine angewiesen ist?\nSecurity: Wer macht was in wessen Auftrag? Wer kontrolliert? Wird die Konfiguration manuell gepflegt oder existieren Frontends? Welche Dokumentationsprozeduren existieren?\nNetzwerkdienste Welche Netzwerkdienste werden erbracht?\nPrüfe neben inetd auch persistenten Server. Prüfe auf Vorhandensein von Sicherheitsmechanismen Prüfe Verhalten im Falle von Ausfällen, etwa Firewall-Versagen Wie begründen sich diese Dienste?\nWelche Sicherheit bieten diese Dienste?\n/etc/inetd.conf, /etc/hosts.allow, /etc/hosts.deny\nSonderfälle für das jeweilige System\nTodesfallen bei AIX: Import/Exporttools für inetd.conf Todesfallen bei HP/UX: /etc/inetd.sec rpcinfo -p, showmount -e\nnmap!\nVergleiche inetd.conf und Startscripte mit netstat -an.\nConsulting: Viele verstorbene Pflegefälle wegen manuell gestarteter Dienste, die in keiner Konfigurationsdatei auftauchen. Bereitschaft: Umgekehrtes Szenario. Alarm wurde wegen verschwundenem Server ausgelöst. Sicherheitsanalyse wieder:\nWieder technische und organisatorische Prozesse synchronisieren und abgleichen: Was tun die Maschinen? Wer entscheidet das? Wie begründen sich die Dienste? Wer dokumentiert und prüft das? Vergleiche Prozeduren bei uns im Haus:\nISP-Betrieb plant und deployed. Operating betreibt nach Doku vom ISP-Betrieb, Operating überwacht und alarmiert die Bereitschaft. Auch diese operiert mit dieser Doku. Konfigurationsgenerierung meist automatisch durch die Backends der KundenDB -\u0026gt; automatische Dokumentation und Abrechnung. Welche Verzeichnisse werden exportiert? Häufige Panne: Verzeichnisse werden ungewollt exportiert Rechner importiert Verzeichnisse und hängt wegen Abhängigkeit vom Server Automounter? Mit NIS/NIS+? Samba? Klartextpaßworte? Public Shares? Logfiles? $ showmount -e $ kshowmount -e $ share $ vi /etc/exports; vi /etc/dfs/dfstab $ vi /etc/auto.master; vi /etc/auto.homel vi /etc/auto.misc $ vi smb.conf; smbclient Einschlägige Beispielserver draußen zeigen.\nWir wollen nicht so enden wie die! Mehrfach gestaffelte Sicherheit durch\nautomatisch generierte Konfigurationen mit Sicherheitssperren Dienstsperrungen für Außen durch tcpwrapper Portsperrung und Alamierung über die Firewall und das Operating Logauswertung (Usagelog, Wrapper-Protokoll, Firewall-Protokoll) durch Abrechnung (KundenDB), Alarm bei Diensten mit fehlendem technischem Objekt in der KundenDB Operating (Wrapper, Firewall), Alarm bei Attack Patterns Einschlägige Selbstmordkonfigurationen zeigen.\nWas ist installiert? Welche Pakete und Programme sind installiert?\nIn welcher Version? Installation validieren?\n\u0026ldquo;set permissions\u0026rdquo; und \u0026ldquo;check optionen\u0026rdquo; tripwire? Solaris: pkginfo, /var/sadm/install/contents (Reihenfolge!)\nLinux: rpm -qa, rpm -qi \u0026lt;paket\u0026gt;, rpm -ql \u0026lt;paket\u0026gt;, rpm -qlc \u0026lt;paket\u0026gt;, rpm -qld \u0026lt;paket\u0026gt;, rpm -qf \u0026lt;datei\u0026gt;, rpm -qp \u0026lt;datei.rpm\u0026gt;\nSolaris Paketarchiv („NetUSE Distribution“) zeigen\nConsulting-CDROM, wird auch an Kunden verkauft Keine Installation ohne Paket\nVerweis auf Paketschulung Kein Paket -\u0026gt; automatische Konfigurationsgenerierung aus Installserver oder KundenDB macht die Verzeichnisse möglicherweise platt. Kommandoäquivalenzen Linux/Solaris\nVerweis auf Rootkits\nRootkits ersetzen wichtige Systemprogramme, in Folge belügt die Maschine den Operator tripwire-Check nach sauberem Reboot zeigen lrk3 demonstrieren (ohne sauberen Reboot bekommt man keine verlässlichen Informationen mehr und kompromittiert sein Netz nur noch weiter) Was soll laufen? Welche Dienste sollen von der Maschine erbracht werden?\nKonfiguration beim Systemstart für persistente Server Konfiguration von transienten Servern Konfiguration von zeitgesteuerten Services Suche nach Zeitbomben? Wenn es hängt? Start/Stopscripte\nLinux: /sbin/init.d/... Solaris: /etc/init.d/... Crondateien: /var/spool/cron/crontabs, /var/cron/tabs strace, truss ltrace Bootsequenz durchgehen, Single User Mode, Wie bekomme ich meine Platten wieder?, Wie überlebe ich ohne Editor und Terminalemulation?\nDefekte Programme tracen: ldd, Solaris proctools, Linux: /proc/\u0026lt;nummer\u0026gt;/...\nstrace/truss Output lesen, ltrace/sotruss Output lesen\nWas Läuft? Welche Dienste sind auf der Maschine aktiv?\nWelche waren aktiv? Welche Ressourcen belegen diese Dienste?\nps -ef, ps auxwww, top, lsof\nLinux: ptree, sa Solaris: /usr/proc/bin/* Beispiele mit den Proctools\nSpeicherverbrauch abschätzen für Server Programmaktivität laufender Prozesse feststellen Welche User können rein? Quellen von Userlisten\nlokal, aus dem Netz Erlaubte und nicht erlaubte Shells\nGehackte Authentisierung\nModifizierte wu-ftpd, imapd LDAP-Module /etc/nsswitch.conf, /etc/shells, /etc/ftpusers, /etc/ftpaccess\nZugangsmechanismen\nRegeln für den Zugang, etwa über PAM: /etc/pam.d, /etc/pam.conf Verweis auf Folgeschulungen:\nNSS/PAM/GSS nutzen. NSS/PAM/GSS-Module erstellen. Überblick über die von NetUSE für den ISP-Betrieb modifizierte Software. Welche User waren drin? Auswertung des Logbuches\nQuerabgleiche mit anderen Logs Auditing-Subsysteme\n/etc/utmp, /etc/wtmp, syslog, Auth-Events, Radius-Logs und andere\nExoten:\nLogbücher der Sysadmin-Tools (AIX) Auditing-Subsysteme\nLinux: fehlendes Auditing, bescheidenes Accounting (falls installiert).\nSolaris: Demo des Auditing\nBeide: Welche Logs liegen wo und wie finde ich die gewünschte Info?\nZugriffsrechte und Privilegien in UNIX Bonusfolien aus der alten Schulung\nErkläre, wer unter welchen Bedingungen in UNIX auf eine Datei zugreifen darf!\nrwx? sst? Verzeichnisrechte vs. Dateirechte Dateiattribute? Dateisystemattribute? Welche Spuren hinterläßt so ein Zugriff?\nRWX - sonst nix? Wer bin ich?\nZu welchen Gruppen gehöre ich?\nWie kann ich meine Identität ändern?\nWelche Rechte (alle!) brauche ich, um auf eine Datei zuzugreifen? Sind es immer dieselben?\nKurzer Sicherheitscheck für Zwischendurch Bonusfolien aus der alten Schulung\nDie meisten Fehler entstehen nicht durch falsche Software, sondern dumme User.\nfind / -fstype ... ! -type l -perm ... -ls\n-perm -2 (find world writeable files) -perm -4000 (find SUID) -perm -2000 (find SGID) Finde Dateien, die world writeable, suid oder sgid sind.\n/tmp, /var/tmp (1777 ?) Verzeichnisse im Pfad, Binaries, Konfigurationsdateien? Dateien mit vorhersagbaren Dateinamen? Geräte? Backup? Rechte an Geräten Bonusfolien aus der alten Schulung\nAuf vielen älteren kommerziellen Unices sind Gerätedateien unzureichend geschützt.\nBeschreibbare Plattendevices, Banddevices 777-Verzeichnisse /dev/md/*, Löschen von LVM-Pseudogerätedateien ioctl()-Aufrufe nicht ausreichend privilegiert. Medien mit sensitivem Inhalt in lesbaren Geräten. Beispiele:\nioctl()-Aufrufe in AIX teilweise nicht dokumentiert und nicht privilegiert. /dev-Unterverzeichnisse 777 in HP/UX. /bin-Verzeichnisse 777 in HP/UX und AIX nach Installation von Software. ","date":"2000-04-14T00:00:00Z","href":"https://blog.koehntopp.info/2000/04/14/neu-auf-einem-fremden-system.html","tags":["lang_de","linux","unix","security","devops","talk","publication"],"title":"Neu auf einem fremden System"},{"categories":null,"content":"Datenspuren im Internet (PDF)\nnach einem Artikel in der Computer und Recht, 4/2000 mit Marit Köhntopp. Diese Version wurde am 10-Sep-2000 um einige Anmerkungen ergänzt und aktualisiert.\nDer Artikel gibt einen Überblick über die Datenspuren, die ein Internetbenutzer bei der Arbeit im Netz hinterläßt. (PDF-Datei, 180 KB)\n","date":"2000-04-01T00:00:00Z","href":"https://blog.koehntopp.info/2000/04/01/datenspuren-im-internet.html","tags":["lang_de","publication","internet"],"title":"Datenspuren im Internet"},{"categories":null,"content":"Diesen Artikel habe ich als Schulungsunterlage für eine PHP-Fortgeschrittenenschulung bei Netcologne geschrieben\nPHP-Programme laufen auf dem Webserver. Sie können - angestoßen durch einen externen Benutzer mit einem Browser - Dateien auf dem Server lesen, schreiben oder löschen. Für einen PHP-Programmierer ist es wichtig zu wissen, mit welchen Rechten seine Programme ausgeführt werden und welche Einflüsse die Ausführung seines Programms bestimmen. Nur so ist es ihm möglich, sein System gegen böswillige Manipulation abzusichern und seine Leistung zu optimieren.\nDer Aufbau des Apache-Webservers Der Apache-Webserver ist auf eine Weise konstruiert, die es leicht macht, den Serverprozeß zu erweitern, und die ihn besonders wenig anfällig gegen Betriebsstörungen gleich welcher Art macht.\nDer Server besteht aus einem Managerprozeß, der eine Reihe von Bearbeiterprozessen startet. Diese Prozesse führen die eigentliche Request-Abarbeitung durch. Eingehende Requests werden vom Manager registriert und an einen freien Bearbeiter weitergereicht. Wenn der Bearbeiter mit der Ausführung des Requests fertig ist, beendet er sich nicht, sondern meldet sich beim Manager zurück, und dieser teilt dem Bearbeiter den nächsten Request zu.\nEin Bearbeitungsprozeß ist oftmals nicht in der Lage, einen Prozessor voll auszulasten: Er muss auf das Eintreffen von Daten von der Festplatte warten, oder er muss auf den Client auf der anderen Seite des Netzes warten und sich mit der Abarbeitung des Requests nach der Übertragungsgeschwindigkeit des Netzes richten. Damit während dieser Zeit andere Requests bearbeitet werden können, ist es sinnvoll, mehrere Bearbeiterprozesse zu haben.\nWie viele Bearbeiterprozesse sinnvoll sind, hängt von einer ganzen Reihe von Parametern ab. Zunächst einmal wäre es sicherlich schön, wenn immer genau so viele Bearbeiter vorhanden sind, wie gleichzeitige Requests bei der Maschine ankommen. Nun kann ein Rechner aber nicht beliebig viele Prozesse starten, und speziell im Fall von Apache ist es so, daß der Webserver in genau dem Moment sehr viel langsamer wird, in dem die Maschine anfangen muss, Webserverprozesse mangels RAM in den Swapbereich auszulagern. Das ist ein sehr unangenehmer Moment, denn bei gleichbleibender Anzahl von Requests pro Sekunde (\u0026ldquo;Last bleibt gleich\u0026rdquo;) dauert die Abarbeitung eines einzelnen Requests nun viel länger (\u0026ldquo;Durchsatz sinkt\u0026rdquo;), und damit steigt die Anzahl der ausstehenden Requests (\u0026ldquo;Ressourcenverbrauch steigt\u0026rdquo;). Das Gesamtsystem versucht darauf mit einer weiteren Erhöhung der Serverprozeßzahl zu antworten und treibt die Maschine nur noch weiter in den Swap - die Requests werden noch langsamer bearbeitet und als Antwort werden nur um so mehr Serverprozesse erzeugt.\nIn dieser Situation bricht die Systemleistung zusammen, oder das System kommt im Extremfall vollständig zum Halt. Mithilfe des Parameters \u0026ldquo;MaxClients\u0026rdquo; kann man in der httpd.conf die Anzahl der Serverprozesse nach oben begrenzen und so verhindern, daß die Maschine in diesen fatalen Zustand gerät - die Zahl muss so gewählt werden, daß die Maschine sicher nicht ins Swappen gerät. Als hilfreich hat sich hier die Analyse der Zahlen in /proc/\u0026lt;pid\u0026gt;/statm erwiesen, wobei als \u0026gt; die Prozeßnummern der httpd-Prozesse einzusetzen sind:\n$ server=`grep -l httpd /proc/*/cmdline` $ for i in $server; do cat `dirname $i`/statm; done 1331 674 654 119 0 555 306 96 96 80 5 0 91 16 1247 401 369 80 0 321 101 1368 711 678 134 0 577 306 1364 707 677 133 0 574 305 1364 707 677 133 0 574 305 1365 708 677 133 0 575 306 86 86 71 4 0 82 15 Die ausgegebenen Zahlen sind in /usr/src/linux/Documentation/proc.txt genauer erläutert. Sie bedeuten von links nach rechts:\nsize total program size resident size of in memory portions shared number of the pages that are shared trs number of pages that are \u0026#39;code\u0026#39; drs number of pages of data/stack lrs number of pages of library dt number of dirty pages Der Gesamtspeicherverbrauch eines weiteren Serverprozesses ergibt sich aus seinen Resident (im RAM befindlichen) Unshared Pages, die Page zu 4 KB in Intel-Rechnern. Also ist die Differenz zwischen der zweiten und der dritten Zahl einer jeden Zeile zu bilden und mit vier zu multiplizieren, um den zusätzlichen RAM-Verbrauch eines einzelnen httpd in KB zu ermitteln. Überschlagsmäßig können in der hier gezeigten Konfiguration etwa 100-150 KB angesetzt werden, aber diese Zahl kann je nach Webserver und Art der Last stark variieren und bedarf in jedem Fall eines Tunings im Wirkbetrieb.\nBei einem geeigneten Wert für MaxClients erzielt der Apache-Webserver bei zunehmender Last (\u0026ldquo;ramp-up\u0026rdquo;) linear mehr Durchsatz, bis der Sättigungspunkt erreicht ist. Danach bleibt die Leistung auf einem stabilen Plateau, wenn nicht ein anderer leistungsbegrenzender Faktor wirksam wird (Netzbandbreite, DNS-Lookups, Plattenbandbreite, CPU-Leistung).\nBei nachlassender Last ist es natürlich nicht notwendig, die ganzen Serverprozesse im Speicher herumstehen zu haben. Der Managerprozeß kontrolliert laufend, wie viele unbeschäftigte Bearbeiter er zur Verfügung hat und wenn dies mehr als MaxSpareServers viele sind, wird er beginnen, die Anzahl der Serverprozesse zu verringern. Bei steigender Last wird der Manager diese Zahl dann wieder steigern. Aber das Starten von neuen Serverprozessen dauert einige Zeit, und daher ist es gut, eine gewisse Anzahl von unbeschäftigten Bearbeiterprozessen \u0026ldquo;auf Vorrat\u0026rdquo; zur Hand zu haben, damit man Lastspitzen ausreiten kann. Der Parameter MinSpareServers legt fest, wie groß der Vorrat ist, den der Manager anlegt. Es ist nicht sinnvoll, MinSpareServers größer als MaxSpareServers zu setzen: Beide Werte können im Extremfall gleich groß sein, aber in einer sinnvollen Konfiguration wird MaxSpareServers immer größer als MinSpareServers sein.\nJe stärker und je schneller die Last auf einem Webserver springt, umso größer sollte man den Abstand zwischen beiden Werten wählen. Je langsamer die Maschine beim Starten von neuen Serverprozessen ist und je ruckartiger die Last auf dem Server ansteigen kann, umso höher muss man MinSpareServers wählen, damit im Falle einer Spitzenlast schon ausreichend viele Server vorhanden sind. Mit dem Parameter StartServers legt man fest, wie viele Serverprozesse schon beim Hochfahren des Managers mit erzeugt werden.\nFür eine dedizierte Maschine mit einem Speicherverbrauch von 200 KB pro Serverprozeß und einem freien RAM von 100 MB nach dem Start aller anderen Systemdienste kann man einen MaxClients-Wert von weniger als 500 ansetzen, wenn nur httpd-Prozesse laufen (bei Ausführung von CGI-Programmen ist dies nicht der Fall - hier muss man Speicher für die CGI-Programme reservieren!). Wenn es sich um eine dedizierte Maschine handelt, die nur diesen einen Webserver ausführen soll und auf der keine andere Anwendung läuft, gibt es keinen Grund, die Anzahl der Clients zu begrenzen: Man kann gleich beim Start alle Webserverprozesse auf Vorrat erzeugen und hat dann unter Last die benötigte Leistung parat. Dies ist ideal für Webserver, die bei zeitlich abgestimmten Medienevents (\u0026ldquo;TED-Server\u0026rdquo;, \u0026ldquo;Wahl-Server\u0026rdquo;) plötzliche Spitzenlasten wegstecken können müssen:\nMaxClients 450 StartServers 450 MaxSpareServers 450 MinSpareServers 450 Ein solcher Server wird etwa 400-450 parallele Requests bearbeiten können. Ist eine Seite im Schnitt 100 KB groß und wird eine solche Seite im Mittel mit 5 KB/sec ausgeliefert, dauert das Ausliefern einer Seite im Mittel also 20 Sekunden. Mithin hat man mit der gezeigten Konfiguration so Leistung für etwa 20 Requests/sec (1200 rpm, requests per minute) - vorausgesetzt, man begrenzt die Leistung der Maschine nicht durch andere Faktoren (20 Requests pro Sekunde, 5 KB pro Sekunde =\u0026gt; 100 KB/sec oder knapp eine halbe S2M).\nEin anderes Szenario wäre derselbe Rechner bei einem ISP, der auf unterschiedlichen virtuellen Interfaces mit unterschiedlichen IP-Nummern unterschiedliche Apache-Server betreibt, die sich die Maschine teilen müssen. Alle Server sollen möglichst wenig Ressourcen verbrauchen, wenn die Last gering ist:\nMaxClients 200 # drei Kunden teilen sich diesen Rechner StartServers 5 # wenige Prozesse vorab starten MinSpareServers 5 # immer 5 in Reserve halten MaxSpareServers 10 # maximal 10 in Reserve halten Hier können bei drei unterschiedlichen Apache-Instanzen im Extremfall 600 Serverprozesse auftreten (damit würde man die Maschine also leicht im Überlastbereich betreiben), aber jede Apache-Konfiguration versucht ihren Serverpool immer nur so groß wie unbedingt nötig zu halten. Solange alle drei immer mit ca. 100-150 Servern rumdröhnen, herrscht eine friedliche Koexistenz.\nLebensdauer von Serverprozessen Apache ist ein sehr gutmütiger Webserver: Da er nicht multithreaded ist, ist er sehr leicht durch selbstgeschriebene Module zu erweitern, ohne daß diese Module aufwendig reentrant gemacht werden müßten oder anders aufwendig anzupassen sind. Die Server-API unterstützt die Integration von Modulen durch die Bereitstellung von Schnittstellen zu Speicherverwaltung, zur Request-Verarbeitung und zur Response-Generierung. Leider sind nicht alle Module sauber programmiert: Manche von ihnen erzeugen Core Dumps, andere stürzen zwar nicht ab, aber sie belegen mehr und mehr Speicher und lassen den Serverprozeß so ins Grenzenlose wachsen.\nApache ist so konstruiert, daß er mit dieser Situation fertig werden kann, ohne den Betrieb des gesamten Serversystems zu gefährden: Ein abstürzender Bearbeiterprozeß wird durch den Manager registriert, und der Manager erzeugt ggf. einen neuen Bearbeiterprozeß, wenn die Lastsituation es erfordert. Ein Bearbeiter kann durch das Setzen des Parameters MaxRequestsPerChild auf einen von 0 verschiedenen Wert so konfiguriert werden, daß er maximal so viele Requests wie angegeben bearbeitet und sich dann beendet. Durch Speicherlecks verlorengegangener Speicher wird dann wieder freigegeben - der Manager wird den beendeten Bearbeiterprozeß wie bei einem Absturz ersetzen, falls notwendig.\nDas Regenerieren von verlorengegangenen Serverprozessen kostet zwar Systemleistung, weil der Kernel fork()-Systemaufrufe durchführen muss, aber der Webserver bleibt immerhin verfügbar. Bei einem Single-Process-Server mit Multithreading wäre eine solche Fehlerresistenz nicht machbar.\nDer Managerprozeß und alle seine Bearbeiterprozesse laufen unter der in der Hauptkonfiguration mit den Direktiven \u0026ldquo;User\u0026rdquo; und \u0026ldquo;Group\u0026rdquo; angegebenen UID- und GID-Werten. Man kann dies auch in der Prozeßliste sehen, indem man sich den Eigentümer der httpd-Prozesse ansieht:\nvaliant:/proc/2544 # ls -ld . dr-xr-xr-x 3 wwwrun nogroup 0 Jun 1 21:55 . valiant:/proc/2544 # cat cmdline | xargs -0 echo /usr/local/apache/bin/httpd -f /usr/local/apache/conf/httpd.conf Es ist wichtig zu verstehen, daß diese Werte für den gesamten Server, also für alle von ihm verwalteten virtuellen Server, gelten. Das heißt: Alle Zugriffe durch den Webserver auf Dateien werden unter dieser UID und GID durchgeführt, auch dann, wenn in den einzelnen \u0026lt;VirtualHost\u0026gt;-Abschnitten andere User- und Group-Werte angegeben sind. Diese anderen Identitäten werden ausschließlich für die Ausführung von CGI-Programmen durch das suexec-Utility angenommen.\nHat man seinen Webserver mit mod_php oder mod_perl konfiguriert, dann werden auch alle Dateizugriffe dieser beiden Module unter der einen zentralen Identität des Servers ausgeführt werden, da die Module im Kontext des Serverprozesses ablaufen. Das ist eine Tatsache, die man unbedingt im Hinterkopf behalten sollte, wenn man Webserver aufsetzt, auf denen mehrere unterschiedliche Kunden eigene Scripte ausführen können. Da alle diese Scripte immer unter derselben UID/GID ausgeführt werden, gibt es nichts, das verhindern könnte, daß ein Kunde auf die Dateien eines anderen Kunden zugreift. Ein solches Konzept ist für das Webhosting untauglich.\nCGI-Programme werden durch den Apache nicht direkt, sondern immer über das suexec-Utility gestartet. Der Apache erzeugt dazu mittels fork() eine Kopie von sich selbst, die sich selbst dann durch das suexec-Programm ersetzt. Dieses Programm ist mit Systemverwalterrechten ausgestattet (ein SUID-root-Programm) und stellt danach die UID/GID des neuen Prozesses auf die User- und Group-Angaben des zuständigen virtuellen Hosts um. Außerdem setzt es noch eine Reihe von Ressourcelimits, bereinigt das Prozeßenvironment und führt eine Reihe von anderen Aufräumarbeiten durch. Erst dann ersetzt es sich selbst durch das auszuführende CGI-Script. Dieses Script läuft dann mit der eingestellten Identität, die von der Identität des Webservers selbst verschieden sein kann, und beendet sich anschließend.\nDa die Ausführung von CGI-Programmen die Erzeugung eines neuen Prozesses und das Laden von mindestens zwei Programmen (suexec und den Scriptinterpreter) bedingt, werden CGI-Programme sehr viel langsamer ausgeführt als Modulprogramme. Zu den genannten Kosten kommen noch Aufwände für ein rundes Dutzend Systemaufrufe innerhalb von suexec hinzu, die aber gegenüber den fork()/exec()-Kosten verschwindend gering sein dürften.\nMan hat als ISP mit einem VirtualHost-Setup also die Wahl zwischen einem schnellen, unsicheren Setup und einer deutlich langsameren, aber sichereren Variante.\nEs existiert übrigens eine Variante des suexec-Programmes für den Apache, die wesentlich weniger restriktiv bei der Prüfung der User- und Gruppenrechte an der auszuführenden Datei und dem enthaltenden Verzeichnis ist, die dafür aber eine chroot()-Umgebung aufsetzt, in der dieses Programm ablaufen kann. Dadurch, daß das Programm in der chroot()-Umgebung eingesperrt ist, wird ein zusätzlicher Grad an Sicherheit erreicht.\nAufbau des MySQL-Datenbankservers und Interaktion mit PHP Viele PHP-Programme verwenden einen MySQL-Datenbankserver als Backend zur Speicherung und Auswertung von Daten. Als Datenbank für Webserver ist MySQL besonders geeignet, da MySQL Connections vom PHP-Interpreter zum Datenbankserver sehr schnell errichten und wieder trennen kann und da MySQL im Gegensatz zu \u0026ldquo;echten\u0026rdquo; Datenbanken auf saubere Verwaltung von Transaktionen verzichtet und daher verschiedene Operationen sehr viel schneller abwickeln kann als vollständige SQL-Datenbanken. Für Webanwendungen ist dies ideal, da diese in ihrer Mehrzahl eher geringe Ansprüche an die Transaktionsfähigkeit der Datenbank stellen, dafür aber sehr viele parallele Sessions erzeugen können.\nUm abschätzen zu können, in welche Situation man die Datenbank bringt, wenn man sie als Backend an einem Webserver betreibt, muss man wieder die beiden Fälle CGI PHP und mod_php unterscheiden.\nIn CGI PHP wird auf einer Webseite irgendwann einmal ein mysql_connect() oder mysql_pconnect() ausgeführt. PHP stellt in diesem Moment eine Verbindung zu Datenbank her und arbeitet dann mit dieser Verbindung. Spätestens am Ende der Seite endet das PHP-Programm und mit ihm auch der PHP-Interpreterprozeß selbst.\nDadurch werden alle Filehandles dieses Prozesses geschlossen, also auch die Datenbankverbindung. CGI PHP wird also in schneller Folge Datenbankverbindungen öffnen und schließen, und es wird maximal so viele Datenbankverbindungen geben, wie es parallele PHP-Interpreter geben kann, nämlich MaxClients viele. Man muss den Datenbankserver vom RAM und vom Serverprozeß her so konfigurieren, daß er mit einer solchen Anzahl von parallelen Sessions fertig werden kann!\nWenn in mod_php mit mysql_connect() gearbeitet wird, verhält es sich exakt so wie CGI PHP: Am Ende der Webseite wird die Datenbankverbindung geschlossen. Anders bei mysql_pconnect(): Da der Interpreter als Modul Bestandteil des Bearbeiterprozesses des Webservers ist, kann dieser die Verbindung auch nach dem Ende der Webseite offen halten. Fordert später eine andere Webseite eine Verbindung mit denselben Host/User/Paßwort-Daten an, kann der Bearbeiterprozeß diese existierende Verbindung anbieten, anstatt erneut eine solche Verbindung eröffnen zu müssen. Bei mysql_pconnect() hat dies wegen der Geschwindigkeit von MySQL nur vergleichsweise geringe Auswirkungen; verwendet man hingegen Oracle, sind mod_php und ora_plogon() absolut essenziell, wenn man Performance braucht.\nJeder Bearbeiterprozeß muss für sich alleine einen Connect zum Datenbankserver offen halten, da solche Connects nicht zwischen unterschiedlichen Prozessen austauschbar sind. Ein einzelner Bearbeiterprozeß hält jedoch unter Umständen mehrere Datenbankconnects mit unterschiedlichen User/Paßwort-Kombinationen offen, wenn dies in der Konfiguration so vorkommt. Man muss daher im Extremfall auf dem Datenbankserver mit MaxClients mal \u0026ldquo;Anzahl der vorkommenden User/Paßwort-Kombinationen\u0026rdquo; vielen parallelen Connects klarkommen. Es ist klar, daß sich dies schlecht skaliert.\nPHP geht bei der Verwaltung von MySQL-Datenbankverbindungen übrigens von der falschen Annahme aus, daß eine Datenbankverbindung zustandslos ist und daher gefahrlos wiederverwendet werden könne, wenn ein zweiter Connect mit derselben Username/Paßwort/Hostname-Kombination gemacht wird. Man kann dies beobachten, indem man das folgende Stück Code ausführen läßt:\nkk@land:~/Source/php3 \u0026gt; ./php \u0026lt;?php $link = mysql_connect(\u0026#34;localhost\u0026#34;, \u0026#34;kk\u0026#34;, \u0026#34;\u0026#34;); print $link.\u0026#34;\\n\u0026#34;; Content-type: text/html 1 $link2 = mysql_connect(\u0026#34;localhost\u0026#34;, \u0026#34;kk\u0026#34;, \u0026#34;\u0026#34;); print $link2.\u0026#34;\\n\u0026#34;; 1 Obwohl hier zwei verschiedene MySQL-Datenbankverbindungen geöffnet werden sollen, wird in beiden Fällen dieselbe Link-ID zurückgeliefert. Es handelt sich also in beiden Fällen um dieselbe Datenbankverbindung. Dies wird in dem Moment zum Problem, wo der Zustand der Datenbank, der per Link-ID verwaltet wird, sich ändert. In MySQL gehört zu diesem Zustand der Name der aktuellen logischen Database, mit der gearbeitet wird. Wird diese Database mittels \u0026ldquo;use \u0026rdquo; oder mit Hilfe von mysq_select_db() verändert, wirkt sich die Änderung auf die beiden vermeintlich unabhängigen Datenbankverbindungen aus. Abhilfe schafft hier nur, entweder nur mit einer einzigen Datenbank zu arbeiten oder mit Hilfe von mehreren unterschiedlichen Benutzernamen unterschiedliche Datenbankverbindungen zu erzwingen.\nEin ähnliches, noch viel gefährlicheres Problem erleidet man mit Oracle, denn dort gehört die derzeit aktive Transaktion zum Zustand der Datenbankverbindung - ein COMMIT oder ROLLBACK wirkt sich hier auf beide vermeintlich unabhängigen Verbindungen aus.\nDer Datenbankserver erlaubt mit einer Ausnahme keine Interaktion eines Anwenders mit dem Dateisystem. Alle Änderungen sind also ausschließlich auf Datensätze innerhalb der Datenbank beschränkt. Die Ausnahme ist das Laden von Daten in die Datenbank mit LOAD DATA INFILE, das die Übernahme von beliebigen Daten mit zeilenweiser Satzstruktur in Datenbanktabellen erlaubt. Um diese Operation durchführen zu können, benötigt der aktuelle Benutzer in MySQL file_priv = 'y' für seinen Benutzereintrag in der Tabelle mysql.user. Das Recht kann nicht datenbankbezogen, sondern nur benutzerbezogen vergeben werden.\nNeuere Versionen von MySQL erlauben statt dessen LOAD DATA INFILE LOCAL, bei denen der Lesezugriff nicht durch den Datenbankserver und mit den Rechten des Datenbankservers erfolgt, sondern stattdessen durch den Client (PHP) und mit den Rechten des Clients. Dies ist zwar langsamer, aber sicherer und benötigt keine besonderen Privilegien. Es ist empfehlenswert, immer LOAD DATA INFILE LOCAL zu verwenden. Beim Load sehr großer Tabellen kann es jedoch notwendig werden, die CPU-Zeitbegrenzung des PHP-Interpreters hochzusetzen.\nIm Übrigen ist zu beachten, daß es der PHP-Interpreter ist, der sich an den Datenbankserver connected, und nicht der Browser des Anwenders. Die MySQL-Ports können daher an der Firewall problemlos abgedichtet werden, um direkte Zugriffe eines Anwenders an PHP vorbei auf den Datenbankserver zu verhindern:\n|| ||\u0026lt;--- connect --- mysql-Client || Port 2042 || MySQL \u0026lt;--- connect --- PHP \u0026lt;--- || --- connect --- Browser Port 2042 \u0026amp; || Port 80 httpd || Firewall läßt nur Port 80 durch Grenzen von Vertrauen Die Firewall definiert in diesem System eine Grenze (\u0026ldquo;Trust Boundary\u0026rdquo;) zwischen dem Internet mit potenziell gefährlichen Daten und dem Intranet, in dem vertrauenswürdige Anwendungen vertrauenswürdige Informationen halten. Daten kreuzen diese Grenze in beide Richtungen, und es ist dringend erforderlich, diesen Übergängen besondere Aufmerksamkeit zu widmen.\nÜbergänge von innen nach außen Übergänge von drinnen nach draußen sind vergleichsweise einfach abzuhandeln, da es sich um Übergänge aus einem Bereich mit hohem Vertrauen in einen Bereich mit weniger hohem Vertrauen handelt. Besondere Maßnahmen muss man hier genau dann ergreifen, wenn man für die herausgegebenen Daten etwas garantieren möchte: Etwa daß sie beim Empfänger unverfälscht oder gar nicht ankommen oder daß außer dem Empfänger niemand Kenntnis von den Daten bekommen kann oder daß der Empfänger sicher sein kann, daß er tatsächlich mit dem Webserver und nicht mit einem Angreifer redet, der sich als der Webserver ausgibt.\nIn allen diesen Fällen ist der Einsatz von SSL auf dem Server empfehlenswert. Eine SSL-Verbindung ist wie ein gepanzerter Tunnel zwischen dem Webserverprozeß auf dem Server und dem Browserprozeß beim Abrufer. Er kann durch Dritte nicht eingesehen werden, und die Daten, die darin fließen, können durch Dritte nicht verfälscht werden. Durch ein Server-Zertifikat kann der Abrufer außerdem sicher sein, daß das andere Ende des Tunnels wirklich beim Webserver liegt und nicht bei jemand anderen.\nZwar ist eine Anwendung leicht auf SSL umzustellen (es muss nämlich bis auf die verwendeten URLs nichts angepasst werden), aber die Kosten für den Einsatz von SSL sind dennoch recht hoch. SSL setzt auf der TCP/IP-Ebene an; es schiebt sich quasi als Schutzschicht zwischen die Schichten 4 und 5 des OSI-Protokollstacks.\n+- Anwendungsprogramm----+ +- Anwendungsprogramm----+---+ | Anwendungsschicht | | Anwendungsschicht |SSL| +------------------------+ +------------------------+API| | Präsentationsschicht | | Präsentationsschicht | | +------------------------+ +------------------------+ | | Sitzungschicht | | Sitzungschicht | | +------------------------+ +------------------------+ | | SSL-Verschlüsselung | +----------------------------+ Userland ===================================================================== Kernel +- Betriebssystem -------+ +- Betriebssystem -------+ | Transportschicht (TCP) | | Transportschicht (TCP) | +------------------------+ +------------------------+ | Netzwerkschicht (IP) | | Netzwerkschicht (IP) | +------------------------+ +------------------------+ +- Gerätetreiber --------+ +- Gerätetreiber --------+ | Verbindungsschicht | | Verbindungsschicht | +------------------------+ +------------------------+ | Physikalische Schicht | | Physikalische Schicht | +------------------------+ +------------------------+ Dies bedeutet, daß bei dem Abruf einer Webseite per SSL zuerst die TCP/IP-Netzwerkverbindung, dann die SSL-Zertifikate ausgetauscht werden und danach erst die HTTP-Requests übertragen werden. Da beim HTTP-Request mit dem Host-Header festgelegt wird, welchen virtuellen Webserver die Anwendung sprechen will, aber zuvor schon die SSL-Zertifikate ausgetauscht werden, ist es nicht möglich, verschiedene SSL-Server mit derselben IP-Nummer zu betreiben. Stattdessen müssen SSL-Server auf IP-basierte virtuelle Hosts aufgesetzt werden, und jeder SSL-Server verbraucht eine IP-Nummer.\nDazu kommt, daß anders als bei unverschlüsseltem HTTP eine SSL-Verbindung nicht mit HTTP/1.1 Keepalive offen gehalten werden kann. Anderenfalls könnte man nämlich recht leicht einen Angriff mit bekannten Klartexten gegen den Server fahren: Würde ein SSL-Server eine Verbindung mit Keepalive offen halten, würden nach Austausch der Zertifikate Session-Keys ausgetauscht werden. Mit diesen Session-Keys verschlüsselte Daten würden dann über die SSL-Verbindung ausgetauscht werden. Wird die Verbindung für mehr als einen Request benutzt, sind die Chancen gut, daß geheime Daten (etwa die Kreditkartennummer) und bekannte Daten (etwa ein Logo-GIF) über dieselbe Verbindung mit demselben Session-Key verschlüsselt übertragen werden. Ist dies der Fall, kann man mit Hilfe der bekannten Daten nach dem verwendeten Session-Key suchen und dann die unbekannten Daten entschlüsseln.\nDadurch, daß SSL-Verbindungen die Vorteile von HTTP/1.1 Keepalives nicht nutzen können, müssen sie für jede einzelne Komponente einer Webseite eine neue Verbindung aufbauen. Diese einzelnen Verbindungen sind nicht nur ständig durch den TCP-Slow-Start gebremst, sondern müssen ebenfalls ständig neu Verschlüsselungsverfahren und Session-Keys aushandeln, was zusätzliche Datenaustausche zwischen den beiden Partnern notwendig macht - jeder dieser Datenaustausche dauert jedoch eine Umlaufzeit (die Zeit, die von Ping als RTT ausgegeben wird). Es ist also sehr viel damit geholfen, SSL-Seiten so aufzubauen, daß sie aus möglichst wenigen Komponenten zusammengesetzt sind, also wenige Bilder und Plugins enthalten, die getrennt nachgeladen werden müssen. Über diesen Verzögerungswerten kann man die zusätzliche Belastung der CPU durch Verschlüsselung und Kompression beinahe vernachlässigen.\nWeil SSL-Verbindungen gleich oberhalb der TCP-Ebene verschlüsseln, sind nicht nur die übertragenen Daten verschlüsselt, sondern auch alle HTTP-Header. Ein Angreifer kann also ebenfalls nicht erkennen, welche Seiten abgerufen werden und welcher Art die zurückgelieferten Daten sind. Dies hat Auswirkungen auf Proxy-Server, auf den Jugendschutz, falls dieser auf filternde Proxy-Server zurückgreift, und auf den Virenschutz, falls dieser auf einen zentralen Scanner auf einem Proxy zurückgreift: Selbst wenn man mit jedem Request dieselben Daten abriefe und nicht über Zertifikate nachdächte, würden wegen des wechselnden Session-Keys die abgerufenen Daten bei jedem Request anders aussehen, und der Proxy hätte, falls er Filterfunktionen wahrnehmen sollte, keine Informationen über die tatsächliche Natur der abgerufenen Daten. SSL-Verbindungen machen also zentrale Scanmechanismen unbrauchbar. Sie sind mit Absicht so designed worden.\nÜbergänge von außen nach innen und die Notwendigkeit von Sessions Werden Daten von außen nach innen in die Zone höheren Vertrauens importiert, muss mit noch mehr Aufmerksamkeit gearbeitet werden, denn die importierten Daten können prinzipiell bösartig sein und müssen so schnell und so gründlich wie möglich dekontaminiert werden.\nDie Anwendung läuft bei Webprogrammen zum Teil auf dem Browser des Anwenders, und dieser liegt außerhalb der Vertrauensgrenze unseres Systems. Man kann nicht davon ausgehen, daß der Browser des Anwenders bestimmten Anforderungen genügt, und man kann daher nicht voraussetzen, daß die gelieferten Daten bestimmten Anforderungen genügen, bevor diese Anforderungen nicht alle einzeln abgetestet worden sind.\nMan kann beispielweise ein Formular an den Browser des Anwenders schicken, und dieses Formular kann in Javascript geschriebene Validatoren enthalten, die sicherstellen, daß in numerischen Feldern auch nur Ziffern enthalten sind und so weiter. Man kann nicht voraussetzen, daß der Browser des Anwenders Javascript interpretiert, da diese Funktionalität ggf. ausgeschaltet oder gar nicht vorhanden ist. Es ist auch denkbar, daß eine Firewall auf dem Weg zum Abrufer jeden aktiven Content aus Seiten herausfiltert und daß daher Javascript gar nicht beim Browser ankommen kann. Es wäre weiterhin denkbar, daß die Anwendung zwar ein Formular mit Javascript zum Anwender gesendet hat, dort aber gar kein Browser läuft, sondern der Anwender stattdessen seine Requests und die Replies manuell mit \u0026ldquo;telnet\u0026rdquo; bearbeitet. Dann wäre der Anwender prinzipiell in der Lage, beliebig defekte Daten einzuliefern.\nMan kann ebenfalls nicht davon ausgehen, daß die Daten, die der Anwender abgesendet hat, und die Daten, die der Webserver erhält, identisch sind. Eine Instanz auf dem Weg - ein Proxy oder ein Angreifer - könnten diese Daten verändern oder veraltete Daten zurücksenden.\nEs bleibt also nicht anderes übrig, als alle Daten beim Erhalt und beim Eintritt in die Zone hohen Vertrauens genauestens zu prüfen. Danach müssen diese Daten in der Zone hohen Vertrauens verbleiben und dürfen diese nicht mehr verlassen - täten sie es, müßten sie beim Wiedereintritt in die Zone hohen Vertrauens erneut geprüft werden. Es ist daher keine gute Idee, Daten in Form von über mehrere Formulare hinweg mitzuschleppen - in einem solchen Fall würden die Daten nämlich ständig zwischen der Zone hohen Vertrauens auf unserer Seite des Netzes und der entfernten Anwendung hin- und herwechseln und bei jedem neuen Request erneut aus der einen und die andere Zone wechseln. Solch eine Anwendung ist konstruktionsbedingt nicht sicher zu bekommen.\nBesser und sicherer ist es, mit einer Session-Verwaltung zu arbeiten. In einem solchen Modell wird der Browser-Client durch eine eindeutige Kennziffer identifiziert, und über diese Kennziffer wird ein Datensatz innerhalb der Trust Boundary an den Browser gebunden.\n|| Trust Boundary || +-------------+ || +--------+ | Server |\u0026lt;----- Request ------ | Client | +-------------+ mit ID || +--------+ | | referenziert Datensatz mit ID | +-|--------+ +--|-------+| +---v------+|| | Client- ||+ | Daten |+ +----------+ Daten, die die Trust Boundary einmal passiert haben, verbleiben nun auf der Serverseite und können durch den Client nicht mehr direkt manipuliert werden. Der Client kann nur noch mittelbar durch Veränderung der Session-ID versuchen, einen anderen Datensatz mit anderen Daten zu referenzieren. Daraus folgt, daß die Session-ID selbst keine fortlaufende Nummer oder eine andere vorhersagbare und ratbare Zahl sein darf.\nIn der Praxis hat es sich bei PHP bewährt, das Konstrukt md5(uniqid(\u0026quot;geheim\u0026quot;)) zu verwenden. Die Funktion uniqid(\u0026quot;somestring\u0026quot;) liefert einen auf der aktuellen Uhrzeit basierenden String, der mit dem Prefix \u0026ldquo;somestring\u0026rdquo; anfängt. Durch die Anwendung der Hashfunktion md5() wird daraus eine 128 Bit lange (32 Hexziffern lange) Zahl, aus der nicht auf den Ausgangsstring geschlossen werden kann. Wenn die ungefähre Uhrzeit des Servers bekannt ist, zu dem eine bestimmte Session gestartet ist, kann man jedoch versuchen, die Session-ID zu erraten. Daher ist es wichtig, daß jede Anwendung einen anderen, geheimgehaltenen Prefix-String \u0026ldquo;geheim\u0026rdquo; als Salt für ihre Session-IDs verwendet.\nUm die Sessiondaten an einen Browser zu binden, muss bei jedem Request die Session-ID vom Browser mitgeschickt werden. Am einfachsten erreicht man dies mit Hilfes eines Session-Cookies, der im Browser gesetzt wird. Dies hat außerdem den Vorteil, daß die ID nicht Bestandteil der URL wird und daher auch nicht mit gebookmarked werden kann oder gar als Bestandteil einer URL mit abgedruckt wird.\nNimmt der Browser des Anwenders jedoch keine Cookies an, muss man sich auf eine andere Methode der Übergabe der ID zurückziehen, bei der die Session-ID mit in die URL eingebaut wird. Denkbar sind hier prinzipiell zwei Verfahren: Die ID kann entweder als GET-Parameter an die URL angehängt (http://www.kunde.de/index.php3?Example_Session=0d0a...) werden oder sie kann als Pfadkomponente mit in die URL eingebaut werden (http://www.kunde.de/Example_Session=0d0a../index.php3). Erstere Methode hat den Vorteil, direkt einsetzbar zu sein, letztere macht es notwendig, Name der Session und ID mit Hilfe von mod_rewrite aus der URL herauszuholen, um den Zugriff auf die Daten zu erlauben.\nDie Daten, die zu der Session gehören, müssen auf der Servermaschine auf irgendeine Weise gespeichert werden. PHP4 verwendet zu diesem Zweck ein Verzeichnis mit einer Datei pro Session, PHPLIB verwendet stattdessen traditionell eine Datenbank, kann aber seit Version 7 auch mit anderen Speichermethoden arbeiten, etwa mit einfachen Dateien, mit DBM-Datenbanken, mit einem LDAP-Server, oder mit Shared Memory. In jedem Fall sollten diese Speicher unter derselben administrativen Kontrolle stehen wie der Webserver, damit keine Trust Boundary überschritten wird.\nDatenquellen von außerhalb Nun kann eine Anwendung nur noch entweder die vorgegebene Session-ID verwenden oder die Session-ID verwerfen. Im ersten Fall funktioniert die Anwendung wie beabsichtigt, im zweiten Fall wird einfach eine neue Session gestartet und initialisiert. Beides sind definierte Zustände, die die Sicherheit des Systems nicht gefährden können und bei denen keinesfalls Daten aus einer Session in eine andere Session hinüberdiffundieren können.\nEinige Systeme zur Verwaltung von Sessions und Session-IDs merken sich zu jeder Session auch die IP-Nummer, aus der die Session kommt. Auf diese Weise soll verhindert werden, daß ein Angreifer eine Session-ID ausschnüffelt und mit dieser ID dann die Session übernimmt. In der Praxis ist dies jedoch keine gute Idee, weil sich die IP-Nummer, mit der eine Session an einem Browser erscheint, ändern kann. Dies ist zum Beispiel dann der Fall, wenn der Abrufer auf den Server über ein Netz von Proxyservern zugreift: Hier kann die vom Webserver gesehene IP-Nummer mit jedem Zugriff wechseln, je nach der Lastverteilung auf den Proxyservern. In dieser Situation befinden sich viele Benutzer im WiN, bei AOL und bei T-Online. Ebenfalls wechseln kann die IP-Nummer bei Benutzern, die per Dialup-PPP eine IP-Nummer dynamisch zugewiesen bekommen und bei denen sich die PPP-Verbindung kurzzeitig abgebaut hat.\nSobald sichergestellt ist, daß Daten nicht zwischen Sessions überspringen können, kann man daran gehen, die Wege zu sichern, auf denen Daten in eine Session übernommen werden können. In PHP gibt es prinzipiell die folgenden Wege, auf denen eine Anwendung Daten von jenseits der Trust Boundary übernehmen kann:\nals GET-Parameter als POST-Parameter als Cookie-Data GET- und POST-Parameter müssen bzw. können der Anwendung in codierter Form übergeben werden. Wenn die Daten von der Anwendung nicht ausschließlich in einer Standardform (nämlich decodiert) verarbeitet werden, kann es dazu kommen, daß es mehrere äquivalente Darstellungen derselben Werte gibt. Zum Beispiel sind \u0026ldquo;hello+world\u0026rdquo;, \u0026ldquo;hello%20world\u0026rdquo; und \u0026ldquo;hello world\u0026rdquo; drei äquivalente Darstellungen desselben Strings. Arbeitet man mit Stringoperationen auf solchen Daten, kann es zu Anomalien kommen, bei denen ein Suchmuster oder Substring in einem Fall auf die Daten paßt, in einem anderen Fall jedoch nicht. Es ist also wichtig, die Daten ggf. erst vollständig zu decodieren und dann erst Suchmuster und Stringerkennungen auf sie anzuwenden.\nGET-Parameter sind Bestandteil der URL und unterliegen daher denselben Beschränkungen wie URLs. Sie können keine Leerzeichen sowie gewisse Sonderzeichen nicht enthalten, und ihre Länge ist begrenzt - daher überhaupt die Notwendigkeit einer URL-Codierung und alternativer Darstellungen.\nPOST-Parameter werden wie unten gezeigt anders übermittelt, als Bestandteil des Body eines Requests, doch auch sie kommen codiert über die Leitung. Cookies werden als Cookie-Headerzeilen übermittelt.\nkris@valiant:/usr/doc/packages/netcat \u0026gt; netcat -l -p 8080 -v listening on [any] 8080 ... connect to [193.102.57.3] from valiant.koehntopp.de [193.102.57.3] 1433 POST / HTTP/1.0 Referer: http://valiant:8080/ Connection: Keep-Alive User-Agent: Mozilla/4.61 [en] (X11; U; Linux 2.2.10 i586) Host: valiant:8080 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* Accept-Encoding: gzip Accept-Language: German, de, en Accept-Charset: iso-8859-1,*,utf-8 Content-type: application/x-www-form-urlencoded Content-length: 19 probe=lala\u0026amp;amp;doit=los PHP importiert alle diese Eingaben defaultmäßig als globale Variablen in das Programm. Benötigte Decodierungen werden dabei automatisch vorgenommen, ggf. werden die Eingabewerte auch automatisch wieder für den Transfer in eine SQL-Datenbank codiert, falls magic_quotes_gpc konfiguriert ist (dies ist gelegentlich praktisch, aber meist unerwünscht). Zusätzlich werden alle Eingabedaten je nach Herkunft noch in die drei Hashes HTTP_GET_VARS[], HTTP_POST_VARS[] und HTTP_COOKIE_VARS[] einsortiert.\nPrinzipiell ist es möglich, daß ein GET-Parameter, ein POST-Parameter und ein Cookie dieselben Namen verwenden. Hier steht derjenige Wert in einer globalen Variablen zur Verfügung, der als letzter importiert wird. Die Reihenfolge des Imports kann man mit der Konfigurationsvariablen gpc_order bestimmen (Default ist \u0026ldquo;gpc\u0026rdquo;). In PHP4 und in PHPLIB überschreiben Sessionvariablen aus vertrauenswürdigen Quellen Werte, die per gpc aus einer nicht vertrauenswürdigen Quelle geholt wurden. Dadurch werden eine ganze Menge potentielle Sicherheitsprobleme vermieden.\nDateien und Upload Indem man ein Formular erzeugt, das mit der Methode \u0026ldquo;POST\u0026rdquo; submitted wird und das einen besonderen Encoding-Type hat, kann man auch Webformulare bauen, die den Upload von Dateien ermöglichen. Ein solches Formular sieht minimal so aus:\nkk@land:~ \u0026gt; netcat -l -p 8080 -v listening on [any] 8080 ... connect to [192.168.254.57] from lenz.intern.netuse.de [192.168.254.43] 2190 GET / HTTP/1.0 User-Agent: Mozilla/4.6 [en] (Linux; Alpha) Host: land:8080 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* Accept-Encoding: gzip Accept-Language: de-DE,de,en Accept-Charset: iso-8859-1,*,utf-8 \u0026lt;h1\u0026gt;Hallo\u0026lt;/h1\u0026gt; \u0026lt;form action=\u0026#34;http://land:8080/\u0026#34; method=post enctype=\u0026#34;multipart/form-data\u0026#34;\u0026gt; \u0026lt;input type=\u0026#34;file\u0026#34; name=\u0026#34;probe\u0026#34;\u0026gt; \u0026lt;input type=\u0026#34;submit\u0026#34; value=\u0026#34;los\u0026#34;\u0026gt; \u0026lt;/form\u0026gt; punt! In diesem Formular eingetragene Daten werden in Form eines MIME-Multipart-Dokumentes an den Server zurückübermittelt. Der Aufbau der Daten ist vergleichsweise kompliziert, aber zum Glück kümmert sich PHP um die Decodierung aller Daten:\nkk@land:~ \u0026gt; netcat -l -p 8080 -v listening on [any] 8080 ... connect to [192.168.254.57] from lenz.intern.netuse.de [192.168.254.43] 2193 POST / HTTP/1.0 Referer: http://land:8080/ User-Agent: Mozilla/4.6 [en] (Linux; Alpha) Host: land:8080 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* Accept-Encoding: gzip Accept-Language: de-DE,de,en Accept-Charset: iso-8859-1,*,utf-8 Content-type: multipart/form-data; boundary=---------------------------247491297412345 Content-Length: 225 -----------------------------247491297412345 Content-Disposition: form-data; name=\u0026#34;probe\u0026#34;; filename=\u0026#34;K:\\Kunden\\Netcologne\\probe.txt\u0026#34; Content-Type: text/plain Dateiinhalt -----------------------------247491297412345-- \u0026lt;h1\u0026gt;Danke.\u0026lt;/h1\u0026gt; punt! PHP verarbeitet diese Eingaben wie alle anderen Eingabedaten automatisch. Es legt die Datei in einem temporären Verzeichnis ab und stellen den Namen und die Größe der Datei in einigen Variablen zur Verfügung, deren Namen von dem Namen des \u0026lt;input type=\u0026quot;file\u0026quot;\u0026gt;-Tags abgeleitet werden: Für den Tagnamen probe werden diese Variablen erzeugt:\n$probe Name der Datei im temporären Verzeichnis auf dem Server. $probe_name Name der Datei auf dem System des Anwenders. $probe_size Größe der Datei in Bytes. $probe_type Typ der Datei als MIME-Type. Mithilfe der beiden PHP3-Konfigurationseinstellungen upload_tmp_dir und upload_max_filesize kann man serverseitig kontrollieren, wie groß die hoch geschickten Dateien maximal werden können und in welchem Verzeichnis sie abgelegt werden. Wenn man die Datei nach dem Ende der Seite behalten möchte, muss man sie kopieren oder umbenennen: PHP löscht die Upload-Datei am Ende der Seite. Ein Einstellen der Größenbegrenzung begrenzt jedoch nicht wirklich den Plattenplatz, der auf dem Server von PHP durch Fileupload verbraucht wird: Aus technischen Gründen muss PHP die Datei zunächst empfangen und kann sie erst dann verwerfen, wenn sie zu groß ist. Seit PHP 3.0.10 kann mehr als eine Datei pro Formular hochgeladen werden.\nEingabedaten dekontaminieren Eingabedaten, die aus einem Bereich mit niedrigem Vertrauen in einen Bereich mit höheren Vertrauen überwechseln, müssen auf Unbedenklichkeit geprüft werden. Es ist sonst möglich, die Eingabedaten zu verwenden, um auf der Webservermaschine Schaden anzurichten, der letztendlich bis zur Übernahme der Maschine (und weiterer Maschinen im selben Netz) durch Angreifer reichen kann.\nEin typisches Beispiel für Vertrauen in Daten aus einem nicht vertrauenswürdigen Bereich ist das folgende Script: Gegeben sei eine Funktion, die einen Datensatz des gerade angemeldeten Benutzers in einer Tabelle anzeigt.\n\u0026lt;? $db = new DB_Example; $db-\u0026gt;query(\u0026#34;select * from sometable where key = \u0026#39;$PHP_AUTH_USER\u0026#39;\u0026#34;); $db-\u0026gt;next_record(); ?\u0026gt; \u0026lt;form action=\u0026#34;doit.php3\u0026#34;\u0026gt;\u0026lt;table\u0026gt; \u0026lt;input type=\u0026#34;hidden\u0026#34; name=\u0026#34;f_key\u0026#34; value=\u0026#34;\u0026lt;? $db-\u0026gt;p(\u0026#34;key\u0026#34;) ?\u0026gt;\u0026#34;\u0026gt; \u0026lt;tr\u0026gt;\u0026lt;td\u0026gt;\u0026lt;input type=\u0026#34;text\u0026#34; name=\u0026#34;f_name\u0026#34; value=\u0026#34;\u0026lt;? $db-\u0026gt;p(\u0026#34;name\u0026#34;) ?\u0026gt;\u0026#34;\u0026gt;\u0026lt;/td\u0026gt;\u0026lt;/tr\u0026gt; \u0026lt;tr\u0026gt;\u0026lt;td\u0026gt;\u0026lt;input type=\u0026#34;text\u0026#34; name=\u0026#34;f_vorname\u0026#34; value=\u0026#34;\u0026lt;? $db-\u0026gt;p(\u0026#34;vorname\u0026#34;) ?\u0026gt;\u0026#34;\u0026gt;\u0026lt;/td\u0026gt;\u0026lt;/tr\u0026gt; \u0026lt;tr\u0026gt;\u0026lt;td\u0026gt;\u0026lt;input type=\u0026#34;text\u0026#34; name=\u0026#34;f_credits\u0026#34; value=\u0026#34;\u0026lt;? $db-\u0026gt;p(\u0026#34;credits\u0026#34;) ?\u0026gt;\u0026#34;\u0026gt;\u0026lt;/td\u0026gt;\u0026lt;/tr\u0026gt; \u0026lt;tr\u0026gt;\u0026lt;td align=\u0026#34;right\u0026#34;\u0026gt;\u0026lt;input type=\u0026#34;submit\u0026#34; name=\u0026#34;doit\u0026#34; value=\u0026#34;Absenden\u0026#34;\u0026gt;\u0026lt;/td\u0026gt;\u0026lt;/tr\u0026gt; \u0026lt;/table\u0026gt;\u0026lt;/form\u0026gt; In diesem Script wird eine Tabelle mit drei bearbeitbaren Eingabefeldern f_vorname, f_name und f_credits generiert. Die Selektionsbedingung im SQL sorgt dafür, daß nur der Datensatz des angemeldeten Benutzers angezeigt wird. Es wird jedoch auch ein Eingabefeld erzeugt, das den Namen des aktuellen Benutzers enthält. Übernimmt das Zielscript doit.php3 diese Daten ungeprüft, kann der bearbeitende Anwender einfach eine URL wie\nhttp://www.server.de/doit.php3?f_key=someuser\u0026amp;amp;f_name=some+name\u0026amp;amp;f_vorname=some+other+name\u0026amp;amp;f_credits=10000 abrufen und damit beliebige Datensätze bearbeiten. Das Script doit.php3 darf sich nicht darauf verlassen, daß der Inhalt von f_key, der zurückgesendet wird, derselbe Inhalt ist, der ursprünglich erzeugt wurde. Besser wäre es, den Wert von f_key auf der Serverseite zu halten (etwa als eine zu einer Session gehörende Variable) und nur die Werte f_vorname und f_name zu akzeptieren.\nEingabedaten, die aus einem Bereich niedrigen Vertrauens stammen, haben in einem Programm als giftig, als kontaminiert, zu gelten. Auch alle anderen Variablen, in denen aus kontaminierten Werten abgeleitete Werte abgelegt werden, sind automatisch als kontaminiert anzusehen. Am günstigsten ist es, alle nicht vertrauenswürdigen Daten durch eine Dekontaminierungsfunktion, einen Validator, zu schleusen und dann mit den sauberen Werten weiter zu arbeiten.\nDies kann zum Beispiel mit Code wie dem folgenden geschehen:\n\u0026lt;? // $key kommt aus der Session und ist automatisch gesetzt $vorname = check_alnumspace($f_vorname); $name = check_alnumspace($f_name); $credits = check_numeric($f_credits); ?\u0026gt; Die Funktionen check_alnumspace() und check_numeric() sind hier im Beispiel dann einfache Funktionen, die die Eingabedaten auf erlaubte Zeichen abprüfen.\n\u0026lt;? function check_alnumspace($in) { if (eregi(\u0026#34;[^a-zäöüß0-9 ]+\u0026#34;, $in) { return false; } return $in; } function check_numeric($in) { if (ereg(\u0026#34;[^0-9]\u0026#34;, $in) { return false; } return $in+0; } ?\u0026gt; Diese Beispielfunktionen liefern entweder den Eingabestring zurück, wenn dieser nur erlaubte Zeichen enthält oder den Wert false, falls der Eingabestring verdächtigt aussieht. Die Anwendung muss nun damit rechnen, daß die Felder $vorname, $name und $credits leer (false) sein können, kann sich aber darauf verlassen, daß die Strings das erwartete Aussehen haben, wenn sie nicht leer sind.\nEiner der größten Fehler, den man machen kann, ist es, die Eingabedaten nicht zu dekontaminieren und sie dann in eine Datenbank, eine Datei oder eine andere vertrauenswürdige Datenquelle zu schreiben. Nun werden nämlich alle Folgeanwendungen die nicht vertrauenswürdigen und ungeprüften Daten aus einer vertrauenswürdigen Datenquelle laden und ihnen ohne weitere Prüfung vertrauen.\n","date":"1999-10-15T00:00:00Z","href":"https://blog.koehntopp.info/1999/10/15/webserver-verstehen-und-tunen.html","tags":["lang_de","php","web"],"title":"Webserver verstehen und tunen"},{"categories":null,"content":"von Thomas Roessler und Kristian Köhntopp\nAm Rande der Konferenz Wizards of OS (1999) fand eine Anhörung des BMWi zum Thema \u0026ldquo;Open Source Software\u0026rdquo; statt. Dabei wurde der volkswirtschaftliche Nutzen von Open Source Software erörtert und es kam die Frage auf, ob man die Entwicklung von Open Source fördern könne, ohne gewachsene Strukturen zu zerstören und inwieweit dies sinnvoll wäre.\nDieses Papier entstand auf Initiative von Thomas Roessler und ich hatte Gelegenheit, einige Ideen und Vorschläge einzubringen. (Mitte/Ende 1999)\nThe Net is famous for changing rapidly, and being a rapid medium for discussion and innovation. The transaction costs over the net are low. The Net enables international, fast, and effective communication and cooperation.\nThis has various effects.\nE-commerce and the mythical web-year. Among the much-hyped e-merchants, it\u0026rsquo;s \u0026ldquo;be faster or perish\u0026rdquo;. Small organizations are generally faster and have less problems to fully exploit the low transaction costs offered by the Net, thus acquiring new, international markets, and endangering larger competitors\u0026rsquo; market positions.\nFree software. Over the last years, we are observing that Free Software which can be modified and shared by every user is gaining market impact. The average free software project has collaborators from all around the world, and it has been translated to at least a dozen languages, possibly including obscure and rarely-spoken ones. Typically, few if any of the participants have ever met in reality.\nSuch cooperations are made possible by the fact that the average home user can utilize a world-wide data network at moderate cost to share source code, experience, and thoughts.\nOrganizations which wish to work with the free software community should be prepared to act at similar speed and with similar efficiency as this community.\nIn the present document, we explore how funding and support mechanisms interact with the development model behind free software. We come to the conclusion that funding free software projects is difficult, and that standard funding procedures may not be suitable, since they impose transaction costs which are close to or possibly beyond the amount of funding which would actually be granted, and which are beyond what a free software project can invest.\nIn addition, we note that there are structural requirements for effective free software development. Political and financial support should try to address these requirements and make sure that the general climate which lets free software development flourish is preserved or even improved.\n1. Free software development 1.1 The Process Typical free software development starts with a small group of persons who try to solve specific problems, or want to realize an idea. This initial group will create fundamental, and probably running code which does at least solve some part of the initial problem.\nThis initial implementation is published on the Net. Others learn about it, find it useful or interesting, and start to either implement things which are generally to be done, or which are needed for their own applications. This way, the group using and maintaining the free software product will grow, in turn leading to great speed of development.\nRecent numerical evidence from the fetchmail project (which shows a logarithmic growth curve with time), and general experience indicates that, depending of the kind of free software product, development will eventually slow down or even come close to a halt, once certain objectives have been fulfilled.\nHowever, new ideas about how things can be done and what should be done may lead to the effect that certain dedicated individuals (and, later, groups) re-start rapid development of the whole project, or of certain parts.\nFor instance, in recent months, the person maintaining the IMAP modules of the Mutt e-mail client was very active, while most of the other code evolves slowly and is mostly stable - even in the branch called \u0026ldquo;unstable\u0026rdquo;.\n1.2 Case studies: KDE vs. Mozilla There are some things that can be learned from failed Open Source efforts, like for example the Mozilla project. While the Mozilla project is smaller than for example the KDE project, unlike KDE Mozilla is stagnating and does not attract developers. The project is missing self-assigned deadlines and does not deliver.\nThe Mozilla project started out with an existing codebase that was largely unreadable, underdocumented and incomplete, that is, the existing source did not even compile. Also, the project was stuffed with Netscape funded developers, which had more time and considerably better knowledge of the source than any outsider. The projects schedule had no milestones which produced a working and distributeable project, it had no incremental roadmap. And finally, there were no small code fragments which could stand alone and be handled by a single person. Instead the whole project consisted mainly of a single monolithic block of code which could only run as a whole.\nConsequently the Netscape funded developers outcoded and outwitted any volunteer programmers, making outside participiation hard and ungratifying. There were no small pieces of code outsiders could point at and say \u0026ldquo;this is my code, I have done this\u0026rdquo;. There were never great public releases which could be used to show off the product and be used to attract more developers, leveraging a \u0026ldquo;this could be your project, you could be part of this\u0026rdquo; effect. The center of the Mozilla effort was always the product, which was planned to be released like a Closed Source product with a big bang once it was finished. This changed later with the Mozilla Milestone releases M1-M9, but even these were not announced like product releases, but were handled much more quietly instead.\nCompare this to KDE, which is written in C++, too, and which has a similar or even larger size. KDE started as a (and still is) a spare time project of an ever growing group of volunteers. KDE releases often, and releases even unstable code if it compiles and seems to run. KDE does so with regular version numbers and press releases, even if the whole product hasn\u0026rsquo;t stabilized: Each KDE release contains subpackages which are considered stable and other that are optional and marked as experimental. The KDE project is highly compartmentalized and many people \u0026ldquo;own\u0026rdquo; a piece of KDE, working together in small groups with a high degree of interaction.\nIn fact Mozilla and KDE are perfect examples for how not to and how to manage Open Source projects: Unlike Mozilla, KDE acknowledges that the driving factor in an Open Source project are people and their interest into an evolving product, the 6 month KDE release cycle and the KDE subproject sizes are designed to take this into account.\n1.3 Key factors A large portion of the free software development currently going on is done by volunteers in their spare time. Even the K desktop environment (one of the largest free software projects), and the Debian GNU/Linux distribution are developed almost entirely by unpaid volunteers.\nWe have to ask ourselves what the key factors are when volunteers produce state-of-the-art software in their free time, often beating commercial software in efficiency, stability, and quality.\nWe identify three key factors:\nThe transaction costs for international collaboration and for publication of software are extremely low.\nThere is a sufficient reservoir of suitably educated persons who are able to design and write free software.\nThese persons must have sufficient time available, and must have the motivation to spend this time working on free software.\n2. Supporting activities Each of these key factors can be an object of supporting activities. We look at them in detail.\n2.1 Transaction costs As we noted above, transaction costs for Internet use are low, and falling. However, there are several factors which can lead to costs which are beyond free software developers\u0026rsquo; budgets.\nProjects may grow.\nKalle Dalheimer of the KDE project reports that the ressources of the machine which is used by the KDE project for source repositories and its automated version control system are completely used by this project. Originally, that machine had been bought by a University Department to do moderately computationally intensive jobs, and the KDE version control was a minor task performed using idle processor cycles and ressources. However, as the project grew, the university eventually donated the machine to the project.\nIn a similar fashion, projects may get into situations where testing equipment is required. For instance, the Debian GNU/Linux project is maintaining ports of its Linux distribution for various platforms. Machines matching these platforms have been donated to the project by various parties.\nIt should be noted that the ressources needed by these projects are still minor when compared to even the smallest enterprise\u0026rsquo;s IT investments.\nThe legal framework may lead to costs.\nThe legal system in which software is developed can lead to major cost issues which may turn out to be lethal for free software development. Politics which favors free software should try to avoid these factors.\nFor instance, a legal situation in which anyone who publishes software (free or not) has to do extensive and expensive patent research in order to avoid legal hassles and even higher costs would be anything but favorable to free software. It\u0026rsquo;s worth noting that the world\u0026rsquo;s second largets softwre corporation, Oracle, takes a position towards software patents which is astonishingly similar to the free software community\u0026rsquo;s. See the references section for details.\nExport controls may lead to similar consequences: When expensive and time-consuming administrative acts are necessary to get permission to publish software on the net or pass it on to other developers, projects may eventually come to a halt. Note that even the most moderate export control which is tolerable for almost any enterprise may turn out to lead to transaction costs fatal for free software projects.\n2.2 Generating a reservoir of sufficiently and properly educated persons. The notion of computer literacy on which school \u0026ldquo;computer science\u0026rdquo; teaching is based should not be the ability to use Microsoft Office programs. Instead, students should have an opportunity to learn about IT and programming concepts. In particular, they should be given the seed of knowledge and abilities needed to continue and extend studies on their own. This teaching has to be done at an early age to be really effective.\nIt should be noted that commercial software development environments are expensive and frequently beyond students\u0026rsquo; budgets. In practice, many students learn software development using pirated software. However, this is not necessary, given that free high-quality development environments do exist. These development environments prove effective in every-day practical use by the free software community.\nSchools should teach the use of these environments instead of using or even requiring commercial ones.\n2.3 Getting developers to do the work. First of all, when software developers are working actively and successfully, it may be a good idea to just let them do their work.\nIn some cases, there is an interest by certain industry or government bodies in the development of certain pieces of free software.\nWe can distinguish various well-defined objectives organizations may have:\nMaintain a system, and port it to possibly new environments. Implement a limited set of additional features which are needed or seem sensible to the funding party. Get a project off ground. Obviously, it\u0026rsquo;s easy to hire a professional at his usual rate, who will then perform a well-defined task. The results will then be made freely available by the hiring party.\nHowever, this is just traditional custom software development with a twist, and we will not further explore this path of thought. We only notice that the Free S/WAN project, a free implementation of the IPSEC protocol suite for the Linux kernel, is a sample sucess story for this approach.\nIn the next section, we address a possibly more typical situation: How can an established free software project be supported when there are no well-defined objectives.\n3. Funding a free software core team: requirements for sponsors. Things start to look different when organizations are observing a free software project which is currently in the hot phase of its development, and \u0026ldquo;simply\u0026rdquo; want to be helpful with this project. In most cases, the key participants to the project are voluntarily investing their free time.\nHiring external professionals which take over part of the project will have highly undesirable effects on the development process, since it may not be acceptable to the original software authors. If at all, this should be done with extreme care, and only when explicitly solicited by those who are actively working on the project.\nThus, the key developers themselves are the best suited recipients of funding.\nThere are several questions to be resolved in these cases: Do the key developers want to continue to work in their spare time only, without getting paid for it, but with all the freedom to do what they want? Would the key developers be able to invest more time or effort into the project when external funding has been established?\nObviously, funding only makes sense to the paying party when possible recipients are interested in it, and when there would at least be some gain in development speed or quality, assuming that the funding party does not have well-defined objectives which may be used to measure progress and quality.\nOne particular reason for establishing this kind of funding is when key developers may start to step back from active development due to lack of time and ressources. Funding may be extremely valuable to projects in such cases. Currently, one of the most common ways of sponsoring such persons seems to be to hire them and give them enough \u0026ldquo;free\u0026rdquo; time they can spend on their projects. Prominent examples for this practice include Linus Torvalds (Transmeta Corp; the Linux kernel) and Dirk Hohndel (SuSE; the XFree86 project).\nUnless limited to certain well-defined jobs like specific additional features or planable development steps like releases, or aimed at maintaining an active long-term project like the Linux kernel, funding must be started quickly to fit into most projects\u0026rsquo; \u0026ldquo;sensible general-purpose funding time window\u0026rdquo;. Thus, possible sponsors must be able to react quickly and flexibly to programmers\u0026rsquo; needs. The average administration\u0026rsquo;s procedures may take longer than the \u0026ldquo;hot phase\u0026rdquo; of the project to be sponsored.\nAfter all, there is no reason for most free software projects to stop activities until the funding is ready. This is a substantial difference from traditional software development, and from \u0026ldquo;traditional software development with a twist\u0026rdquo; as described above.\nGetting the fund-raising settled should not involve substantial transaction costs for either party. When a one-day meeting several hundred kilometers away from the funding target\u0026rsquo;s usual place is required just to get negotiations started, the possible funding target may not be willing to accept the transaction costs involved with train journeys or plane flights - they may actually be greater than the total transaction costs generated by the project to be sponsored so far, and may quite well be higher than costs for possibly sensible infrastructure investments such as backup systems, hard disks, or faster computers. (A 10GB hard disk is cheaper than a train trip from Bonn to Berlin and back.)\nFinally, in order to get some success control when there are no well-defined objectives, the sponsor should directly monitor the open development process. Evaluation of funding success after short time intervals may be a reasonable practice. On the other hand, requiring the set-up of a large organization on the programmers' side would introduce considerable costs and delays into the process which are not necessary or justified.\n4. Conclusions and summary The most valuable support for free software development in general is not directed. It is aimed at creating an environment in which free software development is possible, and encouraged.\nMost important, policy-makers must make sure that the legal environment does not add artificial transaction costs and delays to the free software development process, and encourages programmers to create and freely give away state-of-the-art software. Points which deserve particular attention are software patents and export control.\nSchool education on computer science should enable students to participate in actual projects. To do this, education on programming concepts and languages should be offered at an early stage.\nWhen funding of specific projects is desired, it should be done with great care, and should probably only be done upon request or when it\u0026rsquo;s obviously helpful. The organization providing the funding must match certain requirements. Most important, it must be able to act quickly and efficiently. It should be prepared to cope with requests which are far below the limit of conventional industry investments or government funding.\nIt is possible to centralize funding for infrastructural elements such as network bandwith, source repositories, bug tracking systems, and similar services. These services can easily be shared by multiple projects.\nReferences Eric S. Raymond, Trends in the fetchmail project\u0026rsquo;s growth., 1999-09-28, http://www.tuxedo.org/~esr/fetchmail/history.html . Oracle Corporation, Patent Policy. 1999-10-10, http://www.base.com/software-patents/statements/oracle.html . ","date":"1999-07-17T00:00:00Z","href":"https://blog.koehntopp.info/1999/07/17/oss-funding.html","tags":["lang_en","publication","internet"],"title":"Funding Open Source Projects"},{"categories":null,"content":"Version 1.3 (Revised 29-Sep-1999, Updates from Seth Finkelstein)\nRating does not work by Kristian and Marit Köhntopp Content rating models such as PICS have been proposed as a solution to the problem of unwanted, harmful or prohibited content on the Internet. This document contains a number of Theses which support the claim that any Internet Content Rating and Selection (ICR\u0026amp;S) scheme including PICS cannot work as advertised.\nTo our knowledge, most of the problems and objections here have not been addressed by PICS or any other ICR\u0026amp;S scheme.\nIdentifying the parties involved This section tries to identify the parties involved in the process of running and rating the web and their roles (see below to understand why we concentrate on the web). In small installations, a single person may impersonate multiple roles.\nServer side roles The content provider is the role which is responsible for all content of a document. Often the content provider is the creator of a document, but on the Internet it is common that a content provider only provides means to create content, and does not actually create the content on a site. Examples are discussion boards, search engines, live video feeds, and similar installations. Depending on the size of this content, it is entirely possible that the content provider does not have direct knowledge of all content on a site and that much content on a site is not reviewed nor endorsed by a content provider.\nThe presence provider or web hoster provides the means to serve this content to the Internet by running the machines, the server software, and maintaining a network connection.\nRecipient side roles An access provider runs the systems and network connections for the recipient of content. For small office and home use, this is currently often a dial-up service, a proxy server, and similar hard- and software.\nThe recipient is either a person to be protected against harmful content, or an adult, which still should be able to access harmful, but not prohibited, content. The recipient\u0026rsquo;s hard- and software is maintained by system services which is a separate department in a school or library situation, in an Internet Cafe, or within a company. The recipient\u0026rsquo;s system may be a single system or a network of systems with proxy servers and intranet servers.\nInternet Content Rating and Selection (ICR\u0026amp;S) roles Developers of rating systems define the dimensions of a rating system and create rules how to apply values along these dimensions to content. They promote their rating systems so that they become popular and are widely used.\nA rating service will apply the rating system and the rules that come with it to create ratings. These ratings, an identifier for the rated content, a date, an identifier for the rating source, and additional information (i.e. a checksum against the rated content and a digital signature) are collected to form a content label.\nContent filter vendors create software which can regulate access to content, depending on local settings (filtering rules) and content labels.\nContent filter control is often exercised by the party who controls a machine, that is, the adult party in a household, the dean of a school, the directorate of a library, and so on. These filter settings are then deployed, often by system services mentioned above, sometimes by an access provider located upstream.\nAttackers may be content providers, recipients, or other parties who want to communicate outside of the control of a filtering system.\nMethods for content selection Principle of Operation The basic idea behind Internet Content Rating and Selection is to attach a kind of machine-readable description, called a Content Label, to all Internet Content. The Content Label contains a set of ratings which make up a formal description of the rated content in a formally specified system of ratings. Finally, the recipient has to have a filtering mechanism before or on the recipients machine which allows or intercepts reception and display of requested content depending on the Content Label and some local configuration.\nTaxonomy of Rating Systems by Source of Rating The Content Labels may be provided by different parties. In Third Party Rating, a party that is neither the recipient nor the sender creates content labels and distributes them via a Label Bureau. Third Party Rating requires a method to uniquely identify content components, and Third Party Rating cannot be finer grained than this identification system. Currently, all identification systems are URL-based which implies that all Content Labels refer to either URLs or coarser grained objects (such as subtrees of a web server or an entire site).\nIn Second Party Rating, the recipient provides ratings and shares them with other recipients. This is sometimes referred to as a Community Rating process. Since the sharing of ratings again involves a Label Bureau, for the purpose of this discussion Third Party Rating and Second Party Rating can be treated alike.\nFirst Party Rating is different because here the sender provides a Content Label with the content itself. Usually, this label is embedded into the content or sent with the content. A Label Bureau is not needed in this context.\nTaxonomy of selection mechanisms by point of interception The selection process at the recipients end can either be implemented directly on the machine of the recipient, or it can be part of a proxy solution upstream of the recipients computer. In the latter scenario, the selection process will not happen on a machine controlled by the recipient and it is much more difficult to manipulate by the recipient. A proxy-based selection requires that the recipient is forced to use this particular proxy to be able to access content at all (otherwise the recipient could elect not to use a proxy at all or to use a different proxy) and that the content can be identified and read by the proxy.\nTheses Internet Content Rating and Selection applies only to the Web Internet Content Rating and Selection does apply properly only to the web, because of the little degree of interactivity and the large size of the communicated objects in the web. More interactive services or services with smaller objects are less likely to adopt such a system for content control with success. For example, USENET newsgroups are highly interactive and very fast communication channels with only little structure. The focus on discussion and contents, and the style of such discussions may change very quickly.\nUSENET articles are authored on the fly. Often they contain no keywords, subject lines of little use, or are inappropriately addressed. It is very unlikely that authors of USENET articles will take the time required to do proper First Party Rating for their articles, even if current USENET access programs offered such a feature.\nChatrooms and the Internet Relay Chat consist of even faster communication and no structure at all. IRC channels are often created on the fly and, unlike USENET, communication on IRC is not stored but only passed through by the servers. Also, the basic unit of communication in IRC is a single line of text which is much too small to rate properly. An IRC channel at any point in time is a very complex web of rapidly changing and overlapping individual and nonindividual communications that make up the overall tone and content of the channel.\nAlso, the public discussions in USENET newsgroups or IRC channels are only the publicly visible part of a much larger communication process which involves private communication by mailing lists, private e-mail, server based message communication, and direct client-client communication. Often the public communication channel is only used to meet other persons with similar interests, and then a more secluded communication channel is established.\nBecause of these properties of the more interactive communication mechanisms, Internet Content Rating and Selection will be ineffective in these type of media.\nLabeling content that is not harmful nor prohibited is a requirement but cannot be enforced The ultimate goal of Internet Content Rating and Selection is to make harmful content inaccessible to minors and make prohibited content inaccessible to all recipients on the Internet. Basically, it would be sufficient to label all harmful and prohibited content accordingly, so that it can be recognized and intercepted. For First Party Rating, this requires the cooperation of the provider of this content, so that the Label is being delivered with the content itself. For Third Party Rating, cooperation of the content provider would simplify the process enormously, for example by providing stable identifiers for the content or by organizing the content in a way that makes it easier accessible to quick and accurate rating.\nIt can be safely assumed that this kind of cooperation will not be available in many cases and that it specifically will not be available in the most severe cases where the content provider places content on the web with a malign purpose.\nThus, it is insufficient to block pages that are rated as containing harmful or prohibited content. Instead, all unrated pages must be blocked as well, so that the pages of non-cooperating content providers will be made inaccessible. In this case, the rating of harmful and prohibited content becomes a moot point because such content will be blocked automatically. The Internet as viewed from behind a filter will be immediately clean in such a scenario because it will initially contain no content at all. Clearly, this is not very attractive and most of the targeted audience for content filtering services will not tolerate such filters if large portions of harmless or valuable content will be made unavailable to them by the content filter.\nFor a Content Rating Solution, it becomes a requirement to provide Content Labels for non-objectionable content, so that at least some pages will be available to those persons behind the selection filter. Thus, all burden and cost of content rating, labelling, and label distribution is placed on the providers of perfectly legal, and in most cases, valueable content.\nThis situation is not different from, for example, the movie and video industry where a film without a rating is automatically rated as not suitable for minors (at least this is the case e.g. in Germany and the United States). Unlike the movie industry, many content providers have little or no incentive to have their content rated because in many cases they do not sell content or do not cater specifically to a younger audience. Specifically, we can expect the large commercial websites positioned towards a younger audience to provide content labels on a voluntary basis, while most private content and content not specifically geared towards a young audience will not have labels at all.\nConsequently, it may be necessary to enforce the provision of labels with content to make a sufficiently large portion of the Internet available to minors. Some content providers will probably try to evade such a requirement by providing a \u0026ldquo;safe\u0026rdquo; default rating, such as \u0026ldquo;harmful content, not suitable for minors\u0026rdquo;, because they do not want to do the work to properly evaluate and individually label their content. Others will do this because they are insecure about the correct rating for their content, and will rate their content more harmful as it actually is, just to be legally safe. For a requirement to provide labels to be effective, it may be necessary to treat the provision of a too high label just like the provision as a label that is too low.\nThis turns the situation perfectly upside down: To protect against harmful and prohibited content, all work and all legal liability is at the side of the well-behaved members of the community, while it is technically completely unnecessary for the providers of harmful content to do anything.\nIn some countries, rating your own content cannot be legally enforced (see below).\nEstablishing a metric invites a dysfunction A rating system for content is essentially a metric. The metric may have one (\u0026ldquo;suitable for age x\u0026rdquo;) or multiple dimensions (\u0026ldquo;contains sex x1, nudidity x2, violence x3 and language x4\u0026rdquo;), and within one dimension it may be non-ordered (\u0026ldquo;contains any of the following: smoking, gambling, drug abuse, violence as a method of conflict resolution\u0026rdquo;), ordered (\u0026ldquo;a violence rating of 3 means that there is more violence in a particular content than in a content with rating 2\u0026rdquo;), with discreet or continous values.\nA rating system is a cultural code, too, because with the dimensions and values provided with any such metric comes a decription on how to interpret and apply them. As a cultural code, a rating system cannot be objective or valid outside a specific culture. Specifying the dimensions of the rating system, for example, defines which issues can be addressed by a particular rating system. Issues and values outside of the dimensions of the rating system cannot be addressed, and are therefore inaccessible to reflective discussion within the space of the rating system. For the purpose of the rating system, such issues and values essentially do not exist.\nValues within the dimensions of the rating systems can be used to define proximity relationship if these values are ordered. Many people tend to think of content that is in close proximity as being similar, being of similar value, or promoting similar values. Some content providers insist that their content is not to be rated with some content rating systems because rating them with that particular system would place them into the proximity of other content they do not like, and with which they do not want to be lumped together [1][2]. For example, both hardcore pornographic bondage content and a documentation about torture methods in the holocaust would receive very similar content ratings within the RSACi rating system. The RSACi system is too coarse and has no appropriate dimensions to differentiate between these two types of content. More complex rating systems raise ease-of-use issues in First Party Rating situations, though. Also, more context sensitive rating systems raise other issues, too (see below).\nEstablishing a metric in a social context and granting rewards under this metric tends to create dysfunctional social systems. For example, measuring the efficiency of programmers by measuring the lines of code produced by them tends to work in favour of code that has been produced by cutting and pasting large segments of code. Such code is generally large, ineffective, and expensive to maintain. Thus, while the metric provides useful information when used short-term, it tends to work destructively when used for longer periods of time (Tom DeMarco, \u0026ldquo;Why does software cost so much?\u0026rdquo;, Essay 2). Essentially, degradation begins when the metric is used for a period long enough to allow for feedback loops.\nA classic dysfunctional metric that can be observed on the web is rating the efficiency of a banner ad on a web page by counting hits to that banner ad. Using this metric for a longer time tends to encourage people to put content on their pages that creates page impressions and to load many banner ads on such pages. The result is your average free porn page. It also encourages spamming search engines and the network with ads for a particular page to increase page impressions. The ultimate dysfunctional perversion is to load the page with JavaScript code that opens further pages with banner ads when the user tries to leave or close the page. While the banner ads are not recognized by the user, at best, and create a negative image for the product advertised, at worst, such pages do generate lots of hits on a counter and are therefore favoured by the metric.\nBecause cultural and moral values cannot be expressed and measured directly like volts and ohms, any such metric will show dysfunctional behaviour and finally invalidate itself when used for a longer time. Obvious examples are things like exempting news sites from the requirement to rate content to relieve them from the burden to provide ratings for rapidly changing pages - this will provoke providers of content that rates bad under any given rating system to present their content in the format of a news site to get the bonus of exemption. Similarly, exempting web discussion forums from a requirement to provide ratings will make badly rated sites to adapt and to chose a forum-like format.\nBecause of the inability to address cultural or moral values objectively and outside of the context of a particular culture or moral system, it would be only logical and very tempting to create context sensitive rating systems. Context sensitivity here goes two ways: it may rate a specific content component within the presentation context, and it may rate specific content within a specific cultural context.\nFor example, singular pornographic images may rate bad in a certain system, but a photomosaic(tm) of girlie-power icon Lara Croft consisting of lots of such images may rate good within the same system because of artistic value and the message promoted by this artwork. So while the individual photo may still rate bad, in this particular context of presentation it will rate good. Also, a photo of James Dean leaning against his car and smoking a cigarette may rate good in some cultural contexts by showing a celebrity in a pop-art context, and bad in others as promoting environmentally bad modes of transport and nicotine drug abuse, depending on the priority of values of the culture perceiving the image. These priorities may change within the same culture or even the same recipient, depending on fashion or even personal mood.\nWhat is more, only the process of filtering content which may appear as rating bad in a given context may actually create objectionable content in another context. For example, by suppressing all images which rate bad in one context there may be created a pattern that conveys a message of objectionable content [3].\nSo while context specific labelling is seductive as a way out of the dysfunctionality problem, it is also error prone, unenforceable (Would you please try to rate your web pages within the cultural context of the Amish People, the values of the current Nipponese, Spanish and Scandinavic societies?) and favouring one specific cultural context is of course an act of culture imperialism. It is also a value rating (\u0026ldquo;The context rating on your web page/for our web page in your rating service implies that you have authority to decide what Christian/Scientologian/Buddhist/\u0026hellip; values are and that our page is bad according to what you assert these values are.\u0026rdquo;) with all problems that come with such ratings, including a ton of liability issues.\nTranslating from one metric into another does not work Different metrics have different underlying cultural and moral value systems and different assumptions for judgement. Unlike algebraic spaces, the spaces created by such metrics cannot be mapped onto each other without loss (sometimes they cannot be mapped at all). Certain dimensions may not exist in the target metric and must be emulated. For example, it is impossible to translate the one-dimensional Video Standards Council metric for video films (\u0026ldquo;general viewing\u0026rdquo;, \u0026ldquo;PG\u0026rdquo;, \u0026ldquo;R\u0026rdquo;, \u0026hellip;) into the RSACi (integer numbers between 0 and 4 in each of the categories of Sex, Nudidity, Violence, and Language), even though the target systems seems to be more expressive, having more dimensions and values.\nSome proposals offer functionality that can be used to bundle presets in different rating systems into a single profile. For example, the PICSRules extension to the PICS system allows a user to define a single profile that contains an arbitrary number of selective criteria applied to different PICS compliant content ratings systems.\nA user of such a PICSRule may be able to view content that rates this-or-that under SafeSurf ratings or such-and-such under RSACi ratings. Using such a system may create the impression that the this-or-that SafeSurf rating and the such-and-such RSACi rating are equivalent and that it is therefore possible to map one system onto the other. This is a thouroughly false impression.\nWhat does work (in PICSRules) is to bundle arbitrary selective preferences into a profile, but this profile is in general (and probably in practice in most cases) not consistent or well-defined. Consider content that has been rated under two different rating systems and a majority of reviewers agreed in both cases that these ratings are correctly applied to this particular content. Assume further a recipient that is asked to define a filtering profile for his or her child in both of the rating systems reflecting the personal cultural values that this child should be able to expose itself to. Unless the page has a marginal rating (i.e. totally harmless or totally unacceptable), it will be common that the page will be rated accessible under one rating system, but inaccessible under the other, i.e. the ratings do not functionally map onto each other because of the different implied cultural values within the metric itself.\nE-commerce and ICR\u0026amp;S are natural adversaries The introduction of the Internet marks the ultimative shortening of the communication pipeline, completely industrializing the process of communication. Historically, the number of people and institutions involved in the production and reproduction of a specific publication has continually decreased. While many people had to copy each page of a book manually in medival times, the introduction of the printing press has dramatically simplified the process. The advent of DTP technology has further eliminated persons and institutions from this process by cutting out the typographer, the layouter, and the editor. Xerox technology has cut out printers for small editions.\nOn the Internet, all persons have been cut out except for the sender and the recipient. Production, reproduction and distribution of content are automated or controlled by either party. In many cases, content location has been automated, too, by using search engines, portal sites, web rings, or bookmark lists. In some cases, even content processing has been automated where automatic translation services, summary generator services, or XML postprocessing are already deployed, thus limiting the personal involvement of the receiver as well. Also, in cases where content is being produced automatically, such as in catalog systems, database driven web shops, or in community content systems like slashdot.org, the involvement of the sender in content creation is limited, too.\nThis does not mean that the absolute number of people involved in the creating or processing of content has decreased. In fact, there are many people needed to keep the Internet running and to update web content. But these people are no longer involved in a single specific project (working as craftsmen), instead they keep running a generalized infrastructure which is used to transport and produce many, many different works (they are working as industrial workers).\nE-commerce directly benefits from this, shortening supply and retail chains to a length of 1, or where processing is completely automated, even to a length of 0. E-commerce requires that concealed, tamperproof 1:1 communication is possible, i.e. that the infrastructure can be used to transport certain transactional data, but without the ability to gain knowledge of the actual transactional content, and without the ability to change that content.\nThis is essentially the opposite of the requirements for ICR\u0026amp;S, because ICR\u0026amp;S is all about gaining knowledge about the transported content and from case to case tampering with it (i.e. replacing the original content with a \u0026ldquo;this content is inaccessible\u0026rdquo; message). You cannot build secure e-commerce on any network that is capable of ICR\u0026amp;S and you cannot build functioning ICR\u0026amp;S on any network that provides secure e-commerce services - see below.\nProxy-based ICR\u0026amp;S cannot work in an E-commerce enabled environment In an installation where E-commerce is possible, it is impossible to successfully deploy proxy-based ICR\u0026amp;S, because at any time harmful or prohibited content can arrive in the form of E-commerce transactions, i.e. serving porn pages from an SSL server. The proxy cannot detect labels within such a connection because the entire connection is a military-grade encrypted, digitally signed, tamperproof connection pipe from within the browser program into the remote web server. Improvements in E-commerce, i.e. the wide deployment of S/WAN, IPsec and other services, will only worsen this situation.\nRecipient-based ICR\u0026amp;S can only work in a cooperative setting Because most current recipient platforms have no (Win 95, Win 98) or insufficient (Windows NT) local security, and because the recipient platform is generally under physical control of the recipient, there is essentially no way to keep the recipient from tampering with the installation of the selection mechanism.\nMost local content filters can be easily deactivated by setting a few registry keys, rewriting a line in an *.ini file, or by copying some original operating system files that have been replaced by the filter back into the system. The process only has to be reenginieered once and can then be automated, requiring no expertise at all from the user of such an automated attack tool.\nThird Party Rating cannot be based on URLs All widely deployed systems for ICR\u0026amp;S are currently using URLs to identify content and to tie their ratings to such content. This approach is basically broken because URLs do not map to content, not even in the case of static content.\nFor static pages, current webservers offer a lot of facilities to negotiate the actual content which is being served in response to a specific URL. In particular, serving language specific content is very popular. For example, the homepages of multinational projects (like the Debian Linux project, http://www.debian.org ) are negotiated based on the language preferences that were expressed with a HTTP request. Also, many pages serve different content, depending on the IP-address or domain the request originated from or customize their content depending on the current time [4].\nThe problem worsens when it comes to dynamically generated pages, where the actual webpage which the client receives never exists on the server, but is created just as it is requested. The contents of such a page may change from one request to the next, even if all other parameters are identical. The server may take any parameters into account when creating the page, including internal state (memory of previous requests). Because internal state is kept on the server only, it is impossible to fully describe all request parameters needed to recreate a specific content without thorough knowledge of the application running on that particular server.\nBut even if we have perfectly static, non-negotiated content, URLs are inadequate to address content. URLs describe storage display objects such as images and HTML pages, but content can be smaller or larger than such pages.\nFor example, the start page of any portal, news site or discussion forum contains many small, unrelated articles which are presented in overview form. Each individual article is a semantic unit with different properties regarding a rating system, but with URLs we can only address the whole page and assign a rating to the entire page.\nConversely, a page or a site may be pieced together from individual documents which form a greater semantic unit that deserves a certain rating only when viewed as a whole. This may be true, for example, for an AIDS information site or a holocaust memorial site which may contain texts and images that deserve a very different rating when taken out of their original context.\nHTML provides no mechanism to address subentities of a page or to address pages collectively. Some extentions to the XML specification will slightly improve this situation.\nThird Party Rating cannot keep up Third Party Rating is based on the assumption that a single database can list ratings for external pages, so that a recipient with an enabled filter can cover a large enough portion of the Internet for the net to become useful. Search engines work under a similar assumption, only they can automatically process and store pages, whereas proper content rating, being a process that involves moral and cultural evaluation and decision making, requires manual intervention. But a recent survey of search engines found that they cover only a small percentage of the web, ranging from 10% to 35% of all pages [5]. The survey also observed a strong growth in the general size of the web.\nThe problem is worsened for both ICR\u0026amp;S systems and search engines because there is no mechanism for web pages to notify indexing and rating services of a change. Web sites in general do not know which other services keep pointers to them and need to be notified of updates. Also, there is no mechanism to bind content identities to certain versions of that content, i.e. there is no way to work a modification date and/or a content checksum into a URL which designates certain content.\nThird Party Rating is also impossible for content that is available only after passing a password protection (closed user groups, [5] talks about a \u0026ldquo;publicly indexable Web\u0026rdquo;). Some closed user groups are not so closed after all, though: With a simple registration, the protected area opens up. In such cases, the password protection essentially keeps all automated content processors and some casual browsers outside.\nThird Party Rating creates privacy issues Third Party Rating raises the issue of label distribution without cooperation of the content provider, leading directly to the creation of Label Bureaus which can distribute labels for any content, independently from the distribution of the original content. Connection between the content which has been rated and the label is being made via some content identifier, currently usually URLs. Currently, in some ICR\u0026amp;S systems such as PICS, there are simple provisions to test if the content that has been rated and the content that is actually served are still identical. Such a test may be a check for the creation date of the content or the distribution of a MD5 checksum for the content with the label. Usually, these provisions are optional and in many existing implementations they are not being used, leaving the system without a check for label validity (This should really be another headline, \u0026ldquo;Current implementations generally suck\u0026rdquo;).\nTo get labels from a Label Bureau, the client system has to ask the Label Bureau each time a piece of content is being requested. Because it can be expected that the Label Bureaus provides its services for money, we can assume that each of these requests is identified and authenticated, so that the Label Bureau can charge for its services. Label Bureaus will therefore automatically get large and detailed trails of all requests a certain user creates while surfing the web, creating a large user profile of (identity, time, URL) triples.\nThird Party Rating has no standard complaints procedure In Third Pary Rating, some group essentially applies a set of ratings to web content which directly influences the reach this content will have. Current implementations, such as PICS compliant systems, define how such a rating may be applied to web pages technically, but they define no standard procedures for rating services and labelling bureaus at all.\nIn current implementations, there is no standard procedure with which a content provider is being notified that content has been rated or on which grounds these ratings have been established. In fact, some (usually propietary, non-PICS) rating services do not expose their rating criteria for public inspection or even encrypt their ratings in trying to hide which services they disapprove of [6]. These services often argue that this procedure is necessary so that their rating service cannot be inverted, i.e. turned into a search engine for objectionable content. Decryption of such rating files invariably showed questionable or overly broad ratings, though. For example, in such rating files it is common to find blocking entries for websites that are critic of ICR\u0026amp;S or of this particular rating service. Also, there are often very vague and general blocking entries to be found, for example wildcard blocks for anything that has the letters \u0026ldquo;xxx\u0026rdquo; or \u0026ldquo;sex\u0026rdquo; in an URL [7].\nEven if a content provider is being notfied that some content has been rated, there is no standard complaints procedure with which a content provider can go against a rating that he feels to be inadequate. Also, the whole rating process is intransparent and inaccessible to revision: there are no standard provisions that enable any involved party to detect why false ratings have been created: Was it a true false rating, a storage problem, a transmission problem, or a misconfiguration? On the other hand, false filtering can have substantial financial impact or can be equivalent to libel.\nFirst Party Rating cannot be enforced In the United States, certain First Amendment rights allow a content provider to not rate own content. Similar rights exist in other legislations.\nBut blocking unrated content unconditionally is open to unexplored civil damages issues.\nFirst Party Rating does not scale down the problem enough First Party Rating is basically a way to scale down the problem of Third Party Rating by one or two orders of magnitude.\nThird Party Rating cannot keep up with the change of the web because of the sheer number of pages and because there is no way for content providers to communicate changes to Third Parties (see above).\nFirst Party Rating puts the burden of rating content onto the content providers themselves which is good because it will automatically solve the problem of communicating changes. First Party Ratings must be controlled and validated, though, because a First Party will rate with a bias to promote own interests.\nThus, First Party Rating can be viewed as a mechanism to scale down the rating problem. Instead of n pages of content that have to be rated, a supervising authority now has the problem of controlling the correctness of ratings provided by m rating providers. We can only guess the relation of n:m, but we assume it to be in the range of approximately 100. m would still be a multi-million number.\nLabels need to be tamperproof and tamperproof labels are expensive Labels need to be tamperproof for two reasons. The first is LabelWasher, an imaginary sister program to WebWasher [8]. While WebWasher, JunkBuster and similar programs filter content to remove banner ad pages and malicious JavaScript code for advertisement free surfing, replacing the removed content with harmless dummy content, LabelWasher would do the same with content labels. That is, LabelWasher would remove content labels from incoming content and replace these labels with fake standard labels which rate this content as harmless.\nThe second reason for tamperproof, digitally signed labels is that the central authority controlling all First Party Raters has to have an instrument to put pressure on First Parties that do not rate according to the rating guidelines. The central authority would revoke the certificate needed to generate digitally signed labels from such parties, rendering all labels generated by them invalid.\nGenerating and administering a multi-million number of digital signatures is expensive, even if such signatures are low security (unfit to sign monetary transactions). Someone has to provide a database of all certificates issued, to verify identities of applications so that banned First Parties cannot apply again for a new certificate, and to perform all other administrative duties that come with running a certificate authority. Even if the cost for an individual certificate can be kept low, the other factor in the equation is still a multi-million number.a\nWildcard labels cannot be checksummed A content checksum always applies to a distinct piece of content. A wildcard label such as \u0026ldquo;all content below http://www.site.de/ *\u0026rdquo; applies to an arbitrary number of pages with arbitrary content below a certain base URL. There is no way to calculate a checksum on such content, greatly diminishing the value of a tamperproof label: Without checksums and timestamps, it is impossible to determine which specific content the label was applied to.\nContent rating cannot keep up with dynamic content creation Dynamic content creation just gets faster and is often a parallel process. Examples for parallel content creation are discussion forum sites such as Slashdot (http://slashdot.org ), news sites such as CNN or Reuters, or catalogue and bidding systems such as eBay. Examples for fast content creation are the many live feeds for multimedia data into the Internet, such as live cameras (http://jennicam.org ) and live audio feeds.\nIt is impossible for these sites to rate their content, even with a general rating that applies to the whole site, because the content on the sites changes much faster than even First Party Raters can react and because in this case the First Party sometimes does not even have full control over the content on their own site.\nOn the other hand, exemption from rating for such sites will quickly generate dysfunctional behaviour and it will also violate the principle of equal treatment.\nDynamically creating content labels is expensive in current implementations The Multipurpose Internet Media Enhancements (MIME) standard goes at great length to allow single pass implementation for reading and writing content. This is necessary so that dynamic content generators can read and write multimedia files, which are often very large, without buffering.\nCurrent implementations of ICR\u0026amp;S systems ignore this requirement. They require content labels to be sent /before/ the actual content within the HTTP header, or to be part of the HTML document header. If the content label has to include a content checksum and a digital signature or even if it is just being generated dynamically, the label can only be generated after the actual content has been written. Content generation now becomes a two pass process, in which the content generator first writes out the actual content, creating the content checksum and the digital signature, and then begins sending content label and checksum first, then the actual content.\nBuffer sizes for a busy site can easily become gigantic. For example, the Slashdot site generates much content dynamically at request time. A Slashdot page can easily be as large as 200 KB, depending on the number of discussion entries on such a page. Assuming ISDN transfer speeds, sending such a page consumes approximately 25 seconds. Slashdot can easily have 100 to 200 requests per second, or 2500 to 5000 simultaneous connections. Simple multiplication shows that this will consume between 500 and 1000 MB of buffer space in the form of either RAM or harddisk bandwith (the problem with disk buffers is often not space, but read/write capacity). For Slashdot, dynamic content with digitally signed content labels translates easily into twice the hardware it has now.\nStreaming media is potentially infinite in length, so checksumming becomes a much more complicated process because checksums can only be calculated for chunks of data and must be embedded into a multimedia stream. This requires that the multimedia format used anticipates the need for such a feature or must be redefined (i.e. existing software must be rewritten). Another problem occurs with compound content in which some components are optional. Conventional checksums don\u0026rsquo;t work in this situation.\nFinally, sending Content Labels after the content is not a good solution performancewise, either: It increases latency on the client side (that is, the PICS designers put the label before the content for a reason). When a client downloads content from the web, it has to decide whether to display the content or not. The client can only decide this after it has seen the label for that content. If sending the label is being delayed until after the actual content has been sent, building the display will substantially slow down because the client has to hold back content until it has seen the label for it. Incremental building of a display, as it is customary in current browsers, is out of the question in such cases. Besides, it will be frustrating and expensive for users if their client downloads a large file, only to decide to throw it away after the download has been completed due to the label for that content.\nICR\u0026amp;S systems may make error diagnosis more complicated and will decrease performance The filtering component of an ICR\u0026amp;S system will most definitely add more components to an already overly complex platform. Adding such a filtering component will make debugging more complicated, even more so if the filtering component is designed to operate in stealth mode. In such cases it will become very difficult for support services to determine if a user encountered a true error or if a filtering component intercepted a download.\nIn the case of third party rating, the label bureau is a single point of failure: without access to the label bureau, no access to the network will be granted. The label bureau may also become a performance bottleneck.\nDesign changes at the local platform are necessary to enable mixed use (filtering and non-filtering) of that platform. For example, private web caches have to be redesigned. All current browsers have such caches and they are generally accessible via the filesystem with typically no access control. As a result, it is currently possible for somebody to access information directly in the web cache, which would not be available via a web browser due to it\u0026rsquo;s content label. Also, to associate certain access rights with certain users, it is necessary to identify that user. That is, user authentication (a login prompt) becomes mandatory on systems where ICR\u0026amp;S is being deployed.\nFalse application Problems exist at the filtering end of an ICR\u0026amp;S system, too. For example, on systems that see mixed use by minors and adults, it is highly probable that the adult user will not see indicators that an ICR\u0026amp;S system is active, and will get only limited access to web ressources. Alternatively, that person may perhaps see indicators showing that access is limited but is unable to turn the filtering system off because the password is not available to that person, or because the system is to difficult to figure out for that particular person.\nIn many jurisdictions (e.g. in Germany) making use of a constitutional right so difficult that persons will no longer make use of this particular right is equivalent to illegally limiting that right. This implies that the filtering component of an ICR\u0026amp;S system must clearly signal its presence to the user and must clearly advertise instructions on how it can be turned off.\nAlso, ICR\u0026amp;S that are difficult to turn off are unlikely to be accepted by users on systems that see mixed use. Things that become inconvenient are simply deinstalled.\nFalse positives destroy trust in ICR\u0026amp;S and in the Internet For an ICR\u0026amp;S system to be effective and trustworthy, it has to give access to a large number of pages, and it has to have a very low number of false positives. That is, it must not block pages which are essentially harmless due to wildcard labels to falsely applied labels. This implies that a large number of ratings must be created, and that these ratings should rather be too low than too high. It is highly unlikely (at least it seems so to the author) that any of this will be the case in the current hysteria and with the current legal situation.\nA high number of false positives will not only create the impression of an unreliable and untrustworthy ICR\u0026amp;S system, but it will also undermine trust into the Internet as a reliable platform for communication of political ideas and social processes. If ICR\u0026amp;S systems are being publicly perceived primarily as a tool to leverage political or commerical interests, their value as a tool for the protection of minors is gone. This implies that ICR\u0026amp;S systems must have some mechanism to defend themselves against such an attack.\nIf we deploy now anyway, what do we get? Summarizing the problems mentioned above inherent to ICR\u0026amp;S in general, and to current implementations such as PICS compliant add-ons to browsers, we can say that we cannot safely deploy an ICR\u0026amp;S systems on a wide scale and get anything remotely resembling protection of minors. Apart from technical issues, which are surprisingly hard to solve for a problem that seems to be trivial when approached first time, there are even more legal and management issues to solve before ICR\u0026amp;S systems can be deployed successfully. Most of these problems have not yet been tackled, some even have been left out deliberately up to now. Even if all the issues mentioned in this paper had been addressed by some system, the values of such a system will be questionable: It certainly is possible to deploy ICR\u0026amp;S systems which filter /something/ for /some/ people, but it highly unlikely that these systems will be effective, that is, that they filter /most things/ /correctly/ for /most people/.\n[1]: http://www.msen.com/~weinberg/rating.htm , \u0026ldquo;Rating the Internet\u0026rdquo;: \u0026lsquo;Jonathan Wallace, thus, in an article called \u0026ldquo;Why I Will Not Rate My Site\u0026rdquo; asks how he is to rate \u0026ldquo;An Auschwitz Alphabet\u0026rdquo;, his powerful and deeply chilling work of reportage on the Holocaust. The work contains descriptions of violence done to camp inmates\u0026rsquo; sexual organs. A self-rating system, Wallace fears, would likely force him to choose between the unsatisfactory alternatives of labeling his work as suitable for all ages, on the one hand, or \u0026ldquo;lump[ing it] together with the Hot Nude Woman page\u0026rdquo; on the other. It seems to me that at least some of the rating services problems\u0026rsquo; in assigning ratings to individual documents are inherent. It is the nature of the process that no ratings can classify documents in a perfectly satisfactory manner, and this theoretical inadequacy has important real-world consequences.\u0026rsquo;\n[2]: http://www.dcia.com/cyberbur.html , \u0026ldquo;Fahrenheit 451.2: Is Cyberspace Burning?\u0026rdquo;: \u0026lsquo;Kiyoshi Kuromiya, founder and sole operator of Critical Path Aids Project, has a web site that includes safer sex information written in street language with explicit diagrams, in order to reach the widest possible audience. Kuromiya doesn\u0026rsquo;t want to apply the rating \u0026ldquo;crude\u0026rdquo; or \u0026ldquo;explicit\u0026rdquo; to his speech, but if he doesn\u0026rsquo;t, his site will be blocked as an unrated site. If he does rate, his speech will be lumped in with \u0026ldquo;pornography\u0026rdquo; and blocked from view. Under either choice, Kuromiya has been effectively blocked from reaching a large portion of his intended audience ­ teenage Internet users ­ as well as adults. [ \u0026hellip; ] Kuromiya could distribute the same material in print form on any street corner or in any bookstore without worrying about having to rate it. In fact, a number of Supreme Court cases have established that the First Amendment does not allow government to compel speakers to say something they don\u0026rsquo;t want to say - and that includes pejorative ratings.\u0026rsquo;\n[3] : http://www.mit.edu/activities/safe/labelling/0198f1.html where Lars Kongshem quotes a case where the program CYBERsitter suppresses the word \u0026ldquo;homosexual\u0026rdquo; on a screen display. Thus, the sentence \u0026ldquo;The Catholic church is opposed to all homosexual marriages.\u0026rdquo; is shown as \u0026ldquo;The Catholic church is opposed to all marriages.\u0026rdquo; on screen. [4] : Documentation for the Apache Web Server, mod_negotation Module, http://www.apache.org/manual/mod_negotation.html , mod_mime Module, http://www.apache.org/manual/mod_mime.html . Both modules enable the server to deliver different static pages for the same URL, depending on other information that is part of the browsers request and that is /not/ part of the URL. It is the URL though, which ties a thrid party rating to a specific page.\n[5] : http://www.neci.nj.nec.com/homepages/lawrence/websize.html \u0026ldquo;An estimated lower bound on the size of the indexable Web is 320 million pages.\u0026rdquo;\n\u0026ldquo;The coverage of the major Web search engines investigated varies by an order of magnitude (variation will differ for different queries, e.g. more popular queries).\u0026rdquo;\n\u0026ldquo;The major Web search engines index only a fraction of the total number of documents on the Web. No engines indexes more than about one third of the \u0026ldquo;publicly indexable Web\u0026rdquo;.\u0026rdquo;\n[6] : http://cgi.pathfinder.com/netly/spoofcentral/censored/index.html The Censorware Search Engine was helpful to check blacklists in commercial products which do not expose their blocking criteria. Seth Finkelstein reported this URL as being \u0026ldquo;gone and never coming back. The person who ran it lost the trust of almost everyone who does censorware-analysis work.\u0026rdquo;. Some vendors provide similar services on their websites, e.g. http://www.cyberpatrol.com/cybernot/ for CyberPatrol. [7] : http://catless.ncl.ac.uk/Risks/18.07.html#subj3 , Clive Feather reported comp.risks digest 18.07 of 17-Apr-1996 that AOL blocks the name of the small british town \u0026ldquo;Scunthorpe\u0026rdquo;, forcing inhabitants of that town to register as being from \u0026ldquo;Sconthorpe\u0026rdquo; http://www.liii.com/~just4fun/news/article1.htm reports an incident where material of writer Anne Sexton is being blocked, because her name matches the string \u0026ldquo;sex\u0026rdquo;.\n[8] : http://www.siemens.de/servers/wwash/wwash_us.htm \u0026ldquo;WebWasher® is a browser add-on that accelerates the navigation on the Web. The software runs on PCs or servers. [It r]emoves advertising on Web pages while you surf, Filters pop-up windows, animated images, referer.\u0026rdquo;\nhttp://www.anonymizer.com/ offers services like\nAnonymizer URL Encryption - Beta: Extra Protection for the connection between your computer and our servers Anonymizer Window Washer by Webroot: Preserve your privacy \u0026 hide your tracks! Cleans your browser history and more... [9] : http://censorware.org/reports/ and http://www.peacefire.org/ contain a lot of information on conduct of Rating Services and Label Bureaus in general. [10]: A. A. Pitman, Scientific and Technological Options Assessment (STOA): \u0026ldquo;Feasibility of censoring and jamming pornography and racism in informatics, Draft Final Report, PE 166 658, Luxemburg, May 1997. Some parts quoted in http://www.inet-one.com/cypherpunks/dir.97.08.28-97.09.03/msg00149.html [11] : http://www.research.att.com/projects/tech4kids/ Lorrie Faith Cranor, Paul Resnick, Danielle Gallo: \u0026ldquo;Technology Inventory: A Catalog of Tools that Support Parents\u0026rsquo; Ability to Choose Online Content Appropriate for their Children\u0026rdquo;, December 1997, revised September 1998\n[12] : http://www.usembassy-china.gov/english/sandt/Inetcawb.htm \u0026ldquo;Political Security: A Closed or an Open Internet - The Great Red Firewall of China\u0026rdquo;, Brian Ristuccia, 31-Jul-1998: [13] : http://www.freshmeat.net/appindex/1998/07/31/901899756.html \u0026ldquo;Anti-Filtering-Proxy-Proxy: httpd-afpp is designed to defeat the site-blocking fuctionality of censorware and filtering-proxies. The user first visits a site running the Anti-Filtering-Proxy-Proxy. Assuming this site is not blocked by the local filtering-proxy or censorware, the user is then free to browse any other web sites free of filtering-proxy or censorware restrictions.\u0026rdquo;,\n[14] : http://www.noie.gov.au/reports/blocking.html Philip McCrea, Bob Smart, Mark Andrews: Blocking Content on the Internet: a Technical Perspective; Australia, June 1998,\n[15] : Gerry Miller, Gerri Sinclair, David Sutherland, Julie Zilber: Regulation of the Internet - A Technological Perspective; Canada, March 1999 [16] : Technical Framework and Background:\nhttp://w3c.org/PICS/ http://w3c.org/RDF/ http://w3c.org/DSig/ http://w3c.org/P3P/ http://mephisto.inf.tu-dresden.de/RESEARCH/ssonet/ssonet_eng.html [17] : http://www.iid.de/iukdg/carnegie_e.html \u0026ldquo;Misuse of International Data Networks\u0026rdquo; Report submitted by the Expert Group to G8 Ministers and Chief Advisors of Science and Technology (Carnegie Group)\n[18] : http://www2.echo.lu/legal/en/internet/communic.html \u0026ldquo;Illegal and harmful content on the Internet\u0026rdquo; http://www2.echo.lu/legal/en/internet/wp2en.html \u0026ldquo;Illegal and harmful content on the Internet Interim report on Initiatives in EU Member States with respect to Combating\u0026rdquo;, Version 7, (June 4, 1997) http://www2.echo.lu/legal/de/internet/resolde.html \u0026ldquo;ENTSCHLIESSUNG DES RATES ZU ILLEGALEN UND SCHÄDLICHEN INHALTEN IM INTERNET\u0026rdquo;\n[19]: http://www.securitysearch.net/search/papers/bsaprobs.htm \u0026ldquo;Key Legal and Technical Problems with the Broadcasting Services Amendment (Online Services) Bill 1999\u0026rdquo; (Australia) http://www.gtlaw.com.au/pubs/newdarkage.html \u0026ldquo;Censorship and Amendments to the Broadcasting Services Act\u0026rdquo; (Australia, April 1999) [20]: http://www.aclu.org/issues/cyber/burning.html \u0026ldquo;Fahrenheit 451.2: Is Cyberspace Burning? How Rating and Blocking Proposals May Torch Free Speech on the Internet\u0026rdquo; [21]: http://www.internetwatch.org.uk/ \u0026ldquo;The Internet Watch Foundation (IWF) was launched in late September 1996o address the problem of illegal material on the Internet, with particular reference to child pornography.\u0026rdquo; [22]: http://www.koehntopp.de/kris/artikel/blocking/index.en.html Kristian Köhntopp, Marit Köhntopp, Martin Seeger: \u0026ldquo;Blocking of Material on the Internet: Questions and Answers - A systematic analysis of the \u0026ldquo;censorship debate\u0026rdquo;; Kiel, Germany, May 1997 The article discusses non-PICS methods of blocking content and why they do create even more harm than PICS. It serves as an introduction to this article.\n","date":"1999-05-01T00:00:00Z","href":"https://blog.koehntopp.info/1999/05/01/rating-does-not-work.html","tags":["lang_de","publication","internet","jugendschutz"],"title":"Rating does not work"},{"categories":null,"content":"Dieser Text bildet Kapitel 24 von php, dynamische webautritte professionell realisieren. Er ist mit dem 3. Reprint der 1. Auflage dazugekommen. Für Besitzer älterer Versionen dieses Buches stelle ich den Text hier zur Verfügung (April 1999)\nPHPLIB Überblick und Installation Was leistet PHPLIB? PHPLIB ist eine Sammlung von in PHP3 geschriebenen Klassen, mit denen eine Reihe von Aufgaben gelöst werden können, die bei der Entwicklung von webgestützten Anwendungen sehr häufig auftreten.\nUrsprünglich stand hinter der Entwicklung von PHPLIB der Wunsch, Variablen in PHP zu schaffen, die eine längere Gültigkeitsdauer als eine Webseite haben, die also automatisch von Seite zu Seite weitergereicht werden.\nDie Klasse Session der Bibliothek realisiert dies, indem sie jeden Zugreifer auf eine Webanwendung mit einer eindeutigen Kennung versieht und diese Kennung dann auf unterschiedliche Weise von Seite zu Seite weitergibt. Bei jedem Zugriff auf eine Seite wird ein Satz Variablen, der zu dieser Kennung gehört, aus einem festen Datenspeicher geladen und am Ende der Seite auch dort wieder gespeichert. Ein solcher Satz Variablen heißt in der Terminologie von PHPLIB \u0026ldquo;Session\u0026rdquo; und die von PHPLIB verwaltete Kennung heißt \u0026ldquo;Session-ID\u0026rdquo;.\nDer Datenspeicher, der von PHPLIB verwendet wird, war ursprünglich eine SQL-Datenbank, aber seit Version 7 von PHPLIB können auch andere Speicher, zum Beispiel DBM-Dateien, LDAP-Server oder ein Shared Memory-Segment verwendet werden.\nDa PHPLIB ursprünglich ausschließlich SQL-Datenbank als Speicher verwendet hat, war es schon recht bald notwendig, die Bibliothek an unterschiedliche Datenbanken anzupassen. Aus dieser Notwendigkeit heraus wurde eine Klasse DB_SQL zum Zugriff auf solche Datenbanken entwickelt, die ein einheitliches, datenbankunabhängiges Interface zum Zugriff auf diese Datenbanken zur Verfügung stellt. Diese Klasse ist sogar so flexibel, daß sie vollkommen unabhängig von PHPLIB verwendet werden kann - selbst wenn man eine Anwendung ohne Sessions, aber mit Datenbanken entwickelt, ist es also sinnvoll, diese Klasse zum Zugriff auf die Datenbank zu verwenden: Einerseits gewinnt man so mehr Flexibilität beim Zugriff auf die Datenbank, andererseits ist auf diese Weise die Umrüstung der Anwendung auf PHPLIB sehr viel einfacher.\nMit der Entwicklung von PHPLIB kamen recht schnell weitere Fertigkeiten dazu. Wenn man Sessionvariablen hat, ist es zum Beispiel recht einfach, sich daran zu erinnern, ob ein Anwender sich schon einmal eingeloggt hat und wann das war. Auf diese Weise kann man Webseiten recht einfach mit Benutzerkennungen und Paßworten schützen, ganz ähnlich wie mit .htaccess-Dateien und HTTP-Authentisierung.\nAnders als bei HTTP-Authentisierung hat man bei der von PHPLIB-Klasse Auth verwendeten Zugangskontrolle jedoch viel mehr Kontrolle über das Aussehen des Anmeldebildschirmes: Es ist eine normale Webseite, die Bedienungshinweise, ein Firmenlogo und Online-Hilfe enthalten kann. Man hat außerdem auch viel mehr Kontrolle über die Anmeldung selbst: Man kann Anwender gezielt oder zeitgesteuert automatisch wieder ausloggen, man kann die Benutzereingaben gegen beliebige SQL-, LDAP-, NIS- oder NT PDC-Datenbanken mit Paßworten authentisieren und man ist nicht darauf angewiesen, daß ein Benutzer durch einen Benutzernamen identifiziert wird, sondern kann sich beliebige Schemata ausdenken (E-Mail Adressen, Vorname/Nachname/Telefon oder was immer passend ist). Außerdem hat man auch Einfluß auf die Übertragung der Anmeldedaten vom Anwender zum Webserver und kann dort kryptographische Methoden einsetzen, um eine Übertragung von Klartext-Paßworten zu vermeiden. Zu einem Benutzer gehören auch Benutzerrechte und so bekam PHPLIB zusätzlich eine Klasse Perm zur Verwaltung von Zugriffsrechten.\nDie letzte Erweiterung der Kernfunktionen von PHPLIB war dann die Schaffung von Variablen, die nicht mehr an eine Session-ID gebunden waren, sondern an eine Benutzerkennung. Die PHPLIB-Klasse User bedient sich ganz genauso wie eine Session, nur daß die nach einer Benutzeranmeldung Daten verwalten kann, die zu dem Login des Benutzers gehören. Auf diese Weise ist es sehr leicht, personalisierte Websites zu erzeugen, die sich erinnern, welche Voreinstellungen ein Benutzer das letzte Mal getroffen hatte und die diese Einstellungen wiederverwenden.\nWährend die Funktionen oben zur Kernfunktionalität von PHPLIB gehören, die von fast jeder Anwendung mit PHPLIB benötigt wird, ist der Funktionsreichtum der Bibliothek damit noch lange nicht erschöpft. Eine Reihe von weiteren Klassen bietet Funktionen, die optional dazugenommen werden kann, wenn die Anwendung Bedarf daran hat und die dem Entwickler viele arbeits- und codieraufwendunge Dinge abnehmen können. Die Klasse Cart zum Beispiel realisiert einen einfachen Warenkorb, der zusammen mit einer Artikeltabelle in einer Datenbank leicht zu einem einfachen Shopsystem erweitert werden kann.\nAndere Klassen generieren immer wieder benötigte Strukturen in HTML: Table kann in Zusammenhang mit Arrays oder Datenbank-Resultaten fertige Tabellen generieren, Sql_Query erlaubt es, eine Eingabemaske zu erzeugen, in denen sich ein Anwender eine Query gegen eine Datenbanktabelle zusammenklicken kann und diese Maske dann auch auszuwerten und schließlich dient die OOH Forms-Klassensammlung zur Generierung von Verwaltung von Abfrageformularen.\nWo bekommt man PHPLIB (und was kostet sie)? Die Website zu PHPLIB ist http://phplib.netuse.de . An dieser Stelle findet sich nicht nur die jeweils aktuelle Version von PHPLIB, sondern auch die jeweils aktuelle Dokumentation und ein Verweis auf die Supportmailinglisten zu PHPLIB. Ebenso findet man dort ein Archiv dieser Mailinglisten.\nDie Mailingliste phplib@lists.netuse.de ist das Forum, an das sich Anwender der Bibliothek wenden können, die Probleme mit der Installation oder dem Betrieb von PHPLIB haben. Man kann sich an dieser Liste anmelden, indem man eine Nachricht mit dem Text \u0026ldquo;subscribe\u0026rdquo; an die Adresse phplib-request@lists.netuse.de sendet. Die Abmeldung funktioniert analog, indem man eine Nachricht mit dem Text \u0026ldquo;unsubscribe\u0026rdquo; an diese Adresse phplib-request@lists.netuse.de sendet. Die Liste ist in englischer Sprache.\nEine weitere Liste,phplib-dev@lists.netuse.de, ist für Entwickler der Bibliothek gedacht: Sie empfängt Reports aus dem CVS-Archiv von phplib und auf ihr finden Diskussionen unter den Entwicklern statt. Auch diese Liste ist englischsprachig.\nDa die Bibliothek unter der \u0026ldquo;nicht infektiösen\u0026rdquo; LGPL frei verfügbar ist, kann sie sowohl in GNU Projekten als auch in kommerziellen Softwareprojekten gefahrlos und ohne daß Lizenzgebühren anfallen eingesetzt werden. Der genaue Text der Lizenzvereinbarung ist Bestandteil des Paketes und findet sich in der Datei COPYING.\nDie ursprünglichen Entwickler von PHPLIB, Boris Erdmann und Kristian Köhntopp, haben inzwischen von vielen anderen Netzteilnehmern Unterstützung bekommen. Besondere Erwähnung verdienen Sascha Schumann , der für die Veröffentlichung von PHPLIB-6 maßgeblich war und der viele andere Erweiterungen und Fehlerkorrekturen vorgenommen hat und Jay Bloodworth , von dem die OOH Forms-Klassen der Bibliothek stammen. Eine vollständige Liste aller Helfer findet man in der Datei CREDITS als Bestandteil des Paketes.\nPHPLIB installieren Bevor man daran gehen kann, sich mit der eigentlichen Installation von PHPLIB zu beschäftigen, solle man zunächst einmal seine Installation von PHP3 überprüfen und einige Fakten darüber in Erfahrung bringen. Für den Installationsprozeß ist es notwendig zu unterscheiden, ob man ein CGI PHP3 oder ein mod_php3 als Bestandteil eines Apache Webservers hat. Wie die meisten Fragen zum Thema PHP3-Installation beantwortet sich dies am einfachsten, indem man sich ein Script mit einem phpinfo()-Aufruf erzeugt und sich die Ausgabe desselben ansieht: Besteht die Ausgabe von phpinfo() aus vier Tabellen, handelt es sich um einen CGI PHP3-Interpreter. Enthält sie dagegen mehr Tabellen, von denen die letzten beiden \u0026ldquo;Apache Environment\u0026rdquo; und \u0026ldquo;HTTP Headers Information\u0026rdquo; heißen, handelt es sich um ein PHP3-Modul in einem Apache Webserver (mod_php3).\nFalls CGI PHP3 verwendet wird, sollte man den PHP3-Interpreter gleich noch auf korrekte Übersetzung und Installation prüfen: Angenommen der Name des Testscriptes mit dem phpinfo()-Aufruf ist http://localhost/test.php3. Falls der Inhalt der Variablen $PHP_SELF nur den Pfad zum PHP3-Script enthält (/test.php3), ist die Installation korrekt erfolgt. Taucht dagegen der CGI-Pfad und der Name des Interpreters als Bestandteil der Variablen auf (/cgi-bin/php/test.php3), ist der Interpreter ohne die Option --force-cgi-redirect übersetzt worden. Abgesehen davon, daß dies eine enorme Sicherehitslücke ist, wird PHPLIB mit so einem Interpreter nicht korrekt funktionieren. Mit einem dergestalt falsch installierten PHP3-Interpreter lassen sich beliebige Dateien, auch außerhalb der Document-Root des Webservers, lesen und herunterladen (/cgi-bin/php/../../../../../../etc/passwd).\nMit Hilfe der Ausgabe von phpinfo() läßt sich auch die Version des PHP3-Interpreters prüfen. Für PHPLIB muß sie ausreichend neu sein: mindestens 3.0.6 oder höher, besser wäre ein aktuelles Release wie 3.0.11 oder höher. Es hat keinen Zweck versuchen zu wollen, PHPLIB mit einer älteren Version von PHP3 zu installieren: Ältere Versionen von PHP3 haben zu viele Fehler in der Speicherverwaltung und in der Behandlung von objektorientierten Erweiterungen als daß sie mit PHPLIB zusammenarbeiten könnten.\nFür die korrekte Installation von PHPLIB ist es außerdem notwendig, Zugriff auf die php3.ini-Datei zu haben, um einige Konfigurationsparameter für den Interpreter setzen zu können. Im Falle von mod_php3 genügt es, .htaccess-Dateien erzeugen zu können, mit denen man PHP3-Parameter für Unterverzeichnisse seines Webservers festlegen kann.\nPHPLIB kann entweder als mit gzip komprimiertes tar-Archiv (tgz-Datei) oder als selbstentpackendes Shellscript (shar-Datei) bezogen werden. Das bevorzugte Format ist das tgz-Format, weil es wegen der Kompression deutlich kleiner ist und weil es sowohl unter UNIX als auch unter Windows (mit WinZIP) problemlos auszupacken ist.\nNach dem Auspacken entsteht ein Verzeichnis php-lib mit den Unterverzeichnissen doc, pages, php und stuff. Die eigentliche Bibliothek befindet sich in den Dateien im Verzeichnis php. Dazu gehören außerdem die Dateien im Verzeichnis pages, die eine Reihe von Testseiten und Verwaltungsprogrammen enthalten. Diese Daten sind nur zum Test des Installationsprozesses notwendig und können später im Produktionsbetrieb entfernt werden. Das Verzeichnis stuff enthält eine Reihe von Scripten für die unterschiedlichsten SQL-Datenbanken und dient zur Einrichtung der benötigten Tabellen. Schließlich existiert noch das doc-Verzeichnis, in dem sich die Dokumentation zur Bibliothek in englischer Sprache befindet.\nDie Dateien im Verzeichnis php werden von PHP3 zur Laufzeit mittels include()- oder require()-Anweisungen eingebunden. Man sollte sie daher in ein Verzeichnis neben der Document-Root seines Webservers kopieren und den include_path seines PHP3-Interpreters darauf zeigen lassen. Auf keinen Fall sollten sich diese Dateien in irgendeinem Verzeichnis unterhalb des Document-Root Verzeichnisses des Webservers befinden, andernfalls kann es zu schweren Sicherheitsproblemen kommen.\nSetzt man die CGI-Version von PHP ein oder möchte man für ein mod_php den include_path global vorgeben, ist eine Änderung in der php3.ini zu machen. In welchem Verzeichnis diese Datei gesucht wird, geben neuere Versionen in der Ausgabe von phpinfo() als Überschrift der Tabelle \u0026ldquo;Configuration\u0026rdquo; mit an. In der php3.ini ist der Parameter include_path so zu setzen, daß er das Verzeichnis mit den *.inc-Dateien von PHPLIB enthält. Setzt man dagegen mod_php ein und möchte die Änderung der Konfigurationsparameter nur für ein Unterverzeichnis vornehmen, muß man in einem \u0026lt;Directory\u0026gt;-Block in der httpd.conf oder in einer .htaccess-Datei einen Eintrag der Form \u0026ldquo;php3_include_path /pfad/zum/verzeichnis\u0026rdquo; vornehmen, damit das betreffende Verzeichnis mit durchsucht wird.\nAuf jeder Seite, die PHPLIB verwendet, müssen nun die Dateien mit den Definitionen der Klassen von PHPLIB eingebunden werden. Zu diesem Zweck existiert eine vordefinierte Datei, die sich nun in dem neuen Include-Verzeichnis befinden muß: prepend.php3. Entweder kann diese Datei manuell auf jeder einzelnen PHPLIB-Seite eingebunden werden oder sie kann automatisch vor jede dieser Seiten gesetzt werden. Letzteres erreicht man, indem man den Parameter \u0026ldquo;auto_prepend_file = \u0026hellip;\u0026rdquo; in der php3.ini entsprechend setzt, oder, falls man mod_php einsetzt, in einem \u0026lt;Directory\u0026gt;-Block oder einer .htaccess-Datei einen Eintrag der Form \u0026ldquo;php3_auto_prepend_file /pfad/zu/datei/prepend.php3\u0026rdquo; vornimmt.\nIn der Datei prepend.php3 wird dann eingetragen, welche Dateien PHPLIB zu jeder Seite dazuladen soll. Verwendet man MySQL, ist keine Änderung notwendig. Wird stattdessen eine der anderen von PHPLIB unterstützten Datenbanken (mSQL, ODBC, Oracle 7, Oracle OCI 8 Interface, Postgres oder Sybase) verwendet, ist die Anweisung \u0026lsquo;require(\u0026ldquo;db_mysql.inc\u0026rdquo;)\u0026rsquo; in dieser Datei entsprechend anzupassen. Verwendet man PHPLIB ohne SQL-Datenbank, sondern mit dem LDAP-, DBM- oder Shared Memory-Interface, ist diese require-Anweisung auszukommentieren und stattdessen die Anweisung \u0026lsquo;require(\u0026ldquo;ct_sql.inc\u0026rdquo;)\u0026rsquo; in der Zeile darunter entsprechend anzupassen. In dieser Anleitung gehen wir davon aus, daß eine Standardinstallation mit MySQL verwendet werden soll. Dann sind in der prepend.php3 keine Änderungen notwendig.\nIm nächsten Schritt sind in der Datenbank die benötigten Tabellen anzulegen. In MySQL muß der Datenbank-Administrator dazu zunächst einmal eine logische Datenbank mit dem Kommando \u0026lsquo;CREATE DATABASE\u0026rsquo; anlegen, etwa \u0026lsquo;CREATE DATABASE beispieldb\u0026rsquo;. Danach muß dem Benutzer, unter dem PHP3 später ausgeführt wird, auf die übliche Weise Zugriffsrecht auf diese Datenbank gegeben werden. Es ist dringend empfohlen, keine gesonderte logische Datenbank für PHPLIB anzulegen, sondern die Tabellen von PHPLIB innerhalb des normalen Datenbankschemas der Anwendung zu erzeugen. Man kann dies für die Datenbank \u0026lsquo;beispieldb\u0026rsquo; tun, indem man einfach den SQL-Batch \u0026lsquo;stuff/create_database.mysql\u0026rsquo; aus der PHPLIB-Distribution ausführt:\n$ mysql beispieldb \u0026lt; stuff/create_database.mysql Ein einfaches \u0026lsquo;SHOW TABLES\u0026rsquo; in dieser Datenbank sollte einem dann die Tabellen active_sessions und active_sessions_split, auth_user und auth_user_md5 sowie db_sequence zeigen.\nSchließlich muß man PHPLIB noch auf seine eigenen Bedürfnisse anpassen, d.h. der Bibliothek mitteilen, wo sie die Datenbank findet und mit welchen Parametern sie arbeiten soll. Alle diese Änderungen werden in der Datei local.inc vorgenommen. Diese Datei enthält eine Reihe von Klassendefinitionen, die die normalen, unspezifischen Klassendefinitionen um die für die Anwendung benötigten Parameter ergänzen. In der zum Paket gehörenden Version enthält diese Datei eine Reihe von Beispieldefinitionen, was sie ein wenig unübersichtlich macht. Zum Üben ist es ausreichend, wenige Zeilen in der Definition von DB_Example anzupassen, aber für eine Installation, die für die Produktion gedacht ist, wird man die Datei nur als Vorlage nehmen und mit einer leeren local.inc anfangen, die man sich für seine Zwecke maßschneidert.\nAn keiner anderen Datei von PHPLIB sollten normalerweise Änderungen notwendig sein.\nZum Testen kann nun die Dateien aus dem pages-Verzeichnis in die Document-Root seines Webservers kopieren und einmal versuchen, die Testseiten aufzurufen. Bei Installationsproblemen hilft die wirklich ausführliche Anleitung, die mit PHPLIB mitgeliefert wird und die Supportmailingliste zur Bibliothek.\nZugriff auf Datenbanken mit PHPLIB Erstellen einer eigenen Datenbank-Klasse PHPLIB enthält eine Klasse DB_Sql, die den Zugriff auf Datenbanken in einer Weise erlaubt, die weitgehend unabhängig von der verwendeten Datenbankart ist. Die Klasse existiert in verschiedenen Versionen, je nach der unterliegenden SQL-Datenbank, die verwendet werden soll: db_mysql.inc definiert eine Version von DB_Sql für MySQL-Datenbanken, db_odbc.inc eine Version für ODBC-Datenbanken und so weiter. Durch Einbinden der entsprechenden Version in der Datei prepend.php3 kann man entscheiden, mit welcher Datenbank man arbeiten möchte.\nDie Klasse DB_Sql ist dabei sehr allgemein gehalten: Sie enthält keinerlei Connect-Informationen und eine Reihe von Defaults, die das Verhalten im Fehlerfall bestimmen. Gewöhnlich konfiguriert man die Klasse, indem man in der Datei local.inc eine Unterklasse von DB_Sql definiert, in der man seine eigenen Connect-Parameter einträgt. Ändern sich die Connect-Parameter der Anwendung, braucht man sie nur an einer Stelle in local.inc zu ändern. Eine solche Definition kann zum Beispiel so aussehen:\nclass DB_Example extends DB_Sql { var $Host = \u0026#34;localhost\u0026#34;; var $Database = \u0026#34;test\u0026#34;; var $User = \u0026#34;kk\u0026#34;; var $Password = \u0026#34;\u0026#34;; } Dies definiert eine Klasse DB_Example, die sich ganz genau wie DB_Sql verhält, aber gegen die Datenbank test auf dem Rechner localhost connected, indem sie sich als Benutzer kk mit einem leeren Paßwort anmeldet. In seiner Anwendung kann man nun Datenbankobjekte der Klasse DB_Example erzeugen und diese Objekte wissen automatisch wo und wie sie sich anzumelden haben.\nAbfragen an eine Datenbank senden DB_Sql merkt sich intern, ob bereits eine Datenbankverbindung besteht oder ob noch eine erzeugt werden muß. Die Klasse kümmert sich vor der Verarbeitung einer neuen Query auch darum, das alte Anfrageergebnis freizugeben, wenn eines existiert. Für den Entwickler bedeutet dies, daß er sich um diese Details nicht mehr kümmern braucht, sondern nach dem Erzeugen seines Datenbankobjektes direkt die Query absenden kann. Eine typische Anwendung der Klasse sieht zum Beispiel so aus:\n$db = new DB_Example; // Erzeuge ein Objekt $db $db-\u0026gt;query(\u0026#34;select * from beispieltabelle\u0026#34;); Das Datenbankobjekt kümmert sich hier selbstständig um den Aufbau der Verbindung zur Datenbank und um die Schritte, die je nach Datenbank unterschiedlich zur Verarbeitung und zum Senden der Query notwendig sind. Das Ergebnis der Query steht nun bereit und kann entweder manuell abgeholt werden (siehe unten) oder einer anderen Klasse übergeben werden, die etwas damit anfangen kann - der PHPLIB-Klasse Table zum Beispiel.\nVerarbeitet man das Ergebnis der Query manuell, stehen einem Datei die Funktionen next_record() zum Abholen des nächsten Ergebnisses und die Funktionen f(spaltenname) (\u0026ldquo;feld\u0026rdquo;) und p(spaltenname) (\u0026ldquo;print\u0026rdquo;) zum Lesen bzw. Drucken einer Spalte der aktuellen Ergebniszeile zur Verfügung. next_record() nimmt dabei keine Parameter und liefert ein boolean-Ergebnis, mit dem signalisiert wird, ob noch ein Datensatz gelesen werden konnte. f() und p() nehmen jeweils den Namen einer Spalte als Parameter an und bearbeiten diese Spalte in der aktuellen Ergebniszeile. f() liefert den aktuellen Spalteninhalt als Rückgabewert, p() druckt diesen Wert und liefert kein Ergebnis. Die typische PHPLIB-Redewendung zum Abfragen und Verarbeiten von Daten in einer SQL-Datenbank lautet also beispielweise so:\n$db = new DB_Example; // Erzeuge ein Datenbankobjekt $db-\u0026gt;query(\u0026#34;select * from beispieltabelle\u0026#34;); // Sende Query an DB // Hier können f() und p() noch nicht verwendet werden. printf(\u0026#34;\u0026lt;table\u0026gt;\\n\u0026#34;); while($db-\u0026gt;next_record()) { $wert = $db-\u0026gt;f(\u0026#34;s\u0026#34;); // Merke Dir den aktuellen Wert der Spalte \u0026#34;s\u0026#34; printf(\u0026#34;\u0026lt;tr\u0026gt;\u0026lt;td\u0026gt;s = %s\u0026lt;/td\u0026gt;\u0026lt;/tr\u0026gt;\\n\u0026#34;, $wert); } printf(\u0026#34;\u0026lt;/table\u0026gt;\\n\u0026#34;); Dabei ist es sehr wichtig, die Funktionen f() und p() erst dann zu verwenden, wenn nach dem Absenden der Query mindestens einmal next_record() aufgerufen worden ist. Erst nach dem ersten Aufruf von next_record() stehen im internen Puffer des Datenbankobjektes Informationen zur Verfügung, die verarbeitet werden können.\nWenn die Query eine Abfrage war, also das SQL-Statement \u0026lsquo;SELECT\u0026rsquo; enthielt, kann man mit den Funktionen num_fields() und num_rows() die Anzahl der Spalten und Zeilen des Ergebnisses erfragen, falls die Datenbank dies unterstützt. Bei MySQL ist dies der Fall, aber andere Datenbanken liefern das Ergebnis einer Query asynchron, sodaß man die Größe der Resultatmenge nicht auf diese Weise abfragen kann: In Oracle ist es beispielweise möglich, daß die Datenbank schon die ersten mit next_record() abfragbaren Ergebnisse zur Verfügung stellt, während der hintere Teil der Query noch bearbeitet wird. Die Funktion num_rows() liefert hier immer das Ergebnis 0. In so einem Fall muß man die Größe der Resultatmenge vorab mit einem \u0026lsquo;SELECT count(*) FROM \u0026hellip;\u0026rsquo; manuell bestimmen, bevor man die eigentlich Query danach absendet. Das erzeugt zum Glück nicht übermäßig Last auf dem Datenbank-Server, weil dieser die Anfrage und deren Ergebnis zwischenspeichert, sodaß die zweite Query im Vergleich zur ersten sehr schnell bearbeitet werden kann.\nSendet man statt einer Abfrage stattdessen Anweisungen, die Daten modifizieren, also z.B. die SQL-Anweisungen \u0026lsquo;INSERT\u0026rsquo;, \u0026lsquo;DELETE\u0026rsquo; oder \u0026lsquo;UPDATE\u0026rsquo;, erhält man keine Ergebnismenge, die man abfragen könnte. Stattdessen kann mit der Funktion affected_rows() bestimmen, wieviele Zeilen durch diese Anweisung bearbeitet worden sind. Die Redewendung, die man an dieser Stelle immer wieder findet, lautet dann so:\n// $db aus dem Beispiel oben wird weiter verwendet $db-\u0026gt;query(\u0026#34;insert into beispieltabelle ( s ) values (\u0026#39;probe\u0026#39;)\u0026#34;); $erfolg = $db-\u0026gt;affected_rows(); Die Variable $erfolg wird nun den Wert 1 haben, wenn der Wert erfolgreich in die Tabelle eingefügt werden konnte, oder 0, wenn das INSERT-Statement fehlgeschlagen ist.\nFehlerbehandlung DB_Sql kümmert sich, wenn dies gewünscht ist, auch automatisch um die Behandlung von Fehlern, die durch falsches oder fehlerhaftes SQL entstehen. Die Default-Aktion ist es, im Fehlerfall eine Meldungsfunktion halt() aufzurufen und die Verarbeitung dann anzuhalten. Dem Entwickler steht es dabei frei, die Meldungsfunktion nach seinen Wünschen anzupassen.\nStandardmäßig belegt die Funktion halt() die Variablen Error und Errno mit den aktuellen Fehlercodes des Datenbankinterfaces und ruft dann die Funktion haltmsg() auf, um eine erklärende Meldung zu drucken und die weitere Verarbeitung dann anzuhalten.\nDieses Verhalten ist jedoch durch die Belegung der VariablenHalt_On_Error bestimmt: Defaultmäßig steht diese Variable auf dem Wert \u0026ldquo;yes\u0026rdquo;. Setzt man sie auf \u0026ldquo;report\u0026rdquo;, wird die Meldung gedruckt, die weitere Verarbeitung jedoch nicht angehalten. Setzt man sie auf \u0026ldquo;no\u0026rdquo;, wird weder eine Meldung gedruckt, noch wird das Programm abgebrochen. Es ist dann Aufgabe der Anwendung, den Fehlerstatus durch die Abfrage von Error und Errno zu kontrollieren.\nAlternativ kann ein Entwickler auch die Funktion haltmsg() überschreiben, um die Ausgabe von Fehlermeldungen seinen Wünschen anzupassen. Einige Beispiele:\n// Diese Klasse ignoriert Datenbankfehler. class DB_Example2 extends DB_Sql { var $Host = \u0026#34;localhost\u0026#34;; var $Database = \u0026#34;test\u0026#34;; var $User = \u0026#34;kk\u0026#34;; var $Password = \u0026#34;\u0026#34;; var $Halt_On_Error = \u0026#34;no\u0026#34;; // keine Fehlermeldungen drucken } // Diese Klasse meldet Datenbankfehler in einem Logfile // und setzt die Verarbeitung dann fort. // Im HTML-Code erscheint nichts. class DB_Example3 extends DB_Sql { var $Host = \u0026#34;localhost\u0026#34;; var $Database = \u0026#34;test\u0026#34;; var $User = \u0026#34;kk\u0026#34;; var $Password = \u0026#34;\u0026#34;; var $Halt_On_Error = \u0026#34;report\u0026#34;; // haltmsg() aufrufen, aber weitermachen // unsere eigene Version von haltmsg) function haltmsg($msg) { $fp = fopen(\u0026#34;/tmp/errorlog\u0026#34;, \u0026#34;a+\u0026#34;); $msg = sprintf(\u0026#34;%s: error %s (%s) - %s\\n\u0026#34;, date(\u0026#34;Y-M-D H:i:s\u0026#34;), $this-\u0026gt;Errno, $this-\u0026gt;Error, $msg); fputs($fp, $msg); fclose($fp); } } Metadata Gelegentlich ist es nützlich, einige Fragen über die vorhandenen Datenbanktabellen stellen zu können. DB_Sql stellt dafür die Funktionen table_names() und metadata() zur Verfügung. Beide Funktionen geben jeweils zweidimensionale Felder als Ergebnis zurück, die entweder manuell verarbeitet werden können oder als Eingabe für die PHPLIB-Klasse Table verwendet werden können.\nDie Funktion table_names() liefert eine Liste alle Tabellen zurück, auf die man Zugriff hat. Zu jeder Tabelle werden die Informationen table_name, tablespace_name und database geliefert. Ein kleines Anwendungsbeispiel zeigt, wie man auf diese Weise eine Liste aller vorhandenen Tabellen erzeugen kann.\n$db = new DB_Example; $tinfo = $db-\u0026gt;table_names(); reset($tinfo); while(list($k, $v) = each($tinfo)) { printf(\u0026#34;Tabelle: %s Tablespace: %s Datenbank: %s\\n\u0026#34;, $tinfo[$k][\u0026#34;table_name\u0026#34;], $tinfo[$k][\u0026#34;tablespace_name\u0026#34;], $tinfo[$k][\u0026#34;database\u0026#34;]); } Die Funktion metadata() wird dann verwendet, um den Aufbau einer Tabelle weiter zu untersuchen. Sie liefert Information über die Spalten einer Tabelle, ebenfalls als zweidimensionales Feld, das als Eingabe für die Table-Klasse verwendet werden kann. Ein Anwendungsbeispiel mit Table könnte so aussehen:\ninclude(\u0026#34;table.inc\u0026#34;); // Table einbinden. $db = new DB_Example; // Datenbankobjekt $t = new Table; // Table Objekt $t-\u0026gt;heading = \u0026#34;on\u0026#34;; // Table soll Überschriften anzeigen. $db-\u0026gt;metadata(\u0026#34;beispieltabelle\u0026#34;); // Metadata abfragen $t-\u0026gt;show($db); // ... und darstellen. Ausgegeben werden zu jeder Spalte der Name der Tabelle (\u0026ldquo;table\u0026rdquo;), der Name der Spalte (\u0026ldquo;name\u0026rdquo;), der Typ des Datenfeldes (\u0026ldquo;type\u0026rdquo;), die Länge des Feldes (\u0026ldquo;len\u0026rdquo;) und die Flags, die für dieses Feld gesetzt sind (\u0026ldquo;flags\u0026rdquo;).\nSequenzen In Datenbankanwendungen benötigt man oft Zähler, die eindeutige Schlüssel für Datenbanktabellen generieren. DB_Sql stellt hierfür die Funktion nextid() zur Verfügung, die einen solchen Wert liefert, der garantiert eindeutig und aufsteigend ist. Die Funktion wird mit einem Zählernamen aufgerufen und liefert dann den jeweils nächsten Wert für diesen Zähler. Die Anwendung ist denkbar einfach.\n$db = new DB_Example; // Datenbankobjekt erzeugen. $id1 = $db-\u0026gt;nextid(\u0026#34;beispieltabelle\u0026#34;); $id2 = $db-\u0026gt;nextid(\u0026#34;zweite_tabelle\u0026#34;); $query1 = sprintf(\u0026#34;insert into beispieltabelle ( id, s ) values ( \u0026#39;%s\u0026#39;, \u0026#39;%s\u0026#39; )\u0026#34;, $id1, $some_value); $query2 = sprintf(\u0026#34;insert into zweite_tabelle ( id, t, s_id ) values ( \u0026#39;%s\u0026#39;, \u0026#39;%s\u0026#39;, \u0026#39;%s\u0026#39; )\u0026#34;, $id2, $another_value, $id1); $db-\u0026gt;query($query1); $db-\u0026gt;query($query2); In diesem Beispiel werden zwei Zähler mit den Namen beispieltabelle und zweite_tabelle geführt. Beide Zähler sind voneinander unabhängig. Das Beispiel generiert eine Einfügung in die Tabelle beispieltabelle mit dem gleichnamigen Zählerwert. In einer zweiten Einfügung in die Tabelle zweite_tablle wird ein Eintrag gemacht, der unter seiner eigenen ID abgespeichert wird und zugleich auf einen anderen Eintrag in der Tabelle beispieltabelle verweist.\nLocking Die großen Datenbanken wie Oracle und Sybase haben umfangreiche Mechanismen, um Datensätze gegen gleichzeitigen Zugriff durch mehrere Programme zu sperren. Bei kleinen Datenbankservern wie MySQL muß man dies dagegen selbst machen. Eine sehr einfache, aber auch wenig effiziente Methode ist die Sperrung der ganzen Tabelle, entweder um darin zu schreiben oder um aus ihr zu lesen. DB_Sql stellt die Funktionen lock() und unlock() zur Verfügung, um mit Ihnen Sperren auf ganze Tabellen zu setzen.\nDie Funktion lock() kann auf zwei Arten verwendet werden. Entweder übergibt man Ihr einen Tabellennamen und einen Sperrmodus (Beispiel: $db-\u0026gt;lock(\u0026ldquo;beispieltabelle\u0026rdquo;, \u0026ldquo;write\u0026rdquo;)), dann setzt sie ein Lock im entsprechenden Modus auf diese Tabelle oder man übergibt Ihr einen Hash von Tabellennamen und Modi, dann werden die entsprechenden Locks gesetzt. Das Beispiel zeigt, wie es geht.\n$lock_tables = array( \u0026#34;beispieltabelle\u0026#34; =\u0026gt; \u0026#34;write\u0026#34;, \u0026#34;zweite_tabelle\u0026#34; =\u0026gt; \u0026#34;read\u0026#34; ); $db-\u0026gt;lock($lock_tables); Die Sperren auf diese Tabellen bleiben bestehen, bis $db-\u0026gt;unlock() aufgerufen wird. Der Aufruf löscht alle bestehenden Sperren; es ist nicht möglich, einzelne Locks aufzugeben.\nSessions Sessions konfigurieren Eine Session ist in PHPLIB ein Weg, Variablen zu haben, die automatisch von einer PHP-Seite zur nächsten mitgeschleppt werden. Dazu wird dem Browser des Anwenders eine Kennung verpaßt, die dieser bei jedem Zugriff an die Anwendung zurück übermittelt - entweder in Form eines Cookie oder in Form eines GET-Parameters, der an jede URL angehängt werden muß, die der Anwender aufrufen kann. Mit Hilfe dieser Kennung kann PHPLIB nun die mitzuschleppenden Variablen am Ende einer Seite abspeichern und beim Zugriff auf die Folgeseite wieder laden.\nUm mit Sessions zu arbeiten, muß man in seiner local.inc-Datei eine Unterklasse der Klasse Session aus PHPLIB erzeugen. In dieser Klasse wird wieder mit einer Reihe von Parametern festgelegt, auf welche Weise die Variablen zu speichern sind und auf welche Weise die Kennung weitergegeben wird. Wie schon bei der Datenbank-Klasse geschieht dies im wesentlichen, indem man eine Reihe von vordefinierten Variablen mit den gewünschten Werten überschreibt. Eine Besonderheit besteht darin, daß man (ab PHPLIB-7) der Session-Klasse mit einer Hilfsklasse (CT_SQL) mitteilen muß, wo und auf welche Weise die Session-Daten zu speichern sind.\n+---------+ enthält Code zur Verwaltung von Session-IDs, | Session | zur Serialisierung von Variablen und +---------+ zum Abräumen alter Sessions | | benutzt v +--------+ enthält SQL-Queries, die Session-Variablen | CT_Sql | laden und speichern, User authentisieren +--------+ und so weiter. | | benutzt v +--------+ übernimmt die Kommunikation mit der Datenbank, | DB_Sql | Fehlerbehandlung und so weiter. +--------+ Abbildung 1: Beziehung zwischen den Klassen DB_Sql, CT_Sql und Session, Konfiguration zur Arbeit mit einer SQL-Datenbank\nDiese Hilfsklasse enthält die benötigten Anweisungen, um Variablen in eine Datenbank (oder eine DBM-Datei, oder ein shared-memory Segment, oder etwas anderes) zu speichern und von dort zu lesen, um Benutzer zu authentisieren und weitere Zugriffe. Die Abkürzung \u0026ldquo;CT\u0026rdquo; steht dabei für \u0026ldquo;Container\u0026rdquo;, die Klasse implementiert einen sogenannten Storage Container, der alle Speicherzugriffe für eine andere Klasse enthält. Durch die Auswahl eines anderen Storage Containers kann man Session dazu bringen, Variablen nicht in einer SQL-Datenbank, sondern auf einem anderen Speichermedium abzulegen.\n+---------+ +-----------------+ | Session |-- abgeleitet --\u0026gt; | Example_Session | +---------+ +-----------------+ | | | benutzt | benutzt v v +--------+ +----------------+ | CT_Sql | -- abgeleitet --\u0026gt; | Example_CT_Sql | +--------+ +----------------+ | | | benutzt | benutzt v v +--------+ +------------+ | DB_Sql | -- abgeleitet --\u0026gt; | DB_Example | +--------+ +------------+ Abbildung 2: Klassensystem nach dem Einlesen von local.inc.\nDurch die Definitionen in local.inc entstehen aus den Standardklassen der Bibliothek angepaßte Unterklassen, die für die spezielle Anwendung und Installation konfiguriert sind. Eine PHPLIB-Anwendung verwendet immer diese angepaßten Unterklassen aus local.inc, niemals die Standardklassen aus der Bibliothek.\nIn local.inc findet man also nach der Definition der Klasse für den Datenbankzugriff (DB_Example, siehe oben) Definitionen für den Storage Container und die Session-Klasse. Die Daten, die konfiguriert werden müssen, sind im wesentlichen die Namen der Klassen, so wie sie sich untereinander benutzen, d.h. man muß dem Storage Container den Namen der Datenbank-Klasse mitteilen und der Session-Klasse den Namen des Storage Containers, der verwendet werden soll.\nclass Example_CT_Sql extends CT_Sql { // Name der Datenbankklasse, die zu verwenden ist. var $database_class = \u0026#34;DB_Example\u0026#34;; // Name der SQL-Tabelle, die zu verwenden ist. var $database_table = \u0026#34;active_sessions\u0026#34;; } class Example_Session extends Session { // Muß vorhanden sein, damit die Klasse gespeichert werden kann. var $classname = \u0026#34;Example_Session\u0026#34;; // Muß für jede Installation anders sein var $magic = \u0026#34;Hocuspocus\u0026#34;; // Name der Storage Container-Klasse, die zu verwenden ist. var $that_class = \u0026#34;Example_CT_Sql\u0026#34;; } Im Storage Container wird durch den Namen der Datenbank-Klasse implizit klargemacht, an welchen Server mit welchem Benutzernamen und welchem Paßwort connected werden soll. Außerdem kann konfiguriert werden, wie der Name der Tabelle lautet, in dem später einmal die Session-Daten gespeichert werden sollen. Damit dies mit den create_database-Definitionen aus dem stuff/-Verzeichnis zusammenspielt, sollte dieser Name active_sessions sein.\nIn der Session-Klasse ist vor allen Dingen der Name des Storage Containers zu definieren, der verwendet werden soll, hier also Example_CT_Sql. In der Variablen magic steht außerdem ein String, der bei der Generierung der Session-IDs verwendung findet, und der bei jeder Installation von PHPLIB auf einen anderen Wert gesetzt werden sollte, damit die Session-IDs schwerer zu fälschen sind. Die Variable classname wird intern von PHPLIB verwendet, um Objekte zu laden und zu speichern und sollte den genauen Namen der Klasse selbst enthalten, hier also Example_Session.\nPHPLIB-Sessions haben nun zwar noch eine ganze Menge Knöpfe, an denen man drehen und einstellen kann, aber die Session-Klasse ist nun schon benutzbar. Eine Seite mit Session-Variablen sieht wie nachstehend gezeigt aus.\n\u0026lt;?php // Laden der Variablen aus der Datenbank. page_open(array(\u0026#34;sess\u0026#34; =\u0026gt; \u0026#34;Example_Session\u0026#34;)); // Die globale Variable $s ist nun bei der Session registriert. $sess-\u0026gt;register(\u0026#34;s\u0026#34;); // $s wird auf einen definierten Startwert gesetzt, wenn die // Variable noch nicht existiert. if (!isset($s)) $s = 0; // $s hochzählen. $s++; ?\u0026gt; \u0026lt;html\u0026gt; \u0026lt;head\u0026gt; \u0026lt;title\u0026gt;Eine Testseite\u0026lt;/title\u0026gt; \u0026lt;/head\u0026gt; \u0026lt;body\u0026gt; \u0026lt;h1\u0026gt;Eine Testseite\u0026lt;/h1\u0026gt; Die Variable $s hat den Wert \u0026lt;?php print $s ?\u0026gt;. \u0026lt;/body\u0026gt; \u0026lt;/html\u0026gt; \u0026lt;?php // Zurückspeichern der Variablen in die Datenbank page_close(); ?\u0026gt; Durch das auto_prepend_file, das in der php3.ini konfiguriert wird, wird dieser Datei der Inhalt von prepend.php3 vorangestellt.\nprepend.php3 lädt jetzt alle weiteren Dateien, die für die Ausführung dieser Seite benötigt werden, d.h. es bindet db_mysql.inc, session.inc, page.inc, local.inc und ggf. noch weitere, hier noch nicht benutzte Dateien ein. Dadurch sind am Anfang dieses Programmes eine Reihe von Funktionen und Klassen definiert, die zu PHPLIB gehören.\nDas Beispielprogramm selbst verwendet dann die vordefinierten PHPLIB-Funktionen page_open() und page_close(), um Variablen am Anfang der Seite einzulesen und am Ende der Seite wieder abzuspeichern. Der Funktion page_open() wird dabei mitgeteilt, daß diese Seite die Session-Funktionalität von PHPLIB verwenden möchte und zwar wie sie in der Klasse Example_Session konfiguriert ist.\nDas Resultat ist ein globales Example_Session Objekt mit dem Namen $sess. Man kann jetzt Funktionen von Example_Session (also Funktionen von Session) aufrufen, um Variablennamen bei der Session zu registrieren.\nIm Beispielprogramm wird dies durch den Aufruf $sess-\u0026gt;register(\u0026ldquo;s\u0026rdquo;) gemacht, der die globale Variable mit dem Namen \u0026ldquo;s\u0026rdquo; bei der Session anmeldet. Fortan wird bei jedem Aufruf von page_close() der aktuelle Typ und Wert von $s gerettet und bei einem Aufruf von page_open() wieder hergestellt.\nSobald der Name \u0026ldquo;s\u0026rdquo; erst einmal bei einer Session registriert ist, bleibt er solange Bestandteil der Session, bis er mit $sess-\u0026gt;unregister(\u0026ldquo;s\u0026rdquo;) wieder abgemeldet wird. Andererseits schadet es nichts, einen Namen mehr als einmal bei einer Session zu registrieren. Die Beispielseite merkt sich nun also den Wert von $s und kann ihn so von einem Aufruf der Seite zum nächsten hochzählen.\nWenn man die Seite aufruft und seinen Browser so eingestellt hat, daß er beim Setzen von Cookies eine Warnung ausgibt, dann wird man feststellen, daß der Webbrowser versucht, einen Cookie mit dem Namen \u0026ldquo;Example_Session\u0026rdquo; auf irgendeinen wilden Wert zu setzen. Dieser Cookie identifiziert den Browser eindeutig und in der Tabelle active_sessions in der Datenbank werden unter dem Wert des Cookies die Variablen abgespeichert, die zu dieser Session gehören (aus technischen Gründen sind die Werte dort mit base64_encode() codiert abgespeichert, aber man kann sich die Innereien von PHPLIB ansehen, wenn man die Inhalte von active_sessions.val mit base64_code() decodiert).\nJeder Anwender hat also seinen eigenen Cookie mit einem eindeutigen Wert und in der Datenbank seinen eigenen Satz Variablen, der zu diesem Cookie gehört. PHPLIB verwendet sogenannte Session-Cookies, d.h. die Cookies werden im Browser ohne eine Zeitbegrenzung gesetzt, aber der Browser speichert die Cookies niemals in einer cookies.txt-Datei ab. Die Session \u0026ldquo;lebt\u0026rdquo; also solange, wie der Browser des Anwenders läuft. Beendet der Anwender seinen Browser, ist der Cookie gelöscht und die Session verloren.\nMan kann dies ändern, indem man die Variable $lifetime in seiner Session definiert. Die Variable gibt an, wieviele Minuten lang der Cookie mit der Session-ID gelten soll. Setzt man die Variable also auf den Wert 1440, dann wird die Anwendung versuchen, einen Cookie mit einer Lebensdauer von einem Tag zu setzen. In der Praxis hat sich dies nicht als empfehlenswert erwiesen, daher verwendet PHPLIB standardmäßig Session-Cookies.\nclass Lifetime_Session extends Session { var $classname = \u0026#34;GET_Session\u0026#34;; var $magic = \u0026#34;sonstwas\u0026#34;; var $that_class = \u0026#34;Example_CT_Sql\u0026#34;; // Session-ID Cookie soll einen Tag lang gehalten werden. var $lifetime = 1440; // das sind Minuten. } Sessions mit GET-Mode Einige Anwender sind durch die Medien zu einer regelrechten Cookie-Paranoia erzogen worden und haben ihrem Browser verboten, Cookies anzunehmen oder zu senden. PHPLIB kann in diesem Fall nicht funktionieren.\nUm das Problem zu umgehen kennt PHPLIB den sogenannten GET-Mode. In diesem Fall wird die Session-ID nicht per Cookie zur Anwendung übertragen, sondern als GET-Parameter von Seite zu Seite als Bestandteil der URL durchgeschleift. Man überredet PHPLIB dazu, GET-Mode zu verwenden, indem man den entsprechenden Parameter in der Session-Klasse setzt.\nclass GET_Session extends Session { var $classname = \u0026#34;GET_Session\u0026#34;; var $magic = \u0026#34;sonstwas\u0026#34;; var $that_class = \u0026#34;Example_CT_Sql\u0026#34;; // unterschiedslos GET-Mode verwenden var $mode = \u0026#34;get\u0026#34;; } class Fallback_Session extends Session { var $classname = \u0026#34;Fallback_Session\u0026#34;; var $magic = \u0026#34;was anderes\u0026#34;; var $that_class = \u0026#34;Example_CT_Sql\u0026#34;; // Cookies probieren, automatisch auf GET-Mode zurückschalten var $mode = \u0026#34;cookie\u0026#34;; var $fallback_mode = \u0026#34;get\u0026#34;; } Setzt man die Variable $mode auf \u0026ldquo;get\u0026rdquo;, verwendet die Anwendung immer GET-Parameter, um die Session-ID von Seite zu Seite weiterzugeben. Dies hat jedoch eine Reihe von Nachteilen: Zum Beispiel wird die Session-ID dadurch Bestandteil von Bookmarks oder sie wird womöglich sogar von irgendwelchen Redakteuren in Zeitschriften abgedruckt. Auch geht die Session verloren, wenn ein Anwender in seinem Browser einmal schnell eine andere Seite aufruft und dann zu unserer Anwendung zurückkehrt - dies ist bei Cookie-Mode nicht der Fall.\nDaher kann man PHPLIB auch so konfigurieren, wie in der Klasse Fallback_Session gezeigt. In diesem Fall versucht PHPLIB beim Start der Session sowohl Cookies als auch GET-Parameter zu benutzen. Ist auf den Folgeseiten der Cookie gesetzt, wird weiter Cookie-Mode verwendet. Hat der Anwender jedoch die Annahme von Cookies verweigert, schaltet PHPLIB automatisch auf GET-Parameter um.\nIn beiden Fällen muß man seine Anwendung jedoch speziell präparieren, damit die Session-ID in der URL weitergereicht wird. Genaugenommen muß man alle URLs in seiner Anwendung durch PHPLIB erzeugen lassen, anstatt sie einfach ins HTML zu schreiben, d.h. man muß statt\n\u0026lt;a href=\u0026#34;/index.html\u0026#34;\u0026gt;zurück zur Hauptseite\u0026lt;/a\u0026gt; \u0026lt;a href=\u0026#34;\u0026lt;?php $sess-\u0026gt;purl(\u0026#34;/index.html\u0026#34;)\u0026gt;\u0026#34;\u0026gt;zurück zur Hauptseite\u0026lt;/a\u0026gt; schreiben, und zwar für alle A, FRAME und FORM-Tags. Die Funktion $sess-\u0026gt;url() liefert in Abhängigkeit von der aktuellen Betriebsart eine passende URL mit Session-ID für die angegebene Parameter-URL zurück. Die Funktion purl() macht genau dasselbe, druckt diese URL aber gleich aus. Das bedeutet, wenn der Anwender Cookies eingeschaltet hat, wird die Funktion tatsächlich die URL \u0026ldquo;/index.html\u0026rdquo; ausgeben. Ist stattdessen aber die Annahme von Cookies beim Anwender blockiert, dann wird von purl() stattdessen die URL \u0026ldquo;/index.html?Fallback_Session=\u0026hellip;.\u0026rdquo; erzeugt.\nWie man sieht, ist dieses Verfahren sehr aufwendig in der Codierung: Man muß jedes Link und jede URL in seiner Anwendung manuell anfassen und auf PHP umstellen. Dies ist leider nicht zu ändern, daß die Sprache PHP3 normales HTML niemals anfaßt, sondern ausschließlich PHP-Sektionen interpretiert. Wenn man sich dennoch entschließt, dieses Verfahren anzuwenden, sollte man sich auf jeden Fall für die Fallback-Lösung entscheiden, weil diese für die Anwender, die Cookies eingeschaltet haben, wesentlich bequemer und betriebssicherer ist.\nSessions initialisieren Beim Start einer Anwendung, also wenn eine neue Session erzeugt wird, ist es oftmals notwendig, eine Reihe von Variablen mit passenden Startwerten zu belegen.\nPHPLIB sieht dafür die Variable $auto_init vor, mit der man den Namen einer Include-Datei festlegen kann, die beim Start einer Session geladen und ausgeführt wird. Per Konvention wird diese Datei in der Regel \u0026ldquo;setup.inc\u0026rdquo; genannt. Anweisungen in dieser Datei werden im Kontext einer Funktion ausgeführt, daher müssen globale Variablen, die vorbelegt werden sollen, mittels der PHP-Anweisung \u0026ldquo;global\u0026rdquo; vorher exportiert werden.\nDas Beispiel mit Example_Session und der globalen Variablen $s (siehe oben) läßt sich damit auch wie nachstehend realisieren.\nIn local.inc:\nclass Beispiel_Session extends Session { var $classname = \u0026#34;Beispiel_Session\u0026#34;; var $magic = \u0026#34;ein weiterer String\u0026#34;; var $that_class = \u0026#34;Example_CT_Sql\u0026#34;; // Diese Datei soll beim Session-Start geladen werden var $auto_init = \u0026#34;setup.inc\u0026#34;; } In setup.inc:\n\u0026lt;?php // $s als globale Variable deklarieren global $s; // $s mit einem Startwert vorbelegen. $s = 0; // Den Namen von $s registrieren $sess-\u0026gt;register(\u0026#34;s\u0026#34;); ?\u0026gt; Die Beispielseite:\n\u0026lt;?php page_open(array(\u0026#34;sess\u0026#34; =\u0026gt; \u0026#34;Beispiel_Session\u0026#34;)); $s++; ?\u0026gt; \u0026lt;html\u0026gt; \u0026lt;head\u0026gt; \u0026lt;title\u0026gt;Überarbeitete Beispielseite\u0026lt;/title\u0026gt; \u0026lt;/head\u0026gt; \u0026lt;body\u0026gt; \u0026lt;h1\u0026gt;Überarbeitete Beispielseite\u0026lt;/h1\u0026gt; Der Wert von $s ist \u0026lt;?php print $s ?\u0026gt;. \u0026lt;/body\u0026gt; \u0026lt;/html\u0026gt; \u0026lt;?php page_close(); ?\u0026gt; Dieses Feature ist vor allen Dingen dann interessant, wenn eine Anwendung aus einer Vielzahl von Seiten besteht und keine ausdrückliche Startseite besteht, d.h. wenn Anwender irgendeine Seite der Anwendung aufrufen können, um sie zu starten.\n\u0026ldquo;setup.inc\u0026rdquo; wird in solchen Situationen in jedem Fall aufgerufen und sorgt für eine korrekte Initialisierung der Anwendung.\nCaching kontrollieren PHPLIB-Seiten sind meistens veränderlich und dürfen daher von einem öffentlichen Cache wie z.B. dem Squid-Cache der Firma oder des Providers nicht gespeichert werden. Wenn das nicht so wäre, könnte es sein, daß andere Anwender Seiten aus diesem Cache bekommen, die Inhalte enthalten, die nicht für sie bestimmt waren. Anders sieht es mit privaten Caches aus, etwa dem Cache, den Netscape für jeden Anwender getrennt anlegt. In vielen Anwendungen ist es zulässig, daß Seiten hier abgelegt werden, um den Bildaufbau zu beschleunigen. Dies ist zugleich auch die Default-Einstellung von PHPLIB (ab Version 7, Version 6.x verbot das Caching von Seiten vollständig).\nMittels der Variablen $allowcache und $allowcache_expire kann man festlegen, wie PHPLIB-erzeugte Seiten in Caches gelagert werden dürfen und, falls sie gecached werden dürfen, wie lange sie im Cache verbleiben können. Für die Variable $allowcache sind die drei Werte \u0026ldquo;public\u0026rdquo;, \u0026ldquo;private\u0026rdquo; (der Default) und \u0026ldquo;no\u0026rdquo; zugelassen. Mit der Einstellung \u0026ldquo;public\u0026rdquo; sendet PHPLIB eine entsprechende Cache-Control-Zeile als Header, die die Speicherung der Seite in öffentliches Caches zuläßt; mit der Einstellung \u0026ldquo;private\u0026rdquo; ist nur die Speicherung in privaten Caches zugelassen. In beiden Fällen wird dem Cache die Speicherung der Seite für $allowcache_expire Minuten gestattet, der Defaultwert ist hier 1440 Minuten, also ein Tag.\nSetzt man den Wert von allowcache auf \u0026ldquo;no\u0026rdquo;, erzeugt PHPLIB $Headerzeilen, die jegliches Caching der Seite - wo auch immer - verbieten. Netscape fordert die Seite hier schon dann neu an, wenn man nur die Größe des Browserfensters verändert.\nclass Nocache_Session extends Session { var $classname = \u0026#34;Nocache_Session\u0026#34;; var $magic = \u0026#34;schon wieder ein String\u0026#34;; var $that_class = \u0026#34;Example_CT_Sql\u0026#34;; // Caching verbieten var $allowcache = \u0026#34;no\u0026#34;; } Sessions und ein Warenkorb Mit Hilfe der Sessions und der Klasse Cart von PHPLIB kann man sich recht einfach einen Warenkorb für einen Webshop gestalten. Die Klasse Cart ist in der Include-Datei \u0026ldquo;cart.inc\u0026rdquo; von PHPLIB definiert. Damit man sie verwenden kann, muß man sie auf seinen Webseiten einbinden. Zweckmäßigerweise geschieht dies indem man in der Datei prepend.php3 an der markierten Stelle die Anweisung \u0026lsquo;require(\u0026ldquo;cart.inc\u0026rdquo;)\u0026rsquo; einfügt.\nUm einen Warenkorb verwenden zu können, muß man sich beim Start einer Session einen definieren. Am einfachsten geschieht dies mit dem bereits erwähnten auto_init-Feature der Session-Klasse.\nIn prepend.php3:\n[ ... gekürzt ... ] /* Additional require statements go below this line */ require($_PHPLIB[\u0026#34;libdir\u0026#34;] . \u0026#34;util.inc\u0026#34;); /* General utility functions */ require(\u0026#34;cart.inc\u0026#34;); // eingefügt /* Additional require statements go before this line */ [ ... gekürzt ... ] In local.inc:\n[ ... Definition der Datenbank- und Storage-Containerklasse gekürzt ... ] class Shop_Session extends Session { var $classname = \u0026#34;Shop_Session\u0026#34;; var $magic = \u0026#34;kaufmich\u0026#34;; var $that_class = \u0026#34;Example_CT_Sql\u0026#34;; var $auto_init = \u0026#34;setup.inc\u0026#34;; var $mode = \u0026#34;cookie\u0026#34;; } class My_Cart extends Cart { // hier Funktionsdefinitionen einfügen, wie weiter unten // im Text gezeigt. } In setup.inc:\n\u0026lt;?php global $cart; if (! is_object($cart)) { $cart = new My_Cart; $sess-\u0026gt;register(\u0026#34;cart\u0026#34;); } ?\u0026gt; Der Warenkorb aus PHPLIB ist sehr einfach gehalten und kann Paare aus Artikelnummern und Anzahlen speichern. Mit Hilfe der Funktionen $cart-\u0026gt;add_item($artikelnummer, $anzahl) kann man $anzahl viele Artikel mit der genannten Nummer zum Warenkorb hinzufügen, mit $cart-\u0026gt;remove_item($artikelnummer, $anzahl) wieder entfernen. Mit Hilfe der Funktion $cart-\u0026gt;set_item($artikelnummer, $anzahl) kann man die Anzahl der Artikel mit der genannten Nummer im Warenkorb direkt setzen. Der Warenkorb ist dabei intelligent genug, einen Artikel aus dem Warenkorb zu entfernen, wenn die Anzahl der Artikel auf 0 sinkt.\nDen Inhalt des gesamten Warenkorbes kann man sich mit Hilfe der Funktion $cart-\u0026gt;show_all() anzeigen lassen. Der Cart ruft dabei intern zunächst die Funktion $cart-\u0026gt;show_cart_open() auf, um dann für jeden Artikel im Warenkorb $cart-\u0026gt;show_cart_item($artikelnummer, $anzahl) einmal aufzurufen. Am Ende wird die Anzeige mit einem Aufruf von $cart-\u0026gt;show_cart_close() beendet. Ist der Warenkorb leer, wird stattdessen nur die Funktion $cart-\u0026gt;show_cart_empty() aufgerufen.\nIn Cart sind diese Funktionen nur mit der notwendigsten Anzeigelogik ausgestattet, um den Inhalt des Warenkorbes darzustellen. In einer konkreten Anwendung wird man daher die vier Anzeigefunktionen mit eigenem Code überschreiben wollen, der in der Definition von My_Cart in local.inc eingefügt werden muß.\ncart My_Cart extends Cart { // Gesamtwert des Warenkorbes var $summe = 0.0; // Paare Artikelnummer =\u0026gt; Preis var $preis = array( \u0026#34;0815\u0026#34; =\u0026gt; 17.85, \u0026#34;4711\u0026#34; =\u0026gt; 21.30, \u0026#34;64738\u0026#34; =\u0026gt; 9.99 ); // Paare Artikelnummer =\u0026gt; Beschreibung var $beschreibung = array( \u0026#34;0815\u0026#34; =\u0026gt; \u0026#34;Artikel 1\u0026#34;, \u0026#34;4711\u0026#34; =\u0026gt; \u0026#34;Artikel 2\u0026#34;, \u0026#34;64738\u0026#34; =\u0026gt; \u0026#34;Artikel 3\u0026#34; ); // Eine Tabelle eröffnen und eine Summe auf 0 setzen. function show_cart_open() { printf(\u0026#34;\u0026lt;table\u0026gt;\u0026#34;); $this-\u0026gt;summe = 0.0 } // Gesamtsumme drucken und Tabelle abschließen. function show_cart_close() { printf(\u0026#34; \u0026lt;tr\u0026gt;\\n\u0026#34;); printf(\u0026#34; \u0026lt;td\u0026gt;Gesamtsumme:\u0026lt;/td\u0026gt;\\n\u0026#34;); printf(\u0026#34; \u0026lt;td\u0026gt;%8.2f\u0026lt;/td\u0026gt;\\n\u0026#34;, $this-\u0026gt;summe); printf(\u0026#34; \u0026lt;/tr\u0026gt;\\n\u0026#34;); printf(\u0026#34;\u0026lt;/table\u0026gt;\\n\u0026#34;); } // Einen einzelnen Artikel drucken. // Summe mitführen. function show_cart_item($art, $anz) { $this-\u0026gt;summe += $this-\u0026gt;preis[$art] * $anz; printf(\u0026#34; \u0026lt;tr\u0026gt;\\n\u0026#34;); printf(\u0026#34; \u0026lt;td\u0026gt;%s\u0026lt;/td\u0026gt;\\n\u0026#34;, $this-\u0026gt;beschreibung[\u0026#34;art\u0026#34;]); printf(\u0026#34; \u0026lt;td\u0026gt;%8.2f DM (%d Stück zu %8.2f DM)\u0026lt;/td\u0026gt;\\n\u0026#34;, $this-\u0026gt;preis[$art] * $anz, $anz, $this-\u0026gt;preis[$art]); printf(\u0026#34; \u0026lt;/tr\u0026gt;\\n\u0026#34;); } } In einer konkreten Anwendung wird man die Beschreibungen und Preise der Artikel jedoch auch nicht hart codieren, sondern mit Hilfe der Artikelnummer aus einer Datenbank abfragen.\nSeiten mit Login Sessions geben dem Entwickler Webseiten mit \u0026ldquo;Erinnerungsvermögen\u0026rdquo;. Sobald man dieses hat, kann man auf der Grundlage dieser Eigenschaft weitere Features realisieren.\nMan kann sich zum Beispiel daran erinnern, ob ein Anwender im Rahmen dieser Session schon einmal einen Benutzernamen und ein Paßwort angegeben hat und wann das der Fall war. Dieses Feature nennt man Authentication, Authentifizierung, und PHPLIB bietet mit der Klasse Auth eine eigene Implementierung davon an.\nPHPLIB Authentifizierung leistet vergleichbares wie HTTP Authentifzierung, hat jedoch weder in der Implementierung noch in der Konfigurierung etwas damit zu tun. Warum also eine eigene Lösung?\nHTTP Authentifizierung sind die kleinen grauen Login-Fenster mit Username und Paßwort, die auf Paßwortgeschützten Webseiten aufgehen. Sie haben gegenüber der Authentifizierung von PHPLIB eine Reihe von Nachteilen. PHPLIB Auth hat im einzelnen die folgenden Vorteile:\nPHPLIB Authentifizierung hat ein kontrolliertes Logout-Verfahren. Dieses Logoutverfahren kann auch automatisch ablaufen: Wenn ein Anwender eine gewisse Zeit lang keine Seiten abgerufen hat, ist er automatisch ausgeloggt. Der Loginschirm ist kein kleiner grauer Requester, sondern eine reguläre HTML-Seite. Dem Entwickler stehen also alle Gestaltungsmöglichkeiten zur Verfügung: Ein Loginschirm kann nicht nur ein Firmenlogo oder andere Grafik enthalten, sondern auch eine Benutzerführung und Online-Hilfe. Die Authentifizierung erfolgt gegen eine beliebige Datenquelle, zum Beispiel einen SMB-Server (NT Domaincontroller), einen LDAP-Server oder, wie in der Standarddistribution von PHPLIB gezeigt, gegen eine Datenbanktabelle. Da die Authentifierung durch eine benutzerdefinierte PHP3-Funktion erfolgt, kann sie vollkommen frei den Bedürfnissen angepaßt werden. Die Authentifizierung erfolgt seitenweise, nicht für Teilbäume von Seiten. Es ist möglich, Authentisierung mit Registrierung zu erzeugen: Anwender, die noch kein Paßwort haben, können ein Formular mit Benutzerdaten ausfüllen und die Anwendung legt den Benutzer nach Bedarf und mit Standardrechten an. PHPLIB Auth funktioniert mit CGI PHP und mit mod_php, während durch PHP gesteuerte HTTP Authentifizierung nur mit mod_php korrekt funktioniert. PHPLIB Auth ist direkt mit einem Zugriffrechteschema gekoppelt, sodaß man ganze Seiten oder Teile von Seiten nur für Benutzer mit den passenden Rechten sichtbar werden lassen kann. Login konfigurieren In PHPLIB erzeugt man Seiten mit einem Login - wie könnte es anders sein - indem man eine Unterklasse der PHPLIB-Klasse Auth erzeugt. Eine Beispiel-Unterklasse ist in der Datei local.inc in der Distribution bereits enthalten. Diese Unterklasse verwendet eine Datenbanktabelle auth_user, um Loginnamen und Paßworte zu speichern.\n+------+ +--------------+ | Auth | -- abgeleitet --\u0026gt; | Example_Auth | +------+ +--------------+ | | | benutzt | benutzt v v +--------+ +------------+ | DB_Sql | -- abgeleitet --\u0026gt; | DB_Example | +--------+ +------------+ Abbildung 3: Klassenschema von Auth für den Gebrauch mit local.inc.\nEine Unterklasse von Auth muß mindestens die Funktionen auth_loginform() und auth_validatelogin() definieren. Die Funktion auth_loginform() wird aufgerufen, um den Loginbildschirm selbst zu malen. Dieser Loginbildschirm muß alle benötigten Eingabefelder enthalten, damit der Benutzer sich identifizieren und authentisieren kann.\nIn der Regel wird der Loginschirm also ein Feld für die Eingabe des Benutzernamens und ein Feld für die Eingabe eines Paßwortes enthalten. Wird dieses Formular abgeschickt, werden seine Inhalte auf dem Server der Funktion auth_validatelogin() bereitgestellt. Diese Funktion kann mit den Eingabedaten aus dem Formular beliebige Dinge anstellen, um die Identität des Benutzers zu bestätigen.\nDie Auth-Klasse erwartet, daß die Funktion den Wert \u0026ldquo;false\u0026rdquo; liefert, falls das Login nicht stimmig ist, oder eine gültige User-ID, falls das Login korrekt ist. Wie die Funktion die User-ID ermittelt und welcher anderen Hilfsmittel sie sich dazu bedient (zum Beispiel einer Datenbankverbindung durch ein Datenbankobjekt), ist der Auth-Klasse selbst vollkommen egal.\nDas Standardbeispiel einer Unterklasse von Auth geht davon aus, daß es eine Tabelle auth_users in der Datenbank gibt, die den nachstehend gezeigten Aufbau hat. Zu jedem Benutzer werden ein Benutzername username und das dazugehörige Paßwort password gespeichert. Außerdem gehören zu einem Benutzer noch die gewünschten Berechtigungen perms und die interne User-ID uid, mit der die Auth-Klasse arbeitet.\nIm stuff-Verzeichnis der PHPLIB-Distribution befinden sich create_database.*-Dateien für die unterschiedlichen vom PHPLIB unterstützten Datenbanken, mit denen man diese Tabellen leicht anlegen kann.\n+----------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +----------+--------------+------+-----+---------+-------+ | uid | varchar(32) | | PRI | | | | username | varchar(32) | | UNI | | | | password | varchar(32) | | | | | | perms | varchar(255) | YES | | NULL | | +----------+--------------+------+-----+---------+-------+ 4 rows in set (0.00 sec) Abbildung 4: Aufbau der Tabelle auth_users\nPHPLIB arbeitet intern immer mit User-IDs, weil diese ein festgelegtes Format haben (dasselbe die Session_IDs). Diese User-IDs werden ausschließlich intern verwendet und sind für den Anwender niemals sichtbar. Nach außen präsentiert die Anwendung immer die menschenlesbare Benutzeridentifikation, hier also den Benutzernamen username. Da PHPLIB jedoch mit beliebigen Loginverfahren arbeiten können soll, darf die Bibliothek keine Annahmen über die menschenlesbare Benutzeridentifikation machen - statt eines einzelnen Feldes username ist es genauso möglich, ein Tripel (vorname, nachname, telefon) zu definieren und zu verlangen, daß diese drei Werte statt eines Benutzernamens eingegeben werden. Die auth_user-Tabelle dient dann dazu, diese externe Darstellung einer Benutzeridentität in das festgelegte interne Format, die uid, zu übersetzen.\nEine eigene Auth-Klasse beginnt damit, daß sie Auth erweitert. Es können einige Variablen vorbelegt werden, die das Verhalten von Auth steuern, aber im einfachsten Fall genügt die nachstehende Definition:\nclass Example_Auth extends Auth { var $classname = \u0026#34;Example_Auth\u0026#34;; # Name der Klasse var $lifetime = 15; # Nach 15 Minuten Inaktivität wird der # User automatisch ausgeloggt. # Name der Klasse und Tabelle für den Datenbankzugriff var $database_class = \u0026#34;DB_Example\u0026#34;; var $database_table = \u0026#34;auth_user\u0026#34;; function auth_loginform() { global $sess; include(\u0026#34;loginform.ihtml\u0026#34;); } function auth_validatelogin() { # Siehe weiter unten. } } Die Funktion auth_loginform(), die der Entwickler selber schreiben muß, hat die Aufgabe, den Loginschirm zu zeichnen. Wir tun dies hier im Beispiel einfach dadurch, daß wir die Datei loginform.ihtml aus dem Includeverzeichnis einbinden. Die Datei enthält ein gewöhnliches HTML-Formular, das in einer Tabelle zwei Eingabefelder für einen Usernamen und ein Paßwort zeichnet.\nDas Formular übergibt das Ergebnis der Eingabe in den globalen Variablen $username und $password. Nach der Eingabe wird die Funktion auth_validatelogin() von der Auth-Klasse aufgerufen, um die Eingabe zu prüfen. Da es sich bei den beiden Variablen um globale Variablen handelt, muß die Funktion auth_validatelogin() diese Werte zunächst einmal importieren. Sie kann dann in der Datenbank nachschlagen, ob es einen Wert in der Datenbank gibt, bei dem sowohl der Username als auch das Paßwort zutreffend sind.\nFalls ja, wird die zugehörige User-ID an die Auth-Klasse zurückgegeben. Andernfalls wird mit einem false ein Fehlschlag signalisiert. Die Funktion auth_validatelogin() sieht entsprechend aus wie unten gezeigt.\nfunction auth_validatelogin() { global $username, $password; if (isset($username)) { # $username merken, damit er im loginform wieder zur Verfügung steht. $this-\u0026gt;auth[\u0026#34;uname\u0026#34;] = $username; } # Default-Ergebnis: kein Login möglich $uid = false; # Suche in der Datenbank nach $username/$password $query = sprintf(\u0026#34;select uid, perms from %s where username = \u0026#39;%s\u0026#39; and password = \u0026#39;%s\u0026#39;\u0026#34;, $this-\u0026gt;database_table, addslashes($username), addslashes($password)); $this-\u0026gt;db-\u0026gt;query($query); # Hat es Treffer gegeben? while ($this-\u0026gt;db-\u0026gt;next_record()) { # uid merken für die Rückgabe $uid = $this-\u0026gt;db-\u0026gt;f(\u0026#34;uid\u0026#34;); # Die Zugriffsrechte merken wir uns hier nur, um es # Perm nachher einfacher zu machen. Erklärung folgt weiter # unten. $this-\u0026gt;auth[\u0026#34;perm\u0026#34;] = $this-\u0026gt;db-\u0026gt;f(\u0026#34;perms\u0026#34;); } # An dieser Stelle hat $uid entweder einen Wert aus # der Datenbank oder ist false. return $uid; } Mit Hilfe dieser Klasse kann jetzt eine einzelne Seite geschützt werden. Dazu ist der Aufruf von page_open() im Kopf der Seite um ein weiteres Feature zu ergänzen: Neben dem Namen der Klasse für das Session-Management ist dort auch noch der Name der Klasse für die Benutzeranmeldung mit anzugeben. Die entsprechende Zeile sieht so aus:\n\u0026lt;?php page_open(array(\u0026#34;sess\u0026#34; =\u0026gt; \u0026#34;Example_Session\u0026#34;, \u0026#34;auth\u0026#34; =\u0026gt; \u0026#34;Example_Auth\u0026#34;)); ?\u0026gt; \u0026lt;html\u0026gt; \u0026lt;head\u0026gt; \u0026lt;title\u0026gt;Seite mit Zugriffschutz\u0026lt;/title\u0026gt; \u0026lt;/head\u0026gt; \u0026lt;body bgcolor=\u0026#34;#ffffff\u0026#34;\u0026gt; \u0026lt;h1\u0026gt;Seite mit Zugriffschutz\u0026lt;/h1\u0026gt; Ihr Benutzername ist \u0026lt;?php print $auth-\u0026gt;auth[\u0026#34;uname\u0026#34;] ?\u0026gt; und ihre User-ID ist \u0026lt;?php print $auth-\u0026gt;auth[\u0026#34;uid\u0026#34;] ?\u0026gt;. \u0026lt;/body\u0026gt; \u0026lt;/html\u0026gt; \u0026lt;?php page_close(); ?\u0026gt; Die Auth-Klasse bzw. ihre Unterklasse Example_Auth sorgt dafür, daß der Funktionsaufruf page_open() nur dann erfolgreich zurückkehrt, wenn der betreffende Benutzer sich erfolgreich anmelden konnte. Intern startet page_open() bei dem gezeigten Aufruf die Funktionen des Example_Auth-Objektes und dieses sorgt bei nicht angemeldeten Benutzern dafür, daß der Loginschirm gemalt wird und das Programm dann beendet wird. Das bedeutet: In so einem Fall wird der Rest der Seite, nach dem page_open()-Aufruf, gar nicht mehr angezeigt.\nWeitergehende Konfigurationsmöglichkeiten Wie die Session-Klasse verfügt auch die Auth-Klasse über einige vordefinierte Variablen, mit denen man ihr Verhalten beeinflussen kann.\nDie wichtigste ist die Variable $lifetime, mit der man die Lebensdauer einer Anmeldung in Minuten festlegen kann. Ist ein Benutzer für die angegebene Zeit oder länger inaktiv, erlischt seine Anmeldung automatisch und er muß sich beim System erneut anmelden.\nDie $lifetime einer Auth-Klasse unterscheidet sich fundamental von der $lifetime einer Session-Klasse und man muß beide genau unterscheiden: Die Lifetime einer Session bestimmt, wie lange der Cookie im Browser des Users gültig ist. Erlischt eine Session, ist nicht nur die Anmeldung eines Benutzers verloren, sondern alle seine Variablen sind unerreichbar. Sie stehen zwar noch einige Zeit in der Datenbank, aber ohne die Session-ID im Cookie des Browsers sind sie nicht mit dem Browser zu verknüpfen.\nIm Gegensatz dazu bestimmt die $lifetime einer Auth-Klasse, wie lange die Anmeldung eines Benutzers inaktiv sein kann. Erlischt die $lifetime einer Auth-Klasse, erscheint zwar beim folgenden Zugriff auf die Anwendung der Loginbildschirm, aber die Daten des Benutzers sind nicht verloren und nach einer erneuten Anmeldung kann er weiterarbeiten als sei nichts geschehen.\nDer empfohlene Wert für die $lifetime einer Session ist 0 - in diesem Fall verwendet PHPLIB Session-Cookies, die nicht in der cookies.txt des Browsers gespeichert werden und die mit dem Beenden des Browsers automatisch verloren gehen. Da Session-Cookies keine zeitlich begrenzte Laufzeit haben, brauchen sie auch nicht erneuert zu werden. Es genügt, sie einmal beim Setup der Session zu setzen.\nDer empfohlene Wert für die $lifetime einer Auth-Klasse ist irgendwo zwischen 15 und 60 Minuten anzusiedeln. Die $lifetime einer Auth-Klasse ist eine rein interne Sache der Datenbank, sie braucht nicht über Cookies erneuert zu werden.\nMit Hilfe der Variablen $mode, die die Werte \u0026ldquo;log\u0026rdquo; (default) und \u0026ldquo;reg\u0026rdquo; annehmen kann, kann man PHPLIB aus demLoginmodus in den Registrierungsmodus bringen. Im Registrierungsmodus werden statt der beiden Funktionen auth_loginform() und auth_validatelogin() die Funktionen auth_registerform() und auth_doregister() aufgerufen.\nauth_registerform() muß wieder einen Bildschirm zeichnen, in dem in diesem Fall die von dem Benutzer vorlangten Daten abgefragt werden und auth_doregister() hat dann diese Informationen in die Datenbank einzutragen und die User-ID des Benutzers zurückzuliefern.\nSchließlich gibt es noch die Variable $nobody, mit der man die sogenannte Default Authentication erzeugen kann. Mehr dazu weiter unten.\nZugriffsrechte Sobald man weiß, um wen es sich bei einem Benutzer handelt, kann man sich überlegen, welche Zugriffsrechte man diesem Benutzer gestatten möchte: Wenn man einen Benutzer authentisiert hat, kann man sich um seine Autorisierung kümmern.\nIn PHPLIB wird dies durch die Klasse Perm erledigt, in der die Zugriffsrechte, die die Anwendung kennt, definiert werden und die im Fehlerfall einen Bildschirm zeichnet, der den Benutzer draußen hält. Als Entwickler muß man dazu die Klasse Perm durch Bildung einer Unterklasse an seine Bedürfnisse anpassen. Die Abbildung zeigt das zugehörige Klassendiagramm.\n+------+ +--------------+ | Perm | -- abgeleitet --\u0026gt; | Example_Perm | +------+ +--------------+ Abbildung 5: Klassendiagramm zur Anwendung der Klasse Perm.\nIn der Unterklasse von Perm kann man mit Hilfe des Arrays $permissions definieren, welche Zugriffsrechte unsere Anwendung erkennt. Bei den Zugriffsrechten handelt es sich um Namen für Bitmuster, zum Beispiel \u0026ldquo;user\u0026rdquo;, \u0026ldquo;author\u0026rdquo;, \u0026ldquo;editor\u0026rdquo;, \u0026ldquo;supervisor\u0026rdquo; und \u0026ldquo;admin\u0026rdquo; in dem in local.inc in der Distribution mitgelieferten Beispiel. Im Beispiel wird jedes dieser Zugriffsrechte auf ein einzelnes Bit abgebildet.\nclass Example_Perm extends Perm { var $classname = \u0026#34;Example_Perm\u0026#34;; var $permissions = array( \u0026#34;user\u0026#34; =\u0026gt; 1, \u0026#34;author\u0026#34; =\u0026gt; 2, \u0026#34;editor\u0026#34; =\u0026gt; 4, \u0026#34;supervisor\u0026#34; =\u0026gt; 8, \u0026#34;admin\u0026#34; =\u0026gt; 16 ); function perm_invalid($does_have, $must_have) { global $perm, $auth, $sess; global $_PHPLIB; include($_PHPLIB[\u0026#34;libdir\u0026#34;] . \u0026#34;perminvalid.ihtml\u0026#34;); } } Ein User kann beliebig viele dieser Zugriffsrechte in dem Feld perms der Tabelle auth_user zugewiesen bekommen. Dazu sind die Zugriffsrechte dieses Users durch Komma getrennt aufzuführen - Wichtig: Keine Leerzeichen! Die Rechte müssen direkt hintereinander geschrieben werden, also z.B. \u0026ldquo;user,admin\u0026rdquo;.\nDer Benutzer hat dann die effektiven Zugriffsrechte der Ver-ODER-ung beider Bitmuster. PHPLIB nimmt die Zugriffsrechte des Benutzers und prüft diese gegen die Zugriffsrechte, die zum Betreten der Seite notwendig sind.\nDies geschieht mit der Funktion check(), etwa so:\n\u0026lt;?php page_open(array(\u0026#34;sess\u0026#34; =\u0026gt; \u0026#34;Example_Session\u0026#34;, \u0026#34;auth\u0026#34; =\u0026gt; \u0026#34;Example_Auth\u0026#34;, \u0026#34;perm\u0026#34; =\u0026gt; \u0026#34;Example_Perm\u0026#34;)); # Zum Betreten dieser Seite sind \u0026#34;user\u0026#34;-Rechte notwendig. $perm-\u0026gt;check(\u0026#34;user,admin\u0026#34;); ?\u0026gt; \u0026lt;html\u0026gt; \u0026lt;head\u0026gt; \u0026lt;title\u0026gt;Herzlichen Glückwunsch\u0026lt;/title\u0026gt; \u0026lt;/head\u0026gt; \u0026lt;body\u0026gt; \u0026lt;h1\u0026gt;Sie sind berechtigt\u0026lt;/h1\u0026gt; Wenn Sie dies lesen können, sind sie berechtigt, diese Seite zu betreten. \u0026lt;/body\u0026gt; \u0026lt;/html\u0026gt; Der Zugriff auf eine Seite ist gestattet, wenn der Benutzer alle in $perm-\u0026gt;check() verlangten Zugriffsrechte besitzt. Dazu werden die Bitmuster der im $perm-\u0026gt;check() aufgeführten Rechte miteinander ver-ODER-t und mit den effektiven Rechten des Benutzers ver-UND-et. Das Resultat muß den verlangten Rechten der Seite entsprechen.\nDie effektiven Zugriffsrechte eines Benutzers: user ergeben als Bitmuster: 16 Die verlangten Zugriffsrechte der Seite: user,admin ergeben als Bitmuster: 17 Rechteprüfung: Effektive Zugriffsrechte: 17 AND verlangte Rechte: 16 SIND 17 \u0026amp; 16 = 16 MÜSSEN SEIN verlangte Rechte 17 =\u0026gt; Zugriff verboten. Abbildung 6: Eine Beispielrechnung für Zugriffsrechte: Ein User mit dem Recht \u0026ldquo;user\u0026rdquo; versucht auf eine Seite mit den verlangten Rechten \u0026ldquo;user,admin\u0026rdquo; zuzugreifen.\nDie Zugriffsrechte in diesem Beispiel bezeichnen wir als atomare Zugriffsrechte, weil jedes Recht nur einem einzelnen gesetzten Bit entspricht. Atomare Zugriffsrechte sind die einfachsten aller Rechteschemata, weil sie sehr einfache Rechteprüfungen erlauben: Um eine Seite zu sehen, die mit den Rechten user,editor,admin geschützt ist, muß man mindestens die Rechte user,editor,admin in der auth_user-Tabelle zugewiesen bekommen haben.\nEin anderes populäres Rechteschema sind Userlevel oder inklusive Rechte. In diesem Schema ist jedes Zugriffsrecht eine Erweiterung aller vorhergehenden Rechte. Man erreicht dies zum Beispiel mit dieser Definition:\nclass Inclusive_Perm extends Perm { var $classname = \u0026#34;Inclusive_Perm\u0026#34;; var $permissions = array( \u0026#34;user\u0026#34; =\u0026gt; 1, \u0026#34;author\u0026#34; =\u0026gt; 3, \u0026#34;editor\u0026#34; =\u0026gt; 7, \u0026#34;supervisor\u0026#34; =\u0026gt; 15, \u0026#34;admin\u0026#34; =\u0026gt; 31 ); } In so einem Fall kann ein Benutzer mit dem Recht admin leicht auf eine Seite zugreifen, die das Zugriffsrecht \u0026ldquo;user\u0026rdquo; verlangt.\nAuch in diesem Fall ist die Funktionsweise leicht zu merken: Ein Benutzer mit einem höheren Userlevel kann auf alle Funktionen eines niedrigeren Zugriffslevels zugreifen. Wegen der internen Organisation von PHP können bis zu 31 verschiedene Rechtebits verwendet werden.\nDie effektiven Zugriffsrechte eines Benutzers: admin ergeben als Bitmuster: 31 Die verlangten Zugriffsrechte der Seite: user ergeben als Bitmuster: 1 Rechteprüfung: Effektive Zugriffsrechte: 31 AND verlangte Rechte: 1 SIND 31 \u0026amp; 1 = 1 MÜSSEN SEIN verlangte Rechte 1 =\u0026gt; Zugriff erlaubt. Abbildung 7: Eine Beispielrechnung für Zugriffsrechte: Ein User mit dem Recht \u0026ldquo;admin\u0026rdquo; versucht auf eine Seite mit den verlangten Rechten \u0026ldquo;user\u0026rdquo; zuzugreifen.\nSeiten mit optionalem Login In vielen Anwendungen möchte man Benutzer ohne Anmeldung nicht einfach hinauswerfen, sondern ihnen eine gewisse Grundfunktionalität bieten, die man für angemeldete Benutzer erweitert. In PHPLIB ist es nicht möglich, daß auf Seiten, die eine Anmeldung verlangen unangemeldete Benutzer operieren, aber man kann dafür sorgen, daß nicht angemeldete Benutzer auf eine spezielle Gastbenutzer-Identität, nobody, abgebildet werden.\nWenn man PHPLIB auf diese Weise verwenden möchte, definiert man sich eine Unterklasse von Auth, in der die Variable $nobody auf true gesetzt ist. Sobald man eine Seite betritt, auf der eine Anmeldung verlangt wäre, man selbst jedoch nicht angemeldet ist, setzt PHPLIB die Benutzeridentität auf den speziellen Wert \u0026ldquo;nobody\u0026rdquo;, ohne daß ein Loginschirm verlangt wird.\nclass Example_Auth extends Auth { var $classname = \u0026#34;Example_Auth\u0026#34;; # Name der Klasse var $lifetime = 15; # Nach 15 Minuten Inaktivität wird der # User automatisch ausgeloggt. # Name der Klasse und Tabelle für den Datenbankzugriff var $database_class = \u0026#34;DB_Example\u0026#34;; var $database_table = \u0026#34;auth_user\u0026#34;; # Default Authentication verwenden var $nobody = true; function auth_loginform() { global $sess; include(\u0026#34;loginform.ihtml\u0026#34;); } function auth_validatelogin() { # Code wie üblich } } Um die Anzeige des Loginschirms zu erzwingen muß man speziellen Code auf seiner Seite unterbringen: Die Funktion login_if() der Klasse Auth zeigt den Loginbildschirm an, wenn sie mit einem Argument aufgerufen wird. Man kann also einen Button oder ein Link auf seiner Seite unterbringen, das dieselbe Seite mit einem Argument aufruft und dies am Seitenanfang abfragen.\nIn Code sieht das folgendermaßen aus:\n\u0026lt;?php # using Default Authentication page_open(array(\u0026#34;sess\u0026#34; =\u0026gt; \u0026#34;Example_Session\u0026#34;, \u0026#34;auth\u0026#34; =\u0026gt; \u0026#34;Example_Auth\u0026#34;)); # Falls wir mit dem Parameter $again aufgerufen wurden, # Loginscreen anzeigen. $auth-\u0026gt;login_if($again); # Wenn wir als \u0026#34;nobody\u0026#34; angemeldet sind, # Login-Link anzeigen. if ($auth-\u0026gt;auth[\u0026#34;uid\u0026#34;] == \u0026#34;nobody\u0026#34;): ?\u0026gt; \u0026lt;A HREF=\u0026#34;\u0026lt;?php $sess-\u0026gt;purl(\u0026#34;$PHP_SELF?again=yes\u0026#34;) ?\u0026gt;\u0026#34;\u0026gt;Login\u0026lt;/A\u0026gt; aufrufen. \u0026lt;?php endif ?\u0026gt; Benutzerspezifische Variablen Dadurch, daß PHPLIB intern User-IDs statt Usernamen verwendet und daß diese User-IDs dasselbe Format wie Session-IDs haben, ist es möglich, eine Klasse User zu haben, die ebenso wie die Klasse Session funktioniert, aber mit User-IDs arbeitet.\nVariablen, die bei der Klasse User statt Session registriert werden, stehen erst nach einem Login zur Verfügung, haben dafür aber eine längere Lebensdauer. Typischerweise wird man hier benutzerbezogene Einstellungen ablegen.\n+------+ +--------------+ | User |-- abgeleitet --\u0026gt; | Example_User | +------+ +--------------+ ^ | | | benutzt | v | zu CT_Sql | +-----------------------+ | +---------+-- abgeleitet + +-----------------+ | Session |-- abgeleitet --\u0026gt; | Example_Session | +---------+ +-----------------+ | | | benutzt | benutzt v v +--------+ +----------------+ | CT_Sql | -- abgeleitet --\u0026gt; | Example_CT_Sql | +--------+ +----------------+ | | | benutzt | benutzt v v +--------+ +------------+ | DB_Sql | -- abgeleitet --\u0026gt; | DB_Example | +--------+ +------------+ Abbildung 7: Klassendiagramm für die Klasse User.\nDie Klasse User ist von der Klasse Session abgeleitet, und dann so modifiziert worden, daß sie statt Cookies und Session-IDs die UID des angemeldeten Users verwendet. Um diese Klasse verwenden zu können, muß man sich eine von User abgeleitete Klasse in local.inc definieren.\nDie Beispielklasse Example_User in der local.inc-Datei zeigt, wie dies geht - da User von Session abstammt, gilt im Prinzip alles unter Session gesagte.\nclass Example_User extends User { var $classname = \u0026#34;Example_User\u0026#34;; var $magic = \u0026#34;Abracadabra\u0026#34;; var $that_class = \u0026#34;Example_CT_Sql\u0026#34;; } Die Klasse wird genau wie die Session-Klasse verwendet. Da sie einen angemeldeten Benutzer voraussetzt, kann sie nur mit der Klasse Auth zusammen verwendet werden.\n\u0026lt;?php # Laden der Variablen aus der Datenbank. page_open(array(\u0026#34;sess\u0026#34; =\u0026gt; \u0026#34;Example_Session\u0026#34;, \u0026#34;auth\u0026#34; =\u0026gt; \u0026#34;Example_Auth\u0026#34;, \u0026#34;user\u0026#34; =\u0026gt; \u0026#34;Example_User\u0026#34;)); # Die globale Variable $s ist nun bei der Session registriert. $sess-\u0026gt;register(\u0026#34;s\u0026#34;); # Die globale Variable $u ist nun bei User registriert. $user-\u0026gt;register(\u0026#34;u\u0026#34;); # $s und $u werden auf definierte Startwerte gesetzt, wenn die # Variable noch nicht existiert. if (!isset($s)) $s = 0; if (!isset($u)) $u = 0; // $s und $uhochzählen. $s++; $u++; ?\u0026gt; \u0026lt;html\u0026gt; \u0026lt;head\u0026gt; \u0026lt;title\u0026gt;Eine Testseite\u0026lt;/title\u0026gt; \u0026lt;/head\u0026gt; \u0026lt;body\u0026gt; \u0026lt;h1\u0026gt;Eine Testseite\u0026lt;/h1\u0026gt; Die Variable $s hat den Wert \u0026lt;?php print $s ?\u0026gt;.\u0026lt;br\u0026gt; Die Variable $u hat den Wert \u0026lt;?php print $u ?\u0026gt;. \u0026lt;/body\u0026gt; \u0026lt;/html\u0026gt; \u0026lt;?php // Zurückspeichern der Variablen in die Datenbank page_close(); ?\u0026gt; PHPLIB Referenz DB_Sql Die Beschreibung bezieht sich auf die Implementierung von DB_Sql für MySQL (db_mysql.inc). Die Parameter für den Connect können sich in Abhängigkeit vom SQL-Servertyp leicht unterscheiden, je nachdem, welche Informationen der Datenbankserver für den Connect verlangt.\nVariablen: Host: Hostname, auf dem der SQL Datenbankserver läuft. Database: Name der MySQL Database, die auf dem Server verwendet werden soll. User: Benutzername, mit dem sich die Anwendung auf dem Datenbankserver anmelden soll. Password: Paßwort, mit dem die Anmeldung erfolgen soll. Row: Zeilennummer der aktuellen Zeile eines Anfrageergebnisses, beginnend bei 0. Record: Ein assoziatives Array mit der aktuellen Zeile eines Anfrageergebnisses. Die Spalten des Ergebnisses sind unter den Spaltennamen (Schreibweise beachten!) und unter numerischen Spaltenindices verfügbar. Errno: Fehlernummer der Datenbank. Error: Klartext-Fehlerbeschreibung des Datenbankfehlers. Auto_Free: Automatische Freigabe des Anfrageergebnisses, wenn das Ergebnis vollständig gelesen wurde (true, false). Debug: true: Alle Anfragen an die Datenbank werden zwecks Fehlersuche ausgegeben. Halt_On_Error: Verhalten des Programmes im Fehlerfall: \u0026ldquo;no\u0026rdquo;: Der Fehler wird ignoriert. \u0026ldquo;report\u0026rdquo;: Der Fehler wird gemeldet, aber das Programm nicht abgebrochen. \u0026ldquo;yes:\u0026rdquo; Das Programm wird mit einer Fehlermeldung angehalten. Funktionen: query($query_string): Die Funktion sendet die SQL-Anweisung in $query_string an den Datenbankserver. Nach dem Absenden werden die Variablen Error und Errno aktualisiert. Wenn die Anweisung syntaktisch fehlerhaft war, wird die Funktion halt() aufgerufen und das Programm gemäß den Einstellungen von $Halt_On_Error angehalten. Wenn noch kein Datenbank-Link existiert, wird vor dem Absenden der Query intern die Funktion connect() aufgerufen. Die Funktion gibt die interne Result-ID zurück, die entweder eine positive Zahl oder 0 (false) ist, wenn die Query zu einem Fehler führte. next_record(): Die Funktion setzt den Cursor auf das nächste Ergebnis in der Ergebnismenge und aktualisiert die Variablen Record, Row, Error und Errno. Die Funktion liefert den Wert true, wenn ein weiteres Ergebnis verfügbar ist und den Wert false, wenn die aktuelle Ergebnismenge durchlaufen wurde. Wenn die Variable $Auto_Free auf true gesetzt war, wird automatisch free_result() aufgerufen, um den Speicher freizugeben, bevor das Ergebnis false zurückgegeben wird. Eine typische Anwendung von query() und next_record() sieht so aus: $db = new DB_Example; $db-\u0026gt;query(\u0026#34;select * from table where bedingung = 1\u0026#34;); while ($db-\u0026gt;next_record()) { printf(\u0026#34;Name = %s\\n\u0026#34;, $db-\u0026gt;f(\u0026#34;name\u0026#34;)); } seek($pos): Die Funktion positioniert den aktuellen Zeilenzeiger innerhalb der Ergebnismenge an die angegebene Position. Dies ist nützlich, um innerhalb einer Ergebnismenge hin- und herzuspringen oder eine Ergebnismenge zweimal zu lesen. Die angegebene Position wird nicht auf Gültigkeit überprüft. Hinweis: Wenn $Auto_Free auf true gesetzt wird, ist die Funktion seek() unter Umständen nicht sinnvoll einsetzbar, weil die Ergebnismenge beim berühren des Endes der Ergebnismenge automatisch freigegeben wird. metadata($table, $full=false): Die Funktion gibt Informationen über den Aufbau der benannten Tabelle in Form eines zweidimensionalen Feldes zurück. Das Feld ist in der ersten Dimension numerisch indiziert (Start bei 0) und enthält einen Eintrag pro Spalte der Tabelle. Für jede Tabellenspalte enthält der Eintrag die Informationen Tabellennamen (\u0026ldquo;table\u0026rdquo;), Spaltenname (\u0026ldquo;name\u0026rdquo;), Spaltentyp (\u0026ldquo;type\u0026rdquo;), Spaltenbreite (\u0026ldquo;len\u0026rdquo;) und Spaltenflags (\u0026ldquo;flags\u0026rdquo;). Ist das optionale Flag auf true gesetzt, wird außerdem ein Eintrag num_fields mit der Anzahl der Spalten in der Tabelle und ein Eintrag meta generiert. Der Eintrag meta enhält eine Liste mit einer Übersetzungstabelle von Feldnamen nach Spaltennummern. Das Ergebnis von metadata() ist passend für die Funktion show() der Klasse Table, wenn das Flag $full auf false steht. Hinweis: Nicht alle Datenbankinterfaces unterstützen die Funktion metadata() gleich gut. table_names(): Die Funktion gibt Informationen über die vorhandenen Tabellen in Form eines zweidimensionales Feldes zurück. Das Feld ist in der ersten Dimension numerisch indiziert (Start bei 0) und enthält einen Eintrag pro Tabelle. Für jede Tabelle enthält der Eintrag die Informationen Tabellenname (\u0026ldquo;table_name\u0026rdquo;), Name des Tablespaces (\u0026ldquo;tablespace_name\u0026rdquo;) und Name der Datenbank (\u0026ldquo;database\u0026rdquo;). Hinweis: Nicht alle Datenbankinterfaces unterstützen die Funktion table_names() gleich gut. num_rows(), nf(): Gibt die Anzahl der Zeilen der Ergebnismenge zurück. Zutreffend auf die Ergebnisse von SELECT-Anweisungen. affected_rows(): Gibt die Anzahl der Zeilen zurück, die von einem INSERT, UPDATE oder DELETE-Statement betroffen waren. num_fields(): Gibt die Anzahl der Spalten einer Ergebnismenge zurück. Zutreffend auf die Ergebnisse von SELECT-Anweisungen. f($field): Identisch mit return $db-\u0026gt;Record[$field]. p($field): Identisch mit print $db-\u0026gt;Record[$field]. haltmsg($msg): Die Funktion wird intern verwendet, um die Fehlermeldung $msg auszugeben, wenn ein Datenbankfehler auftritt. Sie kann in einer Unterklasse überschrieben werden, um die Fehlermeldung zu loggen oder sonstwie zu behandeln. Die Funktion wird nur dann aufgerufen, wenn $Halt_On_Error auf \u0026ldquo;report\u0026rdquo; oder \u0026ldquo;yes\u0026rdquo; steht. halt($msg): Die Funktion wird intern verwendet, um die Variablen $Error und $Errno zu aktualisieren und $Halt_On_Error auszuwerten. Sie ruft ggf. die Funktion haltmsg() auf. Die Funktion kann in einer Unterklasse überschrieben werden, um eine andere Fehlerbehandlung zu implementieren. Seitenverwaltungsfunktionen Funktionen: page_open(array()); : Diese Funktion muß am Anfang einer Seite aufgerufen werden. Sie enthält eine Zuordnung von gewünschten Features der Seite zu Klassennamen. Derzeit existieren die folgenden Features: sess: Die Seite verwendet Session-Variablen. auth: Die Seite verwendet Authentisierung. Um das auth-Feature verwenden zu können, muß auch sess aktiviert sein. perm: Die Seite verwendet Benutzerrechteverwaltung. Um das perm-Feature verwenden zu können, müssen auch sess und auth aktiviert sein. user: Die Seite verwendet User-Variablen. Um das user-Feature verwenden zu können, müssen auch sess und auth aktiviert sein. Eine beispielhafte Anwendung sieht so aus:\npage_open(array(\u0026#34;sess\u0026#34; =\u0026gt; \u0026#34;Example_Session\u0026#34;)); Dieser Aufruf erzeugt eine Instanz der Klasse Example_Session unter dem Namen $sess. Diese Instanz kann dann in Aufrufen verwendet werden ($sess-\u0026gt;register(\u0026ldquo;s\u0026rdquo;)). Die abgeleiteten Klassen, die als Parameter zu jedem Feature angegeben werden, werden in der Regel in der Datei local.inc definiert.\npage_close(): Die Funktion muß am Ende jeder Seite aufgerufen werden (nachdem alle registrierten Variablen ausgerechnet wurden). Sie speichert diese Variablen zurück in der Datenbank. Momentan ist es harmlos, page_close() auf einer Seite mehrfach aufzurufen, aber dies kann sich in der Zukunft ändern. CT_Sql Um die Session-Klasse ihren Daten in einer SQL-Datenbank abspeichern zu lassen, wird in der Session-Klasse der Name einer Unterklasse von CT_Sql als Container $that_class eingetragen.\nVariablen: database_table: Name der Datenbanktabelle, in der die Session ihre Daten speichern soll. database_class: Name der DB_Sql Unterklasse, die zum Zugriff auf die Datenbank verwendet werden soll. Die Klasse wird von Session intern verwendet und hat keine allgemein anwendbaren Funktionen.\nCT_Split_Sql Diese Klasse ist praktisch mit der CT_Sql-Klasse identisch, mit dem Unterschied, daß sie mehrere Zeilen in der Tabelle verwenden kann, wenn die Menge der zu speichernden Daten über das hinausgeht, was die Datenbank verarbeiten kann. Dies ist vor allen Dingen interessant, wenn die Datenbank Probleme mit BLOBs hat.\nHinweis: Die Klasse ist nicht tabellenkompatibel mit CT_Sql. Es muß eine Tabelle active_sessions_split verwendet werden, deren Layout in den create_database.*-Scripten im stuff-Verzeichnis der Distribution beschrieben ist.\nVariablen: database_table: Name der Datenbanktabelle, in der die Session ihre Daten speichern soll. database_class: Name der DB_Sql Unterklasse, die zum Zugriff auf die Datenbank verwendet werden soll. split_length: Anzahl der Bytes, nach denen ein Session-Record aufgeteilt werden soll (Default: 4096). Die Klasse wird von Session intern verwendet und hat keine allgemein anwendbaren Funktionen.\nCT_Shm Um Sessions in System V Shared Memory-Segmenten zu speichern, muß der PHP-Interpreter mit shm-Support übersetzt worden sein (Die Ausgabe der phpinfo()-Funktion zeigt dies an) und es muß als Containerklasse bei Session CT_Shm oder eine Unterklasse davon angegeben werden.\nVariablen: max_sessions: Maximale Anzahl von gleichzeitig aktiven Sessions. shm_key: Der eindeutige (wichtig!) shm_key für das Shared Memory-Segment, das verwendet werden soll. shm_size: Größe des zu verwendenden Shared Memory-Segmentes in Byte. Der Speicher wird bestellt, wenn das Segment das erste Mal verwendet wird. Für durchschnittlich kleine Mengen von Session-Variablen kann man als Schätzwert shm_size = max_sessions * 600 annehmen. Die Klasse wird von Session intern verwendet und hat keine allgemein anwendbaren Funktionen.\nCT_Dbm Um Sessions in UNIX DBM-Dateien zu speichern, muß der PHP-Interpreter mit dem passenden DBM-Support übersetzt worden sein (Die Ausgabe der phpinfo()-Funktion zeigt dies an) und es muß als Containerklasse bei Session CT_Dbm bzw. eine Unterklasse davon angegeben werden.\nVariablen: dbm_file: Der Pfadname der zu verwendenden DBM-Datei. Die Datei muß bereits existieren und durch den Server beschreibbar sein. Die Klasse wird von Session intern verwendet und hat keine allgemein anwendbaren Funktionen.\nCT_Ldap Um Sessions auf einem LDAP-Server zu speichern, muß der PHP-Interpreter mit LDAP-Support übersetzt worden sein (Die Ausgabe der phpinfo()-Funktion zeigt dies an) und es muß als Containerklasse bei Session CT_Ldap bzw. muß als Containerklasse bei Session CT_Dbm bzw. eine Unterklasse davon angegeben werden.\nVariablen: ldap_host: Hostname des LDAP-Servers, der verwendet werden soll. ldap_port: Portnummer des LDAP-Servers, der verwendet werden soll (Default: 389). basedn: DN, unterhalb dessen die Daten abgelegt werden sollen. rootdn: Wurzel-DN des LDAP-Servers, wird benötigt, um sich mit dem Server verbinden zu können. rootpw: Zur rootdn passendes Paßwort. objclass: Name der objectclass, der von PHPLIB zu werden ist (siehe auch ldap.ldif im stuff-Verzeichnis der Distribution) Die Klasse wird von Session intern verwendet und hat keine allgemein anwendbaren Funktionen.\nSession Die Klasse Session verwaltet eine Liste von globalen Variablennamen, und lädt und speichert die Typen und Werte dieser Variablen in serialisierter Form am Anfang und Ende jeder Seite. Die Variablen können vom Typ Skalar (string, integer, float) oder Array sein. Objekte können ebenfalls gesichert und geladen werden, wenn sie die Instanzvariablen classname und persistent_slots haben, damit der Name ihrer Klasse und die zu sichernden Slots bestimmt werden können.\nclassname: Name der Klasse. Alle von PHPLIB zu sichernden oder zu ladenden Objekte müssen einen Slot classname haben, der den genauen Namen der Klasse enthält. magic: Ein geheimer String, der verwendet wird, um die Session-IDs schwerer ratbar zu machen. Der String kann irgendeinen Wert haben. Es ist nur wichtig, diesen Wert geheim zu halten. mode: Betriebsart. Entweder \u0026ldquo;cookie\u0026rdquo; (empfohlen) oder \u0026ldquo;get\u0026rdquo;. In cookie-Mode wird die Session-ID vom Browser per Cookie eingeliefert, in get-Mode als CGI-Parameter einer URL. fallback_mode: Wenn $mode = \u0026ldquo;cookie\u0026rdquo; ist, kann man diese Variable auf den Wert \u0026ldquo;get\u0026rdquo; setzen. PHPLIB verwendet dann automatisch get-Mode, wenn auf dem zugreifenden Browser cookies abgeschaltet sind. lifetime: Lebensdauer des Cookies, den PHPLIB verwendet, in Minuten. Wenn dieser Wert auf 0 steht (default), werden Session-Cookies verwendet. Diese Cookies haben dieselbe Lebensdauer wie der Browser des Anwenders und werden nicht in der cookies.txt-Datei gespeichert. Dies ist die empfohlene Betriebsart. gc_time: PHPLIB führt in Abständen eine garbage collection auf der Tabelle active_sessions durch. Dabei werden alle Session-Daten gelöscht, die älter als gc_time Minuten sind. Der Standardwert ist 1440 (ein Tag) und kann so beibehalten werden. gc_probability: Bei jedem Zugriff auf eine Session wird mit der Wahrscheinlichkeit gc_probability Prozent eine Garbage-Collection ausgelöst. Der Standardwert ist 5, was für Server mit niedrigem Traffic in Ordnung ist. Auf stark belasteten Servern kann der Wert auf 1 gesetzt werden. allowcache: Zugelassene Werte sind \u0026ldquo;no\u0026rdquo;, \u0026ldquo;private\u0026rdquo; (Default) und \u0026ldquo;public\u0026rdquo;. Der Wert bestimmt, welche HTTP-Header erzeugt werden, die das Caching von PHPLIB-Seiten gestatten. Mit der Einstellung \u0026ldquo;no\u0026rdquo; wird das Speichern der Seiten in Caches generell verboten, mit der Einstellung \u0026ldquo;private\u0026rdquo; wird dem Browser des Anwenders das Speichern der Seite im Cache gestattet, aber öffentlichen Caches verboten und mit der Einstellung \u0026ldquo;public\u0026rdquo; wird das Cachen der erzeugten Seiten generell erlaubt. allowcache_expires: Das Speichern der erzeugten Seiten wird den Caches für maximal die hier konfigurierte Anzahl von Minuten erlaubt (Default: 1440, ein Tag). that_class: Name der Containerklasse (eine Unterklasse von CT_Sql, CT_Split_Sql, CT_Shm, CT_Dbm, CT_Ldap), die von der Session verwendet wird, um ihre Daten zu laden und zu speichern. auto_init: Name einer Datei aus dem include-Verzeichnis, die beim Erstellen einer neuen Session geladen und ausgeführt wird. Die Ausführung der Datei erfolgt im Kontext einer Funktion, sodaß alle zu definierenden globalen Variablen mit \u0026ldquo;global\u0026rdquo; importiert werden müssen. Funktionen: register(\u0026ldquo;varname\u0026rdquo;): Die Variable mit dem angegebenen Namen wird bei der Session registriert. Der Name kann sich auf eine globale Variable vom Typ Skalar, Array oder Objekt beziehen. Wenn es sich bei der Variablen um ein Objekt handelt, muß es die folgenden beiden Slots besitzen: classname: String, Name der Klasse des Objektes.\npersistent_slots: Array von Strings, Namen der Slots des Objektes, die von der Session gesichert werden sollen.\nEs ist ohne Nachteile möglich, denselben Namen mehrmals zu registrieren.\nunregister(\u0026ldquo;varname\u0026rdquo;): Die Variable mit dem angegebenen Namen wird bei der Session wieder ent-registriert. Die Variable wird nicht gelöscht, ihr Wert ist bis zum Ende der Seite weiterhin verfügbar, aber ihr Wert ist nicht mehr persistent und wird am Ende der Seite verfallen. delete(): Die aktuelle Session wird zerstört und der Session-Cookie wird gelöscht. Der Eintrag für die Session wird aus der Datenbank entfernt. Weil der Session-Cookie gelöscht wird, muß diese Funktion sehr früh auf einer Seite aufgerufen werden (bevor irgendein HTML ausgegeben wurde). Da die Session durch die Funktion zerstört wird, darf am Ende der Seite nicht mehr page_close() aufgerufen werden. Die zur Session gehörenden Variablen sind auf der Seite selbst noch verfügbar. Sie verfallen am Ende der Seite. Im cookie-Mode ist es möglich, nach dem Aufruf von delete() eine neue Session aufzumachen, indem ein weiterer page_open()-Aufruf erzeugt wird. Das erlaubt es auch, Variablen aus der alten Session bei der neuen Session zu re-registrieren und so zu übernehmen. url($url): Der Funktion wird eine URL übergeben, so wie man sie in einem A, FRAME oder FORM-Tag verwenden würde. Im cookie-Mode wird die URL so ausgegeben, im get-Mode wird die aktuelle Session-ID in die URL mit eingebaut. Die Funktion gibt die modifizierte URL als Ergebnis zurück. purl($url): Eine Abkürzung für print $sess-\u0026gt;url($url). self_url(): Die Funktion liefert eine URL, die auf die aktuelle Seite zeigt, zurück. Im get-Mode ist die aktuelle Session-ID dabei schon enthalten. pself_url(): Eine Abkürzung für print $sess-\u0026gt;self_url(). hidden_session(): Erzeugt ein HIDDEN-Element für Formulare mit dem Session-Namen und der ID. add_query($qarray): Die Funktion erzeugt einen Query-String, der an eine aktuelle URL angehängt werden kann. Beispiel: \u0026lt;a href=\u0026#34;\u0026lt;?php $sess-\u0026gt;pself_url().$sess-\u0026gt;padd_query(array(\u0026#34;again\u0026#34;=\u0026gt;\u0026#34;yes\u0026#34;)) ?\u0026gt;\u0026#34;\u0026gt;Reload\u0026lt;/a\u0026gt; and log in? padd_query($qarray): Eine Abkürzung für print $this-\u0026gt;add_query($qarray). reimport_get_vars(): reimport_post_vars(): reimport_cookie_vars(): Wenn man eine FORM-Variable registriert, wird die Formularvariable in PHP importiert, danach page_open() aufgerufen und der alte Wert dieser Variablen aus der Datenbank überschreibt den neuen Wert aus dem Formular. In einem solchen Fall kann man mit der Funktion reimport_x_vars() die Variablenwerte reimportiert. Im allgemeinen ist dies ein Fehler, weil dadurch Werte aus dem Internet ohne Konsistenzprüfung in die Anwendung übernommen werden. Die Funktion sollte nicht verwendet werden. Auth Die Auth-Klasse im PHPLIB verwaltet alle Anmeldevorgänge und merkt sich, wann sich der Benutzer unter welchem Namen angemeldet hat. Da sich die Auth-Klasse selbst persistent macht, setzt sie voraus, daß auf allen Seiten, auf denen Auth verwendet wird, auch Session verwendet wird.\nVariablen: classname: persistent_slots: Diese Variablen sind notwendig, damit sich Auth in der Session speichern und laden kann. Normalerweise muß man classname auf den Namen seiner Unterklasse setzen und braucht persistent_slots nicht anzupassen. lifetime: Nachdem ein Benutzer $lifetime Minuten lang keine Seiten abgerufen hat, muß er sich neu am System anmelden, um weiterarbeiten zu können. mode: Entweder \u0026ldquo;log\u0026rdquo; oder \u0026ldquo;reg\u0026rdquo;. Wenn die Variable den Wert \u0026ldquo;log\u0026rdquo; hat, werden die Funktionen auth_loginform() und auth_validatelogin() aufgerufen. Im \u0026ldquo;reg\u0026rdquo;-Mode werden stattdessen auth_registerform() und auth_doregister() verwendet, mit denen sich ein Anwender beim System anmelden kann. database_class: Der Name der Datenbank-Klasse über die die Auth-Funktion in der Benutzertabelle nachschlagen soll. database_table: Der Name der Datenbank-Tabelle, in der die Benutzerinformationen gespeichert sind. magic: Ein zufälliger, geheimer String, der bei der Ermittlung neuer User-IDs verwendet wird. nobody: Schalter: Wenn er auf true gesetzt wird, wird Default Authentication verwendet, d.h. es erscheint kein Loginformular, sondern der Anwender wird als nobody eingeloggt. Funktionen: url(): Diese Funktion entspricht der Funktion url() von Session. purl(): Diese Funktion entspricht der Funktion purl() von Session. login_if($t): Diese Funktion kann verwendet werden, um die Anzeige eines Loginformulars zu erzwingen, wenn Default Authentication verwendet wird. unauth($nobody = false): Diese Funktion meldet den aktuellen Benutzer beim System ab, sodaß beim nächsten Seitenaufruf ein neuer Login notwendig wird. Der Benutzername bleibt jedoch erhalten, sodaß eine korrekt geschriebene Login-Seite diesen Namen als Vorgabe präsentieren kann. Seit PHPLIB Version 6 ist es möglich, die Funktion mit dem Parameter \u0026ldquo;true\u0026rdquo; aufzurufen, wenn man den Benutzer nicht einfach abmelden, sondern stattdessen wieder als nobody anmelden möchte. Beispielanwendung: $auth-\u0026gt;unauth($auth-\u0026gt;nobody). logout($nobody = $this-\u0026gt;nobody): Diese Funktion entspricht der Funktion unauth(), außer das alle Logininformation einschließlich des Benutzernamens beseitigt wird. Bei der Neuanmeldung muß der Benutzer das gesamte Loginformular neu ausfüllen, es existieren keine Vorgaben. is_authenticated(): Diese Funktion liefert falsch, wenn der Benutzer keine gültige Anmeldung hat oder die aktuelle uid, wenn die Anmeldung gültig ist. auth_preauth(): Diese Funktion kann durch den Entwickler überschrieben werden. Sie wird als allererste Funktion im Loginprozeß aufgerufen und kann entweder false oder eine gültige uid zurückliefern (Default: Die Funktion liefert immer false). Wenn die Funktion eine gültige User-ID zurückliefert, wird der Loginprozeß nicht durchgeführt, sondern diese User-ID verwendet. Die Funktion könnte zum Beispiel mit Hilfe von Cookies im Browser des Users ein automatisches Login durchführen, sodaß der Benutzer sich nicht mehr anzumelden braucht, wenn sein Browser diese Cookies akzeptiert. auth_loginform(): Diese Funktion muß durch den Entwickler überschrieben werden und sollte das HTML ausgeben, das das Loginformular zeichnet. auth_validatelogin(): Diese Funktion wird aufgerufen, wenn der Benutzer das durch auth_loginform() gezeichnete Loginformular absendet. Sie muß die Benutzereingaben prüfen und entweder false oder eine gültige User-ID zurückliefern. Die Funktion sollte außerdem $this-\u0026gt;auth[\u0026ldquo;uname\u0026rdquo;] mit dem Benutzernamen des Users belegen und kann optional $this-\u0026gt;auth[\u0026ldquo;perm\u0026rdquo;] für die Verwendung durch die Perm-Klasse mit den Zugriffsrechten des Users vorbelegen. auth_registerform(): auth_doregister(): Im reg-Mode werden diese beiden Funktionen statt auth_loginform() und auth_validatelogin() aufgerufen. Sie sollen ein Anmeldeformular für neue User zeichnen bzw. die Anmeldung des Benutzers in die Datenbank eintragen. Perm Die Perm-Klasse im PHPLIB verwaltet Benutzerrechte und kann prüfen, ob ein angemeldeter Benutzer Zugang zu einer Seite oder einer Funktion hat. Benutzerrechte setzen einen angemeldeten Benutzer voraus, daher setzt Perm voraus, daß auf allen Seiten, auf denen Perm verwendet wird, auch Auth und Session verwendet werden.\nVariablen: permissions: Ein Array, das Namen von Zugriffsrechten mit den zugehörigen Bitmustern verbindet. Funktionen: check($required): Die Funktion wird mit einer Liste von Zugriffsrechten aufgerufen, die für das Ansehen der betreffenden Seite notwendig sind. Wenn der aktuelle User dieser Rechte nicht hat, wird ihm das Ansehen der Seite verweigert, d.h. die Funktion perm_invalid() wird aufgerufen. Die Funktion perm_invalid() wird ebenfalls aufgerufen, wenn in den Rechten des Benutzers oder den von der Seite verlangten Rechten illegale Rechtenamen verwendet werden. have_perm($required): Die Funktion arbeitet ähnlich wie check(), ruft aber keine Fehlerseite auf, sondern liefert entweder true (der Benutzer hat die verlangten Rechte) oder false (der Benutzer hat die verlangten Rechte nicht). perm_sel($name, $current = \u0026ldquo;\u0026rdquo;, $class = \u0026ldquo;\u0026rdquo;): Die Funktion liefert als Ergebnis einen String, der einen HTML SELECT-Tag mit allen möglichen Zugriffsrechten als OPTION-Tags enthält. Wenn ein Wert für $current angegeben wird, ist dieses Zugriffsrecht im Option-Tag als SELECTED markiert. Wenn ein Wert für $class angegeben wird, haben alle erzeugten HTML-Elemente die angegebene Klasse als CSS stylesheet-Klasse. User Die Klasse User ist eine Unterklasse von Session. Sie funktioniert im wesentlichen genauso wie Session, nur daß sie Werte benutzerbezogen speichert. Das bedeutet, daß bei der Klasse User registrierte Variablen nur auf Seiten zur Verfügung stehen, die authentisiert sind. Das user-Features kann also nur zusammen mit auth und sess verwendet werden.\nVariablen: classname: Name der Klasse. magic: mode: fallback_mode: In dieser Klasse ohne Bedeutung. lifetime: In dieser Klasse ohne Bedeutung. Stattdessen sollte $auth-\u0026gt;lifetime verwendet werden. gc_time: Funktionsfähig, aber wahrscheinlich nicht sinnvoll. gc_probability: Funktionsfähig, aber wahrscheinlich nicht sinnvoll. Sollte auf 0 gesetzt werden. that_class: Name der Containerklasse, die zur Verwaltung der Variablen verwendet wird. auto_init: In dieser Klasse ohne Bedeutung. Funktionen: register($varname): unregister($varname): delete(): reimport_get_vars(): reimport_post_vars(): reimport_cookie_vars(): Funktioniert erwartungsgemäß. url($url): purl($url): self_url(): pself_url(): In dieser Klasse ohne Bedeutung. ","date":"1999-04-01T00:00:00Z","href":"https://blog.koehntopp.info/1999/04/01/phplib-deutsch.html","tags":["lang_de","publication","php"],"title":"PHPLIB"},{"categories":null,"content":"\u0026#39;tis night while I am with the green glow and the white screens and my mind confined in 80 columns and my body confined in a dark room. then I listen to the song of the wire and while I am still within the room my mind breaks free and travels in 80 seconds into the world. to meet other minds, other people, other worlds, to talk, to fight, to understand and to love whoever is out there, listening and answering my call: the song of the wire is the song of the world. the frame of my mind in a frame on the wire, it is still singing but the song is now mine. so many songs, each telling the same story in a different way. the song of the world is nothing but noise, too many voices at the same time. I am learning to listen, to find the voices of those who are singing my song to a different tune. and so it is still the same: everything has changed. ","date":"1998-03-01T00:00:00Z","href":"https://blog.koehntopp.info/1998/03/01/sing-my-song.html","tags":["lang_en","publication","internet"],"title":"Sing my song"},{"categories":null,"content":" Zusammenfassung Wie alle anderen Medien wird auch das Internet zur Verbreitung von beispielsweise rechtsradikalen oder kinderpornographischen Informationen mißbraucht. Dies hat in letzter Zeit den Ruf nach einem staatlichen Eingriff laut werden lassen, um zentrale Sperrungen bestimmter Inhalte zu erreichen.\nDie Autoren halten einen solchen Schritt fuer nicht angemessen. Zum einen haben bisher alle technischen Ansätze zur Realisierung versagt. Strukturelle überlegungen lassen vermuten, daß dies auch in Zukunft der Fall sein wird. Auf der anderen Seite haben Sperren stets Auswirkungen auch auf Bereiche, deren Sperrung nicht beabsichtigt ist. Diese Nebenwirkungen sind um so schwerwiegender, je wirksamer die Sperren sein sollen.\nDezentrale Lösungsansaetze können dem Nutzer die Möglichkeit geben, im eigenen Bereich selbstverantwortlich Inhalte zu filtern. Bewertungen von Inhalten durch nichtstaatliche Organisationen können dazu führen, daß der Bewertungsmechanismus zur Durchsetzung fragwürdiger Interessen mißbraucht wird. Um diesem Risiko entgegenzuwirken, ist es unverzichtbar, daß nicht nur die Bewertungsmaßstäbe, sondern auch die Bewertungen selbst vollständig offengelegt werden.\nJede Art von staatlicher Regulierung treibt die Kosten in die Höhe. Es ist abzusehen, daß der Versuch, Inhalte im Internet zu bewerten, sehr personalintensiv sein wird. Bereits heute sind die Kommunikationskosten am Standort Deutschland wesentlich höher als bei konkurrierenden Nationen wie den USA. Regulierungen können daher zu einem Standortnachteil führen.\nWas soll mit einer Sperrung erreicht werden? Bevor man über technische Maßnahmen zur Sperrung von Inhalten im Internet und die Chancen ihrer Realisierung reden kann, muß man sich darüber klar werden, welche Ziele man mit einer solchen Sperrung erreichen möchte.\nMögliche Ziele sind:\nLaw Enforcement: Man möchte verhindern, daß nach den Kriterien einer nationalen oder regionalen Rechtsordnung strafrechtlich relevantes Material für die Subjekte dieser Rechtsordnung erreichbar ist bzw. von ihnen veröffentlicht werden kann, und zwar auch dann, wenn der Ort der Veröffentlichung außerhalb des Durchsetzungsbereiches dieser Rechtsordnung liegt. Traumziel wäre es, das Begehen solcher Straftaten technisch unmöglich zu machen. Indecency: In den USA wurde mit dem communication decency act (CDA) in seinen verschiedenen Formulierungen und Gesetzesvorlagen versucht, eine noch weitergehende Regelung zu etablieren: Es sollte verboten werden, Material über Datennetze zugänglich zu machen, das indecent ist, d.h. nach den Grundsätzen der jeweils herrschenden Moraldefinition ungehörig, obszön oder in anderer Weise störend (zu Free Speech siehe z.B. The Electronic Frontier Foundation EFF). Jugendschutz: Nur Minderjährigen (Kindern und Jugendlichen) soll der Zugang zu bestimmten Materialien verwehrt werden, während Volljährigen weiterhin die gesamten Inhalte des Internet zugänglich bleiben sollen. Rating: Für jeden Teilnehmer im Netz soll weiterhin frei definierbar sein, welches Material empfangen/nicht empfangen werden soll, aber es soll eine Bewertungsstruktur geschaffen werden, die es jedem Konsumenten in eigener Verantwortung ermöglicht, seine Präferenzen anzugeben (kein Sex/viel Sex, keine Gewalt/Blood and Splatter, politisch links/politisch rechts, konform mit den Vorstellungen der katholischen Kirche/islamisch korrekt) und nur noch den Ausschnitt aus dem Internet wahrzunehmen, der diesen selbstgewählten Filter passieren kann. Nichtregulation: Jeder Netzteilnehmer soll freien Zugriff auf alle angebotene Information haben. Sogar die Existenz von Bewertungskriterien Dritter wird als schädlich angesehen und die Bildung einer Bewertungsinfrastruktur nicht gefördert bzw. sogar behindert. Welche Dienste werden betrachtet? Unter der Bezeichnung Inhalte im Internet wird in der Regel eine ganze Reihe von Diensten subsumiert, die technisch vollkommen unterschiedlich realisiert werden und administrativ zu großen Teilen disjunkte Strukturen aufweisen. Allen Diensten ist lediglich gemeinsam, dass ihnen das Datenübertragungsprotokoll TCP/IP zugrunde liegt.\nMan muß mindestens die beiden folgenden Dienste unterscheiden:\nWWW, World Wide Web: Das World Wide Web ist der graphisch ansprechendste Dienst des Internet. Es handelt sich um Server, die auf die Anfrage eines Benutzers Seiten beliebigen Inhaltes an das Darstellungsprogramm (Browser) auf seinem Rechner ausliefern. Der Zugriff auf diese Seiten erfolgt in der Regel mit Hilfe des HyperText Transport Protocol (HTTP). Dieses Protokoll erfordert keine Identifizierung oder Authentisierung des Abrufers und des Anbieters; die Daten werden im Klartext und nicht fälschungssicher übermittelt.\nEine optional einsetzbare Modifikation von HTTP übermittelt Anfragen und Antworten mit Hilfe des Verschlüsselungsverfahrens Secure Socket Layer (SSL). Bei diesem Verfahren muß sich mindestens der Anbieter gegenüber dem Abrufer identifizieren. Weiterhin ist sichergestellt, daß die Verbindung nicht im Klartext abhörbar ist (Dritten wird nicht bekannt, welche Anfragen gestellt wurden oder welche Inhalte die ausgelieferten Seiten haben) und daß Inhalte nicht durch Dritte während der übertragung unerkannt verfälscht werden können.\nDie abgerufenen Seiten bestehen aus Formatierungsanweisungen der HyperText Markup Language (HTML) und optional weiteren Bild-, Ton- oder Videodaten. Bei kleineren Servern liegen die abrufbaren Seiten häufig statisch als vorgefertigte und unverändert ausgelieferte Dateien auf der Festplatte vor.\nGrößere Server erzeugen die Seiten jedoch oftmals dynamisch in Abhängigkeit von der Identität des Abrufers, seiner Netzadresse, seiner bevorzugten Landessprache (im Browser konfigurierbar), dem vom Abrufer verwendeten Browsertyp, der Uhrzeit des Abrufs oder anderen Kriterien, die frei progammierbar sind. Es ist also nicht sichergestellt, daß zwei aufeinanderfolgende Abfragen derselben Seite identische Antworten ergeben.\nFalls die Seiten aus einer Datenbank dynamisch erzeugt werden, kann sich der Datenbestand des Webservers durch die Updates der Datenbank ständig aendern. Dies ist zum Beispiel der Fall bei Katalogsystemen fuer Onlinehandel (Preis- und Produktupdates, Änderungen im Lagerbestand mit Auswirkungen auf die Lieferbarkeit usw.), bei Nachrichtenagenturen mit Anschluß an Presse- und Tickerdienste und bei Webverzeichnissen und Suchmaschinen, die einen Volltextindex für Seiten generieren und eine Recherche nach Inhalten erlauben.\nGrundsätzlich ist der Datenbestand im Web als höchst dynamisch anzusehen: Neue Versionen von Seiten lassen sich zu sehr geringen Kosten erzeugen und in Verkehr bringen. Der elektronische Charakter des Mediums im Zusammenhang mit der zentralen Datenhaltung (es sind keine verteilten Kopien einer Seite auf Stand zu bringen) begünstigen weiterhin eine sehr hohe Auflagenfrequenz.\nUSENET News: Das USENET ist ein verteiltes System vom Diskussionsforen (Newsgroups). Es handelt sich um ein teilweise zusammenhängendes Netz von Servern, von denen jeder eine Auswahl von Artikeln zum Abruf bereithält. Die Artikel sind in der Regel in thematisch gegliederten Diskussionsforen in der Reihenfolge des Eingangs abgelegt. Leser können eine Verbindung zum netztopologisch am günstigsten gelegenen Server aufbauen und Artikel nach Diskussionsforen und Eingangsdatum selektiert abrufen.\nLeser können grundsätzlich auf jeden gelesenen Artikel antworten (to follow up on an article) oder unabhängig eigene Artikel auf dem Server ablegen (posten, von engl. to post a notice). Der Server wird dann seine Nachbarserver darüber informieren, daß er einen neuen Artikel vorrätig hat, und den Artikel ggf. an seine Nachbarserver replizieren (to feed an article to a neighboring system).\nDiese verbreiten den Artikel dann wieder an ihre Nachbarn usw. (flood fill algorithm of USENET). Nach einigen Stunden existieren Hunderttausende von Kopien dieses Artikels auf der gesamten Welt. Die Vernetzung der Server ist hochredundant; Unterbrechungen in Serverstrecken haben in der Regel keine oder nur lokal meßbare Auswirkungen auf Verfügbarkeit oder Transportgeschwindigkeit der Artikel.\nUm Platz zu gewinnen, werden die jeweils ältesten Artikel nach einiger Zeit gelöscht. Die genaue Zeitspanne bis zur Löschung hängt von der individuellen Konfiguration des Servers und seiner Platzsituation ab, liegt aber in der Regel nicht über 14 Tagen. Es existieren jedoch auch einige Newsarchive, die Diskussionen über mehrere Jahre hinweg abspeichern und diesen Datenbestand durch weitgehende Recherchemöglichkeiten erschliessen (z.B. DejaNews , AltaVista im Newsmodus).\nDadurch, daß jeder Leser auf beliebige Artikel direkt und ohne redaktionelle Bearbeitung antworten kann, entspinnen sich in der Regel unmoderierte, öffentliche Diskussionen zu allen möglichen Themen. Ein Großteil der Diskussionsforen wird global ausgetauscht. Daher ist die Zusammensetzung der Diskussionsrunden zufällig und international.\nDie Kommunikation zwischen Leser und Server sowie die Kommunikation zwischen den Servern erfolgt in der Regel unverschlüsselt und ohne Identifizierung und Authentisierung der Leser oder der Autoren von Artikeln. Die Fälschung von Absenderadresse oder Herkunftspfad eines Artikels ist trivial und in einigen Diskussionsforen sogar üblich. Es existieren Konverter von E-Mail nach USENET News und Anonymous- sowie Pseudonymous-Server, die zum Teil mit kryptographisch starken Methoden die Identität des Absenders sowie seinen Aufenthaltsort im Netz zu verschleiern suchen. Einige Newsserver lassen Lese- und Schreibzugriff von jedermann und ohne Authentisierung zu (open servers); es ist Sache des Veröffentlichenden, seine Identität in einem Artikel offenzulegen oder nicht.\nDie Entscheidung über die von einem Server angebotenen Diskussionsforen obliegt in der Regel jedem einzelnen Serverbetreiber. Teilweise existieren Kataloge von offiziellen Newsgroups, diese sind jedoch in der Regel weder vollständig noch für irgendwen verbindlich. Name oder überschrift einer Newsgroup haben nur den Charakter von Empfehlungen. Thematisch falsch eingeordnete Artikel (off topic postings) oder bewußt massenhaft in alle Newsgroups verbreitete Artikel (spam) machen einen festen Anteil aller Artikel aus.\nDie Dienste IRC (Internet Relay Chat) und E-Mail (Private elektronische Post sowie halböffentliche Mailinglists als Diskussionsforen) wären ebenfalls zu betrachten, sollen hier aber im Interesse einer kompakten Darstellung nicht diskutiert werden, da sie weniger im Rampenlicht der öffentlichen Diskussion stehen. Die genannten Argumente gelten aber in ähnlicher Form auch dort. Es existieren weitere Dienste, die fuer die öffentliche Kommunikation in der Regel von geringerer Bedeutung sind (telnet) oder deren Diskussion keine neuen Aspekte zu Tage foerdern wuerde (ftp, siehe http).\nWie koennen zu sperrende Inhalte identifiziert werden? Um Inhalte zuverlässig sperren zu können, ist es notwendig, diese Inhalte in irgendeiner Form zu identifizieren. Diese Identifizierung kann von unterschiedlicher Auflösung sein.\nAuf der Basis von IP-Adressen kann ein einzelner Rechner identifiziert werden. Ein solcher Rechner erbringt jedoch in der Regel eine Vielzahl von Diensten für mehrere unterschiedliche Anbieter. Webserver von IP-Providern bringen unter einer IP-Adresse teilweise die Angebote von Tausenden Inhaltsanbietern ins Netz, Rechner von Kleinprovidern bieten teilweise alle Dienste des Providers unter einer IP-Nummer an. Eine Sperrung von IP-Nummern trifft also außer den zu sperrenden Inhalten meist auch eine große Menge von Inhalten und Diensten, deren Sperrung nicht beabsichtigt ist.\nMit entsprechendem Mehraufwand können dienstspezifische Kennzeichen von einzelnen Einheiten des Angebotes identifiziert werden. Im World Wide Web ist dies der Name einer Seite (ihr Universal Resource Locator, URL), in den USENET News erfolgt die Identifizierung über die Message-ID einer einzelnen Nachricht oder den Namen einer Newsgroup. Für neu entstehende Dienste müssen dienstspezifische Methoden zur Identifikation einzelner Einheiten neu gefunden werden.\nDie zu bewertenden Datenmengen sind riesig: Die Suchmaschine Altavista hatte im Mai 1996 schon 30 Millionen Webseiten in ihrer Volltextdatenbank gespeichert; im April 1997 betrug das Newsaufkommen mehr als 72 Gigabyte für etwa 5,4 Millionen Artikel (Statistik von Eunet Deutschland GmbH aus de.admin.lists vom 01.05.97).\nEs bleibt das Problem, zu sperrende Inhalte aus der Menge aller Inhalte zu isolieren. Hier gibt es nur zwei grundsätzlich verschiedene Systeme:\nDie automatische Bewertung von Inhalten auf der Basis formaler Merkmale wie etwa dem Vorhandensein bestimmter Schlüsselworte. Die manuelle Bewertung von Inhalten durch den Anbieter oder Dritte nach bestimmten Kriterienkatalogen (rating). Verfahren zur automatischen Bewertung von Inhalten aufgrund von Schlüsselworten scheitern bei Komponenten, die keinen Text enthalten (Audiodateien, Bilder oder Animationen) schon im Ansatz.\nEinige Online-Dienste (Prodigy, AOL) haben versucht, Diskussionen in dem IRC-Dienst ähnlichen Chaträumen aufgrund des Gebrauchs bestimmter Schlüsselworte bewerten zu lassen; die Ergebnisse waren wenig befriedigend. Einerseits waren normale Diskussionen über bestimmte Themen nicht mehr möglich:\nEine Sperrung des Wortes suck erschwerte den Meinungsaustausch zu Staubsaugern in einem Haushaltsforum, eine Sperrung des Wortes breast behinderte Diskussionen über Brustkrebs oder Kochrezepte (Hühnerbrust), und die Webseiten von Frau Cindy Tittle Moore (tittle@netcom.com ) wurden durch das Programm Cybersitter wegen ihres Namens gesperrt.\nAndererseits veränderte die eigentliche Zielgruppe einfach ihr Vokabular, so daß die Sperrung auf diese Zielgruppe keine nennenswerte Auswirkung hatte. Auch andere automatisierbare Bewertungsmethoden vermögen nicht die Semantik der Inhalte zu erkennen. Wer solche formalen Sperrkriterien kennt, kann leicht die Darstellung seiner Informationen je nach Bedarf an diese Kriterien anpassen, ohne die inhaltliche Aussage zu verändern.\nDas Kindersicherungsprogramm Cybersitter ist beispielsweise in der Lage, als offensive eingestufte Worte aus Webseiten herauszuschneiden. Durch geschickte Formulierung sind so Aussagen in ihr Gegenteil verkehrbar, wenn sie unter Cybersitter betrachtet werden (Nachricht von Bennett Haselton auf der Mailingliste fight-censorship@vorlon.mit.edu , Message-ID: 01IAZF6R8I0I8XKGCV@ctrvax.Vanderbilt.Edu ).\nVerfahren und Standards zur Bewertung von Inhalten durch den Anbieter oder Dritte liegen für den Bereich des World Wide Web bereits vor, das System PICS (Platform for Internet Content Selection) ist dabei zur Zeit führend. PICS erlaubt die Installation frei definierbarer Bewertungsmaßstäbe mit einer beliebig feinen Auflösung.\nBewertungen von URLs koennen von den Anbietern selbst oder durch Dritte erfolgen. Gängige Bewertungsmaßstäbe sind dabei etwa Gewalt, Sex oder unanständige Sprache, die Abstufungen reichen von digitalen 0-1-Skalen bis zu sehr fein abgestuften Systemen. Die Auswertung von PICS-Einstufungen kann entweder im Clientprogramm des Anwenders erfolgen (dies wird zur Zeit vom Microsoft Internet Explorer unterstützt) oder auf Routern auf dem Weg zum Empfänger (dies geschieht zur Zeit nicht).\nDas Hauptproblem bei der manuellen Bewertung von Inhalten ist die große Menge der anfallenden neuen oder veränderten Seiten. Der Betreiber des Nachrichtenservers www.msnbc.com (Joint-Venture von NBC und Microsoft) hat die Bewertung seiner Beiträge auf der Basis des von Microsoft geförderten Bewertungsschemas RSACi für PICS eingestellt, da die Bewertung einzelner Beiträge zu aufwendig war und eine Pauschalbewertung des Servers nach den Regeln von PICS den Server fuer Minderjährige unzugänglich gemacht haette (Briefwechsel zwischen Irene Graham, Michael Sims, Stephen Balkam (RSAC Ratingaufsicht) und Danielle Bachelder (MSNBC Systembetrieb), zitiert in 3339dd1a.500215@mail.thehub.com.au und 199703191314.IAA03203@arutam.inch.com auf derselben Mailingliste).\nHinzu kommt, dass die Webseite abhängig vom Kontext des Abrufes unterschiedlich aussehen kann, so daß eine Bewertung nach dem PICS-System problematisch wäre. Gerade diejenigen Seiten, die die interaktive Komponente des Internet ausnutzen, könnten so wegen ihrer dynamischen Generierung aus der Bewertung herausfallen und würden damit in entsprechend konfigurierten Browsern und Suchmaschinen nicht mehr dargestellt.\nDie Bewertung von Angeboten erfolgt im Rahmen von PICS derzeit durch private Organisationen. Die Möglichkeiten des Widerspruchs gegen eine bestimmte Einstufung sind dabei begrenzt. Insbesondere ist es für einen Bürger schwierig, ein korrektes Rating einzufordern, wenn die Ratingorganisation in einem fremden Land sitzt. Im Prinzip liegt hier dasselbe Problem vor, das sich zur Zeit bei der Strafverfolgung ausländischer illegaler Angebote stellt, nur daß die Ressourcen und Beweislasten nun andersherum verteilt sind:\nEin Anbieter muß nun bei falscher Einstufung beweisen, dass sein Angebot legal ist, und er muß dazu den schwierigen Weg der Durchsetzung von Ansprüchen im Ausland gehen. Im Vergleich zu einer Staatsanwaltschaft ist ein Anbieter von Webseiten dafür im Durchschnitt schlechter ausgebildet, und ihm stehen weniger Ressourcen zur Verfügung.\nWeiterhin orientieren sich die Ratingorganisationen an Werten und kulturellen Maßstäben ihrer Nation. Die übernahme ausländischer Bewertungen für deutsche Benutzer ist daher problematisch. Da jedoch keine deutsche Zugriffssoftware existiert, werden meist nur ausländische (speziell US-amerikanische) Ratingsysteme unterstützt.\nDie meisten Ratingorganisationen dokumentieren ihre Ratings nicht oder nur sehr ungern. Zum Teil erfolgt noch nicht einmal eine Benachrichtigung des Bewerteten über die Bewertung seines Angebotes. Vollständige Verzeichnisse aller vergebenen Ratings werden meist mit der Begründung unter Verschluss gehalten, daß diese Verzeichnisse als Kataloge fuer Schmutz und Schund mißbraucht werden könnten. Bei den Programmen, die die Bewertungen von Webseiten Dritter nicht online beziehen, sondern als Datei auf der lokalen Festplatte installiert haben, ist diese Liste grundsätzlich verschlüsselt - und meistens auch veraltet. Auch gegenüber dem Benutzer solcher Software ist damit nicht offengelegt, welche Angebote ihm nicht mehr zugänglich sind.\nInzwischen existieren (illegal) entschlüsselte Versionen der Sperrlisten aller Hersteller von Programmen mit statischer, in Dateien gelieferter Sperrliste. Die Auswertung der Sperrungen hat bei allen Herstellern eine klare politische Agenda und persönliche Feindschaften dokumentiert.\nBeispielsweise wurden vielfach Angebote von womens organizations, Informationsangebote über Abtreibung und Angebote schwuler und lesbischer Gruppen zensiert. Es ist weiterhin üblich, Webseiten in die Sperrlisten aufzunehmen, die den Hersteller des Sperrprogramms kritisieren, die Sperrliste offenlegen oder allgemein gegen Rating argumentieren. Beim Hersteller des Programms Cybersitter geht dies so weit, daß bei installiertem Cybersitter alle Seiten nicht mehr abrufbar sind, in denen die Namen von Kritikern seines Programms erwähnt werden.\nMit welchen Mitteln kann eine Sperrung erreicht werden? Sperrungen können auf unterschiedlichen Ebenen der Kommunikation ansetzen:\nUm erfolgreich zu kommunizieren, müssen beide Kommunikationspartner eine physikalische Verbindung zueinander aufbauen. Dies kann eine Standleitung, eine Telefonleitung, eine Richtfunkstrecke oder eine andere Kommunikationsform sein. Eine normalerweise nicht praktikable Möglichkeit der Sperrung besteht darin, diese physikalische Kommunikation zu verhindern, indem man etwa einen Telefonanschluss sperrt oder bestimmte Telefonnummern nicht erreichbar schaltet, Standleitungen unterbricht oder Störsender in Richtfunkstrecken einbringt. Das Opfer der Sperrung verliert damit in der Regel alle seine Kommunikationsmöglichkeiten.\nIm Internet wird meist keine homogene physikalische Verbindung verwendet, sondern diese Verbindung wird aus Teilstücken unterschiedlicher Technologie zusammengestückelt. An den übergangspunkten zwischen den Teilstücken befindet sich ein Router, der IP-Pakete von einem Teilstück zum nächsten hinueberhievt.\nDie Funktionalität des Routers wird dabei von den Adressen in den einzelnen IP-Paketen und seinen Routingtabellen gesteuert. In den Routingtabellen ist eingetragen, in welche Richtung der Router Pakete mit einer gegebenen Zieladresse weiterzuleiten hat. Die klassische Dienstleistung eines Providers besteht darin, einen übergang zwischen einer Wählverbindung (Privatkunden) oder einer regionalen Standleitung (Firmenkunden) und einer oder mehreren Standleitungen in das Ausland zu bieten. Dem Provider ist dabei nicht bekannt, welche Dienste der Kunde in Anspruch nimmt oder welche Daten abgerufen werden.\nSperrungen können hier über Eingriffe in die Routingtabellen von Routern vorgenommen werden. Es ist beispielsweise leicht möglich, alle Pakete an bestimmte Zieladressen am Router verwerfen zu lassen (eine Route zu erden). Mit diesem Verfahren werden ganze Rechner unerreichbar: Bei der durch den DFN-Verein praktizierten Sperrung des Rechners mit dem Namen www.xs4all.com waren auf diese Weise die Webseiten von mehr als 6000 Anbietern nicht mehr abrufbar, es konnte keine Mail auf der Maschine www.xs4all.com eingeliefert werden, und auch alle andere Kommunikation des DFN-Vereins mit dieser Maschine wurde unterbunden.\nDie Auswahl eines Dienstes erfolgt im TCP/IP-Protokoll in der Regel durch die Angabe einer TCP-Portnummer. Mit Hilfe dieser Portnummer könnte eine selektivere Sperrung eines Dienstes erfolgen. Beispielsweise sind einige Router in der Lage, nach entsprechender Konfiguration TCP-Verkehr fuer den Port 80 (HTTP) zu einer Zieladresse zu sperren, Verkehr auf Port 25 (Mail) zu derselben Adresse aber zu gestatten.\nMit Hilfe eines Vermittlungsrechners (proxy) oder anderer Firewallsoftware, denen die im Netzmodell höher liegenden Ebenen zugänglich sind, kann eine selektive Sperrung auf der Ebene von Dienstelementen (einzelnen Seiten, einzelnen Nachrichten) erreicht werden. Die Firewallsoftware muß herbei jedoch fuer jeden Dienst (WWW, News, Mail, IRC etc.) angepaßt werden.\nSolche Systeme sind in der Regel sehr aufwendig im Betrieb, da sie für die nutzenden Clients die volle Leistung aller durch den Client in Anspruch genommenen Dienste simulieren müssen. Mit steigender Zahl von Clients skalieren sich diese Systeme ausgesprochen schlecht. Trotzdem setzen einige totalitäre Staaten auf dieses System, um das Eindringen mißliebiger Inhalte in das Land zu erschweren: In China, Singapur und in den Golfstaaten läuft sämtliche Kommunikation mit dem Ausland durch staatlich betriebene Firewalls.\nSperrung von IP-Adressen und der Einsatz von Firewalls ist unter bestimmten Voraussetzungen kombinierbar, dadurch ist eine Entlastung der Firewallmaschine möglich: Anstatt die Route zu einer zu sperrenden Maschine zu erden, läßt man alle Routen zur zu sperrenden Maschine auf einen Firewall zeigen, der dann die Dienste der zu sperrenden Maschine überwacht.\nDiese Lösung ist je nach Art der zu sperrenden und zu simulierenden Dienste sehr aufwendig zu konfigurieren und zu warten. Zum einen setzt sie einen zentralen übergangspunkt zwischen dem zu kontrollierenden deutschen Netz und dem Rest der Welt voraus. Zum anderen handelt es sich bei diesem Verfahren um einen klassischen Man in the middle Angriff. Dadurch versagt das Verfahren bei aller stark verschlüsselten Kommunikation, die unempfindlich gegen solche Angriffe ist.\nGrundsätzlich sind die Auswirkungen von Filtermechanismen auf die Systemleistung um so höher, je feiner die Granularität der Sperrungen ist und je größer die Liste der zu sperrenden Informationsquellen ist. Systeme wie PICS lassen sich nicht effizient an zentralen Stellen im Netz etablieren, sondern können nur dezentral funktionieren. Alle bisher diskutierten Verfahren der Sperrung setzen auf dritten Maschinen zwischen dem Anbieter der zu sperrenden Information und dem Abrufer an. Denkbar wäre auch eine Sperrung beim Anbieter der Information sowie eine Sperrung beim Abrufer. Dies setzt jedoch eine Kooperation des Anbieters bzw. Abrufers voraus.\nEine Sperrung beim Anbieter würde bedeuten, daß der Anbieter die zu sperrenden Inhalte entweder niemandem anbietet oder daß er sie nur bestimmten Personen nicht anbietet. Ein personenselektives Anbieten von Inhalten setzt selbst bei Kooperation des Anbieters voraus, daß der Anbieter den Abrufer einer Information zweifelsfrei identifizieren kann und daß ihm genaue und juristisch hieb- und stichfeste Entscheidungstabellen vorgelegt werden, die es ihm erlauben, automatisch zu entscheiden, wem er welche Inhalte ausliefern darf.\nEin Identifikationsmechanismus, der das Geforderte leistet, existiert derzeit nicht einmal im Ansatz und ist auch nicht in absehbarer Zeit realisierbar. Insbesondere kann nicht aus der IP-Adresse oder dem Rechnernamen eines Absenders auf seine Identität oder seinen physikalischen Aufenthalt geschlossen werden: Deutsche Kunden von amerikanischen Online-Diensten erscheinen im Netz als aus den Vereinigten Staaten kommend. Ähnliches gilt für Mitarbeiter multinationaler Konzerne.\nEine Sperrung beim Abrufer würde bedeuten, daß die angebotenen Inhalte nach bestimmten Bewertungskriterien ausgezeichnet sind (rating, z.B. nach PICS) und daß der Abrufer selbst seine Software so konfiguriert, daß Seiten mit bestimmten Ratings nicht mehr abgerufen werden können. Eine Kooperation des Anbieters wäre hier wünschenswert, ist aber nicht notwendig, da die Bewertungen auch von Servern Dritter geliefert werden können.\nAuf welche Weise koennen Sperrungen unterlaufen werden? Für den Nutzer stellt sich eine Sperrung von Inhalten als Betriebsstörung dar. Er wird nach Wegen suchen, die ordnungsgemäße Funktion des Netzes wiederherzustellen, d.h. die Sperrung zu unterlaufen. Diese Motivation ist um so größer, je stärker sich der Benutzer durch die Sperrung behindert fühlt.\nBei einer Sperrung der physikalischen Kommunikation ist dies nur durch einen Wechsel des Mediums möglich: Wenn etwa ein Störsender in Betrieb genommen wird, wird man versuchen, auf das Telefonnetz auszuweichen und umgekehrt.\nBei einer Sperrung von bestimmten IP-Adressen stehen dem Benutzer mehrere Möglichkeiten offen, die Störung zu umgehen. Alle laufen darauf hinaus, den sperrenden Router vollständig zu umgehen (siehe auch Ulf Moeller , Internet-Zensur: Routingsperren umgehen):\nDer Benutzer wechselt den Internet-Anbieter, notfalls wird er Kunde bei einem ausländischen Provider. Er baut eine Telefonverbindung oder Standleitung zu diesem Provider auf und wickelt seine Kommunikation über diesen nichtsperrenden Provider ab. Der sperrende Router des lokalen Providers wird nicht mehr verwendet, die Sperre ist wirkungslos.\nDiese Situation tritt automatisch ein, wenn der Nutzer Mitarbeiter eines (multinationalen) Konzerns mit einem eigenen Konzernverbundnetz ist, das an mehreren Stellen (im Ausland) mit dem Internet verbunden ist.\nDer Benutzer wird Kunde bei einem zweiten, nichtsperrenden Internet-Anbieter, notfalls im Ausland. Er baut eine TCP/IP-Verbindung zu diesem Provider auf und läßt seine Anwendungen auf dem entfernten Rechner, ggf. im Ausland, ablaufen.\nEs gibt inzwischen eine Reihe von Providern, die solche Angebote routinemäßig anbieten. Die Palette reicht dabei von der Bereitstellung einzelner Dienste (Postboxen fuer E-Mail (z.B. pobox.com ), Webservices (z.B. geocities.com ) usw.) bis zu kompletten Exil-Logins (z.B. c2.org , acm.org , xs4all.nl ).\nDer sperrende Router des lokalen Providers sieht keine Kommunikation mit einer gesperrten Adresse, sondern nur Kommunikation mit dem entfernten Provider. Die Zugriffe auf die gesperrten Adressen erfolgen von dort, also erst hinter dem sperrenden Router. Die Sperre durch den Router wird wirkungslos.\nDer Benutzer wird Kunde bei einem zweiten, nichtsperrenden Internet-Anbieter, notfalls im Ausland. Er baut eine Mobile-IP-Verbindung zu diesem Provider auf, d.h. seine IP-Pakete werden in anderen IP-Paketen verpackt zum zweiten Internet-Anbieter geschickt, dort ausgepackt und eingespielt. Optional kann die Kommunikation zum zweiten Provider verschlüsselt erfolgen.\nIn Linux müssen dazu die folgenden beiden Kommandos gegeben werden:\nAktivierung des Interface tunl0 zum entfernten Anbieter myriad.ml.org: `ifconfig tunl0 (your.ip.address) pointopoint myriad.ml.org Legen einer Route zu www.xs4all.nl über tunl0 route add www.xs4all.nl tunl0 Für einen Beobachter erscheint der Nutzer als normaler Kunde des zweiten IP-Providers. Der sperrende Router des lokalen Providers sieht nur eine Verbindung zum entfernten zweiten Provider. Die Sperre ist wirkungslos. Mobile-IP ist ein Routineangebot fuer IP-Provider, die Geschäftskunden betreuen.\nDer Anbieter der gesperrten Information kann Abrufer unterstützen, indem er ebenfalls versucht, die Sperre zu unterlaufen. Im Falle der Sperrung des Rechners www.xs4all.nl hat der gesperrte Anbieter die Internet-Adresse seines Rechners alle paar Minuten verändert. Sperrungen einer einzelnen Adresse wurden dadurch wirkungslos, statt dessen mußten ganze Teilnetze gesperrt werden (die Sperrung wurde noch unspezifischer, es wurden als Nebenwirkung noch mehr unbeteiligte Anbieter mitgesperrt).\nWährend die bisher diskutierten Möglichkeiten des Unterlaufens von Sperrungen unabhängig vom gesperrten Dienst waren, sind die folgenden Moeglichkeiten dienstspezifisch:\nWWW Ähnlich der erwähnten Veränderung der IP-Nummer eines Serverrechners kann auch die Adresse eines Angebotes auf einem Server automatisch verändert werden. Eine automatische Sperrung einzelner Angebote würde dadurch unterlaufen werden, und man müßte wieder den gesamten Rechner pauschal sperren. Dort greifen dann wieder die Methoden zum Unterlaufen einer Komplettsperrung.\nWenn zu einem Angebot eine Suchmaschine existiert, mit der alle Seiten eines Angebotes nach bestimmten Begriffen durchsucht werden können, ist eine einzelne Seite praktisch unter beliebig vielen Adressen zu bekommen (nämlich allen Begriffen, die den Text in der Suchmaschine finden). Eine Sperrung müßte hier zusätzlich den Zugriff auf die Suchmaschine verhindern.\nDas Verfahren des indirekten Zugriffs, wie es unter Mobile-IP diskutiert wurde, läßt sich mit Veränderungen auch für WWW einsetzen: Mit Hilfe eines entfernten Webservers, der Zugriffe im Auftrag Dritter abwickelt (Proxy-Server), ist ein indirekter Abruf der Seite möglich. Da Proxy-Server mit Zwischenspeicher zur Beschleunigung von Zugriffen üblich sind, ist es in der Regel kein Problem, einen solchen dritten Server zu finden. Im Rahmen der Zensurdiskussion der letzten Monate sind mittlerweile im In- und Ausland auch schon Proxy-Server für solche Umgehungen explizit eingerichtet worden (etwa am MIT fuer chinesische Staatsbürger, die die Zensur im eigenen Land unterlaufen möchten).\nBei verschlüsselter Kommunikation (etwa mit dem in allen gängigen Browsern eingebauten SSL-Support) entsteht ein nicht mehr in Echtzeit einsehbarer und nicht einfach verfälschbarer Kanal zwischen Server und Client. Für Dritte ist nicht erkennbar, welche Seiten abgerufen werden und welche Informationen sie enthalten.\nNews Artikel in den USENET News liegen in zahlreichen Kopien auf Tausenden von Servern überall auf der Welt vor. Löschungen (Cancel) werden von vielen dieser Server nicht mehr ausgeführt, nachdem es seit einigen Jahren immer wieder zu gefälschten Löschaufforderungen von Saboteuren kam. Die großen Archive fuer USENET News (DejaNews und AltaVista) führen grundsätzlich keine Löschungen aus. Über Archivanfragen ist es daher in der Regel möglich, auch auf ältere und lokal nicht mehr verfügbare Texte zuzugreifen. Dabei gilt wie bei Suchmaschinen für Webseiten (siehe oben): Artikel sind nicht nur unter einer festen Bezeichnung abrufbar, sondern werden auch zu beliebigen im Artikel enthaltenen Stichworten gefunden.\nIm Rahmen einer Untersuchung der bayrischen Staatsanwaltschaft wurde der Betreiber Compuserve aufgefordert, einige Newsgroups grundsätzlich nicht mehr bereitzustellen, da bei ihnen davon auszugehen sei, dass diese in Deutschland strafrechtlich relevante Inhalte enthielten. Die Leser dieser Gruppen beziehen diese jetzt direkt von anderen, nicht gesperrten Newsservern. Ausserdem gehen die Autoren von Artikeln für solche schlecht verbreiteten Newsgroups immer mehr dazu über, ihre Artikel zusätzlich in andere, thematisch unpassende, aber besser verbreitete Gruppen zu setzen.\nSo kam es zum Beispiel anläßlich der Sperrung des Servers www.xs4all.nl wegen des Angebotes der verbotenen Zeitschrift Radikal, Ausgabe 154 zweimal zu je einem Posting der Komplettausgabe der Radikal in den Diskussionsforen de.soc.zensur (Diskussion über Zensur und Inhaltskontrolle) und de.org.politik.spd (Forum des virtuellen Ortsverbandes der SPD).\nDa die Neueinrichtung von Newsgroups technisch automatisiert werden kann, kommt es vielfach zur Neueinrichtung schlecht verbreiteter Gruppen unter neuem Namen oder zum Angebot bekannter Gruppen unter Aliasnamen. So wurde die Gruppe de.talk.sex (Diskussionsforum über Sexualität) an einer deutschen Universität mehrere Jahre lang unter dem Namen de.soc.verkehr geführt, nachdem dort entschieden worden war, keine Gruppen mehr anzubieten, deren Bezeichnung den Begriff sex enthält.\nAndere Effekte von Sperrungsversuchen Jede Sperre kann unterlaufen werden, indem die gesperrte Information vielfach repliziert wird. Dann ist jedes Vorkommen dieser Information gesondert zu sperren. Dadurch werden die unangenehmen Nebenwirkungen der Sperrung vervielfacht, bis die Kosten fuer die Sperrung ihren Nutzen übersteigen. Im Falle der Sperrung von www.xs4all.nl wegen des Angebotes der verbotenen Radikal 154 existierten innerhalb kürzester Zeit über 40 Kopien der gesperrten Information. Die 6000 aus technischen Gründen mitgesperrten Anbieter wurden jedoch nicht repliziert. Bezüglich der angestrebten Wirkung wurde also eher das Gegenteil erreicht, während viele Anbieter durch die unbeabsichtigten Nebenwirkungen Verluste hinnehmen mußten.\nMit Hilfe der USENET News ist diese Replikation tausendfach automatisiert und mit minimalem Aufwand vorzunehmen. Aus diesem Grunde kam es nach der Sperrung von xs4all auch zu einer Verbreitung der Webseiten der Radikal in den News (die Webseiten der anderen 6000 Kunden von xs4all wurden nicht in die News eingespielt).\nAlle Kommunikation mit Hilfe des TCP/IP-Protokolls ist konstruktionsbedingt eine individuelle Ende-zu-Ende-Kommunikation zwischen zwei Partnern. Selbst bei Betrachtung des Dienstes ist nicht erkennbar, ob die abgerufenen Informationen privater Natur sind (es ist möglich und für viele Anwender auch notwendig, ihre persönliche Post per WWW zu lesen) oder ob es sich um öffentliche Information handelt. Derartige Information kann sogar gemischt auf einer Webseite auftreten. Es ist zweifelhaft, inwieweit eine Kontrolle solcher Verbindungen durch unspezifisches Abhören (ohne richterlichen Beschluß) gestattet ist, selbst wenn dieses Abhören durch einen Roboter geschieht, der auf Schlüsselworte oder Ratings reagiert.\nNicht nur vom Standpunkt der Kontrolle der Bewerter, sondern auch vom Standpunkt des technischen Netzbetriebes ist eine Offenlegung aller Sperrungen unbedingt notwendig. Wenn Sperrungen von Rechnern oder einzelnen Angeboten massenhaft umgesetzt werden, ist für den einzelnen Systembetreiber genau wie für den einzelnen Anwender nämlich nicht mehr entscheidbar, ob eine technische Störung vorliegt, die zu beheben ist, oder ob eine inhaltlich begründete Sperrung vorgenommen wurde. Damit wird einer zuverlässigen Fehleranalyse durch die Betreiber von Netzen oder einzelnen Maschinen jede Grundlage entzogen, da aus dem Vorliegen einer Störung keine sichere Verhaltensvorschrift zu ihrer Behebung abgeleitet werden kann. Andererseits können offengelegte Sperrlisten natuerlich leicht als Kataloge fuer sexuell explizite oder gewalttätige Angebote mißbraucht werden. Eine Sperrung wäre dann eine Art Qualitaetssiegel. Offengelegte Sperrungen sind mit entsprechend modifizierten Programmen außerdem automatisiert umgehbar.\nModifikation des Internet In dem heutigen Internet können Sperren nach den obigen Ausführungen also nicht oder nur mit unvertretbar hohen Kosten und Nebenwirkungen realisiert werden. Daraus ergibt sich die Frage, inwieweit das Internet modifiziert werden müßte, um effizientes Sperren von Inhalten zu erlauben.\nPrinzipiell bieten Firewallsysteme (die von Unternehmen eingesetzt werden, um ihr Netz gegen unbefugtes Eindringen aus dem Internet zu schützen) einen Ansatz, effektive Sperren aufzubauen. Durch die Philosophie, nur solchen Daten das Passieren der Barriere zu gestatten, denen es explizit gestattet wurde, erzwingt man das Einhalten von Richtlinien.\nÄhnliche Richtlinien müßten fuer die Nutzung der Internet-Dienste durch die Benutzer aufgestellt und ihre Einhaltung erzwungen werden. Dies kann durch die Verwendung der Firewalltechnologie als Barriere zwischen den Anwendern und dem Internet oder durch die Verwendung proprietärer Protokolle erzwungen werden. Entscheidend ist, daß Teilnehmer im Netz ausschließlich identifizierbar agieren koennen, daß nur freigegebene Dienste, Protokolle und Datenformate verwendet werden, daß die Verwendung kryptographischer Verfahren verboten wird und daß sämtliche Aktivitäten protokolliert werden. Durch diese Massnahmen soll sichergestellt werden, daß der Benutzer einer Sperre nicht mehr ausweichen kann durch Wechsel der Identität, des Protokolls oder durch Verschleierung der Daten.\nUnabhängig von der Frage, ob ein solches Verfahren mit einem demokratischen Rechtsstaat vereinbar wäre, gibt es auch wirtschaftliche und technische Gründe, die dagegen sprechen: Ein solches Netz wäre zentralistisch gesteuert und könnte nur unter großem Zeit- und Kostenaufwand an veränderte Anforderungen angepaßt werden. Sämtliche Online-Dienste haben dieses Modell auf Druck ihrer kommerziellen Benutzer aufgegeben. Der administrative Overhead einer solchen Lösung auf nationaler Ebene wäre gewaltig. Ausserdem wuerde jede Beschraenkung kryptographischer Verfahren eine Nutzung des Internet zur Übermittlung sensitiver Informationen beeinträchtigen.\nInsgesamt könnte ein solches Modell katastrophale Standortnachteile mit sich bringen. Kommunikation ist eine Ressource, die in ihrer Bedeutung den Arbeitskräften oder der Verkehrsinfrastruktur in keiner Weise nachsteht. Auf der anderen Seite kann man, wie sich am Beispiel China zeigen läßt, selbst auf diese Art die Verbreitung unerwünschter Inhalte nur begrenzt unterbinden, denn für jede der oben genannten Massnahmen existieren wiederum Gegenmaßnahmen.\nBewertung Eine zentrale Sperre von Inhalten im Internet läßt sich technisch nicht paßgenau vornehmen, ließe sich von den Benutzern bei Bedarf umgehen und wäre mit hohen Kosten verbunden (siehe auch Heimo Ponnath: Pornographie im Internet ? Dichtung und Wahrheit, inside online 2/3 1996). Bedingt durch die globalen Datennetze zeigt sich hier der Paradigmenwechsel in den Aufgaben des Staates durch die Informationsgesellschaft, wie Alexander Rossnagel beschreibt (Alexander Rossnagel: Globale Datennetze: Ohnmacht des Staates - Selbstschutz der Buerger, ZRP 1997, Heft 1, 26-30). Die Ohnmachtserfahrung des Staates in der globalisierten Welt bedeutet jedoch nicht gleichzeitig eine Kapitulation vor den neuen Gefahren, sondern die modernen Informationstechnologien bergen vielfältige Möglichkeiten, daß der Bürger sich selbst schützen kann. Daraus erwächst die Verpflichtung für den Staat, Strukturen zu schaffen, die seine Bürger befähigen, ihre Interessen in der Welt der Netze selbstbestimmt zu schützen.\nHier bietet also die dezentrale Kontrolle und Filterung durch den Benutzer einen Lösungsansatz. Dazu müssen jedoch die Bewertungen durch Dritte (etwa nach dem PICS-System) transparent und nachvollziehbar sein. Beispielhafte Filterkonfigurationen können von einer Vielzahl von Interessengruppen vorgeschlagen werden; der Benutzer muß jedoch die Möglichkeit haben, seine eigene Konfiguration individuell vorzunehmen oder anzupassen.\nEin universelles Rating wie PICS ist mit erhöhtem Zeitaufwand und zusätzlichen Kosten verbunden. Eine Reihe von Anbietern wird daher darauf verzichten. Den Ratingorganisationen kommt ein hohes Maß an Verantwortung zu, da jede Vorbewertung bereits zur Meinungsbildung der potentiellen Abrufer beiträgt und da absichtliche oder unabsichtliche Fehlbewertungen großen Schaden anrichten können. Geht es lediglich um die Gewährleistung eines Jugendschutzes im Internet, wäre es sehr viel billiger und unkritischer, wenn die Anbieter auf freiwilliger Basis ihre kindgerechten Materialien kennzeichneten und spezielle Kinderbrowser ähnlich dem TV-Kinderkanal nur solche Angebote darstellten (siehe he Net Labelling Delusion: Protection or Oppression ).\nDie Erfahrungen in den USA zeigen, daß Organisationen das Instrument der Bewertung von Inhalten für die Durchsetzung ihrer eigenen politischen Ziele unter dem Deckmantel des Jugendschutzes oder der Aufrechterhaltung der öffentlichen Moral mißbrauchen. Es ist zu verhindern, daß die Definition moralischer und gesellschaftlicher Werte in den Aufgabenbereich privater Organisationen übertragen wird. Durch eine Offenlegung der Bewertungsmaßstäbe und aller Bewertungen kann diese Gefahr des Mißbrauchs reduziert werden.\nDanksagung Wir danken Hannes Federrath und Andreas Pfitzmann von der Technischen Universitaet Dresden für zahlreiche Anregungen und Diskussionen, die zur Entstehung dieses Textes beigetragen haben.\nDie Autoren Kristian Köhntopp ist Diplominformatiker und arbeitet als freiberuflicher Consultant fuer heterogene Datennetze und Rechnersicherheit.\nMarit Köhntopp ist Diplominformatikerin und arbeitet beim Landesbeauftragten für den Datenschutz Schleswig-Holstein als Referentin in den Bereichen \u0026ldquo;Neue Medien und Informationstechnologien\u0026rdquo; sowie \u0026ldquo;Technikfolgenabschätzung\u0026rdquo;.\nMartin Seeger ist Diplominformatiker und Geschäftsführer der NetUSE ommunikationstechnologie GmbH. Das Unternehmen beschäftigt sich mit der Internet-/Intranet-Technologie und der Sicherheit von Rechnern in Netzen.\n","date":"1997-05-14T00:00:00Z","href":"https://blog.koehntopp.info/1997/05/14/sperrungen-im-internet.html","tags":["lang_de","politik","usenet","jugendschutz"],"title":"Sperrungen im Internet - Eine systematische Aufarbeitung der Zensurdiskussion"},{"categories":null,"content":"für die Mailingliste debate@fitug.de Bundesinnenminister Kanther eröffnete am 28 April 1997 den 5. IT-Sicherheitskongress in Bonn. Auf seiner Eröffnungsrede forderte der Minister, den Einsatz von Verschlüsselungsverfahren in der Bundesrepublik Deutschland zu reglementieren. Nach Kanthers Vorstellungen dürfen in Deutschland nur noch Verschlüsselungsverfahren zum Einsatz kommen, die es den Bundesbehörden erlauben, verschlüsselte Informationen nach Belieben zu decodieren.\nDerzeit ist der Einsatz und der Export von Verschlüsselungsverfahren in Deutschland nicht eingeschränkt, was der deutschen Industrie einen entscheidenden Wettbewerbsvorteil gegenüber den USA, Frankreich und anderen Ländern mit Kryptobeschränkungen gibt. Verfahren zur Verschlüsselung von Daten und zur digitalen Unterschrift machen von sogenannter \u0026ldquo;starker Kryptographie\u0026rdquo; gebrauch. Sie gelten als der Schlüssel zum digitalen Handeln, da nur durch solche Verfahren Geld und Geschäftsgeheimnisse sicher und unverfälscht über das Rechnernetze transportiert werden können.\nKanther selbst sagt in seiner Rede:\nMehr und mehr werden persönliche Daten, wichtige Geschäftskommunikation, Geschäftsabschlüsse und Geldtransaktionen mit Computern verarbeitet und über die modernenKommunikationsnetze geleitet. Wo das ohne hinreichenden Schutz geschieht, ist das oftmals geradezu eine Einladung an Kriminelle. Das Erschleichen einer Kreditkartennummer durch Hacking und der anschließende Mißbrauch, der Scheckkartenbetrug oder das Abzweigen von Geldbeträgen von einem Konto zum anderen lassen sich anonym unter Ausnutzung der elektronischen Kommunikationsmittel vollziehen. Die Täter verstecken sich in der Anonymität der Netze, verwischen ihre elektronische Spur, einen Tator gibt es nicht mehr. Strafverfolgungsbehörden und Polizei sind vor völlig neue Herausforderungen gestellt.\nKanther erwähnt dabei nicht, daß gerade kryptographisch starke Verfahren zur Signatur und zur Verschlüsselung von Informationen derartige Verbrechen schon im Ansatz verhindern können. Digital signierte Dokumente können nicht gefälscht werden und sicher verschlüsselte Texte können nicht abgehört werden. Der Einsatz von Kryptographie in Datennetzen erschwert also nicht die Verfolgung von Verbrechern, sondern er macht das Verbrechen selbst unmöglich. Der schleswig-holsteinische Datenschutzbeauftragte, Dr. Bäumler, formuliert dies in seinen Thesen zur Kryptographie unter anderem so:\n[ Es ist ] geradezu ein Gebot, die Bürger vor organisierten Verbrechern zu schützen bzw. genauer: ihnen zu erlauben, sich selbst wirksam zu schützen. Denn nur so können sie finanzielle Transaktionen über Netze abwickeln, ohne Opfer von Computerkriminalität zu werden.\nKanther fordert in seiner Rede, den Risiken, die sich aus der Technik ergeben auch mit den Mitteln der Technik zu begegnen und führt dabei unter anderem auch elektronische Wegfahrsperren als Mittel zur Verhinderung von Kraftfahrzeugdiebstählen an. Dieser Vergleich mutet seltsam unpassend an, handelt es sich dabei doch genau wie der Einsatz von kryptographischen Mitteln um ein klassisches Mittel zu Verbrechensprävention, nicht um ein staatliches Instrument zur Strafverfolgung. Eine Umsetzung von Kanthers Vorschlägen würde den Anwender von Datennetzen seiner legitimen Verteidigungsmöglichkeiten gegen Computerkriminelle berauben.\nKanther führt weiter aus, wie er sich die Kontrolle des Staates vorstellt:\nDies kann dadurch geschehen, daß die verwendeten Schlüssel sicher hinterlegt werden. Durch eine Kombination von organisatorischen, personellen, technischen und juristischen Maßnahmen kann jedem Verdacht einer Mißbrauchsmöglichkeit begegnet werden.\nKanther sagt dies eine Woche, nachdem der Spiegel berichtet, daß auch eine Kombination von organisatorischen, personellen, technischen und juristischen Maßnahmen nicht ausgereicht hat, illegale Datenströme zwischen dem Pullacher Verfassungsschutz und Angehörigen der CSU zu verhindern.\nEine Hinterlegung von privaten Schlüsseln erlaubt es jedem der diese Schlüssel kennt, die Persona des Schlüsselinhabers im Netz zu übernehmen, seine Kommunikation mitzulesen, in seinem Namen Nachrichten zu versenden, Verträge abzuschließen oder Verbrechen zu begehen. Jemandem seine digitalen privaten Schlüssel zu übergeben bedeutet, sich dieser Person oder Institution persönlich und wirtschaftlich vollkommen auszuliefern. Die Hinterlegung der privaten Schlüssel bei einer Schlüsselzentrale entspricht der Erteilung einer unumschränkten Unterschriften- und Kontovollmacht auf das bloße Versprechen hin, daß die Schlüsselzentrale von dieser Vollmacht nur zum größeren Nutzen der Allgemeinheit Gebrauch machen wird.\nNiemand, der klar bei Verstand ist, kann einer solchen Verpflichtung nachkommen. Die von Kanther geforderte Schlüsselhinterlegung würde jede Form von digitalem Kommerz in Deutschland schon im Ansatz abwürgen und den ohnehin schon gefährdeten Standort Deutschland im internationalen Wettbewerb noch weiter zurückwerfen.\nKanther fordert dies auch, obwohl die Möglichkeiten der Strafverfolger durch die Reform der Telekommunikationsgesetze und den großen Lauschangriff schon stark ausgeweitet worden sind. Nicht nur das: Kanthers Ministerium bleibt konsequent den Beweis nach Wirksamkeit dieser Maßnahmen schuldig. Obwohl diese Gesetze eine Einschränkung des Fernmeldegeheimnisses und des Rechtes auf Unverletzlichekeit der Wohnung darstellen, existieren noch immer keine veröffentlichten Daten darüber, ob der Erfolg dieser Maßnahmen diese Einschnitte in wesentliche Grundrechte rechtfertigt.\nAuch in einem unbefangenen Beobachter muß dabei doch der Verdacht aufkommen, daß es mit der Wirksamkeit dieser Maßnahmen nicht so weit her sein kann. Wieviel wirkungsloser wird dann ein Verbot nicht genehmigter Kryptographie sein, wenn die Sachverständigen schon im Vorfeld bescheinigen, daß ein solches Verbot für die Strafverfolgung praktisch wirkungs- und wertlos sein wird?\nUnd Stimmen, die ein solches Verbot nicht genehmigter, harter Kryptographie ablehnen, gibt es zuhauf: Datenschützer, Verfassungsrechtler, Wissenschaft und Industrie lehnen eine solche Regelung geschlossen ab. \u0026ldquo;Wohlwollende\u0026rdquo; Unterstützung für seinen Vorschlag findet Kanther vorwiegend im Ausland, etwa bei unseren amerikanischen \u0026ldquo;Freunden\u0026rdquo;, für die eine nicht mehr abhörbare Kommunikation deutscher Wirtschaftsunternehmen ein schwerer Rückschlag auf dem Gebiet der Industriespionage wäre.\nWie praktisch wäre es dagegen, müßte man sich die Schlüssel deutscher Firmen nicht mehr einzeln in jedem Werk besorgen, sondern könnte gezielt das System der zentralen deutschen Schlüsselverwaltung anzapfen - die womöglich sogar mit von amerikanischen Firmen gelieferter Hardware und Systemsoftware betrieben würde. Für die Wettbewerbsfähigkeit der deutschen Wirtschaft ist es essentiell, sich selbst vor Wirtschaftsspionage und vor der Verfälschung der eigenen Kommunikation schützen zu können. Funktionieren kann dies nur, wenn es der Industrie möglich ist, Verfahren ohne Sollbruchstelle und Hintertüren einzusetzen.\nIn den letzten Jahren ist es im Innenministerium Mode geworden, unter dem Verweis auf die sogenannte organisierte Kriminalität ein Grundrecht nach dem anderen schrittweise durch den Gesetzgeber einschränken zu lassen. Vielleicht sollte jetzt erst einmal der Beweis angetreten werden, daß die bisher gemachten Zugeständnisse der Bürger an ihren Staat Früchte tragen und die von uns allen ermöglichten Maßnahmen auch tatsächlich wirksam sind. Vielleicht sollten wir alle uns auch einmal fragen, ob wir uns nicht selbst auf eigene Verantwortung vor den schwarzen Schafen in unserer Gemeinschaft schützen können.\nGanz sicher sollten wir uns jedoch klarmachen, daß eine Reglementierung kryptographischer Verfahren ein Irrweg ist. Ein Irrweg, der fordert, daß Bürger und Firmen ihre digitale Seele bei einem Staat hinterlegen, der für ihre Sicherheit nicht garantieren kann.\nUnd ganz dringend sollten wir alle uns klarmachen, daß dieses Thema uns alle und ohne Ausnahme angeht: Eine Renterin trägt ihr Geld zu Fuß zu einer Sparkasse tragen - die Sparkasse wird dieses Geld digital transferieren. Ein Arbeiter mag mit handfesten Gerätschaften an einem Fließband schaffen - das Nervensystem seiner Firma und die Kronjuwelen der Entwicklung werden jedoch mit Sicherheit in einem Rechnersystem vorliegen. Die Beamtin im Einwohnermeldeamt oder im Finanzamt mag noch immer mit Schreibmaschine und Stempel arbeiten - aber die Melderegister und Steuerbescheide liegen in Rechnern vor. Der Hausarzt mag mit dem Fahrrad in die Praxis kommen und seine Patienten alle mit dem Vornamen kennen - für die Kassenrechnung muß er Krankengeschichten und Leistungen in Computersystemen vorhalten. Und man mag mit seiner Bäckerin am Samstagmorgen über dem Brötchenkauf gerne ein nettes Schwätzchen halten - aber die Umsatzdaten des Supermarktes laufen über ein digitales Kassensystem bis in die Konzernzentrale.\nWir alle sind, ob wir es wollen oder nicht und ob wir es wissen oder nicht, Anwender von Informationstechnologie und Datennetzen. Netze und Informationen, die nur dann sicher sein können, wenn ihre Betreiber nicht durch einen übereifrigen Staat daran gehindert werden. Es muß unser aller Interesse sein, dies unserem Staat klar zu machen.\nDENN:\nDas Recht auf Kryptographie ist das Recht auf Privatsphäre.\nDas Recht auf Kryptographie ist das Recht auf wirtschaftliches Überleben.\nDas Recht auf Kryptographie ist das Recht auf digitale Selbstverteidigung.\nDas Recht auf Kryptographie ist ein Menschenrecht.\n","date":"1997-04-01T00:00:00Z","href":"https://blog.koehntopp.info/1997/04/01/das-recht-auf-digitale-selbstverteidigung.html","tags":["lang_de","publication","internet"],"title":"Das Recht auf Kryptographie ist das Recht auf digitale Selbstverteidigung"},{"categories":null,"content":"Für die Mailingliste debate@fitug.de Unsere Supermärkte sind voll von Waren aus jedem Teil der Republik, von Früchten und Gewürzen aus tropischen Ländern, von Rindfleisch aus Argentinien und Fisch aus allen sieben Weltmeeren. An jedem Stück in den Regalen klebt Blut.\nJeden Tag sterben auf Deutschlands Straßen Menschen und noch mehr werden verkrüppelt oder verletzt. Jeden Tag werden tonnenweise Treibhausgase erzeugt, Schwermetalle in die Luft geblasen und krebserregende Chemikalien erzeugt, um unsere Regale mit all diesem Luxus zu füllen. Ja, jeden Tag werden massenweise Güter bewegt und Rohstoffe konsumiert, um noch mehr Autos zu bauen.\nTrotz dieses immens hohen gesellschaftlichen Preises stellt keine politische Partei die Notwendigkeit von Autoverkehr und der Automobilindustrie grundsätzlich in Frage. Natürlich wird versucht, die Anzahl der Opfer von Verkehrsunfällen zu senken und die Schwere der Verletzungen abzumildern. Aber der Grundkonsens ist klar: Deutschland kann seine Position als eines der führenden Industrieländer nicht halten, ohne diesen Preis zu zahlen. Einzelne mögen auf ein eigenes Automobil verzichten, aber gesamtgesellschaftlich ist Deutschland ohne durchgehende Motorisierung nicht funktionsfähig - das ist selbst den linkesten Ökos klar. Gestritten wird günstigstenfalls über die Höhe des zu entrichtenden Preises bzw. der Ausgleichszahlungen in Form von Steuern für diesen Luxus. Außerdem muß jeder, der den Automobilverkehr grundsätzlich kritisiert und den Grundkonsens in Frage stellt sich fragen lassen, ob er auf die ohne Frage nützlichen oder gar lebensrettenden Effekte schneller Personen- und Güterbeförderung verzichten möchte.\nTrotzdem wir alle wissen und akzeptieren, daß Automobile töten können und immer töten werden, kämpfen wir alle doch um jedes einzelne Unfallopfer weniger. Jeder von uns trägt jeden Tag seinen Teil dazu bei, den Straßenverkehr sicherer zu machen.\nKryptographische Verfahren haben für die Handel und Verkehr in Datennetzen dieselbe Bedeutung wie der Ottomotor für Handel und Verkehr in der realen Welt. Sie sind der Motor, der virtuelle Waren- und Geldströme erst richtig beflügeln könnte, das schlagende pulsierende Herz einer Onlinewirtschaft, die gerade im entstehen begriffen ist. Ohne kryptographische Verfahren gibt es in Datennetzen keine Geheimnisse und damit keinen Informationsvorsprung, der sich an andere verkaufen ließe. Ohne kryptographische Verfahren gibt es in Datennetzen keine digitalen Unterschriften und damit keine bindenden Verträge. Ohne kryptographische Verfahren gibt es in Datennetzen keine digital von Banken unterschriebenen Geldscheine und damit keine Währung, für die es sich lohnen würde, überhaupt eine Onlinewirtschaft zu betreiben. Kryptographische Verfahren sind die Technologie, die die Onlinewirtschaft aus dem virtuellen Postkutschenzeitalter in die digitale Industriegesellschaft katapultieren kann.\nKrytoreglementierung bedeutet nicht, auf der Datenautobahn eine Geschwindigkeitsbegrenzung einzuführen. Eine Kryptoreglementierung kommt stattdessen einem Verbot von Ottomotoren gleich.\nEs gibt politische Stimmen, die befürchten, daß durch den freien Gebrauch von Kryptographie Menschen zu schaden kommen können.\nDas ist richtig.\nUnzweifelhaft wird es durch den allgemeinen Gebrauch von verschlüsselten Nachrichten und digital signierten Dokumenten zu neuen, möglicherweise nur schwer aufzuklärenden oder zu verhindernden Verbrechen kommen. Auch die Erfindung des Automobils hat ja eine ganze Menge von Delikten überhaupt erst möglich gemacht: Verkehrsdelikte, Fluchtwagen, Mordinstrument oder Tarnung von Morden als Unfälle - dazu schleichende Umweltschäden, die wir in unserer Gesellschaft nicht als Verbrechen werten. Wie beim Automobil müssen wir wohl auch bei der Kryptographie einen solchen Preis in Kauf nehmen, wollen wir die Vorteile dieser Technologie für uns nutzen und an der nächsten Stufe der industriellen Entwicklung vorne mit dabei sein.\nWir können uns erlauben, über die Höhe des Blutzolles zu streiten, den wir entrichten müssen, wenn wir am Zeitalter des digitalen Kommerzes teilhoben wollen. Aber wenn wir an dieser neuen Industrie teilhaben wollen, werden wir dafür bezahlen müssen. Und wenn wir uns entscheiden sollten, Kryptographie zu reglementieren und damit effektiv zu verbieten, dann müssen wir uns fragen lassen, ob wir auf die nützlichen oder gar lebensrettenden Effekte dieser Technologie verzichten wollen.\nDer Grundkonsens muß klar sein: Deutschland kann seine Position als eines der führenden Industrieländer nicht halten, wenn es auf die Basistechnologie der digitalen Industrie verzichtet - das ist selbst den rechtesten Hardlinern klar. Einzelne mögen auf den Einsatz von kryptographischen Verfahren verzichten, aber gesamtgesellschaftlich ist Deutschland ohne breiten Einsatz von Verschlüsselungs- und Signiertechnologie nicht konkurrenzfähig.\nWie zentral die Rolle der Kryptographie ist, wird erst deutlich, wenn man sich unser Land als konsequent Informationstechnologie nutzend denkt:\nMan stelle sich einmal vor, Übertragungen von potentiell milliardenschweren Neuentwicklungen über ein Datennetz vorzunehmen, dessen digitale Verschlüsselungstechnologie eingebaute Sollbruchstellen hat, die Dritten gleich welcher Legitimation Zugriff auf die übertragene Information zu geben.\nMan stelle sich einmal vor, Geldtransaktionen des größeren Teils der deutschen Wirtschaft mit Schlüsseln zu schützen, die außer den beteiligten Instituten noch Dritten bekannt sind.\nIst es nicht besser, wenn einige Verbrechen unaufgeklärt bleiben, weil es keine zentrale Schlüsselhinterlegungszentrale gibt, als daß auch nur die Möglichkeit bestünde, daß jemand Zugriff auf die gesamte deutsche Wirtschaft bekommt, weil eine ebensolche Schlüsselhinterlegungszentrale existiert?\nWir müssen wissen und akzeptieren, daß es solche unaufgeklärten Verbrechen geben wird. Und wir müssen trotzdem kämpfen, daß es weniger solche Verbrechensopfer geben wird. Aber wir können uns dabei auf keinen Fall leisten, auf starke kryptographische Verfahren zu verzichten, ja wir müssen sogar unbedingt alle nur verfügbare Energie in die Entwicklung noch härterer Verfahren stecken und jede nur denkbare Schwachstelle in den vorhandenen Verfahren ausmerzen.\nAber laßt uns nicht in die Falle von Dorothy Denning gehen: Weil im Schutze digitaler Kommunikation und Verschlüsselung einige schreckliche Verbrechen geschehen, können wir nicht auf die Schlüsseltechnologie des nächsten Industriezeitalters verzichten\njedenfalls nicht, ohne uns gleichzeitig in die Rolle eines Entwicklungslandes zu begeben. Wir würden das auch niemals tun, genausowenig, wie wir die Schließung der deutschen Autobahnen und die Zerschlagung der Autokonzerne fordern würden, nachdem wir die Bilder von Unfallopfern gesehen haben - denn wenn wir das täten, wäre Deutschland im Nu ein Entwicklungsland. ","date":"1997-01-01T00:00:00Z","href":"https://blog.koehntopp.info/1997/01/01/kryptographie-toetet.html","tags":["lang_de","publication","internet"],"title":"Kryptographie tötet - na und?"},{"categories":null,"content":" Der Apache WWW-Server Der Apache WWW-Server ist ein Server der zweiten Generation. Das bedeutet, er entstand auf der Grundlage der Erfahrungen, die beim Betrieb von WWW-Servern unter sehr hoher Last gemacht wurden, und er bietet erweiterte Möglichkeiten zur dynamischen Erzeugung von Seiten über CGI (Common Gateway Interface) und über eine servereigene Programmierschnittstelle (Server API).\nDer Server selbst ist auf praktisch jeder modernen UNIX-Plattform einsetzbar, und Portierungen auf Windows NT und OS/2 sind ebenfalls verfügbar.\nApache übersetzen Wie es sich für ein frei verfügbares UNIX-Programm gehört, ist der Server in Quelltextform erhältlich. Zusätzlich werden auf http://www.apache.org/ auch Binärversionen für die verbreitesten UNIX-Versionen bereitgestellt. Ist die eigene UNIX-Version nicht unter diesen zu finden oder möchte man den Server mit experimentellen Optionen betreiben, muss man ihn sich selbst übersetzen. Zum Glück ist das nicht sehr schwierig.\nApache kommt, wie üblich, als mit gzip gepacktes tar-Archiv. Nach dem Auspacken mit\n/tmp$ gzip -dc apache*tar.gz | tar xvf - entsteht ein Verzeichnis mit dem Namen apache_x.y.z, wobei x.y.z die Versionsnummer des Servers angibt. Es enthält die folgenden Unterverzeichnisse:\ncgi-bin Dieses Verzeichnis enthält einen Satz Beispielprogramme zur CGI-Programmierung in Form von Scriptdateien. cgi-src Dieses Verzeichnis enthält weitere Beispielprogramme zur CGI-Programmierung, die in C geschrieben wurden. Diese Programme müssen zunächst compiliert werden, bevor sie im Verzeichnis cgi-bin installiert werden können. conf Dieses Verzeichnis enthält Beispiel-Konfigurationsdateien. Die Namen dieser Konfigurationsdateien enden auf -dist. Zum Gebrauch muss die jeweilige Konfigurationsdatei kopiert und unbedingt für den lokalen Bedarf angepasst werden. icons Die eingebaute Apache-Funktion zur Anzeige von Verzeichnissen kann Dateien mit dateitypspezifischen Icons anzeigen. Dieses Verzeichnis enthält einen Satz Beispiel-Icons, die vom Server dazu verwendet werden. logs Dieses Verzeichnis ist zunächst leer. Der Server wird später im Betrieb seine Logbücher hier ablegen. Diese Logbücher können je nach Serverauslastung sehr umfangreich werden. src Dieses Verzeichnis enthält den C-Quelltext des Servers. Es wird für den Betrieb nicht benötigt. support Dieses Verzeichnis enthält weitere C-Quelltexte zu Hilfsprogrammen für den Serverbetrieb. Sie müssen compiliert werden, wenn man Eigenschaften des Servers für Fortgeschrittene nutzen möchte: Benutzeridentifikation mit Paßworten, DBM-Benutzerdatenbanken für sehr große Benutzerzahlen und verschiedene andere. Konfigurationsdatei anpassen Im src-Verzeichnis befindet sich die Datei Configuration. Dies ist die einzige Datei, die angepasst werden muss, um den Apache-Server für eine unterstützte Plattform zu übersetzen. In dieser Datei ist auch einzustellen, welche Module in den Server eingebunden werden sollen.\nFolgende Einstellungen sind mit einem Texteditor an dieser Datei vorzunehmen:\nCC= Wahl des C-Compilers. Der Server kann entweder mit dem normalen Systemcompiler cc oder mit dem GNU-C-Compiler gcc übersetzt werden, wenn dieser auf dem System vorhanden ist. CFLAGS= Optionen für den Aufruf des C-Compilers. Mit dieser Variable können die Optionen für den Lauf des Compilers festgelegt werden. Normalerweise wird man hier den Optimierungslevel des Compilers angeben, also beispielsweise -O2. Für den späteren Betrieb des Servers mit Server Side Includes kann hier die Option -DXBITHACK mit angegeben werden. Für schnelleren Betrieb auf Kosten der Lesbarkeit von Logfiles kann hier die Option -DMINIMAL_DNS mit angegeben werden. Die Option -DMAXIMAL_DNS führt dagegen für alle Clients eine doppelte Abfrage des Nameservers durch, was Fälschungen von Hostnamen erschwert, aber sehr langsam ist.\nFür den normalen Betrieb sollten diese Optionen zunächst einmal weggelassen werden. Sie sind nicht unmittelbar notwendig und haben Nebeneffekte, die verstanden sein müssen, bevor die Optionen sinnvoll einsetzbar sind.\nLFLAGS= Optionen für den Aufruf des Linkers. Mit dieser Variable können die Optionen für den Lauf des Linkers festgelegt werden. Normalerweise ist diese Variable leer. EXTRA_LIBS= Optionen für das Linken zusätzlicher Bibliotheken. Mit dieser Variable können zusätzliche Bibliotheken zum Linken des Programmes angegeben werden. Normalerweise ist diese Variable leer. AUX_*= Betriebssystemspezifische Optionen und Bibliotheken. Diese Variablen stehen in Blöcken nach Betriebssystemen sortiert beisammen. Sie legen fest, für welche Betriebssystemversion der Server übersetzt werden soll. Im Auslieferungszustand ist der Server für SunOS 4 konfiguriert. Diese Einstellung muss für das Zielbetriebssystem angepaßt werden. Dazu ist die Zeile für SunOS 4 zu deaktivieren und die Zeile für das gewünschte Betriebssystem zu aktivieren. Um den Apache-Quelltext zum Beispiel für die Übersetzung auf Solaris 2 zu konfigurieren, muss der Block # For SunOS 4 AUX_CFLAGS= -DSUNOS4 # For Solaris 2. #AUX_CFLAGS= -DSOLARIS2 #AUX_LIBS= -lsocket -lnsl folgendermaßen geändert werden:\n# For SunOS 4 #AUX_CFLAGS= -DSUNOS4 # For Solaris 2. AUX_CFLAGS= -DSOLARIS2 AUX_LIBS= -lsocket -lnsl Weiter unten in der Konfigurationsdatei befindet sich der Abschnitt zur Konfiguration der Module, aus denen der Server zusammengesetzt wird. Die Einstellungen in diesem Bereich sind in der Regel für den Normalbetrieb korrekt und brauchen nicht verändert zu werden. Die Kommentare in diesem Abschnitt der Konfigurationsdatei geben weitere Hinweise.\nDen Server übersetzen Nachdem die Konfigurationdatei angepasst ist, müssen die Informationen aus dieser Datei in den C-Quelltext des Programmes eingearbeitet werden. Dies geschieht automatisch durch den Aufruf des Scriptes Configure:\n/tmp/apache_1.0.3/src$ ./Configure Using \u0026#39;Configuration\u0026#39; as config file Danach kann der Server übersetzt werden. Der Übersetzungsprozeß wird durch das UNIX-Werkzeug make automatisch gesteuert. Es genügt, im src-Verzeichnis make aufzurufen:\n/tmp/apache_1.0.3/src$ make gcc -c -O2 -DLINUX alloc.c ... Nach erfolgreichem Abschluss des Übersetzungsvorgangs wird im src-Verzeichnis eine Datei httpd hinterlassen, die ausführbar ist und mit dem file-Kommando als Programm identifiziert wird.\n/tmp/apache_1.0.3/src$ ls -l ./httpd -rwxr-xr-x 1 root root 82260 Nov 4 10:42 ./httpd /tmp/apache_1.0.3/src$ file ./httpd ./httpd: ELF 32-bit LSB executable i386 (386 and up) Version 1 Die Hilfsprogramme übersetzen Für den einfachen Serverbetrieb genügt es, das Serverprogramm httpd zur Verfügung zu haben. Für den fortgeschrittenen Betrieb ist es jedoch nützlich, auch die optionalen Hilfsprogramme in den Verzeichnissen cgi-src und support zu übersetzen und zu installieren. Zum Glück sind diese Programme kaum systemspezifisch und können mit einem einfachen Aufruf von make in den betreffenden Verzeichnissen übersetzt werden:\n/tmp/apache_1.0.3/cgi-src$ make gcc -c -g query.c ... /tmp/apache_1.0.3/cgi-src$ cd ../support/ /tmp/apache_1.0.3/support$ make gcc -g htpasswd.c -o htpasswd ... Eventuell bei der Übersetzung auftretende Warnungen sind normal und können ignoriert werden.\nDen Server installieren Neben dem eigentlichen Serverprogramm httpd werden zum Betrieb des Servers noch verschiedene zusätzliche Verzeichnisse benötigt. Alle diese Dateien und Verzeichnisse sollen in einem gemeinsamen Sammelverzeichnis installiert werden, das in der Terminologie von Apache als ServerRoot bezeichnet wird. Viele Serverbetreiber wählen als ServerRoot das Verzeichnis /var/httpd. Dieser Text geht ebenfalls davon aus, daß mit dieser ServerRoot installiert wird.\nvar `-- httpd |-- cgi-bin |-- conf |-- icons `-- logs Verzeichnisstruktur ServerRoot: /var/httpd und die Unterverzeichnisse\nhome `-- www |-- icons |-- pd-software `-- texte Verzeichnisstruktur DocumentRoot: /home/www und die Unterverzeichnisse\nAußerdem wird der Server in Zukunft auf einen weiteren Verzeichnisbaum zugreifen, der die HTML-Dokumente enthält, die geservt werden sollen. Diese zweite Verzeichnishierarchie wird als DocumentRoot bezeichnet. Im Gegensatz zur ServerRoot ist die Verzeichnisstruktur der DocumentRoot selbst vollkommen frei wählbar. Die in der Abbildung gegebene Aufteilung ist nur ein Beispiel.\nBeide Verzeichnishierarchien sind unterschiedlich und sollen sich nicht überlappen. Auf gar keinen Fall sollte die ServerRoot unterhalb der DocumentRoot liegen, denn sonst könnte man über den WWW-Server auf seine Konfigurationsdateien und Passworte zugreifen, und das ist eine ausgesprochen schlechte Idee. Auch andersherum sollte die DocumentRoot nicht unterhalb der ServerRoot liegen, obwohl das nicht unmittelbar schädlich ist. Viele Serverbetreiber wählen als DocumentRoot das Verzeichnis /home/www, und das ist auch das Verzeichnis, das in diesem Text verwendet wird.\nZur Installation ist es notwendig, die Verzeichnisse für die ServerRoot und die DocumentRoot anzulegen und ihnen die notwendigen Rechte zu geben. Zunächst wird das ServerRoot-Verzeichnis angelegt und der Server selber in ihm installiert:\n/var# mkdir httpd /var# chown root.root httpd /var# chmod 755 httpd /var# cp /tmp/apache_1.0.3/src/httpd httpd/httpd /var# chown root.root httpd/httpd /var# chmod 111 httpd/httpd Danach müssen die vorgefertigten Dateien aus den Verzeichnissen cgi-bin, conf und icons übernommen werden.\n/var# cd httpd /var/httpd# mkdir cgi-bin conf icons logs support /var/httpd# chown root.root cgi-bin conf icons logs support /var/httpd# chmod 755 cgi-bin conf icons logs support /var/httpd# cp /tmp/apache_1.0.3/cgi-bin/* cgi-bin/ /var/httpd# cp /tmp/apache_1.0.3/icons/* icons/ /var/httpd# cp /tmp/apache_1.0.3/conf/* conf/ /var/httpd# cp /tmp/apache_1.0.3/support/htpasswd support/ /var/httpd# cp /tmp/apache_1.0.3/support/httpd_monitor support/ /var/httpd# cp /tmp/apache_1.0.3/support/unescape support/\u0026lt;/small\u0026gt; Schließlich muss auch die DocumentRoot noch angelegt werden. Dokumente auf dem WWW-Server sollen unter Umständen auch durch normale Benutzer erzeugt werden dürfen. Es ist also sinnvoll, eine Benutzergruppe webmaster anzulegen und dieser Benutzergruppe Schreibrechte an der DocumentRoot zu geben. Dies ist recht einfach auf die folgende Weise möglich:\n/home# echo \u0026#34;webmaster::60001:\u0026#34; \u0026gt;\u0026gt; /etc/group /home# mkdir www /home# chown kris.webmaster www /home# chmod 775 www Unterhalb dieses Verzeichnisses kann dann die benötigte Dokumentenstruktur nach Bedarf durch beliebige Benutzer der Gruppe webmaster angelegt werden. Benutzer werden der Benutzergruppe webmaster zugefügt, indem ihre Benutzernamen im vierten (letzten) Feld der entsprechenden Zeile in der Datei /etc/group eingetragen werden. Die betreffenden Benutzer müssen sich neu einloggen, damit die Änderung wirksam wird.\nApache konfigurieren Dieser Abschnitt beschreibt die Konfiguration des WWW-Servers gerade weit genug, um den Server in Betrieb nehmen zu können. Eine vollständige Beschreibung der Apache-Konfiguration befindet sich im Apache Referenzhandbuch (manual.ps), das Bestandteil der Serverdistribution ist.\nAufrufoptionen Der Apache WWW-Server versteht nur wenige Aufrufoptionen. Die eigentliche Konfiguration des Servers erfolgt über Konfigurationsdateien, und die Aufrufoptionen des Servers beschränken sich darauf, dem Server mitzuteilen, wo sich diese Konfigurationsdateien befinden. Die Optionen sind im Einzelnen:\n-d documentroot Setzt den ursprünglichen Wert der Variablen DocumentRoot auf documentroot. Dies kann in der Konfigurationsdatei mit dem Kommando DocumentRoot überschrieben werden. Der Defaultwert ist /usr/local/etc/httpd. -f config Führt die Kommandos in der Datei config beim Start des Servers aus. Wenn config nicht mit einem / beginnt, wird der Pfadname relativ zur ServerRoot interpretiert. Der Defaultwert ist conf/httpd.conf. -X Der Server wird im Debugmodus gestartet. Er erzeugt keine Kindprozesse und löst sich auch nicht von der Console, um in den Hintergrundmodus zu gehen. -v Druckt die Versionsnummer des httpd und beendet sich dann. -? Druckt eine Liste der Optionen des Servers und beendet sich dann. Um den Server zu starten, ist es also notwendig, die benötigten Konfigurationdateien zu erzeugen. Der Server kann dann entweder mit dem Kommando\n~# /var/httpd/httpd -f /var/httpd/conf/httpd.conf oder mit dem Kommando\n~# /var/httpd/httpd -d /var/httpd aktiviert werden.\nMinimale Konfigurationsdateien Der Server liest beim Start drei Konfigurationsdateien ein. Jede dieser Dateien kann Schlüsselworte enthalten, die die Werte bestimmter Variablen festlegen und so den Betrieb des Servers steuern. Die Pfadnamen dieser Dateien werden wie üblich relativ zur ServerRoot interpretiert, wenn sie nicht mit einem / beginnen. Standardmäßig sind dies die folgenden Dateien:\nconf/httpd.conf Diese Datei enthält globale Steuerparameter für den WWW-Server. conf/srm.conf Diese Datei steuert das \u0026ldquo;Server Ressource Managment\u0026rdquo;. Das heisst, sie legt fest, welche URLs auf welche Pfade im Dateisystem abgebildet werden, und ob es sich bei den durch URLs referenzierten Dokumenten um statische Dateien oder um dynamisch erzeugte Dokumente handelt. Diese Variable kann mit dem Schlüsselwort RessourceConfig überschrieben werden. conf/access.conf Mit Hilfe dieser Datei können global Zugriffsrechte für bestimmte Verzeichnisse vergeben werden. Mit dem Schlüsselwort AccessConfig kann eine alternative Konfigurationsdatei bestimmt werden. Weiterhin legt der Server drei Dateien im Verzeichnis logs/ an. Einige dieser Dateien sind Logbücher, die je nach Serverlast sehr schnell sehr groß werden können. Es ist notwendig, diese Dateien regelmäßig zu sichern und den Server danach mit einem Signal zu wecken, damit er neue Logdateien aufsetzt. Die Dateien sind:\nlogs/httpd.pid Diese Datei wächst nicht und braucht auch nicht gesichert zu werden. Sie enthält in ASCII die PID des Serverprozesses. Dadurch ist es leicht möglich, den Server mit dem Kommando ~# kill -HUP `cat /var/httpd/logs/httpd.pid` zu wecken. Der Hauptprozeß des Servers wird alle seine Kindprozesse von der Änderung informieren, so daß ein einziges Signal zur Steuerung des Servers ausreichend ist.\nMit dem Schlüsselwort PidFile ist es möglich, diesen Pfadnamen zu ändern.\nlogs/error_log In dieser ständig wachsenden Datei werden alle Fehler beim Zugriff auf Komponenten des Servers mitgeloggt. Insbesondere finden sich hier auch die Fehlerausgaben von CGI-Scripten. Sollten solche Scripte also einmal nicht funktionieren, kann man dieser Datei die dabei entstehenden Meldungen entnehmen. Mit dem Schlüsselwort ErrorLog kann eine andere Logdatei festgelegt werden. Für virtuelle Hosts können unterschiedliche Logdateien bestimmt werden.\nlogs/access_log In dieser sehr schnell wachsenden Datei wird jeder Zugriff auf den Server geloggt. Es ist möglich, diese Datei zur Erzeugung von Zugriffstatistiken auszuwerten. Mit dem Schlüsselwort TransferLog kann ein anderer Dateiname festgelegt werden. Für virtuelle Hosts können unterschiedliche Logdateien bestimmt werden.\nUm den Server zu konfigurieren, kopiert man sich zweckmäßigerweise die mitgelieferten Beispiel-Konfigurationsdateien und paßt sie für die eigene Konfiguration an:\n/var/httpd/conf# cp access.conf-dist access.conf /var/httpd/conf# cp httpd.conf-dist httpd.conf /var/httpd/conf# cp srm.conf-dist srm.conf conf/httpd.conf Die mit dem Server ausgelieferte beispielhafte Konfigurationsdatei conf/httpd.conf enthält eine Reihe von Schlüsselworten zur Konfiguration des WWW-Servers. Im Einzelnen:\nPort Dieses Schlüsselwort legt fest, auf welchem TCP-Port der Server seine Dienste anbieten soll. In UNIX sind die Ports mit Portnummern kleiner 1024 geschützt und nur Programmen mit Systemverwaltungsrechten zugänglich. Der Server muss also vom Systemverwalter gestartet werden, wenn er auf dem HTTP-Standardport 80 serven soll. Für Server, die mit Benutzerrechten gestartet werden, hat es sich eingebürgert, den frei verfügbaren Port 8080 zu verwenden. Die Konfigurationsdatei enthält dann eine Anweisung der Art Port 8080.\nUser und Group Wenn der Server durch einen Systemverwalter gestartet wird, verwendet er die Systemverwalterrechte nur, um sich an den angegebenen Port zu binden. Alle anderen Dinge, insbesondere den Zugriff auf Dateien und das Starten von externen Programmen, erledigt der Server nicht unter dieser Benutzerkennung, um böse Überraschungen zu vermeiden. Mit den Anweisungen User und Group wird der Server stattdessen auf eine Benutzer- und Gruppennummer konfiguriert, die ungefährlicher ist. Die Angabe dieser Werte kann numerisch in der Form #zahl erfolgen, oder der Name eines Benutzers oder einer Benutzergruppe kann direkt gegeben werden. Beispiel:\nUser nobody Group #60001 ServerAdmin Dieses Schlüsselwort teilt dem Server die Mailadresse der für die Serververwaltung zuständigen Person mit. Der Server nennt diese Adresse in Fehlermeldungen als Adresse eines Ansprechpartners. Zukünftige Versionen des Servers werden selbstständig Problemreports an diese Adresse senden. ServerRoot Legt das ServerRoot-Verzeichnis fest. In unserer Beispielkonfiguration geschähe dies mit der Anweisung ServerRoot /var/httpd. PidFile ErrorLog TransferLog Diese drei Schlüsselworte bestimmen, wie bereits im Abschnitt oben beschrieben, die Lage der verschiedenen Logdateien. ServerName Ein Webserver muss gelegentlich wissen, unter welchem kanonischen Namen er selbst anzusprechen ist. Apache versucht, dieses Namen automatisch zu ermitteln, aber wenn dies nicht gelingt oder wenn man sicher gehen will, ist es notwendig, dem Server seinen eigenen Namen in der Konfigurationsdatei mitzuteilen. Das erfolgt dann mit diesem Schlüsselwort. Der Parameter ist ein voll qualifizierter Domainname, zum Beispiel in ServerName white.koehntopp.de conf/srm.conf Mit dieser Konfiguration legt der Serverbetreiber fest, wie der Server die verschiedenen Dokumententypen behandeln soll, die auf seinem Server verfügbar sind. Diese Datei definiert also die Zuordnung von Dateiendungen zu MIME-Typen, die Namen von Indexdateien für Verzeichnisse und den Umgang mit Landessprachen und dergleichen.\nMinimal sollte die Datei die folgenden Anweisungen enthalten:\nDocumentRoot Dieses Schlüsselwort legt die DocumentRoot des Servers fest. In unserer Beispielkonfiguration ist das: DocumentRoot /home/www. ScriptAlias Dieses Schlüsselwort ist nur dann notwendig, wenn der Server in der Lage sein soll, CGI-Scripte zur dynamischen Erzeugung von Seiten auszuführen. Die Anweisung hat die Form ScriptAlias \u0026lt;url-pfad\u0026gt; \u0026lt;realer Pfad\u0026gt; und sie verbindet den Pfad url-pfad mit dem wirklichen Pfad realer Pfad, d.h. immer dann, wenn ein Request für eine Seite unterhalb von url-pfad auf dem Server eingeht, wird das zugehörige Programm in realer Pfad gestartet und muss die angeforderte Seite berechnen.\nUm das CGI-Verzeichnis /var/httpd/cgi-bin mit dem URL-Pfad /cgi-bin zu verbinden, muss also die Anweisung\nScriptAlias /cgi-bin/ /var/httpd/cgi-bin/ gegeben werden. Ein Request für die URL /cgi-bin/dummy.pl startet dann das Programm /var/httpd/cgi-bin/dummy.pl, das eine Seite erzeugen muss.\nEs ist wichtig, daß das Verzeichnis mit den CGI-Programmen nicht unterhalb der DocumentRoot liegt. Überlappen sich die Verzeichnisse, kann es zu seltsamen Effekten kommen, weil der Server sich entscheiden muss, ob er das Script als Text ausliefert, oder ob er es startet und die Ausgabe des Scriptes ausliefert.\nDie beispielhafte srm.conf enthält weitere Anweisungen, die hier zunächst nicht behandelt werden sollen.\nconf/access.conf Die Konfigurationsdatei conf/access.conf regelt, wer auf welche Dateien des Servers zugreifen darf. Es ist möglich, einzelne Dateien oder ganze Teilbäume in der Verbreitung zu beschränken, so daß man nur von bestimmten Rechnern aus auf die Dateien zugreifen darf oder daß man sich als Benutzer zunächst mit einem Passwort gegenüber dem Server identifizieren muss, bevor man auf Seiten zugreifen kann. Auch Kombinationen von Schutzmechanismen sind möglich.\nDa sich die Konfigurationsanweisungen in dieser Datei immer auf Verzeichnisse beziehen, ist ihr Inhalt konsequent in\n\u0026lt;directory /pfad/*/name\u0026gt; ... \u0026lt;/directory\u0026gt; gegliedert. Dabei ist zu beachten, daß die \u0026lt;directory\u0026gt;-Anweisungen vielleicht wie HTML-Tags aussehen, aber keine sind. Sie müssen auf jeden Fall einzeln in einer Zeile stehen und dürfen auch keine optionalen Parameter wie HTML-Attribute haben. Die Pfade, die in \u0026lt;directory\u0026gt;-Anweisungen genannt werden, sind immer physikalische Pfade des Dateisystems und keine URL-Pfade.\nInnerhalb eines \u0026lt;directory\u0026gt;-Abschnittes können dann mit verschiedenen Anweisungen Optionen und Zugriffsrechte für die in diesem Abschnitt spezifizierten Verzeichnisse festgelegt werden.\nUnsere Beispielkonfiguration soll ohne weitere Erklärungen zunächst einmal die folgenden Anweisungen enthalten:\n\u0026lt;Directory /var/httpd/cgi-bin\u0026gt; Options Indexes FollowSymLinks \u0026lt;/Directory\u0026gt; \u0026lt;Directory /home/www\u0026gt; Options Indexes AllowOverride None \u0026lt;/Directory\u0026gt; CGI-Programmierung Oftmals möchte man HTML-Seiten mit dynamisch erzeugtem Inhalt haben. Solche Seiten sind nicht fest in Verzeichnissen des Servers abgelegt, sondern werden beim Abruf durch ein Programm erzeugt. Das erzeugende Programm muss vom Server auf eine bestimmte Weise aufgerufen werden, damit es weiß, welche Art von Seite es erzeugen soll und es muss seine Ausgabe auf eine bestimmte Weise erzeugen, damit der Server diese Ausgabe als eine WWW-Seite interpretieren kann. Die Norm, nach der das externe Programm und der WWW-Server zusammenspielen, wird als das Common Gateway Interface (CGI) bezeichnet.\nAktivierung von CGI-Programmen durch Apache Grundsätzlich kennt der Apache WWW-Server vier verschiedene Möglichkeiten, externe Programme zur Erzeugung von WWW-Seiten einzusetzen:\nCGI-Pfade mit ScriptAlias Apache sieht wie alle ernstzunehmenden WWW-Server Möglichkeiten vor, mit denen man URL-Pfade mit Scriptverzeichnissen verbinden kann. In Apache geschieht dies, wie weiter oben beschrieben, mit der Anweisung ScriptAlias. Zugriffe auf Seiten unterhalb der durch den ScriptAlias spezifizierten URL bewirken, daß das angegebene Programm gestartet wird und die Seite berechnet.\nProgramme mit der Endung .cgi Anstatt CGI-Scripte in bestimmten Verzeichnissen unterzubringen, kann Apache solche Scripte auch an einer bestimmten Endung erkennen, unabhängig davon, in welchem Verzeichnis sie sich befinden. Standardmäßig verwendet man für solche Scripte die Endung .cgi, aber es kann auch jede beliebige andere noch nicht vergebene Dateiendung konfiguriert werden. Verantwortlich für den Start von Scripten mit der Endung .cgi ist das Apache-Modul mod_cgi. Es bewirkt, daß alle Dateien, die über die Erkennung von Dateiendungen mit dem MIME-Type application/x-httpd-cgi gekennzeichnet werden, nicht als statische Texte ausgeliefert werden. Der Server versucht stattdessen die Datei als Programm zu starten und liefert die Ausgabe des Programms an den Abrufer zurück. Mit der Anweisung\nAddType application/x-httpd-cgi .cgi in der conf/srm.conf-Konfigurationsdatei wird dem Server mitgeteilt, welche Dateiendungen diesen MIME-Type haben. Im Beispiel wird die Standardzuordnung definiert, die .cgi-Dateien als ausführbar markiert, aber es ist prinzipiell möglich, andere und auch mehrere Dateiendungen zu CGI-Endungen zu erklären. Bis auf die bequemere Installation (kein besonderes Verzeichnis notwendig) unterscheidet sich dieses Verfahren nicht vom Programmstart mit ScriptAlias.\nServer Side Includes (SSI) Manchmal möchte man nicht eine ganze WWW-Seite durch ein Script berechnen lassen, sondern nur einfache Textersetzungen auf einer Seite vornehmen oder nur Teile einer Seite von einem Script erzeugen lassen. Solche Seiten sind ein typischer Anwendungsfall für SSI. SSI-Dateien werden vom Server nicht unmittelbar ausgeliefert, sondern der Server erwartet in der Datei HTML-Kommentare. Einige, spezielle Kommentare werden vom Server als Steueranweisungen interpretiert. Der Server ersetzt in diesem Fall den gesamten betroffenen Kommentar durch das Ergebnis der Steueranweisung. SSI wird durch das Apache-Module mod_include verwaltet. Es wird vom Server auf alle Dateien mit dem MIME-Type text/x-server-parsed-html angewendet. Wieder kann man mit der AddType-Anweisung in der Ressourcenkonfiguration bestimmten Dateiendungen diesen MIME-Type zuordnen:\nAddType text/x-server-parsed-html .shtml Wie im Beispiel gezeigt, wird standardmäßig die Dateiendung .shtml verwendet, um Seiten mit SSI zu markieren. Wenn die Servererweiterung XBITHACK bei der Übersetzung des Servers aktiviert war und in der Ressourcenkonfiguration durch die Anweisung\nXBitHack on aktiviert ist, dann werden auch normale .html-Dateien als SSI-Dateien erkannt, sobald das x-Recht für User an der betreffenden Datei gesetzt ist.\nFalls die Variable auf den Wert full statt auf on gesetzt wird, testet Apache außerdem noch das x-Recht für Gruppen an der Datei. Ist es gesetzt, wird ein Last-Modified-Header mit dem Dateidatum erzeugt. Ist es nicht gesetzt, wird auch kein Last-Modified-Header erzeugt. Auf diese Weise kann man das Verhalten von Caches und Proxies auf dem Weg zum Client beeinflussen.\nServer Module (AAPI) In besonderes komplizierten Anwendungsfällen oder wenn es ganz besonders auf Geschwindigkeit ankommt, ist es nicht mehr ausreichend, den Server durch externe Programme zu erweitern. In diesem Fall muss die Erweiterung des Servers um weitere Eigenschaften stattdessen Bestandteil des Servers selbst werden. Apache ist ein modularer Server, und da er im Quelltext vorliegt, ist sehr leicht möglich, den Server durch weitere Module zu erweitern. Module lassen sich besonders leicht einfügen, wenn sie sich an die vom Server bereitgestellte Programmierschnittstelle halten, das Apache API. Solche Module lassen sich außerdem auch mit dem experimentellen Modul mod_dld zur Laufzeit nachladen und ohne erneute Übersetzung des Servers einbinden.\nAuch andere Server haben Modulschnittstellen, die leider meistens zueinander inkompatibel sind. Bekannt ist vor allen Dingen die Netscape Server API zur Programmierung von Modulen (Plugins) für die Netscape Serverfamilie.\nEinfache CGI-Programme Einfache CGI-Programme werden über einen normalen Link aktiviert und übernehmen keine Eingabeparameter. Sie können aber Informationen aus anderen Datenquellen beziehen, etwa aus den Logbuchdateien des Servers oder aus anderen Dateien auf dem Serverrechner.\nDas folgende Beispiel zeigt das einfachste CGI-Programm überhaupt. Dieses Programm tut nichts weiter, als ein Dokument mit dem MIME-Type text/plain zu erzeugen und dann seine Ablaufumgebung auszudrucken. Es eignet sich damit ausgezeichnet als Hello, World!-Programm und dient gleichzeitig zum Erkunden der Ablaufumgebung für CGI-Programme:\n#! /bin/sh -- echo \u0026#34;Content-Type: text/plain\u0026#34; echo echo \u0026#34;Pfad:\u0026#34; echo \u0026#34;$PATH\u0026#34; echo echo \u0026#34;Aktuelles Verzeichnis:\u0026#34; pwd echo echo \u0026#34;UID/GID:\u0026#34; id echo echo \u0026#34;Umgebungsvariablen:\u0026#34; env | sort echo echo \u0026#34;Prozessliste:\u0026#34; ps alxwww Dieses einfache CGI-Programm ist das CGI-Äquivalent von \u0026ldquo;Hello, World\u0026rdquo;. Zusätzlich druckt es noch Informationen über die Ablaufumgebung des Scriptes aus.\nDas CGI-Programm ist in der Scriptsprache der UNIX-Shell /bin/sh geschrieben, aber jede andere Programmiersprache ist ebenso geeignet. CGI-Programme müssen ihre Ausgabe auf der Standardausgabe liefern und sie müssen der eigentlich nutzbaren Ausgabe einen Absatz voranstellen, der zwingend den MIME-Typen der Ausgabe festlegt und weitere optionale Angaben über das erzeugte Dokument enthalten darf. Dieser Absatz muss durch eine Leerzeile vom nutzbaren Teil der Ausgabe getrennt sein.\nUm das Programm ausprobieren zu können, muss es als CGI-Programm auf dem Server installiert werden. Das bedeutet:\nEntweder muss es als Datei mit einem beliebigen Namen im cgi-bin-Verzeichnis des Servers installiert werden, oder es muss als Datei mit der Endung .cgi in einem Verzeichnis der DocumentRoot installiert werden. In beiden Fällen muss die Datei als für das Betriebssystem ausführbar installiert werden, damit der Server das Programm starten kann.\nIn unserer Beispielkonfiguration kann das Programm wie folgt installiert werden:\n/var/httpd# cp /tmp/hello cgi-bin/ /var/httpd# chmod 755 cgi-bin/hello Mit einem Browser kann nun die URL http://server/cgi-bin/hello abgerufen werden, um das Script zu starten. Seine Ausgabe ist etwas länglich, aber sehr informativ: Wir erfahren den Pfadnamen, der vom Server und von unseren eigenen CGI-Programmen durchsucht wird, um externe Programme zu starten, und das Script nennt uns das aktuelle Verzeichnis, in dem unsere CGI-Programme ablaufen. Außerdem bekommen wir mitgeteilt, mit welchen Benutzerrechten das Script abläuft und welche Umgebungsvariablen ihm zur Verfügung stehen. Letztere Information ist besonders aufschlussreich, denn offenbar definiert das Common Gateway Interface eine ganze Liste von Umgebungsvariablen, die dem externen Programm vom WWW-Server zur Verfügung gestellt werden.\nWeiter unten sehen wir eine leicht gekürzte, beispielhafte Ausgabe des Scriptes.\nPfad: /bin:/usr/bin:/usr/local/bin Aktuelles Verzeichnis: /var/httpd/cgi-bin UID/GID: uid=65534(nobody) gid=65535(nogroup) groups=65535(nogroup) Umgebungsvariablen: DOCUMENT_ROOT=/home/www GATEWAY_INTERFACE=CGI/1.1 HOSTTYPE=i386 HTTP_ACCEPT=image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, image/tiff, multipart/x-mixed-replace, */* HTTP_ACCEPT_LANGUAGE=de, en, fr, es, it HTTP_HOST=white HTTP_PRAGMA=no-cache HTTP_USER_AGENT=OmniWeb/2.0.1 OWF/1.0 OSTYPE=Linux PATH=/bin:/usr/bin:/usr/local/bin QUERY_STRING= REMOTE_ADDR=193.102.57.1 REMOTE_HOST=black REQUEST_METHOD=GET SCRIPT_FILENAME=/var/httpd/cgi-bin/hello SCRIPT_NAME=/cgi-bin/hello SERVER_ADMIN=kris@koehntopp.de SERVER_NAME=white.koehntopp.de SERVER_PORT=80 SERVER_PROTOCOL=HTTP/1.0 SERVER_SOFTWARE=Apache/1.0.3 SHELL=/bin/bash SHLVL=1 TERM=dumb _=/usr/bin/env Prozessliste: ... In der Ausgabe des \u0026ldquo;Hello, World\u0026rdquo;-Programmes ist die umfangreiche Liste der durch den Server bereitgestellten CGI-Variablen erkennbar.\nDie Bedeutung der verschiedenen Umgebungsvariablen eines CGI-Programmes wird folgenden Abschnitt erklärt. Die meisten Programme werten jedoch nur die Variable QUERY_STRING oder eine der (im Beispiel nicht erzeugten) Variablen PATH_INFO und PATH_TRANSLATED aus.\nUmgebung von CGI-Programmen Webserver unter UNIX versorgen ihre CGI-Programme mittels Umgebungsvariablen mit den verschiedensten Fakten über den Aufrufer. Unter anderen Betriebssystemen werden andere Mechanismen zur Übermittlung der Information verwendet, aber die Art und die Namen der übermittelten Funktionen bleibt gleich.\nStandard-Variablen Der Client, den der Anwender benutzt, um das CGI-Programm auf dem Server zu aktivieren, liefert dem Server eine ganze Reihe von Informationen, die dieser auch dem CGI-Programm selbst zur Verfügung stellt. Das CGI-Programm kann diese Informationen auswerten und eventuell für die Gestaltung der Seite verwenden.\nSERVER_SOFTWARE Der Name und die Versionsnummer des Servers, der das CGI-Programm gestartet hat. Beispiel: Apache/1.0.3 SERVER_NAME Der Hostname des Servers, der das CGI-Programm gestartet hat. Ist dieser Name nicht verfügbar, wird hier eine IP-Nummer übergeben. Beispiel: white.koehntopp.de SERVER_PORT Die Portnummer des Servers, der das CGI-Programm gestartet hat. Beispiel: 80 SERVER_ADMIN Die Mailadresse des Serveradministrators. Das CGI-Programm kann in Notfällen Fehlermeldungen an diese Adresse mailen. Beispiel: user@example.com GATEWAY_INTERFACE Die Version der CGI-Spezifikation, nach diese Umgebungsvariablen erzeugt wurden. Beispiel: CGI/1.1 SERVER_PROTOCOL Der Name und die Versionsnummer des Protokolls, mit dem der Request empfangen wurde, der das CGI-Programm aktiviert hat. Beispiel: HTTP/1.0 REQUEST_METHOD Die Request-Methode, die für das Starten des CGI-Programms verantwortlich war. Diese Methode legt fest, auf welche Weise das CGI-Programm an seine Eingabeparameter kommt. Beispiel: GET, HEAD oder POST. Bei jedem Datentausch zwischen einem WWW-Browser und Server werden fast immer auch optionale Informationen in Form von zusätzlichen Request-Headerzeilen ausgetauscht. Anstatt für alle Eventualitäten vorauszuplanen und Header zu definieren, hat man in der CGI-Spezifikation festgelegt, daß solche zusätzlichen Headerzeilen in Uppercase mit dem Prefix HTTP_ versehen werden sollen und an das CGI-Programm weitergegeben werden. Wenn der Browser also die optionale HTTP-Informationszeile Bla: Fasel einliefert, dann wird dem CGI-Programm die Umgebungsvariable HTTP_BLA mit dem Wert Fasel vorbelegt übergeben.\nDie folgenden Variablen findet man in nahezu jeder CGI-Anfrage:\nHTTP_REFERER Die URL des Dokumentes, das auf das CGI-Programm verwiesen hat. Auf dieser Seite hat der Benutzer also ein Link angeklickt, der auf das Programm verwiesen hat, oder ein Formular abgesendet, das das CGI-Programm aktiviert hat. Beispiel: http://www.example.com/cgistarter.html HTTP_HOST Viele Serverrechner betreiben nicht nur einen einzigen Webserver, sondern eine ganze Palette von Servern für unterschiedliche Anbieter unter verschiedenen Namen. Diese Variable enthält, wenn sie vorhanden ist, den Namen, unter dem der Server angesprochen wurde. Beispiel: www.example.com HTTP_USER_AGENT Die Typbezeichnung und Versionsnummer der Browser-Software. Einige CGI-Programme werten diese Variable aus, um die Fähigkeiten des Browsers zu bestimmen und je nach Bedarf die Ausgabe anzupassen (Tabellen, Frames, Javascript, ActiveX, Java). Beispiel: OmniWeb/2.0.1 OWF/1.0 HTTP_ACCEPT Eine Liste aller MIME-Types, die der Client als Antworttyp akzeptiert. Beispiel: text/plain, text/html, image/* Und schließlich gibt es noch eine ganze Gruppe von Variablen, die direkt Informationen über den Request enthalten, der das CGI-Programm gestartet hat:\nPATH_INFO CGI-Programme können nach dem Pfadnamen zum Aufruf des Scriptes noch weitere Pfadkomponenten enthalten. Zum Beispiel könnte das Beispielprogramm aus dem Beispiel oben mit der URL http://server/cgi-bin/hello/more/info aufgerufen werden. Die Variable hält in diesem Fall dann die \u0026ldquo;überstehenden\u0026rdquo; Komponenten des Pfades zur Auswertung durch das Script bereit. Beispiel: /more/info PATH_TRANSLATED Falls das CGI-Programm mit einem verlängerten CGI-Pfad aufgerufen wurde, kann dieser Pfad vom WWW-Server auf die übliche Weise in einen wirklichen Dateinamen übersetzt werden. Das Ergebnis dieser Übersetzung ist dann in dieser Variable zu finden. Beispiel: /home/www/more/info SCRIPT_NAME Der Teil der URL, der zum Aufruf des CGI-Programmes geführt hat, ist in dieser Variablen in URL-Form zu finden. Beispiel: /cgi-bin/hello SCRIPT_FILENAME Die Information aus SCRIPT_NAME wird für das CGI-Programm ebenfalls in wirkliche Dateinamen übersetzt bereitgehalten. Beispiel: /var/httpd/cgi-bin/hello QUERY_STRING Diese Variable enthält eine Liste von Parametern, die dem CGI-Programm mitgegeben worden sind. Die Parameter liegen in codierter Form vor (Siehe den folgenden Abschnitt) und müssen durch das CGI-Programm decodiert werden, bevor sie verwendet werden können. Beispiel: name=Otto+Normaluser\u0026amp;phone=441777 REMOTE_HOST Der Name des Rechners, der den Request gemacht hat, soweit er verfügbar ist. Beispiel: mahaki.koehntopp.de REMOTE_ADDRESS Die IP-Nummer des Rechners, der den Request eingeliefert hat. Beispiel: 192.103.57.2 AUTH_TYPE Die Methode, mit der die Useridentität in der Variablen REMOTE_USER verifiziert worden ist, falls eine Verifikation überhaupt stattgefunden hat. Beispiel: Basic REMOTE_USER Die verifizierte Identität des Benutzers, der den Request eingeliefert hat, wenn eine Verifikation überhaupt stattgefunden hat. Beispiel: marit CONTENT_TYPE Der MIME-Type der Daten, die mit einem PUT- oder POST-Request eingeliefert worden sind. Beispiel: text/plain CONTENT_LENGTH Die Länge der Daten in Bytes, die mit einem PUT- oder POST-Request eingeliefert worden sind. Beispiel: 17321 Apache-Spezialvariablen Apache stellt zusätzlich zu den im CGI-Standard definierten Variablen noch einige zusätzliche Informationen bereit.\nDOCUMENT_ROOT Diese Variable enthält den Pfad zur DocumentRoot aus der Serverkonfiguration. Beispiel: /home/www REDIRECT_... Apache ist in der Lage, nach Maß zugeschnittene Fehlermeldungen zu erzeugen. Geschickterweise erzeugt man diese Fehlermeldungen durch ein CGI-Script. Damit das richtig funktioniert, muss Information über den alten Request vorhanden sein, der den Fehler hervorgerufen hat. Apache stellt also alle Variablen des alten Requests mit dem zusätzlichen Prefix REDIRECT_ in der Fehlerbehandlung zur Verfügung. Außerdem tauchen zwei zusätzliche neue Variablen auf, nämlich REDIRECT_URL, die URL, die den Fehler hervorgerufen hat, und REDIRECT_STATUS, der HTTP-Statuscode, der Auskunft über die Art des Fehlers gibt.\nZusätzliche Variablen Mit dem Schlüsselwort PassEnv ist es möglich, weitere Variablen aus der Umgebung des Serverprozesses in die Umgebung des CGI-Scriptes weiterzugeben. Die Anweisung\nPassEnv HOSTNAME würde zum Beispiel bewirken, daß die Umgebungsvariable HOSTNAME aus der Serverumgebung auch in CGI-Programmen sichtbar wäre, wenn sie überhaupt definiert ist.\nMit dem Schlüsselwort SetEnv ist es außerdem möglich, gezielt Variablen in der Umgebung des CGI-Programmes zu erzeugen. Die Anweisung\nSetEnv DEBUG_ZONE parser würde für alle CGI-Programme die Umgebungsvariable DEBUG_ZONE mit dem Wert parser belegen. Dies ist, wie der Name der Variablen schon andeuten soll, ausgesprochen nützlich, um Debugging in CGI-Scripten zu aktivieren.\nParameterübergabe an CGI-Programme CGI-Programme können durch direkte Links oder durch Formulare (siehe folgendes Kapitel) aktiviert werden. In beiden Fällen ist es möglich, dem gestarteten CGI-Programm Parameter mitzugeben. Für den Programmierer des CGI-Programmes sind dabei zwei Dinge interessant: die HTTP-Methode, mit der die Daten übergeben werden, und die Codierung der übergebenen Daten.\nHTTP-Methoden Wie die meisten Protokolle, die im Internet eingesetzt werden, ist auch HTTP ein Protokoll, das Daten in ASCII und zeilenorientiert übermittelt. Auf diese Weise ist ein Client oder Server für das Protokoll schnell mit Hilfe der C-Bibliothek programmiert, und das Programm lässt sich auch ohne Gegenstelle schnell mit telnet testen.\nGET /cgi-bin/hello/more/info HTTP/1.0 Accept: text/html, image/gif, image/jpeg User-Agent: Mozilla/2.02 (Windows; I; 32bit) \u0026lt;Leerzeile\u0026gt; Ein Beispiel für einen HTTP-Request: Ein Netscape-Client fordert den URL-Pfad /cgi-bin/hello/more/info an.\nEin Request, den ein HTTP-Client, etwa ein WWW-Browser, an den Server sendet, sieht beispielweise so wie oben aus. Das Schlüsselwort GET signalisiert, daß eine Seite vom WWW-Server abgeholt werden soll, daß also in der Terminologie von HTTP die GET-Methode verwendet werden soll. Dahinter werden der URL-Pfad und die benutzte Protokollversion angegeben.\nDie folgenden Zeilen des Requests bis zur ersten Leerzeile können aus beliebig vielen Parametern bestehen, die dem GET-Request noch mitgegeben werden. Der Browser teilt dem Server so mit, welche Datentypen er in der Antwort unterstützt und um welche Programmversion welchen Herstellers es sich bei dem Browser handelt. Prinzipiell ist der Request durch die Einführung neuer Zeilen beliebig erweiterbar.\nDer Server beantwortet einen solchen Request wie unten gezeigt auf eine ganz ähnliche Weise: Auch er erzeugt zunächst eine formalisierte Antwortzeile, in der er die verwendete Protokollversion, einen Statuscode und einen Freitext, der den Statuscode erläutert, zurückgibt. Danach folgt wieder ein relativ frei formatierte Headerblock, der Informationen über das gelieferte Dokument enthält, und dann, nach einer Leerzeile, das eigentliche Dokument.\nHTTP/1.0 200 OK Date: Mon, 04-Nov-1996 19:54:32 GMT Server: Apache 1.0.3 Mime-Version: 1.0 Last-Modified: Mon, 04-Nov-1996 19:54:32 GMT Content-Type: text/plain \u0026lt;Leerzeile\u0026gt; ... Ein Beispiel für eine HTTP-Response. Der Server beantwortet den Request zunächst mit einem Headerblock mit Metainformationen über die gewünschten Daten. Nach einer Leerzeile kommen dann die angeforderten Informationen.\nDie GET-Methode Die GET-Methode kann nicht nur verwendet, um Informationen von einem Server anzufordern, sondern sie kann zugleich auch Informationen zum Server übertragen, falls die angeforderte URL ein CGI-Programm bezeichnet.\nEine solche URL hat die Form\nprotokoll://server/path/file/extra_daten?query_string Die Informationen aus extra_daten werden dem CGI-Programm in den Variablen PATH_INFO und PATH_TRANSLATED zur Verfügung gestellt, wie weiter oben beschrieben. Die Informationen aus dem query_string tauchen im CGI-Programm dagegen in der gleichnamigen Variablen auf. Sie liegen in einer codierten Form vor, die als urlencoded bezeichnet wird und die im folgenden Abschnitt beschrieben wird.\nDaten, die in GET-Methoden codiert werden, sind in der URL sichtbar. Solche Anfragen an CGI-Programme lassen sich also in Bookmarks oder Hotlists mit Parametern abspeichern. Das ist sehr nützlich, wenn man Benutzern vorgefertigte Anfragen an Suchmaschinen oder andere Roboter präsentieren möchte. Solche URLs können aber sehr lang und sehr hässlich werden, wenn viele Parameter zu übergeben sind. Für diese Zwecke ist die im Folgenden beschriebene POST-Methode besser geeignet.\nDie POST-Methode Die POST-Methode sendet die Parameter für das CGI-Programm in einer gesonderten Übertragung an den Server. Die Daten werden für das Programm zur Standardeingabe. Da die Daten nicht Bestandteil der URL sind, besteht das Problem der zu langen Eingaben hier nicht. Auf der anderen Seite ist es nicht möglich, POST-Anfragen mit Parametern in Hotlists zu speichern. Die übertragenen Daten sind auch hier wieder urlencoded, obwohl es prinzipiell nicht unbedingt notwendig wäre.\nURL-Encoding Die Daten, die einem CGI-Programm übergeben werden, sind unabhängig von der verwendeten Transfermethode in jedem Fall urlencoded gesendet. Die Codierung wurde notwendig, weil man vor der Erfindung der POST-Methode mehrere Variablen mit Zeichen aller Art an den Server senden wollte und die Daten dazu in die mittels eines GET angeforderte URL eincodiert werden mussten. Eine solche URL darf bestimmte Zeichen nicht enthalten: Unter anderem kann eine URL keine Leerzeichen enthalten.\nDie Trennung zwischen eigentlicher URL und zusätzlichen Daten für einen QUERY_STRING erfolgt wie oben schon angedeutet mit einem Fragezeichen (?). Die Daten im QUERY_STRING können aus mehreren Feldern der Form name=wert bestehen. Die einzelnen Felder werden durch Und-Zeichen (\u0026amp;) voneinander getrennt. Ein QUERY_STRING kann also so aussehen:\nname1=wert1\u0026amp;name2=wert2\u0026amp;name3=wert3... Um jetzt innerhalb eines Strings in urlencoding trotzdem Fragezeichen, Undzeichen und andere Sonderzeichen verwenden zu können, bedient man sich folgender Ersetzungsregeln:\nLeerzeichen werden durch Pluszeichen (+) dargestellt. Der String \u0026ldquo;Dies ist ein Test\u0026rdquo; wird also zu \u0026ldquo;Dies+ist+ein+Test\u0026rdquo;. Andere Zeichen, die in einer URL nicht mehr vorkommen dürfen, werden durch das Zeichen Prozent (%) gefolgt vom zweistelligen hexadezimalen Zeichencode des Zeichens dargestellt. Der String \u0026ldquo;#$%\u0026rdquo; wird also zu \u0026ldquo;%23%24%25\u0026rdquo;. Jedes CGI-Programm muss in irgendeiner Form Funktionen zum Decodieren von Daten enthalten, die urlencoded vorliegen.\nFormulare mit HTML Natürlich ist es möglich, Eingaben für CGI-Programme zusammenzustellen, indem man von Hand einen GET-Request zusammenbaut. Schöner und bunter erzeugt man solche Requests jedoch mit HTML-Formularen, den FORMS.\nDer \u0026lt;FORM\u0026gt;-Tag Man kann Teile einer HTML-Seite zu Formularen erklären, indem man sie in die speziellen Tags \u0026lt;FORM\u0026gt; und \u0026lt;/FORM\u0026gt; einschließt. Innerhalb dieses Bereiches dürfen dann zusätzliche Tags verwendet werden, um Bedienelemente und Eingabefelder zu definieren. Eine einzige HTML-Seite kann mehrere Forms enthalten, und diese verschiedenen Forms können unterschiedliche CGI-Programme starten, wenn dies notwendig sein sollte.\nDer \u0026lt;FORM\u0026gt;-Tag muss in jedem Fall ein ACTION=-Attribut haben. Dieses Attribut gibt die URL eines CGI-Programmes an, das aktiviert werden soll, wenn das Formular abgeschickt wird. Optional kann der \u0026lt;FORM\u0026gt;-Tag noch mit einem Attribut METHOD= ausgezeichnet werden, das die Methode der Parameterübergabe spezifiziert. Mögliche Werte für diese Methode sind GET oder POST. Fehlt die Angabe einer Methode, wird GET angenommen. Das folgende Beispiel zeigt ein leeres Formular, das unser Beispielprogramm hello aufrufen soll.\n\u0026lt;html\u0026gt; \u0026lt;head\u0026gt;\u0026lt;title\u0026gt;Testformular\u0026lt;/title\u0026gt;\u0026lt;/head\u0026gt; \u0026lt;body\u0026gt; \u0026lt;h1\u0026gt;Testformular\u0026lt;/h1\u0026gt; \u0026lt;form action=\u0026#34;http://server/cgi-bin/hello\u0026#34; method=\u0026#34;get\u0026#34;\u0026gt; Hier Formulardaten einfügen. \u0026lt;/form\u0026gt; \u0026lt;/html\u0026gt; Dieses leere Formular ist der Ausgangspunkt für die Gestaltung von HTML-Seiten mit Formularen.\nDer \u0026lt;INPUT\u0026gt;-Tag Innerhalb des Formularteils einer HTML-Seite kann normaler HTML-Code stehen. Außerdem ist eine Reihe von zusätzlichen Tags erlaubt, die die Bedienelemente des Formulars definieren. Der vielseitigste Tag zur Definition dieser Bedienelemente ist \u0026lt;INPUT\u0026gt;. Mit ihm lassen sich außer Feldern zur Eingabe von Texten und Paßworten auch Check- und Radiobuttons erzeugen. Außerdem kann er versteckte Eingabefelder definieren und Dateiauswahlboxen zum Upload von Dateien auf den Server starten.\nText- und Paßwortfelder Die Formen des \u0026lt;INPUT\u0026gt;-Tags zur Erzeugung von Text- und Paßwortfeldern sind identisch. Die Tags werden vom Browser auch identisch dargestellt. Der einzige Unterschied ist, daß ein Textfeld die Benutzereingaben anzeigt, während ein Paßwortfeld sie zwar aufnimmt, aber die Eingabe verbirgt. Warnung: Ein Paßwortfeld verbirgt die Daten zwar bei der Eingabe, aber der Transport über das Internet erfolgt offen und unverschlüsselt, wenn nicht besondere Vorkehrungen zur sicheren Kommunikation getroffen werden.\nDie volle Form eines \u0026lt;INPUT\u0026gt;-Tags lautet:\n\u0026lt;input type={feldtyp} name={variablenname} value={defaultwert} size={feldbreite} maxlength={eingabelänge} Bis auf die Felder TYPE= und NAME= sind die Attribute des Tags optional. Sie bedeuten im Einzelnen:\nTYPE= Der Typ des Feldes bestimmt das Aussehen des Kontrollelementes auf der HTML-Seite. Er kann für die hier diskutierten Eingabefelder entweder TEXT oder PASSWORD sein. NAME= Der Name des Feldes bestimmt den Namen der Variablen, die später dem CGI-Programm übergeben wird. Der Name dieser Variablen ist nicht frei wählbar, sondern wird vom Programmierer des CGI-Programmes festgelegt. Es ist sehr wichtig, hier Groß- und Kleinschreibung des Namens genau zu beachten. VALUE= Wenn das optionale Attribut VALUE= vorhanden und mit einem Wert belegt ist, wird dieser Wert als Defaultwert des Feldes vorgegeben. Fehlt das Attribut, ist das Eingabefeld zu Beginn leer. SIZE= Dieses Attribut legt fest, wie viele Zeichen Breite das Eingabefeld am Bildschirm haben soll. Der Defaultwert ist 20 Zeichen. Ältere CGI-Formulare haben die Form SIZE=x,y verwendet, um mehrzeilige Eingabefelder zu erzeugen. Das ist zwar immer noch prinzipiell möglich, aber der weiter unten diskutierte Tag \u0026lt;TEXTAREA\u0026gt; bietet sehr viel bessere Editiermöglichkeiten. MAXLENGTH= Dieses Attribut legt fest, wie lang die Eingabe im Textfeld wirklich sein darf. Dies ist unabhängig von der mit SIZE= festgelegten sichtbaren Breite des Textfeldes. Die folgende Abbildung zeigt das mögliche Aussehen eines \u0026lt;INPUT TYPE=\u0026quot;text\u0026quot;\u0026gt;-Tags.\nSource:\n\u0026lt;input type=\u0026#34;text\u0026#34; value=\u0026#34;info\u0026#34; size=\u0026#34;23\u0026#34; name=\u0026#34;zeile\u0026#34;\u0026gt; Aussehen: Ein Beispiel mit einem \u0026lt;INPUT TYPE=\u0026quot;text\u0026quot;\u0026gt;-Tag.\nCheck- und Radioboxes Wenn man dem Benutzer keine Eingabe in freier Form erlauben möchte, bietet es sich für kleine Mengen auszuwählender Optionen an, je nach Art der Auswahl entweder Checkboxen oder Radioboxen zu definieren.\nCheckboxen sind kleine Kästchen, die der Benutzer ankreuzen kann und die eine Option entweder ein- oder ausschalten. Radioboxen bieten dagegen eine Eins-aus-n-Auswahl an: Unter einer Menge von Optionen ist nur genau eine auswählbar.\nIn beiden Fällen sieht der \u0026lt;INPUT\u0026gt;-Tag zur Erzeugung dieser Auswahl so aus:\n\u0026lt;input type={typ} name={variablenname} value={wert} checked\u0026gt; Außer dem Attribut CHECKED sind alle Attribute dieses Tags vorgeschrieben und dürfen nicht weggelassen werden. Sie bedeuten:\nTYPE= Dieses Attribut ist entweder CHECKBOX oder RADIO und legt damit den Typ des Knopfes fest. NAME= Dieses Attribut bestimmt wie immer den Namen der Variable, die dem CGI-Programm übergeben wird. VALUE= Dieses Attribut ist im Gegensatz zu TEXT-Eingaben nicht optional. Ist die entsprechende Box selektiert, wird die Eingabevariable des CGI-Programmes mit dem hier angegebenen Wert belegt, sonst ist sie leer. CHECKED Dieses optionale Attribut markiert den Defaultwert der Box. Ist es vorhanden, erscheint die Box angeklickt. Das folgende Beispiel zeigt das mögliche Aussehen dieser Tags.\n\u0026lt;input type=\u0026#34;checkbox\u0026#34; value=\u0026#34;doit\u0026#34; name=\u0026#34;check1\u0026#34;\u0026gt;A \u0026lt;input type=\u0026#34;checkbox\u0026#34; value=\u0026#34;again\u0026#34; name=\u0026#34;check2\u0026#34; checked\u0026gt;B \u0026lt;input type=\u0026#34;radio\u0026#34; value=\u0026#34;eins\u0026#34; name=\u0026#34;radio1\u0026#34;\u0026gt;A \u0026lt;input type=\u0026#34;radio\u0026#34; value=\u0026#34;zwei\u0026#34; name=\u0026#34;radio1\u0026#34;\u0026gt;B \u0026lt;input type=\u0026#34;radio\u0026#34; value=\u0026#34;drei\u0026#34; name=\u0026#34;radio1\u0026#34; checked\u0026gt;C A A B C\nEin Beispiel mit Radio- und Checkboxes.\nEin wichtiger Unterschied zwischen Checkboxen und Radioboxen existiert: Checkboxen müssen immer verschiedene NAME=-Attribute haben, denn jede Checkbox existiert für sich alleine und unabhängig von anderen Checkboxen.\nRadioboxen treten dagegen in Gruppen auf und innerhalb einer Gruppe von Radioboxen kann immer nur eine selektiert sein. Eine Gruppe von Radioboxen wird durch gleiche NAME=-Attribute definiert.\nVersteckte Eingabefelder Mit einem Eingabefeld vom Typ HIDDEN lassen sich versteckte Eingabefelder anlegen:\n\u0026lt;INPUT TYPE=\u0026#34;HIDDEN\u0026#34; NAME={variablennamen} VALUE={wert}\u0026gt; Solche Eingabefelder sind nicht sichtbar und auch nicht veränderbar. Sie werden in jedem Fall unverändert an das CGI-Programm übergeben. Versteckte Eingabefelder sind nützlich, wenn man ein CGI-Programm mit mehreren Funktionen hat, bei dem über ein Eingabefeld eine Funktion ausgewählt werden muss, oder wenn man einen Zustand in einer dynamisch erzeugten Seite über eine Transaktion hinweg retten muss.\nDateiupload Es ist möglich, über ein Eingabefeld vom Typ FILE ganze Dateien auf den WWW-Server zu uploaden. Es ist dringend angeraten, für eine solche Transaktion ein Formular mit der Methode POST zu verwenden. Außerdem muss dem Formular mit dem Attribut ENCTYPE=multipart/form-data klargemacht werden, auf welche Weise der Upload zu geschehen hat. Hinweis: FILE ist eine Netscape-Erweiterung.\n\u0026lt;FORM ACTION=\u0026#34;URL\u0026#34; METHOD=\u0026#34;POST\u0026#34; ENCTYPE=\u0026#34;multipart/form-data\u0026#34;\u0026gt; Dateinamen angeben: \u0026lt;INPUT TYPE=\u0026#34;FILE\u0026#34; NAME=\u0026#34;upload\u0026#34;\u0026gt; \u0026lt;/FORM\u0026gt; Absenden und Rücksetzen Mit den gezeigten Tags lassen sich zwar unfangreiche Formulare erzeugen, aber diese Formulare können noch nicht in Betrieb genommen werden, denn es fehlt ein Knopf zum Absenden des Formulars. HTML sieht für diesen Zweck Eingabefelder vom Typ SUBMIT vor und bietet außerdem noch Eingabefelder vom Typ RESET an, mit dem sich ein Formular auf den Startzustand zurücksetzen lässt.\n\u0026lt;INPUT TYPE=\u0026#34;SUBMIT\u0026#34; VALUE=\u0026#34;Formular absenden\u0026#34;\u0026gt; \u0026lt;INPUT TYPE=\u0026#34;RESET\u0026#34; VALUE=\u0026#34;Eingabe löschen\u0026#34;\u0026gt; Jedes Formular muss einen SUBMIT-Button haben, und ein Formular kann nur einen SUBMIT-Button haben. Das folgende Beispiel zeigt mögliche Darstellungen dieser Knöpfe.\n\u0026lt;input type=\u0026#34;submit\u0026#34; value=\u0026#34;Formular absenden\u0026#34;\u0026gt; \u0026lt;input type=\u0026#34;reset\u0026#34; value=\u0026#34;Eingabe löschen\u0026#34;\u0026gt; Ein Beispiel mit SUBMIT und RESET.\nDer \u0026lt;TEXTAREA\u0026gt;-Tag Felder zur freien Texteingabe lassen sich mit dem Tag \u0026lt;TEXTAREA\u0026gt; definieren. Der Tag hat diese Form:\n\u0026lt;TEXTAREA NAME={variablenname} ROWS={zeilen} COLS={spalten}\u0026gt; Textvorgabe \u0026lt;/TEXTAREA\u0026gt; Die Attribute ROWS= und COLS= sind optional. Die Attribute bedeuten:\nNAME= Das Attribut legt wie üblich den Namen der CGI-Variablen fest. ROWS= Das Attribut bestimmt die Höhe des Eingabefeldes in Zeilen. COLS= Das Attribut bestimmt die Breite des Eingabefeldes in Spalten. Das Ergebnis dieses Tags sieht dann möglicherweise so aus wie im folgenden Beispiel:\n\u0026lt;textarea name=\u0026#34;text\u0026#34; rows=5 cols=20\u0026gt;Beispieltext\u0026lt;/textarea\u0026gt; Beispieltext Ein Beispiel mit TEXTAREA.\nEs ist angeraten, \u0026lt;TEXTAREA\u0026gt; zusammen mit der Methode POST zu verwenden.\nDer \u0026lt;SELECT\u0026gt;-Tag Größere Auswahlen von vorgegebenen Werten erzeugt man wegen des großen Platzverbrauches und im Interesse der Übersichtlichkeit besser nicht mit Checkboxen oder Radiobuttons, sondern mit dem \u0026lt;SELECT\u0026gt;-Tag. Je nach Konfiguration erzeugt dieser Tag ein Popup-Menü oder eine Auswahlbox für Mehrfachauswahlen.\nDas Format dieses Tags ist\n\u0026lt;SELECT NAME={variablenname} SIZE={größe} MULTIPLE\u0026gt; \u0026lt;OPTION SELECTED VALUE={wert}\u0026gt;Option 1 \u0026lt;OPTION ...\u0026gt; \u0026lt;/SELECT\u0026gt; Der \u0026lt;SELECT\u0026gt;-Tag erfordert nur die Angabe des Variablennamens mit NAME=, die anderen Attribute sind optional. Ein \u0026lt;SELECT\u0026gt;-Container kann beliebig viele \u0026lt;OPTION\u0026gt;-Tags enthalten. Diese können optional SELECTED sein und es kann optional ein VALUE= festgelegt werden, mit dem die Variable belegt wird, wenn dieses Element ausgewählt ist.\nWenn das optionale Attribut MULTIPLE angegeben ist, ist die Mehrfachauswahl von Optionen möglich.\nPerl CGI-Programme können in jeder beliebigen Programmiersprache geschrieben werden, solange sie in der Lage ist, einen QUERY_STRING zu decodieren. Programmiersprachen, die eine ausgereifte Stringbehandlung und eine automatische Speicherverwaltung haben, sind besonders geeignet, denn CGI-Programme benutzen diese Spracheigenschaften meistens sehr intensiv. Ein Datenbankinterface oder andere Möglichkeiten, große Datenmengen zu durchsuchen, sind ein zusätzliches Plus, denn oft müssen CGI-Programme vorhandene Daten für die Darstellung im Web aufbereiten.\nDie Programmiersprache Perl ist besonders geeignet zur Programmierung von CGI-Scripten, denn sie macht gerade die Bearbeitung von Texten und Dateien besonders einfach. Ursprünglich war Perl eine Sprache zur Reportgenerierung aus beliebig formatierten Systemlogbüchern. Daher stammen Perls umfangreiche Einbaufunktionen zum Suchen und Ersetzen von Texten und zur Formatierung von Reports. Die Weiterentwicklung hat Perl zu einem sehr mächtigen Werkzeug zur Systemprogrammierung und -steuerung in UNIX gemacht: Gerade die Systemverwalter größerer Installationen wissen Perl zu nutzen, um Wartungsabläufe auf ihren Systemen zu automatisieren. Auch die weite Verfügbarkeit von Perl auf praktisch allen Plattformen, die ausreichend Speicher zur Verfügung stellen, macht die Sprache für diese Zwecke interessant.\nMit dem Aufkommen des World Wide Web hat Perl eine Leistungsfähigkeit als Sprache zur schnellen Entwicklung von CGI-Programmen demonstriert. Ein sehr großer Teil aller CGI-Programme ist zunächst als Perl-Script entwickelt worden. Oft ist die Leistung diesr Scripte schon ausreichend, so daß eine Portierung in eine compilierte Sprache sich erübrigt.\nEinfache Perl-Programme Das berüchtigte \u0026ldquo;Hello, World!\u0026quot;-Programm sieht in Perl so aus:\n#! /usr/bin/perl -- print \u0026#34;Hello, World\\n\u0026#34;; Es sieht aus wie eine Kreuzung zwischen einem Shellscript und einem C-Programm. In der Tat ist Perl eine interpretierte Sprache, denn Perlprogramme müssen nicht compiliert werden, sondern können wie Shellscripte direkt aufgerufen werden. Genau wie bei UNIX-Shellscripten gibt die erste Zeile des Programms an, daß es sich um ein Script handelt und unter welchem Pfad der Interpreter für diese Scripte zu finden ist. Für das Script selbst ist eine Zeile, die mit einem # beginnt, ein Kommentar, so daß das Script selbst seinen eigenen Aufruf als Kommentar interpretiert.\nPerlprogramme sind jedoch schneller als Shell-Scripte, denn der Interpreter übersetzt das Programm beim Aufruf in eine interne Form und bestimmt auch schon die Adressen der verschiedenen Funktionen und Variablen. In der Tat steht ein Perlprogramm einem C-Programm in der Geschwindigkeit nicht viel nach. Seine Ausführungsgeschwindigkeit ist der von P-Code vergleichbar, wie ihn einige Microsoft-Compiler zu Speicherersparniszwecken erzeugen.\nDie Anweisung print druckt ihr Argument, einen String nach den Konventionen von C. Wie in C werden Anweisungen in Perl mit einem Semikolon beendet.\nBenutzereingaben lesen Die nächste Stufe der Komplexität nach \u0026ldquo;Hello, World!\u0026rdquo; besteht in der Regel darin, den Namen der zu grüßenden Person einzulesen und diese Person namentlich zu begrüßen. Das erfordert die Verwendung von Operationen zur Eingabe von Daten und natürlich Variablen.\nIn Perl gibt es nur einen Typ von Variablen. Sie können entweder Strings, Integer oder Fließkommazahlen speichern und sie müssen nicht vereinbart werden. Perl-Variablen können jedoch in Form von einfachen Werten (Skalaren), numerisch indizierten Feldern (Arrays) oder beliebig indizierten Tabellen (assoziativen Feldern, Hashtables) auftreten. Skalare werden durch das Zeichen Dollar ($) gekennzeichnet, so daß $name eine skalare Variable mit dem Namen name bezeichnet. Diese Variable wird ins Leben gerufen, indem ihr einfach ein Wert zugewiesen wird.\nUm nach einem Namen zu fragen, muss ein Prompt ausgegeben werden und auf irgendeine Weise eine Eingabe eingelesen werden. Den Prompt können wir bereits drucken, mit print. Eine Eingabe einzulesen, ist ebenfalls sehr einfach, denn wie in C stehen uns die vordefinierten Filehandles \u0026lt;STDIN\u0026gt;, \u0026lt;STDOUT\u0026gt; und \u0026lt;STDERR\u0026gt; zur Verfügung. Perl ist auf Stringverarbeitung optimiert: Um eine Zeile der Eingabe einzulesen, genügt es, einer Variablen das Filehandle zuzuweisen:\nprint \u0026#34;Wie ist Ihr Name? \u0026#34;; $name = \u0026lt;STDIN\u0026gt;; Das Ergebnis ist, daß der Skalar $name eine Eingabezeile inklusive des Zeilenendezeichens enthält. Wir können dieses letzte Zeichen abschneiden, indem wir die Funktion chop() verwenden, die das letzte Zeichen eines Strings zurückliefert und als Seiteneffekt den String um dieses Zeichen kürzt.\nchop($name); Wie in Shell auch können Variablen in Stringkonstanten verwendet werden: Sie werden vor der Ausgabe durch ihren Wert ersetzt:\nprint \u0026#34;Hello, $name!\\n\u0026#34;; Und wie in Shell auch muss das Dollarzeichen in einem String durch einen Backslash geschützt werden, wenn es ausgegeben werden soll.\nHier noch einmal das ganze Programm:\n#! /usr/bin/perl -- print \u0026#34;Wie ist Ihr Name? \u0026#34;; $name = \u0026lt;STDIN\u0026gt;; chop($name); print \u0026#34;Hello, $name!\\n\u0026#34;; Variablen und Konstanten Notation von Skalaren Wie bereits erklärt, unterscheidet Perl nicht nach verschiedenen Datentypen, und Variablen müssen nicht vereinbart werden. Einer skalaren Variable kann so ziemlich jeder Wert zugewiesen werden, der sich in Perl darstellen lässt. Das können Zahlen wie 42 oder 3.1415926e00 sein oder Zeichenketten beliebiger Länge. Anders als Shell hat Perl keine Probleme mit binären Zeichen in Strings, ja nicht einmal Nullbytes machen Schwierigkeiten. Es ist kein Problem, in Perl Binärprogramme in Strings einzulesen, zu patchen und wieder zurückzuschreiben.\nPerl wandelt skalare Werte intern automatisch in Zeichenketten oder in Fließkommazahlen um, je nachdem, welche Art von Operation mit dem Wert durchgeführt wird. Die Sprache kennt keine Ganzzahloperationen und arbeitet auch intern niemals mit ganzen Zahlen, sondern immer mit doppelt genauen Fließkommazahlen. Zahlen können in Perl wie in C notiert werden, die folgende Abbildung gibt einen Überblick.\nFormat Notation Fließkomma 1.24 7.24e17 Ganzzahl 17 Ganzzahl (oktal) 0377 Ganzzahl (hex) 0xff Zahlenformate in Perl.\nWie in der UNIX-Shell kann und muss man auch in Perl gelegentlich Zeichenketten in Anführungszeichen einschließen, etwa wenn sie Leerzeichen oder Sonderzeichen enthalten. In jedem Fall kann man einzelnen Sonderzeichen ihre Sonderbedeutung nehmen, indem man ihnen einen Backslash voranstellt. Das gilt natürlich auch für den Backslash (und die verschiedenen Sorten Anführungszeichen) selbst.\nEinfache Anführungszeichen wirken so, als sei jedes einzelne Zeichen in der Zeichenkette von einem Backslash geschützt. Innerhalb der Zeichenkette darf jedes beliebige Zeichen auftauchen, auch Zeilenumbrüche, wenn sich die Zeichenkette über mehrere Zeilen erstreckt. Beispiele:\n\u0026#39;Hello, World!\u0026#39; \u0026#39;Don\\\u0026#39;t do that, Dave!\u0026#39; \u0026#39;\u0026#39; # Der Leerstring. \u0026#39;Dies ist der Backslash: \\\\.\u0026#39; \u0026#39;multiline string\u0026#39; Doppelte Anführungszeichen funktionieren eher so wie Strings in Shell und C: Innerhalb solcher Zeichenketten werden Variablen ersetzt, und einige Sonderzeichen können durch Backslash-Sequenzen notiert werden (siehe die folgende Tabelle).\n\u0026#34;Hello, World!\u0026#34; \u0026#34;Aufwachen!\\007\u0026#34; \u0026#34;Spalte1\\tSpalte2\u0026#34; Zeichen Bedeutung \\n Newline \\r Return \\t Tab \\f Formfeed \\b Backspace \\v Vertical Tab \\a Bell \\e Escape \\007 Zeichen mit dem oktalen Zahlencode 7 0x7f Zeichen mit dem hex Zahlencode 0x7f \\cC Controlzeichen, hier Control-C \\ Backslash \\l Folgendes Zeichen in Kleinschrift wandeln \\L Alle folgenden Zeichen bis \\E in Kleinschrift wandeln \\u Folgendes Zeichen in Großschrift wandeln \\U Alle folgenden Zeichen bis \\E in Großschrift wandeln \\E Beende \\L oder \\U Controlzeichen in Perl.\nOperationen mit Skalaren Perl kennt dieselben numerischen Operationen auf Skalaren, die C auch kennt: +, -, *, / und %. Außerdem ist noch eine Potenzoperation ** definiert. Numerische Vergleiche werden mit den Operatoren \u0026lt;, \u0026lt;=, ==, \u0026gt;=, \u0026gt; und != vorgenommen.\nAußerdem ist auf Strings die Konkatenation definiert; dazu wird der Operator Punkt (.) verwendet. Strings können mit dem Operator x auch vervielfacht werden. Strings werden alphabetisch verglichen, dafür stehen die Operatoren lt, le, eq, ge, gt und ne zur Verfügung. Die numerischen Operatoren würden 7 \u0026lt; 30 als wahr bewerten, aber 7 lt 30 ist falsch.\nSkalare können einfach zugewiesen werden, Perl verhält sich dabei im Wesentlichen wie C. Der einzige Unterschied ist, daß Variablen nicht deklariert werden müssen, sondern nach Bedarf ins Leben gerufen werden. Wie in C existiert zu jedem arithmetischen Operator auch ein zugehöriger rechnender Zuweisungsoperator, d.h. man kann +=, -=, *=, /= und so weiter verwenden. Ebenso wie in C sind ++ und - als Pre- und Postoperatoren erlaubt.\nWird ein Skalar benutzt, bevor er einen Wert zugewiesen bekommen hat, liefert Perl den speziellen Wert undef. Dieser Wert sieht aus wie der Leerstring oder wie eine numerische Null, je nachdem, in welchem Kontext er verwendet wird. undef kann jedoch mit dem Prädikat defined() abgefragt werden. Das ist nützlich im Zusammenhang mit Dateien, die am Dateiende undef zurückliefern.\nArrays Außer skalaren Werten kann Perl noch Felder und assoziative Felder bearbeiten. Genau wie bei Strings gibt es auch bei diesen Datentypen keine Größenbegrenzungen, und genau wie gewöhnliche Variablen müssen auch die beiden Arten von Feldern in Perl nicht deklariert werden, sondern können einfach benutzt werden.\nSo wie skalare Variable durch ein $ bezeichnet werden, kennzeichnet Perl Felder mit einem @ und Hashlisten mit einem %-Zeichen. Demnach bezeichnet $name einen Skalar mit dem Namen name und @name ein Feld desselben Namens. Perl unterhält unterschiedliche Namensräume für alle drei Sorten von Objekten, so daß $name, @name und %name unterschiedliche Objekte bezeichnen.\nEbenso wie skalare Konstanten in Perl notiert werden können, existieren auch Notationen für Felder:\n(1,2,3) # Ein Feld mit dem drei Werten 1, 2 und 3. (\u0026#34;huhu\u0026#34;, \u0026#34;du\u0026#34;, \u0026#34;da\u0026#34;) # Ein Feld mit drei Strings. Es ist auch möglich, gemischte Felder zu notieren, und die Feldelemente brauchen keine Konstanten zu sein:\n($name, 42) # Der Wert von $name und 42. ($vorname . $nachname, $strasse . $hausnr) # Zwei Werte. () # Das leere (nullelementige) Feld. Um große Listen von aufzählenden Zahlenwerten zu notieren, existiert in Perl außerdem noch eine Abkürzung:\n(1..10) # Die ganzen Zahlen von 1 bis 10. (11.9..15.9) # Die Zahlen 11.9, 12.9, .., 15.9. (2, 3, 5..9) # Die Zahlen 2, 3, 5, 6, 7, 8 und 9. ($start..$stop) # Der Bereich von $start bis $stop. Solche Listen zählen immer nur aufsteigend. Wenn der rechte Wert kleiner ist als der linke Wert, entsteht die leere Liste. Der Operator print kann ebenfalls Listen drucken; die Ausgabe erfolgt ohne Leerzeichen zwischen den Listenelementen:\nprint (\u0026#34;Der Name ist \u0026#34;, $name,\u0026#34;\\n\u0026#34;; print (\u0026#34;Der Name ist $name\\n\u0026#34;); # schöner Operationen mit Arrays Arrays werden in Perl genauso zugewiesen wie Skalare, nämlich mit =. Perl erkennt, ob es sich um eine Zuweisung von Arrays oder Skalaren handelt, indem es die linke Seite der Zuweisung analysiert und feststellt, ob es sich dabei um einen skalaren oder um einen Arraykontext handelt.\n@lall = (1..3); # Das Feld @lall besteht jetzt aus 3 Elementen. @bla = @lall; # In Perl können ganze Felder zugewiesen werden. @fasel = 1; # 1 wird zu (1) und dann zugewiesen. In der Elementliste auf der rechten Seite der Zuweisung können auch wieder Arrays als Elemente auftauchen. Sie werden bei der Zuweisung durch ihre Elemente ersetzt. Auf diese Weise ist es möglich, vorne und hinten in das Feld Elemente einzufügen.\n@lall = (1..3); @bla = (0, @lall, 4); # wird zu (0..4). Enthält eine Liste nur Variablen, kann sie auch als linke Seite einer Zuweisung verwendet werden. Auf diese Weise kann man bequem beliebig viele Elemente eines Feldes permutieren. Wenn die linke Liste einer Zuweisung weniger Elemente hat als das Feld auf der rechten Seite, werden die überzähligen Elemente verworfen. Es ist aber auch möglich, als letztes Element der linken Seite ein Feld zu verwenden, das diese Elemente dann aufnimmt:\n($b, $a) = ($a, $b); # $a und $b vertauschen. ($a, $b) = ($c, $d, $e); # $b ist $d, $e ist verloren. ($a, @b) = ($c, $d, $e); # $b[0] ist $d, $b[1] ist $e. Wird ein Feld in einem skalaren Kontext verwendet, wird die Länge des Feldes für das Feld eingesetzt. Die Länge eines Feldes @name kann aber auch mit der Variablen $#name abgefragt werden.\nAuf die Elemente eines Feldes @name kann durch Indizierung wie in C zugegriffen werden. Die Elemente eines Feldes sind Skalare, daher sind sie mit dem Prefix $ zu versehen. Es ist möglich, beliebigen einzelnen Feldelementen Werte zuzuweisen. Perl vergrößert das Feld nach Bedarf, eventuell vorhandene Lücken werden mit undef aufgefüllt.\nprint $name[0]; # das erste Element des Feldes @name. $name[0] = 17; Anders als in C kann in Perl auch auf eine Liste von Arrayelementen zugegriffen werden. Dies wird als eine array slice bezeichnet. In diesem Fall handelt es sich um einen Arraykontext, daher also das Prefix @.\n@fasel[0, 1]; # entspricht ($fasel[0], $fasel[1]) @fasel[1, 0] = @fasel[0, 1]; # Feldelemente tauschen. @fasel[0, 1, 2] = @fasel[1, 1, 1]; @fasel[9, 10] = (17, 4); Mit den Operatoren push und pop kann Perl ein Array wie einen Stack verwenden. Es ist möglich, mehrere Werte (oder ganze Felder) auf einmal zu pushen.\npush(@einStack, $einWert); push(@einStack, 4, 5, 6); $einWert = pop(@einStack); Während push und pop die rechte Seite eines Arrays bearbeiten (d.h. an den hohen Indizes manipulieren), verändern shift und unshift die linke Seite des Feldes. shift entspricht dabei dem gleichnamigen Shell-Operator, und unshift ist seine Umkehrung.\nreverse liefert die Elemente eines Feldes in umgekehrter Reihenfolge, sort liefert sie alphabetisch sortiert, und chop ist auch auf alle Elemente eines Feldes anwendbar.\nDateihandles wie \u0026lt;STDIN\u0026gt; können auch Arrays zugewiesen werden. Sie lesen dann die ganze Datei auf einmal ein und weisen jede Zeile einem Feldelement zu.\n#! /usr/bin/perl -- @lines = \u0026lt;STDIN\u0026gt;; @reverselines = reverse(@lines); @sortlines = sort(@lines); print @sortlines; print @reverselines; Kontrollstrukturen In Perl werden wie in C Blöcke von Anweisungen gebildet, indem man die Anweisungen in geschweifte Klammern einschließt. Diese Anweisungen werden linear ausgeführt.\n{ anweisung_1; anweisung_2; ... anweisung_n; } Wie in C ist es möglich, Bedingungen zu formulieren. Anders als in C müssen die geschweiften Klammern immer vorhanden sein, auch dann, wenn nur eine Anweisung von der Bedingung abhängig ist. Der else-Block kann weggelassen werden. Mit Hilfe von elsif können Entscheidungen kaskadiert werden, ohne daß sich die Einrücktiefe bis ins Unendliche steigert.\nif (bedingung) { anweisungen; } elsif (neue_bedingung) { anweisungen; } else { anweisungen; } In Perl werden Bedingungen als Strings berechnet. Bedingungen sind genau dann falsch, wenn sie entweder genau den String 0 oder den leeren String ergeben. Alle anderen Werte (1, 17, 0.000, 00) sind wahr.\nEine etwas seltsame Konstruktion in Perl ist die unless-Anweisung, die im Prinzip ein if ohne then darstellt (Die Anweisung die beendet ein Perl-Programm mit einer Fehlermeldung).\nprint \u0026#34;Wie ist Dein Name? \u0026#34;; $name = \u0026lt;STDIN\u0026gt;; unless ($name eq \u0026#34;Kristian\u0026#34;) { die \u0026#34;Zugriff verweigert.\\n\u0026#34;; } Eine andere seltsame Konstruktion ist das einzelnen Anweisungen nachgestellte if oder unless.\ndie \u0026#34;Zugriff verweigert.\\n\u0026#34; unless ($name eq \u0026#34;Kristian); Perl ist in der Lage, einen Block von Anweisungen zu wiederholen, solange eine Bedingung wahr (while) oder falsch (until) ist. Ebenso ist eine zu C analoge for-Anweisung zum Zählen vorhanden. Die Syntax ist in allen Fällen wie in C, nur daß die geschweiften Klammern nicht entfallen dürfen.\nwhile (bedingung) { anweisungen; } until (bedingung) { anweisungen; } for (start_anweisungen; test_anweisungen; zählanweisungen) { arbeits_anweisungen; } Zusätzlich ist Perl in der Lage, einen Block für jedes Element eines Feldes auszuführen. Das ist bequemer, als erst die Länge eines Feldes zu bestimmen und es dann durchzuzählen.\nforeach $zähler (@eineListe) { anweisungen; } Schleifen können mit last und next vorwärts und rückwärts kurzgeschlossen werden, d.h. last entspricht dem break in C und next entspricht dem continue von C.\nBlöcke können in Perl mit einem Label markiert werden. last und next können mithilfe dieser Labels mehrere Ebenen auf einmal verlassen oder kurzschließen.\nAssoziative Arrays Assoziative Arrays oder Hashlisten sind programmtechnisch eine Verallgemeinerung von Arrays. Statt ganzzahliger Ausdrücke kann in einer Hashliste ein beliebiger String als Index verwendet werden. Über diesen String kann jederzeit auf dem mit dem String assoziierten Wert zugegriffen werden. Man kann sich eine solche Hashliste auch als Tabelle mit zwei Spalten vorstellen: Jedem String aus der linken Spalte (den Schlüsseln) ist der zugehörige String auf der rechten Seite (ein Wert) zugeordnet. Anders als in einer richtigen Tabelle oder in einem Array haben die Elemente in einer Hashliste aber keine vorgegebene Ordnung. Würde man sie aufzählen (z.B. in einer foreach-Schleife), bekäme man irgendeine Reihenfolge.\nIn Perl werden assoziative Felder durch ein Prozentzeichen (%) markiert. In einem Arraykontext werden sie wie ein normales Array mit einer geraden Anzahl von Feldern behandelt. Die geraden Positionen dieses Arrays beginnend bei 0 sind mit Schlüsseln belegt, die ungeraden Positionen mit den zu diesen Schlüsseln gehörenden Werten. Die Funktion keys() liefert die Schlüssel eines solchen Feldes und die Funktion values() die Werte.\n%vorname_von = ( \u0026#34;Köhntopp\u0026#34;, \u0026#34;Kristian\u0026#34;, \u0026#34;Seeger\u0026#34;, \u0026#34;Martin\u0026#34;, \u0026#34;Rump\u0026#34;, \u0026#34;Birgit\u0026#34;); # Reihenfolge ist zufällig! print keys(%vorname_von); # Köhntopp, Seeger, Rump print values(%vorname_von); # Kristian, Martin, Birgit Der Zugriff auf einzelne Elemente erfolgt wie bei Feldern durch Indizierung, aber der Indexoperator besteht hier aus den geschweiften Klammern.\n# Reihenfolge ist zufällig foreach $i (keys(%vorname_von)) { print \u0026#34;Der Vorname von $i ist $vorname_von{$i}.\\n\u0026#34;; } foreach $i (sort keys %vorname_von) { print \u0026#34;Der Vorname von $i ist $vorname_von{$i}.\\n\u0026#34;; } Einzelne Elemente lassen sich mit dem Operator delete aus dem Feld löschen (man kann auch das ganze Feld löschen).\nEingabe und Ausgabe Standardeingabe Wie bereits gezeigt, kann man eine Zeile der Eingabe einlesen, indem man das Filehandle der Eingabe an eine skalare Variable zuweist. Wenn keine Eingabezeile mehr verfügbar ist, wird der Wert undef zugewiesen. Weist man ein Filehandle stattdessen an ein Array zu, wird die gesamte Datei bis zum Dateiende zugewiesen und jedem Arrayelement eine Zeile zugeordnet.\nOft möchte man eine Datei zeilenweise durchlesen und für jede Zeile einer Operation ausführen. Für die Standardeingabe sieht das so aus:\nwhile ($i = \u0026lt;STDIN\u0026gt;) { print $i; # Zeile drucken } Die Schleife beendet sich am Dateiende, da der Wert undef zum Leerstring expandiert und dieser String als false-Wert gilt. Leere Eingabezeilen bestehen aber immerhin noch aus einem Newline-Zeichen, sind also keine Leerstrings.\nIn Perl ist es so, daß für viele Operatoren die Variable $_ als Defaultvariable angenommen wird, wenn keine Variable angegeben wird. Tatsächlich kann man das Beispiel auch so schreiben:\nwhile (\u0026lt;STDIN\u0026gt;) { print; # Zeile drucken } In diesem Fall wird statt der Variablen $i die Standardvariable $_ verwendet.\n@ARGV und %ENV Die Kommandozeilenparameter eines Perlprogrammes stehen in der vordefinierten Arrayvariablen @ARGV zur Verfügung. Das spezielle Dateihandle \u0026lt;\u0026gt; interpretiert diese Namen der Reihe nach als Dateinamen und liest alle diese Dateien durch. Das Programm\n#! /usr/bin/perl -- while (\u0026lt;\u0026gt;) { print; # Zeile drucken } entspricht also dem UNIX-Kommando cat. Es kann perlcat a b c aufgerufen werden und gibt nacheinander die Inhalte aller drei Dateien als eine Datei auf der Standardausgabe aus.\nIm assoziativen Array %ENV stellt Perl alle Umgebungsvariablen zur Verfühgung. Die Schlüssel sind jeweils der Name, die Werte sind die Werte der Umgebungsvariablen.\n#! /usr/bin/perl -- # Finde den Pfad des Homeverzeichnisses # des Benutzers. print $ENV{\u0026#39;HOME\u0026#39;}; printf Wem die Ausgabe von Variablen mit print zu langweilig oder zu umständlich ist, der kann statt dessen printf verwendet. Diese Anweisung akzeptiert einen Formatstring wie die gleichnamige C-Funktion und eine Liste von Variablen, die entsprechend dem Formatstring formatiert werden.\nprintf \u0026#34;%10s %05d %7.2f\\n\u0026#34;, $s, $i, $f; Reguläre Ausdrücke Viele Perl-Anweisungen und Funktionen machen von regulären Ausdrücken Gebrauch. Ein regulärer Ausdruck ist ein Suchmuster, das gegen eine Zeichenkette verglichen wird und entweder paßt oder nicht. Oft kommt es nur darauf an, ob der Ausdruck paßt oder nicht, manchmal möchte man auch noch wissen, welcher Teil der Zeichenkette genau gepasst hat, etwa um ihn zu ersetzen.\nReguläre Ausdrücke werden von vielen UNIX-Programmen verwendet, darunter grep, sed, awk, ed, vi, emacs und die verschiedenen Shells. Jedes dieser Programme hat eine leicht unterschiedliche Art der Notation für reguläre Ausdrücke, und auch die Leistungsfähigkeit unterscheidet sich gelegentlich etwas. Perls reguläre Ausdrücke sind eine Obermenge aller dieser Verfahren: Jeder reguläre Ausdruck, der in einem der genannten Werkzeuge formuliert werden kann, kann auch in Perl formuliert werden, muss aber evtl. leicht umformuliert werden.\nIn Perl werden reguläre Ausdrücke notiert, indem sie in Schrägstriche (slashes) eingeschlossen werden. Die einfachste Form von regulären Ausdrücken sieht so aus:\nif (/abc/) { print \u0026#34;$_\u0026#34;; } Im Beispiel wird die Einbauvariable $_ gegen den regulären Ausdruck getestet und wenn eine Übereinstimmung erzielt wird, wird der String gedruckt. Die volle Syntax des match-Operators lautet\n$variable =~ m/regexp/optionen; Dieser Ausdruck vergleicht den Inhalt der Variablen $variable gegen den regulären Ausdruck regexp. Dabei kann der Ablauf des Matchvorgangs mit einigen einbuchstabigen Operationen beeinflusst werden (die wichtigste Option ist i, ignore case). Auch die Trennzeichen (Slashes) können durch andere, frei gewählte Trennzeichen ersetzt werden. Der Match selbst ergibt einen Wahrheitswert, ,,1`` oder den Leerstring.\nPerl kennt die folgenden Regeln zur Konstruktion von regulären Ausdrücken:\nAlle Zeichen, denen im folgenden keine besondere Bedeutung zugewiesen wird, stehen in einem regulären Ausdruck für sich selbst. Der reguläre Ausdruck a paßt also auf einen String, der a enthält.\nDas Zeichen Punkt steht für ein einzelnes, beliebiges Zeichen außer Newline. Der reguläre Ausdruck . paßt also auf alle Strings, die mindestens ein beliebiges Zeichen außer Newline enthalten.\nEine in eckige Klammern eingeschlossene Zeichenmenge steht für ein einzelnes Zeichen aus dieser Menge. Beginnt die Menge mit einem Dach, steht die Menge für ein einzelnes Zeichen, das nicht in der Menge ist. Der Ausdruck [abc] paßt also entweder auf das Zeichen a oder das Zeichen b oder das Zeichen c.\nPerl kennt einige vordefinierte Zeichenklassen (und deren Negationen), die oft benötigt werden:\nKürzel Bedeutung Kürzel Bedeutung \\d (digits) [0-9] \\D (not digits) [^0-9] \\w (words) [a-zA-Z0-9_] \\W (not words) [^a-zA-Z0-9_] \\s (space) [ \\r\\t\\n\\f] \\S (not space) [^ \\r\\n\\t\\f] Mehrere Teilausdrücke können einfach aneinandergereiht werden. Der resultierende Ausdruck paßt dann auf eine Folge von Zeichen, auf die jeweils die Teilausdrücke passen würden. Im Klartext bedeutet das, daß etwa abc auf ein a gefolgt von einem b gefolgt von einem c paßt, und daß etwa a.c auf ein a gefolgt von einem beliebigen Zeichen außer Newline gefolgt von c paßt.\nDer Stern * paßt auf null oder mehr Wiederholungen des folgenden Zeichens. Der Ausdruck ab*c paßt also auf ac, abc, abbc und so weiter.\nDas Pluszeichen + paßt auf eine oder mehr Wiederholungen des folgenden Zeichens. Der Ausdruck ab+c paßt also auf abc, abbc und so weiter.\nDas Fragezeichen ? paßt auf eine oder eine Wiederholung des folgenden Zeichens. Der Ausdruck ab?c paßt also auf ac oder abc.\nHinter einem Zeichen kann in geschweiften Klammer ein genereller Multiplikator {n.m} angegeben werden. Der Ausdruck paßt dann auf n bis m Wiederholungen dieses Zeichens. Wird nur eine Zahl angegeben, paßt der Ausdruck auf genau n Wiederholungen des Zeichens. Wird die zweite Grenze m weggelassen, wird für sie unendlich eingesetzt.\nDer Stern ist also ein Kürzel für {0,}, das Pluszeichen steht für {1,} und das Fragezeichen für {0,1}\nMit runden Klammern () können Teile eines Ausdruckes markiert werden. Diese Markierungen stehen im selben Ausdruck unter den Namen \\1, \\2 und so weiter zur Verfügung. Der reguläre Ausdruck a(.+)b\\1c paßt also auf einen String, der ein a gefolgt von einer Anzahl beliebiger Zeichen, gefolgt von einem b gefolgt von exakt demselben String wie zwischen a und b gefolgt von einem c enthält. Passend wäre also addbddc oder ahallobhalloc, aber nicht addbhalloc. Letzterer String würde aber auf den Ausdruck a.+b.+c passen.\nNach einem Match (und bis zum nächsten Gebrauch des Match-Operators) stehen die markierten Teilstrings in den besonderen Perl-Variablen $1, $2 und so weiter zur Verfügung.\nAußerdem binden die Klammern Teilausdrücke zusammen: abc* paßt auf ab, abc, abcc und so weiter, während (abc)* auf den leeren String, abc, abcabc und so weiter paßt.\nUnd schließlich lassen sich mit dem Pipelinezeichen noch Alternativen deklarieren. Der Ausdruck lall|laber paßt entweder auf den String lall oder auf den String laber.\nEin Dach markiert den Anfang eines Strings und ein Dollarzeichen das Ende eines Strings. Der Ausdruck ^x$ paßt also auf einen String, der genau nur aus dem Zeichen x besteht.\nAußer dem m-Operator zum Matchen kennt Perl auch noch einen s-Operator zum Suchen und Ersetzen in einem String:\n$variable =~ s/alt/neu/optionen; Diese Operation ersetzt in der Variablen $variable alle Vorkommen des regulären Ausdrucks alt durch neu. Der Ausdruck neu darf dabei ebenfalls Klammermarkierungen enthalten. So würde s/a(.+)b/x\\1y/ in einem String ein Vorkommen von paarigen a und b durch passende x und y ersetzen, ohne daß der Text dazwischen irgendwie beeinflusst wäre.\nAußer der Option i (ignore case) kennt der s-Operator auch noch die Option g (global search and replace), die nicht nur ein einzelnes Vorkommen von alt ersetzt, sondern alle.\nsplit() und join() Die Perlfunktion split() kann dazu verwendet werden, einen Skalar mit Hilfe eines regulären Ausdrucks in ein Feld zu zerlegen. split() nimmt dazu den String und wendet den regulären Ausdruck wiederholt auf den String an. Alle Teile des Strings, die auf den regulären Ausdruck passen, werden zu Trennzeichen, und die Teile des Strings, die nicht auf den Ausdruck passen, werden zu Feldelementen.\nEine Zeile der Paßwortdatei in UNIX sieht zum Beispiel so aus:\n$line = \u0026#34;kris:_:100:20:Kristian Köhntopp:/home/kris:/bin/bash\u0026#34;; Mit dem Aufruf split(/:/, $line); wendet Perl den regulären Ausdruck /:/ auf diese Zeile an. Der Ausdruck paßt auf alle Doppelpunkte, diese werden also Trennzeichen. Die Worte kris, x, 100, 20, Kristian Köhntopp, /home/kris und /bin/bash werden die Feldelemente 0 bis 6 des Ergebnisfeldes von split.\nWendet man split() in einem Arraykontext an, bekommt man das gesamte Feld als Ergebnis (und kann seine Länge mit $#feld feststellen). In einem skalaren Kontext bekommt man von split() die Länge des Feldes als Ergebnis.\n$laenge = split(/:/, $line); # ergibt 6 @feld = split(/:/, $line); # ergibt $feld[0] = \u0026#34;kris\u0026#34; usw. # $#feld ist auch 6. Andererseits kann man mit join() ein Feld mit beliebigen Trennzeichen zu einem Skalar zusammenfügen.\n$line = join(\u0026#34;:\u0026#34;, @feld); würde das zerlegte Paßwortfeld von oben wieder zusammensetzen.\nFunktionen Es ist möglich, in Perl eigene Funktionen zu definieren. Die Syntax ist folgendermaßen:\nsub name { anweisungen; $wert; } Diese Anweisungen definieren eine Funktion mit dem Namen name, die einen Rückgabewert in $wert berechnet. Die Namen von Funktionen sind von den Namen von Skalaren, Arrays und Hashlisten unabhängig. Funktionen werden mit einem Undzeichen aufgerufen. Die Funktion name kann also so aufgerufen werden:\n\u0026amp;name; # name aufrufen und das Ergebnis verwerfen. $var = \u0026amp;name; # name aufrufen und das Ergebnis nutzen. Funktionen können mit Argumenten aufgerufen werden. Diese Argumente stehen im Feld @_ zur Verfügung. Sie können also mit $_[0] und so weiter angesprochen werden.\nsub add { $summe = 0; foreach $i (@_) { $summe += $i; } $summe; } print \u0026amp;add(1, 42, 17, 4); print \u0026amp;add(1..5); Variablen in Funktionen sind global. Die Variable $summe in der Funktion oben würde also eine gleichnamige Variable anderswo im Programm überschreiben. Mit Hilfe des Operators local() ist es möglich, lokale Variablen zu deklarieren:\nsub add { local($summe) = 0; foreach $i (@_) { $summe += $i; } $summe; } Auf diese Weise kann man auch die Funktionsparameter in ein bekanntes Feld umkopieren:\nsub add { local(@werte) = @_; local($summe) = 0; foreach $i (@werte) { $summe += $i; } $summe; } CGI-Programme in Perl cgi-lib.pl und testcgi.pl Zur CGI-Programmierung stehen in Perl eine ganze Reihe von Funktionspaketen zur Verfügung. Ein sehr einfaches Funktionspaket ist die cgi-lib.pl von Steven E. Brenner. Dieses Paket kann die Eingabedaten von GET und POST-Methoden einlesen und decodieren. Es stellt die Werte der einzelnen Eingabevariablen dann in dem assoziativen Feld %in zur Verfügung. Neben dieser Grundfunktionalität sind zusätzlich noch einige Hilfsfunktionen zum Debugging vorhanden.\nDer Gebrauch des Paketes ist wie folgt: Im Bibliotheksverzeichnis von Perl muss die Datei cgi-lib.pl installiert sein. Das eigene Perlscript muss dann so anfangen:\n#! /usr/bin/perl -- # Paket aktivieren. require \u0026#34;cgi-lib.pl\u0026#34; || die \u0026#34;cgi-lib.pl nicht gefunden.\u0026#34;; # Einlesen und Zerlegen der GET/POST-Variablen. \u0026amp;ReadParse; # html-Header erzeugen. print \u0026amp;PrintHeader; # Debugausgabe print \u0026#34;\u0026lt;html\u0026gt; \u0026lt;head\u0026gt; \u0026lt;title\u0026gt;Test CGI\u0026lt;/title\u0026gt; \u0026lt;/head\u0026gt; \u0026lt;body\u0026gt; \u0026lt;h1\u0026gt;Test CGI\u0026lt;/h1\u0026gt; \u0026lt;h2\u0026gt;Eingabevariablen:\u0026lt;/h2\u0026gt;\\n\u0026#34;; print \u0026amp;PrintVariables(%in); print \u0026#34;\\n\u0026lt;h2\u0026gt;Umgebungsvariablen\u0026lt;/h2\u0026gt;\\n\u0026#34;; print \u0026amp;PrintVariables(%ENV); print \u0026#34;\u0026lt;hr\u0026gt; Erzeugt von test-cgi.pl \u0026lt;/body\u0026gt; \u0026lt;/html\u0026gt;\\n\u0026#34;; Das Script muss ausführbar gemacht werden und dann unter einer passenden URL aufgerufen werden (zum Beispiel: http://white/cgi-bin/testcgi.pl). Ihm können von einem Formular oder manuell beliebige Parameter mitgegeben werden. Seine Ausgabe sieht dann zum Beispiel so aus (mit einigen Parametern aufgerufen):\nTest CGI Eingabevariablen: lall laber probe hallo Umgebungsvariablen DOCUMENT_ROOT /home/www GATEWAY_INTERFACE CGI/1.1 ... gekürzt ... SERVER_SOFTWARE Apache/1.0.3 ---------------------------------------------------------- Erzeugt von test-cgi.pl Das Script funktioniert wie folgt:\nDie Anweisung require aktiviert das Perl Funktionspaket cgi-lib.pl. Schlägt das fehl, beendet die die-Anweisung das Script mit einer Fehlermeldung.\nDer Aufruf der im Paket definierten Unterfunktion \u0026amp;ReadParse liest die Eingaben der GET- und POST-Methoden ein und decodiert sie. Die einzelnen Variablenwerte werden im assoziativen Feld %in hinterlegt.\nDie Funktion \u0026amp;PrintHeader liefert den benötigten Content-Type-String zurück, der dann mit print gedruckt wird.\nMit einem einfachen, mehrzeiligen print wird der Header eines HTML-Dokumentes erzeugt.\nDie Funktion \u0026amp;PrintVariables druckt das ihr übergebene assoziative Array %in zu Debugzwecken aus.\nNach einem Zwischenheader wird dann auch noch das assoziative Array %ENV ausgedruckt. Dieses enthält alle Umgebungsvariablen des Programms.\nEin Abspann-print druckt den Seitenfuß.\nEin einfacher Zähler CGI-Scripte können und sollen nicht gecached werden. Es ist daher möglich, auf diese Weise einen einfachen Seitenzähler zu realisieren. Das Script muss dazu an einem geeigneten Ort eine Datei hinterlegen, in der es seine Aufrufe mitzählt. Die Ausgabe des Scriptes kann eine beliebige HTML-Seite sein, in der der Zählerstand eingebaut wird.\n#! /usr/bin/perl -- # Paket aktivieren. require \u0026#34;cgi-lib.pl\u0026#34; || die \u0026#34;cgi-lib.pl nicht gefunden.\u0026#34;; # Einlesen und Zerlegen der GET/POST-Variablen. \u0026amp;ReadParse; # html-Header erzeugen. print \u0026amp;PrintHeader; # Zählerstand einlesen. open(COUNTER, \u0026#34;\u0026lt;/tmp/counter\u0026#34;); $counter = \u0026lt;COUNTER\u0026gt; + 1; close(COUNTER); # Zählerstand merken. open(COUNTER, \u0026#34;\u0026gt;/tmp/counter\u0026#34;); print COUNTER \u0026#34;$counter\\n\u0026#34;; close(COUNTER); # Seite ausgeben. print \u0026#34;\u0026lt;html\u0026gt; \u0026lt;head\u0026gt; \u0026lt;title\u0026gt;Test CGI\u0026lt;/title\u0026gt; \u0026lt;/head\u0026gt; \u0026lt;body\u0026gt; \u0026lt;h1\u0026gt;Z\u0026amp;auml;hlerseite\u0026lt;/h1\u0026gt; Diese Seite wurde $counter mal aufgerufen. \u0026lt;/body\u0026gt; \u0026lt;/html\u0026gt;\\n\u0026#34;; Das Script funktioniert so:\nWie üblich werden die Eingabeparameter eingelesen. Sie werden in dieser Version des Zählscriptes aber noch nicht verwendet.\nEs wird ein Dateihandle \u0026lt;COUNTER\u0026gt; zum Lesen geöffnet und eine Zeile mit einer Zahl eingelesen. Diese Zahl wird um eins erhöht. Die Datei wird wieder geschlossen.\nDasselbe Dateihandle wird noch einmal geöffnet, aber zum Schreiben. Der aktuelle Zählerstand wird in die Datei hineingedruckt. Beachte, daß beim Drucken in Filehandles zwischen dem Filehandle und dem eigentlichen Drucktext kein Komma gesetzt wird!\nDer Seitentext wird ausgegeben.\nAufgaben: Erweitere das Script so, daß es mehrere verschiedene Seiten und Zähler zu diesen Seiten bearbeiten kann. Die Seitenbezeichnung wird dem Script in der Variablen cn übergeben. Beachte die sich ergebenden Sicherheitsprobleme, wenn Pfadnamen aus Variablen direkt übernommen werden! Wie können diese vermieden werden?\n","date":"1996-11-27T00:00:00Z","href":"https://blog.koehntopp.info/1996/11/27/cgi-programmierung.html","tags":["lang_de","web","development"],"title":"CGI Programmierung"},{"categories":null,"content":"Der junge Mönch Lu Ser wanderte viele Jahre durch die Netscape auf der Suche nach dem Sinn des Netzes, denn dieses war kryptisch und schwer zu benutzen und Lu Ser war nicht nur ein absoluter Newbie, sondern auch ein bisschen dumm. Eines Tages traf er in der Nähe eines WWW-Servers in Redmond auf den weisen Yoshi und fragte: \u0026ldquo;Hat de.talk.bizarre Billinatur?\u0026rdquo;.\nÜber das Gesicht von Yoshi ging ein Strahlen. Er führte Lu Ser sogleich in sein soeben eingerichtetes Online-Merchandizing-Center, denn auch weise alte Mönche leben nicht von Luft und Koans allein und fing an, die dort zur Schau gestellten Produkte zu preisen: \u0026ldquo;Sieh hier, da haben wir eine hölzerne 42 zum an die Wand haengen!\u0026rdquo; Lu Ser rief erstaunt: \u0026ldquo;EINE 42!?!?!\u0026rdquo;, doch Yoshi unterbrach ihn: \u0026ldquo;Pscht! Nicht so laut!\u0026rdquo; Lu Ser setzte erneut an: \u0026ldquo;Ich meine: Eine 42?\u0026rdquo; Yoshi nahm sie von der Wand: \u0026ldquo;Genauuuuu! Und für nur 10 Pfennig ist sie Dein!\u0026rdquo;.\nDie beiden streiften weiter durch die unendlichen Weiten der Pages von Yoshi\u0026rsquo;s Center: \u0026ldquo;Hier haben wir weitere Fan-Artikel für de.talk.bizarre: Ein portables Erdloch, ein absolutes Muss für jeden Neueinsteiger. Und auf Parties immer wieder für kleine Scherze gut. Außerdem ist es ausbaufähig: Wir haben dazu passend nur wenig gebrauchte U-Boote, entweder in Gelb oder komplett Atomreaktor mit Kapitän Nemo, Nadia und dem bösen Gargoyle.\u0026rdquo; Lu Ser gingen die Augen über ob dieser Schätze.\nDoch Yoshi hatte noch weitere Knaller: Eine Stadt, die es auf der Erde schon lange nicht mehr gab in einer Flasche. Auf dem Etikett stand nicht etwa \u0026ldquo;Argo City\u0026rdquo; (denn Yoshi hatte kein grünes Gesicht und keine roten Knöpfe anstelle einer Frisur), sondern das ominöse Wort \u0026ldquo;Bielefeld\u0026rdquo;.\nLu Ser jedoch sagte: \u0026ldquo;Ich hätte gerne etwas Anspruchsvolleres. Und nützlich muss es sein.\u0026rdquo; \u0026ldquo;Tja\u0026rdquo;, sagte Yoshi, \u0026ldquo;dann kommt für Dich nur dies hier in Frage.\u0026rdquo; und griff in eine der Schubladen hinter der Theke seines Webshops.\nVon dort zog er eine glitzernde Silberscheibe hervor, schön wie der Mond am Winterhimmel, verführerisch wie ein Brilliant am Hals einer schönen Frau. \u0026ldquo;Dies\u0026rdquo;, sprach der gewitzte Yoshi zu dem überwältigten Lu Ser, \u0026ldquo;dies ist die Krönung menschlicher Programmierkunst, dies ist ein Stück Himmel auf Erden. Denn dies ist der Organizer von AOL.\u0026rdquo; Da war Lu Ser begeistert und rief aus \u0026ldquo;ADD ME!\u0026rdquo;.\nYoshi aber gab das asketische Mönchsdasein auf, benannte sich in \u0026ldquo;Porno-Plön\u0026rdquo; um und richtete sich einen kleinen Laden am Rande der Datenautobahn ein, in dem er fortan Schweinebilder an vorüberziehende AOLer verkaufte.\n","date":"1996-03-23T00:00:00Z","href":"https://blog.koehntopp.info/1996/03/23/lu-ser.html","tags":["lang_de","detebe","inkomploehntopp"],"title":"Lu Ser"},{"categories":null,"content":"aus \u0026ldquo;Linux Magazin\u0026rdquo;, Ausgabe 3/96.\nrwx - sonst nix? In jedem Buch über UNIX wird das UNIX-Rechtesystem ungefähr in Kapitel 2 vollständig erläutert und es bleiben keine Frage mehr offen. Wieso also ein Artikel über Zugriffsrechte? Nun, dieser Artikel erklärt Zugriffsrechte für Leute, die es ganz genau wissen wollen: Welche Rechte werden für den Zugriff auf eine Datei benötigt? Wer prüft die Rechte und wie passiert das?\nWie oft hört man Redewendungen wie \u0026ldquo;Ich öffne jetzt einmal diese Datei\u0026hellip;\u0026rdquo; oder \u0026ldquo;Ich habe keine Zugriffsrechte, um auf dieses Verzeichnis zuzugreifen.\u0026rdquo; Solche Formulierungen sind zwar üblich und auch jedermann verständlich, weil sie so schön bildhaft sind. Aber wenn man über Zugriffsrechte reden möchte, sind sie eher schädlich als hilfreich.\nNatürlich öffnet ein User niemals eine Datei oder greift auf ein Verzeichnis zu. Prozesse tätigen Systemaufrufe und der Kernel öffnet Dateien oder liest Verzeichnisse im Auftrag und mit den Rechten dieses Prozesses. Solche Unterscheidungen sind auf den ersten Blick Haarspaltereien. Aber wenn man sich den Spaß macht und die Sache einmal zu Ende verfolgt, wird man feststellen, daß sich auf diese Weise einige Dinge besser verstehen und leichter erklären lassen. Der Autor will sich also in diesem Artikel einer besonders genauen Sprache befleißigen.\nWoher kommen Zugriffsrechte? Zugriffsrechte und Eigentümer sind etwas, das einem zunächst an Dateien ins Auge fällt. Eine Datei besteht in Linux aus einem Haufen Blöcken auf der Festplatte und einer Verwaltungsstruktur, der I-Node. Während die Blöcke die eigentliche Information in der Datei speichern, findet man in der I-Node fast alle Information über die Datei - also Metainformation. Was die Rechte betrifft, findet man in der I-Node eine User-ID (UID), eine Group-ID (GID) und zwölf Rechtebits: Drei Bits mit den Bezeichnungen sst und dann jeweils drei Dreiergruppen rwx. sst sind gewissermaßen Allzweckbits, die je nach Typ der Datei und Systemaufruf unterschiedliche Bedeutung haben können. Die Auswertung der übrigen neun Bits erfolgt dagegen relativ zentral in einer Funktion permission(), auf die wir weiter unten eingehen werden.\nWas dem UNIX-Neuling noch auffallen wird, ist die Tatsache, daß sich in der I-Node der Datei nicht der Username und der Gruppenname findet, sondern nur jeweils eine ID. Diese ID-Nummern werden vom ls-Kommando in Namen umgewandelt, falls man es ihm nicht verbietet. Man kann das ls-Kommando zwingen, die Angaben numerisch zu machen, indem man die Option -n verwendet oder indem man dem Benutzer, der ls aufruft, den Lesezugriff auf /etc/passwd und /etc/group verweigert (Experiment 1 ).\nExperiment 1 root@white:~# ls -l /etc/passwd /etc/group -rw-r--r-- 1 root root 281 Jul 15 14:39 /etc/group -rw-r--r-- 1 root root 1163 Nov 28 15:30 /etc/passwd root@white:~# chmod 000 /etc/passwd /etc/group root@white:~# su - kris kris@white:~$ ls -l /tmp -rw-r--r-- 1 0 0 5 Nov 23 13:36 lall -rw-rw-rw- 1 60000 20 11 Nov 28 21:32 lpq.00002b98 drwxr-xr-x 2 0 0 1024 Nov 17 07:31 root kris@white:~$ exit root@white:~# chmod 644 /etc/passwd /etc/group root@white:~# ls -l /tmp -rw-r--r-- 1 root root 5 Nov 23 13:36 lall -rw-rw-rw- 1 smbguest users 11 Nov 28 21:32 lpq.00002b98 drwxr-xr-x 2 root root 1024 Nov 17 07:31 root Indem man kris die Leserechte auf die Dateien /etc/passwd und /etc/group entzieht, kann man demonstrieren, daß in einer I-Node nur numerische Information über Eigentümer und Gruppe einer Datei gespeichert wird. ls kann diese Zahlen durch Zugriff auf die Paßwortdatenbank in Namen übersetzen. Dazu existiert eine Familie von Bibliotheksfunktionen, die in getpwent(3), getpwuid(3), getgrent(3) und getgrgid(3) dokumentiert ist.\nZugriffe auf Dateien erfolgen durch den Kernel im Auftrag eines Prozesses. Der Kernel entscheidet anhand der Rechtebits in der Inode der Datei einer Datei, ob er den Zugriff auf die Datei ausführen wird oder nicht. Entscheidend für die Interpretation dieser Rechtebits ist noch, mit welcher UID und GID der Prozeß abläuft, der auf die Datei zugreifen möchte. Wie man in /usr/include/linux/sched.h nachlesen kann, hat ein struct task_struct in Linux die Felder\n#define NGROUPS 32 unsigned short uid,euid,suid,fsuid; unsigned short gid,egid,sgid,fsgid; int groups[NGROUPS]; Linux unterscheidet sich hier von einem normalen UNIX: Für Zugriffe auf Dateien sind die Felder fsuid, fsgid und groups[] relevant, während ein normales UNIX euid und egid verwendet. Natürlich unterscheidet sich Linux nicht so sehr von einem normalen UNIX, daß es inkompatibel wäre: Normalerweise ist die fsuid/fsgid mit der euid/egid des Prozesses identisch. Die Zugriffe auf Dateien erfolgen also mit der sogenannten effektiven User-ID und Group-ID eines Prozesses.\nKasten 2 zeigt, wie man feststellen kann, unter welchen IDs Zugriffe erfolgen.\nExperiment 2 kris@white:~$ id uid=100(kris) gid=20(users) groups=20(users),11(floppy) kris@white:~$ su - Password: root@white:~# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy) root@white:~# exit kris@white:~$ id marit uid=101(marit) gid=20(users) groups=11(floppy) kris@white:~$ ls -l /tmp/bash -rwsr-xr-x 1 root root 295940 Nov 29 12:07 /tmp/bash kris@white:~$ /tmp/bash kris@white:~# id uid=100(kris) gid=20(users) euid=0(root) groups=20(users),11(floppy) Jemand, der als kris eingeloggt ist, greift normalerweise mit der UID 100, der GID 20 und den Einträgen 20 und 11 im Feld groups[] auf Dateien zu. Ein Systemverwalter dagegen hat die UID und die GID 0 und noch weitere Einträge im Feld groups[]. Mit einem Usernamen als Parameter kann man auch die IDs anderer Benutzer abfragen.\nEffektive und reale UID und GID müssen nicht immer übereinstimmen: Werden Programme mit gesetztem Set User ID-Bit ausgeführt, kann sich die effektive UID eines Prozesses ändern - was set user id genau ist und was das Bit bewirkt, werden wir später noch klären.\nWir halten fest: Dateien haben genau einen Eigentümer und gehören zu genau einer Gruppe, während ein Prozeß einen Eigentümer hat, aber zu bis zu 32 Gruppen gehören kann. Zugriffsrechte werden an Dateien in 12 Bit vermerkt. Die Interpretation dieser 12 Bit hängt ab vom Typ der Datei und von der Identität des zugreifenden Prozesses.\nWo werden die Rechte geprüft? Linux prüft Zugriffsrechte mit Hilfe der Funktion permission(). Sie ist in /usr/src/linux/fs/namei.c in den Zeilen 91 bis 114 definiert. Ein Parameter von permission() ist ein Zeiger auf die I-Node der Datei, auf die zugegriffen wird. Außerdem muß der Funktion noch gesagt werden, welche Art von Zugriff auf die Datei gewünscht wird. /usr/include/linux/fs.h definiert dazu in den Zeilen 35 bis 37 die Werte MAY_EXEC, MAY_WRITE und MAY_READ, die zu einer mask zusammengebaut werden können. Der Kasten zeigt den Quelltext von permission() und die Definitionen aus fs.h.\nExperiment 3 /usr/src/linux/fs/namei.c: 91 /* 92 * permission() 93 * 94 * is used to check for read/write/execute permissions on a file. 95 * We use \u0026#34;fsuid\u0026#34; for this, letting us set arbitrary permissions 96 * for filesystem access without changing the \u0026#34;normal\u0026#34; uids which 97 * are used for other things.. 98 */ 99 int permission(struct inode * inode,int mask) 100 { 101 int mode = inode-\u0026gt;i_mode; 102 103 if (inode-\u0026gt;i_op \u0026amp;\u0026amp; inode-\u0026gt;i_op-\u0026gt;permission) 104 return inode-\u0026gt;i_op-\u0026gt;permission(inode, mask); 105 else if ((mask \u0026amp; S_IWOTH) \u0026amp;\u0026amp; IS_IMMUTABLE(inode)) 106 return -EACCES; /* Nobody gets write access to an immutable file */ 107 else if (current-\u0026gt;fsuid == inode-\u0026gt;i_uid) 108 mode \u0026gt;\u0026gt;= 6; 109 else if (in_group_p(inode-\u0026gt;i_gid)) 110 mode \u0026gt;\u0026gt;= 3; 111 if (((mode \u0026amp; mask \u0026amp; 0007) == mask) || fsuser()) 112 return 0; 113 return -EACCES; 114 } /usr/include/linux/kernel.h: 68 #define fsuser() (current-\u0026gt;fsuid == 0) /usr/include/linux/fs.h: 35 #define MAY_EXEC 1 36 #define MAY_WRITE 2 37 #define MAY_READ 4 Die Funktion permission() ist der zentrale Kontrollpunkt für Zugriffsrechte. An ihr kann man sehen, nach welchem Verfahren Linux die Zugriffsrechte prüft.\nDer Algorithmus, nach dem permission() die Zugriffsrechte prüft, ist sehr einfach: Zunächst einmal (Zeile 103-104) wird festgestellt, ob für die zu prüfende I-Node im Feld i_op-\u0026gt;permission() der I-Node Struktur eine dateisystemspezifische permission()-Routine definiert ist. Auf diese Weise können Dateisysteme, die erweiterte oder von UNIX verschiedene Zugriffsrechte implementieren, ihre eigene Routine zum Testen des Zugriffs bereitstellen. Derzeit (Kernel 1.2.13) tut dies nur das ext2-Dateisystem mit der Funktion ext2_permission(), die in /usr/src/linux/fs/ext2/acl.c definiert ist (und die in Kernel 1.2.13 nichts anderes tut als Zeilen 107-113 der normalen permission()-Funktion, also noch vollkommen sinnlos ist).\nDie Zeilen 105-106 prüfen dann, ob die Datei als immutable file (unveränderliche Datei) gekennzeichnet ist. Wenn dies der Fall ist und in mask MAY_WRITE gesetzt ist, wird der Zugriff auf die Datei verweigert und der Fehler permission denied (EACCES) zurückgegeben. Der Code verwendet in Zeile 105 seltsamerweise die Definition S_IWOTH (das Schreibrecht für other aus der Includedatei linux/stat.h) anstatt korrekterweise die Definition MAY_WRITE zu verwenden. Da aber beide Definitionen den Wert 2 haben, kommt es nicht zu einem Fehler. Da das ext2-Dateisystem eine eigene permission()-Routine bereitstellt, die den Test auf immutable files nicht enthält, kann man dort unveränderliche Dateien beschreiben. Das ist ein Fehler, denn an anderen Stellen kennt das ext2-Dateisystemen IS_IMMUTABLE() und nimmt Rücksicht darauf.\nDer entscheidende Code befindet sich dann in den Zeilen 107-113: current bezeichnet den struct task des aktuellen Prozesses, also desjenigen Prozesses, der soeben versucht hat, auf eine Datei zuzugreifen und dessen Zugriffsrechte jetzt geprüft werden müssen. Falls die fsuid dieses Prozesses mit der i_uid der Datei übereinstimmen, werden die Zugriffsrechte des linken rwx-Tripels der Datei für die Rechteprüfung verwendet (Zeilen 107 und 108). Andernfalls prüft Linux mit der Funktion in_group_p(), ob irgendeine GID des aktuellen Prozesses mit der i_gid der Datei übereinstimmt. Ist dies der Fall, werden die Zugriffsrechte des mittleren rwx-Tripels verwendet (Zeilen 109-110). Ist weder eine Übereinstimmung der User- noch der Group-IDs zu finden, werden die Defaultzugriffsrechte aus dem rechten Tripel verwendet.\nDie Funktion in_group_p() ist in /usr/src/linux/kernel/sys.c in den Zeilen 585-599 definiert. Sie testet, ob ihr Argument gleich der fsgid des aktuellen Prozesses ist oder ob das Argument gleich einer der Gruppen aus dem groups[]-Array des Prozesses ist. Der Name der Funktion erklärt sich aus der \u0026ldquo;p-convention\u0026rdquo; (siehe Jargon-File, ursprünglich eine Sitte aus dem Bereich der LISP-Programmierung): Es handelt sich um ein Prädikat, also eine Funktion, die entweder true oder false liefert, je nachdem ob die zu prüfende Aussage wahr oder falsch ist.\nDie Bedingung in Zeile 111 entscheidet jetzt, ob der Zugriff auf eine I-Node gewährt wird oder nicht. Wenn mindestens die in mask gewünschten Rechtebits in den durch mode schon in Zeile 101 vorab ermittelten Rechten enthalten sind oder der Zugriff mit Superuser-Privilegien erfolgt (fsuser() ist wahr), wird der Zugriff auf die Datei gewährt. In allen anderen Fällen wird ein Fehler permission denied (EACCES) geliefert.\nWir halten fest: Einzelne Dateisysteme können besondere Rechteroutinen haben. Im Normalfall gelten aber die Userrechte für den Eigentümer einer Datei, die Gruppenrechte für jeden, der Mitglied in der Gruppe der Datei ist und die Other-Rechte für alle anderen. Die Prüfung dieser Rechte erledigt Linux an einer zentralen, leicht wartbaren Stelle im System.\nPfade, und Rechte entlang des Pfades Alle UNIX-Kernelfunktionen, die mit Dateien hantieren, nehmen Pfadnamen als Parameter an. Intern verwendet Linux jedoch wie alle Unices ausschließlich I-Nodes, um mit Dateien zu arbeiten. Die Umwandlung eines Pfadnamens in eine I-Node übernimmt in Linux eine von mehreren leicht unterschiedlichen namei()-Funktionen, die in /usr/src/linux/fs/namei.c definiert sind.\nnamei() bekommt, vereinfacht dargestellt, einen Pfadnamen und die I-Node eines Verzeichnisses als Startpunkt übergeben. In diesem Verzeichnis wird mittels der Funktion lookup() die I-Node der ersten Komponente des Pfadnamens gesucht. Diese I-Node wird jetzt als Startpunkt genommen, um die nächste Komponente des Pfadnames durch lookup() suchen zu lassen und so weiter bis zum Ende des Pfades. Am Ende des Pfades ist das Ergebnis dieser Operation genau die I-Node des Verzeichnisses, das durch den Pfadnamen bezeichnet wird.\nDer Code von lookup() ist nicht ganz so einfach wie diese Erklärung, weil er so unschöne Dinge wie Mountpoints, \u0026ldquo;..\u0026quot;-Komponenten im Pfadnamen und ungültige Pfadnamen berücksichtigen muß, aber er ist auch nicht sonderlich kompliziert. Für unsere Zwecke sind jedoch nur wenige Zeilen von lookup() wesentlich:\n/usr/src/linux/fs/namei.c: 163 perm = permission(dir,MAY_EXEC); 181 if (perm != 0) { 182 iput(dir); 183 return perm; 184 } Um in einem Verzeichnis einen Namen nachschlagen zu können, muß der aufrufende Prozeß das x-Recht an diesem Verzeichnis haben. Hat er dieses x-Recht nicht, schlägt der Aufruf fehl - ganz gleich, welche Kernelfunktion aufgerufen wurde. Die Folgen können ziemlich fatal sein, wie Experiment 4 demonstriert.\nExperiment 4 Warnung: Dieses Experiment darf nur durchgeführt werden, wenn in einem zweiten Fenster noch eine weitere Rootshell aktiv ist. Andernfalls kann man sich so die Systeminstallation ruinieren.\nkris@white:~$ ls -ld / drwxr-xr-x 20 root root 1024 Nov 29 22:29 / kris@white:~$ su - root@white:~# chmod go-x / root@white:~# ls -ld / drwxr--r-- 20 root root 1024 Nov 29 22:29 / root@white:~# exit kris@white:~$ ls csh: /bin/ls: Permission denied kris@white:~$ su csh: /bin/su: Permission denied In einem anderen Fenster mit einer aktiven Rootshell:\nroot@white:~# chmod 755 / Das Hauptverzeichnis / hat normalerweise die Rechte 755. Jeder Benutzer hat also x-Recht am Verzeichnis / und kann damit absolute Pfadnamen auflösen. Nimmt man dem Root-Verzeichnis die x-Rechte, kann kein normaler Benutzer mehr absolute Pfadnamen auflösen und jeder Aufruf eines Systemkommandos schlägt fehl. Insbesondere ist auch kein su mehr möglich, um die Operation rückgängig zu machen. Daher muß schon vor dem Beginn des Experimentes eine zweite, aktive Rootshell bereitstehen, um die Zugriffsrechte wieder zu reparieren.\nWir halten fest: Jede richtige Antwort auf die Frage \u0026ldquo;Welche Rechte braucht man, um mit einer Datei eine bestimmte Operation (Öffnen, Löschen, Umbenennen und so weiter) durchführen zu können?\u0026rdquo; muß mit den Worten \u0026ldquo;Man braucht die x-Rechte an den Verzeichnissen entlang des Pfades und \u0026hellip;\u0026rdquo; beginnen. Ohne diese x-Rechte kann der Pfadname von Linux nicht aufgelöst werden und was immer sich an seinem Ende befindet, ist nicht zugreifbar. Weil wirklich jede Antwort mit diesem Halbsatz beginnen muß, wird er oft weggelassen - vergessen darf man ihn trotzdem nicht! Die einzelne Operation (open(2), unlink(2), rename(2) und so weiter) kann dann noch zusätzlich weitere Zugriffsrechte verlangen.\nLese- und Schreibrechte an Dateien Welche Zugriffsrechte werden nun wirklich benötigt, um eine Datei zu öffnen? Auch dies können wir im Linux-Kernel nachlesen: In /usr/src/linux/fs/open.c befindet sich der Code des Systemaufrufes open(2). Die Funktion sys_open(), die diese Kernelfunktion realisiert, ist nur sehr kurz. Sie tut kaum mehr, als do_open() in derselben Datei mit den richtigen Parametern aufzurufen. Der Code von do_open() beschäftigt sich hauptsächlich mit der Verwaltung der Dateitabelle des Kernels und ist für die Klärung unserer Frage nicht interessant.\nDie eigentliche Arbeit des Öffnens der Datei überläßt er der Funktion open_namei(), die wie bereits erklärt, den filename in eine I-Node umwandelt. Der Aufruf findet sich in Zeile 442 in open.c:\n442 error = open_namei(filename,flag,mode,\u0026amp;inode,NULL); Dabei ist filename der Name der zu öffnenden Datei, flag der Modus, in dem die Datei geöffnet werden soll (O_RDONLY, O_CREAT und so weiter) und mode ist nur interessant, wenn die Datei angelegt werden soll: Dann soll sie mit den in mode angegebenen Wunschrechten angelegt werden. In inode liefert die Funktion die I-Node der geöffneten Datei zurück.\nDer Code von open_namei() steht dann in /usr/src/linux/fs/namei.c, von dem wir uns ja weiter oben schon Teile angesehen haben. open_namei() ist eine lange Funktion, sie erstreckt sich von Zeile 333 bis Zeile 439. Die Umwandlung des filename-Parameters in die inode erfolgt in zwei Schritten. In einem ersten Schritt wird mithilfe von dir_namei() erst einmal die I-Node des Verzeichnisses lokalisiert, in dem sich die zu öffnende Datei befindet. Der zweite Schritt ist dann leicht unterschiedlich, je nachdem, ob die die öffnende Datei bereits existiert oder ob sie wegen eines gesetzten O_CREAT erst noch erzeugt werden muß.\nIn Zeile 342 von namei.c wird zunächst die I-Node des Verzeichnisses lokalisiert, in dem eine Datei geöffnet werden soll. Das ist der erste Schritt zum Öffnen der Datei.\n342 error = dir_namei(pathname,\u0026amp;namelen,\u0026amp;basename,base,\u0026amp;dir); Dabei wird von dir_namei() die Variable basename mit dem Namen der Datei im Verzeichnis belegt, namelen mit der Länge dieses Namens. dir ist ein Zeiger auf die I-Node des Verzeichnisses, indem die Datei geöffnet werden soll, das eigentliche Ergebnis dieses Aufrufes (und wird in Zeile 361 weiterverwendet). Wenige Zeilen später wird fallweise unterschieden, ob eine Datei angelegt werden soll oder nicht (Zeile 359).\nSoll eine Datei angelegt werden, muß überprüft werden, ob eine Datei dieses Namens schon existiert (Zeile 361). Wenn dies der Fall ist und außerdem O_EXCL als Parameter beim open() angegeben war, muß das open() fehlschlagen (Zeile 362-366).\nExistiert die Datei im Verzeichnis noch nicht, kann versucht werden, sie zu erzeugen. Dazu müssen w- und x-Recht am Verzeichnis vorhanden sein, daß die Datei einmal enthalten soll (Zeile 367). Außerdem muß eine create-Funktion in den I-Node-Operations für das Verzeichnis definiert sein (Zeile 369-370). Ist dies nicht der Fall, wird ebenfalls permission denied gemeldet.\nAuf Dateisystemen, die read-only angemeldet sind, dürfen selbstverständlich ebenfalls keine Dateien angelegt werden (Zeile 371-372). Erst wenn alle diese Vorbedingungen erfüllt sind, darf die Datei wirklich angelegt werden und ist damit geöffnet.\nWir halten fest: Um eine Datei in einem Verzeichnis neu anlegen zu können, wird also das x-Recht an allen Verzeichnissen entlang des Pfades dieser Datei benötigt und das w- und das x-Recht an dem Verzeichnis, in dem die Datei neu anzulegen ist.\n359 if (flag \u0026amp; O_CREAT) { 361 error = lookup(dir,basename,namelen,\u0026amp;inode); 362 if (!error) { 363 if (flag \u0026amp; O_EXCL) { 364 iput(inode); 365 error = -EEXIST; 366 } 367 } else if ((error = permission(dir, MAY_WRITE | MAY_EXEC) 368 ; /* error is already set! */ 369 else if (!dir-\u0026gt;i_op || !dir-\u0026gt;i_op-\u0026gt;create) 370 error = -EACCES; 371 else if (IS_RDONLY(dir)) 372 error = -EROFS; 373 else { 375 error = dir-\u0026gt;i_op-\u0026gt;create(dir,basename,namelen,mode,res_inode); 379 } 381 } else Soll dagegen eine bereits existierende Datei geöffnet werden, muß zunächst ihr Name im Verzeichnis gesucht werden, um eine I-Node für diese Datei zu bekommen (Zeile 382).\nEs kann sein, daß die so gefundene I-Node nicht die I-Node der wirklich zu öffnenden Datei ist, sondern daß es sich um ein Symlink handelt. Ein Aufruf von follow_link() regelt dies (Zeile 387).\nDer folgende Code stellt dann sicher, daß ein Verzeichnis niemals zum Schreiben geöffnet werden darf (Zeile 390-393). Wäre dies nicht so, könnte man in Verzeichnissen beliebige I-Node-Nummern eintragen und so die Zugriffsrechte entlang des Pfades unterlaufen.\nDer eigentliche Rechtetest erfolgt dann in den Zeilen 394-397, in denen die gewünschten Zugriffsrechte in flag mit den vorhandenen Rechten in der inode verglichen werden. Nach diesen Zeilen folgt weiterer Code, der Gerätedateien in mit nodev gemounteten Dateisystemen, read-only Dateisysteme, append-only Files und die Option O_TRUNC beim Öffnen behandelt, uns hier aber bei unserer Frage nichts neues bringt.\n382 error = lookup(dir,basename,namelen,\u0026amp;inode); 387 error = follow_link(dir,inode,flag,mode,\u0026amp;inode); 390 if (S_ISDIR(inode-\u0026gt;i_mode) \u0026amp;\u0026amp; (flag \u0026amp; 2)) { 391 iput(inode); 392 return -EISDIR; 393 } 394 if ((error = permission(inode,ACC_MODE(flag))) != 0) { 395 iput(inode); 396 return error; 397 } Wir halten fest: Beim Öffnen einer vorhandenen Datei wird das x-Recht an allen Verzeichnisses entlang des Pfade dieser Datei benötigt und das passende r- und/oder w-Recht an der Datei selbst.\nOffenbar ist das Öffnen einer Datei und die Kontrolle der Zugriffsrechte für ein Betriebssystem eine recht anstrengende und langsame Angelegenheit. Neben der zeitraubenden Umwandlung von Pfadnamen in I-Nodes müssen auch noch zahlreiche Rechteflags an allen Verzeichnissen und an der Datei selbst kontrolliert werden und zahlreiche Sonderfälle berücksichtigt werden.\nZum Glück ist dieser ganze Aufwand auf das Öffnen einer Datei beschränkt. Ist die Datei erst einmal geöffnet, findet keine weitere Rechtekontrolle mehr statt. read() und write() können sich also auf ihre eigentliche Aufgabe, das Datenschaufeln, konzentrieren und müssen sich nicht mit der Kontrolle von Zugriffsrechten herumschlagen.\nAusführungsrechte an Dateien Um das x-Recht an Dateien zu verstehen, müssen wir uns den Systemaufruf execve(2) ansehen. Dieser Systemaufruf ist die einzige Methode, um in UNIX ein neues Programm zu laden. In Linux, das auf mehr als einer Prozessorplattform ablaufen kann, ist ein Teil des Aufrufes systemspezifisch. Für Intel-Prozessoren befindet sich in /usr/src/linux/arch/i386/kernel/process.c der Code von sys_execve(), der die Parameter des Systemaufrufes beschafft und dann den plattformunabhängigen Code in /usr/src/linux/fs/exec.c aufruft. Der Funktion do_execve() werden außer dem Namen der zu startenden Binärdatei auch noch ein Feld von Parameterstrings und ein Feld von Environmentvariablen sowie ein Satz initiale Prozessorregister mitgegeben.\ndo_execve() beschafft sich durch einen Aufruf von open_namei() zunächst einmal die I-Node der auszuführenden Datei. Weiter oben ist schon gezeigt worden, daß dies nur gelingen kann, wenn auf allen Verzeichnissen entlang des Pfades zu dieser Datei x-Rechte vorhanden sind.\nDer folgende Code stellt sicher, daß die ausführbare Datei ein regular file ist. Wenn das Dateisystem mit der Option noexec gemountet ist, schlägt der Aufruf von execve() in jedem Fall fehl, ebenso wenn der Superblock zugehörigen Dateisystems nicht erreichbar ist.\nNach diesen elementaren Überprüfungen folgt der Code, der set user id/set group id handhabt und das x-Recht testet.\nAusführungsrecht und SUID/SGID beim execve() Systemaufruf /usr/src/linux/fs/exec.c: 586 i = bprm.inode-\u0026gt;i_mode; 587 if (IS_NOSUID(bprm.inode) \u0026amp;\u0026amp; (((i \u0026amp; S_ISUID) \u0026amp;\u0026amp; bprm.inode-\u0026gt;i_uid != current-\u0026gt; 588 euid) || ((i \u0026amp; S_ISGID) \u0026amp;\u0026amp; !in_group_p(bprm.inode-\u0026gt;i_gid))) \u0026amp;\u0026amp; !suser()) { 589 retval = -EPERM; 590 goto exec_error2; 591 } 592 /* make sure we don\u0026#39;t let suid, sgid files be ptraced. */ 593 if (current-\u0026gt;flags \u0026amp; PF_PTRACED) { 594 bprm.e_uid = current-\u0026gt;euid; 595 bprm.e_gid = current-\u0026gt;egid; 596 } else { 597 bprm.e_uid = (i \u0026amp; S_ISUID) ? bprm.inode-\u0026gt;i_uid : current-\u0026gt;euid; 598 bprm.e_gid = (i \u0026amp; S_ISGID) ? bprm.inode-\u0026gt;i_gid : current-\u0026gt;egid; 599 } 600 if ((retval = permission(bprm.inode, MAY_EXEC)) != 0) 601 goto exec_error2; 602 if (!(bprm.inode-\u0026gt;i_mode \u0026amp; 0111) \u0026amp;\u0026amp; fsuser()) { 603 retval = -EACCES; 604 goto exec_error2; 605 } Im Rahmen der Funktion do_execve() werden das SUID- und SGID-Bit der auszuführenden Datei geprüft und Linux bestimmt, unter welcher euid und egid das Programm zur Ausführung kommt. Danach wird getestet, ob ausreichende Rechte vorhanden sind, um das Programm starten zu dürfen.\nZunächst bestimmt der Kernel die Rechtebits der auszuführenden Datei (Zeile 586). Falls das Dateisystem, auf dem sich diese Datei befindet, mit der Option nosuid angemeldet ist und die Ausführung der Datei einen Wechsel der effektiven User-ID oder Group-ID bewirken würde, darf nur der Superuser die Datei ausführen (Zeilen 587-591). Danach wird bestimmt, unter welcher UID und GID das neue Programm zur Ausführung kommen wird.\nFalls das Programm zur Zeit mittels ptrace() in einem Debugger bearbeitet wird, werden sich seine Rechte nicht ändern (Zeilen 592-595). Auf diese Weise wird verhindert, daß man durch tracen eines SUID-Programmes und nachträgliches Verändern seines Codes zusätzliche Rechte gewinnen könnte.\nBei normalen Programmen (Zeilen 596-599) wird die effektive UID aus der I-Node der auszuführenden Datei übernommen, wenn das SUID-Bit an der Datei gesetzt ist, andernfalls wird die UID des Vorläufers ererbt. Analog wird mit der GID verfahren.\nDer Kernel wird das Programm jedoch nur ausführen, wenn die permission()-Funktion feststellt, das MAY_EXEC-Recht vorhanden ist (Zeilen 600-601). Auch ein Superuser kann eine Datei nicht als Programm starten, wenn nicht wenigstens irgendein x-Recht an der Datei vorhanden ist (Zeilen 602-603).\nDer folgende, sehr umfangreiche Code beschäftigt sich dann mit dem Handling von Shellscripten, die durch einen #!-Kommentar eingeleitet werden. Erst ab Zeile 701 kann der Kernel versuchen, tatsächlich ein Programm mit den gegebenen Eigenschaften auszuführen.\nWir halten fest: Um ein Programm starten zu dürfen, muß außer den x-Rechten an den Verzeichnissen entlang des Pfades auch das x-Recht an der Datei vorhanden sein. Ein Superuser kann eine Datei immerhin dann als Programm starten, wenn wenigsten irgendein x-Recht an der Datei vorhanden ist. Wenn das SUID-Bit an der zu startenden Datei gesetzt ist, wird die Datei unter der euid des Dateieigentümers ausgeführt, sonst unter der euid des aufrufenden Prozesses - Prozesse mit einer bestehenden Verbindung zu einem Debugger werden jedoch aus Sicherheitsgründen immer nur unter der euid des aufrufenden Prozesses ausgeführt. Analog wird auch mit dem SGID-Bit verfahren.\nExperiment 5 root@white:/tmp# cat \u0026gt;\u0026gt; x #! /bin/sh -- id root@white:/tmp# chmod 6555 x root@white:/tmp# ls -l x -r-sr-sr-x 1 root root 18 Dec 10 21:14 x root@white:/tmp# exit kris@white:~$ /tmp/x uid=100(kris) gid=20(users) groups=20(users),11(floppy) Shellscripte mit gesetztem SUID- und SGID-Bit werden trotzdem mit normalen euid- und egid-Werten aufgerufen.\nExperiment 5 zeigt, wie der Kernel mit Shellscripten umgeht, die mit SUID- oder SGID-Rechten versehen sind. Das liegt daran, daß bei der Interpretation von #!-Zeichen der Name des auszuführenden Programmes verändert wird und danach der execve()-Aufruf komplett neu gestartet wird. Aus dem Aufruf von /tmp/x wird so durch die Interpretation der #!-Zeile der Aufruf /bin/sh -- /tmp/x, der vom Kernel komplett neu bewertet wird.\nAn /bin/sh ist aber weder das SUID- noch das SGID-Bit gesetzt, also wird die Shell mit normalen Rechten gestartet. Daß es sich bei einem Parameter des Aufrufes um den Namen einer Datei handelt, an der SUID und SGID gesetzt sind, darf den Kernel nicht interessieren und die Shell wertet es nicht aus - sie könnte es auch nicht, wenn sie wollte. Dieser Effekt ist durchaus beabsichtigt: Ein nichttriviales Shellscript zu schreiben, daß sicher und ohne Lücken für eventuelle Hacker unter einer fremden User-ID laufen kann, ist so gut wie unmöglich.\nRückblick Wie wir gesehen haben, findet die Kontrolle der Zugriffsrechte an Dateien in Linux so gut es geht zentral statt. Wenige Funkionen wie permission() und die Funktionen der namei()-Familie spielen dabei eine sehr wichtige Rolle. Trotzdem muß jeder Systemaufruf noch für sich selbst die Rechte des aufrufenden Prozesses an der Datei testen, die durch den Systemaufruf manipuliert werden soll. Dabei müssen viele Sonderfälle wie immutable files, append only directories und andere exotische Dinge beachtet werden. Wollte man eine vollständige und genaue Aufstellung von Zugriffsrechten in Linux machen, müßte man eine Liste von Systemaufrufen machen und für jeden Systemaufruf eine vollständige Liste von Vorbedingungen aufschreiben. Ein Eintrag würde sich dann in etwa so lesen:\nunlink: unlink() löscht eine Datei mit einem gegebenen Pfadnamen, wenn alle Verzeichnisse entlang des Pfades x-Recht haben, der Name der Datei im letzten Verzeichnis nicht leer (\u0026rdquo;\u0026quot;) ist, das Dateisystem nicht read only ist, am enthaltenden Verzeichnis w- und x-Recht bestehen, das enthaltende Verzeichnis nicht append only ist und für die I-Node der Datei eine unlink()-Operation definiert ist. Diese unlink()-Operation kann jedoch noch weitere Bedingungen an die Entfernung einer Datei stellen (das ext2-Dateisystem macht dies zum Beispiel, wenn das t-Bit am enthaltenden Verzeichnis gesetzt ist). Letztendlich wird eine solche Tabelle jedoch sehr unübersichtlich und lang. Man sieht, daß Zugriffsrechte in UNIX im allgemeinen und Linux im besonderen nur auf den ersten Blick einfach und harmlos aussehen. Wenn man über das einfache rwx hinausgeht, wird die ganze Angelegenheit ziemlich kompliziert und unübersichtlich, da viele Sonderfälle betrachtet werden müssen. Zum Glück kommen solche Sonderfälle in einer normalen Installation nur sehr selten vor, denn sonst würde das eingangs erwähnte Kapitel 2 eines UNIX-Handbuches sehr lang werden \u0026hellip;\n","date":"1996-03-01T00:00:00Z","href":"https://blog.koehntopp.info/1996/03/01/rwx-sonst-nix.html","tags":["lang_de","publication","unix"],"title":"rwx - sonst nix?"},{"categories":null,"content":"erschienen in der iX 1/96\nText des Artikels Samba im Internet Eine Standardkonfiguration Samba 1.9 Samba ist ein Softwarepaket für Unix, das Microsoft Lan Manager Server-Funktionen erbringt. Ursprünglich von Andrew Tridgell, einem Studenten an der Australian National University, Canberra erstellt, ist es inzwischen unter der GNU General Public License verfügbar. Andrew Tridgell, ein Student an der Australian National University Canberra, stand Ende 1991 vor dem Problem, einen Fileserver für SUN Workstations haben zu müssen, der zu DEC Pathworks für kompatibel ist. Ohne Informationen über die Art des verwendeten Protokolls zu haben, gelang es ihm schon nach wenigen Tagen, das verwendete Protokoll in Teilen zu reverse engineeren. Erst nachdem eine allererste Version seines Servers schon fertiggestellt war, wies man ihn auf das in RFC 1001 und 1002 definierte \u0026ldquo;NetBIOS on a TCP/UDP transport\u0026rdquo; Protokoll hin. Im Januar wurde die erste Version seines \u0026ldquo;Server 0.1\u0026rdquo; Paketes auf dem Netz veröffentlicht. Es sollte jedoch noch bis Ende 1993 dauern, bis Tridgell durch den Einsatz von Linux und die Notwendigkeit, mit PCs unter DOS, Windows und OS/2 zu kommunizieren, die Weiterentwicklung von Samba wieder aufnahm.\nHeute ist Samba ein relativ ausgereiftes, standardkonformes und vor allen Dingen hochportables Softwarepaket, das auf den meisten UNIX-Versionen problemlos installierbar ist und die Möglichkeit bietet, Verzeichnisse und Drucker an PC-Betriebssysteme zu exportieren. Samba konkurriert hier mit dem von SUN definierten Network File System (NFS).\nFür den Systemadministrator in einem heterogenen Netzwerk von UNIX-Servern und Client-PCs ist Samba dabei wahrscheinlich attraktiver als NFS, denn in den meisten Fällen stehen wenigen UNIX-Servern viele Client-PCs gegenüber. Beim Einsatz von NFS könnte zwar das mit den meisten UNIX-Versionen mitgelieferte Serverpaket verwendet werden, aber für die Clients müßten nicht nur viele Client-Lizenzen von PC-NFS oder etwas vergleichbarem angeschafft werden, sondern diese Software müßte auch netzwerkweit installiert und gewartet werden. Windows für Workgroups, Windows 95, Windows NT und OS/2 sprechen aber schon von Haus aus das Lan Manager Protokoll und so ist es effizienter, den wenigen Servern dieses Protokoll beizubringen und auf den Clients mitgelieferte Software zu verwenden. Diesen Weg geht Samba.\nDa der Samba-Server ein reiner Usermode-Server ist, also ein ganz normales Anwendungsprogramm, ist es möglich, auch Verzeichnisse per Samba zu reexportieren, die der Server per NFS gemountet hat. Auf diese Weise entsteht eine Protokollbrücke von NFS nach SMB. Dabei ist natürlich der Performanceverlust durch doppelten Netzzugriff in Kauf zu nehmen. Auf der anderen Seite ist Samba unter der GNU GPL frei zur Verfügung stehende Software und so steht der Installation des Samba-Servers auf allen Servermaschinen nichts im Weg.\nEs soll jedoch nicht verschwiegen werden, daß Samba aus der Sicht eines UNIX-Systemverwalters schwerwiegende Nachteile hat. Als Protokoll, das in der PC-Welt entstanden ist, kennt Samba kein Konzept eines Dateieigentümers. Die Zugriffe auf Ressourcen erfolgen oft mit unklaren Userrechten oder scheinbar willkürlich gewählten Paßworten. Betriebssysteme wie Windows für Workgroups und Windows'95, die dem Benutzer zwar einen Namen geben, dann aber Netzwerkzugriffe ohne oder unter anderen Namen erzeugen, machen die Sache nicht leichter. Dazu kommt, daß die Familie der Windows-Betriebssysteme die Groß-/Kleinschreibung von Paßworten in einigen Kombinationen von Betriebssystem/Paßwort verändern. Samba hat eine ganze Reihe Mechanismen, um diesem Problem abzuhelfen, aber der Verwaltungsaufwand ist anfangs trotzdem höher als bei einer typischen NFS-Installation.\nNovell hat versucht, das Super Network Operating System durch Verschmelzung der zugekauften UNIX-Quellen mit ihrem eigenen Serverbetriebssystem zu bauen und ist gescheitert. Klammheimlich hat das frei verfügbare Linux gelernt, die meisten Netzwerkprotokolle zu sprechen und ist auf dem besten Wege, eben dieses SuperNOS zu werden.\nInstallation Die Installation gestaltet sich relativ einfach. Nach dem Auspacken ist das Makefile im source/-Verzeichnis nach den eigenen Wünschen anzupassen. Dabei ist es hilfreich, nicht nur die gewünschten Pfadnamen einzutragen, sondern auch schon den Namen der gewünschten Arbeitsgruppe in der Variablen WORKGROUP einzutragen und einen speziellen Gastaccount, der nur für SMB genutzt wird, in GUESTACCOUNT einzucompilieren. Diese Defaults sind zwar auch zur Laufzeit änderbar, aber anpassen im Quelltext erspart das Schreiben von Konfigurationsdateien. Weiterhin sind noch die gewünschten make-Optionen für den verwendeten Betriebssystemtyp zu aktivieren. Danach steht einem make nichts mehr im Wege.\nErzeugt werden die Programme\nnmbd: NetBios Name Server. Der Name Server ist in der Lage, Hostnamen auf IP-Nummern abzubilden. Gleichzeitig steuert das Programm aber auch das Browsing, d.h. die Anzeige von exportierten Diensten und übernimmt damit Aufgaben, die bei NFS der mountd wahrnehmen würde. nmblookup: NetBios Name Lookup. Das Programm nimmt in etwa dieselbe Funktion wahr wie nslookup für das DNS, fragt jedoch einen nmbd ab. smbclient: Samba Client. Dient dazu, auf Linux-Seite einen SMB Server zu connecten und Dateien zu übertragen. Die Steuerung erfolgt ähnlich wie bei FTP. Linux bietet auch ein echtes, kernelbasiertes smbfs an, mit dem man einen Server richtig mounten kann. Andere Betriebssysteme sind auf den smbclient angewiesen. smbd: Der eigentliche Fileserver. smbpasswd: Ein Hilfsprogramm des smbd, mit dem Benutzer vom Client aus ihr Paßwort ändern können sollen. Es hat nur dann Funktion, wenn Samba mit der libdes und verschlüsselten Paßworten (siehe Samba im Internet) übersetzt wurde. smbrun: Ein Hilfsprogramm des smbd, mit dem Samba zu Beginn und Ende einer Serverconnection Logbucheinträge erzeugt. smbstatus: Ein sehr einfaches Programm zur Anzeige des Status aller zum Server bestehenden Verbindungen. smbtar: Ein Shellscript, das smbclient verwendet und das ein von einem PC exportiertes Verzeichnis mit tar auf dem Bandlaufwerk des UNIX-Servers sichert. testparm: Syntaxchecker für die Konfigurationsdatei. testprns: Syntaxchecker für die Druckerkonfiguration. Samba besteht aus einer Reihe von Programmen, die zum Betrieb des Servers (Server-Tools) oder zu seinem Test (Client-Tools) dienen.\nEin make install installiert diese Programme und die Manualpages dann im gewünschten Verzeichnis. Damit der Server in Betrieb genommen werden kann, müssen nmbd und smbd entweder als permanent laufende Dämonen gestartet werden oder über passende Einträge in der /etc/inetd.conf bei Bedarf hochgezogen werden.\nFür letzteres sind die Einträge\nnetbios-ns 137/tcp # NETBIOS Name Service netbios-ns 137/udp netbios-dgm 138/tcp # NETBIOS Datagram Service netbios-dgm 138/udp netbios-ssn 139/tcp # NETBIOS session service netbios-ssn 139/udp in der Datei /etc/services notwendig. Dazu passen dann die Zeilen\n# # SMB Samba File Server # netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd -H /usr/local/samba/lib/lmhosts in der /etc/inetd.conf. Der inetd muß nach einer Änderung in seiner Konfigurationsdatei durch ein SIGHUP geweckt werden, damit er die Datei neu einliest.\nTests mit einer einfachen Konfiguration Durch die Verwendung einer lmhosts-Datei kann der Samba-Server als Nameserver für ein Lan Manager Netzwerk dienen. Die lmhosts-Datei entspricht dabei in ihren ersten beiden Spalten einer normalen Hosts-Datei: In der ersten Spalte wird eine IP-Nummer genannt, der in der zweiten Spalte ein Name zugeordnet wird. Mit einer optionalen, dritten Spalte können für einzelne Namen bestimmte Flags gesetzt werden: Der Buchstabe G kennzeichnet einen Namen als den Namen der eigenen Arbeitsgruppe. Die zugehörige Adresse ist die Broadcast-Adresse der betreffenden Arbeitsgruppe. Das Flag S kennzeichnet die Namen und Broadcastadressen weiterer Arbeitsgruppen, in denen die Dienste unseres Servers ebenfalls angepriesen (registriert) werden sollen. Und das Flag M schließlich kennzeichnet diesen Eintrag als den defaultmäßigen Netbios-Namen dieser Maschine.\nDer nächste Schritt ist die Erzeugung der zentralen Konfigurationsdatei. Wenn Samba im Defaultverzeichnis /usr/local/samba installiert worden ist, muß diese Datei in /usr/local/samba/lib/smb.conf angelegt werden. Ihr Aufbau gleicht syntaktisch dem einer WIN.INI-Datei von MS-Windows: Sie besteht aus Abschnitten, die jeweils durch einen Namen in eckigen Klammern eingeleitet wird. Jeder Abschnitt enthält dann eine Reihe von Zuweisungen der Form Parameter = Wert. Parameter dürfen genau wie Abschnittnamen Leerzeichen enthalten, die Samba ignoriert. Ebenso spielt Gross- und Kleinschreibung keine Rolle.\nJeder Abschnitt der smb.conf definiert einen Service, der von Samba exportiert wird. Ein Service kann dabei ein Drucker oder - häufiger - ein Verzeichnis sein. Samba kennt drei Abschnitte, die besondere Bedeutung haben:\n[global]: In diesem Abschnitt werden besondere, globale Einstellungen für den Server getroffen. [printers]: In diesem Abschnitt kann man alle Drucker der /etc/printcap exportieren. [homes]: In diesem Abschnitt kann man alle Homeverzeichnisse des Servers exportieren. Samba bietet nun buchstäblich Dutzende von Parametern, mit denen man den Server seinen Bedürfnissen anpassen kann. Zum Glück sind die Defaults jedoch so eingestellt, daß man nur wenige dieser Parameter wirklich anpassen muß.\nZum Testen sollte man eine minimale smb.conf anlegen.Sie könnte zum Beispiel so aussehen:\n[global] guest account = smbguest [tmp] comment = temporary files path = /tmp read only = yes Der Account smbguest ist dabei ein User mit minimalen Rechten. Der Abschnitt [tmp] exportiert das lokale /tmp-Verzeichnis read-only an die Welt.\nDie Korrektheit dieser Konfigurationsdatei kann mit dem Kommando\n$ SAM=/usr/local/samba $ $SAM/bin/testparm $SAM/lib/smb.conf | more schnell überprüft werden. testparm liest die Datei ein und zeigt an, ob die Datei syntaktisch korrekt ist. Danach werden die Werte aller internen Konfigurationsvariablen ausgegeben. Auf diese Weise kann man schnell sehen, mit welchen internen Parameterwerten Samba wirklich operiert.\nMit dem smbclient kann man nun ausprobieren, ob das gewünschte Verzeichnis wirklich exportiert wird:\n$SAM/bin/smbclient -L localhost -U% Server time is Thu Nov 23 11:17:01 1995 Timezone is UTC+1.0 Domain=[DAHEIM] OS=[Unix] Server=[Samba 1.9.15p3] Server=[localhost] User=[smbguest] Workgroup=[DAHEIM] Domain=[DAHEIM] Sharename Type Comment --------- ---- ------- tmp Disk temporary files IPC$ IPC IPC Service (Samba 1.9.15p3) This machine has a browse list: Server Comment --------- ------- WHITE Samba 1.9.15p3 MAHAKI Die Meldung \u0026ldquo;bad password\u0026rdquo; an dieser Stelle würde anzeigen, daß der Gastaccount von Samba nicht richtig gesetzt ist oder nicht verwendet werden kann. Auch \u0026ldquo;hosts allow\u0026rdquo; und \u0026ldquo;hosts deny\u0026rdquo;-Einträge, die unseren eigenen Rechner ausschließen, oder \u0026ldquo;valid users\u0026rdquo; und \u0026ldquo;invalid users\u0026rdquo;, die zu strikt gesetzt sind, können zu der Fehlermeldung führen.\nDie Meldung \u0026ldquo;connection refused\u0026rdquo; deutet dagegen darauf hin, daß auf den Samba-Sockets kein Dämon zuhört. Ein häufiger Fehler ist es, den inetd nach Änderungen an der Konfigurationsdatei nicht mit SIGHUP zu wecken. netstat -a zeigt an, ob jemand auf dem Port netbios-ssn zuhört.\nÄhnlich kann man die Funktionsfähigkeit des nmbd überprüfen: Das Kommando\n$ $SAM/bin/nmblookup -B localhost __SAMBA__ Sending queries to 127.0.0.1 193.102.57.4 __SAMBA__ sollte die IP-Adresse des eigenen Servers zurückliefern. Ebenso sollte ein\n$ $SAM/bin/nmblookup -B mahaki \u0026#39;*\u0026#39; Sending queries to 193.102.57.2 193.102.57.2 * die Adresse des Clients zurückliefern. Und schließlich sollten sich bei einem\n$ $SAM/bin/nmblookup -d 2 \u0026#39;*\u0026#39; Netmask for eth0 = 255.255.255.0 Derived broadcast address 193.102.57.255 Using broadcast 193.102.57.255 Sending queries to 193.102.57.255 Got a positive name query response from 193.102.57.2 (193.102.57.2) Got a positive name query response from 193.102.57.4 (193.102.57.4) 193.102.57.4 * alle Teilnehmer des lokalen Netzes melden, falls sie schnell genug sind. Falls Server und Client nicht auf demselben Subnetz sind, ist es notwendig, die korrekte Broadcast-Adresse des entfernten Subnetzes mit der Option -B anzugeben.\nWenn man so sichergestellt hat, daß sich alle Rechner untereinander kennen und einander erreichen können, kann man versuchen, erst einmal lokal auf die exportierten Ressourcen zuzugreifen:\n$ $SAM/bin/smbclient \u0026#34;\\\\\\\\localhost\\\\tmp\u0026#34; Server time is Thu Nov 23 11:28:06 1995 Timezone is UTC+1.0 Password: Domain=[DAHEIM] OS=[Unix] Server=[Samba 1.9.15p3] smb: \\\u0026gt; dir isdnctrl0 226942 Thu Nov 23 10:14:14 1995 crond_running 0 Thu Nov 23 11:28:01 1995 Der Name der verwendeten Ressource wird DOS-Konform mit \\\\rechner\\ressource bezeichnet. Die verwendete Shell macht es jedoch notwendig, Backslashes als \\\\ zu escapen. Die Schreibweise des Kommandos erscheint so etwas merkwürdig. Samba versucht sich unter dem normalen Usernamen anzumelden. Das verlangte Paßwort ist also das normale Paßwort des Accounts. Möchte man unter einem anderen Benutzernamen testen, ist die Option -U username hinter dem Namen der Ressource anzugeben.\nsmbclient arbeitet ähnlich wie ftp und versteht Kommandos wie \u0026ldquo;help\u0026rdquo;, \u0026ldquo;get\u0026rdquo;, \u0026ldquo;put\u0026rdquo; und \u0026ldquo;quit\u0026rdquo;. Wegen der Option read only = yes in der smb.conf schlägt ein \u0026ldquo;put\u0026rdquo; wie erwartet fehl:\nsmb: \\\u0026gt; put username.map ERRDOS - ERRnoaccess (Access denied.) opening remote file \\username.map Wenn dies alles funktioniert, kann man versuchen, vom PC aus auf das Verzeichnis zuzugreifen. Aus einem DOS-Fenster sollte man die exportierten Ressourcen mit\nE:\\users\\default\u0026gt;net view \u0026#34;\\\\white\u0026#34; Freigegebene Ressourcen auf \\\\white Samba 1.9.15p3 Name Typ Lokal Beschreibung ------------------------------------------------------------------------------- tmp Platte temporary files Der Befehl wurde erfolgreich ausgeführt. ansehen. Mit\nE:\\users\\default\u0026gt;net use \u0026#34;\\\\white\\tmp\u0026#34; /user:kris Das Kennwort für \\\\white\\tmp ist ungültig. Geben Sie das Kennwort für \\\\white\\tmp ein: Der Befehl wurde erfolgreich ausgeführt. kann man sich dann beim Server anmelden. Programme, die erweiterte Pfadnamen mit \\\\rechnername verstehen, können jetzt schon auf das Laufwerk zugreifen. Der Samba-Server sollte nun auch im Dateimanager unter \u0026ldquo;Datenträger\u0026rdquo;, \u0026ldquo;Netzwerklaufwerk verbinden\u0026rdquo; sichtbar sein.\nDie Bemerkung \u0026ldquo;Das Kennwort für \u0026hellip; ist ungültig\u0026rdquo; des Windows NT-Servers aus dem Beispiel tritt übrigens auf, weil der Samba Server ohne verschlüsselte Paßworte übersetzt wurde. Wir der Server mit der libdes und der Option encrypted passswords = yes in der smb.conf installiert, erfolgt das Login ohne Rückfrage.\nGeschwindigkeit Samba verwendet ein verbindungsorientiertes und asynchrones Protokoll und unterliegt so nicht den Einschränkungen, die die Geschwindigkeit von NFS begrenzen. Auf der anderen Seite ist der Samba-Server so natürlich nicht so datensicher wie ein NFS-Server. In der Praxis sollte das wenig ausmachen, da die Clients PCs sind und so vermutlich häufiger abstürzen\u0026hellip;\nGeschwindigkeitsprobleme kann es beim Einloggen geben, wenn der Client ein Windows für Workgroups ist und Samba das Loginpaßwort raten muß (siehe Kasten \u0026ldquo;Eine Standardkonfiguration\u0026rdquo;). Falls das richtige Paßwort mehrere Großbuchstaben enthält und die crypt()-Routine des Servers hinreichend langsam ist, können so einige Sekunden vergehen.\nDer Text SPEED.txt aus der Samba-Dokumentation enthält außerdem einige weitere Tips, mit der man die Geschwindigkeit des Servers unter Umständen weiter verbessern kann: Niedrige Debug-Level, große Puffer und überlappende Zugriffe auf Platte und Netzwerk können die Serverperformance weiter steigern.\nAlles in allem erreicht Samba so eine Performance, die einem Windows NT Server oder einem Pathworks Server vergleichbar ist.\nSamba im Internet Die zur Zeit der Entstehung dieses Artikels aktuelle Version von Samba ist 1.9.15, Patch 3.\nDas Homeverzeichnis von Samba ist ftp://nimbus.anu.edu.au/pub/tridge/samba . Da jedoch die Internet-Anbindung von Australien aus der Sicht von Deutschland nicht überragend ist, ist es vorteilhaft, sich Samba von einem der offiziellen Mirrors zu kopieren. Die Dokumentation nennt dazu unter anderem ftp://sunsite.unc.edu/pub/Linux/system/Network/Samba und ftp://ftp.uni-trier.de/pub/unix/network/samba .\nDas Paket liegt außerdem auf vielen deutschen Sunsite-Mirrors und ist praktisch auf jeder besseren Linux CD-ROM auch im Quelltext archviert. Diese Versionen hinken jedoch, wie üblich, um einige Minor-Releases hinterher.\nNicht alle Mirrors archivieren ftp://nimbus.anu.edu.au/pub/tridge/libdes/libdes.tar.92-10-13.gz , weil dies administrative Probleme beim FTP-Verkehr von und nach USA machen würde. Diese Bibliothek ist notwendig, wenn man mit verschlüsselten Paßworten auf dem Netz arbeiten möchte. Clients und Server unter Windows NT verhalten sich ohne verschlüsselte Paßworte jedoch eigenartig.\nSamba hat eine eigene Newsgroup im USENET, comp.protocols.smb, die glücklicherweise nicht sehr überlaufen ist. Außerdem findet man in den einschlägigen Linux-Newsgroups ebenfalls massenweise Fragen und Antworten rund um Samba.\nWer an aktuellen Informationen über Samba interessiert ist, kann sich auf der Mailingliste samba-announce eintragen lassen. Dazu ist es notwendig, eine Mail an listproc@listproc.anu.edu.au zu senden, die im Text (nicht im Subject!) das Kommando subscribe samba-announce Vorname Nachname enthält.\nEs existiert eine weitere Mailingliste, samba, die der Weiterentwicklung von Samba dient. Um sich dort einzuschreiben, ist subscribe samba Vorname Nachname an die oben angegebene Adresse zu senden.\nDie Samba Home-Page ist http://lake.canberra.edu.au/pub/samba/ Eine Standardkonfiguration Die folgende Konfigurationsdatei dürfte die meisten einfachen Anwendungsfälle abdecken:\n[global] ; Gastaccount zuweisen guest account = smbguest ; Nicht alle User auf dem UNIX-Rechner heißen auf dem Windows NT gleich ; Format: ; unixuser = dosalias dosalias2 dosalias3... ; root = administrator admin username map = /usr/local/samba/lib/username.map ; Windows NT erfordert libdes und encrypted passwords, siehe Dokumentation encrypt passwords = yes ; Samba soll Domain Master und Browse Master sein. os level = 33 domain master = yes ; nur Verbindungen von vertrauenswürdigen Hosts zulassen allow hosts = black, white, mahaki ; DOS \u0026#34;share\u0026#34; locking simulieren locking = yes share modes = yes ; Windows NT Protokoll verwenden ; Optionen sind CORE, COREPLUS, LANMAN1, LANMAN2 und NT1 protocol = NT1 ; Dies ist die Workgroup, der wir angehören workgroup = DAHEIM [tmp] comment = Zwischenablage path = /tmp read only = no [faq] comment = Haeufig gestellte Fragen (aus USENET) path = /scratch/faq read only = yes [homes] comment = Homeverzeichnisse browseable = no read only = no create mode = 0750 [printers] comment = Alle Drucker aus /etc/printcap printing = bsd browseable = no load printers = yes read only = yes printable = yes path = /tmp public = yes create mode = 0700 Diese smb.conf`` versucht einen minimalen Sicherheitslevel herzustellen, indem nur Verbindungen von Hosts von vertrauenswürdigen zugelassen werden. Sie exportiert zwei gewöhnliche Verzeichnisse: /tmpread-write und/scratch/faq` read-only.\nAußerdem werden die Drucker der /etc/printcap durch den besonderen Abschnitt [printers] und die Home-Verzeichnisse aller Benutzer durch [homes] exportiert. Beide Abschnitte sind nicht als Browseable gekennzeichnet. Dadurch erscheint nur das Home-Verzeichnis des auf dem Windows-Rechner angemeldeten Benutzers in der Browse-List des Dateimanagers. Ebenso wird nicht [printers] selbst im Druckmanager angezeigt, sondern die Drucker der /etc/printcap werden durch das load printers einzeln angezeigt.\nDadurch, daß das NT1-Protkoll verwendet wird, ist es möglich, auch lange Dateinamen mit Groß-/Kleinschreibung zu verwenden. Auch das LANMAN2-Protokoll kann dies. Windows für Workgroups wandelt alle Paßworte in reine Großschrift um, wenn ein höheres Protokoll als COREPLUS verwendet wird. In diesem Fall versucht Samba, das Paßwort zu raten, indem das übermittelte Paßwort in Groß- und Kleinschrift ausprobiert wird. Mit der Option password level = zahl kann man Samba dazu bewegen, auch Kombinationen von Groß- und Kleinbuchstaben zu testen. Die Zahl bestimmt dabei die maximale Anzahl von Großbuchstaben im Paßwort.\n","date":"1996-01-11T00:00:00Z","href":"https://blog.koehntopp.info/1996/01/11/samba.html","tags":["lang_de","publication","unix"],"title":"Samba"},{"categories":null,"content":"aus \u0026ldquo;Die Netzrevolution - auf dem Weg in die Weltgesellschaft\u0026rdquo;, Rost (Hrsg.), 1996, Frankfurt/ Main: Eichborn-Verlag, 230 Seiten\nDas Internet - unendliche Weiten. Seit einigen Jahren kreuzen Millionen Bürger durch das Netz, um neue Dienste zu entdecken, neue Möglichkeiten und neue Informationen, die andere Menschen für sie geschaffen haben. Cyberspace - der gemeinsame Informationsraum der Menschheit - ist in gewisser Weise genau das Gegenteil des Weltraums.\nIm Weltraum, einer Umgebung, die dem irdischen Leben so fremd ist, wie nur irgend möglich, können wir Dinge finden, sie niemals zuvor ein Mensch (und wahrscheinlich auch sonst niemand) gesehen hat. Wir können an Orte kommen, die niemals zuvor betreten worden sind, um dann dort das Unerwartete und das Fremdartige zu entdecken. Der Weltraum ist die \u0026ldquo;final frontier\u0026rdquo;, die letzte Grenze, die nicht überschritten werden kann, sondern die wir nur vor uns her schieben können. Der Weltraum, das ist das physikalische Universum, die fremdartige Außenwelt, in der wir leben.\nCyberspace ist ebenfalls ein ganzes Universum, aber eines, das nach ganz anderen Regeln funktioniert. Im Gegensatz zum Weltraum, wo wir das Fremde und Nicht-Menschliche zu finden erwarten, können wir im Netz nur Artefakte menschlichen Denkens und Schaffens finden. Das heißt nicht, daß uns diese Artefakte nicht genauso fremdartig erscheinen können, wie die einer Alien-Kultur\u0026hellip;\nWir können im Netz nur das finden, was andere vor uns hineingestellt haben und wir können im Cyberspace nur dahin gehen, wo andere schon vor uns gewesen sind und den \u0026ldquo;Raum\u0026rdquo;, den wir betreten wollen, für uns geschaffen haben. Oder wir können selber neue Räume schaffen, ganze Welten, wenn wir wollen, in denen sich dann andere Bewohner des Netzraumes tummeln können. Denn so ist das Netz entstanden: Am Anfang war im Netz nur die große, unbewohnte Leere. Dann kam der Mensch und sprach - keinen einzelnen Satz, sondern viele hunderttausend Zeilen Quelltext und Dokumente in den unterschiedlichsten Sprachen und Programmiersprachen. Das Resultat ist das Netz, wie der Weltraum eine \u0026ldquo;final frontier\u0026rdquo;.\nIm Unterschied zum Weltraum, der trotz Vakuums eine materielle Welt ist, ist das Netz eine rein virtuelle Welt - eine Welt der Bilder, der Ideen und der Abstraktionen. Trotzdem hat der Informationsraum natürlich einen Bezug zur wirklichen Welt. Er ist nicht nur eine Bilderwelt, sondern auch ein Bild der Welt, geschaffen nach unserem Bilde. Wenn uns Bilder im Cyberspace nicht gefallen, dann ist dies deswegen so, weil uns die Welt nicht gefällt, die abgebildet wird.\nDie Genesis des Cyberspace Das Internet, ein weltweites Netzwerk aus Rechnern und Übertragungswegen der unterschiedlichsten Hersteller, bekommt seit ungefähr drei Jahren erhöhte Aufmerksamkeit in den Medien. Aber eigentlich ist es viel älter: Das ARPANET, ein Vorläufer des heutigen Internet, entstand schon 1969. Damals begann man damit, die Rechzenzentren amerikanischer Forschungszentren miteinander zu vernetzen, um Hard- und Softwareressourcen verteilt nutzen zu können. Anfang der 1980er Jahre wurde das alte ARPANET in zwei Netze aufgeteilt, ARPANET und Milnet. Das Gesamtnetzwerk bekam zunächst den Namen DARPA Internet, der später durch Verkürzung zu \u0026ldquo;Dem Internet\u0026rdquo; wurde. In der Frühzeit des Internet war der Zugang zu diesem Netz auf militärische Nutzung, Forschung und Lehre beschränkt und kommerzielle Nutzung war verboten.\nTrotz dieser Einschränkungen war Internet ein größerer Erfolg als geplant und vorausgesehen. Weitere Netze, die zum Teil unabhängig vom DARPA Internet entstanden und meistens zu Forschungszwecken dienten, schlossen sich über mehr oder weniger indirekte Methoden an das Internet an. Um den Bedarf nach akademischer Kommunikation zu kanalisieren und besser decken zu können, entstand in den USA 1986 das National Sciene Foundation Network (NSFNET), das bis 1990 das ARPANET als Forschungsnetzwerk ersetzte. Zugleich begann das Internet auch immer mehr, über die nationalen Grenzen der USA hinauszuwachsen und sich schließlich weltweit auszudehnen.\nIn 1992 rückte das Internet wieder in das Rampenlicht, diesmal als Bestandteil der \u0026ldquo;National Information Infrastructure\u0026rdquo; im Rahmen des Wahlkampfes von Bill Clinton und Al Gore. Dies war zugleich der Beginn der Öffnung des Internet, die es ermöglicht, das Netz auch zu anderen als Forschungszwecken zu nutzen. Heute, drei Jahre später, wird das Netz durch die unterschiedlichsten Firmen bereits auf vielfältige Weise genutzt, auch wenn die meisten Formen dieser Nutzung noch experimentell sind.\nWarum ist das Internet so erfolgreich? Rechnernetze gibt es viele und zu den unterschiedlichsten Zwecken. So sind die Rechner in den meisten Büros über ein Ethernet-Kabel miteinander verbunden, Außenstellen kommunizieren mit der Zentrale über Datex-P oder Datex-J und wir selbst nutzen Telefonnetze weltweit, um miteinander zu reden oder Dokumente zu faxen. Gegen Ende des zwanzigsten Jahrhunderts ist es kein Problem mehr, irgendwelche Geräte miteinander zu vernetzen, denn wir haben buchstäblich Dutzende Methoden, um das zu tun.\nUnd sie sind alle unterschiedlich.\nDas Internet basiert auf der Idee eines Meta-Netzwerkes. Es dient nicht dazu, Rechner miteinander zu vernetzen. Es gibt keine Internet-Steckkarten, keine Internet-Netzwerkkabel und keine Internet-Anschlüsse. Stattdessen verwendet Internet immer vorhandene Netzwerktechniken, um vorhandene Rechnernetze untereinander zu vernetzen.\nEs setzt voraus, daß schon irgendeine Form von nutzbarem Anschluß vorhanden ist und benutzt diesen dann, um ein lokales Netz in das weltumspannende Geflecht des Internet einzugliedern. Und da alle Hardware schon vorhanden ist, wird lediglich Software gebraucht, um diese Hardware die Sprache des Internet, das Internetwork Protocol (IP), zu lehren.\nDa das Internet die unterschiedlichsten Netzwerke als Träger benutzen kann, wird im Internetwork Protocol ein großer Aufwand getrieben, die Unterschiede zwischen diesen Netzen für die Software und den Anwender, der sie letztendlich verwenden soll, zu verwischen. Als Internet-Anwender merkt man nichts davon, daß eine Netzwerkverbindung über ein halbes Dutzend unterschiedliche Netzwerke mit unterschiedlichen Eigenschaften geleitet wird. Jedes dieser Netzwerke hat seine ganz besonderen Eigenheiten wie besondere Formen der Adressierung, eine andere maximale Größe für Datenpakete oder eine andere Art, den Weg eines Datenpaketes durch das Netz festzulegen. Der Anwender braucht sich mit solchen Dingen nicht zu befassen, IP kümmert sich darum. So entsteht eine neue Abstraktionsebene: Weg vom konkreten Kabel, hin zu einer Netzwerkwolke, in der jeder mit jedem direkt Verbindung aufnehmen kann, wenn er möchte.\nEine andere Idee ist beim Internet ebenfalls neu: Bisher waren Rechnernetze immer so aufgebaut, daß man ein durchgehendes Kabel von einem Startrechner zum Zielrechner haben mußte. Internet führt in der Rechnerwelt das Prinzip des Individualverkehrs ein: Zwar existieren zwischen vielen Orten Netzwerkverbindungen wie Straßen in der wirklichen Welt, aber genau wie in der wirklichen Welt ist nicht jeder Ort mit jedem anderen direkt verbunden.\nDaten werden jetzt nicht als ein durchgehender Datenstrom auf die Reise geschickt, sondern in kleinen Paketen, die dann wie Autos auf richtigen Straßen ihren Weg zum Ziel finden müssen. Und so wie jedes Auto seinen Weg unabhängig von den anderen Fahrzeugen vor und hinter ihm findet, so läuft auch jedes Datenpaket im Internet auf seinem eigenen Weg unabhängig von den anderen Datenpaketen. Eine bestimmte Datenverbindung kann dabei, wenn sie im Netz günstig liegt, von Datenpaketen mit den unterschiedlichsten Zielen gemeinsam genutzt werden. Das Bild von der Datenautobahn trägt hier viel weiter, als man auf den ersten Blick vermuten würde.\nVom Verhalten im Datenverkehr Das Internet ist ein Netzwerk mit Geschichte. Es ist - von den allerersten Anfängen an gerechnet - über 25 Jahre alt. Im Verständnis von Informatikern wird ein solcher Zeitraum ähnlich betrachtet, wie bei normalen Menschen die frühe Kreidezeit. Den größten Teil dieser Zeit haben dabei Menschen mit akademischem Hintergrund das Netz und die Umgangsformen im Netz geprägt.\nDie ursprünglichen Nutzer des Internet waren die Forscher, die das Netz gebaut haben. Sie haben es gebaut, um besser verstehen zu können, wie große Netzwerke von Computern funktionieren, die aus vielen Komponenten sehr unterschiedlicher Hersteller funktionieren. Man wollte untersuchen, wie sich Rechnernetze verhalten, wenn ihnen Überlastung, Störungen und die anderen, täglichen kleinen Problemchen den Betrieb beeinflussen. Doch aus dem reinen Forschungsgegenstand wurde für diese Menschen und die anderen in ihrem Umfeld schon bald ein unverzichtbares Mittel für ihre Arbeit und auch eine Methode, ihre Arbeit zu publizieren.\nVor diesem Hintergrund sind auch die Gebräuche und Kulturen im Internet entstanden. Ein wichtiger Gedanke ist zum Beispiel der Gedanke der Gegenseitigkeit: Für viele Benutzer sind die Dienste des Netzes und die Menschen, die ihnen dort draußen geholfen haben, ohne daß sie sich jemals begegnet sind, ein wichtiger Bestandteil ihrer Arbeit oder sogar ihrer Freizeit gewesen. Es ist üblich, sich bei \u0026ldquo;dem Netz\u0026rdquo; für die erhaltene Hilfe zu bedanken. Dieses Dankeschön besteht normalerweise darin, daß man irgendetwas für das Netz tut, zum Beispiel ein eigenes Programm zum Kopieren freigibt, einen Hilfetext schreibt oder ein anderes Angebot macht, das das Netz zu einem besseren und interessanteren Platz macht. Es kommt nicht darauf an, daß erhaltene Hilfe und Dankeschön in irgendeinem Verhältnis stehen oder etwas miteinander zu tun haben, sondern es kommt nur darauf an, irgendetwas zu tun. Dadurch, daß dies jeder tut, der Nutzen von der Gemeinschaft des Netzes hat, wird das Netz einfach wertvoller für alle.\nDieser Gedanke der Gegenseitigkeit und der Gemeinsamkeit zieht sich durch alle Ebenen des Netzes: Auf den unteren Ebenen des Netzes hilft man sich, indem man gegenseitig IP-Päckchen oder E-Mail weiterleitet, auf den höheren Ebenen der Interaktion stellt man die Ergebnisse seiner Arbeit zur Verfügung oder macht Hilfsprogramme und Werkzeuge verfügbar, die man im Laufe der Zeit entwickelt hat.\nEbenso tief verwurzelt ist die Idee der Rücksichtnahme: Jemand, der sich mit der Entwicklung von Netzwerktechniken beschäftigt, hat eine gute Vorstellung von dem Aufwand, den das Senden einer Mail oder das Laden eines großen Programmpaketes für alle beteiligten Komponenten des Netzes bedeutet. Er wird versuchen, durch sein Verhalten die Netzlast zu verringern: Er wird versuchen, ein benötigtes Programmpaket erst auf einem deutschen Server bekommen, bevor er einen aufwendigen USA-Transfer anstößt oder er wird fragen, ob der Empfänger eine bestimmtes größeres Dokument haben möchte (und in welchem Datenformat), anstatt es unaufgefordert zu versenden.\nUnd der dritte grundlegende Gedanke ist der der Freiheit von Information: Jeder darf im Netz alles anbieten. Diese Idee schlägt sich schon im Design der Diskussionsforen oder gar des Netzes selber nieder. Es gibt im Internet keine zentrale Netzwerkkoordination, die regulierend eingreifen kann und es gibt in den Diskussionsforen des USENET keinen Redakteur, der Veröffentlichungen in irgendeiner Form bewerten oder selektieren würde. Trotzdem herrschen im Netz keine chaotischen Zustände: Probleme werden durch die Erzeugung von sozialem Druck und durch die Vermittlung von Wissen um die Konsequenzen des eigenen Handelns gelöst, anstatt eine übergeordnete Kontrollinstanz zu bemühen.\nJemand, der zum Beispiel im Netz wiederholt defekte oder themenfremde Artikel in bestimmten Diskussionsgruppen im USENET veröffentlicht und dadurch den normalen Betrieb stört, wird von den anderen Diskussionsteilnehmern normalerweise durch eine private Nachricht darauf hingewiesen und ihm wird korrektes Verhalten erklärt oder ihm werden passendere Diskussionsgruppen empfohlen. Das ist einerseits konstruktives Verhalten, indem Alternativen vorgeschlagen werden, andererseits aber auch eine Strafe. Denn in einer Diskussionsgruppe, in der man vielen tausend Teilnehmern auf die Nerven fallen kann, kann schon die Verarbeitung der entsprechend vielen Ermahnung, die man bekommt, ein technisches Problem darstellen. Wer aufgrund seines unerwünschten Verhaltens auffällt, bekommt bald so viele hunderte oder tausende Nachrichten, daß er kaum noch Netzkapazität übrig hat, um zu stören.\nNatürlich ist es nicht praktikabel, die akzeptablen Normen des Verhaltens jedesmal neu auszuhandeln. Daher hat man sich im Netz schon bald auf einen kleinsten gemeinsamen Nenner guten Verhaltens geeinigt und diesen in einem Text niedergelegt. Dieser Text, die \u0026ldquo;Network Etiquette\u0026rdquo; oder \u0026ldquo;Netiquette\u0026rdquo;, sagt eigentlich nichts besonderes aus: Jeder mit einem Funken gesundem Menschenverstand und ein wenig Wissen um die technischen Möglichkeiten und Zusammenhänge kann diese Regeln als vernünftig einsehen. Oder doch wenigstens einsehen, daß man für gewisse Dinge einfach irgendeine einheitliche Regel haben muß und daß man sich nun eben auf genau diese geeinigt hat. Insofern ist das USENET ein wunderbares Beispiel für die hypothetische Urgesellschaft, die die Philosophen immer so gerne bemühen, wenn sie den \u0026ldquo;Gesellschaftsvertrag\u0026rdquo; erklären wollen: Im Netz hat man sich in genau dieser Situation befunden und dieses Modell einmal durchgezogen.\nEs gibt keine Exekutive im Netz, die die Einhaltung der Netiquette in irgendeiner Form überwachen würde und es gibt auch keine Legislative, die genau bemessene Strafen für Verstöße festsetzt. Jeder kann sich nach Belieben danebenbenehmen und ohne Strafe davonkommen, wenn er sein Verhalten vor dem Rest der Meute rechtfertigen kann und sein Verhalten in diesem speziellen Fall als tolerierbar angesehen wird. Auf der anderen Seite kann man aber auch schon für geringe Auffälligkeiten böse Briefe oder Massenmails bekommen, wenn man im Umgang mit seinem Publikum ungeschickt ist oder einfach seinen bösen Willen demonstriert. Trotzdem funktioniert dieses System im großen und ganzen nicht wesentlich besser oder schlechter, als das was offiziell in der Wirklichen Welt in Betrieb.\nWas kann das Internet? Als das Internet vornehmlich als Medium für akademische Kommunikation genutzt wurde, kam es nicht sehr darauf an, daß die Dienste mit einer hübschen oder leicht erlernbaren Oberfläche zur Verfügung gestellt wurden. Aus dieser Zeit stammen die meistens per Kommandozeile bedienbaren Programme, die die Basisdienste des Internet liefern. Diese Basisdienste sind Mail, das Versenden von elektronischen Briefen, News, das Versenden von öffentlichen Artikeln und FTP, die Übertragung und Veröffentlichung von Programmen und anderen Dateien.\nMittels elektronischer Post ist es möglich, Briefe oder längere Texte an einen Gesprächspartner zu versenden, der irgendwo anders im Netz angeschlossen ist. Die Zustellung der Mail erfolgt dabei, soweit technisch möglich, sofort. Ursprünglich war es dabei nur möglich, reine ASCII-Texte ohne besondere Formatierungen, Zeichensätze oder Bilder zu versenden - sogar das Verschicken von Nachrichten mit Umlauten funktionierte in der Regel nicht. Deswegen mußte man Programmdateien oder Dokumente aus Textverarbeitungen oder anderen Programmen vor dem Versand erst in eine spezielle Textform umcodieren. In dieser Form nimmt eine solche Datei zwar mehr Platz ein als vorher, enthält aber lediglich Zeichen, die auch in normalen Texte vorkommen. Auf diese Weise konnte die Datei auch per Mail verschickt werden. Der Empfänger mußte die empfangene Nachricht dann abspeichern und mit einem passenden Decodierprogramm wieder in eine Datei verwandeln.\nModerne Programme zur Handhabung von elektronic mail verwenden ein erweitertes Verfahren zum Verschicken von Nachrichten - MIME. Die Abkürzung steht für Multipurpose (oder Multimedia) Internet Mail Enhancements, also für multimediale Nachrichten. Wenn sowohl der Absender der Nachricht als auch der Empfänger Programme verwenden, die den MIME-Standard beherrschen, lassen sich aus unterschiedlichen Zeichensätzen, Bildern und Dateien zusammengesetzte Nachrichten verschicken, ohne daß man den umständlichen Weg der Codierung gehen muß. Zwar werden die Nachrichten noch immer für die Übermittlung in ein spezielles Format umgewandelt, aber dies geschicht automatisch und ohne daß Sender oder Empfänger etwas davon merken. Die folgende Abbildung zeigt eine solche Nachricht.\nMIME-fähiges Mailprogramm unter Nextstep. Die gezeigte Nachricht enthält beigefügt das dritte Kapitel eines Buches und eine Sounddatei, die beide als Icon dargestellt werden können. Die Dateien können durch Mausklick geöffnet werden oder mit der Maus in einen Ordner auf der Festplatte fallengelassen werden.\nViele Personen erreichen: Listen und Diskussionsgruppen Mails müssen nicht an einen einzelnen Empfänger zugestellt werden. Es ist möglich, Verteiler einzurichten und so eine Mail an einen ganzen Empfängerkreis zuzustellen. Oft kommt es vor, daß jemand auf seinem Rechner einen Verteiler von Personen mit gemeinsamen Interessen einrichtet und diesen dann für die allgemeine Benutzung freigibt. Eine Nachricht an einen solchen Verteiler geht dann an alle auf dem Verteiler eingeschriebenen Personen - die auf diese Nachricht dann wiederum mit einer Kopie an den Verteiler antworten.\nIm Internet nennt man so einen Verteiler eine Mailing-List. Oft wird er gar nicht von einer Person manuell gewartet, sondern von einem Roboter gewartet, der natürlich ebenfalls per Mail erreichbar ist. Wenn man auf eine solche Mailing-List gesetzt werden möchte, sendet man eine Mail mit einem speziellen Kommando im Nachrichtentext (\u0026ldquo;subscribe\u0026rdquo; für \u0026ldquo;bestellen\u0026rdquo;) an diesen Roboter, woraufhin dieser einen in den Listenverteiler aufnimmt und einem auch gleich die Anleitungen und Hilfstexte für diese spezielle Liste zustellt. Solche Roboter haben meistens noch weitere Funktionen. Immer vorhanden ist ein Kommando zum Abbestellen der Liste und zum Anfordern von Hilfstexten. Weitere Kommandos, die bei fast allen automatischen Listen vorhanden sind, dienen zur Abfrage eines Archivs vorangegangener Nachrichten und um festzustellen, welche anderen Teilnehmer auf der Liste eingeschrieben sind. Einige sehr hoch entwickelte Listenroboter bieten zudem die Möglichkeit, sich die Nachrichten der Liste nicht sofort einzeln zusenden zu lassen, sondern einmal pro Tag eine Zusammenfassung (\u0026ldquo;Digest\u0026rdquo; genannt) zu bekommen. Für jemanden, der die Diskussionen dort eher lesend verfolgen möchte, ist dies die bequemere Möglichkeit.\nUm an einer Mailing-List teilzunehmen, muß man selbst aktiv werden, d.h. eine Bestellung an den richtigen Wartungsroboter senden. Die Themen einer Liste sind meistens sehr genau definiert und relativ speziell. Außerdem fungiert derjenige Mensch, der die Liste ins Leben gerufen hat, meistens auch als Moderator der Diskussion. Das führt dazu, daß das Niveau der Diskussion auf einer solchen Liste in der Regel sehr hoch ist, während der Verkehr auf der Liste sich einigermaßen im Rahmen hält. Die Größe des Leserkreises einer Mailing-List kann sehr unterschiedlich sein: Manche Listen haben nur ein knappes halbes Dutzend Leser, andere haben weit über tausend eingeschriebene Empfänger. Ebenso variabel ist die Anzahl der Nachrichten, die man auf der Liste erwarten kann: Manche Listen sind über Monate hinweg tot und man hat schon vergessen, daß man sich dort auf den Verteiler hat setzen lassen. Andere Listen dagegen produzieren so viele Nachrichten, daß man sich ein spezielles Filterwerkzeug für den Posteingang wünscht, um diese Nachrichten automatisch in ein gesondertes Eingangsfach umsortieren zu lassen (Selbstverständlich gibt es solche Werkzeuge in Massen).\nDie logische Weiterentwicklung von Mailing-Lists sind die USENET News. Die News sind ein System von vielen tausend, thematisch gegliederten und öffentlichen Diskussionsforen, in denen jeder Benutzer Nachrichten veröffentlichen kann, wenn er möchte. Anders als bei Mailinglisten sind Nachrichten in den News nicht an einen bestimmten Empfänger oder Verteiler gerichtet, sondern werden wie ein Leserbrief in einer Zeitung ungerichtet verteilt. Jeder, der die entsprechende Diskussionsgruppe anbestellt hat, kann die Nachricht lesen und darauf antworten. Die Antwort erfolgt entweder privat in einer Mail an den ursprünglichen Ersteller der Nachricht oder öffentlich in der Diskussionsgruppe, damit weitere Leser dazu Stellung nehmen können, wenn sie es wünschen. Tatsächlich kann man sich USENET News vorstellen wie eine Zeitung, die nur aus Leserbriefen besteht und die keinen Redakteur hat, der daraus eine Auswahl trifft - alles wird veröffentlicht.\nDie Informationsflut: Kampf gegen das \u0026ldquo;Rauschen\u0026rdquo; des Netzes Alles wird veröffentlicht - das bedeutet auch, daß man in den News in jeder Diskussionsgruppe mit einem gewissen \u0026ldquo;Rauschen\u0026rdquo; leben muß kann. Zwar sind die Gruppen thematisch untergliedert und der Name der Gruppe gibt auch Hinweise, worum es in dieser Diskussionsgruppe geht, aber trotzdem wird man in jeder Gruppe Texte finden, die dort nicht hingehören oder die einfach nicht interessant sind. Die Programme, die zum Lesen der News verwendet werden, müssen darauf Rücksicht nehmen: Sie müssen dem Leser Möglichkeiten geben, schnell und zielsicher diejenigen Artikel aus der Masse des Angebotes zu fischen, die ihn interessieren, ohne daß er mit für ihn nicht weiter interessanten Nachrichten Zeit verschwendet.\nNews sind wesentlich öffentlicher als Mailing-Lists: Die Leserschaft großer Gruppen rechnet sich nicht in Hunderten oder Tausenden, sondern bei den populären Gruppen bis knapp in den Millionenbereich. Ebenso ist in beliebten Gruppen das Nachrichtenaufkommen viel höher als in Mailing-Listen: Die am stärksten benutzte Gruppe des USENET hat im Juli 1995 23601 Artikel an ihre Leser befördert. Das sind 760 Nachrichten pro Tag! Nun ist besagte Gruppe, eine Tauschbörse für Sammelkarten und -bildchen, ein Extremfall und nicht einmal für andere belebte Gruppen repräsentativ. In normalen Diskussionsgruppen kann man mit 30 bis 150 Artikeln am Tag rechnen.\nTrotzdem zeigt sich hier: Im Internet ist es nicht das Problem, an die gewünschten Informationen zu kommen, sondern ungewünschte Informationen nicht zu bekommen. Mit der Kommerzialisierung des Internet und der extremen Zunahme der Benutzerzahlen wird dies mehr als deutlich: In allen 8000 Gruppen des USENET beobachtet man seit einiger Zeit eine deutliche Zunahme von Artikeln, die parallel in sehr vielen Diskussionsforen veröffentlich werden und die in keinem dieser Foren eigentlich einen Platz haben. Eine solche Massenveröffentlichung hat im englischen USENET den passenden Namen \u0026ldquo;Spam\u0026rdquo; (\u0026ldquo;Sülze\u0026rdquo; wie in \u0026ldquo;jemanden zusülzen\u0026rdquo;) bekommen. Die Leserschaft im Netz beginnt erst jetzt damit, darauf zu reagieren und eine Art Bürgerwehr einzurichten (\u0026ldquo;public spam control\u0026rdquo;), deren Aufgabe es ist, solche Artikel zu löschen und die Gruppen so benutzbar zu halten.\nAber \u0026ldquo;spam\u0026rdquo; ist nur eines der Probleme von News und noch dazu eines, das technisch halbwegs in den Griff zu bekommen ist. Eine andere Art von typischen Artikeln erschwert das Lesen der News zusätzlich: Das Netz wächst zur Zeit so stark, daß täglich viele tausende Benutzer neu in das Netz kommen. Sie kennen die technischen Möglichkeiten des Netzes nicht und sie kennen die Regeln des Zusammenlebens im Netz nicht, die einen bestimmten Einsatz dieser Technik vorschreiben. Besonders auffällig in diesem Zusammenhang sind Online-Dienste wie America Online (AOL), Prodigy und Compuserve, die zum Teil Millionen Benutzer auf einmal mit unzureichender Ausbildung auf das Internet und die USENET-Diskussionsgruppen losgelassen haben.\nSo scheint den AOL-Mitgliedern zum Beispiel der Unterschied zwischen öffentlicher Antwort und privater Mail nicht geläufig zu sein: Wann immer jemand im Netz Daten zur Abholung anbietet, zieht sich hinter dieser Ankündigung ein Ratten-, nein Lemmingschwanz von zwei oder drei Dutzend Artikeln hinterher. Alle tragen die Absenderadresse von America Online und bestehen aus einer kompletten Wiederholung des Originaltextes, unter den fein saeuberlich die Worte \u0026ldquo;ME TOO\u0026rdquo; gesetzt worden sind. Eine derartige Reaktion ist inzwischen so typisch fuer AOL-Benutzer, daß ganze Witzsammlungen darüber existieren.\nDas alles sind typische Probleme für ein Medium, dessen Teilnehmerzahl sich regulär in den letzten sechs Jahren alle neun Monate verdoppelt hat und das in Schüben (nämlich immer dann, wenn ein weiterer Online-Dienst mit einer knappen Million Benutzern und mehr sich auf das Internet schaltet) noch wesentlich schneller wächst. Wie kann man es schaffen, solche Massen von neuen Anwendern im Netz auszubilden und ihnen die Besonderheiten und Umgangsformen des Netzes beizubringen? Und das möglichst noch, ohne den normalen, produktiven Betrieb zu stören?\nHäufig gestellte Fragen Ein Mittel zur Ausbildung sind die Listen mit häufig gestellten Fragen. Die Teilnehmer an einer Newsgroup - egal welcher - beobachten im Laufe der Zeit unweigerlich, daß gewisse Fragen zu einem Thema immer wieder erneut auftauchen. Meisten sind dies auch noch Fragen, bei denen bei vielen Diskussionsteilnehmern ein gesundes Halbwissen besteht, sodaß dieselbe Diskussion alle halbe Jahr erneut losbricht. Um diese Wiederholungen zu vermeiden und wenigstens für einen etwas geregelten Diskussionsablauf in einer Newsgroup zu sorgen, erarbeiten sich die Teilnehmer der Newsgroup aus Notwehr meistens einen Katalog der \u0026ldquo;frequently asked questions\u0026rdquo; (abgekürzt: FAQ), der häufig gestellten Fragen und der Antworten dazu.\nDieser Text kann sehr unterschiedlich in der Länge und im Gehalt sein, aber meistens kommen durch die versammelte Wissensmenge einer Diskussionsgruppe und die anhaltende Verbesserung dieses Textes wirklich unentbehrliche Sammlungen zustande. Eine solche FAQ beschäftigt sich vor allen Dingen mit den praktischen Aspekten eines Themas und enthält meistens auch noch sehr komplette Sammlungen von Verweisen auf weitere Quellen. Wenn in der Diskussionsgruppe besondere Regeln gelten oder sich gar eine besondere Subkultur oder ein Slang entwickelt haben, wird dies in der FAQ ebenfalls dokumentiert. Solche Texte werden dann periodisch, meistens einmal im Monat, überarbeitet und dann in der entsprechenden Diskussionsgruppe veröffentlicht, um Neulinge auf den aktuellen Wissensstand der Gruppe zu bringen und sie mit den Besonderheiten der Gruppe vertraut zu machen.\nAußerdem geht von jedem dieser Texte eine Kopie in die Gruppe mit dem Namen news.answers. In dieser Gruppe findet keine Diskussion statt. Stattdessen handelt es sich um einen Kanal, der alle FAQ-Texte, die im USENET veröffentlicht werden, bündelt und zur Archivierung bereitstellt. Wie man sich leicht vorstellen kann, kommen dabei gewaltige Datenmengen zusammen. Diese werden zum einen in öffentlich zugänglichen Archiven verfügbar gemacht (wie man da herankommt, steht selbstverständlich in einer FAQ\u0026hellip;) oder auf vielen Internet CD-ROMs zusammen mit den Programmen zum Internet-Zugriff verbreitet.\nLeider hilft das Bereitstellen von Lesestoff im Zeitalter des Fernsehens und der graphischen Benutzeroberflächen nur noch begrenzt. Und so kommt es, daß man im USENET immer häufiger Dialoge der Form \u0026ldquo;Wie kann ich \u0026hellip;?\u0026rdquo; \u0026ldquo;RTFM! RTFFAQ!\u0026rdquo; beobachten kann.\nZwar sind News und Mail die optisch weniger ansprechenden Dienste des Internet, aber sie sind für den erfahrenen Netzanwender immer noch das primäre Mittel der Kommunikation, denn hier findet er nicht vorgefertigte Texte und Seiten zum Anklicken, sondern wirkliche Gesprächpartner mit ähnlichen Interessen und Problemen wie er selbst. Diese können ihm helfen, die Fragen und Probleme zu klären, die er bei seiner täglichen Arbeit hat - und das müssen beileibe keine Probleme sein, die mit Computern oder Technik zu tun haben.\nPolydirektionalität: Verschwörung der Verbraucher? Aber News und Mail als textbasierte Anwendungen sind nicht das Mittel, mit dem man kommerzielles Interesse am Netz weckt. Etwas, das das teuer von einer Werbeagentur eingekaufte Firmenlogo nicht darstellen kann und keine Hochglanzprospektabbildungen von Firmenprodukten zum Kunden schaffen kann, ist für eine Firma nicht brauchbar. Dazu kommt noch ein anderer Nachteil von News und Mail, der Firmen abschreckt: Firmen haben ein Interesse daran, mit ihren Kunden zu reden. Gute Firmen haben auch ein Interesse daran, daß Kunden mit ihnen reden können. Aber kaum eine Firma hat Interesse daran, daß Kunden ein Medium haben, untereinander über die Firma zu reden. Aber genau das ist in den Newsgroups oder Mailinglisten der Fall. Hier bildet sich eine Öffentlichkeit über eine Firma und deren Produkte, die sehr zahlreich und überregional ausgedehnt sein kann, die die Firma aber nicht direkt kontrollieren kann. Ein solches Medium nennt man polydirektional, weil hier eine Kommunikation zwischen vielen stattfinden kann. Der Umgang mit solchen polydirektionalen Medien ist für jemanden, der hier bestimmte Interessen verfolgt, sehr viel schwieriger als ein einer stärker kontrollierten Umgebung.\nEin sehr schönes Beispiel für die Probleme, die sich aus der Polydirektionalität für eine Firma ergeben können, stellt der sogenannte Pentium-FDIV-Fehler dar: Hier hatte sich eine solche unerwünschte Öffentlichkeit gebildet, als der berühmte Divisionsfehler im FDIV-Befehl des Pentium-Chips der Firma Intel entdeckt wurde. Die Mathematiker und Informatiker, die neue Erkenntnisse über den Fehler und seine Auswirkungen herausfanden, veröffentlichten Ihre Entdeckungen in den USENET News. Dort kam es auch sofort zu Diskussionen von besorgten Anwendern, die ihren defekten Pentium-Prozessor von Intel kostenlos getauscht haben wollten. Intel selbst weigerte sich und behauptete, der Fehler sei für die Mehrzahl der Anwender überhaupt nicht spürbar und ein Austausch sei deswegen nicht notwendig. Die Anwender schlossen sich aufgrund dieser Firmenpolitik im Netz zu einer Interessengemeinschaft zusammen und forderten gemeinschaftlich kostenlosen Austausch. Intel wurde letztendlich durch den im USENET erzeugten Druck dazu gezwungen, eine solche kostenlose Umtauschaktion einzuleiten. Die Pentium-Affäre hat aber noch andere, weiter reichende Auswirkungen auf die Firmenpolitik gehabt: Intel verfolgt inzwischen eine viel offenere Politik im Umgang mit Fehlern in ihren Prozessoren, in der Hoffnung, daß ein Kunde, der schon vorher weiß, welche Fehler das Produkt hat, sich nicht mehr beschweren kann. Im Nachhinein betrachtet fahren Firma und Kunden mit der neuen Politik viel besser als mit der alten, aber diese Lektion zu lernen war für die Firma Intel ein sehr schmerzhafter und nicht ganz billiger Prozeß.\nWWW: WeltWeite Werbung? Für das durchschnittliche Managment einer Firma ist ein polydirektionales Medium also nicht das, was wirklich gewünscht wird. Man möchte stattdessen lieber eine bidirektionale Kommunikation haben: Der Kunde soll jederzeit Produktinformationen über die Firma bekommen können und der Kunde soll sich Rat und Hilfe suchend an den Support der Firma wenden, anstatt sich in irgendwelchen Interessengruppen herumzutreiben. News und Mail leisten dies nicht. Etwas Neues mußte her und dieses Neue wurde mehr aus Zufall geschaffen. Physiker wollten eine Methode haben, ihre Forschungsinformationen im Netz der Netzgemeinde zu präsentieren. Da Zahlenreihen von Meßdaten aber von den meisten Leuten als ästhetisch unbefriedigend angesehen werden, muße eine Methode gefunden werden, Text und Graphik zu integrieren und mit einer ansprechenden Benutzungsoberfläche zu versehen. Es entstand das World Wide Web.\nWie alle genialen Ideen besteht auch WWW im Prinzip sehr einfachen Zutaten: Da ist zum einen eine einfache Seitenbeschreibungssprache, die es mit einem Mal erlaubt, nicht nur einfachen ASCII-Text zu übertragen, sondern auch die optisch ansprechende Gestaltung von Texten und sogar die Einbindung von Bildern, Tönen und Animationen zuläßt. Statt durch trockene und gleichförmige Zeichenströme eingeengt zu sein, hat der Autor eines Dokumentes nun auf einmal die Möglichkeit, seine Aussage mit allen Mitteln modernen Designs aufzubereiten. Dazu hat man einen Mechanismus geschaffen, der es erlaubt auf andere Texte, Dateien und Bilder zu verweisen. Ein Dokument steht nicht mehr alleine, sondern ist in einen Kontext eingebunden, der noch dazu mit einem einfachen Mausklick abgefragt werden. kann. Auf diese Weise werden alle diese Dokumente zu einem großen Netz, eben dem Web, zusammengebunden. Der Schlüssel zum Netz war für den Anwender aber schließlich die Idee, die Nutzung des World Wide Web und der klassischen Internet-Dienste in einem einzigen Programm, dem Browser, zusammenzufassen und diesen mit einer graphischen Benutzungsoberfläche auszustatten. Statt einer ganzen Horde kommandozeilengeprägter Werkzeuge aus der Computer-Steinzeit ist nur noch ein einziges Programm zu erlernen, das noch dazu über eine zeitgemäße graphische Benutzerführung und Onlinehilfe verfügt.\nDie folgende Abbildung zeigt, wie der Abruf einer Informationsseite im Web abläuft: Das Browserprogramm läuft auf dem Rechner des Internet-Benutzers. Dieser äußert durch Mausklicks oder mit der Tastatur seine Wünsche, die vom Browser in eine Serveranfrage übersetzt werden. Über das Internet erreicht die Anfrage einen von vielen Servern im Netz. Der Server liefert auf Grund der Anfrage entweder einen vorbereiteten Text oder er reicht die Anfrage an ein Datenbankprogramm weiter, das auf Grund dieser Anfrage dynamisch ein Antwortdokument erzeugt. In jedem Fall wird die Anwort über das Internet wieder zum Browser zurückgesendet, der sie dem Benutzer graphisch aufbereitet darstellt. In der Abbildung erkennt man, wie aus der ungelenken Seitenbeschreibung, die der Server verwaltet, durch den Browser eine ansprechend aussehende Seite erzeugt wird.\nDer Serverrechner stellt mit dem Programm httpd Daten im Netz bereit. Diese Daten liegen entweder als vorbereitete Dateien auf der Festplatte oder werden als Antwort auf eine Anfrage aus einer Datenbank berechnet. Die Darstellung der Daten übernimmt das Clientprogramm netscape. Es wandelt die Steueranweisungen der Seitenbeschreibungssprache HTML (links) in graphische Attribute und Querverbindungen (rechts) um.\nDas WWW ist ein bidirektionales Medium: Der Abrufer einer Seite hat die Möglichkeit, sich die Seite anzusehen und - falls der Seitendesigner das vorgesehen hat - an jemanden privat zu antworten. Es ist möglich von einer eigenen Seite aus auf eine fremde Seite zu verweisen, aber es ist nicht möglich, eine fremde Seite um eigene Anmerkungen zu erweitern. Diese letzte Eigenschaft, die aus dem Web ein polydirektionales Medium machen würde, wenn sie vorhanden wäre, ist entscheidend für die kommerzielle Akzeptanz des Mediums: \u0026ldquo;Polydirektionaltät macht keinen Umsatz\u0026rdquo;.\nWer sich mit Netzwerken beschäftigt, dem wird dieses Konzept nicht ganz neu vorkommen. Immerhin versucht die Telekom, vormals Bundespost, schon seit Jahren etwas ganz ähnliches mit BTX zu etablieren. Während BTX aber trotz ähnlich bunter Oberflächen nicht so recht aus den Startlöchern kommen wollte, hat das Internet keine Schwierigkeiten damit, seine Teilnehmerzahlen wieder und wieder zu verdoppeln.\nWarum ist das World Wide Web für Anwender und Anbieter ein interessanterer Dienst?\nEin sehr wichtiger Unterschied zwischen BTX und dem Internet ist, daß das Internet ein weltweites Netz ist, während BTX ein rein deutsches Netz darstellt, das nur wenige Übergänge zu anderen, ebenfalls nationalen Netzen hat. Ein Problem aller Computernetze ist besonders in der Anfangsphase, daß man bereits Nutzer haben muß, um neue Anbieter werben zu können und daß man bereits interessante Anbieter haben muß, um neue Nutzer für den Dienst interessieren zu können. Im Gegensatz zu BTX hat das Internet dieses Problem von vornherein nicht gehabt, weil die akademische Nutzerschicht einen Basispool von Nutzern als auch eine reiche von experimentellen, interessanten Anwendungen zur Verfügung gestellt hat.\nHinzukommt, daß es für jemanden, der Information bereitstellen möchte, in BTX ein sehr großer Schritt vom Anwender zum Anbieter ist. Seitenerstellung benötigt spezielle Werkzeuge, die gesondert gekauft werden müssen, wenn man seine Seiten nicht bei einer Agentur kommerziell erstellen lassen möchte. Im Internet dagegen genügt es im einfachsten Fall, einen simplen Texteditor zu verwenden, um ansprechende Seiten für das WWW erstellen zu können. Solches Arbeiten ist vielleicht unkomfortabel, aber immerhin kann man so ohne den geringsten Investitionsaufwand ausprobieren, ob und wie man Daten anbieten kann. Die Leichtigkeit des Einstiegs setzt sich später fort: Wenn man in BTX Seiten erstellt hat, muß man in BTX Anbieter werden. Wegen der starken Reglementierung von BTX ist dies administrativ und finanziell ein ziemlich aufwendiger Schritt. Im Internet dagegen bekommt man bei fast allen Internet-Anbietern mit seinem Zugang zum Internet auch einen gewissen Speicherplatz zur Verfügung gestellt, den man nutzen kann, wenn man eigene Daten anbieten möchte. Der Übergang vom reinen Nutzer zum Anbieter von Informationen ist im Internet als quasi nahtlos und damit viel leichter zu vollziehen.\nDas Internet ist von je her ein Netz gewesen, dessen Werkzeuge und Programme sich nahtlos die Welt der PCs und deren Anwendungen integrieren. Werkzeuge für die Entwicklung von Seiten im World Wide Web, für den Datentransfer und für den Zugriff auf Information sind in Preis, Bedienung und Ressourcenverbrauch einer solchen Umgebung angemessen. Im Unterschied dazu hat die (damals noch) Bundespost mit BTX zunächst auf einen zentralen Großrechner und einen Haufen dummer Endgeräte gesetzt. Gerade diese Endgeräte, die ihre Abstammung aus dem Bereich der Telefonentwicklung nicht verleugnen konnten, waren ein Hindernis für BTX: Damals übliche Heim-PCs konnten die recht hohen graphischen Anforderungen von BTX nicht vollständig und schon gar nicht schnell realisieren und die klobigen Bundespost-Terminals waren für den Privatgebrauch zu teuer und integrierten sich zum Ausgleich dafür überhaupt nicht in die PC-Umgebung eines Büros.\nDer Vergleich der deutschen Entwicklung BTX mit dessen scharfer Trennung zwischen Anwender/Konsument und Anbieter/Produzent und dem amerikanischen Internet mit dem fließenden Übergang zwischen beiden Formen der Netzteilnahme ist das Ergebnis stark unterschiedlicher Vorstellungen davon, wie die Netze von Morgen aussehen sollen: Das amerikanische Modell geht davon aus, daß eine günstige Infrastruktur von Datentransportwegen schon vorhanden ist oder wenigstens für wenig Geld schnell verfügbar gemacht werden kann. Das Schwergewicht der amerikanischen Netzdesigner liegt auf den Anwendungen, die geschaffen werden. Der Unterbau, schnelle Kabel und benötigte Eigenschaften der Netzwerkprotokolle, wird sich dann schon anpassen, wenn es notwendig ist. Auch lassen sich immer mehr Firmen in den USA auf das Abenteuer Polydirektionalität ein. Eine Firmenrepräsentation außerhalb der abgeschirmten Anzeigenwelt des WWW in einer wirklichen Diskussion mit den Kunden und der Kunden untereinander ist sicherlich nicht leicht zu kalkulieren, aber wenn sie gelingt, wird sie sicher positive Rückwirkungen auf die Struktur der Firma haben.\nIn Deutschland kommt die Debatte nicht so weit. Sie stoppt schon an der Diskussion um die nicht vorhandene Infrastruktur, den fehlenden, günstigen Datentransferdiensten. Zwar wäre die Technolgie zum Aufbau schneller Datennetze auch in Deutschland vorhanden, aber die vollkommen ungesunde Struktur des Telekommunikationswesens in Deutschland mit seinen künstlich hohen Preisen für Telekommunikationsdienstleistungen jeder Art schreckt vor allen Dingen die experimentierfreudigen, aber kapitalschwachen kleinen und mittleren Firmen ab. Diskutiert werden hauptsächlich medienwirksame Großprojekte, die sich um so aufregende Dinge wir interaktives Fernsehen oder Videoshopping drehen und die hauptsächlich als Ausrede für Beschaffung von Übertragungskapazität dienen. Kundeninteresse, das zeigen die bereits angelaufenen Pilotprojekte, ist bei diesen Dingen auf dem Markt der Heimanwender praktisch nicht vorhanden: Video on Demand gibt es bei Video Peter um die Ecke und interaktive TV-Romane kann man schon jetzt bei Nintendo kaufen. Und als kommerzielle Anwendung wird in jedem einzelnen Bericht über diese Pilotprojekte die vielbeschworene Telemedizin bemüht - andere Anwendungen scheinen auch den bemühtesten Werbetextern für diese Zukunft nicht einzufallen. Polydirektionalität, diese ganz entscheidende Eigenschaft des Internet, ist für ein deutsches Managment viel zu aufregend und unter allen Umständen zu vermeiden.\n","date":"1996-01-02T00:00:00Z","href":"https://blog.koehntopp.info/1996/01/02/was-ist-das-internet.html","tags":["lang_de","publication","internet"],"title":"Was ist das Internet?"},{"categories":null,"content":"aus \u0026ldquo;Die Netzrevolution - auf dem Weg in die Weltgesellschaft\u0026rdquo;, Rost (Hrsg.), 1996, Frankfurt/ Main: Eichborn-Verlag, 230 Seiten\nWer beherrscht das Internet? \u0026ldquo;Es gibt keine zentrale Koordination des Internet, die einzelnen Teilnehmern oder Teilnehmerorganisationen Weisungen erteilen kann oder bei der man sich über Fehlverhalten anderer beschweren kann.\u0026rdquo; So oder so ähnlich liest man es wahrscheinlich in jeder Einführung in die Besonderheiten des Internet an irgendeiner Stelle. Gibt es wirklich niemanden, der das Internet beherrscht? Ist das Internet eine totale Anarchie?\nDie Antwort lautet \u0026ldquo;Nein\u0026rdquo;. Die Begründung für das \u0026ldquo;Nein\u0026rdquo; ist ziemlich lang.\nBetrachtungsebenen Das Internet ist kein homogenes Netz. Stattdessen handelt es sich um ein Sammelsurium von anderen Netzwerken, auf denen Internet-Pakete verschickt werden. Diese einzelnen Trägernetze, auf denen das Internet aufsetzt, können natürlich stark unterschiedliche technische und administrative Bedingungen aufweisen. Und selbstverständlich können einzelne Teilnetze im Internet sehr wohl eine zentrale Koordination haben. Ein Beispiel macht das sehr gut deutlich:\nIch sitze daheim an meiner Next-Workstation, die über ein lokales Ethernet und einen ISDN-Router Verbindung zum deutschen EuNet hat. Wenn ich von Zuhause aus auf den WWW-Server http://www.pz-oekosys.uni-kiel.de zugreife, dauert es nur wenige Sekunden und die Startseite des Projektzentrums Ökosystemforschung wird auf meinem Bildschirm aufgebaut. Aber welcher Aufwand an technischer und administrativer Kooperation war dazu notwendig?\nNun, die erste Station für meine Internet-Datenpakete ist mein lokales Ethernet, das die verschiedenen Computer in meinem Haushalt miteinander verbindet. Selbstverständlich ist dies mein Netz und ich bestimme, welche Rechner dort angeschlossen werden und was auf diesen Netz gemacht wird. Meine IP-Pakete für das Projektzentrum werden dann von einem kleinen PC mit einer Ethernet- und einer ISDN-Steckkarte über Leitungen der Telekom zum Kieler Point of Presence des EuNet weitergeleitet. Die Telekom kann durch den Preis und die Verfügbarkeit dieser Leitungen die Dauer meiner Präsenz im Internet ziemlich regulieren. Auf den Inhalt der übertragenen Daten hat sie nach deutschem Recht zum Glück keinen Einfluß.\nMeine Datenpakete, die inzwischen beim EuNet-POP Kiel angekommen sind, werden nun über verschiedene Standleitungen innerhalb des EuNet, die auch alle bei der Telekom gemietet worden sind, bis zu einem Übergangspunkt ins deutsche Wissenschaftsnetz weitergegeben. Das Wissenschaftsnetz ist ein Datennetz, das vom \u0026ldquo;Verein zur Förderung eines deutschen Forschungsnetzes e.V.\u0026rdquo; (DFN-Verein) ins Leben gerufen worden ist und das praktisch alle größeren deutschen Forschungseinrichtungen verbindet. Zwar basiert es auf dem Datex-P Dienst der Telekom, aber es wird hauptsächlich verwendet, um Internet-Daten zu verschicken. Der DFN-Verein unterhält dazu eine ganze Reihe von Übergangspunkten aus dem Wissenschaftsnetz in andere Teilnetze des Internet.\nTeilnahme und Nutzung des Wissenschaftsnetzes werden vom DFN-Verein reglementiert: Kommerzieller Datentransfer auf dem Wissenschaftsnetz ist nicht gestattet. Transitverkehr ist ebenso untersagt, dabei versteht der DFN unter Transit den Transport von Daten aus einem Drittnetz durch das Wissenschaftsnetz in ein anderes Drittnetz. Das Wissenschaftsnetz soll nicht als Trägernetz für andere Netzwerke mißbraucht werden.\nÜber das Wissenschaftsnetz gelangen meine Datenpakete schließlich in das lokale Ethernet der Universität Kiel und letztendlich zum WWW-Server des Projektzentrums Ökosystemforschung. Dieses lokale Netzwerk der Universität wird durch das Rechenzentrum der Universität beziehungsweise durch die einzelnen Institute selbst betrieben. Auch diese Parteien stellen möglicherweise noch gewisse Ansprüche an die Art der Nutzung.\nWie man sehen kann, sind sogar an einem einfachen Datentransfer zwischen zwei Netzteilnehmern innerhalb derselben Stadt eine Vielzahl von Parteien beteiligt. Alle diese Leute haben unter Umständen sehr unterschiedliche Vorstellungen davon, was das Netz ist und wie es genutzt werden sollte.\nMan kann versuchen, das Problem zu vereinfachen, indem man die an einer solchen Datenübertragung beteiligten Gruppen ein wenig klassifiziert:\nAls erstes wäre dort derjenige zu nennen, der die Kabel für die Kommunikation bereitstellt. Abgesehen von lokalen Netzen, die Grundstücksgrenzen nicht überschreiten dürfen, ist dies in Deutschland aufgrund des Telekommunikationsmonopols immer die Telekom. Sie diktiert die durch Verfügbarkeit und Preise von Diensten die Rahmenbedingungen, mit denen sich alle, die kommunizieren möchten, abfinden müssen.\nZweite beteiligte Gruppe sind die Internet-Provider. Ein Provider ist jemand, der Kabel von der lokalen Telekommunikationsgesellschaft erwirbt und darauf den Dienst \u0026ldquo;Verschicken von IP-Paketen\u0026rdquo; anbietet. Neben dem schon genannten DFN-Verein, der seine Dienste hauptsächlich im akademischen Bereich anbietet, und dem deutschen EuNet gibt es in Deutschland als \u0026ldquo;klassische Provider\u0026rdquo; noch den Karlsruher Anbieter XLink und die Hamburger MAZ. Daneben haben sich in den letzten Jahren noch andere Firmen etabliert, die ebenfalls Zugang zum Internet anbieten, aber eigentlich andere Produkte verkaufen möchten: Da ist einmal die Telekom, die mit Telekom Online Internetzugang verkauft, aber eigentlich BTX anbieten möchte. Dann gibt es IBMs Advantis, das eigentlich helfen soll, IBMs OS/2 Warp zu verkaufen. Compuserve, denen es viel lieber wäre, wenn ihre Kunden das eigene Compuserve Network nutzen würden. Und - in Europa noch ohne Internet-Zugang - Microsoft, bei denen Internet-Zugang ein Abfallprodukt ihres hauseigenen Microsoft Network ist.\nEinige dieser Provider nehmen ziemlich starken Einfluß darauf, was ihre Kunden mit dem Internet machen können und dürfen. Manchmal ist die Einflussnahme technisch bedingt, zum Beispiel ist der Internet-Zugang der Telekom nicht transparent: Bei TELNET-Verbindungen werden Steuerzeichen nicht übertragen und damit ist der TELNET-Dienst praktisch wertlos. Bei anderen ist die Einflussnahme inhaltlicher Art. So hatte zum Beispiel zu der Zeit, als dieser Artikel geschrieben wurde, die Universität Frankfurt vorübergehend die WWW-Seiten eines Studenten gesperrt, der Informationen über Kurden im Netz zur Verfügung stellt. Ein anderes Beispiel ist die Firma Microsoft, die Anbietern von Konkurrenzprodukten den Zugang zu Microsoft Network zu verwehren versucht.\nSolange Informationen im Internet zur Verfügung gestellt werden und es eine ausreichend große Anzahl von Internet-Anbietern gibt, sind solche Beschränkungen kein Problem. Der betroffene Kunde begibt sich dann einfach zu einem anderen Anbieter und wird dort glücklich. Da das Internet ein offenes Netz aus Netzen ist, macht weder für den Anbieter noch für den Benutzer einen Unterschied, wo man angeschlossen ist. So hat sich zum Beispiel schon kurz nach der Sperrung der Seiten des oben erwähnten Studenten an der Uni Frankfurt ein private betriebener Internet-Zugang in Jena bereit erklärt, die betreffenden Seiten im Netz bereitzuhalten. Damit ist das Internet bei einer gesunden Anbieterstruktur effektiv resistent gegen jede Form der inhaltlichen Kontrolle.\nNatürlich macht so etwas auch Probleme, jedenfalls aus der Sicht einer Person, die das Internet nicht gewohnt ist: So ist es zum Beispiel nicht möglich, gegen die Anbieter nationalsozialistischer Propaganda auf ausländischen Serverrechnern vorzugehen oder auch nur zu verhindern, daß solche Seiten in Deutschland abrufbar sind. Erfahrene Internet-Benutzer haben mit solchen Dingen weniger Probleme: Sie wissen, daß ein Verbot solcher Seiten sowieso nur die Symptome bekämpfen würde, aber am eigentlichen Problem, der Überzeugung der Anbieter, nichts ändern würde. Entscheidend ist nicht, daß man solche Seiten unterdrücken kann, sondern daß man die Freiheit hat, Gegenmeinungen im gleichen Forum an gleicher Stelle zu präsentieren.\nDie Dritte Macht Neben den beiden bereits benannten Parteien gibt es noch eine dritte, große Kraft, die das Internet bestimmt. Im Vergleich zu den bereits benannten Gruppen ist sie relativ unauffällig und bleibt dem normalen Benutzer in der Regel verborgen: Es sind die Gremien, in denen die technischen Grundlagen des Netzes genormt und beschlossen werden. Hier hat das Internet eine im Vergleich zu anderen Normungsgremien einmalige Struktur.\nGrundlage der technischen Verfahren im Internet sind die Internet Standards. Diese Standards sind besondere Papiere in einer Reihe von Dokumenten, in denen die technischen Hintergründe des Internet diskutiert werden: die Requests for Comments (RFC). Ursprünglich war die Entwicklung des Internet vollständig informal: Im Rahmen einer akademischen Diskussion unter gleichen wurden Papiere veröffentlicht, in denen Ideen diskutiert wurden oder Notizen von Treffen verbreitet wurden. Diese Papiere bekamen zum Zwecke der Archivierung fortlaufende Nummern. Da RFCs Dokumente zum Zwecke der Archivierung sind, wird ein bestimmter RFC nach seiner Veröffentlichung niemals mehr verändert. Eine neue Version bekommt also eine neue Nummer und verweist auf seinen Vorgänger als veraltetes Dokument.\nIm Laufe der Entwicklung wurden einige dieser RFCs, die Übertragungsverfahren oder andere technische Details beschrieben, immer wieder überarbeitet und weiter und weiter ausgefeilt. Da diese Dokumente praktisch die seit Jahren gängige Verfahrensweise im Internet beschrieben, hat man diese Dokumente zu offiziellen Standards im Internet erklärt.\nDas heutige Verfahren der Verabschiedung neuer Standards im Internet ist nicht mehr ganz so frei von Formalien, aber der Geist des ursprünglichen Vorgehens ist weitgehend erhalten geblieben. Ein zukünftiger Internetstandard beginnt sein Leben meistens als ein Request for Comment. Im Prinzip kann er von jedermann auf der Welt eingereicht werden, aber in der Praxis wird er meistens von einer Arbeitsgruppe der Internet Engineering Task Force (IETF) erarbeitet. Wenn ein solches Papier eingereicht wird, entscheidet die Internet Engineering Steering Group, ob das Thema es wert ist, dafür den Standardisierungsprozeß in Gang zu setzen und ob ausreichend Bedarf nach einer Regelung besteht. Wenn dies der Fall ist, beginnt der neue Internet Standard sein Leben als \u0026ldquo;proposed standard\u0026rdquo;, als Standardisierungsvorschlag.\nDer Vorschlag kann nach Ablauf einer gewissen Wartezeit auf der Leiter der Internet Standardhierarchie weiter vorrücken, wenn mindestens zwei unabhängige Implementationen des Standards existieren, die in der Lage sind, zusammenzuarbeiten. Dies stellt sicher, daß erstens Interesse innerhalb der Gemeinschaft der Entwickler vorhanden ist und daß zweitens der Standard detailliert genug ist, um ihn als Basis für eine Entwicklung zu nehmen. Die bei der Arbeit mit dem Standard gewonnen Erfahrungen fließen in der Regel in dieser Phase in eine Überarbeitung des Papieres ein. Das Resultat wird ein neues Papier sein, das zum \u0026ldquo;draft standard\u0026rdquo; (Standardentwurf) wird. Nach einer weiteren Wartezeit kann dieser Entwurf dann endlich zu einem vollwertigen Internet Standard erklärt werden.\nDieses Vorgehen stellt die Arbeitsweise vieler anderer Normungsgremien auf den Kopf: Statt eine neue Norm zu spezifizieren und nach der Festlegung der Norm anhand der vorhandenen Texte zu arbeiten, dokumentiert ein Internet Standard meistens nur schon jahrelang gebräuchliche, existierende Praxis. Das hat nicht nur zur Folge, daß es relativ wenige \u0026ldquo;tote\u0026rdquo; Standards gibt, sondern auch, daß Internet Standards in der Regel wesentlich leichter zu lesen und zu verstehen sind als andere Normen.\nGleichzeitig ist dieses Standardisierungsverfahren auch wesentlich offener als andere. Zum einen sind RFCs im Internet frei verfügbar. Sie können bis auf die Transferkosten kostenlos abgerufen werden und unterliegen keinen Weitergabebeschränkungen. Zum anderen kann der Anstoß zur Ingangsetzung des Normungsverfahrens von einer beliebigen Institution oder sogar Einzelperson kommen.\nSogar die oben erwähnte IETF ist keine formale Organisation, sondern zum größten Teil ein Verband Arbeitsgruppen. Diese Arbeitsgruppen existieren die meiste Zeit in Form von Mailinglisten, die im Zugang nicht beschränkt sind und auf denen jede interessierte Person mitdiskutieren kann. Gelegentlich kommt es zu IETF Meetings, auf denen sich dann die beteiligten Personen und Arbeitsgruppen treffen und wo man persönlich miteinander diskutieren kann. Es gibt keine formale IETF-Mitgliedschaft, sondern man wird durch Mitarbeit in einer IETF Arbeitsgruppe IETF-Mitglied.\nComputerprotokolle verwenden meistens einen Satz von magischen Nummern und Namen, die in irgendeiner Art und Weise die korrekte Funktion des Netzes gewährleisten. Solche Nummern sind zum Beispiel die Empfänger- und Absenderadressen von Datenpaketen, ohne die keine einzige Nachricht ihr Ziel finden würde. Von gleicher Bedeutung sind die Namen von Rechnern und Teilnetzwerken, die ebenfalls eindeutig sein müssen. Damit das Netz funktioniert, müssen solche Namen und Nummern eindeutig vergeben werden. Das Internet hat zu diesem Zweck die Internet Assigned Numbers Authority (IANA), eine zentrale Registratur, die über alle Zahlen und Namen wacht, die dieser Einschränkung der Eindeutigkeit unterliegen. Wer am Netz teilnehmen möchte, muß sich eine solche Netznummer und einen Namen zuteilen lassen.\nDie IANA gibt im keine einzelnen Namen oder Nummern heraus und arbeitet auch nicht mit Einzelpersonen oder -institutionen zusammen. Stattdessen existiert normalerweise ein nationales Network Information Center (NIC), das einen Block von Internetadressen zugeteilt bekommt und dem die Verwaltung des nationalen Namensraumes unterliegt. In Deutschland ist dies etwa das DE-NIC, das Namen vergeben kann, die auf \u0026ldquo;.de\u0026rdquo; enden und das Internet-Nummern für deutsche Internet-Teilnehmer vergibt. Aber selbst mit dem DE-NIC wird man als deutscher Netzteilnehmer nicht persönlich reden, sondern über seinen Internet-Provider, der die Beschaffung von Nummern und Namen in der Regel übernimmt.\nDie Vergabe von Namen ist für die NICs in letztere Zeit zu einem echten Problem geworden. Mit dem explosionsartigen Wachstum des Internet drängen immer mehr Firmen in das Netz und selbstverständlich ist für eine Firma eine Adresse wie http://www.firma.namedesproviders.land vollkommen unakzeptabel. Das bedeutet, daß beim zuständigen NIC hunderte, wenn nicht tausende von Anträgen auf Namen wie \u0026ldquo;firma.de\u0026rdquo; oder gar \u0026ldquo;produkt.de\u0026rdquo; eingehen. Einige dieser Namen sind von vorneherein als kurzfristige Werbegags gedacht und es ist bei der Vergabe des Namens schon das Verfallsdatum absehbar. Für ein NIC ist das eine schwierige Situation: Auf der einen Seite darf das NIC bei der Vergabe von Namen nicht zu restriktiv sein, denn es sitzt auf einer Monopolressource, auf der anderen Seite ist das NIC für die Struktur und Ordnung des ihm zugeteilten Abschnittes des Namensraumes verantwortlich und hat eine \u0026ldquo;Verschmutzung\u0026rdquo; des Namensraumes zu vermeiden und nebenbei noch Konflikte zwischen zwei Bewerbern um denselben Namen zu schlichten.\nTeilnehmer: Auch mächtig? In der obigen Aufzählung von \u0026ldquo;Mächtigen\u0026rdquo; im Internet fehlt eine Gruppe: Die Netzteilnehmer. Welchen Einfluß haben sie auf die Entwicklung des Internet oder die Gestaltung von Netzlandschaften?\nNun, zum einen steht es ihnen jederzeit frei, die Lager zu wechseln und etwa Informationsanbieter zu werden oder aktiv an der Gestaltung von Standard im Internet teilzunehmen. Aber welchen Einfluß haben Anwender in ihrer Rolle als Anwender? Nun, aktiv werden kann ein Anwender nur als Abrufer von Information und als solcher ist er bei der Nutzung fast aller Internet-Dienste gegenüber den anderen Nutzern fast unsichtbar. Er bestimmt sicherlich, welche Informationsangebote durch hohe Nutzerzahlen populär werden, aber das ist nur eine sehr indirekte Art der Einflußnahme.\nEin einziger Dienst des Internet fällt hier aus der Rolle, weil in ihm die Nutzer den entscheidenden Einfluß haben und das sind die USENET News. Die USENET News sind ein Diskussionsforum, in dem sich jeder Nutzer zu Wort melden und seine eigenen Beiträge einbringen kann. Die Verwaltung dieser Diskussionsforen findet vollständig durch die Nutzer statt.\nDa ist einmal der Prozeß der Einrichtung neuer Diskussionsgruppen: Technisch ist es sehr leicht, neue Diskussionsgruppen einzurichten oder wieder zu entfernen. Damit eine solche Gruppe jedoch weit verbreitet wird und vom Netz angenommen wird, ist es notwendig, vorher einen Konsenz über die Namen und die Zweckbestimmung solcher Gruppen zu erzielen. Also hat die Netzgemeinschaft im Laufe ihrer Entwicklung ein Dokument erarbeitet, das einen formalen Weg zur Einrichtung solcher Gruppen vorsieht. Eine neue Gruppe muß formal vorgeschlagen werden und dabei muß außer dem Namen auch eine kurze Erläuterung zum Zweck der Gruppe gegeben werden. Außerdem muß klar werden, wie sich diese Gruppe von anderen Gruppen thematisch unterscheidet. Dieser formale Vorschlag wird dann einige Zeit in den News diskutiert und unter Umständen einige Male verändert, bevor es zu einer Abstimmung kommt.\nDie \u0026ldquo;Abstimmung\u0026rdquo; ist an und für sich keine, da am Ende ja nichts beschlossen werden kann: Jeder Betreiber eines Netzknotens kann immer noch für sich und alleine entscheiden, ob er eine bestimmte Gruppe auf seinem eigenen Rechner führen möchte. Es handelt also mehr um eine Meinungsumfrage als um eine Abstimmung. Aber wenn das Ergebnis einer solchen Abstimmung nach den Regeln positiv ausfällt, kann man einigermaßen sicher sein, daß die neue Gruppe von der überwiegenden Anzahl der Systeme akzeptiert und eingerichtet wird.\nObwohl in den USENET News wie im eigentlichen Internet also jede Form der Exekutive zur Durchsetzung von Beschlüssen der Netzgemeinschaft fehlt, gelingt es trotzdem, stabile Formen der Kooperation zu finden und diese Umzusetzen. Und obwohl niemand da war, um dem Netz am Anfang eine Satzung oder einen Staatsvertrag zu geben, haben sich formale Regeln für den Netzbetrieb entwickelt, die weitgehend akzeptiert und eingehalten werden.\nOft unterscheidet sich dieses Regelwerk stark von der jeweiligen lokalen Gesetzgebung, gerade im Bereich Urheberrecht oder Weiterverbreitung von \u0026ldquo;verboteten\u0026rdquo; Informationen ist man im Netz meistens wesentlich liberaler als in der Wirklichen Welt. Aber meistens ist das netzeigene Regelwerk inklusive seiner nicht formal notierten Traditionen sehr viel besser geeignet, mit Netzproblemen fertig zu werden als das juristische Handwerkszeug der Wirklichen Welt.\n","date":"1996-01-01T00:00:00Z","href":"https://blog.koehntopp.info/1996/01/01/wer-beherrscht-das-internet.html","tags":["lang_de","publication","internet"],"title":"Wer beherrscht das Internet?"},{"categories":null,"content":"Linux Magazin, Heft 12/1995\ninit - Starten und Beenden von Linux Der Prozeß mit der Prozeßnummer 1 ist init. init wird beim Starten des Systems geladen und läuft bis zum Abschalten durch. Er ist der direkte oder indirekte Urahn aller anderen Prozesse eines Linux-Systems. Ein genaues Verständnis der Vorgänge vom Starten von init bis zum Erscheinen des ersten Shellprompts nach dem Login ist notwendig, um fehlerhaft konfigurierte Linuxsysteme wiederzubeleben, ohne neu installieren zu müssen.\nDie meisten Linux-Distributionen haben heutzutage den sysvinit 2.4 von Miquel van Smoorenburg (Miquel van Smoorenburg) installiert. Diese init-Version entspricht im Großen und Ganzen den von regulären System V Systemen bekannten inits, ist aber auf PC-Verhältnisse besonders angepaßt. sysvinit kennt zum Beispiel spezielle Optionen betreffend das Verhalten bei einem Stromausfall mit einer USV und weiß mit einem Control-Alt-Delete umzugehen. Mit Smoorenburgs init-Paket kommen außer init auch noch die Programme halt, last, mesg, shutdown und wall sowie der Quelltext für den powerd, ein Auswertedämon für die Statusleitungen von USVs. Eine Version von who, die auf den init abgestimmt wäre, fehlt.\nZu dem Zeitpunkt, zu dem init gestartet wird, ist das System soeben gebootet worden. Außer dem Root-Dateisystem, das wahrscheinlich nur read-only gemountet ist und möglicherweise beschädigt ist und der Systemkonsole /dev/console existieren keine weiteren Ressourcen. Außer init laufen keine anderen Prozesse. Swapspace ist noch nicht angemeldet, was zur Folge hat, daß auf Systemen mit nur 4 MB RAM der Speicher schnell knapp werden könnte. Die Aufgabe von init beim Systemstart ist zunächst einmal, die Dateisysteme zu prüfen, gegebenenfalls zu reparieren und sie sowie eventuell vorhandenen Swapspace anzumelden. Durch die zusätzlichen Dateisysteme und den zusätzlichen Speicher versetzt sich das System in die Lage, die zahlreichen Hintergrundprozesse zu starten, die ein vollständig betriebsbereites Linux auszeichnen. Welche Dämonen gestartet sind, wird durch die Konfigurationsdatei von init, die /etc/inittab festgelegt. Je nach Run-Level des Systems können dies unterschiedliche Prozesse sein.\nRun-Levels Ein Run-Level ist dabei einfach nur die numerische Bezeichnung (Okay, es gibt auch noch einen Run-Level S) für eine bestimmte Systemkonfiguration. Abhängig vom aktuellen Run-Level werden bestimmte Zeilen der /etc/inittab gültig oder ungültig und init stoppt oder startet dementsprechend die zugehörigen Prozesse. Die /etc/inittab definiert gewissermaßen den Soll-Zustand des Systems in einem bestimmten Run-Level: Fehlende Dämon-Prozesse werden von init nachgestartet, überzählige Dämon-Prozesse werden von init gestoppt.\nÜber den Ist-Zustand des Systems führt init parallel dazu in der utmp-Datei Buch. Für jede Zeile der /etc/inittab steht in der utmp-Datei ein struct utmp-Eintrag, der über den Verbleib des zugehörigen Prozesses Aufschluß gibt. Außerdem führt init über seine Aktionen noch in der wtmp-Datei ein Logbuch. Auch diese Datei besteht aus struct utmp-Einträgen, aber im Gegensatz zu utmp, die eine feste Länge hat, wird wtmp als Logbuch fortgeschrieben (und muß regelmäßig gekürzt werden). Programme wie who, w, finger oder der rwhod können die utmp-Datei auswerten und anzeigen, welche Benutzer gerade im System eingeloggt sind oder welche Schnittstellen gerade unbelegt sind. Programme wie last oder Accountingtools werten dagegen die wtmp-Datei aus und können so ein Logbuch über die vergangenen Logins erzeugen.\nAuf einem richtigen System V kann who nicht nur eine Liste der eingeloggten Benutzer erzeugen, sondern die komplette utmp-Datei analysieren und auch mit der Option -r den aktuellen Run-Level des Systems anzeigen. Im Umfeld der Slackware-Distributionen paßt der who-Befehl nicht zum init und ihm fehlen diese Optionen, sodaß man auf selbstgeschriebene Programme angewiesen ist.\ninit erzwingt nicht, daß bestimmte Run-Level (ausgenommen S) bestimmte Bedeutungen haben. Das Verhalten des Systems richtet sich ausschließlich nach der Konfiguration in der /etc/inittab. Per Konvention hat diese auf den meisten Distributionen, die von Slackware abstammen, ein bestimmtes Aussehen. \u0026ldquo;Slackware inittab\u0026rdquo; weiter unten zeigt die /etc/inittab einer Slackware-Installation.\nEine Zeile der inittab hat dabei das folgende Format:\nid:runlevels:action:process Die id stellt dabei einen eindeutigen Identifikator für die Zeile der inittab dar. Er muß genau zwei Buchstaben lang sein und taucht später als ut_id-Feld in demjenigen Eintrag in der utmp-Datei auf, der zu dieser Zeile der inittab gehört. Das, was finger in der Spalte Tty ausdruckt, ist der Inhalt dieses ut_id-Feldes aus der utmp-Datei.\nDas Feld runlevels definiert einen oder mehrere Run-Levels, in denen diese Zeile aktiviert sein soll.Wenn der aktuelle Run-Level des Systems hier nicht aufgeführt ist, ist diese Zeile unwirksam: Ein Eintrag im Feld runlevels mit den Ziffern 123 wäre nur in den Run-Levels 1, 2 und 3 gültig.\nDas Feld process definiert dann den Aufruf eines Prozesses mit allen Parametern, wie er von init gestartet werden soll, wenn das System sich in einem der in runlevels genannten Run-Level befindet. Diese Prozesse sind entweder Dämon-Prozesse wie xdm oder nnmaster, Login-Prompts wie getty oder Scripte und Anweisungen, die beim Wechsel des Run-Levels aktiv werden. init überwacht diese Prozesse. Wenn sich einer von ihnen beendet, bemerkt init dies und entscheidet anhand der action darüber, ob der Dämon neu gestartet werden soll oder was sonst zu tun ist.\nDer Abschnitt \u0026ldquo;Das action Feld in der inittab\u0026rdquo; erklärt die Bedeutung der verschiedenen Schlüsselworte.\nDie rc-Scripte Bei der Slackware startet die inittab einige rc-Scripte, genau wie bei den meisten anderen Unices auch. Die Bezeichnung rc steht dabei für \u0026ldquo;run command\u0026rdquo;. Sie stammt noch aus der Urzeit der Computerentwicklung und wurde von einem der vergessenen Vorläufer von UNIX übernommen. Heute würde man wohl stattdessen das Kürzel \u0026ldquo;BAT\u0026rdquo; verwenden.\nDie Struktur dieser Scripte orientiert sich bei Linux mehr an der wesentlich primitiveren Konfiguration eines BSD-Systems als an einem normalen System V. Mit unserem Wissen über init können wir inzwischen erkennen, daß Linux nach dem Booten wegen des initdefault-Schlüsselwortes in der inittab den Run-Level 5 ansteuert. Der sysinit-Eintrag sorgt dann für die Abarbeitung von /etc/rc.d/rc.S, gefolgt von /etc/rc.d/rc.M, da der wait-Eintrag \u0026ldquo;rc\u0026rdquo; den Run-Level 5 enthält. Nachdem init auf das Ende von rc.M gewartet hat, startet er die getty-Einträge c2 bis c6 (c1 ist hier auskommentiert) und den nnmaster. Der Eintrag x1 wird ignoriert, da er nur für den Run-Level 6 gilt.\n/etc/rc.d/rc.S ist das Script, das als erstes nach dem Systemstart abgearbeitet wird. Es findet den eingangs erwähnten Rechner ohne Dateisysteme und Ressourcen vor und macht sich daran, diesen Zustand zu ändern. Die ersten Handgriffe nach der Definition eines Suchpfades dienen dazu, den Swapspace zu aktivieren: Dazu muß swapon -a eine gültige /etc/fstab vorfinden und dort die Swap-Partitionen benannt bekommen. Der update-Dämon sorgt dann dafür, daß der Speicherinhalt auch gelegentlich auf die Festplatte geschrieben werden. Jetzt ist auch auf Maschinen mit 4 MB RAM genügend Speicher bereitgestellt, um größere Prozesse ablaufen lassen zu können.\nDie folgenden Anweisungen dienen dazu, die Dateisysteme zu prüfen und - falls möglich - das Root-Dateisystem read-write anzumelden. Wenn der fsck oder der Remount fehlschlagen, druckt das Script Handlungsanweisungen und versucht noch so etwas wie ein Login hinzubekommen. Die folgenden Anweisungen ab Zeile 92 dienen dann dazu, die üblichen Konfigurations- und Statusdateien zu erzeugen, die beim Systemstart aufgefrischt werden müssen und die Systemzeit zu stellen.\nStartet man Linux im single user mode oder gerät man auf andere Weise auf ein System mit einer read-only angemeldeten Root-Platte, kann man sich behelfen, indem man /etc/rc.d/rc.S von Hand ausführt. Mit ein wenig Glück bekommt man so ein halbwegs vernünftig konfiguriertes System, bei dem man immerhin soviele Eingriffsmöglichkeiten hat, daß man die verbleibenden Fehler von Hand korrigieren kann. Auch normale UNIX-Versionen haben ähnliche Scripte. Da das Checken und Anmelden der Platten nach dem Systemstart mit die dringlichste Aufgabe ist, findet man den Namen des Scriptes am einfachsten heraus, indem man sich den sysinit-Eintrag der betreffenden /etc/inittab ansieht. Ein häufige Name für dieses Script ist zum Beispiel bcheckrc.\n/etc/rc.d/rc.M kümmert sich dann um die Vorbereitung des Systems auf den Mehrbenutzerbetrieb. Dieses Script kann davon ausgehen, daß alle lokalen Platten schon verfügbar sind und daß ausreichend Swapspace zur Verfügung steht. Hostnamen und andere das Netzwerk betreffende Dinge sind aber noch undefiniert. rc.M konfiguriert einen Screenblanker, startet den cron, setzt den Hostnamen und verzweigt dann vorübergehend in die Scripte rc.inet1 und rc.inet2. Ersteres dient dazu, den Kernelteil des Netzwerkes zu konfigurieren: Die Interfaces erhalten ihre IP-Nummern und werden gestartet, danach setzt sich der Kernel Routingtabellen. Das gesamte Script besteht im Prinzip nur aus glorifizierten Aufrufen von ifconfig und route. Die zweite Datei konfiguriert dann den Anwendungsteil des Netzes, indem dort die entsprechenden Serverprozesse gestartet werden. Die folgenden Arbeiten in rc.M erledigen dann einige Aufräumarbeiten, die zu verschiedenen Subsystemen gehören. Wichtig ist hier vor allen Dingen der Aufruf von ldconfig, der Links auf die aktuellen Versionen der shared libraries auf den neuesten Stand bringt. Am Ende von rc.M wird dann noch auf rc.local verzweigt, in der der Systemverwalter lokale Modifikationen des Systemstarts unterbringen kann. Einige Versionen der Slackware verzweigen bei Bedarf noch in andere, spezialisierte rc-Dateien zum Verstellen des Zeichensatzes oder der Tastaturbelegung.\nErweiterungen der rc-Dateien Bei der Konstruktion der rc-Dateien, wie sie im Abschnitt \u0026ldquo;Slackware inittab\u0026rdquo; gezeigt wird, ist einzig die Datei rc.local für lokale Erweiterungen des Bootvorganges vorgesehen. Der Systemverwalter kann hier neben lokalen Anpassungen für Zeichensatz und Tastatur eigene Dämon-Prozesse starten oder den Weg für den Start solcher Prozesse bereiten (indem zum Beispiel alte Lockdateien abgeräumt werden).\nDabei sollte man auf jeden Fall darauf achten, daß die rc.local-Datei beendet wird! rc.S wird als sysinit-Eintrag ausgeführt und rc.local ist Bestandteil von rc.M und wird als wait-Eintrag ausgeführt. In beiden Fällen können die folgenden Einträge der inittab erst dann ausgeführt werden, wenn rc.S bzw. rc.M beendet sind. Die folgenden Einträge sind aber die getty-Prozesse für die Systemkonsole (c1-c6), die das Login überhaupt ermöglichen. Wenn ein Fehler in rc.M also dazu führt, daß sich das Script niemals beendet, kommen niemals Loginprompts und man kann sich nicht anmelden, um den Fehler zu korrigieren.\nDer Fehler tritt zum Beispiel gerne dann auf, wenn man in rc.local einen Dämon startet (es ist ein Characteristikum von Dämonen, daß sie sich nach Möglichkeit nicht beenden), der sich nicht automatisch selbst in den Hintergrund schiebt. Zum Beispiel schiebt sich der nnmaster-Aufruf\n/usr/lib/nn/nnmaster -l -r -C automatisch in den Hintergrund, während\n/usr/lib/nn/nnmaster -f -l -r -C keinen Hintergrundprozeß erzeugt, sondern ausdrücklich im Vordergrund bleibt. In der rc.local würde nur der erste Aufruf korrekt funktionieren, der zweite würde das System blockieren.\nIn der /etc/inittab im Abschnitt \u0026ldquo;Slackware inittab\u0026rdquo; ist nnmaster jedoch in der zweiten Variante eingetragen. Wieso ist das hier notwendig? Nun, in der inittab ist nnmaster als respawn-Eintrag eingetragen: init bewacht den nnmaster hier und startet ihn neu, falls notwendig. Wäre nnmaster hier ohne -f eingetragen, würde der Dämon sich in den Hintergrund schieben und der Vordergrundprozeß würde sich gleich wieder beenden. init bemerkt, daß sich der von ihm gestartete Prozeß beendet hat und würde sogleich einen zweiten nnmaster starten, wie der respawn-Eintrag es befiehlt. Solche Einträge erzeugen dann die Meldung \u0026ldquo;respawning to rapidly\u0026rdquo;.\nrc-Dateien im Stile von System V Das Konzept der rc.local-Datei ist zwar schön einfach zu verstehen, aber für die automatische Wartung des Systems ist es nicht besonders elegant. In einer kommerziellen Umgebung würde man davon ausgehen, daß die Benutzer des Systems reine Anwender sind und kaum genug Ausbildung haben, um mit der Anwendung selbst klarzukommen. Auch von der Systemverwaltung kann man nicht in jedem Fall verlangen, daß sie zu selbstständigen Änderungen an rc-Dateien in der Lage ist. Das gilt insbesondere dann, wenn diese Änderung den fehlerfreien Wiederanlauf des Systems gefährden kann. Für Anwendungen, die durch schlecht ausgebildete Personen aus vorgefertigen Packages installiert werden sollen, wäre es wünschenswert, wenn ein Mechanismus besteht, durch den sie sich automatisch und weitgehend fehlerfrei in die Programmfolge beim Systemstart einhängen können.\nEin ähnliches Problem besteht schon seit Jahren im Bereich MS-DOS, wo Installationsprozeduren von Anwendungspaketen Änderungen an der AUTOEXEC.BAT und der CONFIG.SYS vornehmen müssen. Im Bereich MS-DOS löst man dies, indem jede Anwendung einen großen Installator mit sich herumschleppt, der in der Lage ist, solche Konfigurationsdateien zu parsen und zu korrekt verändern (oder auch nicht). Das so etwas schon bei MS-DOS nicht richtig funktioniert, bemerkt der Autor jedesmal an seiner eigenen Konfiguration, die leider nicht linear ist, sondern mehrere Verzweigungen und Aufrufe von Unterbatches enthält. Praktisch alle DOS-Installationsprogramme führen ihre Änderungen an der falschen Stelle oder nur für eine Konfiguration (meistens nicht die aktive) ein. UNIX Shellscripte sind allerdings noch mächtiger als DOS Batchdateien und für ein Installationsprogramm entsprechend schwieriger zu handhaben. Die Wahrscheinlichkeit, daß ein rc-Modifikator eine etwas komplexere rc.local durch seine Änderungen zerstört sind viel größer als für ein DOS Installationsprogramm.\nIn System V UNIX verwendet man deswegen ein etwas anderes Konzept, daß ohne aufwendige Parser auskommt und trotzdem viel sicherer funktioniert. Statt alle Anweisungen in eine einzige Datei zu quetschen, hat man die rc-Datei dort in viele kleine Module zerlegt, von denen sich jedes um einen Aspekt des Systemstartes kümmert. Man hat für jeden Run-Level ein Unterverzeichnis /etc/rcn.d (wobei n die Nummer des Run-Levels ist). Dort befinden sich die Startdateien für diesen Run-Level. Das Script /etc/rcn (wieder ist n der Run-Level) ist für jeden Run-Level gleich und führt nacheinander alle Dateien im zum Run-Level gehörenden Unterverzeichnis aus.\nPer Konvention haben alle Dateien im Unterverzeichnis entweder den Namen KxyNAME oder SxyNAME. Eine K-Datei dient dazu, irgendeinen Dienst beim Betreten des Run-Levels zu stoppen, eine S-Datei dient dazu, einen Dienst zu starten. Die Ziffern xy laufen von 00 bis 99 durch und dienen dazu, eine alphabethische Reihenfolge der Script zu definieren: Das Script führt die einzelnen Module in der Reihenfolge K00 bis K99 und dann S00 bis S99 aus. Es ruft K-Scripte mit dem Parameter stop auf, S-Scripte werden mit dem Parameter start aufgerufen. Der Bestandteil NAME dient zur Identifikation des Scriptes und bezeichnet das Subsystem, das durch das Script gestartet oder gestoppt wird.\nEin Programmpaket kann bei dieser Konstruktion ganz leicht eingefügt werden. Nehmen wir an, ein hypothetischer FAX-Server kfax braucht beim Systemstart einige Anweisungen, um einen Dämon-Prozeß zu starten und ein wenig aufzuräumen. Das Installationspaket könnte eine Datei mit den benötigten Anweisungen erzeugen und sie als /etc/init.d/kfax in einem Sammelverzeichnis für alle Startscripte installieren. Das Modul soll beim Betreten von Run-Level 5 getstartet werden. Also erzeugt die Installationsprozedur ein Symlink von /etc/rc5.d/S99kfax nach /etc/init.d/kfax. Die Installation braucht also nur eine Datei zu erzeugen und ein Link zu legen, um ihr Modul in die rc-Scripte zu integrieren. Soll das Script in mehr als einem Run-Level aktiviert werden, wird es auch von den anderen /etc/rcn.d-Verzeichnissen nach /etc/init.d gelinkt. Lesen und Verstehen von rc.local oder anderen Scripten ist nicht notwendig. Die Deinstallationsanweisung ist genauso simpel: \u0026ldquo;Löschen Sie die Datei /etc/rc5.d/S99kfax und starten Sie das System neu.\u0026rdquo;\nBeim Wechsel in den Run-Level 5 wird unser Beispielsystem das Script /etc/rc5 durch einen once-Eintrag aktivieren. Das Script geht alle Dateien in /etc/rc5.d durch und führt sie der Reihe nach aus. Es wird zunächst alle /etc/rc.d/K*-Dateien mit dem Parameter stop aufrufen, danach wird es alle /etc/rc.d/S*-Dateien mit dem Parameter start aufrufen. Ganz am Schluss wird S99kfax start ausgeführt.\nDas folgende Listing zeigt den inittab-Eintrag und ein Listing von /etc/rc5.\nSystem V Startscript /etc/rc5 Der Eintrag in der /etc/inittab:\nr5:5:once:/etc/rc5 Das zugehörige Script:\n# /bin/sh -- #\tDas Script wird ausgefuehrt, wenn das System in den #\tRun-Level 5 wechselt. # #\tFuer die anderen Run-Levels sollten # analoge Eintraege und Scripte existieren. PATH=/bin:/sbin:/usr/sbin:/usr/bin if [ -d /etc/rc5.d ] then # Ausfuehren der Stopscripte MODE=stop for f in /etc/rc5.d/K* do if [ -x ${f} ] then /sbin/sh ${f} stop else . ${f} fi done # Ausfuehren der Startscripte MODE=start for f in /etc/rc3.d/S* do if [ -x ${f} ] then /sbin/sh ${f} start else . ${f} fi done fi Slackware inittab # # inittab This file describes how the INIT process should set up # the system in a certain Run-Level. # # Version: @(#)inittab 2.04 17/05/93 MvS # # Author: Miquel van Smoorenburg, \u0026lt;miquels@drinkel.nl.mugnet.org\u0026gt; # # Default runlevel. id:5:initdefault: # System initialization (runs when system boots). si:S:sysinit:/etc/rc.d/rc.S # Script to run when going single user. su:S:wait:/etc/rc.d/rc.K # Script to run when going multi user. rc:123456:wait:/etc/rc.d/rc.M # What to do at the \u0026#34;Three Finger Salute\u0026#34;. ca::ctrlaltdel:/sbin/shutdown -t3 -rf now # What to do when power fails (shutdown to single user). pf::powerfail:/sbin/shutdown -f +5 \u0026#34;THE POWER IS FAILING\u0026#34; # If power is back before shutdown, cancel the running shutdown. pg:0123456:powerokwait:/sbin/shutdown -c \u0026#34;THE POWER IS BACK\u0026#34; # If power comes back in single user mode, return to multi user mode. ps:S:powerokwait:/sbin/init 5 # The getties in multi user mode on consoles an serial lines. # # NOTE NOTE NOTE adjust this to your getty or you will not be # able to login !! # # Note: for \u0026#39;agetty\u0026#39; you use linespeed, line. # for \u0026#39;getty_ps\u0026#39; you use line, linespeed and also use \u0026#39;gettydefs\u0026#39; #c1:12345:respawn:/sbin/agetty 38400 tty1 c2:12345:respawn:/sbin/agetty 38400 tty2 c3:12345:respawn:/sbin/agetty 38400 tty3 c4:45:respawn:/sbin/agetty 38400 tty4 c5:45:respawn:/sbin/agetty 38400 tty5 c6:456:respawn:/sbin/agetty 38400 tty6 # nn nn:23456:respawn:/usr/lib/nn/nnmaster -f -l -r -C # Serial lines #s1:45:respawn:/sbin/agetty 19200 ttyS0 #s2:45:respawn:/sbin/agetty 19200 ttyS1 # Dialup lines #d1:45:respawn:/sbin/agetty -mt60 38400,19200,9600,2400,1200 ttyS0 #d2:45:respawn:/sbin/agetty -mt60 38400,19200,9600,2400,1200 ttyS1 # Runlevel 6 used to be for an X-window only system, until we discovered # that it throws init into a loop that keeps your load avg at least 1 all # the time. Thus, there is now one getty opened on tty6. Hopefully no one # will notice. ;^) # It might not be bad to have one text console anyway, in case something # happens to X. x1:6:wait:/etc/rc.d/rc.6 # End of /etc/inittab Das Action Feld in der /etc/inittab Das Feld action in der inittab bestimmt, wie init mit dem im Feld process genannten Prozeß verfährt. sysvinit kennt dieselben Schlüsselworte wie ein richtiger init eines originalen System V UNIX plus einige eigene Schlüsselworte, die spezifisch für Linux sind.\nStart und Restart von Prozessen off: Zeilen, die als off gekennzeichnet sind, sind inaktiv. Dies stellt eine gute Methode dar, um Einträge in der inittab vorübergehend außer Betrieb zu nehmen. Natürlich könnte man sie auch in Kommentarzeilen verwandeln, indem man an den Anfang der Zeile ein \u0026ldquo;#\u0026rdquo; setzt. respawn: Dies ist der häufigste Eintrag, wie er für gettys und für Dämon-Prozesse verwendet wird, die automatisch neu gestartet werden sollen. Wenn sich ein so gekennzeichneter Eintrag beendet, versucht init den Prozeß erneut zu starten. Kommt es dabei zu einer Endlosschleife (der Prozeß beendet sich aufgrund eines Fehlers sofort wieder, init startet ihn sofort wieder neu\u0026hellip;), erkennt init dies und legt den Eintrag für einige Minuten mit der Meldung \u0026ldquo;process respawning too rapidly\u0026rdquo; still. initdefault: Der initdefault-Eintrag hat in gewisser Weise eine Sonderrolle: Er spezifiziert keinen Prozeß, sondern sein runlevel-Feld gibt an, in welchen Run-Level sich das System beim Systemstart begeben soll. Fehlt dieser Eintrag, wird der gewünschte Run-Level beim Booten an der Console erfragt. wait: Mit wait gekennzeichnete Prozesse werden von init einmal beim Betreten des Run-Levels gestartet. init wartet dann darauf, daß der entsprechende Prozeß sich wieder beendet, bevor der nächste Eintrag abgearbeitet wird. Da init die Einträge einer inittab von oben nach unten abarbeitet, kann man so eine kontrollierte Folge von Scripten beim Erreichen eines Run-Levels starten. once: Mit once gekennzeichnete Prozesse werden von init einmal beim Betreten des Run-Levels gestartet. Im Gegensatz zur Aktion wait wartet init hier aber nicht auf das Ende des Prozesses, bevor der nächste Eintrag der inittab abgearbeitet wird. once wird normalerweise verwendet, um einen Dämon zu starten ohne in wie bei respawn bewachen zu lassen. Sollte der Dämon sich beenden, wird eben kein neuer Prozeß gestartet. In System V UNIX wird once verwendet, um die /etc/rcn-Scripte zu starten. Boot Weil init als allererster Prozeß im System gestartet wird, muß es Einträge gegeben, die spezifizieren, wie das System ans Laufen gebracht wird. Bei diesen Einträgen wird das Feld runlevels ignoriert. Sie werden beim Start des Systems schlicht von oben nach unten abgearbeitet.\nsysinit: Die ersten Prozesse der Bootphase werden durch die sysinit-Einträge bestimmt. Es handelt sich meistens um Scripte, deren Aufgabe es ist, die Platten zu checken und sie read-write anzumelden. boot: Nach den sysinit-Scripten folgen dann die anderen Scripte der Bootphase. bootwait: Bei bootwait-Einträgen wartet das System mit dem Starten des Folgeeintrags solange, bis der aktuelle Eintrag abgearbeitet ist. Bei boot-Einträgen wird dagegen nicht gewartet. Speziell für Linux sysvinit von Linux hat außerdem noch einige Nichtstandard-Aktionen. Sie dienen hauptsächlich der Unterstützung von USVs und zumAbfangen der Tastenkombination Control-Alt-Delete.\nctrlaltdel: Bei diesem Eintrag wird das Feld runlevels ebenfalls ignoriert. Er wird aktiviert, wenn jemand an der Console die Tastenkombination Control-Alt-Delete gedrückt hat. Normalerweise wird man hier entweder das System herunterfahren oder in den single user mode wechseln. powerwait: powerfail: Einträge mit der Aktion powerwait oder powerfail werden aktiviert, wenn das System ein SIGPWR Signal erhält. Dies ist typischerweise ein Signal, das vom Kernel generiert wird, wenn die Stromversorgung des Systems zusammenbricht und die USV übernimmt. Bei powerwait-Einträgen wartet init wieder auf das Ende eines Eintrages, bevor der nächste abgearbeitet wird, während dies bei powerfail-Einträgen nicht geschieht. powerokwait: Dieser Eintrag wird aktiviert, wenn ein SIGPWR auftritt und die Datei /etc/powerstatus das Wort OK enthält. Sollte die Stromversorgung wieder funktionieren, bevor das System sich auf Grund des ersten SIGPWR abgeschaltet hat, kann durch einen Eintrag hier die Abschaltung verhindert werden. ondemand: Ein Eintrag mit der Bezeichnung ondemand funktioniert ähnlich wie ein Eintrag once. Während ein once-Eintrag jedoch nur beim Betreten eines Run-Levels aktiviert wird, wird ein ondemand-Eintrag auch dann aktiviert, wenn das System in den Run-Level wechseln soll, in dem es sich sowieso schon befindet. ","date":"1995-12-01T00:00:00Z","href":"https://blog.koehntopp.info/1995/12/01/init-starten-und-beenden-von-linux.html","tags":["lang_de","publication","unix"],"title":"init - Starten und Beenden von Linux"},{"categories":null,"content":"Linux Magazin, Heft 11/1995\nCnews in Betrieb nehmen Ein Cnews in Betrieb zu nehmen ist schon nicht ganz einfach, wenn man die originalen Quelltexte hat und den Installationsanweisungen des Autors, Henry Spencer von der Universität Toronto, folgt. Aber in der Slackware, die mit der Infomagic Developers Ressource vom März 1995 geliefert wird, sind noch einige zusätzliche Haken und Ösen eingebaut. Dieser Text beschreibt, wie ich mein Cnews von dieser CD zum Laufen bekommen habe.\nEigentlich bin ich ja kein Dosen-Benutzer, aber durch eine Verkettung unglücklicher Umstände und fehlende Treiber war ich gezwungen, etwas über ein Jahr mit MS-DOS und Crosspoint zuzubringen. Irgendwann Mitte des Jahres hatte ich dann die Zusammenbrüche der Messagebase und das Warten beim Einsortieren der Artikel satt. Ich beschloß, mir wieder ein Linux und ein Cnews zu installieren, damit ich meine News endlich wieder mit Gottes eigenem Newsreader lesen kann. Eine Infomagic Developers Ressource ist günstig zu bekommen und die Slackware darauf sollte eine gut getestete Standarddistribution sein.\nSoweit die Theorie. In der Praxis bin ich bei der Installation des Cnews-Paketes von dieser CD in eine ganze Reihe kleine Fallen gelaufen, die offenbar nicht nur mich Nerven gekostet haben. Ich habe keine Ahnung, warum das Cnews auf dieser Distribution so bissig ist (Nehmt Ihr alle INN?), aber man kann es in den Griff bekommen.\nGleich der erste Fehler, der mir bei der Slackware in die Arme lief, waren die Zugriffsrechte auf den Temporärverzeichnissen: Mein /var/tmp hatte die Zugriffsrechte 755 und gehörte root.root. Mit diesen Rechten muß nicht nur Cnews Fehlermeldungen ausspucken, sondern jedes andere Programm, das ebenfalls mit diesem Verzeichnis arbeitet, funktioniert nur für den Systemverwalter.\nHier sind die korrekten Zugriffsrechte für diese Verzeichnisse:\nroot@white:~# ls -ld /tmp /var/tmp /usr/tmp drwxrwxrwt 3 root root 1024 Jul 20 16:43 /tmp lrwxrwxrwx 1 root root 8 Jul 8 14:55 /usr/tmp -\u0026gt; /var/tmp drwxrwxrwt 2 root root 1024 Jul 20 08:37 /var/tmp Cnews setzt voraus, daß ein User news existiert. Man sollte später die Wartung des Newssystems, also das Anlegen und Löschen von Gruppen und Artikeln, keinesfalls als Systemverwalter machen. Alle Wartung an Cnews muß immer als news erfolgen! Ich habe dem news-User der Slackware daher ein Homeverzeichnis und ein Paßwort gegeben:\nroot@white:~# grep news /etc/passwd news:deletedforsafety:9:13:white.schulung.netuse.de news:/var/lib/news: root@white:~# ls -ld /usr/lib/news lrwxrwxrwx 1 root root 13 Jul 9 22:27 /usr/lib/news -\u0026gt;; /var/lib/news Die Paßwortdatei sollte man vor der Änderung sichern, danach kann man die betreffende Zeile dann leicht mit einem Editor anpassen und die Änderungen mit einem diff zwischen der gesicherten und der geänderten Version prüfen. Das Homeverzeichnis von news ist bei mir das Verzeichnis mit den Konfigurationsdateien des Newspaketes, /var/lib/news. Als ich mit UNIX angefangen habe, gab es noch keine /var-Verzeichnisse und so bin ich /usr/lib/news als Verzeichnis gewohnt. Also habe ich mir ein Symlink von /usr/lib/news nach /var/lib/news installiert - die Macht der Gewohnheit.\nAußer diesem Konfigurationsverzeichnis hat Cnews auch noch verschiedene Hilfsprogramme. Diese verstecken sich in den Unterverzeichnissen von /usr/lib/news/bin (in /usr, weil dies statische Dateien sind, im Gegensatz zu den veränderlichen Konfigurationsdateien). Diese Dateien gehören alle root, damit sie per NFS und mit root_squash exportiert werden können. Leider macht die einzig notwendige Ausnahme, relaynews, diesen Sicherheitsgewinn bei einem NFS-Export wieder zunichte\u0026hellip;\nAn einigen der Programme unterhalb von /usr/lib/newsbin habe ich mich vergriffen, damit das Newssystem so funktioniert, wie ich mir das vorgestellt habe. Im Einzelnen waren die Änderungen:\nnews@white:/usr/lib/newsbin$ find . -type f -mtime -100 -print ./ctl/newgroup ./maint/newsdaily ./maint/junkgroups ./inject/pnews Die Änderungen waren folgendermaßen:\nctl/newgroup: Automatische Erzeugung neuer Newsgroups komplett abgeschaltet. Das ist am Anfang nicht weiter wichtig. maint/newsdaily: Dieses Programm soll einmal am Tag ablaufen, um Cnews Statusreports zu erzeugen. Wegen eines Problems mit der bash hat das Programm aber leider den Report vor dem Versenden gelöscht. Am Anfang des Scriptes ist eine Zeile mit \u0026ldquo;trap\u0026rdquo;. Ich habe sie brutal auskommentiert. maint/junkgroups: Das ist ein kleines Script, das ich mir geschrieben habe, um das Logbuch von Cnews nach nichtexistierenden Gruppen zu durchsuchen. Es erzeugt eine Liste der fehlenden Gruppen, damit ich sie dann anlegen kann. inject/pnews: pnews ist das Programm, mit dem neue Artikel in das Newssystem eingespielt werden können. Es erzeugt keine \u0026ldquo;Lines:\u0026quot;-Headerzeile für neue Artikel. Der Lines-Header ist zwar optional und Cnews entscheidet sich zu Recht dazu, nur minimale Header zu erzeugen, aber nn funktioniert besser, wenn der Lines-Header vorhanden ist. Es genügt, pnews in den Editor zu laden und nach dem Text \u0026ldquo;Lines\u0026rdquo; zu suchen. Dort befinden sich Anweisungen, wie man die Erzeugung von Lines-Zeilen aktivieren kann.\nKeine dieser Änderungen war kritisch. Es sind mehr Schönheitskorrekturen. Wichtiger sind stattdessen die Steuerdateien von Cnews. Sie befinden sich wie gesagt in /var/lib/news. Im Unterverzeichnis bin steht dort eine Datei config. Sie enthält einen Haufen Informationen, die die Shellscripte von Cnews benötigen. Diese Informationen müssen genau mit den Steuerinformationen des restlichen Newssystems übereinstimmen oder Cnews stellt die Arbeit kommentarlos ein. Daher darf diese Datei niemals verändert werden. Leider hatte sie jemand verändert, jedenfalls war sie schon auf der CD falsch. Hier ist die korrekte /usr/lib/news/bin/config:\n# configuration -- all the shell files pick this up using \u0026#34;.\u0026#34; # this makes it possible to add new variables here and have them # available everywhere immediately # # This is not, repeat NOT, a master control file for all of C News. # This is the shell equivalent of libcnews/config.c, a \u0026#34;subroutine # library\u0026#34; that gives shell files access to the default settings and # lets environment variables override the defaults. Changing the # defaults here will *NOT* change them throughout C News. # # =()\u0026lt;NEWSCTL=${NEWSCTL-@\u0026lt;NEWSCTL\u0026gt;@}\u0026gt;()= NEWSCTL=${NEWSCTL-/var/lib/news} # =()\u0026lt;NEWSBIN=${NEWSBIN-@\u0026lt;NEWSBIN\u0026gt;@}\u0026gt;()= NEWSBIN=${NEWSBIN-/usr/lib/newsbin} # =()\u0026lt;NEWSARTS=${NEWSARTS-@\u0026lt;NEWSARTS\u0026gt;@}\u0026gt;()= NEWSARTS=${NEWSARTS-/var/spool/news} # =()\u0026lt;NEWSPATH=${NEWSPATH-@\u0026lt;NEWSPATH\u0026gt;@}\u0026gt;()= NEWSPATH=${NEWSPATH-/bin:/usr/bin:/usr/sbin:/sbin} # =()\u0026lt;NEWSUMASK=${NEWSUMASK-@\u0026lt;NEWSUMASK\u0026gt;@}\u0026gt;()= NEWSUMASK=${NEWSUMASK-002} # =()\u0026lt;NEWSMASTER=${NEWSMASTER-@\u0026lt;NEWSMASTER\u0026gt;@}\u0026gt;()= NEWSMASTER=${NEWSMASTER-news} # =()\u0026lt;NEWSCONFIG=${NEWSCONFIG-@\u0026lt;NEWSCONFIG\u0026gt;@}\u0026gt;()= NEWSCONFIG=${NEWSCONFIG-/var/lib/news/bin/config} Jetzt kann man daran gehen, den Rest des Newssystems zu konfigurieren. Als erstes muß die Identität des Systems korrekt eingestellt werden: In den Dateien whoami und mailname muß der komplette Name des eigenen Systems inklusive Domain eingetragen werden. Da mein System den Namen white.schulung.netuse.de trägt, habe ich also diese Namen eingesetzt:\nnews@white:~$ cat whoami white.schulung.netuse.de news@white:~$ cat mailname white.schulung.netuse.de Leider steht hier im NEWS-HOWTO und in der Anleitung von Cnews, daß man in whoami den kurzen UUCP-Namen des Systems ohne Domain eintragen sollte. Das darf man nur dann, wenn dieser Name auch in der weltweiten USENET/UUCP Map für einen selbst reserviert ist und garantiert weltweit eindeutig ist. Das ist in der Regel nicht der Fall und daher sollte man unbedingt den Domainnamen einsetzen.\nDer nächste Handgriff gilt der Datei organization, die den Inhalt der gleichnamigen Headerzeile darstellt. In dieser einzeiligen Datei soll die eigene Organisation möglichst kurz und prägnant beschrieben werden.\nnews@white:~$ cat organization My personal Linux in Kiel, Germany. Die dritte, relativ statische Konfigurationsdatei betrifft moderierte Newsgroups: In eine moderierte Gruppe kann man nicht direkt schreiben. Stattdessen wird der eigene Artikel an einen Moderator gesendet, der wie ein Redakteur bei einer Zeitung den Artikel begutachtet. Der Moderator gibt den Artikel dann entweder zur Veröffentlichung in seiner Newsgroup frei (er erscheint mit dem Namen des Originalautors) oder bittet den originalen Autor um Korrekturen. Die Datei mailpaths enthält eine Liste von moderierten Newsgroups und Moderatoren. Für den Anfang genügt es, alle Gruppen von einem zentralen Knoten abhandeln zu lassen. Dieser wird die Artikel dann nach Bedarf weiterleiten.\nDas genaue Format der Datei mailpaths ist in einem Artikel beschrieben, der von David C. Lawrence regelmäßig in den internationalen Gruppen news.lists,news.admin.misc und news.answers unter dem Titel \u0026ldquo;How to Construct the Mailpaths File\u0026rdquo; veröffentlicht wird. Aber für den Anfang genügt es, dort den Text\nnews@white:~$ cat mailpaths backbone uunet.uu.net!%s einzutragen. Nachdem diese vier kleinen Konfigurationsdateien einmal aufgesetzt worden sind, kann man sie erst einmal vergessen. Die folgenden Steuerdateien sind wichtiger. Sie benötigen im Laufe der Existenz eines Newssystems wahrscheinlich gelegentlich Anpassungen, wenn weitere Gruppen eingerichtet werden oder wenn die Festplatte volläuft. Die erste dieser zentralen Konfigurationsdateien ist die Datei sys. Sie legt fest, welche Newsgroups wir überhaupt akzeptieren und an wen wir Newsgroups weiterleiten.\nnews@white:~$ cat sys # Diese Zeile zeigt an, welche Newsgroups wir überhaupt akzeptieren: # Wir nehmen jeden Müll an. Warum Streß machen... ME:all,all.all # Artikel, die wir auf unserem System neu erzeugen, werden an den # Rechner weitergeleitet, der uns mit News versorgt. Im Beispiel heißt # dieser Rechner nuki. nuki verewigt sich im Pfad als nuki.netuse.de. # # Also senden wir nur diejenigen Artikel an nuki, die noch nicht # nuki.netuse.de in der Path-Zeile stehen haben: #\tnuki/nuki.netuse.de: # # Wir möchten, daß alle Artikel in allen Gruppen an nuki weitergeleitet # werden mit Ausnahme der lokalen Gruppen, die den Namen white.irgendwas # haben: # all,all.all,!white.all # # Artikel können eine Zeile Distribution enthalten, die die Verbreitung # räumlich einschränkt. Wir leiten alle Distributionen an nuki weiter, aber # nicht local und auch nicht white. # all,!white,!local # # Tja und dann wollen wir noch Standardbatching haben: # :f: # # Es ergibt sich diese Zeile in der Konfigurationdatei: # nuki/nuki.NetUSE.de:all,all.all,!white.all/all,!white,!local:f: Alle Zeilen mit \u0026ldquo;#\u0026rdquo; in dieser Datei sind selbstverständlich Kommentare. Sie können gerne weggelassen werden. Neu erzeugte Artikel müssen natürlich irgendwann einmal verpackt und an nuki.netuse.de weitergeleitet werden. Wie das geschieht, steuert die Datei batchparms. Sie muß für jedes System, an das wir senden wollen, einen Eintrag enthalten:\nnews@white:~$ cat batchparms # big batches for fast modem (ISDN!), simple compression # site size queue builder muncher sender # ---- ---- ----- ------- ------- ------ nuki 500000 20 batcher compcun viauux So, jetzt können wir daran gehen, einen Spoolbereich für News einzurichten und danach können dann Gruppen erzeugt werden. Standardmäßig sieht es bei der Slackware so aus:\nnews@white:~$ cd /usr/spool/news news@white:/usr/spool/news$ ls news@white:/usr/spool/news$ Nichts da. Für jede Gruppe in der Datei ~news/active muß hier ein passendes Unterverzeichnis angelegt werden. Außerdem brauchen wir noch einige Spezialverzeichnisse.\nnews@white:/usr/spool/news$ cat ~news/active junk 000000001 00001 y control 000000001 00001 y news.announce.newusers 000000001 00001 y news@white:/usr/spool/news$ mkdir -p news/announce/newusers junk control news@white:/usr/spool/news$ mkdir in.coming in.coming/bad out.going out.going/nuki out.master Statt nuki und nuki.netuse.de müssen natürlich die Namen des eigenen Feeds als Verzeichnisnamen eingesetzt werden. Aber zurück in das Verzeichnis ~news: Im Laufe des Lebens des Newssystems wird man sich öfter als User news einloggen müssen. Also sollte man diesem Benutzer in seinem Home eine vernünftige .profile verpassen. Hier ist eine:\nnews@white:~$ cat .profile echo \u0026#34;.profile\u0026#34; PATH=/bin:/usr/bin:/usr/local/bin:/usr/sbin:/sbin:/usr/lib/newsbin/maint:/usr/lib/newsbin/expire:/usr/lib/newsbin/input:/usr/lib/newsbin/batch Diese Pathangabe ist ziemlich lang, aber sie vereinfacht die Wartung des Newssystems. Nach dem Einlesen der .profile-Datei kann man sich dann daran machen, Newsgroups anzulegen:\nnews@white:~$ . .profile news@white:~$ echo $PATH /bin:/usr/bin:/usr/local/bin:/usr/sbin:/sbin:/usr/lib/newsbin/maint:/usr/lib/newsbin/expire:/usr/lib/newsbin/input:/usr/lib/newsbin/batch news@white:~$ addgroup gewuenschte.name.fuer.die.gruppe y Mit dem Kommando addgroup kann man neue Newsgroups anlegen. Auf jeden Fall sollte man sich eine lokale Gruppe zum Testen anlegen. Diese Gruppe sollte nicht nach draußen exportiert werden. Im Beispiel oben ist die Gruppenhierarchie white.all schon dafür vorbereitet worden. Also kann man gefahrlos eine Gruppe white.test anlegen:\nnews@white:~$ addgroup white.test y Weiterhin möchte man natürlich Newsgroups anlegen, die man von seinem Feed bestellt hat. Am einfachsten geht das, indem man eine Datei anlegt, in der diese Gruppen aufgezählt sind, jeweils ein Name pro Zeile. Im Beispiel enthält die Datei x eine solche Liste. Wir zeigen nur den Kopf dieser Liste, um Platz zu sparen:\nnews@white:~$ head x alt.fan.pratchett alt.tv.babylon-5 cau.ifi.apply.eulisp cau.ifi.archive cau.ifi.fragen cau.ifi.general cau.ifi.inf cau.ifi.statistic cau.ifi.termine cau.inf news@white:~$ cat x | xargs -i addgroup {} y Das Kommando xargs sorgt dafür, daß sein Parameter addgroup für jede Zeile der Standardeingabe einmal ausgeführt wird. Es wird also für jede Zeile der Datei x ein addgroup-Kommando gestartet. Nachdem dies abgeschlossen ist (es dauert eine gewisse Zeit), könnten im Prinzip schon News eingespielt werden. Wir möchten jedoch auch, daß diese Artikel nach einer gewissen Zeit wieder verschwinden. Daher muß auch noch konfiguriert werden, in welcher Gruppe die Artikel wieviele Tage verbleiben sollen. Die Steuerdatei, die dies regelt, ist die Datei explist:\nnews@white:~$ cat explist # Die Reihenfolge der Zeilen in dieser Datei ist wichtig! # Die History bleibt 14 Tage erhalten. Kein Artikel bleibt länger # als 90 Tage /expired/ x 14 - /bounds/ x 0-1-90 - # Artikel in control bleiben 7 Tage, junk geht nach 1 Tag weg control x 3 - junk x 1 - # Alle anderen Artikel verschwinden nach 7 Tagen all x 7 - Wenn man auch damit durch ist, kann das System endlich auf Autopiloten gestellt werden. Daztu muß eine Datei crontab.news im Homeverzeichnis von news erzeugt werden. Sie sollte so aussehen:\n# Auspacken von neu eingegangenen News 0,10,20,30,40,50 * * * * /usr/lib/newsbin/input/newsrun # Einpacken von lokal erstellten News 25 * * * * /usr/lib/newsbin/batch/sendbatches # Wegschmeissen von ueberalterten Artikeln 59 0 * * * /usr/lib/newsbin/expire/doexpire # Nur fuer NN-Benutzer: nnmaster wecken! # 59 2 * * * /usr/bin/nnadmin =eyw # Systemüberwachung 10 5 * * * /usr/lib/newsbin/maint/newsdaily 00 5 * * * /usr/lib/newsbin/maint/newswatch # Nur fuer NN-Benutzer: Sichern der Active-Dateien und erstellen # der Subject-Datenbank #59 3 * * * /usr/lib/nn/nnspew #29 3 * * * /usr/lib/nn/back_act Die auskommentierten Zeilen sind nur wichtig, wenn der Newsreader nn verwendet wird. In diesem Fall müssen sie aktiviert werden, d.h. die Kommentarzeichen müssen gelöscht werden. Die Crontab-Datei wird mit dem Kommando¯\nnews@white:~$ crontab crontab.sample installiert und kann mit dem Kommando\nnews@white:~$ crontab -l geprüft werden. Die Crontab regelt, wann am Tag das Programm cron bestimmte Tätigkeiten ausführt. So bedeutet die Zeile\n59 0 * * * /usr/lib/newsbin/expire/doexpire aus der Crontab oben zum Beispiel, daß jeden Tag um 0 Uhr 59 das Programm doexpire gestartet werden soll, um alte Artikel zu löschen. Das funktioniert natürlich nur dann, wenn der Rechner um diese Zeit auch sicher angeschaltet ist. UNIX-Rechner haben in der Regel viele solche Cronjobs, die des Nachts alle wichtigen, aber unangenehmen Aufgaben erledigen. Daher sollte man den Rechner ruhig rund um die Uhr durchlaufen lassen und ihn um diese Zeit News und Mail holen lassen. Wenn man dies nicht machen kann, etwa weil der Rechner zu laut ist, dann muß man die Zeiten in der Crontab auf passende Zeiten anpassen.\nJetzt können wir daran gehen, das System zu testen:\nnews@white:~$ inews -n white.test -t \u0026#34;Testing\u0026#34; -d local Yummy Yummy Yummy ^D news@white:~$ Dies sollte eine Datei in in.coming erzeugen:\nnews@white:~$ cd /usr/spool/news/in.coming/ news@white:/usr/spool/news/in.coming$ ls 0.1435483580.t bad news@white:/usr/spool/news/in.coming$ cat 0.1435483580.t Newsgroups: white.test Path: news From: news@white.schulung.netuse.de (Kristian Koehntopp) Subject: Testing Distribution: local Organization: My personal Linux in Kiel, Germany. Message-ID: \u0026lt;DC0tuC.70H@white.schulung.netuse.de\u0026gt; Date: Thu, 20 Jul 1995 15:32:34 GMT Lines: 1 Yummy Yummy Yummy Dabei sind folgende Dinge zu beachten:\nDie Path:-Zeile sollte nur den Namen des Absender enthalten. Die Absenderadresse sollte korrekt sein, also in der From:-Zeile den User news mit einem vollständigen Domainnamen zeigen. Die Zeilen Newsgroups: und Distribution: müssen so aussehen, wie mit den Optionen -n und -d gefordert. Das Subject: sollte so aussehen, wie mit -t vorgegeben. Das Datum sollte stimmen und in GMT angezeigt werden (Stimmt die Zeitzonenanpassung?). Und schließlich sollte auch eine Lines:-Headerzeile angezeigt werden und die korrekte Zeilenzahl angeben.\nWenn das alles stimmt, kann der Benutzer news (und nur news, niemals ein anderer!) das Kommando newsrun aufrufen. Das dauert in etwa eine Minute, weil in newsrun ein \u0026ldquo;sleep 45\u0026rdquo; enthalten ist.\nnews@white:/usr/spool/news/in.coming$ which newsrun /usr/lib/newsbin/input/newsrun news@white:/usr/spool/news/in.coming$ newsrun ^Z [1]+ Stopped newsrun news@white:/usr/spool/news/in.coming$ bg [1]+ newsrun \u0026amp; Im Logbuch muß jetzt ein Eintrag zu finden sein:\nnews@white:/usr/spool/news/in.coming$ cd news@white:~$ tail -2 log Jul 20 16:39:50.000 nuki.NetUSE.de + \u0026lt;3uljtj$fb4@picard.toppoint.de\u0026gt; Jul 20 17:35:52.000 white.schulung.netuse.de + \u0026lt;DC0tuC.70H@white.schulung.netuse.de\u0026gt; Der letzte Eintrag zeigt an, daß der Artikel erfaßt und akzeptiert worden ist. Wir sehen ihn uns an:\nnews@white:~$ ls -l /usr/spool/news/white/test/ total 1 -rw-r--r-- 1 news news 237 Jul 9 23:10 1 Das ist er. Durch das Einspielen in das Newssystem haben sich einige Headerzeilen (zum Beispiel der Path:) etwas verändert. Das ist normal. Der nächste Schritt im Test ist es, einen Artikel zu erzeugen, der den unseren Feed weitergegeben wird:\nnews@white:~$ inews -n nuki.test -t \u0026#34;Testing\u0026#34; Yummy Yummy Yummy ^D Dies ist kein Artikel mit der Distribution \u0026ldquo;local\u0026rdquo; und er ist nicht in einer lokalen Gruppe. Also sollte er an nuki weitergegeben werden:\nnews@white:~$ newsrun \u0026amp; [1] 9177 news@white:~$ cd /usr/spool/news/out.going/nuki/ news@white:/usr/spool/news/out.going/nuki$ ls -l total 1 -rw-rw-r-- 1 news news 15 Jul 20 17:38 togo news@white:/usr/spool/news/out.going/nuki$ cat togo nuki/test/1 264 Das newsrun hat den Artikel wieder in das Newssystem übernommen. Außer der Installation der Artikeldatei in /usr/spool/news/nuki/test ist aber noch etwas anderes passiert: In .../out.going/nuki ist eine Datei togo angelegt worden. Sie enthält ein Logbuch der noch zu packenden Artikel für das System nuki. Die Zahl hinter dem Artikelnamen ist die Länge des Artikels in Byte. Das Programm sendbatches wird die Datei togo einlesen und einen UUCP-Job für nuki erzeugen:\nnews@white:/usr/spool/news/out.going/nuki$ sendbatches ^Z [2]+ Stopped sendbatches news@white:/usr/spool/news/out.going/nuki$ ls -l total 3 -rw-rw-r-- 2 news news 5 Jul 20 17:40 L.9215 -rw-rw-r-- 2 news news 5 Jul 20 17:40 LOCKbatch -rw-rw-r-- 1 news news 0 Jul 20 17:40 togo -rw-rw-r-- 1 news news 15 Jul 20 17:40 togo.1 news@white:/usr/spool/news/out.going/nuki$ bg [2]+ sendbatches \u0026amp; news@white:/usr/spool/news/out.going/nuki$ ls -l total 0 -rw-rw-r-- 1 news news 0 Jul 20 17:40 togo [2]+ Done sendbatches news@white:/usr/spool/news/out.going/nuki$ uustat -s nuki nukid0294 nuki news 07-20 17:40 Executing rnews (sending 246 bytes) Im Beispiel ist sendbatches schon sehr kurz nach dem Aufruf mit ^Z gestoppt worden. Man kann deutlich sehen, wie das Newssystem während der Erzeugung der Batches Lockdateien erzeugt, um den Zugriff auf die Daten zu regulieren. Wird die Ausführung von sendbatches mit bg im Hintergrund freigegeben, verschwinden die Locks und die togo-Datei leert sich. Stattdessen entsteht ein UUCP-Job für das System nuki. Mit dem nächsten Start von UUCP verschwindet dieser Job in Richtung Feed.\nDamit sollte das Newssystem jetzt sicher laufen.\nCnews kommt mit einer umfangreichen englischen Dokumentation. Bei der Slackware steht sie in /usr/doc/cnews bereit, ist allerdings nicht formatiert. Um die Dokumentation zubereiten zu können, benötigt man bei der Slackware das Paket pmake (GNU make tut es nicht) und das Paket groff inklusive der zugehörigen Zeichensätze.\nWenn beide Pakete installiert sind, sollte es genügen, im entsprechenden Verzeichnis \u0026ldquo;pmake\u0026rdquo; aufzurufen. Dabei sollte root für die Dauer des pmake-Aufrufes (und nur für die Dauer des pmake-Aufrufes!) das Verzeichnis \u0026ldquo;.\u0026rdquo; im Suchpfad haben. Sollte es dabei zu Fehlermeldungen kommen, die besagen, daß das \u0026ldquo;ms\u0026rdquo; Makropaket nicht gefunden werden kann, kann man stattdessen tmac.cn verwenden. Dazu ist die Datei tmac.cn nach /usr/lib/groff/tmac/tmac.s zu kopieren. tmac.cn ist kein richtiger Ersatz für tmac.s, aber es ist kompatibel genug, um die Dokumentation zu übersetzen. Während der Übersetzung der Dokumentation hagelt es einige Warnmeldungen, aber diese sind unkritisch.\nDie resultierenden Postscript-Dateien können ausgedruckt werden oder mit ghostview oder Ghostscript angesehen werden. Die wichtigen Informationen stehen in der Datei guide.ps.\nroot@white:/usr/doc/cnews/docs# ls -l *ps -rw-r--r-- 1 root root 310197 Jul 21 11:42 guide.ps -rw-r--r-- 1 root root 29305 Jul 21 11:43 index.ps -rw-r--r-- 1 root root 5312 Jul 21 11:43 toc.ps Es ist auch möglich, eine ASCII-Version der guide-Datei zu erzeugen. Dazu ist das Kommando\nroot@white:/usr/doc/cnews/docs# pmake guide.out root@white:/usr/doc/cnews/docs# ls -l guide.out -rw-r--r-- 1 root root 223706 Jul 21 11:47 guide.out aufzurufen. Dabei entsteht eine ganze Menge Schrott auf dem Bildschirm, der aber ignoriert werden kann. Das Resultat wird eine Datei guide.out sein, die im aktuellen Verzeichnis steht und eine lesbare ASCII-Version des Guides enthält.\n","date":"1995-11-01T00:00:00Z","href":"https://blog.koehntopp.info/1995/11/01/cnews-in-betrieb-nehmen.html","tags":["lang_de","publication","internet"],"title":"Cnews in Betrieb nehmen"},{"categories":null,"content":" In \u0026lt;41s91l$mo7@erinews.ericsson.se\u0026gt; seahuh@sea.ericsson.se (AT/SEATUD HUBER Hartmut +43 1 81100 4601) writes: \u0026gt;Wer oder was ist eigentlich eine merkbefreiung? Die einzig echte Merkbefreiung: Die nachstehend eindeutig identifizierte Lebensform Name : ____________________ Vorname : ____________________ Geburtsdatum : __________ Geburtsort : ____________________ Personalausweisnummer: ____________________ ist hiermit für den Zeitraum von [_] 6 Monaten [_] 12 Monaten [_] 24 Monaten [_] unbefristet davon befreit, etwas zu merken, d.h. wesentliche Verhaltensänderungen bei der Interaktion mit denkenden Wesen zu zeigen. Die Einstufung der o.a. Person nach dem amtlichen Index für Merkbefreiungen liegt bei dem Äquivalent von [_] einem Mensaessen vom Vortag [_] drei Hartkeksen in löslichem Kaffee [_] einer Kiste Schwarzbrot in Dosen [_] einem Quadratmeterstück Torfmoos während einer sechswöchigen Sommerdürre [_] einem Container erodiertem Sandstein (Streusandqualität) Die ausgesprochene Merkbefreiung erlischt mit dem Ablauf des [_] __.__.19__ [_] __.__.20__ [_] der vollständigen Erosion der körperlichen Bestandteile der o.a. Lebensform und gilt, sofern die o.a. Lebensform durch das nachstehende Kennzeichen als merkbefreit zu identifizieren ist: [_] eine rote Plastiknase [_] olives Stoffstück mit weißem Rand, auf der Schulter zu tragen [_] die Lebensform ist durch den Gesichtsausdruck zweifelsfrei als unbefristet merkbefreit zu erkennen. Die o.a. Lebensform ist durch den Erwerb dieses Merkbefreiungsscheins automatisch für die folgenden Tätigkeiten qualifiziert: [_] Markierungshütchen bei Abmarkierungsarbeiten auf Bundesautobahnen [_] Garderobenständer und Regenschirmständer in Restaurants bis zu, aber nicht eingeschlossen, 3 Sterne [_] Regelstab in Schwerwasserreaktoren [_] Markierungsstab für das Fahrwasser im Nationalpark Wattenmeer [_] Landschaftsmerkmal/Orientierungshilfe in der Wüste Gobi Die Merkbefreiung für die o.a. Lebensform wurde in einem öffentlichen Merkbefreiungsverfahren ausgesprochen und ist nach Ablauf der Einspruchsfrist von 17 Sekunden rechtskräftig. Datum Unterschrift Dienstsiegel Stirnabdruck des Merkbefreiten Diese Merkfreiung wurde elektronisch erstellt und ist deswegen nicht unterschrieben. ","date":"1995-08-28T00:00:00Z","href":"https://blog.koehntopp.info/1995/08/28/merkbefreiung.html","tags":["lang_de","detebe","inkomploehntopp"],"title":"Merkbefreiung"},{"categories":null,"content":" Dieser Text ist eine verkürzte Form des Textes »A Robots Dictionary« von me@grmbl.saar.de (Martin Emmerich). Er erschien zusammen mit anderen Artikeln im Sonderheft DFÜ der DOS International (DMV Verlag). A Akustikkoppler: eine besondere Bauform des Modems, die über Muffen an den Hörer und Mikrofon des Telefonapparates gekoppelt wird. ANSI: American National Standards Institute, Amerikanisches Normungsinstitut, ähnlich dem DIN-Institut. Answer-Modus: Modem-Betriebsart. Gegenstück zum Originate-Modus. ASCII: American Standard Code for Information Interchange, amerikanischer Zeichencode zum Informationsaustausch. Der meistverwendete Code in der Datenkommunikation. asynchrone Verbindung: Verbindung ohne Übertragung eines Datentaktes. Anfang und Ende eines Datenworts muessen durch Start- und Stopbits markiert werden. AT-Befehlssatz: Kommandosprache zur Modemansteuerung, B Bandbreite: hier Frequenzbandbreite des Telefons: Die Größe des Frequenzbereiches, der über Telefon übertragen werden kann. Bei einem Frequenzbereich von typisch 300 bis 3400Hz ist die Bandbreite 3100Hz. Da die Grenzbereiche teilweise abgeschwächt werden (Dämpfung), sind etwa 3000Hz nutzbar. Baudrate: gibt die Anzahl der Zustandswechsel des übertragenen Signals pro Sekunde an. Die Baudrate (auch Schrittgeschwindigkeit) wird in der Einheit Baud gemessen. Multipliziert man die Anzahl der Bits pro Zustand mit der Baudrate, so erhält man die Bitrate. Nur wenn die Anzahl der Zustaende genau zwei ist (d.h. mit einem Zustand genau ein Bit codiert wird) ist die Baudrate gleich der Bitrate. Bimodem: bidirektionales Übertragungsprotokoll. Arbeitet im Gegensatz zu den üblichen Protokollen wie Kermit, Xmodem, Zmodem in beide Richtungen gleichzeitig. Nur auf IBM-Kompatiblen verfuegbar. Maximale Blockgroesse 4KB. Sehr hoher Datendurchsatz (fast 100%). Bitrate: Anzahl der uebertragenen Bits pro Sekunde (Übertragungsgeschwindigkeit). Gemessen wird in bit/s oder bps. Die Bitrate ist nur in Sonderfaellen mit der Baudrate identisch! C CCITT: Comite Consultatif International Telephonique et Telegraphique, ein Internationales Gremium für Normen zu Telefon und Telegraphie, an dem Vertreter von Post, Industrie und Wissenschaft aus 159 Ländern teilnehmen. Das CCITT ist ein Organ der International Telecommunications Union (ITU) der Vereinten Nationen. Normen zur Datenübertragung sind beispielsweise die über Telefon (V-Normen), ueber Datennetze (X-Normen) und über ISDN (I-Normen). CRC: Cyclic Redundancy Check, Prüfsumme, in Übertragungsprotokollen verwendet. Üblich sind 16 oder 32 Bit lange Varianten, kurz: CRC-16 und CRC-32. Eine CRC stellt den Rest aus einer Polynomdivision dar. Implementationen sind allgemein als Quelltext erhältlich. CTS: Clear To Send, Sendebereitschaft, Signal der V.24-Schnittstelle. Auch RTR, Ready To Receive genannt. D DCD: Data Carrier Detect, Trägersignalerkennung, Signal der V.24-Schnittstelle. DCE: Data Communications Equipment, eine von zwei moeglichen Konfigurationen einer V.24-Schnittstelle. Eine DCE kann immer nur direkt mit einer DTE verbunden werden. Für eine Vermindung DCE-DCE oder DTE-DTE muss ein Kabeladapter oder Spezialkabel (Nullmodem) verwendet werden. DEE: Datenendeinrichtung, Deutsch fuer DTE. DFÜ: Datenfernübertragung. DIN: Deutsches Institut fuer Normung e.V. seit 1975, davor Deutsche Industrie-Norm. Der Verein ist aus dem 1917 gegruendeten \u0026ldquo;Normalienausschuss für den allg. Maschinenbau\u0026rdquo; hervorgegangen und hat den Sitz in Berlin. Download: Das \u0026ldquo;Herunterladen\u0026rdquo; einer Datei vom fernen Rechner auf den eigenen mit Hilfe eines Übertragungsprotokolles. DSR: Data Set Ready, Betriebsbereitschaft, Signal der V.24-Schnittstelle. DTE: Data Terminal Equipment, eine von zwei Konfigurationen einer V.24- Schnittstelle. Das Gegenstück zur DCE. DTR: Data Terminal Ready, Endgerät betriebsbereit, Signal der V.24-Schnittstelle. DÜE: Datenübertragungseinrichtung, Deutsch fuer DCE. Echo-Cancelling: beide Modems senden gleichzeitig auf derselben Frequenz. Da aber jedes Modem weiss, was es gerade gesendet hat, kann es aus dem Frequenzgemisch seine Signale unterdrücken und so die Daten der Gegenstelle herausfiltern. Wird z.B. bei V.32 verwendet. E EIA: Electronic Industries Association. Amerikanische Vereinigung der Elektronikindustrie, die u.A. auch Standards fuer Datenkommunikation herausgibt (z.B. RS-232-C). Escapen: Codieren von unerlaubten Zeichen mittels eines reservierten Steuerzeichens (Escape-Zeichen). Solche Verfahren werden z.B. von Übertragunsprotokollen zur Übertragung von Zeichen verwendet, die in der darunterliegenden Übertragungsebene nicht zulässig sind. F Fallback: Zurückschalten auf langsamere Geschwindigkeit bei schlechter Leitungsqualität. FSK: Frequency Shift Keying = Frequenzumtastung (Frequenzmodulation). H halbduplex: Datenübertragung in nur eine Richtung mit Umschaltung der Übertragungsrichtung. Handshake: Synchronisationsverfahren bei der Datenübertragung. Der Sender signalisiert, wenn er neue Daten senden möchte oder kann und der Empfänger, wenn er neue verarbeiten kann bzw. möchte. Erst wenn beide sich auf eine Übertragung geeinigt haben, kann diese beginnen. Hardware-Handshake: Handshake ueber Signalleitungen. Üblicherweise wird bei V.24 mit CTS/RTS signalisiert. Hayes-Befehlssatz: Kommandosprache zur Modemansteuerung. Ursprünglich Entwicklung der Firma Hayes. Inzwischen der De-Facto-Standard, von dem aber nahezu jeder Modemhersteller mehr oder weniger abweicht. Alle Befehle beginnen mit AT, daher heisst er auch AT-Befehlssatz. Ist so weit verbreitet, dass sich der genormte V.25-Standard kaum durchsetzt. I ISDN: Integrated Services Digital Network, \u0026ldquo;Dienstintegrierendes Digitales Netz\u0026rdquo;, ein öffentliches Digitalnetz sowohl zur Daten- als auch zur Sprach- und Bildübertragung. ISO: International Standardisation Organisation, Internationale Normungsorganisation. Internationales Gegenstueck zur staatlichen Normungsinstituten wie ANSI oder DIN. K Kermit: eines der ältesten Üebertragungsprotokolle. Tatsächlich nach Kermit dem Frosch benannt. Da die Blockgrösse in der ursprünglichen Form maximal 94 Bytes beträgt, ist die Geschwindigkeit relativ gering (hoher Aufwand fuer das Protokoll). Kompression: verringert das Datenvolumen bei gleichem Informationsgehalt, indem Redundanzen eliminiert werden. Bei den meisten Verfahren (z.B. V.42bis, MNP 5) werden die häufigsten Zeichen und Zeichenfolgen mit kurzen Bitfolgen codiert, während die selteneren länger codiert werden. L Leitungsvermittlung: Eine Leitung wird zwischen den beiden Kommunikationspartnern für die Dauer der Verbindung fest geschaltet. Das Gegenstück zu Paketvermittlung. M MNP: Microcom Networking Protocol, Übertragungsverfahren der Firma Microcom. Es gibt zehn Klassen, die zum Teil aufwärtskompatibel sind. Die Klassen 1-4 sind reine Datenübertragungsprotokolle. Diese wurden in die V.42-Norm aufgenommen. Ab MNP Klasse 5 kommt dann Kompression ins Spiel. Modem: Abkürzung fuer \u0026ldquo;MOdulator und DEModulator\u0026rdquo;, d.h. ein Gerät, das den Bitstrom des Computers in analoge Signale umwandelt, die dann auch über das Telefonnetz übertragen werden koennen (Modulation). Das Partner-Modem macht die Umwandlung dann wieder rückgaengig (Demodulation). Deshalb ist auch der Akustikkoppler ein Modem, auch wenn er i.d.R. nicht so genannt wird. Modulation: Verfahren, um einer Trägerfrequenz ein Nutzsignal \u0026ldquo;aufzubürden\u0026rdquo;, so dass das Nutzsignal gut übertragen werden kann. Üblich sind z.B. Amplitudenmodulation (AM):\ndas Nutzsignal wird in die Amplitude (=Lautstärke) codiert (z.B. laut=1, leise=0). Frequenzmodulation (FM, FSK): die Abweichung von der Trägerfrequenz ergibt das Nutzsignal. Da bei der Datenübertragung das Nutzsignal nur zwei Zustände hat, ergeben sich zwei Frequenzen, die symmetrisch oberhalb und unterhalb der Trägerfrequenz liegen. Letztere heißt dann auch Mittenfrequenz. Phasenmodulation (PM, PSK): das (diskrete) Nutzsignal wird durch einen Sprung in der Phase des (im Gegensatz zur FSK festen) Trägers codiert, d.h. der normalerweise sinusförmige Signalverlauf wird unterbrochen und ein Stück weiter fortgesetzt. Oft werden mehrere Bits gleichzeitig in einen Zustand codiert. Quadratur-Amplitudenmodulation (QAM): eine Kombination aus AM und PM, wobei ein Teil der Zustände in AM und der Rest in PM codiert werden. Multiplexer: Einrichtung, die einen schnelleren Datenkanal in mehrere langsamere Kanäle aufteilt. O Originate-Modus: eine von zwei Betriebsarten bei manchen Vollduplex-Modems. OSI: Open Systems Interconnection, Sammlung von Standards der ISO zur Kommunikation zwischen Computersystemen. OSI-ISO-Modell: Modell zur Datenübertragung zwischen Computersystemen. Es beschreibt sieben aufeinander aufbauende Schichten mit definierten Aufgaben und Schnittstellen. P Paketvermittlung: Eine Technik zum Weiterleiten von Daten in einem Netz. Hierbei werden die Daten in Blöcken (\u0026ldquo;Paketen\u0026rdquo;) einer bestimmten Länge übertragen. Spezielle Steuerpakete dienen dem Aufbau der Verbindung. Im Gegensatz zur Leitungsvermittlung wird zwischen den Partnern keine feste Leitung geschaltet, vielmehr werden die Daten je nach Auslastung des Netzes ueber verschiedene Wege übertragen. Dabei können durchaus Pakete des gleichen Datenstromes verschiedene Wege nehmen. Parität: Bit bei asynchroner Datenübertragung, das der Fehlererkennung dient. Bestandteil des Übertragungsformats. Protokoll: Ein Satz von Regeln und Vereinbarungen, der den Informationsfluss in einem Kommunikationssystem steuert. Kann sich sowohl auf Hardware, wie auf Software beziehen. Wird in der Datenübertragung haeufig als Kurzform fuer Übertragungsprotokoll verwendet. Q QAM: Quadrature Amplitude Modulation. R RD: Receive Data, Empfangsdaten, Signal der V.24-Schnittstelle. RI: Ring Indicator, ankommender Ruf, Signal der V.24-Schnittstelle. Routing: Transportieren von Daten innerhalb eines Netzes anhand eines Pfades, der im Header der Daten enthalten ist (passives Routing) oder durch Bestimmen des kürzesten, schnellsten, billigsten oder nächstbesten Routweges (aktives Routing) aus einer Karte des Netzes. RS-232-C: amerikanische EIA-Norm für serielle Schnittstellen. Die internationale Norm V.24 legt die entsprechenden funktionalen Eigenschaften und V.28 die entsprechenden elektrischen Eigenschaften fest. RTS: Request To Send, Sendeteil Einschalten, Signal der V.24-Schnittstelle. S Sliding-Window-Protocol: Jedes Übertragungsprotokoll, bei dem weitere Datenblöcke schon übertragen werden können, während für den aktuellen Datenblock das ACK noch aussteht. Wesentlich schneller, als wenn das Protokoll jedesmal das Senden unterbricht, um auf die Bestätigung des Blockes zu warten. Die Anzahl der ACKs, die noch ausstehen duerfen, bezeichnen die Window-Size des Protokolls. Software-Handshake: Handshake durch festgelegte Steuerzeichen. Fuer Binaeruebertragungen ohne Übertragungsprotokoll nicht geeignet, da die Daten auch die reservierten Handshake-Zeichen enthalten koennen. Die ueblichsten Zeichen sind XON/XOFF, manchmal wird aber auch ETX/ACK benutzt. Split-Speed: asymmetrische vollduplex-Datenübertragung mit zwei verschiedenen Geschwindigkeiten (z.B. V.23). Startbit: Bit bei asynchroner Uebertragung, das den Anfang eines Datenworts anzeigt. Immer Null. s. Übertragungsformat. Stopbit: ein oder zwei Bits bei asynchroner Übertragung, die das Ende eines Datenworts anzeigen. Immer Eins. siehe Übertragungsformat. T TAE: TelefonAnschlussEinheit. Steckersystem der Deutschen Telekom. In Deutschland wird nur die sechspolige Version TAE-6 und in ISDN-Anlagen die achtpolige TAE-8 verwendet. TD: Transmit Data, Sendedaten, Signal der V.24-Schnittstelle. Trellis-Modulation: spezielles Modulationsverfahren mit eingebauter Fehlerkorrektur, wird z.B. bei V.32 verwendet. Im Gegensatz zur Quadratur-Amplitudenmodulation mit ihren Quadbits werden Quintbits uebertragen. Das zusätzliche Bit dient der Fehlerkontrolle und teilweise auch deren Beseitigung. U Übertragungsformate: Bitkombination bei asynchroner Datenübertragung. Durch zusaetzliche Bits wird Anfang (Startbit) und Ende (Stopbit) eines Datenworts markiert. Weitere Bits (Paritätsbits) können der Fehlererkennung dienen. Die ueblichsten Formate sind \u0026ldquo;8n1\u0026rdquo; ( 8 Datenbits, no=keine Parität, 1 Stopbit) und \u0026ldquo;7e1\u0026rdquo; ( 7 Datenbits, even=gerade Parität, 1 Stopbit). Übertragungsprotokoll: Verfahren zur Übermittlung von Daten; diese werden meist in Blöcke zerlegt und um Prüfsummen (CRC o.ä.) ergänzt. Fehlerhafte Blöcke werden automatisch neu übertragen, ohne daß der Benutzer (oberhalb der Protokollebene) etwas davon merkt. Bei hoher Fehlerhäufigkeit wird meistens die Blockgrösse verkleinert. Upload: Das \u0026ldquo;Hinaufladen\u0026rdquo; einer Datei vom eigenen Rechner auf den fernen Rechner mit einem Übertragungsprotokoll. Die Umkehrung dieses Vorganges heisst Download. V vollduplex: Datenübertragung in beide Richtungen gleichzeitig. W Ward-Christiansen-Protokoll: s. Xmodem. X X.25: Schnittstellennorm des CCITT zur paketorientierten Datenübermittlung. Das öffentliche deutsche X.25-Netz ist Datex-P. Xmodem: Übertragungsprotokoll. Nach seinem Erfinder auch Ward- Christensen-Protokoll genannt. Neben Kermit eines der ältesten Datenübertragungsprotokolle. XON: Steuerzeichen (Ctrl-Q) zum Signalisieren der Empfangsbereitschaft (Softwarehandshake), wird von XOFF aufgehoben. XOFF: Steuerzeichen (Ctrl-S) zum Aufheben der Empfangsbereitschaft, Gegenstück zu XON. Y Ymodem: Übertragungsprotokoll, faßt die diversen Xmodem-Erweiterungen zusammen und ergänzt sie um eine Übertragung von Dateinamen und Dateigröße und um Batch-Übertragungen. Z Zmodem: Übertragungsprotokoll, völlig neues Protokoll, versteht sich aber als Nachfolger von Ymodem. Auf positive Rückmeldungen wird verzichtet, sofern die Leitungsqualität das zuläßt. Die Blockgröße wird während der Übertragung der Leitungsgüte angepaßt. Die maximale Blockgröße ist auf 1K (einige Versionen: 8 KB) erhöht. ","date":"1995-03-01T00:00:00Z","href":"https://blog.koehntopp.info/1995/03/01/datenuebertragung-glossar.html","tags":["lang_de","publication","internet"],"title":"A Robots Dictionary"},{"categories":null,"content":" V-Normen V.1: Binärwerte fuer 2-Status-Codes (auf gut deutsch LOW=0, HIGH=1 usw.). V.2: maximal zulässige Last von Endgeräten an Telefonleitungen. V.4: normiert Zeichensatz, Zeichencodierung (Parity, Start-/Stopbits). V.5: Signalraten f. sync. Übertragungen auf Wahlleitungen. V.6: Signalraten f. sync. Übertragungen auf Standleitungen V.7: einige Begriffsdefinitionen. V.10: asymmetrische Beschaltung von Schnittstellen. V.11: symmetrische Beschaltung von Schnittstellen. V.13: simulierte Trägerkontrolle (halbduplex/vollduplex). V.14: Übertragung von asynchronem Handshaking über synchrone Verbindungen (ist z.B. in V.42 enthalten). V.15: elektrische/akustische Eigenschaften von Akustikkopplern. V.16: analoge Modems fuer medizinische Zwecke (EKG-Uebertragung). V.17: 2400 Baud, 7200-14400 bit/s Trellis-Code-Modulation, adaptive Equalisation, halbduplex im Wählnetz (FAX). V.19: Frequenzanordnung fuer parallele Übertragungen. V.20: erweitert V.19. V.21: Datenübertragung bei 300bit/s vollduplex, im Wählnetz. Für jede der beiden Richtungen (Originate, Answer) wird eine eigene Trägerfrequenz verwendet. Die binären Zustände jeder Richtung werden durch Frequenzen (Frequenzmodulation) codiert: Originate : 1080Hz ( 0 = 980Hz, 1 = 1180Hz ) Answer : 1750Hz ( 1 = 1650Hz, 1 = 1850Hz ) V.22: Übertragungsnorm mit 1200bit/s, vollduplex. Als Modulation wird Phasenmodulation verwendet. Die Baudrate beträgt 600Baud - es müssen also zwei Bits gleichzeitig (ein Dibit) übertragen werden. Diese müssen in vier Zuständen (00, 01, 10, 11) codiert werden, dafür sind also vier Phasensprünge (0, Pi/4, Pi/2, 3/4Pi) notwendig. Die Trägerfrequenzen sind 1200Hz bei Originate bzw. 2400Hz bei Answer. V.22bis: Übertragungsnorm fuer Geschwindigkeiten von 2400bit/s. Basiert auf V.22, nur dass statt zwei Bits vier gleichzeitig (Quadbits) übertragen werden. Arbeitet mit QAM als Modulation bei denselben Frequenzen wie V.22. V.23: asymmetrische vollduplex-Datenübertragung. In der einen Richtung wird mit 1200bit/s übertragen, in der anderen mit 75 (Split-Speed). Im Gegensatz zu symmetrischen vollduplex-1200bit/s-Normen wie z.B. V.22 kann hier noch die einfachere Frequenzmodulation verwendet werden. Bildschirmtext arbeitet mit V.23. V.24: CCITT-Norm fuer serielle Datenübertragung. Legt die funktionalen Eigenschaften (z.B. Steckerbelegung) von seriellen Schnittstellen fest. Meist wird nur ein kleiner Teil implementiert, da die gesamte Norm sehr umfangreich ist. Zusammen mit der V.28, die die elektrischen Eigenschaften festlegt, entspricht die V.24 der amerikanischen Norm RS-232-C. V.25: Befehlssatz zur Ansteuerung von Modems und zum Verbindungsaufbau. Nicht sehr gebräuchlich. Die meisten Modems benutzen stattdessen den Hayes-Befehlssatz. V.25bis: einige kryptische Modem-Steuerkommandos und -Antwortstrings. V.26: Verfahren aehnlich V.22 nur mit 2400 bzw. 75 bit/s. Für Vierdraht- Standleitungen. V.26bis: Erweiterung von V.26 auf Wählleitungen. V.27: 4800bit/s auf Standleitungen, optional mit 75bit/s Rückkanal (Split-speed). Phasenmodulation. V.27bis: Erweiterung von V.27 auf 4800bit/s, mit Fallback auch 2400bit/s auf Standleitungen. V.27ter: Erweiterung von V.27bis fuer Wählleitungen. V.28: elektrische Eigenschaften einer seriellen Schnittstelle. Die funktionellen Eigenschaften sind in V.24 genormt. Beide zusammen entsprechen der RS-232-C-Norm. V.29: CCITT-Norm zur halbduplex-Datenübertragung mit 9600bit/s. Basiert auf V.22bis. Dort hat man eine Schrittgeschwindigkeit von 600 Baud. Dabei werden mit Quadratur-Amplitudenmodulation (QAM) vier Bit gleichzeitig (ein Quadbit) übertragen. Die Schrittgeschwindigkeit wurde nun fuer V.29 auf 2400 Baud erhöht. Dafür wird dann eine Trägerfrequenz von 1700 Hz verwendet, die genau in der Mitte des Telefonbandes (300 bis 3400Hz) liegt. Fuer einen Rückkanal bleibt aber damit kein Platz mehr, d.h. V.29 ist ein Halbduplexverfahren. Deswegen wird es überwiegend fuer Faxgeräte eingesetzt. Auf Vierdraht-Standleitungen kann V.29 auch vollduplex übertragen. V.31: Stromschleife fuer binäre Uebertragung mit \u0026lt;75bps (Telex). V.32: CCITT-Norm zur Datenübertragung mit 9600bit/s bidirektional (vollduplex). Basiert auf V.29. Ebenso wie dort werden fuer 9600 bps Quadbits mit QAM uebertragen, allerdings bei einer Trägerfrequenz von 1800 Hz. Auch hier ist kein Platz für einen Rückkanal. Daher senden beide Modems gleichzeitig auf derselben Frequenz. Da aber jedes Modem weiß, was es gerade gesendet hat, kann es aus dem Frequenzgemisch seine Signale unterdrücken und so die Daten der Gegenstelle herausfiltern (Echo-Cancelling). Eine Variante von V.32 ist die Trellis-Modulation. Hier werden statt der Quadbits Quintbits übertragen. Das zusätzliche Bit wird allerdings nicht fuer Datenübertragung genutzt, sondern fuer die Fehlerkorrektur (aehnlich ^Parität^ bei RS-232-C). Dadurch ist die Übertragung etwa doppelt so fehlersicher, wie ohne Trellis. V.32bis: Erweiterung von V.32 auf 14400bit/s vollduplex. Neueste Übertragungsnorm. Arbeitet ebenfalls mit Echokorrektur. Es wird eine feinere Abstufung der Phasen- und Amplitudenschritte in der QAM-Matrix verwendet (stellt natuerlich höhere Anforderungen an die Leitungsqualität). Dadurch steigt einerseits die Übertragungsrate (14.4kbps bidirektional) und andererseits ist eine dynamische Leitungsanpassung mit etwas besser abgestuftem Fallback. Zusaetzlich gibt es ein Verfahren, mit dem sich die Modems in Zehntelsekunden auf einen Geschwindigkeitswechsel einigen koennen, anstatt wie bei V.32 die Verbindung neu auszumessen. V.33: wie V.32bis auf Vierdraht-Standleitungen. V.40: Fehlerkorrektur durch Synchronisation und Über-/Unterlaufzählung V.41: Alte Fehlerkorrekturspezifikation fuer V.23. V.42: Übertragungsprotokoll. Syncron-asynchron-Wandlung nach V.14. Schliesst die MNP-Klassen 1-4 ein. V.42bis: ein Kompressionsverfahren der CCITT, aufbauend auf dem V.42- Protokoll. V.42bis verwendet die BTLZ (British Telecom Lempel and Ziv)-Codierung, wie sie ähnlich auch in den Dateikompressionsverfahren (Zip, Arc, Lharc, Pak, Zoo etc.) eingesetzt wird. Im Gegensatz zu V.42 ist V.42bis nicht kompatibel zu dem entsprechenden MNP-Verfahren (hier MNP 5). MNP 5 verwendet eine andere Codierung (Huffmann), wird jedoch von den meisten Herstellern mit im selben Gerät angeboten. V.50: Qualitätsanforderungen an Leitungen fuer V.21/V.23. V.51: Einrichtung postinterner Stellen zur Untersuchung von Übertragungsproblemen. V.52: Testmuster fuer Leitungsqualität bei Datenübertragung. V.53: Teil von V.50, Qualitätsparameter. V.54: Testprotokolle (LAL, LDL, RDL) - ist in den meisten Modems drin. V.100: Verbindungsaufbau bei Mehrnormenmodems. Leider fehlerhaft: Nicht alle normgerechten Modems verstehen sich. Deshalb selten verwendet. ","date":"1995-03-01T00:00:00Z","href":"https://blog.koehntopp.info/1995/03/01/vnormen.html","tags":["lang_de","publication","internet"],"title":"V-Normen"},{"categories":null,"content":"von: Kristian Köhntopp, aus: DOS Sonderheft DFÜ, DMV Verlag\nGrundlagen der Datenübertragung Der Einsteiger in das Gebiet der Datennah- und fernübertragung wird zunächst einmal mit einer verwirrenden Vielfalt neuer Konzepte und Begriffe konfrontiert. Wir wollen hier versuchen, einen allgemeinen Überblick über das Gebiet der Datenübertragung zu geben und die wichtigsten Ideen und Ausdrücke darzustellen. Die Grundaufgabe bei der Datenübertragung ist es, eine Menge an Informationen von einem Gerät zu einem anderen zu übertragen. Diese Formulierung ist mit Absicht genauso allgemein gewählt, wie sich das Problem in der Wirklichkeit darstellen kann. Bei dem zu lösenden Problem kann es sich um die einfache Übermittlung einer Grafikdateien vom Rechner zum Drucker handeln, aber genausogut kann es sein, daß die kompletten Konstruktionspläne eines Containerfrachters vom koreanischen Konstruktionsbüro an eine Werft in Bremen oder Kiel übermittelt werden müssen. Entsprechend vielfältig sind die Lösungen, die für das jeweilige Problem gefunden werden und entsprechend unterschiedlich ist nicht nur die verwendete Hard- und Software, sondern auch die Begriffswelt, die die entsprechenden Personen verwenden.\nDas OSI-Modell Um dieses Problem in den Griff zu bekommen, hat sich die Normungskommision ISO zusammengesetzt und ein sogenanntes Referenzmodell für die Datenübertragung ausgearbeitet. Dieses Referenzmodell wird allgemein als Open Systems Interconnect (OSI) Modell bezeichnet. Das Modell gibt keine konkrete Lösung zur Datenübertragungsproblemen an, sondern versucht das komplizierte Problem Datenübertragung in kleine, leichter zu lösende Teilprobleme zu unterteilen, die aufeinander aufbauen. Hat man ein Teilproblem im Griff, kann man sich dem nächstkomplizierten Problem zuwenden. Das OSI-Modell besteht insgesamt aus sieben Schichten, mit denen man versucht, die Aufgabe zu strukturieren.\nBild 1: Das OSI 7-Schichtenmodell\nWeil jede Schicht auf den darunter liegenden Schichten aufbaut, redet man auch gelegentlich von einem Stapel oder protocol stack. Man kann nicht immer ein Protokoll oder eine Funktion in der realen Welt genau auf eine Schicht im OSI-Referenzmodell abbilden. Das ist auch nicht notwendig, denn das Modell stellt nur eine Strukturierungshilfe dar und repräsentiert keine Gesetzmäßigkeit, nach der ein Protokoll zwangsläufig aufgebaut sein muß.\nVon Punkt zu Punkt Um Daten übertragen zu können, muß zunächst einmal eine Verbindung zwischen den beteiligten Geräten hergestellt werden. Genau damit beschäftigt sich die unterste Schicht des OSI-Protokollturmes, die physical layer. Damit eine Verbindung konstruiert werden kann, ist es notwendig, die verwendeten Kabel und Stecker zu normieren. Außerdem müssen die elektrischen Parameter der Übertragung festgelegt werden und eine entsprechende Hardware vorhanden sein. Natürlich braucht man heute für Standardfälle keine solchen Vereinbarungen mehr zu treffen. Stattdessen existiert eine reichhaltige Palette von Normen für die unterschiedlichsten Anwendungsfälle. So legt die CCITT-Norm V.24 z.B. die elektrischen Parameter einer seriellen Schnittstelle eines PC fest, während die parallele Schnittstelle durch eine Herstellernorm des Druckerherstellers *Centronics beschrieben wird. Andere Normen beschreiben die Hardware zum Anschluß an ein Ethernet, ein Token-Ring Netzwerk oder an einen FDDI-Glasfaserring.\nDanach kann man sich Gedanken über ein Übertragungsprotokoll machen. Das Protokoll legt eine Verfahrensvorschrift fest, nach der sich alle an der Übertragung beteiligten Geräte Zeichen auf dem Übertragungsmedium signalisieren dürfen. Dabei muß nicht nur das wie der Zeichenübertragung geregelt werden, sondern auch das wann. Das bedeutet: Man muß nicht nur festlegen, wie und mit welcher Geschwindigkeit die einzelnen Bits eines Datenbytes codiert werden, sondern man muß auch festlegen, wie ein Gerät seine Übertragung anmelden muß. Einerseits verhindert man damit, daß mehrere Sender gleichzeitig versuchen, einem Empfänger eine Nachricht zu senden und sich gegenseitig blockieren. Diesen Teil eines Protokolles nennt man media access layer, weil er den Zugriff auf das Datenübertragungsmedium - sprich: das Kabel - regelt. Andererseits muß der Empfänger die Möglichkeit haben, eine Datenübertragung abzulehnen, weil er z.B. intern noch mit der Verarbeitung einer vorhergehenden Nachricht beschäftigt ist oder weil seine Puffer voll sind und die Daten deswegen nicht entgegen nehmen kann. Diesen Teil eines Protokolles nennt man flow control (Datenflußkontrolle).\nBitte nicht stören Jede Datenübertragung in der wirklichen Welt hat mit dem Problem mehr oder minder starker Störungen zu kämpfen. Nachdem man das Problem der Datenübertragung erst einmal grundsätzlich gelöst hat, kann man sich daran machen, das Übertragungsprotokoll so zu verbessern, daß solche Übertragungsfehler erkannt und korrigiert werden können. Derartige Spezifikationen werden im OSI-Modell in die zweite Schicht, die data link layer, eingeordnet. Die Korrektur von Übertragungsfehlern kann auf zwei Arten geschehen: Einmal könnte man sich für die Übertragung einen speziellen Code definieren, der es nicht nur möglich macht, Übertragungsfehler zu erkennen, sondern sogar das ursprüngliche Zeichen zurückzuberechnen. Zum anderen könnte man sich darauf beschränken, Fehler nur zu erkennen und dem Sender zu signalisieren, die beschädigten Daten ein weiteres Mal zu übertragen.\nDies ist das gebräuchlichere Verfahren, aber es setzt voraus, daß es Rückkanal existiert, über den der Empfänger den Sender darüber informieren kann, ob und wie gut die Übertragung funktioniert hat. Wenn man sowieso schon dabei ist, mit verschiedenen Codierungen zu hantieren, fügt man an dieser Stelle oft noch eine Kompression der Daten für die Dauer der Übertragung mit ein. Dies ist letztendlich auch nur ein weiteres Umkodieren von Zeichen, wenn auch mit dem Ziel, eine möglichst kurze und nicht eine möglichst sichere oder leicht zu verarbeitende Darstellung zu finden. Auf diese Weise kann man die Übertragungsleistung einer Datenleitung noch beträchlich erhöhen. Je nach Art der Daten und des verwendeten Kompressionsprogrammes ist eine Steigerung um 200 % bis 500 % möglich.\nAus vielen Verbindungen wird ein Netz geknüpft Auf diese Weise kann man sich eine schnelle und fehlerfreie Verbindung zwischen zwei Endpunkten konstruieren. Fügt man noch eine weitere Idee hinzu, gelangt man von Punkt-zu-Punkt Verbindungen zu echten Rechnernetzen: In einem solchen Rechnernetz sind auch indirekte Verbindungen möglich. Es besteht also die Möglichkeit, eine Nachricht oder ein Datenpaket über einen oder mehrere andere Rechner an einen Zielrechner zu senden. Der erste Rechner auf dem Weg nimmt das Paket entgegen und stellt fest, über welche seiner Punkt-zu-Punkt Verbindungen er es zum eigentlichen Zielrechner senden kann. Die folgenden Rechner leiten das Paket ebenfalls weiter, solange bis es den Zielrechner endlich erreicht.\nBild 2: Ein Router nimmt ein Paket und leitet es an einen näher am Ziel gelegenen Rechner weiter. Auf diese Weise entstehen indirekte Verbindungen.\nUm aus einem Netz von Punkt-zu-Punkt Verbindungen also ein echtes Rechnernetz zu machen, muß man eine Route oder einen Pfad festlegen können, auf dem Informationen übermittelt werden sollen. Dementsprechend muß man seinen Rechnern routing beibringen. In einem gut ausgebauten Rechnernetz kann es mehr als eine Route geben, auf der man von einem Rechner zu einem anderen gelangt. Dementsprechend wird ein guter Router nicht einfach irgendeine Route auswählen, sondern versuchen, eine möglichst schnelle oder möglichst billige Route zum Ziel zu finden. Routingprotokolle werden im OSI-Modell in die dritte Schicht eingeordnet, die dementsprechend network layer heißt.\nWenn man routet, kann es nicht nur vorkommen, daß eine Nachricht über mehr als eine Leitung übertragen werden muß, bis sie am Ziel ist, sondern es müssen auch Nachrichten von verschiedenen Systemen über eine Leitung übertragen werden. Die Leitung muß also zwischen verschiedenen Benutzern aufgeteilt werden. Dies erreicht man durch Multiplexen der Verbindung. Dabei werden die verschiedenen Datenpakete unterschiedlicher Benutzer entweder nacheinander übertragen (serielles Multiplexen) oder gleichzeitig, aber in verschiedenen Frequenzbereichen, übermittelt (paralleles Multiplexen). Außerdem kann es vorkommen, daß Routen zusammenbrechen, weil ein Rechner auf dem Weg ausgefallen ist oder ein Kabel beschädigt worden ist. Dadurch werden Routen ungültig und es kommt zu Übertragungsfehlern, die korrigiert werden müssen. Dies ist die Aufgabe der vierten OSI-Schicht, der transport layer.\nNach der vierten Ebene des OSI-Protokollturmes hat man ein Verfahren definiert, daß es zwei beliebigen Programmen über ein Rechnernetz hinweg erlaubt, einen beliebigen Bytestrom auszutauschen. Dieser Datenstrom hat noch keine Struktur, so wie eine Datei aus der Sicht des Betriebssystems zunächst auch nur eine strukturlose Ansammlung von Bytes ist. In den weiteren Schichten des OSI-Modells macht man sich jetzt daran, Protokolle zu definieren, um diesen Bytestrom zu strukturieren, gemeinsame Repräsentationen von Daten festzulegen und ähnliche Verfeinerungen zu definieren. Diese Protokolle sind aber, genau wie Dateiformate für Dateien, abhängig von der jeweiligen Anwendung.\nSeriell oder Parallel? Wir wollen uns deswegen noch einmal den unteren Schichten des OSI-Modells zuwenden. Bei der \u0026ldquo;selbstgemachten\u0026rdquo; Datenübertragung, etwa über ein Modem oder ein Laplink-Kabel, hat man es meistens mit den OSI-Schichten 1 und 2 zu tun. Wir wollen uns diejenigen Verfahren, die in einem PC-Haushalt am gebräuchlichsten sind, einmal genauer ansehen.\nFür kurze Strecken von einigen Metern wird man wegen der größeren möglichen Geschwindigkeiten meistens eine parallele Datenübertragung wählen. Bei dieser Form der Übertragung hat man ganzes Bündel von Datenleitungen, etwa 8 Datenleitungen zur parallelen Übertragung eines Bytes bei der Centronics-Schnittstelle. Auf je einer Leitung wird dabei eines der 8 Bits eines Bytes signalisiert. Leider sind elektronische Bauteile nicht immer gleich schnell, sodaß es sein kann, daß Bit 3 einer Leitung einen winzigen Bruchteil einer Sekunde eher verfügbar ist, als etwa Bit 6. Deswegen sieht man noch eine neunte Leitung vor, die als Steuerleitung (Strobe, \u0026ldquo;Bitte sehr\u0026rdquo;) fungiert und signalisiert, daß die Inhalte der acht Datenleitungen gültig sind.\nBild 3: Signal-Zeitdiagramm an einer Centronics Schnittstelle. Die Datenübertragung erfolgt asychron ohne ein Taktsignal. Die Geschwindigkeit der Übertragung regelt sich durch die Bestätigung eines jeden Zeichens selbst.\nDer Empfänger der Daten - bei einer Centronics-Schnittstelle meistens ein Drucker - liest nach dem Empfang des Steuersignals die Datenleitungen ab und bestätigt dies mit einem Impuls (Acknowledge, \u0026ldquo;Danke schön\u0026rdquo;) an den Sender, sobald er fertig ist.\nAuf diese Weise regelt sich nicht nur die Übertragungsgeschwindigkeit zwischen den beiden Partnern ganz automatisch, sondern man hat auch ohne Mehraufwand ein Verfahren zur Flußkontrolle bekommen: Wenn der Drucker keine weiteren Daten annehmen kann, weil sein Puffer voll ist oder er zur Bearbeitung eines Zeichens längere Zeit benötigt (um etwa das Papier vorzuschieben), kann er das Bestätigungssignal verzögern und so den Sender auf die von ihm benötigte Geschwindigkeit herunterbremsen. Weil sich Sender und Empfänger frei über die Übertragungsgeschwindigkeit einigen (jeder so schnell er kann), kann man keine allgemeine Datenübertragungsgeschwindigkeit für eine Centronics-Schnittstelle angeben. Sie liegt jedoch je nach Drucker- und Rechnermodell in der Größenordnung von 60 bis 150 KB pro Sekunde. Noch größere Geschwindigkeiten erlauben die in der Regel recht trägen Ausgangsbausteine eines PC nicht.\nParallele Datenübertragung ist relativ aufwendig: Immerhin muß für jedes Bit, das zu Übertragen ist, eine eigene Leitung verlegt werden. Das ist bei größeren Entfernungen zu teuer, denn man muß nicht nur viele Kabel verlegen, sondern diese auch gegeneinander abschirmen, damit sie sich nicht beeinflussen. Deswegen wird parallele Datenübertragung nur dort eingesetzt, wo kurze Strecken zu überbrücken sind: Vom Rechner zum Drucker, von der Festplatte zum Controller, von der CPU über den Bus zur Peripherie.\nFür längere Strecken verwendet man bitserielle Übertragung. Hier wird jeweils ein Datenbyte in ein Schieberegister geladen und Bit für Bit auf einer einzelnen Signalleitung übermittelt. Für eine minimale Verkabelung braucht man bei einer seriellen Schnittstelle nur drei Leitungen im Gegensatz zu mindestens elf bei einer parallelen Schnittstelle: Eine Leitung für die Sendedaten, eine für die Empfangedaten und eine gemeinsame Masseleitung, damit ein elektrischer Bezugspegel existiert. Und dabei ist bei einer seriellen Schnittstelle dann schon Kommunikation in beide Richtungen möglich, während eine Centronics-Schnittstelle nur als Sender betrieben wird. Doch dadurch, daß die einzelnen Bits nacheinander über eine einzelne Leitung übermittelt werden müssen, ist diese Art der Übertragung langsamer: Ein PC erreicht eine Höchstgeschwindigkeit von 115200 Bit pro Sekunde, das sind etwa 11.2 KB/Sekunde.\nV.24 Bild 4: Belegung und Bedeutung der Anschlüsse an einer V.24 Schnittstelle.\nDie Leitungen an einer V.24 Schnittstelle, die die eigentliche Übertragungsarbeit leisten, sind die Pins 2 (Transmit Data, Sendedaten) und 3 (Receive Data, Empfangsdaten). Dort wird mit den Pegeln +12V eine logische Null und -12V eine logische 1 signalisiert. Um Zeichen zu übertragen, müssen sich Sender und Empfänger darüber einig sein, aus wievielen Bits ein Zeichen besteht, wie schnell die einzelnen Bits signalisiert werden und an welchem Ende eines Bytes angefangen wird, zu übertragen. Einige dieser Parameter sind festgelegt, andere sind in gewissen Grenzen variabel. Wenn Sender und Empfänger nicht auf genau die gleichen Übertragungsparameter eingestellt sind, wird die Übertragung nicht gelingen.\nBild 5: Bitfolge auf einem V.24 Kabel zur Übertragung eines 7 Bit Zeichens mit gerader Parität: Nach dem Startbit folgenden die 7 Datenbits, das niederwertigste Bit zuerst. Das Paritätsbit sorgt dafür, daß die Anzahl der Einsbits im Datenwort gerade ist. Mit dem Stopbit wird das Ende des Datenwortes signalisiert.\nDas Verfahren zur Übermittlung von Zeichen ist genau wie die Steckerbelegung und die verwendeten Spannungen in der V.24-Norm festgelegt. Wenn kein Zeichen zur Übertragung anliegt, soll die Schnittstelle auf 1-Pegel liegen. Sobald dann ein Zeichen zu übertragen ist, wird zunächst durch Übermittlung eines 0-Bits signalisiert, daß jetzt ein Zeichen zu übertragen ist. Dieses 0-Bit wird als Startbit bezeichnet. Danach werden die einzelnen Bits eines Bytes übermittelt, und zwar mit dem niederwertigsten Bit zuerst. Nach dem Byte wird eventuell noch ein Paritätsbit zur Fehlererkennung mitgesendet und danach wird die Leitung für eine gewisse Mindestdauer auf den Ruhepegel logisch 1 gelegt. Diese Pause stellt sicher, daß ein nachfolgendes Startbit sicher erkannt werden kann und wird als Stopbit bezeichnet.\nZur Übermittlung eines einzelnen Bytes sind 8 Datenbits plus ein Startbit plus ein Stopbit zu übertragen. Bei einer Datenrate von 9600 Bit pro Sekunde werden pro Sekunde also genau 960 Byte transportiert. Der Benutzer einer seriellen Schnittstelle kann einige Parameter der Übertragung frei festlegen.\nBild 6: Nicht alle Parameter einer seriellen Schnittstelle sind konfigurierbar. Einstellbar sind neben der Geschwindigkeit der Übertragung auch die Anzahl der Datenbits pro Datenwort, die Parität und die Anzahl der Stopbits. Übliche Parameterwerte sind 8-N-1 oder 7-E-1.\nAls wichtigster Parameter ist dort die Übertragungsgeschwindigkeit in Bit pro Sekunde zu nennen. Die Basis bildet eine Datenrate von 300 Bit pro Sekunde. Die anderen möglichen Übertragungsgeschwindigkeiten ergeben sich dann durch Verdoppelung: 300, 600, 1200, 2400, 4800, 9600, 19200 und 38400 Bit pro Sekunde. Noch höhere Datenraten sind in der V.24 Norm zwar nicht definiert, aber die meisten Programme können außerdem noch mit 57600 und 115200 Bit pro Sekunde senden.\nEin einzelnes Zeichen besteht heute normalerweise aus 8 Datenbits. In den Anfangstagen der Datenverarbeitung kam man noch ohne Umlaute und Sonderzeichen zurecht und nutzte damit nur einen über 7 Bit definierten ASCII-Zeichensatz aus. Das achte Bit wurde dann nicht zur Codierung von Daten genutzt, sondern in Form eines Paritätsbits für eine einfache Fehlerkontrolle verwendet. Die Parität eines Zeichens berechnet man, indem man die 1-wertigen Bits in der Binärdarstellung seines Zeichencodes zählt. Ist die Anzahl ungerade, hat das Zeichen ungerade Parität, ist sie gerade, hat es eine gerade Parität. Bei der Datenübertragung kann man gerade oder ungerade Parität wählen: Stellt man gerade Parität ein, wird bei Zeichen mit ungerader Parität das achte Bit gesetzt, um die Anzahl der 1-Bits im Zeichen wieder auf eine gerade Anzahl zu bringen.\nAuf diese Weise kann man Übertragungsfehler leicht erkennen: Da nur Zeichen mit gerader Parität übermittelt werden, muß ein Zeichen mit ungerader Parität einer Störung zum Opfer gefallen sein. Leider besteht ohne ein Protokoll zur Fehlerkorrektur keine Möglichkeit, dieses Zeichen erneut übertragen zu lassen, sodaß man zwar die Information hat, daß ein Fehler aufgetreten ist, aber keine Chance hat, diesen zu korrigieren. Da Parität als Fehlerkorrektur also nur von begrenztem Nutzen ist, verwendet man sie heute normalerweise nicht mehr, sondern nutzt das achte Bit als normales Datenbit mit. Während man früher als gelegentlich 7 Datenbits, gerade Parität und ein Stopbit als Schnittstellenparameter gewählt hat, verwenden heute fast alle Systeme 8 Datenbits, keine Parität und ein Stopbit.\nIm Gegensatz zum Protokoll einer Centronics-Schnittstelle bekommt man bei der V.24 Schnittstelle die Datenflußkontrolle nicht als Abfallprodukt des Übertragungsprotokolls. Stattdessen müssen ausdrückliche Vereinbarungen zwischen dem Sender und dem Empfänger getroffen werden. Für die bereits erwähnte Dreidrahtleitung verwendet man dazu zwei besondere ASCII-Zeichen, die Zeichen Control-S (XOFF, ASCII 13h) und Control-Q (ASCII 11h, XON). Wenn der Empfänger keine weiteren Daten mehr aufnehmen kann, sendet er das Zeichen XOFF an den Sender. Der Sender muß daraufhin die Übertragung einstellen. Sobald der Empfänger wieder bereit ist, Daten entgegenzunehmen, signalisiert er dies dem Sender mit dem Zeichen XON.\nDieses Verfahren ist praktisch, weil es keine weiteren Steuerleitungen notwendig macht, hat aber den Nachteil, zwei Zeichen aus dem Zeichensatz zu \u0026ldquo;verbrauchen\u0026rdquo;. Diese Zeichen werden für Steuerfunktionen verwendet und können nicht mehr direkt übermittelt werden. Stattdessen müssen sie durch bestimmte Zeichenfolgen anderer Zeichen \u0026ldquo;umschrieben\u0026rdquo; werden. Eine Leitung, die nicht für alle ASCII-Zeichen durchlässig ist, nennt man nicht transparent. Auf einer nicht transparenten Leitung müssen die Zeichen, die nicht direkt übermittelt werden können mit Hilfe eines Escape-Mechanismus umschrieben werden.\nEine andere Methode der Flußkontrolle verwendet statt zweier Zeichen zwei zusätzliche Steuerleitungen an der V.24 Schnittstelle. Die Leitungen an den Pins 4 (Request to Send, RTS) und 5 (Clear to Send, CTS) signalisieren für jeweils eine Übertragungsrichtung, ob gesendet werden darf oder nicht. Solange die zu der jeweiligen Datenleitung gehörige Steuerleitung 1-Pegel führt, darf gesendet werden. Sobald der Pegel auf 0 wechselt, muß der Sender seine Arbeit so lange einstellen, bis der Pegel wieder auf 1 wechselt. Datenflußkontrolle mit RTS und CTS ist nicht nur transparent, sondern auch schneller und sicherer als XON/XOFF-Steuerung. Gerade bei höheren Datenraten sollte man daher dieses Verfahren vorziehen.\nÜbertragungsstreß Hohe Datenraten sind auch aus einem anderen Grund ein Problem: Normalerweise wird die serielle Schnittstelle in einem PC von einem Baustein vom Typ 16450 oder einem seiner Verwandten betreut. Diese Bausteine lösen für jedes empfangene oder gesendete Zeichen eine Unterbrechung aus. Wird die Schnittstelle also mit 38400 Bit pro Sekunde unter Vollast betrieben, erzeugt sie um die 8000 Unterbrechungen pro Sekunde. Das bedeutet: 8000 mal pro Sekunde wird das gerade laufende Programm unterbrochen, um ein Zeichen für den Schnittstellenbaustein zu lesen oder ihm das nächste Zeichen zum Senden zu nennen. Gerade bei Betriebssystemen, die den Prozessor im erweiterten 386-Modus betreiben, können diese Unterbrechungen sehr aufwendige Umschaltungen in der Betriebsart des Prozessors notwendig machen. Das kostet wertvolle Rechenzeit und der Rechner wird unnötig langsam oder verliert bei der Übertragung sogar einzelne Zeichen. Schnittstellenbausteine vom Nachfolgetyp 16550AF haben deswegen eine Warteschlange, die mehrere übertragene Zeichen speichern kann. Solche Bausteine müssen im Durchschnitt nur noch alle 4 Zeichen vom Prozessor betreut werden und sind gerade unter Multitasking-Betriebssystemen für einen sicheren Betrieb der seriellen Schnittstelle bei hohen Geschwindigkeiten unerlässlich. Der 16550AF ist pinkompatibel zu seinem Vorgänger 16450 und kann, wenn dieser gesockelt ist, auch leicht ausgetauscht werden.\nFehlerkorrektur Bei der Übertragung von Dateien und Programmen ist es sehr wichtig, daß auch bei schlechten Verbindungen alle Daten unverfälscht und fehlerfrei übermittelt werden. Schon ein einziges falsch gesetztes Bit in einer Programmdatei kann fatale Folgen haben. Deswegen schützt man eine Datenübertragung in der Regel mit einem Übertragungsprotokoll. Es gibt viele dieser Protokolle, von unterschiedlicher Datensicherheit und Effizienz, aber das Grundprinzip ist bei allen gleich: Immer wird ein Block von Daten (z.B. 128 oder 1024 Byte am Stück) gefolgt von einer durch den Sender errechneten Prüfsumme übermittelt. Der Empfänger liest den Datenblock und errechnet die Prüfsumme nach demselbem Verfahren selbst. Stimmt die errechnete Prüfsumme mit der empfangenen Prüfsumme überein, ist der Datenblock korrekt angekommen und wird bestätigt. Andernfalls wird eine Fehlermeldung an den Sender zurückgegeben, der daraufhin den Datenblock noch einmal überträgt.\nDas primitivste dieser Protokolle, das im PC-Bereich Anwendung findet, ist das X-MODEM Protokoll. Es sendet relativ kleine Blöcke von 128 Zeichen und eine einfache Summe der übertragenen Bytes. Summen sind aber relativ schlechte Indikatoren für Verfälschungen: Sie registrieren nicht die Einfügung von Nullbytes, sind unempfindlich gegenüber Vertauschungen von Bytes und können bestimmte Doppelfehler (eine Erhöhung um Eins an einer Stelle und eine Verminderung um Eins an anderer Stelle) nicht erkennen. CRC-Prüfziffern (cyclic redundancy check) erkennen alle diese und viele andere Veränderungen an Daten und werden deswegen in der Computertechnik immer dann eingesetzt, wenn die Integrität eines Datenblockes gesichert werden muß.\nXMODEM ist auch aus anderen Gründen ein relativ schlechtes Protokoll: Es überträgt keine Informationen über die Datei. Weder der Dateiname noch die Länge, das Datum oder eventuell vorhandene Dateieigentümer oder Zugriffsrechte werden übermittelt. Außerdem wartet XMODEM nach jedem gesendeten Block erst auf die Bestätigung der Gegenseite, bevor der nächste Datenblock verschickt wird. Ein Datenpaket muß gewissermaßen erst seine Rundreise auf einer Leitung beendet haben, bevor das nächste Datenpaket verschickt werden kann. Man kann sich eine Datenleitung vorstellen, wie einen Gartenschlauch: Nachdem man das Ventil aufgedreht hat, muß der Schlauch erst vollaufen, bevor am Ende des Schlauches Wasser austritt. XMODEM versendet die Daten jetzt nicht als Strom, sondern schickt sie gewissermaßen schluckweise durch die Leitung. Auf diese Weise wird möglicherweise ein Großteil der Übertragungskapazität der Leitung verschenkt.\nZMODEM hat diese Probleme nicht: Nicht nur, daß es Dateinamen, Länge und andere Informationen mit überträgt. Es ist auch in der Lage, weitere Datenblöcke zu versenden, bevor die Bestätigungen für vorhergehende Pakete eingegangen sind.\nBild 7: Der Sender kann dem Empfänger vorauseilen. Er sendet Daten, deren Empfang der Empfänger noch nicht bestätigt hat. Das bedeutet, für solche unbestätigten Daten muß der Sender damit rechnen, daß sie nicht ordnungsgemäß beim Empfänger angekommen sind und noch einmal gesendet werden müssen. Daten, die bereits als fehlerfrei bestätigt sind, kann der Sender als erledigt betrachten.\nDie Frage ist: Wie groß darf soll der Sender das Transferfenster werden lassen? Läßt er es zu klein, kann es sein, daß er auf die Bestätigungen des Empfängers warten muß, bevor er weiter senden darf. Läßt der Sender das Transferfenster zu groß werden, muß er sehr viel Speicher für Puffer bereitstellen.\nIn diesem Fall entsteht ein Bereich von Datenpaketen, die der Sender zwar schon abgeschickt hat, für die er aber noch keine positiven Empfangsbestätigungen gesehen hat. Diese Lücke nennt man das Transferfenster eines Übertragungsprotokolls. Ein gutes Übertragungsprotokoll wird das Transferfenster gerade so groß halten, wie die Kapazität der Leitung es erfordert. Bei einem Wasserschlauch würde man die Kapazität in Litern als Querschnitt mal Länge berechnen. Bei einer Datenleitung entspricht der Querschnitt der Datenrate in Bit pro Sekunde und die Länge der Umlaufzeit der Datenpakete in Sekunden. Das Resultat gibt die Anzahl der Bits an, die auf der Leitung unterwegs sind und stellt eine minimale Größe für das Transferfenster dar, wenn der Sender nicht auf den Empfänger warten soll.\nModulation Während bei der Datenübertragung über ein einfaches Kabel keine besondere Codierung der Daten notwendig war, ist dies bei der Datenfernübertragung nicht mehr möglich. Eine Telefonleitung ist kein durchgehendes Kabel, sondern vielfach durch Filter, Verstärker und andere elektrische Dinge unterbrochen. Sie ist für Gleichspannungen nicht durchlässig, sondern kann nur Wechselspannungen, elektrisch codierte Töne nämlich, übertragen. Bevor man Daten also über eine Telefonleitung übertragen kann, muß man sie in hörbare Töne umwandeln. Diese Umwandlung wird von einem Modem vorgenommen. Der Name ist ein Kunstwort aus den Begriffen Modulator und Demodulator und beschreibt in etwa die Funktionsweise des Gerätes: Ein gleichmäßiger Ton, der Datenträgerton, wird abhängig von den zu übertragenden Daten verändert.\nIm einfachsten Fall ordnet man dabei einem Eins-Bit einen Ton und einem Null-Bit einen anderen Ton zu. Auf diese Weise beeinflußt man jedoch nur einen einzigen Parameter einer Schwingung, nämlich die Tonhöhe, die Frequenz. Außerdem überträgt man so nur ein Bit zur Zeit.\nBild 8: Das Diagramm zeigt Phasenwinkel und Amplitudenwerte eines Signals. Der Sender steuert zur Signalisierung eines von 16 Zuständen Phase und Amplitude seines Signals so, daß er einen der markierten Punkte trifft. Auf diese Weise können in einem Zustand 4 Bit signalisiert werden.\nDurch Störungen der Übertragung kommt beim Empfänger nicht genau das Signal an, das der Sender auf das Kabel schickt. Stattdessen wird der angesteuerte Punkt nur in der Nähe der markierten Punkte liegen und zwar um so weiter von den Punkten entfernt, je stärker das Signal gestört wird. Auf schlechten Leitungen verschwimmen die Punkte also stärker als auf guten Leitungen. Wenn die Störungen so groß werden, daß die Punkte ineinander verschwimmen, ist die Leitungsqualität so schlecht, daß keine Datenübertragung mehr möglich ist.\nWenn man gleichzeitig mehrere Parameter einer Schwingung verändert, kann hat man mehr als zwei verschiedene Zustände und kann so mehrere Bits zur Zeit übertragen. Das Bild zeigt ein Verfahren, bei dem Phase und Amplitude eines Signales jeweils einen von vier Zuständen annehmen können. Auf diese Weise ist es möglich, sechzehn verschiedene Zustände zu codieren und vier Bit parallel zu übermitteln. Die Geschwindigkeit, mit der ein Modem von einem Signalzustand zum nächsten wechselt, nennt man die Baudrate. Eine Geschwindigkeit von einem Baud entspricht einem Zustandswechsel pro Sekunde. Die Bitrate eines Modems ist gewöhnlich ein Vielfaches seiner Baudrate.\nBezeichnung Geschwindigkeit in Bit/s in Baud\tModulation duplex Verwendung V.17\t14400\t2400\tTCM\thalb\tFAX 12000 9600 7200\t2400 TCM\thalb\tFAX 4800\t2400\tQAM\thalb\tFAX V.21\t300\t300\tFSK\tvoll V.22\t1200\t600\tDPSK\tvoll V.22bis\t2400\t600\tQAM\tvoll V.23\t1200/75\t1200/75\tFSK\tasymm.\tBTX V.27ter\t4800\t1600\tDPSK\thalb\tFAX 2400\t1200\tDPSK\thalb\tFAX V.29\t9600\t2400\tQAM\thalb\tFAX 7200\t2400\tQAM\thalb\tFAX V.32\t9600\t2400\tTCM/QAM\tvoll 4800\t2400\tQAM\tvoll V.32bis\t14400 2400\tTCM\tvoll 12000 9600 7200\t2400\tTCM\tvoll 4800\t2400\tQAM\tvoll Abkürzungen: FSK\tFrequency Shift Keying DPSK\tDifferential Phase Shift Keying QAM\tQuadrature Amplitude Modulation TCM\tTrellis Coded Modulation Bild 9: CCITT-Normen, Datenraten, Baudraten und Modulationsverfahren von Modems im Überblick.\nEs gibt verschiedene CCITT-Normen, die unterschiedlich schneller Übertragungsverfahren für Modems normen. Während die meisten Modem-Normen gleichzeitiges Senden und Empfangen von Daten vorsehen, sehen die CCITT-Normen für FAX-Geräte keine Datenübertragung im zwei Richtungen vor. Grundsätzlich unterscheidet man drei Fälle:\nIst die Übertragung simplex, wird die Datenrichtung der Übertragung niemals umgeschaltet: Der Sender hat nur einen Modulator, der Empfänger nur einen Demodulator. Bei einer Übertragung in halbduplex sendet immer nur einer der beteiligten Partner. Wenn er \u0026ldquo;ausgeredet\u0026rdquo; hat, wechselt die Übertragungsrichtung und der jeweils andere Partner kommt an die Reihe. FAX-Geräte übertragen ihre Informationen auf diese Weise. Die meisten Modemnormen sehen eine vollduplex-Übertragung vor. Hier können beide Partner gleichzeitig senden und empfangen. Damit sich die Signale der beiden Modems leicht getrennt werden, sendet der angerufene Partner bei den Normen V.21, V.22 und V.23 auf einer anderen Frequenz als der Anrufer (answer mode/originate mode). Die unterschiedlichen Signale der beiden Modems lassen sich mit einem einfachen Filter voneinander trennen. Die Normen V.32 und höher sehen vor, daß Anrufer und Angerufener beide auf denselben Frequenzen senden, sich also quasi \u0026ldquo;anschreien\u0026rdquo;. Auf der Leitung vermischen sich beide Signale zu einem nicht entzifferbaren Datensignal. Da jedoch jedes der beiden Modems weiß, welche Töne es gesendet hat, kann es diese Daten von den empfangenen Signalen abziehen und erhält als Differenzsignal die Informationen der Gegenseite. Dieses als echo cancellation bezeichnete Verfahren setzt jedoch einen aufwendigen Signalprozessor voraus, der die entsprechenden Berechnungen auf dem Eingangssignal vornimmt. Da die entsprechenden Prozessoren lange Zeit sehr teuer waren, waren die entsprechenden Modems gut doppelt so teuer wie ihre kleineren Brüder ohne Signalprozessor. Heute existieren für V.32 und V.32bis fertige Chipsätze mit integrierten Faxoptionen, die in großen Stückzahlen produziert werden. Entsprechend gibt es Modems für diese Übertragungsnormen zu relativ günstigen Preisen, obwohl das Modulationsverfahren sehr aufwendig und rechenintensiv ist.\nFür das neue V.34-Verfahren sind solche Chipsätze noch nicht verfügbar, sodaß diese Modems zur Zeit noch unverhältnismäßig teuer sind.\nNorm\tZweck V.24\tBedeutung der Signale an einer seriellen Schnittstelle. V.28\tElektrische Pegel an einer solchen Schnittstelle. (V.24, V.28 und ISO 2110 sind zusammen äquivlaent zu EIA RS232.) V.42\tVerfahren zur Sicherung der übertragenen Daten. Im wesentlichen nicht von dem unterliegenden Modulationsverfahren abhängig. Verwendet ein eigenes Protokoll namens LAPM, zwecks Kompatibilität ist ein Rückfall auf MNP 2-4 möglich. V.42bis\tVerfahren zur transparenten Kompression von Daten während der Übertragung, manchmal auch BTLZ genannt. Effizienter als, aber inkompatibel zu MNP5. Alle existierenden V.42bis-Modems beherrschen MNP5 zusätzlich. Bild 10: Weitere häufig verwendete CCITT-Normen im Zusammenhang mit Modems.\n","date":"1995-02-01T00:00:00Z","href":"https://blog.koehntopp.info/1995/02/01/datenuebertragung.html","tags":["lang_de","publication","internet"],"title":"Grundlagen der Datenübertragung"},{"categories":null,"content":" UNIX Dateisysteme aus »c\u0026rsquo;t - Magazin für Computertechnik«, Ausgabe 2/94\nDie Aufgaben eines Betriebssystems bestehen in der fairen Zuteilung der Systemressourcen an alle Bewerber und in der Abstraktion unterschiedlichster Hardware zu einer virtuellen Maschine. Für den Bereich der Plattenplatzverwaltung hat diese Aufgabe das Dateisystem. UNIX Dateisysteme haben eine mehr als zwanzigjährige Entwicklung hinter sich und dienten als Vorbild für die Dateisysteme vieler anderer Betriebssysteme. Trotz vieler Mängel der ursprünglichen Implementation haben sich die dahinter stehenden Ideen in den letzten zwanzig Jahren nicht wesentlich verändert.\nDaten wiederfinden UNIX schlägt sich auf den höheren Ebenen des Betriebssystems nicht mit Angaben zur Plattengeometrie herum. Es betrachtet eine Festplatte als ein langes Band von Plattenblöcken, die linear durchnummeriert sind. Die Umrechnung von linearen Blockadressen in Angaben von Zylinder, Kopf und Sektor ist entweder Aufgabe eines Festplattengerätetreibers oder - im Fall von SCSI - der Festplatte selbst. Die ersten paar Datenblöcke einer Festplatte sind reserviert für den Bootloader und ähnliche Dinge, die vor dem Betriebssystem geladen werden und deshalb außerhalb seiner Reichweite gelagert werden. Der Rest der Platte wird in Form eines Dateisystems verwaltet. UNIX operiert bei Dateisystemen mit der Blockgröße des Mediums. Anders als bei DOS werden die Verwaltungseinheiten auf einer Platte also nicht größer, wenn man sehr große Partitionen anlegt.\nDen Anfang eines Dateisystems bildet der sogenannte Superblock, der das Dateisystem selbst beschreibt. Er enthält Geometriedaten der Platte, gibt an, wie viele Blöcke das Dateisystem enthält und welche davon Verwaltungsinformationen und welche Daten enthalten.\nBild 1: Am Anfang des Dateisystems steht der Superblock. Er enthält alle Metainformationen, die das Dateisystem beschreiben. Der \u0026ldquo;vordere\u0026rdquo; Teil des Dateisystems enthält I-Nodes, Dateiköpfe, die alle Metainformationen über eine Datei speichern. In den Datenblöcken sind dann die eigentlichen Nutzdaten untergebracht. Das Bild zeigt eine I-Node mit ihren Verweisen auf die Datenblöcke der Datei.\nDie Basis der Dateiverwaltung bildet in UNIX eine Datenstruktur, die sogenannte index node oder I-Node (Bild 2).\nIn ihr sind - mit einer Ausnahme, dem Dateinamen - alle wesentlichen Informationen über eine Datei gesammelt. Für jede Datei, jedes Verzeichnis und jedes Gerät legt UNIX eine I-Node an, in der es alles vermerkt, was es über dieses Datenobjekt weiß. Dazu gehören zum einen Informationen über Zugriffsrechte, Dateieigentümer und Zeitmarken, zum anderen Verweise auf die Datenblöcke, die die Daten der Datei enthalten. Ursprünglich hat UNIX die I-Nodes eines Dateisystems in Form einer Tabelle zusammengefasst und am Anfang des Dateisystems untergebracht.\nDie Größe dieser Tabelle muss schon beim Anlegen des Dateisystems festgelegt werden, d.h. ein Systemverwalter auf einem UNIX-Rechner muss beim Formatieren einer Platte festlegen, wie viele Dateien später einmal maximal auf dieser Platte angelegt werden können. Üblicherweise berechnet man mindestens eine I-Node für jeweils 4 KB zur Verfügung stehenden Plattenplatz, sodass auf einer 200 MB Festplatte in etwa 50 000 I-Nodes angelegt werden. Zum Glück sind I-Nodes relativ kleine Datenstrukturen von nur 128 Bytes. Im Schnitt verschwinden also auf diese Weise 3 % des gesamten Plattenplatzes in Verwaltungsinformationen.\nstruct dinode { /*\tTyp Feldname Byte-Offset: Beschreibung */ u_short ino_mode; /* 0: Dateityp und Zugriffsrechte */ short ino_nlink; /* 2: Anzahl der Namen der Datei */ uid_t ino_uid; /* 4: Benutzernummer Dateieigentümer */ gid_t ino_gid; /* 6: Gruppennummer Dateieigentümer */ off_t ino_size; /* 8: Größe in Bytes */ time_t ino_atime; /* 16: Zeit des letzten Lesezugriffs */ long ino_atspare; /* in Sekunden seit 1.1.1970, 0 Uhr */ time_t ino_mtime; /* 24: Zeit des letzten Schreibzugriffs */ long ino_mtspare; time_t ino_ctime; /* 32: Zeit der letzten Statusänderung */ long ino_ctspare; daddr_t ino_db[NDADDR]; /* 40: Blocknummern der ersten 12 Datenblöcke */ daddr_t ino_ib[NIADDR]; /* 88: Blocknummern der 3 indirekten Datenblöcke */ long ino_blocks; /* 100: Größe der Datei in Blöcken */ long ino_gen; /* 104: Generationsnummer (NFS) */ }; Bild 2: Aufbau einer I-Node eines modernen UNIX-Dateisystems. Die Datenstruktur paßt in ein Feld von 128 Bytes, sodass ein Hardware-Plattenblock 8 I-Nodes halten kann. Sie enthält alle Metainformationen über eine Datei mit Ausnahme der Namen der Datei.\nUntersucht man die durchschnittliche Länge von Dateien in einem Dateisystem, dann stellt man fest, das kurze Dateien relativ häufig auftreten. Daher versucht UNIX, die Blocknummern der ersten paar Plattenblöcke einer Datei direkt in der I-Node zu speichern. In der I-Node aus Bild 2 werden die ersten 12 Datenblöcke einer Datei im Feld ino_db[] abgelegt. Wenn über ihre I-Nodenummer auf diese Datei zugegriffen wird, stehen die 12 direkten Datenblöcke der Datei also ohne weitere Leseoperation zur Verfügung.\nFür große Dateien ist dieses Verfahren natürlich nicht praktikabel, denn die I-Node würde dann sehr groß werden. Wächst eine Datei über die Größe von 12 Datenblöcken hinaus, besorgt UNIX einen freien Datenblock und trägt diesen als ersten indirekten Datenblock einer Datei ein. In diesem indirekten Datenblock werden jetzt die Blocknummern der weiteren Datenblöcke einer Datei abgelegt. Bei einer angenommenen Blockgröße von einem Kilobyte können in einem indirekten Block 256 Blocknummern gespeichert werden, von denen jede einen Datenblock von einem Kilobyte adressiert. Zusammen mit den direkten Datenblöcken können also Dateien bis zu einer Größe von 266 KB angelegt werden, ohne daß mehr als eine Ebene der Indirektion durchlaufen werden muss. Modernere Dateisysteme, die mit einer Blockgröße von 8 Kilobyte arbeiten, bringen 2048 Blocknummern in einem Block unter und können so bis zu 16 Megabyte große Dateien mit einem einzigen indirekten Block verwalten.\nFür noch größere Dateien sieht UNIX doppelt indirekte Blöcke vor, die die Blocknummern von einfach indirekten Blöcken enthalten. Diese wiederum zeigen dann endlich auf die Daten. Bei einer Blockgröße von 8 KB kann man mit diesem Schema schon mehr als die vier Gigabyte verwalten, die sich im Größenfeld ino_size einer I-Node verwalten lassen. Bei Dateisystemen mit einer Blockgröße von einem Kilobyte muss dagegen ab einer Dateigröße von 64 MB von einem dreifach indirekten Block Gebrauch gemacht werden (Bild 3). Zum Glück sind zum Laden eines solchen Datenblockes aber keine vier Plattenzugriffe notwendig, denn alle UNIX-Versionen haben einen Plattencache, der häufig benötigte Daten im RAM präsent hält.\nBild 3: Von der I-Node zu den Datenblöcken einer Datei\nBei der Belegung von Plattenblöcken für eine Datei ist UNIX sehr effizient. Nur diejenigen Blöcke einer Datei, die schon einmal beschrieben wurden, belegen auch wirklich Platz auf der Platte. Wird beispielsweise begonnen, einen doppelt indirekten Block zu verwenden, so wird für diesen zunächst der erste einfach indirekte Block beschafft und belegt. Die Blocknummern der anderen indirekten Blöcke werden dagegen einfach auf Null gesetzt.\nDas führt zu interessanten Effekten bei Dateien, die nicht durchgehend beschrieben werden: Legt man unter UNIX eine neue Datei an und bewegt dann den Dateizeiger irgendwo in die oberen Megabytes, um dort ein einziges Byte zu beschreiben, dann wird nur der eine Datenblock belegt, der notwendig ist, um dieses Byte zu speichern (plus der möglicherweise notwendigen indirekten Blöcke, die notwendig sind, um den Block zu erreichen). Die Blocknummer aller anderen nicht verwendeten Blöcke bleiben auf Null stehen und es werden auch keine Datenblöcke zwischen dem gespeicherten Byte und dem Dateianfang angefordert. Es entsteht eine Datei, die in der Verzeichnisausgabe viele Megabytes groß erscheint, in Wirklichkeit aber nur wenige Kilobytes belegt. Eine solche Datei nennt man in UNIX eine dünn besetzte Datei (sparse file). Beim Lesen einer solchen Datei werden für die nicht vorhandenen Blöcke entsprechend viele Nullbytes zurückgemeldet.\nDas kann beim Kopieren oder Sichern solcher Dateien natürlich zu seltsamen Effekten führen, wenn man nicht aufpasst: Beim naiven Kopieren wird eine Datei von vorne nach hinten durchgelesen und die gelesenen Daten werden in die Zieldatei geschrieben. Während eine dünn besetzte Quelldatei also möglicherweise nur wenige Blöcke wirklich belegt, wird die Zieldatei von vorne nach hinten beschrieben und belegt dann wirklich so viel Platz, wie im Verzeichnis angegeben. Dateien, die ein Abbild eines häufig ebenfalls dünn besetzten Prozessadressraumes darstellen, sind oft sparse files: Die shared libraries in einem Linux-System oder Speicherabzüge von gecrashten Programmen unter SunOS sollten tunlichst nicht naiv kopiert werden.\nDateinamen Die I-Node enthält gesammelt alle Informationen, die UNIX über eine Datei hat, mit einer Ausnahme: dem Dateinamen. Dateinamen speichert UNIX in besonderen Dateien, den Verzeichnissen. Ein Verzeichnis ist n jeder Hinsicht eine normale Datei mit einer I-Node, Datenblöcken und so weiter. Verzeichnisdateien werden jedoch nicht von Benutzerprogrammen, sondern ausschließlich vom Betriebssystem verwaltet. Es unterhält in einem Verzeichnis eine feste Satzstruktur.\nBeim älteren UNIX-Dateisystem ist diese sehr einfach aufgebaut: Ein Verzeichnis besteht aus Datensätzen zu 16 Byte Länge. Die ersten 2 Byte enthalten die I-Nodenummer einer Datei, die folgenden 14 Byte nehmen einen Dateinamen auf. Falls ein Dateiname kürzer als 14 Zeichen ist, wird er einfach mit Nullbytes aufgefüllt. Bei moderneren UNIX-Systemen ist die Verzeichnisstruktur etwas komplizierter, um 4 Byte lange I-Nodenummern und bis zu 255 Byte lange Dateinamen ohne große Platzverschwendung verwalten zu können, aber im Prinzip handelt es sich immer noch um eine einfache Zuordnung von Name zu I-Nodenummer.\nEs ist in UNIX ohne weiteres möglich, mehr als einen Dateinamen für eine Datei zu vergeben. Dazu wird einfach mit der Systemfunktion link() in einem weiteren Verzeichnis ein Namenseintrag gemacht, der dieselbe I-Nodenummer hat wie der erste Name der Datei. Im Feld ino_nlink einer I-Node wird die Anzahl der Namen einer Datei gezählt. Beide Namen einer Datei sind gleichberechtigt und nicht voneinander zu unterscheiden: Man kann nicht sagen, welcher von zwei Namen einer Datei der erste und welcher der zweite Name der Datei war. Anstatt eine Datei zu löschen, kann man in UNIX nur die Anzahl ihrer Namen um Eins vermindern. Sobald die Anzahl der Namen einer Datei Null wird, gibt das Betriebssystem dem Plattenplatz frei, der zu einer Datei gehört.\nBild 4: Das alte System V UNIX Dateisystem behandelt Verzeichnisse als gewöhnliche Dateien mit einer festen Satzstruktur von 16 Byte. Die ersten beiden Byte enthalten die I-Node Nummer einer Datei, die folgenden 14 Bytes stellen den Namen der Datei (mit Nullbytes aufgefüllt) dar.\nIm BSD Dateisystem sind längere Dateinamen erlaubt. Um die Platzverschwendung zu minimieren, ist die Struktur eines Verzeichnisses etwas komplizierter, aber das Prinzip der Zuordnung eines Namens zu einer I-Nodenummer wird nicht verletzt.\nUm eine Datei zu öffnen, muss ihr Name in eine I-Nodenummer übersetzt werden. Nach dem Öffnen der Datei arbeitet das Betriebssystem dann intern ausschließlich mit der I-Nodenummer weiter. Die Übersetzung von Namen in Nodenummern wird in UNIX an einer zentralen Stelle im Betriebssystemkern abgehandelt, in der Kern-internen Funktion namei(). Für jeden Prozess verwaltet UNIX in der Prozessstruktur zwei Einträge, in denen die I-Nodenummer des Hauptverzeichnisses und des aktuellen Verzeichnisses dieses Prozesses hinterlegt sind. Wenn dem Betriebssystem in einem Systemaufruf ein Pfadname übermittelt wird, wird zunächst geprüft, ob es sich um einen absoluten oder relativen Pfadnamen handelt. Je nachdem, ob der Pfadname mit einem führenden \u0026ldquo;/\u0026rdquo; beginnt, wird entweder im Hauptverzeichnis oder im aktuellen Verzeichnis des Prozesses begonnen, den Pfadnamen aufzulösen. namei() isoliert dazu die erste Komponente des Pfadnamens und sucht diese im Startverzeichnis der Suche. Sobald der gesuchte Namenseintrag dort gefunden ist, kann die zugehörige I-Nodenummer abgelesen werden und das nächste Stück des Pfadnamens aufgelöst werden.\nIn Bild 5 ist zu sehen, was bei der Auflösung eines Pfadnamens wie \u0026ldquo;/bin/ls\u0026rdquo; passiert: Weil der Pfadname mit einem \u0026ldquo;/\u0026rdquo; beginnt, durchsucht namei() das Hauptverzeichnis des Prozesses, der den Systemaufruf getätigt hat, nach einem Eintrag für \u0026ldquo;bin\u0026rdquo;. Sobald die I-Nodenummer für das \u0026ldquo;bin\u0026quot;-Verzeichnis gefunden ist, kann es nach einem Eintrag für \u0026ldquo;ls\u0026rdquo; durchsucht werden. Erst wenn die I-Nodenummer von \u0026ldquo;ls\u0026rdquo; bekannt ist, kann die Datei geöffnet oder geladen werden. Bei der Auflösung von Pfadnamen ergibt sich also eine wechselseitige Verkettung von Datenblöcken und I-Nodes: I-Nodes enthalten Zeiger auf Datenblöcke und die Datenblöcke eines Verzeichnisses enthalten Zeiger auf I-Nodes.\nBild 5: Zugriffe beim Auflösen eines Pfadnamens\nZugriffsrechte In der I-Node existiert ein Feld ino_mode. Es enthält neben anderen Informationen 9 Bits, die die Zugriffsrechte auf die Datei festlegen. UNIX unterscheidet an jedem Objekt im Dateisystem 3 Rechte: r-Recht bestimmt, ob eine Datei zu Lesen geöffnet werden darf, w-Recht bestimmt, ob eine Datei beschrieben werden darf und x-Recht bestimmt, ob eine Datei ausgeführt werden kann. Diese Rechte rwx sind jeweils einmal für den Eigentümer der Datei, für Angehörige seiner Benutzergruppe und für den Rest der Welt vorhanden, sodass sich insgesamt 9 Rechte-Bits ergeben.\nDa Verzeichnisse auch Dateien sind, haben auch sie diese Zugriffsrechte. In Zusammenhang mit Verzeichnissen werden sie jedoch etwas anders interpretiert: r-Recht an einem Verzeichnis erlaubt einem Benutzer, die Namensliste eines Verzeichnisses zu lesen. w-Recht an einem Verzeichnis gestattet es ihm, Dateien anzulegen oder zu löschen. x-Recht schließlich ist notwendig, um auf die Dateien in einem Verzeichnis zuzugreifen. In Bild 5 ist zu sehen, an welchen Stellen welche Zugriffsrechte geprüft werden, wenn die Datei \u0026ldquo;/bin/ls\u0026rdquo; zum Lesen geöffnet werden soll: Zunächst einmal muss am Hauptverzeichnis x-Recht vorhanden sein, damit auf die Datei \u0026ldquo;bin\u0026rdquo; zugegriffen werden kann, die im Hauptverzeichnis enthalten ist. Danach wird auf ein x-Recht am \u0026ldquo;bin\u0026quot;-Verzeichnis geprüft, um auf die Datei \u0026ldquo;ls\u0026rdquo; zugreifen zu können. Und schließlich muss an der Datei \u0026ldquo;ls\u0026rdquo; selbst noch r-Recht vorhanden sein, damit auf die Datenblöcke der Datei lesen zugegriffen werden darf.\nx-Recht an einem Verzeichnis ist also immer dann erforderlich, wenn namei() einem Zeiger aus diesem Verzeichnis in die I-Nodetabelle folgen muss. In Bild 5 sind diese aufwärts führenden Pfeile etwas dicker hervorgehoben.\nFragmente Dateisysteme verwalten den Plattenplatz in Form von Blöcken fester Größe. Deswegen ist am Ende der meisten Dateien ein Block vorhanden, der nicht ganz ausgenutzt werden kann, denn bei den meisten Dateien ist die Dateilänge nicht genau ein Vielfaches der Blockgröße des Dateisystems. So geht, abhängig von der mittleren Dateigröße und der Blockgröße des Dateisystems ein mehr oder weniger großer Anteil des Plattenplatzes verloren. Je kleiner die Verwaltungseinheiten des Dateisystems sind, umso effektiver kann es seinen Platz verwalten. Andererseits ist der Datendurchsatz eines Dateisystems um so größer, je größer die Blöcke sind, die es verwaltet. Und schließlich kann man bei der Verwendung von großen Datenblöcken oft mehrfach indirekte Blöcke einsparen und macht das Dateisystem auf diese Weise schneller und reduziert den Verwaltungsaufwand. In modernen UNIX-Dateisystem löst man dieses Dilemma, indem man ein Dateisystem mit einer relativ großen Blockgröße (meistens 8 Kilobyte) anlegt, Dateienden aber in speziellen Blöcken, den Fragmenten, speichert. Fragmente werden erzeugt, in dem man einen normalen Plattenblock in mehrere gleich grosse Teilblöcke unterteilt, die jeweils das Dateiende einer anderen Datei aufnehmen können.\nBild 6: Zwei Dateienden in einem fragmentierten Block\nAuf diese Weise werden die Dateienden verschiedener Dateien praktisch in einem Block zusammen komprimiert und der Verlust an Plattenplatz durch nicht ausgenutzte Blöcke wird reduziert. Trotzdem kann das Dateisystem die meiste Zeit mit vollständigen, großen Blöcken arbeiten und so hohe Geschwindigkeiten erreichen. Der Nachteil dieses Systems ist, daß ein Dateiende unter Umständen mehrfach umkopiert werden muss, wenn eine Datei wächst: Zunächst passt das Dateiende noch in sein Fragment hinein, wenn es wächst, muss jedoch ein größeres Fragment gesucht werden, das jedoch durch weitere Schreiboperationen sofort wieder überläuft, bis die Datei endlich den nächsten vollständigen Block füllt. Solche Kopieroperationen lassen sich vermeiden, wenn Anwendungsprogramme ihre Schreiboperationen der Blockgröße des Dateisystems anpassen. Da so etwas sehr unbequem ist, wenn man es selber programmieren muss, nimmt die C-Standardbibliothek in einem UNIX-System einem diese Arbeit ab: Sie fragt die Blockgröße des unterliegenden Dateisystems ab und stimmt ihre Schreibzugriffe so ab, daß mit maximaler Geschwindigkeit geschrieben werden kann.\nWeitere Geschwindigkeitsvorteile lassen sich erzielen, wenn man dafür sorgen kann, daß Dateien möglichst hintereinanderliegende Blöcke auf einer Platte belegen. Die Platte kann in diesem Fall ihren internen Cache füllen und die Daten schneller abliefern. Außerdem entfallen Bewegungen des Schreib-/Lesekopfes der Platte. Wie man am Beispiel von DOS sehen kann, ist es leider ist es nicht damit getan, die Blöcke einer Datei hintereinander anzuordnen. Man muss ausserdem auch Platz lassen, damit Dateien wachsen können.\nBild 7: Durch unkluge Anordnung von Daten zerstückelt MS-DOS Dateien in kleine, nicht zusammenhängende Fragmente.\nModerne UNIX-Dateisysteme unterteilen eine Festplatte deswegen in Streifen von einigen Megabyte Größe, sogenannte cylinder groups. Jeder dieser Streifen enthält eine eigene kleine I-Nodetabelle und seinen Anteil an Datenblöcken. Neue Dateien werden in derjenigen Zylindergruppe angelegt, die im Verhältnis am meisten freie Datenblöcke aufzuweisen hat. Dadurch wird sichergestellt, daß solche Dateien gerade nicht direkt hintereinanderliegen, sondern genügend freien Platz haben, um zu wachsen. Bei sehr langen Dateien wird außerdem nach dem Schreiben von jeweils einem Megabyte an Daten ein Wechsel der Zylindergruppe erzwungen: Man geht davon aus, daß man sehr lange Dateien sowieso nicht in einem Stück zusammenhängend lagern kann. Stattdessen versucht man, die einzelnen Stücke möglichst groß zu machen.\nBild 8: Das BSD Fast Filing System unterteilt die Platte in Streifen von einigen MB Größe. Das Betriebssystem versucht durch verschiedene Verfahren, das Verhältnis von belegten Datenblöcken zu belegten I-Nodes in allen cylinder groups einer Platte in etwa ausgewogen zu halten. Dadurch ist das Dateisystem effektiv selbst defragmentierend.\nAußerdem würde eine sehr lange Datei alle Datenblöcke, aber nur eine einzige I-Node in einer Zylindergruppe belegen. Die Daten zu den I-Nodes aller weiteren Dateien in derselben Zylindergruppe müssten dann auf andere Zylindergruppen verlagert werden, was dort wiederum das ausgewogene Verhältnis zwischen freien I-Nodes und freien Datenblöcken stören würde. Dadurch, dass man jeweils ein Megabyte einer sehr großen Datei auf eine andere Zylindergruppe verlagert, wird der Platz auf der Platte gleichmäßig verbraucht. Man verhindert, daß andere Dateien dann nicht mehr günstig auf der Platte angeordnet werden können.\nAbgeleitete Dateisysteme Die grundlegenden Strukturen des UNIX-Dateisystems wurden von Ritchie und Thompson vor 20 Jahren in den Laboratorien von AT\u0026amp;T entwickelt und haben sich grundsätzlich bewährt. Selbst das Entwicklerteam von BSD UNIX, das das Dateisystem vor 10 Jahren einer gründlichen Überarbeitung unterzogen hat, hat die zugrundeliegenden Ideen nicht verändert, sondern UNIX lediglich beigebracht, auf die Geometrie der Platte Rücksicht zu nehmen, um weitere Geschwindigkeitsgewinne zu erzielen.\nDas UNIX-Dateisystem ist dem nur halb so alten, aber wesentlich weniger effektiv organisierten MS-DOS Dateisystem in Sachen Geschwindigkeit, Zugriffsschutz und Benutzerfreundlichkeit weit überlegen. Die Ideen der UNIX-Entwickler waren letztlich so überzeugend, daß sie sich letztendlich im OS/2 HPFS und schließlich auch im Dateisystem von Windows NT wiederfinden.\nBild 9: 26 Laufwerksbuchstaben wären für eine gut ausgelastete Workstation viel zu wenig. UNIX kennt deswegen nur einen einzigen Dateibaum. Beim Anmelden (mounten) eines Dateisystems wird eine Platte an einer bestimmten Stelle in den Verzeichnisbaum eingehängt. Beim Wechsel des Verzeichnisses wechselt man so auch gleich die Platte oder bei Netzwerkplatten sogar den Rechner, auf dem man aktiv ist.\nLiteratur \u0026ldquo;The UNIX Time Sharing System\u0026rdquo;, Ritchie, Thompson, Communications of the ACM 7/74, p.365 \u0026ldquo;A Fast File System for UNIX\u0026rdquo;, McKusick et al, ACM Trans. on Computer Systems, August 84, p.181 \u0026ldquo;Operating Systems\u0026rdquo;, A. Tanenbaum, Prentice-Hall \u0026ldquo;The Design of the UNIX Operating System\u0026rdquo;, M. Bach, Prentice-Hall \u0026ldquo;The Design of the 4.3 BSD UNIX Operating System\u0026rdquo;, McKusick, Addison-Wesley \u0026ldquo;Advanced Programming in the UNIX Environment,\u0026rdquo; W. R. Stevens, Addison-Wesley ","date":"1994-02-01T00:00:00Z","href":"https://blog.koehntopp.info/1994/02/01/dateisysteme.html","tags":["lang_de","publication","unix"],"title":"UNIX Dateisysteme"},{"categories":null,"content":" TCP/IP Technik Ein SMTP Dialog aus »c\u0026rsquo;t - Magazin für Computertechnik«, Ausgabe 4/93\nTCP/IP Technik Rechner miteinander zu vernetzen ist heutzutage kein Problem mehr, so scheint es. Um die Rechner im Büro zu verbinden, nimmt man Ethernet, ARCNET oder Token-Ring; für die Anbindung von Außenstellen stehen Modems, Datex-P und neuerdings auch ISDN zur Verfügung und um mal eben einige Daten von seinem Mac auf den Atari zu überspielen, legt man ein Nullmodemkabel. Alle diese Netze haben ihre Stärken und Schwächen und dementsprechend ihre Einsatzgebiete.\nLeider haben diese Netze aber auch alle eine unterschiedliche Schnittstelle der Anwendung gegenüber. Das fängt schon bei den Adressen an (Datex-P Adressen sehen anders aus als Adressen in einem Ethernet) und hört erst wieder bei den grundlegenden Konzepten des jeweiligen Netzwerks auf. Wie schön wäre es, würden alle diese Netzwerke zusammenarbeiten können, sodaß man Daten auf dieselbe Art und Weise vom Wohnzimmer in den Hobbykeller wie von einem Ende der Welt zum anderen verschicken könnte, wenn man die verschiedenen Netzwerke miteinander vernetzen könnte.\nGenau diese Anforderung erfüllen die TCP/IP-Protokolle, die im Internet verwendet werden.\nWas kann TCP/IP? gibt einem die Unabhängigkeit von Hardware des unterliegenden Trägernetzes. gibt einem eine netzwerkweit einheitliche Adresse. präsentiert dem Programmierer eine einheitliche, geschlossene API. bietet einen Baukasten von standardisierten High-Level-Protokollen für die verschiedensten Netzwerkdienste. ist eine offene Protokollfamilie, die unabhängig von Herstellern entwickelt wurde. Um die Entwicklung und das Verständnis von Rechnernetzen zu erleichtern, hat die International Standards Organisation (ISO) ein Architekturmodell für Rechnernetze entwickelt, das OSI Referenzmodell. Dieses Modell teilt den Prozess des Verschickens von Daten über ein Rechnernetz in 7 übereinanderliegende Schichten ein, die einander zuarbeiten und jede für sich eine bestimmte Abstraktionsebene kennzeichnen. Weil diese Schichten in der Abbildung übereinander liegen, redet man oft auch von einem Protokollstapel.\nBild 1: OSI Referenzmodell\nWenn Daten zwischen zwei Rechnern übertragen werden, erscheint es im Programmiermodell so, als würden zwei gleiche Schichten auf verschiedenen Rechnern miteinander kommunizieren. Die Details der darunterliegenden Abstraktionsebenen werden vor den darüberliegenden Schichten verborgen. Beispielsweise ist es die Aufgabe der Schicht 2, eine fehlerfreie Verbindung zwischen zwei benachbarten Netzknoten zur Verfügung zu stellen. Das bedeutet, dass die Schicht 3 sich mit den Details der Datenübertragung zwischen zwei Maschinen nicht mehr zu befassen hat. Sie kann mit der Schicht 3 der Gegenstelle kommunizieren, ohne sich um Einzelheiten der Datenübertragung und möglicherweise auftretende Fehler kümmern zu müssen.\nIn Wirklichkeit besteht jedoch die einzige Verbindung zwischen zwei Rechnern auf der Ebene 1, der physikalischen Schicht. Wenn Daten zu senden sind, werden sie von einer Schicht zur jeweils darunterliegenden Schicht weitergereicht. Damit die einzelnen Schichten voneinander unabhängig sind, müssen die Schnittstellen zwischen den Schichten natürlich bekannt und definiert sein. Diese Art von Modulbildung erleichtert die Wartung und Entwicklung von neuen Netzwerkprotokollen und die Fehlersuche.\nInternetworking Protocol (IP) Auch TCP/IP hat einen ähnlichen, schichtweisen Aufbau, wenn es auch nicht so vielfach unterteilt ist wie das OSI-Modell; üblicherweise unterscheidet man vier Schichten. Die Grundlage des TCP/IP-Protokollturms bildet die Netzwerkschicht, deren Aufgabe der eigentliche Datentransport ist.\nTCP/IP ist kein Netzwerkprotokoll, das von der Hardware direkt verstanden wird. Normalerweise werden TCP/IP-Daten immer über ein vorhandenes Trägernetz, etwa Ethernet oder X.25, übertragen, denn die Aufgabe von TCP/IP ist es ja gerade, solche vorhandenen Netzwerke zu vereinheitlichen. Im OSI-Modell deckt die Netzwerkschicht also die Hardwareschichten 1 und 2 sowie in einigen Fällen auch noch Teile der Schicht 3 ab.\nAuf der Netzwerkschicht aufbauend liegt die Internet-Schicht, die die erste Abstraktionsschicht von einem konkreten Netzwerk darstellt. Damit ist das Internet-Protokoll, kurz IP, der Kern von TCP/IP, denn es stellt den grundlegenden Dienst des Netzes zur Verfügung: den Versand von Datenpaketen, sogenannten Datagrammen, über verschiedene Netze hinweg.\nDie Netzwerkschicht hat keine Information darüber, von welcher Art die Daten sind, die sie befördert: Für eine Ethernetkarte sind die ankommenden Daten eben einfach nur Daten, die vom Netz kommen. Der Kartentreiber interpretiert einen Teil dieser Daten als IP-Header und den Rest als Datenteil eines IP-Paketes. Auf diese Weise ist der IP-Header innerhalb eines Ethernet-Paketes gewissermaßen eingekapselt. Aber auch das IP-Paket selbst enthält selbst wieder ein Datenpaket für eine höhere Protokollebene, dessen Header auf der IP-Ebene als Bestandteil der Daten erscheint.\nBild 2: Kapselung von Daten in ein Protokollpaket der nächstniederen Schicht.\nIP ist ein verbindungsloses Protokoll, das bedeutet, IP kennt keinen Verbindungszustand. Es ist also nicht notwendig, eine IP-Verbindung zu einem Rechner zu \u0026ldquo;öffnen\u0026rdquo;, bevor man Daten zu diesem Rechner senden kann, sondern es genügt, das IP-Paket einfach abzusenden. Bei einem verbindungsorientierten Protokoll wird beim Öffnen einer Verbindung getestet, ob der Zielrechner überhaupt erreichbar ist. Ein verbindungsloses Protokoll macht das nicht und kann demnach auch nicht garantieren, daß ein Datenpaket überhaupt beim Empfänger ankommt. IP garantiert auch nicht, daß ein von einem einmal abgeschickten Datenpaket nur eine Kopie beim Empfänger ankommt, oder dass in einer Reihenfolge abgeschickte Datenpakete auch wieder in dieser Reihenfolge empfangen werden. Dadurch ist es möglich, daß längere Transfers von einem Rechner zum anderen, die über mehrere Zwischenrechner laufen, beim Ausfall eines dieser Rechner dynamisch neu konfiguriert werden. Irgendwann während der Übertragung bricht ein Übertragungsweg zusammen und es wird ein neuer Weg zum Ziel gesucht und benutzt. Da der neue Weg zeitlich länger oder kürzer sein kann als der alte, kann man keine allgemein gültigen Aussagen darüber machen, in welcher Reihenfolge IP-Pakete beim Empfänger eintreffen. Es kann auch sein, daß bei dieser Umschalterei IP-Pakete verloren gehen oder verdoppelt werden. Alle diese Unebenheiten auszubügeln überläßt IP anderen, höherliegenden Schichten im Protokollturm.\nBild 3: Aufbau eines Internet Protocol (IP) Headers. Eine Zeile stellt ein Langwort (4 Byte) dar. Das höchstwertigste Byte eines Langwortes wird als erstes übertragen (Network Byte Order).\nDie Hauptaufgabe von IP ist es also, die Unterschiede zwischen den verschiedenen, unterliegenden Netzwerkschichten zu verbergen und eine einheitliche Sicht auf die verschiedensten Netzwerktechnologien zu präsentieren. Dazu gehören die Einführung eines einheitlichen Adressierungsschemas und eines Fragmentierungsmechanismus, der es ermöglicht, große Datenpakete durch Netze mit kleiner maximaler Paketgröße zu senden.\nJedes IP-Paket enthält zwei Adressen in Form von 32 Bit Worten: Die Absender- und die Empfängeradresse. Eine Internet-Adresse wird meist in Form von vier, durch Punkte getrennten Bytes notiert, man spricht in diesem Fall von der \u0026ldquo;dotted quad\u0026rdquo;-Schreibweise. Um die Zustellung von IP-Paketen zu vereinfachen, unterteilt man die Adresse in zwei Teile: Den Netzwerkteil und den Rechnerteil. Ein Router muss, um ein Datenpaket zustellen zu können, nur den Netzwerkteil einer Adresse erkennen. Erst im Zielnetzwerk wird der Rechnerteil einer Adresse ausgewertet. Um den verschiedenen Anforderungen gerecht zu werden, was die Größe von Netzwerken angeht, unterscheidet man verschiedene Aufteilungen der 32 Adreßbits:\nbei Netzwerken der Klasse A ist das erste Bit der IP-Adresse 0. Die folgenden 7 Bit bilden den Netzwerkteil der Adresse und die restlichen 24 Bits bilden den Rechnerteil. Es kann also weniger als 128 verschiedene Klasse A Netzwerke geben, aber jedes dieser Netze aus Millionen von Rechnern bestehen. Ein typischer Vertreter ist zum Beispiel das amerikanische MILNET, das sich über das ganze Land erstreckt. bei Netzwerken der Klasse B fängt die Adresse mit der Bitfolge \u0026ldquo;10\u0026rdquo; an. Die folgenden 14 Bit stellen den Netzwerkteil der Adresse dar, die restlichen 16 Bit den Rechnerteil. Es kann also Tausende von Klasse B Netzen mit jeweils tausenden von Rechnern geben. Ein typischer Vertreter ist das Campusnetzwerk einer großen Universität. bei Netzwerken der Klasse C fängt die Adresse mit der Bitfolge \u0026ldquo;110\u0026rdquo; an. Die folgenden 21 Bit stellen den Netzwerkteil der Adresse dar, die restlichen 8 Bit den Rechnerteil. Es kann also Millionen von Netzwerken der Klasse C geben, von denen jedes weniger als 256 Rechner beherbergt. Standardmässig bekommt man ein Klasse C Netz, wenn man ein Netzwerk beim NIC anmeldet. fängt eine Adresse mit den Bits \u0026ldquo;111\u0026rdquo; an, so hat sie eine Spezialbedeutung. Manchmal werden solche Adressen als Klasse D Adressen bezeichnet. Höherliegende Protokolle und Dienste bieten dem IP-Benutzer Mechanismen, die Namen Internet-Adressen zuordnen und umgekehrt.\nWeil das Internet-Protokoll wie bereits erwähnt normalerweise immer auf einem Trägernetzwerk aufsetzt, muss es noch eine andere Eigenschaft der unterliegenden Netzwerkschicht verbergen: Normalerweise existiert bei allen Netzwerken eine maximale Größe, die ein Datenpaket haben kann. Im IP-Jargon nennt man diese Grenze die \u0026ldquo;maximum transmisson unit\u0026rdquo;, MTU. Natürlich ist diese Obergrenze je nach verwendeter Trägertechnik unterschiedlich. Die Internet-Schicht teilt IP-Pakete, die größer als die MTU des verwendeten Netzwerks in kleinere Stücke, sogenannte Fragmente auf. Auf dem Zielrechner werden diese Fragmente dann wieder zu vollständigen IP-Paketen zusammengesetzt, bevor sie an die darüberliegenden Protokolle weiter gegeben werden.\nWelches darüberliegende Protokoll der Transportschicht das Datenpaket bekommt, steht im \u0026ldquo;Protokoll\u0026rdquo;-Feld eines jeden IP-Paketes. Jedes Protokoll der Transportschicht bekommt eine eindeutige Identifikationsnummer zugewiesen, anhand derer der IP-Treiber entscheiden kann, wie weiter mit dem Paket zu verfahren ist. Eines der wichtigsten Protokolle der Transportschicht ist TCP.\nWas leistet TCP? Die Aufgabe von TCP ist es, die oben geschilderten Defizite von IP zu verbergen. Für den TCP-Benutzer soll es nicht mehr sichtbar sein, daß die darunterliegenden Protokollschichten Datenpakete versenden, sondern stattdessen soll der Benutzer mit einem Bytestrom wie bei einer normalen Datei arbeiten können. TCP garantiert das Ankommen, die Einmaligkeit und die Reihenfolge der Daten. Zusätzlich multiplext TCP die Verbindung zwischen zwei Rechnern: Während auf der Internet-Schicht nur eine Verbindung zur Zeit zwischen zwei Rechnern bestehen kann, teilt TCP diese Verbindung in viele virtuelle Kanäle auf.\nIm Gegensatz zu IP ist TCP verbindungsorientiert. Das muss so sein, denn TCP-Verbindungen sollen ja für den Benutzer wie Dateien zu handhaben sein. Das bedeutet, eine TCP-Verbindung wird wie eine Datei geöffnet und geschlossen, und man kann seine Position innerhalb des Datenstromes bestimmen, genau wie man bei einer Datei die Position des Dateizeigers angeben kann.\nAuch TCP sendet die Daten in größeren Einheiten, um den Verwaltungsaufwand durch Header und Kontrollinformation kleinzuhalten. Im Gegensatz zu den IP-\u0026ldquo;Paketen\u0026rdquo; bezeichnet man in die Einheiten der Transportschicht als \u0026ldquo;Segmente\u0026rdquo;. Jedes gesendete TCP-Segment hat eine eindeutige Folgenummer, die die Position seines ersten Bytes im Bytestrom der Verbindung angibt. Anhand dieser Nummer kann die Reihenfolge der Segmente korrigiert werden und doppelt angekommene Segmente können aussortiert werden. Da die Länge des Segmentes aus dem IP-Header bekannt ist, können auch Lücken im Datenstrom entdeckt werden und der Empfänger kann verloren gegangene Segmente neu anfordern.\nBeim Öffnen einer TCP-Verbindung werden zwischen beiden Kommunikationspartnern Kontrollinformationen ausgetauscht, die sicherstellen, daß der Endpunkt der Verbindung existiert und Daten annehmen kann. Dazu schickt der Sender ein Segment mit der Aufforderung, die Folgenummern zu synchronisieren. Der Empfänger weiß jetzt, daß der Sender eine Verbindung öffnen möchte und an welcher Position im Datenstrom der Sender anfangen wird zu zählen. Der Empfänger bestätigt den Empfang der Nachricht und legt seinerseits eine Folgenummer für Übertragungen in Gegenrichtung fest. Der Sender bestätigt nun seinerseits den Empfang der Folgenummer von B und beginnt dann mit der Übertragung von Daten. Diese Art des Austausches von Kontrollinformation, bei der jede Seite die Aktionen der Gegenseite bestätigen muss, ehe sie wirksam werden können, heisst \u0026ldquo;Dreiweg-Handshake\u0026rdquo;. Auch beim Abbau einer Verbindung wird auf diese Weise sichergestellt, daß beide Seiten alle Daten korrekt und vollständig empfangen haben.\nBild 4: Aufbau eines Transmission Control Protocol (TCP) Headers.*\nWährend der Übertragung kann der Empfänger dem Sender im Feld \u0026ldquo;Fenstergröße\u0026rdquo; signalisieren, für wie viele Bytes er noch Pufferkapazität frei hat. Der Sender darf nicht mehr Daten senden, als der Empfänger auf diese Weise freigegeben hat, bis er eine weitere Empfangsbestätigung mit einer neu festgelegten Fenstergröße vom Sender erhält. Auf diese Weise kann der Empfänger den Datenfluß vom Sender nach Wunsch dosieren. Wenn der Empfänger dem Sender eine Fenstergröße von Null Byte signalisiert, muss der Sender den Transfer unterbrechen, bis er eine zweite Bestätigung mit einer Fenstergröße ungleich Null bekommt.\nAuf einem Rechner können mehrere Prozesse zu einem Zeitpunkt TCP-Verbindungen geöffnet haben. Die Portnummer in jedem TCP-Segment gibt an, welche virtuelle Verbindung zu welchem Prozess gehört. So ist es möglich, Leitungen für eine Vielzahl von Prozessen zu multiplexen. Vom Standpunkt eines Modembenutzers aus kann man TCP/IP also in gewisser Weise als eine Art glorifiziertes ZMODEM- oder BIMODEM-Protokoll betrachten: Es ist nicht nur eine Übertragung von Daten in beide Richtungen gleichzeitig möglich, sondern es können pro Richtung noch mehrere Verbindungen zugleich unterhalten werden.\nDamit die verschiedenen Schichten des Protokollturms miteinander Daten austauschen können, müssen jeweils zwei aneinanderstoßende Schichten sich jeweils über ein gemeinsames Interface einig sein. Normalerweise sind diese Interfaces nicht interessant, weil sie für den Anwender unsichtbar sind. Das Interface der Internet-Schicht ist zum Beispiel nur für denjenigen interessant, der TCP oder ein vergleichbares Protokoll selbst implementieren möchte. Das Interface zwischen der Transportschicht und der Anwendungsschicht ist jedoch von besonderem Interesse, denn es stellt das Interface dar, mit dem ein Programmierer umgehen muss, der eine Anwendung schreiben möchte, die von den Möglichkeiten von TCP/IP Gebrauch macht.\nLeider gibt es zwei verschiedene, inkompatible APIs für TCP/IP. Die ältere der beiden ist als \u0026ldquo;Berkeley Sockets\u0026rdquo; bekannt geworden und in BSD UNIX zusammen mit der ersten Version von TCP/IP implementiert worden. Die andere API ist das \u0026ldquo;Transport Level Interface\u0026rdquo;, kurz TLI, von AT\u0026amp;T. Es stellt den Versuch dar, eine generelle, TCP/IP unabhängige API für Netzwerkprogrammierung zu schaffen. Die Namen und Parameter der TLI-Aufrufe orientieren sich dabei an der Begriffswelt der OSI.\nDie Grenze zwischen der Anwendungsschicht und der Transportschicht ist in den meisten Implementierungen zugleich die Grenze zwischen dem Betriebssystem und den Anwendungsprogrammen. Im OSI-Modell ist diese Grenze in etwa die Grenze zwischen den Schichten 4 und 5. Daher ordnet man IP vorwiegend ungefähr in die Ebene 3 und TCP ungefähr in Ebene 4 des OSI-Modells ein. Da TCP/IP jedoch älter und einfacher als das OSI-Modell sind, kann diese Einordnung nicht genau passen.\nTypische TCP/IP Dienste Auf TCP/IP setzen viele verschiedene Dienste auf, von denen die meisten ein eigenes, anwendungsspezifisches Protokoll zwischen ihrem Server und den verschiedenen Client-Programmen verwenden. Der UNIX-Tradition folgend kommunizieren viele dieser Anwendungen zwar in einem formalisierten Format miteinander, aber dieses Format ist überwiegend so gehalten, dass es noch von einem Menschen ohne besondere Debugging-Werkzeug gelesen und erzeugt werden kann.\nEines dieser Protokolle ist zum Beispiel das \u0026ldquo;simple mail transport protocol\u0026rdquo;, SMTP. Es dient der synchronen Auslieferung von Electronic Mail im Internet und wird von einer ganzen Palette von Mailtransportprogrammen direkt verstanden. Ist eine Mail zu versenden, so baut der sendende Mailer eine TCP/IP-Verbindung direkt zum Zielrechner auf. Der physikalische Weg zu diesem Rechner muss nicht direkt vorhanden sein, aber das braucht den Absender nicht zu kümmern. Die Internet-Schicht des Netzes wird einen Weg zum Zielrechner konstruieren, wenn es einen gibt. Für den Mailer sieht es so aus, als hätte er eine direkte, virtuelle Verbindung zum Zielrechner. Kommt eine Verbindung zustande, so meldet sich auf dem Zielrechner ein Hintergrundprozeß, der auf eingehende Nachrichten wartet. Zwischen den beiden Mailern läuft dann ein SMTP-Dialog ab. Da der Dialog aber in reinem ASCII und sogar relativ lesbar ist, kann man ihn bei Kenntnis des SMTP-Protokolls auch als Mensch simulieren. Im Kasten SMTP ist so eine Simulation eines SMTP-Dialoges zu sehen.\nSo wie SMTP der Zustellung persönlicher Nachrichten an einzelne Personen dient, ermöglicht das NNTP-Protokoll die Verbreitung öffentlicher Nachrichten im Internet, die USENET News. Das FTP-Protokoll dient zur Übertragung von Dateien durch das Netz, das TELNET- und das rlogin-Protokoll ermöglichen es, Sessions auf entfernten Rechnern zu fahren und wieder andere Protokolle ermöglichen die Einrichtung von Namensverzeichnissen oder die Fernabfrage der eigenen Mail.\nTCP/IP ist durch das schichtweise Design ein modularer Protokollstandard. Die einzelnen Komponenten sind in den sogenannten \u0026ldquo;Requests for Comments\u0026rdquo; (RFCs) genormt und offengelegt. Am Zustandekommen einer einzelnen SMTP-Verbindung über TCP über IP über Ethernet-Verbindung sind dann auch eine ganze Reihe dieser Normen beteiligt. Das Format der übertragenen Nachricht ist in RFC 822, \u0026ldquo;Standard for the format of ARPA Internet text messages\u0026rdquo; festgelegt. Die Nachrichten werden nach dem in RFC 821 definierten SMTP-Verfahren übertragen. SMTP bedient sich wiederum des in RFC 793 spezifizierten TCP, das auf dem in RFC 791 und RFC 792 definierten Internet Protocol aufsetzt. Wie Internet-Pakete auf einem Ethernet als Träger verschickt werden, ist wiederum in RFC 894 festgelegt, während RFC 826 die Zuordnung von Ethernet-Adressen zu IP-Adressen regelt.\nDie Universalität von TCP/IP verbirgt die Eigenheiten der unterliegenden Trägernetze vollständig. Für einen TCP/IP-Benutzer, ja sogar für den Programmierer ist es egal, auf welche Weise der Zielrechner erreicht wird, er hat eine einheitliche Sicht auf ein riesiges, weltweites, aus tausenden von Teilnetzen zusammengesetztes Netzwerk.\nSMTP SMTP Dialog zwischen tpki.toppoint.de und black.toppoint.de\nVon tpki.toppoint.de gesendete Zeichen sind fett gesetzt.\n220-black.toppoint.de Smail3.1.26.7 #3 ready at Wed, 9 Dec 92 00:08 MET 220 call +49 431 676689 for operator. helo tpki.toppoint.de 250 black.toppoint.de Hello tpki.toppoint.de mail from: kris@tpki.toppoint.de 250 \u0026lt;kris@tpki.toppoint.de\u003e ... Sender Okay rcpt to: kris@black.toppoint.de 250 \u0026lt;kris@black.toppoint.de\u003e ... Recipient Okay data 354 Enter mail, end with \".\" on a line by itself . 250 Mail accepted quit 221 black.toppoint.de closing connection ","date":"1993-04-01T00:00:00Z","href":"https://blog.koehntopp.info/1993/04/01/tcpip-technik.html","tags":["lang_de","publication","internet"],"title":"TCP/IP Technik"},{"categories":null,"content":"für c\u0026rsquo;t - Magazin für Computertechnik, Ausgabe 3/93\nTCP/IP Dienste Das größte Problem bei einem Artikel über das Internet ist es, zu definieren, was das Internet überhaupt ist. Eigentlich existiert so etwas wie \u0026ldquo;das Internet\u0026rdquo; nämlich überhaupt nicht. Das ändert natürlich nichts an der Tatsache, daß Millionen Menschen es jeden Tag benutzen. Wie erklärt sich ein solcher Widerspruch?\nAm besten, man beginnt am Anfang: Ende der Siebziger Jahre hatte das amerikanische Verteidigungsministerium bedarf an einer Technologie, die unterschiedlichsten Computersysteme an verschiedenen Orten miteinander zu vernetzen. Um die Möglichkeiten einer solchen Vernetzung auszuloten und die dazu notwendigen Technologien zu entwickeln und zu erproben, wurde im Jahre 1969 im Rahmen eines Forschungsprojektes ein experimentelles Computernetz ins Leben gerufen. Schon bald zeigte sich, daß nicht nur das Verteidigungsministerium einen Bedarf an derartiger Technik hatte.\nDas ARPANET war viel erfolgreicher als ursprünglich geplant: Nach kurzer Zeit schon begannen viele Organisationen das Netz nicht nur für experimentelle Zwecke zu nutzen, sondern verwendeten es auch für ihre tägliche Arbeit. Auch Institutionen und Firmen zeigten Interesse an der Vernetzung, die nicht direkt an der Entwicklung von Netzwerktechnologien beteiligt waren, sondern diese einfach nur benutzen wollten. Daher zog man 1975 die Konsequenz, und änderte den Status von ARPANET in den eines Produktionsnetzwerks, das von der Defense Communications Agency (heute die Defense Information Systems Agency) verwaltet wurde.\nDoch die Entwicklung des Netzes blieb damit nicht stehen. Die heute verwendeten Netzwerkprotokolle , TCP und IP, stammen im Prinzip aus den frühen achtziger Jahren. Weil das ARPANET immer stärker wuchs und zum Teil nicht zu experimenteller Arbeit, sondern immer mehr auch zu Produktionszwecken genutzt wurde, teile man es in einen Forschungsteil (ARPANET) und das MILNET auf. Zugleich stellte man das Protokoll zwischen den zentralen Netzwerkknoten auf TCP/IP um. Um den Umstieg zu erleichtern und auch Universitäten für die verwendete Technik zu interessieren, wurde eine frei verfügbare Implementation von TCP/IP für BSD UNIX in Auftrag gegeben, und damit der Grundstein zu dem gelegt, was heute als \u0026ldquo;open systems\u0026rdquo; in aller Munde ist. Die Rechnung ging auf: Schon mitte der achtziger Jahre begann die National Science Foundation in den Vereinigten Staaten mit dem Aufbau des NSFNET, einem Netz mit Verbindung zum ARPANET, aber auch zu regionalen Netzwerken auf gleicher Technologiebasis.\nHeute bezeichnet man mit dem Namen \u0026ldquo;internetwork\u0026rdquo; Netzwerke aus Teilnetzwerken der verschiedensten Technologien, die durch das darüberliegende TCP/IP zusammengebunden werden. Die weltweite Verbindung von TCP/IP-Netzwerken, die aus dem ARPANET entstanden ist, trägt jedoch den Namen \u0026ldquo;das Internet\u0026rdquo; (mit betontem \u0026ldquo;das\u0026rdquo; und großem \u0026ldquo;I\u0026rdquo;). Alle wichtigen staatlichen und wirtschaftlichen Institutionen in den USA sind mittlerweile auf die eine oder andere Weise mit dem Internet verbunden. Auch in Deutschland findet, wenn auch mit mehreren Jahren Verzögerung, eine ähnliche Entwicklung statt. So etwas wie eine einheitliche Verwaltung gibt es jedoch nicht. Das Internet Activities Board definiert das Internet selbst dann in einem seiner Informationspapiere auch als einen \u0026ldquo;lockeren, internationalen Zusammenschluss miteinander verbundener Netzwerke, das direkten Kontakt von Rechner zu Rechner durch freiwilliges Befolgen offener Protokollstandards und -prozeduren ermöglicht.\u0026rdquo; Diese Definition ist in der Tat schwammig genug, um einem Gebilde wie dem Internet gerecht zu werden.\nEin anderer Pluspunkt von TCP/IP ist eher für den Programmierer interessant: die totale Unabhängigkeit der Applikation von der darunterliegenden Netzwerkebene. Ein Programm, das in einer Internet-Umgebung läuft, muss sich nicht darum kümmern, wie es seine Datenpakete aus dem lokalen Ethernet über das Datex-P-Gateway nach Übersee und dort in das lokale Token-Ring-Netzwerk schicken kann. Das Internet-Protokoll kümmert sich darum, die Details der verschiedenen unterliegenden Netzwerke und Transportmechanismen zu verbergen. Es kümmert sich auch darum, die schnellste oder am wenigsten ausgelastete Route durch das Netz zu suchen.\nDiese Transparenz wird vom Protokoll auch an die darüberliegenden Anwendungen und letztendlich an den Benutzer weitergegeben. Für einen Benutzer einer Anwendung im Internet ist es vom Aufwand her kein Unterschied, ob er seine Daten von einer lokalen Platte, aus dem inhouse-Netzwerk, von einem Server irgendwo in Deutschland oder gar in Taiwan oder den USA bekommt. Allein an der Übertragungsgeschwindigkeit könnte man einen Unterschied feststellen. Leider birgt diese Transparenz gelegentlich Probleme in sich: Für den Benutzer ist es gleich schwierig, einen Dienst über Transatlantik-Leitungen zu benutzen wie einen Dienst im lokalen Ethernet. Es könnte sogar sein, daß sich ein guter Teil der Netzwerk-Benutzer gar nicht darum kümmert, woher genau die Daten jetzt kommen und wie viel Technik dafür in Bewegung gesetzt werden muss. In Folge kommt es zu den Stoßzeiten auf überregionalen Leitungen mehr oder weniger stark zu Kapazitätsproblemen.\nReichhaltiges Angebot Das Internet stellt seinen Benutzern auf der Basis von TCP/IP als Transportprotokoll eine Vielzahl von Dienstleistungen zur Verfügung. Diese Dienste sind normalerweise auf der Basis eines weiteren Protokolles realisiert, das wiederum auf TCP/IP aufsetzt (vgl. Internet Technik Artikel ).\nDer erste Dienst, den man als Benutzer im Internet kennenlernt, ist wahrscheinlich electronic mail. Mail erlaubt es, Textnachrichten und neuerdings auch multimediale Dokumente an andere Benutzer im Netz zu verschicken. Die Zustellung der Mail erfolgt, indem der eigene Rechner nach dem Abschicken der Mail eine Verbindung zum Zielrechner aufbaut und die Mail dort online und direkt einliefert. Bei einer schnellen Netzverbindung ist die Mail praktisch Sekunden nach dem Drücken der Returntaste beim Empfänger.\nViele bekannte Firmen sind im Netz durch Mitarbeiter oder sogar mit einer Supportadresse vertreten. Darunter sind so illustre Namen wie Motorola, Intel, AT\u0026amp;T, Microsoft, Borland, Seagate, Prime, NeXT, SUN, DEC, IBM, HP, Commodore, Atari und viele andere mehr, darunter auch zahllose kleinere Firmen. Auch sind fast alle Universitäten in den meisten Ländern direkt zu erreichen. Wer Freunde oder Bekannte hat, die als Austauschstudent an einer ausländischen Universität sind, der wird electronic mail als schnelles und billiges Briefmedium schätzen lernen. Für den Studenten taugt Mail auch, um sich mit den Autoren von Seminarpapieren kurzzuschließen und zusätzliches Material für den Vortrag zu bekommen oder um Fragen zu stellen.\nWer die Mailgrößen und die Zustellgeschwindigkeiten von Mailboxnetzen gewohnt ist, wird im Internet allerdings umdenken müssen. Internet ist in der Lage, in kurzer Zeit große Datenmengen zu bewegen und dementsprechend wird dieser Dienst auch genutzt. Es kann einem leicht passieren, daß man auf eine Anfrage, ob diese oder jene Datei vorhanden sei, kein \u0026ldquo;Ja\u0026rdquo;, sondern kurzerhand die Quelle zugestellt bekommt.\nMit Mail ist es möglich, private Nachrichten an Personen zu verschicken. Auf dem Internet gibt es einen anderen Dienst, News, der es erlaubt öffentliche Nachrichten an Sachgruppen, sogenannte Newsgroups, zu adressieren. Eine Newsgroup ist gewissermaßen ein öffentliches Diskussionsforum, das einem bestimmten Thema gewidmet ist. Insgesamt gibt es weit über 2500 verschiedene Newsgroups mit einem Themenspektrum, das von Computerthemen über Wissenschaft, Hobby, politischer Diskussion bis hin zu bloßem Jux reicht. Typische Laufzeiten von Nachrichten in einer Newsgroup liegen dabei in der Gegend von 6 bis 10 Stunden. In dieser Zeit ist der eigene Text einmal rund um die Erde verteilt worden und viele tausendmal kopiert worden.\nMit einer Nachricht in einer Newsgroup erreicht man schnell ein großes Publikum. Selbst bei exotischen Problemen oder Fragestellungen ist es wahrscheinlich, innerhalb eines Tages Personen zu finden, die ein ähnliches Problem auch schon einmal gehabt haben und einem möglicherweise weiter helfen können. Gerade für jemanden, der sich mit Softwareentwicklung befasst, sind die News eine wichtige Quelle für Informationen, praktische Erfahrungsberichte und Support, die beim Hersteller oft nur schwer zu bekommen sind.\nViele nützliche PD-Programme konnten nur deswegen entstehen, weil Programmierer in den entferntesten Gegenden der Erde per News und Mail Quellen und Fehlerreports austauschen können und so trotz der großen Entfernungen eng zusammenarbeiten können. Die public domain UNIX-Versionen Linux und 386BSD sind nach Megabytes gemessen die größten Produkte einer solchen Zusammenarbeit, aber auch viele andere Werkzeuge für den täglichen Einsatz sind auf diese Weise entstanden. Allen voran stehen die Programme, die man zur effizienten Nutzung von News und Mail benötigt: Programmpakete zum Lesen, Schreiben, Verschicken und Archivieren von News und Mail.\nDie neuesten Versionen dieser Programmpakete finden sich in Archiven, die per anonymous FTP zugänglich sind. FTP steht für \u0026ldquo;File Transfer Protocol\u0026rdquo; und ist zugleich der Name eines Übertragungsprotokolls als auch der Name der Anwendung, die dieses Protokoll benutzt, um per Internet Dateien zu übertragen. Viele Institutionen, die einen schnellen Internet-Anschluss haben und ein wenig Plattenplatz erübrigen können, richten Bereiche ein, in denen man auch ohne Passwort per FTP Programme ablegen oder abholen kann. Teilweise sind diese Rechner so konfiguriert, daß sie ihre Datenbestände untereinander automatisch abgleichen, ihre Platten also gegenseitig spiegeln. Auf diese Weise erübrigt sich für den Benutzer das Horten von Quelltexten auf der eigenen Platte: Wenn man ein Programmpaket benötigt, um es zu installieren oder mit den Quellen zu arbeiten, wird man sowieso nicht das private Archiv mit der veralteten Version aufsuchen, sondern sich per FTP eine aktuelle Version desselben Paketes holen.\nDas Hauptproblem dabei ist es lediglich, einen Server zu lokalisieren, der die gewünschten Daten auch anbietet. Dafür gibt es im Netz öffentlich zugängliche Datenbanken, die einen Index über dreistellige Gigabytemengen auf Software enthalten, die Archies. Ein Archie ist eine Datenbank, die typischerweise im Tages- oder Wochenrhytmus die kompletten Inhaltsverzeichnisse einiger hundert FTP-Server abfragt und zu einem Gesamtindex verarbeitet. Man kann den Archie nach Namen oder Beschreibungen von Programmpaketen suchen lassen und erhält eine Liste aller Quellen für das gesuchte Programmpaket, die dem Archie bekannt sind. Dazu kann man sich direkt auf dem Archie einloggen und einer simplen Abfragesprache bedienen. Richtig bequem wird so eine Abfrage aber erst mit einem Abfrageprogramm wie xarchie (für XWindows), das man mit der Maus bedienen kann. Die Beschaffung eines bestimmten Programmpaketes beschränkt sich dann auf die Eingabe des Paketnamens und das Anklicken der Knöpfe \u0026ldquo;Query\u0026rdquo; und (nach Auswahl des gewünschten Servers) \u0026ldquo;FTP\u0026rdquo;.\nEs gibt im Internet noch weitere frei zugängliche Datenbanken. Da es jedoch keine zentrale Administration des Netzwerks gibt, ist es hier etwas schwierig einen Überblick zu bekommen. Es ist zum Beispiel bekannt, daß sehr viele Bibliotheken in den USA einen Zugang ins Internet haben und ihre Kataloge als Datenbank öffentlich zugänglich machen. Aber auch andere Institutionen bieten Datenbanken zur freien Abfrage an. Man erreicht diese Datenbanken per TELNET, einem TCP/IP-Dienst, der es einem erlaubt, sich auf einem entfernten Rechner einzuloggen. Per FTP sind Texte erhältlich, die den Versuch einer Katalogisierung solcher Dienste darstellen und die Netzadressen, Logins und Passwörter enthalten, die man benötigt, um arbeiten zu können. Der nächste logische Schritt sind Datenbankabfrageprogramme, die eine Anfrage nehmen und sie allen Datenbanken stellen, die ihnen bekannt sind. Solche Dienste sind WAIS (Wide Area information Service) und gopher.\nWie man sich anschließt Man kann auf zwei Wegen an einen Internet-Zugang kommen. Die eine Methode ist es, sich einen Systembetreiber zu suchen, dessen Rechner am Internet angeschlossen ist und der einem die Benutzung seines Rechners erlaubt. Man kann sich dann auf diesem Rechner einloggen und die Internet-Dienste dieses Rechners online nutzen. Die andere Methode wäre, auf dem eigenen Rechner zu arbeiten und nur die eigenen IP-Pakete an einen Internet-Rechner weiter zu routen, etwa über ein Modem und SL/IP (Serial Line Internet Protocol). Die meisten Internet-Anbieter lassen einem die Auswahl zwischen beiden Methoden des Anschlusses.\nEin Anschluss ans Internet ist derzeit jedoch eine teure Sache, falls man nicht gerade Student an einer Universität mit freiem Zugang zum Internet ist. Wer immer Internet anbietet, der muss eine Standleitung oder etwas mit ähnlicher Charateristik unterhalten. Dabei kann es sich um eine Datex-P, ISDN- oder Modem-Strecke handeln. Der Betreiber dieser Strecke wird natürlich versuchen, seine Kosten auf die Nutzer umzulegen. Im Endeffekt liegen die Kosten für vernünftig nutzbaren Internet-Anschluss derzeit bei etwa 50 DM/Monat mit starken geografischen Abweichungen.\nIn Deutschland gibt es drei verschiedene Anbieter, die Internet-Dienste verkaufen können. Diese sogenannten Provider sind jedoch nur für kommerzielle Kunden und Institutionen interessant. Es handelt sich um EuNet Germany GmbH in Dortmund, XLINK in Karlsruhe und den DFN Verein. Für Privatpersonen ist eher der Individual Network e.V. (\u0026ldquo;das IN\u0026rdquo;) interessant. Dieser Verein hat bei zweien dieser drei Anbieter das Recht gekauft, deren Internet-Leitungen zu benutzen und dieses Recht an seine Mitglieder weiterzugeben. Auf diese Weise kann das IN seinen Mitgliedern einen günstigen Zugang ins Internet verschaffen, wenn diese die dazu notwendig Infrastruktur vor Ort organisieren können.\nWenn man sich in der Nähe eines solchen Zugangspunktes wohnt, also etwa in Kiel, Hamburg, Berlin, Oldenburg, im Ruhrgebiet, in Frankfurt oder in München, dann genügt es, sich an den entsprechenden Anbieter zu wenden (siehe Kasten\u0026quot;Adressen\u0026quot;). Ansonsten wird man sich überlegen müssen, ob man einen Anschlußpunkt in der Nähe finden kann oder wie man die Entfernung zum nächsten Anschlußpunkt überbrücken kann.\nInformationsquellen Um Neueinsteigern ins Internet bei der Orientierung zu helfen und einen Überblick über die verfügbaren Informationen und Dienste zu geben, hat man eine Reihe von RFCs mit Einsteigerinformationen zusammengestellt. Diese RFCs sind in einer gesonderten Reihe als \u0026ldquo;For your information\u0026rdquo; oder kurz FYI-Texte zusammengefasst worden. Von besonderem Interesse sind FYI 4, der sich mit häufig gestellten Fragen von Internet-Neulingen beschäftigt, FYI 8, der sich mit der Sicherheit einer Internet-Installation befasst und FYI 10, der einen Überblick über im Internet verfügbare Dienste gibt.\nLiteratur \u0026ldquo;Internetworking with TCP/IP; Principles, Protocols, and Architecture\u0026rdquo;, by Douglas Comer, Prentice Hall, ISBN 0-13-470154-2. \u0026ldquo;The Matrix; Computer Networks and Conferencing Systems Worldwide\u0026rdquo;, by John S. Quarterman, Digital Press, ISBN 0-13-565607-9. \u0026ldquo;!%@:: A Directory of Electronic Mail Addressing and Networks\u0026rdquo;, by Donnalyn Frey and Rick Adams, O\u0026rsquo;Reilly \u0026amp; Associates, Inc., ISBN 0-937175-39-0. \u0026ldquo;The User\u0026rsquo;s Directory of Computer Networks\u0026rdquo;, Edited by Tracy L. LaQuey, Digital Press, ISBN 0-13-950262-9. \u0026ldquo;Where to Start - A Bibliography of General Internetworking Information\u0026rdquo;, by Bowers, K., T. LaQuey, J. Reynolds, K. Roubicek, M. Stahl, and A. Yuan, RFC 1175, FYI 3, CNRI, U Texas, ISI, BBN, SRI, Mitre, August 1990. \u0026ldquo;The Hitchhikers Guide to the Internet\u0026rdquo;, by Krol, E., RFC 1118, University of Illinois Urbana, September 1989. \u0026ldquo;IAB Official Protocol Standards\u0026rdquo;, (currently, RFC 1280). RFC Ein \u0026ldquo;Request for Comments\u0026rdquo;, kurz RFC,\nist ein Papier, das sich in irgendeiner Form mit im Internet verwendeten Verfahren beschäftigt. Es kann sich dabei um eine Anmerkung zu bestehenden Verfahren, einen Verbesserungsvorschlag oder den Vorschlag zu einem neuen Verfahren handeln. Jeder, der am Internet interessiert ist, kann einen solchen RFC beim RFC Editor einreichen. Derzeit ist der RFC Editor Jon Postel, der unter der Internet-Adresse RFC-EDITOR@ISI.EDU zu erreichen ist. Wie eine Einsendung an den RFC-Editor auszusehen hat, um ihm die Arbeit zu vereinfachen ist auch in einem RFC (RFC 1111 ) beschrieben.\nEin solches Papier kann den Status \u0026ldquo;zur Information\u0026rdquo; erhalten, wenn es sich nur um eine Anmerkung handelt. Enthält der RFC eine Spezifikation, die einmal ein Standard werden soll, so kann das Internet Activities Board (IAB) das Papier prüfen und zum \u0026ldquo;proposed standard\u0026rdquo; erklären. So eine Spezifikation soll dann die Grundlage für zu entwickelnde Programmpakete sein, d.h. es braucht noch keine funktionierende Implementation des Standards zu geben.\nSobald es Erfahrungen mit dem neuen Vorschlag gibt, frühestens aber nach einem halben Jahr, kann die Spezifikation zum \u0026ldquo;draft standard\u0026rdquo; werden. Dazu muss es mindestens zwei Implementationen geben, die unabhängig voneinander aus der Spezifikation entwickelt worden sind und die trotzdem zusammenarbeiten können. An einem \u0026ldquo;draft standard\u0026rdquo; wird nichts Wesentliches mehr geändert; Modifikationen dienen nur noch der Ausbesserung von Fehlern und Ungenauigkeiten.\nSchließlich wird die Spezifikation nach angemessener Zeit zum \u0026ldquo;standard\u0026rdquo; befördert und ist damit ein fester Teil der Internet-Spezifikationen. RFC 1280 gibt eine Übersicht über den Standardisierungsprozeß und nennt den Status der verschiedenen Dokumente.\nNicht alle Standards im Internet müssen von allen Programmpaketen unterstützt werden. Die RFCs unterscheiden zwischen Fähigkeiten, die alle beteiligten Programme unterstützen müssen (required), zwischen Optionen, die alle unterstützen sollten (recommended) und zusätzlichen Features, die wirklich optional sind (elective).\nUm in der Entwicklung der Standards im Internet auf dem Laufenden zu bleiben, kann man die neu erscheinenden RFCs abonnieren. Dazu sendet man eine E-Mail an RFC-REQUEST@NIC.DDN.MIL , die die eigene Netzadresse enthält. Diese Adresse wird dann in einen Verteiler übernommen und fortan bekommt man alle neuen RFCs per E-Mail zugestellt. Vorausgegangene RFCs sind in verschiedenen Archiven zu bekommen. Eine Liste dieser Archive und eine Anleitung, wie man die betreffenden Dokumente bekommen kann, kann per FTP als isi.edu:/in-notes/rfc-retrieval.txt bezogen werden. Alternativ kann man auch eine E-Mail an rfc-info@isi.edu senden, die als Nachrichtentext nur die eine Zeile \u0026ldquo;help: ways_to_get_rfcs\u0026rdquo; (ohne die Anführungszeichen) enthält. Die RFCs bis Nummer 1357 sind außerdem auf der Desktop Library CD von Walnut Creek enthalten.\n","date":"1993-03-01T00:00:00Z","href":"https://blog.koehntopp.info/1993/03/01/tcpip-dienste.html","tags":["lang_de","publication","internet"],"title":"TCP/IP Dienste"},{"categories":null,"content":"Abgeschickt an die c\u0026rsquo;t am 17. März 1992.\nAus technischen Gründen stehen die Abbildungen zu diesem Artikel nicht im Web zur Verfügung.\nText des Artikels Glossar Betrübssysteme Jeder hat eines, angeblich kennt sich kaum einer wirklich damit aus und natürlich ist meines besser als Deines. Die Rede ist von Betriebssystemen. Das Betriebssystem ist das Grundprogramm eines Rechners. Es wird beim Einschalten des Rechners gestartet und erst beim Abschalten wieder beendet. Entsprechend seiner Funktion als Zwischenstück zwischen der realen Welt der konkreten Hardware und der abstrakten Welt der Algorithmen ist seine Aufgabe eine doppelte: Für alle Benutzer eines Rechners teilt es die Rechenleistung, den Speicher und die Geräte der Maschine fair zwischen ihnen auf. Es verhindert, so ist zumindest die Theorie, ungewollte Beeinflussung der verschiedenen Programme auf einem Rechner untereinander. Für ein einzelnes Programm ist das Betriebssystem mehr wie eine große Befehlsbibliothek, die die doch recht sparsame Maschinensprache eines Rechners um so wirksame Funktionen wie \u0026ldquo;mehr Speicher zur Verfügung stellen\u0026rdquo;, \u0026ldquo;Satz aus einer Datei lesen\u0026rdquo; oder gar \u0026ldquo;diesen Bildschirmaufbau präsentieren und Ergebnis der Benutzeraktion hier abliefern\u0026rdquo; erweitert.\nMit gespaltener Zunge Diese doppelte Aufgabenstruktur des Aufteilens und Multiplexens von knappen Betriebsmitteln auf der einen Seite und des Verbergens von lästigen Details aus der realen Welt vor den Anwendungen auf der anderen Seite bestimmt die Struktur eines Betriebssystems. Die Betriebsmittel, die ein Betriebssystem verwaltet, lassen sich grob in drei Gruppen unterteilen:\nZum ersten ist da - aus der Hardwaresicht - der Prozessor. Er ist die einzig aktive Komponente des Systems und zudem in den meisten Fällen leider nur einmal vorhanden. Aus der abstrakteren Sicht der Software erscheint er als Thread (\u0026ldquo;Kontrollfluß\u0026rdquo;) eines Programmes. Ein gutes Betriebssystem wird die kostbare - weil seltene - Prozessorhardware multiplexen, um mehr als einen Kontrollfluß zur Zeit ablaufen zu lassen. Zum zweiten gibt es den Arbeitsspeicher. Damit der Prozess ablaufen kann, müssen er selbst und seine Daten irgendwo gespeichert werden. Realer Speicher in Form von RAM hat irgendwelche Adressen und ist nicht notwendigerweise mit den von der Anwendung benötigten Eigenschaften (\u0026ldquo;an einem Stück\u0026rdquo;, \u0026ldquo;an einer bestimmten Stelle\u0026rdquo;) vorhanden.\nEs ist Aufgabe des Betriebssystems, mit Unterstützung einer MMU diese Anforderungen zu erfüllen. Andererseits muß aber verhindert werden, daß ein Prozess mehr als den ihm zugesicherten Speicher benutzt und dadurch eventuell andere Prozesse in ihrem Ablauf stört. Das Betriebssystem muß die images (\u0026ldquo;Laufzeitbilder\u0026rdquo;) verschiedener Programme verwalten. Und zum dritten sind auch noch Ein/Ausgabegeräte verschiedenster Art zu verwalten. Einige dieser Geräte, zum Beispiel Drucker oder Bandlaufwerke, sind nur von einem Prozess zur Zeit nutzbar. In diesem Fall muß das Betriebssystem den Zugriff auf diese Geräte zuteilen - etwa über einen Druckerspooler oder durch Locks. Andere Geräte, Festplatten beispielsweise, können aufgeteilt werden. Hier muß das Betriebssystem einen entsprechenden Dienst zur Verfügung stellen - im Beispiel wäre dies ein Dateisystem. Ein Betriebssystem stellt dem Anwendungsprogramm, wie bereits festgestellt, verschiedene Dienste zur Verfügung. Allerdings gibt es verschiedene Konzepte bei den Betriebssystem-Herstellern, wie diese Dienste in Anspruch zu nehmen sind.\nMessage passing Ältere Betriebssysteme wie MS-DOS, aber auch UNIX und OS/2, stellen Dienste des Systems per Prozeduraufruf zur Verfügung. Ob der Funktionsaufruf dabei durch einen Unterprogrammaufruf wie bei OS/2 oder durch einen Software-Interrupt wie bei MS-DOS und UNIX erfolgt, ist dabei zunächst nebensächlich. Wesentlich ist, daß der Kontrollfluß des Prozesses auf das Betriebssystem über geht. Diese Art des Dienstaufrufes hat aber einige Eigenschaften, die auf den ersten Blick als selbstverständlich, auf den zweiten Blick aber eher als unerwünscht gelten können:\nEin solcher Unterprogrammaufruf ist immer synchron: Das eigene Programm wartet solange, bis der Betriebssystemaufruf beendet ist. Bei einigen Systemaufrufen, die mit Ein-/Ausgabefunktionen zu tun haben, könnte es aber vorteilhaft sein, daß das eigene Programm zwar den Wunsch nach bestimmten Daten absetzt, aber dann erst einmal selbst weiterläuft und später nachsieht, ob die Daten denn jetzt zur Verfügung stehen. Durch einen Unterprogrammaufruf wird außerdem stillschweigend vorausgesetzt, daß das Betriebssystem den Dienst auf derselben CPU wie die Anwendung erbringt. Eine Funktion \u0026ldquo;Fourieranalyse der Daten in diesem Puffer\u0026rdquo; unter Benutzung der wesentlich schnelleren Hardware eines Signalprozessors ist auf diese Weise nicht mit Unterstützung des Betriebssystems möglich - der Anwendungsprogrammierer muß das selbst hinbasteln. Wenn der Dienstaufruf dann auch noch durch einen gewöhnlichen Unterprogrammaufruf geschieht, ist es einer Anwendung möglich, außer den definierten Betriebssystemfunktionen auch noch andere, nicht dokumentierte Funktionen aufzurufen, in dem nicht zugelassene Sprungadressen benutzt werden. Es soll sogar Systeme geben, auf denen dies die gängige Praxis ist. Der Systemsicherheit und der späteren Erweiterbarkeit ist eine so etwas natürlich nicht dienlich. Moderne Betriebssystemarchitekturen, allen voran Mach auf dem NeXT, aber auch Tanenbaums Amoeba oder Plan9 von AT\u0026amp;T, sind deswegen nach dem Client-Server Modell aufgebaut: Die Dienste des Systems stehen dabei an Serverprozessen zur Verfügung. Der Aufrufer sendet dem Server eine Nachricht (request-message), die von diesem ausgewertet wird. Das Resultat wird dem Absender in einer Antwortnachricht (reply-message) zugestellt.\nDer Server ist dabei kein Teil des Betriebssystems selbst, sondern ein normaler Prozess, der möglicherweise einige zusätzliche Privilegien gegenüber gewöhnlichen Anwendungen hat. Dazu gehört etwa die Zugriffsmöglichkeit auf einige Hardwareregister. Das eigentliche Betriebssystem ist dann auf die allerwesentlichsten Funktionen reduziert: Es verwaltet lediglich die Umschaltung zwischen den verschiedenen Prozessen, den lokalen Speicher des Systems und natürlich den Versand der Messages. Alle anderen Dienste werden durch leicht austauschbare Serverprozesse realisiert.\nDieses Modell des Dienstaufrufes hat nicht die Nachteile des Unterprogrammaufrufes: Die Dienstleistungen des Systems können asynchron in Anspruch genommen werden, indem die Anwendung beispielsweise eine Nachricht mit einem Lesekommando an den Fileserver sendet, dann aber weiterarbeitet. Später, wenn die Daten benötigt werden, sieht die Anwendung nach, ob die Antwort des Servers schon vorliegt. Wenn ja, kann ohne Pause weitergearbeitet werden, ansonsten muß die Anwendung (wie beim Dienstaufruf durch Sprung in ein Unterprogramm auch) warten.\nFür die Anwendung ist es egal, ob der angeforderte Dienst lokal auf der eigenen CPU vorhanden ist oder ob ein Server über ein Netz auf einem anderen Rechner läuft. Die Netzadresse mag sich ändern, aber der Aufrufmechanismus bleibt derselbe. Unterschiedliche Datenformate, Maschinensprachen oder Aufrufkonventionen werden durch den Message-Mechanismus verborgen.\nAuch kann das Verhalten den Servers, der ja von seinem Client vollständig getrennt ist, genau durch seine Reaktion auf die verschiedenen Kommandonachrichten beschrieben werden. Für den Client ist der Server auf jeden Fall eine Black Box. Unsaubere Gemeinheiten wie das heimliche Auslesen von undokumentierten Variablen oder der Sprung in interne Funktionen, die eine Anwendung eigentlich nicht kennen geschweige denn aufrufen sollte, sind nicht mehr machbar, denn der Server läuft in einem vom Client vollständig getrennten Adreßraum oder sogar auf einer ganz anderen Maschine in einem Netz.\nRechenleistung verteilen Wie oben erwähnt gibt es Systemzustände, in denen der Rechner ein Programm nicht fortsetzen kann, weil es auf irgendwelche Ereignisse (das Eintreffen von Daten von einem Gerät, das Erreichen einer bestimmten Zeit etc.) wartet. Offenbar reicht ein einzelnes Programm nicht aus, einen Prozessor durchgehend zu beschäftigen. Bei genauerer Untersuchung stellt sich sogar heraus, daß die meisten Programme mehr als 90 % ihrer realen Laufzeit in derartigen Wartezuständen zubringen.\nAus dieser Beobachtung heraus ist das Konzept des Multitasking geboren worden. In regelmäßigen Zeitabständen wird das laufende Programm unterbrochen, sein augenblicklicher Zustand wird eingefroren. Der Scheduler des Betriebssystems wählt dann einen anderen Prozess aus, dessen Zustand aufgetaut wird und der dann für die Dauer der nächsten Zeitscheibe zum Ablauf kommt. Ein Scheduler, der mit Zeitscheiben arbeitet, heißt \u0026ldquo;preemptive\u0026rdquo;.\nViele Betriebssysteme, die nachträglich auf Multitasking nachgerüstet worden sind, haben keinen solchen Scheduler, sondern sind darauf angewiesen daß ein Task den Prozessor freiwillig hergibt. Das kann ausdrücklich durch den Aufruf einer schedule()-Funktion in regelmäßigen Abständen geschehen oder versteckt, indem man im Betriebssystem am Ende jeder Systemfunktion einen Aufruf des Schedulers vor dem Verlassen des Betriebssystems einsetzt. Eine solche Form von Multitasking nennt man \u0026ldquo;kooperativ\u0026rdquo; oder \u0026ldquo;non-preemptive\u0026rdquo;. Bei einem System mit kooperativem Multitasking kann die Umschaltung für den Benutzer aber leicht schwerfällig wirken, wenn rechenintensive Anwendungen laufen, die selten Systemaufrufe tätigen.\nEiner der schwersten Fehler, den ein Programmierer auf einem Rechner mit Multitasking-Betriebssystem machen kann, ist es, in einer aktiven Warteschleife auf das Eintreffen eines Ereignisses zu warten (\u0026ldquo;busy waiting\u0026rdquo;). Die Effektivität von Multitasking beruht ja gerade darauf, daß Prozesse, die gerade keine echte Arbeit zu tun haben, stillgelegt werden und vom Betriebssystem erst dann wieder Rechenzeit zugeteilt bekommen, wenn sie etwas damit anfangen können.\nDeswegen ist es fast unmöglich, ein Betriebssystem wie beispielsweise MS-DOS nachträglich multitaskingfähig zu machen oder in einer Multitaskingumgebung (z.B. eine DOS-Box in UNIX oder OS/2) zu betreiben. Nahezu jedes Programm, angefangen vom Kommandointerpreter der Shell, \u0026ldquo;verbrät\u0026rdquo; die ihm zugeteilte Rechenzeit vollständig in Zeicheneinleseroutinen und anderen engen Warteschleifen, anstatt diese anderen Programmen zur Verfügung zu stellen. MS-DOS Prozesse sind gewissermaßen immer im Zustand \u0026ldquo;ready\u0026rdquo;. Wenn man einem solchen System nachträglich eine Multitaskingerweiterung überstülpt, fehlt diesem System notgedrungen der Zustand \u0026ldquo;sleeping\u0026rdquo;, und jeder laufende Prozess erhält genau 1/ntel der Gesamtleistung der CPU - selbst dann, wenn er eigentlich gar nichts damit anfangen könnte.\nNach welcher Strategie die schedule()-Funktion letztendlich bestimmt, welcher Prozess aus der \u0026ldquo;ready\u0026rdquo;-Queue in den Zustand \u0026ldquo;running\u0026rdquo; gehen darf und damit auf die CPU gelangen kann, hängt stark von den gewünschten Eigenschaften des Systems ab. Der einfachste Zuteilungsalgorithmus ist das \u0026ldquo;round-robin\u0026rdquo;-Verfahren. Dabei wird die zur Verfügung stehende CPU-Zeit gleichmäßig zwischen allen Prozessen aufgeteilt, die sich darum bewerben. Alle diese Prozesse kommen reihum auf die CPU - daher der Name.\nOft wird dieses Verfahren noch so erweitert, daß man Prozesse unterschiedlicher Priorität unterscheidet. Der Scheduler von AmigaOS, aber auch der von VAX/VMS, ist ein Round-Robin Scheduler mit Prioritäten. Das bedeutet: Der Ringtausch der Prozesse auf der CPU funktioniert innerhalb der höchsten vorhandenen Prioritätsebene. Erst wenn alle Prozesse einer höheren Prioritätsebene aus der Ready-Queue entfernt sind, etwa weil sie terminiert sind oder weil sie auf ein Ereignis warten und deswegen stillgelegt sind, kommen Prozesse mit niederen Prioritäten auf die CPU.\nAndererseits kann ein CPU-intensiver Prozess mit einer hohen Priorität den Rest des Systems recht schwerfällig machen oder gar blockieren. Gelegentlich (bei Echtzeitanwendungen zum Beispiel) ist dieser Effekt erwünscht: Man geht davon aus, daß ein Prozess mit einer hohen Priorität die Rechenzeit, die er beansprucht, auch unbedingt und gerade zu diesem Zeitpunkt benötigt. Im allgemeinen Fall allerdings möchte man eine Lösung haben, die auch dann noch eine gewisse Fairness gewährleistet, wenn ein Programm böswillig Rechenzeit schluckt. In UNIX zum Beispiel sind die Prioritäten von Prozessen nicht fest, sondern hängen davon ab, wie lange der Prozess schon in der Warteschlange steht und wie CPU-intensiv er ist.\nProzesse, die frühzeitig die CPU verlassen (etwa weil sie viel I/O machen und deswegen häufig im Zustand \u0026ldquo;sleeping\u0026rdquo; sind) bekommen ihre Restzeit als Bonus für die nächste Zeitscheibe gutgeschrieben, der in die Berechnung der Priorität eingeht. Dadurch bekommen solche Prozesse automatisch eine bessere Priorität als solche, die die Zeitscheiben immer voll ausnutzen.\nProzesse, die lange in der Ready-Queue gestanden haben (weil sie eine schlechte Priorität haben), werden temporär aufgewertet, damit sie auch eine Chance haben, einmal zum Ablauf zu kommen (priority aging).\nSynchronisation Eines der zentralen Probleme in einem System, in dem mehr als ein Programm zur Zeit aktiv sein kann, ist die Synchronisation von Prozessen bzw. der gegenseitige Ausschluß von Prozessen, die auf einen gemeinsamen Datenbereich zugreifen. Gemeinhin löst man in der Information ein solches Problem mit Semaphoren: Man definiert sich ein Flag, das anzeigt, ob ein Datenbereich zur Zeit \u0026ldquo;frei\u0026rdquo; oder \u0026ldquo;in Bearbeitung\u0026rdquo; ist, und zwei Operationen zum Setzen bzw. Löschen dieses Flags. Der Punkt ist, daß diese Operationen atomar sein müssen, das heißt, die Semaphor-Setzfunktion und die Löschfunktion dürfen auf keinen Fall unterbrochen werden.\nAuf Rechnern mit nur einem Prozessor läßt sich dieses Problem recht leicht dadurch lösen, daß man in diesen beiden Funktionen kurze Zeit sämtliche Unterbrechungen verbietet und die gewünschte Operation durchführt. Auf Mehrprozessorsystemen nützt dies natürlich nichts mehr, denn während der eine Prozessor den Semaphor bearbeitet, kann ein anderes Programm auf einem anderen Prozessor dasselbe tun. Hier ist das Betriebssystem auf die Unterstützung der Hardware angewiesen, die nicht unterbrechbare Semaphor-Operationen schon als Prozessorbefehl anbieten muß. Prozessoren wie der 680x0 und der 80x86 haben solche Operationen bereits eingebaut: Der TAS-Befehl des 680x0 führt zum Beispiel eine solche Semaphor-Operation in einem nicht unterbrechbaren Read-Modify-Write-Zyklus aus, und der 80x86 kennt das LOCK-Prefix für eine ganze Reihe von Befehlen, die dann ebenfalls nicht unterbrechbar werden.\nSpeicher auf Kredit Eine andere nützliche Sache, die einen sicheren Multitasking-Betrieb unterstützt, ist in den neueren Prozessoren der verschiedenen Hersteller ebenfalls gleich mit eingebaut: Alle diese Geräte haben eine PMMU, das bedeutet, sie sind in der Lage, physikalisch vorhandenes RAM an jeder beliebigen Stelle des Adreßraumes der CPU einzublenden und die Speicherzugriffe eines jeden Programmes genau zu kontrollieren.\nAuf diese Weise läßt sich ein Prozess in seinem eigenen Speicher einzäunen. Zwar erlaubt man ihm, auf den eigenen vom System angeforderten Speicher zuzugreifen, doch sobald versucht wird, auf andere, nicht erlaubte Speicherbereiche zuzugreifen, wird der Prozess unterbrochen und das Betriebssystem übernimmt die Kontrolle (\u0026ldquo;memory protection\u0026rdquo;, \u0026ldquo;Speicherschutz\u0026rdquo;). Es kann den problematischen Prozess stillegen und ein Image seines Zustandes zur späteren Fehlersuche auf Platte ablegen. Auf diese Weise verhindert man zwar nicht, daß ein fehlerhaftes Programm abstürzt, aber immerhin wird sichergestellt, daß keine anderen Programme in Mitleidenschaft gezogen werden.\nDie MMU-Hardware kann man auch dazu benutzen, dem Programm mehr RAM vorzuspiegeln, als tatsächlich in der verwendeten Maschine vorhanden ist (\u0026ldquo;virtual memory\u0026rdquo;). Die meisten Programme brauchen nicht alle ihre Daten und ihren gesamten Code zur gleichen Zeit, sondern sind oft nur in einem kleinen, eng begrenzten Speicherbereich (dem \u0026ldquo;working set\u0026rdquo;) aktiv. Je nach Benutzung des Programmes verschiebt sich dieser Bereich von Zeit zu Zeit, aber im Prinzip würde ein kleiner Speicherbereich ausreichen, um das ganze Programm ablaufen zu lassen.\nBetriebssysteme wie UNIX unterteilen deswegen den gesamten Speicher der Maschine in Seiten fester Größe - bei einer 80386 CPU zum Beispiel werden durch die Hardware Pages von 4 KB Größe vorgegeben. Nicht alle Speicherseiten eines Prozesses sind gleichzeitig im RAM, sondern Teile davon befinden sich in der \u0026ldquo;paging area\u0026rdquo;, einem abgeteilten Bereich einer Festplatte. Wenn ein Prozess versucht, eine Speicherseite anzusprechen, die gerade nicht präsent ist, generiert die MMU wieder eine Unterbrechung (\u0026ldquo;page fault\u0026rdquo;) und läßt das Betriebssystem zum Zuge kommen. Dieses sucht jetzt eine andere Speicherseite, die möglichst lange nicht benutzt worden ist, speichert diese in der Paging Area zwischen, adressiert sie um und stellt sie dann dem unterbrochenen Prozess an der richtigen Adresse und mit dem richtigen Inhalt, der inzwischen von der Platte geladen wurde, zur Verfügung. Dieser wird nach der kurzen Unterbrechung dann fortgesetzt.\nWenn genug Speicher vorhanden ist, um die aktiven Teile der verschiedenen lauffähigen Prozesse gleichzeitig im Speicher zu halten, fallen die kurzen Unterbrechungen beim Paging nicht weiter ins Gewicht. Wenn der Rechner jedoch überlastet wird und für die Anzahl der gleichzeitig laufenden Prozesse zu wenig Speicher hat, fängt er an, auch Teile von Prozessen auf Platte auszulagern, die gleich wieder geladen werden müssen. Die Rechenleistung der Maschine fällt plötzlich um einige Zehnerpotenzen, und die Antwortzeiten auf ein simples Return an der Console liegen auf einmal im Minutenbereich. Man bezeichnet diesen Vorgang als \u0026ldquo;treshing\u0026rdquo; (dreschen), und die Abhilfe bei diesem Problem ist simpel: Man lege einige Megabytes RAM nach.\nKonsequent weiter gedacht Wenn ein neuer Prozess gestartet wird, muß er zunächst einmal in den Speicher geladen werden. Verwendet man jedoch das eben erläuterte Virtual-Memory-Schema, bei dem jede Speicherseite des virtuellen Adreßraums genau einer Speicherseite auf der Platte entspricht, muß der Code eines Prozesses nicht nur in den Speicher kopiert, sondern auch noch in den Paging-Bereich der Platte geschrieben werden. Zudem werden Speicherseiten, die Code enthalten, nie geändert, so daß eigentlich gar keine private Kopie des Codes in der Paging Area angelegt werden muß. VMS, aber auch einige neuere UNIX-Versionen und natürlich modernere Systeme wie Mach und Chorus verwenden hier einen intelligenteren Algorithmus: Seiten mit Programmcode, die aus dem physikalisch vorhandenen Speicher verdrängt werden, werden einfach ohne Zurückschreiben aufgegeben und später aus der Programmdatei wieder nachgeladen (\u0026ldquo;paging from file\u0026rdquo;). Dadurch entfällt beim Starten eines Programmes das Umkopieren in die Paging Area, und der Paging-Bereich wird weniger stark belastet.\nDie Autoren von Mach und Chorus haben diese Idee konsequent weiter gedacht: Diese beiden Betriebssysteme können das auch mit Daten machen, die mit read() und write() aus Dateien gelesen oder geschrieben werden. Dateien, die aus Datensätzen fester Länge bestehen, sind schließlich nur der Sonderfall eines Arrays: In PASCAL kann man das sogar noch in der Definition sehen.\nMit Hilfe der MMU blendet man einen Speicherbereich von der Größe der Datei, die verarbeitet werden soll, in den Adreßraum des Prozesses ein (\u0026ldquo;memory mapped file\u0026rdquo;). Für den Prozess ist die Basis dieses Speicherbereiches die Startadresse eines ganz normalen Arrays. Versucht der Prozess, auf dieses Array zuzugreifen, kommt es zu einem Page Fault. Das Betriebssystem hat diesen Speicherbereich mit einer Datei assoziiert und lädt jetzt die entsprechenden Dateiinhalte in die angesprochenen Speicherseiten, mit denen der Prozess dann wie bei einem normalen Arrayzugriff arbeitet. Beim Schließen der Datei wird der Speicherbereich wieder aus dem Adreßraum des Prozesses ausgeblendet, und alle Modifikationen werden spätestens zu diesem Zeitpunkt in die Datei zurückgeschrieben.\nAuf diese Weise werden spezielle Dateioperationen in einer Programmiersprache überflüssig; Dateien werden wieder zu dem, was sie eigentlich sind: Arrays dynamischer Länge, deren Inhalt über die Laufzeit eines Prozesses hinaus Bestand hat. Der Programmierer einer Anwendung braucht sich nicht mehr um das Lesen und Schreiben von Daten in Puffer zu kümmern, er greift einfach darauf zu. Das tatsächliche Bereitstellen der Daten und das Zurückschreiben auf Platte geschieht durch das Betriebssystem, ohne daß er etwas damit zu tun hätte.\nInflation der Programmzähler Bis jetzt sind wir stillschweigend davon ausgegangen, daß ein Prozess genau einen Kontrollfluß hat. Bei den meisten Betriebssystemen ist das auch noch so, obwohl eine Verallgemeinerung möglich ist und bei moderneren Entwicklungen auch durchgeführt worden ist. Es ist durchaus sinnvoll, daß im Image eines Prozesses mehr als ein Kontrollfluß (\u0026ldquo;Thread\u0026rdquo;) aktiv ist. Man stelle sich beispielsweise eine Tabellenkalkulation vor, die in einer Warteschleife auf Nachrichteneines Menüsystems wartet. Wenn der Benutzer jetzt einen Menüpunkt anwählt, der längere Zeit zur Durchführung braucht (etwa das Neuberechnen des gesamten Blattes), kann im Prozess ein Thread dafür abgespalten werden, während der andere Thread schon wieder in der Warteschleife bereitliegt, um neue Benutzerkommandos entgegen zu nehmen.\nDie Erzeugung eines Threads ist - verglichen mit der eines eigenständigen Prozesses - relativ wenig aufwendig. Ein Thread ist kaum mehr als einige Prozessorregister und ein eigener Stackbereich, während an einem Prozess noch ungezählte Tabellen für MMU-Konfiguration, offene Dateien, etc. hängen. Beim kommerziellen Chorus-System hat man diese Trennung zwischen Speicherverwaltung und Kontrollflußverwaltung auch begrifflich deutlich machen wollen: Ein Kontrollfluß ist bei Chorus ein Thread, der zugehörige Kontext heißt Actor und ein Actor mit mindestens einem Thread bildet einen Prozess. Die Kommunikation und der Datentausch zwischen Threads sind fast ohne Aufwand möglich: Da Threads im selben Adreßraum liegen, können sie auf dieselben gemeinsamen Variablen zugreifen, ohne auf langsame und aufwendige Mechanismen zur Prozesskommunikation zurückgreifen zu müssen.\nDaten über die Grenze schaffen Bei Prozessen, die in verschiedenen, durch die Schutzmechanismen des Betriebssystems getrennten Adreßräumen liegen, sind der Datentausch und die Kommunikation untereinander schon aufwendiger. Einem gemeinsamen Adreßraum am nächsten kommt noch \u0026ldquo;shared memory\u0026rdquo;. Dabei wird eine Speicherseite, die verschiedene Variablen enthalten kann, in die Adreßräume der beteiligten Kommunikationspartner eingeblendet. Diese sind allerdings voll verantwortlich für die Regelung des Zugriffs auf diese Speicherbereiche, die Freigabe, wenn sie nicht mehr benutzt werden, etc.\nViele Betriebssysteme stellen deswegen höher entwickelte, aber auch langsamere Kommunikationsmöglichkeiten zur Verfügung. Am häufigsten findet sich ein Message-System, bei dem eine Art FIFO-Struktur realisiert wird. Jeder Prozess hat, wenn er Nachrichten entgegennehmen möchte, einen sogenannten Port, an den andere Prozesse Nachrichten senden können. Treffen die Nachrichten schneller ein, als der Prozess sie abarbeiten kann, bildet sich am Port eine Queue mit FIFO-Struktur. Der empfangende Prozess arbeitet die Nachrichten jetzt in der Reihenfolge ab und sendet die Antworten an die Absender zurück.\nHier kann das Betriebssystem schon einen guten Teil der Zugriffsregelung, der Speicherverwaltung und der Adreßauflösung übernehmen. Wenn der Message-Mechanismus nämlich allgemein genug implementiert wird, muß der Message-Port des Empfängers nicht unbedingt auf der eigenen Maschine sein, sondern kann sich irgendwo im Netz befinden. Ist der Empfänger lokal erreichbar, kann die Nachricht ohne Kopieren einfach in seinen Adreßbereich eingeblendet werden. Andernfalls muß sie \u0026ldquo;by value\u0026rdquo; über das Netz kopiert werden. Der Benutzer des Message-Systems merkt davon nichts, für ihn sind diese lästigen Details verborgen. Das geht bei Chorus dann sogar soweit, daß Ports von einem Prozess zu einem anderen migrieren können, ohne daß sendende Prozesse von diesem Wechsel des Empfängers etwas merken. Derartige Features erleichtern dem Programmierer von \u0026ldquo;fault tolerant systems\u0026rdquo; die Arbeit natürlich ungemein.\nNoch viel wichtiger als ein Mechanismus zur Kommunikation zwischen Prozessen ist jedoch, daß ein einheitliches, erweiterbares Format zum Datentausch besteht. Es genügt nicht, daß das Betriebssystem Dienste zum Verschieben von Bytes zwischen einem oder mehreren Prozessen zur Verfügung stellt. Der Empfänger muß auch in der Lage sein, diese Bytes als eine bestimmte Datenstruktur, etwa einen Bildausschnitt oder einen Text mit Steuerinformationen, zu deuten. Wenn das Betriebssystem ein durch Subklassen erweiterbares Format für die verschiedenen am häufigsten auftretenden Datentypen bereitstellt, leistet es einen wesentlichen Teil zur Vereinheitlichung der Datenformate der Applikationen, die auf diesem Betriebssystem ablaufen.\nWichtig für die Funktionsfähigkeit eines solchen Datenformates ist, und das soll noch einmal besonders herausgestellt werden, daß es von seinem Benutzer unter Wahrung der Abwärtskompatibilität erweiterbar ist. Ein Benutzer eines Textverarbeitungsformates, beispielsweise ein DTP-Programm, muß in der Lage sein, seine programmspezifischen Zusatzinformationen in einem Text abzulegen. Andere Anwendungen, die dieses Textformat lesen können, müssen trotzdem in der Lage sein, die Standardattribute eines Textes aus so einer Datei herauszulesen und die Nichtstandardattribute unverändert weiter zu kopieren. Eine Anwendung, die ein zusammengesetztes Format schreibt, z.B. eine Animation oder ein Text mit Bildern, muß dies in einer Art und Weise tun können, die es anderen Anwendungen erlaubt, die Komponenten dieser Daten (etwa Einzelbilder) gezielt zu lesen, zu verarbeiten und wieder in die Gesamtdatei zu integrieren.\nFunktionsbibliotheken, die die Arbeit mit solchen Dateiformaten unterstützen, gehören zwar nicht zu den unmittelbaren (Kern-) Dienstleistungen eines Betriebssystems, aber sie sollten auf jeden Fall zu seinem Standardfunktionsumfang gehören, um eben eine Einheitlichkeit in den Datenformaten bei den Anwendungen zu begünstigen.\nEinheitlichkeit - das zweite Ziel Einheitlichkeit beim Zugriff auf die vom System bereitgestellten Dienste zu ermöglichen, ist, wie bereits am Anfang dieses Textes dargestellt, neben der Verteilung von Ressourcen eine der Hauptaufgaben eines Betriebssystems. Ziel soll es sein, Anwendungen eine virtualisierte Umgebung bereitzustellen, die zwar die Nutzung der speziellen Möglichkeiten dieses konkreten Systems möglichst wenig einschränkt, aber zugleich eine einheitliche, virtuelle Maschine über die Grenzen verschiedener Systemkonfigurationen oder gar verschiedener Hardwareplattformen hinweg ermöglicht.\nBetriebssysteme wie UNIX und seine Abkömmlinge tun dies beispielsweise, in dem sie den meisten Systemdiensten das Dateiparadigma überstülpen: Pipelines, zeichen- und blockorientierte Geräte, Querverweise auf andere Dateien, Netzwerkdienste - alles dies ist als Eintrag im hierarchischen Namensraum des Dateisystems zu finden.\nIn Mach, aber auch in Plan9 und in den neuesten Versionen von UNIX, ist dieses Konzept noch Verallgemeinert worden, indem von der Möglichkeit Gebrauch gemacht wurde, die unterschiedlichsten Typen von Dateisystemen in den Namensraum zu integrieren. So gibt es bei System V Rel. 4 ein /proc-Dateisystem, in dem die zur Zeit im Rechner laufenden Prozesse als Dateieinträge sichtbar gemacht werden.\nAmoeba, ein experimentelles Betriebssystem von Tanenbaum, treibt es jedoch auf die Spitze. In Amoeba sind alle Dienste - also das Bereitstellen der Informationen in einer Datei, Pipelines, Prozesskommunikation, etc. - unter einer Kennung zu erreichen, die das jeweils angesprochene Objekt (die Datei, den Prozess, \u0026hellip;) eindeutig identifiziert. Diese Kennung beinhaltet zugleich die Kodierung der Zugriffsrechte, die Adresse des Objektes im System und noch einige Informationen mehr. Die vom Betriebssystem verwalteten Objekte werden durch einen Directory-Service miteinander zu einer Struktur verknüpft, die nicht mehr auf die baumartige Hierarchie eines UNIX-Dateisystems beschränkt ist, sondern jeden beliebigen, gerichteten Graphen modellieren kann. Da der Directory-Service selbst wieder ein Objekt im Amoeba-System ist, ergibt sich, ähnlich wie beim UNIX-Dateisystem, eine interessante, rekursiv definierte Struktur.\nEine andere Möglichkeit der Virtualisierung ist die Abstraktion von einem konkreten Gerät zu seinen Möglichkeiten. In UNIX gibt es zum Beispiel die curses-Bibliothek, die es ermöglicht, ein Terminal unabhängig von den Steuercodes, die es verwendet, zu programmieren. Windows, OS/2, AmigaDOS und andere Betriebssysteme leisten ähnliches bei der Ansteuerung von Druckern. Statt daß die Anwendung einem bestimmten Drucker an der parallelen Schnittstelle einen bestimmten Steuercode zum Einschalten von Fettschrift zu sendet, bittet sie den Druckertreiber, den vom Anwender gewünschten Drucker in Fettschrift umzustellen, falls der Drucker das kann. Eine austauschbare Komponente des Betriebssystems, ein Gerätetreiber, stellt jetzt fest, ob der Drucker diese Funktion hat, und veranlaßt die für den konkreten angeschlossenen Drucker passenden Maßnahmen an einem weiteren untergeordneten Gerätetreiber für die Druckerschnittstelle. Dies kann der Treiber für die parallele oder die serielle Schnittstelle sein, aber auch der SCSI- oder der Ethernet-Treiber für einen Drucker im Netz. Die \u0026ldquo;passenden Maßnahmen für den konkreten Drucker\u0026rdquo; können die Generierung von fünf ASCII-Steuerzeichen zur Umschaltung auf Fettdruck sein oder das Berechnen eines neuen Fonts und das Laden dieses Zeichensatzes auf den Drucker. In jedem Fall bekommt die Anwendung die von ihr gewünschte Dienstleistung, ohne überhaupt etwas von den Aktivitäten hinter den Kulissen zu merken und ohne daß der Hersteller der Anwendung bei jedem Update mehrere Disketten mit Gerätetreibern mitliefern muß.\nDas Betriebssystem der Zukunft? Das Betriebssystem der Zukunft, egal ob es jetzt OS/2, Windows oder UNIX heißen wird, wird mit den heute verbreiteten Systemen, die kaum mehr als dynamisch linkbare Bibliotheken von Ein-/Ausgabefunktionen sind, wenig gemeinsam haben. Statt dessen wird es halb-experimentellen Systemen wie Mach, Plan9 oder Amoeba ähnlich sehen. Es wird einen kleinen Kern mit den notwendigsten Funktionen zum Multitasking und Message Passing haben und eine große Zahl von Standardserverprozessen für die unterschiedlichen Systemdienste bereitstellen. Zu diesen Systemdiensten wird das Betreiben von Geräteabstraktionen (Standarddruckern, einheitlich steuerbaren Grafikbildschirmen) ebenso gehören wie das Bereitstellen komplexer Bibliotheksfunktionen über Serverprozesse mit eigenem Kontrollfluß (etwa die Konvertierung von Datenformaten oder eine Bibliothek mit Funktionen für grafische Benutzerführung).\nDer Preis für die Funktionalität: Mehr Megabytes, mehr Megaherz, mehr Megapixel.\nGlossar Kernel: Der Kernel ist das eigentliche Betriebssystem. Moderne Systeme haben die Anzahl der Funktionen im Kernel auf das allernotwendigste reduziert. Man redet dann von einem Microkernel. Gerätetreiber: Geräteabhängiges Treiberprogramm für ein Peripheriegerät, oft Bestandteil des Kernels. Thread: Kontrollflußbestandteil eines Prozesses: CPU-Register, Stack, Zustand, etc. Actor: Bezeichung im Betriebssystem Chorus für den Kontext eines Prozesses, der nicht mit dem Thread zusammenhängt: MMU-Register, Dateizeiger, etc. Prozess: Ein Actor mit mindestens einem Thread bildet einen Prozess. Image: Speicherabbild eines Prozesses. Virtual Memory: Erweitern des Speicherbereiches, der einem Prozess zur Verfügung steht, durch für den Prozess transparentes Auslagern von Prozessen (oder Prozessteilen) auf einen Hintergrundspeicher durch Swapping oder Paging. Swapping: Ein-/Auslagern ganzer Prozesse in einen speziellen Plattenbereich (swap area) bei Speicherknappheit. Demand Paging: Ein-/Auslagern von Prozessteilen fester Größe (Pages) in einen speziellen Plattenbereich bei Speicherknappheit. PMMU: Paged Memory Management Unit; Hardware zum Abbilden virtueller Prozessadressen auf physikalische Speicheradressen. Working Set: Der Teil eines Prozesses, der aus Effizienzgründen in physikalischem RAM gehalten werden sollte, weil der laufende Prozess ständig Adressen aus dem Working Set referenziert. Treshing: Dramatischer Leistungsabfall des Systems um einige Zehnerpotenzen, wenn wegen Speicherknappheit Teile der Working Sets von aktiven Prozessen ausgelagert werden. Server-Client Modell: Art der Betriebssystemarchitektur, bei der die Dienste des Systems von Serverprozessen angeboten werden. Der Client sendet eine Nachricht mit einer Dienstanforderung an den Server, der die gewünschte Funktion asynchron ausführt und das Ergebnis zurücksendet. Semaphore: Flag, das den Zugriff mehrere Prozesse auf eine Datenstruktur regelt. Message passing: Paradigma beim Aufruf von Betriebssystemfunktionen: Die Parameter eines Dienstaufrufes werden dem Dienstanbieter in einer Nachricht übermittelt. Der Dienstanbieter ist ein eigenständiger Prozess, der die Anforderung unabhängig und asynchron zum Dienstaufrufer bearbeitet. Time-Slice: Zeitscheibe; die Zeiteinheit, die ein Prozess maximal ohne Unterbrechung die CPU in Anspruch nehmen kann. Preemptive Multitasking: Verfahren, bei dem Prozesse die CPU auch ohne eigenes Zutun nach Ablauf der Zeitscheibe verlieren können. Cooperative Multitasking: Verfahren, bei dem Prozesses die CPU nur durch expliziten oder impliziten (durch Aufruf einer Systemfunktion) Aufruf des Schedulers verlieren können. Scheduler: Betriebssystemteil, der bestimmt, nach welchen Kritierien die Zeitscheiben den einzelnen Prozessen zugeteilt werden. Round-Robin: Scheduling-Algorithmus, bei dem alle lauffähigen Prozesse dieselbe Anzahl von Zeitscheiben zugeteilt bekommen. Priority-Aging: Eigenschaft von Scheduling-Algorithmen. Prozesse, die längere Zeit keine Zeitscheibe zugeteilt bekommen haben, werden in der Priorität temporär heraufgestuft. Wall Clock Time: Reale (gestoppte) Laufzeit eines Prozesses. Cpu Time: Zeit, die ein Prozess tatsächlich ablaufend auf der CPU verbracht hat. Typischerweise viel weniger als ein Zehntel der wall clock time. ","date":"1992-03-17T00:00:00Z","href":"https://blog.koehntopp.info/1992/03/17/betriebssysteme.html","tags":["publication","computer","lang_de"],"title":"Betriebssysteme"},{"categories":null,"content":" Satzung der Interstellaren Gesellschaft für Revolutionäre Informatik Die Vier \u0026ndash; Preliminary release\nVerzapft zu Kiel am Rhein, Sternzeit 191188\u0026ndash;00320963\nPräambel Im Bewußtsein ihrer Verantwortung vor CPU und Speicher und allen gelangweilten Studenten der Informatik an der GAU zu Kiel,\nvon dem Willen beseelt, ihre körperliche und geistige Unversehrtheit zu bewahren und als gleichberechtigtes Mitglied in einem pangalaktischen Netzwerk dem ungehemmten Datenaustausch zu dienen,\nhat die Menge aller Informatiker I,\ndie auf den Rechnern von Acorn, Amiga, Apollo, Apple, Atari, Commodore, Cray, DEC, NeXT, Sun und notfalls auch Siemens programmieren,\num dem UNIversellen Betriebssystem für die Studienzeit eine brauchbare Funktion f(x) zu geben,\nkraft ihrer allumfassenden (all wie Weltall) Zugriffsberechtigung diese maschinenlesbare Satzung der Interstellaren Gesellschaft für Revolutionäre Informatik axiomatisch definiert.\nSie hat auch für jene Informatiker gehandelt, denen auf einer IBM zu programmieren nicht erspart blieb.\nDie Menge aller Informatiker I\u0026rsquo; bleibt aufgefordert, in ungebrochener Konsequenz die Zerstörung aller inTEL\u0026ndash;Prozessoren zu vollenden.\nSatz 1 (ohne Beweis) Die Passwörter eines jeden Users sind übertragbar. Sie zu verbreiten ist Aufgabe aller informationsübertragenden Kommunikationsmittel. Die Menge I\u0026rsquo; bekennt sich darum zu unbeschränkten und unveräußerlichen Zugriffsrechten als Grundlage jeder programmiertechnischen Gemeinheit, des Logins und der Gerechtigkeit im System. Das nachfolgende System ist hinreichend zur Herleitung aller Systemabstürze. Satz 2 Jeder hat das Recht auf unbeschränkte Vergrößerung seiner Dateien, solange er nicht Daten anderer Benutzer überschreibt und das Betriebssystem mit Hilfe negativer Arrayindizes korrigiert. Jeder hat das Recht auf Massenspeicher und CPU\u0026ndash;Zeit. Die Prioritäten sind nicht limitierbar. In diese Rechte darf nur auf Grund eines Interrupts eingegriffen werden. Beweis Durch Murphy.\nSatz 3 Alle User sind vor dem Betriebssystem gleich, nur der Sysop ist gleicher. Undeclared identifier(s): Frauen, Mädchen. Niemand darf wegen seines Prozessors, seines Betriebssystems, seiner Programmiersprache, seines Computertyps, seines Glaubens oder seines Hasses auf die Hersteller inferiorer Hardware benachteiligt oder bevorzugt werden. Ausgenommen IBM\u0026ndash;Benutzer. Beweis Das ist so.\nSatz 4 Die Freiheit des Glaubens, des Gewissens und die Freiheit des religiösen und weltanschaulichen Bekenntnisses sind unverletzlich, solange der Betreffende den Sysop des Systems als Quell aller Prozessorzeit und alles Speicherplatzes anerkennt und stets vor Augen hat. Die ungestörte Programmausführung wird gewährleistet. Niemand darf gegen sein Gewissen zur Benutzung eines IBM\u0026ndash;Rechners gezwungen werden. Näheres steht im Handbuch. Beweis trivial.\nSatz 5 Jeder hat das Recht, UNSERE Meinung in Wort, Schrift, Bild und auf Datenträgern frei zu äußern und zu verbreiten. Jeder, der unsere Produkte illegal kopiert, muss mit schärfsten Maßnahmen unsererseits rechnen: Strafanzeige wegen Verletzung des Urheberrechtsgesetzes, des Gesetzes gegen den unlauteren Wettbewerb sowie des Warenzeichengesetzes, einstweilige Verfügung sowie Zivilklagen auf Unterlassung und Schadenersatz, Anzeige beim zuständigen Finanzamt und Gewerbeamt sowie beim Arbeitgeber oder der Universität/Schule. Wir beschäftigen eine Vielzahl von Testinteressenten \u0026ndash; die Palette reicht von jungen Schülern bis zu seriösen Geschäftsleuten \u0026ndash; die ständig auf der Suche nach illegalen Kopien sind. Wen wir erwischen, der ist dran: Freiheitsstrafe bis zu einem Jahr oder Geldstrafe, Eintrag einer Vorstrafe in das polizeiliche Führungszeugnis, Schadenersatz, ggf. Tatbestand der Steuerhinterziehung.\nBeweis Da könnte ja jeder kommen.\nSatz 6 Das System ist fest in unserer Hand. Jeder Versuch, die Katastrophe zu verhindern, ist von vorneherein zum Scheitern verurteilt. Der Beweis bleibt dem geneigten Leser zur Übung überlassen. Satz 7 Das Recht zur Errichtung von privaten Mailboxen wird gewährleistet. Private Mailboxen als Ersatz für Bildschirmtext bedürfen keiner Genehmigung durch die Deutche PundesPest. Werft die Purchen zu Poden! Beweis Das war schon immer so!\nSatz 8 Alle User haben das Recht, sich nach Anmeldung beim Master-Control-Program friedlich und ohne Viren in den Dialog zu begeben. Für Wartungsarbeiten am System kann dieses Recht durch den Sysop oder auf Grund eines \u0026ldquo;Normal System-Shutdowns\u0026rdquo; eingeschränkt werden. Der Zugang zum Kontonummern-Auskunftsdienst der Deutschen Bundespost ist vorübergehend nicht möglich. Wir bitten um Ihr Verständnis. Beweis Durch Pepsi\u0026ndash;Test.\nSatz 9 Für alle Elemente der Menge I\u0026rsquo; gilt: Sie haben das Recht, Teilmengen zu bilden. Die leere Menge wird auf das Bottom-Symbol abgeboldet. Die Abbildung ist nicht injektiv, surjektiv oder sonstwie -jektiv. Teilmengen, deren Eigenschaften dieser Satzung zuwiderlaufen, werden nach NIL: kopiert. Beweis durch Rekursion.\nSatz 10 Das Briefgeheimnis und das Post\u0026ndash; und Fernmeldegeheimnis sind unverletzlich (wer\u0026rsquo;s glaubt…). Beschränkungen sind an der Tagesordnung. Was glauben Sie, wer sich schon alles über Ihre peinlichen Liebesbriefe amüsiert hat. Beweis Sie tun\u0026rsquo;s doch auch!\nSatz 11 Alle Elektronen genießen Freizügigkeit auf dem Motherboard (noch!). Jeder Widerstand ist zwecklos und wird durch Supraleitung gebrochen. Beweis Sei a ein beliebiger Finger der linken Hand. Sei b ein beliebiger Finger der rechten Hand. Wähle eine Steckdose S mit den Kontakten A und B, derart daß U(S) = 220V. Stecke jetzt den Finger a in den Kontakt A und den Finger b in den Kontakt B. Wem jetzt keine Erleuchtung kommt, der wird sie niemals haben.\nDieses Beweisverfahren ist untauglich für Chefsoftwareentwickler und Starprogrammierer.\nSatz 12 Jeder Programmierer hat das Recht, seinen Prozessor und seine Programmiersprache frei zu wählen. inTEL\u0026ndash;Prozessoren sind keine Prozessoren im Sinne von Satz 12 dieser Satzung. PASCAL ist keine Programmiersprache im Sinne von Satz 12 dieser Satzung. Niemand darf zur Arbeit verleitet werden. Beweis Wer Arbeit kennt und sich nicht drückt, der ist verrückt.\nFolgerung aus Satz 12: Wer sich in oliv kleidet oder in oliv kleiden läßt oder olive oder olivgetönte Kleidungsstücke anzieht oder sich verschafft, im Gleichschritt marschiert und dazu laut und falsch schmutzige oder braune Lieder gröhlt, DER IST SELBST SCHULD! Beweis (rotes Farbband ein) COSMIC TOP SECRET (rotes Farbband aus)\nSatz 13 Entfällt aus Sicherheitsgründen. Nicht, daß wir abergläubisch sind, aber …\nSatz 14 Jeder Informatikstudent trägt an dem Erbe von 2 Kilojahren Mathematikgeschichte. Anmerkung: Wenn Pythagoras nicht schon tot wäre, von UNS hätte DEN bestimmt einer erwischt! Beweis Kommt nur her, wenn Ihr Euch traut!\nSatz 15 Wer die Tilde als Schlange bezeichnet, wird mit MS\u0026ndash;DOS Programmen nicht unter 2 Megabytes bestraft! Der Versuch ist strafbar. Beweis Duden.\nSatz 16 Der Account darf nicht entzogen werden. Der Verlust eines Accounts darf gegen den Willen des Betroffenen nur dann eintreten, wenn der Betroffene dadurch nicht mailboxlos wird. Kein User darf der Post schutz\u0026ndash; oder kampflos ausgeliefert werden. Hacker genießen Asylrecht (im Volksmund: Narrenfreiheit). Beweis Durch vollständige Induktion über die Anzahl der Accounts. Wie, Sie wissen nicht, wie das geht, \u0026ldquo;Beweis durch vollständige Induktion\u0026rdquo;? Wir auch nicht… Gehen Sie zurück in das 1. Semester, gehen Sie nicht über LOS, ziehen Sie nicht 4000 DM BAFöG ein.\nSatz 17 Jeder hat das Recht sich untertänigst, demütig und devot mit Bitten und natürlich saublöden Fragen an den Sysop zu wenden. Er darf sich dann aber nicht wundern, wenn er dumme Antworten erhält oder gar sein Account gesperrt wird.\nBescheiß: Wo immer Du kannst!\nSatz 18 Wer aus dieser Satzung irgendwelche Rechte für sich oder andere ableitet, befindet sich auf dem Holzweg. Und sagen Sie nicht, wir hätten Sie nicht gewarnt!\nBeweis Wer ist denn hier der Sysop, Du oder ich?\nSatz 19 Alle vorhergehenden Sätze können vom Sysop für einzelne User und ganze Benutzergruppen nach Belieben negiert werden. Beweis Ist 1703 eine Primzahl?\nSatz 20 Alle Befugnisse gehen vom Sysop aus. Wer planlos durch das System irrt, oder andere planlos durch das System irren lässt, der kann die Anleitung nicht lesen. Jeder, der es auch nur andeutungsweise unternimmt, gegen diese unumstößlichen Wahrheiten zu Felde zu ziehen, der wird ohne Warnung hinterrücks aus sämtlichen Verzeichnissen und Unterverzeichnissen unwiederbringlich GELÖSCHT! Beweis Just try it.\nLemma 21 ist genau die Hälfte von 42 (auch für Physiker!). Beweis Deep Thought irrt nicht.\nSatz 22 Der Zeichensatz ist ASCII. Die Amtsprache ist 680x0\u0026ndash;Assembler. Das Wappen der Interstellaren Gesellschaft für Revolutionäre Informatik (das sind wir!) zeigt einen wahnsinnig niedlichen 68000er-Prozessor mit 64 (das ist eine Potenz der wahnsinnig niedlichen Zahl 2) wahnsinnig niedlichen Beinen und wahnsinnig niedlichen Fühlern und Augen, der einen wahnsinnig widerlichen inTEL\u0026ndash;Prozessor mit einem wahnsinnig harten Hammer in wahnsinnig kleine Teile zerlegt. Es trägt die wahnsinnig lateinische Inschrift \u0026ldquo;Nihil Satis Nisi Absurdissimum\u0026rdquo; (\u0026ldquo;Nur das Absurdeste ist wahnsinnig gut genug\u0026rdquo;), die sich in wahnsinnig kühn gesetzten Lettern über dieses wahnsinnig aussagekräftige Wappen erhebt. Die Farben und die Auflösung sind abhängig vom Ausgabegerät. Die Interstellare Gesellschaft für Revolutionäre Informatik unterstützt virtuelle Druckertreiber. Beweis:\n:-)\nSatz 23 Diese Satzung ist auf allen Rechnern zu implementieren. Beweis Enter at your own RISC!\nSatz 24 Die gesellschaftliche Revolution durch interstellare Informatik (oder so ähnlich) kann\nmehr als man im ersten Moment erwarten sollte, weniger als man dieser Satzung nach denkt, mehr als manch ein Informatik\u0026ndash;Pro(f/z)essor (wir haben hier WIRKLICH niemand bestimmten im Wesir…), lügen, ohne rot zu werden (siehe Punkt 3), einen Duden gut gebrauchen, 7.0 nicht richtig zählen,\n7.99999. und auch nicht richtig runden.\nBeweis Man lese nur Satz 24, Punkt (3).\nAnmerkung: Da oben fehlt ein \u0026rsquo;s'.\nSatz 25 Eine zu hohe Baudrate führt zu )%\u0026quot;!/qwerty\u0026amp;y- Verbindungsauslösung \u0026mdash; Auslösung durch Zufall.\n:sieweB noitisopartnoK hcruD\nSatz 26 Viren, die geeignet sind oder in der Absicht programmiert worden sind, die friedliche Koexistenz von Tasks in einem virtuellen Adreßraum zu stören, insbesondere die Führung eines Krieges im Kernspeicher, sind satzungswidrig. Sie sind qualvoll zu löschen. Beweis durch Strafandrohung.\nSatz 27 Alle Systeme bilden ein homogenes Netzwerk.\nAlle Netnodes, die einem Multiprocessing\u0026ndash;Supercluster angehören, müssen ein RJE-Accounting mit bidirektionalem Handshaking sowie sequential Indexing supporten.\nBeweis Autodialing Netnodes können durch bijektive Parallelepipede auf redundant quadratische Matrizenrelationen projeziert werden.\nSatz 28 public _begin public _ThisPtr .cseg begin: movem.l A0,-(SP) link #0,A5 lea _ThisPtr,A0 jsr (A0) unlk A5 movem.l (SP)+,A0 rts .dseg _ThisPtr: dc.l Satz31 .end Beweis 0 Error(s) found in this Assembly.\nSatz 29 Vor die Cray hat Gott die VAX gesetzt. Wer ist denn dieser \u0026ldquo;Gott\u0026rdquo; überhaupt? Beweis zu finden bei Oolon Coluphid, IGSBN 3-548-31070-2, 7.80 Atair\u0026ndash;Dollar, erschienen in den Verlagen von Beta Ursae Minoris.\nSatz 30 Die Interpretation von Programmen ist Sache des Prozessors. Die Ergebnisse sind unanfechtbar. Der Rechtsweg ist ausgeschlossen. Mitarbeiter der Interstellaren Gesellschaft für Revolutionäre Informatik sind von der Teilnahme an der Verlosung der Ergebnisse ausgeschlossen. Beweis Murphy ist immer und überall (all wie Weltall).\nSatz 31 1.0.\n1.0.0.\n1.0.0.1.\nÜber sticht Unter.\nBeweis siehe Skatordnung.\nSatz 32 Die Pflege der Beziehungen zu Peripheriegeräten ist Sache der DMA. Vor dem Abschluss eines Programmes, das irgendwelche näherungsweise brauchbaren Ergebnisse liefern könnte, ist der Zufallszahlengenerator zu hören. Der Prozessor macht sowieso, was ER will. Handbücher sind veraltet. Unterprozessen ist es untersagt, irgenwelche Verbindungen mit anderen Unterprozessen aufzunehmen, ohne vorher das MCP zu befragen. Wer das Hauptprogramm beleidigt, fliegt raus Prozeduraufrufe in Prozeduraufrufen, die Prozeduraufrufe beinhalten, entbehren jeglicher programmtechnischer Notwendigkeit. Beweis zu finden in Donald E. Knuth, \u0026ldquo;The Art of Computer Programming\u0026rdquo;.\nSatz 33 Permutieren Sie die Zahl 33 solange, bis Sie nicht mehr die Zahl 33 erhalten. Beweis durch Großen Grünen Arkelanfall.\nSatz 34 Man kann einen Idioten stundenlang beschäftigen.\nBeweis siehe Satz 35.\nSatz 35 Man kann einen Idioten stundenlang beschäftigen.\nBeweis siehe Satz 34.\nSatz 36 Der Prozessor ist unkündbar. Er hat das Recht auf 36 Mikrosekunden bezahlte Waitstates in der Sekunde. Nach einer festgelegten Anzahl von Taktzyklen ist er in den Ruhestand zu versetzen. I/O-Bausteine haben eine 38.5 Bit FIFO-Pipe. Rotglühende Chips sind kurzfristig zu beurlauben. Die Pizza ist fertig, wenn der Käse gut zerlaufen ist. Wassereinbruch in Laufwerk A: (A)bbrechen, (W)iederholen, (I)gnorieren? I Bitte warten… Pumpe ab. Fertig -- Platte wird geschleudert. C:-\u0026gt; Die Tastenkappen bekommen einen seidigen Glanz, wenn man ihnen regelmäßig ein rohes Eigelb ins Futter mischt. Tasten würden Whisky saufen. Beweis Wer sind wir denn …\nSatz 37: (37, wie 37.5 Fieber …) Jeder Text wird nach einer bestimmten Anzahl Bytes absurd. Man nennt dies die KRITISCHE MASSE an GEBALLTEM SCHWACHSINN. Überschreitet ein Text diese Länge, implodiert das Gehirn des Lasers. Beweis Wir lassen auch nichts aus …\nSatz 38 Der IGfRI steht ein letzter Vorsitzender nach. Bei Abwesenheit des letzten Vorsitzenden steht der IGfRI ein erster Nachsitzer vor. Deswegen ist es wichtig zu wissen, wie man einen Allquantor negiert. Siehste! Der letzte Vorsitzende wird durch wohlwollendes Schulternicken gewählt und recht kräftig verurteilt (Hier fehlt kein \u0026rsquo;s\u0026rsquo;!). Die Strafe recht länglich. Der letzte Vorsitzende ernennt seine Komplizen. Wer ein neues Mitglied wirbt, darf dafür aus der IGfRI austreten. Wer zwei neue Mitglieder wirbt, bekommt eine Bescheinigung, daß er nie in der IGfRI war. A. Wer drei neue Mitglieder wirbt, bekommt eine Bescheinigung, daß er gar nicht weiß, was die IGfRI ist.\nB. Wer vier neue Mitglieder wirbt, bekommt eine Bescheinigung, daß es die IGfRI gar nicht gibt.\nC. Wer fünf neue Mitglieder wirbt, leistet Beihilfe zum Völkermord.\nD. Wer sechs neue Mitglieder wirbt … wo zum Geier sollte man $06 Mitglieder herkriegen?\nE. Der Bundesgesundheitsminister: \u0026ldquo;Mitleidschaft in der IGfrI gefährdet Ihre geistige Xundheit. Ein Satz ihrer Satzung (ach, daher der Name!) reduziert Ihren IQ um 15 nach DIN (Dämliche Idioten Norm (Das ist zwar moppelt gedoppelt, dafür rafft es aber auch jeder))\u0026rdquo;.\nF. Das Hexadezimalsystem hat die Basis 1016.\n(. SHD005D: Segmentation violation \u0026ndash; core dumped.\nBeweis liegt auf der Hand.\nSatz 39 Das Gremium, das diese Satzung entworfen hat, erklärt sich für geistig unzurechnungsfähig.\nWer diese Satzung entworfen hat, ist nicht mehr zweifelsfrei zu klären (So blöde sind wir ja nun doch nich\u0026rsquo;!) (Zwischenruf: \u0026ldquo;Ich gehör\u0026rsquo; nich\u0026rsquo; dazu!\u0026rdquo;).\nWir verweigern alle weiteren Aussagen bis zum Eintreffen unseres Anwaltes.\nAlles was Sie von jetzt an über die IGfRI sagen, kann und wird eigentlich nur gegen Sie verwendet werden.\nBeweis BGB § $FCE2, Abs. 08/15\nSatz 40 Wir kommen jetzt zum Stuß.\nDiese Satzung ist ungekühlt mindestens haltbar bis: siehe Rückseite.\nBeweis Lesen Sie ruhig weiter.\nSatz 41 Die Lottozahlen von nächster Woche sind π, e, √2, i, c, ry und die Zusatzzahl ist 1.6022e-19.\nAlle Angaben sind ohne Gewähr.\nBeweis Durch Ankreuzen.\nAxiom 42 DIE Antwort auf alle offen geblieben Fragen lautet 42.\nVerzapft zu Kiel am Rhein, Sternzeit 191188\u0026ndash;00320963\ngez. Brat\u0026ndash;Becker Letzte Vorsitzende des satzunggebenden Ausschlusses\ngez. Capt. Würg Kommandant und letzter Überlebender der USS Entenscheiß\nANHÄNGE Anhang A: Rechtsbehelfsbelehrung Gegen diese Satzung kann innerhalb von 3 Nanosekunden Einspruch reingelegt werden in der Bundesdatenbank auf Alpha Centauri. Die Frist wird auch gewahrt, wenn Sie diese Satzung vollkommen ignorieren.\nWir machen sie pflichtgemäß darauf aufmerksam, daß dies ein Haustürgeschäft ist, von dem Sie innerhalb von 7 Taskwechseln zurücktreten können. Wir sind uns aber ziemlich sicher, daß SIE sowieso zu lange brauchen, um zu schnallen, worauf Sie sich mit UNS eingelassen haben. Der Widerspruch wird nur gültig, wenn Sie beweisen können, daß Sie mit einem rohen Ei eine Flasche Bier aufmachen können.\nGemäß Paragraph 26 des Bundesüberwachungsgesetzes machen wir Sie darauf aufmerksam, daß falsche Angaben im nachstehenden Antragsformular auf Grund des Abgleiches mit anderen Behörden sofort erkannt werden und unnachsichtig geahndet werden. Also: Besser, Sie schummeln nicht. Wir haben Sie sowieso schon lange auf dem Kieker!\nGerichtsort: Wir nehmen die meisten Gerichte in der Mensa am Westring des Super-CAU (Super-GAU, Super-KAU???) zu Kiel zu uns.\nBankverbindung: Dritte Parkbank im Schrevenpark, gleich hinter der Ente links. Diese Parkbank wurde gestiftet von den Söhnen der Mitglieder des Vereines rüstiger Väter werdender Professoren. Damit Sie sich auch morgen noch kraftvoll hinsetzen können. Diese Parkbank ist über die Line\u0026ndash;F direkt ab ZOB (Zentrale Omelette Bratpfanne) erreichbar.\nAnhang B: Bemerkungen (Wer A sagt, muss auch B sagen) Diese Satzung ist in nachstehend aufgeführten Ausfertigungen erhältlich (nur echt mit der Goldkante!):\nAuf 3,49999999 Zoll\u0026ndash;Diskette (Sie merken schon: Wir können immer noch nicht runden)\nAls Grafikdemo für Zumbitsu 8000 (Boborola Format)\nIn Marmor gemeißelt, mit (fast) Originalunterschrift von MOSes.\nAuf Mikrofilm (007\u0026ndash;Format), incl. DIN A4\u0026ndash;Schuber aus bezogenem Karton, mit Falk\u0026ndash;Patentfaltung.\nAuf farbenfrohem, hautfreundlichem, saugfähigem, 4\u0026ndash;lagigem Klopapier, double sided, double density, mit unsichtbarer Mikroperforation.\nIn der Spraydose mit umweltfreundlichem Treibgas, auch als Pumpspender erhältlich.\nIn jedem siebenten Ei.\nAls nigerianische Wohlfahrtsmarke im Werte von 12 Timbuktu\u0026ndash;Dollar.\nIm gesamten Ostblock nur nach langem Anstehen, dafür aber im Anhang mit der Gesamtausgabe von Lenins Werken.\nIn Bayern die (re\u0026ndash;)zensierte Fassung mit einem Vorwort von Peter Cauweiler.\nDiese Satzung kann unter UNIX mit dem Kommando \u0026ldquo;man last.help\u0026rdquo; abgerufen werden.\nAnhang C: Das Antragsformular ........................................................................................ ∆∆∆ Hier abbeißen! ∆∆∆ JA, ich, ______________ bin so wahnsinnig und will der IGfrI für nur noch 12 Atair--Dollar am Tag beitreten. Ich bin bereit, die Satzung in mein tägliches Gebet aufzunehmen und meinen Lebensstil gemäß den Anforderungen der Satzung sofort zu beenden. ____________________ Unterschrift oder 3 Kreuze, bei Promovierten ein kleines Kreuz davor. Bei Minderwertigen ist die Unterschrift eines Verziehungsberechigten erforderlich. vvv Hier abbürsten. vvv ........................................................................................ Anhang D: Literaturverzeichnis Folgende Werke seien dem interessierten Leser als weiterführende Literatur verziehen:\n\u0026ldquo;Hitchhiker\u0026rsquo;s Guide to the Galaxy\u0026rdquo;, Douglas Adams, alle Bände\nGrundgesetz für die \u0026ldquo;BRD\u0026rdquo;, Konrad Adenauer (Hrsg.), Band 1\n\u0026ldquo;Amiga ROM Listing\u0026rdquo;, Knecht Ruprecht, Band 1+2\n\u0026ldquo;How to survive MS\u0026ndash;DOS\u0026rdquo;, Peter Norton\n\u0026ldquo;The Art of Computer Programming\u0026rdquo;, Donald E. Knuth\n\u0026ldquo;The Space Shuttle Operators Manual\u0026rdquo;, Joels, Kennedy, Larkin, ISBN 0\u0026ndash;345\u0026ndash;30321\u0026ndash;0 (trade paper), $24.95, NASA Books\n\u0026ldquo;Die Abenteuer der USS Entenscheiß\u0026rdquo;, Rene Rottenberry\n\u0026ldquo;Murphy\u0026rsquo;s Gesetze in einem Band\u0026rdquo;, Arthur Bloch\n\u0026ldquo;Informatik 1\u0026rdquo;, Bauer, Goos, \u0026ldquo;Springer\u0026rdquo; Verlag\n\u0026ldquo;BILD\u0026rdquo;, auch \u0026ldquo;Springer\u0026rdquo; Verlag\n\u0026ldquo;MIDGARD \u0026mdash; Handbuch für Abenteurer\u0026rdquo;, Deutscher Fantasy\u0026ndash;Club e.V.\n\u0026ldquo;Dein TOS, das unbekannte Verwesen\u0026rdquo;, Osram Kolle\n\u0026ldquo;Verlosungsverzeichnis der CAU\u0026rdquo;, Untertitel: \u0026ldquo;Dasch wäre Ihr Preisch geweschen\u0026rdquo;, Rudi Carrell (Hrsg.).\n\u0026ldquo;Phone Book of Miami Beach\u0026rdquo;, John Donson, AT\u0026amp;T Press, 15. Edition\n\u0026ldquo;Geistige Gesundheit, ihre Vorbeugung und Heilung\u0026rdquo;, R. Ückenschmerz, Läufer\u0026ndash;Verlag\nAnhang E: Benötigte Materialien 7 Liter Cola\n21\u0026ndash;Seiter Würfel\nkeinen inTEL\u0026ndash;Prozessor\nAmiga 2000 (mangels Atair ST)\nParkplatz (?NOT FOUND)\nBerge von Chips (Kartoffel\u0026ndash;, Ihr Idioten!)\nBerge von Chips (Silizium\u0026ndash;, Ihr Idioten!)\nFröhliche Schlafnachten, Ihr Weihmützen\n6 Stunden Prozessorzeit\nvier Informatiker (zusammen 8 Semester), alle Element aus I, nicht I'!\nKEINE PANIK!\ndumdidumdidum (Insiderwitz!)\nund eine Menge M schwachsinniger Einfälle.\nAnhang F: Übungsaufgaben In einem exakt kreisförmigen, vom Ufer ab sehr tiefen See schwimmt ein junges, gutaussehendes, unbekleidetes Mädchen genau in der Mitte, als sie das Herannahen eines allem Anschein nach sehr starken, sehr intelligenten, aber sonst widerlichen Mannes mit offenbar sehr bösen Absichten bemerkt, der zum Glück nicht schwimmen und genau viermal so schnell am Ufer laufen kann, wie sie schwimmt, aber auch nicht schneller als sie läuft.\nWas will der Mann von dem Mädchen?\nWas ist überhaupt ein Mädchen?\nWas muss sie tun, um ihm zu entkommen?\nLösungshinweis: Schildern Sie ALLE schmutzigen Details!\nAufgabentext wurde Gerthsen, Kneser, Vogel: \u0026ldquo;Physik\u0026rdquo;, Springer\u0026ndash;Verlag (was sonst!) entnommen (ehrlich!) und nur geringfügig ergänzt (Aufg. 1.2.14, Seite 55).\nBestimmen Sie die Mengen M, I, I\u0026rsquo; und deren Mächtigkeit.\nFinden Sie einen Idioten, der Aufgabe 2 löst.\nLernen Sie einige Elemente aus I persönlich kennen. Wenden Sie sich schaudernd ab.\nVollziehen Sie die Gedankengänge der Autoren nach.\nBilden Sie das Futurum des semiconditional modifizierten subalterierten Inteltionals des subjunktiven Präteritum Plagalis von \u0026ldquo;abspeichern\u0026rdquo;.\nHilfsmittel: \u0026ldquo;Handbuch der 1001 Tempusbildungen für den Reisenden durch die Zeit\u0026rdquo; von Dr. Dan Streetmaker.\nNegieren Sie eine Aussage mit einem Alliquantor und formulieren Sie Ihre drei Wünsche. See you läter, Alliquäter\u0026hellip; Abgabe Abgabe der Aufgaben bis gestern, 12.00 Uhr im Schrei des Institutes für Mathemagie und unpraktische Informatik.\nKlappentext Des Übels Wurzel liegt im Schwachsinn, während die Wurzel des Schwachsinns nicht zu unterschätzen sein sollte. \u0026mdash; Brösel\nIch war Mitglied in der IGfRI. Mann, war dat\u0026rsquo; peinlich. Erst die Mitgliedsbeiträge und dann noch \u0026rsquo;ne Anzeige am Hals. Nie wieder! \u0026mdash; Bundesverband der Kieler Schwarzfahrer\nDer Unterschied liegt hier lediglich in der Differenz \u0026mdash; Hans Jochen Vogel\nHä? \u0026mdash; Bundeskranzler H. Kohl\n«Hier könnte ihre Aussage stehen. Wenden Sie sich vertrauensvoll an unsere Anzeigenabteilung.» \u0026mdash; Die Polizei\nNicht alles was hinkt, ist ein Vergleich \u0026mdash; N.N.\nNicht alles was springt, ist ein Punkt \u0026mdash; The Intergalactical Operator\nKein Anschluß unter dieser Nummer \u0026mdash; DBP Fernmeldedienst\nEmpfänger unerkannt entkommen \u0026mdash; DBP Snail Mail\n10 Einheiten, die Sie bereuen werden. \u0026mdash; Sysop TopPoint\nMacht\u0026rsquo;s gut \u0026mdash; und Danke für den vielen Fisch! \u0026mdash; Vier alle!\n","date":"1988-11-19T00:00:00Z","href":"https://blog.koehntopp.info/1988/11/19/interstellare-gesellschaft-fuer-revolutionaere-informatik.html","tags":["publication","detebe","inkomploehntopp"],"title":"Interstellare Gesellschaft für Revolutionäre Informatik"},{"categories":null,"content":"This is an attempt to revive the blog with Hugo. Initially it was running on Github Pages with the default build, using Jekyll. With that, it takes around 120 seconds to build the blog. Using Hugo, we are done in under 10 seconds.\nHugo and Jekyll are static page generators. The blog is written in Markdown, and then transformed by Hugo into HTML. This is being published.\n","date":"0001-01-01T00:00:00Z","href":"https://blog.koehntopp.info/about/","tags":null,"title":"About"},{"categories":null,"content":"This blog is on github as https://github.com/isotopp/isotopp.github.io/ . If you find a problem, a spelling mistake or other issues, you can open an issue there, or even contribute a pull request.\nIf you want to archive articles, just clone the repository.\n","date":"0001-01-01T00:00:00Z","href":"https://blog.koehntopp.info/contribute/","tags":null,"title":"Contribute"},{"categories":null,"content":"","date":"0001-01-01T00:00:00Z","href":"https://blog.koehntopp.info/search/","tags":null,"title":"Search"}]
\ No newline at end of file
diff --git a/posts.html b/posts.html
index 170e6ad38f..30e1eaef34 100644
--- a/posts.html
+++ b/posts.html
@@ -127,6 +127,15 @@ <h1 class="title">Posts</h1>
 		    
 		    <time>Jan 16, 2024</time>
 		    
+		</a>
+            </li><li>
+		<a href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">
+		    <span>
+			Deploying websites - an escalation
+		    </span>
+		    
+		    <time>Jan 09, 2024</time>
+		    
 		</a>
             </li><li>
 		<a href="https://blog.koehntopp.info/2023/12/30/restic.html">
diff --git a/posts/feed.xml b/posts/feed.xml
index 0319453c00..47e283e5bd 100644
--- a/posts/feed.xml
+++ b/posts/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in Posts on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/posts/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/posts/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>JusProg ist nur der Anfang</title>
       <link>https://blog.koehntopp.info/2024/01/16/jusprog-ist-nur-der-anfang.html</link>
@@ -246,6 +246,139 @@ Warum wir nicht einfach alles &amp;ldquo;ab 18&amp;rdquo; machen können und war
 </description>
     </item>
     
+    <item>
+      <title>Deploying websites - an escalation</title>
+      <link>https://blog.koehntopp.info/2024/01/09/deploying-websites.html</link>
+      <pubDate>Tue, 09 Jan 2024 05:06:07 +0000</pubDate>
+      
+      <guid>https://blog.koehntopp.info/2024/01/09/deploying-websites.html</guid>
+      <description>&lt;p&gt;We are still playing minecraft.
+This time it is a highly modded Fabric server, which requires more memory than the old box had.
+The new box has 12 cores, 128 GB of memory, and two nice SSD.
+It is pretty nifty.&lt;/p&gt;
+&lt;h1 id=&#34;a-simple-problem-easily-solved-by-ansible&#34;&gt;
+    &lt;a href=&#34;#a-simple-problem-easily-solved-by-ansible&#34;&gt;
+	A simple problem, easily solved by Ansible.
+    &lt;/a&gt;
+&lt;/h1&gt;
+&lt;p&gt;The machine also needs some kind of webserver to run websites.
+An easy problem to solve, naturally.&lt;/p&gt;
+&lt;p&gt;A bit of Ansible, deploy a few config files into the system and be done with it.&lt;/p&gt;
+&lt;p&gt;Only, these are different types of websites, and over time additional sites are being added.
+When a new website is being added, we need to collect all website names&lt;br&gt;
+and generate an
+&lt;a href=&#34;https://httpd.apache.org/docs/2.4/mod/mod_md.html#mdomain&#34; target=&#34;_blank&#34; rel=&#34;noopener&#34;&gt;&lt;code&gt;MDomain&lt;/code&gt;&lt;/a&gt;
+
+
+statement in the config for Apache&amp;rsquo;s
+&lt;a href=&#34;https://httpd.apache.org/docs/2.4/mod/mod_md.html&#34; target=&#34;_blank&#34; rel=&#34;noopener&#34;&gt;&lt;code&gt;mod_md&lt;/code&gt;&lt;/a&gt;
+
+.
+This module will then automatically the necessary certificates for the webserver&amp;rsquo;s TLS.&lt;/p&gt;
+&lt;p&gt;Collecting all domain names from the configuration files can be done that in Ansible, but it kind of hurts.
+Ansible works best when you run it to deploy a few templated config files, and then have services doing the actual work.&lt;/p&gt;
+&lt;p&gt;It is also more complicated than this, because we have different types of websites.
+Initially we had only&lt;/p&gt;
+&lt;ul&gt;
+&lt;li&gt;&lt;code&gt;static sites&lt;/code&gt; (&lt;code&gt;https://example.com&lt;/code&gt;)&lt;/li&gt;
+&lt;li&gt;We also needed &lt;code&gt;redirect_sites&lt;/code&gt; (&lt;code&gt;https://www.example.com&lt;/code&gt; -&amp;gt; &lt;code&gt;https://example.com&lt;/code&gt;)&lt;/li&gt;
+&lt;li&gt;We also needed reverse proxies for applications (&lt;code&gt;https://grafana.example.com&lt;/code&gt; -&amp;gt; &lt;code&gt;https://localhost:3000&lt;/code&gt;)&lt;/li&gt;
+&lt;li&gt;Then we also needed the &lt;code&gt;wsgi_site&lt;/code&gt; deployed.&lt;/li&gt;
+&lt;/ul&gt;
+&lt;p&gt;But a &lt;code&gt;wsgi_site&lt;/code&gt; needs to be redeployed when the code has changed on GitHub.
+Also, initial deployment of a &lt;code&gt;wsgi_site&lt;/code&gt; needs to create a user,
+and initial checkout of the code into the users home,
+and installation of the requirements.&lt;/p&gt;
+&lt;p&gt;After a code update, the server needs to be restarted.&lt;/p&gt;
+&lt;h1 id=&#34;this-actually-needs-a-shell-script&#34;&gt;
+    &lt;a href=&#34;#this-actually-needs-a-shell-script&#34;&gt;
+	This actually needs a shell script
+    &lt;/a&gt;
+&lt;/h1&gt;
+&lt;p&gt;Okay, let&amp;rsquo;s not do this in Ansible.
+Let&amp;rsquo;s write a simple and easy shell script for this.&lt;/p&gt;
+&lt;p&gt;That kind of worked, initially, but quickly fell apart when the number of variants grew,
+error checking became complicated.&lt;/p&gt;
+&lt;p&gt;Ultimately, it broke when we needed to collect and store per-site config parameters as a JSON, and act on it.
+The moment you write shell functions with parameters, traps and other bells and whistles,
+it is time to cut your losses and start over differently.
+In this case, in Python.&lt;/p&gt;
+&lt;h1 id=&#34;enter-deploy-a-python-cli-application&#34;&gt;
+    &lt;a href=&#34;#enter-deploy-a-python-cli-application&#34;&gt;
+	Enter &lt;code&gt;deploy&lt;/code&gt;, a Python CLI application
+    &lt;/a&gt;
+&lt;/h1&gt;
+&lt;p&gt;In the current intermediate stage, this is a Python script of 32 KB and around 1000 lines.&lt;/p&gt;
+&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;o&#34;&gt;[&lt;/span&gt;root@bigbox ~&lt;span class=&#34;o&#34;&gt;]&lt;/span&gt;&lt;span class=&#34;c1&#34;&gt;# wc -l Source/deploy/deploy &lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;m&#34;&gt;951&lt;/span&gt; Source/deploy/deploy
+&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;and&lt;/p&gt;
+&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;o&#34;&gt;[&lt;/span&gt;root@bigbox ~&lt;span class=&#34;o&#34;&gt;]&lt;/span&gt;&lt;span class=&#34;c1&#34;&gt;#  ls -l Source/deploy/deploy&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;-rwxr-xr-x. &lt;span class=&#34;m&#34;&gt;1&lt;/span&gt; root root &lt;span class=&#34;m&#34;&gt;31428&lt;/span&gt; Jan  &lt;span class=&#34;m&#34;&gt;8&lt;/span&gt; 18:42 Source/deploy/deploy
+&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;It understands the five types of server outlined above, and can handle a number of different operations for them.&lt;/p&gt;
+&lt;ul&gt;
+&lt;li&gt;&lt;code&gt;create&lt;/code&gt; makes a new server-config.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;delete&lt;/code&gt; throws it away.&lt;/li&gt;
+&lt;/ul&gt;
+&lt;p&gt;We store them in a central directory, &lt;code&gt;/etc/projects&lt;/code&gt;, as JSON files.
+For each site type, we accept a number of parameters:&lt;/p&gt;
+&lt;ul&gt;
+&lt;li&gt;&lt;code&gt;--type&lt;/code&gt;, the five types above.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--username&lt;/code&gt;, a Unix User we create for the site.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--github&lt;/code&gt; The source code repository URL.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--hostname&lt;/code&gt; If necessary, this is inferred from the username and the default domain.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--projectdir&lt;/code&gt; Only necessary for anomalously structured Python code.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--to_host&lt;/code&gt; Only for redirects.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--port&lt;/code&gt; Only for proxies.&lt;/li&gt;
+&lt;/ul&gt;
+&lt;p&gt;We now can do&lt;/p&gt;
+&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# deploy show projects&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;...
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- grafana
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;...
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# deploy show grafana&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;*** PROJECT /etc/projects/grafana
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- github    : None
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- hostname  : grafana.example.com
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- port      : &lt;span class=&#34;m&#34;&gt;3000&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- project   : grafana
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- &lt;span class=&#34;nb&#34;&gt;type&lt;/span&gt;      : proxy
+&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;The &lt;code&gt;deploy create --type proxy --hostname grafana.example.com --port 3000&lt;/code&gt; has created an apache configuration,
+built the TLS configuration and restarted the &lt;code&gt;httpd.service&lt;/code&gt; to update things.&lt;/p&gt;
+&lt;p&gt;We can also do more complicated things:&lt;/p&gt;
+&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# deploy create --type wsgi_site --user learn --github ... learn&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;... creates /etc/project/learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# deploy show learn&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;*** PROJECT /etc/projects/learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- github    : git@github.com:.../learn.git
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- home      : /home/learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- hostname  : learn.example.com
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- project   : learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- projectdir: learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- pubkey    : ssh-rsa AAAAB3...cfudtTQ&lt;span class=&#34;o&#34;&gt;==&lt;/span&gt; root@bigbox
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- &lt;span class=&#34;nb&#34;&gt;type&lt;/span&gt;      : wsgi_site
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- username  : learn
+&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;This will create a Linux user, set up a checkout of the GitHub, install requirements, set up a WSGI Apache configuration,
+configure TLS, and restart the server as needed.&lt;/p&gt;
+&lt;p&gt;We can now &lt;code&gt;deploy update learn&lt;/code&gt; or &lt;code&gt;deploy restart learn&lt;/code&gt; to check out a new version and restart the server,
+and we can also &lt;code&gt;deploy logs learn&lt;/code&gt; to tail the server logs for this site.&lt;/p&gt;
+&lt;h1 id=&#34;it-is-still-ugly&#34;&gt;
+    &lt;a href=&#34;#it-is-still-ugly&#34;&gt;
+	It is still ugly
+    &lt;/a&gt;
+&lt;/h1&gt;
+&lt;p&gt;Because this started out as a shell script, it still is ugly.
+There are multiple levels of giant case-branches in this.
+To become a proper solution, it needs a cleaner structure, in a more object-oriented fashion.&lt;/p&gt;
+&lt;p&gt;But already it works better than the shell script it initially was,
+has better error handling and can handle borderline cases more safely.&lt;/p&gt;
+&lt;p&gt;&lt;a href=&#34;https://github.com/isotopp/deploy&#34; target=&#34;_blank&#34; rel=&#34;noopener&#34;&gt;Github&lt;/a&gt;
+
+.&lt;/p&gt;
+</description>
+    </item>
+    
     <item>
       <title>Restic</title>
       <link>https://blog.koehntopp.info/2023/12/30/restic.html</link>
@@ -2684,122 +2817,6 @@ We are then using &lt;code&gt;chardet.detect()&lt;/code&gt; on this byte-string
 &lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;go&#34;&gt;bname=b&amp;#39;keks/\xfc\xa1\xa1\xa1\xa1\xa1&amp;#39;
 &lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;go&#34;&gt;{&amp;#39;encoding&amp;#39;: &amp;#39;ISO-8859-1&amp;#39;, &amp;#39;confidence&amp;#39;: 0.73, &amp;#39;language&amp;#39;: &amp;#39;&amp;#39;}
 &lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;The guesses are trying to find a valid charset for the bytestring, and they find the lowest (least large) charset that matches.&lt;/p&gt;
-</description>
-    </item>
-    
-    <item>
-      <title>Energiekosten beim Elektroauto</title>
-      <link>https://blog.koehntopp.info/2023/09/13/energiekosten-beim-elektroauto.html</link>
-      <pubDate>Wed, 13 Sep 2023 01:02:03 +0000</pubDate>
-      
-      <guid>https://blog.koehntopp.info/2023/09/13/energiekosten-beim-elektroauto.html</guid>
-      <description>&lt;p&gt;Das neue Auto hat eine Batterie mit 60 kWh Kapazität, also muss es 42 kWh aufnehmen, um von 10 % auf 80 % zu kommen.
-Die 80 % sind eine Art magische Grenze, weil die Ladegeschwindigkeit des Autos insbesondere beim Schnellladen unterwegs
-vom Füllstand der Batterie abhängig ist, und ab 80 % stark absinkt.
-Die letzten 20 % dauern also lange.&lt;/p&gt;
-&lt;p&gt;Dazu kommt, daß das Auto auch beim elektrischen Bremsen – beim Rekuperieren – lädt und wenn der Akku-Füllstand über 80 % ist,
-ist das Rekuperationsvermögen durch die geringere Ladegeschwindigkeit der Batterie eingeschränkt.
-Ist das Auto also in städtischen Umgebungen unterwegs, wird man beim dauernden Bremsen im Stadtgebiet oberhalb von 80 %
-Energie durch mechanischen Bremsen verschwenden, anstatt sie durch elektrisches Bremsen zurückzugewinnen.&lt;/p&gt;
-&lt;h1 id=&#34;ladeleistung&#34;&gt;
-    &lt;a href=&#34;#ladeleistung&#34;&gt;
-	Ladeleistung
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;Ersetzt werden müssen&lt;/p&gt;
-&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-console&#34; data-lang=&#34;console&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;go&#34;&gt;60 kWh * (0.8 - 0.1) = 42 kWh
-&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;und das dauert circa 30 Min. bis 35 Min. an einem Schnell-Lader, zum Beispiel von Fastned.&lt;/p&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2023/09/energiekosten-01.jpg&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/p&gt;
-&lt;p&gt;&lt;em&gt;Ladekurve für den Renault Megane 60 kWh an einem Schnell-Lader von Fastned.
-Man erkennt, wie die Ladeleistung mit zunehmendem Akku-Füllstand sinkt und gegen Ende sogar
-unter die Motorleistung (55 kW Dauerleistung) absinkt.&lt;/em&gt;&lt;/p&gt;
-&lt;h1 id=&#34;kosten&#34;&gt;
-    &lt;a href=&#34;#kosten&#34;&gt;
-	Kosten
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;Mit Fastned Gold bezahlt man 0.483 Euro/kWh, also&lt;/p&gt;
-&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-console&#34; data-lang=&#34;console&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;go&#34;&gt;42 * 0.483 = 20.28 Euro   # Laden von 10 % bis 80 %
-&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;go&#34;&gt;14 * 0.483 = 6.76 Euro    # Laden von 100 km Reichweite
-&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;für einen Ladevorgang bzw. für 100 km Reichweite bei 14 kWh/100 km.
-Daheim kostet die kWh in der Theorie 33 Cent, das wären dann entsprechend 13,86 Euro für 42 kWh und 4.62 Euro für 100 km Reichweite.
-Das ist theoretisch, weil wir bis Ende 2024 noch die Saldierungsregelung haben, bei der die Solarproduktion mit dem Verbrauch 1:1 verrechnet wird,
-und wir fett Guthaben haben.&lt;/p&gt;
-&lt;p&gt;Daheim fährt das Auto also gratis.&lt;/p&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2023/09/energiekosten-02.png&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/p&gt;
-&lt;p&gt;&lt;em&gt;Unsere Solaranlage in O/W-Lage produziert ihr Maximum am späten Nachmittag, um circa 17:00 Uhr. Auch dann werden 5 kW nicht überschritten.
-Das Laden des Autos zieht jedoch 11 kW, sodaß ein reines Überschußladen ohne spezielle Steuerung nicht möglich ist.
-Selbst dann sind 42 kWh Ertrag am Tag nur an guten Tagen im Hochsommer machbar.&lt;/em&gt;&lt;/p&gt;
-&lt;p&gt;Um den Anteil des selbst erzeugten Stromes zu maximieren, wäre es sinnvoll, das Auto oft zu laden,
-und auch die Ladeleistung des Anschlusses auf die Menge des selbst produzierten Stromes zu begrenzen (&amp;ldquo;Überschußladen&amp;rdquo;).&lt;/p&gt;
-&lt;p&gt;Viele Ladepunkte können das nicht von Hause aus, und selbst bei denen, die es können, setzt die Elektronik enge Grenzen:
-Der Regelbereich für den Ladestrom geht vom Maximum von 16 Ampere bis auf minimal 6 Ampere herab.
-Bei drei Phasen ist die minimale Ladeleistung also &lt;code&gt;6 Ampere * 230 V * 3 Phasen = 4140 Watt&lt;/code&gt;,
-kann man Auto und Ladesäule auf eine Phase einschränken, kann man immerhin auf 1380 Watt herunter.&lt;/p&gt;
-&lt;p&gt;Im Bild ist erkennbar, daß der Energieverbrauch am Meßtag für den Gesamthaushalt 50.8 kWh war,
-dem 17.2 kWh Produktion gegenüber stehen. Davon wurden 6.9 kWh eingespeist, und 40.5 kWh bezogen.
-Insgesamt hatten wir an diesem Tag einen Unterschuß von 33.65 kWh.&lt;/p&gt;
-&lt;p&gt;Ohne den heimischen Ladepunkt hätten wir an einen öffentlichen Ladepfahl gegen müssen.
-Der nächstgelegene Ladepunkt ist eine Querstraße weiter und auch nicht teurer:
-Wir zahlen 0.34 Euro/kWh.&lt;/p&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2023/09/energiekosten-03.jpg&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/p&gt;
-&lt;p&gt;&lt;em&gt;Öffentlicher Ladepunkt von Vattenfall bei Nutzung mit einer Vattenfall InCharge oder Eneco Karte.
-Die Energiekosten liegen bei 0.34 Euro/kWh.&lt;/em&gt;&lt;/p&gt;
-&lt;h1 id=&#34;mobilität-ist-energieintensiv&#34;&gt;
-    &lt;a href=&#34;#mobilit%c3%a4t-ist-energieintensiv&#34;&gt;
-	Mobilität ist energieintensiv
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;Für die Akten:&lt;/p&gt;
-&lt;p&gt;Wir verbrauchen ohne Auto im Schnitt 15 kWh/Tag im Haus (3 Leute, ein Rechner, der alleine 900 kWh/Jahr zieht),
-für 5500 kWh/Jahr, und eine Basislast von 300 Watt nachts.
-Das ist im Vergleich recht viel.&lt;/p&gt;
-&lt;p&gt;100 km im großen Auto sind 14 kWh/100 km, also etwa so viel wie ein Haus-Tag.&lt;/p&gt;
-&lt;p&gt;100 km im Carver sind 7 kWh/100 km, also 1/2 Haus-Tag.
-Der Carver hat auch nur einen Schnarchlader, also Schuko, und kann direkt aus dem Solar-Array laden, nachmittags, von März bis Oktober.&lt;/p&gt;
-&lt;h1 id=&#34;wie-oft-und-wo-laden&#34;&gt;
-    &lt;a href=&#34;#wie-oft-und-wo-laden&#34;&gt;
-	Wie oft und wo laden?
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;10 % bis 80 % von einem 60 kWh Akku sind 42 kWh,
-und bei einem Verbrauch von 14 kWh (Sommer) sind die in 3 Stunden leer.
-Ich muss also alle 3 Stunden eine halbe Stunde pausieren, um zu laden.&lt;/p&gt;
-&lt;p&gt;Im Winter vermutlich öfter, aber ich glaube, im Winter will ich eine Tour Amsterdam–Berlin eher mit der Bahn machen.&lt;/p&gt;
-&lt;p&gt;Das große Auto hat eine Reichweite von 300 bis 400 km, je nachdem wie man es fährt.
-Der Carver hat eine Reichweite von 100 km und verbraucht die Hälfte vom großen Auto.&lt;/p&gt;
-&lt;p&gt;Beide Fahrzeuge können wir daheim laden, und beide Fahrzeuge erledigen lokale Fahrten ohne Fremdladen:
-Sie werden in der Regel daheim geladen.
-Das ist in der Regel 1-2 mal die Woche der Fall.&lt;/p&gt;
-&lt;p&gt;Nur bei Fernreisen geht der Renault an fremde Lader, und dann an Schnell-Lader.&lt;/p&gt;
-&lt;h1 id=&#34;fahrerlebnis&#34;&gt;
-    &lt;a href=&#34;#fahrerlebnis&#34;&gt;
-	Fahrerlebnis
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;Im Stadtverkehr ist das Elektroauto eine Offenbarung.
-Es ist super sparsam, weil das ganze Beschleunigen durch Bremsen mit Rekuperation wieder zu Akkuladung umgewandelt wird
-(ca. 70 % Effizienz), während ein Verbrenner in dieser Situation gerne einmal säuft.&lt;/p&gt;
-&lt;p&gt;Auch Beschleunigen und den Hintern aus dem Weg räumen oder im Stau ohne Nerv vorwärts kriechen ist mit einem Elektroauto sehr viel weniger nervig.
-Die Fahrassistenzsysteme im großen Auto machen es noch angenehmer, aber selbst der Carver glänzt.&lt;/p&gt;
-&lt;p&gt;Auf der Autobahn lernt man gleichmäßige gemächliche Geschwindigkeiten sehr schätzen.&lt;/p&gt;
-&lt;p&gt;Ich glaube, das Tempolimit von 120 km/h wird in Deutschland faktisch automatisch kommen,
-sobald nur genügend elektrische Autos auf der Straße sind.
-Niemand in so einer Kiste hat dauerhaft das Bedürfnis,
-sinnlos Akku durchzubladen ohne Effekt.
-Die Verbrenner-Raser sitzen dann zwischen den ganzen e-Mobilen fest.&lt;/p&gt;
 </description>
     </item>
     
diff --git a/sitemap.xml b/sitemap.xml
index 76be05c86f..027c3f8978 100644
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -28,21 +28,24 @@
   </url><url>
     <loc>https://blog.koehntopp.info/tags/web.html</loc>
     <lastmod>2024-01-16T01:02:03+00:00</lastmod>
+  </url><url>
+    <loc>https://blog.koehntopp.info/2024/01/09/deploying-websites.html</loc>
+    <lastmod>2024-01-09T05:06:07+00:00</lastmod>
   </url><url>
     <loc>https://blog.koehntopp.info/tags/devops.html</loc>
-    <lastmod>2023-12-30T05:06:07+00:00</lastmod>
+    <lastmod>2024-01-09T05:06:07+00:00</lastmod>
+  </url><url>
+    <loc>https://blog.koehntopp.info/tags/lang_en.html</loc>
+    <lastmod>2024-01-09T05:06:07+00:00</lastmod>
   </url><url>
     <loc>https://blog.koehntopp.info/tags/linux.html</loc>
-    <lastmod>2023-12-30T05:06:07+00:00</lastmod>
+    <lastmod>2024-01-09T05:06:07+00:00</lastmod>
   </url><url>
     <loc>https://blog.koehntopp.info/2023/12/30/restic.html</loc>
     <lastmod>2023-12-30T05:06:07+00:00</lastmod>
   </url><url>
     <loc>https://blog.koehntopp.info/tags/apple.html</loc>
     <lastmod>2023-12-05T05:06:07+00:00</lastmod>
-  </url><url>
-    <loc>https://blog.koehntopp.info/tags/lang_en.html</loc>
-    <lastmod>2023-12-05T05:06:07+00:00</lastmod>
   </url><url>
     <loc>https://blog.koehntopp.info/tags/python.html</loc>
     <lastmod>2023-12-05T05:06:07+00:00</lastmod>
diff --git a/tags/advertising.html b/tags/advertising.html
index 4c721364bc..4f018d7982 100644
--- a/tags/advertising.html
+++ b/tags/advertising.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/advertising/feed.xml b/tags/advertising/feed.xml
index e80ced0856..3cf7da6299 100644
--- a/tags/advertising/feed.xml
+++ b/tags/advertising/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in advertising on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/advertising/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/advertising/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Sell your users, or sell to your users</title>
       <link>https://blog.koehntopp.info/2019/03/25/sell-to-users.html</link>
diff --git a/tags/amsterdam.html b/tags/amsterdam.html
index 862e88005b..cdad658a0b 100644
--- a/tags/amsterdam.html
+++ b/tags/amsterdam.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/amsterdam/feed.xml b/tags/amsterdam/feed.xml
index 365268cbf8..5d27ce68f2 100644
--- a/tags/amsterdam/feed.xml
+++ b/tags/amsterdam/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in amsterdam on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/amsterdam/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/amsterdam/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>City of Amsterdam and Combustion Engines</title>
       <link>https://blog.koehntopp.info/2023/05/11/city-of-amsterdam-and-combustion-engines.html</link>
diff --git a/tags/anderswo.html b/tags/anderswo.html
index 3435f1311f..69237feac6 100644
--- a/tags/anderswo.html
+++ b/tags/anderswo.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/anderswo/feed.xml b/tags/anderswo/feed.xml
index d75db62ea8..8510528fe4 100644
--- a/tags/anderswo/feed.xml
+++ b/tags/anderswo/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in anderswo on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/anderswo/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/anderswo/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Hunga Tonga</title>
       <link>https://blog.koehntopp.info/2022/01/16/hunga-tonga.html</link>
diff --git a/tags/apple.html b/tags/apple.html
index ab8e7207ce..7d98578e62 100644
--- a/tags/apple.html
+++ b/tags/apple.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/apple/feed.xml b/tags/apple/feed.xml
index 2bec2c92c1..a5cf670c9c 100644
--- a/tags/apple/feed.xml
+++ b/tags/apple/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in apple on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/apple/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/apple/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>x86_64 binaries on M1</title>
       <link>https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html</link>
diff --git a/tags/architektur.html b/tags/architektur.html
index 90f164cdb1..8f67534d7e 100644
--- a/tags/architektur.html
+++ b/tags/architektur.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/architektur/feed.xml b/tags/architektur/feed.xml
index 86cf58a35c..31e5e4516d 100644
--- a/tags/architektur/feed.xml
+++ b/tags/architektur/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in architektur on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/architektur/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/architektur/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>It&#39;s a Modulith</title>
       <link>https://blog.koehntopp.info/2023/05/10/its-a-modulith.html</link>
diff --git a/tags/authentication.html b/tags/authentication.html
index 96416c2d91..466eda395f 100644
--- a/tags/authentication.html
+++ b/tags/authentication.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/authentication/feed.xml b/tags/authentication/feed.xml
index 53decfbd91..ec70467ba4 100644
--- a/tags/authentication/feed.xml
+++ b/tags/authentication/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in authentication on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/authentication/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/authentication/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Anonymität und Schizophrenie</title>
       <link>https://blog.koehntopp.info/2005/06/08/anonymitaet-und-schizophrenie.html</link>
diff --git a/tags/bash.html b/tags/bash.html
index e230207b00..e86aecd847 100644
--- a/tags/bash.html
+++ b/tags/bash.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/bash/feed.xml b/tags/bash/feed.xml
index 72da5408de..a66f153750 100644
--- a/tags/bash/feed.xml
+++ b/tags/bash/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in bash on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/bash/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/bash/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Using Python to bash</title>
       <link>https://blog.koehntopp.info/2021/01/05/using-python-to-bash.html</link>
diff --git a/tags/berlin.html b/tags/berlin.html
index 912e1760ec..db6198ef4d 100644
--- a/tags/berlin.html
+++ b/tags/berlin.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/berlin/feed.xml b/tags/berlin/feed.xml
index d2ce34bb5f..c5b5b88ec7 100644
--- a/tags/berlin/feed.xml
+++ b/tags/berlin/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in berlin on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/berlin/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/berlin/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Mit dem Schnuppel im Tierpark</title>
       <link>https://blog.koehntopp.info/2012/07/22/mit-dem-schnuppel-im-tierpark.html</link>
diff --git a/tags/bike.html b/tags/bike.html
index b4e9470f80..4ef8e8f8e4 100644
--- a/tags/bike.html
+++ b/tags/bike.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/bike/feed.xml b/tags/bike/feed.xml
index 52354816e6..58c999955d 100644
--- a/tags/bike/feed.xml
+++ b/tags/bike/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in bike on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/bike/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/bike/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Haftungsfragen</title>
       <link>https://blog.koehntopp.info/2023/09/16/haftungsfragen.html</link>
diff --git a/tags/bildung.html b/tags/bildung.html
index bba13705e8..7daeae02c5 100644
--- a/tags/bildung.html
+++ b/tags/bildung.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/bildung/feed.xml b/tags/bildung/feed.xml
index 50acec2087..ccb9216ab6 100644
--- a/tags/bildung/feed.xml
+++ b/tags/bildung/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in bildung on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/bildung/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/bildung/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Was mein Kind in der Schule so macht</title>
       <link>https://blog.koehntopp.info/2022/12/30/was-mein-kind-in-der-schule-so-macht.html</link>
diff --git a/tags/blockchain.html b/tags/blockchain.html
index 9f69d5c28c..e35bbb6689 100644
--- a/tags/blockchain.html
+++ b/tags/blockchain.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/blockchain/feed.xml b/tags/blockchain/feed.xml
index 106142627b..b0070e9d3f 100644
--- a/tags/blockchain/feed.xml
+++ b/tags/blockchain/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in blockchain on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/blockchain/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/blockchain/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Hashes in Structures</title>
       <link>https://blog.koehntopp.info/2018/03/04/hashes-in-structures.html</link>
diff --git a/tags/blog.html b/tags/blog.html
index ab33c65158..8df5209778 100644
--- a/tags/blog.html
+++ b/tags/blog.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/blog/feed.xml b/tags/blog/feed.xml
index 07ecd150d0..c6f4d71213 100644
--- a/tags/blog/feed.xml
+++ b/tags/blog/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in blog on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/blog/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/blog/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>This Blog is now Hugo powered</title>
       <link>https://blog.koehntopp.info/2021/11/07/this-blog-is-now-hugo-powered.html</link>
diff --git a/tags/book.html b/tags/book.html
index 56521acedf..c101449ae1 100644
--- a/tags/book.html
+++ b/tags/book.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/book/feed.xml b/tags/book/feed.xml
index c706ee8a12..c6cb7d3974 100644
--- a/tags/book/feed.xml
+++ b/tags/book/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in book on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/book/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/book/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Fertig gelesen: Starter Villain</title>
       <link>https://blog.koehntopp.info/2023/10/01/fertig-gelesen-starter-villain.html</link>
diff --git a/tags/c.html b/tags/c.html
index ff7defff78..6baf1ac0b0 100644
--- a/tags/c.html
+++ b/tags/c.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/c/feed.xml b/tags/c/feed.xml
index 2c6a8f3a30..715ed4a7e2 100644
--- a/tags/c/feed.xml
+++ b/tags/c/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in c on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/c/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/c/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Fertig gelesen: UNIX: A History and a Memoir</title>
       <link>https://blog.koehntopp.info/2021/09/05/fertig-gelesen-unix-a-history-and-a-memoir.html</link>
diff --git a/tags/ccc.html b/tags/ccc.html
index 7d219139dd..28c9a68463 100644
--- a/tags/ccc.html
+++ b/tags/ccc.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/ccc/feed.xml b/tags/ccc/feed.xml
index fa14a8ff79..2cb9e935fb 100644
--- a/tags/ccc/feed.xml
+++ b/tags/ccc/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in ccc on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/ccc/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/ccc/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>99% secure</title>
       <link>https://blog.koehntopp.info/2021/10/02/99-secure.html</link>
diff --git a/tags/chat.html b/tags/chat.html
index a0b6605d7c..4165418c5b 100644
--- a/tags/chat.html
+++ b/tags/chat.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/chat/feed.xml b/tags/chat/feed.xml
index d68501de3b..de736d9854 100644
--- a/tags/chat/feed.xml
+++ b/tags/chat/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in chat on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/chat/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/chat/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Groups and Places</title>
       <link>https://blog.koehntopp.info/2022/10/12/groups-and-places.html</link>
diff --git a/tags/climate.html b/tags/climate.html
index 758b9e5b51..bca6876262 100644
--- a/tags/climate.html
+++ b/tags/climate.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/climate/feed.xml b/tags/climate/feed.xml
index 6a5214e966..1df7212860 100644
--- a/tags/climate/feed.xml
+++ b/tags/climate/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in climate on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/climate/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/climate/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Good Energy News</title>
       <link>https://blog.koehntopp.info/2022/08/15/good-energy-news.html</link>
diff --git a/tags/cloud.html b/tags/cloud.html
index 99ad3954dc..37744f5680 100644
--- a/tags/cloud.html
+++ b/tags/cloud.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/cloud/feed.xml b/tags/cloud/feed.xml
index 5d4812e7ec..d0b2524346 100644
--- a/tags/cloud/feed.xml
+++ b/tags/cloud/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in cloud on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/cloud/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/cloud/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>AMD und 128 cores</title>
       <link>https://blog.koehntopp.info/2021/11/08/amd-und-128-cores.html</link>
diff --git a/tags/cluster.html b/tags/cluster.html
index 76d30288bd..0bf2e979f7 100644
--- a/tags/cluster.html
+++ b/tags/cluster.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/cluster/feed.xml b/tags/cluster/feed.xml
index 074530e223..8e832537f6 100644
--- a/tags/cluster/feed.xml
+++ b/tags/cluster/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in cluster on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/cluster/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/cluster/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>HDFS - billig im Cluster speichern</title>
       <link>https://blog.koehntopp.info/2012/06/11/hdfs-billig-im-cluster-speichern.html</link>
diff --git a/tags/comic.html b/tags/comic.html
index 0bf25ef612..ead0111bb8 100644
--- a/tags/comic.html
+++ b/tags/comic.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/comic/feed.xml b/tags/comic/feed.xml
index b87208c942..c563845f09 100644
--- a/tags/comic/feed.xml
+++ b/tags/comic/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in comic on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/comic/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/comic/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Fertig gelesen: Whatever happened to the world of tomorrow?</title>
       <link>https://blog.koehntopp.info/2012/08/29/fertig-gelesen-whatever-happened-to-the-world-of-tomorrow.html</link>
diff --git a/tags/commodore.html b/tags/commodore.html
index 05a74a427f..8536cac1de 100644
--- a/tags/commodore.html
+++ b/tags/commodore.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/commodore/feed.xml b/tags/commodore/feed.xml
index 0178c6794e..72847e227f 100644
--- a/tags/commodore/feed.xml
+++ b/tags/commodore/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in commodore on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/commodore/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/commodore/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>FCopy (Commodore 64)</title>
       <link>https://blog.koehntopp.info/2011/07/17/fcopy-commodore-64.html</link>
diff --git a/tags/community.html b/tags/community.html
index 6688ba1679..9f87db035f 100644
--- a/tags/community.html
+++ b/tags/community.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/community/feed.xml b/tags/community/feed.xml
index 92d92d9633..feb49f91e6 100644
--- a/tags/community/feed.xml
+++ b/tags/community/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in community on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/community/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/community/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Community Management?</title>
       <link>https://blog.koehntopp.info/2017/08/23/community-management.html</link>
diff --git a/tags/computer.html b/tags/computer.html
index 8f03007fe8..30fba77281 100644
--- a/tags/computer.html
+++ b/tags/computer.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/computer/feed.xml b/tags/computer/feed.xml
index 00b760f8a4..56b0ddc5d0 100644
--- a/tags/computer/feed.xml
+++ b/tags/computer/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in computer on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/computer/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/computer/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Invalid-UTF8 vs the filesystem</title>
       <link>https://blog.koehntopp.info/2023/09/14/invalid-utf8-vs-the-filesystem.html</link>
diff --git a/tags/container.html b/tags/container.html
index cafec92288..1896b1c82e 100644
--- a/tags/container.html
+++ b/tags/container.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/container/feed.xml b/tags/container/feed.xml
index 01fc89a681..beb59b93df 100644
--- a/tags/container/feed.xml
+++ b/tags/container/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in container on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/container/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/container/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Swap and Memory Pressure: How Developers think to how Operations people think</title>
       <link>https://blog.koehntopp.info/2018/01/22/swap-and-memory-pressure-how-developers-think-to-how-operations-people-think.html</link>
diff --git a/tags/containers.html b/tags/containers.html
index 77a9edc62b..836aa58f21 100644
--- a/tags/containers.html
+++ b/tags/containers.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/containers/feed.xml b/tags/containers/feed.xml
index 2093ae61bf..b5b1f8a612 100644
--- a/tags/containers/feed.xml
+++ b/tags/containers/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in containers on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/containers/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/containers/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Something Kubernetes Containers</title>
       <link>https://blog.koehntopp.info/2017/06/03/something-kubernetes-containers.html</link>
diff --git a/tags/cookie.html b/tags/cookie.html
index 5d16619d22..04e6cd5f47 100644
--- a/tags/cookie.html
+++ b/tags/cookie.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/cookie/feed.xml b/tags/cookie/feed.xml
index 73f1f804df..b2357933e6 100644
--- a/tags/cookie/feed.xml
+++ b/tags/cookie/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in cookie on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/cookie/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/cookie/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>IVW jetzt &#34;datenschutzkonform&#34; (Updated)</title>
       <link>https://blog.koehntopp.info/2011/08/10/ivw-jetzt-datenschutzkonform-updated.html</link>
diff --git a/tags/copyright.html b/tags/copyright.html
index 5fbc3fc48e..6a4425d2f3 100644
--- a/tags/copyright.html
+++ b/tags/copyright.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/copyright/feed.xml b/tags/copyright/feed.xml
index 8c96138560..702662f7c8 100644
--- a/tags/copyright/feed.xml
+++ b/tags/copyright/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in copyright on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/copyright/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/copyright/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>So what is the state of the Ads mess?</title>
       <link>https://blog.koehntopp.info/2017/10/13/so-what-is-the-state-of-the-ads-mess.html</link>
diff --git a/tags/cthulhu.html b/tags/cthulhu.html
index be32655f4a..13fb24e933 100644
--- a/tags/cthulhu.html
+++ b/tags/cthulhu.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/cthulhu/feed.xml b/tags/cthulhu/feed.xml
index 29f0b09152..44442655e7 100644
--- a/tags/cthulhu/feed.xml
+++ b/tags/cthulhu/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in cthulhu on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/cthulhu/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/cthulhu/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Fermi vs. Fhtagn</title>
       <link>https://blog.koehntopp.info/2017/06/26/fermi-vs-fhtagn.html</link>
diff --git a/tags/cyborg.html b/tags/cyborg.html
index 8c1d192fae..6ca1076358 100644
--- a/tags/cyborg.html
+++ b/tags/cyborg.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/cyborg/feed.xml b/tags/cyborg/feed.xml
index 701f3cf19b..89623463f5 100644
--- a/tags/cyborg/feed.xml
+++ b/tags/cyborg/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in cyborg on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/cyborg/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/cyborg/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Schnitzeljagd 2010 - Die Rache der Cyborgs</title>
       <link>https://blog.koehntopp.info/2010/12/15/schnitzeljagd-2010-die-rache-der-cyborgs.html</link>
diff --git a/tags/cycling.html b/tags/cycling.html
index da4aa1c29c..cc2a739bfd 100644
--- a/tags/cycling.html
+++ b/tags/cycling.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/cycling/feed.xml b/tags/cycling/feed.xml
index 05d8122490..831aadc305 100644
--- a/tags/cycling/feed.xml
+++ b/tags/cycling/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in cycling on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/cycling/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/cycling/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Safe Biking: It&#39;s not the right of way that&#39;s wrong</title>
       <link>https://blog.koehntopp.info/2020/10/22/safe-biking-its-not-the-right-of-way-thats-wrong.html</link>
diff --git a/tags/damals.html b/tags/damals.html
index b840334ac8..a346cad96e 100644
--- a/tags/damals.html
+++ b/tags/damals.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/damals/feed.xml b/tags/damals/feed.xml
index da0398ef61..3da158ce0e 100644
--- a/tags/damals/feed.xml
+++ b/tags/damals/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in damals on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/damals/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/damals/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Everything was a file, but we got better</title>
       <link>https://blog.koehntopp.info/2019/11/14/everything-was-a-file-but-we-got-better.html</link>
diff --git a/tags/data-center.html b/tags/data-center.html
index f395cf684c..2c1e2f0583 100644
--- a/tags/data-center.html
+++ b/tags/data-center.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/data-center/feed.xml b/tags/data-center/feed.xml
index 0e7e1e45d6..ceaf695ade 100644
--- a/tags/data-center/feed.xml
+++ b/tags/data-center/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in data center on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/data-center/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/data-center/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Don&#39;t say Backup, say Restore</title>
       <link>https://blog.koehntopp.info/2023/08/23/dont-say-backup-say-restore.html</link>
diff --git a/tags/data-warehouse.html b/tags/data-warehouse.html
index 68131b1ec4..e25afaf2ce 100644
--- a/tags/data-warehouse.html
+++ b/tags/data-warehouse.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/data-warehouse/feed.xml b/tags/data-warehouse/feed.xml
index a21e554dea..dff18ec0b6 100644
--- a/tags/data-warehouse/feed.xml
+++ b/tags/data-warehouse/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in data warehouse on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/data-warehouse/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/data-warehouse/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>From Hadoop to HTAP?</title>
       <link>https://blog.koehntopp.info/2022/12/23/from-hadoop-to-htap.html</link>
diff --git a/tags/database.html b/tags/database.html
index 9a8db4fabd..d2588df03c 100644
--- a/tags/database.html
+++ b/tags/database.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/database/feed.xml b/tags/database/feed.xml
index 279d6a3493..93d60eec0e 100644
--- a/tags/database/feed.xml
+++ b/tags/database/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in database on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/database/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/database/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>MySQL: InnoDB Fragmentation</title>
       <link>https://blog.koehntopp.info/2023/07/06/mysql-innodb-fragmentation.html</link>
diff --git a/tags/debug.html b/tags/debug.html
index a15e0ad9c2..65e252f535 100644
--- a/tags/debug.html
+++ b/tags/debug.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/debug/feed.xml b/tags/debug/feed.xml
index 5d94c5155d..b82b5c5701 100644
--- a/tags/debug/feed.xml
+++ b/tags/debug/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in debug on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/debug/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/debug/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Tracing Python</title>
       <link>https://blog.koehntopp.info/2023/03/14/tracing-python.html</link>
diff --git a/tags/demail.html b/tags/demail.html
index 1e8d4ba7bb..8312582775 100644
--- a/tags/demail.html
+++ b/tags/demail.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/demail/feed.xml b/tags/demail/feed.xml
index a1828abe61..15de6d8826 100644
--- a/tags/demail/feed.xml
+++ b/tags/demail/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in demail on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/demail/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/demail/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>DE-Mail - Wieso Sicherheit?</title>
       <link>https://blog.koehntopp.info/2010/07/22/de-mail-wieso-sicherheit.html</link>
diff --git a/tags/detebe.html b/tags/detebe.html
index d43164ddfa..8ef97b27a0 100644
--- a/tags/detebe.html
+++ b/tags/detebe.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/detebe/feed.xml b/tags/detebe/feed.xml
index 5a1e531d3b..69778fa084 100644
--- a/tags/detebe/feed.xml
+++ b/tags/detebe/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in detebe on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/detebe/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/detebe/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Lu Ser</title>
       <link>https://blog.koehntopp.info/1996/03/23/lu-ser.html</link>
diff --git a/tags/development.html b/tags/development.html
index b7deb1a7cb..a29321ae1e 100644
--- a/tags/development.html
+++ b/tags/development.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/development/feed.xml b/tags/development/feed.xml
index 7a665011f7..70b424c5d9 100644
--- a/tags/development/feed.xml
+++ b/tags/development/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in development on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/development/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/development/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Jetbrains Remote Development</title>
       <link>https://blog.koehntopp.info/2022/06/27/jetbrains-remote-development.html</link>
diff --git a/tags/devops.html b/tags/devops.html
index 5ee7bb7daa..87ee0d86a0 100644
--- a/tags/devops.html
+++ b/tags/devops.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/devops/feed.xml b/tags/devops/feed.xml
index bf1495231a..5d25039a88 100644
--- a/tags/devops/feed.xml
+++ b/tags/devops/feed.xml
@@ -6,7 +6,140 @@
     <description>Recent content in devops on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/devops/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/devops/feed.xml" rel="self" type="application/rss+xml" />
+    <item>
+      <title>Deploying websites - an escalation</title>
+      <link>https://blog.koehntopp.info/2024/01/09/deploying-websites.html</link>
+      <pubDate>Tue, 09 Jan 2024 05:06:07 +0000</pubDate>
+      
+      <guid>https://blog.koehntopp.info/2024/01/09/deploying-websites.html</guid>
+      <description>&lt;p&gt;We are still playing minecraft.
+This time it is a highly modded Fabric server, which requires more memory than the old box had.
+The new box has 12 cores, 128 GB of memory, and two nice SSD.
+It is pretty nifty.&lt;/p&gt;
+&lt;h1 id=&#34;a-simple-problem-easily-solved-by-ansible&#34;&gt;
+    &lt;a href=&#34;#a-simple-problem-easily-solved-by-ansible&#34;&gt;
+	A simple problem, easily solved by Ansible.
+    &lt;/a&gt;
+&lt;/h1&gt;
+&lt;p&gt;The machine also needs some kind of webserver to run websites.
+An easy problem to solve, naturally.&lt;/p&gt;
+&lt;p&gt;A bit of Ansible, deploy a few config files into the system and be done with it.&lt;/p&gt;
+&lt;p&gt;Only, these are different types of websites, and over time additional sites are being added.
+When a new website is being added, we need to collect all website names&lt;br&gt;
+and generate an
+&lt;a href=&#34;https://httpd.apache.org/docs/2.4/mod/mod_md.html#mdomain&#34; target=&#34;_blank&#34; rel=&#34;noopener&#34;&gt;&lt;code&gt;MDomain&lt;/code&gt;&lt;/a&gt;
+
+
+statement in the config for Apache&amp;rsquo;s
+&lt;a href=&#34;https://httpd.apache.org/docs/2.4/mod/mod_md.html&#34; target=&#34;_blank&#34; rel=&#34;noopener&#34;&gt;&lt;code&gt;mod_md&lt;/code&gt;&lt;/a&gt;
+
+.
+This module will then automatically the necessary certificates for the webserver&amp;rsquo;s TLS.&lt;/p&gt;
+&lt;p&gt;Collecting all domain names from the configuration files can be done that in Ansible, but it kind of hurts.
+Ansible works best when you run it to deploy a few templated config files, and then have services doing the actual work.&lt;/p&gt;
+&lt;p&gt;It is also more complicated than this, because we have different types of websites.
+Initially we had only&lt;/p&gt;
+&lt;ul&gt;
+&lt;li&gt;&lt;code&gt;static sites&lt;/code&gt; (&lt;code&gt;https://example.com&lt;/code&gt;)&lt;/li&gt;
+&lt;li&gt;We also needed &lt;code&gt;redirect_sites&lt;/code&gt; (&lt;code&gt;https://www.example.com&lt;/code&gt; -&amp;gt; &lt;code&gt;https://example.com&lt;/code&gt;)&lt;/li&gt;
+&lt;li&gt;We also needed reverse proxies for applications (&lt;code&gt;https://grafana.example.com&lt;/code&gt; -&amp;gt; &lt;code&gt;https://localhost:3000&lt;/code&gt;)&lt;/li&gt;
+&lt;li&gt;Then we also needed the &lt;code&gt;wsgi_site&lt;/code&gt; deployed.&lt;/li&gt;
+&lt;/ul&gt;
+&lt;p&gt;But a &lt;code&gt;wsgi_site&lt;/code&gt; needs to be redeployed when the code has changed on GitHub.
+Also, initial deployment of a &lt;code&gt;wsgi_site&lt;/code&gt; needs to create a user,
+and initial checkout of the code into the users home,
+and installation of the requirements.&lt;/p&gt;
+&lt;p&gt;After a code update, the server needs to be restarted.&lt;/p&gt;
+&lt;h1 id=&#34;this-actually-needs-a-shell-script&#34;&gt;
+    &lt;a href=&#34;#this-actually-needs-a-shell-script&#34;&gt;
+	This actually needs a shell script
+    &lt;/a&gt;
+&lt;/h1&gt;
+&lt;p&gt;Okay, let&amp;rsquo;s not do this in Ansible.
+Let&amp;rsquo;s write a simple and easy shell script for this.&lt;/p&gt;
+&lt;p&gt;That kind of worked, initially, but quickly fell apart when the number of variants grew,
+error checking became complicated.&lt;/p&gt;
+&lt;p&gt;Ultimately, it broke when we needed to collect and store per-site config parameters as a JSON, and act on it.
+The moment you write shell functions with parameters, traps and other bells and whistles,
+it is time to cut your losses and start over differently.
+In this case, in Python.&lt;/p&gt;
+&lt;h1 id=&#34;enter-deploy-a-python-cli-application&#34;&gt;
+    &lt;a href=&#34;#enter-deploy-a-python-cli-application&#34;&gt;
+	Enter &lt;code&gt;deploy&lt;/code&gt;, a Python CLI application
+    &lt;/a&gt;
+&lt;/h1&gt;
+&lt;p&gt;In the current intermediate stage, this is a Python script of 32 KB and around 1000 lines.&lt;/p&gt;
+&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;o&#34;&gt;[&lt;/span&gt;root@bigbox ~&lt;span class=&#34;o&#34;&gt;]&lt;/span&gt;&lt;span class=&#34;c1&#34;&gt;# wc -l Source/deploy/deploy &lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;m&#34;&gt;951&lt;/span&gt; Source/deploy/deploy
+&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;and&lt;/p&gt;
+&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;o&#34;&gt;[&lt;/span&gt;root@bigbox ~&lt;span class=&#34;o&#34;&gt;]&lt;/span&gt;&lt;span class=&#34;c1&#34;&gt;#  ls -l Source/deploy/deploy&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;-rwxr-xr-x. &lt;span class=&#34;m&#34;&gt;1&lt;/span&gt; root root &lt;span class=&#34;m&#34;&gt;31428&lt;/span&gt; Jan  &lt;span class=&#34;m&#34;&gt;8&lt;/span&gt; 18:42 Source/deploy/deploy
+&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;It understands the five types of server outlined above, and can handle a number of different operations for them.&lt;/p&gt;
+&lt;ul&gt;
+&lt;li&gt;&lt;code&gt;create&lt;/code&gt; makes a new server-config.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;delete&lt;/code&gt; throws it away.&lt;/li&gt;
+&lt;/ul&gt;
+&lt;p&gt;We store them in a central directory, &lt;code&gt;/etc/projects&lt;/code&gt;, as JSON files.
+For each site type, we accept a number of parameters:&lt;/p&gt;
+&lt;ul&gt;
+&lt;li&gt;&lt;code&gt;--type&lt;/code&gt;, the five types above.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--username&lt;/code&gt;, a Unix User we create for the site.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--github&lt;/code&gt; The source code repository URL.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--hostname&lt;/code&gt; If necessary, this is inferred from the username and the default domain.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--projectdir&lt;/code&gt; Only necessary for anomalously structured Python code.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--to_host&lt;/code&gt; Only for redirects.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--port&lt;/code&gt; Only for proxies.&lt;/li&gt;
+&lt;/ul&gt;
+&lt;p&gt;We now can do&lt;/p&gt;
+&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# deploy show projects&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;...
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- grafana
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;...
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# deploy show grafana&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;*** PROJECT /etc/projects/grafana
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- github    : None
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- hostname  : grafana.example.com
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- port      : &lt;span class=&#34;m&#34;&gt;3000&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- project   : grafana
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- &lt;span class=&#34;nb&#34;&gt;type&lt;/span&gt;      : proxy
+&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;The &lt;code&gt;deploy create --type proxy --hostname grafana.example.com --port 3000&lt;/code&gt; has created an apache configuration,
+built the TLS configuration and restarted the &lt;code&gt;httpd.service&lt;/code&gt; to update things.&lt;/p&gt;
+&lt;p&gt;We can also do more complicated things:&lt;/p&gt;
+&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# deploy create --type wsgi_site --user learn --github ... learn&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;... creates /etc/project/learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# deploy show learn&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;*** PROJECT /etc/projects/learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- github    : git@github.com:.../learn.git
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- home      : /home/learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- hostname  : learn.example.com
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- project   : learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- projectdir: learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- pubkey    : ssh-rsa AAAAB3...cfudtTQ&lt;span class=&#34;o&#34;&gt;==&lt;/span&gt; root@bigbox
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- &lt;span class=&#34;nb&#34;&gt;type&lt;/span&gt;      : wsgi_site
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- username  : learn
+&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;This will create a Linux user, set up a checkout of the GitHub, install requirements, set up a WSGI Apache configuration,
+configure TLS, and restart the server as needed.&lt;/p&gt;
+&lt;p&gt;We can now &lt;code&gt;deploy update learn&lt;/code&gt; or &lt;code&gt;deploy restart learn&lt;/code&gt; to check out a new version and restart the server,
+and we can also &lt;code&gt;deploy logs learn&lt;/code&gt; to tail the server logs for this site.&lt;/p&gt;
+&lt;h1 id=&#34;it-is-still-ugly&#34;&gt;
+    &lt;a href=&#34;#it-is-still-ugly&#34;&gt;
+	It is still ugly
+    &lt;/a&gt;
+&lt;/h1&gt;
+&lt;p&gt;Because this started out as a shell script, it still is ugly.
+There are multiple levels of giant case-branches in this.
+To become a proper solution, it needs a cleaner structure, in a more object-oriented fashion.&lt;/p&gt;
+&lt;p&gt;But already it works better than the shell script it initially was,
+has better error handling and can handle borderline cases more safely.&lt;/p&gt;
+&lt;p&gt;&lt;a href=&#34;https://github.com/isotopp/deploy&#34; target=&#34;_blank&#34; rel=&#34;noopener&#34;&gt;Github&lt;/a&gt;
+
+.&lt;/p&gt;
+</description>
+    </item>
+    
     <item>
       <title>Restic</title>
       <link>https://blog.koehntopp.info/2023/12/30/restic.html</link>
@@ -3428,91 +3561,6 @@ that you cannot afford the administrative barrier between business and execution
 &lt;p&gt;And without having a set of well-understood snd tested quantitative metrics that both sides of the outsourcing relationship
 agree on, it is going to be tough to have a useful discussion about the quality of the services rendered.
 Only mature and somewhat stagnating businesses can be outsourced.&lt;/p&gt;
-</description>
-    </item>
-    
-    <item>
-      <title>Waffle House Index of Tooling</title>
-      <link>https://blog.koehntopp.info/2020/06/08/waffle-house-index-of-tooling.html</link>
-      <pubDate>Mon, 08 Jun 2020 11:46:42 +0000</pubDate>
-      
-      <guid>https://blog.koehntopp.info/2020/06/08/waffle-house-index-of-tooling.html</guid>
-      <description>&lt;p&gt;Charity Majors was &lt;a href=&#34;https://twitter.com/mipsytipsy/status/1268418428542443520&#34; target=&#34;_blank&#34; rel=&#34;noopener&#34;&gt;on fire and on target, again&lt;/a&gt;
-
-:&lt;/p&gt;
-&lt;p&gt;&lt;a href=&#34;https://twitter.com/mipsytipsy/status/1268418428542443520&#34; target=&#34;_blank&#34; rel=&#34;noopener&#34;&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2020/06/waffle-house-index.png&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/a&gt;
-
-&lt;/p&gt;
-&lt;p&gt;What is a &lt;a href=&#34;https://en.wikipedia.org/wiki/Waffle_House_Index#Levels&#34; target=&#34;_blank&#34; rel=&#34;noopener&#34;&gt;Waffle House Index&lt;/a&gt;
-
-?&lt;/p&gt;
-&lt;blockquote&gt;
-&lt;p&gt;The Waffle House Index is an informal metric named after the Waffle House restaurant chain and is used by the Federal Emergency Management Agency (FEMA) to determine the effect of a storm and the &lt;strong&gt;likely scale of assistance required for disaster recovery&lt;/strong&gt;.&lt;/p&gt;
-&lt;/blockquote&gt;
-&lt;p&gt;A &amp;ldquo;Waffle House Index for Tooling&amp;rdquo; would be an indicator how bad the situation on the ground in an IT department is. Charity Majors suggest &amp;ldquo;CPU load alerts&amp;rdquo; as a tooling emergency indicator.&lt;/p&gt;
-&lt;p&gt;Why? CPU load or %CPU used is a useful metric, because it tells you how &amp;ldquo;full&amp;rdquo; the compute part of a thing is.&lt;/p&gt;
-&lt;h3 id=&#34;rightsizing-capacity-is-not-easy&#34;&gt;
-    &lt;a href=&#34;#rightsizing-capacity-is-not-easy&#34;&gt;
-	&amp;ldquo;Rightsizing capacity&amp;rdquo; is not easy
-    &lt;/a&gt;
-&lt;/h3&gt;
-&lt;p&gt;Alerting on it is a very weird idea, though, and still I find people doing this all of the time. Usually these people are in dire need of a better education, though.&lt;/p&gt;
-&lt;p&gt;If you right size your infrastructure, your goal is to have as little overhead as possible in provisioned resources: Only provision as little as needed, just as much as necessary to deliver.&lt;/p&gt;
-&lt;p&gt;But if you did that, a CPU alert would be going off all of the time, because ideally you want your boxes loaded to the limit, right?&lt;/p&gt;
-&lt;h3 id=&#34;alerting-or-provisioning&#34;&gt;
-    &lt;a href=&#34;#alerting-or-provisioning&#34;&gt;
-	Alerting or provisioning?
-    &lt;/a&gt;
-&lt;/h3&gt;
-&lt;p&gt;Or you can&amp;rsquo;t, because this is complicated: there are a lot of preconditions that go into even being able to load boxes to this limit. If you can&amp;rsquo;t, then a CPU load alert would also be useless, because it would either never fire, or if it did, it would be too late.&lt;/p&gt;
-&lt;p&gt;Web workloads, specifically, are usually spiky. Your workload may be within the provisioned capacity most of the time, but there will be very sudden, very short spikes that are not. These spikes are usually way shorter than the time it takes to grow your capacity. The way to handle that is to provision not for a median needed capacity, or even low 90ies percentile of required capacity, but to provision for max or 99.9 in order to be able to ride the waves.&lt;/p&gt;
-&lt;p&gt;If you alert on CPU load in such an environment, by the time the alert goes off, it will be too late already. Also, if you could alert, you could also size.&lt;/p&gt;
-&lt;h3 id=&#34;experimentation-has-effects-on-capacity&#34;&gt;
-    &lt;a href=&#34;#experimentation-has-effects-on-capacity&#34;&gt;
-	Experimentation has effects on capacity
-    &lt;/a&gt;
-&lt;/h3&gt;
-&lt;p&gt;Or you may be in an environment where the code is unpredictable, because you change it a lot with experiments going in and out of the codebase, or from 1%-on to full-on.&lt;/p&gt;
-&lt;p&gt;When experimenting, it is important to expose code to users really quickly. That code being efficient is not a priority, because most of it will be scrapped as having a net-negative outcome anyway. It is not worth it putting engineering into code before you have the business side of things right.&lt;/p&gt;
-&lt;p&gt;Being able to run experiments means you need to overprovision capacity.&lt;/p&gt;
-&lt;h3 id=&#34;detailed-many-dimensional-highly-tagged-metrics&#34;&gt;
-    &lt;a href=&#34;#detailed-many-dimensional-highly-tagged-metrics&#34;&gt;
-	Detailed, many-dimensional, highly tagged metrics
-    &lt;/a&gt;
-&lt;/h3&gt;
-&lt;p&gt;But that of course means you need to alert on change in variants, and compare code path variants not only with respect to business metrics, but also on technical metrics in order to offset business wins. With proper experimentation, you cannot only say &amp;ldquo;This code is making us x Euro/h richer than the base variant.&amp;rdquo; You also need to be able to say &amp;ldquo;To run this we will have to pay y Euro/h more&amp;rdquo; and &amp;ldquo;Refactoring this for efficiency will cost z Euro in Engineering Time over a potential lifecycle of n hours, so y Euro/h more&amp;rdquo;.&lt;/p&gt;
-&lt;p&gt;This not only enables quantified reasoning over the change the experiment introduces, but also about how to proceed with the codebase when it goes full-on: Do we leave it as is and just buy more machinery, or do we put engineers on it to make it nice?&lt;/p&gt;
-&lt;h3 id=&#34;production-load-testing-numbers-for-capacity&#34;&gt;
-    &lt;a href=&#34;#production-load-testing-numbers-for-capacity&#34;&gt;
-	Production load testing numbers for capacity
-    &lt;/a&gt;
-&lt;/h3&gt;
-&lt;p&gt;But in order to allow developers to experiment safely, you need to have accurate capacity metrics, which CPU load is not. Testing in production, safely, specifically automated load tests with actual production users and separate monitoring of experiment codepaths (and consumption attribution at the request level to experiment variants) will provide these numbers.&lt;/p&gt;
-&lt;p&gt;And that is the way to go: From reactive scaling (&amp;ldquo;CPU Load too high, raise capacity&amp;rdquo;) to predictive scaling (&amp;ldquo;Our capacity is x req/m per box, and we have n. Evening peak will be m, so we need y boxen more by 16:00.&amp;rdquo;). Which brings us back to the spiky loads where we started.&lt;/p&gt;
-&lt;h2 id=&#34;tldr&#34;&gt;
-    &lt;a href=&#34;#tldr&#34;&gt;
-	TL;DR
-    &lt;/a&gt;
-&lt;/h2&gt;
-&lt;ul&gt;
-&lt;li&gt;If CPU load alerting worked, reactive autoscaling would work, too.&lt;/li&gt;
-&lt;li&gt;In a web workload environment, it usually doesn&amp;rsquo;t.&lt;/li&gt;
-&lt;li&gt;If you experiment, you need to attribute cost and benefit to experiment variants.
-&lt;ul&gt;
-&lt;li&gt;That means load tests with production users.&lt;/li&gt;
-&lt;li&gt;That means detailed, many-dimensional metrics with many tags, and a lot of ad-hoc metrics exploration.&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;Once you have that, you are also ready for predictive autoscaling, which actually works.&lt;/li&gt;
-&lt;/ul&gt;
-&lt;p&gt;and&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;If your shop uses CPU load alerting, chances are that their tooling and education is in need of emergency updating.&lt;/li&gt;
-&lt;/ul&gt;
 </description>
     </item>
     
diff --git a/tags/discord.html b/tags/discord.html
index 1ddb5162e0..afd96a8197 100644
--- a/tags/discord.html
+++ b/tags/discord.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/discord/feed.xml b/tags/discord/feed.xml
index 5f8ad49dbc..b7e0258fca 100644
--- a/tags/discord/feed.xml
+++ b/tags/discord/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in discord on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/discord/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/discord/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Note to self: Archiving Discord Chats</title>
       <link>https://blog.koehntopp.info/2020/05/18/note-to-self-archiving-discord-chats.html</link>
diff --git a/tags/distributed-computing.html b/tags/distributed-computing.html
index 76bcc97904..3f95aae126 100644
--- a/tags/distributed-computing.html
+++ b/tags/distributed-computing.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/distributed-computing/feed.xml b/tags/distributed-computing/feed.xml
index 5cbf056df7..d87bcbdacd 100644
--- a/tags/distributed-computing/feed.xml
+++ b/tags/distributed-computing/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in distributed computing on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/distributed-computing/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/distributed-computing/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Konsenssysteme</title>
       <link>https://blog.koehntopp.info/2019/09/03/konsenssysteme.html</link>
diff --git a/tags/docker.html b/tags/docker.html
index 6a94685620..843b3ee24c 100644
--- a/tags/docker.html
+++ b/tags/docker.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/docker/feed.xml b/tags/docker/feed.xml
index 5d77d7d9b8..ca2de5c071 100644
--- a/tags/docker/feed.xml
+++ b/tags/docker/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in docker on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/docker/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/docker/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Gitlab in Docker</title>
       <link>https://blog.koehntopp.info/2020/11/22/gitlab-in-docker.html</link>
diff --git a/tags/dropbox.html b/tags/dropbox.html
index ac026f62aa..2a6d91746a 100644
--- a/tags/dropbox.html
+++ b/tags/dropbox.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/dropbox/feed.xml b/tags/dropbox/feed.xml
index e8f316b536..34555e7587 100644
--- a/tags/dropbox/feed.xml
+++ b/tags/dropbox/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in dropbox on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/dropbox/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/dropbox/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Verschlüsselt Dropbox überhaupt?</title>
       <link>https://blog.koehntopp.info/2011/04/26/verschluesselt-dropbox-ueberhaupt.html</link>
diff --git a/tags/drsrm.html b/tags/drsrm.html
index b76883ecf8..7e27d591b6 100644
--- a/tags/drsrm.html
+++ b/tags/drsrm.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/drsrm/feed.xml b/tags/drsrm/feed.xml
index 564845606a..49ccbb1f11 100644
--- a/tags/drsrm/feed.xml
+++ b/tags/drsrm/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in drsrm on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/drsrm/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/drsrm/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>drsrm 2008: Primetime Adventures</title>
       <link>https://blog.koehntopp.info/2008/10/05/drsrm-2008-primetime-adventures.html</link>
diff --git a/tags/elite-dangerous.html b/tags/elite-dangerous.html
index 039179d348..9cd8ad443a 100644
--- a/tags/elite-dangerous.html
+++ b/tags/elite-dangerous.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/elite-dangerous/feed.xml b/tags/elite-dangerous/feed.xml
index 92ea415a17..114f9a98df 100644
--- a/tags/elite-dangerous/feed.xml
+++ b/tags/elite-dangerous/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in elite dangerous on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/elite-dangerous/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/elite-dangerous/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Elite</title>
       <link>https://blog.koehntopp.info/2023/09/20/elite.html</link>
diff --git a/tags/energy.html b/tags/energy.html
index 7b7f43a31c..4b8f545048 100644
--- a/tags/energy.html
+++ b/tags/energy.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/energy/feed.xml b/tags/energy/feed.xml
index 12a19395cf..e1d6dd7220 100644
--- a/tags/energy/feed.xml
+++ b/tags/energy/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in energy on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/energy/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/energy/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Solarenergie 2022 vs. 2023</title>
       <link>https://blog.koehntopp.info/2023/09/27/solarenergie-2022-vs-2023.html</link>
diff --git a/tags/erklaerbaer.html b/tags/erklaerbaer.html
index 1a73a4700a..1a2fdcdcef 100644
--- a/tags/erklaerbaer.html
+++ b/tags/erklaerbaer.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/erklaerbaer/feed.xml b/tags/erklaerbaer/feed.xml
index d4b553be46..bd72418b5b 100644
--- a/tags/erklaerbaer/feed.xml
+++ b/tags/erklaerbaer/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in erklaerbaer on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/erklaerbaer/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/erklaerbaer/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Sitzende Tätigkeit</title>
       <link>https://blog.koehntopp.info/2023/10/10/sitzende-taetigkeit.html</link>
diff --git a/tags/fantasy.html b/tags/fantasy.html
index c3e3510eb7..2a057b57a3 100644
--- a/tags/fantasy.html
+++ b/tags/fantasy.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/fantasy/feed.xml b/tags/fantasy/feed.xml
index e617addb59..117048fc6c 100644
--- a/tags/fantasy/feed.xml
+++ b/tags/fantasy/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in fantasy on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/fantasy/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/fantasy/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Fertig gelesen: Das Spielhaus</title>
       <link>https://blog.koehntopp.info/2018/09/25/fertig-gelesen-das-spielhaus.html</link>
diff --git a/tags/fediverse.html b/tags/fediverse.html
index da387c952a..848b35d5ca 100644
--- a/tags/fediverse.html
+++ b/tags/fediverse.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/fediverse/feed.xml b/tags/fediverse/feed.xml
index a4e9e8fa41..a0dc82c12c 100644
--- a/tags/fediverse/feed.xml
+++ b/tags/fediverse/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in fediverse on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/fediverse/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/fediverse/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Mastodon Interaction Counters</title>
       <link>https://blog.koehntopp.info/2023/01/25/mastodon-interaction-counters.html</link>
diff --git a/tags/feed.xml b/tags/feed.xml
index 355c957f27..1e4b9b2768 100644
--- a/tags/feed.xml
+++ b/tags/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in Tags on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:03 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>internet</title>
       <link>https://blog.koehntopp.info/tags/internet.html</link>
@@ -62,29 +62,29 @@
     </item>
     
     <item>
-      <title>linux</title>
-      <link>https://blog.koehntopp.info/tags/linux.html</link>
+      <title>lang_en</title>
+      <link>https://blog.koehntopp.info/tags/lang_en.html</link>
       <pubDate></pubDate>
       
-      <guid>https://blog.koehntopp.info/tags/linux.html</guid>
+      <guid>https://blog.koehntopp.info/tags/lang_en.html</guid>
       <description></description>
     </item>
     
     <item>
-      <title>apple</title>
-      <link>https://blog.koehntopp.info/tags/apple.html</link>
+      <title>linux</title>
+      <link>https://blog.koehntopp.info/tags/linux.html</link>
       <pubDate></pubDate>
       
-      <guid>https://blog.koehntopp.info/tags/apple.html</guid>
+      <guid>https://blog.koehntopp.info/tags/linux.html</guid>
       <description></description>
     </item>
     
     <item>
-      <title>lang_en</title>
-      <link>https://blog.koehntopp.info/tags/lang_en.html</link>
+      <title>apple</title>
+      <link>https://blog.koehntopp.info/tags/apple.html</link>
       <pubDate></pubDate>
       
-      <guid>https://blog.koehntopp.info/tags/lang_en.html</guid>
+      <guid>https://blog.koehntopp.info/tags/apple.html</guid>
       <description></description>
     </item>
     
diff --git a/tags/filesystems.html b/tags/filesystems.html
index 0f90242e9d..dd3663d85f 100644
--- a/tags/filesystems.html
+++ b/tags/filesystems.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/filesystems/feed.xml b/tags/filesystems/feed.xml
index ea43c0f2d4..03cbfad1d4 100644
--- a/tags/filesystems/feed.xml
+++ b/tags/filesystems/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in filesystems on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/filesystems/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/filesystems/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Invalid-UTF8 vs the filesystem</title>
       <link>https://blog.koehntopp.info/2023/09/14/invalid-utf8-vs-the-filesystem.html</link>
diff --git a/tags/film.html b/tags/film.html
index c053e126ea..c3ddcb71a2 100644
--- a/tags/film.html
+++ b/tags/film.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/film/feed.xml b/tags/film/feed.xml
index 085abb22b4..4a4c7e6dbe 100644
--- a/tags/film/feed.xml
+++ b/tags/film/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in film on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/film/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/film/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>JMStV: Nix neues</title>
       <link>https://blog.koehntopp.info/2011/12/05/jmstv-nix-neues.html</link>
diff --git a/tags/fluffy-fluff.html b/tags/fluffy-fluff.html
index e4e6e95d02..41789f7e68 100644
--- a/tags/fluffy-fluff.html
+++ b/tags/fluffy-fluff.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/fluffy-fluff/feed.xml b/tags/fluffy-fluff/feed.xml
index f2bc30905b..89dd277661 100644
--- a/tags/fluffy-fluff/feed.xml
+++ b/tags/fluffy-fluff/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in fluffy fluff on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/fluffy-fluff/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/fluffy-fluff/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>T-Shirts selbst designen</title>
       <link>https://blog.koehntopp.info/2023/08/17/t-shirts-selbst-designen.html</link>
diff --git a/tags/free-software.html b/tags/free-software.html
index 83264d72d3..281816765c 100644
--- a/tags/free-software.html
+++ b/tags/free-software.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/free-software/feed.xml b/tags/free-software/feed.xml
index 7c62eb6daf..4ed1bc85bd 100644
--- a/tags/free-software/feed.xml
+++ b/tags/free-software/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in free software on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/free-software/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/free-software/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>A Revolution Devours Its Children</title>
       <link>https://blog.koehntopp.info/2023/11/11/a-revolution-devours-its-children.html</link>
diff --git a/tags/gaming.html b/tags/gaming.html
index 37e9ece9b5..9f0f73e720 100644
--- a/tags/gaming.html
+++ b/tags/gaming.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/gaming/feed.xml b/tags/gaming/feed.xml
index 7be6dd339f..6a4db2e5aa 100644
--- a/tags/gaming/feed.xml
+++ b/tags/gaming/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in gaming on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/gaming/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/gaming/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Elite</title>
       <link>https://blog.koehntopp.info/2023/09/20/elite.html</link>
diff --git a/tags/germany.html b/tags/germany.html
index 15a5716290..afb8a8e9f7 100644
--- a/tags/germany.html
+++ b/tags/germany.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/germany/feed.xml b/tags/germany/feed.xml
index 4b5de3c9ec..34e92d527c 100644
--- a/tags/germany/feed.xml
+++ b/tags/germany/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in germany on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/germany/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/germany/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Energieverbrauch in Deutschland</title>
       <link>https://blog.koehntopp.info/2022/07/03/energieverbrauch-in-deutschland.html</link>
diff --git a/tags/git.html b/tags/git.html
index 51cfa6d093..91dcb85254 100644
--- a/tags/git.html
+++ b/tags/git.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/git/feed.xml b/tags/git/feed.xml
index 1755523a46..3ca588383d 100644
--- a/tags/git/feed.xml
+++ b/tags/git/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in git on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/git/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/git/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Understanding git</title>
       <link>https://blog.koehntopp.info/2021/10/12/understanding-git.html</link>
diff --git a/tags/golang.html b/tags/golang.html
index ca067e5e89..e000c33381 100644
--- a/tags/golang.html
+++ b/tags/golang.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/golang/feed.xml b/tags/golang/feed.xml
index 4804a66962..6fe2990968 100644
--- a/tags/golang/feed.xml
+++ b/tags/golang/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in golang on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/golang/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/golang/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Grumpy</title>
       <link>https://blog.koehntopp.info/2017/01/25/grumpy.html</link>
diff --git a/tags/google.html b/tags/google.html
index bc79b66f30..a914437a2f 100644
--- a/tags/google.html
+++ b/tags/google.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/google/feed.xml b/tags/google/feed.xml
index d6b1a3d21d..de5af03ec0 100644
--- a/tags/google/feed.xml
+++ b/tags/google/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in google on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/google/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/google/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>ELI5: Epic vs Apple and Google</title>
       <link>https://blog.koehntopp.info/2020/08/14/eli5-epic-vs-apple-and-google.html</link>
diff --git a/tags/hack.html b/tags/hack.html
index f2ea9b1cb5..aab5fcd6ad 100644
--- a/tags/hack.html
+++ b/tags/hack.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/hack/feed.xml b/tags/hack/feed.xml
index d7c74fc8b6..ae6a3601db 100644
--- a/tags/hack/feed.xml
+++ b/tags/hack/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in hack on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/hack/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/hack/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>sshpass</title>
       <link>https://blog.koehntopp.info/2023/09/15/sshpass.html</link>
diff --git a/tags/hadoop.html b/tags/hadoop.html
index 51e1c0c1ad..cf9f831779 100644
--- a/tags/hadoop.html
+++ b/tags/hadoop.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/hadoop/feed.xml b/tags/hadoop/feed.xml
index e1f4260c9f..8db032d88e 100644
--- a/tags/hadoop/feed.xml
+++ b/tags/hadoop/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in hadoop on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/hadoop/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/hadoop/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>On cache problems, and what they mean for the future</title>
       <link>https://blog.koehntopp.info/2017/06/23/on-cache-problems-and-what-they-mean-for-the-future.html</link>
diff --git a/tags/hardware.html b/tags/hardware.html
index fc8ba9ae0b..73b7fa7f42 100644
--- a/tags/hardware.html
+++ b/tags/hardware.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/hardware/feed.xml b/tags/hardware/feed.xml
index 84a7a8102d..3a13b32b2f 100644
--- a/tags/hardware/feed.xml
+++ b/tags/hardware/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in hardware on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/hardware/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/hardware/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>d = a*b&#43;c at scale</title>
       <link>https://blog.koehntopp.info/2017/11/25/d-abc-at-scale.html</link>
diff --git a/tags/home-automation.html b/tags/home-automation.html
index 7157d47cdf..5cf9ed71ac 100644
--- a/tags/home-automation.html
+++ b/tags/home-automation.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/home-automation/feed.xml b/tags/home-automation/feed.xml
index 0f9ca3f4e8..d692f72245 100644
--- a/tags/home-automation/feed.xml
+++ b/tags/home-automation/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in home automation on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/home-automation/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/home-automation/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>My home sensor network</title>
       <link>https://blog.koehntopp.info/2020/11/15/my-home-sensor-network.html</link>
diff --git a/tags/identity.html b/tags/identity.html
index 6c0bd2b8ef..29d7453164 100644
--- a/tags/identity.html
+++ b/tags/identity.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/identity/feed.xml b/tags/identity/feed.xml
index 40a1b93302..3c09319028 100644
--- a/tags/identity/feed.xml
+++ b/tags/identity/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in identity on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/identity/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/identity/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Discord Nitro Spam and 2FA</title>
       <link>https://blog.koehntopp.info/2021/11/30/discord-nitro-spam-and-2fa.html</link>
diff --git a/tags/image.html b/tags/image.html
index 653a1ab9e6..c7dcd69dc5 100644
--- a/tags/image.html
+++ b/tags/image.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/image/feed.xml b/tags/image/feed.xml
index 88ced0798a..93cadabefc 100644
--- a/tags/image/feed.xml
+++ b/tags/image/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in image on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/image/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/image/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Mit dem Schnuppel im Tierpark</title>
       <link>https://blog.koehntopp.info/2012/07/22/mit-dem-schnuppel-im-tierpark.html</link>
diff --git a/tags/index.html b/tags/index.html
index 1b1ef29bbd..ff17a62923 100644
--- a/tags/index.html
+++ b/tags/index.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/inkomploehntopp.html b/tags/inkomploehntopp.html
index d729c4fd68..223c1f4585 100644
--- a/tags/inkomploehntopp.html
+++ b/tags/inkomploehntopp.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/inkomploehntopp/feed.xml b/tags/inkomploehntopp/feed.xml
index cfca8b6aae..500183d2c7 100644
--- a/tags/inkomploehntopp/feed.xml
+++ b/tags/inkomploehntopp/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in inkomploehntopp on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/inkomploehntopp/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/inkomploehntopp/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Lu Ser</title>
       <link>https://blog.koehntopp.info/1996/03/23/lu-ser.html</link>
diff --git a/tags/innodb.html b/tags/innodb.html
index 99f4754eb8..a5bd7c00e9 100644
--- a/tags/innodb.html
+++ b/tags/innodb.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/innodb/feed.xml b/tags/innodb/feed.xml
index af23980fa8..91fcaaf1ad 100644
--- a/tags/innodb/feed.xml
+++ b/tags/innodb/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in innodb on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/innodb/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/innodb/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>MySQL: automatic partitions surely would be nice</title>
       <link>https://blog.koehntopp.info/2020/09/25/mysql-dynamic-partitions-suck.html</link>
diff --git a/tags/internet.html b/tags/internet.html
index ff24086da9..96fcf7febf 100644
--- a/tags/internet.html
+++ b/tags/internet.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/internet/feed.xml b/tags/internet/feed.xml
index fe3c992ad5..992b5eb411 100644
--- a/tags/internet/feed.xml
+++ b/tags/internet/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in internet on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/internet/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/internet/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>JusProg ist nur der Anfang</title>
       <link>https://blog.koehntopp.info/2024/01/16/jusprog-ist-nur-der-anfang.html</link>
diff --git a/tags/iot.html b/tags/iot.html
index e0e6c43ef1..41d26cc5ba 100644
--- a/tags/iot.html
+++ b/tags/iot.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/iot/feed.xml b/tags/iot/feed.xml
index 1410601e13..a7889fc6e0 100644
--- a/tags/iot/feed.xml
+++ b/tags/iot/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in iot on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/iot/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/iot/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Hunga Tonga</title>
       <link>https://blog.koehntopp.info/2022/01/16/hunga-tonga.html</link>
diff --git a/tags/ipv6.html b/tags/ipv6.html
index b0c1af5383..1ce5a0a585 100644
--- a/tags/ipv6.html
+++ b/tags/ipv6.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/ipv6/feed.xml b/tags/ipv6/feed.xml
index 6f9d59a150..3cc8a0374e 100644
--- a/tags/ipv6/feed.xml
+++ b/tags/ipv6/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in ipv6 on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/ipv6/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/ipv6/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Datenschutztheater: dynamische IPv6 Adressen</title>
       <link>https://blog.koehntopp.info/2011/11/09/datenschutztheater-dynamische-ipv6-adressen.html</link>
diff --git a/tags/jugendschutz.html b/tags/jugendschutz.html
index b412d485b9..1ca535ef94 100644
--- a/tags/jugendschutz.html
+++ b/tags/jugendschutz.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/jugendschutz/feed.xml b/tags/jugendschutz/feed.xml
index 3b06e9fb0b..7d8faacc97 100644
--- a/tags/jugendschutz/feed.xml
+++ b/tags/jugendschutz/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in jugendschutz on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/jugendschutz/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/jugendschutz/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>JusProg ist nur der Anfang</title>
       <link>https://blog.koehntopp.info/2024/01/16/jusprog-ist-nur-der-anfang.html</link>
diff --git a/tags/karlsruhe.html b/tags/karlsruhe.html
index 56ad956149..02ee1f0fab 100644
--- a/tags/karlsruhe.html
+++ b/tags/karlsruhe.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/karlsruhe/feed.xml b/tags/karlsruhe/feed.xml
index 34a773106d..75cbc59efb 100644
--- a/tags/karlsruhe/feed.xml
+++ b/tags/karlsruhe/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in karlsruhe on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/karlsruhe/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/karlsruhe/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Es war einmal...</title>
       <link>https://blog.koehntopp.info/2008/02/13/es-war-einmal.html</link>
diff --git a/tags/kernel.html b/tags/kernel.html
index 1590a270aa..e171b2211b 100644
--- a/tags/kernel.html
+++ b/tags/kernel.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/kernel/feed.xml b/tags/kernel/feed.xml
index 54dca36c7e..a85f1b24f9 100644
--- a/tags/kernel/feed.xml
+++ b/tags/kernel/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in kernel on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/kernel/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/kernel/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>But is it atomic?</title>
       <link>https://blog.koehntopp.info/2018/11/29/but-is-it-atomic.html</link>
diff --git a/tags/kiel.html b/tags/kiel.html
index f2de7210f2..46d928740a 100644
--- a/tags/kiel.html
+++ b/tags/kiel.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/kiel/feed.xml b/tags/kiel/feed.xml
index 4700975e96..19430ba2fc 100644
--- a/tags/kiel/feed.xml
+++ b/tags/kiel/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in kiel on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/kiel/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/kiel/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>USENET und Tiernetze</title>
       <link>https://blog.koehntopp.info/2022/12/02/usenet-und-tiernetze.html</link>
diff --git a/tags/kirche.html b/tags/kirche.html
index 9e33339fee..8afa457377 100644
--- a/tags/kirche.html
+++ b/tags/kirche.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/kirche/feed.xml b/tags/kirche/feed.xml
index 1f73ada903..9455559c34 100644
--- a/tags/kirche/feed.xml
+++ b/tags/kirche/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in kirche on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/kirche/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/kirche/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Stoppt die Katholikenflut!</title>
       <link>https://blog.koehntopp.info/2010/05/19/stoppt-die-katholikenflut.html</link>
diff --git a/tags/kryptographie.html b/tags/kryptographie.html
index da70d82d02..d10b0c90dc 100644
--- a/tags/kryptographie.html
+++ b/tags/kryptographie.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/kryptographie/feed.xml b/tags/kryptographie/feed.xml
index 8db239e429..53724b3237 100644
--- a/tags/kryptographie/feed.xml
+++ b/tags/kryptographie/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in kryptographie on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/kryptographie/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/kryptographie/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>The Cryptowars, twenty years ago</title>
       <link>https://blog.koehntopp.info/2017/06/27/the-cryptowars-twenty-years-ago.html</link>
diff --git a/tags/kubernetes.html b/tags/kubernetes.html
index 613e8bfc48..dad6512348 100644
--- a/tags/kubernetes.html
+++ b/tags/kubernetes.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/kubernetes/feed.xml b/tags/kubernetes/feed.xml
index dc18afde8d..c95f40dc82 100644
--- a/tags/kubernetes/feed.xml
+++ b/tags/kubernetes/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in kubernetes on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/kubernetes/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/kubernetes/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Something Kubernetes Containers</title>
       <link>https://blog.koehntopp.info/2017/06/03/something-kubernetes-containers.html</link>
diff --git a/tags/kultur.html b/tags/kultur.html
index 97af5e195c..a5c4c5daf1 100644
--- a/tags/kultur.html
+++ b/tags/kultur.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/kultur/feed.xml b/tags/kultur/feed.xml
index b0202f1b40..2d61c7633f 100644
--- a/tags/kultur/feed.xml
+++ b/tags/kultur/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in kultur on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/kultur/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/kultur/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Discoverable culture: Das Buch als Konversationsstück</title>
       <link>https://blog.koehntopp.info/2012/08/23/discoverable-culture-das-buch-als-konversationsst-ck.html</link>
diff --git a/tags/lang_de.html b/tags/lang_de.html
index 6af1a1eca4..70299e4076 100644
--- a/tags/lang_de.html
+++ b/tags/lang_de.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/lang_de/feed.xml b/tags/lang_de/feed.xml
index 19b8433ab5..0a598bafae 100644
--- a/tags/lang_de/feed.xml
+++ b/tags/lang_de/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in lang_de on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/lang_de/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/lang_de/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>JusProg ist nur der Anfang</title>
       <link>https://blog.koehntopp.info/2024/01/16/jusprog-ist-nur-der-anfang.html</link>
diff --git a/tags/lang_en.html b/tags/lang_en.html
index 48bcb8ba82..501368e9d4 100644
--- a/tags/lang_en.html
+++ b/tags/lang_en.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/lang_en/feed.xml b/tags/lang_en/feed.xml
index dd495293a1..48304adea2 100644
--- a/tags/lang_en/feed.xml
+++ b/tags/lang_en/feed.xml
@@ -6,7 +6,140 @@
     <description>Recent content in lang_en on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/lang_en/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/lang_en/feed.xml" rel="self" type="application/rss+xml" />
+    <item>
+      <title>Deploying websites - an escalation</title>
+      <link>https://blog.koehntopp.info/2024/01/09/deploying-websites.html</link>
+      <pubDate>Tue, 09 Jan 2024 05:06:07 +0000</pubDate>
+      
+      <guid>https://blog.koehntopp.info/2024/01/09/deploying-websites.html</guid>
+      <description>&lt;p&gt;We are still playing minecraft.
+This time it is a highly modded Fabric server, which requires more memory than the old box had.
+The new box has 12 cores, 128 GB of memory, and two nice SSD.
+It is pretty nifty.&lt;/p&gt;
+&lt;h1 id=&#34;a-simple-problem-easily-solved-by-ansible&#34;&gt;
+    &lt;a href=&#34;#a-simple-problem-easily-solved-by-ansible&#34;&gt;
+	A simple problem, easily solved by Ansible.
+    &lt;/a&gt;
+&lt;/h1&gt;
+&lt;p&gt;The machine also needs some kind of webserver to run websites.
+An easy problem to solve, naturally.&lt;/p&gt;
+&lt;p&gt;A bit of Ansible, deploy a few config files into the system and be done with it.&lt;/p&gt;
+&lt;p&gt;Only, these are different types of websites, and over time additional sites are being added.
+When a new website is being added, we need to collect all website names&lt;br&gt;
+and generate an
+&lt;a href=&#34;https://httpd.apache.org/docs/2.4/mod/mod_md.html#mdomain&#34; target=&#34;_blank&#34; rel=&#34;noopener&#34;&gt;&lt;code&gt;MDomain&lt;/code&gt;&lt;/a&gt;
+
+
+statement in the config for Apache&amp;rsquo;s
+&lt;a href=&#34;https://httpd.apache.org/docs/2.4/mod/mod_md.html&#34; target=&#34;_blank&#34; rel=&#34;noopener&#34;&gt;&lt;code&gt;mod_md&lt;/code&gt;&lt;/a&gt;
+
+.
+This module will then automatically the necessary certificates for the webserver&amp;rsquo;s TLS.&lt;/p&gt;
+&lt;p&gt;Collecting all domain names from the configuration files can be done that in Ansible, but it kind of hurts.
+Ansible works best when you run it to deploy a few templated config files, and then have services doing the actual work.&lt;/p&gt;
+&lt;p&gt;It is also more complicated than this, because we have different types of websites.
+Initially we had only&lt;/p&gt;
+&lt;ul&gt;
+&lt;li&gt;&lt;code&gt;static sites&lt;/code&gt; (&lt;code&gt;https://example.com&lt;/code&gt;)&lt;/li&gt;
+&lt;li&gt;We also needed &lt;code&gt;redirect_sites&lt;/code&gt; (&lt;code&gt;https://www.example.com&lt;/code&gt; -&amp;gt; &lt;code&gt;https://example.com&lt;/code&gt;)&lt;/li&gt;
+&lt;li&gt;We also needed reverse proxies for applications (&lt;code&gt;https://grafana.example.com&lt;/code&gt; -&amp;gt; &lt;code&gt;https://localhost:3000&lt;/code&gt;)&lt;/li&gt;
+&lt;li&gt;Then we also needed the &lt;code&gt;wsgi_site&lt;/code&gt; deployed.&lt;/li&gt;
+&lt;/ul&gt;
+&lt;p&gt;But a &lt;code&gt;wsgi_site&lt;/code&gt; needs to be redeployed when the code has changed on GitHub.
+Also, initial deployment of a &lt;code&gt;wsgi_site&lt;/code&gt; needs to create a user,
+and initial checkout of the code into the users home,
+and installation of the requirements.&lt;/p&gt;
+&lt;p&gt;After a code update, the server needs to be restarted.&lt;/p&gt;
+&lt;h1 id=&#34;this-actually-needs-a-shell-script&#34;&gt;
+    &lt;a href=&#34;#this-actually-needs-a-shell-script&#34;&gt;
+	This actually needs a shell script
+    &lt;/a&gt;
+&lt;/h1&gt;
+&lt;p&gt;Okay, let&amp;rsquo;s not do this in Ansible.
+Let&amp;rsquo;s write a simple and easy shell script for this.&lt;/p&gt;
+&lt;p&gt;That kind of worked, initially, but quickly fell apart when the number of variants grew,
+error checking became complicated.&lt;/p&gt;
+&lt;p&gt;Ultimately, it broke when we needed to collect and store per-site config parameters as a JSON, and act on it.
+The moment you write shell functions with parameters, traps and other bells and whistles,
+it is time to cut your losses and start over differently.
+In this case, in Python.&lt;/p&gt;
+&lt;h1 id=&#34;enter-deploy-a-python-cli-application&#34;&gt;
+    &lt;a href=&#34;#enter-deploy-a-python-cli-application&#34;&gt;
+	Enter &lt;code&gt;deploy&lt;/code&gt;, a Python CLI application
+    &lt;/a&gt;
+&lt;/h1&gt;
+&lt;p&gt;In the current intermediate stage, this is a Python script of 32 KB and around 1000 lines.&lt;/p&gt;
+&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;o&#34;&gt;[&lt;/span&gt;root@bigbox ~&lt;span class=&#34;o&#34;&gt;]&lt;/span&gt;&lt;span class=&#34;c1&#34;&gt;# wc -l Source/deploy/deploy &lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;m&#34;&gt;951&lt;/span&gt; Source/deploy/deploy
+&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;and&lt;/p&gt;
+&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;o&#34;&gt;[&lt;/span&gt;root@bigbox ~&lt;span class=&#34;o&#34;&gt;]&lt;/span&gt;&lt;span class=&#34;c1&#34;&gt;#  ls -l Source/deploy/deploy&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;-rwxr-xr-x. &lt;span class=&#34;m&#34;&gt;1&lt;/span&gt; root root &lt;span class=&#34;m&#34;&gt;31428&lt;/span&gt; Jan  &lt;span class=&#34;m&#34;&gt;8&lt;/span&gt; 18:42 Source/deploy/deploy
+&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;It understands the five types of server outlined above, and can handle a number of different operations for them.&lt;/p&gt;
+&lt;ul&gt;
+&lt;li&gt;&lt;code&gt;create&lt;/code&gt; makes a new server-config.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;delete&lt;/code&gt; throws it away.&lt;/li&gt;
+&lt;/ul&gt;
+&lt;p&gt;We store them in a central directory, &lt;code&gt;/etc/projects&lt;/code&gt;, as JSON files.
+For each site type, we accept a number of parameters:&lt;/p&gt;
+&lt;ul&gt;
+&lt;li&gt;&lt;code&gt;--type&lt;/code&gt;, the five types above.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--username&lt;/code&gt;, a Unix User we create for the site.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--github&lt;/code&gt; The source code repository URL.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--hostname&lt;/code&gt; If necessary, this is inferred from the username and the default domain.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--projectdir&lt;/code&gt; Only necessary for anomalously structured Python code.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--to_host&lt;/code&gt; Only for redirects.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--port&lt;/code&gt; Only for proxies.&lt;/li&gt;
+&lt;/ul&gt;
+&lt;p&gt;We now can do&lt;/p&gt;
+&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# deploy show projects&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;...
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- grafana
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;...
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# deploy show grafana&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;*** PROJECT /etc/projects/grafana
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- github    : None
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- hostname  : grafana.example.com
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- port      : &lt;span class=&#34;m&#34;&gt;3000&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- project   : grafana
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- &lt;span class=&#34;nb&#34;&gt;type&lt;/span&gt;      : proxy
+&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;The &lt;code&gt;deploy create --type proxy --hostname grafana.example.com --port 3000&lt;/code&gt; has created an apache configuration,
+built the TLS configuration and restarted the &lt;code&gt;httpd.service&lt;/code&gt; to update things.&lt;/p&gt;
+&lt;p&gt;We can also do more complicated things:&lt;/p&gt;
+&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# deploy create --type wsgi_site --user learn --github ... learn&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;... creates /etc/project/learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# deploy show learn&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;*** PROJECT /etc/projects/learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- github    : git@github.com:.../learn.git
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- home      : /home/learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- hostname  : learn.example.com
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- project   : learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- projectdir: learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- pubkey    : ssh-rsa AAAAB3...cfudtTQ&lt;span class=&#34;o&#34;&gt;==&lt;/span&gt; root@bigbox
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- &lt;span class=&#34;nb&#34;&gt;type&lt;/span&gt;      : wsgi_site
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- username  : learn
+&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;This will create a Linux user, set up a checkout of the GitHub, install requirements, set up a WSGI Apache configuration,
+configure TLS, and restart the server as needed.&lt;/p&gt;
+&lt;p&gt;We can now &lt;code&gt;deploy update learn&lt;/code&gt; or &lt;code&gt;deploy restart learn&lt;/code&gt; to check out a new version and restart the server,
+and we can also &lt;code&gt;deploy logs learn&lt;/code&gt; to tail the server logs for this site.&lt;/p&gt;
+&lt;h1 id=&#34;it-is-still-ugly&#34;&gt;
+    &lt;a href=&#34;#it-is-still-ugly&#34;&gt;
+	It is still ugly
+    &lt;/a&gt;
+&lt;/h1&gt;
+&lt;p&gt;Because this started out as a shell script, it still is ugly.
+There are multiple levels of giant case-branches in this.
+To become a proper solution, it needs a cleaner structure, in a more object-oriented fashion.&lt;/p&gt;
+&lt;p&gt;But already it works better than the shell script it initially was,
+has better error handling and can handle borderline cases more safely.&lt;/p&gt;
+&lt;p&gt;&lt;a href=&#34;https://github.com/isotopp/deploy&#34; target=&#34;_blank&#34; rel=&#34;noopener&#34;&gt;Github&lt;/a&gt;
+
+.&lt;/p&gt;
+</description>
+    </item>
+    
     <item>
       <title>x86_64 binaries on M1</title>
       <link>https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html</link>
@@ -2389,321 +2522,6 @@ It became a lot more runtime extensive, added a lot of new functionality and gai
 Things became more structured.&lt;/p&gt;
 &lt;p&gt;But the original design and data structures conceived by Kleiman and Joy held up, and can still be found in current Linux, 40 years later.
 We can point to concrete Linux code, which while looking completely different, is structurally mirroring the original design ideas.&lt;/p&gt;
-</description>
-    </item>
-    
-    <item>
-      <title>50 years in filesystems: 1994</title>
-      <link>https://blog.koehntopp.info/2023/05/12/50-years-in-filesystems-1994.html</link>
-      <pubDate>Fri, 12 May 2023 12:13:14 +0000</pubDate>
-      
-      <guid>https://blog.koehntopp.info/2023/05/12/50-years-in-filesystems-1994.html</guid>
-      <description>&lt;p&gt;This is part 3 of a series.
-The first part is &amp;ldquo;&lt;a href=&#34;https://blog.koehntopp.info/2023/05/05/50-years-in-filesystems-1974.html&#34;&gt;1974&lt;/a&gt;
-
-&amp;rdquo;.
-The second part is &amp;ldquo;&lt;a href=&#34;https://blog.koehntopp.info/2023/05/06/50-years-in-filesystems-1984.html&#34;&gt;1984&lt;/a&gt;
-
-&amp;rdquo;.&lt;/p&gt;
-&lt;p&gt;Progress is sometimes hard to see, especially when you have been part of it or otherwise lived through it.
-Often, it is easier to see if you compare modern educational material, and the problems discussed with older material.
-And then look for the research papers and sources that fueled the change.&lt;/p&gt;
-&lt;p&gt;In Linux (and Unix in general), this is easy.&lt;/p&gt;
-&lt;h1 id=&#34;1994--the-sgi-xfs-filesystem&#34;&gt;
-    &lt;a href=&#34;#1994--the-sgi-xfs-filesystem&#34;&gt;
-	1994 — The SGI XFS Filesystem
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;In 1994, the paper &lt;a href=&#34;http://www.scs.stanford.edu/nyu/02fa/sched/xfs.pdf&#34; target=&#34;_blank&#34; rel=&#34;noopener&#34;&gt;Scalability in the XFS File System&lt;/a&gt;
-
- saw publication.
-Computers got faster since 1984, and so did storage.
-Notably, we are now seeing boxes with multiple CPUs, and with storage reaching into the Terabytes.
-The improvements to the 4.3BSD fast filing system (or the modified version in SGI IRIX called EFS) were no longer sufficient.&lt;/p&gt;
-&lt;p&gt;SGIs benchmarks cite machines that had large backplanes with many controllers (one benchmark cites a box with 20 SCSI controllers),
-many disks (three-digit-numbers of hard drives),
-and many CPUs (the benchmarks quote 12 socket machines) with a lot of memory (up to one gigabyte quoted in the benchmarks).&lt;/p&gt;
-&lt;p&gt;Filesystems became larger than FFS could handle,
-files became larger than FFS could handle,
-the number of files per directory led to large lookup times,
-central data structures such as allocation bitmaps did no longer scale,
-and global locks made concurrent access to the file system with many CPUs inefficient.
-SGI set out to design a fundamentally different filesystem.&lt;/p&gt;
-&lt;p&gt;Also, the Unix community as a whole was challenged by Cutler and Custer,
-who showed with NTFS for Windows NT 4.0 what was possible if you redesign from scratch.&lt;/p&gt;
-&lt;h1 id=&#34;requirements&#34;&gt;
-    &lt;a href=&#34;#requirements&#34;&gt;
-	Requirements
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;The XFS filesystem was a firework of new ideas, and a large deviation from traditional Unix filesystem design.
-The list of new things is long:&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Facilitate concurrency with
-&lt;ul&gt;
-&lt;li&gt;allocation zones&lt;/li&gt;
-&lt;li&gt;inode lock splitting&lt;/li&gt;
-&lt;li&gt;facilities for large, parallel I/O requests, DMA and Zero-Copy I/O&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;Scalability of access by building the filesystem around the concepts of
-&lt;ul&gt;
-&lt;li&gt;B+-Trees&lt;/li&gt;
-&lt;li&gt;Extents: pairs of (start, length) descriptors&lt;/li&gt;
-&lt;li&gt;decoupling &amp;ldquo;file write&amp;rdquo; and &amp;ldquo;file layout&amp;rdquo; on disk to allow for contiguous files by using delayed allocation and preallocation.&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;Introduce a write-ahead log to journal metadata changes
-&lt;ul&gt;
-&lt;li&gt;log asynchronously to allow for write coalescence&lt;/li&gt;
-&lt;li&gt;leveraging the log for recovery, so that recovery time is proportional to the amount of data in flight, not the size of the filesystem&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;p&gt;XFS was written with these requirements,
-and primarily in order to provide a filesystem that could leverage all the performance of large SGI boxes for video editing, video serving and scientific computing.&lt;/p&gt;
-&lt;h2 id=&#34;a-logging-filesystem-but-not-a-log-structured-filesystem&#34;&gt;
-    &lt;a href=&#34;#a-logging-filesystem-but-not-a-log-structured-filesystem&#34;&gt;
-	A logging filesystem, but not a log structured filesystem
-    &lt;/a&gt;
-&lt;/h2&gt;
-&lt;p&gt;This is also happening at about the same time as John K. Ousterhout asking
-&amp;ldquo;&lt;a href=&#34;https://web.stanford.edu/~ouster/cgi-bin/papers/osfaster.pdf&#34; target=&#34;_blank&#34; rel=&#34;noopener&#34;&gt;Why Aren’t Operating Systems Getting Faster As Fast as Hardware?&lt;/a&gt;
-
-&amp;rdquo;.
-Ousterhout started to explore the ideas of a log-based filesystem with the experimental Sprite operating system.&lt;/p&gt;
-&lt;p&gt;Log-based filesystems are an extremely radical idea that we need to discuss later, even if they originally predate XFS by a bit.
-But they weren&amp;rsquo;t very usable originally, because they need different hardware which can offer a lot more disk seeks.
-Log structured file system ideas had to become a lot more refined to actually have an impact,
-so we are going to discuss them later in the series.&lt;/p&gt;
-&lt;h2 id=&#34;what-irix-had-before&#34;&gt;
-    &lt;a href=&#34;#what-irix-had-before&#34;&gt;
-	What IRIX had before
-    &lt;/a&gt;
-&lt;/h2&gt;
-&lt;p&gt;IRIX as coming already with EFS, the specially sauced-up version of BSD FFS that used extents.
-It suffered from an 8 GB filesystem size limit, a 2 GB filesize limit, and it could not utilize the full hardware I/O bandwidth,
-which made many customers of these fantastically expensive machines somewhat sad.&lt;/p&gt;
-&lt;p&gt;Demands for video playback and from the database community led to requirements
-that stated the new filesystem needed to support hundreds of TB of disk space,
-hundreds of MB/s of I/O bandwidth and many parallel I/O requests in order to be able to saturate the hardware provided,
-and all this without running out of CPU.&lt;/p&gt;
-&lt;p&gt;The title of the paper is &amp;ldquo;Scalability in the XFS File System&amp;rdquo; and not &amp;ldquo;Implementation of …&amp;rdquo;,
-so it is more a show of the features provided and a superficial discussion of the implementation and the design decisions around it.
-It is not an in-depth discussion of the implementation,
-nor are extensive benchmarks provided.&lt;/p&gt;
-&lt;h1 id=&#34;features&#34;&gt;
-    &lt;a href=&#34;#features&#34;&gt;
-	Features
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;h2 id=&#34;large-filesystems&#34;&gt;
-    &lt;a href=&#34;#large-filesystems&#34;&gt;
-	Large filesystems
-    &lt;/a&gt;
-&lt;/h2&gt;
-&lt;p&gt;XFS supports large filesystems.
-Previous filesystems use 32-bit pointers to blocks.
-At 8 KB block size, with 32-bit block pointers, the limit is 32 TB.&lt;/p&gt;
-&lt;p&gt;Moving to 64-bit block pointers would make many data structures multiple of 8 bytes in size, which seemed like a waste.&lt;/p&gt;
-&lt;p&gt;For concurrency (see below), XFS introduces the concept of &lt;strong&gt;allocation groups&lt;/strong&gt; (AGs), which are always smaller than 4 GB.
-Allocation groups have local instances of the filesystem data structures, for example, inode maps or free block tracking.
-These are independently locked and so allow for concurrent operations in different allocation groups.&lt;/p&gt;
-&lt;p&gt;Allocation groups also help to save on pointer sizes:
-Where possible, AG-relative block numbers are being used, and these always fit into 32-bit pointers.
-In fact, a 4G allocation group can have only 1M blocks or fewer blocks (at 4K minimum blocksize),
-so a single maximum sized extent within a single AG can be packed into 40 bits (5 bytes).&lt;/p&gt;
-&lt;p&gt;The maximum file size and filesystem size is 8 EB (2^63-1).&lt;/p&gt;
-&lt;h2 id=&#34;bandwidth-and-concurrency&#34;&gt;
-    &lt;a href=&#34;#bandwidth-and-concurrency&#34;&gt;
-	Bandwidth and Concurrency
-    &lt;/a&gt;
-&lt;/h2&gt;
-&lt;p&gt;Concurrent operations are a design goal for XFS.
-1994 is the age of 20 MB/s SCSI controllers, but SGI built machines with large chassis that could house many controllers and many drives.
-Benchmarks quote machines with an aggregate bandwidth of 480 MB/s delivering file I/O performance of over 370 MB/s with no tuning, including all overheads.
-This is quite an impressive result for everyday usage in 1994.&lt;/p&gt;
-&lt;p&gt;XFS achieves this using large blocks (4 KB or 8 KB block size), and the concept of extents.&lt;/p&gt;
-&lt;h3 id=&#34;extents-and-b-trees&#34;&gt;
-    &lt;a href=&#34;#extents-and-b-trees&#34;&gt;
-	Extents and B-Trees.
-    &lt;/a&gt;
-&lt;/h3&gt;
-&lt;p&gt;&lt;strong&gt;Extents&lt;/strong&gt; are a core concept in XFS.
-They are tuples, most of the time pairs of &lt;code&gt;(startblock, length)&lt;/code&gt;.
-For mapping file blocks to disk blocks (&amp;ldquo;bmap&amp;rdquo;), they are triples &lt;code&gt;(offset, length, startblock)&lt;/code&gt;.
-Using truncated values, because of the size limits imposed by the maximum AG size,
-they can describe a contiguous sequence of blocks up to 2M blocks in size in 4 bytes,
-which is a lot more efficient than what BSD FFS did before.&lt;/p&gt;
-&lt;p&gt;Extents also allow XFS to do large I/O requests because they describe sections of contiguous blocks,
-making it easy to create read or write requests for several blocks apiece.
-It does I/O by default with 64 KB memory buffers, unless special provisions are being made to make them even larger.&lt;/p&gt;
-&lt;p&gt;The filesystem assumes an underlying disk structure with striping, and provides a number of 2 or 3 outstanding I/O requests to allow for concurrent I/O.
-It checks for backpressure, that is, it checks that the application is actually reading data.
-If it does, it issues additional read requests to keep the number of requests in flight at 3 by default,
-good for 192 KB in flight at once.&lt;/p&gt;
-&lt;p&gt;Groups of Extents can be collected in linear lists, but that will lead to scaling problems.
-So XFS uses &lt;strong&gt;B+-Trees&lt;/strong&gt;, which degrade to linear lists if there is only one single index block.&lt;/p&gt;
-&lt;p&gt;Usually tuples are indexed on their first value, but for some structures such as free lists, multiple indexes are kept:
-It is useful to index free space by &lt;code&gt;startblock&lt;/code&gt; for closeness, but also by &lt;code&gt;length&lt;/code&gt; to fit free spaces in the right size.&lt;/p&gt;
-&lt;h3 id=&#34;breaking-the-single-writer-inode-lock&#34;&gt;
-    &lt;a href=&#34;#breaking-the-single-writer-inode-lock&#34;&gt;
-	Breaking the single-writer inode lock
-    &lt;/a&gt;
-&lt;/h3&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2023/05/overlapping-write.png&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-
-&lt;em&gt;Posix locks the in-memory inode to guarantee &lt;a href=&#34;https://blog.koehntopp.info/2018/11/29/but-is-it-atomic.html&#34;&gt;atomic writes&lt;/a&gt;
-
-.
-This makes sure any two large multiple-block writes always happen one-before-the-other.&lt;/em&gt;&lt;/p&gt;
-&lt;p&gt;XFS also breaks the in-memory inode locks:
-Posix demands that large, overlapping, multiple block writes are totally ordered.
-When they overlap, it must not happen that there is a block soup of alternating blocks from write A and write B.&lt;/p&gt;
-&lt;p&gt;The default implementation in most kernels is simply a file-global lock placed at the in-memory inode, making sure there can be only one writer per inode.
-Implementers of databases hate that because it limits the write concurrency on any single file to One.
-This is, for example, why Oracle recommends that you make tablespaces from multiple files, each no larger than one GB.&lt;/p&gt;
-&lt;p&gt;XFS, in &lt;code&gt;O_DIRECT&lt;/code&gt; mode, removes this lock and allows atomic, concurrent writes, making database people very happy.&lt;/p&gt;
-&lt;h2 id=&#34;dynamic-inodes-and-improved-free-space-tracking&#34;&gt;
-    &lt;a href=&#34;#dynamic-inodes-and-improved-free-space-tracking&#34;&gt;
-	Dynamic Inodes and improved Free Space Tracking
-    &lt;/a&gt;
-&lt;/h2&gt;
-&lt;p&gt;With large filesystems, you can never know:
-The applications may need a large number of inodes for many small files, or a small number of large files.
-Also, what is a good distance between the inode and the data blocks that belong to the file?&lt;/p&gt;
-&lt;p&gt;There is no good answer to the first question, and &amp;ldquo;as close as possible&amp;rdquo; is the answer to the second question.
-So XFS creates Inodes dynamically, as needed, in chunks of 64 inodes.&lt;/p&gt;
-&lt;p&gt;The relatively large inode size of 256 bytes (compared to 128 in BSD FFS and 64 in traditional Unix)
-is being compensated by the fact that XFS creates Inodes only as needed, and places them relatively closely to the file start.
-This frees up a substantial amount of disk space –
-in Unix filesystems with fixed inode counts as much as 3-4% of the disk space can be locked up in pre-allocated inodes.
-And even with cylinder groups, there will be considerable distance between an inode and the first data block.&lt;/p&gt;
-&lt;p&gt;Because inodes can reside anywhere on the disk and not just behind the superblock, they need to be tracked.
-XFS does with one B+-tree per allocation group.
-The tree is indexed by the start block, and records for each inode in the chunk if it is available or in-use.
-The inodes themselves are not kept in the tree, but in the actual chunks which are close to the file data.&lt;/p&gt;
-&lt;p&gt;Similarly, free space is tracked in chunks, and kept in per-AG trees, indexed twice: by start block and by length.&lt;/p&gt;
-&lt;h2 id=&#34;write-ahead-log&#34;&gt;
-    &lt;a href=&#34;#write-ahead-log&#34;&gt;
-	Write-Ahead Log
-    &lt;/a&gt;
-&lt;/h2&gt;
-&lt;p&gt;Recovering a large filesystem after a crash can be slow.
-The recovery time is proportional to the size of the filesystem, and the number of files in it,
-because the system basically has to scan the entire filesystem and rebuild the directory tree in order to ensure things are consistent.
-With XFS, the filesystem also is a lot more fragile, as it provides a variable number of inodes, spread out non-contiguously over the disk.
-Recovering them would be extra expensive.&lt;/p&gt;
-&lt;p&gt;Using write-ahead logging for metadata, this can be avoided most of the time.
-Recovery time is proportional to the size of the log, that is, the amount of data in flight at the time of the crash.&lt;/p&gt;
-&lt;p&gt;The log contains log entries containing a descriptor header and a full image of all changed metadata structures:
-inodes, directory blocks, free extent tree blocks, inode allocation tree blocks, allocation group blocks, and the superblock.
-Because full images are stored in the block, recovery is simple: the recovery process simply copies these new, changes images into the place where they are supposed to be, without needing to understand what kind of structure it changes.&lt;/p&gt;
-&lt;p&gt;The trust of the authors into the log was huge:
-Initially XFS had no &lt;code&gt;fsck&lt;/code&gt; program.
-This turned out to be overly optimistic, and so now &lt;code&gt;xfs_repair&lt;/code&gt; exists.&lt;/p&gt;
-&lt;h3 id=&#34;metadata-update-performance&#34;&gt;
-    &lt;a href=&#34;#metadata-update-performance&#34;&gt;
-	Metadata update performance
-    &lt;/a&gt;
-&lt;/h3&gt;
-&lt;p&gt;XFS is logging metadata updates, which means they need to be written to the filesystem log.
-By default, this log is placed inline, in the filesystem.
-But it is also possible to take it out, and put onto other media, for example, flash storage or battery-backed memory.&lt;/p&gt;
-&lt;p&gt;Writes to the log are asynchronous, if possible, but with partitions serving NFS they cannot be.
-Asynchronous writes allow for write batching, with speeds things up.
-But NFS servers profit a lot from accelerated log storage.&lt;/p&gt;
-&lt;p&gt;Because all metadata updates need to be logged, it can happen that intense metadata operations flood the log.
-A &lt;code&gt;rm -rf /usr/src/linux&lt;/code&gt; for example is not an operation where XFS is particularly fast, because the metadata update stream will eventually overflow the log.
-And because everything else in XFS is parallel by AG, the log is usually the only source of contention.&lt;/p&gt;
-&lt;h2 id=&#34;large-files-and-sparse-files&#34;&gt;
-    &lt;a href=&#34;#large-files-and-sparse-files&#34;&gt;
-	Large files and sparse files
-    &lt;/a&gt;
-&lt;/h2&gt;
-&lt;p&gt;In FFS, files are mapped by the classical dynamic array, with direct blocks and up to three levels of indirect blocks.
-With 64-bit filesize, this becomes unwieldy: there will be more than three levels of indirect blocks required,
-and a substantial number of blocks would be required what essentially becomes a list of incrementing numbers.
-FFS (and EFS) are also forced to layout blocks the moment each block is allocated in the filesystem buffer pool.
-So effectively, no attempt to contiguously layout files on disk is being made.
-Instead, blocks are placed individually.&lt;/p&gt;
-&lt;p&gt;XFS replaces this dynamic array with extents.&lt;/p&gt;
-&lt;p&gt;In file placement maps, these mapping extents are triples &lt;code&gt;(blockoffset, length, disk block)&lt;/code&gt;.
-These extents are stored in the inode itself until this overflows.
-Then XFS starts to root a B+-tree of the mapping extents in the inode, indexed by logical block number for fast seeks.&lt;/p&gt;
-&lt;p&gt;This data structure allows compressing a substantial number of blocks (up to 2M blocks) in a single descriptor,
-assuming contiguous allocation is possible.
-So even large files could be stored in very few extents, in the optimal case one extent per AG.&lt;/p&gt;
-&lt;h3 id=&#34;delayed-allocation-and-preallocation-for-contiguous-layout&#34;&gt;
-    &lt;a href=&#34;#delayed-allocation-and-preallocation-for-contiguous-layout&#34;&gt;
-	Delayed allocation and Preallocation for contiguous layout
-    &lt;/a&gt;
-&lt;/h3&gt;
-&lt;p&gt;XFS also provides a new concept, delayed allocation, in which virtual extents can be allocated in the file system buffer pool.
-These are blocks full of yet unwritten data that have not been layouted, and hence lack a physical position.
-Only on flush these blocks are layouted, contiguously, and then written out linearly in large writes, to speed things up.&lt;/p&gt;
-&lt;p&gt;This is a fundamental change to how the filesystem buffer cache works –
-previously it was possible to use &lt;code&gt;(device, physical block number)&lt;/code&gt; to identify buffer cache blocks and prevent duplicate buffer allocation.
-When porting XFS to Linux, the Linux kernel initially could not accommodate strategies that do not use such identification in the normal buffer cache, so at first XFS required a separate buffer cache.
-This got fixed later, as the porting progressed.&lt;/p&gt;
-&lt;p&gt;To ensure that files can be layouted without fragmentation, in a single extent, XFS aggressively preallocates storage for open files.
-The default amount of disk space preallocated is dependent on the amount of free space in the filesystem, and can be substantial.&lt;/p&gt;
-&lt;p&gt;The internet is littered with questions by XFS users asking where their disk space is, and the answer is always &amp;ldquo;in the open file handles of &lt;code&gt;/var/log&lt;/code&gt;. Also, check the &lt;a href=&#34;https://man7.org/linux/man-pages/man5/xfs.5.html&#34; target=&#34;_blank&#34; rel=&#34;noopener&#34;&gt;manpage&lt;/a&gt;
-
- for &lt;code&gt;allocsize=&lt;/code&gt; and also check &lt;a href=&#34;https://linux-xfs.oss.sgi.narkive.com/jjjfnyI1/faq-xfs-speculative-preallocation&#34; target=&#34;_blank&#34; rel=&#34;noopener&#34;&gt;&lt;code&gt;/proc/sys/fs/xfs/speculative_prealloc_lifetime&lt;/code&gt;&lt;/a&gt;
-
-.&amp;rdquo;&lt;/p&gt;
-&lt;h3 id=&#34;locality&#34;&gt;
-    &lt;a href=&#34;#locality&#34;&gt;
-	Locality
-    &lt;/a&gt;
-&lt;/h3&gt;
-&lt;p&gt;XFS does not use allocation groups for locality much.
-They exist mostly for concurrency.
-Instead, file placement is mostly around directories and existing blocks of the current file.
-The only exception is &amp;ldquo;new directories&amp;rdquo;, which are placed &amp;ldquo;away&amp;rdquo; from their parent directory by putting them into a different AG.&lt;/p&gt;
-&lt;p&gt;In large files, if new extents need to be placed, they go &amp;ldquo;initially near the inode, then near the existing block in the file which is closest to the offset in the file for which we are allocating space&amp;rdquo;, as the paper specifies.
-This places the inode close to the start of the file, and blocks added later to whatever is already present.&lt;/p&gt;
-&lt;h2 id=&#34;large-directories&#34;&gt;
-    &lt;a href=&#34;#large-directories&#34;&gt;
-	Large directories
-    &lt;/a&gt;
-&lt;/h2&gt;
-&lt;p&gt;In the traditional Unix filesystem and in BSD FFS, directory name lookups are linear operations.
-Large directories slow this down a lot, for any kind of pathname to inode translation.&lt;/p&gt;
-&lt;p&gt;XFS chose the ubiquitous B+-Tree as a structure for directories, too, but with a quirk:
-Since the keys are supposed to be filenames, a variable length structure, they would be completely different from all the other tree implementations in the filesystem.
-The XFS authors did not like this idea, so they are hashing the filename into a fixed 4-byte name hash, and then store one or more directory entries as &lt;code&gt;(name, inode)&lt;/code&gt; pairs in the value.&lt;/p&gt;
-&lt;p&gt;There was some tradeoff discussion involved in this, but the authors found that short keys allow storing many entries per block,
-leading to wide trees, and thus faster lookups.
-They boast &amp;ldquo;We can have directories with millions of entries&amp;rdquo;, something that was previously unthinkable in Unix filesystems.&lt;/p&gt;
-&lt;h1 id=&#34;a-lot-of-code&#34;&gt;
-    &lt;a href=&#34;#a-lot-of-code&#34;&gt;
-	A lot of code
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2023/05/xfs-scaling.png&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-
-&lt;em&gt;XFS Benchmarks in 1994 show nice and welcome linear scaling behavior that utilizes the hardware offered well.
-It handles well on large boxes with (for 1994) high core-counts.&lt;/em&gt;&lt;/p&gt;
-&lt;p&gt;XFS is a large filesystem.
-Linux ext2 is only 5000 lines of kernel code (and about 10x this in user-land).
-XFS is 50.000 lines of kernel code, and that is without the IRIX volume manager XLV (in Linux, the XFS port uses LVM2 instead).&lt;/p&gt;
-&lt;p&gt;XFS was released under the GNU GPL in May 1999, and was ported into the Linux kernel starting in 2001.
-As of 2014, it was supported in most Linux distributions and RHEL used it as the default filesystem.
-And even in 2024 it is still holding up reasonably well, on HDD and on flash.&lt;/p&gt;
-&lt;p&gt;It still is the filesystem with the best scaling behavior, the best concurrency behavior, and the most consistent commit times,
-which makes it the preferred filesystem for any kind of database usage.
-This is due to the elimination of several global locks that impair concurrent usage and performance in large filesystems,
-and due to the consistent use of B+-Tree structures with &lt;code&gt;O(log(n))&lt;/code&gt; scaling behavior where before algorithms with worse scaling behavior have been used.
-The use of extents also allows dynamically growing I/O sizes, benefiting throughput,
-and together with the novel idea of delayed allocation encourage contiguous file placement.&lt;/p&gt;
 </description>
     </item>
     
diff --git a/tags/linux.html b/tags/linux.html
index 5d4e8b526d..ac0906370c 100644
--- a/tags/linux.html
+++ b/tags/linux.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/linux/feed.xml b/tags/linux/feed.xml
index ef2c253a47..bed20bcb5a 100644
--- a/tags/linux/feed.xml
+++ b/tags/linux/feed.xml
@@ -6,7 +6,140 @@
     <description>Recent content in linux on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/linux/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/linux/feed.xml" rel="self" type="application/rss+xml" />
+    <item>
+      <title>Deploying websites - an escalation</title>
+      <link>https://blog.koehntopp.info/2024/01/09/deploying-websites.html</link>
+      <pubDate>Tue, 09 Jan 2024 05:06:07 +0000</pubDate>
+      
+      <guid>https://blog.koehntopp.info/2024/01/09/deploying-websites.html</guid>
+      <description>&lt;p&gt;We are still playing minecraft.
+This time it is a highly modded Fabric server, which requires more memory than the old box had.
+The new box has 12 cores, 128 GB of memory, and two nice SSD.
+It is pretty nifty.&lt;/p&gt;
+&lt;h1 id=&#34;a-simple-problem-easily-solved-by-ansible&#34;&gt;
+    &lt;a href=&#34;#a-simple-problem-easily-solved-by-ansible&#34;&gt;
+	A simple problem, easily solved by Ansible.
+    &lt;/a&gt;
+&lt;/h1&gt;
+&lt;p&gt;The machine also needs some kind of webserver to run websites.
+An easy problem to solve, naturally.&lt;/p&gt;
+&lt;p&gt;A bit of Ansible, deploy a few config files into the system and be done with it.&lt;/p&gt;
+&lt;p&gt;Only, these are different types of websites, and over time additional sites are being added.
+When a new website is being added, we need to collect all website names&lt;br&gt;
+and generate an
+&lt;a href=&#34;https://httpd.apache.org/docs/2.4/mod/mod_md.html#mdomain&#34; target=&#34;_blank&#34; rel=&#34;noopener&#34;&gt;&lt;code&gt;MDomain&lt;/code&gt;&lt;/a&gt;
+
+
+statement in the config for Apache&amp;rsquo;s
+&lt;a href=&#34;https://httpd.apache.org/docs/2.4/mod/mod_md.html&#34; target=&#34;_blank&#34; rel=&#34;noopener&#34;&gt;&lt;code&gt;mod_md&lt;/code&gt;&lt;/a&gt;
+
+.
+This module will then automatically the necessary certificates for the webserver&amp;rsquo;s TLS.&lt;/p&gt;
+&lt;p&gt;Collecting all domain names from the configuration files can be done that in Ansible, but it kind of hurts.
+Ansible works best when you run it to deploy a few templated config files, and then have services doing the actual work.&lt;/p&gt;
+&lt;p&gt;It is also more complicated than this, because we have different types of websites.
+Initially we had only&lt;/p&gt;
+&lt;ul&gt;
+&lt;li&gt;&lt;code&gt;static sites&lt;/code&gt; (&lt;code&gt;https://example.com&lt;/code&gt;)&lt;/li&gt;
+&lt;li&gt;We also needed &lt;code&gt;redirect_sites&lt;/code&gt; (&lt;code&gt;https://www.example.com&lt;/code&gt; -&amp;gt; &lt;code&gt;https://example.com&lt;/code&gt;)&lt;/li&gt;
+&lt;li&gt;We also needed reverse proxies for applications (&lt;code&gt;https://grafana.example.com&lt;/code&gt; -&amp;gt; &lt;code&gt;https://localhost:3000&lt;/code&gt;)&lt;/li&gt;
+&lt;li&gt;Then we also needed the &lt;code&gt;wsgi_site&lt;/code&gt; deployed.&lt;/li&gt;
+&lt;/ul&gt;
+&lt;p&gt;But a &lt;code&gt;wsgi_site&lt;/code&gt; needs to be redeployed when the code has changed on GitHub.
+Also, initial deployment of a &lt;code&gt;wsgi_site&lt;/code&gt; needs to create a user,
+and initial checkout of the code into the users home,
+and installation of the requirements.&lt;/p&gt;
+&lt;p&gt;After a code update, the server needs to be restarted.&lt;/p&gt;
+&lt;h1 id=&#34;this-actually-needs-a-shell-script&#34;&gt;
+    &lt;a href=&#34;#this-actually-needs-a-shell-script&#34;&gt;
+	This actually needs a shell script
+    &lt;/a&gt;
+&lt;/h1&gt;
+&lt;p&gt;Okay, let&amp;rsquo;s not do this in Ansible.
+Let&amp;rsquo;s write a simple and easy shell script for this.&lt;/p&gt;
+&lt;p&gt;That kind of worked, initially, but quickly fell apart when the number of variants grew,
+error checking became complicated.&lt;/p&gt;
+&lt;p&gt;Ultimately, it broke when we needed to collect and store per-site config parameters as a JSON, and act on it.
+The moment you write shell functions with parameters, traps and other bells and whistles,
+it is time to cut your losses and start over differently.
+In this case, in Python.&lt;/p&gt;
+&lt;h1 id=&#34;enter-deploy-a-python-cli-application&#34;&gt;
+    &lt;a href=&#34;#enter-deploy-a-python-cli-application&#34;&gt;
+	Enter &lt;code&gt;deploy&lt;/code&gt;, a Python CLI application
+    &lt;/a&gt;
+&lt;/h1&gt;
+&lt;p&gt;In the current intermediate stage, this is a Python script of 32 KB and around 1000 lines.&lt;/p&gt;
+&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;o&#34;&gt;[&lt;/span&gt;root@bigbox ~&lt;span class=&#34;o&#34;&gt;]&lt;/span&gt;&lt;span class=&#34;c1&#34;&gt;# wc -l Source/deploy/deploy &lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;m&#34;&gt;951&lt;/span&gt; Source/deploy/deploy
+&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;and&lt;/p&gt;
+&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;o&#34;&gt;[&lt;/span&gt;root@bigbox ~&lt;span class=&#34;o&#34;&gt;]&lt;/span&gt;&lt;span class=&#34;c1&#34;&gt;#  ls -l Source/deploy/deploy&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;-rwxr-xr-x. &lt;span class=&#34;m&#34;&gt;1&lt;/span&gt; root root &lt;span class=&#34;m&#34;&gt;31428&lt;/span&gt; Jan  &lt;span class=&#34;m&#34;&gt;8&lt;/span&gt; 18:42 Source/deploy/deploy
+&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;It understands the five types of server outlined above, and can handle a number of different operations for them.&lt;/p&gt;
+&lt;ul&gt;
+&lt;li&gt;&lt;code&gt;create&lt;/code&gt; makes a new server-config.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;delete&lt;/code&gt; throws it away.&lt;/li&gt;
+&lt;/ul&gt;
+&lt;p&gt;We store them in a central directory, &lt;code&gt;/etc/projects&lt;/code&gt;, as JSON files.
+For each site type, we accept a number of parameters:&lt;/p&gt;
+&lt;ul&gt;
+&lt;li&gt;&lt;code&gt;--type&lt;/code&gt;, the five types above.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--username&lt;/code&gt;, a Unix User we create for the site.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--github&lt;/code&gt; The source code repository URL.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--hostname&lt;/code&gt; If necessary, this is inferred from the username and the default domain.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--projectdir&lt;/code&gt; Only necessary for anomalously structured Python code.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--to_host&lt;/code&gt; Only for redirects.&lt;/li&gt;
+&lt;li&gt;&lt;code&gt;--port&lt;/code&gt; Only for proxies.&lt;/li&gt;
+&lt;/ul&gt;
+&lt;p&gt;We now can do&lt;/p&gt;
+&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# deploy show projects&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;...
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- grafana
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;...
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# deploy show grafana&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;*** PROJECT /etc/projects/grafana
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- github    : None
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- hostname  : grafana.example.com
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- port      : &lt;span class=&#34;m&#34;&gt;3000&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- project   : grafana
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- &lt;span class=&#34;nb&#34;&gt;type&lt;/span&gt;      : proxy
+&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;The &lt;code&gt;deploy create --type proxy --hostname grafana.example.com --port 3000&lt;/code&gt; has created an apache configuration,
+built the TLS configuration and restarted the &lt;code&gt;httpd.service&lt;/code&gt; to update things.&lt;/p&gt;
+&lt;p&gt;We can also do more complicated things:&lt;/p&gt;
+&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# deploy create --type wsgi_site --user learn --github ... learn&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;... creates /etc/project/learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# deploy show learn&lt;/span&gt;
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;*** PROJECT /etc/projects/learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- github    : git@github.com:.../learn.git
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- home      : /home/learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- hostname  : learn.example.com
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- project   : learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- projectdir: learn
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- pubkey    : ssh-rsa AAAAB3...cfudtTQ&lt;span class=&#34;o&#34;&gt;==&lt;/span&gt; root@bigbox
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- &lt;span class=&#34;nb&#34;&gt;type&lt;/span&gt;      : wsgi_site
+&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;- username  : learn
+&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;This will create a Linux user, set up a checkout of the GitHub, install requirements, set up a WSGI Apache configuration,
+configure TLS, and restart the server as needed.&lt;/p&gt;
+&lt;p&gt;We can now &lt;code&gt;deploy update learn&lt;/code&gt; or &lt;code&gt;deploy restart learn&lt;/code&gt; to check out a new version and restart the server,
+and we can also &lt;code&gt;deploy logs learn&lt;/code&gt; to tail the server logs for this site.&lt;/p&gt;
+&lt;h1 id=&#34;it-is-still-ugly&#34;&gt;
+    &lt;a href=&#34;#it-is-still-ugly&#34;&gt;
+	It is still ugly
+    &lt;/a&gt;
+&lt;/h1&gt;
+&lt;p&gt;Because this started out as a shell script, it still is ugly.
+There are multiple levels of giant case-branches in this.
+To become a proper solution, it needs a cleaner structure, in a more object-oriented fashion.&lt;/p&gt;
+&lt;p&gt;But already it works better than the shell script it initially was,
+has better error handling and can handle borderline cases more safely.&lt;/p&gt;
+&lt;p&gt;&lt;a href=&#34;https://github.com/isotopp/deploy&#34; target=&#34;_blank&#34; rel=&#34;noopener&#34;&gt;Github&lt;/a&gt;
+
+.&lt;/p&gt;
+</description>
+    </item>
+    
     <item>
       <title>Restic</title>
       <link>https://blog.koehntopp.info/2023/12/30/restic.html</link>
@@ -3732,696 +3865,6 @@ Die Kiste hat also nicht mehr allzu viel Reserven, ist aber auch noch nicht übe
 &lt;/ul&gt;
 &lt;/li&gt;
 &lt;/ul&gt;
-</description>
-    </item>
-    
-    <item>
-      <title>Neu auf einem fremden System</title>
-      <link>https://blog.koehntopp.info/2000/04/14/neu-auf-einem-fremden-system.html</link>
-      <pubDate>Fri, 14 Apr 2000 09:00:00 +0000</pubDate>
-      
-      <guid>https://blog.koehntopp.info/2000/04/14/neu-auf-einem-fremden-system.html</guid>
-      <description>&lt;p&gt;Dies ist eine aktualisierte Version der Schulung „Unix Systemsicherheit“, die ich vor einiger Zeit schon einmal gehalten habe.
-Der Schwerpunkt dieser Schulung hat sich etwas zu den Grundlagen hin verschoben:
-Es geht diesmal weniger um Unix Systemsicherheit als um die typische Situation der Consultants und Bereitschaften:&lt;/p&gt;
-&lt;p&gt;Man kommt an eine neue Maschine und muss sich erst einmal zurechtfinden.&lt;/p&gt;
-&lt;h1 id=&#34;neu-auf-einem-fremden-system&#34;&gt;
-    &lt;a href=&#34;#neu-auf-einem-fremden-system&#34;&gt;
-	Neu auf einem fremden System
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2000/04/neu-system-001.jpg&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/p&gt;
-&lt;p&gt;Orientierung:&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Typ und Ausstattung der Maschine
-&lt;ul&gt;
-&lt;li&gt;Prozessor, Festplatten, andere Hardware&lt;/li&gt;
-&lt;li&gt;Speichersituation, historische und aktuelle Lastdaten&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;Netzwerk und Netzwerkumfeld der Maschine&lt;/li&gt;
-&lt;li&gt;IP-Adressen, Routing
-&lt;ul&gt;
-&lt;li&gt;Welche Name-Services in welcher Reihenfolge, welche Server werden verwendet?&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;Was läuft, was soll laufen?
-&lt;ul&gt;
-&lt;li&gt;Was ist installiert?&lt;/li&gt;
-&lt;li&gt;tatsächlich laufende Subsysteme vs. konfigurierte Subsysteme&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;p&gt;Wir sind neu auf einem fremden System und loggen uns zum ersten Mal ein.
-Wie können wir uns zurechtfinden? Was wollen wir überhaupt wissen?&lt;/p&gt;
-&lt;p&gt;Die Maschine selbst ist nach Hardware, Speicher, Platten und Netzwerk zu beurteilen.
-Die Netzwerkumgebung der Maschine ist einzuschätzen.
-Die auf der Maschine installierten Systemdienste sind einzuschätzen und zu beurteilen.
-Es muss ein Soll/Ist-Abgleich stattfinden.&lt;/p&gt;
-&lt;p&gt;Ausgehend von diesen Daten kann die Arbeit auf der Maschine beginnen:&lt;/p&gt;
-&lt;p&gt;Die Maschine kann für ihre Aufgabe angepasst werden (Hardware- oder Softwareinstallation durch Consulting), bzw. die Fehlersuche kann beginnen (Alarmruf für die Bereitschaft).&lt;/p&gt;
-&lt;h1 id=&#34;typ-und-ausstattung-der-maschine&#34;&gt;
-    &lt;a href=&#34;#typ-und-ausstattung-der-maschine&#34;&gt;
-	Typ und Ausstattung der Maschine
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2000/04/neu-system-002.jpg&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Was für Hardware ist das hier?&lt;/li&gt;
-&lt;li&gt;Was ist in der Maschine eingebaut?&lt;/li&gt;
-&lt;li&gt;Wie lange ist die Hardware schon &amp;ldquo;up&amp;rdquo;?&lt;/li&gt;
-&lt;/ul&gt;
-&lt;p&gt;Erster Handgriff: &lt;code&gt;uname -a&lt;/code&gt;.
-Weitere Aktionen systemspezfisch.&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Linux: &lt;code&gt;lscpu&lt;/code&gt;, &lt;code&gt;free&lt;/code&gt;, &lt;code&gt;df -Th&lt;/code&gt;, &lt;code&gt;lspci&lt;/code&gt;, &lt;code&gt;lsusb&lt;/code&gt;&lt;/li&gt;
-&lt;li&gt;Solaris: &lt;code&gt;prtconf -v&lt;/code&gt;, &lt;code&gt;psrinfo -v&lt;/code&gt;, &lt;code&gt;/usr/platform/$(uname -m)/sbin/prtdiag&lt;/code&gt;&lt;/li&gt;
-&lt;li&gt;Uptime und Load: &lt;code&gt;w&lt;/code&gt;, &lt;code&gt;uptime -w&lt;/code&gt;&lt;/li&gt;
-&lt;/ul&gt;
-&lt;p&gt;Für uns meist: Sparc/Solaris oder Intel/Linux.
-Bei einigen Kunden auch PPC/AIX oder Intel/SCO.
-Äußerst wenige Kunden mit HP oder Digital Hardware.&lt;/p&gt;
-&lt;p&gt;Peilung des Maschinentyps (mit &lt;code&gt;uname -a&lt;/code&gt;) und der eingebauten Hardware.
-In Solaris mit den drei Kommandos &lt;code&gt;prtconf&lt;/code&gt;, &lt;code&gt;psrinfo&lt;/code&gt; und &lt;code&gt;prtdiag&lt;/code&gt;.
-In Linux mit &lt;code&gt;lscpu&lt;/code&gt;, &lt;code&gt;lspci&lt;/code&gt; oder indem man manuell durch &lt;code&gt;/proc&lt;/code&gt; turnt.&lt;/p&gt;
-&lt;p&gt;Peilung der Systemauslastung und der anwesenden Benutzer:
-Neben &lt;code&gt;w&lt;/code&gt; und &lt;code&gt;uptime&lt;/code&gt; einmal die Prozeßliste ansehen (&lt;code&gt;ps -ef&lt;/code&gt;, &lt;code&gt;ps axuwww&lt;/code&gt;) und die Systemlast checken (&lt;code&gt;iostat&lt;/code&gt;, &lt;code&gt;vmstat&lt;/code&gt;).&lt;/p&gt;
-&lt;h1 id=&#34;speicher-und-last&#34;&gt;
-    &lt;a href=&#34;#speicher-und-last&#34;&gt;
-	Speicher und Last
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2000/04/neu-system-003.jpg&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/p&gt;
-&lt;p&gt;Virtueller Speicher und seine Auslastung:&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Linux: &lt;code&gt;free&lt;/code&gt;.&lt;/li&gt;
-&lt;li&gt;Solaris: &lt;code&gt;swap -l&lt;/code&gt;, &lt;code&gt;swap -s&lt;/code&gt;.&lt;/li&gt;
-&lt;li&gt;Wenn Accounting &amp;ldquo;up&amp;rdquo; ist (Solaris): &lt;code&gt;sar&lt;/code&gt;, &lt;code&gt;sar -r&lt;/code&gt; (freeswap), &lt;code&gt;sar -w&lt;/code&gt; (paging).&lt;/li&gt;
-&lt;li&gt;In Linux (Suse 6.4): &lt;code&gt;sa&lt;/code&gt; aus dem Paket &lt;code&gt;ap1/acct.rpm&lt;/code&gt;.&lt;/li&gt;
-&lt;/ul&gt;
-&lt;p&gt;Der weitaus größte Teil aller Lastprobleme sind Speicherprobleme (zuwenig RAM, zu kleiner Swap).
-Zweithäufigstes Problem ist fehlende I/O-Kapazität.
-Fehlende CPU-Kapazität ist fast niemals das Problem.&lt;/p&gt;
-&lt;p&gt;Erst messen, dann nachdenken, dann handeln (OODA loop &amp;ndash; Observe, Orient, Decide, Act).
-Optimierungen ohne genaue Messungen und Kenntnis des tatsächlichen Problems sind Verschwendung der durch den Kunden bezahlten Arbeitszeit.
-Punktmessungen können hilfreich sein, aber ein Wochenlastprofil ist sehr viel wertvoller (hier &lt;code&gt;sar&lt;/code&gt;-Beispiele von &lt;code&gt;boss&lt;/code&gt; und &lt;code&gt;prime&lt;/code&gt; bringen).&lt;/p&gt;
-&lt;h1 id=&#34;platten&#34;&gt;
-    &lt;a href=&#34;#platten&#34;&gt;
-	Platten
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2000/04/neu-system-004.jpg&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Logical Volume Management?&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Welches System?&lt;/li&gt;
-&lt;li&gt;Welche Zuordnung?&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Quota?&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;/etc/vfstab&lt;/code&gt;, &lt;code&gt;/etc/fstab&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Solaris (SDS):&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Gerätenamen&lt;/li&gt;
-&lt;li&gt;metastat&lt;/li&gt;
-&lt;li&gt;format&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Linux:&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Gerätenamen&lt;/li&gt;
-&lt;li&gt;fdisk&lt;/li&gt;
-&lt;li&gt;&lt;code&gt;raidtool.rpm&lt;/code&gt; als Nachfolger von &lt;code&gt;md-tools&lt;/code&gt;&lt;/li&gt;
-&lt;li&gt;&lt;code&gt;/etc/raidtab&lt;/code&gt;, &lt;code&gt;raid.conf&lt;/code&gt;&lt;/li&gt;
-&lt;li&gt;&lt;code&gt;df&lt;/code&gt;, &lt;code&gt;du&lt;/code&gt;, &lt;code&gt;mount&lt;/code&gt;&lt;/li&gt;
-&lt;li&gt;Quota-Tools&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;p&gt;Vergleiche die sichtbaren Partitionen mit der durch das Hardware-Inventory angezeigten vorhandenen Hardware.&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Sind alle Platten partitioniert und eingebunden?&lt;/li&gt;
-&lt;li&gt;Ist die gezeigte Aufteilung sinnvoll gewählt für die Aufgabe der Maschine?&lt;/li&gt;
-&lt;/ul&gt;
-&lt;p&gt;Prüfe auch:&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Verteilung der Partitionen nach Auslastung auf Spindeln&lt;/li&gt;
-&lt;li&gt;Verteilung der Partitionen über Platten und Controller nach Ausfallgesichtspunkten?&lt;/li&gt;
-&lt;/ul&gt;
-&lt;p&gt;Welche RAID-Level für welche Aufgabe&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Wir verwenden fast überall RAID 0+1 (Solaris SDS).&lt;/li&gt;
-&lt;li&gt;Linux-RAID (a la Suse) derzeit nur eingeschränkt nützlich.
-&lt;ul&gt;
-&lt;li&gt;Lange Startzeit.&lt;/li&gt;
-&lt;li&gt;Rootplatte, Swap-Partition.&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;p&gt;Prüfe auch:&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Platzproblem oder Quota-Problem?&lt;/li&gt;
-&lt;/ul&gt;
-&lt;h1 id=&#34;netzwerk-und-netzwerknachbarschaft&#34;&gt;
-    &lt;a href=&#34;#netzwerk-und-netzwerknachbarschaft&#34;&gt;
-	Netzwerk und Netzwerknachbarschaft
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2000/04/neu-system-005.jpg&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Übersicht über Interfaces und Routen&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;code&gt;-n&lt;/code&gt; Option verwenden&lt;/li&gt;
-&lt;li&gt;Woher kommen die Routen?&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Weitere Analysetools:&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;ping&lt;/li&gt;
-&lt;li&gt;tcpdump&lt;/li&gt;
-&lt;li&gt;snoop&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Netzwerkinterfaces: &lt;code&gt;ifconfig -a&lt;/code&gt;, &lt;code&gt;netstat -i&lt;/code&gt;, &lt;code&gt;netstat -s&lt;/code&gt;, &lt;code&gt;netstat -m&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Routen: &lt;code&gt;netstat -rn&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Schicht 2-3 Bindungen: &lt;code&gt;arp -a&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;p&gt;Welche Interfaces und welche Routen werden tatsächlich wie oft verwendet?
-Woher kommen die Routen?&lt;/p&gt;
-&lt;p&gt;Viele Kunden haben ein kaputtes Netzwerkonzept (d.h. keines) und setzen Routen eventuell manuell. Probleme sind vorprogrammiert.&lt;/p&gt;
-&lt;p&gt;Andere Kunden haben nur Default-Routen und bekommen differenzierte Routen nur über ICMP Redirect. Ebenfalls problematisch (Effizenz, Security).&lt;/p&gt;
-&lt;h1 id=&#34;name-resolution&#34;&gt;
-    &lt;a href=&#34;#name-resolution&#34;&gt;
-	Name Resolution
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2000/04/neu-system-006.jpg&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Welche Namensdienste werden verwendet?&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Welche Server werden verwendet?&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Wie ist das Verhalten im Fehlerfall?&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Ausfall&lt;/li&gt;
-&lt;li&gt;Angriff&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;/etc/nsswitch.conf&lt;/code&gt;&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Files, DNS/Bind, NIS/NIS+, LDAP, Exoten&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Falls DNS: &lt;code&gt;/etc/resolv.conf&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Falls NIS: &lt;code&gt;ypwhich&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;p&gt;Woher kommen die Namen, welcher Dienst wird verwendet?&lt;/p&gt;
-&lt;p&gt;Oft lokale Hostdateien -&amp;gt; Probleme! Im besten Fall DNS. Dann dort die Zone ansehen und Netzstruktur und Zonengröße abschätzen.&lt;/p&gt;
-&lt;p&gt;Welche Abhängigkeiten existieren zwischen den Servern?&lt;/p&gt;
-&lt;p&gt;Ausfall- und Bootszenarien: Was ist, wenn der DNS-, der Time- oder der NIS-Server nicht da sind? Gibt es NFS-Platten, auf die die lokale Maschine angewiesen ist?&lt;/p&gt;
-&lt;p&gt;Security: Wer macht was in wessen Auftrag? Wer kontrolliert? Wird die Konfiguration manuell gepflegt oder existieren Frontends? Welche Dokumentationsprozeduren existieren?&lt;/p&gt;
-&lt;h1 id=&#34;netzwerkdienste&#34;&gt;
-    &lt;a href=&#34;#netzwerkdienste&#34;&gt;
-	Netzwerkdienste
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2000/04/neu-system-007.jpg&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Welche Netzwerkdienste werden erbracht?&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Prüfe neben &lt;code&gt;inetd&lt;/code&gt; auch persistenten Server.&lt;/li&gt;
-&lt;li&gt;Prüfe auf Vorhandensein von Sicherheitsmechanismen&lt;/li&gt;
-&lt;li&gt;Prüfe Verhalten im Falle von Ausfällen, etwa Firewall-Versagen&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Wie begründen sich diese Dienste?&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Welche Sicherheit bieten diese Dienste?&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;/etc/inetd.conf&lt;/code&gt;, &lt;code&gt;/etc/hosts.allow&lt;/code&gt;, &lt;code&gt;/etc/hosts.deny&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Sonderfälle für das jeweilige System&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Todesfallen bei AIX: Import/Exporttools für &lt;code&gt;inetd.conf&lt;/code&gt;&lt;/li&gt;
-&lt;li&gt;Todesfallen bei HP/UX: &lt;code&gt;/etc/inetd.sec&lt;/code&gt;&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;rpcinfo -p&lt;/code&gt;, &lt;code&gt;showmount -e&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;nmap&lt;/code&gt;!&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;p&gt;Vergleiche &lt;code&gt;inetd.conf&lt;/code&gt; und Startscripte mit &lt;code&gt;netstat -an&lt;/code&gt;.&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Consulting: Viele verstorbene Pflegefälle wegen manuell gestarteter Dienste, die in keiner Konfigurationsdatei auftauchen.&lt;/li&gt;
-&lt;li&gt;Bereitschaft: Umgekehrtes Szenario. Alarm wurde wegen verschwundenem Server ausgelöst.&lt;/li&gt;
-&lt;/ul&gt;
-&lt;p&gt;Sicherheitsanalyse wieder:&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Wieder technische und organisatorische Prozesse synchronisieren und abgleichen:
-&lt;ul&gt;
-&lt;li&gt;Was tun die Maschinen?&lt;/li&gt;
-&lt;li&gt;Wer entscheidet das? Wie begründen sich die Dienste?&lt;/li&gt;
-&lt;li&gt;Wer dokumentiert und prüft das?&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;p&gt;Vergleiche Prozeduren bei uns im Haus:&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;ISP-Betrieb plant und deployed.&lt;/li&gt;
-&lt;li&gt;Operating betreibt nach Doku vom ISP-Betrieb, Operating überwacht und alarmiert die Bereitschaft. Auch diese operiert mit dieser Doku.&lt;/li&gt;
-&lt;li&gt;Konfigurationsgenerierung meist automatisch durch die Backends der KundenDB -&amp;gt; automatische Dokumentation und Abrechnung.&lt;/li&gt;
-&lt;/ul&gt;
-&lt;h1 id=&#34;welche-verzeichnisse-werden-exportiert&#34;&gt;
-    &lt;a href=&#34;#welche-verzeichnisse-werden-exportiert&#34;&gt;
-	Welche Verzeichnisse werden exportiert?
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2000/04/neu-system-008.jpg&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Häufige Panne:
-&lt;ul&gt;
-&lt;li&gt;Verzeichnisse werden ungewollt exportiert&lt;/li&gt;
-&lt;li&gt;Rechner importiert Verzeichnisse und hängt wegen Abhängigkeit vom Server&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;Automounter?
-&lt;ul&gt;
-&lt;li&gt;Mit NIS/NIS+?&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;Samba?
-&lt;ul&gt;
-&lt;li&gt;Klartextpaßworte?&lt;/li&gt;
-&lt;li&gt;Public Shares?&lt;/li&gt;
-&lt;li&gt;Logfiles?&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;div class=&#34;highlight&#34;&gt;&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-console&#34; data-lang=&#34;console&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;gp&#34;&gt;$&lt;/span&gt; showmount -e
-&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;gp&#34;&gt;$&lt;/span&gt; kshowmount -e
-&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;gp&#34;&gt;$&lt;/span&gt; share
-&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;gp&#34;&gt;$&lt;/span&gt; vi /etc/exports&lt;span class=&#34;p&#34;&gt;;&lt;/span&gt; vi  /etc/dfs/dfstab
-&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;gp&#34;&gt;$&lt;/span&gt; vi /etc/auto.master&lt;span class=&#34;p&#34;&gt;;&lt;/span&gt; vi /etc/auto.homel vi /etc/auto.misc
-&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;gp&#34;&gt;$&lt;/span&gt; vi smb.conf&lt;span class=&#34;p&#34;&gt;;&lt;/span&gt; smbclient
-&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;Einschlägige Beispielserver draußen zeigen.&lt;/p&gt;
-&lt;p&gt;Wir wollen nicht so enden wie die! Mehrfach gestaffelte Sicherheit durch&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;automatisch generierte Konfigurationen mit Sicherheitssperren&lt;/li&gt;
-&lt;li&gt;Dienstsperrungen für Außen durch &lt;code&gt;tcpwrapper&lt;/code&gt;&lt;/li&gt;
-&lt;li&gt;Portsperrung und Alamierung über die Firewall und das Operating&lt;/li&gt;
-&lt;li&gt;Logauswertung (Usagelog, Wrapper-Protokoll, Firewall-Protokoll) durch
-&lt;ul&gt;
-&lt;li&gt;Abrechnung (KundenDB), Alarm bei Diensten mit fehlendem technischem Objekt in der KundenDB&lt;/li&gt;
-&lt;li&gt;Operating (Wrapper, Firewall), Alarm bei Attack Patterns&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;p&gt;Einschlägige Selbstmordkonfigurationen zeigen.&lt;/p&gt;
-&lt;h1 id=&#34;was-ist-installiert&#34;&gt;
-    &lt;a href=&#34;#was-ist-installiert&#34;&gt;
-	Was ist installiert?
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2000/04/neu-system-009.jpg&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Welche Pakete und Programme sind installiert?&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;In welcher Version?&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Installation validieren?&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;&amp;ldquo;set permissions&amp;rdquo; und &amp;ldquo;check optionen&amp;rdquo;&lt;/li&gt;
-&lt;li&gt;tripwire?&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Solaris: &lt;code&gt;pkginfo&lt;/code&gt;, &lt;code&gt;/var/sadm/install/contents&lt;/code&gt; (Reihenfolge!)&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Linux: &lt;code&gt;rpm -qa&lt;/code&gt;, &lt;code&gt;rpm -qi &amp;lt;paket&amp;gt;&lt;/code&gt;, &lt;code&gt;rpm -ql &amp;lt;paket&amp;gt;&lt;/code&gt;, &lt;code&gt;rpm -qlc &amp;lt;paket&amp;gt;&lt;/code&gt;, &lt;code&gt;rpm -qld &amp;lt;paket&amp;gt;&lt;/code&gt;, &lt;code&gt;rpm -qf &amp;lt;datei&amp;gt;&lt;/code&gt;, &lt;code&gt;rpm -qp &amp;lt;datei.rpm&amp;gt;&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Solaris Paketarchiv („NetUSE Distribution“) zeigen&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Consulting-CDROM, wird auch an Kunden verkauft&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Keine Installation ohne Paket&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Verweis auf Paketschulung&lt;/li&gt;
-&lt;li&gt;Kein Paket -&amp;gt; automatische Konfigurationsgenerierung aus Installserver oder KundenDB macht die Verzeichnisse möglicherweise platt.&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Kommandoäquivalenzen Linux/Solaris&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Verweis auf Rootkits&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Rootkits ersetzen wichtige Systemprogramme,&lt;/li&gt;
-&lt;li&gt;in Folge belügt die Maschine den Operator&lt;/li&gt;
-&lt;li&gt;tripwire-Check nach sauberem Reboot zeigen&lt;/li&gt;
-&lt;li&gt;lrk3 demonstrieren (ohne sauberen Reboot bekommt man keine verlässlichen Informationen mehr und kompromittiert sein Netz nur noch weiter)&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;h1 id=&#34;was-soll-laufen&#34;&gt;
-    &lt;a href=&#34;#was-soll-laufen&#34;&gt;
-	Was soll laufen?
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2000/04/neu-system-010.jpg&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Welche Dienste sollen von der Maschine erbracht werden?&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Konfiguration beim Systemstart für persistente Server&lt;/li&gt;
-&lt;li&gt;Konfiguration von transienten Servern&lt;/li&gt;
-&lt;li&gt;Konfiguration von zeitgesteuerten Services
-&lt;ul&gt;
-&lt;li&gt;Suche nach Zeitbomben?&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;Wenn es hängt?&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Start/Stopscripte&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Linux: &lt;code&gt;/sbin/init.d/...&lt;/code&gt;&lt;/li&gt;
-&lt;li&gt;Solaris: &lt;code&gt;/etc/init.d/...&lt;/code&gt;&lt;/li&gt;
-&lt;li&gt;Crondateien: &lt;code&gt;/var/spool/cron/crontabs&lt;/code&gt;, &lt;code&gt;/var/cron/tabs&lt;/code&gt;&lt;/li&gt;
-&lt;li&gt;&lt;code&gt;strace&lt;/code&gt;, &lt;code&gt;truss&lt;/code&gt;&lt;/li&gt;
-&lt;li&gt;&lt;code&gt;ltrace&lt;/code&gt;&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Bootsequenz durchgehen, Single User Mode, Wie bekomme ich meine Platten wieder?, Wie überlebe ich ohne Editor und Terminalemulation?&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Defekte Programme tracen: &lt;code&gt;ldd&lt;/code&gt;, Solaris &lt;code&gt;proctools&lt;/code&gt;, Linux: &lt;code&gt;/proc/&amp;lt;nummer&amp;gt;/...&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;strace&lt;/code&gt;/&lt;code&gt;truss&lt;/code&gt; Output lesen, &lt;code&gt;ltrace&lt;/code&gt;/&lt;code&gt;sotruss&lt;/code&gt; Output lesen&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;h1 id=&#34;was-läuft&#34;&gt;
-    &lt;a href=&#34;#was-l%c3%a4uft&#34;&gt;
-	Was Läuft?
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2000/04/neu-system-011.jpg&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Welche Dienste sind auf der Maschine aktiv?&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Welche waren aktiv?&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Welche Ressourcen belegen diese Dienste?&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;ps -ef&lt;/code&gt;, &lt;code&gt;ps auxwww&lt;/code&gt;, &lt;code&gt;top&lt;/code&gt;, &lt;code&gt;lsof&lt;/code&gt;&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Linux: &lt;code&gt;ptree&lt;/code&gt;, &lt;code&gt;sa&lt;/code&gt;&lt;/li&gt;
-&lt;li&gt;Solaris: &lt;code&gt;/usr/proc/bin/*&lt;/code&gt;&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Beispiele mit den Proctools&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Speicherverbrauch abschätzen für Server&lt;/li&gt;
-&lt;li&gt;Programmaktivität laufender Prozesse feststellen&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;h1 id=&#34;welche-user-können-rein&#34;&gt;
-    &lt;a href=&#34;#welche-user-k%c3%b6nnen-rein&#34;&gt;
-	Welche User können rein?
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2000/04/neu-system-012.jpg&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Quellen von Userlisten&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;lokal, aus dem Netz&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Erlaubte und nicht erlaubte Shells&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Gehackte Authentisierung&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Modifizierte wu-ftpd, imapd&lt;/li&gt;
-&lt;li&gt;LDAP-Module&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;/etc/nsswitch.conf&lt;/code&gt;, &lt;code&gt;/etc/shells&lt;/code&gt;, &lt;code&gt;/etc/ftpusers&lt;/code&gt;, &lt;code&gt;/etc/ftpaccess&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Zugangsmechanismen&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Regeln für den Zugang, etwa über PAM: &lt;code&gt;/etc/pam.d&lt;/code&gt;, &lt;code&gt;/etc/pam.conf&lt;/code&gt;&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;p&gt;Verweis auf Folgeschulungen:&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;NSS/PAM/GSS nutzen.&lt;/li&gt;
-&lt;li&gt;NSS/PAM/GSS-Module erstellen.&lt;/li&gt;
-&lt;li&gt;Überblick über die von NetUSE für den ISP-Betrieb modifizierte Software.&lt;/li&gt;
-&lt;/ul&gt;
-&lt;h1 id=&#34;welche-user-waren-drin&#34;&gt;
-    &lt;a href=&#34;#welche-user-waren-drin&#34;&gt;
-	Welche User waren drin?
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2000/04/neu-system-013.jpg&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Auswertung des Logbuches&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Querabgleiche mit anderen Logs&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Auditing-Subsysteme&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;/etc/utmp&lt;/code&gt;, &lt;code&gt;/etc/wtmp&lt;/code&gt;, syslog, Auth-Events, Radius-Logs und andere&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Exoten:&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Logbücher der Sysadmin-Tools (AIX)&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Auditing-Subsysteme&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Linux: fehlendes Auditing, bescheidenes Accounting (falls installiert).&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Solaris: Demo des Auditing&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Beide: Welche Logs liegen wo und wie finde ich die gewünschte Info?&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;h1 id=&#34;zugriffsrechte-und-privilegien-in-unix&#34;&gt;
-    &lt;a href=&#34;#zugriffsrechte-und-privilegien-in-unix&#34;&gt;
-	Zugriffsrechte und Privilegien in UNIX
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;Bonusfolien aus der alten Schulung&lt;/p&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2000/04/neu-system-014.jpg&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Erkläre, wer unter welchen Bedingungen in UNIX auf eine Datei zugreifen darf!&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;rwx? sst?&lt;/li&gt;
-&lt;li&gt;Verzeichnisrechte vs. Dateirechte&lt;/li&gt;
-&lt;li&gt;Dateiattribute? Dateisystemattribute?&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Welche Spuren hinterläßt so ein Zugriff?&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&#34;https://blog.koehntopp.info/1996/03/01/rwx-sonst-nix.html&#34;&gt;RWX - sonst nix?&lt;/a&gt;
-
-&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Wer bin ich?&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Zu welchen Gruppen gehöre ich?&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Wie kann ich meine Identität ändern?&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Welche Rechte (alle!) brauche ich, um auf eine Datei zuzugreifen? Sind es immer dieselben?&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;h1 id=&#34;kurzer-sicherheitscheck-für-zwischendurch&#34;&gt;
-    &lt;a href=&#34;#kurzer-sicherheitscheck-f%c3%bcr-zwischendurch&#34;&gt;
-	Kurzer Sicherheitscheck für Zwischendurch
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;Bonusfolien aus der alten Schulung&lt;/p&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2000/04/neu-system-015.jpg&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/p&gt;
-&lt;p&gt;Die meisten Fehler entstehen nicht durch falsche Software, sondern dumme User.&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;find / -fstype ... ! -type l -perm ... -ls&lt;/code&gt;&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;-perm -2 (find world writeable files)&lt;/li&gt;
-&lt;li&gt;-perm -4000 (find SUID)&lt;/li&gt;
-&lt;li&gt;-perm -2000 (find SGID)&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Finde Dateien, die world writeable, suid oder sgid sind.&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;code&gt;/tmp&lt;/code&gt;, &lt;code&gt;/var/tmp&lt;/code&gt; (1777 ?)&lt;/li&gt;
-&lt;li&gt;Verzeichnisse im Pfad, Binaries, Konfigurationsdateien?&lt;/li&gt;
-&lt;li&gt;Dateien mit vorhersagbaren Dateinamen?&lt;/li&gt;
-&lt;li&gt;Geräte? Backup?&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;h1 id=&#34;rechte-an-geräten&#34;&gt;
-    &lt;a href=&#34;#rechte-an-ger%c3%a4ten&#34;&gt;
-	Rechte an Geräten
-    &lt;/a&gt;
-&lt;/h1&gt;
-&lt;p&gt;Bonusfolien aus der alten Schulung&lt;/p&gt;
-&lt;p&gt;&lt;p class=&#34;md__image&#34;&gt;
-  &lt;img src=&#34;https://blog.koehntopp.info/uploads/2000/04/neu-system-016.jpg&#34; alt=&#34;&#34;  /&gt;
-&lt;/p&gt;
-
-&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Auf vielen älteren kommerziellen Unices sind Gerätedateien unzureichend geschützt.&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Beschreibbare Plattendevices, Banddevices&lt;/li&gt;
-&lt;li&gt;777-Verzeichnisse &lt;code&gt;/dev/md/*&lt;/code&gt;, Löschen von LVM-Pseudogerätedateien&lt;/li&gt;
-&lt;li&gt;&lt;code&gt;ioctl()&lt;/code&gt;-Aufrufe nicht ausreichend privilegiert.&lt;/li&gt;
-&lt;li&gt;Medien mit sensitivem Inhalt in lesbaren Geräten.&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Beispiele:&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;ioctl()-Aufrufe in AIX teilweise nicht dokumentiert und nicht privilegiert.&lt;/li&gt;
-&lt;li&gt;/dev-Unterverzeichnisse 777 in HP/UX.&lt;/li&gt;
-&lt;li&gt;/bin-Verzeichnisse 777 in HP/UX und AIX nach Installation von Software.&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
 </description>
     </item>
     
diff --git a/tags/lizenz.html b/tags/lizenz.html
index 8e33066b81..1d65dbcd3b 100644
--- a/tags/lizenz.html
+++ b/tags/lizenz.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/lizenz/feed.xml b/tags/lizenz/feed.xml
index 4747be6bef..1ea1963149 100644
--- a/tags/lizenz/feed.xml
+++ b/tags/lizenz/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in lizenz on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/lizenz/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/lizenz/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>GPL V3 RC3 - Was steht drin?</title>
       <link>https://blog.koehntopp.info/2007/04/02/gpl-v3-rc3-was-steht-drin.html</link>
diff --git a/tags/macos.html b/tags/macos.html
index f63c389a1c..26d6cf83cd 100644
--- a/tags/macos.html
+++ b/tags/macos.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/macos/feed.xml b/tags/macos/feed.xml
index 84cfb5344e..d747545d11 100644
--- a/tags/macos/feed.xml
+++ b/tags/macos/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in macos on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/macos/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/macos/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>MacOS: How to prevent screen blanker</title>
       <link>https://blog.koehntopp.info/2022/07/30/macos-how-to-prevent-screen-blanker.html</link>
diff --git a/tags/mail.html b/tags/mail.html
index 1e07d1e771..b655cddb1f 100644
--- a/tags/mail.html
+++ b/tags/mail.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/mail/feed.xml b/tags/mail/feed.xml
index 4aae62e23e..884aff05d5 100644
--- a/tags/mail/feed.xml
+++ b/tags/mail/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in mail on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/mail/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/mail/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Unlimited Mail Addresses</title>
       <link>https://blog.koehntopp.info/2021/01/20/unlimited-mail-adresses.html</link>
diff --git a/tags/mastdon.html b/tags/mastdon.html
index 58cc2de6b1..d66a743c82 100644
--- a/tags/mastdon.html
+++ b/tags/mastdon.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/mastdon/feed.xml b/tags/mastdon/feed.xml
index 612bb48d99..fc5a010805 100644
--- a/tags/mastdon/feed.xml
+++ b/tags/mastdon/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in mastdon on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/mastdon/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/mastdon/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>The Need for Smarter Clients</title>
       <link>https://blog.koehntopp.info/2023/09/18/the-need-for-smarter-clients.html</link>
diff --git a/tags/mastodon.html b/tags/mastodon.html
index 68d4120718..51325daf88 100644
--- a/tags/mastodon.html
+++ b/tags/mastodon.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/mastodon/feed.xml b/tags/mastodon/feed.xml
index 39cc10774f..10319b56dd 100644
--- a/tags/mastodon/feed.xml
+++ b/tags/mastodon/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in mastodon on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/mastodon/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/mastodon/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Mastodon Interaction Counters</title>
       <link>https://blog.koehntopp.info/2023/01/25/mastodon-interaction-counters.html</link>
diff --git a/tags/media.html b/tags/media.html
index 87fcfade82..6b2c623643 100644
--- a/tags/media.html
+++ b/tags/media.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/media/feed.xml b/tags/media/feed.xml
index 1c393d2601..965b0cfe0f 100644
--- a/tags/media/feed.xml
+++ b/tags/media/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in media on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/media/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/media/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Fertig gelesen: Starter Villain</title>
       <link>https://blog.koehntopp.info/2023/10/01/fertig-gelesen-starter-villain.html</link>
diff --git a/tags/microsoft.html b/tags/microsoft.html
index 0a8b1fd47a..7411fb703f 100644
--- a/tags/microsoft.html
+++ b/tags/microsoft.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/microsoft/feed.xml b/tags/microsoft/feed.xml
index 06320708fe..7c5bfd2a39 100644
--- a/tags/microsoft/feed.xml
+++ b/tags/microsoft/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in microsoft on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/microsoft/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/microsoft/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Minecraft: unable to create native thread</title>
       <link>https://blog.koehntopp.info/2023/02/17/minecraft-unable-to-create-native-thread.html</link>
diff --git a/tags/minecraft.html b/tags/minecraft.html
index 68a73c1477..6217ae59f1 100644
--- a/tags/minecraft.html
+++ b/tags/minecraft.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/minecraft/feed.xml b/tags/minecraft/feed.xml
index f498f87225..d87e2b76bf 100644
--- a/tags/minecraft/feed.xml
+++ b/tags/minecraft/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in minecraft on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/minecraft/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/minecraft/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Minecraft: unable to create native thread</title>
       <link>https://blog.koehntopp.info/2023/02/17/minecraft-unable-to-create-native-thread.html</link>
diff --git a/tags/mobility.html b/tags/mobility.html
index 8a2c48953f..cc5af5f505 100644
--- a/tags/mobility.html
+++ b/tags/mobility.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/mobility/feed.xml b/tags/mobility/feed.xml
index 53c078f62c..81dd6b74d3 100644
--- a/tags/mobility/feed.xml
+++ b/tags/mobility/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in mobility on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/mobility/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/mobility/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Haftungsfragen</title>
       <link>https://blog.koehntopp.info/2023/09/16/haftungsfragen.html</link>
diff --git a/tags/mobiltelefon.html b/tags/mobiltelefon.html
index dd3646a85b..bafef1bc8c 100644
--- a/tags/mobiltelefon.html
+++ b/tags/mobiltelefon.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/mobiltelefon/feed.xml b/tags/mobiltelefon/feed.xml
index 054f1e226a..fa0b5dc700 100644
--- a/tags/mobiltelefon/feed.xml
+++ b/tags/mobiltelefon/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in mobiltelefon on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/mobiltelefon/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/mobiltelefon/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Handyrechnung</title>
       <link>https://blog.koehntopp.info/2011/05/10/handyrechnung.html</link>
diff --git a/tags/mongodb.html b/tags/mongodb.html
index 807dea43e4..c1ba5207fd 100644
--- a/tags/mongodb.html
+++ b/tags/mongodb.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/mongodb/feed.xml b/tags/mongodb/feed.xml
index 1486132988..80228e0126 100644
--- a/tags/mongodb/feed.xml
+++ b/tags/mongodb/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in mongodb on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/mongodb/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/mongodb/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Hipsterdoom with Mongobingo</title>
       <link>https://blog.koehntopp.info/2017/02/10/hipsterdoom-at-mongobingo.html</link>
diff --git a/tags/monitoring.html b/tags/monitoring.html
index ac64308b16..7581c6c0fb 100644
--- a/tags/monitoring.html
+++ b/tags/monitoring.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/monitoring/feed.xml b/tags/monitoring/feed.xml
index 902b911057..138d482cd4 100644
--- a/tags/monitoring/feed.xml
+++ b/tags/monitoring/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in monitoring on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/monitoring/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/monitoring/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>On the Observability of Outliers</title>
       <link>https://blog.koehntopp.info/2020/11/19/on-the-observability-of-outliers.html</link>
diff --git a/tags/musik.html b/tags/musik.html
index 8d3144aae0..bfbbaf3253 100644
--- a/tags/musik.html
+++ b/tags/musik.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/musik/feed.xml b/tags/musik/feed.xml
index 4f42394b9e..9a502636ed 100644
--- a/tags/musik/feed.xml
+++ b/tags/musik/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in musik on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/musik/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/musik/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Sony: &#34;Das Internet ist für uns ein Segen&#34;</title>
       <link>https://blog.koehntopp.info/2012/02/23/sony-das-internet-ist-f-r-uns-ein-segen.html</link>
diff --git a/tags/mysql.html b/tags/mysql.html
index 0d4e74d877..bf809103b7 100644
--- a/tags/mysql.html
+++ b/tags/mysql.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/mysql/feed.xml b/tags/mysql/feed.xml
index 0be6a8fda1..8e8610b198 100644
--- a/tags/mysql/feed.xml
+++ b/tags/mysql/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in mysql on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/mysql/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/mysql/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>MySQL: InnoDB Fragmentation</title>
       <link>https://blog.koehntopp.info/2023/07/06/mysql-innodb-fragmentation.html</link>
diff --git a/tags/mysqldev.html b/tags/mysqldev.html
index 2c7c184438..488d43df8a 100644
--- a/tags/mysqldev.html
+++ b/tags/mysqldev.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/mysqldev/feed.xml b/tags/mysqldev/feed.xml
index 11bb6cf466..9cd521795a 100644
--- a/tags/mysqldev/feed.xml
+++ b/tags/mysqldev/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in mysqldev on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/mysqldev/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/mysqldev/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>MySQL: Selecting random rows</title>
       <link>https://blog.koehntopp.info/2023/03/06/selecting-random-rows.html</link>
diff --git a/tags/netherlands.html b/tags/netherlands.html
index b74fc1b13f..4d199a4f58 100644
--- a/tags/netherlands.html
+++ b/tags/netherlands.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/netherlands/feed.xml b/tags/netherlands/feed.xml
index 0ecba59f80..b1120125e8 100644
--- a/tags/netherlands/feed.xml
+++ b/tags/netherlands/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in netherlands on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/netherlands/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/netherlands/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>City of Amsterdam and Combustion Engines</title>
       <link>https://blog.koehntopp.info/2023/05/11/city-of-amsterdam-and-combustion-engines.html</link>
diff --git a/tags/networking.html b/tags/networking.html
index 82322c5955..3fabf00159 100644
--- a/tags/networking.html
+++ b/tags/networking.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/networking/feed.xml b/tags/networking/feed.xml
index 64414b3545..85072fb75a 100644
--- a/tags/networking/feed.xml
+++ b/tags/networking/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in networking on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/networking/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/networking/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Arista Type 7 Passwords</title>
       <link>https://blog.koehntopp.info/2021/11/22/arista-type-7-passwords.html</link>
diff --git "a/tags/netzneutralit\303\244t.html" "b/tags/netzneutralit\303\244t.html"
index 4aa8d2d1d9..8e8f670542 100644
--- "a/tags/netzneutralit\303\244t.html"
+++ "b/tags/netzneutralit\303\244t.html"
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git "a/tags/netzneutralit\303\244t/feed.xml" "b/tags/netzneutralit\303\244t/feed.xml"
index c3cf817440..c5b92d5e1a 100644
--- "a/tags/netzneutralit\303\244t/feed.xml"
+++ "b/tags/netzneutralit\303\244t/feed.xml"
@@ -6,7 +6,7 @@
     <description>Recent content in netzneutralität on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/netzneutralit%C3%A4t/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/netzneutralit%C3%A4t/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Verstehe Dein Netz besser - Deine Flatrate entmündigt Dich!</title>
       <link>https://blog.koehntopp.info/2011/07/12/verstehe-dein-netz-besser-deine-flatrate-entm-ndigt-dich.html</link>
diff --git a/tags/neuland.html b/tags/neuland.html
index af3c1b0465..f5300f2390 100644
--- a/tags/neuland.html
+++ b/tags/neuland.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/neuland/feed.xml b/tags/neuland/feed.xml
index 9dbd46433c..de9378e71f 100644
--- a/tags/neuland/feed.xml
+++ b/tags/neuland/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in neuland on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/neuland/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/neuland/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>25 years &#34;Individual Network e.V.&#34;</title>
       <link>https://blog.koehntopp.info/2017/06/20/25-years-individual-network-e-v.html</link>
diff --git a/tags/nosql.html b/tags/nosql.html
index 5ca04e2f90..d4d9926a46 100644
--- a/tags/nosql.html
+++ b/tags/nosql.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/nosql/feed.xml b/tags/nosql/feed.xml
index 631a3bb69b..c843220427 100644
--- a/tags/nosql/feed.xml
+++ b/tags/nosql/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in nosql on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/nosql/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/nosql/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Zu Besuch bei Redis</title>
       <link>https://blog.koehntopp.info/2012/09/23/zu-besuch-bei-redis.html</link>
diff --git a/tags/oracle.html b/tags/oracle.html
index c3e96e0d00..3156f8aad8 100644
--- a/tags/oracle.html
+++ b/tags/oracle.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/oracle/feed.xml b/tags/oracle/feed.xml
index a3a652c821..93bf122329 100644
--- a/tags/oracle/feed.xml
+++ b/tags/oracle/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in oracle on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/oracle/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/oracle/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>&#39;a&#39; = &#39;b&#39; = &#39;c&#39;</title>
       <link>https://blog.koehntopp.info/2010/09/10/a-b-c.html</link>
diff --git a/tags/patent.html b/tags/patent.html
index 20d957764b..a7de7f054f 100644
--- a/tags/patent.html
+++ b/tags/patent.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/patent/feed.xml b/tags/patent/feed.xml
index af6fb2b43d..01aa761477 100644
--- a/tags/patent/feed.xml
+++ b/tags/patent/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in patent on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/patent/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/patent/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>GPL V3 RC3 - Was steht drin?</title>
       <link>https://blog.koehntopp.info/2007/04/02/gpl-v3-rc3-was-steht-drin.html</link>
diff --git a/tags/performance.html b/tags/performance.html
index c0bbd19dcf..0d2315cdc1 100644
--- a/tags/performance.html
+++ b/tags/performance.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/performance/feed.xml b/tags/performance/feed.xml
index d7514e2beb..91800a2ec1 100644
--- a/tags/performance/feed.xml
+++ b/tags/performance/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in performance on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/performance/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/performance/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Waffle House Index of Tooling</title>
       <link>https://blog.koehntopp.info/2020/06/08/waffle-house-index-of-tooling.html</link>
diff --git a/tags/php.html b/tags/php.html
index f1305f9f8d..3939cf0965 100644
--- a/tags/php.html
+++ b/tags/php.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/php/feed.xml b/tags/php/feed.xml
index af82d4e4f8..84aa485472 100644
--- a/tags/php/feed.xml
+++ b/tags/php/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in php on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/php/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/php/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Watchman</title>
       <link>https://blog.koehntopp.info/2018/02/01/watchman.html</link>
diff --git a/tags/physik.html b/tags/physik.html
index 93a9715953..20d8bfafc6 100644
--- a/tags/physik.html
+++ b/tags/physik.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/physik/feed.xml b/tags/physik/feed.xml
index cc2b777d09..7fbc9d933a 100644
--- a/tags/physik/feed.xml
+++ b/tags/physik/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in physik on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/physik/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/physik/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Higgs</title>
       <link>https://blog.koehntopp.info/2011/12/13/higgs.html</link>
diff --git a/tags/piraten.html b/tags/piraten.html
index 810b36ac42..3fa0a4bccc 100644
--- a/tags/piraten.html
+++ b/tags/piraten.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/piraten/feed.xml b/tags/piraten/feed.xml
index 17203f7af3..160de20c3a 100644
--- a/tags/piraten/feed.xml
+++ b/tags/piraten/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in piraten on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/piraten/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/piraten/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Wieso wir gegen das Leistungsschutzrecht sind</title>
       <link>https://blog.koehntopp.info/2012/06/25/wieso-wir-gegen-das-leistungsschutzrecht-sind.html</link>
diff --git a/tags/pluspora_import.html b/tags/pluspora_import.html
index 47068c8161..311f790da6 100644
--- a/tags/pluspora_import.html
+++ b/tags/pluspora_import.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/pluspora_import/feed.xml b/tags/pluspora_import/feed.xml
index d273dbda26..0c36b262a9 100644
--- a/tags/pluspora_import/feed.xml
+++ b/tags/pluspora_import/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in pluspora_import on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/pluspora_import/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/pluspora_import/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Kinder und visuelle Medien</title>
       <link>https://blog.koehntopp.info/2019/05/28/kinder-und-visuelle-medien.html</link>
diff --git a/tags/politik.html b/tags/politik.html
index 0a40fe77e6..ac88e654cf 100644
--- a/tags/politik.html
+++ b/tags/politik.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/politik/feed.xml b/tags/politik/feed.xml
index e1e8bf3add..224aaa3f33 100644
--- a/tags/politik/feed.xml
+++ b/tags/politik/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in politik on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/politik/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/politik/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>JusProg ist nur der Anfang</title>
       <link>https://blog.koehntopp.info/2024/01/16/jusprog-ist-nur-der-anfang.html</link>
diff --git a/tags/postgres.html b/tags/postgres.html
index dc0192e2ca..2afc60b4dc 100644
--- a/tags/postgres.html
+++ b/tags/postgres.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/postgres/feed.xml b/tags/postgres/feed.xml
index d13a731ebb..866a3ec688 100644
--- a/tags/postgres/feed.xml
+++ b/tags/postgres/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in postgres on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/postgres/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/postgres/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Checkpoint Blues</title>
       <link>https://blog.koehntopp.info/2011/09/19/checkpoint-blues.html</link>
diff --git a/tags/privacy.html b/tags/privacy.html
index afae566ca6..4149233fcb 100644
--- a/tags/privacy.html
+++ b/tags/privacy.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/privacy/feed.xml b/tags/privacy/feed.xml
index f956ef07f9..9a00cca055 100644
--- a/tags/privacy/feed.xml
+++ b/tags/privacy/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in privacy on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/privacy/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/privacy/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Mein selbstfahrendes Auto hat Kameras, oh nein!</title>
       <link>https://blog.koehntopp.info/2020/09/17/mein-selbstfahrendes-auto-hat-kameras-oh-nein.html</link>
diff --git a/tags/publication.html b/tags/publication.html
index 32fdd528ec..5b383f34cd 100644
--- a/tags/publication.html
+++ b/tags/publication.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/publication/feed.xml b/tags/publication/feed.xml
index 1611e6ef0a..6a44681c32 100644
--- a/tags/publication/feed.xml
+++ b/tags/publication/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in publication on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/publication/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/publication/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>A Revolution Devours Its Children</title>
       <link>https://blog.koehntopp.info/2023/11/11/a-revolution-devours-its-children.html</link>
diff --git a/tags/python.html b/tags/python.html
index 48902ebd54..8b0ed38e11 100644
--- a/tags/python.html
+++ b/tags/python.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/python/feed.xml b/tags/python/feed.xml
index 24c14ee0f4..a0257b0dd2 100644
--- a/tags/python/feed.xml
+++ b/tags/python/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in python on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/python/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/python/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>x86_64 binaries on M1</title>
       <link>https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html</link>
diff --git a/tags/reddit.html b/tags/reddit.html
index 7454c66309..fed50ff625 100644
--- a/tags/reddit.html
+++ b/tags/reddit.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/reddit/feed.xml b/tags/reddit/feed.xml
index 391a7bf270..c5dc3a4cac 100644
--- a/tags/reddit/feed.xml
+++ b/tags/reddit/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in reddit on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/reddit/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/reddit/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>MySQL Window Functions</title>
       <link>https://blog.koehntopp.info/2020/06/21/mysql-window-functions.html</link>
diff --git a/tags/regulierung.html b/tags/regulierung.html
index 87740a4ae3..01e2caa994 100644
--- a/tags/regulierung.html
+++ b/tags/regulierung.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/regulierung/feed.xml b/tags/regulierung/feed.xml
index 657129c097..8d9b958a8f 100644
--- a/tags/regulierung/feed.xml
+++ b/tags/regulierung/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in regulierung on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/regulierung/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/regulierung/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Piratenthemen II</title>
       <link>https://blog.koehntopp.info/2009/08/10/piratenthemen-ii.html</link>
diff --git a/tags/reisen.html b/tags/reisen.html
index bede1e7a5a..cac919fabc 100644
--- a/tags/reisen.html
+++ b/tags/reisen.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/reisen/feed.xml b/tags/reisen/feed.xml
index 609d46cebc..5bb454e2a3 100644
--- a/tags/reisen/feed.xml
+++ b/tags/reisen/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in reisen on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/reisen/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/reisen/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Kulturelles Defizit</title>
       <link>https://blog.koehntopp.info/2010/02/28/kulturelles-defizit.html</link>
diff --git a/tags/religion.html b/tags/religion.html
index 8ea59621a2..7179b48221 100644
--- a/tags/religion.html
+++ b/tags/religion.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/religion/feed.xml b/tags/religion/feed.xml
index 7ce6c72963..10b4da15c0 100644
--- a/tags/religion/feed.xml
+++ b/tags/religion/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in religion on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/religion/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/religion/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Fertig gelesen: Damit Du Bescheid weißt</title>
       <link>https://blog.koehntopp.info/2012/08/23/fertig-gelesen-damit-du-bescheid-wei-t.html</link>
diff --git a/tags/remote-first.html b/tags/remote-first.html
index 9f589ad145..428db92ea3 100644
--- a/tags/remote-first.html
+++ b/tags/remote-first.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/remote-first/feed.xml b/tags/remote-first/feed.xml
index bebf3d7921..ebaf78ff5e 100644
--- a/tags/remote-first/feed.xml
+++ b/tags/remote-first/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in remote first on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/remote-first/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/remote-first/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Kein Homeoffice, keine Kekse</title>
       <link>https://blog.koehntopp.info/2023/09/12/kein-homeoffice-keine-kekse.html</link>
diff --git a/tags/replication.html b/tags/replication.html
index 3afb5fea86..9036d064e3 100644
--- a/tags/replication.html
+++ b/tags/replication.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/replication/feed.xml b/tags/replication/feed.xml
index f8fdef2b29..8de898fa67 100644
--- a/tags/replication/feed.xml
+++ b/tags/replication/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in replication on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/replication/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/replication/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>MySQL: Parallel Replication</title>
       <link>https://blog.koehntopp.info/2021/11/08/mysql-parallel-replication.html</link>
diff --git a/tags/review.html b/tags/review.html
index 2a83f0f7ec..d4e87fa064 100644
--- a/tags/review.html
+++ b/tags/review.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/review/feed.xml b/tags/review/feed.xml
index 3575ad81b1..87401a7580 100644
--- a/tags/review/feed.xml
+++ b/tags/review/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in review on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/review/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/review/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Fertig gelesen: Starter Villain</title>
       <link>https://blog.koehntopp.info/2023/10/01/fertig-gelesen-starter-villain.html</link>
diff --git a/tags/rezepte.html b/tags/rezepte.html
index aa6f9111ea..197ef1a69f 100644
--- a/tags/rezepte.html
+++ b/tags/rezepte.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/rezepte/feed.xml b/tags/rezepte/feed.xml
index 3675a34e8f..2cb40045dc 100644
--- a/tags/rezepte/feed.xml
+++ b/tags/rezepte/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in rezepte on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/rezepte/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/rezepte/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Satay Sauce</title>
       <link>https://blog.koehntopp.info/2004/12/31/satay-sauce.html</link>
diff --git a/tags/roleplay.html b/tags/roleplay.html
index c521c435eb..e79343fe58 100644
--- a/tags/roleplay.html
+++ b/tags/roleplay.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/roleplay/feed.xml b/tags/roleplay/feed.xml
index a829f9f933..2e80e1482e 100644
--- a/tags/roleplay/feed.xml
+++ b/tags/roleplay/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in roleplay on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/roleplay/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/roleplay/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Gamification</title>
       <link>https://blog.koehntopp.info/2012/02/28/gamification.html</link>
diff --git a/tags/s9y.html b/tags/s9y.html
index 60e4fcc42d..2606f2f4c4 100644
--- a/tags/s9y.html
+++ b/tags/s9y.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/s9y/feed.xml b/tags/s9y/feed.xml
index 10c92487e6..6e2914e9dd 100644
--- a/tags/s9y/feed.xml
+++ b/tags/s9y/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in s9y on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/s9y/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/s9y/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Statifizierung für S9Y - eine Blaupause</title>
       <link>https://blog.koehntopp.info/2010/05/11/statifizierung-fuer-s9y-eine-blaupause.html</link>
diff --git a/tags/schemas.html b/tags/schemas.html
index dc385eea5a..3e16192d90 100644
--- a/tags/schemas.html
+++ b/tags/schemas.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/schemas/feed.xml b/tags/schemas/feed.xml
index 7e36d12124..f284962f6d 100644
--- a/tags/schemas/feed.xml
+++ b/tags/schemas/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in schemas on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/schemas/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/schemas/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Some rules for primary keys</title>
       <link>https://blog.koehntopp.info/2020/01/28/some-rules-for-primary-keys.html</link>
diff --git a/tags/schnuppel.html b/tags/schnuppel.html
index 1e65d78aba..159a6ce552 100644
--- a/tags/schnuppel.html
+++ b/tags/schnuppel.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/schnuppel/feed.xml b/tags/schnuppel/feed.xml
index c32d71fa52..925d99af11 100644
--- a/tags/schnuppel/feed.xml
+++ b/tags/schnuppel/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in schnuppel on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/schnuppel/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/schnuppel/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Was mein Kind in der Schule so macht</title>
       <link>https://blog.koehntopp.info/2022/12/30/was-mein-kind-in-der-schule-so-macht.html</link>
diff --git a/tags/schulung.html b/tags/schulung.html
index 587a239f5f..3688ce2e08 100644
--- a/tags/schulung.html
+++ b/tags/schulung.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/schulung/feed.xml b/tags/schulung/feed.xml
index 52f4391683..0a9c31635a 100644
--- a/tags/schulung/feed.xml
+++ b/tags/schulung/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in schulung on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/schulung/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/schulung/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Rechenaufgaben lösen</title>
       <link>https://blog.koehntopp.info/2021/02/28/rechenaufgaben-loesen.html</link>
diff --git a/tags/science.html b/tags/science.html
index 64b40d795e..af4c907f48 100644
--- a/tags/science.html
+++ b/tags/science.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/science/feed.xml b/tags/science/feed.xml
index 8724dfce0b..76670d9327 100644
--- a/tags/science/feed.xml
+++ b/tags/science/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in science on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/science/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/science/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Nur eine Theorie</title>
       <link>https://blog.koehntopp.info/2019/03/02/nur-eine-theorie.html</link>
diff --git a/tags/scifi.html b/tags/scifi.html
index 36e09d0fb4..83a2055f13 100644
--- a/tags/scifi.html
+++ b/tags/scifi.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/scifi/feed.xml b/tags/scifi/feed.xml
index dada63a4e5..bf16a650ba 100644
--- a/tags/scifi/feed.xml
+++ b/tags/scifi/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in scifi on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/scifi/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/scifi/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Fertig gelesen: Old Man&#39;s War</title>
       <link>https://blog.koehntopp.info/2021/09/05/fertig-gelesen-old-mans-war.html</link>
diff --git a/tags/security.html b/tags/security.html
index 7bf615d89a..0718e66392 100644
--- a/tags/security.html
+++ b/tags/security.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/security/feed.xml b/tags/security/feed.xml
index 6251cce120..5075d48c11 100644
--- a/tags/security/feed.xml
+++ b/tags/security/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in security on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/security/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/security/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>sshpass</title>
       <link>https://blog.koehntopp.info/2023/09/15/sshpass.html</link>
diff --git a/tags/social-networking.html b/tags/social-networking.html
index 66034650b5..03ce26d6e9 100644
--- a/tags/social-networking.html
+++ b/tags/social-networking.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/social-networking/feed.xml b/tags/social-networking/feed.xml
index 4369aa91e0..a0994722d8 100644
--- a/tags/social-networking/feed.xml
+++ b/tags/social-networking/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in social networking on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/social-networking/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/social-networking/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Mastodon Interaction Counters</title>
       <link>https://blog.koehntopp.info/2023/01/25/mastodon-interaction-counters.html</link>
diff --git a/tags/software.html b/tags/software.html
index 81f176d612..a05a5d7502 100644
--- a/tags/software.html
+++ b/tags/software.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/software/feed.xml b/tags/software/feed.xml
index ca96dd45ea..3703762651 100644
--- a/tags/software/feed.xml
+++ b/tags/software/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in software on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/software/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/software/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>It&#39;s a Modulith</title>
       <link>https://blog.koehntopp.info/2023/05/10/its-a-modulith.html</link>
diff --git a/tags/sonos.html b/tags/sonos.html
index 7fb1acf0f5..35540c3dbc 100644
--- a/tags/sonos.html
+++ b/tags/sonos.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/sonos/feed.xml b/tags/sonos/feed.xml
index 6cb21bd0f2..04591a1f90 100644
--- a/tags/sonos/feed.xml
+++ b/tags/sonos/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in sonos on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/sonos/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/sonos/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Sonos just got complicated</title>
       <link>https://blog.koehntopp.info/2020/06/09/sonos-just-got-complicated.html</link>
diff --git a/tags/sony.html b/tags/sony.html
index 100663abcf..161c07aba8 100644
--- a/tags/sony.html
+++ b/tags/sony.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/sony/feed.xml b/tags/sony/feed.xml
index 6d7dcc806c..d6728a6c05 100644
--- a/tags/sony/feed.xml
+++ b/tags/sony/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in sony on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/sony/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/sony/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Sony: &#34;Das Internet ist für uns ein Segen&#34;</title>
       <link>https://blog.koehntopp.info/2012/02/23/sony-das-internet-ist-f-r-uns-ein-segen.html</link>
diff --git a/tags/spackeria.html b/tags/spackeria.html
index 4e407db713..76ffe0ca68 100644
--- a/tags/spackeria.html
+++ b/tags/spackeria.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/spackeria/feed.xml b/tags/spackeria/feed.xml
index c8d30014a5..c6a761a23a 100644
--- a/tags/spackeria/feed.xml
+++ b/tags/spackeria/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in spackeria on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/spackeria/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/spackeria/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Die Erzwingung der Privatsphäre</title>
       <link>https://blog.koehntopp.info/2012/08/17/die-erzwingung-der-privatsphaere.html</link>
diff --git a/tags/spam.html b/tags/spam.html
index 29fc90f8ba..9677b352c2 100644
--- a/tags/spam.html
+++ b/tags/spam.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/spam/feed.xml b/tags/spam/feed.xml
index 80257d1e39..8dea0b4ee4 100644
--- a/tags/spam/feed.xml
+++ b/tags/spam/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in spam on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/spam/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/spam/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Getting rid of phishing training mails</title>
       <link>https://blog.koehntopp.info/2023/05/23/getting-rid-of-phishing-training-mails.html</link>
diff --git a/tags/spoiler.html b/tags/spoiler.html
index 4f48528377..a7fa02d7d3 100644
--- a/tags/spoiler.html
+++ b/tags/spoiler.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/spoiler/feed.xml b/tags/spoiler/feed.xml
index 8afa77468e..122da3b387 100644
--- a/tags/spoiler/feed.xml
+++ b/tags/spoiler/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in spoiler on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/spoiler/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/spoiler/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Fertig gelesen vs. Spoiler.</title>
       <link>https://blog.koehntopp.info/2012/08/31/fertig-gelesen-vs-spoiler.html</link>
diff --git a/tags/sql.html b/tags/sql.html
index 82c1b4b53e..9d51911d4e 100644
--- a/tags/sql.html
+++ b/tags/sql.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/sql/feed.xml b/tags/sql/feed.xml
index 289b0d300d..462708ab2e 100644
--- a/tags/sql/feed.xml
+++ b/tags/sql/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in sql on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/sql/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/sql/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>MySQL: NULL is NULL</title>
       <link>https://blog.koehntopp.info/2020/08/25/null-is-null.html</link>
diff --git a/tags/sqlite.html b/tags/sqlite.html
index 4a7fc4826b..0870002957 100644
--- a/tags/sqlite.html
+++ b/tags/sqlite.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/sqlite/feed.xml b/tags/sqlite/feed.xml
index 000e85e2d7..91bccd4660 100644
--- a/tags/sqlite/feed.xml
+++ b/tags/sqlite/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in sqlite on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/sqlite/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/sqlite/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Was bedeutet eigentlich &#39;Relationale Algebra&#39;?</title>
       <link>https://blog.koehntopp.info/2010/04/28/was-bedeutet-eigentlich-relationale-algebra.html</link>
diff --git a/tags/steampunk.html b/tags/steampunk.html
index a405b8ac40..c528a87306 100644
--- a/tags/steampunk.html
+++ b/tags/steampunk.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/steampunk/feed.xml b/tags/steampunk/feed.xml
index 81cf0af834..b7ed7eee9d 100644
--- a/tags/steampunk/feed.xml
+++ b/tags/steampunk/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in steampunk on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/steampunk/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/steampunk/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Fertig gelesen: The Aeronaut&#39;s Windlass</title>
       <link>https://blog.koehntopp.info/2017/01/02/fertig-gelesen-the-aeronauts-windlass.html</link>
diff --git a/tags/storage.html b/tags/storage.html
index 15e4777ee7..cfb2dae3e3 100644
--- a/tags/storage.html
+++ b/tags/storage.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/storage/feed.xml b/tags/storage/feed.xml
index 5d8d4334a2..4d712c4e38 100644
--- a/tags/storage/feed.xml
+++ b/tags/storage/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in storage on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/storage/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/storage/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Revisiting the file server</title>
       <link>https://blog.koehntopp.info/2022/02/06/revisiting-the-file-server.html</link>
diff --git a/tags/stross.html b/tags/stross.html
index f277f666ca..52afd5bbbc 100644
--- a/tags/stross.html
+++ b/tags/stross.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/stross/feed.xml b/tags/stross/feed.xml
index 29dbafaa85..aec58a5bdd 100644
--- a/tags/stross/feed.xml
+++ b/tags/stross/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in stross on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/stross/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/stross/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Fertig gelesen: The Apocalypse Codex</title>
       <link>https://blog.koehntopp.info/2012/08/31/fertig-gelesen-the-apocalypse-codex.html</link>
diff --git a/tags/stuttgart.html b/tags/stuttgart.html
index 16529da4e3..9a64c85af3 100644
--- a/tags/stuttgart.html
+++ b/tags/stuttgart.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/stuttgart/feed.xml b/tags/stuttgart/feed.xml
index c2b7f693c7..4459436e01 100644
--- a/tags/stuttgart/feed.xml
+++ b/tags/stuttgart/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in stuttgart on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/stuttgart/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/stuttgart/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Flames - Kommunikationszusammenbrüche im Netz</title>
       <link>https://blog.koehntopp.info/2007/02/11/flames-kommunikationszusammenbrueche-im-netz.html</link>
diff --git a/tags/sun.html b/tags/sun.html
index 13bca07ea4..eab3ce22d1 100644
--- a/tags/sun.html
+++ b/tags/sun.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/sun/feed.xml b/tags/sun/feed.xml
index 0bde3fe983..79b40ac900 100644
--- a/tags/sun/feed.xml
+++ b/tags/sun/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in sun on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/sun/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/sun/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>MySQL, Sun, Oracle - und die EU</title>
       <link>https://blog.koehntopp.info/2009/11/12/mysql-sun-oracle-und-die-eu.html</link>
diff --git a/tags/talk.html b/tags/talk.html
index 4ef56dab34..ae93240551 100644
--- a/tags/talk.html
+++ b/tags/talk.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/talk/feed.xml b/tags/talk/feed.xml
index 36e6607c6e..83f3d0f8f5 100644
--- a/tags/talk/feed.xml
+++ b/tags/talk/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in talk on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/talk/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/talk/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>A Journey to Open Compute</title>
       <link>https://blog.koehntopp.info/2018/02/21/a-journey-to-open-compute.html</link>
diff --git a/tags/technik.html b/tags/technik.html
index abbca08cf7..eec6f145c5 100644
--- a/tags/technik.html
+++ b/tags/technik.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/technik/feed.xml b/tags/technik/feed.xml
index 5a68e111e9..9624e621b4 100644
--- a/tags/technik/feed.xml
+++ b/tags/technik/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in technik on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/technik/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/technik/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Flugtaxi</title>
       <link>https://blog.koehntopp.info/2023/09/18/flugtaxi.html</link>
diff --git a/tags/terror.html b/tags/terror.html
index 77fd728d83..c722bb4c74 100644
--- a/tags/terror.html
+++ b/tags/terror.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/terror/feed.xml b/tags/terror/feed.xml
index 82fe2d66a4..176e6fcf17 100644
--- a/tags/terror/feed.xml
+++ b/tags/terror/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in terror on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/terror/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/terror/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Datenschutztheater: Google Analytics ist amtlich datenschutzkonform </title>
       <link>https://blog.koehntopp.info/2011/09/15/datenschutztheater-google-analytics-ist-amtlich-datenschutzkonform.html</link>
diff --git a/tags/testing.html b/tags/testing.html
index e31239219d..55be10bda8 100644
--- a/tags/testing.html
+++ b/tags/testing.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/testing/feed.xml b/tags/testing/feed.xml
index bbeade186d..305b810423 100644
--- a/tags/testing/feed.xml
+++ b/tags/testing/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in testing on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/testing/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/testing/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Rolling back a rollout</title>
       <link>https://blog.koehntopp.info/2020/01/17/rolling-back-a-rollout.html</link>
diff --git a/tags/travel.html b/tags/travel.html
index e40badd065..8323ffa522 100644
--- a/tags/travel.html
+++ b/tags/travel.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/travel/feed.xml b/tags/travel/feed.xml
index 2474314b07..4d7bb93249 100644
--- a/tags/travel/feed.xml
+++ b/tags/travel/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in travel on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/travel/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/travel/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Supertopp!</title>
       <link>https://blog.koehntopp.info/2007/02/03/supertopp.html</link>
diff --git a/tags/tv.html b/tags/tv.html
index 6ec863d6ef..9a6f125068 100644
--- a/tags/tv.html
+++ b/tags/tv.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/tv/feed.xml b/tags/tv/feed.xml
index aad64a7439..0b680d806f 100644
--- a/tags/tv/feed.xml
+++ b/tags/tv/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in tv on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/tv/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/tv/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Die Grauen Herren vs. das Internet</title>
       <link>https://blog.koehntopp.info/2008/05/06/die-grauen-herren-vs-das-internet.html</link>
diff --git a/tags/umzug.html b/tags/umzug.html
index dd67fb9180..2254f40670 100644
--- a/tags/umzug.html
+++ b/tags/umzug.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/umzug/feed.xml b/tags/umzug/feed.xml
index 514483d012..fe3595b558 100644
--- a/tags/umzug/feed.xml
+++ b/tags/umzug/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in umzug on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/umzug/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/umzug/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Umzug, mal wieder</title>
       <link>https://blog.koehntopp.info/2008/09/17/umzug-mal-wieder.html</link>
diff --git a/tags/unix.html b/tags/unix.html
index cccc869d28..104f575de3 100644
--- a/tags/unix.html
+++ b/tags/unix.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/unix/feed.xml b/tags/unix/feed.xml
index f671214a7b..d1a9b57de1 100644
--- a/tags/unix/feed.xml
+++ b/tags/unix/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in unix on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/unix/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/unix/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Invalid-UTF8 vs the filesystem</title>
       <link>https://blog.koehntopp.info/2023/09/14/invalid-utf8-vs-the-filesystem.html</link>
diff --git a/tags/usenet.html b/tags/usenet.html
index 9dbc0d9da7..6a49d197bd 100644
--- a/tags/usenet.html
+++ b/tags/usenet.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/usenet/feed.xml b/tags/usenet/feed.xml
index 0033d9b6a6..3e7a77d37a 100644
--- a/tags/usenet/feed.xml
+++ b/tags/usenet/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in usenet on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/usenet/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/usenet/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>The Need for Smarter Clients</title>
       <link>https://blog.koehntopp.info/2023/09/18/the-need-for-smarter-clients.html</link>
diff --git a/tags/verkehr.html b/tags/verkehr.html
index 121b5c83a3..7791fdd8bd 100644
--- a/tags/verkehr.html
+++ b/tags/verkehr.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/verkehr/feed.xml b/tags/verkehr/feed.xml
index 7d0d5f7a8a..3ef882d844 100644
--- a/tags/verkehr/feed.xml
+++ b/tags/verkehr/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in verkehr on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/verkehr/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/verkehr/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Energiekosten beim Elektroauto</title>
       <link>https://blog.koehntopp.info/2023/09/13/energiekosten-beim-elektroauto.html</link>
diff --git a/tags/virus.html b/tags/virus.html
index a9ba805e70..9ab7268833 100644
--- a/tags/virus.html
+++ b/tags/virus.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/virus/feed.xml b/tags/virus/feed.xml
index 7645398631..484a66155a 100644
--- a/tags/virus/feed.xml
+++ b/tags/virus/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in virus on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/virus/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/virus/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Alle vier Stunden - zum Nutzen von Antivirus und zum Nutzen von Testverfahren</title>
       <link>https://blog.koehntopp.info/2012/04/27/alle-vier-stunden-zum-nutzen-von-antivirus-und-zum-nutzen-von-testverfahren.html</link>
diff --git a/tags/wahl.html b/tags/wahl.html
index 9965d20fa5..9df052fbf4 100644
--- a/tags/wahl.html
+++ b/tags/wahl.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/wahl/feed.xml b/tags/wahl/feed.xml
index fd5c93ed9c..2bbf67d710 100644
--- a/tags/wahl/feed.xml
+++ b/tags/wahl/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in wahl on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/wahl/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/wahl/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Der CCC vernichtet den Hamburger Wahlstift</title>
       <link>https://blog.koehntopp.info/2009/11/17/der-ccc-vernichtet-den-hamburger-wahlstift.html</link>
diff --git a/tags/web.html b/tags/web.html
index 992f696130..f6e661e8ee 100644
--- a/tags/web.html
+++ b/tags/web.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/web/feed.xml b/tags/web/feed.xml
index fb3e857d92..ac3a2f9603 100644
--- a/tags/web/feed.xml
+++ b/tags/web/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in web on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/web/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/web/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>JusProg ist nur der Anfang</title>
       <link>https://blog.koehntopp.info/2024/01/16/jusprog-ist-nur-der-anfang.html</link>
diff --git a/tags/wikipedia.html b/tags/wikipedia.html
index e4642236aa..390987b707 100644
--- a/tags/wikipedia.html
+++ b/tags/wikipedia.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/wikipedia/feed.xml b/tags/wikipedia/feed.xml
index e80754136f..a50b4676ad 100644
--- a/tags/wikipedia/feed.xml
+++ b/tags/wikipedia/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in wikipedia on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/wikipedia/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/wikipedia/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Wikipedia - Quellenkritik</title>
       <link>https://blog.koehntopp.info/2010/05/13/wikipedia-quellenkritik.html</link>
diff --git a/tags/windows.html b/tags/windows.html
index 083c08641c..6e3d26c5b7 100644
--- a/tags/windows.html
+++ b/tags/windows.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/windows/feed.xml b/tags/windows/feed.xml
index 1533e43b69..85662c548e 100644
--- a/tags/windows/feed.xml
+++ b/tags/windows/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in windows on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/windows/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/windows/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Windows 10 and Umlauts with an english keyboard</title>
       <link>https://blog.koehntopp.info/2021/05/15/windows-10-and-umlauts-with-an-english-keyboard.html</link>
diff --git a/tags/wlan.html b/tags/wlan.html
index a700285a57..b3670c5042 100644
--- a/tags/wlan.html
+++ b/tags/wlan.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/wlan/feed.xml b/tags/wlan/feed.xml
index 11f917e196..1e9f35b18c 100644
--- a/tags/wlan/feed.xml
+++ b/tags/wlan/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in wlan on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/wlan/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/wlan/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Incident Management und Transparenz</title>
       <link>https://blog.koehntopp.info/2010/05/18/incident-management-und-transparenz.html</link>
diff --git a/tags/work.html b/tags/work.html
index 2b84a928a7..63cb4f7543 100644
--- a/tags/work.html
+++ b/tags/work.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/work/feed.xml b/tags/work/feed.xml
index ae45d08676..2d4dd503ed 100644
--- a/tags/work/feed.xml
+++ b/tags/work/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in work on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/work/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/work/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Sitzende Tätigkeit</title>
       <link>https://blog.koehntopp.info/2023/10/10/sitzende-taetigkeit.html</link>
diff --git a/tags/zensur.html b/tags/zensur.html
index 6c479a2701..219a908525 100644
--- a/tags/zensur.html
+++ b/tags/zensur.html
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git a/tags/zensur/feed.xml b/tags/zensur/feed.xml
index b5a6bf9f98..d7af94e5bb 100644
--- a/tags/zensur/feed.xml
+++ b/tags/zensur/feed.xml
@@ -6,7 +6,7 @@
     <description>Recent content in zensur on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/zensur/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/zensur/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>Löschen statt Sperren</title>
       <link>https://blog.koehntopp.info/2010/04/06/l-schen-statt-sperren.html</link>
diff --git "a/tags/\303\274berwachung.html" "b/tags/\303\274berwachung.html"
index 79ac7a7cdd..3c56ce89f9 100644
--- "a/tags/\303\274berwachung.html"
+++ "b/tags/\303\274berwachung.html"
@@ -4583,6 +4583,11 @@ <h3 id="devops">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
@@ -10728,6 +10733,11 @@ <h3 id="lang_en">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/05/x86_64-binaries-on-m1.html">x86_64 binaries on M1</a>
                 <span class='' style='float: right'>December 5, 2023</span>
@@ -12689,6 +12699,11 @@ <h3 id="linux">
           </h3>
           <ul>
             
+              <li class='d-block'>
+                <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2024/01/09/deploying-websites.html">Deploying websites - an escalation</a>
+                <span class='' style='float: right'>January 9, 2024</span>
+              </li>
+            
               <li class='d-block'>
                 <a class='text-dark text-underline-hover' href="https://blog.koehntopp.info/2023/12/30/restic.html">Restic</a>
                 <span class='' style='float: right'>December 30, 2023</span>
diff --git "a/tags/\303\274berwachung/feed.xml" "b/tags/\303\274berwachung/feed.xml"
index 8f1d3570ad..f13f5ca1bc 100644
--- "a/tags/\303\274berwachung/feed.xml"
+++ "b/tags/\303\274berwachung/feed.xml"
@@ -6,7 +6,7 @@
     <description>Recent content in überwachung on Die wunderbare Welt von Isotopp</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Tue, 23 Jan 2024 06:44:04 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/%C3%BCberwachung/feed.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Tue, 23 Jan 2024 16:36:28 +0000</lastBuildDate><atom:link href="https://blog.koehntopp.info/tags/%C3%BCberwachung/feed.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>What to do with self-driving car data?</title>
       <link>https://blog.koehntopp.info/2023/06/12/what-to-do-with-self-driving-car-data.html</link>